@cotal-ai/core 0.4.0 → 0.6.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (45) hide show
  1. package/dist/acls.d.ts +45 -0
  2. package/dist/acls.d.ts.map +1 -0
  3. package/dist/acls.js +86 -0
  4. package/dist/acls.js.map +1 -0
  5. package/dist/agent-file.d.ts +7 -0
  6. package/dist/agent-file.d.ts.map +1 -1
  7. package/dist/agent-file.js +29 -2
  8. package/dist/agent-file.js.map +1 -1
  9. package/dist/channels.d.ts +13 -2
  10. package/dist/channels.d.ts.map +1 -1
  11. package/dist/channels.js +24 -1
  12. package/dist/channels.js.map +1 -1
  13. package/dist/command.d.ts +3 -0
  14. package/dist/command.d.ts.map +1 -1
  15. package/dist/endpoint.d.ts +341 -61
  16. package/dist/endpoint.d.ts.map +1 -1
  17. package/dist/endpoint.js +1178 -205
  18. package/dist/endpoint.js.map +1 -1
  19. package/dist/index.d.ts +3 -0
  20. package/dist/index.d.ts.map +1 -1
  21. package/dist/index.js +3 -0
  22. package/dist/index.js.map +1 -1
  23. package/dist/lease.d.ts +40 -0
  24. package/dist/lease.d.ts.map +1 -0
  25. package/dist/lease.js +64 -0
  26. package/dist/lease.js.map +1 -0
  27. package/dist/members.d.ts +93 -0
  28. package/dist/members.d.ts.map +1 -0
  29. package/dist/members.js +193 -0
  30. package/dist/members.js.map +1 -0
  31. package/dist/provision.d.ts +38 -13
  32. package/dist/provision.d.ts.map +1 -1
  33. package/dist/provision.js +121 -17
  34. package/dist/provision.js.map +1 -1
  35. package/dist/streams.d.ts +48 -23
  36. package/dist/streams.d.ts.map +1 -1
  37. package/dist/streams.js +101 -32
  38. package/dist/streams.js.map +1 -1
  39. package/dist/subjects.d.ts +85 -4
  40. package/dist/subjects.d.ts.map +1 -1
  41. package/dist/subjects.js +134 -4
  42. package/dist/subjects.js.map +1 -1
  43. package/dist/types.d.ts +128 -5
  44. package/dist/types.d.ts.map +1 -1
  45. package/package.json +2 -2
package/dist/members.js ADDED
@@ -0,0 +1,193 @@
1
+ /**
2
+ * Durable-membership registry — read/write helpers over the per-space members KV bucket
3
+ * (`cotal_members_<space>`). One {@link MembershipRecord} per (concrete channel, owner) under
4
+ * {@link memberKey}. This is the Plane-3 source of truth for `channelMembers()` and the fan-out's
5
+ * member list, **moved off JetStream consumer topology** (core-sub joins create no consumer to
6
+ * enumerate — the migration trap).
7
+ *
8
+ * Writes are **privileged** (the manager / open-mode self-write); agent-authored membership is
9
+ * forbidden — it would self-authorize durable-backstop delivery + reads. Every write is guarded
10
+ * two ways: a **generation** monotonicity check (a stale control reply with an older generation is
11
+ * rejected, so it can't clobber a newer tombstone or rejoin) and a KV **revision CAS** (a concurrent
12
+ * same-generation write is retried against the fresh revision). Eligibility is always by CHAT stream
13
+ * **sequence** (`joinCursor`/`leaveCursor`), never wall-clock.
14
+ */
15
+ import { Kvm } from "@nats-io/kv";
16
+ import { membersBucket, memberKey, parseMemberKey } from "./subjects.js";
17
+ /** Thrown when a write would regress membership generation — a stale/late control reply. Callers
18
+ * treat this as "a newer membership change already won", not an error to retry. */
19
+ export class StaleMembershipWrite extends Error {
20
+ constructor(channel, owner, attempted, current) {
21
+ super(`stale membership write for ${channel}/${owner}: generation ${attempted} < current ${current}`);
22
+ this.name = "StaleMembershipWrite";
23
+ }
24
+ }
25
+ /** Open the members registry bucket. Auth mode OPENs the bucket pre-created at `cotal up`; open dev
26
+ * mode lazily CREATEs it. Mirrors {@link openChannelRegistry}. */
27
+ export async function openMembersRegistry(nc, space, opts = {}) {
28
+ const kvm = new Kvm(nc);
29
+ return opts.create ? kvm.create(membersBucket(space)) : kvm.open(membersBucket(space));
30
+ }
31
+ /** Read one membership record (incl. a tombstone — `leaveCursor` set), or undefined if no record /
32
+ * the key was deleted. The CAS revision is returned alongside so a caller can do its own
33
+ * read-modify-write; most callers use {@link commitMember}/{@link tombstoneMember} instead. */
34
+ export async function readMember(kv, channel, owner) {
35
+ const e = await kv.get(memberKey(channel, owner));
36
+ if (!e || e.operation === "DEL" || e.operation === "PURGE")
37
+ return undefined;
38
+ try {
39
+ return { record: e.json(), revision: e.revision };
40
+ }
41
+ catch {
42
+ return undefined;
43
+ }
44
+ }
45
+ /**
46
+ * Commit a membership record with the generation guard + revision CAS. `next` is the full intended
47
+ * record (the caller has already validated the channel ⊆ ACL, concrete, etc.). Returns the committed
48
+ * record. Throws {@link StaleMembershipWrite} if `next.generation` is older than what's stored.
49
+ * Retries a revision conflict (a concurrent same-or-newer write) by re-reading; if the re-read shows
50
+ * a newer generation, that surfaces as `StaleMembershipWrite` too — last writer by generation wins,
51
+ * deterministically.
52
+ */
53
+ export async function commitMember(kv, next) {
54
+ const key = memberKey(next.channel, next.owner);
55
+ const data = new TextEncoder().encode(JSON.stringify(next));
56
+ for (let attempt = 0; attempt < 5; attempt++) {
57
+ const cur = await readMember(kv, next.channel, next.owner);
58
+ if (!cur) {
59
+ try {
60
+ await kv.create(key, data);
61
+ return next;
62
+ }
63
+ catch {
64
+ continue; // lost the create race — re-read and try as an update
65
+ }
66
+ }
67
+ if (next.generation < cur.record.generation)
68
+ throw new StaleMembershipWrite(next.channel, next.owner, next.generation, cur.record.generation);
69
+ try {
70
+ await kv.update(key, data, cur.revision);
71
+ return next;
72
+ }
73
+ catch {
74
+ continue; // revision moved under us — re-read and retry (generation guard re-checks)
75
+ }
76
+ }
77
+ throw new Error(`members CAS exhausted retries for ${key}`);
78
+ }
79
+ /**
80
+ * Tombstone a membership at `leaveCursor` (leave). Reads the current record and writes it back with
81
+ * `leaveCursor` set + `state: "live-confirmed"` (the durable backstop is closed), keeping its
82
+ * generation — so a later rejoin (a NEWER generation) wins, and a stale leave reply (an OLDER
83
+ * generation than what's stored, e.g. the agent already rejoined) is rejected. A no-op if there is
84
+ * no record (already gone) or it is already tombstoned at/below this cursor.
85
+ */
86
+ export async function tombstoneMember(kv, channel, owner, leaveCursor, writerIdentity, expectedGeneration) {
87
+ const cur = await readMember(kv, channel, owner);
88
+ if (!cur)
89
+ return undefined;
90
+ // Stale-leave guard: a leave is for the generation the agent joined with (`expectedGeneration`,
91
+ // captured at durableJoin). If the record has since moved to a NEWER generation — the agent left
92
+ // and REJOINED — this stale leave must NOT tombstone the rejoin (it would durable-disable a live
93
+ // membership). Refuse it. (Same intent as the generation guard in commitMember, but a leave reads
94
+ // the current record so it needs the caller's expected generation to detect the rejoin.)
95
+ if (expectedGeneration !== undefined && cur.record.generation !== expectedGeneration)
96
+ throw new StaleMembershipWrite(channel, owner, expectedGeneration, cur.record.generation);
97
+ if (cur.record.leaveCursor !== undefined && cur.record.leaveCursor <= leaveCursor)
98
+ return cur.record; // already left at/before this cursor
99
+ const next = {
100
+ ...cur.record,
101
+ state: "live-confirmed",
102
+ leaveCursor,
103
+ writerIdentity,
104
+ updatedAt: Date.now(),
105
+ };
106
+ return commitMember(kv, next);
107
+ }
108
+ /**
109
+ * Complete an activation: flip a pending join (generation `expectedGeneration`, `joinCursor` =
110
+ * `expectedJoinCursor`, `activated:false`, open) to `activated:true`. ATOMIC via revision CAS, and
111
+ * REFUSES (returns undefined) if the record is no longer that exact open pending join — a concurrent
112
+ * SAME-generation LEAVE (tombstone) or a rejoin could have superseded it while catch-up ran. This is the
113
+ * guard {@link commitMember}'s generation check can't provide: a same-generation activation write would
114
+ * otherwise CLOBBER a same-generation tombstone (clear its `leaveCursor`, resurrect the membership) and
115
+ * reopen the SPEC §7 leave boundary. Idempotent: an already-activated open record at the same generation
116
+ * is returned unchanged.
117
+ */
118
+ export async function activateMember(kv, channel, owner, expectedGeneration, expectedJoinCursor) {
119
+ const key = memberKey(channel, owner);
120
+ for (let attempt = 0; attempt < 5; attempt++) {
121
+ const cur = await readMember(kv, channel, owner);
122
+ if (!cur)
123
+ return undefined; // record gone
124
+ const r = cur.record;
125
+ // Only flip OUR exact open pending join. A different generation (rejoin), a different joinCursor, or
126
+ // a set leaveCursor (a SAME-generation leave that tombstoned while catch-up ran) ⇒ superseded: refuse.
127
+ if (r.generation !== expectedGeneration || r.joinCursor !== expectedJoinCursor || r.leaveCursor !== undefined)
128
+ return undefined;
129
+ if (r.activated)
130
+ return r; // already flipped — idempotent
131
+ const next = { ...r, activated: true, updatedAt: Date.now() };
132
+ try {
133
+ await kv.update(key, new TextEncoder().encode(JSON.stringify(next)), cur.revision);
134
+ return next;
135
+ }
136
+ catch {
137
+ continue; // revision moved under us (a concurrent leave/rejoin) — re-read and re-check
138
+ }
139
+ }
140
+ return undefined; // CAS kept losing to concurrent writes — treat as superseded (honest degrade)
141
+ }
142
+ /** Permanently remove a membership record (GC / footprint deletion — revocation deletes the footprint
143
+ * AFTER invalidating creds). Distinct from {@link tombstoneMember}, which keeps the record so late
144
+ * durable entries are denied by the cursor; only call this past the retention horizon. */
145
+ export async function deleteMember(kv, channel, owner) {
146
+ await kv.purge(memberKey(channel, owner));
147
+ }
148
+ /**
149
+ * Scan the registry, yielding every live (non-deleted) record matching the filter. `channel` →
150
+ * that channel's members (fan-out's per-channel list); `owner` → that owner's memberships. With no
151
+ * filter, every record. MVP does a full `keys()` scan + per-key get + in-code filter — correct and
152
+ * fine at local scale; a derived channel→members index is the deferred web-scale optimization
153
+ * (the registry stays the single canonical source). Tombstones (with `leaveCursor`) ARE yielded —
154
+ * a caller that wants only currently-open memberships filters on `leaveCursor === undefined`.
155
+ */
156
+ export async function listMembers(kv, filter = {}) {
157
+ const out = [];
158
+ for await (const key of await kv.keys()) {
159
+ const parsed = parseMemberKey(key);
160
+ if (!parsed)
161
+ continue;
162
+ if (filter.channel !== undefined && parsed.channel !== filter.channel)
163
+ continue;
164
+ if (filter.owner !== undefined && parsed.owner !== filter.owner)
165
+ continue;
166
+ const rec = await readMember(kv, parsed.channel, parsed.owner);
167
+ if (rec)
168
+ out.push(rec.record);
169
+ }
170
+ return out;
171
+ }
172
+ /** True if a record makes the owner an **eligible durable recipient** for a CHAT message at `seq`:
173
+ * the membership interval `joinCursor < seq <= leaveCursor` (open leave ⇒ no upper bound). The single
174
+ * interval rule shared by fan-out routing and the trusted reader's re-auth (SPEC §7 L355-356) so they
175
+ * can't drift. A tombstone stays interval-eligible for its PRE-leave window (`seq <= leaveCursor`) —
176
+ * "leave is a hard read boundary" is the leaveCursor cutoff, not a drop of in-interval entries.
177
+ *
178
+ * This is a pure DELIVERY predicate, deliberately INDEPENDENT of `activated`. `activated` is a
179
+ * COMPLETENESS/reporting flag (it gates `durableJoin`'s return value + `channelMembers`), NOT a
180
+ * delivery gate: a `durable-active` record is committed `activated:false` and routes in-interval
181
+ * *immediately* so no live message published during activation catch-up is lost — only the *report*
182
+ * (durable:true / member listing) waits for the catch-up to confirm. Gating delivery on `activated`
183
+ * instead dropped the very catch-up + post-fence messages activation exists to deliver (the
184
+ * activation race): the trusted reader ack-dropped catch-up dinbox entries and fan-out skipped
185
+ * post-fence/pre-activation messages, both before the flip. */
186
+ export function durableEligible(rec, seq) {
187
+ if (seq <= rec.joinCursor)
188
+ return false;
189
+ if (rec.leaveCursor !== undefined && seq > rec.leaveCursor)
190
+ return false;
191
+ return true;
192
+ }
193
+ //# sourceMappingURL=members.js.map
package/dist/members.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"members.js","sourceRoot":"","sources":["../src/members.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AACH,OAAO,EAAE,GAAG,EAAW,MAAM,aAAa,CAAC;AAC3C,OAAO,EAAE,aAAa,EAAE,SAAS,EAAE,cAAc,EAAE,MAAM,eAAe,CAAC;AAGzE;oFACoF;AACpF,MAAM,OAAO,oBAAqB,SAAQ,KAAK;IAC7C,YAAY,OAAe,EAAE,KAAa,EAAE,SAAiB,EAAE,OAAe;QAC5E,KAAK,CACH,8BAA8B,OAAO,IAAI,KAAK,gBAAgB,SAAS,cAAc,OAAO,EAAE,CAC/F,CAAC;QACF,IAAI,CAAC,IAAI,GAAG,sBAAsB,CAAC;IACrC,CAAC;CACF;AAED;mEACmE;AACnE,MAAM,CAAC,KAAK,UAAU,mBAAmB,CACvC,EAAoD,EACpD,KAAa,EACb,OAA6B,EAAE;IAE/B,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,EAAE,CAAC,CAAC;IACxB,OAAO,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,aAAa,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,IAAI,CAAC,aAAa,CAAC,KAAK,CAAC,CAAC,CAAC;AACzF,CAAC;AAED;;gGAEgG;AAChG,MAAM,CAAC,KAAK,UAAU,UAAU,CAC9B,EAAM,EACN,OAAe,EACf,KAAa;IAEb,MAAM,CAAC,GAAG,MAAM,EAAE,CAAC,GAAG,CAAC,SAAS,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC,CAAC;IAClD,IAAI,CAAC,CAAC,IAAI,CAAC,CAAC,SAAS,KAAK,KAAK,IAAI,CAAC,CAAC,SAAS,KAAK,OAAO;QAAE,OAAO,SAAS,CAAC;IAC7E,IAAI,CAAC;QACH,OAAO,EAAE,MAAM,EAAE,CAAC,CAAC,IAAI,EAAoB,EAAE,QAAQ,EAAE,CAAC,CAAC,QAAQ,EAAE,CAAC;IACtE,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,SAAS,CAAC;IACnB,CAAC;AACH,CAAC;AAED;;;;;;;GAOG;AACH,MAAM,CAAC,KAAK,UAAU,YAAY,CAAC,EAAM,EAAE,IAAsB;IAC/D,MAAM,GAAG,GAAG,SAAS,CAAC,IAAI,CAAC,OAAO,EAAE,IAAI,CAAC,KAAK,CAAC,CAAC;IAChD,MAAM,IAAI,GAAG,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC;IAC5D,KAAK,IAAI,OAAO,GAAG,CAAC,EAAE,OAAO,GAAG,CAAC,EAAE,OAAO,EAAE,EAAE,CAAC;QAC7C,MAAM,GAAG,GAAG,MAAM,UAAU,CAAC,EAAE,EAAE,IAAI,CAAC,OAAO,EAAE,IAAI,CAAC,KAAK,CAAC,CAAC;QAC3D,IAAI,CAAC,GAAG,EAAE,CAAC;YACT,IAAI,CAAC;gBACH,MAAM,EAAE,CAAC,MAAM,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC;gBAC3B,OAAO,IAAI,CAAC;YACd,CAAC;YAAC,MAAM,CAAC;gBACP,SAAS,CAAC,sDAAsD;YAClE,CAAC;QACH,CAAC;QACD,IAAI,IAAI,CAAC,UAAU,GAAG,GAAG,CAAC,MAAM,CAAC,UAAU;YACzC,MAAM,IAAI,oBAAoB,CAAC,IAAI,CAAC,OAAO,EAAE,IAAI,CAAC,KAAK,EAAE,IAAI,CAAC,UAAU,EAAE,GAAG,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC;QACnG,IAAI,CAAC;YACH,MAAM,EAAE,CAAC,MAAM,CAAC,GAAG,EAAE,IAAI,EAAE,GAAG,CAAC,QAAQ,CAAC,CAAC;YACzC,OAAO,IAAI,CAAC;QACd,CAAC;QAAC,MAAM,CAAC;YACP,SAAS,CAAC,2EAA2E;QACvF,CAAC;IACH,CAAC;IACD,MAAM,IAAI,KAAK,CAAC,qCAAqC,GAAG,EAAE,CAAC,CAAC;AAC9D,CAAC;AAED;;;;;;GAMG;AACH,MAAM,CAAC,KAAK,UAAU,eAAe,CACnC,EAAM,EACN,OAAe,EACf,KAAa,EACb,WAAmB,EACnB,cAAsB,EACtB,kBAA2B;IAE3B,MAAM,GAAG,GAAG,MAAM,UAAU,CAAC,EAAE,EAAE,OAAO,EAAE,KAAK,CAAC,CAAC;IACjD,IAAI,CAAC,GAAG;QAAE,OAAO,SAAS,CAAC;IAC3B,gGAAgG;IAChG,iGAAiG;IACjG,iGAAiG;IACjG,kGAAkG;IAClG,yFAAyF;IACzF,IAAI,kBAAkB,KAAK,SAAS,IAAI,GAAG,CAAC,MAAM,CAAC,UAAU,KAAK,kBAAkB;QAClF,MAAM,IAAI,oBAAoB,CAAC,OAAO,EAAE,KAAK,EAAE,kBAAkB,EAAE,GAAG,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC;IAC5F,IAAI,GAAG,CAAC,MAAM,CAAC,WAAW,KAAK,SAAS,IAAI,GAAG,CAAC,MAAM,CAAC,WAAW,IAAI,WAAW;QAC/E,OAAO,GAAG,CAAC,MAAM,CAAC,CAAC,qCAAqC;IAC1D,MAAM,IAAI,GAAqB;QAC7B,GAAG,GAAG,CAAC,MAAM;QACb,KAAK,EAAE,gBAAgB;QACvB,WAAW;QACX,cAAc;QACd,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;KACtB,CAAC;IACF,OAAO,YAAY,CAAC,EAAE,EAAE,IAAI,CAAC,CAAC;AAChC,CAAC;AAED;;;;;;;;;GASG;AACH,MAAM,CAAC,KAAK,UAAU,cAAc,CAClC,EAAM,EACN,OAAe,EACf,KAAa,EACb,kBAA0B,EAC1B,kBAA0B;IAE1B,MAAM,GAAG,GAAG,SAAS,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;IACtC,KAAK,IAAI,OAAO,GAAG,CAAC,EAAE,OAAO,GAAG,CAAC,EAAE,OAAO,EAAE,EAAE,CAAC;QAC7C,MAAM,GAAG,GAAG,MAAM,UAAU,CAAC,EAAE,EAAE,OAAO,EAAE,KAAK,CAAC,CAAC;QACjD,IAAI,CAAC,GAAG;YAAE,OAAO,SAAS,CAAC,CAAC,cAAc;QAC1C,MAAM,CAAC,GAAG,GAAG,CAAC,MAAM,CAAC;QACrB,qGAAqG;QACrG,uGAAuG;QACvG,IAAI,CAAC,CAAC,UAAU,KAAK,kBAAkB,IAAI,CAAC,CAAC,UAAU,KAAK,kBAAkB,IAAI,CAAC,CAAC,WAAW,KAAK,SAAS;YAC3G,OAAO,SAAS,CAAC;QACnB,IAAI,CAAC,CAAC,SAAS;YAAE,OAAO,CAAC,CAAC,CAAC,+BAA+B;QAC1D,MAAM,IAAI,GAAqB,EAAE,GAAG,CAAC,EAAE,SAAS,EAAE,IAAI,EAAE,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE,EAAE,CAAC;QAChF,IAAI,CAAC;YACH,MAAM,EAAE,CAAC,MAAM,CAAC,GAAG,EAAE,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,EAAE,GAAG,CAAC,QAAQ,CAAC,CAAC;YACnF,OAAO,IAAI,CAAC;QACd,CAAC;QAAC,MAAM,CAAC;YACP,SAAS,CAAC,6EAA6E;QACzF,CAAC;IACH,CAAC;IACD,OAAO,SAAS,CAAC,CAAC,8EAA8E;AAClG,CAAC;AAED;;2FAE2F;AAC3F,MAAM,CAAC,KAAK,UAAU,YAAY,CAAC,EAAM,EAAE,OAAe,EAAE,KAAa;IACvE,MAAM,EAAE,CAAC,KAAK,CAAC,SAAS,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC,CAAC;AAC5C,CAAC;AAED;;;;;;;GAOG;AACH,MAAM,CAAC,KAAK,UAAU,WAAW,CAC/B,EAAM,EACN,SAA+C,EAAE;IAEjD,MAAM,GAAG,GAAuB,EAAE,CAAC;IACnC,IAAI,KAAK,EAAE,MAAM,GAAG,IAAI,MAAM,EAAE,CAAC,IAAI,EAAE,EAAE,CAAC;QACxC,MAAM,MAAM,GAAG,cAAc,CAAC,GAAG,CAAC,CAAC;QACnC,IAAI,CAAC,MAAM;YAAE,SAAS;QACtB,IAAI,MAAM,CAAC,OAAO,KAAK,SAAS,IAAI,MAAM,CAAC,OAAO,KAAK,MAAM,CAAC,OAAO;YAAE,SAAS;QAChF,IAAI,MAAM,CAAC,KAAK,KAAK,SAAS,IAAI,MAAM,CAAC,KAAK,KAAK,MAAM,CAAC,KAAK;YAAE,SAAS;QAC1E,MAAM,GAAG,GAAG,MAAM,UAAU,CAAC,EAAE,EAAE,MAAM,CAAC,OAAO,EAAE,MAAM,CAAC,KAAK,CAAC,CAAC;QAC/D,IAAI,GAAG;YAAE,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;IAChC,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AAED;;;;;;;;;;;;;gEAagE;AAChE,MAAM,UAAU,eAAe,CAAC,GAAqB,EAAE,GAAW;IAChE,IAAI,GAAG,IAAI,GAAG,CAAC,UAAU;QAAE,OAAO,KAAK,CAAC;IACxC,IAAI,GAAG,CAAC,WAAW,KAAK,SAAS,IAAI,GAAG,GAAG,GAAG,CAAC,WAAW;QAAE,OAAO,KAAK,CAAC;IACzE,OAAO,IAAI,CAAC;AACd,CAAC"}
package/dist/provision.d.ts CHANGED
@@ -3,7 +3,7 @@ import type { Identity } from "./identity.js";
3
3
  * scope each one — at which point the manager MUST already hold its own privileged
4
4
  * profile (broad: pre-create others' DM durables, serve ctl), not "agent", or it
5
5
  * silently loses those powers the moment "agent" is tightened. */
6
- export type Profile = "agent" | "observer" | "admin" | "manager";
6
+ export type Profile = "agent" | "observer" | "admin" | "manager" | "delivery";
7
7
  /** A space's persisted trust material. The `signingSeed` is the sensitive provisioner
8
8
  * secret; everything else is public (JWTs) or recoverable. */
9
9
  export interface SpaceAuth {
@@ -41,9 +41,8 @@ export interface MintOpts {
41
41
  * by the caller). Minted as per-channel single-filter history-consumer create grants
42
42
  * (`CONSUMER.CREATE.<CHAT>.<chathist_id>.<chat.*.ch>`) — the broker boundary on chat **history**
43
43
  * reads (join-backfill / focus-recall). Each is run through the chat-subject builder so a
44
- * wildcard subtree `team.>` becomes `chat.*.team.>`. Defaults to `["general"]`. The live tail's
45
- * filter (the active `subscribe` set) is pinned separately by the privileged
46
- * {@link DurableProvisioner.provisionChatDurable} pre-create, never here. */
44
+ * wildcard subtree `team.>` becomes `chat.*.team.>`. Defaults to `["general"]`. The live read is the
45
+ * agent's own native `sub.allow` over `chat.*.<channel>` (also minted from this list, below). */
47
46
  allowSubscribe?: string[];
48
47
  /** Post ACL — channels an "agent" may publish to (the agent file's `allowPublish`, already
49
48
  * resolved by the caller). Each becomes a `chat.<id>.<ch>` publish grant. **Default-deny**:
@@ -58,24 +57,50 @@ export interface MintOpts {
58
57
  * publish to the privileged control subject (start/purge/definePersona/named stop).
59
58
  * Default-deny when absent — nats-server rejects the publish, no handler involved. */
60
59
  capabilities?: string[];
60
+ /** Delivery-daemon shard seam (`delivery` profile only). N=1 is the only operating mode; these do
61
+ * not change permissions in this build (the daemon owns the whole space at N=1). Present so the
62
+ * N>1 follow-up is a small diff. Default `{0,1}`. */
63
+ shard?: number;
64
+ shards?: number;
61
65
  }
62
66
  /** Options for {@link provisionAgent} — {@link MintOpts} plus the active read set. */
63
67
  export interface ProvisionOpts extends MintOpts {
64
- /** The active read set: pre-created as the live chat durable's `filter_subjects` (the channels
65
- * the agent actually subscribes to at boot). Must be `allowSubscribe`. Defaults to `["general"]`. */
68
+ /** The active read set: the channels the agent subscribes to (live core-sub) at boot, and whose
69
+ * `durable`-class ones the agent self-joins for a Plane-3 backstop at connect (via the delivery
70
+ * daemon). Must be ⊆ `allowSubscribe`. Defaults to `["general"]`. */
66
71
  subscribe?: string[];
72
+ /** Record this agent's read ACL so it can participate in durable delivery (default true). A durable
73
+ * backstop needs the agent's read ACL in the registry — the server-side delivery daemon re-authorizes
74
+ * every durable entry against it — written here at provision. Set FALSE for a LIVE-ONLY launcher
75
+ * (e.g. a direct foreground `cotal spawn` with no durable intent): no ACL row is written, so the daemon
76
+ * refuses to authorize a durable backstop and the agent stays live-only. Boot durable MEMBERSHIP itself
77
+ * is not written here — the agent self-joins its durable channels via the daemon's `ctl.delivery` op at
78
+ * connect. */
79
+ durableMembership?: boolean;
67
80
  }
68
- /** The privileged onboarding ops a launcher needs — implemented by a connected, permissive
69
- * endpoint (the manager, or a short-lived provisioner that `cotal spawn` opens). */
81
+ /** The privileged onboarding ops a launcher needs at spawn — implemented by a connected, permissive
82
+ * endpoint (the manager at `cotal start`/`cotal up`, or a short-lived provisioner that `cotal spawn`
83
+ * opens). It pre-creates the agent's own mailboxes and records its read ACL; it does NOT host Plane-3
84
+ * delivery (that is the server-side delivery daemon). */
70
85
  export interface DurableProvisioner {
71
- /** Pre-create the agent's bind-only chat live-tail durable, filtered to `subscribe`. */
72
- provisionChatDurable(id: string, subscribe: string[]): Promise<void>;
73
86
  provisionDmInbox(id: string): Promise<void>;
87
+ /** Pre-create the agent's bind-only Plane-3 DELIVER durable (`dlv_<id>`, filtered to `dlv.<id>`) so
88
+ * it can BIND its per-member durable handoff without holding CONSUMER.CREATE on the DLV stream. */
89
+ provisionDlvInbox(id: string): Promise<void>;
90
+ /** Record the agent's read ACL (`allowSubscribe`) in the durable ACL registry — the same act as
91
+ * baking it into the JWT, persisted so the **server-side delivery daemon** can re-authorize the
92
+ * agent's durable entries and validate its runtime durable-joins (it holds no in-memory ledger).
93
+ * Replaces the old manager-written boot membership: boot durable membership is now the agent
94
+ * SELF-JOINING its durable channels via the daemon's `ctl.delivery` op at connect. */
95
+ commitAcl(id: string, allowSubscribe: string[]): Promise<void>;
74
96
  provisionTaskQueue(role: string): Promise<void>;
75
97
  }
76
- /** Onboard an agent for launch (auth mode): pre-create its bind-only chat (+ DM + role TASK)
77
- * durables and mint its scoped creds. The single shared step so every launcher — the manager and
78
- * `cotal spawn` alike provisions identically (manager not special). */
98
+ /** Onboard an agent for launch (auth mode): pre-create its bind-only DM (+ Plane-3 DELIVER + role
99
+ * TASK) durables, RECORD its read ACL in the durable registry (unless `durableMembership:false`), and
100
+ * mint its scoped creds. Live delivery is the agent's own core subscription — there is no per-instance
101
+ * chat durable. Boot durable MEMBERSHIP is not written here: the agent self-joins its durable channels
102
+ * via the server-side delivery daemon's `ctl.delivery` op at connect. A live-only launcher
103
+ * (`durableMembership:false`, e.g. direct `cotal spawn`) gets no ACL row and stays live-only. */
79
104
  export declare function provisionAgent(provisioner: DurableProvisioner, auth: SpaceAuth, identity: Identity, opts?: ProvisionOpts): Promise<string>;
80
105
  /** Mint a user creds file for an agent {@link Identity} (its stable id+seed from
81
106
  * {@link newIdentity}). The account signing key signs over ONLY the public key
package/dist/provision.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"provision.d.ts","sourceRoot":"","sources":["../src/provision.ts"],"names":[],"mappings":"AA8CA,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,eAAe,CAAC;AAE9C;;;mEAGmE;AACnE,MAAM,MAAM,OAAO,GAAG,OAAO,GAAG,UAAU,GAAG,OAAO,GAAG,SAAS,CAAC;AAEjE;+DAC+D;AAC/D,MAAM,WAAW,SAAS;IACxB,KAAK,EAAE,MAAM,CAAC;IACd,QAAQ,EAAE;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,GAAG,EAAE,MAAM,CAAA;KAAE,CAAC;IACxC,OAAO,EAAE;QAAE,GAAG,EAAE,MAAM,CAAC;QAAC,IAAI,EAAE,MAAM,CAAC;QAAC,GAAG,EAAE,MAAM,CAAC;QAAC,WAAW,EAAE,MAAM,CAAC;QAAC,UAAU,EAAE,MAAM,CAAA;KAAE,CAAC;IAC7F,GAAG,EAAE;QAAE,GAAG,EAAE,MAAM,CAAC;QAAC,GAAG,EAAE,MAAM,CAAA;KAAE,CAAC;CACnC;AAYD;;;;;;;yEAOyE;AACzE,wBAAgB,cAAc,CAAC,IAAI,EAAE,SAAS,GAAG,SAAS,CAazD;AAED,4FAA4F;AAC5F,wBAAsB,eAAe,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,SAAS,CAAC,CA6BvE;AAED,mDAAmD;AACnD,MAAM,WAAW,QAAQ;IACvB;;;;;;kFAM8E;IAC9E,cAAc,CAAC,EAAE,MAAM,EAAE,CAAC;IAC1B;;sFAEkF;IAClF,YAAY,CAAC,EAAE,MAAM,EAAE,CAAC;IACxB,uEAAuE;IACvE,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,sEAAsE;IACtE,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB;;;2FAGuF;IACvF,YAAY,CAAC,EAAE,MAAM,EAAE,CAAC;CACzB;AAED,sFAAsF;AACtF,MAAM,WAAW,aAAc,SAAQ,QAAQ;IAC7C;4GACwG;IACxG,SAAS,CAAC,EAAE,MAAM,EAAE,CAAC;CACtB;AAED;qFACqF;AACrF,MAAM,WAAW,kBAAkB;IACjC,wFAAwF;IACxF,oBAAoB,CAAC,EAAE,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IACrE,gBAAgB,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAC5C,kBAAkB,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;CACjD;AAED;;0EAE0E;AAC1E,wBAAsB,cAAc,CAClC,WAAW,EAAE,kBAAkB,EAC/B,IAAI,EAAE,SAAS,EACf,QAAQ,EAAE,QAAQ,EAClB,IAAI,GAAE,aAAkB,GACvB,OAAO,CAAC,MAAM,CAAC,CAiBjB;AAED;;;;;;wDAMwD;AACxD,wBAAsB,SAAS,CAC7B,IAAI,EAAE,SAAS,EACf,QAAQ,EAAE,QAAQ,EAClB,OAAO,EAAE,OAAO,EAChB,IAAI,GAAE,QAAa,GAClB,OAAO,CAAC,MAAM,CAAC,CAYjB;AAmKD;kDACkD;AAClD,wBAAgB,YAAY,CAAC,IAAI,EAAE,SAAS,EAAE,IAAI,EAAE;IAAE,IAAI,CAAC,EAAE,MAAM,CAAC;IAAC,IAAI,CAAC,EAAE,MAAM,CAAC;IAAC,QAAQ,EAAE,MAAM,CAAA;CAAE,GAAG,MAAM,CAuB9G;AAMD,wBAAgB,OAAO,CAAC,IAAI,EAAE,MAAM,GAAG,MAAM,CAE5C;AAED;;iGAEiG;AACjG,wBAAgB,aAAa,CAAC,KAAK,GAAE,MAAsB,GAAG,MAAM,CAQnE;AAED,6FAA6F;AAC7F,wBAAgB,aAAa,CAAC,GAAG,EAAE,MAAM,EAAE,IAAI,EAAE,SAAS,GAAG,IAAI,CAGhE;AAED,iFAAiF;AACjF,wBAAgB,aAAa,CAAC,GAAG,EAAE,MAAM,GAAG,SAAS,GAAG,SAAS,CAIhE"}
1
+ {"version":3,"file":"provision.d.ts","sourceRoot":"","sources":["../src/provision.ts"],"names":[],"mappings":"AAsDA,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,eAAe,CAAC;AAE9C;;;mEAGmE;AACnE,MAAM,MAAM,OAAO,GAAG,OAAO,GAAG,UAAU,GAAG,OAAO,GAAG,SAAS,GAAG,UAAU,CAAC;AAE9E;+DAC+D;AAC/D,MAAM,WAAW,SAAS;IACxB,KAAK,EAAE,MAAM,CAAC;IACd,QAAQ,EAAE;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,GAAG,EAAE,MAAM,CAAA;KAAE,CAAC;IACxC,OAAO,EAAE;QAAE,GAAG,EAAE,MAAM,CAAC;QAAC,IAAI,EAAE,MAAM,CAAC;QAAC,GAAG,EAAE,MAAM,CAAC;QAAC,WAAW,EAAE,MAAM,CAAC;QAAC,UAAU,EAAE,MAAM,CAAA;KAAE,CAAC;IAC7F,GAAG,EAAE;QAAE,GAAG,EAAE,MAAM,CAAC;QAAC,GAAG,EAAE,MAAM,CAAA;KAAE,CAAC;CACnC;AAYD;;;;;;;yEAOyE;AACzE,wBAAgB,cAAc,CAAC,IAAI,EAAE,SAAS,GAAG,SAAS,CAazD;AAED,4FAA4F;AAC5F,wBAAsB,eAAe,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,SAAS,CAAC,CA6BvE;AAED,mDAAmD;AACnD,MAAM,WAAW,QAAQ;IACvB;;;;;sGAKkG;IAClG,cAAc,CAAC,EAAE,MAAM,EAAE,CAAC;IAC1B;;sFAEkF;IAClF,YAAY,CAAC,EAAE,MAAM,EAAE,CAAC;IACxB,uEAAuE;IACvE,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,sEAAsE;IACtE,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB;;;2FAGuF;IACvF,YAAY,CAAC,EAAE,MAAM,EAAE,CAAC;IACxB;;0DAEsD;IACtD,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAED,sFAAsF;AACtF,MAAM,WAAW,aAAc,SAAQ,QAAQ;IAC7C;;0EAEsE;IACtE,SAAS,CAAC,EAAE,MAAM,EAAE,CAAC;IACrB;;;;;;mBAMe;IACf,iBAAiB,CAAC,EAAE,OAAO,CAAC;CAC7B;AAED;;;0DAG0D;AAC1D,MAAM,WAAW,kBAAkB;IACjC,gBAAgB,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAC5C;wGACoG;IACpG,iBAAiB,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAC7C;;;;2FAIuF;IACvF,SAAS,CAAC,EAAE,EAAE,MAAM,EAAE,cAAc,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAC/D,kBAAkB,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;CACjD;AAED;;;;;kGAKkG;AAClG,wBAAsB,cAAc,CAClC,WAAW,EAAE,kBAAkB,EAC/B,IAAI,EAAE,SAAS,EACf,QAAQ,EAAE,QAAQ,EAClB,IAAI,GAAE,aAAkB,GACvB,OAAO,CAAC,MAAM,CAAC,CAwBjB;AAED;;;;;;wDAMwD;AACxD,wBAAsB,SAAS,CAC7B,IAAI,EAAE,SAAS,EACf,QAAQ,EAAE,QAAQ,EAClB,OAAO,EAAE,OAAO,EAChB,IAAI,GAAE,QAAa,GAClB,OAAO,CAAC,MAAM,CAAC,CAYjB;AAgQD;kDACkD;AAClD,wBAAgB,YAAY,CAAC,IAAI,EAAE,SAAS,EAAE,IAAI,EAAE;IAAE,IAAI,CAAC,EAAE,MAAM,CAAC;IAAC,IAAI,CAAC,EAAE,MAAM,CAAC;IAAC,QAAQ,EAAE,MAAM,CAAA;CAAE,GAAG,MAAM,CAuB9G;AAMD,wBAAgB,OAAO,CAAC,IAAI,EAAE,MAAM,GAAG,MAAM,CAE5C;AAED;;iGAEiG;AACjG,wBAAgB,aAAa,CAAC,KAAK,GAAE,MAAsB,GAAG,MAAM,CAQnE;AAED,6FAA6F;AAC7F,wBAAgB,aAAa,CAAC,GAAG,EAAE,MAAM,EAAE,IAAI,EAAE,SAAS,GAAG,IAAI,CAGhE;AAED,iFAAiF;AACjF,wBAAgB,aAAa,CAAC,GAAG,EAAE,MAAM,GAAG,SAAS,GAAG,SAAS,CAIhE"}
package/dist/provision.js CHANGED
@@ -18,7 +18,7 @@ import { readFileSync, writeFileSync, mkdirSync, existsSync } from "node:fs";
18
18
  import { join, dirname, resolve } from "node:path";
19
19
  import { encodeOperator, encodeAccount, encodeUser, fmtCreds, } from "@nats-io/jwt";
20
20
  import { createOperator, createAccount, fromPublic, fromSeed } from "@nats-io/nkeys";
21
- import { token, spacePrefix, chatSubject, assertValidChannel, channelInAllow, unicastSubject, anycastSubject, controlServiceSubject, CONTROL_PRIVILEGED, CONTROL_SELF_SERVICE, chatStream, dmStream, taskStream, chatDurable, chatHistDurable, dmDurable, taskDurable, presenceBucket, channelBucket, } from "./subjects.js";
21
+ import { token, spacePrefix, chatSubject, assertValidChannel, channelInAllow, unicastSubject, anycastSubject, controlServiceSubject, CONTROL_PRIVILEGED, CONTROL_SELF_SERVICE, CONTROL_DELIVERY, chatStream, dmStream, taskStream, dlvStream, inboxStream, chatHistDurable, dmDurable, taskDurable, dlvDurable, presenceBucket, channelBucket, membersBucket, aclBucket, deliveryBucket, FANOUT_DURABLE, INBOX_READER_DURABLE, } from "./subjects.js";
22
22
  // Unlimited account limits — without explicit limits a JWT account defaults to 0 conns
23
23
  // (every connect denied). JetStream needs storage on the data account but MUST stay off
24
24
  // the system account (the server refuses to start otherwise).
@@ -74,9 +74,12 @@ export async function createSpaceAuth(space) {
74
74
  sys: { pub: sysPub, jwt: sysJwt },
75
75
  };
76
76
  }
77
- /** Onboard an agent for launch (auth mode): pre-create its bind-only chat (+ DM + role TASK)
78
- * durables and mint its scoped creds. The single shared step so every launcher — the manager and
79
- * `cotal spawn` alike provisions identically (manager not special). */
77
+ /** Onboard an agent for launch (auth mode): pre-create its bind-only DM (+ Plane-3 DELIVER + role
78
+ * TASK) durables, RECORD its read ACL in the durable registry (unless `durableMembership:false`), and
79
+ * mint its scoped creds. Live delivery is the agent's own core subscription — there is no per-instance
80
+ * chat durable. Boot durable MEMBERSHIP is not written here: the agent self-joins its durable channels
81
+ * via the server-side delivery daemon's `ctl.delivery` op at connect. A live-only launcher
82
+ * (`durableMembership:false`, e.g. direct `cotal spawn`) gets no ACL row and stays live-only. */
80
83
  export async function provisionAgent(provisioner, auth, identity, opts = {}) {
81
84
  const subscribe = opts.subscribe?.length ? opts.subscribe : ["general"];
82
85
  const allowSubscribe = opts.allowSubscribe?.length ? opts.allowSubscribe : subscribe;
@@ -89,8 +92,16 @@ export async function provisionAgent(provisioner, auth, identity, opts = {}) {
89
92
  for (const ch of subscribe)
90
93
  if (!channelInAllow(allowSubscribe, ch))
91
94
  throw new Error(`provisionAgent: subscribe "${ch}" is not within allowSubscribe [${allowSubscribe.join(", ")}]`);
92
- await provisioner.provisionChatDurable(identity.id, subscribe);
93
95
  await provisioner.provisionDmInbox(identity.id);
96
+ await provisioner.provisionDlvInbox(identity.id);
97
+ // Record the agent's read ACL in the durable registry (the same act as baking it into the JWT) so the
98
+ // server-side delivery daemon can re-authorize this agent's durable entries + validate its runtime
99
+ // durable-joins — it holds no in-memory ledger. The agent SELF-JOINS its durable boot channels via the
100
+ // daemon at connect (no manager-written boot membership). `durableMembership:false` (a live-only
101
+ // launcher, e.g. direct `cotal spawn` with no daemon) opts out of the ACL row → the daemon never
102
+ // authorizes a durable backstop for it, so it stays live-only.
103
+ if (opts.durableMembership !== false)
104
+ await provisioner.commitAcl(identity.id, allowSubscribe);
94
105
  if (opts.role)
95
106
  await provisioner.provisionTaskQueue(opts.role);
96
107
  return mintCreds(auth, identity, "agent", { ...opts, allowSubscribe });
@@ -114,11 +125,14 @@ export async function mintCreds(auth, identity, profile, opts = {}) {
114
125
  * host). Subject/stream/durable names come from the shared builders so the ACLs can't drift
115
126
  * from the wire layout. */
116
127
  function permissionsFor(profile, space, id, opts) {
128
+ if (profile === "delivery")
129
+ return deliveryPermissions(space, id); // scoped server-side Plane-3 infra
117
130
  if (profile === "manager")
118
131
  return {}; // privileged: allow-all defaults
119
132
  const CHAT = chatStream(space), DM = dmStream(space), TASK = taskStream(space);
120
133
  const KV = `KV_${presenceBucket(space)}`;
121
134
  const CHKV = `KV_${channelBucket(space)}`; // channel registry (read-only for everyone)
135
+ const DLVKV = `KV_${deliveryBucket(space)}`; // delivery lease/readiness (read-only — Component 6 health)
122
136
  const inbox = `_INBOX_${id}.>`;
123
137
  if (profile === "observer" || profile === "admin") {
124
138
  // Read-only: live feed via tap, history + presence via ephemeral/ordered consumers it
@@ -171,7 +185,8 @@ function permissionsFor(profile, space, id, opts) {
171
185
  for (const ch of [...allowSubscribe, ...allowPublish])
172
186
  assertValidChannel(ch);
173
187
  const manager = opts.manager ?? CONTROL_PRIVILEGED;
174
- const chatD = chatDurable(id), chatHistD = chatHistDurable(id), dmD = dmDurable(id);
188
+ const chatHistD = chatHistDurable(id), dmD = dmDurable(id);
189
+ const DLV = dlvStream(space), dlvD = dlvDurable(id); // Plane-3 per-member delivery (bind-only)
175
190
  const svcD = opts.role ? taskDurable(opts.role) : undefined;
176
191
  const pubAllow = [
177
192
  // peer publish — identity + channel scope, built from the real builders. Default-deny: ONLY the
@@ -179,7 +194,11 @@ function permissionsFor(profile, space, id, opts) {
179
194
  ...allowPublish.map((ch) => chatSubject(space, id, ch)),
180
195
  unicastSubject(space, "*", id), // inst.*.<id> — DM any instance, as me
181
196
  anycastSubject(space, "*", id), // svc.*.<id> — anycast any role, as me
182
- controlServiceSubject(space, CONTROL_SELF_SERVICE, id), // ctl.self.<id> — self stop/despawn + mediated join/leave, granted to all
197
+ controlServiceSubject(space, CONTROL_SELF_SERVICE, id), // ctl.self.<id> — self stop/despawn, granted to all
198
+ // ctl.delivery.<id> — request a durable backstop join/leave/list from the SERVER-SIDE delivery
199
+ // daemon (NOT the manager). The reply rides this same subtree (`ctl.delivery.<id>.reply.<n>`, in
200
+ // sub.allow below) so the daemon can answer without broad inbox-publish — see CONTROL_DELIVERY.
201
+ controlServiceSubject(space, CONTROL_DELIVERY, id),
183
202
  // JetStream control plane — scoped to this agent's own streams/durables.
184
203
  "$JS.API.INFO",
185
204
  // STREAM.INFO: CHAT (join watermark, recall drop-marker, channel-list counts — a documented
@@ -187,15 +206,9 @@ function permissionsFor(profile, space, id, opts) {
187
206
  // bind their dm_<id>/svc_<role> by name and never inspect those streams, so granting INFO there
188
207
  // would only leak DM-inbox / task subject metadata across peers for no functional gain.
189
208
  `$JS.API.STREAM.INFO.${CHAT}`, `$JS.API.STREAM.INFO.${KV}`, `$JS.API.STREAM.INFO.${CHKV}`,
190
- // CHAT live tail: BIND ONLY its own pre-created chat_<id> durable info / fetch / ack, NO
191
- // create or update. The durable's `filter_subjects` is the read boundary; it is set only by the
192
- // privileged provisioner (subscribe allowSubscribe) and moved only via the mediated
193
- // join/leave control op. With no create/update path the agent can never widen its own live
194
- // read. (The multi-filter durable rides the filter-less create subject, so it is not
195
- // ACL-pinnable by subject anyway — bind-only + trusted creator is the enforcement, as DM/TASK.)
196
- `$JS.API.CONSUMER.INFO.${CHAT}.${chatD}`,
197
- `$JS.API.CONSUMER.MSG.NEXT.${CHAT}.${chatD}`,
198
- `$JS.ACK.${CHAT}.${chatD}.>`,
209
+ // Live channel delivery is the agent's own native core subscription (sub.allow over chat.*.<ch>,
210
+ // below) there is NO per-instance chat live-tail durable to bind. The durable backstop is
211
+ // Plane-3 (the bind-only dlv_<id> durable below). So no CHAT consumer bind/ack grants here.
199
212
  // CHAT history reads (join-backfill, focus-recall, drop-marker) — single-filter EPHEMERAL
200
213
  // consumers named chathist_<id>. The create rides the extended subject
201
214
  // CONSUMER.CREATE.<CHAT>.<chathist_id>.<filter>, whose trailing filter token nats-server pins to
@@ -212,6 +225,13 @@ function permissionsFor(profile, space, id, opts) {
212
225
  `$JS.API.CONSUMER.INFO.${DM}.${dmD}`,
213
226
  `$JS.API.CONSUMER.MSG.NEXT.${DM}.${dmD}`,
214
227
  `$JS.ACK.${DM}.${dmD}.>`,
228
+ // Plane-3 DELIVER consumer (SPEC §8): BIND ONLY its own pre-created dlv_<id> — info/fetch/ack,
229
+ // never create (the provisioner pre-creates it filtered to dlv.<id>). The agent acks this via
230
+ // native JetStream — the re-authorized per-member handoff. It gets NO grant on the INBOX (mixed
231
+ // pre-auth) stream at all: default-deny keeps the fan-out target unreadable by the agent.
232
+ `$JS.API.CONSUMER.INFO.${DLV}.${dlvD}`,
233
+ `$JS.API.CONSUMER.MSG.NEXT.${DLV}.${dlvD}`,
234
+ `$JS.ACK.${DLV}.${dlvD}.>`,
215
235
  // Presence: watch (read, public roster) + flow control + PUT OWN KEY ONLY.
216
236
  `$JS.API.CONSUMER.CREATE.${KV}.>`,
217
237
  `$JS.API.CONSUMER.INFO.${KV}.>`,
@@ -222,6 +242,11 @@ function permissionsFor(profile, space, id, opts) {
222
242
  `$JS.API.STREAM.MSG.GET.${CHKV}`,
223
243
  `$JS.API.CONSUMER.CREATE.${CHKV}.>`,
224
244
  `$JS.API.CONSUMER.INFO.${CHKV}.>`,
245
+ // Delivery lease/readiness: READ-ONLY (kv.get) for the non-gating `cotal_channels` delivery-health
246
+ // surface (Component 6). The lease key is daemon-availability info, like the world-readable roster;
247
+ // NO write grant — only the `delivery` cred writes it.
248
+ `$JS.API.STREAM.INFO.${DLVKV}`,
249
+ `$JS.API.STREAM.MSG.GET.${DLVKV}`,
225
250
  ];
226
251
  if (svcD) {
227
252
  // TASK consumer: BIND ONLY its own role's pre-created durable (svc_<role>). Like DM, the
@@ -248,8 +273,87 @@ function permissionsFor(profile, space, id, opts) {
248
273
  `$JS.API.CONSUMER.CREATE.${TASK}`,
249
274
  `$JS.API.CONSUMER.CREATE.${TASK}.>`,
250
275
  `$JS.API.CONSUMER.DURABLE.CREATE.${TASK}.>`,
276
+ // Plane-3 DELIVER: bind-only, like DM — the create-time filter_subject is the attack surface, so
277
+ // no create path (the provisioner pre-creates dlv_<id> filtered to dlv.<id>).
278
+ `$JS.API.CONSUMER.CREATE.${DLV}`,
279
+ `$JS.API.CONSUMER.CREATE.${DLV}.>`,
280
+ `$JS.API.CONSUMER.DURABLE.CREATE.${DLV}.>`,
251
281
  ];
252
- return { pub: { allow: pubAllow, deny: pubDeny }, sub: { allow: [inbox] } };
282
+ // CHAT live read boundary (SPEC v0.3 §9 / Appendix B): mint the read ACL as a native `sub.allow`
283
+ // over cotal.<space>.chat.*.<channel> — one per allowSubscribe channel, wildcards passed through
284
+ // (e.g. chat.*.review.>, chat.*.>). This is what lets an agent self-serve a live channel subscribe
285
+ // with NO manager: join = nc.subscribe, broker-enforced per-subscribe, no consumer name to confine,
286
+ // so an open ACL needs no enumeration. This sub.allow grant IS the live read path — there is no
287
+ // per-instance chat durable; the durable backstop is Plane-3 (delivery-daemon fan-out → per-member DELIVER).
288
+ const subChat = allowSubscribe.map((ch) => chatSubject(space, "*", ch));
289
+ // Replies to this agent's durable join/leave/list requests ride `ctl.delivery.<id>.>` (NOT the
290
+ // per-id _INBOX), so the scoped delivery daemon can answer without broad inbox-publish.
291
+ const deliveryReplies = `${controlServiceSubject(space, CONTROL_DELIVERY, id)}.>`;
292
+ return { pub: { allow: pubAllow, deny: pubDeny }, sub: { allow: [inbox, deliveryReplies, ...subChat] } };
293
+ }
294
+ /** The scoped `delivery` daemon permission set (server-side Plane-3 infra; NEVER allow-all, never
295
+ * minted for an agent — `cotal mint` excludes it, like `manager`). Least-privilege: exactly what the
296
+ * fan-out writer + trusted reader + activation catch-up + membership/ACL reads + members-KV writes +
297
+ * the lease + the `ctl.delivery` control service touch. `sub.allow` is the per-identity inbox (all JS
298
+ * pull delivery / KV-watch / request replies land there) PLUS the `ctl.delivery` control subtree it
299
+ * serves; ALL stream/KV reads ride the JS API (publishes), so there is NO native `chat`/`dinbox`/`dlv`
300
+ * subscription — a leaked cred can't natively sniff the mixed pre-auth store. Honest blast radius
301
+ * (delivery-daemon.md): it can write any owner's `dlv` (the post-auth store agents trust); the future
302
+ * fan-out/reader cred split bounds that. */
303
+ function deliveryPermissions(space, id) {
304
+ const p = spacePrefix(space);
305
+ const CHAT = chatStream(space), INBOX = inboxStream(space), DLV = dlvStream(space);
306
+ const PKV = `KV_${presenceBucket(space)}`, CHKV = `KV_${channelBucket(space)}`;
307
+ const MKV = `KV_${membersBucket(space)}`, AKV = `KV_${aclBucket(space)}`, DKV = `KV_${deliveryBucket(space)}`;
308
+ const kvRead = (bucket) => [
309
+ `$JS.API.STREAM.INFO.${bucket}`,
310
+ `$JS.API.STREAM.MSG.GET.${bucket}`, // kv.get
311
+ `$JS.API.CONSUMER.CREATE.${bucket}.>`, // kv.watch ordered consumer
312
+ `$JS.API.CONSUMER.INFO.${bucket}.>`,
313
+ `$JS.API.CONSUMER.DELETE.${bucket}.>`,
314
+ ];
315
+ const pub = [
316
+ "$JS.API.INFO",
317
+ `$JS.API.STREAM.INFO.${CHAT}`, `$JS.API.STREAM.INFO.${INBOX}`, `$JS.API.STREAM.INFO.${DLV}`,
318
+ // Fan-out durable + activation-catch-up ephemerals live on CHAT — the daemon legitimately reads ALL
319
+ // chat (the fan-out consumes the whole stream), so a stream-wide CHAT consumer grant is no
320
+ // escalation. The catch-up ephemeral names (`cu_<owner>_<gen>`) are dynamic, so they can't be
321
+ // name-pinned; CHAT-wide is correct here.
322
+ `$JS.API.CONSUMER.CREATE.${CHAT}.>`,
323
+ `$JS.API.CONSUMER.DURABLE.CREATE.${CHAT}.>`,
324
+ `$JS.API.CONSUMER.INFO.${CHAT}.>`,
325
+ `$JS.API.CONSUMER.MSG.NEXT.${CHAT}.>`,
326
+ `$JS.API.CONSUMER.DELETE.${CHAT}.>`,
327
+ `$JS.ACK.${CHAT}.>`,
328
+ // Trusted reader on INBOX — NAME-PINNED to the single `reader` durable (the meaningful confinement:
329
+ // no arbitrary INBOX consumer create against the mixed pre-auth store).
330
+ `$JS.API.CONSUMER.CREATE.${INBOX}.${INBOX_READER_DURABLE}.>`,
331
+ `$JS.API.CONSUMER.DURABLE.CREATE.${INBOX}.${INBOX_READER_DURABLE}`,
332
+ `$JS.API.CONSUMER.INFO.${INBOX}.${INBOX_READER_DURABLE}`,
333
+ `$JS.API.CONSUMER.MSG.NEXT.${INBOX}.${INBOX_READER_DURABLE}`,
334
+ `$JS.API.CONSUMER.DELETE.${INBOX}.${INBOX_READER_DURABLE}`,
335
+ `$JS.ACK.${INBOX}.${INBOX_READER_DURABLE}.>`,
336
+ "$JS.FC.>", // ordered-consumer flow control
337
+ // Reads: presence (@mention resolve) + channel registry (delivery class) + members + ACL (re-auth).
338
+ ...kvRead(PKV), ...kvRead(CHKV), ...kvRead(MKV), ...kvRead(AKV),
339
+ // Members-KV WRITE — the daemon is the durable-membership authority (join/leave/activate/catch-up).
340
+ `$KV.${membersBucket(space)}.>`,
341
+ // Delivery lease/readiness KV: read the bucket (renew CAS) + write ONLY lease keys.
342
+ `$JS.API.STREAM.INFO.${DKV}`, `$JS.API.STREAM.MSG.GET.${DKV}`,
343
+ `$KV.${deliveryBucket(space)}.lease.*`,
344
+ // Plane-3 data writes: dinbox (fan-out target) + dlv (post-auth handoff) for ANY owner.
345
+ `${p}.dinbox.*`, `${p}.dlv.*`,
346
+ // ctl.delivery control REPLIES ONLY (requests arrive on the sub below; the daemon only ever
347
+ // m.respond()s to a requester's reply subject `ctl.delivery.<id>.reply.<n>`). Scoped to the
348
+ // `.reply.>` leaf so the daemon can't publish to the request subjects themselves — tighter than a
349
+ // blanket `ctl.delivery.>` (fact-check precision, review panel).
350
+ `${p}.ctl.delivery.*.reply.>`,
351
+ ];
352
+ const sub = [
353
+ `_INBOX_${id}.>`,
354
+ `${p}.ctl.delivery.*`, // serve the delivery control service (queue-grouped durable join/leave/list)
355
+ ];
356
+ return { pub: { allow: pub }, sub: { allow: sub } };
253
357
  }
254
358
  /** Render the `nats-server` config that trusts this space's operator and serves its
255
359
  * accounts via the in-config MEMORY resolver. */
package/dist/provision.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"provision.js","sourceRoot":"","sources":["../src/provision.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;AACH,OAAO,EAAE,YAAY,EAAE,aAAa,EAAE,SAAS,EAAE,UAAU,EAAE,MAAM,SAAS,CAAC;AAC7E,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AACnD,OAAO,EACL,cAAc,EACd,aAAa,EACb,UAAU,EACV,QAAQ,GACT,MAAM,cAAc,CAAC;AACtB,OAAO,EAAE,cAAc,EAAE,aAAa,EAAE,UAAU,EAAE,QAAQ,EAAE,MAAM,gBAAgB,CAAC;AACrF,OAAO,EACL,KAAK,EACL,WAAW,EACX,WAAW,EACX,kBAAkB,EAClB,cAAc,EACd,cAAc,EACd,cAAc,EACd,qBAAqB,EACrB,kBAAkB,EAClB,oBAAoB,EACpB,UAAU,EACV,QAAQ,EACR,UAAU,EACV,WAAW,EACX,eAAe,EACf,SAAS,EACT,WAAW,EACX,cAAc,EACd,aAAa,GACd,MAAM,eAAe,CAAC;AAkBvB,uFAAuF;AACvF,wFAAwF;AACxF,8DAA8D;AAC9D,MAAM,WAAW,GAAG;IAClB,IAAI,EAAE,CAAC,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,OAAO,EAAE,CAAC,CAAC,EAAE,OAAO,EAAE,CAAC,CAAC;IACtD,IAAI,EAAE,CAAC,CAAC,EAAE,OAAO,EAAE,CAAC,CAAC,EAAE,SAAS,EAAE,IAAI;CAC9B,CAAC;AACX,MAAM,WAAW,GAAG,EAAE,GAAG,WAAW,EAAE,WAAW,EAAE,CAAC,CAAC,EAAE,YAAY,EAAE,CAAC,CAAC,EAAE,CAAC;AAC1E,MAAM,UAAU,GAAG,EAAE,GAAG,WAAW,EAAE,WAAW,EAAE,CAAC,EAAE,YAAY,EAAE,CAAC,EAAE,CAAC;AAEvE;;;;;;;yEAOyE;AACzE,MAAM,UAAU,cAAc,CAAC,IAAe;IAC5C,OAAO;QACL,KAAK,EAAE,IAAI,CAAC,KAAK;QACjB,QAAQ,EAAE,EAAE,IAAI,EAAE,EAAE,EAAE,GAAG,EAAE,EAAE,EAAE;QAC/B,OAAO,EAAE;YACP,GAAG,EAAE,IAAI,CAAC,OAAO,CAAC,GAAG;YACrB,IAAI,EAAE,EAAE;YACR,GAAG,EAAE,EAAE;YACP,WAAW,EAAE,IAAI,CAAC,OAAO,CAAC,WAAW;YACrC,UAAU,EAAE,EAAE;SACf;QACD,GAAG,EAAE,EAAE,GAAG,EAAE,EAAE,EAAE,GAAG,EAAE,EAAE,EAAE;KAC1B,CAAC;AACJ,CAAC;AAED,4FAA4F;AAC5F,MAAM,CAAC,KAAK,UAAU,eAAe,CAAC,KAAa;IACjD,MAAM,GAAG,GAAG,cAAc,EAAE,CAAC;IAC7B,MAAM,GAAG,GAAG,aAAa,EAAE,CAAC;IAC5B,MAAM,IAAI,GAAG,aAAa,EAAE,CAAC,CAAC,yCAAyC;IACvE,MAAM,KAAK,GAAG,aAAa,EAAE,CAAC;IAC9B,MAAM,MAAM,GAAG,KAAK,CAAC,YAAY,EAAE,CAAC;IAEpC,MAAM,WAAW,GAAG,MAAM,cAAc,CAAC,SAAS,KAAK,CAAC,KAAK,CAAC,EAAE,EAAE,GAAG,EAAE,EAAE,cAAc,EAAE,MAAM,EAAE,CAAC,CAAC;IACnG,MAAM,UAAU,GAAG,MAAM,aAAa,CACpC,KAAK,CAAC,KAAK,CAAC,EACZ,GAAG,EACH,EAAE,YAAY,EAAE,CAAC,IAAI,CAAC,YAAY,EAAE,CAAC,EAAE,MAAM,EAAE,WAAW,EAAE,EAC5D,EAAE,MAAM,EAAE,GAAG,EAAE,CAChB,CAAC;IACF,MAAM,MAAM,GAAG,MAAM,aAAa,CAAC,KAAK,EAAE,KAAK,EAAE,EAAE,MAAM,EAAE,UAAU,EAAE,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,CAAC;IAE1F,MAAM,GAAG,GAAG,CAAC,CAAa,EAAE,EAAE,CAAC,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;IAC3D,OAAO;QACL,KAAK;QACL,QAAQ,EAAE,EAAE,IAAI,EAAE,GAAG,CAAC,GAAG,CAAC,OAAO,EAAE,CAAC,EAAE,GAAG,EAAE,WAAW,EAAE;QACxD,OAAO,EAAE;YACP,GAAG,EAAE,GAAG,CAAC,YAAY,EAAE;YACvB,IAAI,EAAE,GAAG,CAAC,GAAG,CAAC,OAAO,EAAE,CAAC;YACxB,GAAG,EAAE,UAAU;YACf,WAAW,EAAE,GAAG,CAAC,IAAI,CAAC,OAAO,EAAE,CAAC;YAChC,UAAU,EAAE,IAAI,CAAC,YAAY,EAAE;SAChC;QACD,GAAG,EAAE,EAAE,GAAG,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,EAAE;KAClC,CAAC;AACJ,CAAC;AA2CD;;0EAE0E;AAC1E,MAAM,CAAC,KAAK,UAAU,cAAc,CAClC,WAA+B,EAC/B,IAAe,EACf,QAAkB,EAClB,OAAsB,EAAE;IAExB,MAAM,SAAS,GAAG,IAAI,CAAC,SAAS,EAAE,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC;IACxE,MAAM,cAAc,GAAG,IAAI,CAAC,cAAc,EAAE,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC,CAAC,SAAS,CAAC;IACrF,gGAAgG;IAChG,KAAK,MAAM,EAAE,IAAI,CAAC,GAAG,SAAS,EAAE,GAAG,cAAc,CAAC;QAAE,kBAAkB,CAAC,EAAE,CAAC,CAAC;IAC3E,8FAA8F;IAC9F,4FAA4F;IAC5F,iEAAiE;IACjE,KAAK,MAAM,EAAE,IAAI,SAAS;QACxB,IAAI,CAAC,cAAc,CAAC,cAAc,EAAE,EAAE,CAAC;YACrC,MAAM,IAAI,KAAK,CACb,8BAA8B,EAAE,mCAAmC,cAAc,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAChG,CAAC;IACN,MAAM,WAAW,CAAC,oBAAoB,CAAC,QAAQ,CAAC,EAAE,EAAE,SAAS,CAAC,CAAC;IAC/D,MAAM,WAAW,CAAC,gBAAgB,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC;IAChD,IAAI,IAAI,CAAC,IAAI;QAAE,MAAM,WAAW,CAAC,kBAAkB,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAC/D,OAAO,SAAS,CAAC,IAAI,EAAE,QAAQ,EAAE,OAAO,EAAE,EAAE,GAAG,IAAI,EAAE,cAAc,EAAE,CAAC,CAAC;AACzE,CAAC;AAED;;;;;;wDAMwD;AACxD,MAAM,CAAC,KAAK,UAAU,SAAS,CAC7B,IAAe,EACf,QAAkB,EAClB,OAAgB,EAChB,OAAiB,EAAE;IAEnB,MAAM,MAAM,GAAG,QAAQ,CAAC,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC,CAAC;IAC5E,MAAM,KAAK,GAAG,cAAc,CAAC,OAAO,EAAE,IAAI,CAAC,KAAK,EAAE,QAAQ,CAAC,EAAE,EAAE,IAAI,CAAC,CAAC;IACrE,MAAM,OAAO,GAAG,MAAM,UAAU,CAC9B,OAAO,EACP,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC,EACvB,UAAU,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,EAC5B,KAAK,EACL,EAAE,MAAM,EAAE,CACX,CAAC;IACF,MAAM,KAAK,GAAG,QAAQ,CAAC,OAAO,EAAE,QAAQ,CAAC,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IACnF,OAAO,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;AACzC,CAAC;AAED;;;4BAG4B;AAC5B,SAAS,cAAc,CACrB,OAAgB,EAChB,KAAa,EACb,EAAU,EACV,IAAc;IAEd,IAAI,OAAO,KAAK,SAAS;QAAE,OAAO,EAAE,CAAC,CAAC,iCAAiC;IACvE,MAAM,IAAI,GAAG,UAAU,CAAC,KAAK,CAAC,EAAE,EAAE,GAAG,QAAQ,CAAC,KAAK,CAAC,EAAE,IAAI,GAAG,UAAU,CAAC,KAAK,CAAC,CAAC;IAC/E,MAAM,EAAE,GAAG,MAAM,cAAc,CAAC,KAAK,CAAC,EAAE,CAAC;IACzC,MAAM,IAAI,GAAG,MAAM,aAAa,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC,4CAA4C;IACvF,MAAM,KAAK,GAAG,UAAU,EAAE,IAAI,CAAC;IAE/B,IAAI,OAAO,KAAK,UAAU,IAAI,OAAO,KAAK,OAAO,EAAE,CAAC;QAClD,sFAAsF;QACtF,gFAAgF;QAChF,wFAAwF;QACxF,+EAA+E;QAC/E,yFAAyF;QACzF,yFAAyF;QACzF,4FAA4F;QAC5F,yFAAyF;QACzF,8EAA8E;QAC9E,MAAM,GAAG,GACP,OAAO,KAAK,OAAO;YACjB,CAAC,CAAC,CAAC,GAAG,WAAW,CAAC,KAAK,CAAC,IAAI,EAAE,KAAK,CAAC;YACpC,CAAC,CAAC,CAAC,GAAG,WAAW,CAAC,KAAK,CAAC,SAAS,EAAE,KAAK,CAAC,CAAC;QAC9C,MAAM,KAAK,GAAG;YACZ,cAAc;YACd,uBAAuB,IAAI,EAAE;YAC7B,uBAAuB,EAAE,EAAE;YAC3B,sFAAsF;YACtF,yEAAyE;YACzE,2BAA2B,IAAI,EAAE;YACjC,2BAA2B,IAAI,IAAI;YACnC,yBAAyB,IAAI,IAAI;YACjC,6BAA6B,IAAI,IAAI;YACrC,2BAA2B,IAAI,IAAI;YACnC,WAAW,IAAI,IAAI;YACnB,2BAA2B,EAAE,IAAI,EAAE,+CAA+C;YAClF,yBAAyB,EAAE,IAAI;YAC/B,oFAAoF;YACpF,8FAA8F;YAC9F,uBAAuB,IAAI,EAAE;YAC7B,0BAA0B,IAAI,EAAE;YAChC,2BAA2B,IAAI,IAAI;YACnC,yBAAyB,IAAI,IAAI;YACjC,2BAA2B,IAAI,IAAI,EAAG,6BAA6B;YACnE,UAAU,EAAE,gCAAgC;SAC7C,CAAC;QACF,IAAI,OAAO,KAAK,OAAO,EAAE,CAAC;YACxB,sFAAsF;YACtF,sFAAsF;YACtF,KAAK,CAAC,IAAI,CACR,uBAAuB,EAAE,EAAE,EAC3B,2BAA2B,EAAE,EAAE,EAC/B,2BAA2B,EAAE,IAAI,EACjC,yBAAyB,EAAE,IAAI,EAC/B,6BAA6B,EAAE,IAAI,EACnC,2BAA2B,EAAE,IAAI,EACjC,WAAW,EAAE,IAAI,CAClB,CAAC;QACJ,CAAC;QACD,OAAO,EAAE,GAAG,EAAE,EAAE,KAAK,EAAE,GAAG,EAAE,EAAE,GAAG,EAAE,EAAE,KAAK,EAAE,EAAE,CAAC;IACjD,CAAC;IAED,kBAAkB;IAClB,MAAM,YAAY,GAAG,IAAI,CAAC,YAAY,IAAI,EAAE,CAAC,CAAC,qDAAqD;IACnG,MAAM,cAAc,GAAG,IAAI,CAAC,cAAc,EAAE,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,WAAW;IACnG,mGAAmG;IACnG,sFAAsF;IACtF,KAAK,MAAM,EAAE,IAAI,CAAC,GAAG,cAAc,EAAE,GAAG,YAAY,CAAC;QAAE,kBAAkB,CAAC,EAAE,CAAC,CAAC;IAC9E,MAAM,OAAO,GAAG,IAAI,CAAC,OAAO,IAAI,kBAAkB,CAAC;IACnD,MAAM,KAAK,GAAG,WAAW,CAAC,EAAE,CAAC,EAAE,SAAS,GAAG,eAAe,CAAC,EAAE,CAAC,EAAE,GAAG,GAAG,SAAS,CAAC,EAAE,CAAC,CAAC;IACpF,MAAM,IAAI,GAAG,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;IAC5D,MAAM,QAAQ,GAAG;QACf,gGAAgG;QAChG,6EAA6E;QAC7E,GAAG,YAAY,CAAC,GAAG,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,WAAW,CAAC,KAAK,EAAE,EAAE,EAAE,EAAE,CAAC,CAAC;QACvD,cAAc,CAAC,KAAK,EAAE,GAAG,EAAE,EAAE,CAAC,EAAE,0CAA0C;QAC1E,cAAc,CAAC,KAAK,EAAE,GAAG,EAAE,EAAE,CAAC,EAAE,2CAA2C;QAC3E,qBAAqB,CAAC,KAAK,EAAE,oBAAoB,EAAE,EAAE,CAAC,EAAE,0EAA0E;QAClI,yEAAyE;QACzE,cAAc;QACd,4FAA4F;QAC5F,iGAAiG;QACjG,gGAAgG;QAChG,wFAAwF;QACxF,uBAAuB,IAAI,EAAE,EAAE,uBAAuB,EAAE,EAAE,EAAE,uBAAuB,IAAI,EAAE;QACzF,2FAA2F;QAC3F,gGAAgG;QAChG,sFAAsF;QACtF,2FAA2F;QAC3F,qFAAqF;QACrF,gGAAgG;QAChG,yBAAyB,IAAI,IAAI,KAAK,EAAE;QACxC,6BAA6B,IAAI,IAAI,KAAK,EAAE;QAC5C,WAAW,IAAI,IAAI,KAAK,IAAI;QAC5B,0FAA0F;QAC1F,uEAAuE;QACvE,iGAAiG;QACjG,gGAAgG;QAChG,8FAA8F;QAC9F,8FAA8F;QAC9F,wFAAwF;QACxF,6FAA6F;QAC7F,GAAG,cAAc,CAAC,GAAG,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,2BAA2B,IAAI,IAAI,SAAS,IAAI,WAAW,CAAC,KAAK,EAAE,GAAG,EAAE,EAAE,CAAC,EAAE,CAAC;QAC5G,yBAAyB,IAAI,IAAI,SAAS,EAAE;QAC5C,6BAA6B,IAAI,IAAI,SAAS,EAAE;QAChD,2BAA2B,IAAI,IAAI,SAAS,EAAE;QAC9C,qFAAqF;QACrF,yBAAyB,EAAE,IAAI,GAAG,EAAE;QACpC,6BAA6B,EAAE,IAAI,GAAG,EAAE;QACxC,WAAW,EAAE,IAAI,GAAG,IAAI;QACxB,2EAA2E;QAC3E,2BAA2B,EAAE,IAAI;QACjC,yBAAyB,EAAE,IAAI;QAC/B,UAAU;QACV,OAAO,cAAc,CAAC,KAAK,CAAC,IAAI,EAAE,EAAE,EAAE,4CAA4C;QAClF,yFAAyF;QACzF,+FAA+F;QAC/F,0BAA0B,IAAI,EAAE;QAChC,2BAA2B,IAAI,IAAI;QACnC,yBAAyB,IAAI,IAAI;KAClC,CAAC;IACF,IAAI,IAAI,EAAE,CAAC;QACT,yFAAyF;QACzF,oFAAoF;QACpF,wFAAwF;QACxF,QAAQ,CAAC,IAAI,CACX,yBAAyB,IAAI,IAAI,IAAI,EAAE,EACvC,6BAA6B,IAAI,IAAI,IAAI,EAAE,EAC3C,WAAW,IAAI,IAAI,IAAI,IAAI,CAC5B,CAAC;IACJ,CAAC;IACD,IAAI,IAAI,CAAC,YAAY,EAAE,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;QACzC,2FAA2F;QAC3F,sFAAsF;QACtF,sFAAsF;QACtF,0FAA0F;QAC1F,6EAA6E;QAC7E,QAAQ,CAAC,IAAI,CAAC,qBAAqB,CAAC,KAAK,EAAE,OAAO,EAAE,EAAE,CAAC,CAAC,CAAC;IAC3D,CAAC;IACD,qFAAqF;IACrF,mFAAmF;IACnF,sFAAsF;IACtF,iFAAiF;IACjF,MAAM,OAAO,GAAG;QACd,2BAA2B,EAAE,EAAE;QAC/B,2BAA2B,EAAE,IAAI;QACjC,mCAAmC,EAAE,IAAI;QACzC,2BAA2B,IAAI,EAAE;QACjC,2BAA2B,IAAI,IAAI;QACnC,mCAAmC,IAAI,IAAI;KAC5C,CAAC;IACF,OAAO,EAAE,GAAG,EAAE,EAAE,KAAK,EAAE,QAAQ,EAAE,IAAI,EAAE,OAAO,EAAE,EAAE,GAAG,EAAE,EAAE,KAAK,EAAE,CAAC,KAAK,CAAC,EAAE,EAAE,CAAC;AAC9E,CAAC;AAED;kDACkD;AAClD,MAAM,UAAU,YAAY,CAAC,IAAe,EAAE,IAAwD;IACpG,MAAM,IAAI,GAAG,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC;IAC/B,MAAM,IAAI,GAAG,IAAI,CAAC,IAAI,IAAI,WAAW,CAAC;IACtC,4FAA4F;IAC5F,8FAA8F;IAC9F,+FAA+F;IAC/F,+FAA+F;IAC/F,gGAAgG;IAChG,iGAAiG;IACjG,kGAAkG;IAClG,OAAO;QACD,IAAI;QACJ,IAAI;;yBAEa,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,QAAQ,CAAC;YAC1C,IAAI,CAAC,QAAQ,CAAC,GAAG;kBACX,IAAI,CAAC,GAAG,CAAC,GAAG;;;IAG1B,IAAI,CAAC,OAAO,CAAC,GAAG,KAAK,IAAI,CAAC,OAAO,CAAC,GAAG;IACrC,IAAI,CAAC,GAAG,CAAC,GAAG,KAAK,IAAI,CAAC,GAAG,CAAC,GAAG;;CAEhC,CAAC;AACF,CAAC;AAED,kFAAkF;AAElF,MAAM,SAAS,GAAG,WAAW,CAAC;AAE9B,MAAM,UAAU,OAAO,CAAC,IAAY;IAClC,OAAO,IAAI,CAAC,IAAI,EAAE,QAAQ,EAAE,MAAM,CAAC,CAAC;AACtC,CAAC;AAED;;iGAEiG;AACjG,MAAM,UAAU,aAAa,CAAC,QAAgB,OAAO,CAAC,GAAG,EAAE;IACzD,IAAI,GAAG,GAAG,OAAO,CAAC,KAAK,CAAC,CAAC;IACzB,SAAS,CAAC;QACR,IAAI,UAAU,CAAC,IAAI,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAC;YAAE,OAAO,GAAG,CAAC;QAChD,MAAM,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,CAAC;QAC5B,IAAI,MAAM,KAAK,GAAG;YAAE,OAAO,OAAO,CAAC,KAAK,CAAC,CAAC;QAC1C,GAAG,GAAG,MAAM,CAAC;IACf,CAAC;AACH,CAAC;AAED,6FAA6F;AAC7F,MAAM,UAAU,aAAa,CAAC,GAAW,EAAE,IAAe;IACxD,SAAS,CAAC,GAAG,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IACpC,aAAa,CAAC,IAAI,CAAC,GAAG,EAAE,SAAS,CAAC,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;AACtF,CAAC;AAED,iFAAiF;AACjF,MAAM,UAAU,aAAa,CAAC,GAAW;IACvC,MAAM,CAAC,GAAG,IAAI,CAAC,GAAG,EAAE,SAAS,CAAC,CAAC;IAC/B,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC;QAAE,OAAO,SAAS,CAAC;IACrC,OAAO,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC,EAAE,MAAM,CAAC,CAAc,CAAC;AAC1D,CAAC"}
1
+ {"version":3,"file":"provision.js","sourceRoot":"","sources":["../src/provision.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;AACH,OAAO,EAAE,YAAY,EAAE,aAAa,EAAE,SAAS,EAAE,UAAU,EAAE,MAAM,SAAS,CAAC;AAC7E,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AACnD,OAAO,EACL,cAAc,EACd,aAAa,EACb,UAAU,EACV,QAAQ,GACT,MAAM,cAAc,CAAC;AACtB,OAAO,EAAE,cAAc,EAAE,aAAa,EAAE,UAAU,EAAE,QAAQ,EAAE,MAAM,gBAAgB,CAAC;AACrF,OAAO,EACL,KAAK,EACL,WAAW,EACX,WAAW,EACX,kBAAkB,EAClB,cAAc,EACd,cAAc,EACd,cAAc,EACd,qBAAqB,EACrB,kBAAkB,EAClB,oBAAoB,EACpB,gBAAgB,EAChB,UAAU,EACV,QAAQ,EACR,UAAU,EACV,SAAS,EACT,WAAW,EACX,eAAe,EACf,SAAS,EACT,WAAW,EACX,UAAU,EACV,cAAc,EACd,aAAa,EACb,aAAa,EACb,SAAS,EACT,cAAc,EACd,cAAc,EACd,oBAAoB,GACrB,MAAM,eAAe,CAAC;AAkBvB,uFAAuF;AACvF,wFAAwF;AACxF,8DAA8D;AAC9D,MAAM,WAAW,GAAG;IAClB,IAAI,EAAE,CAAC,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,OAAO,EAAE,CAAC,CAAC,EAAE,OAAO,EAAE,CAAC,CAAC;IACtD,IAAI,EAAE,CAAC,CAAC,EAAE,OAAO,EAAE,CAAC,CAAC,EAAE,SAAS,EAAE,IAAI;CAC9B,CAAC;AACX,MAAM,WAAW,GAAG,EAAE,GAAG,WAAW,EAAE,WAAW,EAAE,CAAC,CAAC,EAAE,YAAY,EAAE,CAAC,CAAC,EAAE,CAAC;AAC1E,MAAM,UAAU,GAAG,EAAE,GAAG,WAAW,EAAE,WAAW,EAAE,CAAC,EAAE,YAAY,EAAE,CAAC,EAAE,CAAC;AAEvE;;;;;;;yEAOyE;AACzE,MAAM,UAAU,cAAc,CAAC,IAAe;IAC5C,OAAO;QACL,KAAK,EAAE,IAAI,CAAC,KAAK;QACjB,QAAQ,EAAE,EAAE,IAAI,EAAE,EAAE,EAAE,GAAG,EAAE,EAAE,EAAE;QAC/B,OAAO,EAAE;YACP,GAAG,EAAE,IAAI,CAAC,OAAO,CAAC,GAAG;YACrB,IAAI,EAAE,EAAE;YACR,GAAG,EAAE,EAAE;YACP,WAAW,EAAE,IAAI,CAAC,OAAO,CAAC,WAAW;YACrC,UAAU,EAAE,EAAE;SACf;QACD,GAAG,EAAE,EAAE,GAAG,EAAE,EAAE,EAAE,GAAG,EAAE,EAAE,EAAE;KAC1B,CAAC;AACJ,CAAC;AAED,4FAA4F;AAC5F,MAAM,CAAC,KAAK,UAAU,eAAe,CAAC,KAAa;IACjD,MAAM,GAAG,GAAG,cAAc,EAAE,CAAC;IAC7B,MAAM,GAAG,GAAG,aAAa,EAAE,CAAC;IAC5B,MAAM,IAAI,GAAG,aAAa,EAAE,CAAC,CAAC,yCAAyC;IACvE,MAAM,KAAK,GAAG,aAAa,EAAE,CAAC;IAC9B,MAAM,MAAM,GAAG,KAAK,CAAC,YAAY,EAAE,CAAC;IAEpC,MAAM,WAAW,GAAG,MAAM,cAAc,CAAC,SAAS,KAAK,CAAC,KAAK,CAAC,EAAE,EAAE,GAAG,EAAE,EAAE,cAAc,EAAE,MAAM,EAAE,CAAC,CAAC;IACnG,MAAM,UAAU,GAAG,MAAM,aAAa,CACpC,KAAK,CAAC,KAAK,CAAC,EACZ,GAAG,EACH,EAAE,YAAY,EAAE,CAAC,IAAI,CAAC,YAAY,EAAE,CAAC,EAAE,MAAM,EAAE,WAAW,EAAE,EAC5D,EAAE,MAAM,EAAE,GAAG,EAAE,CAChB,CAAC;IACF,MAAM,MAAM,GAAG,MAAM,aAAa,CAAC,KAAK,EAAE,KAAK,EAAE,EAAE,MAAM,EAAE,UAAU,EAAE,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,CAAC;IAE1F,MAAM,GAAG,GAAG,CAAC,CAAa,EAAE,EAAE,CAAC,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;IAC3D,OAAO;QACL,KAAK;QACL,QAAQ,EAAE,EAAE,IAAI,EAAE,GAAG,CAAC,GAAG,CAAC,OAAO,EAAE,CAAC,EAAE,GAAG,EAAE,WAAW,EAAE;QACxD,OAAO,EAAE;YACP,GAAG,EAAE,GAAG,CAAC,YAAY,EAAE;YACvB,IAAI,EAAE,GAAG,CAAC,GAAG,CAAC,OAAO,EAAE,CAAC;YACxB,GAAG,EAAE,UAAU;YACf,WAAW,EAAE,GAAG,CAAC,IAAI,CAAC,OAAO,EAAE,CAAC;YAChC,UAAU,EAAE,IAAI,CAAC,YAAY,EAAE;SAChC;QACD,GAAG,EAAE,EAAE,GAAG,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,EAAE;KAClC,CAAC;AACJ,CAAC;AAiED;;;;;kGAKkG;AAClG,MAAM,CAAC,KAAK,UAAU,cAAc,CAClC,WAA+B,EAC/B,IAAe,EACf,QAAkB,EAClB,OAAsB,EAAE;IAExB,MAAM,SAAS,GAAG,IAAI,CAAC,SAAS,EAAE,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC;IACxE,MAAM,cAAc,GAAG,IAAI,CAAC,cAAc,EAAE,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC,CAAC,SAAS,CAAC;IACrF,gGAAgG;IAChG,KAAK,MAAM,EAAE,IAAI,CAAC,GAAG,SAAS,EAAE,GAAG,cAAc,CAAC;QAAE,kBAAkB,CAAC,EAAE,CAAC,CAAC;IAC3E,8FAA8F;IAC9F,4FAA4F;IAC5F,iEAAiE;IACjE,KAAK,MAAM,EAAE,IAAI,SAAS;QACxB,IAAI,CAAC,cAAc,CAAC,cAAc,EAAE,EAAE,CAAC;YACrC,MAAM,IAAI,KAAK,CACb,8BAA8B,EAAE,mCAAmC,cAAc,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAChG,CAAC;IACN,MAAM,WAAW,CAAC,gBAAgB,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC;IAChD,MAAM,WAAW,CAAC,iBAAiB,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC;IACjD,sGAAsG;IACtG,mGAAmG;IACnG,uGAAuG;IACvG,iGAAiG;IACjG,iGAAiG;IACjG,+DAA+D;IAC/D,IAAI,IAAI,CAAC,iBAAiB,KAAK,KAAK;QAAE,MAAM,WAAW,CAAC,SAAS,CAAC,QAAQ,CAAC,EAAE,EAAE,cAAc,CAAC,CAAC;IAC/F,IAAI,IAAI,CAAC,IAAI;QAAE,MAAM,WAAW,CAAC,kBAAkB,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAC/D,OAAO,SAAS,CAAC,IAAI,EAAE,QAAQ,EAAE,OAAO,EAAE,EAAE,GAAG,IAAI,EAAE,cAAc,EAAE,CAAC,CAAC;AACzE,CAAC;AAED;;;;;;wDAMwD;AACxD,MAAM,CAAC,KAAK,UAAU,SAAS,CAC7B,IAAe,EACf,QAAkB,EAClB,OAAgB,EAChB,OAAiB,EAAE;IAEnB,MAAM,MAAM,GAAG,QAAQ,CAAC,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC,CAAC;IAC5E,MAAM,KAAK,GAAG,cAAc,CAAC,OAAO,EAAE,IAAI,CAAC,KAAK,EAAE,QAAQ,CAAC,EAAE,EAAE,IAAI,CAAC,CAAC;IACrE,MAAM,OAAO,GAAG,MAAM,UAAU,CAC9B,OAAO,EACP,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC,EACvB,UAAU,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,EAC5B,KAAK,EACL,EAAE,MAAM,EAAE,CACX,CAAC;IACF,MAAM,KAAK,GAAG,QAAQ,CAAC,OAAO,EAAE,QAAQ,CAAC,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IACnF,OAAO,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;AACzC,CAAC;AAED;;;4BAG4B;AAC5B,SAAS,cAAc,CACrB,OAAgB,EAChB,KAAa,EACb,EAAU,EACV,IAAc;IAEd,IAAI,OAAO,KAAK,UAAU;QAAE,OAAO,mBAAmB,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC,CAAC,mCAAmC;IACtG,IAAI,OAAO,KAAK,SAAS;QAAE,OAAO,EAAE,CAAC,CAAC,iCAAiC;IACvE,MAAM,IAAI,GAAG,UAAU,CAAC,KAAK,CAAC,EAAE,EAAE,GAAG,QAAQ,CAAC,KAAK,CAAC,EAAE,IAAI,GAAG,UAAU,CAAC,KAAK,CAAC,CAAC;IAC/E,MAAM,EAAE,GAAG,MAAM,cAAc,CAAC,KAAK,CAAC,EAAE,CAAC;IACzC,MAAM,IAAI,GAAG,MAAM,aAAa,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC,4CAA4C;IACvF,MAAM,KAAK,GAAG,MAAM,cAAc,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC,4DAA4D;IACzG,MAAM,KAAK,GAAG,UAAU,EAAE,IAAI,CAAC;IAE/B,IAAI,OAAO,KAAK,UAAU,IAAI,OAAO,KAAK,OAAO,EAAE,CAAC;QAClD,sFAAsF;QACtF,gFAAgF;QAChF,wFAAwF;QACxF,+EAA+E;QAC/E,yFAAyF;QACzF,yFAAyF;QACzF,4FAA4F;QAC5F,yFAAyF;QACzF,8EAA8E;QAC9E,MAAM,GAAG,GACP,OAAO,KAAK,OAAO;YACjB,CAAC,CAAC,CAAC,GAAG,WAAW,CAAC,KAAK,CAAC,IAAI,EAAE,KAAK,CAAC;YACpC,CAAC,CAAC,CAAC,GAAG,WAAW,CAAC,KAAK,CAAC,SAAS,EAAE,KAAK,CAAC,CAAC;QAC9C,MAAM,KAAK,GAAG;YACZ,cAAc;YACd,uBAAuB,IAAI,EAAE;YAC7B,uBAAuB,EAAE,EAAE;YAC3B,sFAAsF;YACtF,yEAAyE;YACzE,2BAA2B,IAAI,EAAE;YACjC,2BAA2B,IAAI,IAAI;YACnC,yBAAyB,IAAI,IAAI;YACjC,6BAA6B,IAAI,IAAI;YACrC,2BAA2B,IAAI,IAAI;YACnC,WAAW,IAAI,IAAI;YACnB,2BAA2B,EAAE,IAAI,EAAE,+CAA+C;YAClF,yBAAyB,EAAE,IAAI;YAC/B,oFAAoF;YACpF,8FAA8F;YAC9F,uBAAuB,IAAI,EAAE;YAC7B,0BAA0B,IAAI,EAAE;YAChC,2BAA2B,IAAI,IAAI;YACnC,yBAAyB,IAAI,IAAI;YACjC,2BAA2B,IAAI,IAAI,EAAG,6BAA6B;YACnE,UAAU,EAAE,gCAAgC;SAC7C,CAAC;QACF,IAAI,OAAO,KAAK,OAAO,EAAE,CAAC;YACxB,sFAAsF;YACtF,sFAAsF;YACtF,KAAK,CAAC,IAAI,CACR,uBAAuB,EAAE,EAAE,EAC3B,2BAA2B,EAAE,EAAE,EAC/B,2BAA2B,EAAE,IAAI,EACjC,yBAAyB,EAAE,IAAI,EAC/B,6BAA6B,EAAE,IAAI,EACnC,2BAA2B,EAAE,IAAI,EACjC,WAAW,EAAE,IAAI,CAClB,CAAC;QACJ,CAAC;QACD,OAAO,EAAE,GAAG,EAAE,EAAE,KAAK,EAAE,GAAG,EAAE,EAAE,GAAG,EAAE,EAAE,KAAK,EAAE,EAAE,CAAC;IACjD,CAAC;IAED,kBAAkB;IAClB,MAAM,YAAY,GAAG,IAAI,CAAC,YAAY,IAAI,EAAE,CAAC,CAAC,qDAAqD;IACnG,MAAM,cAAc,GAAG,IAAI,CAAC,cAAc,EAAE,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,WAAW;IACnG,mGAAmG;IACnG,sFAAsF;IACtF,KAAK,MAAM,EAAE,IAAI,CAAC,GAAG,cAAc,EAAE,GAAG,YAAY,CAAC;QAAE,kBAAkB,CAAC,EAAE,CAAC,CAAC;IAC9E,MAAM,OAAO,GAAG,IAAI,CAAC,OAAO,IAAI,kBAAkB,CAAC;IACnD,MAAM,SAAS,GAAG,eAAe,CAAC,EAAE,CAAC,EAAE,GAAG,GAAG,SAAS,CAAC,EAAE,CAAC,CAAC;IAC3D,MAAM,GAAG,GAAG,SAAS,CAAC,KAAK,CAAC,EAAE,IAAI,GAAG,UAAU,CAAC,EAAE,CAAC,CAAC,CAAC,0CAA0C;IAC/F,MAAM,IAAI,GAAG,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;IAC5D,MAAM,QAAQ,GAAG;QACf,gGAAgG;QAChG,6EAA6E;QAC7E,GAAG,YAAY,CAAC,GAAG,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,WAAW,CAAC,KAAK,EAAE,EAAE,EAAE,EAAE,CAAC,CAAC;QACvD,cAAc,CAAC,KAAK,EAAE,GAAG,EAAE,EAAE,CAAC,EAAE,0CAA0C;QAC1E,cAAc,CAAC,KAAK,EAAE,GAAG,EAAE,EAAE,CAAC,EAAE,2CAA2C;QAC3E,qBAAqB,CAAC,KAAK,EAAE,oBAAoB,EAAE,EAAE,CAAC,EAAE,oDAAoD;QAC5G,+FAA+F;QAC/F,iGAAiG;QACjG,gGAAgG;QAChG,qBAAqB,CAAC,KAAK,EAAE,gBAAgB,EAAE,EAAE,CAAC;QAClD,yEAAyE;QACzE,cAAc;QACd,4FAA4F;QAC5F,iGAAiG;QACjG,gGAAgG;QAChG,wFAAwF;QACxF,uBAAuB,IAAI,EAAE,EAAE,uBAAuB,EAAE,EAAE,EAAE,uBAAuB,IAAI,EAAE;QACzF,iGAAiG;QACjG,4FAA4F;QAC5F,4FAA4F;QAC5F,0FAA0F;QAC1F,uEAAuE;QACvE,iGAAiG;QACjG,gGAAgG;QAChG,8FAA8F;QAC9F,8FAA8F;QAC9F,wFAAwF;QACxF,6FAA6F;QAC7F,GAAG,cAAc,CAAC,GAAG,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,2BAA2B,IAAI,IAAI,SAAS,IAAI,WAAW,CAAC,KAAK,EAAE,GAAG,EAAE,EAAE,CAAC,EAAE,CAAC;QAC5G,yBAAyB,IAAI,IAAI,SAAS,EAAE;QAC5C,6BAA6B,IAAI,IAAI,SAAS,EAAE;QAChD,2BAA2B,IAAI,IAAI,SAAS,EAAE;QAC9C,qFAAqF;QACrF,yBAAyB,EAAE,IAAI,GAAG,EAAE;QACpC,6BAA6B,EAAE,IAAI,GAAG,EAAE;QACxC,WAAW,EAAE,IAAI,GAAG,IAAI;QACxB,+FAA+F;QAC/F,8FAA8F;QAC9F,gGAAgG;QAChG,0FAA0F;QAC1F,yBAAyB,GAAG,IAAI,IAAI,EAAE;QACtC,6BAA6B,GAAG,IAAI,IAAI,EAAE;QAC1C,WAAW,GAAG,IAAI,IAAI,IAAI;QAC1B,2EAA2E;QAC3E,2BAA2B,EAAE,IAAI;QACjC,yBAAyB,EAAE,IAAI;QAC/B,UAAU;QACV,OAAO,cAAc,CAAC,KAAK,CAAC,IAAI,EAAE,EAAE,EAAE,4CAA4C;QAClF,yFAAyF;QACzF,+FAA+F;QAC/F,0BAA0B,IAAI,EAAE;QAChC,2BAA2B,IAAI,IAAI;QACnC,yBAAyB,IAAI,IAAI;QACjC,mGAAmG;QACnG,oGAAoG;QACpG,uDAAuD;QACvD,uBAAuB,KAAK,EAAE;QAC9B,0BAA0B,KAAK,EAAE;KAClC,CAAC;IACF,IAAI,IAAI,EAAE,CAAC;QACT,yFAAyF;QACzF,oFAAoF;QACpF,wFAAwF;QACxF,QAAQ,CAAC,IAAI,CACX,yBAAyB,IAAI,IAAI,IAAI,EAAE,EACvC,6BAA6B,IAAI,IAAI,IAAI,EAAE,EAC3C,WAAW,IAAI,IAAI,IAAI,IAAI,CAC5B,CAAC;IACJ,CAAC;IACD,IAAI,IAAI,CAAC,YAAY,EAAE,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;QACzC,2FAA2F;QAC3F,sFAAsF;QACtF,sFAAsF;QACtF,0FAA0F;QAC1F,6EAA6E;QAC7E,QAAQ,CAAC,IAAI,CAAC,qBAAqB,CAAC,KAAK,EAAE,OAAO,EAAE,EAAE,CAAC,CAAC,CAAC;IAC3D,CAAC;IACD,qFAAqF;IACrF,mFAAmF;IACnF,sFAAsF;IACtF,iFAAiF;IACjF,MAAM,OAAO,GAAG;QACd,2BAA2B,EAAE,EAAE;QAC/B,2BAA2B,EAAE,IAAI;QACjC,mCAAmC,EAAE,IAAI;QACzC,2BAA2B,IAAI,EAAE;QACjC,2BAA2B,IAAI,IAAI;QACnC,mCAAmC,IAAI,IAAI;QAC3C,iGAAiG;QACjG,8EAA8E;QAC9E,2BAA2B,GAAG,EAAE;QAChC,2BAA2B,GAAG,IAAI;QAClC,mCAAmC,GAAG,IAAI;KAC3C,CAAC;IACF,iGAAiG;IACjG,iGAAiG;IACjG,mGAAmG;IACnG,oGAAoG;IACpG,gGAAgG;IAChG,6GAA6G;IAC7G,MAAM,OAAO,GAAG,cAAc,CAAC,GAAG,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,WAAW,CAAC,KAAK,EAAE,GAAG,EAAE,EAAE,CAAC,CAAC,CAAC;IACxE,+FAA+F;IAC/F,wFAAwF;IACxF,MAAM,eAAe,GAAG,GAAG,qBAAqB,CAAC,KAAK,EAAE,gBAAgB,EAAE,EAAE,CAAC,IAAI,CAAC;IAClF,OAAO,EAAE,GAAG,EAAE,EAAE,KAAK,EAAE,QAAQ,EAAE,IAAI,EAAE,OAAO,EAAE,EAAE,GAAG,EAAE,EAAE,KAAK,EAAE,CAAC,KAAK,EAAE,eAAe,EAAE,GAAG,OAAO,CAAC,EAAE,EAAE,CAAC;AAC3G,CAAC;AAED;;;;;;;;6CAQ6C;AAC7C,SAAS,mBAAmB,CAAC,KAAa,EAAE,EAAU;IACpD,MAAM,CAAC,GAAG,WAAW,CAAC,KAAK,CAAC,CAAC;IAC7B,MAAM,IAAI,GAAG,UAAU,CAAC,KAAK,CAAC,EAAE,KAAK,GAAG,WAAW,CAAC,KAAK,CAAC,EAAE,GAAG,GAAG,SAAS,CAAC,KAAK,CAAC,CAAC;IACnF,MAAM,GAAG,GAAG,MAAM,cAAc,CAAC,KAAK,CAAC,EAAE,EAAE,IAAI,GAAG,MAAM,aAAa,CAAC,KAAK,CAAC,EAAE,CAAC;IAC/E,MAAM,GAAG,GAAG,MAAM,aAAa,CAAC,KAAK,CAAC,EAAE,EAAE,GAAG,GAAG,MAAM,SAAS,CAAC,KAAK,CAAC,EAAE,EAAE,GAAG,GAAG,MAAM,cAAc,CAAC,KAAK,CAAC,EAAE,CAAC;IAC9G,MAAM,MAAM,GAAG,CAAC,MAAc,EAAE,EAAE,CAAC;QACjC,uBAAuB,MAAM,EAAE;QAC/B,0BAA0B,MAAM,EAAE,EAAE,SAAS;QAC7C,2BAA2B,MAAM,IAAI,EAAE,4BAA4B;QACnE,yBAAyB,MAAM,IAAI;QACnC,2BAA2B,MAAM,IAAI;KACtC,CAAC;IACF,MAAM,GAAG,GAAG;QACV,cAAc;QACd,uBAAuB,IAAI,EAAE,EAAE,uBAAuB,KAAK,EAAE,EAAE,uBAAuB,GAAG,EAAE;QAC3F,oGAAoG;QACpG,2FAA2F;QAC3F,8FAA8F;QAC9F,0CAA0C;QAC1C,2BAA2B,IAAI,IAAI;QACnC,mCAAmC,IAAI,IAAI;QAC3C,yBAAyB,IAAI,IAAI;QACjC,6BAA6B,IAAI,IAAI;QACrC,2BAA2B,IAAI,IAAI;QACnC,WAAW,IAAI,IAAI;QACnB,oGAAoG;QACpG,wEAAwE;QACxE,2BAA2B,KAAK,IAAI,oBAAoB,IAAI;QAC5D,mCAAmC,KAAK,IAAI,oBAAoB,EAAE;QAClE,yBAAyB,KAAK,IAAI,oBAAoB,EAAE;QACxD,6BAA6B,KAAK,IAAI,oBAAoB,EAAE;QAC5D,2BAA2B,KAAK,IAAI,oBAAoB,EAAE;QAC1D,WAAW,KAAK,IAAI,oBAAoB,IAAI;QAC5C,UAAU,EAAE,gCAAgC;QAC5C,oGAAoG;QACpG,GAAG,MAAM,CAAC,GAAG,CAAC,EAAE,GAAG,MAAM,CAAC,IAAI,CAAC,EAAE,GAAG,MAAM,CAAC,GAAG,CAAC,EAAE,GAAG,MAAM,CAAC,GAAG,CAAC;QAC/D,oGAAoG;QACpG,OAAO,aAAa,CAAC,KAAK,CAAC,IAAI;QAC/B,oFAAoF;QACpF,uBAAuB,GAAG,EAAE,EAAE,0BAA0B,GAAG,EAAE;QAC7D,OAAO,cAAc,CAAC,KAAK,CAAC,UAAU;QACtC,wFAAwF;QACxF,GAAG,CAAC,WAAW,EAAE,GAAG,CAAC,QAAQ;QAC7B,4FAA4F;QAC5F,4FAA4F;QAC5F,kGAAkG;QAClG,iEAAiE;QACjE,GAAG,CAAC,yBAAyB;KAC9B,CAAC;IACF,MAAM,GAAG,GAAG;QACV,UAAU,EAAE,IAAI;QAChB,GAAG,CAAC,iBAAiB,EAAE,6EAA6E;KACrG,CAAC;IACF,OAAO,EAAE,GAAG,EAAE,EAAE,KAAK,EAAE,GAAG,EAAE,EAAE,GAAG,EAAE,EAAE,KAAK,EAAE,GAAG,EAAE,EAAE,CAAC;AACtD,CAAC;AAED;kDACkD;AAClD,MAAM,UAAU,YAAY,CAAC,IAAe,EAAE,IAAwD;IACpG,MAAM,IAAI,GAAG,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC;IAC/B,MAAM,IAAI,GAAG,IAAI,CAAC,IAAI,IAAI,WAAW,CAAC;IACtC,4FAA4F;IAC5F,8FAA8F;IAC9F,+FAA+F;IAC/F,+FAA+F;IAC/F,gGAAgG;IAChG,iGAAiG;IACjG,kGAAkG;IAClG,OAAO;QACD,IAAI;QACJ,IAAI;;yBAEa,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,QAAQ,CAAC;YAC1C,IAAI,CAAC,QAAQ,CAAC,GAAG;kBACX,IAAI,CAAC,GAAG,CAAC,GAAG;;;IAG1B,IAAI,CAAC,OAAO,CAAC,GAAG,KAAK,IAAI,CAAC,OAAO,CAAC,GAAG;IACrC,IAAI,CAAC,GAAG,CAAC,GAAG,KAAK,IAAI,CAAC,GAAG,CAAC,GAAG;;CAEhC,CAAC;AACF,CAAC;AAED,kFAAkF;AAElF,MAAM,SAAS,GAAG,WAAW,CAAC;AAE9B,MAAM,UAAU,OAAO,CAAC,IAAY;IAClC,OAAO,IAAI,CAAC,IAAI,EAAE,QAAQ,EAAE,MAAM,CAAC,CAAC;AACtC,CAAC;AAED;;iGAEiG;AACjG,MAAM,UAAU,aAAa,CAAC,QAAgB,OAAO,CAAC,GAAG,EAAE;IACzD,IAAI,GAAG,GAAG,OAAO,CAAC,KAAK,CAAC,CAAC;IACzB,SAAS,CAAC;QACR,IAAI,UAAU,CAAC,IAAI,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAC;YAAE,OAAO,GAAG,CAAC;QAChD,MAAM,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,CAAC;QAC5B,IAAI,MAAM,KAAK,GAAG;YAAE,OAAO,OAAO,CAAC,KAAK,CAAC,CAAC;QAC1C,GAAG,GAAG,MAAM,CAAC;IACf,CAAC;AACH,CAAC;AAED,6FAA6F;AAC7F,MAAM,UAAU,aAAa,CAAC,GAAW,EAAE,IAAe;IACxD,SAAS,CAAC,GAAG,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IACpC,aAAa,CAAC,IAAI,CAAC,GAAG,EAAE,SAAS,CAAC,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;AACtF,CAAC;AAED,iFAAiF;AACjF,MAAM,UAAU,aAAa,CAAC,GAAW;IACvC,MAAM,CAAC,GAAG,IAAI,CAAC,GAAG,EAAE,SAAS,CAAC,CAAC;IAC/B,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC;QAAE,OAAO,SAAS,CAAC;IACrC,OAAO,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC,EAAE,MAAM,CAAC,CAAc,CAAC;AAC1D,CAAC"}