npm - @connexum/ai-governance - Versions diffs - 1.0.0-beta.21 → 1.0.0-beta.22 - Mend

@connexum/ai-governance 1.0.0-beta.21 → 1.0.0-beta.22

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (21) hide show

package/dist/cli/agent-dir-scanner.d.ts +32 -0
package/dist/cli/agent-dir-scanner.d.ts.map +1 -1
package/dist/cli/agent-dir-scanner.js +47 -0
package/dist/cli/agent-dir-scanner.js.map +1 -1
package/dist/cli/index.d.ts +75 -0
package/dist/cli/index.d.ts.map +1 -1
package/dist/cli/index.js +268 -2
package/dist/cli/index.js.map +1 -1
package/dist/cli/sync.d.ts +189 -0
package/dist/cli/sync.d.ts.map +1 -0
package/dist/cli/sync.js +967 -0
package/dist/cli/sync.js.map +1 -0
package/dist/esm/cli/agent-dir-scanner.js +47 -0
package/dist/esm/cli/agent-dir-scanner.js.map +1 -1
package/dist/esm/cli/index.js +267 -2
package/dist/esm/cli/index.js.map +1 -1
package/dist/esm/cli/sync.js +927 -0
package/dist/esm/cli/sync.js.map +1 -0
package/dist/hooks/audit-logger.sh +108 -10
package/package.json +1 -1
package/src/hooks/audit-logger.sh +108 -10

package/dist/esm/cli/sync.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"sync.js","sourceRoot":"","sources":["../../../src/cli/sync.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAgCG;AAEH,OAAO,KAAK,EAAE,MAAM,IAAI,CAAC;AACzB,OAAO,KAAK,IAAI,MAAM,MAAM,CAAC;AAC7B,OAAO,KAAK,MAAM,MAAM,QAAQ,CAAC;AACjC,OAAO,EAAE,SAAS,EAAE,MAAM,eAAe,CAAC;AA0D1C,8EAA8E;AAC9E,uBAAuB;AACvB,8EAA8E;AAE9E;;;;;;;GAOG;AACH,SAAS,aAAa,CACpB,eAAuB,EACvB,YAAwB,EACxB,eAAuB;IAEvB,IAAI,CAAC;QACH,MAAM,QAAQ,GAAG,MAAM,CAAC,IAAI,CAAC,eAAe,EAAE,WAAW,CAAC,CAAC;QAC3D,MAAM,WAAW,GAAG,MAAM,CAAC,IAAI,CAAC,eAAe,EAAE,WAAW,CAAC,CAAC;QAC9D,IAAI,QAAQ,CAAC,MAAM,KAAK,EAAE,IAAI,WAAW,CAAC,MAAM,KAAK,EAAE;YAAE,OAAO,KAAK,CAAC;QAEtE,6DAA6D;QAC7D,iEAAiE;QACjE,qEAAqE;QACrE,sEAAsE;QACtE,MAAM,WAAW,GAAG,MAAM,CAAC,IAAI,CAAC,0BAA0B,EAAE,KAAK,CAAC,CAAC;QACnE,MAAM,OAAO,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,WAAW,EAAE,WAAW,CAAC,CAAC,CAAC;QAC1D,MAAM,YAAY,GAAG,MAAM,CAAC,eAAe,CAAC;YAC1C,GAAG,EAAE,OAAO;YACZ,MAAM,EAAE,KAAK;YACb,IAAI,EAAE,MAAM;SACb,CAAC,CAAC;QAEH,OAAO,MAAM,CAAC,MAAM,CAClB,IAAI,EACJ,MAAM,CAAC,IAAI,CAAC,YAAY,CAAC,EACzB,YAAY,EACZ,QAAQ,CACT,CAAC;IACJ,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED;;;;;;;;GAQG;AACH,SAAS,sBAAsB,CAAC,KAAc;IAC5C,IAAI,KAAK,KAAK,IAAI;QAAE,OAAO,MAAM,CAAC;IAClC,IAAI,OAAO,KAAK,KAAK,SAAS;QAAE,OAAO,KAAK,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,OAAO,CAAC;IAChE,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;QAC9B,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAC;YAAE,MAAM,IAAI,KAAK,CAAC,wBAAwB,CAAC,CAAC;QACvE,IAAI,KAAK,KAAK,CAAC;YAAE,OAAO,GAAG,CAAC;QAC5B,OAAO,MAAM,CAAC,KAAK,CAAC,CAAC;IACvB,CAAC;IACD,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;QAC9B,sCAAsC;QACtC,IAAI,GAAG,GAAG,GAAG,CAAC;QACd,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YACtC,MAAM,CAAC,GAAG,KAAK,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC;YAC9B,IAAI,CAAC,KAAK,IAAI,EAAE,CAAC;gBAAC,GAAG,IAAI,KAAK,CAAC;gBAAC,SAAS;YAAC,CAAC;YAC3C,IAAI,CAAC,KAAK,IAAI,EAAE,CAAC;gBAAC,GAAG,IAAI,KAAK,CAAC;gBAAC,SAAS;YAAC,CAAC;YAC3C,IAAI,CAAC,KAAK,IAAI,EAAE,CAAC;gBAAC,GAAG,IAAI,KAAK,CAAC;gBAAC,SAAS;YAAC,CAAC;YAC3C,IAAI,CAAC,KAAK,IAAI,EAAE,CAAC;gBAAC,GAAG,IAAI,KAAK,CAAC;gBAAC,SAAS;YAAC,CAAC;YAC3C,IAAI,CAAC,KAAK,IAAI,EAAE,CAAC;gBAAC,GAAG,IAAI,KAAK,CAAC;gBAAC,SAAS;YAAC,CAAC;YAC3C,IAAI,CAAC,KAAK,IAAI,EAAE,CAAC;gBAAC,GAAG,IAAI,KAAK,CAAC;gBAAC,SAAS;YAAC,CAAC;YAC3C,IAAI,CAAC,KAAK,IAAI,EAAE,CAAC;gBAAC,GAAG,IAAI,MAAM,CAAC;gBAAC,SAAS;YAAC,CAAC;YAC5C,IAAI,CAAC,GAAG,IAAI,EAAE,CAAC;gBAAC,GAAG,IAAI,KAAK,GAAG,CAAC,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;gBAAC,SAAS;YAAC,CAAC;YAC3E,GAAG,IAAI,KAAK,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;QACD,OAAO,GAAG,GAAG,GAAG,CAAC;IACnB,CAAC;IACD,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;QACzB,OAAO,GAAG,GAAG,KAAK,CAAC,GAAG,CAAC,sBAAsB,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,GAAG,CAAC;IACjE,CAAC;IACD,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;QAC9B,MAAM,GAAG,GAAG,KAAgC,CAAC;QAC7C,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;QAC3E,MAAM,KAAK,GAAa,EAAE,CAAC;QAC3B,KAAK,MAAM,CAAC,IAAI,IAAI,EAAE,CAAC;YACrB,MAAM,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC,CAAC;YACjB,IAAI,CAAC,KAAK,SAAS;gBAAE,SAAS;YAC9B,KAAK,CAAC,IAAI,CAAC,sBAAsB,CAAC,CAAC,CAAC,GAAG,GAAG,GAAG,sBAAsB,CAAC,CAAC,CAAC,CAAC,CAAC;QAC1E,CAAC;QACD,OAAO,GAAG,GAAG,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,GAAG,CAAC;IACrC,CAAC;IACD,MAAM,IAAI,KAAK,CAAC,yBAAyB,OAAO,KAAK,EAAE,CAAC,CAAC;AAC3D,CAAC;AAED,8EAA8E;AAC9E,oEAAoE;AACpE,8EAA8E;AAE9E;;;;;;;;;;;;GAYG;AACH,SAAS,WAAW,CAClB,YAAoB,EACpB,OAAe,EACf,YAAoB,EACpB,UAAU,GAAG,EAAE;IAEf,MAAM,GAAG,GAAG,GAAG,YAAY,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,kBAAkB,kBAAkB,CAAC,OAAO,CAAC,oBAAoB,CAAC;IAEhH,0EAA0E;IAC1E,yEAAyE;IACzE,kFAAkF;IAClF,IAAI,WAAW,GAAkB,IAAI,CAAC;IACtC,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,IAAI,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,IAAI,MAAM,CAAC;QAC5F,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,iBAAiB,MAAM,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;QAChG,EAAE,CAAC,aAAa,CAAC,OAAO,EAAE,yBAAyB,YAAY,IAAI,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;QACtF,IAAI,CAAC;YAAC,EAAE,CAAC,SAAS,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;QAAC,CAAC;QAAC,MAAM,CAAC,CAAC,4BAA4B,CAAC,CAAC;QAC5E,WAAW,GAAG,OAAO,CAAC;IACxB,CAAC;IAAC,MAAM,CAAC;QACP,uEAAuE;QACvE,wEAAwE;QACxE,8DAA8D;QAC9D,8CAA8C;QAC9C,OAAO,CAAC,IAAI,CAAC,uHAAuH,CAAC,CAAC;QACtI,WAAW,GAAG,IAAI,CAAC;IACrB,CAAC;IAED,kFAAkF;IAClF,MAAM,QAAQ,GAAa,WAAW;QACpC,CAAC,CAAC,CAAC,IAAI,EAAE,IAAI,WAAW,EAAE,CAAC;QAC3B,CAAC,CAAC,CAAC,IAAI,EAAE,yBAAyB,YAAY,EAAE,CAAC,CAAC;IAEpD,uEAAuE;IACvE,uEAAuE;IACvE,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,SAAS,CACtB,MAAM,EACN;YACE,UAAU;YACV,cAAc;YACd,YAAY,EAAE,MAAM,CAAC,UAAU,CAAC;YAChC,mBAAmB,EAAE,GAAG;YACxB,kBAAkB;YAClB,GAAG,QAAQ;YACX,IAAI,EAAE,0BAA0B;YAChC,GAAG;SACJ,EACD,EAAE,QAAQ,EAAE,MAAM,EAAE,OAAO,EAAE,CAAC,UAAU,GAAG,CAAC,CAAC,GAAG,IAAI,EAAE,CACvD,CAAC;QAEF,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACxB,MAAM,MAAM,GAAG,MAAM,CAAC,MAAM,EAAE,IAAI,EAAE,IAAI,aAAa,MAAM,CAAC,MAAM,EAAE,CAAC;YACrE,OAAO,EAAE,MAAM,EAAE,IAAI,EAAE,KAAK,EAAE,0BAA0B,MAAM,EAAE,EAAE,CAAC;QACrE,CAAC;QAED,IAAI,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC;YACnB,OAAO,EAAE,MAAM,EAAE,IAAI,EAAE,KAAK,EAAE,6BAA6B,EAAE,CAAC;QAChE,CAAC;QAED,IAAI,MAAe,CAAC;QACpB,IAAI,CAAC;YACH,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;QACrC,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,EAAE,MAAM,EAAE,IAAI,EAAE,KAAK,EAAE,0CAA0C,EAAE,CAAC;QAC7E,CAAC;QAED,IAAI,OAAO,MAAM,KAAK,QAAQ,IAAI,MAAM,KAAK,IAAI,EAAE,CAAC;YAClD,OAAO,EAAE,MAAM,EAAE,IAAI,EAAE,KAAK,EAAE,uCAAuC,EAAE,CAAC;QAC1E,CAAC;QAED,MAAM,GAAG,GAAG,MAAiC,CAAC;QAC9C,IAAI,OAAO,GAAG,CAAC,OAAO,CAAC,KAAK,QAAQ,EAAE,CAAC;YACrC,OAAO,EAAE,MAAM,EAAE,IAAI,EAAE,KAAK,EAAE,iBAAiB,GAAG,CAAC,OAAO,CAAC,EAAE,EAAE,CAAC;QAClE,CAAC;QAED,OAAO,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC;IACzB,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,OAAO,EAAE,MAAM,EAAE,IAAI,EAAE,KAAK,EAAE,mBAAoB,GAAa,CAAC,OAAO,EAAE,EAAE,CAAC;IAC9E,CAAC;YAAS,CAAC;QACT,oEAAoE;QACpE,IAAI,WAAW,EAAE,CAAC;YAChB,IAAI,CAAC;gBAAC,EAAE,CAAC,UAAU,CAAC,WAAW,CAAC,CAAC;YAAC,CAAC;YAAC,MAAM,CAAC,CAAC,iBAAiB,CAAC,CAAC;QACjE,CAAC;IACH,CAAC;AACH,CAAC;AAaD;;;;;;;;;;;;GAYG;AACH,SAAS,gBAAgB,CACvB,YAAoB,EACpB,YAAoB,EACpB,UAAU,GAAG,EAAE;IAEf,MAAM,GAAG,GAAG,GAAG,YAAY,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,0BAA0B,CAAC;IAEzE,IAAI,WAAW,GAAkB,IAAI,CAAC;IACtC,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,IAAI,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,IAAI,MAAM,CAAC;QAC5F,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,gBAAgB,MAAM,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;QAC/F,EAAE,CAAC,aAAa,CAAC,OAAO,EAAE,yBAAyB,YAAY,IAAI,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;QACtF,IAAI,CAAC;YAAC,EAAE,CAAC,SAAS,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;QAAC,CAAC;QAAC,MAAM,CAAC,CAAC,4BAA4B,CAAC,CAAC;QAC5E,WAAW,GAAG,OAAO,CAAC;IACxB,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,CAAC,IAAI,CAAC,uHAAuH,CAAC,CAAC;QACtI,WAAW,GAAG,IAAI,CAAC;IACrB,CAAC;IAED,MAAM,QAAQ,GAAa,WAAW;QACpC,CAAC,CAAC,CAAC,IAAI,EAAE,IAAI,WAAW,EAAE,CAAC;QAC3B,CAAC,CAAC,CAAC,IAAI,EAAE,yBAAyB,YAAY,EAAE,CAAC,CAAC;IAEpD,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,SAAS,CACtB,MAAM,EACN;YACE,UAAU,EAAE,cAAc;YAC1B,YAAY,EAAE,MAAM,CAAC,UAAU,CAAC;YAChC,mBAAmB,EAAE,GAAG;YACxB,kBAAkB;YAClB,IAAI,EAAE,MAAM;YACZ,GAAG,QAAQ;YACX,IAAI,EAAE,gCAAgC;YACtC,IAAI,EAAE,0BAA0B;YAChC,QAAQ,EAAE,IAAI;YACd,GAAG;SACJ,EACD,EAAE,QAAQ,EAAE,MAAM,EAAE,OAAO,EAAE,CAAC,UAAU,GAAG,CAAC,CAAC,GAAG,IAAI,EAAE,CACvD,CAAC;QAEF,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACxB,MAAM,MAAM,GAAG,MAAM,CAAC,MAAM,EAAE,IAAI,EAAE,IAAI,aAAa,MAAM,CAAC,MAAM,EAAE,CAAC;YACrE,OAAO,EAAE,MAAM,EAAE,IAAI,EAAE,KAAK,EAAE,uBAAuB,MAAM,EAAE,EAAE,CAAC;QAClE,CAAC;QACD,IAAI,CAAC,MAAM,CAAC,MAAM;YAAE,OAAO,EAAE,MAAM,EAAE,IAAI,EAAE,KAAK,EAAE,6BAA6B,EAAE,CAAC;QAElF,IAAI,MAAe,CAAC;QACpB,IAAI,CAAC;YAAC,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;QAAC,CAAC;QAC3C,MAAM,CAAC;YAAC,OAAO,EAAE,MAAM,EAAE,IAAI,EAAE,KAAK,EAAE,yCAAyC,EAAE,CAAC;QAAC,CAAC;QAEpF,MAAM,GAAG,GAAG,MAAiC,CAAC;QAC9C,IAAI,OAAO,GAAG,EAAE,CAAC,OAAO,CAAC,KAAK,QAAQ;YAAE,OAAO,EAAE,MAAM,EAAE,IAAI,EAAE,KAAK,EAAE,iBAAiB,GAAG,CAAC,OAAO,CAAC,EAAE,EAAE,CAAC;QACxG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,GAAG,EAAE,CAAC,QAAQ,CAAC,CAAC;YAAE,OAAO,EAAE,MAAM,EAAE,IAAI,EAAE,KAAK,EAAE,mCAAmC,EAAE,CAAC;QAEzG,MAAM,MAAM,GAAwB,EAAE,CAAC;QACvC,KAAK,MAAM,CAAC,IAAI,GAAG,CAAC,QAAQ,CAAc,EAAE,CAAC;YAC3C,MAAM,CAAC,GAAG,CAA4B,CAAC;YACvC,IAAI,OAAO,CAAC,EAAE,CAAC,SAAS,CAAC,KAAK,QAAQ,IAAI,OAAO,CAAC,EAAE,CAAC,cAAc,CAAC,KAAK,QAAQ,EAAE,CAAC;gBAClF,MAAM,CAAC,IAAI,CAAC;oBACV,OAAO,EAAE,CAAC,CAAC,SAAS,CAAW;oBAC/B,YAAY,EAAE,CAAC,CAAC,cAAc,CAAW;oBACzC,UAAU,EAAE,OAAO,CAAC,CAAC,YAAY,CAAC,KAAK,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,YAAY,CAAW,CAAC,CAAC,CAAC,IAAI;iBACnF,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QACD,OAAO,EAAE,MAAM,EAAE,CAAC;IACpB,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,OAAO,EAAE,MAAM,EAAE,IAAI,EAAE,KAAK,EAAE,mBAAoB,GAAa,CAAC,OAAO,EAAE,EAAE,CAAC;IAC9E,CAAC;YAAS,CAAC;QACT,IAAI,WAAW,EAAE,CAAC;YAChB,IAAI,CAAC;gBAAC,EAAE,CAAC,UAAU,CAAC,WAAW,CAAC,CAAC;YAAC,CAAC;YAAC,MAAM,CAAC,CAAC,iBAAiB,CAAC,CAAC;QACjE,CAAC;IACH,CAAC;AACH,CAAC;AAED,8EAA8E;AAC9E,mDAAmD;AACnD,8EAA8E;AAE9E;;;;;;;;;;;;;;;;;;;;;;;GAuBG;AACH,MAAM,UAAU,uBAAuB,CACrC,YAAoB,EACpB,KAAa,EACb,UAAkB,EAClB,UAAU,GAAG,EAAE;IAEf,MAAM,GAAG,GAAG,GAAG,YAAY,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,gBAAgB,kBAAkB,CAAC,KAAK,CAAC,aAAa,CAAC;IACrG,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,SAAS,CACtB,MAAM,EACN;YACE,UAAU;YACV,cAAc;YACd,YAAY,EAAE,MAAM,CAAC,UAAU,CAAC;YAChC,mBAAmB,EAAE,GAAG;YACxB,kBAAkB;YAClB,IAAI,EAAE,0BAA0B;YAChC,GAAG;SACJ,EACD,EAAE,QAAQ,EAAE,MAAM,EAAE,OAAO,EAAE,CAAC,UAAU,GAAG,CAAC,CAAC,GAAG,IAAI,EAAE,CACvD,CAAC;QAEF,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACxB,OAAO,IAAI,CAAC;QACd,CAAC;QAED,IAAI,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC;YACnB,OAAO,IAAI,CAAC;QACd,CAAC;QAED,IAAI,MAAe,CAAC;QACpB,IAAI,CAAC;YACH,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;QACrC,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,IAAI,CAAC;QACd,CAAC;QAED,MAAM,GAAG,GAAG,MAAiC,CAAC;QAC9C,qFAAqF;QACrF,MAAM,YAAY,GAAG,OAAO,GAAG,CAAC,cAAc,CAAC,KAAK,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;QAC1F,IAAI,CAAC,YAAY,IAAI,YAAY,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC/C,OAAO,IAAI,CAAC;QACd,CAAC;QAED,kEAAkE;QAClE,MAAM,GAAG,GAAG,MAAM,CAAC,IAAI,CAAC,YAAY,EAAE,WAAW,CAAC,CAAC;QACnD,IAAI,GAAG,CAAC,MAAM,KAAK,EAAE,EAAE,CAAC;YACtB,OAAO,IAAI,CAAC;QACd,CAAC;QAED,8DAA8D;QAC9D,IAAI,MAAM,GAA4B,EAAE,CAAC;QACzC,IAAI,EAAE,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;YAC9B,IAAI,CAAC;gBACH,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,YAAY,CAAC,UAAU,EAAE,OAAO,CAAC,CAA4B,CAAC;YACvF,CAAC;YAAC,MAAM,CAAC,CAAC,WAAW,CAAC,CAAC;QACzB,CAAC;QACD,MAAM,CAAC,cAAc,CAAC,GAAG,YAAY,CAAC;QACtC,EAAE,CAAC,aAAa,CAAC,UAAU,EAAE,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;QAC/E,IAAI,CAAC;YAAC,EAAE,CAAC,SAAS,CAAC,UAAU,EAAE,KAAK,CAAC,CAAC;QAAC,CAAC;QAAC,MAAM,CAAC,CAAC,4BAA4B,CAAC,CAAC;QAE/E,OAAO,YAAY,CAAC;IACtB,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,8EAA8E;AAC9E,sBAAsB;AACtB,8EAA8E;AAE9E;;;;;;;;;;;;;;;;;;;;;;;;;;;GA2BG;AACH,MAAM,UAAU,YAAY,CAC1B,MAA+B,EAC/B,kBAA2B;IAE3B,0DAA0D;IAC1D,IAAI,CAAC,kBAAkB,EAAE,CAAC;QACxB,OAAO;YACL,EAAE,EAAE,KAAK;YACT,KAAK,EACH,sDAAsD;gBACtD,qCAAqC;gBACrC,uFAAuF;SAC1F,CAAC;IACJ,CAAC;IAED,oBAAoB;IACpB,MAAM,cAAc,GAAa;QAC/B,SAAS,EAAE,OAAO,EAAE,eAAe,EAAE,UAAU;QAC/C,YAAY,EAAE,aAAa,EAAE,WAAW,EAAE,cAAc;KACzD,CAAC;IACF,KAAK,MAAM,CAAC,IAAI,cAAc,EAAE,CAAC;QAC/B,IAAI,MAAM,CAAC,CAAC,CAAC,KAAK,SAAS,EAAE,CAAC;YAC5B,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,kCAAkC,CAAC,EAAE,EAAE,CAAC;QACrE,CAAC;IACH,CAAC;IAED,MAAM,OAAO,GAAG,MAAM,CAAC,SAAS,CAAC,CAAC;IAClC,MAAM,KAAK,GAAG,MAAM,CAAC,OAAO,CAAC,CAAC;IAC9B,MAAM,aAAa,GAAG,MAAM,CAAC,eAAe,CAAC,CAAC;IAC9C,MAAM,QAAQ,GAAG,MAAM,CAAC,UAAU,CAAC,CAAC;IACpC,MAAM,UAAU,GAAG,MAAM,CAAC,YAAY,CAAC,CAAC;IACxC,MAAM,WAAW,GAAG,MAAM,CAAC,aAAa,CAAC,CAAC;IAC1C,MAAM,SAAS,GAAG,MAAM,CAAC,WAAW,CAAC,CAAC;IACtC,+DAA+D;IAC/D,gEAAgE;IAChE,MAAM,kBAAkB,GAAG,MAAM,CAAC,cAAc,CAAC,CAAC;IAElD,IACE,OAAO,OAAO,KAAK,QAAQ;QAC3B,OAAO,KAAK,KAAK,QAAQ;QACzB,OAAO,aAAa,KAAK,QAAQ;QACjC,OAAO,QAAQ,KAAK,QAAQ;QAC5B,OAAO,WAAW,KAAK,QAAQ,IAAI,WAAW,CAAC,MAAM,KAAK,EAAE;QAC5D,OAAO,SAAS,KAAK,QAAQ;QAC7B,OAAO,kBAAkB,KAAK,QAAQ;QACtC,OAAO,UAAU,KAAK,QAAQ,IAAI,UAAU,KAAK,IAAI,EACrD,CAAC;QACD,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,iCAAiC,EAAE,CAAC;IACjE,CAAC;IAED,2EAA2E;IAC3E,0EAA0E;IAC1E,0EAA0E;IAC1E,yEAAyE;IACzE,IAAI,kBAAkB,KAAK,kBAAkB,EAAE,CAAC;QAC9C,OAAO;YACL,EAAE,EAAE,KAAK;YACT,KAAK,EACH,kFAAkF;gBAClF,qDAAqD;gBACrD,oFAAoF;gBACpF,mCAAmC;SACtC,CAAC;IACJ,CAAC;IAED,+EAA+E;IAC/E,sEAAsE;IACtE,MAAM,OAAO,GAAG;QACd,OAAO;QACP,aAAa;QACb,UAAU;QACV,QAAQ;QACR,KAAK;KACN,CAAC;IAEF,IAAI,cAAsB,CAAC;IAC3B,IAAI,CAAC;QACH,cAAc,GAAG,MAAM,CAAC,IAAI,CAAC,sBAAsB,CAAC,OAAO,CAAC,EAAE,MAAM,CAAC,CAAC;IACxE,CAAC;IAAC,OAAO,CAAC,EAAE,CAAC;QACX,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,uCAAwC,CAAW,CAAC,OAAO,EAAE,EAAE,CAAC;IAC7F,CAAC;IAED,MAAM,SAAS,GAAG,MAAM,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,cAAc,CAAC,CAAC,MAAM,EAAE,CAAC;IAC9E,MAAM,YAAY,GAAG,SAAS,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;IAE/C,IAAI,WAAW,KAAK,YAAY,EAAE,CAAC;QACjC,OAAO;YACL,EAAE,EAAE,KAAK;YACT,KAAK,EAAE,yCAAyC,YAAY,SAAS,WAAW,2BAA2B;SAC5G,CAAC;IACJ,CAAC;IAED,iFAAiF;IACjF,MAAM,QAAQ,GAAG,aAAa,CAAC,SAAmB,EAAE,IAAI,UAAU,CAAC,SAAS,CAAC,EAAE,kBAAkB,CAAC,CAAC;IACnG,IAAI,CAAC,QAAQ,EAAE,CAAC;QACd,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,yDAAyD,EAAE,CAAC;IACzF,CAAC;IAED,4BAA4B;IAC5B,MAAM,GAAG,GAAG,UAAqC,CAAC;IAClD,MAAM,gBAAgB,GAAqB;QACzC,KAAK,EAAE,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;YACrC,CAAC,CAAE,GAAG,CAAC,YAAY,CAAe,CAAC,MAAM,CAAC,CAAC,CAAC,EAAe,EAAE,CAAC,OAAO,CAAC,KAAK,QAAQ,CAAC;YACpF,CAAC,CAAC,EAAE;QACN,aAAa,EAAE,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,GAAI,GAAG,CAAC,eAAe,CAAe,CAAC,CAAC,CAAC,CAAC,EAAE;QAClG,qBAAqB,EAAE,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,uBAAuB,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,GAAI,GAAG,CAAC,uBAAuB,CAAe,CAAC,CAAC,CAAC,CAAC,EAAE;QAC1H,6BAA6B,EAAE,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,+BAA+B,CAAC,CAAC;YAChF,CAAC,CAAE,GAAG,CAAC,+BAA+B,CAAe,CAAC,MAAM,CAAC,CAAC,CAAC,EAAe,EAAE,CAAC,OAAO,CAAC,KAAK,QAAQ,CAAC;YACvG,CAAC,CAAC,EAAE;QACN,cAAc,EAAE,QAAkB;QAClC,WAAW,EAAE,WAAqB;QAClC,iFAAiF;QACjF,kBAAkB,EAAE,kBAAkB;KACvC,CAAC;IAEF,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,UAAU,EAAE,gBAAgB,EAAE,CAAC;AACpD,CAAC;AAED,8EAA8E;AAC9E,mBAAmB;AACnB,8EAA8E;AAE9E,wFAAwF;AACxF,MAAM,UAAU,qBAAqB,CACnC,QAAiC,EACjC,IAAsB;IAEtB,MAAM,KAAK,GAAa,EAAE,CAAC;IAE3B,MAAM,SAAS,GAAG,QAAQ,EAAE,KAAK,IAAI,EAAE,CAAC;IACxC,MAAM,SAAS,GAAG,IAAI,CAAC,KAAK,CAAC;IAC7B,MAAM,UAAU,GAAG,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC;IACnE,MAAM,YAAY,GAAG,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC;IAErE,IAAI,UAAU,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC1B,KAAK,MAAM,CAAC,IAAI,UAAU;YAAE,KAAK,CAAC,IAAI,CAAC,YAAY,CAAC,EAAE,CAAC,CAAC;IAC1D,CAAC;IACD,IAAI,YAAY,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC5B,KAAK,MAAM,CAAC,IAAI,YAAY;YAAE,KAAK,CAAC,IAAI,CAAC,YAAY,CAAC,EAAE,CAAC,CAAC;IAC5D,CAAC;IAED,MAAM,aAAa,GAAG,CAAC,QAAQ,EAAE,aAAa,IAAI,EAAE,CAAc,CAAC;IACnE,MAAM,aAAa,GAAG,IAAI,CAAC,aAA0B,CAAC;IACtD,IAAI,IAAI,CAAC,SAAS,CAAC,aAAa,CAAC,KAAK,IAAI,CAAC,SAAS,CAAC,aAAa,CAAC,EAAE,CAAC;QACpE,IAAI,aAAa,CAAC,MAAM,KAAK,CAAC,IAAI,aAAa,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC3D,KAAK,CAAC,IAAI,CAAC,oBAAoB,aAAa,CAAC,MAAM,oBAAoB,CAAC,CAAC;QAC3E,CAAC;aAAM,IAAI,aAAa,CAAC,MAAM,KAAK,CAAC,IAAI,aAAa,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAClE,KAAK,CAAC,IAAI,CAAC,oBAAoB,aAAa,CAAC,MAAM,8BAA8B,CAAC,CAAC;QACrF,CAAC;aAAM,CAAC;YACN,KAAK,CAAC,IAAI,CAAC,oBAAoB,aAAa,CAAC,MAAM,MAAM,aAAa,CAAC,MAAM,cAAc,CAAC,CAAC;QAC/F,CAAC;IACH,CAAC;IAED,MAAM,SAAS,GAAG,CAAC,QAAQ,EAAE,qBAAqB,IAAI,EAAE,CAAc,CAAC;IACvE,MAAM,SAAS,GAAG,IAAI,CAAC,qBAAkC,CAAC;IAC1D,IAAI,IAAI,CAAC,SAAS,CAAC,SAAS,CAAC,KAAK,IAAI,CAAC,SAAS,CAAC,SAAS,CAAC,EAAE,CAAC;QAC5D,KAAK,CAAC,IAAI,CAAC,4BAA4B,SAAS,CAAC,MAAM,MAAM,SAAS,CAAC,MAAM,EAAE,CAAC,CAAC;IACnF,CAAC;IAED,MAAM,aAAa,GAAG,QAAQ,EAAE,6BAA6B,IAAI,EAAE,CAAC;IACpE,MAAM,aAAa,GAAG,IAAI,CAAC,6BAA6B,CAAC;IACzD,MAAM,cAAc,GAAG,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,aAAa,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC;IAC/E,MAAM,gBAAgB,GAAG,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,aAAa,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC;IACjF,KAAK,MAAM,CAAC,IAAI,cAAc;QAAE,KAAK,CAAC,IAAI,CAAC,oCAAoC,CAAC,EAAE,CAAC,CAAC;IACpF,KAAK,MAAM,CAAC,IAAI,gBAAgB;QAAE,KAAK,CAAC,IAAI,CAAC,oCAAoC,CAAC,EAAE,CAAC,CAAC;IAEtF,MAAM,YAAY,GAAG,QAAQ,EAAE,cAAc,IAAI,QAAQ,CAAC;IAC1D,IAAI,YAAY,KAAK,IAAI,CAAC,cAAc,EAAE,CAAC;QACzC,KAAK,CAAC,IAAI,CAAC,qBAAqB,YAAY,MAAM,IAAI,CAAC,cAAc,EAAE,CAAC,CAAC;IAC3E,CAAC;IAED,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACvB,KAAK,CAAC,IAAI,CAAC,2BAA2B,CAAC,CAAC;IAC1C,CAAC;IAED,OAAO,KAAK,CAAC;AACf,CAAC;AAED,8EAA8E;AAC9E,sCAAsC;AACtC,8EAA8E;AAE9E;;;;;;;;;;;;;;GAcG;AACH,MAAM,UAAU,sBAAsB,CACpC,UAAkB,EAClB,OAAe,EACf,aAA+B;IAE/B,MAAM,QAAQ,GAAa,EAAE,CAAC;IAE9B,IAAI,MAAM,GAA4B,EAAE,CAAC;IACzC,IAAI,EAAE,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;QAC9B,IAAI,CAAC;YACH,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,YAAY,CAAC,UAAU,EAAE,OAAO,CAAC,CAA4B,CAAC;QACvF,CAAC;QAAC,MAAM,CAAC,CAAC,WAAW,CAAC,CAAC;IACzB,CAAC;IAED,4EAA4E;IAC5E,MAAM,WAAW,GAAI,MAAM,CAAC,UAAU,CAAyC,IAAI,EAAE,CAAC;IACtF,MAAM,QAAQ,GAAG,WAAW,CAAC,OAAO,CAA8B,CAAC;IACnE,MAAM,eAAe,GAAG,QAAQ,EAAE,UAAU,EAAE,KAAK,IAAI,IAAI,CAAC;IAC5D,MAAM,UAAU,GAAa,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;QACzD,CAAC,CAAE,MAAM,CAAC,OAAO,CAAe,CAAC,MAAM,CAAC,CAAC,CAAC,EAAe,EAAE,CAAC,OAAO,CAAC,KAAK,QAAQ,CAAC;QAClF,CAAC,CAAC,EAAE,CAAC;IAEP,IAAI,eAAe,KAAK,IAAI,EAAE,CAAC;QAC7B,yDAAyD;QACzD,MAAM,QAAQ,GAAG,IAAI,GAAG,CAAC,UAAU,CAAC,CAAC;QACrC,MAAM,aAAa,GAAG,IAAI,GAAG,CAAC,eAAe,CAAC,CAAC;QAC/C,MAAM,SAAS,GAAG,UAAU,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,aAAa,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;QAClE,MAAM,WAAW,GAAG,eAAe,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;QACpE,IAAI,SAAS,CAAC,MAAM,GAAG,CAAC,IAAI,WAAW,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACnD,MAAM,MAAM,GAAG;gBACb,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;gBACnC,GAAG,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;aACtC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACb,QAAQ,CAAC,IAAI,CACX,wCAAwC,OAAO,IAAI;gBACnD,iDAAiD,MAAM,KAAK;gBAC5D,wDAAwD,CACzD,CAAC;QACJ,CAAC;IACH,CAAC;IAED,6EAA6E;IAC7E,uEAAuE;IACvE,MAAM,WAAW,GAAG,IAAI,GAAG,CAAC,aAAa,CAAC,KAAK,CAAC,CAAC;IACjD,wDAAwD;IACxD,KAAK,MAAM,CAAC,OAAO,EAAE,SAAS,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,WAAW,CAAC,EAAE,CAAC;QAC/D,IAAI,OAAO,KAAK,OAAO;YAAE,SAAS;QAClC,MAAM,KAAK,GAAG,SAAsC,CAAC;QACrD,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,EAAE,UAAU,EAAE,KAAK,CAAC,EAAE,CAAC;YAC5C,KAAK,MAAM,CAAC,IAAI,KAAK,CAAC,UAAU,CAAC,KAAK;gBAAE,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;QAC7D,CAAC;IACH,CAAC;IACD,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,GAAG,WAAW,CAAC,CAAC,IAAI,EAAE,CAAC;IAE1C,2BAA2B;IAC3B,MAAM,eAAe,GAAkB;QACrC,OAAO;QACP,QAAQ,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;QAClC,UAAU,EAAE,aAAa;KAC1B,CAAC;IACF,MAAM,CAAC,UAAU,CAAC,GAAG;QACnB,GAAG,WAAW;QACd,CAAC,OAAO,CAAC,EAAE,eAAe;KAC3B,CAAC;IAEF,2DAA2D;IAC3D,EAAE,CAAC,aAAa,CAAC,UAAU,EAAE,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;IAC/E,IAAI,CAAC;QAAC,EAAE,CAAC,SAAS,CAAC,UAAU,EAAE,KAAK,CAAC,CAAC;IAAC,CAAC;IAAC,MAAM,CAAC,CAAC,4BAA4B,CAAC,CAAC;IAE/E,OAAO,EAAE,QAAQ,EAAE,CAAC;AACtB,CAAC;AAED,8EAA8E;AAC9E,oBAAoB;AACpB,8EAA8E;AAE9E;;;;;;;GAOG;AACH,MAAM,CAAC,KAAK,UAAU,cAAc,CAClC,IAAc,EACd,aAAqB,OAAO,CAAC,GAAG,EAAE,EAClC,UAcI,EAAE;IAEN,MAAM,SAAS,GAAG,IAAI,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC;IAC3C,MAAM,WAAW,GAAG,CAAC,GAAG,EAAE;QACxB,MAAM,GAAG,GAAG,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;QACpC,OAAO,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;IAC9C,CAAC,CAAC,EAAE,CAAC;IACL,MAAM,oBAAoB,GAAG,CAAC,GAAG,EAAE;QACjC,MAAM,GAAG,GAAG,IAAI,CAAC,OAAO,CAAC,kBAAkB,CAAC,CAAC;QAC7C,OAAO,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;IAC9C,CAAC,CAAC,EAAE,CAAC;IAEL,MAAM,GAAG,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,GAAG,EAAE,GAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAS,EAAE,EAAE,CAAC,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,GAAG,IAAI,CAAC,CAAC;IACtF,MAAM,GAAG,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,GAAG,EAAE,GAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAS,EAAE,EAAE,CAAC,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,GAAG,IAAI,CAAC,CAAC;IAEtF,wBAAwB;IACxB,MAAM,UAAU,GAAG,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,kBAAkB,CAAC,CAAC;IAC7D,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;QAC/B,GAAG,CAAC,4DAA4D,CAAC,CAAC;QAClE,OAAO,EAAE,MAAM,EAAE,CAAC,SAAS,EAAE,KAAK,EAAE,EAAE,EAAE,OAAO,EAAE,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,CAAC;IAClE,CAAC;IAED,IAAI,MAA+B,CAAC;IACpC,IAAI,CAAC;QACH,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,YAAY,CAAC,UAAU,EAAE,OAAO,CAAC,CAA4B,CAAC;IACvF,CAAC;IAAC,OAAO,CAAC,EAAE,CAAC;QACX,GAAG,CAAC,qCAAsC,CAAW,CAAC,OAAO,EAAE,CAAC,CAAC;QACjE,OAAO,EAAE,MAAM,EAAE,CAAC,SAAS,EAAE,KAAK,EAAE,EAAE,EAAE,OAAO,EAAE,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,CAAC;IAClE,CAAC;IAED,8EAA8E;IAC9E,MAAM,OAAO,GAAI,MAAM,CAAC,SAAS,CAAyC,IAAI,EAAE,CAAC;IACjF,MAAM,YAAY,GAAG,CACnB,oBAAoB;QACpB,CAAC,OAAO,OAAO,CAAC,cAAc,CAAC,KAAK,QAAQ,CAAC,CAAC,CAAC,OAAO,CAAC,cAAc,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;QAC9E,sBAAsB,CACvB,CAAC;IAEF,oEAAoE;IACpE,MAAM,SAAS,GAAG,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;QAC/C,CAAC,CAAE,MAAM,CAAC,QAAQ,CAA6B;QAC/C,CAAC,CAAC,EAAE,CAAC;IAEP,qEAAqE;IACrE,uDAAuD;IACvD,MAAM,mBAAmB,GACvB,SAAS,CAAC,MAAM,KAAK,CAAC;QACtB,OAAO,OAAO,CAAC,SAAS,CAAC,KAAK,QAAQ;QACtC,OAAO,OAAO,CAAC,cAAc,CAAC,KAAK,QAAQ;QACzC,CAAC,CAAC;YACE,OAAO,EAAE,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;YACnC,OAAO,EAAE,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;YACnC,YAAY,EAAE,MAAM,CAAC,OAAO,CAAC,cAAc,CAAC,CAAC;YAC7C,UAAU,EAAE,IAAI;YAChB,QAAQ,EAAE,SAAS;SACpB;QACH,CAAC,CAAC,IAAI,CAAC;IAEX,MAAM,SAAS,GACb,SAAS,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,mBAAmB,CAAC,CAAC,CAAC,CAAC,mBAAmB,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;IAEtF,IAAI,SAAS,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC3B,GAAG,CACD,uCAAuC;YACvC,uEAAuE,CACxE,CAAC;QACF,OAAO,EAAE,MAAM,EAAE,CAAC,SAAS,EAAE,KAAK,EAAE,EAAE,EAAE,OAAO,EAAE,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,CAAC;IAClE,CAAC;IAED,kDAAkD;IAClD,MAAM,MAAM,GAAG,WAAW;QACxB,CAAC,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,KAAK,WAAW,IAAI,CAAC,CAAC,OAAO,KAAK,WAAW,CAAC;QACjF,CAAC,CAAC,SAAS,CAAC;IAEd,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACxB,GAAG,CAAC,6BAA6B,WAAW,6BAA6B,CAAC,CAAC;QAC3E,OAAO,EAAE,MAAM,EAAE,CAAC,SAAS,EAAE,KAAK,EAAE,EAAE,EAAE,OAAO,EAAE,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,CAAC;IAClE,CAAC;IAED,IAAI,CAAC,SAAS,EAAE,CAAC;QACf,GAAG,CAAC,8DAA8D,CAAC,CAAC;IACtE,CAAC;IACD,GAAG,CAAC,kBAAkB,YAAY,EAAE,CAAC,CAAC;IACtC,GAAG,CAAC,kBAAkB,MAAM,CAAC,MAAM,EAAE,CAAC,CAAC;IAEvC,MAAM,OAAO,GAAG,OAAO,CAAC,aAAa,IAAI,WAAW,CAAC;IACrD,MAAM,aAAa,GAAG,OAAO,CAAC,kBAAkB,IAAI,gBAAgB,CAAC;IAErE,gFAAgF;IAChF,2EAA2E;IAC3E,8EAA8E;IAC9E,gFAAgF;IAChF,8EAA8E;IAC9E,gFAAgF;IAChF,kDAAkD;IAClD,MAAM,YAAY,GAAG,OAAO,OAAO,CAAC,cAAc,CAAC,KAAK,QAAQ,CAAC,CAAC,CAAC,OAAO,CAAC,cAAc,CAAW,CAAC,CAAC,CAAC,IAAI,CAAC;IAC5G,IAAI,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,YAAY,CAAC,IAAI,YAAY,EAAE,CAAC;QACxD,GAAG,CAAC,+CAA+C,CAAC,CAAC;QACrD,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,QAAQ,EAAE,GAAG,aAAa,CAAC,YAAY,EAAE,YAAY,CAAC,CAAC;QAC9E,IAAI,MAAM,IAAI,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAChC,MAAM,IAAI,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC;YACxD,IAAI,MAAM,GAAG,CAAC,CAAC;YACf,4EAA4E;YAC5E,yEAAyE;YACzE,MAAM,eAAe,GAAG,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,QAAQ,CAA4B,CAAC,CAAC,CAAC,EAAE,CAAC;YAC3G,KAAK,MAAM,CAAC,IAAI,eAAe,EAAE,CAAC;gBAChC,MAAM,CAAC,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC;gBAC9B,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,YAAY,EAAE,CAAC;oBAAC,CAAC,CAAC,YAAY,GAAG,CAAC,CAAC,YAAY,CAAC;oBAAC,IAAI,CAAC,CAAC,UAAU;wBAAE,CAAC,CAAC,UAAU,GAAG,CAAC,CAAC,UAAU,CAAC;oBAAC,MAAM,EAAE,CAAC;gBAAC,CAAC;YACzH,CAAC;YACD,KAAK,MAAM,CAAC,IAAI,MAAM,EAAE,CAAC;gBACvB,MAAM,CAAC,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC;gBAC9B,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,YAAY,EAAE,CAAC;oBAAC,CAAC,CAAC,YAAY,GAAG,CAAC,CAAC,YAAY,CAAC;oBAAC,IAAI,CAAC,CAAC,UAAU;wBAAE,CAAC,CAAC,UAAU,GAAG,CAAC,CAAC,UAAU,CAAC;gBAAC,CAAC;YAC/G,CAAC;YACD,6EAA6E;YAC7E,2EAA2E;YAC3E,IAAI,MAAM,GAAG,CAAC,IAAI,SAAS,EAAE,CAAC;gBAC5B,MAAM,CAAC,QAAQ,CAAC,GAAG,eAAe,CAAC;gBACnC,IAAI,CAAC;oBACH,EAAE,CAAC,aAAa,CAAC,UAAU,EAAE,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;oBAC/E,IAAI,CAAC;wBAAC,EAAE,CAAC,SAAS,CAAC,UAAU,EAAE,KAAK,CAAC,CAAC;oBAAC,CAAC;oBAAC,MAAM,CAAC,CAAC,4BAA4B,CAAC,CAAC;gBACjF,CAAC;gBAAC,MAAM,CAAC,CAAC,oDAAoD,CAAC,CAAC;YAClE,CAAC;YACD,GAAG,CAAC,oBAAoB,MAAM,kBAAkB,SAAS,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,+CAA+C,GAAG,CAAC,CAAC;QACvH,CAAC;aAAM,IAAI,QAAQ,EAAE,CAAC;YACpB,0EAA0E;YAC1E,GAAG,CAAC,4CAA4C,QAAQ,EAAE,CAAC,CAAC;QAC9D,CAAC;IACH,CAAC;IAED,MAAM,KAAK,GAAoB,EAAE,CAAC;IAClC,IAAI,OAAO,GAAG,CAAC,CAAC;IAChB,IAAI,MAAM,GAAG,CAAC,CAAC;IAEf,KAAK,MAAM,KAAK,IAAI,MAAM,EAAE,CAAC;QAC3B,MAAM,EAAE,OAAO,EAAE,YAAY,EAAE,QAAQ,EAAE,GAAG,KAAK,CAAC;QAElD,IAAI,CAAC,YAAY,EAAE,CAAC;YAClB,4EAA4E;YAC5E,4EAA4E;YAC5E,qDAAqD;YACrD,MAAM,CAAC,GAAkB;gBACvB,OAAO;gBACP,QAAQ;gBACR,MAAM,EAAE,IAAI;gBACZ,aAAa,EAAE,IAAI;gBACnB,kBAAkB,EAAE,IAAI;gBACxB,SAAS,EAAE,EAAE;gBACb,KAAK,EAAE,yFAAyF;oBAC9F,mEAAmE;aACtE,CAAC;YACF,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;YACd,GAAG,CAAC,gBAAgB,OAAO,KAAK,CAAC,CAAC,KAAK,EAAE,CAAC,CAAC;YAC3C,MAAM,EAAE,CAAC;YACT,SAAS;QACX,CAAC;QAED,oEAAoE;QACpE,GAAG,CAAC,oCAAoC,OAAO,KAAK,CAAC,CAAC;QACtD,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,UAAU,EAAE,GAAG,OAAO,CAAC,YAAY,EAAE,OAAO,EAAE,YAAY,CAAC,CAAC;QAEnF,IAAI,CAAC,MAAM,IAAI,UAAU,EAAE,CAAC;YAC1B,MAAM,CAAC,GAAkB;gBACvB,OAAO;gBACP,QAAQ;gBACR,MAAM,EAAE,IAAI;gBACZ,aAAa,EAAE,IAAI;gBACnB,kBAAkB,EAAE,IAAI;gBACxB,SAAS,EAAE,EAAE;gBACb,KAAK,EAAE,UAAU,IAAI,yBAAyB;aAC/C,CAAC;YACF,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;YACd,GAAG,CAAC,gBAAgB,OAAO,KAAK,CAAC,CAAC,KAAK,EAAE,CAAC,CAAC;YAC3C,GAAG,CAAC,uEAAuE,CAAC,CAAC;YAC7E,MAAM,EAAE,CAAC;YACT,SAAS;QACX,CAAC;QAED,mEAAmE;QACnE,wEAAwE;QACxE,iEAAiE;QACjE,MAAM,kBAAkB,GAAG,OAAO,MAAM,CAAC,cAAc,CAAC,KAAK,QAAQ;YACnE,CAAC,CAAC,MAAM,CAAC,cAAc,CAAC;YACxB,CAAC,CAAC,SAAS,CAAC;QAEd,uEAAuE;QACvE,oEAAoE;QACpE,MAAM,YAAY,GAAG,YAAY,CAAC,MAAM,EAAE,kBAAkB,CAAC,CAAC;QAC9D,IAAI,CAAC,YAAY,CAAC,EAAE,EAAE,CAAC;YACrB,MAAM,CAAC,GAAkB;gBACvB,OAAO;gBACP,QAAQ;gBACR,MAAM;gBACN,aAAa,EAAE,IAAI;gBACnB,kBAAkB,EAAE,IAAI;gBACxB,SAAS,EAAE,EAAE;gBACb,KAAK,EAAE,YAAY,CAAC,KAAK;aAC1B,CAAC;YACF,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;YACd,GAAG,CAAC,gBAAgB,OAAO,gBAAgB,YAAY,CAAC,KAAK,EAAE,CAAC,CAAC;YACjE,GAAG,CAAC,gCAAgC,CAAC,CAAC;YACtC,MAAM,EAAE,CAAC;YACT,SAAS;QACX,CAAC;QAED,MAAM,aAAa,GAAG,YAAY,CAAC,UAAU,CAAC;QAE9C,uCAAuC;QACvC,MAAM,WAAW,GAAI,MAAM,CAAC,UAAU,CAAyC,IAAI,EAAE,CAAC;QACtF,MAAM,QAAQ,GAAG,WAAW,CAAC,OAAO,CAA8B,CAAC;QACnE,MAAM,kBAAkB,GAAG,QAAQ,EAAE,UAAU,IAAI,IAAI,CAAC;QAExD,eAAe;QACf,MAAM,SAAS,GAAG,qBAAqB,CAAC,kBAAkB,EAAE,aAAa,CAAC,CAAC;QAE3E,MAAM,CAAC,GAAkB;YACvB,OAAO;YACP,QAAQ;YACR,MAAM;YACN,aAAa;YACb,kBAAkB;YAClB,SAAS;SACV,CAAC;QACF,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAEd,aAAa;QACb,GAAG,CAAC,kBAAkB,OAAO,GAAG,QAAQ,CAAC,CAAC,CAAC,KAAK,QAAQ,GAAG,CAAC,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;QACrE,KAAK,MAAM,IAAI,IAAI,SAAS,EAAE,CAAC;YAC7B,GAAG,CAAC,KAAK,IAAI,EAAE,CAAC,CAAC;QACnB,CAAC;QAED,IAAI,SAAS,EAAE,CAAC;YACd,MAAM,EAAE,QAAQ,EAAE,GAAG,sBAAsB,CAAC,UAAU,EAAE,OAAO,EAAE,aAAa,CAAC,CAAC;YAChF,wEAAwE;YACxE,IAAI,CAAC;gBACH,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,YAAY,CAAC,UAAU,EAAE,OAAO,CAAC,CAA4B,CAAC;YACvF,CAAC;YAAC,MAAM,CAAC,CAAC,cAAc,CAAC,CAAC;YAE1B,KAAK,MAAM,CAAC,IAAI,QAAQ,EAAE,CAAC;gBACzB,GAAG,CAAC,CAAC,CAAC,CAAC;YACT,CAAC;YACD,GAAG,CAAC,gBAAgB,OAAO,YAAY,CAAC,CAAC;YACzC,OAAO,EAAE,CAAC;QACZ,CAAC;IACH,CAAC;IAED,IAAI,CAAC,SAAS,IAAI,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,aAAa,KAAK,IAAI,CAAC,EAAE,CAAC;QAC9D,GAAG,CAAC,kEAAkE,CAAC,CAAC;IAC1E,CAAC;SAAM,IAAI,SAAS,EAAE,CAAC;QACrB,GAAG,CAAC,oBAAoB,OAAO,IAAI,MAAM,CAAC,MAAM,sBAAsB,MAAM,GAAG,CAAC,CAAC;IACnF,CAAC;IAED,OAAO,EAAE,MAAM,EAAE,CAAC,SAAS,EAAE,KAAK,EAAE,OAAO,EAAE,MAAM,EAAE,CAAC;AACxD,CAAC"}

package/dist/hooks/audit-logger.sh CHANGED Viewed

@@ -287,6 +287,27 @@ fi
 # stored in .governance.json (mode 0600). The /cluster-events route
 # validates the JWT and enforces tenant binding (Invariant 7 — body
 # orgId MUST match the token's `org` claim).
+#
+# F3 (CORRECTNESS 2026-06-09): per-agent runtime attribution.
+#   Before F3, every tool call in a project pushed under the FIRST agent's
+#   identity (runtime.agentId / runtime.serviceToken), regardless of which
+#   agent was actually running. The CLI now writes a per-agent `agents[]`
+#   array with { localId, agentId, serviceToken, filePath } entries.
+#
+#   Resolution priority:
+#     1. CXNI_AGENT_FILE env var (operator sets this per-agent session, e.g.
+#        CXNI_AGENT_FILE=".claude/agents/kai-agent.md") → look up matching
+#        filePath in agents[] and use that entry's agentId + serviceToken.
+#     2. Fallback: runtime.agentId + runtime.serviceToken (pre-F3 behavior).
+#        A fallback-used advisory is written to the local audit JSONL so
+#        operators know per-agent attribution was not available.
+#
+# F4 (SECURITY 2026-06-09): serviceToken off curl argv.
+#   Before F4, the bearer token appeared as `-H "Authorization: Bearer $TOKEN"`
+#   on the curl command line, visible in `ps aux` to any local user.
+#   Fix: write the Authorization header to a 0600 temp file and pass it via
+#   `curl -H @<tmpfile>`. The tmpfile is removed immediately after curl exits
+#   (or in the same background shell if detached).
 PROJECT_ROOT=""
 SEARCH_DIR="$AUDIT_DIR"
 while [ "$SEARCH_DIR" != "/" ] && [ -n "$SEARCH_DIR" ]; do
@@ -300,8 +321,58 @@ done
 if [ -n "$PROJECT_ROOT" ] && command -v jq >/dev/null 2>&1 && command -v curl >/dev/null 2>&1; then
   GOV_URL="$(jq -r '.runtime.govServerUrl // empty' "$PROJECT_ROOT/.governance.json" 2>/dev/null)"
   GOV_ORG="$(jq -r '.runtime.orgId // empty' "$PROJECT_ROOT/.governance.json" 2>/dev/null)"
-  GOV_AGENT="$(jq -r '.runtime.agentId // empty' "$PROJECT_ROOT/.governance.json" 2>/dev/null)"
-  GOV_TOKEN="$(jq -r '.runtime.serviceToken // empty' "$PROJECT_ROOT/.governance.json" 2>/dev/null)"
+  # F3: resolve per-agent identity from agents[] (TS-002 per-agent identity block).
+  # Match on CXNI_AGENT_FILE (the calling agent's file path set by the operator
+  # for each agent session). Fall back to runtime.* when agents[] is absent or
+  # no filePath match is found.
+  GOV_AGENT=""
+  GOV_TOKEN=""
+  _F3_ATTRIBUTION="runtime-fallback"   # tracks which resolution path was taken
+  if [ -n "${CXNI_AGENT_FILE:-}" ] && command -v jq >/dev/null 2>&1; then
+    # Attempt agents[] lookup by filePath.
+    _AGENT_ENTRY=$(jq -c \
+      --arg fp "$CXNI_AGENT_FILE" \
+      '(.agents // []) | map(select(.filePath == $fp)) | first // empty' \
+      "$PROJECT_ROOT/.governance.json" 2>/dev/null || true)
+    if [ -n "$_AGENT_ENTRY" ]; then
+      GOV_AGENT=$(printf '%s' "$_AGENT_ENTRY" | jq -r '.agentId // empty' 2>/dev/null || true)
+      GOV_TOKEN=$(printf '%s' "$_AGENT_ENTRY" | jq -r '.serviceToken // empty' 2>/dev/null || true)
+      if [ -n "$GOV_AGENT" ] && [ -n "$GOV_TOKEN" ]; then
+        _F3_ATTRIBUTION="per-agent-agents-array"
+      else
+        GOV_AGENT=""
+        GOV_TOKEN=""
+      fi
+    fi
+  fi
+  # Fallback to runtime.* when per-agent lookup failed or CXNI_AGENT_FILE not set.
+  if [ -z "$GOV_AGENT" ] || [ -z "$GOV_TOKEN" ]; then
+    GOV_AGENT="$(jq -r '.runtime.agentId // empty' "$PROJECT_ROOT/.governance.json" 2>/dev/null)"
+    GOV_TOKEN="$(jq -r '.runtime.serviceToken // empty' "$PROJECT_ROOT/.governance.json" 2>/dev/null)"
+    _F3_ATTRIBUTION="runtime-fallback"
+    # Advisory: log the fallback so operators know per-agent attribution was not
+    # available. Written to the local JSONL (not sent to the server). The message
+    # is compact — one additional field appended to the current entry is too late
+    # (already written), so we write a separate advisory line instead.
+    if [ -n "$GOV_AGENT" ] && [ -n "${CXNI_AGENT_FILE:-}" ]; then
+      _FB_ENTRY=$(jq -nc \
+        --arg ts "$TIMESTAMP" \
+        --arg sid "$SESSION_ID" \
+        --arg agentFile "${CXNI_AGENT_FILE:-}" \
+        --arg fallbackAgent "$GOV_AGENT" \
+        '{timestamp: $ts, session: $sid, kind: "F3_ATTRIBUTION_FALLBACK",
+          agentFile: $agentFile, fallbackAgentId: $fallbackAgent,
+          detail: "CXNI_AGENT_FILE set but no matching agents[] entry; using runtime.*"}' \
+        2>/dev/null || true)
+      if [ -n "$_FB_ENTRY" ]; then
+        echo "$_FB_ENTRY" >> "$AUDIT_FILE" 2>/dev/null || true
+      fi
+    fi
+  fi
   if [ -n "$GOV_URL" ] && [ -n "$GOV_ORG" ] && [ -n "$GOV_AGENT" ] && [ -n "$GOV_TOKEN" ]; then
     PUSH_BODY=$(jq -nc \
@@ -309,29 +380,56 @@ if [ -n "$PROJECT_ROOT" ] && command -v jq >/dev/null 2>&1 && command -v curl >/
       --arg org "$GOV_ORG" \
       --arg tool "${TOOL_NAME:-unknown}" \
       --arg ts "$TIMESTAMP" \
+      --arg attribution "$_F3_ATTRIBUTION" \
       '{
         kind: "AGENT_TOOL_OBSERVED",
         agentId: $agent,
         orgId: $org,
         tool: $tool,
         timestamp: $ts,
+        attribution: $attribution,
         manifest: { agentId: $agent, tools: [$tool] }
       }' 2>/dev/null)
     if [ -n "$PUSH_BODY" ]; then
+      # F4 (SECURITY 2026-06-09): write the Authorization header to a 0600 temp
+      # file so the serviceToken never appears on the curl command line (visible
+      # in `ps aux`). The tmpfile is created atomically and removed after the
+      # backgrounded curl subprocess exits. `mktemp` is portable (POSIX).
+      #
+      # CONDITION-3 (Shield 2026-06-09): register an EXIT trap in the PARENT
+      # shell so the tmpfile is cleaned up even if the detached subshell is
+      # SIGKILLed (SIGKILL cannot be caught by the subshell, so the `rm -f`
+      # inside the subshell would not run). The parent EXIT trap fires on any
+      # exit path including SIGKILL delivery to the parent (via the OS process
+      # reap). The variable is initialised to empty so the trap is safe to
+      # register before `mktemp` runs.
+      _AUTH_TMPFILE=""
+      trap 'rm -f "$_AUTH_TMPFILE" 2>/dev/null' EXIT
+      #
       # Fully detach the push: `setsid` (when present — Linux; absent on a
       # default macOS) puts curl in its own session/process group, and
       # `</dev/null` severs inherited stdin, so it can never be tied to the
       # hook's lifecycle or block on a pipe. `--max-time 2` caps it regardless.
       # The local JSONL row was written above; if the push fails, the next hook
       # fire or a periodic batch sweep can replay from disk.
-      _DETACH=""; command -v setsid >/dev/null 2>&1 && _DETACH="setsid"
-      $_DETACH curl --silent --show-error --max-time 2 --connect-timeout 1 \
-        --output /dev/null \
-        -X POST "${GOV_URL%/}/api/v1/cluster-events/self-registration" \
-        -H "Authorization: Bearer $GOV_TOKEN" \
-        -H "Content-Type: application/json" \
-        --data "$PUSH_BODY" </dev/null >/dev/null 2>&1 &
-      disown 2>/dev/null || true
+      _AUTH_TMPFILE=$(mktemp 2>/dev/null || true)
+      if [ -n "$_AUTH_TMPFILE" ]; then
+        chmod 0600 "$_AUTH_TMPFILE" 2>/dev/null || true
+        printf 'Authorization: Bearer %s\n' "$GOV_TOKEN" > "$_AUTH_TMPFILE" 2>/dev/null || true
+        _DETACH=""; command -v setsid >/dev/null 2>&1 && _DETACH="setsid"
+        $_DETACH bash -c "
+          curl --silent --show-error --max-time 2 --connect-timeout 1 \
+            --output /dev/null \
+            -X POST '${GOV_URL%/}/api/v1/cluster-events/self-registration' \
+            -H '@${_AUTH_TMPFILE}' \
+            -H 'Content-Type: application/json' \
+            --data '$(printf '%s' "$PUSH_BODY" | sed "s/'/'\'''/g")' \
+            </dev/null >/dev/null 2>&1
+          rm -f '${_AUTH_TMPFILE}'
+        " </dev/null >/dev/null 2>&1 &
+        disown 2>/dev/null || true
+      fi
     fi
   fi
 fi

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@connexum/ai-governance",
-  "version": "1.0.0-beta.21",
+  "version": "1.0.0-beta.22",
   "description": "Enterprise AI agent governance framework. Hook-based enforcement, compliance packs (SOC 2, HIPAA, GDPR, PCI DSS, DORA, EU AI Act, ISO 27001), audit trails, multi-LLM adapter architecture (Claude production today; additional providers on roadmap).",
   "main": "dist/index.js",
   "module": "dist/esm/index.js",

package/src/hooks/audit-logger.sh CHANGED Viewed

@@ -287,6 +287,27 @@ fi
 # stored in .governance.json (mode 0600). The /cluster-events route
 # validates the JWT and enforces tenant binding (Invariant 7 — body
 # orgId MUST match the token's `org` claim).
+#
+# F3 (CORRECTNESS 2026-06-09): per-agent runtime attribution.
+#   Before F3, every tool call in a project pushed under the FIRST agent's
+#   identity (runtime.agentId / runtime.serviceToken), regardless of which
+#   agent was actually running. The CLI now writes a per-agent `agents[]`
+#   array with { localId, agentId, serviceToken, filePath } entries.
+#
+#   Resolution priority:
+#     1. CXNI_AGENT_FILE env var (operator sets this per-agent session, e.g.
+#        CXNI_AGENT_FILE=".claude/agents/kai-agent.md") → look up matching
+#        filePath in agents[] and use that entry's agentId + serviceToken.
+#     2. Fallback: runtime.agentId + runtime.serviceToken (pre-F3 behavior).
+#        A fallback-used advisory is written to the local audit JSONL so
+#        operators know per-agent attribution was not available.
+#
+# F4 (SECURITY 2026-06-09): serviceToken off curl argv.
+#   Before F4, the bearer token appeared as `-H "Authorization: Bearer $TOKEN"`
+#   on the curl command line, visible in `ps aux` to any local user.
+#   Fix: write the Authorization header to a 0600 temp file and pass it via
+#   `curl -H @<tmpfile>`. The tmpfile is removed immediately after curl exits
+#   (or in the same background shell if detached).
 PROJECT_ROOT=""
 SEARCH_DIR="$AUDIT_DIR"
 while [ "$SEARCH_DIR" != "/" ] && [ -n "$SEARCH_DIR" ]; do
@@ -300,8 +321,58 @@ done
 if [ -n "$PROJECT_ROOT" ] && command -v jq >/dev/null 2>&1 && command -v curl >/dev/null 2>&1; then
   GOV_URL="$(jq -r '.runtime.govServerUrl // empty' "$PROJECT_ROOT/.governance.json" 2>/dev/null)"
   GOV_ORG="$(jq -r '.runtime.orgId // empty' "$PROJECT_ROOT/.governance.json" 2>/dev/null)"
-  GOV_AGENT="$(jq -r '.runtime.agentId // empty' "$PROJECT_ROOT/.governance.json" 2>/dev/null)"
-  GOV_TOKEN="$(jq -r '.runtime.serviceToken // empty' "$PROJECT_ROOT/.governance.json" 2>/dev/null)"
+  # F3: resolve per-agent identity from agents[] (TS-002 per-agent identity block).
+  # Match on CXNI_AGENT_FILE (the calling agent's file path set by the operator
+  # for each agent session). Fall back to runtime.* when agents[] is absent or
+  # no filePath match is found.
+  GOV_AGENT=""
+  GOV_TOKEN=""
+  _F3_ATTRIBUTION="runtime-fallback"   # tracks which resolution path was taken
+  if [ -n "${CXNI_AGENT_FILE:-}" ] && command -v jq >/dev/null 2>&1; then
+    # Attempt agents[] lookup by filePath.
+    _AGENT_ENTRY=$(jq -c \
+      --arg fp "$CXNI_AGENT_FILE" \
+      '(.agents // []) | map(select(.filePath == $fp)) | first // empty' \
+      "$PROJECT_ROOT/.governance.json" 2>/dev/null || true)
+    if [ -n "$_AGENT_ENTRY" ]; then
+      GOV_AGENT=$(printf '%s' "$_AGENT_ENTRY" | jq -r '.agentId // empty' 2>/dev/null || true)
+      GOV_TOKEN=$(printf '%s' "$_AGENT_ENTRY" | jq -r '.serviceToken // empty' 2>/dev/null || true)
+      if [ -n "$GOV_AGENT" ] && [ -n "$GOV_TOKEN" ]; then
+        _F3_ATTRIBUTION="per-agent-agents-array"
+      else
+        GOV_AGENT=""
+        GOV_TOKEN=""
+      fi
+    fi
+  fi
+  # Fallback to runtime.* when per-agent lookup failed or CXNI_AGENT_FILE not set.
+  if [ -z "$GOV_AGENT" ] || [ -z "$GOV_TOKEN" ]; then
+    GOV_AGENT="$(jq -r '.runtime.agentId // empty' "$PROJECT_ROOT/.governance.json" 2>/dev/null)"
+    GOV_TOKEN="$(jq -r '.runtime.serviceToken // empty' "$PROJECT_ROOT/.governance.json" 2>/dev/null)"
+    _F3_ATTRIBUTION="runtime-fallback"
+    # Advisory: log the fallback so operators know per-agent attribution was not
+    # available. Written to the local JSONL (not sent to the server). The message
+    # is compact — one additional field appended to the current entry is too late
+    # (already written), so we write a separate advisory line instead.
+    if [ -n "$GOV_AGENT" ] && [ -n "${CXNI_AGENT_FILE:-}" ]; then
+      _FB_ENTRY=$(jq -nc \
+        --arg ts "$TIMESTAMP" \
+        --arg sid "$SESSION_ID" \
+        --arg agentFile "${CXNI_AGENT_FILE:-}" \
+        --arg fallbackAgent "$GOV_AGENT" \
+        '{timestamp: $ts, session: $sid, kind: "F3_ATTRIBUTION_FALLBACK",
+          agentFile: $agentFile, fallbackAgentId: $fallbackAgent,
+          detail: "CXNI_AGENT_FILE set but no matching agents[] entry; using runtime.*"}' \
+        2>/dev/null || true)
+      if [ -n "$_FB_ENTRY" ]; then
+        echo "$_FB_ENTRY" >> "$AUDIT_FILE" 2>/dev/null || true
+      fi
+    fi
+  fi
   if [ -n "$GOV_URL" ] && [ -n "$GOV_ORG" ] && [ -n "$GOV_AGENT" ] && [ -n "$GOV_TOKEN" ]; then
     PUSH_BODY=$(jq -nc \
@@ -309,29 +380,56 @@ if [ -n "$PROJECT_ROOT" ] && command -v jq >/dev/null 2>&1 && command -v curl >/
       --arg org "$GOV_ORG" \
       --arg tool "${TOOL_NAME:-unknown}" \
       --arg ts "$TIMESTAMP" \
+      --arg attribution "$_F3_ATTRIBUTION" \
       '{
         kind: "AGENT_TOOL_OBSERVED",
         agentId: $agent,
         orgId: $org,
         tool: $tool,
         timestamp: $ts,
+        attribution: $attribution,
         manifest: { agentId: $agent, tools: [$tool] }
       }' 2>/dev/null)
     if [ -n "$PUSH_BODY" ]; then
+      # F4 (SECURITY 2026-06-09): write the Authorization header to a 0600 temp
+      # file so the serviceToken never appears on the curl command line (visible
+      # in `ps aux`). The tmpfile is created atomically and removed after the
+      # backgrounded curl subprocess exits. `mktemp` is portable (POSIX).
+      #
+      # CONDITION-3 (Shield 2026-06-09): register an EXIT trap in the PARENT
+      # shell so the tmpfile is cleaned up even if the detached subshell is
+      # SIGKILLed (SIGKILL cannot be caught by the subshell, so the `rm -f`
+      # inside the subshell would not run). The parent EXIT trap fires on any
+      # exit path including SIGKILL delivery to the parent (via the OS process
+      # reap). The variable is initialised to empty so the trap is safe to
+      # register before `mktemp` runs.
+      _AUTH_TMPFILE=""
+      trap 'rm -f "$_AUTH_TMPFILE" 2>/dev/null' EXIT
+      #
       # Fully detach the push: `setsid` (when present — Linux; absent on a
       # default macOS) puts curl in its own session/process group, and
       # `</dev/null` severs inherited stdin, so it can never be tied to the
       # hook's lifecycle or block on a pipe. `--max-time 2` caps it regardless.
       # The local JSONL row was written above; if the push fails, the next hook
       # fire or a periodic batch sweep can replay from disk.
-      _DETACH=""; command -v setsid >/dev/null 2>&1 && _DETACH="setsid"
-      $_DETACH curl --silent --show-error --max-time 2 --connect-timeout 1 \
-        --output /dev/null \
-        -X POST "${GOV_URL%/}/api/v1/cluster-events/self-registration" \
-        -H "Authorization: Bearer $GOV_TOKEN" \
-        -H "Content-Type: application/json" \
-        --data "$PUSH_BODY" </dev/null >/dev/null 2>&1 &
-      disown 2>/dev/null || true
+      _AUTH_TMPFILE=$(mktemp 2>/dev/null || true)
+      if [ -n "$_AUTH_TMPFILE" ]; then
+        chmod 0600 "$_AUTH_TMPFILE" 2>/dev/null || true
+        printf 'Authorization: Bearer %s\n' "$GOV_TOKEN" > "$_AUTH_TMPFILE" 2>/dev/null || true
+        _DETACH=""; command -v setsid >/dev/null 2>&1 && _DETACH="setsid"
+        $_DETACH bash -c "
+          curl --silent --show-error --max-time 2 --connect-timeout 1 \
+            --output /dev/null \
+            -X POST '${GOV_URL%/}/api/v1/cluster-events/self-registration' \
+            -H '@${_AUTH_TMPFILE}' \
+            -H 'Content-Type: application/json' \
+            --data '$(printf '%s' "$PUSH_BODY" | sed "s/'/'\'''/g")' \
+            </dev/null >/dev/null 2>&1
+          rm -f '${_AUTH_TMPFILE}'
+        " </dev/null >/dev/null 2>&1 &
+        disown 2>/dev/null || true
+      fi
     fi
   fi
 fi