@det-acp/core 0.2.0

package/dist/proxy/mcp-types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"mcp-types.d.ts","sourceRoot":"","sources":["../../src/proxy/mcp-types.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAMxB,MAAM,WAAW,gBAAgB;IAC/B,2CAA2C;IAC3C,IAAI,EAAE,MAAM,CAAC;IACb,qBAAqB;IACrB,SAAS,EAAE,OAAO,GAAG,KAAK,CAAC;IAC3B,6CAA6C;IAC7C,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,sDAAsD;IACtD,IAAI,CAAC,EAAE,MAAM,EAAE,CAAC;IAChB,kEAAkE;IAClE,GAAG,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAC7B,4BAA4B;IAC5B,GAAG,CAAC,EAAE,MAAM,CAAC;CACd;AAED,MAAM,WAAW,cAAc;IAC7B,8CAA8C;IAC9C,MAAM,EAAE,MAAM,CAAC;IACf,0CAA0C;IAC1C,SAAS,EAAE,MAAM,CAAC;IAClB,sCAAsC;IACtC,QAAQ,EAAE,gBAAgB,EAAE,CAAC;IAC7B,sEAAsE;IACtE,SAAS,EAAE,OAAO,GAAG,KAAK,CAAC;IAC3B,6BAA6B;IAC7B,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,6BAA6B;IAC7B,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,qCAAqC;IACrC,eAAe,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CAC3C;AAMD,eAAO,MAAM,sBAAsB;;;;;;;;;;iBAOjC,CAAC;AAEH,eAAO,MAAM,oBAAoB;;;;;;;;;;;;;;;;;;;;;iBAQ/B,CAAC;AAEH;;GAEG;AACH,MAAM,WAAW,WAAW;IAC1B,QAAQ,EAAE,MAAM,CAAC;IACjB,WAAW,EAAE,MAAM,CAAC;IACpB,YAAY,EAAE,MAAM,CAAC;CACtB"}

package/dist/proxy/mcp-types.js

@@ -0,0 +1,28 @@
+/**
+ * MCP Proxy configuration types.
+ *
+ * Defines the configuration for the MCP proxy server, including
+ * backend MCP server connections and transport settings.
+ */
+import { z } from 'zod';
+// ---------------------------------------------------------------------------
+// Zod schemas for config file validation
+// ---------------------------------------------------------------------------
+export const MCPBackendConfigSchema = z.object({
+    name: z.string().min(1),
+    transport: z.enum(['stdio', 'sse']),
+    command: z.string().optional(),
+    args: z.array(z.string()).optional(),
+    env: z.record(z.string(), z.string()).optional(),
+    url: z.string().url().optional(),
+});
+export const MCPProxyConfigSchema = z.object({
+    policy: z.string().min(1),
+    ledger_dir: z.string().default('.det-acp/ledgers'),
+    backends: z.array(MCPBackendConfigSchema).min(1),
+    transport: z.enum(['stdio', 'sse']).default('stdio'),
+    port: z.number().int().positive().optional(),
+    host: z.string().optional(),
+    session_metadata: z.record(z.string(), z.unknown()).optional(),
+});
+//# sourceMappingURL=mcp-types.js.map

package/dist/proxy/mcp-types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"mcp-types.js","sourceRoot":"","sources":["../../src/proxy/mcp-types.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAsCxB,8EAA8E;AAC9E,yCAAyC;AACzC,8EAA8E;AAE9E,MAAM,CAAC,MAAM,sBAAsB,GAAG,CAAC,CAAC,MAAM,CAAC;IAC7C,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IACvB,SAAS,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;IACnC,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC9B,IAAI,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IACpC,GAAG,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IAChD,GAAG,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE;CACjC,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,oBAAoB,GAAG,CAAC,CAAC,MAAM,CAAC;IAC3C,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IACzB,UAAU,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,OAAO,CAAC,kBAAkB,CAAC;IAClD,QAAQ,EAAE,CAAC,CAAC,KAAK,CAAC,sBAAsB,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;IAChD,SAAS,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC;IACpD,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,EAAE;IAC5C,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC3B,gBAAgB,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,EAAE;CAC/D,CAAC,CAAC"}

package/dist/proxy/shell-proxy.d.ts

@@ -0,0 +1,52 @@
+/**
+ * Shell Proxy — validates shell commands against policy before execution.
+ *
+ * Wraps command execution with policy enforcement:
+ *   1. Parse the command to extract the binary name
+ *   2. Evaluate against the session policy
+ *   3. If allowed, execute and record result
+ *   4. If denied, return the denial reasons without executing
+ *
+ * Usage:
+ *   - Programmatic: `new ShellProxy(gateway, sessionId).exec('ls -la')`
+ *   - CLI: `det-acp exec <policy> -- <command>`
+ */
+import type { AgentGateway } from '../engine/runtime.js';
+export interface ShellResult {
+    /** Whether the action was allowed by policy */
+    allowed: boolean;
+    /** Exit code of the command (if executed) */
+    exitCode?: number;
+    /** Standard output (if executed) */
+    stdout?: string;
+    /** Standard error (if executed) */
+    stderr?: string;
+    /** Denial info (if denied) */
+    denied?: {
+        reasons: string[];
+    };
+    /** The action ID assigned by the gateway */
+    actionId?: string;
+}
+export interface ShellExecOptions {
+    /** Working directory */
+    cwd?: string;
+    /** Timeout in milliseconds */
+    timeout?: number;
+    /** Environment variables */
+    env?: Record<string, string>;
+}
+export declare class ShellProxy {
+    private gateway;
+    private sessionId;
+    constructor(gateway: AgentGateway, sessionId: string);
+    /**
+     * Evaluate and optionally execute a shell command.
+     */
+    exec(command: string, opts?: ShellExecOptions): Promise<ShellResult>;
+    /**
+     * Get the session ID this proxy is associated with.
+     */
+    getSessionId(): string;
+}
+//# sourceMappingURL=shell-proxy.d.ts.map

package/dist/proxy/shell-proxy.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"shell-proxy.d.ts","sourceRoot":"","sources":["../../src/proxy/shell-proxy.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAGH,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,sBAAsB,CAAC;AAEzD,MAAM,WAAW,WAAW;IAC1B,+CAA+C;IAC/C,OAAO,EAAE,OAAO,CAAC;IACjB,6CAA6C;IAC7C,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,oCAAoC;IACpC,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,mCAAmC;IACnC,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,8BAA8B;IAC9B,MAAM,CAAC,EAAE;QAAE,OAAO,EAAE,MAAM,EAAE,CAAA;KAAE,CAAC;IAC/B,4CAA4C;IAC5C,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,gBAAgB;IAC/B,wBAAwB;IACxB,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,8BAA8B;IAC9B,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,4BAA4B;IAC5B,GAAG,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;CAC9B;AAED,qBAAa,UAAU;IACrB,OAAO,CAAC,OAAO,CAAe;IAC9B,OAAO,CAAC,SAAS,CAAS;gBAEd,OAAO,EAAE,YAAY,EAAE,SAAS,EAAE,MAAM;IAKpD;;OAEG;IACG,IAAI,CAAC,OAAO,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,gBAAgB,GAAG,OAAO,CAAC,WAAW,CAAC;IAmE1E;;OAEG;IACH,YAAY,IAAI,MAAM;CAGvB"}

package/dist/proxy/shell-proxy.js

@@ -0,0 +1,92 @@
+/**
+ * Shell Proxy — validates shell commands against policy before execution.
+ *
+ * Wraps command execution with policy enforcement:
+ *   1. Parse the command to extract the binary name
+ *   2. Evaluate against the session policy
+ *   3. If allowed, execute and record result
+ *   4. If denied, return the denial reasons without executing
+ *
+ * Usage:
+ *   - Programmatic: `new ShellProxy(gateway, sessionId).exec('ls -la')`
+ *   - CLI: `det-acp exec <policy> -- <command>`
+ */
+import { execSync } from 'node:child_process';
+export class ShellProxy {
+    gateway;
+    sessionId;
+    constructor(gateway, sessionId) {
+        this.gateway = gateway;
+        this.sessionId = sessionId;
+    }
+    /**
+     * Evaluate and optionally execute a shell command.
+     */
+    async exec(command, opts) {
+        // Evaluate the command against the session policy
+        const evaluation = await this.gateway.evaluate(this.sessionId, {
+            tool: 'command:run',
+            input: { command },
+        });
+        if (evaluation.decision === 'deny') {
+            return {
+                allowed: false,
+                denied: { reasons: evaluation.reasons },
+                actionId: evaluation.actionId,
+            };
+        }
+        if (evaluation.decision === 'gate') {
+            return {
+                allowed: false,
+                denied: { reasons: [`Requires approval: ${evaluation.reasons.join('; ')}`] },
+                actionId: evaluation.actionId,
+            };
+        }
+        // Allowed — execute the command
+        const execOpts = {
+            cwd: opts?.cwd,
+            timeout: opts?.timeout ?? 30_000,
+            env: opts?.env ? { ...process.env, ...opts.env } : undefined,
+            encoding: 'utf-8',
+            stdio: ['pipe', 'pipe', 'pipe'],
+        };
+        let stdout = '';
+        let stderr = '';
+        let exitCode = 0;
+        try {
+            const result = execSync(command, execOpts);
+            stdout = typeof result === 'string' ? result : result?.toString() ?? '';
+        }
+        catch (err) {
+            const execErr = err;
+            exitCode = execErr.status ?? 1;
+            stdout = execErr.stdout?.toString() ?? '';
+            stderr = execErr.stderr?.toString() ?? execErr.message ?? '';
+        }
+        // Record the result
+        await this.gateway.recordResult(this.sessionId, evaluation.actionId, {
+            success: exitCode === 0,
+            output: stdout,
+            error: exitCode !== 0 ? (stderr || `Exit code: ${exitCode}`) : undefined,
+            durationMs: 0, // execSync is blocking, timing would need wrapping
+            artifacts: [
+                { type: 'exit_code', value: String(exitCode), description: 'Process exit code' },
+                { type: 'log', value: stdout.slice(0, 10000), description: 'stdout (truncated)' },
+            ],
+        });
+        return {
+            allowed: true,
+            exitCode,
+            stdout,
+            stderr,
+            actionId: evaluation.actionId,
+        };
+    }
+    /**
+     * Get the session ID this proxy is associated with.
+     */
+    getSessionId() {
+        return this.sessionId;
+    }
+}
+//# sourceMappingURL=shell-proxy.js.map

package/dist/proxy/shell-proxy.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"shell-proxy.js","sourceRoot":"","sources":["../../src/proxy/shell-proxy.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAEH,OAAO,EAAE,QAAQ,EAAwB,MAAM,oBAAoB,CAAC;AA2BpE,MAAM,OAAO,UAAU;IACb,OAAO,CAAe;IACtB,SAAS,CAAS;IAE1B,YAAY,OAAqB,EAAE,SAAiB;QAClD,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC;QACvB,IAAI,CAAC,SAAS,GAAG,SAAS,CAAC;IAC7B,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,IAAI,CAAC,OAAe,EAAE,IAAuB;QACjD,kDAAkD;QAClD,MAAM,UAAU,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAC,SAAS,EAAE;YAC7D,IAAI,EAAE,aAAa;YACnB,KAAK,EAAE,EAAE,OAAO,EAAE;SACnB,CAAC,CAAC;QAEH,IAAI,UAAU,CAAC,QAAQ,KAAK,MAAM,EAAE,CAAC;YACnC,OAAO;gBACL,OAAO,EAAE,KAAK;gBACd,MAAM,EAAE,EAAE,OAAO,EAAE,UAAU,CAAC,OAAO,EAAE;gBACvC,QAAQ,EAAE,UAAU,CAAC,QAAQ;aAC9B,CAAC;QACJ,CAAC;QAED,IAAI,UAAU,CAAC,QAAQ,KAAK,MAAM,EAAE,CAAC;YACnC,OAAO;gBACL,OAAO,EAAE,KAAK;gBACd,MAAM,EAAE,EAAE,OAAO,EAAE,CAAC,sBAAsB,UAAU,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE;gBAC5E,QAAQ,EAAE,UAAU,CAAC,QAAQ;aAC9B,CAAC;QACJ,CAAC;QAED,gCAAgC;QAChC,MAAM,QAAQ,GAAoB;YAChC,GAAG,EAAE,IAAI,EAAE,GAAG;YACd,OAAO,EAAE,IAAI,EAAE,OAAO,IAAI,MAAM;YAChC,GAAG,EAAE,IAAI,EAAE,GAAG,CAAC,CAAC,CAAC,EAAE,GAAG,OAAO,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC,SAAS;YAC5D,QAAQ,EAAE,OAAO;YACjB,KAAK,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC;SAChC,CAAC;QAEF,IAAI,MAAM,GAAG,EAAE,CAAC;QAChB,IAAI,MAAM,GAAG,EAAE,CAAC;QAChB,IAAI,QAAQ,GAAG,CAAC,CAAC;QAEjB,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,QAAQ,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC;YAC3C,MAAM,GAAG,OAAO,MAAM,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;QAC1E,CAAC;QAAC,OAAO,GAAY,EAAE,CAAC;YACtB,MAAM,OAAO,GAAG,GAAgG,CAAC;YACjH,QAAQ,GAAG,OAAO,CAAC,MAAM,IAAI,CAAC,CAAC;YAC/B,MAAM,GAAG,OAAO,CAAC,MAAM,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;YAC1C,MAAM,GAAG,OAAO,CAAC,MAAM,EAAE,QAAQ,EAAE,IAAI,OAAO,CAAC,OAAO,IAAI,EAAE,CAAC;QAC/D,CAAC;QAED,oBAAoB;QACpB,MAAM,IAAI,CAAC,OAAO,CAAC,YAAY,CAAC,IAAI,CAAC,SAAS,EAAE,UAAU,CAAC,QAAQ,EAAE;YACnE,OAAO,EAAE,QAAQ,KAAK,CAAC;YACvB,MAAM,EAAE,MAAM;YACd,KAAK,EAAE,QAAQ,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,MAAM,IAAI,cAAc,QAAQ,EAAE,CAAC,CAAC,CAAC,CAAC,SAAS;YACxE,UAAU,EAAE,CAAC,EAAE,mDAAmD;YAClE,SAAS,EAAE;gBACT,EAAE,IAAI,EAAE,WAAW,EAAE,KAAK,EAAE,MAAM,CAAC,QAAQ,CAAC,EAAE,WAAW,EAAE,mBAAmB,EAAE;gBAChF,EAAE,IAAI,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,KAAK,CAAC,EAAE,WAAW,EAAE,oBAAoB,EAAE;aAClF;SACF,CAAC,CAAC;QAEH,OAAO;YACL,OAAO,EAAE,IAAI;YACb,QAAQ;YACR,MAAM;YACN,MAAM;YACN,QAAQ,EAAE,UAAU,CAAC,QAAQ;SAC9B,CAAC;IACJ,CAAC;IAED;;OAEG;IACH,YAAY;QACV,OAAO,IAAI,CAAC,SAAS,CAAC;IACxB,CAAC;CACF"}

package/dist/rollback/manager.d.ts

@@ -0,0 +1,62 @@
+/**
+ * Rollback Manager — generates compensation plans for session actions.
+ *
+ * In the gateway model, the control plane does not execute actions directly,
+ * so it cannot directly rollback. Instead, it provides:
+ *  - A compensation plan listing actions that should be undone
+ *  - Integration with the ShellProxy or MCP proxy to execute compensating actions
+ *
+ * All rollback actions are recorded in the evidence ledger.
+ */
+import type { ActionRegistry } from '../engine/action-registry.js';
+import type { EvidenceLedger } from '../ledger/ledger.js';
+import type { ExecutionContext, SessionAction, RollbackResult } from '../types.js';
+export interface CompensationStep {
+    actionId: string;
+    actionIndex: number;
+    tool: string;
+    input: Record<string, unknown>;
+    /** Whether this action was successfully executed (and thus may need rollback) */
+    wasExecuted: boolean;
+    /** Whether the tool adapter supports rollback */
+    canRollback: boolean;
+}
+export interface CompensationPlan {
+    sessionId: string;
+    /** Steps in reverse order (last executed = first to compensate) */
+    steps: CompensationStep[];
+}
+export interface RollbackReport {
+    totalSteps: number;
+    succeeded: number;
+    failed: number;
+    skipped: number;
+    results: Array<{
+        actionId: string;
+        actionIndex: number;
+        tool: string;
+        result: RollbackResult;
+    }>;
+}
+export declare class RollbackManager {
+    private registry;
+    private ledger;
+    constructor(registry: ActionRegistry, ledger: EvidenceLedger);
+    /**
+     * Build a compensation plan from session actions.
+     * Returns steps in reverse order (last executed = first to compensate).
+     */
+    buildCompensationPlan(sessionId: string, actions: SessionAction[]): CompensationPlan;
+    /**
+     * Execute a compensation plan using registered tool adapters.
+     * Only works for tools that have adapters with rollback support.
+     * Continues even if individual rollbacks fail (best-effort).
+     */
+    execute(plan: CompensationPlan, ctx: ExecutionContext): Promise<RollbackReport>;
+    /**
+     * Get a compensation plan without executing it.
+     * Useful for the gateway model where the caller handles execution.
+     */
+    getCompensationPlan(sessionId: string, actions: SessionAction[]): CompensationPlan;
+}
+//# sourceMappingURL=manager.d.ts.map

package/dist/rollback/manager.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"manager.d.ts","sourceRoot":"","sources":["../../src/rollback/manager.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,8BAA8B,CAAC;AACnE,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,qBAAqB,CAAC;AAC1D,OAAO,KAAK,EACV,gBAAgB,EAChB,aAAa,EACb,cAAc,EACf,MAAM,aAAa,CAAC;AAErB,MAAM,WAAW,gBAAgB;IAC/B,QAAQ,EAAE,MAAM,CAAC;IACjB,WAAW,EAAE,MAAM,CAAC;IACpB,IAAI,EAAE,MAAM,CAAC;IACb,KAAK,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAC/B,iFAAiF;IACjF,WAAW,EAAE,OAAO,CAAC;IACrB,iDAAiD;IACjD,WAAW,EAAE,OAAO,CAAC;CACtB;AAED,MAAM,WAAW,gBAAgB;IAC/B,SAAS,EAAE,MAAM,CAAC;IAClB,mEAAmE;IACnE,KAAK,EAAE,gBAAgB,EAAE,CAAC;CAC3B;AAED,MAAM,WAAW,cAAc;IAC7B,UAAU,EAAE,MAAM,CAAC;IACnB,SAAS,EAAE,MAAM,CAAC;IAClB,MAAM,EAAE,MAAM,CAAC;IACf,OAAO,EAAE,MAAM,CAAC;IAChB,OAAO,EAAE,KAAK,CAAC;QACb,QAAQ,EAAE,MAAM,CAAC;QACjB,WAAW,EAAE,MAAM,CAAC;QACpB,IAAI,EAAE,MAAM,CAAC;QACb,MAAM,EAAE,cAAc,CAAC;KACxB,CAAC,CAAC;CACJ;AAED,qBAAa,eAAe;IAExB,OAAO,CAAC,QAAQ;IAChB,OAAO,CAAC,MAAM;gBADN,QAAQ,EAAE,cAAc,EACxB,MAAM,EAAE,cAAc;IAGhC;;;OAGG;IACH,qBAAqB,CACnB,SAAS,EAAE,MAAM,EACjB,OAAO,EAAE,aAAa,EAAE,GACvB,gBAAgB;IAqBnB;;;;OAIG;IACG,OAAO,CACX,IAAI,EAAE,gBAAgB,EACtB,GAAG,EAAE,gBAAgB,GACpB,OAAO,CAAC,cAAc,CAAC;IA0G1B;;;OAGG;IACH,mBAAmB,CACjB,SAAS,EAAE,MAAM,EACjB,OAAO,EAAE,aAAa,EAAE,GACvB,gBAAgB;CAGpB"}

package/dist/rollback/manager.js

@@ -0,0 +1,151 @@
+/**
+ * Rollback Manager — generates compensation plans for session actions.
+ *
+ * In the gateway model, the control plane does not execute actions directly,
+ * so it cannot directly rollback. Instead, it provides:
+ *  - A compensation plan listing actions that should be undone
+ *  - Integration with the ShellProxy or MCP proxy to execute compensating actions
+ *
+ * All rollback actions are recorded in the evidence ledger.
+ */
+export class RollbackManager {
+    registry;
+    ledger;
+    constructor(registry, ledger) {
+        this.registry = registry;
+        this.ledger = ledger;
+    }
+    /**
+     * Build a compensation plan from session actions.
+     * Returns steps in reverse order (last executed = first to compensate).
+     */
+    buildCompensationPlan(sessionId, actions) {
+        const steps = [];
+        for (let i = actions.length - 1; i >= 0; i--) {
+            const action = actions[i];
+            const wasExecuted = action.result?.success === true;
+            const adapter = this.registry.get(action.request.tool);
+            steps.push({
+                actionId: action.id,
+                actionIndex: action.index,
+                tool: action.request.tool,
+                input: action.request.input,
+                wasExecuted,
+                canRollback: adapter != null,
+            });
+        }
+        return { sessionId, steps };
+    }
+    /**
+     * Execute a compensation plan using registered tool adapters.
+     * Only works for tools that have adapters with rollback support.
+     * Continues even if individual rollbacks fail (best-effort).
+     */
+    async execute(plan, ctx) {
+        const results = [];
+        let succeeded = 0;
+        let failed = 0;
+        let skipped = 0;
+        for (const step of plan.steps) {
+            // Skip steps that were not successfully executed
+            if (!step.wasExecuted) {
+                skipped++;
+                results.push({
+                    actionId: step.actionId,
+                    actionIndex: step.actionIndex,
+                    tool: step.tool,
+                    result: {
+                        tool: step.tool,
+                        success: true,
+                        description: 'Skipped — action was not successfully executed',
+                    },
+                });
+                continue;
+            }
+            const adapter = this.registry.get(step.tool);
+            if (!adapter) {
+                failed++;
+                const result = {
+                    tool: step.tool,
+                    success: false,
+                    description: `Cannot rollback — tool adapter "${step.tool}" not found`,
+                    error: 'Tool adapter not registered',
+                };
+                results.push({
+                    actionId: step.actionId,
+                    actionIndex: step.actionIndex,
+                    tool: step.tool,
+                    result,
+                });
+                await this.ledger.append(ctx.sessionId, 'action:rollback', {
+                    actionId: step.actionId,
+                    actionIndex: step.actionIndex,
+                    tool: step.tool,
+                    success: false,
+                    error: result.error,
+                });
+                continue;
+            }
+            try {
+                const result = await adapter.rollback(step.input, ctx);
+                results.push({
+                    actionId: step.actionId,
+                    actionIndex: step.actionIndex,
+                    tool: step.tool,
+                    result,
+                });
+                if (result.success) {
+                    succeeded++;
+                }
+                else {
+                    failed++;
+                }
+                await this.ledger.append(ctx.sessionId, 'action:rollback', {
+                    actionId: step.actionId,
+                    actionIndex: step.actionIndex,
+                    tool: step.tool,
+                    success: result.success,
+                    description: result.description,
+                    error: result.error,
+                });
+            }
+            catch (err) {
+                failed++;
+                const result = {
+                    tool: step.tool,
+                    success: false,
+                    description: 'Rollback threw an exception',
+                    error: err.message,
+                };
+                results.push({
+                    actionId: step.actionId,
+                    actionIndex: step.actionIndex,
+                    tool: step.tool,
+                    result,
+                });
+                await this.ledger.append(ctx.sessionId, 'action:rollback', {
+                    actionId: step.actionId,
+                    actionIndex: step.actionIndex,
+                    tool: step.tool,
+                    success: false,
+                    error: err.message,
+                });
+            }
+        }
+        return {
+            totalSteps: plan.steps.length,
+            succeeded,
+            failed,
+            skipped,
+            results,
+        };
+    }
+    /**
+     * Get a compensation plan without executing it.
+     * Useful for the gateway model where the caller handles execution.
+     */
+    getCompensationPlan(sessionId, actions) {
+        return this.buildCompensationPlan(sessionId, actions);
+    }
+}
+//# sourceMappingURL=manager.js.map

package/dist/rollback/manager.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"manager.js","sourceRoot":"","sources":["../../src/rollback/manager.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAwCH,MAAM,OAAO,eAAe;IAEhB;IACA;IAFV,YACU,QAAwB,EACxB,MAAsB;QADtB,aAAQ,GAAR,QAAQ,CAAgB;QACxB,WAAM,GAAN,MAAM,CAAgB;IAC7B,CAAC;IAEJ;;;OAGG;IACH,qBAAqB,CACnB,SAAiB,EACjB,OAAwB;QAExB,MAAM,KAAK,GAAuB,EAAE,CAAC;QAErC,KAAK,IAAI,CAAC,GAAG,OAAO,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC;YAC7C,MAAM,MAAM,GAAG,OAAO,CAAC,CAAC,CAAC,CAAC;YAC1B,MAAM,WAAW,GAAG,MAAM,CAAC,MAAM,EAAE,OAAO,KAAK,IAAI,CAAC;YACpD,MAAM,OAAO,GAAG,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;YAEvD,KAAK,CAAC,IAAI,CAAC;gBACT,QAAQ,EAAE,MAAM,CAAC,EAAE;gBACnB,WAAW,EAAE,MAAM,CAAC,KAAK;gBACzB,IAAI,EAAE,MAAM,CAAC,OAAO,CAAC,IAAI;gBACzB,KAAK,EAAE,MAAM,CAAC,OAAO,CAAC,KAAK;gBAC3B,WAAW;gBACX,WAAW,EAAE,OAAO,IAAI,IAAI;aAC7B,CAAC,CAAC;QACL,CAAC;QAED,OAAO,EAAE,SAAS,EAAE,KAAK,EAAE,CAAC;IAC9B,CAAC;IAED;;;;OAIG;IACH,KAAK,CAAC,OAAO,CACX,IAAsB,EACtB,GAAqB;QAErB,MAAM,OAAO,GAA8B,EAAE,CAAC;QAC9C,IAAI,SAAS,GAAG,CAAC,CAAC;QAClB,IAAI,MAAM,GAAG,CAAC,CAAC;QACf,IAAI,OAAO,GAAG,CAAC,CAAC;QAEhB,KAAK,MAAM,IAAI,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;YAC9B,iDAAiD;YACjD,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC;gBACtB,OAAO,EAAE,CAAC;gBACV,OAAO,CAAC,IAAI,CAAC;oBACX,QAAQ,EAAE,IAAI,CAAC,QAAQ;oBACvB,WAAW,EAAE,IAAI,CAAC,WAAW;oBAC7B,IAAI,EAAE,IAAI,CAAC,IAAI;oBACf,MAAM,EAAE;wBACN,IAAI,EAAE,IAAI,CAAC,IAAI;wBACf,OAAO,EAAE,IAAI;wBACb,WAAW,EAAE,gDAAgD;qBAC9D;iBACF,CAAC,CAAC;gBACH,SAAS;YACX,CAAC;YAED,MAAM,OAAO,GAAG,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAC7C,IAAI,CAAC,OAAO,EAAE,CAAC;gBACb,MAAM,EAAE,CAAC;gBACT,MAAM,MAAM,GAAmB;oBAC7B,IAAI,EAAE,IAAI,CAAC,IAAI;oBACf,OAAO,EAAE,KAAK;oBACd,WAAW,EAAE,mCAAmC,IAAI,CAAC,IAAI,aAAa;oBACtE,KAAK,EAAE,6BAA6B;iBACrC,CAAC;gBACF,OAAO,CAAC,IAAI,CAAC;oBACX,QAAQ,EAAE,IAAI,CAAC,QAAQ;oBACvB,WAAW,EAAE,IAAI,CAAC,WAAW;oBAC7B,IAAI,EAAE,IAAI,CAAC,IAAI;oBACf,MAAM;iBACP,CAAC,CAAC;gBAEH,MAAM,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC,SAAS,EAAE,iBAAiB,EAAE;oBACzD,QAAQ,EAAE,IAAI,CAAC,QAAQ;oBACvB,WAAW,EAAE,IAAI,CAAC,WAAW;oBAC7B,IAAI,EAAE,IAAI,CAAC,IAAI;oBACf,OAAO,EAAE,KAAK;oBACd,KAAK,EAAE,MAAM,CAAC,KAAK;iBACpB,CAAC,CAAC;gBACH,SAAS;YACX,CAAC;YAED,IAAI,CAAC;gBACH,MAAM,MAAM,GAAG,MAAM,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;gBACvD,OAAO,CAAC,IAAI,CAAC;oBACX,QAAQ,EAAE,IAAI,CAAC,QAAQ;oBACvB,WAAW,EAAE,IAAI,CAAC,WAAW;oBAC7B,IAAI,EAAE,IAAI,CAAC,IAAI;oBACf,MAAM;iBACP,CAAC,CAAC;gBAEH,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;oBACnB,SAAS,EAAE,CAAC;gBACd,CAAC;qBAAM,CAAC;oBACN,MAAM,EAAE,CAAC;gBACX,CAAC;gBAED,MAAM,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC,SAAS,EAAE,iBAAiB,EAAE;oBACzD,QAAQ,EAAE,IAAI,CAAC,QAAQ;oBACvB,WAAW,EAAE,IAAI,CAAC,WAAW;oBAC7B,IAAI,EAAE,IAAI,CAAC,IAAI;oBACf,OAAO,EAAE,MAAM,CAAC,OAAO;oBACvB,WAAW,EAAE,MAAM,CAAC,WAAW;oBAC/B,KAAK,EAAE,MAAM,CAAC,KAAK;iBACpB,CAAC,CAAC;YACL,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,MAAM,EAAE,CAAC;gBACT,MAAM,MAAM,GAAmB;oBAC7B,IAAI,EAAE,IAAI,CAAC,IAAI;oBACf,OAAO,EAAE,KAAK;oBACd,WAAW,EAAE,6BAA6B;oBAC1C,KAAK,EAAG,GAAa,CAAC,OAAO;iBAC9B,CAAC;gBACF,OAAO,CAAC,IAAI,CAAC;oBACX,QAAQ,EAAE,IAAI,CAAC,QAAQ;oBACvB,WAAW,EAAE,IAAI,CAAC,WAAW;oBAC7B,IAAI,EAAE,IAAI,CAAC,IAAI;oBACf,MAAM;iBACP,CAAC,CAAC;gBAEH,MAAM,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC,SAAS,EAAE,iBAAiB,EAAE;oBACzD,QAAQ,EAAE,IAAI,CAAC,QAAQ;oBACvB,WAAW,EAAE,IAAI,CAAC,WAAW;oBAC7B,IAAI,EAAE,IAAI,CAAC,IAAI;oBACf,OAAO,EAAE,KAAK;oBACd,KAAK,EAAG,GAAa,CAAC,OAAO;iBAC9B,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,OAAO;YACL,UAAU,EAAE,IAAI,CAAC,KAAK,CAAC,MAAM;YAC7B,SAAS;YACT,MAAM;YACN,OAAO;YACP,OAAO;SACR,CAAC;IACJ,CAAC;IAED;;;OAGG;IACH,mBAAmB,CACjB,SAAiB,EACjB,OAAwB;QAExB,OAAO,IAAI,CAAC,qBAAqB,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC;IACxD,CAAC;CACF"}

package/dist/server/server.d.ts

@@ -0,0 +1,24 @@
+/**
+ * HTTP Session Server — language-agnostic interface to the Deterministic Agent Control Protocol.
+ *
+ * Provides REST endpoints for:
+ *  - Session creation, evaluation, result recording
+ *  - Gate approval/rejection
+ *  - Session termination and reporting
+ *  - Ledger queries and integrity verification
+ *  - Policy validation
+ *  - Health checks
+ */
+import type { FastifyInstance } from 'fastify';
+import { type GatewayConfig } from '../engine/runtime.js';
+export interface ServerConfig {
+    host?: string;
+    port?: number;
+    gatewayConfig: GatewayConfig;
+}
+export declare function createServer(config: ServerConfig): Promise<FastifyInstance>;
+/**
+ * Start the session server.
+ */
+export declare function startServer(config: ServerConfig): Promise<FastifyInstance>;
+//# sourceMappingURL=server.d.ts.map

package/dist/server/server.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"server.d.ts","sourceRoot":"","sources":["../../src/server/server.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAGH,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,SAAS,CAAC;AAC/C,OAAO,EAAgB,KAAK,aAAa,EAAE,MAAM,sBAAsB,CAAC;AAUxE,MAAM,WAAW,YAAY;IAC3B,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,aAAa,EAAE,aAAa,CAAC;CAC9B;AAED,wBAAsB,YAAY,CAAC,MAAM,EAAE,YAAY,GAAG,OAAO,CAAC,eAAe,CAAC,CA0OjF;AAED;;GAEG;AACH,wBAAsB,WAAW,CAAC,MAAM,EAAE,YAAY,GAAG,OAAO,CAAC,eAAe,CAAC,CAQhF"}

package/dist/server/server.js

@@ -0,0 +1,200 @@
+/**
+ * HTTP Session Server — language-agnostic interface to the Deterministic Agent Control Protocol.
+ *
+ * Provides REST endpoints for:
+ *  - Session creation, evaluation, result recording
+ *  - Gate approval/rejection
+ *  - Session termination and reporting
+ *  - Ledger queries and integrity verification
+ *  - Policy validation
+ *  - Health checks
+ */
+import Fastify from 'fastify';
+import { AgentGateway } from '../engine/runtime.js';
+import { parsePolicyYaml, PolicyValidationError } from '../policy/loader.js';
+import { EvidenceLedger } from '../ledger/ledger.js';
+import { queryLedger, summarizeSessionLedger } from '../ledger/query.js';
+export async function createServer(config) {
+    const app = Fastify({ logger: true });
+    // Initialize gateway
+    const gateway = await AgentGateway.create(config.gatewayConfig);
+    // --- Health ---
+    app.get('/health', async () => {
+        return {
+            status: 'ok',
+            timestamp: new Date().toISOString(),
+            tools: gateway.getRegistry().listTools(),
+            activeSessions: gateway.listSessions().filter((s) => s.state === 'active').length,
+        };
+    });
+    // --- Policy Validation ---
+    app.post('/validate', async (request, reply) => {
+        try {
+            const policy = parsePolicyYaml(request.body.yaml);
+            return { valid: true, policy };
+        }
+        catch (err) {
+            if (err instanceof PolicyValidationError) {
+                reply.status(400);
+                return { valid: false, errors: err.issues };
+            }
+            reply.status(500);
+            return { valid: false, errors: [{ path: '', message: err.message }] };
+        }
+    });
+    // --- Session Creation ---
+    app.post('/sessions', async (request, reply) => {
+        try {
+            const { policy, metadata } = request.body;
+            const session = await gateway.createSession(policy, metadata);
+            reply.status(201);
+            return { sessionId: session.id, state: session.state, session };
+        }
+        catch (err) {
+            reply.status(400);
+            return { error: err.message };
+        }
+    });
+    // --- List Sessions ---
+    app.get('/sessions', async () => {
+        const sessions = gateway.listSessions();
+        return {
+            sessions: sessions.map((s) => ({
+                id: s.id,
+                state: s.state,
+                actionsCount: s.actions.length,
+                createdAt: s.createdAt,
+                updatedAt: s.updatedAt,
+            })),
+        };
+    });
+    // --- Get Session ---
+    app.get('/sessions/:id', async (request, reply) => {
+        const session = gateway.getSession(request.params.id);
+        if (!session) {
+            reply.status(404);
+            return { error: 'Session not found' };
+        }
+        return { session };
+    });
+    // --- Evaluate Action ---
+    app.post('/sessions/:id/evaluate', async (request, reply) => {
+        try {
+            const result = await gateway.evaluate(request.params.id, request.body.action);
+            return result;
+        }
+        catch (err) {
+            reply.status(400);
+            return { error: err.message };
+        }
+    });
+    // --- Record Result ---
+    app.post('/sessions/:id/record', async (request, reply) => {
+        try {
+            await gateway.recordResult(request.params.id, request.body.actionId, request.body.result);
+            return { success: true };
+        }
+        catch (err) {
+            reply.status(400);
+            return { error: err.message };
+        }
+    });
+    // --- Approve Gate ---
+    app.post('/sessions/:id/approve', async (request, reply) => {
+        try {
+            await gateway.resolveGate(request.params.id, request.body.actionId, 'approved', request.body.respondedBy, request.body.reason);
+            return { approved: true };
+        }
+        catch (err) {
+            reply.status(400);
+            return { error: err.message };
+        }
+    });
+    // --- Reject Gate ---
+    app.post('/sessions/:id/reject', async (request, reply) => {
+        try {
+            await gateway.resolveGate(request.params.id, request.body.actionId, 'rejected', request.body.respondedBy, request.body.reason);
+            return { rejected: true };
+        }
+        catch (err) {
+            reply.status(400);
+            return { error: err.message };
+        }
+    });
+    // --- Terminate Session ---
+    app.post('/sessions/:id/terminate', async (request, reply) => {
+        try {
+            const report = await gateway.terminateSession(request.params.id, request.body?.reason);
+            return { report };
+        }
+        catch (err) {
+            reply.status(400);
+            return { error: err.message };
+        }
+    });
+    // --- Session Report ---
+    app.get('/sessions/:id/report', async (request, reply) => {
+        try {
+            const report = gateway.getSessionReport(request.params.id);
+            return { report };
+        }
+        catch (err) {
+            reply.status(400);
+            return { error: err.message };
+        }
+    });
+    // --- Session Ledger ---
+    app.get('/sessions/:id/ledger', async (request, reply) => {
+        const ledger = gateway.getSessionLedger(request.params.id);
+        if (!ledger) {
+            reply.status(404);
+            return { error: 'Session not found or ledger not available' };
+        }
+        const entries = ledger.readAll();
+        const filtered = queryLedger(entries, {
+            sessionId: request.params.id,
+            types: request.query.types?.split(','),
+            limit: request.query.limit ? parseInt(request.query.limit) : undefined,
+            offset: request.query.offset ? parseInt(request.query.offset) : undefined,
+        });
+        return {
+            entries: filtered,
+            total: entries.length,
+            returned: filtered.length,
+        };
+    });
+    // --- Session Ledger Summary ---
+    app.get('/sessions/:id/ledger/summary', async (request, reply) => {
+        const ledger = gateway.getSessionLedger(request.params.id);
+        if (!ledger) {
+            reply.status(404);
+            return { error: 'Session not found or ledger not available' };
+        }
+        const entries = ledger.readAll();
+        const summary = summarizeSessionLedger(entries, request.params.id);
+        return { summary };
+    });
+    // --- Ledger Integrity Check ---
+    app.get('/sessions/:id/ledger/verify', async (request, reply) => {
+        const ledger = gateway.getSessionLedger(request.params.id);
+        if (!ledger) {
+            reply.status(404);
+            return { error: 'Session not found or ledger not available' };
+        }
+        const result = EvidenceLedger.verifyIntegrity(ledger.getFilePath());
+        return { integrity: result };
+    });
+    return app;
+}
+/**
+ * Start the session server.
+ */
+export async function startServer(config) {
+    const app = await createServer(config);
+    const host = config.host ?? '127.0.0.1';
+    const port = config.port ?? 3100;
+    await app.listen({ host, port });
+    console.log(`Deterministic Agent Control Protocol gateway running at http://${host}:${port}`);
+    return app;
+}
+//# sourceMappingURL=server.js.map

package/dist/server/server.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"server.js","sourceRoot":"","sources":["../../src/server/server.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAEH,OAAO,OAAO,MAAM,SAAS,CAAC;AAE9B,OAAO,EAAE,YAAY,EAAsB,MAAM,sBAAsB,CAAC;AACxE,OAAO,EAAE,eAAe,EAAE,qBAAqB,EAAE,MAAM,qBAAqB,CAAC;AAC7E,OAAO,EAAE,cAAc,EAAE,MAAM,qBAAqB,CAAC;AACrD,OAAO,EAAE,WAAW,EAAE,sBAAsB,EAAE,MAAM,oBAAoB,CAAC;AAazE,MAAM,CAAC,KAAK,UAAU,YAAY,CAAC,MAAoB;IACrD,MAAM,GAAG,GAAG,OAAO,CAAC,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC;IAEtC,qBAAqB;IACrB,MAAM,OAAO,GAAG,MAAM,YAAY,CAAC,MAAM,CAAC,MAAM,CAAC,aAAa,CAAC,CAAC;IAEhE,iBAAiB;IAEjB,GAAG,CAAC,GAAG,CAAC,SAAS,EAAE,KAAK,IAAI,EAAE;QAC5B,OAAO;YACL,MAAM,EAAE,IAAI;YACZ,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YACnC,KAAK,EAAE,OAAO,CAAC,WAAW,EAAE,CAAC,SAAS,EAAE;YACxC,cAAc,EAAE,OAAO,CAAC,YAAY,EAAE,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,KAAK,QAAQ,CAAC,CAAC,MAAM;SAClF,CAAC;IACJ,CAAC,CAAC,CAAC;IAEH,4BAA4B;IAE5B,GAAG,CAAC,IAAI,CAA6B,WAAW,EAAE,KAAK,EAAE,OAAO,EAAE,KAAK,EAAE,EAAE;QACzE,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,eAAe,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAClD,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC;QACjC,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,IAAI,GAAG,YAAY,qBAAqB,EAAE,CAAC;gBACzC,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;gBAClB,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,GAAG,CAAC,MAAM,EAAE,CAAC;YAC9C,CAAC;YACD,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;YAClB,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,CAAC,EAAE,IAAI,EAAE,EAAE,EAAE,OAAO,EAAG,GAAa,CAAC,OAAO,EAAE,CAAC,EAAE,CAAC;QACnF,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,2BAA2B;IAE3B,GAAG,CAAC,IAAI,CAAiC,WAAW,EAAE,KAAK,EAAE,OAAO,EAAE,KAAK,EAAE,EAAE;QAC7E,IAAI,CAAC;YACH,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE,GAAG,OAAO,CAAC,IAAI,CAAC;YAC1C,MAAM,OAAO,GAAG,MAAM,OAAO,CAAC,aAAa,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;YAC9D,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;YAClB,OAAO,EAAE,SAAS,EAAE,OAAO,CAAC,EAAE,EAAE,KAAK,EAAE,OAAO,CAAC,KAAK,EAAE,OAAO,EAAE,CAAC;QAClE,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;YAClB,OAAO,EAAE,KAAK,EAAG,GAAa,CAAC,OAAO,EAAE,CAAC;QAC3C,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,wBAAwB;IAExB,GAAG,CAAC,GAAG,CAAC,WAAW,EAAE,KAAK,IAAI,EAAE;QAC9B,MAAM,QAAQ,GAAG,OAAO,CAAC,YAAY,EAAE,CAAC;QACxC,OAAO;YACL,QAAQ,EAAE,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;gBAC7B,EAAE,EAAE,CAAC,CAAC,EAAE;gBACR,KAAK,EAAE,CAAC,CAAC,KAAK;gBACd,YAAY,EAAE,CAAC,CAAC,OAAO,CAAC,MAAM;gBAC9B,SAAS,EAAE,CAAC,CAAC,SAAS;gBACtB,SAAS,EAAE,CAAC,CAAC,SAAS;aACvB,CAAC,CAAC;SACJ,CAAC;IACJ,CAAC,CAAC,CAAC;IAEH,sBAAsB;IAEtB,GAAG,CAAC,GAAG,CAA6B,eAAe,EAAE,KAAK,EAAE,OAAO,EAAE,KAAK,EAAE,EAAE;QAC5E,MAAM,OAAO,GAAG,OAAO,CAAC,UAAU,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;QACtD,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;YAClB,OAAO,EAAE,KAAK,EAAE,mBAAmB,EAAE,CAAC;QACxC,CAAC;QACD,OAAO,EAAE,OAAO,EAAE,CAAC;IACrB,CAAC,CAAC,CAAC;IAEH,0BAA0B;IAE1B,GAAG,CAAC,IAAI,CAGL,wBAAwB,EAAE,KAAK,EAAE,OAAO,EAAE,KAAK,EAAE,EAAE;QACpD,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,MAAM,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,EAAE,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;YAC9E,OAAO,MAAM,CAAC;QAChB,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;YAClB,OAAO,EAAE,KAAK,EAAG,GAAa,CAAC,OAAO,EAAE,CAAC;QAC3C,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,wBAAwB;IAExB,GAAG,CAAC,IAAI,CAGL,sBAAsB,EAAE,KAAK,EAAE,OAAO,EAAE,KAAK,EAAE,EAAE;QAClD,IAAI,CAAC;YACH,MAAM,OAAO,CAAC,YAAY,CACxB,OAAO,CAAC,MAAM,CAAC,EAAE,EACjB,OAAO,CAAC,IAAI,CAAC,QAAQ,EACrB,OAAO,CAAC,IAAI,CAAC,MAAM,CACpB,CAAC;YACF,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;QAC3B,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;YAClB,OAAO,EAAE,KAAK,EAAG,GAAa,CAAC,OAAO,EAAE,CAAC;QAC3C,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,uBAAuB;IAEvB,GAAG,CAAC,IAAI,CAGL,uBAAuB,EAAE,KAAK,EAAE,OAAO,EAAE,KAAK,EAAE,EAAE;QACnD,IAAI,CAAC;YACH,MAAM,OAAO,CAAC,WAAW,CACvB,OAAO,CAAC,MAAM,CAAC,EAAE,EACjB,OAAO,CAAC,IAAI,CAAC,QAAQ,EACrB,UAAU,EACV,OAAO,CAAC,IAAI,CAAC,WAAW,EACxB,OAAO,CAAC,IAAI,CAAC,MAAM,CACpB,CAAC;YACF,OAAO,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;QAC5B,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;YAClB,OAAO,EAAE,KAAK,EAAG,GAAa,CAAC,OAAO,EAAE,CAAC;QAC3C,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,sBAAsB;IAEtB,GAAG,CAAC,IAAI,CAGL,sBAAsB,EAAE,KAAK,EAAE,OAAO,EAAE,KAAK,EAAE,EAAE;QAClD,IAAI,CAAC;YACH,MAAM,OAAO,CAAC,WAAW,CACvB,OAAO,CAAC,MAAM,CAAC,EAAE,EACjB,OAAO,CAAC,IAAI,CAAC,QAAQ,EACrB,UAAU,EACV,OAAO,CAAC,IAAI,CAAC,WAAW,EACxB,OAAO,CAAC,IAAI,CAAC,MAAM,CACpB,CAAC;YACF,OAAO,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;QAC5B,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;YAClB,OAAO,EAAE,KAAK,EAAG,GAAa,CAAC,OAAO,EAAE,CAAC;QAC3C,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,4BAA4B;IAE5B,GAAG,CAAC,IAAI,CAGL,yBAAyB,EAAE,KAAK,EAAE,OAAO,EAAE,KAAK,EAAE,EAAE;QACrD,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,MAAM,OAAO,CAAC,gBAAgB,CAC3C,OAAO,CAAC,MAAM,CAAC,EAAE,EACjB,OAAO,CAAC,IAAI,EAAE,MAAM,CACrB,CAAC;YACF,OAAO,EAAE,MAAM,EAAE,CAAC;QACpB,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;YAClB,OAAO,EAAE,KAAK,EAAG,GAAa,CAAC,OAAO,EAAE,CAAC;QAC3C,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,yBAAyB;IAEzB,GAAG,CAAC,GAAG,CAA6B,sBAAsB,EAAE,KAAK,EAAE,OAAO,EAAE,KAAK,EAAE,EAAE;QACnF,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,OAAO,CAAC,gBAAgB,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;YAC3D,OAAO,EAAE,MAAM,EAAE,CAAC;QACpB,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;YAClB,OAAO,EAAE,KAAK,EAAG,GAAa,CAAC,OAAO,EAAE,CAAC;QAC3C,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,yBAAyB;IAEzB,GAAG,CAAC,GAAG,CAGJ,sBAAsB,EAAE,KAAK,EAAE,OAAO,EAAE,KAAK,EAAE,EAAE;QAClD,MAAM,MAAM,GAAG,OAAO,CAAC,gBAAgB,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;QAC3D,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;YAClB,OAAO,EAAE,KAAK,EAAE,2CAA2C,EAAE,CAAC;QAChE,CAAC;QAED,MAAM,OAAO,GAAG,MAAM,CAAC,OAAO,EAAE,CAAC;QACjC,MAAM,QAAQ,GAAG,WAAW,CAAC,OAAO,EAAE;YACpC,SAAS,EAAE,OAAO,CAAC,MAAM,CAAC,EAAE;YAC5B,KAAK,EAAE,OAAO,CAAC,KAAK,CAAC,KAAK,EAAE,KAAK,CAAC,GAAG,CAAC;YACtC,KAAK,EAAE,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,SAAS;YACtE,MAAM,EAAE,OAAO,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,SAAS;SAC1E,CAAC,CAAC;QAEH,OAAO;YACL,OAAO,EAAE,QAAQ;YACjB,KAAK,EAAE,OAAO,CAAC,MAAM;YACrB,QAAQ,EAAE,QAAQ,CAAC,MAAM;SAC1B,CAAC;IACJ,CAAC,CAAC,CAAC;IAEH,iCAAiC;IAEjC,GAAG,CAAC,GAAG,CAA6B,8BAA8B,EAAE,KAAK,EAAE,OAAO,EAAE,KAAK,EAAE,EAAE;QAC3F,MAAM,MAAM,GAAG,OAAO,CAAC,gBAAgB,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;QAC3D,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;YAClB,OAAO,EAAE,KAAK,EAAE,2CAA2C,EAAE,CAAC;QAChE,CAAC;QAED,MAAM,OAAO,GAAG,MAAM,CAAC,OAAO,EAAE,CAAC;QACjC,MAAM,OAAO,GAAG,sBAAsB,CAAC,OAAO,EAAE,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;QACnE,OAAO,EAAE,OAAO,EAAE,CAAC;IACrB,CAAC,CAAC,CAAC;IAEH,iCAAiC;IAEjC,GAAG,CAAC,GAAG,CAA6B,6BAA6B,EAAE,KAAK,EAAE,OAAO,EAAE,KAAK,EAAE,EAAE;QAC1F,MAAM,MAAM,GAAG,OAAO,CAAC,gBAAgB,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;QAC3D,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;YAClB,OAAO,EAAE,KAAK,EAAE,2CAA2C,EAAE,CAAC;QAChE,CAAC;QAED,MAAM,MAAM,GAAG,cAAc,CAAC,eAAe,CAAC,MAAM,CAAC,WAAW,EAAE,CAAC,CAAC;QACpE,OAAO,EAAE,SAAS,EAAE,MAAM,EAAE,CAAC;IAC/B,CAAC,CAAC,CAAC;IAEH,OAAO,GAAG,CAAC;AACb,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,WAAW,CAAC,MAAoB;IACpD,MAAM,GAAG,GAAG,MAAM,YAAY,CAAC,MAAM,CAAC,CAAC;IACvC,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,IAAI,WAAW,CAAC;IACxC,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,IAAI,IAAI,CAAC;IAEjC,MAAM,GAAG,CAAC,MAAM,CAAC,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC;IACjC,OAAO,CAAC,GAAG,CAAC,kEAAkE,IAAI,IAAI,IAAI,EAAE,CAAC,CAAC;IAC9F,OAAO,GAAG,CAAC;AACb,CAAC"}