@longarc/mdash 3.0.0

package/dist/warrant/engine.d.ts

@@ -0,0 +1,195 @@
+/**
+ * mdash v3.0 - Warrant System
+ *
+ * Speculative warrant issuance with cryptographic invalidation.
+ * Target: <10ms activation (cache hit)
+ *
+ * Invariants:
+ * - WARRANT-INV-001: Speculative warrants expire within 60s if not activated
+ * - WARRANT-INV-002: Revocation propagates to all caches within 100ms
+ * - WARRANT-INV-003: Activated warrants immediately sealed (L1)
+ */
+import { Hash, Seal, Timestamp, WarrantId } from '../core/crypto.js';
+import { CommitmentEngine } from '../core/commitment.js';
+export type WarrantState = 'DRAFT' | 'PENDING' | 'SPECULATIVE' | 'ACTIVE' | 'REVOKED' | 'EXPIRED' | 'ARCHIVED';
+export type WarrantTier = 'T1' | 'T2' | 'T3';
+export interface WarrantConstraints {
+    /** Maximum number of invocations */
+    maxCalls?: number;
+    /** Maximum execution time (ms) */
+    maxTime?: number;
+    /** Maximum financial exposure */
+    maxAmount?: number;
+    /** Allowed destination accounts (for financial) */
+    allowedAccounts?: string[];
+    /** Required 2FA */
+    require2FA?: boolean;
+    /** Allowed domains */
+    allowedDomains?: string[];
+    /** Custom constraints */
+    custom?: Record<string, unknown>;
+}
+export interface Warrant {
+    /** Unique warrant identifier */
+    id: WarrantId;
+    /** Agent this warrant governs */
+    agent_id: string;
+    /** Policy template reference */
+    policy_id: string;
+    /** Current state */
+    state: WarrantState;
+    /** Liability tier */
+    tier: WarrantTier;
+    /** Operational constraints */
+    constraints: WarrantConstraints;
+    /** Creation timestamp */
+    created_at: Timestamp;
+    /** Activation timestamp (null if not yet activated) */
+    activated_at: Timestamp | null;
+    /** Expiration timestamp */
+    expires_at: Timestamp;
+    /** Revocation timestamp (null if not revoked) */
+    revoked_at: Timestamp | null;
+    /** Revocation reason */
+    revocation_reason?: string;
+    /** Issuer identity */
+    issued_by: string;
+    /** HMAC seal */
+    seal: Seal;
+    /** Protocol version */
+    version: 'v3.0';
+}
+export interface SpeculativeWarrant extends Warrant {
+    state: 'SPECULATIVE';
+    /** Speculative expiry (60s from creation) */
+    speculative_expires_at: Timestamp;
+    /** Pre-computed activation seal */
+    activation_seal: Seal;
+}
+export interface WarrantEvent {
+    warrant_id: WarrantId;
+    event_type: 'created' | 'activated' | 'revoked' | 'expired' | 'archived';
+    timestamp: Timestamp;
+    actor: {
+        type: 'user' | 'system';
+        id: string;
+        email?: string;
+    };
+    reason: string | undefined;
+    previous_state: WarrantState;
+    new_state: WarrantState;
+    hash: Hash;
+    parent_hash: Hash | null;
+}
+export declare class WarrantCache {
+    private cache;
+    private speculative;
+    private revocations;
+    private readonly DEFAULT_TTL;
+    private readonly SPECULATIVE_TTL;
+    /**
+     * Store a warrant in cache
+     */
+    set(warrant: Warrant | SpeculativeWarrant, ttl?: number): void;
+    /**
+     * Get a warrant from cache
+     * Returns null if not found, expired, or revoked
+     */
+    get(id: WarrantId): Warrant | SpeculativeWarrant | null;
+    /**
+     * Get speculative warrants for an agent
+     * For pre-staged activation
+     */
+    getSpeculativeForAgent(agentId: string): SpeculativeWarrant[];
+    /**
+     * Record a revocation
+     * Propagates immediately (WARRANT-INV-002)
+     */
+    revoke(id: WarrantId): void;
+    /**
+     * Check if a warrant is revoked
+     */
+    isRevoked(id: WarrantId): boolean;
+    /**
+     * Clear expired entries
+     */
+    cleanup(): number;
+    /**
+     * Get cache statistics
+     */
+    getStats(): {
+        size: number;
+        speculative: number;
+        revocations: number;
+    };
+}
+export declare class WarrantEngine {
+    private key;
+    private cache;
+    private commitmentEngine;
+    private eventLog;
+    private lastEventHash;
+    constructor(commitmentEngine: CommitmentEngine);
+    /**
+     * Initialize the engine with a seal key
+     */
+    initialize(sealKey: string): Promise<void>;
+    /**
+     * Create a speculative warrant (pre-staged)
+     * WARRANT-INV-001: Expires in 60s if not activated
+     */
+    createSpeculative(params: {
+        agent_id: string;
+        policy_id: string;
+        tier: WarrantTier;
+        constraints: WarrantConstraints;
+        duration_ms: number;
+        issued_by: string;
+    }): Promise<SpeculativeWarrant>;
+    /**
+     * Activate a speculative warrant
+     * Target: <10ms (cache hit)
+     * WARRANT-INV-003: Immediately sealed (L1)
+     */
+    activate(id: WarrantId): Promise<Warrant>;
+    /**
+     * Revoke a warrant
+     * WARRANT-INV-002: Propagates to all caches within 100ms
+     */
+    revoke(id: WarrantId, reason: string, actor: {
+        type: 'user' | 'system';
+        id: string;
+    }): Promise<Warrant>;
+    /**
+     * Check if an action is authorized by warrant
+     * Returns matching warrant or null
+     */
+    checkAuthorization(params: {
+        agent_id: string;
+        action: string;
+        amount?: number;
+        domain?: string;
+    }): Promise<Warrant | null>;
+    /**
+     * Check if action meets warrant constraints
+     */
+    private meetsConstraints;
+    /**
+     * Log a warrant event with hash chain
+     */
+    private logEvent;
+    /**
+     * Get event log for a warrant
+     */
+    getEventLog(warrantId?: WarrantId): WarrantEvent[];
+    /**
+     * Get cache statistics
+     */
+    getCacheStats(): ReturnType<WarrantCache['getStats']>;
+}
+export declare const TIER_LIMITS: Record<WarrantTier, {
+    maxExposure: number;
+    maxCalls: number;
+    requiresApproval: boolean;
+}>;
+//# sourceMappingURL=engine.d.ts.map

package/dist/warrant/engine.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"engine.d.ts","sourceRoot":"","sources":["../../src/warrant/engine.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAEH,OAAO,EACL,IAAI,EACJ,IAAI,EACJ,SAAS,EACT,SAAS,EAMV,MAAM,mBAAmB,CAAC;AAE3B,OAAO,EAAE,gBAAgB,EAAE,MAAM,uBAAuB,CAAC;AAMzD,MAAM,MAAM,YAAY,GACpB,OAAO,GACP,SAAS,GACT,aAAa,GACb,QAAQ,GACR,SAAS,GACT,SAAS,GACT,UAAU,CAAC;AAEf,MAAM,MAAM,WAAW,GAAG,IAAI,GAAG,IAAI,GAAG,IAAI,CAAC;AAE7C,MAAM,WAAW,kBAAkB;IACjC,oCAAoC;IACpC,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,kCAAkC;IAClC,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,iCAAiC;IACjC,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,mDAAmD;IACnD,eAAe,CAAC,EAAE,MAAM,EAAE,CAAC;IAC3B,mBAAmB;IACnB,UAAU,CAAC,EAAE,OAAO,CAAC;IACrB,sBAAsB;IACtB,cAAc,CAAC,EAAE,MAAM,EAAE,CAAC;IAC1B,yBAAyB;IACzB,MAAM,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CAClC;AAED,MAAM,WAAW,OAAO;IACtB,gCAAgC;IAChC,EAAE,EAAE,SAAS,CAAC;IACd,iCAAiC;IACjC,QAAQ,EAAE,MAAM,CAAC;IACjB,gCAAgC;IAChC,SAAS,EAAE,MAAM,CAAC;IAClB,oBAAoB;IACpB,KAAK,EAAE,YAAY,CAAC;IACpB,qBAAqB;IACrB,IAAI,EAAE,WAAW,CAAC;IAClB,8BAA8B;IAC9B,WAAW,EAAE,kBAAkB,CAAC;IAChC,yBAAyB;IACzB,UAAU,EAAE,SAAS,CAAC;IACtB,uDAAuD;IACvD,YAAY,EAAE,SAAS,GAAG,IAAI,CAAC;IAC/B,2BAA2B;IAC3B,UAAU,EAAE,SAAS,CAAC;IACtB,iDAAiD;IACjD,UAAU,EAAE,SAAS,GAAG,IAAI,CAAC;IAC7B,wBAAwB;IACxB,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B,sBAAsB;IACtB,SAAS,EAAE,MAAM,CAAC;IAClB,gBAAgB;IAChB,IAAI,EAAE,IAAI,CAAC;IACX,uBAAuB;IACvB,OAAO,EAAE,MAAM,CAAC;CACjB;AAED,MAAM,WAAW,kBAAmB,SAAQ,OAAO;IACjD,KAAK,EAAE,aAAa,CAAC;IACrB,6CAA6C;IAC7C,sBAAsB,EAAE,SAAS,CAAC;IAClC,mCAAmC;IACnC,eAAe,EAAE,IAAI,CAAC;CACvB;AAED,MAAM,WAAW,YAAY;IAC3B,UAAU,EAAE,SAAS,CAAC;IACtB,UAAU,EAAE,SAAS,GAAG,WAAW,GAAG,SAAS,GAAG,SAAS,GAAG,UAAU,CAAC;IACzE,SAAS,EAAE,SAAS,CAAC;IACrB,KAAK,EAAE;QACL,IAAI,EAAE,MAAM,GAAG,QAAQ,CAAC;QACxB,EAAE,EAAE,MAAM,CAAC;QACX,KAAK,CAAC,EAAE,MAAM,CAAC;KAChB,CAAC;IACF,MAAM,EAAE,MAAM,GAAG,SAAS,CAAC;IAC3B,cAAc,EAAE,YAAY,CAAC;IAC7B,SAAS,EAAE,YAAY,CAAC;IACxB,IAAI,EAAE,IAAI,CAAC;IACX,WAAW,EAAE,IAAI,GAAG,IAAI,CAAC;CAC1B;AAYD,qBAAa,YAAY;IACvB,OAAO,CAAC,KAAK,CAAyC;IACtD,OAAO,CAAC,WAAW,CAAuC;IAC1D,OAAO,CAAC,WAAW,CAA6B;IAEhD,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAiB;IAC7C,OAAO,CAAC,QAAQ,CAAC,eAAe,CAAa;IAE7C;;OAEG;IACH,GAAG,CAAC,OAAO,EAAE,OAAO,GAAG,kBAAkB,EAAE,GAAG,CAAC,EAAE,MAAM,GAAG,IAAI;IAmB9D;;;OAGG;IACH,GAAG,CAAC,EAAE,EAAE,SAAS,GAAG,OAAO,GAAG,kBAAkB,GAAG,IAAI;IAoBvD;;;OAGG;IACH,sBAAsB,CAAC,OAAO,EAAE,MAAM,GAAG,kBAAkB,EAAE;IAc7D;;;OAGG;IACH,MAAM,CAAC,EAAE,EAAE,SAAS,GAAG,IAAI;IAa3B;;OAEG;IACH,SAAS,CAAC,EAAE,EAAE,SAAS,GAAG,OAAO;IAIjC;;OAEG;IACH,OAAO,IAAI,MAAM;IAcjB;;OAEG;IACH,QAAQ,IAAI;QACV,IAAI,EAAE,MAAM,CAAC;QACb,WAAW,EAAE,MAAM,CAAC;QACpB,WAAW,EAAE,MAAM,CAAC;KACrB;CAOF;AAMD,qBAAa,aAAa;IACxB,OAAO,CAAC,GAAG,CAA0B;IACrC,OAAO,CAAC,KAAK,CAAe;IAC5B,OAAO,CAAC,gBAAgB,CAAmB;IAC3C,OAAO,CAAC,QAAQ,CAAsB;IACtC,OAAO,CAAC,aAAa,CAAqB;gBAE9B,gBAAgB,EAAE,gBAAgB;IAK9C;;OAEG;IACG,UAAU,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAIhD;;;OAGG;IACG,iBAAiB,CAAC,MAAM,EAAE;QAC9B,QAAQ,EAAE,MAAM,CAAC;QACjB,SAAS,EAAE,MAAM,CAAC;QAClB,IAAI,EAAE,WAAW,CAAC;QAClB,WAAW,EAAE,kBAAkB,CAAC;QAChC,WAAW,EAAE,MAAM,CAAC;QACpB,SAAS,EAAE,MAAM,CAAC;KACnB,GAAG,OAAO,CAAC,kBAAkB,CAAC;IA0E/B;;;;OAIG;IACG,QAAQ,CAAC,EAAE,EAAE,SAAS,GAAG,OAAO,CAAC,OAAO,CAAC;IAmE/C;;;OAGG;IACG,MAAM,CAAC,EAAE,EAAE,SAAS,EAAE,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE;QAAE,IAAI,EAAE,MAAM,GAAG,QAAQ,CAAC;QAAC,EAAE,EAAE,MAAM,CAAA;KAAE,GAAG,OAAO,CAAC,OAAO,CAAC;IAsD7G;;;OAGG;IACG,kBAAkB,CAAC,MAAM,EAAE;QAC/B,QAAQ,EAAE,MAAM,CAAC;QACjB,MAAM,EAAE,MAAM,CAAC;QACf,MAAM,CAAC,EAAE,MAAM,CAAC;QAChB,MAAM,CAAC,EAAE,MAAM,CAAC;KACjB,GAAG,OAAO,CAAC,OAAO,GAAG,IAAI,CAAC;IAwB3B;;OAEG;IACH,OAAO,CAAC,gBAAgB;IAqBxB;;OAEG;YACW,QAAQ;IAgCtB;;OAEG;IACH,WAAW,CAAC,SAAS,CAAC,EAAE,SAAS,GAAG,YAAY,EAAE;IAOlD;;OAEG;IACH,aAAa,IAAI,UAAU,CAAC,YAAY,CAAC,UAAU,CAAC,CAAC;CAGtD;AAMD,eAAO,MAAM,WAAW,EAAE,MAAM,CAAC,WAAW,EAAE;IAC5C,WAAW,EAAE,MAAM,CAAC;IACpB,QAAQ,EAAE,MAAM,CAAC;IACjB,gBAAgB,EAAE,OAAO,CAAC;CAC3B,CAgBA,CAAC"}

package/dist/warrant/engine.js

@@ -0,0 +1,409 @@
+/**
+ * mdash v3.0 - Warrant System
+ *
+ * Speculative warrant issuance with cryptographic invalidation.
+ * Target: <10ms activation (cache hit)
+ *
+ * Invariants:
+ * - WARRANT-INV-001: Speculative warrants expire within 60s if not activated
+ * - WARRANT-INV-002: Revocation propagates to all caches within 100ms
+ * - WARRANT-INV-003: Activated warrants immediately sealed (L1)
+ */
+import { generateWarrantId, generateTimestamp, sha256Object, hmacSeal, deriveKey, } from '../core/crypto.js';
+export class WarrantCache {
+    cache = new Map();
+    speculative = new Map(); // agent_id -> warrant_ids
+    revocations = new Set();
+    DEFAULT_TTL = 5 * 60 * 1000; // 5 minutes
+    SPECULATIVE_TTL = 60 * 1000; // 60 seconds (WARRANT-INV-001)
+    /**
+     * Store a warrant in cache
+     */
+    set(warrant, ttl) {
+        const effectiveTtl = warrant.state === 'SPECULATIVE'
+            ? this.SPECULATIVE_TTL
+            : (ttl || this.DEFAULT_TTL);
+        this.cache.set(warrant.id, {
+            warrant,
+            cached_at: Date.now(),
+            ttl_ms: effectiveTtl,
+        });
+        // Track speculative warrants by agent
+        if (warrant.state === 'SPECULATIVE') {
+            const existing = this.speculative.get(warrant.agent_id) || [];
+            existing.push(warrant.id);
+            this.speculative.set(warrant.agent_id, existing);
+        }
+    }
+    /**
+     * Get a warrant from cache
+     * Returns null if not found, expired, or revoked
+     */
+    get(id) {
+        // Check revocation first (WARRANT-INV-002)
+        if (this.revocations.has(id)) {
+            return null;
+        }
+        const entry = this.cache.get(id);
+        if (!entry) {
+            return null;
+        }
+        // Check TTL
+        if (Date.now() - entry.cached_at > entry.ttl_ms) {
+            this.cache.delete(id);
+            return null;
+        }
+        return entry.warrant;
+    }
+    /**
+     * Get speculative warrants for an agent
+     * For pre-staged activation
+     */
+    getSpeculativeForAgent(agentId) {
+        const ids = this.speculative.get(agentId) || [];
+        const warrants = [];
+        for (const id of ids) {
+            const warrant = this.get(id);
+            if (warrant && warrant.state === 'SPECULATIVE') {
+                warrants.push(warrant);
+            }
+        }
+        return warrants;
+    }
+    /**
+     * Record a revocation
+     * Propagates immediately (WARRANT-INV-002)
+     */
+    revoke(id) {
+        this.revocations.add(id);
+        this.cache.delete(id);
+        // Remove from speculative tracking
+        for (const [agentId, ids] of this.speculative) {
+            const filtered = ids.filter(i => i !== id);
+            if (filtered.length !== ids.length) {
+                this.speculative.set(agentId, filtered);
+            }
+        }
+    }
+    /**
+     * Check if a warrant is revoked
+     */
+    isRevoked(id) {
+        return this.revocations.has(id);
+    }
+    /**
+     * Clear expired entries
+     */
+    cleanup() {
+        let removed = 0;
+        const now = Date.now();
+        for (const [id, entry] of this.cache) {
+            if (now - entry.cached_at > entry.ttl_ms) {
+                this.cache.delete(id);
+                removed++;
+            }
+        }
+        return removed;
+    }
+    /**
+     * Get cache statistics
+     */
+    getStats() {
+        return {
+            size: this.cache.size,
+            speculative: Array.from(this.speculative.values()).flat().length,
+            revocations: this.revocations.size,
+        };
+    }
+}
+// ============================================================================
+// WARRANT ENGINE
+// ============================================================================
+export class WarrantEngine {
+    key = null;
+    cache;
+    commitmentEngine;
+    eventLog = [];
+    lastEventHash = null;
+    constructor(commitmentEngine) {
+        this.cache = new WarrantCache();
+        this.commitmentEngine = commitmentEngine;
+    }
+    /**
+     * Initialize the engine with a seal key
+     */
+    async initialize(sealKey) {
+        this.key = await deriveKey(sealKey);
+    }
+    /**
+     * Create a speculative warrant (pre-staged)
+     * WARRANT-INV-001: Expires in 60s if not activated
+     */
+    async createSpeculative(params) {
+        if (!this.key) {
+            throw new Error('Engine not initialized. Call initialize() first.');
+        }
+        const startTime = performance.now();
+        const id = generateWarrantId();
+        const now = generateTimestamp();
+        const expiresAt = new Date(Date.now() + params.duration_ms).toISOString();
+        const speculativeExpiresAt = new Date(Date.now() + 60000).toISOString();
+        // Pre-compute activation seal
+        const activationData = {
+            _v: 1,
+            id,
+            agent_id: params.agent_id,
+            activated: true,
+        };
+        const activationSeal = await hmacSeal(activationData, this.key);
+        // Seal the warrant
+        const warrantData = {
+            _v: 1,
+            id,
+            agent_id: params.agent_id,
+            policy_id: params.policy_id,
+            state: 'SPECULATIVE',
+            tier: params.tier,
+            constraints: params.constraints,
+            created_at: now,
+            expires_at: expiresAt,
+            issued_by: params.issued_by,
+        };
+        const seal = await hmacSeal(warrantData, this.key);
+        const warrant = {
+            id,
+            agent_id: params.agent_id,
+            policy_id: params.policy_id,
+            state: 'SPECULATIVE',
+            tier: params.tier,
+            constraints: params.constraints,
+            created_at: now,
+            activated_at: null,
+            expires_at: expiresAt,
+            revoked_at: null,
+            issued_by: params.issued_by,
+            seal,
+            version: 'v3.0',
+            speculative_expires_at: speculativeExpiresAt,
+            activation_seal: activationSeal,
+        };
+        // Cache for fast activation
+        this.cache.set(warrant);
+        // Log event
+        await this.logEvent({
+            warrant_id: id,
+            event_type: 'created',
+            actor: { type: 'user', id: params.issued_by },
+            previous_state: 'DRAFT',
+            new_state: 'SPECULATIVE',
+        });
+        const elapsed = performance.now() - startTime;
+        if (elapsed > 10) {
+            console.warn(`Speculative warrant creation exceeded target: ${elapsed.toFixed(2)}ms`);
+        }
+        return warrant;
+    }
+    /**
+     * Activate a speculative warrant
+     * Target: <10ms (cache hit)
+     * WARRANT-INV-003: Immediately sealed (L1)
+     */
+    async activate(id) {
+        if (!this.key) {
+            throw new Error('Engine not initialized. Call initialize() first.');
+        }
+        const startTime = performance.now();
+        // Try cache first
+        const cached = this.cache.get(id);
+        if (!cached) {
+            throw new Error(`Warrant not found or expired: ${id}`);
+        }
+        if (cached.state !== 'SPECULATIVE') {
+            throw new Error(`Warrant not in SPECULATIVE state: ${cached.state}`);
+        }
+        const specWarrant = cached;
+        // Check speculative expiry (WARRANT-INV-001)
+        if (new Date(specWarrant.speculative_expires_at) < new Date()) {
+            this.cache.revoke(id);
+            throw new Error('Speculative warrant expired (60s limit)');
+        }
+        const now = generateTimestamp();
+        // Create activated warrant
+        const activatedWarrant = {
+            id: specWarrant.id,
+            agent_id: specWarrant.agent_id,
+            policy_id: specWarrant.policy_id,
+            state: 'ACTIVE',
+            tier: specWarrant.tier,
+            constraints: specWarrant.constraints,
+            created_at: specWarrant.created_at,
+            activated_at: now,
+            expires_at: specWarrant.expires_at,
+            revoked_at: null,
+            issued_by: specWarrant.issued_by,
+            seal: specWarrant.seal, // Original seal preserved
+            version: 'v3.0',
+        };
+        // WARRANT-INV-003: Immediately seal via commitment layer
+        await this.commitmentEngine.commit(activatedWarrant, `warrant:${id}`);
+        // Update cache
+        this.cache.set(activatedWarrant);
+        // Log event
+        await this.logEvent({
+            warrant_id: id,
+            event_type: 'activated',
+            actor: { type: 'system', id: 'warrant-engine' },
+            previous_state: 'SPECULATIVE',
+            new_state: 'ACTIVE',
+        });
+        const elapsed = performance.now() - startTime;
+        if (elapsed > 10) {
+            console.warn(`Warrant activation exceeded target: ${elapsed.toFixed(2)}ms`);
+        }
+        return activatedWarrant;
+    }
+    /**
+     * Revoke a warrant
+     * WARRANT-INV-002: Propagates to all caches within 100ms
+     */
+    async revoke(id, reason, actor) {
+        if (!this.key) {
+            throw new Error('Engine not initialized. Call initialize() first.');
+        }
+        const startTime = performance.now();
+        const warrant = this.cache.get(id);
+        if (!warrant) {
+            throw new Error(`Warrant not found: ${id}`);
+        }
+        if (warrant.state === 'REVOKED' || warrant.state === 'ARCHIVED') {
+            throw new Error(`Warrant already ${warrant.state}`);
+        }
+        const previousState = warrant.state;
+        const now = generateTimestamp();
+        // Create revoked warrant
+        const revokedWarrant = {
+            ...warrant,
+            state: 'REVOKED',
+            revoked_at: now,
+            revocation_reason: reason,
+        };
+        // Seal revocation
+        await this.commitmentEngine.commit({ warrant_id: id, revoked_at: now, reason }, `revocation:${id}`);
+        // WARRANT-INV-002: Immediate cache revocation
+        this.cache.revoke(id);
+        // Log event
+        await this.logEvent({
+            warrant_id: id,
+            event_type: 'revoked',
+            actor,
+            reason,
+            previous_state: previousState,
+            new_state: 'REVOKED',
+        });
+        const elapsed = performance.now() - startTime;
+        if (elapsed > 100) {
+            console.warn(`Warrant revocation exceeded propagation target: ${elapsed.toFixed(2)}ms`);
+        }
+        return revokedWarrant;
+    }
+    /**
+     * Check if an action is authorized by warrant
+     * Returns matching warrant or null
+     */
+    async checkAuthorization(params) {
+        const startTime = performance.now();
+        // Get speculative warrants for agent
+        const specWarrants = this.cache.getSpeculativeForAgent(params.agent_id);
+        for (const warrant of specWarrants) {
+            // Check constraints
+            if (this.meetsConstraints(warrant.constraints, params)) {
+                // Activate on first matching warrant
+                const activated = await this.activate(warrant.id);
+                const elapsed = performance.now() - startTime;
+                if (elapsed > 10) {
+                    console.warn(`Authorization check exceeded target: ${elapsed.toFixed(2)}ms`);
+                }
+                return activated;
+            }
+        }
+        return null;
+    }
+    /**
+     * Check if action meets warrant constraints
+     */
+    meetsConstraints(constraints, action) {
+        // Check amount limit
+        if (constraints.maxAmount !== undefined && action.amount !== undefined) {
+            if (action.amount > constraints.maxAmount) {
+                return false;
+            }
+        }
+        // Check domain allowlist
+        if (constraints.allowedDomains && action.domain) {
+            if (!constraints.allowedDomains.includes(action.domain)) {
+                return false;
+            }
+        }
+        return true;
+    }
+    /**
+     * Log a warrant event with hash chain
+     */
+    async logEvent(params) {
+        const timestamp = generateTimestamp();
+        const event = {
+            warrant_id: params.warrant_id,
+            event_type: params.event_type,
+            timestamp,
+            actor: params.actor,
+            reason: params.reason,
+            previous_state: params.previous_state,
+            new_state: params.new_state,
+            hash: '', // Will be computed
+            parent_hash: this.lastEventHash,
+        };
+        // Compute event hash
+        event.hash = await sha256Object({
+            ...event,
+            hash: undefined, // Exclude from hash computation
+        });
+        this.eventLog.push(event);
+        this.lastEventHash = event.hash;
+    }
+    /**
+     * Get event log for a warrant
+     */
+    getEventLog(warrantId) {
+        if (warrantId) {
+            return this.eventLog.filter(e => e.warrant_id === warrantId);
+        }
+        return [...this.eventLog];
+    }
+    /**
+     * Get cache statistics
+     */
+    getCacheStats() {
+        return this.cache.getStats();
+    }
+}
+// ============================================================================
+// TIER DEFINITIONS
+// ============================================================================
+export const TIER_LIMITS = {
+    T1: {
+        maxExposure: 1000,
+        maxCalls: 100,
+        requiresApproval: false,
+    },
+    T2: {
+        maxExposure: 100000,
+        maxCalls: 1000,
+        requiresApproval: false,
+    },
+    T3: {
+        maxExposure: Infinity,
+        maxCalls: Infinity,
+        requiresApproval: true,
+    },
+};
+//# sourceMappingURL=engine.js.map

package/dist/warrant/engine.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"engine.js","sourceRoot":"","sources":["../../src/warrant/engine.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAEH,OAAO,EAKL,iBAAiB,EACjB,iBAAiB,EACjB,YAAY,EACZ,QAAQ,EACR,SAAS,GACV,MAAM,mBAAmB,CAAC;AAqG3B,MAAM,OAAO,YAAY;IACf,KAAK,GAA+B,IAAI,GAAG,EAAE,CAAC;IAC9C,WAAW,GAA6B,IAAI,GAAG,EAAE,CAAC,CAAC,0BAA0B;IAC7E,WAAW,GAAmB,IAAI,GAAG,EAAE,CAAC;IAE/B,WAAW,GAAG,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC,YAAY;IACzC,eAAe,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC,+BAA+B;IAE7E;;OAEG;IACH,GAAG,CAAC,OAAqC,EAAE,GAAY;QACrD,MAAM,YAAY,GAAG,OAAO,CAAC,KAAK,KAAK,aAAa;YAClD,CAAC,CAAC,IAAI,CAAC,eAAe;YACtB,CAAC,CAAC,CAAC,GAAG,IAAI,IAAI,CAAC,WAAW,CAAC,CAAC;QAE9B,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,OAAO,CAAC,EAAE,EAAE;YACzB,OAAO;YACP,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;YACrB,MAAM,EAAE,YAAY;SACrB,CAAC,CAAC;QAEH,sCAAsC;QACtC,IAAI,OAAO,CAAC,KAAK,KAAK,aAAa,EAAE,CAAC;YACpC,MAAM,QAAQ,GAAG,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,OAAO,CAAC,QAAQ,CAAC,IAAI,EAAE,CAAC;YAC9D,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC;YAC1B,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,OAAO,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;QACnD,CAAC;IACH,CAAC;IAED;;;OAGG;IACH,GAAG,CAAC,EAAa;QACf,2CAA2C;QAC3C,IAAI,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE,CAAC;YAC7B,OAAO,IAAI,CAAC;QACd,CAAC;QAED,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QACjC,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,OAAO,IAAI,CAAC;QACd,CAAC;QAED,YAAY;QACZ,IAAI,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK,CAAC,SAAS,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC;YAChD,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;YACtB,OAAO,IAAI,CAAC;QACd,CAAC;QAED,OAAO,KAAK,CAAC,OAAO,CAAC;IACvB,CAAC;IAED;;;OAGG;IACH,sBAAsB,CAAC,OAAe;QACpC,MAAM,GAAG,GAAG,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC;QAChD,MAAM,QAAQ,GAAyB,EAAE,CAAC;QAE1C,KAAK,MAAM,EAAE,IAAI,GAAG,EAAE,CAAC;YACrB,MAAM,OAAO,GAAG,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;YAC7B,IAAI,OAAO,IAAI,OAAO,CAAC,KAAK,KAAK,aAAa,EAAE,CAAC;gBAC/C,QAAQ,CAAC,IAAI,CAAC,OAA6B,CAAC,CAAC;YAC/C,CAAC;QACH,CAAC;QAED,OAAO,QAAQ,CAAC;IAClB,CAAC;IAED;;;OAGG;IACH,MAAM,CAAC,EAAa;QAClB,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QACzB,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;QAEtB,mCAAmC;QACnC,KAAK,MAAM,CAAC,OAAO,EAAE,GAAG,CAAC,IAAI,IAAI,CAAC,WAAW,EAAE,CAAC;YAC9C,MAAM,QAAQ,GAAG,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,KAAK,EAAE,CAAC,CAAC;YAC3C,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,CAAC,MAAM,EAAE,CAAC;gBACnC,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC;YAC1C,CAAC;QACH,CAAC;IACH,CAAC;IAED;;OAEG;IACH,SAAS,CAAC,EAAa;QACrB,OAAO,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAClC,CAAC;IAED;;OAEG;IACH,OAAO;QACL,IAAI,OAAO,GAAG,CAAC,CAAC;QAChB,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QAEvB,KAAK,MAAM,CAAC,EAAE,EAAE,KAAK,CAAC,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;YACrC,IAAI,GAAG,GAAG,KAAK,CAAC,SAAS,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC;gBACzC,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;gBACtB,OAAO,EAAE,CAAC;YACZ,CAAC;QACH,CAAC;QAED,OAAO,OAAO,CAAC;IACjB,CAAC;IAED;;OAEG;IACH,QAAQ;QAKN,OAAO;YACL,IAAI,EAAE,IAAI,CAAC,KAAK,CAAC,IAAI;YACrB,WAAW,EAAE,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC,MAAM;YAChE,WAAW,EAAE,IAAI,CAAC,WAAW,CAAC,IAAI;SACnC,CAAC;IACJ,CAAC;CACF;AAED,+EAA+E;AAC/E,iBAAiB;AACjB,+EAA+E;AAE/E,MAAM,OAAO,aAAa;IAChB,GAAG,GAAqB,IAAI,CAAC;IAC7B,KAAK,CAAe;IACpB,gBAAgB,CAAmB;IACnC,QAAQ,GAAmB,EAAE,CAAC;IAC9B,aAAa,GAAgB,IAAI,CAAC;IAE1C,YAAY,gBAAkC;QAC5C,IAAI,CAAC,KAAK,GAAG,IAAI,YAAY,EAAE,CAAC;QAChC,IAAI,CAAC,gBAAgB,GAAG,gBAAgB,CAAC;IAC3C,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,UAAU,CAAC,OAAe;QAC9B,IAAI,CAAC,GAAG,GAAG,MAAM,SAAS,CAAC,OAAO,CAAC,CAAC;IACtC,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,iBAAiB,CAAC,MAOvB;QACC,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC;YACd,MAAM,IAAI,KAAK,CAAC,kDAAkD,CAAC,CAAC;QACtE,CAAC;QAED,MAAM,SAAS,GAAG,WAAW,CAAC,GAAG,EAAE,CAAC;QAEpC,MAAM,EAAE,GAAG,iBAAiB,EAAE,CAAC;QAC/B,MAAM,GAAG,GAAG,iBAAiB,EAAE,CAAC;QAChC,MAAM,SAAS,GAAG,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,MAAM,CAAC,WAAW,CAAC,CAAC,WAAW,EAAe,CAAC;QACvF,MAAM,oBAAoB,GAAG,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK,CAAC,CAAC,WAAW,EAAe,CAAC;QAErF,8BAA8B;QAC9B,MAAM,cAAc,GAAG;YACrB,EAAE,EAAE,CAAC;YACL,EAAE;YACF,QAAQ,EAAE,MAAM,CAAC,QAAQ;YACzB,SAAS,EAAE,IAAI;SAChB,CAAC;QACF,MAAM,cAAc,GAAG,MAAM,QAAQ,CAAC,cAAc,EAAE,IAAI,CAAC,GAAG,CAAC,CAAC;QAEhE,mBAAmB;QACnB,MAAM,WAAW,GAAG;YAClB,EAAE,EAAE,CAAC;YACL,EAAE;YACF,QAAQ,EAAE,MAAM,CAAC,QAAQ;YACzB,SAAS,EAAE,MAAM,CAAC,SAAS;YAC3B,KAAK,EAAE,aAAa;YACpB,IAAI,EAAE,MAAM,CAAC,IAAI;YACjB,WAAW,EAAE,MAAM,CAAC,WAAW;YAC/B,UAAU,EAAE,GAAG;YACf,UAAU,EAAE,SAAS;YACrB,SAAS,EAAE,MAAM,CAAC,SAAS;SAC5B,CAAC;QACF,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,WAAW,EAAE,IAAI,CAAC,GAAG,CAAC,CAAC;QAEnD,MAAM,OAAO,GAAuB;YAClC,EAAE;YACF,QAAQ,EAAE,MAAM,CAAC,QAAQ;YACzB,SAAS,EAAE,MAAM,CAAC,SAAS;YAC3B,KAAK,EAAE,aAAa;YACpB,IAAI,EAAE,MAAM,CAAC,IAAI;YACjB,WAAW,EAAE,MAAM,CAAC,WAAW;YAC/B,UAAU,EAAE,GAAG;YACf,YAAY,EAAE,IAAI;YAClB,UAAU,EAAE,SAAS;YACrB,UAAU,EAAE,IAAI;YAChB,SAAS,EAAE,MAAM,CAAC,SAAS;YAC3B,IAAI;YACJ,OAAO,EAAE,MAAM;YACf,sBAAsB,EAAE,oBAAoB;YAC5C,eAAe,EAAE,cAAc;SAChC,CAAC;QAEF,4BAA4B;QAC5B,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;QAExB,YAAY;QACZ,MAAM,IAAI,CAAC,QAAQ,CAAC;YAClB,UAAU,EAAE,EAAE;YACd,UAAU,EAAE,SAAS;YACrB,KAAK,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,EAAE,EAAE,MAAM,CAAC,SAAS,EAAE;YAC7C,cAAc,EAAE,OAAuB;YACvC,SAAS,EAAE,aAAa;SACzB,CAAC,CAAC;QAEH,MAAM,OAAO,GAAG,WAAW,CAAC,GAAG,EAAE,GAAG,SAAS,CAAC;QAC9C,IAAI,OAAO,GAAG,EAAE,EAAE,CAAC;YACjB,OAAO,CAAC,IAAI,CAAC,iDAAiD,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;QACxF,CAAC;QAED,OAAO,OAAO,CAAC;IACjB,CAAC;IAED;;;;OAIG;IACH,KAAK,CAAC,QAAQ,CAAC,EAAa;QAC1B,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC;YACd,MAAM,IAAI,KAAK,CAAC,kDAAkD,CAAC,CAAC;QACtE,CAAC;QAED,MAAM,SAAS,GAAG,WAAW,CAAC,GAAG,EAAE,CAAC;QAEpC,kBAAkB;QAClB,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QAClC,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,MAAM,IAAI,KAAK,CAAC,iCAAiC,EAAE,EAAE,CAAC,CAAC;QACzD,CAAC;QAED,IAAI,MAAM,CAAC,KAAK,KAAK,aAAa,EAAE,CAAC;YACnC,MAAM,IAAI,KAAK,CAAC,qCAAqC,MAAM,CAAC,KAAK,EAAE,CAAC,CAAC;QACvE,CAAC;QAED,MAAM,WAAW,GAAG,MAA4B,CAAC;QAEjD,6CAA6C;QAC7C,IAAI,IAAI,IAAI,CAAC,WAAW,CAAC,sBAAsB,CAAC,GAAG,IAAI,IAAI,EAAE,EAAE,CAAC;YAC9D,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;YACtB,MAAM,IAAI,KAAK,CAAC,yCAAyC,CAAC,CAAC;QAC7D,CAAC;QAED,MAAM,GAAG,GAAG,iBAAiB,EAAE,CAAC;QAEhC,2BAA2B;QAC3B,MAAM,gBAAgB,GAAY;YAChC,EAAE,EAAE,WAAW,CAAC,EAAE;YAClB,QAAQ,EAAE,WAAW,CAAC,QAAQ;YAC9B,SAAS,EAAE,WAAW,CAAC,SAAS;YAChC,KAAK,EAAE,QAAQ;YACf,IAAI,EAAE,WAAW,CAAC,IAAI;YACtB,WAAW,EAAE,WAAW,CAAC,WAAW;YACpC,UAAU,EAAE,WAAW,CAAC,UAAU;YAClC,YAAY,EAAE,GAAG;YACjB,UAAU,EAAE,WAAW,CAAC,UAAU;YAClC,UAAU,EAAE,IAAI;YAChB,SAAS,EAAE,WAAW,CAAC,SAAS;YAChC,IAAI,EAAE,WAAW,CAAC,IAAI,EAAE,0BAA0B;YAClD,OAAO,EAAE,MAAM;SAChB,CAAC;QAEF,yDAAyD;QACzD,MAAM,IAAI,CAAC,gBAAgB,CAAC,MAAM,CAAC,gBAAgB,EAAE,WAAW,EAAE,EAAE,CAAC,CAAC;QAEtE,eAAe;QACf,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,gBAAgB,CAAC,CAAC;QAEjC,YAAY;QACZ,MAAM,IAAI,CAAC,QAAQ,CAAC;YAClB,UAAU,EAAE,EAAE;YACd,UAAU,EAAE,WAAW;YACvB,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,EAAE,EAAE,gBAAgB,EAAE;YAC/C,cAAc,EAAE,aAAa;YAC7B,SAAS,EAAE,QAAQ;SACpB,CAAC,CAAC;QAEH,MAAM,OAAO,GAAG,WAAW,CAAC,GAAG,EAAE,GAAG,SAAS,CAAC;QAC9C,IAAI,OAAO,GAAG,EAAE,EAAE,CAAC;YACjB,OAAO,CAAC,IAAI,CAAC,uCAAuC,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;QAC9E,CAAC;QAED,OAAO,gBAAgB,CAAC;IAC1B,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,MAAM,CAAC,EAAa,EAAE,MAAc,EAAE,KAA8C;QACxF,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC;YACd,MAAM,IAAI,KAAK,CAAC,kDAAkD,CAAC,CAAC;QACtE,CAAC;QAED,MAAM,SAAS,GAAG,WAAW,CAAC,GAAG,EAAE,CAAC;QAEpC,MAAM,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QACnC,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,MAAM,IAAI,KAAK,CAAC,sBAAsB,EAAE,EAAE,CAAC,CAAC;QAC9C,CAAC;QAED,IAAI,OAAO,CAAC,KAAK,KAAK,SAAS,IAAI,OAAO,CAAC,KAAK,KAAK,UAAU,EAAE,CAAC;YAChE,MAAM,IAAI,KAAK,CAAC,mBAAmB,OAAO,CAAC,KAAK,EAAE,CAAC,CAAC;QACtD,CAAC;QAED,MAAM,aAAa,GAAG,OAAO,CAAC,KAAK,CAAC;QACpC,MAAM,GAAG,GAAG,iBAAiB,EAAE,CAAC;QAEhC,yBAAyB;QACzB,MAAM,cAAc,GAAY;YAC9B,GAAG,OAAO;YACV,KAAK,EAAE,SAAS;YAChB,UAAU,EAAE,GAAG;YACf,iBAAiB,EAAE,MAAM;SAC1B,CAAC;QAEF,kBAAkB;QAClB,MAAM,IAAI,CAAC,gBAAgB,CAAC,MAAM,CAChC,EAAE,UAAU,EAAE,EAAE,EAAE,UAAU,EAAE,GAAG,EAAE,MAAM,EAAE,EAC3C,cAAc,EAAE,EAAE,CACnB,CAAC;QAEF,8CAA8C;QAC9C,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;QAEtB,YAAY;QACZ,MAAM,IAAI,CAAC,QAAQ,CAAC;YAClB,UAAU,EAAE,EAAE;YACd,UAAU,EAAE,SAAS;YACrB,KAAK;YACL,MAAM;YACN,cAAc,EAAE,aAAa;YAC7B,SAAS,EAAE,SAAS;SACrB,CAAC,CAAC;QAEH,MAAM,OAAO,GAAG,WAAW,CAAC,GAAG,EAAE,GAAG,SAAS,CAAC;QAC9C,IAAI,OAAO,GAAG,GAAG,EAAE,CAAC;YAClB,OAAO,CAAC,IAAI,CAAC,mDAAmD,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;QAC1F,CAAC;QAED,OAAO,cAAc,CAAC;IACxB,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,kBAAkB,CAAC,MAKxB;QACC,MAAM,SAAS,GAAG,WAAW,CAAC,GAAG,EAAE,CAAC;QAEpC,qCAAqC;QACrC,MAAM,YAAY,GAAG,IAAI,CAAC,KAAK,CAAC,sBAAsB,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;QAExE,KAAK,MAAM,OAAO,IAAI,YAAY,EAAE,CAAC;YACnC,oBAAoB;YACpB,IAAI,IAAI,CAAC,gBAAgB,CAAC,OAAO,CAAC,WAAW,EAAE,MAAM,CAAC,EAAE,CAAC;gBACvD,qCAAqC;gBACrC,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC;gBAElD,MAAM,OAAO,GAAG,WAAW,CAAC,GAAG,EAAE,GAAG,SAAS,CAAC;gBAC9C,IAAI,OAAO,GAAG,EAAE,EAAE,CAAC;oBACjB,OAAO,CAAC,IAAI,CAAC,wCAAwC,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;gBAC/E,CAAC;gBAED,OAAO,SAAS,CAAC;YACnB,CAAC;QACH,CAAC;QAED,OAAO,IAAI,CAAC;IACd,CAAC;IAED;;OAEG;IACK,gBAAgB,CACtB,WAA+B,EAC/B,MAA4C;QAE5C,qBAAqB;QACrB,IAAI,WAAW,CAAC,SAAS,KAAK,SAAS,IAAI,MAAM,CAAC,MAAM,KAAK,SAAS,EAAE,CAAC;YACvE,IAAI,MAAM,CAAC,MAAM,GAAG,WAAW,CAAC,SAAS,EAAE,CAAC;gBAC1C,OAAO,KAAK,CAAC;YACf,CAAC;QACH,CAAC;QAED,yBAAyB;QACzB,IAAI,WAAW,CAAC,cAAc,IAAI,MAAM,CAAC,MAAM,EAAE,CAAC;YAChD,IAAI,CAAC,WAAW,CAAC,cAAc,CAAC,QAAQ,CAAC,MAAM,CAAC,MAAM,CAAC,EAAE,CAAC;gBACxD,OAAO,KAAK,CAAC;YACf,CAAC;QACH,CAAC;QAED,OAAO,IAAI,CAAC;IACd,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,QAAQ,CAAC,MAOtB;QACC,MAAM,SAAS,GAAG,iBAAiB,EAAE,CAAC;QAEtC,MAAM,KAAK,GAAiB;YAC1B,UAAU,EAAE,MAAM,CAAC,UAAU;YAC7B,UAAU,EAAE,MAAM,CAAC,UAAU;YAC7B,SAAS;YACT,KAAK,EAAE,MAAM,CAAC,KAAK;YACnB,MAAM,EAAE,MAAM,CAAC,MAAM;YACrB,cAAc,EAAE,MAAM,CAAC,cAAc;YACrC,SAAS,EAAE,MAAM,CAAC,SAAS;YAC3B,IAAI,EAAE,EAAU,EAAE,mBAAmB;YACrC,WAAW,EAAE,IAAI,CAAC,aAAa;SAChC,CAAC;QAEF,qBAAqB;QACrB,KAAK,CAAC,IAAI,GAAG,MAAM,YAAY,CAAC;YAC9B,GAAG,KAAK;YACR,IAAI,EAAE,SAAS,EAAE,gCAAgC;SAClD,CAAC,CAAC;QAEH,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAC1B,IAAI,CAAC,aAAa,GAAG,KAAK,CAAC,IAAI,CAAC;IAClC,CAAC;IAED;;OAEG;IACH,WAAW,CAAC,SAAqB;QAC/B,IAAI,SAAS,EAAE,CAAC;YACd,OAAO,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,UAAU,KAAK,SAAS,CAAC,CAAC;QAC/D,CAAC;QACD,OAAO,CAAC,GAAG,IAAI,CAAC,QAAQ,CAAC,CAAC;IAC5B,CAAC;IAED;;OAEG;IACH,aAAa;QACX,OAAO,IAAI,CAAC,KAAK,CAAC,QAAQ,EAAE,CAAC;IAC/B,CAAC;CACF;AAED,+EAA+E;AAC/E,mBAAmB;AACnB,+EAA+E;AAE/E,MAAM,CAAC,MAAM,WAAW,GAInB;IACH,EAAE,EAAE;QACF,WAAW,EAAE,IAAI;QACjB,QAAQ,EAAE,GAAG;QACb,gBAAgB,EAAE,KAAK;KACxB;IACD,EAAE,EAAE;QACF,WAAW,EAAE,MAAM;QACnB,QAAQ,EAAE,IAAI;QACd,gBAAgB,EAAE,KAAK;KACxB;IACD,EAAE,EAAE;QACF,WAAW,EAAE,QAAQ;QACrB,QAAQ,EAAE,QAAQ;QAClB,gBAAgB,EAAE,IAAI;KACvB;CACF,CAAC"}