@directive-run/core 1.11.0 → 1.13.0

package/dist/chunk-I722BZA5.js

@@ -0,0 +1,7 @@
+function a(e,t,r){e[t]=r;}function c(e,t){return e[t]}function u(e,t){return {name:e,onRequirementCreated:t.onRequirementCreated?r=>t.onRequirementCreated(r.requirement):void 0,onRequirementMet:t.onRequirementResolved?r=>t.onRequirementResolved(r.requirement):void 0,onError:t.onError}}function d(e){return t=>t.type===e}function p(e){let t=new Set(e);return r=>t.has(r.type)}var n=[];function m(){let e=n.length;return e===0?null:n[e-1]}function l(){return n.length>0}function R(e){let t=new Set;n.push(t);try{return {value:e(),deps:t}}finally{n.pop();}}function S(e){let t=n.splice(0,n.length);try{return e()}finally{for(let r of t)n.push(r);}}function g(e){let t=n.length;t!==0&&n[t-1].add(e);}var q=Object.freeze(new Set(["__proto__","constructor","prototype"]));function x(e){if(e===null||typeof e!="object")return null;if(e instanceof Date)return "Date";if(e instanceof Set)return "Set";if(e instanceof Map)return "Map";if(typeof File<"u"&&e instanceof File)return "File";if(Array.isArray(e))return null;let t=Object.getPrototypeOf(e);return t!==null&&t!==Object.prototype?"ClassInstance":null}var o=new Set,s={Date:".getTime() for timestamps",Set:"[...set] for arrays",Map:"Object.fromEntries(map) for plain objects",File:"{ name, size, type, lastModified } for metadata",ClassInstance:"a plain-object snapshot"};function y(e,t){let r=`${e}|${t}`;if(o.has(r))return;o.add(r);let i=s[t]??"a JSON-roundtrippable value";console.warn(`[Directive] Fact "${e}" assigned a ${t} instance.
+Facts must be JSON-roundtrippable for reactivity to work correctly.
+${t} mutations are not tracked.
+Use ${i} instead.
+See: https://directive.run/docs/facts#json-rule`);}
+export{a,c as b,u as c,d,p as e,m as f,l as g,R as h,S as i,g as j,q as k,x as l,y as m};//# sourceMappingURL=chunk-I722BZA5.js.map
+//# sourceMappingURL=chunk-I722BZA5.js.map

package/dist/chunk-I722BZA5.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../src/core/types/adapter-utils.ts","../src/core/tracking.ts"],"names":["setBridgeFact","facts","key","value","getBridgeFact","createCallbackPlugin","name","callbacks","req","requirementGuard","type","requirementGuardMultiple","types","typeSet","depStack","getCurrentDeps","len","isTracking","withTracking","fn","deps","withoutTracking","saved","ctx","trackAccess","BLOCKED_PROPS","detectNonJsonValueType","proto","nonJsonWarningCache","nonJsonHints","warnNonJsonFactAssignment","factPath","valueType","cacheKey","hint"],"mappings":"AA8FO,SAASA,CAAAA,CACdC,CAAAA,CACAC,CAAAA,CACAC,CAAAA,CACM,CACLF,CAAAA,CAAkCC,CAAG,CAAA,CAAIC,EAC5C,CAWO,SAASC,CAAAA,CAAiBH,CAAAA,CAAsBC,CAAAA,CAAgB,CACrE,OAAQD,CAAAA,CAAkCC,CAAG,CAC/C,CAyJO,SAASG,CAAAA,CACdC,CAAAA,CACAC,EACa,CACb,OAAO,CACL,IAAA,CAAAD,EACA,oBAAA,CAAsBC,CAAAA,CAAU,oBAAA,CAC3BC,CAAAA,EAAQD,EAAU,oBAAA,CAAsBC,CAAAA,CAAI,WAAW,CAAA,CACxD,MAAA,CACJ,gBAAA,CAAkBD,CAAAA,CAAU,qBAAA,CACvBC,GAAQD,CAAAA,CAAU,qBAAA,CAAuBC,CAAAA,CAAI,WAAW,EACzD,MAAA,CACJ,OAAA,CAASD,CAAAA,CAAU,OACrB,CACF,CAyCO,SAASE,CAAAA,CACdC,CAAAA,CACgC,CAChC,OAAQF,CAAAA,EAAkBA,CAAAA,CAAI,IAAA,GAASE,CACzC,CAUO,SAASC,CAAAA,CACdC,CAAAA,CACgC,CAChC,IAAMC,CAAAA,CAAU,IAAI,GAAA,CAAID,CAAK,CAAA,CAC7B,OAAQJ,CAAAA,EAAkBK,CAAAA,CAAQ,GAAA,CAAIL,CAAAA,CAAI,IAAI,CAChD,CC5UA,IAAMM,CAAAA,CAA0B,EAAC,CAS1B,SAASC,CAAAA,EAAqC,CACnD,IAAMC,CAAAA,CAAMF,EAAS,MAAA,CACrB,OAAOE,CAAAA,GAAQ,CAAA,CAAI,IAAA,CAAOF,CAAAA,CAASE,CAAAA,CAAM,CAAC,CAC5C,CASO,SAASC,CAAAA,EAAsB,CACpC,OAAOH,CAAAA,CAAS,MAAA,CAAS,CAC3B,CAgBO,SAASI,CAAAA,CAAgBC,CAAAA,CAA8C,CAC5E,IAAMC,CAAAA,CAAO,IAAI,GAAA,CACjBN,CAAAA,CAAS,KAAKM,CAAI,CAAA,CAElB,GAAI,CAEF,OAAO,CAAE,KAAA,CADKD,CAAAA,EAAG,CACD,KAAAC,CAAK,CACvB,CAAA,OAAE,CACAN,EAAS,GAAA,GACX,CACF,CAgBO,SAASO,CAAAA,CAAmBF,CAAAA,CAAgB,CACjD,IAAMG,EAAQR,CAAAA,CAAS,MAAA,CAAO,CAAA,CAAGA,CAAAA,CAAS,MAAM,CAAA,CAEhD,GAAI,CACF,OAAOK,CAAAA,EACT,CAAA,OAAE,CACA,QAAWI,CAAAA,IAAOD,CAAAA,CAChBR,CAAAA,CAAS,IAAA,CAAKS,CAAG,EAErB,CACF,CAYO,SAASC,EAAYtB,CAAAA,CAAmB,CAC7C,IAAMc,CAAAA,CAAMF,CAAAA,CAAS,MAAA,CACjBE,CAAAA,GAAQ,CAAA,EAGZF,EAASE,CAAAA,CAAM,CAAC,CAAA,CAAG,GAAA,CAAId,CAAG,EAC5B,CAYO,IAAMuB,CAAAA,CAAqC,OAAO,MAAA,CACvD,IAAI,GAAA,CAAI,CAAC,WAAA,CAAa,aAAA,CAAe,WAAW,CAAC,CACnD,EAuBO,SAASC,CAAAA,CAAuBvB,CAAAA,CAA+B,CACpE,GAAIA,CAAAA,GAAU,IAAA,EAAQ,OAAOA,GAAU,QAAA,CACrC,OAAO,IAAA,CAET,GAAIA,aAAiB,IAAA,CACnB,OAAO,MAAA,CAET,GAAIA,aAAiB,GAAA,CACnB,OAAO,KAAA,CAET,GAAIA,aAAiB,GAAA,CACnB,OAAO,KAAA,CAET,GAAI,OAAO,IAAA,CAAS,GAAA,EAAeA,CAAAA,YAAiB,IAAA,CAClD,OAAO,MAAA,CAGT,GAAI,KAAA,CAAM,QAAQA,CAAK,CAAA,CACrB,OAAO,IAAA,CAMT,IAAMwB,CAAAA,CAAQ,MAAA,CAAO,cAAA,CAAexB,CAAK,EACzC,OAAIwB,CAAAA,GAAU,IAAA,EAAQA,CAAAA,GAAU,OAAO,SAAA,CAC9B,eAAA,CAGF,IACT,CASA,IAAMC,CAAAA,CAAsB,IAAI,GAAA,CAE1BC,CAAAA,CAAuC,CAC3C,IAAA,CAAM,2BAAA,CACN,GAAA,CAAK,qBAAA,CACL,IAAK,2CAAA,CACL,IAAA,CAAM,iDAAA,CACN,aAAA,CAAe,yBACjB,CAAA,CAeO,SAASC,CAAAA,CACdC,EACAC,CAAAA,CACM,CACN,IAAMC,CAAAA,CAAW,GAAGF,CAAQ,CAAA,CAAA,EAAIC,CAAS,CAAA,CAAA,CACzC,GAAIJ,CAAAA,CAAoB,GAAA,CAAIK,CAAQ,CAAA,CAClC,OAEFL,CAAAA,CAAoB,GAAA,CAAIK,CAAQ,CAAA,CAEhC,IAAMC,CAAAA,CAAOL,CAAAA,CAAaG,CAAS,CAAA,EAAK,8BACxC,OAAA,CAAQ,IAAA,CACN,CAAA,kBAAA,EAAqBD,CAAQ,gBAAgBC,CAAS,CAAA;AAAA;AAAA,EAEjDA,CAAS,CAAA;AAAA,IAAA,EACLE,CAAI,CAAA;AAAA,+CAAA,CAEf,EACF","file":"chunk-I722BZA5.js","sourcesContent":["/**\n * Adapter Type Utilities - Shared types and helpers for framework adapters\n *\n * These utilities reduce type assertions in adapters by providing:\n * - Schema composition types\n * - Constraint/resolver converters\n * - Plugin factory helpers\n */\n\nimport type { Facts } from \"./facts.js\";\nimport type { Plugin } from \"./plugins.js\";\nimport type { ConstraintDef, Requirement } from \"./requirements.js\";\nimport type { ResolverContext, ResolverDef } from \"./resolvers.js\";\nimport type { InferSchema, Schema } from \"./schema.js\";\n\n// ============================================================================\n// Schema Composition Types\n// ============================================================================\n\n/**\n * Merge two schemas into one.\n * Useful for adapters that add bridge-specific facts to user schemas.\n *\n * @example\n * ```typescript\n * type BridgeFields = { __state: SchemaType<Record<string, unknown>> };\n * type Combined = MergedSchema<UserSchema, BridgeFields>;\n * ```\n */\nexport type MergedSchema<Base extends Schema, Extra extends Schema> = Base &\n  Extra;\n\n/**\n * Create a schema type from a fields definition.\n * Helper for defining adapter bridge schemas.\n *\n * @example\n * ```typescript\n * type AdapterBridgeSchema = BridgeSchema<{\n *   __adapterState: SchemaType<Record<string, unknown>>;\n * }>;\n * ```\n */\nexport type BridgeSchema<Fields extends Schema> = Fields;\n\n// ============================================================================\n// Bridge Schema Helper\n// ============================================================================\n\n/**\n * Create a bridge schema definition for adapters.\n * Returns a schema object compatible with createModule().\n *\n * @example\n * ```typescript\n * const bridgeSchema = createBridgeSchema({\n *   __state: t.object<Record<string, unknown>>(),\n * });\n * ```\n */\nexport function createBridgeSchema<S extends Schema>(schema: S): S {\n  return schema;\n}\n\n// ============================================================================\n// Type-Safe Fact Mutation\n// ============================================================================\n\n/**\n * Type-safe fact setter for known schema keys.\n * Use when you have a typed schema and want to set a specific fact.\n *\n * @example\n * ```typescript\n * setFact(facts, \"count\", 10); // Type-checked\n * ```\n */\nexport function setFact<S extends Schema, K extends keyof InferSchema<S>>(\n  facts: Facts<S>,\n  key: K,\n  value: InferSchema<S>[K],\n): void {\n  (facts as Record<string, unknown>)[key as string] = value;\n}\n\n/**\n * Set a bridge fact without strict typing.\n * Use for adapter-internal bridge fields like `__adapterState`.\n *\n * @example\n * ```typescript\n * setBridgeFact(facts, \"__adapterState\", currentState);\n * ```\n */\nexport function setBridgeFact<V>(\n  facts: Facts<Schema>,\n  key: string,\n  value: V,\n): void {\n  (facts as Record<string, unknown>)[key] = value;\n}\n\n/**\n * Get a bridge fact without strict typing.\n * Use for adapter-internal bridge fields.\n *\n * @example\n * ```typescript\n * const state = getBridgeFact<MyState>(facts, \"__adapterState\");\n * ```\n */\nexport function getBridgeFact<V>(facts: Facts<Schema>, key: string): V {\n  return (facts as Record<string, unknown>)[key] as V;\n}\n\n// ============================================================================\n// Constraint Converters\n// ============================================================================\n\n/**\n * Adapter constraint definition (generic form used by adapters).\n */\nexport interface AdapterConstraint<TState> {\n  when: (state: TState) => boolean | Promise<boolean>;\n  require: Requirement | ((state: TState) => Requirement | null);\n  priority?: number;\n}\n\n/**\n * Convert adapter-style constraints to Directive format.\n * Maps adapter constraints that work with external state (TState) to\n * Directive constraints that work with Facts<Schema>.\n *\n * @param constraints - Adapter constraints keyed by name\n * @param extractState - Function to extract adapter state from facts\n *\n * @example\n * ```typescript\n * const directiveConstraints = convertConstraints<MyState, BridgeSchema>(\n *   adapterConstraints,\n *   (facts) => getBridgeFact<MyState>(facts, \"__state\"),\n * );\n * ```\n */\nexport function convertConstraints<TState, S extends Schema>(\n  constraints: Record<string, AdapterConstraint<TState>>,\n  extractState: (facts: Facts<S>) => TState,\n): Record<string, ConstraintDef<S, Requirement>> {\n  const result: Record<string, ConstraintDef<S, Requirement>> = {};\n\n  for (const [id, constraint] of Object.entries(constraints)) {\n    result[id] = {\n      priority: constraint.priority ?? 0,\n      when: (facts) => constraint.when(extractState(facts)),\n      require: (facts) => {\n        const req =\n          typeof constraint.require === \"function\"\n            ? constraint.require(extractState(facts))\n            : constraint.require;\n        return req;\n      },\n    };\n  }\n\n  return result;\n}\n\n// ============================================================================\n// Resolver Converters\n// ============================================================================\n\n/**\n * Adapter resolver context (generic form used by adapters).\n */\nexport interface AdapterResolverContext<TContext> {\n  context: TContext;\n  signal: AbortSignal;\n}\n\n/**\n * Adapter resolver definition (generic form used by adapters).\n */\nexport interface AdapterResolver<\n  TContext,\n  R extends Requirement = Requirement,\n> {\n  requirement: (req: Requirement) => req is R;\n  key?: (req: R) => string;\n  resolve: (\n    req: R,\n    ctx: AdapterResolverContext<TContext>,\n  ) => void | Promise<void>;\n}\n\n/**\n * Convert adapter-style resolvers to Directive format.\n * Maps adapter resolvers that work with external context (TContext) to\n * Directive resolvers that work with ResolverContext<Schema>.\n *\n * @param resolvers - Adapter resolvers keyed by name\n * @param createContext - Function to create adapter context from Directive context\n *\n * @example\n * ```typescript\n * const directiveResolvers = convertResolvers<MyContext, BridgeSchema>(\n *   adapterResolvers,\n *   (ctx) => ({\n *     getState: () => getBridgeFact<MyState>(ctx.facts, \"__state\"),\n *     setState: (update) => setBridgeFact(ctx.facts, \"__state\", update),\n *     signal: ctx.signal,\n *   }),\n * );\n * ```\n */\nexport function convertResolvers<TContext, S extends Schema>(\n  resolvers: Record<string, AdapterResolver<TContext, Requirement>>,\n  createContext: (ctx: ResolverContext<S>) => TContext,\n): Record<string, ResolverDef<S, Requirement>> {\n  const result: Record<string, ResolverDef<S, Requirement>> = {};\n\n  for (const [id, resolver] of Object.entries(resolvers)) {\n    result[id] = {\n      requirement: resolver.requirement,\n      key: resolver.key,\n      resolve: async (req, ctx) => {\n        const adapterCtx = createContext(ctx);\n        await resolver.resolve(req, {\n          context: adapterCtx,\n          signal: ctx.signal,\n        });\n      },\n    };\n  }\n\n  return result;\n}\n\n// ============================================================================\n// Plugin Factory\n// ============================================================================\n\n/**\n * Callback definitions for adapter plugins.\n */\nexport interface AdapterCallbacks {\n  onRequirementCreated?: (req: Requirement) => void;\n  onRequirementResolved?: (req: Requirement) => void;\n  onError?: (error: Error) => void;\n}\n\n/**\n * Create a callback plugin for adapter events.\n * Wraps adapter callbacks in a Directive plugin.\n *\n * @param name - Plugin name (for debugging)\n * @param callbacks - Callback functions to invoke\n *\n * @example\n * ```typescript\n * const callbackPlugin = createCallbackPlugin(\"adapter-callbacks\", {\n *   onRequirementCreated: (req) => console.log(\"Created:\", req),\n *   onRequirementResolved: (req) => console.log(\"Resolved:\", req),\n * });\n * ```\n */\n// biome-ignore lint/suspicious/noExplicitAny: Plugins work with any schema type\nexport function createCallbackPlugin(\n  name: string,\n  callbacks: AdapterCallbacks,\n): Plugin<any> {\n  return {\n    name,\n    onRequirementCreated: callbacks.onRequirementCreated\n      ? (req) => callbacks.onRequirementCreated!(req.requirement)\n      : undefined,\n    onRequirementMet: callbacks.onRequirementResolved\n      ? (req) => callbacks.onRequirementResolved!(req.requirement)\n      : undefined,\n    onError: callbacks.onError,\n  };\n}\n\n// ============================================================================\n// Module Config Helpers\n// ============================================================================\n\n/**\n * Cast constraints to the correct type for createModule.\n * Use this when TypeScript can't infer the constraint types correctly.\n */\nexport function asConstraints<S extends Schema>(\n  constraints: Record<string, ConstraintDef<S, Requirement>>,\n): Record<string, ConstraintDef<S, Requirement>> {\n  return constraints;\n}\n\n/**\n * Cast resolvers to the correct type for createModule.\n * Use this when TypeScript can't infer the resolver types correctly.\n */\nexport function asResolvers<S extends Schema>(\n  resolvers: Record<string, ResolverDef<S, Requirement>>,\n): Record<string, ResolverDef<S, Requirement>> {\n  return resolvers;\n}\n\n// ============================================================================\n// Type Guards\n// ============================================================================\n\n/**\n * Create a type guard for a specific requirement type.\n * Simplifies the common pattern of checking req.type.\n *\n * @example\n * ```typescript\n * const isResetReq = requirementGuard<ResetReq>(\"RESET\");\n * // Use in resolver:\n * { requirement: isResetReq, resolve: ... }\n * ```\n */\nexport function requirementGuard<R extends Requirement>(\n  type: R[\"type\"],\n): (req: Requirement) => req is R {\n  return (req): req is R => req.type === type;\n}\n\n/**\n * Create a type guard that matches multiple requirement types.\n *\n * @example\n * ```typescript\n * const isDataReq = requirementGuardMultiple<FetchReq | RefreshReq>([\"FETCH\", \"REFRESH\"]);\n * ```\n */\nexport function requirementGuardMultiple<R extends Requirement>(\n  types: Array<R[\"type\"]>,\n): (req: Requirement) => req is R {\n  const typeSet = new Set(types);\n  return (req): req is R => typeSet.has(req.type);\n}\n","/**\n * Dependency tracking context for auto-tracking derivations\n *\n * Uses a stack-based approach to handle nested derivation computations.\n * When a derivation accesses a fact, the tracking context records it.\n */\n\n/** Stack of active dependency sets (bare Sets for zero-allocation hot path) */\nconst depStack: Set<string>[] = [];\n\n/**\n * Get the current dependency set, or null if not tracking.\n *\n * @returns The active dependency Set, or `null` if no tracking is active.\n *\n * @internal\n */\nexport function getCurrentDeps(): Set<string> | null {\n  const len = depStack.length;\n  return len === 0 ? null : depStack[len - 1]!;\n}\n\n/**\n * Check if dependency tracking is currently active.\n *\n * @returns `true` if inside a {@link withTracking} call, `false` otherwise.\n *\n * @internal\n */\nexport function isTracking(): boolean {\n  return depStack.length > 0;\n}\n\n/**\n * Run a function with dependency tracking.\n *\n * @remarks\n * Pushes a fresh Set onto the stack, executes `fn`, then pops it.\n * Any fact reads inside `fn` are recorded as dependencies.\n * Nesting is supported — inner calls get their own independent Set.\n *\n * @param fn - The function to execute under tracking.\n * @returns An object with the computed `value` and a `deps` Set of accessed\n *   fact keys.\n *\n * @internal\n */\nexport function withTracking<T>(fn: () => T): { value: T; deps: Set<string> } {\n  const deps = new Set<string>();\n  depStack.push(deps);\n\n  try {\n    const value = fn();\n    return { value, deps };\n  } finally {\n    depStack.pop();\n  }\n}\n\n/**\n * Run a function without tracking.\n *\n * @remarks\n * Temporarily clears the tracking stack so that fact reads inside `fn` do\n * not register as dependencies. The stack is restored after `fn` returns\n * (even on error). Useful for side-effect reads that should not trigger\n * derivation invalidation.\n *\n * @param fn - The function to execute without tracking.\n * @returns The return value of `fn`.\n *\n * @internal\n */\nexport function withoutTracking<T>(fn: () => T): T {\n  const saved = depStack.splice(0, depStack.length);\n\n  try {\n    return fn();\n  } finally {\n    for (const ctx of saved) {\n      depStack.push(ctx);\n    }\n  }\n}\n\n/**\n * Track a specific key in the current context.\n *\n * @remarks\n * No-op if no tracking context is active.\n *\n * @param key - The fact key to record as a dependency.\n *\n * @internal\n */\nexport function trackAccess(key: string): void {\n  const len = depStack.length;\n  if (len === 0) {\n    return;\n  }\n  depStack[len - 1]!.add(key);\n}\n\n/**\n * Prototype pollution guard — shared across all proxy handlers.\n *\n * @remarks\n * Contains `__proto__`, `constructor`, and `prototype`. Every proxy `get`\n * and `has` trap checks this set and returns `undefined` / `false` for\n * matching keys, preventing prototype pollution via proxy-based objects.\n *\n * @internal\n */\nexport const BLOCKED_PROPS: ReadonlySet<string> = Object.freeze(\n  new Set([\"__proto__\", \"constructor\", \"prototype\"]),\n);\n\n// ============================================================================\n// Non-JSON value-type detection (MIGRATION_FEEDBACK item 20)\n// ============================================================================\n\n/**\n * Detect whether `value` is a non-JSON-roundtrippable type whose mutations\n * the facts proxy cannot track for reactivity.\n *\n * Returns the kind label (`\"Date\"`, `\"Set\"`, `\"Map\"`, `\"File\"`, or\n * `\"ClassInstance\"`) when one is detected, or `null` for plain objects,\n * arrays, primitives, and `null`/`undefined`.\n *\n * The `File` check is SSR-safe: if the runtime has no `File` global the\n * branch is skipped without throwing.\n *\n * The `ClassInstance` check fires for any object whose prototype is not\n * `Object.prototype` and which is not an array — e.g. instances of user\n * classes whose mutations bypass reactivity.\n *\n * @internal\n */\nexport function detectNonJsonValueType(value: unknown): string | null {\n  if (value === null || typeof value !== \"object\") {\n    return null;\n  }\n  if (value instanceof Date) {\n    return \"Date\";\n  }\n  if (value instanceof Set) {\n    return \"Set\";\n  }\n  if (value instanceof Map) {\n    return \"Map\";\n  }\n  if (typeof File !== \"undefined\" && value instanceof File) {\n    return \"File\";\n  }\n  // Plain objects and arrays are JSON-friendly.\n  if (Array.isArray(value)) {\n    return null;\n  }\n  // Class instances: prototype is not Object.prototype.\n  // Plain `{}` literals have prototype `Object.prototype`; objects created\n  // via `Object.create(null)` have a `null` prototype which we treat as\n  // \"plain\" (it's still JSON-roundtrippable).\n  const proto = Object.getPrototypeOf(value);\n  if (proto !== null && proto !== Object.prototype) {\n    return \"ClassInstance\";\n  }\n\n  return null;\n}\n\n/**\n * Per-(path, valueType) dedupe cache — once a warning fires for a given\n * combo we never re-emit. Keeps the dev console quiet under loops that\n * assign the same Date 100 times in a row.\n *\n * @internal\n */\nconst nonJsonWarningCache = new Set<string>();\n\nconst nonJsonHints: Record<string, string> = {\n  Date: \".getTime() for timestamps\",\n  Set: \"[...set] for arrays\",\n  Map: \"Object.fromEntries(map) for plain objects\",\n  File: \"{ name, size, type, lastModified } for metadata\",\n  ClassInstance: \"a plain-object snapshot\",\n};\n\n/**\n * Emit a one-time dev-mode warning when a non-JSON value is assigned to a\n * fact. Called from the proxy `set` traps in both `createFactsProxy`\n * (single-module / standalone facts) and `createModuleFactsProxy`\n * (system-namespaced facts). No-ops in production builds — the call sites\n * are gated on `isDevelopment` so this entire helper is tree-shakable.\n *\n * @param factPath - Display path for the warning (e.g. `auth.token` or\n *   bare `token` for non-namespaced stores).\n * @param valueType - The label returned from {@link detectNonJsonValueType}.\n *\n * @internal\n */\nexport function warnNonJsonFactAssignment(\n  factPath: string,\n  valueType: string,\n): void {\n  const cacheKey = `${factPath}|${valueType}`;\n  if (nonJsonWarningCache.has(cacheKey)) {\n    return;\n  }\n  nonJsonWarningCache.add(cacheKey);\n\n  const hint = nonJsonHints[valueType] ?? \"a JSON-roundtrippable value\";\n  console.warn(\n    `[Directive] Fact \"${factPath}\" assigned a ${valueType} instance.\\n` +\n      `Facts must be JSON-roundtrippable for reactivity to work correctly.\\n` +\n      `${valueType} mutations are not tracked.\\n` +\n      `Use ${hint} instead.\\n` +\n      `See: https://directive.run/docs/facts#json-rule`,\n  );\n}\n\n/**\n * Reset the warning dedupe cache. Test-only — exported via internals for\n * vitest spec setup. Not part of the public API.\n *\n * @internal\n */\nexport function _resetNonJsonWarningCache(): void {\n  nonJsonWarningCache.clear();\n}\n"]}

package/dist/chunk-IXRS4LM4.cjs

@@ -0,0 +1,2 @@
+'use strict';var chunkT4TRJEJN_cjs=require('./chunk-T4TRJEJN.cjs'),chunk4MNQDXH7_cjs=require('./chunk-4MNQDXH7.cjs');var $="djb2-1",F=1,x=Symbol("directive.audit-ledger.internal");function B(t,r,i){if(t===null||typeof t!="object")return;let o=[];for(let a of r.split(".")){if(!a)continue;let l=a.match(/^\[(\d+)\](.*)$/);if(l){o.push(Number(l[1])),l[2]&&o.push(l[2].replace(/^\./,""));continue}let f=a.match(/^([^[]+)\[(\d+)\](.*)$/);if(f){o.push(f[1]),o.push(Number(f[2])),f[3]&&o.push(f[3].replace(/^\./,""));continue}o.push(a);}let m=t;for(let a=0;a<o.length-1;a++){let l=o[a];if(m===null||typeof m!="object")return;m=m[l];}if(m===null||typeof m!="object")return;let d=o[o.length-1];d!==void 0&&(m[d]=i);}function N(t){for(let r of Object.keys(t)){let i=t[r];if(i!==null&&typeof i=="object"){if(Array.isArray(i)&&r==="whenExplain")for(let o of i)o!==null&&typeof o=="object"&&Object.freeze(o);Object.freeze(i);}}return Object.freeze(t),t}var U=1e4,G=1e3;function P(t){if(t instanceof Date)return t.getTime();if(typeof t=="number"){if(!Number.isFinite(t))throw new Error("[Directive] audit-ledger: changedBetween bound must be a finite number, ISO string, or Date.");return t}if(typeof t=="string"){let r=Date.parse(t);if(!Number.isFinite(r))throw new Error(`[Directive] audit-ledger: changedBetween bound "${t}" is not a parseable ISO date string.`);return r}throw new Error("[Directive] audit-ledger: changedBetween bound must be a number, ISO string, or Date.")}function T(t,r){if(r.kind&&!(Array.isArray(r.kind)?r.kind:[r.kind]).includes(t.kind))return  false;if(r.factPath!==void 0)if(t.kind==="fact.change"){if(t.key!==r.factPath)return  false}else if(t.kind==="resolver.write.rejected"){if(t.fact!==r.factPath)return  false}else return  false;if(r.constraintId!==void 0&&(t.kind!=="constraint.evaluate"||t.constraintId!==r.constraintId))return  false;if(r.changedBetween){let[i,o]=r.changedBetween,m=P(i),d=P(o);if(t.ts<m||t.ts>d)return  false}return  true}function Y(t={}){let r=t.capacity??U,i=[],o=null;return {write(d){if(i.length>=r){let a=i[0];o?.(a.seq,1),i.shift();}for(i.push(d);i.length>r;)i.shift();},query(d){let a=d.limit??G,l=[];for(let f=i.length-1;f>=0;f--){let g=i[f];if(T(g,d)&&(l.push(g),l.length>=a))break}return l},recent(d){let a=Math.max(0,i.length-d);return i.slice(a)},forFact(d,a={}){return this.query({factPath:d,limit:a.limit})},forConstraint(d,a={}){return this.query({constraintId:d,limit:a.limit})},toJSON(){return {entries:i.slice(),capturedAt:Date.now()}},clear(){i=[];},destroy(){i=[],o=null;},erase(d,a){let l=0;for(let f=0;f<i.length;f++){let g=i[f];T(g,d)&&(i[f]=a(g),l++);}return l},onTruncate(d){o=d;}}}function W(t){return chunk4MNQDXH7_cjs.h(t)}function _(t){if(t.hashAlgo==="djb2-1")return W(t);throw new Error(`[Directive] audit-ledger: unknown hashAlgo "${String(t.hashAlgo)}" on entry seq=${t.seq}. Cannot verify chain integrity. Known algorithms: "djb2-1".`)}function ee(t={}){let r=t.sink??Y(),i=t.capturePII??false,o=t.redact,m=0,d=null,a=null,l=null,f=new Map,g=new Map,k=new Set;function L(e){if(i||k.size===0||e===null||typeof e!="object")return e;let n;try{n=JSON.parse(JSON.stringify(e));}catch{return e}return chunkT4TRJEJN_cjs.i(n,{operator(s,u,y,c){k.has(s)&&B(n,c,"[redacted]");},literal(s){k.has(s)&&B(n,s,"[redacted]");}}),n}function w(){if(f.clear(),g.clear(),!!a)try{let e=a.inspect;if(typeof e!="function")return;let s=e()?.constraints??[],u=a.$internal?.mergedConstraints;for(let y of s)if(y.whenSpec!==void 0)f.set(y.id,L(y.whenSpec));else {let c=u?.[y.id],h=c&&typeof c.when=="function"?c.when:void 0;h?g.set(y.id,chunk4MNQDXH7_cjs.h(String(h))):y.when!==void 0&&typeof y.when=="function"?g.set(y.id,chunk4MNQDXH7_cjs.h(String(y.when))):g.set(y.id,chunk4MNQDXH7_cjs.h("[function]"));}}catch{}}function j(){if(k.clear(),!(i||!a))try{let e=a.meta;if(!e||typeof e.byTag!="function")return;let n=e.byTag("pii")??[];for(let s of n)k.add(s.id);}catch{}}function E(e,n){return i?n:k.has(e)?"[redacted]":n}function C(e){if(!e||i||k.size===0)return e;let n=false,s=e.map(u=>{if(k.has(u.path))return n=true,{...u,actual:"[redacted]"};if(u.children){let y=C(u.children);if(y!==u.children)return n=true,{...u,children:y}}return u});return n?s:e}function p(e){let n={...e,seq:m++,ts:Date.now(),prevHash:d,hashAlgo:$,schemaVersion:F},s=o?o(n):n;return N(s),r.write(s),d=_(s),s}function M(e){switch(e.type){case "constraint.evaluate":{let n=f.get(e.id),s=g.get(e.id),u={kind:"constraint.evaluate",constraintId:e.id,active:e.active,whenExplain:C(e.whenExplain)};n!==void 0?u.whenSpec=n:s!==void 0&&(u.whenSource={kind:"function",sourceHash:s}),p(u);break}case "fact.change":p({kind:"fact.change",key:e.key,prior:E(e.key,e.prev),next:E(e.key,e.next)});break;case "resolver.write.rejected":e.kind==="summary"?p({kind:"resolver.write.rejected",rejection:"summary",resolverId:e.resolver,requirementId:e.requirementId,reason:e.reason,dropped:e.dropped}):p({kind:"resolver.write.rejected",rejection:"rejection",resolverId:e.resolver,requirementId:e.requirementId,reason:e.reason,fact:e.fact,expected:E(e.fact,e.expected),actual:E(e.fact,e.actual)});break;case "resolver.complete":p({kind:"resolver.complete",resolverId:e.resolver,requirementId:e.requirementId,duration:e.duration});break;case "resolver.error":p({kind:"resolver.error",resolverId:e.resolver,requirementId:e.requirementId,error:String(e.error)});break;case "system.init":case "system.start":case "system.stop":case "system.destroy":p({kind:e.type});break;}}let v=false;function K(e){a=e,j(),w(),l=e.observe(M),r.onTruncate?.((n,s)=>{if(!v){v=true;try{p({kind:"system.truncated",droppedSeq:n,droppedCount:s});}finally{v=false;}}});}function H(){l&&(l(),l=null),a=null,f.clear(),g.clear(),k.clear();}let V={name:"audit-ledger",onInit(e){K(e);},onStop(){l&&(l(),l=null);},onDestroy(){H();},onDefinitionRegister(e,n){e==="constraint"&&w(),(e==="constraint"||e==="resolver"||e==="effect")&&j();},onDefinitionAssign(e,n){e==="constraint"&&w();},onDefinitionUnregister(e,n){e==="constraint"&&w();},onSnapshot(e){p({kind:"system.snapshot",snapshotId:e.id,trigger:e.trigger});},onHistoryNavigate(e,n){p({kind:"system.history.navigate",from:e,to:n});}};function J(e){if(e.__internal===void 0)return e;let n={...e};return delete n.__internal,n}function b(e){let n=false;for(let s of e)if(s.__internal!==void 0){n=true;break}return n?e.map(J):e}return {plugin:V,query:(e={})=>b(r.query(e)),recent:e=>b(r.recent(e)),forFact:(e,n)=>b(r.forFact(e,n)),forConstraint:(e,n)=>b(r.forConstraint(e,n)),toJSON:()=>{let e=r.toJSON();return {entries:b(e.entries),capturedAt:e.capturedAt}},verify(e){if(e?.strong===true)throw new Error("[Directive] verify({ strong: true }) is reserved for v2 \u2014 v1 ships sync djb2 chain only. Use verify() (sync) for tamper detection.");let{entries:n}=r.toJSON();if(n.length===0)return {valid:true,entryCount:0};let s=new Set,u=null;for(let c=0;c<n.length;c++){let h=n[c];if(h.prevHash!==u){let S=c>0?n[c-1]:null,I=h.kind==="system.entry-erased",O=S?.kind==="system.entry-erased";if(I||O){let q=[];I&&q.push(h),O&&S!==null&&q.push(S);let R=q.find(Q=>Q.__internal!==x);if(R)return {valid:false,brokenAt:c,expectedHash:u??"<genesis>",actualHash:h.prevHash??"<genesis>",entry:R,reason:"tombstone forgery detected \u2014 missing internal sentinel. A 'system.entry-erased' entry was written via sink.write() rather than ledger.erase(); rejected as tamper."};let z=I?h:S;s.add(z.seq),u=_(h);continue}return {valid:false,brokenAt:c,expectedHash:u??"<genesis>",actualHash:h.prevHash??"<genesis>",entry:h}}u=_(h);}let y={valid:true,entryCount:n.length};return s.size>0&&(y.erasedSeqs=[...s].sort((c,h)=>c-h)),y},erase(e){let n=Date.now(),s=0;if(typeof r.erase=="function"&&(s=r.erase(e,c=>{let h={seq:c.seq,ts:c.ts,kind:"system.entry-erased",prevHash:c.prevHash,hashAlgo:c.hashAlgo,schemaVersion:c.schemaVersion??F,originalKind:c.kind,erasedAt:n,__internal:x};return N(h),h})),s===0)return {erased:0,markerEntry:null};let u={factPath:e.factPath!==void 0,constraintId:e.constraintId!==void 0,kind:e.kind,changedBetween:e.changedBetween!==void 0?"[range]":void 0},y=p({kind:"system.subject-erased",filterHash:chunk4MNQDXH7_cjs.h(e),filterShape:u,erased:s});return {erased:s,markerEntry:y}},clear(){r.clear(),m=0,d=null;},destroy(){H(),r.destroy();}}}exports.a=Y;exports.b=ee;//# sourceMappingURL=chunk-IXRS4LM4.cjs.map
+//# sourceMappingURL=chunk-IXRS4LM4.cjs.map

package/dist/chunk-IXRS4LM4.cjs.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../src/plugins/audit-ledger.ts"],"names":["HASH_ALGO","SCHEMA_VERSION","LEDGER_INTERNAL_TOKEN","replaceAtPath","root","dottedPath","value","segs","part","m","m2","cur","i","seg","lastSeg","freezeEntry","entry","key","v","clause","DEFAULT_MEMORY_CAPACITY","DEFAULT_QUERY_LIMIT","parseRangeBound","t","matchesFilter","filter","a","b","start","end","memorySink","opts","capacity","entries","truncateHandler","dropped","limit","out","e","n","path","opts2","id","tombstoneFactory","count","handler","syncHash","hashObject","hashForEntry","createAuditLedger","sink","capturePII","userRedact","seq","lastHashCache","system","unobserve","whenSpecCache","whenSourceCache","piiTaggedFacts","redactWhenSpec","spec","cloned","walkPredicate","factPath","op","_operand","operandPath","refreshWhenSpecCache","inspect","constraints","mergedDefs","c","def","whenFn","refreshPIITags","meta","tagged","redactValue","redactClauses","clauses","mutated","inner","emit","partial","finalEntry","onEvent","event","whenSpec","whenSourceHash","emittingTruncate","attach","sys","droppedSeq","droppedCount","detach","plugin","type","snapshot","from","to","stripInternal","clone","stripInternalAll","needsClone","snap","erasedSeqsSet","prevHash","prevEntry","entryIsTombstone","prevIsTombstone","candidates","forged","tombstoneEntry","result","erasedAt","tombstone","filterShape","markerEntry"],"mappings":"qHAwCA,IAAMA,CAAAA,CAAY,QAAA,CAOZC,CAAAA,CAAiB,CAAA,CAajBC,CAAAA,CAAuC,OAC3C,iCACF,CAAA,CAQA,SAASC,CAAAA,CAAcC,CAAAA,CAAeC,CAAAA,CAAoBC,EAAsB,CAC9E,GAAIF,CAAAA,GAAS,IAAA,EAAQ,OAAOA,CAAAA,EAAS,SAAU,OAG/C,IAAMG,CAAAA,CAA+B,EAAC,CACtC,IAAA,IAAWC,KAAQH,CAAAA,CAAW,KAAA,CAAM,GAAG,CAAA,CAAG,CACxC,GAAI,CAACG,CAAAA,CAAM,SAEX,IAAMC,CAAAA,CAAID,CAAAA,CAAK,KAAA,CAAM,iBAAiB,CAAA,CACtC,GAAIC,CAAAA,CAAG,CACLF,CAAAA,CAAK,IAAA,CAAK,OAAOE,CAAAA,CAAE,CAAC,CAAC,CAAC,CAAA,CAClBA,CAAAA,CAAE,CAAC,CAAA,EAAGF,CAAAA,CAAK,IAAA,CAAKE,CAAAA,CAAE,CAAC,CAAA,CAAE,QAAQ,KAAA,CAAO,EAAE,CAAC,CAAA,CAC3C,QACF,CAEA,IAAMC,CAAAA,CAAKF,CAAAA,CAAK,KAAA,CAAM,wBAAwB,CAAA,CAC9C,GAAIE,EAAI,CACNH,CAAAA,CAAK,IAAA,CAAKG,CAAAA,CAAG,CAAC,CAAE,EAChBH,CAAAA,CAAK,IAAA,CAAK,MAAA,CAAOG,CAAAA,CAAG,CAAC,CAAC,CAAC,CAAA,CACnBA,CAAAA,CAAG,CAAC,CAAA,EAAGH,CAAAA,CAAK,IAAA,CAAKG,EAAG,CAAC,CAAA,CAAE,OAAA,CAAQ,KAAA,CAAO,EAAE,CAAC,CAAA,CAC7C,QACF,CACAH,CAAAA,CAAK,IAAA,CAAKC,CAAI,EAChB,CAEA,IAAIG,CAAAA,CAAeP,CAAAA,CACnB,IAAA,IAASQ,CAAAA,CAAI,CAAA,CAAGA,CAAAA,CAAIL,EAAK,MAAA,CAAS,CAAA,CAAGK,CAAAA,EAAAA,CAAK,CACxC,IAAMC,CAAAA,CAAMN,EAAKK,CAAC,CAAA,CAClB,GAAID,CAAAA,GAAQ,IAAA,EAAQ,OAAOA,GAAQ,QAAA,CAAU,OAC7CA,CAAAA,CAAOA,CAAAA,CAAyCE,CAAG,EACrD,CACA,GAAIF,CAAAA,GAAQ,IAAA,EAAQ,OAAOA,CAAAA,EAAQ,QAAA,CAAU,OAC7C,IAAMG,CAAAA,CAAUP,CAAAA,CAAKA,CAAAA,CAAK,MAAA,CAAS,CAAC,EAChCO,CAAAA,GAAY,MAAA,GACfH,CAAAA,CAAyCG,CAAO,CAAA,CAAIR,CAAAA,EACvD,CAOA,SAASS,CAAAA,CAAYC,CAAAA,CAA+B,CAClD,IAAA,IAAWC,CAAAA,IAAO,MAAA,CAAO,KAAKD,CAAK,CAAA,CAAG,CACpC,IAAME,CAAAA,CAAKF,CAAAA,CAA6CC,CAAG,CAAA,CAC3D,GAAIC,CAAAA,GAAM,IAAA,EAAQ,OAAOA,CAAAA,EAAM,SAAU,CACvC,GAAI,KAAA,CAAM,OAAA,CAAQA,CAAC,CAAA,EAAKD,IAAQ,aAAA,CAC9B,IAAA,IAAWE,CAAAA,IAAUD,CAAAA,CACfC,CAAAA,GAAW,IAAA,EAAQ,OAAOA,CAAAA,EAAW,QAAA,EACvC,MAAA,CAAO,MAAA,CAAOA,CAAM,CAAA,CAI1B,OAAO,MAAA,CAAOD,CAAC,EACjB,CACF,CACA,OAAA,MAAA,CAAO,OAAOF,CAAK,CAAA,CAEZA,CACT,CAiPA,IAAMI,CAAAA,CAA0B,GAAA,CAC1BC,CAAAA,CAAsB,GAAA,CAE5B,SAASC,CAAAA,CAAgBJ,CAAAA,CAAmC,CAC1D,GAAIA,aAAa,IAAA,CAAM,OAAOA,CAAAA,CAAE,OAAA,EAAQ,CACxC,GAAI,OAAOA,CAAAA,EAAM,QAAA,CAAU,CACzB,GAAI,CAAC,MAAA,CAAO,SAASA,CAAC,CAAA,CACpB,MAAM,IAAI,KAAA,CACR,8FACF,EAGF,OAAOA,CACT,CACA,GAAI,OAAOA,CAAAA,EAAM,SAAU,CACzB,IAAMK,CAAAA,CAAI,IAAA,CAAK,KAAA,CAAML,CAAC,EACtB,GAAI,CAAC,MAAA,CAAO,QAAA,CAASK,CAAC,CAAA,CACpB,MAAM,IAAI,KAAA,CACR,CAAA,gDAAA,EAAmDL,CAAC,CAAA,qCAAA,CACtD,CAAA,CAGF,OAAOK,CACT,CACA,MAAM,IAAI,KAAA,CACR,uFACF,CACF,CAEA,SAASC,CAAAA,CAAcR,CAAAA,CAAmBS,CAAAA,CAA8B,CACtE,GAAIA,CAAAA,CAAO,IAAA,EAEL,CAAA,CADU,KAAA,CAAM,OAAA,CAAQA,CAAAA,CAAO,IAAI,CAAA,CAAIA,CAAAA,CAAO,IAAA,CAAO,CAACA,CAAAA,CAAO,IAAI,GAC1D,QAAA,CAAST,CAAAA,CAAM,IAAI,CAAA,CAAG,OAAO,MAAA,CAE1C,GAAIS,CAAAA,CAAO,QAAA,GAAa,MAAA,CAEtB,GAAIT,CAAAA,CAAM,IAAA,GAAS,eACjB,GAAIA,CAAAA,CAAM,GAAA,GAAQS,CAAAA,CAAO,QAAA,CAAU,OAAO,eACjCT,CAAAA,CAAM,IAAA,GAAS,yBAAA,CAAA,CACxB,GAAIA,CAAAA,CAAM,IAAA,GAASS,CAAAA,CAAO,QAAA,CAAU,OAAO,MAAA,CAAA,KAE3C,OAAO,MAAA,CAGX,GAAIA,CAAAA,CAAO,eAAiB,MAAA,GACtBT,CAAAA,CAAM,IAAA,GAAS,qBAAA,EACfA,CAAAA,CAAM,YAAA,GAAiBS,EAAO,YAAA,CAAA,CAAc,OAAO,MAAA,CAEzD,GAAIA,CAAAA,CAAO,cAAA,CAAgB,CACzB,GAAM,CAACC,CAAAA,CAAGC,CAAC,CAAA,CAAIF,CAAAA,CAAO,eAChBG,CAAAA,CAAQN,CAAAA,CAAgBI,CAAC,CAAA,CACzBG,CAAAA,CAAMP,CAAAA,CAAgBK,CAAC,CAAA,CAC7B,GAAIX,CAAAA,CAAM,EAAA,CAAKY,CAAAA,EAASZ,CAAAA,CAAM,GAAKa,CAAAA,CAAK,OAAO,MACjD,CAEA,OAAO,KACT,CAOO,SAASC,CAAAA,CACdC,CAAAA,CAA8B,EAAC,CACd,CACjB,IAAMC,CAAAA,CAAWD,CAAAA,CAAK,QAAA,EAAYX,CAAAA,CAC9Ba,CAAAA,CAAwB,EAAC,CACzBC,EAEO,IAAA,CAwEX,OAtE8B,CAC5B,KAAA,CAAMlB,CAAAA,CAAO,CACX,GAAIiB,CAAAA,CAAQ,MAAA,EAAUD,CAAAA,CAAU,CAM9B,IAAMG,CAAAA,CAAUF,EAAQ,CAAC,CAAA,CACzBC,CAAAA,GAAkBC,CAAAA,CAAQ,GAAA,CAAK,CAAC,EAChCF,CAAAA,CAAQ,KAAA,GACV,CAIA,IAHAA,CAAAA,CAAQ,KAAKjB,CAAK,CAAA,CAGXiB,CAAAA,CAAQ,MAAA,CAASD,CAAAA,EACtBC,CAAAA,CAAQ,QAEZ,CAAA,CACA,KAAA,CAAMR,CAAAA,CAAQ,CACZ,IAAMW,EAAQX,CAAAA,CAAO,KAAA,EAASJ,CAAAA,CACxBgB,CAAAA,CAAoB,EAAC,CAC3B,IAAA,IAASzB,CAAAA,CAAIqB,CAAAA,CAAQ,MAAA,CAAS,CAAA,CAAGrB,CAAAA,EAAK,CAAA,CAAGA,CAAAA,EAAAA,CAAK,CAC5C,IAAM0B,CAAAA,CAAIL,CAAAA,CAAQrB,CAAC,CAAA,CACnB,GAAIY,EAAcc,CAAAA,CAAGb,CAAM,CAAA,GACzBY,CAAAA,CAAI,IAAA,CAAKC,CAAC,EACND,CAAAA,CAAI,MAAA,EAAUD,CAAAA,CAAAA,CAAO,KAE7B,CAEA,OAAOC,CACT,CAAA,CACA,MAAA,CAAOE,CAAAA,CAAG,CACR,IAAMX,CAAAA,CAAQ,KAAK,GAAA,CAAI,CAAA,CAAGK,CAAAA,CAAQ,MAAA,CAASM,CAAC,CAAA,CAE5C,OAAON,CAAAA,CAAQ,KAAA,CAAML,CAAK,CAC5B,CAAA,CACA,OAAA,CAAQY,EAAMC,CAAAA,CAAQ,EAAC,CAAG,CACxB,OAAO,IAAA,CAAK,MAAM,CAAE,QAAA,CAAUD,CAAAA,CAAM,KAAA,CAAOC,CAAAA,CAAM,KAAM,CAAC,CAC1D,CAAA,CACA,aAAA,CAAcC,CAAAA,CAAID,CAAAA,CAAQ,GAAI,CAC5B,OAAO,IAAA,CAAK,KAAA,CAAM,CAAE,YAAA,CAAcC,EAAI,KAAA,CAAOD,CAAAA,CAAM,KAAM,CAAC,CAC5D,CAAA,CACA,QAAS,CACP,OAAO,CAAE,OAAA,CAASR,CAAAA,CAAQ,KAAA,GAAS,UAAA,CAAY,IAAA,CAAK,GAAA,EAAM,CAC5D,CAAA,CACA,OAAQ,CACNA,CAAAA,CAAU,GACZ,CAAA,CACA,OAAA,EAAU,CACRA,CAAAA,CAAU,EAAC,CACXC,CAAAA,CAAkB,KACpB,CAAA,CACA,KAAA,CAAMT,CAAAA,CAAQkB,CAAAA,CAAkB,CAC9B,IAAIC,CAAAA,CAAQ,CAAA,CACZ,IAAA,IAAShC,EAAI,CAAA,CAAGA,CAAAA,CAAIqB,CAAAA,CAAQ,MAAA,CAAQrB,CAAAA,EAAAA,CAAK,CACvC,IAAM0B,CAAAA,CAAIL,CAAAA,CAAQrB,CAAC,CAAA,CACfY,CAAAA,CAAcc,CAAAA,CAAGb,CAAM,CAAA,GACzBQ,CAAAA,CAAQrB,CAAC,CAAA,CAAI+B,CAAAA,CAAiBL,CAAC,EAC/BM,CAAAA,EAAAA,EAEJ,CAEA,OAAOA,CACT,CAAA,CACA,UAAA,CAAWC,EAAS,CAClBX,CAAAA,CAAkBW,EACpB,CACF,CAGF,CAuBA,SAASC,CAAAA,CAAS9B,CAAAA,CAA2B,CAG3C,OAAO+B,mBAAAA,CAAW/B,CAAK,CACzB,CAUA,SAASgC,CAAAA,CAAahC,CAAAA,CAA2B,CAC/C,GAAQA,CAAAA,CAAM,QAAA,GACP,QAAA,CACH,OAAO8B,CAAAA,CAAS9B,CAAK,CAAA,CAErB,MAAM,IAAI,KAAA,CACR,CAAA,4CAAA,EAA+C,MAAA,CAAQA,CAAAA,CAAgC,QAAQ,CAAC,kBAAkBA,CAAAA,CAAM,GAAG,CAAA,4DAAA,CAC7H,CAEN,CA+GO,SAASiC,GACdlB,CAAAA,CAA2B,EAAC,CACf,CACb,IAAMmB,CAAAA,CAAOnB,EAAK,IAAA,EAAQD,CAAAA,EAAW,CAC/BqB,CAAAA,CAAapB,CAAAA,CAAK,UAAA,EAAc,MAChCqB,CAAAA,CAAarB,CAAAA,CAAK,MAAA,CAEpBsB,CAAAA,CAAM,CAAA,CACNC,CAAAA,CAA+B,KAE/BC,CAAAA,CAAsC,IAAA,CACtCC,CAAAA,CAAiC,IAAA,CAQ/BC,CAAAA,CAAgB,IAAI,IAcpBC,CAAAA,CAAkB,IAAI,GAAA,CAGtBC,CAAAA,CAAiB,IAAI,GAAA,CAS3B,SAASC,CAAAA,CAAeC,CAAAA,CAAwB,CAE9C,GADIV,CAAAA,EAAcQ,CAAAA,CAAe,IAAA,GAAS,GACtCE,CAAAA,GAAS,IAAA,EAAQ,OAAOA,CAAAA,EAAS,QAAA,CAAU,OAAOA,EAKtD,IAAIC,CAAAA,CACJ,GAAI,CACFA,CAAAA,CAAS,IAAA,CAAK,MAAM,IAAA,CAAK,SAAA,CAAUD,CAAI,CAAC,EAC1C,CAAA,KAAQ,CAEN,OAAOA,CACT,CAEA,OAAAE,mBAAAA,CAAcD,CAAAA,CAAQ,CACpB,QAAA,CAASE,CAAAA,CAAUC,CAAAA,CAAIC,CAAAA,CAAUC,CAAAA,CAAa,CACvCR,EAAe,GAAA,CAAIK,CAAQ,CAAA,EAEhC7D,CAAAA,CAAc2D,CAAAA,CAAQK,CAAAA,CAAa,YAAY,EAEjD,CAAA,CACA,OAAA,CAAQH,CAAAA,CAAU,CACXL,CAAAA,CAAe,GAAA,CAAIK,CAAQ,CAAA,EAEhC7D,CAAAA,CAAc2D,CAAAA,CAAQE,CAAAA,CAAU,YAAY,EAC9C,CACF,CAAC,CAAA,CAEMF,CACT,CAEA,SAASM,CAAAA,EAA6B,CAGpC,GAFAX,CAAAA,CAAc,KAAA,EAAM,CACpBC,CAAAA,CAAgB,KAAA,GACZ,CAAA,CAACH,CAAAA,CACL,GAAI,CACF,IAAMc,CAAAA,CACJd,EASA,OAAA,CACF,GAAI,OAAOc,CAAAA,EAAY,UAAA,CAAY,OAEnC,IAAMC,CAAAA,CADaD,CAAAA,EAAQ,EACK,WAAA,EAAe,EAAC,CAG1CE,EACJhB,CAAAA,CAKA,SAAA,EAAW,iBAAA,CACb,IAAA,IAAWiB,CAAAA,IAAKF,CAAAA,CACd,GAAIE,CAAAA,CAAE,QAAA,GAAa,KAAA,CAAA,CAGjBf,CAAAA,CAAc,GAAA,CACZe,CAAAA,CAAE,EAAA,CACFZ,CAAAA,CAAeY,CAAAA,CAAE,QAAQ,CAC3B,CAAA,CAAA,KACK,CAML,IAAMC,EAAMF,CAAAA,GAAaC,CAAAA,CAAE,EAAE,CAAA,CACvBE,CAAAA,CAASD,CAAAA,EAAO,OAAOA,CAAAA,CAAI,IAAA,EAAS,UAAA,CAAaA,CAAAA,CAAI,IAAA,CAAO,KAAA,CAAA,CAC9DC,EACFhB,CAAAA,CAAgB,GAAA,CAAIc,CAAAA,CAAE,EAAA,CAAIzB,mBAAAA,CAAW,MAAA,CAAO2B,CAAM,CAAC,CAAC,CAAA,CAC3CF,CAAAA,CAAE,IAAA,GAAS,KAAA,CAAA,EAAa,OAAOA,CAAAA,CAAE,IAAA,EAAS,UAAA,CACnDd,CAAAA,CAAgB,GAAA,CAAIc,CAAAA,CAAE,GAAIzB,mBAAAA,CAAW,MAAA,CAAOyB,CAAAA,CAAE,IAAI,CAAC,CAAC,EAMpDd,CAAAA,CAAgB,GAAA,CAAIc,CAAAA,CAAE,EAAA,CAAIzB,mBAAAA,CAAW,YAAY,CAAC,EAEtD,CAEJ,CAAA,KAAQ,CAER,CACF,CAEA,SAAS4B,GAAuB,CAE9B,GADAhB,CAAAA,CAAe,KAAA,EAAM,CACjB,EAAAR,GAAc,CAACI,CAAAA,CAAAA,CACnB,GAAI,CACF,IAAMqB,CAAAA,CAAQrB,EAAyE,IAAA,CACvF,GAAI,CAACqB,CAAAA,EAAQ,OAAOA,CAAAA,CAAK,OAAU,UAAA,CAAY,OAC/C,IAAMC,CAAAA,CAASD,CAAAA,CAAK,KAAA,CAAM,KAAK,CAAA,EAAK,EAAC,CACrC,IAAA,IAAWnE,CAAAA,IAAKoE,CAAAA,CACdlB,EAAe,GAAA,CAAIlD,CAAAA,CAAE,EAAE,EAE3B,CAAA,KAAQ,CAER,CACF,CAEA,SAASqE,CAAAA,CAAYd,CAAAA,CAAkB1D,CAAAA,CAAyB,CAC9D,OAAI6C,CAAAA,CAAmB7C,CAAAA,CACnBqD,CAAAA,CAAe,GAAA,CAAIK,CAAQ,CAAA,CAAU,YAAA,CAElC1D,CACT,CAEA,SAASyE,CAAAA,CACPC,CAAAA,CAC4B,CAE5B,GADI,CAACA,CAAAA,EACD7B,CAAAA,EAAcQ,CAAAA,CAAe,IAAA,GAAS,CAAA,CAAG,OAAOqB,EACpD,IAAIC,CAAAA,CAAU,KAAA,CACR5C,CAAAA,CAAsB2C,CAAAA,CAAQ,GAAA,CAAKR,GAAM,CAC7C,GAAIb,CAAAA,CAAe,GAAA,CAAIa,CAAAA,CAAE,IAAI,EAC3B,OAAAS,CAAAA,CAAU,IAAA,CACH,CAAE,GAAGT,CAAAA,CAAG,OAAQ,YAAa,CAAA,CAGtC,GAAIA,CAAAA,CAAE,QAAA,CAAU,CACd,IAAMU,CAAAA,CAAQH,CAAAA,CAAcP,CAAAA,CAAE,QAAQ,CAAA,CACtC,GAAIU,IAAUV,CAAAA,CAAE,QAAA,CACd,OAAAS,CAAAA,CAAU,IAAA,CACH,CAAE,GAAGT,CAAAA,CAAG,QAAA,CAAUU,CAAM,CAEnC,CAEA,OAAOV,CACT,CAAC,CAAA,CAED,OAAOS,CAAAA,CAAU5C,CAAAA,CAAM2C,CACzB,CAaA,SAASG,CAAAA,CAAKC,CAAAA,CAA8C,CAC1D,IAAMpE,CAAAA,CAAQ,CACZ,GAAGoE,CAAAA,CACH,GAAA,CAAK/B,CAAAA,EAAAA,CACL,EAAA,CAAI,IAAA,CAAK,KAAI,CACb,QAAA,CAAUC,CAAAA,CACV,QAAA,CAAUtD,CAAAA,CACV,aAAA,CAAeC,CACjB,CAAA,CAEMoF,CAAAA,CAAajC,CAAAA,CAAaA,CAAAA,CAAWpC,CAAK,CAAA,CAAIA,EACpD,OAAAD,CAAAA,CAAYsE,CAAU,CAAA,CACtBnC,CAAAA,CAAK,KAAA,CAAMmC,CAAU,CAAA,CAKrB/B,CAAAA,CAAgBN,CAAAA,CAAaqC,CAAU,CAAA,CAEhCA,CACT,CAEA,SAASC,CAAAA,CAAQC,CAAAA,CAA+B,CAC9C,OAAQA,CAAAA,CAAM,IAAA,EACZ,KAAK,qBAAA,CAAuB,CAC1B,IAAMC,CAAAA,CAAW/B,CAAAA,CAAc,IAAI8B,CAAAA,CAAM,EAAE,CAAA,CACrCE,CAAAA,CAAiB/B,CAAAA,CAAgB,GAAA,CAAI6B,EAAM,EAAE,CAAA,CAC7CH,CAAAA,CAAmC,CACvC,IAAA,CAAM,qBAAA,CACN,aAAcG,CAAAA,CAAM,EAAA,CACpB,MAAA,CAAQA,CAAAA,CAAM,MAAA,CACd,WAAA,CAAaR,EAAcQ,CAAAA,CAAM,WAAW,CAC9C,CAAA,CACIC,CAAAA,GAAa,MAAA,CACfJ,EAAQ,QAAA,CAAWI,CAAAA,CACVC,CAAAA,GAAmB,MAAA,GAI5BL,CAAAA,CAAQ,UAAA,CAAa,CACnB,IAAA,CAAM,UAAA,CACN,UAAA,CAAYK,CACd,CAAA,CAAA,CAEFN,CAAAA,CAAKC,CAAO,EACZ,KACF,CACA,KAAK,aAAA,CACHD,CAAAA,CAAK,CACH,KAAM,aAAA,CACN,GAAA,CAAKI,CAAAA,CAAM,GAAA,CACX,KAAA,CAAOT,CAAAA,CAAYS,EAAM,GAAA,CAAKA,CAAAA,CAAM,IAAI,CAAA,CACxC,IAAA,CAAMT,CAAAA,CAAYS,EAAM,GAAA,CAAKA,CAAAA,CAAM,IAAI,CACzC,CAAC,CAAA,CACD,MACF,KAAK,yBAAA,CACCA,CAAAA,CAAM,IAAA,GAAS,SAAA,CACjBJ,CAAAA,CAAK,CACH,IAAA,CAAM,yBAAA,CACN,SAAA,CAAW,SAAA,CACX,UAAA,CAAYI,CAAAA,CAAM,SAClB,aAAA,CAAeA,CAAAA,CAAM,aAAA,CACrB,MAAA,CAAQA,CAAAA,CAAM,MAAA,CACd,OAAA,CAASA,CAAAA,CAAM,OACjB,CAAC,CAAA,CAEDJ,CAAAA,CAAK,CACH,IAAA,CAAM,0BACN,SAAA,CAAW,WAAA,CACX,UAAA,CAAYI,CAAAA,CAAM,QAAA,CAClB,aAAA,CAAeA,EAAM,aAAA,CACrB,MAAA,CAAQA,CAAAA,CAAM,MAAA,CACd,IAAA,CAAMA,CAAAA,CAAM,KACZ,QAAA,CAAUT,CAAAA,CAAYS,CAAAA,CAAM,IAAA,CAAMA,CAAAA,CAAM,QAAQ,EAChD,MAAA,CAAQT,CAAAA,CAAYS,CAAAA,CAAM,IAAA,CAAMA,CAAAA,CAAM,MAAM,CAC9C,CAAC,CAAA,CAEH,MACF,KAAK,mBAAA,CACHJ,CAAAA,CAAK,CACH,IAAA,CAAM,mBAAA,CACN,UAAA,CAAYI,CAAAA,CAAM,QAAA,CAClB,aAAA,CAAeA,EAAM,aAAA,CACrB,QAAA,CAAUA,CAAAA,CAAM,QAClB,CAAC,CAAA,CACD,MACF,KAAK,gBAAA,CACHJ,CAAAA,CAAK,CACH,IAAA,CAAM,gBAAA,CACN,WAAYI,CAAAA,CAAM,QAAA,CAClB,aAAA,CAAeA,CAAAA,CAAM,aAAA,CACrB,KAAA,CAAO,OAAOA,CAAAA,CAAM,KAAK,CAC3B,CAAC,CAAA,CACD,MACF,KAAK,aAAA,CACL,KAAK,cAAA,CACL,KAAK,aAAA,CACL,KAAK,iBACHJ,CAAAA,CAAK,CAAE,IAAA,CAAMI,CAAAA,CAAM,IAAK,CAAC,EACzB,MAOJ,CACF,CAOA,IAAIG,EAAmB,KAAA,CAEvB,SAASC,CAAAA,CAAOC,CAAAA,CAAiC,CAC/CrC,CAAAA,CAASqC,EACTjB,CAAAA,EAAe,CACfP,CAAAA,EAAqB,CACrBZ,CAAAA,CAAYoC,CAAAA,CAAI,OAAA,CAAQN,CAAO,CAAA,CAK/BpC,CAAAA,CAAK,UAAA,GAAa,CAAC2C,CAAAA,CAAYC,CAAAA,GAAiB,CAC9C,GAAI,CAAAJ,CAAAA,CACJ,CAAAA,CAAAA,CAAmB,IAAA,CACnB,GAAI,CACFP,CAAAA,CAAK,CACH,IAAA,CAAM,kBAAA,CACN,UAAA,CAAAU,EACA,YAAA,CAAAC,CACF,CAAC,EACH,CAAA,OAAE,CACAJ,EAAmB,MACrB,CAAA,CACF,CAAC,EACH,CAEA,SAASK,GAAe,CAClBvC,CAAAA,GACFA,CAAAA,EAAU,CACVA,CAAAA,CAAY,IAAA,CAAA,CAEdD,EAAS,IAAA,CACTE,CAAAA,CAAc,KAAA,EAAM,CACpBC,CAAAA,CAAgB,KAAA,GAChBC,CAAAA,CAAe,KAAA,GACjB,CAEA,IAAMqC,CAAAA,CAA+B,CACnC,IAAA,CAAM,cAAA,CACN,MAAA,CAAOJ,CAAAA,CAAK,CACVD,CAAAA,CAAOC,CAA2B,EACpC,CAAA,CACA,MAAA,EAAS,CAGHpC,CAAAA,GACFA,CAAAA,EAAU,CACVA,EAAY,IAAA,EAEhB,CAAA,CACA,SAAA,EAAY,CACVuC,CAAAA,GACF,EACA,oBAAA,CAAqBE,CAAAA,CAAMvD,CAAAA,CAAI,CACzBuD,CAAAA,GAAS,YAAA,EAAc7B,GAAqB,CAAA,CAC5C6B,CAAAA,GAAS,YAAA,EAAgBA,CAAAA,GAAS,UAAA,EAAcA,CAAAA,GAAS,WAG3DtB,CAAAA,GAGJ,CAAA,CACA,kBAAA,CAAmBsB,CAAAA,CAAMvD,CAAAA,CAAI,CAGvBuD,CAAAA,GAAS,YAAA,EAAc7B,CAAAA,GAE7B,CAAA,CACA,sBAAA,CAAuB6B,EAAMvD,CAAAA,CAAI,CAC3BuD,CAAAA,GAAS,YAAA,EAAc7B,CAAAA,GAE7B,CAAA,CACA,UAAA,CAAW8B,CAAAA,CAAU,CAInBf,CAAAA,CAAK,CACH,IAAA,CAAM,iBAAA,CACN,WAAYe,CAAAA,CAAS,EAAA,CACrB,OAAA,CAASA,CAAAA,CAAS,OACpB,CAAC,EACH,CAAA,CACA,iBAAA,CAAkBC,CAAAA,CAAMC,CAAAA,CAAI,CAE1BjB,CAAAA,CAAK,CACH,IAAA,CAAM,yBAAA,CACN,IAAA,CAAAgB,CAAAA,CACA,EAAA,CAAAC,CACF,CAAC,EACH,CACF,CAAA,CAQA,SAASC,CAAAA,CAAcrF,CAAAA,CAA+B,CACpD,GACGA,CAAAA,CAAgD,UAAA,GAAe,MAAA,CAEhE,OAAOA,CAAAA,CAET,IAAMsF,CAAAA,CAAQ,CAAE,GAAGtF,CAAM,CAAA,CACzB,OAAA,OAAOsF,EAAM,UAAA,CAENA,CACT,CAEA,SAASC,CAAAA,CACPtE,CAAAA,CACuB,CAGvB,IAAIuE,CAAAA,CAAa,KAAA,CACjB,IAAA,IAAWlE,CAAAA,IAAKL,CAAAA,CACd,GAAKK,CAAAA,CAA4C,UAAA,GAAe,MAAA,CAAW,CACzEkE,CAAAA,CAAa,IAAA,CACb,KACF,CAEF,OAAKA,CAAAA,CAIEvE,CAAAA,CAAQ,GAAA,CAAIoE,CAAa,EAHvBpE,CAIX,CAEA,OAAO,CACL,MAAA,CAAA+D,CAAAA,CACA,MAAO,CAACvE,CAAAA,CAAS,EAAC,GAAM8E,CAAAA,CAAiBrD,CAAAA,CAAK,MAAMzB,CAAM,CAAC,CAAA,CAC3D,MAAA,CAASc,CAAAA,EAAMgE,CAAAA,CAAiBrD,EAAK,MAAA,CAAOX,CAAC,CAAC,CAAA,CAC9C,OAAA,CAAS,CAACC,EAAMC,CAAAA,GAAU8D,CAAAA,CAAiBrD,CAAAA,CAAK,OAAA,CAAQV,CAAAA,CAAMC,CAAK,CAAC,CAAA,CACpE,aAAA,CAAe,CAACC,CAAAA,CAAID,CAAAA,GAClB8D,CAAAA,CAAiBrD,CAAAA,CAAK,cAAcR,CAAAA,CAAID,CAAK,CAAC,CAAA,CAChD,MAAA,CAAQ,IAAM,CACZ,IAAMgE,CAAAA,CAAOvD,CAAAA,CAAK,MAAA,EAAO,CAEzB,OAAO,CACL,OAAA,CAASqD,CAAAA,CAAiBE,CAAAA,CAAK,OAAO,CAAA,CACtC,UAAA,CAAYA,EAAK,UACnB,CACF,CAAA,CACA,MAAA,CAAO1E,CAAAA,CAA2C,CAKhD,GAAIA,CAAAA,EAAM,MAAA,GAAW,IAAA,CACnB,MAAM,IAAI,KAAA,CACR,yIACF,CAAA,CAGF,GAAM,CAAE,OAAA,CAAAE,CAAQ,CAAA,CAAIiB,EAAK,MAAA,EAAO,CAChC,GAAIjB,CAAAA,CAAQ,MAAA,GAAW,CAAA,CACrB,OAAO,CAAE,KAAA,CAAO,IAAA,CAAM,UAAA,CAAY,CAAE,CAAA,CAqBtC,IAAMyE,EAAgB,IAAI,GAAA,CACtBC,CAAAA,CAA0B,IAAA,CAC9B,IAAA,IAAS/F,CAAAA,CAAI,EAAGA,CAAAA,CAAIqB,CAAAA,CAAQ,MAAA,CAAQrB,CAAAA,EAAAA,CAAK,CACvC,IAAMI,EAAQiB,CAAAA,CAAQrB,CAAC,CAAA,CACvB,GAAII,CAAAA,CAAM,QAAA,GAAa2F,EAAU,CAK/B,IAAMC,CAAAA,CAAYhG,CAAAA,CAAI,CAAA,CAAIqB,CAAAA,CAAQrB,EAAI,CAAC,CAAA,CAAK,IAAA,CACtCiG,CAAAA,CAAmB7F,CAAAA,CAAM,IAAA,GAAS,sBAClC8F,CAAAA,CAAkBF,CAAAA,EAAW,IAAA,GAAS,qBAAA,CAE5C,GAAIC,CAAAA,EAAoBC,EAAiB,CAGvC,IAAMC,CAAAA,CAA2B,EAAC,CAC9BF,CAAAA,EAAkBE,CAAAA,CAAW,IAAA,CAAK/F,CAAK,CAAA,CACvC8F,CAAAA,EAAmBF,CAAAA,GAAc,IAAA,EACnCG,CAAAA,CAAW,KAAKH,CAAS,CAAA,CAE3B,IAAMI,CAAAA,CAASD,CAAAA,CAAW,IAAA,CACvBzE,GACEA,CAAAA,CAA4C,UAAA,GAC7CpC,CACJ,CAAA,CACA,GAAI8G,CAAAA,CACF,OAAO,CACL,KAAA,CAAO,KAAA,CACP,QAAA,CAAUpG,CAAAA,CACV,YAAA,CAAc+F,GAAY,WAAA,CAC1B,UAAA,CAAY3F,CAAAA,CAAM,QAAA,EAAY,WAAA,CAC9B,KAAA,CAAOgG,EACP,MAAA,CACE,yKACJ,CAAA,CAKF,IAAMC,CAAAA,CAAiBJ,CAAAA,CAAmB7F,EAAQ4F,CAAAA,CAClDF,CAAAA,CAAc,GAAA,CAAIO,CAAAA,CAAe,GAAG,CAAA,CACpCN,EAAW3D,CAAAA,CAAahC,CAAK,CAAA,CAE7B,QACF,CAEA,OAAO,CACL,KAAA,CAAO,KAAA,CACP,QAAA,CAAUJ,CAAAA,CACV,YAAA,CAAc+F,CAAAA,EAAY,WAAA,CAC1B,WAAY3F,CAAAA,CAAM,QAAA,EAAY,WAAA,CAC9B,KAAA,CAAAA,CACF,CACF,CACA2F,CAAAA,CAAW3D,CAAAA,CAAahC,CAAK,EAC/B,CAEA,IAAMkG,EAIF,CACF,KAAA,CAAO,IAAA,CACP,UAAA,CAAYjF,CAAAA,CAAQ,MACtB,EACA,OAAIyE,CAAAA,CAAc,IAAA,CAAO,CAAA,GACvBQ,CAAAA,CAAO,UAAA,CAAa,CAAC,GAAGR,CAAa,CAAA,CAAE,IAAA,CAAK,CAAChF,CAAAA,CAAGC,IAAMD,CAAAA,CAAIC,CAAC,CAAA,CAAA,CAGtDuF,CACT,CAAA,CACA,KAAA,CAAMzF,EAAQ,CAGZ,IAAM0F,CAAAA,CAAW,IAAA,CAAK,GAAA,EAAI,CACtBvE,CAAAA,CAAQ,CAAA,CAuCZ,GAtCI,OAAOM,CAAAA,CAAK,KAAA,EAAU,UAAA,GACxBN,CAAAA,CAAQM,EAAK,KAAA,CAAMzB,CAAAA,CAASa,CAAAA,EAAM,CAUhC,IAAM8E,CAAAA,CAAY,CAChB,GAAA,CAAK9E,CAAAA,CAAE,GAAA,CACP,EAAA,CAAIA,CAAAA,CAAE,EAAA,CACN,KAAM,qBAAA,CACN,QAAA,CAAUA,CAAAA,CAAE,QAAA,CACZ,QAAA,CAAUA,CAAAA,CAAE,SACZ,aAAA,CACGA,CAAAA,CACE,aAAA,EAAiBrC,CAAAA,CACtB,YAAA,CAAcqC,CAAAA,CAAE,KAChB,QAAA,CAAA6E,CAAAA,CACA,UAAA,CAAYjH,CACd,CAAA,CAMA,OAAAa,EAAYqG,CAAS,CAAA,CAEdA,CACT,CAAC,CAAA,CAAA,CAMCxE,CAAAA,GAAU,EACZ,OAAO,CAAE,MAAA,CAAQ,CAAA,CAAG,WAAA,CAAa,IAAK,CAAA,CAMxC,IAAMyE,CAAAA,CAAc,CAClB,QAAA,CAAU5F,CAAAA,CAAO,QAAA,GAAa,MAAA,CAC9B,aAAcA,CAAAA,CAAO,YAAA,GAAiB,MAAA,CACtC,IAAA,CAAMA,CAAAA,CAAO,IAAA,CACb,eACEA,CAAAA,CAAO,cAAA,GAAmB,MAAA,CACrB,SAAA,CACD,MACR,CAAA,CAGM6F,EAAcnC,CAAAA,CAAK,CACvB,IAAA,CAAM,uBAAA,CACN,UAAA,CAAYpC,mBAAAA,CAAWtB,CAAM,CAAA,CAC7B,WAAA,CAAA4F,CAAAA,CACA,MAAA,CAAQzE,CACV,CAAC,EAED,OAAO,CAAE,MAAA,CAAQA,CAAAA,CAAO,WAAA,CAAA0E,CAAY,CACtC,CAAA,CACA,KAAA,EAAQ,CACNpE,CAAAA,CAAK,KAAA,EAAM,CACXG,EAAM,CAAA,CACNC,CAAAA,CAAgB,KAClB,CAAA,CACA,OAAA,EAAU,CACRyC,CAAAA,EAAO,CACP7C,CAAAA,CAAK,OAAA,GACP,CACF,CACF","file":"chunk-IXRS4LM4.cjs","sourcesContent":["/**\n * createAuditLedger — append-only, queryable, hash-chained\n * (djb2; SHA-256 reserved for v2) audit of every state change. For\n * forensics and \"show me why this user got that decision.\"\n *\n * Captures (per observation event):\n *\n *   - `constraint.evaluate` → { whenSpec, whenExplain, active, whenSource? }\n *   - `resolver.write.rejected` (rejection + summary kinds)\n *   - `fact.change` → { key, prior, next }\n *   - `resolver.complete` → { resolverId, requirementId, duration }\n *   - `system.init` / `system.start` / `system.stop` / `system.destroy`\n *   - `system.snapshot` / `system.history.navigate` (lifecycle markers)\n *   - `system.truncated` (ring-buffer overflow marker)\n *   - `system.entry-erased` / `system.subject-erased` (GDPR Art.17 stub)\n *\n * Hash chain: each entry stores `prevHash` — the djb2 (`hashObject`)\n * hash of the previous entry's stable-stringified payload. Tampering\n * with any entry's payload breaks the next entry's `prevHash` link —\n * visible in `verify()`. v1 ships sync djb2 only; `verify({ strong: true })`\n * is reserved for v2 (SHA-256) and throws today.\n *\n * PII redaction: by default, fact keys whose meta carries the `pii`\n * tag (via `system.meta.byTag(\"pii\")`) have their values replaced with\n * `\"[redacted]\"` in `whenExplain.actual`, `fact.change.prior`,\n * `fact.change.next`, and the cached `whenSpec` operands. Opt out with\n * `capturePII: true`.\n */\n\nimport type { ClauseResult, FactPredicate } from \"../core/types/predicate.js\";\nimport type {\n  ModuleSchema,\n  ObservationEvent,\n  Plugin,\n  System,\n} from \"../core/types.js\";\nimport { walkPredicate } from \"../core/predicate.js\";\nimport { hashObject } from \"../utils/utils.js\";\n\n/** Hash algorithm tag — bumped if canonicalization or hash function changes. */\nconst HASH_ALGO = \"djb2-1\" as const;\n\n/**\n * Entry schema version. Bumped if `AuditEntry` field shape changes in\n * a way that breaks back-compat parsers. Persisted on every entry so\n * exports remain self-describing across library upgrades. (F-5)\n */\nconst SCHEMA_VERSION = 1 as const;\n\n/**\n * Private sentinel stamped onto tombstone entries by {@link createAuditLedger.erase}.\n * Never exported, never serialized — `verify()` checks for it before\n * accepting a `system.entry-erased` entry as a legitimate chain break.\n *\n * (N7) Without this, a caller holding a raw `AuditLedgerSink` reference\n * could write `{ kind: \"system.entry-erased\", … }` directly into the\n * sink to mask real tampering as legitimate erasure. The sentinel\n * raises the bar so only the in-process ledger plugin (which lives in\n * this module's closure) can mint a valid tombstone.\n */\nconst LEDGER_INTERNAL_TOKEN: unique symbol = Symbol(\n  \"directive.audit-ledger.internal\",\n);\n\n/**\n * Navigate `root` to `dottedPath` (`foo.bar.$eq`, `foo[0].value`) and\n * replace the value at the leaf. Used by `redactWhenSpec` to scrub\n * PII operands in cached predicate specs. Best-effort: silently no-ops\n * if the path doesn't resolve (caller already cloned the spec).\n */\nfunction replaceAtPath(root: unknown, dottedPath: string, value: unknown): void {\n  if (root === null || typeof root !== \"object\") return;\n  // Split on \".\" but treat \"[N]\" segments as array indices.\n  // E.g. \"[0].value\" → [\"[0]\", \"value\"], \"foo.bar[1]\" → [\"foo\", \"bar[1]\"].\n  const segs: Array<string | number> = [];\n  for (const part of dottedPath.split(\".\")) {\n    if (!part) continue;\n    // Pull leading `[N]` if present.\n    const m = part.match(/^\\[(\\d+)\\](.*)$/);\n    if (m) {\n      segs.push(Number(m[1]));\n      if (m[2]) segs.push(m[2].replace(/^\\./, \"\"));\n      continue;\n    }\n    // Trailing `[N]` on the segment.\n    const m2 = part.match(/^([^[]+)\\[(\\d+)\\](.*)$/);\n    if (m2) {\n      segs.push(m2[1]!);\n      segs.push(Number(m2[2]));\n      if (m2[3]) segs.push(m2[3].replace(/^\\./, \"\"));\n      continue;\n    }\n    segs.push(part);\n  }\n\n  let cur: unknown = root;\n  for (let i = 0; i < segs.length - 1; i++) {\n    const seg = segs[i]!;\n    if (cur === null || typeof cur !== \"object\") return;\n    cur = (cur as Record<string | number, unknown>)[seg];\n  }\n  if (cur === null || typeof cur !== \"object\") return;\n  const lastSeg = segs[segs.length - 1];\n  if (lastSeg === undefined) return;\n  (cur as Record<string | number, unknown>)[lastSeg] = value;\n}\n\n/**\n * Depth-2 freeze: freeze the entry, freeze each top-level value, and\n * freeze each clause in `whenExplain`. Cycle-safe + cheap; prevents\n * in-process payload mutation that would forge the chain. (C3)\n */\nfunction freezeEntry(entry: AuditEntry): AuditEntry {\n  for (const key of Object.keys(entry)) {\n    const v = (entry as unknown as Record<string, unknown>)[key];\n    if (v !== null && typeof v === \"object\") {\n      if (Array.isArray(v) && key === \"whenExplain\") {\n        for (const clause of v) {\n          if (clause !== null && typeof clause === \"object\") {\n            Object.freeze(clause);\n          }\n        }\n      }\n      Object.freeze(v);\n    }\n  }\n  Object.freeze(entry);\n\n  return entry;\n}\n\n// ============================================================================\n// AuditEntry types\n// ============================================================================\n\nexport type AuditEntryKind =\n  | \"constraint.evaluate\"\n  | \"resolver.write.rejected\"\n  | \"fact.change\"\n  | \"resolver.complete\"\n  | \"resolver.error\"\n  | \"system.init\"\n  | \"system.start\"\n  | \"system.stop\"\n  | \"system.destroy\"\n  | \"system.snapshot\"\n  | \"system.history.navigate\"\n  | \"system.truncated\"\n  | \"system.entry-erased\"\n  | \"system.subject-erased\";\n\ninterface AuditEntryBase {\n  /** Monotonic sequence number, starting at 0. */\n  readonly seq: number;\n  /** Wall-clock timestamp (ms epoch). */\n  readonly ts: number;\n  /** Discriminator. */\n  readonly kind: AuditEntryKind;\n  /** Hash of the previous entry's full payload. null on the genesis entry. */\n  readonly prevHash: string | null;\n  /**\n   * Hash algorithm tag identifying the canonicalization + hash\n   * function in use. Bumped if the algorithm or canonical form\n   * changes, so exports remain verifiable across versions.\n   */\n  readonly hashAlgo: typeof HASH_ALGO;\n  /**\n   * Entry schema version — bumped if any `AuditEntry` field shape\n   * changes in a way that breaks back-compat. Pair with `hashAlgo`\n   * when migrating older exports. (F-5)\n   */\n  readonly schemaVersion: typeof SCHEMA_VERSION;\n  /**\n   * Private sentinel — present (and equal to the in-module token) only\n   * on legitimate tombstones minted by `ledger.erase()`. Filtered out\n   * of all public read paths (`query`, `recent`, `toJSON`, etc.) so\n   * consumers never see or copy it. (N7)\n   *\n   * NOT serialized. NOT exported. Forging this from outside the module\n   * is impossible without the symbol reference; `verify()` rejects any\n   * `system.entry-erased` entry that lacks it.\n   *\n   * @internal\n   */\n  readonly __internal?: typeof LEDGER_INTERNAL_TOKEN;\n}\n\nexport type AuditEntry =\n  | (AuditEntryBase & {\n      kind: \"constraint.evaluate\";\n      constraintId: string;\n      active: boolean;\n      /** Cached at ledger start from `system.inspect().constraints[].whenSpec`. Refreshed on `register()`/`assign()`/`unregister()`. May be undefined for function-form constraints (see `whenSource`). PII operands redacted unless `capturePII: true`. */\n      whenSpec?: FactPredicate<unknown>;\n      whenExplain?: readonly ClauseResult[];\n      /**\n       * For function-form constraints (no `whenSpec`), a tamper-evident\n       * identity for the function. We DO NOT capture the raw source —\n       * closures routinely reference secrets, API keys, or PII (e.g.\n       * `if (apiKey === \"sk-live-xxx\")`) and a preview would leak them\n       * into the audit log. Instead, we capture a djb2 hash of the\n       * stringified function (`hashObject(String(fn))`). Auditors can\n       * detect \"the function changed between deploys\" by comparing\n       * hashes across entries, without ever seeing the function body.\n       *\n       * Informational only — NOT replayable. (N5, M22)\n       */\n      whenSource?: { kind: \"function\"; sourceHash: string };\n    })\n  | (AuditEntryBase & {\n      kind: \"resolver.write.rejected\";\n      rejection: \"rejection\" | \"summary\";\n      resolverId: string;\n      requirementId: string;\n      reason: string;\n      fact?: string;\n      expected?: unknown;\n      actual?: unknown;\n      dropped?: number;\n    })\n  | (AuditEntryBase & {\n      kind: \"fact.change\";\n      key: string;\n      prior: unknown;\n      next: unknown;\n    })\n  | (AuditEntryBase & {\n      kind: \"resolver.complete\";\n      resolverId: string;\n      requirementId: string;\n      duration: number;\n    })\n  | (AuditEntryBase & {\n      kind: \"resolver.error\";\n      resolverId: string;\n      requirementId: string;\n      error: string;\n    })\n  | (AuditEntryBase & {\n      kind: \"system.init\" | \"system.start\" | \"system.stop\" | \"system.destroy\";\n    })\n  | (AuditEntryBase & {\n      kind: \"system.snapshot\";\n      snapshotId: number;\n      trigger: string;\n    })\n  | (AuditEntryBase & {\n      kind: \"system.history.navigate\";\n      from: number;\n      to: number;\n    })\n  | (AuditEntryBase & {\n      kind: \"system.truncated\";\n      droppedSeq: number;\n      droppedCount: number;\n    })\n  | (AuditEntryBase & {\n      kind: \"system.entry-erased\";\n      originalKind: AuditEntryKind;\n      erasedAt: number;\n    })\n  | (AuditEntryBase & {\n      kind: \"system.subject-erased\";\n      /**\n       * djb2 hash of the filter (via `hashObject(filter)`). PII-safe —\n       * the raw filter values never land in the ledger. Pair with\n       * `filterShape` to see which filter fields were used. (N2)\n       */\n      filterHash: string;\n      /**\n       * Stripped-values shape of the filter — captures WHICH fields were\n       * present without recording their values. (N2)\n       */\n      filterShape: {\n        factPath: boolean;\n        constraintId: boolean;\n        kind: AuditEntryKind | readonly AuditEntryKind[] | undefined;\n        changedBetween: \"[range]\" | undefined;\n      };\n      erased: number;\n    });\n\n// ============================================================================\n// Sink interface\n// ============================================================================\n\nexport interface QueryFilter {\n  /** Exact-match fact path. */\n  factPath?: string;\n  /** Filter by constraint id. */\n  constraintId?: string;\n  /** Filter by entry kind. */\n  kind?: AuditEntryKind | readonly AuditEntryKind[];\n  /** Time range as `[startMs, endMs]`, ISO strings, or epoch numbers. */\n  changedBetween?: [string | number | Date, string | number | Date];\n  /** Maximum entries returned. Default 1000. */\n  limit?: number;\n}\n\n/**\n * Verify result — chain valid OR a break with full context for tamper visualization.\n *\n * Erased entries (via `ledger.erase()`) appear as legitimate chain breaks —\n * `verify()` reports them in `erasedSeqs` and continues the walk from the\n * tombstone's own hash. Real tamper still surfaces as `valid: false`.\n *\n * Forged tombstones (a caller writes `kind: \"system.entry-erased\"`\n * directly via `sink.write()` to mask tamper as erasure) are detected:\n * legitimate tombstones carry an in-module sentinel that forgeries\n * cannot mint, so `verify()` reports them as tamper. (N7)\n */\nexport type VerifyResult =\n  | {\n      valid: true;\n      entryCount: number;\n      /**\n       * Seq numbers of entries legitimately broken by `erase()`\n       * tombstones. NOT timestamps — each entry pairs this seq with\n       * the per-entry `system.entry-erased.erasedAt` (ms epoch) for\n       * the timestamp. Empty unless the chain contains erasures.\n       * (N1 + M1; renamed from `erasedAt` in R3)\n       */\n      erasedSeqs?: number[];\n    }\n  | {\n      valid: false;\n      brokenAt: number;\n      expectedHash: string;\n      actualHash: string;\n      entry: AuditEntry;\n      /**\n       * Human-readable reason for the break — populated for cases\n       * where the cause is more specific than \"hash mismatch\" (e.g.\n       * tombstone forgery detected via missing sentinel).\n       */\n      reason?: string;\n    };\n\nexport interface AuditLedgerSink {\n  write(entry: AuditEntry): void;\n  query(filter: QueryFilter): readonly AuditEntry[];\n  recent(n: number): readonly AuditEntry[];\n  forFact(path: string, opts?: { limit?: number }): readonly AuditEntry[];\n  forConstraint(id: string, opts?: { limit?: number }): readonly AuditEntry[];\n  toJSON(): { entries: readonly AuditEntry[]; capturedAt: number };\n  clear(): void;\n  destroy(): void;\n  /**\n   * Replace matching entries with tombstones IN PLACE (preserving seq +\n   * prevHash so the hash chain still verifies). v1 implementation\n   * matches on the same `QueryFilter` shape used by `query()`.\n   * Returns the count of entries replaced.\n   *\n   * WARNING: erases only from this sink. Any external copies (toJSON\n   * exports, downstream pipelines) must be erased separately.\n   */\n  erase?(filter: QueryFilter, tombstoneFactory: (e: AuditEntry) => AuditEntry): number;\n  /**\n   * Optional hook fired by the sink BEFORE shifting the oldest entry\n   * out of a bounded ring buffer. The ledger plugin uses this to emit\n   * a `system.truncated` marker so an auditor sees that the log was\n   * truncated and where. (M23)\n   */\n  onTruncate?(handler: (droppedSeq: number, droppedCount: number) => void): void;\n}\n\n// ============================================================================\n// memorySink — bounded ring buffer\n// ============================================================================\n\nconst DEFAULT_MEMORY_CAPACITY = 10_000;\nconst DEFAULT_QUERY_LIMIT = 1000;\n\nfunction parseRangeBound(v: string | number | Date): number {\n  if (v instanceof Date) return v.getTime();\n  if (typeof v === \"number\") {\n    if (!Number.isFinite(v)) {\n      throw new Error(\n        `[Directive] audit-ledger: changedBetween bound must be a finite number, ISO string, or Date.`,\n      );\n    }\n\n    return v;\n  }\n  if (typeof v === \"string\") {\n    const t = Date.parse(v);\n    if (!Number.isFinite(t)) {\n      throw new Error(\n        `[Directive] audit-ledger: changedBetween bound \"${v}\" is not a parseable ISO date string.`,\n      );\n    }\n\n    return t;\n  }\n  throw new Error(\n    `[Directive] audit-ledger: changedBetween bound must be a number, ISO string, or Date.`,\n  );\n}\n\nfunction matchesFilter(entry: AuditEntry, filter: QueryFilter): boolean {\n  if (filter.kind) {\n    const kinds = Array.isArray(filter.kind) ? filter.kind : [filter.kind];\n    if (!kinds.includes(entry.kind)) return false;\n  }\n  if (filter.factPath !== undefined) {\n    // Exact match — no LIKE wildcards. (SEC M2)\n    if (entry.kind === \"fact.change\") {\n      if (entry.key !== filter.factPath) return false;\n    } else if (entry.kind === \"resolver.write.rejected\") {\n      if (entry.fact !== filter.factPath) return false;\n    } else {\n      return false;\n    }\n  }\n  if (filter.constraintId !== undefined) {\n    if (entry.kind !== \"constraint.evaluate\") return false;\n    if (entry.constraintId !== filter.constraintId) return false;\n  }\n  if (filter.changedBetween) {\n    const [a, b] = filter.changedBetween;\n    const start = parseRangeBound(a);\n    const end = parseRangeBound(b);\n    if (entry.ts < start || entry.ts > end) return false;\n  }\n\n  return true;\n}\n\n/**\n * In-memory bounded ring-buffer sink. Drops oldest entries past\n * `capacity` (default 10,000). Use this as the default sink for dev,\n * tests, and StackBlitz demos.\n */\nexport function memorySink(\n  opts: { capacity?: number } = {},\n): AuditLedgerSink {\n  const capacity = opts.capacity ?? DEFAULT_MEMORY_CAPACITY;\n  let entries: AuditEntry[] = [];\n  let truncateHandler:\n    | ((droppedSeq: number, droppedCount: number) => void)\n    | null = null;\n\n  const sink: AuditLedgerSink = {\n    write(entry) {\n      if (entries.length >= capacity) {\n        // (M23) About to overflow — notify the owner BEFORE the shift\n        // so the dropped seq is still known. The handler may push an\n        // entry of its own (a truncation marker), which will itself\n        // push us over capacity; we shift one for one until we're back\n        // at capacity (handlers must be O(1) writers — typically one).\n        const dropped = entries[0]!;\n        truncateHandler?.(dropped.seq, 1);\n        entries.shift();\n      }\n      entries.push(entry);\n      // If the handler wrote a marker (entries.length now > capacity),\n      // drop one more from the head to keep us at capacity exactly.\n      while (entries.length > capacity) {\n        entries.shift();\n      }\n    },\n    query(filter) {\n      const limit = filter.limit ?? DEFAULT_QUERY_LIMIT;\n      const out: AuditEntry[] = [];\n      for (let i = entries.length - 1; i >= 0; i--) {\n        const e = entries[i]!;\n        if (matchesFilter(e, filter)) {\n          out.push(e);\n          if (out.length >= limit) break;\n        }\n      }\n\n      return out;\n    },\n    recent(n) {\n      const start = Math.max(0, entries.length - n);\n\n      return entries.slice(start);\n    },\n    forFact(path, opts2 = {}) {\n      return this.query({ factPath: path, limit: opts2.limit });\n    },\n    forConstraint(id, opts2 = {}) {\n      return this.query({ constraintId: id, limit: opts2.limit });\n    },\n    toJSON() {\n      return { entries: entries.slice(), capturedAt: Date.now() };\n    },\n    clear() {\n      entries = [];\n    },\n    destroy() {\n      entries = [];\n      truncateHandler = null;\n    },\n    erase(filter, tombstoneFactory) {\n      let count = 0;\n      for (let i = 0; i < entries.length; i++) {\n        const e = entries[i]!;\n        if (matchesFilter(e, filter)) {\n          entries[i] = tombstoneFactory(e);\n          count++;\n        }\n      }\n\n      return count;\n    },\n    onTruncate(handler) {\n      truncateHandler = handler;\n    },\n  };\n\n  return sink;\n}\n\n// ============================================================================\n// Hash chain — canonicalization\n// ============================================================================\n//\n// `syncHash(entry)` calls `hashObject(entry)` which calls\n// `stableStringify(entry)` — every entry shape (seq, ts, kind, prevHash,\n// hashAlgo, ...payload) is canonicalized via key-sorted JSON, then\n// djb2-hashed to a 32-bit hex string.\n//\n//   - Fast, sync, isomorphic Node/Bun/Deno/browser.\n//   - Tamper-DETECTION against accidental + light adversarial probing.\n//   - Collision-prone against a determined attacker, by design (32 bits).\n//\n// Any future change to the canonicalization or hash function breaks\n// existing exports, so each entry carries `hashAlgo: \"djb2-1\"`. Verifiers\n// must check that tag matches what they expect.\n//\n// `verify({ strong: true })` is reserved for v2 (SHA-256 chain via Web\n// Crypto). It throws today — there is no silent fallback. v1 ships sync\n// djb2 only.\n\nfunction syncHash(entry: AuditEntry): string {\n  // stableStringify guarantees same hash across runtimes regardless of\n  // key insertion order (architecture review #11, security review C1).\n  return hashObject(entry);\n}\n\n/**\n * Dispatch to the right hash function based on the entry's `hashAlgo`\n * discriminator. v1 has a single arm (`djb2-1`); the switch is in\n * place so v2 can add `\"sha256-1\"` without touching call sites. (N5)\n *\n * v2 promise: when SHA-256 lands, this becomes `case \"sha256-1\": return\n * await asyncSha256(entry);` — verify() will become async accordingly.\n */\nfunction hashForEntry(entry: AuditEntry): string {\n  switch (entry.hashAlgo) {\n    case \"djb2-1\":\n      return syncHash(entry);\n    default:\n      throw new Error(\n        `[Directive] audit-ledger: unknown hashAlgo \"${String((entry as { hashAlgo: unknown }).hashAlgo)}\" on entry seq=${entry.seq}. Cannot verify chain integrity. Known algorithms: \"djb2-1\".`,\n      );\n  }\n}\n\n// ============================================================================\n// AuditLedger plugin\n// ============================================================================\n\nexport interface AuditLedgerOptions {\n  /** Sink to write entries to. Default: in-memory ring buffer (capacity 10k). */\n  sink?: AuditLedgerSink;\n  /**\n   * Whether to capture raw fact values (`prior`/`next` on fact.change,\n   * `actual` in whenExplain). Default `false` — PII-tagged facts are\n   * redacted by default. Set `true` to opt out of redaction.\n   */\n  capturePII?: boolean;\n  /**\n   * Optional caller-supplied redactor. Runs AFTER the default\n   * pii-tag-based redaction. Useful for additional sanitization.\n   */\n  redact?: (entry: AuditEntry) => AuditEntry;\n}\n\nexport interface AuditLedger {\n  /** The plugin to pass to `createSystem({ plugins: [...] })`. */\n  readonly plugin: Plugin<ModuleSchema>;\n  /** Query entries matching the filter. */\n  query(filter?: QueryFilter): readonly AuditEntry[];\n  /** Most recent N entries (chronological). */\n  recent(n: number): readonly AuditEntry[];\n  /** All entries that touch this fact path (exact match). */\n  forFact(path: string, opts?: { limit?: number }): readonly AuditEntry[];\n  /** All entries for this constraint id. */\n  forConstraint(id: string, opts?: { limit?: number }): readonly AuditEntry[];\n  /** Full ledger snapshot for export / serialization. */\n  toJSON(): { entries: readonly AuditEntry[]; capturedAt: number };\n  /**\n   * Walk the hash chain genesis → tip. Returns `{ valid: true }` iff\n   * every entry's `prevHash` matches the (sync, djb2-based) hash of\n   * the previous entry. On break, returns the index of the first\n   * broken link plus the expected vs actual hashes — feed into a\n   * \"TAMPERED\" visualization.\n   *\n   * Erased entries (via `ledger.erase()`) appear as legitimate chain\n   * breaks — `verify()` reports them in `erasedSeqs` and continues\n   * the walk from the tombstone's actual hash. Real tamper still\n   * surfaces as `valid: false`. (N1 + M1)\n   *\n   * Forged tombstones — `kind: \"system.entry-erased\"` entries written\n   * directly via `sink.write()` to mask tamper — are detected as\n   * forgery. Legitimate tombstones carry an in-module sentinel that\n   * forgeries cannot mint. (N7)\n   *\n   * v1 ships sync djb2 only. `verify({ strong: true })` is reserved\n   * for v2 (SHA-256) and THROWS today — there is no silent fallback.\n   * Call `verify()` (no args) for tamper detection.\n   */\n  verify(opts?: { strong?: boolean }): VerifyResult;\n  /**\n   * Per-subject erasure (GDPR Art. 17 stub). Replaces matching entries\n   * in this sink with `system.entry-erased` tombstones (preserving\n   * seq + prevHash so verify() can resync), then appends a chained\n   * `system.subject-erased` marker entry that summarises the erasure.\n   *\n   * Returns `{ erased, markerEntry }` — `markerEntry` is the chained\n   * `system.subject-erased` summary (the N per-entry tombstones live\n   * in the sink, not on the return value). (M7)\n   *\n   * When `erased === 0` (filter matched nothing), `markerEntry` is\n   * `null` and no marker is emitted into the chain — avoids polluting\n   * the audit trail with empty \"erased: 0\" records. (MAJOR-3)\n   *\n   * WARNING: v1 erases only from THIS sink. External copies (toJSON\n   * exports, downstream pipelines, persisted backups) must be erased\n   * separately. (C8)\n   */\n  erase(filter: QueryFilter): {\n    erased: number;\n    markerEntry: AuditEntry | null;\n  };\n  /** Empty the sink. */\n  clear(): void;\n  /** Unsubscribe + drop the sink. */\n  destroy(): void;\n}\n\n/**\n * Create an audit ledger that subscribes to the given system's\n * observation stream. Returns a `Plugin` to install + a query/verify\n * API for the ledger.\n *\n * @example\n * ```ts\n * import { createAuditLedger } from \"@directive-run/core/plugins\";\n *\n * const ledger = createAuditLedger();\n * const system = createSystem({ module, plugins: [ledger.plugin] });\n * system.start();\n *\n * // Six months later — auditor asks \"what changed cart-total in March?\"\n * ledger.query({\n *   factPath: \"cartTotal\",\n *   changedBetween: [\"2026-03-01\", \"2026-04-01\"],\n * });\n *\n * // Verify nobody tampered with the ledger\n * const verdict = await ledger.verify();\n * if (!verdict.valid) {\n *   console.error(\"Tamper at entry\", verdict.brokenAt);\n * }\n * ```\n */\nexport function createAuditLedger(\n  opts: AuditLedgerOptions = {},\n): AuditLedger {\n  const sink = opts.sink ?? memorySink();\n  const capturePII = opts.capturePII ?? false;\n  const userRedact = opts.redact;\n\n  let seq = 0;\n  let lastHashCache: string | null = null; // Cache hash of last-written entry payload\n\n  let system: System<ModuleSchema> | null = null;\n  let unobserve: (() => void) | null = null;\n\n  /**\n   * Cache of constraint.id → whenSpec (snapshotted at start, refreshed\n   * on register/assign/unregister). Spec is already PII-redacted at\n   * cache time, so the operand pointer that flows into every\n   * `constraint.evaluate` entry can never leak. (C2)\n   */\n  const whenSpecCache = new Map<string, FactPredicate<unknown>>();\n\n  /**\n   * Cache of constraint.id → sourceHash for function-form constraints.\n   * (N5, M22)\n   *\n   * We hash the stringified function rather than store any preview of\n   * its source. Closures frequently reference secrets in scope\n   * (`apiKey`, `dbPassword`, customer PII pulled from outer state) and\n   * a preview would land those in the audit trail in plaintext. The\n   * hash is a tamper-evident identity — auditors can verify \"this\n   * constraint's source has not changed across these entries\" without\n   * ever seeing the source itself.\n   */\n  const whenSourceCache = new Map<string, string>();\n\n  /** Cache of PII-tagged fact paths. */\n  const piiTaggedFacts = new Set<string>();\n\n  /**\n   * Walk a predicate spec and replace operands at PII-tagged fact paths\n   * with `\"[redacted]\"`. Cached operand pointers (e.g. `{ email: { $eq:\n   * \"alice@x.com\" } }`) flow into every `constraint.evaluate` entry —\n   * without this scrub the email would land in the audit trail in\n   * plaintext on every evaluation. (C2)\n   */\n  function redactWhenSpec(spec: unknown): unknown {\n    if (capturePII || piiTaggedFacts.size === 0) return spec;\n    if (spec === null || typeof spec !== \"object\") return spec;\n\n    // Deep-clone so we don't mutate the user's source predicate. JSON\n    // round-trip handles plain objects + arrays cheaply; predicates are\n    // already JSON-safe (validatePredicate enforces this).\n    let cloned: unknown;\n    try {\n      cloned = JSON.parse(JSON.stringify(spec));\n    } catch {\n      // Spec contained something non-serializable; bail rather than crash.\n      return spec;\n    }\n\n    walkPredicate(cloned, {\n      operator(factPath, op, _operand, operandPath) {\n        if (!piiTaggedFacts.has(factPath)) return;\n        // Navigate cloned tree to operandPath and replace value.\n        replaceAtPath(cloned, operandPath, \"[redacted]\");\n        void op;\n      },\n      literal(factPath) {\n        if (!piiTaggedFacts.has(factPath)) return;\n        // Replace bare-value leaf at this factPath.\n        replaceAtPath(cloned, factPath, \"[redacted]\");\n      },\n    });\n\n    return cloned;\n  }\n\n  function refreshWhenSpecCache(): void {\n    whenSpecCache.clear();\n    whenSourceCache.clear();\n    if (!system) return;\n    try {\n      const inspect = (\n        system as {\n          inspect?: () => {\n            constraints?: Array<{\n              id: string;\n              whenSpec?: unknown;\n              when?: unknown;\n            }>;\n          };\n        }\n      ).inspect;\n      if (typeof inspect !== \"function\") return;\n      const inspection = inspect();\n      const constraints = inspection?.constraints ?? [];\n      // Best-effort access to merged constraint defs for function-form\n      // source capture. Not exposed via the public type; we feature-detect.\n      const mergedDefs = (\n        system as {\n          $internal?: {\n            mergedConstraints?: Record<string, { when?: unknown }>;\n          };\n        }\n      ).$internal?.mergedConstraints;\n      for (const c of constraints) {\n        if (c.whenSpec !== undefined) {\n          // Redact PII operands at cache time so the cached pointer\n          // flowing into evaluate entries is already safe. (C2)\n          whenSpecCache.set(\n            c.id,\n            redactWhenSpec(c.whenSpec) as FactPredicate<unknown>,\n          );\n        } else {\n          // No whenSpec means function-form `when:` (or no when at\n          // all). Capture a HASH of the function source rather than\n          // the source itself — closures may reference secrets in\n          // scope, and any preview would leak them into the audit\n          // trail. (N5, M22)\n          const def = mergedDefs?.[c.id];\n          const whenFn = def && typeof def.when === \"function\" ? def.when : undefined;\n          if (whenFn) {\n            whenSourceCache.set(c.id, hashObject(String(whenFn)));\n          } else if (c.when !== undefined && typeof c.when === \"function\") {\n            whenSourceCache.set(c.id, hashObject(String(c.when)));\n          } else {\n            // Function-form constraint we couldn't reach the source\n            // of. Mark it so audit entries still surface the form.\n            // We hash the marker string for consistency with the\n            // sourceHash field shape.\n            whenSourceCache.set(c.id, hashObject(\"[function]\"));\n          }\n        }\n      }\n    } catch {\n      // System not yet ready — skip silently.\n    }\n  }\n\n  function refreshPIITags(): void {\n    piiTaggedFacts.clear();\n    if (capturePII || !system) return;\n    try {\n      const meta = (system as { meta?: { byTag?: (tag: string) => Array<{ id: string }> } }).meta;\n      if (!meta || typeof meta.byTag !== \"function\") return;\n      const tagged = meta.byTag(\"pii\") ?? [];\n      for (const m of tagged) {\n        piiTaggedFacts.add(m.id);\n      }\n    } catch {\n      // No meta accessor — skip.\n    }\n  }\n\n  function redactValue(factPath: string, value: unknown): unknown {\n    if (capturePII) return value;\n    if (piiTaggedFacts.has(factPath)) return \"[redacted]\";\n\n    return value;\n  }\n\n  function redactClauses(\n    clauses: ClauseResult[] | undefined,\n  ): ClauseResult[] | undefined {\n    if (!clauses) return clauses;\n    if (capturePII || piiTaggedFacts.size === 0) return clauses;\n    let mutated = false;\n    const out: ClauseResult[] = clauses.map((c) => {\n      if (piiTaggedFacts.has(c.path)) {\n        mutated = true;\n        return { ...c, actual: \"[redacted]\" };\n      }\n      // Recurse into combinator children.\n      if (c.children) {\n        const inner = redactClauses(c.children);\n        if (inner !== c.children) {\n          mutated = true;\n          return { ...c, children: inner };\n        }\n      }\n\n      return c;\n    });\n\n    return mutated ? out : clauses;\n  }\n\n  /**\n   * `partial` is the entry-specific payload (no seq/ts/prevHash). It's\n   * typed as `Record<string, unknown>` because TS's distributed Omit\n   * over the AuditEntry discriminated union doesn't compose cleanly;\n   * runtime construction is safe because each call site passes a\n   * known-shape literal.\n   *\n   * Entries are deeply-frozen at write time (depth 2 — top-level\n   * values + whenExplain clauses) so that downstream consumers cannot\n   * mutate payloads in place and forge the chain. (C3)\n   */\n  function emit(partial: Record<string, unknown>): AuditEntry {\n    const entry = {\n      ...partial,\n      seq: seq++,\n      ts: Date.now(),\n      prevHash: lastHashCache,\n      hashAlgo: HASH_ALGO,\n      schemaVersion: SCHEMA_VERSION,\n    } as AuditEntry;\n\n    const finalEntry = userRedact ? userRedact(entry) : entry;\n    freezeEntry(finalEntry);\n    sink.write(finalEntry);\n\n    // Sync hash of this entry — stashed as the next entry's prevHash.\n    // Whole entry is hashed (including its own prevHash field) so\n    // verify() can rebuild the chain deterministically.\n    lastHashCache = hashForEntry(finalEntry);\n\n    return finalEntry;\n  }\n\n  function onEvent(event: ObservationEvent): void {\n    switch (event.type) {\n      case \"constraint.evaluate\": {\n        const whenSpec = whenSpecCache.get(event.id);\n        const whenSourceHash = whenSourceCache.get(event.id);\n        const partial: Record<string, unknown> = {\n          kind: \"constraint.evaluate\",\n          constraintId: event.id,\n          active: event.active,\n          whenExplain: redactClauses(event.whenExplain),\n        };\n        if (whenSpec !== undefined) {\n          partial.whenSpec = whenSpec;\n        } else if (whenSourceHash !== undefined) {\n          // Function-form constraint — sourceHash is informational and\n          // NOT replayable. We deliberately do NOT include any source\n          // preview because closures may reference secrets in scope. (N5, M22)\n          partial.whenSource = {\n            kind: \"function\",\n            sourceHash: whenSourceHash,\n          };\n        }\n        emit(partial);\n        break;\n      }\n      case \"fact.change\":\n        emit({\n          kind: \"fact.change\",\n          key: event.key,\n          prior: redactValue(event.key, event.prev),\n          next: redactValue(event.key, event.next),\n        });\n        break;\n      case \"resolver.write.rejected\":\n        if (event.kind === \"summary\") {\n          emit({\n            kind: \"resolver.write.rejected\",\n            rejection: \"summary\",\n            resolverId: event.resolver,\n            requirementId: event.requirementId,\n            reason: event.reason,\n            dropped: event.dropped,\n          });\n        } else {\n          emit({\n            kind: \"resolver.write.rejected\",\n            rejection: \"rejection\",\n            resolverId: event.resolver,\n            requirementId: event.requirementId,\n            reason: event.reason,\n            fact: event.fact,\n            expected: redactValue(event.fact, event.expected),\n            actual: redactValue(event.fact, event.actual),\n          });\n        }\n        break;\n      case \"resolver.complete\":\n        emit({\n          kind: \"resolver.complete\",\n          resolverId: event.resolver,\n          requirementId: event.requirementId,\n          duration: event.duration,\n        });\n        break;\n      case \"resolver.error\":\n        emit({\n          kind: \"resolver.error\",\n          resolverId: event.resolver,\n          requirementId: event.requirementId,\n          error: String(event.error),\n        });\n        break;\n      case \"system.init\":\n      case \"system.start\":\n      case \"system.stop\":\n      case \"system.destroy\":\n        emit({ kind: event.type });\n        break;\n      default:\n        // Other observation events ignored in v1 (derivation.compute,\n        // requirement.created/met/canceled, effect.run/error,\n        // reconcile.start/end). They're available via .observe()\n        // directly if a consumer wants them.\n        break;\n    }\n  }\n\n  /**\n   * Re-entrance guard for the truncation handler. The marker entry is\n   * itself a write that may trigger another shift; without this we'd\n   * recurse and overflow. (M23)\n   */\n  let emittingTruncate = false;\n\n  function attach(sys: System<ModuleSchema>): void {\n    system = sys;\n    refreshPIITags();\n    refreshWhenSpecCache();\n    unobserve = sys.observe(onEvent);\n    // Wire up the truncation marker — fires BEFORE the sink drops the\n    // oldest entry, so the dropped seq is still known. The guard\n    // prevents the marker's own write from recursing back through the\n    // capacity overflow path. (M23)\n    sink.onTruncate?.((droppedSeq, droppedCount) => {\n      if (emittingTruncate) return;\n      emittingTruncate = true;\n      try {\n        emit({\n          kind: \"system.truncated\",\n          droppedSeq,\n          droppedCount,\n        });\n      } finally {\n        emittingTruncate = false;\n      }\n    });\n  }\n\n  function detach(): void {\n    if (unobserve) {\n      unobserve();\n      unobserve = null;\n    }\n    system = null;\n    whenSpecCache.clear();\n    whenSourceCache.clear();\n    piiTaggedFacts.clear();\n  }\n\n  const plugin: Plugin<ModuleSchema> = {\n    name: \"audit-ledger\",\n    onInit(sys) {\n      attach(sys as System<ModuleSchema>);\n    },\n    onStop() {\n      // Keep the sink populated so query() works after stop, but\n      // drop the subscription to avoid leaks.\n      if (unobserve) {\n        unobserve();\n        unobserve = null;\n      }\n    },\n    onDestroy() {\n      detach();\n    },\n    onDefinitionRegister(type, id) {\n      if (type === \"constraint\") refreshWhenSpecCache();\n      if (type === \"constraint\" || type === \"resolver\" || type === \"effect\") {\n        // Re-pull PII tags too — a dynamically-registered fact (rare)\n        // could have brought new meta.\n        refreshPIITags();\n      }\n      void id;\n    },\n    onDefinitionAssign(type, id) {\n      // (C4) Constraint assigned a new spec — refresh the cache so the\n      // NEXT evaluate emits the new whenSpec, not the stale one.\n      if (type === \"constraint\") refreshWhenSpecCache();\n      void id;\n    },\n    onDefinitionUnregister(type, id) {\n      if (type === \"constraint\") refreshWhenSpecCache();\n      void id;\n    },\n    onSnapshot(snapshot) {\n      // (M9) Capture history snapshot as a lifecycle marker. Snapshot\n      // contents (facts) are NOT included to keep the entry small and\n      // avoid duplicating PII through a different channel.\n      emit({\n        kind: \"system.snapshot\",\n        snapshotId: snapshot.id,\n        trigger: snapshot.trigger,\n      });\n    },\n    onHistoryNavigate(from, to) {\n      // (M9) Capture time-travel navigation as a lifecycle marker.\n      emit({\n        kind: \"system.history.navigate\",\n        from,\n        to,\n      });\n    },\n  };\n\n  /**\n   * Strip the internal sentinel from an entry before it reaches a\n   * public read path. Returns a shallow clone with `__internal`\n   * removed — keeps the (frozen) live entry intact for verify() while\n   * making sure consumers never see the symbol. (N7)\n   */\n  function stripInternal(entry: AuditEntry): AuditEntry {\n    if (\n      (entry as AuditEntry & { __internal?: unknown }).__internal === undefined\n    ) {\n      return entry;\n    }\n    const clone = { ...entry } as AuditEntry & { __internal?: unknown };\n    delete clone.__internal;\n\n    return clone as AuditEntry;\n  }\n\n  function stripInternalAll(\n    entries: readonly AuditEntry[],\n  ): readonly AuditEntry[] {\n    // Avoid allocating a new array unless at least one entry carries\n    // the sentinel — the common case (no tombstones) is a no-op.\n    let needsClone = false;\n    for (const e of entries) {\n      if ((e as AuditEntry & { __internal?: unknown }).__internal !== undefined) {\n        needsClone = true;\n        break;\n      }\n    }\n    if (!needsClone) {\n      return entries;\n    }\n\n    return entries.map(stripInternal);\n  }\n\n  return {\n    plugin,\n    query: (filter = {}) => stripInternalAll(sink.query(filter)),\n    recent: (n) => stripInternalAll(sink.recent(n)),\n    forFact: (path, opts2) => stripInternalAll(sink.forFact(path, opts2)),\n    forConstraint: (id, opts2) =>\n      stripInternalAll(sink.forConstraint(id, opts2)),\n    toJSON: () => {\n      const snap = sink.toJSON();\n\n      return {\n        entries: stripInternalAll(snap.entries),\n        capturedAt: snap.capturedAt,\n      };\n    },\n    verify(opts?: { strong?: boolean }): VerifyResult {\n      // (C1) v1 ships sync djb2 only. Strong (SHA-256) verify is\n      // reserved for v2 and must NOT silently no-op — the previous\n      // implementation returned `{ valid: true }` regardless of the\n      // chain's actual state, which lied to callers.\n      if (opts?.strong === true) {\n        throw new Error(\n          \"[Directive] verify({ strong: true }) is reserved for v2 — v1 ships sync djb2 chain only. Use verify() (sync) for tamper detection.\",\n        );\n      }\n\n      const { entries } = sink.toJSON();\n      if (entries.length === 0) {\n        return { valid: true, entryCount: 0 };\n      }\n\n      // Sync walk — catches anything the djb2 chain would see.\n      // (N1 + M1) Erased-entry tombstones (kind: \"system.entry-erased\")\n      // legitimately break the chain — the tombstone's payload differs\n      // from the original entry it replaced, so the NEXT entry's\n      // prevHash no longer matches. When we detect a break whose\n      // PREVIOUS entry is a tombstone (or the broken entry itself is\n      // one), record the seq and resync the walk from the tombstone's\n      // own hash.\n      //\n      // (N7) Only tombstones bearing the internal sentinel are\n      // recognised. A forged tombstone — `kind: \"system.entry-erased\"`\n      // written directly via `sink.write()` to mask real tamper —\n      // lacks the in-module symbol and is reported as tamper.\n      //\n      // Use a Set to dedupe — adjacent tombstones can otherwise be\n      // recorded twice (once when the tombstone itself is the broken\n      // entry, once when the next iteration sees its predecessor was\n      // also a tombstone).\n      const erasedSeqsSet = new Set<number>();\n      let prevHash: string | null = null;\n      for (let i = 0; i < entries.length; i++) {\n        const entry = entries[i]!;\n        if (entry.prevHash !== prevHash) {\n          // Legitimate break? Either:\n          //   (a) the entry itself is the tombstone, or\n          //   (b) the previous entry was the tombstone whose payload\n          //       was rewritten by erase().\n          const prevEntry = i > 0 ? entries[i - 1]! : null;\n          const entryIsTombstone = entry.kind === \"system.entry-erased\";\n          const prevIsTombstone = prevEntry?.kind === \"system.entry-erased\";\n\n          if (entryIsTombstone || prevIsTombstone) {\n            // (N7) Verify the SENTINEL on whichever entry(ies) claim\n            // tombstone status. Missing sentinel ⇒ forgery ⇒ tamper.\n            const candidates: AuditEntry[] = [];\n            if (entryIsTombstone) candidates.push(entry);\n            if (prevIsTombstone && prevEntry !== null) {\n              candidates.push(prevEntry);\n            }\n            const forged = candidates.find(\n              (e) =>\n                (e as AuditEntry & { __internal?: unknown }).__internal !==\n                LEDGER_INTERNAL_TOKEN,\n            );\n            if (forged) {\n              return {\n                valid: false,\n                brokenAt: i,\n                expectedHash: prevHash ?? \"<genesis>\",\n                actualHash: entry.prevHash ?? \"<genesis>\",\n                entry: forged,\n                reason:\n                  \"tombstone forgery detected — missing internal sentinel. A 'system.entry-erased' entry was written via sink.write() rather than ledger.erase(); rejected as tamper.\",\n              };\n            }\n            // Legitimate erasure — record the tombstone's seq and\n            // resync the walk by hashing this entry as our new pointer\n            // for the next iteration.\n            const tombstoneEntry = entryIsTombstone ? entry : prevEntry!;\n            erasedSeqsSet.add(tombstoneEntry.seq);\n            prevHash = hashForEntry(entry);\n\n            continue;\n          }\n\n          return {\n            valid: false,\n            brokenAt: i,\n            expectedHash: prevHash ?? \"<genesis>\",\n            actualHash: entry.prevHash ?? \"<genesis>\",\n            entry,\n          };\n        }\n        prevHash = hashForEntry(entry);\n      }\n\n      const result: {\n        valid: true;\n        entryCount: number;\n        erasedSeqs?: number[];\n      } = {\n        valid: true,\n        entryCount: entries.length,\n      };\n      if (erasedSeqsSet.size > 0) {\n        result.erasedSeqs = [...erasedSeqsSet].sort((a, b) => a - b);\n      }\n\n      return result;\n    },\n    erase(filter) {\n      // (C8) Replace matching entries with tombstones IN PLACE, keeping\n      // seq + prevHash + hashAlgo so verify() can resync the chain.\n      const erasedAt = Date.now();\n      let count = 0;\n      if (typeof sink.erase === \"function\") {\n        count = sink.erase(filter, (e) => {\n          // Build a tombstone preserving the immutable chain fields.\n          // Carry SCHEMA_VERSION from the original so a fresh tombstone\n          // doesn't claim to be at a newer schema than the entry it\n          // replaced. (F-5)\n          //\n          // (N7) Stamp the in-module sentinel so `verify()` can tell\n          // this tombstone apart from a forgery written via\n          // `sink.write({ kind: \"system.entry-erased\", … })`. The\n          // sentinel is stripped from every public read path.\n          const tombstone = {\n            seq: e.seq,\n            ts: e.ts,\n            kind: \"system.entry-erased\" as const,\n            prevHash: e.prevHash,\n            hashAlgo: e.hashAlgo,\n            schemaVersion:\n              (e as AuditEntry & { schemaVersion?: typeof SCHEMA_VERSION })\n                .schemaVersion ?? SCHEMA_VERSION,\n            originalKind: e.kind,\n            erasedAt,\n            __internal: LEDGER_INTERNAL_TOKEN,\n          } as AuditEntry;\n          // CAUTION: replacing the payload changes the entry's hash —\n          // which means the NEXT entry's prevHash will no longer match.\n          // verify() recognises `system.entry-erased` as a legitimate\n          // chain break and reports it in `erasedSeqs` rather than as\n          // tamper. (N1 + M1)\n          freezeEntry(tombstone);\n\n          return tombstone;\n        });\n      }\n      // (MAJOR-3) Skip the `system.subject-erased` marker when nothing\n      // matched the filter — emitting an \"erased: 0\" marker pollutes\n      // the chain with noise and confuses auditors looking for real\n      // erasures.\n      if (count === 0) {\n        return { erased: 0, markerEntry: null };\n      }\n      // (N2) Don't store the raw filter — PII can land in the values\n      // (e.g. `factPath: \"alice@x.com\"`). Capture a hash + a shape\n      // descriptor so an auditor sees WHICH fields were used without\n      // exposing the values.\n      const filterShape = {\n        factPath: filter.factPath !== undefined,\n        constraintId: filter.constraintId !== undefined,\n        kind: filter.kind,\n        changedBetween:\n          filter.changedBetween !== undefined\n            ? (\"[range]\" as const)\n            : undefined,\n      };\n      // Emit a single chained `system.subject-erased` marker — recorded\n      // AFTER the erasure so auditors see what was removed and why.\n      const markerEntry = emit({\n        kind: \"system.subject-erased\",\n        filterHash: hashObject(filter),\n        filterShape,\n        erased: count,\n      });\n\n      return { erased: count, markerEntry };\n    },\n    clear() {\n      sink.clear();\n      seq = 0;\n      lastHashCache = null;\n    },\n    destroy() {\n      detach();\n      sink.destroy();\n    },\n  };\n}\n"]}

package/dist/chunk-NPX5EKPP.cjs

@@ -0,0 +1,16 @@
+'use strict';var chunkENZEHIL7_cjs=require('./chunk-ENZEHIL7.cjs'),chunkT4TRJEJN_cjs=require('./chunk-T4TRJEJN.cjs'),chunkX7G7UBXU_cjs=require('./chunk-X7G7UBXU.cjs'),chunk4MNQDXH7_cjs=require('./chunk-4MNQDXH7.cjs');var m="::",he=Symbol.for("nodejs.util.inspect.custom");function we(e){if(!e.ownKeys)return {};let n={};for(let t of e.ownKeys())n[t]=e.get(t);return n}function D(e){return new Proxy({},{get(n,t){if(typeof t=="symbol")return t===he?()=>we(e):void 0;if(!chunkX7G7UBXU_cjs.k.has(t))return e.get(t)},set(n,t,s){return typeof t=="symbol"||chunkX7G7UBXU_cjs.k.has(t)?false:e.set?e.set(t,s):false},has(n,t){return typeof t=="symbol"||chunkX7G7UBXU_cjs.k.has(t)?false:e.has?e.has(t):false},deleteProperty(n,t){return typeof t=="symbol"||chunkX7G7UBXU_cjs.k.has(t)?false:e.delete?e.delete(t):false},ownKeys(){return e.ownKeys?e.ownKeys():[]},getOwnPropertyDescriptor(n,t){if(typeof t!="symbol"&&e.has&&typeof t=="string"&&e.has(t))return {configurable:true,enumerable:true}},defineProperty(){return  false},getPrototypeOf(){return null},setPrototypeOf(){return  false}})}var Z=new WeakMap,Q=new WeakMap,X=new WeakMap,ee=new WeakMap,ne=new WeakMap,te=new WeakMap;function $(e,n){let t=Z.get(e);if(t){let r=t.get(n);if(r)return r}else t=new Map,Z.set(e,t);let s=D({get:r=>r==="$store"||r==="$snapshot"?e[r]:e[`${n}${m}${r}`],set:(r,u)=>{if(chunk4MNQDXH7_cjs.a){let i=chunkX7G7UBXU_cjs.l(u);i&&chunkX7G7UBXU_cjs.m(`${n}.${r}`,i);}return e[`${n}${m}${r}`]=u,true},has:r=>`${n}${m}${r}`in e,delete:r=>(delete e[`${n}${m}${r}`],true)});return t.set(n,s),s}function re(e,n,t){let s=Q.get(e);if(s)return s;let r=D({get:u=>{if(Object.hasOwn(n,u))return $(e,u)},has:u=>Object.hasOwn(n,u),ownKeys:()=>t()});return Q.set(e,r),r}function oe(e,n,t){let s=`${n}|${t.join(",")}`,r=ne.get(e);if(r){let o=r.get(s);if(o)return o}else r=new Map,ne.set(e,r);let u=new Set(t),i=["self",...t],c=D({get:o=>{if(o==="self")return $(e,n);if(u.has(o))return $(e,o);chunk4MNQDXH7_cjs.a&&console.warn(`[Directive] Module "${n}" accessed undeclared cross-module property "${o}". Add it to crossModuleDeps or use "facts.self.${o}" for own module facts.`);},has:o=>o==="self"||u.has(o),ownKeys:()=>i});return r.set(s,c),c}function B(e,n){let t=ee.get(e);if(t){let r=t.get(n);if(r)return r}else t=new Map,ee.set(e,t);let s=D({get:r=>e[`${n}${m}${r}`],has:r=>`${n}${m}${r}`in e});return t.set(n,s),s}function se(e,n,t){let s=X.get(e);if(s)return s;let r=D({get:u=>{if(Object.hasOwn(n,u))return B(e,u)},has:u=>Object.hasOwn(n,u),ownKeys:()=>t()});return X.set(e,r),r}function ie(e,n,t){let s=te.get(e);return s||(s=new Map,te.set(e,s)),D({get:r=>{if(!Object.hasOwn(n,r))return;let u=s.get(r);if(u)return u;let i=D({get:c=>o=>{e.dispatch({type:`${r}${m}${c}`,...o});}});return s.set(r,i),i},has:r=>Object.hasOwn(n,r),ownKeys:()=>t()})}function R(e){if(e.includes(".")){let[n,...t]=e.split(".");return `${n}${m}${t.join(m)}`}return e}function H(e){let n={};for(let[t,s]of Object.entries(e)){let r=t.indexOf(m);if(r>0){let u=t.slice(0,r),i=t.slice(r+m.length);n[u]||(n[u]={}),n[u][i]=s;}else n._root||(n._root={}),n._root[t]=s;}return n}function P(e,n,t,s){return t?oe(e,n,s):$(e,n)}function b(e,n){return `${e}${m}${n}`}function ae(e){return e.includes(m)}function E(e,n,t){if(Array.isArray(e)){let i=e.map(c=>{if(c&&typeof c=="object"&&typeof c.fact=="string"){let o=c.fact;return ae(o)?c:{...c,fact:b(n,o)}}return c});return chunk4MNQDXH7_cjs.b(i),i}if(!e||typeof e!="object")return e;let s=e;if("$all"in s||"$any"in s){let i="$all"in s?"$all":"$any",c=s[i],o={[i]:c.map(f=>E(f,n,t))};return chunk4MNQDXH7_cjs.b(o),o}if("$not"in s){let i={$not:E(s.$not,n,t)};return chunk4MNQDXH7_cjs.b(i),i}function r(i,c){return E(i,c,ce)}let u={};for(let i of Object.keys(s)){if(i.startsWith("$")||ae(i)){u[i]=s[i];continue}if(i==="self"){let c=s[i];if(c&&typeof c=="object"){let o=r(c,n);if(o&&typeof o=="object"&&!Array.isArray(o)){for(let[f,l]of Object.entries(o))u[f]=l;continue}}}if(t.has(i)){let c=s[i];if(c&&typeof c=="object"){let o=r(c,i);if(o&&typeof o=="object"&&!Array.isArray(o)){for(let[f,l]of Object.entries(o))u[f]=l;continue}}}u[b(n,i)]=s[i];}return chunk4MNQDXH7_cjs.b(u),u}var ce=new Set;function me(e,n){let t=e.crossModuleDeps?new Set(Object.keys(e.crossModuleDeps)):ce,s=e.constraints;if(s){let c=false,o={};for(let[f,l]of Object.entries(s)){let d=l;if(d.when!==void 0&&typeof d.when!="function"){o[f]={...d,when:E(d.when,n,t)},c=true;continue}o[f]=l;}c&&(s=o);}let r=e.derive;if(r){let c=false,o={};for(let[f,l]of Object.entries(r)){let d=l&&typeof l=="object"&&Object.hasOwn(l,"compute")?l:null;if(!d){o[f]=l;continue}let g=d.compute;if(typeof g=="function"){o[f]=l;continue}if(chunkT4TRJEJN_cjs.k(g)){chunk4MNQDXH7_cjs.b(g);let k=w=>chunkT4TRJEJN_cjs.s(g,w);o[f]=d.meta?{compute:k,meta:d.meta}:k,c=true;continue}if(chunkT4TRJEJN_cjs.h(g)){chunk4MNQDXH7_cjs.b(g);let k=chunkT4TRJEJN_cjs.q(g),w=j=>k(j);o[f]=d.meta?{compute:w,meta:d.meta}:w,c=true;continue}o[f]=l;}c&&(r=o);}let u=e.events;if(u){let c=false,o={};for(let[f,l]of Object.entries(u)){if(l&&typeof l=="object"){let d=Object.hasOwn(l,"handler"),g=Object.hasOwn(l,"patch");if(d&&g&&chunk4MNQDXH7_cjs.a&&console.warn(`[Directive] event "${f}": both \`handler\` and \`patch\` provided \u2014 using \`handler\` (patch is ignored).`),g&&!d){let k=l;chunk4MNQDXH7_cjs.b(k.patch);let w=(j,O)=>chunkT4TRJEJN_cjs.v(k.patch,j,O??{});o[f]=k.meta?{handler:w,meta:k.meta}:w,c=true;continue}}o[f]=l;}c&&(u=o);}let i=e.effects;if(i){let c=false,o={};for(let[f,l]of Object.entries(i)){let d=l;if(d.on!==void 0&&chunkT4TRJEJN_cjs.h(d.on)){o[f]={...d,on:E(d.on,n,t)},c=true;continue}o[f]=l;}c&&(i=o);}return s===e.constraints&&r===e.derive&&u===e.events&&i===e.effects?e:{...e,constraints:s,derive:r,events:u,effects:i}}function C(e){return Object.keys(e).length>0?e:void 0}function ke(e,n){let t={};for(let[s,r]of Object.entries(e.schema.facts))t[b(n,s)]=r;return t}function pe(e,n){if(e.init)return t=>{let s=$(t,n);e.init(s);}}function ve(e,n,t,s){if(!e.derive)return;let r={};for(let[u,i]of Object.entries(e.derive)){let c=chunkENZEHIL7_cjs.a(i),o=c?i.compute:i,f=c?i.meta:void 0,l=(d,g)=>{let k=P(d,n,t,s),w=B(g,n);return o(k,w)};r[b(n,u)]=f?{compute:l,meta:f}:l;}return C(r)}function be(e,n){if(!e.events)return;let t={};for(let[s,r]of Object.entries(e.events)){let u=typeof r=="object"&&r!==null&&Object.hasOwn(r,"handler"),i=u?r.handler:r,c=u?r.meta:void 0,o=(f,l)=>{let d=$(f,n);i(d,l);};t[b(n,s)]=c?{handler:o,meta:c}:o;}return C(t)}function Me(e,n,t,s){if(!e.constraints)return;let r={};for(let[u,i]of Object.entries(e.constraints)){let c=i,o=typeof c.when=="function";r[b(n,u)]={...c,deps:c.deps?.map(f=>b(n,f)),after:c.after?.map(f=>f.includes(m)?f:b(n,f)),owns:c.owns?.map(f=>f.includes(m)?f:b(n,f)),when:o?f=>{let l=P(f,n,t,s);return c.when(l)}:c.when,require:typeof c.require=="function"?f=>{let l=P(f,n,t,s);return c.require(l)}:c.require};}return C(r)}function Re(e,n,t,s){if(!e.resolvers)return;let r={};for(let[i,c]of Object.entries(e.resolvers)){let f=function(l){return {facts:P(l.facts,n,t,s),signal:l.signal}};let o=c;r[b(n,i)]={...o,...o.resolve&&{resolve:async(l,d)=>{await o.resolve(l,f(d));}},...o.resolveBatch&&{resolveBatch:async(l,d)=>{await o.resolveBatch(l,f(d));}},...o.resolveBatchWithResults&&{resolveBatchWithResults:async(l,d)=>o.resolveBatchWithResults(l,f(d))}};}return C(r)}function Se(e,n,t,s){if(!e.effects)return;let r={};for(let[u,i]of Object.entries(e.effects)){let c=i;r[b(n,u)]={...c,run:(o,f)=>{let l=P(o,n,t,s),d=f?P(f,n,t,s):void 0;return c.run(l,d)},deps:c.deps?.map(o=>b(n,o))};}return C(r)}function Oe(e,n,t){return {snapshotEvents:t&&!t.has(n)?[]:e.history?.snapshotEvents?.map(s=>b(n,s))}}function I(e){let{mod:n,namespace:t,snapshotModulesSet:s}=e,r=me(n,t),u=!!(r.crossModuleDeps&&Object.keys(r.crossModuleDeps).length>0),i=u?Object.keys(r.crossModuleDeps):[];return {id:r.id,schema:ke(r,t),requirements:r.schema.requirements??{},init:pe(r,t),derive:ve(r,t,u,i),events:be(r,t),effects:Se(r,t,u,i),constraints:Me(r,t,u,i),resolvers:Re(r,t,u,i),hooks:r.hooks,meta:r.meta,history:Oe(r,t,s)}}function xe(e){let n=Object.keys(e),t=new Set(n),s=new Set,r=new Set,u=[],i=[];function c(o){if(s.has(o))return;if(r.has(o)){let l=i.indexOf(o),d=[...i.slice(l),o].join(" \u2192 ");throw new Error(`[Directive] Circular dependency detected: ${d}. Modules cannot have circular crossModuleDeps. Break the cycle by removing one of the cross-module references.`)}r.add(o),i.push(o);let f=e[o];if(f?.crossModuleDeps)for(let l of Object.keys(f.crossModuleDeps))t.has(l)&&c(l);i.pop(),r.delete(o),s.add(o),u.push(o);}for(let o of n)c(o);return u}function ue(e,n){let t=[];for(let s of Object.keys(n.schema.facts))t.push(`${e}${m}${s}`);if(n.schema.derivations)for(let s of Object.keys(n.schema.derivations))t.push(`${e}${m}${s}`);return t}function ze(e){if("module"in e){if(!e.module)throw new Error("[Directive] createSystem requires a module. Got: "+typeof e.module);return $e(e)}let n=e;if(Array.isArray(n.modules))throw new Error(`[Directive] createSystem expects modules as an object, not an array.
+
+Instead of:
+  createSystem({ modules: [authModule, dataModule] })
+
+Use:
+  createSystem({ modules: { auth: authModule, data: dataModule } })
+
+Or for a single module:
+  createSystem({ module: counterModule })`);let t=n.modules;if(t&&typeof t=="object"&&"id"in t&&"schema"in t)throw new Error(`[Directive] A single module was passed to \`modules:\`. For a single module, use \`module:\` instead:
+
+  createSystem({ module: myModule })
+
+For multiple modules, wrap in an object:
+  createSystem({ modules: { myName: myModule } })`);return De(n)}function De(e){let n=e.modules,t=new Set(Object.keys(n)),s=typeof e.history=="object"?e.history:null,r=s?.snapshotModules?new Set(s.snapshotModules):null;if(e.tickMs!==void 0&&e.tickMs<=0)throw new Error("[Directive] tickMs must be a positive number");if(chunk4MNQDXH7_cjs.a){for(let[a,y]of Object.entries(n))if(y.crossModuleDeps)for(let h of Object.keys(y.crossModuleDeps))h===a?console.warn(`[Directive] Module "${a}" references itself in crossModuleDeps. Use "facts.self" to access own module's facts instead.`):t.has(h)||console.warn(`[Directive] Module "${a}" declares crossModuleDeps.${h}, but no module with namespace "${h}" exists in the system. Available modules: ${[...t].join(", ")}`);}if(chunk4MNQDXH7_cjs.a&&s?.snapshotModules)for(let a of s.snapshotModules)t.has(a)||console.warn(`[Directive] history.snapshotModules entry "${a}" doesn't match any module. Available modules: ${[...t].join(", ")}`);let u,i=e.initOrder??"auto";if(Array.isArray(i)){let a=i,y=Object.keys(n).filter(h=>!a.includes(h));if(y.length>0)throw new Error(`[Directive] initOrder is missing modules: ${y.join(", ")}. All modules must be included in the explicit order.`);u=a;}else i==="declaration"?u=Object.keys(n):u=xe(n);let{history:c,trace:o,errorBoundary:f}=de(e);for(let a of Object.keys(n)){if(a.includes(m))throw new Error(`[Directive] Module name "${a}" contains the reserved separator "${m}". Module names cannot contain "${m}".`);let y=n[a];if(y){for(let h of Object.keys(y.schema.facts))if(h.includes(m))throw new Error(`[Directive] Schema key "${h}" in module "${a}" contains the reserved separator "${m}". Schema keys cannot contain "${m}".`)}}let l={names:null};function d(){return l.names===null&&(l.names=Object.keys(n)),l.names}let g=u.map(a=>{let y=n[a];return y?I({mod:y,namespace:a,snapshotModulesSet:r}):null}).filter(a=>a!==null);chunk4MNQDXH7_cjs.a&&e.tickMs&&e.tickMs>0&&(g.some(y=>y.events&&Object.keys(y.events).some(h=>h.endsWith(`${m}tick`)))||console.warn(`[Directive] tickMs is set to ${e.tickMs}ms but no module defines a "tick" event handler.`));let k=null,w=null;function j(a){for(let[y,h]of Object.entries(a)){if(chunkX7G7UBXU_cjs.k.has(y)){chunk4MNQDXH7_cjs.a&&console.warn(`[Directive] initialFacts/hydrate contains blocked namespace "${y}". Skipping.`);continue}if(!t.has(y)){chunk4MNQDXH7_cjs.a&&console.warn(`[Directive] initialFacts/hydrate contains unknown namespace "${y}". Available modules: ${[...t].join(", ")}`);continue}if(h&&typeof h=="object"&&!chunk4MNQDXH7_cjs.f(h))throw new Error(`[Directive] initialFacts/hydrate for namespace "${y}" contains potentially dangerous keys (__proto__, constructor, or prototype). This may indicate a prototype pollution attack.`);for(let[M,x]of Object.entries(h))chunkX7G7UBXU_cjs.k.has(M)||(w.facts[`${y}${m}${M}`]=x);}}w=chunkENZEHIL7_cjs.z({modules:g,plugins:e.plugins,history:c,trace:o,errorBoundary:f,tickMs:e.tickMs,cloud:e.cloud,onAfterModuleInit:()=>{e.initialFacts&&j(e.initialFacts),k&&(j(k),k=null);}});let O=new Map;for(let a of Object.keys(n)){let y=n[a];y&&O.set(a,ue(a,y));}let q=re(w.facts,n,d),ye=se(w.derive,n,d),ge=ie(w,n,d),A=null,F=e.tickMs,_={_mode:"namespaced",facts:q,history:w.history,derive:ye,events:ge,constraints:w.constraints,effects:w.effects,resolvers:w.resolvers,async hydrate(a){if(w.isRunning)throw new Error("[Directive] hydrate() must be called before start(). The system is already running.");let y=await a();y&&typeof y=="object"&&(k=y);},initialize(){w.initialize();},start(){if(w.start(),F&&F>0){let a;for(let y of g)if(y?.events&&(a=Object.keys(y.events).find(h=>h.endsWith(`${m}tick`)),a))break;if(a){let y=a;A=setInterval(()=>{w.dispatch({type:y});},F);}}},stop(){A&&(clearInterval(A),A=null),w.stop();},destroy(){this.stop(),w.destroy();},dispatch(a){w.dispatch(a);},read(a){return w.read(R(a))},subscribe(a,y){let h=[];for(let M of a)if(M.endsWith(".*")){let x=M.slice(0,-2),W=O.get(x);W?h.push(...W):chunk4MNQDXH7_cjs.a&&console.warn(`[Directive] subscribe wildcard "${M}" \u2014 namespace "${x}" not found.`);}else h.push(R(M));return w.subscribe(h,y)},subscribeModule(a,y){let h=O.get(a);return !h||h.length===0?(chunk4MNQDXH7_cjs.a&&console.warn(`[Directive] subscribeModule("${a}") \u2014 namespace not found. Available: ${[...O.keys()].join(", ")}`),()=>{}):w.subscribe(h,y)},watch(a,y,h){return w.watch(R(a),y,h)},when(a,y){return w.when(()=>a(q),y)},getDistributableSnapshot(a){let y={...a,includeDerivations:a?.includeDerivations?.map(R),excludeDerivations:a?.excludeDerivations?.map(R),includeFacts:a?.includeFacts?.map(R)},h=w.getDistributableSnapshot(y);return {...h,data:H(h.data)}},watchDistributableSnapshot(a,y){let h={...a,includeDerivations:a?.includeDerivations?.map(R),excludeDerivations:a?.excludeDerivations?.map(R),includeFacts:a?.includeFacts?.map(R)};return w.watchDistributableSnapshot(h,M=>{y({...M,data:H(M.data)});})},registerModule(a,y){if(t.has(a))throw new Error(`[Directive] Module namespace "${a}" already exists. Cannot register a duplicate namespace.`);if(a.includes(m))throw new Error(`[Directive] Module name "${a}" contains the reserved separator "${m}".`);if(chunkX7G7UBXU_cjs.k.has(a))throw new Error(`[Directive] Module name "${a}" is a blocked property.`);for(let x of Object.keys(y.schema.facts))if(x.includes(m))throw new Error(`[Directive] Schema key "${x}" in module "${a}" contains the reserved separator "${m}".`);let h=y,M=I({mod:h,namespace:a,snapshotModulesSet:r});t.add(a),n[a]=h,l.names=null,O.set(a,ue(a,h)),w.registerModule(M);}};return le(_,w),fe(_),_}function de(e){let n=e.history,t=e.trace,s=e.errorBoundary;return e.zeroConfig&&(n=n??chunk4MNQDXH7_cjs.a,s={onConstraintError:"skip",onResolverError:"skip",onEffectError:"skip",onDerivationError:"skip",...e.errorBoundary}),{history:n,trace:t,errorBoundary:s}}function le(e,n){Object.defineProperties(e,{trace:{get(){return n.trace},enumerable:true,configurable:true},meta:{value:n.meta,enumerable:true,configurable:true},isRunning:{get(){return n.isRunning},enumerable:true,configurable:true},isSettled:{get(){return n.isSettled},enumerable:true,configurable:true},isInitialized:{get(){return n.isInitialized},enumerable:true,configurable:true},isReady:{get(){return n.isReady},enumerable:true,configurable:true}}),e.whenReady=n.whenReady.bind(n),e.batch=n.batch.bind(n),e.onSettledChange=n.onSettledChange.bind(n),e.onHistoryChange=n.onHistoryChange.bind(n),e.inspect=n.inspect.bind(n),e.settle=n.settle.bind(n),e.explain=n.explain.bind(n),e.getSnapshot=n.getSnapshot.bind(n),e.restore=n.restore.bind(n),e.observe=n.observe.bind(n);let t=["dispatch","read","subscribe","watch","when","getDistributableSnapshot","watchDistributableSnapshot"];for(let s of t)s in e||(e[s]=n[s].bind(n));}function fe(e){chunk4MNQDXH7_cjs.a&&(typeof process>"u"||process.env?.NODE_ENV!=="test")&&setTimeout(()=>{!e.isRunning&&!e.isInitialized&&console.warn("[Directive] System created but start() was never called. Constraints, resolvers, and effects will not run until you call system.start().");},0);}function $e(e){let n=e.module;if(!n)throw new Error("[Directive] createSystem requires a module. Got: "+typeof n);if(e.tickMs!==void 0&&e.tickMs<=0)throw new Error("[Directive] tickMs must be a positive number");if(e.initialFacts&&!chunk4MNQDXH7_cjs.f(e.initialFacts))throw new Error("[Directive] initialFacts contains potentially dangerous keys (__proto__, constructor, or prototype). This may indicate a prototype pollution attack.");chunk4MNQDXH7_cjs.a&&(n.crossModuleDeps&&Object.keys(n.crossModuleDeps).length>0&&console.warn("[Directive] Single module mode ignores crossModuleDeps. Use multiple modules if cross-module access is needed: createSystem({ modules: { ... } })"),e.tickMs&&e.tickMs>0&&(n.events&&"tick"in n.events||console.warn(`[Directive] tickMs is set to ${e.tickMs}ms but module has no "tick" event handler.`)),(typeof e.history=="object"?e.history:null)?.snapshotModules&&console.warn("[Directive] history.snapshotModules has no effect in single-module mode. Use history.snapshotEvents on the module definition instead, or switch to createSystem({ modules: { ... } }) for multi-module filtering."));let{history:t,trace:s,errorBoundary:r}=de(e),u=null,i=null;i=chunkENZEHIL7_cjs.z({modules:[{id:n.id,schema:n.schema.facts,requirements:n.schema.requirements,init:n.init,derive:n.derive,events:n.events,effects:n.effects,constraints:n.constraints,resolvers:n.resolvers,hooks:n.hooks,meta:n.meta,history:n.history}],plugins:e.plugins,history:t,trace:s,errorBoundary:r,tickMs:e.tickMs,cloud:e.cloud,onAfterModuleInit:()=>{if(e.initialFacts)for(let[d,g]of Object.entries(e.initialFacts))chunkX7G7UBXU_cjs.k.has(d)||(i.facts[d]=g);if(u){if(!chunk4MNQDXH7_cjs.f(u))chunk4MNQDXH7_cjs.a&&console.warn("[Directive] hydrate() data contains potentially dangerous keys. Skipping.");else for(let[d,g]of Object.entries(u))chunkX7G7UBXU_cjs.k.has(d)||(i.facts[d]=g);u=null;}}});let c=new Proxy({},{get(d,g){if(typeof g!="symbol"&&!chunkX7G7UBXU_cjs.k.has(g))return k=>{i.dispatch({type:g,...k});}},has(d,g){return typeof g=="symbol"||chunkX7G7UBXU_cjs.k.has(g)?false:n.events?g in n.events:false},ownKeys(){return n.events?Object.keys(n.events):[]},getOwnPropertyDescriptor(d,g){if(typeof g!="symbol"&&!chunkX7G7UBXU_cjs.k.has(g)&&n.events&&g in n.events)return {configurable:true,enumerable:true}},set(){return  false},deleteProperty(){return  false},defineProperty(){return  false},getPrototypeOf(){return null},setPrototypeOf(){return  false}}),o=null,f=e.tickMs,l={_mode:"single",facts:i.facts,history:i.history,derive:i.derive,events:c,constraints:i.constraints,effects:i.effects,resolvers:i.resolvers,async hydrate(d){if(i.isRunning)throw new Error("[Directive] hydrate() must be called before start(). The system is already running.");let g=await d();g&&typeof g=="object"&&(u=g);},initialize(){i.initialize();},start(){i.start(),f&&f>0&&n.events&&"tick"in n.events&&(o=setInterval(()=>{i.dispatch({type:"tick"});},f));},stop(){o&&(clearInterval(o),o=null),i.stop();},destroy(){this.stop(),i.destroy();},registerModule(d){i.registerModule({id:d.id,schema:d.schema.facts,requirements:d.schema.requirements,init:d.init,derive:d.derive,events:d.events,effects:d.effects,constraints:d.constraints,resolvers:d.resolvers,hooks:d.hooks,history:d.history});}};return le(l,i),fe(l),l}exports.a=ze;//# sourceMappingURL=chunk-NPX5EKPP.cjs.map
+//# sourceMappingURL=chunk-NPX5EKPP.cjs.map