@beingmartinbmc/ojas 0.2.0

package/dist/mcp/audit.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"audit.d.ts","sourceRoot":"","sources":["../../src/mcp/audit.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,QAAQ,CAAC;AAEvC,MAAM,MAAM,cAAc,GACtB,gBAAgB,GAChB,kBAAkB,GAClB,cAAc,GACd,kBAAkB,GAClB,eAAe,GACf,mBAAmB,GACnB,cAAc,GACd,gBAAgB,GAChB,UAAU,CAAC;AAEf,MAAM,WAAW,UAAU;IACzB,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,cAAc,CAAC;IAC1B,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,YAAY,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACvC,cAAc,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACzC,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;AAED,qBAAa,WAAW;IACtB,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAkB;gBAE7B,MAAM,CAAC,EAAE,QAAQ,GAAG,IAAI;IAIpC,IAAI,OAAO,IAAI,OAAO,CAErB;IAED,GAAG,CAAC,KAAK,EAAE,UAAU,GAAG,IAAI;IAa5B;;;OAGG;IACG,IAAI,CAAC,CAAC,EACV,SAAS,EAAE,cAAc,EACzB,IAAI,EAAE;QAAE,OAAO,CAAC,EAAE,MAAM,CAAC;QAAC,SAAS,CAAC,EAAE,MAAM,CAAC;QAAC,IAAI,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAA;KAAE,EAC9E,EAAE,EAAE,MAAM,OAAO,CAAC,CAAC,CAAC,GACnB,OAAO,CAAC,CAAC,CAAC;CA4Bd"}

package/dist/mcp/audit.js

@@ -0,0 +1,73 @@
+"use strict";
+/**
+ * Structured JSONL audit logger for critical MCP operations.
+ *
+ * Emits one JSON line per audited event to a configurable writable stream
+ * (default: disabled).  Each entry captures operation type, agent/session
+ * context, a summary of arguments and results, and wall-clock duration.
+ *
+ * Design constraints:
+ *   - Zero overhead when disabled (no-op fast path).
+ *   - Does not throw on write failures — audit is best-effort.
+ *   - Does not buffer — each event is flushed immediately.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.AuditLogger = void 0;
+class AuditLogger {
+    stream;
+    constructor(stream) {
+        this.stream = stream ?? null;
+    }
+    get enabled() {
+        return this.stream !== null;
+    }
+    log(entry) {
+        if (!this.stream)
+            return;
+        try {
+            const line = JSON.stringify({
+                ...entry,
+                timestamp: entry.timestamp || new Date().toISOString(),
+            });
+            this.stream.write(line + '\n');
+        }
+        catch {
+            // Best-effort — never crash the MCP server for audit failures.
+        }
+    }
+    /**
+     * Convenience: wraps an async handler, emitting an audit entry with
+     * timing around the call.  Returns the handler's result transparently.
+     */
+    async wrap(operation, opts, fn) {
+        if (!this.stream)
+            return fn();
+        const start = Date.now();
+        try {
+            const result = await fn();
+            this.log({
+                timestamp: new Date().toISOString(),
+                operation,
+                agentId: opts.agentId,
+                sessionId: opts.sessionId,
+                args_summary: opts.args,
+                durationMs: Date.now() - start,
+            });
+            return result;
+        }
+        catch (err) {
+            this.log({
+                timestamp: new Date().toISOString(),
+                operation,
+                agentId: opts.agentId,
+                sessionId: opts.sessionId,
+                args_summary: opts.args,
+                result_summary: { error: err instanceof Error ? err.message : String(err) },
+                durationMs: Date.now() - start,
+            });
+            throw err;
+        }
+    }
+}
+exports.AuditLogger = AuditLogger;
+//# sourceMappingURL=audit.js.map

package/dist/mcp/audit.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"audit.js","sourceRoot":"","sources":["../../src/mcp/audit.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;GAWG;;;AAyBH,MAAa,WAAW;IACL,MAAM,CAAkB;IAEzC,YAAY,MAAwB;QAClC,IAAI,CAAC,MAAM,GAAG,MAAM,IAAI,IAAI,CAAC;IAC/B,CAAC;IAED,IAAI,OAAO;QACT,OAAO,IAAI,CAAC,MAAM,KAAK,IAAI,CAAC;IAC9B,CAAC;IAED,GAAG,CAAC,KAAiB;QACnB,IAAI,CAAC,IAAI,CAAC,MAAM;YAAE,OAAO;QACzB,IAAI,CAAC;YACH,MAAM,IAAI,GAAG,IAAI,CAAC,SAAS,CAAC;gBAC1B,GAAG,KAAK;gBACR,SAAS,EAAE,KAAK,CAAC,SAAS,IAAI,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;aACvD,CAAC,CAAC;YACH,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,GAAG,IAAI,CAAC,CAAC;QACjC,CAAC;QAAC,MAAM,CAAC;YACP,+DAA+D;QACjE,CAAC;IACH,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,IAAI,CACR,SAAyB,EACzB,IAA8E,EAC9E,EAAoB;QAEpB,IAAI,CAAC,IAAI,CAAC,MAAM;YAAE,OAAO,EAAE,EAAE,CAAC;QAE9B,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QACzB,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,MAAM,EAAE,EAAE,CAAC;YAC1B,IAAI,CAAC,GAAG,CAAC;gBACP,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;gBACnC,SAAS;gBACT,OAAO,EAAE,IAAI,CAAC,OAAO;gBACrB,SAAS,EAAE,IAAI,CAAC,SAAS;gBACzB,YAAY,EAAE,IAAI,CAAC,IAAI;gBACvB,UAAU,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK;aAC/B,CAAC,CAAC;YACH,OAAO,MAAM,CAAC;QAChB,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,IAAI,CAAC,GAAG,CAAC;gBACP,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;gBACnC,SAAS;gBACT,OAAO,EAAE,IAAI,CAAC,OAAO;gBACrB,SAAS,EAAE,IAAI,CAAC,SAAS;gBACzB,YAAY,EAAE,IAAI,CAAC,IAAI;gBACvB,cAAc,EAAE,EAAE,KAAK,EAAE,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE;gBAC3E,UAAU,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK;aAC/B,CAAC,CAAC;YACH,MAAM,GAAG,CAAC;QACZ,CAAC;IACH,CAAC;CACF;AA5DD,kCA4DC"}

package/dist/mcp/contracts.d.ts

@@ -0,0 +1,76 @@
+/**
+ * Health contracts, risk levels, and recovery policy types used by the
+ * Ojas MCP server.
+ *
+ * A health contract is the "service-level agreement" between Ojas and an
+ * agent: what counts as healthy, what risks the agent carries, what
+ * recovery actions apply when things go wrong.
+ */
+import type { OjasModuleName } from '../types';
+export type AgentRiskLevel = 'low' | 'medium' | 'high' | 'critical';
+export type ToolMode = 'observe' | 'recommend' | 'apply';
+export type RecoveryActionId = 'compress_context' | 'reset_plan' | 'freeze_memory_writes' | 'quarantine_input' | 'generate_fallback_response' | 'enter_safe_mode' | 'human_escalation' | 'reduce_tool_calls' | 'switch_to_cached_sources';
+export interface HealthThresholds {
+    /** Minimum overall Ojas score (0–100) the agent must maintain. */
+    minimum_ojas_score?: number;
+    /** Minimum Aahar context-quality score (0–100). */
+    minimum_context_quality?: number;
+    /** Maximum tolerated hallucination risk (0–100 percent). */
+    maximum_hallucination_risk?: number;
+}
+export interface RecoveryPolicy {
+    on_context_overload?: RecoveryActionId;
+    on_prompt_injection?: RecoveryActionId;
+    on_repeated_failure?: RecoveryActionId;
+    on_memory_conflict?: RecoveryActionId;
+    on_tool_failure_loop?: RecoveryActionId;
+}
+export interface HealthContract {
+    agent_id: string;
+    agent_name?: string;
+    agent_type?: string;
+    risk_level: AgentRiskLevel;
+    description?: string;
+    allowed_tools?: string[];
+    health_thresholds: Required<Pick<HealthThresholds, 'minimum_ojas_score'>> & HealthThresholds;
+    recovery_policy: RecoveryPolicy;
+    /** ISO timestamp when the contract was created. */
+    created_at: string;
+    /** Stable id assigned to the contract. */
+    health_contract_id: string;
+}
+export interface AgentToolHealth {
+    tool_name: string;
+    total_calls: number;
+    successes: number;
+    failures: number;
+    timeouts: number;
+    latency_sum_ms: number;
+    last_seen_at: string;
+}
+export type HealthState = 'healthy' | 'watch' | 'degraded' | 'critical';
+export interface ModuleScoresPercent {
+    aahar: number;
+    nidra: number;
+    vyayam: number;
+    raksha: number;
+    agni: number;
+    pulse: number;
+    chikitsa: number;
+}
+export interface AffectedModulesList {
+    modules: OjasModuleName[];
+}
+/**
+ * Defaults applied when an agent is auto-registered (i.e. a tool is called
+ * with an `agent_id` that has not yet been explicitly registered).
+ */
+export declare const DEFAULT_HEALTH_THRESHOLDS: Required<HealthThresholds>;
+export declare const DEFAULT_RECOVERY_POLICY: RecoveryPolicy;
+/**
+ * Classify a 0–100 Ojas score into a human-readable health state.
+ * Thresholds are tuned to match the spec example ("Agent is healthy but
+ * shows mild degradation under broad research tasks" at 82, etc.).
+ */
+export declare function classifyHealthState(score100: number, contract?: HealthContract): HealthState;
+//# sourceMappingURL=contracts.d.ts.map

package/dist/mcp/contracts.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"contracts.d.ts","sourceRoot":"","sources":["../../src/mcp/contracts.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,UAAU,CAAC;AAE/C,MAAM,MAAM,cAAc,GAAG,KAAK,GAAG,QAAQ,GAAG,MAAM,GAAG,UAAU,CAAC;AAEpE,MAAM,MAAM,QAAQ,GAAG,SAAS,GAAG,WAAW,GAAG,OAAO,CAAC;AAEzD,MAAM,MAAM,gBAAgB,GACxB,kBAAkB,GAClB,YAAY,GACZ,sBAAsB,GACtB,kBAAkB,GAClB,4BAA4B,GAC5B,iBAAiB,GACjB,kBAAkB,GAClB,mBAAmB,GACnB,0BAA0B,CAAC;AAE/B,MAAM,WAAW,gBAAgB;IAC/B,kEAAkE;IAClE,kBAAkB,CAAC,EAAE,MAAM,CAAC;IAC5B,mDAAmD;IACnD,uBAAuB,CAAC,EAAE,MAAM,CAAC;IACjC,4DAA4D;IAC5D,0BAA0B,CAAC,EAAE,MAAM,CAAC;CACrC;AAED,MAAM,WAAW,cAAc;IAC7B,mBAAmB,CAAC,EAAE,gBAAgB,CAAC;IACvC,mBAAmB,CAAC,EAAE,gBAAgB,CAAC;IACvC,mBAAmB,CAAC,EAAE,gBAAgB,CAAC;IACvC,kBAAkB,CAAC,EAAE,gBAAgB,CAAC;IACtC,oBAAoB,CAAC,EAAE,gBAAgB,CAAC;CACzC;AAED,MAAM,WAAW,cAAc;IAC7B,QAAQ,EAAE,MAAM,CAAC;IACjB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,UAAU,EAAE,cAAc,CAAC;IAC3B,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,aAAa,CAAC,EAAE,MAAM,EAAE,CAAC;IACzB,iBAAiB,EAAE,QAAQ,CAAC,IAAI,CAAC,gBAAgB,EAAE,oBAAoB,CAAC,CAAC,GAAG,gBAAgB,CAAC;IAC7F,eAAe,EAAE,cAAc,CAAC;IAChC,mDAAmD;IACnD,UAAU,EAAE,MAAM,CAAC;IACnB,0CAA0C;IAC1C,kBAAkB,EAAE,MAAM,CAAC;CAC5B;AAED,MAAM,WAAW,eAAe;IAC9B,SAAS,EAAE,MAAM,CAAC;IAClB,WAAW,EAAE,MAAM,CAAC;IACpB,SAAS,EAAE,MAAM,CAAC;IAClB,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,EAAE,MAAM,CAAC;IACjB,cAAc,EAAE,MAAM,CAAC;IACvB,YAAY,EAAE,MAAM,CAAC;CACtB;AAED,MAAM,MAAM,WAAW,GAAG,SAAS,GAAG,OAAO,GAAG,UAAU,GAAG,UAAU,CAAC;AAExE,MAAM,WAAW,mBAAmB;IAClC,KAAK,EAAE,MAAM,CAAC;IACd,KAAK,EAAE,MAAM,CAAC;IACd,MAAM,EAAE,MAAM,CAAC;IACf,MAAM,EAAE,MAAM,CAAC;IACf,IAAI,EAAE,MAAM,CAAC;IACb,KAAK,EAAE,MAAM,CAAC;IACd,QAAQ,EAAE,MAAM,CAAC;CAClB;AAED,MAAM,WAAW,mBAAmB;IAClC,OAAO,EAAE,cAAc,EAAE,CAAC;CAC3B;AAED;;;GAGG;AACH,eAAO,MAAM,yBAAyB,EAAE,QAAQ,CAAC,gBAAgB,CAIhE,CAAC;AAEF,eAAO,MAAM,uBAAuB,EAAE,cAMrC,CAAC;AAEF;;;;GAIG;AACH,wBAAgB,mBAAmB,CAAC,QAAQ,EAAE,MAAM,EAAE,QAAQ,CAAC,EAAE,cAAc,GAAG,WAAW,CAM5F"}

package/dist/mcp/contracts.js

@@ -0,0 +1,44 @@
+"use strict";
+/**
+ * Health contracts, risk levels, and recovery policy types used by the
+ * Ojas MCP server.
+ *
+ * A health contract is the "service-level agreement" between Ojas and an
+ * agent: what counts as healthy, what risks the agent carries, what
+ * recovery actions apply when things go wrong.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.DEFAULT_RECOVERY_POLICY = exports.DEFAULT_HEALTH_THRESHOLDS = void 0;
+exports.classifyHealthState = classifyHealthState;
+/**
+ * Defaults applied when an agent is auto-registered (i.e. a tool is called
+ * with an `agent_id` that has not yet been explicitly registered).
+ */
+exports.DEFAULT_HEALTH_THRESHOLDS = {
+    minimum_ojas_score: 70,
+    minimum_context_quality: 65,
+    maximum_hallucination_risk: 20,
+};
+exports.DEFAULT_RECOVERY_POLICY = {
+    on_context_overload: 'compress_context',
+    on_prompt_injection: 'quarantine_input',
+    on_repeated_failure: 'enter_safe_mode',
+    on_memory_conflict: 'freeze_memory_writes',
+    on_tool_failure_loop: 'generate_fallback_response',
+};
+/**
+ * Classify a 0–100 Ojas score into a human-readable health state.
+ * Thresholds are tuned to match the spec example ("Agent is healthy but
+ * shows mild degradation under broad research tasks" at 82, etc.).
+ */
+function classifyHealthState(score100, contract) {
+    const minimum = contract?.health_thresholds.minimum_ojas_score ?? exports.DEFAULT_HEALTH_THRESHOLDS.minimum_ojas_score;
+    if (score100 >= 90)
+        return 'healthy';
+    if (score100 >= minimum)
+        return 'watch';
+    if (score100 >= Math.max(40, minimum - 20))
+        return 'degraded';
+    return 'critical';
+}
+//# sourceMappingURL=contracts.js.map

package/dist/mcp/contracts.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"contracts.js","sourceRoot":"","sources":["../../src/mcp/contracts.ts"],"names":[],"mappings":";AAAA;;;;;;;GAOG;;;AAoGH,kDAMC;AA7BD;;;GAGG;AACU,QAAA,yBAAyB,GAA+B;IACnE,kBAAkB,EAAE,EAAE;IACtB,uBAAuB,EAAE,EAAE;IAC3B,0BAA0B,EAAE,EAAE;CAC/B,CAAC;AAEW,QAAA,uBAAuB,GAAmB;IACrD,mBAAmB,EAAE,kBAAkB;IACvC,mBAAmB,EAAE,kBAAkB;IACvC,mBAAmB,EAAE,iBAAiB;IACtC,kBAAkB,EAAE,sBAAsB;IAC1C,oBAAoB,EAAE,4BAA4B;CACnD,CAAC;AAEF;;;;GAIG;AACH,SAAgB,mBAAmB,CAAC,QAAgB,EAAE,QAAyB;IAC7E,MAAM,OAAO,GAAG,QAAQ,EAAE,iBAAiB,CAAC,kBAAkB,IAAI,iCAAyB,CAAC,kBAAkB,CAAC;IAC/G,IAAI,QAAQ,IAAI,EAAE;QAAE,OAAO,SAAS,CAAC;IACrC,IAAI,QAAQ,IAAI,OAAO;QAAE,OAAO,OAAO,CAAC;IACxC,IAAI,QAAQ,IAAI,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,OAAO,GAAG,EAAE,CAAC;QAAE,OAAO,UAAU,CAAC;IAC9D,OAAO,UAAU,CAAC;AACpB,CAAC"}

package/dist/mcp/envelope.d.ts

@@ -0,0 +1,107 @@
+/**
+ * Standard response envelope for every Ojas MCP tool.
+ *
+ * Per the Ojas tool-design contract, every tool returns a uniform set of
+ * meta fields (`status`, `ojas_score_delta`, `affected_modules`,
+ * `events_created`, `recommended_next_actions`, `requires_human_review`)
+ * plus a `correlation_id` and `agent_id`, with the tool-specific payload
+ * merged on top.
+ */
+import type { OjasModuleName } from '../types';
+export type EnvelopeStatus = 'success' | 'warning' | 'failed';
+export interface EnvelopeMeta {
+    status?: EnvelopeStatus;
+    agent_id?: string;
+    correlation_id?: string;
+    ojas_score_delta?: number;
+    affected_modules?: OjasModuleName[];
+    events_created?: string[];
+    recommended_next_actions?: string[];
+    requires_human_review?: boolean;
+}
+/**
+ * Public envelope shape returned to clients. Tool-specific fields are
+ * merged in via `T`.
+ */
+export type Envelope<T extends object = Record<string, unknown>> = T & {
+    status: EnvelopeStatus;
+    agent_id: string | null;
+    correlation_id: string;
+    ojas_score_delta: number;
+    affected_modules: OjasModuleName[];
+    events_created: string[];
+    recommended_next_actions: string[];
+    requires_human_review: boolean;
+};
+export declare function generateCorrelationId(): string;
+export declare function envelope<T extends object>(data: T, meta?: EnvelopeMeta): Envelope<T>;
+/** Convenience: wrap an envelope as an MCP `tools/call` text-content reply. */
+export declare function mcpReply<T extends object>(data: T, meta?: EnvelopeMeta): {
+    content: {
+        type: "text";
+        text: string;
+    }[];
+};
+/**
+ * Payload for every tool that accepts a `session_id` input. Session
+ * isolation is implemented in the MCP registry: non-default session IDs
+ * receive their own Ojas runtime state and optional persistence row.
+ */
+export declare function sessionScopeFields(session_id: string | undefined | null): {
+    session_id: string | null;
+    session_scope_supported: true;
+};
+/**
+ * Categories returned by `classifyError`, attached to every failed
+ * envelope as `error_code`. See the comment on `OjasError` for the
+ * canonical mapping.
+ */
+export type ErrorCode = 'invalid_input' | 'policy_violation' | 'not_found' | 'internal_error';
+/**
+ * Typed error thrown from internal Ojas boundaries (registry, schema
+ * validators, policy gates) so `safeHandler` can label the failed
+ * envelope without pattern-matching on the message string. Message
+ * heuristics in `classifyError` remain as a fallback for third-party
+ * throws and unexpected internal exceptions.
+ *
+ * Canonical category mapping:
+ *
+ * - `invalid_input`     — schema validation, malformed dates, bad types.
+ *                          Caller bug, not a safety event.
+ * - `policy_violation`  — health-contract or allowlist refusals
+ *                          (duplicate-register, replacement disabled,
+ *                          unknown agent on a strict allowlist).
+ *                          Caller asked for something the policy forbids.
+ * - `not_found`         — agent or resource lookup failures.
+ * - `internal_error`    — everything else. These are the only ones that
+ *                          require human review by default; everything
+ *                          else is a caller-side problem.
+ */
+export declare class OjasError extends Error {
+    readonly code: ErrorCode;
+    readonly humanReview: boolean;
+    constructor(code: ErrorCode, message: string, humanReview?: boolean);
+}
+/**
+ * Classify any thrown value into an `ErrorCode`. Prefers a typed
+ * `OjasError.code` when available; otherwise falls back to message
+ * substring heuristics. The heuristics path is intentionally narrow —
+ * unknown messages are labelled `internal_error` so they still page a
+ * human and we get a signal to convert that throw site to `OjasError`.
+ */
+export declare function classifyError(err: unknown): ErrorCode;
+/**
+ * Wrap an Ojas tool handler so any thrown error is returned as a
+ * structured `status: 'failed'` envelope rather than escaping as an MCP
+ * protocol-level error. Variadic to preserve any extra args (context,
+ * request-id, cancellation handle) the MCP SDK may pass alongside the
+ * input arguments — dropping those would lock us out of future SDK
+ * features like per-call auth context.
+ *
+ * Errors are classified by message into `invalid_input`,
+ * `policy_violation`, `not_found`, or `internal_error`. Only internal
+ * errors set `requires_human_review: true` so dashboards aren't paged
+ * for routine validation failures.
+ */
+export declare function safeHandler(toolName: string, handler: (...args: any[]) => Promise<ReturnType<typeof mcpReply>>): (...args: unknown[]) => Promise<ReturnType<typeof mcpReply>>;
+//# sourceMappingURL=envelope.d.ts.map

package/dist/mcp/envelope.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"envelope.d.ts","sourceRoot":"","sources":["../../src/mcp/envelope.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,UAAU,CAAC;AAG/C,MAAM,MAAM,cAAc,GAAG,SAAS,GAAG,SAAS,GAAG,QAAQ,CAAC;AAE9D,MAAM,WAAW,YAAY;IAC3B,MAAM,CAAC,EAAE,cAAc,CAAC;IACxB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,gBAAgB,CAAC,EAAE,cAAc,EAAE,CAAC;IACpC,cAAc,CAAC,EAAE,MAAM,EAAE,CAAC;IAC1B,wBAAwB,CAAC,EAAE,MAAM,EAAE,CAAC;IACpC,qBAAqB,CAAC,EAAE,OAAO,CAAC;CACjC;AAED;;;GAGG;AACH,MAAM,MAAM,QAAQ,CAAC,CAAC,SAAS,MAAM,GAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,IAAI,CAAC,GAAG;IACrE,MAAM,EAAE,cAAc,CAAC;IACvB,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAC;IACxB,cAAc,EAAE,MAAM,CAAC;IACvB,gBAAgB,EAAE,MAAM,CAAC;IACzB,gBAAgB,EAAE,cAAc,EAAE,CAAC;IACnC,cAAc,EAAE,MAAM,EAAE,CAAC;IACzB,wBAAwB,EAAE,MAAM,EAAE,CAAC;IACnC,qBAAqB,EAAE,OAAO,CAAC;CAChC,CAAC;AAEF,wBAAgB,qBAAqB,IAAI,MAAM,CAE9C;AAED,wBAAgB,QAAQ,CAAC,CAAC,SAAS,MAAM,EAAE,IAAI,EAAE,CAAC,EAAE,IAAI,GAAE,YAAiB,GAAG,QAAQ,CAAC,CAAC,CAAC,CAYxF;AAED,+EAA+E;AAC/E,wBAAgB,QAAQ,CAAC,CAAC,SAAS,MAAM,EAAE,IAAI,EAAE,CAAC,EAAE,IAAI,GAAE,YAAiB;;;;;EAO1E;AAED;;;;GAIG;AACH,wBAAgB,kBAAkB,CAAC,UAAU,EAAE,MAAM,GAAG,SAAS,GAAG,IAAI,GAAG;IACzE,UAAU,EAAE,MAAM,GAAG,IAAI,CAAC;IAC1B,uBAAuB,EAAE,IAAI,CAAC;CAC/B,CAKA;AAED;;;;GAIG;AACH,MAAM,MAAM,SAAS,GACjB,eAAe,GACf,kBAAkB,GAClB,WAAW,GACX,gBAAgB,CAAC;AAErB;;;;;;;;;;;;;;;;;;;GAmBG;AACH,qBAAa,SAAU,SAAQ,KAAK;IAClC,QAAQ,CAAC,IAAI,EAAE,SAAS,CAAC;IACzB,QAAQ,CAAC,WAAW,EAAE,OAAO,CAAC;gBAClB,IAAI,EAAE,SAAS,EAAE,OAAO,EAAE,MAAM,EAAE,WAAW,UAAQ;CAMlE;AAED;;;;;;GAMG;AACH,wBAAgB,aAAa,CAAC,GAAG,EAAE,OAAO,GAAG,SAAS,CA2BrD;AAED;;;;;;;;;;;;GAYG;AACH,wBAAgB,WAAW,CACzB,QAAQ,EAAE,MAAM,EAEhB,OAAO,EAAE,CAAC,GAAG,IAAI,EAAE,GAAG,EAAE,KAAK,OAAO,CAAC,UAAU,CAAC,OAAO,QAAQ,CAAC,CAAC,GAChE,CAAC,GAAG,IAAI,EAAE,OAAO,EAAE,KAAK,OAAO,CAAC,UAAU,CAAC,OAAO,QAAQ,CAAC,CAAC,CAgC9D"}

package/dist/mcp/envelope.js

@@ -0,0 +1,162 @@
+"use strict";
+/**
+ * Standard response envelope for every Ojas MCP tool.
+ *
+ * Per the Ojas tool-design contract, every tool returns a uniform set of
+ * meta fields (`status`, `ojas_score_delta`, `affected_modules`,
+ * `events_created`, `recommended_next_actions`, `requires_human_review`)
+ * plus a `correlation_id` and `agent_id`, with the tool-specific payload
+ * merged on top.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.OjasError = void 0;
+exports.generateCorrelationId = generateCorrelationId;
+exports.envelope = envelope;
+exports.mcpReply = mcpReply;
+exports.sessionScopeFields = sessionScopeFields;
+exports.classifyError = classifyError;
+exports.safeHandler = safeHandler;
+const id_1 = require("../util/id");
+function generateCorrelationId() {
+    return (0, id_1.newId)('cor');
+}
+function envelope(data, meta = {}) {
+    return {
+        status: meta.status ?? 'success',
+        agent_id: meta.agent_id ?? null,
+        correlation_id: meta.correlation_id ?? generateCorrelationId(),
+        ojas_score_delta: meta.ojas_score_delta ?? 0,
+        affected_modules: meta.affected_modules ?? [],
+        events_created: meta.events_created ?? [],
+        recommended_next_actions: meta.recommended_next_actions ?? [],
+        requires_human_review: meta.requires_human_review ?? false,
+        ...data,
+    };
+}
+/** Convenience: wrap an envelope as an MCP `tools/call` text-content reply. */
+function mcpReply(data, meta = {}) {
+    const payload = envelope(data, meta);
+    return {
+        content: [
+            { type: 'text', text: JSON.stringify(payload, null, 2) },
+        ],
+    };
+}
+/**
+ * Payload for every tool that accepts a `session_id` input. Session
+ * isolation is implemented in the MCP registry: non-default session IDs
+ * receive their own Ojas runtime state and optional persistence row.
+ */
+function sessionScopeFields(session_id) {
+    return {
+        session_id: session_id ?? null,
+        session_scope_supported: true,
+    };
+}
+/**
+ * Typed error thrown from internal Ojas boundaries (registry, schema
+ * validators, policy gates) so `safeHandler` can label the failed
+ * envelope without pattern-matching on the message string. Message
+ * heuristics in `classifyError` remain as a fallback for third-party
+ * throws and unexpected internal exceptions.
+ *
+ * Canonical category mapping:
+ *
+ * - `invalid_input`     — schema validation, malformed dates, bad types.
+ *                          Caller bug, not a safety event.
+ * - `policy_violation`  — health-contract or allowlist refusals
+ *                          (duplicate-register, replacement disabled,
+ *                          unknown agent on a strict allowlist).
+ *                          Caller asked for something the policy forbids.
+ * - `not_found`         — agent or resource lookup failures.
+ * - `internal_error`    — everything else. These are the only ones that
+ *                          require human review by default; everything
+ *                          else is a caller-side problem.
+ */
+class OjasError extends Error {
+    code;
+    humanReview;
+    constructor(code, message, humanReview = false) {
+        super(message);
+        this.name = 'OjasError';
+        this.code = code;
+        this.humanReview = humanReview;
+    }
+}
+exports.OjasError = OjasError;
+/**
+ * Classify any thrown value into an `ErrorCode`. Prefers a typed
+ * `OjasError.code` when available; otherwise falls back to message
+ * substring heuristics. The heuristics path is intentionally narrow —
+ * unknown messages are labelled `internal_error` so they still page a
+ * human and we get a signal to convert that throw site to `OjasError`.
+ */
+function classifyError(err) {
+    if (err instanceof OjasError)
+        return err.code;
+    const message = err instanceof Error ? err.message : typeof err === 'string' ? err : String(err);
+    const m = message.toLowerCase();
+    if (m.includes('already registered') ||
+        m.includes('replacement is disabled') ||
+        m.includes('not allowed') ||
+        m.includes('auto-registration is disabled') ||
+        m.includes('maxagents')) {
+        return 'policy_violation';
+    }
+    if (m.includes('not found') || m.includes('unknown agent')) {
+        return 'not_found';
+    }
+    if (m.includes('must be') ||
+        m.includes('must include') ||
+        m.includes('invalid') ||
+        m.includes('is in the future') ||
+        m.includes('iso-8601')) {
+        return 'invalid_input';
+    }
+    return 'internal_error';
+}
+/**
+ * Wrap an Ojas tool handler so any thrown error is returned as a
+ * structured `status: 'failed'` envelope rather than escaping as an MCP
+ * protocol-level error. Variadic to preserve any extra args (context,
+ * request-id, cancellation handle) the MCP SDK may pass alongside the
+ * input arguments — dropping those would lock us out of future SDK
+ * features like per-call auth context.
+ *
+ * Errors are classified by message into `invalid_input`,
+ * `policy_violation`, `not_found`, or `internal_error`. Only internal
+ * errors set `requires_human_review: true` so dashboards aren't paged
+ * for routine validation failures.
+ */
+function safeHandler(toolName, 
+// eslint-disable-next-line @typescript-eslint/no-explicit-any
+handler) {
+    return async (...args) => {
+        try {
+            return await handler(...args);
+        }
+        catch (err) {
+            const message = err instanceof Error ? err.message : String(err);
+            const errorCode = classifyError(err);
+            const firstArg = args[0];
+            const agent_id = firstArg && typeof firstArg.agent_id === 'string' ? firstArg.agent_id : null;
+            // Only true internal crashes page a human by default. Validation /
+            // policy / not-found are caller-side problems and should show up
+            // in client logs, not the operator pager. A typed OjasError can
+            // override this when an internal boundary needs human attention
+            // even though the code itself is a validation / policy class.
+            const requires_human_review = err instanceof OjasError ? err.humanReview : errorCode === 'internal_error';
+            return mcpReply({
+                accepted: false,
+                error: message,
+                error_class: `${toolName}_error`,
+                error_code: errorCode,
+            }, {
+                status: 'failed',
+                agent_id: agent_id ?? undefined,
+                requires_human_review,
+            });
+        }
+    };
+}
+//# sourceMappingURL=envelope.js.map

package/dist/mcp/envelope.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"envelope.js","sourceRoot":"","sources":["../../src/mcp/envelope.ts"],"names":[],"mappings":";AAAA;;;;;;;;GAQG;;;AAiCH,sDAEC;AAED,4BAYC;AAGD,4BAOC;AAOD,gDAQC;AAmDD,sCA2BC;AAeD,kCAoCC;AAxMD,mCAAmC;AA8BnC,SAAgB,qBAAqB;IACnC,OAAO,IAAA,UAAK,EAAC,KAAK,CAAC,CAAC;AACtB,CAAC;AAED,SAAgB,QAAQ,CAAmB,IAAO,EAAE,OAAqB,EAAE;IACzE,OAAO;QACL,MAAM,EAAE,IAAI,CAAC,MAAM,IAAI,SAAS;QAChC,QAAQ,EAAE,IAAI,CAAC,QAAQ,IAAI,IAAI;QAC/B,cAAc,EAAE,IAAI,CAAC,cAAc,IAAI,qBAAqB,EAAE;QAC9D,gBAAgB,EAAE,IAAI,CAAC,gBAAgB,IAAI,CAAC;QAC5C,gBAAgB,EAAE,IAAI,CAAC,gBAAgB,IAAI,EAAE;QAC7C,cAAc,EAAE,IAAI,CAAC,cAAc,IAAI,EAAE;QACzC,wBAAwB,EAAE,IAAI,CAAC,wBAAwB,IAAI,EAAE;QAC7D,qBAAqB,EAAE,IAAI,CAAC,qBAAqB,IAAI,KAAK;QAC1D,GAAG,IAAI;KACR,CAAC;AACJ,CAAC;AAED,+EAA+E;AAC/E,SAAgB,QAAQ,CAAmB,IAAO,EAAE,OAAqB,EAAE;IACzE,MAAM,OAAO,GAAG,QAAQ,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;IACrC,OAAO;QACL,OAAO,EAAE;YACP,EAAE,IAAI,EAAE,MAAe,EAAE,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE;SAClE;KACF,CAAC;AACJ,CAAC;AAED;;;;GAIG;AACH,SAAgB,kBAAkB,CAAC,UAAqC;IAItE,OAAO;QACL,UAAU,EAAE,UAAU,IAAI,IAAI;QAC9B,uBAAuB,EAAE,IAAI;KAC9B,CAAC;AACJ,CAAC;AAaD;;;;;;;;;;;;;;;;;;;GAmBG;AACH,MAAa,SAAU,SAAQ,KAAK;IACzB,IAAI,CAAY;IAChB,WAAW,CAAU;IAC9B,YAAY,IAAe,EAAE,OAAe,EAAE,WAAW,GAAG,KAAK;QAC/D,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,IAAI,GAAG,WAAW,CAAC;QACxB,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC;QACjB,IAAI,CAAC,WAAW,GAAG,WAAW,CAAC;IACjC,CAAC;CACF;AATD,8BASC;AAED;;;;;;GAMG;AACH,SAAgB,aAAa,CAAC,GAAY;IACxC,IAAI,GAAG,YAAY,SAAS;QAAE,OAAO,GAAG,CAAC,IAAI,CAAC;IAC9C,MAAM,OAAO,GACX,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,OAAO,GAAG,KAAK,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;IACnF,MAAM,CAAC,GAAG,OAAO,CAAC,WAAW,EAAE,CAAC;IAChC,IACE,CAAC,CAAC,QAAQ,CAAC,oBAAoB,CAAC;QAChC,CAAC,CAAC,QAAQ,CAAC,yBAAyB,CAAC;QACrC,CAAC,CAAC,QAAQ,CAAC,aAAa,CAAC;QACzB,CAAC,CAAC,QAAQ,CAAC,+BAA+B,CAAC;QAC3C,CAAC,CAAC,QAAQ,CAAC,WAAW,CAAC,EACvB,CAAC;QACD,OAAO,kBAAkB,CAAC;IAC5B,CAAC;IACD,IAAI,CAAC,CAAC,QAAQ,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC,QAAQ,CAAC,eAAe,CAAC,EAAE,CAAC;QAC3D,OAAO,WAAW,CAAC;IACrB,CAAC;IACD,IACE,CAAC,CAAC,QAAQ,CAAC,SAAS,CAAC;QACrB,CAAC,CAAC,QAAQ,CAAC,cAAc,CAAC;QAC1B,CAAC,CAAC,QAAQ,CAAC,SAAS,CAAC;QACrB,CAAC,CAAC,QAAQ,CAAC,kBAAkB,CAAC;QAC9B,CAAC,CAAC,QAAQ,CAAC,UAAU,CAAC,EACtB,CAAC;QACD,OAAO,eAAe,CAAC;IACzB,CAAC;IACD,OAAO,gBAAgB,CAAC;AAC1B,CAAC;AAED;;;;;;;;;;;;GAYG;AACH,SAAgB,WAAW,CACzB,QAAgB;AAChB,8DAA8D;AAC9D,OAAiE;IAEjE,OAAO,KAAK,EAAE,GAAG,IAAe,EAAE,EAAE;QAClC,IAAI,CAAC;YACH,OAAO,MAAM,OAAO,CAAC,GAAG,IAAI,CAAC,CAAC;QAChC,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,OAAO,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;YACjE,MAAM,SAAS,GAAG,aAAa,CAAC,GAAG,CAAC,CAAC;YACrC,MAAM,QAAQ,GAAG,IAAI,CAAC,CAAC,CAAwC,CAAC;YAChE,MAAM,QAAQ,GACZ,QAAQ,IAAI,OAAO,QAAQ,CAAC,QAAQ,KAAK,QAAQ,CAAC,CAAC,CAAE,QAAQ,CAAC,QAAmB,CAAC,CAAC,CAAC,IAAI,CAAC;YAC3F,mEAAmE;YACnE,iEAAiE;YACjE,gEAAgE;YAChE,gEAAgE;YAChE,8DAA8D;YAC9D,MAAM,qBAAqB,GACzB,GAAG,YAAY,SAAS,CAAC,CAAC,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC,CAAC,SAAS,KAAK,gBAAgB,CAAC;YAC9E,OAAO,QAAQ,CACb;gBACE,QAAQ,EAAE,KAAK;gBACf,KAAK,EAAE,OAAO;gBACd,WAAW,EAAE,GAAG,QAAQ,QAAQ;gBAChC,UAAU,EAAE,SAAS;aACtB,EACD;gBACE,MAAM,EAAE,QAAQ;gBAChB,QAAQ,EAAE,QAAQ,IAAI,SAAS;gBAC/B,qBAAqB;aACtB,CACF,CAAC;QACJ,CAAC;IACH,CAAC,CAAC;AACJ,CAAC"}

package/dist/mcp/registry.d.ts

@@ -0,0 +1,110 @@
+/**
+ * Multi-agent registry for the Ojas MCP server.
+ *
+ * Each registered agent gets its own `Ojas` instance plus a stored
+ * `HealthContract`, recent-history caches, and operational flags
+ * (e.g. safe mode). The MCP server proxies tool calls to the
+ * registry, which routes by `agent_id`.
+ */
+import { Ojas } from '../index';
+import type { AgentHealthReport } from '../types';
+import type { PersistenceStore } from '../persistence/types';
+import { AgentRiskLevel, AgentToolHealth, HealthContract, HealthThresholds, RecoveryPolicy } from './contracts';
+export interface RegisterAgentInput {
+    agent_id: string;
+    agent_name?: string;
+    agent_type?: string;
+    risk_level?: AgentRiskLevel;
+    description?: string;
+    allowed_tools?: string[];
+    health_thresholds?: HealthThresholds;
+    recovery_policy?: RecoveryPolicy;
+    /** Explicitly replace an existing registration and all its runtime state. */
+    replace_existing?: boolean;
+}
+export interface RecentEvent {
+    id: string;
+    timestamp: string;
+    event_type: string;
+    description: string;
+}
+export interface AgentEntry {
+    agent_id: string;
+    session_id: string;
+    ojas: Ojas;
+    contract: HealthContract;
+    safe_mode: boolean;
+    safe_mode_reason?: string;
+    safe_mode_restrictions: string[];
+    tool_health: Map<string, AgentToolHealth>;
+    recent_events: RecentEvent[];
+    last_health_score: number;
+    last_health_report?: AgentHealthReport;
+}
+export interface AgentRegistryOptions {
+    /** Hard cap on simultaneously-tracked agents. Registration fails once full. */
+    maxAgents?: number;
+    /**
+     * Whether unknown `agent_id`s may be silently auto-registered when a tool
+     * is invoked. Defaults to true for developer-friendly local use; set to
+     * false (e.g. via the OJAS_DISABLE_AUTO_REGISTER env var on the MCP
+     * server) to require an explicit `ojas_register_agent` call.
+     */
+    autoRegister?: boolean;
+    /** Optional allowlist of agent IDs this registry will accept. */
+    allowedAgentIds?: string[];
+    /**
+     * Whether `register(replace_existing: true)` is honoured. **Defaults to
+     * false** — replacing an existing registration wipes its accumulated
+     * Ojas state (traces, memories, events, contract). Production
+     * deployments should leave this off and rely on operator action to
+     * reset state intentionally. The MCP server wires this from
+     * `OJAS_ALLOW_REPLACE_EXISTING=1`.
+     */
+    allowReplaceExisting?: boolean;
+    /** Optional durable store used to hydrate and persist session state. */
+    persistenceStore?: PersistenceStore;
+}
+export declare class AgentRegistry {
+    private agents;
+    private readonly maxAgents;
+    private readonly autoRegister;
+    private readonly allowedAgentIds?;
+    private readonly allowReplaceExisting;
+    private readonly persistenceStore?;
+    constructor(opts?: AgentRegistryOptions);
+    private getSessionMap;
+    private putEntry;
+    private buildEntry;
+    private hydrate;
+    private snapshot;
+    persist(entry: AgentEntry): void;
+    private assertAgentAllowed;
+    /** Register an agent. Existing registrations are protected unless replace_existing=true. */
+    register(input: RegisterAgentInput): AgentEntry;
+    /** Look up an existing agent (returns undefined if not registered). */
+    get(agentId: string, sessionId?: string): AgentEntry | undefined;
+    /**
+     * Look up an agent, auto-registering with conservative defaults if
+     * missing. Throws when auto-registration is disabled — production
+     * deployments should disable it and require an explicit register call.
+     */
+    getOrAutoRegister(agentId: string, fallbackRisk?: AgentRiskLevel): AgentEntry;
+    getOrAutoRegisterSession(agentId: string, sessionId: string | undefined, fallbackRisk?: AgentRiskLevel): AgentEntry;
+    list(): readonly Readonly<AgentEntry>[];
+    /** Add an event to the agent's recent-events ring buffer. */
+    recordEvent(entry: AgentEntry, eventType: string, description: string): RecentEvent;
+    /** Update tool-health stats for an agent. */
+    recordToolOutcome(entry: AgentEntry, toolName: string, outcome: {
+        success: boolean;
+        latencyMs: number;
+        timeout: boolean;
+    }): AgentToolHealth;
+    /**
+     * Replace the agent's stored health snapshot and return the score delta
+     * (new − previous) so the caller can include it in the envelope.
+     */
+    updateHealthSnapshot(entry: AgentEntry, report: AgentHealthReport): number;
+    setSafeMode(entry: AgentEntry, on: boolean, reason?: string, restrictions?: string[]): void;
+}
+//# sourceMappingURL=registry.d.ts.map

package/dist/mcp/registry.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"registry.d.ts","sourceRoot":"","sources":["../../src/mcp/registry.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,EAAE,IAAI,EAAE,MAAM,UAAU,CAAC;AAChC,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,UAAU,CAAC;AAClD,OAAO,KAAK,EAAE,gBAAgB,EAA2B,MAAM,sBAAsB,CAAC;AAItF,OAAO,EACL,cAAc,EACd,eAAe,EAGf,cAAc,EACd,gBAAgB,EAChB,cAAc,EACf,MAAM,aAAa,CAAC;AAErB,MAAM,WAAW,kBAAkB;IACjC,QAAQ,EAAE,MAAM,CAAC;IACjB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,UAAU,CAAC,EAAE,cAAc,CAAC;IAC5B,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,aAAa,CAAC,EAAE,MAAM,EAAE,CAAC;IACzB,iBAAiB,CAAC,EAAE,gBAAgB,CAAC;IACrC,eAAe,CAAC,EAAE,cAAc,CAAC;IACjC,6EAA6E;IAC7E,gBAAgB,CAAC,EAAE,OAAO,CAAC;CAC5B;AAED,MAAM,WAAW,WAAW;IAC1B,EAAE,EAAE,MAAM,CAAC;IACX,SAAS,EAAE,MAAM,CAAC;IAClB,UAAU,EAAE,MAAM,CAAC;IACnB,WAAW,EAAE,MAAM,CAAC;CACrB;AAED,MAAM,WAAW,UAAU;IACzB,QAAQ,EAAE,MAAM,CAAC;IACjB,UAAU,EAAE,MAAM,CAAC;IACnB,IAAI,EAAE,IAAI,CAAC;IACX,QAAQ,EAAE,cAAc,CAAC;IACzB,SAAS,EAAE,OAAO,CAAC;IACnB,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,sBAAsB,EAAE,MAAM,EAAE,CAAC;IACjC,WAAW,EAAE,GAAG,CAAC,MAAM,EAAE,eAAe,CAAC,CAAC;IAC1C,aAAa,EAAE,WAAW,EAAE,CAAC;IAC7B,iBAAiB,EAAE,MAAM,CAAC;IAC1B,kBAAkB,CAAC,EAAE,iBAAiB,CAAC;CACxC;AA+BD,MAAM,WAAW,oBAAoB;IACnC,+EAA+E;IAC/E,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB;;;;;OAKG;IACH,YAAY,CAAC,EAAE,OAAO,CAAC;IACvB,iEAAiE;IACjE,eAAe,CAAC,EAAE,MAAM,EAAE,CAAC;IAC3B;;;;;;;OAOG;IACH,oBAAoB,CAAC,EAAE,OAAO,CAAC;IAC/B,wEAAwE;IACxE,gBAAgB,CAAC,EAAE,gBAAgB,CAAC;CACrC;AAED,qBAAa,aAAa;IACxB,OAAO,CAAC,MAAM,CAA8C;IAC5D,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAS;IACnC,OAAO,CAAC,QAAQ,CAAC,YAAY,CAAU;IACvC,OAAO,CAAC,QAAQ,CAAC,eAAe,CAAC,CAAc;IAC/C,OAAO,CAAC,QAAQ,CAAC,oBAAoB,CAAU;IAC/C,OAAO,CAAC,QAAQ,CAAC,gBAAgB,CAAC,CAAmB;gBAEzC,IAAI,GAAE,oBAAyB;IAW3C,OAAO,CAAC,aAAa;IAIrB,OAAO,CAAC,QAAQ;IAMhB,OAAO,CAAC,UAAU;IAclB,OAAO,CAAC,OAAO;IAkBf,OAAO,CAAC,QAAQ;IAgBhB,OAAO,CAAC,KAAK,EAAE,UAAU,GAAG,IAAI;IAIhC,OAAO,CAAC,kBAAkB;IAS1B,4FAA4F;IAC5F,QAAQ,CAAC,KAAK,EAAE,kBAAkB,GAAG,UAAU;IAuC/C,uEAAuE;IACvE,GAAG,CAAC,OAAO,EAAE,MAAM,EAAE,SAAS,GAAE,MAA2B,GAAG,UAAU,GAAG,SAAS;IAIpF;;;;OAIG;IACH,iBAAiB,CAAC,OAAO,EAAE,MAAM,EAAE,YAAY,GAAE,cAAyB,GAAG,UAAU;IAoBvF,wBAAwB,CACtB,OAAO,EAAE,MAAM,EACf,SAAS,EAAE,MAAM,GAAG,SAAS,EAC7B,YAAY,GAAE,cAAyB,GACtC,UAAU;IAgBb,IAAI,IAAI,SAAS,QAAQ,CAAC,UAAU,CAAC,EAAE;IAIvC,6DAA6D;IAC7D,WAAW,CAAC,KAAK,EAAE,UAAU,EAAE,SAAS,EAAE,MAAM,EAAE,WAAW,EAAE,MAAM,GAAG,WAAW;IAenF,6CAA6C;IAC7C,iBAAiB,CACf,KAAK,EAAE,UAAU,EACjB,QAAQ,EAAE,MAAM,EAChB,OAAO,EAAE;QAAE,OAAO,EAAE,OAAO,CAAC;QAAC,SAAS,EAAE,MAAM,CAAC;QAAC,OAAO,EAAE,OAAO,CAAA;KAAE,GACjE,eAAe;IA2BlB;;;OAGG;IACH,oBAAoB,CAAC,KAAK,EAAE,UAAU,EAAE,MAAM,EAAE,iBAAiB,GAAG,MAAM;IAS1E,WAAW,CAAC,KAAK,EAAE,UAAU,EAAE,EAAE,EAAE,OAAO,EAAE,MAAM,CAAC,EAAE,MAAM,EAAE,YAAY,GAAE,MAAM,EAAO,GAAG,IAAI;CAMhG"}