npm - @brainst0rm/cli - Versions diffs - 0.14.1 → 0.14.3 - Mend

@brainst0rm/cli 0.14.1 → 0.14.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (103) hide show

package/dist/{dist-JQXY4E6A.js → dist-KSUHKNET.js} RENAMED Viewed

@@ -7,17 +7,17 @@ import {
   buildSystemPrompt,
   createDefaultMiddlewarePipeline,
   runAgentLoop
-} from "./chunk-PIT7VD46.js";
+} from "./chunk-N5V2PGPN.js";
 import "./chunk-FRRVMDNL.js";
 import "./chunk-CTEU5TQB.js";
 import "./chunk-SSCKEV6Z.js";
-import "./chunk-6G2HA63H.js";
+import "./chunk-3AYD5ONW.js";
 import "./chunk-2JGN7EGX.js";
 import "./chunk-EEKSBGRM.js";
 import "./chunk-WHP2HLMU.js";
 import "./chunk-N43GBGXI.js";
 import "./chunk-7B2QCIEV.js";
-import "./chunk-4LR7LQPG.js";
+import "./chunk-CZILJ33T.js";
 import "./chunk-NLLWNPII.js";
 import "./chunk-D7KQXJJ7.js";
 import "./chunk-DT4D3D4I.js";
@@ -29,7 +29,7 @@ import "./chunk-EHQ4RKTP.js";
 import "./chunk-5TPIVYD3.js";
 import "./chunk-J6ELXZTM.js";
 import "./chunk-XKTCRSDK.js";
-import "./chunk-Z5QQ5OGV.js";
+import "./chunk-52Q6CE4Y.js";
 import {
   createLogger
 } from "./chunk-E7XO6BH5.js";
@@ -40,13 +40,39 @@ import "./chunk-RBN7ACDW.js";
 import {
   createServer
 } from "http";
-import { randomUUID } from "crypto";
+import { randomBytes, randomUUID, timingSafeEqual } from "crypto";
+import {
+  writeFileSync,
+  unlinkSync,
+  mkdirSync,
+  existsSync,
+  chmodSync
+} from "fs";
+import { homedir } from "os";
+import { join } from "path";
 var log = createLogger("server");
 var BrainstormServer = class _BrainstormServer {
   server = null;
   deps;
   opts;
   conversationManager = null;
+  /**
+   * Dev-mode auth token. Generated at server start when `jwtSecret` is
+   * empty AND the bind is loopback. Written to ~/.brainstorm/server-token
+   * with 0600 perms so only the SAME-UID process can read it; required
+   * on every /api/* request (Authorization: Bearer <token>).
+   *
+   * v16 Attacker (PR #325 round) finding: previously, dev mode let ANY
+   * local process — possibly a different user or a sandboxed plugin —
+   * hit /api/v1/changesets/:id/approve, /api/v1/memory, /api/v1/tools/
+   * execute, /api/v1/chat with no auth. The dev token binds the
+   * trust scope to "processes that can read this file" = same uid.
+   *
+   * Cleared on stop(). Production users with BRAINSTORM_JWT_SECRET set
+   * never see this — it's strictly dev mode.
+   */
+  devToken = null;
+  devTokenPath = null;
   constructor(deps, opts) {
     this.deps = deps;
     this.opts = {
@@ -64,6 +90,32 @@ var BrainstormServer = class _BrainstormServer {
       );
     }
   }
+  /**
+   * Per-session loopback auth token. Written to disk with 0600 perms so
+   * only same-uid processes can read it. Required on /api/* in dev mode.
+   */
+  initDevToken() {
+    const dir = join(
+      process.env.BRAINSTORM_HOME ?? join(homedir(), ".brainstorm")
+    );
+    if (!existsSync(dir)) mkdirSync(dir, { recursive: true });
+    const tokenPath = join(dir, "server-token");
+    const token = randomBytes(32).toString("hex");
+    writeFileSync(tokenPath, token, { mode: 384 });
+    chmodSync(tokenPath, 384);
+    this.devToken = token;
+    this.devTokenPath = tokenPath;
+  }
+  /** Constant-time check of supplied Bearer against the dev token. */
+  verifyDevToken(authHeader) {
+    if (!this.devToken || !authHeader) return false;
+    const m = /^Bearer\s+(.+)$/i.exec(authHeader.trim());
+    if (!m) return false;
+    const supplied = Buffer.from(m[1], "utf8");
+    const expected = Buffer.from(this.devToken, "utf8");
+    if (supplied.length !== expected.length) return false;
+    return timingSafeEqual(supplied, expected);
+  }
   /** Start the HTTP server. Returns a promise that resolves when listening. */
   async start() {
     const { port, host } = this.opts;
@@ -75,7 +127,11 @@ var BrainstormServer = class _BrainstormServer {
         );
         process.exit(1);
       } else {
-        log.info("Running in dev mode (no JWT auth) \u2014 localhost only");
+        this.initDevToken();
+        log.info(
+          { tokenPath: this.devTokenPath },
+          "Running in dev mode (loopback only). Wrote per-session token to file \u2014 same-uid processes can read it for client auth."
+        );
       }
     }
     this.server = createServer((req, res) => {
@@ -96,6 +152,15 @@ var BrainstormServer = class _BrainstormServer {
   }
   /** Stop the server gracefully. */
   async stop() {
+    if (this.devTokenPath && existsSync(this.devTokenPath)) {
+      try {
+        unlinkSync(this.devTokenPath);
+      } catch (err) {
+        log.warn({ err }, "Failed to delete dev token on shutdown");
+      }
+    }
+    this.devToken = null;
+    this.devTokenPath = null;
     return new Promise((resolve) => {
       if (!this.server) return resolve();
       this.server.close(() => {
@@ -137,6 +202,14 @@ var BrainstormServer = class _BrainstormServer {
           401,
           "Authentication required \u2014 set SUPABASE_JWT_SECRET"
         );
+      } else {
+        if (!this.verifyDevToken(req.headers.authorization)) {
+          return this.errorResponse(
+            res,
+            401,
+            `Dev-mode token required. Read it from ${this.devTokenPath ?? "~/.brainstorm/server-token"} and send as 'Authorization: Bearer <token>'.`
+          );
+        }
       }
     }
     if (path === "/api/v1/products" && method === "GET")
@@ -285,18 +358,18 @@ var BrainstormServer = class _BrainstormServer {
   }
   // ── ChangeSets ────────────────────────────────────────────────────
   async handleChangesets(res) {
-    const { listChangeSets } = await import("./dist-QUYR4VH7.js");
+    const { listChangeSets } = await import("./dist-5NJP3JHL.js");
     this.json(res, 200, this.envelope(listChangeSets()));
   }
   async handleChangesetApprove(id, req, res) {
-    const { approveChangeSet } = await import("./dist-QUYR4VH7.js");
+    const { approveChangeSet } = await import("./dist-5NJP3JHL.js");
     const authPayload = req._authPayload;
     const approver = authPayload?.email ?? authPayload?.sub ?? "user";
     const result = await approveChangeSet(id, approver);
     this.json(res, result.success ? 200 : 400, this.envelope(result));
   }
   async handleChangesetReject(id, res) {
-    const { rejectChangeSet } = await import("./dist-QUYR4VH7.js");
+    const { rejectChangeSet } = await import("./dist-5NJP3JHL.js");
     const result = rejectChangeSet(id);
     this.json(res, result.success ? 200 : 400, this.envelope(result));
   }
@@ -314,7 +387,7 @@ var BrainstormServer = class _BrainstormServer {
     }
   }
   async handleAuditChangesets(url, res) {
-    const { ChangeSetLogRepository } = await import("./dist-7IRVYQYG.js");
+    const { ChangeSetLogRepository } = await import("./dist-RUBJT7FI.js");
     const csLog = new ChangeSetLogRepository(this.deps.db);
     const limit = this.safeInt(url.searchParams.get("limit"), 50);
     const offset = this.safeInt(url.searchParams.get("offset"), 0);
@@ -333,7 +406,7 @@ var BrainstormServer = class _BrainstormServer {
     if (!masterSecret) {
       return this.errorResponse(res, 503, "Platform secret not configured");
     }
-    const { verifyEvent } = await import("./dist-QUYR4VH7.js");
+    const { verifyEvent } = await import("./dist-5NJP3JHL.js");
     if (!verifyEvent(body, masterSecret)) {
       return this.errorResponse(res, 401, "Invalid event signature");
     }
@@ -605,7 +678,7 @@ var BrainstormServer = class _BrainstormServer {
   }
   // ── Skills ───────────────────────────────────────────────────────
   handleListSkills(res) {
-    import("./dist-VECPW2NV.js").then(({ loadSkills }) => {
+    import("./dist-NTQ7LFRW.js").then(({ loadSkills }) => {
       try {
         const skills = loadSkills(this.opts.projectPath);
         const list = skills.map((s) => ({
@@ -636,7 +709,7 @@ var BrainstormServer = class _BrainstormServer {
   async handleRedTeam(req, res) {
     const body = await this.readBody(req);
     try {
-      const { runRedTeamSimulation, createDefaultMiddlewarePipeline: createDefaultMiddlewarePipeline2 } = await import("./dist-VECPW2NV.js");
+      const { runRedTeamSimulation, createDefaultMiddlewarePipeline: createDefaultMiddlewarePipeline2 } = await import("./dist-NTQ7LFRW.js");
       const pipeline = createDefaultMiddlewarePipeline2(this.opts.projectPath);
       const scorecard = runRedTeamSimulation(pipeline, {
         generations: body.generations ?? 5,
@@ -701,7 +774,7 @@ ${memCtx}`;
   }
   // ── Auth ──────────────────────────────────────────────────────────
   async checkAuth(req) {
-    const { verifyJWT, extractBearerToken } = await import("./dist-QUYR4VH7.js");
+    const { verifyJWT, extractBearerToken } = await import("./dist-5NJP3JHL.js");
     const token = extractBearerToken(
       req.headers.authorization
     );
@@ -1022,4 +1095,4 @@ export {
   BrainstormClient,
   BrainstormServer
 };
-//# sourceMappingURL=dist-JQXY4E6A.js.map
+//# sourceMappingURL=dist-KSUHKNET.js.map

package/dist/dist-KSUHKNET.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"sources":["../../server/src/server.ts","../../server/src/client.ts"],"sourcesContent":["/**\n * BrainstormServer — the agent runtime as an HTTP service.\n *\n * Decouples the agent loop from the CLI. The server owns:\n * - Tool registry and execution\n * - Model routing and cost tracking\n * - Session and conversation management\n * - Memory (shared across conversations)\n * - God Mode connectors\n *\n * Clients (CLI, MCP, web UI, other agents) connect via HTTP/SSE.\n *\n * Endpoints:\n * GET /health Health + stats\n * GET /api/v1/products Connected God Mode products\n * GET /api/v1/tools All available tools\n * POST /api/v1/tools/execute Execute a tool directly\n * GET /api/v1/changesets Pending ChangeSets\n * POST /api/v1/changesets/:id/approve Approve + execute\n * POST /api/v1/changesets/:id/reject Reject\n * GET /api/v1/audit Tool execution audit trail\n * GET /api/v1/audit/changesets God Mode changeset audit\n * POST /api/v1/platform/events Receive signed platform events\n * POST /api/v1/chat Non-streaming chat\n * POST /api/v1/chat/stream SSE streaming chat\n * GET /api/v1/conversations List conversations\n * POST /api/v1/conversations Create conversation\n * GET /api/v1/conversations/:id Get conversation\n * PATCH /api/v1/conversations/:id Update conversation\n * DELETE /api/v1/conversations/:id Delete conversation\n * POST /api/v1/conversations/:id/fork Fork conversation\n * POST /api/v1/conversations/:id/handoff Model handoff\n * GET /api/v1/conversations/:id/sessions List conversation sessions\n */\n\nimport {\n createServer,\n type Server,\n type IncomingMessage,\n type ServerResponse,\n} from \"node:http\";\nimport { randomBytes, randomUUID, timingSafeEqual } from \"node:crypto\";\nimport {\n writeFileSync,\n unlinkSync,\n mkdirSync,\n existsSync,\n chmodSync,\n} from \"node:fs\";\nimport { homedir } from \"node:os\";\nimport { join } from \"node:path\";\nimport { createLogger } from \"@brainst0rm/shared\";\nimport type { GodModeConnectionResult } from \"@brainst0rm/godmode\";\nimport type { ToolRegistry } from \"@brainst0rm/tools\";\nimport type { BrainstormRouter, CostTracker } from \"@brainst0rm/router\";\nimport type { ProviderRegistry } from \"@brainst0rm/providers\";\nimport type Database from \"better-sqlite3\";\nimport {\n runAgentLoop,\n buildSystemPrompt,\n SessionManager,\n createDefaultMiddlewarePipeline,\n ConversationManager,\n} from \"@brainst0rm/core\";\nimport type { MemoryManager } from \"@brainst0rm/core\";\nimport type {\n ServerOptions,\n ChatRequest,\n ToolExecuteRequest,\n CreateConversationRequest,\n UpdateConversationRequest,\n HandoffRequest,\n} from \"./types.js\";\n\nconst log = createLogger(\"server\");\n\nexport interface ServerDependencies {\n db: Database.Database;\n config: any;\n registry: ProviderRegistry;\n router: BrainstormRouter;\n costTracker: CostTracker;\n tools: ToolRegistry;\n godmode: GodModeConnectionResult;\n memoryManager?: MemoryManager;\n version?: string;\n}\n\nexport class BrainstormServer {\n private server: Server | null = null;\n private deps: ServerDependencies;\n private opts: Required<ServerOptions>;\n private conversationManager: ConversationManager | null = null;\n /**\n * Dev-mode auth token. Generated at server start when `jwtSecret` is\n * empty AND the bind is loopback. Written to ~/.brainstorm/server-token\n * with 0600 perms so only the SAME-UID process can read it; required\n * on every /api/* request (Authorization: Bearer <token>).\n *\n * v16 Attacker (PR #325 round) finding: previously, dev mode let ANY\n * local process — possibly a different user or a sandboxed plugin —\n * hit /api/v1/changesets/:id/approve, /api/v1/memory, /api/v1/tools/\n * execute, /api/v1/chat with no auth. The dev token binds the\n * trust scope to \"processes that can read this file\" = same uid.\n *\n * Cleared on stop(). Production users with BRAINSTORM_JWT_SECRET set\n * never see this — it's strictly dev mode.\n */\n private devToken: string | null = null;\n private devTokenPath: string | null = null;\n\n constructor(deps: ServerDependencies, opts?: ServerOptions) {\n this.deps = deps;\n this.opts = {\n port: opts?.port ?? 8000,\n host: opts?.host ?? \"127.0.0.1\",\n cors: opts?.cors ?? false,\n allowedOrigins: opts?.allowedOrigins ?? [],\n jwtSecret: opts?.jwtSecret ?? \"\",\n projectPath: opts?.projectPath ?? process.cwd(),\n };\n\n if (deps.memoryManager) {\n this.conversationManager = new ConversationManager(\n deps.db,\n deps.memoryManager,\n );\n }\n }\n\n /**\n * Per-session loopback auth token. Written to disk with 0600 perms so\n * only same-uid processes can read it. Required on /api/* in dev mode.\n */\n private initDevToken(): void {\n const dir = join(\n process.env.BRAINSTORM_HOME ?? join(homedir(), \".brainstorm\"),\n );\n if (!existsSync(dir)) mkdirSync(dir, { recursive: true });\n const tokenPath = join(dir, \"server-token\");\n const token = randomBytes(32).toString(\"hex\");\n writeFileSync(tokenPath, token, { mode: 0o600 });\n chmodSync(tokenPath, 0o600);\n this.devToken = token;\n this.devTokenPath = tokenPath;\n }\n\n /** Constant-time check of supplied Bearer against the dev token. */\n private verifyDevToken(authHeader: string | undefined): boolean {\n if (!this.devToken || !authHeader) return false;\n const m = /^Bearer\\s+(.+)$/i.exec(authHeader.trim());\n if (!m) return false;\n const supplied = Buffer.from(m[1], \"utf8\");\n const expected = Buffer.from(this.devToken, \"utf8\");\n if (supplied.length !== expected.length) return false;\n return timingSafeEqual(supplied, expected);\n }\n\n /** Start the HTTP server. Returns a promise that resolves when listening. */\n async start(): Promise<{ url: string }> {\n const { port, host } = this.opts;\n\n // Security: refuse to start without auth on non-loopback interface.\n // POST /api/v1/god-mode/execute runs arbitrary operations on managed\n // infrastructure — exposing it without JWT auth is a critical\n // security violation.\n if (!this.opts.jwtSecret) {\n if (host !== \"127.0.0.1\" && host !== \"localhost\" && host !== \"::1\") {\n log.fatal(\n { host, port },\n \"REFUSING TO START — jwtSecret required for non-loopback bind. Set BRAINSTORM_JWT_SECRET or bind to 127.0.0.1.\",\n );\n process.exit(1);\n } else {\n // Loopback dev mode: still require a bearer token so a different\n // local user (or a sandboxed plugin under a different uid) can't\n // hit /api/*. Generate, write 0600, require on every /api/*\n // request via the existing auth gate.\n this.initDevToken();\n log.info(\n { tokenPath: this.devTokenPath },\n \"Running in dev mode (loopback only). Wrote per-session token to file — same-uid processes can read it for client auth.\",\n );\n }\n }\n\n this.server = createServer((req, res) => {\n this.handleRequest(req, res).catch((err) => {\n const msg = err instanceof Error ? err.message : String(err);\n const status = (err as any)?.statusCode ?? 500;\n if (status >= 500) log.error({ err }, \"Unhandled request error\");\n this.errorResponse(res, status, msg);\n });\n });\n\n return new Promise((resolve) => {\n this.server!.listen(port, host, () => {\n const url = `http://${host}:${port}`;\n log.info({ url }, \"Brainstorm server started\");\n resolve({ url });\n });\n });\n }\n\n /** Stop the server gracefully. */\n async stop(): Promise<void> {\n // Delete the dev-mode token file on shutdown so a captured token\n // from a prior session can't be re-used against a new server.\n if (this.devTokenPath && existsSync(this.devTokenPath)) {\n try {\n unlinkSync(this.devTokenPath);\n } catch (err) {\n log.warn({ err }, \"Failed to delete dev token on shutdown\");\n }\n }\n this.devToken = null;\n this.devTokenPath = null;\n return new Promise((resolve) => {\n if (!this.server) return resolve();\n this.server.close(() => {\n log.info(\"Brainstorm server stopped\");\n this.server = null;\n resolve();\n });\n });\n }\n\n /** Get the underlying Node HTTP server (for testing or custom middleware). */\n getHttpServer(): Server | null {\n return this.server;\n }\n\n // ── Request Router ────────────────────────────────────────────────\n\n private async handleRequest(\n req: IncomingMessage,\n res: ServerResponse,\n ): Promise<void> {\n // Stash the request on the response so helpers (json, corsHeaders,\n // errorResponse) can resolve the Origin without every call site having\n // to thread req through.\n (res as any)._brainstormReq = req;\n\n const url = new URL(req.url ?? \"/\", `http://${req.headers.host}`);\n const path = url.pathname;\n const method = req.method ?? \"GET\";\n\n // CORS preflight\n if (method === \"OPTIONS\" && this.opts.cors) {\n res.writeHead(204, this.corsHeaders(req));\n res.end();\n return;\n }\n\n // Health (no auth)\n if (path === \"/health\" && method === \"GET\") {\n return this.handleHealth(res);\n }\n\n // Auth gate for /api/* routes\n if (path.startsWith(\"/api/\")) {\n const isLoopback =\n this.opts.host === \"127.0.0.1\" ||\n this.opts.host === \"localhost\" ||\n this.opts.host === \"::1\";\n\n if (this.opts.jwtSecret) {\n const authResult = await this.checkAuth(req);\n if (!authResult.ok) {\n return this.errorResponse(res, 401, authResult.error);\n }\n // Store authenticated identity for downstream handlers\n (req as any)._authPayload = authResult.ok\n ? (authResult as any).payload\n : undefined;\n } else if (!isLoopback) {\n // Refuse unauthenticated access on non-loopback interfaces\n return this.errorResponse(\n res,\n 401,\n \"Authentication required — set SUPABASE_JWT_SECRET\",\n );\n } else {\n // Dev mode (loopback, no jwtSecret): require the per-session\n // bearer token. Closes the v16 Attacker confused-deputy: a\n // sandboxed plugin or different-uid local process can no longer\n // hit /api/* just because it has loopback access.\n if (!this.verifyDevToken(req.headers.authorization as string)) {\n return this.errorResponse(\n res,\n 401,\n `Dev-mode token required. Read it from ${this.devTokenPath ?? \"~/.brainstorm/server-token\"} and send as 'Authorization: Bearer <token>'.`,\n );\n }\n }\n }\n\n // ── God Mode routes ───────────────────────────────────────────\n if (path === \"/api/v1/products\" && method === \"GET\")\n return this.handleProducts(res);\n if (path === \"/api/v1/tools\" && method === \"GET\")\n return this.handleTools(res);\n if (path === \"/api/v1/tools/execute\" && method === \"POST\")\n return this.handleToolExecute(req, res);\n if (path === \"/api/v1/changesets\" && method === \"GET\")\n return this.handleChangesets(res);\n\n const approveMatch = path.match(\n /^\\/api\\/v1\\/changesets\\/([^/]+)\\/approve$/,\n );\n if (approveMatch && method === \"POST\")\n return this.handleChangesetApprove(approveMatch[1], req, res);\n\n const rejectMatch = path.match(/^\\/api\\/v1\\/changesets\\/([^/]+)\\/reject$/);\n if (rejectMatch && method === \"POST\")\n return this.handleChangesetReject(rejectMatch[1], res);\n\n if (path === \"/api/v1/audit\" && method === \"GET\")\n return this.handleAudit(url, res);\n if (path === \"/api/v1/audit/changesets\" && method === \"GET\")\n return this.handleAuditChangesets(url, res);\n if (path === \"/api/v1/platform/events\" && method === \"POST\")\n return this.handlePlatformEvents(req, res);\n\n // ── Chat routes ───────────────────────────────────────────────\n if (path === \"/api/v1/chat\" && method === \"POST\")\n return this.handleChat(req, res);\n if (path === \"/api/v1/chat/stream\" && method === \"POST\")\n return this.handleChatStream(req, res);\n\n // ── Conversation routes ───────────────────────────────────────\n if (path === \"/api/v1/conversations\" && method === \"GET\")\n return this.handleListConversations(url, res);\n if (path === \"/api/v1/conversations\" && method === \"POST\")\n return this.handleCreateConversation(req, res);\n\n const convMatch = path.match(/^\\/api\\/v1\\/conversations\\/([^/]+)$/);\n if (convMatch && method === \"GET\")\n return this.handleGetConversation(convMatch[1], res);\n if (convMatch && method === \"PATCH\")\n return this.handleUpdateConversation(convMatch[1], req, res);\n if (convMatch && method === \"DELETE\")\n return this.handleDeleteConversation(convMatch[1], res);\n\n const forkMatch = path.match(/^\\/api\\/v1\\/conversations\\/([^/]+)\\/fork$/);\n if (forkMatch && method === \"POST\")\n return this.handleForkConversation(forkMatch[1], req, res);\n\n const handoffMatch = path.match(\n /^\\/api\\/v1\\/conversations\\/([^/]+)\\/handoff$/,\n );\n if (handoffMatch && method === \"POST\")\n return this.handleHandoff(handoffMatch[1], req, res);\n\n const sessionsMatch = path.match(\n /^\\/api\\/v1\\/conversations\\/([^/]+)\\/sessions$/,\n );\n if (sessionsMatch && method === \"GET\")\n return this.handleConversationSessions(sessionsMatch[1], res);\n\n // ── Memory routes ──────────────────────────────────────────────\n if (path === \"/api/v1/memory\" && method === \"GET\")\n return this.handleListMemory(res);\n if (path === \"/api/v1/memory\" && method === \"POST\")\n return this.handleCreateMemory(req, res);\n const memoryMatch = path.match(/^\\/api\\/v1\\/memory\\/([^/]+)$/);\n if (memoryMatch && method === \"PATCH\")\n return this.handleUpdateMemory(memoryMatch[1], req, res);\n if (memoryMatch && method === \"DELETE\")\n return this.handleDeleteMemory(memoryMatch[1], res);\n if (path === \"/api/v1/memory/dream\" && method === \"POST\")\n return this.handleDreamCycle(res);\n\n // ── Skills routes ────────────────────────────────────────────\n if (path === \"/api/v1/skills\" && method === \"GET\")\n return this.handleListSkills(res);\n\n // ── Models route ─────────────────────────────────────────────\n if (path === \"/api/v1/models\" && method === \"GET\")\n return this.handleListModels(res);\n\n // ── Security route ───────────────────────────────────────────\n if (path === \"/api/v1/security/red-team\" && method === \"POST\")\n return this.handleRedTeam(req, res);\n\n // 404\n this.errorResponse(res, 404, `Not found: ${method} ${path}`);\n }\n\n // ── Health ────────────────────────────────────────────────────────\n\n private handleHealth(res: ServerResponse): void {\n let activeConvs = 0;\n try {\n const row = this.deps.db\n .prepare(\n \"SELECT COUNT(*) as cnt FROM conversations WHERE is_archived = 0\",\n )\n .get() as any;\n activeConvs = row?.cnt ?? 0;\n } catch {\n // conversations table may not exist yet\n }\n\n this.json(res, 200, {\n status: \"healthy\",\n version: this.deps.version ?? \"0.13.0\",\n uptime_seconds: Math.floor(process.uptime()),\n god_mode: {\n connected: this.deps.godmode.connectedSystems.length,\n tools: this.deps.godmode.totalTools,\n },\n conversations: { active: activeConvs },\n });\n }\n\n // ── Products ──────────────────────────────────────────────────────\n\n private handleProducts(res: ServerResponse): void {\n const products = this.deps.godmode.connectedSystems.map((sys) => ({\n product: sys.name,\n display_name: sys.displayName,\n status: \"healthy\" as const,\n latency_ms: sys.latencyMs,\n tool_count: sys.toolCount,\n capabilities: sys.capabilities,\n last_checked: new Date().toISOString(),\n }));\n this.json(res, 200, this.envelope(products));\n }\n\n // ── Tools ─────────────────────────────────────────────────────────\n\n private handleTools(res: ServerResponse): void {\n this.json(res, 200, this.envelope(this.deps.tools.listTools()));\n }\n\n /** Tools that require explicit confirmation cannot be called via REST API. */\n private static readonly BLOCKED_TOOL_PERMISSIONS = new Set([\n \"confirm\",\n \"deny\",\n ]);\n\n private async handleToolExecute(\n req: IncomingMessage,\n res: ServerResponse,\n ): Promise<void> {\n const body = await this.readBody<ToolExecuteRequest>(req);\n if (!body.tool) {\n return this.errorResponse(res, 400, \"Missing 'tool' field\");\n }\n\n const tool = this.deps.tools.get(body.tool);\n if (!tool) {\n return this.errorResponse(res, 404, `Tool '${body.tool}' not found`);\n }\n\n // Enforce tool permission level — only \"auto\" tools can be called via API.\n // \"confirm\" tools (shell, file_write, git_commit) require interactive approval.\n if (BrainstormServer.BLOCKED_TOOL_PERMISSIONS.has(tool.permission)) {\n return this.errorResponse(\n res,\n 403,\n `Tool '${body.tool}' requires '${tool.permission}' permission — use the agent loop instead`,\n );\n }\n\n try {\n const result = await tool.execute(body.params ?? {});\n this.json(\n res,\n 200,\n this.envelope({\n tool: body.tool,\n result,\n executed_at: new Date().toISOString(),\n }),\n );\n } catch (err) {\n const msg = err instanceof Error ? err.message : String(err);\n this.errorResponse(res, 500, `Tool execution failed: ${msg}`);\n }\n }\n\n // ── ChangeSets ────────────────────────────────────────────────────\n\n private async handleChangesets(res: ServerResponse): Promise<void> {\n const { listChangeSets } = await import(\"@brainst0rm/godmode\");\n this.json(res, 200, this.envelope(listChangeSets()));\n }\n\n private async handleChangesetApprove(\n id: string,\n req: IncomingMessage,\n res: ServerResponse,\n ): Promise<void> {\n const { approveChangeSet } = await import(\"@brainst0rm/godmode\");\n // Use authenticated identity from JWT, fall back to \"user\" for dev mode\n const authPayload = (req as any)._authPayload;\n const approver = authPayload?.email ?? authPayload?.sub ?? \"user\";\n const result = await approveChangeSet(id, approver);\n this.json(res, result.success ? 200 : 400, this.envelope(result));\n }\n\n private async handleChangesetReject(\n id: string,\n res: ServerResponse,\n ): Promise<void> {\n const { rejectChangeSet } = await import(\"@brainst0rm/godmode\");\n const result = rejectChangeSet(id);\n this.json(res, result.success ? 200 : 400, this.envelope(result));\n }\n\n // ── Audit ─────────────────────────────────────────────────────────\n\n private handleAudit(url: URL, res: ServerResponse): void {\n const limit = this.safeInt(url.searchParams.get(\"limit\"), 50);\n const offset = this.safeInt(url.searchParams.get(\"offset\"), 0);\n try {\n const rows = this.deps.db\n .prepare(\n \"SELECT * FROM audit_log ORDER BY created_at DESC LIMIT ? OFFSET ?\",\n )\n .all(limit, offset);\n this.json(res, 200, this.envelope({ entries: rows, limit, offset }));\n } catch {\n this.json(res, 200, this.envelope({ entries: [], limit, offset }));\n }\n }\n\n private async handleAuditChangesets(\n url: URL,\n res: ServerResponse,\n ): Promise<void> {\n const { ChangeSetLogRepository } = await import(\"@brainst0rm/db\");\n const csLog = new ChangeSetLogRepository(this.deps.db);\n const limit = this.safeInt(url.searchParams.get(\"limit\"), 50);\n const offset = this.safeInt(url.searchParams.get(\"offset\"), 0);\n const connector = url.searchParams.get(\"connector\");\n const entries = connector\n ? csLog.byConnector(connector, limit)\n : csLog.recent(limit, offset);\n this.json(\n res,\n 200,\n this.envelope({ entries, total: csLog.count(), limit, offset }),\n );\n }\n\n // ── Platform Events ───────────────────────────────────────────────\n\n private async handlePlatformEvents(\n req: IncomingMessage,\n res: ServerResponse,\n ): Promise<void> {\n const body = await this.readBody(req);\n const masterSecret = process.env.BRAINSTORM_PLATFORM_SECRET;\n\n if (!masterSecret) {\n return this.errorResponse(res, 503, \"Platform secret not configured\");\n }\n\n const { verifyEvent } = await import(\"@brainst0rm/godmode\");\n if (!verifyEvent(body, masterSecret)) {\n return this.errorResponse(res, 401, \"Invalid event signature\");\n }\n\n log.info(\n { type: body.type, product: body.product, tenant: body.tenant_id },\n \"Platform event received\",\n );\n this.json(res, 200, this.envelope({ received: true, event_id: body.id }));\n }\n\n // ── Chat ──────────────────────────────────────────────────────────\n\n private async handleChat(\n req: IncomingMessage,\n res: ServerResponse,\n ): Promise<void> {\n const body = await this.readBody<ChatRequest>(req);\n if (!body.message) {\n return this.errorResponse(res, 400, \"Missing 'message' field\");\n }\n\n const {\n session,\n systemPrompt,\n segments,\n conversationId,\n preferredModelId,\n } = this.prepareChat(body);\n\n const messages = [{ role: \"user\" as const, content: body.message }];\n let finalText = \"\";\n let totalCost = 0;\n\n // Abort the agent loop if the HTTP client disconnects — otherwise the\n // server keeps consuming LLM tokens (billed to the session) for a\n // response nobody will ever read.\n const abortController = new AbortController();\n const onClose = () => abortController.abort();\n req.on(\"close\", onClose);\n\n try {\n for await (const event of runAgentLoop(messages, {\n config: this.deps.config,\n registry: this.deps.registry,\n router: this.deps.router,\n costTracker: this.deps.costTracker,\n tools: this.deps.tools,\n sessionId: session.id,\n projectPath: this.opts.projectPath,\n systemPrompt,\n systemSegments: segments,\n permissionCheck: () => \"allow\" as const,\n middleware: createDefaultMiddlewarePipeline(this.opts.projectPath),\n preferredModelId,\n signal: abortController.signal,\n })) {\n if (event.type === \"text-delta\") finalText += event.delta;\n if (event.type === \"done\") totalCost = event.totalCost;\n }\n } finally {\n req.off(\"close\", onClose);\n }\n\n // If the client already disconnected we can skip writing a response,\n // but it's cheap and harmless in case they reconnected over keepalive.\n this.json(\n res,\n 200,\n this.envelope({\n response: finalText,\n session_id: session.id,\n conversation_id: conversationId,\n cost: totalCost,\n }),\n );\n }\n\n private async handleChatStream(\n req: IncomingMessage,\n res: ServerResponse,\n ): Promise<void> {\n const body = await this.readBody<ChatRequest>(req);\n if (!body.message) {\n return this.errorResponse(res, 400, \"Missing 'message' field\");\n }\n\n res.writeHead(200, {\n \"Content-Type\": \"text/event-stream\",\n \"Cache-Control\": \"no-cache\",\n Connection: \"keep-alive\",\n ...this.corsHeaders(req),\n });\n\n const {\n session,\n systemPrompt,\n segments,\n conversationId,\n preferredModelId,\n } = this.prepareChat(body);\n\n // Send session info first\n res.write(\n `data: ${JSON.stringify({ type: \"session\", sessionId: session.id, conversationId })}\\n\\n`,\n );\n\n const messages = [{ role: \"user\" as const, content: body.message }];\n\n // Abort the agent loop if the SSE client disconnects. Without this, a\n // client that opens /chat/stream and drops the socket lets the server\n // keep pulling tokens from the LLM — billable work with no reader,\n // trivial cost-exhaustion vector for any connecting client.\n const abortController = new AbortController();\n const onClose = () => abortController.abort();\n req.on(\"close\", onClose);\n\n try {\n for await (const event of runAgentLoop(messages, {\n config: this.deps.config,\n registry: this.deps.registry,\n router: this.deps.router,\n costTracker: this.deps.costTracker,\n tools: this.deps.tools,\n sessionId: session.id,\n projectPath: this.opts.projectPath,\n systemPrompt,\n systemSegments: segments,\n permissionCheck: () => \"allow\" as const,\n middleware: createDefaultMiddlewarePipeline(this.opts.projectPath),\n preferredModelId,\n signal: abortController.signal,\n })) {\n res.write(`data: ${JSON.stringify(event)}\\n\\n`);\n if (event.type === \"done\" || event.type === \"error\") break;\n }\n } finally {\n req.off(\"close\", onClose);\n }\n\n if (!res.writableEnded) {\n res.write(\"data: [DONE]\\n\\n\");\n res.end();\n }\n }\n\n // ── Conversations ─────────────────────────────────────────────────\n\n private handleListConversations(url: URL, res: ServerResponse): void {\n if (!this.conversationManager) {\n return this.errorResponse(res, 503, \"Memory manager not configured\");\n }\n const projectPath = url.searchParams.get(\"project\") ?? undefined;\n const includeArchived = url.searchParams.get(\"archived\") === \"true\";\n const limit = this.safeInt(url.searchParams.get(\"limit\"), 50);\n const convs = this.conversationManager.list(projectPath, {\n includeArchived,\n limit,\n });\n this.json(res, 200, this.envelope(convs));\n }\n\n private async handleCreateConversation(\n req: IncomingMessage,\n res: ServerResponse,\n ): Promise<void> {\n if (!this.conversationManager) {\n return this.errorResponse(res, 503, \"Memory manager not configured\");\n }\n const body = await this.readBody<CreateConversationRequest>(req);\n const conv = this.conversationManager.create(this.opts.projectPath, body);\n this.json(res, 201, this.envelope(conv));\n }\n\n private handleGetConversation(id: string, res: ServerResponse): void {\n if (!this.conversationManager) {\n return this.errorResponse(res, 503, \"Memory manager not configured\");\n }\n const conv = this.conversationManager.get(id);\n if (!conv) return this.errorResponse(res, 404, \"Conversation not found\");\n\n const context = this.conversationManager.getContext(id);\n this.json(\n res,\n 200,\n this.envelope({\n ...conv,\n totalCost: this.conversationManager.getTotalCost(id),\n totalMessages: this.conversationManager.getTotalMessages(id),\n effectiveModel: context?.effectiveModel ?? null,\n }),\n );\n }\n\n private async handleUpdateConversation(\n id: string,\n req: IncomingMessage,\n res: ServerResponse,\n ): Promise<void> {\n if (!this.conversationManager) {\n return this.errorResponse(res, 503, \"Memory manager not configured\");\n }\n const body = await this.readBody<UpdateConversationRequest>(req);\n const conv = this.conversationManager.update(id, body);\n if (!conv) return this.errorResponse(res, 404, \"Conversation not found\");\n this.json(res, 200, this.envelope(conv));\n }\n\n private handleDeleteConversation(id: string, res: ServerResponse): void {\n if (!this.conversationManager) {\n return this.errorResponse(res, 503, \"Memory manager not configured\");\n }\n const deleted = this.conversationManager.delete(id);\n if (!deleted) return this.errorResponse(res, 404, \"Conversation not found\");\n this.json(res, 200, this.envelope({ deleted: true }));\n }\n\n private async handleForkConversation(\n id: string,\n req: IncomingMessage,\n res: ServerResponse,\n ): Promise<void> {\n if (!this.conversationManager) {\n return this.errorResponse(res, 503, \"Memory manager not configured\");\n }\n const body = await this.readBody<{ name?: string }>(req);\n const forked = this.conversationManager.fork(id, body.name);\n if (!forked) return this.errorResponse(res, 404, \"Conversation not found\");\n this.json(res, 201, this.envelope(forked));\n }\n\n private async handleHandoff(\n id: string,\n req: IncomingMessage,\n res: ServerResponse,\n ): Promise<void> {\n if (!this.conversationManager) {\n return this.errorResponse(res, 503, \"Memory manager not configured\");\n }\n const body = await this.readBody<HandoffRequest>(req);\n if (!body.modelId) {\n return this.errorResponse(res, 400, \"Missing 'modelId' field\");\n }\n const conv = this.conversationManager.handoff(id, body.modelId);\n if (!conv) return this.errorResponse(res, 404, \"Conversation not found\");\n this.json(res, 200, this.envelope(conv));\n }\n\n private handleConversationSessions(id: string, res: ServerResponse): void {\n if (!this.conversationManager) {\n return this.errorResponse(res, 503, \"Memory manager not configured\");\n }\n const conv = this.conversationManager.get(id);\n if (!conv) return this.errorResponse(res, 404, \"Conversation not found\");\n const sessions = this.conversationManager.getSessions(id);\n this.json(res, 200, this.envelope(sessions));\n }\n\n // ── Memory ────────────────────────────────────────────────────────\n\n private handleListMemory(res: ServerResponse): void {\n if (!this.deps.memoryManager) {\n return this.errorResponse(res, 503, \"Memory manager not configured\");\n }\n const entries = this.deps.memoryManager.list();\n this.json(res, 200, this.envelope(entries));\n }\n\n private async handleCreateMemory(\n req: IncomingMessage,\n res: ServerResponse,\n ): Promise<void> {\n if (!this.deps.memoryManager) {\n return this.errorResponse(res, 503, \"Memory manager not configured\");\n }\n const body = await this.readBody<{\n name: string;\n content: string;\n type?: string;\n tier?: string;\n source?: string;\n }>(req);\n if (!body.name || !body.content) {\n return this.errorResponse(res, 400, \"name and content required\");\n }\n const entry = this.deps.memoryManager.save({\n name: body.name,\n description: body.name,\n type: (body.type as any) ?? \"project\",\n content: body.content,\n source: (body.source as any) ?? \"user_input\",\n trustScore: 1.0,\n });\n this.json(res, 201, this.envelope(entry));\n }\n\n private async handleUpdateMemory(\n id: string,\n req: IncomingMessage,\n res: ServerResponse,\n ): Promise<void> {\n if (!this.deps.memoryManager) {\n return this.errorResponse(res, 503, \"Memory manager not configured\");\n }\n const body = await this.readBody<{\n content?: string;\n tier?: string;\n }>(req);\n try {\n if (body.tier === \"system\") {\n this.deps.memoryManager.promote(id);\n } else if (body.tier === \"quarantine\") {\n this.deps.memoryManager.quarantine(id);\n } else if (body.tier === \"archive\") {\n this.deps.memoryManager.demote(id);\n }\n this.json(res, 200, this.envelope({ updated: true, id }));\n } catch (err: any) {\n this.errorResponse(res, 404, err.message ?? \"Entry not found\");\n }\n }\n\n private handleDeleteMemory(id: string, res: ServerResponse): void {\n if (!this.deps.memoryManager) {\n return this.errorResponse(res, 503, \"Memory manager not configured\");\n }\n try {\n this.deps.memoryManager.delete(id);\n this.json(res, 200, this.envelope({ deleted: true, id }));\n } catch (err: any) {\n this.errorResponse(res, 404, err.message ?? \"Entry not found\");\n }\n }\n\n private handleDreamCycle(res: ServerResponse): void {\n // Dream cycle requires infrastructure not available via HTTP\n // Return accepted status — the CLI or desktop app triggers it directly\n this.json(\n res,\n 202,\n this.envelope({\n status: \"dream_acknowledged\",\n message:\n \"Dream cycle must be triggered from the CLI or desktop app directly\",\n }),\n );\n }\n\n // ── Skills ───────────────────────────────────────────────────────\n\n private handleListSkills(res: ServerResponse): void {\n import(\"@brainst0rm/core\").then(({ loadSkills }) => {\n try {\n const skills = loadSkills(this.opts.projectPath);\n const list = skills.map((s) => ({\n name: s.name,\n description: s.description ?? \"\",\n source: s.source ?? \"builtin\",\n content: s.content.slice(0, 500),\n }));\n this.json(res, 200, this.envelope(list));\n } catch {\n this.json(res, 200, this.envelope([]));\n }\n });\n }\n\n // ── Models ───────────────────────────────────────────────────────\n\n private handleListModels(res: ServerResponse): void {\n const models = this.deps.registry.models.map((m) => ({\n id: m.id,\n name: m.name,\n provider: m.provider,\n status: m.status,\n pricing: m.pricing,\n capabilities: m.capabilities,\n }));\n this.json(res, 200, this.envelope(models));\n }\n\n // ── Security ─────────────────────────────────────────────────────\n\n private async handleRedTeam(\n req: IncomingMessage,\n res: ServerResponse,\n ): Promise<void> {\n const body = await this.readBody<{\n generations?: number;\n populationSize?: number;\n }>(req);\n\n try {\n const { runRedTeamSimulation, createDefaultMiddlewarePipeline } =\n await import(\"@brainst0rm/core\");\n const pipeline = createDefaultMiddlewarePipeline(this.opts.projectPath);\n const scorecard = runRedTeamSimulation(pipeline, {\n generations: body.generations ?? 5,\n populationSize: body.populationSize ?? 30,\n });\n this.json(res, 200, this.envelope(scorecard));\n } catch (err: any) {\n this.errorResponse(res, 500, err.message ?? \"Red team simulation failed\");\n }\n }\n\n // ── Chat Helpers ──────────────────────────────────────────────────\n\n private prepareChat(body: ChatRequest): {\n session: import(\"@brainst0rm/shared\").Session;\n systemPrompt: string;\n segments: import(\"@brainst0rm/core\").SystemPromptSegment[];\n conversationId?: string;\n preferredModelId?: string;\n } {\n const sessionManager = new SessionManager(this.deps.db);\n const { prompt: sysPrompt, segments } = buildSystemPrompt(\n this.opts.projectPath,\n );\n const gmPromptText = this.deps.godmode.promptSegment?.text ?? \"\";\n let systemPrompt = sysPrompt + gmPromptText;\n let preferredModelId = body.modelId;\n\n let session: import(\"@brainst0rm/shared\").Session;\n let conversationId = body.conversationId;\n\n // If conversation specified, use its context\n if (conversationId && this.conversationManager) {\n const ctx = this.conversationManager.getContext(conversationId);\n if (ctx) {\n // Inject conversation memory context\n const memCtx =\n this.conversationManager.getContextString(conversationId);\n if (memCtx) systemPrompt += `\\n\\n${memCtx}`;\n\n // Use conversation's model override if no explicit model requested\n if (ctx.effectiveModel && !preferredModelId) {\n preferredModelId = ctx.effectiveModel;\n }\n }\n\n // Start a new session within the conversation\n const result = this.conversationManager.startSession(conversationId);\n if (result) {\n session = result.session;\n } else {\n session = sessionManager.start(this.opts.projectPath);\n }\n } else if (body.sessionId) {\n // Resume existing session\n const existing = sessionManager.resume(body.sessionId);\n session = existing ?? sessionManager.start(this.opts.projectPath);\n } else {\n // New standalone session\n session = sessionManager.start(this.opts.projectPath);\n\n // Auto-create a conversation if memory manager is available\n if (this.conversationManager) {\n const conv = this.conversationManager.create(this.opts.projectPath, {\n name: body.message.slice(0, 60),\n });\n conversationId = conv.id;\n // Use the manager's startSession path (handles linkSession + touchLastMessage)\n const result = this.conversationManager.startSession(conv.id);\n if (result) {\n session = result.session;\n }\n }\n }\n\n return {\n session,\n systemPrompt,\n segments,\n conversationId,\n preferredModelId,\n };\n }\n\n // ── Auth ──────────────────────────────────────────────────────────\n\n private async checkAuth(req: IncomingMessage): Promise<\n | {\n ok: true;\n payload?: { sub?: string; email?: string; platform_role?: string };\n }\n | { ok: false; error: string }\n > {\n const { verifyJWT, extractBearerToken } =\n await import(\"@brainst0rm/godmode\");\n const token = extractBearerToken(\n req.headers.authorization as string | undefined,\n );\n if (!token) return { ok: false, error: \"Missing Authorization header\" };\n\n const auth = verifyJWT(token, this.opts.jwtSecret);\n if (!auth.authenticated)\n return { ok: false, error: auth.error ?? \"Authentication failed\" };\n\n return { ok: true, payload: auth.payload };\n }\n\n // ── HTTP Helpers ──────────────────────────────────────────────────\n\n private json(res: ServerResponse, status: number, body: unknown): void {\n const payload = JSON.stringify(body);\n const req = (res as any)._brainstormReq as IncomingMessage | undefined;\n res.writeHead(status, {\n \"Content-Type\": \"application/json\",\n ...this.corsHeaders(req),\n });\n res.end(payload);\n }\n\n private envelope<T>(data: T) {\n return {\n ok: true as const,\n data,\n request_id: randomUUID(),\n timestamp: new Date().toISOString(),\n };\n }\n\n private errorResponse(\n res: ServerResponse,\n status: number,\n message: string,\n ): void {\n this.json(res, status, {\n ok: false,\n error: message,\n request_id: randomUUID(),\n timestamp: new Date().toISOString(),\n });\n }\n\n private async readBody<T = any>(req: IncomingMessage): Promise<T> {\n const MAX_BODY_BYTES = 10 * 1024 * 1024; // 10 MB hard cap\n const declared = Number(req.headers[\"content-length\"] ?? 0);\n if (Number.isFinite(declared) && declared > MAX_BODY_BYTES) {\n throw Object.assign(new Error(\"Request body too large\"), {\n statusCode: 413,\n });\n }\n const chunks: Buffer[] = [];\n let received = 0;\n for await (const chunk of req) {\n const buf = chunk as Buffer;\n received += buf.length;\n if (received > MAX_BODY_BYTES) {\n req.destroy();\n throw Object.assign(new Error(\"Request body too large\"), {\n statusCode: 413,\n });\n }\n chunks.push(buf);\n }\n const raw = Buffer.concat(chunks).toString(\"utf-8\");\n try {\n return JSON.parse(raw);\n } catch {\n throw Object.assign(new Error(\"Invalid JSON body\"), { statusCode: 400 });\n }\n }\n\n /** Parse an integer from a query param, falling back to a default on NaN. */\n private safeInt(value: string | null, fallback: number): number {\n if (!value) return fallback;\n const n = parseInt(value, 10);\n return Number.isFinite(n) ? n : fallback;\n }\n\n /**\n * Build CORS headers for a request. Only reflects the request Origin when\n * it appears in the configured allowlist. Emitting `*` on a credentialed\n * API would let any origin exfiltrate authenticated SSE responses.\n */\n private corsHeaders(req?: IncomingMessage): Record<string, string> {\n const origin = this.resolveAllowedOrigin(req);\n if (!origin) return {};\n return {\n \"Access-Control-Allow-Origin\": origin,\n \"Access-Control-Allow-Credentials\": \"true\",\n Vary: \"Origin\",\n \"Access-Control-Allow-Methods\": \"GET, POST, PATCH, DELETE, OPTIONS\",\n \"Access-Control-Allow-Headers\": \"Content-Type, Authorization\",\n \"Access-Control-Max-Age\": \"86400\",\n };\n }\n\n private resolveAllowedOrigin(req?: IncomingMessage): string | null {\n if (!this.opts.cors) return null;\n const origin = req?.headers.origin;\n if (!origin || typeof origin !== \"string\") return null;\n return this.opts.allowedOrigins.includes(origin) ? origin : null;\n }\n}\n","/**\n * BrainstormClient — typed HTTP+SSE client for brainstorm server.\n *\n * Used by:\n * - CLI (`brainstorm chat` when connecting to a running server)\n * - Web UI\n * - Other agents (agent-to-agent communication)\n * - MCP bridges\n *\n * Supports both request/response and streaming (SSE) patterns.\n */\n\nimport type {\n ApiEnvelope,\n ChatRequest,\n ChatResponse,\n CreateConversationRequest,\n UpdateConversationRequest,\n HandoffRequest,\n HealthResponse,\n ToolExecuteRequest,\n ToolExecuteResponse,\n} from \"./types.js\";\nimport type { Conversation } from \"@brainst0rm/db\";\n\nexport interface ClientOptions {\n /** Base URL of the brainstorm server (e.g. \"http://localhost:8000\"). */\n baseUrl: string;\n /** JWT token for authenticated requests. */\n token?: string;\n /** Request timeout in ms. Default: 120000. */\n timeout?: number;\n}\n\nexport class BrainstormClient {\n private baseUrl: string;\n private token: string | null;\n private timeout: number;\n\n constructor(opts: ClientOptions) {\n this.baseUrl = opts.baseUrl.replace(/\\/$/, \"\");\n this.token = opts.token ?? null;\n this.timeout = opts.timeout ?? 120_000;\n }\n\n // ── Health ────────────────────────────────────────────────────────\n\n async health(): Promise<HealthResponse> {\n return this.get(\"/health\");\n }\n\n // ── Chat ──────────────────────────────────────────────────────────\n\n /** Send a chat message and get a complete response. */\n async chat(request: ChatRequest): Promise<ChatResponse> {\n const envelope = await this.post<ApiEnvelope<ChatResponse>>(\n \"/api/v1/chat\",\n request,\n );\n return envelope.data;\n }\n\n /**\n * Send a chat message and stream events via SSE.\n * Yields parsed AgentEvent objects from the server.\n */\n async *chatStream(\n request: ChatRequest,\n ): AsyncGenerator<Record<string, unknown>> {\n const response = await this.fetchRaw(\"/api/v1/chat/stream\", {\n method: \"POST\",\n body: JSON.stringify(request),\n });\n\n if (!response.ok) {\n const text = await response.text();\n throw new Error(`Chat stream failed (${response.status}): ${text}`);\n }\n\n if (!response.body) throw new Error(\"No response body for SSE stream\");\n\n const reader = response.body.getReader();\n const decoder = new TextDecoder();\n let buffer = \"\";\n\n try {\n while (true) {\n const { done, value } = await reader.read();\n if (done) break;\n\n buffer += decoder.decode(value, { stream: true });\n const lines = buffer.split(\"\\n\");\n buffer = lines.pop() ?? \"\";\n\n for (const line of lines) {\n if (!line.startsWith(\"data: \")) continue;\n const data = line.slice(6).trim();\n if (data === \"[DONE]\") return;\n\n try {\n yield JSON.parse(data);\n } catch {\n // Skip malformed JSON lines\n }\n }\n }\n } finally {\n reader.releaseLock();\n }\n }\n\n // ── Tools ─────────────────────────────────────────────────────────\n\n /** List all available tools. */\n async listTools(): Promise<unknown[]> {\n const envelope = await this.get<ApiEnvelope<unknown[]>>(\"/api/v1/tools\");\n return envelope.data;\n }\n\n /** Execute a tool directly. */\n async executeTool(request: ToolExecuteRequest): Promise<ToolExecuteResponse> {\n const envelope = await this.post<ApiEnvelope<ToolExecuteResponse>>(\n \"/api/v1/tools/execute\",\n request,\n );\n return envelope.data;\n }\n\n // ── Products ──────────────────────────────────────────────────────\n\n async listProducts(): Promise<unknown[]> {\n const envelope = await this.get<ApiEnvelope<unknown[]>>(\"/api/v1/products\");\n return envelope.data;\n }\n\n // ── ChangeSets ────────────────────────────────────────────────────\n\n async listChangeSets(): Promise<unknown[]> {\n const envelope =\n await this.get<ApiEnvelope<unknown[]>>(\"/api/v1/changesets\");\n return envelope.data;\n }\n\n async approveChangeSet(id: string): Promise<unknown> {\n const envelope = await this.post<ApiEnvelope<unknown>>(\n `/api/v1/changesets/${id}/approve`,\n {},\n );\n return envelope.data;\n }\n\n async rejectChangeSet(id: string): Promise<unknown> {\n const envelope = await this.post<ApiEnvelope<unknown>>(\n `/api/v1/changesets/${id}/reject`,\n {},\n );\n return envelope.data;\n }\n\n // ── Conversations ─────────────────────────────────────────────────\n\n /** List conversations, optionally filtered by project. */\n async listConversations(opts?: {\n project?: string;\n archived?: boolean;\n limit?: number;\n }): Promise<Conversation[]> {\n const params = new URLSearchParams();\n if (opts?.project) params.set(\"project\", opts.project);\n if (opts?.archived) params.set(\"archived\", \"true\");\n if (opts?.limit) params.set(\"limit\", String(opts.limit));\n const qs = params.toString();\n const envelope = await this.get<ApiEnvelope<Conversation[]>>(\n `/api/v1/conversations${qs ? `?${qs}` : \"\"}`,\n );\n return envelope.data;\n }\n\n /** Create a new conversation. */\n async createConversation(\n request: CreateConversationRequest,\n ): Promise<Conversation> {\n const envelope = await this.post<ApiEnvelope<Conversation>>(\n \"/api/v1/conversations\",\n request,\n );\n return envelope.data;\n }\n\n /** Get a conversation by ID (includes cost/message totals). */\n async getConversation(\n id: string,\n ): Promise<Conversation & { totalCost: number; totalMessages: number }> {\n const envelope = await this.get<\n ApiEnvelope<Conversation & { totalCost: number; totalMessages: number }>\n >(`/api/v1/conversations/${id}`);\n return envelope.data;\n }\n\n /** Update a conversation. */\n async updateConversation(\n id: string,\n request: UpdateConversationRequest,\n ): Promise<Conversation> {\n const envelope = await this.fetchJson<ApiEnvelope<Conversation>>(\n `/api/v1/conversations/${id}`,\n { method: \"PATCH\", body: JSON.stringify(request) },\n );\n return envelope.data;\n }\n\n /** Delete a conversation. */\n async deleteConversation(id: string): Promise<void> {\n await this.fetchJson(`/api/v1/conversations/${id}`, {\n method: \"DELETE\",\n });\n }\n\n /** Fork a conversation. */\n async forkConversation(id: string, name?: string): Promise<Conversation> {\n const envelope = await this.post<ApiEnvelope<Conversation>>(\n `/api/v1/conversations/${id}/fork`,\n { name },\n );\n return envelope.data;\n }\n\n /** Handoff: switch a conversation to a different model. */\n async handoff(id: string, modelId: string): Promise<Conversation> {\n const envelope = await this.post<ApiEnvelope<Conversation>>(\n `/api/v1/conversations/${id}/handoff`,\n { modelId } satisfies HandoffRequest,\n );\n return envelope.data;\n }\n\n /** List sessions within a conversation. */\n async listConversationSessions(id: string): Promise<unknown[]> {\n const envelope = await this.get<ApiEnvelope<unknown[]>>(\n `/api/v1/conversations/${id}/sessions`,\n );\n return envelope.data;\n }\n\n // ── Chat within Conversation ──────────────────────────────────────\n\n /** Send a message within a conversation context. */\n async conversationChat(\n conversationId: string,\n message: string,\n opts?: { modelId?: string },\n ): Promise<ChatResponse> {\n return this.chat({\n message,\n conversationId,\n modelId: opts?.modelId,\n });\n }\n\n /** Stream a chat within a conversation. */\n async *conversationChatStream(\n conversationId: string,\n message: string,\n opts?: { modelId?: string },\n ): AsyncGenerator<Record<string, unknown>> {\n yield* this.chatStream({\n message,\n conversationId,\n modelId: opts?.modelId,\n });\n }\n\n // ── HTTP Layer ────────────────────────────────────────────────────\n\n private async get<T = any>(path: string): Promise<T> {\n return this.fetchJson(path, { method: \"GET\" });\n }\n\n private async post<T = any>(path: string, body: unknown): Promise<T> {\n return this.fetchJson(path, {\n method: \"POST\",\n body: JSON.stringify(body),\n });\n }\n\n private async fetchJson<T = any>(\n path: string,\n init: RequestInit,\n ): Promise<T> {\n const response = await this.fetchRaw(path, init);\n const text = await response.text();\n\n if (!response.ok) {\n let errorMsg = `Request failed (${response.status})`;\n try {\n const parsed = JSON.parse(text);\n if (parsed.error) errorMsg = parsed.error;\n } catch {\n errorMsg = text || errorMsg;\n }\n throw new Error(errorMsg);\n }\n\n return JSON.parse(text);\n }\n\n private async fetchRaw(path: string, init: RequestInit): Promise<Response> {\n const headers: Record<string, string> = {\n \"Content-Type\": \"application/json\",\n };\n if (this.token) {\n headers[\"Authorization\"] = `Bearer ${this.token}`;\n }\n\n const controller = new AbortController();\n const timeout = setTimeout(() => controller.abort(), this.timeout);\n\n try {\n return await fetch(`${this.baseUrl}${path}`, {\n ...init,\n headers: { ...headers, ...(init.headers as Record<string, string>) },\n signal: controller.signal,\n });\n } finally {\n clearTimeout(timeout);\n }\n }\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAmCA;EACE;OAIK;AACP,SAAS,aAAa,YAAY,uBAAuB;AACzD;EACE;EACA;EACA;EACA;EACA;OACK;AACP,SAAS,eAAe;AACxB,SAAS,YAAY;AAwBrB,IAAM,MAAM,aAAa,QAAQ;AAc1B,IAAM,mBAAN,MAAM,kBAAiB;EACpB,SAAwB;EACxB;EACA;EACA,sBAAkD;;;;;;;;;;;;;;;;EAgBlD,WAA0B;EAC1B,eAA8B;EAEtC,YAAY,MAA0B,MAAsB;AAC1D,SAAK,OAAO;AACZ,SAAK,OAAO;MACV,MAAM,MAAM,QAAQ;MACpB,MAAM,MAAM,QAAQ;MACpB,MAAM,MAAM,QAAQ;MACpB,gBAAgB,MAAM,kBAAkB,CAAC;MACzC,WAAW,MAAM,aAAa;MAC9B,aAAa,MAAM,eAAe,QAAQ,IAAI;IAChD;AAEA,QAAI,KAAK,eAAe;AACtB,WAAK,sBAAsB,IAAI;QAC7B,KAAK;QACL,KAAK;MACP;IACF;EACF;;;;;EAMQ,eAAqB;AAC3B,UAAM,MAAM;MACV,QAAQ,IAAI,mBAAmB,KAAK,QAAQ,GAAG,aAAa;IAC9D;AACA,QAAI,CAAC,WAAW,GAAG,EAAG,WAAU,KAAK,EAAE,WAAW,KAAK,CAAC;AACxD,UAAM,YAAY,KAAK,KAAK,cAAc;AAC1C,UAAM,QAAQ,YAAY,EAAE,EAAE,SAAS,KAAK;AAC5C,kBAAc,WAAW,OAAO,EAAE,MAAM,IAAM,CAAC;AAC/C,cAAU,WAAW,GAAK;AAC1B,SAAK,WAAW;AAChB,SAAK,eAAe;EACtB;;EAGQ,eAAe,YAAyC;AAC9D,QAAI,CAAC,KAAK,YAAY,CAAC,WAAY,QAAO;AAC1C,UAAM,IAAI,mBAAmB,KAAK,WAAW,KAAK,CAAC;AACnD,QAAI,CAAC,EAAG,QAAO;AACf,UAAM,WAAW,OAAO,KAAK,EAAE,CAAC,GAAG,MAAM;AACzC,UAAM,WAAW,OAAO,KAAK,KAAK,UAAU,MAAM;AAClD,QAAI,SAAS,WAAW,SAAS,OAAQ,QAAO;AAChD,WAAO,gBAAgB,UAAU,QAAQ;EAC3C;;EAGA,MAAM,QAAkC;AACtC,UAAM,EAAE,MAAM,KAAK,IAAI,KAAK;AAM5B,QAAI,CAAC,KAAK,KAAK,WAAW;AACxB,UAAI,SAAS,eAAe,SAAS,eAAe,SAAS,OAAO;AAClE,YAAI;UACF,EAAE,MAAM,KAAK;UACb;QACF;AACA,gBAAQ,KAAK,CAAC;MAChB,OAAO;AAKL,aAAK,aAAa;AAClB,YAAI;UACF,EAAE,WAAW,KAAK,aAAa;UAC/B;QACF;MACF;IACF;AAEA,SAAK,SAAS,aAAa,CAAC,KAAK,QAAQ;AACvC,WAAK,cAAc,KAAK,GAAG,EAAE,MAAM,CAAC,QAAQ;AAC1C,cAAM,MAAM,eAAe,QAAQ,IAAI,UAAU,OAAO,GAAG;AAC3D,cAAM,SAAU,KAAa,cAAc;AAC3C,YAAI,UAAU,IAAK,KAAI,MAAM,EAAE,IAAI,GAAG,yBAAyB;AAC/D,aAAK,cAAc,KAAK,QAAQ,GAAG;MACrC,CAAC;IACH,CAAC;AAED,WAAO,IAAI,QAAQ,CAAC,YAAY;AAC9B,WAAK,OAAQ,OAAO,MAAM,MAAM,MAAM;AACpC,cAAM,MAAM,UAAU,IAAI,IAAI,IAAI;AAClC,YAAI,KAAK,EAAE,IAAI,GAAG,2BAA2B;AAC7C,gBAAQ,EAAE,IAAI,CAAC;MACjB,CAAC;IACH,CAAC;EACH;;EAGA,MAAM,OAAsB;AAG1B,QAAI,KAAK,gBAAgB,WAAW,KAAK,YAAY,GAAG;AACtD,UAAI;AACF,mBAAW,KAAK,YAAY;MAC9B,SAAS,KAAK;AACZ,YAAI,KAAK,EAAE,IAAI,GAAG,wCAAwC;MAC5D;IACF;AACA,SAAK,WAAW;AAChB,SAAK,eAAe;AACpB,WAAO,IAAI,QAAQ,CAAC,YAAY;AAC9B,UAAI,CAAC,KAAK,OAAQ,QAAO,QAAQ;AACjC,WAAK,OAAO,MAAM,MAAM;AACtB,YAAI,KAAK,2BAA2B;AACpC,aAAK,SAAS;AACd,gBAAQ;MACV,CAAC;IACH,CAAC;EACH;;EAGA,gBAA+B;AAC7B,WAAO,KAAK;EACd;;EAIA,MAAc,cACZ,KACA,KACe;AAId,QAAY,iBAAiB;AAE9B,UAAM,MAAM,IAAI,IAAI,IAAI,OAAO,KAAK,UAAU,IAAI,QAAQ,IAAI,EAAE;AAChE,UAAM,OAAO,IAAI;AACjB,UAAM,SAAS,IAAI,UAAU;AAG7B,QAAI,WAAW,aAAa,KAAK,KAAK,MAAM;AAC1C,UAAI,UAAU,KAAK,KAAK,YAAY,GAAG,CAAC;AACxC,UAAI,IAAI;AACR;IACF;AAGA,QAAI,SAAS,aAAa,WAAW,OAAO;AAC1C,aAAO,KAAK,aAAa,GAAG;IAC9B;AAGA,QAAI,KAAK,WAAW,OAAO,GAAG;AAC5B,YAAM,aACJ,KAAK,KAAK,SAAS,eACnB,KAAK,KAAK,SAAS,eACnB,KAAK,KAAK,SAAS;AAErB,UAAI,KAAK,KAAK,WAAW;AACvB,cAAM,aAAa,MAAM,KAAK,UAAU,GAAG;AAC3C,YAAI,CAAC,WAAW,IAAI;AAClB,iBAAO,KAAK,cAAc,KAAK,KAAK,WAAW,KAAK;QACtD;AAEC,YAAY,eAAe,WAAW,KAClC,WAAmB,UACpB;MACN,WAAW,CAAC,YAAY;AAEtB,eAAO,KAAK;UACV;UACA;UACA;QACF;MACF,OAAO;AAKL,YAAI,CAAC,KAAK,eAAe,IAAI,QAAQ,aAAuB,GAAG;AAC7D,iBAAO,KAAK;YACV;YACA;YACA,yCAAyC,KAAK,gBAAgB,4BAA4B;UAC5F;QACF;MACF;IACF;AAGA,QAAI,SAAS,sBAAsB,WAAW;AAC5C,aAAO,KAAK,eAAe,GAAG;AAChC,QAAI,SAAS,mBAAmB,WAAW;AACzC,aAAO,KAAK,YAAY,GAAG;AAC7B,QAAI,SAAS,2BAA2B,WAAW;AACjD,aAAO,KAAK,kBAAkB,KAAK,GAAG;AACxC,QAAI,SAAS,wBAAwB,WAAW;AAC9C,aAAO,KAAK,iBAAiB,GAAG;AAElC,UAAM,eAAe,KAAK;MACxB;IACF;AACA,QAAI,gBAAgB,WAAW;AAC7B,aAAO,KAAK,uBAAuB,aAAa,CAAC,GAAG,KAAK,GAAG;AAE9D,UAAM,cAAc,KAAK,MAAM,0CAA0C;AACzE,QAAI,eAAe,WAAW;AAC5B,aAAO,KAAK,sBAAsB,YAAY,CAAC,GAAG,GAAG;AAEvD,QAAI,SAAS,mBAAmB,WAAW;AACzC,aAAO,KAAK,YAAY,KAAK,GAAG;AAClC,QAAI,SAAS,8BAA8B,WAAW;AACpD,aAAO,KAAK,sBAAsB,KAAK,GAAG;AAC5C,QAAI,SAAS,6BAA6B,WAAW;AACnD,aAAO,KAAK,qBAAqB,KAAK,GAAG;AAG3C,QAAI,SAAS,kBAAkB,WAAW;AACxC,aAAO,KAAK,WAAW,KAAK,GAAG;AACjC,QAAI,SAAS,yBAAyB,WAAW;AAC/C,aAAO,KAAK,iBAAiB,KAAK,GAAG;AAGvC,QAAI,SAAS,2BAA2B,WAAW;AACjD,aAAO,KAAK,wBAAwB,KAAK,GAAG;AAC9C,QAAI,SAAS,2BAA2B,WAAW;AACjD,aAAO,KAAK,yBAAyB,KAAK,GAAG;AAE/C,UAAM,YAAY,KAAK,MAAM,qCAAqC;AAClE,QAAI,aAAa,WAAW;AAC1B,aAAO,KAAK,sBAAsB,UAAU,CAAC,GAAG,GAAG;AACrD,QAAI,aAAa,WAAW;AAC1B,aAAO,KAAK,yBAAyB,UAAU,CAAC,GAAG,KAAK,GAAG;AAC7D,QAAI,aAAa,WAAW;AAC1B,aAAO,KAAK,yBAAyB,UAAU,CAAC,GAAG,GAAG;AAExD,UAAM,YAAY,KAAK,MAAM,2CAA2C;AACxE,QAAI,aAAa,WAAW;AAC1B,aAAO,KAAK,uBAAuB,UAAU,CAAC,GAAG,KAAK,GAAG;AAE3D,UAAM,eAAe,KAAK;MACxB;IACF;AACA,QAAI,gBAAgB,WAAW;AAC7B,aAAO,KAAK,cAAc,aAAa,CAAC,GAAG,KAAK,GAAG;AAErD,UAAM,gBAAgB,KAAK;MACzB;IACF;AACA,QAAI,iBAAiB,WAAW;AAC9B,aAAO,KAAK,2BAA2B,cAAc,CAAC,GAAG,GAAG;AAG9D,QAAI,SAAS,oBAAoB,WAAW;AAC1C,aAAO,KAAK,iBAAiB,GAAG;AAClC,QAAI,SAAS,oBAAoB,WAAW;AAC1C,aAAO,KAAK,mBAAmB,KAAK,GAAG;AACzC,UAAM,cAAc,KAAK,MAAM,8BAA8B;AAC7D,QAAI,eAAe,WAAW;AAC5B,aAAO,KAAK,mBAAmB,YAAY,CAAC,GAAG,KAAK,GAAG;AACzD,QAAI,eAAe,WAAW;AAC5B,aAAO,KAAK,mBAAmB,YAAY,CAAC,GAAG,GAAG;AACpD,QAAI,SAAS,0BAA0B,WAAW;AAChD,aAAO,KAAK,iBAAiB,GAAG;AAGlC,QAAI,SAAS,oBAAoB,WAAW;AAC1C,aAAO,KAAK,iBAAiB,GAAG;AAGlC,QAAI,SAAS,oBAAoB,WAAW;AAC1C,aAAO,KAAK,iBAAiB,GAAG;AAGlC,QAAI,SAAS,+BAA+B,WAAW;AACrD,aAAO,KAAK,cAAc,KAAK,GAAG;AAGpC,SAAK,cAAc,KAAK,KAAK,cAAc,MAAM,IAAI,IAAI,EAAE;EAC7D;;EAIQ,aAAa,KAA2B;AAC9C,QAAI,cAAc;AAClB,QAAI;AACF,YAAM,MAAM,KAAK,KAAK,GACnB;QACC;MACF,EACC,IAAI;AACP,oBAAc,KAAK,OAAO;IAC5B,QAAQ;IAER;AAEA,SAAK,KAAK,KAAK,KAAK;MAClB,QAAQ;MACR,SAAS,KAAK,KAAK,WAAW;MAC9B,gBAAgB,KAAK,MAAM,QAAQ,OAAO,CAAC;MAC3C,UAAU;QACR,WAAW,KAAK,KAAK,QAAQ,iBAAiB;QAC9C,OAAO,KAAK,KAAK,QAAQ;MAC3B;MACA,eAAe,EAAE,QAAQ,YAAY;IACvC,CAAC;EACH;;EAIQ,eAAe,KAA2B;AAChD,UAAM,WAAW,KAAK,KAAK,QAAQ,iBAAiB,IAAI,CAAC,SAAS;MAChE,SAAS,IAAI;MACb,cAAc,IAAI;MAClB,QAAQ;MACR,YAAY,IAAI;MAChB,YAAY,IAAI;MAChB,cAAc,IAAI;MAClB,eAAc,oBAAI,KAAK,GAAE,YAAY;IACvC,EAAE;AACF,SAAK,KAAK,KAAK,KAAK,KAAK,SAAS,QAAQ,CAAC;EAC7C;;EAIQ,YAAY,KAA2B;AAC7C,SAAK,KAAK,KAAK,KAAK,KAAK,SAAS,KAAK,KAAK,MAAM,UAAU,CAAC,CAAC;EAChE;;EAGA,OAAwB,2BAA2B,oBAAI,IAAI;IACzD;IACA;EACF,CAAC;EAED,MAAc,kBACZ,KACA,KACe;AACf,UAAM,OAAO,MAAM,KAAK,SAA6B,GAAG;AACxD,QAAI,CAAC,KAAK,MAAM;AACd,aAAO,KAAK,cAAc,KAAK,KAAK,sBAAsB;IAC5D;AAEA,UAAM,OAAO,KAAK,KAAK,MAAM,IAAI,KAAK,IAAI;AAC1C,QAAI,CAAC,MAAM;AACT,aAAO,KAAK,cAAc,KAAK,KAAK,SAAS,KAAK,IAAI,aAAa;IACrE;AAIA,QAAI,kBAAiB,yBAAyB,IAAI,KAAK,UAAU,GAAG;AAClE,aAAO,KAAK;QACV;QACA;QACA,SAAS,KAAK,IAAI,eAAe,KAAK,UAAU;MAClD;IACF;AAEA,QAAI;AACF,YAAM,SAAS,MAAM,KAAK,QAAQ,KAAK,UAAU,CAAC,CAAC;AACnD,WAAK;QACH;QACA;QACA,KAAK,SAAS;UACZ,MAAM,KAAK;UACX;UACA,cAAa,oBAAI,KAAK,GAAE,YAAY;QACtC,CAAC;MACH;IACF,SAAS,KAAK;AACZ,YAAM,MAAM,eAAe,QAAQ,IAAI,UAAU,OAAO,GAAG;AAC3D,WAAK,cAAc,KAAK,KAAK,0BAA0B,GAAG,EAAE;IAC9D;EACF;;EAIA,MAAc,iBAAiB,KAAoC;AACjE,UAAM,EAAE,eAAe,IAAI,MAAM,OAAO,oBAAqB;AAC7D,SAAK,KAAK,KAAK,KAAK,KAAK,SAAS,eAAe,CAAC,CAAC;EACrD;EAEA,MAAc,uBACZ,IACA,KACA,KACe;AACf,UAAM,EAAE,iBAAiB,IAAI,MAAM,OAAO,oBAAqB;AAE/D,UAAM,cAAe,IAAY;AACjC,UAAM,WAAW,aAAa,SAAS,aAAa,OAAO;AAC3D,UAAM,SAAS,MAAM,iBAAiB,IAAI,QAAQ;AAClD,SAAK,KAAK,KAAK,OAAO,UAAU,MAAM,KAAK,KAAK,SAAS,MAAM,CAAC;EAClE;EAEA,MAAc,sBACZ,IACA,KACe;AACf,UAAM,EAAE,gBAAgB,IAAI,MAAM,OAAO,oBAAqB;AAC9D,UAAM,SAAS,gBAAgB,EAAE;AACjC,SAAK,KAAK,KAAK,OAAO,UAAU,MAAM,KAAK,KAAK,SAAS,MAAM,CAAC;EAClE;;EAIQ,YAAY,KAAU,KAA2B;AACvD,UAAM,QAAQ,KAAK,QAAQ,IAAI,aAAa,IAAI,OAAO,GAAG,EAAE;AAC5D,UAAM,SAAS,KAAK,QAAQ,IAAI,aAAa,IAAI,QAAQ,GAAG,CAAC;AAC7D,QAAI;AACF,YAAM,OAAO,KAAK,KAAK,GACpB;QACC;MACF,EACC,IAAI,OAAO,MAAM;AACpB,WAAK,KAAK,KAAK,KAAK,KAAK,SAAS,EAAE,SAAS,MAAM,OAAO,OAAO,CAAC,CAAC;IACrE,QAAQ;AACN,WAAK,KAAK,KAAK,KAAK,KAAK,SAAS,EAAE,SAAS,CAAC,GAAG,OAAO,OAAO,CAAC,CAAC;IACnE;EACF;EAEA,MAAc,sBACZ,KACA,KACe;AACf,UAAM,EAAE,uBAAuB,IAAI,MAAM,OAAO,oBAAgB;AAChE,UAAM,QAAQ,IAAI,uBAAuB,KAAK,KAAK,EAAE;AACrD,UAAM,QAAQ,KAAK,QAAQ,IAAI,aAAa,IAAI,OAAO,GAAG,EAAE;AAC5D,UAAM,SAAS,KAAK,QAAQ,IAAI,aAAa,IAAI,QAAQ,GAAG,CAAC;AAC7D,UAAM,YAAY,IAAI,aAAa,IAAI,WAAW;AAClD,UAAM,UAAU,YACZ,MAAM,YAAY,WAAW,KAAK,IAClC,MAAM,OAAO,OAAO,MAAM;AAC9B,SAAK;MACH;MACA;MACA,KAAK,SAAS,EAAE,SAAS,OAAO,MAAM,MAAM,GAAG,OAAO,OAAO,CAAC;IAChE;EACF;;EAIA,MAAc,qBACZ,KACA,KACe;AACf,UAAM,OAAO,MAAM,KAAK,SAAS,GAAG;AACpC,UAAM,eAAe,QAAQ,IAAI;AAEjC,QAAI,CAAC,cAAc;AACjB,aAAO,KAAK,cAAc,KAAK,KAAK,gCAAgC;IACtE;AAEA,UAAM,EAAE,YAAY,IAAI,MAAM,OAAO,oBAAqB;AAC1D,QAAI,CAAC,YAAY,MAAM,YAAY,GAAG;AACpC,aAAO,KAAK,cAAc,KAAK,KAAK,yBAAyB;IAC/D;AAEA,QAAI;MACF,EAAE,MAAM,KAAK,MAAM,SAAS,KAAK,SAAS,QAAQ,KAAK,UAAU;MACjE;IACF;AACA,SAAK,KAAK,KAAK,KAAK,KAAK,SAAS,EAAE,UAAU,MAAM,UAAU,KAAK,GAAG,CAAC,CAAC;EAC1E;;EAIA,MAAc,WACZ,KACA,KACe;AACf,UAAM,OAAO,MAAM,KAAK,SAAsB,GAAG;AACjD,QAAI,CAAC,KAAK,SAAS;AACjB,aAAO,KAAK,cAAc,KAAK,KAAK,yBAAyB;IAC/D;AAEA,UAAM;MACJ;MACA;MACA;MACA;MACA;IACF,IAAI,KAAK,YAAY,IAAI;AAEzB,UAAM,WAAW,CAAC,EAAE,MAAM,QAAiB,SAAS,KAAK,QAAQ,CAAC;AAClE,QAAI,YAAY;AAChB,QAAI,YAAY;AAKhB,UAAM,kBAAkB,IAAI,gBAAgB;AAC5C,UAAM,UAAU,MAAM,gBAAgB,MAAM;AAC5C,QAAI,GAAG,SAAS,OAAO;AAEvB,QAAI;AACF,uBAAiB,SAAS,aAAa,UAAU;QAC/C,QAAQ,KAAK,KAAK;QAClB,UAAU,KAAK,KAAK;QACpB,QAAQ,KAAK,KAAK;QAClB,aAAa,KAAK,KAAK;QACvB,OAAO,KAAK,KAAK;QACjB,WAAW,QAAQ;QACnB,aAAa,KAAK,KAAK;QACvB;QACA,gBAAgB;QAChB,iBAAiB,MAAM;QACvB,YAAY,gCAAgC,KAAK,KAAK,WAAW;QACjE;QACA,QAAQ,gBAAgB;MAC1B,CAAC,GAAG;AACF,YAAI,MAAM,SAAS,aAAc,cAAa,MAAM;AACpD,YAAI,MAAM,SAAS,OAAQ,aAAY,MAAM;MAC/C;IACF,UAAA;AACE,UAAI,IAAI,SAAS,OAAO;IAC1B;AAIA,SAAK;MACH;MACA;MACA,KAAK,SAAS;QACZ,UAAU;QACV,YAAY,QAAQ;QACpB,iBAAiB;QACjB,MAAM;MACR,CAAC;IACH;EACF;EAEA,MAAc,iBACZ,KACA,KACe;AACf,UAAM,OAAO,MAAM,KAAK,SAAsB,GAAG;AACjD,QAAI,CAAC,KAAK,SAAS;AACjB,aAAO,KAAK,cAAc,KAAK,KAAK,yBAAyB;IAC/D;AAEA,QAAI,UAAU,KAAK;MACjB,gBAAgB;MAChB,iBAAiB;MACjB,YAAY;MACZ,GAAG,KAAK,YAAY,GAAG;IACzB,CAAC;AAED,UAAM;MACJ;MACA;MACA;MACA;MACA;IACF,IAAI,KAAK,YAAY,IAAI;AAGzB,QAAI;MACF,SAAS,KAAK,UAAU,EAAE,MAAM,WAAW,WAAW,QAAQ,IAAI,eAAe,CAAC,CAAC;;;IACrF;AAEA,UAAM,WAAW,CAAC,EAAE,MAAM,QAAiB,SAAS,KAAK,QAAQ,CAAC;AAMlE,UAAM,kBAAkB,IAAI,gBAAgB;AAC5C,UAAM,UAAU,MAAM,gBAAgB,MAAM;AAC5C,QAAI,GAAG,SAAS,OAAO;AAEvB,QAAI;AACF,uBAAiB,SAAS,aAAa,UAAU;QAC/C,QAAQ,KAAK,KAAK;QAClB,UAAU,KAAK,KAAK;QACpB,QAAQ,KAAK,KAAK;QAClB,aAAa,KAAK,KAAK;QACvB,OAAO,KAAK,KAAK;QACjB,WAAW,QAAQ;QACnB,aAAa,KAAK,KAAK;QACvB;QACA,gBAAgB;QAChB,iBAAiB,MAAM;QACvB,YAAY,gCAAgC,KAAK,KAAK,WAAW;QACjE;QACA,QAAQ,gBAAgB;MAC1B,CAAC,GAAG;AACF,YAAI,MAAM,SAAS,KAAK,UAAU,KAAK,CAAC;;CAAM;AAC9C,YAAI,MAAM,SAAS,UAAU,MAAM,SAAS,QAAS;MACvD;IACF,UAAA;AACE,UAAI,IAAI,SAAS,OAAO;IAC1B;AAEA,QAAI,CAAC,IAAI,eAAe;AACtB,UAAI,MAAM,kBAAkB;AAC5B,UAAI,IAAI;IACV;EACF;;EAIQ,wBAAwB,KAAU,KAA2B;AACnE,QAAI,CAAC,KAAK,qBAAqB;AAC7B,aAAO,KAAK,cAAc,KAAK,KAAK,+BAA+B;IACrE;AACA,UAAM,cAAc,IAAI,aAAa,IAAI,SAAS,KAAK;AACvD,UAAM,kBAAkB,IAAI,aAAa,IAAI,UAAU,MAAM;AAC7D,UAAM,QAAQ,KAAK,QAAQ,IAAI,aAAa,IAAI,OAAO,GAAG,EAAE;AAC5D,UAAM,QAAQ,KAAK,oBAAoB,KAAK,aAAa;MACvD;MACA;IACF,CAAC;AACD,SAAK,KAAK,KAAK,KAAK,KAAK,SAAS,KAAK,CAAC;EAC1C;EAEA,MAAc,yBACZ,KACA,KACe;AACf,QAAI,CAAC,KAAK,qBAAqB;AAC7B,aAAO,KAAK,cAAc,KAAK,KAAK,+BAA+B;IACrE;AACA,UAAM,OAAO,MAAM,KAAK,SAAoC,GAAG;AAC/D,UAAM,OAAO,KAAK,oBAAoB,OAAO,KAAK,KAAK,aAAa,IAAI;AACxE,SAAK,KAAK,KAAK,KAAK,KAAK,SAAS,IAAI,CAAC;EACzC;EAEQ,sBAAsB,IAAY,KAA2B;AACnE,QAAI,CAAC,KAAK,qBAAqB;AAC7B,aAAO,KAAK,cAAc,KAAK,KAAK,+BAA+B;IACrE;AACA,UAAM,OAAO,KAAK,oBAAoB,IAAI,EAAE;AAC5C,QAAI,CAAC,KAAM,QAAO,KAAK,cAAc,KAAK,KAAK,wBAAwB;AAEvE,UAAM,UAAU,KAAK,oBAAoB,WAAW,EAAE;AACtD,SAAK;MACH;MACA;MACA,KAAK,SAAS;QACZ,GAAG;QACH,WAAW,KAAK,oBAAoB,aAAa,EAAE;QACnD,eAAe,KAAK,oBAAoB,iBAAiB,EAAE;QAC3D,gBAAgB,SAAS,kBAAkB;MAC7C,CAAC;IACH;EACF;EAEA,MAAc,yBACZ,IACA,KACA,KACe;AACf,QAAI,CAAC,KAAK,qBAAqB;AAC7B,aAAO,KAAK,cAAc,KAAK,KAAK,+BAA+B;IACrE;AACA,UAAM,OAAO,MAAM,KAAK,SAAoC,GAAG;AAC/D,UAAM,OAAO,KAAK,oBAAoB,OAAO,IAAI,IAAI;AACrD,QAAI,CAAC,KAAM,QAAO,KAAK,cAAc,KAAK,KAAK,wBAAwB;AACvE,SAAK,KAAK,KAAK,KAAK,KAAK,SAAS,IAAI,CAAC;EACzC;EAEQ,yBAAyB,IAAY,KAA2B;AACtE,QAAI,CAAC,KAAK,qBAAqB;AAC7B,aAAO,KAAK,cAAc,KAAK,KAAK,+BAA+B;IACrE;AACA,UAAM,UAAU,KAAK,oBAAoB,OAAO,EAAE;AAClD,QAAI,CAAC,QAAS,QAAO,KAAK,cAAc,KAAK,KAAK,wBAAwB;AAC1E,SAAK,KAAK,KAAK,KAAK,KAAK,SAAS,EAAE,SAAS,KAAK,CAAC,CAAC;EACtD;EAEA,MAAc,uBACZ,IACA,KACA,KACe;AACf,QAAI,CAAC,KAAK,qBAAqB;AAC7B,aAAO,KAAK,cAAc,KAAK,KAAK,+BAA+B;IACrE;AACA,UAAM,OAAO,MAAM,KAAK,SAA4B,GAAG;AACvD,UAAM,SAAS,KAAK,oBAAoB,KAAK,IAAI,KAAK,IAAI;AAC1D,QAAI,CAAC,OAAQ,QAAO,KAAK,cAAc,KAAK,KAAK,wBAAwB;AACzE,SAAK,KAAK,KAAK,KAAK,KAAK,SAAS,MAAM,CAAC;EAC3C;EAEA,MAAc,cACZ,IACA,KACA,KACe;AACf,QAAI,CAAC,KAAK,qBAAqB;AAC7B,aAAO,KAAK,cAAc,KAAK,KAAK,+BAA+B;IACrE;AACA,UAAM,OAAO,MAAM,KAAK,SAAyB,GAAG;AACpD,QAAI,CAAC,KAAK,SAAS;AACjB,aAAO,KAAK,cAAc,KAAK,KAAK,yBAAyB;IAC/D;AACA,UAAM,OAAO,KAAK,oBAAoB,QAAQ,IAAI,KAAK,OAAO;AAC9D,QAAI,CAAC,KAAM,QAAO,KAAK,cAAc,KAAK,KAAK,wBAAwB;AACvE,SAAK,KAAK,KAAK,KAAK,KAAK,SAAS,IAAI,CAAC;EACzC;EAEQ,2BAA2B,IAAY,KAA2B;AACxE,QAAI,CAAC,KAAK,qBAAqB;AAC7B,aAAO,KAAK,cAAc,KAAK,KAAK,+BAA+B;IACrE;AACA,UAAM,OAAO,KAAK,oBAAoB,IAAI,EAAE;AAC5C,QAAI,CAAC,KAAM,QAAO,KAAK,cAAc,KAAK,KAAK,wBAAwB;AACvE,UAAM,WAAW,KAAK,oBAAoB,YAAY,EAAE;AACxD,SAAK,KAAK,KAAK,KAAK,KAAK,SAAS,QAAQ,CAAC;EAC7C;;EAIQ,iBAAiB,KAA2B;AAClD,QAAI,CAAC,KAAK,KAAK,eAAe;AAC5B,aAAO,KAAK,cAAc,KAAK,KAAK,+BAA+B;IACrE;AACA,UAAM,UAAU,KAAK,KAAK,cAAc,KAAK;AAC7C,SAAK,KAAK,KAAK,KAAK,KAAK,SAAS,OAAO,CAAC;EAC5C;EAEA,MAAc,mBACZ,KACA,KACe;AACf,QAAI,CAAC,KAAK,KAAK,eAAe;AAC5B,aAAO,KAAK,cAAc,KAAK,KAAK,+BAA+B;IACrE;AACA,UAAM,OAAO,MAAM,KAAK,SAMrB,GAAG;AACN,QAAI,CAAC,KAAK,QAAQ,CAAC,KAAK,SAAS;AAC/B,aAAO,KAAK,cAAc,KAAK,KAAK,2BAA2B;IACjE;AACA,UAAM,QAAQ,KAAK,KAAK,cAAc,KAAK;MACzC,MAAM,KAAK;MACX,aAAa,KAAK;MAClB,MAAO,KAAK,QAAgB;MAC5B,SAAS,KAAK;MACd,QAAS,KAAK,UAAkB;MAChC,YAAY;IACd,CAAC;AACD,SAAK,KAAK,KAAK,KAAK,KAAK,SAAS,KAAK,CAAC;EAC1C;EAEA,MAAc,mBACZ,IACA,KACA,KACe;AACf,QAAI,CAAC,KAAK,KAAK,eAAe;AAC5B,aAAO,KAAK,cAAc,KAAK,KAAK,+BAA+B;IACrE;AACA,UAAM,OAAO,MAAM,KAAK,SAGrB,GAAG;AACN,QAAI;AACF,UAAI,KAAK,SAAS,UAAU;AAC1B,aAAK,KAAK,cAAc,QAAQ,EAAE;MACpC,WAAW,KAAK,SAAS,cAAc;AACrC,aAAK,KAAK,cAAc,WAAW,EAAE;MACvC,WAAW,KAAK,SAAS,WAAW;AAClC,aAAK,KAAK,cAAc,OAAO,EAAE;MACnC;AACA,WAAK,KAAK,KAAK,KAAK,KAAK,SAAS,EAAE,SAAS,MAAM,GAAG,CAAC,CAAC;IAC1D,SAAS,KAAU;AACjB,WAAK,cAAc,KAAK,KAAK,IAAI,WAAW,iBAAiB;IAC/D;EACF;EAEQ,mBAAmB,IAAY,KAA2B;AAChE,QAAI,CAAC,KAAK,KAAK,eAAe;AAC5B,aAAO,KAAK,cAAc,KAAK,KAAK,+BAA+B;IACrE;AACA,QAAI;AACF,WAAK,KAAK,cAAc,OAAO,EAAE;AACjC,WAAK,KAAK,KAAK,KAAK,KAAK,SAAS,EAAE,SAAS,MAAM,GAAG,CAAC,CAAC;IAC1D,SAAS,KAAU;AACjB,WAAK,cAAc,KAAK,KAAK,IAAI,WAAW,iBAAiB;IAC/D;EACF;EAEQ,iBAAiB,KAA2B;AAGlD,SAAK;MACH;MACA;MACA,KAAK,SAAS;QACZ,QAAQ;QACR,SACE;MACJ,CAAC;IACH;EACF;;EAIQ,iBAAiB,KAA2B;AAClD,WAAO,oBAAkB,EAAE,KAAK,CAAC,EAAE,WAAW,MAAM;AAClD,UAAI;AACF,cAAM,SAAS,WAAW,KAAK,KAAK,WAAW;AAC/C,cAAM,OAAO,OAAO,IAAI,CAAC,OAAO;UAC9B,MAAM,EAAE;UACR,aAAa,EAAE,eAAe;UAC9B,QAAQ,EAAE,UAAU;UACpB,SAAS,EAAE,QAAQ,MAAM,GAAG,GAAG;QACjC,EAAE;AACF,aAAK,KAAK,KAAK,KAAK,KAAK,SAAS,IAAI,CAAC;MACzC,QAAQ;AACN,aAAK,KAAK,KAAK,KAAK,KAAK,SAAS,CAAC,CAAC,CAAC;MACvC;IACF,CAAC;EACH;;EAIQ,iBAAiB,KAA2B;AAClD,UAAM,SAAS,KAAK,KAAK,SAAS,OAAO,IAAI,CAAC,OAAO;MACnD,IAAI,EAAE;MACN,MAAM,EAAE;MACR,UAAU,EAAE;MACZ,QAAQ,EAAE;MACV,SAAS,EAAE;MACX,cAAc,EAAE;IAClB,EAAE;AACF,SAAK,KAAK,KAAK,KAAK,KAAK,SAAS,MAAM,CAAC;EAC3C;;EAIA,MAAc,cACZ,KACA,KACe;AACf,UAAM,OAAO,MAAM,KAAK,SAGrB,GAAG;AAEN,QAAI;AACF,YAAM,EAAE,sBAAsB,iCAAAA,iCAAgC,IAC5D,MAAM,OAAO,oBAAkB;AACjC,YAAM,WAAWA,iCAAgC,KAAK,KAAK,WAAW;AACtE,YAAM,YAAY,qBAAqB,UAAU;QAC/C,aAAa,KAAK,eAAe;QACjC,gBAAgB,KAAK,kBAAkB;MACzC,CAAC;AACD,WAAK,KAAK,KAAK,KAAK,KAAK,SAAS,SAAS,CAAC;IAC9C,SAAS,KAAU;AACjB,WAAK,cAAc,KAAK,KAAK,IAAI,WAAW,4BAA4B;IAC1E;EACF;;EAIQ,YAAY,MAMlB;AACA,UAAM,iBAAiB,IAAI,eAAe,KAAK,KAAK,EAAE;AACtD,UAAM,EAAE,QAAQ,WAAW,SAAS,IAAI;MACtC,KAAK,KAAK;IACZ;AACA,UAAM,eAAe,KAAK,KAAK,QAAQ,eAAe,QAAQ;AAC9D,QAAI,eAAe,YAAY;AAC/B,QAAI,mBAAmB,KAAK;AAE5B,QAAI;AACJ,QAAI,iBAAiB,KAAK;AAG1B,QAAI,kBAAkB,KAAK,qBAAqB;AAC9C,YAAM,MAAM,KAAK,oBAAoB,WAAW,cAAc;AAC9D,UAAI,KAAK;AAEP,cAAM,SACJ,KAAK,oBAAoB,iBAAiB,cAAc;AAC1D,YAAI,OAAQ,iBAAgB;;EAAO,MAAM;AAGzC,YAAI,IAAI,kBAAkB,CAAC,kBAAkB;AAC3C,6BAAmB,IAAI;QACzB;MACF;AAGA,YAAM,SAAS,KAAK,oBAAoB,aAAa,cAAc;AACnE,UAAI,QAAQ;AACV,kBAAU,OAAO;MACnB,OAAO;AACL,kBAAU,eAAe,MAAM,KAAK,KAAK,WAAW;MACtD;IACF,WAAW,KAAK,WAAW;AAEzB,YAAM,WAAW,eAAe,OAAO,KAAK,SAAS;AACrD,gBAAU,YAAY,eAAe,MAAM,KAAK,KAAK,WAAW;IAClE,OAAO;AAEL,gBAAU,eAAe,MAAM,KAAK,KAAK,WAAW;AAGpD,UAAI,KAAK,qBAAqB;AAC5B,cAAM,OAAO,KAAK,oBAAoB,OAAO,KAAK,KAAK,aAAa;UAClE,MAAM,KAAK,QAAQ,MAAM,GAAG,EAAE;QAChC,CAAC;AACD,yBAAiB,KAAK;AAEtB,cAAM,SAAS,KAAK,oBAAoB,aAAa,KAAK,EAAE;AAC5D,YAAI,QAAQ;AACV,oBAAU,OAAO;QACnB;MACF;IACF;AAEA,WAAO;MACL;MACA;MACA;MACA;MACA;IACF;EACF;;EAIA,MAAc,UAAU,KAMtB;AACA,UAAM,EAAE,WAAW,mBAAmB,IACpC,MAAM,OAAO,oBAAqB;AACpC,UAAM,QAAQ;MACZ,IAAI,QAAQ;IACd;AACA,QAAI,CAAC,MAAO,QAAO,EAAE,IAAI,OAAO,OAAO,+BAA+B;AAEtE,UAAM,OAAO,UAAU,OAAO,KAAK,KAAK,SAAS;AACjD,QAAI,CAAC,KAAK;AACR,aAAO,EAAE,IAAI,OAAO,OAAO,KAAK,SAAS,wBAAwB;AAEnE,WAAO,EAAE,IAAI,MAAM,SAAS,KAAK,QAAQ;EAC3C;;EAIQ,KAAK,KAAqB,QAAgB,MAAqB;AACrE,UAAM,UAAU,KAAK,UAAU,IAAI;AACnC,UAAM,MAAO,IAAY;AACzB,QAAI,UAAU,QAAQ;MACpB,gBAAgB;MAChB,GAAG,KAAK,YAAY,GAAG;IACzB,CAAC;AACD,QAAI,IAAI,OAAO;EACjB;EAEQ,SAAY,MAAS;AAC3B,WAAO;MACL,IAAI;MACJ;MACA,YAAY,WAAW;MACvB,YAAW,oBAAI,KAAK,GAAE,YAAY;IACpC;EACF;EAEQ,cACN,KACA,QACA,SACM;AACN,SAAK,KAAK,KAAK,QAAQ;MACrB,IAAI;MACJ,OAAO;MACP,YAAY,WAAW;MACvB,YAAW,oBAAI,KAAK,GAAE,YAAY;IACpC,CAAC;EACH;EAEA,MAAc,SAAkB,KAAkC;AAChE,UAAM,iBAAiB,KAAK,OAAO;AACnC,UAAM,WAAW,OAAO,IAAI,QAAQ,gBAAgB,KAAK,CAAC;AAC1D,QAAI,OAAO,SAAS,QAAQ,KAAK,WAAW,gBAAgB;AAC1D,YAAM,OAAO,OAAO,IAAI,MAAM,wBAAwB,GAAG;QACvD,YAAY;MACd,CAAC;IACH;AACA,UAAM,SAAmB,CAAC;AAC1B,QAAI,WAAW;AACf,qBAAiB,SAAS,KAAK;AAC7B,YAAM,MAAM;AACZ,kBAAY,IAAI;AAChB,UAAI,WAAW,gBAAgB;AAC7B,YAAI,QAAQ;AACZ,cAAM,OAAO,OAAO,IAAI,MAAM,wBAAwB,GAAG;UACvD,YAAY;QACd,CAAC;MACH;AACA,aAAO,KAAK,GAAG;IACjB;AACA,UAAM,MAAM,OAAO,OAAO,MAAM,EAAE,SAAS,OAAO;AAClD,QAAI;AACF,aAAO,KAAK,MAAM,GAAG;IACvB,QAAQ;AACN,YAAM,OAAO,OAAO,IAAI,MAAM,mBAAmB,GAAG,EAAE,YAAY,IAAI,CAAC;IACzE;EACF;;EAGQ,QAAQ,OAAsB,UAA0B;AAC9D,QAAI,CAAC,MAAO,QAAO;AACnB,UAAM,IAAI,SAAS,OAAO,EAAE;AAC5B,WAAO,OAAO,SAAS,CAAC,IAAI,IAAI;EAClC;;;;;;EAOQ,YAAY,KAA+C;AACjE,UAAM,SAAS,KAAK,qBAAqB,GAAG;AAC5C,QAAI,CAAC,OAAQ,QAAO,CAAC;AACrB,WAAO;MACL,+BAA+B;MAC/B,oCAAoC;MACpC,MAAM;MACN,gCAAgC;MAChC,gCAAgC;MAChC,0BAA0B;IAC5B;EACF;EAEQ,qBAAqB,KAAsC;AACjE,QAAI,CAAC,KAAK,KAAK,KAAM,QAAO;AAC5B,UAAM,SAAS,KAAK,QAAQ;AAC5B,QAAI,CAAC,UAAU,OAAO,WAAW,SAAU,QAAO;AAClD,WAAO,KAAK,KAAK,eAAe,SAAS,MAAM,IAAI,SAAS;EAC9D;AACF;ACrmCO,IAAM,mBAAN,MAAuB;EACpB;EACA;EACA;EAER,YAAY,MAAqB;AAC/B,SAAK,UAAU,KAAK,QAAQ,QAAQ,OAAO,EAAE;AAC7C,SAAK,QAAQ,KAAK,SAAS;AAC3B,SAAK,UAAU,KAAK,WAAW;EACjC;;EAIA,MAAM,SAAkC;AACtC,WAAO,KAAK,IAAI,SAAS;EAC3B;;;EAKA,MAAM,KAAK,SAA6C;AACtD,UAAM,WAAW,MAAM,KAAK;MAC1B;MACA;IACF;AACA,WAAO,SAAS;EAClB;;;;;EAMA,OAAO,WACL,SACyC;AACzC,UAAM,WAAW,MAAM,KAAK,SAAS,uBAAuB;MAC1D,QAAQ;MACR,MAAM,KAAK,UAAU,OAAO;IAC9B,CAAC;AAED,QAAI,CAAC,SAAS,IAAI;AAChB,YAAM,OAAO,MAAM,SAAS,KAAK;AACjC,YAAM,IAAI,MAAM,uBAAuB,SAAS,MAAM,MAAM,IAAI,EAAE;IACpE;AAEA,QAAI,CAAC,SAAS,KAAM,OAAM,IAAI,MAAM,iCAAiC;AAErE,UAAM,SAAS,SAAS,KAAK,UAAU;AACvC,UAAM,UAAU,IAAI,YAAY;AAChC,QAAI,SAAS;AAEb,QAAI;AACF,aAAO,MAAM;AACX,cAAM,EAAE,MAAM,MAAM,IAAI,MAAM,OAAO,KAAK;AAC1C,YAAI,KAAM;AAEV,kBAAU,QAAQ,OAAO,OAAO,EAAE,QAAQ,KAAK,CAAC;AAChD,cAAM,QAAQ,OAAO,MAAM,IAAI;AAC/B,iBAAS,MAAM,IAAI,KAAK;AAExB,mBAAW,QAAQ,OAAO;AACxB,cAAI,CAAC,KAAK,WAAW,QAAQ,EAAG;AAChC,gBAAM,OAAO,KAAK,MAAM,CAAC,EAAE,KAAK;AAChC,cAAI,SAAS,SAAU;AAEvB,cAAI;AACF,kBAAM,KAAK,MAAM,IAAI;UACvB,QAAQ;UAER;QACF;MACF;IACF,UAAA;AACE,aAAO,YAAY;IACrB;EACF;;;EAKA,MAAM,YAAgC;AACpC,UAAM,WAAW,MAAM,KAAK,IAA4B,eAAe;AACvE,WAAO,SAAS;EAClB;;EAGA,MAAM,YAAY,SAA2D;AAC3E,UAAM,WAAW,MAAM,KAAK;MAC1B;MACA;IACF;AACA,WAAO,SAAS;EAClB;;EAIA,MAAM,eAAmC;AACvC,UAAM,WAAW,MAAM,KAAK,IAA4B,kBAAkB;AAC1E,WAAO,SAAS;EAClB;;EAIA,MAAM,iBAAqC;AACzC,UAAM,WACJ,MAAM,KAAK,IAA4B,oBAAoB;AAC7D,WAAO,SAAS;EAClB;EAEA,MAAM,iBAAiB,IAA8B;AACnD,UAAM,WAAW,MAAM,KAAK;MAC1B,sBAAsB,EAAE;MACxB,CAAC;IACH;AACA,WAAO,SAAS;EAClB;EAEA,MAAM,gBAAgB,IAA8B;AAClD,UAAM,WAAW,MAAM,KAAK;MAC1B,sBAAsB,EAAE;MACxB,CAAC;IACH;AACA,WAAO,SAAS;EAClB;;;EAKA,MAAM,kBAAkB,MAII;AAC1B,UAAM,SAAS,IAAI,gBAAgB;AACnC,QAAI,MAAM,QAAS,QAAO,IAAI,WAAW,KAAK,OAAO;AACrD,QAAI,MAAM,SAAU,QAAO,IAAI,YAAY,MAAM;AACjD,QAAI,MAAM,MAAO,QAAO,IAAI,SAAS,OAAO,KAAK,KAAK,CAAC;AACvD,UAAM,KAAK,OAAO,SAAS;AAC3B,UAAM,WAAW,MAAM,KAAK;MAC1B,wBAAwB,KAAK,IAAI,EAAE,KAAK,EAAE;IAC5C;AACA,WAAO,SAAS;EAClB;;EAGA,MAAM,mBACJ,SACuB;AACvB,UAAM,WAAW,MAAM,KAAK;MAC1B;MACA;IACF;AACA,WAAO,SAAS;EAClB;;EAGA,MAAM,gBACJ,IACsE;AACtE,UAAM,WAAW,MAAM,KAAK,IAE1B,yBAAyB,EAAE,EAAE;AAC/B,WAAO,SAAS;EAClB;;EAGA,MAAM,mBACJ,IACA,SACuB;AACvB,UAAM,WAAW,MAAM,KAAK;MAC1B,yBAAyB,EAAE;MAC3B,EAAE,QAAQ,SAAS,MAAM,KAAK,UAAU,OAAO,EAAE;IACnD;AACA,WAAO,SAAS;EAClB;;EAGA,MAAM,mBAAmB,IAA2B;AAClD,UAAM,KAAK,UAAU,yBAAyB,EAAE,IAAI;MAClD,QAAQ;IACV,CAAC;EACH;;EAGA,MAAM,iBAAiB,IAAY,MAAsC;AACvE,UAAM,WAAW,MAAM,KAAK;MAC1B,yBAAyB,EAAE;MAC3B,EAAE,KAAK;IACT;AACA,WAAO,SAAS;EAClB;;EAGA,MAAM,QAAQ,IAAY,SAAwC;AAChE,UAAM,WAAW,MAAM,KAAK;MAC1B,yBAAyB,EAAE;MAC3B,EAAE,QAAQ;IACZ;AACA,WAAO,SAAS;EAClB;;EAGA,MAAM,yBAAyB,IAAgC;AAC7D,UAAM,WAAW,MAAM,KAAK;MAC1B,yBAAyB,EAAE;IAC7B;AACA,WAAO,SAAS;EAClB;;;EAKA,MAAM,iBACJ,gBACA,SACA,MACuB;AACvB,WAAO,KAAK,KAAK;MACf;MACA;MACA,SAAS,MAAM;IACjB,CAAC;EACH;;EAGA,OAAO,uBACL,gBACA,SACA,MACyC;AACzC,WAAO,KAAK,WAAW;MACrB;MACA;MACA,SAAS,MAAM;IACjB,CAAC;EACH;;EAIA,MAAc,IAAa,MAA0B;AACnD,WAAO,KAAK,UAAU,MAAM,EAAE,QAAQ,MAAM,CAAC;EAC/C;EAEA,MAAc,KAAc,MAAc,MAA2B;AACnE,WAAO,KAAK,UAAU,MAAM;MAC1B,QAAQ;MACR,MAAM,KAAK,UAAU,IAAI;IAC3B,CAAC;EACH;EAEA,MAAc,UACZ,MACA,MACY;AACZ,UAAM,WAAW,MAAM,KAAK,SAAS,MAAM,IAAI;AAC/C,UAAM,OAAO,MAAM,SAAS,KAAK;AAEjC,QAAI,CAAC,SAAS,IAAI;AAChB,UAAI,WAAW,mBAAmB,SAAS,MAAM;AACjD,UAAI;AACF,cAAM,SAAS,KAAK,MAAM,IAAI;AAC9B,YAAI,OAAO,MAAO,YAAW,OAAO;MACtC,QAAQ;AACN,mBAAW,QAAQ;MACrB;AACA,YAAM,IAAI,MAAM,QAAQ;IAC1B;AAEA,WAAO,KAAK,MAAM,IAAI;EACxB;EAEA,MAAc,SAAS,MAAc,MAAsC;AACzE,UAAM,UAAkC;MACtC,gBAAgB;IAClB;AACA,QAAI,KAAK,OAAO;AACd,cAAQ,eAAe,IAAI,UAAU,KAAK,KAAK;IACjD;AAEA,UAAM,aAAa,IAAI,gBAAgB;AACvC,UAAM,UAAU,WAAW,MAAM,WAAW,MAAM,GAAG,KAAK,OAAO;AAEjE,QAAI;AACF,aAAO,MAAM,MAAM,GAAG,KAAK,OAAO,GAAG,IAAI,IAAI;QAC3C,GAAG;QACH,SAAS,EAAE,GAAG,SAAS,GAAI,KAAK,QAAmC;QACnE,QAAQ,WAAW;MACrB,CAAC;IACH,UAAA;AACE,mBAAa,OAAO;IACtB;EACF;AACF;","names":["createDefaultMiddlewarePipeline"]}

package/dist/{dist-TS5U3BDK.js → dist-LCPM5BXN.js} RENAMED Viewed

@@ -213,7 +213,7 @@ import {
   validateToolContract,
   wrapTaskWithSafetyPreamble,
   writeStormFile
-} from "./chunk-SCGV333Z.js";
+} from "./chunk-HKRUCBMI.js";
 import {
   analyzeTrajectories,
   loadRoutingIntelligence,
@@ -227,13 +227,13 @@ import {
   trajectoryToSFTExamples
 } from "./chunk-352O4VPK.js";
 import "./chunk-ONBVQCTW.js";
-import "./chunk-RV3CJQGC.js";
+import "./chunk-2AXI2OPK.js";
 import "./chunk-TCFNCUKS.js";
 import "./chunk-5EIUWLBS.js";
 import "./chunk-WJSNOAGF.js";
 import "./chunk-VHDE7O6Y.js";
 import "./chunk-SBZAH54M.js";
-import "./chunk-NVA62I52.js";
+import "./chunk-6WGHIUWX.js";
 import "./chunk-QT7UUIL2.js";
 import "./chunk-DW32AG7H.js";
 import "./chunk-NHSYDOEK.js";
@@ -245,7 +245,7 @@ import "./chunk-AP3CWGS7.js";
 import "./chunk-N3KOFRHK.js";
 import "./chunk-RPHOZX72.js";
 import "./chunk-BX6MV3E5.js";
-import "./chunk-TLQVDPEQ.js";
+import "./chunk-DJ7WG6GZ.js";
 import "./chunk-KE4QKEOM.js";
 import "./chunk-FYJECSUZ.js";
 import "./chunk-PLDDJCW6.js";
@@ -473,4 +473,4 @@ export {
   wrapTaskWithSafetyPreamble,
   writeStormFile
 };
-//# sourceMappingURL=dist-TS5U3BDK.js.map
+//# sourceMappingURL=dist-LCPM5BXN.js.map

package/dist/{dist-VB7CXEYB.js → dist-MKAADC4H.js} RENAMED Viewed

@@ -12,17 +12,17 @@ import "./chunk-2NAD7GM6.js";
 import "./chunk-XVKUVWWU.js";
 import {
   MemoryManager
-} from "./chunk-PIT7VD46.js";
+} from "./chunk-N5V2PGPN.js";
 import "./chunk-FRRVMDNL.js";
 import "./chunk-CTEU5TQB.js";
 import "./chunk-SSCKEV6Z.js";
-import "./chunk-6G2HA63H.js";
+import "./chunk-3AYD5ONW.js";
 import "./chunk-2JGN7EGX.js";
 import "./chunk-EEKSBGRM.js";
 import "./chunk-WHP2HLMU.js";
 import "./chunk-N43GBGXI.js";
 import "./chunk-7B2QCIEV.js";
-import "./chunk-4LR7LQPG.js";
+import "./chunk-CZILJ33T.js";
 import "./chunk-NLLWNPII.js";
 import "./chunk-D7KQXJJ7.js";
 import "./chunk-DT4D3D4I.js";
@@ -34,7 +34,7 @@ import "./chunk-EHQ4RKTP.js";
 import "./chunk-5TPIVYD3.js";
 import "./chunk-J6ELXZTM.js";
 import "./chunk-XKTCRSDK.js";
-import "./chunk-Z5QQ5OGV.js";
+import "./chunk-52Q6CE4Y.js";
 import {
   createLogger
 } from "./chunk-E7XO6BH5.js";
@@ -1841,4 +1841,4 @@ export {
   runStaticAnalysis,
   runVerification
 };
-//# sourceMappingURL=dist-VB7CXEYB.js.map
+//# sourceMappingURL=dist-MKAADC4H.js.map

package/dist/{dist-MKWOTCNR.js → dist-NQQPQGZU.js} RENAMED Viewed

@@ -25,24 +25,24 @@ import {
   scorePatch,
   scoreProbe,
   verifyTypeScriptCompiles
-} from "./chunk-4PCWPRRN.js";
+} from "./chunk-WRO5TVID.js";
 import {
   exportCapabilityScores,
   getCapabilityScores,
   loadAllCapabilityScores
 } from "./chunk-JAM2AWOA.js";
-import "./chunk-PIT7VD46.js";
+import "./chunk-N5V2PGPN.js";
 import "./chunk-FRRVMDNL.js";
 import "./chunk-CTEU5TQB.js";
 import "./chunk-SSCKEV6Z.js";
-import "./chunk-6G2HA63H.js";
+import "./chunk-3AYD5ONW.js";
 import "./chunk-2JGN7EGX.js";
 import "./chunk-EEKSBGRM.js";
 import "./chunk-WHP2HLMU.js";
 import "./chunk-N43GBGXI.js";
 import "./chunk-7B2QCIEV.js";
 import "./chunk-5OQEC3FY.js";
-import "./chunk-4LR7LQPG.js";
+import "./chunk-CZILJ33T.js";
 import "./chunk-NLLWNPII.js";
 import "./chunk-D7KQXJJ7.js";
 import "./chunk-DT4D3D4I.js";
@@ -54,7 +54,7 @@ import "./chunk-EHQ4RKTP.js";
 import "./chunk-5TPIVYD3.js";
 import "./chunk-J6ELXZTM.js";
 import "./chunk-XKTCRSDK.js";
-import "./chunk-Z5QQ5OGV.js";
+import "./chunk-52Q6CE4Y.js";
 import "./chunk-E7XO6BH5.js";
 import "./chunk-SQAR52C3.js";
 import "./chunk-RBN7ACDW.js";
@@ -86,4 +86,4 @@ export {
   scoreProbe,
   verifyTypeScriptCompiles
 };
-//# sourceMappingURL=dist-MKWOTCNR.js.map
+//# sourceMappingURL=dist-NQQPQGZU.js.map

package/dist/{dist-VECPW2NV.js → dist-NTQ7LFRW.js} RENAMED Viewed

@@ -216,7 +216,7 @@ import {
   validateToolContract,
   wrapTaskWithSafetyPreamble,
   writeStormFile
-} from "./chunk-PIT7VD46.js";
+} from "./chunk-N5V2PGPN.js";
 import {
   analyzeTrajectories,
   loadRoutingIntelligence,
@@ -230,13 +230,13 @@ import {
   trajectoryToSFTExamples
 } from "./chunk-CTEU5TQB.js";
 import "./chunk-SSCKEV6Z.js";
-import "./chunk-6G2HA63H.js";
+import "./chunk-3AYD5ONW.js";
 import "./chunk-2JGN7EGX.js";
 import "./chunk-EEKSBGRM.js";
 import "./chunk-WHP2HLMU.js";
 import "./chunk-N43GBGXI.js";
 import "./chunk-7B2QCIEV.js";
-import "./chunk-4LR7LQPG.js";
+import "./chunk-CZILJ33T.js";
 import "./chunk-NLLWNPII.js";
 import "./chunk-D7KQXJJ7.js";
 import "./chunk-DT4D3D4I.js";
@@ -248,7 +248,7 @@ import "./chunk-EHQ4RKTP.js";
 import "./chunk-5TPIVYD3.js";
 import "./chunk-J6ELXZTM.js";
 import "./chunk-XKTCRSDK.js";
-import "./chunk-Z5QQ5OGV.js";
+import "./chunk-52Q6CE4Y.js";
 import "./chunk-E7XO6BH5.js";
 import "./chunk-SQAR52C3.js";
 import "./chunk-RBN7ACDW.js";
@@ -476,4 +476,4 @@ export {
   wrapTaskWithSafetyPreamble,
   writeStormFile
 };
-//# sourceMappingURL=dist-VECPW2NV.js.map
+//# sourceMappingURL=dist-NTQ7LFRW.js.map

package/dist/{dist-ESUVKHL4.js → dist-QFVAD45U.js} RENAMED Viewed

@@ -24,19 +24,19 @@ import {
   validateGateCommand,
   writeArtifact,
   writeManifest
-} from "./chunk-ZYGUHAHM.js";
-import "./chunk-PIT7VD46.js";
+} from "./chunk-Z5RDHTWQ.js";
+import "./chunk-N5V2PGPN.js";
 import "./chunk-FRRVMDNL.js";
 import "./chunk-CTEU5TQB.js";
 import "./chunk-SSCKEV6Z.js";
 import "./chunk-CTFDTJMG.js";
-import "./chunk-6G2HA63H.js";
+import "./chunk-3AYD5ONW.js";
 import "./chunk-2JGN7EGX.js";
 import "./chunk-EEKSBGRM.js";
 import "./chunk-WHP2HLMU.js";
 import "./chunk-N43GBGXI.js";
 import "./chunk-7B2QCIEV.js";
-import "./chunk-4LR7LQPG.js";
+import "./chunk-CZILJ33T.js";
 import "./chunk-NLLWNPII.js";
 import "./chunk-D7KQXJJ7.js";
 import "./chunk-DT4D3D4I.js";
@@ -48,7 +48,7 @@ import "./chunk-EHQ4RKTP.js";
 import "./chunk-5TPIVYD3.js";
 import "./chunk-J6ELXZTM.js";
 import "./chunk-XKTCRSDK.js";
-import "./chunk-Z5QQ5OGV.js";
+import "./chunk-52Q6CE4Y.js";
 import "./chunk-E7XO6BH5.js";
 import "./chunk-SQAR52C3.js";
 import "./chunk-RBN7ACDW.js";
@@ -76,4 +76,4 @@ export {
   writeArtifact,
   writeManifest
 };
-//# sourceMappingURL=dist-ESUVKHL4.js.map
+//# sourceMappingURL=dist-QFVAD45U.js.map

package/dist/{dist-7IRVYQYG.js → dist-RUBJT7FI.js} RENAMED Viewed

@@ -23,7 +23,7 @@ import {
   getDb,
   getTestDb,
   wireRoutingAudit
-} from "./chunk-Z5QQ5OGV.js";
+} from "./chunk-52Q6CE4Y.js";
 import "./chunk-E7XO6BH5.js";
 import "./chunk-SQAR52C3.js";
 import "./chunk-RBN7ACDW.js";
@@ -50,4 +50,4 @@ export {
   getTestDb,
   wireRoutingAudit
 };
-//# sourceMappingURL=dist-7IRVYQYG.js.map
+//# sourceMappingURL=dist-RUBJT7FI.js.map

package/dist/{dist-P2J4GXPC.js → dist-S7FLVLXS.js} RENAMED Viewed

@@ -20,7 +20,7 @@ import {
   getDb,
   getTestDb,
   wireRoutingAudit
-} from "./chunk-TLQVDPEQ.js";
+} from "./chunk-DJ7WG6GZ.js";
 import "./chunk-KE4QKEOM.js";
 import "./chunk-FYJECSUZ.js";
 import "./chunk-PLDDJCW6.js";
@@ -47,4 +47,4 @@ export {
   getTestDb,
   wireRoutingAudit
 };
-//# sourceMappingURL=dist-P2J4GXPC.js.map
+//# sourceMappingURL=dist-S7FLVLXS.js.map