@connexum/ai-governance 1.0.0-beta.21 → 1.0.0-beta.23
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/cli/agent-dir-scanner.d.ts +32 -0
- package/dist/cli/agent-dir-scanner.d.ts.map +1 -1
- package/dist/cli/agent-dir-scanner.js +52 -0
- package/dist/cli/agent-dir-scanner.js.map +1 -1
- package/dist/cli/governance-md-renderer.d.ts +50 -0
- package/dist/cli/governance-md-renderer.d.ts.map +1 -0
- package/dist/cli/governance-md-renderer.js +185 -0
- package/dist/cli/governance-md-renderer.js.map +1 -0
- package/dist/cli/governance-projection-writer.d.ts +88 -0
- package/dist/cli/governance-projection-writer.d.ts.map +1 -0
- package/dist/cli/governance-projection-writer.js +291 -0
- package/dist/cli/governance-projection-writer.js.map +1 -0
- package/dist/cli/index.d.ts +85 -0
- package/dist/cli/index.d.ts.map +1 -1
- package/dist/cli/index.js +343 -2
- package/dist/cli/index.js.map +1 -1
- package/dist/cli/per-folder-identity.d.ts +79 -0
- package/dist/cli/per-folder-identity.d.ts.map +1 -0
- package/dist/cli/per-folder-identity.js +321 -0
- package/dist/cli/per-folder-identity.js.map +1 -0
- package/dist/cli/sync.d.ts +193 -0
- package/dist/cli/sync.d.ts.map +1 -0
- package/dist/cli/sync.js +1094 -0
- package/dist/cli/sync.js.map +1 -0
- package/dist/cli/wrap-shim-generator.d.ts +33 -0
- package/dist/cli/wrap-shim-generator.d.ts.map +1 -1
- package/dist/cli/wrap-shim-generator.js +93 -8
- package/dist/cli/wrap-shim-generator.js.map +1 -1
- package/dist/esm/cli/agent-dir-scanner.js +52 -0
- package/dist/esm/cli/agent-dir-scanner.js.map +1 -1
- package/dist/esm/cli/governance-md-renderer.js +182 -0
- package/dist/esm/cli/governance-md-renderer.js.map +1 -0
- package/dist/esm/cli/governance-projection-writer.js +253 -0
- package/dist/esm/cli/governance-projection-writer.js.map +1 -0
- package/dist/esm/cli/index.js +343 -3
- package/dist/esm/cli/index.js.map +1 -1
- package/dist/esm/cli/per-folder-identity.js +283 -0
- package/dist/esm/cli/per-folder-identity.js.map +1 -0
- package/dist/esm/cli/sync.js +1054 -0
- package/dist/esm/cli/sync.js.map +1 -0
- package/dist/esm/cli/wrap-shim-generator.js +92 -8
- package/dist/esm/cli/wrap-shim-generator.js.map +1 -1
- package/dist/esm/governance/governance-projection-canonical.js +101 -0
- package/dist/esm/governance/governance-projection-canonical.js.map +1 -0
- package/dist/governance/governance-projection-canonical.d.ts +104 -0
- package/dist/governance/governance-projection-canonical.d.ts.map +1 -0
- package/dist/governance/governance-projection-canonical.js +141 -0
- package/dist/governance/governance-projection-canonical.js.map +1 -0
- package/dist/hooks/audit-logger.sh +108 -10
- package/package.json +1 -1
- package/src/hooks/audit-logger.sh +108 -10
|
@@ -0,0 +1,291 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
/**
|
|
3
|
+
* Governance-projection writer — write-back RFC F2 (§3.1, §4, §10.C).
|
|
4
|
+
*
|
|
5
|
+
* The downward half of the loop: after the identity/token passes, `sync`
|
|
6
|
+
* fetches each agent's effective-governance projection from
|
|
7
|
+
* GET /api/v1/cli/agent-governance and writes
|
|
8
|
+
*
|
|
9
|
+
* <agent>/.connexum/governance.json machine-readable projection (3.1)
|
|
10
|
+
* <agent>/.connexum/GOVERNANCE.md human/LLM-readable rendering (3.2)
|
|
11
|
+
*
|
|
12
|
+
* Both files are DERIVED, REGENERABLE, SECRET-FREE — safe to commit, never
|
|
13
|
+
* hand-edited.
|
|
14
|
+
*
|
|
15
|
+
* File semantics (normative, §10.C):
|
|
16
|
+
* - All writes are atomic (temp → renameSync). No chmod — non-secret.
|
|
17
|
+
* - checksum covers the canonical POLICY body only (shared module —
|
|
18
|
+
* generatedAt/score/version/staleAfter excluded), so a score refresh or
|
|
19
|
+
* re-sync of unchanged policy never perturbs hand-edit detection.
|
|
20
|
+
* - Existing file whose stored checksum mismatches its own body ⇒ HAND-EDITED
|
|
21
|
+
* ⇒ WARN + skip, never clobber (W4). An ABSENT file (user deleted) is
|
|
22
|
+
* written fresh without WARN — absent ≠ hand-edited.
|
|
23
|
+
* - Unchanged policy (new checksum === pristine existing checksum) ⇒ skip the
|
|
24
|
+
* rewrite entirely: byte-identical files (W6) and generatedAt keeps meaning
|
|
25
|
+
* "when the policy last changed".
|
|
26
|
+
* - Fetch failure ⇒ caller never reaches the writer ⇒ prior files retained
|
|
27
|
+
* (Invariant 2 — never delete on failure).
|
|
28
|
+
*
|
|
29
|
+
* Traversal guard is REUSED from per-folder-identity.ts (Shield S-W2) — the
|
|
30
|
+
* same realpath-compared guard B1 writes identities through.
|
|
31
|
+
*
|
|
32
|
+
* @connexum/ai-governance governance-writeback-f2
|
|
33
|
+
*/
|
|
34
|
+
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
|
|
35
|
+
if (k2 === undefined) k2 = k;
|
|
36
|
+
var desc = Object.getOwnPropertyDescriptor(m, k);
|
|
37
|
+
if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
|
|
38
|
+
desc = { enumerable: true, get: function() { return m[k]; } };
|
|
39
|
+
}
|
|
40
|
+
Object.defineProperty(o, k2, desc);
|
|
41
|
+
}) : (function(o, m, k, k2) {
|
|
42
|
+
if (k2 === undefined) k2 = k;
|
|
43
|
+
o[k2] = m[k];
|
|
44
|
+
}));
|
|
45
|
+
var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
|
|
46
|
+
Object.defineProperty(o, "default", { enumerable: true, value: v });
|
|
47
|
+
}) : function(o, v) {
|
|
48
|
+
o["default"] = v;
|
|
49
|
+
});
|
|
50
|
+
var __importStar = (this && this.__importStar) || (function () {
|
|
51
|
+
var ownKeys = function(o) {
|
|
52
|
+
ownKeys = Object.getOwnPropertyNames || function (o) {
|
|
53
|
+
var ar = [];
|
|
54
|
+
for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
|
|
55
|
+
return ar;
|
|
56
|
+
};
|
|
57
|
+
return ownKeys(o);
|
|
58
|
+
};
|
|
59
|
+
return function (mod) {
|
|
60
|
+
if (mod && mod.__esModule) return mod;
|
|
61
|
+
var result = {};
|
|
62
|
+
if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
|
|
63
|
+
__setModuleDefault(result, mod);
|
|
64
|
+
return result;
|
|
65
|
+
};
|
|
66
|
+
})();
|
|
67
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
68
|
+
exports.fetchAgentGovernance = fetchAgentGovernance;
|
|
69
|
+
exports.writeGovernanceProjections = writeGovernanceProjections;
|
|
70
|
+
exports.computeLocalProjectionVersion = computeLocalProjectionVersion;
|
|
71
|
+
const fs = __importStar(require("fs"));
|
|
72
|
+
const path = __importStar(require("path"));
|
|
73
|
+
const crypto = __importStar(require("crypto"));
|
|
74
|
+
const child_process_1 = require("child_process");
|
|
75
|
+
const per_folder_identity_js_1 = require("./per-folder-identity.js");
|
|
76
|
+
const governance_projection_canonical_js_1 = require("../governance/governance-projection-canonical.js");
|
|
77
|
+
const governance_md_renderer_js_1 = require("./governance-md-renderer.js");
|
|
78
|
+
/**
|
|
79
|
+
* Fetch the batch governance projection. Same transport posture as the token
|
|
80
|
+
* fetch in sync.ts: HTTPS via curl, Authorization in a 0600 tmpfile (never on
|
|
81
|
+
* argv), NEVER throws — server unreachable returns {agents:null} and the
|
|
82
|
+
* caller leaves prior files intact (Invariant 2/3).
|
|
83
|
+
*/
|
|
84
|
+
function fetchAgentGovernance(govServerUrl, installToken, timeoutSec = 15) {
|
|
85
|
+
const url = `${govServerUrl.replace(/\/$/, '')}/api/v1/cli/agent-governance`;
|
|
86
|
+
let authTmpFile = null;
|
|
87
|
+
try {
|
|
88
|
+
const tmpDir = process.env['TMPDIR'] || process.env['TMP'] || process.env['TEMP'] || '/tmp';
|
|
89
|
+
const tmpPath = path.join(tmpDir, `gov-proj-auth-${crypto.randomBytes(8).toString('hex')}.hdr`);
|
|
90
|
+
fs.writeFileSync(tmpPath, `Authorization: Bearer ${installToken}\n`, { mode: 0o600 });
|
|
91
|
+
try {
|
|
92
|
+
fs.chmodSync(tmpPath, 0o600);
|
|
93
|
+
}
|
|
94
|
+
catch { /* best-effort on Windows */ }
|
|
95
|
+
authTmpFile = tmpPath;
|
|
96
|
+
}
|
|
97
|
+
catch {
|
|
98
|
+
console.warn('[gov-sync] WARNING: auth tmpfile write failed; falling back to token-on-argv (less secure). Check TMPDIR permissions.');
|
|
99
|
+
authTmpFile = null;
|
|
100
|
+
}
|
|
101
|
+
const authArgs = authTmpFile
|
|
102
|
+
? ['-H', `@${authTmpFile}`]
|
|
103
|
+
: ['-H', `Authorization: Bearer ${installToken}`];
|
|
104
|
+
try {
|
|
105
|
+
const result = (0, child_process_1.spawnSync)('curl', [
|
|
106
|
+
'--silent', '--show-error',
|
|
107
|
+
'--max-time', String(timeoutSec),
|
|
108
|
+
'--connect-timeout', '5',
|
|
109
|
+
'--fail-with-body',
|
|
110
|
+
...authArgs,
|
|
111
|
+
'-H', 'Accept: application/json',
|
|
112
|
+
url,
|
|
113
|
+
], { encoding: 'utf8', timeout: (timeoutSec + 5) * 1000 });
|
|
114
|
+
if (result.status !== 0) {
|
|
115
|
+
const detail = result.stderr?.trim() || `curl exit ${result.status}`;
|
|
116
|
+
return { agents: null, error: `Governance projection fetch failed: ${detail}` };
|
|
117
|
+
}
|
|
118
|
+
if (!result.stdout)
|
|
119
|
+
return { agents: null, error: 'Empty response from server.' };
|
|
120
|
+
let parsed;
|
|
121
|
+
try {
|
|
122
|
+
parsed = JSON.parse(result.stdout);
|
|
123
|
+
}
|
|
124
|
+
catch {
|
|
125
|
+
return { agents: null, error: 'Could not parse governance response as JSON.' };
|
|
126
|
+
}
|
|
127
|
+
const obj = parsed;
|
|
128
|
+
if (typeof obj?.['error'] === 'string')
|
|
129
|
+
return { agents: null, error: `Server error: ${obj['error']}` };
|
|
130
|
+
if (!Array.isArray(obj?.['agents']))
|
|
131
|
+
return { agents: null, error: 'Server response missing agents[].' };
|
|
132
|
+
const agents = [];
|
|
133
|
+
for (const a of obj['agents']) {
|
|
134
|
+
const e = a;
|
|
135
|
+
if (typeof e?.['agentId'] === 'string' &&
|
|
136
|
+
e?.['effectiveGovernance'] && typeof e['effectiveGovernance'] === 'object' &&
|
|
137
|
+
e?.['scoreSummary'] && typeof e['scoreSummary'] === 'object' &&
|
|
138
|
+
typeof e?.['projectionVersion'] === 'string') {
|
|
139
|
+
agents.push({
|
|
140
|
+
agentId: e['agentId'],
|
|
141
|
+
effectiveGovernance: e['effectiveGovernance'],
|
|
142
|
+
scoreSummary: e['scoreSummary'],
|
|
143
|
+
projectionVersion: e['projectionVersion'],
|
|
144
|
+
});
|
|
145
|
+
}
|
|
146
|
+
}
|
|
147
|
+
const staleRaw = obj['staleAfterDays'];
|
|
148
|
+
return {
|
|
149
|
+
agents,
|
|
150
|
+
staleAfterDays: typeof staleRaw === 'number' && Number.isFinite(staleRaw) ? staleRaw : 7,
|
|
151
|
+
};
|
|
152
|
+
}
|
|
153
|
+
catch (err) {
|
|
154
|
+
return { agents: null, error: `Request failed: ${err.message}` };
|
|
155
|
+
}
|
|
156
|
+
finally {
|
|
157
|
+
if (authTmpFile) {
|
|
158
|
+
try {
|
|
159
|
+
fs.unlinkSync(authTmpFile);
|
|
160
|
+
}
|
|
161
|
+
catch { /* best-effort */ }
|
|
162
|
+
}
|
|
163
|
+
}
|
|
164
|
+
}
|
|
165
|
+
const SCHEMA_VERSION = '1.0';
|
|
166
|
+
/** Compose the full governance.json file object for one agent (RFC §3.1). */
|
|
167
|
+
function buildFileObject(input, generatedAt, staleAfter) {
|
|
168
|
+
const policy = (0, governance_projection_canonical_js_1.pickCanonicalPolicyBody)({
|
|
169
|
+
...input.effectiveGovernance,
|
|
170
|
+
agentId: input.agentId,
|
|
171
|
+
});
|
|
172
|
+
const checksum = (0, governance_projection_canonical_js_1.computeProjectionChecksum)(policy);
|
|
173
|
+
return {
|
|
174
|
+
schemaVersion: SCHEMA_VERSION,
|
|
175
|
+
generated: true,
|
|
176
|
+
generatedAt,
|
|
177
|
+
staleAfter,
|
|
178
|
+
effectiveGovernanceVersion: input.projectionVersion,
|
|
179
|
+
...policy,
|
|
180
|
+
score: { ...input.scoreSummary },
|
|
181
|
+
checksum,
|
|
182
|
+
};
|
|
183
|
+
}
|
|
184
|
+
/**
|
|
185
|
+
* Write governance.json + GOVERNANCE.md into each agent's .connexum/ folder.
|
|
186
|
+
* Never throws (Invariant 2): every failure is a per-agent skip + advisory.
|
|
187
|
+
*/
|
|
188
|
+
function writeGovernanceProjections(projectDir, inputs, opts = {}) {
|
|
189
|
+
const warn = opts.warn ?? ((m) => console.warn(m));
|
|
190
|
+
const result = { written: [], unchanged: [], skipped: [] };
|
|
191
|
+
if (inputs.length === 0)
|
|
192
|
+
return result;
|
|
193
|
+
const generatedAt = opts.generatedAt ?? new Date().toISOString();
|
|
194
|
+
const staleDays = Math.min(Math.max(1, Math.floor(opts.staleAfterDays ?? 7)), 30);
|
|
195
|
+
const staleAfter = new Date(Date.parse(generatedAt) + staleDays * 24 * 3600 * 1000).toISOString();
|
|
196
|
+
for (const input of inputs) {
|
|
197
|
+
// Same realpath traversal guard as B1 (Shield S-W2 reuse requirement).
|
|
198
|
+
const guarded = (0, per_folder_identity_js_1.resolveGuardedAgentFolder)(projectDir, input.filePath);
|
|
199
|
+
if (!guarded.folder) {
|
|
200
|
+
result.skipped.push({ agentId: input.agentId, reason: guarded.error ?? 'path-traversal: folder outside project root' });
|
|
201
|
+
warn(`[connexum] governance projection skipped for ${input.agentId}: resolved folder escapes project root (${input.filePath})`);
|
|
202
|
+
continue;
|
|
203
|
+
}
|
|
204
|
+
try {
|
|
205
|
+
const dir = path.join(guarded.folder, '.connexum');
|
|
206
|
+
const jsonFile = path.join(dir, 'governance.json');
|
|
207
|
+
const mdFile = path.join(dir, 'GOVERNANCE.md');
|
|
208
|
+
const fileObj = buildFileObject(input, generatedAt, staleAfter);
|
|
209
|
+
const newChecksum = fileObj['checksum'];
|
|
210
|
+
// Hand-edit / unchanged detection against the existing file (W4/W6).
|
|
211
|
+
let existingPristineChecksum = null;
|
|
212
|
+
if (fs.existsSync(jsonFile)) {
|
|
213
|
+
let handEdited = true;
|
|
214
|
+
try {
|
|
215
|
+
const existing = JSON.parse(fs.readFileSync(jsonFile, 'utf-8'));
|
|
216
|
+
const recomputed = (0, governance_projection_canonical_js_1.computeProjectionChecksum)((0, governance_projection_canonical_js_1.pickCanonicalPolicyBody)(existing));
|
|
217
|
+
if (typeof existing['checksum'] === 'string' && existing['checksum'] === recomputed) {
|
|
218
|
+
handEdited = false;
|
|
219
|
+
existingPristineChecksum = recomputed;
|
|
220
|
+
}
|
|
221
|
+
}
|
|
222
|
+
catch {
|
|
223
|
+
// unparseable ⇒ treat as hand-edited: clobbering an operator's file
|
|
224
|
+
// is the harm the guard exists to prevent.
|
|
225
|
+
}
|
|
226
|
+
if (handEdited) {
|
|
227
|
+
result.skipped.push({ agentId: input.agentId, reason: 'hand-edited: checksum mismatch on existing governance.json' });
|
|
228
|
+
warn(`[connexum] governance.json for ${input.agentId} differs from its recorded checksum — it was edited by hand. Leaving it (and GOVERNANCE.md) untouched. Delete the file and re-run sync to regenerate.`);
|
|
229
|
+
continue;
|
|
230
|
+
}
|
|
231
|
+
}
|
|
232
|
+
// Pristine + same policy ⇒ nothing to do (byte-identical idempotency).
|
|
233
|
+
if (existingPristineChecksum === newChecksum && fs.existsSync(mdFile)) {
|
|
234
|
+
result.unchanged.push(input.agentId);
|
|
235
|
+
continue;
|
|
236
|
+
}
|
|
237
|
+
fs.mkdirSync(dir, { recursive: true });
|
|
238
|
+
// When policy is unchanged but GOVERNANCE.md is missing, re-render from
|
|
239
|
+
// the EXISTING file's timestamps so governance.json stays byte-identical.
|
|
240
|
+
// Stern C-1 (PR #1716 review): the stored score block is OUR write, but
|
|
241
|
+
// guard its shape anyway — a malformed score falls back to the freshly
|
|
242
|
+
// fetched fileObj (json then gets rewritten, which is the safe direction).
|
|
243
|
+
let effective = fileObj;
|
|
244
|
+
if (existingPristineChecksum === newChecksum) {
|
|
245
|
+
const stored = JSON.parse(fs.readFileSync(jsonFile, 'utf-8'));
|
|
246
|
+
const storedScore = stored['score'];
|
|
247
|
+
if (storedScore && typeof storedScore['band'] === 'string' && Array.isArray(storedScore['openFindings'])) {
|
|
248
|
+
effective = stored;
|
|
249
|
+
}
|
|
250
|
+
}
|
|
251
|
+
if (existingPristineChecksum !== newChecksum) {
|
|
252
|
+
atomicWrite(jsonFile, `${JSON.stringify(fileObj, null, 2)}\n`);
|
|
253
|
+
}
|
|
254
|
+
const md = (0, governance_md_renderer_js_1.renderGovernanceMd)({
|
|
255
|
+
policy: (0, governance_projection_canonical_js_1.pickCanonicalPolicyBody)(effective),
|
|
256
|
+
score: effective['score'],
|
|
257
|
+
generatedAt: String(effective['generatedAt']),
|
|
258
|
+
staleAfter: String(effective['staleAfter']),
|
|
259
|
+
effectiveGovernanceVersion: String(effective['effectiveGovernanceVersion']),
|
|
260
|
+
});
|
|
261
|
+
atomicWrite(mdFile, md.endsWith('\n') ? md : `${md}\n`);
|
|
262
|
+
result.written.push(input.agentId);
|
|
263
|
+
}
|
|
264
|
+
catch (err) {
|
|
265
|
+
result.skipped.push({ agentId: input.agentId, reason: `write-failed: ${err.message}` });
|
|
266
|
+
warn(`[connexum] governance projection write failed for ${input.agentId}: ${err.message}`);
|
|
267
|
+
}
|
|
268
|
+
}
|
|
269
|
+
return result;
|
|
270
|
+
}
|
|
271
|
+
/** Atomic non-secret write: temp → rename (POSIX-atomic replace).
|
|
272
|
+
* Shield Condition-2 (PR #1716 review): clear any orphaned .tmp left by a
|
|
273
|
+
* crash between write and rename on a prior run, so .connexum/ never
|
|
274
|
+
* accumulates stale files an operator could mistake for current data. */
|
|
275
|
+
function atomicWrite(file, content) {
|
|
276
|
+
const tmp = `${file}.tmp`;
|
|
277
|
+
try {
|
|
278
|
+
fs.unlinkSync(tmp);
|
|
279
|
+
}
|
|
280
|
+
catch { /* no orphan */ }
|
|
281
|
+
fs.writeFileSync(tmp, content);
|
|
282
|
+
fs.renameSync(tmp, file);
|
|
283
|
+
}
|
|
284
|
+
/**
|
|
285
|
+
* Sanity re-export so callers can verify a projection version locally without
|
|
286
|
+
* importing the canonical module path directly.
|
|
287
|
+
*/
|
|
288
|
+
function computeLocalProjectionVersion(policy) {
|
|
289
|
+
return (0, governance_projection_canonical_js_1.computeProjectionVersion)(policy);
|
|
290
|
+
}
|
|
291
|
+
//# sourceMappingURL=governance-projection-writer.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"governance-projection-writer.js","sourceRoot":"","sources":["../../src/cli/governance-projection-writer.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA+BG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAoCH,oDAiFC;AAuDD,gEA2FC;AAiBD,sEAEC;AAxRD,uCAAyB;AACzB,2CAA6B;AAC7B,+CAAiC;AACjC,iDAA0C;AAE1C,qEAAqE;AACrE,yGAK0D;AAC1D,2EAA0F;AAgB1F;;;;;GAKG;AACH,SAAgB,oBAAoB,CAClC,YAAoB,EACpB,YAAoB,EACpB,UAAU,GAAG,EAAE;IAEf,MAAM,GAAG,GAAG,GAAG,YAAY,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,8BAA8B,CAAC;IAE7E,IAAI,WAAW,GAAkB,IAAI,CAAC;IACtC,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,IAAI,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,IAAI,MAAM,CAAC;QAC5F,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,iBAAiB,MAAM,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;QAChG,EAAE,CAAC,aAAa,CAAC,OAAO,EAAE,yBAAyB,YAAY,IAAI,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;QACtF,IAAI,CAAC;YAAC,EAAE,CAAC,SAAS,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;QAAC,CAAC;QAAC,MAAM,CAAC,CAAC,4BAA4B,CAAC,CAAC;QAC5E,WAAW,GAAG,OAAO,CAAC;IACxB,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,CAAC,IAAI,CAAC,uHAAuH,CAAC,CAAC;QACtI,WAAW,GAAG,IAAI,CAAC;IACrB,CAAC;IAED,MAAM,QAAQ,GAAa,WAAW;QACpC,CAAC,CAAC,CAAC,IAAI,EAAE,IAAI,WAAW,EAAE,CAAC;QAC3B,CAAC,CAAC,CAAC,IAAI,EAAE,yBAAyB,YAAY,EAAE,CAAC,CAAC;IAEpD,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,IAAA,yBAAS,EACtB,MAAM,EACN;YACE,UAAU,EAAE,cAAc;YAC1B,YAAY,EAAE,MAAM,CAAC,UAAU,CAAC;YAChC,mBAAmB,EAAE,GAAG;YACxB,kBAAkB;YAClB,GAAG,QAAQ;YACX,IAAI,EAAE,0BAA0B;YAChC,GAAG;SACJ,EACD,EAAE,QAAQ,EAAE,MAAM,EAAE,OAAO,EAAE,CAAC,UAAU,GAAG,CAAC,CAAC,GAAG,IAAI,EAAE,CACvD,CAAC;QAEF,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACxB,MAAM,MAAM,GAAG,MAAM,CAAC,MAAM,EAAE,IAAI,EAAE,IAAI,aAAa,MAAM,CAAC,MAAM,EAAE,CAAC;YACrE,OAAO,EAAE,MAAM,EAAE,IAAI,EAAE,KAAK,EAAE,uCAAuC,MAAM,EAAE,EAAE,CAAC;QAClF,CAAC;QACD,IAAI,CAAC,MAAM,CAAC,MAAM;YAAE,OAAO,EAAE,MAAM,EAAE,IAAI,EAAE,KAAK,EAAE,6BAA6B,EAAE,CAAC;QAElF,IAAI,MAAe,CAAC;QACpB,IAAI,CAAC;YAAC,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;QAAC,CAAC;QAC3C,MAAM,CAAC;YAAC,OAAO,EAAE,MAAM,EAAE,IAAI,EAAE,KAAK,EAAE,8CAA8C,EAAE,CAAC;QAAC,CAAC;QAEzF,MAAM,GAAG,GAAG,MAAiC,CAAC;QAC9C,IAAI,OAAO,GAAG,EAAE,CAAC,OAAO,CAAC,KAAK,QAAQ;YAAE,OAAO,EAAE,MAAM,EAAE,IAAI,EAAE,KAAK,EAAE,iBAAiB,GAAG,CAAC,OAAO,CAAC,EAAE,EAAE,CAAC;QACxG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,GAAG,EAAE,CAAC,QAAQ,CAAC,CAAC;YAAE,OAAO,EAAE,MAAM,EAAE,IAAI,EAAE,KAAK,EAAE,mCAAmC,EAAE,CAAC;QAEzG,MAAM,MAAM,GAA6B,EAAE,CAAC;QAC5C,KAAK,MAAM,CAAC,IAAI,GAAG,CAAC,QAAQ,CAAc,EAAE,CAAC;YAC3C,MAAM,CAAC,GAAG,CAA4B,CAAC;YACvC,IACE,OAAO,CAAC,EAAE,CAAC,SAAS,CAAC,KAAK,QAAQ;gBAClC,CAAC,EAAE,CAAC,qBAAqB,CAAC,IAAI,OAAO,CAAC,CAAC,qBAAqB,CAAC,KAAK,QAAQ;gBAC1E,CAAC,EAAE,CAAC,cAAc,CAAC,IAAI,OAAO,CAAC,CAAC,cAAc,CAAC,KAAK,QAAQ;gBAC5D,OAAO,CAAC,EAAE,CAAC,mBAAmB,CAAC,KAAK,QAAQ,EAC5C,CAAC;gBACD,MAAM,CAAC,IAAI,CAAC;oBACV,OAAO,EAAE,CAAC,CAAC,SAAS,CAAW;oBAC/B,mBAAmB,EAAE,CAAC,CAAC,qBAAqB,CAAyB;oBACrE,YAAY,EAAE,CAAC,CAAC,cAAc,CAAuB;oBACrD,iBAAiB,EAAE,CAAC,CAAC,mBAAmB,CAAW;iBACpD,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QACD,MAAM,QAAQ,GAAG,GAAG,CAAC,gBAAgB,CAAC,CAAC;QACvC,OAAO;YACL,MAAM;YACN,cAAc,EAAE,OAAO,QAAQ,KAAK,QAAQ,IAAI,MAAM,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC;SACzF,CAAC;IACJ,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,OAAO,EAAE,MAAM,EAAE,IAAI,EAAE,KAAK,EAAE,mBAAoB,GAAa,CAAC,OAAO,EAAE,EAAE,CAAC;IAC9E,CAAC;YAAS,CAAC;QACT,IAAI,WAAW,EAAE,CAAC;YAChB,IAAI,CAAC;gBAAC,EAAE,CAAC,UAAU,CAAC,WAAW,CAAC,CAAC;YAAC,CAAC;YAAC,MAAM,CAAC,CAAC,iBAAiB,CAAC,CAAC;QACjE,CAAC;IACH,CAAC;AACH,CAAC;AA0BD,MAAM,cAAc,GAAG,KAAK,CAAC;AAE7B,6EAA6E;AAC7E,SAAS,eAAe,CACtB,KAAoC,EACpC,WAAmB,EACnB,UAAkB;IAElB,MAAM,MAAM,GAAG,IAAA,4DAAuB,EAAC;QACrC,GAAI,KAAK,CAAC,mBAA0D;QACpE,OAAO,EAAE,KAAK,CAAC,OAAO;KACvB,CAAC,CAAC;IACH,MAAM,QAAQ,GAAG,IAAA,8DAAyB,EAAC,MAAM,CAAC,CAAC;IACnD,OAAO;QACL,aAAa,EAAE,cAAc;QAC7B,SAAS,EAAE,IAAI;QACf,WAAW;QACX,UAAU;QACV,0BAA0B,EAAE,KAAK,CAAC,iBAAiB;QACnD,GAAI,MAA6C;QACjD,KAAK,EAAE,EAAE,GAAI,KAAK,CAAC,YAAmD,EAAE;QACxE,QAAQ;KACT,CAAC;AACJ,CAAC;AAED;;;GAGG;AACH,SAAgB,0BAA0B,CACxC,UAAkB,EAClB,MAAuC,EACvC,OAA0C,EAAE;IAE5C,MAAM,IAAI,GAAG,IAAI,CAAC,IAAI,IAAI,CAAC,CAAC,CAAS,EAAE,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC;IAC3D,MAAM,MAAM,GAAqC,EAAE,OAAO,EAAE,EAAE,EAAE,SAAS,EAAE,EAAE,EAAE,OAAO,EAAE,EAAE,EAAE,CAAC;IAC7F,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,MAAM,CAAC;IAEvC,MAAM,WAAW,GAAG,IAAI,CAAC,WAAW,IAAI,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;IACjE,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,cAAc,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;IAClF,MAAM,UAAU,GAAG,IAAI,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,GAAG,SAAS,GAAG,EAAE,GAAG,IAAI,GAAG,IAAI,CAAC,CAAC,WAAW,EAAE,CAAC;IAElG,KAAK,MAAM,KAAK,IAAI,MAAM,EAAE,CAAC;QAC3B,uEAAuE;QACvE,MAAM,OAAO,GAAG,IAAA,kDAAyB,EAAC,UAAU,EAAE,KAAK,CAAC,QAAQ,CAAC,CAAC;QACtE,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,CAAC;YACpB,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,KAAK,CAAC,OAAO,EAAE,MAAM,EAAE,OAAO,CAAC,KAAK,IAAI,6CAA6C,EAAE,CAAC,CAAC;YACxH,IAAI,CAAC,gDAAgD,KAAK,CAAC,OAAO,2CAA2C,KAAK,CAAC,QAAQ,GAAG,CAAC,CAAC;YAChI,SAAS;QACX,CAAC;QAED,IAAI,CAAC;YACH,MAAM,GAAG,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,WAAW,CAAC,CAAC;YACnD,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,iBAAiB,CAAC,CAAC;YACnD,MAAM,MAAM,GAAG,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,eAAe,CAAC,CAAC;YAC/C,MAAM,OAAO,GAAG,eAAe,CAAC,KAAK,EAAE,WAAW,EAAE,UAAU,CAAC,CAAC;YAChE,MAAM,WAAW,GAAG,OAAO,CAAC,UAAU,CAAW,CAAC;YAElD,qEAAqE;YACrE,IAAI,wBAAwB,GAAkB,IAAI,CAAC;YACnD,IAAI,EAAE,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;gBAC5B,IAAI,UAAU,GAAG,IAAI,CAAC;gBACtB,IAAI,CAAC;oBACH,MAAM,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,YAAY,CAAC,QAAQ,EAAE,OAAO,CAAC,CAA4B,CAAC;oBAC3F,MAAM,UAAU,GAAG,IAAA,8DAAyB,EAAC,IAAA,4DAAuB,EAAC,QAAQ,CAAC,CAAC,CAAC;oBAChF,IAAI,OAAO,QAAQ,CAAC,UAAU,CAAC,KAAK,QAAQ,IAAI,QAAQ,CAAC,UAAU,CAAC,KAAK,UAAU,EAAE,CAAC;wBACpF,UAAU,GAAG,KAAK,CAAC;wBACnB,wBAAwB,GAAG,UAAU,CAAC;oBACxC,CAAC;gBACH,CAAC;gBAAC,MAAM,CAAC;oBACP,oEAAoE;oBACpE,2CAA2C;gBAC7C,CAAC;gBACD,IAAI,UAAU,EAAE,CAAC;oBACf,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,KAAK,CAAC,OAAO,EAAE,MAAM,EAAE,4DAA4D,EAAE,CAAC,CAAC;oBACtH,IAAI,CAAC,kCAAkC,KAAK,CAAC,OAAO,uJAAuJ,CAAC,CAAC;oBAC7M,SAAS;gBACX,CAAC;YACH,CAAC;YAED,uEAAuE;YACvE,IAAI,wBAAwB,KAAK,WAAW,IAAI,EAAE,CAAC,UAAU,CAAC,MAAM,CAAC,EAAE,CAAC;gBACtE,MAAM,CAAC,SAAS,CAAC,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;gBACrC,SAAS;YACX,CAAC;YAED,EAAE,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;YACvC,wEAAwE;YACxE,0EAA0E;YAC1E,wEAAwE;YACxE,uEAAuE;YACvE,2EAA2E;YAC3E,IAAI,SAAS,GAA4B,OAAO,CAAC;YACjD,IAAI,wBAAwB,KAAK,WAAW,EAAE,CAAC;gBAC7C,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,YAAY,CAAC,QAAQ,EAAE,OAAO,CAAC,CAA4B,CAAC;gBACzF,MAAM,WAAW,GAAG,MAAM,CAAC,OAAO,CAAwC,CAAC;gBAC3E,IAAI,WAAW,IAAI,OAAO,WAAW,CAAC,MAAM,CAAC,KAAK,QAAQ,IAAI,KAAK,CAAC,OAAO,CAAC,WAAW,CAAC,cAAc,CAAC,CAAC,EAAE,CAAC;oBACzG,SAAS,GAAG,MAAM,CAAC;gBACrB,CAAC;YACH,CAAC;YAED,IAAI,wBAAwB,KAAK,WAAW,EAAE,CAAC;gBAC7C,WAAW,CAAC,QAAQ,EAAE,GAAG,IAAI,CAAC,SAAS,CAAC,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC;YACjE,CAAC;YACD,MAAM,EAAE,GAAG,IAAA,8CAAkB,EAAC;gBAC5B,MAAM,EAAE,IAAA,4DAAuB,EAAC,SAAS,CAAC;gBAC1C,KAAK,EAAE,SAAS,CAAC,OAAO,CAAuB;gBAC/C,WAAW,EAAE,MAAM,CAAC,SAAS,CAAC,aAAa,CAAC,CAAC;gBAC7C,UAAU,EAAE,MAAM,CAAC,SAAS,CAAC,YAAY,CAAC,CAAC;gBAC3C,0BAA0B,EAAE,MAAM,CAAC,SAAS,CAAC,4BAA4B,CAAC,CAAC;aAC5E,CAAC,CAAC;YACH,WAAW,CAAC,MAAM,EAAE,EAAE,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC;YACxD,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;QACrC,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,KAAK,CAAC,OAAO,EAAE,MAAM,EAAE,iBAAkB,GAAa,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC;YACnG,IAAI,CAAC,qDAAqD,KAAK,CAAC,OAAO,KAAM,GAAa,CAAC,OAAO,EAAE,CAAC,CAAC;QACxG,CAAC;IACH,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;;yEAGyE;AACzE,SAAS,WAAW,CAAC,IAAY,EAAE,OAAe;IAChD,MAAM,GAAG,GAAG,GAAG,IAAI,MAAM,CAAC;IAC1B,IAAI,CAAC;QAAC,EAAE,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC;IAAC,CAAC;IAAC,MAAM,CAAC,CAAC,eAAe,CAAC,CAAC;IACrD,EAAE,CAAC,aAAa,CAAC,GAAG,EAAE,OAAO,CAAC,CAAC;IAC/B,EAAE,CAAC,UAAU,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC;AAC3B,CAAC;AAED;;;GAGG;AACH,SAAgB,6BAA6B,CAAC,MAA4B;IACxE,OAAO,IAAA,6DAAwB,EAAC,MAAM,CAAC,CAAC;AAC1C,CAAC"}
|
package/dist/cli/index.d.ts
CHANGED
|
@@ -193,6 +193,91 @@ export declare function writeGovernanceQuickstart(projectDir: string, packs: str
|
|
|
193
193
|
* Does NOT auto-install. Returns relative path.
|
|
194
194
|
*/
|
|
195
195
|
export declare function writeGovernanceMcpSuggest(projectDir: string, tenantId?: string): string;
|
|
196
|
+
/**
|
|
197
|
+
* Per-agent identity entry written into .governance.json `agents[]`.
|
|
198
|
+
* Each entry maps a locally-scanned agent (identified by localId = DetectedAgent.agentId)
|
|
199
|
+
* to the server-issued identity returned by register-fleet.
|
|
200
|
+
*/
|
|
201
|
+
export interface PerAgentIdentityEntry {
|
|
202
|
+
/** Local scanner id — stable sha256-based 'auto-<12hex>' string. */
|
|
203
|
+
localId: string;
|
|
204
|
+
/** Server-assigned agent UUID. */
|
|
205
|
+
agentId: string;
|
|
206
|
+
/** Provisional passport id — null when PII gate blocked issuance (Invariant 2). */
|
|
207
|
+
passportId: string | null;
|
|
208
|
+
/**
|
|
209
|
+
* Per-agent JWT minted by the server with sub=agent:<agentId>.
|
|
210
|
+
* Null only when JWT_SECRET was absent server-side (advisory, Invariant 2).
|
|
211
|
+
*/
|
|
212
|
+
serviceToken: string | null;
|
|
213
|
+
/** File path (relative to agent scan root) from the local scan. */
|
|
214
|
+
filePath?: string;
|
|
215
|
+
}
|
|
216
|
+
/**
|
|
217
|
+
* Minimal shape returned in registered[] by POST /api/v1/onboarding/register-fleet
|
|
218
|
+
* after the TS-002 server-half landed (commit 74946298).
|
|
219
|
+
*/
|
|
220
|
+
export interface RegisterFleetRegisteredEntry {
|
|
221
|
+
localId?: string;
|
|
222
|
+
agentId: string;
|
|
223
|
+
passportId: string | null;
|
|
224
|
+
serviceToken: string | null;
|
|
225
|
+
}
|
|
226
|
+
/**
|
|
227
|
+
* Minimal local DetectedAgent shape needed to resolve filePath from localId.
|
|
228
|
+
* Only the two fields the identity write cares about.
|
|
229
|
+
*/
|
|
230
|
+
export interface LocalAgentRef {
|
|
231
|
+
agentId: string;
|
|
232
|
+
filePath: string;
|
|
233
|
+
}
|
|
234
|
+
/**
|
|
235
|
+
* TS-002 CLI half — consume the registered[] list returned by register-fleet
|
|
236
|
+
* and write a per-agent identity block into the project's .governance.json.
|
|
237
|
+
*
|
|
238
|
+
* Shape written:
|
|
239
|
+
* ```json
|
|
240
|
+
* {
|
|
241
|
+
* "agents": [
|
|
242
|
+
* { "localId": "auto-...", "agentId": "srv-uuid", "passportId": "pp-...",
|
|
243
|
+
* "serviceToken": "eyJ...", "filePath": "src/agents/billing.py" }
|
|
244
|
+
* ],
|
|
245
|
+
* "runtime": {
|
|
246
|
+
* "agentId": "<first-registered-agentId>",
|
|
247
|
+
* "serviceToken": "<first-registered-serviceToken>",
|
|
248
|
+
* ...rest of existing runtime block
|
|
249
|
+
* }
|
|
250
|
+
* }
|
|
251
|
+
* ```
|
|
252
|
+
*
|
|
253
|
+
* Back-compat guarantee: runtime.agentId + runtime.serviceToken are updated to
|
|
254
|
+
* the first registered agent so the existing audit-logger.sh → /cluster-events
|
|
255
|
+
* push path (which reads these two flat fields) continues to work for the
|
|
256
|
+
* single-agent case. The per-agent `agents[]` array is the source of truth for
|
|
257
|
+
* multi-agent deployments; future per-agent attribution reads from there.
|
|
258
|
+
*
|
|
259
|
+
* Null-passport and null-serviceToken entries are written without throwing
|
|
260
|
+
* (Invariant 2 — advisory, never blocking). A null serviceToken from agent N
|
|
261
|
+
* does NOT overwrite the runtime.serviceToken that was already set.
|
|
262
|
+
*
|
|
263
|
+
* Idempotent: calling twice with the same input upserts by localId — does not
|
|
264
|
+
* duplicate entries.
|
|
265
|
+
*
|
|
266
|
+
* @param projectDir Absolute path to the directory containing .governance.json
|
|
267
|
+
* @param registered Array from register-fleet response.registered[]
|
|
268
|
+
* @param localAgents Locally scanned DetectedAgent list (used to resolve filePath by localId)
|
|
269
|
+
*/
|
|
270
|
+
export declare function writePerAgentIdentities(projectDir: string, registered: RegisterFleetRegisteredEntry[], localAgents: LocalAgentRef[], opts?: {
|
|
271
|
+
/**
|
|
272
|
+
* Scan root relative to projectDir (or absolute when outside it).
|
|
273
|
+
* Persisted as runtime.agentDir so sync passes (per-folder identity Pass-2,
|
|
274
|
+
* write-back governance projections) can resolve agents[].filePath — which
|
|
275
|
+
* is SCAN-ROOT-relative, not project-relative — to real folders. Without
|
|
276
|
+
* this, any install where --agent-dir != projectDir resolved folders
|
|
277
|
+
* against the wrong root.
|
|
278
|
+
*/
|
|
279
|
+
agentDir?: string;
|
|
280
|
+
}): void;
|
|
196
281
|
export declare function nonInteractiveInit(projectDir: string, opts: {
|
|
197
282
|
packs?: string;
|
|
198
283
|
license?: string;
|
package/dist/cli/index.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/cli/index.ts"],"names":[],"mappings":";AACA;;;;;;;;;;;;GAYG;AAMH,OAAO,KAAK,QAAQ,MAAM,UAAU,CAAC;AAIrC,OAAO,EAAsB,KAAK,aAAa,EAAE,MAAM,qBAAqB,CAAC;
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/cli/index.ts"],"names":[],"mappings":";AACA;;;;;;;;;;;;GAYG;AAMH,OAAO,KAAK,QAAQ,MAAM,UAAU,CAAC;AAIrC,OAAO,EAAsB,KAAK,aAAa,EAAE,MAAM,qBAAqB,CAAC;AA4D7E,MAAM,WAAW,wBAAwB;IACvC,EAAE,EAAE,OAAO,CAAC;IACZ,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,gBAAgB,CAAC,EAAE,MAAM,EAAE,CAAC;IAC5B,uBAAuB,CAAC,EAAE,MAAM,CAAC;IACjC,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,WAAW,CAAC,EAAE,OAAO,CAAC;CACvB;AAED;;;GAGG;AACH,wBAAgB,uBAAuB,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAE7D;AAED;;;GAGG;AACH,wBAAsB,kBAAkB,CACtC,UAAU,EAAE,MAAM,EAClB,gBAAgB,SAA6B,GAC5C,OAAO,CAAC,wBAAwB,CAAC,CAwEnC;AAWD;;;GAGG;AACH,wBAAsB,iBAAiB,CACrC,UAAU,EAAE,MAAM,EAClB,IAAI,GAAE;IACJ,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,WAAW,CAAC,EAAE,OAAO,CAAC;IACtB,EAAE,CAAC,EAAE,QAAQ,CAAC,SAAS,CAAC;IACxB,gBAAgB,CAAC,EAAE,MAAM,CAAC;CACtB,GACL,OAAO,CAAC;IAAE,IAAI,EAAE,MAAM,CAAC;IAAC,MAAM,EAAE,KAAK,GAAG,QAAQ,GAAG,MAAM,GAAG,QAAQ,CAAA;CAAE,GAAG,IAAI,CAAC,CA2EhF;AAED;;;GAGG;AACH,wBAAgB,uBAAuB,CAAC,UAAU,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,EAAE,mBAAmB,UAAQ,GAAG,IAAI,CAsBjH;AAmDD,MAAM,MAAM,WAAW,GACnB,aAAa,GACb,QAAQ,GACR,UAAU,GACV,MAAM,GACN,OAAO,GACP,QAAQ,GACR,SAAS,GACT,OAAO,GACP,SAAS,CAAC;AAEd,wBAAgB,SAAS,CAAC,UAAU,EAAE,MAAM,GAAG,WAAW,CA2BzD;AAkBD,UAAU,WAAW;IACnB,IAAI,EAAE,MAAM,GAAG,SAAS,GAAG,cAAc,GAAG,YAAY,CAAC;IACzD,GAAG,EAAE,MAAM,CAAC;IACZ,QAAQ,EAAE,MAAM,CAAC;IACjB,SAAS,EAAE,MAAM,CAAC;IAClB,QAAQ,EAAE,MAAM,EAAE,CAAC;IACnB,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAyDD;;;;;;GAMG;AACH,wBAAgB,qBAAqB,CAAC,GAAG,EAAE,MAAM,GAAG,WAAW,GAAG,IAAI,CAyCrE;AAsBD,MAAM,WAAW,oBAAoB;IACnC,OAAO,EAAE,MAAM,CAAC;IAChB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,OAAO,EAAE,MAAM,CAAC;IAChB,KAAK,EAAE,MAAM,EAAE,CAAC;IAChB,SAAS,EAAE;QACT,OAAO,EAAE,MAAM,EAAE,CAAC;QAClB,OAAO,EAAE,MAAM,EAAE,CAAC;KACnB,CAAC;IACF,KAAK,EAAE;QACL,UAAU,EAAE,MAAM,EAAE,CAAC;QACrB,WAAW,EAAE,MAAM,EAAE,CAAC;KACvB,CAAC;IACF,KAAK,EAAE;QACL,OAAO,EAAE,OAAO,CAAC;QACjB,MAAM,EAAE,MAAM,CAAC;KAChB,CAAC;IACF,UAAU,EAAE;QACV,OAAO,EAAE,OAAO,CAAC;QACjB,SAAS,EAAE,MAAM,CAAC;KACnB,CAAC;IACF,kFAAkF;IAClF,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B;;;;;;;;OAQG;IACH,OAAO,CAAC,EAAE;QACR,YAAY,EAAE,MAAM,CAAC;QACrB,KAAK,EAAE,MAAM,CAAC;QACd,OAAO,EAAE,MAAM,CAAC;QAChB,yEAAyE;QACzE,YAAY,EAAE,MAAM,CAAC;KACtB,CAAC;IACF,SAAS,EAAE,MAAM,CAAC;CACnB;AAED;;;GAGG;AACH,wBAAgB,oBAAoB,CAAC,UAAU,EAAE,MAAM,GAAG,MAAM,CAS/D;AAED,wBAAgB,cAAc,CAC5B,KAAK,EAAE,MAAM,EAAE,EACf,OAAO,EAAE,WAAW,EACpB,gBAAgB,CAAC,EAAE,MAAM,EACzB,OAAO,CAAC,EAAE,oBAAoB,CAAC,SAAS,CAAC,GACxC,oBAAoB,CA8BtB;AAID;;;;;;;;;;;;GAYG;AACH,wBAAgB,oBAAoB,CAAC,UAAU,EAAE,MAAM,GAAG,IAAI,CAgC7D;AAED,wBAAgB,YAAY,CAAC,UAAU,EAAE,MAAM,EAAE,MAAM,EAAE,oBAAoB,GAAG;IAAE,SAAS,EAAE,MAAM,CAAC;IAAC,MAAM,EAAE,MAAM,EAAE,CAAA;CAAE,CA2EtH;AAsFD;;;;;;;;;;;;;;GAcG;AACH,wBAAgB,mBAAmB,CACjC,UAAU,EAAE,MAAM,EAClB,IAAI,GAAE;IAAE,KAAK,CAAC,EAAE,OAAO,CAAA;CAAO,GAC7B;IAAE,YAAY,EAAE,MAAM,CAAC;IAAC,YAAY,EAAE,MAAM,EAAE,CAAC;IAAC,cAAc,EAAE,MAAM,GAAG,IAAI,CAAA;CAAE,CAmLjF;AA6lBD,6EAA6E;AAC7E,MAAM,WAAW,oBAAoB;IACnC,UAAU,EAAE;QACV,aAAa,EAAE,MAAM,EAAE,CAAC;QACxB,QAAQ,EAAE,MAAM,CAAC;QACjB,QAAQ,EAAE,MAAM,CAAC;KAClB,CAAC;IACF,MAAM,EAAE;QAAE,KAAK,EAAE,MAAM,CAAA;KAAE,CAAC;IAC1B,QAAQ,EAAE;QAAE,MAAM,EAAE,MAAM,CAAA;KAAE,CAAC;IAC7B,cAAc,EAAE,MAAM,CAAC;IACvB,WAAW,EAAE,MAAM,CAAC;CACrB;AAED,oFAAoF;AACpF,wBAAgB,wBAAwB,CAAC,UAAU,EAAE,MAAM,GAAG,MAAM,EAAE,CAwFrE;AAED,8FAA8F;AAC9F,wBAAgB,2BAA2B,CAAC,UAAU,EAAE,MAAM,GAAG,MAAM,CAmEtE;AAED;;;GAGG;AACH,wBAAgB,0BAA0B,CAAC,UAAU,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,GAAG,MAAM,CA4CtF;AAED;;;GAGG;AACH,wBAAgB,mBAAmB,CAAC,UAAU,EAAE,MAAM,GAAG,MAAM,CAqC9D;AAED,0EAA0E;AAC1E,wBAAgB,yBAAyB,CAAC,UAAU,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,GAAG,IAAI,CA0DnF;AAED;;;GAGG;AACH,wBAAgB,yBAAyB,CAAC,UAAU,EAAE,MAAM,EAAE,QAAQ,CAAC,EAAE,MAAM,GAAG,MAAM,CAkCvF;AAMD;;;;GAIG;AACH,MAAM,WAAW,qBAAqB;IACpC,oEAAoE;IACpE,OAAO,EAAE,MAAM,CAAC;IAChB,kCAAkC;IAClC,OAAO,EAAE,MAAM,CAAC;IAChB,mFAAmF;IACnF,UAAU,EAAE,MAAM,GAAG,IAAI,CAAC;IAC1B;;;OAGG;IACH,YAAY,EAAE,MAAM,GAAG,IAAI,CAAC;IAC5B,mEAAmE;IACnE,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AAED;;;GAGG;AACH,MAAM,WAAW,4BAA4B;IAC3C,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,OAAO,EAAE,MAAM,CAAC;IAChB,UAAU,EAAE,MAAM,GAAG,IAAI,CAAC;IAC1B,YAAY,EAAE,MAAM,GAAG,IAAI,CAAC;CAC7B;AAED;;;GAGG;AACH,MAAM,WAAW,aAAa;IAC5B,OAAO,EAAE,MAAM,CAAC;IAChB,QAAQ,EAAE,MAAM,CAAC;CAClB;AAED;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAmCG;AACH,wBAAgB,uBAAuB,CACrC,UAAU,EAAE,MAAM,EAClB,UAAU,EAAE,4BAA4B,EAAE,EAC1C,WAAW,EAAE,aAAa,EAAE,EAC5B,IAAI,GAAE;IACJ;;;;;;;OAOG;IACH,QAAQ,CAAC,EAAE,MAAM,CAAC;CACd,GACL,IAAI,CAmEN;AAGD,wBAAsB,kBAAkB,CACtC,UAAU,EAAE,MAAM,EAClB,IAAI,EAAE;IACJ,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,OAAO,CAAC,EAAE,oBAAoB,CAAC,SAAS,CAAC,CAAC;IAC1C,+EAA+E;IAC/E,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB,GACA,OAAO,CAAC,IAAI,CAAC,CAmEf;AAuED;;;;;;;;;;;GAWG;AACH;;;;;;;;;;;;;;;;;;;;;;;;;;GA0BG;AACH,MAAM,WAAW,oBAAoB;IACnC,QAAQ,EAAE,MAAM,CAAC;IACjB,UAAU,EAAE,MAAM,CAAC;IACnB,SAAS,EAAE,MAAM,CAAC;IAClB,UAAU,EAAE,MAAM,GAAG,IAAI,CAAC;IAC1B,MAAM,EAAE,OAAO,CAAC;IAChB,YAAY,EAAE,MAAM,CAAC;IACrB,aAAa,EAAE,MAAM,CAAC;IACtB,aAAa,EAAE,KAAK,CAAC;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,OAAO,EAAE,MAAM,CAAC;QAAC,MAAM,EAAE,SAAS,GAAG,UAAU,GAAG,cAAc,CAAA;KAAE,CAAC,CAAC;IACzG,MAAM,EAAE,KAAK,CAAC;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,KAAK,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;CAChD;AAED,wBAAgB,cAAc,CAAC,IAAI,EAAE;IACnC,QAAQ,EAAE,MAAM,CAAC;IACjB,UAAU,EAAE,MAAM,CAAC;IACnB,UAAU,EAAE,MAAM,GAAG,IAAI,CAAC;IAC1B,MAAM,EAAE,OAAO,CAAC;IAChB,GAAG,CAAC,EAAE,IAAI,CAAC;CACZ,GAAG,oBAAoB,CA0DvB;AAED,wBAAgB,WAAW,CAAC,MAAM,EAAE,MAAM,EAAE,UAAU,EAAE,OAAO,GAAG,IAAI,CA6QrE;AA6JD;;;;;;;;;;GAUG;AACH,wBAAgB,yBAAyB,CACvC,QAAQ,EAAE,MAAM,EAChB,cAAc,EAAE,aAAa,EAAE,EAC/B,UAAU,EAAE,MAAM,GACjB,IAAI,CA0GN"}
|