@burtson-labs/host-kit 0.3.1

package/dist/mcpConnectors.js

@@ -0,0 +1,217 @@
+"use strict";
+/**
+ * Connector wizards — convenience helpers that turn a single user
+ * input (a token, a credential, etc.) into a fully-formed McpServerConfig
+ * for a well-known provider's official MCP server. Each wizard is a
+ * small, single-purpose function; the surfaces (CLI slash command,
+ * extension Connections panel) call into these to avoid duplicating
+ * the spawn-command shape across surfaces.
+ *
+ * Phase 3 starts with GitHub — it's the simplest viable wizard
+ * (single PAT, no OAuth callback). Slack / Google / Microsoft follow
+ * as they each ship.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.buildGitHubServerConfig = buildGitHubServerConfig;
+exports.looksLikeGitHubToken = looksLikeGitHubToken;
+exports.buildSlackServerConfig = buildSlackServerConfig;
+exports.looksLikeSlackToken = looksLikeSlackToken;
+exports.looksLikeSlackTeamId = looksLikeSlackTeamId;
+exports.buildGitLabServerConfig = buildGitLabServerConfig;
+exports.looksLikeGitLabToken = looksLikeGitLabToken;
+exports.buildGmailServerConfig = buildGmailServerConfig;
+exports.looksLikeGmailCredentialsPath = looksLikeGmailCredentialsPath;
+exports.buildCustomServerConfig = buildCustomServerConfig;
+/**
+ * Build a server config that runs `@modelcontextprotocol/server-github`
+ * via npx with the user's PAT. The token never lands in the config
+ * file's `args` (those are sometimes logged by editors); it goes into
+ * the env block which Bandit explicitly excludes from the trust
+ * fingerprint and from any UI surfaces that echo configs back.
+ *
+ * Activation defaults to "on-mention" with the standard github
+ * triggers so the GitHub server's tools only land in the prompt
+ * budget when the user actually mentions GitHub-y things.
+ */
+function buildGitHubServerConfig(token) {
+    const trimmed = token.trim();
+    if (!trimmed)
+        throw new Error('GitHub PAT is required');
+    return {
+        command: 'npx',
+        args: ['-y', '@modelcontextprotocol/server-github'],
+        env: { GITHUB_PERSONAL_ACCESS_TOKEN: trimmed },
+        activation: 'on-mention'
+    };
+}
+/**
+ * Reasonable token-shape sanity check. GitHub PATs come in three
+ * flavors: classic (`ghp_…`, ~40 chars), fine-grained (`github_pat_…`,
+ * ~93 chars), and OAuth (`gho_…`). All start with a known prefix.
+ * We're not validating against the API here — just catching the
+ * fat-finger "I pasted my SSH key" failure mode before the user
+ * gets a confusing 401 from the server.
+ */
+function looksLikeGitHubToken(token) {
+    const t = token.trim();
+    return /^(ghp_|gho_|ghs_|ghu_|github_pat_)/.test(t);
+}
+/**
+ * Build a server config that runs `@modelcontextprotocol/server-slack`
+ * via npx. Slack's MCP server requires two env vars: a Bot User OAuth
+ * Token (`xoxb-…`) and the workspace's Team ID (`T…`). We ship the
+ * wizard with `activation: 'on-mention'` so Slack tools only land in
+ * the prompt budget when the user actually mentions slack/channel/
+ * message — the standard auto-derived triggers from activation.ts.
+ */
+function buildSlackServerConfig(botToken, teamId) {
+    const tk = botToken.trim();
+    const team = teamId.trim();
+    if (!tk)
+        throw new Error('Slack bot token (xoxb-…) is required');
+    if (!team)
+        throw new Error('Slack team ID (T…) is required');
+    return {
+        command: 'npx',
+        args: ['-y', '@modelcontextprotocol/server-slack'],
+        env: { SLACK_BOT_TOKEN: tk, SLACK_TEAM_ID: team },
+        activation: 'on-mention'
+    };
+}
+/** Slack Bot User OAuth tokens always start with "xoxb-". User tokens
+ * are "xoxp-"; we deliberately accept both since the MCP server
+ * works with either, but the docs recommend bot tokens. */
+function looksLikeSlackToken(token) {
+    return /^xox[bp]-/.test(token.trim());
+}
+/** Slack workspace IDs start with "T" followed by alphanumerics. We
+ * accept any non-empty string starting with T to allow for future
+ * changes in Slack's ID format. */
+function looksLikeSlackTeamId(teamId) {
+    return /^T[A-Z0-9]+$/i.test(teamId.trim());
+}
+/**
+ * Build a server config that runs `@modelcontextprotocol/server-gitlab`
+ * via npx. Defaults to GitLab.com's API; users with self-hosted
+ * GitLab can pass the API base URL through GITLAB_API_URL.
+ */
+function buildGitLabServerConfig(token, apiUrl) {
+    const trimmed = token.trim();
+    if (!trimmed)
+        throw new Error('GitLab personal access token is required');
+    const env = {
+        GITLAB_PERSONAL_ACCESS_TOKEN: trimmed
+    };
+    const trimmedUrl = (apiUrl ?? '').trim();
+    if (trimmedUrl)
+        env.GITLAB_API_URL = trimmedUrl;
+    return {
+        command: 'npx',
+        args: ['-y', '@modelcontextprotocol/server-gitlab'],
+        env,
+        activation: 'on-mention'
+    };
+}
+/** GitLab PATs are typically 20 chars of base64-ish content with a
+ * `glpat-` prefix on newer tokens (since GitLab 14.5). We accept
+ * any non-empty string ≥ 20 chars to support older tokens too. */
+function looksLikeGitLabToken(token) {
+    const t = token.trim();
+    if (t.startsWith('glpat-'))
+        return true;
+    return t.length >= 20 && /^[A-Za-z0-9_-]+$/.test(t);
+}
+/**
+ * Build a server config that runs `@gongrzhe/server-gmail-autoauth-mcp`
+ * via npx with the user's downloaded Google Cloud OAuth credentials.
+ * the first Phase 3 Google-flavor wizard, closing the gap
+ * memo'd in the 2026-04-29 MCP roadmap (Office 365 / Google / Slack
+ * / GitHub all named as Phase 3 targets; GitHub + Slack + GitLab
+ * shipped, Google was the last hold-out).
+ *
+ * Why this server: it's the most-cited community Gmail MCP server,
+ * speaks the standard stdio MCP shape, and handles the OAuth dance
+ * (browser popup → save refresh token) automatically on first spawn.
+ * Anthropic doesn't ship a `server-gmail` from the official MCP repo,
+ * so picking a community implementation is unavoidable — gongrzhe is
+ * well-maintained as of this writing.
+ *
+ * Setup the user has to do first (we can't):
+ * 1. Create an OAuth 2.0 client in https://console.cloud.google.com/
+ * Type: Desktop app. Enable the Gmail API on the project first.
+ * 2. Download the credentials JSON (the "OAuth client" download).
+ * 3. Pass that file path to this wizard.
+ *
+ * The first Bandit turn that touches Gmail will open a browser for the
+ * Google consent screen. After that the server caches a refresh token
+ * to `~/.gmail-mcp/credentials.json` and runs unattended.
+ */
+function buildGmailServerConfig(credentialsPath) {
+    const trimmed = credentialsPath.trim();
+    if (!trimmed)
+        throw new Error('Path to Google OAuth credentials JSON is required');
+    return {
+        command: 'npx',
+        args: ['-y', '@gongrzhe/server-gmail-autoauth-mcp'],
+        env: {
+            // The gongrzhe server reads GMAIL_OAUTH_PATH if set, otherwise
+            // defaults to ~/.gmail-mcp/gcp-oauth.keys.json. Pinning the env
+            // var so the wizard doesn't depend on the user pre-creating
+            // that directory or copying the credentials there manually.
+            GMAIL_OAUTH_PATH: trimmed
+        },
+        activation: 'on-mention'
+    };
+}
+/** Light shape check: the user pointed at a path that looks like a
+ * Google OAuth credentials JSON. We don't open the file here (host-
+ * kit stays filesystem-agnostic for testability); the wizard layer
+ * does the actual fs check before calling this. */
+function looksLikeGmailCredentialsPath(p) {
+    const t = p.trim();
+    if (!t)
+        return false;
+    // Must look like a real path AND end in .json. Reject obvious garbage
+    // (URLs, single words) so users don't paste a token by mistake.
+    if (!/\.json$/i.test(t))
+        return false;
+    return t.includes('/') || t.includes('\\') || t.startsWith('~');
+}
+/**
+ * Build a fully-custom server config from raw inputs. Used by the
+ * "+ Custom" wizard tile so users can register any MCP server (Linear,
+ * Jira, Bitbucket, Sentry, Postgres, an internal one they wrote) without
+ * waiting for Bandit to ship a dedicated wizard for that provider.
+ *
+ * `envInput` accepts the standard `KEY=VALUE` shape one-per-line, the
+ * format every CLI / dotfile uses, so users can paste from a `.env`.
+ */
+function buildCustomServerConfig(params) {
+    const cmd = params.command.trim();
+    if (!cmd)
+        throw new Error('Command is required');
+    const env = {};
+    if (params.envInput) {
+        for (const rawLine of params.envInput.split(/\r?\n/)) {
+            const line = rawLine.trim();
+            if (!line || line.startsWith('#'))
+                continue;
+            const eq = line.indexOf('=');
+            if (eq <= 0)
+                continue; // require a non-empty key before =
+            const key = line.slice(0, eq).trim();
+            const value = line.slice(eq + 1).trim();
+            // Strip surrounding quotes (matches dotenv loader semantics) so
+            // copy-paste from a .env file Just Works™.
+            const unquoted = value.replace(/^["']|["']$/g, '');
+            env[key] = unquoted;
+        }
+    }
+    return {
+        command: cmd,
+        args: params.args && params.args.length > 0 ? params.args : undefined,
+        env: Object.keys(env).length > 0 ? env : undefined,
+        activation: params.activation ?? 'on-mention'
+    };
+}
+//# sourceMappingURL=mcpConnectors.js.map

package/dist/mcpConnectors.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"mcpConnectors.js","sourceRoot":"","sources":["../src/mcpConnectors.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;GAWG;;AAeH,0DASC;AAUD,oDAGC;AAUD,wDAWC;AAKD,kDAEC;AAKD,oDAEC;AAOD,0DAcC;AAKD,oDAIC;AA2BD,wDAeC;AAMD,sEAOC;AAWD,0DA6BC;AAjMD;;;;;;;;;;GAUG;AACH,SAAgB,uBAAuB,CAAC,KAAa;IACnD,MAAM,OAAO,GAAG,KAAK,CAAC,IAAI,EAAE,CAAC;IAC7B,IAAI,CAAC,OAAO;QAAE,MAAM,IAAI,KAAK,CAAC,wBAAwB,CAAC,CAAC;IACxD,OAAO;QACL,OAAO,EAAE,KAAK;QACd,IAAI,EAAE,CAAC,IAAI,EAAE,qCAAqC,CAAC;QACnD,GAAG,EAAE,EAAE,4BAA4B,EAAE,OAAO,EAAE;QAC9C,UAAU,EAAE,YAAY;KACzB,CAAC;AACJ,CAAC;AAED;;;;;;;GAOG;AACH,SAAgB,oBAAoB,CAAC,KAAa;IAChD,MAAM,CAAC,GAAG,KAAK,CAAC,IAAI,EAAE,CAAC;IACvB,OAAO,oCAAoC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AACtD,CAAC;AAED;;;;;;;GAOG;AACH,SAAgB,sBAAsB,CAAC,QAAgB,EAAE,MAAc;IACrE,MAAM,EAAE,GAAG,QAAQ,CAAC,IAAI,EAAE,CAAC;IAC3B,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,EAAE,CAAC;IAC3B,IAAI,CAAC,EAAE;QAAE,MAAM,IAAI,KAAK,CAAC,sCAAsC,CAAC,CAAC;IACjE,IAAI,CAAC,IAAI;QAAE,MAAM,IAAI,KAAK,CAAC,gCAAgC,CAAC,CAAC;IAC7D,OAAO;QACL,OAAO,EAAE,KAAK;QACd,IAAI,EAAE,CAAC,IAAI,EAAE,oCAAoC,CAAC;QAClD,GAAG,EAAE,EAAE,eAAe,EAAE,EAAE,EAAE,aAAa,EAAE,IAAI,EAAE;QACjD,UAAU,EAAE,YAAY;KACzB,CAAC;AACJ,CAAC;AAED;;2DAE2D;AAC3D,SAAgB,mBAAmB,CAAC,KAAa;IAC/C,OAAO,WAAW,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC;AACxC,CAAC;AAED;;mCAEmC;AACnC,SAAgB,oBAAoB,CAAC,MAAc;IACjD,OAAO,eAAe,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC,CAAC;AAC7C,CAAC;AAED;;;;GAIG;AACH,SAAgB,uBAAuB,CAAC,KAAa,EAAE,MAAe;IACpE,MAAM,OAAO,GAAG,KAAK,CAAC,IAAI,EAAE,CAAC;IAC7B,IAAI,CAAC,OAAO;QAAE,MAAM,IAAI,KAAK,CAAC,0CAA0C,CAAC,CAAC;IAC1E,MAAM,GAAG,GAA2B;QAClC,4BAA4B,EAAE,OAAO;KACtC,CAAC;IACF,MAAM,UAAU,GAAG,CAAC,MAAM,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;IACzC,IAAI,UAAU;QAAE,GAAG,CAAC,cAAc,GAAG,UAAU,CAAC;IAChD,OAAO;QACL,OAAO,EAAE,KAAK;QACd,IAAI,EAAE,CAAC,IAAI,EAAE,qCAAqC,CAAC;QACnD,GAAG;QACH,UAAU,EAAE,YAAY;KACzB,CAAC;AACJ,CAAC;AAED;;kEAEkE;AAClE,SAAgB,oBAAoB,CAAC,KAAa;IAChD,MAAM,CAAC,GAAG,KAAK,CAAC,IAAI,EAAE,CAAC;IACvB,IAAI,CAAC,CAAC,UAAU,CAAC,QAAQ,CAAC;QAAE,OAAO,IAAI,CAAC;IACxC,OAAO,CAAC,CAAC,MAAM,IAAI,EAAE,IAAI,kBAAkB,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AACtD,CAAC;AAED;;;;;;;;;;;;;;;;;;;;;;;;GAwBG;AACH,SAAgB,sBAAsB,CAAC,eAAuB;IAC5D,MAAM,OAAO,GAAG,eAAe,CAAC,IAAI,EAAE,CAAC;IACvC,IAAI,CAAC,OAAO;QAAE,MAAM,IAAI,KAAK,CAAC,mDAAmD,CAAC,CAAC;IACnF,OAAO;QACL,OAAO,EAAE,KAAK;QACd,IAAI,EAAE,CAAC,IAAI,EAAE,qCAAqC,CAAC;QACnD,GAAG,EAAE;YACH,+DAA+D;YAC/D,gEAAgE;YAChE,4DAA4D;YAC5D,4DAA4D;YAC5D,gBAAgB,EAAE,OAAO;SAC1B;QACD,UAAU,EAAE,YAAY;KACzB,CAAC;AACJ,CAAC;AAED;;;mDAGmD;AACnD,SAAgB,6BAA6B,CAAC,CAAS;IACrD,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,CAAC;IACnB,IAAI,CAAC,CAAC;QAAE,OAAO,KAAK,CAAC;IACrB,sEAAsE;IACtE,gEAAgE;IAChE,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC;QAAE,OAAO,KAAK,CAAC;IACtC,OAAO,CAAC,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC;AAClE,CAAC;AAED;;;;;;;;GAQG;AACH,SAAgB,uBAAuB,CAAC,MAKvC;IACC,MAAM,GAAG,GAAG,MAAM,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC;IAClC,IAAI,CAAC,GAAG;QAAE,MAAM,IAAI,KAAK,CAAC,qBAAqB,CAAC,CAAC;IACjD,MAAM,GAAG,GAA2B,EAAE,CAAC;IACvC,IAAI,MAAM,CAAC,QAAQ,EAAE,CAAC;QACpB,KAAK,MAAM,OAAO,IAAI,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAC,OAAO,CAAC,EAAE,CAAC;YACrD,MAAM,IAAI,GAAG,OAAO,CAAC,IAAI,EAAE,CAAC;YAC5B,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC;gBAAE,SAAS;YAC5C,MAAM,EAAE,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;YAC7B,IAAI,EAAE,IAAI,CAAC;gBAAE,SAAS,CAAC,mCAAmC;YAC1D,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;YACrC,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;YACxC,gEAAgE;YAChE,2CAA2C;YAC3C,MAAM,QAAQ,GAAG,KAAK,CAAC,OAAO,CAAC,cAAc,EAAE,EAAE,CAAC,CAAC;YACnD,GAAG,CAAC,GAAG,CAAC,GAAG,QAAQ,CAAC;QACtB,CAAC;IACH,CAAC;IACD,OAAO;QACL,OAAO,EAAE,GAAG;QACZ,IAAI,EAAE,MAAM,CAAC,IAAI,IAAI,MAAM,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS;QACrE,GAAG,EAAE,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,SAAS;QAClD,UAAU,EAAE,MAAM,CAAC,UAAU,IAAI,YAAY;KAC9C,CAAC;AACJ,CAAC"}

package/dist/mcpToolCache.d.ts

@@ -0,0 +1,43 @@
+/**
+ * MCP tool-list cache — persists each server's discovered tool list
+ * keyed by config fingerprint so subsequent Bandit sessions don't have
+ * to spawn the server just to enumerate. The agent's per-turn registry
+ * build calls `discoverTools` for every registered server; when the
+ * cache primes the pool's in-memory copy, that call returns instantly
+ * without touching the child process — which is what fires the trust
+ * gate even on prompts that never use any MCP tool.
+ *
+ * Stored at `~/.bandit/mcp-tool-cache.json`. The file is non-sensitive
+ * (just tool metadata), so it's written with normal permissions —
+ * unlike `mcp-trust.json` which carries a security decision and lives
+ * at 0600. If the cache file is missing, corrupted, or stale (config
+ * fingerprint no longer matches), the pool falls back to a live spawn
+ * + listTools — same path as a fresh install. No correctness risk.
+ */
+import type { McpRemoteToolDef } from '@burtson-labs/agent-core';
+/**
+ * Load every cached tool list as a Map keyed by fingerprint. Callers
+ * iterate registered servers and prime the pool when a fingerprint
+ * match exists. Missing-file / malformed-file paths return an empty
+ * map silently — Bandit must boot even when the cache is broken.
+ */
+export declare function loadMcpToolCache(): Promise<Map<string, McpRemoteToolDef[]>>;
+/**
+ * Persist one server's tool list. Replaces the entry that shares the
+ * same fingerprint; never grows unbounded because fingerprint changes
+ * map to fresh entries and the old fingerprint's entry is dropped
+ * (covered by `pruneStale` when the host knows the current fingerprints).
+ *
+ * Failures are swallowed so a write-permission issue on `~/.bandit/`
+ * doesn't crash the turn — the pool will just re-discover next session.
+ */
+export declare function saveMcpToolEntry(name: string, fingerprint: string, tools: McpRemoteToolDef[]): Promise<void>;
+/**
+ * Drop cache entries whose fingerprints aren't in the currently-active
+ * set. Called on boot after the pool registers every server so stale
+ * entries from removed or reconfigured servers don't accumulate.
+ */
+export declare function pruneMcpToolCache(activeFingerprints: Set<string>): Promise<void>;
+/** Path to the cache file — exposed for /mcp tools-cache commands. */
+export declare function mcpToolCachePath(): string;
+//# sourceMappingURL=mcpToolCache.d.ts.map

package/dist/mcpToolCache.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"mcpToolCache.d.ts","sourceRoot":"","sources":["../src/mcpToolCache.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;AAKH,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,0BAA0B,CAAC;AA2DjE;;;;;GAKG;AACH,wBAAsB,gBAAgB,IAAI,OAAO,CAAC,GAAG,CAAC,MAAM,EAAE,gBAAgB,EAAE,CAAC,CAAC,CAOjF;AAED;;;;;;;;GAQG;AACH,wBAAsB,gBAAgB,CACpC,IAAI,EAAE,MAAM,EACZ,WAAW,EAAE,MAAM,EACnB,KAAK,EAAE,gBAAgB,EAAE,GACxB,OAAO,CAAC,IAAI,CAAC,CASf;AAED;;;;GAIG;AACH,wBAAsB,iBAAiB,CAAC,kBAAkB,EAAE,GAAG,CAAC,MAAM,CAAC,GAAG,OAAO,CAAC,IAAI,CAAC,CAStF;AAED,sEAAsE;AACtE,wBAAgB,gBAAgB,IAAI,MAAM,CAEzC"}

package/dist/mcpToolCache.js

@@ -0,0 +1,150 @@
+"use strict";
+/**
+ * MCP tool-list cache — persists each server's discovered tool list
+ * keyed by config fingerprint so subsequent Bandit sessions don't have
+ * to spawn the server just to enumerate. The agent's per-turn registry
+ * build calls `discoverTools` for every registered server; when the
+ * cache primes the pool's in-memory copy, that call returns instantly
+ * without touching the child process — which is what fires the trust
+ * gate even on prompts that never use any MCP tool.
+ *
+ * Stored at `~/.bandit/mcp-tool-cache.json`. The file is non-sensitive
+ * (just tool metadata), so it's written with normal permissions —
+ * unlike `mcp-trust.json` which carries a security decision and lives
+ * at 0600. If the cache file is missing, corrupted, or stale (config
+ * fingerprint no longer matches), the pool falls back to a live spawn
+ * + listTools — same path as a fresh install. No correctness risk.
+ */
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.loadMcpToolCache = loadMcpToolCache;
+exports.saveMcpToolEntry = saveMcpToolEntry;
+exports.pruneMcpToolCache = pruneMcpToolCache;
+exports.mcpToolCachePath = mcpToolCachePath;
+const fs = __importStar(require("fs"));
+const os = __importStar(require("os"));
+const path = __importStar(require("path"));
+/**
+ * Resolved per-call rather than cached at module load so tests that
+ * mutate `process.env.HOME` actually hit the tmp directory they set
+ * up — and so a long-running host that's had HOME re-pointed for any
+ * reason doesn't go on writing to a stale path.
+ */
+function cacheFilePath() {
+    return path.join(os.homedir(), '.bandit', 'mcp-tool-cache.json');
+}
+async function readCacheFile() {
+    try {
+        const raw = await fs.promises.readFile(cacheFilePath(), 'utf-8');
+        const parsed = JSON.parse(raw);
+        if (parsed.version === 1 && Array.isArray(parsed.entries)) {
+            return {
+                version: 1,
+                entries: parsed.entries.filter((e) => typeof e === 'object' && e !== null &&
+                    typeof e.fingerprint === 'string' &&
+                    Array.isArray(e.tools))
+            };
+        }
+    }
+    catch {
+        // Missing or malformed — return empty. The pool will re-spawn on
+        // first discoverTools and we'll repopulate from there.
+    }
+    return { version: 1, entries: [] };
+}
+async function writeCacheFile(file) {
+    const dir = path.dirname(cacheFilePath());
+    try {
+        await fs.promises.mkdir(dir, { recursive: true });
+    }
+    catch { /* exists */ }
+    await fs.promises.writeFile(cacheFilePath(), JSON.stringify(file, null, 2), 'utf-8');
+}
+/**
+ * Load every cached tool list as a Map keyed by fingerprint. Callers
+ * iterate registered servers and prime the pool when a fingerprint
+ * match exists. Missing-file / malformed-file paths return an empty
+ * map silently — Bandit must boot even when the cache is broken.
+ */
+async function loadMcpToolCache() {
+    const file = await readCacheFile();
+    const map = new Map();
+    for (const entry of file.entries) {
+        map.set(entry.fingerprint, entry.tools);
+    }
+    return map;
+}
+/**
+ * Persist one server's tool list. Replaces the entry that shares the
+ * same fingerprint; never grows unbounded because fingerprint changes
+ * map to fresh entries and the old fingerprint's entry is dropped
+ * (covered by `pruneStale` when the host knows the current fingerprints).
+ *
+ * Failures are swallowed so a write-permission issue on `~/.bandit/`
+ * doesn't crash the turn — the pool will just re-discover next session.
+ */
+async function saveMcpToolEntry(name, fingerprint, tools) {
+    try {
+        const file = await readCacheFile();
+        const next = file.entries.filter((e) => e.fingerprint !== fingerprint);
+        next.push({ name, fingerprint, tools, updatedAt: new Date().toISOString() });
+        await writeCacheFile({ version: 1, entries: next });
+    }
+    catch {
+        // Best-effort cache — agent loop continues regardless.
+    }
+}
+/**
+ * Drop cache entries whose fingerprints aren't in the currently-active
+ * set. Called on boot after the pool registers every server so stale
+ * entries from removed or reconfigured servers don't accumulate.
+ */
+async function pruneMcpToolCache(activeFingerprints) {
+    try {
+        const file = await readCacheFile();
+        const kept = file.entries.filter((e) => activeFingerprints.has(e.fingerprint));
+        if (kept.length === file.entries.length)
+            return;
+        await writeCacheFile({ version: 1, entries: kept });
+    }
+    catch {
+        // Best-effort cleanup.
+    }
+}
+/** Path to the cache file — exposed for /mcp tools-cache commands. */
+function mcpToolCachePath() {
+    return cacheFilePath();
+}
+//# sourceMappingURL=mcpToolCache.js.map

package/dist/mcpToolCache.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"mcpToolCache.js","sourceRoot":"","sources":["../src/mcpToolCache.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;;GAeG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAsEH,4CAOC;AAWD,4CAaC;AAOD,8CASC;AAGD,4CAEC;AAxHD,uCAAyB;AACzB,uCAAyB;AACzB,2CAA6B;AAG7B;;;;;GAKG;AACH,SAAS,aAAa;IACpB,OAAO,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,EAAE,SAAS,EAAE,qBAAqB,CAAC,CAAC;AACnE,CAAC;AAqBD,KAAK,UAAU,aAAa;IAC1B,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,MAAM,EAAE,CAAC,QAAQ,CAAC,QAAQ,CAAC,aAAa,EAAE,EAAE,OAAO,CAAC,CAAC;QACjE,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAuB,CAAC;QACrD,IAAI,MAAM,CAAC,OAAO,KAAK,CAAC,IAAI,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,OAAO,CAAC,EAAE,CAAC;YAC1D,OAAO;gBACL,OAAO,EAAE,CAAC;gBACV,OAAO,EAAE,MAAM,CAAC,OAAO,CAAC,MAAM,CAC5B,CAAC,CAAC,EAAmB,EAAE,CACrB,OAAO,CAAC,KAAK,QAAQ,IAAI,CAAC,KAAK,IAAI;oBACnC,OAAQ,CAAgB,CAAC,WAAW,KAAK,QAAQ;oBACjD,KAAK,CAAC,OAAO,CAAE,CAAgB,CAAC,KAAK,CAAC,CACzC;aACF,CAAC;QACJ,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,iEAAiE;QACjE,uDAAuD;IACzD,CAAC;IACD,OAAO,EAAE,OAAO,EAAE,CAAC,EAAE,OAAO,EAAE,EAAE,EAAE,CAAC;AACrC,CAAC;AAED,KAAK,UAAU,cAAc,CAAC,IAAe;IAC3C,MAAM,GAAG,GAAG,IAAI,CAAC,OAAO,CAAC,aAAa,EAAE,CAAC,CAAC;IAC1C,IAAI,CAAC;QAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,KAAK,CAAC,GAAG,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IAAC,CAAC;IAAC,MAAM,CAAC,CAAC,YAAY,CAAC,CAAC;IACjF,MAAM,EAAE,CAAC,QAAQ,CAAC,SAAS,CAAC,aAAa,EAAE,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,OAAO,CAAC,CAAC;AACvF,CAAC;AAED;;;;;GAKG;AACI,KAAK,UAAU,gBAAgB;IACpC,MAAM,IAAI,GAAG,MAAM,aAAa,EAAE,CAAC;IACnC,MAAM,GAAG,GAAG,IAAI,GAAG,EAA8B,CAAC;IAClD,KAAK,MAAM,KAAK,IAAI,IAAI,CAAC,OAAO,EAAE,CAAC;QACjC,GAAG,CAAC,GAAG,CAAC,KAAK,CAAC,WAAW,EAAE,KAAK,CAAC,KAAK,CAAC,CAAC;IAC1C,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AAED;;;;;;;;GAQG;AACI,KAAK,UAAU,gBAAgB,CACpC,IAAY,EACZ,WAAmB,EACnB,KAAyB;IAEzB,IAAI,CAAC;QACH,MAAM,IAAI,GAAG,MAAM,aAAa,EAAE,CAAC;QACnC,MAAM,IAAI,GAAG,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,WAAW,KAAK,WAAW,CAAC,CAAC;QACvE,IAAI,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,WAAW,EAAE,KAAK,EAAE,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,EAAE,CAAC,CAAC;QAC7E,MAAM,cAAc,CAAC,EAAE,OAAO,EAAE,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC;IACtD,CAAC;IAAC,MAAM,CAAC;QACP,uDAAuD;IACzD,CAAC;AACH,CAAC;AAED;;;;GAIG;AACI,KAAK,UAAU,iBAAiB,CAAC,kBAA+B;IACrE,IAAI,CAAC;QACH,MAAM,IAAI,GAAG,MAAM,aAAa,EAAE,CAAC;QACnC,MAAM,IAAI,GAAG,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,kBAAkB,CAAC,GAAG,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC;QAC/E,IAAI,IAAI,CAAC,MAAM,KAAK,IAAI,CAAC,OAAO,CAAC,MAAM;YAAE,OAAO;QAChD,MAAM,cAAc,CAAC,EAAE,OAAO,EAAE,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC;IACtD,CAAC;IAAC,MAAM,CAAC;QACP,uBAAuB;IACzB,CAAC;AACH,CAAC;AAED,sEAAsE;AACtE,SAAgB,gBAAgB;IAC9B,OAAO,aAAa,EAAE,CAAC;AACzB,CAAC"}

package/dist/mcpTrust.d.ts

@@ -0,0 +1,22 @@
+/**
+ * MCP trust store — remembers which server-config fingerprints the user
+ * has approved across Bandit sessions. Spawning an MCP server is a
+ * code-execution boundary; the first time we encounter a config we
+ * haven't seen, the host asks the user. The answer (allow once / allow
+ * always / deny) is the host's responsibility to surface; this module
+ * is the persistence layer for "allow always".
+ *
+ * Stored at `~/.bandit/mcp-trust.json` as a flat array of fingerprints
+ * — file is written 0600 since it represents a security decision the
+ * user shouldn't have casually edited by another process.
+ */
+/** Read the set of fingerprints the user has previously approved. */
+export declare function loadApprovedMcpFingerprints(): Promise<Set<string>>;
+/** Persist a fingerprint as "always allowed". Idempotent — duplicates are dropped. */
+export declare function approveMcpFingerprint(fingerprint: string): Promise<void>;
+/** Remove a fingerprint from the approved list (used by a future revoke flow). */
+export declare function revokeMcpFingerprint(fingerprint: string): Promise<void>;
+/** Path to the trust file — exposed so error messages and CLI helpers
+ *  can echo the location for the user. */
+export declare function mcpTrustPath(): string;
+//# sourceMappingURL=mcpTrust.d.ts.map

package/dist/mcpTrust.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"mcpTrust.d.ts","sourceRoot":"","sources":["../src/mcpTrust.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAsCH,qEAAqE;AACrE,wBAAsB,2BAA2B,IAAI,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,CAGxE;AAED,sFAAsF;AACtF,wBAAsB,qBAAqB,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAM9E;AAED,kFAAkF;AAClF,wBAAsB,oBAAoB,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAM7E;AAED;0CAC0C;AAC1C,wBAAgB,YAAY,IAAI,MAAM,CAErC"}

package/dist/mcpTrust.js

@@ -0,0 +1,104 @@
+"use strict";
+/**
+ * MCP trust store — remembers which server-config fingerprints the user
+ * has approved across Bandit sessions. Spawning an MCP server is a
+ * code-execution boundary; the first time we encounter a config we
+ * haven't seen, the host asks the user. The answer (allow once / allow
+ * always / deny) is the host's responsibility to surface; this module
+ * is the persistence layer for "allow always".
+ *
+ * Stored at `~/.bandit/mcp-trust.json` as a flat array of fingerprints
+ * — file is written 0600 since it represents a security decision the
+ * user shouldn't have casually edited by another process.
+ */
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.loadApprovedMcpFingerprints = loadApprovedMcpFingerprints;
+exports.approveMcpFingerprint = approveMcpFingerprint;
+exports.revokeMcpFingerprint = revokeMcpFingerprint;
+exports.mcpTrustPath = mcpTrustPath;
+const fs = __importStar(require("fs"));
+const os = __importStar(require("os"));
+const path = __importStar(require("path"));
+const TRUST_FILE = path.join(os.homedir(), '.bandit', 'mcp-trust.json');
+async function readTrustFile() {
+    try {
+        const raw = await fs.promises.readFile(TRUST_FILE, 'utf-8');
+        const parsed = JSON.parse(raw);
+        if (Array.isArray(parsed.approved)) {
+            return { approved: parsed.approved.filter((s) => typeof s === 'string') };
+        }
+    }
+    catch {
+        // Missing or malformed — return empty. Trust is opt-in; absence
+        // of the file means no fingerprints have been approved yet.
+    }
+    return { approved: [] };
+}
+async function writeTrustFile(file) {
+    const dir = path.dirname(TRUST_FILE);
+    try {
+        await fs.promises.mkdir(dir, { recursive: true });
+    }
+    catch { /* exists */ }
+    await fs.promises.writeFile(TRUST_FILE, JSON.stringify(file, null, 2), { encoding: 'utf-8', mode: 0o600 });
+}
+/** Read the set of fingerprints the user has previously approved. */
+async function loadApprovedMcpFingerprints() {
+    const file = await readTrustFile();
+    return new Set(file.approved);
+}
+/** Persist a fingerprint as "always allowed". Idempotent — duplicates are dropped. */
+async function approveMcpFingerprint(fingerprint) {
+    const file = await readTrustFile();
+    if (!file.approved.includes(fingerprint)) {
+        file.approved.push(fingerprint);
+        await writeTrustFile(file);
+    }
+}
+/** Remove a fingerprint from the approved list (used by a future revoke flow). */
+async function revokeMcpFingerprint(fingerprint) {
+    const file = await readTrustFile();
+    const next = file.approved.filter((f) => f !== fingerprint);
+    if (next.length !== file.approved.length) {
+        await writeTrustFile({ approved: next });
+    }
+}
+/** Path to the trust file — exposed so error messages and CLI helpers
+ *  can echo the location for the user. */
+function mcpTrustPath() {
+    return TRUST_FILE;
+}
+//# sourceMappingURL=mcpTrust.js.map

package/dist/mcpTrust.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"mcpTrust.js","sourceRoot":"","sources":["../src/mcpTrust.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;GAWG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAuCH,kEAGC;AAGD,sDAMC;AAGD,oDAMC;AAID,oCAEC;AAhED,uCAAyB;AACzB,uCAAyB;AACzB,2CAA6B;AAE7B,MAAM,UAAU,GAAG,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,EAAE,SAAS,EAAE,gBAAgB,CAAC,CAAC;AAQxE,KAAK,UAAU,aAAa;IAC1B,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,MAAM,EAAE,CAAC,QAAQ,CAAC,QAAQ,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC;QAC5D,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAuB,CAAC;QACrD,IAAI,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,EAAE,CAAC;YACnC,OAAO,EAAE,QAAQ,EAAE,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,OAAO,CAAC,KAAK,QAAQ,CAAC,EAAE,CAAC;QAC5E,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,gEAAgE;QAChE,4DAA4D;IAC9D,CAAC;IACD,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,CAAC;AAC1B,CAAC;AAED,KAAK,UAAU,cAAc,CAAC,IAAe;IAC3C,MAAM,GAAG,GAAG,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;IACrC,IAAI,CAAC;QAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,KAAK,CAAC,GAAG,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IAAC,CAAC;IAAC,MAAM,CAAC,CAAC,YAAY,CAAC,CAAC;IACjF,MAAM,EAAE,CAAC,QAAQ,CAAC,SAAS,CACzB,UAAU,EACV,IAAI,CAAC,SAAS,CAAC,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC,EAC7B,EAAE,QAAQ,EAAE,OAAO,EAAE,IAAI,EAAE,KAAK,EAAE,CACnC,CAAC;AACJ,CAAC;AAED,qEAAqE;AAC9D,KAAK,UAAU,2BAA2B;IAC/C,MAAM,IAAI,GAAG,MAAM,aAAa,EAAE,CAAC;IACnC,OAAO,IAAI,GAAG,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;AAChC,CAAC;AAED,sFAAsF;AAC/E,KAAK,UAAU,qBAAqB,CAAC,WAAmB;IAC7D,MAAM,IAAI,GAAG,MAAM,aAAa,EAAE,CAAC;IACnC,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,WAAW,CAAC,EAAE,CAAC;QACzC,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;QAChC,MAAM,cAAc,CAAC,IAAI,CAAC,CAAC;IAC7B,CAAC;AACH,CAAC;AAED,kFAAkF;AAC3E,KAAK,UAAU,oBAAoB,CAAC,WAAmB;IAC5D,MAAM,IAAI,GAAG,MAAM,aAAa,EAAE,CAAC;IACnC,MAAM,IAAI,GAAG,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,KAAK,WAAW,CAAC,CAAC;IAC5D,IAAI,IAAI,CAAC,MAAM,KAAK,IAAI,CAAC,QAAQ,CAAC,MAAM,EAAE,CAAC;QACzC,MAAM,cAAc,CAAC,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAC;IAC3C,CAAC;AACH,CAAC;AAED;0CAC0C;AAC1C,SAAgB,YAAY;IAC1B,OAAO,UAAU,CAAC;AACpB,CAAC"}

package/dist/memory.d.ts

@@ -0,0 +1,38 @@
+/**
+ * Memory — auto-load workspace-local context files (BANDIT.md / CLAUDE.md)
+ * and inline them into the system prompt so the agent follows project rules
+ * without being re-told on every turn.
+ */
+import { type MemoryWarnFn } from './memoryIndex';
+export interface MemoryBundle {
+    /** Combined text ready for injection. Empty string if nothing found. */
+    content: string;
+    sources: string[];
+}
+/**
+ * loadMemory + MEMORY.md index, fused into a single bundle the host can
+ * inject as the system-prompt memory block. Always-loaded files come
+ * first; the index follows under its own source marker so the model
+ * knows which entries are full content vs. on-demand topic pointers.
+ *
+ * Returns sources from BOTH passes when present — callers use this for
+ * the `/memory` slash command and boot-status output.
+ */
+export declare function loadCombinedMemory(cwd: string, warn?: MemoryWarnFn): Promise<MemoryBundle>;
+export declare function loadMemory(cwd: string): Promise<MemoryBundle>;
+/**
+ * Append a single fact to project memory so it survives across sessions.
+ *
+ * Persists to `BANDIT.md` at the workspace root (creates the file with a
+ * minimal frontmatter-free header when it doesn't exist). Bullets are
+ * appended under a `## Notes` heading so multiple `/remember` calls
+ * accumulate without scattering. CLAUDE.md-only repos still get found
+ * by loadMemory, but new facts always land in BANDIT.md to keep one
+ * canonical write target.
+ *
+ * Returns the absolute path written so the caller can echo it back to
+ * the user — visibility matters because the user typed "remember X"
+ * and needs to see WHERE the fact landed.
+ */
+export declare function appendMemory(cwd: string, fact: string): Promise<string>;
+//# sourceMappingURL=memory.d.ts.map

package/dist/memory.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"memory.d.ts","sourceRoot":"","sources":["../src/memory.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAIH,OAAO,EAIL,KAAK,YAAY,EAClB,MAAM,eAAe,CAAC;AAWvB,MAAM,WAAW,YAAY;IAC3B,wEAAwE;IACxE,OAAO,EAAE,MAAM,CAAC;IAChB,OAAO,EAAE,MAAM,EAAE,CAAC;CACnB;AAED;;;;;;;;GAQG;AACH,wBAAsB,kBAAkB,CAAC,GAAG,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,YAAY,GAAG,OAAO,CAAC,YAAY,CAAC,CAUhG;AAED,wBAAsB,UAAU,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,YAAY,CAAC,CAsBnE;AAED;;;;;;;;;;;;;GAaG;AACH,wBAAsB,YAAY,CAAC,GAAG,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAkC7E"}