npm - @astrasyncai/verification-gateway - Versions diffs - 1.0.0 → 2.0.0 - Mend

@astrasyncai/verification-gateway 1.0.0 → 2.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (101) hide show

package/dist/adapter-interface/interface.d.mts +71 -0
package/dist/adapter-interface/interface.d.ts +71 -0
package/dist/adapter-interface/interface.js +36 -0
package/dist/adapter-interface/interface.js.map +1 -0
package/dist/adapter-interface/interface.mjs +10 -0
package/dist/adapter-interface/interface.mjs.map +1 -0
package/dist/adapter-interface/purpose-mapping.d.mts +28 -0
package/dist/adapter-interface/purpose-mapping.d.ts +28 -0
package/dist/adapter-interface/purpose-mapping.js +117 -0
package/dist/adapter-interface/purpose-mapping.js.map +1 -0
package/dist/adapter-interface/purpose-mapping.mjs +89 -0
package/dist/adapter-interface/purpose-mapping.mjs.map +1 -0
package/dist/adapters/express.d.mts +2 -2
package/dist/adapters/express.d.ts +2 -2
package/dist/adapters/express.js +46 -9
package/dist/adapters/express.js.map +1 -1
package/dist/adapters/express.mjs +46 -9
package/dist/adapters/express.mjs.map +1 -1
package/dist/adapters/nextjs.d.mts +2 -2
package/dist/adapters/nextjs.d.ts +2 -2
package/dist/adapters/nextjs.js +19 -9
package/dist/adapters/nextjs.js.map +1 -1
package/dist/adapters/nextjs.mjs +19 -9
package/dist/adapters/nextjs.mjs.map +1 -1
package/dist/adapters/sdk.d.mts +2 -2
package/dist/adapters/sdk.d.ts +2 -2
package/dist/adapters/sdk.js +20 -4
package/dist/adapters/sdk.js.map +1 -1
package/dist/adapters/sdk.mjs +20 -4
package/dist/adapters/sdk.mjs.map +1 -1
package/dist/agent/index.d.mts +2 -0
package/dist/agent/index.d.ts +2 -0
package/dist/agent/index.js +354 -0
package/dist/agent/index.js.map +1 -0
package/dist/agent/index.mjs +323 -0
package/dist/agent/index.mjs.map +1 -0
package/dist/browser/browser-adapter.d.mts +106 -0
package/dist/browser/browser-adapter.d.ts +106 -0
package/dist/browser/browser-adapter.js +286 -0
package/dist/browser/browser-adapter.js.map +1 -0
package/dist/browser/browser-adapter.mjs +259 -0
package/dist/browser/browser-adapter.mjs.map +1 -0
package/dist/cli/index.d.mts +241 -0
package/dist/cli/index.d.ts +241 -0
package/dist/cli/index.js +3734 -0
package/dist/cli/index.js.map +1 -0
package/dist/cli/index.mjs +3688 -0
package/dist/cli/index.mjs.map +1 -0
package/dist/cursor/cursor-adapter.d.mts +92 -0
package/dist/cursor/cursor-adapter.d.ts +92 -0
package/dist/cursor/cursor-adapter.js +273 -0
package/dist/cursor/cursor-adapter.js.map +1 -0
package/dist/cursor/cursor-adapter.mjs +246 -0
package/dist/cursor/cursor-adapter.mjs.map +1 -0
package/dist/{express-DUDYpvNZ.d.mts → express-Cp4eg77F.d.mts} +1 -1
package/dist/{express-BhD3mWsL.d.ts → express-DIEyq1Tz.d.ts} +1 -1
package/dist/gateway/gateway.d.mts +70 -0
package/dist/gateway/gateway.d.ts +70 -0
package/dist/gateway/gateway.js +3726 -0
package/dist/gateway/gateway.js.map +1 -0
package/dist/gateway/gateway.mjs +3706 -0
package/dist/gateway/gateway.mjs.map +1 -0
package/dist/git-trigger/git-hooks.d.mts +69 -0
package/dist/git-trigger/git-hooks.d.ts +69 -0
package/dist/git-trigger/git-hooks.js +244 -0
package/dist/git-trigger/git-hooks.js.map +1 -0
package/dist/git-trigger/git-hooks.mjs +221 -0
package/dist/git-trigger/git-hooks.mjs.map +1 -0
package/dist/index-BhTbGU-o.d.mts +206 -0
package/dist/index-Bhfxq9xI.d.ts +206 -0
package/dist/index-CNkmHmpi.d.ts +89 -0
package/dist/index-CoLebmwv.d.mts +89 -0
package/dist/index.d.mts +8 -295
package/dist/index.d.ts +8 -295
package/dist/index.js +60 -21
package/dist/index.js.map +1 -1
package/dist/index.mjs +60 -21
package/dist/index.mjs.map +1 -1
package/dist/local-evaluator/evaluator.d.mts +55 -0
package/dist/local-evaluator/evaluator.d.ts +55 -0
package/dist/local-evaluator/evaluator.js +272 -0
package/dist/local-evaluator/evaluator.js.map +1 -0
package/dist/local-evaluator/evaluator.mjs +244 -0
package/dist/local-evaluator/evaluator.mjs.map +1 -0
package/dist/{nextjs-C9FPOjSh.d.ts → nextjs-Cag7libc.d.ts} +1 -1
package/dist/{nextjs-BtqyLSVQ.d.mts → nextjs-_C_FcJY5.d.mts} +1 -1
package/dist/{sdk-BkVigGjF.d.ts → sdk-CMPDFUjo.d.ts} +3 -1
package/dist/{sdk-xCbZgeZx.d.mts → sdk-DAJahT3p.d.mts} +3 -1
package/dist/transport/index.d.mts +2 -0
package/dist/transport/index.d.ts +2 -0
package/dist/transport/index.js +211 -0
package/dist/transport/index.js.map +1 -0
package/dist/transport/index.mjs +176 -0
package/dist/transport/index.mjs.map +1 -0
package/dist/{types-CS6v75-d.d.mts → types-Bf8pML07.d.mts} +9 -1
package/dist/{types-CS6v75-d.d.ts → types-Bf8pML07.d.ts} +9 -1
package/dist/types-BvpGdsv1.d.mts +153 -0
package/dist/types-Ce2mFJkO.d.ts +153 -0
package/dist/ui/index.d.mts +1 -1
package/dist/ui/index.d.ts +1 -1
package/package.json +46 -1

package/dist/browser/browser-adapter.js ADDED Viewed

@@ -0,0 +1,286 @@
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+// src/browser/browser-adapter.ts
+var browser_adapter_exports = {};
+__export(browser_adapter_exports, {
+  BrowserAdapter: () => BrowserAdapter
+});
+module.exports = __toCommonJS(browser_adapter_exports);
+// src/adapter-interface/interface.ts
+var ADAPTER_INTERFACE_VERSION = 1;
+// src/adapter-interface/purpose-mapping.ts
+var TOOL_PURPOSE_MAP = {
+  // Shell
+  shell_exec: "shell.exec",
+  run_command: "shell.exec",
+  execute: "shell.exec",
+  terminal_exec: "shell.exec",
+  run_terminal_command: "shell.exec",
+  // File read
+  file_read: "file.read",
+  read_file: "file.read",
+  // File write
+  file_write: "file.write",
+  write_file: "file.write",
+  create_file: "file.write",
+  edit_file: "file.write",
+  // File delete
+  file_delete: "file.delete",
+  delete_file: "file.delete",
+  // Network
+  http_request: "network.request",
+  fetch: "network.request",
+  web_request: "network.request",
+  // Email
+  send_email: "email.send",
+  read_email: "email.read",
+  // Calendar
+  create_event: "calendar.create",
+  // Database
+  query_database: "database.query",
+  write_database: "database.write",
+  // Payment
+  payment_execute: "payment.execute"
+};
+function mapToolToPurpose(toolName) {
+  return TOOL_PURPOSE_MAP[toolName] || `tool.${toolName}`;
+}
+function extractTarget(toolName, args) {
+  const purpose = mapToolToPurpose(toolName);
+  if (purpose.startsWith("shell.")) {
+    return String(args.command || args.cmd || args.script || "");
+  }
+  if (purpose.startsWith("file.")) {
+    return String(args.path || args.file || args.filename || args.file_path || "");
+  }
+  if (purpose.startsWith("network.")) {
+    return String(args.url || args.endpoint || args.uri || "");
+  }
+  if (purpose.startsWith("email.")) {
+    return String(args.to || args.recipient || args.address || "");
+  }
+  if (purpose.startsWith("database.")) {
+    return String(args.query || args.table || "");
+  }
+  if (purpose.startsWith("payment.")) {
+    return String(args.description || args.merchant || args.amount || "");
+  }
+  if (args.command) return String(args.command);
+  if (args.path) return String(args.path);
+  if (args.url) return String(args.url);
+  for (const val of Object.values(args)) {
+    if (typeof val === "string" && val.length > 0) return val;
+  }
+  return toolName;
+}
+function extractNetworkDomains(target) {
+  try {
+    if (target.startsWith("http://") || target.startsWith("https://")) {
+      const url = new URL(target);
+      return [url.hostname];
+    }
+  } catch {
+  }
+  return void 0;
+}
+// src/browser/browser-adapter.ts
+function mapBrowserActionToPurpose(details) {
+  const url = details.url;
+  if (details.method === "POST") {
+    if (/mail|email|smtp/i.test(url)) {
+      return { toolName: "send_email", args: { url, to: url } };
+    }
+    if (/pay|checkout|stripe|payment/i.test(url)) {
+      return { toolName: "payment_execute", args: { url, description: url } };
+    }
+    return { toolName: "http_request", args: { url } };
+  }
+  if (details.type === "main_frame") {
+    return { toolName: "http_request", args: { url } };
+  }
+  return { toolName: "http_request", args: { url } };
+}
+var BrowserAdapter = class {
+  constructor(options) {
+    this.interfaceVersion = ADAPTER_INTERFACE_VERSION;
+    this.requestListener = null;
+    this.navigationListener = null;
+    this.messageListener = null;
+    this._isRunning = false;
+    this.options = {
+      urlPatterns: options?.urlPatterns ?? ["<all_urls>"],
+      requestTypes: options?.requestTypes ?? ["main_frame", "xmlhttprequest", "sub_frame"],
+      onApprovalRequired: options?.onApprovalRequired ?? (async () => false),
+      browserAPI: options?.browserAPI
+    };
+  }
+  get isRunning() {
+    return this._isRunning;
+  }
+  async initialize(config) {
+    this.gateway = config.gateway;
+    if (config.adapterOptions.browserAPI) {
+      this.browserAPI = config.adapterOptions.browserAPI;
+    } else if (this.options.browserAPI) {
+      this.browserAPI = this.options.browserAPI;
+    }
+    if (!this.browserAPI) {
+      throw new Error("BrowserAdapter requires browser extension API \u2014 pass via adapterOptions.browserAPI");
+    }
+    this.requestListener = (details) => {
+      return this.handleWebRequest(details);
+    };
+    this.browserAPI.webRequest.onBeforeRequest.addListener(
+      this.requestListener,
+      {
+        urls: this.options.urlPatterns,
+        types: this.options.requestTypes
+      },
+      ["blocking"]
+    );
+    this.navigationListener = (details) => {
+      this.handleNavigation(details);
+    };
+    this.browserAPI.webNavigation.onBeforeNavigate.addListener(this.navigationListener);
+    this.messageListener = (message, _sender, sendResponse) => {
+      const msg = message;
+      if (msg?.type === "astrasync-evaluate") {
+        this.handleContentScriptAction(msg.action).then(sendResponse);
+        return true;
+      }
+    };
+    this.browserAPI.runtime.onMessage.addListener(this.messageListener);
+    this._isRunning = true;
+  }
+  async shutdown() {
+    if (this.requestListener) {
+      this.browserAPI.webRequest.onBeforeRequest.removeListener(this.requestListener);
+      this.requestListener = null;
+    }
+    if (this.navigationListener) {
+      this.browserAPI.webNavigation.onBeforeNavigate.removeListener(this.navigationListener);
+      this.navigationListener = null;
+    }
+    if (this.messageListener) {
+      this.browserAPI.runtime.onMessage.removeListener(this.messageListener);
+      this.messageListener = null;
+    }
+    this._isRunning = false;
+  }
+  async interceptAction(action) {
+    const raw = action.raw;
+    if (!raw) {
+      return { intercepted: false, skipReason: "No action data" };
+    }
+    const context = this.extractContext(action);
+    return { intercepted: true, context };
+  }
+  extractContext(action) {
+    const raw = action.raw;
+    const { toolName, args } = mapBrowserActionToPurpose(raw);
+    const purpose = mapToolToPurpose(toolName);
+    const target = extractTarget(toolName, args);
+    const networkAccess = extractNetworkDomains(target);
+    return {
+      purpose,
+      action: toolName,
+      target,
+      ...networkAccess && { networkAccess }
+    };
+  }
+  async enforceDecision(decision) {
+    if (decision.recommendation === "DENY" && this.browserAPI.notifications) {
+      this.browserAPI.notifications.create(`astrasync-${Date.now()}`, {
+        type: "basic",
+        title: "AstraSync Local Guard",
+        message: `Blocked: ${decision.reason}`
+      });
+    }
+  }
+  // =====================================================================
+  // Internal handlers
+  // =====================================================================
+  handleWebRequest(details) {
+    const action = {
+      raw: details,
+      platform: "browser",
+      timestamp: /* @__PURE__ */ new Date()
+    };
+    const context = this.extractContext(action);
+    const decision = this.evaluateSync(context);
+    if (decision.recommendation === "DENY") {
+      this.enforceDecision(decision);
+      return { cancel: true };
+    }
+    if (decision.recommendation === "MANUAL_REVIEW") {
+      this.enforceDecision({
+        ...decision,
+        recommendation: "DENY",
+        reason: `Requires approval (auto-blocked in browser): ${decision.reason}`
+      });
+      return { cancel: true };
+    }
+    return void 0;
+  }
+  handleNavigation(details) {
+    const action = {
+      raw: {
+        requestId: `nav-${details.tabId}-${details.frameId}`,
+        url: details.url,
+        method: "GET",
+        type: "main_frame",
+        tabId: details.tabId
+      },
+      platform: "browser",
+      timestamp: /* @__PURE__ */ new Date()
+    };
+    this.interceptAction(action).then(async (result) => {
+      if (result.intercepted && result.context) {
+        await this.gateway.evaluate(result.context);
+      }
+    });
+  }
+  async handleContentScriptAction(action) {
+    const interception = await this.interceptAction(action);
+    if (!interception.intercepted || !interception.context) {
+      return { recommendation: "ALLOW", reason: "Not intercepted" };
+    }
+    return this.gateway.evaluate(interception.context);
+  }
+  /**
+   * Synchronous evaluation using the gateway's local evaluator.
+   * Falls back to ALLOW if async-only (online mode).
+   */
+  evaluateSync(context) {
+    const gw = this.gateway;
+    if (gw.evaluator) {
+      return gw.evaluator.evaluate(context);
+    }
+    return { recommendation: "ALLOW", reason: "Async-only mode \u2014 allowed by default" };
+  }
+};
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  BrowserAdapter
+});
+//# sourceMappingURL=browser-adapter.js.map

package/dist/browser/browser-adapter.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"sources":["../../src/browser/browser-adapter.ts","../../src/adapter-interface/interface.ts","../../src/adapter-interface/purpose-mapping.ts"],"sourcesContent":["/**\n * @astrasyncai/adapter-openclaw-browser\n *\n * Layer 4 adapter for browser-based AI agents (e.g. OpenClaw browser extension).\n * Intercepts page navigation, form submissions, and network requests\n * made by the agent in the browser DOM.\n *\n * The adapter does NOT depend on chrome types. The browser extension\n * passes the chrome/browser API via a minimal interface at initialize() time.\n *\n * ~300 lines — thin, disposable, platform-specific.\n */\n\nimport type { PlatformAdapter, AdapterConfig } from '../adapter-interface/interface';\nimport type { PDLSSContext, VerificationDecision, AgentAction, InterceptResult } from '../gateway/types';\nimport type { AstraSyncGateway } from '../gateway/gateway';\nimport { ADAPTER_INTERFACE_VERSION } from '../adapter-interface/interface';\nimport { mapToolToPurpose, extractTarget, extractNetworkDomains } from '../adapter-interface/purpose-mapping';\n\n// -----------------------------------------------------------------------\n// Minimal browser extension type stubs (injected at runtime)\n// -----------------------------------------------------------------------\n\nexport interface WebRequestDetails {\n requestId: string;\n url: string;\n method: string;\n type: string; // 'main_frame' | 'sub_frame' | 'xmlhttprequest' | 'script' etc.\n tabId: number;\n initiator?: string;\n documentUrl?: string;\n}\n\nexport interface BlockingResponse {\n cancel?: boolean;\n redirectUrl?: string;\n}\n\nexport interface RequestFilter {\n urls: string[];\n types?: string[];\n}\n\nexport interface BrowserExtensionAPI {\n webRequest: {\n onBeforeRequest: {\n addListener(\n callback: (details: WebRequestDetails) => BlockingResponse | void,\n filter: RequestFilter,\n extraInfoSpec?: string[],\n ): void;\n removeListener(callback: (details: WebRequestDetails) => BlockingResponse | void): void;\n };\n };\n webNavigation: {\n onBeforeNavigate: {\n addListener(callback: (details: NavigationDetails) => void): void;\n removeListener(callback: (details: NavigationDetails) => void): void;\n };\n };\n runtime: {\n sendMessage(message: unknown): Promise<unknown>;\n onMessage: {\n addListener(\n callback: (message: unknown, sender: unknown, sendResponse: (response: unknown) => void) => boolean | void,\n ): void;\n removeListener(callback: (...args: unknown[]) => void): void;\n };\n };\n notifications?: {\n create(id: string, options: { type: string; title: string; message: string; iconUrl?: string }): void;\n };\n}\n\nexport interface NavigationDetails {\n tabId: number;\n url: string;\n frameId: number;\n}\n\n// -----------------------------------------------------------------------\n// Configuration\n// -----------------------------------------------------------------------\n\nexport interface BrowserAdapterOptions {\n /** The browser extension API object (chrome or browser) */\n browserAPI: BrowserExtensionAPI;\n /** URL patterns to intercept (default: ['<all_urls>']) */\n urlPatterns?: string[];\n /** Request types to intercept (default: main_frame, xmlhttprequest, sub_frame) */\n requestTypes?: string[];\n /** Callback for MANUAL_REVIEW decisions */\n onApprovalRequired?: (context: PDLSSContext, decision: VerificationDecision) => Promise<boolean>;\n}\n\n// -----------------------------------------------------------------------\n// Purpose mapping for browser actions\n// -----------------------------------------------------------------------\n\nfunction mapBrowserActionToPurpose(details: WebRequestDetails): { toolName: string; args: Record<string, unknown> } {\n const url = details.url;\n\n // Form submissions\n if (details.method === 'POST') {\n // Check for email-related URLs\n if (/mail|email|smtp/i.test(url)) {\n return { toolName: 'send_email', args: { url, to: url } };\n }\n // Check for payment-related URLs\n if (/pay|checkout|stripe|payment/i.test(url)) {\n return { toolName: 'payment_execute', args: { url, description: url } };\n }\n // Generic form submission\n return { toolName: 'http_request', args: { url } };\n }\n\n // Navigation\n if (details.type === 'main_frame') {\n return { toolName: 'http_request', args: { url } };\n }\n\n // XHR / fetch requests\n return { toolName: 'http_request', args: { url } };\n}\n\n// -----------------------------------------------------------------------\n// Adapter implementation\n// -----------------------------------------------------------------------\n\nexport class BrowserAdapter implements PlatformAdapter {\n readonly interfaceVersion = ADAPTER_INTERFACE_VERSION;\n\n private gateway!: AstraSyncGateway;\n private browserAPI!: BrowserExtensionAPI;\n private options: Required<Omit<BrowserAdapterOptions, 'browserAPI'>> & { browserAPI?: BrowserExtensionAPI };\n private requestListener: ((details: WebRequestDetails) => BlockingResponse | void) | null = null;\n private navigationListener: ((details: NavigationDetails) => void) | null = null;\n private messageListener: ((message: unknown, sender: unknown, sendResponse: (response: unknown) => void) => boolean | void) | null = null;\n private _isRunning = false;\n\n constructor(options?: Partial<BrowserAdapterOptions>) {\n this.options = {\n urlPatterns: options?.urlPatterns ?? ['<all_urls>'],\n requestTypes: options?.requestTypes ?? ['main_frame', 'xmlhttprequest', 'sub_frame'],\n onApprovalRequired: options?.onApprovalRequired ?? (async () => false),\n browserAPI: options?.browserAPI,\n };\n }\n\n get isRunning(): boolean {\n return this._isRunning;\n }\n\n async initialize(config: AdapterConfig): Promise<void> {\n this.gateway = config.gateway as AstraSyncGateway;\n\n if (config.adapterOptions.browserAPI) {\n this.browserAPI = config.adapterOptions.browserAPI as BrowserExtensionAPI;\n } else if (this.options.browserAPI) {\n this.browserAPI = this.options.browserAPI;\n }\n\n if (!this.browserAPI) {\n throw new Error('BrowserAdapter requires browser extension API — pass via adapterOptions.browserAPI');\n }\n\n // Register web request interceptor\n this.requestListener = (details: WebRequestDetails): BlockingResponse | void => {\n return this.handleWebRequest(details);\n };\n\n this.browserAPI.webRequest.onBeforeRequest.addListener(\n this.requestListener,\n {\n urls: this.options.urlPatterns,\n types: this.options.requestTypes,\n },\n ['blocking'],\n );\n\n // Register navigation interceptor\n this.navigationListener = (details: NavigationDetails): void => {\n this.handleNavigation(details);\n };\n\n this.browserAPI.webNavigation.onBeforeNavigate.addListener(this.navigationListener);\n\n // Listen for messages from content scripts\n this.messageListener = (message: unknown, _sender: unknown, sendResponse: (response: unknown) => void): boolean | void => {\n const msg = message as { type?: string; action?: AgentAction };\n if (msg?.type === 'astrasync-evaluate') {\n this.handleContentScriptAction(msg.action!).then(sendResponse);\n return true; // async response\n }\n };\n\n this.browserAPI.runtime.onMessage.addListener(this.messageListener as (message: unknown, sender: unknown, sendResponse: (response: unknown) => void) => void);\n\n this._isRunning = true;\n }\n\n async shutdown(): Promise<void> {\n if (this.requestListener) {\n this.browserAPI.webRequest.onBeforeRequest.removeListener(this.requestListener);\n this.requestListener = null;\n }\n if (this.navigationListener) {\n this.browserAPI.webNavigation.onBeforeNavigate.removeListener(this.navigationListener);\n this.navigationListener = null;\n }\n if (this.messageListener) {\n this.browserAPI.runtime.onMessage.removeListener(this.messageListener as (...args: unknown[]) => void);\n this.messageListener = null;\n }\n this._isRunning = false;\n }\n\n async interceptAction(action: AgentAction): Promise<InterceptResult> {\n const raw = action.raw as WebRequestDetails | { type: string };\n\n if (!raw) {\n return { intercepted: false, skipReason: 'No action data' };\n }\n\n const context = this.extractContext(action);\n return { intercepted: true, context };\n }\n\n extractContext(action: AgentAction): PDLSSContext {\n const raw = action.raw as WebRequestDetails;\n\n const { toolName, args } = mapBrowserActionToPurpose(raw);\n const purpose = mapToolToPurpose(toolName);\n const target = extractTarget(toolName, args);\n const networkAccess = extractNetworkDomains(target);\n\n return {\n purpose,\n action: toolName,\n target,\n ...(networkAccess && { networkAccess }),\n };\n }\n\n async enforceDecision(decision: VerificationDecision): Promise<void> {\n if (decision.recommendation === 'DENY' && this.browserAPI.notifications) {\n this.browserAPI.notifications.create(`astrasync-${Date.now()}`, {\n type: 'basic',\n title: 'AstraSync Local Guard',\n message: `Blocked: ${decision.reason}`,\n });\n }\n }\n\n // =====================================================================\n // Internal handlers\n // =====================================================================\n\n private handleWebRequest(details: WebRequestDetails): BlockingResponse | void {\n const action: AgentAction = {\n raw: details,\n platform: 'browser',\n timestamp: new Date(),\n };\n\n const context = this.extractContext(action);\n\n // Synchronous evaluation — browser webRequest requires sync return.\n // We use a cached/pre-computed decision if available, otherwise allow.\n // The gateway's evaluate() is async, so for blocking we need the\n // synchronous local evaluator path.\n const decision = this.evaluateSync(context);\n\n if (decision.recommendation === 'DENY') {\n this.enforceDecision(decision);\n return { cancel: true };\n }\n\n if (decision.recommendation === 'MANUAL_REVIEW') {\n // Can't show async prompt in synchronous handler — block by default\n this.enforceDecision({\n ...decision,\n recommendation: 'DENY',\n reason: `Requires approval (auto-blocked in browser): ${decision.reason}`,\n });\n return { cancel: true };\n }\n\n // ALLOW — don't cancel\n return undefined;\n }\n\n private handleNavigation(details: NavigationDetails): void {\n // Navigation events are informational — evaluate async\n const action: AgentAction = {\n raw: {\n requestId: `nav-${details.tabId}-${details.frameId}`,\n url: details.url,\n method: 'GET',\n type: 'main_frame',\n tabId: details.tabId,\n } as WebRequestDetails,\n platform: 'browser',\n timestamp: new Date(),\n };\n\n // Fire-and-forget async evaluation for logging/traces\n this.interceptAction(action).then(async (result) => {\n if (result.intercepted && result.context) {\n await this.gateway.evaluate(result.context);\n }\n });\n }\n\n private async handleContentScriptAction(action: AgentAction): Promise<VerificationDecision> {\n const interception = await this.interceptAction(action);\n if (!interception.intercepted || !interception.context) {\n return { recommendation: 'ALLOW', reason: 'Not intercepted' };\n }\n\n return this.gateway.evaluate(interception.context);\n }\n\n /**\n * Synchronous evaluation using the gateway's local evaluator.\n * Falls back to ALLOW if async-only (online mode).\n */\n private evaluateSync(context: PDLSSContext): VerificationDecision {\n // The gateway.evaluate() is async, but the local evaluator is synchronous.\n // We access the evaluator directly for browser webRequest handlers.\n // This only works in local/hybrid mode — online mode falls through to ALLOW.\n const gw = this.gateway as unknown as { evaluator?: { evaluate(ctx: PDLSSContext): VerificationDecision } };\n if (gw.evaluator) {\n return gw.evaluator.evaluate(context);\n }\n\n return { recommendation: 'ALLOW', reason: 'Async-only mode — allowed by default' };\n }\n}\n","/**\n * PlatformAdapter Interface\n *\n * The contract that Layer 4 platform adapters implement.\n * Agent-side interception: governs what agents are allowed to do before they do it.\n *\n * Each adapter is 200-500 lines of platform-specific code.\n * All verification logic lives in the gateway — adapters just translate\n * between the platform's world and AstraSync's world.\n */\n\nimport type { AstraSyncGateway } from '../gateway/gateway';\nimport type { PDLSSContext, VerificationDecision, AgentAction, InterceptResult } from '../gateway/types';\n\nexport interface AdapterConfig {\n /** The AstraSyncGateway instance (handles mode routing) */\n gateway: AstraSyncGateway;\n /** Platform-specific configuration */\n adapterOptions: Record<string, unknown>;\n}\n\nexport interface PlatformAdapter {\n /**\n * Interface version for compatibility checking.\n * Current version: 1.\n */\n readonly interfaceVersion: number;\n\n /**\n * Platform-specific initialization.\n * Load config, register hooks, establish connections.\n */\n initialize(config: AdapterConfig): Promise<void>;\n\n /**\n * Graceful shutdown.\n * Drain in-flight verifications, deregister hooks, close connections.\n */\n shutdown(): Promise<void>;\n\n /**\n * Intercept an agent action before execution.\n *\n * How this works depends on the platform:\n * - CLI adapter: proxy server captures outbound request\n * - Browser adapter: content script intercepts DOM interaction\n * - Express: middleware captures inbound request\n */\n interceptAction(action: AgentAction): Promise<InterceptResult>;\n\n /**\n * Extract PDLSS-compatible context from a platform-specific action.\n * Maps platform-native action format to the universal PDLSSContext.\n */\n extractContext(action: AgentAction): PDLSSContext;\n\n /**\n * Enforce the verification decision in a platform-specific way.\n *\n * How this works depends on the platform:\n * - CLI: block command / allow command / prompt for approval\n * - Browser: block navigation / show confirmation dialog\n * - Express: return 403 / pass through / inject headers\n */\n enforceDecision(decision: VerificationDecision): Promise<void>;\n}\n\n/**\n * Current adapter interface version.\n */\nexport const ADAPTER_INTERFACE_VERSION = 1;\n\n/**\n * Check if an adapter is compatible with the current interface version.\n */\nexport function isCompatibleAdapter(adapter: PlatformAdapter): boolean {\n return adapter.interfaceVersion === ADAPTER_INTERFACE_VERSION;\n}\n","/**\n * Shared purpose mapping utilities for Layer 4 platform adapters.\n *\n * Maps platform-native action names to PDLSS purpose categories.\n * Used by OpenClaw CLI, Cursor, browser, and future adapters.\n */\n\n// -----------------------------------------------------------------------\n// Tool → Purpose mapping\n// -----------------------------------------------------------------------\n\n/** Standard tool name → PDLSS purpose mapping used by all adapters */\nconst TOOL_PURPOSE_MAP: Record<string, string> = {\n // Shell\n shell_exec: 'shell.exec',\n run_command: 'shell.exec',\n execute: 'shell.exec',\n terminal_exec: 'shell.exec',\n run_terminal_command: 'shell.exec',\n\n // File read\n file_read: 'file.read',\n read_file: 'file.read',\n\n // File write\n file_write: 'file.write',\n write_file: 'file.write',\n create_file: 'file.write',\n edit_file: 'file.write',\n\n // File delete\n file_delete: 'file.delete',\n delete_file: 'file.delete',\n\n // Network\n http_request: 'network.request',\n fetch: 'network.request',\n web_request: 'network.request',\n\n // Email\n send_email: 'email.send',\n read_email: 'email.read',\n\n // Calendar\n create_event: 'calendar.create',\n\n // Database\n query_database: 'database.query',\n write_database: 'database.write',\n\n // Payment\n payment_execute: 'payment.execute',\n};\n\n/**\n * Map a tool/action name to a PDLSS purpose category.\n * Returns `tool.<name>` for unmapped tools (denied by default).\n */\nexport function mapToolToPurpose(toolName: string): string {\n return TOOL_PURPOSE_MAP[toolName] || `tool.${toolName}`;\n}\n\n/**\n * Register additional tool → purpose mappings (e.g. from a platform adapter).\n * Does not overwrite existing mappings.\n */\nexport function registerToolMappings(mappings: Record<string, string>): void {\n for (const [tool, purpose] of Object.entries(mappings)) {\n if (!(tool in TOOL_PURPOSE_MAP)) {\n TOOL_PURPOSE_MAP[tool] = purpose;\n }\n }\n}\n\n// -----------------------------------------------------------------------\n// Target extraction\n// -----------------------------------------------------------------------\n\n/**\n * Extract the meaningful target string from tool arguments.\n * Uses the purpose category to determine which argument field is relevant.\n */\nexport function extractTarget(toolName: string, args: Record<string, unknown>): string {\n const purpose = mapToolToPurpose(toolName);\n\n if (purpose.startsWith('shell.')) {\n return String(args.command || args.cmd || args.script || '');\n }\n\n if (purpose.startsWith('file.')) {\n return String(args.path || args.file || args.filename || args.file_path || '');\n }\n\n if (purpose.startsWith('network.')) {\n return String(args.url || args.endpoint || args.uri || '');\n }\n\n if (purpose.startsWith('email.')) {\n return String(args.to || args.recipient || args.address || '');\n }\n\n if (purpose.startsWith('database.')) {\n return String(args.query || args.table || '');\n }\n\n if (purpose.startsWith('payment.')) {\n return String(args.description || args.merchant || args.amount || '');\n }\n\n // Fallback: try common field names\n if (args.command) return String(args.command);\n if (args.path) return String(args.path);\n if (args.url) return String(args.url);\n\n // Default: use first non-empty string argument or tool name\n for (const val of Object.values(args)) {\n if (typeof val === 'string' && val.length > 0) return val;\n }\n return toolName;\n}\n\n// -----------------------------------------------------------------------\n// Network domain extraction\n// -----------------------------------------------------------------------\n\n/**\n * Extract network domains from a URL target.\n * Returns undefined if the target is not a URL.\n */\nexport function extractNetworkDomains(target: string): string[] | undefined {\n try {\n if (target.startsWith('http://') || target.startsWith('https://')) {\n const url = new URL(target);\n return [url.hostname];\n }\n } catch {\n // Not a URL\n }\n return undefined;\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;;;ACsEO,IAAM,4BAA4B;;;AC1DzC,IAAM,mBAA2C;AAAA;AAAA,EAE/C,YAAY;AAAA,EACZ,aAAa;AAAA,EACb,SAAS;AAAA,EACT,eAAe;AAAA,EACf,sBAAsB;AAAA;AAAA,EAGtB,WAAW;AAAA,EACX,WAAW;AAAA;AAAA,EAGX,YAAY;AAAA,EACZ,YAAY;AAAA,EACZ,aAAa;AAAA,EACb,WAAW;AAAA;AAAA,EAGX,aAAa;AAAA,EACb,aAAa;AAAA;AAAA,EAGb,cAAc;AAAA,EACd,OAAO;AAAA,EACP,aAAa;AAAA;AAAA,EAGb,YAAY;AAAA,EACZ,YAAY;AAAA;AAAA,EAGZ,cAAc;AAAA;AAAA,EAGd,gBAAgB;AAAA,EAChB,gBAAgB;AAAA;AAAA,EAGhB,iBAAiB;AACnB;AAMO,SAAS,iBAAiB,UAA0B;AACzD,SAAO,iBAAiB,QAAQ,KAAK,QAAQ,QAAQ;AACvD;AAsBO,SAAS,cAAc,UAAkB,MAAuC;AACrF,QAAM,UAAU,iBAAiB,QAAQ;AAEzC,MAAI,QAAQ,WAAW,QAAQ,GAAG;AAChC,WAAO,OAAO,KAAK,WAAW,KAAK,OAAO,KAAK,UAAU,EAAE;AAAA,EAC7D;AAEA,MAAI,QAAQ,WAAW,OAAO,GAAG;AAC/B,WAAO,OAAO,KAAK,QAAQ,KAAK,QAAQ,KAAK,YAAY,KAAK,aAAa,EAAE;AAAA,EAC/E;AAEA,MAAI,QAAQ,WAAW,UAAU,GAAG;AAClC,WAAO,OAAO,KAAK,OAAO,KAAK,YAAY,KAAK,OAAO,EAAE;AAAA,EAC3D;AAEA,MAAI,QAAQ,WAAW,QAAQ,GAAG;AAChC,WAAO,OAAO,KAAK,MAAM,KAAK,aAAa,KAAK,WAAW,EAAE;AAAA,EAC/D;AAEA,MAAI,QAAQ,WAAW,WAAW,GAAG;AACnC,WAAO,OAAO,KAAK,SAAS,KAAK,SAAS,EAAE;AAAA,EAC9C;AAEA,MAAI,QAAQ,WAAW,UAAU,GAAG;AAClC,WAAO,OAAO,KAAK,eAAe,KAAK,YAAY,KAAK,UAAU,EAAE;AAAA,EACtE;AAGA,MAAI,KAAK,QAAS,QAAO,OAAO,KAAK,OAAO;AAC5C,MAAI,KAAK,KAAM,QAAO,OAAO,KAAK,IAAI;AACtC,MAAI,KAAK,IAAK,QAAO,OAAO,KAAK,GAAG;AAGpC,aAAW,OAAO,OAAO,OAAO,IAAI,GAAG;AACrC,QAAI,OAAO,QAAQ,YAAY,IAAI,SAAS,EAAG,QAAO;AAAA,EACxD;AACA,SAAO;AACT;AAUO,SAAS,sBAAsB,QAAsC;AAC1E,MAAI;AACF,QAAI,OAAO,WAAW,SAAS,KAAK,OAAO,WAAW,UAAU,GAAG;AACjE,YAAM,MAAM,IAAI,IAAI,MAAM;AAC1B,aAAO,CAAC,IAAI,QAAQ;AAAA,IACtB;AAAA,EACF,QAAQ;AAAA,EAER;AACA,SAAO;AACT;;;AFxCA,SAAS,0BAA0B,SAAiF;AAClH,QAAM,MAAM,QAAQ;AAGpB,MAAI,QAAQ,WAAW,QAAQ;AAE7B,QAAI,mBAAmB,KAAK,GAAG,GAAG;AAChC,aAAO,EAAE,UAAU,cAAc,MAAM,EAAE,KAAK,IAAI,IAAI,EAAE;AAAA,IAC1D;AAEA,QAAI,+BAA+B,KAAK,GAAG,GAAG;AAC5C,aAAO,EAAE,UAAU,mBAAmB,MAAM,EAAE,KAAK,aAAa,IAAI,EAAE;AAAA,IACxE;AAEA,WAAO,EAAE,UAAU,gBAAgB,MAAM,EAAE,IAAI,EAAE;AAAA,EACnD;AAGA,MAAI,QAAQ,SAAS,cAAc;AACjC,WAAO,EAAE,UAAU,gBAAgB,MAAM,EAAE,IAAI,EAAE;AAAA,EACnD;AAGA,SAAO,EAAE,UAAU,gBAAgB,MAAM,EAAE,IAAI,EAAE;AACnD;AAMO,IAAM,iBAAN,MAAgD;AAAA,EAWrD,YAAY,SAA0C;AAVtD,SAAS,mBAAmB;AAK5B,SAAQ,kBAAoF;AAC5F,SAAQ,qBAAoE;AAC5E,SAAQ,kBAA6H;AACrI,SAAQ,aAAa;AAGnB,SAAK,UAAU;AAAA,MACb,aAAa,SAAS,eAAe,CAAC,YAAY;AAAA,MAClD,cAAc,SAAS,gBAAgB,CAAC,cAAc,kBAAkB,WAAW;AAAA,MACnF,oBAAoB,SAAS,uBAAuB,YAAY;AAAA,MAChE,YAAY,SAAS;AAAA,IACvB;AAAA,EACF;AAAA,EAEA,IAAI,YAAqB;AACvB,WAAO,KAAK;AAAA,EACd;AAAA,EAEA,MAAM,WAAW,QAAsC;AACrD,SAAK,UAAU,OAAO;AAEtB,QAAI,OAAO,eAAe,YAAY;AACpC,WAAK,aAAa,OAAO,eAAe;AAAA,IAC1C,WAAW,KAAK,QAAQ,YAAY;AAClC,WAAK,aAAa,KAAK,QAAQ;AAAA,IACjC;AAEA,QAAI,CAAC,KAAK,YAAY;AACpB,YAAM,IAAI,MAAM,yFAAoF;AAAA,IACtG;AAGA,SAAK,kBAAkB,CAAC,YAAwD;AAC9E,aAAO,KAAK,iBAAiB,OAAO;AAAA,IACtC;AAEA,SAAK,WAAW,WAAW,gBAAgB;AAAA,MACzC,KAAK;AAAA,MACL;AAAA,QACE,MAAM,KAAK,QAAQ;AAAA,QACnB,OAAO,KAAK,QAAQ;AAAA,MACtB;AAAA,MACA,CAAC,UAAU;AAAA,IACb;AAGA,SAAK,qBAAqB,CAAC,YAAqC;AAC9D,WAAK,iBAAiB,OAAO;AAAA,IAC/B;AAEA,SAAK,WAAW,cAAc,iBAAiB,YAAY,KAAK,kBAAkB;AAGlF,SAAK,kBAAkB,CAAC,SAAkB,SAAkB,iBAA8D;AACxH,YAAM,MAAM;AACZ,UAAI,KAAK,SAAS,sBAAsB;AACtC,aAAK,0BAA0B,IAAI,MAAO,EAAE,KAAK,YAAY;AAC7D,eAAO;AAAA,MACT;AAAA,IACF;AAEA,SAAK,WAAW,QAAQ,UAAU,YAAY,KAAK,eAAyG;AAE5J,SAAK,aAAa;AAAA,EACpB;AAAA,EAEA,MAAM,WAA0B;AAC9B,QAAI,KAAK,iBAAiB;AACxB,WAAK,WAAW,WAAW,gBAAgB,eAAe,KAAK,eAAe;AAC9E,WAAK,kBAAkB;AAAA,IACzB;AACA,QAAI,KAAK,oBAAoB;AAC3B,WAAK,WAAW,cAAc,iBAAiB,eAAe,KAAK,kBAAkB;AACrF,WAAK,qBAAqB;AAAA,IAC5B;AACA,QAAI,KAAK,iBAAiB;AACxB,WAAK,WAAW,QAAQ,UAAU,eAAe,KAAK,eAA+C;AACrG,WAAK,kBAAkB;AAAA,IACzB;AACA,SAAK,aAAa;AAAA,EACpB;AAAA,EAEA,MAAM,gBAAgB,QAA+C;AACnE,UAAM,MAAM,OAAO;AAEnB,QAAI,CAAC,KAAK;AACR,aAAO,EAAE,aAAa,OAAO,YAAY,iBAAiB;AAAA,IAC5D;AAEA,UAAM,UAAU,KAAK,eAAe,MAAM;AAC1C,WAAO,EAAE,aAAa,MAAM,QAAQ;AAAA,EACtC;AAAA,EAEA,eAAe,QAAmC;AAChD,UAAM,MAAM,OAAO;AAEnB,UAAM,EAAE,UAAU,KAAK,IAAI,0BAA0B,GAAG;AACxD,UAAM,UAAU,iBAAiB,QAAQ;AACzC,UAAM,SAAS,cAAc,UAAU,IAAI;AAC3C,UAAM,gBAAgB,sBAAsB,MAAM;AAElD,WAAO;AAAA,MACL;AAAA,MACA,QAAQ;AAAA,MACR;AAAA,MACA,GAAI,iBAAiB,EAAE,cAAc;AAAA,IACvC;AAAA,EACF;AAAA,EAEA,MAAM,gBAAgB,UAA+C;AACnE,QAAI,SAAS,mBAAmB,UAAU,KAAK,WAAW,eAAe;AACvE,WAAK,WAAW,cAAc,OAAO,aAAa,KAAK,IAAI,CAAC,IAAI;AAAA,QAC9D,MAAM;AAAA,QACN,OAAO;AAAA,QACP,SAAS,YAAY,SAAS,MAAM;AAAA,MACtC,CAAC;AAAA,IACH;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAMQ,iBAAiB,SAAqD;AAC5E,UAAM,SAAsB;AAAA,MAC1B,KAAK;AAAA,MACL,UAAU;AAAA,MACV,WAAW,oBAAI,KAAK;AAAA,IACtB;AAEA,UAAM,UAAU,KAAK,eAAe,MAAM;AAM1C,UAAM,WAAW,KAAK,aAAa,OAAO;AAE1C,QAAI,SAAS,mBAAmB,QAAQ;AACtC,WAAK,gBAAgB,QAAQ;AAC7B,aAAO,EAAE,QAAQ,KAAK;AAAA,IACxB;AAEA,QAAI,SAAS,mBAAmB,iBAAiB;AAE/C,WAAK,gBAAgB;AAAA,QACnB,GAAG;AAAA,QACH,gBAAgB;AAAA,QAChB,QAAQ,gDAAgD,SAAS,MAAM;AAAA,MACzE,CAAC;AACD,aAAO,EAAE,QAAQ,KAAK;AAAA,IACxB;AAGA,WAAO;AAAA,EACT;AAAA,EAEQ,iBAAiB,SAAkC;AAEzD,UAAM,SAAsB;AAAA,MAC1B,KAAK;AAAA,QACH,WAAW,OAAO,QAAQ,KAAK,IAAI,QAAQ,OAAO;AAAA,QAClD,KAAK,QAAQ;AAAA,QACb,QAAQ;AAAA,QACR,MAAM;AAAA,QACN,OAAO,QAAQ;AAAA,MACjB;AAAA,MACA,UAAU;AAAA,MACV,WAAW,oBAAI,KAAK;AAAA,IACtB;AAGA,SAAK,gBAAgB,MAAM,EAAE,KAAK,OAAO,WAAW;AAClD,UAAI,OAAO,eAAe,OAAO,SAAS;AACxC,cAAM,KAAK,QAAQ,SAAS,OAAO,OAAO;AAAA,MAC5C;AAAA,IACF,CAAC;AAAA,EACH;AAAA,EAEA,MAAc,0BAA0B,QAAoD;AAC1F,UAAM,eAAe,MAAM,KAAK,gBAAgB,MAAM;AACtD,QAAI,CAAC,aAAa,eAAe,CAAC,aAAa,SAAS;AACtD,aAAO,EAAE,gBAAgB,SAAS,QAAQ,kBAAkB;AAAA,IAC9D;AAEA,WAAO,KAAK,QAAQ,SAAS,aAAa,OAAO;AAAA,EACnD;AAAA;AAAA;AAAA;AAAA;AAAA,EAMQ,aAAa,SAA6C;AAIhE,UAAM,KAAK,KAAK;AAChB,QAAI,GAAG,WAAW;AAChB,aAAO,GAAG,UAAU,SAAS,OAAO;AAAA,IACtC;AAEA,WAAO,EAAE,gBAAgB,SAAS,QAAQ,4CAAuC;AAAA,EACnF;AACF;","names":[]}

package/dist/browser/browser-adapter.mjs ADDED Viewed

@@ -0,0 +1,259 @@
+// src/adapter-interface/interface.ts
+var ADAPTER_INTERFACE_VERSION = 1;
+// src/adapter-interface/purpose-mapping.ts
+var TOOL_PURPOSE_MAP = {
+  // Shell
+  shell_exec: "shell.exec",
+  run_command: "shell.exec",
+  execute: "shell.exec",
+  terminal_exec: "shell.exec",
+  run_terminal_command: "shell.exec",
+  // File read
+  file_read: "file.read",
+  read_file: "file.read",
+  // File write
+  file_write: "file.write",
+  write_file: "file.write",
+  create_file: "file.write",
+  edit_file: "file.write",
+  // File delete
+  file_delete: "file.delete",
+  delete_file: "file.delete",
+  // Network
+  http_request: "network.request",
+  fetch: "network.request",
+  web_request: "network.request",
+  // Email
+  send_email: "email.send",
+  read_email: "email.read",
+  // Calendar
+  create_event: "calendar.create",
+  // Database
+  query_database: "database.query",
+  write_database: "database.write",
+  // Payment
+  payment_execute: "payment.execute"
+};
+function mapToolToPurpose(toolName) {
+  return TOOL_PURPOSE_MAP[toolName] || `tool.${toolName}`;
+}
+function extractTarget(toolName, args) {
+  const purpose = mapToolToPurpose(toolName);
+  if (purpose.startsWith("shell.")) {
+    return String(args.command || args.cmd || args.script || "");
+  }
+  if (purpose.startsWith("file.")) {
+    return String(args.path || args.file || args.filename || args.file_path || "");
+  }
+  if (purpose.startsWith("network.")) {
+    return String(args.url || args.endpoint || args.uri || "");
+  }
+  if (purpose.startsWith("email.")) {
+    return String(args.to || args.recipient || args.address || "");
+  }
+  if (purpose.startsWith("database.")) {
+    return String(args.query || args.table || "");
+  }
+  if (purpose.startsWith("payment.")) {
+    return String(args.description || args.merchant || args.amount || "");
+  }
+  if (args.command) return String(args.command);
+  if (args.path) return String(args.path);
+  if (args.url) return String(args.url);
+  for (const val of Object.values(args)) {
+    if (typeof val === "string" && val.length > 0) return val;
+  }
+  return toolName;
+}
+function extractNetworkDomains(target) {
+  try {
+    if (target.startsWith("http://") || target.startsWith("https://")) {
+      const url = new URL(target);
+      return [url.hostname];
+    }
+  } catch {
+  }
+  return void 0;
+}
+// src/browser/browser-adapter.ts
+function mapBrowserActionToPurpose(details) {
+  const url = details.url;
+  if (details.method === "POST") {
+    if (/mail|email|smtp/i.test(url)) {
+      return { toolName: "send_email", args: { url, to: url } };
+    }
+    if (/pay|checkout|stripe|payment/i.test(url)) {
+      return { toolName: "payment_execute", args: { url, description: url } };
+    }
+    return { toolName: "http_request", args: { url } };
+  }
+  if (details.type === "main_frame") {
+    return { toolName: "http_request", args: { url } };
+  }
+  return { toolName: "http_request", args: { url } };
+}
+var BrowserAdapter = class {
+  constructor(options) {
+    this.interfaceVersion = ADAPTER_INTERFACE_VERSION;
+    this.requestListener = null;
+    this.navigationListener = null;
+    this.messageListener = null;
+    this._isRunning = false;
+    this.options = {
+      urlPatterns: options?.urlPatterns ?? ["<all_urls>"],
+      requestTypes: options?.requestTypes ?? ["main_frame", "xmlhttprequest", "sub_frame"],
+      onApprovalRequired: options?.onApprovalRequired ?? (async () => false),
+      browserAPI: options?.browserAPI
+    };
+  }
+  get isRunning() {
+    return this._isRunning;
+  }
+  async initialize(config) {
+    this.gateway = config.gateway;
+    if (config.adapterOptions.browserAPI) {
+      this.browserAPI = config.adapterOptions.browserAPI;
+    } else if (this.options.browserAPI) {
+      this.browserAPI = this.options.browserAPI;
+    }
+    if (!this.browserAPI) {
+      throw new Error("BrowserAdapter requires browser extension API \u2014 pass via adapterOptions.browserAPI");
+    }
+    this.requestListener = (details) => {
+      return this.handleWebRequest(details);
+    };
+    this.browserAPI.webRequest.onBeforeRequest.addListener(
+      this.requestListener,
+      {
+        urls: this.options.urlPatterns,
+        types: this.options.requestTypes
+      },
+      ["blocking"]
+    );
+    this.navigationListener = (details) => {
+      this.handleNavigation(details);
+    };
+    this.browserAPI.webNavigation.onBeforeNavigate.addListener(this.navigationListener);
+    this.messageListener = (message, _sender, sendResponse) => {
+      const msg = message;
+      if (msg?.type === "astrasync-evaluate") {
+        this.handleContentScriptAction(msg.action).then(sendResponse);
+        return true;
+      }
+    };
+    this.browserAPI.runtime.onMessage.addListener(this.messageListener);
+    this._isRunning = true;
+  }
+  async shutdown() {
+    if (this.requestListener) {
+      this.browserAPI.webRequest.onBeforeRequest.removeListener(this.requestListener);
+      this.requestListener = null;
+    }
+    if (this.navigationListener) {
+      this.browserAPI.webNavigation.onBeforeNavigate.removeListener(this.navigationListener);
+      this.navigationListener = null;
+    }
+    if (this.messageListener) {
+      this.browserAPI.runtime.onMessage.removeListener(this.messageListener);
+      this.messageListener = null;
+    }
+    this._isRunning = false;
+  }
+  async interceptAction(action) {
+    const raw = action.raw;
+    if (!raw) {
+      return { intercepted: false, skipReason: "No action data" };
+    }
+    const context = this.extractContext(action);
+    return { intercepted: true, context };
+  }
+  extractContext(action) {
+    const raw = action.raw;
+    const { toolName, args } = mapBrowserActionToPurpose(raw);
+    const purpose = mapToolToPurpose(toolName);
+    const target = extractTarget(toolName, args);
+    const networkAccess = extractNetworkDomains(target);
+    return {
+      purpose,
+      action: toolName,
+      target,
+      ...networkAccess && { networkAccess }
+    };
+  }
+  async enforceDecision(decision) {
+    if (decision.recommendation === "DENY" && this.browserAPI.notifications) {
+      this.browserAPI.notifications.create(`astrasync-${Date.now()}`, {
+        type: "basic",
+        title: "AstraSync Local Guard",
+        message: `Blocked: ${decision.reason}`
+      });
+    }
+  }
+  // =====================================================================
+  // Internal handlers
+  // =====================================================================
+  handleWebRequest(details) {
+    const action = {
+      raw: details,
+      platform: "browser",
+      timestamp: /* @__PURE__ */ new Date()
+    };
+    const context = this.extractContext(action);
+    const decision = this.evaluateSync(context);
+    if (decision.recommendation === "DENY") {
+      this.enforceDecision(decision);
+      return { cancel: true };
+    }
+    if (decision.recommendation === "MANUAL_REVIEW") {
+      this.enforceDecision({
+        ...decision,
+        recommendation: "DENY",
+        reason: `Requires approval (auto-blocked in browser): ${decision.reason}`
+      });
+      return { cancel: true };
+    }
+    return void 0;
+  }
+  handleNavigation(details) {
+    const action = {
+      raw: {
+        requestId: `nav-${details.tabId}-${details.frameId}`,
+        url: details.url,
+        method: "GET",
+        type: "main_frame",
+        tabId: details.tabId
+      },
+      platform: "browser",
+      timestamp: /* @__PURE__ */ new Date()
+    };
+    this.interceptAction(action).then(async (result) => {
+      if (result.intercepted && result.context) {
+        await this.gateway.evaluate(result.context);
+      }
+    });
+  }
+  async handleContentScriptAction(action) {
+    const interception = await this.interceptAction(action);
+    if (!interception.intercepted || !interception.context) {
+      return { recommendation: "ALLOW", reason: "Not intercepted" };
+    }
+    return this.gateway.evaluate(interception.context);
+  }
+  /**
+   * Synchronous evaluation using the gateway's local evaluator.
+   * Falls back to ALLOW if async-only (online mode).
+   */
+  evaluateSync(context) {
+    const gw = this.gateway;
+    if (gw.evaluator) {
+      return gw.evaluator.evaluate(context);
+    }
+    return { recommendation: "ALLOW", reason: "Async-only mode \u2014 allowed by default" };
+  }
+};
+export {
+  BrowserAdapter
+};
+//# sourceMappingURL=browser-adapter.mjs.map

package/dist/browser/browser-adapter.mjs.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"sources":["../../src/adapter-interface/interface.ts","../../src/adapter-interface/purpose-mapping.ts","../../src/browser/browser-adapter.ts"],"sourcesContent":["/**\n * PlatformAdapter Interface\n *\n * The contract that Layer 4 platform adapters implement.\n * Agent-side interception: governs what agents are allowed to do before they do it.\n *\n * Each adapter is 200-500 lines of platform-specific code.\n * All verification logic lives in the gateway — adapters just translate\n * between the platform's world and AstraSync's world.\n */\n\nimport type { AstraSyncGateway } from '../gateway/gateway';\nimport type { PDLSSContext, VerificationDecision, AgentAction, InterceptResult } from '../gateway/types';\n\nexport interface AdapterConfig {\n /** The AstraSyncGateway instance (handles mode routing) */\n gateway: AstraSyncGateway;\n /** Platform-specific configuration */\n adapterOptions: Record<string, unknown>;\n}\n\nexport interface PlatformAdapter {\n /**\n * Interface version for compatibility checking.\n * Current version: 1.\n */\n readonly interfaceVersion: number;\n\n /**\n * Platform-specific initialization.\n * Load config, register hooks, establish connections.\n */\n initialize(config: AdapterConfig): Promise<void>;\n\n /**\n * Graceful shutdown.\n * Drain in-flight verifications, deregister hooks, close connections.\n */\n shutdown(): Promise<void>;\n\n /**\n * Intercept an agent action before execution.\n *\n * How this works depends on the platform:\n * - CLI adapter: proxy server captures outbound request\n * - Browser adapter: content script intercepts DOM interaction\n * - Express: middleware captures inbound request\n */\n interceptAction(action: AgentAction): Promise<InterceptResult>;\n\n /**\n * Extract PDLSS-compatible context from a platform-specific action.\n * Maps platform-native action format to the universal PDLSSContext.\n */\n extractContext(action: AgentAction): PDLSSContext;\n\n /**\n * Enforce the verification decision in a platform-specific way.\n *\n * How this works depends on the platform:\n * - CLI: block command / allow command / prompt for approval\n * - Browser: block navigation / show confirmation dialog\n * - Express: return 403 / pass through / inject headers\n */\n enforceDecision(decision: VerificationDecision): Promise<void>;\n}\n\n/**\n * Current adapter interface version.\n */\nexport const ADAPTER_INTERFACE_VERSION = 1;\n\n/**\n * Check if an adapter is compatible with the current interface version.\n */\nexport function isCompatibleAdapter(adapter: PlatformAdapter): boolean {\n return adapter.interfaceVersion === ADAPTER_INTERFACE_VERSION;\n}\n","/**\n * Shared purpose mapping utilities for Layer 4 platform adapters.\n *\n * Maps platform-native action names to PDLSS purpose categories.\n * Used by OpenClaw CLI, Cursor, browser, and future adapters.\n */\n\n// -----------------------------------------------------------------------\n// Tool → Purpose mapping\n// -----------------------------------------------------------------------\n\n/** Standard tool name → PDLSS purpose mapping used by all adapters */\nconst TOOL_PURPOSE_MAP: Record<string, string> = {\n // Shell\n shell_exec: 'shell.exec',\n run_command: 'shell.exec',\n execute: 'shell.exec',\n terminal_exec: 'shell.exec',\n run_terminal_command: 'shell.exec',\n\n // File read\n file_read: 'file.read',\n read_file: 'file.read',\n\n // File write\n file_write: 'file.write',\n write_file: 'file.write',\n create_file: 'file.write',\n edit_file: 'file.write',\n\n // File delete\n file_delete: 'file.delete',\n delete_file: 'file.delete',\n\n // Network\n http_request: 'network.request',\n fetch: 'network.request',\n web_request: 'network.request',\n\n // Email\n send_email: 'email.send',\n read_email: 'email.read',\n\n // Calendar\n create_event: 'calendar.create',\n\n // Database\n query_database: 'database.query',\n write_database: 'database.write',\n\n // Payment\n payment_execute: 'payment.execute',\n};\n\n/**\n * Map a tool/action name to a PDLSS purpose category.\n * Returns `tool.<name>` for unmapped tools (denied by default).\n */\nexport function mapToolToPurpose(toolName: string): string {\n return TOOL_PURPOSE_MAP[toolName] || `tool.${toolName}`;\n}\n\n/**\n * Register additional tool → purpose mappings (e.g. from a platform adapter).\n * Does not overwrite existing mappings.\n */\nexport function registerToolMappings(mappings: Record<string, string>): void {\n for (const [tool, purpose] of Object.entries(mappings)) {\n if (!(tool in TOOL_PURPOSE_MAP)) {\n TOOL_PURPOSE_MAP[tool] = purpose;\n }\n }\n}\n\n// -----------------------------------------------------------------------\n// Target extraction\n// -----------------------------------------------------------------------\n\n/**\n * Extract the meaningful target string from tool arguments.\n * Uses the purpose category to determine which argument field is relevant.\n */\nexport function extractTarget(toolName: string, args: Record<string, unknown>): string {\n const purpose = mapToolToPurpose(toolName);\n\n if (purpose.startsWith('shell.')) {\n return String(args.command || args.cmd || args.script || '');\n }\n\n if (purpose.startsWith('file.')) {\n return String(args.path || args.file || args.filename || args.file_path || '');\n }\n\n if (purpose.startsWith('network.')) {\n return String(args.url || args.endpoint || args.uri || '');\n }\n\n if (purpose.startsWith('email.')) {\n return String(args.to || args.recipient || args.address || '');\n }\n\n if (purpose.startsWith('database.')) {\n return String(args.query || args.table || '');\n }\n\n if (purpose.startsWith('payment.')) {\n return String(args.description || args.merchant || args.amount || '');\n }\n\n // Fallback: try common field names\n if (args.command) return String(args.command);\n if (args.path) return String(args.path);\n if (args.url) return String(args.url);\n\n // Default: use first non-empty string argument or tool name\n for (const val of Object.values(args)) {\n if (typeof val === 'string' && val.length > 0) return val;\n }\n return toolName;\n}\n\n// -----------------------------------------------------------------------\n// Network domain extraction\n// -----------------------------------------------------------------------\n\n/**\n * Extract network domains from a URL target.\n * Returns undefined if the target is not a URL.\n */\nexport function extractNetworkDomains(target: string): string[] | undefined {\n try {\n if (target.startsWith('http://') || target.startsWith('https://')) {\n const url = new URL(target);\n return [url.hostname];\n }\n } catch {\n // Not a URL\n }\n return undefined;\n}\n","/**\n * @astrasyncai/adapter-openclaw-browser\n *\n * Layer 4 adapter for browser-based AI agents (e.g. OpenClaw browser extension).\n * Intercepts page navigation, form submissions, and network requests\n * made by the agent in the browser DOM.\n *\n * The adapter does NOT depend on chrome types. The browser extension\n * passes the chrome/browser API via a minimal interface at initialize() time.\n *\n * ~300 lines — thin, disposable, platform-specific.\n */\n\nimport type { PlatformAdapter, AdapterConfig } from '../adapter-interface/interface';\nimport type { PDLSSContext, VerificationDecision, AgentAction, InterceptResult } from '../gateway/types';\nimport type { AstraSyncGateway } from '../gateway/gateway';\nimport { ADAPTER_INTERFACE_VERSION } from '../adapter-interface/interface';\nimport { mapToolToPurpose, extractTarget, extractNetworkDomains } from '../adapter-interface/purpose-mapping';\n\n// -----------------------------------------------------------------------\n// Minimal browser extension type stubs (injected at runtime)\n// -----------------------------------------------------------------------\n\nexport interface WebRequestDetails {\n requestId: string;\n url: string;\n method: string;\n type: string; // 'main_frame' | 'sub_frame' | 'xmlhttprequest' | 'script' etc.\n tabId: number;\n initiator?: string;\n documentUrl?: string;\n}\n\nexport interface BlockingResponse {\n cancel?: boolean;\n redirectUrl?: string;\n}\n\nexport interface RequestFilter {\n urls: string[];\n types?: string[];\n}\n\nexport interface BrowserExtensionAPI {\n webRequest: {\n onBeforeRequest: {\n addListener(\n callback: (details: WebRequestDetails) => BlockingResponse | void,\n filter: RequestFilter,\n extraInfoSpec?: string[],\n ): void;\n removeListener(callback: (details: WebRequestDetails) => BlockingResponse | void): void;\n };\n };\n webNavigation: {\n onBeforeNavigate: {\n addListener(callback: (details: NavigationDetails) => void): void;\n removeListener(callback: (details: NavigationDetails) => void): void;\n };\n };\n runtime: {\n sendMessage(message: unknown): Promise<unknown>;\n onMessage: {\n addListener(\n callback: (message: unknown, sender: unknown, sendResponse: (response: unknown) => void) => boolean | void,\n ): void;\n removeListener(callback: (...args: unknown[]) => void): void;\n };\n };\n notifications?: {\n create(id: string, options: { type: string; title: string; message: string; iconUrl?: string }): void;\n };\n}\n\nexport interface NavigationDetails {\n tabId: number;\n url: string;\n frameId: number;\n}\n\n// -----------------------------------------------------------------------\n// Configuration\n// -----------------------------------------------------------------------\n\nexport interface BrowserAdapterOptions {\n /** The browser extension API object (chrome or browser) */\n browserAPI: BrowserExtensionAPI;\n /** URL patterns to intercept (default: ['<all_urls>']) */\n urlPatterns?: string[];\n /** Request types to intercept (default: main_frame, xmlhttprequest, sub_frame) */\n requestTypes?: string[];\n /** Callback for MANUAL_REVIEW decisions */\n onApprovalRequired?: (context: PDLSSContext, decision: VerificationDecision) => Promise<boolean>;\n}\n\n// -----------------------------------------------------------------------\n// Purpose mapping for browser actions\n// -----------------------------------------------------------------------\n\nfunction mapBrowserActionToPurpose(details: WebRequestDetails): { toolName: string; args: Record<string, unknown> } {\n const url = details.url;\n\n // Form submissions\n if (details.method === 'POST') {\n // Check for email-related URLs\n if (/mail|email|smtp/i.test(url)) {\n return { toolName: 'send_email', args: { url, to: url } };\n }\n // Check for payment-related URLs\n if (/pay|checkout|stripe|payment/i.test(url)) {\n return { toolName: 'payment_execute', args: { url, description: url } };\n }\n // Generic form submission\n return { toolName: 'http_request', args: { url } };\n }\n\n // Navigation\n if (details.type === 'main_frame') {\n return { toolName: 'http_request', args: { url } };\n }\n\n // XHR / fetch requests\n return { toolName: 'http_request', args: { url } };\n}\n\n// -----------------------------------------------------------------------\n// Adapter implementation\n// -----------------------------------------------------------------------\n\nexport class BrowserAdapter implements PlatformAdapter {\n readonly interfaceVersion = ADAPTER_INTERFACE_VERSION;\n\n private gateway!: AstraSyncGateway;\n private browserAPI!: BrowserExtensionAPI;\n private options: Required<Omit<BrowserAdapterOptions, 'browserAPI'>> & { browserAPI?: BrowserExtensionAPI };\n private requestListener: ((details: WebRequestDetails) => BlockingResponse | void) | null = null;\n private navigationListener: ((details: NavigationDetails) => void) | null = null;\n private messageListener: ((message: unknown, sender: unknown, sendResponse: (response: unknown) => void) => boolean | void) | null = null;\n private _isRunning = false;\n\n constructor(options?: Partial<BrowserAdapterOptions>) {\n this.options = {\n urlPatterns: options?.urlPatterns ?? ['<all_urls>'],\n requestTypes: options?.requestTypes ?? ['main_frame', 'xmlhttprequest', 'sub_frame'],\n onApprovalRequired: options?.onApprovalRequired ?? (async () => false),\n browserAPI: options?.browserAPI,\n };\n }\n\n get isRunning(): boolean {\n return this._isRunning;\n }\n\n async initialize(config: AdapterConfig): Promise<void> {\n this.gateway = config.gateway as AstraSyncGateway;\n\n if (config.adapterOptions.browserAPI) {\n this.browserAPI = config.adapterOptions.browserAPI as BrowserExtensionAPI;\n } else if (this.options.browserAPI) {\n this.browserAPI = this.options.browserAPI;\n }\n\n if (!this.browserAPI) {\n throw new Error('BrowserAdapter requires browser extension API — pass via adapterOptions.browserAPI');\n }\n\n // Register web request interceptor\n this.requestListener = (details: WebRequestDetails): BlockingResponse | void => {\n return this.handleWebRequest(details);\n };\n\n this.browserAPI.webRequest.onBeforeRequest.addListener(\n this.requestListener,\n {\n urls: this.options.urlPatterns,\n types: this.options.requestTypes,\n },\n ['blocking'],\n );\n\n // Register navigation interceptor\n this.navigationListener = (details: NavigationDetails): void => {\n this.handleNavigation(details);\n };\n\n this.browserAPI.webNavigation.onBeforeNavigate.addListener(this.navigationListener);\n\n // Listen for messages from content scripts\n this.messageListener = (message: unknown, _sender: unknown, sendResponse: (response: unknown) => void): boolean | void => {\n const msg = message as { type?: string; action?: AgentAction };\n if (msg?.type === 'astrasync-evaluate') {\n this.handleContentScriptAction(msg.action!).then(sendResponse);\n return true; // async response\n }\n };\n\n this.browserAPI.runtime.onMessage.addListener(this.messageListener as (message: unknown, sender: unknown, sendResponse: (response: unknown) => void) => void);\n\n this._isRunning = true;\n }\n\n async shutdown(): Promise<void> {\n if (this.requestListener) {\n this.browserAPI.webRequest.onBeforeRequest.removeListener(this.requestListener);\n this.requestListener = null;\n }\n if (this.navigationListener) {\n this.browserAPI.webNavigation.onBeforeNavigate.removeListener(this.navigationListener);\n this.navigationListener = null;\n }\n if (this.messageListener) {\n this.browserAPI.runtime.onMessage.removeListener(this.messageListener as (...args: unknown[]) => void);\n this.messageListener = null;\n }\n this._isRunning = false;\n }\n\n async interceptAction(action: AgentAction): Promise<InterceptResult> {\n const raw = action.raw as WebRequestDetails | { type: string };\n\n if (!raw) {\n return { intercepted: false, skipReason: 'No action data' };\n }\n\n const context = this.extractContext(action);\n return { intercepted: true, context };\n }\n\n extractContext(action: AgentAction): PDLSSContext {\n const raw = action.raw as WebRequestDetails;\n\n const { toolName, args } = mapBrowserActionToPurpose(raw);\n const purpose = mapToolToPurpose(toolName);\n const target = extractTarget(toolName, args);\n const networkAccess = extractNetworkDomains(target);\n\n return {\n purpose,\n action: toolName,\n target,\n ...(networkAccess && { networkAccess }),\n };\n }\n\n async enforceDecision(decision: VerificationDecision): Promise<void> {\n if (decision.recommendation === 'DENY' && this.browserAPI.notifications) {\n this.browserAPI.notifications.create(`astrasync-${Date.now()}`, {\n type: 'basic',\n title: 'AstraSync Local Guard',\n message: `Blocked: ${decision.reason}`,\n });\n }\n }\n\n // =====================================================================\n // Internal handlers\n // =====================================================================\n\n private handleWebRequest(details: WebRequestDetails): BlockingResponse | void {\n const action: AgentAction = {\n raw: details,\n platform: 'browser',\n timestamp: new Date(),\n };\n\n const context = this.extractContext(action);\n\n // Synchronous evaluation — browser webRequest requires sync return.\n // We use a cached/pre-computed decision if available, otherwise allow.\n // The gateway's evaluate() is async, so for blocking we need the\n // synchronous local evaluator path.\n const decision = this.evaluateSync(context);\n\n if (decision.recommendation === 'DENY') {\n this.enforceDecision(decision);\n return { cancel: true };\n }\n\n if (decision.recommendation === 'MANUAL_REVIEW') {\n // Can't show async prompt in synchronous handler — block by default\n this.enforceDecision({\n ...decision,\n recommendation: 'DENY',\n reason: `Requires approval (auto-blocked in browser): ${decision.reason}`,\n });\n return { cancel: true };\n }\n\n // ALLOW — don't cancel\n return undefined;\n }\n\n private handleNavigation(details: NavigationDetails): void {\n // Navigation events are informational — evaluate async\n const action: AgentAction = {\n raw: {\n requestId: `nav-${details.tabId}-${details.frameId}`,\n url: details.url,\n method: 'GET',\n type: 'main_frame',\n tabId: details.tabId,\n } as WebRequestDetails,\n platform: 'browser',\n timestamp: new Date(),\n };\n\n // Fire-and-forget async evaluation for logging/traces\n this.interceptAction(action).then(async (result) => {\n if (result.intercepted && result.context) {\n await this.gateway.evaluate(result.context);\n }\n });\n }\n\n private async handleContentScriptAction(action: AgentAction): Promise<VerificationDecision> {\n const interception = await this.interceptAction(action);\n if (!interception.intercepted || !interception.context) {\n return { recommendation: 'ALLOW', reason: 'Not intercepted' };\n }\n\n return this.gateway.evaluate(interception.context);\n }\n\n /**\n * Synchronous evaluation using the gateway's local evaluator.\n * Falls back to ALLOW if async-only (online mode).\n */\n private evaluateSync(context: PDLSSContext): VerificationDecision {\n // The gateway.evaluate() is async, but the local evaluator is synchronous.\n // We access the evaluator directly for browser webRequest handlers.\n // This only works in local/hybrid mode — online mode falls through to ALLOW.\n const gw = this.gateway as unknown as { evaluator?: { evaluate(ctx: PDLSSContext): VerificationDecision } };\n if (gw.evaluator) {\n return gw.evaluator.evaluate(context);\n }\n\n return { recommendation: 'ALLOW', reason: 'Async-only mode — allowed by default' };\n }\n}\n"],"mappings":";AAsEO,IAAM,4BAA4B;;;AC1DzC,IAAM,mBAA2C;AAAA;AAAA,EAE/C,YAAY;AAAA,EACZ,aAAa;AAAA,EACb,SAAS;AAAA,EACT,eAAe;AAAA,EACf,sBAAsB;AAAA;AAAA,EAGtB,WAAW;AAAA,EACX,WAAW;AAAA;AAAA,EAGX,YAAY;AAAA,EACZ,YAAY;AAAA,EACZ,aAAa;AAAA,EACb,WAAW;AAAA;AAAA,EAGX,aAAa;AAAA,EACb,aAAa;AAAA;AAAA,EAGb,cAAc;AAAA,EACd,OAAO;AAAA,EACP,aAAa;AAAA;AAAA,EAGb,YAAY;AAAA,EACZ,YAAY;AAAA;AAAA,EAGZ,cAAc;AAAA;AAAA,EAGd,gBAAgB;AAAA,EAChB,gBAAgB;AAAA;AAAA,EAGhB,iBAAiB;AACnB;AAMO,SAAS,iBAAiB,UAA0B;AACzD,SAAO,iBAAiB,QAAQ,KAAK,QAAQ,QAAQ;AACvD;AAsBO,SAAS,cAAc,UAAkB,MAAuC;AACrF,QAAM,UAAU,iBAAiB,QAAQ;AAEzC,MAAI,QAAQ,WAAW,QAAQ,GAAG;AAChC,WAAO,OAAO,KAAK,WAAW,KAAK,OAAO,KAAK,UAAU,EAAE;AAAA,EAC7D;AAEA,MAAI,QAAQ,WAAW,OAAO,GAAG;AAC/B,WAAO,OAAO,KAAK,QAAQ,KAAK,QAAQ,KAAK,YAAY,KAAK,aAAa,EAAE;AAAA,EAC/E;AAEA,MAAI,QAAQ,WAAW,UAAU,GAAG;AAClC,WAAO,OAAO,KAAK,OAAO,KAAK,YAAY,KAAK,OAAO,EAAE;AAAA,EAC3D;AAEA,MAAI,QAAQ,WAAW,QAAQ,GAAG;AAChC,WAAO,OAAO,KAAK,MAAM,KAAK,aAAa,KAAK,WAAW,EAAE;AAAA,EAC/D;AAEA,MAAI,QAAQ,WAAW,WAAW,GAAG;AACnC,WAAO,OAAO,KAAK,SAAS,KAAK,SAAS,EAAE;AAAA,EAC9C;AAEA,MAAI,QAAQ,WAAW,UAAU,GAAG;AAClC,WAAO,OAAO,KAAK,eAAe,KAAK,YAAY,KAAK,UAAU,EAAE;AAAA,EACtE;AAGA,MAAI,KAAK,QAAS,QAAO,OAAO,KAAK,OAAO;AAC5C,MAAI,KAAK,KAAM,QAAO,OAAO,KAAK,IAAI;AACtC,MAAI,KAAK,IAAK,QAAO,OAAO,KAAK,GAAG;AAGpC,aAAW,OAAO,OAAO,OAAO,IAAI,GAAG;AACrC,QAAI,OAAO,QAAQ,YAAY,IAAI,SAAS,EAAG,QAAO;AAAA,EACxD;AACA,SAAO;AACT;AAUO,SAAS,sBAAsB,QAAsC;AAC1E,MAAI;AACF,QAAI,OAAO,WAAW,SAAS,KAAK,OAAO,WAAW,UAAU,GAAG;AACjE,YAAM,MAAM,IAAI,IAAI,MAAM;AAC1B,aAAO,CAAC,IAAI,QAAQ;AAAA,IACtB;AAAA,EACF,QAAQ;AAAA,EAER;AACA,SAAO;AACT;;;ACxCA,SAAS,0BAA0B,SAAiF;AAClH,QAAM,MAAM,QAAQ;AAGpB,MAAI,QAAQ,WAAW,QAAQ;AAE7B,QAAI,mBAAmB,KAAK,GAAG,GAAG;AAChC,aAAO,EAAE,UAAU,cAAc,MAAM,EAAE,KAAK,IAAI,IAAI,EAAE;AAAA,IAC1D;AAEA,QAAI,+BAA+B,KAAK,GAAG,GAAG;AAC5C,aAAO,EAAE,UAAU,mBAAmB,MAAM,EAAE,KAAK,aAAa,IAAI,EAAE;AAAA,IACxE;AAEA,WAAO,EAAE,UAAU,gBAAgB,MAAM,EAAE,IAAI,EAAE;AAAA,EACnD;AAGA,MAAI,QAAQ,SAAS,cAAc;AACjC,WAAO,EAAE,UAAU,gBAAgB,MAAM,EAAE,IAAI,EAAE;AAAA,EACnD;AAGA,SAAO,EAAE,UAAU,gBAAgB,MAAM,EAAE,IAAI,EAAE;AACnD;AAMO,IAAM,iBAAN,MAAgD;AAAA,EAWrD,YAAY,SAA0C;AAVtD,SAAS,mBAAmB;AAK5B,SAAQ,kBAAoF;AAC5F,SAAQ,qBAAoE;AAC5E,SAAQ,kBAA6H;AACrI,SAAQ,aAAa;AAGnB,SAAK,UAAU;AAAA,MACb,aAAa,SAAS,eAAe,CAAC,YAAY;AAAA,MAClD,cAAc,SAAS,gBAAgB,CAAC,cAAc,kBAAkB,WAAW;AAAA,MACnF,oBAAoB,SAAS,uBAAuB,YAAY;AAAA,MAChE,YAAY,SAAS;AAAA,IACvB;AAAA,EACF;AAAA,EAEA,IAAI,YAAqB;AACvB,WAAO,KAAK;AAAA,EACd;AAAA,EAEA,MAAM,WAAW,QAAsC;AACrD,SAAK,UAAU,OAAO;AAEtB,QAAI,OAAO,eAAe,YAAY;AACpC,WAAK,aAAa,OAAO,eAAe;AAAA,IAC1C,WAAW,KAAK,QAAQ,YAAY;AAClC,WAAK,aAAa,KAAK,QAAQ;AAAA,IACjC;AAEA,QAAI,CAAC,KAAK,YAAY;AACpB,YAAM,IAAI,MAAM,yFAAoF;AAAA,IACtG;AAGA,SAAK,kBAAkB,CAAC,YAAwD;AAC9E,aAAO,KAAK,iBAAiB,OAAO;AAAA,IACtC;AAEA,SAAK,WAAW,WAAW,gBAAgB;AAAA,MACzC,KAAK;AAAA,MACL;AAAA,QACE,MAAM,KAAK,QAAQ;AAAA,QACnB,OAAO,KAAK,QAAQ;AAAA,MACtB;AAAA,MACA,CAAC,UAAU;AAAA,IACb;AAGA,SAAK,qBAAqB,CAAC,YAAqC;AAC9D,WAAK,iBAAiB,OAAO;AAAA,IAC/B;AAEA,SAAK,WAAW,cAAc,iBAAiB,YAAY,KAAK,kBAAkB;AAGlF,SAAK,kBAAkB,CAAC,SAAkB,SAAkB,iBAA8D;AACxH,YAAM,MAAM;AACZ,UAAI,KAAK,SAAS,sBAAsB;AACtC,aAAK,0BAA0B,IAAI,MAAO,EAAE,KAAK,YAAY;AAC7D,eAAO;AAAA,MACT;AAAA,IACF;AAEA,SAAK,WAAW,QAAQ,UAAU,YAAY,KAAK,eAAyG;AAE5J,SAAK,aAAa;AAAA,EACpB;AAAA,EAEA,MAAM,WAA0B;AAC9B,QAAI,KAAK,iBAAiB;AACxB,WAAK,WAAW,WAAW,gBAAgB,eAAe,KAAK,eAAe;AAC9E,WAAK,kBAAkB;AAAA,IACzB;AACA,QAAI,KAAK,oBAAoB;AAC3B,WAAK,WAAW,cAAc,iBAAiB,eAAe,KAAK,kBAAkB;AACrF,WAAK,qBAAqB;AAAA,IAC5B;AACA,QAAI,KAAK,iBAAiB;AACxB,WAAK,WAAW,QAAQ,UAAU,eAAe,KAAK,eAA+C;AACrG,WAAK,kBAAkB;AAAA,IACzB;AACA,SAAK,aAAa;AAAA,EACpB;AAAA,EAEA,MAAM,gBAAgB,QAA+C;AACnE,UAAM,MAAM,OAAO;AAEnB,QAAI,CAAC,KAAK;AACR,aAAO,EAAE,aAAa,OAAO,YAAY,iBAAiB;AAAA,IAC5D;AAEA,UAAM,UAAU,KAAK,eAAe,MAAM;AAC1C,WAAO,EAAE,aAAa,MAAM,QAAQ;AAAA,EACtC;AAAA,EAEA,eAAe,QAAmC;AAChD,UAAM,MAAM,OAAO;AAEnB,UAAM,EAAE,UAAU,KAAK,IAAI,0BAA0B,GAAG;AACxD,UAAM,UAAU,iBAAiB,QAAQ;AACzC,UAAM,SAAS,cAAc,UAAU,IAAI;AAC3C,UAAM,gBAAgB,sBAAsB,MAAM;AAElD,WAAO;AAAA,MACL;AAAA,MACA,QAAQ;AAAA,MACR;AAAA,MACA,GAAI,iBAAiB,EAAE,cAAc;AAAA,IACvC;AAAA,EACF;AAAA,EAEA,MAAM,gBAAgB,UAA+C;AACnE,QAAI,SAAS,mBAAmB,UAAU,KAAK,WAAW,eAAe;AACvE,WAAK,WAAW,cAAc,OAAO,aAAa,KAAK,IAAI,CAAC,IAAI;AAAA,QAC9D,MAAM;AAAA,QACN,OAAO;AAAA,QACP,SAAS,YAAY,SAAS,MAAM;AAAA,MACtC,CAAC;AAAA,IACH;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAMQ,iBAAiB,SAAqD;AAC5E,UAAM,SAAsB;AAAA,MAC1B,KAAK;AAAA,MACL,UAAU;AAAA,MACV,WAAW,oBAAI,KAAK;AAAA,IACtB;AAEA,UAAM,UAAU,KAAK,eAAe,MAAM;AAM1C,UAAM,WAAW,KAAK,aAAa,OAAO;AAE1C,QAAI,SAAS,mBAAmB,QAAQ;AACtC,WAAK,gBAAgB,QAAQ;AAC7B,aAAO,EAAE,QAAQ,KAAK;AAAA,IACxB;AAEA,QAAI,SAAS,mBAAmB,iBAAiB;AAE/C,WAAK,gBAAgB;AAAA,QACnB,GAAG;AAAA,QACH,gBAAgB;AAAA,QAChB,QAAQ,gDAAgD,SAAS,MAAM;AAAA,MACzE,CAAC;AACD,aAAO,EAAE,QAAQ,KAAK;AAAA,IACxB;AAGA,WAAO;AAAA,EACT;AAAA,EAEQ,iBAAiB,SAAkC;AAEzD,UAAM,SAAsB;AAAA,MAC1B,KAAK;AAAA,QACH,WAAW,OAAO,QAAQ,KAAK,IAAI,QAAQ,OAAO;AAAA,QAClD,KAAK,QAAQ;AAAA,QACb,QAAQ;AAAA,QACR,MAAM;AAAA,QACN,OAAO,QAAQ;AAAA,MACjB;AAAA,MACA,UAAU;AAAA,MACV,WAAW,oBAAI,KAAK;AAAA,IACtB;AAGA,SAAK,gBAAgB,MAAM,EAAE,KAAK,OAAO,WAAW;AAClD,UAAI,OAAO,eAAe,OAAO,SAAS;AACxC,cAAM,KAAK,QAAQ,SAAS,OAAO,OAAO;AAAA,MAC5C;AAAA,IACF,CAAC;AAAA,EACH;AAAA,EAEA,MAAc,0BAA0B,QAAoD;AAC1F,UAAM,eAAe,MAAM,KAAK,gBAAgB,MAAM;AACtD,QAAI,CAAC,aAAa,eAAe,CAAC,aAAa,SAAS;AACtD,aAAO,EAAE,gBAAgB,SAAS,QAAQ,kBAAkB;AAAA,IAC9D;AAEA,WAAO,KAAK,QAAQ,SAAS,aAAa,OAAO;AAAA,EACnD;AAAA;AAAA;AAAA;AAAA;AAAA,EAMQ,aAAa,SAA6C;AAIhE,UAAM,KAAK,KAAK;AAChB,QAAI,GAAG,WAAW;AAChB,aAAO,GAAG,UAAU,SAAS,OAAO;AAAA,IACtC;AAEA,WAAO,EAAE,gBAAgB,SAAS,QAAQ,4CAAuC;AAAA,EACnF;AACF;","names":[]}