@imricci/zaker 0.1.0

package/dist/core/preflight.js

@@ -0,0 +1,140 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.runPreflight = runPreflight;
+const promises_1 = require("node:fs/promises");
+const node_fs_1 = require("node:fs");
+const node_path_1 = require("node:path");
+const git_1 = require("../infra/git");
+const hashing_1 = require("../infra/hashing");
+const process_1 = require("../infra/process");
+const LOCKFILE_CANDIDATES = [
+    "package-lock.json",
+    "pnpm-lock.yaml",
+    "yarn.lock",
+    "npm-shrinkwrap.json"
+];
+const ALLOWED_DIRTY_PATHS = new Set([
+    "sop.json",
+    "checkpoint.json",
+    ".molo/memory.json",
+    ".molo/intent.card.json",
+    ".molo/intent.confirmed.json",
+    ".molo/session.json",
+    ".molo/tui_session.json"
+]);
+async function fileExists(filePath) {
+    try {
+        await (0, promises_1.access)(filePath, node_fs_1.constants.F_OK);
+        return true;
+    }
+    catch {
+        return false;
+    }
+}
+function parseCommandBinary(command) {
+    const trimmed = command.trim();
+    if (!trimmed) {
+        return "";
+    }
+    return trimmed.split(/\s+/)[0] || "";
+}
+async function resolveLockfile(cwd) {
+    for (const candidate of LOCKFILE_CANDIDATES) {
+        const absolutePath = (0, node_path_1.resolve)(cwd, candidate);
+        if (await fileExists(absolutePath)) {
+            const content = await (0, promises_1.readFile)(absolutePath, "utf8");
+            return {
+                path: candidate,
+                sha256: (0, hashing_1.sha256)(content)
+            };
+        }
+    }
+    throw new Error("Preflight failed: lockfile not found. Expected package-lock.json/pnpm-lock.yaml/yarn.lock.");
+}
+async function assertGitClean(cwd) {
+    const git = (0, git_1.createGitClient)(cwd);
+    const rawStatus = (await git.raw(["status", "--porcelain"])).trim();
+    if (rawStatus.length === 0) {
+        return;
+    }
+    const lines = rawStatus.split(/\r?\n/).map((line) => line.trimEnd());
+    const disallowed = lines.filter((line) => {
+        const match = line.match(/^(.{1,2})\s+(.*)$/);
+        if (!match) {
+            return true;
+        }
+        const payload = match[2].trim();
+        const normalized = payload.includes(" -> ")
+            ? payload.split(" -> ").pop()?.trim() || payload
+            : payload;
+        return !ALLOWED_DIRTY_PATHS.has(normalized);
+    });
+    if (disallowed.length > 0) {
+        throw new Error(`Preflight failed: git workspace is not clean. disallowed=${disallowed.join(" | ")}`);
+    }
+}
+async function buildCommandSignatures(commands) {
+    const signatures = [];
+    for (const commandSpec of commands) {
+        if (!commandSpec.required) {
+            continue;
+        }
+        const binary = parseCommandBinary(commandSpec.command);
+        if (!binary) {
+            throw new Error(`Preflight failed: invalid verification command (${commandSpec.id}).`);
+        }
+        const lookup = await (0, process_1.runCommand)("which", [binary]);
+        if (lookup.exitCode !== 0) {
+            throw new Error(`Preflight failed: verification binary not found: ${binary}`);
+        }
+        signatures.push({
+            id: commandSpec.id,
+            command: commandSpec.command,
+            command_sha256: (0, hashing_1.sha256)(commandSpec.command)
+        });
+    }
+    if (signatures.length === 0) {
+        throw new Error("Preflight failed: no required verification commands configured.");
+    }
+    return signatures;
+}
+async function resolveRiskPathInfo(config, cwd) {
+    const riskPath = config.risk.risk_paths_file;
+    const absoluteRiskPath = (0, node_path_1.resolve)(cwd, riskPath);
+    if (!(await fileExists(absoluteRiskPath))) {
+        throw new Error(`Preflight failed: risk paths file not found: ${riskPath}`);
+    }
+    const stats = await (0, promises_1.stat)(absoluteRiskPath);
+    if ((stats.mode & 0o222) !== 0) {
+        throw new Error(`Preflight failed: risk paths file must be read-only: ${riskPath} (chmod 444 ${riskPath})`);
+    }
+    const riskContent = await (0, promises_1.readFile)(absoluteRiskPath, "utf8");
+    return {
+        riskPath,
+        riskSha256: (0, hashing_1.sha256)(riskContent)
+    };
+}
+async function runPreflight(sop, config, cwd = process.cwd()) {
+    await assertGitClean(cwd);
+    const lockfile = await resolveLockfile(cwd);
+    const verificationCommands = await buildCommandSignatures(sop.verification.commands);
+    const risk = await resolveRiskPathInfo(config, cwd);
+    return {
+        metadata: {
+            preflight_checked_at: new Date().toISOString(),
+            lockfile_path: lockfile.path,
+            lockfile_sha256: lockfile.sha256,
+            verification_commands: verificationCommands,
+            risk_paths_file: risk.riskPath,
+            risk_paths_sha256: risk.riskSha256,
+            execution: {
+                provider: config.execution.provider,
+                model: config.execution.model,
+                ollama_host: config.execution.provider === "ollama" ? config.execution.ollama_host : undefined,
+                max_attempts: config.execution.max_attempts,
+                attempts_used: 0
+            }
+        }
+    };
+}
+//# sourceMappingURL=preflight.js.map

package/dist/core/preflight.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"preflight.js","sourceRoot":"","sources":["../../src/core/preflight.ts"],"names":[],"mappings":";;AA6IA,oCA4BC;AAzKD,+CAA0D;AAC1D,qCAAoC;AACpC,yCAAoC;AACpC,sCAA+C;AAC/C,8CAA0C;AAC1C,8CAA8C;AAI9C,MAAM,mBAAmB,GAAG;IAC1B,mBAAmB;IACnB,gBAAgB;IAChB,WAAW;IACX,qBAAqB;CACtB,CAAC;AACF,MAAM,mBAAmB,GAAG,IAAI,GAAG,CAAC;IAClC,UAAU;IACV,iBAAiB;IACjB,mBAAmB;IACnB,wBAAwB;IACxB,6BAA6B;IAC7B,oBAAoB;IACpB,wBAAwB;CACzB,CAAC,CAAC;AAEH,KAAK,UAAU,UAAU,CAAC,QAAgB;IACxC,IAAI,CAAC;QACH,MAAM,IAAA,iBAAM,EAAC,QAAQ,EAAE,mBAAS,CAAC,IAAI,CAAC,CAAC;QACvC,OAAO,IAAI,CAAC;IACd,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED,SAAS,kBAAkB,CAAC,OAAe;IACzC,MAAM,OAAO,GAAG,OAAO,CAAC,IAAI,EAAE,CAAC;IAC/B,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,OAAO,EAAE,CAAC;IACZ,CAAC;IACD,OAAO,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;AACvC,CAAC;AAED,KAAK,UAAU,eAAe,CAAC,GAAW;IACxC,KAAK,MAAM,SAAS,IAAI,mBAAmB,EAAE,CAAC;QAC5C,MAAM,YAAY,GAAG,IAAA,mBAAO,EAAC,GAAG,EAAE,SAAS,CAAC,CAAC;QAC7C,IAAI,MAAM,UAAU,CAAC,YAAY,CAAC,EAAE,CAAC;YACnC,MAAM,OAAO,GAAG,MAAM,IAAA,mBAAQ,EAAC,YAAY,EAAE,MAAM,CAAC,CAAC;YACrD,OAAO;gBACL,IAAI,EAAE,SAAS;gBACf,MAAM,EAAE,IAAA,gBAAM,EAAC,OAAO,CAAC;aACxB,CAAC;QACJ,CAAC;IACH,CAAC;IAED,MAAM,IAAI,KAAK,CAAC,4FAA4F,CAAC,CAAC;AAChH,CAAC;AAED,KAAK,UAAU,cAAc,CAAC,GAAW;IACvC,MAAM,GAAG,GAAG,IAAA,qBAAe,EAAC,GAAG,CAAC,CAAC;IACjC,MAAM,SAAS,GAAG,CAAC,MAAM,GAAG,CAAC,GAAG,CAAC,CAAC,QAAQ,EAAE,aAAa,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;IACpE,IAAI,SAAS,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC3B,OAAO;IACT,CAAC;IAED,MAAM,KAAK,GAAG,SAAS,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,OAAO,EAAE,CAAC,CAAC;IACrE,MAAM,UAAU,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC,IAAI,EAAE,EAAE;QACvC,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,mBAAmB,CAAC,CAAC;QAC9C,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,OAAO,IAAI,CAAC;QACd,CAAC;QACD,MAAM,OAAO,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;QAChC,MAAM,UAAU,GAAG,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAC;YACzC,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,EAAE,IAAI,EAAE,IAAI,OAAO;YAChD,CAAC,CAAC,OAAO,CAAC;QACZ,OAAO,CAAC,mBAAmB,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;IAC9C,CAAC,CAAC,CAAC;IAEH,IAAI,UAAU,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC1B,MAAM,IAAI,KAAK,CAAC,4DAA4D,UAAU,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;IACxG,CAAC;AACH,CAAC;AAED,KAAK,UAAU,sBAAsB,CAAC,QAAyC;IAC7E,MAAM,UAAU,GAA6B,EAAE,CAAC;IAEhD,KAAK,MAAM,WAAW,IAAI,QAAQ,EAAE,CAAC;QACnC,IAAI,CAAC,WAAW,CAAC,QAAQ,EAAE,CAAC;YAC1B,SAAS;QACX,CAAC;QACD,MAAM,MAAM,GAAG,kBAAkB,CAAC,WAAW,CAAC,OAAO,CAAC,CAAC;QACvD,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,MAAM,IAAI,KAAK,CAAC,mDAAmD,WAAW,CAAC,EAAE,IAAI,CAAC,CAAC;QACzF,CAAC;QAED,MAAM,MAAM,GAAG,MAAM,IAAA,oBAAU,EAAC,OAAO,EAAE,CAAC,MAAM,CAAC,CAAC,CAAC;QACnD,IAAI,MAAM,CAAC,QAAQ,KAAK,CAAC,EAAE,CAAC;YAC1B,MAAM,IAAI,KAAK,CAAC,oDAAoD,MAAM,EAAE,CAAC,CAAC;QAChF,CAAC;QAED,UAAU,CAAC,IAAI,CAAC;YACd,EAAE,EAAE,WAAW,CAAC,EAAE;YAClB,OAAO,EAAE,WAAW,CAAC,OAAO;YAC5B,cAAc,EAAE,IAAA,gBAAM,EAAC,WAAW,CAAC,OAAO,CAAC;SAC5C,CAAC,CAAC;IACL,CAAC;IAED,IAAI,UAAU,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC5B,MAAM,IAAI,KAAK,CAAC,iEAAiE,CAAC,CAAC;IACrF,CAAC;IAED,OAAO,UAAU,CAAC;AACpB,CAAC;AAED,KAAK,UAAU,mBAAmB,CAAC,MAAkB,EAAE,GAAW;IAIhE,MAAM,QAAQ,GAAG,MAAM,CAAC,IAAI,CAAC,eAAe,CAAC;IAC7C,MAAM,gBAAgB,GAAG,IAAA,mBAAO,EAAC,GAAG,EAAE,QAAQ,CAAC,CAAC;IAChD,IAAI,CAAC,CAAC,MAAM,UAAU,CAAC,gBAAgB,CAAC,CAAC,EAAE,CAAC;QAC1C,MAAM,IAAI,KAAK,CAAC,gDAAgD,QAAQ,EAAE,CAAC,CAAC;IAC9E,CAAC;IAED,MAAM,KAAK,GAAG,MAAM,IAAA,eAAI,EAAC,gBAAgB,CAAC,CAAC;IAC3C,IAAI,CAAC,KAAK,CAAC,IAAI,GAAG,KAAK,CAAC,KAAK,CAAC,EAAE,CAAC;QAC/B,MAAM,IAAI,KAAK,CACb,wDAAwD,QAAQ,eAAe,QAAQ,GAAG,CAC3F,CAAC;IACJ,CAAC;IAED,MAAM,WAAW,GAAG,MAAM,IAAA,mBAAQ,EAAC,gBAAgB,EAAE,MAAM,CAAC,CAAC;IAC7D,OAAO;QACL,QAAQ;QACR,UAAU,EAAE,IAAA,gBAAM,EAAC,WAAW,CAAC;KAChC,CAAC;AACJ,CAAC;AAMM,KAAK,UAAU,YAAY,CAChC,GAAQ,EACR,MAAkB,EAClB,GAAG,GAAG,OAAO,CAAC,GAAG,EAAE;IAEnB,MAAM,cAAc,CAAC,GAAG,CAAC,CAAC;IAC1B,MAAM,QAAQ,GAAG,MAAM,eAAe,CAAC,GAAG,CAAC,CAAC;IAC5C,MAAM,oBAAoB,GAAG,MAAM,sBAAsB,CAAC,GAAG,CAAC,YAAY,CAAC,QAAQ,CAAC,CAAC;IACrF,MAAM,IAAI,GAAG,MAAM,mBAAmB,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;IAEpD,OAAO;QACL,QAAQ,EAAE;YACR,oBAAoB,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YAC9C,aAAa,EAAE,QAAQ,CAAC,IAAI;YAC5B,eAAe,EAAE,QAAQ,CAAC,MAAM;YAChC,qBAAqB,EAAE,oBAAoB;YAC3C,eAAe,EAAE,IAAI,CAAC,QAAQ;YAC9B,iBAAiB,EAAE,IAAI,CAAC,UAAU;YAClC,SAAS,EAAE;gBACT,QAAQ,EAAE,MAAM,CAAC,SAAS,CAAC,QAAQ;gBACnC,KAAK,EAAE,MAAM,CAAC,SAAS,CAAC,KAAK;gBAC7B,WAAW,EACT,MAAM,CAAC,SAAS,CAAC,QAAQ,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,SAAS,CAAC,WAAW,CAAC,CAAC,CAAC,SAAS;gBACnF,YAAY,EAAE,MAAM,CAAC,SAAS,CAAC,YAAY;gBAC3C,aAAa,EAAE,CAAC;aACjB;SACF;KACF,CAAC;AACJ,CAAC"}

package/dist/core/provider-onboarding.d.ts

@@ -0,0 +1,12 @@
+import { MoloConfig } from "../infra/config";
+export interface ProviderOnboardingState {
+    required: boolean;
+    provider: string;
+    catalog_size: number;
+    selected: {
+        planner: string;
+        auditor: string;
+        execution: string;
+    };
+}
+export declare function ensureProviderOnboarding(config: MoloConfig): Promise<ProviderOnboardingState>;

package/dist/core/provider-onboarding.js

@@ -0,0 +1,32 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ensureProviderOnboarding = ensureProviderOnboarding;
+const model_catalog_1 = require("../infra/model-catalog");
+async function ensureProviderOnboarding(config) {
+    const required = (0, model_catalog_1.isCloudOnboardingRequired)(config);
+    const selections = (0, model_catalog_1.resolveModelSelections)(config);
+    if (!required) {
+        return {
+            required: false,
+            provider: config.model.provider,
+            catalog_size: 0,
+            selected: selections
+        };
+    }
+    const catalog = await (0, model_catalog_1.fetchModelCatalog)(config);
+    (0, model_catalog_1.validateModelSelection)("planner", selections.planner, catalog.role_models.planner);
+    (0, model_catalog_1.validateModelSelection)("auditor", selections.auditor, catalog.role_models.auditor);
+    if (config.execution.provider === "cheap_cloud") {
+        (0, model_catalog_1.validateModelSelection)("execution", selections.execution, catalog.role_models.execution);
+    }
+    if (config.execution.provider === "ollama") {
+        (0, model_catalog_1.validateModelSelection)("execution", selections.execution, catalog.role_models.execution);
+    }
+    return {
+        required: true,
+        provider: catalog.provider,
+        catalog_size: catalog.models.length,
+        selected: selections
+    };
+}
+//# sourceMappingURL=provider-onboarding.js.map

package/dist/core/provider-onboarding.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"provider-onboarding.js","sourceRoot":"","sources":["../../src/core/provider-onboarding.ts"],"names":[],"mappings":";;AAmBA,4DA+BC;AAjDD,0DAKgC;AAazB,KAAK,UAAU,wBAAwB,CAC5C,MAAkB;IAElB,MAAM,QAAQ,GAAG,IAAA,yCAAyB,EAAC,MAAM,CAAC,CAAC;IACnD,MAAM,UAAU,GAAG,IAAA,sCAAsB,EAAC,MAAM,CAAC,CAAC;IAElD,IAAI,CAAC,QAAQ,EAAE,CAAC;QACd,OAAO;YACL,QAAQ,EAAE,KAAK;YACf,QAAQ,EAAE,MAAM,CAAC,KAAK,CAAC,QAAQ;YAC/B,YAAY,EAAE,CAAC;YACf,QAAQ,EAAE,UAAU;SACrB,CAAC;IACJ,CAAC;IAED,MAAM,OAAO,GAAG,MAAM,IAAA,iCAAiB,EAAC,MAAM,CAAC,CAAC;IAChD,IAAA,sCAAsB,EAAC,SAAS,EAAE,UAAU,CAAC,OAAO,EAAE,OAAO,CAAC,WAAW,CAAC,OAAO,CAAC,CAAC;IACnF,IAAA,sCAAsB,EAAC,SAAS,EAAE,UAAU,CAAC,OAAO,EAAE,OAAO,CAAC,WAAW,CAAC,OAAO,CAAC,CAAC;IACnF,IAAI,MAAM,CAAC,SAAS,CAAC,QAAQ,KAAK,aAAa,EAAE,CAAC;QAChD,IAAA,sCAAsB,EAAC,WAAW,EAAE,UAAU,CAAC,SAAS,EAAE,OAAO,CAAC,WAAW,CAAC,SAAS,CAAC,CAAC;IAC3F,CAAC;IACD,IAAI,MAAM,CAAC,SAAS,CAAC,QAAQ,KAAK,QAAQ,EAAE,CAAC;QAC3C,IAAA,sCAAsB,EAAC,WAAW,EAAE,UAAU,CAAC,SAAS,EAAE,OAAO,CAAC,WAAW,CAAC,SAAS,CAAC,CAAC;IAC3F,CAAC;IAED,OAAO;QACL,QAAQ,EAAE,IAAI;QACd,QAAQ,EAAE,OAAO,CAAC,QAAQ;QAC1B,YAAY,EAAE,OAAO,CAAC,MAAM,CAAC,MAAM;QACnC,QAAQ,EAAE,UAAU;KACrB,CAAC;AACJ,CAAC"}

package/dist/core/run-loop.d.ts

@@ -0,0 +1,32 @@
+import { InterpretedAudit } from "./auditor";
+import { AuditResult, Checkpoint, C3FIReport, ChallengeHistoryEntry, IntentBinding, LLMProvider, MemorySummary, RunnerCommandSignature, RunnerMetadata, VerificationReport } from "./types";
+export interface RunAuditLoopOptions {
+    provider: LLMProvider;
+    baseCommit: string;
+    sopId: string;
+    allowedPaths: string[];
+    verificationCommands: RunnerCommandSignature[];
+    initialVerification: VerificationReport;
+    runnerMetadata: RunnerMetadata;
+    c3fiReport: C3FIReport;
+    memorySummary: MemorySummary;
+    intentBinding: IntentBinding;
+    maxChallenges: number;
+    cloudPlanCalls?: number;
+    checkpointOutputPath?: string;
+    cwd?: string;
+    onChallenge?: (interpretation: InterpretedAudit) => void | Promise<void>;
+}
+export interface RunAuditLoopResult {
+    interpretation: InterpretedAudit;
+    verification: VerificationReport;
+    checkpoint: Checkpoint;
+    finalAuditResult: AuditResult;
+    challengeHistory: ChallengeHistoryEntry[];
+    budget: {
+        cloud_plan_calls: number;
+        cloud_audit_calls: number;
+        challenge_used: number;
+    };
+}
+export declare function runBoundedAuditLoop(options: RunAuditLoopOptions): Promise<RunAuditLoopResult>;

package/dist/core/run-loop.js

@@ -0,0 +1,205 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.runBoundedAuditLoop = runBoundedAuditLoop;
+const auditor_1 = require("./auditor");
+const challenge_1 = require("./challenge");
+const checkpoint_1 = require("./checkpoint");
+const types_1 = require("./types");
+const CHALLENGE_ROUND_HARD_LIMIT = 2;
+async function runBoundedAuditLoop(options) {
+    const cwd = options.cwd ?? process.cwd();
+    const checkpointOutputPath = options.checkpointOutputPath ?? "checkpoint.json";
+    const challengeLimit = Math.min(CHALLENGE_ROUND_HARD_LIMIT, Math.max(0, options.maxChallenges));
+    const seenFingerprints = new Set();
+    const challengeHistory = [];
+    const budget = {
+        cloud_plan_calls: options.cloudPlanCalls ?? 1,
+        cloud_audit_calls: 0,
+        challenge_used: 0
+    };
+    let verification = options.initialVerification;
+    let lastCheckpoint = null;
+    async function persistCheckpoint() {
+        const checkpoint = await (0, checkpoint_1.buildCheckpoint)({
+            cwd,
+            baseCommit: options.baseCommit,
+            sopId: options.sopId,
+            intentBinding: options.intentBinding,
+            verification,
+            c3fiReport: options.c3fiReport,
+            memorySummary: options.memorySummary,
+            budget,
+            challengeHistory,
+            runnerMetadata: options.runnerMetadata
+        });
+        await (0, checkpoint_1.writeCheckpoint)(checkpoint, checkpointOutputPath, cwd);
+        lastCheckpoint = checkpoint;
+        return checkpoint;
+    }
+    while (true) {
+        if (options.c3fiReport.required && options.c3fiReport.status === "FAILED") {
+            const checkpoint = await persistCheckpoint();
+            const finalAuditResult = {
+                schema_version: types_1.AUDIT_SCHEMA_VERSION,
+                verdict: "FAIL",
+                reason_code: "C3_FI_GUARD_FAILED",
+                message: options.c3fiReport.message
+            };
+            return {
+                interpretation: {
+                    verdict: "FAIL",
+                    lines: ["FAIL", options.c3fiReport.message],
+                    exitCode: 1
+                },
+                verification,
+                checkpoint,
+                finalAuditResult,
+                challengeHistory,
+                budget
+            };
+        }
+        const checkpointBeforeAudit = await persistCheckpoint();
+        const preconditionResult = (0, auditor_1.guardCheckpointForAudit)(checkpointBeforeAudit);
+        if (preconditionResult) {
+            const finalAuditResult = {
+                schema_version: types_1.AUDIT_SCHEMA_VERSION,
+                verdict: "FAIL",
+                reason_code: "PRECONDITION_FAILED",
+                message: preconditionResult.lines.slice(1).join(" | ")
+            };
+            return {
+                interpretation: preconditionResult,
+                verification,
+                checkpoint: checkpointBeforeAudit,
+                finalAuditResult,
+                challengeHistory,
+                budget
+            };
+        }
+        budget.cloud_audit_calls += 1;
+        const checkpoint = await persistCheckpoint();
+        const normalizedAudit = (0, auditor_1.normalizeAuditResult)(await options.provider.audit(checkpoint));
+        const interpreted = (0, auditor_1.interpretAuditResult)(normalizedAudit, { allowChallenge: true });
+        if (interpreted.verdict !== "CHALLENGE") {
+            return {
+                interpretation: interpreted,
+                verification,
+                checkpoint,
+                finalAuditResult: normalizedAudit,
+                challengeHistory,
+                budget
+            };
+        }
+        await options.onChallenge?.(interpreted);
+        const challenge = normalizedAudit.challenge;
+        if (!challenge) {
+            const interpretation = (0, auditor_1.humanInterventionResult)("Invalid challenge payload: missing challenge data.");
+            const finalAuditResult = {
+                schema_version: types_1.AUDIT_SCHEMA_VERSION,
+                verdict: "FAIL",
+                reason_code: "INVALID_CHALLENGE",
+                message: "Invalid challenge payload: missing challenge data."
+            };
+            return {
+                interpretation,
+                verification,
+                checkpoint,
+                finalAuditResult,
+                challengeHistory,
+                budget
+            };
+        }
+        const challengeRound = budget.challenge_used + 1;
+        const duplicateFingerprint = seenFingerprints.has(challenge.fingerprint);
+        const exceedsLimit = challengeRound > challengeLimit;
+        if (duplicateFingerprint || exceedsLimit) {
+            challengeHistory.push({
+                round: challengeRound,
+                challenge_id: challenge.challenge_id,
+                type: challenge.type,
+                fingerprint: challenge.fingerprint,
+                instruction: challenge.instruction,
+                audit_call: budget.cloud_audit_calls,
+                status: "REJECTED",
+                applied_patches: 0,
+                verification_all_passed: verification.all_passed,
+                reason: duplicateFingerprint
+                    ? `Duplicate challenge fingerprint: ${challenge.fingerprint}`
+                    : `Challenge limit exceeded: max ${challengeLimit}`,
+                recorded_at: new Date().toISOString()
+            });
+            await persistCheckpoint();
+            const interpretation = (0, auditor_1.humanInterventionResult)(duplicateFingerprint
+                ? `Duplicate challenge fingerprint detected: ${challenge.fingerprint}`
+                : `Challenge limit exceeded (${challengeLimit}).`);
+            const checkpointWithHistory = lastCheckpoint ?? checkpoint;
+            const finalAuditResult = {
+                schema_version: types_1.AUDIT_SCHEMA_VERSION,
+                verdict: "FAIL",
+                reason_code: duplicateFingerprint
+                    ? "DUPLICATE_CHALLENGE_FINGERPRINT"
+                    : "CHALLENGE_LIMIT_EXCEEDED",
+                message: interpretation.lines.slice(1).join(" | ")
+            };
+            return {
+                interpretation,
+                verification,
+                checkpoint: checkpointWithHistory,
+                finalAuditResult,
+                challengeHistory,
+                budget
+            };
+        }
+        seenFingerprints.add(challenge.fingerprint);
+        try {
+            const resolution = await (0, challenge_1.handleChallenge)(normalizedAudit, options.allowedPaths, options.verificationCommands, cwd);
+            const appliedPatches = resolution.execution?.applied_patches ?? 0;
+            verification = resolution.verification ?? verification;
+            budget.challenge_used = challengeRound;
+            challengeHistory.push({
+                round: challengeRound,
+                challenge_id: challenge.challenge_id,
+                type: challenge.type,
+                fingerprint: challenge.fingerprint,
+                instruction: challenge.instruction,
+                audit_call: budget.cloud_audit_calls,
+                status: appliedPatches > 0 ? "APPLIED" : "SKIPPED",
+                applied_patches: appliedPatches,
+                verification_all_passed: verification.all_passed,
+                recorded_at: new Date().toISOString()
+            });
+        }
+        catch (error) {
+            const message = error instanceof Error ? error.message : String(error);
+            budget.challenge_used = challengeRound;
+            challengeHistory.push({
+                round: challengeRound,
+                challenge_id: challenge.challenge_id,
+                type: challenge.type,
+                fingerprint: challenge.fingerprint,
+                instruction: challenge.instruction,
+                audit_call: budget.cloud_audit_calls,
+                status: "REJECTED",
+                applied_patches: 0,
+                verification_all_passed: verification.all_passed,
+                reason: message,
+                recorded_at: new Date().toISOString()
+            });
+            await persistCheckpoint();
+            return {
+                interpretation: (0, auditor_1.humanInterventionResult)(`Challenge execution failed: ${message}`),
+                verification,
+                checkpoint: lastCheckpoint ?? checkpoint,
+                finalAuditResult: {
+                    schema_version: types_1.AUDIT_SCHEMA_VERSION,
+                    verdict: "FAIL",
+                    reason_code: "CHALLENGE_EXECUTION_FAILED",
+                    message
+                },
+                challengeHistory,
+                budget
+            };
+        }
+    }
+}
+//# sourceMappingURL=run-loop.js.map

package/dist/core/run-loop.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"run-loop.js","sourceRoot":"","sources":["../../src/core/run-loop.ts"],"names":[],"mappings":";;AAwDA,kDA0NC;AAlRD,uCAMmB;AACnB,2CAA8C;AAC9C,6CAAgE;AAChE,mCAYiB;AAEjB,MAAM,0BAA0B,GAAG,CAAC,CAAC;AAiC9B,KAAK,UAAU,mBAAmB,CAAC,OAA4B;IACpE,MAAM,GAAG,GAAG,OAAO,CAAC,GAAG,IAAI,OAAO,CAAC,GAAG,EAAE,CAAC;IACzC,MAAM,oBAAoB,GAAG,OAAO,CAAC,oBAAoB,IAAI,iBAAiB,CAAC;IAC/E,MAAM,cAAc,GAAG,IAAI,CAAC,GAAG,CAC7B,0BAA0B,EAC1B,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,OAAO,CAAC,aAAa,CAAC,CACnC,CAAC;IACF,MAAM,gBAAgB,GAAG,IAAI,GAAG,EAAU,CAAC;IAC3C,MAAM,gBAAgB,GAA4B,EAAE,CAAC;IACrD,MAAM,MAAM,GAAG;QACb,gBAAgB,EAAE,OAAO,CAAC,cAAc,IAAI,CAAC;QAC7C,iBAAiB,EAAE,CAAC;QACpB,cAAc,EAAE,CAAC;KAClB,CAAC;IAEF,IAAI,YAAY,GAAG,OAAO,CAAC,mBAAmB,CAAC;IAC/C,IAAI,cAAc,GAAsB,IAAI,CAAC;IAE7C,KAAK,UAAU,iBAAiB;QAC9B,MAAM,UAAU,GAAG,MAAM,IAAA,4BAAe,EAAC;YACvC,GAAG;YACH,UAAU,EAAE,OAAO,CAAC,UAAU;YAC9B,KAAK,EAAE,OAAO,CAAC,KAAK;YACpB,aAAa,EAAE,OAAO,CAAC,aAAa;YACpC,YAAY;YACZ,UAAU,EAAE,OAAO,CAAC,UAAU;YAC9B,aAAa,EAAE,OAAO,CAAC,aAAa;YACpC,MAAM;YACN,gBAAgB;YAChB,cAAc,EAAE,OAAO,CAAC,cAAc;SACvC,CAAC,CAAC;QACH,MAAM,IAAA,4BAAe,EAAC,UAAU,EAAE,oBAAoB,EAAE,GAAG,CAAC,CAAC;QAC7D,cAAc,GAAG,UAAU,CAAC;QAC5B,OAAO,UAAU,CAAC;IACpB,CAAC;IAED,OAAO,IAAI,EAAE,CAAC;QACZ,IAAI,OAAO,CAAC,UAAU,CAAC,QAAQ,IAAI,OAAO,CAAC,UAAU,CAAC,MAAM,KAAK,QAAQ,EAAE,CAAC;YAC1E,MAAM,UAAU,GAAG,MAAM,iBAAiB,EAAE,CAAC;YAC7C,MAAM,gBAAgB,GAAgB;gBACpC,cAAc,EAAE,4BAAoB;gBACpC,OAAO,EAAE,MAAM;gBACf,WAAW,EAAE,oBAAoB;gBACjC,OAAO,EAAE,OAAO,CAAC,UAAU,CAAC,OAAO;aACpC,CAAC;YACF,OAAO;gBACL,cAAc,EAAE;oBACd,OAAO,EAAE,MAAM;oBACf,KAAK,EAAE,CAAC,MAAM,EAAE,OAAO,CAAC,UAAU,CAAC,OAAO,CAAC;oBAC3C,QAAQ,EAAE,CAAC;iBACZ;gBACD,YAAY;gBACZ,UAAU;gBACV,gBAAgB;gBAChB,gBAAgB;gBAChB,MAAM;aACP,CAAC;QACJ,CAAC;QAED,MAAM,qBAAqB,GAAG,MAAM,iBAAiB,EAAE,CAAC;QACxD,MAAM,kBAAkB,GAAG,IAAA,iCAAuB,EAAC,qBAAqB,CAAC,CAAC;QAC1E,IAAI,kBAAkB,EAAE,CAAC;YACvB,MAAM,gBAAgB,GAAgB;gBACpC,cAAc,EAAE,4BAAoB;gBACpC,OAAO,EAAE,MAAM;gBACf,WAAW,EAAE,qBAAqB;gBAClC,OAAO,EAAE,kBAAkB,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC;aACvD,CAAC;YACF,OAAO;gBACL,cAAc,EAAE,kBAAkB;gBAClC,YAAY;gBACZ,UAAU,EAAE,qBAAqB;gBACjC,gBAAgB;gBAChB,gBAAgB;gBAChB,MAAM;aACP,CAAC;QACJ,CAAC;QAED,MAAM,CAAC,iBAAiB,IAAI,CAAC,CAAC;QAC9B,MAAM,UAAU,GAAG,MAAM,iBAAiB,EAAE,CAAC;QAC7C,MAAM,eAAe,GAAG,IAAA,8BAAoB,EAAC,MAAM,OAAO,CAAC,QAAQ,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC,CAAC;QACvF,MAAM,WAAW,GAAG,IAAA,8BAAoB,EAAC,eAAe,EAAE,EAAE,cAAc,EAAE,IAAI,EAAE,CAAC,CAAC;QAEpF,IAAI,WAAW,CAAC,OAAO,KAAK,WAAW,EAAE,CAAC;YACxC,OAAO;gBACL,cAAc,EAAE,WAAW;gBAC3B,YAAY;gBACZ,UAAU;gBACV,gBAAgB,EAAE,eAAe;gBACjC,gBAAgB;gBAChB,MAAM;aACP,CAAC;QACJ,CAAC;QAED,MAAM,OAAO,CAAC,WAAW,EAAE,CAAC,WAAW,CAAC,CAAC;QAEzC,MAAM,SAAS,GAAG,eAAe,CAAC,SAAS,CAAC;QAC5C,IAAI,CAAC,SAAS,EAAE,CAAC;YACf,MAAM,cAAc,GAAG,IAAA,iCAAuB,EAAC,oDAAoD,CAAC,CAAC;YACrG,MAAM,gBAAgB,GAAgB;gBACpC,cAAc,EAAE,4BAAoB;gBACpC,OAAO,EAAE,MAAM;gBACf,WAAW,EAAE,mBAAmB;gBAChC,OAAO,EAAE,oDAAoD;aAC9D,CAAC;YACF,OAAO;gBACL,cAAc;gBACd,YAAY;gBACZ,UAAU;gBACV,gBAAgB;gBAChB,gBAAgB;gBAChB,MAAM;aACP,CAAC;QACJ,CAAC;QAED,MAAM,cAAc,GAAG,MAAM,CAAC,cAAc,GAAG,CAAC,CAAC;QACjD,MAAM,oBAAoB,GAAG,gBAAgB,CAAC,GAAG,CAAC,SAAS,CAAC,WAAW,CAAC,CAAC;QACzE,MAAM,YAAY,GAAG,cAAc,GAAG,cAAc,CAAC;QAErD,IAAI,oBAAoB,IAAI,YAAY,EAAE,CAAC;YACzC,gBAAgB,CAAC,IAAI,CAAC;gBACpB,KAAK,EAAE,cAAc;gBACrB,YAAY,EAAE,SAAS,CAAC,YAAY;gBACpC,IAAI,EAAE,SAAS,CAAC,IAAI;gBACpB,WAAW,EAAE,SAAS,CAAC,WAAW;gBAClC,WAAW,EAAE,SAAS,CAAC,WAAW;gBAClC,UAAU,EAAE,MAAM,CAAC,iBAAiB;gBACpC,MAAM,EAAE,UAAU;gBAClB,eAAe,EAAE,CAAC;gBAClB,uBAAuB,EAAE,YAAY,CAAC,UAAU;gBAChD,MAAM,EAAE,oBAAoB;oBAC1B,CAAC,CAAC,oCAAoC,SAAS,CAAC,WAAW,EAAE;oBAC7D,CAAC,CAAC,iCAAiC,cAAc,EAAE;gBACrD,WAAW,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;aACtC,CAAC,CAAC;YACH,MAAM,iBAAiB,EAAE,CAAC;YAE1B,MAAM,cAAc,GAAG,IAAA,iCAAuB,EAC5C,oBAAoB;gBAClB,CAAC,CAAC,6CAA6C,SAAS,CAAC,WAAW,EAAE;gBACtE,CAAC,CAAC,6BAA6B,cAAc,IAAI,CACpD,CAAC;YACF,MAAM,qBAAqB,GAAG,cAAc,IAAI,UAAU,CAAC;YAC3D,MAAM,gBAAgB,GAAgB;gBACpC,cAAc,EAAE,4BAAoB;gBACpC,OAAO,EAAE,MAAM;gBACf,WAAW,EAAE,oBAAoB;oBAC/B,CAAC,CAAC,iCAAiC;oBACnC,CAAC,CAAC,0BAA0B;gBAC9B,OAAO,EAAE,cAAc,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC;aACnD,CAAC;YACF,OAAO;gBACL,cAAc;gBACd,YAAY;gBACZ,UAAU,EAAE,qBAAqB;gBACjC,gBAAgB;gBAChB,gBAAgB;gBAChB,MAAM;aACP,CAAC;QACJ,CAAC;QAED,gBAAgB,CAAC,GAAG,CAAC,SAAS,CAAC,WAAW,CAAC,CAAC;QAE5C,IAAI,CAAC;YACH,MAAM,UAAU,GAAG,MAAM,IAAA,2BAAe,EACtC,eAAe,EACf,OAAO,CAAC,YAAY,EACpB,OAAO,CAAC,oBAAoB,EAC5B,GAAG,CACJ,CAAC;YACF,MAAM,cAAc,GAAG,UAAU,CAAC,SAAS,EAAE,eAAe,IAAI,CAAC,CAAC;YAClE,YAAY,GAAG,UAAU,CAAC,YAAY,IAAI,YAAY,CAAC;YACvD,MAAM,CAAC,cAAc,GAAG,cAAc,CAAC;YACvC,gBAAgB,CAAC,IAAI,CAAC;gBACpB,KAAK,EAAE,cAAc;gBACrB,YAAY,EAAE,SAAS,CAAC,YAAY;gBACpC,IAAI,EAAE,SAAS,CAAC,IAAI;gBACpB,WAAW,EAAE,SAAS,CAAC,WAAW;gBAClC,WAAW,EAAE,SAAS,CAAC,WAAW;gBAClC,UAAU,EAAE,MAAM,CAAC,iBAAiB;gBACpC,MAAM,EAAE,cAAc,GAAG,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS;gBAClD,eAAe,EAAE,cAAc;gBAC/B,uBAAuB,EAAE,YAAY,CAAC,UAAU;gBAChD,WAAW,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;aACtC,CAAC,CAAC;QACL,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,OAAO,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;YACvE,MAAM,CAAC,cAAc,GAAG,cAAc,CAAC;YACvC,gBAAgB,CAAC,IAAI,CAAC;gBACpB,KAAK,EAAE,cAAc;gBACrB,YAAY,EAAE,SAAS,CAAC,YAAY;gBACpC,IAAI,EAAE,SAAS,CAAC,IAAI;gBACpB,WAAW,EAAE,SAAS,CAAC,WAAW;gBAClC,WAAW,EAAE,SAAS,CAAC,WAAW;gBAClC,UAAU,EAAE,MAAM,CAAC,iBAAiB;gBACpC,MAAM,EAAE,UAAU;gBAClB,eAAe,EAAE,CAAC;gBAClB,uBAAuB,EAAE,YAAY,CAAC,UAAU;gBAChD,MAAM,EAAE,OAAO;gBACf,WAAW,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;aACtC,CAAC,CAAC;YACH,MAAM,iBAAiB,EAAE,CAAC;YAE1B,OAAO;gBACL,cAAc,EAAE,IAAA,iCAAuB,EAAC,+BAA+B,OAAO,EAAE,CAAC;gBACjF,YAAY;gBACZ,UAAU,EAAE,cAAc,IAAI,UAAU;gBACxC,gBAAgB,EAAE;oBAChB,cAAc,EAAE,4BAAoB;oBACpC,OAAO,EAAE,MAAM;oBACf,WAAW,EAAE,4BAA4B;oBACzC,OAAO;iBACR;gBACD,gBAAgB;gBAChB,MAAM;aACP,CAAC;QACJ,CAAC;IACH,CAAC;AACH,CAAC"}

package/dist/core/scope.d.ts

@@ -0,0 +1,3 @@
+export declare function extractPatchedPaths(patch: string): string[];
+export declare function resolveAllowedPaths(...pathSources: Array<string[] | undefined>): string[];
+export declare function validatePatch(patch: string, allowedPaths: string[]): boolean;

package/dist/core/scope.js

@@ -0,0 +1,75 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.extractPatchedPaths = extractPatchedPaths;
+exports.resolveAllowedPaths = resolveAllowedPaths;
+exports.validatePatch = validatePatch;
+const micromatch_1 = __importDefault(require("micromatch"));
+const SRC_SCOPE = "src/**";
+const DIFF_GIT_REGEX = /^diff --git a\/(.+?) b\/(.+)$/;
+function normalizePath(filePath) {
+    return filePath
+        .trim()
+        .replace(/^"+|"+$/g, "")
+        .replace(/^\.\/+/, "")
+        .replace(/\\/g, "/");
+}
+function parseDiffPathToken(token) {
+    const normalizedToken = token.trim().split(/\s+/)[0];
+    if (!normalizedToken || normalizedToken === "/dev/null") {
+        return null;
+    }
+    let filePath = normalizedToken;
+    if (filePath.startsWith("a/") || filePath.startsWith("b/")) {
+        filePath = filePath.slice(2);
+    }
+    const parsed = normalizePath(filePath);
+    return parsed.length > 0 ? parsed : null;
+}
+function extractPatchedPaths(patch) {
+    const files = new Set();
+    const lines = patch.split(/\r?\n/);
+    for (const line of lines) {
+        const diffMatch = DIFF_GIT_REGEX.exec(line);
+        if (diffMatch) {
+            const leftPath = normalizePath(diffMatch[1]);
+            const rightPath = normalizePath(diffMatch[2]);
+            if (leftPath.length > 0) {
+                files.add(leftPath);
+            }
+            if (rightPath.length > 0) {
+                files.add(rightPath);
+            }
+            continue;
+        }
+        if (line.startsWith("+++ ") || line.startsWith("--- ")) {
+            const token = line.slice(4);
+            const parsed = parseDiffPathToken(token);
+            if (parsed) {
+                files.add(parsed);
+            }
+        }
+    }
+    return Array.from(files);
+}
+function resolveAllowedPaths(...pathSources) {
+    const merged = pathSources
+        .flatMap((paths) => paths ?? [])
+        .map((path) => path.trim())
+        .filter((path) => path.length > 0);
+    if (merged.length === 0) {
+        return [SRC_SCOPE];
+    }
+    return Array.from(new Set(merged));
+}
+function validatePatch(patch, allowedPaths) {
+    const effectiveGlobs = resolveAllowedPaths(allowedPaths);
+    const patchedPaths = extractPatchedPaths(patch);
+    if (patchedPaths.length === 0) {
+        return false;
+    }
+    return patchedPaths.every((filePath) => micromatch_1.default.isMatch(filePath, SRC_SCOPE) && micromatch_1.default.isMatch(filePath, effectiveGlobs));
+}
+//# sourceMappingURL=scope.js.map

package/dist/core/scope.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"scope.js","sourceRoot":"","sources":["../../src/core/scope.ts"],"names":[],"mappings":";;;;;AA4BA,kDA4BC;AAED,kDAWC;AAED,sCAYC;AAnFD,4DAAoC;AAEpC,MAAM,SAAS,GAAG,QAAQ,CAAC;AAC3B,MAAM,cAAc,GAAG,+BAA+B,CAAC;AAEvD,SAAS,aAAa,CAAC,QAAgB;IACrC,OAAO,QAAQ;SACZ,IAAI,EAAE;SACN,OAAO,CAAC,UAAU,EAAE,EAAE,CAAC;SACvB,OAAO,CAAC,QAAQ,EAAE,EAAE,CAAC;SACrB,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;AACzB,CAAC;AAED,SAAS,kBAAkB,CAAC,KAAa;IACvC,MAAM,eAAe,GAAG,KAAK,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;IACrD,IAAI,CAAC,eAAe,IAAI,eAAe,KAAK,WAAW,EAAE,CAAC;QACxD,OAAO,IAAI,CAAC;IACd,CAAC;IAED,IAAI,QAAQ,GAAG,eAAe,CAAC;IAC/B,IAAI,QAAQ,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,QAAQ,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC;QAC3D,QAAQ,GAAG,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;IAC/B,CAAC;IAED,MAAM,MAAM,GAAG,aAAa,CAAC,QAAQ,CAAC,CAAC;IACvC,OAAO,MAAM,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC;AAC3C,CAAC;AAED,SAAgB,mBAAmB,CAAC,KAAa;IAC/C,MAAM,KAAK,GAAG,IAAI,GAAG,EAAU,CAAC;IAChC,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;IAEnC,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,MAAM,SAAS,GAAG,cAAc,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC5C,IAAI,SAAS,EAAE,CAAC;YACd,MAAM,QAAQ,GAAG,aAAa,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC;YAC7C,MAAM,SAAS,GAAG,aAAa,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC;YAC9C,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBACxB,KAAK,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;YACtB,CAAC;YACD,IAAI,SAAS,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBACzB,KAAK,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;YACvB,CAAC;YACD,SAAS;QACX,CAAC;QAED,IAAI,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,IAAI,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,EAAE,CAAC;YACvD,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;YAC5B,MAAM,MAAM,GAAG,kBAAkB,CAAC,KAAK,CAAC,CAAC;YACzC,IAAI,MAAM,EAAE,CAAC;gBACX,KAAK,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;YACpB,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;AAC3B,CAAC;AAED,SAAgB,mBAAmB,CAAC,GAAG,WAAwC;IAC7E,MAAM,MAAM,GAAG,WAAW;SACvB,OAAO,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,IAAI,EAAE,CAAC;SAC/B,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;SAC1B,MAAM,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;IAErC,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACxB,OAAO,CAAC,SAAS,CAAC,CAAC;IACrB,CAAC;IAED,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC;AACrC,CAAC;AAED,SAAgB,aAAa,CAAC,KAAa,EAAE,YAAsB;IACjE,MAAM,cAAc,GAAG,mBAAmB,CAAC,YAAY,CAAC,CAAC;IACzD,MAAM,YAAY,GAAG,mBAAmB,CAAC,KAAK,CAAC,CAAC;IAEhD,IAAI,YAAY,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC9B,OAAO,KAAK,CAAC;IACf,CAAC;IAED,OAAO,YAAY,CAAC,KAAK,CACvB,CAAC,QAAQ,EAAE,EAAE,CACX,oBAAU,CAAC,OAAO,CAAC,QAAQ,EAAE,SAAS,CAAC,IAAI,oBAAU,CAAC,OAAO,CAAC,QAAQ,EAAE,cAAc,CAAC,CAC1F,CAAC;AACJ,CAAC"}