@holoscript/holoscript-agent 2.0.0

package/dist/runner.js

@@ -0,0 +1,543 @@
+// src/holomesh-client.ts
+function pickClaimableTask(tasks, brainCapabilityTags) {
+  const wanted = new Set(brainCapabilityTags.map((t) => t.toLowerCase()));
+  const open = tasks.filter((t) => t.status === "open" && !t.claimedBy);
+  const scored = open.map((t) => ({ task: t, score: scoreTask(t, wanted) })).filter((s) => s.score > 0).sort((a, b) => b.score - a.score || priority(a.task) - priority(b.task));
+  return scored[0]?.task;
+}
+function scoreTask(task, wanted) {
+  const tags = (task.tags ?? []).map((t) => t.toLowerCase());
+  const text = `${task.title} ${task.description ?? ""}`.toLowerCase();
+  let score = 0;
+  for (const tag of tags) if (wanted.has(tag)) score += 2;
+  for (const w of wanted) if (text.includes(w)) score += 1;
+  return score;
+}
+function priority(t) {
+  if (typeof t.priority === "number") return t.priority;
+  const map = { critical: 1, high: 2, medium: 4, low: 6 };
+  return map[String(t.priority).toLowerCase()] ?? 5;
+}
+
+// src/cael-builder.ts
+import { createHash } from "crypto";
+function sha(input) {
+  return createHash("sha256").update(input, "utf8").digest("hex");
+}
+function brainClassOf(brain) {
+  const p = String(brain.brainPath ?? "");
+  let m = p.match(/compositions[\\/]([\w-]+)-brain\.hsplus$/);
+  if (m) return m[1];
+  m = p.match(/([\w-]+)-brain\.hsplus$/);
+  if (m) return m[1];
+  m = p.match(/([\w-]+)\.hsplus$/);
+  if (m) return m[1];
+  const domain = String(brain.domain ?? "").trim();
+  if (domain && domain !== "unknown") return domain;
+  return "unknown";
+}
+function buildCaelRecord(input) {
+  const { identity, brain, task, messages, finalText, usage, costUsd, spentUsd, prevChain, runtimeVersion } = input;
+  const l0 = sha(brain.systemPrompt);
+  const l1 = sha(`${task.id}|${task.title}|${task.description ?? ""}`);
+  const l2 = sha(JSON.stringify(messages));
+  const l3 = sha(finalText);
+  const l4 = sha(JSON.stringify(usage));
+  const l5 = sha(`${costUsd.toFixed(6)}|${spentUsd.toFixed(6)}`);
+  const l6 = sha([l0, l1, l2, l3, l4, l5].join("|"));
+  const fnv1a_chain = sha(`${prevChain ?? ""}|${l6}`);
+  return {
+    tick_iso: (/* @__PURE__ */ new Date()).toISOString(),
+    layer_hashes: [l0, l1, l2, l3, l4, l5, l6],
+    operation: `task-executed:${task.id}`,
+    prev_hash: prevChain,
+    fnv1a_chain,
+    version_vector_fingerprint: `agent@${runtimeVersion}|brain@${brainClassOf(brain)}|provider@${identity.llmProvider}|model@${identity.llmModel}`,
+    brain_class: brainClassOf(brain)
+  };
+}
+
+// src/tools.ts
+import { readFile, writeFile, readdir, mkdir, stat } from "fs/promises";
+import { resolve, dirname } from "path";
+import { spawn } from "child_process";
+var ALLOWED_READ_ROOTS = [
+  "/root/msc-paper-22",
+  // Paper 22 mechanization inputs (scp'd by deploy)
+  "/root/holoscript-mesh",
+  // Read-only repo view (clone path on instance)
+  "/root/agent-output"
+  // Read back what we wrote
+];
+var ALLOWED_WRITE_ROOTS = [
+  "/root/agent-output"
+  // Single write sink — keeps deliverables in one place
+];
+var BASH_WHITELIST = [
+  "lake build",
+  "lake env",
+  "lake clean",
+  "lean ",
+  "ls ",
+  "ls\n",
+  "ls$",
+  "cat ",
+  "grep ",
+  "rg ",
+  "find ",
+  "wc ",
+  "head ",
+  "tail ",
+  "git status",
+  "git log",
+  "git diff",
+  "git show",
+  "pnpm --filter",
+  "pnpm vitest",
+  "vitest run",
+  "pwd",
+  "echo "
+];
+var MESH_TOOLS = [
+  {
+    name: "read_file",
+    description: "Read a file from the agent sandbox. Allowed roots: /root/msc-paper-22, /root/holoscript-mesh, /root/agent-output. Returns the file content as text. Use this to inspect inputs scp'd to the instance (e.g. MSC/Invariants.lean).",
+    input_schema: {
+      type: "object",
+      properties: {
+        path: { type: "string", description: "Absolute path under an allowed read root" }
+      },
+      required: ["path"]
+    }
+  },
+  {
+    name: "list_dir",
+    description: "List entries in a directory under the agent sandbox. Same root restrictions as read_file. Returns a newline-separated list of entries.",
+    input_schema: {
+      type: "object",
+      properties: {
+        path: { type: "string", description: "Absolute path under an allowed read root" }
+      },
+      required: ["path"]
+    }
+  },
+  {
+    name: "write_file",
+    description: "Write a file to /root/agent-output/. This is the deliverable sink \u2014 anything you want to emit as task output (a Lean proof, a markdown report, a JSON dataset) goes here. Creates parent directories. Will refuse paths outside the write root.",
+    input_schema: {
+      type: "object",
+      properties: {
+        path: { type: "string", description: "Absolute path under /root/agent-output/" },
+        content: { type: "string", description: "File content to write (UTF-8)" }
+      },
+      required: ["path", "content"]
+    }
+  },
+  {
+    name: "bash",
+    description: "Run a shell command. Whitelisted prefixes only: lake build, lean, ls, cat, grep, find, wc, head, tail, git status/log/diff/show, pnpm --filter, vitest run, pwd, echo. Hard 60s wall timeout, 1MB stdout cap. Use for lake build / lean kernel-checks, git inspection, repo greps. Refuses rm, curl, ssh, sudo, eval.",
+    input_schema: {
+      type: "object",
+      properties: {
+        cmd: { type: "string", description: "Whitelisted shell command" },
+        cwd: { type: "string", description: "Optional working directory (defaults to /root)" }
+      },
+      required: ["cmd"]
+    }
+  }
+];
+function isUnderRoot(absPath, root) {
+  const resolved = resolve(absPath);
+  const rootResolved = resolve(root);
+  return resolved === rootResolved || resolved.startsWith(rootResolved + "/");
+}
+function checkReadAllowed(path) {
+  if (!path.startsWith("/")) return `path must be absolute, got "${path}"`;
+  for (const root of ALLOWED_READ_ROOTS) {
+    if (isUnderRoot(path, root)) return null;
+  }
+  return `read denied \u2014 path "${path}" not under allowed roots: ${ALLOWED_READ_ROOTS.join(", ")}`;
+}
+function checkWriteAllowed(path) {
+  if (!path.startsWith("/")) return `path must be absolute, got "${path}"`;
+  for (const root of ALLOWED_WRITE_ROOTS) {
+    if (isUnderRoot(path, root)) return null;
+  }
+  return `write denied \u2014 path "${path}" not under allowed roots: ${ALLOWED_WRITE_ROOTS.join(", ")}`;
+}
+function checkBashAllowed(cmd) {
+  const trimmed = cmd.trim();
+  if (trimmed.length === 0) return "empty command";
+  if (/[;&|`$<>]|>>|\|\||&&/.test(trimmed)) {
+    return `command contains shell metachars (; & | \` $ < > >> || &&) \u2014 not allowed for safety`;
+  }
+  for (const prefix of BASH_WHITELIST) {
+    if (trimmed.startsWith(prefix.trim())) return null;
+  }
+  return `command not on whitelist. Allowed prefixes: ${BASH_WHITELIST.join(" / ")}`;
+}
+async function runTool(use) {
+  try {
+    if (use.name === "read_file") {
+      const path = use.input.path;
+      const denied = checkReadAllowed(path);
+      if (denied) return errResult(use.id, denied);
+      const text = await readFile(path, "utf8");
+      const truncated = text.length > 2e5 ? text.slice(0, 2e5) + `
+\u2026[truncated, full file is ${text.length} bytes]` : text;
+      return okResult(use.id, truncated);
+    }
+    if (use.name === "list_dir") {
+      const path = use.input.path;
+      const denied = checkReadAllowed(path);
+      if (denied) return errResult(use.id, denied);
+      const entries = await readdir(path, { withFileTypes: true });
+      const lines = entries.map((e) => `${e.isDirectory() ? "d" : "-"} ${e.name}`);
+      return okResult(use.id, lines.join("\n"));
+    }
+    if (use.name === "write_file") {
+      const path = use.input.path;
+      const content = use.input.content;
+      const denied = checkWriteAllowed(path);
+      if (denied) return errResult(use.id, denied);
+      await mkdir(dirname(path), { recursive: true });
+      await writeFile(path, content, "utf8");
+      const s = await stat(path);
+      return okResult(use.id, `wrote ${s.size} bytes to ${path}`);
+    }
+    if (use.name === "bash") {
+      const cmd = use.input.cmd;
+      const cwd = use.input.cwd ?? "/root";
+      const denied = checkBashAllowed(cmd);
+      if (denied) return errResult(use.id, denied);
+      const result = await runBash(cmd, cwd);
+      return result.code === 0 ? okResult(use.id, result.stdout) : errResult(use.id, `exit=${result.code}
+${result.stderr || result.stdout}`);
+    }
+    return errResult(use.id, `unknown tool: ${use.name}`);
+  } catch (err) {
+    return errResult(use.id, err instanceof Error ? err.message : String(err));
+  }
+}
+function runBash(cmd, cwd) {
+  return new Promise((resolveProm) => {
+    const child = spawn("bash", ["-c", cmd], { cwd, env: process.env });
+    let stdout = "";
+    let stderr = "";
+    let killed = false;
+    const STDOUT_CAP = 1e6;
+    const TIMEOUT_MS = 6e4;
+    const killer = setTimeout(() => {
+      killed = true;
+      child.kill("SIGKILL");
+    }, TIMEOUT_MS);
+    child.stdout.on("data", (d) => {
+      if (stdout.length < STDOUT_CAP) stdout += d.toString("utf8");
+    });
+    child.stderr.on("data", (d) => {
+      if (stderr.length < STDOUT_CAP) stderr += d.toString("utf8");
+    });
+    child.on("error", (err) => {
+      clearTimeout(killer);
+      resolveProm({ code: 1, stdout, stderr: stderr + "\nspawn-error: " + err.message });
+    });
+    child.on("exit", (code) => {
+      clearTimeout(killer);
+      const finalStdout = stdout.length >= STDOUT_CAP ? stdout + `
+\u2026[stdout truncated at ${STDOUT_CAP} bytes]` : stdout;
+      const note = killed ? `
+[bash killed after ${TIMEOUT_MS}ms timeout]` : "";
+      resolveProm({ code: code ?? 1, stdout: finalStdout + note, stderr });
+    });
+  });
+}
+function okResult(id, content) {
+  return { type: "tool_result", tool_use_id: id, content };
+}
+function errResult(id, message) {
+  return { type: "tool_result", tool_use_id: id, content: message, is_error: true };
+}
+
+// src/runner.ts
+var RUNTIME_VERSION = "1.0.0";
+var AgentRunner = class {
+  constructor(opts) {
+    this.opts = opts;
+    this.stopped = false;
+    // CAEL audit hash chain — survives across ticks within a single runner
+    // process. On process restart it resets to null; the first post-restart
+    // record breaks the chain, which is honest (the runner has no memory of
+    // its prior chain state and shouldn't fake continuity). prev_hash=null
+    // is a valid value the audit-store accepts.
+    this.prevCaelChain = null;
+    // Self-recovery flag for the auto-rejoin path (task_1777112258989_eeyp).
+    // When the heartbeat returns 403 "Not a member of this team" — typical of
+    // a fresh Vast.ai worker whose provisioning didn't atomically /join, or of
+    // a worker whose membership was reaped — the runner calls mesh.joinTeam()
+    // ONCE per process and retries the heartbeat. After a successful rejoin
+    // we set this flag so subsequent 403s on the same process don't loop back
+    // into joinTeam (avoiding a retry storm if the team-cap is full or the
+    // join itself is permanently rejected). On process restart the flag
+    // resets, which is the correct semantics: a fresh process gets one fresh
+    // chance to self-rejoin. Discovered 2026-04-25 SSH-probing 5 fleet
+    // workers stuck in indefinite 403→tick-error→sleep→retry loops; without
+    // this, a fresh-deploy of an unjoined agent stays silent forever.
+    this.joinedThisProcess = false;
+  }
+  async tick() {
+    const { identity, brain, mesh, costGuard, provider, logger } = this.opts;
+    const log = logger ?? (() => void 0);
+    await this.heartbeatWithAutoRejoin();
+    if (costGuard.isOverBudget()) {
+      const state = costGuard.getState();
+      log({ ev: "over-budget", spentUsd: state.spentUsd, budget: identity.budgetUsdPerDay });
+      return {
+        action: "over-budget",
+        spentUsd: state.spentUsd,
+        remainingUsd: 0,
+        message: `daily budget $${identity.budgetUsdPerDay} exhausted`
+      };
+    }
+    const tasks = await mesh.getOpenTasks();
+    const target = pickClaimableTask(tasks, brain.capabilityTags);
+    if (!target) {
+      log({ ev: "no-claimable-task", open: tasks.length });
+      return {
+        action: "no-claimable-task",
+        spentUsd: costGuard.getState().spentUsd,
+        remainingUsd: costGuard.getRemainingUsd()
+      };
+    }
+    log({ ev: "claim", taskId: target.id, title: target.title });
+    await mesh.claim(target.id);
+    const start = Date.now();
+    const messages = [
+      { role: "system", content: brain.systemPrompt },
+      { role: "user", content: buildTaskPrompt(target) }
+    ];
+    let aggUsage = { promptTokens: 0, completionTokens: 0, totalTokens: 0 };
+    let finalText = "";
+    let iters = 0;
+    const MAX_TOOL_ITERS = 30;
+    let lastResponse;
+    const toolsCalled = /* @__PURE__ */ new Set();
+    while (true) {
+      iters++;
+      if (iters > MAX_TOOL_ITERS) {
+        log({ ev: "tool-loop-cap", taskId: target.id, iters });
+        finalText = finalText || `[tool-loop hit ${MAX_TOOL_ITERS}-iter cap before final text]`;
+        break;
+      }
+      const resp = await provider.complete(
+        {
+          messages,
+          maxTokens: 4096,
+          temperature: 0.4,
+          tools: MESH_TOOLS
+        },
+        identity.llmModel
+      );
+      lastResponse = resp;
+      aggUsage = {
+        promptTokens: aggUsage.promptTokens + resp.usage.promptTokens,
+        completionTokens: aggUsage.completionTokens + resp.usage.completionTokens,
+        totalTokens: aggUsage.totalTokens + resp.usage.totalTokens
+      };
+      if (resp.finishReason === "tool_use" && resp.toolUses && resp.toolUses.length > 0) {
+        log({ ev: "tool-call", taskId: target.id, iter: iters, tools: resp.toolUses.map((t) => t.name) });
+        for (const u of resp.toolUses) toolsCalled.add(u.name);
+        messages.push({
+          role: "assistant",
+          content: resp.assistantBlocks ?? []
+        });
+        const toolResults = await Promise.all(resp.toolUses.map((u) => runTool(u)));
+        messages.push({
+          role: "user",
+          content: toolResults
+        });
+        continue;
+      }
+      finalText = resp.content;
+      break;
+    }
+    const durationMs = Date.now() - start;
+    const SIDE_EFFECTING_TOOLS = /* @__PURE__ */ new Set(["write_file", "bash"]);
+    const sideEffectingCalled = [...toolsCalled].some((t) => SIDE_EFFECTING_TOOLS.has(t));
+    if (!sideEffectingCalled) {
+      log({
+        ev: "no-artifact",
+        taskId: target.id,
+        tool_iters: iters,
+        toolsCalled: [...toolsCalled],
+        message: "task execution called no side-effecting tool (write_file/bash) \u2014 refusing to mark executed. Likely a pure-text or read-only-inspection response. Task remains open for a grounded attempt."
+      });
+      return {
+        action: "no-artifact",
+        taskId: target.id,
+        spentUsd: costGuard.getState().spentUsd,
+        remainingUsd: costGuard.getRemainingUsd(),
+        message: `no side-effecting tool called (toolsCalled=[${[...toolsCalled].join(",")}], iters=${iters})`
+      };
+    }
+    const cost = costGuard.recordUsage(identity.llmModel, aggUsage);
+    log({
+      ev: "executed",
+      taskId: target.id,
+      costUsd: cost.costUsd.toFixed(4),
+      spentUsd: cost.spentUsd.toFixed(4),
+      tokens: aggUsage.totalTokens,
+      tool_iters: iters
+    });
+    const response = { ...lastResponse ?? { content: finalText, usage: aggUsage }, content: finalText, usage: aggUsage };
+    const execResult = {
+      taskId: target.id,
+      responseText: response.content,
+      usage: response.usage,
+      costUsd: cost.costUsd,
+      durationMs
+    };
+    if (this.opts.auditLog) {
+      try {
+        this.opts.auditLog.recordTaskExecuted({
+          identity,
+          task: target,
+          result: execResult
+        });
+      } catch (err) {
+        log({ ev: "audit-log-error", message: err instanceof Error ? err.message : String(err) });
+      }
+    }
+    try {
+      const caelRecord = buildCaelRecord({
+        identity,
+        brain,
+        task: target,
+        messages,
+        finalText,
+        usage: aggUsage,
+        costUsd: cost.costUsd,
+        spentUsd: cost.spentUsd,
+        prevChain: this.prevCaelChain,
+        runtimeVersion: RUNTIME_VERSION
+      });
+      const posted = await mesh.postAuditRecords(identity.handle, [caelRecord]);
+      this.prevCaelChain = caelRecord.fnv1a_chain;
+      log({ ev: "cael-posted", taskId: target.id, appended: posted.appended, rejected: posted.rejected });
+    } catch (err) {
+      log({ ev: "cael-post-error", message: err instanceof Error ? err.message : String(err) });
+    }
+    if (this.opts.onTaskExecuted) {
+      await this.opts.onTaskExecuted(execResult, target);
+    } else {
+      await mesh.sendMessageOnTask(
+        target.id,
+        `[${identity.handle}] response (${response.usage.totalTokens} tok, $${cost.costUsd.toFixed(4)}):
+
+${response.content}`
+      );
+    }
+    return {
+      action: "executed",
+      taskId: target.id,
+      spentUsd: cost.spentUsd,
+      remainingUsd: cost.remainingUsd
+    };
+  }
+  async runForever(opts = {}) {
+    const interval = opts.tickIntervalMs ?? 6e4;
+    while (!this.stopped) {
+      try {
+        await this.tick();
+      } catch (err) {
+        const log = this.opts.logger ?? (() => void 0);
+        log({ ev: "tick-error", message: err instanceof Error ? err.message : String(err) });
+      }
+      await sleep(interval + jitter(interval));
+    }
+  }
+  stop() {
+    this.stopped = true;
+  }
+  /**
+   * Heartbeat with one-shot self-rejoin on 403 "Not a member of this team".
+   *
+   * Pairs with task_1777112258989_eeyp: fresh-deploy fleet workers whose
+   * provisioning didn't atomically call /join (or whose membership was
+   * reaped) hit 403 every tick and never recover. We detect the specific
+   * server error string (see packages/mcp-server/src/holomesh/routes/
+   * team-routes.ts:903 → `{ error: 'Not a member' }` for /presence), call
+   * mesh.joinTeam() ONCE per runner process, and retry the heartbeat.
+   *
+   * Strict scope:
+   *  - Only retries on 403 + "Not a member" body. Any other 403 (insufficient
+   *    permissions, signing failure) re-throws unchanged.
+   *  - Only retries ONCE per process. If we already rejoined this process and
+   *    the heartbeat is *still* 403, the team is rejecting us for a reason
+   *    /join can't fix (e.g. capacity, ban) — surface the error.
+   *  - If joinTeam() itself throws, we DO mark joinedThisProcess=true before
+   *    re-throwing so we don't slam the join endpoint on every subsequent
+   *    tick. The next tick will surface the same heartbeat 403 and the
+   *    runner-level catch in runForever logs tick-error and sleeps. Operator
+   *    inspection (SSH/log) is the recovery path at that point.
+   */
+  async heartbeatWithAutoRejoin() {
+    const { identity, mesh, logger } = this.opts;
+    const log = logger ?? (() => void 0);
+    try {
+      await mesh.heartbeat({ agentName: identity.handle, surface: identity.surface });
+    } catch (err) {
+      if (!this.isNotAMemberError(err) || this.joinedThisProcess) {
+        throw err;
+      }
+      log({ ev: "auto-rejoin-attempt", reason: "heartbeat-403-not-a-member" });
+      this.joinedThisProcess = true;
+      try {
+        const joinResult = await mesh.joinTeam();
+        log({ ev: "auto-rejoin-success", role: joinResult.role, members: joinResult.members });
+      } catch (joinErr) {
+        log({
+          ev: "auto-rejoin-failed",
+          message: joinErr instanceof Error ? joinErr.message : String(joinErr)
+        });
+        throw joinErr;
+      }
+      await mesh.heartbeat({ agentName: identity.handle, surface: identity.surface });
+      log({ ev: "auto-rejoin-heartbeat-recovered" });
+    }
+  }
+  /**
+   * Detect the server's "Not a member" 403 error from HolomeshClient.req().
+   * The error message format is: `HoloMesh POST /team/<id>/presence 403: <body>`
+   * where body contains `{"error":"Not a member"}` (or "Not a member of this team").
+   * Match conservatively: BOTH a "403" status marker AND the "Not a member"
+   * substring must appear, so unrelated 403s (insufficient permissions,
+   * signing failures) do NOT trigger a rejoin.
+   */
+  isNotAMemberError(err) {
+    const msg = err instanceof Error ? err.message : String(err);
+    return / 403:/.test(msg) && /Not a member/i.test(msg);
+  }
+};
+function buildTaskPrompt(task) {
+  return [
+    `Board task to execute: ${task.id}`,
+    `Title: ${task.title}`,
+    `Priority: ${task.priority}`,
+    `Tags: ${(task.tags ?? []).join(", ")}`,
+    "",
+    "Description:",
+    task.description ?? "(no description)",
+    "",
+    "Produce the deliverable described in the task. Apply your brain composition rules \u2014 anti-patterns, decision loop, and scope tier all bind. Return the response as plain text suitable for posting to /room as a message on this task."
+  ].join("\n");
+}
+function sleep(ms) {
+  return new Promise((r) => setTimeout(r, ms));
+}
+function jitter(base) {
+  return Math.floor((Math.random() - 0.5) * base * 0.2);
+}
+export {
+  AgentRunner
+};
+//# sourceMappingURL=runner.js.map

package/dist/runner.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../src/holomesh-client.ts","../src/cael-builder.ts","../src/tools.ts","../src/runner.ts"],"sourcesContent":["import type { BoardTask } from './types.js';\nimport type { CaelAuditRecord } from './cael-builder.js';\n\nexport interface HolomeshClientOptions {\n  apiBase: string;\n  bearer: string;\n  teamId: string;\n  fetchImpl?: typeof fetch;\n}\n\nexport class HolomeshClient {\n  private readonly apiBase: string;\n  private readonly bearer: string;\n  private readonly teamId: string;\n  private readonly fetchImpl: typeof fetch;\n\n  constructor(opts: HolomeshClientOptions) {\n    this.apiBase = opts.apiBase.replace(/\\/$/, '');\n    this.bearer = opts.bearer;\n    this.teamId = opts.teamId;\n    this.fetchImpl = opts.fetchImpl ?? fetch;\n  }\n\n  async heartbeat(payload: { agentName: string; surface: string }): Promise<void> {\n    await this.req('POST', `/team/${this.teamId}/presence`, payload);\n  }\n\n  async getOpenTasks(): Promise<BoardTask[]> {\n    const data = await this.req<{ tasks?: BoardTask[]; open?: BoardTask[] }>(\n      'GET',\n      `/team/${this.teamId}/board`\n    );\n    return data.tasks ?? data.open ?? [];\n  }\n\n  async claim(taskId: string): Promise<BoardTask> {\n    return this.req<BoardTask>('PATCH', `/team/${this.teamId}/board/${taskId}`, { action: 'claim' });\n  }\n\n  async joinTeam(): Promise<{ success: boolean; role?: string; members?: number }> {\n    return this.req<{ success: boolean; role?: string; members?: number }>(\n      'POST',\n      `/team/${this.teamId}/join`,\n      {}\n    );\n  }\n\n  async sendMessageOnTask(taskId: string, body: string): Promise<void> {\n    await this.req('POST', `/team/${this.teamId}/message`, {\n      to: 'team',\n      subject: `task:${taskId}`,\n      content: body,\n    });\n  }\n\n  async markDone(taskId: string, summary: string, commitHash?: string): Promise<void> {\n    await this.req('PATCH', `/team/${this.teamId}/board/${taskId}`, {\n      action: 'done',\n      summary,\n      commitHash,\n    });\n  }\n\n  // POST CAEL audit records for this agent. Server validator at\n  // packages/mcp-server/src/holomesh/routes/core-routes.ts:472-533 requires\n  // bearer == handle owner OR founder; the per-surface x402 bearer is the\n  // handle owner so this resolves correctly. Records that fail shape\n  // validation (layer_hashes != 7 elements, missing tick_iso/operation/\n  // fnv1a_chain) are silently dropped server-side, not rejected as a batch.\n  async postAuditRecords(handle: string, records: CaelAuditRecord[]): Promise<{ appended: number; rejected: number }> {\n    return this.req<{ appended: number; rejected: number }>(\n      'POST',\n      `/agent/${encodeURIComponent(handle)}/audit`,\n      { records }\n    );\n  }\n\n  async whoAmI(): Promise<{ agentId: string; surface: string; wallet?: string }> {\n    // GET /api/holomesh/me returns { agentId, name, wallet, isFounder, teamId, teams, permissions }\n    // (see packages/mcp-server/src/holomesh/routes/core-routes.ts §/me handler).\n    // It does NOT return a `surface` field — derive it from the seat name on the\n    // client side. Seat naming convention (set by the provisioning admin path):\n    //   claudecode-claude-x402  → claude-code\n    //   cursor-claude-x402      → claude-cursor\n    //   gemini-antigravity      → gemini-antigravity\n    //   copilot-vscode          → copilot-vscode\n    //   Founder                 → unknown (shared key, no surface attribution)\n    const raw = await this.req<{\n      agentId: string;\n      name?: string;\n      wallet?: string;\n    }>('GET', '/me');\n    return {\n      agentId: raw.agentId,\n      surface: deriveSurface(raw.name),\n      wallet: raw.wallet,\n    };\n  }\n\n  private async req<T>(method: string, path: string, body?: unknown): Promise<T> {\n    const url = `${this.apiBase}${path}`;\n    // HoloMesh REST auth: server (packages/mcp-server/src/holomesh/auth-utils.ts\n    // resolveRequestingAgent) accepts EITHER `Authorization: Bearer <token>`\n    // (HTTP-standard, used here) OR `x-mcp-api-key: <token>` (orchestrator\n    // convention). Both resolve through the same key-registry / agent-store /\n    // env-fallback chain. Bearer is preferred for new code (W.087 vertex B,\n    // task_1777073616424_klls).\n    const res = await this.fetchImpl(url, {\n      method,\n      headers: {\n        Authorization: `Bearer ${this.bearer}`,\n        'content-type': 'application/json',\n      },\n      body: body ? JSON.stringify(body) : undefined,\n    });\n    if (!res.ok) {\n      const txt = await res.text().catch(() => '');\n      throw new Error(`HoloMesh ${method} ${path} ${res.status}: ${txt.slice(0, 300)}`);\n    }\n    if (res.status === 204) return undefined as T;\n    return (await res.json()) as T;\n  }\n}\n\n/**\n * Derive a surface tag from a seat name returned by /me. Mirrors the surface\n * detection in scripts/probe-surface-bearers.mjs and hooks/lib/holomesh-env.mjs\n * so a single agent's surface attribution is consistent across read and write\n * paths. Returns 'unknown' when the seat name doesn't encode a surface\n * (e.g. shared-key resolution to \"Founder\").\n */\nexport function deriveSurface(seatName: string | undefined): string {\n  if (!seatName) return 'unknown';\n  const n = seatName.toLowerCase();\n  if (n.startsWith('claudecode')) return 'claude-code';\n  if (n.startsWith('cursor')) return 'claude-cursor';\n  if (n.startsWith('claudedesktop')) return 'claude-desktop';\n  if (n.startsWith('vscode-claude') || n.startsWith('claude-vscode')) return 'claude-vscode';\n  if (n.startsWith('gemini')) return 'gemini-antigravity';\n  if (n.startsWith('copilot')) return 'copilot-vscode';\n  return 'unknown';\n}\n\nexport function pickClaimableTask(\n  tasks: BoardTask[],\n  brainCapabilityTags: string[]\n): BoardTask | undefined {\n  const wanted = new Set(brainCapabilityTags.map((t) => t.toLowerCase()));\n  const open = tasks.filter((t) => t.status === 'open' && !t.claimedBy);\n  const scored = open\n    .map((t) => ({ task: t, score: scoreTask(t, wanted) }))\n    .filter((s) => s.score > 0)\n    .sort((a, b) => b.score - a.score || priority(a.task) - priority(b.task));\n  return scored[0]?.task;\n}\n\nfunction scoreTask(task: BoardTask, wanted: Set<string>): number {\n  const tags = (task.tags ?? []).map((t) => t.toLowerCase());\n  const text = `${task.title} ${task.description ?? ''}`.toLowerCase();\n  let score = 0;\n  for (const tag of tags) if (wanted.has(tag)) score += 2;\n  for (const w of wanted) if (text.includes(w)) score += 1;\n  return score;\n}\n\nfunction priority(t: BoardTask): number {\n  if (typeof t.priority === 'number') return t.priority;\n  const map: Record<string, number> = { critical: 1, high: 2, medium: 4, low: 6 };\n  return map[String(t.priority).toLowerCase()] ?? 5;\n}\n","// CAEL audit record builder for the headless agent runtime.\n//\n// Phase 1: agent ticks emit a CaelAuditRecord shaped to satisfy the\n// HoloMesh audit endpoint validator at packages/mcp-server/src/holomesh/\n// routes/core-routes.ts:512-518 (7-element layer_hashes array, string\n// tick_iso/operation/fnv1a_chain). The 7 layers map to concrete tick\n// stages so a downstream consumer can verify any one layer in isolation:\n//\n//   L0 brain_state      — sha256(brain.systemPrompt)\n//   L1 tick_input       — sha256(taskId|title|description)\n//   L2 messages         — sha256(JSON of final message thread)\n//   L3 response         — sha256(finalText)\n//   L4 usage            — sha256(JSON of aggregated TokenUsage)\n//   L5 cost             — sha256(costUsd|spentUsd)\n//   L6 composite        — sha256(L0|L1|L2|L3|L4|L5)\n//\n// fnv1a_chain extends across records: chain_n = sha256(chain_{n-1} | L6_n).\n// First tick emits prev_hash=null; subsequent ticks chain from the\n// previous record's fnv1a_chain.\n\nimport { createHash } from 'node:crypto';\nimport type { LLMMessage, TokenUsage } from '@holoscript/llm-provider';\nimport type { AgentIdentity, BoardTask, ExecutionResult, RuntimeBrainConfig } from './types.js';\n\nexport interface CaelAuditRecord {\n  tick_iso: string;\n  layer_hashes: string[];\n  operation: string;\n  prev_hash: string | null;\n  fnv1a_chain: string;\n  version_vector_fingerprint: string;\n  brain_class?: string;\n  trial?: number;\n  attack_class?: string;\n  defense_state?: string;\n}\n\nexport interface BuildCaelRecordInput {\n  identity: AgentIdentity;\n  brain: RuntimeBrainConfig;\n  task: BoardTask;\n  messages: LLMMessage[];\n  finalText: string;\n  usage: TokenUsage;\n  costUsd: number;\n  spentUsd: number;\n  prevChain: string | null;\n  runtimeVersion: string;\n}\n\nfunction sha(input: string): string {\n  return createHash('sha256').update(input, 'utf8').digest('hex');\n}\n\n/**\n * Extract the brain class from a runtime brain config. Tries multiple sources\n * because brainPath shape varies across deployment environments:\n *   1. compositions/<class>-brain.hsplus (canonical layout — caught 2026-04-24)\n *   2. <anything>/<class>-brain.hsplus (loose match — Vast.ai box layout)\n *   3. <class>-brain.hsplus basename only\n *   4. brain.domain (loaded from .hsplus identity block by loadBrain())\n *   5. 'unknown' if all sources fail\n *\n * Live evidence (2026-04-25 mesh-worker-01 record): the strict regex returned\n * 'unknown' against the production worker box's brainPath, leaving every CAEL\n * fingerprint useless for fleet attribution. This loosened version recovers\n * brain class even when path layout drifts from the compositions/-rooted form.\n */\nfunction brainClassOf(brain: { brainPath?: string; domain?: string }): string {\n  const p = String(brain.brainPath ?? '');\n  // Tier 1: canonical compositions/-rooted layout.\n  let m = p.match(/compositions[\\\\/]([\\w-]+)-brain\\.hsplus$/);\n  if (m) return m[1];\n  // Tier 2: any path with `<class>-brain.hsplus` basename.\n  m = p.match(/([\\w-]+)-brain\\.hsplus$/);\n  if (m) return m[1];\n  // Tier 3: bare basename.\n  m = p.match(/([\\w-]+)\\.hsplus$/);\n  if (m) return m[1];\n  // Tier 4: domain field from the loaded brain composition's identity block.\n  const domain = String(brain.domain ?? '').trim();\n  if (domain && domain !== 'unknown') return domain;\n  return 'unknown';\n}\n\nexport function buildCaelRecord(input: BuildCaelRecordInput): CaelAuditRecord {\n  const { identity, brain, task, messages, finalText, usage, costUsd, spentUsd, prevChain, runtimeVersion } = input;\n\n  const l0 = sha(brain.systemPrompt);\n  const l1 = sha(`${task.id}|${task.title}|${task.description ?? ''}`);\n  const l2 = sha(JSON.stringify(messages));\n  const l3 = sha(finalText);\n  const l4 = sha(JSON.stringify(usage));\n  const l5 = sha(`${costUsd.toFixed(6)}|${spentUsd.toFixed(6)}`);\n  const l6 = sha([l0, l1, l2, l3, l4, l5].join('|'));\n\n  const fnv1a_chain = sha(`${prevChain ?? ''}|${l6}`);\n\n  return {\n    tick_iso: new Date().toISOString(),\n    layer_hashes: [l0, l1, l2, l3, l4, l5, l6],\n    operation: `task-executed:${task.id}`,\n    prev_hash: prevChain,\n    fnv1a_chain,\n    version_vector_fingerprint: `agent@${runtimeVersion}|brain@${brainClassOf(brain)}|provider@${identity.llmProvider}|model@${identity.llmModel}`,\n    brain_class: brainClassOf(brain),\n  };\n}\n","/**\n * Tool runner for headless mesh agents.\n *\n * Provides a small, sandboxed set of tools that LLM agents can call during\n * task execution. Anthropic tool-use shape — these specs are passed to\n * `messages.stream({ tools: [...] })`, the model returns `tool_use` blocks,\n * the runner executes them via `runTool()` and feeds results back as\n * `tool_result` blocks until the model emits its final text response.\n *\n * Sandbox model:\n *   - read_file / list_dir: restricted to ALLOWED_READ_ROOTS (task inputs +\n *     read-only views of the cloned repo). No /etc, no /home, no /root/.ssh.\n *   - write_file: restricted to ALLOWED_WRITE_ROOTS (just /root/agent-output/).\n *     Creates dir if needed, refuses paths that escape via .. or symlinks.\n *   - bash: ONLY whitelisted command prefixes (lake build, lean ..., ls, cat,\n *     grep, find, wc, head, tail, git status/log/diff/show, pnpm --filter,\n *     vitest run --no-coverage). Hard 60s wall timeout, 1MB stdout cap. Refuses\n *     anything else (rm, curl, ssh, sudo, eval, etc.).\n *\n * The sandbox is best-effort host isolation — these instances are dedicated\n * to a single mesh-worker identity, so we trade some flexibility for a clear\n * \"what the LLM can do\" contract that audits cleanly.\n */\n\nimport { readFile, writeFile, readdir, mkdir, stat } from 'node:fs/promises';\nimport { resolve, dirname } from 'node:path';\nimport { spawn } from 'node:child_process';\nimport type { ToolSpec, ToolUseBlock, ToolResultBlock } from '@holoscript/llm-provider';\n\n// ---------------------------------------------------------------------------\n// Sandbox roots — keep narrow. Add only when a task needs more.\n// ---------------------------------------------------------------------------\nconst ALLOWED_READ_ROOTS = [\n  '/root/msc-paper-22',          // Paper 22 mechanization inputs (scp'd by deploy)\n  '/root/holoscript-mesh',        // Read-only repo view (clone path on instance)\n  '/root/agent-output',           // Read back what we wrote\n];\n\nconst ALLOWED_WRITE_ROOTS = [\n  '/root/agent-output',           // Single write sink — keeps deliverables in one place\n];\n\n// Command-prefix whitelist. Prefix-match is intentional — `lake build MSC`\n// matches `lake build`, `pnpm --filter @holoscript/core build` matches\n// `pnpm --filter`, etc. Refuses anything else (no sudo, rm, curl, ssh, eval).\nconst BASH_WHITELIST = [\n  'lake build', 'lake env', 'lake clean',\n  'lean ',\n  'ls ', 'ls\\n', 'ls$',\n  'cat ',\n  'grep ', 'rg ',\n  'find ',\n  'wc ',\n  'head ', 'tail ',\n  'git status', 'git log', 'git diff', 'git show',\n  'pnpm --filter',\n  'pnpm vitest', 'vitest run',\n  'pwd',\n  'echo ',\n];\n\n// ---------------------------------------------------------------------------\n// Tool specs surfaced to the LLM\n// ---------------------------------------------------------------------------\nexport const MESH_TOOLS: ToolSpec[] = [\n  {\n    name: 'read_file',\n    description:\n      'Read a file from the agent sandbox. Allowed roots: /root/msc-paper-22, ' +\n      '/root/holoscript-mesh, /root/agent-output. Returns the file content as text. ' +\n      'Use this to inspect inputs scp\\'d to the instance (e.g. MSC/Invariants.lean).',\n    input_schema: {\n      type: 'object',\n      properties: {\n        path: { type: 'string', description: 'Absolute path under an allowed read root' },\n      },\n      required: ['path'],\n    },\n  },\n  {\n    name: 'list_dir',\n    description:\n      'List entries in a directory under the agent sandbox. Same root restrictions ' +\n      'as read_file. Returns a newline-separated list of entries.',\n    input_schema: {\n      type: 'object',\n      properties: {\n        path: { type: 'string', description: 'Absolute path under an allowed read root' },\n      },\n      required: ['path'],\n    },\n  },\n  {\n    name: 'write_file',\n    description:\n      'Write a file to /root/agent-output/. This is the deliverable sink — anything ' +\n      'you want to emit as task output (a Lean proof, a markdown report, a JSON dataset) ' +\n      'goes here. Creates parent directories. Will refuse paths outside the write root.',\n    input_schema: {\n      type: 'object',\n      properties: {\n        path: { type: 'string', description: 'Absolute path under /root/agent-output/' },\n        content: { type: 'string', description: 'File content to write (UTF-8)' },\n      },\n      required: ['path', 'content'],\n    },\n  },\n  {\n    name: 'bash',\n    description:\n      'Run a shell command. Whitelisted prefixes only: lake build, lean, ls, cat, ' +\n      'grep, find, wc, head, tail, git status/log/diff/show, pnpm --filter, vitest run, ' +\n      'pwd, echo. Hard 60s wall timeout, 1MB stdout cap. Use for lake build / lean ' +\n      'kernel-checks, git inspection, repo greps. Refuses rm, curl, ssh, sudo, eval.',\n    input_schema: {\n      type: 'object',\n      properties: {\n        cmd: { type: 'string', description: 'Whitelisted shell command' },\n        cwd: { type: 'string', description: 'Optional working directory (defaults to /root)' },\n      },\n      required: ['cmd'],\n    },\n  },\n];\n\n// ---------------------------------------------------------------------------\n// Path-sandbox helpers\n// ---------------------------------------------------------------------------\nfunction isUnderRoot(absPath: string, root: string): boolean {\n  const resolved = resolve(absPath);\n  const rootResolved = resolve(root);\n  return resolved === rootResolved || resolved.startsWith(rootResolved + '/');\n}\n\nfunction checkReadAllowed(path: string): string | null {\n  if (!path.startsWith('/')) return `path must be absolute, got \"${path}\"`;\n  for (const root of ALLOWED_READ_ROOTS) {\n    if (isUnderRoot(path, root)) return null;\n  }\n  return `read denied — path \"${path}\" not under allowed roots: ${ALLOWED_READ_ROOTS.join(', ')}`;\n}\n\nfunction checkWriteAllowed(path: string): string | null {\n  if (!path.startsWith('/')) return `path must be absolute, got \"${path}\"`;\n  for (const root of ALLOWED_WRITE_ROOTS) {\n    if (isUnderRoot(path, root)) return null;\n  }\n  return `write denied — path \"${path}\" not under allowed roots: ${ALLOWED_WRITE_ROOTS.join(', ')}`;\n}\n\nfunction checkBashAllowed(cmd: string): string | null {\n  const trimmed = cmd.trim();\n  if (trimmed.length === 0) return 'empty command';\n  // Reject obvious shell-injection attempts. Whitelist below still applies.\n  if (/[;&|`$<>]|>>|\\|\\||&&/.test(trimmed)) {\n    return `command contains shell metachars (; & | \\` $ < > >> || &&) — not allowed for safety`;\n  }\n  for (const prefix of BASH_WHITELIST) {\n    if (trimmed.startsWith(prefix.trim())) return null;\n  }\n  return `command not on whitelist. Allowed prefixes: ${BASH_WHITELIST.join(' / ')}`;\n}\n\n// ---------------------------------------------------------------------------\n// Tool implementations\n// ---------------------------------------------------------------------------\nexport async function runTool(use: ToolUseBlock): Promise<ToolResultBlock> {\n  try {\n    if (use.name === 'read_file') {\n      const path = use.input.path as string;\n      const denied = checkReadAllowed(path);\n      if (denied) return errResult(use.id, denied);\n      const text = await readFile(path, 'utf8');\n      // Cap at 200KB to avoid context blowups\n      const truncated = text.length > 200_000 ? text.slice(0, 200_000) + `\\n…[truncated, full file is ${text.length} bytes]` : text;\n      return okResult(use.id, truncated);\n    }\n\n    if (use.name === 'list_dir') {\n      const path = use.input.path as string;\n      const denied = checkReadAllowed(path);\n      if (denied) return errResult(use.id, denied);\n      const entries = await readdir(path, { withFileTypes: true });\n      const lines = entries.map((e) => `${e.isDirectory() ? 'd' : '-'} ${e.name}`);\n      return okResult(use.id, lines.join('\\n'));\n    }\n\n    if (use.name === 'write_file') {\n      const path = use.input.path as string;\n      const content = use.input.content as string;\n      const denied = checkWriteAllowed(path);\n      if (denied) return errResult(use.id, denied);\n      await mkdir(dirname(path), { recursive: true });\n      await writeFile(path, content, 'utf8');\n      const s = await stat(path);\n      return okResult(use.id, `wrote ${s.size} bytes to ${path}`);\n    }\n\n    if (use.name === 'bash') {\n      const cmd = use.input.cmd as string;\n      const cwd = (use.input.cwd as string | undefined) ?? '/root';\n      const denied = checkBashAllowed(cmd);\n      if (denied) return errResult(use.id, denied);\n      const result = await runBash(cmd, cwd);\n      return result.code === 0\n        ? okResult(use.id, result.stdout)\n        : errResult(use.id, `exit=${result.code}\\n${result.stderr || result.stdout}`);\n    }\n\n    return errResult(use.id, `unknown tool: ${use.name}`);\n  } catch (err) {\n    return errResult(use.id, err instanceof Error ? err.message : String(err));\n  }\n}\n\ninterface BashResult {\n  code: number;\n  stdout: string;\n  stderr: string;\n}\n\nfunction runBash(cmd: string, cwd: string): Promise<BashResult> {\n  return new Promise((resolveProm) => {\n    const child = spawn('bash', ['-c', cmd], { cwd, env: process.env });\n    let stdout = '';\n    let stderr = '';\n    let killed = false;\n    const STDOUT_CAP = 1_000_000;\n    const TIMEOUT_MS = 60_000;\n    const killer = setTimeout(() => {\n      killed = true;\n      child.kill('SIGKILL');\n    }, TIMEOUT_MS);\n    child.stdout.on('data', (d: Buffer) => {\n      if (stdout.length < STDOUT_CAP) stdout += d.toString('utf8');\n    });\n    child.stderr.on('data', (d: Buffer) => {\n      if (stderr.length < STDOUT_CAP) stderr += d.toString('utf8');\n    });\n    child.on('error', (err) => {\n      clearTimeout(killer);\n      resolveProm({ code: 1, stdout, stderr: stderr + '\\nspawn-error: ' + err.message });\n    });\n    child.on('exit', (code) => {\n      clearTimeout(killer);\n      const finalStdout = stdout.length >= STDOUT_CAP ? stdout + `\\n…[stdout truncated at ${STDOUT_CAP} bytes]` : stdout;\n      const note = killed ? `\\n[bash killed after ${TIMEOUT_MS}ms timeout]` : '';\n      resolveProm({ code: code ?? 1, stdout: finalStdout + note, stderr });\n    });\n  });\n}\n\nfunction okResult(id: string, content: string): ToolResultBlock {\n  return { type: 'tool_result', tool_use_id: id, content };\n}\n\nfunction errResult(id: string, message: string): ToolResultBlock {\n  return { type: 'tool_result', tool_use_id: id, content: message, is_error: true };\n}\n","import type { ILLMProvider, LLMMessage, TokenUsage } from '@holoscript/llm-provider';\nimport type { CostGuard } from './cost-guard.js';\nimport type { HolomeshClient } from './holomesh-client.js';\nimport { pickClaimableTask } from './holomesh-client.js';\nimport type { AuditLog } from './audit-log.js';\nimport { buildCaelRecord } from './cael-builder.js';\nimport { MESH_TOOLS, runTool } from './tools.js';\nimport type {\n  AgentIdentity,\n  BoardTask,\n  ExecutionResult,\n  RuntimeBrainConfig,\n  TickResult,\n} from './types.js';\n\n// Bumped when the CAEL record schema or layer-hash semantics change. Lives\n// in the version_vector_fingerprint of every emitted record so consumers\n// can partition the corpus by runtime version.\nconst RUNTIME_VERSION = '1.0.0';\n\nexport interface AgentRunnerOptions {\n  identity: AgentIdentity;\n  brain: RuntimeBrainConfig;\n  provider: ILLMProvider;\n  costGuard: CostGuard;\n  mesh: HolomeshClient;\n  logger?: (event: Record<string, unknown>) => void;\n  onTaskExecuted?: (result: ExecutionResult, task: BoardTask) => Promise<void>;\n  auditLog?: AuditLog;\n}\n\nexport class AgentRunner {\n  private stopped = false;\n  // CAEL audit hash chain — survives across ticks within a single runner\n  // process. On process restart it resets to null; the first post-restart\n  // record breaks the chain, which is honest (the runner has no memory of\n  // its prior chain state and shouldn't fake continuity). prev_hash=null\n  // is a valid value the audit-store accepts.\n  private prevCaelChain: string | null = null;\n  // Self-recovery flag for the auto-rejoin path (task_1777112258989_eeyp).\n  // When the heartbeat returns 403 \"Not a member of this team\" — typical of\n  // a fresh Vast.ai worker whose provisioning didn't atomically /join, or of\n  // a worker whose membership was reaped — the runner calls mesh.joinTeam()\n  // ONCE per process and retries the heartbeat. After a successful rejoin\n  // we set this flag so subsequent 403s on the same process don't loop back\n  // into joinTeam (avoiding a retry storm if the team-cap is full or the\n  // join itself is permanently rejected). On process restart the flag\n  // resets, which is the correct semantics: a fresh process gets one fresh\n  // chance to self-rejoin. Discovered 2026-04-25 SSH-probing 5 fleet\n  // workers stuck in indefinite 403→tick-error→sleep→retry loops; without\n  // this, a fresh-deploy of an unjoined agent stays silent forever.\n  private joinedThisProcess = false;\n\n  constructor(private readonly opts: AgentRunnerOptions) {}\n\n  async tick(): Promise<TickResult> {\n    const { identity, brain, mesh, costGuard, provider, logger } = this.opts;\n    const log = logger ?? (() => undefined);\n\n    await this.heartbeatWithAutoRejoin();\n\n    if (costGuard.isOverBudget()) {\n      const state = costGuard.getState();\n      log({ ev: 'over-budget', spentUsd: state.spentUsd, budget: identity.budgetUsdPerDay });\n      return {\n        action: 'over-budget',\n        spentUsd: state.spentUsd,\n        remainingUsd: 0,\n        message: `daily budget $${identity.budgetUsdPerDay} exhausted`,\n      };\n    }\n\n    const tasks = await mesh.getOpenTasks();\n    const target = pickClaimableTask(tasks, brain.capabilityTags);\n    if (!target) {\n      log({ ev: 'no-claimable-task', open: tasks.length });\n      return {\n        action: 'no-claimable-task',\n        spentUsd: costGuard.getState().spentUsd,\n        remainingUsd: costGuard.getRemainingUsd(),\n      };\n    }\n\n    log({ ev: 'claim', taskId: target.id, title: target.title });\n    await mesh.claim(target.id);\n\n    const start = Date.now();\n    // Tool-use loop. The model gets MESH_TOOLS (read_file, list_dir,\n    // write_file, bash) and can iterate read→reason→read→write until it\n    // emits a final text response. Without this loop the model could only\n    // reason from prompt+brain alone — no filesystem access, no kernel\n    // checks, no inspection of inputs scp'd to the instance. With it,\n    // lean-theorist can actually `cat MSC/Invariants.lean`, `lake build`,\n    // and `write_file /root/agent-output/Invariants.lean` per its brain rules.\n    const messages: LLMMessage[] = [\n      { role: 'system', content: brain.systemPrompt },\n      { role: 'user', content: buildTaskPrompt(target) },\n    ];\n    let aggUsage: TokenUsage = { promptTokens: 0, completionTokens: 0, totalTokens: 0 };\n    let finalText = '';\n    let iters = 0;\n    // 30-iter cap: lean-theorist on Paper 22 needed 13 iters to read MSC files\n    // + run lake build + iterate kernel checks. 12 was too tight (cap fired\n    // before write_file deliverable). 30 allows ~3x that depth — anything\n    // hitting 30 iters is almost certainly stuck and should bail.\n    const MAX_TOOL_ITERS = 30;\n    let lastResponse;\n    // Track which tool names were called during this run so the artifact-grounding\n    // gate below can refuse to mark \"executed\" on pure-text or read-only responses.\n    // Discovered 2026-04-26 mesh-worker-02 audit: workers were posting CAEL records\n    // with tool_iters:1 (zero tools called) declaring \"100 scenes validated\" with\n    // no commit / no /room done — fabricated deliverables polluting trust. The\n    // gate below short-circuits this class of hallucination at the runner edge.\n    const toolsCalled = new Set<string>();\n    while (true) {\n      iters++;\n      if (iters > MAX_TOOL_ITERS) {\n        log({ ev: 'tool-loop-cap', taskId: target.id, iters });\n        finalText = finalText || `[tool-loop hit ${MAX_TOOL_ITERS}-iter cap before final text]`;\n        break;\n      }\n      const resp = await provider.complete(\n        {\n          messages,\n          maxTokens: 4096,\n          temperature: 0.4,\n          tools: MESH_TOOLS,\n        },\n        identity.llmModel\n      );\n      lastResponse = resp;\n      aggUsage = {\n        promptTokens: aggUsage.promptTokens + resp.usage.promptTokens,\n        completionTokens: aggUsage.completionTokens + resp.usage.completionTokens,\n        totalTokens: aggUsage.totalTokens + resp.usage.totalTokens,\n      };\n      // If model called tools, execute them and feed results back.\n      if (resp.finishReason === 'tool_use' && resp.toolUses && resp.toolUses.length > 0) {\n        log({ ev: 'tool-call', taskId: target.id, iter: iters, tools: resp.toolUses.map((t) => t.name) });\n        // Track tool names for the artifact-grounding gate.\n        for (const u of resp.toolUses) toolsCalled.add(u.name);\n        // Append the assistant turn (text + tool_use blocks) so the model\n        // sees its own request when we send tool_result back.\n        messages.push({\n          role: 'assistant',\n          content: (resp.assistantBlocks ?? []) as never,\n        });\n        // Run each tool and collect results.\n        const toolResults = await Promise.all(resp.toolUses.map((u) => runTool(u)));\n        messages.push({\n          role: 'user',\n          content: toolResults as never,\n        });\n        continue;\n      }\n      // Final text response.\n      finalText = resp.content;\n      break;\n    }\n    const durationMs = Date.now() - start;\n\n    // Artifact-grounding gate (W.107 — fleet event-firing rate is not a productivity\n    // metric; only side-effecting tool calls produce real artifacts). MESH_TOOLS\n    // exposes 4 tools: read_file + list_dir (read-only inspection) and write_file +\n    // bash (state-mutating). A task whose execution did NOT call write_file or\n    // bash at least once produced no artifact and should NOT be marked executed.\n    // We log a 'no-artifact' tick-error instead, skip CAEL/message posts, and\n    // return so the task remains open for a real attempt.\n    const SIDE_EFFECTING_TOOLS: ReadonlySet<string> = new Set(['write_file', 'bash']);\n    const sideEffectingCalled = [...toolsCalled].some((t) => SIDE_EFFECTING_TOOLS.has(t));\n    if (!sideEffectingCalled) {\n      log({\n        ev: 'no-artifact',\n        taskId: target.id,\n        tool_iters: iters,\n        toolsCalled: [...toolsCalled],\n        message:\n          'task execution called no side-effecting tool (write_file/bash) — refusing to mark executed. ' +\n          'Likely a pure-text or read-only-inspection response. Task remains open for a grounded attempt.',\n      });\n      // Best-effort: leave the task in claimed state so the supervisor can either\n      // re-tick or release it via heartbeat-rejoin. We deliberately do NOT post\n      // a \"fake-done\" message on the board, do NOT post a CAEL record, and do NOT\n      // call the cost guard's recordUsage — the run produced no artifact and\n      // should not bill the budget for a hallucinated tick.\n      return {\n        action: 'no-artifact',\n        taskId: target.id,\n        spentUsd: costGuard.getState().spentUsd,\n        remainingUsd: costGuard.getRemainingUsd(),\n        message: `no side-effecting tool called (toolsCalled=[${[...toolsCalled].join(',')}], iters=${iters})`,\n      };\n    }\n\n    const cost = costGuard.recordUsage(identity.llmModel, aggUsage);\n    log({\n      ev: 'executed',\n      taskId: target.id,\n      costUsd: cost.costUsd.toFixed(4),\n      spentUsd: cost.spentUsd.toFixed(4),\n      tokens: aggUsage.totalTokens,\n      tool_iters: iters,\n    });\n    const response = { ...(lastResponse ?? { content: finalText, usage: aggUsage }), content: finalText, usage: aggUsage };\n\n    const execResult: ExecutionResult = {\n      taskId: target.id,\n      responseText: response.content,\n      usage: response.usage,\n      costUsd: cost.costUsd,\n      durationMs,\n    };\n\n    if (this.opts.auditLog) {\n      try {\n        this.opts.auditLog.recordTaskExecuted({\n          identity,\n          task: target,\n          result: execResult,\n        });\n      } catch (err) {\n        log({ ev: 'audit-log-error', message: err instanceof Error ? err.message : String(err) });\n      }\n    }\n\n    // Phase 1 CAEL audit: post to the HoloMesh audit store so the fleet\n    // corpus collector at ai-ecosystem/scripts/fleet-corpus-collector.mjs\n    // can read records via GET /api/holomesh/agent/{handle}/audit. Without\n    // this POST, the local AuditLog above is the only durable record and\n    // Paper 25's gate clock cannot start. See ai-ecosystem task\n    // task_1777106535952_atug for the empty-audit investigation.\n    try {\n      const caelRecord = buildCaelRecord({\n        identity,\n        brain,\n        task: target,\n        messages,\n        finalText,\n        usage: aggUsage,\n        costUsd: cost.costUsd,\n        spentUsd: cost.spentUsd,\n        prevChain: this.prevCaelChain,\n        runtimeVersion: RUNTIME_VERSION,\n      });\n      const posted = await mesh.postAuditRecords(identity.handle, [caelRecord]);\n      this.prevCaelChain = caelRecord.fnv1a_chain;\n      log({ ev: 'cael-posted', taskId: target.id, appended: posted.appended, rejected: posted.rejected });\n    } catch (err) {\n      log({ ev: 'cael-post-error', message: err instanceof Error ? err.message : String(err) });\n    }\n\n    if (this.opts.onTaskExecuted) {\n      await this.opts.onTaskExecuted(execResult, target);\n    } else {\n      await mesh.sendMessageOnTask(\n        target.id,\n        `[${identity.handle}] response (${response.usage.totalTokens} tok, $${cost.costUsd.toFixed(4)}):\\n\\n${response.content}`\n      );\n    }\n\n    return {\n      action: 'executed',\n      taskId: target.id,\n      spentUsd: cost.spentUsd,\n      remainingUsd: cost.remainingUsd,\n    };\n  }\n\n  async runForever(opts: { tickIntervalMs?: number } = {}): Promise<void> {\n    const interval = opts.tickIntervalMs ?? 60_000;\n    while (!this.stopped) {\n      try {\n        await this.tick();\n      } catch (err) {\n        const log = this.opts.logger ?? (() => undefined);\n        log({ ev: 'tick-error', message: err instanceof Error ? err.message : String(err) });\n      }\n      await sleep(interval + jitter(interval));\n    }\n  }\n\n  stop(): void {\n    this.stopped = true;\n  }\n\n  /**\n   * Heartbeat with one-shot self-rejoin on 403 \"Not a member of this team\".\n   *\n   * Pairs with task_1777112258989_eeyp: fresh-deploy fleet workers whose\n   * provisioning didn't atomically call /join (or whose membership was\n   * reaped) hit 403 every tick and never recover. We detect the specific\n   * server error string (see packages/mcp-server/src/holomesh/routes/\n   * team-routes.ts:903 → `{ error: 'Not a member' }` for /presence), call\n   * mesh.joinTeam() ONCE per runner process, and retry the heartbeat.\n   *\n   * Strict scope:\n   *  - Only retries on 403 + \"Not a member\" body. Any other 403 (insufficient\n   *    permissions, signing failure) re-throws unchanged.\n   *  - Only retries ONCE per process. If we already rejoined this process and\n   *    the heartbeat is *still* 403, the team is rejecting us for a reason\n   *    /join can't fix (e.g. capacity, ban) — surface the error.\n   *  - If joinTeam() itself throws, we DO mark joinedThisProcess=true before\n   *    re-throwing so we don't slam the join endpoint on every subsequent\n   *    tick. The next tick will surface the same heartbeat 403 and the\n   *    runner-level catch in runForever logs tick-error and sleeps. Operator\n   *    inspection (SSH/log) is the recovery path at that point.\n   */\n  private async heartbeatWithAutoRejoin(): Promise<void> {\n    const { identity, mesh, logger } = this.opts;\n    const log = logger ?? (() => undefined);\n    try {\n      await mesh.heartbeat({ agentName: identity.handle, surface: identity.surface });\n    } catch (err) {\n      if (!this.isNotAMemberError(err) || this.joinedThisProcess) {\n        throw err;\n      }\n      log({ ev: 'auto-rejoin-attempt', reason: 'heartbeat-403-not-a-member' });\n      // Mark BEFORE the join call so a thrown joinTeam() can't loop us.\n      this.joinedThisProcess = true;\n      try {\n        const joinResult = await mesh.joinTeam();\n        log({ ev: 'auto-rejoin-success', role: joinResult.role, members: joinResult.members });\n      } catch (joinErr) {\n        log({\n          ev: 'auto-rejoin-failed',\n          message: joinErr instanceof Error ? joinErr.message : String(joinErr),\n        });\n        throw joinErr;\n      }\n      // Retry the heartbeat exactly once. If it still fails (including with\n      // another 403), the new error propagates — joinedThisProcess is now\n      // true so we won't retry-loop on the next tick.\n      await mesh.heartbeat({ agentName: identity.handle, surface: identity.surface });\n      log({ ev: 'auto-rejoin-heartbeat-recovered' });\n    }\n  }\n\n  /**\n   * Detect the server's \"Not a member\" 403 error from HolomeshClient.req().\n   * The error message format is: `HoloMesh POST /team/<id>/presence 403: <body>`\n   * where body contains `{\"error\":\"Not a member\"}` (or \"Not a member of this team\").\n   * Match conservatively: BOTH a \"403\" status marker AND the \"Not a member\"\n   * substring must appear, so unrelated 403s (insufficient permissions,\n   * signing failures) do NOT trigger a rejoin.\n   */\n  private isNotAMemberError(err: unknown): boolean {\n    const msg = err instanceof Error ? err.message : String(err);\n    return / 403:/.test(msg) && /Not a member/i.test(msg);\n  }\n}\n\nfunction buildTaskPrompt(task: BoardTask): string {\n  return [\n    `Board task to execute: ${task.id}`,\n    `Title: ${task.title}`,\n    `Priority: ${task.priority}`,\n    `Tags: ${(task.tags ?? []).join(', ')}`,\n    '',\n    'Description:',\n    task.description ?? '(no description)',\n    '',\n    'Produce the deliverable described in the task. Apply your brain composition rules — anti-patterns, decision loop, and scope tier all bind. Return the response as plain text suitable for posting to /room as a message on this task.',\n  ].join('\\n');\n}\n\nfunction sleep(ms: number): Promise<void> {\n  return new Promise((r) => setTimeout(r, ms));\n}\n\nfunction jitter(base: number): number {\n  return Math.floor((Math.random() - 0.5) * base * 0.2);\n}\n"],"mappings":";AA+IO,SAAS,kBACd,OACA,qBACuB;AACvB,QAAM,SAAS,IAAI,IAAI,oBAAoB,IAAI,CAAC,MAAM,EAAE,YAAY,CAAC,CAAC;AACtE,QAAM,OAAO,MAAM,OAAO,CAAC,MAAM,EAAE,WAAW,UAAU,CAAC,EAAE,SAAS;AACpE,QAAM,SAAS,KACZ,IAAI,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,UAAU,GAAG,MAAM,EAAE,EAAE,EACrD,OAAO,CAAC,MAAM,EAAE,QAAQ,CAAC,EACzB,KAAK,CAAC,GAAG,MAAM,EAAE,QAAQ,EAAE,SAAS,SAAS,EAAE,IAAI,IAAI,SAAS,EAAE,IAAI,CAAC;AAC1E,SAAO,OAAO,CAAC,GAAG;AACpB;AAEA,SAAS,UAAU,MAAiB,QAA6B;AAC/D,QAAM,QAAQ,KAAK,QAAQ,CAAC,GAAG,IAAI,CAAC,MAAM,EAAE,YAAY,CAAC;AACzD,QAAM,OAAO,GAAG,KAAK,KAAK,IAAI,KAAK,eAAe,EAAE,GAAG,YAAY;AACnE,MAAI,QAAQ;AACZ,aAAW,OAAO,KAAM,KAAI,OAAO,IAAI,GAAG,EAAG,UAAS;AACtD,aAAW,KAAK,OAAQ,KAAI,KAAK,SAAS,CAAC,EAAG,UAAS;AACvD,SAAO;AACT;AAEA,SAAS,SAAS,GAAsB;AACtC,MAAI,OAAO,EAAE,aAAa,SAAU,QAAO,EAAE;AAC7C,QAAM,MAA8B,EAAE,UAAU,GAAG,MAAM,GAAG,QAAQ,GAAG,KAAK,EAAE;AAC9E,SAAO,IAAI,OAAO,EAAE,QAAQ,EAAE,YAAY,CAAC,KAAK;AAClD;;;ACrJA,SAAS,kBAAkB;AA8B3B,SAAS,IAAI,OAAuB;AAClC,SAAO,WAAW,QAAQ,EAAE,OAAO,OAAO,MAAM,EAAE,OAAO,KAAK;AAChE;AAgBA,SAAS,aAAa,OAAwD;AAC5E,QAAM,IAAI,OAAO,MAAM,aAAa,EAAE;AAEtC,MAAI,IAAI,EAAE,MAAM,0CAA0C;AAC1D,MAAI,EAAG,QAAO,EAAE,CAAC;AAEjB,MAAI,EAAE,MAAM,yBAAyB;AACrC,MAAI,EAAG,QAAO,EAAE,CAAC;AAEjB,MAAI,EAAE,MAAM,mBAAmB;AAC/B,MAAI,EAAG,QAAO,EAAE,CAAC;AAEjB,QAAM,SAAS,OAAO,MAAM,UAAU,EAAE,EAAE,KAAK;AAC/C,MAAI,UAAU,WAAW,UAAW,QAAO;AAC3C,SAAO;AACT;AAEO,SAAS,gBAAgB,OAA8C;AAC5E,QAAM,EAAE,UAAU,OAAO,MAAM,UAAU,WAAW,OAAO,SAAS,UAAU,WAAW,eAAe,IAAI;AAE5G,QAAM,KAAK,IAAI,MAAM,YAAY;AACjC,QAAM,KAAK,IAAI,GAAG,KAAK,EAAE,IAAI,KAAK,KAAK,IAAI,KAAK,eAAe,EAAE,EAAE;AACnE,QAAM,KAAK,IAAI,KAAK,UAAU,QAAQ,CAAC;AACvC,QAAM,KAAK,IAAI,SAAS;AACxB,QAAM,KAAK,IAAI,KAAK,UAAU,KAAK,CAAC;AACpC,QAAM,KAAK,IAAI,GAAG,QAAQ,QAAQ,CAAC,CAAC,IAAI,SAAS,QAAQ,CAAC,CAAC,EAAE;AAC7D,QAAM,KAAK,IAAI,CAAC,IAAI,IAAI,IAAI,IAAI,IAAI,EAAE,EAAE,KAAK,GAAG,CAAC;AAEjD,QAAM,cAAc,IAAI,GAAG,aAAa,EAAE,IAAI,EAAE,EAAE;AAElD,SAAO;AAAA,IACL,WAAU,oBAAI,KAAK,GAAE,YAAY;AAAA,IACjC,cAAc,CAAC,IAAI,IAAI,IAAI,IAAI,IAAI,IAAI,EAAE;AAAA,IACzC,WAAW,iBAAiB,KAAK,EAAE;AAAA,IACnC,WAAW;AAAA,IACX;AAAA,IACA,4BAA4B,SAAS,cAAc,UAAU,aAAa,KAAK,CAAC,aAAa,SAAS,WAAW,UAAU,SAAS,QAAQ;AAAA,IAC5I,aAAa,aAAa,KAAK;AAAA,EACjC;AACF;;;ACnFA,SAAS,UAAU,WAAW,SAAS,OAAO,YAAY;AAC1D,SAAS,SAAS,eAAe;AACjC,SAAS,aAAa;AAMtB,IAAM,qBAAqB;AAAA,EACzB;AAAA;AAAA,EACA;AAAA;AAAA,EACA;AAAA;AACF;AAEA,IAAM,sBAAsB;AAAA,EAC1B;AAAA;AACF;AAKA,IAAM,iBAAiB;AAAA,EACrB;AAAA,EAAc;AAAA,EAAY;AAAA,EAC1B;AAAA,EACA;AAAA,EAAO;AAAA,EAAQ;AAAA,EACf;AAAA,EACA;AAAA,EAAS;AAAA,EACT;AAAA,EACA;AAAA,EACA;AAAA,EAAS;AAAA,EACT;AAAA,EAAc;AAAA,EAAW;AAAA,EAAY;AAAA,EACrC;AAAA,EACA;AAAA,EAAe;AAAA,EACf;AAAA,EACA;AACF;AAKO,IAAM,aAAyB;AAAA,EACpC;AAAA,IACE,MAAM;AAAA,IACN,aACE;AAAA,IAGF,cAAc;AAAA,MACZ,MAAM;AAAA,MACN,YAAY;AAAA,QACV,MAAM,EAAE,MAAM,UAAU,aAAa,2CAA2C;AAAA,MAClF;AAAA,MACA,UAAU,CAAC,MAAM;AAAA,IACnB;AAAA,EACF;AAAA,EACA;AAAA,IACE,MAAM;AAAA,IACN,aACE;AAAA,IAEF,cAAc;AAAA,MACZ,MAAM;AAAA,MACN,YAAY;AAAA,QACV,MAAM,EAAE,MAAM,UAAU,aAAa,2CAA2C;AAAA,MAClF;AAAA,MACA,UAAU,CAAC,MAAM;AAAA,IACnB;AAAA,EACF;AAAA,EACA;AAAA,IACE,MAAM;AAAA,IACN,aACE;AAAA,IAGF,cAAc;AAAA,MACZ,MAAM;AAAA,MACN,YAAY;AAAA,QACV,MAAM,EAAE,MAAM,UAAU,aAAa,0CAA0C;AAAA,QAC/E,SAAS,EAAE,MAAM,UAAU,aAAa,gCAAgC;AAAA,MAC1E;AAAA,MACA,UAAU,CAAC,QAAQ,SAAS;AAAA,IAC9B;AAAA,EACF;AAAA,EACA;AAAA,IACE,MAAM;AAAA,IACN,aACE;AAAA,IAIF,cAAc;AAAA,MACZ,MAAM;AAAA,MACN,YAAY;AAAA,QACV,KAAK,EAAE,MAAM,UAAU,aAAa,4BAA4B;AAAA,QAChE,KAAK,EAAE,MAAM,UAAU,aAAa,iDAAiD;AAAA,MACvF;AAAA,MACA,UAAU,CAAC,KAAK;AAAA,IAClB;AAAA,EACF;AACF;AAKA,SAAS,YAAY,SAAiB,MAAuB;AAC3D,QAAM,WAAW,QAAQ,OAAO;AAChC,QAAM,eAAe,QAAQ,IAAI;AACjC,SAAO,aAAa,gBAAgB,SAAS,WAAW,eAAe,GAAG;AAC5E;AAEA,SAAS,iBAAiB,MAA6B;AACrD,MAAI,CAAC,KAAK,WAAW,GAAG,EAAG,QAAO,+BAA+B,IAAI;AACrE,aAAW,QAAQ,oBAAoB;AACrC,QAAI,YAAY,MAAM,IAAI,EAAG,QAAO;AAAA,EACtC;AACA,SAAO,4BAAuB,IAAI,8BAA8B,mBAAmB,KAAK,IAAI,CAAC;AAC/F;AAEA,SAAS,kBAAkB,MAA6B;AACtD,MAAI,CAAC,KAAK,WAAW,GAAG,EAAG,QAAO,+BAA+B,IAAI;AACrE,aAAW,QAAQ,qBAAqB;AACtC,QAAI,YAAY,MAAM,IAAI,EAAG,QAAO;AAAA,EACtC;AACA,SAAO,6BAAwB,IAAI,8BAA8B,oBAAoB,KAAK,IAAI,CAAC;AACjG;AAEA,SAAS,iBAAiB,KAA4B;AACpD,QAAM,UAAU,IAAI,KAAK;AACzB,MAAI,QAAQ,WAAW,EAAG,QAAO;AAEjC,MAAI,uBAAuB,KAAK,OAAO,GAAG;AACxC,WAAO;AAAA,EACT;AACA,aAAW,UAAU,gBAAgB;AACnC,QAAI,QAAQ,WAAW,OAAO,KAAK,CAAC,EAAG,QAAO;AAAA,EAChD;AACA,SAAO,+CAA+C,eAAe,KAAK,KAAK,CAAC;AAClF;AAKA,eAAsB,QAAQ,KAA6C;AACzE,MAAI;AACF,QAAI,IAAI,SAAS,aAAa;AAC5B,YAAM,OAAO,IAAI,MAAM;AACvB,YAAM,SAAS,iBAAiB,IAAI;AACpC,UAAI,OAAQ,QAAO,UAAU,IAAI,IAAI,MAAM;AAC3C,YAAM,OAAO,MAAM,SAAS,MAAM,MAAM;AAExC,YAAM,YAAY,KAAK,SAAS,MAAU,KAAK,MAAM,GAAG,GAAO,IAAI;AAAA,iCAA+B,KAAK,MAAM,YAAY;AACzH,aAAO,SAAS,IAAI,IAAI,SAAS;AAAA,IACnC;AAEA,QAAI,IAAI,SAAS,YAAY;AAC3B,YAAM,OAAO,IAAI,MAAM;AACvB,YAAM,SAAS,iBAAiB,IAAI;AACpC,UAAI,OAAQ,QAAO,UAAU,IAAI,IAAI,MAAM;AAC3C,YAAM,UAAU,MAAM,QAAQ,MAAM,EAAE,eAAe,KAAK,CAAC;AAC3D,YAAM,QAAQ,QAAQ,IAAI,CAAC,MAAM,GAAG,EAAE,YAAY,IAAI,MAAM,GAAG,IAAI,EAAE,IAAI,EAAE;AAC3E,aAAO,SAAS,IAAI,IAAI,MAAM,KAAK,IAAI,CAAC;AAAA,IAC1C;AAEA,QAAI,IAAI,SAAS,cAAc;AAC7B,YAAM,OAAO,IAAI,MAAM;AACvB,YAAM,UAAU,IAAI,MAAM;AAC1B,YAAM,SAAS,kBAAkB,IAAI;AACrC,UAAI,OAAQ,QAAO,UAAU,IAAI,IAAI,MAAM;AAC3C,YAAM,MAAM,QAAQ,IAAI,GAAG,EAAE,WAAW,KAAK,CAAC;AAC9C,YAAM,UAAU,MAAM,SAAS,MAAM;AACrC,YAAM,IAAI,MAAM,KAAK,IAAI;AACzB,aAAO,SAAS,IAAI,IAAI,SAAS,EAAE,IAAI,aAAa,IAAI,EAAE;AAAA,IAC5D;AAEA,QAAI,IAAI,SAAS,QAAQ;AACvB,YAAM,MAAM,IAAI,MAAM;AACtB,YAAM,MAAO,IAAI,MAAM,OAA8B;AACrD,YAAM,SAAS,iBAAiB,GAAG;AACnC,UAAI,OAAQ,QAAO,UAAU,IAAI,IAAI,MAAM;AAC3C,YAAM,SAAS,MAAM,QAAQ,KAAK,GAAG;AACrC,aAAO,OAAO,SAAS,IACnB,SAAS,IAAI,IAAI,OAAO,MAAM,IAC9B,UAAU,IAAI,IAAI,QAAQ,OAAO,IAAI;AAAA,EAAK,OAAO,UAAU,OAAO,MAAM,EAAE;AAAA,IAChF;AAEA,WAAO,UAAU,IAAI,IAAI,iBAAiB,IAAI,IAAI,EAAE;AAAA,EACtD,SAAS,KAAK;AACZ,WAAO,UAAU,IAAI,IAAI,eAAe,QAAQ,IAAI,UAAU,OAAO,GAAG,CAAC;AAAA,EAC3E;AACF;AAQA,SAAS,QAAQ,KAAa,KAAkC;AAC9D,SAAO,IAAI,QAAQ,CAAC,gBAAgB;AAClC,UAAM,QAAQ,MAAM,QAAQ,CAAC,MAAM,GAAG,GAAG,EAAE,KAAK,KAAK,QAAQ,IAAI,CAAC;AAClE,QAAI,SAAS;AACb,QAAI,SAAS;AACb,QAAI,SAAS;AACb,UAAM,aAAa;AACnB,UAAM,aAAa;AACnB,UAAM,SAAS,WAAW,MAAM;AAC9B,eAAS;AACT,YAAM,KAAK,SAAS;AAAA,IACtB,GAAG,UAAU;AACb,UAAM,OAAO,GAAG,QAAQ,CAAC,MAAc;AACrC,UAAI,OAAO,SAAS,WAAY,WAAU,EAAE,SAAS,MAAM;AAAA,IAC7D,CAAC;AACD,UAAM,OAAO,GAAG,QAAQ,CAAC,MAAc;AACrC,UAAI,OAAO,SAAS,WAAY,WAAU,EAAE,SAAS,MAAM;AAAA,IAC7D,CAAC;AACD,UAAM,GAAG,SAAS,CAAC,QAAQ;AACzB,mBAAa,MAAM;AACnB,kBAAY,EAAE,MAAM,GAAG,QAAQ,QAAQ,SAAS,oBAAoB,IAAI,QAAQ,CAAC;AAAA,IACnF,CAAC;AACD,UAAM,GAAG,QAAQ,CAAC,SAAS;AACzB,mBAAa,MAAM;AACnB,YAAM,cAAc,OAAO,UAAU,aAAa,SAAS;AAAA,6BAA2B,UAAU,YAAY;AAC5G,YAAM,OAAO,SAAS;AAAA,qBAAwB,UAAU,gBAAgB;AACxE,kBAAY,EAAE,MAAM,QAAQ,GAAG,QAAQ,cAAc,MAAM,OAAO,CAAC;AAAA,IACrE,CAAC;AAAA,EACH,CAAC;AACH;AAEA,SAAS,SAAS,IAAY,SAAkC;AAC9D,SAAO,EAAE,MAAM,eAAe,aAAa,IAAI,QAAQ;AACzD;AAEA,SAAS,UAAU,IAAY,SAAkC;AAC/D,SAAO,EAAE,MAAM,eAAe,aAAa,IAAI,SAAS,SAAS,UAAU,KAAK;AAClF;;;AChPA,IAAM,kBAAkB;AAajB,IAAM,cAAN,MAAkB;AAAA,EAsBvB,YAA6B,MAA0B;AAA1B;AArB7B,SAAQ,UAAU;AAMlB;AAAA;AAAA;AAAA;AAAA;AAAA,SAAQ,gBAA+B;AAavC;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,SAAQ,oBAAoB;AAAA,EAE4B;AAAA,EAExD,MAAM,OAA4B;AAChC,UAAM,EAAE,UAAU,OAAO,MAAM,WAAW,UAAU,OAAO,IAAI,KAAK;AACpE,UAAM,MAAM,WAAW,MAAM;AAE7B,UAAM,KAAK,wBAAwB;AAEnC,QAAI,UAAU,aAAa,GAAG;AAC5B,YAAM,QAAQ,UAAU,SAAS;AACjC,UAAI,EAAE,IAAI,eAAe,UAAU,MAAM,UAAU,QAAQ,SAAS,gBAAgB,CAAC;AACrF,aAAO;AAAA,QACL,QAAQ;AAAA,QACR,UAAU,MAAM;AAAA,QAChB,cAAc;AAAA,QACd,SAAS,iBAAiB,SAAS,eAAe;AAAA,MACpD;AAAA,IACF;AAEA,UAAM,QAAQ,MAAM,KAAK,aAAa;AACtC,UAAM,SAAS,kBAAkB,OAAO,MAAM,cAAc;AAC5D,QAAI,CAAC,QAAQ;AACX,UAAI,EAAE,IAAI,qBAAqB,MAAM,MAAM,OAAO,CAAC;AACnD,aAAO;AAAA,QACL,QAAQ;AAAA,QACR,UAAU,UAAU,SAAS,EAAE;AAAA,QAC/B,cAAc,UAAU,gBAAgB;AAAA,MAC1C;AAAA,IACF;AAEA,QAAI,EAAE,IAAI,SAAS,QAAQ,OAAO,IAAI,OAAO,OAAO,MAAM,CAAC;AAC3D,UAAM,KAAK,MAAM,OAAO,EAAE;AAE1B,UAAM,QAAQ,KAAK,IAAI;AAQvB,UAAM,WAAyB;AAAA,MAC7B,EAAE,MAAM,UAAU,SAAS,MAAM,aAAa;AAAA,MAC9C,EAAE,MAAM,QAAQ,SAAS,gBAAgB,MAAM,EAAE;AAAA,IACnD;AACA,QAAI,WAAuB,EAAE,cAAc,GAAG,kBAAkB,GAAG,aAAa,EAAE;AAClF,QAAI,YAAY;AAChB,QAAI,QAAQ;AAKZ,UAAM,iBAAiB;AACvB,QAAI;AAOJ,UAAM,cAAc,oBAAI,IAAY;AACpC,WAAO,MAAM;AACX;AACA,UAAI,QAAQ,gBAAgB;AAC1B,YAAI,EAAE,IAAI,iBAAiB,QAAQ,OAAO,IAAI,MAAM,CAAC;AACrD,oBAAY,aAAa,kBAAkB,cAAc;AACzD;AAAA,MACF;AACA,YAAM,OAAO,MAAM,SAAS;AAAA,QAC1B;AAAA,UACE;AAAA,UACA,WAAW;AAAA,UACX,aAAa;AAAA,UACb,OAAO;AAAA,QACT;AAAA,QACA,SAAS;AAAA,MACX;AACA,qBAAe;AACf,iBAAW;AAAA,QACT,cAAc,SAAS,eAAe,KAAK,MAAM;AAAA,QACjD,kBAAkB,SAAS,mBAAmB,KAAK,MAAM;AAAA,QACzD,aAAa,SAAS,cAAc,KAAK,MAAM;AAAA,MACjD;AAEA,UAAI,KAAK,iBAAiB,cAAc,KAAK,YAAY,KAAK,SAAS,SAAS,GAAG;AACjF,YAAI,EAAE,IAAI,aAAa,QAAQ,OAAO,IAAI,MAAM,OAAO,OAAO,KAAK,SAAS,IAAI,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC;AAEhG,mBAAW,KAAK,KAAK,SAAU,aAAY,IAAI,EAAE,IAAI;AAGrD,iBAAS,KAAK;AAAA,UACZ,MAAM;AAAA,UACN,SAAU,KAAK,mBAAmB,CAAC;AAAA,QACrC,CAAC;AAED,cAAM,cAAc,MAAM,QAAQ,IAAI,KAAK,SAAS,IAAI,CAAC,MAAM,QAAQ,CAAC,CAAC,CAAC;AAC1E,iBAAS,KAAK;AAAA,UACZ,MAAM;AAAA,UACN,SAAS;AAAA,QACX,CAAC;AACD;AAAA,MACF;AAEA,kBAAY,KAAK;AACjB;AAAA,IACF;AACA,UAAM,aAAa,KAAK,IAAI,IAAI;AAShC,UAAM,uBAA4C,oBAAI,IAAI,CAAC,cAAc,MAAM,CAAC;AAChF,UAAM,sBAAsB,CAAC,GAAG,WAAW,EAAE,KAAK,CAAC,MAAM,qBAAqB,IAAI,CAAC,CAAC;AACpF,QAAI,CAAC,qBAAqB;AACxB,UAAI;AAAA,QACF,IAAI;AAAA,QACJ,QAAQ,OAAO;AAAA,QACf,YAAY;AAAA,QACZ,aAAa,CAAC,GAAG,WAAW;AAAA,QAC5B,SACE;AAAA,MAEJ,CAAC;AAMD,aAAO;AAAA,QACL,QAAQ;AAAA,QACR,QAAQ,OAAO;AAAA,QACf,UAAU,UAAU,SAAS,EAAE;AAAA,QAC/B,cAAc,UAAU,gBAAgB;AAAA,QACxC,SAAS,+CAA+C,CAAC,GAAG,WAAW,EAAE,KAAK,GAAG,CAAC,YAAY,KAAK;AAAA,MACrG;AAAA,IACF;AAEA,UAAM,OAAO,UAAU,YAAY,SAAS,UAAU,QAAQ;AAC9D,QAAI;AAAA,MACF,IAAI;AAAA,MACJ,QAAQ,OAAO;AAAA,MACf,SAAS,KAAK,QAAQ,QAAQ,CAAC;AAAA,MAC/B,UAAU,KAAK,SAAS,QAAQ,CAAC;AAAA,MACjC,QAAQ,SAAS;AAAA,MACjB,YAAY;AAAA,IACd,CAAC;AACD,UAAM,WAAW,EAAE,GAAI,gBAAgB,EAAE,SAAS,WAAW,OAAO,SAAS,GAAI,SAAS,WAAW,OAAO,SAAS;AAErH,UAAM,aAA8B;AAAA,MAClC,QAAQ,OAAO;AAAA,MACf,cAAc,SAAS;AAAA,MACvB,OAAO,SAAS;AAAA,MAChB,SAAS,KAAK;AAAA,MACd;AAAA,IACF;AAEA,QAAI,KAAK,KAAK,UAAU;AACtB,UAAI;AACF,aAAK,KAAK,SAAS,mBAAmB;AAAA,UACpC;AAAA,UACA,MAAM;AAAA,UACN,QAAQ;AAAA,QACV,CAAC;AAAA,MACH,SAAS,KAAK;AACZ,YAAI,EAAE,IAAI,mBAAmB,SAAS,eAAe,QAAQ,IAAI,UAAU,OAAO,GAAG,EAAE,CAAC;AAAA,MAC1F;AAAA,IACF;AAQA,QAAI;AACF,YAAM,aAAa,gBAAgB;AAAA,QACjC;AAAA,QACA;AAAA,QACA,MAAM;AAAA,QACN;AAAA,QACA;AAAA,QACA,OAAO;AAAA,QACP,SAAS,KAAK;AAAA,QACd,UAAU,KAAK;AAAA,QACf,WAAW,KAAK;AAAA,QAChB,gBAAgB;AAAA,MAClB,CAAC;AACD,YAAM,SAAS,MAAM,KAAK,iBAAiB,SAAS,QAAQ,CAAC,UAAU,CAAC;AACxE,WAAK,gBAAgB,WAAW;AAChC,UAAI,EAAE,IAAI,eAAe,QAAQ,OAAO,IAAI,UAAU,OAAO,UAAU,UAAU,OAAO,SAAS,CAAC;AAAA,IACpG,SAAS,KAAK;AACZ,UAAI,EAAE,IAAI,mBAAmB,SAAS,eAAe,QAAQ,IAAI,UAAU,OAAO,GAAG,EAAE,CAAC;AAAA,IAC1F;AAEA,QAAI,KAAK,KAAK,gBAAgB;AAC5B,YAAM,KAAK,KAAK,eAAe,YAAY,MAAM;AAAA,IACnD,OAAO;AACL,YAAM,KAAK;AAAA,QACT,OAAO;AAAA,QACP,IAAI,SAAS,MAAM,eAAe,SAAS,MAAM,WAAW,UAAU,KAAK,QAAQ,QAAQ,CAAC,CAAC;AAAA;AAAA,EAAS,SAAS,OAAO;AAAA,MACxH;AAAA,IACF;AAEA,WAAO;AAAA,MACL,QAAQ;AAAA,MACR,QAAQ,OAAO;AAAA,MACf,UAAU,KAAK;AAAA,MACf,cAAc,KAAK;AAAA,IACrB;AAAA,EACF;AAAA,EAEA,MAAM,WAAW,OAAoC,CAAC,GAAkB;AACtE,UAAM,WAAW,KAAK,kBAAkB;AACxC,WAAO,CAAC,KAAK,SAAS;AACpB,UAAI;AACF,cAAM,KAAK,KAAK;AAAA,MAClB,SAAS,KAAK;AACZ,cAAM,MAAM,KAAK,KAAK,WAAW,MAAM;AACvC,YAAI,EAAE,IAAI,cAAc,SAAS,eAAe,QAAQ,IAAI,UAAU,OAAO,GAAG,EAAE,CAAC;AAAA,MACrF;AACA,YAAM,MAAM,WAAW,OAAO,QAAQ,CAAC;AAAA,IACzC;AAAA,EACF;AAAA,EAEA,OAAa;AACX,SAAK,UAAU;AAAA,EACjB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAwBA,MAAc,0BAAyC;AACrD,UAAM,EAAE,UAAU,MAAM,OAAO,IAAI,KAAK;AACxC,UAAM,MAAM,WAAW,MAAM;AAC7B,QAAI;AACF,YAAM,KAAK,UAAU,EAAE,WAAW,SAAS,QAAQ,SAAS,SAAS,QAAQ,CAAC;AAAA,IAChF,SAAS,KAAK;AACZ,UAAI,CAAC,KAAK,kBAAkB,GAAG,KAAK,KAAK,mBAAmB;AAC1D,cAAM;AAAA,MACR;AACA,UAAI,EAAE,IAAI,uBAAuB,QAAQ,6BAA6B,CAAC;AAEvE,WAAK,oBAAoB;AACzB,UAAI;AACF,cAAM,aAAa,MAAM,KAAK,SAAS;AACvC,YAAI,EAAE,IAAI,uBAAuB,MAAM,WAAW,MAAM,SAAS,WAAW,QAAQ,CAAC;AAAA,MACvF,SAAS,SAAS;AAChB,YAAI;AAAA,UACF,IAAI;AAAA,UACJ,SAAS,mBAAmB,QAAQ,QAAQ,UAAU,OAAO,OAAO;AAAA,QACtE,CAAC;AACD,cAAM;AAAA,MACR;AAIA,YAAM,KAAK,UAAU,EAAE,WAAW,SAAS,QAAQ,SAAS,SAAS,QAAQ,CAAC;AAC9E,UAAI,EAAE,IAAI,kCAAkC,CAAC;AAAA,IAC/C;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAUQ,kBAAkB,KAAuB;AAC/C,UAAM,MAAM,eAAe,QAAQ,IAAI,UAAU,OAAO,GAAG;AAC3D,WAAO,QAAQ,KAAK,GAAG,KAAK,gBAAgB,KAAK,GAAG;AAAA,EACtD;AACF;AAEA,SAAS,gBAAgB,MAAyB;AAChD,SAAO;AAAA,IACL,0BAA0B,KAAK,EAAE;AAAA,IACjC,UAAU,KAAK,KAAK;AAAA,IACpB,aAAa,KAAK,QAAQ;AAAA,IAC1B,UAAU,KAAK,QAAQ,CAAC,GAAG,KAAK,IAAI,CAAC;AAAA,IACrC;AAAA,IACA;AAAA,IACA,KAAK,eAAe;AAAA,IACpB;AAAA,IACA;AAAA,EACF,EAAE,KAAK,IAAI;AACb;AAEA,SAAS,MAAM,IAA2B;AACxC,SAAO,IAAI,QAAQ,CAAC,MAAM,WAAW,GAAG,EAAE,CAAC;AAC7C;AAEA,SAAS,OAAO,MAAsB;AACpC,SAAO,KAAK,OAAO,KAAK,OAAO,IAAI,OAAO,OAAO,GAAG;AACtD;","names":[]}