@mcoda/codali 0.1.87 → 0.1.89
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/cli/EvalCommand.d.ts +8 -0
- package/dist/cli/EvalCommand.d.ts.map +1 -1
- package/dist/cli/EvalCommand.js +93 -1
- package/dist/cli.d.ts.map +1 -1
- package/dist/cli.js +1 -0
- package/dist/docdex/DocdexClient.d.ts +8 -1
- package/dist/docdex/DocdexClient.d.ts.map +1 -1
- package/dist/docdex/DocdexClient.js +126 -33
- package/dist/eval/CodaliGatewayLiveHarness.d.ts +169 -0
- package/dist/eval/CodaliGatewayLiveHarness.d.ts.map +1 -0
- package/dist/eval/CodaliGatewayLiveHarness.js +824 -0
- package/dist/eval/GatewayEvalSuite.d.ts +202 -0
- package/dist/eval/GatewayEvalSuite.d.ts.map +1 -0
- package/dist/eval/GatewayEvalSuite.js +673 -0
- package/dist/gateway/AgentTierResolver.d.ts +74 -0
- package/dist/gateway/AgentTierResolver.d.ts.map +1 -0
- package/dist/gateway/AgentTierResolver.js +576 -0
- package/dist/gateway/AppToolGatewayDispatcher.d.ts +88 -0
- package/dist/gateway/AppToolGatewayDispatcher.d.ts.map +1 -0
- package/dist/gateway/AppToolGatewayDispatcher.js +381 -0
- package/dist/gateway/CodaliGateway.d.ts +73 -0
- package/dist/gateway/CodaliGateway.d.ts.map +1 -0
- package/dist/gateway/CodaliGateway.js +824 -0
- package/dist/gateway/CodaliGatewaySchemas.d.ts +21 -0
- package/dist/gateway/CodaliGatewaySchemas.d.ts.map +1 -0
- package/dist/gateway/CodaliGatewaySchemas.js +874 -0
- package/dist/gateway/CodaliGatewayStore.d.ts +157 -0
- package/dist/gateway/CodaliGatewayStore.d.ts.map +1 -0
- package/dist/gateway/CodaliGatewayStore.js +206 -0
- package/dist/gateway/CodaliGatewayTypes.d.ts +336 -0
- package/dist/gateway/CodaliGatewayTypes.d.ts.map +1 -0
- package/dist/gateway/CodaliGatewayTypes.js +1 -0
- package/dist/gateway/ContextPackBuilder.d.ts +43 -0
- package/dist/gateway/ContextPackBuilder.d.ts.map +1 -0
- package/dist/gateway/ContextPackBuilder.js +317 -0
- package/dist/gateway/EvidenceNormalizer.d.ts +42 -0
- package/dist/gateway/EvidenceNormalizer.d.ts.map +1 -0
- package/dist/gateway/EvidenceNormalizer.js +488 -0
- package/dist/gateway/GatewayPlanner.d.ts +195 -0
- package/dist/gateway/GatewayPlanner.d.ts.map +1 -0
- package/dist/gateway/GatewayPlanner.js +379 -0
- package/dist/gateway/GatewayPolicyCompiler.d.ts +30 -0
- package/dist/gateway/GatewayPolicyCompiler.d.ts.map +1 -0
- package/dist/gateway/GatewayPolicyCompiler.js +114 -0
- package/dist/gateway/GatewaySecurityPolicy.d.ts +14 -0
- package/dist/gateway/GatewaySecurityPolicy.d.ts.map +1 -0
- package/dist/gateway/GatewaySecurityPolicy.js +350 -0
- package/dist/gateway/GatewayStateMachine.d.ts +165 -0
- package/dist/gateway/GatewayStateMachine.d.ts.map +1 -0
- package/dist/gateway/GatewayStateMachine.js +790 -0
- package/dist/gateway/GatewayTraceReplay.d.ts +120 -0
- package/dist/gateway/GatewayTraceReplay.d.ts.map +1 -0
- package/dist/gateway/GatewayTraceReplay.js +273 -0
- package/dist/gateway/ToolCapabilityCompiler.d.ts +50 -0
- package/dist/gateway/ToolCapabilityCompiler.d.ts.map +1 -0
- package/dist/gateway/ToolCapabilityCompiler.js +442 -0
- package/dist/index.d.ts +33 -1
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +16 -0
- package/dist/runtime/CodaliJobRuntime.d.ts +211 -0
- package/dist/runtime/CodaliJobRuntime.d.ts.map +1 -0
- package/dist/runtime/CodaliJobRuntime.js +590 -0
- package/dist/runtime/CodaliRuntime.d.ts +81 -1
- package/dist/runtime/CodaliRuntime.d.ts.map +1 -1
- package/dist/runtime/CodaliRuntime.js +619 -4
- package/dist/tools/ToolRegistry.d.ts.map +1 -1
- package/dist/tools/ToolRegistry.js +4 -0
- package/dist/tools/ToolTypes.d.ts +1 -1
- package/dist/tools/ToolTypes.d.ts.map +1 -1
- package/dist/tools/ToolTypes.js +5 -1
- package/package.json +3 -3
|
@@ -0,0 +1,88 @@
|
|
|
1
|
+
import type { CodaliRuntimeAppToolContract, CodaliRuntimeAppToolGatewayContract } from "../runtime/CodaliRuntime.js";
|
|
2
|
+
export declare const CODALI_APP_TOOL_GATEWAY_VERSION = "codali.app_tool_gateway.v1";
|
|
3
|
+
export type AppToolGatewayDispatchErrorCode = "GATEWAY_TOOL_NOT_ALLOWED" | "GATEWAY_TOOL_DENIED" | "GATEWAY_CONTRACT_NOT_READ_ONLY" | "GATEWAY_ENDPOINT_REQUIRED" | "GATEWAY_SIGNATURE_REQUIRED" | "GATEWAY_INVALID_ARGS" | "GATEWAY_SCOPE_OVERRIDE_BLOCKED" | "GATEWAY_HTTP_FAILED" | "GATEWAY_RESPONSE_MALFORMED";
|
|
4
|
+
export declare class AppToolGatewayDispatchError extends Error {
|
|
5
|
+
readonly code: AppToolGatewayDispatchErrorCode;
|
|
6
|
+
readonly retryable: boolean;
|
|
7
|
+
readonly details?: Record<string, unknown>;
|
|
8
|
+
constructor(code: AppToolGatewayDispatchErrorCode, message: string, options?: {
|
|
9
|
+
retryable?: boolean;
|
|
10
|
+
details?: Record<string, unknown>;
|
|
11
|
+
});
|
|
12
|
+
}
|
|
13
|
+
export interface CodaliAppToolGatewayScope extends Record<string, unknown> {
|
|
14
|
+
tenant_id?: string;
|
|
15
|
+
tenant_slug?: string;
|
|
16
|
+
docdex_repo_id?: string;
|
|
17
|
+
}
|
|
18
|
+
export interface CodaliAppToolGatewayRequesterScope extends Record<string, unknown> {
|
|
19
|
+
request_id?: string;
|
|
20
|
+
owner_user_id?: string;
|
|
21
|
+
api_key_id?: string;
|
|
22
|
+
agent_slug?: string;
|
|
23
|
+
}
|
|
24
|
+
export interface CodaliAppToolGatewayUnsignedRequest {
|
|
25
|
+
version: typeof CODALI_APP_TOOL_GATEWAY_VERSION;
|
|
26
|
+
run_id: string;
|
|
27
|
+
session_id?: string;
|
|
28
|
+
request_id?: string;
|
|
29
|
+
tenant_scope?: CodaliAppToolGatewayScope;
|
|
30
|
+
requester_scope?: CodaliAppToolGatewayRequesterScope;
|
|
31
|
+
tool_name: string;
|
|
32
|
+
validated_args: unknown;
|
|
33
|
+
timestamp: string;
|
|
34
|
+
nonce: string;
|
|
35
|
+
read_only: true;
|
|
36
|
+
call_schema?: Record<string, unknown>;
|
|
37
|
+
result_contract?: string;
|
|
38
|
+
result_sources?: string[];
|
|
39
|
+
source_paths?: string[];
|
|
40
|
+
source_types?: string[];
|
|
41
|
+
}
|
|
42
|
+
export interface CodaliAppToolGatewaySignedRequest extends CodaliAppToolGatewayUnsignedRequest {
|
|
43
|
+
signature: string;
|
|
44
|
+
}
|
|
45
|
+
export interface AppToolGatewayDispatchInput {
|
|
46
|
+
runId: string;
|
|
47
|
+
sessionId?: string;
|
|
48
|
+
requestId?: string;
|
|
49
|
+
tenantScope?: CodaliAppToolGatewayScope;
|
|
50
|
+
requesterScope?: CodaliAppToolGatewayRequesterScope;
|
|
51
|
+
toolName: string;
|
|
52
|
+
args: unknown;
|
|
53
|
+
contract: CodaliRuntimeAppToolContract;
|
|
54
|
+
gateway: CodaliRuntimeAppToolGatewayContract;
|
|
55
|
+
allowedTools?: string[];
|
|
56
|
+
deniedTools?: string[];
|
|
57
|
+
now?: () => Date;
|
|
58
|
+
nonce?: () => string;
|
|
59
|
+
fetchImpl?: typeof fetch;
|
|
60
|
+
}
|
|
61
|
+
export interface AppToolGatewayDispatchResult {
|
|
62
|
+
request: CodaliAppToolGatewaySignedRequest;
|
|
63
|
+
redactedRequest: unknown;
|
|
64
|
+
responseStatus: number;
|
|
65
|
+
responseText: string;
|
|
66
|
+
responsePayload: unknown;
|
|
67
|
+
evidencePayload: Record<string, unknown>;
|
|
68
|
+
redactedResponse: unknown;
|
|
69
|
+
}
|
|
70
|
+
export declare const canonicalizeAppToolGatewayPayload: (value: unknown) => string;
|
|
71
|
+
export declare const signAppToolGatewayRequest: (request: CodaliAppToolGatewayUnsignedRequest, secret: string) => string;
|
|
72
|
+
export declare const verifyAppToolGatewayRequestSignature: (request: CodaliAppToolGatewaySignedRequest, secret: string) => boolean;
|
|
73
|
+
export declare const redactAppToolGatewayPayload: (value: unknown) => unknown;
|
|
74
|
+
export declare const buildAppToolGatewaySignedRequest: (input: {
|
|
75
|
+
runId: string;
|
|
76
|
+
sessionId?: string;
|
|
77
|
+
requestId?: string;
|
|
78
|
+
tenantScope?: CodaliAppToolGatewayScope;
|
|
79
|
+
requesterScope?: CodaliAppToolGatewayRequesterScope;
|
|
80
|
+
toolName: string;
|
|
81
|
+
args: unknown;
|
|
82
|
+
contract: CodaliRuntimeAppToolContract;
|
|
83
|
+
timestamp: string;
|
|
84
|
+
nonce: string;
|
|
85
|
+
secret: string;
|
|
86
|
+
}) => CodaliAppToolGatewaySignedRequest;
|
|
87
|
+
export declare const dispatchAppToolGateway: (input: AppToolGatewayDispatchInput) => Promise<AppToolGatewayDispatchResult>;
|
|
88
|
+
//# sourceMappingURL=AppToolGatewayDispatcher.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"AppToolGatewayDispatcher.d.ts","sourceRoot":"","sources":["../../src/gateway/AppToolGatewayDispatcher.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EACV,4BAA4B,EAC5B,mCAAmC,EACpC,MAAM,6BAA6B,CAAC;AAGrC,eAAO,MAAM,+BAA+B,+BAA+B,CAAC;AAE5E,MAAM,MAAM,+BAA+B,GACvC,0BAA0B,GAC1B,qBAAqB,GACrB,gCAAgC,GAChC,2BAA2B,GAC3B,4BAA4B,GAC5B,sBAAsB,GACtB,gCAAgC,GAChC,qBAAqB,GACrB,4BAA4B,CAAC;AAEjC,qBAAa,2BAA4B,SAAQ,KAAK;IACpD,QAAQ,CAAC,IAAI,EAAE,+BAA+B,CAAC;IAC/C,QAAQ,CAAC,SAAS,EAAE,OAAO,CAAC;IAC5B,QAAQ,CAAC,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;gBAGzC,IAAI,EAAE,+BAA+B,EACrC,OAAO,EAAE,MAAM,EACf,OAAO,GAAE;QAAE,SAAS,CAAC,EAAE,OAAO,CAAC;QAAC,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAA;KAAO;CAQ3E;AAED,MAAM,WAAW,yBAA0B,SAAQ,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC;IACxE,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,cAAc,CAAC,EAAE,MAAM,CAAC;CACzB;AAED,MAAM,WAAW,kCAAmC,SAAQ,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC;IACjF,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;AAED,MAAM,WAAW,mCAAmC;IAClD,OAAO,EAAE,OAAO,+BAA+B,CAAC;IAChD,MAAM,EAAE,MAAM,CAAC;IACf,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,YAAY,CAAC,EAAE,yBAAyB,CAAC;IACzC,eAAe,CAAC,EAAE,kCAAkC,CAAC;IACrD,SAAS,EAAE,MAAM,CAAC;IAClB,cAAc,EAAE,OAAO,CAAC;IACxB,SAAS,EAAE,MAAM,CAAC;IAClB,KAAK,EAAE,MAAM,CAAC;IACd,SAAS,EAAE,IAAI,CAAC;IAChB,WAAW,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACtC,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,cAAc,CAAC,EAAE,MAAM,EAAE,CAAC;IAC1B,YAAY,CAAC,EAAE,MAAM,EAAE,CAAC;IACxB,YAAY,CAAC,EAAE,MAAM,EAAE,CAAC;CACzB;AAED,MAAM,WAAW,iCAAkC,SAAQ,mCAAmC;IAC5F,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,2BAA2B;IAC1C,KAAK,EAAE,MAAM,CAAC;IACd,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,WAAW,CAAC,EAAE,yBAAyB,CAAC;IACxC,cAAc,CAAC,EAAE,kCAAkC,CAAC;IACpD,QAAQ,EAAE,MAAM,CAAC;IACjB,IAAI,EAAE,OAAO,CAAC;IACd,QAAQ,EAAE,4BAA4B,CAAC;IACvC,OAAO,EAAE,mCAAmC,CAAC;IAC7C,YAAY,CAAC,EAAE,MAAM,EAAE,CAAC;IACxB,WAAW,CAAC,EAAE,MAAM,EAAE,CAAC;IACvB,GAAG,CAAC,EAAE,MAAM,IAAI,CAAC;IACjB,KAAK,CAAC,EAAE,MAAM,MAAM,CAAC;IACrB,SAAS,CAAC,EAAE,OAAO,KAAK,CAAC;CAC1B;AAED,MAAM,WAAW,4BAA4B;IAC3C,OAAO,EAAE,iCAAiC,CAAC;IAC3C,eAAe,EAAE,OAAO,CAAC;IACzB,cAAc,EAAE,MAAM,CAAC;IACvB,YAAY,EAAE,MAAM,CAAC;IACrB,eAAe,EAAE,OAAO,CAAC;IACzB,eAAe,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACzC,gBAAgB,EAAE,OAAO,CAAC;CAC3B;AAsGD,eAAO,MAAM,iCAAiC,GAAI,OAAO,OAAO,KAAG,MAC5B,CAAC;AAExC,eAAO,MAAM,yBAAyB,GACpC,SAAS,mCAAmC,EAC5C,QAAQ,MAAM,KACb,MAGiB,CAAC;AAErB,eAAO,MAAM,oCAAoC,GAC/C,SAAS,iCAAiC,EAC1C,QAAQ,MAAM,KACb,OASF,CAAC;AAQF,eAAO,MAAM,2BAA2B,GAAI,OAAO,OAAO,KAAG,OAiB5D,CAAC;AA+NF,eAAO,MAAM,gCAAgC,GAAI,OAAO;IACtD,KAAK,EAAE,MAAM,CAAC;IACd,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,WAAW,CAAC,EAAE,yBAAyB,CAAC;IACxC,cAAc,CAAC,EAAE,kCAAkC,CAAC;IACpD,QAAQ,EAAE,MAAM,CAAC;IACjB,IAAI,EAAE,OAAO,CAAC;IACd,QAAQ,EAAE,4BAA4B,CAAC;IACvC,SAAS,EAAE,MAAM,CAAC;IAClB,KAAK,EAAE,MAAM,CAAC;IACd,MAAM,EAAE,MAAM,CAAC;CAChB,KAAG,iCAuBH,CAAC;AAEF,eAAO,MAAM,sBAAsB,GACjC,OAAO,2BAA2B,KACjC,OAAO,CAAC,4BAA4B,CAsGtC,CAAC"}
|
|
@@ -0,0 +1,381 @@
|
|
|
1
|
+
import { createHmac, randomUUID, timingSafeEqual } from "node:crypto";
|
|
2
|
+
import { CODALI_GATEWAY_RESERVED_TOOL_ARG_KEYS } from "./ToolCapabilityCompiler.js";
|
|
3
|
+
export const CODALI_APP_TOOL_GATEWAY_VERSION = "codali.app_tool_gateway.v1";
|
|
4
|
+
export class AppToolGatewayDispatchError extends Error {
|
|
5
|
+
constructor(code, message, options = {}) {
|
|
6
|
+
super(message);
|
|
7
|
+
this.name = "AppToolGatewayDispatchError";
|
|
8
|
+
this.code = code;
|
|
9
|
+
this.retryable = options.retryable ?? false;
|
|
10
|
+
this.details = options.details;
|
|
11
|
+
}
|
|
12
|
+
}
|
|
13
|
+
const EXTRA_RESERVED_ARG_KEYS = [
|
|
14
|
+
"authorization",
|
|
15
|
+
"credential",
|
|
16
|
+
"credentials",
|
|
17
|
+
"workspaceRoot",
|
|
18
|
+
"workspace_root",
|
|
19
|
+
];
|
|
20
|
+
const RESERVED_ARG_KEY_SET = new Set([...CODALI_GATEWAY_RESERVED_TOOL_ARG_KEYS, ...EXTRA_RESERVED_ARG_KEYS].map((key) => key.toLowerCase()));
|
|
21
|
+
const SENSITIVE_KEY_PATTERN = /(?:authorization|api[_-]?key|bearer|credential|password|secret|signature|token)/i;
|
|
22
|
+
const SENSITIVE_STRING_PATTERNS = [
|
|
23
|
+
[/(Bearer\s+)[A-Za-z0-9._~+/=-]+/gi, "$1[redacted]"],
|
|
24
|
+
[
|
|
25
|
+
/((?:api[_-]?key|token|signature|secret|password)=)[^&\s]+/gi,
|
|
26
|
+
"$1[redacted]",
|
|
27
|
+
],
|
|
28
|
+
];
|
|
29
|
+
const isRecord = (value) => Boolean(value && typeof value === "object" && !Array.isArray(value));
|
|
30
|
+
const hasOwn = (record, key) => Object.prototype.hasOwnProperty.call(record, key);
|
|
31
|
+
const readString = (record, keys) => {
|
|
32
|
+
if (!record)
|
|
33
|
+
return undefined;
|
|
34
|
+
for (const key of keys) {
|
|
35
|
+
const value = record[key];
|
|
36
|
+
if (typeof value === "string" && value.trim()) {
|
|
37
|
+
return value.trim();
|
|
38
|
+
}
|
|
39
|
+
}
|
|
40
|
+
return undefined;
|
|
41
|
+
};
|
|
42
|
+
const readBoolean = (record, keys) => {
|
|
43
|
+
if (!record)
|
|
44
|
+
return undefined;
|
|
45
|
+
for (const key of keys) {
|
|
46
|
+
const value = record[key];
|
|
47
|
+
if (typeof value === "boolean") {
|
|
48
|
+
return value;
|
|
49
|
+
}
|
|
50
|
+
}
|
|
51
|
+
return undefined;
|
|
52
|
+
};
|
|
53
|
+
const readStringArray = (record, keys) => {
|
|
54
|
+
for (const key of keys) {
|
|
55
|
+
const value = record[key];
|
|
56
|
+
if (Array.isArray(value)) {
|
|
57
|
+
return value.filter((entry) => typeof entry === "string" && entry.trim().length > 0);
|
|
58
|
+
}
|
|
59
|
+
}
|
|
60
|
+
return [];
|
|
61
|
+
};
|
|
62
|
+
const normalizeRecord = (value) => isRecord(value) ? value : {};
|
|
63
|
+
const compactObject = (value) => {
|
|
64
|
+
for (const key of Object.keys(value)) {
|
|
65
|
+
if (value[key] === undefined) {
|
|
66
|
+
delete value[key];
|
|
67
|
+
}
|
|
68
|
+
}
|
|
69
|
+
return value;
|
|
70
|
+
};
|
|
71
|
+
const canonicalValue = (value) => {
|
|
72
|
+
if (Array.isArray(value)) {
|
|
73
|
+
return value.map(canonicalValue);
|
|
74
|
+
}
|
|
75
|
+
if (!isRecord(value)) {
|
|
76
|
+
return value;
|
|
77
|
+
}
|
|
78
|
+
const output = {};
|
|
79
|
+
for (const key of Object.keys(value).sort()) {
|
|
80
|
+
const entry = value[key];
|
|
81
|
+
if (entry !== undefined) {
|
|
82
|
+
output[key] = canonicalValue(entry);
|
|
83
|
+
}
|
|
84
|
+
}
|
|
85
|
+
return output;
|
|
86
|
+
};
|
|
87
|
+
export const canonicalizeAppToolGatewayPayload = (value) => JSON.stringify(canonicalValue(value));
|
|
88
|
+
export const signAppToolGatewayRequest = (request, secret) => `sha256=${createHmac("sha256", secret)
|
|
89
|
+
.update(canonicalizeAppToolGatewayPayload(request))
|
|
90
|
+
.digest("hex")}`;
|
|
91
|
+
export const verifyAppToolGatewayRequestSignature = (request, secret) => {
|
|
92
|
+
const { signature, ...unsigned } = request;
|
|
93
|
+
const expected = signAppToolGatewayRequest(unsigned, secret);
|
|
94
|
+
const signatureBuffer = Buffer.from(signature);
|
|
95
|
+
const expectedBuffer = Buffer.from(expected);
|
|
96
|
+
return (signatureBuffer.length === expectedBuffer.length &&
|
|
97
|
+
timingSafeEqual(signatureBuffer, expectedBuffer));
|
|
98
|
+
};
|
|
99
|
+
const redactSensitiveString = (value) => SENSITIVE_STRING_PATTERNS.reduce((output, [pattern, replacement]) => output.replace(pattern, replacement), value);
|
|
100
|
+
export const redactAppToolGatewayPayload = (value) => {
|
|
101
|
+
if (Array.isArray(value)) {
|
|
102
|
+
return value.map(redactAppToolGatewayPayload);
|
|
103
|
+
}
|
|
104
|
+
if (typeof value === "string") {
|
|
105
|
+
return redactSensitiveString(value);
|
|
106
|
+
}
|
|
107
|
+
if (!isRecord(value)) {
|
|
108
|
+
return value;
|
|
109
|
+
}
|
|
110
|
+
const output = {};
|
|
111
|
+
for (const [key, entry] of Object.entries(value)) {
|
|
112
|
+
output[key] = SENSITIVE_KEY_PATTERN.test(key)
|
|
113
|
+
? "[redacted]"
|
|
114
|
+
: redactAppToolGatewayPayload(entry);
|
|
115
|
+
}
|
|
116
|
+
return output;
|
|
117
|
+
};
|
|
118
|
+
const findReservedArgKeys = (value, path = "$", matches = []) => {
|
|
119
|
+
if (Array.isArray(value)) {
|
|
120
|
+
value.forEach((entry, index) => findReservedArgKeys(entry, `${path}[${index}]`, matches));
|
|
121
|
+
return matches;
|
|
122
|
+
}
|
|
123
|
+
if (!isRecord(value)) {
|
|
124
|
+
return matches;
|
|
125
|
+
}
|
|
126
|
+
for (const [key, entry] of Object.entries(value)) {
|
|
127
|
+
const childPath = `${path}.${key}`;
|
|
128
|
+
if (RESERVED_ARG_KEY_SET.has(key.toLowerCase())) {
|
|
129
|
+
matches.push(childPath);
|
|
130
|
+
}
|
|
131
|
+
findReservedArgKeys(entry, childPath, matches);
|
|
132
|
+
}
|
|
133
|
+
return matches;
|
|
134
|
+
};
|
|
135
|
+
const schemaTypeMatches = (value, type) => {
|
|
136
|
+
const types = Array.isArray(type) ? type : [type];
|
|
137
|
+
if (types.length === 0 || types.includes(undefined)) {
|
|
138
|
+
return true;
|
|
139
|
+
}
|
|
140
|
+
return types.some((entry) => {
|
|
141
|
+
if (entry === "array")
|
|
142
|
+
return Array.isArray(value);
|
|
143
|
+
if (entry === "integer")
|
|
144
|
+
return Number.isInteger(value);
|
|
145
|
+
if (entry === "null")
|
|
146
|
+
return value === null;
|
|
147
|
+
if (entry === "object")
|
|
148
|
+
return isRecord(value);
|
|
149
|
+
return typeof entry === "string" && typeof value === entry;
|
|
150
|
+
});
|
|
151
|
+
};
|
|
152
|
+
const validateArgsAgainstCallSchema = (toolName, args, schema) => {
|
|
153
|
+
const reserved = findReservedArgKeys(args);
|
|
154
|
+
if (reserved.length > 0) {
|
|
155
|
+
throw new AppToolGatewayDispatchError("GATEWAY_SCOPE_OVERRIDE_BLOCKED", "App tool gateway arguments cannot override tenant, repo, base URL, or credential scope.", { details: { tool: toolName, forbidden: reserved } });
|
|
156
|
+
}
|
|
157
|
+
if (!schema) {
|
|
158
|
+
return args;
|
|
159
|
+
}
|
|
160
|
+
if ((schema.type === undefined || schema.type === "object") && !isRecord(args)) {
|
|
161
|
+
throw new AppToolGatewayDispatchError("GATEWAY_INVALID_ARGS", "App tool gateway arguments must match the contract call schema.", { details: { tool: toolName, reason: "object_required" } });
|
|
162
|
+
}
|
|
163
|
+
const record = normalizeRecord(args);
|
|
164
|
+
const required = Array.isArray(schema.required)
|
|
165
|
+
? schema.required.filter((entry) => typeof entry === "string")
|
|
166
|
+
: [];
|
|
167
|
+
const missing = required.filter((key) => record[key] === undefined);
|
|
168
|
+
if (missing.length > 0) {
|
|
169
|
+
throw new AppToolGatewayDispatchError("GATEWAY_INVALID_ARGS", "App tool gateway arguments are missing required contract fields.", { details: { tool: toolName, missing } });
|
|
170
|
+
}
|
|
171
|
+
const properties = isRecord(schema.properties) ? schema.properties : {};
|
|
172
|
+
if (schema.additionalProperties === false) {
|
|
173
|
+
const unexpected = Object.keys(record).filter((key) => !hasOwn(properties, key));
|
|
174
|
+
if (unexpected.length > 0) {
|
|
175
|
+
throw new AppToolGatewayDispatchError("GATEWAY_INVALID_ARGS", "App tool gateway arguments include fields outside the contract schema.", { details: { tool: toolName, unexpected } });
|
|
176
|
+
}
|
|
177
|
+
}
|
|
178
|
+
for (const [key, propertySchema] of Object.entries(properties)) {
|
|
179
|
+
if (!isRecord(propertySchema) || record[key] === undefined) {
|
|
180
|
+
continue;
|
|
181
|
+
}
|
|
182
|
+
if (!schemaTypeMatches(record[key], propertySchema.type)) {
|
|
183
|
+
throw new AppToolGatewayDispatchError("GATEWAY_INVALID_ARGS", "App tool gateway argument field type does not match the contract schema.", { details: { tool: toolName, field: key, expected: propertySchema.type } });
|
|
184
|
+
}
|
|
185
|
+
}
|
|
186
|
+
return args;
|
|
187
|
+
};
|
|
188
|
+
const gatewayEndpoint = (gateway) => readString(gateway, ["endpoint"]);
|
|
189
|
+
const gatewaySigningSecret = (gateway) => readString(gateway, [
|
|
190
|
+
"signatureSecret",
|
|
191
|
+
"signature_secret",
|
|
192
|
+
"signingSecret",
|
|
193
|
+
"signing_secret",
|
|
194
|
+
"secret",
|
|
195
|
+
"signature",
|
|
196
|
+
]);
|
|
197
|
+
const assertReadOnlyContract = (contract, gateway, toolName) => {
|
|
198
|
+
const contractReadOnly = readBoolean(contract, ["readOnly", "read_only"]);
|
|
199
|
+
const gatewayReadOnly = readBoolean(gateway, ["readOnly", "read_only"]);
|
|
200
|
+
if (contractReadOnly !== true || gatewayReadOnly !== true) {
|
|
201
|
+
throw new AppToolGatewayDispatchError("GATEWAY_CONTRACT_NOT_READ_ONLY", "Direct app tool gateway dispatch requires explicit read-only contract and gateway flags.", {
|
|
202
|
+
details: {
|
|
203
|
+
tool: toolName,
|
|
204
|
+
contractReadOnly,
|
|
205
|
+
gatewayReadOnly,
|
|
206
|
+
},
|
|
207
|
+
});
|
|
208
|
+
}
|
|
209
|
+
};
|
|
210
|
+
const resultContractFor = (contract) => readString(contract, ["resultContract", "result_contract"]);
|
|
211
|
+
const callSchemaFor = (contract) => {
|
|
212
|
+
const schema = contract.callSchema ?? contract.call_schema;
|
|
213
|
+
return isRecord(schema) ? schema : undefined;
|
|
214
|
+
};
|
|
215
|
+
const parseResponsePayload = (text) => {
|
|
216
|
+
const trimmed = text.trim();
|
|
217
|
+
if (!trimmed)
|
|
218
|
+
return undefined;
|
|
219
|
+
if (!trimmed.startsWith("{") && !trimmed.startsWith("["))
|
|
220
|
+
return text;
|
|
221
|
+
try {
|
|
222
|
+
return JSON.parse(trimmed);
|
|
223
|
+
}
|
|
224
|
+
catch {
|
|
225
|
+
throw new AppToolGatewayDispatchError("GATEWAY_RESPONSE_MALFORMED", "App tool gateway returned malformed JSON.", {
|
|
226
|
+
retryable: false,
|
|
227
|
+
details: { response: redactAppToolGatewayPayload({ body: text.slice(0, 1000) }) },
|
|
228
|
+
});
|
|
229
|
+
}
|
|
230
|
+
};
|
|
231
|
+
const buildEvidencePayload = (input) => {
|
|
232
|
+
const responseRecord = isRecord(input.responsePayload) ? input.responsePayload : undefined;
|
|
233
|
+
const payload = {
|
|
234
|
+
sourceType: "app_tool",
|
|
235
|
+
tenantScoped: true,
|
|
236
|
+
tool: input.toolName,
|
|
237
|
+
usedTool: input.toolName,
|
|
238
|
+
resultContract: resultContractFor(input.contract),
|
|
239
|
+
result_contract: resultContractFor(input.contract),
|
|
240
|
+
result: input.responsePayload,
|
|
241
|
+
rawExcerpt: typeof input.responsePayload === "string" ? input.responsePayload : undefined,
|
|
242
|
+
metadata: {
|
|
243
|
+
app_tool_gateway: {
|
|
244
|
+
version: input.request.version,
|
|
245
|
+
run_id: input.request.run_id,
|
|
246
|
+
session_id: input.request.session_id,
|
|
247
|
+
request_id: input.request.request_id,
|
|
248
|
+
timestamp: input.request.timestamp,
|
|
249
|
+
nonce: input.request.nonce,
|
|
250
|
+
response_status: input.responseStatus,
|
|
251
|
+
},
|
|
252
|
+
},
|
|
253
|
+
};
|
|
254
|
+
if (responseRecord) {
|
|
255
|
+
for (const key of [
|
|
256
|
+
"evidence",
|
|
257
|
+
"evidenceItems",
|
|
258
|
+
"evidence_items",
|
|
259
|
+
"facts",
|
|
260
|
+
"sources",
|
|
261
|
+
"sourceRecords",
|
|
262
|
+
"source_records",
|
|
263
|
+
"citations",
|
|
264
|
+
"results",
|
|
265
|
+
"hits",
|
|
266
|
+
"items",
|
|
267
|
+
"records",
|
|
268
|
+
]) {
|
|
269
|
+
if (Array.isArray(responseRecord[key])) {
|
|
270
|
+
payload[key] = responseRecord[key];
|
|
271
|
+
}
|
|
272
|
+
}
|
|
273
|
+
}
|
|
274
|
+
else if (typeof input.responsePayload === "string" && input.responsePayload.trim()) {
|
|
275
|
+
payload.facts = [input.responsePayload.trim()];
|
|
276
|
+
}
|
|
277
|
+
else if (input.responseText.trim()) {
|
|
278
|
+
payload.facts = [input.responseText.trim()];
|
|
279
|
+
}
|
|
280
|
+
return compactObject(payload);
|
|
281
|
+
};
|
|
282
|
+
export const buildAppToolGatewaySignedRequest = (input) => {
|
|
283
|
+
const unsigned = compactObject({
|
|
284
|
+
version: CODALI_APP_TOOL_GATEWAY_VERSION,
|
|
285
|
+
run_id: input.runId,
|
|
286
|
+
session_id: input.sessionId,
|
|
287
|
+
request_id: input.requestId,
|
|
288
|
+
tenant_scope: input.tenantScope,
|
|
289
|
+
requester_scope: input.requesterScope,
|
|
290
|
+
tool_name: input.toolName,
|
|
291
|
+
validated_args: input.args,
|
|
292
|
+
timestamp: input.timestamp,
|
|
293
|
+
nonce: input.nonce,
|
|
294
|
+
read_only: true,
|
|
295
|
+
call_schema: callSchemaFor(input.contract),
|
|
296
|
+
result_contract: resultContractFor(input.contract),
|
|
297
|
+
result_sources: readStringArray(input.contract, ["resultSources", "result_sources"]),
|
|
298
|
+
source_paths: readStringArray(input.contract, ["sourcePaths", "source_paths"]),
|
|
299
|
+
source_types: readStringArray(input.contract, ["sourceTypes", "source_types"]),
|
|
300
|
+
});
|
|
301
|
+
return {
|
|
302
|
+
...unsigned,
|
|
303
|
+
signature: signAppToolGatewayRequest(unsigned, input.secret),
|
|
304
|
+
};
|
|
305
|
+
};
|
|
306
|
+
export const dispatchAppToolGateway = async (input) => {
|
|
307
|
+
const allowedTools = new Set(input.allowedTools ?? []);
|
|
308
|
+
const deniedTools = new Set(input.deniedTools ?? []);
|
|
309
|
+
if (allowedTools.size > 0 && !allowedTools.has(input.toolName)) {
|
|
310
|
+
throw new AppToolGatewayDispatchError("GATEWAY_TOOL_NOT_ALLOWED", "App tool gateway tool is not in the allowed tool set.", { details: { tool: input.toolName } });
|
|
311
|
+
}
|
|
312
|
+
if (deniedTools.has(input.toolName)) {
|
|
313
|
+
throw new AppToolGatewayDispatchError("GATEWAY_TOOL_DENIED", "App tool gateway tool is blocked by denied tools policy.", { details: { tool: input.toolName } });
|
|
314
|
+
}
|
|
315
|
+
assertReadOnlyContract(input.contract, input.gateway, input.toolName);
|
|
316
|
+
const endpoint = gatewayEndpoint(input.gateway);
|
|
317
|
+
if (!endpoint) {
|
|
318
|
+
throw new AppToolGatewayDispatchError("GATEWAY_ENDPOINT_REQUIRED", "App tool gateway endpoint is not configured.", { details: { tool: input.toolName } });
|
|
319
|
+
}
|
|
320
|
+
const secret = gatewaySigningSecret(input.gateway);
|
|
321
|
+
if (!secret) {
|
|
322
|
+
throw new AppToolGatewayDispatchError("GATEWAY_SIGNATURE_REQUIRED", "App tool gateway signing material is required.", { details: { tool: input.toolName } });
|
|
323
|
+
}
|
|
324
|
+
const validatedArgs = validateArgsAgainstCallSchema(input.toolName, input.args, callSchemaFor(input.contract));
|
|
325
|
+
const request = buildAppToolGatewaySignedRequest({
|
|
326
|
+
runId: input.runId,
|
|
327
|
+
sessionId: input.sessionId,
|
|
328
|
+
requestId: input.requestId,
|
|
329
|
+
tenantScope: input.tenantScope,
|
|
330
|
+
requesterScope: input.requesterScope,
|
|
331
|
+
toolName: input.toolName,
|
|
332
|
+
args: validatedArgs,
|
|
333
|
+
contract: input.contract,
|
|
334
|
+
timestamp: (input.now ?? (() => new Date()))().toISOString(),
|
|
335
|
+
nonce: (input.nonce ?? randomUUID)(),
|
|
336
|
+
secret,
|
|
337
|
+
});
|
|
338
|
+
const body = JSON.stringify(request);
|
|
339
|
+
const fetchImpl = input.fetchImpl ?? globalThis.fetch;
|
|
340
|
+
const response = await fetchImpl(endpoint, {
|
|
341
|
+
method: "POST",
|
|
342
|
+
headers: {
|
|
343
|
+
"content-type": "application/json",
|
|
344
|
+
"x-codali-app-tool-version": CODALI_APP_TOOL_GATEWAY_VERSION,
|
|
345
|
+
"x-codali-app-tool-signature": request.signature,
|
|
346
|
+
"x-codali-app-tool-timestamp": request.timestamp,
|
|
347
|
+
"x-codali-app-tool-nonce": request.nonce,
|
|
348
|
+
},
|
|
349
|
+
body,
|
|
350
|
+
});
|
|
351
|
+
const responseText = await response.text();
|
|
352
|
+
if (!response.ok) {
|
|
353
|
+
throw new AppToolGatewayDispatchError("GATEWAY_HTTP_FAILED", `App tool gateway failed with HTTP ${response.status}.`, {
|
|
354
|
+
retryable: response.status >= 500,
|
|
355
|
+
details: {
|
|
356
|
+
tool: input.toolName,
|
|
357
|
+
status: response.status,
|
|
358
|
+
request: redactAppToolGatewayPayload(request),
|
|
359
|
+
response: redactAppToolGatewayPayload({ body: responseText.slice(0, 1000) }),
|
|
360
|
+
},
|
|
361
|
+
});
|
|
362
|
+
}
|
|
363
|
+
const responsePayload = parseResponsePayload(responseText);
|
|
364
|
+
const evidencePayload = buildEvidencePayload({
|
|
365
|
+
toolName: input.toolName,
|
|
366
|
+
contract: input.contract,
|
|
367
|
+
request,
|
|
368
|
+
responseStatus: response.status,
|
|
369
|
+
responsePayload,
|
|
370
|
+
responseText,
|
|
371
|
+
});
|
|
372
|
+
return {
|
|
373
|
+
request,
|
|
374
|
+
redactedRequest: redactAppToolGatewayPayload(request),
|
|
375
|
+
responseStatus: response.status,
|
|
376
|
+
responseText,
|
|
377
|
+
responsePayload,
|
|
378
|
+
evidencePayload,
|
|
379
|
+
redactedResponse: redactAppToolGatewayPayload(responsePayload),
|
|
380
|
+
};
|
|
381
|
+
};
|
|
@@ -0,0 +1,73 @@
|
|
|
1
|
+
import type { Provider, ProviderMessage } from "../providers/ProviderTypes.js";
|
|
2
|
+
import { type AgentTierResolution } from "./AgentTierResolver.js";
|
|
3
|
+
import type { CodaliContextPack, CodaliGatewayClassifierOutput, CodaliGatewayPlannerOutput, CodaliGatewayRequest, CodaliGatewayResult } from "./CodaliGatewayTypes.js";
|
|
4
|
+
import { type GatewayPolicyCompilation } from "./GatewayPolicyCompiler.js";
|
|
5
|
+
import { CodaliGatewayPlanner, type CodaliGatewayPlanningResult, type CodaliGatewayPlannerOptions } from "./GatewayPlanner.js";
|
|
6
|
+
import { type CodaliGatewayRunTrace, type CodaliGatewayStore } from "./CodaliGatewayStore.js";
|
|
7
|
+
import { type CodaliGatewayReplayFixture, type CodaliGatewayReplayFixtureOptions, type CodaliGatewayTraceReadResult } from "./GatewayTraceReplay.js";
|
|
8
|
+
import { CodaliGatewayStateMachine, type CodaliGatewayStateMachineOptions, type CodaliGatewayWorkerExecutionResult, type CodaliGatewayWorkerTaskRunner } from "./GatewayStateMachine.js";
|
|
9
|
+
export interface CodaliGatewayFinalSynthesizerOptions {
|
|
10
|
+
maxTokens?: number;
|
|
11
|
+
temperature?: number;
|
|
12
|
+
retryAttempts?: number;
|
|
13
|
+
}
|
|
14
|
+
export interface CodaliGatewayOptions {
|
|
15
|
+
provider: Provider;
|
|
16
|
+
store?: CodaliGatewayStore;
|
|
17
|
+
planner?: CodaliGatewayPlanner;
|
|
18
|
+
plannerOptions?: CodaliGatewayPlannerOptions;
|
|
19
|
+
stateMachine?: CodaliGatewayStateMachine;
|
|
20
|
+
taskRunner?: CodaliGatewayWorkerTaskRunner;
|
|
21
|
+
workerOptions?: Omit<CodaliGatewayStateMachineOptions, "store" | "taskRunner">;
|
|
22
|
+
agentInventory?: unknown[];
|
|
23
|
+
agentResolution?: AgentTierResolution;
|
|
24
|
+
finalSynthesizerOptions?: CodaliGatewayFinalSynthesizerOptions;
|
|
25
|
+
}
|
|
26
|
+
export interface CodaliGatewayPlanResult {
|
|
27
|
+
runId: string;
|
|
28
|
+
policyCompilation: GatewayPolicyCompilation;
|
|
29
|
+
classifier: CodaliGatewayClassifierOutput;
|
|
30
|
+
planner: CodaliGatewayPlannerOutput;
|
|
31
|
+
planning: CodaliGatewayPlanningResult;
|
|
32
|
+
trace?: CodaliGatewayRunTrace;
|
|
33
|
+
}
|
|
34
|
+
export interface CodaliGatewayWorkerRunResult {
|
|
35
|
+
runId: string;
|
|
36
|
+
planning: CodaliGatewayPlanResult;
|
|
37
|
+
workers: CodaliGatewayWorkerExecutionResult;
|
|
38
|
+
trace?: CodaliGatewayRunTrace;
|
|
39
|
+
}
|
|
40
|
+
export interface CodaliGatewayFinalSynthesisInput {
|
|
41
|
+
runId: string;
|
|
42
|
+
request: CodaliGatewayRequest;
|
|
43
|
+
planning?: CodaliGatewayPlanResult;
|
|
44
|
+
workers?: CodaliGatewayWorkerExecutionResult;
|
|
45
|
+
contextPack?: CodaliContextPack;
|
|
46
|
+
agentResolution?: AgentTierResolution;
|
|
47
|
+
}
|
|
48
|
+
export declare const buildCodaliGatewayFinalSynthesizerMessages: (request: CodaliGatewayRequest, contextPack: CodaliContextPack) => ProviderMessage[];
|
|
49
|
+
export declare class CodaliGateway {
|
|
50
|
+
private readonly options;
|
|
51
|
+
readonly store: CodaliGatewayStore;
|
|
52
|
+
private readonly planner;
|
|
53
|
+
constructor(options: CodaliGatewayOptions);
|
|
54
|
+
readTrace(runId: string): Promise<CodaliGatewayTraceReadResult | undefined>;
|
|
55
|
+
exportReplayFixture(runId: string, options?: CodaliGatewayReplayFixtureOptions): Promise<CodaliGatewayReplayFixture | undefined>;
|
|
56
|
+
plan(request: CodaliGatewayRequest): Promise<CodaliGatewayPlanResult>;
|
|
57
|
+
executeWorkerTasks(request: CodaliGatewayRequest): Promise<CodaliGatewayWorkerRunResult>;
|
|
58
|
+
run(request: CodaliGatewayRequest): Promise<CodaliGatewayResult>;
|
|
59
|
+
synthesizeFinalAnswer(input: CodaliGatewayFinalSynthesisInput): Promise<CodaliGatewayResult>;
|
|
60
|
+
private executePlannedWorkerTasks;
|
|
61
|
+
private resolveFinalAgent;
|
|
62
|
+
private validateRequiredFinalLargeModel;
|
|
63
|
+
private buildFinalPolicyBlockedResult;
|
|
64
|
+
private buildDegradedFinalResult;
|
|
65
|
+
private buildFailedFinalResult;
|
|
66
|
+
private updateRunPreservingMetadata;
|
|
67
|
+
private resolveStateMachine;
|
|
68
|
+
}
|
|
69
|
+
export declare const createCodaliGateway: (options: CodaliGatewayOptions) => CodaliGateway;
|
|
70
|
+
export declare const runCodaliGatewayPlanning: (request: CodaliGatewayRequest, options: CodaliGatewayOptions) => Promise<CodaliGatewayPlanResult>;
|
|
71
|
+
export declare const runCodaliGatewayWorkerTasks: (request: CodaliGatewayRequest, options: CodaliGatewayOptions) => Promise<CodaliGatewayWorkerRunResult>;
|
|
72
|
+
export declare const runCodaliGateway: (request: CodaliGatewayRequest, options: CodaliGatewayOptions) => Promise<CodaliGatewayResult>;
|
|
73
|
+
//# sourceMappingURL=CodaliGateway.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"CodaliGateway.d.ts","sourceRoot":"","sources":["../../src/gateway/CodaliGateway.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EACV,QAAQ,EACR,eAAe,EAIhB,MAAM,+BAA+B,CAAC;AACvC,OAAO,EAEL,KAAK,mBAAmB,EAEzB,MAAM,wBAAwB,CAAC;AAIhC,OAAO,KAAK,EACV,iBAAiB,EAEjB,6BAA6B,EAG7B,0BAA0B,EAC1B,oBAAoB,EACpB,mBAAmB,EAMpB,MAAM,yBAAyB,CAAC;AACjC,OAAO,EAEL,KAAK,wBAAwB,EAC9B,MAAM,4BAA4B,CAAC;AACpC,OAAO,EACL,oBAAoB,EACpB,KAAK,2BAA2B,EAChC,KAAK,2BAA2B,EACjC,MAAM,qBAAqB,CAAC;AAC7B,OAAO,EAEL,KAAK,qBAAqB,EAC1B,KAAK,kBAAkB,EACxB,MAAM,yBAAyB,CAAC;AACjC,OAAO,EAKL,KAAK,0BAA0B,EAC/B,KAAK,iCAAiC,EACtC,KAAK,4BAA4B,EAClC,MAAM,yBAAyB,CAAC;AACjC,OAAO,EACL,yBAAyB,EACzB,KAAK,gCAAgC,EACrC,KAAK,kCAAkC,EACvC,KAAK,6BAA6B,EACnC,MAAM,0BAA0B,CAAC;AAGlC,MAAM,WAAW,oCAAoC;IACnD,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,aAAa,CAAC,EAAE,MAAM,CAAC;CACxB;AAED,MAAM,WAAW,oBAAoB;IACnC,QAAQ,EAAE,QAAQ,CAAC;IACnB,KAAK,CAAC,EAAE,kBAAkB,CAAC;IAC3B,OAAO,CAAC,EAAE,oBAAoB,CAAC;IAC/B,cAAc,CAAC,EAAE,2BAA2B,CAAC;IAC7C,YAAY,CAAC,EAAE,yBAAyB,CAAC;IACzC,UAAU,CAAC,EAAE,6BAA6B,CAAC;IAC3C,aAAa,CAAC,EAAE,IAAI,CAAC,gCAAgC,EAAE,OAAO,GAAG,YAAY,CAAC,CAAC;IAC/E,cAAc,CAAC,EAAE,OAAO,EAAE,CAAC;IAC3B,eAAe,CAAC,EAAE,mBAAmB,CAAC;IACtC,uBAAuB,CAAC,EAAE,oCAAoC,CAAC;CAChE;AAED,MAAM,WAAW,uBAAuB;IACtC,KAAK,EAAE,MAAM,CAAC;IACd,iBAAiB,EAAE,wBAAwB,CAAC;IAC5C,UAAU,EAAE,6BAA6B,CAAC;IAC1C,OAAO,EAAE,0BAA0B,CAAC;IACpC,QAAQ,EAAE,2BAA2B,CAAC;IACtC,KAAK,CAAC,EAAE,qBAAqB,CAAC;CAC/B;AAED,MAAM,WAAW,4BAA4B;IAC3C,KAAK,EAAE,MAAM,CAAC;IACd,QAAQ,EAAE,uBAAuB,CAAC;IAClC,OAAO,EAAE,kCAAkC,CAAC;IAC5C,KAAK,CAAC,EAAE,qBAAqB,CAAC;CAC/B;AAED,MAAM,WAAW,gCAAgC;IAC/C,KAAK,EAAE,MAAM,CAAC;IACd,OAAO,EAAE,oBAAoB,CAAC;IAC9B,QAAQ,CAAC,EAAE,uBAAuB,CAAC;IACnC,OAAO,CAAC,EAAE,kCAAkC,CAAC;IAC7C,WAAW,CAAC,EAAE,iBAAiB,CAAC;IAChC,eAAe,CAAC,EAAE,mBAAmB,CAAC;CACvC;AAqKD,eAAO,MAAM,0CAA0C,GACrD,SAAS,oBAAoB,EAC7B,aAAa,iBAAiB,KAC7B,eAAe,EA8BjB,CAAC;AAoMF,qBAAa,aAAa;IAIZ,OAAO,CAAC,QAAQ,CAAC,OAAO;IAHpC,QAAQ,CAAC,KAAK,EAAE,kBAAkB,CAAC;IACnC,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAuB;gBAElB,OAAO,EAAE,oBAAoB;IAMpD,SAAS,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,4BAA4B,GAAG,SAAS,CAAC;IAI3E,mBAAmB,CACvB,KAAK,EAAE,MAAM,EACb,OAAO,CAAC,EAAE,iCAAiC,GAC1C,OAAO,CAAC,0BAA0B,GAAG,SAAS,CAAC;IAI5C,IAAI,CAAC,OAAO,EAAE,oBAAoB,GAAG,OAAO,CAAC,uBAAuB,CAAC;IA4ErE,kBAAkB,CACtB,OAAO,EAAE,oBAAoB,GAC5B,OAAO,CAAC,4BAA4B,CAAC;IAKlC,GAAG,CAAC,OAAO,EAAE,oBAAoB,GAAG,OAAO,CAAC,mBAAmB,CAAC;IAWhE,qBAAqB,CACzB,KAAK,EAAE,gCAAgC,GACtC,OAAO,CAAC,mBAAmB,CAAC;YAgNjB,yBAAyB;IAsCvC,OAAO,CAAC,iBAAiB;IAqBzB,OAAO,CAAC,+BAA+B;YAsBzB,6BAA6B;YAyD7B,wBAAwB;YAoDxB,sBAAsB;YAqDtB,2BAA2B;IAqBzC,OAAO,CAAC,mBAAmB;CAe5B;AAED,eAAO,MAAM,mBAAmB,GAAI,SAAS,oBAAoB,KAAG,aACxC,CAAC;AAE7B,eAAO,MAAM,wBAAwB,GACnC,SAAS,oBAAoB,EAC7B,SAAS,oBAAoB,KAC5B,OAAO,CAAC,uBAAuB,CAA+C,CAAC;AAElF,eAAO,MAAM,2BAA2B,GACtC,SAAS,oBAAoB,EAC7B,SAAS,oBAAoB,KAC5B,OAAO,CAAC,4BAA4B,CACmB,CAAC;AAE3D,eAAO,MAAM,gBAAgB,GAC3B,SAAS,oBAAoB,EAC7B,SAAS,oBAAoB,KAC5B,OAAO,CAAC,mBAAmB,CAA8C,CAAC"}
|