@cyanheads/sanctions-screening-mcp-server 0.1.0

package/changelog/template.md

@@ -0,0 +1,127 @@
+---
+# FORMAT REFERENCE — do not edit. Copy this file to
+# `changelog/<major.minor>.x/<version>.md` (e.g. `changelog/0.8.x/0.8.6.md`)
+# to author a new release. Set that file's H1 to `# <version> — YYYY-MM-DD`
+# with a concrete date.
+
+# Required. One-line GitHub Release-style headline. 350 character cap.
+# Default short and scannable. Don't pad, don't stitch unrelated changes with
+# semicolons — pick the headline. Quotes required: unquoted YAML treats `: `
+# inside the value as a key separator and fails GitHub's strict parser.
+summary: ""
+
+# Set `true` when consumers must change code to upgrade: API removals,
+# signature changes, config renames, behavior changes that break existing
+# usage. Flagged as `Breaking` in the rollup.
+breaking: false
+
+# Set `true` if this release contains any security fix. Pairs with the
+# `## Security` section below. Flagged as `Security` in the rollup so
+# users can triage upgrade urgency at a glance.
+security: false
+
+# Optional free-form notes for maintenance agents processing this release.
+# Not rendered in CHANGELOG — consumed by agents running `maintenance` on
+# downstream servers. Use for adoption instructions that don't fit the
+# human-facing sections: new files to create, fields to populate, one-time
+# migration steps. Omit the field entirely when there's nothing to say.
+# agent-notes: |
+#   <instructions for downstream maintenance agents>
+---
+
+# <version> — YYYY-MM-DD
+
+<!--
+  AUTHORING GUIDE — applies to the new per-version file you create from this
+  template.
+
+  Audience: someone scanning release notes to decide what affects them. Lead
+  each bullet with the symbol or concept name in **bold** so they can skip
+  what's irrelevant and zoom in on what's not.
+
+  Tone: terse, fact-dense, not verbose. Default to one sentence per bullet —
+  name the symbol, state what changed, stop. Use a second sentence only when
+  it carries weight. If a bullet feels long, it is.
+
+  Cut: mechanism walkthroughs (those belong in JSDoc, CLAUDE.md/AGENTS.md, or the
+  relevant skill), ceremonial framings ("This release introduces…",
+  backwards-compat paragraphs), file-by-file test enumerations, internal
+  implementation notes. Prefer code/symbol names over English re-explanations.
+
+  Narrative intro: skip by default. Add one short sentence only when the
+  release theme genuinely needs framing the bullets can't carry.
+
+  Sections: Keep a Changelog order — Added, Changed, Deprecated, Removed,
+  Fixed, Security. Include only sections with entries; delete the rest
+  (including the commented-out scaffolding below). Don't ship empty headers.
+
+  Include: every distinct fact a reader needs to adopt or audit the release —
+  new exports, signatures, lint rule IDs, env vars, breaking changes, version
+  bumps on shipped skills. Nothing more.
+
+  Links: link issues, PRs, docs, or skills where they help a reader jump to
+  context. Once per item per entry — don't re-link the same issue in summary,
+  narrative, and bullet. Skip links for inline symbol names; code spans speak
+  for themselves.
+
+  Issue/PR URLs: use full URLs. GitHub's bare `#NN` auto-link only resolves
+  inside its own UI, not in npm reads or local editors.
+
+      [#38](https://github.com/cyanheads/mcp-ts-core/issues/38)   ← issue
+      [#42](https://github.com/cyanheads/mcp-ts-core/pull/42)     ← PR
+
+  Verify numbers exist before linking (`gh issue view NN`, `gh pr view NN`).
+  Never speculate on a future number — `#42` for an upcoming PR silently
+  resolves to whatever real item already owns 42, and timeline previews pull
+  in that unrelated item's metadata.
+
+  TAG ANNOTATIONS — the annotated tag body renders as the GitHub Release body
+  via `gh release create --notes-from-tag`. The tag is a derivative of this
+  changelog entry — a condensed, scannable version, not a copy. Format:
+
+    <theme — omit version number, GitHub prepends it>
+                                                          ← blank line
+    <1-2 sentence context: what this release does>
+                                                          ← blank line
+    Dependency bumps:                                     ← section header
+                                                          ← blank line
+    - `@cyanheads/mcp-ts-core` ^0.9.1 → ^0.9.6          ← bullet
+                                                          ← blank line
+    Changed:                                              ← only sections with entries
+                                                          ← blank line
+    - `format()` output includes `query` in text mode
+                                                          ← blank line
+    Added:
+                                                          ← blank line
+    - `manifest.json` scaffolded for MCPB bundle support
+    - Install badges (Claude Desktop, Cursor, VS Code)
+                                                          ← blank line
+    <N> tests pass; `bun run devcheck` clean.             ← footer
+
+  Never a flat comma-separated string. Always structured markdown with
+  sections. The tag must scan well as a rendered GitHub Release page.
+-->
+
+## Added
+
+-
+
+## Changed
+
+-
+
+<!-- ## Deprecated
+
+- -->
+
+<!-- ## Removed
+
+- -->
+
+## Fixed
+
+-
+
+<!-- ## Security
+
+- -->

package/dist/config/server-config.d.ts

@@ -0,0 +1,37 @@
+/**
+ * @fileoverview Server-specific environment configuration for
+ * sanctions-screening-mcp-server. Holds the local mirror path, fuzzy-match
+ * tuning, the refresh cron, and per-source URL overrides. All sources are
+ * keyless — the EU "token" is a static public path component, not a credential
+ * — so no secret values live here.
+ * @module config/server-config
+ */
+import { z } from '@cyanheads/mcp-ts-core';
+/** Default upstream source endpoints, all verified official paths (see docs/design.md). */
+export declare const DEFAULT_SOURCE_URLS: {
+    readonly ofacSdn: "https://sanctionslistservice.ofac.treas.gov/api/PublicationPreview/exports/SDN_ADVANCED.XML";
+    readonly ofacConsolidated: "https://sanctionslistservice.ofac.treas.gov/api/PublicationPreview/exports/CONS_ADVANCED.XML";
+    readonly euFsf: "https://webgate.ec.europa.eu/fsd/fsf/public/files/xmlFullSanctionsList_1_1/content?token=dG9rZW4tMjAxNw";
+    readonly ukSanctions: "https://sanctionslist.fcdo.gov.uk/docs/UK-Sanctions-List.xml";
+    readonly unSc: "https://scsanctions.un.org/resources/xml/en/consolidated.xml";
+    readonly gleifGoldenCopyBase: "https://goldencopy.gleif.org";
+};
+declare const ServerConfigSchema: z.ZodObject<{
+    mirrorPath: z.ZodDefault<z.ZodString>;
+    refreshCron: z.ZodDefault<z.ZodString>;
+    fuzzyMinScore: z.ZodDefault<z.ZodCoercedNumber<unknown>>;
+    fuzzyMaxResults: z.ZodDefault<z.ZodCoercedNumber<unknown>>;
+    ofacSdnUrl: z.ZodDefault<z.ZodString>;
+    ofacConsolidatedUrl: z.ZodDefault<z.ZodString>;
+    euFsfUrl: z.ZodDefault<z.ZodString>;
+    ukSanctionsUrl: z.ZodDefault<z.ZodString>;
+    unScUrl: z.ZodDefault<z.ZodString>;
+    gleifGoldenCopyBaseUrl: z.ZodDefault<z.ZodString>;
+}, z.core.$strip>;
+export type ServerConfig = z.infer<typeof ServerConfigSchema>;
+/** Lazily parse and memoize the server config. */
+export declare function getServerConfig(): ServerConfig;
+/** Reset memoized config — test isolation only. */
+export declare function resetServerConfig(): void;
+export {};
+//# sourceMappingURL=server-config.d.ts.map

package/dist/config/server-config.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"server-config.d.ts","sourceRoot":"","sources":["../../src/config/server-config.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,EAAE,CAAC,EAAE,MAAM,wBAAwB,CAAC;AAG3C,2FAA2F;AAC3F,eAAO,MAAM,mBAAmB;;;;;;;CAUtB,CAAC;AAEX,QAAA,MAAM,kBAAkB;;;;;;;;;;;iBA6CtB,CAAC;AAEH,MAAM,MAAM,YAAY,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,kBAAkB,CAAC,CAAC;AAI9D,kDAAkD;AAClD,wBAAgB,eAAe,IAAI,YAAY,CAc9C;AAED,mDAAmD;AACnD,wBAAgB,iBAAiB,IAAI,IAAI,CAExC"}

package/dist/config/server-config.js

@@ -0,0 +1,87 @@
+/**
+ * @fileoverview Server-specific environment configuration for
+ * sanctions-screening-mcp-server. Holds the local mirror path, fuzzy-match
+ * tuning, the refresh cron, and per-source URL overrides. All sources are
+ * keyless — the EU "token" is a static public path component, not a credential
+ * — so no secret values live here.
+ * @module config/server-config
+ */
+import { z } from '@cyanheads/mcp-ts-core';
+import { parseEnvConfig } from '@cyanheads/mcp-ts-core/config';
+/** Default upstream source endpoints, all verified official paths (see docs/design.md). */
+export const DEFAULT_SOURCE_URLS = {
+    ofacSdn: 'https://sanctionslistservice.ofac.treas.gov/api/PublicationPreview/exports/SDN_ADVANCED.XML',
+    ofacConsolidated: 'https://sanctionslistservice.ofac.treas.gov/api/PublicationPreview/exports/CONS_ADVANCED.XML',
+    euFsf: 'https://webgate.ec.europa.eu/fsd/fsf/public/files/xmlFullSanctionsList_1_1/content?token=dG9rZW4tMjAxNw',
+    ukSanctions: 'https://sanctionslist.fcdo.gov.uk/docs/UK-Sanctions-List.xml',
+    unSc: 'https://scsanctions.un.org/resources/xml/en/consolidated.xml',
+    gleifGoldenCopyBase: 'https://goldencopy.gleif.org',
+};
+const ServerConfigSchema = z.object({
+    mirrorPath: z
+        .string()
+        .default('./data/sanctions.db')
+        .describe('Filesystem path for the SQLite mirror; a persistent volume on a hosted deployment.'),
+    refreshCron: z
+        .string()
+        .default('0 4 * * *')
+        .describe('Cron for the scheduled refresh of sanctions lists + GLEIF deltas (HTTP only).'),
+    fuzzyMinScore: z.coerce
+        .number()
+        .min(0)
+        .max(1)
+        .default(0.85)
+        .describe('Default Jaro-Winkler similarity floor for fuzzy matches when min_score is omitted.'),
+    fuzzyMaxResults: z.coerce
+        .number()
+        .int()
+        .min(1)
+        .default(50)
+        .describe('Hard cap on fuzzy candidates scored per query, to bound work on short queries.'),
+    ofacSdnUrl: z
+        .string()
+        .default(DEFAULT_SOURCE_URLS.ofacSdn)
+        .describe('OFAC SDN advanced-XML URL.'),
+    ofacConsolidatedUrl: z
+        .string()
+        .default(DEFAULT_SOURCE_URLS.ofacConsolidated)
+        .describe('OFAC Consolidated advanced-XML URL.'),
+    euFsfUrl: z
+        .string()
+        .default(DEFAULT_SOURCE_URLS.euFsf)
+        .describe('EU consolidated XML URL (includes the static public token path component).'),
+    ukSanctionsUrl: z
+        .string()
+        .default(DEFAULT_SOURCE_URLS.ukSanctions)
+        .describe('UK Sanctions List (UKSL) XML URL.'),
+    unScUrl: z
+        .string()
+        .default(DEFAULT_SOURCE_URLS.unSc)
+        .describe('UN Security Council consolidated XML URL.'),
+    gleifGoldenCopyBaseUrl: z
+        .string()
+        .default(DEFAULT_SOURCE_URLS.gleifGoldenCopyBase)
+        .describe('Base URL for the GLEIF golden-copy / delta download API.'),
+});
+let _config;
+/** Lazily parse and memoize the server config. */
+export function getServerConfig() {
+    _config ??= parseEnvConfig(ServerConfigSchema, {
+        mirrorPath: 'SANCTIONS_MIRROR_PATH',
+        refreshCron: 'SANCTIONS_REFRESH_CRON',
+        fuzzyMinScore: 'SANCTIONS_FUZZY_MIN_SCORE',
+        fuzzyMaxResults: 'SANCTIONS_FUZZY_MAX_RESULTS',
+        ofacSdnUrl: 'OFAC_SDN_URL',
+        ofacConsolidatedUrl: 'OFAC_CONSOLIDATED_URL',
+        euFsfUrl: 'EU_FSF_URL',
+        ukSanctionsUrl: 'UK_SANCTIONS_URL',
+        unScUrl: 'UN_SC_URL',
+        gleifGoldenCopyBaseUrl: 'GLEIF_GOLDEN_COPY_BASE_URL',
+    });
+    return _config;
+}
+/** Reset memoized config — test isolation only. */
+export function resetServerConfig() {
+    _config = undefined;
+}
+//# sourceMappingURL=server-config.js.map

package/dist/config/server-config.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"server-config.js","sourceRoot":"","sources":["../../src/config/server-config.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,EAAE,CAAC,EAAE,MAAM,wBAAwB,CAAC;AAC3C,OAAO,EAAE,cAAc,EAAE,MAAM,+BAA+B,CAAC;AAE/D,2FAA2F;AAC3F,MAAM,CAAC,MAAM,mBAAmB,GAAG;IACjC,OAAO,EACL,6FAA6F;IAC/F,gBAAgB,EACd,8FAA8F;IAChG,KAAK,EACH,yGAAyG;IAC3G,WAAW,EAAE,8DAA8D;IAC3E,IAAI,EAAE,8DAA8D;IACpE,mBAAmB,EAAE,8BAA8B;CAC3C,CAAC;AAEX,MAAM,kBAAkB,GAAG,CAAC,CAAC,MAAM,CAAC;IAClC,UAAU,EAAE,CAAC;SACV,MAAM,EAAE;SACR,OAAO,CAAC,qBAAqB,CAAC;SAC9B,QAAQ,CAAC,oFAAoF,CAAC;IACjG,WAAW,EAAE,CAAC;SACX,MAAM,EAAE;SACR,OAAO,CAAC,WAAW,CAAC;SACpB,QAAQ,CAAC,+EAA+E,CAAC;IAC5F,aAAa,EAAE,CAAC,CAAC,MAAM;SACpB,MAAM,EAAE;SACR,GAAG,CAAC,CAAC,CAAC;SACN,GAAG,CAAC,CAAC,CAAC;SACN,OAAO,CAAC,IAAI,CAAC;SACb,QAAQ,CAAC,oFAAoF,CAAC;IACjG,eAAe,EAAE,CAAC,CAAC,MAAM;SACtB,MAAM,EAAE;SACR,GAAG,EAAE;SACL,GAAG,CAAC,CAAC,CAAC;SACN,OAAO,CAAC,EAAE,CAAC;SACX,QAAQ,CAAC,gFAAgF,CAAC;IAC7F,UAAU,EAAE,CAAC;SACV,MAAM,EAAE;SACR,OAAO,CAAC,mBAAmB,CAAC,OAAO,CAAC;SACpC,QAAQ,CAAC,4BAA4B,CAAC;IACzC,mBAAmB,EAAE,CAAC;SACnB,MAAM,EAAE;SACR,OAAO,CAAC,mBAAmB,CAAC,gBAAgB,CAAC;SAC7C,QAAQ,CAAC,qCAAqC,CAAC;IAClD,QAAQ,EAAE,CAAC;SACR,MAAM,EAAE;SACR,OAAO,CAAC,mBAAmB,CAAC,KAAK,CAAC;SAClC,QAAQ,CAAC,4EAA4E,CAAC;IACzF,cAAc,EAAE,CAAC;SACd,MAAM,EAAE;SACR,OAAO,CAAC,mBAAmB,CAAC,WAAW,CAAC;SACxC,QAAQ,CAAC,mCAAmC,CAAC;IAChD,OAAO,EAAE,CAAC;SACP,MAAM,EAAE;SACR,OAAO,CAAC,mBAAmB,CAAC,IAAI,CAAC;SACjC,QAAQ,CAAC,2CAA2C,CAAC;IACxD,sBAAsB,EAAE,CAAC;SACtB,MAAM,EAAE;SACR,OAAO,CAAC,mBAAmB,CAAC,mBAAmB,CAAC;SAChD,QAAQ,CAAC,0DAA0D,CAAC;CACxE,CAAC,CAAC;AAIH,IAAI,OAAiC,CAAC;AAEtC,kDAAkD;AAClD,MAAM,UAAU,eAAe;IAC7B,OAAO,KAAK,cAAc,CAAC,kBAAkB,EAAE;QAC7C,UAAU,EAAE,uBAAuB;QACnC,WAAW,EAAE,wBAAwB;QACrC,aAAa,EAAE,2BAA2B;QAC1C,eAAe,EAAE,6BAA6B;QAC9C,UAAU,EAAE,cAAc;QAC1B,mBAAmB,EAAE,uBAAuB;QAC5C,QAAQ,EAAE,YAAY;QACtB,cAAc,EAAE,kBAAkB;QAClC,OAAO,EAAE,WAAW;QACpB,sBAAsB,EAAE,4BAA4B;KACrD,CAAC,CAAC;IACH,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,mDAAmD;AACnD,MAAM,UAAU,iBAAiB;IAC/B,OAAO,GAAG,SAAS,CAAC;AACtB,CAAC"}

package/dist/index.d.ts

@@ -0,0 +1,11 @@
+#!/usr/bin/env node
+/**
+ * @fileoverview sanctions-screening-mcp-server MCP server entry point. Wires the
+ * screening service (which owns the local SQLite + FTS5 mirrors), registers the
+ * six screening/resolution tools, three URI resources, and the counterparty
+ * vetting prompt, and schedules the mirror refresh on HTTP deployments. The
+ * full-corpus mirror init runs out-of-band via `bun run mirror:init`.
+ * @module index
+ */
+export {};
+//# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";AACA;;;;;;;GAOG"}

package/dist/index.js

@@ -0,0 +1,70 @@
+#!/usr/bin/env node
+/**
+ * @fileoverview sanctions-screening-mcp-server MCP server entry point. Wires the
+ * screening service (which owns the local SQLite + FTS5 mirrors), registers the
+ * six screening/resolution tools, three URI resources, and the counterparty
+ * vetting prompt, and schedules the mirror refresh on HTTP deployments. The
+ * full-corpus mirror init runs out-of-band via `bun run mirror:init`.
+ * @module index
+ */
+import { createApp } from '@cyanheads/mcp-ts-core';
+import { config } from '@cyanheads/mcp-ts-core/config';
+import { logger, requestContextService, schedulerService } from '@cyanheads/mcp-ts-core/utils';
+import { getServerConfig } from './config/server-config.js';
+import { allPromptDefinitions } from './mcp-server/prompts/definitions/index.js';
+import { allResourceDefinitions } from './mcp-server/resources/definitions/index.js';
+import { allToolDefinitions } from './mcp-server/tools/definitions/index.js';
+import { getScreeningService, initScreeningService, } from './services/screening/screening-service.js';
+await createApp({
+    name: 'sanctions-screening-mcp-server',
+    title: 'sanctions-screening-mcp-server',
+    tools: allToolDefinitions,
+    resources: allResourceDefinitions,
+    prompts: allPromptDefinitions,
+    instructions: 'Screen names against the consolidated OFAC, EU, UK, and UN sanctions lists and resolve legal entities against GLEIF, all fuzzy-matched offline over a local mirror. Start with sanctions_screen_name for "is this entity on a watchlist"; sanctions_resolve_entity → sanctions_get_entity → sanctions_trace_ownership for "who is this legal entity and who owns it." Every result is a screening AID, not a compliance determination — a hit is a candidate to verify against the official source, and an empty result is never a clearance. Check sanctions_list_sources for which lists are loaded and how fresh the mirror is.',
+    landing: {
+        requireAuth: false,
+        tagline: 'Screen names against OFAC, EU, UK, and UN sanctions lists and resolve legal entities against GLEIF — offline, fuzzy-matched. A screening aid, not a compliance determination.',
+        links: [
+            {
+                label: 'OFAC Sanctions List Service',
+                href: 'https://sanctionslistservice.ofac.treas.gov/',
+                external: true,
+            },
+            { label: 'UK Sanctions List', href: 'https://sanctionslist.fcdo.gov.uk/', external: true },
+            {
+                label: 'UN SC Consolidated List',
+                href: 'https://main.un.org/securitycouncil/en/content/un-sc-consolidated-list',
+                external: true,
+            },
+            { label: 'GLEIF', href: 'https://www.gleif.org/', external: true },
+        ],
+    },
+    setup() {
+        initScreeningService();
+        scheduleRefresh();
+    },
+});
+/**
+ * Schedule the daily mirror refresh on HTTP deployments only. stdio operators
+ * run refresh out-of-band via `bun run mirror:refresh`, so a cron there would be
+ * redundant and could collide with a manual run.
+ */
+function scheduleRefresh() {
+    if (config.mcpTransportType !== 'http')
+        return;
+    const { refreshCron } = getServerConfig();
+    void schedulerService
+        .schedule('sanctions-mirror-refresh', refreshCron, async (ctx) => {
+        const svc = getScreeningService();
+        logger.info('Starting scheduled sanctions mirror refresh', ctx);
+        await svc.designations.runSync({ mode: 'refresh' });
+        await svc.rebuildNameIndex();
+        logger.info('Scheduled sanctions mirror refresh complete', ctx);
+    }, 'Refreshes the sanctions watchlists from their upstream sources.')
+        .then(() => schedulerService.start('sanctions-mirror-refresh'))
+        .catch((err) => {
+        logger.error('Failed to schedule sanctions mirror refresh', err, requestContextService.createRequestContext({ operation: 'scheduleRefresh' }));
+    });
+}
+//# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";AACA;;;;;;;GAOG;AAEH,OAAO,EAAE,SAAS,EAAE,MAAM,wBAAwB,CAAC;AACnD,OAAO,EAAE,MAAM,EAAE,MAAM,+BAA+B,CAAC;AACvD,OAAO,EAAE,MAAM,EAAE,qBAAqB,EAAE,gBAAgB,EAAE,MAAM,8BAA8B,CAAC;AAC/F,OAAO,EAAE,eAAe,EAAE,MAAM,2BAA2B,CAAC;AAC5D,OAAO,EAAE,oBAAoB,EAAE,MAAM,2CAA2C,CAAC;AACjF,OAAO,EAAE,sBAAsB,EAAE,MAAM,6CAA6C,CAAC;AACrF,OAAO,EAAE,kBAAkB,EAAE,MAAM,yCAAyC,CAAC;AAC7E,OAAO,EACL,mBAAmB,EACnB,oBAAoB,GACrB,MAAM,2CAA2C,CAAC;AAEnD,MAAM,SAAS,CAAC;IACd,IAAI,EAAE,gCAAgC;IACtC,KAAK,EAAE,gCAAgC;IACvC,KAAK,EAAE,kBAAkB;IACzB,SAAS,EAAE,sBAAsB;IACjC,OAAO,EAAE,oBAAoB;IAC7B,YAAY,EACV,omBAAomB;IACtmB,OAAO,EAAE;QACP,WAAW,EAAE,KAAK;QAClB,OAAO,EACL,+KAA+K;QACjL,KAAK,EAAE;YACL;gBACE,KAAK,EAAE,6BAA6B;gBACpC,IAAI,EAAE,8CAA8C;gBACpD,QAAQ,EAAE,IAAI;aACf;YACD,EAAE,KAAK,EAAE,mBAAmB,EAAE,IAAI,EAAE,oCAAoC,EAAE,QAAQ,EAAE,IAAI,EAAE;YAC1F;gBACE,KAAK,EAAE,yBAAyB;gBAChC,IAAI,EAAE,wEAAwE;gBAC9E,QAAQ,EAAE,IAAI;aACf;YACD,EAAE,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE,wBAAwB,EAAE,QAAQ,EAAE,IAAI,EAAE;SACnE;KACF;IACD,KAAK;QACH,oBAAoB,EAAE,CAAC;QACvB,eAAe,EAAE,CAAC;IACpB,CAAC;CACF,CAAC,CAAC;AAEH;;;;GAIG;AACH,SAAS,eAAe;IACtB,IAAI,MAAM,CAAC,gBAAgB,KAAK,MAAM;QAAE,OAAO;IAC/C,MAAM,EAAE,WAAW,EAAE,GAAG,eAAe,EAAE,CAAC;IAC1C,KAAK,gBAAgB;SAClB,QAAQ,CACP,0BAA0B,EAC1B,WAAW,EACX,KAAK,EAAE,GAAG,EAAE,EAAE;QACZ,MAAM,GAAG,GAAG,mBAAmB,EAAE,CAAC;QAClC,MAAM,CAAC,IAAI,CAAC,6CAA6C,EAAE,GAAG,CAAC,CAAC;QAChE,MAAM,GAAG,CAAC,YAAY,CAAC,OAAO,CAAC,EAAE,IAAI,EAAE,SAAS,EAAE,CAAC,CAAC;QACpD,MAAM,GAAG,CAAC,gBAAgB,EAAE,CAAC;QAC7B,MAAM,CAAC,IAAI,CAAC,6CAA6C,EAAE,GAAG,CAAC,CAAC;IAClE,CAAC,EACD,iEAAiE,CAClE;SACA,IAAI,CAAC,GAAG,EAAE,CAAC,gBAAgB,CAAC,KAAK,CAAC,0BAA0B,CAAC,CAAC;SAC9D,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE;QACb,MAAM,CAAC,KAAK,CACV,6CAA6C,EAC7C,GAAY,EACZ,qBAAqB,CAAC,oBAAoB,CAAC,EAAE,SAAS,EAAE,iBAAiB,EAAE,CAAC,CAC7E,CAAC;IACJ,CAAC,CAAC,CAAC;AACP,CAAC"}

package/dist/mcp-server/prompts/definitions/index.d.ts

@@ -0,0 +1,12 @@
+/**
+ * @fileoverview Barrel collecting all prompt definitions into
+ * `allPromptDefinitions` for `createApp()`.
+ * @module mcp-server/prompts/definitions/index
+ */
+import { vetCounterpartyPrompt } from './vet-counterparty.prompt.js';
+export declare const allPromptDefinitions: import("@cyanheads/mcp-ts-core").PromptDefinition<import("zod").ZodObject<{
+    name: import("zod").ZodString;
+    jurisdiction: import("zod").ZodOptional<import("zod").ZodString>;
+}, import("zod/v4/core").$strip>>[];
+export { vetCounterpartyPrompt };
+//# sourceMappingURL=index.d.ts.map

package/dist/mcp-server/prompts/definitions/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../src/mcp-server/prompts/definitions/index.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,qBAAqB,EAAE,MAAM,8BAA8B,CAAC;AAErE,eAAO,MAAM,oBAAoB;;;mCAA0B,CAAC;AAE5D,OAAO,EAAE,qBAAqB,EAAE,CAAC"}

package/dist/mcp-server/prompts/definitions/index.js

@@ -0,0 +1,9 @@
+/**
+ * @fileoverview Barrel collecting all prompt definitions into
+ * `allPromptDefinitions` for `createApp()`.
+ * @module mcp-server/prompts/definitions/index
+ */
+import { vetCounterpartyPrompt } from './vet-counterparty.prompt.js';
+export const allPromptDefinitions = [vetCounterpartyPrompt];
+export { vetCounterpartyPrompt };
+//# sourceMappingURL=index.js.map

package/dist/mcp-server/prompts/definitions/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../src/mcp-server/prompts/definitions/index.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,qBAAqB,EAAE,MAAM,8BAA8B,CAAC;AAErE,MAAM,CAAC,MAAM,oBAAoB,GAAG,CAAC,qBAAqB,CAAC,CAAC;AAE5D,OAAO,EAAE,qBAAqB,EAAE,CAAC"}

package/dist/mcp-server/prompts/definitions/vet-counterparty.prompt.d.ts

@@ -0,0 +1,14 @@
+/**
+ * @fileoverview `sanctions_vet_counterparty` — frames the full counterparty
+ * due-diligence workflow over the existing tools: resolve the name to an LEI,
+ * pull the ownership tree, screen the named entity and every beneficial owner
+ * against all lists, and summarize hits with provenance and the decision-support
+ * caveat. No new capability — a reusable framing of the cross-tool workflow.
+ * @module mcp-server/prompts/definitions/vet-counterparty.prompt
+ */
+import { z } from '@cyanheads/mcp-ts-core';
+export declare const vetCounterpartyPrompt: import("@cyanheads/mcp-ts-core").PromptDefinition<z.ZodObject<{
+    name: z.ZodString;
+    jurisdiction: z.ZodOptional<z.ZodString>;
+}, z.core.$strip>>;
+//# sourceMappingURL=vet-counterparty.prompt.d.ts.map

package/dist/mcp-server/prompts/definitions/vet-counterparty.prompt.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"vet-counterparty.prompt.d.ts","sourceRoot":"","sources":["../../../../src/mcp-server/prompts/definitions/vet-counterparty.prompt.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,EAAU,CAAC,EAAE,MAAM,wBAAwB,CAAC;AAEnD,eAAO,MAAM,qBAAqB;;;kBAiChC,CAAC"}

package/dist/mcp-server/prompts/definitions/vet-counterparty.prompt.js

@@ -0,0 +1,42 @@
+/**
+ * @fileoverview `sanctions_vet_counterparty` — frames the full counterparty
+ * due-diligence workflow over the existing tools: resolve the name to an LEI,
+ * pull the ownership tree, screen the named entity and every beneficial owner
+ * against all lists, and summarize hits with provenance and the decision-support
+ * caveat. No new capability — a reusable framing of the cross-tool workflow.
+ * @module mcp-server/prompts/definitions/vet-counterparty.prompt
+ */
+import { prompt, z } from '@cyanheads/mcp-ts-core';
+export const vetCounterpartyPrompt = prompt('sanctions_vet_counterparty', {
+    title: 'sanctions-screening-mcp-server: vet counterparty',
+    description: 'Structure a full counterparty due-diligence pass: resolve the name to an LEI, pull the ownership tree, screen the named entity and every beneficial owner against all sanctions lists, and summarize hits with provenance and the decision-support caveat.',
+    args: z.object({
+        name: z.string().describe('The counterparty name to vet (person or organization).'),
+        jurisdiction: z
+            .string()
+            .optional()
+            .describe('Optional ISO 3166-1 alpha-2 jurisdiction to disambiguate the entity (e.g. "US").'),
+    }),
+    generate: (args) => {
+        const jurisdictionClause = args.jurisdiction
+            ? ` The entity is based in or registered in ${args.jurisdiction}; pass that as the jurisdiction filter when resolving.`
+            : '';
+        return [
+            {
+                role: 'user',
+                content: {
+                    type: 'text',
+                    text: `Run a counterparty due-diligence pass on "${args.name}".${jurisdictionClause}\n\n` +
+                        'Follow this workflow with the sanctions-screening tools, then summarize:\n\n' +
+                        `1. Screen the name directly with sanctions_screen_name (matchMode "strict"; if it returns nothing, retry with matchMode "fuzzy").\n` +
+                        `2. Resolve "${args.name}" to a GLEIF LEI with sanctions_resolve_entity. If there are multiple candidates, pick the best match and note the alternatives.\n` +
+                        '3. If an LEI is found, call sanctions_trace_ownership on it with screen_nodes set to true and direction "both" — this screens every parent and subsidiary (the beneficial owners) against all watchlists.\n' +
+                        '4. For any potential match surfaced in steps 1–3, call sanctions_get_designation to pull the full record (aliases, identifiers, program, designation date) so it can be verified.\n\n' +
+                        'Then write a summary that, for each potential match, names the entity, the source list and program, the match type and score, and the exact name that matched. Group by the entity in the ownership chain that was flagged.\n\n' +
+                        'Critically: present every result as a POTENTIAL MATCH TO VERIFY against the official source, never as a determination. State explicitly that this is a screening aid, not sanctions-compliance certification, and that an absence of matches is NOT a clearance — it only means nothing matched the names the mirror indexes as of its last refresh. Call sanctions_list_sources if the freshness of the data matters to the conclusion.',
+                },
+            },
+        ];
+    },
+});
+//# sourceMappingURL=vet-counterparty.prompt.js.map

package/dist/mcp-server/prompts/definitions/vet-counterparty.prompt.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"vet-counterparty.prompt.js","sourceRoot":"","sources":["../../../../src/mcp-server/prompts/definitions/vet-counterparty.prompt.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,EAAE,MAAM,EAAE,CAAC,EAAE,MAAM,wBAAwB,CAAC;AAEnD,MAAM,CAAC,MAAM,qBAAqB,GAAG,MAAM,CAAC,4BAA4B,EAAE;IACxE,KAAK,EAAE,kDAAkD;IACzD,WAAW,EACT,4PAA4P;IAC9P,IAAI,EAAE,CAAC,CAAC,MAAM,CAAC;QACb,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,wDAAwD,CAAC;QACnF,YAAY,EAAE,CAAC;aACZ,MAAM,EAAE;aACR,QAAQ,EAAE;aACV,QAAQ,CAAC,kFAAkF,CAAC;KAChG,CAAC;IACF,QAAQ,EAAE,CAAC,IAAI,EAAE,EAAE;QACjB,MAAM,kBAAkB,GAAG,IAAI,CAAC,YAAY;YAC1C,CAAC,CAAC,4CAA4C,IAAI,CAAC,YAAY,wDAAwD;YACvH,CAAC,CAAC,EAAE,CAAC;QACP,OAAO;YACL;gBACE,IAAI,EAAE,MAAM;gBACZ,OAAO,EAAE;oBACP,IAAI,EAAE,MAAM;oBACZ,IAAI,EACF,6CAA6C,IAAI,CAAC,IAAI,KAAK,kBAAkB,MAAM;wBACnF,8EAA8E;wBAC9E,qIAAqI;wBACrI,eAAe,IAAI,CAAC,IAAI,oIAAoI;wBAC5J,6MAA6M;wBAC7M,uLAAuL;wBACvL,iOAAiO;wBACjO,0aAA0a;iBAC7a;aACF;SACF,CAAC;IACJ,CAAC;CACF,CAAC,CAAC"}

package/dist/mcp-server/resources/definitions/designation.resource.d.ts

@@ -0,0 +1,25 @@
+/**
+ * @fileoverview `sanctions://designation/{source}/{entryId}` — read-only mirror
+ * of sanctions_get_designation for clients that inject context by URI. All data
+ * here is reachable via the tool, which is the primary path for tool-only
+ * clients.
+ * @module mcp-server/resources/definitions/designation.resource
+ */
+import { z } from '@cyanheads/mcp-ts-core';
+import { JsonRpcErrorCode } from '@cyanheads/mcp-ts-core/errors';
+export declare const designationResource: import("@cyanheads/mcp-ts-core").ResourceDefinition<z.ZodObject<{
+    source: z.ZodEnum<{
+        ofac_sdn: "ofac_sdn";
+        ofac_consolidated: "ofac_consolidated";
+        eu: "eu";
+        uk: "uk";
+        un: "un";
+    }>;
+    entryId: z.ZodString;
+}, z.core.$strip>, undefined, readonly [{
+    readonly reason: "designation_not_found";
+    readonly code: JsonRpcErrorCode.NotFound;
+    readonly when: "No designation exists for the given source + entry ID in the mirror.";
+    readonly recovery: "Use sanctions_screen_name to discover valid source/entryId pairs first.";
+}]>;
+//# sourceMappingURL=designation.resource.d.ts.map

package/dist/mcp-server/resources/definitions/designation.resource.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"designation.resource.d.ts","sourceRoot":"","sources":["../../../../src/mcp-server/resources/definitions/designation.resource.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,EAAY,CAAC,EAAE,MAAM,wBAAwB,CAAC;AACrD,OAAO,EAAE,gBAAgB,EAAE,MAAM,+BAA+B,CAAC;AAKjE,eAAO,MAAM,mBAAmB;;;;;;;;;;;;;;GAiD9B,CAAC"}

package/dist/mcp-server/resources/definitions/designation.resource.js

@@ -0,0 +1,57 @@
+/**
+ * @fileoverview `sanctions://designation/{source}/{entryId}` — read-only mirror
+ * of sanctions_get_designation for clients that inject context by URI. All data
+ * here is reachable via the tool, which is the primary path for tool-only
+ * clients.
+ * @module mcp-server/resources/definitions/designation.resource
+ */
+import { resource, z } from '@cyanheads/mcp-ts-core';
+import { JsonRpcErrorCode } from '@cyanheads/mcp-ts-core/errors';
+import { SCREENING_CAVEAT } from '../../../mcp-server/tools/definitions/_shared.js';
+import { getScreeningService } from '../../../services/screening/screening-service.js';
+import { SOURCE_LABELS } from '../../../services/screening/types.js';
+export const designationResource = resource('sanctions://designation/{source}/{entryId}', {
+    name: 'sanctions-screening-mcp-server: designation',
+    title: 'sanctions-screening-mcp-server: designation',
+    description: 'Fetch one sanctions designation by source list + entry ID — a read-only URI mirror of sanctions_get_designation. The record is what the source published; a screening aid, not a determination.',
+    mimeType: 'application/json',
+    params: z.object({
+        source: z
+            .enum(['ofac_sdn', 'ofac_consolidated', 'eu', 'uk', 'un'])
+            .describe('Source list the entry belongs to.'),
+        entryId: z.string().min(1).describe("The source list's own entry ID."),
+    }),
+    errors: [
+        {
+            reason: 'designation_not_found',
+            code: JsonRpcErrorCode.NotFound,
+            when: 'No designation exists for the given source + entry ID in the mirror.',
+            recovery: 'Use sanctions_screen_name to discover valid source/entryId pairs first.',
+        },
+    ],
+    async handler(params, ctx) {
+        const svc = getScreeningService();
+        const d = await svc.getDesignation(params.source, params.entryId);
+        if (!d) {
+            throw ctx.fail('designation_not_found', `No ${params.source} designation with entry ID "${params.entryId}".`, { ...ctx.recoveryFor('designation_not_found') });
+        }
+        return {
+            source: d.source,
+            sourceLabel: SOURCE_LABELS[d.source],
+            sourceEntryId: d.sourceEntryId,
+            entityType: d.entityType,
+            primaryName: d.primaryName,
+            program: d.program,
+            legalBasis: d.legalBasis,
+            designationDate: d.designationDate,
+            aliases: d.payload.aliases,
+            identifiers: d.payload.identifiers,
+            addresses: d.payload.addresses,
+            datesOfBirth: d.payload.datesOfBirth,
+            nationalities: d.payload.nationalities,
+            remarks: d.payload.remarks,
+            caveat: SCREENING_CAVEAT,
+        };
+    },
+});
+//# sourceMappingURL=designation.resource.js.map

package/dist/mcp-server/resources/definitions/designation.resource.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"designation.resource.js","sourceRoot":"","sources":["../../../../src/mcp-server/resources/definitions/designation.resource.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,EAAE,QAAQ,EAAE,CAAC,EAAE,MAAM,wBAAwB,CAAC;AACrD,OAAO,EAAE,gBAAgB,EAAE,MAAM,+BAA+B,CAAC;AACjE,OAAO,EAAE,gBAAgB,EAAE,MAAM,2CAA2C,CAAC;AAC7E,OAAO,EAAE,mBAAmB,EAAE,MAAM,2CAA2C,CAAC;AAChF,OAAO,EAAE,aAAa,EAAmB,MAAM,+BAA+B,CAAC;AAE/E,MAAM,CAAC,MAAM,mBAAmB,GAAG,QAAQ,CAAC,4CAA4C,EAAE;IACxF,IAAI,EAAE,6CAA6C;IACnD,KAAK,EAAE,6CAA6C;IACpD,WAAW,EACT,iMAAiM;IACnM,QAAQ,EAAE,kBAAkB;IAC5B,MAAM,EAAE,CAAC,CAAC,MAAM,CAAC;QACf,MAAM,EAAE,CAAC;aACN,IAAI,CAAC,CAAC,UAAU,EAAE,mBAAmB,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,CAAC,CAAC;aACzD,QAAQ,CAAC,mCAAmC,CAAC;QAChD,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,iCAAiC,CAAC;KACvE,CAAC;IACF,MAAM,EAAE;QACN;YACE,MAAM,EAAE,uBAAuB;YAC/B,IAAI,EAAE,gBAAgB,CAAC,QAAQ;YAC/B,IAAI,EAAE,sEAAsE;YAC5E,QAAQ,EAAE,yEAAyE;SACpF;KACF;IAED,KAAK,CAAC,OAAO,CAAC,MAAM,EAAE,GAAG;QACvB,MAAM,GAAG,GAAG,mBAAmB,EAAE,CAAC;QAClC,MAAM,CAAC,GAAG,MAAM,GAAG,CAAC,cAAc,CAAC,MAAM,CAAC,MAAoB,EAAE,MAAM,CAAC,OAAO,CAAC,CAAC;QAChF,IAAI,CAAC,CAAC,EAAE,CAAC;YACP,MAAM,GAAG,CAAC,IAAI,CACZ,uBAAuB,EACvB,MAAM,MAAM,CAAC,MAAM,+BAA+B,MAAM,CAAC,OAAO,IAAI,EACpE,EAAE,GAAG,GAAG,CAAC,WAAW,CAAC,uBAAuB,CAAC,EAAE,CAChD,CAAC;QACJ,CAAC;QACD,OAAO;YACL,MAAM,EAAE,CAAC,CAAC,MAAM;YAChB,WAAW,EAAE,aAAa,CAAC,CAAC,CAAC,MAAM,CAAC;YACpC,aAAa,EAAE,CAAC,CAAC,aAAa;YAC9B,UAAU,EAAE,CAAC,CAAC,UAAU;YACxB,WAAW,EAAE,CAAC,CAAC,WAAW;YAC1B,OAAO,EAAE,CAAC,CAAC,OAAO;YAClB,UAAU,EAAE,CAAC,CAAC,UAAU;YACxB,eAAe,EAAE,CAAC,CAAC,eAAe;YAClC,OAAO,EAAE,CAAC,CAAC,OAAO,CAAC,OAAO;YAC1B,WAAW,EAAE,CAAC,CAAC,OAAO,CAAC,WAAW;YAClC,SAAS,EAAE,CAAC,CAAC,OAAO,CAAC,SAAS;YAC9B,YAAY,EAAE,CAAC,CAAC,OAAO,CAAC,YAAY;YACpC,aAAa,EAAE,CAAC,CAAC,OAAO,CAAC,aAAa;YACtC,OAAO,EAAE,CAAC,CAAC,OAAO,CAAC,OAAO;YAC1B,MAAM,EAAE,gBAAgB;SACzB,CAAC;IACJ,CAAC;CACF,CAAC,CAAC"}

package/dist/mcp-server/resources/definitions/entity.resource.d.ts

@@ -0,0 +1,17 @@
+/**
+ * @fileoverview `sanctions://entity/{lei}` — read-only mirror of
+ * sanctions_get_entity's GLEIF Level 1 payload (without the screening
+ * cross-reference, which is tool-only). For clients that inject context by URI.
+ * @module mcp-server/resources/definitions/entity.resource
+ */
+import { z } from '@cyanheads/mcp-ts-core';
+import { JsonRpcErrorCode } from '@cyanheads/mcp-ts-core/errors';
+export declare const entityResource: import("@cyanheads/mcp-ts-core").ResourceDefinition<z.ZodObject<{
+    lei: z.ZodString;
+}, z.core.$strip>, undefined, readonly [{
+    readonly reason: "lei_not_found";
+    readonly code: JsonRpcErrorCode.NotFound;
+    readonly when: "No GLEIF entity exists for the given LEI in the mirror.";
+    readonly recovery: "Resolve the entity name with sanctions_resolve_entity to obtain a valid LEI first.";
+}]>;
+//# sourceMappingURL=entity.resource.d.ts.map

package/dist/mcp-server/resources/definitions/entity.resource.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"entity.resource.d.ts","sourceRoot":"","sources":["../../../../src/mcp-server/resources/definitions/entity.resource.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAAY,CAAC,EAAE,MAAM,wBAAwB,CAAC;AACrD,OAAO,EAAE,gBAAgB,EAAE,MAAM,+BAA+B,CAAC;AAGjE,eAAO,MAAM,cAAc;;;;;;;GAgCzB,CAAC"}

package/dist/mcp-server/resources/definitions/entity.resource.js

@@ -0,0 +1,40 @@
+/**
+ * @fileoverview `sanctions://entity/{lei}` — read-only mirror of
+ * sanctions_get_entity's GLEIF Level 1 payload (without the screening
+ * cross-reference, which is tool-only). For clients that inject context by URI.
+ * @module mcp-server/resources/definitions/entity.resource
+ */
+import { resource, z } from '@cyanheads/mcp-ts-core';
+import { JsonRpcErrorCode } from '@cyanheads/mcp-ts-core/errors';
+import { getScreeningService } from '../../../services/screening/screening-service.js';
+export const entityResource = resource('sanctions://entity/{lei}', {
+    name: 'sanctions-screening-mcp-server: entity',
+    title: 'sanctions-screening-mcp-server: entity',
+    description: "Fetch one GLEIF Level 1 legal-entity record by LEI — a read-only URI mirror of sanctions_get_entity's entity payload. The sanctions cross-reference is available only via the tool.",
+    mimeType: 'application/json',
+    params: z.object({
+        lei: z
+            .string()
+            .regex(/^[A-Z0-9]{18}[0-9]{2}$/, 'LEI must be 20 chars: 18 alphanumerics + 2 check digits.')
+            .describe('The 20-character GLEIF Legal Entity Identifier.'),
+    }),
+    errors: [
+        {
+            reason: 'lei_not_found',
+            code: JsonRpcErrorCode.NotFound,
+            when: 'No GLEIF entity exists for the given LEI in the mirror.',
+            recovery: 'Resolve the entity name with sanctions_resolve_entity to obtain a valid LEI first.',
+        },
+    ],
+    async handler(params, ctx) {
+        const svc = getScreeningService();
+        const entity = await svc.getLeiEntity(params.lei);
+        if (!entity) {
+            throw ctx.fail('lei_not_found', `No GLEIF entity with LEI "${params.lei}".`, {
+                ...ctx.recoveryFor('lei_not_found'),
+            });
+        }
+        return entity;
+    },
+});
+//# sourceMappingURL=entity.resource.js.map

package/dist/mcp-server/resources/definitions/entity.resource.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"entity.resource.js","sourceRoot":"","sources":["../../../../src/mcp-server/resources/definitions/entity.resource.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAAE,QAAQ,EAAE,CAAC,EAAE,MAAM,wBAAwB,CAAC;AACrD,OAAO,EAAE,gBAAgB,EAAE,MAAM,+BAA+B,CAAC;AACjE,OAAO,EAAE,mBAAmB,EAAE,MAAM,2CAA2C,CAAC;AAEhF,MAAM,CAAC,MAAM,cAAc,GAAG,QAAQ,CAAC,0BAA0B,EAAE;IACjE,IAAI,EAAE,wCAAwC;IAC9C,KAAK,EAAE,wCAAwC;IAC/C,WAAW,EACT,qLAAqL;IACvL,QAAQ,EAAE,kBAAkB;IAC5B,MAAM,EAAE,CAAC,CAAC,MAAM,CAAC;QACf,GAAG,EAAE,CAAC;aACH,MAAM,EAAE;aACR,KAAK,CAAC,wBAAwB,EAAE,0DAA0D,CAAC;aAC3F,QAAQ,CAAC,iDAAiD,CAAC;KAC/D,CAAC;IACF,MAAM,EAAE;QACN;YACE,MAAM,EAAE,eAAe;YACvB,IAAI,EAAE,gBAAgB,CAAC,QAAQ;YAC/B,IAAI,EAAE,yDAAyD;YAC/D,QAAQ,EACN,oFAAoF;SACvF;KACF;IAED,KAAK,CAAC,OAAO,CAAC,MAAM,EAAE,GAAG;QACvB,MAAM,GAAG,GAAG,mBAAmB,EAAE,CAAC;QAClC,MAAM,MAAM,GAAG,MAAM,GAAG,CAAC,YAAY,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QAClD,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,MAAM,GAAG,CAAC,IAAI,CAAC,eAAe,EAAE,6BAA6B,MAAM,CAAC,GAAG,IAAI,EAAE;gBAC3E,GAAG,GAAG,CAAC,WAAW,CAAC,eAAe,CAAC;aACpC,CAAC,CAAC;QACL,CAAC;QACD,OAAO,MAAM,CAAC;IAChB,CAAC;CACF,CAAC,CAAC"}