@lannguyensi/harness 0.25.1 → 0.26.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (68) hide show
  1. package/CHANGELOG.md +30 -0
  2. package/dist/cli/apply/apply.d.ts +11 -0
  3. package/dist/cli/apply/apply.js +11 -0
  4. package/dist/cli/apply/apply.js.map +1 -1
  5. package/dist/cli/event-input.d.ts +28 -0
  6. package/dist/cli/event-input.js +72 -0
  7. package/dist/cli/event-input.js.map +1 -0
  8. package/dist/cli/explain-action.d.ts +20 -0
  9. package/dist/cli/explain-action.js +27 -0
  10. package/dist/cli/explain-action.js.map +1 -0
  11. package/dist/cli/index.js +76 -10
  12. package/dist/cli/index.js.map +1 -1
  13. package/dist/cli/init/interactive.js +10 -3
  14. package/dist/cli/init/interactive.js.map +1 -1
  15. package/dist/cli/pack/hook-branch-protection.js +1 -1
  16. package/dist/cli/pack/hook-branch-protection.js.map +1 -1
  17. package/dist/cli/pack/hook-codex-pre-tool-use.js +1 -1
  18. package/dist/cli/pack/hook-codex-pre-tool-use.js.map +1 -1
  19. package/dist/cli/pack/hook-post-tool-use.js +1 -1
  20. package/dist/cli/pack/hook-post-tool-use.js.map +1 -1
  21. package/dist/cli/pack/hook-pre-tool-use.d.ts +8 -0
  22. package/dist/cli/pack/hook-pre-tool-use.js +3 -1
  23. package/dist/cli/pack/hook-pre-tool-use.js.map +1 -1
  24. package/dist/cli/pack/hook-track-active-claim.js +1 -1
  25. package/dist/cli/pack/hook-track-active-claim.js.map +1 -1
  26. package/dist/cli/{pack/pause-check.d.ts → pause-check.d.ts} +1 -1
  27. package/dist/cli/{pack/pause-check.js → pause-check.js} +14 -11
  28. package/dist/cli/pause-check.js.map +1 -0
  29. package/dist/cli/policy/intercept.d.ts +5 -0
  30. package/dist/cli/policy/intercept.js +21 -0
  31. package/dist/cli/policy/intercept.js.map +1 -1
  32. package/dist/cli/resolve-env.d.ts +32 -0
  33. package/dist/cli/resolve-env.js +47 -0
  34. package/dist/cli/resolve-env.js.map +1 -0
  35. package/dist/cli/test-risk.d.ts +26 -0
  36. package/dist/cli/test-risk.js +34 -0
  37. package/dist/cli/test-risk.js.map +1 -0
  38. package/dist/runtime/action-envelope.d.ts +64 -0
  39. package/dist/runtime/action-envelope.js +46 -0
  40. package/dist/runtime/action-envelope.js.map +1 -0
  41. package/dist/runtime/environment-resolver.d.ts +36 -0
  42. package/dist/runtime/environment-resolver.js +138 -0
  43. package/dist/runtime/environment-resolver.js.map +1 -0
  44. package/dist/runtime/home-dir.js +1 -1
  45. package/dist/runtime/home-dir.js.map +1 -1
  46. package/dist/runtime/index.d.ts +4 -0
  47. package/dist/runtime/index.js +4 -0
  48. package/dist/runtime/index.js.map +1 -1
  49. package/dist/runtime/kube-context.d.ts +16 -0
  50. package/dist/runtime/kube-context.js +63 -0
  51. package/dist/runtime/kube-context.js.map +1 -0
  52. package/dist/runtime/risk-classifier.d.ts +38 -0
  53. package/dist/runtime/risk-classifier.js +121 -0
  54. package/dist/runtime/risk-classifier.js.map +1 -0
  55. package/dist/schema/environments.d.ts +215 -0
  56. package/dist/schema/environments.js +101 -0
  57. package/dist/schema/environments.js.map +1 -0
  58. package/dist/schema/index.d.ts +408 -0
  59. package/dist/schema/index.js +8 -0
  60. package/dist/schema/index.js.map +1 -1
  61. package/dist/schema/policies.d.ts +139 -0
  62. package/dist/schema/policies.js +39 -0
  63. package/dist/schema/policies.js.map +1 -1
  64. package/dist/schema/risk.d.ts +131 -0
  65. package/dist/schema/risk.js +87 -0
  66. package/dist/schema/risk.js.map +1 -0
  67. package/package.json +1 -1
  68. package/dist/cli/pack/pause-check.js.map +0 -1
package/dist/schema/index.d.ts CHANGED
@@ -568,6 +568,32 @@ export declare const ManifestSchema: z.ZodEffects<z.ZodObject<{
568
568
  required: string[];
569
569
  run: string[];
570
570
  }>>;
571
+ when: z.ZodOptional<z.ZodEffects<z.ZodObject<{
572
+ "risk.severity_at_least": z.ZodOptional<z.ZodEnum<["low", "medium", "high", "critical"]>>;
573
+ "risk.category_in": z.ZodOptional<z.ZodArray<z.ZodEnum<["destructive", "data_loss", "production_mutation", "credential_access", "secret_exfiltration", "network_exfiltration", "deployment_change", "infrastructure_change", "privilege_escalation", "irreversible_action", "mass_update"]>, "many">>;
574
+ "environment.name": z.ZodOptional<z.ZodEnum<["production", "staging", "dev", "local", "unknown"]>>;
575
+ "action.reversible": z.ZodOptional<z.ZodBoolean>;
576
+ }, "strict", z.ZodTypeAny, {
577
+ "risk.severity_at_least"?: "low" | "medium" | "high" | "critical" | undefined;
578
+ "risk.category_in"?: ("destructive" | "data_loss" | "production_mutation" | "credential_access" | "secret_exfiltration" | "network_exfiltration" | "deployment_change" | "infrastructure_change" | "privilege_escalation" | "irreversible_action" | "mass_update")[] | undefined;
579
+ "environment.name"?: "production" | "staging" | "dev" | "local" | "unknown" | undefined;
580
+ "action.reversible"?: boolean | undefined;
581
+ }, {
582
+ "risk.severity_at_least"?: "low" | "medium" | "high" | "critical" | undefined;
583
+ "risk.category_in"?: ("destructive" | "data_loss" | "production_mutation" | "credential_access" | "secret_exfiltration" | "network_exfiltration" | "deployment_change" | "infrastructure_change" | "privilege_escalation" | "irreversible_action" | "mass_update")[] | undefined;
584
+ "environment.name"?: "production" | "staging" | "dev" | "local" | "unknown" | undefined;
585
+ "action.reversible"?: boolean | undefined;
586
+ }>, {
587
+ "risk.severity_at_least"?: "low" | "medium" | "high" | "critical" | undefined;
588
+ "risk.category_in"?: ("destructive" | "data_loss" | "production_mutation" | "credential_access" | "secret_exfiltration" | "network_exfiltration" | "deployment_change" | "infrastructure_change" | "privilege_escalation" | "irreversible_action" | "mass_update")[] | undefined;
589
+ "environment.name"?: "production" | "staging" | "dev" | "local" | "unknown" | undefined;
590
+ "action.reversible"?: boolean | undefined;
591
+ }, {
592
+ "risk.severity_at_least"?: "low" | "medium" | "high" | "critical" | undefined;
593
+ "risk.category_in"?: ("destructive" | "data_loss" | "production_mutation" | "credential_access" | "secret_exfiltration" | "network_exfiltration" | "deployment_change" | "infrastructure_change" | "privilege_escalation" | "irreversible_action" | "mass_update")[] | undefined;
594
+ "environment.name"?: "production" | "staging" | "dev" | "local" | "unknown" | undefined;
595
+ "action.reversible"?: boolean | undefined;
596
+ }>>;
571
597
  }, "strict", z.ZodTypeAny, {
572
598
  name: string;
573
599
  description: string;
@@ -609,6 +635,12 @@ export declare const ManifestSchema: z.ZodEffects<z.ZodObject<{
609
635
  required: string[];
610
636
  run: string[];
611
637
  } | undefined;
638
+ when?: {
639
+ "risk.severity_at_least"?: "low" | "medium" | "high" | "critical" | undefined;
640
+ "risk.category_in"?: ("destructive" | "data_loss" | "production_mutation" | "credential_access" | "secret_exfiltration" | "network_exfiltration" | "deployment_change" | "infrastructure_change" | "privilege_escalation" | "irreversible_action" | "mass_update")[] | undefined;
641
+ "environment.name"?: "production" | "staging" | "dev" | "local" | "unknown" | undefined;
642
+ "action.reversible"?: boolean | undefined;
643
+ } | undefined;
612
644
  }, {
613
645
  name: string;
614
646
  description: string;
@@ -650,6 +682,12 @@ export declare const ManifestSchema: z.ZodEffects<z.ZodObject<{
650
682
  required: string[];
651
683
  run: string[];
652
684
  } | undefined;
685
+ when?: {
686
+ "risk.severity_at_least"?: "low" | "medium" | "high" | "critical" | undefined;
687
+ "risk.category_in"?: ("destructive" | "data_loss" | "production_mutation" | "credential_access" | "secret_exfiltration" | "network_exfiltration" | "deployment_change" | "infrastructure_change" | "privilege_escalation" | "irreversible_action" | "mass_update")[] | undefined;
688
+ "environment.name"?: "production" | "staging" | "dev" | "local" | "unknown" | undefined;
689
+ "action.reversible"?: boolean | undefined;
690
+ } | undefined;
653
691
  }>, {
654
692
  name: string;
655
693
  description: string;
@@ -691,6 +729,12 @@ export declare const ManifestSchema: z.ZodEffects<z.ZodObject<{
691
729
  required: string[];
692
730
  run: string[];
693
731
  } | undefined;
732
+ when?: {
733
+ "risk.severity_at_least"?: "low" | "medium" | "high" | "critical" | undefined;
734
+ "risk.category_in"?: ("destructive" | "data_loss" | "production_mutation" | "credential_access" | "secret_exfiltration" | "network_exfiltration" | "deployment_change" | "infrastructure_change" | "privilege_escalation" | "irreversible_action" | "mass_update")[] | undefined;
735
+ "environment.name"?: "production" | "staging" | "dev" | "local" | "unknown" | undefined;
736
+ "action.reversible"?: boolean | undefined;
737
+ } | undefined;
694
738
  }, {
695
739
  name: string;
696
740
  description: string;
@@ -732,6 +776,12 @@ export declare const ManifestSchema: z.ZodEffects<z.ZodObject<{
732
776
  required: string[];
733
777
  run: string[];
734
778
  } | undefined;
779
+ when?: {
780
+ "risk.severity_at_least"?: "low" | "medium" | "high" | "critical" | undefined;
781
+ "risk.category_in"?: ("destructive" | "data_loss" | "production_mutation" | "credential_access" | "secret_exfiltration" | "network_exfiltration" | "deployment_change" | "infrastructure_change" | "privilege_escalation" | "irreversible_action" | "mass_update")[] | undefined;
782
+ "environment.name"?: "production" | "staging" | "dev" | "local" | "unknown" | undefined;
783
+ "action.reversible"?: boolean | undefined;
784
+ } | undefined;
735
785
  }>, "many">, {
736
786
  name: string;
737
787
  description: string;
@@ -773,6 +823,12 @@ export declare const ManifestSchema: z.ZodEffects<z.ZodObject<{
773
823
  required: string[];
774
824
  run: string[];
775
825
  } | undefined;
826
+ when?: {
827
+ "risk.severity_at_least"?: "low" | "medium" | "high" | "critical" | undefined;
828
+ "risk.category_in"?: ("destructive" | "data_loss" | "production_mutation" | "credential_access" | "secret_exfiltration" | "network_exfiltration" | "deployment_change" | "infrastructure_change" | "privilege_escalation" | "irreversible_action" | "mass_update")[] | undefined;
829
+ "environment.name"?: "production" | "staging" | "dev" | "local" | "unknown" | undefined;
830
+ "action.reversible"?: boolean | undefined;
831
+ } | undefined;
776
832
  }[], {
777
833
  name: string;
778
834
  description: string;
@@ -814,6 +870,12 @@ export declare const ManifestSchema: z.ZodEffects<z.ZodObject<{
814
870
  required: string[];
815
871
  run: string[];
816
872
  } | undefined;
873
+ when?: {
874
+ "risk.severity_at_least"?: "low" | "medium" | "high" | "critical" | undefined;
875
+ "risk.category_in"?: ("destructive" | "data_loss" | "production_mutation" | "credential_access" | "secret_exfiltration" | "network_exfiltration" | "deployment_change" | "infrastructure_change" | "privilege_escalation" | "irreversible_action" | "mass_update")[] | undefined;
876
+ "environment.name"?: "production" | "staging" | "dev" | "local" | "unknown" | undefined;
877
+ "action.reversible"?: boolean | undefined;
878
+ } | undefined;
817
879
  }[]>>;
818
880
  policy_packs: z.ZodDefault<z.ZodEffects<z.ZodArray<z.ZodObject<{
819
881
  name: z.ZodString;
@@ -846,6 +908,222 @@ export declare const ManifestSchema: z.ZodEffects<z.ZodObject<{
846
908
  source?: string | undefined;
847
909
  config?: Record<string, unknown> | undefined;
848
910
  }[]>>;
911
+ risk: z.ZodDefault<z.ZodEffects<z.ZodObject<{
912
+ classifiers: z.ZodDefault<z.ZodArray<z.ZodObject<{
913
+ name: z.ZodString;
914
+ tool: z.ZodString;
915
+ patterns: z.ZodArray<z.ZodEffects<z.ZodObject<{
916
+ pattern: z.ZodString;
917
+ categories: z.ZodArray<z.ZodEnum<["destructive", "data_loss", "production_mutation", "credential_access", "secret_exfiltration", "network_exfiltration", "deployment_change", "infrastructure_change", "privilege_escalation", "irreversible_action", "mass_update"]>, "many">;
918
+ severity: z.ZodEnum<["low", "medium", "high", "critical"]>;
919
+ }, "strict", z.ZodTypeAny, {
920
+ pattern: string;
921
+ categories: ("destructive" | "data_loss" | "production_mutation" | "credential_access" | "secret_exfiltration" | "network_exfiltration" | "deployment_change" | "infrastructure_change" | "privilege_escalation" | "irreversible_action" | "mass_update")[];
922
+ severity: "low" | "medium" | "high" | "critical";
923
+ }, {
924
+ pattern: string;
925
+ categories: ("destructive" | "data_loss" | "production_mutation" | "credential_access" | "secret_exfiltration" | "network_exfiltration" | "deployment_change" | "infrastructure_change" | "privilege_escalation" | "irreversible_action" | "mass_update")[];
926
+ severity: "low" | "medium" | "high" | "critical";
927
+ }>, {
928
+ pattern: string;
929
+ categories: ("destructive" | "data_loss" | "production_mutation" | "credential_access" | "secret_exfiltration" | "network_exfiltration" | "deployment_change" | "infrastructure_change" | "privilege_escalation" | "irreversible_action" | "mass_update")[];
930
+ severity: "low" | "medium" | "high" | "critical";
931
+ }, {
932
+ pattern: string;
933
+ categories: ("destructive" | "data_loss" | "production_mutation" | "credential_access" | "secret_exfiltration" | "network_exfiltration" | "deployment_change" | "infrastructure_change" | "privilege_escalation" | "irreversible_action" | "mass_update")[];
934
+ severity: "low" | "medium" | "high" | "critical";
935
+ }>, "many">;
936
+ }, "strict", z.ZodTypeAny, {
937
+ patterns: {
938
+ pattern: string;
939
+ categories: ("destructive" | "data_loss" | "production_mutation" | "credential_access" | "secret_exfiltration" | "network_exfiltration" | "deployment_change" | "infrastructure_change" | "privilege_escalation" | "irreversible_action" | "mass_update")[];
940
+ severity: "low" | "medium" | "high" | "critical";
941
+ }[];
942
+ name: string;
943
+ tool: string;
944
+ }, {
945
+ patterns: {
946
+ pattern: string;
947
+ categories: ("destructive" | "data_loss" | "production_mutation" | "credential_access" | "secret_exfiltration" | "network_exfiltration" | "deployment_change" | "infrastructure_change" | "privilege_escalation" | "irreversible_action" | "mass_update")[];
948
+ severity: "low" | "medium" | "high" | "critical";
949
+ }[];
950
+ name: string;
951
+ tool: string;
952
+ }>, "many">>;
953
+ }, "strict", z.ZodTypeAny, {
954
+ classifiers: {
955
+ patterns: {
956
+ pattern: string;
957
+ categories: ("destructive" | "data_loss" | "production_mutation" | "credential_access" | "secret_exfiltration" | "network_exfiltration" | "deployment_change" | "infrastructure_change" | "privilege_escalation" | "irreversible_action" | "mass_update")[];
958
+ severity: "low" | "medium" | "high" | "critical";
959
+ }[];
960
+ name: string;
961
+ tool: string;
962
+ }[];
963
+ }, {
964
+ classifiers?: {
965
+ patterns: {
966
+ pattern: string;
967
+ categories: ("destructive" | "data_loss" | "production_mutation" | "credential_access" | "secret_exfiltration" | "network_exfiltration" | "deployment_change" | "infrastructure_change" | "privilege_escalation" | "irreversible_action" | "mass_update")[];
968
+ severity: "low" | "medium" | "high" | "critical";
969
+ }[];
970
+ name: string;
971
+ tool: string;
972
+ }[] | undefined;
973
+ }>, {
974
+ classifiers: {
975
+ patterns: {
976
+ pattern: string;
977
+ categories: ("destructive" | "data_loss" | "production_mutation" | "credential_access" | "secret_exfiltration" | "network_exfiltration" | "deployment_change" | "infrastructure_change" | "privilege_escalation" | "irreversible_action" | "mass_update")[];
978
+ severity: "low" | "medium" | "high" | "critical";
979
+ }[];
980
+ name: string;
981
+ tool: string;
982
+ }[];
983
+ }, {
984
+ classifiers?: {
985
+ patterns: {
986
+ pattern: string;
987
+ categories: ("destructive" | "data_loss" | "production_mutation" | "credential_access" | "secret_exfiltration" | "network_exfiltration" | "deployment_change" | "infrastructure_change" | "privilege_escalation" | "irreversible_action" | "mass_update")[];
988
+ severity: "low" | "medium" | "high" | "critical";
989
+ }[];
990
+ name: string;
991
+ tool: string;
992
+ }[] | undefined;
993
+ }>>;
994
+ environments: z.ZodDefault<z.ZodEffects<z.ZodObject<{
995
+ resolvers: z.ZodDefault<z.ZodArray<z.ZodObject<{
996
+ name: z.ZodString;
997
+ environment: z.ZodEnum<["production", "staging", "dev", "local"]>;
998
+ signals: z.ZodEffects<z.ZodObject<{
999
+ branch_patterns: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
1000
+ env_var_patterns: z.ZodOptional<z.ZodArray<z.ZodObject<{
1001
+ var: z.ZodString;
1002
+ patterns: z.ZodArray<z.ZodString, "many">;
1003
+ }, "strict", z.ZodTypeAny, {
1004
+ var: string;
1005
+ patterns: string[];
1006
+ }, {
1007
+ var: string;
1008
+ patterns: string[];
1009
+ }>, "many">>;
1010
+ kube_context_patterns: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
1011
+ kube_namespace_patterns: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
1012
+ }, "strict", z.ZodTypeAny, {
1013
+ branch_patterns?: string[] | undefined;
1014
+ env_var_patterns?: {
1015
+ var: string;
1016
+ patterns: string[];
1017
+ }[] | undefined;
1018
+ kube_context_patterns?: string[] | undefined;
1019
+ kube_namespace_patterns?: string[] | undefined;
1020
+ }, {
1021
+ branch_patterns?: string[] | undefined;
1022
+ env_var_patterns?: {
1023
+ var: string;
1024
+ patterns: string[];
1025
+ }[] | undefined;
1026
+ kube_context_patterns?: string[] | undefined;
1027
+ kube_namespace_patterns?: string[] | undefined;
1028
+ }>, {
1029
+ branch_patterns?: string[] | undefined;
1030
+ env_var_patterns?: {
1031
+ var: string;
1032
+ patterns: string[];
1033
+ }[] | undefined;
1034
+ kube_context_patterns?: string[] | undefined;
1035
+ kube_namespace_patterns?: string[] | undefined;
1036
+ }, {
1037
+ branch_patterns?: string[] | undefined;
1038
+ env_var_patterns?: {
1039
+ var: string;
1040
+ patterns: string[];
1041
+ }[] | undefined;
1042
+ kube_context_patterns?: string[] | undefined;
1043
+ kube_namespace_patterns?: string[] | undefined;
1044
+ }>;
1045
+ }, "strict", z.ZodTypeAny, {
1046
+ name: string;
1047
+ environment: "production" | "staging" | "dev" | "local";
1048
+ signals: {
1049
+ branch_patterns?: string[] | undefined;
1050
+ env_var_patterns?: {
1051
+ var: string;
1052
+ patterns: string[];
1053
+ }[] | undefined;
1054
+ kube_context_patterns?: string[] | undefined;
1055
+ kube_namespace_patterns?: string[] | undefined;
1056
+ };
1057
+ }, {
1058
+ name: string;
1059
+ environment: "production" | "staging" | "dev" | "local";
1060
+ signals: {
1061
+ branch_patterns?: string[] | undefined;
1062
+ env_var_patterns?: {
1063
+ var: string;
1064
+ patterns: string[];
1065
+ }[] | undefined;
1066
+ kube_context_patterns?: string[] | undefined;
1067
+ kube_namespace_patterns?: string[] | undefined;
1068
+ };
1069
+ }>, "many">>;
1070
+ }, "strict", z.ZodTypeAny, {
1071
+ resolvers: {
1072
+ name: string;
1073
+ environment: "production" | "staging" | "dev" | "local";
1074
+ signals: {
1075
+ branch_patterns?: string[] | undefined;
1076
+ env_var_patterns?: {
1077
+ var: string;
1078
+ patterns: string[];
1079
+ }[] | undefined;
1080
+ kube_context_patterns?: string[] | undefined;
1081
+ kube_namespace_patterns?: string[] | undefined;
1082
+ };
1083
+ }[];
1084
+ }, {
1085
+ resolvers?: {
1086
+ name: string;
1087
+ environment: "production" | "staging" | "dev" | "local";
1088
+ signals: {
1089
+ branch_patterns?: string[] | undefined;
1090
+ env_var_patterns?: {
1091
+ var: string;
1092
+ patterns: string[];
1093
+ }[] | undefined;
1094
+ kube_context_patterns?: string[] | undefined;
1095
+ kube_namespace_patterns?: string[] | undefined;
1096
+ };
1097
+ }[] | undefined;
1098
+ }>, {
1099
+ resolvers: {
1100
+ name: string;
1101
+ environment: "production" | "staging" | "dev" | "local";
1102
+ signals: {
1103
+ branch_patterns?: string[] | undefined;
1104
+ env_var_patterns?: {
1105
+ var: string;
1106
+ patterns: string[];
1107
+ }[] | undefined;
1108
+ kube_context_patterns?: string[] | undefined;
1109
+ kube_namespace_patterns?: string[] | undefined;
1110
+ };
1111
+ }[];
1112
+ }, {
1113
+ resolvers?: {
1114
+ name: string;
1115
+ environment: "production" | "staging" | "dev" | "local";
1116
+ signals: {
1117
+ branch_patterns?: string[] | undefined;
1118
+ env_var_patterns?: {
1119
+ var: string;
1120
+ patterns: string[];
1121
+ }[] | undefined;
1122
+ kube_context_patterns?: string[] | undefined;
1123
+ kube_namespace_patterns?: string[] | undefined;
1124
+ };
1125
+ }[] | undefined;
1126
+ }>>;
849
1127
  permission_profiles: z.ZodDefault<z.ZodRecord<z.ZodString, z.ZodObject<{
850
1128
  description: z.ZodOptional<z.ZodString>;
851
1129
  actions: z.ZodDefault<z.ZodObject<{
@@ -2317,6 +2595,12 @@ export declare const ManifestSchema: z.ZodEffects<z.ZodObject<{
2317
2595
  required: string[];
2318
2596
  run: string[];
2319
2597
  } | undefined;
2598
+ when?: {
2599
+ "risk.severity_at_least"?: "low" | "medium" | "high" | "critical" | undefined;
2600
+ "risk.category_in"?: ("destructive" | "data_loss" | "production_mutation" | "credential_access" | "secret_exfiltration" | "network_exfiltration" | "deployment_change" | "infrastructure_change" | "privilege_escalation" | "irreversible_action" | "mass_update")[] | undefined;
2601
+ "environment.name"?: "production" | "staging" | "dev" | "local" | "unknown" | undefined;
2602
+ "action.reversible"?: boolean | undefined;
2603
+ } | undefined;
2320
2604
  }[];
2321
2605
  policy_packs: {
2322
2606
  name: string;
@@ -2325,6 +2609,32 @@ export declare const ManifestSchema: z.ZodEffects<z.ZodObject<{
2325
2609
  config: Record<string, unknown>;
2326
2610
  description?: string | undefined;
2327
2611
  }[];
2612
+ risk: {
2613
+ classifiers: {
2614
+ patterns: {
2615
+ pattern: string;
2616
+ categories: ("destructive" | "data_loss" | "production_mutation" | "credential_access" | "secret_exfiltration" | "network_exfiltration" | "deployment_change" | "infrastructure_change" | "privilege_escalation" | "irreversible_action" | "mass_update")[];
2617
+ severity: "low" | "medium" | "high" | "critical";
2618
+ }[];
2619
+ name: string;
2620
+ tool: string;
2621
+ }[];
2622
+ };
2623
+ environments: {
2624
+ resolvers: {
2625
+ name: string;
2626
+ environment: "production" | "staging" | "dev" | "local";
2627
+ signals: {
2628
+ branch_patterns?: string[] | undefined;
2629
+ env_var_patterns?: {
2630
+ var: string;
2631
+ patterns: string[];
2632
+ }[] | undefined;
2633
+ kube_context_patterns?: string[] | undefined;
2634
+ kube_namespace_patterns?: string[] | undefined;
2635
+ };
2636
+ }[];
2637
+ };
2328
2638
  permission_profiles: Record<string, {
2329
2639
  actions: {
2330
2640
  push?: {
@@ -2580,6 +2890,12 @@ export declare const ManifestSchema: z.ZodEffects<z.ZodObject<{
2580
2890
  required: string[];
2581
2891
  run: string[];
2582
2892
  } | undefined;
2893
+ when?: {
2894
+ "risk.severity_at_least"?: "low" | "medium" | "high" | "critical" | undefined;
2895
+ "risk.category_in"?: ("destructive" | "data_loss" | "production_mutation" | "credential_access" | "secret_exfiltration" | "network_exfiltration" | "deployment_change" | "infrastructure_change" | "privilege_escalation" | "irreversible_action" | "mass_update")[] | undefined;
2896
+ "environment.name"?: "production" | "staging" | "dev" | "local" | "unknown" | undefined;
2897
+ "action.reversible"?: boolean | undefined;
2898
+ } | undefined;
2583
2899
  }[] | undefined;
2584
2900
  policy_packs?: {
2585
2901
  name: string;
@@ -2588,6 +2904,32 @@ export declare const ManifestSchema: z.ZodEffects<z.ZodObject<{
2588
2904
  source?: string | undefined;
2589
2905
  config?: Record<string, unknown> | undefined;
2590
2906
  }[] | undefined;
2907
+ risk?: {
2908
+ classifiers?: {
2909
+ patterns: {
2910
+ pattern: string;
2911
+ categories: ("destructive" | "data_loss" | "production_mutation" | "credential_access" | "secret_exfiltration" | "network_exfiltration" | "deployment_change" | "infrastructure_change" | "privilege_escalation" | "irreversible_action" | "mass_update")[];
2912
+ severity: "low" | "medium" | "high" | "critical";
2913
+ }[];
2914
+ name: string;
2915
+ tool: string;
2916
+ }[] | undefined;
2917
+ } | undefined;
2918
+ environments?: {
2919
+ resolvers?: {
2920
+ name: string;
2921
+ environment: "production" | "staging" | "dev" | "local";
2922
+ signals: {
2923
+ branch_patterns?: string[] | undefined;
2924
+ env_var_patterns?: {
2925
+ var: string;
2926
+ patterns: string[];
2927
+ }[] | undefined;
2928
+ kube_context_patterns?: string[] | undefined;
2929
+ kube_namespace_patterns?: string[] | undefined;
2930
+ };
2931
+ }[] | undefined;
2932
+ } | undefined;
2591
2933
  permission_profiles?: Record<string, {
2592
2934
  description?: string | undefined;
2593
2935
  actions?: {
@@ -2843,6 +3185,12 @@ export declare const ManifestSchema: z.ZodEffects<z.ZodObject<{
2843
3185
  required: string[];
2844
3186
  run: string[];
2845
3187
  } | undefined;
3188
+ when?: {
3189
+ "risk.severity_at_least"?: "low" | "medium" | "high" | "critical" | undefined;
3190
+ "risk.category_in"?: ("destructive" | "data_loss" | "production_mutation" | "credential_access" | "secret_exfiltration" | "network_exfiltration" | "deployment_change" | "infrastructure_change" | "privilege_escalation" | "irreversible_action" | "mass_update")[] | undefined;
3191
+ "environment.name"?: "production" | "staging" | "dev" | "local" | "unknown" | undefined;
3192
+ "action.reversible"?: boolean | undefined;
3193
+ } | undefined;
2846
3194
  }[];
2847
3195
  policy_packs: {
2848
3196
  name: string;
@@ -2851,6 +3199,32 @@ export declare const ManifestSchema: z.ZodEffects<z.ZodObject<{
2851
3199
  config: Record<string, unknown>;
2852
3200
  description?: string | undefined;
2853
3201
  }[];
3202
+ risk: {
3203
+ classifiers: {
3204
+ patterns: {
3205
+ pattern: string;
3206
+ categories: ("destructive" | "data_loss" | "production_mutation" | "credential_access" | "secret_exfiltration" | "network_exfiltration" | "deployment_change" | "infrastructure_change" | "privilege_escalation" | "irreversible_action" | "mass_update")[];
3207
+ severity: "low" | "medium" | "high" | "critical";
3208
+ }[];
3209
+ name: string;
3210
+ tool: string;
3211
+ }[];
3212
+ };
3213
+ environments: {
3214
+ resolvers: {
3215
+ name: string;
3216
+ environment: "production" | "staging" | "dev" | "local";
3217
+ signals: {
3218
+ branch_patterns?: string[] | undefined;
3219
+ env_var_patterns?: {
3220
+ var: string;
3221
+ patterns: string[];
3222
+ }[] | undefined;
3223
+ kube_context_patterns?: string[] | undefined;
3224
+ kube_namespace_patterns?: string[] | undefined;
3225
+ };
3226
+ }[];
3227
+ };
2854
3228
  permission_profiles: Record<string, {
2855
3229
  actions: {
2856
3230
  push?: {
@@ -3106,6 +3480,12 @@ export declare const ManifestSchema: z.ZodEffects<z.ZodObject<{
3106
3480
  required: string[];
3107
3481
  run: string[];
3108
3482
  } | undefined;
3483
+ when?: {
3484
+ "risk.severity_at_least"?: "low" | "medium" | "high" | "critical" | undefined;
3485
+ "risk.category_in"?: ("destructive" | "data_loss" | "production_mutation" | "credential_access" | "secret_exfiltration" | "network_exfiltration" | "deployment_change" | "infrastructure_change" | "privilege_escalation" | "irreversible_action" | "mass_update")[] | undefined;
3486
+ "environment.name"?: "production" | "staging" | "dev" | "local" | "unknown" | undefined;
3487
+ "action.reversible"?: boolean | undefined;
3488
+ } | undefined;
3109
3489
  }[] | undefined;
3110
3490
  policy_packs?: {
3111
3491
  name: string;
@@ -3114,6 +3494,32 @@ export declare const ManifestSchema: z.ZodEffects<z.ZodObject<{
3114
3494
  source?: string | undefined;
3115
3495
  config?: Record<string, unknown> | undefined;
3116
3496
  }[] | undefined;
3497
+ risk?: {
3498
+ classifiers?: {
3499
+ patterns: {
3500
+ pattern: string;
3501
+ categories: ("destructive" | "data_loss" | "production_mutation" | "credential_access" | "secret_exfiltration" | "network_exfiltration" | "deployment_change" | "infrastructure_change" | "privilege_escalation" | "irreversible_action" | "mass_update")[];
3502
+ severity: "low" | "medium" | "high" | "critical";
3503
+ }[];
3504
+ name: string;
3505
+ tool: string;
3506
+ }[] | undefined;
3507
+ } | undefined;
3508
+ environments?: {
3509
+ resolvers?: {
3510
+ name: string;
3511
+ environment: "production" | "staging" | "dev" | "local";
3512
+ signals: {
3513
+ branch_patterns?: string[] | undefined;
3514
+ env_var_patterns?: {
3515
+ var: string;
3516
+ patterns: string[];
3517
+ }[] | undefined;
3518
+ kube_context_patterns?: string[] | undefined;
3519
+ kube_namespace_patterns?: string[] | undefined;
3520
+ };
3521
+ }[] | undefined;
3522
+ } | undefined;
3117
3523
  permission_profiles?: Record<string, {
3118
3524
  description?: string | undefined;
3119
3525
  actions?: {
@@ -3267,6 +3673,8 @@ export * from "./hooks.js";
3267
3673
  export * from "./permission-profiles.js";
3268
3674
  export * from "./policies.js";
3269
3675
  export * from "./policy-packs.js";
3676
+ export * from "./risk.js";
3677
+ export * from "./environments.js";
3270
3678
  export * from "./workflows.js";
3271
3679
  export * from "./audit.js";
3272
3680
  export * from "./extract.js";
package/dist/schema/index.js CHANGED
@@ -1,10 +1,12 @@
1
1
  import { z } from "zod";
2
+ import { EnvironmentsSchema } from "./environments.js";
2
3
  import { GroundingSchema } from "./grounding.js";
3
4
  import { HooksSchema } from "./hooks.js";
4
5
  import { MemorySchema } from "./memory.js";
5
6
  import { PoliciesSchema } from "./policies.js";
6
7
  import { PermissionProfilesSchema } from "./permission-profiles.js";
7
8
  import { PolicyPacksSchema } from "./policy-packs.js";
9
+ import { RiskSchema } from "./risk.js";
8
10
  import { ToolsSchema } from "./tools.js";
9
11
  import { AuditSchema } from "./audit.js";
10
12
  import { ReviewTemplatesSchema, WorkflowsSchema } from "./workflows.js";
@@ -18,6 +20,10 @@ export const ManifestSchema = z
18
20
  hooks: HooksSchema.default([]),
19
21
  policies: PoliciesSchema.default([]),
20
22
  policy_packs: PolicyPacksSchema.default([]),
23
+ // Phase 7 Risk Gate inputs — schema vocabulary only, no runtime
24
+ // surface reads them yet. See docs/risk-gate.md.
25
+ risk: RiskSchema.default({}),
26
+ environments: EnvironmentsSchema.default({}),
21
27
  permission_profiles: PermissionProfilesSchema.default({}),
22
28
  workflows: WorkflowsSchema.default([]),
23
29
  review_templates: ReviewTemplatesSchema.default({}),
@@ -75,6 +81,8 @@ export * from "./hooks.js";
75
81
  export * from "./permission-profiles.js";
76
82
  export * from "./policies.js";
77
83
  export * from "./policy-packs.js";
84
+ export * from "./risk.js";
85
+ export * from "./environments.js";
78
86
  export * from "./workflows.js";
79
87
  export * from "./audit.js";
80
88
  export * from "./extract.js";
package/dist/schema/index.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/schema/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AACxB,OAAO,EAAE,eAAe,EAAE,MAAM,gBAAgB,CAAC;AACjD,OAAO,EAAE,WAAW,EAAE,MAAM,YAAY,CAAC;AACzC,OAAO,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAC3C,OAAO,EAAE,cAAc,EAAE,MAAM,eAAe,CAAC;AAC/C,OAAO,EAAE,wBAAwB,EAAE,MAAM,0BAA0B,CAAC;AACpE,OAAO,EAAE,iBAAiB,EAAE,MAAM,mBAAmB,CAAC;AACtD,OAAO,EAAE,WAAW,EAAE,MAAM,YAAY,CAAC;AACzC,OAAO,EAAE,WAAW,EAAE,MAAM,YAAY,CAAC;AACzC,OAAO,EAAE,qBAAqB,EAAE,eAAe,EAAE,MAAM,gBAAgB,CAAC;AAExE,MAAM,CAAC,MAAM,0BAA0B,GAAG,CAAC,CAAC;AAE5C,MAAM,CAAC,MAAM,cAAc,GAAG,CAAC;KAC5B,MAAM,CAAC;IACN,OAAO,EAAE,CAAC,CAAC,OAAO,CAAC,0BAA0B,CAAC;IAC9C,SAAS,EAAE,eAAe,CAAC,OAAO,CAAC,EAAE,CAAC;IACtC,KAAK,EAAE,WAAW,CAAC,OAAO,CAAC,EAAE,CAAC;IAC9B,MAAM,EAAE,YAAY,CAAC,OAAO,CAAC,EAAE,CAAC;IAChC,KAAK,EAAE,WAAW,CAAC,OAAO,CAAC,EAAE,CAAC;IAC9B,QAAQ,EAAE,cAAc,CAAC,OAAO,CAAC,EAAE,CAAC;IACpC,YAAY,EAAE,iBAAiB,CAAC,OAAO,CAAC,EAAE,CAAC;IAC3C,mBAAmB,EAAE,wBAAwB,CAAC,OAAO,CAAC,EAAE,CAAC;IACzD,SAAS,EAAE,eAAe,CAAC,OAAO,CAAC,EAAE,CAAC;IACtC,gBAAgB,EAAE,qBAAqB,CAAC,OAAO,CAAC,EAAE,CAAC;IACnD,KAAK,EAAE,WAAW,CAAC,OAAO,CAAC,EAAE,CAAC;CAC/B,CAAC;KACD,MAAM,EAAE;KACR,WAAW,CAAC,CAAC,QAAQ,EAAE,GAAG,EAAE,EAAE;IAC7B,MAAM,SAAS,GAAG,IAAI,GAAG,CAAC,QAAQ,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC;IAC7D,QAAQ,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE;QACjC,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC;YAC3B,GAAG,CAAC,QAAQ,CAAC;gBACX,IAAI,EAAE,CAAC,CAAC,YAAY,CAAC,MAAM;gBAC3B,IAAI,EAAE,CAAC,UAAU,EAAE,CAAC,EAAE,MAAM,CAAC;gBAC7B,OAAO,EAAE,WAAW,CAAC,CAAC,IAAI,sBAAsB,CAAC,CAAC,IAAI,oCAAoC;aAC3F,CAAC,CAAC;QACL,CAAC;IACH,CAAC,CAAC,CAAC;IACH,MAAM,aAAa,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,gBAAgB,CAAC,CAAC,CAAC;IACtE,QAAQ,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC,EAAE,EAAE,EAAE,EAAE,EAAE;QACpC,EAAE,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,EAAE,EAAE,EAAE;YAC5B,IAAI,IAAI,CAAC,IAAI,KAAK,iBAAiB,IAAI,IAAI,CAAC,QAAQ,KAAK,SAAS,EAAE,CAAC;gBACnE,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC;oBACtC,GAAG,CAAC,QAAQ,CAAC;wBACX,IAAI,EAAE,CAAC,CAAC,YAAY,CAAC,MAAM;wBAC3B,IAAI,EAAE,CAAC,WAAW,EAAE,EAAE,EAAE,OAAO,EAAE,EAAE,EAAE,UAAU,CAAC;wBAChD,OAAO,EAAE,6BAA6B,IAAI,CAAC,QAAQ,sCAAsC;qBAC1F,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;QACH,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAIL,MAAM,OAAO,kBAAmB,SAAQ,KAAK;IAGzB;IAFlB,YACE,OAAe,EACC,MAAoB;QAEpC,KAAK,CAAC,OAAO,CAAC,CAAC;QAFC,WAAM,GAAN,MAAM,CAAc;QAGpC,IAAI,CAAC,IAAI,GAAG,oBAAoB,CAAC;IACnC,CAAC;CACF;AAED,MAAM,UAAU,aAAa,CAAC,GAAY;IACxC,MAAM,MAAM,GAAG,cAAc,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;IAC7C,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;QACpB,MAAM,OAAO,GAAG,MAAM,CAAC,KAAK,CAAC,MAAM;aAChC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,QAAQ,KAAK,CAAC,CAAC,OAAO,EAAE,CAAC;aAC7D,IAAI,CAAC,IAAI,CAAC,CAAC;QACd,MAAM,IAAI,kBAAkB,CAC1B,wCAAwC,OAAO,EAAE,EACjD,MAAM,CAAC,KAAK,CAAC,MAAM,CACpB,CAAC;IACJ,CAAC;IACD,OAAO,MAAM,CAAC,IAAI,CAAC;AACrB,CAAC;AAED,cAAc,gBAAgB,CAAC;AAC/B,cAAc,YAAY,CAAC;AAC3B,cAAc,aAAa,CAAC;AAC5B,cAAc,YAAY,CAAC;AAC3B,cAAc,0BAA0B,CAAC;AACzC,cAAc,eAAe,CAAC;AAC9B,cAAc,mBAAmB,CAAC;AAClC,cAAc,gBAAgB,CAAC;AAC/B,cAAc,YAAY,CAAC;AAC3B,cAAc,cAAc,CAAC;AAC7B,cAAc,eAAe,CAAC"}
1
+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/schema/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AACxB,OAAO,EAAE,kBAAkB,EAAE,MAAM,mBAAmB,CAAC;AACvD,OAAO,EAAE,eAAe,EAAE,MAAM,gBAAgB,CAAC;AACjD,OAAO,EAAE,WAAW,EAAE,MAAM,YAAY,CAAC;AACzC,OAAO,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAC3C,OAAO,EAAE,cAAc,EAAE,MAAM,eAAe,CAAC;AAC/C,OAAO,EAAE,wBAAwB,EAAE,MAAM,0BAA0B,CAAC;AACpE,OAAO,EAAE,iBAAiB,EAAE,MAAM,mBAAmB,CAAC;AACtD,OAAO,EAAE,UAAU,EAAE,MAAM,WAAW,CAAC;AACvC,OAAO,EAAE,WAAW,EAAE,MAAM,YAAY,CAAC;AACzC,OAAO,EAAE,WAAW,EAAE,MAAM,YAAY,CAAC;AACzC,OAAO,EAAE,qBAAqB,EAAE,eAAe,EAAE,MAAM,gBAAgB,CAAC;AAExE,MAAM,CAAC,MAAM,0BAA0B,GAAG,CAAC,CAAC;AAE5C,MAAM,CAAC,MAAM,cAAc,GAAG,CAAC;KAC5B,MAAM,CAAC;IACN,OAAO,EAAE,CAAC,CAAC,OAAO,CAAC,0BAA0B,CAAC;IAC9C,SAAS,EAAE,eAAe,CAAC,OAAO,CAAC,EAAE,CAAC;IACtC,KAAK,EAAE,WAAW,CAAC,OAAO,CAAC,EAAE,CAAC;IAC9B,MAAM,EAAE,YAAY,CAAC,OAAO,CAAC,EAAE,CAAC;IAChC,KAAK,EAAE,WAAW,CAAC,OAAO,CAAC,EAAE,CAAC;IAC9B,QAAQ,EAAE,cAAc,CAAC,OAAO,CAAC,EAAE,CAAC;IACpC,YAAY,EAAE,iBAAiB,CAAC,OAAO,CAAC,EAAE,CAAC;IAC3C,gEAAgE;IAChE,iDAAiD;IACjD,IAAI,EAAE,UAAU,CAAC,OAAO,CAAC,EAAE,CAAC;IAC5B,YAAY,EAAE,kBAAkB,CAAC,OAAO,CAAC,EAAE,CAAC;IAC5C,mBAAmB,EAAE,wBAAwB,CAAC,OAAO,CAAC,EAAE,CAAC;IACzD,SAAS,EAAE,eAAe,CAAC,OAAO,CAAC,EAAE,CAAC;IACtC,gBAAgB,EAAE,qBAAqB,CAAC,OAAO,CAAC,EAAE,CAAC;IACnD,KAAK,EAAE,WAAW,CAAC,OAAO,CAAC,EAAE,CAAC;CAC/B,CAAC;KACD,MAAM,EAAE;KACR,WAAW,CAAC,CAAC,QAAQ,EAAE,GAAG,EAAE,EAAE;IAC7B,MAAM,SAAS,GAAG,IAAI,GAAG,CAAC,QAAQ,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC;IAC7D,QAAQ,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE;QACjC,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC;YAC3B,GAAG,CAAC,QAAQ,CAAC;gBACX,IAAI,EAAE,CAAC,CAAC,YAAY,CAAC,MAAM;gBAC3B,IAAI,EAAE,CAAC,UAAU,EAAE,CAAC,EAAE,MAAM,CAAC;gBAC7B,OAAO,EAAE,WAAW,CAAC,CAAC,IAAI,sBAAsB,CAAC,CAAC,IAAI,oCAAoC;aAC3F,CAAC,CAAC;QACL,CAAC;IACH,CAAC,CAAC,CAAC;IACH,MAAM,aAAa,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,gBAAgB,CAAC,CAAC,CAAC;IACtE,QAAQ,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC,EAAE,EAAE,EAAE,EAAE,EAAE;QACpC,EAAE,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,EAAE,EAAE,EAAE;YAC5B,IAAI,IAAI,CAAC,IAAI,KAAK,iBAAiB,IAAI,IAAI,CAAC,QAAQ,KAAK,SAAS,EAAE,CAAC;gBACnE,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC;oBACtC,GAAG,CAAC,QAAQ,CAAC;wBACX,IAAI,EAAE,CAAC,CAAC,YAAY,CAAC,MAAM;wBAC3B,IAAI,EAAE,CAAC,WAAW,EAAE,EAAE,EAAE,OAAO,EAAE,EAAE,EAAE,UAAU,CAAC;wBAChD,OAAO,EAAE,6BAA6B,IAAI,CAAC,QAAQ,sCAAsC;qBAC1F,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;QACH,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAIL,MAAM,OAAO,kBAAmB,SAAQ,KAAK;IAGzB;IAFlB,YACE,OAAe,EACC,MAAoB;QAEpC,KAAK,CAAC,OAAO,CAAC,CAAC;QAFC,WAAM,GAAN,MAAM,CAAc;QAGpC,IAAI,CAAC,IAAI,GAAG,oBAAoB,CAAC;IACnC,CAAC;CACF;AAED,MAAM,UAAU,aAAa,CAAC,GAAY;IACxC,MAAM,MAAM,GAAG,cAAc,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;IAC7C,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;QACpB,MAAM,OAAO,GAAG,MAAM,CAAC,KAAK,CAAC,MAAM;aAChC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,QAAQ,KAAK,CAAC,CAAC,OAAO,EAAE,CAAC;aAC7D,IAAI,CAAC,IAAI,CAAC,CAAC;QACd,MAAM,IAAI,kBAAkB,CAC1B,wCAAwC,OAAO,EAAE,EACjD,MAAM,CAAC,KAAK,CAAC,MAAM,CACpB,CAAC;IACJ,CAAC;IACD,OAAO,MAAM,CAAC,IAAI,CAAC;AACrB,CAAC;AAED,cAAc,gBAAgB,CAAC;AAC/B,cAAc,YAAY,CAAC;AAC3B,cAAc,aAAa,CAAC;AAC5B,cAAc,YAAY,CAAC;AAC3B,cAAc,0BAA0B,CAAC;AACzC,cAAc,eAAe,CAAC;AAC9B,cAAc,mBAAmB,CAAC;AAClC,cAAc,WAAW,CAAC;AAC1B,cAAc,mBAAmB,CAAC;AAClC,cAAc,gBAAgB,CAAC;AAC/B,cAAc,YAAY,CAAC;AAC3B,cAAc,cAAc,CAAC;AAC7B,cAAc,eAAe,CAAC"}