@lannguyensi/harness 0.18.0 → 0.20.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +47 -0
- package/README.md +82 -208
- package/dist/cli/approve/understanding.d.ts +38 -0
- package/dist/cli/approve/understanding.js +45 -1
- package/dist/cli/approve/understanding.js.map +1 -1
- package/dist/cli/doctor/format.js +20 -2
- package/dist/cli/doctor/format.js.map +1 -1
- package/dist/cli/doctor/index.d.ts +8 -0
- package/dist/cli/doctor/index.js +27 -1
- package/dist/cli/doctor/index.js.map +1 -1
- package/dist/cli/doctor/npm-bin-path.d.ts +23 -0
- package/dist/cli/doctor/npm-bin-path.js +82 -0
- package/dist/cli/doctor/npm-bin-path.js.map +1 -0
- package/dist/cli/doctor/types.d.ts +20 -4
- package/dist/cli/doctor/types.js.map +1 -1
- package/dist/cli/index.js +32 -0
- package/dist/cli/index.js.map +1 -1
- package/dist/cli/init/agent-tasks-auth.d.ts +32 -0
- package/dist/cli/init/agent-tasks-auth.js +75 -0
- package/dist/cli/init/agent-tasks-auth.js.map +1 -0
- package/dist/cli/init/composer.js +3 -1
- package/dist/cli/init/composer.js.map +1 -1
- package/dist/cli/init/interactive.d.ts +5 -0
- package/dist/cli/init/interactive.js +162 -4
- package/dist/cli/init/interactive.js.map +1 -1
- package/dist/cli/init/profiles.d.ts +2 -2
- package/dist/cli/init/profiles.js +23 -15
- package/dist/cli/init/profiles.js.map +1 -1
- package/dist/cli/init/templates.d.ts +1 -1
- package/dist/cli/init/templates.js +113 -10
- package/dist/cli/init/templates.js.map +1 -1
- package/dist/cli/pack/hook-branch-protection.js +52 -5
- package/dist/cli/pack/hook-branch-protection.js.map +1 -1
- package/dist/cli/pack/hook-post-tool-use.d.ts +25 -1
- package/dist/cli/pack/hook-post-tool-use.js +103 -10
- package/dist/cli/pack/hook-post-tool-use.js.map +1 -1
- package/dist/cli/pack/hook-pre-tool-use.js +25 -4
- package/dist/cli/pack/hook-pre-tool-use.js.map +1 -1
- package/dist/cli/pack/hook-track-active-claim.d.ts +25 -0
- package/dist/cli/pack/hook-track-active-claim.js +162 -0
- package/dist/cli/pack/hook-track-active-claim.js.map +1 -0
- package/dist/policy-packs/builtin/understanding-before-execution-runtime.d.ts +76 -0
- package/dist/policy-packs/builtin/understanding-before-execution-runtime.js +272 -1
- package/dist/policy-packs/builtin/understanding-before-execution-runtime.js.map +1 -1
- package/dist/policy-packs/builtin/understanding-before-execution.js +28 -2
- package/dist/policy-packs/builtin/understanding-before-execution.js.map +1 -1
- package/package.json +1 -1
|
@@ -150,6 +150,15 @@ hooks:
|
|
|
150
150
|
# blew through it. Bumped together with DEFAULT_PREFLIGHT_TIMEOUT_MS
|
|
151
151
|
# (agent-tasks/7265599e).
|
|
152
152
|
budget_ms: 70000
|
|
153
|
+
# Floor at agent-preflight 0.1.1, the release that distinguishes
|
|
154
|
+
# "tool not installed" (e.g. an npm script invoking eslint that is
|
|
155
|
+
# not in devDependencies) from real lint/test/typecheck failures.
|
|
156
|
+
# Stale 0.1.0 installs silently emit false-positive blockers that
|
|
157
|
+
# keep the preflight-before-* policies closed forever. version_command
|
|
158
|
+
# points at the source-of-truth preflight binary, not at the
|
|
159
|
+
# \`harness session-start preflight\` wrapper.
|
|
160
|
+
min_version: "0.1.1"
|
|
161
|
+
version_command: ["preflight", "--version"]
|
|
153
162
|
|
|
154
163
|
- name: require-review-evidence
|
|
155
164
|
event: PreToolUse
|
|
@@ -158,6 +167,20 @@ hooks:
|
|
|
158
167
|
blocking: hard
|
|
159
168
|
budget_ms: 2000
|
|
160
169
|
|
|
170
|
+
# Tool-agnostic parallel of require-review-evidence for operators on the
|
|
171
|
+
# gh-cli workflow (\`gh pr merge\`) instead of agent-tasks MCP. Same generic
|
|
172
|
+
# \`harness policy intercept\` entrypoint; the matching review-before-merge-bash
|
|
173
|
+
# policy below picks up the trigger. A PolicyTrigger can only AND-match one
|
|
174
|
+
# surface (MCP tool-name OR Bash command), so two parallel definitions are
|
|
175
|
+
# the minimum-scope way to cover both PR surfaces without bumping the schema.
|
|
176
|
+
- name: require-review-evidence-bash
|
|
177
|
+
event: PreToolUse
|
|
178
|
+
match: "Bash"
|
|
179
|
+
bash_match: '(^|\\n|;|\\||&&|\\()\\s*(\\w+=\\S+\\s+)*gh pr merge\\b'
|
|
180
|
+
command: harness policy intercept
|
|
181
|
+
blocking: hard
|
|
182
|
+
budget_ms: 2000
|
|
183
|
+
|
|
161
184
|
- name: require-dogfood-evidence
|
|
162
185
|
event: PreToolUse
|
|
163
186
|
match: "Bash"
|
|
@@ -181,6 +204,20 @@ hooks:
|
|
|
181
204
|
blocking: hard
|
|
182
205
|
budget_ms: 2000
|
|
183
206
|
|
|
207
|
+
# Bash-surface parallel of require-review-subagent-evidence for operators
|
|
208
|
+
# who open PRs with \`gh pr create\` instead of agent-tasks MCP. The matching
|
|
209
|
+
# review-subagent-before-pr-create-bash policy below tags by branch
|
|
210
|
+
# (\`review-subagent:\${BRANCH}\`) because no task UUID is in \`gh pr create\`
|
|
211
|
+
# arguments; the working branch is the closest stable handle for "the
|
|
212
|
+
# PR-in-progress" at this point in the cycle.
|
|
213
|
+
- name: require-review-subagent-evidence-bash
|
|
214
|
+
event: PreToolUse
|
|
215
|
+
match: "Bash"
|
|
216
|
+
bash_match: '(^|\\n|;|\\||&&|\\()\\s*(\\w+=\\S+\\s+)*gh pr create\\b'
|
|
217
|
+
command: harness policy intercept
|
|
218
|
+
blocking: hard
|
|
219
|
+
budget_ms: 2000
|
|
220
|
+
|
|
184
221
|
- name: require-preflight-push-evidence
|
|
185
222
|
event: PreToolUse
|
|
186
223
|
match: "Bash"
|
|
@@ -213,6 +250,39 @@ policies:
|
|
|
213
250
|
run:
|
|
214
251
|
- 'mcp__agent-grounding__ledger_add { type: "fact", content: "review:\${PR_NUMBER} — <verdict + key findings + nits>" }'
|
|
215
252
|
|
|
253
|
+
# Bash-surface parallel of review-before-merge for operators on the gh-cli
|
|
254
|
+
# workflow. Two scope notes:
|
|
255
|
+
# 1. Tag shape: \`review:\${BRANCH}\` instead of \`review:\${PR_NUMBER}\`. The
|
|
256
|
+
# \`gh pr merge\` invocation can target the PR by number, by URL, or by
|
|
257
|
+
# the current branch (default), and PR_NUMBER is not extractable from
|
|
258
|
+
# \`tool_input.command\` with today's JSONPath-only extract DSL. BRANCH
|
|
259
|
+
# is the stable identifier the producer can record at review time.
|
|
260
|
+
# 2. This sits ALONGSIDE review-before-merge — not as a replacement. An
|
|
261
|
+
# operator using both surfaces (e.g. agent-tasks MCP for most repos
|
|
262
|
+
# + gh-cli for a quick hotfix) will have both gates active, each with
|
|
263
|
+
# its own tag shape, which is semantically honest.
|
|
264
|
+
- name: review-before-merge-bash
|
|
265
|
+
description: Block \`gh pr merge\` unless a ledger entry tagged review:<branch> exists for this session.
|
|
266
|
+
trigger:
|
|
267
|
+
event: PreToolUse
|
|
268
|
+
match: "Bash"
|
|
269
|
+
bash_match: '(^|\\n|;|\\||&&|\\()\\s*(\\w+=\\S+\\s+)*gh pr merge\\b'
|
|
270
|
+
requires:
|
|
271
|
+
ledger_tag: "review:\${BRANCH}"
|
|
272
|
+
hook: require-review-evidence-bash
|
|
273
|
+
enforcement: block
|
|
274
|
+
producers:
|
|
275
|
+
- kind: mcp
|
|
276
|
+
verb: mcp__agent-grounding__ledger_add
|
|
277
|
+
example: '{type:"fact", content:"review:\${BRANCH} — <verdict + key findings + nits>", source:"Agent(general-purpose) review"}'
|
|
278
|
+
description: Spawn a review subagent against the branch diff, capture its verdict, then persist a ledger entry tagged with the branch name. Mirror of the review-before-merge producer for the gh-cli surface.
|
|
279
|
+
ux:
|
|
280
|
+
cannot: "You cannot merge the PR for branch \${BRANCH} via \`gh pr merge\` yet."
|
|
281
|
+
required:
|
|
282
|
+
- "a recorded review of the PR for branch \${BRANCH}"
|
|
283
|
+
run:
|
|
284
|
+
- 'mcp__agent-grounding__ledger_add { type: "fact", content: "review:\${BRANCH} — <verdict + key findings + nits>" }'
|
|
285
|
+
|
|
216
286
|
- name: dogfood-before-release
|
|
217
287
|
description: Block npm publish / git tag v* without a recent dogfood ledger entry.
|
|
218
288
|
trigger:
|
|
@@ -304,6 +374,34 @@ policies:
|
|
|
304
374
|
run:
|
|
305
375
|
- 'mcp__agent-grounding__ledger_add { type: "fact", content: "review-subagent:\${TASK_ID} — <verdict + key findings + nits>" }'
|
|
306
376
|
|
|
377
|
+
# Bash-surface parallel of review-subagent-before-pr-create. Tag shape is
|
|
378
|
+
# \`review-subagent:\${BRANCH}\` because TASK_ID is an agent-tasks-only
|
|
379
|
+
# concept; for the gh-cli workflow the working branch is the closest stable
|
|
380
|
+
# handle for "the PR-in-progress" at this point. Same rationale as
|
|
381
|
+
# review-before-merge-bash: sits alongside the MCP variant, not as a
|
|
382
|
+
# replacement.
|
|
383
|
+
- name: review-subagent-before-pr-create-bash
|
|
384
|
+
description: Block \`gh pr create\` unless a review-subagent ledger entry tagged review-subagent:<branch> exists for this session. Forces the rigorous review BEFORE the PR opens.
|
|
385
|
+
trigger:
|
|
386
|
+
event: PreToolUse
|
|
387
|
+
match: "Bash"
|
|
388
|
+
bash_match: '(^|\\n|;|\\||&&|\\()\\s*(\\w+=\\S+\\s+)*gh pr create\\b'
|
|
389
|
+
requires:
|
|
390
|
+
ledger_tag: "review-subagent:\${BRANCH}"
|
|
391
|
+
hook: require-review-subagent-evidence-bash
|
|
392
|
+
enforcement: block
|
|
393
|
+
producers:
|
|
394
|
+
- kind: mcp
|
|
395
|
+
verb: mcp__agent-grounding__ledger_add
|
|
396
|
+
example: '{type:"fact", content:"review-subagent:\${BRANCH} — <verdict + key findings + nits>", source:"Agent(general-purpose) review"}'
|
|
397
|
+
description: After running a review subagent against the staged diff for the working branch, persist its verdict + load-bearing findings as a ledger entry tagged with the branch name. Mirror of the review-subagent-before-pr-create producer for the gh-cli surface.
|
|
398
|
+
ux:
|
|
399
|
+
cannot: "You cannot open a pull request for branch \${BRANCH} via \`gh pr create\` yet."
|
|
400
|
+
required:
|
|
401
|
+
- "a completed review-subagent pass on branch \${BRANCH}"
|
|
402
|
+
run:
|
|
403
|
+
- 'mcp__agent-grounding__ledger_add { type: "fact", content: "review-subagent:\${BRANCH} — <verdict + key findings + nits>" }'
|
|
404
|
+
|
|
307
405
|
- name: preflight-before-push
|
|
308
406
|
description: Block git push unless a fresh preflight ledger entry exists for the current branch. Catches the stale-checkout class of incident at the last reversible step.
|
|
309
407
|
trigger:
|
|
@@ -326,7 +424,7 @@ policies:
|
|
|
326
424
|
ux:
|
|
327
425
|
cannot: "You cannot push branch \${BRANCH} yet."
|
|
328
426
|
required:
|
|
329
|
-
- "a fresh preflight for \${BRANCH}
|
|
427
|
+
- "a fresh preflight for \${BRANCH}, captured within the last 10 minutes. If you committed since the last preflight, re-run it before pushing: a preflight from earlier in the session does NOT cover a push that landed a new commit since."
|
|
330
428
|
run:
|
|
331
429
|
- "harness preflight"
|
|
332
430
|
|
|
@@ -367,22 +465,27 @@ policy_packs:
|
|
|
367
465
|
run:
|
|
368
466
|
- "Write an Understanding Report covering: Current Understanding, Intended Outcome, Derived Todos, Acceptance Criteria, Assumptions, Open Questions, Out Of Scope, Risks, Verification Plan"
|
|
369
467
|
- "Run \`harness approve understanding\` and approve the prompt"
|
|
370
|
-
# approval_lifecycle (agent-tasks/d8ee60ca
|
|
371
|
-
# approval marker on task-completion
|
|
372
|
-
# session re-prompts for an
|
|
373
|
-
# Without this
|
|
374
|
-
#
|
|
468
|
+
# approval_lifecycle (agent-tasks/d8ee60ca + harness/f54e0ecb,
|
|
469
|
+
# v0.18.0+): expire the approval marker on task-completion
|
|
470
|
+
# boundaries so a multi-task session re-prompts for an
|
|
471
|
+
# Understanding Report between tasks. Without this the legacy
|
|
472
|
+
# "one approval per session" contract lets a stale interpretation
|
|
473
|
+
# drive the next task's edits.
|
|
375
474
|
#
|
|
376
|
-
#
|
|
377
|
-
#
|
|
378
|
-
#
|
|
475
|
+
# Full ships both boundary kinds: the agent-tasks MCP verbs for
|
|
476
|
+
# operators on that workflow, plus a Bash regex list for hybrid
|
|
477
|
+
# operators who also use gh-cli for PR mechanics. \`max_age\` is
|
|
478
|
+
# the safety net. Operators who prefer the legacy per-session
|
|
379
479
|
# behaviour opt out with \`approval_lifecycle: { mode: session }\`.
|
|
380
|
-
# Operators on other task systems override
|
|
480
|
+
# Operators on other task systems override the matchers.
|
|
381
481
|
approval_lifecycle:
|
|
382
482
|
expire_on_tool_match:
|
|
383
483
|
- mcp__agent-tasks__task_finish
|
|
384
484
|
- mcp__agent-tasks__task_abandon
|
|
385
485
|
- mcp__agent-tasks__pull_requests_merge
|
|
486
|
+
expire_on_bash_match:
|
|
487
|
+
- '^gh pr (merge|close)\\b'
|
|
488
|
+
- '^git push origin (master|main)\\b'
|
|
386
489
|
max_age: 4h
|
|
387
490
|
|
|
388
491
|
# branch-protection (agent-tasks/2fdc5bbe, default-enabled since v0.17.2):
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"templates.js","sourceRoot":"","sources":["../../../src/cli/init/templates.ts"],"names":[],"mappings":"AAAA,MAAM,CAAC,MAAM,gBAAgB,GAAG;;;;;;;;;;;;;;;;;;;;;CAqB/B,CAAC;AAEF,MAAM,CAAC,MAAM,aAAa,GAAG
|
|
1
|
+
{"version":3,"file":"templates.js","sourceRoot":"","sources":["../../../src/cli/init/templates.ts"],"names":[],"mappings":"AAAA,MAAM,CAAC,MAAM,gBAAgB,GAAG;;;;;;;;;;;;;;;;;;;;;CAqB/B,CAAC;AAEF,MAAM,CAAC,MAAM,aAAa,GAAG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAuf5B,CAAC;AAEF,OAAO,EAAE,aAAa,EAAE,aAAa,EAAE,MAAM,eAAe,CAAC;AAI7D,MAAM,UAAU,WAAW,CAAC,IAAkB;IAC5C,QAAQ,IAAI,EAAE,CAAC;QACb,KAAK,MAAM;YACT,OAAO,aAAa,CAAC;QACvB,KAAK,MAAM;YACT,OAAO,aAAa,CAAC;QACvB,KAAK,MAAM;YACT,OAAO,aAAa,CAAC;QACvB,KAAK,SAAS;YACZ,OAAO,gBAAgB,CAAC;IAC5B,CAAC;AACH,CAAC"}
|
|
@@ -25,6 +25,7 @@
|
|
|
25
25
|
// edit-on-master incidents, so a bug in the blocker that silently
|
|
26
26
|
// allowed Writes through would defeat the purpose. The block envelope
|
|
27
27
|
// always names a recovery path so the operator is never wedged.
|
|
28
|
+
import * as path from "node:path";
|
|
28
29
|
import { queryLedgerByTag, } from "../../policies/index.js";
|
|
29
30
|
import { ACK_TAG_PREFIX, DEFAULT_PROTECTED_BRANCHES, NON_PROTECTED_TAG_PREFIX, PACK_NAME, PRODUCER_FRESHNESS_MS, resolveProtectedBranches, } from "../../policy-packs/builtin/branch-protection-runtime.js";
|
|
30
31
|
import { resolveGitContext } from "../../runtime/git-context.js";
|
|
@@ -32,6 +33,33 @@ import { POLICY_DECISION_TYPE } from "../../runtime/ledger-record.js";
|
|
|
32
33
|
import { renderAgentFacing } from "../../runtime/agent-facing.js";
|
|
33
34
|
import { PolicyUxSchema } from "../../schema/index.js";
|
|
34
35
|
import { loadManifest } from "../loader.js";
|
|
36
|
+
/**
|
|
37
|
+
* Pull the destination file path out of a PreToolUse event's `tool_input`
|
|
38
|
+
* payload for the tools that mutate a single file. Returns null for tools
|
|
39
|
+
* that don't have a single resolvable target (Bash, search tools, etc.) —
|
|
40
|
+
* those keep cwd-based protection.
|
|
41
|
+
*
|
|
42
|
+
* Path-aware tools today: Write, Edit, MultiEdit, NotebookEdit.
|
|
43
|
+
*/
|
|
44
|
+
function extractTargetPath(toolName, toolInput) {
|
|
45
|
+
if (typeof toolInput !== "object" || toolInput === null)
|
|
46
|
+
return null;
|
|
47
|
+
const input = toolInput;
|
|
48
|
+
switch (toolName) {
|
|
49
|
+
case "Write":
|
|
50
|
+
case "Edit":
|
|
51
|
+
case "MultiEdit": {
|
|
52
|
+
const fp = input["file_path"];
|
|
53
|
+
return typeof fp === "string" && fp.length > 0 ? fp : null;
|
|
54
|
+
}
|
|
55
|
+
case "NotebookEdit": {
|
|
56
|
+
const np = input["notebook_path"];
|
|
57
|
+
return typeof np === "string" && np.length > 0 ? np : null;
|
|
58
|
+
}
|
|
59
|
+
default:
|
|
60
|
+
return null;
|
|
61
|
+
}
|
|
62
|
+
}
|
|
35
63
|
async function readStdin(stream) {
|
|
36
64
|
return new Promise((resolve, reject) => {
|
|
37
65
|
let data = "";
|
|
@@ -267,17 +295,36 @@ export async function runPackHookBranchProtectionCli(opts = {}) {
|
|
|
267
295
|
return { exitCode: 0, blocked: false, diagnostic };
|
|
268
296
|
}
|
|
269
297
|
const { branches: protectedList } = resolveProtectedBranches(pack);
|
|
270
|
-
const { branch } = resolveGitContext(cwd);
|
|
271
298
|
const configUx = parseConfigUx(pack.config["ux"], stderr);
|
|
299
|
+
// Resolve the branch context to gate against. For tools that target a
|
|
300
|
+
// single file (Write, Edit, MultiEdit, NotebookEdit), the relevant
|
|
301
|
+
// branch is whatever repo OWNS the target path — not cwd. Without this
|
|
302
|
+
// step, a Write to `~/.claude/memory/foo.md` from inside a checkout on
|
|
303
|
+
// a protected branch would be wrongly blocked, even though the target
|
|
304
|
+
// is outside any repo (memory files), or inside an unrelated repo, and
|
|
305
|
+
// the protection rules of cwd's repo have no bearing on it. For
|
|
306
|
+
// path-less tools (Bash, etc.) we fall back to cwd as before.
|
|
307
|
+
const targetPath = extractTargetPath(toolName, event.tool_input);
|
|
308
|
+
let branchSourceDir = cwd;
|
|
309
|
+
let branchSource = "cwd";
|
|
310
|
+
if (targetPath !== null) {
|
|
311
|
+
const absTarget = path.isAbsolute(targetPath)
|
|
312
|
+
? targetPath
|
|
313
|
+
: path.resolve(cwd, targetPath);
|
|
314
|
+
branchSourceDir = path.dirname(absTarget);
|
|
315
|
+
branchSource = "target";
|
|
316
|
+
}
|
|
317
|
+
const { branch } = resolveGitContext(branchSourceDir);
|
|
272
318
|
// Outside a git work tree (or detached HEAD) we can't tell what the
|
|
273
319
|
// edit would land on. We choose to allow here — the alternative is
|
|
274
320
|
// blocking every Write in non-git workspaces, which would be hostile
|
|
275
|
-
// to standalone-script workflows
|
|
276
|
-
//
|
|
277
|
-
//
|
|
321
|
+
// to standalone-script workflows and to writes that target machine
|
|
322
|
+
// state under $HOME / /tmp. A detached HEAD on an in-repo target also
|
|
323
|
+
// lands here; arguably should block, but detached-HEAD edits don't
|
|
324
|
+
// auto-push to a protected ref so the downstream
|
|
278
325
|
// `preflight-before-push` gate still catches the actual hazard.
|
|
279
326
|
if (branch === "") {
|
|
280
|
-
const diagnostic =
|
|
327
|
+
const diagnostic = `${branchSource} is not on a named branch (detached HEAD or outside a git work tree); allowing`;
|
|
281
328
|
note(diagnostic);
|
|
282
329
|
return { exitCode: 0, blocked: false, diagnostic };
|
|
283
330
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"hook-branch-protection.js","sourceRoot":"","sources":["../../../src/cli/pack/hook-branch-protection.ts"],"names":[],"mappings":"AAAA,qEAAqE;AACrE,mCAAmC;AACnC,EAAE;AACF,oEAAoE;AACpE,qEAAqE;AACrE,gEAAgE;AAChE,EAAE;AACF,8BAA8B;AAC9B,EAAE;AACF,sEAAsE;AACtE,qDAAqD;AACrD,uEAAuE;AACvE,gCAAgC;AAChC,EAAE;AACF,wEAAwE;AACxE,mEAAmE;AACnE,qEAAqE;AACrE,oEAAoE;AACpE,sEAAsE;AACtE,kDAAkD;AAClD,EAAE;AACF,qEAAqE;AACrE,iEAAiE;AACjE,kEAAkE;AAClE,kEAAkE;AAClE,sEAAsE;AACtE,gEAAgE;AAEhE,OAAO,EACL,gBAAgB,GAEjB,MAAM,yBAAyB,CAAC;AACjC,OAAO,EACL,cAAc,EACd,0BAA0B,EAC1B,wBAAwB,EACxB,SAAS,EACT,qBAAqB,EACrB,wBAAwB,GACzB,MAAM,yDAAyD,CAAC;AACjE,OAAO,EAAE,iBAAiB,EAAE,MAAM,8BAA8B,CAAC;AACjE,OAAO,EAAE,oBAAoB,EAAE,MAAM,gCAAgC,CAAC;AACtE,OAAO,EAAE,iBAAiB,EAAE,MAAM,+BAA+B,CAAC;AAClE,OAAO,EAAE,cAAc,EAAgD,MAAM,uBAAuB,CAAC;AACrG,OAAO,EAAE,YAAY,EAAsB,MAAM,cAAc,CAAC;AAkChE,KAAK,UAAU,SAAS,CAAC,MAA6B;IACpD,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;QACrC,IAAI,IAAI,GAAG,EAAE,CAAC;QACd,MAAM,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC;QAC3B,MAAM,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,KAAa,EAAE,EAAE;YAClC,IAAI,IAAI,KAAK,CAAC;QAChB,CAAC,CAAC,CAAC;QACH,MAAM,CAAC,EAAE,CAAC,KAAK,EAAE,GAAG,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC;QACtC,MAAM,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC;IAC3C,CAAC,CAAC,CAAC;AACL,CAAC;AAED,SAAS,gBAAgB,CAAC,QAAkB;IAC1C,OAAO,QAAQ,CAAC,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,eAAe,CAAC,IAAI,IAAI,CAAC;AAC5E,CAAC;AAWD,SAAS,eAAe,CAAC,OAAsB,EAAE,GAAS;IACxD,MAAM,MAAM,GAAG,GAAG,CAAC,OAAO,EAAE,GAAG,qBAAqB,CAAC;IACrD,IAAI,gBAAgB,GAAG,KAAK,CAAC;IAC7B,IAAI,MAAM,GAAG,KAAK,CAAC;IACnB,IAAI,oBAAoB,GAAkB,IAAI,CAAC;IAC/C,IAAI,UAAU,GAAkB,IAAI,CAAC;IACrC,KAAK,MAAM,CAAC,IAAI,OAAO,EAAE,CAAC;QACxB,4DAA4D;QAC5D,6DAA6D;QAC7D,6DAA6D;QAC7D,+DAA+D;QAC/D,0DAA0D;QAC1D,gEAAgE;QAChE,+DAA+D;QAC/D,2CAA2C;QAC3C,IAAI,CAAC,CAAC,IAAI,KAAK,oBAAoB;YAAE,SAAS;QAC9C,IAAI,CAAC,CAAC,OAAO,CAAC,UAAU,CAAC,GAAG,oBAAoB,GAAG,CAAC;YAAE,SAAS;QAC/D,IAAI,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC,cAAc,CAAC,EAAE,CAAC;YACvC,MAAM,GAAG,IAAI,CAAC;YACd,IAAI,UAAU,KAAK,IAAI;gBAAE,UAAU,GAAG,CAAC,CAAC,OAAO,CAAC;YAChD,SAAS;QACX,CAAC;QACD,IAAI,CAAC,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC,wBAAwB,CAAC;YAAE,SAAS;QAC5D,MAAM,EAAE,GAAG,CAAC,CAAC,SAAS,YAAY,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC;QAC7E,IAAI,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC;YAAE,SAAS;QACzC,IAAI,EAAE,CAAC,OAAO,EAAE,IAAI,MAAM,EAAE,CAAC;YAC3B,gBAAgB,GAAG,IAAI,CAAC;YACxB,IAAI,oBAAoB,KAAK,IAAI;gBAAE,oBAAoB,GAAG,CAAC,CAAC,OAAO,CAAC;QACtE,CAAC;IACH,CAAC;IACD,OAAO;QACL,gBAAgB;QAChB,MAAM;QACN,oBAAoB;QACpB,UAAU;QACV,YAAY,EAAE,OAAO,CAAC,MAAM;QAC5B,QAAQ,EAAE,IAAI;KACf,CAAC;AACJ,CAAC;AAED,KAAK,UAAU,WAAW,CACxB,QAAyB,EACzB,SAAiB,EACjB,IAAqC;IAErC,IAAI,IAAI,CAAC,WAAW,EAAE,CAAC;QACrB,MAAM,CAAC,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,SAAS,CAAC,CAAC;QAC5C,IAAI,UAAU,IAAI,CAAC,EAAE,CAAC;YACpB,OAAO;gBACL,gBAAgB,EAAE,KAAK;gBACvB,MAAM,EAAE,KAAK;gBACb,oBAAoB,EAAE,IAAI;gBAC1B,UAAU,EAAE,IAAI;gBAChB,YAAY,EAAE,CAAC;gBACf,QAAQ,EAAE,CAAC,CAAC,QAAQ;aACrB,CAAC;QACJ,CAAC;QACD,OAAO,eAAe,CAAC,CAAC,EAAE,IAAI,CAAC,GAAG,IAAI,IAAI,IAAI,EAAE,CAAC,CAAC;IACpD,CAAC;IACD,IAAI,CAAC,QAAQ,EAAE,CAAC;QACd,OAAO;YACL,gBAAgB,EAAE,KAAK;YACvB,MAAM,EAAE,KAAK;YACb,oBAAoB,EAAE,IAAI;YAC1B,UAAU,EAAE,IAAI;YAChB,YAAY,EAAE,CAAC;YACf,QAAQ,EAAE,sBAAsB;SACjC,CAAC;IACJ,CAAC;IACD,MAAM,MAAM,GAAG,gBAAgB,CAAC,QAAQ,CAAC,CAAC;IAC1C,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,OAAO;YACL,gBAAgB,EAAE,KAAK;YACvB,MAAM,EAAE,KAAK;YACb,oBAAoB,EAAE,IAAI;YAC1B,UAAU,EAAE,IAAI;YAChB,YAAY,EAAE,CAAC;YACf,QAAQ,EAAE,wCAAwC;SACnD,CAAC;IACJ,CAAC;IACD,MAAM,OAAO,GAAG,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,OAAO,CAAC;QAC3C,CAAC,CAAC,MAAM,CAAC,OAAO;QAChB,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;IACvC,MAAM,GAAG,GAAG,MAAM,CAAC,GAAG,IAAI,SAAS,CAAC;IACpC,MAAM,SAAS,GAAG,IAAI,CAAC,eAAe,IAAI,MAAM,CAAC,MAAM,EAAE,UAAU,IAAI,KAAK,CAAC;IAC7E,MAAM,MAAM,GAAG,MAAM,gBAAgB,CAAC;QACpC,UAAU,EAAE,OAAO;QACnB,GAAG,CAAC,GAAG,IAAI,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC;QAC3B,SAAS;QACT,SAAS;KACV,CAAC,CAAC;IACH,IAAI,MAAM,CAAC,IAAI,KAAK,UAAU,EAAE,CAAC;QAC/B,OAAO;YACL,gBAAgB,EAAE,KAAK;YACvB,MAAM,EAAE,KAAK;YACb,oBAAoB,EAAE,IAAI;YAC1B,UAAU,EAAE,IAAI;YAChB,YAAY,EAAE,CAAC;YACf,QAAQ,EAAE,MAAM,CAAC,MAAM;SACxB,CAAC;IACJ,CAAC;IACD,OAAO,eAAe,CAAC,MAAM,CAAC,OAAO,EAAE,IAAI,CAAC,GAAG,IAAI,IAAI,IAAI,EAAE,CAAC,CAAC;AACjE,CAAC;AAED,sEAAsE;AACtE,uEAAuE;AACvE,qEAAqE;AACrE,SAAS,aAAa,CACpB,GAAY,EACZ,MAA6B;IAE7B,IAAI,GAAG,KAAK,SAAS;QAAE,OAAO,SAAS,CAAC;IACxC,MAAM,MAAM,GAAG,cAAc,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;IAC7C,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;QACpB,MAAM,CAAC,KAAK,CACV,2DAA2D,MAAM,CAAC,KAAK,CAAC,MAAM;aAC3E,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,QAAQ,KAAK,CAAC,CAAC,OAAO,EAAE,CAAC;aAC3D,IAAI,CAAC,IAAI,CAAC,KAAK,CACnB,CAAC;QACF,OAAO,SAAS,CAAC;IACnB,CAAC;IACD,OAAO,MAAM,CAAC,IAAI,CAAC;AACrB,CAAC;AAED,SAAS,SAAS,CAChB,QAAgB,EAChB,MAAc,EACd,MAAc,EACd,aAAgC,EAChC,EAAwB,EACxB,SAAiB;IAEjB,gEAAgE;IAChE,mEAAmE;IACnE,6DAA6D;IAC7D,kEAAkE;IAClE,gEAAgE;IAChE,+DAA+D;IAC/D,IAAI,UAAkB,CAAC;IACvB,IAAI,EAAE,EAAE,CAAC;QACP,UAAU,GAAG,iBAAiB,CAAC,EAAE,EAAE;YACjC,MAAM,EAAE,MAAM;YACd,SAAS,EAAE,QAAQ;YACnB,UAAU,EAAE,SAAS;SACtB,CAAC,CAAC;IACL,CAAC;SAAM,CAAC;QACN,MAAM,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,qBAAqB,GAAG,KAAK,CAAC,CAAC;QAC1D,UAAU;YACR,+BAA+B,QAAQ,yBAAyB,MAAM,KAAK;gBAC3E,GAAG,MAAM,IAAI;gBACb,6DAA6D;gBAC7D,oCAAoC;gBACpC,wCAAwC;gBACxC,8BAA8B,wBAAwB,gBAAgB,OAAO,oCAAoC;gBACjH,IAAI;gBACJ,qCAAqC,cAAc,kEAAkE;gBACrH,6DAA6D;gBAC7D,IAAI;gBACJ,uBAAuB,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC;IACvD,CAAC;IACD,OAAO,IAAI,CAAC,SAAS,CAAC;QACpB,QAAQ,EAAE,OAAO;QACjB,MAAM,EAAE,UAAU;QAClB,kBAAkB,EAAE;YAClB,aAAa,EAAE,YAAY;YAC3B,kBAAkB,EAAE,MAAM;YAC1B,wBAAwB,EAAE,UAAU;SACrC;KACF,CAAC,CAAC;AACL,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,8BAA8B,CAClD,OAAwC,EAAE;IAE1C,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,IAAI,OAAO,CAAC,KAAK,CAAC;IAC1C,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,IAAI,OAAO,CAAC,MAAM,CAAC;IAC7C,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,IAAI,OAAO,CAAC,MAAM,CAAC;IAC7C,MAAM,IAAI,GAAG,CAAC,GAAW,EAAQ,EAAE;QACjC,MAAM,CAAC,KAAK,CAAC,wCAAwC,GAAG,IAAI,CAAC,CAAC;IAChE,CAAC,CAAC;IAEF,mEAAmE;IACnE,sEAAsE;IACtE,oEAAoE;IACpE,uBAAuB;IACvB,MAAM,GAAG,GAAG,MAAM,SAAS,CAAC,KAAK,CAAC,CAAC;IACnC,IAAI,KAAK,GAAkB,EAAE,CAAC;IAC9B,IAAI,CAAC;QACH,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,IAAI,EAAE,IAAI,IAAI,CAAkB,CAAC;IAC1D,CAAC;IAAC,MAAM,CAAC;QACP,2DAA2D;IAC7D,CAAC;IAED,MAAM,SAAS,GACb,CAAC,OAAO,KAAK,CAAC,UAAU,KAAK,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC,CAAC,SAAS,CAAC;QACrE,OAAO,CAAC,GAAG,CAAC,iBAAiB;QAC7B,EAAE,CAAC;IACL,MAAM,QAAQ,GAAG,OAAO,KAAK,CAAC,SAAS,KAAK,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC,CAAC,WAAW,CAAC;IACrF,MAAM,GAAG,GACP,OAAO,IAAI,CAAC,GAAG,KAAK,QAAQ,IAAI,IAAI,CAAC,GAAG,CAAC,MAAM,GAAG,CAAC;QACjD,CAAC,CAAC,IAAI,CAAC,GAAG;QACV,CAAC,CAAC,OAAO,KAAK,CAAC,GAAG,KAAK,QAAQ,IAAI,KAAK,CAAC,GAAG,CAAC,MAAM,GAAG,CAAC;YACrD,CAAC,CAAC,KAAK,CAAC,GAAG;YACX,CAAC,CAAC,OAAO,CAAC,GAAG,EAAE,CAAC;IAEtB,+DAA+D;IAC/D,oEAAoE;IACpE,iEAAiE;IACjE,mBAAmB;IACnB,IAAI,QAAQ,GAAoB,IAAI,CAAC;IACrC,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;QAClB,QAAQ,GAAG,IAAI,CAAC,QAAQ,CAAC;IAC3B,CAAC;SAAM,CAAC;QACN,IAAI,CAAC;YACH,QAAQ,GAAG,YAAY,CAAC,IAAI,CAAC,CAAC,QAAQ,CAAC;QACzC,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,MAAM,GAAG,yBAA0B,GAAa,CAAC,OAAO,yBAAyB,CAAC;YACxF,MAAM,UAAU,GAAG,WAAW,MAAM,EAAE,CAAC;YACvC,IAAI,CAAC,UAAU,CAAC,CAAC;YACjB,0DAA0D;YAC1D,+CAA+C;YAC/C,MAAM,CAAC,KAAK,CACV,GAAG,SAAS,CAAC,QAAQ,EAAE,gBAAgB,EAAE,MAAM,EAAE,0BAA0B,EAAE,SAAS,EAAE,SAAS,CAAC,IAAI,CACvG,CAAC;YACF,OAAO,EAAE,QAAQ,EAAE,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,UAAU,EAAE,CAAC;QACpD,CAAC;IACH,CAAC;IAED,MAAM,IAAI,GAAG,QAAQ,CAAC,YAAY,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,SAAS,CAAC,CAAC;IACrE,IAAI,CAAC,IAAI,EAAE,CAAC;QACV,MAAM,UAAU,GAAG,SAAS,SAAS,sCAAsC,CAAC;QAC5E,IAAI,CAAC,UAAU,CAAC,CAAC;QACjB,OAAO,EAAE,QAAQ,EAAE,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,UAAU,EAAE,CAAC;IACrD,CAAC;IACD,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,CAAC;QAClB,MAAM,UAAU,GAAG,SAAS,SAAS,8BAA8B,CAAC;QACpE,IAAI,CAAC,UAAU,CAAC,CAAC;QACjB,OAAO,EAAE,QAAQ,EAAE,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,UAAU,EAAE,CAAC;IACrD,CAAC;IAED,MAAM,EAAE,QAAQ,EAAE,aAAa,EAAE,GAAG,wBAAwB,CAAC,IAAI,CAAC,CAAC;IACnE,MAAM,EAAE,MAAM,EAAE,GAAG,iBAAiB,CAAC,GAAG,CAAC,CAAC;IAC1C,MAAM,QAAQ,GAAG,aAAa,CAC3B,IAAI,CAAC,MAAkC,CAAC,IAAI,CAAC,EAC9C,MAAM,CACP,CAAC;IAEF,oEAAoE;IACpE,mEAAmE;IACnE,qEAAqE;IACrE,oEAAoE;IACpE,gEAAgE;IAChE,6DAA6D;IAC7D,gEAAgE;IAChE,IAAI,MAAM,KAAK,EAAE,EAAE,CAAC;QAClB,MAAM,UAAU,GAAG,mFAAmF,CAAC;QACvG,IAAI,CAAC,UAAU,CAAC,CAAC;QACjB,OAAO,EAAE,QAAQ,EAAE,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,UAAU,EAAE,CAAC;IACrD,CAAC;IAED,IAAI,CAAC,aAAa,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;QACpC,MAAM,UAAU,GAAG,WAAW,MAAM,mCAAmC,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,aAAa,CAAC;QAC7G,IAAI,CAAC,UAAU,CAAC,CAAC;QACjB,OAAO,EAAE,QAAQ,EAAE,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,UAAU,EAAE,CAAC;IACrD,CAAC;IAED,gEAAgE;IAChE,IAAI,SAAS,KAAK,EAAE,EAAE,CAAC;QACrB,MAAM,MAAM,GAAG,kFAAkF,CAAC;QAClG,MAAM,UAAU,GAAG,WAAW,MAAM,EAAE,CAAC;QACvC,IAAI,CAAC,UAAU,CAAC,CAAC;QACjB,MAAM,CAAC,KAAK,CAAC,GAAG,SAAS,CAAC,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,aAAa,EAAE,QAAQ,EAAE,SAAS,CAAC,IAAI,CAAC,CAAC;QAC7F,OAAO,EAAE,QAAQ,EAAE,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,UAAU,EAAE,CAAC;IACpD,CAAC;IAED,MAAM,KAAK,GAAG,MAAM,WAAW,CAAC,QAAQ,EAAE,SAAS,EAAE,IAAI,CAAC,CAAC;IAC3D,IAAI,KAAK,CAAC,MAAM,EAAE,CAAC;QACjB,MAAM,UAAU,GAAG,wBAAwB,KAAK,CAAC,UAAU,IAAI,cAAc,aAAa,CAAC;QAC3F,IAAI,CAAC,UAAU,CAAC,CAAC;QACjB,OAAO,EAAE,QAAQ,EAAE,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,UAAU,EAAE,CAAC;IACrD,CAAC;IACD,IAAI,KAAK,CAAC,gBAAgB,EAAE,CAAC;QAC3B,MAAM,UAAU,GAAG,uBAAuB,KAAK,CAAC,oBAAoB,IAAI,wBAAwB,aAAa,CAAC;QAC9G,IAAI,CAAC,UAAU,CAAC,CAAC;QACjB,OAAO,EAAE,QAAQ,EAAE,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,UAAU,EAAE,CAAC;IACrD,CAAC;IAED,MAAM,GAAG,GACP,KAAK,CAAC,QAAQ,KAAK,IAAI;QACrB,CAAC,CAAC,oBAAoB,KAAK,CAAC,QAAQ,yBAAyB;QAC7D,CAAC,CAAC,YAAY,wBAAwB,SAAS,KAAK,CAAC,YAAY,4BAA4B,cAAc,WAAW,CAAC;IAC3H,MAAM,UAAU,GAAG,WAAW,GAAG,EAAE,CAAC;IACpC,IAAI,CAAC,UAAU,CAAC,CAAC;IACjB,MAAM,CAAC,KAAK,CAAC,GAAG,SAAS,CAAC,QAAQ,EAAE,MAAM,EAAE,GAAG,EAAE,aAAa,EAAE,QAAQ,EAAE,SAAS,CAAC,IAAI,CAAC,CAAC;IAC1F,OAAO,EAAE,QAAQ,EAAE,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,UAAU,EAAE,CAAC;AACpD,CAAC"}
|
|
1
|
+
{"version":3,"file":"hook-branch-protection.js","sourceRoot":"","sources":["../../../src/cli/pack/hook-branch-protection.ts"],"names":[],"mappings":"AAAA,qEAAqE;AACrE,mCAAmC;AACnC,EAAE;AACF,oEAAoE;AACpE,qEAAqE;AACrE,gEAAgE;AAChE,EAAE;AACF,8BAA8B;AAC9B,EAAE;AACF,sEAAsE;AACtE,qDAAqD;AACrD,uEAAuE;AACvE,gCAAgC;AAChC,EAAE;AACF,wEAAwE;AACxE,mEAAmE;AACnE,qEAAqE;AACrE,oEAAoE;AACpE,sEAAsE;AACtE,kDAAkD;AAClD,EAAE;AACF,qEAAqE;AACrE,iEAAiE;AACjE,kEAAkE;AAClE,kEAAkE;AAClE,sEAAsE;AACtE,gEAAgE;AAEhE,OAAO,KAAK,IAAI,MAAM,WAAW,CAAC;AAClC,OAAO,EACL,gBAAgB,GAEjB,MAAM,yBAAyB,CAAC;AACjC,OAAO,EACL,cAAc,EACd,0BAA0B,EAC1B,wBAAwB,EACxB,SAAS,EACT,qBAAqB,EACrB,wBAAwB,GACzB,MAAM,yDAAyD,CAAC;AACjE,OAAO,EAAE,iBAAiB,EAAE,MAAM,8BAA8B,CAAC;AACjE,OAAO,EAAE,oBAAoB,EAAE,MAAM,gCAAgC,CAAC;AACtE,OAAO,EAAE,iBAAiB,EAAE,MAAM,+BAA+B,CAAC;AAClE,OAAO,EAAE,cAAc,EAAgD,MAAM,uBAAuB,CAAC;AACrG,OAAO,EAAE,YAAY,EAAsB,MAAM,cAAc,CAAC;AAmChE;;;;;;;GAOG;AACH,SAAS,iBAAiB,CAAC,QAAgB,EAAE,SAAkB;IAC7D,IAAI,OAAO,SAAS,KAAK,QAAQ,IAAI,SAAS,KAAK,IAAI;QAAE,OAAO,IAAI,CAAC;IACrE,MAAM,KAAK,GAAG,SAAoC,CAAC;IACnD,QAAQ,QAAQ,EAAE,CAAC;QACjB,KAAK,OAAO,CAAC;QACb,KAAK,MAAM,CAAC;QACZ,KAAK,WAAW,CAAC,CAAC,CAAC;YACjB,MAAM,EAAE,GAAG,KAAK,CAAC,WAAW,CAAC,CAAC;YAC9B,OAAO,OAAO,EAAE,KAAK,QAAQ,IAAI,EAAE,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC;QAC7D,CAAC;QACD,KAAK,cAAc,CAAC,CAAC,CAAC;YACpB,MAAM,EAAE,GAAG,KAAK,CAAC,eAAe,CAAC,CAAC;YAClC,OAAO,OAAO,EAAE,KAAK,QAAQ,IAAI,EAAE,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC;QAC7D,CAAC;QACD;YACE,OAAO,IAAI,CAAC;IAChB,CAAC;AACH,CAAC;AAED,KAAK,UAAU,SAAS,CAAC,MAA6B;IACpD,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;QACrC,IAAI,IAAI,GAAG,EAAE,CAAC;QACd,MAAM,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC;QAC3B,MAAM,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,KAAa,EAAE,EAAE;YAClC,IAAI,IAAI,KAAK,CAAC;QAChB,CAAC,CAAC,CAAC;QACH,MAAM,CAAC,EAAE,CAAC,KAAK,EAAE,GAAG,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC;QACtC,MAAM,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC;IAC3C,CAAC,CAAC,CAAC;AACL,CAAC;AAED,SAAS,gBAAgB,CAAC,QAAkB;IAC1C,OAAO,QAAQ,CAAC,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,eAAe,CAAC,IAAI,IAAI,CAAC;AAC5E,CAAC;AAWD,SAAS,eAAe,CAAC,OAAsB,EAAE,GAAS;IACxD,MAAM,MAAM,GAAG,GAAG,CAAC,OAAO,EAAE,GAAG,qBAAqB,CAAC;IACrD,IAAI,gBAAgB,GAAG,KAAK,CAAC;IAC7B,IAAI,MAAM,GAAG,KAAK,CAAC;IACnB,IAAI,oBAAoB,GAAkB,IAAI,CAAC;IAC/C,IAAI,UAAU,GAAkB,IAAI,CAAC;IACrC,KAAK,MAAM,CAAC,IAAI,OAAO,EAAE,CAAC;QACxB,4DAA4D;QAC5D,6DAA6D;QAC7D,6DAA6D;QAC7D,+DAA+D;QAC/D,0DAA0D;QAC1D,gEAAgE;QAChE,+DAA+D;QAC/D,2CAA2C;QAC3C,IAAI,CAAC,CAAC,IAAI,KAAK,oBAAoB;YAAE,SAAS;QAC9C,IAAI,CAAC,CAAC,OAAO,CAAC,UAAU,CAAC,GAAG,oBAAoB,GAAG,CAAC;YAAE,SAAS;QAC/D,IAAI,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC,cAAc,CAAC,EAAE,CAAC;YACvC,MAAM,GAAG,IAAI,CAAC;YACd,IAAI,UAAU,KAAK,IAAI;gBAAE,UAAU,GAAG,CAAC,CAAC,OAAO,CAAC;YAChD,SAAS;QACX,CAAC;QACD,IAAI,CAAC,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC,wBAAwB,CAAC;YAAE,SAAS;QAC5D,MAAM,EAAE,GAAG,CAAC,CAAC,SAAS,YAAY,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC;QAC7E,IAAI,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC;YAAE,SAAS;QACzC,IAAI,EAAE,CAAC,OAAO,EAAE,IAAI,MAAM,EAAE,CAAC;YAC3B,gBAAgB,GAAG,IAAI,CAAC;YACxB,IAAI,oBAAoB,KAAK,IAAI;gBAAE,oBAAoB,GAAG,CAAC,CAAC,OAAO,CAAC;QACtE,CAAC;IACH,CAAC;IACD,OAAO;QACL,gBAAgB;QAChB,MAAM;QACN,oBAAoB;QACpB,UAAU;QACV,YAAY,EAAE,OAAO,CAAC,MAAM;QAC5B,QAAQ,EAAE,IAAI;KACf,CAAC;AACJ,CAAC;AAED,KAAK,UAAU,WAAW,CACxB,QAAyB,EACzB,SAAiB,EACjB,IAAqC;IAErC,IAAI,IAAI,CAAC,WAAW,EAAE,CAAC;QACrB,MAAM,CAAC,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,SAAS,CAAC,CAAC;QAC5C,IAAI,UAAU,IAAI,CAAC,EAAE,CAAC;YACpB,OAAO;gBACL,gBAAgB,EAAE,KAAK;gBACvB,MAAM,EAAE,KAAK;gBACb,oBAAoB,EAAE,IAAI;gBAC1B,UAAU,EAAE,IAAI;gBAChB,YAAY,EAAE,CAAC;gBACf,QAAQ,EAAE,CAAC,CAAC,QAAQ;aACrB,CAAC;QACJ,CAAC;QACD,OAAO,eAAe,CAAC,CAAC,EAAE,IAAI,CAAC,GAAG,IAAI,IAAI,IAAI,EAAE,CAAC,CAAC;IACpD,CAAC;IACD,IAAI,CAAC,QAAQ,EAAE,CAAC;QACd,OAAO;YACL,gBAAgB,EAAE,KAAK;YACvB,MAAM,EAAE,KAAK;YACb,oBAAoB,EAAE,IAAI;YAC1B,UAAU,EAAE,IAAI;YAChB,YAAY,EAAE,CAAC;YACf,QAAQ,EAAE,sBAAsB;SACjC,CAAC;IACJ,CAAC;IACD,MAAM,MAAM,GAAG,gBAAgB,CAAC,QAAQ,CAAC,CAAC;IAC1C,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,OAAO;YACL,gBAAgB,EAAE,KAAK;YACvB,MAAM,EAAE,KAAK;YACb,oBAAoB,EAAE,IAAI;YAC1B,UAAU,EAAE,IAAI;YAChB,YAAY,EAAE,CAAC;YACf,QAAQ,EAAE,wCAAwC;SACnD,CAAC;IACJ,CAAC;IACD,MAAM,OAAO,GAAG,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,OAAO,CAAC;QAC3C,CAAC,CAAC,MAAM,CAAC,OAAO;QAChB,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;IACvC,MAAM,GAAG,GAAG,MAAM,CAAC,GAAG,IAAI,SAAS,CAAC;IACpC,MAAM,SAAS,GAAG,IAAI,CAAC,eAAe,IAAI,MAAM,CAAC,MAAM,EAAE,UAAU,IAAI,KAAK,CAAC;IAC7E,MAAM,MAAM,GAAG,MAAM,gBAAgB,CAAC;QACpC,UAAU,EAAE,OAAO;QACnB,GAAG,CAAC,GAAG,IAAI,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC;QAC3B,SAAS;QACT,SAAS;KACV,CAAC,CAAC;IACH,IAAI,MAAM,CAAC,IAAI,KAAK,UAAU,EAAE,CAAC;QAC/B,OAAO;YACL,gBAAgB,EAAE,KAAK;YACvB,MAAM,EAAE,KAAK;YACb,oBAAoB,EAAE,IAAI;YAC1B,UAAU,EAAE,IAAI;YAChB,YAAY,EAAE,CAAC;YACf,QAAQ,EAAE,MAAM,CAAC,MAAM;SACxB,CAAC;IACJ,CAAC;IACD,OAAO,eAAe,CAAC,MAAM,CAAC,OAAO,EAAE,IAAI,CAAC,GAAG,IAAI,IAAI,IAAI,EAAE,CAAC,CAAC;AACjE,CAAC;AAED,sEAAsE;AACtE,uEAAuE;AACvE,qEAAqE;AACrE,SAAS,aAAa,CACpB,GAAY,EACZ,MAA6B;IAE7B,IAAI,GAAG,KAAK,SAAS;QAAE,OAAO,SAAS,CAAC;IACxC,MAAM,MAAM,GAAG,cAAc,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;IAC7C,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;QACpB,MAAM,CAAC,KAAK,CACV,2DAA2D,MAAM,CAAC,KAAK,CAAC,MAAM;aAC3E,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,QAAQ,KAAK,CAAC,CAAC,OAAO,EAAE,CAAC;aAC3D,IAAI,CAAC,IAAI,CAAC,KAAK,CACnB,CAAC;QACF,OAAO,SAAS,CAAC;IACnB,CAAC;IACD,OAAO,MAAM,CAAC,IAAI,CAAC;AACrB,CAAC;AAED,SAAS,SAAS,CAChB,QAAgB,EAChB,MAAc,EACd,MAAc,EACd,aAAgC,EAChC,EAAwB,EACxB,SAAiB;IAEjB,gEAAgE;IAChE,mEAAmE;IACnE,6DAA6D;IAC7D,kEAAkE;IAClE,gEAAgE;IAChE,+DAA+D;IAC/D,IAAI,UAAkB,CAAC;IACvB,IAAI,EAAE,EAAE,CAAC;QACP,UAAU,GAAG,iBAAiB,CAAC,EAAE,EAAE;YACjC,MAAM,EAAE,MAAM;YACd,SAAS,EAAE,QAAQ;YACnB,UAAU,EAAE,SAAS;SACtB,CAAC,CAAC;IACL,CAAC;SAAM,CAAC;QACN,MAAM,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,qBAAqB,GAAG,KAAK,CAAC,CAAC;QAC1D,UAAU;YACR,+BAA+B,QAAQ,yBAAyB,MAAM,KAAK;gBAC3E,GAAG,MAAM,IAAI;gBACb,6DAA6D;gBAC7D,oCAAoC;gBACpC,wCAAwC;gBACxC,8BAA8B,wBAAwB,gBAAgB,OAAO,oCAAoC;gBACjH,IAAI;gBACJ,qCAAqC,cAAc,kEAAkE;gBACrH,6DAA6D;gBAC7D,IAAI;gBACJ,uBAAuB,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC;IACvD,CAAC;IACD,OAAO,IAAI,CAAC,SAAS,CAAC;QACpB,QAAQ,EAAE,OAAO;QACjB,MAAM,EAAE,UAAU;QAClB,kBAAkB,EAAE;YAClB,aAAa,EAAE,YAAY;YAC3B,kBAAkB,EAAE,MAAM;YAC1B,wBAAwB,EAAE,UAAU;SACrC;KACF,CAAC,CAAC;AACL,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,8BAA8B,CAClD,OAAwC,EAAE;IAE1C,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,IAAI,OAAO,CAAC,KAAK,CAAC;IAC1C,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,IAAI,OAAO,CAAC,MAAM,CAAC;IAC7C,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,IAAI,OAAO,CAAC,MAAM,CAAC;IAC7C,MAAM,IAAI,GAAG,CAAC,GAAW,EAAQ,EAAE;QACjC,MAAM,CAAC,KAAK,CAAC,wCAAwC,GAAG,IAAI,CAAC,CAAC;IAChE,CAAC,CAAC;IAEF,mEAAmE;IACnE,sEAAsE;IACtE,oEAAoE;IACpE,uBAAuB;IACvB,MAAM,GAAG,GAAG,MAAM,SAAS,CAAC,KAAK,CAAC,CAAC;IACnC,IAAI,KAAK,GAAkB,EAAE,CAAC;IAC9B,IAAI,CAAC;QACH,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,IAAI,EAAE,IAAI,IAAI,CAAkB,CAAC;IAC1D,CAAC;IAAC,MAAM,CAAC;QACP,2DAA2D;IAC7D,CAAC;IAED,MAAM,SAAS,GACb,CAAC,OAAO,KAAK,CAAC,UAAU,KAAK,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC,CAAC,SAAS,CAAC;QACrE,OAAO,CAAC,GAAG,CAAC,iBAAiB;QAC7B,EAAE,CAAC;IACL,MAAM,QAAQ,GAAG,OAAO,KAAK,CAAC,SAAS,KAAK,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC,CAAC,WAAW,CAAC;IACrF,MAAM,GAAG,GACP,OAAO,IAAI,CAAC,GAAG,KAAK,QAAQ,IAAI,IAAI,CAAC,GAAG,CAAC,MAAM,GAAG,CAAC;QACjD,CAAC,CAAC,IAAI,CAAC,GAAG;QACV,CAAC,CAAC,OAAO,KAAK,CAAC,GAAG,KAAK,QAAQ,IAAI,KAAK,CAAC,GAAG,CAAC,MAAM,GAAG,CAAC;YACrD,CAAC,CAAC,KAAK,CAAC,GAAG;YACX,CAAC,CAAC,OAAO,CAAC,GAAG,EAAE,CAAC;IAEtB,+DAA+D;IAC/D,oEAAoE;IACpE,iEAAiE;IACjE,mBAAmB;IACnB,IAAI,QAAQ,GAAoB,IAAI,CAAC;IACrC,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;QAClB,QAAQ,GAAG,IAAI,CAAC,QAAQ,CAAC;IAC3B,CAAC;SAAM,CAAC;QACN,IAAI,CAAC;YACH,QAAQ,GAAG,YAAY,CAAC,IAAI,CAAC,CAAC,QAAQ,CAAC;QACzC,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,MAAM,GAAG,yBAA0B,GAAa,CAAC,OAAO,yBAAyB,CAAC;YACxF,MAAM,UAAU,GAAG,WAAW,MAAM,EAAE,CAAC;YACvC,IAAI,CAAC,UAAU,CAAC,CAAC;YACjB,0DAA0D;YAC1D,+CAA+C;YAC/C,MAAM,CAAC,KAAK,CACV,GAAG,SAAS,CAAC,QAAQ,EAAE,gBAAgB,EAAE,MAAM,EAAE,0BAA0B,EAAE,SAAS,EAAE,SAAS,CAAC,IAAI,CACvG,CAAC;YACF,OAAO,EAAE,QAAQ,EAAE,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,UAAU,EAAE,CAAC;QACpD,CAAC;IACH,CAAC;IAED,MAAM,IAAI,GAAG,QAAQ,CAAC,YAAY,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,SAAS,CAAC,CAAC;IACrE,IAAI,CAAC,IAAI,EAAE,CAAC;QACV,MAAM,UAAU,GAAG,SAAS,SAAS,sCAAsC,CAAC;QAC5E,IAAI,CAAC,UAAU,CAAC,CAAC;QACjB,OAAO,EAAE,QAAQ,EAAE,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,UAAU,EAAE,CAAC;IACrD,CAAC;IACD,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,CAAC;QAClB,MAAM,UAAU,GAAG,SAAS,SAAS,8BAA8B,CAAC;QACpE,IAAI,CAAC,UAAU,CAAC,CAAC;QACjB,OAAO,EAAE,QAAQ,EAAE,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,UAAU,EAAE,CAAC;IACrD,CAAC;IAED,MAAM,EAAE,QAAQ,EAAE,aAAa,EAAE,GAAG,wBAAwB,CAAC,IAAI,CAAC,CAAC;IACnE,MAAM,QAAQ,GAAG,aAAa,CAC3B,IAAI,CAAC,MAAkC,CAAC,IAAI,CAAC,EAC9C,MAAM,CACP,CAAC;IAEF,sEAAsE;IACtE,mEAAmE;IACnE,uEAAuE;IACvE,uEAAuE;IACvE,sEAAsE;IACtE,uEAAuE;IACvE,gEAAgE;IAChE,8DAA8D;IAC9D,MAAM,UAAU,GAAG,iBAAiB,CAAC,QAAQ,EAAE,KAAK,CAAC,UAAU,CAAC,CAAC;IACjE,IAAI,eAAe,GAAG,GAAG,CAAC;IAC1B,IAAI,YAAY,GAAqB,KAAK,CAAC;IAC3C,IAAI,UAAU,KAAK,IAAI,EAAE,CAAC;QACxB,MAAM,SAAS,GAAG,IAAI,CAAC,UAAU,CAAC,UAAU,CAAC;YAC3C,CAAC,CAAC,UAAU;YACZ,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,UAAU,CAAC,CAAC;QAClC,eAAe,GAAG,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;QAC1C,YAAY,GAAG,QAAQ,CAAC;IAC1B,CAAC;IACD,MAAM,EAAE,MAAM,EAAE,GAAG,iBAAiB,CAAC,eAAe,CAAC,CAAC;IAEtD,oEAAoE;IACpE,mEAAmE;IACnE,qEAAqE;IACrE,mEAAmE;IACnE,sEAAsE;IACtE,mEAAmE;IACnE,iDAAiD;IACjD,gEAAgE;IAChE,IAAI,MAAM,KAAK,EAAE,EAAE,CAAC;QAClB,MAAM,UAAU,GAAG,GAAG,YAAY,gFAAgF,CAAC;QACnH,IAAI,CAAC,UAAU,CAAC,CAAC;QACjB,OAAO,EAAE,QAAQ,EAAE,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,UAAU,EAAE,CAAC;IACrD,CAAC;IAED,IAAI,CAAC,aAAa,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;QACpC,MAAM,UAAU,GAAG,WAAW,MAAM,mCAAmC,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,aAAa,CAAC;QAC7G,IAAI,CAAC,UAAU,CAAC,CAAC;QACjB,OAAO,EAAE,QAAQ,EAAE,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,UAAU,EAAE,CAAC;IACrD,CAAC;IAED,gEAAgE;IAChE,IAAI,SAAS,KAAK,EAAE,EAAE,CAAC;QACrB,MAAM,MAAM,GAAG,kFAAkF,CAAC;QAClG,MAAM,UAAU,GAAG,WAAW,MAAM,EAAE,CAAC;QACvC,IAAI,CAAC,UAAU,CAAC,CAAC;QACjB,MAAM,CAAC,KAAK,CAAC,GAAG,SAAS,CAAC,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,aAAa,EAAE,QAAQ,EAAE,SAAS,CAAC,IAAI,CAAC,CAAC;QAC7F,OAAO,EAAE,QAAQ,EAAE,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,UAAU,EAAE,CAAC;IACpD,CAAC;IAED,MAAM,KAAK,GAAG,MAAM,WAAW,CAAC,QAAQ,EAAE,SAAS,EAAE,IAAI,CAAC,CAAC;IAC3D,IAAI,KAAK,CAAC,MAAM,EAAE,CAAC;QACjB,MAAM,UAAU,GAAG,wBAAwB,KAAK,CAAC,UAAU,IAAI,cAAc,aAAa,CAAC;QAC3F,IAAI,CAAC,UAAU,CAAC,CAAC;QACjB,OAAO,EAAE,QAAQ,EAAE,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,UAAU,EAAE,CAAC;IACrD,CAAC;IACD,IAAI,KAAK,CAAC,gBAAgB,EAAE,CAAC;QAC3B,MAAM,UAAU,GAAG,uBAAuB,KAAK,CAAC,oBAAoB,IAAI,wBAAwB,aAAa,CAAC;QAC9G,IAAI,CAAC,UAAU,CAAC,CAAC;QACjB,OAAO,EAAE,QAAQ,EAAE,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,UAAU,EAAE,CAAC;IACrD,CAAC;IAED,MAAM,GAAG,GACP,KAAK,CAAC,QAAQ,KAAK,IAAI;QACrB,CAAC,CAAC,oBAAoB,KAAK,CAAC,QAAQ,yBAAyB;QAC7D,CAAC,CAAC,YAAY,wBAAwB,SAAS,KAAK,CAAC,YAAY,4BAA4B,cAAc,WAAW,CAAC;IAC3H,MAAM,UAAU,GAAG,WAAW,GAAG,EAAE,CAAC;IACpC,IAAI,CAAC,UAAU,CAAC,CAAC;IACjB,MAAM,CAAC,KAAK,CAAC,GAAG,SAAS,CAAC,QAAQ,EAAE,MAAM,EAAE,GAAG,EAAE,aAAa,EAAE,QAAQ,EAAE,SAAS,CAAC,IAAI,CAAC,CAAC;IAC1F,OAAO,EAAE,QAAQ,EAAE,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,UAAU,EAAE,CAAC;AACpD,CAAC"}
|
|
@@ -3,16 +3,40 @@ import { type LoaderOptions } from "../loader.js";
|
|
|
3
3
|
export interface PackHookPostToolUseOptions extends LoaderOptions {
|
|
4
4
|
pack?: string;
|
|
5
5
|
generatedDir?: string;
|
|
6
|
+
/**
|
|
7
|
+
* Override the persisted-report directory. Defaults to
|
|
8
|
+
* `defaultReportsDir()` which honours `UNDERSTANDING_GATE_REPORT_DIR`
|
|
9
|
+
* (set by the pack's hook-command wrapper) or falls back to
|
|
10
|
+
* `<cwd>/.understanding-gate/reports`.
|
|
11
|
+
*/
|
|
12
|
+
reportsDir?: string;
|
|
6
13
|
stdin?: NodeJS.ReadableStream;
|
|
7
14
|
stderr?: NodeJS.WritableStream;
|
|
8
15
|
manifest?: Manifest;
|
|
16
|
+
/** Override "now" for deterministic tests. */
|
|
17
|
+
now?: Date;
|
|
9
18
|
}
|
|
10
19
|
export interface PackHookPostToolUseResult {
|
|
11
20
|
exitCode: number;
|
|
12
21
|
/** Did the just-completed tool match the expiry list? */
|
|
13
22
|
matchedExpiry: boolean;
|
|
14
|
-
/** Was the marker actually cleared (false if it was already absent). */
|
|
23
|
+
/** Was the session marker actually cleared (false if it was already absent). */
|
|
15
24
|
markerCleared: boolean;
|
|
25
|
+
/**
|
|
26
|
+
* Was a task-scoped marker also cleared (harness/1ee26e77)? Only set
|
|
27
|
+
* when the matched tool was an agent-tasks task-transition verb AND
|
|
28
|
+
* `tool_input.taskId` was present in the event, AND a marker existed
|
|
29
|
+
* for that task id. False otherwise. Independent of markerCleared.
|
|
30
|
+
*/
|
|
31
|
+
taskMarkerCleared: boolean;
|
|
32
|
+
/**
|
|
33
|
+
* Was the persisted report (`.understanding-gate/reports/...json`)
|
|
34
|
+
* flipped from `approved` to `expired`? Closes the silent re-approval
|
|
35
|
+
* bypass that pre-this-fix existed since PR #172: the marker was
|
|
36
|
+
* deleted on task_finish but the persisted-report fallback still
|
|
37
|
+
* satisfied the gate.
|
|
38
|
+
*/
|
|
39
|
+
persistedReportExpired: boolean;
|
|
16
40
|
/** Diagnostic line emitted to stderr. */
|
|
17
41
|
diagnostic: string;
|
|
18
42
|
}
|
|
@@ -21,7 +21,7 @@
|
|
|
21
21
|
// persists past the intended boundary, which degrades to the legacy
|
|
22
22
|
// per-session contract.
|
|
23
23
|
import { existsSync } from "node:fs";
|
|
24
|
-
import { approvalMarkerPathFor, clearApprovalMarker, parseApprovalLifecycle, } from "../../policy-packs/builtin/understanding-before-execution-runtime.js";
|
|
24
|
+
import { approvalMarkerPathFor, clearApprovalMarker, clearTaskApprovalMarker, defaultReportsDir, expirePersistedReport, parseApprovalLifecycle, taskApprovalMarkerPathFor, } from "../../policy-packs/builtin/understanding-before-execution-runtime.js";
|
|
25
25
|
import { resolveGeneratedDir } from "../../runtime/pending-approval.js";
|
|
26
26
|
import { loadManifest } from "../loader.js";
|
|
27
27
|
const PACK_NAME = "understanding-before-execution";
|
|
@@ -38,8 +38,7 @@ async function readStdin(stream) {
|
|
|
38
38
|
}
|
|
39
39
|
// Match a tool name against one of the patterns. The pattern is a plain
|
|
40
40
|
// tool name like `mcp__agent-tasks__task_finish`; wildcard expansion is
|
|
41
|
-
// deliberately not supported in v1 so operators write what they mean
|
|
42
|
-
// (a future `Bash(gh pr merge*)`-style shape can layer in later).
|
|
41
|
+
// deliberately not supported in v1 so operators write what they mean.
|
|
43
42
|
function toolMatches(toolName, patterns) {
|
|
44
43
|
for (const p of patterns) {
|
|
45
44
|
if (p === toolName)
|
|
@@ -47,9 +46,52 @@ function toolMatches(toolName, patterns) {
|
|
|
47
46
|
}
|
|
48
47
|
return false;
|
|
49
48
|
}
|
|
49
|
+
// Match a Bash tool_input.command against the operator's regex list.
|
|
50
|
+
// Patterns are pre-compiled by parseApprovalLifecycle, so invalid
|
|
51
|
+
// regexes were dropped (with a warning) at parse time and we just
|
|
52
|
+
// iterate here. Empty / missing command short-circuits to false.
|
|
53
|
+
function bashCommandMatches(command, patterns) {
|
|
54
|
+
if (command === "")
|
|
55
|
+
return undefined;
|
|
56
|
+
for (const re of patterns) {
|
|
57
|
+
if (re.test(command))
|
|
58
|
+
return re;
|
|
59
|
+
}
|
|
60
|
+
return undefined;
|
|
61
|
+
}
|
|
62
|
+
function extractBashCommand(toolInput) {
|
|
63
|
+
if (typeof toolInput !== "object" ||
|
|
64
|
+
toolInput === null ||
|
|
65
|
+
Array.isArray(toolInput)) {
|
|
66
|
+
return "";
|
|
67
|
+
}
|
|
68
|
+
const command = toolInput["command"];
|
|
69
|
+
return typeof command === "string" ? command : "";
|
|
70
|
+
}
|
|
71
|
+
// Pull `taskId` out of an MCP tool_input payload. agent-tasks verbs that
|
|
72
|
+
// mark a task boundary (`task_finish`, `task_abandon`, etc.) carry the
|
|
73
|
+
// taskId as a top-level string field. When present, the post-tool-use
|
|
74
|
+
// hook also clears the corresponding task-scoped approval marker
|
|
75
|
+
// (harness/1ee26e77). Returns "" when absent / malformed.
|
|
76
|
+
function extractTaskId(toolInput) {
|
|
77
|
+
if (typeof toolInput !== "object" ||
|
|
78
|
+
toolInput === null ||
|
|
79
|
+
Array.isArray(toolInput)) {
|
|
80
|
+
return "";
|
|
81
|
+
}
|
|
82
|
+
const tid = toolInput["taskId"];
|
|
83
|
+
return typeof tid === "string" ? tid : "";
|
|
84
|
+
}
|
|
50
85
|
function noop(diagnostic, stderr) {
|
|
51
86
|
stderr.write(`${diagnostic}\n`);
|
|
52
|
-
return {
|
|
87
|
+
return {
|
|
88
|
+
exitCode: 0,
|
|
89
|
+
matchedExpiry: false,
|
|
90
|
+
markerCleared: false,
|
|
91
|
+
taskMarkerCleared: false,
|
|
92
|
+
persistedReportExpired: false,
|
|
93
|
+
diagnostic,
|
|
94
|
+
};
|
|
53
95
|
}
|
|
54
96
|
export async function runPackHookPostToolUseCli(opts = {}) {
|
|
55
97
|
const stdin = opts.stdin ?? process.stdin;
|
|
@@ -93,11 +135,24 @@ export async function runPackHookPostToolUseCli(opts = {}) {
|
|
|
93
135
|
return noop(`harness pack hook post-tool-use: pack "${packName}" is enabled:false, skipping`, stderr);
|
|
94
136
|
}
|
|
95
137
|
const lifecycle = parseApprovalLifecycle(declared.config["approval_lifecycle"], stderr);
|
|
96
|
-
if (lifecycle.legacyMode
|
|
97
|
-
return noop(`harness pack hook post-tool-use:
|
|
138
|
+
if (lifecycle.legacyMode) {
|
|
139
|
+
return noop(`harness pack hook post-tool-use: legacy-session mode, skipping`, stderr);
|
|
98
140
|
}
|
|
99
|
-
|
|
100
|
-
|
|
141
|
+
const noBoundariesConfigured = lifecycle.expireOnToolMatch.length === 0 && lifecycle.expireOnBashMatch.length === 0;
|
|
142
|
+
if (noBoundariesConfigured) {
|
|
143
|
+
return noop(`harness pack hook post-tool-use: no expire_on_tool_match or expire_on_bash_match configured, skipping`, stderr);
|
|
144
|
+
}
|
|
145
|
+
const toolNameMatched = toolMatches(toolName, lifecycle.expireOnToolMatch);
|
|
146
|
+
// Bash check only runs when the event is actually a Bash call; an MCP
|
|
147
|
+
// tool whose name happens to match a regex is not a Bash boundary.
|
|
148
|
+
const bashRegex = toolName === "Bash"
|
|
149
|
+
? bashCommandMatches(extractBashCommand(event.tool_input), lifecycle.expireOnBashMatch)
|
|
150
|
+
: undefined;
|
|
151
|
+
if (!toolNameMatched && bashRegex === undefined) {
|
|
152
|
+
const detail = toolName === "Bash"
|
|
153
|
+
? `Bash command did not match any expire_on_bash_match regex`
|
|
154
|
+
: `tool ${toolName} not in expire_on_tool_match`;
|
|
155
|
+
return noop(`harness pack hook post-tool-use: ${detail}, skipping`, stderr);
|
|
101
156
|
}
|
|
102
157
|
const generatedDir = opts.generatedDir ??
|
|
103
158
|
(manifestPath !== undefined
|
|
@@ -117,14 +172,52 @@ export async function runPackHookPostToolUseCli(opts = {}) {
|
|
|
117
172
|
const markerPath = approvalMarkerPathFor(generatedDir, sessionId);
|
|
118
173
|
const wasPresent = existsSync(markerPath);
|
|
119
174
|
clearApprovalMarker(generatedDir, sessionId);
|
|
175
|
+
// Task-scoped marker cleanup (harness/1ee26e77). Only when the
|
|
176
|
+
// matched tool is an MCP task-transition verb whose tool_input.taskId
|
|
177
|
+
// names a specific task; Bash regex boundaries don't carry a taskId
|
|
178
|
+
// by design.
|
|
179
|
+
let taskMarkerCleared = false;
|
|
180
|
+
let clearedTaskId = "";
|
|
181
|
+
if (toolNameMatched) {
|
|
182
|
+
const taskId = extractTaskId(event.tool_input);
|
|
183
|
+
if (taskId !== "") {
|
|
184
|
+
const taskMarkerPath = taskApprovalMarkerPathFor(generatedDir, taskId);
|
|
185
|
+
if (existsSync(taskMarkerPath)) {
|
|
186
|
+
clearTaskApprovalMarker(generatedDir, taskId);
|
|
187
|
+
taskMarkerCleared = true;
|
|
188
|
+
clearedTaskId = taskId;
|
|
189
|
+
}
|
|
190
|
+
}
|
|
191
|
+
}
|
|
192
|
+
// Persisted-report expiry (harness/1ee26e77 follow-up). Closes the
|
|
193
|
+
// silent bypass that existed since PR #172: marker-deletion alone
|
|
194
|
+
// did not invalidate the persisted-report fallback the gate consults
|
|
195
|
+
// when the marker is absent, so the next Edit/Write/Bash silently
|
|
196
|
+
// re-approved via the report even though the marker had just been
|
|
197
|
+
// expired. Best-effort; a missing reports dir or unrelated read
|
|
198
|
+
// failure is logged but does not break the hook.
|
|
199
|
+
const reportsDir = opts.reportsDir ?? defaultReportsDir();
|
|
200
|
+
const reportExpiry = expirePersistedReport(reportsDir, sessionId, opts.now);
|
|
201
|
+
const persistedReportExpired = reportExpiry.ok;
|
|
202
|
+
const matchSource = bashRegex !== undefined
|
|
203
|
+
? `bash regex /${bashRegex.source}/`
|
|
204
|
+
: `tool name`;
|
|
205
|
+
const taskNote = taskMarkerCleared
|
|
206
|
+
? `; also cleared task marker for task ${clearedTaskId}`
|
|
207
|
+
: "";
|
|
208
|
+
const reportNote = reportExpiry.ok
|
|
209
|
+
? `; expired persisted report ${reportExpiry.filePath}`
|
|
210
|
+
: `; persisted-report expiry skipped (${reportExpiry.reason})`;
|
|
120
211
|
const diagnostic = wasPresent
|
|
121
|
-
? `harness pack hook post-tool-use: expired approval marker for session ${sessionId} after ${toolName}`
|
|
122
|
-
: `harness pack hook post-tool-use: ${toolName} matched
|
|
212
|
+
? `harness pack hook post-tool-use: expired approval marker for session ${sessionId} after ${toolName} (${matchSource})${taskNote}${reportNote}`
|
|
213
|
+
: `harness pack hook post-tool-use: ${toolName} matched ${matchSource} but no marker present for session ${sessionId}${taskNote}${reportNote}`;
|
|
123
214
|
stderr.write(`${diagnostic}\n`);
|
|
124
215
|
return {
|
|
125
216
|
exitCode: 0,
|
|
126
217
|
matchedExpiry: true,
|
|
127
218
|
markerCleared: wasPresent,
|
|
219
|
+
taskMarkerCleared,
|
|
220
|
+
persistedReportExpired,
|
|
128
221
|
diagnostic,
|
|
129
222
|
};
|
|
130
223
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"hook-post-tool-use.js","sourceRoot":"","sources":["../../../src/cli/pack/hook-post-tool-use.ts"],"names":[],"mappings":"AAAA,mFAAmF;AACnF,EAAE;AACF,yEAAyE;AACzE,wEAAwE;AACxE,sEAAsE;AACtE,mEAAmE;AACnE,oDAAoD;AACpD,EAAE;AACF,qEAAqE;AACrE,wEAAwE;AACxE,sEAAsE;AACtE,wEAAwE;AACxE,qEAAqE;AACrE,sEAAsE;AACtE,2EAA2E;AAC3E,qEAAqE;AACrE,EAAE;AACF,qEAAqE;AACrE,uEAAuE;AACvE,qEAAqE;AACrE,oEAAoE;AACpE,wBAAwB;AAExB,OAAO,EAAE,UAAU,EAAE,MAAM,SAAS,CAAC;AACrC,OAAO,EACL,qBAAqB,EACrB,mBAAmB,EACnB,sBAAsB,
|
|
1
|
+
{"version":3,"file":"hook-post-tool-use.js","sourceRoot":"","sources":["../../../src/cli/pack/hook-post-tool-use.ts"],"names":[],"mappings":"AAAA,mFAAmF;AACnF,EAAE;AACF,yEAAyE;AACzE,wEAAwE;AACxE,sEAAsE;AACtE,mEAAmE;AACnE,oDAAoD;AACpD,EAAE;AACF,qEAAqE;AACrE,wEAAwE;AACxE,sEAAsE;AACtE,wEAAwE;AACxE,qEAAqE;AACrE,sEAAsE;AACtE,2EAA2E;AAC3E,qEAAqE;AACrE,EAAE;AACF,qEAAqE;AACrE,uEAAuE;AACvE,qEAAqE;AACrE,oEAAoE;AACpE,wBAAwB;AAExB,OAAO,EAAE,UAAU,EAAE,MAAM,SAAS,CAAC;AACrC,OAAO,EACL,qBAAqB,EACrB,mBAAmB,EACnB,uBAAuB,EACvB,iBAAiB,EACjB,qBAAqB,EACrB,sBAAsB,EACtB,yBAAyB,GAC1B,MAAM,sEAAsE,CAAC;AAC9E,OAAO,EAAE,mBAAmB,EAAE,MAAM,mCAAmC,CAAC;AAExE,OAAO,EAAE,YAAY,EAAsB,MAAM,cAAc,CAAC;AAEhE,MAAM,SAAS,GAAG,gCAAgC,CAAC;AAkDnD,KAAK,UAAU,SAAS,CAAC,MAA6B;IACpD,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;QACrC,IAAI,IAAI,GAAG,EAAE,CAAC;QACd,MAAM,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC;QAC3B,MAAM,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,KAAa,EAAE,EAAE;YAClC,IAAI,IAAI,KAAK,CAAC;QAChB,CAAC,CAAC,CAAC;QACH,MAAM,CAAC,EAAE,CAAC,KAAK,EAAE,GAAG,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC;QACtC,MAAM,CAAC,EAAE,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;IAC7B,CAAC,CAAC,CAAC;AACL,CAAC;AAED,wEAAwE;AACxE,wEAAwE;AACxE,sEAAsE;AACtE,SAAS,WAAW,CAAC,QAAgB,EAAE,QAA2B;IAChE,KAAK,MAAM,CAAC,IAAI,QAAQ,EAAE,CAAC;QACzB,IAAI,CAAC,KAAK,QAAQ;YAAE,OAAO,IAAI,CAAC;IAClC,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,qEAAqE;AACrE,kEAAkE;AAClE,kEAAkE;AAClE,iEAAiE;AACjE,SAAS,kBAAkB,CAAC,OAAe,EAAE,QAA2B;IACtE,IAAI,OAAO,KAAK,EAAE;QAAE,OAAO,SAAS,CAAC;IACrC,KAAK,MAAM,EAAE,IAAI,QAAQ,EAAE,CAAC;QAC1B,IAAI,EAAE,CAAC,IAAI,CAAC,OAAO,CAAC;YAAE,OAAO,EAAE,CAAC;IAClC,CAAC;IACD,OAAO,SAAS,CAAC;AACnB,CAAC;AAED,SAAS,kBAAkB,CAAC,SAAkB;IAC5C,IACE,OAAO,SAAS,KAAK,QAAQ;QAC7B,SAAS,KAAK,IAAI;QAClB,KAAK,CAAC,OAAO,CAAC,SAAS,CAAC,EACxB,CAAC;QACD,OAAO,EAAE,CAAC;IACZ,CAAC;IACD,MAAM,OAAO,GAAI,SAAqC,CAAC,SAAS,CAAC,CAAC;IAClE,OAAO,OAAO,OAAO,KAAK,QAAQ,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,CAAC;AACpD,CAAC;AAED,yEAAyE;AACzE,uEAAuE;AACvE,sEAAsE;AACtE,iEAAiE;AACjE,0DAA0D;AAC1D,SAAS,aAAa,CAAC,SAAkB;IACvC,IACE,OAAO,SAAS,KAAK,QAAQ;QAC7B,SAAS,KAAK,IAAI;QAClB,KAAK,CAAC,OAAO,CAAC,SAAS,CAAC,EACxB,CAAC;QACD,OAAO,EAAE,CAAC;IACZ,CAAC;IACD,MAAM,GAAG,GAAI,SAAqC,CAAC,QAAQ,CAAC,CAAC;IAC7D,OAAO,OAAO,GAAG,KAAK,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC;AAC5C,CAAC;AAED,SAAS,IAAI,CACX,UAAkB,EAClB,MAA6B;IAE7B,MAAM,CAAC,KAAK,CAAC,GAAG,UAAU,IAAI,CAAC,CAAC;IAChC,OAAO;QACL,QAAQ,EAAE,CAAC;QACX,aAAa,EAAE,KAAK;QACpB,aAAa,EAAE,KAAK;QACpB,iBAAiB,EAAE,KAAK;QACxB,sBAAsB,EAAE,KAAK;QAC7B,UAAU;KACX,CAAC;AACJ,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,yBAAyB,CAC7C,OAAmC,EAAE;IAErC,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,IAAI,OAAO,CAAC,KAAK,CAAC;IAC1C,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,IAAI,OAAO,CAAC,MAAM,CAAC;IAC7C,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,IAAI,SAAS,CAAC;IAExC,MAAM,GAAG,GAAG,MAAM,SAAS,CAAC,KAAK,CAAC,CAAC;IACnC,IAAI,KAAK,GAAkB,EAAE,CAAC;IAC9B,IAAI,CAAC;QACH,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,IAAI,EAAE,IAAI,IAAI,CAAkB,CAAC;IAC1D,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CACT,+EAA+E,EAC/E,MAAM,CACP,CAAC;IACJ,CAAC;IAED,MAAM,SAAS,GACb,CAAC,OAAO,KAAK,CAAC,UAAU,KAAK,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC,CAAC,SAAS,CAAC;QACrE,OAAO,CAAC,GAAG,CAAC,iBAAiB;QAC7B,EAAE,CAAC;IACL,MAAM,QAAQ,GAAG,OAAO,KAAK,CAAC,SAAS,KAAK,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC,CAAC,EAAE,CAAC;IAC5E,IAAI,SAAS,KAAK,EAAE,IAAI,QAAQ,KAAK,EAAE,EAAE,CAAC;QACxC,OAAO,IAAI,CACT,wDAAwD,SAAS,KAAK,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,mBAAmB,QAAQ,KAAK,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,aAAa,EAC3J,MAAM,CACP,CAAC;IACJ,CAAC;IAED,IAAI,QAAkB,CAAC;IACvB,IAAI,YAAgC,CAAC;IACrC,IAAI,CAAC;QACH,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;YAClB,QAAQ,GAAG,IAAI,CAAC,QAAQ,CAAC;QAC3B,CAAC;aAAM,CAAC;YACN,MAAM,MAAM,GAAG,YAAY,CAAC,IAAI,CAAC,CAAC;YAClC,QAAQ,GAAG,MAAM,CAAC,QAAQ,CAAC;YAC3B,YAAY,GAAG,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC;QACtC,CAAC;IACH,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,OAAO,IAAI,CACT,0DAA2D,GAAa,CAAC,OAAO,aAAa,EAC7F,MAAM,CACP,CAAC;IACJ,CAAC;IAED,MAAM,QAAQ,GAAG,QAAQ,CAAC,YAAY,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,QAAQ,CAAC,CAAC;IACxE,IAAI,CAAC,QAAQ,EAAE,CAAC;QACd,OAAO,IAAI,CACT,0CAA0C,QAAQ,sCAAsC,EACxF,MAAM,CACP,CAAC;IACJ,CAAC;IACD,IAAI,CAAC,QAAQ,CAAC,OAAO,EAAE,CAAC;QACtB,OAAO,IAAI,CACT,0CAA0C,QAAQ,8BAA8B,EAChF,MAAM,CACP,CAAC;IACJ,CAAC;IAED,MAAM,SAAS,GAAG,sBAAsB,CACrC,QAAQ,CAAC,MAAkC,CAAC,oBAAoB,CAAC,EAClE,MAAM,CACP,CAAC;IACF,IAAI,SAAS,CAAC,UAAU,EAAE,CAAC;QACzB,OAAO,IAAI,CACT,gEAAgE,EAChE,MAAM,CACP,CAAC;IACJ,CAAC;IACD,MAAM,sBAAsB,GAC1B,SAAS,CAAC,iBAAiB,CAAC,MAAM,KAAK,CAAC,IAAI,SAAS,CAAC,iBAAiB,CAAC,MAAM,KAAK,CAAC,CAAC;IACvF,IAAI,sBAAsB,EAAE,CAAC;QAC3B,OAAO,IAAI,CACT,uGAAuG,EACvG,MAAM,CACP,CAAC;IACJ,CAAC;IAED,MAAM,eAAe,GAAG,WAAW,CAAC,QAAQ,EAAE,SAAS,CAAC,iBAAiB,CAAC,CAAC;IAC3E,sEAAsE;IACtE,mEAAmE;IACnE,MAAM,SAAS,GACb,QAAQ,KAAK,MAAM;QACjB,CAAC,CAAC,kBAAkB,CAAC,kBAAkB,CAAC,KAAK,CAAC,UAAU,CAAC,EAAE,SAAS,CAAC,iBAAiB,CAAC;QACvF,CAAC,CAAC,SAAS,CAAC;IAChB,IAAI,CAAC,eAAe,IAAI,SAAS,KAAK,SAAS,EAAE,CAAC;QAChD,MAAM,MAAM,GACV,QAAQ,KAAK,MAAM;YACjB,CAAC,CAAC,2DAA2D;YAC7D,CAAC,CAAC,QAAQ,QAAQ,8BAA8B,CAAC;QACrD,OAAO,IAAI,CACT,oCAAoC,MAAM,YAAY,EACtD,MAAM,CACP,CAAC;IACJ,CAAC;IAED,MAAM,YAAY,GAChB,IAAI,CAAC,YAAY;QACjB,CAAC,YAAY,KAAK,SAAS;YACzB,CAAC,CAAC,mBAAmB,CAAC;gBAClB,GAAG,CAAC,IAAI,CAAC,OAAO,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,OAAO,EAAE,IAAI,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;gBAChE,YAAY;aACb,CAAC;YACJ,CAAC,CAAC,SAAS,CAAC,CAAC;IACjB,IAAI,YAAY,KAAK,SAAS,EAAE,CAAC;QAC/B,OAAO,IAAI,CACT,oFAAoF,EACpF,MAAM,CACP,CAAC;IACJ,CAAC;IAED,qEAAqE;IACrE,oEAAoE;IACpE,4DAA4D;IAC5D,iEAAiE;IACjE,+DAA+D;IAC/D,MAAM,UAAU,GAAG,qBAAqB,CAAC,YAAY,EAAE,SAAS,CAAC,CAAC;IAClE,MAAM,UAAU,GAAG,UAAU,CAAC,UAAU,CAAC,CAAC;IAC1C,mBAAmB,CAAC,YAAY,EAAE,SAAS,CAAC,CAAC;IAE7C,+DAA+D;IAC/D,sEAAsE;IACtE,oEAAoE;IACpE,aAAa;IACb,IAAI,iBAAiB,GAAG,KAAK,CAAC;IAC9B,IAAI,aAAa,GAAG,EAAE,CAAC;IACvB,IAAI,eAAe,EAAE,CAAC;QACpB,MAAM,MAAM,GAAG,aAAa,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC;QAC/C,IAAI,MAAM,KAAK,EAAE,EAAE,CAAC;YAClB,MAAM,cAAc,GAAG,yBAAyB,CAAC,YAAY,EAAE,MAAM,CAAC,CAAC;YACvE,IAAI,UAAU,CAAC,cAAc,CAAC,EAAE,CAAC;gBAC/B,uBAAuB,CAAC,YAAY,EAAE,MAAM,CAAC,CAAC;gBAC9C,iBAAiB,GAAG,IAAI,CAAC;gBACzB,aAAa,GAAG,MAAM,CAAC;YACzB,CAAC;QACH,CAAC;IACH,CAAC;IAED,mEAAmE;IACnE,kEAAkE;IAClE,qEAAqE;IACrE,kEAAkE;IAClE,kEAAkE;IAClE,gEAAgE;IAChE,iDAAiD;IACjD,MAAM,UAAU,GAAG,IAAI,CAAC,UAAU,IAAI,iBAAiB,EAAE,CAAC;IAC1D,MAAM,YAAY,GAAG,qBAAqB,CAAC,UAAU,EAAE,SAAS,EAAE,IAAI,CAAC,GAAG,CAAC,CAAC;IAC5E,MAAM,sBAAsB,GAAG,YAAY,CAAC,EAAE,CAAC;IAE/C,MAAM,WAAW,GAAG,SAAS,KAAK,SAAS;QACzC,CAAC,CAAC,eAAe,SAAS,CAAC,MAAM,GAAG;QACpC,CAAC,CAAC,WAAW,CAAC;IAChB,MAAM,QAAQ,GAAG,iBAAiB;QAChC,CAAC,CAAC,uCAAuC,aAAa,EAAE;QACxD,CAAC,CAAC,EAAE,CAAC;IACP,MAAM,UAAU,GAAG,YAAY,CAAC,EAAE;QAChC,CAAC,CAAC,8BAA8B,YAAY,CAAC,QAAQ,EAAE;QACvD,CAAC,CAAC,sCAAsC,YAAY,CAAC,MAAM,GAAG,CAAC;IACjE,MAAM,UAAU,GAAG,UAAU;QAC3B,CAAC,CAAC,wEAAwE,SAAS,UAAU,QAAQ,KAAK,WAAW,IAAI,QAAQ,GAAG,UAAU,EAAE;QAChJ,CAAC,CAAC,oCAAoC,QAAQ,YAAY,WAAW,sCAAsC,SAAS,GAAG,QAAQ,GAAG,UAAU,EAAE,CAAC;IACjJ,MAAM,CAAC,KAAK,CAAC,GAAG,UAAU,IAAI,CAAC,CAAC;IAChC,OAAO;QACL,QAAQ,EAAE,CAAC;QACX,aAAa,EAAE,IAAI;QACnB,aAAa,EAAE,UAAU;QACzB,iBAAiB;QACjB,sBAAsB;QACtB,UAAU;KACX,CAAC;AACJ,CAAC"}
|
|
@@ -22,7 +22,7 @@
|
|
|
22
22
|
// (Phase 4 #6) surfaces the runtime audit trail when configured.
|
|
23
23
|
import { queryLedgerByTag, } from "../../policies/index.js";
|
|
24
24
|
import { renderProducers } from "../../policies/producers.js";
|
|
25
|
-
import { checkApprovalMarker, checkPersistedReport, defaultReportsDir, matchLedgerEntries, parseApprovalLifecycle, } from "../../policy-packs/builtin/understanding-before-execution-runtime.js";
|
|
25
|
+
import { checkAnyTaskApprovalMarker, checkApprovalMarker, checkPersistedReport, defaultReportsDir, matchLedgerEntries, parseApprovalLifecycle, } from "../../policy-packs/builtin/understanding-before-execution-runtime.js";
|
|
26
26
|
import { resolveGeneratedDir, writePendingApproval, } from "../../runtime/pending-approval.js";
|
|
27
27
|
import { PolicyUxSchema, ProducerSchema, } from "../../schema/index.js";
|
|
28
28
|
import { renderAgentFacing } from "../../runtime/agent-facing.js";
|
|
@@ -294,9 +294,30 @@ export async function runPackHookPreToolUseCli(opts = {}) {
|
|
|
294
294
|
// manifest without a resolved path: only happens in tests).
|
|
295
295
|
if (generatedDir !== undefined) {
|
|
296
296
|
const lifecycle = parseApprovalLifecycle(declared.config["approval_lifecycle"], stderr);
|
|
297
|
-
const
|
|
298
|
-
|
|
299
|
-
|
|
297
|
+
const ageOpts = lifecycle.maxAgeMs !== undefined
|
|
298
|
+
? { maxAgeMs: lifecycle.maxAgeMs }
|
|
299
|
+
: {};
|
|
300
|
+
// Source 1a: task-scoped marker (harness/1ee26e77). Any fresh
|
|
301
|
+
// `.approvals/task-<id>` marker satisfies the gate, regardless of
|
|
302
|
+
// which session approved it. This is the design-intent target for
|
|
303
|
+
// multi-task sessions; the operator opts in by passing `--task <id>`
|
|
304
|
+
// to `harness approve understanding`. When no task markers exist
|
|
305
|
+
// (operator never used --task, or all markers expired), the gate
|
|
306
|
+
// falls through to the session marker below — preserving the legacy
|
|
307
|
+
// contract for solo workflows.
|
|
308
|
+
const taskMarker = checkAnyTaskApprovalMarker(generatedDir, ageOpts);
|
|
309
|
+
if (taskMarker.matched) {
|
|
310
|
+
const diagnostic = `harness pack hook: ${taskMarker.detail}, allowing.`;
|
|
311
|
+
stderr.write(`${diagnostic}\n`);
|
|
312
|
+
return {
|
|
313
|
+
exitCode: 0,
|
|
314
|
+
blocked: false,
|
|
315
|
+
approvalCheck: { approved: true, source: "marker", detail: taskMarker.detail },
|
|
316
|
+
diagnostic,
|
|
317
|
+
};
|
|
318
|
+
}
|
|
319
|
+
// Source 1b: session-scoped marker (legacy / fallback).
|
|
320
|
+
const marker = checkApprovalMarker(generatedDir, sessionId, ageOpts);
|
|
300
321
|
if (marker.matched) {
|
|
301
322
|
const diagnostic = `harness pack hook: ${marker.detail}, allowing.`;
|
|
302
323
|
stderr.write(`${diagnostic}\n`);
|