@cotal-ai/core 0.5.0 → 0.7.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (47) hide show
  1. package/dist/acls.d.ts +45 -0
  2. package/dist/acls.d.ts.map +1 -0
  3. package/dist/acls.js +86 -0
  4. package/dist/acls.js.map +1 -0
  5. package/dist/command.d.ts +3 -0
  6. package/dist/command.d.ts.map +1 -1
  7. package/dist/connector.d.ts +10 -0
  8. package/dist/connector.d.ts.map +1 -1
  9. package/dist/endpoint.d.ts +197 -54
  10. package/dist/endpoint.d.ts.map +1 -1
  11. package/dist/endpoint.js +443 -100
  12. package/dist/endpoint.js.map +1 -1
  13. package/dist/index.d.ts +5 -0
  14. package/dist/index.d.ts.map +1 -1
  15. package/dist/index.js +5 -0
  16. package/dist/index.js.map +1 -1
  17. package/dist/lease.d.ts +40 -0
  18. package/dist/lease.d.ts.map +1 -0
  19. package/dist/lease.js +64 -0
  20. package/dist/lease.js.map +1 -0
  21. package/dist/membership-feed.d.ts +30 -0
  22. package/dist/membership-feed.d.ts.map +1 -0
  23. package/dist/membership-feed.js +315 -0
  24. package/dist/membership-feed.js.map +1 -0
  25. package/dist/mesh-registry.d.ts +45 -0
  26. package/dist/mesh-registry.d.ts.map +1 -0
  27. package/dist/mesh-registry.js +78 -0
  28. package/dist/mesh-registry.js.map +1 -0
  29. package/dist/mesh-target.d.ts +42 -0
  30. package/dist/mesh-target.d.ts.map +1 -0
  31. package/dist/mesh-target.js +95 -0
  32. package/dist/mesh-target.js.map +1 -0
  33. package/dist/provision.d.ts +45 -21
  34. package/dist/provision.d.ts.map +1 -1
  35. package/dist/provision.js +177 -15
  36. package/dist/provision.js.map +1 -1
  37. package/dist/streams.d.ts +16 -0
  38. package/dist/streams.d.ts.map +1 -1
  39. package/dist/streams.js +29 -5
  40. package/dist/streams.js.map +1 -1
  41. package/dist/subjects.d.ts +89 -2
  42. package/dist/subjects.d.ts.map +1 -1
  43. package/dist/subjects.js +132 -3
  44. package/dist/subjects.js.map +1 -1
  45. package/dist/types.d.ts +52 -0
  46. package/dist/types.d.ts.map +1 -1
  47. package/package.json +1 -1
package/dist/provision.d.ts CHANGED
@@ -3,9 +3,11 @@ import type { Identity } from "./identity.js";
3
3
  * scope each one — at which point the manager MUST already hold its own privileged
4
4
  * profile (broad: pre-create others' DM durables, serve ctl), not "agent", or it
5
5
  * silently loses those powers the moment "agent" is tightened. */
6
- export type Profile = "agent" | "observer" | "admin" | "manager";
6
+ export type Profile = "agent" | "observer" | "admin" | "manager" | "delivery" | "membership-rw";
7
7
  /** A space's persisted trust material. The `signingSeed` is the sensitive provisioner
8
- * secret; everything else is public (JWTs) or recoverable. */
8
+ * secret; everything else is public (JWTs) or recoverable. The system-account `signingSeed` is the ONE
9
+ * field {@link saveSpaceAuth} never writes to disk — it lives only in memory, just long enough at `cotal
10
+ * up` to mint the scoped membership-observer cred (see {@link mintMembershipObserverCreds}). */
9
11
  export interface SpaceAuth {
10
12
  space: string;
11
13
  operator: {
@@ -19,9 +21,12 @@ export interface SpaceAuth {
19
21
  signingSeed: string;
20
22
  signingPub: string;
21
23
  };
24
+ /** `signingSeed` is in-memory only (a fresh {@link createSpaceAuth}); NEVER persisted — minting a
25
+ * system-account user is broker-admin capability, so no standing `$SYS` seed is left on disk. */
22
26
  sys: {
23
27
  pub: string;
24
28
  jwt: string;
29
+ signingSeed?: string;
25
30
  };
26
31
  }
27
32
  /** Reduce a {@link SpaceAuth} to just the material a *minting* host needs: `space`,
@@ -57,40 +62,50 @@ export interface MintOpts {
57
62
  * publish to the privileged control subject (start/purge/definePersona/named stop).
58
63
  * Default-deny when absent — nats-server rejects the publish, no handler involved. */
59
64
  capabilities?: string[];
65
+ /** Delivery-daemon shard seam (`delivery` profile only). N=1 is the only operating mode; these do
66
+ * not change permissions in this build (the daemon owns the whole space at N=1). Present so the
67
+ * N>1 follow-up is a small diff. Default `{0,1}`. */
68
+ shard?: number;
69
+ shards?: number;
60
70
  }
61
71
  /** Options for {@link provisionAgent} — {@link MintOpts} plus the active read set. */
62
72
  export interface ProvisionOpts extends MintOpts {
63
73
  /** The active read set: the channels the agent subscribes to (live core-sub) at boot, and whose
64
- * `durable`-class members get a boot Plane-3 membership. Must be `allowSubscribe`. Defaults to
65
- * `["general"]`. */
74
+ * `durable`-class ones the agent self-joins for a Plane-3 backstop at connect (via the delivery
75
+ * daemon). Must be ⊆ `allowSubscribe`. Defaults to `["general"]`. */
66
76
  subscribe?: string[];
67
- /** Write a DURABLE boot membership for each `durable`-class channel (default true). A durable backstop
68
- * needs a long-lived manager that hosts Plane-3 AND knows this agent's ACL true only for an agent
69
- * launched UNDER a manager (`cotal start` / `cotal up`), which registers it in its `agents` ledger.
70
- * Set FALSE for a launcher with no such manager direct foreground `cotal spawn` so the agent is
71
- * LIVE-ONLY (no manager would know it, so its durable copies couldn't be authorized by the trusted
72
- * reader nor its membership leaved via self-service; its runtime joins are live-only for that reason
73
- * too). Writing a record nobody can deliver/leave is worse than none. */
77
+ /** Record this agent's read ACL so it can participate in durable delivery (default true). A durable
78
+ * backstop needs the agent's read ACL in the registrythe server-side delivery daemon re-authorizes
79
+ * every durable entry against it written here at provision. Set FALSE for a LIVE-ONLY launcher
80
+ * (e.g. a direct foreground `cotal spawn` with no durable intent): no ACL row is written, so the daemon
81
+ * refuses to authorize a durable backstop and the agent stays live-only. Boot durable MEMBERSHIP itself
82
+ * is not written here the agent self-joins its durable channels via the daemon's `ctl.delivery` op at
83
+ * connect. */
74
84
  durableMembership?: boolean;
75
85
  }
76
- /** The privileged onboarding ops a launcher needs — implemented by a connected, permissive
77
- * endpoint (the manager, or a short-lived provisioner that `cotal spawn` opens). */
86
+ /** The privileged onboarding ops a launcher needs at spawn — implemented by a connected, permissive
87
+ * endpoint (the manager at `cotal start`/`cotal up`, or a short-lived provisioner that `cotal spawn`
88
+ * opens). It pre-creates the agent's own mailboxes and records its read ACL; it does NOT host Plane-3
89
+ * delivery (that is the server-side delivery daemon). */
78
90
  export interface DurableProvisioner {
79
91
  provisionDmInbox(id: string): Promise<void>;
80
92
  /** Pre-create the agent's bind-only Plane-3 DELIVER durable (`dlv_<id>`, filtered to `dlv.<id>`) so
81
93
  * it can BIND its per-member durable handoff without holding CONSUMER.CREATE on the DLV stream. */
82
94
  provisionDlvInbox(id: string): Promise<void>;
83
- /** Write the agent's BOOT durable membership: each `durable`-class boot channel gets a Plane-3
84
- * durable-active record so it receives the durable backstop from boot. Replaces the legacy
85
- * bind-only chat live-tail pre-create live delivery is now the agent's own core subscription. */
86
- provisionMembership(id: string, channels: string[]): Promise<void>;
95
+ /** Record the agent's read ACL (`allowSubscribe`) in the durable ACL registry the same act as
96
+ * baking it into the JWT, persisted so the **server-side delivery daemon** can re-authorize the
97
+ * agent's durable entries and validate its runtime durable-joins (it holds no in-memory ledger).
98
+ * Replaces the old manager-written boot membership: boot durable membership is now the agent
99
+ * SELF-JOINING its durable channels via the daemon's `ctl.delivery` op at connect. */
100
+ commitAcl(id: string, allowSubscribe: string[]): Promise<void>;
87
101
  provisionTaskQueue(role: string): Promise<void>;
88
102
  }
89
103
  /** Onboard an agent for launch (auth mode): pre-create its bind-only DM (+ Plane-3 DELIVER + role
90
- * TASK) durables, write its boot durable membership (Plane-3, unless `durableMembership:false`), and
104
+ * TASK) durables, RECORD its read ACL in the durable registry (unless `durableMembership:false`), and
91
105
  * mint its scoped creds. Live delivery is the agent's own core subscription — there is no per-instance
92
- * chat durable. The single shared onboarding step; a launcher with no managing Plane-3 host (direct
93
- * `cotal spawn`) opts out of the durable membership and is live-only. */
106
+ * chat durable. Boot durable MEMBERSHIP is not written here: the agent self-joins its durable channels
107
+ * via the server-side delivery daemon's `ctl.delivery` op at connect. A live-only launcher
108
+ * (`durableMembership:false`, e.g. direct `cotal spawn`) gets no ACL row and stays live-only. */
94
109
  export declare function provisionAgent(provisioner: DurableProvisioner, auth: SpaceAuth, identity: Identity, opts?: ProvisionOpts): Promise<string>;
95
110
  /** Mint a user creds file for an agent {@link Identity} (its stable id+seed from
96
111
  * {@link newIdentity}). The account signing key signs over ONLY the public key
@@ -100,6 +115,13 @@ export declare function provisionAgent(provisioner: DurableProvisioner, auth: Sp
100
115
  * `allowSubscribe` (live tail bind-only + per-channel history grants); "manager" and "observer"
101
116
  * stay permissive here and are scoped in steps 6–7. */
102
117
  export declare function mintCreds(auth: SpaceAuth, identity: Identity, profile: Profile, opts?: MintOpts): Promise<string>;
118
+ /** Mint the scoped `membership-observer` creds — a SYSTEM-account user (conn A of the graph feed),
119
+ * signed with the in-memory `auth.sys.signingSeed` from a fresh {@link createSpaceAuth}. THROWS if that
120
+ * seed is absent (a re-`up` of an already-provisioned space, whose `$SYS` seed was discarded at its
121
+ * original `up`): the observer can only be minted at the (re-)provision that creates the account — a
122
+ * documented migration property, not a silent no-op. The CONNZ/event subjects pin the DATA account id
123
+ * (`auth.account.pub`). Mirrors {@link mintCreds} but issues into the system account. */
124
+ export declare function mintMembershipObserverCreds(auth: SpaceAuth, identity: Identity): Promise<string>;
103
125
  /** Render the `nats-server` config that trusts this space's operator and serves its
104
126
  * accounts via the in-config MEMORY resolver. */
105
127
  export declare function serverConfig(auth: SpaceAuth, opts: {
@@ -112,7 +134,9 @@ export declare function authDir(root: string): string;
112
134
  * directory that *contains* `.cotal/`. Falls back to `start` when none is found up the tree (a
113
135
  * fresh setup creates `.cotal/` there). Lets `cotal` run from any subdirectory of a project. */
114
136
  export declare function findCotalRoot(start?: string): string;
115
- /** Persist the space trust material. The file holds the signing seed — treat as a secret. */
137
+ /** Persist the space trust material. The file holds the data-account signing seed — treat as a secret.
138
+ * The system-account `sys.signingSeed` is STRIPPED before writing: it is broker-admin minting capability,
139
+ * so it never lands on disk (it lives only in the in-memory {@link createSpaceAuth} result). */
116
140
  export declare function saveSpaceAuth(dir: string, auth: SpaceAuth): void;
117
141
  /** Load the space trust material, or undefined if auth was never set up here. */
118
142
  export declare function loadSpaceAuth(dir: string): SpaceAuth | undefined;
package/dist/provision.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"provision.d.ts","sourceRoot":"","sources":["../src/provision.ts"],"names":[],"mappings":"AA+CA,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,eAAe,CAAC;AAE9C;;;mEAGmE;AACnE,MAAM,MAAM,OAAO,GAAG,OAAO,GAAG,UAAU,GAAG,OAAO,GAAG,SAAS,CAAC;AAEjE;+DAC+D;AAC/D,MAAM,WAAW,SAAS;IACxB,KAAK,EAAE,MAAM,CAAC;IACd,QAAQ,EAAE;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,GAAG,EAAE,MAAM,CAAA;KAAE,CAAC;IACxC,OAAO,EAAE;QAAE,GAAG,EAAE,MAAM,CAAC;QAAC,IAAI,EAAE,MAAM,CAAC;QAAC,GAAG,EAAE,MAAM,CAAC;QAAC,WAAW,EAAE,MAAM,CAAC;QAAC,UAAU,EAAE,MAAM,CAAA;KAAE,CAAC;IAC7F,GAAG,EAAE;QAAE,GAAG,EAAE,MAAM,CAAC;QAAC,GAAG,EAAE,MAAM,CAAA;KAAE,CAAC;CACnC;AAYD;;;;;;;yEAOyE;AACzE,wBAAgB,cAAc,CAAC,IAAI,EAAE,SAAS,GAAG,SAAS,CAazD;AAED,4FAA4F;AAC5F,wBAAsB,eAAe,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,SAAS,CAAC,CA6BvE;AAED,mDAAmD;AACnD,MAAM,WAAW,QAAQ;IACvB;;;;;sGAKkG;IAClG,cAAc,CAAC,EAAE,MAAM,EAAE,CAAC;IAC1B;;sFAEkF;IAClF,YAAY,CAAC,EAAE,MAAM,EAAE,CAAC;IACxB,uEAAuE;IACvE,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,sEAAsE;IACtE,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB;;;2FAGuF;IACvF,YAAY,CAAC,EAAE,MAAM,EAAE,CAAC;CACzB;AAED,sFAAsF;AACtF,MAAM,WAAW,aAAc,SAAQ,QAAQ;IAC7C;;yBAEqB;IACrB,SAAS,CAAC,EAAE,MAAM,EAAE,CAAC;IACrB;;;;;;8EAM0E;IAC1E,iBAAiB,CAAC,EAAE,OAAO,CAAC;CAC7B;AAED;qFACqF;AACrF,MAAM,WAAW,kBAAkB;IACjC,gBAAgB,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAC5C;wGACoG;IACpG,iBAAiB,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAC7C;;wGAEoG;IACpG,mBAAmB,CAAC,EAAE,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IACnE,kBAAkB,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;CACjD;AAED;;;;0EAI0E;AAC1E,wBAAsB,cAAc,CAClC,WAAW,EAAE,kBAAkB,EAC/B,IAAI,EAAE,SAAS,EACf,QAAQ,EAAE,QAAQ,EAClB,IAAI,GAAE,aAAkB,GACvB,OAAO,CAAC,MAAM,CAAC,CAsBjB;AAED;;;;;;wDAMwD;AACxD,wBAAsB,SAAS,CAC7B,IAAI,EAAE,SAAS,EACf,QAAQ,EAAE,QAAQ,EAClB,OAAO,EAAE,OAAO,EAChB,IAAI,GAAE,QAAa,GAClB,OAAO,CAAC,MAAM,CAAC,CAYjB;AAiLD;kDACkD;AAClD,wBAAgB,YAAY,CAAC,IAAI,EAAE,SAAS,EAAE,IAAI,EAAE;IAAE,IAAI,CAAC,EAAE,MAAM,CAAC;IAAC,IAAI,CAAC,EAAE,MAAM,CAAC;IAAC,QAAQ,EAAE,MAAM,CAAA;CAAE,GAAG,MAAM,CAuB9G;AAMD,wBAAgB,OAAO,CAAC,IAAI,EAAE,MAAM,GAAG,MAAM,CAE5C;AAED;;iGAEiG;AACjG,wBAAgB,aAAa,CAAC,KAAK,GAAE,MAAsB,GAAG,MAAM,CAQnE;AAED,6FAA6F;AAC7F,wBAAgB,aAAa,CAAC,GAAG,EAAE,MAAM,EAAE,IAAI,EAAE,SAAS,GAAG,IAAI,CAGhE;AAED,iFAAiF;AACjF,wBAAgB,aAAa,CAAC,GAAG,EAAE,MAAM,GAAG,SAAS,GAAG,SAAS,CAIhE"}
1
+ {"version":3,"file":"provision.d.ts","sourceRoot":"","sources":["../src/provision.ts"],"names":[],"mappings":"AA2DA,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,eAAe,CAAC;AAE9C;;;mEAGmE;AACnE,MAAM,MAAM,OAAO,GAAG,OAAO,GAAG,UAAU,GAAG,OAAO,GAAG,SAAS,GAAG,UAAU,GAAG,eAAe,CAAC;AAEhG;;;iGAGiG;AACjG,MAAM,WAAW,SAAS;IACxB,KAAK,EAAE,MAAM,CAAC;IACd,QAAQ,EAAE;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,GAAG,EAAE,MAAM,CAAA;KAAE,CAAC;IACxC,OAAO,EAAE;QAAE,GAAG,EAAE,MAAM,CAAC;QAAC,IAAI,EAAE,MAAM,CAAC;QAAC,GAAG,EAAE,MAAM,CAAC;QAAC,WAAW,EAAE,MAAM,CAAC;QAAC,UAAU,EAAE,MAAM,CAAA;KAAE,CAAC;IAC7F;sGACkG;IAClG,GAAG,EAAE;QAAE,GAAG,EAAE,MAAM,CAAC;QAAC,GAAG,EAAE,MAAM,CAAC;QAAC,WAAW,CAAC,EAAE,MAAM,CAAA;KAAE,CAAC;CACzD;AAYD;;;;;;;yEAOyE;AACzE,wBAAgB,cAAc,CAAC,IAAI,EAAE,SAAS,GAAG,SAAS,CAazD;AAED,4FAA4F;AAC5F,wBAAsB,eAAe,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,SAAS,CAAC,CA+BvE;AAED,mDAAmD;AACnD,MAAM,WAAW,QAAQ;IACvB;;;;;sGAKkG;IAClG,cAAc,CAAC,EAAE,MAAM,EAAE,CAAC;IAC1B;;sFAEkF;IAClF,YAAY,CAAC,EAAE,MAAM,EAAE,CAAC;IACxB,uEAAuE;IACvE,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,sEAAsE;IACtE,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB;;;2FAGuF;IACvF,YAAY,CAAC,EAAE,MAAM,EAAE,CAAC;IACxB;;0DAEsD;IACtD,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAED,sFAAsF;AACtF,MAAM,WAAW,aAAc,SAAQ,QAAQ;IAC7C;;0EAEsE;IACtE,SAAS,CAAC,EAAE,MAAM,EAAE,CAAC;IACrB;;;;;;mBAMe;IACf,iBAAiB,CAAC,EAAE,OAAO,CAAC;CAC7B;AAED;;;0DAG0D;AAC1D,MAAM,WAAW,kBAAkB;IACjC,gBAAgB,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAC5C;wGACoG;IACpG,iBAAiB,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAC7C;;;;2FAIuF;IACvF,SAAS,CAAC,EAAE,EAAE,MAAM,EAAE,cAAc,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAC/D,kBAAkB,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;CACjD;AAED;;;;;kGAKkG;AAClG,wBAAsB,cAAc,CAClC,WAAW,EAAE,kBAAkB,EAC/B,IAAI,EAAE,SAAS,EACf,QAAQ,EAAE,QAAQ,EAClB,IAAI,GAAE,aAAkB,GACvB,OAAO,CAAC,MAAM,CAAC,CAwBjB;AAED;;;;;;wDAMwD;AACxD,wBAAsB,SAAS,CAC7B,IAAI,EAAE,SAAS,EACf,QAAQ,EAAE,QAAQ,EAClB,OAAO,EAAE,OAAO,EAChB,IAAI,GAAE,QAAa,GAClB,OAAO,CAAC,MAAM,CAAC,CAYjB;AA6TD;;;;;0FAK0F;AAC1F,wBAAsB,2BAA2B,CAAC,IAAI,EAAE,SAAS,EAAE,QAAQ,EAAE,QAAQ,GAAG,OAAO,CAAC,MAAM,CAAC,CAgBtG;AAED;kDACkD;AAClD,wBAAgB,YAAY,CAAC,IAAI,EAAE,SAAS,EAAE,IAAI,EAAE;IAAE,IAAI,CAAC,EAAE,MAAM,CAAC;IAAC,IAAI,CAAC,EAAE,MAAM,CAAC;IAAC,QAAQ,EAAE,MAAM,CAAA;CAAE,GAAG,MAAM,CAuB9G;AAMD,wBAAgB,OAAO,CAAC,IAAI,EAAE,MAAM,GAAG,MAAM,CAE5C;AAED;;iGAEiG;AACjG,wBAAgB,aAAa,CAAC,KAAK,GAAE,MAAsB,GAAG,MAAM,CAQnE;AAED;;iGAEiG;AACjG,wBAAgB,aAAa,CAAC,GAAG,EAAE,MAAM,EAAE,IAAI,EAAE,SAAS,GAAG,IAAI,CAIhE;AAED,iFAAiF;AACjF,wBAAgB,aAAa,CAAC,GAAG,EAAE,MAAM,GAAG,SAAS,GAAG,SAAS,CAIhE"}
package/dist/provision.js CHANGED
@@ -18,7 +18,7 @@ import { readFileSync, writeFileSync, mkdirSync, existsSync } from "node:fs";
18
18
  import { join, dirname, resolve } from "node:path";
19
19
  import { encodeOperator, encodeAccount, encodeUser, fmtCreds, } from "@nats-io/jwt";
20
20
  import { createOperator, createAccount, fromPublic, fromSeed } from "@nats-io/nkeys";
21
- import { token, spacePrefix, chatSubject, assertValidChannel, channelInAllow, unicastSubject, anycastSubject, controlServiceSubject, CONTROL_PRIVILEGED, CONTROL_SELF_SERVICE, chatStream, dmStream, taskStream, dlvStream, chatHistDurable, dmDurable, taskDurable, dlvDurable, presenceBucket, channelBucket, } from "./subjects.js";
21
+ import { token, spacePrefix, chatSubject, assertValidChannel, channelInAllow, unicastSubject, anycastSubject, controlServiceSubject, CONTROL_PRIVILEGED, CONTROL_SELF_SERVICE, CONTROL_DELIVERY, chatStream, dmStream, taskStream, dlvStream, inboxStream, chatHistDurable, dmDurable, taskDurable, dlvDurable, presenceBucket, channelBucket, membersBucket, aclBucket, membershipBucket, deliveryBucket, connzRequestSubject, accountConnectSubject, accountDisconnectSubject, MEMBERSHIP_INBOX_PREFIX, FANOUT_DURABLE, INBOX_READER_DURABLE, } from "./subjects.js";
22
22
  // Unlimited account limits — without explicit limits a JWT account defaults to 0 conns
23
23
  // (every connect denied). JetStream needs storage on the data account but MUST stay off
24
24
  // the system account (the server refuses to start otherwise).
@@ -71,14 +71,17 @@ export async function createSpaceAuth(space) {
71
71
  signingSeed: dec(askp.getSeed()),
72
72
  signingPub: askp.getPublicKey(),
73
73
  },
74
- sys: { pub: sysPub, jwt: sysJwt },
74
+ // `signingSeed` carried in-memory ONLY (stripped by saveSpaceAuth) — the single window in which the
75
+ // scoped membership-observer system-account user can be minted (see mintMembershipObserverCreds).
76
+ sys: { pub: sysPub, jwt: sysJwt, signingSeed: dec(syskp.getSeed()) },
75
77
  };
76
78
  }
77
79
  /** Onboard an agent for launch (auth mode): pre-create its bind-only DM (+ Plane-3 DELIVER + role
78
- * TASK) durables, write its boot durable membership (Plane-3, unless `durableMembership:false`), and
80
+ * TASK) durables, RECORD its read ACL in the durable registry (unless `durableMembership:false`), and
79
81
  * mint its scoped creds. Live delivery is the agent's own core subscription — there is no per-instance
80
- * chat durable. The single shared onboarding step; a launcher with no managing Plane-3 host (direct
81
- * `cotal spawn`) opts out of the durable membership and is live-only. */
82
+ * chat durable. Boot durable MEMBERSHIP is not written here: the agent self-joins its durable channels
83
+ * via the server-side delivery daemon's `ctl.delivery` op at connect. A live-only launcher
84
+ * (`durableMembership:false`, e.g. direct `cotal spawn`) gets no ACL row and stays live-only. */
82
85
  export async function provisionAgent(provisioner, auth, identity, opts = {}) {
83
86
  const subscribe = opts.subscribe?.length ? opts.subscribe : ["general"];
84
87
  const allowSubscribe = opts.allowSubscribe?.length ? opts.allowSubscribe : subscribe;
@@ -93,12 +96,14 @@ export async function provisionAgent(provisioner, auth, identity, opts = {}) {
93
96
  throw new Error(`provisionAgent: subscribe "${ch}" is not within allowSubscribe [${allowSubscribe.join(", ")}]`);
94
97
  await provisioner.provisionDmInbox(identity.id);
95
98
  await provisioner.provisionDlvInbox(identity.id);
96
- // DELIVER durable exists before membership the trusted reader transfers boot backstop copies onto it.
97
- // Durable boot membership only for a launcher backed by a managing Plane-3 host (default). A live-only
98
- // launcher (direct `cotal spawn`) opts out: no manager would know this agent, so a durable record could
99
- // be neither authorized for reader delivery nor leaved via self-service — worse than none.
99
+ // Record the agent's read ACL in the durable registry (the same act as baking it into the JWT) so the
100
+ // server-side delivery daemon can re-authorize this agent's durable entries + validate its runtime
101
+ // durable-joins it holds no in-memory ledger. The agent SELF-JOINS its durable boot channels via the
102
+ // daemon at connect (no manager-written boot membership). `durableMembership:false` (a live-only
103
+ // launcher, e.g. direct `cotal spawn` with no daemon) opts out of the ACL row → the daemon never
104
+ // authorizes a durable backstop for it, so it stays live-only.
100
105
  if (opts.durableMembership !== false)
101
- await provisioner.provisionMembership(identity.id, subscribe);
106
+ await provisioner.commitAcl(identity.id, allowSubscribe);
102
107
  if (opts.role)
103
108
  await provisioner.provisionTaskQueue(opts.role);
104
109
  return mintCreds(auth, identity, "agent", { ...opts, allowSubscribe });
@@ -122,11 +127,17 @@ export async function mintCreds(auth, identity, profile, opts = {}) {
122
127
  * host). Subject/stream/durable names come from the shared builders so the ACLs can't drift
123
128
  * from the wire layout. */
124
129
  function permissionsFor(profile, space, id, opts) {
130
+ if (profile === "delivery")
131
+ return deliveryPermissions(space, id); // scoped server-side Plane-3 infra
132
+ if (profile === "membership-rw")
133
+ return membershipRwPermissions(space, id); // scoped graph-feed reader/writer
125
134
  if (profile === "manager")
126
135
  return {}; // privileged: allow-all defaults
127
136
  const CHAT = chatStream(space), DM = dmStream(space), TASK = taskStream(space);
128
137
  const KV = `KV_${presenceBucket(space)}`;
129
138
  const CHKV = `KV_${channelBucket(space)}`; // channel registry (read-only for everyone)
139
+ const MEMKV = `KV_${membershipBucket(space)}`; // derived graph membership feed (read-only — dashboard)
140
+ const DLVKV = `KV_${deliveryBucket(space)}`; // delivery lease/readiness (read-only — Component 6 health)
130
141
  const inbox = `_INBOX_${id}.>`;
131
142
  if (profile === "observer" || profile === "admin") {
132
143
  // Read-only: live feed via tap, history + presence via ephemeral/ordered consumers it
@@ -162,6 +173,14 @@ function permissionsFor(profile, space, id, opts) {
162
173
  `$JS.API.CONSUMER.CREATE.${CHKV}.>`,
163
174
  `$JS.API.CONSUMER.INFO.${CHKV}.>`,
164
175
  `$JS.API.CONSUMER.DELETE.${CHKV}.>`, // ephemeral consumer cleanup
176
+ // Derived graph-membership feed (broker-sourced who-is-subscribed) — watch + direct kv.get. The
177
+ // silent-reader set is sensitive, so read is admin/observer-only (this elevated profile), never an
178
+ // agent. Read-only: no `$KV.${membershipBucket}` publish — only the `membership-rw` cred writes it.
179
+ `$JS.API.STREAM.INFO.${MEMKV}`,
180
+ `$JS.API.STREAM.MSG.GET.${MEMKV}`,
181
+ `$JS.API.CONSUMER.CREATE.${MEMKV}.>`,
182
+ `$JS.API.CONSUMER.INFO.${MEMKV}.>`,
183
+ `$JS.API.CONSUMER.DELETE.${MEMKV}.>`,
165
184
  "$JS.FC.>", // ordered-consumer flow control
166
185
  ];
167
186
  if (profile === "admin") {
@@ -188,7 +207,11 @@ function permissionsFor(profile, space, id, opts) {
188
207
  ...allowPublish.map((ch) => chatSubject(space, id, ch)),
189
208
  unicastSubject(space, "*", id), // inst.*.<id> — DM any instance, as me
190
209
  anycastSubject(space, "*", id), // svc.*.<id> — anycast any role, as me
191
- controlServiceSubject(space, CONTROL_SELF_SERVICE, id), // ctl.self.<id> — self stop/despawn + mediated join/leave, granted to all
210
+ controlServiceSubject(space, CONTROL_SELF_SERVICE, id), // ctl.self.<id> — self stop/despawn, granted to all
211
+ // ctl.delivery.<id> — request a durable backstop join/leave/list from the SERVER-SIDE delivery
212
+ // daemon (NOT the manager). The reply rides this same subtree (`ctl.delivery.<id>.reply.<n>`, in
213
+ // sub.allow below) so the daemon can answer without broad inbox-publish — see CONTROL_DELIVERY.
214
+ controlServiceSubject(space, CONTROL_DELIVERY, id),
192
215
  // JetStream control plane — scoped to this agent's own streams/durables.
193
216
  "$JS.API.INFO",
194
217
  // STREAM.INFO: CHAT (join watermark, recall drop-marker, channel-list counts — a documented
@@ -232,6 +255,11 @@ function permissionsFor(profile, space, id, opts) {
232
255
  `$JS.API.STREAM.MSG.GET.${CHKV}`,
233
256
  `$JS.API.CONSUMER.CREATE.${CHKV}.>`,
234
257
  `$JS.API.CONSUMER.INFO.${CHKV}.>`,
258
+ // Delivery lease/readiness: READ-ONLY (kv.get) for the non-gating `cotal_channels` delivery-health
259
+ // surface (Component 6). The lease key is daemon-availability info, like the world-readable roster;
260
+ // NO write grant — only the `delivery` cred writes it.
261
+ `$JS.API.STREAM.INFO.${DLVKV}`,
262
+ `$JS.API.STREAM.MSG.GET.${DLVKV}`,
235
263
  ];
236
264
  if (svcD) {
237
265
  // TASK consumer: BIND ONLY its own role's pre-created durable (svc_<role>). Like DM, the
@@ -269,9 +297,140 @@ function permissionsFor(profile, space, id, opts) {
269
297
  // (e.g. chat.*.review.>, chat.*.>). This is what lets an agent self-serve a live channel subscribe
270
298
  // with NO manager: join = nc.subscribe, broker-enforced per-subscribe, no consumer name to confine,
271
299
  // so an open ACL needs no enumeration. This sub.allow grant IS the live read path — there is no
272
- // per-instance chat durable; the durable backstop is Plane-3 (manager fan-out → per-member DELIVER).
300
+ // per-instance chat durable; the durable backstop is Plane-3 (delivery-daemon fan-out → per-member DELIVER).
273
301
  const subChat = allowSubscribe.map((ch) => chatSubject(space, "*", ch));
274
- return { pub: { allow: pubAllow, deny: pubDeny }, sub: { allow: [inbox, ...subChat] } };
302
+ // Replies to this agent's durable join/leave/list requests ride `ctl.delivery.<id>.>` (NOT the
303
+ // per-id _INBOX), so the scoped delivery daemon can answer without broad inbox-publish.
304
+ const deliveryReplies = `${controlServiceSubject(space, CONTROL_DELIVERY, id)}.>`;
305
+ return { pub: { allow: pubAllow, deny: pubDeny }, sub: { allow: [inbox, deliveryReplies, ...subChat] } };
306
+ }
307
+ /** The scoped `delivery` daemon permission set (server-side Plane-3 infra; NEVER allow-all, never
308
+ * minted for an agent — `cotal mint` excludes it, like `manager`). Least-privilege: exactly what the
309
+ * fan-out writer + trusted reader + activation catch-up + membership/ACL reads + members-KV writes +
310
+ * the lease + the `ctl.delivery` control service touch. `sub.allow` is the per-identity inbox (all JS
311
+ * pull delivery / KV-watch / request replies land there) PLUS the `ctl.delivery` control subtree it
312
+ * serves; ALL stream/KV reads ride the JS API (publishes), so there is NO native `chat`/`dinbox`/`dlv`
313
+ * subscription — a leaked cred can't natively sniff the mixed pre-auth store. Honest blast radius
314
+ * (delivery-daemon.md): it can write any owner's `dlv` (the post-auth store agents trust); the future
315
+ * fan-out/reader cred split bounds that. */
316
+ function deliveryPermissions(space, id) {
317
+ const p = spacePrefix(space);
318
+ const CHAT = chatStream(space), INBOX = inboxStream(space), DLV = dlvStream(space);
319
+ const PKV = `KV_${presenceBucket(space)}`, CHKV = `KV_${channelBucket(space)}`;
320
+ const MKV = `KV_${membersBucket(space)}`, AKV = `KV_${aclBucket(space)}`, DKV = `KV_${deliveryBucket(space)}`;
321
+ const kvRead = (bucket) => [
322
+ `$JS.API.STREAM.INFO.${bucket}`,
323
+ `$JS.API.STREAM.MSG.GET.${bucket}`, // kv.get
324
+ `$JS.API.CONSUMER.CREATE.${bucket}.>`, // kv.watch ordered consumer
325
+ `$JS.API.CONSUMER.INFO.${bucket}.>`,
326
+ `$JS.API.CONSUMER.DELETE.${bucket}.>`,
327
+ ];
328
+ const pub = [
329
+ "$JS.API.INFO",
330
+ `$JS.API.STREAM.INFO.${CHAT}`, `$JS.API.STREAM.INFO.${INBOX}`, `$JS.API.STREAM.INFO.${DLV}`,
331
+ // Fan-out durable + activation-catch-up ephemerals live on CHAT — the daemon legitimately reads ALL
332
+ // chat (the fan-out consumes the whole stream), so a stream-wide CHAT consumer grant is no
333
+ // escalation. The catch-up ephemeral names (`cu_<owner>_<gen>`) are dynamic, so they can't be
334
+ // name-pinned; CHAT-wide is correct here.
335
+ `$JS.API.CONSUMER.CREATE.${CHAT}.>`,
336
+ `$JS.API.CONSUMER.DURABLE.CREATE.${CHAT}.>`,
337
+ `$JS.API.CONSUMER.INFO.${CHAT}.>`,
338
+ `$JS.API.CONSUMER.MSG.NEXT.${CHAT}.>`,
339
+ `$JS.API.CONSUMER.DELETE.${CHAT}.>`,
340
+ `$JS.ACK.${CHAT}.>`,
341
+ // Trusted reader on INBOX — NAME-PINNED to the single `reader` durable (the meaningful confinement:
342
+ // no arbitrary INBOX consumer create against the mixed pre-auth store).
343
+ `$JS.API.CONSUMER.CREATE.${INBOX}.${INBOX_READER_DURABLE}.>`,
344
+ `$JS.API.CONSUMER.DURABLE.CREATE.${INBOX}.${INBOX_READER_DURABLE}`,
345
+ `$JS.API.CONSUMER.INFO.${INBOX}.${INBOX_READER_DURABLE}`,
346
+ `$JS.API.CONSUMER.MSG.NEXT.${INBOX}.${INBOX_READER_DURABLE}`,
347
+ `$JS.API.CONSUMER.DELETE.${INBOX}.${INBOX_READER_DURABLE}`,
348
+ `$JS.ACK.${INBOX}.${INBOX_READER_DURABLE}.>`,
349
+ "$JS.FC.>", // ordered-consumer flow control
350
+ // Reads: presence (@mention resolve) + channel registry (delivery class) + members + ACL (re-auth).
351
+ ...kvRead(PKV), ...kvRead(CHKV), ...kvRead(MKV), ...kvRead(AKV),
352
+ // Members-KV WRITE — the daemon is the durable-membership authority (join/leave/activate/catch-up).
353
+ `$KV.${membersBucket(space)}.>`,
354
+ // Delivery lease/readiness KV: read the bucket (renew CAS) + write ONLY lease keys.
355
+ `$JS.API.STREAM.INFO.${DKV}`, `$JS.API.STREAM.MSG.GET.${DKV}`,
356
+ `$KV.${deliveryBucket(space)}.lease.*`,
357
+ // Plane-3 data writes: dinbox (fan-out target) + dlv (post-auth handoff) for ANY owner.
358
+ `${p}.dinbox.*`, `${p}.dlv.*`,
359
+ // ctl.delivery control REPLIES ONLY (requests arrive on the sub below; the daemon only ever
360
+ // m.respond()s to a requester's reply subject `ctl.delivery.<id>.reply.<n>`). Scoped to the
361
+ // `.reply.>` leaf so the daemon can't publish to the request subjects themselves — tighter than a
362
+ // blanket `ctl.delivery.>` (fact-check precision, review panel).
363
+ `${p}.ctl.delivery.*.reply.>`,
364
+ ];
365
+ const sub = [
366
+ `_INBOX_${id}.>`,
367
+ `${p}.ctl.delivery.*`, // serve the delivery control service (queue-grouped durable join/leave/list)
368
+ ];
369
+ return { pub: { allow: pub }, sub: { allow: sub } };
370
+ }
371
+ /** The scoped DATA-account `membership-rw` permission set (the graph feed's conn B; NEVER allow-all,
372
+ * never minted for an agent — `cotal mint` excludes it, like `manager`/`delivery`). Least-privilege:
373
+ * READ the members registry (the durable arm of the merge) + READ/WRITE the one derived membership
374
+ * bucket, and nothing else. It holds NO chat/DM/anycast/ctl grant and never touches `$SYS` (account
375
+ * isolation keeps the system-account CONNZ read on the SEPARATE conn-A cred). A leaked conn-B cred can
376
+ * read durable-membership records and forge the feed — bounded to "dashboard integrity" by the
377
+ * display-only invariant; it reads no message bodies and admins nothing. */
378
+ function membershipRwPermissions(space, id) {
379
+ const MKV = `KV_${membersBucket(space)}`; // durable arm — read
380
+ const MEMKV = `KV_${membershipBucket(space)}`; // derived feed — read (diff/prune) + write
381
+ const kvRead = (bucket) => [
382
+ `$JS.API.STREAM.INFO.${bucket}`,
383
+ `$JS.API.STREAM.MSG.GET.${bucket}`, // kv.get
384
+ `$JS.API.CONSUMER.CREATE.${bucket}.>`, // kv.keys()/kv.watch ordered consumer
385
+ `$JS.API.CONSUMER.INFO.${bucket}.>`,
386
+ `$JS.API.CONSUMER.DELETE.${bucket}.>`,
387
+ ];
388
+ const pub = [
389
+ "$JS.API.INFO",
390
+ ...kvRead(MKV),
391
+ ...kvRead(MEMKV),
392
+ `$KV.${membershipBucket(space)}.>`, // write derived feed (kv.put + kv.delete)
393
+ "$JS.FC.>", // ordered-consumer flow control
394
+ ];
395
+ return { pub: { allow: pub }, sub: { allow: [`_INBOX_${id}.>`] } };
396
+ }
397
+ /** The scoped SYSTEM-account `membership-observer` permission set (the graph feed's conn A). An EXPLICIT
398
+ * block is MANDATORY: a system-account user with NO permissions block defaults to ALLOW-ALL = full
399
+ * `$SYS` = broker admin (verified — pre-flight spike + docs). Least-privilege allowlist:
400
+ * - **pub:** the account-scoped CONNZ request subject ONLY (not server-wide `PING.CONNZ`, not
401
+ * `REQ.SERVER.*`/`REQ.CLAIMS.*`).
402
+ * - **sub:** the scoped reply inbox (`<MEMBERSHIP_INBOX_PREFIX>.>`) + this ONE account's
403
+ * CONNECT/DISCONNECT events (re-poll triggers) — never `$SYS.ACCOUNT.*.…` (cross-tenant) nor
404
+ * `$SYS.ACCOUNT.<id>.>` (pulls in SUBSZ/JSZ/purge).
405
+ * No `$SYS.>` deny that would shadow the allows (deny-beats-allow). A leaked conn-A cred enumerates THIS
406
+ * account's connections (silent readers + nkeys) and can forge the feed; it reads no bodies, touches no
407
+ * other account, and admins no server. */
408
+ function membershipObserverPermissions(accountId) {
409
+ return {
410
+ pub: { allow: [connzRequestSubject(accountId)] },
411
+ sub: {
412
+ allow: [
413
+ `${MEMBERSHIP_INBOX_PREFIX}.>`,
414
+ accountConnectSubject(accountId),
415
+ accountDisconnectSubject(accountId),
416
+ ],
417
+ },
418
+ };
419
+ }
420
+ /** Mint the scoped `membership-observer` creds — a SYSTEM-account user (conn A of the graph feed),
421
+ * signed with the in-memory `auth.sys.signingSeed` from a fresh {@link createSpaceAuth}. THROWS if that
422
+ * seed is absent (a re-`up` of an already-provisioned space, whose `$SYS` seed was discarded at its
423
+ * original `up`): the observer can only be minted at the (re-)provision that creates the account — a
424
+ * documented migration property, not a silent no-op. The CONNZ/event subjects pin the DATA account id
425
+ * (`auth.account.pub`). Mirrors {@link mintCreds} but issues into the system account. */
426
+ export async function mintMembershipObserverCreds(auth, identity) {
427
+ if (!auth.sys.signingSeed)
428
+ throw new Error("mintMembershipObserverCreds: no in-memory system-account signing seed — the observer can only be minted at the `up` that provisions the account (the $SYS seed is never persisted). Re-provision (down/up) to enable broker-sourced membership.");
429
+ const signer = fromSeed(new TextEncoder().encode(auth.sys.signingSeed));
430
+ const perms = membershipObserverPermissions(auth.account.pub);
431
+ const userJwt = await encodeUser("membership-observer", fromPublic(identity.id), fromPublic(auth.sys.pub), perms, { signer });
432
+ const creds = fmtCreds(userJwt, fromSeed(new TextEncoder().encode(identity.seed)));
433
+ return new TextDecoder().decode(creds);
275
434
  }
276
435
  /** Render the `nats-server` config that trusts this space's operator and serves its
277
436
  * accounts via the in-config MEMORY resolver. */
@@ -318,10 +477,13 @@ export function findCotalRoot(start = process.cwd()) {
318
477
  dir = parent;
319
478
  }
320
479
  }
321
- /** Persist the space trust material. The file holds the signing seed — treat as a secret. */
480
+ /** Persist the space trust material. The file holds the data-account signing seed — treat as a secret.
481
+ * The system-account `sys.signingSeed` is STRIPPED before writing: it is broker-admin minting capability,
482
+ * so it never lands on disk (it lives only in the in-memory {@link createSpaceAuth} result). */
322
483
  export function saveSpaceAuth(dir, auth) {
323
484
  mkdirSync(dir, { recursive: true });
324
- writeFileSync(join(dir, AUTH_FILE), JSON.stringify(auth, null, 2), { mode: 0o600 });
485
+ const onDisk = { ...auth, sys: { pub: auth.sys.pub, jwt: auth.sys.jwt } };
486
+ writeFileSync(join(dir, AUTH_FILE), JSON.stringify(onDisk, null, 2), { mode: 0o600 });
325
487
  }
326
488
  /** Load the space trust material, or undefined if auth was never set up here. */
327
489
  export function loadSpaceAuth(dir) {
package/dist/provision.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"provision.js","sourceRoot":"","sources":["../src/provision.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;AACH,OAAO,EAAE,YAAY,EAAE,aAAa,EAAE,SAAS,EAAE,UAAU,EAAE,MAAM,SAAS,CAAC;AAC7E,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AACnD,OAAO,EACL,cAAc,EACd,aAAa,EACb,UAAU,EACV,QAAQ,GACT,MAAM,cAAc,CAAC;AACtB,OAAO,EAAE,cAAc,EAAE,aAAa,EAAE,UAAU,EAAE,QAAQ,EAAE,MAAM,gBAAgB,CAAC;AACrF,OAAO,EACL,KAAK,EACL,WAAW,EACX,WAAW,EACX,kBAAkB,EAClB,cAAc,EACd,cAAc,EACd,cAAc,EACd,qBAAqB,EACrB,kBAAkB,EAClB,oBAAoB,EACpB,UAAU,EACV,QAAQ,EACR,UAAU,EACV,SAAS,EACT,eAAe,EACf,SAAS,EACT,WAAW,EACX,UAAU,EACV,cAAc,EACd,aAAa,GACd,MAAM,eAAe,CAAC;AAkBvB,uFAAuF;AACvF,wFAAwF;AACxF,8DAA8D;AAC9D,MAAM,WAAW,GAAG;IAClB,IAAI,EAAE,CAAC,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,OAAO,EAAE,CAAC,CAAC,EAAE,OAAO,EAAE,CAAC,CAAC;IACtD,IAAI,EAAE,CAAC,CAAC,EAAE,OAAO,EAAE,CAAC,CAAC,EAAE,SAAS,EAAE,IAAI;CAC9B,CAAC;AACX,MAAM,WAAW,GAAG,EAAE,GAAG,WAAW,EAAE,WAAW,EAAE,CAAC,CAAC,EAAE,YAAY,EAAE,CAAC,CAAC,EAAE,CAAC;AAC1E,MAAM,UAAU,GAAG,EAAE,GAAG,WAAW,EAAE,WAAW,EAAE,CAAC,EAAE,YAAY,EAAE,CAAC,EAAE,CAAC;AAEvE;;;;;;;yEAOyE;AACzE,MAAM,UAAU,cAAc,CAAC,IAAe;IAC5C,OAAO;QACL,KAAK,EAAE,IAAI,CAAC,KAAK;QACjB,QAAQ,EAAE,EAAE,IAAI,EAAE,EAAE,EAAE,GAAG,EAAE,EAAE,EAAE;QAC/B,OAAO,EAAE;YACP,GAAG,EAAE,IAAI,CAAC,OAAO,CAAC,GAAG;YACrB,IAAI,EAAE,EAAE;YACR,GAAG,EAAE,EAAE;YACP,WAAW,EAAE,IAAI,CAAC,OAAO,CAAC,WAAW;YACrC,UAAU,EAAE,EAAE;SACf;QACD,GAAG,EAAE,EAAE,GAAG,EAAE,EAAE,EAAE,GAAG,EAAE,EAAE,EAAE;KAC1B,CAAC;AACJ,CAAC;AAED,4FAA4F;AAC5F,MAAM,CAAC,KAAK,UAAU,eAAe,CAAC,KAAa;IACjD,MAAM,GAAG,GAAG,cAAc,EAAE,CAAC;IAC7B,MAAM,GAAG,GAAG,aAAa,EAAE,CAAC;IAC5B,MAAM,IAAI,GAAG,aAAa,EAAE,CAAC,CAAC,yCAAyC;IACvE,MAAM,KAAK,GAAG,aAAa,EAAE,CAAC;IAC9B,MAAM,MAAM,GAAG,KAAK,CAAC,YAAY,EAAE,CAAC;IAEpC,MAAM,WAAW,GAAG,MAAM,cAAc,CAAC,SAAS,KAAK,CAAC,KAAK,CAAC,EAAE,EAAE,GAAG,EAAE,EAAE,cAAc,EAAE,MAAM,EAAE,CAAC,CAAC;IACnG,MAAM,UAAU,GAAG,MAAM,aAAa,CACpC,KAAK,CAAC,KAAK,CAAC,EACZ,GAAG,EACH,EAAE,YAAY,EAAE,CAAC,IAAI,CAAC,YAAY,EAAE,CAAC,EAAE,MAAM,EAAE,WAAW,EAAE,EAC5D,EAAE,MAAM,EAAE,GAAG,EAAE,CAChB,CAAC;IACF,MAAM,MAAM,GAAG,MAAM,aAAa,CAAC,KAAK,EAAE,KAAK,EAAE,EAAE,MAAM,EAAE,UAAU,EAAE,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,CAAC;IAE1F,MAAM,GAAG,GAAG,CAAC,CAAa,EAAE,EAAE,CAAC,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;IAC3D,OAAO;QACL,KAAK;QACL,QAAQ,EAAE,EAAE,IAAI,EAAE,GAAG,CAAC,GAAG,CAAC,OAAO,EAAE,CAAC,EAAE,GAAG,EAAE,WAAW,EAAE;QACxD,OAAO,EAAE;YACP,GAAG,EAAE,GAAG,CAAC,YAAY,EAAE;YACvB,IAAI,EAAE,GAAG,CAAC,GAAG,CAAC,OAAO,EAAE,CAAC;YACxB,GAAG,EAAE,UAAU;YACf,WAAW,EAAE,GAAG,CAAC,IAAI,CAAC,OAAO,EAAE,CAAC;YAChC,UAAU,EAAE,IAAI,CAAC,YAAY,EAAE;SAChC;QACD,GAAG,EAAE,EAAE,GAAG,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,EAAE;KAClC,CAAC;AACJ,CAAC;AAwDD;;;;0EAI0E;AAC1E,MAAM,CAAC,KAAK,UAAU,cAAc,CAClC,WAA+B,EAC/B,IAAe,EACf,QAAkB,EAClB,OAAsB,EAAE;IAExB,MAAM,SAAS,GAAG,IAAI,CAAC,SAAS,EAAE,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC;IACxE,MAAM,cAAc,GAAG,IAAI,CAAC,cAAc,EAAE,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC,CAAC,SAAS,CAAC;IACrF,gGAAgG;IAChG,KAAK,MAAM,EAAE,IAAI,CAAC,GAAG,SAAS,EAAE,GAAG,cAAc,CAAC;QAAE,kBAAkB,CAAC,EAAE,CAAC,CAAC;IAC3E,8FAA8F;IAC9F,4FAA4F;IAC5F,iEAAiE;IACjE,KAAK,MAAM,EAAE,IAAI,SAAS;QACxB,IAAI,CAAC,cAAc,CAAC,cAAc,EAAE,EAAE,CAAC;YACrC,MAAM,IAAI,KAAK,CACb,8BAA8B,EAAE,mCAAmC,cAAc,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAChG,CAAC;IACN,MAAM,WAAW,CAAC,gBAAgB,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC;IAChD,MAAM,WAAW,CAAC,iBAAiB,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC;IACjD,wGAAwG;IACxG,uGAAuG;IACvG,wGAAwG;IACxG,2FAA2F;IAC3F,IAAI,IAAI,CAAC,iBAAiB,KAAK,KAAK;QAAE,MAAM,WAAW,CAAC,mBAAmB,CAAC,QAAQ,CAAC,EAAE,EAAE,SAAS,CAAC,CAAC;IACpG,IAAI,IAAI,CAAC,IAAI;QAAE,MAAM,WAAW,CAAC,kBAAkB,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAC/D,OAAO,SAAS,CAAC,IAAI,EAAE,QAAQ,EAAE,OAAO,EAAE,EAAE,GAAG,IAAI,EAAE,cAAc,EAAE,CAAC,CAAC;AACzE,CAAC;AAED;;;;;;wDAMwD;AACxD,MAAM,CAAC,KAAK,UAAU,SAAS,CAC7B,IAAe,EACf,QAAkB,EAClB,OAAgB,EAChB,OAAiB,EAAE;IAEnB,MAAM,MAAM,GAAG,QAAQ,CAAC,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC,CAAC;IAC5E,MAAM,KAAK,GAAG,cAAc,CAAC,OAAO,EAAE,IAAI,CAAC,KAAK,EAAE,QAAQ,CAAC,EAAE,EAAE,IAAI,CAAC,CAAC;IACrE,MAAM,OAAO,GAAG,MAAM,UAAU,CAC9B,OAAO,EACP,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC,EACvB,UAAU,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,EAC5B,KAAK,EACL,EAAE,MAAM,EAAE,CACX,CAAC;IACF,MAAM,KAAK,GAAG,QAAQ,CAAC,OAAO,EAAE,QAAQ,CAAC,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IACnF,OAAO,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;AACzC,CAAC;AAED;;;4BAG4B;AAC5B,SAAS,cAAc,CACrB,OAAgB,EAChB,KAAa,EACb,EAAU,EACV,IAAc;IAEd,IAAI,OAAO,KAAK,SAAS;QAAE,OAAO,EAAE,CAAC,CAAC,iCAAiC;IACvE,MAAM,IAAI,GAAG,UAAU,CAAC,KAAK,CAAC,EAAE,EAAE,GAAG,QAAQ,CAAC,KAAK,CAAC,EAAE,IAAI,GAAG,UAAU,CAAC,KAAK,CAAC,CAAC;IAC/E,MAAM,EAAE,GAAG,MAAM,cAAc,CAAC,KAAK,CAAC,EAAE,CAAC;IACzC,MAAM,IAAI,GAAG,MAAM,aAAa,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC,4CAA4C;IACvF,MAAM,KAAK,GAAG,UAAU,EAAE,IAAI,CAAC;IAE/B,IAAI,OAAO,KAAK,UAAU,IAAI,OAAO,KAAK,OAAO,EAAE,CAAC;QAClD,sFAAsF;QACtF,gFAAgF;QAChF,wFAAwF;QACxF,+EAA+E;QAC/E,yFAAyF;QACzF,yFAAyF;QACzF,4FAA4F;QAC5F,yFAAyF;QACzF,8EAA8E;QAC9E,MAAM,GAAG,GACP,OAAO,KAAK,OAAO;YACjB,CAAC,CAAC,CAAC,GAAG,WAAW,CAAC,KAAK,CAAC,IAAI,EAAE,KAAK,CAAC;YACpC,CAAC,CAAC,CAAC,GAAG,WAAW,CAAC,KAAK,CAAC,SAAS,EAAE,KAAK,CAAC,CAAC;QAC9C,MAAM,KAAK,GAAG;YACZ,cAAc;YACd,uBAAuB,IAAI,EAAE;YAC7B,uBAAuB,EAAE,EAAE;YAC3B,sFAAsF;YACtF,yEAAyE;YACzE,2BAA2B,IAAI,EAAE;YACjC,2BAA2B,IAAI,IAAI;YACnC,yBAAyB,IAAI,IAAI;YACjC,6BAA6B,IAAI,IAAI;YACrC,2BAA2B,IAAI,IAAI;YACnC,WAAW,IAAI,IAAI;YACnB,2BAA2B,EAAE,IAAI,EAAE,+CAA+C;YAClF,yBAAyB,EAAE,IAAI;YAC/B,oFAAoF;YACpF,8FAA8F;YAC9F,uBAAuB,IAAI,EAAE;YAC7B,0BAA0B,IAAI,EAAE;YAChC,2BAA2B,IAAI,IAAI;YACnC,yBAAyB,IAAI,IAAI;YACjC,2BAA2B,IAAI,IAAI,EAAG,6BAA6B;YACnE,UAAU,EAAE,gCAAgC;SAC7C,CAAC;QACF,IAAI,OAAO,KAAK,OAAO,EAAE,CAAC;YACxB,sFAAsF;YACtF,sFAAsF;YACtF,KAAK,CAAC,IAAI,CACR,uBAAuB,EAAE,EAAE,EAC3B,2BAA2B,EAAE,EAAE,EAC/B,2BAA2B,EAAE,IAAI,EACjC,yBAAyB,EAAE,IAAI,EAC/B,6BAA6B,EAAE,IAAI,EACnC,2BAA2B,EAAE,IAAI,EACjC,WAAW,EAAE,IAAI,CAClB,CAAC;QACJ,CAAC;QACD,OAAO,EAAE,GAAG,EAAE,EAAE,KAAK,EAAE,GAAG,EAAE,EAAE,GAAG,EAAE,EAAE,KAAK,EAAE,EAAE,CAAC;IACjD,CAAC;IAED,kBAAkB;IAClB,MAAM,YAAY,GAAG,IAAI,CAAC,YAAY,IAAI,EAAE,CAAC,CAAC,qDAAqD;IACnG,MAAM,cAAc,GAAG,IAAI,CAAC,cAAc,EAAE,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,WAAW;IACnG,mGAAmG;IACnG,sFAAsF;IACtF,KAAK,MAAM,EAAE,IAAI,CAAC,GAAG,cAAc,EAAE,GAAG,YAAY,CAAC;QAAE,kBAAkB,CAAC,EAAE,CAAC,CAAC;IAC9E,MAAM,OAAO,GAAG,IAAI,CAAC,OAAO,IAAI,kBAAkB,CAAC;IACnD,MAAM,SAAS,GAAG,eAAe,CAAC,EAAE,CAAC,EAAE,GAAG,GAAG,SAAS,CAAC,EAAE,CAAC,CAAC;IAC3D,MAAM,GAAG,GAAG,SAAS,CAAC,KAAK,CAAC,EAAE,IAAI,GAAG,UAAU,CAAC,EAAE,CAAC,CAAC,CAAC,0CAA0C;IAC/F,MAAM,IAAI,GAAG,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;IAC5D,MAAM,QAAQ,GAAG;QACf,gGAAgG;QAChG,6EAA6E;QAC7E,GAAG,YAAY,CAAC,GAAG,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,WAAW,CAAC,KAAK,EAAE,EAAE,EAAE,EAAE,CAAC,CAAC;QACvD,cAAc,CAAC,KAAK,EAAE,GAAG,EAAE,EAAE,CAAC,EAAE,0CAA0C;QAC1E,cAAc,CAAC,KAAK,EAAE,GAAG,EAAE,EAAE,CAAC,EAAE,2CAA2C;QAC3E,qBAAqB,CAAC,KAAK,EAAE,oBAAoB,EAAE,EAAE,CAAC,EAAE,0EAA0E;QAClI,yEAAyE;QACzE,cAAc;QACd,4FAA4F;QAC5F,iGAAiG;QACjG,gGAAgG;QAChG,wFAAwF;QACxF,uBAAuB,IAAI,EAAE,EAAE,uBAAuB,EAAE,EAAE,EAAE,uBAAuB,IAAI,EAAE;QACzF,iGAAiG;QACjG,4FAA4F;QAC5F,4FAA4F;QAC5F,0FAA0F;QAC1F,uEAAuE;QACvE,iGAAiG;QACjG,gGAAgG;QAChG,8FAA8F;QAC9F,8FAA8F;QAC9F,wFAAwF;QACxF,6FAA6F;QAC7F,GAAG,cAAc,CAAC,GAAG,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,2BAA2B,IAAI,IAAI,SAAS,IAAI,WAAW,CAAC,KAAK,EAAE,GAAG,EAAE,EAAE,CAAC,EAAE,CAAC;QAC5G,yBAAyB,IAAI,IAAI,SAAS,EAAE;QAC5C,6BAA6B,IAAI,IAAI,SAAS,EAAE;QAChD,2BAA2B,IAAI,IAAI,SAAS,EAAE;QAC9C,qFAAqF;QACrF,yBAAyB,EAAE,IAAI,GAAG,EAAE;QACpC,6BAA6B,EAAE,IAAI,GAAG,EAAE;QACxC,WAAW,EAAE,IAAI,GAAG,IAAI;QACxB,+FAA+F;QAC/F,8FAA8F;QAC9F,gGAAgG;QAChG,0FAA0F;QAC1F,yBAAyB,GAAG,IAAI,IAAI,EAAE;QACtC,6BAA6B,GAAG,IAAI,IAAI,EAAE;QAC1C,WAAW,GAAG,IAAI,IAAI,IAAI;QAC1B,2EAA2E;QAC3E,2BAA2B,EAAE,IAAI;QACjC,yBAAyB,EAAE,IAAI;QAC/B,UAAU;QACV,OAAO,cAAc,CAAC,KAAK,CAAC,IAAI,EAAE,EAAE,EAAE,4CAA4C;QAClF,yFAAyF;QACzF,+FAA+F;QAC/F,0BAA0B,IAAI,EAAE;QAChC,2BAA2B,IAAI,IAAI;QACnC,yBAAyB,IAAI,IAAI;KAClC,CAAC;IACF,IAAI,IAAI,EAAE,CAAC;QACT,yFAAyF;QACzF,oFAAoF;QACpF,wFAAwF;QACxF,QAAQ,CAAC,IAAI,CACX,yBAAyB,IAAI,IAAI,IAAI,EAAE,EACvC,6BAA6B,IAAI,IAAI,IAAI,EAAE,EAC3C,WAAW,IAAI,IAAI,IAAI,IAAI,CAC5B,CAAC;IACJ,CAAC;IACD,IAAI,IAAI,CAAC,YAAY,EAAE,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;QACzC,2FAA2F;QAC3F,sFAAsF;QACtF,sFAAsF;QACtF,0FAA0F;QAC1F,6EAA6E;QAC7E,QAAQ,CAAC,IAAI,CAAC,qBAAqB,CAAC,KAAK,EAAE,OAAO,EAAE,EAAE,CAAC,CAAC,CAAC;IAC3D,CAAC;IACD,qFAAqF;IACrF,mFAAmF;IACnF,sFAAsF;IACtF,iFAAiF;IACjF,MAAM,OAAO,GAAG;QACd,2BAA2B,EAAE,EAAE;QAC/B,2BAA2B,EAAE,IAAI;QACjC,mCAAmC,EAAE,IAAI;QACzC,2BAA2B,IAAI,EAAE;QACjC,2BAA2B,IAAI,IAAI;QACnC,mCAAmC,IAAI,IAAI;QAC3C,iGAAiG;QACjG,8EAA8E;QAC9E,2BAA2B,GAAG,EAAE;QAChC,2BAA2B,GAAG,IAAI;QAClC,mCAAmC,GAAG,IAAI;KAC3C,CAAC;IACF,iGAAiG;IACjG,iGAAiG;IACjG,mGAAmG;IACnG,oGAAoG;IACpG,gGAAgG;IAChG,qGAAqG;IACrG,MAAM,OAAO,GAAG,cAAc,CAAC,GAAG,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,WAAW,CAAC,KAAK,EAAE,GAAG,EAAE,EAAE,CAAC,CAAC,CAAC;IACxE,OAAO,EAAE,GAAG,EAAE,EAAE,KAAK,EAAE,QAAQ,EAAE,IAAI,EAAE,OAAO,EAAE,EAAE,GAAG,EAAE,EAAE,KAAK,EAAE,CAAC,KAAK,EAAE,GAAG,OAAO,CAAC,EAAE,EAAE,CAAC;AAC1F,CAAC;AAED;kDACkD;AAClD,MAAM,UAAU,YAAY,CAAC,IAAe,EAAE,IAAwD;IACpG,MAAM,IAAI,GAAG,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC;IAC/B,MAAM,IAAI,GAAG,IAAI,CAAC,IAAI,IAAI,WAAW,CAAC;IACtC,4FAA4F;IAC5F,8FAA8F;IAC9F,+FAA+F;IAC/F,+FAA+F;IAC/F,gGAAgG;IAChG,iGAAiG;IACjG,kGAAkG;IAClG,OAAO;QACD,IAAI;QACJ,IAAI;;yBAEa,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,QAAQ,CAAC;YAC1C,IAAI,CAAC,QAAQ,CAAC,GAAG;kBACX,IAAI,CAAC,GAAG,CAAC,GAAG;;;IAG1B,IAAI,CAAC,OAAO,CAAC,GAAG,KAAK,IAAI,CAAC,OAAO,CAAC,GAAG;IACrC,IAAI,CAAC,GAAG,CAAC,GAAG,KAAK,IAAI,CAAC,GAAG,CAAC,GAAG;;CAEhC,CAAC;AACF,CAAC;AAED,kFAAkF;AAElF,MAAM,SAAS,GAAG,WAAW,CAAC;AAE9B,MAAM,UAAU,OAAO,CAAC,IAAY;IAClC,OAAO,IAAI,CAAC,IAAI,EAAE,QAAQ,EAAE,MAAM,CAAC,CAAC;AACtC,CAAC;AAED;;iGAEiG;AACjG,MAAM,UAAU,aAAa,CAAC,QAAgB,OAAO,CAAC,GAAG,EAAE;IACzD,IAAI,GAAG,GAAG,OAAO,CAAC,KAAK,CAAC,CAAC;IACzB,SAAS,CAAC;QACR,IAAI,UAAU,CAAC,IAAI,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAC;YAAE,OAAO,GAAG,CAAC;QAChD,MAAM,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,CAAC;QAC5B,IAAI,MAAM,KAAK,GAAG;YAAE,OAAO,OAAO,CAAC,KAAK,CAAC,CAAC;QAC1C,GAAG,GAAG,MAAM,CAAC;IACf,CAAC;AACH,CAAC;AAED,6FAA6F;AAC7F,MAAM,UAAU,aAAa,CAAC,GAAW,EAAE,IAAe;IACxD,SAAS,CAAC,GAAG,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IACpC,aAAa,CAAC,IAAI,CAAC,GAAG,EAAE,SAAS,CAAC,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;AACtF,CAAC;AAED,iFAAiF;AACjF,MAAM,UAAU,aAAa,CAAC,GAAW;IACvC,MAAM,CAAC,GAAG,IAAI,CAAC,GAAG,EAAE,SAAS,CAAC,CAAC;IAC/B,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC;QAAE,OAAO,SAAS,CAAC;IACrC,OAAO,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC,EAAE,MAAM,CAAC,CAAc,CAAC;AAC1D,CAAC"}
1
+ {"version":3,"file":"provision.js","sourceRoot":"","sources":["../src/provision.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;AACH,OAAO,EAAE,YAAY,EAAE,aAAa,EAAE,SAAS,EAAE,UAAU,EAAE,MAAM,SAAS,CAAC;AAC7E,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AACnD,OAAO,EACL,cAAc,EACd,aAAa,EACb,UAAU,EACV,QAAQ,GACT,MAAM,cAAc,CAAC;AACtB,OAAO,EAAE,cAAc,EAAE,aAAa,EAAE,UAAU,EAAE,QAAQ,EAAE,MAAM,gBAAgB,CAAC;AACrF,OAAO,EACL,KAAK,EACL,WAAW,EACX,WAAW,EACX,kBAAkB,EAClB,cAAc,EACd,cAAc,EACd,cAAc,EACd,qBAAqB,EACrB,kBAAkB,EAClB,oBAAoB,EACpB,gBAAgB,EAChB,UAAU,EACV,QAAQ,EACR,UAAU,EACV,SAAS,EACT,WAAW,EACX,eAAe,EACf,SAAS,EACT,WAAW,EACX,UAAU,EACV,cAAc,EACd,aAAa,EACb,aAAa,EACb,SAAS,EACT,gBAAgB,EAChB,cAAc,EACd,mBAAmB,EACnB,qBAAqB,EACrB,wBAAwB,EACxB,uBAAuB,EACvB,cAAc,EACd,oBAAoB,GACrB,MAAM,eAAe,CAAC;AAsBvB,uFAAuF;AACvF,wFAAwF;AACxF,8DAA8D;AAC9D,MAAM,WAAW,GAAG;IAClB,IAAI,EAAE,CAAC,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,OAAO,EAAE,CAAC,CAAC,EAAE,OAAO,EAAE,CAAC,CAAC;IACtD,IAAI,EAAE,CAAC,CAAC,EAAE,OAAO,EAAE,CAAC,CAAC,EAAE,SAAS,EAAE,IAAI;CAC9B,CAAC;AACX,MAAM,WAAW,GAAG,EAAE,GAAG,WAAW,EAAE,WAAW,EAAE,CAAC,CAAC,EAAE,YAAY,EAAE,CAAC,CAAC,EAAE,CAAC;AAC1E,MAAM,UAAU,GAAG,EAAE,GAAG,WAAW,EAAE,WAAW,EAAE,CAAC,EAAE,YAAY,EAAE,CAAC,EAAE,CAAC;AAEvE;;;;;;;yEAOyE;AACzE,MAAM,UAAU,cAAc,CAAC,IAAe;IAC5C,OAAO;QACL,KAAK,EAAE,IAAI,CAAC,KAAK;QACjB,QAAQ,EAAE,EAAE,IAAI,EAAE,EAAE,EAAE,GAAG,EAAE,EAAE,EAAE;QAC/B,OAAO,EAAE;YACP,GAAG,EAAE,IAAI,CAAC,OAAO,CAAC,GAAG;YACrB,IAAI,EAAE,EAAE;YACR,GAAG,EAAE,EAAE;YACP,WAAW,EAAE,IAAI,CAAC,OAAO,CAAC,WAAW;YACrC,UAAU,EAAE,EAAE;SACf;QACD,GAAG,EAAE,EAAE,GAAG,EAAE,EAAE,EAAE,GAAG,EAAE,EAAE,EAAE;KAC1B,CAAC;AACJ,CAAC;AAED,4FAA4F;AAC5F,MAAM,CAAC,KAAK,UAAU,eAAe,CAAC,KAAa;IACjD,MAAM,GAAG,GAAG,cAAc,EAAE,CAAC;IAC7B,MAAM,GAAG,GAAG,aAAa,EAAE,CAAC;IAC5B,MAAM,IAAI,GAAG,aAAa,EAAE,CAAC,CAAC,yCAAyC;IACvE,MAAM,KAAK,GAAG,aAAa,EAAE,CAAC;IAC9B,MAAM,MAAM,GAAG,KAAK,CAAC,YAAY,EAAE,CAAC;IAEpC,MAAM,WAAW,GAAG,MAAM,cAAc,CAAC,SAAS,KAAK,CAAC,KAAK,CAAC,EAAE,EAAE,GAAG,EAAE,EAAE,cAAc,EAAE,MAAM,EAAE,CAAC,CAAC;IACnG,MAAM,UAAU,GAAG,MAAM,aAAa,CACpC,KAAK,CAAC,KAAK,CAAC,EACZ,GAAG,EACH,EAAE,YAAY,EAAE,CAAC,IAAI,CAAC,YAAY,EAAE,CAAC,EAAE,MAAM,EAAE,WAAW,EAAE,EAC5D,EAAE,MAAM,EAAE,GAAG,EAAE,CAChB,CAAC;IACF,MAAM,MAAM,GAAG,MAAM,aAAa,CAAC,KAAK,EAAE,KAAK,EAAE,EAAE,MAAM,EAAE,UAAU,EAAE,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,CAAC;IAE1F,MAAM,GAAG,GAAG,CAAC,CAAa,EAAE,EAAE,CAAC,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;IAC3D,OAAO;QACL,KAAK;QACL,QAAQ,EAAE,EAAE,IAAI,EAAE,GAAG,CAAC,GAAG,CAAC,OAAO,EAAE,CAAC,EAAE,GAAG,EAAE,WAAW,EAAE;QACxD,OAAO,EAAE;YACP,GAAG,EAAE,GAAG,CAAC,YAAY,EAAE;YACvB,IAAI,EAAE,GAAG,CAAC,GAAG,CAAC,OAAO,EAAE,CAAC;YACxB,GAAG,EAAE,UAAU;YACf,WAAW,EAAE,GAAG,CAAC,IAAI,CAAC,OAAO,EAAE,CAAC;YAChC,UAAU,EAAE,IAAI,CAAC,YAAY,EAAE;SAChC;QACD,oGAAoG;QACpG,kGAAkG;QAClG,GAAG,EAAE,EAAE,GAAG,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,EAAE,WAAW,EAAE,GAAG,CAAC,KAAK,CAAC,OAAO,EAAE,CAAC,EAAE;KACrE,CAAC;AACJ,CAAC;AAiED;;;;;kGAKkG;AAClG,MAAM,CAAC,KAAK,UAAU,cAAc,CAClC,WAA+B,EAC/B,IAAe,EACf,QAAkB,EAClB,OAAsB,EAAE;IAExB,MAAM,SAAS,GAAG,IAAI,CAAC,SAAS,EAAE,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC;IACxE,MAAM,cAAc,GAAG,IAAI,CAAC,cAAc,EAAE,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC,CAAC,SAAS,CAAC;IACrF,gGAAgG;IAChG,KAAK,MAAM,EAAE,IAAI,CAAC,GAAG,SAAS,EAAE,GAAG,cAAc,CAAC;QAAE,kBAAkB,CAAC,EAAE,CAAC,CAAC;IAC3E,8FAA8F;IAC9F,4FAA4F;IAC5F,iEAAiE;IACjE,KAAK,MAAM,EAAE,IAAI,SAAS;QACxB,IAAI,CAAC,cAAc,CAAC,cAAc,EAAE,EAAE,CAAC;YACrC,MAAM,IAAI,KAAK,CACb,8BAA8B,EAAE,mCAAmC,cAAc,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAChG,CAAC;IACN,MAAM,WAAW,CAAC,gBAAgB,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC;IAChD,MAAM,WAAW,CAAC,iBAAiB,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC;IACjD,sGAAsG;IACtG,mGAAmG;IACnG,uGAAuG;IACvG,iGAAiG;IACjG,iGAAiG;IACjG,+DAA+D;IAC/D,IAAI,IAAI,CAAC,iBAAiB,KAAK,KAAK;QAAE,MAAM,WAAW,CAAC,SAAS,CAAC,QAAQ,CAAC,EAAE,EAAE,cAAc,CAAC,CAAC;IAC/F,IAAI,IAAI,CAAC,IAAI;QAAE,MAAM,WAAW,CAAC,kBAAkB,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAC/D,OAAO,SAAS,CAAC,IAAI,EAAE,QAAQ,EAAE,OAAO,EAAE,EAAE,GAAG,IAAI,EAAE,cAAc,EAAE,CAAC,CAAC;AACzE,CAAC;AAED;;;;;;wDAMwD;AACxD,MAAM,CAAC,KAAK,UAAU,SAAS,CAC7B,IAAe,EACf,QAAkB,EAClB,OAAgB,EAChB,OAAiB,EAAE;IAEnB,MAAM,MAAM,GAAG,QAAQ,CAAC,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC,CAAC;IAC5E,MAAM,KAAK,GAAG,cAAc,CAAC,OAAO,EAAE,IAAI,CAAC,KAAK,EAAE,QAAQ,CAAC,EAAE,EAAE,IAAI,CAAC,CAAC;IACrE,MAAM,OAAO,GAAG,MAAM,UAAU,CAC9B,OAAO,EACP,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC,EACvB,UAAU,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,EAC5B,KAAK,EACL,EAAE,MAAM,EAAE,CACX,CAAC;IACF,MAAM,KAAK,GAAG,QAAQ,CAAC,OAAO,EAAE,QAAQ,CAAC,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IACnF,OAAO,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;AACzC,CAAC;AAED;;;4BAG4B;AAC5B,SAAS,cAAc,CACrB,OAAgB,EAChB,KAAa,EACb,EAAU,EACV,IAAc;IAEd,IAAI,OAAO,KAAK,UAAU;QAAE,OAAO,mBAAmB,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC,CAAC,mCAAmC;IACtG,IAAI,OAAO,KAAK,eAAe;QAAE,OAAO,uBAAuB,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC,CAAC,kCAAkC;IAC9G,IAAI,OAAO,KAAK,SAAS;QAAE,OAAO,EAAE,CAAC,CAAC,iCAAiC;IACvE,MAAM,IAAI,GAAG,UAAU,CAAC,KAAK,CAAC,EAAE,EAAE,GAAG,QAAQ,CAAC,KAAK,CAAC,EAAE,IAAI,GAAG,UAAU,CAAC,KAAK,CAAC,CAAC;IAC/E,MAAM,EAAE,GAAG,MAAM,cAAc,CAAC,KAAK,CAAC,EAAE,CAAC;IACzC,MAAM,IAAI,GAAG,MAAM,aAAa,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC,4CAA4C;IACvF,MAAM,KAAK,GAAG,MAAM,gBAAgB,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC,wDAAwD;IACvG,MAAM,KAAK,GAAG,MAAM,cAAc,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC,4DAA4D;IACzG,MAAM,KAAK,GAAG,UAAU,EAAE,IAAI,CAAC;IAE/B,IAAI,OAAO,KAAK,UAAU,IAAI,OAAO,KAAK,OAAO,EAAE,CAAC;QAClD,sFAAsF;QACtF,gFAAgF;QAChF,wFAAwF;QACxF,+EAA+E;QAC/E,yFAAyF;QACzF,yFAAyF;QACzF,4FAA4F;QAC5F,yFAAyF;QACzF,8EAA8E;QAC9E,MAAM,GAAG,GACP,OAAO,KAAK,OAAO;YACjB,CAAC,CAAC,CAAC,GAAG,WAAW,CAAC,KAAK,CAAC,IAAI,EAAE,KAAK,CAAC;YACpC,CAAC,CAAC,CAAC,GAAG,WAAW,CAAC,KAAK,CAAC,SAAS,EAAE,KAAK,CAAC,CAAC;QAC9C,MAAM,KAAK,GAAG;YACZ,cAAc;YACd,uBAAuB,IAAI,EAAE;YAC7B,uBAAuB,EAAE,EAAE;YAC3B,sFAAsF;YACtF,yEAAyE;YACzE,2BAA2B,IAAI,EAAE;YACjC,2BAA2B,IAAI,IAAI;YACnC,yBAAyB,IAAI,IAAI;YACjC,6BAA6B,IAAI,IAAI;YACrC,2BAA2B,IAAI,IAAI;YACnC,WAAW,IAAI,IAAI;YACnB,2BAA2B,EAAE,IAAI,EAAE,+CAA+C;YAClF,yBAAyB,EAAE,IAAI;YAC/B,oFAAoF;YACpF,8FAA8F;YAC9F,uBAAuB,IAAI,EAAE;YAC7B,0BAA0B,IAAI,EAAE;YAChC,2BAA2B,IAAI,IAAI;YACnC,yBAAyB,IAAI,IAAI;YACjC,2BAA2B,IAAI,IAAI,EAAG,6BAA6B;YACnE,gGAAgG;YAChG,mGAAmG;YACnG,oGAAoG;YACpG,uBAAuB,KAAK,EAAE;YAC9B,0BAA0B,KAAK,EAAE;YACjC,2BAA2B,KAAK,IAAI;YACpC,yBAAyB,KAAK,IAAI;YAClC,2BAA2B,KAAK,IAAI;YACpC,UAAU,EAAE,gCAAgC;SAC7C,CAAC;QACF,IAAI,OAAO,KAAK,OAAO,EAAE,CAAC;YACxB,sFAAsF;YACtF,sFAAsF;YACtF,KAAK,CAAC,IAAI,CACR,uBAAuB,EAAE,EAAE,EAC3B,2BAA2B,EAAE,EAAE,EAC/B,2BAA2B,EAAE,IAAI,EACjC,yBAAyB,EAAE,IAAI,EAC/B,6BAA6B,EAAE,IAAI,EACnC,2BAA2B,EAAE,IAAI,EACjC,WAAW,EAAE,IAAI,CAClB,CAAC;QACJ,CAAC;QACD,OAAO,EAAE,GAAG,EAAE,EAAE,KAAK,EAAE,GAAG,EAAE,EAAE,GAAG,EAAE,EAAE,KAAK,EAAE,EAAE,CAAC;IACjD,CAAC;IAED,kBAAkB;IAClB,MAAM,YAAY,GAAG,IAAI,CAAC,YAAY,IAAI,EAAE,CAAC,CAAC,qDAAqD;IACnG,MAAM,cAAc,GAAG,IAAI,CAAC,cAAc,EAAE,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,WAAW;IACnG,mGAAmG;IACnG,sFAAsF;IACtF,KAAK,MAAM,EAAE,IAAI,CAAC,GAAG,cAAc,EAAE,GAAG,YAAY,CAAC;QAAE,kBAAkB,CAAC,EAAE,CAAC,CAAC;IAC9E,MAAM,OAAO,GAAG,IAAI,CAAC,OAAO,IAAI,kBAAkB,CAAC;IACnD,MAAM,SAAS,GAAG,eAAe,CAAC,EAAE,CAAC,EAAE,GAAG,GAAG,SAAS,CAAC,EAAE,CAAC,CAAC;IAC3D,MAAM,GAAG,GAAG,SAAS,CAAC,KAAK,CAAC,EAAE,IAAI,GAAG,UAAU,CAAC,EAAE,CAAC,CAAC,CAAC,0CAA0C;IAC/F,MAAM,IAAI,GAAG,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;IAC5D,MAAM,QAAQ,GAAG;QACf,gGAAgG;QAChG,6EAA6E;QAC7E,GAAG,YAAY,CAAC,GAAG,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,WAAW,CAAC,KAAK,EAAE,EAAE,EAAE,EAAE,CAAC,CAAC;QACvD,cAAc,CAAC,KAAK,EAAE,GAAG,EAAE,EAAE,CAAC,EAAE,0CAA0C;QAC1E,cAAc,CAAC,KAAK,EAAE,GAAG,EAAE,EAAE,CAAC,EAAE,2CAA2C;QAC3E,qBAAqB,CAAC,KAAK,EAAE,oBAAoB,EAAE,EAAE,CAAC,EAAE,oDAAoD;QAC5G,+FAA+F;QAC/F,iGAAiG;QACjG,gGAAgG;QAChG,qBAAqB,CAAC,KAAK,EAAE,gBAAgB,EAAE,EAAE,CAAC;QAClD,yEAAyE;QACzE,cAAc;QACd,4FAA4F;QAC5F,iGAAiG;QACjG,gGAAgG;QAChG,wFAAwF;QACxF,uBAAuB,IAAI,EAAE,EAAE,uBAAuB,EAAE,EAAE,EAAE,uBAAuB,IAAI,EAAE;QACzF,iGAAiG;QACjG,4FAA4F;QAC5F,4FAA4F;QAC5F,0FAA0F;QAC1F,uEAAuE;QACvE,iGAAiG;QACjG,gGAAgG;QAChG,8FAA8F;QAC9F,8FAA8F;QAC9F,wFAAwF;QACxF,6FAA6F;QAC7F,GAAG,cAAc,CAAC,GAAG,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,2BAA2B,IAAI,IAAI,SAAS,IAAI,WAAW,CAAC,KAAK,EAAE,GAAG,EAAE,EAAE,CAAC,EAAE,CAAC;QAC5G,yBAAyB,IAAI,IAAI,SAAS,EAAE;QAC5C,6BAA6B,IAAI,IAAI,SAAS,EAAE;QAChD,2BAA2B,IAAI,IAAI,SAAS,EAAE;QAC9C,qFAAqF;QACrF,yBAAyB,EAAE,IAAI,GAAG,EAAE;QACpC,6BAA6B,EAAE,IAAI,GAAG,EAAE;QACxC,WAAW,EAAE,IAAI,GAAG,IAAI;QACxB,+FAA+F;QAC/F,8FAA8F;QAC9F,gGAAgG;QAChG,0FAA0F;QAC1F,yBAAyB,GAAG,IAAI,IAAI,EAAE;QACtC,6BAA6B,GAAG,IAAI,IAAI,EAAE;QAC1C,WAAW,GAAG,IAAI,IAAI,IAAI;QAC1B,2EAA2E;QAC3E,2BAA2B,EAAE,IAAI;QACjC,yBAAyB,EAAE,IAAI;QAC/B,UAAU;QACV,OAAO,cAAc,CAAC,KAAK,CAAC,IAAI,EAAE,EAAE,EAAE,4CAA4C;QAClF,yFAAyF;QACzF,+FAA+F;QAC/F,0BAA0B,IAAI,EAAE;QAChC,2BAA2B,IAAI,IAAI;QACnC,yBAAyB,IAAI,IAAI;QACjC,mGAAmG;QACnG,oGAAoG;QACpG,uDAAuD;QACvD,uBAAuB,KAAK,EAAE;QAC9B,0BAA0B,KAAK,EAAE;KAClC,CAAC;IACF,IAAI,IAAI,EAAE,CAAC;QACT,yFAAyF;QACzF,oFAAoF;QACpF,wFAAwF;QACxF,QAAQ,CAAC,IAAI,CACX,yBAAyB,IAAI,IAAI,IAAI,EAAE,EACvC,6BAA6B,IAAI,IAAI,IAAI,EAAE,EAC3C,WAAW,IAAI,IAAI,IAAI,IAAI,CAC5B,CAAC;IACJ,CAAC;IACD,IAAI,IAAI,CAAC,YAAY,EAAE,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;QACzC,2FAA2F;QAC3F,sFAAsF;QACtF,sFAAsF;QACtF,0FAA0F;QAC1F,6EAA6E;QAC7E,QAAQ,CAAC,IAAI,CAAC,qBAAqB,CAAC,KAAK,EAAE,OAAO,EAAE,EAAE,CAAC,CAAC,CAAC;IAC3D,CAAC;IACD,qFAAqF;IACrF,mFAAmF;IACnF,sFAAsF;IACtF,iFAAiF;IACjF,MAAM,OAAO,GAAG;QACd,2BAA2B,EAAE,EAAE;QAC/B,2BAA2B,EAAE,IAAI;QACjC,mCAAmC,EAAE,IAAI;QACzC,2BAA2B,IAAI,EAAE;QACjC,2BAA2B,IAAI,IAAI;QACnC,mCAAmC,IAAI,IAAI;QAC3C,iGAAiG;QACjG,8EAA8E;QAC9E,2BAA2B,GAAG,EAAE;QAChC,2BAA2B,GAAG,IAAI;QAClC,mCAAmC,GAAG,IAAI;KAC3C,CAAC;IACF,iGAAiG;IACjG,iGAAiG;IACjG,mGAAmG;IACnG,oGAAoG;IACpG,gGAAgG;IAChG,6GAA6G;IAC7G,MAAM,OAAO,GAAG,cAAc,CAAC,GAAG,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,WAAW,CAAC,KAAK,EAAE,GAAG,EAAE,EAAE,CAAC,CAAC,CAAC;IACxE,+FAA+F;IAC/F,wFAAwF;IACxF,MAAM,eAAe,GAAG,GAAG,qBAAqB,CAAC,KAAK,EAAE,gBAAgB,EAAE,EAAE,CAAC,IAAI,CAAC;IAClF,OAAO,EAAE,GAAG,EAAE,EAAE,KAAK,EAAE,QAAQ,EAAE,IAAI,EAAE,OAAO,EAAE,EAAE,GAAG,EAAE,EAAE,KAAK,EAAE,CAAC,KAAK,EAAE,eAAe,EAAE,GAAG,OAAO,CAAC,EAAE,EAAE,CAAC;AAC3G,CAAC;AAED;;;;;;;;6CAQ6C;AAC7C,SAAS,mBAAmB,CAAC,KAAa,EAAE,EAAU;IACpD,MAAM,CAAC,GAAG,WAAW,CAAC,KAAK,CAAC,CAAC;IAC7B,MAAM,IAAI,GAAG,UAAU,CAAC,KAAK,CAAC,EAAE,KAAK,GAAG,WAAW,CAAC,KAAK,CAAC,EAAE,GAAG,GAAG,SAAS,CAAC,KAAK,CAAC,CAAC;IACnF,MAAM,GAAG,GAAG,MAAM,cAAc,CAAC,KAAK,CAAC,EAAE,EAAE,IAAI,GAAG,MAAM,aAAa,CAAC,KAAK,CAAC,EAAE,CAAC;IAC/E,MAAM,GAAG,GAAG,MAAM,aAAa,CAAC,KAAK,CAAC,EAAE,EAAE,GAAG,GAAG,MAAM,SAAS,CAAC,KAAK,CAAC,EAAE,EAAE,GAAG,GAAG,MAAM,cAAc,CAAC,KAAK,CAAC,EAAE,CAAC;IAC9G,MAAM,MAAM,GAAG,CAAC,MAAc,EAAE,EAAE,CAAC;QACjC,uBAAuB,MAAM,EAAE;QAC/B,0BAA0B,MAAM,EAAE,EAAE,SAAS;QAC7C,2BAA2B,MAAM,IAAI,EAAE,4BAA4B;QACnE,yBAAyB,MAAM,IAAI;QACnC,2BAA2B,MAAM,IAAI;KACtC,CAAC;IACF,MAAM,GAAG,GAAG;QACV,cAAc;QACd,uBAAuB,IAAI,EAAE,EAAE,uBAAuB,KAAK,EAAE,EAAE,uBAAuB,GAAG,EAAE;QAC3F,oGAAoG;QACpG,2FAA2F;QAC3F,8FAA8F;QAC9F,0CAA0C;QAC1C,2BAA2B,IAAI,IAAI;QACnC,mCAAmC,IAAI,IAAI;QAC3C,yBAAyB,IAAI,IAAI;QACjC,6BAA6B,IAAI,IAAI;QACrC,2BAA2B,IAAI,IAAI;QACnC,WAAW,IAAI,IAAI;QACnB,oGAAoG;QACpG,wEAAwE;QACxE,2BAA2B,KAAK,IAAI,oBAAoB,IAAI;QAC5D,mCAAmC,KAAK,IAAI,oBAAoB,EAAE;QAClE,yBAAyB,KAAK,IAAI,oBAAoB,EAAE;QACxD,6BAA6B,KAAK,IAAI,oBAAoB,EAAE;QAC5D,2BAA2B,KAAK,IAAI,oBAAoB,EAAE;QAC1D,WAAW,KAAK,IAAI,oBAAoB,IAAI;QAC5C,UAAU,EAAE,gCAAgC;QAC5C,oGAAoG;QACpG,GAAG,MAAM,CAAC,GAAG,CAAC,EAAE,GAAG,MAAM,CAAC,IAAI,CAAC,EAAE,GAAG,MAAM,CAAC,GAAG,CAAC,EAAE,GAAG,MAAM,CAAC,GAAG,CAAC;QAC/D,oGAAoG;QACpG,OAAO,aAAa,CAAC,KAAK,CAAC,IAAI;QAC/B,oFAAoF;QACpF,uBAAuB,GAAG,EAAE,EAAE,0BAA0B,GAAG,EAAE;QAC7D,OAAO,cAAc,CAAC,KAAK,CAAC,UAAU;QACtC,wFAAwF;QACxF,GAAG,CAAC,WAAW,EAAE,GAAG,CAAC,QAAQ;QAC7B,4FAA4F;QAC5F,4FAA4F;QAC5F,kGAAkG;QAClG,iEAAiE;QACjE,GAAG,CAAC,yBAAyB;KAC9B,CAAC;IACF,MAAM,GAAG,GAAG;QACV,UAAU,EAAE,IAAI;QAChB,GAAG,CAAC,iBAAiB,EAAE,6EAA6E;KACrG,CAAC;IACF,OAAO,EAAE,GAAG,EAAE,EAAE,KAAK,EAAE,GAAG,EAAE,EAAE,GAAG,EAAE,EAAE,KAAK,EAAE,GAAG,EAAE,EAAE,CAAC;AACtD,CAAC;AAED;;;;;;6EAM6E;AAC7E,SAAS,uBAAuB,CAAC,KAAa,EAAE,EAAU;IACxD,MAAM,GAAG,GAAG,MAAM,aAAa,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC,qBAAqB;IAC/D,MAAM,KAAK,GAAG,MAAM,gBAAgB,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC,2CAA2C;IAC1F,MAAM,MAAM,GAAG,CAAC,MAAc,EAAE,EAAE,CAAC;QACjC,uBAAuB,MAAM,EAAE;QAC/B,0BAA0B,MAAM,EAAE,EAAE,SAAS;QAC7C,2BAA2B,MAAM,IAAI,EAAE,sCAAsC;QAC7E,yBAAyB,MAAM,IAAI;QACnC,2BAA2B,MAAM,IAAI;KACtC,CAAC;IACF,MAAM,GAAG,GAAG;QACV,cAAc;QACd,GAAG,MAAM,CAAC,GAAG,CAAC;QACd,GAAG,MAAM,CAAC,KAAK,CAAC;QAChB,OAAO,gBAAgB,CAAC,KAAK,CAAC,IAAI,EAAE,0CAA0C;QAC9E,UAAU,EAAE,gCAAgC;KAC7C,CAAC;IACF,OAAO,EAAE,GAAG,EAAE,EAAE,KAAK,EAAE,GAAG,EAAE,EAAE,GAAG,EAAE,EAAE,KAAK,EAAE,CAAC,UAAU,EAAE,IAAI,CAAC,EAAE,EAAE,CAAC;AACrE,CAAC;AAED;;;;;;;;;;2CAU2C;AAC3C,SAAS,6BAA6B,CAAC,SAAiB;IACtD,OAAO;QACL,GAAG,EAAE,EAAE,KAAK,EAAE,CAAC,mBAAmB,CAAC,SAAS,CAAC,CAAC,EAAE;QAChD,GAAG,EAAE;YACH,KAAK,EAAE;gBACL,GAAG,uBAAuB,IAAI;gBAC9B,qBAAqB,CAAC,SAAS,CAAC;gBAChC,wBAAwB,CAAC,SAAS,CAAC;aACpC;SACF;KACF,CAAC;AACJ,CAAC;AAED;;;;;0FAK0F;AAC1F,MAAM,CAAC,KAAK,UAAU,2BAA2B,CAAC,IAAe,EAAE,QAAkB;IACnF,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,WAAW;QACvB,MAAM,IAAI,KAAK,CACb,iPAAiP,CAClP,CAAC;IACJ,MAAM,MAAM,GAAG,QAAQ,CAAC,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC,CAAC;IACxE,MAAM,KAAK,GAAG,6BAA6B,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;IAC9D,MAAM,OAAO,GAAG,MAAM,UAAU,CAC9B,qBAAqB,EACrB,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC,EACvB,UAAU,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,EACxB,KAAK,EACL,EAAE,MAAM,EAAE,CACX,CAAC;IACF,MAAM,KAAK,GAAG,QAAQ,CAAC,OAAO,EAAE,QAAQ,CAAC,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IACnF,OAAO,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;AACzC,CAAC;AAED;kDACkD;AAClD,MAAM,UAAU,YAAY,CAAC,IAAe,EAAE,IAAwD;IACpG,MAAM,IAAI,GAAG,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC;IAC/B,MAAM,IAAI,GAAG,IAAI,CAAC,IAAI,IAAI,WAAW,CAAC;IACtC,4FAA4F;IAC5F,8FAA8F;IAC9F,+FAA+F;IAC/F,+FAA+F;IAC/F,gGAAgG;IAChG,iGAAiG;IACjG,kGAAkG;IAClG,OAAO;QACD,IAAI;QACJ,IAAI;;yBAEa,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,QAAQ,CAAC;YAC1C,IAAI,CAAC,QAAQ,CAAC,GAAG;kBACX,IAAI,CAAC,GAAG,CAAC,GAAG;;;IAG1B,IAAI,CAAC,OAAO,CAAC,GAAG,KAAK,IAAI,CAAC,OAAO,CAAC,GAAG;IACrC,IAAI,CAAC,GAAG,CAAC,GAAG,KAAK,IAAI,CAAC,GAAG,CAAC,GAAG;;CAEhC,CAAC;AACF,CAAC;AAED,kFAAkF;AAElF,MAAM,SAAS,GAAG,WAAW,CAAC;AAE9B,MAAM,UAAU,OAAO,CAAC,IAAY;IAClC,OAAO,IAAI,CAAC,IAAI,EAAE,QAAQ,EAAE,MAAM,CAAC,CAAC;AACtC,CAAC;AAED;;iGAEiG;AACjG,MAAM,UAAU,aAAa,CAAC,QAAgB,OAAO,CAAC,GAAG,EAAE;IACzD,IAAI,GAAG,GAAG,OAAO,CAAC,KAAK,CAAC,CAAC;IACzB,SAAS,CAAC;QACR,IAAI,UAAU,CAAC,IAAI,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAC;YAAE,OAAO,GAAG,CAAC;QAChD,MAAM,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,CAAC;QAC5B,IAAI,MAAM,KAAK,GAAG;YAAE,OAAO,OAAO,CAAC,KAAK,CAAC,CAAC;QAC1C,GAAG,GAAG,MAAM,CAAC;IACf,CAAC;AACH,CAAC;AAED;;iGAEiG;AACjG,MAAM,UAAU,aAAa,CAAC,GAAW,EAAE,IAAe;IACxD,SAAS,CAAC,GAAG,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IACpC,MAAM,MAAM,GAAc,EAAE,GAAG,IAAI,EAAE,GAAG,EAAE,EAAE,GAAG,EAAE,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,GAAG,EAAE,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,EAAE,CAAC;IACrF,aAAa,CAAC,IAAI,CAAC,GAAG,EAAE,SAAS,CAAC,EAAE,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;AACxF,CAAC;AAED,iFAAiF;AACjF,MAAM,UAAU,aAAa,CAAC,GAAW;IACvC,MAAM,CAAC,GAAG,IAAI,CAAC,GAAG,EAAE,SAAS,CAAC,CAAC;IAC/B,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC;QAAE,OAAO,SAAS,CAAC;IACrC,OAAO,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC,EAAE,MAAM,CAAC,CAAc,CAAC;AAC1D,CAAC"}
package/dist/streams.d.ts CHANGED
@@ -17,6 +17,18 @@ export declare const PLANE3_DEDUP_WINDOW_MS: number;
17
17
  /** Bound on the trusted reader's in-flight (un-acked) entries per owner — an offline owner with a large
18
18
  * backlog can't stall the reader's own redelivery by pinning unbounded pending. */
19
19
  export declare const DINBOX_MAX_ACK_PENDING = 1000;
20
+ /** Delivery-daemon single-flight lease TTL (ms) — the bucket-level `max_age` on `cotal_delivery_<space>`.
21
+ * A live holder renews at ~half this; a crashed holder stops renewing and the bucket TTL expires its
22
+ * lease key, freeing it for a fresh daemon's CAS create. Sized well above the renew interval so a brief
23
+ * GC/scheduling pause never self-evicts a healthy holder, yet short enough that a crash frees the shard
24
+ * promptly. (The bucket holds ONLY lease keys, so a bucket TTL is exact here; per-key TTL is also
25
+ * available on this stack — a deliberate simplicity choice, not a capability gap. See {@link deliveryBucket}.) */
26
+ export declare const LEASE_TTL_MS = 30000;
27
+ /** Bucket-level `max_bytes` cap on the derived membership feed (`cotal_membership_<space>`). The
28
+ * per-agent keying keeps each value tiny (a handful of channel patterns), so 64 MiB bounds the footprint
29
+ * far above any realistic readership while keeping the bucket from growing unbounded. A deliberate cap,
30
+ * not a guess at scale — the design is cap-safe by construction (per-agent, store-patterns-not-expanded). */
31
+ export declare const MEMBERSHIP_MAX_BYTES: number;
20
32
  export interface ClearSpaceHistoryResult {
21
33
  chat: number;
22
34
  dm?: number;
@@ -66,6 +78,8 @@ export declare function taskDurableConfig(space: string, role: string, opts?: {
66
78
  * recovered from the subject (`parseDinboxOwner`). */
67
79
  export declare function inboxReaderConfig(space: string, opts?: {
68
80
  ackWaitMs?: number;
81
+ shard?: number;
82
+ shards?: number;
69
83
  }): Partial<ConsumerConfig>;
70
84
  /** An agent's bind-only per-member DELIVER consumer (mirrors {@link dmDurableConfig}): the provisioner
71
85
  * pre-creates it filtered to `dlv.<owner>`; the agent BINDS it (denied CREATE on DLV) and acks via
@@ -81,6 +95,8 @@ export declare function dlvDurableConfig(space: string, owner: string, opts?: {
81
95
  * manager restart it resumes from its ack cursor and fans out the gap, idempotent via `Nats-Msg-Id`. */
82
96
  export declare function fanoutDurableConfig(space: string, opts?: {
83
97
  ackWaitMs?: number;
98
+ shard?: number;
99
+ shards?: number;
84
100
  }): Partial<ConsumerConfig>;
85
101
  /** Connect with the given (privileged) creds, create the space's streams, and disconnect.
86
102
  * Used by `cotal up` to pre-create streams once at setup. */
package/dist/streams.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"streams.d.ts","sourceRoot":"","sources":["../src/streams.ts"],"names":[],"mappings":"AAAA,OAAO,EAOL,KAAK,cAAc,EACnB,KAAK,gBAAgB,EACtB,MAAM,oBAAoB,CAAC;AA6B5B;;4FAE4F;AAC5F,eAAO,MAAM,oBAAoB,OAAO,CAAC;AAEzC;;;;;;;;;0GAS0G;AAC1G,eAAO,MAAM,sBAAsB,QAAqB,CAAC;AAEzD;oFACoF;AACpF,eAAO,MAAM,sBAAsB,OAAO,CAAC;AAE3C,MAAM,WAAW,uBAAuB;IACtC,IAAI,EAAE,MAAM,CAAC;IACb,EAAE,CAAC,EAAE,MAAM,CAAC;CACb;AAED;;;;;;;;GAQG;AACH,wBAAsB,kBAAkB,CACtC,GAAG,EAAE,gBAAgB,EACrB,KAAK,EAAE,MAAM,GACZ,OAAO,CAAC,IAAI,CAAC,CAkDf;AAED;;;;;;;;;;;;;GAaG;AACH,wBAAgB,eAAe,CAC7B,KAAK,EAAE,MAAM,EACb,EAAE,EAAE,MAAM,EACV,IAAI,GAAE;IAAE,SAAS,CAAC,EAAE,MAAM,CAAC;IAAC,mBAAmB,CAAC,EAAE,MAAM,CAAA;CAAO,GAC9D,OAAO,CAAC,cAAc,CAAC,CAUzB;AAED;;;;;;GAMG;AACH,wBAAgB,iBAAiB,CAC/B,KAAK,EAAE,MAAM,EACb,IAAI,EAAE,MAAM,EACZ,IAAI,GAAE;IAAE,SAAS,CAAC,EAAE,MAAM,CAAA;CAAO,GAChC,OAAO,CAAC,cAAc,CAAC,CAOzB;AAID;;;;uDAIuD;AACvD,wBAAgB,iBAAiB,CAC/B,KAAK,EAAE,MAAM,EACb,IAAI,GAAE;IAAE,SAAS,CAAC,EAAE,MAAM,CAAA;CAAO,GAChC,OAAO,CAAC,cAAc,CAAC,CASzB;AAED;;;;kBAIkB;AAClB,wBAAgB,gBAAgB,CAC9B,KAAK,EAAE,MAAM,EACb,KAAK,EAAE,MAAM,EACb,IAAI,GAAE;IAAE,SAAS,CAAC,EAAE,MAAM,CAAC;IAAC,mBAAmB,CAAC,EAAE,MAAM,CAAA;CAAO,GAC9D,OAAO,CAAC,cAAc,CAAC,CAUzB;AAED;;yGAEyG;AACzG,wBAAgB,mBAAmB,CACjC,KAAK,EAAE,MAAM,EACb,IAAI,GAAE;IAAE,SAAS,CAAC,EAAE,MAAM,CAAA;CAAO,GAChC,OAAO,CAAC,cAAc,CAAC,CAQzB;AAED;8DAC8D;AAC9D,wBAAsB,iBAAiB,CAAC,IAAI,EAAE;IAC5C,OAAO,EAAE,MAAM,CAAC;IAChB,KAAK,EAAE,MAAM,CAAC;IACd,oGAAoG;IACpG,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB,GAAG,OAAO,CAAC,IAAI,CAAC,CAoBhB;AAED;kDACkD;AAClD,wBAAsB,iBAAiB,CAAC,IAAI,EAAE;IAC5C,OAAO,EAAE,MAAM,CAAC;IAChB,KAAK,EAAE,MAAM,CAAC;IACd,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,UAAU,CAAC,EAAE,OAAO,CAAC;CACtB,GAAG,OAAO,CAAC,uBAAuB,CAAC,CAcnC;AAED;;;;;oFAKoF;AACpF,wBAAsB,YAAY,CAAC,IAAI,EAAE;IACvC,OAAO,EAAE,MAAM,CAAC;IAChB,KAAK,EAAE,MAAM,CAAC;IACd,OAAO,EAAE,MAAM,CAAC;IAChB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB,GAAG,OAAO,CAAC;IAAE,OAAO,EAAE,MAAM,CAAC;IAAC,MAAM,EAAE,MAAM,CAAA;CAAE,CAAC,CAsB/C"}
1
+ {"version":3,"file":"streams.d.ts","sourceRoot":"","sources":["../src/streams.ts"],"names":[],"mappings":"AAAA,OAAO,EAOL,KAAK,cAAc,EACnB,KAAK,gBAAgB,EACtB,MAAM,oBAAoB,CAAC;AAgC5B;;4FAE4F;AAC5F,eAAO,MAAM,oBAAoB,OAAO,CAAC;AAEzC;;;;;;;;;0GAS0G;AAC1G,eAAO,MAAM,sBAAsB,QAAqB,CAAC;AAEzD;oFACoF;AACpF,eAAO,MAAM,sBAAsB,OAAO,CAAC;AAE3C;;;;;mHAKmH;AACnH,eAAO,MAAM,YAAY,QAAS,CAAC;AAEnC;;;8GAG8G;AAC9G,eAAO,MAAM,oBAAoB,QAAmB,CAAC;AAErD,MAAM,WAAW,uBAAuB;IACtC,IAAI,EAAE,MAAM,CAAC;IACb,EAAE,CAAC,EAAE,MAAM,CAAC;CACb;AAED;;;;;;;;GAQG;AACH,wBAAsB,kBAAkB,CACtC,GAAG,EAAE,gBAAgB,EACrB,KAAK,EAAE,MAAM,GACZ,OAAO,CAAC,IAAI,CAAC,CAkDf;AAED;;;;;;;;;;;;;GAaG;AACH,wBAAgB,eAAe,CAC7B,KAAK,EAAE,MAAM,EACb,EAAE,EAAE,MAAM,EACV,IAAI,GAAE;IAAE,SAAS,CAAC,EAAE,MAAM,CAAC;IAAC,mBAAmB,CAAC,EAAE,MAAM,CAAA;CAAO,GAC9D,OAAO,CAAC,cAAc,CAAC,CAUzB;AAED;;;;;;GAMG;AACH,wBAAgB,iBAAiB,CAC/B,KAAK,EAAE,MAAM,EACb,IAAI,EAAE,MAAM,EACZ,IAAI,GAAE;IAAE,SAAS,CAAC,EAAE,MAAM,CAAA;CAAO,GAChC,OAAO,CAAC,cAAc,CAAC,CAOzB;AAID;;;;uDAIuD;AACvD,wBAAgB,iBAAiB,CAC/B,KAAK,EAAE,MAAM,EACb,IAAI,GAAE;IAAE,SAAS,CAAC,EAAE,MAAM,CAAC;IAAC,KAAK,CAAC,EAAE,MAAM,CAAC;IAAC,MAAM,CAAC,EAAE,MAAM,CAAA;CAAO,GACjE,OAAO,CAAC,cAAc,CAAC,CASzB;AAED;;;;kBAIkB;AAClB,wBAAgB,gBAAgB,CAC9B,KAAK,EAAE,MAAM,EACb,KAAK,EAAE,MAAM,EACb,IAAI,GAAE;IAAE,SAAS,CAAC,EAAE,MAAM,CAAC;IAAC,mBAAmB,CAAC,EAAE,MAAM,CAAA;CAAO,GAC9D,OAAO,CAAC,cAAc,CAAC,CAUzB;AAED;;yGAEyG;AACzG,wBAAgB,mBAAmB,CACjC,KAAK,EAAE,MAAM,EACb,IAAI,GAAE;IAAE,SAAS,CAAC,EAAE,MAAM,CAAC;IAAC,KAAK,CAAC,EAAE,MAAM,CAAC;IAAC,MAAM,CAAC,EAAE,MAAM,CAAA;CAAO,GACjE,OAAO,CAAC,cAAc,CAAC,CAQzB;AAED;8DAC8D;AAC9D,wBAAsB,iBAAiB,CAAC,IAAI,EAAE;IAC5C,OAAO,EAAE,MAAM,CAAC;IAChB,KAAK,EAAE,MAAM,CAAC;IACd,oGAAoG;IACpG,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB,GAAG,OAAO,CAAC,IAAI,CAAC,CAgChB;AAED;kDACkD;AAClD,wBAAsB,iBAAiB,CAAC,IAAI,EAAE;IAC5C,OAAO,EAAE,MAAM,CAAC;IAChB,KAAK,EAAE,MAAM,CAAC;IACd,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,UAAU,CAAC,EAAE,OAAO,CAAC;CACtB,GAAG,OAAO,CAAC,uBAAuB,CAAC,CAcnC;AAED;;;;;oFAKoF;AACpF,wBAAsB,YAAY,CAAC,IAAI,EAAE;IACvC,OAAO,EAAE,MAAM,CAAC;IAChB,KAAK,EAAE,MAAM,CAAC;IACd,OAAO,EAAE,MAAM,CAAC;IAChB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB,GAAG,OAAO,CAAC;IAAE,OAAO,EAAE,MAAM,CAAC;IAAC,MAAM,EAAE,MAAM,CAAA;CAAE,CAAC,CAsB/C"}
package/dist/streams.js CHANGED
@@ -1,7 +1,7 @@
1
1
  import { jetstreamManager, AckPolicy, DeliverPolicy, RetentionPolicy, DiscardPolicy, StorageType, } from "@nats-io/jetstream";
2
2
  import { connect, credsAuthenticator, nanos } from "@nats-io/transport-node";
3
3
  import { Kvm } from "@nats-io/kv";
4
- import { spacePrefix, chatStream, chatSubject, chatWildcard, isConcreteChannel, dmStream, dmDurable, unicastSubject, taskStream, taskDurable, anycastSubject, presenceBucket, channelBucket, membersBucket, inboxStream, dlvStream, dlvSubject, dlvDurable, FANOUT_DURABLE, INBOX_READER_DURABLE, } from "./subjects.js";
4
+ import { spacePrefix, chatStream, chatSubject, chatWildcard, isConcreteChannel, dmStream, dmDurable, unicastSubject, taskStream, taskDurable, anycastSubject, presenceBucket, channelBucket, membersBucket, aclBucket, membershipBucket, deliveryBucket, inboxStream, dlvStream, dlvSubject, dlvDurable, fanoutDurable, readerDurable, } from "./subjects.js";
5
5
  /** Default presence-bucket entry TTL (ms) — matches the endpoint's default liveness window. */
6
6
  const PRESENCE_TTL_MS = 6_000;
7
7
  /** Per-(sender,channel)-subject retention cap on the chat stream — the bound past which the
@@ -22,6 +22,18 @@ export const PLANE3_DEDUP_WINDOW_MS = 2 * 60 * 60 * 1000;
22
22
  /** Bound on the trusted reader's in-flight (un-acked) entries per owner — an offline owner with a large
23
23
  * backlog can't stall the reader's own redelivery by pinning unbounded pending. */
24
24
  export const DINBOX_MAX_ACK_PENDING = 1000;
25
+ /** Delivery-daemon single-flight lease TTL (ms) — the bucket-level `max_age` on `cotal_delivery_<space>`.
26
+ * A live holder renews at ~half this; a crashed holder stops renewing and the bucket TTL expires its
27
+ * lease key, freeing it for a fresh daemon's CAS create. Sized well above the renew interval so a brief
28
+ * GC/scheduling pause never self-evicts a healthy holder, yet short enough that a crash frees the shard
29
+ * promptly. (The bucket holds ONLY lease keys, so a bucket TTL is exact here; per-key TTL is also
30
+ * available on this stack — a deliberate simplicity choice, not a capability gap. See {@link deliveryBucket}.) */
31
+ export const LEASE_TTL_MS = 30_000;
32
+ /** Bucket-level `max_bytes` cap on the derived membership feed (`cotal_membership_<space>`). The
33
+ * per-agent keying keeps each value tiny (a handful of channel patterns), so 64 MiB bounds the footprint
34
+ * far above any realistic readership while keeping the bucket from growing unbounded. A deliberate cap,
35
+ * not a guess at scale — the design is cap-safe by construction (per-agent, store-patterns-not-expanded). */
36
+ export const MEMBERSHIP_MAX_BYTES = 64 * 1024 * 1024;
25
37
  /**
26
38
  * Create (idempotently) the three backing streams for a space — CHAT (multicast backlog +
27
39
  * history), DM (per-instance inboxes), TASK (anycast work queue).
@@ -131,7 +143,7 @@ export function taskDurableConfig(space, role, opts = {}) {
131
143
  * recovered from the subject (`parseDinboxOwner`). */
132
144
  export function inboxReaderConfig(space, opts = {}) {
133
145
  return {
134
- durable_name: INBOX_READER_DURABLE,
146
+ durable_name: readerDurable(opts.shard, opts.shards),
135
147
  filter_subject: `${spacePrefix(space)}.dinbox.>`,
136
148
  ack_policy: AckPolicy.Explicit,
137
149
  ack_wait: nanos(opts.ackWaitMs ?? 60_000),
@@ -161,7 +173,7 @@ export function dlvDurableConfig(space, owner, opts = {}) {
161
173
  * manager restart it resumes from its ack cursor and fans out the gap, idempotent via `Nats-Msg-Id`. */
162
174
  export function fanoutDurableConfig(space, opts = {}) {
163
175
  return {
164
- durable_name: FANOUT_DURABLE,
176
+ durable_name: fanoutDurable(opts.shard, opts.shards),
165
177
  filter_subject: chatWildcard(space),
166
178
  ack_policy: AckPolicy.Explicit,
167
179
  ack_wait: nanos(opts.ackWaitMs ?? 60_000),
@@ -184,9 +196,21 @@ export async function setupSpaceStreams(opts) {
184
196
  await kvm.create(presenceBucket(opts.space), { ttl: PRESENCE_TTL_MS });
185
197
  await kvm.create(channelBucket(opts.space));
186
198
  // Durable-membership registry (Plane-3): privileged-write, no TTL (durable config, like the
187
- // channel registry). Pre-created so the manager (and open-mode self) can OPEN it; agents hold no
188
- // grant. Idempotent.
199
+ // channel registry). Pre-created so the delivery daemon (and open-mode self) can OPEN it; agents
200
+ // hold no grant. Idempotent.
189
201
  await kvm.create(membersBucket(opts.space));
202
+ // Durable read-ACL registry (Plane-3 keystone): privileged-write, no TTL. The manager records an
203
+ // agent's read ACL here at mint; the delivery daemon re-auths every durable entry against it.
204
+ await kvm.create(aclBucket(opts.space));
205
+ // Derived channel-membership feed (broker CONNZ ∪ members registry): privileged-write (the
206
+ // `membership-rw` cred), admin/observer-read, no TTL (the daemon prunes departed agents). `history:1`
207
+ // (only the latest record per agent matters) + a `max_bytes` cap (footprint bound). Pre-created so the
208
+ // scoped writer holds no STREAM.CREATE. Idempotent.
209
+ await kvm.create(membershipBucket(opts.space), { history: 1, max_bytes: MEMBERSHIP_MAX_BYTES });
210
+ // Delivery-daemon single-flight lease + readiness bucket: bucket-level TTL (`max_age`) so a crashed
211
+ // holder's lease auto-expires and a fresh daemon can re-acquire. Holds ONLY lease keys, writable
212
+ // only by the `delivery` cred, world-readable (the non-gating delivery-health surface). Idempotent.
213
+ await kvm.create(deliveryBucket(opts.space), { ttl: LEASE_TTL_MS });
190
214
  }
191
215
  finally {
192
216
  await nc.drain();