@cicore/cli 1.0.0

package/dist/commands/agent/index.js

@@ -0,0 +1,564 @@
+/**
+ * CiCore CLI — `ci agent` (provisioning agent / execution bridge, K4)
+ *
+ * The control-plane never SSHes ad hoc. The panel (PHP) writes a *job* to
+ * `cp_provisioning_jobs`; a privileged agent claims it and runs the work,
+ * recording step logs, status, errors and an audit trail. This is that agent.
+ *
+ *   - `ci agent enqueue` — write a (signed) job. The panel mirrors this INSERT
+ *     in PHP; the CLI form is for testing + ops.
+ *   - `ci agent run` — claim queued jobs and execute them. Run it as a cron /
+ *     systemd timer on the host (or any box with SSH + control-plane access).
+ *
+ * Execution reuses the existing CLI commands by spawning them as child
+ * processes (e.g. `brand_reconcile` → `ci brand reconcile`), so the agent adds
+ * no second copy of the provisioning logic and a job failure can't take the
+ * agent down. Jobs are HMAC-signed (env `CICORE_JOB_SIGNING_SECRET`) so a
+ * compromised panel can't inject arbitrary work; if the secret is unset the
+ * agent runs in dev mode (verification skipped, with a warning).
+ *
+ * v1 job type: `brand_reconcile`. Reconcile is idempotent, so a failed job is
+ * safe to re-run (recovery = re-queue); true compensating rollback for
+ * create-type jobs (create_brand, …) is a follow-up.
+ */
+import { execFile } from 'node:child_process';
+import { createHmac } from 'node:crypto';
+import { fileURLToPath } from 'node:url';
+import { log } from '../../lib/logger.js';
+import { getHostConfig } from '../../lib/hosts.js';
+import { dbSelectJson, dbExec } from '../../lib/ops/db.js';
+import { cdnUploadManifest, cdnCleanAddon } from '../../lib/ops/cdn.js';
+const CONTROL_DB = 'vucore_control';
+const SLUG_RE = /^[a-z][a-z0-9_-]{1,62}$/;
+/** Job types the agent knows how to execute. */
+const KNOWN_TYPES = [
+    'brand_reconcile',
+    'db_promote_silo', // Faz 6 (dormant; pool tier aktifleşince)
+    'db_promote_silo_rollback', // Faz 6.2 (dormant)
+    'db_relocate', // M2 relocation (aktif yön; K-REL onaylı)
+    'publish_addon', // M3.4 marketplace publish (option-b; single authority)
+    'manifest_refresh', // E7-1 quarantine/revoke runtime-propagasyon (manifest regen → R2)
+];
+export function registerAgentCommands(program) {
+    const agent = program.command('agent').description('Provisioning agent — control-plane job execution bridge (K4)');
+    agent
+        .command('enqueue')
+        .description('Write a (signed) provisioning job to the control-plane')
+        .requiredOption('--type <type>', `Job type (${KNOWN_TYPES.join(' | ')})`)
+        .option('-h, --host <host>', 'Host alias (cicore | mkt)')
+        .option('--brand <slug>', 'Brand slug (for brand_reconcile)')
+        .option('--dns', 'Pass --dns to the reconcile (provision DNS too)')
+        .option('--requested-by <who>', 'Audit actor', 'cli')
+        .action(async (opts) => {
+        const cfg = resolveHost(opts.host);
+        assertType(opts.type);
+        if (opts.brand !== undefined && !SLUG_RE.test(opts.brand)) {
+            log.error(`Invalid --brand slug '${opts.brand}'.`);
+            process.exit(1);
+        }
+        const targetType = 'brand';
+        const payload = { brand: opts.brand ?? null, dns: opts.dns === true };
+        const sig = signJob(opts.type, targetType, payload);
+        const sigSql = sig ? `'${sig}'` : 'NULL';
+        const res = await dbExec(cfg, CONTROL_DB, `INSERT INTO cp_provisioning_jobs (target_type, type, payload, status, requested_by, signature)
+         VALUES ('${targetType}', '${opts.type}', '${sqlLit(JSON.stringify(payload))}'::jsonb, 'queued',
+                 '${sqlLit(opts.requestedBy ?? 'cli')}', ${sigSql});`);
+        if (!res.success) {
+            log.error(`enqueue failed: ${res.stderr.trim()}`);
+            process.exit(1);
+        }
+        log.success(`Job queued: ${opts.type} (brand=${opts.brand ?? '-'}, dns=${opts.dns === true})${sig ? ' [signed]' : ' [UNSIGNED — dev]'}`);
+    });
+    agent
+        .command('run')
+        .description('Claim and execute queued provisioning jobs')
+        .option('-h, --host <host>', 'Host alias (cicore | mkt)')
+        .option('--once', 'Process the queue once and exit (cron mode)', false)
+        .option('--max <n>', 'Max jobs to process this run', '10')
+        .action(async (opts) => {
+        const cfg = resolveHost(opts.host);
+        const max = Number.parseInt(opts.max ?? '10', 10);
+        let processed = 0;
+        for (let i = 0; i < max; i++) {
+            const job = await claimNext(cfg);
+            if (!job)
+                break;
+            await runJob(cfg, job);
+            processed++;
+        }
+        log.info(processed === 0 ? 'No queued jobs.' : `Processed ${processed} job(s).`);
+    });
+    agent
+        .command('reconcile')
+        .description('Stuck-job recovery — re-evaluate jobs claimed (running) ama hiç tamamlanmamış (agent yarıda öldü). Idempotent + fail-closed.')
+        .option('-h, --host <host>', 'Host alias (cicore | mkt)')
+        .option('--stale-min <n>', 'Bu süreden (dk) eski running job = stuck adayı', '10')
+        .option('--max-age-min <n>', 'Bu süreden (dk) eski → fail-closed (vazgeç, manuel)', '60')
+        .option('--once', 'Tek geçiş (cron/timer modu)', false)
+        .option('--dry-run', 'Yalnız rapor; durum değiştirme', false)
+        .action(async (opts) => {
+        const cfg = resolveHost(opts.host);
+        const staleMin = Number.parseInt(opts.staleMin ?? '10', 10);
+        const maxAgeMin = Number.parseInt(opts.maxAgeMin ?? '60', 10);
+        const dryRun = Boolean(opts.dryRun ?? opts['dry-run']);
+        const { requeued, failed } = await reconcileStaleJobs(cfg, staleMin, maxAgeMin, dryRun);
+        // Exit 1 when stuck jobs were found so systemd OnFailure / monitoring catches it.
+        if (requeued + failed > 0)
+            process.exit(1);
+    });
+}
+// ─────────────────────────────────────────────────────────────────────────
+// Job lifecycle
+// ─────────────────────────────────────────────────────────────────────────
+/** Claim the oldest queued job (set running). Single-agent v1: select then guarded update. */
+async function claimNext(cfg) {
+    const queued = await dbSelectJson(cfg, CONTROL_DB, `SELECT id, target_type, target_id, type, payload, signature, requested_by
+       FROM cp_provisioning_jobs WHERE status = 'queued' ORDER BY created_at LIMIT 1`);
+    if (queued.length === 0)
+        return undefined;
+    const job = queued[0];
+    // Guarded claim: only succeeds if still queued (AND status guard = race-safe).
+    const res = await dbExec(cfg, CONTROL_DB, `UPDATE cp_provisioning_jobs SET status='running', steps='[]'::jsonb
+      WHERE id='${job.id}' AND status='queued';`);
+    if (!res.success || !/UPDATE 1/.test(res.stdout)) {
+        log.debug(`[agent] job ${job.id} already claimed by another runner — skip`);
+        return undefined;
+    }
+    await audit(cfg, job.requested_by, 'job_claimed', `job:${job.id}`, { type: job.type, payload: job.payload });
+    return job;
+}
+async function runJob(cfg, job) {
+    log.info(`[agent] running job ${job.id} (${job.type})`);
+    const steps = [];
+    try {
+        // 1. Verify signature (or skip in dev with a warning).
+        verifySignature(job);
+        // 2. Dispatch by type.
+        if (job.type === 'brand_reconcile') {
+            const brand = typeof job.payload.brand === 'string' ? job.payload.brand : undefined;
+            const dns = job.payload.dns === true;
+            const out = await spawnReconcile(cfg.alias, brand, dns);
+            steps.push(...out.steps);
+            if (!out.ok)
+                throw new Error(out.error || 'reconcile failed');
+        }
+        else if (job.type === 'db_promote_silo') {
+            // F5 / Faz 6 — pool→silo terfi orchestrator (9-step).
+            // Mevcut provision-agent çatısı reuse (K4 lock); orchestrator
+            // cp_provisioning_jobs.steps'i kendisi günceller (per-step
+            // idempotent resume). Buradaki steps[] yalnız agent yüzeyindeki
+            // özet log; resmi steps jsonb job.id ile orchestrator yönetir.
+            const brand = typeof job.payload.brand === 'string' ? job.payload.brand : undefined;
+            if (!brand)
+                throw new Error('db_promote_silo payload missing brand');
+            const out = await spawnPromoteSilo(cfg.alias, brand, job.id);
+            steps.push(...out.steps);
+            if (!out.ok)
+                throw new Error(out.error || 'promote-silo failed');
+        }
+        else if (job.type === 'db_promote_silo_rollback') {
+            // Faz 6.2 — silo→pool geri dönüş orchestrator (9-step).
+            // INV-5 (anti-leak ters yön) + UUID-only v1 + INV-3 'rolling_back'
+            // freeze BrandWriteGuardMiddleware allow-list ile. Spawn aynı
+            // pattern (--confirm-manifest agent mode + --job-id).
+            const brand = typeof job.payload.brand === 'string' ? job.payload.brand : undefined;
+            if (!brand)
+                throw new Error('db_promote_silo_rollback payload missing brand');
+            const out = await spawnRollbackSilo(cfg.alias, brand, job.id);
+            steps.push(...out.steps);
+            if (!out.ok)
+                throw new Error(out.error || 'rollback-silo failed');
+        }
+        else if (job.type === 'db_relocate') {
+            // M2 — db_relocate orchestrator (9-step; K-REL-* onaylı).
+            // brand'in dedicated DB'sini farklı host/cluster'a taşır. Write-freeze
+            // status='relocating' (BrandWriteGuardMiddleware allow-list, migration
+            // 006). pg_dump|pg_restore (K-REL-1 v1); kaynak DB retain 14g (K-REL-3
+            // INV-2 reuse). Payload: { brand, target_host, target_port?, target_
+            // cluster?, target_region? }.
+            const brand = typeof job.payload.brand === 'string' ? job.payload.brand : undefined;
+            const targetHost = typeof job.payload.target_host === 'string' ? job.payload.target_host : undefined;
+            const targetPort = typeof job.payload.target_port === 'number'
+                ? String(job.payload.target_port)
+                : (typeof job.payload.target_port === 'string' ? job.payload.target_port : undefined);
+            const targetCluster = typeof job.payload.target_cluster === 'string' ? job.payload.target_cluster : undefined;
+            const targetRegion = typeof job.payload.target_region === 'string' ? job.payload.target_region : undefined;
+            if (!brand)
+                throw new Error('db_relocate payload missing brand');
+            if (!targetHost)
+                throw new Error('db_relocate payload missing target_host');
+            const out = await spawnRelocate(cfg.alias, brand, targetHost, targetPort, targetCluster, targetRegion, job.id);
+            steps.push(...out.steps);
+            if (!out.ok)
+                throw new Error(out.error || 'db_relocate failed');
+        }
+        else if (job.type === 'publish_addon') {
+            // M3.4 — control-plane registration via AddonRegistryService (single
+            // authority, K-M3.4-1) inside the app container, then manifest → R2.
+            const out = await spawnPublishAddon(cfg, job.payload, job.id);
+            steps.push(...out.steps);
+            if (!out.ok)
+                throw new Error(out.error || 'publish_addon failed');
+        }
+        else if (job.type === 'manifest_refresh') {
+            // E7-1 — quarantine/revoke runtime-propagasyon: GÜNCEL DB'den imzalı manifest
+            // regen + R2'ye yükle → Worker addon-gate.js taze entry.scan_status okur →
+            // quarantine ALWAYS 451. publish'siz (cp_addons'a yazmaz).
+            const out = await spawnManifestRefresh(cfg, job.id);
+            steps.push(...out.steps);
+            if (!out.ok)
+                throw new Error(out.error || 'manifest_refresh failed');
+        }
+        else {
+            throw new Error(`unknown job type '${job.type}'`);
+        }
+        await completeJob(cfg, job.id, 'success', steps, null);
+        await audit(cfg, job.requested_by, 'job_success', `job:${job.id}`, { steps });
+        log.success(`[agent] job ${job.id} success (${steps.length} steps)`);
+    }
+    catch (err) {
+        const message = err instanceof Error ? err.message : String(err);
+        // Forward-recovery saga: each step is idempotent (R2 hash-path no-op, cp ON CONFLICT,
+        // am refreshCdnManifest+pointer-set). Mark 'failed' → reconcileStaleJobs exp-backoff
+        // requeue → publish-job re-runs → forward-completes. No backward compensation needed.
+        await completeJob(cfg, job.id, 'failed', steps, message);
+        await audit(cfg, job.requested_by, 'job_failed', `job:${job.id}`, { error: message, steps });
+        log.error(`[agent] job ${job.id} failed: ${message}`);
+    }
+}
+async function completeJob(cfg, id, status, steps, error) {
+    const errSql = error === null ? 'NULL' : `'${sqlLit(error)}'`;
+    await dbExec(cfg, CONTROL_DB, `UPDATE cp_provisioning_jobs
+        SET status='${status}', steps='${sqlLit(JSON.stringify(steps))}'::jsonb,
+            error=${errSql}, finished_at=now()
+      WHERE id='${id}';`);
+}
+/**
+ * Stuck-job reconcile (RECONCILE-JOB, provision-agent tamamlayıcısı). claimNext yalnız
+ * 'queued' alır → bir agent 'running'a aldıktan SONRA ölürse (completeJob'a varmadan) job
+ * sonsuza dek 'running' kalır + ASLA re-claim edilmez (sessiz stuck). Bu mekanizma onları
+ * kurtarır — getStatus-re-pull yerine yaş-tabanlı re-evaluate (idempotent + fail-closed):
+ *
+ *   yaş ≤ staleMin           → ATLA (aktif agent olabilir; çift-run yok)
+ *   staleMin < yaş ≤ maxAge  → REQUEUE ('running'→'queued'); agent normal yolla idempotent
+ *                              re-run eder (job ops per-step resume + brand-reconcile idempotent)
+ *   yaş > maxAge             → FAILED (fail-closed: vazgeç, manuel müdahale; sonsuz-requeue YOK)
+ *
+ * Yaş-tabanlı bound = attempt-sayaç kolonu GEREKMEZ (migration-prod-apply yok). Tüm UPDATE'ler
+ * `status='running' AND finished_at IS NULL` guard'lı → race-safe (bu arada biten job'a dokunmaz).
+ */
+async function reconcileStaleJobs(cfg, staleMin, maxAgeMin, dryRun) {
+    const stale = await dbSelectJson(cfg, CONTROL_DB, `SELECT id, type, requested_by, EXTRACT(EPOCH FROM (now() - created_at))/60 AS age_min
+       FROM cp_provisioning_jobs
+      WHERE status='running' AND finished_at IS NULL
+        AND created_at < now() - (interval '1 minute' * ${staleMin})
+      ORDER BY created_at`);
+    if (stale.length === 0) {
+        log.info('[reconcile] stuck-running job yok (temiz).');
+        return { requeued: 0, failed: 0, skipped: 0 };
+    }
+    log.warn(`[reconcile] ${stale.length} stuck-running job (>${staleMin}dk, hiç tamamlanmamış).`);
+    let requeued = 0, failed = 0, skipped = 0;
+    for (const j of stale) {
+        const age = Math.round(Number(j.age_min));
+        if (Number(j.age_min) > maxAgeMin) {
+            // fail-closed: çok-eski → vazgeç (manuel). Sonsuz-requeue engeli.
+            if (dryRun) {
+                log.info(`[reconcile] (dry) ${j.id} (${j.type}, ${age}dk) → FAILED (max-age)`);
+                failed++;
+                continue;
+            }
+            const err = `reconcile: stuck >${maxAgeMin}dk (running, hiç tamamlanmadı) → fail-closed, manuel müdahale gerekli`;
+            const res = await dbExec(cfg, CONTROL_DB, `UPDATE cp_provisioning_jobs SET status='failed', error='${sqlLit(err)}', finished_at=now()
+          WHERE id='${j.id}' AND status='running' AND finished_at IS NULL;`);
+            if (res.success && /UPDATE 1/.test(res.stdout)) {
+                await audit(cfg, j.requested_by, 'job_reconcile_failed', `job:${j.id}`, { age_min: age, reason: 'max-age' });
+                log.error(`[ALERT:reconcile-stuck][cid:${j.id}] STUCK-JOB-FAILED: type=${j.type} age=${age}dk req_by=${j.requested_by ?? 'system'} — fail-closed, manuel müdahale gerekli (DURABILITY-RISK)`);
+                failed++;
+            }
+            else {
+                skipped++;
+                log.debug(`[reconcile] ${j.id} state değişti (race) — skip`);
+            }
+        }
+        else {
+            // idempotent recovery: requeue → agent re-run eder (per-step resume).
+            if (dryRun) {
+                log.info(`[reconcile] (dry) ${j.id} (${j.type}, ${age}dk) → REQUEUE`);
+                requeued++;
+                continue;
+            }
+            const res = await dbExec(cfg, CONTROL_DB, `UPDATE cp_provisioning_jobs SET status='queued'
+          WHERE id='${j.id}' AND status='running' AND finished_at IS NULL;`);
+            if (res.success && /UPDATE 1/.test(res.stdout)) {
+                await audit(cfg, j.requested_by, 'job_reconcile_requeued', `job:${j.id}`, { age_min: age });
+                log.warn(`[ALERT:reconcile-requeued][cid:${j.id}] STUCK-JOB-REQUEUED: type=${j.type} age=${age}dk req_by=${j.requested_by ?? 'system'} — idempotent-rerun tetiklendi`);
+                requeued++;
+            }
+            else {
+                skipped++;
+                log.debug(`[reconcile] ${j.id} state değişti (race) — skip`);
+            }
+        }
+    }
+    log.info(`[reconcile] ${requeued} requeued · ${failed} failed (fail-closed) · ${skipped} skip${dryRun ? ' [DRY-RUN]' : ''}.`);
+    return { requeued, failed, skipped };
+}
+async function audit(cfg, actor, action, target, after) {
+    await dbExec(cfg, CONTROL_DB, `INSERT INTO cp_audit_log (actor, action, target, after)
+     VALUES (${actor ? `'${sqlLit(actor)}'` : 'NULL'}, '${sqlLit(action)}', '${sqlLit(target)}',
+             '${sqlLit(JSON.stringify(after))}'::jsonb);`);
+}
+/** Spawn `ci brand reconcile` as a child process; map output → steps + ok. */
+function spawnReconcile(host, brand, dns) {
+    const cliEntry = fileURLToPath(new URL('../../index.js', import.meta.url));
+    const args = [cliEntry, 'brand', 'reconcile', '--host', host];
+    if (brand)
+        args.push('--brand', brand);
+    if (dns)
+        args.push('--dns');
+    return new Promise((resolve) => {
+        execFile(process.execPath, args, { timeout: 300_000 }, (error, stdout, stderr) => {
+            const text = `${stdout}\n${stderr}`;
+            // Step lines: the reconcile summary marks each with ✓ / ⚠.
+            const steps = text.split('\n').map(l => l.trim()).filter(l => /^[ℹ]?\s*[✓⚠]/.test(l) || /[✓⚠]/.test(l)).map(l => l.replace(/^ℹ\s*/, ''));
+            resolve({ ok: !error, steps, error: error ? (stderr.trim() || stdout.trim() || error.message).slice(0, 500) : '' });
+        });
+    });
+}
+/**
+ * M3.4 publish_addon executor (option-b / single authority). Runs the host-side
+ * runner INSIDE the app container so the control-plane write goes through
+ * AddonRegistryService (the only cp_addons writer), then uploads the rebuilt
+ * catalog manifest to R2 (the CDN gate reads it). Idempotent: the runner's
+ * upsert/publishVersion are upserts, so a re-queued job is safe.
+ *
+ * Host config (deploy/Mustafa-gate): CICORE_PHP_CONTAINER (default 'cicore-php')
+ * + PUBLISH_ADDON_RUNNER (default the in-container script path).
+ */
+async function spawnPublishAddon(cfg, payload, jobId) {
+    const steps = [];
+    const container = process.env.CICORE_PHP_CONTAINER ?? 'cicore-php';
+    const runner = process.env.PUBLISH_ADDON_RUNNER ?? '/var/www/app/Backend/Console/publish-addon-job.php';
+    // inject job ID so publish-addon-job.php can log saga steps with traceability
+    const payloadJson = JSON.stringify({ ...payload, _job_id: jobId });
+    // Saga compensation C1: R2 hash-path clean (orphan prevention on fail).
+    // PHP handles C2 (cp_addon_versions.content_hash=null) + C3 (am-pointer restore) server-side.
+    const sagaCompensateR2 = async () => {
+        const ver = payload.version;
+        const hash = typeof ver?.content_hash === 'string' ? ver.content_hash : undefined;
+        const addonMeta = payload.addon;
+        const slug = typeof addonMeta?.slug === 'string' ? addonMeta.slug
+            : typeof payload.slug === 'string' ? payload.slug : undefined;
+        if (hash && slug) {
+            await cdnCleanAddon(cfg, slug, { version: hash }).catch(() => { });
+            steps.push(`saga compensation C1: R2 hash-path ${slug}/${hash} cleaned`);
+        }
+    };
+    // 1. Register in control-plane via AddonRegistryService (single authority).
+    const run = await new Promise((resolve) => {
+        execFile('docker', ['exec', container, 'php', runner, payloadJson], { timeout: 300_000 }, (error, stdout, stderr) => {
+            resolve({ ok: !error, stdout: stdout ?? '', error: error ? (stderr.trim() || error.message).slice(0, 500) : '' });
+        });
+    });
+    if (!run.ok) {
+        await sagaCompensateR2();
+        return { ok: false, steps, error: `publish-job: ${run.error}` };
+    }
+    // collect any SAGA_STEP_DONE lines emitted by publish-addon-job.php
+    for (const l of run.stdout.split('\n')) {
+        if (l.startsWith('SAGA_STEP_DONE='))
+            steps.push(`saga: ${l.slice('SAGA_STEP_DONE='.length).trim()}`);
+    }
+    steps.push('publish-job: control-plane registered (AddonRegistryService)');
+    // 2. Extract the rebuilt manifest → upload to R2 (addons/_manifest.json).
+    const line = run.stdout.split('\n').find(l => l.startsWith('MANIFEST_JSON='));
+    if (!line) {
+        await sagaCompensateR2();
+        return { ok: false, steps, error: 'publish-job: MANIFEST_JSON üretilmedi' };
+    }
+    const up = await cdnUploadManifest(cfg, line.slice('MANIFEST_JSON='.length));
+    if (!up.success) {
+        await sagaCompensateR2();
+        steps.push('manifest upload FAILED');
+        return { ok: false, steps, error: 'manifest upload failed' };
+    }
+    steps.push('manifest uploaded to R2 (addons/_manifest.json)');
+    return { ok: true, steps, error: '' };
+}
+/**
+ * E7-1 manifest_refresh executor — quarantine/revoke runtime-propagasyon. GÜNCEL DB'den
+ * imzalı manifest regen (refresh-manifest-job.php, READ-ONLY) → R2'ye yükle. publish
+ * YOK (cp_addons'a yazmaz). Worker taze manifest'i okuyunca quarantine entry → 451.
+ */
+async function spawnManifestRefresh(cfg, _jobId) {
+    const steps = [];
+    const container = process.env.CICORE_PHP_CONTAINER ?? 'cicore-php';
+    const runner = process.env.REFRESH_MANIFEST_RUNNER ?? '/var/www/app/Backend/Console/refresh-manifest-job.php';
+    const run = await new Promise((resolve) => {
+        execFile('docker', ['exec', container, 'php', runner], { timeout: 120_000 }, (error, stdout, stderr) => {
+            resolve({ ok: !error, stdout: stdout ?? '', error: error ? (stderr.trim() || error.message).slice(0, 500) : '' });
+        });
+    });
+    if (!run.ok)
+        return { ok: false, steps, error: `refresh-manifest-job: ${run.error}` };
+    const line = run.stdout.split('\n').find(l => l.startsWith('MANIFEST_JSON='));
+    if (!line)
+        return { ok: false, steps, error: 'refresh-manifest-job: MANIFEST_JSON üretilmedi' };
+    const up = await cdnUploadManifest(cfg, line.slice('MANIFEST_JSON='.length));
+    if (!up.success) {
+        steps.push('manifest upload FAILED');
+        return { ok: false, steps, error: 'manifest upload failed' };
+    }
+    steps.push('manifest refreshed → R2 (quarantine/revoke runtime-propagasyon)');
+    return { ok: true, steps, error: '' };
+}
+/**
+ * Spawn `ci db promote-silo` as a child process. Agent always passes
+ * --confirm-manifest (job already approved via panel super-admin gate +
+ * HMAC signature; no human-in-the-loop on the agent side). --job-id ties
+ * orchestrator's per-step jsonb to the row claimed by claimNext().
+ */
+function spawnPromoteSilo(host, brand, jobId) {
+    const cliEntry = fileURLToPath(new URL('../../index.js', import.meta.url));
+    const args = [cliEntry, 'db', 'promote-silo',
+        '--brand', brand, '--host', host,
+        '--job-id', jobId, '--confirm-manifest'];
+    return new Promise((resolve) => {
+        // 30 dk timeout — data migration uzun sürebilir; per-step idempotent
+        // guard sayesinde timeout sonrası resume güvenli.
+        execFile(process.execPath, args, { timeout: 1_800_000 }, (error, stdout, stderr) => {
+            const text = `${stdout}\n${stderr}`;
+            const steps = text.split('\n').map(l => l.trim())
+                .filter(l => /\[step \d+\/\d+\]/.test(l) || /^[ℹ]?\s*[✓⚠]/.test(l))
+                .map(l => l.replace(/^ℹ\s*/, ''));
+            resolve({ ok: !error, steps, error: error ? (stderr.trim() || stdout.trim() || error.message).slice(0, 500) : '' });
+        });
+    });
+}
+/**
+ * Spawn `ci db rollback-silo` — Faz 6.2 ters yön orchestrator. Aynı
+ * --confirm-manifest + --job-id pattern. 30 dk timeout (delete+copy
+ * uzun sürebilir; per-step idempotent guard resume güvenli).
+ */
+function spawnRollbackSilo(host, brand, jobId) {
+    const cliEntry = fileURLToPath(new URL('../../index.js', import.meta.url));
+    const args = [cliEntry, 'db', 'rollback-silo',
+        '--brand', brand, '--host', host,
+        '--job-id', jobId, '--confirm-manifest'];
+    return new Promise((resolve) => {
+        execFile(process.execPath, args, { timeout: 1_800_000 }, (error, stdout, stderr) => {
+            const text = `${stdout}\n${stderr}`;
+            const steps = text.split('\n').map(l => l.trim())
+                .filter(l => /\[step \d+\/\d+\]/.test(l) || /^[ℹ]?\s*[✓⚠]/.test(l))
+                .map(l => l.replace(/^ℹ\s*/, ''));
+            resolve({ ok: !error, steps, error: error ? (stderr.trim() || stdout.trim() || error.message).slice(0, 500) : '' });
+        });
+    });
+}
+/**
+ * Spawn `ci db relocate` — M2 db_relocate (aktif yön; K-REL onaylı).
+ * Agent --confirm-relocation her zaman geçirir (panel super-admin gate +
+ * HMAC zaten onay sağlar). 30 dk timeout (büyük DB pg_dump/restore uzun
+ * sürebilir; idempotent guard sayesinde resume güvenli).
+ */
+function spawnRelocate(host, brand, targetHost, targetPort, targetCluster, targetRegion, jobId) {
+    const cliEntry = fileURLToPath(new URL('../../index.js', import.meta.url));
+    const args = [cliEntry, 'db', 'relocate',
+        '--brand', brand, '--host', host,
+        '--target-host', targetHost,
+        '--job-id', jobId, '--confirm-relocation'];
+    if (targetPort)
+        args.push('--target-port', targetPort);
+    if (targetCluster)
+        args.push('--target-cluster', targetCluster);
+    if (targetRegion)
+        args.push('--target-region', targetRegion);
+    return new Promise((resolve) => {
+        execFile(process.execPath, args, { timeout: 1_800_000 }, (error, stdout, stderr) => {
+            const text = `${stdout}\n${stderr}`;
+            const steps = text.split('\n').map(l => l.trim())
+                .filter(l => /\[step \d+\/\d+\]/.test(l) || /^[ℹ]?\s*[✓⚠]/.test(l))
+                .map(l => l.replace(/^ℹ\s*/, ''));
+            resolve({ ok: !error, steps, error: error ? (stderr.trim() || stdout.trim() || error.message).slice(0, 500) : '' });
+        });
+    });
+}
+// ─────────────────────────────────────────────────────────────────────────
+// Signing (HMAC — panel can't inject arbitrary jobs)
+// ─────────────────────────────────────────────────────────────────────────
+/**
+ * Order-stable canonical string for signing. Keys are sorted recursively so the
+ * signature survives jsonb's key re-normalisation (Postgres returns jsonb keys
+ * in a different order than they were inserted — without this, every legit job
+ * would fail verification).
+ */
+function canonical(type, targetType, payload) {
+    return stableStringify({ type, target_type: targetType, payload });
+}
+function stableStringify(value) {
+    if (value === null || typeof value !== 'object')
+        return JSON.stringify(value);
+    if (Array.isArray(value))
+        return `[${value.map(stableStringify).join(',')}]`;
+    const obj = value;
+    return `{${Object.keys(obj).sort().map(k => `${JSON.stringify(k)}:${stableStringify(obj[k])}`).join(',')}}`;
+}
+/** Sign a job, or return '' (unsigned) when no secret is configured (dev). */
+/**
+ * Enqueue a signed provisioning job (reusable by other commands, e.g.
+ * `ci addon publish` → publish_addon). Mirrors the `agent enqueue` INSERT;
+ * caller ensures `type` is a KNOWN_TYPES value. Returns whether the row landed.
+ */
+export async function enqueueJob(cfg, type, targetType, payload, requestedBy = 'cli') {
+    const sig = signJob(type, targetType, payload);
+    const sigSql = sig ? `'${sig}'` : 'NULL';
+    const res = await dbExec(cfg, CONTROL_DB, `INSERT INTO cp_provisioning_jobs (target_type, type, payload, status, requested_by, signature)
+     VALUES ('${sqlLit(targetType)}', '${sqlLit(type)}', '${sqlLit(JSON.stringify(payload))}'::jsonb, 'queued',
+             '${sqlLit(requestedBy)}', ${sigSql});`);
+    return res.success;
+}
+function signJob(type, targetType, payload) {
+    const secret = process.env.CICORE_JOB_SIGNING_SECRET;
+    if (!secret) {
+        log.warn('CICORE_JOB_SIGNING_SECRET unset — enqueuing UNSIGNED job (dev only).');
+        return '';
+    }
+    return createHmac('sha256', secret).update(canonical(type, targetType, payload)).digest('hex');
+}
+/** Verify a job's signature; throw on mismatch. Dev mode (no secret) warns + passes. */
+function verifySignature(job) {
+    const secret = process.env.CICORE_JOB_SIGNING_SECRET;
+    if (!secret) {
+        log.warn(`[agent] CICORE_JOB_SIGNING_SECRET unset — running job ${job.id} WITHOUT signature check (dev only).`);
+        return;
+    }
+    const expected = createHmac('sha256', secret).update(canonical(job.type, job.target_type, job.payload)).digest('hex');
+    if (job.signature !== expected) {
+        throw new Error('job signature invalid — refusing to execute (possible tampering)');
+    }
+}
+// ─────────────────────────────────────────────────────────────────────────
+// Helpers
+// ─────────────────────────────────────────────────────────────────────────
+function assertType(type) {
+    if (!KNOWN_TYPES.includes(type)) {
+        log.error(`Unknown --type '${type}'. Known: ${KNOWN_TYPES.join(', ')}.`);
+        process.exit(1);
+    }
+}
+function resolveHost(alias) {
+    if (alias === undefined) {
+        log.error('--host is required (cicore | mkt).');
+        process.exit(1);
+    }
+    try {
+        return getHostConfig(alias);
+    }
+    catch (err) {
+        log.error(err instanceof Error ? err.message : String(err));
+        process.exit(1);
+    }
+}
+function sqlLit(s) { return s.replace(/'/g, "''"); }
+//# sourceMappingURL=index.js.map

package/dist/commands/agent/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/commands/agent/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;GAsBG;AAGH,OAAO,EAAE,QAAQ,EAAE,MAAM,oBAAoB,CAAA;AAC7C,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAA;AACxC,OAAO,EAAE,aAAa,EAAE,MAAM,UAAU,CAAA;AACxC,OAAO,EAAE,GAAG,EAAE,MAAM,qBAAqB,CAAA;AACzC,OAAO,EAAE,aAAa,EAAmB,MAAM,oBAAoB,CAAA;AACnE,OAAO,EAAE,YAAY,EAAE,MAAM,EAAE,MAAM,qBAAqB,CAAA;AAC1D,OAAO,EAAE,iBAAiB,EAAE,aAAa,EAAE,MAAM,sBAAsB,CAAA;AAEvE,MAAM,UAAU,GAAG,gBAAgB,CAAA;AACnC,MAAM,OAAO,GAAG,yBAAyB,CAAA;AACzC,gDAAgD;AAChD,MAAM,WAAW,GAAG;IAClB,iBAAiB;IACjB,iBAAiB,EAAY,0CAA0C;IACvE,0BAA0B,EAAG,oBAAoB;IACjD,aAAa,EAAgB,0CAA0C;IACvE,eAAe,EAAc,wDAAwD;IACrF,kBAAkB,EAAW,mEAAmE;CACxF,CAAA;AAaV,MAAM,UAAU,qBAAqB,CAAC,OAAgB;IACpD,MAAM,KAAK,GAAG,OAAO,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,WAAW,CAAC,8DAA8D,CAAC,CAAA;IAElH,KAAK;SACF,OAAO,CAAC,SAAS,CAAC;SAClB,WAAW,CAAC,wDAAwD,CAAC;SACrE,cAAc,CAAC,eAAe,EAAE,aAAa,WAAW,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC;SACxE,MAAM,CAAC,mBAAmB,EAAE,2BAA2B,CAAC;SACxD,MAAM,CAAC,gBAAgB,EAAE,kCAAkC,CAAC;SAC5D,MAAM,CAAC,OAAO,EAAE,iDAAiD,CAAC;SAClE,MAAM,CAAC,sBAAsB,EAAE,aAAa,EAAE,KAAK,CAAC;SACpD,MAAM,CAAC,KAAK,EAAE,IAA0F,EAAE,EAAE;QAC3G,MAAM,GAAG,GAAG,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;QAClC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;QACrB,IAAI,IAAI,CAAC,KAAK,KAAK,SAAS,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;YAC1D,GAAG,CAAC,KAAK,CAAC,yBAAyB,IAAI,CAAC,KAAK,IAAI,CAAC,CAAC;YAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAA;QACrE,CAAC;QACD,MAAM,UAAU,GAAG,OAAO,CAAA;QAC1B,MAAM,OAAO,GAAG,EAAE,KAAK,EAAE,IAAI,CAAC,KAAK,IAAI,IAAI,EAAE,GAAG,EAAE,IAAI,CAAC,GAAG,KAAK,IAAI,EAAE,CAAA;QACrE,MAAM,GAAG,GAAG,OAAO,CAAC,IAAI,CAAC,IAAI,EAAE,UAAU,EAAE,OAAO,CAAC,CAAA;QACnD,MAAM,MAAM,GAAG,GAAG,CAAC,CAAC,CAAC,IAAI,GAAG,GAAG,CAAC,CAAC,CAAC,MAAM,CAAA;QACxC,MAAM,GAAG,GAAG,MAAM,MAAM,CACtB,GAAG,EACH,UAAU,EACV;oBACY,UAAU,OAAO,IAAI,CAAC,IAAI,OAAO,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC;oBAChE,MAAM,CAAC,IAAI,CAAC,WAAW,IAAI,KAAK,CAAC,MAAM,MAAM,IAAI,CAC9D,CAAA;QACD,IAAI,CAAC,GAAG,CAAC,OAAO,EAAE,CAAC;YAAC,GAAG,CAAC,KAAK,CAAC,mBAAmB,GAAG,CAAC,MAAM,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;YAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAA;QAAC,CAAC;QACxF,GAAG,CAAC,OAAO,CAAC,eAAe,IAAI,CAAC,IAAI,WAAW,IAAI,CAAC,KAAK,IAAI,GAAG,SAAS,IAAI,CAAC,GAAG,KAAK,IAAI,IAAI,GAAG,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,mBAAmB,EAAE,CAAC,CAAA;IAC1I,CAAC,CAAC,CAAA;IAEJ,KAAK;SACF,OAAO,CAAC,KAAK,CAAC;SACd,WAAW,CAAC,4CAA4C,CAAC;SACzD,MAAM,CAAC,mBAAmB,EAAE,2BAA2B,CAAC;SACxD,MAAM,CAAC,QAAQ,EAAE,6CAA6C,EAAE,KAAK,CAAC;SACtE,MAAM,CAAC,WAAW,EAAE,8BAA8B,EAAE,IAAI,CAAC;SACzD,MAAM,CAAC,KAAK,EAAE,IAAqD,EAAE,EAAE;QACtE,MAAM,GAAG,GAAG,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;QAClC,MAAM,GAAG,GAAG,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,GAAG,IAAI,IAAI,EAAE,EAAE,CAAC,CAAA;QACjD,IAAI,SAAS,GAAG,CAAC,CAAA;QACjB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,GAAG,EAAE,CAAC,EAAE,EAAE,CAAC;YAC7B,MAAM,GAAG,GAAG,MAAM,SAAS,CAAC,GAAG,CAAC,CAAA;YAChC,IAAI,CAAC,GAAG;gBAAE,MAAK;YACf,MAAM,MAAM,CAAC,GAAG,EAAE,GAAG,CAAC,CAAA;YACtB,SAAS,EAAE,CAAA;QACb,CAAC;QACD,GAAG,CAAC,IAAI,CAAC,SAAS,KAAK,CAAC,CAAC,CAAC,CAAC,iBAAiB,CAAC,CAAC,CAAC,aAAa,SAAS,UAAU,CAAC,CAAA;IAClF,CAAC,CAAC,CAAA;IAEJ,KAAK;SACF,OAAO,CAAC,WAAW,CAAC;SACpB,WAAW,CAAC,8HAA8H,CAAC;SAC3I,MAAM,CAAC,mBAAmB,EAAE,2BAA2B,CAAC;SACxD,MAAM,CAAC,iBAAiB,EAAE,gDAAgD,EAAE,IAAI,CAAC;SACjF,MAAM,CAAC,mBAAmB,EAAE,qDAAqD,EAAE,IAAI,CAAC;SACxF,MAAM,CAAC,QAAQ,EAAE,6BAA6B,EAAE,KAAK,CAAC;SACtD,MAAM,CAAC,WAAW,EAAE,gCAAgC,EAAE,KAAK,CAAC;SAC5D,MAAM,CAAC,KAAK,EAAE,IAAqG,EAAE,EAAE;QACtH,MAAM,GAAG,GAAG,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;QAClC,MAAM,QAAQ,GAAG,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,QAAQ,IAAI,IAAI,EAAE,EAAE,CAAC,CAAA;QAC3D,MAAM,SAAS,GAAG,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,SAAS,IAAI,IAAI,EAAE,EAAE,CAAC,CAAA;QAC7D,MAAM,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,MAAM,IAAI,IAAI,CAAC,SAAS,CAAC,CAAC,CAAA;QACtD,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,GAAG,MAAM,kBAAkB,CAAC,GAAG,EAAE,QAAQ,EAAE,SAAS,EAAE,MAAM,CAAC,CAAA;QACvF,kFAAkF;QAClF,IAAI,QAAQ,GAAG,MAAM,GAAG,CAAC;YAAE,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAA;IAC5C,CAAC,CAAC,CAAA;AACN,CAAC;AAED,4EAA4E;AAC5E,gBAAgB;AAChB,4EAA4E;AAE5E,8FAA8F;AAC9F,KAAK,UAAU,SAAS,CAAC,GAAe;IACtC,MAAM,MAAM,GAAG,MAAM,YAAY,CAC/B,GAAG,EACH,UAAU,EACV;qFACiF,CAClF,CAAA;IACD,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,SAAS,CAAA;IACzC,MAAM,GAAG,GAAG,MAAM,CAAC,CAAC,CAAC,CAAA;IACrB,+EAA+E;IAC/E,MAAM,GAAG,GAAG,MAAM,MAAM,CACtB,GAAG,EACH,UAAU,EACV;kBACc,GAAG,CAAC,EAAE,wBAAwB,CAC7C,CAAA;IACD,IAAI,CAAC,GAAG,CAAC,OAAO,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC;QACjD,GAAG,CAAC,KAAK,CAAC,eAAe,GAAG,CAAC,EAAE,2CAA2C,CAAC,CAAA;QAC3E,OAAO,SAAS,CAAA;IAClB,CAAC;IACD,MAAM,KAAK,CAAC,GAAG,EAAE,GAAG,CAAC,YAAY,EAAE,aAAa,EAAE,OAAO,GAAG,CAAC,EAAE,EAAE,EAAE,EAAE,IAAI,EAAE,GAAG,CAAC,IAAI,EAAE,OAAO,EAAE,GAAG,CAAC,OAAO,EAAE,CAAC,CAAA;IAC5G,OAAO,GAAG,CAAA;AACZ,CAAC;AAED,KAAK,UAAU,MAAM,CAAC,GAAe,EAAE,GAAW;IAChD,GAAG,CAAC,IAAI,CAAC,uBAAuB,GAAG,CAAC,EAAE,KAAK,GAAG,CAAC,IAAI,GAAG,CAAC,CAAA;IACvD,MAAM,KAAK,GAAa,EAAE,CAAA;IAC1B,IAAI,CAAC;QACH,uDAAuD;QACvD,eAAe,CAAC,GAAG,CAAC,CAAA;QAEpB,uBAAuB;QACvB,IAAI,GAAG,CAAC,IAAI,KAAK,iBAAiB,EAAE,CAAC;YACnC,MAAM,KAAK,GAAG,OAAO,GAAG,CAAC,OAAO,CAAC,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS,CAAA;YACnF,MAAM,GAAG,GAAG,GAAG,CAAC,OAAO,CAAC,GAAG,KAAK,IAAI,CAAA;YACpC,MAAM,GAAG,GAAG,MAAM,cAAc,CAAC,GAAG,CAAC,KAAK,EAAE,KAAK,EAAE,GAAG,CAAC,CAAA;YACvD,KAAK,CAAC,IAAI,CAAC,GAAG,GAAG,CAAC,KAAK,CAAC,CAAA;YACxB,IAAI,CAAC,GAAG,CAAC,EAAE;gBAAE,MAAM,IAAI,KAAK,CAAC,GAAG,CAAC,KAAK,IAAI,kBAAkB,CAAC,CAAA;QAC/D,CAAC;aAAM,IAAI,GAAG,CAAC,IAAI,KAAK,iBAAiB,EAAE,CAAC;YAC1C,sDAAsD;YACtD,8DAA8D;YAC9D,2DAA2D;YAC3D,gEAAgE;YAChE,+DAA+D;YAC/D,MAAM,KAAK,GAAG,OAAO,GAAG,CAAC,OAAO,CAAC,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS,CAAA;YACnF,IAAI,CAAC,KAAK;gBAAE,MAAM,IAAI,KAAK,CAAC,uCAAuC,CAAC,CAAA;YACpE,MAAM,GAAG,GAAG,MAAM,gBAAgB,CAAC,GAAG,CAAC,KAAK,EAAE,KAAK,EAAE,GAAG,CAAC,EAAE,CAAC,CAAA;YAC5D,KAAK,CAAC,IAAI,CAAC,GAAG,GAAG,CAAC,KAAK,CAAC,CAAA;YACxB,IAAI,CAAC,GAAG,CAAC,EAAE;gBAAE,MAAM,IAAI,KAAK,CAAC,GAAG,CAAC,KAAK,IAAI,qBAAqB,CAAC,CAAA;QAClE,CAAC;aAAM,IAAI,GAAG,CAAC,IAAI,KAAK,0BAA0B,EAAE,CAAC;YACnD,wDAAwD;YACxD,mEAAmE;YACnE,8DAA8D;YAC9D,sDAAsD;YACtD,MAAM,KAAK,GAAG,OAAO,GAAG,CAAC,OAAO,CAAC,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS,CAAA;YACnF,IAAI,CAAC,KAAK;gBAAE,MAAM,IAAI,KAAK,CAAC,gDAAgD,CAAC,CAAA;YAC7E,MAAM,GAAG,GAAG,MAAM,iBAAiB,CAAC,GAAG,CAAC,KAAK,EAAE,KAAK,EAAE,GAAG,CAAC,EAAE,CAAC,CAAA;YAC7D,KAAK,CAAC,IAAI,CAAC,GAAG,GAAG,CAAC,KAAK,CAAC,CAAA;YACxB,IAAI,CAAC,GAAG,CAAC,EAAE;gBAAE,MAAM,IAAI,KAAK,CAAC,GAAG,CAAC,KAAK,IAAI,sBAAsB,CAAC,CAAA;QACnE,CAAC;aAAM,IAAI,GAAG,CAAC,IAAI,KAAK,aAAa,EAAE,CAAC;YACtC,0DAA0D;YAC1D,uEAAuE;YACvE,uEAAuE;YACvE,uEAAuE;YACvE,qEAAqE;YACrE,8BAA8B;YAC9B,MAAM,KAAK,GAAG,OAAO,GAAG,CAAC,OAAO,CAAC,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS,CAAA;YACnF,MAAM,UAAU,GAAG,OAAO,GAAG,CAAC,OAAO,CAAC,WAAW,KAAK,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC,CAAC,SAAS,CAAA;YACpG,MAAM,UAAU,GAAG,OAAO,GAAG,CAAC,OAAO,CAAC,WAAW,KAAK,QAAQ;gBAC5D,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,OAAO,CAAC,WAAW,CAAC;gBACjC,CAAC,CAAC,CAAC,OAAO,GAAG,CAAC,OAAO,CAAC,WAAW,KAAK,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC,CAAC,SAAS,CAAC,CAAA;YACvF,MAAM,aAAa,GAAG,OAAO,GAAG,CAAC,OAAO,CAAC,cAAc,KAAK,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,cAAc,CAAC,CAAC,CAAC,SAAS,CAAA;YAC7G,MAAM,YAAY,GAAI,OAAO,GAAG,CAAC,OAAO,CAAC,aAAa,KAAM,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,aAAa,CAAE,CAAC,CAAC,SAAS,CAAA;YAC7G,IAAI,CAAC,KAAK;gBAAO,MAAM,IAAI,KAAK,CAAC,mCAAmC,CAAC,CAAA;YACrE,IAAI,CAAC,UAAU;gBAAE,MAAM,IAAI,KAAK,CAAC,yCAAyC,CAAC,CAAA;YAC3E,MAAM,GAAG,GAAG,MAAM,aAAa,CAAC,GAAG,CAAC,KAAK,EAAE,KAAK,EAAE,UAAU,EAAE,UAAU,EAAE,aAAa,EAAE,YAAY,EAAE,GAAG,CAAC,EAAE,CAAC,CAAA;YAC9G,KAAK,CAAC,IAAI,CAAC,GAAG,GAAG,CAAC,KAAK,CAAC,CAAA;YACxB,IAAI,CAAC,GAAG,CAAC,EAAE;gBAAE,MAAM,IAAI,KAAK,CAAC,GAAG,CAAC,KAAK,IAAI,oBAAoB,CAAC,CAAA;QACjE,CAAC;aAAM,IAAI,GAAG,CAAC,IAAI,KAAK,eAAe,EAAE,CAAC;YACxC,qEAAqE;YACrE,qEAAqE;YACrE,MAAM,GAAG,GAAG,MAAM,iBAAiB,CAAC,GAAG,EAAE,GAAG,CAAC,OAAO,EAAE,GAAG,CAAC,EAAE,CAAC,CAAA;YAC7D,KAAK,CAAC,IAAI,CAAC,GAAG,GAAG,CAAC,KAAK,CAAC,CAAA;YACxB,IAAI,CAAC,GAAG,CAAC,EAAE;gBAAE,MAAM,IAAI,KAAK,CAAC,GAAG,CAAC,KAAK,IAAI,sBAAsB,CAAC,CAAA;QACnE,CAAC;aAAM,IAAI,GAAG,CAAC,IAAI,KAAK,kBAAkB,EAAE,CAAC;YAC3C,8EAA8E;YAC9E,2EAA2E;YAC3E,2DAA2D;YAC3D,MAAM,GAAG,GAAG,MAAM,oBAAoB,CAAC,GAAG,EAAE,GAAG,CAAC,EAAE,CAAC,CAAA;YACnD,KAAK,CAAC,IAAI,CAAC,GAAG,GAAG,CAAC,KAAK,CAAC,CAAA;YACxB,IAAI,CAAC,GAAG,CAAC,EAAE;gBAAE,MAAM,IAAI,KAAK,CAAC,GAAG,CAAC,KAAK,IAAI,yBAAyB,CAAC,CAAA;QACtE,CAAC;aAAM,CAAC;YACN,MAAM,IAAI,KAAK,CAAC,qBAAqB,GAAG,CAAC,IAAI,GAAG,CAAC,CAAA;QACnD,CAAC;QAED,MAAM,WAAW,CAAC,GAAG,EAAE,GAAG,CAAC,EAAE,EAAE,SAAS,EAAE,KAAK,EAAE,IAAI,CAAC,CAAA;QACtD,MAAM,KAAK,CAAC,GAAG,EAAE,GAAG,CAAC,YAAY,EAAE,aAAa,EAAE,OAAO,GAAG,CAAC,EAAE,EAAE,EAAE,EAAE,KAAK,EAAE,CAAC,CAAA;QAC7E,GAAG,CAAC,OAAO,CAAC,eAAe,GAAG,CAAC,EAAE,aAAa,KAAK,CAAC,MAAM,SAAS,CAAC,CAAA;IACtE,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,OAAO,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAA;QAChE,sFAAsF;QACtF,qFAAqF;QACrF,sFAAsF;QACtF,MAAM,WAAW,CAAC,GAAG,EAAE,GAAG,CAAC,EAAE,EAAE,QAAQ,EAAE,KAAK,EAAE,OAAO,CAAC,CAAA;QACxD,MAAM,KAAK,CAAC,GAAG,EAAE,GAAG,CAAC,YAAY,EAAE,YAAY,EAAE,OAAO,GAAG,CAAC,EAAE,EAAE,EAAE,EAAE,KAAK,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC,CAAA;QAC5F,GAAG,CAAC,KAAK,CAAC,eAAe,GAAG,CAAC,EAAE,YAAY,OAAO,EAAE,CAAC,CAAA;IACvD,CAAC;AACH,CAAC;AAED,KAAK,UAAU,WAAW,CACxB,GAAe,EAAE,EAAU,EAAE,MAA4B,EAAE,KAAe,EAAE,KAAoB;IAEhG,MAAM,MAAM,GAAG,KAAK,KAAK,IAAI,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI,MAAM,CAAC,KAAK,CAAC,GAAG,CAAA;IAC7D,MAAM,MAAM,CACV,GAAG,EACH,UAAU,EACV;sBACkB,MAAM,aAAa,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC;oBAClD,MAAM;kBACR,EAAE,IAAI,CACrB,CAAA;AACH,CAAC;AASD;;;;;;;;;;;;;GAaG;AACH,KAAK,UAAU,kBAAkB,CAC/B,GAAe,EAAE,QAAgB,EAAE,SAAiB,EAAE,MAAe;IAErE,MAAM,KAAK,GAAG,MAAM,YAAY,CAC9B,GAAG,EACH,UAAU,EACV;;;0DAGsD,QAAQ;0BACxC,CACvB,CAAA;IACD,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAAC,GAAG,CAAC,IAAI,CAAC,4CAA4C,CAAC,CAAC;QAAC,OAAO,EAAE,QAAQ,EAAE,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,OAAO,EAAE,CAAC,EAAE,CAAA;IAAC,CAAC;IACjI,GAAG,CAAC,IAAI,CAAC,eAAe,KAAK,CAAC,MAAM,wBAAwB,QAAQ,yBAAyB,CAAC,CAAA;IAE9F,IAAI,QAAQ,GAAG,CAAC,EAAE,MAAM,GAAG,CAAC,EAAE,OAAO,GAAG,CAAC,CAAA;IACzC,KAAK,MAAM,CAAC,IAAI,KAAK,EAAE,CAAC;QACtB,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAA;QACzC,IAAI,MAAM,CAAC,CAAC,CAAC,OAAO,CAAC,GAAG,SAAS,EAAE,CAAC;YAClC,kEAAkE;YAClE,IAAI,MAAM,EAAE,CAAC;gBAAC,GAAG,CAAC,IAAI,CAAC,qBAAqB,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC,IAAI,KAAK,GAAG,wBAAwB,CAAC,CAAC;gBAAC,MAAM,EAAE,CAAC;gBAAC,SAAQ;YAAC,CAAC;YAClH,MAAM,GAAG,GAAG,qBAAqB,SAAS,uEAAuE,CAAA;YACjH,MAAM,GAAG,GAAG,MAAM,MAAM,CAAC,GAAG,EAAE,UAAU,EACtC,2DAA2D,MAAM,CAAC,GAAG,CAAC;sBACxD,CAAC,CAAC,EAAE,iDAAiD,CAAC,CAAA;YACtE,IAAI,GAAG,CAAC,OAAO,IAAI,UAAU,CAAC,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC;gBAC/C,MAAM,KAAK,CAAC,GAAG,EAAE,CAAC,CAAC,YAAY,EAAE,sBAAsB,EAAE,OAAO,CAAC,CAAC,EAAE,EAAE,EAAE,EAAE,OAAO,EAAE,GAAG,EAAE,MAAM,EAAE,SAAS,EAAE,CAAC,CAAA;gBAC5G,GAAG,CAAC,KAAK,CAAC,+BAA+B,CAAC,CAAC,EAAE,4BAA4B,CAAC,CAAC,IAAI,QAAQ,GAAG,aAAa,CAAC,CAAC,YAAY,IAAI,QAAQ,2DAA2D,CAAC,CAAC;gBAAC,MAAM,EAAE,CAAA;YACzM,CAAC;iBAAM,CAAC;gBAAC,OAAO,EAAE,CAAC;gBAAC,GAAG,CAAC,KAAK,CAAC,eAAe,CAAC,CAAC,EAAE,8BAA8B,CAAC,CAAA;YAAC,CAAC;QACpF,CAAC;aAAM,CAAC;YACN,sEAAsE;YACtE,IAAI,MAAM,EAAE,CAAC;gBAAC,GAAG,CAAC,IAAI,CAAC,qBAAqB,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC,IAAI,KAAK,GAAG,eAAe,CAAC,CAAC;gBAAC,QAAQ,EAAE,CAAC;gBAAC,SAAQ;YAAC,CAAC;YAC3G,MAAM,GAAG,GAAG,MAAM,MAAM,CAAC,GAAG,EAAE,UAAU,EACtC;sBACc,CAAC,CAAC,EAAE,iDAAiD,CAAC,CAAA;YACtE,IAAI,GAAG,CAAC,OAAO,IAAI,UAAU,CAAC,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC;gBAC/C,MAAM,KAAK,CAAC,GAAG,EAAE,CAAC,CAAC,YAAY,EAAE,wBAAwB,EAAE,OAAO,CAAC,CAAC,EAAE,EAAE,EAAE,EAAE,OAAO,EAAE,GAAG,EAAE,CAAC,CAAA;gBAC3F,GAAG,CAAC,IAAI,CAAC,kCAAkC,CAAC,CAAC,EAAE,8BAA8B,CAAC,CAAC,IAAI,QAAQ,GAAG,aAAa,CAAC,CAAC,YAAY,IAAI,QAAQ,gCAAgC,CAAC,CAAC;gBAAC,QAAQ,EAAE,CAAA;YACpL,CAAC;iBAAM,CAAC;gBAAC,OAAO,EAAE,CAAC;gBAAC,GAAG,CAAC,KAAK,CAAC,eAAe,CAAC,CAAC,EAAE,8BAA8B,CAAC,CAAA;YAAC,CAAC;QACpF,CAAC;IACH,CAAC;IACD,GAAG,CAAC,IAAI,CAAC,eAAe,QAAQ,eAAe,MAAM,2BAA2B,OAAO,QAAQ,MAAM,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,EAAE,GAAG,CAAC,CAAA;IAC7H,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAE,OAAO,EAAE,CAAA;AACtC,CAAC;AAED,KAAK,UAAU,KAAK,CAClB,GAAe,EAAE,KAAoB,EAAE,MAAc,EAAE,MAAc,EAAE,KAAc;IAErF,MAAM,MAAM,CACV,GAAG,EACH,UAAU,EACV;eACW,KAAK,CAAC,CAAC,CAAC,IAAI,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,MAAM,MAAM,MAAM,CAAC,MAAM,CAAC,OAAO,MAAM,CAAC,MAAM,CAAC;gBAC7E,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC,YAAY,CACtD,CAAA;AACH,CAAC;AAQD,8EAA8E;AAC9E,SAAS,cAAc,CAAC,IAAY,EAAE,KAAyB,EAAE,GAAY;IAC3E,MAAM,QAAQ,GAAG,aAAa,CAAC,IAAI,GAAG,CAAC,gBAAgB,EAAE,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAA;IAC1E,MAAM,IAAI,GAAG,CAAC,QAAQ,EAAE,OAAO,EAAE,WAAW,EAAE,QAAQ,EAAE,IAAI,CAAC,CAAA;IAC7D,IAAI,KAAK;QAAE,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,KAAK,CAAC,CAAA;IACtC,IAAI,GAAG;QAAE,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,CAAA;IAC3B,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE;QAC7B,QAAQ,CAAC,OAAO,CAAC,QAAQ,EAAE,IAAI,EAAE,EAAE,OAAO,EAAE,OAAO,EAAE,EAAE,CAAC,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,EAAE;YAC/E,MAAM,IAAI,GAAG,GAAG,MAAM,KAAK,MAAM,EAAE,CAAA;YACnC,2DAA2D;YAC3D,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,cAAc,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC,CAAA;YACxI,OAAO,CAAC,EAAE,EAAE,EAAE,CAAC,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,EAAE,IAAI,MAAM,CAAC,IAAI,EAAE,IAAI,KAAK,CAAC,OAAO,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAA;QACrH,CAAC,CAAC,CAAA;IACJ,CAAC,CAAC,CAAA;AACJ,CAAC;AAED;;;;;;;;;GASG;AACH,KAAK,UAAU,iBAAiB,CAC9B,GAAe,EAAE,OAAgC,EAAE,KAAa;IAEhE,MAAM,KAAK,GAAa,EAAE,CAAA;IAC1B,MAAM,SAAS,GAAG,OAAO,CAAC,GAAG,CAAC,oBAAoB,IAAI,YAAY,CAAA;IAClE,MAAM,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,oBAAoB,IAAI,oDAAoD,CAAA;IACvG,8EAA8E;IAC9E,MAAM,WAAW,GAAG,IAAI,CAAC,SAAS,CAAC,EAAE,GAAG,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC,CAAA;IAElE,wEAAwE;IACxE,8FAA8F;IAC9F,MAAM,gBAAgB,GAAG,KAAK,IAAmB,EAAE;QACjD,MAAM,GAAG,GAAG,OAAO,CAAC,OAA8C,CAAA;QAClE,MAAM,IAAI,GAAG,OAAO,GAAG,EAAE,YAAY,KAAK,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC,CAAC,SAAS,CAAA;QACjF,MAAM,SAAS,GAAG,OAAO,CAAC,KAA4C,CAAA;QACtE,MAAM,IAAI,GAAG,OAAO,SAAS,EAAE,IAAI,KAAK,QAAQ,CAAC,CAAC,CAAC,SAAS,CAAC,IAAI;YAC/D,CAAC,CAAC,OAAO,OAAO,CAAC,IAAI,KAAK,QAAQ,CAAC,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS,CAAA;QAC/D,IAAI,IAAI,IAAI,IAAI,EAAE,CAAC;YACjB,MAAM,aAAa,CAAC,GAAG,EAAE,IAAI,EAAE,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,GAAE,CAAC,CAAC,CAAA;YACjE,KAAK,CAAC,IAAI,CAAC,sCAAsC,IAAI,IAAI,IAAI,UAAU,CAAC,CAAA;QAC1E,CAAC;IACH,CAAC,CAAA;IAED,4EAA4E;IAC5E,MAAM,GAAG,GAAG,MAAM,IAAI,OAAO,CAAiD,CAAC,OAAO,EAAE,EAAE;QACxF,QAAQ,CAAC,QAAQ,EAAE,CAAC,MAAM,EAAE,SAAS,EAAE,KAAK,EAAE,MAAM,EAAE,WAAW,CAAC,EAAE,EAAE,OAAO,EAAE,OAAO,EAAE,EAAE,CAAC,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,EAAE;YAClH,OAAO,CAAC,EAAE,EAAE,EAAE,CAAC,KAAK,EAAE,MAAM,EAAE,MAAM,IAAI,EAAE,EAAE,KAAK,EAAE,KAAK,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,EAAE,IAAI,KAAK,CAAC,OAAO,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAA;QACnH,CAAC,CAAC,CAAA;IACJ,CAAC,CAAC,CAAA;IACF,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC;QACZ,MAAM,gBAAgB,EAAE,CAAA;QACxB,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,gBAAgB,GAAG,CAAC,KAAK,EAAE,EAAE,CAAA;IACjE,CAAC;IACD,oEAAoE;IACpE,KAAK,MAAM,CAAC,IAAI,GAAG,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC;QACvC,IAAI,CAAC,CAAC,UAAU,CAAC,iBAAiB,CAAC;YAAE,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,KAAK,CAAC,iBAAiB,CAAC,MAAM,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,CAAA;IACtG,CAAC;IACD,KAAK,CAAC,IAAI,CAAC,8DAA8D,CAAC,CAAA;IAE1E,0EAA0E;IAC1E,MAAM,IAAI,GAAG,GAAG,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,UAAU,CAAC,gBAAgB,CAAC,CAAC,CAAA;IAC7E,IAAI,CAAC,IAAI,EAAE,CAAC;QAAC,MAAM,gBAAgB,EAAE,CAAC;QAAC,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,uCAAuC,EAAE,CAAA;IAAC,CAAC;IACpH,MAAM,EAAE,GAAG,MAAM,iBAAiB,CAAC,GAAG,EAAE,IAAI,CAAC,KAAK,CAAC,gBAAgB,CAAC,MAAM,CAAC,CAAC,CAAA;IAC5E,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC;QAChB,MAAM,gBAAgB,EAAE,CAAA;QACxB,KAAK,CAAC,IAAI,CAAC,wBAAwB,CAAC,CAAA;QACpC,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,wBAAwB,EAAE,CAAA;IAC9D,CAAC;IACD,KAAK,CAAC,IAAI,CAAC,iDAAiD,CAAC,CAAA;IAC7D,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,KAAK,EAAE,EAAE,EAAE,CAAA;AACvC,CAAC;AAED;;;;GAIG;AACH,KAAK,UAAU,oBAAoB,CAAC,GAAe,EAAE,MAAc;IACjE,MAAM,KAAK,GAAa,EAAE,CAAA;IAC1B,MAAM,SAAS,GAAG,OAAO,CAAC,GAAG,CAAC,oBAAoB,IAAI,YAAY,CAAA;IAClE,MAAM,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,uBAAuB,IAAI,uDAAuD,CAAA;IAE7G,MAAM,GAAG,GAAG,MAAM,IAAI,OAAO,CAAiD,CAAC,OAAO,EAAE,EAAE;QACxF,QAAQ,CAAC,QAAQ,EAAE,CAAC,MAAM,EAAE,SAAS,EAAE,KAAK,EAAE,MAAM,CAAC,EAAE,EAAE,OAAO,EAAE,OAAO,EAAE,EAAE,CAAC,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,EAAE;YACrG,OAAO,CAAC,EAAE,EAAE,EAAE,CAAC,KAAK,EAAE,MAAM,EAAE,MAAM,IAAI,EAAE,EAAE,KAAK,EAAE,KAAK,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,EAAE,IAAI,KAAK,CAAC,OAAO,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAA;QACnH,CAAC,CAAC,CAAA;IACJ,CAAC,CAAC,CAAA;IACF,IAAI,CAAC,GAAG,CAAC,EAAE;QAAE,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,yBAAyB,GAAG,CAAC,KAAK,EAAE,EAAE,CAAA;IAErF,MAAM,IAAI,GAAG,GAAG,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,UAAU,CAAC,gBAAgB,CAAC,CAAC,CAAA;IAC7E,IAAI,CAAC,IAAI;QAAE,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,gDAAgD,EAAE,CAAA;IAC/F,MAAM,EAAE,GAAG,MAAM,iBAAiB,CAAC,GAAG,EAAE,IAAI,CAAC,KAAK,CAAC,gBAAgB,CAAC,MAAM,CAAC,CAAC,CAAA;IAC5E,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC;QAAC,KAAK,CAAC,IAAI,CAAC,wBAAwB,CAAC,CAAC;QAAC,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,wBAAwB,EAAE,CAAA;IAAC,CAAC;IACvH,KAAK,CAAC,IAAI,CAAC,iEAAiE,CAAC,CAAA;IAC7E,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,KAAK,EAAE,EAAE,EAAE,CAAA;AACvC,CAAC;AAED;;;;;GAKG;AACH,SAAS,gBAAgB,CAAC,IAAY,EAAE,KAAa,EAAE,KAAa;IAClE,MAAM,QAAQ,GAAG,aAAa,CAAC,IAAI,GAAG,CAAC,gBAAgB,EAAE,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAA;IAC1E,MAAM,IAAI,GAAG,CAAC,QAAQ,EAAE,IAAI,EAAE,cAAc;QAC1C,SAAS,EAAE,KAAK,EAAE,QAAQ,EAAE,IAAI;QAChC,UAAU,EAAE,KAAK,EAAE,oBAAoB,CAAC,CAAA;IAC1C,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE;QAC7B,qEAAqE;QACrE,kDAAkD;QAClD,QAAQ,CAAC,OAAO,CAAC,QAAQ,EAAE,IAAI,EAAE,EAAE,OAAO,EAAE,SAAS,EAAE,EAAE,CAAC,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,EAAE;YACjF,MAAM,IAAI,GAAG,GAAG,MAAM,KAAK,MAAM,EAAE,CAAA;YACnC,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;iBAC9C,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,mBAAmB,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,cAAc,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;iBAClE,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC,CAAA;YACnC,OAAO,CAAC,EAAE,EAAE,EAAE,CAAC,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,EAAE,IAAI,MAAM,CAAC,IAAI,EAAE,IAAI,KAAK,CAAC,OAAO,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAA;QACrH,CAAC,CAAC,CAAA;IACJ,CAAC,CAAC,CAAA;AACJ,CAAC;AAED;;;;GAIG;AACH,SAAS,iBAAiB,CAAC,IAAY,EAAE,KAAa,EAAE,KAAa;IACnE,MAAM,QAAQ,GAAG,aAAa,CAAC,IAAI,GAAG,CAAC,gBAAgB,EAAE,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAA;IAC1E,MAAM,IAAI,GAAG,CAAC,QAAQ,EAAE,IAAI,EAAE,eAAe;QAC3C,SAAS,EAAE,KAAK,EAAE,QAAQ,EAAE,IAAI;QAChC,UAAU,EAAE,KAAK,EAAE,oBAAoB,CAAC,CAAA;IAC1C,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE;QAC7B,QAAQ,CAAC,OAAO,CAAC,QAAQ,EAAE,IAAI,EAAE,EAAE,OAAO,EAAE,SAAS,EAAE,EAAE,CAAC,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,EAAE;YACjF,MAAM,IAAI,GAAG,GAAG,MAAM,KAAK,MAAM,EAAE,CAAA;YACnC,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;iBAC9C,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,mBAAmB,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,cAAc,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;iBAClE,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC,CAAA;YACnC,OAAO,CAAC,EAAE,EAAE,EAAE,CAAC,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,EAAE,IAAI,MAAM,CAAC,IAAI,EAAE,IAAI,KAAK,CAAC,OAAO,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAA;QACrH,CAAC,CAAC,CAAA;IACJ,CAAC,CAAC,CAAA;AACJ,CAAC;AAED;;;;;GAKG;AACH,SAAS,aAAa,CACpB,IAAY,EAAE,KAAa,EAAE,UAAkB,EAC/C,UAA8B,EAC9B,aAAiC,EACjC,YAAgC,EAChC,KAAa;IAEb,MAAM,QAAQ,GAAG,aAAa,CAAC,IAAI,GAAG,CAAC,gBAAgB,EAAE,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAA;IAC1E,MAAM,IAAI,GAAG,CAAC,QAAQ,EAAE,IAAI,EAAE,UAAU;QACtC,SAAS,EAAE,KAAK,EAAE,QAAQ,EAAE,IAAI;QAChC,eAAe,EAAE,UAAU;QAC3B,UAAU,EAAE,KAAK,EAAE,sBAAsB,CAAC,CAAA;IAC5C,IAAI,UAAU;QAAK,IAAI,CAAC,IAAI,CAAC,eAAe,EAAK,UAAU,CAAC,CAAA;IAC5D,IAAI,aAAa;QAAE,IAAI,CAAC,IAAI,CAAC,kBAAkB,EAAE,aAAa,CAAC,CAAA;IAC/D,IAAI,YAAY;QAAG,IAAI,CAAC,IAAI,CAAC,iBAAiB,EAAG,YAAY,CAAC,CAAA;IAC9D,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE;QAC7B,QAAQ,CAAC,OAAO,CAAC,QAAQ,EAAE,IAAI,EAAE,EAAE,OAAO,EAAE,SAAS,EAAE,EAAE,CAAC,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,EAAE;YACjF,MAAM,IAAI,GAAG,GAAG,MAAM,KAAK,MAAM,EAAE,CAAA;YACnC,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;iBAC9C,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,mBAAmB,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,cAAc,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;iBAClE,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC,CAAA;YACnC,OAAO,CAAC,EAAE,EAAE,EAAE,CAAC,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,EAAE,IAAI,MAAM,CAAC,IAAI,EAAE,IAAI,KAAK,CAAC,OAAO,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAA;QACrH,CAAC,CAAC,CAAA;IACJ,CAAC,CAAC,CAAA;AACJ,CAAC;AAED,4EAA4E;AAC5E,qDAAqD;AACrD,4EAA4E;AAE5E;;;;;GAKG;AACH,SAAS,SAAS,CAAC,IAAY,EAAE,UAAkB,EAAE,OAAgB;IACnE,OAAO,eAAe,CAAC,EAAE,IAAI,EAAE,WAAW,EAAE,UAAU,EAAE,OAAO,EAAE,CAAC,CAAA;AACpE,CAAC;AAED,SAAS,eAAe,CAAC,KAAc;IACrC,IAAI,KAAK,KAAK,IAAI,IAAI,OAAO,KAAK,KAAK,QAAQ;QAAE,OAAO,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,CAAA;IAC7E,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC;QAAE,OAAO,IAAI,KAAK,CAAC,GAAG,CAAC,eAAe,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,CAAA;IAC5E,MAAM,GAAG,GAAG,KAAgC,CAAA;IAC5C,OAAO,IAAI,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,GAAG,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,IAAI,eAAe,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,CAAA;AAC7G,CAAC;AAED,8EAA8E;AAC9E;;;;GAIG;AACH,MAAM,CAAC,KAAK,UAAU,UAAU,CAC9B,GAAe,EAAE,IAAY,EAAE,UAAkB,EAAE,OAAgB,EAAE,WAAW,GAAG,KAAK;IAExF,MAAM,GAAG,GAAG,OAAO,CAAC,IAAI,EAAE,UAAU,EAAE,OAAO,CAAC,CAAA;IAC9C,MAAM,MAAM,GAAG,GAAG,CAAC,CAAC,CAAC,IAAI,GAAG,GAAG,CAAC,CAAC,CAAC,MAAM,CAAA;IACxC,MAAM,GAAG,GAAG,MAAM,MAAM,CACtB,GAAG,EACH,UAAU,EACV;gBACY,MAAM,CAAC,UAAU,CAAC,OAAO,MAAM,CAAC,IAAI,CAAC,OAAO,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC;gBAC3E,MAAM,CAAC,WAAW,CAAC,MAAM,MAAM,IAAI,CAChD,CAAA;IACD,OAAO,GAAG,CAAC,OAAO,CAAA;AACpB,CAAC;AAED,SAAS,OAAO,CAAC,IAAY,EAAE,UAAkB,EAAE,OAAgB;IACjE,MAAM,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,yBAAyB,CAAA;IACpD,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,GAAG,CAAC,IAAI,CAAC,sEAAsE,CAAC,CAAA;QAChF,OAAO,EAAE,CAAA;IACX,CAAC;IACD,OAAO,UAAU,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC,MAAM,CAAC,SAAS,CAAC,IAAI,EAAE,UAAU,EAAE,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAA;AAChG,CAAC;AAED,wFAAwF;AACxF,SAAS,eAAe,CAAC,GAAW;IAClC,MAAM,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,yBAAyB,CAAA;IACpD,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,GAAG,CAAC,IAAI,CAAC,yDAAyD,GAAG,CAAC,EAAE,sCAAsC,CAAC,CAAA;QAC/G,OAAM;IACR,CAAC;IACD,MAAM,QAAQ,GAAG,UAAU,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC,MAAM,CAAC,SAAS,CAAC,GAAG,CAAC,IAAI,EAAE,GAAG,CAAC,WAAW,EAAE,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAA;IACrH,IAAI,GAAG,CAAC,SAAS,KAAK,QAAQ,EAAE,CAAC;QAC/B,MAAM,IAAI,KAAK,CAAC,kEAAkE,CAAC,CAAA;IACrF,CAAC;AACH,CAAC;AAED,4EAA4E;AAC5E,UAAU;AACV,4EAA4E;AAE5E,SAAS,UAAU,CAAC,IAAY;IAC9B,IAAI,CAAE,WAAiC,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;QACvD,GAAG,CAAC,KAAK,CAAC,mBAAmB,IAAI,aAAa,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;QACxE,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAA;IACjB,CAAC;AACH,CAAC;AAED,SAAS,WAAW,CAAC,KAAyB;IAC5C,IAAI,KAAK,KAAK,SAAS,EAAE,CAAC;QAAC,GAAG,CAAC,KAAK,CAAC,oCAAoC,CAAC,CAAC;QAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAA;IAAC,CAAC;IAC7F,IAAI,CAAC;QAAC,OAAO,aAAa,CAAC,KAAK,CAAC,CAAA;IAAC,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QAC/C,GAAG,CAAC,KAAK,CAAC,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC;QAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAA;IAC9E,CAAC;AACH,CAAC;AAED,SAAS,MAAM,CAAC,CAAS,IAAY,OAAO,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,IAAI,CAAC,CAAA,CAAC,CAAC"}