@cat-factory/local-server 0.6.0 → 0.7.3

package/dist/server.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"server.d.ts","sourceRoot":"","sources":["../src/server.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,EAAE,MAAM,0BAA0B,CAAA;AAahD,wBAAsB,UAAU,CAC9B,OAAO,GAAE;IAAE,GAAG,CAAC,EAAE,MAAM,CAAC,UAAU,CAAA;CAAO,GACxC,OAAO,CAAC,OAAO,CAAC,UAAU,CAAC,OAAO,KAAK,CAAC,CAAC,CAAC,CA8C5C"}
+{"version":3,"file":"server.d.ts","sourceRoot":"","sources":["../src/server.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,KAAK,EAAE,MAAM,0BAA0B,CAAA;AAChD,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,qBAAqB,CAAA;AAyB9D,wBAAsB,UAAU,CAC9B,OAAO,GAAE;IACP,GAAG,CAAC,EAAE,MAAM,CAAC,UAAU,CAAA;IACvB,mBAAmB,CAAC,EAAE,mBAAmB,CAAA;IACzC,IAAI,CAAC,EAAE,MAAM,CAAA;CACT,GACL,OAAO,CAAC,OAAO,CAAC,UAAU,CAAC,OAAO,KAAK,CAAC,CAAC,CAAC,CAwD5C"}

package/dist/server.js

@@ -1,23 +1,46 @@
+import { execFile } from 'node:child_process';
+import { promisify } from 'node:util';
 import { start } from '@cat-factory/node-server';
 import { logger } from '@cat-factory/server';
 import { applyLocalDefaults } from './config.js';
 import { buildLocalContainer } from './container.js';
 import { githubPatCreationUrl } from './github.js';
-import { createLocalDockerTransportFromEnv } from './LocalDockerRunnerTransport.js';
+import { createLocalContainerTransportFromEnv } from './LocalContainerRunnerTransport.js';
+import { createRuntimeAdapter, resolveRuntimeId } from './runtimes/index.js';
+const execFileAsync = promisify(execFile);
 // Boot the local-mode service. It reuses the Node facade's `start()` — Postgres +
 // pg-boss + the execution worker + sweepers, served over @hono/node-server — passing
-// the local composition root so agent jobs run in local Docker containers and GitHub
-// is reached via a PAT. Requires DATABASE_URL (point it at the local Postgres); set
-// LOCAL_HARNESS_IMAGE to run repo-operating agent jobs (without it the board still
-// serves and only container kinds fail, loudly).
+// the local composition root so agent jobs run in local containers (Docker/Podman/
+// OrbStack/Colima/Apple `container`) and GitHub is reached via a PAT. Requires
+// DATABASE_URL (point it at the local Postgres); set LOCAL_HARNESS_IMAGE to run
+// repo-operating agent jobs (without it the board still serves and only container
+// kinds fail, loudly).
+//
+// `environmentProvider` injects a NATIVE ephemeral-environment adapter (e.g. Kargo)
+// in place of the generic HttpEnvironmentProvider — this is the supported seam for a
+// local deployment to wire its own provider while keeping local mode's preflight
+// (orphan reaping, PAT/auth warnings) and differentiators (local container transport,
+// PAT-backed GitHub client). It threads straight through to `buildNodeContainer`'s
+// `environmentProvider` option. `buildContainer` is intentionally NOT exposed: overriding
+// it would discard local mode's differentiators.
 export async function startLocal(options = {}) {
     const env = options.env ?? process.env;
-    // Best-effort: reap per-job containers a previous run orphaned (a crash or hard kill
-    // can leave exited `cat-factory.managed=local-docker` containers behind, since their
-    // `release()` never ran). Skipped when no image is configured (nothing to reap).
-    if (env.LOCAL_HARNESS_IMAGE?.trim()) {
+    // The auth gate defaults OPEN in local mode and the listener binds to all interfaces
+    // (so on native Linux Docker the agent containers can reach the LLM proxy via the
+    // bridge gateway). That combination means anyone on your network can reach the API —
+    // surface it so it is a choice, not a surprise. Lock it down with AUTH_DEV_OPEN=false,
+    // or HOST=127.0.0.1 on Docker Desktop (where host.docker.internal still resolves).
+    const localized = applyLocalDefaults(env);
+    // Container-runtime preflight: log the selected runtime + its capabilities + the host
+    // alias the harness will use to reach this service, and probe that the CLI is present.
+    // A misconfigured runtime then fails loud at boot rather than on the first dispatch.
+    await preflightRuntime(localized);
+    // Best-effort: reap per-run containers a previous run orphaned (a crash or hard kill
+    // can leave exited managed containers behind, since their `release()` never ran).
+    // Skipped when no image is configured (nothing to reap).
+    if (localized.LOCAL_HARNESS_IMAGE?.trim()) {
         try {
-            const reaped = await createLocalDockerTransportFromEnv(env).reapExited();
+            const reaped = await createLocalContainerTransportFromEnv(localized).reapExited();
             if (reaped > 0)
                 logger.info({ reaped }, 'reaped orphaned local job containers');
         }
@@ -25,12 +48,6 @@ export async function startLocal(options = {}) {
             logger.warn({ err: err instanceof Error ? err.message : String(err) }, 'could not reap orphaned local job containers');
         }
     }
-    // The auth gate defaults OPEN in local mode and the listener binds to all interfaces
-    // (so on native Linux Docker the agent containers can reach the LLM proxy via the
-    // bridge gateway). That combination means anyone on your network can reach the API —
-    // surface it so it is a choice, not a surprise. Lock it down with AUTH_DEV_OPEN=false,
-    // or HOST=127.0.0.1 on Docker Desktop (where host.docker.internal still resolves).
-    const localized = applyLocalDefaults(env);
     // GitHub is reached via a PAT in local mode (there is no GitHub-App connect flow). Without
     // one the board still serves, but every repo-operating agent step — clone, push, open PR,
     // the CI gate, the real merge — fails. Surface it at boot with a click-through URL that
@@ -45,6 +62,39 @@ export async function startLocal(options = {}) {
             'on your network can reach the API. Set AUTH_DEV_OPEN=false, or HOST=127.0.0.1 on ' +
             'Docker Desktop, to restrict it.');
     }
-    return start({ env, buildContainer: buildLocalContainer });
+    return start({
+        env,
+        host: options.host,
+        buildContainer: (o) => buildLocalContainer({ ...o, environmentProvider: options.environmentProvider }),
+    });
+}
+/**
+ * Log the resolved container runtime + capabilities + networking, and probe that its CLI
+ * is installed. Non-fatal: the board still boots if the binary is missing (only
+ * container-backed agent kinds then fail), mirroring how a missing image is handled.
+ */
+async function preflightRuntime(localized) {
+    const adapter = createRuntimeAdapter(localized);
+    logger.info({
+        runtime: resolveRuntimeId(localized),
+        binary: adapter.binary,
+        localDind: adapter.capabilities.localDind,
+        hostAlias: adapter.hostAlias,
+        publicUrl: localized.PUBLIC_URL,
+    }, 'local mode: container runtime selected');
+    if (!adapter.capabilities.localDind) {
+        logger.info(`local mode: the '${resolveRuntimeId(localized)}' runtime cannot run the Tester's local ` +
+            `docker-compose infra (no Docker-in-Docker). Tasks must use the ephemeral test ` +
+            `environment (with an environment provider configured) or a 'No infra dependencies' ` +
+            `service; a local-infra Tester run is refused at start.`);
+    }
+    try {
+        await execFileAsync(adapter.binary, ['--version'], { timeout: 10_000 });
+    }
+    catch (err) {
+        logger.warn({ err: err instanceof Error ? err.message : String(err), binary: adapter.binary }, `local mode: container CLI '${adapter.binary}' is not runnable — repo-operating agent ` +
+            `steps will fail until it is installed and on PATH (or set LOCAL_DOCKER_BINARY / ` +
+            `LOCAL_CONTAINER_RUNTIME).`);
+    }
 }
 //# sourceMappingURL=server.js.map

package/dist/server.js.map

@@ -1 +1 @@
-{"version":3,"file":"server.js","sourceRoot":"","sources":["../src/server.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,EAAE,MAAM,0BAA0B,CAAA;AAChD,OAAO,EAAE,MAAM,EAAE,MAAM,qBAAqB,CAAA;AAC5C,OAAO,EAAE,kBAAkB,EAAE,MAAM,aAAa,CAAA;AAChD,OAAO,EAAE,mBAAmB,EAAE,MAAM,gBAAgB,CAAA;AACpD,OAAO,EAAE,oBAAoB,EAAE,MAAM,aAAa,CAAA;AAClD,OAAO,EAAE,iCAAiC,EAAE,MAAM,iCAAiC,CAAA;AAEnF,kFAAkF;AAClF,qFAAqF;AACrF,qFAAqF;AACrF,oFAAoF;AACpF,mFAAmF;AACnF,iDAAiD;AACjD,MAAM,CAAC,KAAK,UAAU,UAAU,CAC9B,OAAO,GAAgC,EAAE;IAEzC,MAAM,GAAG,GAAG,OAAO,CAAC,GAAG,IAAI,OAAO,CAAC,GAAG,CAAA;IAEtC,qFAAqF;IACrF,qFAAqF;IACrF,iFAAiF;IACjF,IAAI,GAAG,CAAC,mBAAmB,EAAE,IAAI,EAAE,EAAE,CAAC;QACpC,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,MAAM,iCAAiC,CAAC,GAAG,CAAC,CAAC,UAAU,EAAE,CAAA;YACxE,IAAI,MAAM,GAAG,CAAC;gBAAE,MAAM,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,EAAE,sCAAsC,CAAC,CAAA;QACjF,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,CAAC,IAAI,CACT,EAAE,GAAG,EAAE,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,EACzD,8CAA8C,CAC/C,CAAA;QACH,CAAC;IACH,CAAC;IAED,qFAAqF;IACrF,kFAAkF;IAClF,qFAAqF;IACrF,uFAAuF;IACvF,mFAAmF;IACnF,MAAM,SAAS,GAAG,kBAAkB,CAAC,GAAG,CAAC,CAAA;IAEzC,2FAA2F;IAC3F,0FAA0F;IAC1F,wFAAwF;IACxF,kFAAkF;IAClF,IAAI,CAAC,SAAS,CAAC,UAAU,EAAE,IAAI,EAAE,EAAE,CAAC;QAClC,MAAM,CAAC,IAAI,CACT,sFAAsF;YACpF,kEAAkE,oBAAoB,EAAE,GAAG;YAC3F,kCAAkC,CACrC,CAAA;IACH,CAAC;IAED,IAAI,SAAS,CAAC,aAAa,KAAK,OAAO,IAAI,CAAC,GAAG,CAAC,IAAI,EAAE,IAAI,EAAE,EAAE,CAAC;QAC7D,MAAM,CAAC,IAAI,CACT,oFAAoF;YAClF,mFAAmF;YACnF,iCAAiC,CACpC,CAAA;IACH,CAAC;IAED,OAAO,KAAK,CAAC,EAAE,GAAG,EAAE,cAAc,EAAE,mBAAmB,EAAE,CAAC,CAAA;AAC5D,CAAC"}
+{"version":3,"file":"server.js","sourceRoot":"","sources":["../src/server.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,oBAAoB,CAAA;AAC7C,OAAO,EAAE,SAAS,EAAE,MAAM,WAAW,CAAA;AACrC,OAAO,EAAE,KAAK,EAAE,MAAM,0BAA0B,CAAA;AAEhD,OAAO,EAAE,MAAM,EAAE,MAAM,qBAAqB,CAAA;AAC5C,OAAO,EAAE,kBAAkB,EAAE,MAAM,aAAa,CAAA;AAChD,OAAO,EAAE,mBAAmB,EAAE,MAAM,gBAAgB,CAAA;AACpD,OAAO,EAAE,oBAAoB,EAAE,MAAM,aAAa,CAAA;AAClD,OAAO,EAAE,oCAAoC,EAAE,MAAM,oCAAoC,CAAA;AACzF,OAAO,EAAE,oBAAoB,EAAE,gBAAgB,EAAE,MAAM,qBAAqB,CAAA;AAE5E,MAAM,aAAa,GAAG,SAAS,CAAC,QAAQ,CAAC,CAAA;AAEzC,kFAAkF;AAClF,qFAAqF;AACrF,mFAAmF;AACnF,+EAA+E;AAC/E,gFAAgF;AAChF,kFAAkF;AAClF,uBAAuB;AACvB,EAAE;AACF,oFAAoF;AACpF,qFAAqF;AACrF,iFAAiF;AACjF,sFAAsF;AACtF,mFAAmF;AACnF,0FAA0F;AAC1F,iDAAiD;AACjD,MAAM,CAAC,KAAK,UAAU,UAAU,CAC9B,OAAO,GAIH,EAAE;IAEN,MAAM,GAAG,GAAG,OAAO,CAAC,GAAG,IAAI,OAAO,CAAC,GAAG,CAAA;IAEtC,qFAAqF;IACrF,kFAAkF;IAClF,qFAAqF;IACrF,uFAAuF;IACvF,mFAAmF;IACnF,MAAM,SAAS,GAAG,kBAAkB,CAAC,GAAG,CAAC,CAAA;IAEzC,sFAAsF;IACtF,uFAAuF;IACvF,qFAAqF;IACrF,MAAM,gBAAgB,CAAC,SAAS,CAAC,CAAA;IAEjC,qFAAqF;IACrF,kFAAkF;IAClF,yDAAyD;IACzD,IAAI,SAAS,CAAC,mBAAmB,EAAE,IAAI,EAAE,EAAE,CAAC;QAC1C,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,MAAM,oCAAoC,CAAC,SAAS,CAAC,CAAC,UAAU,EAAE,CAAA;YACjF,IAAI,MAAM,GAAG,CAAC;gBAAE,MAAM,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,EAAE,sCAAsC,CAAC,CAAA;QACjF,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,CAAC,IAAI,CACT,EAAE,GAAG,EAAE,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,EACzD,8CAA8C,CAC/C,CAAA;QACH,CAAC;IACH,CAAC;IAED,2FAA2F;IAC3F,0FAA0F;IAC1F,wFAAwF;IACxF,kFAAkF;IAClF,IAAI,CAAC,SAAS,CAAC,UAAU,EAAE,IAAI,EAAE,EAAE,CAAC;QAClC,MAAM,CAAC,IAAI,CACT,sFAAsF;YACpF,kEAAkE,oBAAoB,EAAE,GAAG;YAC3F,kCAAkC,CACrC,CAAA;IACH,CAAC;IAED,IAAI,SAAS,CAAC,aAAa,KAAK,OAAO,IAAI,CAAC,GAAG,CAAC,IAAI,EAAE,IAAI,EAAE,EAAE,CAAC;QAC7D,MAAM,CAAC,IAAI,CACT,oFAAoF;YAClF,mFAAmF;YACnF,iCAAiC,CACpC,CAAA;IACH,CAAC;IAED,OAAO,KAAK,CAAC;QACX,GAAG;QACH,IAAI,EAAE,OAAO,CAAC,IAAI;QAClB,cAAc,EAAE,CAAC,CAAC,EAAE,EAAE,CACpB,mBAAmB,CAAC,EAAE,GAAG,CAAC,EAAE,mBAAmB,EAAE,OAAO,CAAC,mBAAmB,EAAE,CAAC;KAClF,CAAC,CAAA;AACJ,CAAC;AAED;;;;GAIG;AACH,KAAK,UAAU,gBAAgB,CAAC,SAA4B;IAC1D,MAAM,OAAO,GAAG,oBAAoB,CAAC,SAAS,CAAC,CAAA;IAC/C,MAAM,CAAC,IAAI,CACT;QACE,OAAO,EAAE,gBAAgB,CAAC,SAAS,CAAC;QACpC,MAAM,EAAE,OAAO,CAAC,MAAM;QACtB,SAAS,EAAE,OAAO,CAAC,YAAY,CAAC,SAAS;QACzC,SAAS,EAAE,OAAO,CAAC,SAAS;QAC5B,SAAS,EAAE,SAAS,CAAC,UAAU;KAChC,EACD,wCAAwC,CACzC,CAAA;IACD,IAAI,CAAC,OAAO,CAAC,YAAY,CAAC,SAAS,EAAE,CAAC;QACpC,MAAM,CAAC,IAAI,CACT,oBAAoB,gBAAgB,CAAC,SAAS,CAAC,0CAA0C;YACvF,gFAAgF;YAChF,qFAAqF;YACrF,wDAAwD,CAC3D,CAAA;IACH,CAAC;IACD,IAAI,CAAC;QACH,MAAM,aAAa,CAAC,OAAO,CAAC,MAAM,EAAE,CAAC,WAAW,CAAC,EAAE,EAAE,OAAO,EAAE,MAAM,EAAE,CAAC,CAAA;IACzE,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,CAAC,IAAI,CACT,EAAE,GAAG,EAAE,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,MAAM,EAAE,OAAO,CAAC,MAAM,EAAE,EACjF,8BAA8B,OAAO,CAAC,MAAM,2CAA2C;YACrF,kFAAkF;YAClF,2BAA2B,CAC9B,CAAA;IACH,CAAC;AACH,CAAC"}

package/package.json

@@ -1,6 +1,11 @@
 {
   "name": "@cat-factory/local-server",
-  "version": "0.6.0",
+  "version": "0.7.3",
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/kibertoad/cat-factory.git",
+    "directory": "backend/runtimes/local"
+  },
   "description": "Local-mode runtime facade for the Agent Architecture Board: the @cat-factory/node-server stack with agent jobs run as local Docker/Podman containers and GitHub accessed via a personal access token — a developer can run the whole product on their own machine.",
   "files": [
     "dist"
@@ -20,18 +25,18 @@
   },
   "dependencies": {
     "drizzle-orm": "1.0.0-rc.3",
-    "@cat-factory/agents": "0.6.0",
-    "@cat-factory/contracts": "0.6.0",
-    "@cat-factory/kernel": "0.6.0",
-    "@cat-factory/orchestration": "0.6.0",
-    "@cat-factory/node-server": "0.6.0",
-    "@cat-factory/server": "0.6.0"
+    "@cat-factory/agents": "0.7.2",
+    "@cat-factory/contracts": "0.7.2",
+    "@cat-factory/node-server": "0.7.2",
+    "@cat-factory/orchestration": "0.7.2",
+    "@cat-factory/kernel": "0.7.2",
+    "@cat-factory/server": "0.7.2"
   },
   "devDependencies": {
     "@types/node": "^24.13.2",
     "typescript": "7.0.1-rc",
     "vitest": "^4.1.9",
-    "@cat-factory/conformance": "0.6.0"
+    "@cat-factory/conformance": "0.7.2"
   },
   "scripts": {
     "build": "tsc -b tsconfig.build.json",

package/dist/LocalDockerRunnerTransport.d.ts

@@ -1,95 +0,0 @@
-import type { RunnerDispatchKind, RunnerDispatchOptions, RunnerJobRef, RunnerJobView, RunnerTransport } from '@cat-factory/kernel';
-/** Injectable docker/podman CLI runner — overridable in tests. */
-export type DockerExec = (args: string[]) => Promise<{
-    stdout: string;
-    stderr: string;
-}>;
-export interface LocalDockerRunnerTransportOptions {
-    /** The executor-harness image ref (a GHCR pull or a locally built tag). */
-    image: string;
-    /** The container CLI binary. Default `docker` (Podman works via the same surface). */
-    binary?: string;
-    /**
-     * Shared secret injected as `HARNESS_SHARED_SECRET` and sent as the
-     * `x-harness-secret` header on every call. Defaults to a random per-process value.
-     */
-    sharedSecret?: string;
-    /**
-     * Add `--add-host=host.docker.internal:host-gateway` so the harness can reach the
-     * backend LLM proxy at `host.docker.internal` (needed on Linux; harmless on
-     * Docker Desktop). Default true.
-     */
-    addHostGateway?: boolean;
-    /** Optional `--network` for the container. */
-    network?: string;
-    /** Extra `-e KEY=VALUE` env passed into the container (rarely needed). */
-    env?: Record<string, string>;
-    /** Injectable docker exec — defaults to running {@link binary} via execFile. */
-    exec?: DockerExec;
-    /** Injectable fetch — defaults to the global. */
-    fetchImpl?: typeof fetch;
-    /** How long to wait for the container's port + `/health` after start. Default 60s. */
-    readyTimeoutMs?: number;
-    /** Per-HTTP-call timeout. Default 30s. */
-    requestTimeoutMs?: number;
-    /**
-     * Run the Tester (`test`) job container with `--privileged` so its in-container
-     * Docker-in-Docker daemon can start and the Tester can `docker compose up` the
-     * service's local infra. This is the local analogue of the Cloudflare harness's
-     * rootless-dockerd path, but reliable: on a developer machine privileged DinD
-     * "just works", keeping the service's dependencies on the job container's own
-     * `localhost` (exactly what the Tester prompt assumes). Default true; set false to
-     * fall back to the harness's best-effort rootless daemon (e.g. under Podman, whose
-     * rootless containers can run nested Podman without `--privileged`). Only the
-     * `test` kind gets it — every other kind runs unprivileged. See entrypoint.sh.
-     */
-    privilegedTestJobs?: boolean;
-}
-export declare class LocalDockerRunnerTransport implements RunnerTransport {
-    private readonly image;
-    private readonly binary;
-    private readonly sharedSecret;
-    private readonly addHostGateway;
-    private readonly network?;
-    private readonly extraEnv;
-    private readonly exec;
-    private readonly fetchImpl;
-    private readonly readyTimeoutMs;
-    private readonly requestTimeoutMs;
-    private readonly privilegedTestJobs;
-    /** runId → resolved container handle, to spare a `docker` lookup on the hot poll path. */
-    private readonly cache;
-    constructor(options: LocalDockerRunnerTransportOptions);
-    dispatch(ref: RunnerJobRef, spec: Record<string, unknown>, kind?: RunnerDispatchKind, options?: RunnerDispatchOptions): Promise<void>;
-    poll(ref: RunnerJobRef): Promise<RunnerJobView>;
-    /**
-     * Reclaim the per-RUN container now (`docker rm -f`) rather than leaving it idle —
-     * this tears down the whole run's container (and with it any step still running in
-     * it). Best-effort and idempotent: removing an already-gone container is a no-op.
-     */
-    release(ref: RunnerJobRef): Promise<void>;
-    /**
-     * Reap exited per-job containers this transport manages — orphans a crash or hard
-     * kill left behind (release() never ran for them). Best-effort; returns the count
-     * removed. Call once at boot, before any job is in flight.
-     */
-    reapExited(): Promise<number>;
-    /** Force-remove every (running or exited) container labelled with this run id. */
-    private removeContainersForRun;
-    private url;
-    /** The container handle for a run from the cache, else rediscovered by label. */
-    private resolve;
-    /** The (running-or-exited) container id labelled with this run id, if any. */
-    private findContainer;
-    /** Parse the published host port for the harness port, or undefined if unmapped. */
-    private hostPort;
-    private waitForPort;
-    private waitForHealth;
-    private isRunning;
-}
-/**
- * Build a {@link LocalDockerRunnerTransport} from the process environment. The image
- * ref (`LOCAL_HARNESS_IMAGE`) is required; everything else has sane local defaults.
- */
-export declare function createLocalDockerTransportFromEnv(env: NodeJS.ProcessEnv): LocalDockerRunnerTransport;
-//# sourceMappingURL=LocalDockerRunnerTransport.d.ts.map

package/dist/LocalDockerRunnerTransport.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"LocalDockerRunnerTransport.d.ts","sourceRoot":"","sources":["../src/LocalDockerRunnerTransport.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EACV,kBAAkB,EAClB,qBAAqB,EACrB,YAAY,EACZ,aAAa,EACb,eAAe,EAChB,MAAM,qBAAqB,CAAA;AAkD5B,kEAAkE;AAClE,MAAM,MAAM,UAAU,GAAG,CAAC,IAAI,EAAE,MAAM,EAAE,KAAK,OAAO,CAAC;IAAE,MAAM,EAAE,MAAM,CAAC;IAAC,MAAM,EAAE,MAAM,CAAA;CAAE,CAAC,CAAA;AAExF,MAAM,WAAW,iCAAiC;IAChD,2EAA2E;IAC3E,KAAK,EAAE,MAAM,CAAA;IACb,sFAAsF;IACtF,MAAM,CAAC,EAAE,MAAM,CAAA;IACf;;;OAGG;IACH,YAAY,CAAC,EAAE,MAAM,CAAA;IACrB;;;;OAIG;IACH,cAAc,CAAC,EAAE,OAAO,CAAA;IACxB,8CAA8C;IAC9C,OAAO,CAAC,EAAE,MAAM,CAAA;IAChB,0EAA0E;IAC1E,GAAG,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAA;IAC5B,gFAAgF;IAChF,IAAI,CAAC,EAAE,UAAU,CAAA;IACjB,iDAAiD;IACjD,SAAS,CAAC,EAAE,OAAO,KAAK,CAAA;IACxB,sFAAsF;IACtF,cAAc,CAAC,EAAE,MAAM,CAAA;IACvB,0CAA0C;IAC1C,gBAAgB,CAAC,EAAE,MAAM,CAAA;IACzB;;;;;;;;;;OAUG;IACH,kBAAkB,CAAC,EAAE,OAAO,CAAA;CAC7B;AAID,qBAAa,0BAA2B,YAAW,eAAe;IAChE,OAAO,CAAC,QAAQ,CAAC,KAAK,CAAQ;IAC9B,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAQ;IAC/B,OAAO,CAAC,QAAQ,CAAC,YAAY,CAAQ;IACrC,OAAO,CAAC,QAAQ,CAAC,cAAc,CAAS;IACxC,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAQ;IACjC,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAwB;IACjD,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAY;IACjC,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAc;IACxC,OAAO,CAAC,QAAQ,CAAC,cAAc,CAAQ;IACvC,OAAO,CAAC,QAAQ,CAAC,gBAAgB,CAAQ;IACzC,OAAO,CAAC,QAAQ,CAAC,kBAAkB,CAAS;IAE5C,0FAA0F;IAC1F,OAAO,CAAC,QAAQ,CAAC,KAAK,CAA2D;IAEjF,YAAY,OAAO,EAAE,iCAAiC,EAarD;IAEK,QAAQ,CACZ,GAAG,EAAE,YAAY,EACjB,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAC7B,IAAI,GAAE,kBAA0B,EAChC,OAAO,CAAC,EAAE,qBAAqB,GAC9B,OAAO,CAAC,IAAI,CAAC,CA+Df;IAEK,IAAI,CAAC,GAAG,EAAE,YAAY,GAAG,OAAO,CAAC,aAAa,CAAC,CAmCpD;IAED;;;;OAIG;IACG,OAAO,CAAC,GAAG,EAAE,YAAY,GAAG,OAAO,CAAC,IAAI,CAAC,CAM9C;IAED;;;;OAIG;IACG,UAAU,IAAI,OAAO,CAAC,MAAM,CAAC,CAgBlC;IAID,kFAAkF;YACpE,sBAAsB;IAiBpC,OAAO,CAAC,GAAG;IAIX,iFAAiF;YACnE,OAAO;IAYrB,8EAA8E;YAChE,aAAa;IAY3B,oFAAoF;YACtE,QAAQ;YAUR,WAAW;YAYX,aAAa;YAmBb,SAAS;CASxB;AAUD;;;GAGG;AACH,wBAAgB,iCAAiC,CAC/C,GAAG,EAAE,MAAM,CAAC,UAAU,GACrB,0BAA0B,CAmB5B"}

package/dist/LocalDockerRunnerTransport.js

@@ -1,342 +0,0 @@
-import { execFile } from 'node:child_process';
-import { randomBytes } from 'node:crypto';
-import { promisify } from 'node:util';
-import { resolveDockerResources } from '@cat-factory/contracts';
-const execFileAsync = promisify(execFile);
-// The local-mode runner backend: each RUN gets its OWN local Docker/Podman container
-// — the SAME executor-harness image the Cloudflare Worker runs per-run Containers
-// from — which hosts that run's whole sequence of step jobs. It is the local analogue
-// of `CloudflareContainerTransport` (a per-run Cloudflare Container) and of
-// `RunnerPoolTransport` (an org's self-hosted pool): the ContainerAgentExecutor drives
-// all three identically through the `RunnerTransport` port, addressed by a
-// {@link RunnerJobRef} — the run id (which container) plus the per-step job id.
-//
-// A container is started per RUN (`docker run -d`, harness `:8080` published to an
-// ephemeral host port), labelled with the run id so the run's later steps re-attach to
-// it instead of starting a duplicate, and the harness keys each step's job by the
-// per-step job id (so siblings never collide). The harness reaches this service's LLM proxy at
-// `host.docker.internal` — published via `--add-host` on Linux — and clones/pushes
-// to github.com directly with the per-job token in the request body. Nothing
-// long-lived is mounted: the per-job GitHub + proxy tokens travel in the POST body
-// and live only for the job, in the container's ephemeral filesystem.
-/** Maps a dispatch kind to the harness HTTP route that starts that job. */
-const KIND_ROUTE = {
-    run: '/run',
-    blueprint: '/blueprint',
-    spec: '/spec',
-    explore: '/explore',
-    bootstrap: '/bootstrap',
-    'ci-fix': '/ci-fix',
-    'resolve-conflicts': '/resolve-conflicts',
-    merge: '/merge',
-    test: '/test',
-    'fix-tests': '/fix-tests',
-};
-// The failed-poll error the engine classifies as a container eviction (matched by
-// orchestration `isContainerEvictionError`, also used by the bootstrap flow). A
-// vanished/exited local container maps to it so the run stops and the stale-run
-// sweeper can re-drive it — mirroring the Worker transport's 404 mapping.
-const EVICTION_ERROR = 'Job not found (container evicted or crashed)';
-// Labels the per-RUN container by its run id (the container key). A run's steps share
-// one container, so this is the run id, not a per-step job id.
-const LABEL_RUN = 'cat-factory.runId';
-const LABEL_MANAGED = 'cat-factory.managed=local-docker';
-/** The port the harness listens on inside the container. */
-const HARNESS_PORT = 8080;
-const SECRET_HEADER = 'x-harness-secret';
-const delay = (ms) => new Promise((resolve) => setTimeout(resolve, ms));
-export class LocalDockerRunnerTransport {
-    image;
-    binary;
-    sharedSecret;
-    addHostGateway;
-    network;
-    extraEnv;
-    exec;
-    fetchImpl;
-    readyTimeoutMs;
-    requestTimeoutMs;
-    privilegedTestJobs;
-    /** runId → resolved container handle, to spare a `docker` lookup on the hot poll path. */
-    cache = new Map();
-    constructor(options) {
-        this.image = options.image;
-        this.binary = options.binary ?? 'docker';
-        this.sharedSecret = options.sharedSecret ?? randomBytes(24).toString('hex');
-        this.addHostGateway = options.addHostGateway ?? true;
-        this.network = options.network;
-        this.extraEnv = options.env ?? {};
-        this.exec =
-            options.exec ?? ((args) => execFileAsync(this.binary, args, { maxBuffer: 16 * 1024 * 1024 }));
-        this.fetchImpl = options.fetchImpl ?? fetch;
-        this.readyTimeoutMs = options.readyTimeoutMs ?? 60_000;
-        this.requestTimeoutMs = options.requestTimeoutMs ?? 30_000;
-        this.privilegedTestJobs = options.privilegedTestJobs ?? true;
-    }
-    async dispatch(ref, spec, kind = 'run', options) {
-        // The container is per-RUN: a run's first step starts it, later steps re-attach to
-        // it (resolved by the run-id label), and the harness keys each step's job by the
-        // per-step `ref.jobId` carried in the spec body.
-        const runId = ref.runId;
-        let resolved = await this.resolve(runId);
-        if (!resolved) {
-            // A prior attempt may have left an exited/dead container under this run label
-            // (resolve() returns undefined for one whose port is no longer published). Remove
-            // any such container first so it can't shadow the fresh one in later label lookups
-            // (findContainer returns the first match).
-            await this.removeContainersForRun(runId);
-            const args = [
-                'run',
-                '-d',
-                '--label',
-                `${LABEL_RUN}=${runId}`,
-                '--label',
-                LABEL_MANAGED,
-                '-p',
-                `127.0.0.1:0:${HARNESS_PORT}`,
-                '-e',
-                `HARNESS_SHARED_SECRET=${this.sharedSecret}`,
-            ];
-            // Size the per-job container on the host daemon from the service's abstract
-            // instance size — the local backend never touches a cloud, it just provisions a
-            // bigger/smaller Docker container (`--memory`/`--cpus`).
-            if (options?.instanceSize) {
-                const { memory, cpus } = resolveDockerResources(options.instanceSize);
-                args.push('--memory', memory, '--cpus', cpus);
-            }
-            // The Tester stands its infra up with `docker compose` INSIDE the job container
-            // (Docker-in-Docker), so the dependencies sit on the container's own localhost.
-            // Run that one kind privileged so the in-container daemon can start. No other
-            // kind needs Docker, so none other gets elevated.
-            if (kind === 'test' && this.privilegedTestJobs)
-                args.push('--privileged');
-            if (this.addHostGateway)
-                args.push('--add-host=host.docker.internal:host-gateway');
-            if (this.network)
-                args.push('--network', this.network);
-            for (const [k, v] of Object.entries(this.extraEnv))
-                args.push('-e', `${k}=${v}`);
-            args.push(this.image);
-            const { stdout } = await this.exec(args);
-            const containerId = stdout.trim().split(/\s+/).pop();
-            if (!containerId)
-                throw new Error('docker run returned no container id');
-            const port = await this.waitForPort(containerId);
-            resolved = { containerId, port };
-            this.cache.set(runId, resolved);
-            await this.waitForHealth(resolved.port);
-        }
-        // POST the job to the kind's route. Idempotent: re-attaching to an already-running
-        // container re-POSTs, which the harness's per-id registry treats as a re-attach.
-        const res = await this.fetchImpl(this.url(resolved.port, KIND_ROUTE[kind]), {
-            method: 'POST',
-            headers: { 'content-type': 'application/json', [SECRET_HEADER]: this.sharedSecret },
-            body: JSON.stringify(spec),
-            signal: AbortSignal.timeout(this.requestTimeoutMs),
-        });
-        if (!res.ok) {
-            throw new Error(`Local container dispatch failed (HTTP ${res.status}): ${await safeText(res)}`);
-        }
-    }
-    async poll(ref) {
-        const resolved = await this.resolve(ref.runId);
-        // No container for this run at all → it was evicted/reaped (or never started).
-        if (!resolved)
-            return { state: 'failed', error: EVICTION_ERROR };
-        let res;
-        try {
-            // Address the per-RUN container, but read the per-step job by its own id.
-            res = await this.fetchImpl(this.url(resolved.port, `/jobs/${encodeURIComponent(ref.jobId)}`), {
-                method: 'GET',
-                headers: { [SECRET_HEADER]: this.sharedSecret },
-                signal: AbortSignal.timeout(this.requestTimeoutMs),
-            });
-        }
-        catch (err) {
-            // Connection refused / DNS gone: the container most likely exited. Confirm via
-            // the daemon — if it is no longer running, report an eviction so the run stops;
-            // otherwise surface the transient error so the caller can retry.
-            if (!(await this.isRunning(resolved.containerId))) {
-                this.cache.delete(ref.runId);
-                return { state: 'failed', error: EVICTION_ERROR };
-            }
-            throw err;
-        }
-        // The container is up but the harness no longer knows this job id (it was reaped
-        // after completion, or the container was recreated): treat as an eviction.
-        if (res.status === 404)
-            return { state: 'failed', error: EVICTION_ERROR };
-        if (!res.ok) {
-            throw new Error(`Local container job poll failed (HTTP ${res.status}): ${await safeText(res)}`);
-        }
-        return (await res.json());
-    }
-    /**
-     * Reclaim the per-RUN container now (`docker rm -f`) rather than leaving it idle —
-     * this tears down the whole run's container (and with it any step still running in
-     * it). Best-effort and idempotent: removing an already-gone container is a no-op.
-     */
-    async release(ref) {
-        const containerId = this.cache.get(ref.runId)?.containerId ?? (await this.findContainer(ref.runId));
-        this.cache.delete(ref.runId);
-        if (!containerId)
-            return;
-        await this.exec(['rm', '-f', containerId]).catch(() => undefined);
-    }
-    /**
-     * Reap exited per-job containers this transport manages — orphans a crash or hard
-     * kill left behind (release() never ran for them). Best-effort; returns the count
-     * removed. Call once at boot, before any job is in flight.
-     */
-    async reapExited() {
-        const { stdout } = await this.exec([
-            'ps',
-            '-aq',
-            '--filter',
-            `label=${LABEL_MANAGED}`,
-            '--filter',
-            'status=exited',
-        ]);
-        const ids = stdout
-            .trim()
-            .split('\n')
-            .map((s) => s.trim())
-            .filter(Boolean);
-        if (ids.length)
-            await this.exec(['rm', '-f', ...ids]).catch(() => undefined);
-        return ids.length;
-    }
-    // --- internals ----------------------------------------------------------
-    /** Force-remove every (running or exited) container labelled with this run id. */
-    async removeContainersForRun(runId) {
-        const { stdout } = await this.exec([
-            'ps',
-            '-aq',
-            '--filter',
-            `label=${LABEL_RUN}=${runId}`,
-            '--filter',
-            `label=${LABEL_MANAGED}`,
-        ]);
-        const ids = stdout
-            .trim()
-            .split('\n')
-            .map((s) => s.trim())
-            .filter(Boolean);
-        if (ids.length)
-            await this.exec(['rm', '-f', ...ids]).catch(() => undefined);
-    }
-    url(port, path) {
-        return `http://127.0.0.1:${port}${path}`;
-    }
-    /** The container handle for a run from the cache, else rediscovered by label. */
-    async resolve(runId) {
-        const cached = this.cache.get(runId);
-        if (cached)
-            return cached;
-        const containerId = await this.findContainer(runId);
-        if (!containerId)
-            return undefined;
-        const port = await this.hostPort(containerId);
-        if (port === undefined)
-            return undefined;
-        const resolved = { containerId, port };
-        this.cache.set(runId, resolved);
-        return resolved;
-    }
-    /** The (running-or-exited) container id labelled with this run id, if any. */
-    async findContainer(runId) {
-        const { stdout } = await this.exec([
-            'ps',
-            '-aq',
-            '--filter',
-            `label=${LABEL_RUN}=${runId}`,
-            '--filter',
-            `label=${LABEL_MANAGED}`,
-        ]);
-        return stdout.trim().split('\n')[0]?.trim() || undefined;
-    }
-    /** Parse the published host port for the harness port, or undefined if unmapped. */
-    async hostPort(containerId) {
-        const { stdout } = await this.exec(['port', containerId, `${HARNESS_PORT}/tcp`]);
-        // e.g. "127.0.0.1:49153" (possibly several lines for IPv4/IPv6); take the last
-        // numeric segment of the first line.
-        const line = stdout.trim().split('\n')[0]?.trim();
-        if (!line)
-            return undefined;
-        const port = Number(line.slice(line.lastIndexOf(':') + 1));
-        return Number.isFinite(port) && port > 0 ? port : undefined;
-    }
-    async waitForPort(containerId) {
-        const deadline = Date.now() + this.readyTimeoutMs;
-        for (;;) {
-            const port = await this.hostPort(containerId).catch(() => undefined);
-            if (port !== undefined)
-                return port;
-            if (Date.now() >= deadline) {
-                throw new Error(`Timed out waiting for container ${containerId} to publish its port`);
-            }
-            await delay(250);
-        }
-    }
-    async waitForHealth(port) {
-        const deadline = Date.now() + this.readyTimeoutMs;
-        for (;;) {
-            try {
-                const res = await this.fetchImpl(this.url(port, '/health'), {
-                    method: 'GET',
-                    signal: AbortSignal.timeout(Math.min(this.requestTimeoutMs, 5_000)),
-                });
-                if (res.ok)
-                    return;
-            }
-            catch {
-                // not up yet
-            }
-            if (Date.now() >= deadline) {
-                throw new Error(`Timed out waiting for the harness on :${port} to become healthy`);
-            }
-            await delay(300);
-        }
-    }
-    async isRunning(containerId) {
-        try {
-            const { stdout } = await this.exec(['inspect', '-f', '{{.State.Running}}', containerId]);
-            return stdout.trim() === 'true';
-        }
-        catch {
-            // No such container → not running.
-            return false;
-        }
-    }
-}
-async function safeText(res) {
-    try {
-        return (await res.text()).slice(0, 500);
-    }
-    catch {
-        return '(no body)';
-    }
-}
-/**
- * Build a {@link LocalDockerRunnerTransport} from the process environment. The image
- * ref (`LOCAL_HARNESS_IMAGE`) is required; everything else has sane local defaults.
- */
-export function createLocalDockerTransportFromEnv(env) {
-    const image = env.LOCAL_HARNESS_IMAGE?.trim();
-    if (!image) {
-        throw new Error('LOCAL_HARNESS_IMAGE is required for local mode: set it to the executor-harness image ref ' +
-            '(a GHCR pull or a tag built from backend/internal/executor-harness/Dockerfile).');
-    }
-    return new LocalDockerRunnerTransport({
-        image,
-        binary: env.LOCAL_DOCKER_BINARY?.trim() || 'docker',
-        sharedSecret: env.HARNESS_SHARED_SECRET?.trim() || undefined,
-        network: env.LOCAL_DOCKER_NETWORK?.trim() || undefined,
-        addHostGateway: env.LOCAL_DOCKER_ADD_HOST_GATEWAY?.trim() !== 'false',
-        // Default on: the Tester stands its docker-compose infra up via Docker-in-Docker,
-        // which needs a privileged job container. Set to `false` for runtimes that run
-        // nested containers without it (e.g. rootless Podman).
-        privilegedTestJobs: env.LOCAL_DOCKER_PRIVILEGED_TEST_JOBS?.trim() !== 'false',
-    });
-}
-//# sourceMappingURL=LocalDockerRunnerTransport.js.map

package/dist/LocalDockerRunnerTransport.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"LocalDockerRunnerTransport.js","sourceRoot":"","sources":["../src/LocalDockerRunnerTransport.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,oBAAoB,CAAA;AAC7C,OAAO,EAAE,WAAW,EAAE,MAAM,aAAa,CAAA;AACzC,OAAO,EAAE,SAAS,EAAE,MAAM,WAAW,CAAA;AAQrC,OAAO,EAAE,sBAAsB,EAAE,MAAM,wBAAwB,CAAA;AAE/D,MAAM,aAAa,GAAG,SAAS,CAAC,QAAQ,CAAC,CAAA;AAEzC,qFAAqF;AACrF,kFAAkF;AAClF,sFAAsF;AACtF,4EAA4E;AAC5E,uFAAuF;AACvF,2EAA2E;AAC3E,gFAAgF;AAChF,EAAE;AACF,mFAAmF;AACnF,uFAAuF;AACvF,kFAAkF;AAClF,+FAA+F;AAC/F,mFAAmF;AACnF,6EAA6E;AAC7E,mFAAmF;AACnF,sEAAsE;AAEtE,2EAA2E;AAC3E,MAAM,UAAU,GAAuC;IACrD,GAAG,EAAE,MAAM;IACX,SAAS,EAAE,YAAY;IACvB,IAAI,EAAE,OAAO;IACb,OAAO,EAAE,UAAU;IACnB,SAAS,EAAE,YAAY;IACvB,QAAQ,EAAE,SAAS;IACnB,mBAAmB,EAAE,oBAAoB;IACzC,KAAK,EAAE,QAAQ;IACf,IAAI,EAAE,OAAO;IACb,WAAW,EAAE,YAAY;CAC1B,CAAA;AAED,kFAAkF;AAClF,gFAAgF;AAChF,gFAAgF;AAChF,0EAA0E;AAC1E,MAAM,cAAc,GAAG,8CAA8C,CAAA;AAErE,sFAAsF;AACtF,+DAA+D;AAC/D,MAAM,SAAS,GAAG,mBAAmB,CAAA;AACrC,MAAM,aAAa,GAAG,kCAAkC,CAAA;AACxD,4DAA4D;AAC5D,MAAM,YAAY,GAAG,IAAI,CAAA;AACzB,MAAM,aAAa,GAAG,kBAAkB,CAAA;AA+CxC,MAAM,KAAK,GAAG,CAAC,EAAU,EAAE,EAAE,CAAC,IAAI,OAAO,CAAO,CAAC,OAAO,EAAE,EAAE,CAAC,UAAU,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC,CAAA;AAErF,MAAM,OAAO,0BAA0B;IACpB,KAAK,CAAQ;IACb,MAAM,CAAQ;IACd,YAAY,CAAQ;IACpB,cAAc,CAAS;IACvB,OAAO,CAAS;IAChB,QAAQ,CAAwB;IAChC,IAAI,CAAY;IAChB,SAAS,CAAc;IACvB,cAAc,CAAQ;IACtB,gBAAgB,CAAQ;IACxB,kBAAkB,CAAS;IAE5C,0FAA0F;IACzE,KAAK,GAAG,IAAI,GAAG,EAAiD,CAAA;IAEjF,YAAY,OAA0C;QACpD,IAAI,CAAC,KAAK,GAAG,OAAO,CAAC,KAAK,CAAA;QAC1B,IAAI,CAAC,MAAM,GAAG,OAAO,CAAC,MAAM,IAAI,QAAQ,CAAA;QACxC,IAAI,CAAC,YAAY,GAAG,OAAO,CAAC,YAAY,IAAI,WAAW,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAA;QAC3E,IAAI,CAAC,cAAc,GAAG,OAAO,CAAC,cAAc,IAAI,IAAI,CAAA;QACpD,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC,OAAO,CAAA;QAC9B,IAAI,CAAC,QAAQ,GAAG,OAAO,CAAC,GAAG,IAAI,EAAE,CAAA;QACjC,IAAI,CAAC,IAAI;YACP,OAAO,CAAC,IAAI,IAAI,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,aAAa,CAAC,IAAI,CAAC,MAAM,EAAE,IAAI,EAAE,EAAE,SAAS,EAAE,EAAE,GAAG,IAAI,GAAG,IAAI,EAAE,CAAC,CAAC,CAAA;QAC/F,IAAI,CAAC,SAAS,GAAG,OAAO,CAAC,SAAS,IAAI,KAAK,CAAA;QAC3C,IAAI,CAAC,cAAc,GAAG,OAAO,CAAC,cAAc,IAAI,MAAM,CAAA;QACtD,IAAI,CAAC,gBAAgB,GAAG,OAAO,CAAC,gBAAgB,IAAI,MAAM,CAAA;QAC1D,IAAI,CAAC,kBAAkB,GAAG,OAAO,CAAC,kBAAkB,IAAI,IAAI,CAAA;IAC9D,CAAC;IAED,KAAK,CAAC,QAAQ,CACZ,GAAiB,EACjB,IAA6B,EAC7B,IAAI,GAAuB,KAAK,EAChC,OAA+B;QAE/B,mFAAmF;QACnF,iFAAiF;QACjF,iDAAiD;QACjD,MAAM,KAAK,GAAG,GAAG,CAAC,KAAK,CAAA;QACvB,IAAI,QAAQ,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,CAAA;QACxC,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,8EAA8E;YAC9E,kFAAkF;YAClF,mFAAmF;YACnF,2CAA2C;YAC3C,MAAM,IAAI,CAAC,sBAAsB,CAAC,KAAK,CAAC,CAAA;YACxC,MAAM,IAAI,GAAG;gBACX,KAAK;gBACL,IAAI;gBACJ,SAAS;gBACT,GAAG,SAAS,IAAI,KAAK,EAAE;gBACvB,SAAS;gBACT,aAAa;gBACb,IAAI;gBACJ,eAAe,YAAY,EAAE;gBAC7B,IAAI;gBACJ,yBAAyB,IAAI,CAAC,YAAY,EAAE;aAC7C,CAAA;YACD,4EAA4E;YAC5E,gFAAgF;YAChF,yDAAyD;YACzD,IAAI,OAAO,EAAE,YAAY,EAAE,CAAC;gBAC1B,MAAM,EAAE,MAAM,EAAE,IAAI,EAAE,GAAG,sBAAsB,CAAC,OAAO,CAAC,YAAY,CAAC,CAAA;gBACrE,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE,IAAI,CAAC,CAAA;YAC/C,CAAC;YACD,gFAAgF;YAChF,gFAAgF;YAChF,8EAA8E;YAC9E,kDAAkD;YAClD,IAAI,IAAI,KAAK,MAAM,IAAI,IAAI,CAAC,kBAAkB;gBAAE,IAAI,CAAC,IAAI,CAAC,cAAc,CAAC,CAAA;YACzE,IAAI,IAAI,CAAC,cAAc;gBAAE,IAAI,CAAC,IAAI,CAAC,8CAA8C,CAAC,CAAA;YAClF,IAAI,IAAI,CAAC,OAAO;gBAAE,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,IAAI,CAAC,OAAO,CAAC,CAAA;YACtD,KAAK,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC;gBAAE,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,CAAA;YAChF,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,CAAA;YAErB,MAAM,EAAE,MAAM,EAAE,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;YACxC,MAAM,WAAW,GAAG,MAAM,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,GAAG,EAAE,CAAA;YACpD,IAAI,CAAC,WAAW;gBAAE,MAAM,IAAI,KAAK,CAAC,qCAAqC,CAAC,CAAA;YACxE,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,WAAW,CAAC,CAAA;YAChD,QAAQ,GAAG,EAAE,WAAW,EAAE,IAAI,EAAE,CAAA;YAChC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,KAAK,EAAE,QAAQ,CAAC,CAAA;YAC/B,MAAM,IAAI,CAAC,aAAa,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAA;QACzC,CAAC;QAED,mFAAmF;QACnF,iFAAiF;QACjF,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,IAAI,EAAE,UAAU,CAAC,IAAI,CAAC,CAAC,EAAE;YAC1E,MAAM,EAAE,MAAM;YACd,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,CAAC,aAAa,CAAC,EAAE,IAAI,CAAC,YAAY,EAAE;YACnF,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC;YAC1B,MAAM,EAAE,WAAW,CAAC,OAAO,CAAC,IAAI,CAAC,gBAAgB,CAAC;SACnD,CAAC,CAAA;QACF,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC;YACZ,MAAM,IAAI,KAAK,CACb,yCAAyC,GAAG,CAAC,MAAM,MAAM,MAAM,QAAQ,CAAC,GAAG,CAAC,EAAE,CAC/E,CAAA;QACH,CAAC;IACH,CAAC;IAED,KAAK,CAAC,IAAI,CAAC,GAAiB;QAC1B,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,CAAA;QAC9C,+EAA+E;QAC/E,IAAI,CAAC,QAAQ;YAAE,OAAO,EAAE,KAAK,EAAE,QAAQ,EAAE,KAAK,EAAE,cAAc,EAAE,CAAA;QAEhE,IAAI,GAAa,CAAA;QACjB,IAAI,CAAC;YACH,0EAA0E;YAC1E,GAAG,GAAG,MAAM,IAAI,CAAC,SAAS,CACxB,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,IAAI,EAAE,SAAS,kBAAkB,CAAC,GAAG,CAAC,KAAK,CAAC,EAAE,CAAC,EACjE;gBACE,MAAM,EAAE,KAAK;gBACb,OAAO,EAAE,EAAE,CAAC,aAAa,CAAC,EAAE,IAAI,CAAC,YAAY,EAAE;gBAC/C,MAAM,EAAE,WAAW,CAAC,OAAO,CAAC,IAAI,CAAC,gBAAgB,CAAC;aACnD,CACF,CAAA;QACH,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,+EAA+E;YAC/E,gFAAgF;YAChF,iEAAiE;YACjE,IAAI,CAAC,CAAC,MAAM,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC,EAAE,CAAC;gBAClD,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,KAAK,CAAC,CAAA;gBAC5B,OAAO,EAAE,KAAK,EAAE,QAAQ,EAAE,KAAK,EAAE,cAAc,EAAE,CAAA;YACnD,CAAC;YACD,MAAM,GAAG,CAAA;QACX,CAAC;QACD,iFAAiF;QACjF,2EAA2E;QAC3E,IAAI,GAAG,CAAC,MAAM,KAAK,GAAG;YAAE,OAAO,EAAE,KAAK,EAAE,QAAQ,EAAE,KAAK,EAAE,cAAc,EAAE,CAAA;QACzE,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC;YACZ,MAAM,IAAI,KAAK,CACb,yCAAyC,GAAG,CAAC,MAAM,MAAM,MAAM,QAAQ,CAAC,GAAG,CAAC,EAAE,CAC/E,CAAA;QACH,CAAC;QACD,OAAO,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,CAAkB,CAAA;IAC5C,CAAC;IAED;;;;OAIG;IACH,KAAK,CAAC,OAAO,CAAC,GAAiB;QAC7B,MAAM,WAAW,GACf,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,GAAG,CAAC,KAAK,CAAC,EAAE,WAAW,IAAI,CAAC,MAAM,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,CAAA;QACjF,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,KAAK,CAAC,CAAA;QAC5B,IAAI,CAAC,WAAW;YAAE,OAAM;QACxB,MAAM,IAAI,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,IAAI,EAAE,WAAW,CAAC,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,SAAS,CAAC,CAAA;IACnE,CAAC;IAED;;;;OAIG;IACH,KAAK,CAAC,UAAU;QACd,MAAM,EAAE,MAAM,EAAE,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC;YACjC,IAAI;YACJ,KAAK;YACL,UAAU;YACV,SAAS,aAAa,EAAE;YACxB,UAAU;YACV,eAAe;SAChB,CAAC,CAAA;QACF,MAAM,GAAG,GAAG,MAAM;aACf,IAAI,EAAE;aACN,KAAK,CAAC,IAAI,CAAC;aACX,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;aACpB,MAAM,CAAC,OAAO,CAAC,CAAA;QAClB,IAAI,GAAG,CAAC,MAAM;YAAE,MAAM,IAAI,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,IAAI,EAAE,GAAG,GAAG,CAAC,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,SAAS,CAAC,CAAA;QAC5E,OAAO,GAAG,CAAC,MAAM,CAAA;IACnB,CAAC;IAED,2EAA2E;IAE3E,kFAAkF;IAC1E,KAAK,CAAC,sBAAsB,CAAC,KAAa;QAChD,MAAM,EAAE,MAAM,EAAE,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC;YACjC,IAAI;YACJ,KAAK;YACL,UAAU;YACV,SAAS,SAAS,IAAI,KAAK,EAAE;YAC7B,UAAU;YACV,SAAS,aAAa,EAAE;SACzB,CAAC,CAAA;QACF,MAAM,GAAG,GAAG,MAAM;aACf,IAAI,EAAE;aACN,KAAK,CAAC,IAAI,CAAC;aACX,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;aACpB,MAAM,CAAC,OAAO,CAAC,CAAA;QAClB,IAAI,GAAG,CAAC,MAAM;YAAE,MAAM,IAAI,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,IAAI,EAAE,GAAG,GAAG,CAAC,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,SAAS,CAAC,CAAA;IAC9E,CAAC;IAEO,GAAG,CAAC,IAAY,EAAE,IAAY;QACpC,OAAO,oBAAoB,IAAI,GAAG,IAAI,EAAE,CAAA;IAC1C,CAAC;IAED,iFAAiF;IACzE,KAAK,CAAC,OAAO,CAAC,KAAa;QACjC,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,KAAK,CAAC,CAAA;QACpC,IAAI,MAAM;YAAE,OAAO,MAAM,CAAA;QACzB,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,KAAK,CAAC,CAAA;QACnD,IAAI,CAAC,WAAW;YAAE,OAAO,SAAS,CAAA;QAClC,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAA;QAC7C,IAAI,IAAI,KAAK,SAAS;YAAE,OAAO,SAAS,CAAA;QACxC,MAAM,QAAQ,GAAG,EAAE,WAAW,EAAE,IAAI,EAAE,CAAA;QACtC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,KAAK,EAAE,QAAQ,CAAC,CAAA;QAC/B,OAAO,QAAQ,CAAA;IACjB,CAAC;IAED,8EAA8E;IACtE,KAAK,CAAC,aAAa,CAAC,KAAa;QACvC,MAAM,EAAE,MAAM,EAAE,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC;YACjC,IAAI;YACJ,KAAK;YACL,UAAU;YACV,SAAS,SAAS,IAAI,KAAK,EAAE;YAC7B,UAAU;YACV,SAAS,aAAa,EAAE;SACzB,CAAC,CAAA;QACF,OAAO,MAAM,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,IAAI,SAAS,CAAA;IAC1D,CAAC;IAED,oFAAoF;IAC5E,KAAK,CAAC,QAAQ,CAAC,WAAmB;QACxC,MAAM,EAAE,MAAM,EAAE,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,WAAW,EAAE,GAAG,YAAY,MAAM,CAAC,CAAC,CAAA;QAChF,+EAA+E;QAC/E,qCAAqC;QACrC,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,CAAA;QACjD,IAAI,CAAC,IAAI;YAAE,OAAO,SAAS,CAAA;QAC3B,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,CAAA;QAC1D,OAAO,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,IAAI,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS,CAAA;IAC7D,CAAC;IAEO,KAAK,CAAC,WAAW,CAAC,WAAmB;QAC3C,MAAM,QAAQ,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,cAAc,CAAA;QACjD,SAAS,CAAC;YACR,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,SAAS,CAAC,CAAA;YACpE,IAAI,IAAI,KAAK,SAAS;gBAAE,OAAO,IAAI,CAAA;YACnC,IAAI,IAAI,CAAC,GAAG,EAAE,IAAI,QAAQ,EAAE,CAAC;gBAC3B,MAAM,IAAI,KAAK,CAAC,mCAAmC,WAAW,sBAAsB,CAAC,CAAA;YACvF,CAAC;YACD,MAAM,KAAK,CAAC,GAAG,CAAC,CAAA;QAClB,CAAC;IACH,CAAC;IAEO,KAAK,CAAC,aAAa,CAAC,IAAY;QACtC,MAAM,QAAQ,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,cAAc,CAAA;QACjD,SAAS,CAAC;YACR,IAAI,CAAC;gBACH,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,EAAE,SAAS,CAAC,EAAE;oBAC1D,MAAM,EAAE,KAAK;oBACb,MAAM,EAAE,WAAW,CAAC,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,gBAAgB,EAAE,KAAK,CAAC,CAAC;iBACpE,CAAC,CAAA;gBACF,IAAI,GAAG,CAAC,EAAE;oBAAE,OAAM;YACpB,CAAC;YAAC,MAAM,CAAC;gBACP,aAAa;YACf,CAAC;YACD,IAAI,IAAI,CAAC,GAAG,EAAE,IAAI,QAAQ,EAAE,CAAC;gBAC3B,MAAM,IAAI,KAAK,CAAC,yCAAyC,IAAI,oBAAoB,CAAC,CAAA;YACpF,CAAC;YACD,MAAM,KAAK,CAAC,GAAG,CAAC,CAAA;QAClB,CAAC;IACH,CAAC;IAEO,KAAK,CAAC,SAAS,CAAC,WAAmB;QACzC,IAAI,CAAC;YACH,MAAM,EAAE,MAAM,EAAE,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,CAAC,SAAS,EAAE,IAAI,EAAE,oBAAoB,EAAE,WAAW,CAAC,CAAC,CAAA;YACxF,OAAO,MAAM,CAAC,IAAI,EAAE,KAAK,MAAM,CAAA;QACjC,CAAC;QAAC,MAAM,CAAC;YACP,mCAAmC;YACnC,OAAO,KAAK,CAAA;QACd,CAAC;IACH,CAAC;CACF;AAED,KAAK,UAAU,QAAQ,CAAC,GAAa;IACnC,IAAI,CAAC;QACH,OAAO,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,CAAA;IACzC,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,WAAW,CAAA;IACpB,CAAC;AACH,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,iCAAiC,CAC/C,GAAsB;IAEtB,MAAM,KAAK,GAAG,GAAG,CAAC,mBAAmB,EAAE,IAAI,EAAE,CAAA;IAC7C,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,MAAM,IAAI,KAAK,CACb,2FAA2F;YACzF,iFAAiF,CACpF,CAAA;IACH,CAAC;IACD,OAAO,IAAI,0BAA0B,CAAC;QACpC,KAAK;QACL,MAAM,EAAE,GAAG,CAAC,mBAAmB,EAAE,IAAI,EAAE,IAAI,QAAQ;QACnD,YAAY,EAAE,GAAG,CAAC,qBAAqB,EAAE,IAAI,EAAE,IAAI,SAAS;QAC5D,OAAO,EAAE,GAAG,CAAC,oBAAoB,EAAE,IAAI,EAAE,IAAI,SAAS;QACtD,cAAc,EAAE,GAAG,CAAC,6BAA6B,EAAE,IAAI,EAAE,KAAK,OAAO;QACrE,kFAAkF;QAClF,+EAA+E;QAC/E,uDAAuD;QACvD,kBAAkB,EAAE,GAAG,CAAC,iCAAiC,EAAE,IAAI,EAAE,KAAK,OAAO;KAC9E,CAAC,CAAA;AACJ,CAAC"}