@lannguyensi/harness 0.18.0 → 0.20.0

package/CHANGELOG.md

@@ -7,6 +7,53 @@ and this project adheres to [Semantic Versioning](https://semver.org/).
 
 ## [Unreleased]
 
+## [0.20.0] - 2026-05-18
+
+**Headline: two ergonomics gaps closed at the gate surface.** v0.18 introduced per-task understanding-gate marker expiry as opt-in via `--task <id>`; this release auto-resolves the active agent-tasks claim from a PostToolUse-maintained `active-claim` file, so operators with agent-tasks wired never need to type the UUID. The full template's PR-review gates also become tool-agnostic: parallel Bash-surface policies now guard `gh pr merge` / `gh pr create` alongside the agent-tasks MCP variants, with `${BRANCH}` substituting for `${PR_NUMBER}` / `${TASK_ID}` since the extract DSL cannot capture from `tool_input.command`. Two fixes close subtle bypasses: the marker-expiry mechanism now also flips the persisted-report `approvalStatus` from `approved` to `expired` (closing the multi-task silent-bypass that survived v0.18), and branch-protection gates on the target file's repo rather than the cwd's, so writes to memory or cross-repo edits stop falsely refusing when cwd happens to sit on master.
+
+### Added
+
+- **understanding-gate v2: auto-resolve active agent-tasks claim** (harness/494fd1e5, PR #187). v1 (PR #184) shipped task-scoped markers as opt-in via `--task <id>`. v2 closes the ergonomics gap: a new PostToolUse hook (`harness pack hook track-active-claim`) maintains `<generatedDir>/active-claim` from agent-tasks `task_start` / `task_finish` / `task_abandon`. `harness approve understanding` reads the file when `--task` is absent and auto-supplies the id. Operators with agent-tasks wired never need to type the UUID; the file is a one-line cat-able artefact. Without agent-tasks (or when no task is claimed), behaviour falls back to v1: only the session-scoped marker is written. `--task` takes precedence over the file when both are present, with the result payload's new `source: "flag" | "active-claim"` field telling the operator which surface fed the id. New runtime helpers: `writeActiveClaim`, `readActiveClaim`, `clearActiveClaim`, `activeClaimPathFor`, `ACTIVE_CLAIM_FILENAME`. 13 new tests across the hook + approve + apply surfaces. No cross-repo coordination needed: harness owns both the writer (PostToolUse hook) and the reader (approve verb), so agent-tasks-bridge stays untouched.
+
+- **understanding-gate: task-scoped approval markers** (harness/1ee26e77, PR #184). The marker file the gate consults is now keyed by `task-<taskId>` in addition to `<sessionId>` when the operator passes `--task <id>` to `harness approve understanding`. Either marker satisfies the gate, but the task-scoped one is the design-intent target for multi-task sessions: when the task ends, the post-tool-use hook extracts `tool_input.taskId` from the matched MCP boundary tool (e.g. `mcp__agent-tasks__task_finish`) and deletes the specific task marker (in addition to the session marker, as today). Without `--task`, behaviour is unchanged, the session marker is the only one written, fall-through semantics preserve every existing flow. New helpers in the runtime module: `writeTaskApprovalMarker`, `checkAnyTaskApprovalMarker`, `clearTaskApprovalMarker`, `taskApprovalMarkerPathFor`. 8 new tests across approve / pre-tool-use / post-tool-use surfaces. The intent: enable the cross-session continuity case (operator approved task A from session X, agent continues task A in session Y so the approval still holds) without disrupting the legacy per-session contract for solo workflows.
+
+- **Tool-agnostic PR-review gates (Bash-surface parallels)** (harness/7eed0bb2, PR #188). The full template now ships `review-before-merge-bash` and `review-subagent-before-pr-create-bash` alongside the existing agent-tasks MCP variants, so `gh pr merge` / `gh pr create` get the same review-evidence gate. A `PolicyTrigger` can only AND-match one surface (MCP tool-name OR Bash command), so two parallel policies are the minimum-scope answer (V3 from the deferred-2026-05-17 task analysis, picked over a schema-bump V1 that would have introduced a new Array `match` form plus regex-capture from Bash stdout for a single use case). Tag shape switches to `${BRANCH}` on the Bash side because no `PR_NUMBER` / `TASK_ID` is extractable from `tool_input.command` via the JSONPath-only extract DSL. Hybrid operators using both surfaces get both gates active with two tag shapes, which is honest at the ledger layer. New worked example in `docs/writing-custom-policies.md` ("Same gate, two PR-surface variants") plus pointers in `docs/for-humans.md` and `docs/init-interactive.md`.
+
+### Fixed
+
+- **understanding-gate: persisted-report bypass** (harness/1ee26e77 root-cause follow-up, PR #185). Forensics on a multi-task session that didn't re-prompt: PR #172 (v0.18, May 17) shipped marker-expiry on task_finish but only deleted the FILESYSTEM MARKER, not the persisted JSON report at `.understanding-gate/reports/...json`. The pre-tool-use gate falls through to the persisted report when the marker is absent, so the report (still `approvalStatus: "approved"`) silently kept satisfying the gate after task_finish. The marker-expiry mechanism was performing its half of the contract, the report's half was missing. This patch closes the gap: the post-tool-use hook now also flips the matching report's `approvalStatus` from `approved` to `expired` (with an `expiredAt` timestamp), atomic rewrite, operator's report body preserved for audit. Hook command is now wrapped with `UNDERSTANDING_GATE_REPORT_DIR` so it resolves the same reports directory the pre-tool-use blocker uses. 3 new tests on the post-tool-use surface (flips approved → expired, degrades gracefully when no reports exist, idempotent on already-expired). Without this fix, the v1 task-scoped marker work from PR #184 was load-bearing on the marker path only, which the bypass would have continued to defeat.
+
+- **branch-protection: gate on target path, not cwd** (harness/efdbfa0b, PR #183). The branch-protection PreToolUse hook resolved the branch via `resolveGitContext(cwd)`, so any Write / Edit / MultiEdit / NotebookEdit fired from a checkout on master got refused regardless of where the target path actually lived. Two practical cases hit every session: (1) writes to `~/.claude/memory/*.md` (outside any git repo at all) blocked when cwd was on a protected branch elsewhere; (2) cross-repo edits when cwd was on a protected branch in repo A and the target file lived in repo B on a feature branch, same wrong refusal. Fix introduces `extractTargetPath(toolName, toolInput)` for the single-file mutator tools and resolves the branch context from `dirname(targetPath)` instead of cwd. Relative paths resolve against cwd before the dirname walk. Tools without a single resolvable target (Bash, search verbs) fall back to cwd as before. Same-repo writes on a protected branch still block, the substance of the gate is unchanged, only its anchor moved. 6 new tests, 23 total in the file. Subsumes duplicate friction 5427e455.
+
+### Changed
+
+- **preflight-before-push gate message: explain the post-commit re-run requirement** (harness/ec7390c9, PR #186). The error said "a fresh preflight for `${BRANCH}` (within the last 10 minutes)", technically correct but hid the load-bearing detail: a preflight from earlier in the session does not cover a push that landed a new commit since. Result was "I just ran preflight, why is the gate blocking?" and a round-trip to docs. The required clause now splits the two cleanly: state the gate's actual check (time window) and give the operator-side rule (re-run after each commit) as a "what you need to do" hint rather than a "what the gate verifies" claim, since today only the time check is enforced. Same wording mirrored to `templates.ts`, `composer.ts`, the canonical `docs/examples/full-manifest.yaml` example, and its expected-render snapshot used by the parity test. The heavier half (HEAD-match freshness so any preflight whose recorded HEAD matches current HEAD satisfies the gate, removing the per-commit re-preflight churn entirely) is filed as a follow-up at agent-tasks/a0af50cb.
+
+## [0.19.0] - 2026-05-17
+
+**Headline: setup UX gap closed for non-agent-tasks operators.** Through v0.18.x several pieces of the harness experience silently degraded for operators picking Solo (or Team without an agent-tasks account): the new per-task understanding-gate marker expiry never fired because the configured boundary list was agent-tasks MCP names, `harness init --interactive` left the bridge wired but unauthenticated, `harness doctor` flagged the deliberately operator-driven `dogfood-before-release` policy as a missing-producer false positive, and an nvm-drift class of bug went undiagnosed. This release closes those four gaps: profile-aware reset defaults plus a new `expire_on_bash_match` regex list for gh-CLI workflows, a post-install auth probe with login / skip / abort dialog, doctor respect for the policy's own `producers:` array, and a doctor warning that catches when `npm prefix -g`'s bin dir is not on PATH. Doc cleanup made the external-account assumptions of each profile explicit up-front.
+
+### Added
+
+- **understanding-gate: `approval_lifecycle.expire_on_bash_match`** (harness/f54e0ecb). New optional schema field on the `understanding-before-execution` pack config: a string array of regex patterns matched against the `Bash` tool's `tool_input.command`. When a Bash command matches, the per-session approval marker is deleted on PostToolUse, same semantics as the existing `expire_on_tool_match` does for MCP tool names. Enables gh-CLI / pure-Bash workflows to declare task boundaries (e.g. `^gh pr (merge|close)\b`, `^git push origin (master|main)\b`) so the gate's per-task re-prompt works for them too. Profile defaults updated: Solo drops the agent-tasks tool list (dead weight there) and ships only the Bash list with `max_age: 1h`; Team and Full keep the tool list and add the Bash list for hybrid coverage. Patterns are pre-compiled at parse time, invalid regexes dropped with stderr warnings. Round-trip regression tests in `tests/cli/init-full-template-pins.test.ts` parse each template through `yaml.parse + new RegExp + .test()` to pin the escape-pipeline correctness, since the unit-level tests bypass that surface.
+
+- **`harness doctor`: warn when `npm prefix -g`'s bin dir is not on PATH** (harness/4ddd78ed). Surfaces the nvm-drift footgun where `harness init --interactive` runs `npm i -g` against the active Node's prefix but the operator's shell PATH points at a different one, so installed binaries are silently invisible to subsequent doctor probes. Doctor now resolves the bin dir via `npm prefix -g` (the modern replacement for the removed `npm bin -g`) and renders an `Environment` section with the actionable PATH-patch suggestion when the bin dir is not in `process.env.PATH`. The section stays absent on ok and on the unknown branch (npm missing); skipped under `--shallow` so the 100ms timing budget stays intact.
+
+- **`harness init --interactive`: post-install auth probe for the agent-tasks bridge** (harness/3f775180). After a successful `npm i -g @agent-tasks/mcp-bridge`, the wizard runs `agent-tasks-mcp-bridge status` to detect whether a token is configured. Three branches:
+  - **ok**: prints `✓ agent-tasks token validated against the backend.` and continues.
+  - **token present but validation fails** (backend unreachable, expired token, wrong base URL): prints an informational warning naming the bridge's reason and continues. The wizard does not block on this because the recovery is not actionable from inside it.
+  - **no token stored**: opens a three-option dialog: (a) run `agent-tasks-mcp-bridge login` interactively now via stdio pass-through, (b) skip with a reminder, (c) abort the wizard with a pointer to the signup URL and the re-run command. After a successful login the wizard re-probes to confirm.
+
+  Closes the silent footgun where a fresh operator could finish the wizard with `harness doctor` reporting all-green but every `mcp__agent-tasks__*` call returning an auth error.
+
+- **FULL_TEMPLATE `git-preflight` hook pin: `min_version: "0.1.1"` + `version_command: ["preflight", "--version"]`** (agent-preflight/cb5a1770). Same pattern as the existing pins for `agent-tasks-mcp-bridge`, `grounding-mcp`, `memory-router-user-prompt-submit`. Floor at agent-preflight 0.1.1, the release that distinguishes "tool not installed" (e.g. an npm script invoking eslint that is not in devDependencies) from real lint/test/typecheck failures. Stale 0.1.0 installs silently emit false-positive blockers that keep the `preflight-before-*` policies closed forever; with the floor wired, `harness doctor` now warns operators to upgrade.
+
+### Changed
+
+- **`harness doctor`: producer-gap warning now respects the policy's own `producers:` array** (harness/f97e152f). A `block` policy with a `within:` window used to be flagged with `⚠ ... no manifest hook produces it` whenever no automatic SessionStart hook wrote the required tag, even when the policy itself declared a `producers:` entry pointing the agent at the manual recovery (`mcp__agent-grounding__ledger_add`). For `dogfood-before-release` in the Full template that was a false positive: the gate is deliberately operator-driven (an automatic SessionStart producer would defeat its purpose), and the `producers:` array IS the schema-blessed manual recovery path the agent sees in the deny envelope. Doctor now treats a non-empty `producers:` array as a documented producer and suppresses the warning. The warning still fires when both kinds are absent. Visible effect on the Full template: one fewer false-positive warning (dogfood-before-release flips from `⚠` to `✓`); the two preflight policies were already satisfied by the `git-preflight` SessionStart hook and stay green.
+
+- **Profile dependency clarity in README + wizard** (harness/75de11c4). README, `docs/init-interactive.md`, `docs/for-humans.md`, the wizard's profile-choice descriptions, and the Team-profile confirm prompt now state the external-account assumptions of each profile up-front: Solo is standalone, Team requires an agent-tasks account, Full additionally requires `@lannguyensi/agent-preflight` and `gh` on PATH. The wizard also prints a post-init reminder for Team/Full operators naming `agent-tasks-mcp-bridge login` as the auth recovery path and `--template solo` as the fallback for non-agent-tasks workflows.
+
 ## [0.18.0] - 2026-05-17
 
 **Headline: per-task understanding-gate marker expiry.** Through v0.17.x the approval marker had no lifetime: one `harness approve understanding` covered every subsequent Edit / Write / Bash for the whole session. That contract was correct when the gate was about "agent starts a session, picks ONE interpretation, runs", but no longer matches multi-task sessions, where a stale interpretation can silently drive the next task's edits. Live failure mode from the v0.17.4 dogfood: three sequential tasks in one session, marker stayed valid across all three, the third task started implementing the wrong fix surface before the operator caught the misdiagnose. v0.18 expires the marker on configurable task-boundary tools and (optionally) on a TTL safety net, so a fresh task gets a fresh Understanding Report. Backing task: agent-tasks/d8ee60ca.

package/README.md

@@ -11,18 +11,13 @@ applies, audits, and *enforces*.
 > exact context, and why.
 
 A coding agent like Claude Code is configured across half a dozen
-files: `settings.json`, `CLAUDE.md`, memory notes, MCP registrations,
-hook scripts, per-project overrides. No single file answers *"what can
-this agent do right now, and why is it set up that way?"*, so
-configuration drifts between sessions, rules you wrote down in one
-place quietly stop firing, and a broken tool is discovered only by
-tripping over it.
-
-`harness` puts all of that in one YAML file you can read, validate,
-and diff. From that file it generates the config the agent actually
-loads, and at runtime it enforces the rules you declared: it blocks a
-tool call that violates one, and records every decision so you can
-see what fired and why.
+files (`settings.json`, `CLAUDE.md`, memory notes, MCP registrations,
+hook scripts, per-project overrides), and no single file answers
+*"what can this agent do right now, and why is it set up that way?"*.
+`harness` puts all of it in one YAML you read, validate, and diff;
+generates the config the agent loads from it; and at runtime blocks
+tool calls that violate the declared rules while recording every
+decision.
 
 ## See it work
 
@@ -40,12 +35,10 @@ $ harness policy intercept       # Claude Code runs this before each tool call
 {"decision":"block","reason":"review-before-merge: no matching ledger entry for tag `review:42`","hookSpecificOutput":{"hookEventName":"PreToolUse","permissionDecision":"deny","permissionDecisionReason":"review-before-merge: no matching ledger entry for tag `review:42`"}}
 ```
 
-Since v0.17.0 every built-in block-enforcement policy ships a `ux:`
-block (the warn-only `two-reviewers-required` omits it; the agent
-never sees a warn), so the agent actually sees the plain-language
-three-section form instead (see
-[What the agent sees vs what the engine records](#what-the-agent-sees-vs-what-the-engine-records)
-below). The engine-vocabulary text stays in the audit ledger.
+Built-in block-enforcement policies ship a `ux:` block since v0.17.0,
+so the agent sees a plain-language three-section form
+([`docs/for-agents.md`](docs/for-agents.md#agent-facing-block-messages-ux-block));
+the engine-vocabulary text above stays in the audit ledger.
 
 Blocked. `harness explain` says exactly why:
 
@@ -87,54 +80,6 @@ timestamp            policy               outcome  reason
 Declare the rule once; every session is held to it, with a paper
 trail of every decision.
 
-## What the agent sees vs what the engine records
-
-A policy has two readers: the audit ledger (which wants every internal
-detail) and the agent (which only needs to know what is blocked, what
-condition is missing, and which command satisfies it). Declaring a
-policy's `ux:` block splits those readers cleanly.
-
-Engine-internal model (unchanged): session IDs, ledger entries,
-attestations, provenance chains, policy DAGs. All of it still feeds
-`audit`, `explain --trace`, and the evidence-ledger writes that
-`session-export` replays.
-
-Agent-facing model (new, opt-in per policy): `cannot` (what is
-blocked), `required` (the missing precondition, in plain words), and
-`run` (the exact command to satisfy it). When `ux:` is declared, the
-agent sees only this shape, with `${VAR}` references substituted
-against the same context the `ledger_tag` resolved against.
-
-```yaml
-policies:
-  - name: preflight-before-investigation
-    requires: { ledger_tag: "preflight:${REPO}", within: "1h" }
-    enforcement: block
-    ux:
-      cannot: "You cannot investigate this repository yet."
-      required: ["verified repository preflight"]
-      run: ["harness preflight"]
-```
-
-On block, the agent sees:
-
-```
-You cannot investigate this repository yet.
-
-Required:
-- verified repository preflight
-
-Run:
-  harness preflight
-```
-
-Not `no matching ledger entry for tag preflight:harness`. The
-internal failure (tag, hint, matched count) is still written to the
-ledger for `audit` and `explain --trace`. Policies without `ux:` keep
-the legacy deny envelope unchanged, so existing 0.16.x manifests need
-no changes; the canonical form for agents writing new policies lives
-in [`docs/for-agents.md`](docs/for-agents.md#agent-facing-block-messages-ux-block).
-
 ## Concepts in six lines
 
 | Term | What it is |
@@ -163,25 +108,16 @@ flowchart LR
     observe -. refine .-> declare
 ```
 
-One manifest declares grounding, tools, memory, hooks, policies, and
-workflows. `apply` materialises that into the files Claude Code
-actually reads. At runtime, hooks and policies enforce the contract
-and write decision rows to the evidence ledger. The read-side
-surfaces (`audit`, `explain --trace`, `session-export`) replay those
-rows so you can see what fired, why, and across which session.
-Whatever you learn from observing flows back into the manifest. That
-loop is the whole product.
+Observe → refine → declare is the whole loop. The read-side surfaces
+(`audit`, `explain --trace`, `session-export`) replay rows the runtime
+already recorded, so what flows back into the manifest is grounded in
+what actually happened.
 
 ## Pick your audience
 
-- **Operator?** Read [`docs/for-humans.md`](docs/for-humans.md). It
-  walks from `npm i -g @lannguyensi/harness` through your first
-  `apply`, your first real policy, and the diagnostics cheat sheet.
-- **Agent (or onboarding one)?** Read
-  [`docs/for-agents.md`](docs/for-agents.md). It defines the
-  workflow lifecycle, the policy / ledger sequence, the CLI cheat
-  sheet split by side-effect class, and the audit triumvirate
-  (`audit` vs `explain --trace` vs `session-export`).
+- **Operator?** [`docs/for-humans.md`](docs/for-humans.md): install through first `apply`, first real policy, diagnostics cheat sheet.
+- **Agent (or onboarding one)?** [`docs/for-agents.md`](docs/for-agents.md): workflow lifecycle, policy / ledger sequence, CLI cheat sheet by side-effect class, the audit triumvirate.
+- **Writing your own policy?** [`docs/writing-custom-policies.md`](docs/writing-custom-policies.md): three tripwires, four worked recipes (each validated in CI), author loop, field reference.
 
 ## Install
 
@@ -200,11 +136,21 @@ command path, install to wired-in, no prose.
 harness init --interactive
 ```
 
-Guided wizard that detects your environment (existing `~/.claude/` and
-`~/.codex/`, MCP servers already wired in `settings.json`, harness
-binary version), picks a profile (`solo` / `team` / `custom`), and
-writes a starting `harness.yaml`. Ctrl-C at any prompt aborts with no
-partial write. Walkthrough + limitations: `docs/init-interactive.md`.
+Guided wizard. Detects `~/.claude/` and `~/.codex/`, MCP servers
+already wired in `settings.json`, harness binary version. Picks a
+profile (`solo` / `team` / `custom`) and writes a starting
+`harness.yaml`. Ctrl-C aborts cleanly. Walkthrough +
+limitations: [`docs/init-interactive.md`](docs/init-interactive.md).
+
+### Profiles at a glance
+
+| Profile | External accounts / tools required | Best for |
+|---------|------------------------------------|----------|
+| `solo`  | None. `npm` + Claude Code is enough. | Single operators who want the Understanding Gate without committing to a tasking system. |
+| `team`  | An **agent-tasks** account ([hosted](https://agent-tasks.opentriologue.ai) or [self-hosted](https://github.com/LanNguyenSi/agent-tasks)). | Teams that already use `agent-tasks` for PR review tracking. The merge gate (`review:<pr-number>` ledger tag) wires against the agent-tasks MCP. |
+| `full`  | Same as `team` plus `@lannguyensi/agent-preflight` and `gh` on PATH. | Operators who want every reference policy enforced (dogfood gate, preflight gates, review-subagent gate, merge gate). |
+
+**Not using agent-tasks?** Pick `solo`. The `team` and `full` review gates currently match only the agent-tasks MCP tool names, so a `gh pr create` workflow stays unprotected by them today. Tool-agnostic gates that also match `gh pr` are tracked in the backlog.
 
 If you prefer non-interactive (CI, fresh-VM provisioning), pick a
 template directly:
@@ -215,17 +161,14 @@ harness init --template team   # solo + agent-tasks MCP + review-before-merge po
 harness init --template full   # everything from the Appendix A reference manifest
 ```
 
-Debug what the harness sees in your env without writing anything:
+Use `harness init --probe` for a JSON snapshot of detected runtimes
+and MCPs without writing anything.
 
-```bash
-harness init --probe   # JSON snapshot of detected runtimes + MCPs + manifest
-```
-
-## Try it yourself
+## Try it without installing
 
-The demo above shows the runtime path. To see policy matching without
-installing anything or touching the ledger, run `dry-run` against the
-reference manifest:
+`harness dry-run` reports which hooks fire and which policies match
+for a given tool call, against the reference manifest, before any
+ledger I/O:
 
 ```bash
 git clone https://github.com/LanNguyenSi/harness && cd harness
@@ -236,44 +179,23 @@ node dist/cli/main.js dry-run "merge PR 42" \
   --config docs/examples/full-manifest.yaml
 ```
 
-`dry-run` reads the reference manifest, runs the trigger matcher,
-substitutes `${PR_NUMBER}=42` through the JSONPath-restricted extract
-DSL, and tells you exactly which hooks would fire and which policies
-would match, before any ledger I/O.
-
-The reference manifest is a schema-coverage example, not a runnable
-config. `harness validate --config docs/examples/full-manifest.yaml`
-will report errors for install-specific hook script paths it
-references (and warnings for binaries like `git-batch` that only exist
-in a real install). That is expected; the file header spells out the
-contract. Use `harness init --template full` to get a manifest
-tailored to your machine.
-
-Convinced? Install globally and set up your own:
-`npm i -g @lannguyensi/harness && harness init --interactive`.
+`docs/examples/full-manifest.yaml` is a schema-coverage example, not a
+runnable config (the file header spells out the contract). For a
+manifest tailored to your machine, install globally and run
+`harness init --interactive`.
 
 ## Uninstall
 
 `harness uninstall` is the single-command teardown: dry-run by default,
-`--apply` to mutate. It inventories what harness planted under
-`~/.claude/` (manifest, lock, `harness.generated/`, harness-owned hook
-groups and `mcpServers` entries in `settings.json`, any leftover
-`settings.json.pre-harness-<TS>` backups), then removes them after
-writing a reversible backup + JSON snapshot next to `settings.json`.
-
-```bash
-harness uninstall                                      # list, exit 0
-harness uninstall --apply                              # tear down
-harness uninstall --restore-from <pre-harness-backup>  # atomic restore
-npm uninstall -g @lannguyensi/harness                  # drop the CLI itself
-```
+`--apply` to mutate, `--restore-from <backup>` to roll back. Full
+inventory + recommended order in [`docs/uninstall.md`](docs/uninstall.md).
 
 ## Status
 
 harness ships in phases. Phases 1 through 6 are released: read-only
 inventory → managed edits → declarative truth → policy layer → polish
 and dogfood lessons → the Understanding Gate Policy Pack. Phase 7, the
-Risk Gate, is next. The current release is `v0.17.4`.
+Risk Gate, is next. The current release is `v0.20.0`.
 
 The phase-by-phase plan with acceptance criteria lives in
 [`docs/ROADMAP.md`](docs/ROADMAP.md); what shipped in each version is
@@ -281,109 +203,61 @@ in [`CHANGELOG.md`](CHANGELOG.md).
 
 ## Policy Packs
 
-A *Policy Pack* is a reusable bundle of instruction template, hooks,
-policies, and permission profiles that ships under one name and is
-referenced from `harness.yaml` with a single key. The first pack,
-`understanding-before-execution` (shipped in `v0.9.0`), forces agents
-to expose and confirm their task interpretation before any
-write-capable tool fires.
+A *Policy Pack* is a reusable bundle of hooks, policies, instruction
+template, and permission profiles shipped under one name and enabled
+from `harness.yaml` with a single key:
 
 ```yaml
 policy_packs:
   - name: understanding-before-execution
     config:
-      mode: grill_me                       # fast_confirm | grill_me | strict
-      permission_profile: safe-start       # safe-start | implementation-after-approval | high-risk-grill-me
-```
-
-Manage packs with `harness pack add / remove / list`. Apply against
-either runtime:
-
-```sh
-harness apply --runtime claude-code        # default; writes harness.generated/settings.json
-harness apply --runtime codex              # writes harness.generated/codex/config.toml
+      mode: grill_me                  # fast_confirm | grill_me | strict
+      permission_profile: safe-start  # safe-start | implementation-after-approval | high-risk-grill-me
 ```
 
-Approve a session's Understanding Report via
-`harness approve understanding --session <id>` (round-trips both the
-evidence-ledger tag and the persisted JSON report). Verify the
-adapter wiring with `harness doctor --target codex` (`--json` for
-machine-readable). The full reference lives in
-[`docs/policy-packs/understanding-before-execution.md`](docs/policy-packs/understanding-before-execution.md);
-synthetic-stdin dogfood under
-[`dogfood/phase6-6/`](dogfood/phase6-6/run-smoke.sh) exercises the
-block / allow / capture / approve round-trip without a real Codex
-binary.
+Manage packs with `harness pack add / remove / list`. Two packs ship
+today: [`understanding-before-execution`](docs/policy-packs/understanding-before-execution.md)
+(forces an Understanding Report before any write-capable tool fires)
+and [`branch-protection`](docs/policy-packs/branch-protection.md)
+(blocks source mutations on protected branches without an explicit
+override). Custom packs from `path:`, `npm:`, or `git:` sources are
+out of scope for v1 (see the pack docs for the future-vocabulary
+contract).
 
 ## What's next
 
-**Phase 7, Risk Gate.** Today's policy model evaluates a rule per
-matching trigger and returns a binary block/allow. Phase 7 makes
-harness reason about *the action itself*: an Action Envelope (tool +
-raw input + session + runtime context) is enriched by a Context
-Resolver (production / staging / dev / unknown), classified by a Risk
-Classifier (severity + categories + reversibility), then matched
-against policies whose `when:` clauses can reference
-`risk.severity_at_least`, `environment.name`, and similar. The
-decision space extends to `allow / warn / require_approval / deny`.
-Motivating use case: prevent `DROP TABLE users`, `kubectl delete
-namespace prod`, `terraform destroy` against an unverified production
-target, even if the model would have happily run them.
-
-Phase 7 builds on Phase 4's `policy intercept` runtime backbone and
-Phase 6's Policy Pack distribution surface; neither is replaced.
+**Phase 7, Risk Gate.** Today's policy model returns a binary
+block/allow per matching trigger. Phase 7 lets harness reason about
+the action itself (Action Envelope → Context Resolver → Risk
+Classifier) and extends the decision space to `allow / warn /
+require_approval / deny`. Motivating use case: block `DROP TABLE
+users`, `kubectl delete namespace prod`, `terraform destroy` against
+unverified production targets. Full plan in
+[`docs/ROADMAP.md#phase-7--risk-gate`](docs/ROADMAP.md#phase-7--risk-gate).
 
 > Bring your favorite agent harness. Add governance.
 
 ## Why this exists
 
-A working agent harness today has six to eight configuration
-surfaces, each with its own schema and lifecycle: `~/.claude/settings.json`,
-`CLAUDE.md` (per repo + root), `~/.claude/projects/*/memory/*.md`
-with frontmatter, `~/.claude/keybindings.json`, MCP server
-registrations in `~/.claude.json`, skill directories, per-project
-overrides, and external CLIs that behave differently per project.
-
-There is no single place that answers *"what can this agent do right
-now, and why is that configured that way?"*. Drift between sessions
-is invisible until it breaks something. Humans editing one surface
-do not know which other surfaces they need to touch. A fresh agent
-instance has no way to audit its own setup.
-
-Our entry point into this problem: on 2026-04-23, an
-`agent-grounding` checkout that was 16 commits behind origin led two
-tasks to be incorrectly called "stale". The check that would have
-caught it already exists,
+On 2026-04-23, an `agent-grounding` checkout that was 16 commits
+behind origin led two tasks to be incorrectly called "stale". The
+check that would have caught it already existed:
 [`agent-preflight`](https://github.com/LanNguyenSi/agent-preflight)
-runs `git fetch` + `git status` (alongside lint, typecheck, test,
-audit) and emits a structured `ready` + confidence-score result. The
-missing piece was not the check itself, it was the deterministic
-*trigger*: a `SessionStart` hook that invokes `preflight run` and a
-policy that gates further work on the result. Building that wiring
-needs an agreed-upon place for harness config to live first. That
-conversation is the origin of this repo.
+runs `git fetch` + `git status` and emits a structured `ready` +
+confidence-score result. The missing piece was not the check, it was
+the deterministic *trigger*: a `SessionStart` hook that invokes
+`preflight run` and a policy that gates further work on the result.
+Building that wiring needs an agreed-upon place for harness config to
+live first. That conversation is the origin of this repo.
 
 ## Related
 
-- [`agent-grounding`](https://github.com/LanNguyenSi/agent-grounding):
-  grounding primitives (evidence-ledger, claim-gate,
-  review-claim-gate); `grounding-mcp` is the canonical client surface
-  harness queries through `queryLedgerByTag`.
-- [`agent-memory`](https://github.com/LanNguyenSi/agent-memory):
-  memory surfaces the control plane inventories.
-- [`agent-tasks`](https://github.com/LanNguyenSi/agent-tasks): the
-  MCP-registered task platform whose registration + health appear in
-  `harness describe`.
-- [`agent-preflight`](https://github.com/LanNguyenSi/agent-preflight):
-  local preflight validator; the canonical implementation of
-  preflight-hook content harness wires.
-- [`codebase-oracle`](https://github.com/LanNguyenSi/codebase-oracle):
-  an opt-in MCP surface for multi-repo RAG search. Not in the Full
-  default; operators wire it via `harness add mcp codebase-oracle
-  --command codebase-oracle,mcp`.
-- [`agent-dx`](https://github.com/LanNguyenSi/agent-dx): ships
-  `git-batch-cli`, a day-to-day tool whose inventory appears in
-  `harness describe`.
+- [`agent-grounding`](https://github.com/LanNguyenSi/agent-grounding): evidence-ledger, claim-gate, review-claim-gate; `grounding-mcp` is the canonical client surface harness queries through `queryLedgerByTag`.
+- [`agent-memory`](https://github.com/LanNguyenSi/agent-memory): the memory surfaces the control plane inventories.
+- [`agent-tasks`](https://github.com/LanNguyenSi/agent-tasks): MCP-registered task platform whose registration + health appear in `harness describe`.
+- [`agent-preflight`](https://github.com/LanNguyenSi/agent-preflight): local preflight validator; the canonical implementation of preflight-hook content harness wires.
+- [`codebase-oracle`](https://github.com/LanNguyenSi/codebase-oracle): opt-in MCP for multi-repo RAG search; not in Full, wire via `harness add mcp codebase-oracle --command codebase-oracle,mcp`.
+- [`agent-dx`](https://github.com/LanNguyenSi/agent-dx): ships `git-batch-cli`, a day-to-day tool whose inventory appears in `harness describe`.
 
 ## License
 

package/dist/cli/approve/understanding.d.ts

@@ -3,6 +3,22 @@ import { type LoaderOptions } from "../loader.js";
 export interface ApproveUnderstandingOptions extends LoaderOptions {
     /** Explicit session id (overrides $CLAUDE_SESSION_ID). */
     session?: string;
+    /**
+     * Optional agent-tasks task id (harness/1ee26e77). When set, an
+     * additional task-scoped marker file is written at
+     * `<generatedDir>/.approvals/task-<taskId>`, in addition to the
+     * legacy session-scoped marker. Either satisfies the gate; the
+     * task-scoped marker is the design-intent target for multi-task
+     * sessions so the next task can require its own Understanding Report.
+     *
+     * When omitted, `harness approve understanding` falls back to reading
+     * `<generatedDir>/active-claim` (written by the track-active-claim
+     * PostToolUse hook on `task_start`, harness/494fd1e5). If that file
+     * exists, its content is used as the task id. If absent, no task
+     * marker is written — the session marker is the only one (v1
+     * back-compat).
+     */
+    task?: string;
     /** Override the reports directory (test injection). */
     reportsDir?: string;
     /** Override the harness.generated/ directory (test injection). */
@@ -44,6 +60,28 @@ export interface ApproveUnderstandingResult {
         ok: false;
         reason: string;
     };
+    /**
+     * Task-scoped marker write outcome. Present when --task / opts.task
+     * was supplied OR when the active-claim file resolved one
+     * (harness/494fd1e5). Null when no task was resolved through either
+     * surface so a regression cannot silently flip session-only sessions
+     * into task-mode.
+     *
+     * The `source` field tells the operator which surface fed the id so
+     * a wrong claim file can be spotted before it lands in the marker.
+     */
+    taskMarker: {
+        ok: true;
+        taskId: string;
+        filePath: string;
+        approvedAt: string;
+        source: "flag" | "active-claim";
+    } | {
+        ok: false;
+        taskId: string;
+        reason: string;
+        source: "flag" | "active-claim";
+    } | null;
     ledger: {
         ok: boolean;
         tag: string;

package/dist/cli/approve/understanding.js

@@ -17,7 +17,7 @@ import * as fs from "node:fs";
 import * as os from "node:os";
 import * as path from "node:path";
 import { atomicWriteFile } from "../../io/atomic-write.js";
-import { approvedLedgerTagFor, defaultReportsDir, findLatestReportForSession, listPersistedReports, writeApprovalMarker, } from "../../policy-packs/builtin/understanding-before-execution-runtime.js";
+import { approvedLedgerTagFor, defaultReportsDir, findLatestReportForSession, listPersistedReports, readActiveClaim, writeApprovalMarker, writeTaskApprovalMarker, } from "../../policy-packs/builtin/understanding-before-execution-runtime.js";
 import { addLedgerFact } from "../../runtime/ledger-add.js";
 import { clearPendingApproval, readPendingApproval, resolveGeneratedDir, } from "../../runtime/pending-approval.js";
 import { EX_FAIL, HarnessExitError } from "../exit-codes.js";
@@ -237,6 +237,49 @@ export async function approveUnderstanding(opts = {}) {
             reason: `failed to write approval marker: ${err.message}`,
         };
     }
+    // Task-scoped marker (harness/1ee26e77 + v2 auto-resolve in
+    // harness/494fd1e5). Written alongside the session marker when:
+    //   - --task / opts.task was supplied (explicit, source: "flag"), OR
+    //   - the active-claim file resolves to a taskId (source: "active-claim").
+    // A failure here is surfaced loudly but does not abort the approve
+    // flow; the session marker still satisfies the gate as a fallback.
+    let taskMarkerResult = null;
+    let resolvedTaskId = null;
+    let taskSource = "flag";
+    if (typeof opts.task === "string" && opts.task.length > 0) {
+        resolvedTaskId = opts.task;
+        taskSource = "flag";
+    }
+    else {
+        const fromFile = readActiveClaim(generatedDir);
+        if (fromFile !== null) {
+            resolvedTaskId = fromFile;
+            taskSource = "active-claim";
+        }
+    }
+    if (resolvedTaskId !== null) {
+        try {
+            const filePath = writeTaskApprovalMarker(generatedDir, resolvedTaskId, {
+                approvedAt: approvedAtMarker,
+                approvedBy: approvedByMarker,
+            });
+            taskMarkerResult = {
+                ok: true,
+                taskId: resolvedTaskId,
+                filePath,
+                approvedAt: approvedAtMarker,
+                source: taskSource,
+            };
+        }
+        catch (err) {
+            taskMarkerResult = {
+                ok: false,
+                taskId: resolvedTaskId,
+                reason: `failed to write task marker: ${err.message}`,
+                source: taskSource,
+            };
+        }
+    }
     const tag = approvedLedgerTagFor(sessionId);
     const ledgerResult = manifest
         ? await writeLedgerTag(manifest, sessionId, tag, opts)
@@ -306,6 +349,7 @@ export async function approveUnderstanding(opts = {}) {
         sessionId,
         sessionSource,
         marker: markerResult,
+        taskMarker: taskMarkerResult,
         ledger: ledgerResult.ok
             ? { ok: true, tag }
             : { ok: false, tag, reason: ledgerResult.reason },

package/dist/cli/approve/understanding.js.map

@@ -1 +1 @@
-{"version":3,"file":"understanding.js","sourceRoot":"","sources":["../../../src/cli/approve/understanding.ts"],"names":[],"mappings":"AAAA,0EAA0E;AAC1E,EAAE;AACF,4CAA4C;AAC5C,yCAAyC;AACzC,EAAE;AACF,6EAA6E;AAC7E,wEAAwE;AACxE,mDAAmD;AACnD,uEAAuE;AACvE,oEAAoE;AACpE,EAAE;AACF,uEAAuE;AACvE,uEAAuE;AACvE,qEAAqE;AACrE,oEAAoE;AAEpE,OAAO,KAAK,EAAE,MAAM,SAAS,CAAC;AAC9B,OAAO,KAAK,EAAE,MAAM,SAAS,CAAC;AAC9B,OAAO,KAAK,IAAI,MAAM,WAAW,CAAC;AAClC,OAAO,EAAE,eAAe,EAAE,MAAM,0BAA0B,CAAC;AAC3D,OAAO,EACL,oBAAoB,EACpB,iBAAiB,EACjB,0BAA0B,EAC1B,oBAAoB,EACpB,mBAAmB,GACpB,MAAM,sEAAsE,CAAC;AAC9E,OAAO,EAAE,aAAa,EAAE,MAAM,6BAA6B,CAAC;AAC5D,OAAO,EACL,oBAAoB,EACpB,mBAAmB,EACnB,mBAAmB,GACpB,MAAM,mCAAmC,CAAC;AAE3C,OAAO,EAAE,OAAO,EAAE,gBAAgB,EAAE,MAAM,kBAAkB,CAAC;AAC7D,OAAO,EAAE,YAAY,EAAE,YAAY,EAAsB,MAAM,cAAc,CAAC;AAyC9E,MAAM,mBAAmB,GAAG,qBAAqB,CAAC;AAElD,SAAS,gBAAgB,CAAC,QAAkB;IAC1C,OAAO,QAAQ,CAAC,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,eAAe,CAAC,IAAI,IAAI,CAAC;AAC5E,CAAC;AAED,SAAS,cAAc,CAAC,CAAS;IAC/B,IAAI,CAAC,KAAK,GAAG;QAAE,OAAO,OAAO,CAAC,GAAG,CAAC,IAAI,IAAI,EAAE,CAAC,OAAO,EAAE,CAAC;IACvD,IAAI,CAAC,CAAC,UAAU,CAAC,IAAI,CAAC;QAAE,OAAO,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,IAAI,IAAI,EAAE,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;IACvF,OAAO,CAAC,CAAC;AACX,CAAC;AAED,KAAK,UAAU,cAAc,CAC3B,QAAkB,EAClB,SAAiB,EACjB,OAAe,EACf,IAAiC;IAEjC,IAAI,IAAI,CAAC,SAAS;QAAE,OAAO,IAAI,CAAC,SAAS,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC;IAC9D,MAAM,MAAM,GAAG,gBAAgB,CAAC,QAAQ,CAAC,CAAC;IAC1C,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,wCAAwC,EAAE,CAAC;IACzE,CAAC;IACD,MAAM,OAAO,GAAG,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,OAAO,CAAC;QAC3C,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC;QACpC,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC;IAC3D,OAAO,aAAa,CAAC;QACnB,UAAU,EAAE,OAAO;QACnB,GAAG,CAAC,MAAM,CAAC,GAAG,IAAI,EAAE,MAAM,EAAE,MAAM,CAAC,GAAG,EAAE,CAAC;QACzC,SAAS,EAAE,MAAM,CAAC,MAAM,EAAE,UAAU,IAAI,KAAK;QAC7C,SAAS;QACT,OAAO;QACP,MAAM,EAAE,+BAA+B;KACxC,CAAC,CAAC;AACL,CAAC;AAQD;;;;;;;;;;;;;;;;;;GAkBG;AACH,SAAS,oBAAoB,CAAC,GAAW,EAAE,SAAiB;IAC1D,IAAI,KAAe,CAAC;IACpB,IAAI,CAAC;QACH,KAAK,GAAG,EAAE,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC;IAC9B,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;IACD,MAAM,UAAU,GAA4C,EAAE,CAAC;IAC/D,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC;YAAE,SAAS;QACrC,MAAM,IAAI,GAAG,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC;QAClC,IAAI,IAAc,CAAC;QACnB,IAAI,CAAC;YACH,IAAI,GAAG,EAAE,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;QAC3B,CAAC;QAAC,MAAM,CAAC;YACP,SAAS;QACX,CAAC;QACD,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE;YAAE,SAAS;QAC7B,UAAU,CAAC,IAAI,CAAC,EAAE,QAAQ,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,CAAC,OAAO,EAAE,CAAC,CAAC;IAC7D,CAAC;IACD,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,GAAG,CAAC,CAAC,OAAO,CAAC,CAAC;IACjD,KAAK,MAAM,IAAI,IAAI,UAAU,EAAE,CAAC;QAC9B,IAAI,GAAW,CAAC;QAChB,IAAI,CAAC;YACH,GAAG,GAAG,EAAE,CAAC,YAAY,CAAC,IAAI,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;QAC/C,CAAC;QAAC,MAAM,CAAC;YACP,SAAS;QACX,CAAC;QACD,wEAAwE;QACxE,oEAAoE;QACpE,mEAAmE;QACnE,gEAAgE;QAChE,wCAAwC;QACxC,MAAM,MAAM,GAAG,GAAG,CAAC,KAAK,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC,IAAI,GAAG,CAAC;QACpD,IAAI,OAAO,GAAG,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;QACnD,IAAI,eAAe,GAAkB,IAAI,CAAC;QAC1C,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,CAA4B,CAAC;YAC7D,IAAI,OAAO,MAAM,CAAC,WAAW,CAAC,KAAK,QAAQ,EAAE,CAAC;gBAC5C,eAAe,GAAG,MAAM,CAAC,WAAW,CAAW,CAAC;YAClD,CAAC;YACD,IAAI,OAAO,MAAM,CAAC,SAAS,CAAC,KAAK,QAAQ,IAAI,MAAM,CAAC,SAAS,CAAC,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBAC1E,OAAO,GAAG,MAAM,CAAC,SAAS,CAAW,CAAC;YACxC,CAAC;iBAAM,IAAI,OAAO,MAAM,CAAC,QAAQ,CAAC,KAAK,QAAQ,EAAE,CAAC;gBAChD,MAAM,OAAO,GAAG,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;oBAC9C,CAAC,CAAC,cAAe,MAAM,CAAC,SAAS,CAAe,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,OAAO,CAAC,KAAK,QAAQ,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG;oBACnG,CAAC,CAAC,EAAE,CAAC;gBACP,OAAO,GAAG,GAAG,MAAM,CAAC,QAAQ,CAAW,GAAG,OAAO,EAAE,CAAC;YACtD,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,8DAA8D;QAChE,CAAC;QACD,IAAI,eAAe,KAAK,SAAS;YAAE,SAAS;QAC5C,OAAO,EAAE,QAAQ,EAAE,IAAI,CAAC,QAAQ,EAAE,OAAO,EAAE,CAAC;IAC9C,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,SAAS,qBAAqB,CAC5B,QAAgB,EAChB,UAAkB,EAClB,UAAkB;IAElB,MAAM,GAAG,GAAG,EAAE,CAAC,YAAY,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;IAC9C,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAA4B,CAAC;IAC1D,MAAM,cAAc,GAClB,OAAO,MAAM,CAAC,gBAAgB,CAAC,KAAK,QAAQ,CAAC,CAAC,CAAE,MAAM,CAAC,gBAAgB,CAAY,CAAC,CAAC,CAAC,IAAI,CAAC;IAC7F,MAAM,CAAC,gBAAgB,CAAC,GAAG,UAAU,CAAC;IACtC,MAAM,CAAC,YAAY,CAAC,GAAG,UAAU,CAAC;IAClC,MAAM,CAAC,YAAY,CAAC,GAAG,UAAU,CAAC;IAClC,eAAe,CAAC,QAAQ,EAAE,GAAG,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC;IAClE,OAAO,EAAE,cAAc,EAAE,CAAC;AAC5B,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,oBAAoB,CACxC,OAAoC,EAAE;IAEtC,qEAAqE;IACrE,wEAAwE;IACxE,uEAAuE;IACvE,qEAAqE;IACrE,gDAAgD;IAChD,MAAM,YAAY,GAChB,IAAI,CAAC,YAAY;QACjB,mBAAmB,CAAC;YAClB,GAAG,CAAC,IAAI,CAAC,OAAO,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,OAAO,EAAE,IAAI,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YAChE,YAAY,EAAE,YAAY,CAAC,IAAI,CAAC,CAAC,IAAI;SACtC,CAAC,CAAC;IAEL,8CAA8C;IAC9C,+BAA+B;IAC/B,kEAAkE;IAClE,qEAAqE;IACrE,qEAAqE;IACrE,yEAAyE;IACzE,IAAI,SAAS,GAAG,EAAE,CAAC;IACnB,IAAI,aAAa,GAAgD,MAAM,CAAC;IACxE,IAAI,OAAO,IAAI,CAAC,OAAO,KAAK,QAAQ,IAAI,IAAI,CAAC,OAAO,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAChE,SAAS,GAAG,IAAI,CAAC,OAAO,CAAC;QACzB,aAAa,GAAG,MAAM,CAAC;IACzB,CAAC;SAAM,IACL,OAAO,OAAO,CAAC,GAAG,CAAC,iBAAiB,KAAK,QAAQ;QACjD,OAAO,CAAC,GAAG,CAAC,iBAAiB,CAAC,MAAM,GAAG,CAAC,EACxC,CAAC;QACD,SAAS,GAAG,OAAO,CAAC,GAAG,CAAC,iBAAiB,CAAC;QAC1C,aAAa,GAAG,KAAK,CAAC;IACxB,CAAC;SAAM,CAAC;QACN,MAAM,MAAM,GAAG,mBAAmB,CAAC,YAAY,CAAC,CAAC;QACjD,IAAI,MAAM,KAAK,IAAI,EAAE,CAAC;YACpB,SAAS,GAAG,MAAM,CAAC;YACnB,aAAa,GAAG,kBAAkB,CAAC;QACrC,CAAC;IACH,CAAC;IAED,IAAI,SAAS,KAAK,EAAE,EAAE,CAAC;QACrB,oEAAoE;QACpE,sEAAsE;QACtE,iEAAiE;QACjE,2DAA2D;QAC3D,MAAM,IAAI,gBAAgB,CACxB;YACE,yEAAyE;YACzE,EAAE;YACF,+DAA+D;YAC/D,KAAK,YAAY,oBAAoB;YACrC,qEAAqE;YACrE,qEAAqE;YACrE,qEAAqE;YACrE,EAAE;YACF,yBAAyB;YACzB,oEAAoE;YACpE,kEAAkE;YAClE,iBAAiB;YACjB,+DAA+D;YAC/D,oDAAoD;YACpD,EAAE;YACF,kEAAkE;YAClE,oEAAoE;YACpE,iEAAiE;YACjE,yCAAyC;SAC1C,CAAC,IAAI,CAAC,IAAI,CAAC,EACZ,OAAO,CACR,CAAC;IACJ,CAAC;IAED,oEAAoE;IACpE,qEAAqE;IACrE,IAAI,QAAQ,GAAoB,IAAI,CAAC;IACrC,IAAI,CAAC;QACH,QAAQ,GAAG,IAAI,CAAC,QAAQ,IAAI,YAAY,CAAC,IAAI,CAAC,CAAC,QAAQ,CAAC;IAC1D,CAAC;IAAC,MAAM,CAAC;QACP,iDAAiD;IACnD,CAAC;IAED,oEAAoE;IACpE,oEAAoE;IACpE,oEAAoE;IACpE,wDAAwD;IACxD,MAAM,gBAAgB,GAAG,CAAC,IAAI,CAAC,GAAG,IAAI,IAAI,IAAI,EAAE,CAAC,CAAC,WAAW,EAAE,CAAC;IAChE,MAAM,gBAAgB,GAAG,IAAI,CAAC,UAAU,IAAI,mBAAmB,CAAC;IAChE,IAAI,YAAkD,CAAC;IACvD,IAAI,CAAC;QACH,MAAM,QAAQ,GAAG,mBAAmB,CAAC,YAAY,EAAE,SAAS,EAAE;YAC5D,UAAU,EAAE,gBAAgB;YAC5B,UAAU,EAAE,gBAAgB;SAC7B,CAAC,CAAC;QACH,YAAY,GAAG,EAAE,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,UAAU,EAAE,gBAAgB,EAAE,CAAC;IACtE,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,YAAY,GAAG;YACb,EAAE,EAAE,KAAK;YACT,MAAM,EAAE,oCAAqC,GAAa,CAAC,OAAO,EAAE;SACrE,CAAC;IACJ,CAAC;IAED,MAAM,GAAG,GAAG,oBAAoB,CAAC,SAAS,CAAC,CAAC;IAC5C,MAAM,YAAY,GAAG,QAAQ;QAC3B,CAAC,CAAC,MAAM,cAAc,CAAC,QAAQ,EAAE,SAAS,EAAE,GAAG,EAAE,IAAI,CAAC;QACtD,CAAC,CAAC,EAAE,EAAE,EAAE,KAAc,EAAE,MAAM,EAAE,2CAA2C,EAAE,CAAC;IAEhF,qEAAqE;IACrE,wEAAwE;IACxE,qEAAqE;IACrE,UAAU;IACV,kDAAkD;IAClD,wEAAwE;IACxE,+DAA+D;IAC/D,kFAAkF;IAClF,MAAM,mBAAmB,GAAG,IAAI,CAAC,OAAO,CAAC,YAAY,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,CAAC;IAClE,MAAM,UAAU,GAAG,IAAI,CAAC,UAAU,IAAI,iBAAiB,CAAC,mBAAmB,CAAC,CAAC;IAC7E,MAAM,OAAO,GAAG,oBAAoB,CAAC,UAAU,CAAC,CAAC;IACjD,MAAM,MAAM,GAAG,0BAA0B,CAAC,OAAO,EAAE,SAAS,CAAC,CAAC;IAE9D,IAAI,eAA8D,CAAC;IACnE,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,mEAAmE;QACnE,+DAA+D;QAC/D,iEAAiE;QACjE,iEAAiE;QACjE,gEAAgE;QAChE,kEAAkE;QAClE,0BAA0B;QAC1B,MAAM,cAAc,GAAG,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,EAAE,cAAc,CAAC,CAAC;QAC3E,MAAM,gBAAgB,GAAG,oBAAoB,CAAC,cAAc,EAAE,SAAS,CAAC,CAAC;QACzE,IAAI,MAAc,CAAC;QACnB,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACzB,MAAM,GAAG,uBAAuB,UAAU,EAAE,CAAC;YAC7C,IAAI,gBAAgB,EAAE,CAAC;gBACrB,MAAM,IAAI,2BAA2B,gBAAgB,CAAC,QAAQ,KAAK,gBAAgB,CAAC,OAAO,EAAE,CAAC;YAChG,CAAC;QACH,CAAC;aAAM,CAAC;YACN,MAAM,GAAG,gCAAgC,SAAS,KAAK,OAAO,CAAC,MAAM,gCAAgC,CAAC;QACxG,CAAC;QACD,eAAe,GAAG,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,CAAC;IAC1C,CAAC;SAAM,CAAC;QACN,MAAM,UAAU,GAAG,CAAC,IAAI,CAAC,GAAG,IAAI,IAAI,IAAI,EAAE,CAAC,CAAC,WAAW,EAAE,CAAC;QAC1D,MAAM,UAAU,GAAG,IAAI,CAAC,UAAU,IAAI,mBAAmB,CAAC;QAC1D,IAAI,CAAC;YACH,MAAM,EAAE,cAAc,EAAE,GAAG,qBAAqB,CAAC,MAAM,CAAC,QAAQ,EAAE,UAAU,EAAE,UAAU,CAAC,CAAC;YAC1F,eAAe,GAAG;gBAChB,EAAE,EAAE,IAAI;gBACR,QAAQ,EAAE,MAAM,CAAC,QAAQ;gBACzB,cAAc;gBACd,UAAU;aACX,CAAC;QACJ,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,eAAe,GAAG;gBAChB,EAAE,EAAE,KAAK;gBACT,MAAM,EAAE,qBAAqB,MAAM,CAAC,QAAQ,KAAM,GAAa,CAAC,OAAO,EAAE;aAC1E,CAAC;QACJ,CAAC;IACH,CAAC;IAED,mEAAmE;IACnE,sEAAsE;IACtE,uEAAuE;IACvE,sEAAsE;IACtE,IAAI,aAAa,KAAK,kBAAkB,IAAI,YAAY,CAAC,EAAE,EAAE,CAAC;QAC5D,oBAAoB,CAAC,YAAY,CAAC,CAAC;IACrC,CAAC;IAED,OAAO;QACL,SAAS;QACT,aAAa;QACb,MAAM,EAAE,YAAY;QACpB,MAAM,EAAE,YAAY,CAAC,EAAE;YACrB,CAAC,CAAC,EAAE,EAAE,EAAE,IAAI,EAAE,GAAG,EAAE;YACnB,CAAC,CAAC,EAAE,EAAE,EAAE,KAAK,EAAE,GAAG,EAAE,MAAM,EAAE,YAAY,CAAC,MAAM,EAAE;QACnD,eAAe;KAChB,CAAC;AACJ,CAAC"}
+{"version":3,"file":"understanding.js","sourceRoot":"","sources":["../../../src/cli/approve/understanding.ts"],"names":[],"mappings":"AAAA,0EAA0E;AAC1E,EAAE;AACF,4CAA4C;AAC5C,yCAAyC;AACzC,EAAE;AACF,6EAA6E;AAC7E,wEAAwE;AACxE,mDAAmD;AACnD,uEAAuE;AACvE,oEAAoE;AACpE,EAAE;AACF,uEAAuE;AACvE,uEAAuE;AACvE,qEAAqE;AACrE,oEAAoE;AAEpE,OAAO,KAAK,EAAE,MAAM,SAAS,CAAC;AAC9B,OAAO,KAAK,EAAE,MAAM,SAAS,CAAC;AAC9B,OAAO,KAAK,IAAI,MAAM,WAAW,CAAC;AAClC,OAAO,EAAE,eAAe,EAAE,MAAM,0BAA0B,CAAC;AAC3D,OAAO,EACL,oBAAoB,EACpB,iBAAiB,EACjB,0BAA0B,EAC1B,oBAAoB,EACpB,eAAe,EACf,mBAAmB,EACnB,uBAAuB,GACxB,MAAM,sEAAsE,CAAC;AAC9E,OAAO,EAAE,aAAa,EAAE,MAAM,6BAA6B,CAAC;AAC5D,OAAO,EACL,oBAAoB,EACpB,mBAAmB,EACnB,mBAAmB,GACpB,MAAM,mCAAmC,CAAC;AAE3C,OAAO,EAAE,OAAO,EAAE,gBAAgB,EAAE,MAAM,kBAAkB,CAAC;AAC7D,OAAO,EAAE,YAAY,EAAE,YAAY,EAAsB,MAAM,cAAc,CAAC;AAuE9E,MAAM,mBAAmB,GAAG,qBAAqB,CAAC;AAElD,SAAS,gBAAgB,CAAC,QAAkB;IAC1C,OAAO,QAAQ,CAAC,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,eAAe,CAAC,IAAI,IAAI,CAAC;AAC5E,CAAC;AAED,SAAS,cAAc,CAAC,CAAS;IAC/B,IAAI,CAAC,KAAK,GAAG;QAAE,OAAO,OAAO,CAAC,GAAG,CAAC,IAAI,IAAI,EAAE,CAAC,OAAO,EAAE,CAAC;IACvD,IAAI,CAAC,CAAC,UAAU,CAAC,IAAI,CAAC;QAAE,OAAO,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,IAAI,IAAI,EAAE,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;IACvF,OAAO,CAAC,CAAC;AACX,CAAC;AAED,KAAK,UAAU,cAAc,CAC3B,QAAkB,EAClB,SAAiB,EACjB,OAAe,EACf,IAAiC;IAEjC,IAAI,IAAI,CAAC,SAAS;QAAE,OAAO,IAAI,CAAC,SAAS,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC;IAC9D,MAAM,MAAM,GAAG,gBAAgB,CAAC,QAAQ,CAAC,CAAC;IAC1C,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,wCAAwC,EAAE,CAAC;IACzE,CAAC;IACD,MAAM,OAAO,GAAG,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,OAAO,CAAC;QAC3C,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC;QACpC,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC;IAC3D,OAAO,aAAa,CAAC;QACnB,UAAU,EAAE,OAAO;QACnB,GAAG,CAAC,MAAM,CAAC,GAAG,IAAI,EAAE,MAAM,EAAE,MAAM,CAAC,GAAG,EAAE,CAAC;QACzC,SAAS,EAAE,MAAM,CAAC,MAAM,EAAE,UAAU,IAAI,KAAK;QAC7C,SAAS;QACT,OAAO;QACP,MAAM,EAAE,+BAA+B;KACxC,CAAC,CAAC;AACL,CAAC;AAQD;;;;;;;;;;;;;;;;;;GAkBG;AACH,SAAS,oBAAoB,CAAC,GAAW,EAAE,SAAiB;IAC1D,IAAI,KAAe,CAAC;IACpB,IAAI,CAAC;QACH,KAAK,GAAG,EAAE,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC;IAC9B,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;IACD,MAAM,UAAU,GAA4C,EAAE,CAAC;IAC/D,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC;YAAE,SAAS;QACrC,MAAM,IAAI,GAAG,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC;QAClC,IAAI,IAAc,CAAC;QACnB,IAAI,CAAC;YACH,IAAI,GAAG,EAAE,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;QAC3B,CAAC;QAAC,MAAM,CAAC;YACP,SAAS;QACX,CAAC;QACD,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE;YAAE,SAAS;QAC7B,UAAU,CAAC,IAAI,CAAC,EAAE,QAAQ,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,CAAC,OAAO,EAAE,CAAC,CAAC;IAC7D,CAAC;IACD,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,GAAG,CAAC,CAAC,OAAO,CAAC,CAAC;IACjD,KAAK,MAAM,IAAI,IAAI,UAAU,EAAE,CAAC;QAC9B,IAAI,GAAW,CAAC;QAChB,IAAI,CAAC;YACH,GAAG,GAAG,EAAE,CAAC,YAAY,CAAC,IAAI,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;QAC/C,CAAC;QAAC,MAAM,CAAC;YACP,SAAS;QACX,CAAC;QACD,wEAAwE;QACxE,oEAAoE;QACpE,mEAAmE;QACnE,gEAAgE;QAChE,wCAAwC;QACxC,MAAM,MAAM,GAAG,GAAG,CAAC,KAAK,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC,IAAI,GAAG,CAAC;QACpD,IAAI,OAAO,GAAG,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;QACnD,IAAI,eAAe,GAAkB,IAAI,CAAC;QAC1C,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,CAA4B,CAAC;YAC7D,IAAI,OAAO,MAAM,CAAC,WAAW,CAAC,KAAK,QAAQ,EAAE,CAAC;gBAC5C,eAAe,GAAG,MAAM,CAAC,WAAW,CAAW,CAAC;YAClD,CAAC;YACD,IAAI,OAAO,MAAM,CAAC,SAAS,CAAC,KAAK,QAAQ,IAAI,MAAM,CAAC,SAAS,CAAC,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBAC1E,OAAO,GAAG,MAAM,CAAC,SAAS,CAAW,CAAC;YACxC,CAAC;iBAAM,IAAI,OAAO,MAAM,CAAC,QAAQ,CAAC,KAAK,QAAQ,EAAE,CAAC;gBAChD,MAAM,OAAO,GAAG,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;oBAC9C,CAAC,CAAC,cAAe,MAAM,CAAC,SAAS,CAAe,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,OAAO,CAAC,KAAK,QAAQ,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG;oBACnG,CAAC,CAAC,EAAE,CAAC;gBACP,OAAO,GAAG,GAAG,MAAM,CAAC,QAAQ,CAAW,GAAG,OAAO,EAAE,CAAC;YACtD,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,8DAA8D;QAChE,CAAC;QACD,IAAI,eAAe,KAAK,SAAS;YAAE,SAAS;QAC5C,OAAO,EAAE,QAAQ,EAAE,IAAI,CAAC,QAAQ,EAAE,OAAO,EAAE,CAAC;IAC9C,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,SAAS,qBAAqB,CAC5B,QAAgB,EAChB,UAAkB,EAClB,UAAkB;IAElB,MAAM,GAAG,GAAG,EAAE,CAAC,YAAY,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;IAC9C,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAA4B,CAAC;IAC1D,MAAM,cAAc,GAClB,OAAO,MAAM,CAAC,gBAAgB,CAAC,KAAK,QAAQ,CAAC,CAAC,CAAE,MAAM,CAAC,gBAAgB,CAAY,CAAC,CAAC,CAAC,IAAI,CAAC;IAC7F,MAAM,CAAC,gBAAgB,CAAC,GAAG,UAAU,CAAC;IACtC,MAAM,CAAC,YAAY,CAAC,GAAG,UAAU,CAAC;IAClC,MAAM,CAAC,YAAY,CAAC,GAAG,UAAU,CAAC;IAClC,eAAe,CAAC,QAAQ,EAAE,GAAG,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC;IAClE,OAAO,EAAE,cAAc,EAAE,CAAC;AAC5B,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,oBAAoB,CACxC,OAAoC,EAAE;IAEtC,qEAAqE;IACrE,wEAAwE;IACxE,uEAAuE;IACvE,qEAAqE;IACrE,gDAAgD;IAChD,MAAM,YAAY,GAChB,IAAI,CAAC,YAAY;QACjB,mBAAmB,CAAC;YAClB,GAAG,CAAC,IAAI,CAAC,OAAO,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,OAAO,EAAE,IAAI,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YAChE,YAAY,EAAE,YAAY,CAAC,IAAI,CAAC,CAAC,IAAI;SACtC,CAAC,CAAC;IAEL,8CAA8C;IAC9C,+BAA+B;IAC/B,kEAAkE;IAClE,qEAAqE;IACrE,qEAAqE;IACrE,yEAAyE;IACzE,IAAI,SAAS,GAAG,EAAE,CAAC;IACnB,IAAI,aAAa,GAAgD,MAAM,CAAC;IACxE,IAAI,OAAO,IAAI,CAAC,OAAO,KAAK,QAAQ,IAAI,IAAI,CAAC,OAAO,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAChE,SAAS,GAAG,IAAI,CAAC,OAAO,CAAC;QACzB,aAAa,GAAG,MAAM,CAAC;IACzB,CAAC;SAAM,IACL,OAAO,OAAO,CAAC,GAAG,CAAC,iBAAiB,KAAK,QAAQ;QACjD,OAAO,CAAC,GAAG,CAAC,iBAAiB,CAAC,MAAM,GAAG,CAAC,EACxC,CAAC;QACD,SAAS,GAAG,OAAO,CAAC,GAAG,CAAC,iBAAiB,CAAC;QAC1C,aAAa,GAAG,KAAK,CAAC;IACxB,CAAC;SAAM,CAAC;QACN,MAAM,MAAM,GAAG,mBAAmB,CAAC,YAAY,CAAC,CAAC;QACjD,IAAI,MAAM,KAAK,IAAI,EAAE,CAAC;YACpB,SAAS,GAAG,MAAM,CAAC;YACnB,aAAa,GAAG,kBAAkB,CAAC;QACrC,CAAC;IACH,CAAC;IAED,IAAI,SAAS,KAAK,EAAE,EAAE,CAAC;QACrB,oEAAoE;QACpE,sEAAsE;QACtE,iEAAiE;QACjE,2DAA2D;QAC3D,MAAM,IAAI,gBAAgB,CACxB;YACE,yEAAyE;YACzE,EAAE;YACF,+DAA+D;YAC/D,KAAK,YAAY,oBAAoB;YACrC,qEAAqE;YACrE,qEAAqE;YACrE,qEAAqE;YACrE,EAAE;YACF,yBAAyB;YACzB,oEAAoE;YACpE,kEAAkE;YAClE,iBAAiB;YACjB,+DAA+D;YAC/D,oDAAoD;YACpD,EAAE;YACF,kEAAkE;YAClE,oEAAoE;YACpE,iEAAiE;YACjE,yCAAyC;SAC1C,CAAC,IAAI,CAAC,IAAI,CAAC,EACZ,OAAO,CACR,CAAC;IACJ,CAAC;IAED,oEAAoE;IACpE,qEAAqE;IACrE,IAAI,QAAQ,GAAoB,IAAI,CAAC;IACrC,IAAI,CAAC;QACH,QAAQ,GAAG,IAAI,CAAC,QAAQ,IAAI,YAAY,CAAC,IAAI,CAAC,CAAC,QAAQ,CAAC;IAC1D,CAAC;IAAC,MAAM,CAAC;QACP,iDAAiD;IACnD,CAAC;IAED,oEAAoE;IACpE,oEAAoE;IACpE,oEAAoE;IACpE,wDAAwD;IACxD,MAAM,gBAAgB,GAAG,CAAC,IAAI,CAAC,GAAG,IAAI,IAAI,IAAI,EAAE,CAAC,CAAC,WAAW,EAAE,CAAC;IAChE,MAAM,gBAAgB,GAAG,IAAI,CAAC,UAAU,IAAI,mBAAmB,CAAC;IAChE,IAAI,YAAkD,CAAC;IACvD,IAAI,CAAC;QACH,MAAM,QAAQ,GAAG,mBAAmB,CAAC,YAAY,EAAE,SAAS,EAAE;YAC5D,UAAU,EAAE,gBAAgB;YAC5B,UAAU,EAAE,gBAAgB;SAC7B,CAAC,CAAC;QACH,YAAY,GAAG,EAAE,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,UAAU,EAAE,gBAAgB,EAAE,CAAC;IACtE,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,YAAY,GAAG;YACb,EAAE,EAAE,KAAK;YACT,MAAM,EAAE,oCAAqC,GAAa,CAAC,OAAO,EAAE;SACrE,CAAC;IACJ,CAAC;IAED,4DAA4D;IAC5D,gEAAgE;IAChE,qEAAqE;IACrE,2EAA2E;IAC3E,mEAAmE;IACnE,mEAAmE;IACnE,IAAI,gBAAgB,GAA6C,IAAI,CAAC;IACtE,IAAI,cAAc,GAAkB,IAAI,CAAC;IACzC,IAAI,UAAU,GAA4B,MAAM,CAAC;IACjD,IAAI,OAAO,IAAI,CAAC,IAAI,KAAK,QAAQ,IAAI,IAAI,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC1D,cAAc,GAAG,IAAI,CAAC,IAAI,CAAC;QAC3B,UAAU,GAAG,MAAM,CAAC;IACtB,CAAC;SAAM,CAAC;QACN,MAAM,QAAQ,GAAG,eAAe,CAAC,YAAY,CAAC,CAAC;QAC/C,IAAI,QAAQ,KAAK,IAAI,EAAE,CAAC;YACtB,cAAc,GAAG,QAAQ,CAAC;YAC1B,UAAU,GAAG,cAAc,CAAC;QAC9B,CAAC;IACH,CAAC;IACD,IAAI,cAAc,KAAK,IAAI,EAAE,CAAC;QAC5B,IAAI,CAAC;YACH,MAAM,QAAQ,GAAG,uBAAuB,CAAC,YAAY,EAAE,cAAc,EAAE;gBACrE,UAAU,EAAE,gBAAgB;gBAC5B,UAAU,EAAE,gBAAgB;aAC7B,CAAC,CAAC;YACH,gBAAgB,GAAG;gBACjB,EAAE,EAAE,IAAI;gBACR,MAAM,EAAE,cAAc;gBACtB,QAAQ;gBACR,UAAU,EAAE,gBAAgB;gBAC5B,MAAM,EAAE,UAAU;aACnB,CAAC;QACJ,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,gBAAgB,GAAG;gBACjB,EAAE,EAAE,KAAK;gBACT,MAAM,EAAE,cAAc;gBACtB,MAAM,EAAE,gCAAiC,GAAa,CAAC,OAAO,EAAE;gBAChE,MAAM,EAAE,UAAU;aACnB,CAAC;QACJ,CAAC;IACH,CAAC;IAED,MAAM,GAAG,GAAG,oBAAoB,CAAC,SAAS,CAAC,CAAC;IAC5C,MAAM,YAAY,GAAG,QAAQ;QAC3B,CAAC,CAAC,MAAM,cAAc,CAAC,QAAQ,EAAE,SAAS,EAAE,GAAG,EAAE,IAAI,CAAC;QACtD,CAAC,CAAC,EAAE,EAAE,EAAE,KAAc,EAAE,MAAM,EAAE,2CAA2C,EAAE,CAAC;IAEhF,qEAAqE;IACrE,wEAAwE;IACxE,qEAAqE;IACrE,UAAU;IACV,kDAAkD;IAClD,wEAAwE;IACxE,+DAA+D;IAC/D,kFAAkF;IAClF,MAAM,mBAAmB,GAAG,IAAI,CAAC,OAAO,CAAC,YAAY,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,CAAC;IAClE,MAAM,UAAU,GAAG,IAAI,CAAC,UAAU,IAAI,iBAAiB,CAAC,mBAAmB,CAAC,CAAC;IAC7E,MAAM,OAAO,GAAG,oBAAoB,CAAC,UAAU,CAAC,CAAC;IACjD,MAAM,MAAM,GAAG,0BAA0B,CAAC,OAAO,EAAE,SAAS,CAAC,CAAC;IAE9D,IAAI,eAA8D,CAAC;IACnE,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,mEAAmE;QACnE,+DAA+D;QAC/D,iEAAiE;QACjE,iEAAiE;QACjE,gEAAgE;QAChE,kEAAkE;QAClE,0BAA0B;QAC1B,MAAM,cAAc,GAAG,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,EAAE,cAAc,CAAC,CAAC;QAC3E,MAAM,gBAAgB,GAAG,oBAAoB,CAAC,cAAc,EAAE,SAAS,CAAC,CAAC;QACzE,IAAI,MAAc,CAAC;QACnB,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACzB,MAAM,GAAG,uBAAuB,UAAU,EAAE,CAAC;YAC7C,IAAI,gBAAgB,EAAE,CAAC;gBACrB,MAAM,IAAI,2BAA2B,gBAAgB,CAAC,QAAQ,KAAK,gBAAgB,CAAC,OAAO,EAAE,CAAC;YAChG,CAAC;QACH,CAAC;aAAM,CAAC;YACN,MAAM,GAAG,gCAAgC,SAAS,KAAK,OAAO,CAAC,MAAM,gCAAgC,CAAC;QACxG,CAAC;QACD,eAAe,GAAG,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,CAAC;IAC1C,CAAC;SAAM,CAAC;QACN,MAAM,UAAU,GAAG,CAAC,IAAI,CAAC,GAAG,IAAI,IAAI,IAAI,EAAE,CAAC,CAAC,WAAW,EAAE,CAAC;QAC1D,MAAM,UAAU,GAAG,IAAI,CAAC,UAAU,IAAI,mBAAmB,CAAC;QAC1D,IAAI,CAAC;YACH,MAAM,EAAE,cAAc,EAAE,GAAG,qBAAqB,CAAC,MAAM,CAAC,QAAQ,EAAE,UAAU,EAAE,UAAU,CAAC,CAAC;YAC1F,eAAe,GAAG;gBAChB,EAAE,EAAE,IAAI;gBACR,QAAQ,EAAE,MAAM,CAAC,QAAQ;gBACzB,cAAc;gBACd,UAAU;aACX,CAAC;QACJ,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,eAAe,GAAG;gBAChB,EAAE,EAAE,KAAK;gBACT,MAAM,EAAE,qBAAqB,MAAM,CAAC,QAAQ,KAAM,GAAa,CAAC,OAAO,EAAE;aAC1E,CAAC;QACJ,CAAC;IACH,CAAC;IAED,mEAAmE;IACnE,sEAAsE;IACtE,uEAAuE;IACvE,sEAAsE;IACtE,IAAI,aAAa,KAAK,kBAAkB,IAAI,YAAY,CAAC,EAAE,EAAE,CAAC;QAC5D,oBAAoB,CAAC,YAAY,CAAC,CAAC;IACrC,CAAC;IAED,OAAO;QACL,SAAS;QACT,aAAa;QACb,MAAM,EAAE,YAAY;QACpB,UAAU,EAAE,gBAAgB;QAC5B,MAAM,EAAE,YAAY,CAAC,EAAE;YACrB,CAAC,CAAC,EAAE,EAAE,EAAE,IAAI,EAAE,GAAG,EAAE;YACnB,CAAC,CAAC,EAAE,EAAE,EAAE,KAAK,EAAE,GAAG,EAAE,MAAM,EAAE,YAAY,CAAC,MAAM,EAAE;QACnD,eAAe;KAChB,CAAC;AACJ,CAAC"}