@mneme-ai/core 2.52.0 → 2.53.0

package/dist/nemesis/janus.d.ts

@@ -0,0 +1,93 @@
+/**
+ * v2.53.0 — JANUS organ: cross-vendor cluster-boundary detector.
+ *
+ * The two-faced Roman god — looks at past + future simultaneously.
+ *
+ * Closes Eve's identity-swap blind spot from the Million Dollar Secret
+ * simulation: MOLT (v2.52) detects INTRA-vendor drift (vendor X drifts
+ * over time) but misses CROSS-vendor swaps (vendor X mid-session
+ * starts behaving like vendor Y). The classifier might still pick Y as
+ * the new winner, but neither MOLT nor verify_identity surfaces the
+ * "you crossed a cluster boundary" event.
+ *
+ * Algorithm:
+ *   1. Build cluster centroids from seed corpus (per vendor, per
+ *      discriminative feature).
+ *   2. For an observation O, compute distance d(O, centroid_V) for every
+ *      known vendor V.
+ *   3. Assign O to the nearest centroid → "current basin".
+ *   4. Track per-session basin history. If basin changes between
+ *      observations → cross-cluster transition event.
+ *   5. Confidence: distance to old basin / distance to new basin (lower
+ *      ratio = sharper swap).
+ *
+ * Different from MOLT because MOLT compares pre/post WINDOWS of the
+ * SAME vendor's drift; JANUS detects the MOMENT a vendor's fingerprint
+ * crosses into a DIFFERENT vendor's basin.
+ *
+ * Composes: extractFingerprint + seedStats.
+ *
+ * Pure deterministic + defensive; never throws.
+ */
+import type { Fingerprint } from "./types.js";
+export interface ClusterDistance {
+    vendor: string;
+    distance: number;
+}
+export interface JanusBasin {
+    /** Nearest vendor centroid. */
+    basin: string;
+    /** Distance to nearest centroid. */
+    basinDistance: number;
+    /** Distance to SECOND-nearest centroid (margin signal). */
+    secondNearest: ClusterDistance | null;
+    /** Margin = secondNearest.distance - basinDistance. Larger = sharper assignment. */
+    margin: number;
+    /** All centroid distances, sorted ascending. */
+    allDistances: ClusterDistance[];
+}
+export interface JanusObservation {
+    fingerprint: Fingerprint;
+    basin: JanusBasin;
+}
+export interface JanusTransition {
+    fromBasin: string;
+    toBasin: string;
+    fromDistance: number;
+    toDistance: number;
+    /** Ratio of (distance to OLD basin from CURRENT obs) / (distance to NEW basin from CURRENT obs).
+     *  > 1 means the obs is clearly closer to NEW than OLD → confident swap. */
+    swapConfidence: number;
+    /** Plain-English citation. */
+    citation: string;
+}
+export interface JanusSessionResult {
+    observations: JanusObservation[];
+    transitions: JanusTransition[];
+    /** Did at least one cross-cluster swap fire? */
+    swapDetected: boolean;
+    hmac: string;
+}
+/**
+ * Locate which vendor cluster an observation belongs to.
+ * Defensive: empty stats → returns basin="unknown" with infinity distance.
+ */
+export declare function locateBasin(fingerprint: Fingerprint): JanusBasin;
+/**
+ * Observe a fixture; return {fingerprint, basin}.
+ */
+export declare function observe(fixture: {
+    diff: string;
+    prDescription: string;
+    commitMessages: string[];
+} | Fingerprint): JanusObservation;
+/**
+ * Walk a sequence of observations from the SAME session; surface
+ * cross-cluster transitions + an HMAC-signed verdict.
+ */
+export declare function detectIdentitySwap(observations: JanusObservation[], opts?: {
+    minMargin?: number;
+}): JanusSessionResult;
+/** Verify a session-result's HMAC. */
+export declare function verifyJanusResult(r: JanusSessionResult): boolean;
+//# sourceMappingURL=janus.d.ts.map

package/dist/nemesis/janus.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"janus.d.ts","sourceRoot":"","sources":["../../src/nemesis/janus.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA8BG;AAKH,OAAO,KAAK,EAAE,WAAW,EAAY,MAAM,YAAY,CAAC;AASxD,MAAM,WAAW,eAAe;IAC9B,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,EAAE,MAAM,CAAC;CAClB;AAED,MAAM,WAAW,UAAU;IACzB,+BAA+B;IAC/B,KAAK,EAAE,MAAM,CAAC;IACd,oCAAoC;IACpC,aAAa,EAAE,MAAM,CAAC;IACtB,2DAA2D;IAC3D,aAAa,EAAE,eAAe,GAAG,IAAI,CAAC;IACtC,oFAAoF;IACpF,MAAM,EAAE,MAAM,CAAC;IACf,gDAAgD;IAChD,YAAY,EAAE,eAAe,EAAE,CAAC;CACjC;AAED,MAAM,WAAW,gBAAgB;IAC/B,WAAW,EAAE,WAAW,CAAC;IACzB,KAAK,EAAE,UAAU,CAAC;CACnB;AAED,MAAM,WAAW,eAAe;IAC9B,SAAS,EAAE,MAAM,CAAC;IAClB,OAAO,EAAE,MAAM,CAAC;IAChB,YAAY,EAAE,MAAM,CAAC;IACrB,UAAU,EAAE,MAAM,CAAC;IACnB;gFAC4E;IAC5E,cAAc,EAAE,MAAM,CAAC;IACvB,8BAA8B;IAC9B,QAAQ,EAAE,MAAM,CAAC;CAClB;AAED,MAAM,WAAW,kBAAkB;IACjC,YAAY,EAAE,gBAAgB,EAAE,CAAC;IACjC,WAAW,EAAE,eAAe,EAAE,CAAC;IAC/B,gDAAgD;IAChD,YAAY,EAAE,OAAO,CAAC;IACtB,IAAI,EAAE,MAAM,CAAC;CACd;AAoBD;;;GAGG;AACH,wBAAgB,WAAW,CAAC,WAAW,EAAE,WAAW,GAAG,UAAU,CAyBhE;AAED;;GAEG;AACH,wBAAgB,OAAO,CAAC,OAAO,EAAE;IAAE,IAAI,EAAE,MAAM,CAAC;IAAC,aAAa,EAAE,MAAM,CAAC;IAAC,cAAc,EAAE,MAAM,EAAE,CAAA;CAAE,GAAG,WAAW,GAAG,gBAAgB,CAMlI;AAED;;;GAGG;AACH,wBAAgB,kBAAkB,CAChC,YAAY,EAAE,gBAAgB,EAAE,EAChC,IAAI,GAAE;IAAE,SAAS,CAAC,EAAE,MAAM,CAAA;CAAO,GAChC,kBAAkB,CAoCpB;AAWD,sCAAsC;AACtC,wBAAgB,iBAAiB,CAAC,CAAC,EAAE,kBAAkB,GAAG,OAAO,CAQhE"}

package/dist/nemesis/janus.js

@@ -0,0 +1,160 @@
+/**
+ * v2.53.0 — JANUS organ: cross-vendor cluster-boundary detector.
+ *
+ * The two-faced Roman god — looks at past + future simultaneously.
+ *
+ * Closes Eve's identity-swap blind spot from the Million Dollar Secret
+ * simulation: MOLT (v2.52) detects INTRA-vendor drift (vendor X drifts
+ * over time) but misses CROSS-vendor swaps (vendor X mid-session
+ * starts behaving like vendor Y). The classifier might still pick Y as
+ * the new winner, but neither MOLT nor verify_identity surfaces the
+ * "you crossed a cluster boundary" event.
+ *
+ * Algorithm:
+ *   1. Build cluster centroids from seed corpus (per vendor, per
+ *      discriminative feature).
+ *   2. For an observation O, compute distance d(O, centroid_V) for every
+ *      known vendor V.
+ *   3. Assign O to the nearest centroid → "current basin".
+ *   4. Track per-session basin history. If basin changes between
+ *      observations → cross-cluster transition event.
+ *   5. Confidence: distance to old basin / distance to new basin (lower
+ *      ratio = sharper swap).
+ *
+ * Different from MOLT because MOLT compares pre/post WINDOWS of the
+ * SAME vendor's drift; JANUS detects the MOMENT a vendor's fingerprint
+ * crosses into a DIFFERENT vendor's basin.
+ *
+ * Composes: extractFingerprint + seedStats.
+ *
+ * Pure deterministic + defensive; never throws.
+ */
+import { createHmac } from "node:crypto";
+import { extractFingerprint } from "./features.js";
+import { seedStats } from "./calibration_corpus.js";
+const KEY_ENV = "MNEME_JANUS_KEY";
+const DEFAULT_KEY = "mneme-janus-v1";
+function keyOf() {
+    return process.env[KEY_ENV] ?? DEFAULT_KEY;
+}
+/** Euclidean distance between fingerprint and a vendor's per-feature means. */
+function distanceToCentroid(fp, stats) {
+    let sumSq = 0;
+    let count = 0;
+    for (const k of Object.keys(stats.features)) {
+        const v = fp[k];
+        if (typeof v !== "number" || !Number.isFinite(v))
+            continue;
+        const m = stats.features[k].mean;
+        const stdev = Math.max(stats.features[k].stdev, Math.abs(m) * 0.1, 1e-3);
+        // Normalized squared distance per feature
+        const z = (v - m) / stdev;
+        sumSq += z * z;
+        count++;
+    }
+    if (count === 0)
+        return Number.POSITIVE_INFINITY;
+    return Math.sqrt(sumSq / count);
+}
+/**
+ * Locate which vendor cluster an observation belongs to.
+ * Defensive: empty stats → returns basin="unknown" with infinity distance.
+ */
+export function locateBasin(fingerprint) {
+    let stats;
+    try {
+        stats = seedStats();
+    }
+    catch {
+        return { basin: "unknown", basinDistance: Number.POSITIVE_INFINITY, secondNearest: null, margin: 0, allDistances: [] };
+    }
+    const distances = [];
+    for (const [vendor, s] of stats) {
+        distances.push({ vendor, distance: distanceToCentroid(fingerprint, s) });
+    }
+    distances.sort((a, b) => a.distance - b.distance);
+    if (distances.length === 0) {
+        return { basin: "unknown", basinDistance: Number.POSITIVE_INFINITY, secondNearest: null, margin: 0, allDistances: [] };
+    }
+    const nearest = distances[0];
+    const second = distances[1] ?? null;
+    const margin = second ? second.distance - nearest.distance : 0;
+    return {
+        basin: nearest.vendor,
+        basinDistance: nearest.distance,
+        secondNearest: second,
+        margin,
+        allDistances: distances,
+    };
+}
+/**
+ * Observe a fixture; return {fingerprint, basin}.
+ */
+export function observe(fixture) {
+    const fp = "multiline_commit_ratio" in fixture
+        ? fixture
+        : extractFingerprint(fixture);
+    const basin = locateBasin(fp);
+    return { fingerprint: fp, basin };
+}
+/**
+ * Walk a sequence of observations from the SAME session; surface
+ * cross-cluster transitions + an HMAC-signed verdict.
+ */
+export function detectIdentitySwap(observations, opts = {}) {
+    const minMargin = opts.minMargin ?? 0.5;
+    const transitions = [];
+    if (!Array.isArray(observations) || observations.length < 2) {
+        return signed({ observations: observations ?? [], transitions: [], swapDetected: false });
+    }
+    let prev = observations[0];
+    for (let i = 1; i < observations.length; i++) {
+        const cur = observations[i];
+        if (prev.basin.basin === cur.basin.basin) {
+            prev = cur;
+            continue;
+        }
+        // Only surface as a real swap when the new basin is clearly nearer.
+        if (cur.basin.margin < minMargin) {
+            prev = cur;
+            continue;
+        }
+        // Distance from CURRENT obs to PREVIOUS basin vs current basin
+        const prevBasinDistInCur = cur.basin.allDistances.find((d) => d.vendor === prev.basin.basin);
+        if (!prevBasinDistInCur || !Number.isFinite(prevBasinDistInCur.distance)) {
+            prev = cur;
+            continue;
+        }
+        const swapConfidence = prevBasinDistInCur.distance / Math.max(cur.basin.basinDistance, 1e-6);
+        transitions.push({
+            fromBasin: prev.basin.basin,
+            toBasin: cur.basin.basin,
+            fromDistance: prevBasinDistInCur.distance,
+            toDistance: cur.basin.basinDistance,
+            swapConfidence,
+            citation: `JANUS: identity swap detected — fingerprint crossed from ${prev.basin.basin} basin to ${cur.basin.basin} basin (swap confidence ${swapConfidence.toFixed(2)}x).`,
+        });
+        prev = cur;
+    }
+    return signed({ observations, transitions, swapDetected: transitions.length > 0 });
+}
+function signed(body) {
+    const hmac = createHmac("sha256", keyOf()).update(JSON.stringify({
+        transitions: body.transitions,
+        swapDetected: body.swapDetected,
+        obsCount: body.observations.length,
+    })).digest("hex");
+    return { ...body, hmac };
+}
+/** Verify a session-result's HMAC. */
+export function verifyJanusResult(r) {
+    if (!r || typeof r.hmac !== "string")
+        return false;
+    const expected = createHmac("sha256", keyOf()).update(JSON.stringify({
+        transitions: r.transitions,
+        swapDetected: r.swapDetected,
+        obsCount: r.observations.length,
+    })).digest("hex");
+    return expected === r.hmac;
+}
+//# sourceMappingURL=janus.js.map

package/dist/nemesis/janus.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"janus.js","sourceRoot":"","sources":["../../src/nemesis/janus.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA8BG;AAEH,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AACzC,OAAO,EAAE,kBAAkB,EAAE,MAAM,eAAe,CAAC;AACnD,OAAO,EAAE,SAAS,EAAoB,MAAM,yBAAyB,CAAC;AAGtE,MAAM,OAAO,GAAG,iBAAiB,CAAC;AAClC,MAAM,WAAW,GAAG,gBAAgB,CAAC;AAErC,SAAS,KAAK;IACZ,OAAO,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,WAAW,CAAC;AAC7C,CAAC;AA6CD,+EAA+E;AAC/E,SAAS,kBAAkB,CAAC,EAAe,EAAE,KAAkB;IAC7D,IAAI,KAAK,GAAG,CAAC,CAAC;IACd,IAAI,KAAK,GAAG,CAAC,CAAC;IACd,KAAK,MAAM,CAAC,IAAI,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,EAAE,CAAC;QAC5C,MAAM,CAAC,GAAI,EAAwC,CAAC,CAAC,CAAC,CAAC;QACvD,IAAI,OAAO,CAAC,KAAK,QAAQ,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC;YAAE,SAAS;QAC3D,MAAM,CAAC,GAAG,KAAK,CAAC,QAAQ,CAAC,CAAC,CAAE,CAAC,IAAI,CAAC;QAClC,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC,CAAE,CAAC,KAAK,EAAE,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,GAAG,EAAE,IAAI,CAAC,CAAC;QAC1E,0CAA0C;QAC1C,MAAM,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,GAAG,KAAK,CAAC;QAC1B,KAAK,IAAI,CAAC,GAAG,CAAC,CAAC;QACf,KAAK,EAAE,CAAC;IACV,CAAC;IACD,IAAI,KAAK,KAAK,CAAC;QAAE,OAAO,MAAM,CAAC,iBAAiB,CAAC;IACjD,OAAO,IAAI,CAAC,IAAI,CAAC,KAAK,GAAG,KAAK,CAAC,CAAC;AAClC,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,WAAW,CAAC,WAAwB;IAClD,IAAI,KAAiC,CAAC;IACtC,IAAI,CAAC;QACH,KAAK,GAAG,SAAS,EAAE,CAAC;IACtB,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,KAAK,EAAE,SAAS,EAAE,aAAa,EAAE,MAAM,CAAC,iBAAiB,EAAE,aAAa,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC,EAAE,YAAY,EAAE,EAAE,EAAE,CAAC;IACzH,CAAC;IACD,MAAM,SAAS,GAAsB,EAAE,CAAC;IACxC,KAAK,MAAM,CAAC,MAAM,EAAE,CAAC,CAAC,IAAI,KAAK,EAAE,CAAC;QAChC,SAAS,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,QAAQ,EAAE,kBAAkB,CAAC,WAAW,EAAE,CAAC,CAAC,EAAE,CAAC,CAAC;IAC3E,CAAC;IACD,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,GAAG,CAAC,CAAC,QAAQ,CAAC,CAAC;IAClD,IAAI,SAAS,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC3B,OAAO,EAAE,KAAK,EAAE,SAAS,EAAE,aAAa,EAAE,MAAM,CAAC,iBAAiB,EAAE,aAAa,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC,EAAE,YAAY,EAAE,EAAE,EAAE,CAAC;IACzH,CAAC;IACD,MAAM,OAAO,GAAG,SAAS,CAAC,CAAC,CAAE,CAAC;IAC9B,MAAM,MAAM,GAAG,SAAS,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC;IACpC,MAAM,MAAM,GAAG,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC;IAC/D,OAAO;QACL,KAAK,EAAE,OAAO,CAAC,MAAM;QACrB,aAAa,EAAE,OAAO,CAAC,QAAQ;QAC/B,aAAa,EAAE,MAAM;QACrB,MAAM;QACN,YAAY,EAAE,SAAS;KACxB,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,OAAO,CAAC,OAAwF;IAC9G,MAAM,EAAE,GAAG,wBAAwB,IAAK,OAAkB;QACxD,CAAC,CAAE,OAAuB;QAC1B,CAAC,CAAC,kBAAkB,CAAC,OAA4E,CAAC,CAAC;IACrG,MAAM,KAAK,GAAG,WAAW,CAAC,EAAE,CAAC,CAAC;IAC9B,OAAO,EAAE,WAAW,EAAE,EAAE,EAAE,KAAK,EAAE,CAAC;AACpC,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,kBAAkB,CAChC,YAAgC,EAChC,OAA+B,EAAE;IAEjC,MAAM,SAAS,GAAG,IAAI,CAAC,SAAS,IAAI,GAAG,CAAC;IACxC,MAAM,WAAW,GAAsB,EAAE,CAAC;IAC1C,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,YAAY,CAAC,IAAI,YAAY,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC5D,OAAO,MAAM,CAAC,EAAE,YAAY,EAAE,YAAY,IAAI,EAAE,EAAE,WAAW,EAAE,EAAE,EAAE,YAAY,EAAE,KAAK,EAAE,CAAC,CAAC;IAC5F,CAAC;IACD,IAAI,IAAI,GAAG,YAAY,CAAC,CAAC,CAAE,CAAC;IAC5B,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,YAAY,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QAC7C,MAAM,GAAG,GAAG,YAAY,CAAC,CAAC,CAAE,CAAC;QAC7B,IAAI,IAAI,CAAC,KAAK,CAAC,KAAK,KAAK,GAAG,CAAC,KAAK,CAAC,KAAK,EAAE,CAAC;YACzC,IAAI,GAAG,GAAG,CAAC;YACX,SAAS;QACX,CAAC;QACD,oEAAoE;QACpE,IAAI,GAAG,CAAC,KAAK,CAAC,MAAM,GAAG,SAAS,EAAE,CAAC;YACjC,IAAI,GAAG,GAAG,CAAC;YACX,SAAS;QACX,CAAC;QACD,+DAA+D;QAC/D,MAAM,kBAAkB,GAAG,GAAG,CAAC,KAAK,CAAC,YAAY,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,KAAK,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;QAC7F,IAAI,CAAC,kBAAkB,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,kBAAkB,CAAC,QAAQ,CAAC,EAAE,CAAC;YACzE,IAAI,GAAG,GAAG,CAAC;YACX,SAAS;QACX,CAAC;QACD,MAAM,cAAc,GAAG,kBAAkB,CAAC,QAAQ,GAAG,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,KAAK,CAAC,aAAa,EAAE,IAAI,CAAC,CAAC;QAC7F,WAAW,CAAC,IAAI,CAAC;YACf,SAAS,EAAE,IAAI,CAAC,KAAK,CAAC,KAAK;YAC3B,OAAO,EAAE,GAAG,CAAC,KAAK,CAAC,KAAK;YACxB,YAAY,EAAE,kBAAkB,CAAC,QAAQ;YACzC,UAAU,EAAE,GAAG,CAAC,KAAK,CAAC,aAAa;YACnC,cAAc;YACd,QAAQ,EAAE,4DAA4D,IAAI,CAAC,KAAK,CAAC,KAAK,aAAa,GAAG,CAAC,KAAK,CAAC,KAAK,2BAA2B,cAAc,CAAC,OAAO,CAAC,CAAC,CAAC,KAAK;SAC5K,CAAC,CAAC;QACH,IAAI,GAAG,GAAG,CAAC;IACb,CAAC;IACD,OAAO,MAAM,CAAC,EAAE,YAAY,EAAE,WAAW,EAAE,YAAY,EAAE,WAAW,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC,CAAC;AACrF,CAAC;AAED,SAAS,MAAM,CAAC,IAAsC;IACpD,MAAM,IAAI,GAAG,UAAU,CAAC,QAAQ,EAAE,KAAK,EAAE,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC;QAC/D,WAAW,EAAE,IAAI,CAAC,WAAW;QAC7B,YAAY,EAAE,IAAI,CAAC,YAAY;QAC/B,QAAQ,EAAE,IAAI,CAAC,YAAY,CAAC,MAAM;KACnC,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IAClB,OAAO,EAAE,GAAG,IAAI,EAAE,IAAI,EAAE,CAAC;AAC3B,CAAC;AAED,sCAAsC;AACtC,MAAM,UAAU,iBAAiB,CAAC,CAAqB;IACrD,IAAI,CAAC,CAAC,IAAI,OAAO,CAAC,CAAC,IAAI,KAAK,QAAQ;QAAE,OAAO,KAAK,CAAC;IACnD,MAAM,QAAQ,GAAG,UAAU,CAAC,QAAQ,EAAE,KAAK,EAAE,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC;QACnE,WAAW,EAAE,CAAC,CAAC,WAAW;QAC1B,YAAY,EAAE,CAAC,CAAC,YAAY;QAC5B,QAAQ,EAAE,CAAC,CAAC,YAAY,CAAC,MAAM;KAChC,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IAClB,OAAO,QAAQ,KAAK,CAAC,CAAC,IAAI,CAAC;AAC7B,CAAC"}

package/dist/nemesis/key_setup.d.ts

@@ -0,0 +1,65 @@
+/**
+ * v2.53.0 — HMAC KEY SETUP WIZARD + STRICT mode.
+ *
+ * Closes P0-1 from the v2.52 session audit: pre-v2.53 NEMESIS warned LOUD
+ * when falling back to the public default key, but didn't auto-fix it
+ * + didn't refuse to operate. Result: every developer who ignored the
+ * warning shipped HMAC receipts an attacker can forge.
+ *
+ * v2.53 protocol:
+ *   1. First-run wizard auto-generates a 32-byte random key + writes it
+ *      to .mneme/nemesis/hmac.key with 0o600 perms (owner-only).
+ *   2. MNEME_NEMESIS_STRICT=1 env var → key_management refuses to return
+ *      the default-insecure key (throws instead). For CI / production /
+ *      regulated environments.
+ *   3. Idempotent: re-running detects existing key + skips generation.
+ *
+ * Defensive: never throws on filesystem errors (best-effort), only the
+ * STRICT-mode refusal is intentional.
+ */
+export interface KeyWizardResult {
+    ok: boolean;
+    action: "generated-repo" | "generated-user" | "already-present" | "skipped" | "failed";
+    path?: string;
+    /** Length of the resolved key (or 0 on fail). */
+    keyLength: number;
+    reason: string;
+}
+export interface KeyWizardOpts {
+    repoRoot: string;
+    /** "repo" → write to <repoRoot>/.mneme/nemesis/hmac.key (default).
+     *  "user" → write to ~/.mneme/nemesis/hmac.key (cross-repo). */
+    target?: "repo" | "user";
+    /** Re-generate even if a key already exists. Default false. */
+    force?: boolean;
+    /** Don't write — only compute the would-be path + key length. */
+    dryRun?: boolean;
+}
+/**
+ * Run the key setup wizard. Idempotent; never overwrites an existing
+ * key unless force=true. Returns structured outcome.
+ */
+export declare function runKeyWizard(opts: KeyWizardOpts): KeyWizardResult;
+/**
+ * Check key file permissions (Unix only). Returns warning on world-readable
+ * files. On Windows, returns ok=true with note since chmod is a no-op.
+ */
+export declare function checkKeyPermissions(repoRoot: string): {
+    ok: boolean;
+    mode?: number;
+    reason: string;
+};
+/**
+ * STRICT MODE check: throws when the user is operating with a
+ * default-insecure HMAC key AND has opted into strict enforcement
+ * via MNEME_NEMESIS_STRICT=1. Call this from any code path that
+ * issues forensic-grade receipts (EU stamp / cli-activity / SIBYL).
+ *
+ * Non-strict mode: returns { ok: false, message } so caller can decide.
+ */
+export declare function strictKeyCheck(repoRoot: string): {
+    ok: boolean;
+    usingDefault: boolean;
+    message: string;
+};
+//# sourceMappingURL=key_setup.d.ts.map

package/dist/nemesis/key_setup.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"key_setup.d.ts","sourceRoot":"","sources":["../../src/nemesis/key_setup.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;GAkBG;AAUH,MAAM,WAAW,eAAe;IAC9B,EAAE,EAAE,OAAO,CAAC;IACZ,MAAM,EAAE,gBAAgB,GAAG,gBAAgB,GAAG,iBAAiB,GAAG,SAAS,GAAG,QAAQ,CAAC;IACvF,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,iDAAiD;IACjD,SAAS,EAAE,MAAM,CAAC;IAClB,MAAM,EAAE,MAAM,CAAC;CAChB;AAED,MAAM,WAAW,aAAa;IAC5B,QAAQ,EAAE,MAAM,CAAC;IACjB;oEACgE;IAChE,MAAM,CAAC,EAAE,MAAM,GAAG,MAAM,CAAC;IACzB,+DAA+D;IAC/D,KAAK,CAAC,EAAE,OAAO,CAAC;IAChB,iEAAiE;IACjE,MAAM,CAAC,EAAE,OAAO,CAAC;CAClB;AAYD;;;GAGG;AACH,wBAAgB,YAAY,CAAC,IAAI,EAAE,aAAa,GAAG,eAAe,CAyDjE;AAED;;;GAGG;AACH,wBAAgB,mBAAmB,CAAC,QAAQ,EAAE,MAAM,GAAG;IAAE,EAAE,EAAE,OAAO,CAAC;IAAC,IAAI,CAAC,EAAE,MAAM,CAAC;IAAC,MAAM,EAAE,MAAM,CAAA;CAAE,CAiBpG;AAED;;;;;;;GAOG;AACH,wBAAgB,cAAc,CAAC,QAAQ,EAAE,MAAM,GAAG;IAAE,EAAE,EAAE,OAAO,CAAC;IAAC,YAAY,EAAE,OAAO,CAAC;IAAC,OAAO,EAAE,MAAM,CAAA;CAAE,CAiCxG"}

package/dist/nemesis/key_setup.js

@@ -0,0 +1,173 @@
+/**
+ * v2.53.0 — HMAC KEY SETUP WIZARD + STRICT mode.
+ *
+ * Closes P0-1 from the v2.52 session audit: pre-v2.53 NEMESIS warned LOUD
+ * when falling back to the public default key, but didn't auto-fix it
+ * + didn't refuse to operate. Result: every developer who ignored the
+ * warning shipped HMAC receipts an attacker can forge.
+ *
+ * v2.53 protocol:
+ *   1. First-run wizard auto-generates a 32-byte random key + writes it
+ *      to .mneme/nemesis/hmac.key with 0o600 perms (owner-only).
+ *   2. MNEME_NEMESIS_STRICT=1 env var → key_management refuses to return
+ *      the default-insecure key (throws instead). For CI / production /
+ *      regulated environments.
+ *   3. Idempotent: re-running detects existing key + skips generation.
+ *
+ * Defensive: never throws on filesystem errors (best-effort), only the
+ * STRICT-mode refusal is intentional.
+ */
+import { existsSync, mkdirSync, readFileSync, writeFileSync, statSync, chmodSync } from "node:fs";
+import { join } from "node:path";
+import { randomBytes } from "node:crypto";
+import { homedir } from "node:os";
+const REPO_KEY_REL = ".mneme/nemesis/hmac.key";
+const USER_KEY_REL = ".mneme/nemesis/hmac.key";
+function keyPath(opts) {
+    if (opts.target === "user")
+        return join(homedir(), USER_KEY_REL);
+    return join(opts.repoRoot, REPO_KEY_REL);
+}
+function envHasValidKey() {
+    const k = process.env["MNEME_NEMESIS_KEY"];
+    return typeof k === "string" && k.length >= 16;
+}
+/**
+ * Run the key setup wizard. Idempotent; never overwrites an existing
+ * key unless force=true. Returns structured outcome.
+ */
+export function runKeyWizard(opts) {
+    try {
+        if (envHasValidKey() && !opts.force) {
+            const env = process.env["MNEME_NEMESIS_KEY"];
+            return {
+                ok: true,
+                action: "skipped",
+                keyLength: env.length,
+                reason: "MNEME_NEMESIS_KEY already set — no file action needed",
+            };
+        }
+        const p = keyPath(opts);
+        if (existsSync(p) && !opts.force) {
+            try {
+                const k = readFileSync(p, "utf8").trim();
+                if (k.length >= 16) {
+                    return {
+                        ok: true,
+                        action: "already-present",
+                        path: p,
+                        keyLength: k.length,
+                        reason: `existing key at ${p} (${k.length} chars)`,
+                    };
+                }
+            }
+            catch { /* fall through to regenerate */ }
+        }
+        if (opts.dryRun) {
+            return {
+                ok: true,
+                action: opts.target === "user" ? "generated-user" : "generated-repo",
+                path: p,
+                keyLength: 64,
+                reason: `dry-run: would write a fresh 64-char hex key to ${p}`,
+            };
+        }
+        // Generate + write
+        const dir = p.replace(/[\/\\][^\/\\]+$/, "");
+        try {
+            mkdirSync(dir, { recursive: true });
+        }
+        catch { /* ok */ }
+        const key = randomBytes(32).toString("hex");
+        writeFileSync(p, key + "\n", { mode: 0o600 });
+        // Best-effort chmod (Windows ignores)
+        try {
+            chmodSync(p, 0o600);
+        }
+        catch { /* */ }
+        return {
+            ok: true,
+            action: opts.target === "user" ? "generated-user" : "generated-repo",
+            path: p,
+            keyLength: key.length,
+            reason: `generated fresh 64-char hex key at ${p} (mode 0600)`,
+        };
+    }
+    catch (e) {
+        return {
+            ok: false,
+            action: "failed",
+            keyLength: 0,
+            reason: `wizard failed: ${e.message}`,
+        };
+    }
+}
+/**
+ * Check key file permissions (Unix only). Returns warning on world-readable
+ * files. On Windows, returns ok=true with note since chmod is a no-op.
+ */
+export function checkKeyPermissions(repoRoot) {
+    const p = join(repoRoot, REPO_KEY_REL);
+    if (!existsSync(p))
+        return { ok: true, reason: "no key file present" };
+    try {
+        const s = statSync(p);
+        const mode = s.mode & 0o777;
+        if (process.platform === "win32") {
+            return { ok: true, mode, reason: "Windows: chmod is a no-op; key access controlled by NTFS ACLs" };
+        }
+        // Owner-only is the goal: 0o600
+        if (mode === 0o600 || mode === 0o400) {
+            return { ok: true, mode, reason: `mode ${mode.toString(8)} — owner-only (correct)` };
+        }
+        return { ok: false, mode, reason: `mode ${mode.toString(8)} is too permissive; should be 600 (owner read/write only)` };
+    }
+    catch (e) {
+        return { ok: false, reason: `stat failed: ${e.message}` };
+    }
+}
+/**
+ * STRICT MODE check: throws when the user is operating with a
+ * default-insecure HMAC key AND has opted into strict enforcement
+ * via MNEME_NEMESIS_STRICT=1. Call this from any code path that
+ * issues forensic-grade receipts (EU stamp / cli-activity / SIBYL).
+ *
+ * Non-strict mode: returns { ok: false, message } so caller can decide.
+ */
+export function strictKeyCheck(repoRoot) {
+    // Resolve via the same path key_management uses.
+    const env = process.env["MNEME_NEMESIS_KEY"];
+    if (typeof env === "string" && env.length >= 16) {
+        return { ok: true, usingDefault: false, message: "MNEME_NEMESIS_KEY env var set" };
+    }
+    const repo = join(repoRoot, REPO_KEY_REL);
+    if (existsSync(repo)) {
+        try {
+            const k = readFileSync(repo, "utf8").trim();
+            if (k.length >= 16)
+                return { ok: true, usingDefault: false, message: `repo key at ${repo}` };
+        }
+        catch { /* */ }
+    }
+    const user = join(homedir(), USER_KEY_REL);
+    if (existsSync(user)) {
+        try {
+            const k = readFileSync(user, "utf8").trim();
+            if (k.length >= 16)
+                return { ok: true, usingDefault: false, message: `user key at ${user}` };
+        }
+        catch { /* */ }
+    }
+    const strict = process.env["MNEME_NEMESIS_STRICT"] === "1";
+    if (strict) {
+        throw new Error("STRICT MODE: MNEME_NEMESIS_STRICT=1 set + no production key configured. " +
+            `Run: node -e "require('@mneme-ai/core').nemesis.runKeyWizard({repoRoot:'${repoRoot}'})" ` +
+            "OR set MNEME_NEMESIS_KEY env var (≥16 chars).");
+    }
+    return {
+        ok: false,
+        usingDefault: true,
+        message: "using default-insecure HMAC key — receipts are forgeable. Set MNEME_NEMESIS_STRICT=1 to enforce.",
+    };
+}
+//# sourceMappingURL=key_setup.js.map

package/dist/nemesis/key_setup.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"key_setup.js","sourceRoot":"","sources":["../../src/nemesis/key_setup.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;GAkBG;AAEH,OAAO,EAAE,UAAU,EAAE,SAAS,EAAE,YAAY,EAAE,aAAa,EAAE,QAAQ,EAAE,SAAS,EAAE,MAAM,SAAS,CAAC;AAClG,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AACjC,OAAO,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAC1C,OAAO,EAAE,OAAO,EAAE,MAAM,SAAS,CAAC;AAElC,MAAM,YAAY,GAAG,yBAAyB,CAAC;AAC/C,MAAM,YAAY,GAAG,yBAAyB,CAAC;AAsB/C,SAAS,OAAO,CAAC,IAAmB;IAClC,IAAI,IAAI,CAAC,MAAM,KAAK,MAAM;QAAE,OAAO,IAAI,CAAC,OAAO,EAAE,EAAE,YAAY,CAAC,CAAC;IACjE,OAAO,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,YAAY,CAAC,CAAC;AAC3C,CAAC;AAED,SAAS,cAAc;IACrB,MAAM,CAAC,GAAG,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,CAAC;IAC3C,OAAO,OAAO,CAAC,KAAK,QAAQ,IAAI,CAAC,CAAC,MAAM,IAAI,EAAE,CAAC;AACjD,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,YAAY,CAAC,IAAmB;IAC9C,IAAI,CAAC;QACH,IAAI,cAAc,EAAE,IAAI,CAAC,IAAI,CAAC,KAAK,EAAE,CAAC;YACpC,MAAM,GAAG,GAAG,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAE,CAAC;YAC9C,OAAO;gBACL,EAAE,EAAE,IAAI;gBACR,MAAM,EAAE,SAAS;gBACjB,SAAS,EAAE,GAAG,CAAC,MAAM;gBACrB,MAAM,EAAE,uDAAuD;aAChE,CAAC;QACJ,CAAC;QACD,MAAM,CAAC,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;QACxB,IAAI,UAAU,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK,EAAE,CAAC;YACjC,IAAI,CAAC;gBACH,MAAM,CAAC,GAAG,YAAY,CAAC,CAAC,EAAE,MAAM,CAAC,CAAC,IAAI,EAAE,CAAC;gBACzC,IAAI,CAAC,CAAC,MAAM,IAAI,EAAE,EAAE,CAAC;oBACnB,OAAO;wBACL,EAAE,EAAE,IAAI;wBACR,MAAM,EAAE,iBAAiB;wBACzB,IAAI,EAAE,CAAC;wBACP,SAAS,EAAE,CAAC,CAAC,MAAM;wBACnB,MAAM,EAAE,mBAAmB,CAAC,KAAK,CAAC,CAAC,MAAM,SAAS;qBACnD,CAAC;gBACJ,CAAC;YACH,CAAC;YAAC,MAAM,CAAC,CAAC,gCAAgC,CAAC,CAAC;QAC9C,CAAC;QACD,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC;YAChB,OAAO;gBACL,EAAE,EAAE,IAAI;gBACR,MAAM,EAAE,IAAI,CAAC,MAAM,KAAK,MAAM,CAAC,CAAC,CAAC,gBAAgB,CAAC,CAAC,CAAC,gBAAgB;gBACpE,IAAI,EAAE,CAAC;gBACP,SAAS,EAAE,EAAE;gBACb,MAAM,EAAE,mDAAmD,CAAC,EAAE;aAC/D,CAAC;QACJ,CAAC;QACD,mBAAmB;QACnB,MAAM,GAAG,GAAG,CAAC,CAAC,OAAO,CAAC,iBAAiB,EAAE,EAAE,CAAC,CAAC;QAC7C,IAAI,CAAC;YAAC,SAAS,CAAC,GAAG,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QAAC,CAAC;QAAC,MAAM,CAAC,CAAC,QAAQ,CAAC,CAAC;QAC/D,MAAM,GAAG,GAAG,WAAW,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;QAC5C,aAAa,CAAC,CAAC,EAAE,GAAG,GAAG,IAAI,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;QAC9C,sCAAsC;QACtC,IAAI,CAAC;YAAC,SAAS,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC;QAAC,CAAC;QAAC,MAAM,CAAC,CAAC,KAAK,CAAC,CAAC;QAC5C,OAAO;YACL,EAAE,EAAE,IAAI;YACR,MAAM,EAAE,IAAI,CAAC,MAAM,KAAK,MAAM,CAAC,CAAC,CAAC,gBAAgB,CAAC,CAAC,CAAC,gBAAgB;YACpE,IAAI,EAAE,CAAC;YACP,SAAS,EAAE,GAAG,CAAC,MAAM;YACrB,MAAM,EAAE,sCAAsC,CAAC,cAAc;SAC9D,CAAC;IACJ,CAAC;IAAC,OAAO,CAAC,EAAE,CAAC;QACX,OAAO;YACL,EAAE,EAAE,KAAK;YACT,MAAM,EAAE,QAAQ;YAChB,SAAS,EAAE,CAAC;YACZ,MAAM,EAAE,kBAAmB,CAAW,CAAC,OAAO,EAAE;SACjD,CAAC;IACJ,CAAC;AACH,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,mBAAmB,CAAC,QAAgB;IAClD,MAAM,CAAC,GAAG,IAAI,CAAC,QAAQ,EAAE,YAAY,CAAC,CAAC;IACvC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC;QAAE,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,qBAAqB,EAAE,CAAC;IACvE,IAAI,CAAC;QACH,MAAM,CAAC,GAAG,QAAQ,CAAC,CAAC,CAAC,CAAC;QACtB,MAAM,IAAI,GAAG,CAAC,CAAC,IAAI,GAAG,KAAK,CAAC;QAC5B,IAAI,OAAO,CAAC,QAAQ,KAAK,OAAO,EAAE,CAAC;YACjC,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE,MAAM,EAAE,+DAA+D,EAAE,CAAC;QACrG,CAAC;QACD,gCAAgC;QAChC,IAAI,IAAI,KAAK,KAAK,IAAI,IAAI,KAAK,KAAK,EAAE,CAAC;YACrC,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE,MAAM,EAAE,QAAQ,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,yBAAyB,EAAE,CAAC;QACvF,CAAC;QACD,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE,MAAM,EAAE,QAAQ,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,2DAA2D,EAAE,CAAC;IAC1H,CAAC;IAAC,OAAO,CAAC,EAAE,CAAC;QACX,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,gBAAiB,CAAW,CAAC,OAAO,EAAE,EAAE,CAAC;IACvE,CAAC;AACH,CAAC;AAED;;;;;;;GAOG;AACH,MAAM,UAAU,cAAc,CAAC,QAAgB;IAC7C,iDAAiD;IACjD,MAAM,GAAG,GAAG,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,CAAC;IAC7C,IAAI,OAAO,GAAG,KAAK,QAAQ,IAAI,GAAG,CAAC,MAAM,IAAI,EAAE,EAAE,CAAC;QAChD,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,YAAY,EAAE,KAAK,EAAE,OAAO,EAAE,+BAA+B,EAAE,CAAC;IACrF,CAAC;IACD,MAAM,IAAI,GAAG,IAAI,CAAC,QAAQ,EAAE,YAAY,CAAC,CAAC;IAC1C,IAAI,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC;QACrB,IAAI,CAAC;YACH,MAAM,CAAC,GAAG,YAAY,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC,IAAI,EAAE,CAAC;YAC5C,IAAI,CAAC,CAAC,MAAM,IAAI,EAAE;gBAAE,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,YAAY,EAAE,KAAK,EAAE,OAAO,EAAE,eAAe,IAAI,EAAE,EAAE,CAAC;QAC/F,CAAC;QAAC,MAAM,CAAC,CAAC,KAAK,CAAC,CAAC;IACnB,CAAC;IACD,MAAM,IAAI,GAAG,IAAI,CAAC,OAAO,EAAE,EAAE,YAAY,CAAC,CAAC;IAC3C,IAAI,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC;QACrB,IAAI,CAAC;YACH,MAAM,CAAC,GAAG,YAAY,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC,IAAI,EAAE,CAAC;YAC5C,IAAI,CAAC,CAAC,MAAM,IAAI,EAAE;gBAAE,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,YAAY,EAAE,KAAK,EAAE,OAAO,EAAE,eAAe,IAAI,EAAE,EAAE,CAAC;QAC/F,CAAC;QAAC,MAAM,CAAC,CAAC,KAAK,CAAC,CAAC;IACnB,CAAC;IACD,MAAM,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,sBAAsB,CAAC,KAAK,GAAG,CAAC;IAC3D,IAAI,MAAM,EAAE,CAAC;QACX,MAAM,IAAI,KAAK,CACb,0EAA0E;YAC1E,2EAA2E,QAAQ,OAAO;YAC1F,+CAA+C,CAChD,CAAC;IACJ,CAAC;IACD,OAAO;QACL,EAAE,EAAE,KAAK;QACT,YAAY,EAAE,IAAI;QAClB,OAAO,EAAE,kGAAkG;KAC5G,CAAC;AACJ,CAAC"}

package/dist/release_gate/probe_coverage.d.ts

@@ -50,7 +50,22 @@ export interface CrossCheckResult {
     totalTools: number;
     totalClaims: number;
     uncovered: string[];
+    /** v2.53: percentage of tools with claim or exemption coverage (0..100). */
+    coveragePercent: number;
+    /** v2.53: threshold the gate accepted at (0..100). Reported for audit. */
+    threshold: number;
     hint: string;
 }
-export declare function crossCheckFromDisk(repoRoot: string): CrossCheckResult;
+/**
+ * v2.53 addition — CrossCheck options.
+ *   threshold: minimum coverage % required for ok=true (default 50).
+ *     - 0    → gate disabled (always passes)
+ *     - 50   → soft enforcement (current legacy state has 14.2% so this
+ *              still fails until coverage rises; useful for new repos)
+ *     - 100  → strict (every new tool needs a claim or exemption)
+ */
+export interface CrossCheckOpts {
+    threshold?: number;
+}
+export declare function crossCheckFromDisk(repoRoot: string, opts?: CrossCheckOpts): CrossCheckResult;
 //# sourceMappingURL=probe_coverage.d.ts.map

package/dist/release_gate/probe_coverage.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"probe_coverage.d.ts","sourceRoot":"","sources":["../../src/release_gate/probe_coverage.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AAmCH,MAAM,WAAW,kBAAkB;IACjC,yFAAyF;IACzF,QAAQ,EAAE,MAAM,EAAE,CAAC;IACnB,sEAAsE;IACtE,WAAW,EAAE,MAAM,EAAE,CAAC;IACtB,0CAA0C;IAC1C,cAAc,CAAC,EAAE,WAAW,CAAC,MAAM,CAAC,CAAC;CACtC;AAED,MAAM,WAAW,mBAAmB;IAClC,EAAE,EAAE,OAAO,CAAC;IACZ,8DAA8D;IAC9D,SAAS,EAAE,MAAM,EAAE,CAAC;IACpB,6CAA6C;IAC7C,OAAO,EAAE,KAAK,CAAC;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,GAAG,EAAE,OAAO,GAAG,QAAQ,CAAA;KAAE,CAAC,CAAC;IAC1D,oCAAoC;IACpC,IAAI,EAAE,MAAM,CAAC;CACd;AAED;;;;;GAKG;AACH,wBAAgB,kBAAkB,CAAC,KAAK,EAAE,kBAAkB,GAAG,mBAAmB,CA6BjF;AAED;;;;GAIG;AACH,MAAM,WAAW,gBAAgB;IAC/B,EAAE,EAAE,OAAO,CAAC;IACZ,UAAU,EAAE,MAAM,CAAC;IACnB,WAAW,EAAE,MAAM,CAAC;IACpB,SAAS,EAAE,MAAM,EAAE,CAAC;IACpB,IAAI,EAAE,MAAM,CAAC;CACd;AAED,wBAAgB,kBAAkB,CAAC,QAAQ,EAAE,MAAM,GAAG,gBAAgB,CA2BrE"}
+{"version":3,"file":"probe_coverage.d.ts","sourceRoot":"","sources":["../../src/release_gate/probe_coverage.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AAmCH,MAAM,WAAW,kBAAkB;IACjC,yFAAyF;IACzF,QAAQ,EAAE,MAAM,EAAE,CAAC;IACnB,sEAAsE;IACtE,WAAW,EAAE,MAAM,EAAE,CAAC;IACtB,0CAA0C;IAC1C,cAAc,CAAC,EAAE,WAAW,CAAC,MAAM,CAAC,CAAC;CACtC;AAED,MAAM,WAAW,mBAAmB;IAClC,EAAE,EAAE,OAAO,CAAC;IACZ,8DAA8D;IAC9D,SAAS,EAAE,MAAM,EAAE,CAAC;IACpB,6CAA6C;IAC7C,OAAO,EAAE,KAAK,CAAC;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,GAAG,EAAE,OAAO,GAAG,QAAQ,CAAA;KAAE,CAAC,CAAC;IAC1D,oCAAoC;IACpC,IAAI,EAAE,MAAM,CAAC;CACd;AAED;;;;;GAKG;AACH,wBAAgB,kBAAkB,CAAC,KAAK,EAAE,kBAAkB,GAAG,mBAAmB,CA6BjF;AAED;;;;GAIG;AACH,MAAM,WAAW,gBAAgB;IAC/B,EAAE,EAAE,OAAO,CAAC;IACZ,UAAU,EAAE,MAAM,CAAC;IACnB,WAAW,EAAE,MAAM,CAAC;IACpB,SAAS,EAAE,MAAM,EAAE,CAAC;IACpB,4EAA4E;IAC5E,eAAe,EAAE,MAAM,CAAC;IACxB,0EAA0E;IAC1E,SAAS,EAAE,MAAM,CAAC;IAClB,IAAI,EAAE,MAAM,CAAC;CACd;AAED;;;;;;;GAOG;AACH,MAAM,WAAW,cAAc;IAC7B,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAED,wBAAgB,kBAAkB,CAAC,QAAQ,EAAE,MAAM,EAAE,IAAI,GAAE,cAAmB,GAAG,gBAAgB,CAoChG"}

package/dist/release_gate/probe_coverage.js

@@ -82,12 +82,13 @@ export function checkProbeCoverage(input) {
             : `${uncovered.length} new tool(s) lack TRUTH GATE probe binding. Either: (a) add a probe.<topic> + claim.<topic> to packages/core/src/truth_gate/{probes,claims}.ts, or (b) add the tool to COVERAGE_EXEMPT in packages/core/src/release_gate/probe_coverage.ts with a written justification.`,
     };
 }
-export function crossCheckFromDisk(repoRoot) {
+export function crossCheckFromDisk(repoRoot, opts = {}) {
     try {
+        const threshold = Number.isFinite(opts.threshold) ? Math.max(0, Math.min(100, opts.threshold)) : 50;
         const manifestPath = join(repoRoot, "packages", "core", "src", "agent_manifest.ts");
         const claimsPath = join(repoRoot, "packages", "core", "src", "truth_gate", "claims.ts");
         if (!existsSync(manifestPath) || !existsSync(claimsPath)) {
-            return { ok: true, totalTools: 0, totalClaims: 0, uncovered: [], hint: "release-gate skipped: source files missing" };
+            return { ok: true, totalTools: 0, totalClaims: 0, uncovered: [], coveragePercent: 0, threshold, hint: "release-gate skipped: source files missing" };
         }
         const manifestBody = readFileSync(manifestPath, "utf8");
         const claimsBody = readFileSync(claimsPath, "utf8");
@@ -107,10 +108,18 @@ export function crossCheckFromDisk(repoRoot) {
                 claims.push(inner[1]);
         }
         const r = checkProbeCoverage({ newTools: Array.from(tools), knownClaims: claims });
-        return { ok: r.ok, totalTools: tools.size, totalClaims: claims.length, uncovered: r.uncovered, hint: r.hint };
+        const totalTools = tools.size;
+        const coveredCount = r.covered.length;
+        const coveragePercent = totalTools === 0 ? 100 : +((coveredCount / totalTools) * 100).toFixed(1);
+        const ok = coveragePercent >= threshold;
+        const hint = ok
+            ? `coverage ${coveragePercent}% ≥ threshold ${threshold}% — gate passed (${coveredCount}/${totalTools} tools covered)`
+            : `coverage ${coveragePercent}% < threshold ${threshold}% — ${r.uncovered.length} uncovered tool(s). Either add probe.<topic>+claim.<topic>, OR add to COVERAGE_EXEMPT (with justification), OR lower threshold via --min-coverage <n>.`;
+        return { ok, totalTools, totalClaims: claims.length, uncovered: r.uncovered, coveragePercent, threshold, hint };
     }
     catch (e) {
-        return { ok: true, totalTools: 0, totalClaims: 0, uncovered: [], hint: `release-gate skipped: ${e.message}` };
+        const threshold = Number.isFinite(opts.threshold) ? opts.threshold : 50;
+        return { ok: true, totalTools: 0, totalClaims: 0, uncovered: [], coveragePercent: 0, threshold, hint: `release-gate skipped: ${e.message}` };
     }
 }
 //# sourceMappingURL=probe_coverage.js.map

package/dist/release_gate/probe_coverage.js.map

@@ -1 +1 @@
-{"version":3,"file":"probe_coverage.js","sourceRoot":"","sources":["../../src/release_gate/probe_coverage.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AAEH,OAAO,EAAE,UAAU,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AACnD,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AAEjC,sEAAsE;AACtE,oEAAoE;AACpE,0CAA0C;AAC1C,MAAM,eAAe,GAAG,IAAI,GAAG,CAAS;IACtC,eAAe;IACf,oBAAoB;IACpB,qBAAqB;IACrB,eAAe;IACf,cAAc;IACd,mBAAmB;IACnB,qBAAqB;IACrB,sBAAsB;IACtB,wBAAwB;IACxB,8BAA8B;IAC9B,yBAAyB;IACzB,2BAA2B;IAC3B,wBAAwB;IACxB,kCAAkC;IAClC,8BAA8B;IAC9B,4BAA4B;IAC5B,wBAAwB;IACxB,4BAA4B;IAC5B,2BAA2B;IAC3B,4BAA4B;IAC5B,kBAAkB;IAClB,sBAAsB;IACtB,mBAAmB;IACnB,oBAAoB;CACrB,CAAC,CAAC;AAqBH;;;;;GAKG;AACH,MAAM,UAAU,kBAAkB,CAAC,KAAyB;IAC1D,MAAM,MAAM,GAAG,KAAK,CAAC,cAAc,IAAI,eAAe,CAAC;IACvD,MAAM,MAAM,GAAG,KAAK,CAAC,WAAW,IAAI,EAAE,CAAC;IACvC,MAAM,OAAO,GAAmC,EAAE,CAAC;IACnD,MAAM,SAAS,GAAa,EAAE,CAAC;IAC/B,KAAK,MAAM,IAAI,IAAI,KAAK,CAAC,QAAQ,EAAE,CAAC;QAClC,IAAI,MAAM,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC;YACrB,OAAO,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,GAAG,EAAE,QAAQ,EAAE,CAAC,CAAC;YACtC,SAAS;QACX,CAAC;QACD,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;QACrC,IAAI,CAAC,GAAG,EAAE,CAAC;YACT,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACrB,SAAS;QACX,CAAC;QACD,4CAA4C;QAC5C,MAAM,GAAG,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC,GAAG,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC;QAC5E,IAAI,GAAG;YAAE,OAAO,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,GAAG,EAAE,OAAO,EAAE,CAAC,CAAC;;YACzC,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAC5B,CAAC;IACD,MAAM,EAAE,GAAG,SAAS,CAAC,MAAM,KAAK,CAAC,CAAC;IAClC,OAAO;QACL,EAAE;QACF,SAAS;QACT,OAAO;QACP,IAAI,EAAE,EAAE;YACN,CAAC,CAAC,mCAAmC;YACrC,CAAC,CAAC,GAAG,SAAS,CAAC,MAAM,0QAA0Q;KAClS,CAAC;AACJ,CAAC;AAeD,MAAM,UAAU,kBAAkB,CAAC,QAAgB;IACjD,IAAI,CAAC;QACH,MAAM,YAAY,GAAG,IAAI,CAAC,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,KAAK,EAAE,mBAAmB,CAAC,CAAC;QACpF,MAAM,UAAU,GAAG,IAAI,CAAC,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,KAAK,EAAE,YAAY,EAAE,WAAW,CAAC,CAAC;QACxF,IAAI,CAAC,UAAU,CAAC,YAAY,CAAC,IAAI,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;YACzD,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,UAAU,EAAE,CAAC,EAAE,WAAW,EAAE,CAAC,EAAE,SAAS,EAAE,EAAE,EAAE,IAAI,EAAE,4CAA4C,EAAE,CAAC;QACxH,CAAC;QACD,MAAM,YAAY,GAAG,YAAY,CAAC,YAAY,EAAE,MAAM,CAAC,CAAC;QACxD,MAAM,UAAU,GAAG,YAAY,CAAC,UAAU,EAAE,MAAM,CAAC,CAAC;QACpD,4GAA4G;QAC5G,MAAM,WAAW,GAAG,YAAY,CAAC,KAAK,CAAC,kEAAkE,CAAC,IAAI,EAAE,CAAC;QACjH,MAAM,KAAK,GAAG,IAAI,GAAG,EAAU,CAAC;QAChC,KAAK,MAAM,CAAC,IAAI,WAAW,EAAE,CAAC;YAC5B,MAAM,KAAK,GAAG,CAAC,CAAC,KAAK,CAAC,kDAAkD,CAAC,CAAC;YAC1E,IAAI,KAAK;gBAAE,KAAK,CAAC,GAAG,CAAC,SAAS,KAAK,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;QACxD,CAAC;QACD,MAAM,YAAY,GAAG,UAAU,CAAC,KAAK,CAAC,sCAAsC,CAAC,IAAI,EAAE,CAAC;QACpF,MAAM,MAAM,GAAa,EAAE,CAAC;QAC5B,KAAK,MAAM,CAAC,IAAI,YAAY,EAAE,CAAC;YAC7B,MAAM,KAAK,GAAG,CAAC,CAAC,KAAK,CAAC,uBAAuB,CAAC,CAAC;YAC/C,IAAI,KAAK;gBAAE,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAE,CAAC,CAAC;QACpC,CAAC;QACD,MAAM,CAAC,GAAG,kBAAkB,CAAC,EAAE,QAAQ,EAAE,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,WAAW,EAAE,MAAM,EAAE,CAAC,CAAC;QACnF,OAAO,EAAE,EAAE,EAAE,CAAC,CAAC,EAAE,EAAE,UAAU,EAAE,KAAK,CAAC,IAAI,EAAE,WAAW,EAAE,MAAM,CAAC,MAAM,EAAE,SAAS,EAAE,CAAC,CAAC,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;IAChH,CAAC;IAAC,OAAO,CAAC,EAAE,CAAC;QACX,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,UAAU,EAAE,CAAC,EAAE,WAAW,EAAE,CAAC,EAAE,SAAS,EAAE,EAAE,EAAE,IAAI,EAAE,yBAA0B,CAAW,CAAC,OAAO,EAAE,EAAE,CAAC;IAC3H,CAAC;AACH,CAAC"}
+{"version":3,"file":"probe_coverage.js","sourceRoot":"","sources":["../../src/release_gate/probe_coverage.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AAEH,OAAO,EAAE,UAAU,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AACnD,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AAEjC,sEAAsE;AACtE,oEAAoE;AACpE,0CAA0C;AAC1C,MAAM,eAAe,GAAG,IAAI,GAAG,CAAS;IACtC,eAAe;IACf,oBAAoB;IACpB,qBAAqB;IACrB,eAAe;IACf,cAAc;IACd,mBAAmB;IACnB,qBAAqB;IACrB,sBAAsB;IACtB,wBAAwB;IACxB,8BAA8B;IAC9B,yBAAyB;IACzB,2BAA2B;IAC3B,wBAAwB;IACxB,kCAAkC;IAClC,8BAA8B;IAC9B,4BAA4B;IAC5B,wBAAwB;IACxB,4BAA4B;IAC5B,2BAA2B;IAC3B,4BAA4B;IAC5B,kBAAkB;IAClB,sBAAsB;IACtB,mBAAmB;IACnB,oBAAoB;CACrB,CAAC,CAAC;AAqBH;;;;;GAKG;AACH,MAAM,UAAU,kBAAkB,CAAC,KAAyB;IAC1D,MAAM,MAAM,GAAG,KAAK,CAAC,cAAc,IAAI,eAAe,CAAC;IACvD,MAAM,MAAM,GAAG,KAAK,CAAC,WAAW,IAAI,EAAE,CAAC;IACvC,MAAM,OAAO,GAAmC,EAAE,CAAC;IACnD,MAAM,SAAS,GAAa,EAAE,CAAC;IAC/B,KAAK,MAAM,IAAI,IAAI,KAAK,CAAC,QAAQ,EAAE,CAAC;QAClC,IAAI,MAAM,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC;YACrB,OAAO,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,GAAG,EAAE,QAAQ,EAAE,CAAC,CAAC;YACtC,SAAS;QACX,CAAC;QACD,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;QACrC,IAAI,CAAC,GAAG,EAAE,CAAC;YACT,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACrB,SAAS;QACX,CAAC;QACD,4CAA4C;QAC5C,MAAM,GAAG,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC,GAAG,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC;QAC5E,IAAI,GAAG;YAAE,OAAO,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,GAAG,EAAE,OAAO,EAAE,CAAC,CAAC;;YACzC,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAC5B,CAAC;IACD,MAAM,EAAE,GAAG,SAAS,CAAC,MAAM,KAAK,CAAC,CAAC;IAClC,OAAO;QACL,EAAE;QACF,SAAS;QACT,OAAO;QACP,IAAI,EAAE,EAAE;YACN,CAAC,CAAC,mCAAmC;YACrC,CAAC,CAAC,GAAG,SAAS,CAAC,MAAM,0QAA0Q;KAClS,CAAC;AACJ,CAAC;AA+BD,MAAM,UAAU,kBAAkB,CAAC,QAAgB,EAAE,OAAuB,EAAE;IAC5E,IAAI,CAAC;QACH,MAAM,SAAS,GAAG,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,IAAI,CAAC,SAAU,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;QACrG,MAAM,YAAY,GAAG,IAAI,CAAC,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,KAAK,EAAE,mBAAmB,CAAC,CAAC;QACpF,MAAM,UAAU,GAAG,IAAI,CAAC,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,KAAK,EAAE,YAAY,EAAE,WAAW,CAAC,CAAC;QACxF,IAAI,CAAC,UAAU,CAAC,YAAY,CAAC,IAAI,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;YACzD,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,UAAU,EAAE,CAAC,EAAE,WAAW,EAAE,CAAC,EAAE,SAAS,EAAE,EAAE,EAAE,eAAe,EAAE,CAAC,EAAE,SAAS,EAAE,IAAI,EAAE,4CAA4C,EAAE,CAAC;QACvJ,CAAC;QACD,MAAM,YAAY,GAAG,YAAY,CAAC,YAAY,EAAE,MAAM,CAAC,CAAC;QACxD,MAAM,UAAU,GAAG,YAAY,CAAC,UAAU,EAAE,MAAM,CAAC,CAAC;QACpD,4GAA4G;QAC5G,MAAM,WAAW,GAAG,YAAY,CAAC,KAAK,CAAC,kEAAkE,CAAC,IAAI,EAAE,CAAC;QACjH,MAAM,KAAK,GAAG,IAAI,GAAG,EAAU,CAAC;QAChC,KAAK,MAAM,CAAC,IAAI,WAAW,EAAE,CAAC;YAC5B,MAAM,KAAK,GAAG,CAAC,CAAC,KAAK,CAAC,kDAAkD,CAAC,CAAC;YAC1E,IAAI,KAAK;gBAAE,KAAK,CAAC,GAAG,CAAC,SAAS,KAAK,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;QACxD,CAAC;QACD,MAAM,YAAY,GAAG,UAAU,CAAC,KAAK,CAAC,sCAAsC,CAAC,IAAI,EAAE,CAAC;QACpF,MAAM,MAAM,GAAa,EAAE,CAAC;QAC5B,KAAK,MAAM,CAAC,IAAI,YAAY,EAAE,CAAC;YAC7B,MAAM,KAAK,GAAG,CAAC,CAAC,KAAK,CAAC,uBAAuB,CAAC,CAAC;YAC/C,IAAI,KAAK;gBAAE,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAE,CAAC,CAAC;QACpC,CAAC;QACD,MAAM,CAAC,GAAG,kBAAkB,CAAC,EAAE,QAAQ,EAAE,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,WAAW,EAAE,MAAM,EAAE,CAAC,CAAC;QACnF,MAAM,UAAU,GAAG,KAAK,CAAC,IAAI,CAAC;QAC9B,MAAM,YAAY,GAAG,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC;QACtC,MAAM,eAAe,GAAG,UAAU,KAAK,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,YAAY,GAAG,UAAU,CAAC,GAAG,GAAG,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC;QACjG,MAAM,EAAE,GAAG,eAAe,IAAI,SAAS,CAAC;QACxC,MAAM,IAAI,GAAG,EAAE;YACb,CAAC,CAAC,YAAY,eAAe,iBAAiB,SAAS,oBAAoB,YAAY,IAAI,UAAU,iBAAiB;YACtH,CAAC,CAAC,YAAY,eAAe,iBAAiB,SAAS,OAAO,CAAC,CAAC,SAAS,CAAC,MAAM,wJAAwJ,CAAC;QAC3O,OAAO,EAAE,EAAE,EAAE,UAAU,EAAE,WAAW,EAAE,MAAM,CAAC,MAAM,EAAE,SAAS,EAAE,CAAC,CAAC,SAAS,EAAE,eAAe,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC;IAClH,CAAC;IAAC,OAAO,CAAC,EAAE,CAAC;QACX,MAAM,SAAS,GAAG,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,SAAU,CAAC,CAAC,CAAC,EAAE,CAAC;QACzE,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,UAAU,EAAE,CAAC,EAAE,WAAW,EAAE,CAAC,EAAE,SAAS,EAAE,EAAE,EAAE,eAAe,EAAE,CAAC,EAAE,SAAS,EAAE,IAAI,EAAE,yBAA0B,CAAW,CAAC,OAAO,EAAE,EAAE,CAAC;IAC1J,CAAC;AACH,CAAC"}