npm - @kernlang/review - Versions diffs - 2.0.0 → 3.1.0 - Mend

@kernlang/review 2.0.0 → 3.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (118) hide show

package/dist/concept-rules/boundary-mutation.d.ts +13 -0
package/dist/concept-rules/boundary-mutation.js +40 -0
package/dist/concept-rules/boundary-mutation.js.map +1 -0
package/dist/concept-rules/ignored-error.d.ts +13 -0
package/dist/concept-rules/ignored-error.js +40 -0
package/dist/concept-rules/ignored-error.js.map +1 -0
package/dist/concept-rules/illegal-dependency.d.ts +13 -0
package/dist/concept-rules/illegal-dependency.js +49 -0
package/dist/concept-rules/illegal-dependency.js.map +1 -0
package/dist/concept-rules/index.d.ts +15 -0
package/dist/concept-rules/index.js +27 -0
package/dist/concept-rules/index.js.map +1 -0
package/dist/concept-rules/unguarded-effect.d.ts +13 -0
package/dist/concept-rules/unguarded-effect.js +58 -0
package/dist/concept-rules/unguarded-effect.js.map +1 -0
package/dist/concept-rules/unrecovered-effect.d.ts +13 -0
package/dist/concept-rules/unrecovered-effect.js +61 -0
package/dist/concept-rules/unrecovered-effect.js.map +1 -0
package/dist/confidence.d.ts +92 -0
package/dist/confidence.js +263 -0
package/dist/confidence.js.map +1 -0
package/dist/differ.js +4 -2
package/dist/differ.js.map +1 -1
package/dist/external-tools.js +7 -3
package/dist/external-tools.js.map +1 -1
package/dist/file-role.d.ts +10 -0
package/dist/file-role.js +80 -0
package/dist/file-role.js.map +1 -0
package/dist/graph.d.ts +11 -0
package/dist/graph.js +152 -0
package/dist/graph.js.map +1 -0
package/dist/index.d.ts +46 -3
package/dist/index.js +313 -27
package/dist/index.js.map +1 -1
package/dist/inferrer.js +123 -25
package/dist/inferrer.js.map +1 -1
package/dist/kern-lint.d.ts +18 -0
package/dist/kern-lint.js +24 -0
package/dist/kern-lint.js.map +1 -0
package/dist/llm-bridge.d.ts +42 -0
package/dist/llm-bridge.js +176 -0
package/dist/llm-bridge.js.map +1 -0
package/dist/llm-review.d.ts +8 -1
package/dist/llm-review.js +20 -7
package/dist/llm-review.js.map +1 -1
package/dist/mappers/ts-concepts.d.ts +9 -0
package/dist/mappers/ts-concepts.js +518 -0
package/dist/mappers/ts-concepts.js.map +1 -0
package/dist/quality-rules.d.ts +3 -3
package/dist/quality-rules.js +3 -11
package/dist/quality-rules.js.map +1 -1
package/dist/reporter.d.ts +19 -3
package/dist/reporter.js +232 -20
package/dist/reporter.js.map +1 -1
package/dist/rules/base.js +167 -15
package/dist/rules/base.js.map +1 -1
package/dist/rules/confidence.d.ts +37 -0
package/dist/rules/confidence.js +159 -0
package/dist/rules/confidence.js.map +1 -0
package/dist/rules/dead-logic.d.ts +13 -0
package/dist/rules/dead-logic.js +393 -0
package/dist/rules/dead-logic.js.map +1 -0
package/dist/rules/express.js +69 -2
package/dist/rules/express.js.map +1 -1
package/dist/rules/ground-layer.d.ts +23 -0
package/dist/rules/ground-layer.js +132 -0
package/dist/rules/ground-layer.js.map +1 -0
package/dist/rules/index.d.ts +1 -1
package/dist/rules/index.js +8 -2
package/dist/rules/index.js.map +1 -1
package/dist/rules/kern-source.d.ts +16 -0
package/dist/rules/kern-source.js +726 -0
package/dist/rules/kern-source.js.map +1 -0
package/dist/rules/nextjs.js +38 -10
package/dist/rules/nextjs.js.map +1 -1
package/dist/rules/null-safety.d.ts +12 -0
package/dist/rules/null-safety.js +123 -0
package/dist/rules/null-safety.js.map +1 -0
package/dist/rules/react.js +64 -1
package/dist/rules/react.js.map +1 -1
package/dist/rules/security-v2.d.ts +12 -0
package/dist/rules/security-v2.js +415 -0
package/dist/rules/security-v2.js.map +1 -0
package/dist/rules/security-v3.d.ts +12 -0
package/dist/rules/security-v3.js +397 -0
package/dist/rules/security-v3.js.map +1 -0
package/dist/rules/security-v4.d.ts +22 -0
package/dist/rules/security-v4.js +688 -0
package/dist/rules/security-v4.js.map +1 -0
package/dist/rules/security.d.ts +12 -0
package/dist/rules/security.js +286 -0
package/dist/rules/security.js.map +1 -0
package/dist/rules/utils.d.ts +7 -0
package/dist/rules/utils.js +21 -0
package/dist/rules/utils.js.map +1 -0
package/dist/rules/vue.js +1 -1
package/dist/rules/vue.js.map +1 -1
package/dist/spec-checker.d.ts +83 -0
package/dist/spec-checker.js +405 -0
package/dist/spec-checker.js.map +1 -0
package/dist/suppression/apply-suppression.d.ts +17 -0
package/dist/suppression/apply-suppression.js +94 -0
package/dist/suppression/apply-suppression.js.map +1 -0
package/dist/suppression/index.d.ts +6 -0
package/dist/suppression/index.js +6 -0
package/dist/suppression/index.js.map +1 -0
package/dist/suppression/parse-directives.d.ts +25 -0
package/dist/suppression/parse-directives.js +161 -0
package/dist/suppression/parse-directives.js.map +1 -0
package/dist/suppression/types.d.ts +32 -0
package/dist/suppression/types.js +5 -0
package/dist/suppression/types.js.map +1 -0
package/dist/taint.d.ts +115 -0
package/dist/taint.js +1052 -0
package/dist/taint.js.map +1 -0
package/dist/types.d.ts +71 -0
package/dist/types.js.map +1 -1
package/package.json +7 -4

package/dist/spec-checker.js ADDED Viewed

@@ -0,0 +1,405 @@
+/**
+ * Spec Checker — verifies .kern contracts against TypeScript implementation.
+ *
+ * The .kern file is a machine-readable security contract. This module
+ * cross-checks declared auth, validation, guards, middleware, and error
+ * handling against what the TypeScript code actually does.
+ *
+ * No other tool can do this — .kern IS the spec, and this verifies reality.
+ */
+import { readFileSync } from 'fs';
+import { parse } from '@kernlang/core';
+import { createFingerprint } from './types.js';
+// ── Extract spec contracts from .kern ────────────────────────────────────
+export function extractSpecContracts(kernSource, kernFile) {
+    const ast = parse(kernSource);
+    const contracts = [];
+    collectRoutes(ast, contracts, kernFile);
+    return contracts;
+}
+function collectRoutes(node, out, kernFile) {
+    if (node.type === 'route') {
+        const method = String(node.props?.method || 'get').toLowerCase();
+        const path = String(node.props?.path || '/');
+        const routeKey = `${method.toUpperCase()} ${path}`;
+        const contract = {
+            method,
+            path,
+            routeKey,
+            guards: [],
+            middleware: [],
+            errors: [],
+            hasHandler: false,
+            line: node.loc?.line || 1,
+            kernFile,
+        };
+        // Walk children for auth, validate, guard, middleware, error, handler
+        if (node.children) {
+            for (const child of node.children) {
+                switch (child.type) {
+                    case 'auth':
+                        contract.auth = { mode: String(child.props?.mode || 'required') };
+                        break;
+                    case 'validate':
+                        contract.validate = { schema: String(child.props?.schema || '') };
+                        break;
+                    case 'guard': {
+                        const elseVal = child.props?.else;
+                        contract.guards.push({
+                            name: String(child.props?.name || 'guard'),
+                            expr: child.props?.expr ? String(child.props.expr) : undefined,
+                            elseStatus: typeof elseVal === 'number' ? elseVal : parseInt(String(elseVal || '404'), 10),
+                        });
+                        break;
+                    }
+                    case 'middleware': {
+                        const names = [];
+                        if (child.props?.names && Array.isArray(child.props.names)) {
+                            names.push(...child.props.names);
+                        }
+                        else if (child.props?.name) {
+                            names.push(String(child.props.name));
+                        }
+                        if (names.length > 0) {
+                            contract.middleware.push({ names });
+                        }
+                        break;
+                    }
+                    case 'error':
+                        if (child.props?.status) {
+                            contract.errors.push({
+                                status: typeof child.props.status === 'number'
+                                    ? child.props.status
+                                    : parseInt(String(child.props.status), 10),
+                                message: child.props?.message ? String(child.props.message) : undefined,
+                            });
+                        }
+                        break;
+                    case 'handler':
+                        contract.hasHandler = true;
+                        break;
+                }
+            }
+        }
+        out.push(contract);
+    }
+    // Recurse into ALL children (server, document nodes contain routes)
+    if (node.children) {
+        for (const child of node.children) {
+            collectRoutes(child, out, kernFile);
+        }
+    }
+}
+// ── Extract implementation routes from .ts ───────────────────────────────
+const ROUTE_REGEX = /\b(app|router|server)\.(get|post|put|delete|patch|head|options)\s*\(\s*(['"`])([^'"`]+)\3/gi;
+export function extractImplRoutes(tsSource, filePath) {
+    const routes = [];
+    const lines = tsSource.split('\n');
+    let match;
+    ROUTE_REGEX.lastIndex = 0;
+    while ((match = ROUTE_REGEX.exec(tsSource)) !== null) {
+        const method = match[2].toLowerCase();
+        const path = match[4];
+        const routeKey = `${method.toUpperCase()} ${path}`;
+        // Find line number
+        const beforeMatch = tsSource.slice(0, match.index);
+        const startLine = beforeMatch.split('\n').length;
+        // Extract middleware args between path and handler
+        const afterPath = tsSource.slice(match.index + match[0].length);
+        const middlewareArgs = extractMiddlewareArgs(afterPath);
+        // Extract handler body
+        const handlerBody = extractHandlerBody(afterPath);
+        routes.push({
+            method,
+            path,
+            routeKey,
+            handlerBody,
+            middlewareArgs,
+            filePath,
+            startLine,
+        });
+    }
+    return routes;
+}
+function extractMiddlewareArgs(afterPath) {
+    // After the path string, there are comma-separated middleware names
+    // before the final (req, res) => { handler. Extract the identifiers.
+    const names = [];
+    // Match: , identifier, identifier, ... async? (req
+    const argsSection = afterPath.match(/^((?:, ?\w+){0,10}) ?, ?(?:async )?\(/);
+    if (!argsSection)
+        return names;
+    const argsText = argsSection[1];
+    const parts = argsText.split(',').map(s => s.trim()).filter(Boolean);
+    for (const part of parts) {
+        if (/^\w+$/.test(part)) {
+            names.push(part);
+        }
+    }
+    return names;
+}
+function extractHandlerBody(afterPath) {
+    // Find the handler function body — look for (req, res) => { or function(req, res) {
+    const handlerStart = afterPath.search(/(?:async\s*)?\([^)]*\)\s*(?:=>)?\s*\{/);
+    if (handlerStart < 0)
+        return '';
+    const braceStart = afterPath.indexOf('{', handlerStart);
+    if (braceStart < 0)
+        return '';
+    let depth = 1;
+    let i = braceStart + 1;
+    let inString = null;
+    while (i < afterPath.length && depth > 0) {
+        const ch = afterPath[i];
+        if (inString) {
+            if (ch === inString && afterPath[i - 1] !== '\\')
+                inString = null;
+            else if (ch === '\n' && inString !== '`')
+                inString = null; // single/double quotes don't span lines
+        }
+        else {
+            if (ch === '"' || ch === "'" || ch === '`')
+                inString = ch;
+            else if (ch === '{')
+                depth++;
+            else if (ch === '}')
+                depth--;
+        }
+        i++;
+    }
+    return afterPath.slice(braceStart + 1, i - 1).trim();
+}
+// ── Route matching ───────────────────────────────────────────────────────
+function pathsMatch(a, b) {
+    const sa = a.split('/').filter(Boolean);
+    const sb = b.split('/').filter(Boolean);
+    if (sa.length !== sb.length)
+        return false;
+    return sa.every((seg, i) => {
+        const isParamA = seg.startsWith(':');
+        const isParamB = sb[i].startsWith(':');
+        if (isParamA && isParamB)
+            return true;
+        if (isParamA || isParamB)
+            return false;
+        return seg === sb[i];
+    });
+}
+export function matchRoutes(specs, impls) {
+    const matched = [];
+    const usedImpls = new Set();
+    for (const spec of specs) {
+        // Try exact routeKey match first
+        let implIdx = impls.findIndex((impl, i) => !usedImpls.has(i) && impl.routeKey === spec.routeKey);
+        // Fallback: fuzzy path match (handles :id vs :userId)
+        if (implIdx < 0) {
+            implIdx = impls.findIndex((impl, i) => !usedImpls.has(i) &&
+                impl.method === spec.method &&
+                pathsMatch(impl.path, spec.path));
+        }
+        if (implIdx >= 0) {
+            matched.push({ spec, impl: impls[implIdx] });
+            usedImpls.add(implIdx);
+        }
+    }
+    const unmatchedSpecs = specs.filter(s => !matched.some(m => m.spec === s));
+    const unmatchedImpls = impls.filter((_, i) => !usedImpls.has(i));
+    return { matched, unmatchedSpecs, unmatchedImpls };
+}
+// ── Contract verification ────────────────────────────────────────────────
+const AUTH_MIDDLEWARE = /\b(auth|authenticate|requireAuth|requireLicense|verifyToken|jwtVerify|bearerAuth|isAuthenticated|authMiddleware|passport|requirePro)\b/i;
+const AUTH_BODY = /\breq\.(user|auth)\b|verifyToken\s*\(|authenticate\s*\(|checkAuth\s*\(|requireLicense\b/;
+const VALIDATION_CALL = /\.(parse|safeParse|validate|validateSync)\s?\(/;
+const GUARD_CONDITIONAL = /if\s?\(\s?!?\s?\w+/;
+function checkAuth(spec, impl) {
+    if (!spec.auth)
+        return null;
+    const hasAuthMiddleware = impl.middlewareArgs.some(a => AUTH_MIDDLEWARE.test(a));
+    const hasAuthInBody = AUTH_BODY.test(impl.handlerBody);
+    if (!hasAuthMiddleware && !hasAuthInBody) {
+        return {
+            kind: 'spec-auth-missing',
+            detail: `.kern declares 'auth ${spec.auth.mode}' on ${spec.routeKey} but no auth middleware or check found in implementation`,
+            suggestion: 'Add auth middleware (e.g., requireLicense) to the route handler chain',
+            kernFile: spec.kernFile,
+            kernLine: spec.line,
+            tsFile: impl.filePath,
+            tsLine: impl.startLine,
+        };
+    }
+    return null;
+}
+function checkValidate(spec, impl) {
+    if (!spec.validate)
+        return null;
+    const hasValidation = VALIDATION_CALL.test(impl.handlerBody);
+    const hasSchemaRef = impl.handlerBody.includes(spec.validate.schema);
+    if (!hasValidation) {
+        return {
+            kind: 'spec-validate-missing',
+            detail: `.kern declares 'validate ${spec.validate.schema}' on ${spec.routeKey} but no .parse()/.safeParse() found in handler`,
+            suggestion: `Add ${spec.validate.schema}.safeParse(req.body) before processing the request`,
+            kernFile: spec.kernFile,
+            kernLine: spec.line,
+            tsFile: impl.filePath,
+            tsLine: impl.startLine,
+        };
+    }
+    return null;
+}
+function checkGuards(spec, impl) {
+    const violations = [];
+    for (const guard of spec.guards) {
+        const hasConditional = GUARD_CONDITIONAL.test(impl.handlerBody);
+        const hasStatus = new RegExp(`\\.status\\s*\\(\\s*${guard.elseStatus}\\s*\\)`).test(impl.handlerBody) ||
+            new RegExp(`sendStatus\\s*\\(\\s*${guard.elseStatus}\\s*\\)`).test(impl.handlerBody);
+        if (!hasConditional || !hasStatus) {
+            violations.push({
+                kind: 'spec-guard-missing',
+                detail: `.kern declares 'guard ${guard.name} else=${guard.elseStatus}' on ${spec.routeKey} but ${!hasConditional ? 'no conditional check' : `no ${guard.elseStatus} response`} found`,
+                suggestion: `Add: if (!${guard.name}) return res.status(${guard.elseStatus}).json({ error: '...' })`,
+                kernFile: spec.kernFile,
+                kernLine: spec.line,
+                tsFile: impl.filePath,
+                tsLine: impl.startLine,
+            });
+        }
+    }
+    return violations;
+}
+function checkMiddleware(spec, impl) {
+    const violations = [];
+    const implMiddleware = impl.middlewareArgs.join(' ').toLowerCase();
+    const bodyLower = impl.handlerBody.toLowerCase();
+    for (const mw of spec.middleware) {
+        for (const name of mw.names) {
+            const nameLower = name.toLowerCase();
+            if (!implMiddleware.includes(nameLower) && !bodyLower.includes(nameLower)) {
+                violations.push({
+                    kind: 'spec-middleware-missing',
+                    detail: `.kern declares 'middleware ${name}' on ${spec.routeKey} but '${name}' not found in route registration or handler`,
+                    suggestion: `Add ${name} middleware to the route: router.${spec.method}('${spec.path}', ${name}, handler)`,
+                    kernFile: spec.kernFile,
+                    kernLine: spec.line,
+                    tsFile: impl.filePath,
+                    tsLine: impl.startLine,
+                });
+            }
+        }
+    }
+    return violations;
+}
+function checkErrors(spec, impl) {
+    const violations = [];
+    for (const err of spec.errors) {
+        // 500 is special — try/catch satisfies it
+        if (err.status === 500 && /try\s*\{[\s\S]*?\}\s*catch/.test(impl.handlerBody))
+            continue;
+        const hasStatus = new RegExp(`\\.status\\s*\\(\\s*${err.status}\\s*\\)`).test(impl.handlerBody) ||
+            new RegExp(`sendStatus\\s*\\(\\s*${err.status}\\s*\\)`).test(impl.handlerBody);
+        if (!hasStatus) {
+            violations.push({
+                kind: 'spec-error-unhandled',
+                detail: `.kern declares 'error ${err.status}${err.message ? ` "${err.message}"` : ''}' on ${spec.routeKey} but status ${err.status} is never sent`,
+                suggestion: `Ensure the handler can respond with res.status(${err.status}).json({ error: '${err.message || 'Error'}' })`,
+                kernFile: spec.kernFile,
+                kernLine: spec.line,
+                tsFile: impl.filePath,
+                tsLine: impl.startLine,
+            });
+        }
+    }
+    return violations;
+}
+export function verifyRouteContract(spec, impl) {
+    return [
+        checkAuth(spec, impl),
+        checkValidate(spec, impl),
+        ...checkGuards(spec, impl),
+        ...checkMiddleware(spec, impl),
+        ...checkErrors(spec, impl),
+    ].filter((v) => v !== null);
+}
+// ── Main entry ───────────────────────────────────────────────────────────
+export function checkSpec(kernSource, kernFile, tsSource, tsFile) {
+    const specs = extractSpecContracts(kernSource, kernFile);
+    const impls = extractImplRoutes(tsSource, tsFile);
+    const { matched, unmatchedSpecs, unmatchedImpls } = matchRoutes(specs, impls);
+    const violations = [];
+    // Check each matched route
+    for (const { spec, impl } of matched) {
+        violations.push(...verifyRouteContract(spec, impl));
+    }
+    // Routes in .kern with no implementation
+    for (const spec of unmatchedSpecs) {
+        violations.push({
+            kind: 'spec-unimplemented',
+            detail: `${spec.routeKey} declared in .kern but no matching route handler found in implementation`,
+            suggestion: `Implement the ${spec.method.toUpperCase()} ${spec.path} route handler`,
+            kernFile: spec.kernFile,
+            kernLine: spec.line,
+        });
+    }
+    // Routes in .ts with no .kern declaration
+    for (const impl of unmatchedImpls) {
+        violations.push({
+            kind: 'spec-undeclared',
+            detail: `${impl.routeKey} exists in implementation but is not declared in .kern spec — undocumented endpoint`,
+            suggestion: `Add to .kern: route ${impl.method.toUpperCase()} ${impl.path}`,
+            tsFile: impl.filePath,
+            tsLine: impl.startLine,
+        });
+    }
+    return { violations, matched, unmatchedSpecs, unmatchedImpls };
+}
+// ── Finding conversion ───────────────────────────────────────────────────
+const SEVERITY_MAP = {
+    'spec-auth-missing': 'error',
+    'spec-validate-missing': 'warning',
+    'spec-guard-missing': 'warning',
+    'spec-middleware-missing': 'warning',
+    'spec-error-unhandled': 'info',
+    'spec-unimplemented': 'error',
+    'spec-undeclared': 'info',
+};
+export function specViolationsToFindings(result) {
+    return result.violations.map(v => {
+        const file = v.kernFile || v.tsFile || '';
+        const line = v.kernLine || v.tsLine || 1;
+        const primarySpan = {
+            file,
+            startLine: line,
+            startCol: 1,
+            endLine: line,
+            endCol: 1,
+        };
+        const relatedSpans = [];
+        if (v.kernFile && v.tsFile) {
+            relatedSpans.push({
+                file: v.tsFile,
+                startLine: v.tsLine || 1,
+                startCol: 1,
+                endLine: v.tsLine || 1,
+                endCol: 1,
+            });
+        }
+        return {
+            source: 'kern',
+            ruleId: v.kind,
+            severity: SEVERITY_MAP[v.kind],
+            category: 'bug',
+            message: v.detail,
+            primarySpan,
+            ...(relatedSpans.length > 0 ? { relatedSpans } : {}),
+            suggestion: v.suggestion,
+            fingerprint: createFingerprint(v.kind, line, 1),
+        };
+    });
+}
+// ── File-based entry points ──────────────────────────────────────────────
+export function checkSpecFiles(kernFilePath, tsFilePath) {
+    const kernSource = readFileSync(kernFilePath, 'utf-8');
+    const tsSource = readFileSync(tsFilePath, 'utf-8');
+    return checkSpec(kernSource, kernFilePath, tsSource, tsFilePath);
+}
+//# sourceMappingURL=spec-checker.js.map

package/dist/spec-checker.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"spec-checker.js","sourceRoot":"","sources":["../src/spec-checker.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,EAAE,YAAY,EAAE,MAAM,IAAI,CAAC;AAClC,OAAO,EAAE,KAAK,EAAE,MAAM,gBAAgB,CAAC;AAGvC,OAAO,EAAE,iBAAiB,EAAE,MAAM,YAAY,CAAC;AAiF/C,4EAA4E;AAE5E,MAAM,UAAU,oBAAoB,CAAC,UAAkB,EAAE,QAAgB;IACvE,MAAM,GAAG,GAAG,KAAK,CAAC,UAAU,CAAC,CAAC;IAC9B,MAAM,SAAS,GAAmB,EAAE,CAAC;IACrC,aAAa,CAAC,GAAG,EAAE,SAAS,EAAE,QAAQ,CAAC,CAAC;IACxC,OAAO,SAAS,CAAC;AACnB,CAAC;AAED,SAAS,aAAa,CAAC,IAAY,EAAE,GAAmB,EAAE,QAAgB;IACxE,IAAI,IAAI,CAAC,IAAI,KAAK,OAAO,EAAE,CAAC;QAC1B,MAAM,MAAM,GAAG,MAAM,CAAC,IAAI,CAAC,KAAK,EAAE,MAAM,IAAI,KAAK,CAAC,CAAC,WAAW,EAAE,CAAC;QACjE,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC,KAAK,EAAE,IAAI,IAAI,GAAG,CAAC,CAAC;QAC7C,MAAM,QAAQ,GAAG,GAAG,MAAM,CAAC,WAAW,EAAE,IAAI,IAAI,EAAE,CAAC;QAEnD,MAAM,QAAQ,GAAiB;YAC7B,MAAM;YACN,IAAI;YACJ,QAAQ;YACR,MAAM,EAAE,EAAE;YACV,UAAU,EAAE,EAAE;YACd,MAAM,EAAE,EAAE;YACV,UAAU,EAAE,KAAK;YACjB,IAAI,EAAE,IAAI,CAAC,GAAG,EAAE,IAAI,IAAI,CAAC;YACzB,QAAQ;SACT,CAAC;QAEF,sEAAsE;QACtE,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;YAClB,KAAK,MAAM,KAAK,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;gBAClC,QAAQ,KAAK,CAAC,IAAI,EAAE,CAAC;oBACnB,KAAK,MAAM;wBACT,QAAQ,CAAC,IAAI,GAAG,EAAE,IAAI,EAAE,MAAM,CAAC,KAAK,CAAC,KAAK,EAAE,IAAI,IAAI,UAAU,CAAC,EAAE,CAAC;wBAClE,MAAM;oBACR,KAAK,UAAU;wBACb,QAAQ,CAAC,QAAQ,GAAG,EAAE,MAAM,EAAE,MAAM,CAAC,KAAK,CAAC,KAAK,EAAE,MAAM,IAAI,EAAE,CAAC,EAAE,CAAC;wBAClE,MAAM;oBACR,KAAK,OAAO,CAAC,CAAC,CAAC;wBACb,MAAM,OAAO,GAAG,KAAK,CAAC,KAAK,EAAE,IAAI,CAAC;wBAClC,QAAQ,CAAC,MAAM,CAAC,IAAI,CAAC;4BACnB,IAAI,EAAE,MAAM,CAAC,KAAK,CAAC,KAAK,EAAE,IAAI,IAAI,OAAO,CAAC;4BAC1C,IAAI,EAAE,KAAK,CAAC,KAAK,EAAE,IAAI,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,SAAS;4BAC9D,UAAU,EAAE,OAAO,OAAO,KAAK,QAAQ,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,OAAO,IAAI,KAAK,CAAC,EAAE,EAAE,CAAC;yBAC3F,CAAC,CAAC;wBACH,MAAM;oBACR,CAAC;oBACD,KAAK,YAAY,CAAC,CAAC,CAAC;wBAClB,MAAM,KAAK,GAAa,EAAE,CAAC;wBAC3B,IAAI,KAAK,CAAC,KAAK,EAAE,KAAK,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,KAAK,CAAC,EAAE,CAAC;4BAC3D,KAAK,CAAC,IAAI,CAAC,GAAI,KAAK,CAAC,KAAK,CAAC,KAAkB,CAAC,CAAC;wBACjD,CAAC;6BAAM,IAAI,KAAK,CAAC,KAAK,EAAE,IAAI,EAAE,CAAC;4BAC7B,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC;wBACvC,CAAC;wBACD,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;4BACrB,QAAQ,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,CAAC,CAAC;wBACtC,CAAC;wBACD,MAAM;oBACR,CAAC;oBACD,KAAK,OAAO;wBACV,IAAI,KAAK,CAAC,KAAK,EAAE,MAAM,EAAE,CAAC;4BACxB,QAAQ,CAAC,MAAM,CAAC,IAAI,CAAC;gCACnB,MAAM,EAAE,OAAO,KAAK,CAAC,KAAK,CAAC,MAAM,KAAK,QAAQ;oCAC5C,CAAC,CAAC,KAAK,CAAC,KAAK,CAAC,MAAM;oCACpB,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,MAAM,CAAC,EAAE,EAAE,CAAC;gCAC5C,OAAO,EAAE,KAAK,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,SAAS;6BACxE,CAAC,CAAC;wBACL,CAAC;wBACD,MAAM;oBACR,KAAK,SAAS;wBACZ,QAAQ,CAAC,UAAU,GAAG,IAAI,CAAC;wBAC3B,MAAM;gBACV,CAAC;YACH,CAAC;QACH,CAAC;QAED,GAAG,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;IACrB,CAAC;IAED,oEAAoE;IACpE,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;QAClB,KAAK,MAAM,KAAK,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;YAClC,aAAa,CAAC,KAAK,EAAE,GAAG,EAAE,QAAQ,CAAC,CAAC;QACtC,CAAC;IACH,CAAC;AACH,CAAC;AAED,4EAA4E;AAE5E,MAAM,WAAW,GAAG,6FAA6F,CAAC;AAElH,MAAM,UAAU,iBAAiB,CAAC,QAAgB,EAAE,QAAgB;IAClE,MAAM,MAAM,GAAgB,EAAE,CAAC;IAC/B,MAAM,KAAK,GAAG,QAAQ,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAEnC,IAAI,KAAK,CAAC;IACV,WAAW,CAAC,SAAS,GAAG,CAAC,CAAC;IAC1B,OAAO,CAAC,KAAK,GAAG,WAAW,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;QACrD,MAAM,MAAM,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC;QACtC,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;QACtB,MAAM,QAAQ,GAAG,GAAG,MAAM,CAAC,WAAW,EAAE,IAAI,IAAI,EAAE,CAAC;QAEnD,mBAAmB;QACnB,MAAM,WAAW,GAAG,QAAQ,CAAC,KAAK,CAAC,CAAC,EAAE,KAAK,CAAC,KAAK,CAAC,CAAC;QACnD,MAAM,SAAS,GAAG,WAAW,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC;QAEjD,mDAAmD;QACnD,MAAM,SAAS,GAAG,QAAQ,CAAC,KAAK,CAAC,KAAK,CAAC,KAAK,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC;QAChE,MAAM,cAAc,GAAG,qBAAqB,CAAC,SAAS,CAAC,CAAC;QAExD,uBAAuB;QACvB,MAAM,WAAW,GAAG,kBAAkB,CAAC,SAAS,CAAC,CAAC;QAElD,MAAM,CAAC,IAAI,CAAC;YACV,MAAM;YACN,IAAI;YACJ,QAAQ;YACR,WAAW;YACX,cAAc;YACd,QAAQ;YACR,SAAS;SACV,CAAC,CAAC;IACL,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,SAAS,qBAAqB,CAAC,SAAiB;IAC9C,oEAAoE;IACpE,qEAAqE;IACrE,MAAM,KAAK,GAAa,EAAE,CAAC;IAE3B,mDAAmD;IACnD,MAAM,WAAW,GAAG,SAAS,CAAC,KAAK,CAAC,uCAAuC,CAAC,CAAC;IAC7E,IAAI,CAAC,WAAW;QAAE,OAAO,KAAK,CAAC;IAE/B,MAAM,QAAQ,GAAG,WAAW,CAAC,CAAC,CAAC,CAAC;IAChC,MAAM,KAAK,GAAG,QAAQ,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;IACrE,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,IAAI,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YACvB,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACnB,CAAC;IACH,CAAC;IAED,OAAO,KAAK,CAAC;AACf,CAAC;AAED,SAAS,kBAAkB,CAAC,SAAiB;IAC3C,oFAAoF;IACpF,MAAM,YAAY,GAAG,SAAS,CAAC,MAAM,CAAC,uCAAuC,CAAC,CAAC;IAC/E,IAAI,YAAY,GAAG,CAAC;QAAE,OAAO,EAAE,CAAC;IAEhC,MAAM,UAAU,GAAG,SAAS,CAAC,OAAO,CAAC,GAAG,EAAE,YAAY,CAAC,CAAC;IACxD,IAAI,UAAU,GAAG,CAAC;QAAE,OAAO,EAAE,CAAC;IAE9B,IAAI,KAAK,GAAG,CAAC,CAAC;IACd,IAAI,CAAC,GAAG,UAAU,GAAG,CAAC,CAAC;IACvB,IAAI,QAAQ,GAAkB,IAAI,CAAC;IAEnC,OAAO,CAAC,GAAG,SAAS,CAAC,MAAM,IAAI,KAAK,GAAG,CAAC,EAAE,CAAC;QACzC,MAAM,EAAE,GAAG,SAAS,CAAC,CAAC,CAAC,CAAC;QAExB,IAAI,QAAQ,EAAE,CAAC;YACb,IAAI,EAAE,KAAK,QAAQ,IAAI,SAAS,CAAC,CAAC,GAAG,CAAC,CAAC,KAAK,IAAI;gBAAE,QAAQ,GAAG,IAAI,CAAC;iBAC7D,IAAI,EAAE,KAAK,IAAI,IAAI,QAAQ,KAAK,GAAG;gBAAE,QAAQ,GAAG,IAAI,CAAC,CAAC,wCAAwC;QACrG,CAAC;aAAM,CAAC;YACN,IAAI,EAAE,KAAK,GAAG,IAAI,EAAE,KAAK,GAAG,IAAI,EAAE,KAAK,GAAG;gBAAE,QAAQ,GAAG,EAAE,CAAC;iBACrD,IAAI,EAAE,KAAK,GAAG;gBAAE,KAAK,EAAE,CAAC;iBACxB,IAAI,EAAE,KAAK,GAAG;gBAAE,KAAK,EAAE,CAAC;QAC/B,CAAC;QACD,CAAC,EAAE,CAAC;IACN,CAAC;IAED,OAAO,SAAS,CAAC,KAAK,CAAC,UAAU,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;AACvD,CAAC;AAED,4EAA4E;AAE5E,SAAS,UAAU,CAAC,CAAS,EAAE,CAAS;IACtC,MAAM,EAAE,GAAG,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;IACxC,MAAM,EAAE,GAAG,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;IACxC,IAAI,EAAE,CAAC,MAAM,KAAK,EAAE,CAAC,MAAM;QAAE,OAAO,KAAK,CAAC;IAC1C,OAAO,EAAE,CAAC,KAAK,CAAC,CAAC,GAAG,EAAE,CAAC,EAAE,EAAE;QACzB,MAAM,QAAQ,GAAG,GAAG,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC;QACrC,MAAM,QAAQ,GAAG,EAAE,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC;QACvC,IAAI,QAAQ,IAAI,QAAQ;YAAE,OAAO,IAAI,CAAC;QACtC,IAAI,QAAQ,IAAI,QAAQ;YAAE,OAAO,KAAK,CAAC;QACvC,OAAO,GAAG,KAAK,EAAE,CAAC,CAAC,CAAC,CAAC;IACvB,CAAC,CAAC,CAAC;AACL,CAAC;AAED,MAAM,UAAU,WAAW,CACzB,KAAqB,EACrB,KAAkB;IAElB,MAAM,OAAO,GAAmD,EAAE,CAAC;IACnE,MAAM,SAAS,GAAG,IAAI,GAAG,EAAU,CAAC;IAEpC,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,iCAAiC;QACjC,IAAI,OAAO,GAAG,KAAK,CAAC,SAAS,CAAC,CAAC,IAAI,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC,QAAQ,KAAK,IAAI,CAAC,QAAQ,CAAC,CAAC;QAEjG,sDAAsD;QACtD,IAAI,OAAO,GAAG,CAAC,EAAE,CAAC;YAChB,OAAO,GAAG,KAAK,CAAC,SAAS,CAAC,CAAC,IAAI,EAAE,CAAC,EAAE,EAAE,CACpC,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC;gBACjB,IAAI,CAAC,MAAM,KAAK,IAAI,CAAC,MAAM;gBAC3B,UAAU,CAAC,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,IAAI,CAAC,CACjC,CAAC;QACJ,CAAC;QAED,IAAI,OAAO,IAAI,CAAC,EAAE,CAAC;YACjB,OAAO,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC;YAC7C,SAAS,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;QACzB,CAAC;IACH,CAAC;IAED,MAAM,cAAc,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,CAAC,CAAC,CAAC;IAC3E,MAAM,cAAc,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;IAEjE,OAAO,EAAE,OAAO,EAAE,cAAc,EAAE,cAAc,EAAE,CAAC;AACrD,CAAC;AAED,4EAA4E;AAE5E,MAAM,eAAe,GAAG,yIAAyI,CAAC;AAClK,MAAM,SAAS,GAAG,yFAAyF,CAAC;AAC5G,MAAM,eAAe,GAAG,gDAAgD,CAAC;AACzE,MAAM,iBAAiB,GAAG,oBAAoB,CAAC;AAE/C,SAAS,SAAS,CAAC,IAAkB,EAAE,IAAe;IACpD,IAAI,CAAC,IAAI,CAAC,IAAI;QAAE,OAAO,IAAI,CAAC;IAE5B,MAAM,iBAAiB,GAAG,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,eAAe,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC;IACjF,MAAM,aAAa,GAAG,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;IAEvD,IAAI,CAAC,iBAAiB,IAAI,CAAC,aAAa,EAAE,CAAC;QACzC,OAAO;YACL,IAAI,EAAE,mBAAmB;YACzB,MAAM,EAAE,wBAAwB,IAAI,CAAC,IAAI,CAAC,IAAI,QAAQ,IAAI,CAAC,QAAQ,0DAA0D;YAC7H,UAAU,EAAE,uEAAuE;YACnF,QAAQ,EAAE,IAAI,CAAC,QAAQ;YACvB,QAAQ,EAAE,IAAI,CAAC,IAAI;YACnB,MAAM,EAAE,IAAI,CAAC,QAAQ;YACrB,MAAM,EAAE,IAAI,CAAC,SAAS;SACvB,CAAC;IACJ,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,SAAS,aAAa,CAAC,IAAkB,EAAE,IAAe;IACxD,IAAI,CAAC,IAAI,CAAC,QAAQ;QAAE,OAAO,IAAI,CAAC;IAEhC,MAAM,aAAa,GAAG,eAAe,CAAC,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;IAC7D,MAAM,YAAY,GAAG,IAAI,CAAC,WAAW,CAAC,QAAQ,CAAC,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;IAErE,IAAI,CAAC,aAAa,EAAE,CAAC;QACnB,OAAO;YACL,IAAI,EAAE,uBAAuB;YAC7B,MAAM,EAAE,4BAA4B,IAAI,CAAC,QAAQ,CAAC,MAAM,QAAQ,IAAI,CAAC,QAAQ,gDAAgD;YAC7H,UAAU,EAAE,OAAO,IAAI,CAAC,QAAQ,CAAC,MAAM,oDAAoD;YAC3F,QAAQ,EAAE,IAAI,CAAC,QAAQ;YACvB,QAAQ,EAAE,IAAI,CAAC,IAAI;YACnB,MAAM,EAAE,IAAI,CAAC,QAAQ;YACrB,MAAM,EAAE,IAAI,CAAC,SAAS;SACvB,CAAC;IACJ,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,SAAS,WAAW,CAAC,IAAkB,EAAE,IAAe;IACtD,MAAM,UAAU,GAAoB,EAAE,CAAC;IAEvC,KAAK,MAAM,KAAK,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC;QAChC,MAAM,cAAc,GAAG,iBAAiB,CAAC,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;QAChE,MAAM,SAAS,GAAG,IAAI,MAAM,CAAC,uBAAuB,KAAK,CAAC,UAAU,SAAS,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC;YACnG,IAAI,MAAM,CAAC,wBAAwB,KAAK,CAAC,UAAU,SAAS,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;QAEvF,IAAI,CAAC,cAAc,IAAI,CAAC,SAAS,EAAE,CAAC;YAClC,UAAU,CAAC,IAAI,CAAC;gBACd,IAAI,EAAE,oBAAoB;gBAC1B,MAAM,EAAE,yBAAyB,KAAK,CAAC,IAAI,SAAS,KAAK,CAAC,UAAU,QAAQ,IAAI,CAAC,QAAQ,QAAQ,CAAC,cAAc,CAAC,CAAC,CAAC,sBAAsB,CAAC,CAAC,CAAC,MAAM,KAAK,CAAC,UAAU,WAAW,QAAQ;gBACrL,UAAU,EAAE,aAAa,KAAK,CAAC,IAAI,uBAAuB,KAAK,CAAC,UAAU,0BAA0B;gBACpG,QAAQ,EAAE,IAAI,CAAC,QAAQ;gBACvB,QAAQ,EAAE,IAAI,CAAC,IAAI;gBACnB,MAAM,EAAE,IAAI,CAAC,QAAQ;gBACrB,MAAM,EAAE,IAAI,CAAC,SAAS;aACvB,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,OAAO,UAAU,CAAC;AACpB,CAAC;AAED,SAAS,eAAe,CAAC,IAAkB,EAAE,IAAe;IAC1D,MAAM,UAAU,GAAoB,EAAE,CAAC;IACvC,MAAM,cAAc,GAAG,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,WAAW,EAAE,CAAC;IACnE,MAAM,SAAS,GAAG,IAAI,CAAC,WAAW,CAAC,WAAW,EAAE,CAAC;IAEjD,KAAK,MAAM,EAAE,IAAI,IAAI,CAAC,UAAU,EAAE,CAAC;QACjC,KAAK,MAAM,IAAI,IAAI,EAAE,CAAC,KAAK,EAAE,CAAC;YAC5B,MAAM,SAAS,GAAG,IAAI,CAAC,WAAW,EAAE,CAAC;YACrC,IAAI,CAAC,cAAc,CAAC,QAAQ,CAAC,SAAS,CAAC,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,SAAS,CAAC,EAAE,CAAC;gBAC1E,UAAU,CAAC,IAAI,CAAC;oBACd,IAAI,EAAE,yBAAyB;oBAC/B,MAAM,EAAE,8BAA8B,IAAI,QAAQ,IAAI,CAAC,QAAQ,SAAS,IAAI,8CAA8C;oBAC1H,UAAU,EAAE,OAAO,IAAI,oCAAoC,IAAI,CAAC,MAAM,KAAK,IAAI,CAAC,IAAI,MAAM,IAAI,YAAY;oBAC1G,QAAQ,EAAE,IAAI,CAAC,QAAQ;oBACvB,QAAQ,EAAE,IAAI,CAAC,IAAI;oBACnB,MAAM,EAAE,IAAI,CAAC,QAAQ;oBACrB,MAAM,EAAE,IAAI,CAAC,SAAS;iBACvB,CAAC,CAAC;YACL,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,UAAU,CAAC;AACpB,CAAC;AAED,SAAS,WAAW,CAAC,IAAkB,EAAE,IAAe;IACtD,MAAM,UAAU,GAAoB,EAAE,CAAC;IAEvC,KAAK,MAAM,GAAG,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC;QAC9B,0CAA0C;QAC1C,IAAI,GAAG,CAAC,MAAM,KAAK,GAAG,IAAI,4BAA4B,CAAC,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC;YAAE,SAAS;QAExF,MAAM,SAAS,GAAG,IAAI,MAAM,CAAC,uBAAuB,GAAG,CAAC,MAAM,SAAS,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC;YAC7F,IAAI,MAAM,CAAC,wBAAwB,GAAG,CAAC,MAAM,SAAS,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;QAEjF,IAAI,CAAC,SAAS,EAAE,CAAC;YACf,UAAU,CAAC,IAAI,CAAC;gBACd,IAAI,EAAE,sBAAsB;gBAC5B,MAAM,EAAE,yBAAyB,GAAG,CAAC,MAAM,GAAG,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,KAAK,GAAG,CAAC,OAAO,GAAG,CAAC,CAAC,CAAC,EAAE,QAAQ,IAAI,CAAC,QAAQ,eAAe,GAAG,CAAC,MAAM,gBAAgB;gBAClJ,UAAU,EAAE,kDAAkD,GAAG,CAAC,MAAM,oBAAoB,GAAG,CAAC,OAAO,IAAI,OAAO,MAAM;gBACxH,QAAQ,EAAE,IAAI,CAAC,QAAQ;gBACvB,QAAQ,EAAE,IAAI,CAAC,IAAI;gBACnB,MAAM,EAAE,IAAI,CAAC,QAAQ;gBACrB,MAAM,EAAE,IAAI,CAAC,SAAS;aACvB,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,OAAO,UAAU,CAAC;AACpB,CAAC;AAED,MAAM,UAAU,mBAAmB,CAAC,IAAkB,EAAE,IAAe;IACrE,OAAO;QACL,SAAS,CAAC,IAAI,EAAE,IAAI,CAAC;QACrB,aAAa,CAAC,IAAI,EAAE,IAAI,CAAC;QACzB,GAAG,WAAW,CAAC,IAAI,EAAE,IAAI,CAAC;QAC1B,GAAG,eAAe,CAAC,IAAI,EAAE,IAAI,CAAC;QAC9B,GAAG,WAAW,CAAC,IAAI,EAAE,IAAI,CAAC;KAC3B,CAAC,MAAM,CAAC,CAAC,CAAC,EAAsB,EAAE,CAAC,CAAC,KAAK,IAAI,CAAC,CAAC;AAClD,CAAC;AAED,4EAA4E;AAE5E,MAAM,UAAU,SAAS,CAAC,UAAkB,EAAE,QAAgB,EAAE,QAAgB,EAAE,MAAc;IAC9F,MAAM,KAAK,GAAG,oBAAoB,CAAC,UAAU,EAAE,QAAQ,CAAC,CAAC;IACzD,MAAM,KAAK,GAAG,iBAAiB,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;IAClD,MAAM,EAAE,OAAO,EAAE,cAAc,EAAE,cAAc,EAAE,GAAG,WAAW,CAAC,KAAK,EAAE,KAAK,CAAC,CAAC;IAE9E,MAAM,UAAU,GAAoB,EAAE,CAAC;IAEvC,2BAA2B;IAC3B,KAAK,MAAM,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,OAAO,EAAE,CAAC;QACrC,UAAU,CAAC,IAAI,CAAC,GAAG,mBAAmB,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC,CAAC;IACtD,CAAC;IAED,yCAAyC;IACzC,KAAK,MAAM,IAAI,IAAI,cAAc,EAAE,CAAC;QAClC,UAAU,CAAC,IAAI,CAAC;YACd,IAAI,EAAE,oBAAoB;YAC1B,MAAM,EAAE,GAAG,IAAI,CAAC,QAAQ,0EAA0E;YAClG,UAAU,EAAE,iBAAiB,IAAI,CAAC,MAAM,CAAC,WAAW,EAAE,IAAI,IAAI,CAAC,IAAI,gBAAgB;YACnF,QAAQ,EAAE,IAAI,CAAC,QAAQ;YACvB,QAAQ,EAAE,IAAI,CAAC,IAAI;SACpB,CAAC,CAAC;IACL,CAAC;IAED,0CAA0C;IAC1C,KAAK,MAAM,IAAI,IAAI,cAAc,EAAE,CAAC;QAClC,UAAU,CAAC,IAAI,CAAC;YACd,IAAI,EAAE,iBAAiB;YACvB,MAAM,EAAE,GAAG,IAAI,CAAC,QAAQ,qFAAqF;YAC7G,UAAU,EAAE,uBAAuB,IAAI,CAAC,MAAM,CAAC,WAAW,EAAE,IAAI,IAAI,CAAC,IAAI,EAAE;YAC3E,MAAM,EAAE,IAAI,CAAC,QAAQ;YACrB,MAAM,EAAE,IAAI,CAAC,SAAS;SACvB,CAAC,CAAC;IACL,CAAC;IAED,OAAO,EAAE,UAAU,EAAE,OAAO,EAAE,cAAc,EAAE,cAAc,EAAE,CAAC;AACjE,CAAC;AAED,4EAA4E;AAE5E,MAAM,YAAY,GAAwD;IACxE,mBAAmB,EAAE,OAAO;IAC5B,uBAAuB,EAAE,SAAS;IAClC,oBAAoB,EAAE,SAAS;IAC/B,yBAAyB,EAAE,SAAS;IACpC,sBAAsB,EAAE,MAAM;IAC9B,oBAAoB,EAAE,OAAO;IAC7B,iBAAiB,EAAE,MAAM;CAC1B,CAAC;AAEF,MAAM,UAAU,wBAAwB,CAAC,MAAuB;IAC9D,OAAO,MAAM,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE;QAC/B,MAAM,IAAI,GAAG,CAAC,CAAC,QAAQ,IAAI,CAAC,CAAC,MAAM,IAAI,EAAE,CAAC;QAC1C,MAAM,IAAI,GAAG,CAAC,CAAC,QAAQ,IAAI,CAAC,CAAC,MAAM,IAAI,CAAC,CAAC;QAEzC,MAAM,WAAW,GAAe;YAC9B,IAAI;YACJ,SAAS,EAAE,IAAI;YACf,QAAQ,EAAE,CAAC;YACX,OAAO,EAAE,IAAI;YACb,MAAM,EAAE,CAAC;SACV,CAAC;QAEF,MAAM,YAAY,GAAiB,EAAE,CAAC;QACtC,IAAI,CAAC,CAAC,QAAQ,IAAI,CAAC,CAAC,MAAM,EAAE,CAAC;YAC3B,YAAY,CAAC,IAAI,CAAC;gBAChB,IAAI,EAAE,CAAC,CAAC,MAAM;gBACd,SAAS,EAAE,CAAC,CAAC,MAAM,IAAI,CAAC;gBACxB,QAAQ,EAAE,CAAC;gBACX,OAAO,EAAE,CAAC,CAAC,MAAM,IAAI,CAAC;gBACtB,MAAM,EAAE,CAAC;aACV,CAAC,CAAC;QACL,CAAC;QAED,OAAO;YACL,MAAM,EAAE,MAAe;YACvB,MAAM,EAAE,CAAC,CAAC,IAAI;YACd,QAAQ,EAAE,YAAY,CAAC,CAAC,CAAC,IAAI,CAAC;YAC9B,QAAQ,EAAE,KAAc;YACxB,OAAO,EAAE,CAAC,CAAC,MAAM;YACjB,WAAW;YACX,GAAG,CAAC,YAAY,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,YAAY,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YACpD,UAAU,EAAE,CAAC,CAAC,UAAU;YACxB,WAAW,EAAE,iBAAiB,CAAC,CAAC,CAAC,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC;SAChD,CAAC;IACJ,CAAC,CAAC,CAAC;AACL,CAAC;AAED,4EAA4E;AAE5E,MAAM,UAAU,cAAc,CAAC,YAAoB,EAAE,UAAkB;IACrE,MAAM,UAAU,GAAG,YAAY,CAAC,YAAY,EAAE,OAAO,CAAC,CAAC;IACvD,MAAM,QAAQ,GAAG,YAAY,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC;IACnD,OAAO,SAAS,CAAC,UAAU,EAAE,YAAY,EAAE,QAAQ,EAAE,UAAU,CAAC,CAAC;AACnE,CAAC"}

package/dist/suppression/apply-suppression.d.ts ADDED Viewed

@@ -0,0 +1,17 @@
+/**
+ * Apply suppression directives to findings.
+ * Runs after sortAndDedup(), before checkEnforcement().
+ */
+import type { ReviewFinding } from '../types.js';
+import type { SuppressionResult, StrictMode } from './types.js';
+import type { ReviewConfig } from '../types.js';
+/**
+ * Apply all suppression directives to a set of findings.
+ *
+ * @param findings - Deduplicated, sorted findings from the pipeline
+ * @param source - Source text of the file (for parsing inline directives)
+ * @param filePath - File path
+ * @param config - ReviewConfig (for disabledRules)
+ * @param strict - CI strict mode: false = respect all, 'inline' = ignore inline, 'all' = ignore everything
+ */
+export declare function applySuppression(findings: ReviewFinding[], source: string, filePath: string, config?: ReviewConfig, strict?: StrictMode): SuppressionResult;

package/dist/suppression/apply-suppression.js ADDED Viewed

@@ -0,0 +1,94 @@
+/**
+ * Apply suppression directives to findings.
+ * Runs after sortAndDedup(), before checkEnforcement().
+ */
+import { parseDirectives, configDirectives } from './parse-directives.js';
+function isSuppressed(finding, directive) {
+    // Rule ID must match
+    if (!directive.ruleIds.includes(finding.ruleId))
+        return false;
+    // Config-level directives (file='*') apply to all files
+    if (directive.file === '*')
+        return true;
+    // File must match
+    if (directive.file !== finding.primarySpan.file)
+        return false;
+    // File-level: suppress all matching rules in file
+    if (directive.type === 'file')
+        return true;
+    // Line-level: finding must be on the directive's target line
+    return finding.primarySpan.startLine === directive.line;
+}
+/**
+ * Apply all suppression directives to a set of findings.
+ *
+ * @param findings - Deduplicated, sorted findings from the pipeline
+ * @param source - Source text of the file (for parsing inline directives)
+ * @param filePath - File path
+ * @param config - ReviewConfig (for disabledRules)
+ * @param strict - CI strict mode: false = respect all, 'inline' = ignore inline, 'all' = ignore everything
+ */
+export function applySuppression(findings, source, filePath, config, strict = false) {
+    // Parse inline directives from source
+    const { directives: inlineDirectives, warnings } = parseDirectives(source, filePath);
+    // Build config-level directives
+    const cfgDirectives = configDirectives(config?.disabledRules ?? []);
+    // Determine which directives are active based on strict mode
+    let activeDirectives;
+    if (strict === 'all') {
+        activeDirectives = [];
+    }
+    else if (strict === 'inline') {
+        // Only config-level directives are active
+        activeDirectives = cfgDirectives;
+    }
+    else {
+        activeDirectives = [...inlineDirectives, ...cfgDirectives];
+    }
+    const allDirectives = [...inlineDirectives, ...cfgDirectives];
+    // Track which directives matched at least one finding
+    const matchedDirectives = new Set();
+    const passed = [];
+    const suppressed = [];
+    for (const finding of findings) {
+        const matchingDirective = activeDirectives.find(d => isSuppressed(finding, d));
+        if (matchingDirective) {
+            matchedDirectives.add(matchingDirective);
+            suppressed.push(finding);
+        }
+        else {
+            passed.push(finding);
+        }
+    }
+    // Find unused inline directives (config-level ones are intentionally exempt)
+    const unusedDirectives = inlineDirectives.filter(d => !matchedDirectives.has(d));
+    // Add warnings from parsing + unused directive warnings
+    const allWarnings = [...warnings];
+    // Only report unused directives when not in strict mode (in strict, inline directives are intentionally ignored)
+    if (!strict) {
+        for (const d of unusedDirectives) {
+            allWarnings.push({
+                source: 'kern',
+                ruleId: 'kern-ignore-unused',
+                severity: 'warning',
+                category: 'style',
+                message: `Unused kern-ignore for '${d.ruleIds.join(', ')}' — no matching findings`,
+                primarySpan: {
+                    file: d.file,
+                    startLine: d.commentLine ?? 1,
+                    startCol: 1,
+                    endLine: d.commentLine ?? 1,
+                    endCol: 1,
+                },
+                fingerprint: `unused-${d.commentLine}-${d.ruleIds.join(',')}`,
+            });
+        }
+    }
+    return {
+        findings: [...passed, ...allWarnings],
+        suppressed,
+        directives: allDirectives,
+        unusedDirectives,
+    };
+}
+//# sourceMappingURL=apply-suppression.js.map

package/dist/suppression/apply-suppression.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"apply-suppression.js","sourceRoot":"","sources":["../../src/suppression/apply-suppression.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAIH,OAAO,EAAE,eAAe,EAAE,gBAAgB,EAAE,MAAM,uBAAuB,CAAC;AAG1E,SAAS,YAAY,CAAC,OAAsB,EAAE,SAA+B;IAC3E,qBAAqB;IACrB,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAC,MAAM,CAAC;QAAE,OAAO,KAAK,CAAC;IAE9D,wDAAwD;IACxD,IAAI,SAAS,CAAC,IAAI,KAAK,GAAG;QAAE,OAAO,IAAI,CAAC;IAExC,kBAAkB;IAClB,IAAI,SAAS,CAAC,IAAI,KAAK,OAAO,CAAC,WAAW,CAAC,IAAI;QAAE,OAAO,KAAK,CAAC;IAE9D,kDAAkD;IAClD,IAAI,SAAS,CAAC,IAAI,KAAK,MAAM;QAAE,OAAO,IAAI,CAAC;IAE3C,6DAA6D;IAC7D,OAAO,OAAO,CAAC,WAAW,CAAC,SAAS,KAAK,SAAS,CAAC,IAAI,CAAC;AAC1D,CAAC;AAED;;;;;;;;GAQG;AACH,MAAM,UAAU,gBAAgB,CAC9B,QAAyB,EACzB,MAAc,EACd,QAAgB,EAChB,MAAqB,EACrB,SAAqB,KAAK;IAE1B,sCAAsC;IACtC,MAAM,EAAE,UAAU,EAAE,gBAAgB,EAAE,QAAQ,EAAE,GAAG,eAAe,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;IAErF,gCAAgC;IAChC,MAAM,aAAa,GAAG,gBAAgB,CAAC,MAAM,EAAE,aAAa,IAAI,EAAE,CAAC,CAAC;IAEpE,6DAA6D;IAC7D,IAAI,gBAAwC,CAAC;IAC7C,IAAI,MAAM,KAAK,KAAK,EAAE,CAAC;QACrB,gBAAgB,GAAG,EAAE,CAAC;IACxB,CAAC;SAAM,IAAI,MAAM,KAAK,QAAQ,EAAE,CAAC;QAC/B,0CAA0C;QAC1C,gBAAgB,GAAG,aAAa,CAAC;IACnC,CAAC;SAAM,CAAC;QACN,gBAAgB,GAAG,CAAC,GAAG,gBAAgB,EAAE,GAAG,aAAa,CAAC,CAAC;IAC7D,CAAC;IAED,MAAM,aAAa,GAAG,CAAC,GAAG,gBAAgB,EAAE,GAAG,aAAa,CAAC,CAAC;IAE9D,sDAAsD;IACtD,MAAM,iBAAiB,GAAG,IAAI,GAAG,EAAwB,CAAC;IAE1D,MAAM,MAAM,GAAoB,EAAE,CAAC;IACnC,MAAM,UAAU,GAAoB,EAAE,CAAC;IAEvC,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;QAC/B,MAAM,iBAAiB,GAAG,gBAAgB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,YAAY,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC,CAAC;QAC/E,IAAI,iBAAiB,EAAE,CAAC;YACtB,iBAAiB,CAAC,GAAG,CAAC,iBAAiB,CAAC,CAAC;YACzC,UAAU,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QAC3B,CAAC;aAAM,CAAC;YACN,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QACvB,CAAC;IACH,CAAC;IAED,6EAA6E;IAC7E,MAAM,gBAAgB,GAAG,gBAAgB,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,iBAAiB,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;IAEjF,wDAAwD;IACxD,MAAM,WAAW,GAAG,CAAC,GAAG,QAAQ,CAAC,CAAC;IAClC,iHAAiH;IACjH,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,KAAK,MAAM,CAAC,IAAI,gBAAgB,EAAE,CAAC;YACjC,WAAW,CAAC,IAAI,CAAC;gBACf,MAAM,EAAE,MAAM;gBACd,MAAM,EAAE,oBAAoB;gBAC5B,QAAQ,EAAE,SAAS;gBACnB,QAAQ,EAAE,OAAO;gBACjB,OAAO,EAAE,2BAA2B,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,0BAA0B;gBAClF,WAAW,EAAE;oBACX,IAAI,EAAE,CAAC,CAAC,IAAI;oBACZ,SAAS,EAAE,CAAC,CAAC,WAAW,IAAI,CAAC;oBAC7B,QAAQ,EAAE,CAAC;oBACX,OAAO,EAAE,CAAC,CAAC,WAAW,IAAI,CAAC;oBAC3B,MAAM,EAAE,CAAC;iBACV;gBACD,WAAW,EAAE,UAAU,CAAC,CAAC,WAAW,IAAI,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE;aAC9D,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,OAAO;QACL,QAAQ,EAAE,CAAC,GAAG,MAAM,EAAE,GAAG,WAAW,CAAC;QACrC,UAAU;QACV,UAAU,EAAE,aAAa;QACzB,gBAAgB;KACjB,CAAC;AACJ,CAAC"}

package/dist/suppression/index.d.ts ADDED Viewed

@@ -0,0 +1,6 @@
+/**
+ * Suppression module — inline comments + config-level rule suppression.
+ */
+export type { SuppressionDirective, SuppressionResult, StrictMode } from './types.js';
+export { parseDirectives, configDirectives, isConceptRule } from './parse-directives.js';
+export { applySuppression } from './apply-suppression.js';

package/dist/suppression/index.js ADDED Viewed

@@ -0,0 +1,6 @@
+/**
+ * Suppression module — inline comments + config-level rule suppression.
+ */
+export { parseDirectives, configDirectives, isConceptRule } from './parse-directives.js';
+export { applySuppression } from './apply-suppression.js';
+//# sourceMappingURL=index.js.map

package/dist/suppression/index.js.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/suppression/index.ts"],"names":[],"mappings":"AAAA;;GAEG;AAGH,OAAO,EAAE,eAAe,EAAE,gBAAgB,EAAE,aAAa,EAAE,MAAM,uBAAuB,CAAC;AACzF,OAAO,EAAE,gBAAgB,EAAE,MAAM,wBAAwB,CAAC"}

package/dist/suppression/parse-directives.d.ts ADDED Viewed

@@ -0,0 +1,25 @@
+/**
+ * Parse kern-ignore directives from source text.
+ *
+ * Supported syntax:
+ *   // kern-ignore <rule-id>[, <rule-id>...]       — suppress on same or next non-comment line
+ *   // kern-ignore-file <rule-id>[, <rule-id>...]   — suppress for entire file (first 5 lines)
+ *   # kern-ignore <rule-id>[, <rule-id>...]         — Python variant
+ *   # kern-ignore-file <rule-id>[, <rule-id>...]    — Python variant
+ */
+import type { SuppressionDirective } from './types.js';
+import type { ReviewFinding } from '../types.js';
+export declare function isConceptRule(ruleId: string): boolean;
+/**
+ * Parse all suppression directives from source text.
+ * Returns directives + any warnings (e.g., bare kern-ignore, concept rule on line-level).
+ */
+export declare function parseDirectives(source: string, filePath: string): {
+    directives: SuppressionDirective[];
+    warnings: ReviewFinding[];
+};
+/**
+ * Create config-level suppression directives from disabledRules.
+ * These apply to all files (file field is '*').
+ */
+export declare function configDirectives(disabledRules: string[]): SuppressionDirective[];