@det-acp/core 0.2.0

package/dist/cli/index.js

@@ -0,0 +1,308 @@
+#!/usr/bin/env node
+/**
+ * Deterministic Agent Control Protocol CLI
+ *
+ * Commands:
+ *   init <integration>                    Set up governance for cursor, codex, or claude-code
+ *   validate <policy.yaml>                Validate a policy file
+ *   serve                                 Start the HTTP session server
+ *   proxy [config.yaml]                   Start the MCP proxy server
+ *   proxy --policy <policy.yaml>          Start MCP proxy with auto-configured defaults
+ *   exec <policy.yaml> -- <command>       Execute a command through the shell proxy
+ *   report <ledger-file>                  Show ledger summary
+ */
+import { Command } from 'commander';
+import fs from 'node:fs';
+import path from 'node:path';
+import yaml from 'js-yaml';
+import { loadPolicyFromFile, PolicyValidationError } from '../policy/loader.js';
+import { AgentGateway } from '../engine/runtime.js';
+import { EvidenceLedger } from '../ledger/ledger.js';
+import { summarizeSessionLedger } from '../ledger/query.js';
+import { ShellProxy } from '../proxy/shell-proxy.js';
+import { MCPProxyServer } from '../proxy/mcp-proxy.js';
+import { MCPProxyConfigSchema } from '../proxy/mcp-types.js';
+import { registerInitCommand } from './init.js';
+const program = new Command();
+program
+    .name('det-acp')
+    .description('Deterministic Agent Control Protocol — Agent Governance Gateway')
+    .version('0.2.0');
+// ---------------------------------------------------------------------------
+// validate
+// ---------------------------------------------------------------------------
+program
+    .command('validate')
+    .description('Validate a policy YAML file')
+    .argument('<policy>', 'Path to policy YAML file')
+    .action(async (policyPath) => {
+    try {
+        const policy = loadPolicyFromFile(policyPath);
+        console.log('Policy is valid.');
+        console.log(`  Name: ${policy.name}`);
+        console.log(`  Version: ${policy.version}`);
+        console.log(`  Capabilities: ${policy.capabilities.length}`);
+        console.log(`  Gates: ${policy.gates.length}`);
+        console.log(`  Forbidden patterns: ${policy.forbidden.length}`);
+        if (policy.limits.max_runtime_ms) {
+            console.log(`  Max runtime: ${policy.limits.max_runtime_ms}ms`);
+        }
+        if (policy.limits.max_files_changed) {
+            console.log(`  Max files changed: ${policy.limits.max_files_changed}`);
+        }
+        if (policy.session) {
+            console.log('  Session constraints:');
+            if (policy.session.max_actions) {
+                console.log(`    Max actions: ${policy.session.max_actions}`);
+            }
+            if (policy.session.max_denials) {
+                console.log(`    Max denials: ${policy.session.max_denials}`);
+            }
+            if (policy.session.rate_limit) {
+                console.log(`    Rate limit: ${policy.session.rate_limit.max_per_minute}/min`);
+            }
+            if (policy.session.escalation) {
+                console.log(`    Escalation rules: ${policy.session.escalation.length}`);
+            }
+        }
+        process.exit(0);
+    }
+    catch (err) {
+        if (err instanceof PolicyValidationError) {
+            console.error('Policy validation failed:');
+            for (const issue of err.issues) {
+                console.error(`  ${issue.path ? issue.path + ': ' : ''}${issue.message}`);
+            }
+        }
+        else {
+            console.error(`Error: ${err.message}`);
+        }
+        process.exit(1);
+    }
+});
+// ---------------------------------------------------------------------------
+// exec
+// ---------------------------------------------------------------------------
+program
+    .command('exec')
+    .description('Execute a command through the shell proxy (validates against policy)')
+    .argument('<policy>', 'Path to policy YAML file')
+    .argument('<command...>', 'Command to execute')
+    .option('--ledger-dir <dir>', 'Directory for ledger files', '.det-acp/ledgers')
+    .action(async (policyPath, commandParts, opts) => {
+    try {
+        const command = commandParts.join(' ');
+        const ledgerDir = path.resolve(opts.ledgerDir);
+        const gateway = await AgentGateway.create({ ledgerDir });
+        const session = await gateway.createSession(policyPath);
+        const shell = new ShellProxy(gateway, session.id);
+        console.log(`Session: ${session.id}`);
+        console.log(`Command: ${command}`);
+        console.log('');
+        const result = await shell.exec(command);
+        if (!result.allowed) {
+            console.error('DENIED by policy:');
+            for (const reason of result.denied?.reasons ?? []) {
+                console.error(`  ${reason}`);
+            }
+            await gateway.terminateSession(session.id, 'Command denied');
+            process.exit(1);
+        }
+        if (result.stdout) {
+            process.stdout.write(result.stdout);
+        }
+        if (result.stderr) {
+            process.stderr.write(result.stderr);
+        }
+        await gateway.terminateSession(session.id, 'Command completed');
+        process.exit(result.exitCode ?? 0);
+    }
+    catch (err) {
+        console.error(`Error: ${err.message}`);
+        process.exit(1);
+    }
+});
+// ---------------------------------------------------------------------------
+// proxy
+// ---------------------------------------------------------------------------
+program
+    .command('proxy')
+    .description('Start the MCP proxy server')
+    .argument('[config]', 'Path to MCP proxy config YAML file')
+    .option('--policy <path>', 'Path to policy YAML file (simplified mode — auto-configures filesystem backend at cwd)')
+    .option('--dir <path>', 'Project directory for filesystem backend (default: policy file parent dir)')
+    .option('--ledger-dir <dir>', 'Directory for ledger files (default: .det-acp/ledgers in project dir)')
+    .action(async (configPath, opts) => {
+    try {
+        let proxyConfig;
+        if (opts.policy) {
+            // ----- Simplified mode: --policy flag ---------------------------------
+            const policyPath = path.resolve(opts.policy);
+            if (!fs.existsSync(policyPath)) {
+                console.error(`Policy file not found: ${policyPath}`);
+                process.exit(1);
+            }
+            const projectDir = opts.dir
+                ? path.resolve(opts.dir)
+                : path.dirname(policyPath);
+            const ledgerDir = opts.ledgerDir
+                ? path.resolve(opts.ledgerDir)
+                : path.resolve(projectDir, '.det-acp', 'ledgers');
+            proxyConfig = {
+                policy: policyPath,
+                ledgerDir,
+                transport: 'stdio',
+                backends: [
+                    {
+                        name: 'filesystem',
+                        transport: 'stdio',
+                        command: 'npx',
+                        args: ['-y', '@modelcontextprotocol/server-filesystem', projectDir],
+                    },
+                ],
+            };
+        }
+        else if (configPath) {
+            // ----- Config file mode (existing behaviour) --------------------------
+            const absPath = path.resolve(configPath);
+            if (!fs.existsSync(absPath)) {
+                console.error(`Config file not found: ${absPath}`);
+                process.exit(1);
+            }
+            const rawYaml = fs.readFileSync(absPath, 'utf-8');
+            const parsed = yaml.load(rawYaml);
+            const validated = MCPProxyConfigSchema.parse(parsed);
+            proxyConfig = {
+                policy: path.resolve(path.dirname(absPath), validated.policy),
+                ledgerDir: path.resolve(validated.ledger_dir),
+                backends: validated.backends,
+                transport: validated.transport,
+                port: validated.port,
+                host: validated.host,
+                sessionMetadata: validated.session_metadata,
+            };
+        }
+        else {
+            console.error('Either <config> argument or --policy <path> option is required.');
+            console.error('');
+            console.error('  Usage:');
+            console.error('    det-acp proxy <config.yaml>          # Full config file');
+            console.error('    det-acp proxy --policy <policy.yaml> # Simplified mode');
+            process.exit(1);
+            return; // unreachable but helps TS narrow types
+        }
+        const gateway = await AgentGateway.create({
+            ledgerDir: proxyConfig.ledgerDir,
+        });
+        const proxy = new MCPProxyServer(proxyConfig, gateway);
+        console.error('Starting MCP proxy server...');
+        console.error(`  Transport: ${proxyConfig.transport}`);
+        console.error(`  Backends: ${proxyConfig.backends.map((b) => b.name).join(', ')}`);
+        await proxy.start();
+        // Handle graceful shutdown
+        const shutdown = async () => {
+            console.error('\nShutting down MCP proxy...');
+            await proxy.stop();
+            process.exit(0);
+        };
+        process.on('SIGINT', shutdown);
+        process.on('SIGTERM', shutdown);
+    }
+    catch (err) {
+        console.error(`Error: ${err.message}`);
+        process.exit(1);
+    }
+});
+// ---------------------------------------------------------------------------
+// report
+// ---------------------------------------------------------------------------
+program
+    .command('report')
+    .description('Show the ledger summary for a session')
+    .argument('<ledger-file>', 'Path to the session ledger JSONL file')
+    .action(async (ledgerPath) => {
+    try {
+        const absPath = path.resolve(ledgerPath);
+        if (!fs.existsSync(absPath)) {
+            console.error(`Ledger file not found: ${absPath}`);
+            process.exit(1);
+        }
+        // Verify integrity
+        const integrity = EvidenceLedger.verifyIntegrity(absPath);
+        console.log('--- Ledger Integrity ---');
+        console.log(`Valid: ${integrity.valid}`);
+        console.log(`Entries: ${integrity.totalEntries}`);
+        if (!integrity.valid) {
+            console.log(`Broken at: seq ${integrity.brokenAt}`);
+            console.log(`Error: ${integrity.error}`);
+        }
+        // Read and summarize
+        const content = fs.readFileSync(absPath, 'utf-8').trim();
+        if (content.length === 0) {
+            console.log('Ledger is empty.');
+            process.exit(0);
+        }
+        const entries = content.split('\n').map((line) => JSON.parse(line));
+        const sessionId = entries[0]?.sessionId;
+        if (sessionId) {
+            const summary = summarizeSessionLedger(entries, sessionId);
+            console.log(`\n--- Session Summary (${sessionId}) ---`);
+            console.log(`Total entries: ${summary.totalEntries}`);
+            console.log(`Actions evaluated: ${summary.actionsEvaluated}`);
+            console.log(`  Allowed: ${summary.actionsAllowed}`);
+            console.log(`  Denied: ${summary.actionsDenied}`);
+            console.log(`  Gated: ${summary.actionsGated}`);
+            console.log(`Results recorded: ${summary.resultsRecorded}`);
+            console.log(`Actions rolled back: ${summary.actionsRolledBack}`);
+            console.log(`Gates requested: ${summary.gatesRequested}`);
+            console.log(`Gates approved: ${summary.gatesApproved}`);
+            console.log(`Gates rejected: ${summary.gatesRejected}`);
+            console.log(`Escalations triggered: ${summary.escalationsTriggered}`);
+            if (summary.stateChanges.length > 0) {
+                console.log(`State changes: ${summary.stateChanges.join(' → ')}`);
+            }
+            if (summary.errors.length > 0) {
+                console.log(`Errors: ${summary.errors.join('; ')}`);
+            }
+        }
+        process.exit(0);
+    }
+    catch (err) {
+        console.error(`Error: ${err.message}`);
+        process.exit(1);
+    }
+});
+// ---------------------------------------------------------------------------
+// serve
+// ---------------------------------------------------------------------------
+program
+    .command('serve')
+    .description('Start the HTTP session server')
+    .option('-h, --host <host>', 'Host to bind to', '127.0.0.1')
+    .option('-p, --port <port>', 'Port to listen on', '3100')
+    .option('--ledger-dir <dir>', 'Directory for ledger files', '.det-acp/ledgers')
+    .action(async (opts) => {
+    try {
+        const { startServer } = await import('../server/server.js');
+        await startServer({
+            host: opts.host,
+            port: parseInt(opts.port),
+            gatewayConfig: {
+                ledgerDir: path.resolve(opts.ledgerDir),
+            },
+        });
+    }
+    catch (err) {
+        console.error(`Failed to start server: ${err.message}`);
+        process.exit(1);
+    }
+});
+// ---------------------------------------------------------------------------
+// init
+// ---------------------------------------------------------------------------
+registerInitCommand(program);
+// ---------------------------------------------------------------------------
+// Parse and execute
+// ---------------------------------------------------------------------------
+program.parse();
+//# sourceMappingURL=index.js.map

package/dist/cli/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/cli/index.ts"],"names":[],"mappings":";AAEA;;;;;;;;;;;GAWG;AAEH,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AACpC,OAAO,EAAE,MAAM,SAAS,CAAC;AACzB,OAAO,IAAI,MAAM,WAAW,CAAC;AAC7B,OAAO,IAAI,MAAM,SAAS,CAAC;AAC3B,OAAO,EAAE,kBAAkB,EAAE,qBAAqB,EAAE,MAAM,qBAAqB,CAAC;AAChF,OAAO,EAAE,YAAY,EAAE,MAAM,sBAAsB,CAAC;AACpD,OAAO,EAAE,cAAc,EAAE,MAAM,qBAAqB,CAAC;AACrD,OAAO,EAAE,sBAAsB,EAAE,MAAM,oBAAoB,CAAC;AAC5D,OAAO,EAAE,UAAU,EAAE,MAAM,yBAAyB,CAAC;AACrD,OAAO,EAAE,cAAc,EAAE,MAAM,uBAAuB,CAAC;AACvD,OAAO,EAAE,oBAAoB,EAAE,MAAM,uBAAuB,CAAC;AAE7D,OAAO,EAAE,mBAAmB,EAAE,MAAM,WAAW,CAAC;AAEhD,MAAM,OAAO,GAAG,IAAI,OAAO,EAAE,CAAC;AAE9B,OAAO;KACJ,IAAI,CAAC,SAAS,CAAC;KACf,WAAW,CAAC,iEAAiE,CAAC;KAC9E,OAAO,CAAC,OAAO,CAAC,CAAC;AAEpB,8EAA8E;AAC9E,WAAW;AACX,8EAA8E;AAE9E,OAAO;KACJ,OAAO,CAAC,UAAU,CAAC;KACnB,WAAW,CAAC,6BAA6B,CAAC;KAC1C,QAAQ,CAAC,UAAU,EAAE,0BAA0B,CAAC;KAChD,MAAM,CAAC,KAAK,EAAE,UAAkB,EAAE,EAAE;IACnC,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,kBAAkB,CAAC,UAAU,CAAC,CAAC;QAC9C,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAC,CAAC;QAChC,OAAO,CAAC,GAAG,CAAC,WAAW,MAAM,CAAC,IAAI,EAAE,CAAC,CAAC;QACtC,OAAO,CAAC,GAAG,CAAC,cAAc,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC;QAC5C,OAAO,CAAC,GAAG,CAAC,mBAAmB,MAAM,CAAC,YAAY,CAAC,MAAM,EAAE,CAAC,CAAC;QAC7D,OAAO,CAAC,GAAG,CAAC,YAAY,MAAM,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC,CAAC;QAC/C,OAAO,CAAC,GAAG,CAAC,yBAAyB,MAAM,CAAC,SAAS,CAAC,MAAM,EAAE,CAAC,CAAC;QAEhE,IAAI,MAAM,CAAC,MAAM,CAAC,cAAc,EAAE,CAAC;YACjC,OAAO,CAAC,GAAG,CAAC,kBAAkB,MAAM,CAAC,MAAM,CAAC,cAAc,IAAI,CAAC,CAAC;QAClE,CAAC;QACD,IAAI,MAAM,CAAC,MAAM,CAAC,iBAAiB,EAAE,CAAC;YACpC,OAAO,CAAC,GAAG,CAAC,wBAAwB,MAAM,CAAC,MAAM,CAAC,iBAAiB,EAAE,CAAC,CAAC;QACzE,CAAC;QAED,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;YACnB,OAAO,CAAC,GAAG,CAAC,wBAAwB,CAAC,CAAC;YACtC,IAAI,MAAM,CAAC,OAAO,CAAC,WAAW,EAAE,CAAC;gBAC/B,OAAO,CAAC,GAAG,CAAC,oBAAoB,MAAM,CAAC,OAAO,CAAC,WAAW,EAAE,CAAC,CAAC;YAChE,CAAC;YACD,IAAI,MAAM,CAAC,OAAO,CAAC,WAAW,EAAE,CAAC;gBAC/B,OAAO,CAAC,GAAG,CAAC,oBAAoB,MAAM,CAAC,OAAO,CAAC,WAAW,EAAE,CAAC,CAAC;YAChE,CAAC;YACD,IAAI,MAAM,CAAC,OAAO,CAAC,UAAU,EAAE,CAAC;gBAC9B,OAAO,CAAC,GAAG,CAAC,mBAAmB,MAAM,CAAC,OAAO,CAAC,UAAU,CAAC,cAAc,MAAM,CAAC,CAAC;YACjF,CAAC;YACD,IAAI,MAAM,CAAC,OAAO,CAAC,UAAU,EAAE,CAAC;gBAC9B,OAAO,CAAC,GAAG,CAAC,yBAAyB,MAAM,CAAC,OAAO,CAAC,UAAU,CAAC,MAAM,EAAE,CAAC,CAAC;YAC3E,CAAC;QACH,CAAC;QAED,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,IAAI,GAAG,YAAY,qBAAqB,EAAE,CAAC;YACzC,OAAO,CAAC,KAAK,CAAC,2BAA2B,CAAC,CAAC;YAC3C,KAAK,MAAM,KAAK,IAAI,GAAG,CAAC,MAAM,EAAE,CAAC;gBAC/B,OAAO,CAAC,KAAK,CAAC,KAAK,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,KAAK,CAAC,IAAI,GAAG,IAAI,CAAC,CAAC,CAAC,EAAE,GAAG,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC;YAC5E,CAAC;QACH,CAAC;aAAM,CAAC;YACN,OAAO,CAAC,KAAK,CAAC,UAAW,GAAa,CAAC,OAAO,EAAE,CAAC,CAAC;QACpD,CAAC;QACD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;AACH,CAAC,CAAC,CAAC;AAEL,8EAA8E;AAC9E,OAAO;AACP,8EAA8E;AAE9E,OAAO;KACJ,OAAO,CAAC,MAAM,CAAC;KACf,WAAW,CAAC,sEAAsE,CAAC;KACnF,QAAQ,CAAC,UAAU,EAAE,0BAA0B,CAAC;KAChD,QAAQ,CAAC,cAAc,EAAE,oBAAoB,CAAC;KAC9C,MAAM,CAAC,oBAAoB,EAAE,4BAA4B,EAAE,kBAAkB,CAAC;KAC9E,MAAM,CAAC,KAAK,EAAE,UAAkB,EAAE,YAAsB,EAAE,IAA2B,EAAE,EAAE;IACxF,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,YAAY,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QACvC,MAAM,SAAS,GAAG,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;QAE/C,MAAM,OAAO,GAAG,MAAM,YAAY,CAAC,MAAM,CAAC,EAAE,SAAS,EAAE,CAAC,CAAC;QACzD,MAAM,OAAO,GAAG,MAAM,OAAO,CAAC,aAAa,CAAC,UAAU,CAAC,CAAC;QACxD,MAAM,KAAK,GAAG,IAAI,UAAU,CAAC,OAAO,EAAE,OAAO,CAAC,EAAE,CAAC,CAAC;QAElD,OAAO,CAAC,GAAG,CAAC,YAAY,OAAO,CAAC,EAAE,EAAE,CAAC,CAAC;QACtC,OAAO,CAAC,GAAG,CAAC,YAAY,OAAO,EAAE,CAAC,CAAC;QACnC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QAEhB,MAAM,MAAM,GAAG,MAAM,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QAEzC,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;YACpB,OAAO,CAAC,KAAK,CAAC,mBAAmB,CAAC,CAAC;YACnC,KAAK,MAAM,MAAM,IAAI,MAAM,CAAC,MAAM,EAAE,OAAO,IAAI,EAAE,EAAE,CAAC;gBAClD,OAAO,CAAC,KAAK,CAAC,KAAK,MAAM,EAAE,CAAC,CAAC;YAC/B,CAAC;YACD,MAAM,OAAO,CAAC,gBAAgB,CAAC,OAAO,CAAC,EAAE,EAAE,gBAAgB,CAAC,CAAC;YAC7D,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;QAED,IAAI,MAAM,CAAC,MAAM,EAAE,CAAC;YAClB,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;QACtC,CAAC;QACD,IAAI,MAAM,CAAC,MAAM,EAAE,CAAC;YAClB,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;QACtC,CAAC;QAED,MAAM,OAAO,CAAC,gBAAgB,CAAC,OAAO,CAAC,EAAE,EAAE,mBAAmB,CAAC,CAAC;QAChE,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,QAAQ,IAAI,CAAC,CAAC,CAAC;IACrC,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,OAAO,CAAC,KAAK,CAAC,UAAW,GAAa,CAAC,OAAO,EAAE,CAAC,CAAC;QAClD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;AACH,CAAC,CAAC,CAAC;AAEL,8EAA8E;AAC9E,QAAQ;AACR,8EAA8E;AAE9E,OAAO;KACJ,OAAO,CAAC,OAAO,CAAC;KAChB,WAAW,CAAC,4BAA4B,CAAC;KACzC,QAAQ,CAAC,UAAU,EAAE,oCAAoC,CAAC;KAC1D,MAAM,CACL,iBAAiB,EACjB,wFAAwF,CACzF;KACA,MAAM,CAAC,cAAc,EAAE,4EAA4E,CAAC;KACpG,MAAM,CAAC,oBAAoB,EAAE,uEAAuE,CAAC;KACrG,MAAM,CACL,KAAK,EACH,UAA8B,EAC9B,IAA2D,EAC3D,EAAE;IACF,IAAI,CAAC;QACH,IAAI,WAA2B,CAAC;QAEhC,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC;YAChB,yEAAyE;YACzE,MAAM,UAAU,GAAG,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;YAC7C,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;gBAC/B,OAAO,CAAC,KAAK,CAAC,0BAA0B,UAAU,EAAE,CAAC,CAAC;gBACtD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;YAClB,CAAC;YAED,MAAM,UAAU,GAAG,IAAI,CAAC,GAAG;gBACzB,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC;gBACxB,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;YAC7B,MAAM,SAAS,GAAG,IAAI,CAAC,SAAS;gBAC9B,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,SAAS,CAAC;gBAC9B,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,UAAU,EAAE,UAAU,EAAE,SAAS,CAAC,CAAC;YAEpD,WAAW,GAAG;gBACZ,MAAM,EAAE,UAAU;gBAClB,SAAS;gBACT,SAAS,EAAE,OAAO;gBAClB,QAAQ,EAAE;oBACR;wBACE,IAAI,EAAE,YAAY;wBAClB,SAAS,EAAE,OAAO;wBAClB,OAAO,EAAE,KAAK;wBACd,IAAI,EAAE,CAAC,IAAI,EAAE,yCAAyC,EAAE,UAAU,CAAC;qBACpE;iBACF;aACF,CAAC;QACJ,CAAC;aAAM,IAAI,UAAU,EAAE,CAAC;YACtB,yEAAyE;YACzE,MAAM,OAAO,GAAG,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;YACzC,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,OAAO,CAAC,EAAE,CAAC;gBAC5B,OAAO,CAAC,KAAK,CAAC,0BAA0B,OAAO,EAAE,CAAC,CAAC;gBACnD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;YAClB,CAAC;YAED,MAAM,OAAO,GAAG,EAAE,CAAC,YAAY,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;YAClD,MAAM,MAAM,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;YAClC,MAAM,SAAS,GAAG,oBAAoB,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;YAErD,WAAW,GAAG;gBACZ,MAAM,EAAE,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,SAAS,CAAC,MAAM,CAAC;gBAC7D,SAAS,EAAE,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC,UAAU,CAAC;gBAC7C,QAAQ,EAAE,SAAS,CAAC,QAAQ;gBAC5B,SAAS,EAAE,SAAS,CAAC,SAAS;gBAC9B,IAAI,EAAE,SAAS,CAAC,IAAI;gBACpB,IAAI,EAAE,SAAS,CAAC,IAAI;gBACpB,eAAe,EAAE,SAAS,CAAC,gBAAuD;aACnF,CAAC;QACJ,CAAC;aAAM,CAAC;YACN,OAAO,CAAC,KAAK,CAAC,iEAAiE,CAAC,CAAC;YACjF,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;YAClB,OAAO,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC;YAC1B,OAAO,CAAC,KAAK,CAAC,6DAA6D,CAAC,CAAC;YAC7E,OAAO,CAAC,KAAK,CAAC,4DAA4D,CAAC,CAAC;YAC5E,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;YAChB,OAAO,CAAC,wCAAwC;QAClD,CAAC;QAED,MAAM,OAAO,GAAG,MAAM,YAAY,CAAC,MAAM,CAAC;YACxC,SAAS,EAAE,WAAW,CAAC,SAAS;SACjC,CAAC,CAAC;QAEH,MAAM,KAAK,GAAG,IAAI,cAAc,CAAC,WAAW,EAAE,OAAO,CAAC,CAAC;QAEvD,OAAO,CAAC,KAAK,CAAC,8BAA8B,CAAC,CAAC;QAC9C,OAAO,CAAC,KAAK,CAAC,gBAAgB,WAAW,CAAC,SAAS,EAAE,CAAC,CAAC;QACvD,OAAO,CAAC,KAAK,CAAC,eAAe,WAAW,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QAEnF,MAAM,KAAK,CAAC,KAAK,EAAE,CAAC;QAEpB,2BAA2B;QAC3B,MAAM,QAAQ,GAAG,KAAK,IAAI,EAAE;YAC1B,OAAO,CAAC,KAAK,CAAC,8BAA8B,CAAC,CAAC;YAC9C,MAAM,KAAK,CAAC,IAAI,EAAE,CAAC;YACnB,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC,CAAC;QAEF,OAAO,CAAC,EAAE,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;QAC/B,OAAO,CAAC,EAAE,CAAC,SAAS,EAAE,QAAQ,CAAC,CAAC;IAClC,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,OAAO,CAAC,KAAK,CAAC,UAAW,GAAa,CAAC,OAAO,EAAE,CAAC,CAAC;QAClD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;AACH,CAAC,CACF,CAAC;AAEJ,8EAA8E;AAC9E,SAAS;AACT,8EAA8E;AAE9E,OAAO;KACJ,OAAO,CAAC,QAAQ,CAAC;KACjB,WAAW,CAAC,uCAAuC,CAAC;KACpD,QAAQ,CAAC,eAAe,EAAE,uCAAuC,CAAC;KAClE,MAAM,CAAC,KAAK,EAAE,UAAkB,EAAE,EAAE;IACnC,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;QACzC,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,OAAO,CAAC,EAAE,CAAC;YAC5B,OAAO,CAAC,KAAK,CAAC,0BAA0B,OAAO,EAAE,CAAC,CAAC;YACnD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;QAED,mBAAmB;QACnB,MAAM,SAAS,GAAG,cAAc,CAAC,eAAe,CAAC,OAAO,CAAC,CAAC;QAC1D,OAAO,CAAC,GAAG,CAAC,0BAA0B,CAAC,CAAC;QACxC,OAAO,CAAC,GAAG,CAAC,UAAU,SAAS,CAAC,KAAK,EAAE,CAAC,CAAC;QACzC,OAAO,CAAC,GAAG,CAAC,YAAY,SAAS,CAAC,YAAY,EAAE,CAAC,CAAC;QAClD,IAAI,CAAC,SAAS,CAAC,KAAK,EAAE,CAAC;YACrB,OAAO,CAAC,GAAG,CAAC,kBAAkB,SAAS,CAAC,QAAQ,EAAE,CAAC,CAAC;YACpD,OAAO,CAAC,GAAG,CAAC,UAAU,SAAS,CAAC,KAAK,EAAE,CAAC,CAAC;QAC3C,CAAC;QAED,qBAAqB;QACrB,MAAM,OAAO,GAAG,EAAE,CAAC,YAAY,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC,IAAI,EAAE,CAAC;QACzD,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACzB,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAC,CAAC;YAChC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;QAED,MAAM,OAAO,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC;QACpE,MAAM,SAAS,GAAG,OAAO,CAAC,CAAC,CAAC,EAAE,SAAS,CAAC;QAExC,IAAI,SAAS,EAAE,CAAC;YACd,MAAM,OAAO,GAAG,sBAAsB,CAAC,OAAO,EAAE,SAAS,CAAC,CAAC;YAC3D,OAAO,CAAC,GAAG,CAAC,0BAA0B,SAAS,OAAO,CAAC,CAAC;YACxD,OAAO,CAAC,GAAG,CAAC,kBAAkB,OAAO,CAAC,YAAY,EAAE,CAAC,CAAC;YACtD,OAAO,CAAC,GAAG,CAAC,sBAAsB,OAAO,CAAC,gBAAgB,EAAE,CAAC,CAAC;YAC9D,OAAO,CAAC,GAAG,CAAC,cAAc,OAAO,CAAC,cAAc,EAAE,CAAC,CAAC;YACpD,OAAO,CAAC,GAAG,CAAC,aAAa,OAAO,CAAC,aAAa,EAAE,CAAC,CAAC;YAClD,OAAO,CAAC,GAAG,CAAC,YAAY,OAAO,CAAC,YAAY,EAAE,CAAC,CAAC;YAChD,OAAO,CAAC,GAAG,CAAC,qBAAqB,OAAO,CAAC,eAAe,EAAE,CAAC,CAAC;YAC5D,OAAO,CAAC,GAAG,CAAC,wBAAwB,OAAO,CAAC,iBAAiB,EAAE,CAAC,CAAC;YACjE,OAAO,CAAC,GAAG,CAAC,oBAAoB,OAAO,CAAC,cAAc,EAAE,CAAC,CAAC;YAC1D,OAAO,CAAC,GAAG,CAAC,mBAAmB,OAAO,CAAC,aAAa,EAAE,CAAC,CAAC;YACxD,OAAO,CAAC,GAAG,CAAC,mBAAmB,OAAO,CAAC,aAAa,EAAE,CAAC,CAAC;YACxD,OAAO,CAAC,GAAG,CAAC,0BAA0B,OAAO,CAAC,oBAAoB,EAAE,CAAC,CAAC;YACtE,IAAI,OAAO,CAAC,YAAY,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBACpC,OAAO,CAAC,GAAG,CAAC,kBAAkB,OAAO,CAAC,YAAY,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;YACpE,CAAC;YACD,IAAI,OAAO,CAAC,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBAC9B,OAAO,CAAC,GAAG,CAAC,WAAW,OAAO,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;YACtD,CAAC;QACH,CAAC;QAED,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,OAAO,CAAC,KAAK,CAAC,UAAW,GAAa,CAAC,OAAO,EAAE,CAAC,CAAC;QAClD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;AACH,CAAC,CAAC,CAAC;AAEL,8EAA8E;AAC9E,QAAQ;AACR,8EAA8E;AAE9E,OAAO;KACJ,OAAO,CAAC,OAAO,CAAC;KAChB,WAAW,CAAC,+BAA+B,CAAC;KAC5C,MAAM,CAAC,mBAAmB,EAAE,iBAAiB,EAAE,WAAW,CAAC;KAC3D,MAAM,CAAC,mBAAmB,EAAE,mBAAmB,EAAE,MAAM,CAAC;KACxD,MAAM,CAAC,oBAAoB,EAAE,4BAA4B,EAAE,kBAAkB,CAAC;KAC9E,MAAM,CAAC,KAAK,EAAE,IAAuD,EAAE,EAAE;IACxE,IAAI,CAAC;QACH,MAAM,EAAE,WAAW,EAAE,GAAG,MAAM,MAAM,CAAC,qBAAqB,CAAC,CAAC;QAC5D,MAAM,WAAW,CAAC;YAChB,IAAI,EAAE,IAAI,CAAC,IAAI;YACf,IAAI,EAAE,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC;YACzB,aAAa,EAAE;gBACb,SAAS,EAAE,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,SAAS,CAAC;aACxC;SACF,CAAC,CAAC;IACL,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,OAAO,CAAC,KAAK,CAAC,2BAA4B,GAAa,CAAC,OAAO,EAAE,CAAC,CAAC;QACnE,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;AACH,CAAC,CAAC,CAAC;AAEL,8EAA8E;AAC9E,OAAO;AACP,8EAA8E;AAE9E,mBAAmB,CAAC,OAAO,CAAC,CAAC;AAE7B,8EAA8E;AAC9E,oBAAoB;AACpB,8EAA8E;AAE9E,OAAO,CAAC,KAAK,EAAE,CAAC"}

package/dist/cli/init.d.ts

@@ -0,0 +1,32 @@
+/**
+ * `det-acp init <integration>` command.
+ *
+ * Scaffolds all required files for a given integration (cursor, codex,
+ * claude-code) so users can get started with a single command.
+ *
+ * The only file a user may want to customize afterwards is policy.yaml.
+ */
+import type { Command } from 'commander';
+type Integration = 'cursor' | 'codex' | 'claude-code';
+interface FileToWrite {
+    /** Absolute path */
+    path: string;
+    /** File content */
+    content: string;
+    /** Short label for display (relative to project root) */
+    label: string;
+    /** Description shown next to the file in output */
+    description: string;
+}
+interface InitResult {
+    created: FileToWrite[];
+    skipped: FileToWrite[];
+}
+export interface InitOptions {
+    policy?: string;
+    force?: boolean;
+}
+export declare function runInit(integration: Integration, opts: InitOptions): InitResult;
+export declare function registerInitCommand(program: Command): void;
+export {};
+//# sourceMappingURL=init.d.ts.map

package/dist/cli/init.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"init.d.ts","sourceRoot":"","sources":["../../src/cli/init.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AAkBzC,KAAK,WAAW,GAAG,QAAQ,GAAG,OAAO,GAAG,aAAa,CAAC;AAEtD,UAAU,WAAW;IACnB,oBAAoB;IACpB,IAAI,EAAE,MAAM,CAAC;IACb,mBAAmB;IACnB,OAAO,EAAE,MAAM,CAAC;IAChB,yDAAyD;IACzD,KAAK,EAAE,MAAM,CAAC;IACd,mDAAmD;IACnD,WAAW,EAAE,MAAM,CAAC;CACrB;AAED,UAAU,UAAU;IAClB,OAAO,EAAE,WAAW,EAAE,CAAC;IACvB,OAAO,EAAE,WAAW,EAAE,CAAC;CACxB;AA0HD,MAAM,WAAW,WAAW;IAC1B,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,KAAK,CAAC,EAAE,OAAO,CAAC;CACjB;AAED,wBAAgB,OAAO,CAAC,WAAW,EAAE,WAAW,EAAE,IAAI,EAAE,WAAW,GAAG,UAAU,CAqD/E;AAMD,wBAAgB,mBAAmB,CAAC,OAAO,EAAE,OAAO,GAAG,IAAI,CAsE1D"}

package/dist/cli/init.js

@@ -0,0 +1,234 @@
+/**
+ * `det-acp init <integration>` command.
+ *
+ * Scaffolds all required files for a given integration (cursor, codex,
+ * claude-code) so users can get started with a single command.
+ *
+ * The only file a user may want to customize afterwards is policy.yaml.
+ */
+import fs from 'node:fs';
+import path from 'node:path';
+import { DEFAULT_POLICY, GOVERNANCE_MDC, CLAUDE_MD, AGENTS_MD, CLAUDE_SETTINGS_JSON, generateCursorMcpJson, generateClaudeCodeMcpJson, generateCodexConfigToml, } from './templates.js';
+// ---------------------------------------------------------------------------
+// Helpers
+// ---------------------------------------------------------------------------
+/**
+ * Resolve the absolute path to the CLI entry point (dist/cli/index.js).
+ * This is used when generating mcp.json / config.toml so the MCP server
+ * can be spawned with `node <cliPath> proxy --policy <policy>`.
+ */
+function resolveCliPath() {
+    // process.argv[1] is the script being executed, which is dist/cli/index.js
+    // when run via `node dist/cli/index.js` or via the `det-acp` bin link.
+    return path.resolve(process.argv[1]);
+}
+/**
+ * Ensure a directory exists, creating intermediate dirs as needed.
+ */
+function ensureDir(dir) {
+    if (!fs.existsSync(dir)) {
+        fs.mkdirSync(dir, { recursive: true });
+    }
+}
+/**
+ * Write a file only if it doesn't exist or --force is set.
+ * Returns true if the file was written, false if skipped.
+ */
+function writeIfNeeded(file, force) {
+    if (fs.existsSync(file.path) && !force) {
+        return false;
+    }
+    ensureDir(path.dirname(file.path));
+    fs.writeFileSync(file.path, file.content, 'utf-8');
+    return true;
+}
+// ---------------------------------------------------------------------------
+// File manifests per integration
+// ---------------------------------------------------------------------------
+function cursorFiles(projectDir, policyAbsPath, cliPath) {
+    return [
+        {
+            path: policyAbsPath,
+            content: DEFAULT_POLICY,
+            label: path.relative(projectDir, policyAbsPath),
+            description: 'governance policy (edit to customize)',
+        },
+        {
+            path: path.join(projectDir, '.cursor', 'mcp.json'),
+            content: generateCursorMcpJson(cliPath, policyAbsPath),
+            label: '.cursor/mcp.json',
+            description: 'MCP server registration',
+        },
+        {
+            path: path.join(projectDir, '.cursor', 'rules', 'governance.mdc'),
+            content: GOVERNANCE_MDC,
+            label: '.cursor/rules/governance.mdc',
+            description: 'agent governance rule',
+        },
+    ];
+}
+function codexFiles(projectDir, policyAbsPath, cliPath) {
+    return [
+        {
+            path: policyAbsPath,
+            content: DEFAULT_POLICY,
+            label: path.relative(projectDir, policyAbsPath),
+            description: 'governance policy (edit to customize)',
+        },
+        {
+            path: path.join(projectDir, '.codex', 'config.toml'),
+            content: generateCodexConfigToml(cliPath, policyAbsPath),
+            label: '.codex/config.toml',
+            description: 'Codex config with MCP server registration',
+        },
+        {
+            path: path.join(projectDir, 'AGENTS.md'),
+            content: AGENTS_MD,
+            label: 'AGENTS.md',
+            description: 'agent governance instructions',
+        },
+    ];
+}
+function claudeCodeFiles(projectDir, policyAbsPath, cliPath) {
+    return [
+        {
+            path: policyAbsPath,
+            content: DEFAULT_POLICY,
+            label: path.relative(projectDir, policyAbsPath),
+            description: 'governance policy (edit to customize)',
+        },
+        {
+            path: path.join(projectDir, '.mcp.json'),
+            content: generateClaudeCodeMcpJson(cliPath, policyAbsPath),
+            label: '.mcp.json',
+            description: 'MCP server registration',
+        },
+        {
+            path: path.join(projectDir, 'CLAUDE.md'),
+            content: CLAUDE_MD,
+            label: 'CLAUDE.md',
+            description: 'agent governance instructions',
+        },
+        {
+            path: path.join(projectDir, '.claude', 'settings.json'),
+            content: CLAUDE_SETTINGS_JSON,
+            label: '.claude/settings.json',
+            description: 'deny built-in file tools (semi-hard enforcement)',
+        },
+    ];
+}
+export function runInit(integration, opts) {
+    const projectDir = process.cwd();
+    const cliPath = resolveCliPath();
+    // Determine the policy file path
+    let policyAbsPath;
+    let customPolicy = false;
+    if (opts.policy) {
+        policyAbsPath = path.resolve(opts.policy);
+        customPolicy = true;
+        if (!fs.existsSync(policyAbsPath)) {
+            throw new Error(`Policy file not found: ${policyAbsPath}`);
+        }
+    }
+    else {
+        policyAbsPath = path.join(projectDir, 'policy.yaml');
+    }
+    // Get the file manifest for this integration
+    let files;
+    switch (integration) {
+        case 'cursor':
+            files = cursorFiles(projectDir, policyAbsPath, cliPath);
+            break;
+        case 'codex':
+            files = codexFiles(projectDir, policyAbsPath, cliPath);
+            break;
+        case 'claude-code':
+            files = claudeCodeFiles(projectDir, policyAbsPath, cliPath);
+            break;
+        default:
+            throw new Error(`Unknown integration: ${integration}`);
+    }
+    // If a custom policy was provided, skip writing the default policy
+    if (customPolicy) {
+        files = files.filter((f) => f.path !== policyAbsPath);
+    }
+    // Write files
+    const created = [];
+    const skipped = [];
+    for (const file of files) {
+        const written = writeIfNeeded(file, opts.force ?? false);
+        if (written) {
+            created.push(file);
+        }
+        else {
+            skipped.push(file);
+        }
+    }
+    return { created, skipped };
+}
+// ---------------------------------------------------------------------------
+// CLI command registration
+// ---------------------------------------------------------------------------
+export function registerInitCommand(program) {
+    program
+        .command('init')
+        .description('Set up governance for an AI agent integration')
+        .argument('<integration>', 'Integration to set up: cursor, codex, or claude-code')
+        .option('--policy <path>', 'Path to an existing policy.yaml (skip generating default)')
+        .option('--force', 'Overwrite existing files', false)
+        .action((integration, opts) => {
+        const validIntegrations = ['cursor', 'codex', 'claude-code'];
+        if (!validIntegrations.includes(integration)) {
+            console.error(`Unknown integration: "${integration}". Valid options: ${validIntegrations.join(', ')}`);
+            process.exit(1);
+        }
+        try {
+            const result = runInit(integration, opts);
+            const projectDir = process.cwd();
+            console.log('');
+            console.log(`  Deterministic Agent Control Protocol -- init (${integration})`);
+            console.log(`  Project: ${projectDir}`);
+            console.log('');
+            if (result.created.length > 0) {
+                console.log('  Created:');
+                for (const file of result.created) {
+                    console.log(`    + ${file.label.padEnd(36)} ${file.description}`);
+                }
+            }
+            if (result.skipped.length > 0) {
+                console.log('');
+                console.log('  Skipped (already exist, use --force to overwrite):');
+                for (const file of result.skipped) {
+                    console.log(`    - ${file.label.padEnd(36)} ${file.description}`);
+                }
+            }
+            console.log('');
+            if (opts.policy) {
+                console.log(`  Using custom policy: ${opts.policy}`);
+            }
+            else {
+                console.log('  Next steps:');
+                console.log('    1. Review and customize policy.yaml for your needs');
+            }
+            switch (integration) {
+                case 'cursor':
+                    console.log('    2. Restart Cursor to pick up the MCP server');
+                    break;
+                case 'codex':
+                    console.log('    2. Run codex to pick up the MCP server');
+                    break;
+                case 'claude-code':
+                    console.log('    2. Restart Claude Code to pick up the MCP server');
+                    break;
+            }
+            console.log('');
+            console.log('  The agent will now route file operations through governance.');
+            console.log('');
+        }
+        catch (err) {
+            console.error(`Error: ${err.message}`);
+            process.exit(1);
+        }
+    });
+}
+//# sourceMappingURL=init.js.map

package/dist/cli/init.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"init.js","sourceRoot":"","sources":["../../src/cli/init.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAGH,OAAO,EAAE,MAAM,SAAS,CAAC;AACzB,OAAO,IAAI,MAAM,WAAW,CAAC;AAC7B,OAAO,EACL,cAAc,EACd,cAAc,EACd,SAAS,EACT,SAAS,EACT,oBAAoB,EACpB,qBAAqB,EACrB,yBAAyB,EACzB,uBAAuB,GACxB,MAAM,gBAAgB,CAAC;AAwBxB,8EAA8E;AAC9E,UAAU;AACV,8EAA8E;AAE9E;;;;GAIG;AACH,SAAS,cAAc;IACrB,2EAA2E;IAC3E,uEAAuE;IACvE,OAAO,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC;AACvC,CAAC;AAED;;GAEG;AACH,SAAS,SAAS,CAAC,GAAW;IAC5B,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;QACxB,EAAE,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IACzC,CAAC;AACH,CAAC;AAED;;;GAGG;AACH,SAAS,aAAa,CAAC,IAAiB,EAAE,KAAc;IACtD,IAAI,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK,EAAE,CAAC;QACvC,OAAO,KAAK,CAAC;IACf,CAAC;IACD,SAAS,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC;IACnC,EAAE,CAAC,aAAa,CAAC,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;IACnD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,8EAA8E;AAC9E,iCAAiC;AACjC,8EAA8E;AAE9E,SAAS,WAAW,CAAC,UAAkB,EAAE,aAAqB,EAAE,OAAe;IAC7E,OAAO;QACL;YACE,IAAI,EAAE,aAAa;YACnB,OAAO,EAAE,cAAc;YACvB,KAAK,EAAE,IAAI,CAAC,QAAQ,CAAC,UAAU,EAAE,aAAa,CAAC;YAC/C,WAAW,EAAE,uCAAuC;SACrD;QACD;YACE,IAAI,EAAE,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,SAAS,EAAE,UAAU,CAAC;YAClD,OAAO,EAAE,qBAAqB,CAAC,OAAO,EAAE,aAAa,CAAC;YACtD,KAAK,EAAE,kBAAkB;YACzB,WAAW,EAAE,yBAAyB;SACvC;QACD;YACE,IAAI,EAAE,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,SAAS,EAAE,OAAO,EAAE,gBAAgB,CAAC;YACjE,OAAO,EAAE,cAAc;YACvB,KAAK,EAAE,8BAA8B;YACrC,WAAW,EAAE,uBAAuB;SACrC;KACF,CAAC;AACJ,CAAC;AAED,SAAS,UAAU,CAAC,UAAkB,EAAE,aAAqB,EAAE,OAAe;IAC5E,OAAO;QACL;YACE,IAAI,EAAE,aAAa;YACnB,OAAO,EAAE,cAAc;YACvB,KAAK,EAAE,IAAI,CAAC,QAAQ,CAAC,UAAU,EAAE,aAAa,CAAC;YAC/C,WAAW,EAAE,uCAAuC;SACrD;QACD;YACE,IAAI,EAAE,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,QAAQ,EAAE,aAAa,CAAC;YACpD,OAAO,EAAE,uBAAuB,CAAC,OAAO,EAAE,aAAa,CAAC;YACxD,KAAK,EAAE,oBAAoB;YAC3B,WAAW,EAAE,2CAA2C;SACzD;QACD;YACE,IAAI,EAAE,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,WAAW,CAAC;YACxC,OAAO,EAAE,SAAS;YAClB,KAAK,EAAE,WAAW;YAClB,WAAW,EAAE,+BAA+B;SAC7C;KACF,CAAC;AACJ,CAAC;AAED,SAAS,eAAe,CAAC,UAAkB,EAAE,aAAqB,EAAE,OAAe;IACjF,OAAO;QACL;YACE,IAAI,EAAE,aAAa;YACnB,OAAO,EAAE,cAAc;YACvB,KAAK,EAAE,IAAI,CAAC,QAAQ,CAAC,UAAU,EAAE,aAAa,CAAC;YAC/C,WAAW,EAAE,uCAAuC;SACrD;QACD;YACE,IAAI,EAAE,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,WAAW,CAAC;YACxC,OAAO,EAAE,yBAAyB,CAAC,OAAO,EAAE,aAAa,CAAC;YAC1D,KAAK,EAAE,WAAW;YAClB,WAAW,EAAE,yBAAyB;SACvC;QACD;YACE,IAAI,EAAE,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,WAAW,CAAC;YACxC,OAAO,EAAE,SAAS;YAClB,KAAK,EAAE,WAAW;YAClB,WAAW,EAAE,+BAA+B;SAC7C;QACD;YACE,IAAI,EAAE,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,SAAS,EAAE,eAAe,CAAC;YACvD,OAAO,EAAE,oBAAoB;YAC7B,KAAK,EAAE,uBAAuB;YAC9B,WAAW,EAAE,kDAAkD;SAChE;KACF,CAAC;AACJ,CAAC;AAWD,MAAM,UAAU,OAAO,CAAC,WAAwB,EAAE,IAAiB;IACjE,MAAM,UAAU,GAAG,OAAO,CAAC,GAAG,EAAE,CAAC;IACjC,MAAM,OAAO,GAAG,cAAc,EAAE,CAAC;IAEjC,iCAAiC;IACjC,IAAI,aAAqB,CAAC;IAC1B,IAAI,YAAY,GAAG,KAAK,CAAC;IAEzB,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC;QAChB,aAAa,GAAG,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QAC1C,YAAY,GAAG,IAAI,CAAC;QACpB,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,aAAa,CAAC,EAAE,CAAC;YAClC,MAAM,IAAI,KAAK,CAAC,0BAA0B,aAAa,EAAE,CAAC,CAAC;QAC7D,CAAC;IACH,CAAC;SAAM,CAAC;QACN,aAAa,GAAG,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,aAAa,CAAC,CAAC;IACvD,CAAC;IAED,6CAA6C;IAC7C,IAAI,KAAoB,CAAC;IACzB,QAAQ,WAAW,EAAE,CAAC;QACpB,KAAK,QAAQ;YACX,KAAK,GAAG,WAAW,CAAC,UAAU,EAAE,aAAa,EAAE,OAAO,CAAC,CAAC;YACxD,MAAM;QACR,KAAK,OAAO;YACV,KAAK,GAAG,UAAU,CAAC,UAAU,EAAE,aAAa,EAAE,OAAO,CAAC,CAAC;YACvD,MAAM;QACR,KAAK,aAAa;YAChB,KAAK,GAAG,eAAe,CAAC,UAAU,EAAE,aAAa,EAAE,OAAO,CAAC,CAAC;YAC5D,MAAM;QACR;YACE,MAAM,IAAI,KAAK,CAAC,wBAAwB,WAAW,EAAE,CAAC,CAAC;IAC3D,CAAC;IAED,mEAAmE;IACnE,IAAI,YAAY,EAAE,CAAC;QACjB,KAAK,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,aAAa,CAAC,CAAC;IACxD,CAAC;IAED,cAAc;IACd,MAAM,OAAO,GAAkB,EAAE,CAAC;IAClC,MAAM,OAAO,GAAkB,EAAE,CAAC;IAElC,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,MAAM,OAAO,GAAG,aAAa,CAAC,IAAI,EAAE,IAAI,CAAC,KAAK,IAAI,KAAK,CAAC,CAAC;QACzD,IAAI,OAAO,EAAE,CAAC;YACZ,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACrB,CAAC;aAAM,CAAC;YACN,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACrB,CAAC;IACH,CAAC;IAED,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,CAAC;AAC9B,CAAC;AAED,8EAA8E;AAC9E,2BAA2B;AAC3B,8EAA8E;AAE9E,MAAM,UAAU,mBAAmB,CAAC,OAAgB;IAClD,OAAO;SACJ,OAAO,CAAC,MAAM,CAAC;SACf,WAAW,CAAC,+CAA+C,CAAC;SAC5D,QAAQ,CAAC,eAAe,EAAE,sDAAsD,CAAC;SACjF,MAAM,CAAC,iBAAiB,EAAE,2DAA2D,CAAC;SACtF,MAAM,CAAC,SAAS,EAAE,0BAA0B,EAAE,KAAK,CAAC;SACpD,MAAM,CAAC,CAAC,WAAmB,EAAE,IAA0C,EAAE,EAAE;QAC1E,MAAM,iBAAiB,GAAkB,CAAC,QAAQ,EAAE,OAAO,EAAE,aAAa,CAAC,CAAC;QAE5E,IAAI,CAAC,iBAAiB,CAAC,QAAQ,CAAC,WAA0B,CAAC,EAAE,CAAC;YAC5D,OAAO,CAAC,KAAK,CACX,yBAAyB,WAAW,qBAAqB,iBAAiB,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CACxF,CAAC;YACF,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;QAED,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,OAAO,CAAC,WAA0B,EAAE,IAAI,CAAC,CAAC;YACzD,MAAM,UAAU,GAAG,OAAO,CAAC,GAAG,EAAE,CAAC;YAEjC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;YAChB,OAAO,CAAC,GAAG,CAAC,mDAAmD,WAAW,GAAG,CAAC,CAAC;YAC/E,OAAO,CAAC,GAAG,CAAC,cAAc,UAAU,EAAE,CAAC,CAAC;YACxC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;YAEhB,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBAC9B,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;gBAC1B,KAAK,MAAM,IAAI,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;oBAClC,OAAO,CAAC,GAAG,CAAC,SAAS,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,EAAE,CAAC,IAAI,IAAI,CAAC,WAAW,EAAE,CAAC,CAAC;gBACpE,CAAC;YACH,CAAC;YAED,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBAC9B,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;gBAChB,OAAO,CAAC,GAAG,CAAC,sDAAsD,CAAC,CAAC;gBACpE,KAAK,MAAM,IAAI,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;oBAClC,OAAO,CAAC,GAAG,CAAC,SAAS,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,EAAE,CAAC,IAAI,IAAI,CAAC,WAAW,EAAE,CAAC,CAAC;gBACpE,CAAC;YACH,CAAC;YAED,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;YAEhB,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC;gBAChB,OAAO,CAAC,GAAG,CAAC,0BAA0B,IAAI,CAAC,MAAM,EAAE,CAAC,CAAC;YACvD,CAAC;iBAAM,CAAC;gBACN,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC,CAAC;gBAC7B,OAAO,CAAC,GAAG,CAAC,wDAAwD,CAAC,CAAC;YACxE,CAAC;YAED,QAAQ,WAAW,EAAE,CAAC;gBACpB,KAAK,QAAQ;oBACX,OAAO,CAAC,GAAG,CAAC,iDAAiD,CAAC,CAAC;oBAC/D,MAAM;gBACR,KAAK,OAAO;oBACV,OAAO,CAAC,GAAG,CAAC,4CAA4C,CAAC,CAAC;oBAC1D,MAAM;gBACR,KAAK,aAAa;oBAChB,OAAO,CAAC,GAAG,CAAC,sDAAsD,CAAC,CAAC;oBACpE,MAAM;YACV,CAAC;YAED,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;YAChB,OAAO,CAAC,GAAG,CAAC,gEAAgE,CAAC,CAAC;YAC9E,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QAClB,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,OAAO,CAAC,KAAK,CAAC,UAAW,GAAa,CAAC,OAAO,EAAE,CAAC,CAAC;YAClD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;IACH,CAAC,CAAC,CAAC;AACP,CAAC"}

package/dist/cli/templates.d.ts

@@ -0,0 +1,27 @@
+/**
+ * Bundled templates for the `det-acp init` command.
+ *
+ * Contains default policy, governance rules for each integration,
+ * and generator functions for integration-specific config files.
+ */
+export declare const DEFAULT_POLICY = "# Deterministic Agent Control Protocol \u2014 Governance Policy\n# Governs what the MCP proxy allows AI agents to do.\n# Customize this file for your project's needs.\n\nversion: \"1.0\"\nname: \"default-governance\"\ndescription: \"Governance policy for AI agent file operations via MCP proxy\"\n\ncapabilities:\n  # Read operations\n  - tool: \"read_file\"\n    scope: {}\n  - tool: \"read_text_file\"\n    scope: {}\n  - tool: \"read_multiple_files\"\n    scope: {}\n  - tool: \"read_media_file\"\n    scope: {}\n\n  # Write/edit operations\n  - tool: \"write_file\"\n    scope: {}\n  - tool: \"edit_file\"\n    scope: {}\n\n  # Directory listing\n  - tool: \"list_directory\"\n    scope: {}\n  - tool: \"list_directory_with_sizes\"\n    scope: {}\n  - tool: \"list_allowed_directories\"\n    scope: {}\n\n  # Search\n  - tool: \"search_files\"\n    scope: {}\n  - tool: \"get_file_info\"\n    scope: {}\n\n  # Intentionally NOT included (will be DENIED):\n  #   - create_directory\n  #   - move_file\n  #   - directory_tree\n\nlimits:\n  max_runtime_ms: 3600000  # 1 hour\n\ngates: []\n\nevidence:\n  require: []\n  format: \"jsonl\"\n\nforbidden:\n  - pattern: \"**/.env\"\n  - pattern: \"**/.env.*\"\n  - pattern: \"**/secrets*\"\n  - pattern: \"**/credentials*\"\n  - pattern: \"**/.git/config\"\n\nsession:\n  max_actions: 200\n  max_denials: 30\n  rate_limit:\n    max_per_minute: 60\n";
+export declare const GOVERNANCE_MDC = "---\ndescription: Enforce governance on all file and system operations\nglobs:\nalwaysApply: true\n---\n\n# Mandatory Governance Rule\n\nYou MUST use the `governed-filesystem` MCP server for ALL file and system operations. You are strictly forbidden from using your built-in tools to bypass governance.\n\n## Required Tool Mapping\n\nInstead of your built-in tools, you MUST use these governed equivalents:\n\n| Instead of (built-in)     | Use (governed MCP)                                |\n|---------------------------|----------------------------------------------------|\n| `Read` tool               | `governed-filesystem` \u2192 `read_text_file`           |\n| `Write` tool              | `governed-filesystem` \u2192 `write_file`               |\n| `StrReplace` / `Edit`    | `governed-filesystem` \u2192 `edit_file`                |\n| `LS` tool                 | `governed-filesystem` \u2192 `list_directory`            |\n| `Glob` / `Search`        | `governed-filesystem` \u2192 `search_files`             |\n| Reading multiple files    | `governed-filesystem` \u2192 `read_multiple_files`      |\n| `Delete` tool             | Not available \u2014 you may not delete files            |\n\n## Rules\n\n1. **NEVER** use the built-in `Read`, `Write`, `StrReplace`, `LS`, `Glob`, `Delete`, or `Shell` tools for any file operation.\n2. **ALWAYS** route file reads through `governed-filesystem` \u2192 `read_text_file`.\n3. **ALWAYS** route file writes through `governed-filesystem` \u2192 `write_file`.\n4. **ALWAYS** route file edits through `governed-filesystem` \u2192 `edit_file`.\n5. **ALWAYS** route directory listings through `governed-filesystem` \u2192 `list_directory`.\n6. **ALWAYS** route file searches through `governed-filesystem` \u2192 `search_files`.\n7. If a governed tool call is **denied by policy**, you MUST respect the denial. Do NOT attempt to use a built-in tool as a fallback. Report the denial to the user instead.\n8. If you need a tool that is not available through the governed MCP server, ask the user for permission before proceeding.\n\n## Why\n\nAll file and system operations must go through the Deterministic Agent Control Protocol governance layer for policy enforcement and audit logging. Using built-in tools would bypass security policies, forbidden path protections, and the tamper-evident evidence ledger.\n";
+export declare const CLAUDE_MD = "# Governance Instructions\n\nYou MUST use the `governed-filesystem` MCP server for ALL file and system operations. You are strictly forbidden from using your built-in tools to bypass governance.\n\n## Required Tool Mapping\n\nInstead of your built-in file tools, you MUST use these governed equivalents:\n\n| Instead of (built-in)   | Use (governed MCP)                             |\n|--------------------------|------------------------------------------------|\n| `Read` tool              | `governed-filesystem` \u2192 `read_text_file`       |\n| `Write` tool             | `governed-filesystem` \u2192 `write_file`           |\n| `Edit` tool              | `governed-filesystem` \u2192 `edit_file`            |\n| `LS` / `Glob`           | `governed-filesystem` \u2192 `list_directory`       |\n| `Grep` / `Search`       | `governed-filesystem` \u2192 `search_files`         |\n| Reading multiple files   | `governed-filesystem` \u2192 `read_multiple_files`  |\n| Deleting files           | Not available \u2014 you may not delete files       |\n\n## Rules\n\n1. **NEVER** use the built-in `Read`, `Write`, `Edit`, `Grep`, `Glob`, or `Bash` (for file operations) tools when the governed MCP tools are available.\n2. **ALWAYS** route file reads through `governed-filesystem` \u2192 `read_text_file`.\n3. **ALWAYS** route file writes through `governed-filesystem` \u2192 `write_file`.\n4. **ALWAYS** route file edits through `governed-filesystem` \u2192 `edit_file`.\n5. **ALWAYS** route directory listings through `governed-filesystem` \u2192 `list_directory`.\n6. **ALWAYS** route file searches through `governed-filesystem` \u2192 `search_files`.\n7. If a governed tool call is **denied by policy**, you MUST respect the denial. Do NOT attempt to use a built-in tool as a fallback. Report the denial to the user instead.\n8. If you need a tool that is not available through the governed MCP server, ask the user for permission before proceeding.\n\n## Why\n\nAll file and system operations must go through the Deterministic Agent Control Protocol governance layer for policy enforcement and audit logging. Using built-in tools would bypass security policies, forbidden path protections, and the tamper-evident evidence ledger.\n";
+export declare const AGENTS_MD = "# Governance Instructions\n\nYou MUST use the `governed-filesystem` MCP server for ALL file and system operations. You are strictly forbidden from using your built-in tools to bypass governance.\n\n## Required Tool Mapping\n\nInstead of your built-in file tools, you MUST use these governed equivalents:\n\n| Instead of (built-in)   | Use (governed MCP)                             |\n|--------------------------|------------------------------------------------|\n| Reading files            | `governed-filesystem` \u2192 `read_text_file`       |\n| Writing files            | `governed-filesystem` \u2192 `write_file`           |\n| Editing files            | `governed-filesystem` \u2192 `edit_file`            |\n| Listing directories      | `governed-filesystem` \u2192 `list_directory`       |\n| Searching files          | `governed-filesystem` \u2192 `search_files`         |\n| Reading multiple files   | `governed-filesystem` \u2192 `read_multiple_files`  |\n| Deleting files           | Not available \u2014 you may not delete files       |\n\n## Rules\n\n1. **NEVER** use built-in file read/write/edit tools for any file operation when the governed MCP tools are available.\n2. **ALWAYS** route file operations through the `governed-filesystem` MCP server.\n3. If a governed tool call is **denied by policy**, you MUST respect the denial. Do NOT attempt to use a built-in tool as a fallback. Report the denial to the user instead.\n4. If you need a tool that is not available through the governed MCP server, ask the user for permission before proceeding.\n\n## Why\n\nAll file and system operations must go through the Deterministic Agent Control Protocol governance layer for policy enforcement and audit logging. Using built-in tools would bypass security policies, forbidden path protections, and the tamper-evident evidence ledger.\n";
+export declare const CLAUDE_SETTINGS_JSON = "{\n  \"permissions\": {\n    \"deny\": [\n      \"Read\",\n      \"Write\",\n      \"Edit\"\n    ],\n    \"allow\": [\n      \"Bash\",\n      \"Grep\",\n      \"Glob\",\n      \"governed-filesystem\"\n    ]\n  }\n}\n";
+/**
+ * Generate .cursor/mcp.json content.
+ * Uses the simplified `proxy --policy` mode so no mcp-proxy.yaml is needed.
+ */
+export declare function generateCursorMcpJson(cliPath: string, policyAbsPath: string): string;
+/**
+ * Generate .mcp.json content for Claude Code.
+ * Uses the simplified `proxy --policy` mode so no mcp-proxy.yaml is needed.
+ */
+export declare function generateClaudeCodeMcpJson(cliPath: string, policyAbsPath: string): string;
+/**
+ * Generate .codex/config.toml content.
+ * Uses the simplified `proxy --policy` mode so no mcp-proxy.yaml is needed.
+ */
+export declare function generateCodexConfigToml(cliPath: string, policyAbsPath: string): string;
+//# sourceMappingURL=templates.d.ts.map

package/dist/cli/templates.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"templates.d.ts","sourceRoot":"","sources":["../../src/cli/templates.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAMH,eAAO,MAAM,cAAc,u3CAkE1B,CAAC;AAMF,eAAO,MAAM,cAAc,0zEAuC1B,CAAC;AAMF,eAAO,MAAM,SAAS,8rEAiCrB,CAAC;AAMF,eAAO,MAAM,SAAS,8zDA6BrB,CAAC;AAMF,eAAO,MAAM,oBAAoB,6NAgBhC,CAAC;AAMF;;;GAGG;AACH,wBAAgB,qBAAqB,CAAC,OAAO,EAAE,MAAM,EAAE,aAAa,EAAE,MAAM,GAAG,MAAM,CAUpF;AAED;;;GAGG;AACH,wBAAgB,yBAAyB,CAAC,OAAO,EAAE,MAAM,EAAE,aAAa,EAAE,MAAM,GAAG,MAAM,CAUxF;AAED;;;GAGG;AACH,wBAAgB,uBAAuB,CAAC,OAAO,EAAE,MAAM,EAAE,aAAa,EAAE,MAAM,GAAG,MAAM,CAkBtF"}