@clef-sh/core 0.1.16 → 0.1.18

package/dist/compliance/generator.d.ts

@@ -0,0 +1,19 @@
+import { ComplianceDocument, GenerateOptions } from "./types";
+import { PolicyDocument } from "../policy/types";
+/**
+ * Composes a {@link ComplianceDocument} from already-collected scan, lint,
+ * policy-evaluation, and Git context inputs.  This class does no I/O — the
+ * caller (the GitHub Action) owns reading `.clef/policy.yaml`, walking the
+ * matrix, and invoking the runners.
+ */
+export declare class ComplianceGenerator {
+    generate(opts: GenerateOptions): ComplianceDocument;
+    /**
+     * Compute a {@link ComplianceDocument.policy_hash}-format hash of any
+     * {@link PolicyDocument} without generating a full document.  Useful for
+     * external consumers that want to compare policies across repos.
+     */
+    static hashPolicy(policy: PolicyDocument): string;
+    private buildSummary;
+}
+//# sourceMappingURL=generator.d.ts.map

package/dist/compliance/generator.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"generator.d.ts","sourceRoot":"","sources":["../../src/compliance/generator.ts"],"names":[],"mappings":"AAgBA,OAAO,EAAE,kBAAkB,EAAqB,eAAe,EAAE,MAAM,SAAS,CAAC;AACjF,OAAO,EAAsB,cAAc,EAAE,MAAM,iBAAiB,CAAC;AA2BrE;;;;;GAKG;AACH,qBAAa,mBAAmB;IAC9B,QAAQ,CAAC,IAAI,EAAE,eAAe,GAAG,kBAAkB;IAoBnD;;;;OAIG;IACH,MAAM,CAAC,UAAU,CAAC,MAAM,EAAE,cAAc,GAAG,MAAM;IAIjD,OAAO,CAAC,YAAY;CAiBrB"}

package/dist/compliance/run.d.ts

@@ -0,0 +1,85 @@
+import { SubprocessRunner } from "../types";
+import { PolicyDocument } from "../policy/types";
+import { ComplianceDocument } from "./types";
+/**
+ * Inputs for {@link runCompliance}.
+ *
+ * `runner` is required.  Compliance only ever shells out to `git` and
+ * `sops filestatus` (no stdin piping), so callers can ship a minimal
+ * `SubprocessRunner` around `child_process.execFile` — there is no need
+ * for the FIFO workaround that `@clef-sh/cli`'s `NodeSubprocessRunner`
+ * uses for encrypt/decrypt.
+ */
+export interface RunComplianceOptions {
+    /** Required.  See note above. */
+    runner: SubprocessRunner;
+    /** Repository root.  Defaults to `process.cwd()`. */
+    repoRoot?: string;
+    /** Manifest path.  Defaults to `<repoRoot>/clef.yaml`. */
+    manifestPath?: string;
+    /**
+     * Policy path.  Defaults to `<repoRoot>/.clef/policy.yaml`.  A missing
+     * file is not an error — the run uses {@link DEFAULT_POLICY}.
+     */
+    policyPath?: string;
+    /**
+     * Pre-resolved policy.  Wins over `policyPath`.  Useful when callers
+     * have already merged an org-wide policy with the repo's own.
+     */
+    policy?: PolicyDocument;
+    /** Git commit SHA.  Auto-detected from CI env / `git rev-parse HEAD`. */
+    sha?: string;
+    /** `owner/repo`.  Auto-detected from CI env / `git remote get-url`. */
+    repo?: string;
+    /** Subset of the matrix to evaluate.  Empty arrays mean "no filter". */
+    filter?: {
+        namespaces?: string[];
+        environments?: string[];
+    };
+    /** Reference time for `generated_at` and rotation evaluation. */
+    now?: Date;
+    /** Toggle individual checks.  All true by default. */
+    include?: {
+        scan?: boolean;
+        lint?: boolean;
+        rotation?: boolean;
+    };
+    /**
+     * Optional override for the sops binary path.  When omitted,
+     * {@link resolveSopsPath} chooses (CLEF_SOPS_PATH env, bundled package,
+     * then bare "sops" on PATH).  Callers that already resolved the path
+     * (the UI server, the CLI) can pass it through to skip re-resolution.
+     */
+    sopsPath?: string;
+    /**
+     * Age key material — inline private key string.  When provided, the
+     * internal {@link SopsClient} uses it for decrypt-requiring checks
+     * (lint, schema validation).  When omitted, those checks run without
+     * keys and surface decrypt failures as `info`-level lint issues.
+     *
+     * KMS-encrypted files authenticate via ambient env (AWS_PROFILE, IMDS,
+     * etc.) — no parameter threading required.
+     */
+    ageKey?: string;
+    /** Age key file path.  Same semantics as {@link ageKey}. */
+    ageKeyFile?: string;
+}
+export interface RunComplianceResult {
+    document: ComplianceDocument;
+    /**
+     * `true` iff zero rotation-overdue files, zero scan violations, and
+     * zero lint errors.  The CI gate.
+     */
+    passed: boolean;
+    /** Wall-clock duration in milliseconds. */
+    durationMs: number;
+}
+/**
+ * Compose all compliance signals for a repository into a single artifact.
+ *
+ * @throws Errors only on infrastructure failures: missing manifest, invalid
+ *   policy YAML, missing `sops` binary.  Policy violations are normal
+ *   results and surface as `result.passed === false`.
+ */
+export declare function runCompliance(opts: RunComplianceOptions): Promise<RunComplianceResult>;
+//# sourceMappingURL=run.d.ts.map

package/dist/compliance/run.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"run.d.ts","sourceRoot":"","sources":["../../src/compliance/run.ts"],"names":[],"mappings":"AA0BA,OAAO,EAAc,gBAAgB,EAAE,MAAM,UAAU,CAAC;AAGxD,OAAO,EAAsB,cAAc,EAAE,MAAM,iBAAiB,CAAC;AAIrE,OAAO,EAAE,kBAAkB,EAAE,MAAM,SAAS,CAAC;AAE7C;;;;;;;;GAQG;AACH,MAAM,WAAW,oBAAoB;IACnC,iCAAiC;IACjC,MAAM,EAAE,gBAAgB,CAAC;IACzB,qDAAqD;IACrD,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,0DAA0D;IAC1D,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB;;;OAGG;IACH,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB;;;OAGG;IACH,MAAM,CAAC,EAAE,cAAc,CAAC;IACxB,yEAAyE;IACzE,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,uEAAuE;IACvE,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,wEAAwE;IACxE,MAAM,CAAC,EAAE;QAAE,UAAU,CAAC,EAAE,MAAM,EAAE,CAAC;QAAC,YAAY,CAAC,EAAE,MAAM,EAAE,CAAA;KAAE,CAAC;IAC5D,iEAAiE;IACjE,GAAG,CAAC,EAAE,IAAI,CAAC;IACX,sDAAsD;IACtD,OAAO,CAAC,EAAE;QAAE,IAAI,CAAC,EAAE,OAAO,CAAC;QAAC,IAAI,CAAC,EAAE,OAAO,CAAC;QAAC,QAAQ,CAAC,EAAE,OAAO,CAAA;KAAE,CAAC;IACjE;;;;;OAKG;IACH,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB;;;;;;;;OAQG;IACH,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,4DAA4D;IAC5D,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;AAED,MAAM,WAAW,mBAAmB;IAClC,QAAQ,EAAE,kBAAkB,CAAC;IAC7B;;;OAGG;IACH,MAAM,EAAE,OAAO,CAAC;IAChB,2CAA2C;IAC3C,UAAU,EAAE,MAAM,CAAC;CACpB;AAKD;;;;;;GAMG;AACH,wBAAsB,aAAa,CAAC,IAAI,EAAE,oBAAoB,GAAG,OAAO,CAAC,mBAAmB,CAAC,CA0E5F"}

package/dist/compliance/types.d.ts

@@ -0,0 +1,72 @@
+/**
+ * Compliance artifact schema produced by {@link ComplianceGenerator}.
+ *
+ * **Public artifact contract.** These types describe the shape of
+ * `compliance.json`, the artifact that the GitHub Action uploads on every
+ * merge.  Bots, dashboards, and audit tooling re-parse this artifact months
+ * or years after it was written.  Renaming or removing fields silently
+ * breaks observability — bump {@link ComplianceDocument.schema_version}
+ * and provide a migration if you need to.  Adding optional fields is safe.
+ */
+import { LintResult } from "../types";
+import { ScanResult } from "../scanner";
+import { FileRotationStatus, PolicyDocument } from "../policy/types";
+/** Aggregate counts surfaced in {@link ComplianceDocument.summary}. */
+export interface ComplianceSummary {
+    total_files: number;
+    /** Files where `rotation_overdue === false`. */
+    compliant: number;
+    rotation_overdue: number;
+    /** Count of {@link ScanResult.matches} entries. */
+    scan_violations: number;
+    /** Count of {@link LintResult.issues} entries with `severity === 'error'`. */
+    lint_errors: number;
+}
+/**
+ * Top-level compliance document. Stable schema — do not break consumers.
+ *
+ * `policy_snapshot` is inlined so downstream tooling (the bot, the dashboard,
+ * auditors) never needs to re-fetch `.clef/policy.yaml` to interpret the
+ * verdicts.  `policy_hash` is the canonical-JSON SHA-256 of that snapshot,
+ * usable for cross-repo drift detection without parsing the snapshot itself.
+ */
+export interface ComplianceDocument {
+    /** Bumped whenever the schema breaks consumer compatibility. */
+    schema_version: "1";
+    /** ISO 8601 timestamp of when this document was generated. */
+    generated_at: string;
+    /** Git commit SHA of the merge commit that triggered this run. */
+    sha: string;
+    /** Repository in `owner/repo` format. */
+    repo: string;
+    /** `sha256:` + hex SHA-256 of canonicalized JSON of `policy_snapshot`. */
+    policy_hash: string;
+    /** Inline copy of the policy used for this evaluation. */
+    policy_snapshot: PolicyDocument;
+    summary: ComplianceSummary;
+    /** Per-file rotation verdicts.  One entry per existing matrix file. */
+    files: FileRotationStatus[];
+    /** Full scan result. */
+    scan: ScanResult;
+    /** Full lint result. */
+    lint: LintResult;
+}
+/** Inputs for {@link ComplianceGenerator.generate}. */
+export interface GenerateOptions {
+    /** Git commit SHA of the merge commit being evaluated. */
+    sha: string;
+    /** Repository in `owner/repo` format. */
+    repo: string;
+    /** Resolved policy document (extends/merges already applied by the caller). */
+    policy: PolicyDocument;
+    scanResult: ScanResult;
+    lintResult: LintResult;
+    /** Per-file rotation verdicts from {@link PolicyEvaluator.evaluateFile}. */
+    files: FileRotationStatus[];
+    /**
+     * Reference time for `generated_at`.  Defaults to `new Date()`.  Inject for
+     * deterministic tests and reproducible artifacts.
+     */
+    now?: Date;
+}
+//# sourceMappingURL=types.d.ts.map

package/dist/compliance/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/compliance/types.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,OAAO,EAAE,UAAU,EAAE,MAAM,UAAU,CAAC;AACtC,OAAO,EAAE,UAAU,EAAE,MAAM,YAAY,CAAC;AACxC,OAAO,EAAE,kBAAkB,EAAE,cAAc,EAAE,MAAM,iBAAiB,CAAC;AAErE,uEAAuE;AACvE,MAAM,WAAW,iBAAiB;IAChC,WAAW,EAAE,MAAM,CAAC;IACpB,gDAAgD;IAChD,SAAS,EAAE,MAAM,CAAC;IAClB,gBAAgB,EAAE,MAAM,CAAC;IACzB,mDAAmD;IACnD,eAAe,EAAE,MAAM,CAAC;IACxB,8EAA8E;IAC9E,WAAW,EAAE,MAAM,CAAC;CACrB;AAED;;;;;;;GAOG;AACH,MAAM,WAAW,kBAAkB;IACjC,gEAAgE;IAChE,cAAc,EAAE,GAAG,CAAC;IACpB,8DAA8D;IAC9D,YAAY,EAAE,MAAM,CAAC;IACrB,kEAAkE;IAClE,GAAG,EAAE,MAAM,CAAC;IACZ,yCAAyC;IACzC,IAAI,EAAE,MAAM,CAAC;IACb,0EAA0E;IAC1E,WAAW,EAAE,MAAM,CAAC;IACpB,0DAA0D;IAC1D,eAAe,EAAE,cAAc,CAAC;IAChC,OAAO,EAAE,iBAAiB,CAAC;IAC3B,uEAAuE;IACvE,KAAK,EAAE,kBAAkB,EAAE,CAAC;IAC5B,wBAAwB;IACxB,IAAI,EAAE,UAAU,CAAC;IACjB,wBAAwB;IACxB,IAAI,EAAE,UAAU,CAAC;CAClB;AAED,uDAAuD;AACvD,MAAM,WAAW,eAAe;IAC9B,0DAA0D;IAC1D,GAAG,EAAE,MAAM,CAAC;IACZ,yCAAyC;IACzC,IAAI,EAAE,MAAM,CAAC;IACb,+EAA+E;IAC/E,MAAM,EAAE,cAAc,CAAC;IACvB,UAAU,EAAE,UAAU,CAAC;IACvB,UAAU,EAAE,UAAU,CAAC;IACvB,4EAA4E;IAC5E,KAAK,EAAE,kBAAkB,EAAE,CAAC;IAC5B;;;OAGG;IACH,GAAG,CAAC,EAAE,IAAI,CAAC;CACZ"}

package/dist/git/integration.d.ts

@@ -139,15 +139,18 @@ export declare class GitIntegration {
      */
     installMergeDriver(repoRoot: string): Promise<void>;
     /**
-     * Check whether the SOPS merge driver is configured in both
-     * `.git/config` and `.gitattributes`.
-     *
-     * @param repoRoot - Absolute path to the repository root.
-     * @returns An object indicating which parts are configured.
+     * Check whether both Clef merge drivers are configured in `.git/config`
+     * and `.gitattributes`.  Reports separately on the SOPS driver
+     * (`merge=sops` for `.enc.*`) and the metadata driver
+     * (`merge=clef-metadata` for `.clef-meta.yaml`) so `clef doctor` can
+     * prompt the user to run `clef hooks` when only the SOPS driver is
+     * installed (older install, pre-metadata-merge).
      */
     checkMergeDriver(repoRoot: string): Promise<{
         gitConfig: boolean;
         gitattributes: boolean;
+        metadataGitConfig: boolean;
+        metadataGitattributes: boolean;
     }>;
     private ensureGitattributes;
     /**

package/dist/git/integration.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"integration.d.ts","sourceRoot":"","sources":["../../src/git/integration.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,SAAS,EAAqB,SAAS,EAAE,gBAAgB,EAAE,MAAM,UAAU,CAAC;AA8CrF;;;;;;;;;GASG;AACH,qBAAa,cAAc;IACb,OAAO,CAAC,QAAQ,CAAC,MAAM;gBAAN,MAAM,EAAE,gBAAgB;IAErD;;;;;;OAMG;IACG,UAAU,CAAC,SAAS,EAAE,MAAM,EAAE,EAAE,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAatE;;;;;;;;OAQG;IACG,MAAM,CACV,OAAO,EAAE,MAAM,EACf,QAAQ,EAAE,MAAM,EAChB,OAAO,CAAC,EAAE;QAAE,GAAG,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QAAC,QAAQ,CAAC,EAAE,OAAO,CAAA;KAAE,GAC7D,OAAO,CAAC,MAAM,CAAC;IAqBlB;;;;;;OAMG;IACG,OAAO,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAahD;;;;;;;;;;OAUG;IACG,SAAS,CAAC,QAAQ,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAW7D;;;;;;;OAOG;IACG,UAAU,CAAC,QAAQ,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,IAAI,CAAC;IAelE;;;;;;OAMG;IACG,OAAO,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IAgBjD;;;;;;;OAOG;IACG,cAAc,CAClB,QAAQ,EAAE,MAAM,GACf,OAAO,CAAC;QAAE,KAAK,EAAE,OAAO,CAAC;QAAC,IAAI,CAAC,EAAE,OAAO,GAAG,QAAQ,GAAG,aAAa,GAAG,QAAQ,CAAA;KAAE,CAAC;IAsBpF;;;;;OAKG;IACG,MAAM,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IAKhD;;;;;;OAMG;IACG,iBAAiB,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,KAAK,EAAE,MAAM,CAAA;KAAE,GAAG,IAAI,CAAC;IAe1F;;;;;;;OAOG;IACG,MAAM,CAAC,QAAQ,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,KAAK,GAAE,MAAW,GAAG,OAAO,CAAC,SAAS,EAAE,CAAC;IA6B1F;;;;;;OAMG;IACG,OAAO,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAUhD;;;;;OAKG;IACG,SAAS,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,SAAS,CAAC;IA8CrD;;;;;;;;;;;;OAYG;IACG,kBAAkB,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IA8BzD;;;;;;OAMG;IACG,gBAAgB,CACpB,QAAQ,EAAE,MAAM,GACf,OAAO,CAAC;QAAE,SAAS,EAAE,OAAO,CAAC;QAAC,aAAa,EAAE,OAAO,CAAA;KAAE,CAAC;YAe5C,mBAAmB;IAsBjC;;;;;;OAMG;IACG,oBAAoB,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;CAgB5D"}
+{"version":3,"file":"integration.d.ts","sourceRoot":"","sources":["../../src/git/integration.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,SAAS,EAAqB,SAAS,EAAE,gBAAgB,EAAE,MAAM,UAAU,CAAC;AA8CrF;;;;;;;;;GASG;AACH,qBAAa,cAAc;IACb,OAAO,CAAC,QAAQ,CAAC,MAAM;gBAAN,MAAM,EAAE,gBAAgB;IAErD;;;;;;OAMG;IACG,UAAU,CAAC,SAAS,EAAE,MAAM,EAAE,EAAE,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAatE;;;;;;;;OAQG;IACG,MAAM,CACV,OAAO,EAAE,MAAM,EACf,QAAQ,EAAE,MAAM,EAChB,OAAO,CAAC,EAAE;QAAE,GAAG,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QAAC,QAAQ,CAAC,EAAE,OAAO,CAAA;KAAE,GAC7D,OAAO,CAAC,MAAM,CAAC;IAqBlB;;;;;;OAMG;IACG,OAAO,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAahD;;;;;;;;;;OAUG;IACG,SAAS,CAAC,QAAQ,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAW7D;;;;;;;OAOG;IACG,UAAU,CAAC,QAAQ,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,IAAI,CAAC;IAelE;;;;;;OAMG;IACG,OAAO,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IAgBjD;;;;;;;OAOG;IACG,cAAc,CAClB,QAAQ,EAAE,MAAM,GACf,OAAO,CAAC;QAAE,KAAK,EAAE,OAAO,CAAC;QAAC,IAAI,CAAC,EAAE,OAAO,GAAG,QAAQ,GAAG,aAAa,GAAG,QAAQ,CAAA;KAAE,CAAC;IAsBpF;;;;;OAKG;IACG,MAAM,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IAKhD;;;;;;OAMG;IACG,iBAAiB,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,KAAK,EAAE,MAAM,CAAA;KAAE,GAAG,IAAI,CAAC;IAe1F;;;;;;;OAOG;IACG,MAAM,CAAC,QAAQ,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,KAAK,GAAE,MAAW,GAAG,OAAO,CAAC,SAAS,EAAE,CAAC;IA6B1F;;;;;;OAMG;IACG,OAAO,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAUhD;;;;;OAKG;IACG,SAAS,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,SAAS,CAAC;IA8CrD;;;;;;;;;;;;OAYG;IACG,kBAAkB,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAyCzD;;;;;;;OAOG;IACG,gBAAgB,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC;QAChD,SAAS,EAAE,OAAO,CAAC;QACnB,aAAa,EAAE,OAAO,CAAC;QACvB,iBAAiB,EAAE,OAAO,CAAC;QAC3B,qBAAqB,EAAE,OAAO,CAAC;KAChC,CAAC;YAqBY,mBAAmB;IAyBjC;;;;;;OAMG;IACG,oBAAoB,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;CAgB5D"}

package/dist/import/index.d.ts

@@ -10,6 +10,13 @@ export interface ImportOptions {
     overwrite?: boolean;
     dryRun?: boolean;
     stdin?: boolean;
+    /**
+     * Identity to record on rotations performed by this import (e.g. `"Name
+     * <email>"`).  When omitted, imported keys are still written to ciphertext
+     * but no rotation record is created — appropriate for callers that have
+     * their own bookkeeping.
+     */
+    rotatedBy?: string;
 }
 export interface ImportResult {
     imported: string[];

package/dist/import/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/import/index.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,YAAY,EAAE,MAAM,UAAU,CAAC;AACxC,OAAO,EAAE,iBAAiB,EAAE,MAAM,UAAU,CAAC;AAC7C,OAAO,EAAS,YAAY,EAAE,MAAM,WAAW,CAAC;AAChD,OAAO,EAAE,kBAAkB,EAAE,MAAM,OAAO,CAAC;AAC3C,YAAY,EAAE,YAAY,EAAE,YAAY,EAAE,MAAM,WAAW,CAAC;AAE5D,MAAM,WAAW,aAAa;IAC5B,MAAM,CAAC,EAAE,YAAY,CAAC;IACtB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,IAAI,CAAC,EAAE,MAAM,EAAE,CAAC;IAChB,SAAS,CAAC,EAAE,OAAO,CAAC;IACpB,MAAM,CAAC,EAAE,OAAO,CAAC;IACjB,KAAK,CAAC,EAAE,OAAO,CAAC;CACjB;AAED,MAAM,WAAW,YAAY;IAC3B,QAAQ,EAAE,MAAM,EAAE,CAAC;IACnB,OAAO,EAAE,MAAM,EAAE,CAAC;IAClB,MAAM,EAAE,KAAK,CAAC;QAAE,GAAG,EAAE,MAAM,CAAC;QAAC,KAAK,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;IAC9C,QAAQ,EAAE,MAAM,EAAE,CAAC;IACnB,MAAM,EAAE,OAAO,CAAC;CACjB;AAED;;;;;;;;;;;;;;;GAeG;AACH,qBAAa,YAAY;IAErB,OAAO,CAAC,QAAQ,CAAC,UAAU;IAC3B,OAAO,CAAC,QAAQ,CAAC,EAAE;gBADF,UAAU,EAAE,iBAAiB,EAC7B,EAAE,EAAE,kBAAkB;IAGzC;;;;;;;;;OASG;IACG,MAAM,CACV,MAAM,EAAE,MAAM,EACd,UAAU,EAAE,MAAM,GAAG,IAAI,EACzB,OAAO,EAAE,MAAM,EACf,QAAQ,EAAE,YAAY,EACtB,QAAQ,EAAE,MAAM,EAChB,OAAO,EAAE,aAAa,GACrB,OAAO,CAAC,YAAY,CAAC;CAiFzB"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/import/index.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,YAAY,EAAE,MAAM,UAAU,CAAC;AACxC,OAAO,EAAE,iBAAiB,EAAE,MAAM,UAAU,CAAC;AAC7C,OAAO,EAAS,YAAY,EAAE,MAAM,WAAW,CAAC;AAChD,OAAO,EAAE,kBAAkB,EAAE,MAAM,OAAO,CAAC;AAE3C,YAAY,EAAE,YAAY,EAAE,YAAY,EAAE,MAAM,WAAW,CAAC;AAE5D,MAAM,WAAW,aAAa;IAC5B,MAAM,CAAC,EAAE,YAAY,CAAC;IACtB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,IAAI,CAAC,EAAE,MAAM,EAAE,CAAC;IAChB,SAAS,CAAC,EAAE,OAAO,CAAC;IACpB,MAAM,CAAC,EAAE,OAAO,CAAC;IACjB,KAAK,CAAC,EAAE,OAAO,CAAC;IAChB;;;;;OAKG;IACH,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAED,MAAM,WAAW,YAAY;IAC3B,QAAQ,EAAE,MAAM,EAAE,CAAC;IACnB,OAAO,EAAE,MAAM,EAAE,CAAC;IAClB,MAAM,EAAE,KAAK,CAAC;QAAE,GAAG,EAAE,MAAM,CAAC;QAAC,KAAK,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;IAC9C,QAAQ,EAAE,MAAM,EAAE,CAAC;IACnB,MAAM,EAAE,OAAO,CAAC;CACjB;AAED;;;;;;;;;;;;;;;GAeG;AACH,qBAAa,YAAY;IAErB,OAAO,CAAC,QAAQ,CAAC,UAAU;IAC3B,OAAO,CAAC,QAAQ,CAAC,EAAE;gBADF,UAAU,EAAE,iBAAiB,EAC7B,EAAE,EAAE,kBAAkB;IAGzC;;;;;;;;;OASG;IACG,MAAM,CACV,MAAM,EAAE,MAAM,EACd,UAAU,EAAE,MAAM,GAAG,IAAI,EACzB,OAAO,EAAE,MAAM,EACf,QAAQ,EAAE,YAAY,EACtB,QAAQ,EAAE,MAAM,EAChB,OAAO,EAAE,aAAa,GACrB,OAAO,CAAC,YAAY,CAAC;CAiGzB"}

package/dist/index.d.mts

@@ -18,8 +18,8 @@ export { ConsumptionClient } from "./consumption/client";
 export { checkDependency, checkAll, assertSops, REQUIREMENTS } from "./dependencies/checker";
 export { generateAgeIdentity, deriveAgePublicKey, formatAgeKeyFile } from "./age/keygen";
 export type { AgeIdentity } from "./age/keygen";
-export { metadataPath, loadMetadata, saveMetadata, markPending, markPendingWithRetry, markResolved, getPendingKeys, isPending, generateRandomValue, } from "./pending/metadata";
-export type { PendingKey, PendingMetadata } from "./pending/metadata";
+export { metadataPath, loadMetadata, saveMetadata, markPending, markPendingWithRetry, markResolved, getPendingKeys, isPending, recordRotation, removeRotation, getRotations, generateRandomValue, } from "./pending/metadata";
+export type { PendingKey, RotationRecord, CellMetadata, PendingMetadata } from "./pending/metadata";
 export { ImportRunner } from "./import";
 export type { ImportFormat, ImportOptions, ImportResult, ParsedImport } from "./import";
 export { parse, parseDotenv, parseJson, parseYaml, detectFormat } from "./import/parsers";
@@ -33,6 +33,7 @@ export { DriftDetector } from "./drift/detector";
 export { ReportGenerator, ReportSanitizer, ReportTransformer, CloudClient, collectCIContext, } from "./report";
 export { SopsMergeDriver } from "./merge/driver";
 export type { MergeResult, MergeKey, MergeKeyStatus } from "./merge/driver";
+export { mergeMetadataContents, mergeMetadataFiles } from "./merge/metadata-driver";
 export { ServiceIdentityManager } from "./service-identity/manager";
 export type { CreateServiceIdentityOptions } from "./service-identity/manager";
 export { StructureManager } from "./structure/manager";
@@ -51,4 +52,12 @@ export { ResetManager, describeScope, validateResetScope } from "./reset/manager
 export type { ResetScope, ResetOptions, ResetResult } from "./reset/manager";
 export { SyncManager } from "./sync";
 export type { SyncOptions, SyncPlan, SyncCellPlan, SyncResult } from "./sync";
+export { PolicyParser, CLEF_POLICY_FILENAME } from "./policy/parser";
+export { PolicyEvaluator } from "./policy/evaluator";
+export { DEFAULT_POLICY } from "./policy/types";
+export type { PolicyDocument, PolicyRotationConfig, PolicyEnvironmentRotation, FileRotationStatus, KeyRotationStatus, } from "./policy/types";
+export { ComplianceGenerator } from "./compliance/generator";
+export type { ComplianceDocument, ComplianceSummary, GenerateOptions } from "./compliance/types";
+export { runCompliance } from "./compliance/run";
+export type { RunComplianceOptions, RunComplianceResult } from "./compliance/run";
 //# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts

@@ -18,8 +18,8 @@ export { ConsumptionClient } from "./consumption/client";
 export { checkDependency, checkAll, assertSops, REQUIREMENTS } from "./dependencies/checker";
 export { generateAgeIdentity, deriveAgePublicKey, formatAgeKeyFile } from "./age/keygen";
 export type { AgeIdentity } from "./age/keygen";
-export { metadataPath, loadMetadata, saveMetadata, markPending, markPendingWithRetry, markResolved, getPendingKeys, isPending, generateRandomValue, } from "./pending/metadata";
-export type { PendingKey, PendingMetadata } from "./pending/metadata";
+export { metadataPath, loadMetadata, saveMetadata, markPending, markPendingWithRetry, markResolved, getPendingKeys, isPending, recordRotation, removeRotation, getRotations, generateRandomValue, } from "./pending/metadata";
+export type { PendingKey, RotationRecord, CellMetadata, PendingMetadata } from "./pending/metadata";
 export { ImportRunner } from "./import";
 export type { ImportFormat, ImportOptions, ImportResult, ParsedImport } from "./import";
 export { parse, parseDotenv, parseJson, parseYaml, detectFormat } from "./import/parsers";
@@ -33,6 +33,7 @@ export { DriftDetector } from "./drift/detector";
 export { ReportGenerator, ReportSanitizer, ReportTransformer, CloudClient, collectCIContext, } from "./report";
 export { SopsMergeDriver } from "./merge/driver";
 export type { MergeResult, MergeKey, MergeKeyStatus } from "./merge/driver";
+export { mergeMetadataContents, mergeMetadataFiles } from "./merge/metadata-driver";
 export { ServiceIdentityManager } from "./service-identity/manager";
 export type { CreateServiceIdentityOptions } from "./service-identity/manager";
 export { StructureManager } from "./structure/manager";
@@ -51,4 +52,12 @@ export { ResetManager, describeScope, validateResetScope } from "./reset/manager
 export type { ResetScope, ResetOptions, ResetResult } from "./reset/manager";
 export { SyncManager } from "./sync";
 export type { SyncOptions, SyncPlan, SyncCellPlan, SyncResult } from "./sync";
+export { PolicyParser, CLEF_POLICY_FILENAME } from "./policy/parser";
+export { PolicyEvaluator } from "./policy/evaluator";
+export { DEFAULT_POLICY } from "./policy/types";
+export type { PolicyDocument, PolicyRotationConfig, PolicyEnvironmentRotation, FileRotationStatus, KeyRotationStatus, } from "./policy/types";
+export { ComplianceGenerator } from "./compliance/generator";
+export type { ComplianceDocument, ComplianceSummary, GenerateOptions } from "./compliance/types";
+export { runCompliance } from "./compliance/run";
+export type { RunComplianceOptions, RunComplianceResult } from "./compliance/run";
 //# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,cAAc,SAAS,CAAC;AACxB,OAAO,EAAE,cAAc,EAAE,sBAAsB,EAAE,MAAM,mBAAmB,CAAC;AAC3E,OAAO,EAAE,gBAAgB,EAAE,iBAAiB,EAAE,oBAAoB,EAAE,MAAM,eAAe,CAAC;AAC1F,OAAO,EACL,UAAU,EACV,cAAc,EACd,aAAa,EACb,aAAa,EACb,WAAW,EACX,eAAe,EACf,gBAAgB,EAChB,iBAAiB,EACjB,kBAAkB,GACnB,MAAM,WAAW,CAAC;AACnB,YAAY,EAAE,SAAS,EAAE,UAAU,EAAE,WAAW,EAAE,eAAe,EAAE,MAAM,WAAW,CAAC;AACrF,OAAO,EAAE,aAAa,EAAE,MAAM,kBAAkB,CAAC;AACjD,OAAO,EAAE,eAAe,EAAE,MAAM,oBAAoB,CAAC;AACrD,OAAO,EAAE,UAAU,EAAE,MAAM,eAAe,CAAC;AAC3C,OAAO,EAAE,OAAO,EAAE,MAAM,YAAY,CAAC;AACrC,OAAO,EAAE,cAAc,EAAE,MAAM,mBAAmB,CAAC;AACnD,OAAO,EACL,kBAAkB,EAClB,oBAAoB,EACpB,yBAAyB,EACzB,wBAAwB,GACzB,MAAM,MAAM,CAAC;AACd,YAAY,EAAE,kBAAkB,EAAE,iBAAiB,EAAE,MAAM,MAAM,CAAC;AAClE,OAAO,EAAE,UAAU,EAAE,MAAM,eAAe,CAAC;AAC3C,OAAO,EAAE,eAAe,EAAE,mBAAmB,EAAE,MAAM,iBAAiB,CAAC;AACvE,YAAY,EAAE,cAAc,EAAE,UAAU,EAAE,MAAM,iBAAiB,CAAC;AAClE,OAAO,EAAE,UAAU,EAAE,MAAM,eAAe,CAAC;AAC3C,OAAO,EAAE,iBAAiB,EAAE,MAAM,sBAAsB,CAAC;AACzD,OAAO,EAAE,eAAe,EAAE,QAAQ,EAAE,UAAU,EAAE,YAAY,EAAE,MAAM,wBAAwB,CAAC;AAC7F,OAAO,EAAE,mBAAmB,EAAE,kBAAkB,EAAE,gBAAgB,EAAE,MAAM,cAAc,CAAC;AACzF,YAAY,EAAE,WAAW,EAAE,MAAM,cAAc,CAAC;AAChD,OAAO,EACL,YAAY,EACZ,YAAY,EACZ,YAAY,EACZ,WAAW,EACX,oBAAoB,EACpB,YAAY,EACZ,cAAc,EACd,SAAS,EACT,mBAAmB,GACpB,MAAM,oBAAoB,CAAC;AAC5B,YAAY,EAAE,UAAU,EAAE,eAAe,EAAE,MAAM,oBAAoB,CAAC;AACtE,OAAO,EAAE,YAAY,EAAE,MAAM,UAAU,CAAC;AACxC,YAAY,EAAE,YAAY,EAAE,aAAa,EAAE,YAAY,EAAE,YAAY,EAAE,MAAM,UAAU,CAAC;AACxF,OAAO,EAAE,KAAK,EAAE,WAAW,EAAE,SAAS,EAAE,SAAS,EAAE,YAAY,EAAE,MAAM,kBAAkB,CAAC;AAC1F,OAAO,EAAE,gBAAgB,EAAE,MAAM,cAAc,CAAC;AAChD,YAAY,EAAE,SAAS,EAAE,gBAAgB,EAAE,MAAM,cAAc,CAAC;AAChE,OAAO,EAAE,oBAAoB,EAAE,UAAU,EAAE,MAAM,wBAAwB,CAAC;AAC1E,YAAY,EAAE,gBAAgB,EAAE,MAAM,wBAAwB,CAAC;AAC/D,OAAO,EACL,iBAAiB,EACjB,gBAAgB,EAChB,YAAY,EACZ,YAAY,EACZ,aAAa,EACb,aAAa,IAAI,mBAAmB,EACpC,WAAW,GACZ,MAAM,uBAAuB,CAAC;AAC/B,YAAY,EAAE,gBAAgB,EAAE,MAAM,uBAAuB,CAAC;AAC9D,OAAO,EAAE,aAAa,EAAE,MAAM,kBAAkB,CAAC;AACjD,OAAO,EACL,eAAe,EACf,eAAe,EACf,iBAAiB,EACjB,WAAW,EACX,gBAAgB,GACjB,MAAM,UAAU,CAAC;AAClB,OAAO,EAAE,eAAe,EAAE,MAAM,gBAAgB,CAAC;AACjD,YAAY,EAAE,WAAW,EAAE,QAAQ,EAAE,cAAc,EAAE,MAAM,gBAAgB,CAAC;AAC5E,OAAO,EAAE,sBAAsB,EAAE,MAAM,4BAA4B,CAAC;AACpE,YAAY,EAAE,4BAA4B,EAAE,MAAM,4BAA4B,CAAC;AAC/E,OAAO,EAAE,gBAAgB,EAAE,MAAM,qBAAqB,CAAC;AACvD,YAAY,EACV,oBAAoB,EACpB,sBAAsB,EACtB,mBAAmB,EACnB,qBAAqB,GACtB,MAAM,qBAAqB,CAAC;AAC7B,OAAO,EAAE,sBAAsB,EAAE,MAAM,oBAAoB,CAAC;AAC5D,YAAY,EAAE,eAAe,EAAE,MAAM,oBAAoB,CAAC;AAC1D,OAAO,EAAE,cAAc,EAAE,MAAM,mBAAmB,CAAC;AACnD,OAAO,EAAE,cAAc,EAAE,gBAAgB,EAAE,MAAM,mBAAmB,CAAC;AACrE,YAAY,EACV,cAAc,EACd,UAAU,EACV,UAAU,EACV,UAAU,EACV,gBAAgB,EAChB,kBAAkB,GACnB,MAAM,kBAAkB,CAAC;AAC1B,OAAO,EACL,mBAAmB,EACnB,sBAAsB,EACtB,WAAW,EACX,OAAO,EACP,eAAe,EACf,eAAe,GAChB,MAAM,mBAAmB,CAAC;AAC3B,YAAY,EAAE,WAAW,EAAE,aAAa,EAAE,eAAe,EAAE,MAAM,OAAO,CAAC;AACzE,OAAO,EAAE,mBAAmB,EAAE,MAAM,OAAO,CAAC;AAC5C,OAAO,EAAE,eAAe,EAAE,MAAM,qBAAqB,CAAC;AACtD,YAAY,EACV,eAAe,EACf,gBAAgB,EAChB,eAAe,EACf,sBAAsB,GACvB,MAAM,qBAAqB,CAAC;AAC7B,OAAO,EAAE,YAAY,EAAE,aAAa,EAAE,kBAAkB,EAAE,MAAM,iBAAiB,CAAC;AAClF,YAAY,EAAE,UAAU,EAAE,YAAY,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAC;AAC7E,OAAO,EAAE,WAAW,EAAE,MAAM,QAAQ,CAAC;AACrC,YAAY,EAAE,WAAW,EAAE,QAAQ,EAAE,YAAY,EAAE,UAAU,EAAE,MAAM,QAAQ,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,cAAc,SAAS,CAAC;AACxB,OAAO,EAAE,cAAc,EAAE,sBAAsB,EAAE,MAAM,mBAAmB,CAAC;AAC3E,OAAO,EAAE,gBAAgB,EAAE,iBAAiB,EAAE,oBAAoB,EAAE,MAAM,eAAe,CAAC;AAC1F,OAAO,EACL,UAAU,EACV,cAAc,EACd,aAAa,EACb,aAAa,EACb,WAAW,EACX,eAAe,EACf,gBAAgB,EAChB,iBAAiB,EACjB,kBAAkB,GACnB,MAAM,WAAW,CAAC;AACnB,YAAY,EAAE,SAAS,EAAE,UAAU,EAAE,WAAW,EAAE,eAAe,EAAE,MAAM,WAAW,CAAC;AACrF,OAAO,EAAE,aAAa,EAAE,MAAM,kBAAkB,CAAC;AACjD,OAAO,EAAE,eAAe,EAAE,MAAM,oBAAoB,CAAC;AACrD,OAAO,EAAE,UAAU,EAAE,MAAM,eAAe,CAAC;AAC3C,OAAO,EAAE,OAAO,EAAE,MAAM,YAAY,CAAC;AACrC,OAAO,EAAE,cAAc,EAAE,MAAM,mBAAmB,CAAC;AACnD,OAAO,EACL,kBAAkB,EAClB,oBAAoB,EACpB,yBAAyB,EACzB,wBAAwB,GACzB,MAAM,MAAM,CAAC;AACd,YAAY,EAAE,kBAAkB,EAAE,iBAAiB,EAAE,MAAM,MAAM,CAAC;AAClE,OAAO,EAAE,UAAU,EAAE,MAAM,eAAe,CAAC;AAC3C,OAAO,EAAE,eAAe,EAAE,mBAAmB,EAAE,MAAM,iBAAiB,CAAC;AACvE,YAAY,EAAE,cAAc,EAAE,UAAU,EAAE,MAAM,iBAAiB,CAAC;AAClE,OAAO,EAAE,UAAU,EAAE,MAAM,eAAe,CAAC;AAC3C,OAAO,EAAE,iBAAiB,EAAE,MAAM,sBAAsB,CAAC;AACzD,OAAO,EAAE,eAAe,EAAE,QAAQ,EAAE,UAAU,EAAE,YAAY,EAAE,MAAM,wBAAwB,CAAC;AAC7F,OAAO,EAAE,mBAAmB,EAAE,kBAAkB,EAAE,gBAAgB,EAAE,MAAM,cAAc,CAAC;AACzF,YAAY,EAAE,WAAW,EAAE,MAAM,cAAc,CAAC;AAChD,OAAO,EACL,YAAY,EACZ,YAAY,EACZ,YAAY,EACZ,WAAW,EACX,oBAAoB,EACpB,YAAY,EACZ,cAAc,EACd,SAAS,EACT,cAAc,EACd,cAAc,EACd,YAAY,EACZ,mBAAmB,GACpB,MAAM,oBAAoB,CAAC;AAC5B,YAAY,EAAE,UAAU,EAAE,cAAc,EAAE,YAAY,EAAE,eAAe,EAAE,MAAM,oBAAoB,CAAC;AACpG,OAAO,EAAE,YAAY,EAAE,MAAM,UAAU,CAAC;AACxC,YAAY,EAAE,YAAY,EAAE,aAAa,EAAE,YAAY,EAAE,YAAY,EAAE,MAAM,UAAU,CAAC;AACxF,OAAO,EAAE,KAAK,EAAE,WAAW,EAAE,SAAS,EAAE,SAAS,EAAE,YAAY,EAAE,MAAM,kBAAkB,CAAC;AAC1F,OAAO,EAAE,gBAAgB,EAAE,MAAM,cAAc,CAAC;AAChD,YAAY,EAAE,SAAS,EAAE,gBAAgB,EAAE,MAAM,cAAc,CAAC;AAChE,OAAO,EAAE,oBAAoB,EAAE,UAAU,EAAE,MAAM,wBAAwB,CAAC;AAC1E,YAAY,EAAE,gBAAgB,EAAE,MAAM,wBAAwB,CAAC;AAC/D,OAAO,EACL,iBAAiB,EACjB,gBAAgB,EAChB,YAAY,EACZ,YAAY,EACZ,aAAa,EACb,aAAa,IAAI,mBAAmB,EACpC,WAAW,GACZ,MAAM,uBAAuB,CAAC;AAC/B,YAAY,EAAE,gBAAgB,EAAE,MAAM,uBAAuB,CAAC;AAC9D,OAAO,EAAE,aAAa,EAAE,MAAM,kBAAkB,CAAC;AACjD,OAAO,EACL,eAAe,EACf,eAAe,EACf,iBAAiB,EACjB,WAAW,EACX,gBAAgB,GACjB,MAAM,UAAU,CAAC;AAClB,OAAO,EAAE,eAAe,EAAE,MAAM,gBAAgB,CAAC;AACjD,YAAY,EAAE,WAAW,EAAE,QAAQ,EAAE,cAAc,EAAE,MAAM,gBAAgB,CAAC;AAC5E,OAAO,EAAE,qBAAqB,EAAE,kBAAkB,EAAE,MAAM,yBAAyB,CAAC;AACpF,OAAO,EAAE,sBAAsB,EAAE,MAAM,4BAA4B,CAAC;AACpE,YAAY,EAAE,4BAA4B,EAAE,MAAM,4BAA4B,CAAC;AAC/E,OAAO,EAAE,gBAAgB,EAAE,MAAM,qBAAqB,CAAC;AACvD,YAAY,EACV,oBAAoB,EACpB,sBAAsB,EACtB,mBAAmB,EACnB,qBAAqB,GACtB,MAAM,qBAAqB,CAAC;AAC7B,OAAO,EAAE,sBAAsB,EAAE,MAAM,oBAAoB,CAAC;AAC5D,YAAY,EAAE,eAAe,EAAE,MAAM,oBAAoB,CAAC;AAC1D,OAAO,EAAE,cAAc,EAAE,MAAM,mBAAmB,CAAC;AACnD,OAAO,EAAE,cAAc,EAAE,gBAAgB,EAAE,MAAM,mBAAmB,CAAC;AACrE,YAAY,EACV,cAAc,EACd,UAAU,EACV,UAAU,EACV,UAAU,EACV,gBAAgB,EAChB,kBAAkB,GACnB,MAAM,kBAAkB,CAAC;AAC1B,OAAO,EACL,mBAAmB,EACnB,sBAAsB,EACtB,WAAW,EACX,OAAO,EACP,eAAe,EACf,eAAe,GAChB,MAAM,mBAAmB,CAAC;AAC3B,YAAY,EAAE,WAAW,EAAE,aAAa,EAAE,eAAe,EAAE,MAAM,OAAO,CAAC;AACzE,OAAO,EAAE,mBAAmB,EAAE,MAAM,OAAO,CAAC;AAC5C,OAAO,EAAE,eAAe,EAAE,MAAM,qBAAqB,CAAC;AACtD,YAAY,EACV,eAAe,EACf,gBAAgB,EAChB,eAAe,EACf,sBAAsB,GACvB,MAAM,qBAAqB,CAAC;AAC7B,OAAO,EAAE,YAAY,EAAE,aAAa,EAAE,kBAAkB,EAAE,MAAM,iBAAiB,CAAC;AAClF,YAAY,EAAE,UAAU,EAAE,YAAY,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAC;AAC7E,OAAO,EAAE,WAAW,EAAE,MAAM,QAAQ,CAAC;AACrC,YAAY,EAAE,WAAW,EAAE,QAAQ,EAAE,YAAY,EAAE,UAAU,EAAE,MAAM,QAAQ,CAAC;AAC9E,OAAO,EAAE,YAAY,EAAE,oBAAoB,EAAE,MAAM,iBAAiB,CAAC;AACrE,OAAO,EAAE,eAAe,EAAE,MAAM,oBAAoB,CAAC;AACrD,OAAO,EAAE,cAAc,EAAE,MAAM,gBAAgB,CAAC;AAChD,YAAY,EACV,cAAc,EACd,oBAAoB,EACpB,yBAAyB,EACzB,kBAAkB,EAClB,iBAAiB,GAClB,MAAM,gBAAgB,CAAC;AACxB,OAAO,EAAE,mBAAmB,EAAE,MAAM,wBAAwB,CAAC;AAC7D,YAAY,EAAE,kBAAkB,EAAE,iBAAiB,EAAE,eAAe,EAAE,MAAM,oBAAoB,CAAC;AACjG,OAAO,EAAE,aAAa,EAAE,MAAM,kBAAkB,CAAC;AACjD,YAAY,EAAE,oBAAoB,EAAE,mBAAmB,EAAE,MAAM,kBAAkB,CAAC"}