@machina.ai/cell-cli-core 1.10.0-rc1 → 1.13.0-rc1

package/dist/src/policy/config.js

@@ -0,0 +1,197 @@
+/**
+ * @license
+ * Copyright 2025 Google LLC
+ * SPDX-License-Identifier: Apache-2.0
+ */
+import * as path from 'node:path';
+import { fileURLToPath } from 'node:url';
+import { Storage } from '../config/storage.js';
+import { PolicyDecision, } from './types.js';
+import { loadPoliciesFromToml } from './toml-loader.js';
+import { MessageBusType, } from '../confirmation-bus/types.js';
+import {} from '../confirmation-bus/message-bus.js';
+import { coreEvents } from '../utils/events.js';
+const __filename = fileURLToPath(import.meta.url);
+const __dirname = path.dirname(__filename);
+export const DEFAULT_CORE_POLICIES_DIR = path.join(__dirname, 'policies');
+// Policy tier constants for priority calculation
+export const DEFAULT_POLICY_TIER = 1;
+export const USER_POLICY_TIER = 2;
+export const ADMIN_POLICY_TIER = 3;
+/**
+ * Gets the list of directories to search for policy files, in order of increasing priority
+ * (Default -> User -> Admin).
+ *
+ * @param defaultPoliciesDir Optional path to a directory containing default policies.
+ */
+export function getPolicyDirectories(defaultPoliciesDir) {
+    const dirs = [];
+    if (defaultPoliciesDir) {
+        dirs.push(defaultPoliciesDir);
+    }
+    else {
+        dirs.push(DEFAULT_CORE_POLICIES_DIR);
+    }
+    dirs.push(Storage.getUserPoliciesDir());
+    dirs.push(Storage.getSystemPoliciesDir());
+    // Reverse so highest priority (Admin) is first for loading order if needed,
+    // though loadPoliciesFromToml might want them in a specific order.
+    // CLI implementation reversed them: [DEFAULT, USER, ADMIN].reverse() -> [ADMIN, USER, DEFAULT]
+    return dirs.reverse();
+}
+/**
+ * Determines the policy tier (1=default, 2=user, 3=admin) for a given directory.
+ * This is used by the TOML loader to assign priority bands.
+ */
+export function getPolicyTier(dir, defaultPoliciesDir) {
+    const USER_POLICIES_DIR = Storage.getUserPoliciesDir();
+    const ADMIN_POLICIES_DIR = Storage.getSystemPoliciesDir();
+    const normalizedDir = path.resolve(dir);
+    const normalizedUser = path.resolve(USER_POLICIES_DIR);
+    const normalizedAdmin = path.resolve(ADMIN_POLICIES_DIR);
+    if (defaultPoliciesDir &&
+        normalizedDir === path.resolve(defaultPoliciesDir)) {
+        return DEFAULT_POLICY_TIER;
+    }
+    if (normalizedDir === path.resolve(DEFAULT_CORE_POLICIES_DIR)) {
+        return DEFAULT_POLICY_TIER;
+    }
+    if (normalizedDir === normalizedUser) {
+        return USER_POLICY_TIER;
+    }
+    if (normalizedDir === normalizedAdmin) {
+        return ADMIN_POLICY_TIER;
+    }
+    return DEFAULT_POLICY_TIER;
+}
+/**
+ * Formats a policy file error for console logging.
+ */
+export function formatPolicyError(error) {
+    const tierLabel = error.tier.toUpperCase();
+    let message = `[${tierLabel}] Policy file error in ${error.fileName}:\n`;
+    message += `  ${error.message}`;
+    if (error.details) {
+        message += `\n${error.details}`;
+    }
+    if (error.suggestion) {
+        message += `\n  Suggestion: ${error.suggestion}`;
+    }
+    return message;
+}
+export async function createPolicyEngineConfig(settings, approvalMode, defaultPoliciesDir) {
+    const policyDirs = getPolicyDirectories(defaultPoliciesDir);
+    // Load policies from TOML files
+    const { rules: tomlRules, errors } = await loadPoliciesFromToml(approvalMode, policyDirs, (dir) => getPolicyTier(dir, defaultPoliciesDir));
+    // Emit any errors encountered during TOML loading to the UI
+    // coreEvents has a buffer that will display these once the UI is ready
+    if (errors.length > 0) {
+        for (const error of errors) {
+            coreEvents.emitFeedback('error', formatPolicyError(error));
+        }
+    }
+    const rules = [...tomlRules];
+    // Priority system for policy rules:
+    // - Higher priority numbers win over lower priority numbers
+    // - When multiple rules match, the highest priority rule is applied
+    // - Rules are evaluated in order of priority (highest first)
+    //
+    // Priority bands (tiers):
+    // - Default policies (TOML): 1 + priority/1000 (e.g., priority 100 → 1.100)
+    // - User policies (TOML): 2 + priority/1000 (e.g., priority 100 → 2.100)
+    // - Admin policies (TOML): 3 + priority/1000 (e.g., priority 100 → 3.100)
+    //
+    // This ensures Admin > User > Default hierarchy is always preserved,
+    // while allowing user-specified priorities to work within each tier.
+    //
+    // Settings-based and dynamic rules (all in user tier 2.x):
+    //   2.95: Tools that the user has selected as "Always Allow" in the interactive UI
+    //   2.9:  MCP servers excluded list (security: persistent server blocks)
+    //   2.4:  Command line flag --exclude-tools (explicit temporary blocks)
+    //   2.3:  Command line flag --allowed-tools (explicit temporary allows)
+    //   2.2:  MCP servers with trust=true (persistent trusted servers)
+    //   2.1:  MCP servers allowed list (persistent general server allows)
+    //
+    // TOML policy priorities (before transformation):
+    //   10: Write tools default to ASK_USER (becomes 1.010 in default tier)
+    //   15: Auto-edit tool override (becomes 1.015 in default tier)
+    //   50: Read-only tools (becomes 1.050 in default tier)
+    //   999: YOLO mode allow-all (becomes 1.999 in default tier)
+    // MCP servers that are explicitly excluded in settings.mcp.excluded
+    // Priority: 2.9 (highest in user tier for security - persistent server blocks)
+    if (settings.mcp?.excluded) {
+        for (const serverName of settings.mcp.excluded) {
+            rules.push({
+                toolName: `${serverName}__*`,
+                decision: PolicyDecision.DENY,
+                priority: 2.9,
+            });
+        }
+    }
+    // Tools that are explicitly excluded in the settings.
+    // Priority: 2.4 (user tier - explicit temporary blocks)
+    if (settings.tools?.exclude) {
+        for (const tool of settings.tools.exclude) {
+            rules.push({
+                toolName: tool,
+                decision: PolicyDecision.DENY,
+                priority: 2.4,
+            });
+        }
+    }
+    // Tools that are explicitly allowed in the settings.
+    // Priority: 2.3 (user tier - explicit temporary allows)
+    if (settings.tools?.allowed) {
+        for (const tool of settings.tools.allowed) {
+            rules.push({
+                toolName: tool,
+                decision: PolicyDecision.ALLOW,
+                priority: 2.3,
+            });
+        }
+    }
+    // MCP servers that are trusted in the settings.
+    // Priority: 2.2 (user tier - persistent trusted servers)
+    if (settings.mcpServers) {
+        for (const [serverName, serverConfig] of Object.entries(settings.mcpServers)) {
+            if (serverConfig.trust) {
+                // Trust all tools from this MCP server
+                // Using pattern matching for MCP tool names which are formatted as "serverName__toolName"
+                rules.push({
+                    toolName: `${serverName}__*`,
+                    decision: PolicyDecision.ALLOW,
+                    priority: 2.2,
+                });
+            }
+        }
+    }
+    // MCP servers that are explicitly allowed in settings.mcp.allowed
+    // Priority: 2.1 (user tier - persistent general server allows)
+    if (settings.mcp?.allowed) {
+        for (const serverName of settings.mcp.allowed) {
+            rules.push({
+                toolName: `${serverName}__*`,
+                decision: PolicyDecision.ALLOW,
+                priority: 2.1,
+            });
+        }
+    }
+    return {
+        rules,
+        defaultDecision: PolicyDecision.ASK_USER,
+    };
+}
+export function createPolicyUpdater(policyEngine, messageBus) {
+    messageBus.subscribe(MessageBusType.UPDATE_POLICY, (message) => {
+        const toolName = message.toolName;
+        policyEngine.addRule({
+            toolName,
+            decision: PolicyDecision.ALLOW,
+            // User tier (2) + high priority (950/1000) = 2.95
+            // This ensures user "always allow" selections are high priority
+            // but still lose to admin policies (3.xxx) and settings excludes (200)
+            priority: 2.95,
+        });
+    });
+}
+//# sourceMappingURL=config.js.map

package/dist/src/policy/config.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"config.js","sourceRoot":"","sources":["../../../src/policy/config.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,KAAK,IAAI,MAAM,WAAW,CAAC;AAClC,OAAO,EAAE,aAAa,EAAE,MAAM,UAAU,CAAC;AACzC,OAAO,EAAE,OAAO,EAAE,MAAM,sBAAsB,CAAC;AAC/C,OAAO,EAEL,cAAc,GAIf,MAAM,YAAY,CAAC;AAEpB,OAAO,EAAE,oBAAoB,EAAwB,MAAM,kBAAkB,CAAC;AAC9E,OAAO,EACL,cAAc,GAEf,MAAM,8BAA8B,CAAC;AACtC,OAAO,EAAmB,MAAM,oCAAoC,CAAC;AACrE,OAAO,EAAE,UAAU,EAAE,MAAM,oBAAoB,CAAC;AAEhD,MAAM,UAAU,GAAG,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAClD,MAAM,SAAS,GAAG,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;AAC3C,MAAM,CAAC,MAAM,yBAAyB,GAAG,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,UAAU,CAAC,CAAC;AAE1E,iDAAiD;AACjD,MAAM,CAAC,MAAM,mBAAmB,GAAG,CAAC,CAAC;AACrC,MAAM,CAAC,MAAM,gBAAgB,GAAG,CAAC,CAAC;AAClC,MAAM,CAAC,MAAM,iBAAiB,GAAG,CAAC,CAAC;AAEnC;;;;;GAKG;AACH,MAAM,UAAU,oBAAoB,CAAC,kBAA2B;IAC9D,MAAM,IAAI,GAAG,EAAE,CAAC;IAEhB,IAAI,kBAAkB,EAAE,CAAC;QACvB,IAAI,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC;IAChC,CAAC;SAAM,CAAC;QACN,IAAI,CAAC,IAAI,CAAC,yBAAyB,CAAC,CAAC;IACvC,CAAC;IAED,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,kBAAkB,EAAE,CAAC,CAAC;IACxC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,oBAAoB,EAAE,CAAC,CAAC;IAE1C,4EAA4E;IAC5E,mEAAmE;IACnE,+FAA+F;IAC/F,OAAO,IAAI,CAAC,OAAO,EAAE,CAAC;AACxB,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,aAAa,CAC3B,GAAW,EACX,kBAA2B;IAE3B,MAAM,iBAAiB,GAAG,OAAO,CAAC,kBAAkB,EAAE,CAAC;IACvD,MAAM,kBAAkB,GAAG,OAAO,CAAC,oBAAoB,EAAE,CAAC;IAE1D,MAAM,aAAa,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;IACxC,MAAM,cAAc,GAAG,IAAI,CAAC,OAAO,CAAC,iBAAiB,CAAC,CAAC;IACvD,MAAM,eAAe,GAAG,IAAI,CAAC,OAAO,CAAC,kBAAkB,CAAC,CAAC;IAEzD,IACE,kBAAkB;QAClB,aAAa,KAAK,IAAI,CAAC,OAAO,CAAC,kBAAkB,CAAC,EAClD,CAAC;QACD,OAAO,mBAAmB,CAAC;IAC7B,CAAC;IACD,IAAI,aAAa,KAAK,IAAI,CAAC,OAAO,CAAC,yBAAyB,CAAC,EAAE,CAAC;QAC9D,OAAO,mBAAmB,CAAC;IAC7B,CAAC;IACD,IAAI,aAAa,KAAK,cAAc,EAAE,CAAC;QACrC,OAAO,gBAAgB,CAAC;IAC1B,CAAC;IACD,IAAI,aAAa,KAAK,eAAe,EAAE,CAAC;QACtC,OAAO,iBAAiB,CAAC;IAC3B,CAAC;IAED,OAAO,mBAAmB,CAAC;AAC7B,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,iBAAiB,CAAC,KAAsB;IACtD,MAAM,SAAS,GAAG,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC;IAC3C,IAAI,OAAO,GAAG,IAAI,SAAS,0BAA0B,KAAK,CAAC,QAAQ,KAAK,CAAC;IACzE,OAAO,IAAI,KAAK,KAAK,CAAC,OAAO,EAAE,CAAC;IAChC,IAAI,KAAK,CAAC,OAAO,EAAE,CAAC;QAClB,OAAO,IAAI,KAAK,KAAK,CAAC,OAAO,EAAE,CAAC;IAClC,CAAC;IACD,IAAI,KAAK,CAAC,UAAU,EAAE,CAAC;QACrB,OAAO,IAAI,mBAAmB,KAAK,CAAC,UAAU,EAAE,CAAC;IACnD,CAAC;IACD,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,wBAAwB,CAC5C,QAAwB,EACxB,YAA0B,EAC1B,kBAA2B;IAE3B,MAAM,UAAU,GAAG,oBAAoB,CAAC,kBAAkB,CAAC,CAAC;IAE5D,gCAAgC;IAChC,MAAM,EAAE,KAAK,EAAE,SAAS,EAAE,MAAM,EAAE,GAAG,MAAM,oBAAoB,CAC7D,YAAY,EACZ,UAAU,EACV,CAAC,GAAG,EAAE,EAAE,CAAC,aAAa,CAAC,GAAG,EAAE,kBAAkB,CAAC,CAChD,CAAC;IAEF,4DAA4D;IAC5D,uEAAuE;IACvE,IAAI,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACtB,KAAK,MAAM,KAAK,IAAI,MAAM,EAAE,CAAC;YAC3B,UAAU,CAAC,YAAY,CAAC,OAAO,EAAE,iBAAiB,CAAC,KAAK,CAAC,CAAC,CAAC;QAC7D,CAAC;IACH,CAAC;IAED,MAAM,KAAK,GAAiB,CAAC,GAAG,SAAS,CAAC,CAAC;IAE3C,oCAAoC;IACpC,4DAA4D;IAC5D,oEAAoE;IACpE,6DAA6D;IAC7D,EAAE;IACF,0BAA0B;IAC1B,4EAA4E;IAC5E,yEAAyE;IACzE,0EAA0E;IAC1E,EAAE;IACF,qEAAqE;IACrE,qEAAqE;IACrE,EAAE;IACF,2DAA2D;IAC3D,mFAAmF;IACnF,yEAAyE;IACzE,wEAAwE;IACxE,wEAAwE;IACxE,mEAAmE;IACnE,sEAAsE;IACtE,EAAE;IACF,kDAAkD;IAClD,wEAAwE;IACxE,gEAAgE;IAChE,wDAAwD;IACxD,6DAA6D;IAE7D,oEAAoE;IACpE,+EAA+E;IAC/E,IAAI,QAAQ,CAAC,GAAG,EAAE,QAAQ,EAAE,CAAC;QAC3B,KAAK,MAAM,UAAU,IAAI,QAAQ,CAAC,GAAG,CAAC,QAAQ,EAAE,CAAC;YAC/C,KAAK,CAAC,IAAI,CAAC;gBACT,QAAQ,EAAE,GAAG,UAAU,KAAK;gBAC5B,QAAQ,EAAE,cAAc,CAAC,IAAI;gBAC7B,QAAQ,EAAE,GAAG;aACd,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,sDAAsD;IACtD,wDAAwD;IACxD,IAAI,QAAQ,CAAC,KAAK,EAAE,OAAO,EAAE,CAAC;QAC5B,KAAK,MAAM,IAAI,IAAI,QAAQ,CAAC,KAAK,CAAC,OAAO,EAAE,CAAC;YAC1C,KAAK,CAAC,IAAI,CAAC;gBACT,QAAQ,EAAE,IAAI;gBACd,QAAQ,EAAE,cAAc,CAAC,IAAI;gBAC7B,QAAQ,EAAE,GAAG;aACd,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,qDAAqD;IACrD,wDAAwD;IACxD,IAAI,QAAQ,CAAC,KAAK,EAAE,OAAO,EAAE,CAAC;QAC5B,KAAK,MAAM,IAAI,IAAI,QAAQ,CAAC,KAAK,CAAC,OAAO,EAAE,CAAC;YAC1C,KAAK,CAAC,IAAI,CAAC;gBACT,QAAQ,EAAE,IAAI;gBACd,QAAQ,EAAE,cAAc,CAAC,KAAK;gBAC9B,QAAQ,EAAE,GAAG;aACd,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,gDAAgD;IAChD,yDAAyD;IACzD,IAAI,QAAQ,CAAC,UAAU,EAAE,CAAC;QACxB,KAAK,MAAM,CAAC,UAAU,EAAE,YAAY,CAAC,IAAI,MAAM,CAAC,OAAO,CACrD,QAAQ,CAAC,UAAU,CACpB,EAAE,CAAC;YACF,IAAI,YAAY,CAAC,KAAK,EAAE,CAAC;gBACvB,uCAAuC;gBACvC,0FAA0F;gBAC1F,KAAK,CAAC,IAAI,CAAC;oBACT,QAAQ,EAAE,GAAG,UAAU,KAAK;oBAC5B,QAAQ,EAAE,cAAc,CAAC,KAAK;oBAC9B,QAAQ,EAAE,GAAG;iBACd,CAAC,CAAC;YACL,CAAC;QACH,CAAC;IACH,CAAC;IAED,kEAAkE;IAClE,+DAA+D;IAC/D,IAAI,QAAQ,CAAC,GAAG,EAAE,OAAO,EAAE,CAAC;QAC1B,KAAK,MAAM,UAAU,IAAI,QAAQ,CAAC,GAAG,CAAC,OAAO,EAAE,CAAC;YAC9C,KAAK,CAAC,IAAI,CAAC;gBACT,QAAQ,EAAE,GAAG,UAAU,KAAK;gBAC5B,QAAQ,EAAE,cAAc,CAAC,KAAK;gBAC9B,QAAQ,EAAE,GAAG;aACd,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,OAAO;QACL,KAAK;QACL,eAAe,EAAE,cAAc,CAAC,QAAQ;KACzC,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,mBAAmB,CACjC,YAA0B,EAC1B,UAAsB;IAEtB,UAAU,CAAC,SAAS,CAClB,cAAc,CAAC,aAAa,EAC5B,CAAC,OAAqB,EAAE,EAAE;QACxB,MAAM,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC;QAElC,YAAY,CAAC,OAAO,CAAC;YACnB,QAAQ;YACR,QAAQ,EAAE,cAAc,CAAC,KAAK;YAC9B,kDAAkD;YAClD,gEAAgE;YAChE,uEAAuE;YACvE,QAAQ,EAAE,IAAI;SACf,CAAC,CAAC;IACL,CAAC,CACF,CAAC;AACJ,CAAC"}

package/dist/src/policy/config.test.d.ts

@@ -0,0 +1,6 @@
+/**
+ * @license
+ * Copyright 2025 Google LLC
+ * SPDX-License-Identifier: Apache-2.0
+ */
+export {};

package/dist/src/policy/config.test.js

@@ -0,0 +1,404 @@
+/**
+ * @license
+ * Copyright 2025 Google LLC
+ * SPDX-License-Identifier: Apache-2.0
+ */
+import { describe, it, expect, vi, afterEach, beforeEach } from 'vitest';
+import nodePath from 'node:path';
+import { ApprovalMode, PolicyDecision } from './types.js';
+import { Storage } from '../config/storage.js';
+afterEach(() => {
+    vi.clearAllMocks();
+    vi.restoreAllMocks();
+    vi.doUnmock('node:fs/promises');
+});
+describe('createPolicyEngineConfig', () => {
+    beforeEach(() => {
+        // Mock Storage to avoid picking up real user/system policies from the host environment
+        vi.spyOn(Storage, 'getUserPoliciesDir').mockReturnValue('/non/existent/user/policies');
+        vi.spyOn(Storage, 'getSystemPoliciesDir').mockReturnValue('/non/existent/system/policies');
+    });
+    it('should return ASK_USER for write tools and ALLOW for read-only tools by default', async () => {
+        const actualFs = await vi.importActual('node:fs/promises');
+        const mockReaddir = vi.fn(async (path, options) => {
+            if (typeof path === 'string' &&
+                nodePath
+                    .normalize(path)
+                    .includes(nodePath.normalize('.cell-cli/policies'))) {
+                // Return empty array for user policies
+                return [];
+            }
+            return actualFs.readdir(path, options);
+        });
+        vi.doMock('node:fs/promises', () => ({
+            ...actualFs,
+            default: { ...actualFs, readdir: mockReaddir },
+            readdir: mockReaddir,
+        }));
+        // Mock Storage to avoid actual filesystem access for policy dirs during tests if needed,
+        // but for now relying on the fs mock above might be enough if it catches the right paths.
+        // Let's see if we need to mock Storage.getUserPoliciesDir etc.
+        vi.resetModules();
+        const { createPolicyEngineConfig } = await import('./config.js');
+        const settings = {};
+        // Pass a dummy default policies dir to avoid it trying to resolve __dirname relative to the test file in a weird way
+        const config = await createPolicyEngineConfig(settings, ApprovalMode.DEFAULT, '/tmp/mock/default/policies');
+        expect(config.defaultDecision).toBe(PolicyDecision.ASK_USER);
+        // The order of the rules is not guaranteed, so we sort them by tool name.
+        config.rules?.sort((a, b) => (a.toolName ?? '').localeCompare(b.toolName ?? ''));
+        // Since we are mocking an empty policy directory, we expect NO rules from TOML.
+        // Wait, the CLI test expected a bunch of default rules. Those must have come from
+        // the actual default policies directory in the CLI package.
+        // In the core package, we don't necessarily have those default policy files yet
+        // or we need to point to them.
+        // For this unit test, if we mock the default dir as empty, we should get NO rules
+        // if no settings are provided.
+        // Actually, let's look at how CLI test gets them. It uses `__dirname` in `policy.ts`.
+        // If we want to test default rules, we need to provide them.
+        // For now, let's assert it's empty if we provide no TOML files, to ensure the *mechanism* works.
+        // Or better, mock one default rule to ensure it's loaded.
+        expect(config.rules).toEqual([]);
+        vi.doUnmock('node:fs/promises');
+    });
+    it('should allow tools in tools.allowed', async () => {
+        const { createPolicyEngineConfig } = await import('./config.js');
+        const settings = {
+            tools: { allowed: ['run_shell_command'] },
+        };
+        const config = await createPolicyEngineConfig(settings, ApprovalMode.DEFAULT, '/tmp/mock/default/policies');
+        const rule = config.rules?.find((r) => r.toolName === 'run_shell_command' &&
+            r.decision === PolicyDecision.ALLOW);
+        expect(rule).toBeDefined();
+        expect(rule?.priority).toBeCloseTo(2.3, 5); // Command line allow
+    });
+    it('should deny tools in tools.exclude', async () => {
+        const { createPolicyEngineConfig } = await import('./config.js');
+        const settings = {
+            tools: { exclude: ['run_shell_command'] },
+        };
+        const config = await createPolicyEngineConfig(settings, ApprovalMode.DEFAULT, '/tmp/mock/default/policies');
+        const rule = config.rules?.find((r) => r.toolName === 'run_shell_command' &&
+            r.decision === PolicyDecision.DENY);
+        expect(rule).toBeDefined();
+        expect(rule?.priority).toBeCloseTo(2.4, 5); // Command line exclude
+    });
+    it('should allow tools from allowed MCP servers', async () => {
+        const { createPolicyEngineConfig } = await import('./config.js');
+        const settings = {
+            mcp: { allowed: ['my-server'] },
+        };
+        const config = await createPolicyEngineConfig(settings, ApprovalMode.DEFAULT, '/tmp/mock/default/policies');
+        const rule = config.rules?.find((r) => r.toolName === 'my-server__*' && r.decision === PolicyDecision.ALLOW);
+        expect(rule).toBeDefined();
+        expect(rule?.priority).toBe(2.1); // MCP allowed server
+    });
+    it('should deny tools from excluded MCP servers', async () => {
+        const { createPolicyEngineConfig } = await import('./config.js');
+        const settings = {
+            mcp: { excluded: ['my-server'] },
+        };
+        const config = await createPolicyEngineConfig(settings, ApprovalMode.DEFAULT, '/tmp/mock/default/policies');
+        const rule = config.rules?.find((r) => r.toolName === 'my-server__*' && r.decision === PolicyDecision.DENY);
+        expect(rule).toBeDefined();
+        expect(rule?.priority).toBe(2.9); // MCP excluded server
+    });
+    it('should allow tools from trusted MCP servers', async () => {
+        const { createPolicyEngineConfig } = await import('./config.js');
+        const settings = {
+            mcpServers: {
+                'trusted-server': {
+                    trust: true,
+                },
+                'untrusted-server': {
+                    trust: false,
+                },
+            },
+        };
+        const config = await createPolicyEngineConfig(settings, ApprovalMode.DEFAULT, '/tmp/mock/default/policies');
+        const trustedRule = config.rules?.find((r) => r.toolName === 'trusted-server__*' &&
+            r.decision === PolicyDecision.ALLOW);
+        expect(trustedRule).toBeDefined();
+        expect(trustedRule?.priority).toBe(2.2); // MCP trusted server
+        // Untrusted server should not have an allow rule
+        const untrustedRule = config.rules?.find((r) => r.toolName === 'untrusted-server__*' &&
+            r.decision === PolicyDecision.ALLOW);
+        expect(untrustedRule).toBeUndefined();
+    });
+    it('should handle multiple MCP server configurations together', async () => {
+        const { createPolicyEngineConfig } = await import('./config.js');
+        const settings = {
+            mcp: {
+                allowed: ['allowed-server'],
+                excluded: ['excluded-server'],
+            },
+            mcpServers: {
+                'trusted-server': {
+                    trust: true,
+                },
+            },
+        };
+        const config = await createPolicyEngineConfig(settings, ApprovalMode.DEFAULT, '/tmp/mock/default/policies');
+        // Check allowed server
+        const allowedRule = config.rules?.find((r) => r.toolName === 'allowed-server__*' &&
+            r.decision === PolicyDecision.ALLOW);
+        expect(allowedRule).toBeDefined();
+        expect(allowedRule?.priority).toBe(2.1); // MCP allowed server
+        // Check trusted server
+        const trustedRule = config.rules?.find((r) => r.toolName === 'trusted-server__*' &&
+            r.decision === PolicyDecision.ALLOW);
+        expect(trustedRule).toBeDefined();
+        expect(trustedRule?.priority).toBe(2.2); // MCP trusted server
+        // Check excluded server
+        const excludedRule = config.rules?.find((r) => r.toolName === 'excluded-server__*' &&
+            r.decision === PolicyDecision.DENY);
+        expect(excludedRule).toBeDefined();
+        expect(excludedRule?.priority).toBe(2.9); // MCP excluded server
+    });
+    it('should allow all tools in YOLO mode', async () => {
+        const { createPolicyEngineConfig } = await import('./config.js');
+        const settings = {};
+        const config = await createPolicyEngineConfig(settings, ApprovalMode.YOLO);
+        const rule = config.rules?.find((r) => r.decision === PolicyDecision.ALLOW && !r.toolName);
+        expect(rule).toBeDefined();
+        // Priority 999 in default tier → 1.999
+        expect(rule?.priority).toBeCloseTo(1.999, 5);
+    });
+    it('should allow edit tool in AUTO_EDIT mode', async () => {
+        const { createPolicyEngineConfig } = await import('./config.js');
+        const settings = {};
+        const config = await createPolicyEngineConfig(settings, ApprovalMode.AUTO_EDIT);
+        const rule = config.rules?.find((r) => r.toolName === 'replace' && r.decision === PolicyDecision.ALLOW);
+        expect(rule).toBeDefined();
+        // Priority 15 in default tier → 1.015
+        expect(rule?.priority).toBeCloseTo(1.015, 5);
+    });
+    it('should prioritize exclude over allow', async () => {
+        const { createPolicyEngineConfig } = await import('./config.js');
+        const settings = {
+            tools: { allowed: ['run_shell_command'], exclude: ['run_shell_command'] },
+        };
+        const config = await createPolicyEngineConfig(settings, ApprovalMode.DEFAULT, '/tmp/mock/default/policies');
+        const denyRule = config.rules?.find((r) => r.toolName === 'run_shell_command' &&
+            r.decision === PolicyDecision.DENY);
+        const allowRule = config.rules?.find((r) => r.toolName === 'run_shell_command' &&
+            r.decision === PolicyDecision.ALLOW);
+        expect(denyRule).toBeDefined();
+        expect(allowRule).toBeDefined();
+        expect(denyRule.priority).toBeGreaterThan(allowRule.priority);
+    });
+    it('should prioritize specific tool allows over MCP server excludes', async () => {
+        const { createPolicyEngineConfig } = await import('./config.js');
+        const settings = {
+            mcp: { excluded: ['my-server'] },
+            tools: { allowed: ['my-server__specific-tool'] },
+        };
+        const config = await createPolicyEngineConfig(settings, ApprovalMode.DEFAULT, '/tmp/mock/default/policies');
+        const serverDenyRule = config.rules?.find((r) => r.toolName === 'my-server__*' && r.decision === PolicyDecision.DENY);
+        const toolAllowRule = config.rules?.find((r) => r.toolName === 'my-server__specific-tool' &&
+            r.decision === PolicyDecision.ALLOW);
+        expect(serverDenyRule).toBeDefined();
+        expect(serverDenyRule?.priority).toBe(2.9); // MCP excluded server
+        expect(toolAllowRule).toBeDefined();
+        expect(toolAllowRule?.priority).toBeCloseTo(2.3, 5); // Command line allow
+        // Server deny (2.9) has higher priority than tool allow (2.3),
+        // so server deny wins (this is expected behavior - server-level blocks are security critical)
+    });
+    it('should handle MCP server allows and tool excludes', async () => {
+        const { createPolicyEngineConfig } = await import('./config.js');
+        const settings = {
+            mcp: { allowed: ['my-server'] },
+            mcpServers: {
+                'my-server': {
+                    trust: true,
+                },
+            },
+            tools: { exclude: ['my-server__dangerous-tool'] },
+        };
+        const config = await createPolicyEngineConfig(settings, ApprovalMode.DEFAULT, '/tmp/mock/default/policies');
+        const serverAllowRule = config.rules?.find((r) => r.toolName === 'my-server__*' && r.decision === PolicyDecision.ALLOW);
+        const toolDenyRule = config.rules?.find((r) => r.toolName === 'my-server__dangerous-tool' &&
+            r.decision === PolicyDecision.DENY);
+        expect(serverAllowRule).toBeDefined();
+        expect(toolDenyRule).toBeDefined();
+        // Command line exclude (2.4) has higher priority than MCP server trust (2.2)
+        // This is the correct behavior - specific exclusions should beat general server trust
+        expect(toolDenyRule.priority).toBeGreaterThan(serverAllowRule.priority);
+    });
+    it('should handle complex priority scenarios correctly', async () => {
+        const settings = {
+            tools: {
+                allowed: ['my-server__tool1', 'other-tool'], // Priority 2.3
+                exclude: ['my-server__tool2', 'glob'], // Priority 2.4
+            },
+            mcp: {
+                allowed: ['allowed-server'], // Priority 2.1
+                excluded: ['excluded-server'], // Priority 2.9
+            },
+            mcpServers: {
+                'trusted-server': {
+                    trust: true, // Priority 90 -> 2.2
+                },
+            },
+        };
+        // Mock a default policy for 'glob' to test priority override
+        const actualFs = await vi.importActual('node:fs/promises');
+        const mockReaddir = vi.fn(async (p, _o) => {
+            if (typeof p === 'string' && p.includes('/tmp/mock/default/policies')) {
+                return [
+                    {
+                        name: 'default.toml',
+                        isFile: () => true,
+                        isDirectory: () => false,
+                    },
+                ];
+            }
+            return [];
+        });
+        const mockReadFile = vi.fn(async (p, _o) => {
+            if (typeof p === 'string' && p.includes('default.toml')) {
+                return '[[rule]]\ntoolName = "glob"\ndecision = "allow"\npriority = 50\n';
+            }
+            return '';
+        });
+        vi.doMock('node:fs/promises', () => ({
+            ...actualFs,
+            default: { ...actualFs, readdir: mockReaddir, readFile: mockReadFile },
+            readdir: mockReaddir,
+            readFile: mockReadFile,
+        }));
+        vi.resetModules();
+        const { createPolicyEngineConfig: createConfig } = await import('./config.js');
+        const config = await createConfig(settings, ApprovalMode.DEFAULT, '/tmp/mock/default/policies');
+        // Verify glob is denied even though default would allow it
+        const globDenyRule = config.rules?.find((r) => r.toolName === 'glob' && r.decision === PolicyDecision.DENY);
+        const globAllowRule = config.rules?.find((r) => r.toolName === 'glob' && r.decision === PolicyDecision.ALLOW);
+        expect(globDenyRule).toBeDefined();
+        expect(globAllowRule).toBeDefined();
+        // Deny from settings (user tier)
+        expect(globDenyRule.priority).toBeCloseTo(2.4, 5); // Command line exclude
+        // Allow from default TOML: 1 + 50/1000 = 1.05
+        expect(globAllowRule.priority).toBeCloseTo(1.05, 5);
+        // Verify all priority levels are correct
+        const priorities = config.rules
+            ?.map((r) => ({
+            tool: r.toolName,
+            decision: r.decision,
+            priority: r.priority,
+        }))
+            .sort((a, b) => (b.priority ?? 0) - (a.priority ?? 0));
+        // Check that the highest priority items are the excludes (user tier: 2.4 and 2.9)
+        const highestPriorityExcludes = priorities?.filter((p) => Math.abs(p.priority - 2.4) < 0.01 ||
+            Math.abs(p.priority - 2.9) < 0.01);
+        expect(highestPriorityExcludes?.every((p) => p.decision === PolicyDecision.DENY)).toBe(true);
+        vi.doUnmock('node:fs/promises');
+    });
+    it('should handle MCP servers with undefined trust property', async () => {
+        const { createPolicyEngineConfig } = await import('./config.js');
+        const settings = {
+            mcpServers: {
+                'no-trust-property': {
+                // trust property is undefined/missing
+                },
+                'explicit-false': {
+                    trust: false,
+                },
+            },
+        };
+        const config = await createPolicyEngineConfig(settings, ApprovalMode.DEFAULT, '/tmp/mock/default/policies');
+        // Neither server should have an allow rule
+        const noTrustRule = config.rules?.find((r) => r.toolName === 'no-trust-property__*' &&
+            r.decision === PolicyDecision.ALLOW);
+        const explicitFalseRule = config.rules?.find((r) => r.toolName === 'explicit-false__*' &&
+            r.decision === PolicyDecision.ALLOW);
+        expect(noTrustRule).toBeUndefined();
+        expect(explicitFalseRule).toBeUndefined();
+    });
+    it('should have YOLO allow-all rule beat write tool rules in YOLO mode', async () => {
+        vi.resetModules();
+        vi.doUnmock('node:fs/promises');
+        const { createPolicyEngineConfig: createConfig } = await import('./config.js');
+        // Re-mock Storage after resetModules because it was reloaded
+        const { Storage: FreshStorage } = await import('../config/storage.js');
+        vi.spyOn(FreshStorage, 'getUserPoliciesDir').mockReturnValue('/non/existent/user/policies');
+        vi.spyOn(FreshStorage, 'getSystemPoliciesDir').mockReturnValue('/non/existent/system/policies');
+        const settings = {
+            tools: { exclude: ['dangerous-tool'] },
+        };
+        // Use default policy dir (no third arg) to load real yolo.toml and write.toml
+        const config = await createConfig(settings, ApprovalMode.YOLO);
+        // Should have the wildcard allow rule
+        const wildcardRule = config.rules?.find((r) => !r.toolName && r.decision === PolicyDecision.ALLOW);
+        expect(wildcardRule).toBeDefined();
+        // Priority 999 in default tier → 1.999
+        expect(wildcardRule?.priority).toBeCloseTo(1.999, 5);
+        // Write tool ASK_USER rules are present (from write.toml)
+        const writeToolRules = config.rules?.filter((r) => ['run_shell_command'].includes(r.toolName || '') &&
+            r.decision === PolicyDecision.ASK_USER);
+        expect(writeToolRules).toBeDefined();
+        expect(writeToolRules?.length).toBeGreaterThan(0);
+        // But YOLO allow-all rule has higher priority than all write tool rules
+        writeToolRules?.forEach((writeRule) => {
+            expect(wildcardRule.priority).toBeGreaterThan(writeRule.priority);
+        });
+        // Should still have the exclude rule (from settings, user tier)
+        const excludeRule = config.rules?.find((r) => r.toolName === 'dangerous-tool' && r.decision === PolicyDecision.DENY);
+        expect(excludeRule).toBeDefined();
+        expect(excludeRule?.priority).toBeCloseTo(2.4, 5); // Command line exclude
+    });
+    it('should support argsPattern in policy rules', async () => {
+        const actualFs = await vi.importActual('node:fs/promises');
+        const mockReaddir = vi.fn(async (path, options) => {
+            if (typeof path === 'string' &&
+                nodePath
+                    .normalize(path)
+                    .includes(nodePath.normalize('.cell-cli/policies'))) {
+                return [
+                    {
+                        name: 'write.toml',
+                        isFile: () => true,
+                        isDirectory: () => false,
+                    },
+                ];
+            }
+            return actualFs.readdir(path, options);
+        });
+        const mockReadFile = vi.fn(async (path, options) => {
+            if (typeof path === 'string' &&
+                nodePath
+                    .normalize(path)
+                    .includes(nodePath.normalize('.cell-cli/policies/write.toml'))) {
+                return `
+[[rule]]
+toolName = "run_shell_command"
+argsPattern = "\\"command\\":\\"git (status|diff|log)\\""
+decision = "allow"
+priority = 150
+`;
+            }
+            return actualFs.readFile(path, options);
+        });
+        vi.doMock('node:fs/promises', () => ({
+            ...actualFs,
+            default: { ...actualFs, readFile: mockReadFile, readdir: mockReaddir },
+            readFile: mockReadFile,
+            readdir: mockReaddir,
+        }));
+        vi.resetModules();
+        const { createPolicyEngineConfig } = await import('./config.js');
+        const settings = {};
+        const config = await createPolicyEngineConfig(settings, ApprovalMode.DEFAULT, '/tmp/mock/default/policies');
+        const rule = config.rules?.find((r) => r.toolName === 'run_shell_command' &&
+            r.decision === PolicyDecision.ALLOW);
+        expect(rule).toBeDefined();
+        // Priority 150 in user tier → 2.150
+        expect(rule?.priority).toBeCloseTo(2.15, 5);
+        expect(rule?.argsPattern).toBeInstanceOf(RegExp);
+        expect(rule?.argsPattern?.test('{"command":"git status"}')).toBe(true);
+        expect(rule?.argsPattern?.test('{"command":"git diff"}')).toBe(true);
+        expect(rule?.argsPattern?.test('{"command":"git log"}')).toBe(true);
+        expect(rule?.argsPattern?.test('{"command":"git commit"}')).toBe(false);
+        expect(rule?.argsPattern?.test('{"command":"git push"}')).toBe(false);
+        vi.doUnmock('node:fs/promises');
+    });
+});
+//# sourceMappingURL=config.test.js.map

package/dist/src/policy/config.test.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"config.test.js","sourceRoot":"","sources":["../../../src/policy/config.test.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,MAAM,EAAE,EAAE,EAAE,SAAS,EAAE,UAAU,EAAE,MAAM,QAAQ,CAAC;AAEzE,OAAO,QAAQ,MAAM,WAAW,CAAC;AAGjC,OAAO,EAAE,YAAY,EAAE,cAAc,EAAE,MAAM,YAAY,CAAC;AAE1D,OAAO,EAAE,OAAO,EAAE,MAAM,sBAAsB,CAAC;AAE/C,SAAS,CAAC,GAAG,EAAE;IACb,EAAE,CAAC,aAAa,EAAE,CAAC;IACnB,EAAE,CAAC,eAAe,EAAE,CAAC;IACrB,EAAE,CAAC,QAAQ,CAAC,kBAAkB,CAAC,CAAC;AAClC,CAAC,CAAC,CAAC;AAEH,QAAQ,CAAC,0BAA0B,EAAE,GAAG,EAAE;IACxC,UAAU,CAAC,GAAG,EAAE;QACd,uFAAuF;QACvF,EAAE,CAAC,KAAK,CAAC,OAAO,EAAE,oBAAoB,CAAC,CAAC,eAAe,CACrD,6BAA6B,CAC9B,CAAC;QACF,EAAE,CAAC,KAAK,CAAC,OAAO,EAAE,sBAAsB,CAAC,CAAC,eAAe,CACvD,+BAA+B,CAChC,CAAC;IACJ,CAAC,CAAC,CAAC;IACH,EAAE,CAAC,iFAAiF,EAAE,KAAK,IAAI,EAAE;QAC/F,MAAM,QAAQ,GACZ,MAAM,EAAE,CAAC,YAAY,CACnB,kBAAkB,CACnB,CAAC;QAEJ,MAAM,WAAW,GAAG,EAAE,CAAC,EAAE,CACvB,KAAK,EACH,IAA2B,EAC3B,OAAgD,EAChD,EAAE;YACF,IACE,OAAO,IAAI,KAAK,QAAQ;gBACxB,QAAQ;qBACL,SAAS,CAAC,IAAI,CAAC;qBACf,QAAQ,CAAC,QAAQ,CAAC,SAAS,CAAC,oBAAoB,CAAC,CAAC,EACrD,CAAC;gBACD,uCAAuC;gBACvC,OAAO,EAA6D,CAAC;YACvE,CAAC;YACD,OAAO,QAAQ,CAAC,OAAO,CACrB,IAAI,EACJ,OAAiD,CAClD,CAAC;QACJ,CAAC,CACF,CAAC;QAEF,EAAE,CAAC,MAAM,CAAC,kBAAkB,EAAE,GAAG,EAAE,CAAC,CAAC;YACnC,GAAG,QAAQ;YACX,OAAO,EAAE,EAAE,GAAG,QAAQ,EAAE,OAAO,EAAE,WAAW,EAAE;YAC9C,OAAO,EAAE,WAAW;SACrB,CAAC,CAAC,CAAC;QAEJ,yFAAyF;QACzF,0FAA0F;QAC1F,+DAA+D;QAE/D,EAAE,CAAC,YAAY,EAAE,CAAC;QAClB,MAAM,EAAE,wBAAwB,EAAE,GAAG,MAAM,MAAM,CAAC,aAAa,CAAC,CAAC;QAEjE,MAAM,QAAQ,GAAmB,EAAE,CAAC;QACpC,qHAAqH;QACrH,MAAM,MAAM,GAAG,MAAM,wBAAwB,CAC3C,QAAQ,EACR,YAAY,CAAC,OAAO,EACpB,4BAA4B,CAC7B,CAAC;QACF,MAAM,CAAC,MAAM,CAAC,eAAe,CAAC,CAAC,IAAI,CAAC,cAAc,CAAC,QAAQ,CAAC,CAAC;QAC7D,0EAA0E;QAC1E,MAAM,CAAC,KAAK,EAAE,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAC1B,CAAC,CAAC,CAAC,QAAQ,IAAI,EAAE,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC,QAAQ,IAAI,EAAE,CAAC,CACnD,CAAC;QAEF,gFAAgF;QAChF,kFAAkF;QAClF,4DAA4D;QAC5D,gFAAgF;QAChF,+BAA+B;QAC/B,kFAAkF;QAClF,+BAA+B;QAE/B,sFAAsF;QACtF,6DAA6D;QAC7D,iGAAiG;QACjG,0DAA0D;QAE1D,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC;QAEjC,EAAE,CAAC,QAAQ,CAAC,kBAAkB,CAAC,CAAC;IAClC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,qCAAqC,EAAE,KAAK,IAAI,EAAE;QACnD,MAAM,EAAE,wBAAwB,EAAE,GAAG,MAAM,MAAM,CAAC,aAAa,CAAC,CAAC;QACjE,MAAM,QAAQ,GAAmB;YAC/B,KAAK,EAAE,EAAE,OAAO,EAAE,CAAC,mBAAmB,CAAC,EAAE;SAC1C,CAAC;QACF,MAAM,MAAM,GAAG,MAAM,wBAAwB,CAC3C,QAAQ,EACR,YAAY,CAAC,OAAO,EACpB,4BAA4B,CAC7B,CAAC;QACF,MAAM,IAAI,GAAG,MAAM,CAAC,KAAK,EAAE,IAAI,CAC7B,CAAC,CAAC,EAAE,EAAE,CACJ,CAAC,CAAC,QAAQ,KAAK,mBAAmB;YAClC,CAAC,CAAC,QAAQ,KAAK,cAAc,CAAC,KAAK,CACtC,CAAC;QACF,MAAM,CAAC,IAAI,CAAC,CAAC,WAAW,EAAE,CAAC;QAC3B,MAAM,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC,WAAW,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC,CAAC,qBAAqB;IACnE,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,oCAAoC,EAAE,KAAK,IAAI,EAAE;QAClD,MAAM,EAAE,wBAAwB,EAAE,GAAG,MAAM,MAAM,CAAC,aAAa,CAAC,CAAC;QACjE,MAAM,QAAQ,GAAmB;YAC/B,KAAK,EAAE,EAAE,OAAO,EAAE,CAAC,mBAAmB,CAAC,EAAE;SAC1C,CAAC;QACF,MAAM,MAAM,GAAG,MAAM,wBAAwB,CAC3C,QAAQ,EACR,YAAY,CAAC,OAAO,EACpB,4BAA4B,CAC7B,CAAC;QACF,MAAM,IAAI,GAAG,MAAM,CAAC,KAAK,EAAE,IAAI,CAC7B,CAAC,CAAC,EAAE,EAAE,CACJ,CAAC,CAAC,QAAQ,KAAK,mBAAmB;YAClC,CAAC,CAAC,QAAQ,KAAK,cAAc,CAAC,IAAI,CACrC,CAAC;QACF,MAAM,CAAC,IAAI,CAAC,CAAC,WAAW,EAAE,CAAC;QAC3B,MAAM,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC,WAAW,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC,CAAC,uBAAuB;IACrE,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,6CAA6C,EAAE,KAAK,IAAI,EAAE;QAC3D,MAAM,EAAE,wBAAwB,EAAE,GAAG,MAAM,MAAM,CAAC,aAAa,CAAC,CAAC;QACjE,MAAM,QAAQ,GAAmB;YAC/B,GAAG,EAAE,EAAE,OAAO,EAAE,CAAC,WAAW,CAAC,EAAE;SAChC,CAAC;QACF,MAAM,MAAM,GAAG,MAAM,wBAAwB,CAC3C,QAAQ,EACR,YAAY,CAAC,OAAO,EACpB,4BAA4B,CAC7B,CAAC;QACF,MAAM,IAAI,GAAG,MAAM,CAAC,KAAK,EAAE,IAAI,CAC7B,CAAC,CAAC,EAAE,EAAE,CACJ,CAAC,CAAC,QAAQ,KAAK,cAAc,IAAI,CAAC,CAAC,QAAQ,KAAK,cAAc,CAAC,KAAK,CACvE,CAAC;QACF,MAAM,CAAC,IAAI,CAAC,CAAC,WAAW,EAAE,CAAC;QAC3B,MAAM,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,qBAAqB;IACzD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,6CAA6C,EAAE,KAAK,IAAI,EAAE;QAC3D,MAAM,EAAE,wBAAwB,EAAE,GAAG,MAAM,MAAM,CAAC,aAAa,CAAC,CAAC;QACjE,MAAM,QAAQ,GAAmB;YAC/B,GAAG,EAAE,EAAE,QAAQ,EAAE,CAAC,WAAW,CAAC,EAAE;SACjC,CAAC;QACF,MAAM,MAAM,GAAG,MAAM,wBAAwB,CAC3C,QAAQ,EACR,YAAY,CAAC,OAAO,EACpB,4BAA4B,CAC7B,CAAC;QACF,MAAM,IAAI,GAAG,MAAM,CAAC,KAAK,EAAE,IAAI,CAC7B,CAAC,CAAC,EAAE,EAAE,CACJ,CAAC,CAAC,QAAQ,KAAK,cAAc,IAAI,CAAC,CAAC,QAAQ,KAAK,cAAc,CAAC,IAAI,CACtE,CAAC;QACF,MAAM,CAAC,IAAI,CAAC,CAAC,WAAW,EAAE,CAAC;QAC3B,MAAM,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,sBAAsB;IAC1D,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,6CAA6C,EAAE,KAAK,IAAI,EAAE;QAC3D,MAAM,EAAE,wBAAwB,EAAE,GAAG,MAAM,MAAM,CAAC,aAAa,CAAC,CAAC;QACjE,MAAM,QAAQ,GAAmB;YAC/B,UAAU,EAAE;gBACV,gBAAgB,EAAE;oBAChB,KAAK,EAAE,IAAI;iBACZ;gBACD,kBAAkB,EAAE;oBAClB,KAAK,EAAE,KAAK;iBACb;aACF;SACF,CAAC;QACF,MAAM,MAAM,GAAG,MAAM,wBAAwB,CAC3C,QAAQ,EACR,YAAY,CAAC,OAAO,EACpB,4BAA4B,CAC7B,CAAC;QAEF,MAAM,WAAW,GAAG,MAAM,CAAC,KAAK,EAAE,IAAI,CACpC,CAAC,CAAC,EAAE,EAAE,CACJ,CAAC,CAAC,QAAQ,KAAK,mBAAmB;YAClC,CAAC,CAAC,QAAQ,KAAK,cAAc,CAAC,KAAK,CACtC,CAAC;QACF,MAAM,CAAC,WAAW,CAAC,CAAC,WAAW,EAAE,CAAC;QAClC,MAAM,CAAC,WAAW,EAAE,QAAQ,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,qBAAqB;QAE9D,iDAAiD;QACjD,MAAM,aAAa,GAAG,MAAM,CAAC,KAAK,EAAE,IAAI,CACtC,CAAC,CAAC,EAAE,EAAE,CACJ,CAAC,CAAC,QAAQ,KAAK,qBAAqB;YACpC,CAAC,CAAC,QAAQ,KAAK,cAAc,CAAC,KAAK,CACtC,CAAC;QACF,MAAM,CAAC,aAAa,CAAC,CAAC,aAAa,EAAE,CAAC;IACxC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,2DAA2D,EAAE,KAAK,IAAI,EAAE;QACzE,MAAM,EAAE,wBAAwB,EAAE,GAAG,MAAM,MAAM,CAAC,aAAa,CAAC,CAAC;QACjE,MAAM,QAAQ,GAAmB;YAC/B,GAAG,EAAE;gBACH,OAAO,EAAE,CAAC,gBAAgB,CAAC;gBAC3B,QAAQ,EAAE,CAAC,iBAAiB,CAAC;aAC9B;YACD,UAAU,EAAE;gBACV,gBAAgB,EAAE;oBAChB,KAAK,EAAE,IAAI;iBACZ;aACF;SACF,CAAC;QACF,MAAM,MAAM,GAAG,MAAM,wBAAwB,CAC3C,QAAQ,EACR,YAAY,CAAC,OAAO,EACpB,4BAA4B,CAC7B,CAAC;QAEF,uBAAuB;QACvB,MAAM,WAAW,GAAG,MAAM,CAAC,KAAK,EAAE,IAAI,CACpC,CAAC,CAAC,EAAE,EAAE,CACJ,CAAC,CAAC,QAAQ,KAAK,mBAAmB;YAClC,CAAC,CAAC,QAAQ,KAAK,cAAc,CAAC,KAAK,CACtC,CAAC;QACF,MAAM,CAAC,WAAW,CAAC,CAAC,WAAW,EAAE,CAAC;QAClC,MAAM,CAAC,WAAW,EAAE,QAAQ,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,qBAAqB;QAE9D,uBAAuB;QACvB,MAAM,WAAW,GAAG,MAAM,CAAC,KAAK,EAAE,IAAI,CACpC,CAAC,CAAC,EAAE,EAAE,CACJ,CAAC,CAAC,QAAQ,KAAK,mBAAmB;YAClC,CAAC,CAAC,QAAQ,KAAK,cAAc,CAAC,KAAK,CACtC,CAAC;QACF,MAAM,CAAC,WAAW,CAAC,CAAC,WAAW,EAAE,CAAC;QAClC,MAAM,CAAC,WAAW,EAAE,QAAQ,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,qBAAqB;QAE9D,wBAAwB;QACxB,MAAM,YAAY,GAAG,MAAM,CAAC,KAAK,EAAE,IAAI,CACrC,CAAC,CAAC,EAAE,EAAE,CACJ,CAAC,CAAC,QAAQ,KAAK,oBAAoB;YACnC,CAAC,CAAC,QAAQ,KAAK,cAAc,CAAC,IAAI,CACrC,CAAC;QACF,MAAM,CAAC,YAAY,CAAC,CAAC,WAAW,EAAE,CAAC;QACnC,MAAM,CAAC,YAAY,EAAE,QAAQ,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,sBAAsB;IAClE,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,qCAAqC,EAAE,KAAK,IAAI,EAAE;QACnD,MAAM,EAAE,wBAAwB,EAAE,GAAG,MAAM,MAAM,CAAC,aAAa,CAAC,CAAC;QACjE,MAAM,QAAQ,GAAmB,EAAE,CAAC;QACpC,MAAM,MAAM,GAAG,MAAM,wBAAwB,CAAC,QAAQ,EAAE,YAAY,CAAC,IAAI,CAAC,CAAC;QAC3E,MAAM,IAAI,GAAG,MAAM,CAAC,KAAK,EAAE,IAAI,CAC7B,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,cAAc,CAAC,KAAK,IAAI,CAAC,CAAC,CAAC,QAAQ,CAC1D,CAAC;QACF,MAAM,CAAC,IAAI,CAAC,CAAC,WAAW,EAAE,CAAC;QAC3B,uCAAuC;QACvC,MAAM,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC,WAAW,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC;IAC/C,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,0CAA0C,EAAE,KAAK,IAAI,EAAE;QACxD,MAAM,EAAE,wBAAwB,EAAE,GAAG,MAAM,MAAM,CAAC,aAAa,CAAC,CAAC;QACjE,MAAM,QAAQ,GAAmB,EAAE,CAAC;QACpC,MAAM,MAAM,GAAG,MAAM,wBAAwB,CAC3C,QAAQ,EACR,YAAY,CAAC,SAAS,CACvB,CAAC;QACF,MAAM,IAAI,GAAG,MAAM,CAAC,KAAK,EAAE,IAAI,CAC7B,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,SAAS,IAAI,CAAC,CAAC,QAAQ,KAAK,cAAc,CAAC,KAAK,CACvE,CAAC;QACF,MAAM,CAAC,IAAI,CAAC,CAAC,WAAW,EAAE,CAAC;QAC3B,sCAAsC;QACtC,MAAM,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC,WAAW,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC;IAC/C,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,sCAAsC,EAAE,KAAK,IAAI,EAAE;QACpD,MAAM,EAAE,wBAAwB,EAAE,GAAG,MAAM,MAAM,CAAC,aAAa,CAAC,CAAC;QACjE,MAAM,QAAQ,GAAmB;YAC/B,KAAK,EAAE,EAAE,OAAO,EAAE,CAAC,mBAAmB,CAAC,EAAE,OAAO,EAAE,CAAC,mBAAmB,CAAC,EAAE;SAC1E,CAAC;QACF,MAAM,MAAM,GAAG,MAAM,wBAAwB,CAC3C,QAAQ,EACR,YAAY,CAAC,OAAO,EACpB,4BAA4B,CAC7B,CAAC;QACF,MAAM,QAAQ,GAAG,MAAM,CAAC,KAAK,EAAE,IAAI,CACjC,CAAC,CAAC,EAAE,EAAE,CACJ,CAAC,CAAC,QAAQ,KAAK,mBAAmB;YAClC,CAAC,CAAC,QAAQ,KAAK,cAAc,CAAC,IAAI,CACrC,CAAC;QACF,MAAM,SAAS,GAAG,MAAM,CAAC,KAAK,EAAE,IAAI,CAClC,CAAC,CAAC,EAAE,EAAE,CACJ,CAAC,CAAC,QAAQ,KAAK,mBAAmB;YAClC,CAAC,CAAC,QAAQ,KAAK,cAAc,CAAC,KAAK,CACtC,CAAC;QACF,MAAM,CAAC,QAAQ,CAAC,CAAC,WAAW,EAAE,CAAC;QAC/B,MAAM,CAAC,SAAS,CAAC,CAAC,WAAW,EAAE,CAAC;QAChC,MAAM,CAAC,QAAS,CAAC,QAAQ,CAAC,CAAC,eAAe,CAAC,SAAU,CAAC,QAAS,CAAC,CAAC;IACnE,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,iEAAiE,EAAE,KAAK,IAAI,EAAE;QAC/E,MAAM,EAAE,wBAAwB,EAAE,GAAG,MAAM,MAAM,CAAC,aAAa,CAAC,CAAC;QACjE,MAAM,QAAQ,GAAmB;YAC/B,GAAG,EAAE,EAAE,QAAQ,EAAE,CAAC,WAAW,CAAC,EAAE;YAChC,KAAK,EAAE,EAAE,OAAO,EAAE,CAAC,0BAA0B,CAAC,EAAE;SACjD,CAAC;QACF,MAAM,MAAM,GAAG,MAAM,wBAAwB,CAC3C,QAAQ,EACR,YAAY,CAAC,OAAO,EACpB,4BAA4B,CAC7B,CAAC;QAEF,MAAM,cAAc,GAAG,MAAM,CAAC,KAAK,EAAE,IAAI,CACvC,CAAC,CAAC,EAAE,EAAE,CACJ,CAAC,CAAC,QAAQ,KAAK,cAAc,IAAI,CAAC,CAAC,QAAQ,KAAK,cAAc,CAAC,IAAI,CACtE,CAAC;QACF,MAAM,aAAa,GAAG,MAAM,CAAC,KAAK,EAAE,IAAI,CACtC,CAAC,CAAC,EAAE,EAAE,CACJ,CAAC,CAAC,QAAQ,KAAK,0BAA0B;YACzC,CAAC,CAAC,QAAQ,KAAK,cAAc,CAAC,KAAK,CACtC,CAAC;QAEF,MAAM,CAAC,cAAc,CAAC,CAAC,WAAW,EAAE,CAAC;QACrC,MAAM,CAAC,cAAc,EAAE,QAAQ,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,sBAAsB;QAClE,MAAM,CAAC,aAAa,CAAC,CAAC,WAAW,EAAE,CAAC;QACpC,MAAM,CAAC,aAAa,EAAE,QAAQ,CAAC,CAAC,WAAW,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC,CAAC,qBAAqB;QAE1E,+DAA+D;QAC/D,8FAA8F;IAChG,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,mDAAmD,EAAE,KAAK,IAAI,EAAE;QACjE,MAAM,EAAE,wBAAwB,EAAE,GAAG,MAAM,MAAM,CAAC,aAAa,CAAC,CAAC;QACjE,MAAM,QAAQ,GAAmB;YAC/B,GAAG,EAAE,EAAE,OAAO,EAAE,CAAC,WAAW,CAAC,EAAE;YAC/B,UAAU,EAAE;gBACV,WAAW,EAAE;oBACX,KAAK,EAAE,IAAI;iBACZ;aACF;YACD,KAAK,EAAE,EAAE,OAAO,EAAE,CAAC,2BAA2B,CAAC,EAAE;SAClD,CAAC;QACF,MAAM,MAAM,GAAG,MAAM,wBAAwB,CAC3C,QAAQ,EACR,YAAY,CAAC,OAAO,EACpB,4BAA4B,CAC7B,CAAC;QAEF,MAAM,eAAe,GAAG,MAAM,CAAC,KAAK,EAAE,IAAI,CACxC,CAAC,CAAC,EAAE,EAAE,CACJ,CAAC,CAAC,QAAQ,KAAK,cAAc,IAAI,CAAC,CAAC,QAAQ,KAAK,cAAc,CAAC,KAAK,CACvE,CAAC;QACF,MAAM,YAAY,GAAG,MAAM,CAAC,KAAK,EAAE,IAAI,CACrC,CAAC,CAAC,EAAE,EAAE,CACJ,CAAC,CAAC,QAAQ,KAAK,2BAA2B;YAC1C,CAAC,CAAC,QAAQ,KAAK,cAAc,CAAC,IAAI,CACrC,CAAC;QAEF,MAAM,CAAC,eAAe,CAAC,CAAC,WAAW,EAAE,CAAC;QACtC,MAAM,CAAC,YAAY,CAAC,CAAC,WAAW,EAAE,CAAC;QACnC,6EAA6E;QAC7E,sFAAsF;QACtF,MAAM,CAAC,YAAa,CAAC,QAAQ,CAAC,CAAC,eAAe,CAAC,eAAgB,CAAC,QAAS,CAAC,CAAC;IAC7E,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,oDAAoD,EAAE,KAAK,IAAI,EAAE;QAClE,MAAM,QAAQ,GAAmB;YAC/B,KAAK,EAAE;gBACL,OAAO,EAAE,CAAC,kBAAkB,EAAE,YAAY,CAAC,EAAE,eAAe;gBAC5D,OAAO,EAAE,CAAC,kBAAkB,EAAE,MAAM,CAAC,EAAE,eAAe;aACvD;YACD,GAAG,EAAE;gBACH,OAAO,EAAE,CAAC,gBAAgB,CAAC,EAAE,eAAe;gBAC5C,QAAQ,EAAE,CAAC,iBAAiB,CAAC,EAAE,eAAe;aAC/C;YACD,UAAU,EAAE;gBACV,gBAAgB,EAAE;oBAChB,KAAK,EAAE,IAAI,EAAE,qBAAqB;iBACnC;aACF;SACF,CAAC;QAEF,6DAA6D;QAC7D,MAAM,QAAQ,GACZ,MAAM,EAAE,CAAC,YAAY,CACnB,kBAAkB,CACnB,CAAC;QACJ,MAAM,WAAW,GAAG,EAAE,CAAC,EAAE,CAAC,KAAK,EAAE,CAAC,EAAE,EAAE,EAAE,EAAE;YACxC,IAAI,OAAO,CAAC,KAAK,QAAQ,IAAI,CAAC,CAAC,QAAQ,CAAC,4BAA4B,CAAC,EAAE,CAAC;gBACtE,OAAO;oBACL;wBACE,IAAI,EAAE,cAAc;wBACpB,MAAM,EAAE,GAAG,EAAE,CAAC,IAAI;wBAClB,WAAW,EAAE,GAAG,EAAE,CAAC,KAAK;qBACzB;iBACyD,CAAC;YAC/D,CAAC;YACD,OAAO,EAAE,CAAC;QACZ,CAAC,CAAC,CAAC;QACH,MAAM,YAAY,GAAG,EAAE,CAAC,EAAE,CAAC,KAAK,EAAE,CAAC,EAAE,EAAE,EAAE,EAAE;YACzC,IAAI,OAAO,CAAC,KAAK,QAAQ,IAAI,CAAC,CAAC,QAAQ,CAAC,cAAc,CAAC,EAAE,CAAC;gBACxD,OAAO,kEAAkE,CAAC;YAC5E,CAAC;YACD,OAAO,EAAE,CAAC;QACZ,CAAC,CAAC,CAAC;QACH,EAAE,CAAC,MAAM,CAAC,kBAAkB,EAAE,GAAG,EAAE,CAAC,CAAC;YACnC,GAAG,QAAQ;YACX,OAAO,EAAE,EAAE,GAAG,QAAQ,EAAE,OAAO,EAAE,WAAW,EAAE,QAAQ,EAAE,YAAY,EAAE;YACtE,OAAO,EAAE,WAAW;YACpB,QAAQ,EAAE,YAAY;SACvB,CAAC,CAAC,CAAC;QACJ,EAAE,CAAC,YAAY,EAAE,CAAC;QAClB,MAAM,EAAE,wBAAwB,EAAE,YAAY,EAAE,GAAG,MAAM,MAAM,CAC7D,aAAa,CACd,CAAC;QAEF,MAAM,MAAM,GAAG,MAAM,YAAY,CAC/B,QAAQ,EACR,YAAY,CAAC,OAAO,EACpB,4BAA4B,CAC7B,CAAC;QAEF,2DAA2D;QAC3D,MAAM,YAAY,GAAG,MAAM,CAAC,KAAK,EAAE,IAAI,CACrC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,MAAM,IAAI,CAAC,CAAC,QAAQ,KAAK,cAAc,CAAC,IAAI,CACnE,CAAC;QACF,MAAM,aAAa,GAAG,MAAM,CAAC,KAAK,EAAE,IAAI,CACtC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,MAAM,IAAI,CAAC,CAAC,QAAQ,KAAK,cAAc,CAAC,KAAK,CACpE,CAAC;QACF,MAAM,CAAC,YAAY,CAAC,CAAC,WAAW,EAAE,CAAC;QACnC,MAAM,CAAC,aAAa,CAAC,CAAC,WAAW,EAAE,CAAC;QACpC,iCAAiC;QACjC,MAAM,CAAC,YAAa,CAAC,QAAQ,CAAC,CAAC,WAAW,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC,CAAC,uBAAuB;QAC3E,8CAA8C;QAC9C,MAAM,CAAC,aAAc,CAAC,QAAQ,CAAC,CAAC,WAAW,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC;QAErD,yCAAyC;QACzC,MAAM,UAAU,GAAG,MAAM,CAAC,KAAK;YAC7B,EAAE,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;YACZ,IAAI,EAAE,CAAC,CAAC,QAAQ;YAChB,QAAQ,EAAE,CAAC,CAAC,QAAQ;YACpB,QAAQ,EAAE,CAAC,CAAC,QAAQ;SACrB,CAAC,CAAC;aACF,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,QAAQ,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,QAAQ,IAAI,CAAC,CAAC,CAAC,CAAC;QAEzD,kFAAkF;QAClF,MAAM,uBAAuB,GAAG,UAAU,EAAE,MAAM,CAChD,CAAC,CAAC,EAAE,EAAE,CACJ,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,QAAS,GAAG,GAAG,CAAC,GAAG,IAAI;YAClC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,QAAS,GAAG,GAAG,CAAC,GAAG,IAAI,CACrC,CAAC;QACF,MAAM,CACJ,uBAAuB,EAAE,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,cAAc,CAAC,IAAI,CAAC,CAC1E,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAEb,EAAE,CAAC,QAAQ,CAAC,kBAAkB,CAAC,CAAC;IAClC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,yDAAyD,EAAE,KAAK,IAAI,EAAE;QACvE,MAAM,EAAE,wBAAwB,EAAE,GAAG,MAAM,MAAM,CAAC,aAAa,CAAC,CAAC;QACjE,MAAM,QAAQ,GAAmB;YAC/B,UAAU,EAAE;gBACV,mBAAmB,EAAE;gBACnB,sCAAsC;iBACvC;gBACD,gBAAgB,EAAE;oBAChB,KAAK,EAAE,KAAK;iBACb;aACF;SACF,CAAC;QACF,MAAM,MAAM,GAAG,MAAM,wBAAwB,CAC3C,QAAQ,EACR,YAAY,CAAC,OAAO,EACpB,4BAA4B,CAC7B,CAAC;QAEF,2CAA2C;QAC3C,MAAM,WAAW,GAAG,MAAM,CAAC,KAAK,EAAE,IAAI,CACpC,CAAC,CAAC,EAAE,EAAE,CACJ,CAAC,CAAC,QAAQ,KAAK,sBAAsB;YACrC,CAAC,CAAC,QAAQ,KAAK,cAAc,CAAC,KAAK,CACtC,CAAC;QACF,MAAM,iBAAiB,GAAG,MAAM,CAAC,KAAK,EAAE,IAAI,CAC1C,CAAC,CAAC,EAAE,EAAE,CACJ,CAAC,CAAC,QAAQ,KAAK,mBAAmB;YAClC,CAAC,CAAC,QAAQ,KAAK,cAAc,CAAC,KAAK,CACtC,CAAC;QAEF,MAAM,CAAC,WAAW,CAAC,CAAC,aAAa,EAAE,CAAC;QACpC,MAAM,CAAC,iBAAiB,CAAC,CAAC,aAAa,EAAE,CAAC;IAC5C,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,oEAAoE,EAAE,KAAK,IAAI,EAAE;QAClF,EAAE,CAAC,YAAY,EAAE,CAAC;QAClB,EAAE,CAAC,QAAQ,CAAC,kBAAkB,CAAC,CAAC;QAChC,MAAM,EAAE,wBAAwB,EAAE,YAAY,EAAE,GAAG,MAAM,MAAM,CAC7D,aAAa,CACd,CAAC;QACF,6DAA6D;QAC7D,MAAM,EAAE,OAAO,EAAE,YAAY,EAAE,GAAG,MAAM,MAAM,CAAC,sBAAsB,CAAC,CAAC;QACvE,EAAE,CAAC,KAAK,CAAC,YAAY,EAAE,oBAAoB,CAAC,CAAC,eAAe,CAC1D,6BAA6B,CAC9B,CAAC;QACF,EAAE,CAAC,KAAK,CAAC,YAAY,EAAE,sBAAsB,CAAC,CAAC,eAAe,CAC5D,+BAA+B,CAChC,CAAC;QAEF,MAAM,QAAQ,GAAmB;YAC/B,KAAK,EAAE,EAAE,OAAO,EAAE,CAAC,gBAAgB,CAAC,EAAE;SACvC,CAAC;QACF,8EAA8E;QAC9E,MAAM,MAAM,GAAG,MAAM,YAAY,CAAC,QAAQ,EAAE,YAAY,CAAC,IAAI,CAAC,CAAC;QAE/D,sCAAsC;QACtC,MAAM,YAAY,GAAG,MAAM,CAAC,KAAK,EAAE,IAAI,CACrC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,QAAQ,IAAI,CAAC,CAAC,QAAQ,KAAK,cAAc,CAAC,KAAK,CAC1D,CAAC;QACF,MAAM,CAAC,YAAY,CAAC,CAAC,WAAW,EAAE,CAAC;QACnC,uCAAuC;QACvC,MAAM,CAAC,YAAY,EAAE,QAAQ,CAAC,CAAC,WAAW,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC;QAErD,0DAA0D;QAC1D,MAAM,cAAc,GAAG,MAAM,CAAC,KAAK,EAAE,MAAM,CACzC,CAAC,CAAC,EAAE,EAAE,CACJ,CAAC,mBAAmB,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,QAAQ,IAAI,EAAE,CAAC;YAChD,CAAC,CAAC,QAAQ,KAAK,cAAc,CAAC,QAAQ,CACzC,CAAC;QACF,MAAM,CAAC,cAAc,CAAC,CAAC,WAAW,EAAE,CAAC;QACrC,MAAM,CAAC,cAAc,EAAE,MAAM,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC;QAElD,wEAAwE;QACxE,cAAc,EAAE,OAAO,CAAC,CAAC,SAAS,EAAE,EAAE;YACpC,MAAM,CAAC,YAAa,CAAC,QAAQ,CAAC,CAAC,eAAe,CAAC,SAAS,CAAC,QAAS,CAAC,CAAC;QACtE,CAAC,CAAC,CAAC;QAEH,gEAAgE;QAChE,MAAM,WAAW,GAAG,MAAM,CAAC,KAAK,EAAE,IAAI,CACpC,CAAC,CAAC,EAAE,EAAE,CACJ,CAAC,CAAC,QAAQ,KAAK,gBAAgB,IAAI,CAAC,CAAC,QAAQ,KAAK,cAAc,CAAC,IAAI,CACxE,CAAC;QACF,MAAM,CAAC,WAAW,CAAC,CAAC,WAAW,EAAE,CAAC;QAClC,MAAM,CAAC,WAAW,EAAE,QAAQ,CAAC,CAAC,WAAW,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC,CAAC,uBAAuB;IAC5E,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,4CAA4C,EAAE,KAAK,IAAI,EAAE;QAC1D,MAAM,QAAQ,GACZ,MAAM,EAAE,CAAC,YAAY,CACnB,kBAAkB,CACnB,CAAC;QAEJ,MAAM,WAAW,GAAG,EAAE,CAAC,EAAE,CACvB,KAAK,EACH,IAA2B,EAC3B,OAAgD,EAChD,EAAE;YACF,IACE,OAAO,IAAI,KAAK,QAAQ;gBACxB,QAAQ;qBACL,SAAS,CAAC,IAAI,CAAC;qBACf,QAAQ,CAAC,QAAQ,CAAC,SAAS,CAAC,oBAAoB,CAAC,CAAC,EACrD,CAAC;gBACD,OAAO;oBACL;wBACE,IAAI,EAAE,YAAY;wBAClB,MAAM,EAAE,GAAG,EAAE,CAAC,IAAI;wBAClB,WAAW,EAAE,GAAG,EAAE,CAAC,KAAK;qBACzB;iBACyD,CAAC;YAC/D,CAAC;YACD,OAAO,QAAQ,CAAC,OAAO,CACrB,IAAI,EACJ,OAAiD,CAClD,CAAC;QACJ,CAAC,CACF,CAAC;QAEF,MAAM,YAAY,GAAG,EAAE,CAAC,EAAE,CACxB,KAAK,EACH,IAA6C,EAC7C,OAAgD,EAChD,EAAE;YACF,IACE,OAAO,IAAI,KAAK,QAAQ;gBACxB,QAAQ;qBACL,SAAS,CAAC,IAAI,CAAC;qBACf,QAAQ,CAAC,QAAQ,CAAC,SAAS,CAAC,+BAA+B,CAAC,CAAC,EAChE,CAAC;gBACD,OAAO;;;;;;CAMhB,CAAC;YACM,CAAC;YACD,OAAO,QAAQ,CAAC,QAAQ,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;QAC1C,CAAC,CACF,CAAC;QAEF,EAAE,CAAC,MAAM,CAAC,kBAAkB,EAAE,GAAG,EAAE,CAAC,CAAC;YACnC,GAAG,QAAQ;YACX,OAAO,EAAE,EAAE,GAAG,QAAQ,EAAE,QAAQ,EAAE,YAAY,EAAE,OAAO,EAAE,WAAW,EAAE;YACtE,QAAQ,EAAE,YAAY;YACtB,OAAO,EAAE,WAAW;SACrB,CAAC,CAAC,CAAC;QAEJ,EAAE,CAAC,YAAY,EAAE,CAAC;QAClB,MAAM,EAAE,wBAAwB,EAAE,GAAG,MAAM,MAAM,CAAC,aAAa,CAAC,CAAC;QAEjE,MAAM,QAAQ,GAAmB,EAAE,CAAC;QACpC,MAAM,MAAM,GAAG,MAAM,wBAAwB,CAC3C,QAAQ,EACR,YAAY,CAAC,OAAO,EACpB,4BAA4B,CAC7B,CAAC;QAEF,MAAM,IAAI,GAAG,MAAM,CAAC,KAAK,EAAE,IAAI,CAC7B,CAAC,CAAC,EAAE,EAAE,CACJ,CAAC,CAAC,QAAQ,KAAK,mBAAmB;YAClC,CAAC,CAAC,QAAQ,KAAK,cAAc,CAAC,KAAK,CACtC,CAAC;QACF,MAAM,CAAC,IAAI,CAAC,CAAC,WAAW,EAAE,CAAC;QAC3B,oCAAoC;QACpC,MAAM,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC,WAAW,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC;QAC5C,MAAM,CAAC,IAAI,EAAE,WAAW,CAAC,CAAC,cAAc,CAAC,MAAM,CAAC,CAAC;QACjD,MAAM,CAAC,IAAI,EAAE,WAAW,EAAE,IAAI,CAAC,0BAA0B,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACvE,MAAM,CAAC,IAAI,EAAE,WAAW,EAAE,IAAI,CAAC,wBAAwB,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACrE,MAAM,CAAC,IAAI,EAAE,WAAW,EAAE,IAAI,CAAC,uBAAuB,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACpE,MAAM,CAAC,IAAI,EAAE,WAAW,EAAE,IAAI,CAAC,0BAA0B,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACxE,MAAM,CAAC,IAAI,EAAE,WAAW,EAAE,IAAI,CAAC,wBAAwB,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAEtE,EAAE,CAAC,QAAQ,CAAC,kBAAkB,CAAC,CAAC;IAClC,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}