@lloyal-labs/rig 2.0.1 → 3.0.0

package/dist/cancellable-fetch.js

@@ -0,0 +1,133 @@
+"use strict";
+/**
+ * `cancellableFetch(url, init, opts)` — Effection-native HTTP with
+ * scope-linked cancellation and a deadline timeout.
+ *
+ * Wraps the global `fetch` so:
+ *
+ * 1. **Outer-scope halt aborts the in-flight request.** The Effection
+ *    `useAbortSignal()` returns a signal linked to the current scope;
+ *    when the scope halts (because a containing operation throws,
+ *    `race` chose another leg, the harness is cancelled, etc.) the
+ *    signal aborts and the underlying socket closes. The fetch is
+ *    *genuinely* cancelled — not abandoned.
+ *
+ * 2. **Timeout aborts the in-flight request.** A second leg sleeps for
+ *    `opts.timeoutMs` and throws on completion. `race` halts whichever
+ *    leg loses, propagating the abort the same way an outer halt does.
+ *
+ * Three current/planned consumers route through this primitive:
+ *
+ * - `@lloyal-labs/web-app/src/tools/fetch-page.ts` (post-migration —
+ *   replaces raw `AbortController` + `setTimeout`, closes the latent
+ *   socket-leak bug where a halted pool kept fetch-page sockets open).
+ * - `@lloyal-labs/web-app/src/tools/keyless-search.ts` (post-migration
+ *   — replaces the private `fetchWithTimeout` from which this primitive
+ *   was lifted; zero behavior change, just consolidation).
+ * - `@lloyal-labs/rig/src/bundle.ts` (`resolveAppEntry`) — fetches the
+ *   signed catalog via `cancellableFetch` so a halted scope during
+ *   resolution tears down cleanly. Used by `harness.dev install` to
+ *   resolve names against the canonical channel.
+ *
+ * Third-party apps SHOULD use `cancellableFetch` for any HTTP they do
+ * under structured concurrency, rather than reinventing the
+ * `race + useAbortSignal` pattern.
+ *
+ * @packageDocumentation
+ * @category Contract
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.FetchTimeoutError = void 0;
+exports.cancellableFetch = cancellableFetch;
+const effection_1 = require("effection");
+/**
+ * Thrown when the timeout leg of `cancellableFetch` wins the race.
+ * Distinct from generic `Error` so consumers can catch only the
+ * timeout case (e.g., to retry with a longer timeout) without also
+ * catching network-layer errors thrown from the fetch leg.
+ */
+class FetchTimeoutError extends Error {
+    constructor(url, timeoutMs) {
+        super(`Fetch timed out after ${timeoutMs}ms: ${url}`);
+        this.name = 'FetchTimeoutError';
+    }
+}
+exports.FetchTimeoutError = FetchTimeoutError;
+/**
+ * Default request timeout. Chosen to be comfortably longer than typical
+ * web pages (95th percentile of `fetch-page.ts` traces resolves in under
+ * 10s) while still bounded enough to fail fast on dead URLs. Override
+ * via `opts.timeoutMs` for known-slow endpoints.
+ */
+const DEFAULT_TIMEOUT_MS = 30_000;
+/**
+ * Fetch a URL with Effection-scope-linked cancellation and a timeout.
+ *
+ * @param url - The URL to fetch.
+ * @param init - Standard `RequestInit` options. `init.signal` is *replaced*
+ *   by the Effection-scope-linked signal; callers cannot pass their own
+ *   AbortController. (If you want to compose with an external abort
+ *   source, do it at the outer-scope level — halting the outer scope
+ *   propagates here.)
+ * @param opts - Timeout + injection knobs.
+ * @returns The `Response` object — unread. Callers `yield* call(() => res.text())`
+ *   etc. as appropriate to their use case.
+ *
+ * @throws {FetchTimeoutError} If the timeout leg wins.
+ * @throws Network-layer errors thrown by the underlying `fetch` (e.g., DNS
+ *   resolution failure, TLS error, socket reset). When the abort signal
+ *   fires, `fetch` throws a `DOMException` with `name === 'AbortError'` —
+ *   distinguishable from real network errors by that name.
+ *
+ * **Body buffering.** The returned `Response`'s body is **fully buffered
+ * in memory** before the function returns; the caller may safely call
+ * `.text()` / `.json()` / `.arrayBuffer()` on it without further async
+ * coordination. This is load-bearing: the underlying `useAbortSignal()`
+ * aborts when the http leg's scope unwinds (after `race` resolves),
+ * which would otherwise cause the caller's body-read to throw
+ * `AbortError` mid-flight (the body is still bound to the request's
+ * signal in undici). Pre-consuming inside the http leg, before the
+ * signal aborts, sidesteps that interaction. Cost: streaming is not
+ * supported — all responses are fully resident before return. Acceptable
+ * for the consumers we have (catalog JSON, manifest JSON, signed
+ * bundles up to a few hundred KB).
+ */
+function* cancellableFetch(url, init, opts) {
+    const timeoutMs = opts?.timeoutMs ?? DEFAULT_TIMEOUT_MS;
+    const fetchImpl = opts?.fetchImpl ?? fetch;
+    const httpLeg = function* () {
+        const signal = yield* (0, effection_1.useAbortSignal)();
+        // Strip caller's signal if any — the Effection scope owns abort.
+        // Keeping caller-supplied signal would mean two abort sources, which
+        // confuses the cancellation chain.
+        const { signal: _ignored, ...restInit } = init ?? {};
+        const res = yield* (0, effection_1.call)(() => fetchImpl(url, { ...restInit, signal }));
+        // Pre-consume the body while the signal is still live. After `race`
+        // returns, this http leg's scope unwinds and the signal aborts —
+        // reading the original Response's body at that point throws
+        // AbortError from undici's consumeBody. Wrapping the buffered bytes
+        // in a fresh Response (which has no associated signal) lets the
+        // caller read the body on their own schedule.
+        const bytes = yield* (0, effection_1.call)(() => res.arrayBuffer());
+        return new Response(bytes, {
+            status: res.status,
+            statusText: res.statusText,
+            headers: res.headers,
+        });
+    };
+    const timeoutLeg = function* () {
+        if (timeoutMs === Infinity) {
+            // Sleep forever — the http leg will win or the outer scope halts.
+            // Using a deliberately-never-resolving operation rather than
+            // sleeping for MAX_SAFE_INTEGER ms (which Node's timer subsystem
+            // doesn't handle gracefully).
+            yield* (0, effection_1.call)(() => new Promise(() => { }));
+            // Unreachable, but type-required.
+            throw new FetchTimeoutError(url, timeoutMs);
+        }
+        yield* (0, effection_1.sleep)(timeoutMs);
+        throw new FetchTimeoutError(url, timeoutMs);
+    };
+    return yield* (0, effection_1.race)([httpLeg(), timeoutLeg()]);
+}
+//# sourceMappingURL=cancellable-fetch.js.map

package/dist/cancellable-fetch.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"cancellable-fetch.js","sourceRoot":"","sources":["../src/cancellable-fetch.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAoCG;;;AA4EH,4CA4CC;AArHD,yCAA8D;AAoB9D;;;;;GAKG;AACH,MAAa,iBAAkB,SAAQ,KAAK;IAC1C,YAAY,GAAW,EAAE,SAAiB;QACxC,KAAK,CAAC,yBAAyB,SAAS,OAAO,GAAG,EAAE,CAAC,CAAC;QACtD,IAAI,CAAC,IAAI,GAAG,mBAAmB,CAAC;IAClC,CAAC;CACF;AALD,8CAKC;AAED;;;;;GAKG;AACH,MAAM,kBAAkB,GAAG,MAAM,CAAC;AAElC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA+BG;AACH,QAAe,CAAC,CAAC,gBAAgB,CAC/B,GAAW,EACX,IAAkB,EAClB,IAA8B;IAE9B,MAAM,SAAS,GAAG,IAAI,EAAE,SAAS,IAAI,kBAAkB,CAAC;IACxD,MAAM,SAAS,GAAG,IAAI,EAAE,SAAS,IAAI,KAAK,CAAC;IAE3C,MAAM,OAAO,GAAG,QAAQ,CAAC;QACvB,MAAM,MAAM,GAAG,KAAK,CAAC,CAAC,IAAA,0BAAc,GAAE,CAAC;QACvC,iEAAiE;QACjE,qEAAqE;QACrE,mCAAmC;QACnC,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE,GAAG,QAAQ,EAAE,GAAG,IAAI,IAAI,EAAE,CAAC;QACrD,MAAM,GAAG,GAAG,KAAK,CAAC,CAAC,IAAA,gBAAI,EAAC,GAAG,EAAE,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,GAAG,QAAQ,EAAE,MAAM,EAAE,CAAC,CAAC,CAAC;QACvE,oEAAoE;QACpE,iEAAiE;QACjE,4DAA4D;QAC5D,oEAAoE;QACpE,gEAAgE;QAChE,8CAA8C;QAC9C,MAAM,KAAK,GAAG,KAAK,CAAC,CAAC,IAAA,gBAAI,EAAC,GAAG,EAAE,CAAC,GAAG,CAAC,WAAW,EAAE,CAAC,CAAC;QACnD,OAAO,IAAI,QAAQ,CAAC,KAAK,EAAE;YACzB,MAAM,EAAE,GAAG,CAAC,MAAM;YAClB,UAAU,EAAE,GAAG,CAAC,UAAU;YAC1B,OAAO,EAAE,GAAG,CAAC,OAAO;SACrB,CAAC,CAAC;IACL,CAAC,CAAC;IAEF,MAAM,UAAU,GAAG,QAAQ,CAAC;QAC1B,IAAI,SAAS,KAAK,QAAQ,EAAE,CAAC;YAC3B,kEAAkE;YAClE,6DAA6D;YAC7D,iEAAiE;YACjE,8BAA8B;YAC9B,KAAK,CAAC,CAAC,IAAA,gBAAI,EAAC,GAAG,EAAE,CAAC,IAAI,OAAO,CAAQ,GAAG,EAAE,GAAwB,CAAC,CAAC,CAAC,CAAC;YACtE,kCAAkC;YAClC,MAAM,IAAI,iBAAiB,CAAC,GAAG,EAAE,SAAS,CAAC,CAAC;QAC9C,CAAC;QACD,KAAK,CAAC,CAAC,IAAA,iBAAK,EAAC,SAAS,CAAC,CAAC;QACxB,MAAM,IAAI,iBAAiB,CAAC,GAAG,EAAE,SAAS,CAAC,CAAC;IAC9C,CAAC,CAAC;IAEF,OAAO,KAAK,CAAC,CAAC,IAAA,gBAAI,EAAC,CAAC,OAAO,EAAE,EAAE,UAAU,EAAE,CAAC,CAAC,CAAC;AAChD,CAAC"}

package/dist/config-store.d.ts

@@ -0,0 +1,30 @@
+/**
+ * In-memory implementation of {@link AppConfigStore}.
+ *
+ * The `AppConfigStore` interface itself lives in
+ * `@lloyal-labs/lloyal-agents` (so the framework context
+ * `AppConfigStoreCtx` and app factories can share it without a
+ * dependency cycle). This module supplies the reference impl that dev
+ * harnesses, examples, and tests use; harnesses needing durable
+ * storage implement the interface themselves.
+ *
+ * @packageDocumentation
+ * @category Contract
+ */
+import type { AppConfigStore } from '@lloyal-labs/lloyal-agents';
+/**
+ * Create an in-memory `AppConfigStore` backed by a `Map`.
+ *
+ * Intended for development, tests, and single-process harnesses that
+ * don't need cross-restart persistence. Harnesses needing durable
+ * storage implement the interface themselves against their preferred
+ * backend (file system, encrypted secret store, remote KV, etc.).
+ *
+ * Configs are stored as-is (no deep clone on set/get). If the caller
+ * mutates a returned config object, those mutations are visible to
+ * subsequent reads — which would violate the whole-replace semantics.
+ * Callers should treat returned configs as immutable and re-`set` to
+ * update.
+ */
+export declare function createInMemoryConfigStore(): AppConfigStore;
+//# sourceMappingURL=config-store.d.ts.map

package/dist/config-store.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"config-store.d.ts","sourceRoot":"","sources":["../src/config-store.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAGH,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,4BAA4B,CAAC;AAEjE;;;;;;;;;;;;;GAaG;AACH,wBAAgB,yBAAyB,IAAI,cAAc,CAa1D"}

package/dist/config-store.js

@@ -0,0 +1,45 @@
+"use strict";
+/**
+ * In-memory implementation of {@link AppConfigStore}.
+ *
+ * The `AppConfigStore` interface itself lives in
+ * `@lloyal-labs/lloyal-agents` (so the framework context
+ * `AppConfigStoreCtx` and app factories can share it without a
+ * dependency cycle). This module supplies the reference impl that dev
+ * harnesses, examples, and tests use; harnesses needing durable
+ * storage implement the interface themselves.
+ *
+ * @packageDocumentation
+ * @category Contract
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.createInMemoryConfigStore = createInMemoryConfigStore;
+/**
+ * Create an in-memory `AppConfigStore` backed by a `Map`.
+ *
+ * Intended for development, tests, and single-process harnesses that
+ * don't need cross-restart persistence. Harnesses needing durable
+ * storage implement the interface themselves against their preferred
+ * backend (file system, encrypted secret store, remote KV, etc.).
+ *
+ * Configs are stored as-is (no deep clone on set/get). If the caller
+ * mutates a returned config object, those mutations are visible to
+ * subsequent reads — which would violate the whole-replace semantics.
+ * Callers should treat returned configs as immutable and re-`set` to
+ * update.
+ */
+function createInMemoryConfigStore() {
+    const store = new Map();
+    return {
+        *get(appName) {
+            return store.get(appName);
+        },
+        *set(appName, config) {
+            store.set(appName, config);
+        },
+        *clear(appName) {
+            store.delete(appName);
+        },
+    };
+}
+//# sourceMappingURL=config-store.js.map

package/dist/config-store.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"config-store.js","sourceRoot":"","sources":["../src/config-store.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;GAYG;;AAmBH,8DAaC;AA3BD;;;;;;;;;;;;;GAaG;AACH,SAAgB,yBAAyB;IACvC,MAAM,KAAK,GAAG,IAAI,GAAG,EAAmC,CAAC;IACzD,OAAO;QACL,CAAC,GAAG,CAAC,OAAe;YAClB,OAAO,KAAK,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;QAC5B,CAAC;QACD,CAAC,GAAG,CAAC,OAAe,EAAE,MAA+B;YACnD,KAAK,CAAC,GAAG,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;QAC7B,CAAC;QACD,CAAC,KAAK,CAAC,OAAe;YACpB,KAAK,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;QACxB,CAAC;KACF,CAAC;AACJ,CAAC"}

package/dist/define-app.d.ts

@@ -0,0 +1,98 @@
+/**
+ * `defineApp(spec): App` — sync wiring helper called inside every app's
+ * factory after constructing its `Source` and `Tool[]` instances.
+ *
+ * Performs all framework-side validations of the app's declared shape
+ * before the App enters the registry:
+ *
+ * - **Manifest schema.** `name` and `protocol.name` match
+ *   `[a-z][a-z0-9_-]{1,63}`; `protocol.tools` is a non-empty unique array
+ *   of names matching the same regex; `protocol.useWhen` is a single
+ *   bounded sentence with no chat-role markers, code fences, or newlines
+ *   (metadata sanitization).
+ * - **App protocol version.** `manifest.appProtocolVersion` is in
+ *   `SUPPORTED_APP_PROTOCOL_VERSIONS`. Absence is permitted
+ *   (treated as `"3.0"`).
+ * - **Tool map coverage.** The keys of the supplied `tools` object equal
+ *   `manifest.protocol.tools[]` as a set — every declared tool has an
+ *   implementation, no extras.
+ * - **Boundary-marker double-emission.** `skill` (when string-typed) MUST
+ *   NOT contain the literal `Apply the **` substring — the framework
+ *   prepends the marker via `BOUNDARY_MARKER`, so an `skill.eta` that
+ *   includes the line would emit it twice.
+ *
+ * Validation errors throw synchronously with a clear message naming the
+ * failing field and the violated rule. App factories should call
+ * `defineApp` last (after `yield*`ing tool factories) so a malformed
+ * manifest fails at construction time, not later at registration.
+ *
+ * @packageDocumentation
+ * @category Protocol
+ */
+import type { Tool, Source, App, AppManifest, SkillTemplateFn, ExamplesTemplateFn, ConfigFlow, AppHints } from '@lloyal-labs/lloyal-agents';
+/**
+ * Argument to {@link defineApp}. The fields that survive into the
+ * returned {@link App} are surfaced here with the same names. There are
+ * no lifecycle hooks — setup is the factory body, teardown is `ensure(...)`.
+ */
+export interface DefineAppSpec {
+    /** The declarative app manifest, imported from `app.json`. */
+    manifest: AppManifest;
+    /** The app's Source. */
+    source: Source;
+    /**
+     * Map of tool-name → Tool instance. Keys MUST equal
+     * `manifest.protocol.tools[]` as a set (exact membership match — no
+     * missing tools, no extras). Each value's `.name` property must match
+     * its key (otherwise the catalog's `Tools:` line and the agent's
+     * dispatched tool call would disagree).
+     */
+    tools: Readonly<Record<string, Tool>>;
+    /**
+     * The per-spawn template body. String → rendered via Eta with the
+     * `AgentRenderCtx` fields available as `it.*`. Function → invoked
+     * directly with the render context.
+     *
+     * MUST NOT contain the literal `Apply the **` substring when given as
+     * a string — the framework prepends the boundary marker.
+     */
+    skill: string | SkillTemplateFn;
+    /**
+     * Optional discipline content rendered into the per-spawn preamble of
+     * agents assigned to this app. Never enters the shared spine.
+     */
+    examples?: string | ExamplesTemplateFn;
+    /** Optional UX/marketplace hints (overrides `manifest.hints` if both present). */
+    hints?: AppHints;
+    /** Optional interactive config flow. */
+    configFlow?: ConfigFlow;
+}
+/**
+ * Validate an app's declared shape and return the runtime {@link App}
+ * object the framework will register and render against.
+ *
+ * Throws synchronously on the first validation failure with a message
+ * naming the failing field and the violated rule.
+ *
+ * @example
+ * ```ts
+ * export function* createJiraApp(): Operation<App> {
+ *   const cfgStore = yield* AppConfigStoreCtx.expect();
+ *   const cfg = yield* cfgStore.get(manifest.name);
+ *   if (!cfg) throw new Error('jira app requires config');
+ *
+ *   const source = new JiraSource(cfg);
+ *   const searchTool = yield* createJiraSearchTool(cfg);
+ *   const readTool = yield* createJiraReadTool(cfg);
+ *
+ *   return defineApp({
+ *     manifest,
+ *     source,
+ *     tools: { jira_search: searchTool, jira_read: readTool },
+ *     skill: skillTemplate,
+ *   });
+ * }
+ * ```
+ */
+export declare function defineApp(spec: DefineAppSpec): App;
+//# sourceMappingURL=define-app.d.ts.map

package/dist/define-app.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"define-app.d.ts","sourceRoot":"","sources":["../src/define-app.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA8BG;AAGH,OAAO,KAAK,EACV,IAAI,EACJ,MAAM,EACN,GAAG,EACH,WAAW,EACX,eAAe,EACf,kBAAkB,EAClB,UAAU,EACV,QAAQ,EACT,MAAM,4BAA4B,CAAC;AAGpC;;;;GAIG;AACH,MAAM,WAAW,aAAa;IAC5B,8DAA8D;IAC9D,QAAQ,EAAE,WAAW,CAAC;IACtB,wBAAwB;IACxB,MAAM,EAAE,MAAM,CAAC;IACf;;;;;;OAMG;IACH,KAAK,EAAE,QAAQ,CAAC,MAAM,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC,CAAC;IACtC;;;;;;;OAOG;IACH,KAAK,EAAE,MAAM,GAAG,eAAe,CAAC;IAChC;;;OAGG;IACH,QAAQ,CAAC,EAAE,MAAM,GAAG,kBAAkB,CAAC;IACvC,kFAAkF;IAClF,KAAK,CAAC,EAAE,QAAQ,CAAC;IACjB,wCAAwC;IACxC,UAAU,CAAC,EAAE,UAAU,CAAC;CACzB;AA+KD;;;;;;;;;;;;;;;;;;;;;;;;;;GA0BG;AACH,wBAAgB,SAAS,CAAC,IAAI,EAAE,aAAa,GAAG,GAAG,CAmClD"}

package/dist/define-app.js

@@ -0,0 +1,232 @@
+"use strict";
+/**
+ * `defineApp(spec): App` — sync wiring helper called inside every app's
+ * factory after constructing its `Source` and `Tool[]` instances.
+ *
+ * Performs all framework-side validations of the app's declared shape
+ * before the App enters the registry:
+ *
+ * - **Manifest schema.** `name` and `protocol.name` match
+ *   `[a-z][a-z0-9_-]{1,63}`; `protocol.tools` is a non-empty unique array
+ *   of names matching the same regex; `protocol.useWhen` is a single
+ *   bounded sentence with no chat-role markers, code fences, or newlines
+ *   (metadata sanitization).
+ * - **App protocol version.** `manifest.appProtocolVersion` is in
+ *   `SUPPORTED_APP_PROTOCOL_VERSIONS`. Absence is permitted
+ *   (treated as `"3.0"`).
+ * - **Tool map coverage.** The keys of the supplied `tools` object equal
+ *   `manifest.protocol.tools[]` as a set — every declared tool has an
+ *   implementation, no extras.
+ * - **Boundary-marker double-emission.** `skill` (when string-typed) MUST
+ *   NOT contain the literal `Apply the **` substring — the framework
+ *   prepends the marker via `BOUNDARY_MARKER`, so an `skill.eta` that
+ *   includes the line would emit it twice.
+ *
+ * Validation errors throw synchronously with a clear message naming the
+ * failing field and the violated rule. App factories should call
+ * `defineApp` last (after `yield*`ing tool factories) so a malformed
+ * manifest fails at construction time, not later at registration.
+ *
+ * @packageDocumentation
+ * @category Protocol
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.defineApp = defineApp;
+const protocol_1 = require("./protocol");
+// ── Validation regexes / constants ───────────────────────────────
+/**
+ * Identifier shape for app names and protocol names. Lowercase ASCII
+ * start, lowercase alphanumeric / underscore / hyphen rest, length 2-64.
+ * This grammar is the M3 sanitization on shared-spine metadata — it
+ * ensures app-supplied strings can't break the markdown bold in the
+ * boundary marker (no `*`) and can't inject newlines, code fences, or
+ * chat-role markers.
+ */
+const ID_RE = /^[a-z][a-z0-9_-]{1,63}$/;
+/**
+ * Maximum length of `protocol.useWhen`. Bounded so the rendered catalog
+ * stays compact and to limit the residual semantic-injection surface
+ * available within the grammar's allowed character set.
+ */
+const USE_WHEN_MAX_LEN = 280;
+/**
+ * Patterns forbidden anywhere in `protocol.useWhen` — chat-role markers
+ * (would confuse the model into treating the catalog text as a fake
+ * conversation) and markdown code fences (would let an attacker break
+ * out of the catalog block into structured content).
+ */
+const USE_WHEN_FORBIDDEN = [
+    /\bSYSTEM:/i,
+    /\bUSER:/i,
+    /\bASSISTANT\s+calls?:/i,
+    /\bASSISTANT:/i,
+    /```/,
+    /\r/,
+    /\n/,
+];
+/** Substring whose presence in `skill` (string form) would cause double-emission. */
+const BOUNDARY_MARKER_PREFIX = 'Apply the **';
+// ── Validation helpers ───────────────────────────────────────────
+function assertIdentifier(value, field) {
+    if (typeof value !== 'string') {
+        throw new Error(`defineApp: ${field} must be a string, got ${typeof value}`);
+    }
+    if (!ID_RE.test(value)) {
+        throw new Error(`defineApp: ${field} ${JSON.stringify(value)} does not match the required ` +
+            `identifier grammar ${ID_RE.toString()} (lowercase alphanumeric + _-, length 2-64). ` +
+            `This is an App protocol metadata invariant — names appear in the boundary ` +
+            `marker and shared spine catalog where injection-prone characters must be excluded.`);
+    }
+}
+function assertUseWhen(value) {
+    if (typeof value !== 'string') {
+        throw new Error(`defineApp: manifest.protocol.useWhen must be a string, got ${typeof value}`);
+    }
+    if (value.length === 0 || value.length > USE_WHEN_MAX_LEN) {
+        throw new Error(`defineApp: manifest.protocol.useWhen length ${value.length} out of bounds ` +
+            `[1, ${USE_WHEN_MAX_LEN}]. Keep it to a single short sentence.`);
+    }
+    for (const pattern of USE_WHEN_FORBIDDEN) {
+        if (pattern.test(value)) {
+            throw new Error(`defineApp: manifest.protocol.useWhen contains forbidden pattern ${pattern.toString()}. ` +
+                `useWhen renders into the shared spine catalog; chat-role markers, code fences, and ` +
+                `line breaks are excluded to prevent injection at the catalog-text layer.`);
+        }
+    }
+}
+function assertProtocolTools(tools) {
+    if (!Array.isArray(tools) || tools.length === 0) {
+        throw new Error(`defineApp: manifest.protocol.tools must be a non-empty array of tool-name strings`);
+    }
+    const seen = new Set();
+    for (const name of tools) {
+        assertIdentifier(name, `manifest.protocol.tools[*] (${JSON.stringify(name)})`);
+        if (seen.has(name)) {
+            throw new Error(`defineApp: manifest.protocol.tools contains duplicate ${JSON.stringify(name)}`);
+        }
+        seen.add(name);
+    }
+}
+function assertAppProtocolVersion(version) {
+    // Undefined is permitted — apps that don't declare a version are
+    // assumed to target the framework's default ("3.0"). The registry
+    // (enable-time) may tighten this if needed.
+    if (version === undefined)
+        return;
+    if (!protocol_1.SUPPORTED_APP_PROTOCOL_VERSIONS.includes(version)) {
+        throw new Error(`defineApp: manifest.appProtocolVersion ${JSON.stringify(version)} is not in the ` +
+            `supported set ${JSON.stringify(protocol_1.SUPPORTED_APP_PROTOCOL_VERSIONS)}. ` +
+            `This build of @lloyal-labs/rig only validates apps targeting one of those versions.`);
+    }
+}
+function assertToolMapCoverage(protocolTools, toolsMap) {
+    const declared = new Set(protocolTools);
+    const provided = new Set(Object.keys(toolsMap));
+    // Missing — tools declared in the protocol but not supplied as instances.
+    const missing = [];
+    for (const name of declared) {
+        if (!provided.has(name))
+            missing.push(name);
+    }
+    if (missing.length > 0) {
+        throw new Error(`defineApp: tools map is missing implementations for protocol.tools: ` +
+            `${JSON.stringify(missing)}. Every declared tool must have a corresponding ` +
+            `entry in the \`tools\` map passed to defineApp.`);
+    }
+    // Extras — tools supplied as instances but not declared in the protocol.
+    const extras = [];
+    for (const name of provided) {
+        if (!declared.has(name))
+            extras.push(name);
+    }
+    if (extras.length > 0) {
+        throw new Error(`defineApp: tools map contains entries not declared in manifest.protocol.tools: ` +
+            `${JSON.stringify(extras)}. Add them to protocol.tools or remove from the tools map ` +
+            `— the catalog Tools: line is rendered from protocol.tools and the auth-guard's ` +
+            `allowed-tools set is derived from the same array, so extras would never be callable.`);
+    }
+    // Name agreement — each Tool instance's .name must match its key.
+    for (const [key, tool] of Object.entries(toolsMap)) {
+        if (tool.name !== key) {
+            throw new Error(`defineApp: tools[${JSON.stringify(key)}].name = ${JSON.stringify(tool.name)} ` +
+                `does not match its map key. The map key is what the framework dispatches against; ` +
+                `the Tool's name is what the model sees in the schema. They must agree.`);
+        }
+    }
+}
+function assertSkillTemplate(skill) {
+    if (typeof skill === 'function') {
+        // Function-typed templates can't be statically validated here. The
+        // framework's first-render check catches double-emission
+        // at the first preamble render, not at defineApp time.
+        return;
+    }
+    if (typeof skill !== 'string') {
+        throw new Error(`defineApp: spec.skill must be a string or SkillTemplateFn, got ${typeof skill}`);
+    }
+    if (skill.includes(BOUNDARY_MARKER_PREFIX)) {
+        throw new Error(`defineApp: skill template contains the literal ${JSON.stringify(BOUNDARY_MARKER_PREFIX)} substring. ` +
+            `The framework prepends \`Apply the **<name>** protocol.\\n\\n\` via BOUNDARY_MARKER at ` +
+            `render time; including it in the template would emit it twice. Strip the ` +
+            `\`Apply the **...** protocol.\` line (and its trailing blank line) from skill.eta.`);
+    }
+}
+// ── defineApp ─────────────────────────────────────────────────────
+/**
+ * Validate an app's declared shape and return the runtime {@link App}
+ * object the framework will register and render against.
+ *
+ * Throws synchronously on the first validation failure with a message
+ * naming the failing field and the violated rule.
+ *
+ * @example
+ * ```ts
+ * export function* createJiraApp(): Operation<App> {
+ *   const cfgStore = yield* AppConfigStoreCtx.expect();
+ *   const cfg = yield* cfgStore.get(manifest.name);
+ *   if (!cfg) throw new Error('jira app requires config');
+ *
+ *   const source = new JiraSource(cfg);
+ *   const searchTool = yield* createJiraSearchTool(cfg);
+ *   const readTool = yield* createJiraReadTool(cfg);
+ *
+ *   return defineApp({
+ *     manifest,
+ *     source,
+ *     tools: { jira_search: searchTool, jira_read: readTool },
+ *     skill: skillTemplate,
+ *   });
+ * }
+ * ```
+ */
+function defineApp(spec) {
+    // 1. Manifest top-level identifier.
+    assertIdentifier(spec.manifest.name, 'manifest.name');
+    // 2. App protocol version (if declared).
+    assertAppProtocolVersion(spec.manifest.appProtocolVersion);
+    // 3. Protocol substructure: name, useWhen, tools.
+    assertIdentifier(spec.manifest.protocol.name, 'manifest.protocol.name');
+    assertUseWhen(spec.manifest.protocol.useWhen);
+    assertProtocolTools(spec.manifest.protocol.tools);
+    // 4. Tools map coverage and name agreement.
+    assertToolMapCoverage(spec.manifest.protocol.tools, spec.tools);
+    // 5. Agent template double-emission guard.
+    assertSkillTemplate(spec.skill);
+    // Preserve `protocol.tools` insertion order in the runtime tools array
+    // — that's the order the catalog renders and the order the spine
+    // prefill receives schemas in. The framework relies on stable ordering
+    // for the §10.1 snapshot gate.
+    const tools = spec.manifest.protocol.tools.map((name) => spec.tools[name]);
+    return {
+        name: spec.manifest.name,
+        manifest: spec.manifest,
+        source: spec.source,
+        tools,
+        skill: spec.skill,
+        examples: spec.examples,
+        configSchema: spec.manifest.configSchema,
+        hints: spec.hints ?? spec.manifest.hints,
+        configFlow: spec.configFlow,
+    };
+}
+//# sourceMappingURL=define-app.js.map

package/dist/define-app.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"define-app.js","sourceRoot":"","sources":["../src/define-app.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA8BG;;AA6PH,8BAmCC;AAnRD,yCAA6D;AAwC7D,oEAAoE;AAEpE;;;;;;;GAOG;AACH,MAAM,KAAK,GAAG,yBAAyB,CAAC;AAExC;;;;GAIG;AACH,MAAM,gBAAgB,GAAG,GAAG,CAAC;AAE7B;;;;;GAKG;AACH,MAAM,kBAAkB,GAAsB;IAC5C,YAAY;IACZ,UAAU;IACV,wBAAwB;IACxB,eAAe;IACf,KAAK;IACL,IAAI;IACJ,IAAI;CACL,CAAC;AAEF,qFAAqF;AACrF,MAAM,sBAAsB,GAAG,cAAc,CAAC;AAE9C,oEAAoE;AAEpE,SAAS,gBAAgB,CAAC,KAAa,EAAE,KAAa;IACpD,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;QAC9B,MAAM,IAAI,KAAK,CAAC,cAAc,KAAK,0BAA0B,OAAO,KAAK,EAAE,CAAC,CAAC;IAC/E,CAAC;IACD,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;QACvB,MAAM,IAAI,KAAK,CACb,cAAc,KAAK,IAAI,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,+BAA+B;YACzE,sBAAsB,KAAK,CAAC,QAAQ,EAAE,+CAA+C;YACrF,4EAA4E;YAC5E,oFAAoF,CACvF,CAAC;IACJ,CAAC;AACH,CAAC;AAED,SAAS,aAAa,CAAC,KAAa;IAClC,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;QAC9B,MAAM,IAAI,KAAK,CAAC,8DAA8D,OAAO,KAAK,EAAE,CAAC,CAAC;IAChG,CAAC;IACD,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,IAAI,KAAK,CAAC,MAAM,GAAG,gBAAgB,EAAE,CAAC;QAC1D,MAAM,IAAI,KAAK,CACb,+CAA+C,KAAK,CAAC,MAAM,iBAAiB;YAC1E,OAAO,gBAAgB,wCAAwC,CAClE,CAAC;IACJ,CAAC;IACD,KAAK,MAAM,OAAO,IAAI,kBAAkB,EAAE,CAAC;QACzC,IAAI,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;YACxB,MAAM,IAAI,KAAK,CACb,mEAAmE,OAAO,CAAC,QAAQ,EAAE,IAAI;gBACvF,qFAAqF;gBACrF,0EAA0E,CAC7E,CAAC;QACJ,CAAC;IACH,CAAC;AACH,CAAC;AAED,SAAS,mBAAmB,CAAC,KAAwB;IACnD,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAChD,MAAM,IAAI,KAAK,CACb,mFAAmF,CACpF,CAAC;IACJ,CAAC;IACD,MAAM,IAAI,GAAG,IAAI,GAAG,EAAU,CAAC;IAC/B,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,gBAAgB,CAAC,IAAI,EAAE,+BAA+B,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAC/E,IAAI,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC;YACnB,MAAM,IAAI,KAAK,CAAC,yDAAyD,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACnG,CAAC;QACD,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;IACjB,CAAC;AACH,CAAC;AAED,SAAS,wBAAwB,CAAC,OAA2B;IAC3D,iEAAiE;IACjE,kEAAkE;IAClE,4CAA4C;IAC5C,IAAI,OAAO,KAAK,SAAS;QAAE,OAAO;IAClC,IAAI,CAAC,0CAA+B,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;QACvD,MAAM,IAAI,KAAK,CACb,0CAA0C,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,iBAAiB;YAChF,iBAAiB,IAAI,CAAC,SAAS,CAAC,0CAA+B,CAAC,IAAI;YACpE,qFAAqF,CACxF,CAAC;IACJ,CAAC;AACH,CAAC;AAED,SAAS,qBAAqB,CAC5B,aAAgC,EAChC,QAAwC;IAExC,MAAM,QAAQ,GAAG,IAAI,GAAG,CAAC,aAAa,CAAC,CAAC;IACxC,MAAM,QAAQ,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC;IAEhD,0EAA0E;IAC1E,MAAM,OAAO,GAAa,EAAE,CAAC;IAC7B,KAAK,MAAM,IAAI,IAAI,QAAQ,EAAE,CAAC;QAC5B,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,CAAC;YAAE,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAC9C,CAAC;IACD,IAAI,OAAO,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACvB,MAAM,IAAI,KAAK,CACb,sEAAsE;YACpE,GAAG,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,kDAAkD;YAC5E,iDAAiD,CACpD,CAAC;IACJ,CAAC;IAED,yEAAyE;IACzE,MAAM,MAAM,GAAa,EAAE,CAAC;IAC5B,KAAK,MAAM,IAAI,IAAI,QAAQ,EAAE,CAAC;QAC5B,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,CAAC;YAAE,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAC7C,CAAC;IACD,IAAI,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACtB,MAAM,IAAI,KAAK,CACb,iFAAiF;YAC/E,GAAG,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,4DAA4D;YACrF,iFAAiF;YACjF,sFAAsF,CACzF,CAAC;IACJ,CAAC;IAED,kEAAkE;IAClE,KAAK,MAAM,CAAC,GAAG,EAAE,IAAI,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE,CAAC;QACnD,IAAI,IAAI,CAAC,IAAI,KAAK,GAAG,EAAE,CAAC;YACtB,MAAM,IAAI,KAAK,CACb,oBAAoB,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,YAAY,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG;gBAC7E,oFAAoF;gBACpF,wEAAwE,CAC3E,CAAC;QACJ,CAAC;IACH,CAAC;AACH,CAAC;AAED,SAAS,mBAAmB,CAAC,KAA+B;IAC1D,IAAI,OAAO,KAAK,KAAK,UAAU,EAAE,CAAC;QAChC,mEAAmE;QACnE,yDAAyD;QACzD,uDAAuD;QACvD,OAAO;IACT,CAAC;IACD,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;QAC9B,MAAM,IAAI,KAAK,CAAC,kEAAkE,OAAO,KAAK,EAAE,CAAC,CAAC;IACpG,CAAC;IACD,IAAI,KAAK,CAAC,QAAQ,CAAC,sBAAsB,CAAC,EAAE,CAAC;QAC3C,MAAM,IAAI,KAAK,CACb,kDAAkD,IAAI,CAAC,SAAS,CAAC,sBAAsB,CAAC,cAAc;YACpG,yFAAyF;YACzF,2EAA2E;YAC3E,oFAAoF,CACvF,CAAC;IACJ,CAAC;AACH,CAAC;AAED,qEAAqE;AAErE;;;;;;;;;;;;;;;;;;;;;;;;;;GA0BG;AACH,SAAgB,SAAS,CAAC,IAAmB;IAC3C,oCAAoC;IACpC,gBAAgB,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,EAAE,eAAe,CAAC,CAAC;IAEtD,yCAAyC;IACzC,wBAAwB,CAAC,IAAI,CAAC,QAAQ,CAAC,kBAAkB,CAAC,CAAC;IAE3D,kDAAkD;IAClD,gBAAgB,CAAC,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,IAAI,EAAE,wBAAwB,CAAC,CAAC;IACxE,aAAa,CAAC,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;IAC9C,mBAAmB,CAAC,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;IAElD,4CAA4C;IAC5C,qBAAqB,CAAC,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,KAAK,EAAE,IAAI,CAAC,KAAK,CAAC,CAAC;IAEhE,2CAA2C;IAC3C,mBAAmB,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IAEhC,uEAAuE;IACvE,iEAAiE;IACjE,uEAAuE;IACvE,+BAA+B;IAC/B,MAAM,KAAK,GAAG,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC;IAE3E,OAAO;QACL,IAAI,EAAE,IAAI,CAAC,QAAQ,CAAC,IAAI;QACxB,QAAQ,EAAE,IAAI,CAAC,QAAQ;QACvB,MAAM,EAAE,IAAI,CAAC,MAAM;QACnB,KAAK;QACL,KAAK,EAAE,IAAI,CAAC,KAAK;QACjB,QAAQ,EAAE,IAAI,CAAC,QAAQ;QACvB,YAAY,EAAE,IAAI,CAAC,QAAQ,CAAC,YAAY;QACxC,KAAK,EAAE,IAAI,CAAC,KAAK,IAAI,IAAI,CAAC,QAAQ,CAAC,KAAK;QACxC,UAAU,EAAE,IAAI,CAAC,UAAU;KAC5B,CAAC;AACJ,CAAC"}

package/dist/grant-store.d.ts

@@ -0,0 +1,31 @@
+/**
+ * In-memory implementation of {@link GrantStore}.
+ *
+ * The `GrantStore` interface itself lives in `@lloyal-labs/lloyal-agents`
+ * (so the framework context `GrantStoreCtx` and app/harness code share it
+ * without a dependency cycle). This module supplies the reference impl that
+ * dev harnesses, examples, and tests use; harnesses that back grants with
+ * a secrets manager or remote authorization service implement the
+ * interface themselves.
+ *
+ * A grant records that the session has obtained consent to invoke a
+ * `protected` tool (see {@link Tool.protected}). The **credential** behind
+ * that consent (an OAuth token, an API key) is the harness's concern and
+ * never enters the model's context — this store holds only the binary
+ * decision the authGuard reads.
+ *
+ * @packageDocumentation
+ * @category Contract
+ */
+import type { GrantStore } from '@lloyal-labs/lloyal-agents';
+/**
+ * Create an in-memory `GrantStore` backed by a `Set`.
+ *
+ * Intended for development, tests, and single-process harnesses. Pass
+ * `initial` to pre-grant a set of protected tools at construction (a
+ * harness that has already obtained consent, or a test fixture).
+ * Harnesses needing durable or audited grants implement the interface
+ * themselves against their preferred backend.
+ */
+export declare function createGrantStore(initial?: Iterable<string>): GrantStore;
+//# sourceMappingURL=grant-store.d.ts.map

package/dist/grant-store.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"grant-store.d.ts","sourceRoot":"","sources":["../src/grant-store.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;GAkBG;AAGH,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,4BAA4B,CAAC;AAE7D;;;;;;;;GAQG;AACH,wBAAgB,gBAAgB,CAAC,OAAO,CAAC,EAAE,QAAQ,CAAC,MAAM,CAAC,GAAG,UAAU,CAgBvE"}

package/dist/grant-store.js

@@ -0,0 +1,49 @@
+"use strict";
+/**
+ * In-memory implementation of {@link GrantStore}.
+ *
+ * The `GrantStore` interface itself lives in `@lloyal-labs/lloyal-agents`
+ * (so the framework context `GrantStoreCtx` and app/harness code share it
+ * without a dependency cycle). This module supplies the reference impl that
+ * dev harnesses, examples, and tests use; harnesses that back grants with
+ * a secrets manager or remote authorization service implement the
+ * interface themselves.
+ *
+ * A grant records that the session has obtained consent to invoke a
+ * `protected` tool (see {@link Tool.protected}). The **credential** behind
+ * that consent (an OAuth token, an API key) is the harness's concern and
+ * never enters the model's context — this store holds only the binary
+ * decision the authGuard reads.
+ *
+ * @packageDocumentation
+ * @category Contract
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.createGrantStore = createGrantStore;
+/**
+ * Create an in-memory `GrantStore` backed by a `Set`.
+ *
+ * Intended for development, tests, and single-process harnesses. Pass
+ * `initial` to pre-grant a set of protected tools at construction (a
+ * harness that has already obtained consent, or a test fixture).
+ * Harnesses needing durable or audited grants implement the interface
+ * themselves against their preferred backend.
+ */
+function createGrantStore(initial) {
+    const grants = new Set(initial);
+    return {
+        *has(toolName) {
+            return grants.has(toolName);
+        },
+        *grant(toolName) {
+            grants.add(toolName);
+        },
+        *revoke(toolName) {
+            grants.delete(toolName);
+        },
+        *granted() {
+            return [...grants];
+        },
+    };
+}
+//# sourceMappingURL=grant-store.js.map

package/dist/grant-store.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"grant-store.js","sourceRoot":"","sources":["../src/grant-store.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;;;;;GAkBG;;AAcH,4CAgBC;AAzBD;;;;;;;;GAQG;AACH,SAAgB,gBAAgB,CAAC,OAA0B;IACzD,MAAM,MAAM,GAAG,IAAI,GAAG,CAAS,OAAO,CAAC,CAAC;IACxC,OAAO;QACL,CAAC,GAAG,CAAC,QAAgB;YACnB,OAAO,MAAM,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;QAC9B,CAAC;QACD,CAAC,KAAK,CAAC,QAAgB;YACrB,MAAM,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;QACvB,CAAC;QACD,CAAC,MAAM,CAAC,QAAgB;YACtB,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;QAC1B,CAAC;QACD,CAAC,OAAO;YACN,OAAO,CAAC,GAAG,MAAM,CAAC,CAAC;QACrB,CAAC;KACF,CAAC;AACJ,CAAC"}