npm - @mneme-ai/core - Versions diffs - 2.50.0 → 2.52.0 - Mend

@mneme-ai/core 2.50.0 → 2.52.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (42) hide show

package/dist/agent_manifest.d.ts.map +1 -1
package/dist/agent_manifest.js +18 -0
package/dist/agent_manifest.js.map +1 -1
package/dist/nemesis/capillary.d.ts +68 -0
package/dist/nemesis/capillary.d.ts.map +1 -0
package/dist/nemesis/capillary.js +465 -0
package/dist/nemesis/capillary.js.map +1 -0
package/dist/nemesis/colosseum.d.ts +111 -0
package/dist/nemesis/colosseum.d.ts.map +1 -0
package/dist/nemesis/colosseum.js +275 -0
package/dist/nemesis/colosseum.js.map +1 -0
package/dist/nemesis/index.d.ts +6 -0
package/dist/nemesis/index.d.ts.map +1 -1
package/dist/nemesis/index.js +23 -0
package/dist/nemesis/index.js.map +1 -1
package/dist/nemesis/molt.d.ts +104 -0
package/dist/nemesis/molt.d.ts.map +1 -0
package/dist/nemesis/molt.js +220 -0
package/dist/nemesis/molt.js.map +1 -0
package/dist/nemesis/sibyl.d.ts +122 -0
package/dist/nemesis/sibyl.d.ts.map +1 -0
package/dist/nemesis/sibyl.js +179 -0
package/dist/nemesis/sibyl.js.map +1 -0
package/dist/nemesis/stealth_score.d.ts +97 -0
package/dist/nemesis/stealth_score.d.ts.map +1 -0
package/dist/nemesis/stealth_score.js +204 -0
package/dist/nemesis/stealth_score.js.map +1 -0
package/dist/nemesis/themis.d.ts +109 -0
package/dist/nemesis/themis.d.ts.map +1 -0
package/dist/nemesis/themis.js +194 -0
package/dist/nemesis/themis.js.map +1 -0
package/dist/people/lineage.d.ts +11 -6
package/dist/people/lineage.d.ts.map +1 -1
package/dist/people/lineage.js +51 -9
package/dist/people/lineage.js.map +1 -1
package/dist/truth_gate/claims.d.ts.map +1 -1
package/dist/truth_gate/claims.js +29 -0
package/dist/truth_gate/claims.js.map +1 -1
package/dist/truth_gate/probes.d.ts.map +1 -1
package/dist/truth_gate/probes.js +252 -0
package/dist/truth_gate/probes.js.map +1 -1
package/package.json +1 -1

package/dist/nemesis/molt.js ADDED Viewed

@@ -0,0 +1,220 @@
+/**
+ * v2.52.0 — MOLT (Diamond 4 / Million Dollar Secret series).
+ *
+ * Show mechanic: contestants change behaviour when they sense suspicion.
+ * Drift over time is itself a tell.
+ *
+ * Mneme primitive: extends drift_timeline (v2.46 ORGAN 4) into a
+ * SILENT-MODEL-ROTATION detector. AI vendors frequently swap backend
+ * models without telling users (GPT-4 → GPT-4 Turbo → GPT-4o; Claude
+ * 3 Opus → Claude 3.5 Sonnet → Claude Opus 4.6). Users paying for
+ * "model A" get rotated to "model B" with no notice. Consumer-protection
+ * issue + potential class-action surface.
+ *
+ * MOLT computes Mahalanobis-style drift between fingerprint snapshots
+ * over a time window, identifies the DOMINANT shifted features, and
+ * emits a forensic-evidence-grade event:
+ *
+ *   {
+ *     vendor: "cursor",
+ *     molted: true,
+ *     moltedAt: "2026-04-15T...",
+ *     priorWindow: "2026-03-15..2026-04-14",
+ *     postWindow:  "2026-04-15..2026-05-15",
+ *     dominantShifts: [
+ *       { feature: "conditional_density", priorMean: 0.32, postMean: 0.09, z: 4.7 },
+ *       ...
+ *     ],
+ *     hmac: "..."  // forensic preservation
+ *   }
+ *
+ * No paper / product surfaces silent model rotation from output alone.
+ *
+ * Wild value-adds this module ships:
+ *   - WEBHOOK emit (optional): when molt detected, POST signed JSON
+ *     to an opt-in endpoint so the user's CI / Slack / monitoring
+ *     learns about the rotation automatically
+ *   - DOMINANT-SHIFT CITATION: the 3 features that moved most → caller
+ *     can write a court-admissible "vendor X silently rotated on Y"
+ *     statement
+ *
+ * Composes: drift_timeline.readTimeline + a per-feature Welch-style
+ * comparison of pre/post means + variances.
+ *
+ * Pure deterministic + defensive; never throws.
+ */
+import { readTimeline } from "./drift_timeline.js";
+import { createHmac } from "node:crypto";
+const KEY_ENV = "MNEME_MOLT_KEY";
+const DEFAULT_KEY = "mneme-molt-v1";
+const MOLT_Z_THRESHOLD = 3.0;
+const MIN_PRIOR_N = 5;
+const MIN_POST_N = 3;
+function keyOf() {
+    return process.env[KEY_ENV] ?? DEFAULT_KEY;
+}
+function meanStd(values) {
+    if (values.length === 0)
+        return { mean: 0, stdev: 0 };
+    const mean = values.reduce((a, b) => a + b, 0) / values.length;
+    const variance = values.reduce((s, v) => s + (v - mean) ** 2, 0) / Math.max(1, values.length - 1);
+    return { mean, stdev: Math.sqrt(variance) };
+}
+function safeWindowSplit(entries, splitAt) {
+    if (!Array.isArray(entries))
+        return { prior: [], post: [] };
+    const prior = [];
+    const post = [];
+    for (const e of entries) {
+        const t = Date.parse(e.at);
+        if (!Number.isFinite(t))
+            continue;
+        if (t < splitAt)
+            prior.push(e);
+        else
+            post.push(e);
+    }
+    return { prior, post };
+}
+function collectKeys(entries) {
+    const keys = new Set();
+    for (const e of entries) {
+        if (e.fingerprint)
+            for (const k of Object.keys(e.fingerprint))
+                keys.add(k);
+    }
+    return Array.from(keys);
+}
+function buildCitation(verdict) {
+    if (!verdict.molted)
+        return `No molt detected for ${verdict.vendor}.`;
+    const top = verdict.dominantShifts.slice(0, 3).map((s) => `${s.feature} ${s.direction} (${s.priorMean.toFixed(2)} → ${s.postMean.toFixed(2)}, z=${s.z.toFixed(2)})`).join("; ");
+    return `${verdict.vendor} appears to have silently rotated models on ${verdict.moltedAt}. Dominant shifts: ${top}.`;
+}
+/**
+ * Detect silent model rotation by comparing pre/post fingerprint
+ * distributions split at a given timestamp (default: midpoint by count).
+ *
+ * Defensive: missing vendor / empty timeline / not enough samples → returns
+ *           molted=false with reason in citation.
+ */
+export function detectMolt(repoRoot, vendor, opts = {}) {
+    const minZ = opts.minZ ?? MOLT_Z_THRESHOLD;
+    let entries = [];
+    try {
+        entries = readTimeline(repoRoot, vendor);
+    }
+    catch {
+        entries = [];
+    }
+    // Optional filter: keep only entries newer than sinceMs
+    if (opts.sinceMs !== undefined) {
+        entries = entries.filter((e) => Date.parse(e.at) >= opts.sinceMs);
+    }
+    // Sort by timestamp
+    entries.sort((a, b) => Date.parse(a.at) - Date.parse(b.at));
+    if (entries.length < MIN_PRIOR_N + MIN_POST_N) {
+        const out = {
+            vendor,
+            molted: false,
+            moltedAt: null,
+            priorWindow: { from: "", to: "", n: 0 },
+            postWindow: { from: "", to: "", n: entries.length },
+            dominantShifts: [],
+            hmac: "",
+            citation: `Insufficient data for ${vendor}: ${entries.length} entries (need ≥${MIN_PRIOR_N + MIN_POST_N}).`,
+        };
+        out.hmac = createHmac("sha256", keyOf()).update(JSON.stringify({ vendor, molted: false, n: entries.length })).digest("hex");
+        return out;
+    }
+    // Choose split point: explicit ms OR midpoint by count
+    let splitAt;
+    if (opts.splitAtMs !== undefined) {
+        splitAt = opts.splitAtMs;
+    }
+    else {
+        const mid = entries[Math.floor(entries.length / 2)];
+        splitAt = Date.parse(mid.at);
+    }
+    const { prior, post } = safeWindowSplit(entries, splitAt);
+    if (prior.length < MIN_PRIOR_N || post.length < MIN_POST_N) {
+        const out = {
+            vendor,
+            molted: false,
+            moltedAt: null,
+            priorWindow: { from: prior[0]?.at ?? "", to: prior[prior.length - 1]?.at ?? "", n: prior.length },
+            postWindow: { from: post[0]?.at ?? "", to: post[post.length - 1]?.at ?? "", n: post.length },
+            dominantShifts: [],
+            hmac: "",
+            citation: `Insufficient samples in one window for ${vendor}: prior=${prior.length}, post=${post.length}.`,
+        };
+        out.hmac = createHmac("sha256", keyOf()).update(JSON.stringify({ vendor, molted: false, prior: prior.length, post: post.length })).digest("hex");
+        return out;
+    }
+    // Per-feature shift
+    const keys = collectKeys(entries);
+    const shifts = [];
+    for (const k of keys) {
+        const priorVals = prior.map((e) => e.fingerprint?.[k] ?? 0).filter(Number.isFinite);
+        const postVals = post.map((e) => e.fingerprint?.[k] ?? 0).filter(Number.isFinite);
+        if (priorVals.length < MIN_PRIOR_N || postVals.length < MIN_POST_N)
+            continue;
+        const p = meanStd(priorVals);
+        const q = meanStd(postVals);
+        // Pooled stdev (avoid /0)
+        const pooled = Math.sqrt(((p.stdev ** 2) / priorVals.length) + ((q.stdev ** 2) / postVals.length));
+        const safePooled = pooled > 1e-6 ? pooled : Math.max(0.01, Math.abs(p.mean) * 0.1);
+        const z = (q.mean - p.mean) / safePooled;
+        if (!Number.isFinite(z))
+            continue;
+        const direction = z > 0.05 ? "increase" : z < -0.05 ? "decrease" : "flat";
+        shifts.push({ feature: k, priorMean: p.mean, postMean: q.mean, priorStdev: p.stdev, postStdev: q.stdev, z, direction });
+    }
+    shifts.sort((a, b) => Math.abs(b.z) - Math.abs(a.z));
+    const dominant = shifts.filter((s) => Math.abs(s.z) >= minZ).slice(0, 10);
+    const molted = dominant.length > 0;
+    const verdict = {
+        vendor,
+        molted,
+        moltedAt: molted ? (post[post.length - 1]?.at ?? null) : null,
+        priorWindow: { from: prior[0].at, to: prior[prior.length - 1].at, n: prior.length },
+        postWindow: { from: post[0].at, to: post[post.length - 1].at, n: post.length },
+        dominantShifts: dominant,
+    };
+    const citation = buildCitation(verdict);
+    const hmac = createHmac("sha256", keyOf()).update(JSON.stringify({ ...verdict, citation })).digest("hex");
+    return { ...verdict, citation, hmac };
+}
+/**
+ * Verify a MoltVerdict's HMAC. Returns true iff hmac matches the
+ * canonical body. Caller-side forensic check.
+ */
+export function verifyMoltVerdict(v) {
+    if (!v || typeof v.hmac !== "string")
+        return false;
+    const { hmac, ...body } = v;
+    const expected = createHmac("sha256", keyOf()).update(JSON.stringify(body)).digest("hex");
+    return expected === hmac;
+}
+/**
+ * Optional webhook emit (HTTP POST). Returns ok=true on 2xx; defensive.
+ * Caller controls when to fire (e.g. only when verdict.molted).
+ */
+export async function emitMoltWebhook(verdict, webhookUrl) {
+    try {
+        if (!webhookUrl || !/^https?:\/\//.test(webhookUrl)) {
+            return { ok: false, reason: "invalid webhook URL" };
+        }
+        const r = await fetch(webhookUrl, {
+            method: "POST",
+            headers: { "content-type": "application/json", "x-mneme-molt-signature": verdict.hmac },
+            body: JSON.stringify(verdict),
+            signal: AbortSignal.timeout(5000),
+        });
+        return { ok: r.ok, status: r.status };
+    }
+    catch (e) {
+        return { ok: false, reason: e.message };
+    }
+}
+//# sourceMappingURL=molt.js.map

package/dist/nemesis/molt.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"molt.js","sourceRoot":"","sources":["../../src/nemesis/molt.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA4CG;AAEH,OAAO,EAAE,YAAY,EAAmB,MAAM,qBAAqB,CAAC;AACpE,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AA4BzC,MAAM,OAAO,GAAG,gBAAgB,CAAC;AACjC,MAAM,WAAW,GAAG,eAAe,CAAC;AACpC,MAAM,gBAAgB,GAAG,GAAG,CAAC;AAC7B,MAAM,WAAW,GAAG,CAAC,CAAC;AACtB,MAAM,UAAU,GAAG,CAAC,CAAC;AAErB,SAAS,KAAK;IACZ,OAAO,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,WAAW,CAAC;AAC7C,CAAC;AAED,SAAS,OAAO,CAAC,MAAgB;IAC/B,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,EAAE,IAAI,EAAE,CAAC,EAAE,KAAK,EAAE,CAAC,EAAE,CAAC;IACtD,MAAM,IAAI,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,GAAG,MAAM,CAAC,MAAM,CAAC;IAC/D,MAAM,QAAQ,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,GAAG,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,MAAM,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;IAClG,OAAO,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC;AAC9C,CAAC;AAED,SAAS,eAAe,CAAC,OAAqB,EAAE,OAAe;IAC7D,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC;QAAE,OAAO,EAAE,KAAK,EAAE,EAAE,EAAE,IAAI,EAAE,EAAE,EAAE,CAAC;IAC5D,MAAM,KAAK,GAAiB,EAAE,CAAC;IAC/B,MAAM,IAAI,GAAiB,EAAE,CAAC;IAC9B,KAAK,MAAM,CAAC,IAAI,OAAO,EAAE,CAAC;QACxB,MAAM,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;QAC3B,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC;YAAE,SAAS;QAClC,IAAI,CAAC,GAAG,OAAO;YAAE,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;;YAC1B,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IACpB,CAAC;IACD,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC;AACzB,CAAC;AAED,SAAS,WAAW,CAAC,OAAqB;IACxC,MAAM,IAAI,GAAG,IAAI,GAAG,EAAU,CAAC;IAC/B,KAAK,MAAM,CAAC,IAAI,OAAO,EAAE,CAAC;QACxB,IAAI,CAAC,CAAC,WAAW;YAAE,KAAK,MAAM,CAAC,IAAI,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,WAAW,CAAC;gBAAE,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;IAC7E,CAAC;IACD,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC1B,CAAC;AAED,SAAS,aAAa,CAAC,OAAqG;IAC1H,IAAI,CAAC,OAAO,CAAC,MAAM;QAAE,OAAO,wBAAwB,OAAO,CAAC,MAAM,GAAG,CAAC;IACtE,MAAM,GAAG,GAAG,OAAO,CAAC,cAAc,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,CAAC,CAAC,OAAO,IAAI,CAAC,CAAC,SAAS,KAAK,CAAC,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAChL,OAAO,GAAG,OAAO,CAAC,MAAM,+CAA+C,OAAO,CAAC,QAAQ,sBAAsB,GAAG,GAAG,CAAC;AACtH,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,UAAU,CACxB,QAAgB,EAChB,MAAc,EACd,OAAgE,EAAE;IAElE,MAAM,IAAI,GAAG,IAAI,CAAC,IAAI,IAAI,gBAAgB,CAAC;IAC3C,IAAI,OAAO,GAAiB,EAAE,CAAC;IAC/B,IAAI,CAAC;QACH,OAAO,GAAG,YAAY,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;IAC3C,CAAC;IAAC,MAAM,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;IAAC,CAAC;IAEzB,wDAAwD;IACxD,IAAI,IAAI,CAAC,OAAO,KAAK,SAAS,EAAE,CAAC;QAC/B,OAAO,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC,IAAI,IAAI,CAAC,OAAQ,CAAC,CAAC;IACrE,CAAC;IACD,oBAAoB;IACpB,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;IAE5D,IAAI,OAAO,CAAC,MAAM,GAAG,WAAW,GAAG,UAAU,EAAE,CAAC;QAC9C,MAAM,GAAG,GAAgB;YACvB,MAAM;YACN,MAAM,EAAE,KAAK;YACb,QAAQ,EAAE,IAAI;YACd,WAAW,EAAE,EAAE,IAAI,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,CAAC,EAAE,CAAC,EAAE;YACvC,UAAU,EAAE,EAAE,IAAI,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,CAAC,EAAE,OAAO,CAAC,MAAM,EAAE;YACnD,cAAc,EAAE,EAAE;YAClB,IAAI,EAAE,EAAE;YACR,QAAQ,EAAE,yBAAyB,MAAM,KAAK,OAAO,CAAC,MAAM,mBAAmB,WAAW,GAAG,UAAU,IAAI;SAC5G,CAAC;QACF,GAAG,CAAC,IAAI,GAAG,UAAU,CAAC,QAAQ,EAAE,KAAK,EAAE,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC,EAAE,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QAC5H,OAAO,GAAG,CAAC;IACb,CAAC;IAED,uDAAuD;IACvD,IAAI,OAAe,CAAC;IACpB,IAAI,IAAI,CAAC,SAAS,KAAK,SAAS,EAAE,CAAC;QACjC,OAAO,GAAG,IAAI,CAAC,SAAS,CAAC;IAC3B,CAAC;SAAM,CAAC;QACN,MAAM,GAAG,GAAG,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,MAAM,GAAG,CAAC,CAAC,CAAE,CAAC;QACrD,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAC/B,CAAC;IACD,MAAM,EAAE,KAAK,EAAE,IAAI,EAAE,GAAG,eAAe,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;IAC1D,IAAI,KAAK,CAAC,MAAM,GAAG,WAAW,IAAI,IAAI,CAAC,MAAM,GAAG,UAAU,EAAE,CAAC;QAC3D,MAAM,GAAG,GAAgB;YACvB,MAAM;YACN,MAAM,EAAE,KAAK;YACb,QAAQ,EAAE,IAAI;YACd,WAAW,EAAE,EAAE,IAAI,EAAE,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE,IAAI,EAAE,EAAE,EAAE,EAAE,KAAK,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,EAAE,EAAE,IAAI,EAAE,EAAE,CAAC,EAAE,KAAK,CAAC,MAAM,EAAE;YACjG,UAAU,EAAE,EAAE,IAAI,EAAE,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,IAAI,EAAE,EAAE,EAAE,EAAE,IAAI,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,CAAC,EAAE,EAAE,IAAI,EAAE,EAAE,CAAC,EAAE,IAAI,CAAC,MAAM,EAAE;YAC5F,cAAc,EAAE,EAAE;YAClB,IAAI,EAAE,EAAE;YACR,QAAQ,EAAE,0CAA0C,MAAM,WAAW,KAAK,CAAC,MAAM,UAAU,IAAI,CAAC,MAAM,GAAG;SAC1G,CAAC;QACF,GAAG,CAAC,IAAI,GAAG,UAAU,CAAC,QAAQ,EAAE,KAAK,EAAE,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,CAAC,MAAM,EAAE,IAAI,EAAE,IAAI,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QACjJ,OAAO,GAAG,CAAC;IACb,CAAC;IAED,oBAAoB;IACpB,MAAM,IAAI,GAAG,WAAW,CAAC,OAAO,CAAC,CAAC;IAClC,MAAM,MAAM,GAAmB,EAAE,CAAC;IAClC,KAAK,MAAM,CAAC,IAAI,IAAI,EAAE,CAAC;QACrB,MAAM,SAAS,GAAG,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;QACpF,MAAM,QAAQ,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;QAClF,IAAI,SAAS,CAAC,MAAM,GAAG,WAAW,IAAI,QAAQ,CAAC,MAAM,GAAG,UAAU;YAAE,SAAS;QAC7E,MAAM,CAAC,GAAG,OAAO,CAAC,SAAS,CAAC,CAAC;QAC7B,MAAM,CAAC,GAAG,OAAO,CAAC,QAAQ,CAAC,CAAC;QAC5B,0BAA0B;QAC1B,MAAM,MAAM,GAAG,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,KAAK,IAAI,CAAC,CAAC,GAAG,SAAS,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,KAAK,IAAI,CAAC,CAAC,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC;QACnG,MAAM,UAAU,GAAG,MAAM,GAAG,IAAI,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,EAAE,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,GAAG,CAAC,CAAC;QACnF,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,GAAG,CAAC,CAAC,IAAI,CAAC,GAAG,UAAU,CAAC;QACzC,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC;YAAE,SAAS;QAClC,MAAM,SAAS,GAAG,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,MAAM,CAAC;QAC1E,MAAM,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,CAAC,EAAE,SAAS,EAAE,CAAC,CAAC,IAAI,EAAE,QAAQ,EAAE,CAAC,CAAC,IAAI,EAAE,UAAU,EAAE,CAAC,CAAC,KAAK,EAAE,SAAS,EAAE,CAAC,CAAC,KAAK,EAAE,CAAC,EAAE,SAAS,EAAE,CAAC,CAAC;IAC1H,CAAC;IACD,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IACrD,MAAM,QAAQ,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;IAC1E,MAAM,MAAM,GAAG,QAAQ,CAAC,MAAM,GAAG,CAAC,CAAC;IAEnC,MAAM,OAAO,GAA2C;QACtD,MAAM;QACN,MAAM;QACN,QAAQ,EAAE,MAAM,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,CAAC,EAAE,EAAE,IAAI,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI;QAC7D,WAAW,EAAE,EAAE,IAAI,EAAE,KAAK,CAAC,CAAC,CAAE,CAAC,EAAE,EAAE,EAAE,EAAE,KAAK,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,CAAE,CAAC,EAAE,EAAE,CAAC,EAAE,KAAK,CAAC,MAAM,EAAE;QACrF,UAAU,EAAE,EAAE,IAAI,EAAE,IAAI,CAAC,CAAC,CAAE,CAAC,EAAE,EAAE,EAAE,EAAE,IAAI,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,CAAE,CAAC,EAAE,EAAE,CAAC,EAAE,IAAI,CAAC,MAAM,EAAE;QAChF,cAAc,EAAE,QAAQ;KACzB,CAAC;IACF,MAAM,QAAQ,GAAG,aAAa,CAAC,OAAO,CAAC,CAAC;IACxC,MAAM,IAAI,GAAG,UAAU,CAAC,QAAQ,EAAE,KAAK,EAAE,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,GAAG,OAAO,EAAE,QAAQ,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IAC1G,OAAO,EAAE,GAAG,OAAO,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;AACxC,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,iBAAiB,CAAC,CAAc;IAC9C,IAAI,CAAC,CAAC,IAAI,OAAO,CAAC,CAAC,IAAI,KAAK,QAAQ;QAAE,OAAO,KAAK,CAAC;IACnD,MAAM,EAAE,IAAI,EAAE,GAAG,IAAI,EAAE,GAAG,CAAC,CAAC;IAC5B,MAAM,QAAQ,GAAG,UAAU,CAAC,QAAQ,EAAE,KAAK,EAAE,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IAC1F,OAAO,QAAQ,KAAK,IAAI,CAAC;AAC3B,CAAC;AAED;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,eAAe,CAAC,OAAoB,EAAE,UAAkB;IAC5E,IAAI,CAAC;QACH,IAAI,CAAC,UAAU,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,UAAU,CAAC,EAAE,CAAC;YACpD,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,qBAAqB,EAAE,CAAC;QACtD,CAAC;QACD,MAAM,CAAC,GAAG,MAAM,KAAK,CAAC,UAAU,EAAE;YAChC,MAAM,EAAE,MAAM;YACd,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,wBAAwB,EAAE,OAAO,CAAC,IAAI,EAAE;YACvF,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC;YAC7B,MAAM,EAAE,WAAW,CAAC,OAAO,CAAC,IAAI,CAAC;SAClC,CAAC,CAAC;QACH,OAAO,EAAE,EAAE,EAAE,CAAC,CAAC,EAAE,EAAE,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC;IACxC,CAAC;IAAC,OAAO,CAAC,EAAE,CAAC;QACX,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAG,CAAW,CAAC,OAAO,EAAE,CAAC;IACrD,CAAC;AACH,CAAC"}

package/dist/nemesis/sibyl.d.ts ADDED Viewed

@@ -0,0 +1,122 @@
+/**
+ * v2.52.0 — SIBYL (Diamond 6 / Million Dollar Secret series).
+ *
+ * Show mechanic: contestants commit their identity at session-start
+ * (sealed envelope), reveal at session-end. Lock prevents mid-session
+ * identity switching.
+ *
+ * Mneme primitive: a SIMPLE-ZK identity commitment scheme.
+ *
+ *   1. Session start: vendor computes commitment = SHA-256(identity || nonce)
+ *      and emits it (publicly, signed). Identity + nonce stay private.
+ *   2. Mid-session: vendor works. Identity not revealed. Other parties
+ *      can still verify the commitment matches the session's signed
+ *      receipts via the HMAC chain.
+ *   3. Session end / on demand: vendor reveals (identity, nonce). Anyone
+ *      can recompute SHA-256(identity || nonce) and verify it matches
+ *      the original commitment.
+ *
+ * This is the "hash commitment" branch of ZK — simpler than zkSNARKs,
+ * adequate for "I declared X at session-start, here's the proof I
+ * didn't change to Y mid-session".
+ *
+ * Wild value-adds this module ships:
+ *   - NESTED COMMITMENTS: commit (vendor, model, version) as a tuple;
+ *     reveal any subset. Lets a vendor disclose vendor without leaking
+ *     exact model.
+ *   - PAIR with EU Article 50: emit commitment at PR open, reveal at
+ *     merge. Compliance auditors can verify identity didn't drift.
+ *   - SESSION-BIND: commitment includes a session-id; the same
+ *     identity+nonce signed for session A cannot be replayed in B.
+ *
+ * Pure deterministic + defensive; never throws.
+ */
+export interface SibylIdentity {
+    vendor: string;
+    model?: string;
+    version?: string;
+}
+export interface SibylCommitment {
+    /** Session identifier — prevents cross-session replay. */
+    sessionId: string;
+    /** SHA-256(identity || nonce || sessionId). */
+    commitmentHash: string;
+    /** Mask: which fields the commitment includes. */
+    mask: {
+        vendor: boolean;
+        model: boolean;
+        version: boolean;
+    };
+    /** ISO-8601 commit timestamp. */
+    at: string;
+    /** HMAC over commitment metadata (signs the commit envelope). */
+    hmac: string;
+    prev: string;
+}
+export interface SibylReveal {
+    sessionId: string;
+    identity: SibylIdentity;
+    nonce: string;
+    mask: {
+        vendor: boolean;
+        model: boolean;
+        version: boolean;
+    };
+    at: string;
+    hmac: string;
+    prev: string;
+}
+export interface CommitOpts {
+    identity: SibylIdentity;
+    sessionId?: string;
+    /** Provide your own nonce for testability; otherwise generated. */
+    nonce?: string;
+    /** Which fields the commitment locks. Default: all present fields. */
+    mask?: Partial<SibylCommitment["mask"]>;
+    /** Persist to .mneme/nemesis/sibyl/commitments.jsonl (default true). */
+    persist?: boolean;
+}
+export interface CommitResult {
+    commitment: SibylCommitment;
+    /** Returned ONLY to the caller — the secret needed to reveal later. */
+    nonce: string;
+    /** Same — caller is responsible for safekeeping these until reveal. */
+    identitySnapshot: SibylIdentity;
+}
+/** Issue a new commitment. The nonce is returned ONCE to the caller. */
+export declare function commitIdentity(repoRoot: string, opts: CommitOpts): CommitResult;
+export interface RevealOpts {
+    sessionId: string;
+    identity: SibylIdentity;
+    nonce: string;
+    /** Mask must match the commit's mask. */
+    mask?: Partial<SibylCommitment["mask"]>;
+    persist?: boolean;
+}
+export interface RevealResult {
+    reveal: SibylReveal;
+    /** True iff the supplied (identity, nonce) recreates the original commitment. */
+    matches: boolean;
+    /** Reference to the original commitment (if found in chain). */
+    matchedCommitment?: SibylCommitment;
+}
+/** Reveal + verify against the stored chain (or pass commitment explicitly). */
+export declare function revealIdentity(repoRoot: string, opts: RevealOpts, knownCommitment?: SibylCommitment): RevealResult;
+/** Read all SIBYL events from disk + verify chain. */
+export declare function verifySibylChain(repoRoot: string): {
+    ok: boolean;
+    rows: number;
+    brokenAt?: number;
+    reason?: string;
+};
+/** Verify a commitment+reveal pair WITHOUT touching the chain. Pure. */
+export declare function verifyCommitmentReveal(commitment: SibylCommitment, reveal: {
+    identity: SibylIdentity;
+    nonce: string;
+}): {
+    ok: boolean;
+    reason?: string;
+};
+/** Diagnostic: list all open commitments (no matching reveal yet). */
+export declare function listOpenCommitments(repoRoot: string): SibylCommitment[];
+//# sourceMappingURL=sibyl.d.ts.map

package/dist/nemesis/sibyl.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"sibyl.d.ts","sourceRoot":"","sources":["../../src/nemesis/sibyl.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAgCG;AAgBH,MAAM,WAAW,aAAa;IAC5B,MAAM,EAAE,MAAM,CAAC;IACf,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB;AAED,MAAM,WAAW,eAAe;IAC9B,0DAA0D;IAC1D,SAAS,EAAE,MAAM,CAAC;IAClB,+CAA+C;IAC/C,cAAc,EAAE,MAAM,CAAC;IACvB,kDAAkD;IAClD,IAAI,EAAE;QAAE,MAAM,EAAE,OAAO,CAAC;QAAC,KAAK,EAAE,OAAO,CAAC;QAAC,OAAO,EAAE,OAAO,CAAA;KAAE,CAAC;IAC5D,iCAAiC;IACjC,EAAE,EAAE,MAAM,CAAC;IACX,iEAAiE;IACjE,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC;CACd;AAED,MAAM,WAAW,WAAW;IAC1B,SAAS,EAAE,MAAM,CAAC;IAClB,QAAQ,EAAE,aAAa,CAAC;IACxB,KAAK,EAAE,MAAM,CAAC;IACd,IAAI,EAAE;QAAE,MAAM,EAAE,OAAO,CAAC;QAAC,KAAK,EAAE,OAAO,CAAC;QAAC,OAAO,EAAE,OAAO,CAAA;KAAE,CAAC;IAC5D,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC;CACd;AAyDD,MAAM,WAAW,UAAU;IACzB,QAAQ,EAAE,aAAa,CAAC;IACxB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,mEAAmE;IACnE,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,sEAAsE;IACtE,IAAI,CAAC,EAAE,OAAO,CAAC,eAAe,CAAC,MAAM,CAAC,CAAC,CAAC;IACxC,wEAAwE;IACxE,OAAO,CAAC,EAAE,OAAO,CAAC;CACnB;AAED,MAAM,WAAW,YAAY;IAC3B,UAAU,EAAE,eAAe,CAAC;IAC5B,uEAAuE;IACvE,KAAK,EAAE,MAAM,CAAC;IACd,uEAAuE;IACvE,gBAAgB,EAAE,aAAa,CAAC;CACjC;AAED,wEAAwE;AACxE,wBAAgB,cAAc,CAAC,QAAQ,EAAE,MAAM,EAAE,IAAI,EAAE,UAAU,GAAG,YAAY,CAgB/E;AAED,MAAM,WAAW,UAAU;IACzB,SAAS,EAAE,MAAM,CAAC;IAClB,QAAQ,EAAE,aAAa,CAAC;IACxB,KAAK,EAAE,MAAM,CAAC;IACd,yCAAyC;IACzC,IAAI,CAAC,EAAE,OAAO,CAAC,eAAe,CAAC,MAAM,CAAC,CAAC,CAAC;IACxC,OAAO,CAAC,EAAE,OAAO,CAAC;CACnB;AAED,MAAM,WAAW,YAAY;IAC3B,MAAM,EAAE,WAAW,CAAC;IACpB,iFAAiF;IACjF,OAAO,EAAE,OAAO,CAAC;IACjB,gEAAgE;IAChE,iBAAiB,CAAC,EAAE,eAAe,CAAC;CACrC;AAED,gFAAgF;AAChF,wBAAgB,cAAc,CAAC,QAAQ,EAAE,MAAM,EAAE,IAAI,EAAE,UAAU,EAAE,eAAe,CAAC,EAAE,eAAe,GAAG,YAAY,CAsBlH;AAED,sDAAsD;AACtD,wBAAgB,gBAAgB,CAAC,QAAQ,EAAE,MAAM,GAAG;IAAE,EAAE,EAAE,OAAO,CAAC;IAAC,IAAI,EAAE,MAAM,CAAC;IAAC,QAAQ,CAAC,EAAE,MAAM,CAAC;IAAC,MAAM,CAAC,EAAE,MAAM,CAAA;CAAE,CAYpH;AAED,wEAAwE;AACxE,wBAAgB,sBAAsB,CACpC,UAAU,EAAE,eAAe,EAC3B,MAAM,EAAE;IAAE,QAAQ,EAAE,aAAa,CAAC;IAAC,KAAK,EAAE,MAAM,CAAA;CAAE,GACjD;IAAE,EAAE,EAAE,OAAO,CAAC;IAAC,MAAM,CAAC,EAAE,MAAM,CAAA;CAAE,CAKlC;AAED,sEAAsE;AACtE,wBAAgB,mBAAmB,CAAC,QAAQ,EAAE,MAAM,GAAG,eAAe,EAAE,CAMvE"}

package/dist/nemesis/sibyl.js ADDED Viewed

@@ -0,0 +1,179 @@
+/**
+ * v2.52.0 — SIBYL (Diamond 6 / Million Dollar Secret series).
+ *
+ * Show mechanic: contestants commit their identity at session-start
+ * (sealed envelope), reveal at session-end. Lock prevents mid-session
+ * identity switching.
+ *
+ * Mneme primitive: a SIMPLE-ZK identity commitment scheme.
+ *
+ *   1. Session start: vendor computes commitment = SHA-256(identity || nonce)
+ *      and emits it (publicly, signed). Identity + nonce stay private.
+ *   2. Mid-session: vendor works. Identity not revealed. Other parties
+ *      can still verify the commitment matches the session's signed
+ *      receipts via the HMAC chain.
+ *   3. Session end / on demand: vendor reveals (identity, nonce). Anyone
+ *      can recompute SHA-256(identity || nonce) and verify it matches
+ *      the original commitment.
+ *
+ * This is the "hash commitment" branch of ZK — simpler than zkSNARKs,
+ * adequate for "I declared X at session-start, here's the proof I
+ * didn't change to Y mid-session".
+ *
+ * Wild value-adds this module ships:
+ *   - NESTED COMMITMENTS: commit (vendor, model, version) as a tuple;
+ *     reveal any subset. Lets a vendor disclose vendor without leaking
+ *     exact model.
+ *   - PAIR with EU Article 50: emit commitment at PR open, reveal at
+ *     merge. Compliance auditors can verify identity didn't drift.
+ *   - SESSION-BIND: commitment includes a session-id; the same
+ *     identity+nonce signed for session A cannot be replayed in B.
+ *
+ * Pure deterministic + defensive; never throws.
+ */
+import { existsSync, mkdirSync, readFileSync, appendFileSync } from "node:fs";
+import { join } from "node:path";
+import { createHash, createHmac, randomBytes } from "node:crypto";
+const SIBYL_DIR = ".mneme/nemesis/sibyl";
+const COMMITS_FILE = "commitments.jsonl";
+const KEY_ENV = "MNEME_SIBYL_KEY";
+const DEFAULT_KEY = "mneme-sibyl-v1";
+const SEED = "0".repeat(64);
+function keyOf() {
+    return process.env[KEY_ENV] ?? DEFAULT_KEY;
+}
+function canonicalIdentity(identity, mask) {
+    // Stable canonical form. Empty fields when not masked = stable empty marker.
+    return JSON.stringify({
+        vendor: mask.vendor ? (identity.vendor ?? "") : "",
+        model: mask.model ? (identity.model ?? "") : "",
+        version: mask.version ? (identity.version ?? "") : "",
+    });
+}
+function commitmentHashOf(identity, nonce, sessionId, mask) {
+    return createHash("sha256")
+        .update(canonicalIdentity(identity, mask))
+        .update("|")
+        .update(nonce)
+        .update("|")
+        .update(sessionId)
+        .digest("hex");
+}
+function envelopeHmac(body) {
+    return createHmac("sha256", keyOf()).update(JSON.stringify(body)).digest("hex");
+}
+function dirOf(repoRoot) {
+    const dir = join(repoRoot, SIBYL_DIR);
+    try {
+        if (!existsSync(dir))
+            mkdirSync(dir, { recursive: true });
+    }
+    catch { /* ok */ }
+    return dir;
+}
+function readChain(repoRoot) {
+    const p = join(dirOf(repoRoot), COMMITS_FILE);
+    if (!existsSync(p))
+        return [];
+    try {
+        const out = [];
+        for (const line of readFileSync(p, "utf8").split("\n")) {
+            if (!line.trim())
+                continue;
+            try {
+                out.push(JSON.parse(line));
+            }
+            catch { /* skip */ }
+        }
+        return out;
+    }
+    catch {
+        return [];
+    }
+}
+function lastHmac(repoRoot) {
+    const rows = readChain(repoRoot);
+    return rows.length === 0 ? SEED : rows[rows.length - 1].hmac;
+}
+function appendChain(repoRoot, row) {
+    try {
+        appendFileSync(join(dirOf(repoRoot), COMMITS_FILE), JSON.stringify(row) + "\n");
+    }
+    catch { /* ok */ }
+}
+/** Issue a new commitment. The nonce is returned ONCE to the caller. */
+export function commitIdentity(repoRoot, opts) {
+    const sessionId = opts.sessionId ?? `S-${Date.now().toString(36)}-${randomBytes(4).toString("hex")}`;
+    const nonce = opts.nonce ?? randomBytes(16).toString("hex");
+    const mask = {
+        vendor: opts.mask?.vendor ?? !!opts.identity.vendor,
+        model: opts.mask?.model ?? !!opts.identity.model,
+        version: opts.mask?.version ?? !!opts.identity.version,
+    };
+    const at = new Date().toISOString();
+    const commitmentHash = commitmentHashOf(opts.identity, nonce, sessionId, mask);
+    const prev = (opts.persist === false) ? SEED : lastHmac(repoRoot);
+    const body = { sessionId, commitmentHash, mask, at, prev };
+    const hmac = envelopeHmac(body);
+    const commitment = { ...body, hmac };
+    if (opts.persist !== false)
+        appendChain(repoRoot, commitment);
+    return { commitment, nonce, identitySnapshot: { ...opts.identity } };
+}
+/** Reveal + verify against the stored chain (or pass commitment explicitly). */
+export function revealIdentity(repoRoot, opts, knownCommitment) {
+    const at = new Date().toISOString();
+    // Locate matching commit in chain (if not given)
+    let target = knownCommitment;
+    if (!target) {
+        const chain = readChain(repoRoot);
+        target = chain.find((r) => "commitmentHash" in r && r.sessionId === opts.sessionId) ?? undefined;
+    }
+    const matches = target
+        ? (commitmentHashOf(opts.identity, opts.nonce, opts.sessionId, target.mask) === target.commitmentHash)
+        : false;
+    const prev = (opts.persist === false) ? SEED : lastHmac(repoRoot);
+    const mask = target ? target.mask : {
+        vendor: opts.mask?.vendor ?? !!opts.identity.vendor,
+        model: opts.mask?.model ?? !!opts.identity.model,
+        version: opts.mask?.version ?? !!opts.identity.version,
+    };
+    const body = { sessionId: opts.sessionId, identity: opts.identity, nonce: opts.nonce, mask, at, prev };
+    const hmac = envelopeHmac(body);
+    const reveal = { ...body, hmac };
+    if (opts.persist !== false)
+        appendChain(repoRoot, reveal);
+    return { reveal, matches, matchedCommitment: target };
+}
+/** Read all SIBYL events from disk + verify chain. */
+export function verifySibylChain(repoRoot) {
+    const rows = readChain(repoRoot);
+    let prev = SEED;
+    for (let i = 0; i < rows.length; i++) {
+        const r = rows[i];
+        const { hmac, ...body } = r;
+        if (body.prev !== prev)
+            return { ok: false, rows: i, brokenAt: i, reason: "prev mismatch" };
+        const expected = envelopeHmac(body);
+        if (expected !== hmac)
+            return { ok: false, rows: i, brokenAt: i, reason: "hmac mismatch" };
+        prev = hmac;
+    }
+    return { ok: true, rows: rows.length };
+}
+/** Verify a commitment+reveal pair WITHOUT touching the chain. Pure. */
+export function verifyCommitmentReveal(commitment, reveal) {
+    if (!commitment || !reveal)
+        return { ok: false, reason: "missing inputs" };
+    const expected = commitmentHashOf(reveal.identity, reveal.nonce, commitment.sessionId, commitment.mask);
+    if (expected !== commitment.commitmentHash)
+        return { ok: false, reason: "commitment hash mismatch" };
+    return { ok: true };
+}
+/** Diagnostic: list all open commitments (no matching reveal yet). */
+export function listOpenCommitments(repoRoot) {
+    const chain = readChain(repoRoot);
+    const revealedSessions = new Set(chain.filter((r) => "nonce" in r).map((r) => r.sessionId));
+    return chain.filter((r) => "commitmentHash" in r && !revealedSessions.has(r.sessionId));
+}
+//# sourceMappingURL=sibyl.js.map

package/dist/nemesis/sibyl.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"sibyl.js","sourceRoot":"","sources":["../../src/nemesis/sibyl.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAgCG;AAEH,OAAO,EAAE,UAAU,EAAE,SAAS,EAAE,YAAY,EAAE,cAAc,EAAE,MAAM,SAAS,CAAC;AAC9E,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AACjC,OAAO,EAAE,UAAU,EAAE,UAAU,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAElE,MAAM,SAAS,GAAG,sBAAsB,CAAC;AACzC,MAAM,YAAY,GAAG,mBAAmB,CAAC;AACzC,MAAM,OAAO,GAAG,iBAAiB,CAAC;AAClC,MAAM,WAAW,GAAG,gBAAgB,CAAC;AACrC,MAAM,IAAI,GAAG,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;AAE5B,SAAS,KAAK;IACZ,OAAO,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,WAAW,CAAC;AAC7C,CAAC;AAgCD,SAAS,iBAAiB,CAAC,QAAuB,EAAE,IAA6B;IAC/E,6EAA6E;IAC7E,OAAO,IAAI,CAAC,SAAS,CAAC;QACpB,MAAM,EAAE,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,MAAM,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC,EAAE;QAClD,KAAK,EAAE,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,KAAK,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC,EAAE;QAC/C,OAAO,EAAE,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,OAAO,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC,EAAE;KACtD,CAAC,CAAC;AACL,CAAC;AAED,SAAS,gBAAgB,CAAC,QAAuB,EAAE,KAAa,EAAE,SAAiB,EAAE,IAA6B;IAChH,OAAO,UAAU,CAAC,QAAQ,CAAC;SACxB,MAAM,CAAC,iBAAiB,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAC;SACzC,MAAM,CAAC,GAAG,CAAC;SACX,MAAM,CAAC,KAAK,CAAC;SACb,MAAM,CAAC,GAAG,CAAC;SACX,MAAM,CAAC,SAAS,CAAC;SACjB,MAAM,CAAC,KAAK,CAAC,CAAC;AACnB,CAAC;AAED,SAAS,YAAY,CAAC,IAAY;IAChC,OAAO,UAAU,CAAC,QAAQ,EAAE,KAAK,EAAE,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;AAClF,CAAC;AAED,SAAS,KAAK,CAAC,QAAgB;IAC7B,MAAM,GAAG,GAAG,IAAI,CAAC,QAAQ,EAAE,SAAS,CAAC,CAAC;IACtC,IAAI,CAAC;QAAC,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC;YAAE,SAAS,CAAC,GAAG,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IAAC,CAAC;IAAC,MAAM,CAAC,CAAC,QAAQ,CAAC,CAAC;IACrF,OAAO,GAAG,CAAC;AACb,CAAC;AAED,SAAS,SAAS,CAAC,QAAgB;IACjC,MAAM,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,EAAE,YAAY,CAAC,CAAC;IAC9C,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC;QAAE,OAAO,EAAE,CAAC;IAC9B,IAAI,CAAC;QACH,MAAM,GAAG,GAAyC,EAAE,CAAC;QACrD,KAAK,MAAM,IAAI,IAAI,YAAY,CAAC,CAAC,EAAE,MAAM,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC;YACvD,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE;gBAAE,SAAS;YAC3B,IAAI,CAAC;gBAAC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAkC,CAAC,CAAC;YAAC,CAAC;YAAC,MAAM,CAAC,CAAC,UAAU,CAAC,CAAC;QAC3F,CAAC;QACD,OAAO,GAAG,CAAC;IACb,CAAC;IAAC,MAAM,CAAC;QAAC,OAAO,EAAE,CAAC;IAAC,CAAC;AACxB,CAAC;AAED,SAAS,QAAQ,CAAC,QAAgB;IAChC,MAAM,IAAI,GAAG,SAAS,CAAC,QAAQ,CAAC,CAAC;IACjC,OAAO,IAAI,CAAC,MAAM,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAE,IAAI,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,CAAsB,CAAC,IAAI,CAAC;AACrF,CAAC;AAED,SAAS,WAAW,CAAC,QAAgB,EAAE,GAAkC;IACvE,IAAI,CAAC;QAAC,cAAc,CAAC,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,EAAE,YAAY,CAAC,EAAE,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,GAAG,IAAI,CAAC,CAAC;IAAC,CAAC;IAAC,MAAM,CAAC,CAAC,QAAQ,CAAC,CAAC;AAC7G,CAAC;AAyBD,wEAAwE;AACxE,MAAM,UAAU,cAAc,CAAC,QAAgB,EAAE,IAAgB;IAC/D,MAAM,SAAS,GAAG,IAAI,CAAC,SAAS,IAAI,KAAK,IAAI,CAAC,GAAG,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,IAAI,WAAW,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;IACrG,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,IAAI,WAAW,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;IAC5D,MAAM,IAAI,GAA4B;QACpC,MAAM,EAAE,IAAI,CAAC,IAAI,EAAE,MAAM,IAAI,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,MAAM;QACnD,KAAK,EAAE,IAAI,CAAC,IAAI,EAAE,KAAK,IAAI,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,KAAK;QAChD,OAAO,EAAE,IAAI,CAAC,IAAI,EAAE,OAAO,IAAI,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,OAAO;KACvD,CAAC;IACF,MAAM,EAAE,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;IACpC,MAAM,cAAc,GAAG,gBAAgB,CAAC,IAAI,CAAC,QAAQ,EAAE,KAAK,EAAE,SAAS,EAAE,IAAI,CAAC,CAAC;IAC/E,MAAM,IAAI,GAAG,CAAC,IAAI,CAAC,OAAO,KAAK,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;IAClE,MAAM,IAAI,GAAG,EAAE,SAAS,EAAE,cAAc,EAAE,IAAI,EAAE,EAAE,EAAE,IAAI,EAAE,CAAC;IAC3D,MAAM,IAAI,GAAG,YAAY,CAAC,IAAI,CAAC,CAAC;IAChC,MAAM,UAAU,GAAoB,EAAE,GAAG,IAAI,EAAE,IAAI,EAAE,CAAC;IACtD,IAAI,IAAI,CAAC,OAAO,KAAK,KAAK;QAAE,WAAW,CAAC,QAAQ,EAAE,UAAU,CAAC,CAAC;IAC9D,OAAO,EAAE,UAAU,EAAE,KAAK,EAAE,gBAAgB,EAAE,EAAE,GAAG,IAAI,CAAC,QAAQ,EAAE,EAAE,CAAC;AACvE,CAAC;AAmBD,gFAAgF;AAChF,MAAM,UAAU,cAAc,CAAC,QAAgB,EAAE,IAAgB,EAAE,eAAiC;IAClG,MAAM,EAAE,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;IACpC,iDAAiD;IACjD,IAAI,MAAM,GAAgC,eAAe,CAAC;IAC1D,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,MAAM,KAAK,GAAG,SAAS,CAAC,QAAQ,CAAC,CAAC;QAClC,MAAM,GAAG,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAwB,EAAE,CAAC,gBAAgB,IAAI,CAAC,IAAK,CAAqB,CAAC,SAAS,KAAK,IAAI,CAAC,SAAS,CAAC,IAAI,SAAS,CAAC;IAC9I,CAAC;IACD,MAAM,OAAO,GAAG,MAAM;QACpB,CAAC,CAAC,CAAC,gBAAgB,CAAC,IAAI,CAAC,QAAQ,EAAE,IAAI,CAAC,KAAK,EAAE,IAAI,CAAC,SAAS,EAAE,MAAM,CAAC,IAAI,CAAC,KAAK,MAAM,CAAC,cAAc,CAAC;QACtG,CAAC,CAAC,KAAK,CAAC;IACV,MAAM,IAAI,GAAG,CAAC,IAAI,CAAC,OAAO,KAAK,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;IAClE,MAAM,IAAI,GAA4B,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC;QAC3D,MAAM,EAAE,IAAI,CAAC,IAAI,EAAE,MAAM,IAAI,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,MAAM;QACnD,KAAK,EAAE,IAAI,CAAC,IAAI,EAAE,KAAK,IAAI,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,KAAK;QAChD,OAAO,EAAE,IAAI,CAAC,IAAI,EAAE,OAAO,IAAI,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,OAAO;KACvD,CAAC;IACF,MAAM,IAAI,GAAG,EAAE,SAAS,EAAE,IAAI,CAAC,SAAS,EAAE,QAAQ,EAAE,IAAI,CAAC,QAAQ,EAAE,KAAK,EAAE,IAAI,CAAC,KAAK,EAAE,IAAI,EAAE,EAAE,EAAE,IAAI,EAAE,CAAC;IACvG,MAAM,IAAI,GAAG,YAAY,CAAC,IAAI,CAAC,CAAC;IAChC,MAAM,MAAM,GAAgB,EAAE,GAAG,IAAI,EAAE,IAAI,EAAE,CAAC;IAC9C,IAAI,IAAI,CAAC,OAAO,KAAK,KAAK;QAAE,WAAW,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;IAC1D,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,iBAAiB,EAAE,MAAM,EAAE,CAAC;AACxD,CAAC;AAED,sDAAsD;AACtD,MAAM,UAAU,gBAAgB,CAAC,QAAgB;IAC/C,MAAM,IAAI,GAAG,SAAS,CAAC,QAAQ,CAAC,CAAC;IACjC,IAAI,IAAI,GAAG,IAAI,CAAC;IAChB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,IAAI,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACrC,MAAM,CAAC,GAAG,IAAI,CAAC,CAAC,CAAE,CAAC;QACnB,MAAM,EAAE,IAAI,EAAE,GAAG,IAAI,EAAE,GAAG,CAAoE,CAAC;QAC/F,IAAI,IAAI,CAAC,IAAI,KAAK,IAAI;YAAE,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,EAAE,QAAQ,EAAE,CAAC,EAAE,MAAM,EAAE,eAAe,EAAE,CAAC;QAC5F,MAAM,QAAQ,GAAG,YAAY,CAAC,IAAI,CAAC,CAAC;QACpC,IAAI,QAAQ,KAAK,IAAI;YAAE,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,EAAE,QAAQ,EAAE,CAAC,EAAE,MAAM,EAAE,eAAe,EAAE,CAAC;QAC3F,IAAI,GAAG,IAAI,CAAC;IACd,CAAC;IACD,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,CAAC,MAAM,EAAE,CAAC;AACzC,CAAC;AAED,wEAAwE;AACxE,MAAM,UAAU,sBAAsB,CACpC,UAA2B,EAC3B,MAAkD;IAElD,IAAI,CAAC,UAAU,IAAI,CAAC,MAAM;QAAE,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,gBAAgB,EAAE,CAAC;IAC3E,MAAM,QAAQ,GAAG,gBAAgB,CAAC,MAAM,CAAC,QAAQ,EAAE,MAAM,CAAC,KAAK,EAAE,UAAU,CAAC,SAAS,EAAE,UAAU,CAAC,IAAI,CAAC,CAAC;IACxG,IAAI,QAAQ,KAAK,UAAU,CAAC,cAAc;QAAE,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,0BAA0B,EAAE,CAAC;IACrG,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,CAAC;AACtB,CAAC;AAED,sEAAsE;AACtE,MAAM,UAAU,mBAAmB,CAAC,QAAgB;IAClD,MAAM,KAAK,GAAG,SAAS,CAAC,QAAQ,CAAC,CAAC;IAClC,MAAM,gBAAgB,GAAG,IAAI,GAAG,CAC9B,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAoB,EAAE,CAAC,OAAO,IAAI,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,SAAS,CAAC,CAC5E,CAAC;IACF,OAAO,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAwB,EAAE,CAAC,gBAAgB,IAAI,CAAC,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAE,CAAqB,CAAC,SAAS,CAAC,CAAC,CAAC;AACrI,CAAC"}

package/dist/nemesis/stealth_score.d.ts ADDED Viewed

@@ -0,0 +1,97 @@
+/**
+ * v2.52.0 — STEALTH SCORE (Diamond 1 / Million Dollar Secret series).
+ *
+ * Show mechanic: Eve won by being naturally undetectable — Devin's
+ * minimal-diff / empty-PR pattern is so weak NEMESIS can't lock onto
+ * her own real identity (0.484 conf), so she SURVIVES even while
+ * pretending to be Codex.
+ *
+ * Mneme primitive: invert NEMESIS classifier confidence into a
+ * 0..1 STEALTH SCORE. 0 = wearing a name tag; 1 = perfect ghost.
+ *
+ * Wild value the user pointed at:
+ *   - Privacy mode for OSS contributors who don't want to advertise
+ *     "this was AI-assisted"
+ *   - Bug-bounty researchers reporting anonymously
+ *   - Whistleblower protection — leak code, hide the tool
+ *   - INVERSE compliance: HIPAA-mode codebases that LEGALLY can't have
+ *     an external AI fingerprint hit → STEALTH SCORE becomes a risk
+ *     metric (low stealth = compliance hazard)
+ *
+ * Wild idea this module adds on top:
+ *   ANONYMITY-CREDIT LEDGER. Every commit that scores ≥ 0.7 stealth
+ *   EARNS 1 credit, hash-chained. Every "anonymize this commit" call
+ *   SPENDS credits. Forensic-evidence-grade anonymity budget so
+ *   compliance + privacy claims can be proven against a tamper-evident
+ *   record ("you spent 47 stealth credits in Q2 2026, all signed").
+ *
+ * Composes: classifier_calibrated.classifyAgentCalibrated +
+ *           features.extractFingerprint + the cli-activity HMAC pattern.
+ *
+ * Pure deterministic + defensive; never throws.
+ */
+import type { Fingerprint } from "./types.js";
+/** Per-fixture stealth verdict. */
+export interface StealthVerdict {
+    /** 0..1 — inverse of classifier top confidence. */
+    stealthScore: number;
+    /** Detected top vendor (the would-be unmask). */
+    topVendor: string;
+    /** Confidence the classifier had — high conf = low stealth. */
+    detectionConfidence: number;
+    /** Plain-English band. */
+    band: "exposed" | "visible" | "partial-cover" | "stealth" | "ghost";
+    /** Why this band — one-line evidence. */
+    evidence: string;
+    /** How many anonymity-credits this fixture would EARN if spent through
+     *  the ledger (0 when band is exposed/visible). */
+    creditsEarnable: number;
+}
+/**
+ * Compute the stealth verdict for a fingerprint OR for a raw fixture
+ * (diff + prDescription + commitMessages). Pure.
+ */
+export declare function computeStealthScore(input: Fingerprint | {
+    diff: string;
+    prDescription: string;
+    commitMessages: string[];
+}): StealthVerdict;
+interface LedgerRow {
+    at: string;
+    kind: "earn" | "spend";
+    amount: number;
+    /** What earned/spent — fingerprint hash or commit ref. */
+    context: string;
+    /** Running balance AFTER this row. */
+    balanceAfter: number;
+    prev: string;
+    hmac: string;
+}
+/** Earn credits from a stealth verdict (no-op when band too visible). */
+export declare function earnAnonymityCredits(repoRoot: string, verdict: StealthVerdict, contextRef: string): {
+    earned: number;
+    newBalance: number;
+    rejected?: string;
+};
+/** Spend credits for an anonymize action. Returns insufficient when low. */
+export declare function spendAnonymityCredits(repoRoot: string, amount: number, contextRef: string): {
+    spent: number;
+    newBalance: number;
+    rejected?: string;
+};
+/** Current balance + last 10 rows for diagnostics. */
+export declare function stealthCreditStatus(repoRoot: string): {
+    balance: number;
+    totalEarned: number;
+    totalSpent: number;
+    lastRows: LedgerRow[];
+};
+/** Verify the HMAC chain of the anonymity ledger (tamper-evident). */
+export declare function verifyStealthLedger(repoRoot: string): {
+    ok: boolean;
+    rows: number;
+    brokenAt?: number;
+    reason?: string;
+};
+export {};
+//# sourceMappingURL=stealth_score.d.ts.map

package/dist/nemesis/stealth_score.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"stealth_score.d.ts","sourceRoot":"","sources":["../../src/nemesis/stealth_score.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA+BG;AAOH,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,YAAY,CAAC;AAE9C,mCAAmC;AACnC,MAAM,WAAW,cAAc;IAC7B,mDAAmD;IACnD,YAAY,EAAE,MAAM,CAAC;IACrB,iDAAiD;IACjD,SAAS,EAAE,MAAM,CAAC;IAClB,+DAA+D;IAC/D,mBAAmB,EAAE,MAAM,CAAC;IAC5B,0BAA0B;IAC1B,IAAI,EAAE,SAAS,GAAG,SAAS,GAAG,eAAe,GAAG,SAAS,GAAG,OAAO,CAAC;IACpE,yCAAyC;IACzC,QAAQ,EAAE,MAAM,CAAC;IACjB;uDACmD;IACnD,eAAe,EAAE,MAAM,CAAC;CACzB;AAED;;;GAGG;AACH,wBAAgB,mBAAmB,CACjC,KAAK,EAAE,WAAW,GAAG;IAAE,IAAI,EAAE,MAAM,CAAC;IAAC,aAAa,EAAE,MAAM,CAAC;IAAC,cAAc,EAAE,MAAM,EAAE,CAAA;CAAE,GACrF,cAAc,CAqBhB;AA0BD,UAAU,SAAS;IACjB,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC;IACvB,MAAM,EAAE,MAAM,CAAC;IACf,0DAA0D;IAC1D,OAAO,EAAE,MAAM,CAAC;IAChB,sCAAsC;IACtC,YAAY,EAAE,MAAM,CAAC;IACrB,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC;CACd;AAsCD,yEAAyE;AACzE,wBAAgB,oBAAoB,CAClC,QAAQ,EAAE,MAAM,EAChB,OAAO,EAAE,cAAc,EACvB,UAAU,EAAE,MAAM,GACjB;IAAE,MAAM,EAAE,MAAM,CAAC;IAAC,UAAU,EAAE,MAAM,CAAC;IAAC,QAAQ,CAAC,EAAE,MAAM,CAAA;CAAE,CAa3D;AAED,4EAA4E;AAC5E,wBAAgB,qBAAqB,CACnC,QAAQ,EAAE,MAAM,EAChB,MAAM,EAAE,MAAM,EACd,UAAU,EAAE,MAAM,GACjB;IAAE,KAAK,EAAE,MAAM,CAAC;IAAC,UAAU,EAAE,MAAM,CAAC;IAAC,QAAQ,CAAC,EAAE,MAAM,CAAA;CAAE,CAgB1D;AAED,sDAAsD;AACtD,wBAAgB,mBAAmB,CAAC,QAAQ,EAAE,MAAM,GAAG;IACrD,OAAO,EAAE,MAAM,CAAC;IAChB,WAAW,EAAE,MAAM,CAAC;IACpB,UAAU,EAAE,MAAM,CAAC;IACnB,QAAQ,EAAE,SAAS,EAAE,CAAC;CACvB,CAcA;AAED,sEAAsE;AACtE,wBAAgB,mBAAmB,CAAC,QAAQ,EAAE,MAAM,GAAG;IAAE,EAAE,EAAE,OAAO,CAAC;IAAC,IAAI,EAAE,MAAM,CAAC;IAAC,QAAQ,CAAC,EAAE,MAAM,CAAC;IAAC,MAAM,CAAC,EAAE,MAAM,CAAA;CAAE,CAYvH"}