@mseep/clawdcursor 1.5.5

package/dist/core/safety.js

@@ -0,0 +1,568 @@
+"use strict";
+/**
+ * SafetyLayer — unified gate for every agent action (v0.8.1 rebuild).
+ *
+ * v0.8.0's `src/safety.ts` classified only by description-string match, which
+ * the audit correctly flagged as trivially bypassable (a `mouse_click(x,y)` on
+ * a Send button never contains the word "send"). V2 orchestrator didn't call
+ * SafetyLayer at all, and the `/action` REST endpoint bypassed it entirely.
+ *
+ * v0.8.1 fixes the chokepoint problem:
+ *  - Pure function `evaluate(action, context) → Decision` keyed on the ACTION
+ *    TYPE, not on description prose. A mouse_click on a button whose OCR
+ *    label matches a Confirm-tier pattern elevates to Confirm. A key combo
+ *    in BLOCKED_KEYS returns Block.
+ *  - Registry-driven coverage test (`safety-coverage.test.ts`) enforces
+ *    that every MCP tool handler invokes `evaluate` before its first side
+ *    effect.
+ *  - Decision is observable via the audit log (`safety.decision` events).
+ *
+ * Model-agnostic: no LLM calls. Pure rule engine.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.evaluate = evaluate;
+exports.isAllowed = isAllowed;
+exports.evaluateInput = evaluateInput;
+const keys_blocklist_1 = require("../tools/playbooks/keys-blocklist");
+const logger_1 = require("./observability/logger");
+const correlation_1 = require("./observability/correlation");
+const app_categories_1 = require("./app-categories");
+/**
+ * URI schemes that only COMPOSE or NAVIGATE — they open a draft/app/page but
+ * cannot execute code, delete data, or COMPLETE an irreversible action without
+ * a further user step (you still have to hit send/call). Safe to open without
+ * confirmation. Everything NOT listed keeps the confirm gate, deliberately:
+ *  • file:                  — on Windows can launch an executable.
+ *  • vscode/vscode-insiders — vscode:// is an extension/workspace execution
+ *    surface (Remote SSH, workspace tasks, git clone, ext sub-commands).
+ *  • obsidian               — obsidian://advanced-uri can run plugin/shell cmds.
+ *  • zoommtg/msteams        — auto-JOIN a meeting (mic/camera) — completes an
+ *    action; not mere navigation.
+ *  • any unknown custom scheme — handler is unvetted.
+ * (Security audit 2026-06-08 trimmed vscode/obsidian/zoommtg/msteams.)
+ */
+const BENIGN_URI_SCHEMES = new Set([
+    'mailto', 'tel', 'sms', 'smsto', 'facetime', 'facetime-audio',
+    'webcal', 'http', 'https', 'slack', 'spotify',
+    // ms-settings: NAVIGATES to a Settings page (like https) — opening the page
+    // changes nothing; the user still has to act. Unblocks "open <X> settings".
+    'ms-settings',
+]);
+function uriSchemeOf(uri) {
+    const m = String(uri ?? '').trim().match(/^([a-z][a-z0-9+.-]*):/i);
+    return m ? m[1].toLowerCase() : '';
+}
+// ── Conversions ──────────────────────────────────────────────────────────────
+/** Map the legacy string Tier to a numeric tier. */
+function tierToNumeric(t) {
+    switch (t) {
+        case 'read': return 0;
+        case 'input': return 1;
+        case 'destructive': return 2;
+        case 'system': return 3;
+    }
+}
+/** Map a numeric tier back to the legacy Tier string for internal rule engine. */
+function numericToTierString(n) {
+    switch (n) {
+        case 0: return 'read';
+        case 1: return 'input';
+        case 2: return 'destructive';
+        case 3: return 'system';
+    }
+}
+/** Convert the internal `Decision` to the canonical `SafetyDecision`. */
+function toSafetyDecision(d) {
+    const tier = tierToNumeric(d.tier);
+    if (d.decision === 'allow') {
+        return { allow: true, tier, suggestedAction: 'proceed' };
+    }
+    if (d.decision === 'block') {
+        return { allow: false, reason: d.reason, tier, suggestedAction: 'block' };
+    }
+    // confirm
+    return { allow: false, reason: d.reason, tier, suggestedAction: 'warn' };
+}
+/**
+ * Patterns in a target element's OCR/a11y label that elevate the tier to
+ * Confirm. Matched case-insensitively. Derived from v0.6.3 sensitive-app
+ * policy + v0.8.0 audit findings.
+ */
+const CONFIRM_LABEL_PATTERNS = [
+    /\bsend\b/i, // email, message, wire transfer
+    /\bdelete\b/i, // destructive
+    /\bremove\b/i,
+    /\btrash\b/i,
+    /\berase\b/i,
+    /\buninstall\b/i,
+    /\bdrop\s+(database|table)/i,
+    /\bshut\s*down\b/i,
+    /\brestart\b/i,
+    /\blog\s*out\b/i,
+    /\bsign\s*out\b/i,
+    /\bpurchase\b/i,
+    /\bbuy\b/i,
+    /\bcheckout\b/i,
+    /\bpay\b/i,
+    /\btransfer\b/i,
+    /\bpublish\b/i,
+    /\bconfirm\b/i, // confirm dialogs themselves — require user
+];
+// Canonical tools that type ARBITRARY TEXT. Their text payload is content,
+// not a control label, so CONFIRM_LABEL_PATTERNS must NOT run against it —
+// otherwise typing a sentence that merely contains "confirm" / "send" / etc.
+// spuriously trips the confirm gate (#124: "verification to confirm reliable
+// desktop automation" elevated to destructive tier). This is a denylist, not
+// an allowlist: any tool NOT listed here stays gated by default, so a future
+// click/activation tool can never silently lose label-pattern coverage — the
+// worst a missing entry can do is add benign friction, never remove safety.
+const TYPING_TOOLS = new Set(['type_text', 'cdp_type']);
+// Sensitive-app list lives at src/core/app-categories.ts as the single
+// source of truth — imported at the top of this file. Edit there, not here.
+/** Tool name → default tier. */
+const TOOL_TIER = {
+    // Read — always allow
+    'read_screen': 'read',
+    'ocr_read_screen': 'read',
+    'smart_read': 'read',
+    'desktop_screenshot': 'read',
+    'desktop_screenshot_region': 'read',
+    'get_screen_size': 'read',
+    'get_windows': 'read',
+    'get_active_window': 'read',
+    'get_focused_element': 'read',
+    'find_element': 'read',
+    'read_clipboard': 'read',
+    'cdp_page_context': 'read',
+    'cdp_read_text': 'read',
+    'cdp_list_tabs': 'read',
+    'browser_read': 'read', // agent-loop CDP read — DOM text/elements, no side effects
+    'shortcuts_list': 'read',
+    'build_uri': 'read', // pure string construction — no side effects
+    // Input — allow with label check
+    'mouse_click': 'input',
+    'mouse_double_click': 'input',
+    'mouse_right_click': 'input',
+    'mouse_hover': 'input',
+    'mouse_scroll': 'input',
+    'mouse_drag': 'input',
+    'type_text': 'input',
+    'smart_type': 'input',
+    'smart_click': 'input',
+    'invoke_element': 'input',
+    'key_press': 'input',
+    'write_clipboard': 'destructive', // matches its declared safetyTier:2 (overwrites the user's clipboard); the tool's own tier already wins, this keeps the fallback consistent
+    'cdp_click': 'input',
+    'cdp_type': 'input',
+    'cdp_select_option': 'input',
+    'cdp_scroll': 'input',
+    'cdp_wait_for_selector': 'input',
+    'cdp_switch_tab': 'input',
+    'cdp_connect': 'input',
+    // Agent-loop CDP browser tools (dedicated agent-owned instance, DOM-driven).
+    'browser_connect': 'input',
+    'browser_navigate': 'input',
+    'browser_click': 'input',
+    'browser_type': 'input',
+    'navigate_browser': 'input',
+    'focus_window': 'input',
+    'minimize_window': 'input',
+    'shortcuts_execute': 'input',
+    // System — always confirm (or block)
+    'cdp_evaluate': 'system',
+    'open_app': 'input',
+    'wait': 'read',
+    'delegate_to_agent': 'input',
+    // Pipeline-internal actions
+    'a11y_click': 'input',
+    'a11y_set_value': 'input',
+    'click': 'input',
+    'type': 'input',
+    'press': 'input',
+    'scroll': 'input',
+    'drag': 'input',
+    'move': 'input', // hover — cursor move only, no click/keys
+    'screenshot': 'read',
+    'read_text': 'read', // OCR perception — no side effects (smart_click already mapped above)
+    // `batch` is an inert wrapper — it gates EACH of its steps through this same
+    // evaluator at runtime, so the wrapper call itself is allow-tier.
+    'batch': 'read',
+    'done': 'read',
+    'give_up': 'read',
+    'cannot_read': 'read',
+    // Tranche 1B — new MCP tools (extras.ts)
+    'mouse_move_relative': 'input',
+    'mouse_middle_click': 'input',
+    'mouse_triple_click': 'input',
+    'mouse_down': 'input',
+    'mouse_up': 'input',
+    'mouse_scroll_horizontal': 'input',
+    'mouse_drag_stepped': 'input',
+    'key_down': 'input',
+    'key_up': 'input',
+    'maximize_window': 'input',
+    'minimize_window_to_taskbar': 'input',
+    'restore_window': 'input',
+    'close_window': 'destructive', // polite request, but the user may not want this on autopilot
+    'resize_window': 'input',
+    'list_displays': 'read',
+    'focus_element': 'input',
+    'wait_for_element': 'read',
+    'open_file': 'input',
+    'open_url': 'input',
+    'get_system_time': 'read',
+    'switch_tab_os': 'input',
+    'undo_last': 'input',
+    // Tranche 2 — a11y depth tools
+    'a11y_expand': 'input',
+    'a11y_collapse': 'input',
+    'a11y_toggle': 'input',
+    'a11y_select': 'input',
+    'a11y_get_element': 'read',
+    'a11y_get_value': 'read',
+    'verify': 'read', // harness-executed assertions — read primitives only
+    'compile_ui': 'read', // compiles a11y+OCR+vision into a fused UI map — no side effects
+    'find_action_button': 'read', // semantic finder — no side effects
+    'find_input_field': 'read', // semantic finder — no side effects
+    'get_element_state': 'read',
+    'a11y_list_children': 'read',
+    // v0.8.2 — Electron/WebView2 bridge tools
+    'detect_webview_apps': 'read',
+    'relaunch_with_cdp': 'destructive', // closes the app — app may prompt to save
+    // URI escape hatch + guide-write — match their granular safetyTier (2).
+    'open_uri': 'destructive', // dispatches to an arbitrary registered handler (file: can execute)
+    'learn_app': 'destructive', // writes a guide to ~/.clawdcursor
+    // Tranche 3 — compact compound MCP surface. When an agent calls one of
+    // these, the real action is decided by the `action` arg (already
+    // unpacked above via unpackCompoundTool for the unified-agent compound
+    // tools: mouse/keyboard/window). These public-MCP names share the
+    // same canonicalization philosophy — tier defaults to 'input' and the
+    // delegated granular tool's tier kicks in during actual dispatch.
+    'computer': 'input',
+    'accessibility': 'read',
+    'window': 'input',
+    'system': 'input',
+    'browser': 'input',
+    'task': 'input',
+};
+/**
+ * Map a compound-tool call (Tranche 2.5 vision agent) to its canonical
+ * granular name for tier lookup. `mouse({action:"click"})` resolves to
+ * `mouse_click`, `keyboard({action:"press"})` to `key_press`, etc.
+ *
+ * Without this, compound tools default to 'input' tier because
+ * `TOOL_TIER` is keyed on the canonical names. The mapping keeps the
+ * existing tier map as the single source of truth — no compound-specific
+ * tier entries needed.
+ */
+function unpackCompoundTool(tool, args) {
+    // Tranche 3 public-MCP compound tools: computer/accessibility/window/
+    // system/browser/task. These are dispatched inside compact.ts and the
+    // granular delegate handles the real action — but for the audit log
+    // we want to surface the granular name here so forensic trails make
+    // sense. Mapping mirrors compact.ts's ACTION_MAP tables.
+    const publicCompoundMap = {
+        computer: {
+            screenshot: 'desktop_screenshot', screenshot_region: 'desktop_screenshot_region',
+            click: 'mouse_click', double_click: 'mouse_double_click', right_click: 'mouse_right_click',
+            middle_click: 'mouse_middle_click', triple_click: 'mouse_triple_click',
+            hover: 'mouse_hover', move: 'mouse_hover', move_relative: 'mouse_move_relative',
+            scroll: 'mouse_scroll', scroll_horizontal: 'mouse_scroll_horizontal',
+            drag: 'mouse_drag', drag_path: 'mouse_drag_stepped',
+            mouse_down: 'mouse_down', mouse_up: 'mouse_up',
+            type: 'type_text', key: 'key_press', key_press: 'key_press',
+            key_down: 'key_down', key_up: 'key_up', wait: 'wait',
+        },
+        accessibility: {
+            read_tree: 'read_screen', find: 'find_element', get_element: 'a11y_get_element',
+            focused: 'get_focused_element', invoke: 'invoke_element', focus: 'focus_element',
+            set_value: 'set_field_value', get_value: 'a11y_get_value',
+            expand: 'a11y_expand', collapse: 'a11y_collapse',
+            toggle: 'a11y_toggle', select: 'a11y_select', state: 'get_element_state',
+            list_children: 'a11y_list_children', wait_for: 'wait_for_element',
+            smart_click: 'smart_click', smart_type: 'smart_type', smart_read: 'smart_read',
+        },
+        window: {
+            list: 'get_windows', active: 'get_active_window', focus: 'focus_window',
+            maximize: 'maximize_window', minimize: 'minimize_window_to_taskbar',
+            restore: 'restore_window', close: 'close_window', resize: 'resize_window',
+            list_displays: 'list_displays', screen_size: 'get_screen_size',
+            open_app: 'open_app', open_file: 'open_file', open_url: 'open_url',
+            switch_tab: 'switch_tab_os', navigate: 'navigate_browser',
+        },
+        system: {
+            clipboard_read: 'read_clipboard', clipboard_write: 'write_clipboard',
+            system_time: 'get_system_time', ocr: 'ocr_read_screen', undo: 'undo_last',
+            shortcuts_list: 'shortcuts_list', shortcuts_run: 'shortcuts_execute',
+            delegate: 'delegate_to_agent',
+            // v0.8.2
+            detect_webview: 'detect_webview_apps',
+            relaunch_with_cdp: 'relaunch_with_cdp',
+            // URI escape hatches + guide-write (added to the compound surface)
+            build_uri: 'build_uri', open_uri: 'open_uri', learn_app: 'learn_app',
+        },
+        browser: {
+            connect: 'cdp_connect', page_context: 'cdp_page_context', read_text: 'cdp_read_text',
+            click: 'cdp_click', type: 'cdp_type', select_option: 'cdp_select_option',
+            evaluate: 'cdp_evaluate', wait_for: 'cdp_wait_for_selector',
+            list_tabs: 'cdp_list_tabs', switch_tab: 'cdp_switch_tab', scroll: 'cdp_scroll',
+        },
+    };
+    const actionArg = typeof args.action === 'string' ? args.action : '';
+    if (tool in publicCompoundMap && actionArg) {
+        const mapped = publicCompoundMap[tool][actionArg];
+        if (mapped)
+            return mapped;
+    }
+    if (tool === 'task')
+        return 'delegate_to_agent';
+    if (tool !== 'mouse' && tool !== 'keyboard' && tool !== 'window')
+        return tool;
+    const action = typeof args.action === 'string' ? args.action : '';
+    if (tool === 'mouse') {
+        switch (action) {
+            case 'click': return 'mouse_click';
+            case 'double_click': return 'mouse_double_click';
+            case 'right_click': return 'mouse_right_click';
+            case 'middle_click': return 'mouse_middle_click';
+            case 'triple_click': return 'mouse_triple_click';
+            case 'move':
+            case 'hover': return 'mouse_hover';
+            case 'move_relative': return 'mouse_move_relative';
+            case 'down': return 'mouse_down';
+            case 'up': return 'mouse_up';
+            case 'scroll': return 'mouse_scroll';
+            case 'drag': return 'mouse_drag';
+            case 'drag_stepped': return 'mouse_drag_stepped';
+            default: return 'mouse_click'; // safe default
+        }
+    }
+    if (tool === 'keyboard') {
+        switch (action) {
+            case 'press': return 'key_press';
+            case 'down': return 'key_down';
+            case 'up': return 'key_up';
+            case 'type': return 'type_text';
+            default: return 'key_press';
+        }
+    }
+    // window
+    switch (action) {
+        case 'focus': return 'focus_window';
+        case 'maximize': return 'maximize_window';
+        case 'minimize': return 'minimize_window';
+        case 'restore': return 'restore_window';
+        case 'close': return 'close_window';
+        case 'resize': return 'resize_window';
+        case 'list': return 'get_windows';
+        case 'list_displays': return 'list_displays';
+        default: return 'focus_window';
+    }
+}
+/**
+ * Evaluate an action. Pure function — no side effects other than the
+ * `safety.decision` audit log.
+ *
+ * When `ctx.toolSafetyTier` is provided (set from `ToolDefinition.safetyTier`),
+ * it overrides the TOOL_TIER name-lookup for the base tier so the gate
+ * uses the tool's own declared tier rather than guessing from the name.
+ * Blocked-key and cdp_evaluate checks still run unconditionally.
+ */
+function evaluate(ctx) {
+    // Unpack compound tool calls (vision agent's mouse/keyboard/window)
+    // into the canonical granular name so tier lookup hits the same map
+    // that drives granular tools.
+    const canonicalTool = unpackCompoundTool(ctx.tool, ctx.args);
+    // PR6: prefer the tool's declared safetyTier; fall back to name lookup.
+    // IMPORTANT: when the surface tool is a compound (canonicalTool !== ctx.tool),
+    // the specific action may map to a HIGHER tier than the surface default
+    // (e.g. browser({action:'evaluate'}) → cdp_evaluate → 'system'). In that
+    // case we always use the canonical TOOL_TIER so the compound unpack works
+    // correctly. The toolSafetyTier override only applies to granular tools where
+    // no further unpacking occurs.
+    const isCompoundUnpacked = canonicalTool !== ctx.tool;
+    const tier = (!isCompoundUnpacked && ctx.toolSafetyTier !== undefined)
+        ? numericToTierString(ctx.toolSafetyTier)
+        : (TOOL_TIER[canonicalTool] ?? 'input');
+    const correlationId = (0, correlation_1.getCorrelationId)();
+    const emit = (decision) => {
+        // When a compound tool was unpacked, log BOTH names so the audit
+        // trail shows the canonical action (for tier forensics) and the
+        // surface tool the LLM actually called (for debugging).
+        const logMeta = { tool: ctx.tool, ...decision, correlationId };
+        if (canonicalTool !== ctx.tool)
+            logMeta.canonicalTool = canonicalTool;
+        logger_1.logger.info('safety.decision', logMeta);
+        return decision;
+    };
+    // 1. Keyboard combos: if blocked, reject immediately.
+    //    Check the full set of keyboard-emitting surfaces: `key_press`,
+    //    `press` (pipeline-internal), and the compound `keyboard` tool
+    //    after unpacking (canonicalTool = 'key_press').
+    const isKeyboardSurface = ctx.tool === 'key_press' || ctx.tool === 'press' ||
+        canonicalTool === 'key_press' || canonicalTool === 'key_down';
+    if (isKeyboardSurface) {
+        const combo = typeof ctx.args.combo === 'string' ? ctx.args.combo
+            : typeof ctx.args.key === 'string' ? ctx.args.key : undefined;
+        if (combo !== undefined) {
+            const tier = (0, keys_blocklist_1.keyBlockTier)(combo);
+            // HARD block (lock/force-quit/shutdown) has no path; consequential combos
+            // (close window/tab, show desktop, launchers) are confirm-able instead of
+            // dead-ended (v1.6.0 — the old list hard-blocked win+d/ctrl+w).
+            if (tier === 'block') {
+                return emit({ decision: 'block', tier: 'destructive', reason: (0, keys_blocklist_1.keyBlockReason)(combo, 'block') });
+            }
+            if (tier === 'confirm') {
+                return emit({ decision: 'confirm', tier: 'destructive', reason: (0, keys_blocklist_1.keyBlockReason)(combo, 'confirm') });
+            }
+        }
+    }
+    // 2. cdp_evaluate is ungated in v0.8.0 (audit C5). Require Confirm here;
+    // full allowArbitraryJs config gate lands in v0.8.2.
+    if (ctx.tool === 'cdp_evaluate') {
+        return emit({
+            decision: 'confirm',
+            tier: 'system',
+            reason: 'cdp_evaluate runs arbitrary JS in the active page — requires user approval',
+        });
+    }
+    // 2b. open_uri tier is SCHEME-dependent. Benign compose/navigate schemes
+    //     (mailto/tel/sms/webcal/http/https/...) cannot execute or delete — allow.
+    //     file: (executes on Windows) and unknown custom schemes keep the confirm
+    //     gate. This unblocks the OS URI escape hatches for headless runs without
+    //     weakening the gate against executing/unknown handlers.
+    if (canonicalTool === 'open_uri') {
+        const scheme = uriSchemeOf(ctx.args.uri);
+        if (BENIGN_URI_SCHEMES.has(scheme)) {
+            return emit({ decision: 'allow', tier: 'input' });
+        }
+        return emit({
+            decision: 'confirm',
+            tier: 'destructive',
+            reason: scheme
+                ? `open_uri to "${scheme}:" — handler may execute or be destructive (e.g. file: can run a program); needs confirmation`
+                : 'open_uri with no/invalid scheme — needs confirmation',
+        });
+    }
+    // 3. Read tier: always allow.
+    if (tier === 'read') {
+        return emit({ decision: 'allow', tier });
+    }
+    // 4. System tier: always confirm (catch-all).
+    if (tier === 'system') {
+        return emit({ decision: 'confirm', tier, reason: `${ctx.tool} is a system-tier action` });
+    }
+    // 4b. Destructive tier: confirm. Matches the tool-registry tag for
+    //     explicitly-destructive verbs (close_window, etc.) so the gate
+    //     fires even when there's no label match.
+    if (tier === 'destructive') {
+        return emit({ decision: 'confirm', tier, reason: `${ctx.tool} is a destructive-tier action` });
+    }
+    // 5. Input tier with a Confirm-pattern target label.
+    //    Skip for typing tools: their `targetLabel` is the text being typed
+    //    (content), not the label of a control being activated. Clicking a
+    //    button labelled "Send"/"Delete" is destructive; typing those words
+    //    into a field is not. See TYPING_TOOLS above (#124).
+    if (ctx.targetLabel && !TYPING_TOOLS.has(canonicalTool)) {
+        for (const pattern of CONFIRM_LABEL_PATTERNS) {
+            if (pattern.test(ctx.targetLabel)) {
+                // Intent-matched bypass: if the user's task text contains the
+                // target label (case-insensitive, word-bounded) AND the same
+                // confirm-pattern fires on that task text, the user has given
+                // explicit consent for this exact destructive action. Examples:
+                //   task="hit send" + target="Send"   → bypass
+                //   task="delete the row" + target="Delete" → bypass
+                //   task="open my inbox" + target="Send" → confirm (no intent match)
+                // This keeps the safety layer protective against hallucinated
+                // destructive clicks while letting legitimate user-requested
+                // actions through. Pattern-matched, not model-specific.
+                if (ctx.userTaskText && pattern.test(ctx.userTaskText)) {
+                    logger_1.logger.info('safety.intent_match.bypass', {
+                        tool: ctx.tool,
+                        targetLabel: ctx.targetLabel,
+                        pattern: pattern.source,
+                        correlationId,
+                    });
+                    return emit({ decision: 'allow', tier: 'input' });
+                }
+                return emit({
+                    decision: 'confirm',
+                    tier: 'destructive',
+                    reason: `target "${ctx.targetLabel}" matches destructive pattern ${pattern.source}`,
+                });
+            }
+        }
+    }
+    // 6. Sensitive-app elevation: clicks/typing inside email/banking/messaging
+    //    apps. The previous implementation here only LOGGED — the code comment
+    //    promised elevation but the function fell through to allow. That left
+    //    a real gap: an agent could click anywhere in Outlook / 1Password /
+    //    Mail with no target label and the safety layer treated it as a
+    //    plain Input action.
+    //
+    //    New policy:
+    //      - Sensitive app + click-family tool + NO/EMPTY target label
+    //        → `confirm` (we can't tell if this lands on "Send" / "Delete")
+    //      - Sensitive app + click-family tool + non-destructive target label
+    //        → allow (e.g. invoke_element name="Reply" is fine; destructive
+    //          target names are already caught by step 5 above)
+    //      - Sensitive app + non-click tool (read, screenshot, focus, etc.)
+    //        → allow (reads stay free)
+    if (ctx.activeApp && app_categories_1.SENSITIVE_APPS_PATTERN.test(ctx.activeApp)) {
+        const clickFamily = ['smart_click', 'cdp_click', 'mouse_click', 'a11y_click', 'click', 'invoke_element'];
+        if (clickFamily.includes(ctx.tool)) {
+            const labelEmpty = !ctx.targetLabel || String(ctx.targetLabel).trim().length === 0;
+            if (labelEmpty) {
+                logger_1.logger.debug('safety.sensitive_app.elevated', { app: ctx.activeApp, tool: ctx.tool, correlationId });
+                return emit({
+                    decision: 'confirm',
+                    tier: 'destructive',
+                    reason: `Sensitive app (${ctx.activeApp}) + ${ctx.tool} with no target label — cannot verify the action isn't destructive (Send/Delete/Transfer). Ask the user.`,
+                });
+            }
+            // Has a label and it didn't match a destructive pattern in step 5 — let it through.
+            logger_1.logger.debug('safety.sensitive_app.allowed_with_label', { app: ctx.activeApp, tool: ctx.tool, label: ctx.targetLabel, correlationId });
+        }
+    }
+    // 7. Default allow at input tier.
+    return emit({ decision: 'allow', tier });
+}
+/**
+ * Convenience predicate. Returns true if the decision allows the action to
+ * proceed without user confirmation.
+ */
+function isAllowed(d) {
+    return d.decision === 'allow';
+}
+// ── PR6: canonical evaluate() signature ─────────────────────────────────────
+/**
+ * Canonical single safety gate used by every call site (PR6).
+ *
+ * Accepts the PR6 interface shape:
+ *   { toolName, args, ctx? }
+ *
+ * Returns a `SafetyDecision` with `allow: boolean` so callers don't need to
+ * inspect the legacy `decision` string.  The gate is the ONLY place that
+ * decides allow/block — no inline `if (toolName === 'desktop_screenshot')`
+ * branching anywhere else.
+ *
+ * Call sites:
+ *   1. `src/core/agent-loop/agent.ts`  — agent loop, every tool call
+ *   2. `src/tools/safety-gate.ts`      — MCP wrapper + REST execute middleware
+ *
+ * The `safetyTier` field is read from the tool's `ToolDefinition.safetyTier`
+ * by the caller before passing here; when absent the gate falls back to the
+ * internal TOOL_TIER name-lookup table.
+ */
+function evaluateInput(input) {
+    const legacyCtx = {
+        tool: input.toolName,
+        args: input.args,
+        targetLabel: input.ctx?.targetLabel,
+        activeApp: input.ctx?.activeApp,
+        userTaskText: input.ctx?.userIntent,
+        toolSafetyTier: input.safetyTier,
+    };
+    return toSafetyDecision(evaluate(legacyCtx));
+}
+//# sourceMappingURL=safety.js.map

package/dist/core/safety.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"safety.js","sourceRoot":"","sources":["../../src/core/safety.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;;;;;;GAmBG;;AAqaH,4BAwKC;AAMD,8BAEC;AAuBD,sCAmBC;AA7nBD,sEAAiF;AACjF,mDAAgD;AAChD,6DAA+D;AAC/D,qDAA4E;AAE5E;;;;;;;;;;;;;GAaG;AACH,MAAM,kBAAkB,GAAG,IAAI,GAAG,CAAS;IACzC,QAAQ,EAAE,KAAK,EAAE,KAAK,EAAE,OAAO,EAAE,UAAU,EAAE,gBAAgB;IAC7D,QAAQ,EAAE,MAAM,EAAE,OAAO,EAAE,OAAO,EAAE,SAAS;IAC7C,4EAA4E;IAC5E,4EAA4E;IAC5E,aAAa;CACd,CAAC,CAAC;AAEH,SAAS,WAAW,CAAC,GAAY;IAC/B,MAAM,CAAC,GAAG,MAAM,CAAC,GAAG,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,wBAAwB,CAAC,CAAC;IACnE,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;AACrC,CAAC;AAmCD,gFAAgF;AAEhF,oDAAoD;AACpD,SAAS,aAAa,CAAC,CAAO;IAC5B,QAAQ,CAAC,EAAE,CAAC;QACV,KAAK,MAAM,CAAC,CAAQ,OAAO,CAAC,CAAC;QAC7B,KAAK,OAAO,CAAC,CAAO,OAAO,CAAC,CAAC;QAC7B,KAAK,aAAa,CAAC,CAAC,OAAO,CAAC,CAAC;QAC7B,KAAK,QAAQ,CAAC,CAAM,OAAO,CAAC,CAAC;IAC/B,CAAC;AACH,CAAC;AAED,kFAAkF;AAClF,SAAS,mBAAmB,CAAC,CAAc;IACzC,QAAQ,CAAC,EAAE,CAAC;QACV,KAAK,CAAC,CAAC,CAAC,OAAO,MAAM,CAAC;QACtB,KAAK,CAAC,CAAC,CAAC,OAAO,OAAO,CAAC;QACvB,KAAK,CAAC,CAAC,CAAC,OAAO,aAAa,CAAC;QAC7B,KAAK,CAAC,CAAC,CAAC,OAAO,QAAQ,CAAC;IAC1B,CAAC;AACH,CAAC;AAED,yEAAyE;AACzE,SAAS,gBAAgB,CAAC,CAAW;IACnC,MAAM,IAAI,GAAG,aAAa,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;IACnC,IAAI,CAAC,CAAC,QAAQ,KAAK,OAAO,EAAE,CAAC;QAC3B,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,IAAI,EAAE,eAAe,EAAE,SAAS,EAAE,CAAC;IAC3D,CAAC;IACD,IAAI,CAAC,CAAC,QAAQ,KAAK,OAAO,EAAE,CAAC;QAC3B,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE,IAAI,EAAE,eAAe,EAAE,OAAO,EAAE,CAAC;IAC5E,CAAC;IACD,UAAU;IACV,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE,IAAI,EAAE,eAAe,EAAE,MAAM,EAAE,CAAC;AAC3E,CAAC;AAgCD;;;;GAIG;AACH,MAAM,sBAAsB,GAAa;IACvC,WAAW,EAAc,gCAAgC;IACzD,aAAa,EAAY,cAAc;IACvC,aAAa;IACb,YAAY;IACZ,YAAY;IACZ,gBAAgB;IAChB,4BAA4B;IAC5B,kBAAkB;IAClB,cAAc;IACd,gBAAgB;IAChB,iBAAiB;IACjB,eAAe;IACf,UAAU;IACV,eAAe;IACf,UAAU;IACV,eAAe;IACf,cAAc;IACd,cAAc,EAAW,4CAA4C;CACtE,CAAC;AAEF,2EAA2E;AAC3E,2EAA2E;AAC3E,6EAA6E;AAC7E,6EAA6E;AAC7E,6EAA6E;AAC7E,6EAA6E;AAC7E,6EAA6E;AAC7E,4EAA4E;AAC5E,MAAM,YAAY,GAAG,IAAI,GAAG,CAAS,CAAC,WAAW,EAAE,UAAU,CAAC,CAAC,CAAC;AAEhE,uEAAuE;AACvE,4EAA4E;AAE5E,gCAAgC;AAChC,MAAM,SAAS,GAAyB;IACtC,sBAAsB;IACtB,aAAa,EAAE,MAAM;IACrB,iBAAiB,EAAE,MAAM;IACzB,YAAY,EAAE,MAAM;IACpB,oBAAoB,EAAE,MAAM;IAC5B,2BAA2B,EAAE,MAAM;IACnC,iBAAiB,EAAE,MAAM;IACzB,aAAa,EAAE,MAAM;IACrB,mBAAmB,EAAE,MAAM;IAC3B,qBAAqB,EAAE,MAAM;IAC7B,cAAc,EAAE,MAAM;IACtB,gBAAgB,EAAE,MAAM;IACxB,kBAAkB,EAAE,MAAM;IAC1B,eAAe,EAAE,MAAM;IACvB,eAAe,EAAE,MAAM;IACvB,cAAc,EAAE,MAAM,EAAQ,2DAA2D;IACzF,gBAAgB,EAAE,MAAM;IACxB,WAAW,EAAE,MAAM,EAAW,6CAA6C;IAC3E,iCAAiC;IACjC,aAAa,EAAE,OAAO;IACtB,oBAAoB,EAAE,OAAO;IAC7B,mBAAmB,EAAE,OAAO;IAC5B,aAAa,EAAE,OAAO;IACtB,cAAc,EAAE,OAAO;IACvB,YAAY,EAAE,OAAO;IACrB,WAAW,EAAE,OAAO;IACpB,YAAY,EAAE,OAAO;IACrB,aAAa,EAAE,OAAO;IACtB,gBAAgB,EAAE,OAAO;IACzB,WAAW,EAAE,OAAO;IACpB,iBAAiB,EAAE,aAAa,EAAG,4IAA4I;IAC/K,WAAW,EAAE,OAAO;IACpB,UAAU,EAAE,OAAO;IACnB,mBAAmB,EAAE,OAAO;IAC5B,YAAY,EAAE,OAAO;IACrB,uBAAuB,EAAE,OAAO;IAChC,gBAAgB,EAAE,OAAO;IACzB,aAAa,EAAE,OAAO;IACtB,6EAA6E;IAC7E,iBAAiB,EAAE,OAAO;IAC1B,kBAAkB,EAAE,OAAO;IAC3B,eAAe,EAAE,OAAO;IACxB,cAAc,EAAE,OAAO;IACvB,kBAAkB,EAAE,OAAO;IAC3B,cAAc,EAAE,OAAO;IACvB,iBAAiB,EAAE,OAAO;IAC1B,mBAAmB,EAAE,OAAO;IAC5B,qCAAqC;IACrC,cAAc,EAAE,QAAQ;IACxB,UAAU,EAAE,OAAO;IACnB,MAAM,EAAE,MAAM;IACd,mBAAmB,EAAE,OAAO;IAC5B,4BAA4B;IAC5B,YAAY,EAAE,OAAO;IACrB,gBAAgB,EAAE,OAAO;IACzB,OAAO,EAAE,OAAO;IAChB,MAAM,EAAE,OAAO;IACf,OAAO,EAAE,OAAO;IAChB,QAAQ,EAAE,OAAO;IACjB,MAAM,EAAE,OAAO;IACf,MAAM,EAAE,OAAO,EAAM,0CAA0C;IAC/D,YAAY,EAAE,MAAM;IACpB,WAAW,EAAE,MAAM,EAAM,sEAAsE;IAC/F,6EAA6E;IAC7E,kEAAkE;IAClE,OAAO,EAAE,MAAM;IACf,MAAM,EAAE,MAAM;IACd,SAAS,EAAE,MAAM;IACjB,aAAa,EAAE,MAAM;IACrB,yCAAyC;IACzC,qBAAqB,EAAE,OAAO;IAC9B,oBAAoB,EAAE,OAAO;IAC7B,oBAAoB,EAAE,OAAO;IAC7B,YAAY,EAAE,OAAO;IACrB,UAAU,EAAE,OAAO;IACnB,yBAAyB,EAAE,OAAO;IAClC,oBAAoB,EAAE,OAAO;IAC7B,UAAU,EAAE,OAAO;IACnB,QAAQ,EAAE,OAAO;IACjB,iBAAiB,EAAE,OAAO;IAC1B,4BAA4B,EAAE,OAAO;IACrC,gBAAgB,EAAE,OAAO;IACzB,cAAc,EAAE,aAAa,EAAK,8DAA8D;IAChG,eAAe,EAAE,OAAO;IACxB,eAAe,EAAE,MAAM;IACvB,eAAe,EAAE,OAAO;IACxB,kBAAkB,EAAE,MAAM;IAC1B,WAAW,EAAE,OAAO;IACpB,UAAU,EAAE,OAAO;IACnB,iBAAiB,EAAE,MAAM;IACzB,eAAe,EAAE,OAAO;IACxB,WAAW,EAAE,OAAO;IACpB,+BAA+B;IAC/B,aAAa,EAAE,OAAO;IACtB,eAAe,EAAE,OAAO;IACxB,aAAa,EAAE,OAAO;IACtB,aAAa,EAAE,OAAO;IACtB,kBAAkB,EAAE,MAAM;IAC1B,gBAAgB,EAAE,MAAM;IACxB,QAAQ,EAAE,MAAM,EAAI,qDAAqD;IACzE,YAAY,EAAE,MAAM,EAAG,iEAAiE;IACxF,oBAAoB,EAAE,MAAM,EAAG,oCAAoC;IACnE,kBAAkB,EAAE,MAAM,EAAK,oCAAoC;IACnE,mBAAmB,EAAE,MAAM;IAC3B,oBAAoB,EAAE,MAAM;IAC5B,0CAA0C;IAC1C,qBAAqB,EAAE,MAAM;IAC7B,mBAAmB,EAAE,aAAa,EAAG,0CAA0C;IAC/E,wEAAwE;IACxE,UAAU,EAAE,aAAa,EAAK,oEAAoE;IAClG,WAAW,EAAE,aAAa,EAAI,mCAAmC;IACjE,uEAAuE;IACvE,iEAAiE;IACjE,uEAAuE;IACvE,kEAAkE;IAClE,sEAAsE;IACtE,kEAAkE;IAClE,UAAU,EAAE,OAAO;IACnB,eAAe,EAAE,MAAM;IACvB,QAAQ,EAAE,OAAO;IACjB,QAAQ,EAAE,OAAO;IACjB,SAAS,EAAE,OAAO;IAClB,MAAM,EAAE,OAAO;CAChB,CAAC;AAEF;;;;;;;;;GASG;AACH,SAAS,kBAAkB,CAAC,IAAY,EAAE,IAA6B;IACrE,sEAAsE;IACtE,sEAAsE;IACtE,oEAAoE;IACpE,oEAAoE;IACpE,yDAAyD;IACzD,MAAM,iBAAiB,GAA2C;QAChE,QAAQ,EAAE;YACR,UAAU,EAAE,oBAAoB,EAAE,iBAAiB,EAAE,2BAA2B;YAChF,KAAK,EAAE,aAAa,EAAE,YAAY,EAAE,oBAAoB,EAAE,WAAW,EAAE,mBAAmB;YAC1F,YAAY,EAAE,oBAAoB,EAAE,YAAY,EAAE,oBAAoB;YACtE,KAAK,EAAE,aAAa,EAAE,IAAI,EAAE,aAAa,EAAE,aAAa,EAAE,qBAAqB;YAC/E,MAAM,EAAE,cAAc,EAAE,iBAAiB,EAAE,yBAAyB;YACpE,IAAI,EAAE,YAAY,EAAE,SAAS,EAAE,oBAAoB;YACnD,UAAU,EAAE,YAAY,EAAE,QAAQ,EAAE,UAAU;YAC9C,IAAI,EAAE,WAAW,EAAE,GAAG,EAAE,WAAW,EAAE,SAAS,EAAE,WAAW;YAC3D,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE,IAAI,EAAE,MAAM;SACrD;QACD,aAAa,EAAE;YACb,SAAS,EAAE,aAAa,EAAE,IAAI,EAAE,cAAc,EAAE,WAAW,EAAE,kBAAkB;YAC/E,OAAO,EAAE,qBAAqB,EAAE,MAAM,EAAE,gBAAgB,EAAE,KAAK,EAAE,eAAe;YAChF,SAAS,EAAE,iBAAiB,EAAE,SAAS,EAAE,gBAAgB;YACzD,MAAM,EAAE,aAAa,EAAE,QAAQ,EAAE,eAAe;YAChD,MAAM,EAAE,aAAa,EAAE,MAAM,EAAE,aAAa,EAAE,KAAK,EAAE,mBAAmB;YACxE,aAAa,EAAE,oBAAoB,EAAE,QAAQ,EAAE,kBAAkB;YACjE,WAAW,EAAE,aAAa,EAAE,UAAU,EAAE,YAAY,EAAE,UAAU,EAAE,YAAY;SAC/E;QACD,MAAM,EAAE;YACN,IAAI,EAAE,aAAa,EAAE,MAAM,EAAE,mBAAmB,EAAE,KAAK,EAAE,cAAc;YACvE,QAAQ,EAAE,iBAAiB,EAAE,QAAQ,EAAE,4BAA4B;YACnE,OAAO,EAAE,gBAAgB,EAAE,KAAK,EAAE,cAAc,EAAE,MAAM,EAAE,eAAe;YACzE,aAAa,EAAE,eAAe,EAAE,WAAW,EAAE,iBAAiB;YAC9D,QAAQ,EAAE,UAAU,EAAE,SAAS,EAAE,WAAW,EAAE,QAAQ,EAAE,UAAU;YAClE,UAAU,EAAE,eAAe,EAAE,QAAQ,EAAE,kBAAkB;SAC1D;QACD,MAAM,EAAE;YACN,cAAc,EAAE,gBAAgB,EAAE,eAAe,EAAE,iBAAiB;YACpE,WAAW,EAAE,iBAAiB,EAAE,GAAG,EAAE,iBAAiB,EAAE,IAAI,EAAE,WAAW;YACzE,cAAc,EAAE,gBAAgB,EAAE,aAAa,EAAE,mBAAmB;YACpE,QAAQ,EAAE,mBAAmB;YAC7B,SAAS;YACT,cAAc,EAAE,qBAAqB;YACrC,iBAAiB,EAAE,mBAAmB;YACtC,mEAAmE;YACnE,SAAS,EAAE,WAAW,EAAE,QAAQ,EAAE,UAAU,EAAE,SAAS,EAAE,WAAW;SACrE;QACD,OAAO,EAAE;YACP,OAAO,EAAE,aAAa,EAAE,YAAY,EAAE,kBAAkB,EAAE,SAAS,EAAE,eAAe;YACpF,KAAK,EAAE,WAAW,EAAE,IAAI,EAAE,UAAU,EAAE,aAAa,EAAE,mBAAmB;YACxE,QAAQ,EAAE,cAAc,EAAE,QAAQ,EAAE,uBAAuB;YAC3D,SAAS,EAAE,eAAe,EAAE,UAAU,EAAE,gBAAgB,EAAE,MAAM,EAAE,YAAY;SAC/E;KACF,CAAC;IACF,MAAM,SAAS,GAAG,OAAO,IAAI,CAAC,MAAM,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC;IACrE,IAAI,IAAI,IAAI,iBAAiB,IAAI,SAAS,EAAE,CAAC;QAC3C,MAAM,MAAM,GAAG,iBAAiB,CAAC,IAAI,CAAC,CAAC,SAAS,CAAC,CAAC;QAClD,IAAI,MAAM;YAAE,OAAO,MAAM,CAAC;IAC5B,CAAC;IACD,IAAI,IAAI,KAAK,MAAM;QAAE,OAAO,mBAAmB,CAAC;IAEhD,IAAI,IAAI,KAAK,OAAO,IAAI,IAAI,KAAK,UAAU,IAAI,IAAI,KAAK,QAAQ;QAAE,OAAO,IAAI,CAAC;IAC9E,MAAM,MAAM,GAAG,OAAO,IAAI,CAAC,MAAM,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC;IAElE,IAAI,IAAI,KAAK,OAAO,EAAE,CAAC;QACrB,QAAQ,MAAM,EAAE,CAAC;YACf,KAAK,OAAO,CAAC,CAAS,OAAO,aAAa,CAAC;YAC3C,KAAK,cAAc,CAAC,CAAE,OAAO,oBAAoB,CAAC;YAClD,KAAK,aAAa,CAAC,CAAG,OAAO,mBAAmB,CAAC;YACjD,KAAK,cAAc,CAAC,CAAE,OAAO,oBAAoB,CAAC;YAClD,KAAK,cAAc,CAAC,CAAE,OAAO,oBAAoB,CAAC;YAClD,KAAK,MAAM,CAAC;YACZ,KAAK,OAAO,CAAC,CAAS,OAAO,aAAa,CAAC;YAC3C,KAAK,eAAe,CAAC,CAAC,OAAO,qBAAqB,CAAC;YACnD,KAAK,MAAM,CAAC,CAAU,OAAO,YAAY,CAAC;YAC1C,KAAK,IAAI,CAAC,CAAY,OAAO,UAAU,CAAC;YACxC,KAAK,QAAQ,CAAC,CAAQ,OAAO,cAAc,CAAC;YAC5C,KAAK,MAAM,CAAC,CAAU,OAAO,YAAY,CAAC;YAC1C,KAAK,cAAc,CAAC,CAAE,OAAO,oBAAoB,CAAC;YAClD,OAAO,CAAC,CAAc,OAAO,aAAa,CAAC,CAAC,eAAe;QAC7D,CAAC;IACH,CAAC;IACD,IAAI,IAAI,KAAK,UAAU,EAAE,CAAC;QACxB,QAAQ,MAAM,EAAE,CAAC;YACf,KAAK,OAAO,CAAC,CAAC,OAAO,WAAW,CAAC;YACjC,KAAK,MAAM,CAAC,CAAE,OAAO,UAAU,CAAC;YAChC,KAAK,IAAI,CAAC,CAAI,OAAO,QAAQ,CAAC;YAC9B,KAAK,MAAM,CAAC,CAAE,OAAO,WAAW,CAAC;YACjC,OAAO,CAAC,CAAM,OAAO,WAAW,CAAC;QACnC,CAAC;IACH,CAAC;IACD,SAAS;IACT,QAAQ,MAAM,EAAE,CAAC;QACf,KAAK,OAAO,CAAC,CAAS,OAAO,cAAc,CAAC;QAC5C,KAAK,UAAU,CAAC,CAAM,OAAO,iBAAiB,CAAC;QAC/C,KAAK,UAAU,CAAC,CAAM,OAAO,iBAAiB,CAAC;QAC/C,KAAK,SAAS,CAAC,CAAO,OAAO,gBAAgB,CAAC;QAC9C,KAAK,OAAO,CAAC,CAAS,OAAO,cAAc,CAAC;QAC5C,KAAK,QAAQ,CAAC,CAAQ,OAAO,eAAe,CAAC;QAC7C,KAAK,MAAM,CAAC,CAAU,OAAO,aAAa,CAAC;QAC3C,KAAK,eAAe,CAAC,CAAC,OAAO,eAAe,CAAC;QAC7C,OAAO,CAAC,CAAc,OAAO,cAAc,CAAC;IAC9C,CAAC;AACH,CAAC;AAED;;;;;;;;GAQG;AACH,SAAgB,QAAQ,CAAC,GAAsB;IAC7C,oEAAoE;IACpE,oEAAoE;IACpE,8BAA8B;IAC9B,MAAM,aAAa,GAAG,kBAAkB,CAAC,GAAG,CAAC,IAAI,EAAE,GAAG,CAAC,IAAI,CAAC,CAAC;IAC7D,wEAAwE;IACxE,+EAA+E;IAC/E,wEAAwE;IACxE,yEAAyE;IACzE,0EAA0E;IAC1E,8EAA8E;IAC9E,+BAA+B;IAC/B,MAAM,kBAAkB,GAAG,aAAa,KAAK,GAAG,CAAC,IAAI,CAAC;IACtD,MAAM,IAAI,GAAS,CAAC,CAAC,kBAAkB,IAAI,GAAG,CAAC,cAAc,KAAK,SAAS,CAAC;QAC1E,CAAC,CAAC,mBAAmB,CAAC,GAAG,CAAC,cAAc,CAAC;QACzC,CAAC,CAAC,CAAC,SAAS,CAAC,aAAa,CAAC,IAAI,OAAO,CAAC,CAAC;IAC1C,MAAM,aAAa,GAAG,IAAA,8BAAgB,GAAE,CAAC;IAEzC,MAAM,IAAI,GAAG,CAAC,QAAkB,EAAE,EAAE;QAClC,iEAAiE;QACjE,gEAAgE;QAChE,wDAAwD;QACxD,MAAM,OAAO,GAA4B,EAAE,IAAI,EAAE,GAAG,CAAC,IAAI,EAAE,GAAG,QAAQ,EAAE,aAAa,EAAE,CAAC;QACxF,IAAI,aAAa,KAAK,GAAG,CAAC,IAAI;YAAE,OAAO,CAAC,aAAa,GAAG,aAAa,CAAC;QACtE,eAAM,CAAC,IAAI,CAAC,iBAAiB,EAAE,OAAO,CAAC,CAAC;QACxC,OAAO,QAAQ,CAAC;IAClB,CAAC,CAAC;IAEF,sDAAsD;IACtD,oEAAoE;IACpE,mEAAmE;IACnE,oDAAoD;IACpD,MAAM,iBAAiB,GACrB,GAAG,CAAC,IAAI,KAAK,WAAW,IAAI,GAAG,CAAC,IAAI,KAAK,OAAO;QAChD,aAAa,KAAK,WAAW,IAAI,aAAa,KAAK,UAAU,CAAC;IAChE,IAAI,iBAAiB,EAAE,CAAC;QACtB,MAAM,KAAK,GAAG,OAAO,GAAG,CAAC,IAAI,CAAC,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,IAAI,CAAC,KAAK;YAC/D,CAAC,CAAC,OAAO,GAAG,CAAC,IAAI,CAAC,GAAG,KAAK,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,SAAS,CAAC;QAChE,IAAI,KAAK,KAAK,SAAS,EAAE,CAAC;YACxB,MAAM,IAAI,GAAG,IAAA,6BAAY,EAAC,KAAK,CAAC,CAAC;YACjC,0EAA0E;YAC1E,0EAA0E;YAC1E,gEAAgE;YAChE,IAAI,IAAI,KAAK,OAAO,EAAE,CAAC;gBACrB,OAAO,IAAI,CAAC,EAAE,QAAQ,EAAE,OAAO,EAAE,IAAI,EAAE,aAAa,EAAE,MAAM,EAAE,IAAA,+BAAc,EAAC,KAAK,EAAE,OAAO,CAAC,EAAE,CAAC,CAAC;YAClG,CAAC;YACD,IAAI,IAAI,KAAK,SAAS,EAAE,CAAC;gBACvB,OAAO,IAAI,CAAC,EAAE,QAAQ,EAAE,SAAS,EAAE,IAAI,EAAE,aAAa,EAAE,MAAM,EAAE,IAAA,+BAAc,EAAC,KAAK,EAAE,SAAS,CAAC,EAAE,CAAC,CAAC;YACtG,CAAC;QACH,CAAC;IACH,CAAC;IAED,yEAAyE;IACzE,qDAAqD;IACrD,IAAI,GAAG,CAAC,IAAI,KAAK,cAAc,EAAE,CAAC;QAChC,OAAO,IAAI,CAAC;YACV,QAAQ,EAAE,SAAS;YACnB,IAAI,EAAE,QAAQ;YACd,MAAM,EAAE,4EAA4E;SACrF,CAAC,CAAC;IACL,CAAC;IAED,yEAAyE;IACzE,+EAA+E;IAC/E,8EAA8E;IAC9E,8EAA8E;IAC9E,6DAA6D;IAC7D,IAAI,aAAa,KAAK,UAAU,EAAE,CAAC;QACjC,MAAM,MAAM,GAAG,WAAW,CAAC,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QACzC,IAAI,kBAAkB,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC;YACnC,OAAO,IAAI,CAAC,EAAE,QAAQ,EAAE,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC,CAAC;QACpD,CAAC;QACD,OAAO,IAAI,CAAC;YACV,QAAQ,EAAE,SAAS;YACnB,IAAI,EAAE,aAAa;YACnB,MAAM,EAAE,MAAM;gBACZ,CAAC,CAAC,gBAAgB,MAAM,+FAA+F;gBACvH,CAAC,CAAC,sDAAsD;SAC3D,CAAC,CAAC;IACL,CAAC;IAED,8BAA8B;IAC9B,IAAI,IAAI,KAAK,MAAM,EAAE,CAAC;QACpB,OAAO,IAAI,CAAC,EAAE,QAAQ,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC;IAC3C,CAAC;IAED,8CAA8C;IAC9C,IAAI,IAAI,KAAK,QAAQ,EAAE,CAAC;QACtB,OAAO,IAAI,CAAC,EAAE,QAAQ,EAAE,SAAS,EAAE,IAAI,EAAE,MAAM,EAAE,GAAG,GAAG,CAAC,IAAI,0BAA0B,EAAE,CAAC,CAAC;IAC5F,CAAC;IAED,mEAAmE;IACnE,oEAAoE;IACpE,8CAA8C;IAC9C,IAAI,IAAI,KAAK,aAAa,EAAE,CAAC;QAC3B,OAAO,IAAI,CAAC,EAAE,QAAQ,EAAE,SAAS,EAAE,IAAI,EAAE,MAAM,EAAE,GAAG,GAAG,CAAC,IAAI,+BAA+B,EAAE,CAAC,CAAC;IACjG,CAAC;IAED,qDAAqD;IACrD,wEAAwE;IACxE,uEAAuE;IACvE,wEAAwE;IACxE,yDAAyD;IACzD,IAAI,GAAG,CAAC,WAAW,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,aAAa,CAAC,EAAE,CAAC;QACxD,KAAK,MAAM,OAAO,IAAI,sBAAsB,EAAE,CAAC;YAC7C,IAAI,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,WAAW,CAAC,EAAE,CAAC;gBAClC,8DAA8D;gBAC9D,6DAA6D;gBAC7D,8DAA8D;gBAC9D,gEAAgE;gBAChE,+CAA+C;gBAC/C,qDAAqD;gBACrD,qEAAqE;gBACrE,8DAA8D;gBAC9D,6DAA6D;gBAC7D,wDAAwD;gBACxD,IAAI,GAAG,CAAC,YAAY,IAAI,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,YAAY,CAAC,EAAE,CAAC;oBACvD,eAAM,CAAC,IAAI,CAAC,4BAA4B,EAAE;wBACxC,IAAI,EAAE,GAAG,CAAC,IAAI;wBACd,WAAW,EAAE,GAAG,CAAC,WAAW;wBAC5B,OAAO,EAAE,OAAO,CAAC,MAAM;wBACvB,aAAa;qBACd,CAAC,CAAC;oBACH,OAAO,IAAI,CAAC,EAAE,QAAQ,EAAE,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC,CAAC;gBACpD,CAAC;gBACD,OAAO,IAAI,CAAC;oBACV,QAAQ,EAAE,SAAS;oBACnB,IAAI,EAAE,aAAa;oBACnB,MAAM,EAAE,WAAW,GAAG,CAAC,WAAW,iCAAiC,OAAO,CAAC,MAAM,EAAE;iBACpF,CAAC,CAAC;YACL,CAAC;QACH,CAAC;IACH,CAAC;IAED,2EAA2E;IAC3E,2EAA2E;IAC3E,0EAA0E;IAC1E,wEAAwE;IACxE,oEAAoE;IACpE,yBAAyB;IACzB,EAAE;IACF,iBAAiB;IACjB,mEAAmE;IACnE,wEAAwE;IACxE,0EAA0E;IAC1E,wEAAwE;IACxE,4DAA4D;IAC5D,wEAAwE;IACxE,mCAAmC;IACnC,IAAI,GAAG,CAAC,SAAS,IAAI,uCAAc,CAAC,IAAI,CAAC,GAAG,CAAC,SAAS,CAAC,EAAE,CAAC;QACxD,MAAM,WAAW,GAAG,CAAC,aAAa,EAAE,WAAW,EAAE,aAAa,EAAE,YAAY,EAAE,OAAO,EAAE,gBAAgB,CAAC,CAAC;QACzG,IAAI,WAAW,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC;YACnC,MAAM,UAAU,GAAG,CAAC,GAAG,CAAC,WAAW,IAAI,MAAM,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC,IAAI,EAAE,CAAC,MAAM,KAAK,CAAC,CAAC;YACnF,IAAI,UAAU,EAAE,CAAC;gBACf,eAAM,CAAC,KAAK,CAAC,+BAA+B,EAAE,EAAE,GAAG,EAAE,GAAG,CAAC,SAAS,EAAE,IAAI,EAAE,GAAG,CAAC,IAAI,EAAE,aAAa,EAAE,CAAC,CAAC;gBACrG,OAAO,IAAI,CAAC;oBACV,QAAQ,EAAE,SAAS;oBACnB,IAAI,EAAE,aAAa;oBACnB,MAAM,EAAE,kBAAkB,GAAG,CAAC,SAAS,OAAO,GAAG,CAAC,IAAI,0GAA0G;iBACjK,CAAC,CAAC;YACL,CAAC;YACD,oFAAoF;YACpF,eAAM,CAAC,KAAK,CAAC,yCAAyC,EAAE,EAAE,GAAG,EAAE,GAAG,CAAC,SAAS,EAAE,IAAI,EAAE,GAAG,CAAC,IAAI,EAAE,KAAK,EAAE,GAAG,CAAC,WAAW,EAAE,aAAa,EAAE,CAAC,CAAC;QACzI,CAAC;IACH,CAAC;IAED,kCAAkC;IAClC,OAAO,IAAI,CAAC,EAAE,QAAQ,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC;AAC3C,CAAC;AAED;;;GAGG;AACH,SAAgB,SAAS,CAAC,CAAW;IACnC,OAAO,CAAC,CAAC,QAAQ,KAAK,OAAO,CAAC;AAChC,CAAC;AAED,+EAA+E;AAE/E;;;;;;;;;;;;;;;;;;GAkBG;AACH,SAAgB,aAAa,CAAC,KAS7B;IACC,MAAM,SAAS,GAAsB;QACnC,IAAI,EAAE,KAAK,CAAC,QAAQ;QACpB,IAAI,EAAE,KAAK,CAAC,IAAI;QAChB,WAAW,EAAE,KAAK,CAAC,GAAG,EAAE,WAAW;QACnC,SAAS,EAAE,KAAK,CAAC,GAAG,EAAE,SAAS;QAC/B,YAAY,EAAE,KAAK,CAAC,GAAG,EAAE,UAAU;QACnC,cAAc,EAAE,KAAK,CAAC,UAAU;KACjC,CAAC;IACF,OAAO,gBAAgB,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC,CAAC;AAC/C,CAAC"}