@groundnuty/macf-channel-server 0.2.0-rc.0

package/dist/index.js

@@ -0,0 +1,25 @@
+/**
+ * Multi-Agent Coordination Framework (MACF)
+ *
+ * Coordinates multiple Claude Code agents via GitHub,
+ * using MCP channels (HTTP/mTLS) for communication.
+ */
+export { MacfError, ConfigError, McpChannelError, HttpsServerError, PortUnavailableError, PortExhaustedError, ValidationError } from '@groundnuty/macf-core';
+export { createMcpChannel } from './mcp.js';
+export { createHttpsServer } from './https.js';
+export { createHealthState } from './health.js';
+export { createLogger } from '@groundnuty/macf-core';
+export { loadConfig } from '@groundnuty/macf-core';
+export { NotifyPayloadSchema, NotifyTypeSchema, HealthResponseSchema, CiCompletionPayloadSchema, CheckSuiteConclusionSchema, } from '@groundnuty/macf-core';
+// P2: Registry & Discovery
+export { createRegistryFromConfig, createRegistry, createGitHubClient, GitHubApiError, AgentInfoSchema, RegistryConfigSchema } from '@groundnuty/macf-core';
+export { checkCollision, CollisionError } from './collision.js';
+export { registerShutdownHandler } from './shutdown.js';
+export { generateToken } from '@groundnuty/macf-core';
+export { checkPendingIssues } from './startup-issues.js';
+// P3: Certificate Management
+export { createCA, backupCAKey, recoverCAKey, encryptCAKey, decryptCAKey, loadCA, CaError } from '@groundnuty/macf-core';
+export { generateAgentCert, generateCSR, signCSR, AgentCertError } from '@groundnuty/macf-core';
+export { createChallenge, verifyAndConsumeChallenge, ChallengeError } from '@groundnuty/macf-core';
+export { SignRequestSchema, SignChallengeResponseSchema, SignCertResponseSchema } from '@groundnuty/macf-core';
+//# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAAE,SAAS,EAAE,WAAW,EAAE,eAAe,EAAE,gBAAgB,EAAE,oBAAoB,EAAE,kBAAkB,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AAC7J,OAAO,EAAE,gBAAgB,EAAE,MAAM,UAAU,CAAC;AAC5C,OAAO,EAAE,iBAAiB,EAAE,MAAM,YAAY,CAAC;AAC/C,OAAO,EAAE,iBAAiB,EAAE,MAAM,aAAa,CAAC;AAChD,OAAO,EAAE,YAAY,EAAE,MAAM,uBAAuB,CAAC;AACrD,OAAO,EAAE,UAAU,EAAE,MAAM,uBAAuB,CAAC;AACnD,OAAO,EACL,mBAAmB,EAAE,gBAAgB,EAAE,oBAAoB,EAC3D,yBAAyB,EAAE,0BAA0B,GACtD,MAAM,uBAAuB,CAAC;AAO/B,2BAA2B;AAC3B,OAAO,EAAE,wBAAwB,EAAE,cAAc,EAAE,kBAAkB,EAAE,cAAc,EAAE,eAAe,EAAE,oBAAoB,EAAE,MAAM,uBAAuB,CAAC;AAE5J,OAAO,EAAE,cAAc,EAAE,cAAc,EAAE,MAAM,gBAAgB,CAAC;AAEhE,OAAO,EAAE,uBAAuB,EAAE,MAAM,eAAe,CAAC;AACxD,OAAO,EAAE,aAAa,EAAE,MAAM,uBAAuB,CAAC;AACtD,OAAO,EAAE,kBAAkB,EAAE,MAAM,qBAAqB,CAAC;AAEzD,6BAA6B;AAC7B,OAAO,EAAE,QAAQ,EAAE,WAAW,EAAE,YAAY,EAAE,YAAY,EAAE,YAAY,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,uBAAuB,CAAC;AAEzH,OAAO,EAAE,iBAAiB,EAAE,WAAW,EAAE,OAAO,EAAE,cAAc,EAAE,MAAM,uBAAuB,CAAC;AAEhG,OAAO,EAAE,eAAe,EAAE,yBAAyB,EAAE,cAAc,EAAE,MAAM,uBAAuB,CAAC;AACnG,OAAO,EAAE,iBAAiB,EAAE,2BAA2B,EAAE,sBAAsB,EAAE,MAAM,uBAAuB,CAAC"}

package/dist/mcp.d.ts

@@ -0,0 +1,6 @@
+import type { McpChannel } from '@groundnuty/macf-core';
+export declare function createMcpChannel(config: {
+    readonly agentName: string;
+    readonly instructions?: string;
+}): McpChannel;
+//# sourceMappingURL=mcp.d.ts.map

package/dist/mcp.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"mcp.d.ts","sourceRoot":"","sources":["../src/mcp.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,uBAAuB,CAAC;AAaxD,wBAAgB,gBAAgB,CAAC,MAAM,EAAE;IACvC,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;IAC3B,QAAQ,CAAC,YAAY,CAAC,EAAE,MAAM,CAAC;CAChC,GAAG,UAAU,CA4Cb"}

package/dist/mcp.js

@@ -0,0 +1,43 @@
+import { Server } from '@modelcontextprotocol/sdk/server/index.js';
+import { StdioServerTransport } from '@modelcontextprotocol/sdk/server/stdio.js';
+import { McpChannelError } from '@groundnuty/macf-core';
+const CHANNEL_INSTRUCTIONS = `Events arrive as <channel source="macf-agent" type="..." ...>.
+
+type="issue_routed": A GitHub issue was routed to you by the agent-router Action.
+  Read the issue and work on it following your agent identity rules.
+
+type="mention": You were @mentioned in an issue comment or PR review.
+  Read the context and respond.
+
+type="startup_check": Pending issues found at session startup.
+  Review and pick up the most important one.`;
+export function createMcpChannel(config) {
+    const instructions = config.instructions ?? CHANNEL_INSTRUCTIONS;
+    const server = new Server({ name: `macf-${config.agentName}`, version: '0.2.0-rc.0' }, {
+        capabilities: {
+            experimental: { 'claude/channel': {} },
+        },
+        instructions,
+    });
+    return {
+        async connect() {
+            const transport = new StdioServerTransport();
+            await server.connect(transport);
+        },
+        async pushNotification(content, meta) {
+            try {
+                // notifications/claude/channel is a Claude Code extension not in MCP's
+                // typed ServerNotification union, but Server.assertNotificationCapability
+                // has no default case so unknown methods pass through at runtime.
+                await server.notification({
+                    method: 'notifications/claude/channel',
+                    params: { content, meta },
+                });
+            }
+            catch (err) {
+                throw new McpChannelError(`Failed to push notification: ${err instanceof Error ? err.message : String(err)}`);
+            }
+        },
+    };
+}
+//# sourceMappingURL=mcp.js.map

package/dist/mcp.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"mcp.js","sourceRoot":"","sources":["../src/mcp.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,2CAA2C,CAAC;AACnE,OAAO,EAAE,oBAAoB,EAAE,MAAM,2CAA2C,CAAC;AACjF,OAAO,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AAGxD,MAAM,oBAAoB,GAAG;;;;;;;;;6CASgB,CAAC;AAE9C,MAAM,UAAU,gBAAgB,CAAC,MAGhC;IACC,MAAM,YAAY,GAAG,MAAM,CAAC,YAAY,IAAI,oBAAoB,CAAC;IAEjE,MAAM,MAAM,GAAG,IAAI,MAAM,CACvB,EAAE,IAAI,EAAE,QAAQ,MAAM,CAAC,SAAS,EAAE,EAAE,OAAO,EAAE,YAAY,EAAE,EAC3D;QACE,YAAY,EAAE;YACZ,YAAY,EAAE,EAAE,gBAAgB,EAAE,EAAE,EAAE;SACvC;QACD,YAAY;KACb,CACF,CAAC;IAEF,OAAO;QACL,KAAK,CAAC,OAAO;YACX,MAAM,SAAS,GAAG,IAAI,oBAAoB,EAAE,CAAC;YAC7C,MAAM,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;QAClC,CAAC;QAED,KAAK,CAAC,gBAAgB,CACpB,OAAe,EACf,IAA4B;YAE5B,IAAI,CAAC;gBACH,uEAAuE;gBACvE,0EAA0E;gBAC1E,kEAAkE;gBAClE,MAAO,MAAM,CAAC,YAMM,CAAC;oBACnB,MAAM,EAAE,8BAA8B;oBACtC,MAAM,EAAE,EAAE,OAAO,EAAE,IAAI,EAAE;iBAC1B,CAAC,CAAC;YACL,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,MAAM,IAAI,eAAe,CACvB,gCAAgC,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,CACnF,CAAC;YACJ,CAAC;QACH,CAAC;KACF,CAAC;AACJ,CAAC"}

package/dist/notify-formatter.d.ts

@@ -0,0 +1,19 @@
+import type { NotifyPayload } from '@groundnuty/macf-core';
+/**
+ * Render a NotifyPayload to the operator-facing content string that
+ * gets pushed through MCP. Pure function — extracted from `onNotify`
+ * in `server.ts` per ultrareview finding A6. Previously the renderer
+ * lived inside a 58-line closure that also did logging, health-state
+ * mutation, and MCP push; adding a new `NotifyPayload` variant meant
+ * editing that closure. Extracting makes variant dispatch testable
+ * in isolation.
+ *
+ * Returns the rendered content and the issue number the payload is
+ * associated with (for health-state updates at the call site).
+ */
+export interface FormattedNotify {
+    readonly content: string;
+    readonly issueNumber?: number;
+}
+export declare function formatNotifyContent(payload: NotifyPayload): FormattedNotify;
+//# sourceMappingURL=notify-formatter.d.ts.map

package/dist/notify-formatter.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"notify-formatter.d.ts","sourceRoot":"","sources":["../src/notify-formatter.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,uBAAuB,CAAC;AAE3D;;;;;;;;;;;GAWG;AACH,MAAM,WAAW,eAAe;IAC9B,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;IACzB,QAAQ,CAAC,WAAW,CAAC,EAAE,MAAM,CAAC;CAC/B;AAED,wBAAgB,mBAAmB,CAAC,OAAO,EAAE,aAAa,GAAG,eAAe,CA4C3E"}

package/dist/notify-formatter.js

@@ -0,0 +1,43 @@
+export function formatNotifyContent(payload) {
+    if (payload.type === 'issue_routed') {
+        if (payload.issue_number !== undefined) {
+            const suffix = payload.title ? `: ${payload.title}` : '';
+            return {
+                content: `Issue #${payload.issue_number} was routed to you${suffix}`,
+                issueNumber: payload.issue_number,
+            };
+        }
+        return {
+            content: payload.title
+                ? `An issue was routed to you: ${payload.title}`
+                : 'An issue was routed to you',
+        };
+    }
+    if (payload.type === 'mention') {
+        return { content: payload.message ?? 'You were mentioned' };
+    }
+    if (payload.type === 'ci_completion') {
+        // Prefer the prebuilt `message` (producer has all context) but
+        // fall back to a shape-derived rendering if absent. Producers
+        // that use CiCompletionPayloadSchema always provide `message`.
+        if (payload.message) {
+            return { content: payload.message };
+        }
+        if (payload.pr_number !== undefined && payload.conclusion !== undefined) {
+            const prRef = `PR #${payload.pr_number}`;
+            if (payload.conclusion === 'success') {
+                return { content: `${prRef}: CI SUCCESS` };
+            }
+            const failing = payload.failing_check_name
+                ? ` (first failing check: '${payload.failing_check_name}')`
+                : '';
+            return {
+                content: `${prRef}: CI ${payload.conclusion.toUpperCase()}${failing}`,
+            };
+        }
+        return { content: 'CI completed' };
+    }
+    // startup_check or any future variant falls through here
+    return { content: payload.message ?? 'Pending issues found at startup' };
+}
+//# sourceMappingURL=notify-formatter.js.map

package/dist/notify-formatter.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"notify-formatter.js","sourceRoot":"","sources":["../src/notify-formatter.ts"],"names":[],"mappings":"AAmBA,MAAM,UAAU,mBAAmB,CAAC,OAAsB;IACxD,IAAI,OAAO,CAAC,IAAI,KAAK,cAAc,EAAE,CAAC;QACpC,IAAI,OAAO,CAAC,YAAY,KAAK,SAAS,EAAE,CAAC;YACvC,MAAM,MAAM,GAAG,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,KAAK,OAAO,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YACzD,OAAO;gBACL,OAAO,EAAE,UAAU,OAAO,CAAC,YAAY,qBAAqB,MAAM,EAAE;gBACpE,WAAW,EAAE,OAAO,CAAC,YAAY;aAClC,CAAC;QACJ,CAAC;QACD,OAAO;YACL,OAAO,EAAE,OAAO,CAAC,KAAK;gBACpB,CAAC,CAAC,+BAA+B,OAAO,CAAC,KAAK,EAAE;gBAChD,CAAC,CAAC,4BAA4B;SACjC,CAAC;IACJ,CAAC;IAED,IAAI,OAAO,CAAC,IAAI,KAAK,SAAS,EAAE,CAAC;QAC/B,OAAO,EAAE,OAAO,EAAE,OAAO,CAAC,OAAO,IAAI,oBAAoB,EAAE,CAAC;IAC9D,CAAC;IAED,IAAI,OAAO,CAAC,IAAI,KAAK,eAAe,EAAE,CAAC;QACrC,+DAA+D;QAC/D,8DAA8D;QAC9D,+DAA+D;QAC/D,IAAI,OAAO,CAAC,OAAO,EAAE,CAAC;YACpB,OAAO,EAAE,OAAO,EAAE,OAAO,CAAC,OAAO,EAAE,CAAC;QACtC,CAAC;QACD,IAAI,OAAO,CAAC,SAAS,KAAK,SAAS,IAAI,OAAO,CAAC,UAAU,KAAK,SAAS,EAAE,CAAC;YACxE,MAAM,KAAK,GAAG,OAAO,OAAO,CAAC,SAAS,EAAE,CAAC;YACzC,IAAI,OAAO,CAAC,UAAU,KAAK,SAAS,EAAE,CAAC;gBACrC,OAAO,EAAE,OAAO,EAAE,GAAG,KAAK,cAAc,EAAE,CAAC;YAC7C,CAAC;YACD,MAAM,OAAO,GAAG,OAAO,CAAC,kBAAkB;gBACxC,CAAC,CAAC,2BAA2B,OAAO,CAAC,kBAAkB,IAAI;gBAC3D,CAAC,CAAC,EAAE,CAAC;YACP,OAAO;gBACL,OAAO,EAAE,GAAG,KAAK,QAAQ,OAAO,CAAC,UAAU,CAAC,WAAW,EAAE,GAAG,OAAO,EAAE;aACtE,CAAC;QACJ,CAAC;QACD,OAAO,EAAE,OAAO,EAAE,cAAc,EAAE,CAAC;IACrC,CAAC;IAED,yDAAyD;IACzD,OAAO,EAAE,OAAO,EAAE,OAAO,CAAC,OAAO,IAAI,iCAAiC,EAAE,CAAC;AAC3E,CAAC"}

package/dist/otel.d.ts

@@ -0,0 +1,59 @@
+/**
+ * OpenTelemetry bootstrap — dynamic-import gated by env.
+ *
+ * Zero-cost default (macf#196, revisiting macf#194):
+ *
+ *   The original v0.1.7 shipped this module with TOP-LEVEL static
+ *   imports of the 5 SDK packages. That violated the zero-cost
+ *   doctrine structurally: Node resolved + loaded all of them at
+ *   startup regardless of whether `OTEL_EXPORTER_OTLP_ENDPOINT`
+ *   was set. Worse, when a consumer workspace didn't have the
+ *   packages in its `node_modules/` (which was the default — they
+ *   weren't declared in `plugin/package.json`), the server crashed
+ *   with `ERR_MODULE_NOT_FOUND` before the env-guard ever ran.
+ *
+ *   v0.1.8 fix: `bootstrapOtel()` is async; inside, we `await import()`
+ *   the SDK packages only when the endpoint is set. Node only
+ *   resolves the packages when the operator opts in. If they're
+ *   missing at that point (operator set the env but forgot `npm
+ *   install`), we fail LOUD with an actionable message — silent
+ *   no-op would hide the opt-in attempt.
+ *
+ *   `@opentelemetry/api` stays statically imported because other
+ *   modules (`src/tracing.ts`, `src/https.ts`) import it at eval
+ *   time for the no-op tracer path. The `api` package has zero
+ *   deps and is already a transitive dep, so it's safe to require.
+ *
+ * Why manual-only (no `auto-instrumentations-node`):
+ *   Auto-instrumentations monkey-patch core Node modules including
+ *   HTTPS — and we rely on exact mTLS client-cert validation
+ *   semantics in `src/https.ts`. Any patching layer between us and
+ *   Node's TLS code is a correctness risk we don't need.
+ *
+ * Version pinning:
+ *   SDK-node packages (`@opentelemetry/sdk-trace-node` etc.) are
+ *   still pre-1.0 (0.x). Breaking changes land in minor releases.
+ *   Pin exact versions via package.json — do NOT use caret ranges.
+ *
+ * See DR-021 for the full rationale + option analysis.
+ */
+/**
+ * Opt-in OTEL bootstrap. No-op (and zero module-resolution cost) when
+ * `OTEL_EXPORTER_OTLP_ENDPOINT` is unset. When set, dynamic-imports
+ * the SDK packages, configures an OTLP-proto exporter, registers the
+ * provider globally, and wires SIGTERM/SIGINT span-flush.
+ *
+ * **Must be awaited before any span-emitting module's handler runs.**
+ * In `src/server.ts`, `await bootstrapOtel()` sits at the top of
+ * `main()` so the global tracer provider is live before /notify,
+ * /sign, etc. start accepting requests.
+ *
+ * Fail-loud policy:
+ *   - `OTEL_EXPORTER_OTLP_ENDPOINT` unset → silent return (zero-cost default).
+ *   - Env set + import fails → process.exit(1) with actionable
+ *     stderr. Operator explicitly opted into observability; silent
+ *     no-op would hide the config mistake.
+ *   - Env set + import ok + provider setup fails → same exit(1).
+ */
+export declare function bootstrapOtel(): Promise<void>;
+//# sourceMappingURL=otel.d.ts.map

package/dist/otel.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"otel.d.ts","sourceRoot":"","sources":["../src/otel.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAsCG;AAEH;;;;;;;;;;;;;;;;;GAiBG;AACH,wBAAsB,aAAa,IAAI,OAAO,CAAC,IAAI,CAAC,CAsEnD"}

package/dist/otel.js

@@ -0,0 +1,122 @@
+/**
+ * OpenTelemetry bootstrap — dynamic-import gated by env.
+ *
+ * Zero-cost default (macf#196, revisiting macf#194):
+ *
+ *   The original v0.1.7 shipped this module with TOP-LEVEL static
+ *   imports of the 5 SDK packages. That violated the zero-cost
+ *   doctrine structurally: Node resolved + loaded all of them at
+ *   startup regardless of whether `OTEL_EXPORTER_OTLP_ENDPOINT`
+ *   was set. Worse, when a consumer workspace didn't have the
+ *   packages in its `node_modules/` (which was the default — they
+ *   weren't declared in `plugin/package.json`), the server crashed
+ *   with `ERR_MODULE_NOT_FOUND` before the env-guard ever ran.
+ *
+ *   v0.1.8 fix: `bootstrapOtel()` is async; inside, we `await import()`
+ *   the SDK packages only when the endpoint is set. Node only
+ *   resolves the packages when the operator opts in. If they're
+ *   missing at that point (operator set the env but forgot `npm
+ *   install`), we fail LOUD with an actionable message — silent
+ *   no-op would hide the opt-in attempt.
+ *
+ *   `@opentelemetry/api` stays statically imported because other
+ *   modules (`src/tracing.ts`, `src/https.ts`) import it at eval
+ *   time for the no-op tracer path. The `api` package has zero
+ *   deps and is already a transitive dep, so it's safe to require.
+ *
+ * Why manual-only (no `auto-instrumentations-node`):
+ *   Auto-instrumentations monkey-patch core Node modules including
+ *   HTTPS — and we rely on exact mTLS client-cert validation
+ *   semantics in `src/https.ts`. Any patching layer between us and
+ *   Node's TLS code is a correctness risk we don't need.
+ *
+ * Version pinning:
+ *   SDK-node packages (`@opentelemetry/sdk-trace-node` etc.) are
+ *   still pre-1.0 (0.x). Breaking changes land in minor releases.
+ *   Pin exact versions via package.json — do NOT use caret ranges.
+ *
+ * See DR-021 for the full rationale + option analysis.
+ */
+/**
+ * Opt-in OTEL bootstrap. No-op (and zero module-resolution cost) when
+ * `OTEL_EXPORTER_OTLP_ENDPOINT` is unset. When set, dynamic-imports
+ * the SDK packages, configures an OTLP-proto exporter, registers the
+ * provider globally, and wires SIGTERM/SIGINT span-flush.
+ *
+ * **Must be awaited before any span-emitting module's handler runs.**
+ * In `src/server.ts`, `await bootstrapOtel()` sits at the top of
+ * `main()` so the global tracer provider is live before /notify,
+ * /sign, etc. start accepting requests.
+ *
+ * Fail-loud policy:
+ *   - `OTEL_EXPORTER_OTLP_ENDPOINT` unset → silent return (zero-cost default).
+ *   - Env set + import fails → process.exit(1) with actionable
+ *     stderr. Operator explicitly opted into observability; silent
+ *     no-op would hide the config mistake.
+ *   - Env set + import ok + provider setup fails → same exit(1).
+ */
+export async function bootstrapOtel() {
+    const endpoint = process.env['OTEL_EXPORTER_OTLP_ENDPOINT'];
+    if (endpoint === undefined || endpoint === '')
+        return;
+    const serviceVersion = process.env['MACF_VERSION'] ?? '0.0.0';
+    const serviceName = process.env['OTEL_SERVICE_NAME'] ?? 'macf';
+    // Dynamic imports — only resolved when opted in. Lets a workspace
+    // WITHOUT `@opentelemetry/sdk-*` in node_modules start cleanly
+    // (as long as it doesn't opt in). See macf#196 for the bug this
+    // closes; consumer plugin workspaces have only a subset of deps
+    // available via `npm install` unless opted into observability.
+    let sdkNode;
+    let sdkBase;
+    let exporter;
+    let resources;
+    let semconv;
+    try {
+        [sdkNode, sdkBase, exporter, resources, semconv] = await Promise.all([
+            import('@opentelemetry/sdk-trace-node'),
+            import('@opentelemetry/sdk-trace-base'),
+            import('@opentelemetry/exporter-trace-otlp-proto'),
+            import('@opentelemetry/resources'),
+            import('@opentelemetry/semantic-conventions'),
+        ]);
+    }
+    catch (err) {
+        const msg = err instanceof Error ? err.message : String(err);
+        process.stderr.write(`FATAL: OTEL_EXPORTER_OTLP_ENDPOINT is set ("${endpoint}") but required @opentelemetry/* packages are missing.\n` +
+            `  Underlying error: ${msg}\n` +
+            `  Fix: install them in the plugin dir (e.g. run macf-agent's SessionStart npm-install hook), ` +
+            `or unset OTEL_EXPORTER_OTLP_ENDPOINT to disable telemetry.\n`);
+        process.exit(1);
+    }
+    // Resource attributes inherit from the SDK's default detectors
+    // (process.*, host.*, telemetry.sdk.*) via `defaultResource()`,
+    // merged with our explicit service.* attributes on top.
+    const resource = resources.defaultResource().merge(resources.resourceFromAttributes({
+        [semconv.ATTR_SERVICE_NAME]: serviceName,
+        [semconv.ATTR_SERVICE_VERSION]: serviceVersion,
+    }));
+    const provider = new sdkNode.NodeTracerProvider({
+        resource,
+        spanProcessors: [new sdkBase.BatchSpanProcessor(new exporter.OTLPTraceExporter())],
+    });
+    // register() installs the provider as global + sets W3C trace-
+    // context propagator as default. After this call,
+    // `trace.getTracer('macf')` from anywhere in the process returns a
+    // recording tracer bound to this provider.
+    provider.register();
+    // Clean shutdown: flush queued spans before process exits. Without
+    // these handlers, in-flight batches are dropped on SIGTERM/SIGINT —
+    // the last few seconds of coordination events never reach the
+    // collector.
+    const shutdown = async () => {
+        try {
+            await provider.shutdown();
+        }
+        catch {
+            // Silent — we're exiting regardless; don't spam stderr.
+        }
+    };
+    process.once('SIGTERM', shutdown);
+    process.once('SIGINT', shutdown);
+}
+//# sourceMappingURL=otel.js.map

package/dist/otel.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"otel.js","sourceRoot":"","sources":["../src/otel.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAsCG;AAEH;;;;;;;;;;;;;;;;;GAiBG;AACH,MAAM,CAAC,KAAK,UAAU,aAAa;IACjC,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,6BAA6B,CAAC,CAAC;IAC5D,IAAI,QAAQ,KAAK,SAAS,IAAI,QAAQ,KAAK,EAAE;QAAE,OAAO;IAEtD,MAAM,cAAc,GAAG,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC,IAAI,OAAO,CAAC;IAC9D,MAAM,WAAW,GAAG,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,IAAI,MAAM,CAAC;IAE/D,kEAAkE;IAClE,+DAA+D;IAC/D,gEAAgE;IAChE,gEAAgE;IAChE,+DAA+D;IAC/D,IAAI,OAAuD,CAAC;IAC5D,IAAI,OAAuD,CAAC;IAC5D,IAAI,QAAmE,CAAC;IACxE,IAAI,SAAoD,CAAC;IACzD,IAAI,OAA6D,CAAC;IAClE,IAAI,CAAC;QACH,CAAC,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,SAAS,EAAE,OAAO,CAAC,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC;YACnE,MAAM,CAAC,+BAA+B,CAAC;YACvC,MAAM,CAAC,+BAA+B,CAAC;YACvC,MAAM,CAAC,0CAA0C,CAAC;YAClD,MAAM,CAAC,0BAA0B,CAAC;YAClC,MAAM,CAAC,qCAAqC,CAAC;SAC9C,CAAC,CAAC;IACL,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,GAAG,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QAC7D,OAAO,CAAC,MAAM,CAAC,KAAK,CAClB,+CAA+C,QAAQ,0DAA0D;YAC/G,uBAAuB,GAAG,IAAI;YAC9B,+FAA+F;YAC/F,8DAA8D,CACjE,CAAC;QACF,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IAED,+DAA+D;IAC/D,gEAAgE;IAChE,wDAAwD;IACxD,MAAM,QAAQ,GAAG,SAAS,CAAC,eAAe,EAAE,CAAC,KAAK,CAChD,SAAS,CAAC,sBAAsB,CAAC;QAC/B,CAAC,OAAO,CAAC,iBAAiB,CAAC,EAAE,WAAW;QACxC,CAAC,OAAO,CAAC,oBAAoB,CAAC,EAAE,cAAc;KAC/C,CAAC,CACH,CAAC;IAEF,MAAM,QAAQ,GAAG,IAAI,OAAO,CAAC,kBAAkB,CAAC;QAC9C,QAAQ;QACR,cAAc,EAAE,CAAC,IAAI,OAAO,CAAC,kBAAkB,CAAC,IAAI,QAAQ,CAAC,iBAAiB,EAAE,CAAC,CAAC;KACnF,CAAC,CAAC;IAEH,+DAA+D;IAC/D,kDAAkD;IAClD,mEAAmE;IACnE,2CAA2C;IAC3C,QAAQ,CAAC,QAAQ,EAAE,CAAC;IAEpB,mEAAmE;IACnE,oEAAoE;IACpE,8DAA8D;IAC9D,aAAa;IACb,MAAM,QAAQ,GAAG,KAAK,IAAmB,EAAE;QACzC,IAAI,CAAC;YACH,MAAM,QAAQ,CAAC,QAAQ,EAAE,CAAC;QAC5B,CAAC;QAAC,MAAM,CAAC;YACP,wDAAwD;QAC1D,CAAC;IACH,CAAC,CAAC;IACF,OAAO,CAAC,IAAI,CAAC,SAAS,EAAE,QAAQ,CAAC,CAAC;IAClC,OAAO,CAAC,IAAI,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;AACnC,CAAC"}

package/dist/server.d.ts

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=server.d.ts.map

package/dist/server.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"server.d.ts","sourceRoot":"","sources":["../src/server.ts"],"names":[],"mappings":""}

package/dist/server.js

@@ -0,0 +1,256 @@
+// macf#196: OTEL bootstrap is now async + dynamic. We still import
+// the module eagerly (to get the function export), but the actual
+// SDK packages are loaded only when the env is set, inside
+// `bootstrapOtel()`. Calls to `trace.getTracer()` before the bootstrap
+// runs return the global no-op tracer — harmless, since no spans are
+// created before main() awaits the bootstrap.
+import { bootstrapOtel } from './otel.js';
+import { SpanKind, SpanStatusCode } from '@opentelemetry/api';
+import { getTracer, SpanNames } from './tracing.js';
+import { loadConfig } from '@groundnuty/macf-core';
+import { createLogger } from '@groundnuty/macf-core';
+import { createMcpChannel } from './mcp.js';
+import { createHealthState } from './health.js';
+import { createHttpsServer } from './https.js';
+import { createRegistryFromConfig } from '@groundnuty/macf-core';
+import { checkCollision, CollisionError } from './collision.js';
+import { registerShutdownHandler } from './shutdown.js';
+import { generateToken } from '@groundnuty/macf-core';
+import { createChallenge, verifyAndConsumeChallenge } from '@groundnuty/macf-core';
+import { createChallengeStore } from '@groundnuty/macf-core';
+import { signCSR } from '@groundnuty/macf-core';
+import { loadCA } from '@groundnuty/macf-core';
+import { HttpError } from '@groundnuty/macf-core';
+import { formatNotifyContent } from './notify-formatter.js';
+import { wakeViaTmux } from './tmux-wake.js';
+async function main() {
+    // Bootstrap OTEL BEFORE anything calls `trace.getTracer()` with
+    // intent to record. Function is no-op when
+    // OTEL_EXPORTER_OTLP_ENDPOINT is unset; when set, dynamic-imports
+    // the SDK packages + registers the global provider. See macf#196.
+    await bootstrapOtel();
+    const config = loadConfig();
+    const logger = createLogger({
+        logPath: config.logPath,
+        debug: config.debug,
+    });
+    // Partial-startup failures (MCP connected, port bound, then registry
+    // or collision fails) would otherwise crash with only the stderr
+    // message from the outer catch — channel.log would show the agent
+    // starting and then go silent, leaving operators with no signal.
+    // Wrap the startup body so post-logger failures land in the log.
+    // Ultrareview finding H5.
+    try {
+        await runStartup();
+    }
+    catch (err) {
+        logger.error('startup_failed', {
+            error: err instanceof Error ? err.message : String(err),
+            code: err.code ?? 'unknown',
+        });
+        throw err;
+    }
+    async function runStartup() {
+        const mcp = createMcpChannel({ agentName: config.agentName });
+        const health = createHealthState(config.agentName, config.agentType);
+        const onNotify = async (payload) => {
+            const meta = { type: payload.type };
+            if (payload.issue_number !== undefined) {
+                meta['issue_number'] = String(payload.issue_number);
+            }
+            if (payload.source !== undefined) {
+                meta['source'] = payload.source;
+            }
+            const { content, issueNumber } = formatNotifyContent(payload);
+            if (issueNumber !== undefined) {
+                health.setCurrentIssue(issueNumber);
+            }
+            logger.info('notify_received', {
+                type: payload.type,
+                issue: payload.issue_number,
+            });
+            // macf#194: wrap MCP push in an INTERNAL child span of the active
+            // notify span. Shows up in Langfuse as a timed hop between the
+            // inbound HTTP and the tmux wake.
+            const tracer = getTracer();
+            await tracer.startActiveSpan(SpanNames.McpPush, { kind: SpanKind.INTERNAL }, async (span) => {
+                try {
+                    await mcp.pushNotification(content, meta);
+                    span.setStatus({ code: SpanStatusCode.OK });
+                }
+                catch (err) {
+                    span.recordException(err);
+                    span.setStatus({
+                        code: SpanStatusCode.ERROR,
+                        message: err instanceof Error ? err.message : String(err),
+                    });
+                    throw err;
+                }
+                finally {
+                    span.end();
+                }
+            });
+            health.recordNotification();
+            logger.info('mcp_pushed', {
+                type: payload.type,
+                issue: payload.issue_number,
+            });
+            // macf#185: sidecar wake via tmux-send-to-claude.sh. The MCP push
+            // above deposits the notification in the channel-server's
+            // observable state but does NOT interrupt a running Claude TUI
+            // with a new prompt — /notify ≠ wake without this step. Tmux
+            // injection surfaces the notification as the TUI's next input
+            // turn, so the agent actually processes it. Fail-silent on any
+            // path where tmux isn't available (no workspace dir, no tmux
+            // session, helper missing, tmux command errors).
+            if (config.workspaceDir !== undefined) {
+                // Use the formatted content as the wake prompt — same text
+                // Claude would see via the MCP channel, just delivered
+                // through the input buffer path so it becomes an actual turn.
+                wakeViaTmux(content, {
+                    workspaceDir: config.workspaceDir,
+                    session: config.tmuxSession,
+                    window: config.tmuxWindow,
+                    logger,
+                });
+            }
+            else {
+                logger.info('tmux_wake_skipped', {
+                    reason: 'no_workspace_dir',
+                    detail: 'MACF_WORKSPACE_DIR unset',
+                });
+            }
+        };
+        // P2: Generate token early — needed for /sign endpoint and registry
+        const token = await generateToken();
+        const registry = createRegistryFromConfig(config.registry, config.project, token);
+        const { createGitHubClient } = await import('@groundnuty/macf-core');
+        // Build the variables client for the /sign challenge flow
+        let signPathPrefix;
+        switch (config.registry.type) {
+            case 'org':
+                signPathPrefix = `/orgs/${config.registry.org}`;
+                break;
+            case 'profile':
+                signPathPrefix = `/repos/${config.registry.user}/${config.registry.user}`;
+                break;
+            case 'repo':
+                signPathPrefix = `/repos/${config.registry.owner}/${config.registry.repo}`;
+                break;
+        }
+        const varsClient = createGitHubClient(signPathPrefix, token);
+        // In-memory challenge store (DR-010, #80). Process-local; server restart
+        // between step 1 and step 2 of a flow invalidates outstanding challenges.
+        const challengeStore = createChallengeStore();
+        // /sign endpoint handler — two-step challenge-response (DR-010).
+        // Step 1: allocate challenge, return id + instruction (no registry write).
+        // Step 2: verify challenge_id + registry-observed value, sign CSR.
+        const onSign = async (request) => {
+            // Try to load CA key — if not available, this agent can't sign.
+            let ca;
+            try {
+                ca = loadCA(config.caCertPath, config.caKeyPath);
+            }
+            catch {
+                throw new HttpError(503, 'CA key not available on this agent');
+            }
+            if (!request.challenge_done) {
+                // Step 1: allocate in-memory challenge, return id + instruction.
+                const challenge = createChallenge({
+                    project: config.project,
+                    agentName: request.agent_name,
+                    store: challengeStore,
+                });
+                logger.info('sign_challenge_created', {
+                    agent_name: request.agent_name,
+                    challenge_id: challenge.challengeId,
+                });
+                return {
+                    challenge_id: challenge.challengeId,
+                    instruction: challenge.instruction,
+                };
+            }
+            // Step 2: verify challenge + sign CSR. The refine() on SignRequestSchema
+            // already guarantees challenge_id is present when challenge_done is true.
+            const result = await verifyAndConsumeChallenge({
+                project: config.project,
+                agentName: request.agent_name,
+                challengeId: request.challenge_id,
+                store: challengeStore,
+                client: varsClient,
+            });
+            if (result === 'mismatch') {
+                // Generic error — do not leak which check failed (no oracle for
+                // attackers probing expired/mismatched-agent/wrong-value, etc).
+                logger.warn('sign_challenge_failed', { agent_name: request.agent_name });
+                throw new HttpError(401, 'challenge verification failed');
+            }
+            logger.info('sign_challenge_verified', { agent_name: request.agent_name });
+            const certPem = await signCSR({
+                csrPem: request.csr,
+                agentName: request.agent_name,
+                caCertPem: ca.certPem,
+                caKeyPem: ca.keyPem,
+            });
+            logger.info('sign_cert_issued', { agent_name: request.agent_name });
+            return { cert: certPem };
+        };
+        const httpsServer = createHttpsServer({
+            caCertPath: config.caCertPath,
+            agentCertPath: config.agentCertPath,
+            agentKeyPath: config.agentKeyPath,
+            onNotify,
+            onHealth: () => health.getHealth(),
+            onSign,
+            logger,
+        });
+        // P1: Connect MCP channel
+        await mcp.connect();
+        // P1: Bind port
+        const { actualPort } = await httpsServer.start(config.port, config.host);
+        // P2: Collision detection
+        const collisionResult = await checkCollision(config.agentName, registry, {
+            caCertPath: config.caCertPath,
+            agentCertPath: config.agentCertPath,
+            agentKeyPath: config.agentKeyPath,
+        }, logger);
+        if (collisionResult.action === 'abort') {
+            await httpsServer.stop();
+            throw new CollisionError(config.agentName, collisionResult.existing.host, collisionResult.existing.port);
+        }
+        // P2: Register in GitHub variable (use advertiseHost, not bind address)
+        const agentInfo = {
+            host: config.advertiseHost,
+            port: actualPort,
+            type: config.agentType,
+            instance_id: config.instanceId,
+            started: new Date().toISOString(),
+        };
+        await registry.register(config.agentName, agentInfo);
+        logger.info('registered', {
+            agent: config.agentName,
+            host: config.advertiseHost,
+            port: actualPort,
+            instance_id: config.instanceId,
+        });
+        // P2: Register shutdown handler
+        registerShutdownHandler({
+            agentName: config.agentName,
+            registry,
+            httpsServer,
+            logger,
+        });
+        logger.info('server_started', {
+            port: actualPort,
+            host: config.advertiseHost,
+            agent: config.agentName,
+            type: config.agentType,
+            instance_id: config.instanceId,
+        });
+    } // end runStartup
+}
+main().catch((err) => {
+    process.stderr.write(`Fatal: ${err instanceof Error ? err.message : String(err)}\n`);
+    process.exitCode = 1;
+});
+//# sourceMappingURL=server.js.map

package/dist/server.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"server.js","sourceRoot":"","sources":["../src/server.ts"],"names":[],"mappings":"AAAA,mEAAmE;AACnE,kEAAkE;AAClE,2DAA2D;AAC3D,uEAAuE;AACvE,qEAAqE;AACrE,8CAA8C;AAC9C,OAAO,EAAE,aAAa,EAAE,MAAM,WAAW,CAAC;AAE1C,OAAO,EAAE,QAAQ,EAAE,cAAc,EAAE,MAAM,oBAAoB,CAAC;AAC9D,OAAO,EAAE,SAAS,EAAE,SAAS,EAAE,MAAM,cAAc,CAAC;AACpD,OAAO,EAAE,UAAU,EAAE,MAAM,uBAAuB,CAAC;AACnD,OAAO,EAAE,YAAY,EAAE,MAAM,uBAAuB,CAAC;AACrD,OAAO,EAAE,gBAAgB,EAAE,MAAM,UAAU,CAAC;AAC5C,OAAO,EAAE,iBAAiB,EAAE,MAAM,aAAa,CAAC;AAChD,OAAO,EAAE,iBAAiB,EAAE,MAAM,YAAY,CAAC;AAC/C,OAAO,EAAE,wBAAwB,EAAE,MAAM,uBAAuB,CAAC;AACjE,OAAO,EAAE,cAAc,EAAE,cAAc,EAAE,MAAM,gBAAgB,CAAC;AAChE,OAAO,EAAE,uBAAuB,EAAE,MAAM,eAAe,CAAC;AACxD,OAAO,EAAE,aAAa,EAAE,MAAM,uBAAuB,CAAC;AACtD,OAAO,EAAE,eAAe,EAAE,yBAAyB,EAAE,MAAM,uBAAuB,CAAC;AACnF,OAAO,EAAE,oBAAoB,EAAE,MAAM,uBAAuB,CAAC;AAC7D,OAAO,EAAE,OAAO,EAAE,MAAM,uBAAuB,CAAC;AAChD,OAAO,EAAE,MAAM,EAAE,MAAM,uBAAuB,CAAC;AAC/C,OAAO,EAAE,SAAS,EAAE,MAAM,uBAAuB,CAAC;AAClD,OAAO,EAAE,mBAAmB,EAAE,MAAM,uBAAuB,CAAC;AAC5D,OAAO,EAAE,WAAW,EAAE,MAAM,gBAAgB,CAAC;AAiB7C,KAAK,UAAU,IAAI;IACjB,gEAAgE;IAChE,2CAA2C;IAC3C,kEAAkE;IAClE,kEAAkE;IAClE,MAAM,aAAa,EAAE,CAAC;IAEtB,MAAM,MAAM,GAAG,UAAU,EAAE,CAAC;IAE5B,MAAM,MAAM,GAAG,YAAY,CAAC;QAC1B,OAAO,EAAE,MAAM,CAAC,OAAO;QACvB,KAAK,EAAE,MAAM,CAAC,KAAK;KACpB,CAAC,CAAC;IAEH,qEAAqE;IACrE,iEAAiE;IACjE,kEAAkE;IAClE,iEAAiE;IACjE,iEAAiE;IACjE,0BAA0B;IAC1B,IAAI,CAAC;QACH,MAAM,UAAU,EAAE,CAAC;IACrB,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,CAAC,KAAK,CAAC,gBAAgB,EAAE;YAC7B,KAAK,EAAE,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC;YACvD,IAAI,EAAG,GAAyB,CAAC,IAAI,IAAI,SAAS;SACnD,CAAC,CAAC;QACH,MAAM,GAAG,CAAC;IACZ,CAAC;IAED,KAAK,UAAU,UAAU;QACzB,MAAM,GAAG,GAAG,gBAAgB,CAAC,EAAE,SAAS,EAAE,MAAM,CAAC,SAAS,EAAE,CAAC,CAAC;QAC9D,MAAM,MAAM,GAAG,iBAAiB,CAAC,MAAM,CAAC,SAAS,EAAE,MAAM,CAAC,SAAS,CAAC,CAAC;QAErE,MAAM,QAAQ,GAAG,KAAK,EAAE,OAAsB,EAAiB,EAAE;YAC/D,MAAM,IAAI,GAA2B,EAAE,IAAI,EAAE,OAAO,CAAC,IAAI,EAAE,CAAC;YAC5D,IAAI,OAAO,CAAC,YAAY,KAAK,SAAS,EAAE,CAAC;gBACvC,IAAI,CAAC,cAAc,CAAC,GAAG,MAAM,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC;YACtD,CAAC;YACD,IAAI,OAAO,CAAC,MAAM,KAAK,SAAS,EAAE,CAAC;gBACjC,IAAI,CAAC,QAAQ,CAAC,GAAG,OAAO,CAAC,MAAM,CAAC;YAClC,CAAC;YAED,MAAM,EAAE,OAAO,EAAE,WAAW,EAAE,GAAG,mBAAmB,CAAC,OAAO,CAAC,CAAC;YAC9D,IAAI,WAAW,KAAK,SAAS,EAAE,CAAC;gBAC9B,MAAM,CAAC,eAAe,CAAC,WAAW,CAAC,CAAC;YACtC,CAAC;YAED,MAAM,CAAC,IAAI,CAAC,iBAAiB,EAAE;gBAC7B,IAAI,EAAE,OAAO,CAAC,IAAI;gBAClB,KAAK,EAAE,OAAO,CAAC,YAAY;aAC5B,CAAC,CAAC;YAEH,kEAAkE;YAClE,+DAA+D;YAC/D,kCAAkC;YAClC,MAAM,MAAM,GAAG,SAAS,EAAE,CAAC;YAC3B,MAAM,MAAM,CAAC,eAAe,CAC1B,SAAS,CAAC,OAAO,EACjB,EAAE,IAAI,EAAE,QAAQ,CAAC,QAAQ,EAAE,EAC3B,KAAK,EAAE,IAAI,EAAE,EAAE;gBACb,IAAI,CAAC;oBACH,MAAM,GAAG,CAAC,gBAAgB,CAAC,OAAO,EAAE,IAAI,CAAC,CAAC;oBAC1C,IAAI,CAAC,SAAS,CAAC,EAAE,IAAI,EAAE,cAAc,CAAC,EAAE,EAAE,CAAC,CAAC;gBAC9C,CAAC;gBAAC,OAAO,GAAG,EAAE,CAAC;oBACb,IAAI,CAAC,eAAe,CAAC,GAAY,CAAC,CAAC;oBACnC,IAAI,CAAC,SAAS,CAAC;wBACb,IAAI,EAAE,cAAc,CAAC,KAAK;wBAC1B,OAAO,EAAE,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC;qBAC1D,CAAC,CAAC;oBACH,MAAM,GAAG,CAAC;gBACZ,CAAC;wBAAS,CAAC;oBACT,IAAI,CAAC,GAAG,EAAE,CAAC;gBACb,CAAC;YACH,CAAC,CACF,CAAC;YACF,MAAM,CAAC,kBAAkB,EAAE,CAAC;YAE5B,MAAM,CAAC,IAAI,CAAC,YAAY,EAAE;gBACxB,IAAI,EAAE,OAAO,CAAC,IAAI;gBAClB,KAAK,EAAE,OAAO,CAAC,YAAY;aAC5B,CAAC,CAAC;YAEH,kEAAkE;YAClE,0DAA0D;YAC1D,+DAA+D;YAC/D,6DAA6D;YAC7D,8DAA8D;YAC9D,+DAA+D;YAC/D,6DAA6D;YAC7D,iDAAiD;YACjD,IAAI,MAAM,CAAC,YAAY,KAAK,SAAS,EAAE,CAAC;gBACtC,2DAA2D;gBAC3D,uDAAuD;gBACvD,8DAA8D;gBAC9D,WAAW,CAAC,OAAO,EAAE;oBACnB,YAAY,EAAE,MAAM,CAAC,YAAY;oBACjC,OAAO,EAAE,MAAM,CAAC,WAAW;oBAC3B,MAAM,EAAE,MAAM,CAAC,UAAU;oBACzB,MAAM;iBACP,CAAC,CAAC;YACL,CAAC;iBAAM,CAAC;gBACN,MAAM,CAAC,IAAI,CAAC,mBAAmB,EAAE;oBAC/B,MAAM,EAAE,kBAAkB;oBAC1B,MAAM,EAAE,0BAA0B;iBACnC,CAAC,CAAC;YACL,CAAC;QACH,CAAC,CAAC;QAEF,oEAAoE;QACpE,MAAM,KAAK,GAAG,MAAM,aAAa,EAAE,CAAC;QACpC,MAAM,QAAQ,GAAG,wBAAwB,CAAC,MAAM,CAAC,QAAQ,EAAE,MAAM,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;QAClF,MAAM,EAAE,kBAAkB,EAAE,GAAG,MAAM,MAAM,CAAC,uBAAuB,CAAC,CAAC;QAErE,0DAA0D;QAC1D,IAAI,cAAsB,CAAC;QAC3B,QAAQ,MAAM,CAAC,QAAQ,CAAC,IAAI,EAAE,CAAC;YAC7B,KAAK,KAAK;gBAAE,cAAc,GAAG,SAAS,MAAM,CAAC,QAAQ,CAAC,GAAG,EAAE,CAAC;gBAAC,MAAM;YACnE,KAAK,SAAS;gBAAE,cAAc,GAAG,UAAU,MAAM,CAAC,QAAQ,CAAC,IAAI,IAAI,MAAM,CAAC,QAAQ,CAAC,IAAI,EAAE,CAAC;gBAAC,MAAM;YACjG,KAAK,MAAM;gBAAE,cAAc,GAAG,UAAU,MAAM,CAAC,QAAQ,CAAC,KAAK,IAAI,MAAM,CAAC,QAAQ,CAAC,IAAI,EAAE,CAAC;gBAAC,MAAM;QACjG,CAAC;QACD,MAAM,UAAU,GAAG,kBAAkB,CAAC,cAAc,EAAE,KAAK,CAAC,CAAC;QAE7D,yEAAyE;QACzE,0EAA0E;QAC1E,MAAM,cAAc,GAAG,oBAAoB,EAAE,CAAC;QAE9C,iEAAiE;QACjE,2EAA2E;QAC3E,mEAAmE;QACnE,MAAM,MAAM,GAAG,KAAK,EAAE,OAAoB,EAAoC,EAAE;YAC9E,gEAAgE;YAChE,IAAI,EAAuC,CAAC;YAC5C,IAAI,CAAC;gBACH,EAAE,GAAG,MAAM,CAAC,MAAM,CAAC,UAAU,EAAE,MAAM,CAAC,SAAS,CAAC,CAAC;YACnD,CAAC;YAAC,MAAM,CAAC;gBACP,MAAM,IAAI,SAAS,CAAC,GAAG,EAAE,oCAAoC,CAAC,CAAC;YACjE,CAAC;YAED,IAAI,CAAC,OAAO,CAAC,cAAc,EAAE,CAAC;gBAC5B,iEAAiE;gBACjE,MAAM,SAAS,GAAG,eAAe,CAAC;oBAChC,OAAO,EAAE,MAAM,CAAC,OAAO;oBACvB,SAAS,EAAE,OAAO,CAAC,UAAU;oBAC7B,KAAK,EAAE,cAAc;iBACtB,CAAC,CAAC;gBACH,MAAM,CAAC,IAAI,CAAC,wBAAwB,EAAE;oBACpC,UAAU,EAAE,OAAO,CAAC,UAAU;oBAC9B,YAAY,EAAE,SAAS,CAAC,WAAW;iBACpC,CAAC,CAAC;gBACH,OAAO;oBACL,YAAY,EAAE,SAAS,CAAC,WAAW;oBACnC,WAAW,EAAE,SAAS,CAAC,WAAW;iBACnC,CAAC;YACJ,CAAC;YAED,yEAAyE;YACzE,0EAA0E;YAC1E,MAAM,MAAM,GAAG,MAAM,yBAAyB,CAAC;gBAC7C,OAAO,EAAE,MAAM,CAAC,OAAO;gBACvB,SAAS,EAAE,OAAO,CAAC,UAAU;gBAC7B,WAAW,EAAE,OAAO,CAAC,YAAa;gBAClC,KAAK,EAAE,cAAc;gBACrB,MAAM,EAAE,UAAU;aACnB,CAAC,CAAC;YAEH,IAAI,MAAM,KAAK,UAAU,EAAE,CAAC;gBAC1B,gEAAgE;gBAChE,gEAAgE;gBAChE,MAAM,CAAC,IAAI,CAAC,uBAAuB,EAAE,EAAE,UAAU,EAAE,OAAO,CAAC,UAAU,EAAE,CAAC,CAAC;gBACzE,MAAM,IAAI,SAAS,CAAC,GAAG,EAAE,+BAA+B,CAAC,CAAC;YAC5D,CAAC;YAED,MAAM,CAAC,IAAI,CAAC,yBAAyB,EAAE,EAAE,UAAU,EAAE,OAAO,CAAC,UAAU,EAAE,CAAC,CAAC;YAE3E,MAAM,OAAO,GAAG,MAAM,OAAO,CAAC;gBAC5B,MAAM,EAAE,OAAO,CAAC,GAAG;gBACnB,SAAS,EAAE,OAAO,CAAC,UAAU;gBAC7B,SAAS,EAAE,EAAE,CAAC,OAAO;gBACrB,QAAQ,EAAE,EAAE,CAAC,MAAM;aACpB,CAAC,CAAC;YAEH,MAAM,CAAC,IAAI,CAAC,kBAAkB,EAAE,EAAE,UAAU,EAAE,OAAO,CAAC,UAAU,EAAE,CAAC,CAAC;YACpE,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC;QAC3B,CAAC,CAAC;QAEF,MAAM,WAAW,GAAG,iBAAiB,CAAC;YACpC,UAAU,EAAE,MAAM,CAAC,UAAU;YAC7B,aAAa,EAAE,MAAM,CAAC,aAAa;YACnC,YAAY,EAAE,MAAM,CAAC,YAAY;YACjC,QAAQ;YACR,QAAQ,EAAE,GAAG,EAAE,CAAC,MAAM,CAAC,SAAS,EAAE;YAClC,MAAM;YACN,MAAM;SACP,CAAC,CAAC;QAEH,0BAA0B;QAC1B,MAAM,GAAG,CAAC,OAAO,EAAE,CAAC;QAEpB,gBAAgB;QAChB,MAAM,EAAE,UAAU,EAAE,GAAG,MAAM,WAAW,CAAC,KAAK,CAAC,MAAM,CAAC,IAAI,EAAE,MAAM,CAAC,IAAI,CAAC,CAAC;QAEzE,0BAA0B;QAC1B,MAAM,eAAe,GAAG,MAAM,cAAc,CAC1C,MAAM,CAAC,SAAS,EAChB,QAAQ,EACR;YACE,UAAU,EAAE,MAAM,CAAC,UAAU;YAC7B,aAAa,EAAE,MAAM,CAAC,aAAa;YACnC,YAAY,EAAE,MAAM,CAAC,YAAY;SAClC,EACD,MAAM,CACP,CAAC;QAEF,IAAI,eAAe,CAAC,MAAM,KAAK,OAAO,EAAE,CAAC;YACvC,MAAM,WAAW,CAAC,IAAI,EAAE,CAAC;YACzB,MAAM,IAAI,cAAc,CACtB,MAAM,CAAC,SAAS,EAChB,eAAe,CAAC,QAAQ,CAAC,IAAI,EAC7B,eAAe,CAAC,QAAQ,CAAC,IAAI,CAC9B,CAAC;QACJ,CAAC;QAED,wEAAwE;QACxE,MAAM,SAAS,GAAc;YAC3B,IAAI,EAAE,MAAM,CAAC,aAAa;YAC1B,IAAI,EAAE,UAAU;YAChB,IAAI,EAAE,MAAM,CAAC,SAAmC;YAChD,WAAW,EAAE,MAAM,CAAC,UAAU;YAC9B,OAAO,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;SAClC,CAAC;QAEF,MAAM,QAAQ,CAAC,QAAQ,CAAC,MAAM,CAAC,SAAS,EAAE,SAAS,CAAC,CAAC;QACrD,MAAM,CAAC,IAAI,CAAC,YAAY,EAAE;YACxB,KAAK,EAAE,MAAM,CAAC,SAAS;YACvB,IAAI,EAAE,MAAM,CAAC,aAAa;YAC1B,IAAI,EAAE,UAAU;YAChB,WAAW,EAAE,MAAM,CAAC,UAAU;SAC/B,CAAC,CAAC;QAEH,gCAAgC;QAChC,uBAAuB,CAAC;YACtB,SAAS,EAAE,MAAM,CAAC,SAAS;YAC3B,QAAQ;YACR,WAAW;YACX,MAAM;SACP,CAAC,CAAC;QAEH,MAAM,CAAC,IAAI,CAAC,gBAAgB,EAAE;YAC5B,IAAI,EAAE,UAAU;YAChB,IAAI,EAAE,MAAM,CAAC,aAAa;YAC1B,KAAK,EAAE,MAAM,CAAC,SAAS;YACvB,IAAI,EAAE,MAAM,CAAC,SAAS;YACtB,WAAW,EAAE,MAAM,CAAC,UAAU;SAC/B,CAAC,CAAC;IACH,CAAC,CAAE,iBAAiB;AACtB,CAAC;AAED,IAAI,EAAE,CAAC,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE;IACnB,OAAO,CAAC,MAAM,CAAC,KAAK,CAClB,UAAU,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,IAAI,CAC/D,CAAC;IACF,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;AACvB,CAAC,CAAC,CAAC"}