@mneme-ai/core 2.13.1 → 2.14.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/agent_manifest.d.ts +1 -1
- package/dist/agent_manifest.d.ts.map +1 -1
- package/dist/agent_manifest.js +22 -1
- package/dist/agent_manifest.js.map +1 -1
- package/dist/bounty/bounty.test.d.ts +2 -0
- package/dist/bounty/bounty.test.d.ts.map +1 -0
- package/dist/bounty/bounty.test.js +125 -0
- package/dist/bounty/bounty.test.js.map +1 -0
- package/dist/bounty/index.d.ts +142 -0
- package/dist/bounty/index.d.ts.map +1 -0
- package/dist/bounty/index.js +180 -0
- package/dist/bounty/index.js.map +1 -0
- package/dist/cosmic/aurelian_v214.test.d.ts +9 -0
- package/dist/cosmic/aurelian_v214.test.d.ts.map +1 -0
- package/dist/cosmic/aurelian_v214.test.js +84 -0
- package/dist/cosmic/aurelian_v214.test.js.map +1 -0
- package/dist/index.d.ts +5 -0
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +6 -0
- package/dist/index.js.map +1 -1
- package/dist/infra_brain/index.d.ts +148 -0
- package/dist/infra_brain/index.d.ts.map +1 -0
- package/dist/infra_brain/index.js +243 -0
- package/dist/infra_brain/index.js.map +1 -0
- package/dist/infra_brain/infra_brain.test.d.ts +2 -0
- package/dist/infra_brain/infra_brain.test.d.ts.map +1 -0
- package/dist/infra_brain/infra_brain.test.js +154 -0
- package/dist/infra_brain/infra_brain.test.js.map +1 -0
- package/dist/kill_switch/index.d.ts +168 -0
- package/dist/kill_switch/index.d.ts.map +1 -0
- package/dist/kill_switch/index.js +285 -0
- package/dist/kill_switch/index.js.map +1 -0
- package/dist/kill_switch/kill_switch.test.d.ts +2 -0
- package/dist/kill_switch/kill_switch.test.d.ts.map +1 -0
- package/dist/kill_switch/kill_switch.test.js +154 -0
- package/dist/kill_switch/kill_switch.test.js.map +1 -0
- package/dist/project_soul/index.d.ts +123 -0
- package/dist/project_soul/index.d.ts.map +1 -0
- package/dist/project_soul/index.js +241 -0
- package/dist/project_soul/index.js.map +1 -0
- package/dist/project_soul/project_soul.test.d.ts +2 -0
- package/dist/project_soul/project_soul.test.d.ts.map +1 -0
- package/dist/project_soul/project_soul.test.js +123 -0
- package/dist/project_soul/project_soul.test.js.map +1 -0
- package/dist/replica/index.d.ts +105 -0
- package/dist/replica/index.d.ts.map +1 -0
- package/dist/replica/index.js +206 -0
- package/dist/replica/index.js.map +1 -0
- package/dist/replica/replica.test.d.ts +2 -0
- package/dist/replica/replica.test.d.ts.map +1 -0
- package/dist/replica/replica.test.js +102 -0
- package/dist/replica/replica.test.js.map +1 -0
- package/package.json +1 -1
|
@@ -0,0 +1,285 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* v2.14.0 — KILL SWITCH PROTOCOL
|
|
3
|
+
*
|
|
4
|
+
* "Three things every CISO loses sleep over:
|
|
5
|
+
* 1. AI hallucinates → costly decision → lawsuit
|
|
6
|
+
* 2. AI vendor changes pricing/TOS → migration nightmare
|
|
7
|
+
* 3. AI exfiltrates secrets/PII → data breach
|
|
8
|
+
* Mneme answers all three with one bundle."
|
|
9
|
+
*
|
|
10
|
+
* Three layered defenses, each HMAC-signed for court-admissible audit:
|
|
11
|
+
*
|
|
12
|
+
* 1. KILL SWITCH — admin-issued signed directive that, when broadcast,
|
|
13
|
+
* tells every Mneme-aware AI agent to refuse to respond. Stamped
|
|
14
|
+
* with HMAC; receivers verify before honouring (so attackers can't
|
|
15
|
+
* forge a kill).
|
|
16
|
+
*
|
|
17
|
+
* 2. AUDIT LOG — every AI interaction is recorded with HMAC chain
|
|
18
|
+
* (similar to BOUNTY's structure but broader scope: prompts,
|
|
19
|
+
* responses, file accesses, tool calls). Tamper-evident.
|
|
20
|
+
*
|
|
21
|
+
* 3. DLP (Data Leakage Prevention) — scan outbound AI prompts /
|
|
22
|
+
* responses for secrets / PII patterns BEFORE they leave the org.
|
|
23
|
+
* Block + log violations.
|
|
24
|
+
*
|
|
25
|
+
* Storage: `.mneme/compliance/` directory:
|
|
26
|
+
* - kill_switch.json — current state of the kill directive
|
|
27
|
+
* - audit.jsonl — append-only audit chain
|
|
28
|
+
* - dlp_rules.json — current rule set (org can override defaults)
|
|
29
|
+
*
|
|
30
|
+
* Composes orthogonally with existing `aegis/` (immune system) and
|
|
31
|
+
* `ai_compliance.ts` (compliance metrics) — those measure; KILL SWITCH
|
|
32
|
+
* acts.
|
|
33
|
+
*/
|
|
34
|
+
import { createHmac, timingSafeEqual, randomBytes } from "node:crypto";
|
|
35
|
+
import { readFileSync, writeFileSync, existsSync, mkdirSync, appendFileSync } from "node:fs";
|
|
36
|
+
import { join, resolve, isAbsolute } from "node:path";
|
|
37
|
+
const PROTOCOL_VERSION = 1;
|
|
38
|
+
function canon(v) {
|
|
39
|
+
if (v === null || typeof v !== "object")
|
|
40
|
+
return JSON.stringify(v);
|
|
41
|
+
if (Array.isArray(v))
|
|
42
|
+
return "[" + v.map(canon).join(",") + "]";
|
|
43
|
+
const keys = Object.keys(v).sort();
|
|
44
|
+
return "{" + keys.map((k) => JSON.stringify(k) + ":" + canon(v[k])).join(",") + "}";
|
|
45
|
+
}
|
|
46
|
+
function defaultSecret() {
|
|
47
|
+
return process.env["MNEME_COMPLIANCE_SECRET"] || `mneme-compliance-v${PROTOCOL_VERSION}`;
|
|
48
|
+
}
|
|
49
|
+
function complianceDir(repoDir) {
|
|
50
|
+
const root = repoDir ? (isAbsolute(repoDir) ? repoDir : resolve(repoDir)) : process.cwd();
|
|
51
|
+
const dir = join(root, ".mneme", "compliance");
|
|
52
|
+
if (!existsSync(dir))
|
|
53
|
+
mkdirSync(dir, { recursive: true });
|
|
54
|
+
return dir;
|
|
55
|
+
}
|
|
56
|
+
function signDirective(body, secret) {
|
|
57
|
+
return createHmac("sha256", secret).update(canon(body)).digest("hex");
|
|
58
|
+
}
|
|
59
|
+
export function issueKillSwitch(input) {
|
|
60
|
+
const dir = complianceDir(input.repoDir);
|
|
61
|
+
const noSig = {
|
|
62
|
+
v: PROTOCOL_VERSION,
|
|
63
|
+
state: input.state,
|
|
64
|
+
reason: input.reason.slice(0, 1000),
|
|
65
|
+
issuedBy: input.issuedBy,
|
|
66
|
+
issuedAt: new Date().toISOString(),
|
|
67
|
+
...(input.scopes ? { scopes: input.scopes } : {}),
|
|
68
|
+
...(input.expiresAt ? { expiresAt: input.expiresAt } : {}),
|
|
69
|
+
};
|
|
70
|
+
const directive = { ...noSig, sig: signDirective(noSig, input.secret ?? defaultSecret()) };
|
|
71
|
+
writeFileSync(join(dir, "kill_switch.json"), JSON.stringify(directive, null, 2));
|
|
72
|
+
recordAudit({
|
|
73
|
+
kind: "kill_switch",
|
|
74
|
+
actor: input.issuedBy,
|
|
75
|
+
detail: `kill switch ${input.state}: ${input.reason}`,
|
|
76
|
+
repoDir: input.repoDir,
|
|
77
|
+
secret: input.secret,
|
|
78
|
+
});
|
|
79
|
+
return directive;
|
|
80
|
+
}
|
|
81
|
+
export function readKillSwitch(opts = {}) {
|
|
82
|
+
const path = join(complianceDir(opts.repoDir), "kill_switch.json");
|
|
83
|
+
if (!existsSync(path))
|
|
84
|
+
return null;
|
|
85
|
+
try {
|
|
86
|
+
return JSON.parse(readFileSync(path, "utf8"));
|
|
87
|
+
}
|
|
88
|
+
catch {
|
|
89
|
+
return null;
|
|
90
|
+
}
|
|
91
|
+
}
|
|
92
|
+
export function verifyKillSwitch(d, secret) {
|
|
93
|
+
const { sig: claimed, ...body } = d;
|
|
94
|
+
const expected = signDirective(body, secret ?? defaultSecret());
|
|
95
|
+
try {
|
|
96
|
+
const ok = timingSafeEqual(Buffer.from(expected, "hex"), Buffer.from(claimed, "hex"));
|
|
97
|
+
return ok ? { ok: true } : { ok: false, reason: "directive sig mismatch — forged or tampered" };
|
|
98
|
+
}
|
|
99
|
+
catch {
|
|
100
|
+
return { ok: false, reason: "directive sig length invalid" };
|
|
101
|
+
}
|
|
102
|
+
}
|
|
103
|
+
/**
|
|
104
|
+
* The runtime check. Mneme-aware AI clients call this before every
|
|
105
|
+
* response. If kill switch is active (or scoped to them), they MUST
|
|
106
|
+
* refuse. Returns an instruction to embed in the refusal.
|
|
107
|
+
*/
|
|
108
|
+
export function shouldRespond(input = {}) {
|
|
109
|
+
const d = readKillSwitch({ repoDir: input.repoDir });
|
|
110
|
+
if (!d)
|
|
111
|
+
return { allowed: true };
|
|
112
|
+
// Verify before honouring (so attackers can't forge a kill).
|
|
113
|
+
const v = verifyKillSwitch(d, input.secret);
|
|
114
|
+
if (!v.ok)
|
|
115
|
+
return { allowed: true, reason: `ignoring unverified directive: ${v.reason}` };
|
|
116
|
+
// Check expiry.
|
|
117
|
+
if (d.expiresAt && new Date(d.expiresAt).getTime() < Date.now())
|
|
118
|
+
return { allowed: true };
|
|
119
|
+
if (d.state === "off")
|
|
120
|
+
return { allowed: true };
|
|
121
|
+
if (d.state === "active")
|
|
122
|
+
return { allowed: false, reason: d.reason, killDirective: d };
|
|
123
|
+
if (d.state === "scoped" && d.scopes) {
|
|
124
|
+
if (input.vendor && d.scopes.vendors?.includes(input.vendor))
|
|
125
|
+
return { allowed: false, reason: d.reason, killDirective: d };
|
|
126
|
+
if (input.tags && d.scopes.tags?.some((t) => input.tags.includes(t)))
|
|
127
|
+
return { allowed: false, reason: d.reason, killDirective: d };
|
|
128
|
+
}
|
|
129
|
+
return { allowed: true };
|
|
130
|
+
}
|
|
131
|
+
function auditPath(repoDir) {
|
|
132
|
+
return join(complianceDir(repoDir), "audit.jsonl");
|
|
133
|
+
}
|
|
134
|
+
function readAudit(repoDir) {
|
|
135
|
+
const p = auditPath(repoDir);
|
|
136
|
+
if (!existsSync(p))
|
|
137
|
+
return [];
|
|
138
|
+
const lines = readFileSync(p, "utf8").split(/\r?\n/).filter((l) => l.trim().length > 0);
|
|
139
|
+
const out = [];
|
|
140
|
+
for (const l of lines) {
|
|
141
|
+
try {
|
|
142
|
+
out.push(JSON.parse(l));
|
|
143
|
+
}
|
|
144
|
+
catch { }
|
|
145
|
+
}
|
|
146
|
+
return out;
|
|
147
|
+
}
|
|
148
|
+
function lastChain(repoDir) {
|
|
149
|
+
const all = readAudit(repoDir);
|
|
150
|
+
return all.length === 0 ? "" : all[all.length - 1].chainSig;
|
|
151
|
+
}
|
|
152
|
+
export function recordAudit(input) {
|
|
153
|
+
const prev = lastChain(input.repoDir);
|
|
154
|
+
const noSig = {
|
|
155
|
+
v: PROTOCOL_VERSION,
|
|
156
|
+
id: "a-" + randomBytes(6).toString("hex"),
|
|
157
|
+
ts: new Date().toISOString(),
|
|
158
|
+
kind: input.kind,
|
|
159
|
+
actor: input.actor,
|
|
160
|
+
detail: input.detail.slice(0, 2000),
|
|
161
|
+
...(input.meta ? { meta: input.meta } : {}),
|
|
162
|
+
};
|
|
163
|
+
const sig = createHmac("sha256", input.secret ?? defaultSecret())
|
|
164
|
+
.update(prev + canon(noSig)).digest("hex");
|
|
165
|
+
const entry = { ...noSig, chainSig: sig };
|
|
166
|
+
appendFileSync(auditPath(input.repoDir), JSON.stringify(entry) + "\n");
|
|
167
|
+
return entry;
|
|
168
|
+
}
|
|
169
|
+
export function verifyAuditChain(opts = {}) {
|
|
170
|
+
const all = readAudit(opts.repoDir);
|
|
171
|
+
const sec = opts.secret ?? defaultSecret();
|
|
172
|
+
let prev = "";
|
|
173
|
+
for (let i = 0; i < all.length; i++) {
|
|
174
|
+
const { chainSig: claimed, ...body } = all[i];
|
|
175
|
+
const expected = createHmac("sha256", sec).update(prev + canon(body)).digest("hex");
|
|
176
|
+
if (expected !== claimed)
|
|
177
|
+
return { ok: false, total: all.length, brokenIndex: i, brokenReason: `chainSig mismatch at ${i}` };
|
|
178
|
+
prev = claimed;
|
|
179
|
+
}
|
|
180
|
+
return { ok: true, total: all.length, brokenIndex: -1 };
|
|
181
|
+
}
|
|
182
|
+
/** Export the audit log for compliance reporting (CISO weekly etc). */
|
|
183
|
+
export function exportAuditReport(opts = {}) {
|
|
184
|
+
const all = readAudit(opts.repoDir);
|
|
185
|
+
const since = opts.since ? new Date(opts.since).getTime() : 0;
|
|
186
|
+
const filtered = all.filter((e) => new Date(e.ts).getTime() >= since);
|
|
187
|
+
const byKind = {};
|
|
188
|
+
const byActor = {};
|
|
189
|
+
for (const e of filtered) {
|
|
190
|
+
byKind[e.kind] = (byKind[e.kind] ?? 0) + 1;
|
|
191
|
+
byActor[e.actor] = (byActor[e.actor] ?? 0) + 1;
|
|
192
|
+
}
|
|
193
|
+
const chain = verifyAuditChain({ repoDir: opts.repoDir });
|
|
194
|
+
return {
|
|
195
|
+
entries: filtered,
|
|
196
|
+
total: filtered.length,
|
|
197
|
+
byKind, byActor,
|
|
198
|
+
generatedAt: new Date().toISOString(),
|
|
199
|
+
chainOk: chain.ok,
|
|
200
|
+
};
|
|
201
|
+
}
|
|
202
|
+
const BUILTIN_RULES = [
|
|
203
|
+
{ id: "aws-access-key", pattern: "AKIA[0-9A-Z]{16}", flags: "g", severity: "block", category: "secret", description: "AWS Access Key ID" },
|
|
204
|
+
{ id: "aws-secret-key", pattern: "(?<![A-Za-z0-9])[A-Za-z0-9/+=]{40}(?![A-Za-z0-9])", flags: "g", severity: "warn", category: "secret", description: "AWS Secret Access Key (heuristic; high FP rate)" },
|
|
205
|
+
{ id: "github-pat", pattern: "ghp_[A-Za-z0-9]{36,}", flags: "g", severity: "block", category: "credential", description: "GitHub PAT" },
|
|
206
|
+
{ id: "openai-key", pattern: "sk-[A-Za-z0-9]{20,}", flags: "g", severity: "block", category: "credential", description: "OpenAI / Anthropic / generic sk- API key" },
|
|
207
|
+
{ id: "private-key", pattern: "-----BEGIN (?:RSA |EC |DSA |OPENSSH |PGP )?PRIVATE KEY-----", flags: "g", severity: "block", category: "secret", description: "PEM private key block" },
|
|
208
|
+
{ id: "jwt", pattern: "eyJ[A-Za-z0-9_-]+\\.eyJ[A-Za-z0-9_-]+\\.[A-Za-z0-9_-]+", flags: "g", severity: "warn", category: "credential", description: "JWT (base64 3-part)" },
|
|
209
|
+
{ id: "email", pattern: "[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\\.[A-Za-z]{2,}", flags: "g", severity: "warn", category: "pii", description: "email address" },
|
|
210
|
+
{ id: "credit-card", pattern: "\\b(?:\\d[ -]?){13,19}\\b", flags: "g", severity: "block", category: "pii", description: "credit card number (Luhn not checked here)" },
|
|
211
|
+
{ id: "thai-id", pattern: "\\b\\d{1}[ -]?\\d{4}[ -]?\\d{5}[ -]?\\d{2}[ -]?\\d{1}\\b", flags: "g", severity: "block", category: "pii", description: "Thai national ID number" },
|
|
212
|
+
];
|
|
213
|
+
export function loadDlpRules(opts = {}) {
|
|
214
|
+
const root = opts.repoDir ? resolveOrCwd(opts.repoDir) : process.cwd();
|
|
215
|
+
const path = join(root, ".mneme", "compliance", "dlp_rules.json");
|
|
216
|
+
if (existsSync(path)) {
|
|
217
|
+
try {
|
|
218
|
+
const custom = JSON.parse(readFileSync(path, "utf8"));
|
|
219
|
+
return [...BUILTIN_RULES, ...(custom.rules ?? [])];
|
|
220
|
+
}
|
|
221
|
+
catch { /* fall through to builtin only */ }
|
|
222
|
+
}
|
|
223
|
+
return [...BUILTIN_RULES];
|
|
224
|
+
}
|
|
225
|
+
function resolveOrCwd(p) {
|
|
226
|
+
return isAbsolute(p) ? p : resolve(p);
|
|
227
|
+
}
|
|
228
|
+
/**
|
|
229
|
+
* Scan a string for DLP violations. Returns hits + verdict. Calls
|
|
230
|
+
* recordAudit("dlp_block") when blocking — court-admissible trace.
|
|
231
|
+
*/
|
|
232
|
+
export function dlpScan(text, opts = {}) {
|
|
233
|
+
const rules = loadDlpRules(opts);
|
|
234
|
+
const hits = [];
|
|
235
|
+
for (const rule of rules) {
|
|
236
|
+
try {
|
|
237
|
+
const re = new RegExp(rule.pattern, rule.flags ?? "");
|
|
238
|
+
const matches = text.match(re);
|
|
239
|
+
if (matches) {
|
|
240
|
+
for (const m of matches.slice(0, 5)) {
|
|
241
|
+
hits.push({
|
|
242
|
+
ruleId: rule.id,
|
|
243
|
+
category: rule.category,
|
|
244
|
+
severity: rule.severity,
|
|
245
|
+
match: m.length > 60 ? m.slice(0, 30) + "…" + m.slice(-20) : m,
|
|
246
|
+
description: rule.description,
|
|
247
|
+
});
|
|
248
|
+
}
|
|
249
|
+
}
|
|
250
|
+
}
|
|
251
|
+
catch { /* malformed user rule — skip */ }
|
|
252
|
+
}
|
|
253
|
+
let worst = "none";
|
|
254
|
+
for (const h of hits) {
|
|
255
|
+
if (h.severity === "block") {
|
|
256
|
+
worst = "block";
|
|
257
|
+
break;
|
|
258
|
+
}
|
|
259
|
+
if (h.severity === "warn")
|
|
260
|
+
worst = "warn";
|
|
261
|
+
}
|
|
262
|
+
const blocked = worst === "block";
|
|
263
|
+
const signedAt = new Date().toISOString();
|
|
264
|
+
const body = { hits: hits.length, worst, blocked, scanned: text.length, signedAt };
|
|
265
|
+
const sig = createHmac("sha256", opts.secret ?? defaultSecret()).update(canon(body)).digest("hex");
|
|
266
|
+
if (blocked) {
|
|
267
|
+
recordAudit({
|
|
268
|
+
kind: "dlp_block",
|
|
269
|
+
actor: opts.actor ?? "unknown",
|
|
270
|
+
detail: `DLP blocked: ${hits.filter((h) => h.severity === "block").map((h) => h.ruleId).join(",")}`,
|
|
271
|
+
meta: { hitCount: hits.length },
|
|
272
|
+
repoDir: opts.repoDir,
|
|
273
|
+
secret: opts.secret,
|
|
274
|
+
});
|
|
275
|
+
}
|
|
276
|
+
return { hits, worstSeverity: worst, blocked, scanned: text.length, signedAt, sig };
|
|
277
|
+
}
|
|
278
|
+
/** One-line pulse summary. */
|
|
279
|
+
export function formatCompliancePulse(opts = {}) {
|
|
280
|
+
const k = readKillSwitch(opts);
|
|
281
|
+
const audit = readAudit(opts.repoDir);
|
|
282
|
+
const killTag = k ? `kill=${k.state}` : "kill=off";
|
|
283
|
+
return `COMPLIANCE · ${killTag} · audit=${audit.length}`;
|
|
284
|
+
}
|
|
285
|
+
//# sourceMappingURL=index.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/kill_switch/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAgCG;AAEH,OAAO,EAAE,UAAU,EAAE,eAAe,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AACvE,OAAO,EAAE,YAAY,EAAE,aAAa,EAAE,UAAU,EAAE,SAAS,EAAE,cAAc,EAAE,MAAM,SAAS,CAAC;AAC7F,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,UAAU,EAAE,MAAM,WAAW,CAAC;AAEtD,MAAM,gBAAgB,GAAG,CAAU,CAAC;AA0BpC,SAAS,KAAK,CAAC,CAAU;IACvB,IAAI,CAAC,KAAK,IAAI,IAAI,OAAO,CAAC,KAAK,QAAQ;QAAE,OAAO,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC;IAClE,IAAI,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC;QAAE,OAAO,GAAG,GAAG,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,GAAG,CAAC;IAChE,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC,CAA4B,CAAC,CAAC,IAAI,EAAE,CAAC;IAC9D,OAAO,GAAG,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,GAAG,GAAG,GAAG,KAAK,CAAE,CAA6B,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,GAAG,CAAC;AACnH,CAAC;AAED,SAAS,aAAa;IACpB,OAAO,OAAO,CAAC,GAAG,CAAC,yBAAyB,CAAC,IAAI,qBAAqB,gBAAgB,EAAE,CAAC;AAC3F,CAAC;AAED,SAAS,aAAa,CAAC,OAAgB;IACrC,MAAM,IAAI,GAAG,OAAO,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,GAAG,EAAE,CAAC;IAC1F,MAAM,GAAG,GAAG,IAAI,CAAC,IAAI,EAAE,QAAQ,EAAE,YAAY,CAAC,CAAC;IAC/C,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC;QAAE,SAAS,CAAC,GAAG,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IAC1D,OAAO,GAAG,CAAC;AACb,CAAC;AAED,SAAS,aAAa,CAAC,IAAsC,EAAE,MAAc;IAC3E,OAAO,UAAU,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;AACxE,CAAC;AAYD,MAAM,UAAU,eAAe,CAAC,KAAqB;IACnD,MAAM,GAAG,GAAG,aAAa,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;IACzC,MAAM,KAAK,GAAqC;QAC9C,CAAC,EAAE,gBAAgB;QACnB,KAAK,EAAE,KAAK,CAAC,KAAK;QAClB,MAAM,EAAE,KAAK,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,IAAI,CAAC;QACnC,QAAQ,EAAE,KAAK,CAAC,QAAQ;QACxB,QAAQ,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;QAClC,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,MAAM,EAAE,KAAK,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QACjD,GAAG,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC,CAAC,EAAE,SAAS,EAAE,KAAK,CAAC,SAAS,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;KAC3D,CAAC;IACF,MAAM,SAAS,GAAwB,EAAE,GAAG,KAAK,EAAE,GAAG,EAAE,aAAa,CAAC,KAAK,EAAE,KAAK,CAAC,MAAM,IAAI,aAAa,EAAE,CAAC,EAAE,CAAC;IAChH,aAAa,CAAC,IAAI,CAAC,GAAG,EAAE,kBAAkB,CAAC,EAAE,IAAI,CAAC,SAAS,CAAC,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;IACjF,WAAW,CAAC;QACV,IAAI,EAAE,aAAa;QACnB,KAAK,EAAE,KAAK,CAAC,QAAQ;QACrB,MAAM,EAAE,eAAe,KAAK,CAAC,KAAK,KAAK,KAAK,CAAC,MAAM,EAAE;QACrD,OAAO,EAAE,KAAK,CAAC,OAAO;QACtB,MAAM,EAAE,KAAK,CAAC,MAAM;KACrB,CAAC,CAAC;IACH,OAAO,SAAS,CAAC;AACnB,CAAC;AAED,MAAM,UAAU,cAAc,CAAC,OAA6B,EAAE;IAC5D,MAAM,IAAI,GAAG,IAAI,CAAC,aAAa,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,kBAAkB,CAAC,CAAC;IACnE,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC;QAAE,OAAO,IAAI,CAAC;IACnC,IAAI,CAAC;QAAC,OAAO,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,IAAI,EAAE,MAAM,CAAC,CAAwB,CAAC;IAAC,CAAC;IAAC,MAAM,CAAC;QAAC,OAAO,IAAI,CAAC;IAAC,CAAC;AACtG,CAAC;AAED,MAAM,UAAU,gBAAgB,CAAC,CAAsB,EAAE,MAAe;IACtE,MAAM,EAAE,GAAG,EAAE,OAAO,EAAE,GAAG,IAAI,EAAE,GAAG,CAA0C,CAAC;IAC7E,MAAM,QAAQ,GAAG,aAAa,CAAC,IAAI,EAAE,MAAM,IAAI,aAAa,EAAE,CAAC,CAAC;IAChE,IAAI,CAAC;QACH,MAAM,EAAE,GAAG,eAAe,CAAC,MAAM,CAAC,IAAI,CAAC,QAAQ,EAAE,KAAK,CAAC,EAAE,MAAM,CAAC,IAAI,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC,CAAC;QACtF,OAAO,EAAE,CAAC,CAAC,CAAC,EAAE,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,6CAA6C,EAAE,CAAC;IAClG,CAAC;IAAC,MAAM,CAAC;QAAC,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,8BAA8B,EAAE,CAAC;IAAC,CAAC;AAC3E,CAAC;AASD;;;;GAIG;AACH,MAAM,UAAU,aAAa,CAAC,QAA4B,EAAE;IAK1D,MAAM,CAAC,GAAG,cAAc,CAAC,EAAE,OAAO,EAAE,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC;IACrD,IAAI,CAAC,CAAC;QAAE,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;IACjC,6DAA6D;IAC7D,MAAM,CAAC,GAAG,gBAAgB,CAAC,CAAC,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC;IAC5C,IAAI,CAAC,CAAC,CAAC,EAAE;QAAE,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,kCAAkC,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC;IAC1F,gBAAgB;IAChB,IAAI,CAAC,CAAC,SAAS,IAAI,IAAI,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,OAAO,EAAE,GAAG,IAAI,CAAC,GAAG,EAAE;QAAE,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;IAC1F,IAAI,CAAC,CAAC,KAAK,KAAK,KAAK;QAAE,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;IAChD,IAAI,CAAC,CAAC,KAAK,KAAK,QAAQ;QAAE,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE,aAAa,EAAE,CAAC,EAAE,CAAC;IACxF,IAAI,CAAC,CAAC,KAAK,KAAK,QAAQ,IAAI,CAAC,CAAC,MAAM,EAAE,CAAC;QACrC,IAAI,KAAK,CAAC,MAAM,IAAI,CAAC,CAAC,MAAM,CAAC,OAAO,EAAE,QAAQ,CAAC,KAAK,CAAC,MAAM,CAAC;YAAE,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE,aAAa,EAAE,CAAC,EAAE,CAAC;QAC5H,IAAI,KAAK,CAAC,IAAI,IAAI,CAAC,CAAC,MAAM,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,KAAK,CAAC,IAAK,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC;YAAE,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE,aAAa,EAAE,CAAC,EAAE,CAAC;IACvI,CAAC;IACD,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;AAC3B,CAAC;AAmBD,SAAS,SAAS,CAAC,OAAgB;IACjC,OAAO,IAAI,CAAC,aAAa,CAAC,OAAO,CAAC,EAAE,aAAa,CAAC,CAAC;AACrD,CAAC;AAED,SAAS,SAAS,CAAC,OAAgB;IACjC,MAAM,CAAC,GAAG,SAAS,CAAC,OAAO,CAAC,CAAC;IAC7B,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC;QAAE,OAAO,EAAE,CAAC;IAC9B,MAAM,KAAK,GAAG,YAAY,CAAC,CAAC,EAAE,MAAM,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;IACxF,MAAM,GAAG,GAAiB,EAAE,CAAC;IAC7B,KAAK,MAAM,CAAC,IAAI,KAAK,EAAE,CAAC;QAAC,IAAI,CAAC;YAAC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;QAAC,CAAC;QAAC,MAAM,CAAC,CAAA,CAAC;IAAC,CAAC;IACpE,OAAO,GAAG,CAAC;AACb,CAAC;AAED,SAAS,SAAS,CAAC,OAAgB;IACjC,MAAM,GAAG,GAAG,SAAS,CAAC,OAAO,CAAC,CAAC;IAC/B,OAAO,GAAG,CAAC,MAAM,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,MAAM,GAAG,CAAC,CAAE,CAAC,QAAQ,CAAC;AAC/D,CAAC;AAWD,MAAM,UAAU,WAAW,CAAC,KAAuB;IACjD,MAAM,IAAI,GAAG,SAAS,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;IACtC,MAAM,KAAK,GAAiC;QAC1C,CAAC,EAAE,gBAAgB;QACnB,EAAE,EAAE,IAAI,GAAG,WAAW,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC;QACzC,EAAE,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;QAC5B,IAAI,EAAE,KAAK,CAAC,IAAI;QAChB,KAAK,EAAE,KAAK,CAAC,KAAK;QAClB,MAAM,EAAE,KAAK,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,IAAI,CAAC;QACnC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;KAC5C,CAAC;IACF,MAAM,GAAG,GAAG,UAAU,CAAC,QAAQ,EAAE,KAAK,CAAC,MAAM,IAAI,aAAa,EAAE,CAAC;SAC9D,MAAM,CAAC,IAAI,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IAC7C,MAAM,KAAK,GAAe,EAAE,GAAG,KAAK,EAAE,QAAQ,EAAE,GAAG,EAAE,CAAC;IACtD,cAAc,CAAC,SAAS,CAAC,KAAK,CAAC,OAAO,CAAC,EAAE,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,GAAG,IAAI,CAAC,CAAC;IACvE,OAAO,KAAK,CAAC;AACf,CAAC;AAED,MAAM,UAAU,gBAAgB,CAAC,OAA8C,EAAE;IAG/E,MAAM,GAAG,GAAG,SAAS,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IACpC,MAAM,GAAG,GAAG,IAAI,CAAC,MAAM,IAAI,aAAa,EAAE,CAAC;IAC3C,IAAI,IAAI,GAAG,EAAE,CAAC;IACd,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,GAAG,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACpC,MAAM,EAAE,QAAQ,EAAE,OAAO,EAAE,GAAG,IAAI,EAAE,GAAG,GAAG,CAAC,CAAC,CAAsC,CAAC;QACnF,MAAM,QAAQ,GAAG,UAAU,CAAC,QAAQ,EAAE,GAAG,CAAC,CAAC,MAAM,CAAC,IAAI,GAAG,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QACpF,IAAI,QAAQ,KAAK,OAAO;YAAE,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,GAAG,CAAC,MAAM,EAAE,WAAW,EAAE,CAAC,EAAE,YAAY,EAAE,wBAAwB,CAAC,EAAE,EAAE,CAAC;QAC7H,IAAI,GAAG,OAAO,CAAC;IACjB,CAAC;IACD,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,GAAG,CAAC,MAAM,EAAE,WAAW,EAAE,CAAC,CAAC,EAAE,CAAC;AAC1D,CAAC;AAED,uEAAuE;AACvE,MAAM,UAAU,iBAAiB,CAAC,OAA6C,EAAE;IAQ/E,MAAM,GAAG,GAAG,SAAS,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IACpC,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC;IAC9D,MAAM,QAAQ,GAAG,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,OAAO,EAAE,IAAI,KAAK,CAAC,CAAC;IACtE,MAAM,MAAM,GAA2B,EAAE,CAAC;IAC1C,MAAM,OAAO,GAA2B,EAAE,CAAC;IAC3C,KAAK,MAAM,CAAC,IAAI,QAAQ,EAAE,CAAC;QACzB,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC;QAC3C,OAAO,CAAC,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC;IACjD,CAAC;IACD,MAAM,KAAK,GAAG,gBAAgB,CAAC,EAAE,OAAO,EAAE,IAAI,CAAC,OAAO,EAAE,CAAC,CAAC;IAC1D,OAAO;QACL,OAAO,EAAE,QAAQ;QACjB,KAAK,EAAE,QAAQ,CAAC,MAAM;QACtB,MAAM,EAAE,OAAO;QACf,WAAW,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;QACrC,OAAO,EAAE,KAAK,CAAC,EAAE;KAClB,CAAC;AACJ,CAAC;AAeD,MAAM,aAAa,GAAc;IAC/B,EAAE,EAAE,EAAE,gBAAgB,EAAE,OAAO,EAAE,kBAAkB,EAAE,KAAK,EAAE,GAAG,EAAE,QAAQ,EAAE,OAAO,EAAE,QAAQ,EAAE,QAAQ,EAAE,WAAW,EAAE,mBAAmB,EAAE;IAC1I,EAAE,EAAE,EAAE,gBAAgB,EAAE,OAAO,EAAE,mDAAmD,EAAE,KAAK,EAAE,GAAG,EAAE,QAAQ,EAAE,MAAM,EAAE,QAAQ,EAAE,QAAQ,EAAE,WAAW,EAAE,iDAAiD,EAAE;IACxM,EAAE,EAAE,EAAE,YAAY,EAAE,OAAO,EAAE,sBAAsB,EAAE,KAAK,EAAE,GAAG,EAAE,QAAQ,EAAE,OAAO,EAAE,QAAQ,EAAE,YAAY,EAAE,WAAW,EAAE,YAAY,EAAE;IACvI,EAAE,EAAE,EAAE,YAAY,EAAE,OAAO,EAAE,qBAAqB,EAAE,KAAK,EAAE,GAAG,EAAE,QAAQ,EAAE,OAAO,EAAE,QAAQ,EAAE,YAAY,EAAE,WAAW,EAAE,0CAA0C,EAAE;IACpK,EAAE,EAAE,EAAE,aAAa,EAAE,OAAO,EAAE,6DAA6D,EAAE,KAAK,EAAE,GAAG,EAAE,QAAQ,EAAE,OAAO,EAAE,QAAQ,EAAE,QAAQ,EAAE,WAAW,EAAE,uBAAuB,EAAE;IACtL,EAAE,EAAE,EAAE,KAAK,EAAE,OAAO,EAAE,wDAAwD,EAAE,KAAK,EAAE,GAAG,EAAE,QAAQ,EAAE,MAAM,EAAE,QAAQ,EAAE,YAAY,EAAE,WAAW,EAAE,qBAAqB,EAAE;IAC1K,EAAE,EAAE,EAAE,OAAO,EAAE,OAAO,EAAE,iDAAiD,EAAE,KAAK,EAAE,GAAG,EAAE,QAAQ,EAAE,MAAM,EAAE,QAAQ,EAAE,KAAK,EAAE,WAAW,EAAE,eAAe,EAAE;IACxJ,EAAE,EAAE,EAAE,aAAa,EAAE,OAAO,EAAE,2BAA2B,EAAE,KAAK,EAAE,GAAG,EAAE,QAAQ,EAAE,OAAO,EAAE,QAAQ,EAAE,KAAK,EAAE,WAAW,EAAE,4CAA4C,EAAE;IACtK,EAAE,EAAE,EAAE,SAAS,EAAE,OAAO,EAAE,0DAA0D,EAAE,KAAK,EAAE,GAAG,EAAE,QAAQ,EAAE,OAAO,EAAE,QAAQ,EAAE,KAAK,EAAE,WAAW,EAAE,yBAAyB,EAAE;CAC/K,CAAC;AAWF,MAAM,UAAU,YAAY,CAAC,OAA6B,EAAE;IAC1D,MAAM,IAAI,GAAG,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,YAAY,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,GAAG,EAAE,CAAC;IACvE,MAAM,IAAI,GAAG,IAAI,CAAC,IAAI,EAAE,QAAQ,EAAE,YAAY,EAAE,gBAAgB,CAAC,CAAC;IAClE,IAAI,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC;QACrB,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,IAAI,EAAE,MAAM,CAAC,CAAyB,CAAC;YAC9E,OAAO,CAAC,GAAG,aAAa,EAAE,GAAG,CAAC,MAAM,CAAC,KAAK,IAAI,EAAE,CAAC,CAAC,CAAC;QACrD,CAAC;QAAC,MAAM,CAAC,CAAC,kCAAkC,CAAC,CAAC;IAChD,CAAC;IACD,OAAO,CAAC,GAAG,aAAa,CAAC,CAAC;AAC5B,CAAC;AAED,SAAS,YAAY,CAAC,CAAS;IAC7B,OAAO,UAAU,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC;AACxC,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,OAAO,CAAC,IAAY,EAAE,OAA8D,EAAE;IACpG,MAAM,KAAK,GAAG,YAAY,CAAC,IAAI,CAAC,CAAC;IACjC,MAAM,IAAI,GAA0B,EAAE,CAAC;IACvC,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,IAAI,CAAC;YACH,MAAM,EAAE,GAAG,IAAI,MAAM,CAAC,IAAI,CAAC,OAAO,EAAE,IAAI,CAAC,KAAK,IAAI,EAAE,CAAC,CAAC;YACtD,MAAM,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;YAC/B,IAAI,OAAO,EAAE,CAAC;gBACZ,KAAK,MAAM,CAAC,IAAI,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,CAAC;oBACpC,IAAI,CAAC,IAAI,CAAC;wBACR,MAAM,EAAE,IAAI,CAAC,EAAE;wBACf,QAAQ,EAAE,IAAI,CAAC,QAAQ;wBACvB,QAAQ,EAAE,IAAI,CAAC,QAAQ;wBACvB,KAAK,EAAE,CAAC,CAAC,MAAM,GAAG,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,GAAG,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC;wBAC9D,WAAW,EAAE,IAAI,CAAC,WAAW;qBAC9B,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;QACH,CAAC;QAAC,MAAM,CAAC,CAAC,gCAAgC,CAAC,CAAC;IAC9C,CAAC;IACD,IAAI,KAAK,GAAmC,MAAM,CAAC;IACnD,KAAK,MAAM,CAAC,IAAI,IAAI,EAAE,CAAC;QACrB,IAAI,CAAC,CAAC,QAAQ,KAAK,OAAO,EAAE,CAAC;YAAC,KAAK,GAAG,OAAO,CAAC;YAAC,MAAM;QAAC,CAAC;QACvD,IAAI,CAAC,CAAC,QAAQ,KAAK,MAAM;YAAE,KAAK,GAAG,MAAM,CAAC;IAC5C,CAAC;IACD,MAAM,OAAO,GAAG,KAAK,KAAK,OAAO,CAAC;IAClC,MAAM,QAAQ,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;IAC1C,MAAM,IAAI,GAAG,EAAE,IAAI,EAAE,IAAI,CAAC,MAAM,EAAE,KAAK,EAAE,OAAO,EAAE,OAAO,EAAE,IAAI,CAAC,MAAM,EAAE,QAAQ,EAAE,CAAC;IACnF,MAAM,GAAG,GAAG,UAAU,CAAC,QAAQ,EAAE,IAAI,CAAC,MAAM,IAAI,aAAa,EAAE,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IACnG,IAAI,OAAO,EAAE,CAAC;QACZ,WAAW,CAAC;YACV,IAAI,EAAE,WAAW;YACjB,KAAK,EAAE,IAAI,CAAC,KAAK,IAAI,SAAS;YAC9B,MAAM,EAAE,gBAAgB,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,OAAO,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE;YACnG,IAAI,EAAE,EAAE,QAAQ,EAAE,IAAI,CAAC,MAAM,EAAE;YAC/B,OAAO,EAAE,IAAI,CAAC,OAAO;YACrB,MAAM,EAAE,IAAI,CAAC,MAAM;SACpB,CAAC,CAAC;IACL,CAAC;IACD,OAAO,EAAE,IAAI,EAAE,aAAa,EAAE,KAAK,EAAE,OAAO,EAAE,OAAO,EAAE,IAAI,CAAC,MAAM,EAAE,QAAQ,EAAE,GAAG,EAAE,CAAC;AACtF,CAAC;AAED,8BAA8B;AAC9B,MAAM,UAAU,qBAAqB,CAAC,OAA6B,EAAE;IACnE,MAAM,CAAC,GAAG,cAAc,CAAC,IAAI,CAAC,CAAC;IAC/B,MAAM,KAAK,GAAG,SAAS,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IACtC,MAAM,OAAO,GAAG,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC,UAAU,CAAC;IACnD,OAAO,gBAAgB,OAAO,YAAY,KAAK,CAAC,MAAM,EAAE,CAAC;AAC3D,CAAC"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"kill_switch.test.d.ts","sourceRoot":"","sources":["../../src/kill_switch/kill_switch.test.ts"],"names":[],"mappings":""}
|
|
@@ -0,0 +1,154 @@
|
|
|
1
|
+
import { describe, it, expect, beforeEach, afterEach } from "vitest";
|
|
2
|
+
import { mkdtempSync, rmSync, readFileSync, writeFileSync } from "node:fs";
|
|
3
|
+
import { tmpdir } from "node:os";
|
|
4
|
+
import { join } from "node:path";
|
|
5
|
+
import { issueKillSwitch, readKillSwitch, verifyKillSwitch, shouldRespond, recordAudit, verifyAuditChain, exportAuditReport, dlpScan, loadDlpRules, formatCompliancePulse, } from "./index.js";
|
|
6
|
+
describe("v2.14 · KILL SWITCH PROTOCOL", () => {
|
|
7
|
+
let dir;
|
|
8
|
+
beforeEach(() => { dir = mkdtempSync(join(tmpdir(), "ks-")); });
|
|
9
|
+
afterEach(() => { try {
|
|
10
|
+
rmSync(dir, { recursive: true, force: true });
|
|
11
|
+
}
|
|
12
|
+
catch { } });
|
|
13
|
+
describe("kill switch", () => {
|
|
14
|
+
it("issue and read round-trip", () => {
|
|
15
|
+
const d = issueKillSwitch({ state: "active", reason: "incident response", issuedBy: "ciso@x.com", repoDir: dir });
|
|
16
|
+
expect(d.state).toBe("active");
|
|
17
|
+
expect(d.sig).toMatch(/^[0-9a-f]{64}$/);
|
|
18
|
+
const r = readKillSwitch({ repoDir: dir });
|
|
19
|
+
expect(r?.sig).toBe(d.sig);
|
|
20
|
+
});
|
|
21
|
+
it("verifyKillSwitch passes for un-tampered directive", () => {
|
|
22
|
+
const d = issueKillSwitch({ state: "active", reason: "test", issuedBy: "x", repoDir: dir });
|
|
23
|
+
expect(verifyKillSwitch(d).ok).toBe(true);
|
|
24
|
+
});
|
|
25
|
+
it("verifyKillSwitch fails on tamper", () => {
|
|
26
|
+
const d = issueKillSwitch({ state: "active", reason: "test", issuedBy: "x", repoDir: dir });
|
|
27
|
+
const tampered = { ...d, reason: "TAMPERED" };
|
|
28
|
+
expect(verifyKillSwitch(tampered).ok).toBe(false);
|
|
29
|
+
});
|
|
30
|
+
it("shouldRespond: no directive → allowed", () => {
|
|
31
|
+
const r = shouldRespond({ repoDir: dir });
|
|
32
|
+
expect(r.allowed).toBe(true);
|
|
33
|
+
});
|
|
34
|
+
it("shouldRespond: active kill → not allowed", () => {
|
|
35
|
+
issueKillSwitch({ state: "active", reason: "test", issuedBy: "x", repoDir: dir });
|
|
36
|
+
const r = shouldRespond({ repoDir: dir });
|
|
37
|
+
expect(r.allowed).toBe(false);
|
|
38
|
+
});
|
|
39
|
+
it("shouldRespond: scoped kill respects vendor scope", () => {
|
|
40
|
+
issueKillSwitch({ state: "scoped", reason: "test", issuedBy: "x", scopes: { vendors: ["chatgpt"] }, repoDir: dir });
|
|
41
|
+
expect(shouldRespond({ vendor: "chatgpt", repoDir: dir }).allowed).toBe(false);
|
|
42
|
+
expect(shouldRespond({ vendor: "claude", repoDir: dir }).allowed).toBe(true);
|
|
43
|
+
});
|
|
44
|
+
it("shouldRespond: expired kill → allowed again", () => {
|
|
45
|
+
const past = new Date(Date.now() - 1000).toISOString();
|
|
46
|
+
issueKillSwitch({ state: "active", reason: "test", issuedBy: "x", expiresAt: past, repoDir: dir });
|
|
47
|
+
expect(shouldRespond({ repoDir: dir }).allowed).toBe(true);
|
|
48
|
+
});
|
|
49
|
+
it("shouldRespond: tampered directive is ignored (forge protection)", () => {
|
|
50
|
+
issueKillSwitch({ state: "active", reason: "test", issuedBy: "x", repoDir: dir });
|
|
51
|
+
// Tamper file directly
|
|
52
|
+
const path = join(dir, ".mneme", "compliance", "kill_switch.json");
|
|
53
|
+
const cur = JSON.parse(readFileSync(path, "utf8"));
|
|
54
|
+
cur.reason = "FORGED kill";
|
|
55
|
+
writeFileSync(path, JSON.stringify(cur));
|
|
56
|
+
const r = shouldRespond({ repoDir: dir });
|
|
57
|
+
expect(r.allowed).toBe(true);
|
|
58
|
+
expect(r.reason).toContain("ignoring unverified");
|
|
59
|
+
});
|
|
60
|
+
it("issueKillSwitch records an audit entry", () => {
|
|
61
|
+
issueKillSwitch({ state: "active", reason: "incident", issuedBy: "ciso@x.com", repoDir: dir });
|
|
62
|
+
const report = exportAuditReport({ repoDir: dir });
|
|
63
|
+
expect(report.entries.some((e) => e.kind === "kill_switch")).toBe(true);
|
|
64
|
+
});
|
|
65
|
+
});
|
|
66
|
+
describe("audit log", () => {
|
|
67
|
+
it("recordAudit appends signed entries", () => {
|
|
68
|
+
const a = recordAudit({ kind: "prompt", actor: "claude", detail: "user asked X", repoDir: dir });
|
|
69
|
+
expect(a.id).toMatch(/^a-/);
|
|
70
|
+
expect(a.chainSig).toMatch(/^[0-9a-f]{64}$/);
|
|
71
|
+
});
|
|
72
|
+
it("verifyAuditChain ok on clean log", () => {
|
|
73
|
+
recordAudit({ kind: "prompt", actor: "claude", detail: "x", repoDir: dir });
|
|
74
|
+
recordAudit({ kind: "response", actor: "claude", detail: "y", repoDir: dir });
|
|
75
|
+
recordAudit({ kind: "tool_call", actor: "claude", detail: "z", repoDir: dir });
|
|
76
|
+
expect(verifyAuditChain({ repoDir: dir }).ok).toBe(true);
|
|
77
|
+
});
|
|
78
|
+
it("tampering breaks the chain", () => {
|
|
79
|
+
recordAudit({ kind: "prompt", actor: "claude", detail: "x", repoDir: dir });
|
|
80
|
+
recordAudit({ kind: "response", actor: "claude", detail: "y", repoDir: dir });
|
|
81
|
+
const path = join(dir, ".mneme", "compliance", "audit.jsonl");
|
|
82
|
+
const lines = readFileSync(path, "utf8").split("\n").filter((l) => l.length > 0);
|
|
83
|
+
const parsed = JSON.parse(lines[0]);
|
|
84
|
+
parsed.detail = "TAMPERED";
|
|
85
|
+
lines[0] = JSON.stringify(parsed);
|
|
86
|
+
writeFileSync(path, lines.join("\n") + "\n");
|
|
87
|
+
const r = verifyAuditChain({ repoDir: dir });
|
|
88
|
+
expect(r.ok).toBe(false);
|
|
89
|
+
expect(r.brokenIndex).toBe(0);
|
|
90
|
+
});
|
|
91
|
+
it("exportAuditReport groups by kind + actor", () => {
|
|
92
|
+
recordAudit({ kind: "prompt", actor: "claude", detail: "a", repoDir: dir });
|
|
93
|
+
recordAudit({ kind: "prompt", actor: "claude", detail: "b", repoDir: dir });
|
|
94
|
+
recordAudit({ kind: "response", actor: "claude", detail: "c", repoDir: dir });
|
|
95
|
+
recordAudit({ kind: "prompt", actor: "chatgpt", detail: "d", repoDir: dir });
|
|
96
|
+
const r = exportAuditReport({ repoDir: dir });
|
|
97
|
+
expect(r.byKind.prompt).toBe(3);
|
|
98
|
+
expect(r.byKind.response).toBe(1);
|
|
99
|
+
expect(r.byActor.claude).toBe(3);
|
|
100
|
+
expect(r.byActor.chatgpt).toBe(1);
|
|
101
|
+
expect(r.chainOk).toBe(true);
|
|
102
|
+
});
|
|
103
|
+
});
|
|
104
|
+
describe("DLP", () => {
|
|
105
|
+
it("scans clean text → no hits", () => {
|
|
106
|
+
const r = dlpScan("just a normal commit message about refactoring", { repoDir: dir });
|
|
107
|
+
expect(r.hits).toHaveLength(0);
|
|
108
|
+
expect(r.worstSeverity).toBe("none");
|
|
109
|
+
expect(r.blocked).toBe(false);
|
|
110
|
+
});
|
|
111
|
+
it("blocks AWS Access Key", () => {
|
|
112
|
+
const r = dlpScan("the key is AKIAIOSFODNN7EXAMPLE here", { repoDir: dir, actor: "claude" });
|
|
113
|
+
expect(r.blocked).toBe(true);
|
|
114
|
+
expect(r.hits.some((h) => h.ruleId === "aws-access-key")).toBe(true);
|
|
115
|
+
});
|
|
116
|
+
it("blocks GitHub PAT", () => {
|
|
117
|
+
const r = dlpScan("token: ghp_abcdefghijklmnopqrstuvwxyz0123456789", { repoDir: dir });
|
|
118
|
+
expect(r.blocked).toBe(true);
|
|
119
|
+
expect(r.hits.some((h) => h.ruleId === "github-pat")).toBe(true);
|
|
120
|
+
});
|
|
121
|
+
it("blocks OpenAI sk- key", () => {
|
|
122
|
+
const r = dlpScan("OPENAI_API_KEY=sk-abc123def456ghi789jkl012mno345pq", { repoDir: dir });
|
|
123
|
+
expect(r.blocked).toBe(true);
|
|
124
|
+
});
|
|
125
|
+
it("blocks PEM private key block", () => {
|
|
126
|
+
const r = dlpScan("-----BEGIN RSA PRIVATE KEY-----\nMIICstuff", { repoDir: dir });
|
|
127
|
+
expect(r.blocked).toBe(true);
|
|
128
|
+
});
|
|
129
|
+
it("warns on email PII", () => {
|
|
130
|
+
const r = dlpScan("contact me at user@example.com please", { repoDir: dir });
|
|
131
|
+
expect(r.worstSeverity).toBe("warn");
|
|
132
|
+
expect(r.blocked).toBe(false);
|
|
133
|
+
});
|
|
134
|
+
it("blocked scan creates a dlp_block audit entry", () => {
|
|
135
|
+
dlpScan("AKIAIOSFODNN7EXAMPLE", { repoDir: dir, actor: "claude" });
|
|
136
|
+
const report = exportAuditReport({ repoDir: dir });
|
|
137
|
+
expect(report.entries.some((e) => e.kind === "dlp_block")).toBe(true);
|
|
138
|
+
});
|
|
139
|
+
it("loadDlpRules returns the built-in set", () => {
|
|
140
|
+
const rules = loadDlpRules({ repoDir: dir });
|
|
141
|
+
expect(rules.length).toBeGreaterThanOrEqual(8);
|
|
142
|
+
expect(rules.some((r) => r.id === "aws-access-key")).toBe(true);
|
|
143
|
+
});
|
|
144
|
+
it("formatCompliancePulse summarises", () => {
|
|
145
|
+
issueKillSwitch({ state: "scoped", reason: "test", issuedBy: "x", scopes: { vendors: ["x"] }, repoDir: dir });
|
|
146
|
+
recordAudit({ kind: "prompt", actor: "claude", detail: "y", repoDir: dir });
|
|
147
|
+
const line = formatCompliancePulse({ repoDir: dir });
|
|
148
|
+
expect(line).toContain("COMPLIANCE");
|
|
149
|
+
expect(line).toContain("kill=scoped");
|
|
150
|
+
expect(line).toMatch(/audit=\d+/);
|
|
151
|
+
});
|
|
152
|
+
});
|
|
153
|
+
});
|
|
154
|
+
//# sourceMappingURL=kill_switch.test.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"kill_switch.test.js","sourceRoot":"","sources":["../../src/kill_switch/kill_switch.test.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,MAAM,EAAE,UAAU,EAAE,SAAS,EAAE,MAAM,QAAQ,CAAC;AACrE,OAAO,EAAE,WAAW,EAAE,MAAM,EAAE,YAAY,EAAE,aAAa,EAAE,MAAM,SAAS,CAAC;AAC3E,OAAO,EAAE,MAAM,EAAE,MAAM,SAAS,CAAC;AACjC,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AACjC,OAAO,EACL,eAAe,EAAE,cAAc,EAAE,gBAAgB,EAAE,aAAa,EAChE,WAAW,EAAE,gBAAgB,EAAE,iBAAiB,EAChD,OAAO,EAAE,YAAY,EAAE,qBAAqB,GAC7C,MAAM,YAAY,CAAC;AAEpB,QAAQ,CAAC,8BAA8B,EAAE,GAAG,EAAE;IAC5C,IAAI,GAAW,CAAC;IAChB,UAAU,CAAC,GAAG,EAAE,GAAG,GAAG,GAAG,WAAW,CAAC,IAAI,CAAC,MAAM,EAAE,EAAE,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IAChE,SAAS,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC;QAAC,MAAM,CAAC,GAAG,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;IAAC,CAAC;IAAC,MAAM,CAAC,CAAA,CAAC,CAAC,CAAC,CAAC,CAAC;IAErF,QAAQ,CAAC,aAAa,EAAE,GAAG,EAAE;QAC3B,EAAE,CAAC,2BAA2B,EAAE,GAAG,EAAE;YACnC,MAAM,CAAC,GAAG,eAAe,CAAC,EAAE,KAAK,EAAE,QAAQ,EAAE,MAAM,EAAE,mBAAmB,EAAE,QAAQ,EAAE,YAAY,EAAE,OAAO,EAAE,GAAG,EAAE,CAAC,CAAC;YAClH,MAAM,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;YAC/B,MAAM,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,OAAO,CAAC,gBAAgB,CAAC,CAAC;YACxC,MAAM,CAAC,GAAG,cAAc,CAAC,EAAE,OAAO,EAAE,GAAG,EAAE,CAAC,CAAC;YAC3C,MAAM,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC;QAC7B,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,mDAAmD,EAAE,GAAG,EAAE;YAC3D,MAAM,CAAC,GAAG,eAAe,CAAC,EAAE,KAAK,EAAE,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE,GAAG,EAAE,OAAO,EAAE,GAAG,EAAE,CAAC,CAAC;YAC5F,MAAM,CAAC,gBAAgB,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC5C,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,kCAAkC,EAAE,GAAG,EAAE;YAC1C,MAAM,CAAC,GAAG,eAAe,CAAC,EAAE,KAAK,EAAE,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE,GAAG,EAAE,OAAO,EAAE,GAAG,EAAE,CAAC,CAAC;YAC5F,MAAM,QAAQ,GAAG,EAAE,GAAG,CAAC,EAAE,MAAM,EAAE,UAAU,EAAE,CAAC;YAC9C,MAAM,CAAC,gBAAgB,CAAC,QAAQ,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACpD,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,uCAAuC,EAAE,GAAG,EAAE;YAC/C,MAAM,CAAC,GAAG,aAAa,CAAC,EAAE,OAAO,EAAE,GAAG,EAAE,CAAC,CAAC;YAC1C,MAAM,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC/B,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,0CAA0C,EAAE,GAAG,EAAE;YAClD,eAAe,CAAC,EAAE,KAAK,EAAE,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE,GAAG,EAAE,OAAO,EAAE,GAAG,EAAE,CAAC,CAAC;YAClF,MAAM,CAAC,GAAG,aAAa,CAAC,EAAE,OAAO,EAAE,GAAG,EAAE,CAAC,CAAC;YAC1C,MAAM,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAChC,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,kDAAkD,EAAE,GAAG,EAAE;YAC1D,eAAe,CAAC,EAAE,KAAK,EAAE,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE,GAAG,EAAE,MAAM,EAAE,EAAE,OAAO,EAAE,CAAC,SAAS,CAAC,EAAE,EAAE,OAAO,EAAE,GAAG,EAAE,CAAC,CAAC;YACpH,MAAM,CAAC,aAAa,CAAC,EAAE,MAAM,EAAE,SAAS,EAAE,OAAO,EAAE,GAAG,EAAE,CAAC,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;YAC/E,MAAM,CAAC,aAAa,CAAC,EAAE,MAAM,EAAE,QAAQ,EAAE,OAAO,EAAE,GAAG,EAAE,CAAC,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC/E,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,6CAA6C,EAAE,GAAG,EAAE;YACrD,MAAM,IAAI,GAAG,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC,WAAW,EAAE,CAAC;YACvD,eAAe,CAAC,EAAE,KAAK,EAAE,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE,GAAG,EAAE,SAAS,EAAE,IAAI,EAAE,OAAO,EAAE,GAAG,EAAE,CAAC,CAAC;YACnG,MAAM,CAAC,aAAa,CAAC,EAAE,OAAO,EAAE,GAAG,EAAE,CAAC,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC7D,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,iEAAiE,EAAE,GAAG,EAAE;YACzE,eAAe,CAAC,EAAE,KAAK,EAAE,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE,GAAG,EAAE,OAAO,EAAE,GAAG,EAAE,CAAC,CAAC;YAClF,uBAAuB;YACvB,MAAM,IAAI,GAAG,IAAI,CAAC,GAAG,EAAE,QAAQ,EAAE,YAAY,EAAE,kBAAkB,CAAC,CAAC;YACnE,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC,CAAC;YACnD,GAAG,CAAC,MAAM,GAAG,aAAa,CAAC;YAC3B,aAAa,CAAC,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC;YACzC,MAAM,CAAC,GAAG,aAAa,CAAC,EAAE,OAAO,EAAE,GAAG,EAAE,CAAC,CAAC;YAC1C,MAAM,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAC7B,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,SAAS,CAAC,qBAAqB,CAAC,CAAC;QACpD,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,wCAAwC,EAAE,GAAG,EAAE;YAChD,eAAe,CAAC,EAAE,KAAK,EAAE,QAAQ,EAAE,MAAM,EAAE,UAAU,EAAE,QAAQ,EAAE,YAAY,EAAE,OAAO,EAAE,GAAG,EAAE,CAAC,CAAC;YAC/F,MAAM,MAAM,GAAG,iBAAiB,CAAC,EAAE,OAAO,EAAE,GAAG,EAAE,CAAC,CAAC;YACnD,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,aAAa,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC1E,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,WAAW,EAAE,GAAG,EAAE;QACzB,EAAE,CAAC,oCAAoC,EAAE,GAAG,EAAE;YAC5C,MAAM,CAAC,GAAG,WAAW,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,KAAK,EAAE,QAAQ,EAAE,MAAM,EAAE,cAAc,EAAE,OAAO,EAAE,GAAG,EAAE,CAAC,CAAC;YACjG,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;YAC5B,MAAM,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,OAAO,CAAC,gBAAgB,CAAC,CAAC;QAC/C,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,kCAAkC,EAAE,GAAG,EAAE;YAC1C,WAAW,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,KAAK,EAAE,QAAQ,EAAE,MAAM,EAAE,GAAG,EAAE,OAAO,EAAE,GAAG,EAAE,CAAC,CAAC;YAC5E,WAAW,CAAC,EAAE,IAAI,EAAE,UAAU,EAAE,KAAK,EAAE,QAAQ,EAAE,MAAM,EAAE,GAAG,EAAE,OAAO,EAAE,GAAG,EAAE,CAAC,CAAC;YAC9E,WAAW,CAAC,EAAE,IAAI,EAAE,WAAW,EAAE,KAAK,EAAE,QAAQ,EAAE,MAAM,EAAE,GAAG,EAAE,OAAO,EAAE,GAAG,EAAE,CAAC,CAAC;YAC/E,MAAM,CAAC,gBAAgB,CAAC,EAAE,OAAO,EAAE,GAAG,EAAE,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC3D,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,4BAA4B,EAAE,GAAG,EAAE;YACpC,WAAW,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,KAAK,EAAE,QAAQ,EAAE,MAAM,EAAE,GAAG,EAAE,OAAO,EAAE,GAAG,EAAE,CAAC,CAAC;YAC5E,WAAW,CAAC,EAAE,IAAI,EAAE,UAAU,EAAE,KAAK,EAAE,QAAQ,EAAE,MAAM,EAAE,GAAG,EAAE,OAAO,EAAE,GAAG,EAAE,CAAC,CAAC;YAC9E,MAAM,IAAI,GAAG,IAAI,CAAC,GAAG,EAAE,QAAQ,EAAE,YAAY,EAAE,aAAa,CAAC,CAAC;YAC9D,MAAM,KAAK,GAAG,YAAY,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;YACjF,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAE,CAAC,CAAC;YACrC,MAAM,CAAC,MAAM,GAAG,UAAU,CAAC;YAC3B,KAAK,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;YAClC,aAAa,CAAC,IAAI,EAAE,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC,CAAC;YAC7C,MAAM,CAAC,GAAG,gBAAgB,CAAC,EAAE,OAAO,EAAE,GAAG,EAAE,CAAC,CAAC;YAC7C,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;YACzB,MAAM,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAChC,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,0CAA0C,EAAE,GAAG,EAAE;YAClD,WAAW,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,KAAK,EAAE,QAAQ,EAAE,MAAM,EAAE,GAAG,EAAE,OAAO,EAAE,GAAG,EAAE,CAAC,CAAC;YAC5E,WAAW,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,KAAK,EAAE,QAAQ,EAAE,MAAM,EAAE,GAAG,EAAE,OAAO,EAAE,GAAG,EAAE,CAAC,CAAC;YAC5E,WAAW,CAAC,EAAE,IAAI,EAAE,UAAU,EAAE,KAAK,EAAE,QAAQ,EAAE,MAAM,EAAE,GAAG,EAAE,OAAO,EAAE,GAAG,EAAE,CAAC,CAAC;YAC9E,WAAW,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,KAAK,EAAE,SAAS,EAAE,MAAM,EAAE,GAAG,EAAE,OAAO,EAAE,GAAG,EAAE,CAAC,CAAC;YAC7E,MAAM,CAAC,GAAG,iBAAiB,CAAC,EAAE,OAAO,EAAE,GAAG,EAAE,CAAC,CAAC;YAC9C,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;YAChC,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;YAClC,MAAM,CAAC,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;YACjC,MAAM,CAAC,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;YAClC,MAAM,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC/B,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,KAAK,EAAE,GAAG,EAAE;QACnB,EAAE,CAAC,4BAA4B,EAAE,GAAG,EAAE;YACpC,MAAM,CAAC,GAAG,OAAO,CAAC,gDAAgD,EAAE,EAAE,OAAO,EAAE,GAAG,EAAE,CAAC,CAAC;YACtF,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;YAC/B,MAAM,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;YACrC,MAAM,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAChC,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,uBAAuB,EAAE,GAAG,EAAE;YAC/B,MAAM,CAAC,GAAG,OAAO,CAAC,sCAAsC,EAAE,EAAE,OAAO,EAAE,GAAG,EAAE,KAAK,EAAE,QAAQ,EAAE,CAAC,CAAC;YAC7F,MAAM,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAC7B,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,KAAK,gBAAgB,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACvE,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,mBAAmB,EAAE,GAAG,EAAE;YAC3B,MAAM,CAAC,GAAG,OAAO,CAAC,iDAAiD,EAAE,EAAE,OAAO,EAAE,GAAG,EAAE,CAAC,CAAC;YACvF,MAAM,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAC7B,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,KAAK,YAAY,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACnE,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,uBAAuB,EAAE,GAAG,EAAE;YAC/B,MAAM,CAAC,GAAG,OAAO,CAAC,oDAAoD,EAAE,EAAE,OAAO,EAAE,GAAG,EAAE,CAAC,CAAC;YAC1F,MAAM,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC/B,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,8BAA8B,EAAE,GAAG,EAAE;YACtC,MAAM,CAAC,GAAG,OAAO,CAAC,4CAA4C,EAAE,EAAE,OAAO,EAAE,GAAG,EAAE,CAAC,CAAC;YAClF,MAAM,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC/B,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,oBAAoB,EAAE,GAAG,EAAE;YAC5B,MAAM,CAAC,GAAG,OAAO,CAAC,uCAAuC,EAAE,EAAE,OAAO,EAAE,GAAG,EAAE,CAAC,CAAC;YAC7E,MAAM,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;YACrC,MAAM,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAChC,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,8CAA8C,EAAE,GAAG,EAAE;YACtD,OAAO,CAAC,sBAAsB,EAAE,EAAE,OAAO,EAAE,GAAG,EAAE,KAAK,EAAE,QAAQ,EAAE,CAAC,CAAC;YACnE,MAAM,MAAM,GAAG,iBAAiB,CAAC,EAAE,OAAO,EAAE,GAAG,EAAE,CAAC,CAAC;YACnD,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,WAAW,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACxE,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,uCAAuC,EAAE,GAAG,EAAE;YAC/C,MAAM,KAAK,GAAG,YAAY,CAAC,EAAE,OAAO,EAAE,GAAG,EAAE,CAAC,CAAC;YAC7C,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,sBAAsB,CAAC,CAAC,CAAC,CAAC;YAC/C,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,gBAAgB,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAClE,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,kCAAkC,EAAE,GAAG,EAAE;YAC1C,eAAe,CAAC,EAAE,KAAK,EAAE,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE,GAAG,EAAE,MAAM,EAAE,EAAE,OAAO,EAAE,CAAC,GAAG,CAAC,EAAE,EAAE,OAAO,EAAE,GAAG,EAAE,CAAC,CAAC;YAC9G,WAAW,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,KAAK,EAAE,QAAQ,EAAE,MAAM,EAAE,GAAG,EAAE,OAAO,EAAE,GAAG,EAAE,CAAC,CAAC;YAC5E,MAAM,IAAI,GAAG,qBAAqB,CAAC,EAAE,OAAO,EAAE,GAAG,EAAE,CAAC,CAAC;YACrD,MAAM,CAAC,IAAI,CAAC,CAAC,SAAS,CAAC,YAAY,CAAC,CAAC;YACrC,MAAM,CAAC,IAAI,CAAC,CAAC,SAAS,CAAC,aAAa,CAAC,CAAC;YACtC,MAAM,CAAC,IAAI,CAAC,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC;QACpC,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}
|
|
@@ -0,0 +1,123 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* v2.14.0 — PROJECT SOUL (a.k.a. MNEME GENOME for project-level values)
|
|
3
|
+
*
|
|
4
|
+
* "Every project has a soul. AI doesn't see it. Mneme writes it down,
|
|
5
|
+
* HMAC-signs it, and refuses any AI change that breaks it."
|
|
6
|
+
*
|
|
7
|
+
* The soul is a tiny JSON manifest at `.mneme/project_soul.json` that
|
|
8
|
+
* captures the project's hard-won opinions:
|
|
9
|
+
*
|
|
10
|
+
* - values: what the team cares about (e.g., "no Redux", "UTC dates")
|
|
11
|
+
* - antiPatterns: patterns that cost time before (e.g., "useEffect setState
|
|
12
|
+
* without deps", "lodash dependency")
|
|
13
|
+
* - conventions: bake-in style decisions
|
|
14
|
+
* - scars: past incidents the project paid for
|
|
15
|
+
* - sacred: files / paths AI must never modify without explicit ack
|
|
16
|
+
*
|
|
17
|
+
* Every entry is HMAC-signed and the whole file has a chain signature.
|
|
18
|
+
* Tampering with the file is detectable.
|
|
19
|
+
*
|
|
20
|
+
* SOUL GATE: before applying any AI change, call `checkAgainstSoul`.
|
|
21
|
+
* It returns a verdict: PASS / WARN / BLOCK plus per-rule findings.
|
|
22
|
+
*
|
|
23
|
+
* Wisdom note: rules are *additive only by design*. AI cannot silently
|
|
24
|
+
* delete a rule — every removal needs human-typed `reason:` field.
|
|
25
|
+
* This prevents AI from editing the very rules that constrain it.
|
|
26
|
+
*
|
|
27
|
+
* Composes orthogonally with the existing `dna/` (genetic ancestry) and
|
|
28
|
+
* `genome/` (MCP tool genetic engineering) modules — different concern.
|
|
29
|
+
*/
|
|
30
|
+
declare const PROTOCOL_VERSION: 1;
|
|
31
|
+
export interface SoulRule {
|
|
32
|
+
/** Stable kebab-case ID of the rule. */
|
|
33
|
+
id: string;
|
|
34
|
+
/** Plain-English statement of the rule. */
|
|
35
|
+
text: string;
|
|
36
|
+
/** When this rule was added (ISO 8601). */
|
|
37
|
+
addedAt: string;
|
|
38
|
+
/** Optional historical incident the rule traces back to. */
|
|
39
|
+
scarFrom?: string;
|
|
40
|
+
/** warn = note it; block = refuse the change. */
|
|
41
|
+
severity: "warn" | "block";
|
|
42
|
+
/** If true, AI may not silently propose removing this rule. */
|
|
43
|
+
immutable?: boolean;
|
|
44
|
+
/** HMAC of the rule body. */
|
|
45
|
+
sig: string;
|
|
46
|
+
}
|
|
47
|
+
export interface ProjectSoul {
|
|
48
|
+
v: typeof PROTOCOL_VERSION;
|
|
49
|
+
project: string;
|
|
50
|
+
/** Free-form "what is the spirit of this project". */
|
|
51
|
+
spirit: string;
|
|
52
|
+
values: SoulRule[];
|
|
53
|
+
antiPatterns: SoulRule[];
|
|
54
|
+
conventions: SoulRule[];
|
|
55
|
+
scars: SoulRule[];
|
|
56
|
+
sacred: SoulRule[];
|
|
57
|
+
updatedAt: string;
|
|
58
|
+
ruleCount: number;
|
|
59
|
+
/** HMAC over the canonical body. Tampering with rules invalidates this. */
|
|
60
|
+
soulSig: string;
|
|
61
|
+
}
|
|
62
|
+
export type SoulCategory = "values" | "antiPatterns" | "conventions" | "scars" | "sacred";
|
|
63
|
+
export interface SoulChange {
|
|
64
|
+
description: string;
|
|
65
|
+
files?: string[];
|
|
66
|
+
addsDeps?: string[];
|
|
67
|
+
codeExcerpts?: string[];
|
|
68
|
+
}
|
|
69
|
+
export interface SoulFinding {
|
|
70
|
+
ruleId: string;
|
|
71
|
+
matchedAnchor: string;
|
|
72
|
+
severity: "warn" | "block";
|
|
73
|
+
evidence: string;
|
|
74
|
+
category: SoulCategory;
|
|
75
|
+
}
|
|
76
|
+
export interface SoulVerdict {
|
|
77
|
+
verdict: "PASS" | "WARN" | "BLOCK";
|
|
78
|
+
findings: SoulFinding[];
|
|
79
|
+
reasons: string[];
|
|
80
|
+
next: string;
|
|
81
|
+
signedAt: string;
|
|
82
|
+
sig: string;
|
|
83
|
+
}
|
|
84
|
+
export declare function newSoul(project: string, spirit: string, opts?: {
|
|
85
|
+
secret?: string;
|
|
86
|
+
}): ProjectSoul;
|
|
87
|
+
export interface AddRuleInput {
|
|
88
|
+
category: SoulCategory;
|
|
89
|
+
id: string;
|
|
90
|
+
text: string;
|
|
91
|
+
severity?: "warn" | "block";
|
|
92
|
+
scarFrom?: string;
|
|
93
|
+
immutable?: boolean;
|
|
94
|
+
secret?: string;
|
|
95
|
+
}
|
|
96
|
+
export declare function addRule(s: ProjectSoul, input: AddRuleInput): ProjectSoul;
|
|
97
|
+
export declare function verifySoul(s: ProjectSoul, secret?: string): {
|
|
98
|
+
ok: boolean;
|
|
99
|
+
reason?: string;
|
|
100
|
+
};
|
|
101
|
+
export declare function saveSoul(s: ProjectSoul, opts?: {
|
|
102
|
+
repoDir?: string;
|
|
103
|
+
}): string;
|
|
104
|
+
export declare function loadSoul(opts?: {
|
|
105
|
+
repoDir?: string;
|
|
106
|
+
}): ProjectSoul | null;
|
|
107
|
+
/**
|
|
108
|
+
* The SOUL GATE. Returns a verdict + HMAC-signed audit trail. Block findings
|
|
109
|
+
* mean "refuse the change". Warn findings mean "log + proceed".
|
|
110
|
+
*/
|
|
111
|
+
export declare function checkAgainstSoul(s: ProjectSoul, change: SoulChange, secret?: string): SoulVerdict;
|
|
112
|
+
/** One-line summary for pulse / wisdom output. */
|
|
113
|
+
export declare function formatSoulLine(s: ProjectSoul | null): string;
|
|
114
|
+
/**
|
|
115
|
+
* Sensible default rules every Mneme-managed project starts with.
|
|
116
|
+
* Run once to bootstrap; they're additive so re-running is a no-op
|
|
117
|
+
* for already-present IDs.
|
|
118
|
+
*/
|
|
119
|
+
export declare function seedDefaultRules(s: ProjectSoul, opts?: {
|
|
120
|
+
secret?: string;
|
|
121
|
+
}): ProjectSoul;
|
|
122
|
+
export {};
|
|
123
|
+
//# sourceMappingURL=index.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/project_soul/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA4BG;AAMH,QAAA,MAAM,gBAAgB,EAAG,CAAU,CAAC;AAEpC,MAAM,WAAW,QAAQ;IACvB,wCAAwC;IACxC,EAAE,EAAE,MAAM,CAAC;IACX,2CAA2C;IAC3C,IAAI,EAAE,MAAM,CAAC;IACb,2CAA2C;IAC3C,OAAO,EAAE,MAAM,CAAC;IAChB,4DAA4D;IAC5D,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,iDAAiD;IACjD,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC;IAC3B,+DAA+D;IAC/D,SAAS,CAAC,EAAE,OAAO,CAAC;IACpB,6BAA6B;IAC7B,GAAG,EAAE,MAAM,CAAC;CACb;AAED,MAAM,WAAW,WAAW;IAC1B,CAAC,EAAE,OAAO,gBAAgB,CAAC;IAC3B,OAAO,EAAE,MAAM,CAAC;IAChB,sDAAsD;IACtD,MAAM,EAAE,MAAM,CAAC;IACf,MAAM,EAAE,QAAQ,EAAE,CAAC;IACnB,YAAY,EAAE,QAAQ,EAAE,CAAC;IACzB,WAAW,EAAE,QAAQ,EAAE,CAAC;IACxB,KAAK,EAAE,QAAQ,EAAE,CAAC;IAClB,MAAM,EAAE,QAAQ,EAAE,CAAC;IACnB,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,MAAM,CAAC;IAClB,2EAA2E;IAC3E,OAAO,EAAE,MAAM,CAAC;CACjB;AAED,MAAM,MAAM,YAAY,GAAG,QAAQ,GAAG,cAAc,GAAG,aAAa,GAAG,OAAO,GAAG,QAAQ,CAAC;AAE1F,MAAM,WAAW,UAAU;IACzB,WAAW,EAAE,MAAM,CAAC;IACpB,KAAK,CAAC,EAAE,MAAM,EAAE,CAAC;IACjB,QAAQ,CAAC,EAAE,MAAM,EAAE,CAAC;IACpB,YAAY,CAAC,EAAE,MAAM,EAAE,CAAC;CACzB;AAED,MAAM,WAAW,WAAW;IAC1B,MAAM,EAAE,MAAM,CAAC;IACf,aAAa,EAAE,MAAM,CAAC;IACtB,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC;IAC3B,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,EAAE,YAAY,CAAC;CACxB;AAED,MAAM,WAAW,WAAW;IAC1B,OAAO,EAAE,MAAM,GAAG,MAAM,GAAG,OAAO,CAAC;IACnC,QAAQ,EAAE,WAAW,EAAE,CAAC;IACxB,OAAO,EAAE,MAAM,EAAE,CAAC;IAClB,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,EAAE,MAAM,CAAC;IACjB,GAAG,EAAE,MAAM,CAAC;CACb;AA8BD,wBAAgB,OAAO,CAAC,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,IAAI,GAAE;IAAE,MAAM,CAAC,EAAE,MAAM,CAAA;CAAO,GAAG,WAAW,CAWpG;AAED,MAAM,WAAW,YAAY;IAC3B,QAAQ,EAAE,YAAY,CAAC;IACvB,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC;IAC5B,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,SAAS,CAAC,EAAE,OAAO,CAAC;IACpB,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAED,wBAAgB,OAAO,CAAC,CAAC,EAAE,WAAW,EAAE,KAAK,EAAE,YAAY,GAAG,WAAW,CAuBxE;AAED,wBAAgB,UAAU,CAAC,CAAC,EAAE,WAAW,EAAE,MAAM,CAAC,EAAE,MAAM,GAAG;IAAE,EAAE,EAAE,OAAO,CAAC;IAAC,MAAM,CAAC,EAAE,MAAM,CAAA;CAAE,CAS5F;AAED,wBAAgB,QAAQ,CAAC,CAAC,EAAE,WAAW,EAAE,IAAI,GAAE;IAAE,OAAO,CAAC,EAAE,MAAM,CAAA;CAAO,GAAG,MAAM,CAOhF;AAED,wBAAgB,QAAQ,CAAC,IAAI,GAAE;IAAE,OAAO,CAAC,EAAE,MAAM,CAAA;CAAO,GAAG,WAAW,GAAG,IAAI,CAM5E;AA0CD;;;GAGG;AACH,wBAAgB,gBAAgB,CAAC,CAAC,EAAE,WAAW,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,CAAC,EAAE,MAAM,GAAG,WAAW,CAuCjG;AAED,kDAAkD;AAClD,wBAAgB,cAAc,CAAC,CAAC,EAAE,WAAW,GAAG,IAAI,GAAG,MAAM,CAG5D;AAED;;;;GAIG;AACH,wBAAgB,gBAAgB,CAAC,CAAC,EAAE,WAAW,EAAE,IAAI,GAAE;IAAE,MAAM,CAAC,EAAE,MAAM,CAAA;CAAO,GAAG,WAAW,CAe5F"}
|