@davidorex/pi-agent-dispatch 0.28.0

package/dist/composites/command-allowlist.d.ts

@@ -0,0 +1,29 @@
+/**
+ * command-allowlist composite KIND — execute commands restricted to a
+ * registration-fixed allowlist.
+ *
+ * Instance scope (allowed_commands[]) is fixed at registration; per-call
+ * args carry the command name + args. Refuses any command not in the
+ * allowlist with throw — no return-with-error degradation. spawnSync
+ * captures exit_code, stdout, stderr, duration_ms.
+ */
+import { Type } from "@earendil-works/pi-ai";
+export interface CommandAllowlistInstance {
+    allowed_commands: string[];
+}
+export interface CommandAllowlistArgs {
+    command: string;
+    args?: string[];
+}
+export interface CommandAllowlistResult {
+    exit_code: number;
+    stdout: string;
+    stderr: string;
+    duration_ms: number;
+}
+export declare const commandAllowlistArgsSchema: Type.TObject<{
+    command: Type.TString;
+    args: Type.TOptional<Type.TArray<Type.TString>>;
+}>;
+export declare function runCommandAllowlist(cwd: string, instance: CommandAllowlistInstance, args: CommandAllowlistArgs): CommandAllowlistResult;
+//# sourceMappingURL=command-allowlist.d.ts.map

package/dist/composites/command-allowlist.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"command-allowlist.d.ts","sourceRoot":"","sources":["../../src/composites/command-allowlist.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAGH,OAAO,EAAE,IAAI,EAAE,MAAM,uBAAuB,CAAC;AAE7C,MAAM,WAAW,wBAAwB;IACxC,gBAAgB,EAAE,MAAM,EAAE,CAAC;CAC3B;AAED,MAAM,WAAW,oBAAoB;IACpC,OAAO,EAAE,MAAM,CAAC;IAChB,IAAI,CAAC,EAAE,MAAM,EAAE,CAAC;CAChB;AAED,MAAM,WAAW,sBAAsB;IACtC,SAAS,EAAE,MAAM,CAAC;IAClB,MAAM,EAAE,MAAM,CAAC;IACf,MAAM,EAAE,MAAM,CAAC;IACf,WAAW,EAAE,MAAM,CAAC;CACpB;AAED,eAAO,MAAM,0BAA0B;;;EAGrC,CAAC;AAEH,wBAAgB,mBAAmB,CAClC,GAAG,EAAE,MAAM,EACX,QAAQ,EAAE,wBAAwB,EAClC,IAAI,EAAE,oBAAoB,GACxB,sBAAsB,CAsBxB"}

package/dist/composites/command-allowlist.js

@@ -0,0 +1,36 @@
+/**
+ * command-allowlist composite KIND — execute commands restricted to a
+ * registration-fixed allowlist.
+ *
+ * Instance scope (allowed_commands[]) is fixed at registration; per-call
+ * args carry the command name + args. Refuses any command not in the
+ * allowlist with throw — no return-with-error degradation. spawnSync
+ * captures exit_code, stdout, stderr, duration_ms.
+ */
+import { spawnSync } from "node:child_process";
+import { Type } from "@earendil-works/pi-ai";
+export const commandAllowlistArgsSchema = Type.Object({
+    command: Type.String({ description: "Command name — must be in instance.allowed_commands." }),
+    args: Type.Optional(Type.Array(Type.String(), { description: "Command arguments." })),
+});
+export function runCommandAllowlist(cwd, instance, args) {
+    if (!instance?.allowed_commands || instance.allowed_commands.length === 0) {
+        throw new Error("command-allowlist: instance.allowed_commands is required and must be non-empty.");
+    }
+    if (!args?.command) {
+        throw new Error("command-allowlist: args.command is required.");
+    }
+    if (!instance.allowed_commands.includes(args.command)) {
+        throw new Error(`command-allowlist: command '${args.command}' not in allowlist [${instance.allowed_commands.join(", ")}].`);
+    }
+    const start = Date.now();
+    const result = spawnSync(args.command, args.args ?? [], { cwd, encoding: "utf-8" });
+    const duration_ms = Date.now() - start;
+    return {
+        exit_code: result.status ?? -1,
+        stdout: result.stdout ?? "",
+        stderr: result.stderr ?? "",
+        duration_ms,
+    };
+}
+//# sourceMappingURL=command-allowlist.js.map

package/dist/composites/command-allowlist.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"command-allowlist.js","sourceRoot":"","sources":["../../src/composites/command-allowlist.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,EAAE,SAAS,EAAE,MAAM,oBAAoB,CAAC;AAC/C,OAAO,EAAE,IAAI,EAAE,MAAM,uBAAuB,CAAC;AAkB7C,MAAM,CAAC,MAAM,0BAA0B,GAAG,IAAI,CAAC,MAAM,CAAC;IACrD,OAAO,EAAE,IAAI,CAAC,MAAM,CAAC,EAAE,WAAW,EAAE,sDAAsD,EAAE,CAAC;IAC7F,IAAI,EAAE,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,MAAM,EAAE,EAAE,EAAE,WAAW,EAAE,oBAAoB,EAAE,CAAC,CAAC;CACrF,CAAC,CAAC;AAEH,MAAM,UAAU,mBAAmB,CAClC,GAAW,EACX,QAAkC,EAClC,IAA0B;IAE1B,IAAI,CAAC,QAAQ,EAAE,gBAAgB,IAAI,QAAQ,CAAC,gBAAgB,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC3E,MAAM,IAAI,KAAK,CAAC,iFAAiF,CAAC,CAAC;IACpG,CAAC;IACD,IAAI,CAAC,IAAI,EAAE,OAAO,EAAE,CAAC;QACpB,MAAM,IAAI,KAAK,CAAC,8CAA8C,CAAC,CAAC;IACjE,CAAC;IACD,IAAI,CAAC,QAAQ,CAAC,gBAAgB,CAAC,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;QACvD,MAAM,IAAI,KAAK,CACd,+BAA+B,IAAI,CAAC,OAAO,uBAAuB,QAAQ,CAAC,gBAAgB,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAC1G,CAAC;IACH,CAAC;IAED,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IACzB,MAAM,MAAM,GAAG,SAAS,CAAC,IAAI,CAAC,OAAO,EAAE,IAAI,CAAC,IAAI,IAAI,EAAE,EAAE,EAAE,GAAG,EAAE,QAAQ,EAAE,OAAO,EAAE,CAAC,CAAC;IACpF,MAAM,WAAW,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK,CAAC;IACvC,OAAO;QACN,SAAS,EAAE,MAAM,CAAC,MAAM,IAAI,CAAC,CAAC;QAC9B,MAAM,EAAE,MAAM,CAAC,MAAM,IAAI,EAAE;QAC3B,MAAM,EAAE,MAAM,CAAC,MAAM,IAAI,EAAE;QAC3B,WAAW;KACX,CAAC;AACH,CAAC"}

package/dist/composites/git-log.d.ts

@@ -0,0 +1,31 @@
+/**
+ * git-log composite KIND — bounded git history read.
+ *
+ * Instance scope (paths[] / since) is fixed at registration time;
+ * per-call args carry only limit. Wraps `git log --format=%H%x00%an%x00%aI%x00%s`
+ * (null-byte field separator avoids parsing ambiguity on subjects containing
+ * whitespace) and returns a structured commit list. Non-zero git exit
+ * throws — refusal-by-throw parity with other KINDs.
+ */
+import { Type } from "@earendil-works/pi-ai";
+export interface GitLogInstance {
+    paths?: string[];
+    since?: string;
+}
+export interface GitLogArgs {
+    limit?: number;
+}
+export interface GitLogCommit {
+    sha: string;
+    author: string;
+    date: string;
+    message: string;
+}
+export interface GitLogResult {
+    commits: GitLogCommit[];
+}
+export declare const gitLogArgsSchema: Type.TObject<{
+    limit: Type.TOptional<Type.TNumber>;
+}>;
+export declare function runGitLog(cwd: string, instance: GitLogInstance, args: GitLogArgs): GitLogResult;
+//# sourceMappingURL=git-log.d.ts.map

package/dist/composites/git-log.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"git-log.d.ts","sourceRoot":"","sources":["../../src/composites/git-log.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAIH,OAAO,EAAE,IAAI,EAAE,MAAM,uBAAuB,CAAC;AAE7C,MAAM,WAAW,cAAc;IAC9B,KAAK,CAAC,EAAE,MAAM,EAAE,CAAC;IACjB,KAAK,CAAC,EAAE,MAAM,CAAC;CACf;AAED,MAAM,WAAW,UAAU;IAC1B,KAAK,CAAC,EAAE,MAAM,CAAC;CACf;AAED,MAAM,WAAW,YAAY;IAC5B,GAAG,EAAE,MAAM,CAAC;IACZ,MAAM,EAAE,MAAM,CAAC;IACf,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;CAChB;AAED,MAAM,WAAW,YAAY;IAC5B,OAAO,EAAE,YAAY,EAAE,CAAC;CACxB;AAED,eAAO,MAAM,gBAAgB;;EAE3B,CAAC;AAEH,wBAAgB,SAAS,CAAC,GAAG,EAAE,MAAM,EAAE,QAAQ,EAAE,cAAc,EAAE,IAAI,EAAE,UAAU,GAAG,YAAY,CAsB/F"}

package/dist/composites/git-log.js

@@ -0,0 +1,39 @@
+/**
+ * git-log composite KIND — bounded git history read.
+ *
+ * Instance scope (paths[] / since) is fixed at registration time;
+ * per-call args carry only limit. Wraps `git log --format=%H%x00%an%x00%aI%x00%s`
+ * (null-byte field separator avoids parsing ambiguity on subjects containing
+ * whitespace) and returns a structured commit list. Non-zero git exit
+ * throws — refusal-by-throw parity with other KINDs.
+ */
+import { spawnSync } from "node:child_process";
+import { cleanGitEnv } from "@davidorex/pi-context/git-env";
+import { Type } from "@earendil-works/pi-ai";
+export const gitLogArgsSchema = Type.Object({
+    limit: Type.Optional(Type.Number({ description: "Maximum commits to return." })),
+});
+export function runGitLog(cwd, instance, args) {
+    const cmdArgs = ["log", "--format=%H%x00%an%x00%aI%x00%s"];
+    if (instance?.since)
+        cmdArgs.push(`--since=${instance.since}`);
+    if (args?.limit !== undefined)
+        cmdArgs.push(`-${args.limit}`);
+    if (instance?.paths && instance.paths.length > 0) {
+        cmdArgs.push("--");
+        cmdArgs.push(...instance.paths);
+    }
+    const result = spawnSync("git", cmdArgs, { cwd, encoding: "utf-8", env: cleanGitEnv() });
+    if (result.status !== 0) {
+        throw new Error(`git-log: git exited ${result.status}: ${result.stderr}`);
+    }
+    const commits = result.stdout
+        .split("\n")
+        .filter((line) => line.length > 0)
+        .map((line) => {
+        const [sha, author, date, message] = line.split("\x00");
+        return { sha, author, date, message };
+    });
+    return { commits };
+}
+//# sourceMappingURL=git-log.js.map

package/dist/composites/git-log.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"git-log.js","sourceRoot":"","sources":["../../src/composites/git-log.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,EAAE,SAAS,EAAE,MAAM,oBAAoB,CAAC;AAC/C,OAAO,EAAE,WAAW,EAAE,MAAM,+BAA+B,CAAC;AAC5D,OAAO,EAAE,IAAI,EAAE,MAAM,uBAAuB,CAAC;AAsB7C,MAAM,CAAC,MAAM,gBAAgB,GAAG,IAAI,CAAC,MAAM,CAAC;IAC3C,KAAK,EAAE,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,WAAW,EAAE,4BAA4B,EAAE,CAAC,CAAC;CAChF,CAAC,CAAC;AAEH,MAAM,UAAU,SAAS,CAAC,GAAW,EAAE,QAAwB,EAAE,IAAgB;IAChF,MAAM,OAAO,GAAG,CAAC,KAAK,EAAE,iCAAiC,CAAC,CAAC;IAC3D,IAAI,QAAQ,EAAE,KAAK;QAAE,OAAO,CAAC,IAAI,CAAC,WAAW,QAAQ,CAAC,KAAK,EAAE,CAAC,CAAC;IAC/D,IAAI,IAAI,EAAE,KAAK,KAAK,SAAS;QAAE,OAAO,CAAC,IAAI,CAAC,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC,CAAC;IAC9D,IAAI,QAAQ,EAAE,KAAK,IAAI,QAAQ,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAClD,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACnB,OAAO,CAAC,IAAI,CAAC,GAAG,QAAQ,CAAC,KAAK,CAAC,CAAC;IACjC,CAAC;IAED,MAAM,MAAM,GAAG,SAAS,CAAC,KAAK,EAAE,OAAO,EAAE,EAAE,GAAG,EAAE,QAAQ,EAAE,OAAO,EAAE,GAAG,EAAE,WAAW,EAAE,EAAE,CAAC,CAAC;IACzF,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACzB,MAAM,IAAI,KAAK,CAAC,uBAAuB,MAAM,CAAC,MAAM,KAAK,MAAM,CAAC,MAAM,EAAE,CAAC,CAAC;IAC3E,CAAC;IAED,MAAM,OAAO,GAAmB,MAAM,CAAC,MAAM;SAC3C,KAAK,CAAC,IAAI,CAAC;SACX,MAAM,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,CAAC;SACjC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE;QACb,MAAM,CAAC,GAAG,EAAE,MAAM,EAAE,IAAI,EAAE,OAAO,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;QACxD,OAAO,EAAE,GAAG,EAAE,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC;IACvC,CAAC,CAAC,CAAC;IACJ,OAAO,EAAE,OAAO,EAAE,CAAC;AACpB,CAAC"}

package/dist/composites/grep-paths.d.ts

@@ -0,0 +1,26 @@
+/**
+ * grep-paths composite KIND — bounded recursive grep confined to allowed_roots.
+ *
+ * Instance scope (allowed_roots[]) is registration-fixed; per-call args carry
+ * pattern + optional glob (passed to grep as --include). Refusal-by-throw on
+ * empty allowed_roots (canon — empty grant ≠ unrestricted). grep exit codes:
+ * 0 = matches found, 1 = no matches, 2 = error. We surface 0/1 as success
+ * (with empty hits on 1) and throw on 2.
+ */
+import { Type } from "@earendil-works/pi-ai";
+export interface GrepPathsInstance {
+    allowed_roots: string[];
+}
+export interface GrepPathsArgs {
+    pattern: string;
+    glob?: string;
+}
+export interface GrepPathsResult {
+    hits: string;
+}
+export declare const grepPathsArgsSchema: Type.TObject<{
+    pattern: Type.TString;
+    glob: Type.TOptional<Type.TString>;
+}>;
+export declare function runGrepPaths(cwd: string, instance: GrepPathsInstance, args: GrepPathsArgs): GrepPathsResult;
+//# sourceMappingURL=grep-paths.d.ts.map

package/dist/composites/grep-paths.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"grep-paths.d.ts","sourceRoot":"","sources":["../../src/composites/grep-paths.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAGH,OAAO,EAAE,IAAI,EAAE,MAAM,uBAAuB,CAAC;AAE7C,MAAM,WAAW,iBAAiB;IACjC,aAAa,EAAE,MAAM,EAAE,CAAC;CACxB;AAED,MAAM,WAAW,aAAa;IAC7B,OAAO,EAAE,MAAM,CAAC;IAChB,IAAI,CAAC,EAAE,MAAM,CAAC;CACd;AAED,MAAM,WAAW,eAAe;IAC/B,IAAI,EAAE,MAAM,CAAC;CACb;AAED,eAAO,MAAM,mBAAmB;;;EAG9B,CAAC;AAEH,wBAAgB,YAAY,CAAC,GAAG,EAAE,MAAM,EAAE,QAAQ,EAAE,iBAAiB,EAAE,IAAI,EAAE,aAAa,GAAG,eAAe,CAkB3G"}

package/dist/composites/grep-paths.js

@@ -0,0 +1,34 @@
+/**
+ * grep-paths composite KIND — bounded recursive grep confined to allowed_roots.
+ *
+ * Instance scope (allowed_roots[]) is registration-fixed; per-call args carry
+ * pattern + optional glob (passed to grep as --include). Refusal-by-throw on
+ * empty allowed_roots (canon — empty grant ≠ unrestricted). grep exit codes:
+ * 0 = matches found, 1 = no matches, 2 = error. We surface 0/1 as success
+ * (with empty hits on 1) and throw on 2.
+ */
+import { spawnSync } from "node:child_process";
+import { Type } from "@earendil-works/pi-ai";
+export const grepPathsArgsSchema = Type.Object({
+    pattern: Type.String({ description: "grep pattern (BRE)." }),
+    glob: Type.Optional(Type.String({ description: "--include glob (e.g. '*.ts')." })),
+});
+export function runGrepPaths(cwd, instance, args) {
+    if (!instance?.allowed_roots || instance.allowed_roots.length === 0) {
+        throw new Error("grep-paths: instance.allowed_roots is required and must be non-empty.");
+    }
+    if (!args?.pattern) {
+        throw new Error("grep-paths: args.pattern is required.");
+    }
+    const cmdArgs = ["-rn"];
+    if (args.glob)
+        cmdArgs.push(`--include=${args.glob}`);
+    cmdArgs.push(args.pattern);
+    cmdArgs.push(...instance.allowed_roots);
+    const result = spawnSync("grep", cmdArgs, { cwd, encoding: "utf-8" });
+    if (result.status === 2) {
+        throw new Error(`grep-paths: grep exited 2 (error): ${result.stderr}`);
+    }
+    return { hits: result.stdout };
+}
+//# sourceMappingURL=grep-paths.js.map

package/dist/composites/grep-paths.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"grep-paths.js","sourceRoot":"","sources":["../../src/composites/grep-paths.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,EAAE,SAAS,EAAE,MAAM,oBAAoB,CAAC;AAC/C,OAAO,EAAE,IAAI,EAAE,MAAM,uBAAuB,CAAC;AAe7C,MAAM,CAAC,MAAM,mBAAmB,GAAG,IAAI,CAAC,MAAM,CAAC;IAC9C,OAAO,EAAE,IAAI,CAAC,MAAM,CAAC,EAAE,WAAW,EAAE,qBAAqB,EAAE,CAAC;IAC5D,IAAI,EAAE,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,WAAW,EAAE,+BAA+B,EAAE,CAAC,CAAC;CAClF,CAAC,CAAC;AAEH,MAAM,UAAU,YAAY,CAAC,GAAW,EAAE,QAA2B,EAAE,IAAmB;IACzF,IAAI,CAAC,QAAQ,EAAE,aAAa,IAAI,QAAQ,CAAC,aAAa,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACrE,MAAM,IAAI,KAAK,CAAC,uEAAuE,CAAC,CAAC;IAC1F,CAAC;IACD,IAAI,CAAC,IAAI,EAAE,OAAO,EAAE,CAAC;QACpB,MAAM,IAAI,KAAK,CAAC,uCAAuC,CAAC,CAAC;IAC1D,CAAC;IAED,MAAM,OAAO,GAAG,CAAC,KAAK,CAAC,CAAC;IACxB,IAAI,IAAI,CAAC,IAAI;QAAE,OAAO,CAAC,IAAI,CAAC,aAAa,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC;IACtD,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IAC3B,OAAO,CAAC,IAAI,CAAC,GAAG,QAAQ,CAAC,aAAa,CAAC,CAAC;IAExC,MAAM,MAAM,GAAG,SAAS,CAAC,MAAM,EAAE,OAAO,EAAE,EAAE,GAAG,EAAE,QAAQ,EAAE,OAAO,EAAE,CAAC,CAAC;IACtE,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACzB,MAAM,IAAI,KAAK,CAAC,sCAAsC,MAAM,CAAC,MAAM,EAAE,CAAC,CAAC;IACxE,CAAC;IACD,OAAO,EAAE,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,CAAC;AAChC,CAAC"}

package/dist/composites/read-files.d.ts

@@ -0,0 +1,24 @@
+/**
+ * read-files composite KIND — bounded file read confined to allowed_roots.
+ *
+ * Instance scope (allowed_roots[]) is fixed at registration time per
+ * config.tool_operations[] entry; per-call args carry only the relative
+ * path. Refuses any path that, after normalization, falls outside the
+ * cartesian union of allowed_roots. Refusal is throw (not return) so
+ * callers can't silently degrade into the unrestricted-read shape.
+ */
+import { Type } from "@earendil-works/pi-ai";
+export interface ReadFilesInstance {
+    allowed_roots: string[];
+}
+export interface ReadFilesArgs {
+    path: string;
+}
+export interface ReadFilesResult {
+    content: string;
+}
+export declare const readFilesArgsSchema: Type.TObject<{
+    path: Type.TString;
+}>;
+export declare function runReadFiles(cwd: string, instance: ReadFilesInstance, args: ReadFilesArgs): ReadFilesResult;
+//# sourceMappingURL=read-files.d.ts.map

package/dist/composites/read-files.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"read-files.d.ts","sourceRoot":"","sources":["../../src/composites/read-files.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAIH,OAAO,EAAE,IAAI,EAAE,MAAM,uBAAuB,CAAC;AAE7C,MAAM,WAAW,iBAAiB;IACjC,aAAa,EAAE,MAAM,EAAE,CAAC;CACxB;AAED,MAAM,WAAW,aAAa;IAC7B,IAAI,EAAE,MAAM,CAAC;CACb;AAED,MAAM,WAAW,eAAe;IAC/B,OAAO,EAAE,MAAM,CAAC;CAChB;AAED,eAAO,MAAM,mBAAmB;;EAE9B,CAAC;AAEH,wBAAgB,YAAY,CAAC,GAAG,EAAE,MAAM,EAAE,QAAQ,EAAE,iBAAiB,EAAE,IAAI,EAAE,aAAa,GAAG,eAAe,CAsB3G"}

package/dist/composites/read-files.js

@@ -0,0 +1,35 @@
+/**
+ * read-files composite KIND — bounded file read confined to allowed_roots.
+ *
+ * Instance scope (allowed_roots[]) is fixed at registration time per
+ * config.tool_operations[] entry; per-call args carry only the relative
+ * path. Refuses any path that, after normalization, falls outside the
+ * cartesian union of allowed_roots. Refusal is throw (not return) so
+ * callers can't silently degrade into the unrestricted-read shape.
+ */
+import fs from "node:fs";
+import path from "node:path";
+import { Type } from "@earendil-works/pi-ai";
+export const readFilesArgsSchema = Type.Object({
+    path: Type.String({ description: "Relative path under one of the instance's allowed_roots." }),
+});
+export function runReadFiles(cwd, instance, args) {
+    if (!instance?.allowed_roots || instance.allowed_roots.length === 0) {
+        throw new Error("read-files: instance.allowed_roots is required and must be non-empty.");
+    }
+    if (!args?.path) {
+        throw new Error("read-files: args.path is required.");
+    }
+    const absTarget = path.resolve(cwd, args.path);
+    const allowedAbs = instance.allowed_roots.map((r) => path.resolve(cwd, r));
+    const withinAllowed = allowedAbs.some((rootAbs) => {
+        const rootWithSep = rootAbs.endsWith(path.sep) ? rootAbs : `${rootAbs}${path.sep}`;
+        return absTarget === rootAbs || absTarget.startsWith(rootWithSep);
+    });
+    if (!withinAllowed) {
+        throw new Error(`read-files: path '${args.path}' resolves outside allowed_roots [${instance.allowed_roots.join(", ")}].`);
+    }
+    const content = fs.readFileSync(absTarget, "utf-8");
+    return { content };
+}
+//# sourceMappingURL=read-files.js.map

package/dist/composites/read-files.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"read-files.js","sourceRoot":"","sources":["../../src/composites/read-files.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,EAAE,MAAM,SAAS,CAAC;AACzB,OAAO,IAAI,MAAM,WAAW,CAAC;AAC7B,OAAO,EAAE,IAAI,EAAE,MAAM,uBAAuB,CAAC;AAc7C,MAAM,CAAC,MAAM,mBAAmB,GAAG,IAAI,CAAC,MAAM,CAAC;IAC9C,IAAI,EAAE,IAAI,CAAC,MAAM,CAAC,EAAE,WAAW,EAAE,0DAA0D,EAAE,CAAC;CAC9F,CAAC,CAAC;AAEH,MAAM,UAAU,YAAY,CAAC,GAAW,EAAE,QAA2B,EAAE,IAAmB;IACzF,IAAI,CAAC,QAAQ,EAAE,aAAa,IAAI,QAAQ,CAAC,aAAa,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACrE,MAAM,IAAI,KAAK,CAAC,uEAAuE,CAAC,CAAC;IAC1F,CAAC;IACD,IAAI,CAAC,IAAI,EAAE,IAAI,EAAE,CAAC;QACjB,MAAM,IAAI,KAAK,CAAC,oCAAoC,CAAC,CAAC;IACvD,CAAC;IAED,MAAM,SAAS,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,IAAI,CAAC,IAAI,CAAC,CAAC;IAC/C,MAAM,UAAU,GAAG,QAAQ,CAAC,aAAa,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC,CAAC;IAC3E,MAAM,aAAa,GAAG,UAAU,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,EAAE;QACjD,MAAM,WAAW,GAAG,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,GAAG,OAAO,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QACnF,OAAO,SAAS,KAAK,OAAO,IAAI,SAAS,CAAC,UAAU,CAAC,WAAW,CAAC,CAAC;IACnE,CAAC,CAAC,CAAC;IACH,IAAI,CAAC,aAAa,EAAE,CAAC;QACpB,MAAM,IAAI,KAAK,CACd,qBAAqB,IAAI,CAAC,IAAI,qCAAqC,QAAQ,CAAC,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CACxG,CAAC;IACH,CAAC;IAED,MAAM,OAAO,GAAG,EAAE,CAAC,YAAY,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC;IACpD,OAAO,EAAE,OAAO,EAAE,CAAC;AACpB,CAAC"}

package/dist/index.d.ts

@@ -0,0 +1,18 @@
+import type { ExtensionAPI } from "@earendil-works/pi-coding-agent";
+import { type OperationDescriptor } from "./operation-vocab.js";
+/**
+ * L3 runtime guard (FEAT-010): on extension load, assert defaults
+ * contains no FORBIDDEN_WHOLESALE_OPERATIONS token. Catches the failure mode
+ * where a future maintainer adds a wholesale entry to defaults and the L2
+ * test invariant is bypassed (e.g. tests not run pre-commit). Throws to
+ * halt extension load — refusing to start with a broken-canon vocabulary
+ * is the only safe option per feedback_no_parallel_ungated_paths.
+ *
+ * Exported (with `defaults` arg) so tests can supply a synthetic
+ * violator-containing map and assert the throw path without mutating the
+ * module-level const.
+ */
+export declare function assertDefaultsClean(defaults?: Record<string, OperationDescriptor>): void;
+declare const extension: (pi: ExtensionAPI) => void;
+export default extension;
+//# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,iCAAiC,CAAC;AAOpE,OAAO,EAEN,KAAK,mBAAmB,EAExB,MAAM,sBAAsB,CAAC;AAK9B;;;;;;;;;;;GAWG;AACH,wBAAgB,mBAAmB,CAAC,QAAQ,GAAE,MAAM,CAAC,MAAM,EAAE,mBAAmB,CAA2B,GAAG,IAAI,CASjH;AAED,QAAA,MAAM,SAAS,GAAI,IAAI,YAAY,SAkDlC,CAAC;AAEF,eAAe,SAAS,CAAC"}

package/dist/index.js

@@ -0,0 +1,77 @@
+import { registerAuthGate } from "./auth-gate.js";
+import { authorAgentSpecTool } from "./author-agent-spec-tool.js";
+import { authorToolGrantTool } from "./author-tool-grant-tool.js";
+import { callAgentTool } from "./call-agent-tool.js";
+import { commitAttestedTool } from "./commit-attested-tool.js";
+import { loadComposites } from "./composite-loader.js";
+import { FORBIDDEN_WHOLESALE_OPERATIONS, TOOL_OPERATION_DEFAULTS, } from "./operation-vocab.js";
+import { registerReadTruncationGate } from "./read-truncation-gate.js";
+import { runRealChecksTool } from "./run-real-checks-tool.js";
+import { runWorkOrderLoopTool } from "./run-work-order-loop-tool.js";
+/**
+ * L3 runtime guard (FEAT-010): on extension load, assert defaults
+ * contains no FORBIDDEN_WHOLESALE_OPERATIONS token. Catches the failure mode
+ * where a future maintainer adds a wholesale entry to defaults and the L2
+ * test invariant is bypassed (e.g. tests not run pre-commit). Throws to
+ * halt extension load — refusing to start with a broken-canon vocabulary
+ * is the only safe option per feedback_no_parallel_ungated_paths.
+ *
+ * Exported (with `defaults` arg) so tests can supply a synthetic
+ * violator-containing map and assert the throw path without mutating the
+ * module-level const.
+ */
+export function assertDefaultsClean(defaults = TOOL_OPERATION_DEFAULTS) {
+    const violators = Object.values(defaults).filter((op) => FORBIDDEN_WHOLESALE_OPERATIONS.includes(op.canonical_id));
+    if (violators.length > 0) {
+        throw new Error(`pi-agent-dispatch: L3 runtime guard tripped — TOOL_OPERATION_DEFAULTS contains forbidden wholesale tokens [${violators.map((v) => v.canonical_id).join(", ")}]. Source change + release required to remove.`);
+    }
+}
+const extension = (pi) => {
+    // L3: assert framework defaults clean of forbidden-wholesale tokens
+    assertDefaultsClean();
+    // Static tools (FEAT-005 / DEC-0047 / TASK-088-090; run-work-order-loop FEAT-006 / TASK-091)
+    pi.registerTool(authorAgentSpecTool);
+    pi.registerTool(callAgentTool);
+    pi.registerTool(runRealChecksTool);
+    pi.registerTool(commitAttestedTool);
+    pi.registerTool(authorToolGrantTool);
+    pi.registerTool(runWorkOrderLoopTool);
+    // Dynamic composite-tool registration from config.tool_operations[]
+    // (FEAT-010). loadComposites throws if any entry hits the L1∪L5
+    // forbidden union — refuse to start rather than register a parallel
+    // ungated path.
+    //
+    // Observability of the config-absent degrade path (FGAP-121 layer-a):
+    // pi.ui.notify is on ExtensionContext (tool-execution time), NOT on
+    // ExtensionAPI (factory time). At factory load the only canonical
+    // observability channel is the TraceEntry pipeline, which
+    // loadComposites already writes via writeAgentTrace per DEC-0002 /
+    // TASK-086 precedent. The returned config_absent flag is kept on the
+    // surface for any future factory-time UI hook upstream may add; today
+    // it is functionally informational + queryable via the trace JSONL.
+    const result = loadComposites(process.cwd(), pi);
+    void result;
+    // FGAP-134: per-tool user-auth gate at pi-dispatch layer. Registered
+    // AFTER static + composite tools so the handler sees the full surface
+    // (registration order does not affect handler-invocation behavior —
+    // pi.on('tool_call') fires for every tool regardless of registration
+    // sequence — but placing the registration last preserves a readable
+    // 'tools first, gates last' factory shape). Closes the writer.kind
+    // spoof at the dispatch boundary regardless of caller-supplied field
+    // values. Bucket-2 vocabulary + handler semantics live in auth-gate.ts;
+    // see that module's header for the governance rationale + Bucket-2
+    // member list.
+    registerAuthGate(pi);
+    // FGAP-135: pi.on('tool_result') gate intercepts pi's built-in `read`
+    // tool responses when the structured details.truncation field signals
+    // truncation, and REPLACES the content payload with a hard-refusal
+    // directive. Mirrors pi-context serializeForRead overCapDirective
+    // canon — the directive IS the response so the agent cannot skim past
+    // it. Coexists with the tool_call auth-gate above on the orthogonal
+    // tool_result event; multi-handler composition is the SDK contract.
+    // See read-truncation-gate.ts header for the full canonical-model
+    // docstring.
+    registerReadTruncationGate(pi);
+};
+export default extension;
+//# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,gBAAgB,EAAE,MAAM,gBAAgB,CAAC;AAClD,OAAO,EAAE,mBAAmB,EAAE,MAAM,6BAA6B,CAAC;AAClE,OAAO,EAAE,mBAAmB,EAAE,MAAM,6BAA6B,CAAC;AAClE,OAAO,EAAE,aAAa,EAAE,MAAM,sBAAsB,CAAC;AACrD,OAAO,EAAE,kBAAkB,EAAE,MAAM,2BAA2B,CAAC;AAC/D,OAAO,EAAE,cAAc,EAAE,MAAM,uBAAuB,CAAC;AACvD,OAAO,EACN,8BAA8B,EAE9B,uBAAuB,GACvB,MAAM,sBAAsB,CAAC;AAC9B,OAAO,EAAE,0BAA0B,EAAE,MAAM,2BAA2B,CAAC;AACvE,OAAO,EAAE,iBAAiB,EAAE,MAAM,2BAA2B,CAAC;AAC9D,OAAO,EAAE,oBAAoB,EAAE,MAAM,+BAA+B,CAAC;AAErE;;;;;;;;;;;GAWG;AACH,MAAM,UAAU,mBAAmB,CAAC,WAAgD,uBAAuB;IAC1G,MAAM,SAAS,GAAG,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,CAAC,EAAE,EAAE,EAAE,CACtD,8BAAoD,CAAC,QAAQ,CAAC,EAAE,CAAC,YAAY,CAAC,CAC/E,CAAC;IACF,IAAI,SAAS,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC1B,MAAM,IAAI,KAAK,CACd,8GAA8G,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,gDAAgD,CAC7M,CAAC;IACH,CAAC;AACF,CAAC;AAED,MAAM,SAAS,GAAG,CAAC,EAAgB,EAAE,EAAE;IACtC,oEAAoE;IACpE,mBAAmB,EAAE,CAAC;IAEtB,6FAA6F;IAC7F,EAAE,CAAC,YAAY,CAAC,mBAAmB,CAAC,CAAC;IACrC,EAAE,CAAC,YAAY,CAAC,aAAa,CAAC,CAAC;IAC/B,EAAE,CAAC,YAAY,CAAC,iBAAiB,CAAC,CAAC;IACnC,EAAE,CAAC,YAAY,CAAC,kBAAkB,CAAC,CAAC;IACpC,EAAE,CAAC,YAAY,CAAC,mBAAmB,CAAC,CAAC;IACrC,EAAE,CAAC,YAAY,CAAC,oBAAoB,CAAC,CAAC;IAEtC,oEAAoE;IACpE,gEAAgE;IAChE,oEAAoE;IACpE,gBAAgB;IAChB,EAAE;IACF,sEAAsE;IACtE,oEAAoE;IACpE,kEAAkE;IAClE,0DAA0D;IAC1D,mEAAmE;IACnE,qEAAqE;IACrE,sEAAsE;IACtE,oEAAoE;IACpE,MAAM,MAAM,GAAG,cAAc,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,EAAE,CAAC,CAAC;IACjD,KAAK,MAAM,CAAC;IAEZ,qEAAqE;IACrE,sEAAsE;IACtE,oEAAoE;IACpE,qEAAqE;IACrE,oEAAoE;IACpE,mEAAmE;IACnE,qEAAqE;IACrE,wEAAwE;IACxE,mEAAmE;IACnE,eAAe;IACf,gBAAgB,CAAC,EAAE,CAAC,CAAC;IAErB,sEAAsE;IACtE,sEAAsE;IACtE,mEAAmE;IACnE,kEAAkE;IAClE,sEAAsE;IACtE,oEAAoE;IACpE,oEAAoE;IACpE,kEAAkE;IAClE,aAAa;IACb,0BAA0B,CAAC,EAAE,CAAC,CAAC;AAChC,CAAC,CAAC;AAEF,eAAe,SAAS,CAAC"}

package/dist/operation-vocab.d.ts

@@ -0,0 +1,25 @@
+/**
+ * Canonical operation-granular tool grant vocabulary (FEAT-005 / DEC-0047).
+ * Each entry names a Pi tool that can be granted to a privileged JIT-agent.
+ * Per DEC-0047: default grant is EMPTY; consumers must opt-in operations
+ * per dispatch. Per-project config.tool_operations[] entries shadow these
+ * defaults at resolve time via resolveOperationVocabulary().
+ */
+export interface OperationDescriptor {
+    canonical_id: string;
+    display_name?: string;
+    category?: string;
+}
+/**
+ * Operations forbidden from TOOL_OPERATION_DEFAULTS AND from
+ * config.tool_operations[] AND config.tool_operations_forbidden[]
+ * union. Wholesale tokens that, if granted, dissolve operation-granular
+ * bounds — e.g. granting "bash" makes "git-log-recent" a gated
+ * alternative to an unrestricted original (feedback_no_parallel_ungated_paths).
+ * Extending L1 (this list) requires source change + release (release-
+ * gated, not config-mutable). L5 (config.tool_operations_forbidden[])
+ * admits project-specific additions under writer.kind=human per DEC-0047.
+ */
+export declare const FORBIDDEN_WHOLESALE_OPERATIONS: readonly ["bash", "write", "edit", "shell", "execute"];
+export declare const TOOL_OPERATION_DEFAULTS: Record<string, OperationDescriptor>;
+//# sourceMappingURL=operation-vocab.d.ts.map

package/dist/operation-vocab.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"operation-vocab.d.ts","sourceRoot":"","sources":["../src/operation-vocab.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,MAAM,WAAW,mBAAmB;IACnC,YAAY,EAAE,MAAM,CAAC;IACrB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,EAAE,MAAM,CAAC;CAClB;AAED;;;;;;;;;GASG;AACH,eAAO,MAAM,8BAA8B,wDAAyD,CAAC;AAErG,eAAO,MAAM,uBAAuB,EAAE,MAAM,CAAC,MAAM,EAAE,mBAAmB,CA4DvE,CAAC"}

package/dist/operation-vocab.js

@@ -0,0 +1,78 @@
+/**
+ * Canonical operation-granular tool grant vocabulary (FEAT-005 / DEC-0047).
+ * Each entry names a Pi tool that can be granted to a privileged JIT-agent.
+ * Per DEC-0047: default grant is EMPTY; consumers must opt-in operations
+ * per dispatch. Per-project config.tool_operations[] entries shadow these
+ * defaults at resolve time via resolveOperationVocabulary().
+ */
+/**
+ * Operations forbidden from TOOL_OPERATION_DEFAULTS AND from
+ * config.tool_operations[] AND config.tool_operations_forbidden[]
+ * union. Wholesale tokens that, if granted, dissolve operation-granular
+ * bounds — e.g. granting "bash" makes "git-log-recent" a gated
+ * alternative to an unrestricted original (feedback_no_parallel_ungated_paths).
+ * Extending L1 (this list) requires source change + release (release-
+ * gated, not config-mutable). L5 (config.tool_operations_forbidden[])
+ * admits project-specific additions under writer.kind=human per DEC-0047.
+ */
+export const FORBIDDEN_WHOLESALE_OPERATIONS = ["bash", "write", "edit", "shell", "execute"];
+export const TOOL_OPERATION_DEFAULTS = {
+    // pi-context (40)
+    "amend-config": { canonical_id: "amend-config", category: "context" },
+    "append-block-item": { canonical_id: "append-block-item", category: "context" },
+    "append-block-nested-item": { canonical_id: "append-block-nested-item", category: "context" },
+    "append-relation": { canonical_id: "append-relation", category: "context" },
+    "complete-task": { canonical_id: "complete-task", category: "context" },
+    "context-accept-all": { canonical_id: "context-accept-all", category: "context" },
+    "context-bootstrap-state": { canonical_id: "context-bootstrap-state", category: "context" },
+    "context-current-state": { canonical_id: "context-current-state", category: "context" },
+    "context-edges-for-lens": { canonical_id: "context-edges-for-lens", category: "context" },
+    "context-init": { canonical_id: "context-init", category: "context" },
+    "context-roadmap-list": { canonical_id: "context-roadmap-list", category: "context" },
+    "context-roadmap-load": { canonical_id: "context-roadmap-load", category: "context" },
+    "context-roadmap-render": { canonical_id: "context-roadmap-render", category: "context" },
+    "context-roadmap-validate": { canonical_id: "context-roadmap-validate", category: "context" },
+    "context-status": { canonical_id: "context-status", category: "context" },
+    "context-validate": { canonical_id: "context-validate", category: "context" },
+    "context-validate-relations": { canonical_id: "context-validate-relations", category: "context" },
+    "context-walk-descendants": { canonical_id: "context-walk-descendants", category: "context" },
+    "filter-block-items": { canonical_id: "filter-block-items", category: "context" },
+    "find-references": { canonical_id: "find-references", category: "context" },
+    "gather-execution-context": { canonical_id: "gather-execution-context", category: "context" },
+    "join-blocks": { canonical_id: "join-blocks", category: "context" },
+    "list-tools": { canonical_id: "list-tools", category: "context" },
+    "read-block": { canonical_id: "read-block", category: "context" },
+    "read-block-dir": { canonical_id: "read-block-dir", category: "context" },
+    "read-block-item": { canonical_id: "read-block-item", category: "context" },
+    "read-block-page": { canonical_id: "read-block-page", category: "context" },
+    "read-config": { canonical_id: "read-config", category: "context" },
+    "read-samples-catalog": { canonical_id: "read-samples-catalog", category: "context" },
+    "read-schema": { canonical_id: "read-schema", category: "context" },
+    "remove-block-item": { canonical_id: "remove-block-item", category: "context" },
+    "remove-block-nested-item": { canonical_id: "remove-block-nested-item", category: "context" },
+    "rename-canonical-id": { canonical_id: "rename-canonical-id", category: "context" },
+    "resolve-item-by-id": { canonical_id: "resolve-item-by-id", category: "context" },
+    "resolve-items-by-id": { canonical_id: "resolve-items-by-id", category: "context" },
+    "update-block-item": { canonical_id: "update-block-item", category: "context" },
+    "update-block-nested-item": { canonical_id: "update-block-nested-item", category: "context" },
+    "walk-ancestors": { canonical_id: "walk-ancestors", category: "context" },
+    "write-block": { canonical_id: "write-block", category: "context" },
+    "write-schema": { canonical_id: "write-schema", category: "context" },
+    // pi-workflows (9)
+    "enforce-budget": { canonical_id: "enforce-budget", category: "workflow" },
+    "render-item-by-id": { canonical_id: "render-item-by-id", category: "workflow" },
+    "workflow-agents": { canonical_id: "workflow-agents", category: "workflow" },
+    "workflow-execute": { canonical_id: "workflow-execute", category: "workflow" },
+    "workflow-init": { canonical_id: "workflow-init", category: "workflow" },
+    "workflow-list": { canonical_id: "workflow-list", category: "workflow" },
+    "workflow-resume": { canonical_id: "workflow-resume", category: "workflow" },
+    "workflow-status": { canonical_id: "workflow-status", category: "workflow" },
+    "workflow-validate": { canonical_id: "workflow-validate", category: "workflow" },
+    // pi-behavior-monitors (5)
+    "monitors-control": { canonical_id: "monitors-control", category: "monitor" },
+    "monitors-inspect": { canonical_id: "monitors-inspect", category: "monitor" },
+    "monitors-patterns": { canonical_id: "monitors-patterns", category: "monitor" },
+    "monitors-rules": { canonical_id: "monitors-rules", category: "monitor" },
+    "monitors-status": { canonical_id: "monitors-status", category: "monitor" },
+};
+//# sourceMappingURL=operation-vocab.js.map

package/dist/operation-vocab.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"operation-vocab.js","sourceRoot":"","sources":["../src/operation-vocab.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAQH;;;;;;;;;GASG;AACH,MAAM,CAAC,MAAM,8BAA8B,GAAG,CAAC,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,SAAS,CAAU,CAAC;AAErG,MAAM,CAAC,MAAM,uBAAuB,GAAwC;IAC3E,kBAAkB;IAClB,cAAc,EAAE,EAAE,YAAY,EAAE,cAAc,EAAE,QAAQ,EAAE,SAAS,EAAE;IACrE,mBAAmB,EAAE,EAAE,YAAY,EAAE,mBAAmB,EAAE,QAAQ,EAAE,SAAS,EAAE;IAC/E,0BAA0B,EAAE,EAAE,YAAY,EAAE,0BAA0B,EAAE,QAAQ,EAAE,SAAS,EAAE;IAC7F,iBAAiB,EAAE,EAAE,YAAY,EAAE,iBAAiB,EAAE,QAAQ,EAAE,SAAS,EAAE;IAC3E,eAAe,EAAE,EAAE,YAAY,EAAE,eAAe,EAAE,QAAQ,EAAE,SAAS,EAAE;IACvE,oBAAoB,EAAE,EAAE,YAAY,EAAE,oBAAoB,EAAE,QAAQ,EAAE,SAAS,EAAE;IACjF,yBAAyB,EAAE,EAAE,YAAY,EAAE,yBAAyB,EAAE,QAAQ,EAAE,SAAS,EAAE;IAC3F,uBAAuB,EAAE,EAAE,YAAY,EAAE,uBAAuB,EAAE,QAAQ,EAAE,SAAS,EAAE;IACvF,wBAAwB,EAAE,EAAE,YAAY,EAAE,wBAAwB,EAAE,QAAQ,EAAE,SAAS,EAAE;IACzF,cAAc,EAAE,EAAE,YAAY,EAAE,cAAc,EAAE,QAAQ,EAAE,SAAS,EAAE;IACrE,sBAAsB,EAAE,EAAE,YAAY,EAAE,sBAAsB,EAAE,QAAQ,EAAE,SAAS,EAAE;IACrF,sBAAsB,EAAE,EAAE,YAAY,EAAE,sBAAsB,EAAE,QAAQ,EAAE,SAAS,EAAE;IACrF,wBAAwB,EAAE,EAAE,YAAY,EAAE,wBAAwB,EAAE,QAAQ,EAAE,SAAS,EAAE;IACzF,0BAA0B,EAAE,EAAE,YAAY,EAAE,0BAA0B,EAAE,QAAQ,EAAE,SAAS,EAAE;IAC7F,gBAAgB,EAAE,EAAE,YAAY,EAAE,gBAAgB,EAAE,QAAQ,EAAE,SAAS,EAAE;IACzE,kBAAkB,EAAE,EAAE,YAAY,EAAE,kBAAkB,EAAE,QAAQ,EAAE,SAAS,EAAE;IAC7E,4BAA4B,EAAE,EAAE,YAAY,EAAE,4BAA4B,EAAE,QAAQ,EAAE,SAAS,EAAE;IACjG,0BAA0B,EAAE,EAAE,YAAY,EAAE,0BAA0B,EAAE,QAAQ,EAAE,SAAS,EAAE;IAC7F,oBAAoB,EAAE,EAAE,YAAY,EAAE,oBAAoB,EAAE,QAAQ,EAAE,SAAS,EAAE;IACjF,iBAAiB,EAAE,EAAE,YAAY,EAAE,iBAAiB,EAAE,QAAQ,EAAE,SAAS,EAAE;IAC3E,0BAA0B,EAAE,EAAE,YAAY,EAAE,0BAA0B,EAAE,QAAQ,EAAE,SAAS,EAAE;IAC7F,aAAa,EAAE,EAAE,YAAY,EAAE,aAAa,EAAE,QAAQ,EAAE,SAAS,EAAE;IACnE,YAAY,EAAE,EAAE,YAAY,EAAE,YAAY,EAAE,QAAQ,EAAE,SAAS,EAAE;IACjE,YAAY,EAAE,EAAE,YAAY,EAAE,YAAY,EAAE,QAAQ,EAAE,SAAS,EAAE;IACjE,gBAAgB,EAAE,EAAE,YAAY,EAAE,gBAAgB,EAAE,QAAQ,EAAE,SAAS,EAAE;IACzE,iBAAiB,EAAE,EAAE,YAAY,EAAE,iBAAiB,EAAE,QAAQ,EAAE,SAAS,EAAE;IAC3E,iBAAiB,EAAE,EAAE,YAAY,EAAE,iBAAiB,EAAE,QAAQ,EAAE,SAAS,EAAE;IAC3E,aAAa,EAAE,EAAE,YAAY,EAAE,aAAa,EAAE,QAAQ,EAAE,SAAS,EAAE;IACnE,sBAAsB,EAAE,EAAE,YAAY,EAAE,sBAAsB,EAAE,QAAQ,EAAE,SAAS,EAAE;IACrF,aAAa,EAAE,EAAE,YAAY,EAAE,aAAa,EAAE,QAAQ,EAAE,SAAS,EAAE;IACnE,mBAAmB,EAAE,EAAE,YAAY,EAAE,mBAAmB,EAAE,QAAQ,EAAE,SAAS,EAAE;IAC/E,0BAA0B,EAAE,EAAE,YAAY,EAAE,0BAA0B,EAAE,QAAQ,EAAE,SAAS,EAAE;IAC7F,qBAAqB,EAAE,EAAE,YAAY,EAAE,qBAAqB,EAAE,QAAQ,EAAE,SAAS,EAAE;IACnF,oBAAoB,EAAE,EAAE,YAAY,EAAE,oBAAoB,EAAE,QAAQ,EAAE,SAAS,EAAE;IACjF,qBAAqB,EAAE,EAAE,YAAY,EAAE,qBAAqB,EAAE,QAAQ,EAAE,SAAS,EAAE;IACnF,mBAAmB,EAAE,EAAE,YAAY,EAAE,mBAAmB,EAAE,QAAQ,EAAE,SAAS,EAAE;IAC/E,0BAA0B,EAAE,EAAE,YAAY,EAAE,0BAA0B,EAAE,QAAQ,EAAE,SAAS,EAAE;IAC7F,gBAAgB,EAAE,EAAE,YAAY,EAAE,gBAAgB,EAAE,QAAQ,EAAE,SAAS,EAAE;IACzE,aAAa,EAAE,EAAE,YAAY,EAAE,aAAa,EAAE,QAAQ,EAAE,SAAS,EAAE;IACnE,cAAc,EAAE,EAAE,YAAY,EAAE,cAAc,EAAE,QAAQ,EAAE,SAAS,EAAE;IAErE,mBAAmB;IACnB,gBAAgB,EAAE,EAAE,YAAY,EAAE,gBAAgB,EAAE,QAAQ,EAAE,UAAU,EAAE;IAC1E,mBAAmB,EAAE,EAAE,YAAY,EAAE,mBAAmB,EAAE,QAAQ,EAAE,UAAU,EAAE;IAChF,iBAAiB,EAAE,EAAE,YAAY,EAAE,iBAAiB,EAAE,QAAQ,EAAE,UAAU,EAAE;IAC5E,kBAAkB,EAAE,EAAE,YAAY,EAAE,kBAAkB,EAAE,QAAQ,EAAE,UAAU,EAAE;IAC9E,eAAe,EAAE,EAAE,YAAY,EAAE,eAAe,EAAE,QAAQ,EAAE,UAAU,EAAE;IACxE,eAAe,EAAE,EAAE,YAAY,EAAE,eAAe,EAAE,QAAQ,EAAE,UAAU,EAAE;IACxE,iBAAiB,EAAE,EAAE,YAAY,EAAE,iBAAiB,EAAE,QAAQ,EAAE,UAAU,EAAE;IAC5E,iBAAiB,EAAE,EAAE,YAAY,EAAE,iBAAiB,EAAE,QAAQ,EAAE,UAAU,EAAE;IAC5E,mBAAmB,EAAE,EAAE,YAAY,EAAE,mBAAmB,EAAE,QAAQ,EAAE,UAAU,EAAE;IAEhF,2BAA2B;IAC3B,kBAAkB,EAAE,EAAE,YAAY,EAAE,kBAAkB,EAAE,QAAQ,EAAE,SAAS,EAAE;IAC7E,kBAAkB,EAAE,EAAE,YAAY,EAAE,kBAAkB,EAAE,QAAQ,EAAE,SAAS,EAAE;IAC7E,mBAAmB,EAAE,EAAE,YAAY,EAAE,mBAAmB,EAAE,QAAQ,EAAE,SAAS,EAAE;IAC/E,gBAAgB,EAAE,EAAE,YAAY,EAAE,gBAAgB,EAAE,QAAQ,EAAE,SAAS,EAAE;IACzE,iBAAiB,EAAE,EAAE,YAAY,EAAE,iBAAiB,EAAE,QAAQ,EAAE,SAAS,EAAE;CAC3E,CAAC"}