@dollhousemcp/mcp-server 2.0.0-rc.6 → 2.0.1

package/dist/web/console/UnifiedConsole.d.ts

@@ -0,0 +1,64 @@
+/**
+ * Unified web console orchestrator.
+ *
+ * Ties together leader election, console startup, follower wiring,
+ * and session lifecycle management. This is the main entry point
+ * called by the DI container during deferred setup.
+ *
+ * Flow:
+ * 1. Run leader election (read lock file, claim or follow)
+ * 2. If leader: start web server on fixed port, mount ingest routes, start heartbeat
+ * 3. If follower: register forwarding sinks with LogManager, start session heartbeat
+ *
+ * @since v2.1.0 — Issue #1700
+ */
+import type { UnifiedLogEntry } from '../../logging/types.js';
+import type { MetricSnapshot } from '../../metrics/types.js';
+import type { MemoryLogSink } from '../../logging/sinks/MemoryLogSink.js';
+import type { MemoryMetricsSink } from '../../metrics/sinks/MemoryMetricsSink.js';
+import { type ElectionResult } from './LeaderElection.js';
+/**
+ * Options for starting the unified console.
+ */
+export interface UnifiedConsoleOptions {
+    /** This process's unique session ID */
+    sessionId: string;
+    /** Portfolio base directory (for startWebServer) */
+    portfolioDir: string;
+    /** Log memory sink (for console history) */
+    memorySink: MemoryLogSink;
+    /** Metrics memory sink */
+    metricsSink?: MemoryMetricsSink;
+    /** MCP-AQL handler for permission routes (typed as any to avoid circular imports) */
+    mcpAqlHandler?: any;
+    /** Callback to register a log sink with the LogManager */
+    registerLogSink: (sink: {
+        write(entry: UnifiedLogEntry): void;
+        flush(): Promise<void>;
+        close(): Promise<void>;
+    }) => void;
+    /** Callback to wire SSE broadcasts after web server starts */
+    wireSSEBroadcasts: (webResult: {
+        logBroadcast?: (entry: UnifiedLogEntry) => void;
+        metricsOnSnapshot?: (snapshot: MetricSnapshot) => void;
+    }, metricsSink?: MemoryMetricsSink) => void;
+}
+/**
+ * Result of starting the unified console.
+ */
+export interface UnifiedConsoleResult {
+    role: 'leader' | 'follower';
+    election: ElectionResult;
+    /** Port the console is running on (leader only) */
+    port?: number;
+    /** Cleanup function to call on shutdown */
+    cleanup: () => Promise<void>;
+}
+/**
+ * Start the unified web console.
+ *
+ * Runs leader election, then either starts the full console (leader)
+ * or sets up event forwarding (follower).
+ */
+export declare function startUnifiedConsole(options: UnifiedConsoleOptions): Promise<UnifiedConsoleResult>;
+//# sourceMappingURL=UnifiedConsole.d.ts.map

package/dist/web/console/UnifiedConsole.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"UnifiedConsole.d.ts","sourceRoot":"","sources":["../../../src/web/console/UnifiedConsole.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AAEH,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,wBAAwB,CAAC;AAC9D,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,wBAAwB,CAAC;AAC7D,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,sCAAsC,CAAC;AAC1E,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,0CAA0C,CAAC;AAElF,OAAO,EAIL,KAAK,cAAc,EACpB,MAAM,qBAAqB,CAAC;AAU7B;;GAEG;AACH,MAAM,WAAW,qBAAqB;IACpC,uCAAuC;IACvC,SAAS,EAAE,MAAM,CAAC;IAClB,oDAAoD;IACpD,YAAY,EAAE,MAAM,CAAC;IACrB,4CAA4C;IAC5C,UAAU,EAAE,aAAa,CAAC;IAC1B,0BAA0B;IAC1B,WAAW,CAAC,EAAE,iBAAiB,CAAC;IAChC,qFAAqF;IACrF,aAAa,CAAC,EAAE,GAAG,CAAC;IACpB,0DAA0D;IAC1D,eAAe,EAAE,CAAC,IAAI,EAAE;QAAE,KAAK,CAAC,KAAK,EAAE,eAAe,GAAG,IAAI,CAAC;QAAC,KAAK,IAAI,OAAO,CAAC,IAAI,CAAC,CAAC;QAAC,KAAK,IAAI,OAAO,CAAC,IAAI,CAAC,CAAA;KAAE,KAAK,IAAI,CAAC;IACzH,8DAA8D;IAC9D,iBAAiB,EAAE,CAAC,SAAS,EAAE;QAAE,YAAY,CAAC,EAAE,CAAC,KAAK,EAAE,eAAe,KAAK,IAAI,CAAC;QAAC,iBAAiB,CAAC,EAAE,CAAC,QAAQ,EAAE,cAAc,KAAK,IAAI,CAAA;KAAE,EAAE,WAAW,CAAC,EAAE,iBAAiB,KAAK,IAAI,CAAC;CACtL;AAED;;GAEG;AACH,MAAM,WAAW,oBAAoB;IACnC,IAAI,EAAE,QAAQ,GAAG,UAAU,CAAC;IAC5B,QAAQ,EAAE,cAAc,CAAC;IACzB,mDAAmD;IACnD,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,2CAA2C;IAC3C,OAAO,EAAE,MAAM,OAAO,CAAC,IAAI,CAAC,CAAC;CAC9B;AAED;;;;;GAKG;AACH,wBAAsB,mBAAmB,CAAC,OAAO,EAAE,qBAAqB,GAAG,OAAO,CAAC,oBAAoB,CAAC,CAQvG"}

package/dist/web/console/UnifiedConsole.js

@@ -0,0 +1,119 @@
+/**
+ * Unified web console orchestrator.
+ *
+ * Ties together leader election, console startup, follower wiring,
+ * and session lifecycle management. This is the main entry point
+ * called by the DI container during deferred setup.
+ *
+ * Flow:
+ * 1. Run leader election (read lock file, claim or follow)
+ * 2. If leader: start web server on fixed port, mount ingest routes, start heartbeat
+ * 3. If follower: register forwarding sinks with LogManager, start session heartbeat
+ *
+ * @since v2.1.0 — Issue #1700
+ */
+import { logger } from '../../utils/logger.js';
+import { electLeader, startHeartbeat, registerLeaderCleanup, } from './LeaderElection.js';
+import { createIngestRoutes } from './IngestRoutes.js';
+import { LeaderForwardingLogSink, SessionHeartbeat, } from './LeaderForwardingSink.js';
+/** Fixed port for the unified console leader */
+const CONSOLE_PORT = 3939;
+/**
+ * Start the unified web console.
+ *
+ * Runs leader election, then either starts the full console (leader)
+ * or sets up event forwarding (follower).
+ */
+export async function startUnifiedConsole(options) {
+    const election = await electLeader(options.sessionId, CONSOLE_PORT);
+    if (election.role === 'leader') {
+        return startAsLeader(options, election);
+    }
+    else {
+        return startAsFollower(options, election);
+    }
+}
+/**
+ * Start as the console leader.
+ * Binds port 3939, mounts all routes including ingestion, starts heartbeat.
+ */
+async function startAsLeader(options, election) {
+    const { startWebServer } = await import('../server.js');
+    // Pre-create a placeholder broadcast that we'll wire up after the server starts
+    let liveBroadcast;
+    let liveMetricsOnSnapshot;
+    // Create ingestion routes with a deferred broadcast (wired after server starts)
+    const ingestResult = createIngestRoutes({
+        logBroadcast: (entry) => liveBroadcast?.(entry),
+        metricsOnSnapshot: (snapshot) => liveMetricsOnSnapshot?.(snapshot),
+    });
+    // Register the leader as a session
+    ingestResult.registerLeaderSession(options.sessionId, process.pid);
+    // Start the web server with ingest routes mounted before the SPA fallback
+    const webResult = await startWebServer({
+        portfolioDir: options.portfolioDir,
+        memorySink: options.memorySink,
+        metricsSink: options.metricsSink,
+        port: CONSOLE_PORT,
+        additionalRouters: [ingestResult.router],
+        ...(options.mcpAqlHandler ? { mcpAqlHandler: options.mcpAqlHandler } : {}),
+    });
+    // Wire SSE broadcasts for this leader's own events
+    options.wireSSEBroadcasts(webResult, options.metricsSink);
+    // Now wire the live broadcast functions into the ingest routes
+    if (webResult.logBroadcast) {
+        const originalBroadcast = webResult.logBroadcast;
+        // Stamp leader's own entries with session ID
+        liveBroadcast = (entry) => {
+            const stamped = {
+                ...entry,
+                data: { ...entry.data, _sessionId: options.sessionId },
+            };
+            originalBroadcast(stamped);
+        };
+    }
+    liveMetricsOnSnapshot = webResult.metricsOnSnapshot;
+    logger.info('[UnifiedConsole] Ingestion routes mounted');
+    // Start heartbeat and register cleanup
+    const stopHeartbeat = startHeartbeat(election.leaderInfo);
+    registerLeaderCleanup();
+    logger.info('[UnifiedConsole] Leader started', {
+        sessionId: options.sessionId, port: CONSOLE_PORT, pid: process.pid,
+        role: 'leader', ingestRoutes: ['/api/ingest/logs', '/api/ingest/metrics', '/api/ingest/session', '/api/sessions'],
+    });
+    return {
+        role: 'leader',
+        election,
+        port: CONSOLE_PORT,
+        cleanup: async () => {
+            stopHeartbeat();
+        },
+    };
+}
+/**
+ * Start as a follower.
+ * Registers forwarding sinks with the LogManager, starts session heartbeat.
+ */
+async function startAsFollower(options, election) {
+    const leaderUrl = `http://127.0.0.1:${election.leaderInfo.port}`;
+    // Register a forwarding log sink
+    const forwardingSink = new LeaderForwardingLogSink(leaderUrl, options.sessionId);
+    options.registerLogSink(forwardingSink);
+    // Start session heartbeat to the leader
+    const sessionHeartbeat = new SessionHeartbeat(leaderUrl, options.sessionId, process.pid);
+    await sessionHeartbeat.start();
+    logger.info('[UnifiedConsole] Follower started', {
+        sessionId: options.sessionId, pid: process.pid, role: 'follower',
+        leaderSession: election.leaderInfo.sessionId, leaderPid: election.leaderInfo.pid,
+        leaderPort: election.leaderInfo.port, leaderUrl,
+    });
+    return {
+        role: 'follower',
+        election,
+        cleanup: async () => {
+            await sessionHeartbeat.stop();
+            await forwardingSink.close();
+        },
+    };
+}
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiVW5pZmllZENvbnNvbGUuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi9zcmMvd2ViL2NvbnNvbGUvVW5pZmllZENvbnNvbGUudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IkFBQUE7Ozs7Ozs7Ozs7Ozs7R0FhRztBQU1ILE9BQU8sRUFBRSxNQUFNLEVBQUUsTUFBTSx1QkFBdUIsQ0FBQztBQUMvQyxPQUFPLEVBQ0wsV0FBVyxFQUNYLGNBQWMsRUFDZCxxQkFBcUIsR0FFdEIsTUFBTSxxQkFBcUIsQ0FBQztBQUM3QixPQUFPLEVBQUUsa0JBQWtCLEVBQUUsTUFBTSxtQkFBbUIsQ0FBQztBQUN2RCxPQUFPLEVBQ0wsdUJBQXVCLEVBQ3ZCLGdCQUFnQixHQUNqQixNQUFNLDJCQUEyQixDQUFDO0FBRW5DLGdEQUFnRDtBQUNoRCxNQUFNLFlBQVksR0FBRyxJQUFJLENBQUM7QUFrQzFCOzs7OztHQUtHO0FBQ0gsTUFBTSxDQUFDLEtBQUssVUFBVSxtQkFBbUIsQ0FBQyxPQUE4QjtJQUN0RSxNQUFNLFFBQVEsR0FBRyxNQUFNLFdBQVcsQ0FBQyxPQUFPLENBQUMsU0FBUyxFQUFFLFlBQVksQ0FBQyxDQUFDO0lBRXBFLElBQUksUUFBUSxDQUFDLElBQUksS0FBSyxRQUFRLEVBQUUsQ0FBQztRQUMvQixPQUFPLGFBQWEsQ0FBQyxPQUFPLEVBQUUsUUFBUSxDQUFDLENBQUM7SUFDMUMsQ0FBQztTQUFNLENBQUM7UUFDTixPQUFPLGVBQWUsQ0FBQyxPQUFPLEVBQUUsUUFBUSxDQUFDLENBQUM7SUFDNUMsQ0FBQztBQUNILENBQUM7QUFFRDs7O0dBR0c7QUFDSCxLQUFLLFVBQVUsYUFBYSxDQUMxQixPQUE4QixFQUM5QixRQUF3QjtJQUV4QixNQUFNLEVBQUUsY0FBYyxFQUFFLEdBQUcsTUFBTSxNQUFNLENBQUMsY0FBYyxDQUFDLENBQUM7SUFFeEQsZ0ZBQWdGO0lBQ2hGLElBQUksYUFBNkQsQ0FBQztJQUNsRSxJQUFJLHFCQUF1RSxDQUFDO0lBRTVFLGdGQUFnRjtJQUNoRixNQUFNLFlBQVksR0FBRyxrQkFBa0IsQ0FBQztRQUN0QyxZQUFZLEVBQUUsQ0FBQyxLQUFLLEVBQUUsRUFBRSxDQUFDLGFBQWEsRUFBRSxDQUFDLEtBQUssQ0FBQztRQUMvQyxpQkFBaUIsRUFBRSxDQUFDLFFBQVEsRUFBRSxFQUFFLENBQUMscUJBQXFCLEVBQUUsQ0FBQyxRQUFRLENBQUM7S0FDbkUsQ0FBQyxDQUFDO0lBRUgsbUNBQW1DO0lBQ25DLFlBQVksQ0FBQyxxQkFBcUIsQ0FBQyxPQUFPLENBQUMsU0FBUyxFQUFFLE9BQU8sQ0FBQyxHQUFHLENBQUMsQ0FBQztJQUVuRSwwRUFBMEU7SUFDMUUsTUFBTSxTQUFTLEdBQUcsTUFBTSxjQUFjLENBQUM7UUFDckMsWUFBWSxFQUFFLE9BQU8sQ0FBQyxZQUFZO1FBQ2xDLFVBQVUsRUFBRSxPQUFPLENBQUMsVUFBVTtRQUM5QixXQUFXLEVBQUUsT0FBTyxDQUFDLFdBQVc7UUFDaEMsSUFBSSxFQUFFLFlBQVk7UUFDbEIsaUJBQWlCLEVBQUUsQ0FBQyxZQUFZLENBQUMsTUFBTSxDQUFDO1FBQ3hDLEdBQUcsQ0FBQyxPQUFPLENBQUMsYUFBYSxDQUFDLENBQUMsQ0FBQyxFQUFFLGFBQWEsRUFBRSxPQUFPLENBQUMsYUFBYSxFQUFFLENBQUMsQ0FBQyxDQUFDLEVBQUUsQ0FBQztLQUMzRSxDQUFDLENBQUM7SUFFSCxtREFBbUQ7SUFDbkQsT0FBTyxDQUFDLGlCQUFpQixDQUFDLFNBQVMsRUFBRSxPQUFPLENBQUMsV0FBVyxDQUFDLENBQUM7SUFFMUQsK0RBQStEO0lBQy9ELElBQUksU0FBUyxDQUFDLFlBQVksRUFBRSxDQUFDO1FBQzNCLE1BQU0saUJBQWlCLEdBQUcsU0FBUyxDQUFDLFlBQVksQ0FBQztRQUNqRCw2Q0FBNkM7UUFDN0MsYUFBYSxHQUFHLENBQUMsS0FBc0IsRUFBRSxFQUFFO1lBQ3pDLE1BQU0sT0FBTyxHQUFvQjtnQkFDL0IsR0FBRyxLQUFLO2dCQUNSLElBQUksRUFBRSxFQUFFLEdBQUcsS0FBSyxDQUFDLElBQUksRUFBRSxVQUFVLEVBQUUsT0FBTyxDQUFDLFNBQVMsRUFBRTthQUN2RCxDQUFDO1lBQ0YsaUJBQWlCLENBQUMsT0FBTyxDQUFDLENBQUM7UUFDN0IsQ0FBQyxDQUFDO0lBQ0osQ0FBQztJQUNELHFCQUFxQixHQUFHLFNBQVMsQ0FBQyxpQkFBaUIsQ0FBQztJQUVwRCxNQUFNLENBQUMsSUFBSSxDQUFDLDJDQUEyQyxDQUFDLENBQUM7SUFFekQsdUNBQXVDO0lBQ3ZDLE1BQU0sYUFBYSxHQUFHLGNBQWMsQ0FBQyxRQUFRLENBQUMsVUFBVSxDQUFDLENBQUM7SUFDMUQscUJBQXFCLEVBQUUsQ0FBQztJQUV4QixNQUFNLENBQUMsSUFBSSxDQUFDLGlDQUFpQyxFQUFFO1FBQzdDLFNBQVMsRUFBRSxPQUFPLENBQUMsU0FBUyxFQUFFLElBQUksRUFBRSxZQUFZLEVBQUUsR0FBRyxFQUFFLE9BQU8sQ0FBQyxHQUFHO1FBQ2xFLElBQUksRUFBRSxRQUFRLEVBQUUsWUFBWSxFQUFFLENBQUMsa0JBQWtCLEVBQUUscUJBQXFCLEVBQUUscUJBQXFCLEVBQUUsZUFBZSxDQUFDO0tBQ2xILENBQUMsQ0FBQztJQUVILE9BQU87UUFDTCxJQUFJLEVBQUUsUUFBUTtRQUNkLFFBQVE7UUFDUixJQUFJLEVBQUUsWUFBWTtRQUNsQixPQUFPLEVBQUUsS0FBSyxJQUFJLEVBQUU7WUFDbEIsYUFBYSxFQUFFLENBQUM7UUFDbEIsQ0FBQztLQUNGLENBQUM7QUFDSixDQUFDO0FBRUQ7OztHQUdHO0FBQ0gsS0FBSyxVQUFVLGVBQWUsQ0FDNUIsT0FBOEIsRUFDOUIsUUFBd0I7SUFFeEIsTUFBTSxTQUFTLEdBQUcsb0JBQW9CLFFBQVEsQ0FBQyxVQUFVLENBQUMsSUFBSSxFQUFFLENBQUM7SUFFakUsaUNBQWlDO0lBQ2pDLE1BQU0sY0FBYyxHQUFHLElBQUksdUJBQXVCLENBQUMsU0FBUyxFQUFFLE9BQU8sQ0FBQyxTQUFTLENBQUMsQ0FBQztJQUNqRixPQUFPLENBQUMsZUFBZSxDQUFDLGNBQWMsQ0FBQyxDQUFDO0lBRXhDLHdDQUF3QztJQUN4QyxNQUFNLGdCQUFnQixHQUFHLElBQUksZ0JBQWdCLENBQUMsU0FBUyxFQUFFLE9BQU8sQ0FBQyxTQUFTLEVBQUUsT0FBTyxDQUFDLEdBQUcsQ0FBQyxDQUFDO0lBQ3pGLE1BQU0sZ0JBQWdCLENBQUMsS0FBSyxFQUFFLENBQUM7SUFFL0IsTUFBTSxDQUFDLElBQUksQ0FBQyxtQ0FBbUMsRUFBRTtRQUMvQyxTQUFTLEVBQUUsT0FBTyxDQUFDLFNBQVMsRUFBRSxHQUFHLEVBQUUsT0FBTyxDQUFDLEdBQUcsRUFBRSxJQUFJLEVBQUUsVUFBVTtRQUNoRSxhQUFhLEVBQUUsUUFBUSxDQUFDLFVBQVUsQ0FBQyxTQUFTLEVBQUUsU0FBUyxFQUFFLFFBQVEsQ0FBQyxVQUFVLENBQUMsR0FBRztRQUNoRixVQUFVLEVBQUUsUUFBUSxDQUFDLFVBQVUsQ0FBQyxJQUFJLEVBQUUsU0FBUztLQUNoRCxDQUFDLENBQUM7SUFFSCxPQUFPO1FBQ0wsSUFBSSxFQUFFLFVBQVU7UUFDaEIsUUFBUTtRQUNSLE9BQU8sRUFBRSxLQUFLLElBQUksRUFBRTtZQUNsQixNQUFNLGdCQUFnQixDQUFDLElBQUksRUFBRSxDQUFDO1lBQzlCLE1BQU0sY0FBYyxDQUFDLEtBQUssRUFBRSxDQUFDO1FBQy9CLENBQUM7S0FDRixDQUFDO0FBQ0osQ0FBQyIsInNvdXJjZXNDb250ZW50IjpbIi8qKlxuICogVW5pZmllZCB3ZWIgY29uc29sZSBvcmNoZXN0cmF0b3IuXG4gKlxuICogVGllcyB0b2dldGhlciBsZWFkZXIgZWxlY3Rpb24sIGNvbnNvbGUgc3RhcnR1cCwgZm9sbG93ZXIgd2lyaW5nLFxuICogYW5kIHNlc3Npb24gbGlmZWN5Y2xlIG1hbmFnZW1lbnQuIFRoaXMgaXMgdGhlIG1haW4gZW50cnkgcG9pbnRcbiAqIGNhbGxlZCBieSB0aGUgREkgY29udGFpbmVyIGR1cmluZyBkZWZlcnJlZCBzZXR1cC5cbiAqXG4gKiBGbG93OlxuICogMS4gUnVuIGxlYWRlciBlbGVjdGlvbiAocmVhZCBsb2NrIGZpbGUsIGNsYWltIG9yIGZvbGxvdylcbiAqIDIuIElmIGxlYWRlcjogc3RhcnQgd2ViIHNlcnZlciBvbiBmaXhlZCBwb3J0LCBtb3VudCBpbmdlc3Qgcm91dGVzLCBzdGFydCBoZWFydGJlYXRcbiAqIDMuIElmIGZvbGxvd2VyOiByZWdpc3RlciBmb3J3YXJkaW5nIHNpbmtzIHdpdGggTG9nTWFuYWdlciwgc3RhcnQgc2Vzc2lvbiBoZWFydGJlYXRcbiAqXG4gKiBAc2luY2UgdjIuMS4wIOKAlCBJc3N1ZSAjMTcwMFxuICovXG5cbmltcG9ydCB0eXBlIHsgVW5pZmllZExvZ0VudHJ5IH0gZnJvbSAnLi4vLi4vbG9nZ2luZy90eXBlcy5qcyc7XG5pbXBvcnQgdHlwZSB7IE1ldHJpY1NuYXBzaG90IH0gZnJvbSAnLi4vLi4vbWV0cmljcy90eXBlcy5qcyc7XG5pbXBvcnQgdHlwZSB7IE1lbW9yeUxvZ1NpbmsgfSBmcm9tICcuLi8uLi9sb2dnaW5nL3NpbmtzL01lbW9yeUxvZ1NpbmsuanMnO1xuaW1wb3J0IHR5cGUgeyBNZW1vcnlNZXRyaWNzU2luayB9IGZyb20gJy4uLy4uL21ldHJpY3Mvc2lua3MvTWVtb3J5TWV0cmljc1NpbmsuanMnO1xuaW1wb3J0IHsgbG9nZ2VyIH0gZnJvbSAnLi4vLi4vdXRpbHMvbG9nZ2VyLmpzJztcbmltcG9ydCB7XG4gIGVsZWN0TGVhZGVyLFxuICBzdGFydEhlYXJ0YmVhdCxcbiAgcmVnaXN0ZXJMZWFkZXJDbGVhbnVwLFxuICB0eXBlIEVsZWN0aW9uUmVzdWx0LFxufSBmcm9tICcuL0xlYWRlckVsZWN0aW9uLmpzJztcbmltcG9ydCB7IGNyZWF0ZUluZ2VzdFJvdXRlcyB9IGZyb20gJy4vSW5nZXN0Um91dGVzLmpzJztcbmltcG9ydCB7XG4gIExlYWRlckZvcndhcmRpbmdMb2dTaW5rLFxuICBTZXNzaW9uSGVhcnRiZWF0LFxufSBmcm9tICcuL0xlYWRlckZvcndhcmRpbmdTaW5rLmpzJztcblxuLyoqIEZpeGVkIHBvcnQgZm9yIHRoZSB1bmlmaWVkIGNvbnNvbGUgbGVhZGVyICovXG5jb25zdCBDT05TT0xFX1BPUlQgPSAzOTM5O1xuXG4vKipcbiAqIE9wdGlvbnMgZm9yIHN0YXJ0aW5nIHRoZSB1bmlmaWVkIGNvbnNvbGUuXG4gKi9cbmV4cG9ydCBpbnRlcmZhY2UgVW5pZmllZENvbnNvbGVPcHRpb25zIHtcbiAgLyoqIFRoaXMgcHJvY2VzcydzIHVuaXF1ZSBzZXNzaW9uIElEICovXG4gIHNlc3Npb25JZDogc3RyaW5nO1xuICAvKiogUG9ydGZvbGlvIGJhc2UgZGlyZWN0b3J5IChmb3Igc3RhcnRXZWJTZXJ2ZXIpICovXG4gIHBvcnRmb2xpb0Rpcjogc3RyaW5nO1xuICAvKiogTG9nIG1lbW9yeSBzaW5rIChmb3IgY29uc29sZSBoaXN0b3J5KSAqL1xuICBtZW1vcnlTaW5rOiBNZW1vcnlMb2dTaW5rO1xuICAvKiogTWV0cmljcyBtZW1vcnkgc2luayAqL1xuICBtZXRyaWNzU2luaz86IE1lbW9yeU1ldHJpY3NTaW5rO1xuICAvKiogTUNQLUFRTCBoYW5kbGVyIGZvciBwZXJtaXNzaW9uIHJvdXRlcyAodHlwZWQgYXMgYW55IHRvIGF2b2lkIGNpcmN1bGFyIGltcG9ydHMpICovXG4gIG1jcEFxbEhhbmRsZXI/OiBhbnk7XG4gIC8qKiBDYWxsYmFjayB0byByZWdpc3RlciBhIGxvZyBzaW5rIHdpdGggdGhlIExvZ01hbmFnZXIgKi9cbiAgcmVnaXN0ZXJMb2dTaW5rOiAoc2luazogeyB3cml0ZShlbnRyeTogVW5pZmllZExvZ0VudHJ5KTogdm9pZDsgZmx1c2goKTogUHJvbWlzZTx2b2lkPjsgY2xvc2UoKTogUHJvbWlzZTx2b2lkPiB9KSA9PiB2b2lkO1xuICAvKiogQ2FsbGJhY2sgdG8gd2lyZSBTU0UgYnJvYWRjYXN0cyBhZnRlciB3ZWIgc2VydmVyIHN0YXJ0cyAqL1xuICB3aXJlU1NFQnJvYWRjYXN0czogKHdlYlJlc3VsdDogeyBsb2dCcm9hZGNhc3Q/OiAoZW50cnk6IFVuaWZpZWRMb2dFbnRyeSkgPT4gdm9pZDsgbWV0cmljc09uU25hcHNob3Q/OiAoc25hcHNob3Q6IE1ldHJpY1NuYXBzaG90KSA9PiB2b2lkIH0sIG1ldHJpY3NTaW5rPzogTWVtb3J5TWV0cmljc1NpbmspID0+IHZvaWQ7XG59XG5cbi8qKlxuICogUmVzdWx0IG9mIHN0YXJ0aW5nIHRoZSB1bmlmaWVkIGNvbnNvbGUuXG4gKi9cbmV4cG9ydCBpbnRlcmZhY2UgVW5pZmllZENvbnNvbGVSZXN1bHQge1xuICByb2xlOiAnbGVhZGVyJyB8ICdmb2xsb3dlcic7XG4gIGVsZWN0aW9uOiBFbGVjdGlvblJlc3VsdDtcbiAgLyoqIFBvcnQgdGhlIGNvbnNvbGUgaXMgcnVubmluZyBvbiAobGVhZGVyIG9ubHkpICovXG4gIHBvcnQ/OiBudW1iZXI7XG4gIC8qKiBDbGVhbnVwIGZ1bmN0aW9uIHRvIGNhbGwgb24gc2h1dGRvd24gKi9cbiAgY2xlYW51cDogKCkgPT4gUHJvbWlzZTx2b2lkPjtcbn1cblxuLyoqXG4gKiBTdGFydCB0aGUgdW5pZmllZCB3ZWIgY29uc29sZS5cbiAqXG4gKiBSdW5zIGxlYWRlciBlbGVjdGlvbiwgdGhlbiBlaXRoZXIgc3RhcnRzIHRoZSBmdWxsIGNvbnNvbGUgKGxlYWRlcilcbiAqIG9yIHNldHMgdXAgZXZlbnQgZm9yd2FyZGluZyAoZm9sbG93ZXIpLlxuICovXG5leHBvcnQgYXN5bmMgZnVuY3Rpb24gc3RhcnRVbmlmaWVkQ29uc29sZShvcHRpb25zOiBVbmlmaWVkQ29uc29sZU9wdGlvbnMpOiBQcm9taXNlPFVuaWZpZWRDb25zb2xlUmVzdWx0PiB7XG4gIGNvbnN0IGVsZWN0aW9uID0gYXdhaXQgZWxlY3RMZWFkZXIob3B0aW9ucy5zZXNzaW9uSWQsIENPTlNPTEVfUE9SVCk7XG5cbiAgaWYgKGVsZWN0aW9uLnJvbGUgPT09ICdsZWFkZXInKSB7XG4gICAgcmV0dXJuIHN0YXJ0QXNMZWFkZXIob3B0aW9ucywgZWxlY3Rpb24pO1xuICB9IGVsc2Uge1xuICAgIHJldHVybiBzdGFydEFzRm9sbG93ZXIob3B0aW9ucywgZWxlY3Rpb24pO1xuICB9XG59XG5cbi8qKlxuICogU3RhcnQgYXMgdGhlIGNvbnNvbGUgbGVhZGVyLlxuICogQmluZHMgcG9ydCAzOTM5LCBtb3VudHMgYWxsIHJvdXRlcyBpbmNsdWRpbmcgaW5nZXN0aW9uLCBzdGFydHMgaGVhcnRiZWF0LlxuICovXG5hc3luYyBmdW5jdGlvbiBzdGFydEFzTGVhZGVyKFxuICBvcHRpb25zOiBVbmlmaWVkQ29uc29sZU9wdGlvbnMsXG4gIGVsZWN0aW9uOiBFbGVjdGlvblJlc3VsdCxcbik6IFByb21pc2U8VW5pZmllZENvbnNvbGVSZXN1bHQ+IHtcbiAgY29uc3QgeyBzdGFydFdlYlNlcnZlciB9ID0gYXdhaXQgaW1wb3J0KCcuLi9zZXJ2ZXIuanMnKTtcblxuICAvLyBQcmUtY3JlYXRlIGEgcGxhY2Vob2xkZXIgYnJvYWRjYXN0IHRoYXQgd2UnbGwgd2lyZSB1cCBhZnRlciB0aGUgc2VydmVyIHN0YXJ0c1xuICBsZXQgbGl2ZUJyb2FkY2FzdDogKChlbnRyeTogVW5pZmllZExvZ0VudHJ5KSA9PiB2b2lkKSB8IHVuZGVmaW5lZDtcbiAgbGV0IGxpdmVNZXRyaWNzT25TbmFwc2hvdDogKChzbmFwc2hvdDogTWV0cmljU25hcHNob3QpID0+IHZvaWQpIHwgdW5kZWZpbmVkO1xuXG4gIC8vIENyZWF0ZSBpbmdlc3Rpb24gcm91dGVzIHdpdGggYSBkZWZlcnJlZCBicm9hZGNhc3QgKHdpcmVkIGFmdGVyIHNlcnZlciBzdGFydHMpXG4gIGNvbnN0IGluZ2VzdFJlc3VsdCA9IGNyZWF0ZUluZ2VzdFJvdXRlcyh7XG4gICAgbG9nQnJvYWRjYXN0OiAoZW50cnkpID0+IGxpdmVCcm9hZGNhc3Q/LihlbnRyeSksXG4gICAgbWV0cmljc09uU25hcHNob3Q6IChzbmFwc2hvdCkgPT4gbGl2ZU1ldHJpY3NPblNuYXBzaG90Py4oc25hcHNob3QpLFxuICB9KTtcblxuICAvLyBSZWdpc3RlciB0aGUgbGVhZGVyIGFzIGEgc2Vzc2lvblxuICBpbmdlc3RSZXN1bHQucmVnaXN0ZXJMZWFkZXJTZXNzaW9uKG9wdGlvbnMuc2Vzc2lvbklkLCBwcm9jZXNzLnBpZCk7XG5cbiAgLy8gU3RhcnQgdGhlIHdlYiBzZXJ2ZXIgd2l0aCBpbmdlc3Qgcm91dGVzIG1vdW50ZWQgYmVmb3JlIHRoZSBTUEEgZmFsbGJhY2tcbiAgY29uc3Qgd2ViUmVzdWx0ID0gYXdhaXQgc3RhcnRXZWJTZXJ2ZXIoe1xuICAgIHBvcnRmb2xpb0Rpcjogb3B0aW9ucy5wb3J0Zm9saW9EaXIsXG4gICAgbWVtb3J5U2luazogb3B0aW9ucy5tZW1vcnlTaW5rLFxuICAgIG1ldHJpY3NTaW5rOiBvcHRpb25zLm1ldHJpY3NTaW5rLFxuICAgIHBvcnQ6IENPTlNPTEVfUE9SVCxcbiAgICBhZGRpdGlvbmFsUm91dGVyczogW2luZ2VzdFJlc3VsdC5yb3V0ZXJdLFxuICAgIC4uLihvcHRpb25zLm1jcEFxbEhhbmRsZXIgPyB7IG1jcEFxbEhhbmRsZXI6IG9wdGlvbnMubWNwQXFsSGFuZGxlciB9IDoge30pLFxuICB9KTtcblxuICAvLyBXaXJlIFNTRSBicm9hZGNhc3RzIGZvciB0aGlzIGxlYWRlcidzIG93biBldmVudHNcbiAgb3B0aW9ucy53aXJlU1NFQnJvYWRjYXN0cyh3ZWJSZXN1bHQsIG9wdGlvbnMubWV0cmljc1NpbmspO1xuXG4gIC8vIE5vdyB3aXJlIHRoZSBsaXZlIGJyb2FkY2FzdCBmdW5jdGlvbnMgaW50byB0aGUgaW5nZXN0IHJvdXRlc1xuICBpZiAod2ViUmVzdWx0LmxvZ0Jyb2FkY2FzdCkge1xuICAgIGNvbnN0IG9yaWdpbmFsQnJvYWRjYXN0ID0gd2ViUmVzdWx0LmxvZ0Jyb2FkY2FzdDtcbiAgICAvLyBTdGFtcCBsZWFkZXIncyBvd24gZW50cmllcyB3aXRoIHNlc3Npb24gSURcbiAgICBsaXZlQnJvYWRjYXN0ID0gKGVudHJ5OiBVbmlmaWVkTG9nRW50cnkpID0+IHtcbiAgICAgIGNvbnN0IHN0YW1wZWQ6IFVuaWZpZWRMb2dFbnRyeSA9IHtcbiAgICAgICAgLi4uZW50cnksXG4gICAgICAgIGRhdGE6IHsgLi4uZW50cnkuZGF0YSwgX3Nlc3Npb25JZDogb3B0aW9ucy5zZXNzaW9uSWQgfSxcbiAgICAgIH07XG4gICAgICBvcmlnaW5hbEJyb2FkY2FzdChzdGFtcGVkKTtcbiAgICB9O1xuICB9XG4gIGxpdmVNZXRyaWNzT25TbmFwc2hvdCA9IHdlYlJlc3VsdC5tZXRyaWNzT25TbmFwc2hvdDtcblxuICBsb2dnZXIuaW5mbygnW1VuaWZpZWRDb25zb2xlXSBJbmdlc3Rpb24gcm91dGVzIG1vdW50ZWQnKTtcblxuICAvLyBTdGFydCBoZWFydGJlYXQgYW5kIHJlZ2lzdGVyIGNsZWFudXBcbiAgY29uc3Qgc3RvcEhlYXJ0YmVhdCA9IHN0YXJ0SGVhcnRiZWF0KGVsZWN0aW9uLmxlYWRlckluZm8pO1xuICByZWdpc3RlckxlYWRlckNsZWFudXAoKTtcblxuICBsb2dnZXIuaW5mbygnW1VuaWZpZWRDb25zb2xlXSBMZWFkZXIgc3RhcnRlZCcsIHtcbiAgICBzZXNzaW9uSWQ6IG9wdGlvbnMuc2Vzc2lvbklkLCBwb3J0OiBDT05TT0xFX1BPUlQsIHBpZDogcHJvY2Vzcy5waWQsXG4gICAgcm9sZTogJ2xlYWRlcicsIGluZ2VzdFJvdXRlczogWycvYXBpL2luZ2VzdC9sb2dzJywgJy9hcGkvaW5nZXN0L21ldHJpY3MnLCAnL2FwaS9pbmdlc3Qvc2Vzc2lvbicsICcvYXBpL3Nlc3Npb25zJ10sXG4gIH0pO1xuXG4gIHJldHVybiB7XG4gICAgcm9sZTogJ2xlYWRlcicsXG4gICAgZWxlY3Rpb24sXG4gICAgcG9ydDogQ09OU09MRV9QT1JULFxuICAgIGNsZWFudXA6IGFzeW5jICgpID0+IHtcbiAgICAgIHN0b3BIZWFydGJlYXQoKTtcbiAgICB9LFxuICB9O1xufVxuXG4vKipcbiAqIFN0YXJ0IGFzIGEgZm9sbG93ZXIuXG4gKiBSZWdpc3RlcnMgZm9yd2FyZGluZyBzaW5rcyB3aXRoIHRoZSBMb2dNYW5hZ2VyLCBzdGFydHMgc2Vzc2lvbiBoZWFydGJlYXQuXG4gKi9cbmFzeW5jIGZ1bmN0aW9uIHN0YXJ0QXNGb2xsb3dlcihcbiAgb3B0aW9uczogVW5pZmllZENvbnNvbGVPcHRpb25zLFxuICBlbGVjdGlvbjogRWxlY3Rpb25SZXN1bHQsXG4pOiBQcm9taXNlPFVuaWZpZWRDb25zb2xlUmVzdWx0PiB7XG4gIGNvbnN0IGxlYWRlclVybCA9IGBodHRwOi8vMTI3LjAuMC4xOiR7ZWxlY3Rpb24ubGVhZGVySW5mby5wb3J0fWA7XG5cbiAgLy8gUmVnaXN0ZXIgYSBmb3J3YXJkaW5nIGxvZyBzaW5rXG4gIGNvbnN0IGZvcndhcmRpbmdTaW5rID0gbmV3IExlYWRlckZvcndhcmRpbmdMb2dTaW5rKGxlYWRlclVybCwgb3B0aW9ucy5zZXNzaW9uSWQpO1xuICBvcHRpb25zLnJlZ2lzdGVyTG9nU2luayhmb3J3YXJkaW5nU2luayk7XG5cbiAgLy8gU3RhcnQgc2Vzc2lvbiBoZWFydGJlYXQgdG8gdGhlIGxlYWRlclxuICBjb25zdCBzZXNzaW9uSGVhcnRiZWF0ID0gbmV3IFNlc3Npb25IZWFydGJlYXQobGVhZGVyVXJsLCBvcHRpb25zLnNlc3Npb25JZCwgcHJvY2Vzcy5waWQpO1xuICBhd2FpdCBzZXNzaW9uSGVhcnRiZWF0LnN0YXJ0KCk7XG5cbiAgbG9nZ2VyLmluZm8oJ1tVbmlmaWVkQ29uc29sZV0gRm9sbG93ZXIgc3RhcnRlZCcsIHtcbiAgICBzZXNzaW9uSWQ6IG9wdGlvbnMuc2Vzc2lvbklkLCBwaWQ6IHByb2Nlc3MucGlkLCByb2xlOiAnZm9sbG93ZXInLFxuICAgIGxlYWRlclNlc3Npb246IGVsZWN0aW9uLmxlYWRlckluZm8uc2Vzc2lvbklkLCBsZWFkZXJQaWQ6IGVsZWN0aW9uLmxlYWRlckluZm8ucGlkLFxuICAgIGxlYWRlclBvcnQ6IGVsZWN0aW9uLmxlYWRlckluZm8ucG9ydCwgbGVhZGVyVXJsLFxuICB9KTtcblxuICByZXR1cm4ge1xuICAgIHJvbGU6ICdmb2xsb3dlcicsXG4gICAgZWxlY3Rpb24sXG4gICAgY2xlYW51cDogYXN5bmMgKCkgPT4ge1xuICAgICAgYXdhaXQgc2Vzc2lvbkhlYXJ0YmVhdC5zdG9wKCk7XG4gICAgICBhd2FpdCBmb3J3YXJkaW5nU2luay5jbG9zZSgpO1xuICAgIH0sXG4gIH07XG59XG4iXX0=

package/dist/web/contentPipeline.d.ts

@@ -0,0 +1,58 @@
+/**
+ * Content Validation Pipeline for Web UI
+ *
+ * Composes the standalone security validators into a single pipeline
+ * for validating portfolio element content before serving to the browser.
+ *
+ * Uses the same validators as the MCPAQLHandler but without coupling
+ * to the handler's operation dispatch. This is the extraction point
+ * for the upcoming MCPAQLHandler decomposition.
+ *
+ * auto-dollhouse#5 / upstream #1679
+ * DMCP-SEC-004 compliant: uses UnicodeValidator.normalize() on all inputs
+ */
+/** Known metadata fields extracted from YAML frontmatter for web display */
+export interface ElementDisplayMetadata {
+    name?: string;
+    description?: string;
+    version?: string;
+    author?: string;
+    category?: string;
+    created?: string;
+    created_date?: string;
+    modified?: string;
+    tags?: string[];
+    license?: string;
+    age_rating?: string;
+    triggers?: string[];
+    instructions?: string;
+    coordination_strategy?: string;
+    use_cases?: string[];
+    proficiency_levels?: Record<string, string>;
+    gatekeeper?: Record<string, unknown>;
+    goal?: Record<string, unknown>;
+    autonomy?: Record<string, unknown>;
+    memoryType?: string;
+    [key: string]: unknown;
+}
+export interface PipelineResult {
+    valid: boolean;
+    content: string;
+    metadata: ElementDisplayMetadata;
+    body: string;
+    rejection?: {
+        reason: string;
+        severity?: string;
+        patterns?: string[];
+    };
+}
+/**
+ * Validate element content through the security pipeline.
+ *
+ * @param filename - The element filename (e.g., "alex-sterling.md")
+ * @param rawContent - The raw file content string
+ * @param elementType - The plural element type directory (e.g., "personas")
+ * @returns Validated content with parsed metadata, or rejection with reason
+ */
+export declare function validateElementContent(filename: string, rawContent: string, elementType: string): PipelineResult;
+//# sourceMappingURL=contentPipeline.d.ts.map

package/dist/web/contentPipeline.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"contentPipeline.d.ts","sourceRoot":"","sources":["../../src/web/contentPipeline.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAiBH,4EAA4E;AAC5E,MAAM,WAAW,sBAAsB;IACrC,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,IAAI,CAAC,EAAE,MAAM,EAAE,CAAC;IAChB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,QAAQ,CAAC,EAAE,MAAM,EAAE,CAAC;IACpB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,qBAAqB,CAAC,EAAE,MAAM,CAAC;IAC/B,SAAS,CAAC,EAAE,MAAM,EAAE,CAAC;IACrB,kBAAkB,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAC5C,UAAU,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACrC,IAAI,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAC/B,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACnC,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;CACxB;AAED,MAAM,WAAW,cAAc;IAC7B,KAAK,EAAE,OAAO,CAAC;IACf,OAAO,EAAE,MAAM,CAAC;IAChB,QAAQ,EAAE,sBAAsB,CAAC;IACjC,IAAI,EAAE,MAAM,CAAC;IACb,SAAS,CAAC,EAAE;QACV,MAAM,EAAE,MAAM,CAAC;QACf,QAAQ,CAAC,EAAE,MAAM,CAAC;QAClB,QAAQ,CAAC,EAAE,MAAM,EAAE,CAAC;KACrB,CAAC;CACH;AAED;;;;;;;GAOG;AACH,wBAAgB,sBAAsB,CACpC,QAAQ,EAAE,MAAM,EAChB,UAAU,EAAE,MAAM,EAClB,WAAW,EAAE,MAAM,GAClB,cAAc,CAgFhB"}

package/dist/web/contentPipeline.js

@@ -0,0 +1,112 @@
+/**
+ * Content Validation Pipeline for Web UI
+ *
+ * Composes the standalone security validators into a single pipeline
+ * for validating portfolio element content before serving to the browser.
+ *
+ * Uses the same validators as the MCPAQLHandler but without coupling
+ * to the handler's operation dispatch. This is the extraction point
+ * for the upcoming MCPAQLHandler decomposition.
+ *
+ * auto-dollhouse#5 / upstream #1679
+ * DMCP-SEC-004 compliant: uses UnicodeValidator.normalize() on all inputs
+ */
+import { extname } from 'node:path';
+import { SecureYamlParser } from '../security/secureYamlParser.js';
+import { ContentValidator } from '../security/contentValidator.js';
+import { UnicodeValidator } from '../security/validators/unicodeValidator.js';
+import { logger } from '../utils/logger.js';
+/** Element types that map to content validation contexts */
+const TYPE_TO_CONTEXT = {
+    personas: 'persona',
+    skills: 'skill',
+    templates: 'template',
+    agents: 'agent',
+    memories: 'memory',
+};
+/**
+ * Validate element content through the security pipeline.
+ *
+ * @param filename - The element filename (e.g., "alex-sterling.md")
+ * @param rawContent - The raw file content string
+ * @param elementType - The plural element type directory (e.g., "personas")
+ * @returns Validated content with parsed metadata, or rejection with reason
+ */
+export function validateElementContent(filename, rawContent, elementType) {
+    // DMCP-SEC-004: Normalize all inputs via UnicodeValidator to prevent
+    // homograph attacks, direction override bypasses, and suspicious patterns.
+    const filenameValidation = UnicodeValidator.normalize(filename);
+    const contentValidation = UnicodeValidator.normalize(rawContent);
+    const normalizedFilename = filenameValidation.normalizedContent;
+    const normalizedContent = contentValidation.normalizedContent;
+    const normalizedType = elementType.normalize('NFC');
+    const ext = extname(normalizedFilename);
+    const isYaml = ext === '.yaml' || ext === '.yml';
+    const contentContext = TYPE_TO_CONTEXT[normalizedType];
+    // Step 1: Parse and validate structure (YAML bomb detection, circular refs)
+    let metadata = {};
+    let body = '';
+    try {
+        if (isYaml) {
+            // Pure YAML file (memories) — use parseRawYaml for structural validation
+            // (bomb detection, circular refs, size limits).
+            // Skip ContentValidator.validateYamlContent() — it produces false positives
+            // on memory content that legitimately contains code patterns, security
+            // keywords, and technical documentation. Memories are locally-generated
+            // trusted content, not untrusted external submissions.
+            const parsed = SecureYamlParser.parseRawYaml(normalizedContent);
+            metadata = (typeof parsed === 'object' && parsed !== null) ? parsed : {};
+        }
+        else {
+            // Markdown with YAML frontmatter
+            const parsed = SecureYamlParser.parse(normalizedContent, { contentContext });
+            metadata = parsed.data;
+            body = parsed.content;
+        }
+    }
+    catch (err) {
+        return {
+            valid: false,
+            content: normalizedContent,
+            metadata: {},
+            body: '',
+            rejection: { reason: `Parse validation failed: ${err.message}`, severity: 'high' },
+        };
+    }
+    // Step 2: Content injection pattern detection (markdown elements only)
+    // YAML memories skip this — they contain legitimate code patterns and
+    // technical content that triggers false positives. The structural YAML
+    // parsing above (bomb/circular ref detection) is sufficient for local content.
+    if (!isYaml) {
+        const validation = ContentValidator.validateAndSanitize(normalizedContent, {
+            contentContext,
+        });
+        if (!validation.isValid) {
+            logger.warn('[ContentPipeline] Content rejected', {
+                filename,
+                elementType,
+                patterns: validation.detectedPatterns,
+                severity: validation.severity,
+            });
+            return {
+                valid: false,
+                content: normalizedContent,
+                metadata,
+                body,
+                rejection: {
+                    reason: 'Content failed security validation',
+                    severity: validation.severity,
+                    patterns: validation.detectedPatterns,
+                },
+            };
+        }
+    }
+    // Step 3: Return validated content
+    return {
+        valid: true,
+        content: rawContent,
+        metadata,
+        body,
+    };
+}
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiY29udGVudFBpcGVsaW5lLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vc3JjL3dlYi9jb250ZW50UGlwZWxpbmUudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IkFBQUE7Ozs7Ozs7Ozs7OztHQVlHO0FBRUgsT0FBTyxFQUFFLE9BQU8sRUFBRSxNQUFNLFdBQVcsQ0FBQztBQUNwQyxPQUFPLEVBQUUsZ0JBQWdCLEVBQUUsTUFBTSxpQ0FBaUMsQ0FBQztBQUNuRSxPQUFPLEVBQUUsZ0JBQWdCLEVBQWdDLE1BQU0saUNBQWlDLENBQUM7QUFDakcsT0FBTyxFQUFFLGdCQUFnQixFQUFFLE1BQU0sNENBQTRDLENBQUM7QUFDOUUsT0FBTyxFQUFFLE1BQU0sRUFBRSxNQUFNLG9CQUFvQixDQUFDO0FBRTVDLDREQUE0RDtBQUM1RCxNQUFNLGVBQWUsR0FBMEU7SUFDN0YsUUFBUSxFQUFFLFNBQVM7SUFDbkIsTUFBTSxFQUFFLE9BQU87SUFDZixTQUFTLEVBQUUsVUFBVTtJQUNyQixNQUFNLEVBQUUsT0FBTztJQUNmLFFBQVEsRUFBRSxRQUFRO0NBQ25CLENBQUM7QUF1Q0Y7Ozs7Ozs7R0FPRztBQUNILE1BQU0sVUFBVSxzQkFBc0IsQ0FDcEMsUUFBZ0IsRUFDaEIsVUFBa0IsRUFDbEIsV0FBbUI7SUFFbkIscUVBQXFFO0lBQ3JFLDJFQUEyRTtJQUMzRSxNQUFNLGtCQUFrQixHQUFHLGdCQUFnQixDQUFDLFNBQVMsQ0FBQyxRQUFRLENBQUMsQ0FBQztJQUNoRSxNQUFNLGlCQUFpQixHQUFHLGdCQUFnQixDQUFDLFNBQVMsQ0FBQyxVQUFVLENBQUMsQ0FBQztJQUNqRSxNQUFNLGtCQUFrQixHQUFHLGtCQUFrQixDQUFDLGlCQUFpQixDQUFDO0lBQ2hFLE1BQU0saUJBQWlCLEdBQUcsaUJBQWlCLENBQUMsaUJBQWlCLENBQUM7SUFDOUQsTUFBTSxjQUFjLEdBQUcsV0FBVyxDQUFDLFNBQVMsQ0FBQyxLQUFLLENBQUMsQ0FBQztJQUVwRCxNQUFNLEdBQUcsR0FBRyxPQUFPLENBQUMsa0JBQWtCLENBQUMsQ0FBQztJQUN4QyxNQUFNLE1BQU0sR0FBRyxHQUFHLEtBQUssT0FBTyxJQUFJLEdBQUcsS0FBSyxNQUFNLENBQUM7SUFDakQsTUFBTSxjQUFjLEdBQUcsZUFBZSxDQUFDLGNBQWMsQ0FBQyxDQUFDO0lBRXZELDRFQUE0RTtJQUM1RSxJQUFJLFFBQVEsR0FBMkIsRUFBRSxDQUFDO0lBQzFDLElBQUksSUFBSSxHQUFHLEVBQUUsQ0FBQztJQUVkLElBQUksQ0FBQztRQUNILElBQUksTUFBTSxFQUFFLENBQUM7WUFDWCx5RUFBeUU7WUFDekUsZ0RBQWdEO1lBQ2hELDRFQUE0RTtZQUM1RSx1RUFBdUU7WUFDdkUsd0VBQXdFO1lBQ3hFLHVEQUF1RDtZQUN2RCxNQUFNLE1BQU0sR0FBRyxnQkFBZ0IsQ0FBQyxZQUFZLENBQUMsaUJBQWlCLENBQUMsQ0FBQztZQUNoRSxRQUFRLEdBQUcsQ0FBQyxPQUFPLE1BQU0sS0FBSyxRQUFRLElBQUksTUFBTSxLQUFLLElBQUksQ0FBQyxDQUFDLENBQUMsQ0FBQyxNQUFNLENBQUMsQ0FBQyxDQUFDLEVBQUUsQ0FBQztRQUMzRSxDQUFDO2FBQU0sQ0FBQztZQUNOLGlDQUFpQztZQUNqQyxNQUFNLE1BQU0sR0FBRyxnQkFBZ0IsQ0FBQyxLQUFLLENBQUMsaUJBQWlCLEVBQUUsRUFBRSxjQUFjLEVBQUUsQ0FBQyxDQUFDO1lBQzdFLFFBQVEsR0FBRyxNQUFNLENBQUMsSUFBSSxDQUFDO1lBQ3ZCLElBQUksR0FBRyxNQUFNLENBQUMsT0FBTyxDQUFDO1FBQ3hCLENBQUM7SUFDSCxDQUFDO0lBQUMsT0FBTyxHQUFHLEVBQUUsQ0FBQztRQUNiLE9BQU87WUFDTCxLQUFLLEVBQUUsS0FBSztZQUNaLE9BQU8sRUFBRSxpQkFBaUI7WUFDMUIsUUFBUSxFQUFFLEVBQUU7WUFDWixJQUFJLEVBQUUsRUFBRTtZQUNSLFNBQVMsRUFBRSxFQUFFLE1BQU0sRUFBRSw0QkFBNkIsR0FBYSxDQUFDLE9BQU8sRUFBRSxFQUFFLFFBQVEsRUFBRSxNQUFNLEVBQUU7U0FDOUYsQ0FBQztJQUNKLENBQUM7SUFFRCx1RUFBdUU7SUFDdkUsc0VBQXNFO0lBQ3RFLHVFQUF1RTtJQUN2RSwrRUFBK0U7SUFDL0UsSUFBSSxDQUFDLE1BQU0sRUFBRSxDQUFDO1FBQ1osTUFBTSxVQUFVLEdBQTRCLGdCQUFnQixDQUFDLG1CQUFtQixDQUFDLGlCQUFpQixFQUFFO1lBQ2xHLGNBQWM7U0FDZixDQUFDLENBQUM7UUFFSCxJQUFJLENBQUMsVUFBVSxDQUFDLE9BQU8sRUFBRSxDQUFDO1lBQ3hCLE1BQU0sQ0FBQyxJQUFJLENBQUMsb0NBQW9DLEVBQUU7Z0JBQ2hELFFBQVE7Z0JBQ1IsV0FBVztnQkFDWCxRQUFRLEVBQUUsVUFBVSxDQUFDLGdCQUFnQjtnQkFDckMsUUFBUSxFQUFFLFVBQVUsQ0FBQyxRQUFRO2FBQzlCLENBQUMsQ0FBQztZQUNILE9BQU87Z0JBQ0wsS0FBSyxFQUFFLEtBQUs7Z0JBQ1osT0FBTyxFQUFFLGlCQUFpQjtnQkFDMUIsUUFBUTtnQkFDUixJQUFJO2dCQUNKLFNBQVMsRUFBRTtvQkFDVCxNQUFNLEVBQUUsb0NBQW9DO29CQUM1QyxRQUFRLEVBQUUsVUFBVSxDQUFDLFFBQVE7b0JBQzdCLFFBQVEsRUFBRSxVQUFVLENBQUMsZ0JBQWdCO2lCQUN0QzthQUNGLENBQUM7UUFDSixDQUFDO0lBQ0gsQ0FBQztJQUVELG1DQUFtQztJQUNuQyxPQUFPO1FBQ0wsS0FBSyxFQUFFLElBQUk7UUFDWCxPQUFPLEVBQUUsVUFBVTtRQUNuQixRQUFRO1FBQ1IsSUFBSTtLQUNMLENBQUM7QUFDSixDQUFDIiwic291cmNlc0NvbnRlbnQiOlsiLyoqXG4gKiBDb250ZW50IFZhbGlkYXRpb24gUGlwZWxpbmUgZm9yIFdlYiBVSVxuICpcbiAqIENvbXBvc2VzIHRoZSBzdGFuZGFsb25lIHNlY3VyaXR5IHZhbGlkYXRvcnMgaW50byBhIHNpbmdsZSBwaXBlbGluZVxuICogZm9yIHZhbGlkYXRpbmcgcG9ydGZvbGlvIGVsZW1lbnQgY29udGVudCBiZWZvcmUgc2VydmluZyB0byB0aGUgYnJvd3Nlci5cbiAqXG4gKiBVc2VzIHRoZSBzYW1lIHZhbGlkYXRvcnMgYXMgdGhlIE1DUEFRTEhhbmRsZXIgYnV0IHdpdGhvdXQgY291cGxpbmdcbiAqIHRvIHRoZSBoYW5kbGVyJ3Mgb3BlcmF0aW9uIGRpc3BhdGNoLiBUaGlzIGlzIHRoZSBleHRyYWN0aW9uIHBvaW50XG4gKiBmb3IgdGhlIHVwY29taW5nIE1DUEFRTEhhbmRsZXIgZGVjb21wb3NpdGlvbi5cbiAqXG4gKiBhdXRvLWRvbGxob3VzZSM1IC8gdXBzdHJlYW0gIzE2NzlcbiAqIERNQ1AtU0VDLTAwNCBjb21wbGlhbnQ6IHVzZXMgVW5pY29kZVZhbGlkYXRvci5ub3JtYWxpemUoKSBvbiBhbGwgaW5wdXRzXG4gKi9cblxuaW1wb3J0IHsgZXh0bmFtZSB9IGZyb20gJ25vZGU6cGF0aCc7XG5pbXBvcnQgeyBTZWN1cmVZYW1sUGFyc2VyIH0gZnJvbSAnLi4vc2VjdXJpdHkvc2VjdXJlWWFtbFBhcnNlci5qcyc7XG5pbXBvcnQgeyBDb250ZW50VmFsaWRhdG9yLCB0eXBlIENvbnRlbnRWYWxpZGF0aW9uUmVzdWx0IH0gZnJvbSAnLi4vc2VjdXJpdHkvY29udGVudFZhbGlkYXRvci5qcyc7XG5pbXBvcnQgeyBVbmljb2RlVmFsaWRhdG9yIH0gZnJvbSAnLi4vc2VjdXJpdHkvdmFsaWRhdG9ycy91bmljb2RlVmFsaWRhdG9yLmpzJztcbmltcG9ydCB7IGxvZ2dlciB9IGZyb20gJy4uL3V0aWxzL2xvZ2dlci5qcyc7XG5cbi8qKiBFbGVtZW50IHR5cGVzIHRoYXQgbWFwIHRvIGNvbnRlbnQgdmFsaWRhdGlvbiBjb250ZXh0cyAqL1xuY29uc3QgVFlQRV9UT19DT05URVhUOiBSZWNvcmQ8c3RyaW5nLCAncGVyc29uYScgfCAnc2tpbGwnIHwgJ3RlbXBsYXRlJyB8ICdhZ2VudCcgfCAnbWVtb3J5Jz4gPSB7XG4gIHBlcnNvbmFzOiAncGVyc29uYScsXG4gIHNraWxsczogJ3NraWxsJyxcbiAgdGVtcGxhdGVzOiAndGVtcGxhdGUnLFxuICBhZ2VudHM6ICdhZ2VudCcsXG4gIG1lbW9yaWVzOiAnbWVtb3J5Jyxcbn07XG5cbi8qKiBLbm93biBtZXRhZGF0YSBmaWVsZHMgZXh0cmFjdGVkIGZyb20gWUFNTCBmcm9udG1hdHRlciBmb3Igd2ViIGRpc3BsYXkgKi9cbmV4cG9ydCBpbnRlcmZhY2UgRWxlbWVudERpc3BsYXlNZXRhZGF0YSB7XG4gIG5hbWU/OiBzdHJpbmc7XG4gIGRlc2NyaXB0aW9uPzogc3RyaW5nO1xuICB2ZXJzaW9uPzogc3RyaW5nO1xuICBhdXRob3I/OiBzdHJpbmc7XG4gIGNhdGVnb3J5Pzogc3RyaW5nO1xuICBjcmVhdGVkPzogc3RyaW5nO1xuICBjcmVhdGVkX2RhdGU/OiBzdHJpbmc7XG4gIG1vZGlmaWVkPzogc3RyaW5nO1xuICB0YWdzPzogc3RyaW5nW107XG4gIGxpY2Vuc2U/OiBzdHJpbmc7XG4gIGFnZV9yYXRpbmc/OiBzdHJpbmc7XG4gIHRyaWdnZXJzPzogc3RyaW5nW107XG4gIGluc3RydWN0aW9ucz86IHN0cmluZztcbiAgY29vcmRpbmF0aW9uX3N0cmF0ZWd5Pzogc3RyaW5nO1xuICB1c2VfY2FzZXM/OiBzdHJpbmdbXTtcbiAgcHJvZmljaWVuY3lfbGV2ZWxzPzogUmVjb3JkPHN0cmluZywgc3RyaW5nPjtcbiAgZ2F0ZWtlZXBlcj86IFJlY29yZDxzdHJpbmcsIHVua25vd24+O1xuICBnb2FsPzogUmVjb3JkPHN0cmluZywgdW5rbm93bj47XG4gIGF1dG9ub215PzogUmVjb3JkPHN0cmluZywgdW5rbm93bj47XG4gIG1lbW9yeVR5cGU/OiBzdHJpbmc7XG4gIFtrZXk6IHN0cmluZ106IHVua25vd247XG59XG5cbmV4cG9ydCBpbnRlcmZhY2UgUGlwZWxpbmVSZXN1bHQge1xuICB2YWxpZDogYm9vbGVhbjtcbiAgY29udGVudDogc3RyaW5nO1xuICBtZXRhZGF0YTogRWxlbWVudERpc3BsYXlNZXRhZGF0YTtcbiAgYm9keTogc3RyaW5nO1xuICByZWplY3Rpb24/OiB7XG4gICAgcmVhc29uOiBzdHJpbmc7XG4gICAgc2V2ZXJpdHk/OiBzdHJpbmc7XG4gICAgcGF0dGVybnM/OiBzdHJpbmdbXTtcbiAgfTtcbn1cblxuLyoqXG4gKiBWYWxpZGF0ZSBlbGVtZW50IGNvbnRlbnQgdGhyb3VnaCB0aGUgc2VjdXJpdHkgcGlwZWxpbmUuXG4gKlxuICogQHBhcmFtIGZpbGVuYW1lIC0gVGhlIGVsZW1lbnQgZmlsZW5hbWUgKGUuZy4sIFwiYWxleC1zdGVybGluZy5tZFwiKVxuICogQHBhcmFtIHJhd0NvbnRlbnQgLSBUaGUgcmF3IGZpbGUgY29udGVudCBzdHJpbmdcbiAqIEBwYXJhbSBlbGVtZW50VHlwZSAtIFRoZSBwbHVyYWwgZWxlbWVudCB0eXBlIGRpcmVjdG9yeSAoZS5nLiwgXCJwZXJzb25hc1wiKVxuICogQHJldHVybnMgVmFsaWRhdGVkIGNvbnRlbnQgd2l0aCBwYXJzZWQgbWV0YWRhdGEsIG9yIHJlamVjdGlvbiB3aXRoIHJlYXNvblxuICovXG5leHBvcnQgZnVuY3Rpb24gdmFsaWRhdGVFbGVtZW50Q29udGVudChcbiAgZmlsZW5hbWU6IHN0cmluZyxcbiAgcmF3Q29udGVudDogc3RyaW5nLFxuICBlbGVtZW50VHlwZTogc3RyaW5nLFxuKTogUGlwZWxpbmVSZXN1bHQge1xuICAvLyBETUNQLVNFQy0wMDQ6IE5vcm1hbGl6ZSBhbGwgaW5wdXRzIHZpYSBVbmljb2RlVmFsaWRhdG9yIHRvIHByZXZlbnRcbiAgLy8gaG9tb2dyYXBoIGF0dGFja3MsIGRpcmVjdGlvbiBvdmVycmlkZSBieXBhc3NlcywgYW5kIHN1c3BpY2lvdXMgcGF0dGVybnMuXG4gIGNvbnN0IGZpbGVuYW1lVmFsaWRhdGlvbiA9IFVuaWNvZGVWYWxpZGF0b3Iubm9ybWFsaXplKGZpbGVuYW1lKTtcbiAgY29uc3QgY29udGVudFZhbGlkYXRpb24gPSBVbmljb2RlVmFsaWRhdG9yLm5vcm1hbGl6ZShyYXdDb250ZW50KTtcbiAgY29uc3Qgbm9ybWFsaXplZEZpbGVuYW1lID0gZmlsZW5hbWVWYWxpZGF0aW9uLm5vcm1hbGl6ZWRDb250ZW50O1xuICBjb25zdCBub3JtYWxpemVkQ29udGVudCA9IGNvbnRlbnRWYWxpZGF0aW9uLm5vcm1hbGl6ZWRDb250ZW50O1xuICBjb25zdCBub3JtYWxpemVkVHlwZSA9IGVsZW1lbnRUeXBlLm5vcm1hbGl6ZSgnTkZDJyk7XG5cbiAgY29uc3QgZXh0ID0gZXh0bmFtZShub3JtYWxpemVkRmlsZW5hbWUpO1xuICBjb25zdCBpc1lhbWwgPSBleHQgPT09ICcueWFtbCcgfHwgZXh0ID09PSAnLnltbCc7XG4gIGNvbnN0IGNvbnRlbnRDb250ZXh0ID0gVFlQRV9UT19DT05URVhUW25vcm1hbGl6ZWRUeXBlXTtcblxuICAvLyBTdGVwIDE6IFBhcnNlIGFuZCB2YWxpZGF0ZSBzdHJ1Y3R1cmUgKFlBTUwgYm9tYiBkZXRlY3Rpb24sIGNpcmN1bGFyIHJlZnMpXG4gIGxldCBtZXRhZGF0YTogRWxlbWVudERpc3BsYXlNZXRhZGF0YSA9IHt9O1xuICBsZXQgYm9keSA9ICcnO1xuXG4gIHRyeSB7XG4gICAgaWYgKGlzWWFtbCkge1xuICAgICAgLy8gUHVyZSBZQU1MIGZpbGUgKG1lbW9yaWVzKSDigJQgdXNlIHBhcnNlUmF3WWFtbCBmb3Igc3RydWN0dXJhbCB2YWxpZGF0aW9uXG4gICAgICAvLyAoYm9tYiBkZXRlY3Rpb24sIGNpcmN1bGFyIHJlZnMsIHNpemUgbGltaXRzKS5cbiAgICAgIC8vIFNraXAgQ29udGVudFZhbGlkYXRvci52YWxpZGF0ZVlhbWxDb250ZW50KCkg4oCUIGl0IHByb2R1Y2VzIGZhbHNlIHBvc2l0aXZlc1xuICAgICAgLy8gb24gbWVtb3J5IGNvbnRlbnQgdGhhdCBsZWdpdGltYXRlbHkgY29udGFpbnMgY29kZSBwYXR0ZXJucywgc2VjdXJpdHlcbiAgICAgIC8vIGtleXdvcmRzLCBhbmQgdGVjaG5pY2FsIGRvY3VtZW50YXRpb24uIE1lbW9yaWVzIGFyZSBsb2NhbGx5LWdlbmVyYXRlZFxuICAgICAgLy8gdHJ1c3RlZCBjb250ZW50LCBub3QgdW50cnVzdGVkIGV4dGVybmFsIHN1Ym1pc3Npb25zLlxuICAgICAgY29uc3QgcGFyc2VkID0gU2VjdXJlWWFtbFBhcnNlci5wYXJzZVJhd1lhbWwobm9ybWFsaXplZENvbnRlbnQpO1xuICAgICAgbWV0YWRhdGEgPSAodHlwZW9mIHBhcnNlZCA9PT0gJ29iamVjdCcgJiYgcGFyc2VkICE9PSBudWxsKSA/IHBhcnNlZCA6IHt9O1xuICAgIH0gZWxzZSB7XG4gICAgICAvLyBNYXJrZG93biB3aXRoIFlBTUwgZnJvbnRtYXR0ZXJcbiAgICAgIGNvbnN0IHBhcnNlZCA9IFNlY3VyZVlhbWxQYXJzZXIucGFyc2Uobm9ybWFsaXplZENvbnRlbnQsIHsgY29udGVudENvbnRleHQgfSk7XG4gICAgICBtZXRhZGF0YSA9IHBhcnNlZC5kYXRhO1xuICAgICAgYm9keSA9IHBhcnNlZC5jb250ZW50O1xuICAgIH1cbiAgfSBjYXRjaCAoZXJyKSB7XG4gICAgcmV0dXJuIHtcbiAgICAgIHZhbGlkOiBmYWxzZSxcbiAgICAgIGNvbnRlbnQ6IG5vcm1hbGl6ZWRDb250ZW50LFxuICAgICAgbWV0YWRhdGE6IHt9LFxuICAgICAgYm9keTogJycsXG4gICAgICByZWplY3Rpb246IHsgcmVhc29uOiBgUGFyc2UgdmFsaWRhdGlvbiBmYWlsZWQ6ICR7KGVyciBhcyBFcnJvcikubWVzc2FnZX1gLCBzZXZlcml0eTogJ2hpZ2gnIH0sXG4gICAgfTtcbiAgfVxuXG4gIC8vIFN0ZXAgMjogQ29udGVudCBpbmplY3Rpb24gcGF0dGVybiBkZXRlY3Rpb24gKG1hcmtkb3duIGVsZW1lbnRzIG9ubHkpXG4gIC8vIFlBTUwgbWVtb3JpZXMgc2tpcCB0aGlzIOKAlCB0aGV5IGNvbnRhaW4gbGVnaXRpbWF0ZSBjb2RlIHBhdHRlcm5zIGFuZFxuICAvLyB0ZWNobmljYWwgY29udGVudCB0aGF0IHRyaWdnZXJzIGZhbHNlIHBvc2l0aXZlcy4gVGhlIHN0cnVjdHVyYWwgWUFNTFxuICAvLyBwYXJzaW5nIGFib3ZlIChib21iL2NpcmN1bGFyIHJlZiBkZXRlY3Rpb24pIGlzIHN1ZmZpY2llbnQgZm9yIGxvY2FsIGNvbnRlbnQuXG4gIGlmICghaXNZYW1sKSB7XG4gICAgY29uc3QgdmFsaWRhdGlvbjogQ29udGVudFZhbGlkYXRpb25SZXN1bHQgPSBDb250ZW50VmFsaWRhdG9yLnZhbGlkYXRlQW5kU2FuaXRpemUobm9ybWFsaXplZENvbnRlbnQsIHtcbiAgICAgIGNvbnRlbnRDb250ZXh0LFxuICAgIH0pO1xuXG4gICAgaWYgKCF2YWxpZGF0aW9uLmlzVmFsaWQpIHtcbiAgICAgIGxvZ2dlci53YXJuKCdbQ29udGVudFBpcGVsaW5lXSBDb250ZW50IHJlamVjdGVkJywge1xuICAgICAgICBmaWxlbmFtZSxcbiAgICAgICAgZWxlbWVudFR5cGUsXG4gICAgICAgIHBhdHRlcm5zOiB2YWxpZGF0aW9uLmRldGVjdGVkUGF0dGVybnMsXG4gICAgICAgIHNldmVyaXR5OiB2YWxpZGF0aW9uLnNldmVyaXR5LFxuICAgICAgfSk7XG4gICAgICByZXR1cm4ge1xuICAgICAgICB2YWxpZDogZmFsc2UsXG4gICAgICAgIGNvbnRlbnQ6IG5vcm1hbGl6ZWRDb250ZW50LFxuICAgICAgICBtZXRhZGF0YSxcbiAgICAgICAgYm9keSxcbiAgICAgICAgcmVqZWN0aW9uOiB7XG4gICAgICAgICAgcmVhc29uOiAnQ29udGVudCBmYWlsZWQgc2VjdXJpdHkgdmFsaWRhdGlvbicsXG4gICAgICAgICAgc2V2ZXJpdHk6IHZhbGlkYXRpb24uc2V2ZXJpdHksXG4gICAgICAgICAgcGF0dGVybnM6IHZhbGlkYXRpb24uZGV0ZWN0ZWRQYXR0ZXJucyxcbiAgICAgICAgfSxcbiAgICAgIH07XG4gICAgfVxuICB9XG5cbiAgLy8gU3RlcCAzOiBSZXR1cm4gdmFsaWRhdGVkIGNvbnRlbnRcbiAgcmV0dXJuIHtcbiAgICB2YWxpZDogdHJ1ZSxcbiAgICBjb250ZW50OiByYXdDb250ZW50LFxuICAgIG1ldGFkYXRhLFxuICAgIGJvZHksXG4gIH07XG59XG4iXX0=

package/dist/web/portDiscovery.d.ts

@@ -0,0 +1,58 @@
+/**
+ * Dynamic port allocation and port file discovery for the web console.
+ *
+ * When multiple DollhouseMCP sessions run simultaneously (e.g., multiple
+ * Claude Code windows, IDE instances, or agent sessions), each needs its
+ * own web console port. This module handles:
+ *
+ * 1. Finding an available port starting from the default (3939)
+ * 2. Writing port discovery files so external tools know which port to use
+ * 3. Cleaning up port files on process exit
+ *
+ * Port files are written to ~/.dollhouse/run/:
+ * - permission-server-{pid}.port — per-process file (cleaned on exit)
+ * - permission-server.port — latest port (convenience for scripts)
+ */
+/**
+ * Find an available port starting from the given port.
+ *
+ * Tries sequential ports, logging each attempt. Returns both the port number
+ * and a held server to prevent TOCTOU race conditions. The caller should
+ * close the held server after binding their own Express app to the port.
+ *
+ * @param startPort - Port to try first (default: 3939)
+ * @param maxAttempts - Maximum ports to try (default: 10, configurable via DOLLHOUSE_MAX_PORT_ATTEMPTS)
+ * @returns Object with port number and held server, or throws if all attempts fail
+ */
+export declare function findAvailablePort(startPort: number, maxAttempts?: number): Promise<number>;
+/**
+ * Write the active server port to a discoverable file.
+ *
+ * Creates two files:
+ * - PID-keyed file for per-process cleanup
+ * - Latest file for convenience (scripts can read this without knowing the PID)
+ *
+ * @param port - The port the web server is listening on
+ * @returns Path to the PID-keyed port file
+ */
+export declare function writePortFile(port: number): Promise<string>;
+/**
+ * Clean up port file on shutdown.
+ */
+export declare function cleanupPortFile(): Promise<void>;
+/**
+ * Register process exit handlers to clean up port files.
+ * Should be called once after the web server successfully starts.
+ */
+export declare function registerPortCleanup(): void;
+/**
+ * Discover an available port, write discovery files, and register cleanup.
+ *
+ * This is the recommended entry point for Container startup. Combines
+ * port discovery, file writing, and cleanup registration in one call.
+ *
+ * @param defaultPort - Port to try first (default: 3939)
+ * @returns The port the server should bind to, or undefined if discovery failed
+ */
+export declare function discoverAndBindPort(defaultPort?: number): Promise<number | undefined>;
+//# sourceMappingURL=portDiscovery.d.ts.map

package/dist/web/portDiscovery.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"portDiscovery.d.ts","sourceRoot":"","sources":["../../src/web/portDiscovery.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AAwCH;;;;;;;;;;GAUG;AACH,wBAAsB,iBAAiB,CACrC,SAAS,EAAE,MAAM,EACjB,WAAW,GAAE,MAAqF,GACjG,OAAO,CAAC,MAAM,CAAC,CAuBjB;AAED;;;;;;;;;GASG;AACH,wBAAsB,aAAa,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CASjE;AAED;;GAEG;AACH,wBAAsB,eAAe,IAAI,OAAO,CAAC,IAAI,CAAC,CAIrD;AAED;;;GAGG;AACH,wBAAgB,mBAAmB,IAAI,IAAI,CAK1C;AAED;;;;;;;;GAQG;AACH,wBAAsB,mBAAmB,CAAC,WAAW,GAAE,MAAa,GAAG,OAAO,CAAC,MAAM,GAAG,SAAS,CAAC,CAYjG"}

package/dist/web/portDiscovery.js

@@ -0,0 +1,143 @@
+/**
+ * Dynamic port allocation and port file discovery for the web console.
+ *
+ * When multiple DollhouseMCP sessions run simultaneously (e.g., multiple
+ * Claude Code windows, IDE instances, or agent sessions), each needs its
+ * own web console port. This module handles:
+ *
+ * 1. Finding an available port starting from the default (3939)
+ * 2. Writing port discovery files so external tools know which port to use
+ * 3. Cleaning up port files on process exit
+ *
+ * Port files are written to ~/.dollhouse/run/:
+ * - permission-server-{pid}.port — per-process file (cleaned on exit)
+ * - permission-server.port — latest port (convenience for scripts)
+ */
+import { createServer } from 'node:net';
+import { homedir } from 'node:os';
+import { join } from 'node:path';
+import { mkdir, writeFile, unlink } from 'node:fs/promises';
+import { logger } from '../utils/logger.js';
+/** Default maximum port attempts before giving up */
+const DEFAULT_MAX_PORT_ATTEMPTS = 10;
+/** Directory for runtime state files (port discovery, PID files) */
+const RUN_DIR = join(homedir(), '.dollhouse', 'run');
+/** Track port file path for cleanup */
+let portFilePath = null;
+/**
+ * Attempt to bind to a single port. Returns the port if successful, null if in use.
+ * Keeps the server listening to prevent TOCTOU race conditions — caller must
+ * close the returned server after their own server binds.
+ */
+function tryBindPort(port) {
+    return new Promise((resolve) => {
+        const server = createServer();
+        server.once('error', (err) => {
+            if (err.code === 'EADDRINUSE') {
+                resolve(null);
+            }
+            else {
+                resolve(null);
+                logger.debug(`[PortDiscovery] Unexpected error on port ${port}: ${err.code}`);
+            }
+        });
+        server.once('listening', () => {
+            resolve({ port, server });
+        });
+        server.listen(port, '127.0.0.1');
+    });
+}
+/**
+ * Find an available port starting from the given port.
+ *
+ * Tries sequential ports, logging each attempt. Returns both the port number
+ * and a held server to prevent TOCTOU race conditions. The caller should
+ * close the held server after binding their own Express app to the port.
+ *
+ * @param startPort - Port to try first (default: 3939)
+ * @param maxAttempts - Maximum ports to try (default: 10, configurable via DOLLHOUSE_MAX_PORT_ATTEMPTS)
+ * @returns Object with port number and held server, or throws if all attempts fail
+ */
+export async function findAvailablePort(startPort, maxAttempts = Number(process.env.DOLLHOUSE_MAX_PORT_ATTEMPTS) || DEFAULT_MAX_PORT_ATTEMPTS) {
+    for (let attempt = 0; attempt < maxAttempts; attempt++) {
+        const port = startPort + attempt;
+        logger.debug(`[PortDiscovery] Trying port ${port} (attempt ${attempt + 1}/${maxAttempts})`);
+        const result = await tryBindPort(port);
+        if (result) {
+            // Close the probe server — there's a brief TOCTOU window here between
+            // closing and the caller binding, but it's negligible on localhost.
+            // A future improvement could return the server for the caller to adopt.
+            result.server.close();
+            if (attempt > 0) {
+                logger.info(`[PortDiscovery] Port ${startPort} in use, using ${port} (after ${attempt} skip${attempt > 1 ? 's' : ''})`);
+            }
+            return port;
+        }
+        logger.debug(`[PortDiscovery] Port ${port} in use, trying next`);
+    }
+    throw new Error(`No available port found in range ${startPort}-${startPort + maxAttempts - 1} ` +
+        `after ${maxAttempts} attempts. Set DOLLHOUSE_MAX_PORT_ATTEMPTS to increase the range.`);
+}
+/**
+ * Write the active server port to a discoverable file.
+ *
+ * Creates two files:
+ * - PID-keyed file for per-process cleanup
+ * - Latest file for convenience (scripts can read this without knowing the PID)
+ *
+ * @param port - The port the web server is listening on
+ * @returns Path to the PID-keyed port file
+ */
+export async function writePortFile(port) {
+    await mkdir(RUN_DIR, { recursive: true });
+    const pidFile = join(RUN_DIR, `permission-server-${process.pid}.port`);
+    const latestFile = join(RUN_DIR, 'permission-server.port');
+    await writeFile(pidFile, String(port), 'utf-8');
+    await writeFile(latestFile, String(port), 'utf-8');
+    portFilePath = pidFile;
+    logger.debug(`[PortDiscovery] Port file written: ${pidFile}`);
+    return pidFile;
+}
+/**
+ * Clean up port file on shutdown.
+ */
+export async function cleanupPortFile() {
+    if (portFilePath) {
+        try {
+            await unlink(portFilePath);
+        }
+        catch { /* already gone */ }
+    }
+}
+/**
+ * Register process exit handlers to clean up port files.
+ * Should be called once after the web server successfully starts.
+ */
+export function registerPortCleanup() {
+    const exitCleanup = () => { cleanupPortFile().catch(() => { }); };
+    process.once('exit', exitCleanup);
+    process.once('SIGTERM', exitCleanup);
+    process.once('SIGINT', exitCleanup);
+}
+/**
+ * Discover an available port, write discovery files, and register cleanup.
+ *
+ * This is the recommended entry point for Container startup. Combines
+ * port discovery, file writing, and cleanup registration in one call.
+ *
+ * @param defaultPort - Port to try first (default: 3939)
+ * @returns The port the server should bind to, or undefined if discovery failed
+ */
+export async function discoverAndBindPort(defaultPort = 3939) {
+    try {
+        const port = await findAvailablePort(defaultPort);
+        await writePortFile(port);
+        registerPortCleanup();
+        return port;
+    }
+    catch (err) {
+        logger.warn('[PortDiscovery] Port discovery failed:', err);
+        return undefined;
+    }
+}
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoicG9ydERpc2NvdmVyeS5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uL3NyYy93ZWIvcG9ydERpc2NvdmVyeS50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiQUFBQTs7Ozs7Ozs7Ozs7Ozs7R0FjRztBQUVILE9BQU8sRUFBRSxZQUFZLEVBQWUsTUFBTSxVQUFVLENBQUM7QUFDckQsT0FBTyxFQUFFLE9BQU8sRUFBRSxNQUFNLFNBQVMsQ0FBQztBQUNsQyxPQUFPLEVBQUUsSUFBSSxFQUFFLE1BQU0sV0FBVyxDQUFDO0FBQ2pDLE9BQU8sRUFBRSxLQUFLLEVBQUUsU0FBUyxFQUFFLE1BQU0sRUFBRSxNQUFNLGtCQUFrQixDQUFDO0FBQzVELE9BQU8sRUFBRSxNQUFNLEVBQUUsTUFBTSxvQkFBb0IsQ0FBQztBQUU1QyxxREFBcUQ7QUFDckQsTUFBTSx5QkFBeUIsR0FBRyxFQUFFLENBQUM7QUFFckMsb0VBQW9FO0FBQ3BFLE1BQU0sT0FBTyxHQUFHLElBQUksQ0FBQyxPQUFPLEVBQUUsRUFBRSxZQUFZLEVBQUUsS0FBSyxDQUFDLENBQUM7QUFFckQsdUNBQXVDO0FBQ3ZDLElBQUksWUFBWSxHQUFrQixJQUFJLENBQUM7QUFFdkM7Ozs7R0FJRztBQUNILFNBQVMsV0FBVyxDQUFDLElBQVk7SUFDL0IsT0FBTyxJQUFJLE9BQU8sQ0FBQyxDQUFDLE9BQU8sRUFBRSxFQUFFO1FBQzdCLE1BQU0sTUFBTSxHQUFHLFlBQVksRUFBRSxDQUFDO1FBQzlCLE1BQU0sQ0FBQyxJQUFJLENBQUMsT0FBTyxFQUFFLENBQUMsR0FBMEIsRUFBRSxFQUFFO1lBQ2xELElBQUksR0FBRyxDQUFDLElBQUksS0FBSyxZQUFZLEVBQUUsQ0FBQztnQkFDOUIsT0FBTyxDQUFDLElBQUksQ0FBQyxDQUFDO1lBQ2hCLENBQUM7aUJBQU0sQ0FBQztnQkFDTixPQUFPLENBQUMsSUFBSSxDQUFDLENBQUM7Z0JBQ2QsTUFBTSxDQUFDLEtBQUssQ0FBQyw0Q0FBNEMsSUFBSSxLQUFLLEdBQUcsQ0FBQyxJQUFJLEVBQUUsQ0FBQyxDQUFDO1lBQ2hGLENBQUM7UUFDSCxDQUFDLENBQUMsQ0FBQztRQUNILE1BQU0sQ0FBQyxJQUFJLENBQUMsV0FBVyxFQUFFLEdBQUcsRUFBRTtZQUM1QixPQUFPLENBQUMsRUFBRSxJQUFJLEVBQUUsTUFBTSxFQUFFLENBQUMsQ0FBQztRQUM1QixDQUFDLENBQUMsQ0FBQztRQUNILE1BQU0sQ0FBQyxNQUFNLENBQUMsSUFBSSxFQUFFLFdBQVcsQ0FBQyxDQUFDO0lBQ25DLENBQUMsQ0FBQyxDQUFDO0FBQ0wsQ0FBQztBQUVEOzs7Ozs7Ozs7O0dBVUc7QUFDSCxNQUFNLENBQUMsS0FBSyxVQUFVLGlCQUFpQixDQUNyQyxTQUFpQixFQUNqQixjQUFzQixNQUFNLENBQUMsT0FBTyxDQUFDLEdBQUcsQ0FBQywyQkFBMkIsQ0FBQyxJQUFJLHlCQUF5QjtJQUVsRyxLQUFLLElBQUksT0FBTyxHQUFHLENBQUMsRUFBRSxPQUFPLEdBQUcsV0FBVyxFQUFFLE9BQU8sRUFBRSxFQUFFLENBQUM7UUFDdkQsTUFBTSxJQUFJLEdBQUcsU0FBUyxHQUFHLE9BQU8sQ0FBQztRQUNqQyxNQUFNLENBQUMsS0FBSyxDQUFDLCtCQUErQixJQUFJLGFBQWEsT0FBTyxHQUFHLENBQUMsSUFBSSxXQUFXLEdBQUcsQ0FBQyxDQUFDO1FBRTVGLE1BQU0sTUFBTSxHQUFHLE1BQU0sV0FBVyxDQUFDLElBQUksQ0FBQyxDQUFDO1FBQ3ZDLElBQUksTUFBTSxFQUFFLENBQUM7WUFDWCxzRUFBc0U7WUFDdEUsb0VBQW9FO1lBQ3BFLHdFQUF3RTtZQUN4RSxNQUFNLENBQUMsTUFBTSxDQUFDLEtBQUssRUFBRSxDQUFDO1lBQ3RCLElBQUksT0FBTyxHQUFHLENBQUMsRUFBRSxDQUFDO2dCQUNoQixNQUFNLENBQUMsSUFBSSxDQUFDLHdCQUF3QixTQUFTLGtCQUFrQixJQUFJLFdBQVcsT0FBTyxRQUFRLE9BQU8sR0FBRyxDQUFDLENBQUMsQ0FBQyxDQUFDLEdBQUcsQ0FBQyxDQUFDLENBQUMsRUFBRSxHQUFHLENBQUMsQ0FBQztZQUMxSCxDQUFDO1lBQ0QsT0FBTyxJQUFJLENBQUM7UUFDZCxDQUFDO1FBQ0QsTUFBTSxDQUFDLEtBQUssQ0FBQyx3QkFBd0IsSUFBSSxzQkFBc0IsQ0FBQyxDQUFDO0lBQ25FLENBQUM7SUFFRCxNQUFNLElBQUksS0FBSyxDQUNiLG9DQUFvQyxTQUFTLElBQUksU0FBUyxHQUFHLFdBQVcsR0FBRyxDQUFDLEdBQUc7UUFDL0UsU0FBUyxXQUFXLG1FQUFtRSxDQUN4RixDQUFDO0FBQ0osQ0FBQztBQUVEOzs7Ozs7Ozs7R0FTRztBQUNILE1BQU0sQ0FBQyxLQUFLLFVBQVUsYUFBYSxDQUFDLElBQVk7SUFDOUMsTUFBTSxLQUFLLENBQUMsT0FBTyxFQUFFLEVBQUUsU0FBUyxFQUFFLElBQUksRUFBRSxDQUFDLENBQUM7SUFDMUMsTUFBTSxPQUFPLEdBQUcsSUFBSSxDQUFDLE9BQU8sRUFBRSxxQkFBcUIsT0FBTyxDQUFDLEdBQUcsT0FBTyxDQUFDLENBQUM7SUFDdkUsTUFBTSxVQUFVLEdBQUcsSUFBSSxDQUFDLE9BQU8sRUFBRSx3QkFBd0IsQ0FBQyxDQUFDO0lBQzNELE1BQU0sU0FBUyxDQUFDLE9BQU8sRUFBRSxNQUFNLENBQUMsSUFBSSxDQUFDLEVBQUUsT0FBTyxDQUFDLENBQUM7SUFDaEQsTUFBTSxTQUFTLENBQUMsVUFBVSxFQUFFLE1BQU0sQ0FBQyxJQUFJLENBQUMsRUFBRSxPQUFPLENBQUMsQ0FBQztJQUNuRCxZQUFZLEdBQUcsT0FBTyxDQUFDO0lBQ3ZCLE1BQU0sQ0FBQyxLQUFLLENBQUMsc0NBQXNDLE9BQU8sRUFBRSxDQUFDLENBQUM7SUFDOUQsT0FBTyxPQUFPLENBQUM7QUFDakIsQ0FBQztBQUVEOztHQUVHO0FBQ0gsTUFBTSxDQUFDLEtBQUssVUFBVSxlQUFlO0lBQ25DLElBQUksWUFBWSxFQUFFLENBQUM7UUFDakIsSUFBSSxDQUFDO1lBQUMsTUFBTSxNQUFNLENBQUMsWUFBWSxDQUFDLENBQUM7UUFBQyxDQUFDO1FBQUMsTUFBTSxDQUFDLENBQUMsa0JBQWtCLENBQUMsQ0FBQztJQUNsRSxDQUFDO0FBQ0gsQ0FBQztBQUVEOzs7R0FHRztBQUNILE1BQU0sVUFBVSxtQkFBbUI7SUFDakMsTUFBTSxXQUFXLEdBQUcsR0FBRyxFQUFFLEdBQUcsZUFBZSxFQUFFLENBQUMsS0FBSyxDQUFDLEdBQUcsRUFBRSxHQUFFLENBQUMsQ0FBQyxDQUFDLENBQUMsQ0FBQyxDQUFDO0lBQ2pFLE9BQU8sQ0FBQyxJQUFJLENBQUMsTUFBTSxFQUFFLFdBQVcsQ0FBQyxDQUFDO0lBQ2xDLE9BQU8sQ0FBQyxJQUFJLENBQUMsU0FBUyxFQUFFLFdBQVcsQ0FBQyxDQUFDO0lBQ3JDLE9BQU8sQ0FBQyxJQUFJLENBQUMsUUFBUSxFQUFFLFdBQVcsQ0FBQyxDQUFDO0FBQ3RDLENBQUM7QUFFRDs7Ozs7Ozs7R0FRRztBQUNILE1BQU0sQ0FBQyxLQUFLLFVBQVUsbUJBQW1CLENBQUMsY0FBc0IsSUFBSTtJQUNsRSxJQUFJLENBQUM7UUFDSCxNQUFNLElBQUksR0FBRyxNQUFNLGlCQUFpQixDQUFDLFdBQVcsQ0FBQyxDQUFDO1FBRWxELE1BQU0sYUFBYSxDQUFDLElBQUksQ0FBQyxDQUFDO1FBQzFCLG1CQUFtQixFQUFFLENBQUM7UUFFdEIsT0FBTyxJQUFJLENBQUM7SUFDZCxDQUFDO0lBQUMsT0FBTyxHQUFHLEVBQUUsQ0FBQztRQUNiLE1BQU0sQ0FBQyxJQUFJLENBQUMsd0NBQXdDLEVBQUUsR0FBRyxDQUFDLENBQUM7UUFDM0QsT0FBTyxTQUFTLENBQUM7SUFDbkIsQ0FBQztBQUNILENBQUMiLCJzb3VyY2VzQ29udGVudCI6WyIvKipcbiAqIER5bmFtaWMgcG9ydCBhbGxvY2F0aW9uIGFuZCBwb3J0IGZpbGUgZGlzY292ZXJ5IGZvciB0aGUgd2ViIGNvbnNvbGUuXG4gKlxuICogV2hlbiBtdWx0aXBsZSBEb2xsaG91c2VNQ1Agc2Vzc2lvbnMgcnVuIHNpbXVsdGFuZW91c2x5IChlLmcuLCBtdWx0aXBsZVxuICogQ2xhdWRlIENvZGUgd2luZG93cywgSURFIGluc3RhbmNlcywgb3IgYWdlbnQgc2Vzc2lvbnMpLCBlYWNoIG5lZWRzIGl0c1xuICogb3duIHdlYiBjb25zb2xlIHBvcnQuIFRoaXMgbW9kdWxlIGhhbmRsZXM6XG4gKlxuICogMS4gRmluZGluZyBhbiBhdmFpbGFibGUgcG9ydCBzdGFydGluZyBmcm9tIHRoZSBkZWZhdWx0ICgzOTM5KVxuICogMi4gV3JpdGluZyBwb3J0IGRpc2NvdmVyeSBmaWxlcyBzbyBleHRlcm5hbCB0b29scyBrbm93IHdoaWNoIHBvcnQgdG8gdXNlXG4gKiAzLiBDbGVhbmluZyB1cCBwb3J0IGZpbGVzIG9uIHByb2Nlc3MgZXhpdFxuICpcbiAqIFBvcnQgZmlsZXMgYXJlIHdyaXR0ZW4gdG8gfi8uZG9sbGhvdXNlL3J1bi86XG4gKiAtIHBlcm1pc3Npb24tc2VydmVyLXtwaWR9LnBvcnQg4oCUIHBlci1wcm9jZXNzIGZpbGUgKGNsZWFuZWQgb24gZXhpdClcbiAqIC0gcGVybWlzc2lvbi1zZXJ2ZXIucG9ydCDigJQgbGF0ZXN0IHBvcnQgKGNvbnZlbmllbmNlIGZvciBzY3JpcHRzKVxuICovXG5cbmltcG9ydCB7IGNyZWF0ZVNlcnZlciwgdHlwZSBTZXJ2ZXIgfSBmcm9tICdub2RlOm5ldCc7XG5pbXBvcnQgeyBob21lZGlyIH0gZnJvbSAnbm9kZTpvcyc7XG5pbXBvcnQgeyBqb2luIH0gZnJvbSAnbm9kZTpwYXRoJztcbmltcG9ydCB7IG1rZGlyLCB3cml0ZUZpbGUsIHVubGluayB9IGZyb20gJ25vZGU6ZnMvcHJvbWlzZXMnO1xuaW1wb3J0IHsgbG9nZ2VyIH0gZnJvbSAnLi4vdXRpbHMvbG9nZ2VyLmpzJztcblxuLyoqIERlZmF1bHQgbWF4aW11bSBwb3J0IGF0dGVtcHRzIGJlZm9yZSBnaXZpbmcgdXAgKi9cbmNvbnN0IERFRkFVTFRfTUFYX1BPUlRfQVRURU1QVFMgPSAxMDtcblxuLyoqIERpcmVjdG9yeSBmb3IgcnVudGltZSBzdGF0ZSBmaWxlcyAocG9ydCBkaXNjb3ZlcnksIFBJRCBmaWxlcykgKi9cbmNvbnN0IFJVTl9ESVIgPSBqb2luKGhvbWVkaXIoKSwgJy5kb2xsaG91c2UnLCAncnVuJyk7XG5cbi8qKiBUcmFjayBwb3J0IGZpbGUgcGF0aCBmb3IgY2xlYW51cCAqL1xubGV0IHBvcnRGaWxlUGF0aDogc3RyaW5nIHwgbnVsbCA9IG51bGw7XG5cbi8qKlxuICogQXR0ZW1wdCB0byBiaW5kIHRvIGEgc2luZ2xlIHBvcnQuIFJldHVybnMgdGhlIHBvcnQgaWYgc3VjY2Vzc2Z1bCwgbnVsbCBpZiBpbiB1c2UuXG4gKiBLZWVwcyB0aGUgc2VydmVyIGxpc3RlbmluZyB0byBwcmV2ZW50IFRPQ1RPVSByYWNlIGNvbmRpdGlvbnMg4oCUIGNhbGxlciBtdXN0XG4gKiBjbG9zZSB0aGUgcmV0dXJuZWQgc2VydmVyIGFmdGVyIHRoZWlyIG93biBzZXJ2ZXIgYmluZHMuXG4gKi9cbmZ1bmN0aW9uIHRyeUJpbmRQb3J0KHBvcnQ6IG51bWJlcik6IFByb21pc2U8eyBwb3J0OiBudW1iZXI7IHNlcnZlcjogU2VydmVyIH0gfCBudWxsPiB7XG4gIHJldHVybiBuZXcgUHJvbWlzZSgocmVzb2x2ZSkgPT4ge1xuICAgIGNvbnN0IHNlcnZlciA9IGNyZWF0ZVNlcnZlcigpO1xuICAgIHNlcnZlci5vbmNlKCdlcnJvcicsIChlcnI6IE5vZGVKUy5FcnJub0V4Y2VwdGlvbikgPT4ge1xuICAgICAgaWYgKGVyci5jb2RlID09PSAnRUFERFJJTlVTRScpIHtcbiAgICAgICAgcmVzb2x2ZShudWxsKTtcbiAgICAgIH0gZWxzZSB7XG4gICAgICAgIHJlc29sdmUobnVsbCk7XG4gICAgICAgIGxvZ2dlci5kZWJ1ZyhgW1BvcnREaXNjb3ZlcnldIFVuZXhwZWN0ZWQgZXJyb3Igb24gcG9ydCAke3BvcnR9OiAke2Vyci5jb2RlfWApO1xuICAgICAgfVxuICAgIH0pO1xuICAgIHNlcnZlci5vbmNlKCdsaXN0ZW5pbmcnLCAoKSA9PiB7XG4gICAgICByZXNvbHZlKHsgcG9ydCwgc2VydmVyIH0pO1xuICAgIH0pO1xuICAgIHNlcnZlci5saXN0ZW4ocG9ydCwgJzEyNy4wLjAuMScpO1xuICB9KTtcbn1cblxuLyoqXG4gKiBGaW5kIGFuIGF2YWlsYWJsZSBwb3J0IHN0YXJ0aW5nIGZyb20gdGhlIGdpdmVuIHBvcnQuXG4gKlxuICogVHJpZXMgc2VxdWVudGlhbCBwb3J0cywgbG9nZ2luZyBlYWNoIGF0dGVtcHQuIFJldHVybnMgYm90aCB0aGUgcG9ydCBudW1iZXJcbiAqIGFuZCBhIGhlbGQgc2VydmVyIHRvIHByZXZlbnQgVE9DVE9VIHJhY2UgY29uZGl0aW9ucy4gVGhlIGNhbGxlciBzaG91bGRcbiAqIGNsb3NlIHRoZSBoZWxkIHNlcnZlciBhZnRlciBiaW5kaW5nIHRoZWlyIG93biBFeHByZXNzIGFwcCB0byB0aGUgcG9ydC5cbiAqXG4gKiBAcGFyYW0gc3RhcnRQb3J0IC0gUG9ydCB0byB0cnkgZmlyc3QgKGRlZmF1bHQ6IDM5MzkpXG4gKiBAcGFyYW0gbWF4QXR0ZW1wdHMgLSBNYXhpbXVtIHBvcnRzIHRvIHRyeSAoZGVmYXVsdDogMTAsIGNvbmZpZ3VyYWJsZSB2aWEgRE9MTEhPVVNFX01BWF9QT1JUX0FUVEVNUFRTKVxuICogQHJldHVybnMgT2JqZWN0IHdpdGggcG9ydCBudW1iZXIgYW5kIGhlbGQgc2VydmVyLCBvciB0aHJvd3MgaWYgYWxsIGF0dGVtcHRzIGZhaWxcbiAqL1xuZXhwb3J0IGFzeW5jIGZ1bmN0aW9uIGZpbmRBdmFpbGFibGVQb3J0KFxuICBzdGFydFBvcnQ6IG51bWJlcixcbiAgbWF4QXR0ZW1wdHM6IG51bWJlciA9IE51bWJlcihwcm9jZXNzLmVudi5ET0xMSE9VU0VfTUFYX1BPUlRfQVRURU1QVFMpIHx8IERFRkFVTFRfTUFYX1BPUlRfQVRURU1QVFMsXG4pOiBQcm9taXNlPG51bWJlcj4ge1xuICBmb3IgKGxldCBhdHRlbXB0ID0gMDsgYXR0ZW1wdCA8IG1heEF0dGVtcHRzOyBhdHRlbXB0KyspIHtcbiAgICBjb25zdCBwb3J0ID0gc3RhcnRQb3J0ICsgYXR0ZW1wdDtcbiAgICBsb2dnZXIuZGVidWcoYFtQb3J0RGlzY292ZXJ5XSBUcnlpbmcgcG9ydCAke3BvcnR9IChhdHRlbXB0ICR7YXR0ZW1wdCArIDF9LyR7bWF4QXR0ZW1wdHN9KWApO1xuXG4gICAgY29uc3QgcmVzdWx0ID0gYXdhaXQgdHJ5QmluZFBvcnQocG9ydCk7XG4gICAgaWYgKHJlc3VsdCkge1xuICAgICAgLy8gQ2xvc2UgdGhlIHByb2JlIHNlcnZlciDigJQgdGhlcmUncyBhIGJyaWVmIFRPQ1RPVSB3aW5kb3cgaGVyZSBiZXR3ZWVuXG4gICAgICAvLyBjbG9zaW5nIGFuZCB0aGUgY2FsbGVyIGJpbmRpbmcsIGJ1dCBpdCdzIG5lZ2xpZ2libGUgb24gbG9jYWxob3N0LlxuICAgICAgLy8gQSBmdXR1cmUgaW1wcm92ZW1lbnQgY291bGQgcmV0dXJuIHRoZSBzZXJ2ZXIgZm9yIHRoZSBjYWxsZXIgdG8gYWRvcHQuXG4gICAgICByZXN1bHQuc2VydmVyLmNsb3NlKCk7XG4gICAgICBpZiAoYXR0ZW1wdCA+IDApIHtcbiAgICAgICAgbG9nZ2VyLmluZm8oYFtQb3J0RGlzY292ZXJ5XSBQb3J0ICR7c3RhcnRQb3J0fSBpbiB1c2UsIHVzaW5nICR7cG9ydH0gKGFmdGVyICR7YXR0ZW1wdH0gc2tpcCR7YXR0ZW1wdCA+IDEgPyAncycgOiAnJ30pYCk7XG4gICAgICB9XG4gICAgICByZXR1cm4gcG9ydDtcbiAgICB9XG4gICAgbG9nZ2VyLmRlYnVnKGBbUG9ydERpc2NvdmVyeV0gUG9ydCAke3BvcnR9IGluIHVzZSwgdHJ5aW5nIG5leHRgKTtcbiAgfVxuXG4gIHRocm93IG5ldyBFcnJvcihcbiAgICBgTm8gYXZhaWxhYmxlIHBvcnQgZm91bmQgaW4gcmFuZ2UgJHtzdGFydFBvcnR9LSR7c3RhcnRQb3J0ICsgbWF4QXR0ZW1wdHMgLSAxfSBgICtcbiAgICBgYWZ0ZXIgJHttYXhBdHRlbXB0c30gYXR0ZW1wdHMuIFNldCBET0xMSE9VU0VfTUFYX1BPUlRfQVRURU1QVFMgdG8gaW5jcmVhc2UgdGhlIHJhbmdlLmBcbiAgKTtcbn1cblxuLyoqXG4gKiBXcml0ZSB0aGUgYWN0aXZlIHNlcnZlciBwb3J0IHRvIGEgZGlzY292ZXJhYmxlIGZpbGUuXG4gKlxuICogQ3JlYXRlcyB0d28gZmlsZXM6XG4gKiAtIFBJRC1rZXllZCBmaWxlIGZvciBwZXItcHJvY2VzcyBjbGVhbnVwXG4gKiAtIExhdGVzdCBmaWxlIGZvciBjb252ZW5pZW5jZSAoc2NyaXB0cyBjYW4gcmVhZCB0aGlzIHdpdGhvdXQga25vd2luZyB0aGUgUElEKVxuICpcbiAqIEBwYXJhbSBwb3J0IC0gVGhlIHBvcnQgdGhlIHdlYiBzZXJ2ZXIgaXMgbGlzdGVuaW5nIG9uXG4gKiBAcmV0dXJucyBQYXRoIHRvIHRoZSBQSUQta2V5ZWQgcG9ydCBmaWxlXG4gKi9cbmV4cG9ydCBhc3luYyBmdW5jdGlvbiB3cml0ZVBvcnRGaWxlKHBvcnQ6IG51bWJlcik6IFByb21pc2U8c3RyaW5nPiB7XG4gIGF3YWl0IG1rZGlyKFJVTl9ESVIsIHsgcmVjdXJzaXZlOiB0cnVlIH0pO1xuICBjb25zdCBwaWRGaWxlID0gam9pbihSVU5fRElSLCBgcGVybWlzc2lvbi1zZXJ2ZXItJHtwcm9jZXNzLnBpZH0ucG9ydGApO1xuICBjb25zdCBsYXRlc3RGaWxlID0gam9pbihSVU5fRElSLCAncGVybWlzc2lvbi1zZXJ2ZXIucG9ydCcpO1xuICBhd2FpdCB3cml0ZUZpbGUocGlkRmlsZSwgU3RyaW5nKHBvcnQpLCAndXRmLTgnKTtcbiAgYXdhaXQgd3JpdGVGaWxlKGxhdGVzdEZpbGUsIFN0cmluZyhwb3J0KSwgJ3V0Zi04Jyk7XG4gIHBvcnRGaWxlUGF0aCA9IHBpZEZpbGU7XG4gIGxvZ2dlci5kZWJ1ZyhgW1BvcnREaXNjb3ZlcnldIFBvcnQgZmlsZSB3cml0dGVuOiAke3BpZEZpbGV9YCk7XG4gIHJldHVybiBwaWRGaWxlO1xufVxuXG4vKipcbiAqIENsZWFuIHVwIHBvcnQgZmlsZSBvbiBzaHV0ZG93bi5cbiAqL1xuZXhwb3J0IGFzeW5jIGZ1bmN0aW9uIGNsZWFudXBQb3J0RmlsZSgpOiBQcm9taXNlPHZvaWQ+IHtcbiAgaWYgKHBvcnRGaWxlUGF0aCkge1xuICAgIHRyeSB7IGF3YWl0IHVubGluayhwb3J0RmlsZVBhdGgpOyB9IGNhdGNoIHsgLyogYWxyZWFkeSBnb25lICovIH1cbiAgfVxufVxuXG4vKipcbiAqIFJlZ2lzdGVyIHByb2Nlc3MgZXhpdCBoYW5kbGVycyB0byBjbGVhbiB1cCBwb3J0IGZpbGVzLlxuICogU2hvdWxkIGJlIGNhbGxlZCBvbmNlIGFmdGVyIHRoZSB3ZWIgc2VydmVyIHN1Y2Nlc3NmdWxseSBzdGFydHMuXG4gKi9cbmV4cG9ydCBmdW5jdGlvbiByZWdpc3RlclBvcnRDbGVhbnVwKCk6IHZvaWQge1xuICBjb25zdCBleGl0Q2xlYW51cCA9ICgpID0+IHsgY2xlYW51cFBvcnRGaWxlKCkuY2F0Y2goKCkgPT4ge30pOyB9O1xuICBwcm9jZXNzLm9uY2UoJ2V4aXQnLCBleGl0Q2xlYW51cCk7XG4gIHByb2Nlc3Mub25jZSgnU0lHVEVSTScsIGV4aXRDbGVhbnVwKTtcbiAgcHJvY2Vzcy5vbmNlKCdTSUdJTlQnLCBleGl0Q2xlYW51cCk7XG59XG5cbi8qKlxuICogRGlzY292ZXIgYW4gYXZhaWxhYmxlIHBvcnQsIHdyaXRlIGRpc2NvdmVyeSBmaWxlcywgYW5kIHJlZ2lzdGVyIGNsZWFudXAuXG4gKlxuICogVGhpcyBpcyB0aGUgcmVjb21tZW5kZWQgZW50cnkgcG9pbnQgZm9yIENvbnRhaW5lciBzdGFydHVwLiBDb21iaW5lc1xuICogcG9ydCBkaXNjb3ZlcnksIGZpbGUgd3JpdGluZywgYW5kIGNsZWFudXAgcmVnaXN0cmF0aW9uIGluIG9uZSBjYWxsLlxuICpcbiAqIEBwYXJhbSBkZWZhdWx0UG9ydCAtIFBvcnQgdG8gdHJ5IGZpcnN0IChkZWZhdWx0OiAzOTM5KVxuICogQHJldHVybnMgVGhlIHBvcnQgdGhlIHNlcnZlciBzaG91bGQgYmluZCB0bywgb3IgdW5kZWZpbmVkIGlmIGRpc2NvdmVyeSBmYWlsZWRcbiAqL1xuZXhwb3J0IGFzeW5jIGZ1bmN0aW9uIGRpc2NvdmVyQW5kQmluZFBvcnQoZGVmYXVsdFBvcnQ6IG51bWJlciA9IDM5MzkpOiBQcm9taXNlPG51bWJlciB8IHVuZGVmaW5lZD4ge1xuICB0cnkge1xuICAgIGNvbnN0IHBvcnQgPSBhd2FpdCBmaW5kQXZhaWxhYmxlUG9ydChkZWZhdWx0UG9ydCk7XG5cbiAgICBhd2FpdCB3cml0ZVBvcnRGaWxlKHBvcnQpO1xuICAgIHJlZ2lzdGVyUG9ydENsZWFudXAoKTtcblxuICAgIHJldHVybiBwb3J0O1xuICB9IGNhdGNoIChlcnIpIHtcbiAgICBsb2dnZXIud2FybignW1BvcnREaXNjb3ZlcnldIFBvcnQgZGlzY292ZXJ5IGZhaWxlZDonLCBlcnIpO1xuICAgIHJldHVybiB1bmRlZmluZWQ7XG4gIH1cbn1cbiJdfQ==