@neurcode-ai/cli 0.20.12 → 0.20.14

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (48) hide show
  1. package/dist/commands/activate.d.ts.map +1 -1
  2. package/dist/commands/activate.js +27 -0
  3. package/dist/commands/activate.js.map +1 -1
  4. package/dist/commands/agent.d.ts.map +1 -1
  5. package/dist/commands/agent.js +50 -0
  6. package/dist/commands/agent.js.map +1 -1
  7. package/dist/commands/brain.d.ts.map +1 -1
  8. package/dist/commands/brain.js +32 -0
  9. package/dist/commands/brain.js.map +1 -1
  10. package/dist/commands/init.d.ts.map +1 -1
  11. package/dist/commands/init.js +22 -0
  12. package/dist/commands/init.js.map +1 -1
  13. package/dist/commands/login.d.ts.map +1 -1
  14. package/dist/commands/login.js +46 -0
  15. package/dist/commands/login.js.map +1 -1
  16. package/dist/commands/onboard.d.ts.map +1 -1
  17. package/dist/commands/onboard.js +191 -1
  18. package/dist/commands/onboard.js.map +1 -1
  19. package/dist/commands/repo.d.ts.map +1 -1
  20. package/dist/commands/repo.js +47 -0
  21. package/dist/commands/repo.js.map +1 -1
  22. package/dist/commands/runtime-sync.d.ts.map +1 -1
  23. package/dist/commands/runtime-sync.js +9 -0
  24. package/dist/commands/runtime-sync.js.map +1 -1
  25. package/dist/commands/session-hook.d.ts.map +1 -1
  26. package/dist/commands/session-hook.js +27 -0
  27. package/dist/commands/session-hook.js.map +1 -1
  28. package/dist/commands/telemetry.d.ts +3 -0
  29. package/dist/commands/telemetry.d.ts.map +1 -0
  30. package/dist/commands/telemetry.js +63 -0
  31. package/dist/commands/telemetry.js.map +1 -0
  32. package/dist/index.js +38 -1
  33. package/dist/index.js.map +1 -1
  34. package/dist/runtime-build.json +5 -5
  35. package/dist/utils/activation-telemetry.d.ts +38 -0
  36. package/dist/utils/activation-telemetry.d.ts.map +1 -0
  37. package/dist/utils/activation-telemetry.js +271 -0
  38. package/dist/utils/activation-telemetry.js.map +1 -0
  39. package/dist/utils/enterprise-dogfood-report.d.ts +203 -0
  40. package/dist/utils/enterprise-dogfood-report.d.ts.map +1 -0
  41. package/dist/utils/enterprise-dogfood-report.js +321 -0
  42. package/dist/utils/enterprise-dogfood-report.js.map +1 -0
  43. package/dist/utils/runtime-privacy.d.ts +15 -0
  44. package/dist/utils/runtime-privacy.d.ts.map +1 -1
  45. package/dist/utils/runtime-privacy.js +181 -0
  46. package/dist/utils/runtime-privacy.js.map +1 -1
  47. package/package.json +9 -8
  48. package/LICENSE +0 -201
@@ -0,0 +1,321 @@
1
+ "use strict";
2
+ /**
3
+ * Enterprise Repo Dogfood report — pure, source-free builder (Iteration 14).
4
+ *
5
+ * Iterations 6-13 proved the runtime against fixtures, sandbox payloads, and
6
+ * `neurcode verify --ci` timing on real checkouts. Iteration 14 closes the loop
7
+ * the roadmap actually asks for: drive a *governed cross-file session* on a real,
8
+ * pinned third-party repository and record — honestly and source-free — whether
9
+ * the product was useful.
10
+ *
11
+ * This module is the deterministic, I/O-free core. It takes a single
12
+ * already-source-free facts object ({@link DogfoodReportInput}) gathered by the
13
+ * operator harness (`scripts/enterprise-repo-dogfood-v1.mjs`) and turns it into:
14
+ *
15
+ * 1. {@link buildEnterpriseDogfoodReport} — a machine-readable manifest
16
+ * (`neurcode.enterprise-dogfood-report.v1`) carrying repo facts, brain index
17
+ * metrics, the honest per-tool enforcement posture, structured session
18
+ * observations, source-free evidence pointers, and a seven-dimension score.
19
+ * 2. {@link renderEnterpriseDogfoodReportMarkdown} — the human-readable report.
20
+ *
21
+ * Hard rules (shared with utils/enterprise-eval-report.ts + utils/pilot-evidence-pack.ts):
22
+ * - Source-free. Only slugs, public OSS identities, paths, owners, counts,
23
+ * hashes, verdicts, and durations are read or emitted. We NEVER carry source,
24
+ * diffs, patch bodies, raw prompts, secrets, or natural-language intent /
25
+ * task / session prose. {@link assertEnterpriseDogfoodSourceFree} is the
26
+ * backstop and mirrors the CI leak gate (scripts/source-free-leak-scan.mjs).
27
+ * - Honest enforcement. The Enforcement dimension reports the real
28
+ * `integrations doctor` posture — a cooperative adapter (e.g. Cursor) is
29
+ * advisory, never claimed to be the Claude hook's hard pre-write deny.
30
+ * - Honest scope. Scores are operator judgments, each REQUIRING a source-free
31
+ * evidence pointer (artifact path + count / hash / duration). A score without
32
+ * evidence is rejected at build time.
33
+ */
34
+ Object.defineProperty(exports, "__esModule", { value: true });
35
+ exports.DOGFOOD_DIMENSION_LABELS = exports.DOGFOOD_SCORE_DIMENSIONS = exports.ENTERPRISE_DOGFOOD_REPORT_SCHEMA_VERSION = void 0;
36
+ exports.assertEnterpriseDogfoodSourceFree = assertEnterpriseDogfoodSourceFree;
37
+ exports.rollupDogfoodVerdict = rollupDogfoodVerdict;
38
+ exports.buildEnterpriseDogfoodReport = buildEnterpriseDogfoodReport;
39
+ exports.renderEnterpriseDogfoodReportMarkdown = renderEnterpriseDogfoodReportMarkdown;
40
+ const enterprise_eval_report_1 = require("./enterprise-eval-report");
41
+ const pilot_evidence_pack_1 = require("./pilot-evidence-pack");
42
+ exports.ENTERPRISE_DOGFOOD_REPORT_SCHEMA_VERSION = 'neurcode.enterprise-dogfood-report.v1';
43
+ // ── Scoring rubric (P0-locked: pass | partial | fail per dimension) ───────────
44
+ /** The seven roadmap score dimensions, in canonical report order. */
45
+ exports.DOGFOOD_SCORE_DIMENSIONS = [
46
+ 'intelligence',
47
+ 'enforcement',
48
+ 'usability',
49
+ 'scalability',
50
+ 'evidence',
51
+ 'privacy',
52
+ 'enterpriseReadiness',
53
+ ];
54
+ exports.DOGFOOD_DIMENSION_LABELS = {
55
+ intelligence: 'Intelligence',
56
+ enforcement: 'Enforcement',
57
+ usability: 'Usability',
58
+ scalability: 'Scalability',
59
+ evidence: 'Evidence',
60
+ privacy: 'Privacy',
61
+ enterpriseReadiness: 'Enterprise readiness',
62
+ };
63
+ const DOGFOOD_REPORT_EXCLUDES = [
64
+ 'source code',
65
+ 'diff hunks',
66
+ 'patch bodies',
67
+ 'raw prompts',
68
+ 'raw chat',
69
+ 'natural-language intent / task text',
70
+ 'session prose',
71
+ 'secrets',
72
+ 'private file contents',
73
+ ];
74
+ const DEFAULT_WHAT_THIS_PROVES = [
75
+ 'The Neurcode brain indexed a real, pinned third-party repository and produced a source-free scale / coverage projection.',
76
+ 'A governed cross-file session ran against real code: boundary blocks, exact-path approvals, and neighbor containment were observed (counts only).',
77
+ 'Source-free evidence (pilot evidence pack, AI Change Records, runtime risk classification) was exported with stable content hashes.',
78
+ ];
79
+ const DEFAULT_WHAT_THIS_DOES_NOT_PROVE = [
80
+ 'It does not prove the third-party source is correct, secure, or free of vulnerabilities.',
81
+ 'It does not prove the agent "semantically understands" the repository — brain reuse / architecture signals are advisory and can be false positives.',
82
+ 'Enforcement strength depends on the agent: a cooperative adapter (e.g. Cursor) is advisory and can be bypassed — it is NOT the Claude hook\'s hard pre-write deny.',
83
+ 'Scores are operator judgments backed by source-free evidence pointers, not an automated benchmark.',
84
+ ];
85
+ const DEFAULT_LIMITATIONS = [
86
+ 'Single operator run on one pinned commit — not a statistical sample.',
87
+ 'Large repositories (e.g. microsoft/TypeScript, apache/airflow) run in the operator / pre-release tier, never in hermetic CI.',
88
+ ];
89
+ /**
90
+ * Source-like / prose key names that must never appear in a shareable dogfood
91
+ * artifact. Mirrors `SOURCE_LIKE_KEYS` in scripts/source-free-leak-scan.mjs and
92
+ * `FORBIDDEN_PROSE_KEYS` in utils/pilot-evidence-pack.ts so the builder rejects
93
+ * exactly what the CI leak gate (`scanJsonPayload`) would flag.
94
+ */
95
+ const FORBIDDEN_KEYS = new Set([
96
+ 'content',
97
+ 'fileContent',
98
+ 'file_content',
99
+ 'sourceText',
100
+ 'source_text',
101
+ 'sourceCode',
102
+ 'source_code',
103
+ 'diff',
104
+ 'diffText',
105
+ 'diff_text',
106
+ 'patch',
107
+ 'before',
108
+ 'after',
109
+ 'raw_prompt',
110
+ 'body',
111
+ 'hunk',
112
+ 'unifiedDiff',
113
+ 'unified_diff',
114
+ 'command_body',
115
+ ...pilot_evidence_pack_1.FORBIDDEN_PROSE_KEYS,
116
+ ]);
117
+ function findForbiddenKeys(value, path = 'root', out = []) {
118
+ if (Array.isArray(value)) {
119
+ value.forEach((item, index) => findForbiddenKeys(item, `${path}[${index}]`, out));
120
+ return out;
121
+ }
122
+ if (value && typeof value === 'object') {
123
+ for (const [key, child] of Object.entries(value)) {
124
+ if (FORBIDDEN_KEYS.has(key))
125
+ out.push(`${path}.${key}`);
126
+ findForbiddenKeys(child, `${path}.${key}`, out);
127
+ }
128
+ }
129
+ return out;
130
+ }
131
+ /** Throw if a would-be dogfood artifact carries source/diff/secret/prose shapes. */
132
+ function assertEnterpriseDogfoodSourceFree(value, label = 'enterprise-dogfood artifact') {
133
+ // 1. Shared diff / secret / key string patterns (eval + pilot backstop).
134
+ (0, enterprise_eval_report_1.assertEnterpriseEvalSourceFree)(value, label);
135
+ // 2. Source-like / prose key names anywhere in the structure (matches the gate).
136
+ const offending = findForbiddenKeys(value);
137
+ if (offending.length > 0) {
138
+ throw new Error(`${label} contains forbidden source/prose keys: ${offending.join(', ')}`);
139
+ }
140
+ }
141
+ function rollupDogfoodVerdict(scores) {
142
+ if (scores.some((s) => s.verdict === 'fail'))
143
+ return 'fail';
144
+ if (scores.some((s) => s.verdict === 'partial'))
145
+ return 'partial';
146
+ return 'pass';
147
+ }
148
+ function validateScores(scores) {
149
+ const byDimension = new Map();
150
+ for (const score of scores) {
151
+ if (!exports.DOGFOOD_SCORE_DIMENSIONS.includes(score.dimension)) {
152
+ throw new Error(`unknown dogfood score dimension: ${String(score.dimension)}`);
153
+ }
154
+ if (byDimension.has(score.dimension)) {
155
+ throw new Error(`duplicate dogfood score dimension: ${score.dimension}`);
156
+ }
157
+ if (score.verdict !== 'pass' && score.verdict !== 'partial' && score.verdict !== 'fail') {
158
+ throw new Error(`dimension ${score.dimension} has an invalid verdict: ${String(score.verdict)}`);
159
+ }
160
+ if (typeof score.evidence !== 'string' || score.evidence.trim().length === 0) {
161
+ throw new Error(`dimension ${score.dimension} is missing a source-free evidence pointer`);
162
+ }
163
+ byDimension.set(score.dimension, score);
164
+ }
165
+ const missing = exports.DOGFOOD_SCORE_DIMENSIONS.filter((d) => !byDimension.has(d));
166
+ if (missing.length > 0) {
167
+ throw new Error(`dogfood report is missing score dimension(s): ${missing.join(', ')}`);
168
+ }
169
+ // Canonical order so the report and markdown are deterministic.
170
+ return exports.DOGFOOD_SCORE_DIMENSIONS.map((d) => byDimension.get(d));
171
+ }
172
+ function buildEnterpriseDogfoodReport(input) {
173
+ const scores = validateScores(input.scores);
174
+ const scoreSummary = {
175
+ pass: scores.filter((s) => s.verdict === 'pass').length,
176
+ partial: scores.filter((s) => s.verdict === 'partial').length,
177
+ fail: scores.filter((s) => s.verdict === 'fail').length,
178
+ overall: rollupDogfoodVerdict(scores),
179
+ };
180
+ return {
181
+ schemaVersion: exports.ENTERPRISE_DOGFOOD_REPORT_SCHEMA_VERSION,
182
+ generatedAt: input.generatedAt,
183
+ cliVersion: input.cliVersion ?? null,
184
+ operator: input.operator ?? null,
185
+ repo: input.repo,
186
+ brain: input.brain,
187
+ enforcement: input.enforcement,
188
+ session: input.session,
189
+ artifacts: input.artifacts,
190
+ commandsRun: input.commandsRun,
191
+ durations: input.durations,
192
+ scores,
193
+ scoreSummary,
194
+ whatThisProves: input.whatThisProves?.length ? input.whatThisProves : DEFAULT_WHAT_THIS_PROVES,
195
+ whatThisDoesNotProve: input.whatThisDoesNotProve?.length
196
+ ? input.whatThisDoesNotProve
197
+ : DEFAULT_WHAT_THIS_DOES_NOT_PROVE,
198
+ limitations: input.limitations?.length ? input.limitations : DEFAULT_LIMITATIONS,
199
+ privacy: { sourceFree: true, excludes: DOGFOOD_REPORT_EXCLUDES },
200
+ };
201
+ }
202
+ // ── Markdown renderer (source-free) ───────────────────────────────────────────
203
+ const VERDICT_GLYPH = {
204
+ pass: '✓',
205
+ partial: '~',
206
+ fail: '✗',
207
+ };
208
+ function formatBytes(bytes) {
209
+ if (bytes == null)
210
+ return 'n/a';
211
+ if (bytes < 1024)
212
+ return `${bytes} B`;
213
+ const units = ['KB', 'MB', 'GB', 'TB'];
214
+ let value = bytes / 1024;
215
+ let unit = 0;
216
+ while (value >= 1024 && unit < units.length - 1) {
217
+ value /= 1024;
218
+ unit += 1;
219
+ }
220
+ return `${value.toFixed(1)} ${units[unit]}`;
221
+ }
222
+ function formatMs(ms) {
223
+ if (ms == null)
224
+ return 'n/a';
225
+ if (ms < 1000)
226
+ return `${ms} ms`;
227
+ return `${(ms / 1000).toFixed(1)} s`;
228
+ }
229
+ function renderEnterpriseDogfoodReportMarkdown(report) {
230
+ const lines = [];
231
+ lines.push('# Enterprise Repo Dogfood — Report');
232
+ lines.push('');
233
+ lines.push(`Generated: ${report.generatedAt}`);
234
+ lines.push(`CLI: ${report.cliVersion ?? 'n/a'}${report.operator ? ` · Operator: ${report.operator}` : ''}`);
235
+ lines.push(`Repo: ${report.repo.name} @ ${report.repo.pinnedCommit}${report.repo.ref ? ` (${report.repo.ref})` : ''} · Language: ${report.repo.language} · CI tier: ${report.repo.ciTier}`);
236
+ lines.push(`Scale: ${report.repo.filesTracked ?? 'n/a'} tracked file(s), ${formatBytes(report.repo.diskBytes)} on disk`);
237
+ lines.push(`Score: ${report.scoreSummary.pass} pass · ${report.scoreSummary.partial} partial · ${report.scoreSummary.fail} fail — overall ${report.scoreSummary.overall}`);
238
+ lines.push('');
239
+ lines.push('## Scores (pass / partial / fail with source-free evidence)');
240
+ lines.push('');
241
+ lines.push('| | Dimension | Verdict | Evidence (paths / counts / hashes / durations) |');
242
+ lines.push('|---|---|---|---|');
243
+ for (const score of report.scores) {
244
+ lines.push(`| ${VERDICT_GLYPH[score.verdict]} | ${exports.DOGFOOD_DIMENSION_LABELS[score.dimension]} | ${score.verdict} | ${score.evidence} |`);
245
+ }
246
+ lines.push('');
247
+ lines.push('## Brain index');
248
+ lines.push('');
249
+ if (!report.brain.indexed) {
250
+ lines.push('- Not indexed in this run.');
251
+ }
252
+ else {
253
+ lines.push(`- Files indexed: ${report.brain.filesIndexed ?? 'n/a'} (scanned ${report.brain.filesScanned ?? 'n/a'})`);
254
+ lines.push(`- Index duration: ${formatMs(report.brain.indexDurationMs)} · readiness ${formatMs(report.brain.readinessDurationMs)}`);
255
+ lines.push(`- Scale status: ${report.brain.scaleStatus ?? 'n/a'}`);
256
+ lines.push(`- Storage: ${report.brain.storageBackend ?? 'n/a'}${report.brain.storageFallback ? ' (fallback engaged)' : ''}`);
257
+ if (report.brain.languageMatrix.length > 0) {
258
+ lines.push(`- Language matrix: ${report.brain.languageMatrix
259
+ .map((m) => `${m.language} ${m.files} file(s) [${m.coverageTier}]`)
260
+ .join('; ')}`);
261
+ }
262
+ }
263
+ lines.push('');
264
+ lines.push('## Enforcement posture (from `integrations doctor`)');
265
+ lines.push('');
266
+ lines.push(`- Agent / adapter: ${report.enforcement.agent}${report.enforcement.adapter ? ` / ${report.enforcement.adapter}` : ''}`);
267
+ lines.push(`- Guarantee: ${report.enforcement.guaranteeLabel}`);
268
+ lines.push(`- Enforceable hard deny: ${report.enforcement.enforceable ? 'yes' : 'no'} · Advisory-only (bypassable): ${report.enforcement.advisoryOnly ? 'yes' : 'no'}`);
269
+ lines.push(`- Method: ${report.enforcement.method}`);
270
+ lines.push(`- integrations doctor status: ${report.enforcement.integrationsDoctorStatus ?? 'n/a'}`);
271
+ lines.push('');
272
+ lines.push('## Governed cross-file session');
273
+ lines.push('');
274
+ lines.push(`- Task: ${report.session.task.id} — ${report.session.task.title}`);
275
+ lines.push(`- Cross-file: ${report.session.task.crossFile ? 'yes' : 'no'} · Expected files: ${report.session.task.expectedFiles ?? 'n/a'} · Governed: ${report.session.governed ? 'yes' : 'no'}`);
276
+ lines.push(`- Blocks observed: ${report.session.blocksObserved} · Exact approvals: ${report.session.exactApprovals} · Neighbor contained: ${report.session.neighborContained == null ? 'n/a' : report.session.neighborContained ? 'yes' : 'no'}`);
277
+ lines.push(`- Finish verdict: ${report.session.finishVerdict ?? 'n/a'}`);
278
+ lines.push(`- Where it helped: ${report.session.helps.map((h) => `${h.label} (${h.count})`).join('; ') || 'none recorded'}`);
279
+ lines.push(`- Incorrect blocks (false positives): ${report.session.falseBlocks
280
+ .map((b) => `${b.label} (${b.count}) [${b.pathGlobs.join(', ') || 'no globs'}]`)
281
+ .join('; ') || 'none recorded'}`);
282
+ lines.push(`- Developer friction: ${report.session.friction.map((f) => `${f.label} [${f.severity}] (${f.count})`).join('; ') || 'none recorded'}`);
283
+ lines.push('');
284
+ lines.push('## Evidence artifacts (source-free pointers)');
285
+ lines.push('');
286
+ lines.push(`- Pilot evidence pack: ${report.artifacts.pilotEvidencePack.relativePath ?? 'none'} (hash ${report.artifacts.pilotEvidencePack.contentHash ?? 'n/a'}, ${report.artifacts.pilotEvidencePack.sessionCount ?? 'n/a'} session(s))`);
287
+ lines.push(`- Brain readiness: ${report.artifacts.brainReadiness.relativePath ?? 'none'} (hash ${report.artifacts.brainReadiness.contentHash ?? 'n/a'})`);
288
+ lines.push(`- Runtime risk doctor: ${report.artifacts.runtimeRiskDoctor.relativePath ?? 'none'} (verdict ${report.artifacts.runtimeRiskDoctor.verdict ?? 'n/a'}, ${report.artifacts.runtimeRiskDoctor.classifiedPaths ?? 'n/a'} classified path(s))`);
289
+ lines.push(`- AI Change Records: ${report.artifacts.aiChangeRecords ?? 'n/a'}`);
290
+ lines.push('');
291
+ lines.push('## Durations');
292
+ lines.push('');
293
+ lines.push(`- Total: ${formatMs(report.durations.totalMs)} · Clone: ${formatMs(report.durations.cloneMs)} · Index: ${formatMs(report.durations.indexMs)} · Session: ${formatMs(report.durations.sessionMs)}`);
294
+ lines.push('');
295
+ lines.push('## What this proves');
296
+ lines.push('');
297
+ for (const item of report.whatThisProves)
298
+ lines.push(`- ${item}`);
299
+ lines.push('');
300
+ lines.push('## What this does NOT prove');
301
+ lines.push('');
302
+ for (const item of report.whatThisDoesNotProve)
303
+ lines.push(`- ${item}`);
304
+ lines.push('');
305
+ lines.push('## Limitations');
306
+ lines.push('');
307
+ for (const item of report.limitations)
308
+ lines.push(`- ${item}`);
309
+ lines.push('');
310
+ lines.push('## Commands that were run');
311
+ lines.push('');
312
+ lines.push('```');
313
+ for (const cmd of report.commandsRun)
314
+ lines.push(cmd);
315
+ lines.push('```');
316
+ lines.push('');
317
+ lines.push(`_Source-free: slugs, public OSS identities, paths, owners, counts, hashes, verdicts, and durations only. Excludes: ${report.privacy.excludes.join(', ')}._`);
318
+ lines.push('');
319
+ return lines.join('\n');
320
+ }
321
+ //# sourceMappingURL=enterprise-dogfood-report.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"enterprise-dogfood-report.js","sourceRoot":"","sources":["../../src/utils/enterprise-dogfood-report.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA+BG;;;AAyRH,8EAWC;AAED,oDAIC;AA2BD,oEA8BC;AA6BD,sFA6IC;AA3gBD,qEAA0E;AAC1E,+DAA6D;AAEhD,QAAA,wCAAwC,GAAG,uCAAgD,CAAC;AAEzG,iFAAiF;AAEjF,qEAAqE;AACxD,QAAA,wBAAwB,GAAG;IACtC,cAAc;IACd,aAAa;IACb,WAAW;IACX,aAAa;IACb,UAAU;IACV,SAAS;IACT,qBAAqB;CACb,CAAC;AAME,QAAA,wBAAwB,GAA0C;IAC7E,YAAY,EAAE,cAAc;IAC5B,WAAW,EAAE,aAAa;IAC1B,SAAS,EAAE,WAAW;IACtB,WAAW,EAAE,aAAa;IAC1B,QAAQ,EAAE,UAAU;IACpB,OAAO,EAAE,SAAS;IAClB,mBAAmB,EAAE,sBAAsB;CAC5C,CAAC;AA+KF,MAAM,uBAAuB,GAAG;IAC9B,aAAa;IACb,YAAY;IACZ,cAAc;IACd,aAAa;IACb,UAAU;IACV,qCAAqC;IACrC,eAAe;IACf,SAAS;IACT,uBAAuB;CACxB,CAAC;AAEF,MAAM,wBAAwB,GAAG;IAC/B,0HAA0H;IAC1H,mJAAmJ;IACnJ,qIAAqI;CACtI,CAAC;AAEF,MAAM,gCAAgC,GAAG;IACvC,0FAA0F;IAC1F,qJAAqJ;IACrJ,oKAAoK;IACpK,oGAAoG;CACrG,CAAC;AAEF,MAAM,mBAAmB,GAAG;IAC1B,sEAAsE;IACtE,8HAA8H;CAC/H,CAAC;AAEF;;;;;GAKG;AACH,MAAM,cAAc,GAAwB,IAAI,GAAG,CAAS;IAC1D,SAAS;IACT,aAAa;IACb,cAAc;IACd,YAAY;IACZ,aAAa;IACb,YAAY;IACZ,aAAa;IACb,MAAM;IACN,UAAU;IACV,WAAW;IACX,OAAO;IACP,QAAQ;IACR,OAAO;IACP,YAAY;IACZ,MAAM;IACN,MAAM;IACN,aAAa;IACb,cAAc;IACd,cAAc;IACd,GAAG,0CAAoB;CACxB,CAAC,CAAC;AAEH,SAAS,iBAAiB,CAAC,KAAc,EAAE,IAAI,GAAG,MAAM,EAAE,MAAgB,EAAE;IAC1E,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;QACzB,KAAK,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE,CAAC,iBAAiB,CAAC,IAAI,EAAE,GAAG,IAAI,IAAI,KAAK,GAAG,EAAE,GAAG,CAAC,CAAC,CAAC;QAClF,OAAO,GAAG,CAAC;IACb,CAAC;IACD,IAAI,KAAK,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;QACvC,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,KAAgC,CAAC,EAAE,CAAC;YAC5E,IAAI,cAAc,CAAC,GAAG,CAAC,GAAG,CAAC;gBAAE,GAAG,CAAC,IAAI,CAAC,GAAG,IAAI,IAAI,GAAG,EAAE,CAAC,CAAC;YACxD,iBAAiB,CAAC,KAAK,EAAE,GAAG,IAAI,IAAI,GAAG,EAAE,EAAE,GAAG,CAAC,CAAC;QAClD,CAAC;IACH,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AAED,oFAAoF;AACpF,SAAgB,iCAAiC,CAC/C,KAAc,EACd,KAAK,GAAG,6BAA6B;IAErC,yEAAyE;IACzE,IAAA,uDAA8B,EAAC,KAAK,EAAE,KAAK,CAAC,CAAC;IAC7C,iFAAiF;IACjF,MAAM,SAAS,GAAG,iBAAiB,CAAC,KAAK,CAAC,CAAC;IAC3C,IAAI,SAAS,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACzB,MAAM,IAAI,KAAK,CAAC,GAAG,KAAK,0CAA0C,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAC5F,CAAC;AACH,CAAC;AAED,SAAgB,oBAAoB,CAAC,MAAsB;IACzD,IAAI,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,KAAK,MAAM,CAAC;QAAE,OAAO,MAAM,CAAC;IAC5D,IAAI,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,KAAK,SAAS,CAAC;QAAE,OAAO,SAAS,CAAC;IAClE,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,SAAS,cAAc,CAAC,MAAsB;IAC5C,MAAM,WAAW,GAAG,IAAI,GAAG,EAAuC,CAAC;IACnE,KAAK,MAAM,KAAK,IAAI,MAAM,EAAE,CAAC;QAC3B,IAAI,CAAE,gCAA8C,CAAC,QAAQ,CAAC,KAAK,CAAC,SAAS,CAAC,EAAE,CAAC;YAC/E,MAAM,IAAI,KAAK,CAAC,oCAAoC,MAAM,CAAC,KAAK,CAAC,SAAS,CAAC,EAAE,CAAC,CAAC;QACjF,CAAC;QACD,IAAI,WAAW,CAAC,GAAG,CAAC,KAAK,CAAC,SAAS,CAAC,EAAE,CAAC;YACrC,MAAM,IAAI,KAAK,CAAC,sCAAsC,KAAK,CAAC,SAAS,EAAE,CAAC,CAAC;QAC3E,CAAC;QACD,IAAI,KAAK,CAAC,OAAO,KAAK,MAAM,IAAI,KAAK,CAAC,OAAO,KAAK,SAAS,IAAI,KAAK,CAAC,OAAO,KAAK,MAAM,EAAE,CAAC;YACxF,MAAM,IAAI,KAAK,CAAC,aAAa,KAAK,CAAC,SAAS,4BAA4B,MAAM,CAAC,KAAK,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC;QACnG,CAAC;QACD,IAAI,OAAO,KAAK,CAAC,QAAQ,KAAK,QAAQ,IAAI,KAAK,CAAC,QAAQ,CAAC,IAAI,EAAE,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC7E,MAAM,IAAI,KAAK,CAAC,aAAa,KAAK,CAAC,SAAS,4CAA4C,CAAC,CAAC;QAC5F,CAAC;QACD,WAAW,CAAC,GAAG,CAAC,KAAK,CAAC,SAAS,EAAE,KAAK,CAAC,CAAC;IAC1C,CAAC;IACD,MAAM,OAAO,GAAG,gCAAwB,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;IAC5E,IAAI,OAAO,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACvB,MAAM,IAAI,KAAK,CAAC,iDAAiD,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACzF,CAAC;IACD,gEAAgE;IAChE,OAAO,gCAAwB,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC,CAAiB,CAAC,CAAC;AACjF,CAAC;AAED,SAAgB,4BAA4B,CAAC,KAAyB;IACpE,MAAM,MAAM,GAAG,cAAc,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;IAC5C,MAAM,YAAY,GAAG;QACnB,IAAI,EAAE,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,KAAK,MAAM,CAAC,CAAC,MAAM;QACvD,OAAO,EAAE,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,KAAK,SAAS,CAAC,CAAC,MAAM;QAC7D,IAAI,EAAE,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,KAAK,MAAM,CAAC,CAAC,MAAM;QACvD,OAAO,EAAE,oBAAoB,CAAC,MAAM,CAAC;KACtC,CAAC;IAEF,OAAO;QACL,aAAa,EAAE,gDAAwC;QACvD,WAAW,EAAE,KAAK,CAAC,WAAW;QAC9B,UAAU,EAAE,KAAK,CAAC,UAAU,IAAI,IAAI;QACpC,QAAQ,EAAE,KAAK,CAAC,QAAQ,IAAI,IAAI;QAChC,IAAI,EAAE,KAAK,CAAC,IAAI;QAChB,KAAK,EAAE,KAAK,CAAC,KAAK;QAClB,WAAW,EAAE,KAAK,CAAC,WAAW;QAC9B,OAAO,EAAE,KAAK,CAAC,OAAO;QACtB,SAAS,EAAE,KAAK,CAAC,SAAS;QAC1B,WAAW,EAAE,KAAK,CAAC,WAAW;QAC9B,SAAS,EAAE,KAAK,CAAC,SAAS;QAC1B,MAAM;QACN,YAAY;QACZ,cAAc,EAAE,KAAK,CAAC,cAAc,EAAE,MAAM,CAAC,CAAC,CAAC,KAAK,CAAC,cAAc,CAAC,CAAC,CAAC,wBAAwB;QAC9F,oBAAoB,EAAE,KAAK,CAAC,oBAAoB,EAAE,MAAM;YACtD,CAAC,CAAC,KAAK,CAAC,oBAAoB;YAC5B,CAAC,CAAC,gCAAgC;QACpC,WAAW,EAAE,KAAK,CAAC,WAAW,EAAE,MAAM,CAAC,CAAC,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC,CAAC,mBAAmB;QAChF,OAAO,EAAE,EAAE,UAAU,EAAE,IAAI,EAAE,QAAQ,EAAE,uBAAuB,EAAE;KACjE,CAAC;AACJ,CAAC;AAED,iFAAiF;AAEjF,MAAM,aAAa,GAAwC;IACzD,IAAI,EAAE,GAAG;IACT,OAAO,EAAE,GAAG;IACZ,IAAI,EAAE,GAAG;CACV,CAAC;AAEF,SAAS,WAAW,CAAC,KAAoB;IACvC,IAAI,KAAK,IAAI,IAAI;QAAE,OAAO,KAAK,CAAC;IAChC,IAAI,KAAK,GAAG,IAAI;QAAE,OAAO,GAAG,KAAK,IAAI,CAAC;IACtC,MAAM,KAAK,GAAG,CAAC,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,CAAC,CAAC;IACvC,IAAI,KAAK,GAAG,KAAK,GAAG,IAAI,CAAC;IACzB,IAAI,IAAI,GAAG,CAAC,CAAC;IACb,OAAO,KAAK,IAAI,IAAI,IAAI,IAAI,GAAG,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAChD,KAAK,IAAI,IAAI,CAAC;QACd,IAAI,IAAI,CAAC,CAAC;IACZ,CAAC;IACD,OAAO,GAAG,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC;AAC9C,CAAC;AAED,SAAS,QAAQ,CAAC,EAAiB;IACjC,IAAI,EAAE,IAAI,IAAI;QAAE,OAAO,KAAK,CAAC;IAC7B,IAAI,EAAE,GAAG,IAAI;QAAE,OAAO,GAAG,EAAE,KAAK,CAAC;IACjC,OAAO,GAAG,CAAC,EAAE,GAAG,IAAI,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC;AACvC,CAAC;AAED,SAAgB,qCAAqC,CAAC,MAA+B;IACnF,MAAM,KAAK,GAAa,EAAE,CAAC;IAC3B,KAAK,CAAC,IAAI,CAAC,oCAAoC,CAAC,CAAC;IACjD,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACf,KAAK,CAAC,IAAI,CAAC,cAAc,MAAM,CAAC,WAAW,EAAE,CAAC,CAAC;IAC/C,KAAK,CAAC,IAAI,CAAC,QAAQ,MAAM,CAAC,UAAU,IAAI,KAAK,GAAG,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC,gBAAgB,MAAM,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;IAC5G,KAAK,CAAC,IAAI,CACR,SAAS,MAAM,CAAC,IAAI,CAAC,IAAI,MAAM,MAAM,CAAC,IAAI,CAAC,YAAY,GAAG,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,KAAK,MAAM,CAAC,IAAI,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC,EAAE,gBAAgB,MAAM,CAAC,IAAI,CAAC,QAAQ,eAAe,MAAM,CAAC,IAAI,CAAC,MAAM,EAAE,CAChL,CAAC;IACF,KAAK,CAAC,IAAI,CACR,UAAU,MAAM,CAAC,IAAI,CAAC,YAAY,IAAI,KAAK,qBAAqB,WAAW,CAAC,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,UAAU,CAC7G,CAAC;IACF,KAAK,CAAC,IAAI,CACR,UAAU,MAAM,CAAC,YAAY,CAAC,IAAI,WAAW,MAAM,CAAC,YAAY,CAAC,OAAO,cAAc,MAAM,CAAC,YAAY,CAAC,IAAI,mBAAmB,MAAM,CAAC,YAAY,CAAC,OAAO,EAAE,CAC/J,CAAC;IACF,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAEf,KAAK,CAAC,IAAI,CAAC,6DAA6D,CAAC,CAAC;IAC1E,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACf,KAAK,CAAC,IAAI,CAAC,4EAA4E,CAAC,CAAC;IACzF,KAAK,CAAC,IAAI,CAAC,mBAAmB,CAAC,CAAC;IAChC,KAAK,MAAM,KAAK,IAAI,MAAM,CAAC,MAAM,EAAE,CAAC;QAClC,KAAK,CAAC,IAAI,CACR,KAAK,aAAa,CAAC,KAAK,CAAC,OAAO,CAAC,MAAM,gCAAwB,CAAC,KAAK,CAAC,SAAS,CAAC,MAAM,KAAK,CAAC,OAAO,MAAM,KAAK,CAAC,QAAQ,IAAI,CAC5H,CAAC;IACJ,CAAC;IACD,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAEf,KAAK,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC;IAC7B,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACf,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,OAAO,EAAE,CAAC;QAC1B,KAAK,CAAC,IAAI,CAAC,4BAA4B,CAAC,CAAC;IAC3C,CAAC;SAAM,CAAC;QACN,KAAK,CAAC,IAAI,CAAC,oBAAoB,MAAM,CAAC,KAAK,CAAC,YAAY,IAAI,KAAK,aAAa,MAAM,CAAC,KAAK,CAAC,YAAY,IAAI,KAAK,GAAG,CAAC,CAAC;QACrH,KAAK,CAAC,IAAI,CAAC,qBAAqB,QAAQ,CAAC,MAAM,CAAC,KAAK,CAAC,eAAe,CAAC,gBAAgB,QAAQ,CAAC,MAAM,CAAC,KAAK,CAAC,mBAAmB,CAAC,EAAE,CAAC,CAAC;QACpI,KAAK,CAAC,IAAI,CAAC,mBAAmB,MAAM,CAAC,KAAK,CAAC,WAAW,IAAI,KAAK,EAAE,CAAC,CAAC;QACnE,KAAK,CAAC,IAAI,CACR,cAAc,MAAM,CAAC,KAAK,CAAC,cAAc,IAAI,KAAK,GAAG,MAAM,CAAC,KAAK,CAAC,eAAe,CAAC,CAAC,CAAC,qBAAqB,CAAC,CAAC,CAAC,EAAE,EAAE,CACjH,CAAC;QACF,IAAI,MAAM,CAAC,KAAK,CAAC,cAAc,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC3C,KAAK,CAAC,IAAI,CACR,sBAAsB,MAAM,CAAC,KAAK,CAAC,cAAc;iBAC9C,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,CAAC,CAAC,QAAQ,IAAI,CAAC,CAAC,KAAK,aAAa,CAAC,CAAC,YAAY,GAAG,CAAC;iBAClE,IAAI,CAAC,IAAI,CAAC,EAAE,CAChB,CAAC;QACJ,CAAC;IACH,CAAC;IACD,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAEf,KAAK,CAAC,IAAI,CAAC,qDAAqD,CAAC,CAAC;IAClE,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACf,KAAK,CAAC,IAAI,CAAC,sBAAsB,MAAM,CAAC,WAAW,CAAC,KAAK,GAAG,MAAM,CAAC,WAAW,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,MAAM,CAAC,WAAW,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;IACpI,KAAK,CAAC,IAAI,CAAC,gBAAgB,MAAM,CAAC,WAAW,CAAC,cAAc,EAAE,CAAC,CAAC;IAChE,KAAK,CAAC,IAAI,CACR,4BAA4B,MAAM,CAAC,WAAW,CAAC,WAAW,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,kCAAkC,MAAM,CAAC,WAAW,CAAC,YAAY,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,EAAE,CAC5J,CAAC;IACF,KAAK,CAAC,IAAI,CAAC,aAAa,MAAM,CAAC,WAAW,CAAC,MAAM,EAAE,CAAC,CAAC;IACrD,KAAK,CAAC,IAAI,CAAC,iCAAiC,MAAM,CAAC,WAAW,CAAC,wBAAwB,IAAI,KAAK,EAAE,CAAC,CAAC;IACpG,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAEf,KAAK,CAAC,IAAI,CAAC,gCAAgC,CAAC,CAAC;IAC7C,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACf,KAAK,CAAC,IAAI,CAAC,WAAW,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,MAAM,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,KAAK,EAAE,CAAC,CAAC;IAC/E,KAAK,CAAC,IAAI,CACR,iBAAiB,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,sBAAsB,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,aAAa,IAAI,KAAK,gBAAgB,MAAM,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,EAAE,CACtL,CAAC;IACF,KAAK,CAAC,IAAI,CACR,sBAAsB,MAAM,CAAC,OAAO,CAAC,cAAc,uBAAuB,MAAM,CAAC,OAAO,CAAC,cAAc,0BACrG,MAAM,CAAC,OAAO,CAAC,iBAAiB,IAAI,IAAI,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,iBAAiB,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,IAChG,EAAE,CACH,CAAC;IACF,KAAK,CAAC,IAAI,CAAC,qBAAqB,MAAM,CAAC,OAAO,CAAC,aAAa,IAAI,KAAK,EAAE,CAAC,CAAC;IACzE,KAAK,CAAC,IAAI,CACR,sBAAsB,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,CAAC,CAAC,KAAK,KAAK,CAAC,CAAC,KAAK,GAAG,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,eAAe,EAAE,CACjH,CAAC;IACF,KAAK,CAAC,IAAI,CACR,yCACE,MAAM,CAAC,OAAO,CAAC,WAAW;SACvB,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,CAAC,CAAC,KAAK,KAAK,CAAC,CAAC,KAAK,MAAM,CAAC,CAAC,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,UAAU,GAAG,CAAC;SAC/E,IAAI,CAAC,IAAI,CAAC,IAAI,eACnB,EAAE,CACH,CAAC;IACF,KAAK,CAAC,IAAI,CACR,yBACE,MAAM,CAAC,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,CAAC,CAAC,KAAK,KAAK,CAAC,CAAC,QAAQ,MAAM,CAAC,CAAC,KAAK,GAAG,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,eAC9F,EAAE,CACH,CAAC;IACF,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAEf,KAAK,CAAC,IAAI,CAAC,8CAA8C,CAAC,CAAC;IAC3D,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACf,KAAK,CAAC,IAAI,CACR,0BAA0B,MAAM,CAAC,SAAS,CAAC,iBAAiB,CAAC,YAAY,IAAI,MAAM,UACjF,MAAM,CAAC,SAAS,CAAC,iBAAiB,CAAC,WAAW,IAAI,KACpD,KAAK,MAAM,CAAC,SAAS,CAAC,iBAAiB,CAAC,YAAY,IAAI,KAAK,cAAc,CAC5E,CAAC;IACF,KAAK,CAAC,IAAI,CAAC,sBAAsB,MAAM,CAAC,SAAS,CAAC,cAAc,CAAC,YAAY,IAAI,MAAM,UAAU,MAAM,CAAC,SAAS,CAAC,cAAc,CAAC,WAAW,IAAI,KAAK,GAAG,CAAC,CAAC;IAC1J,KAAK,CAAC,IAAI,CACR,0BAA0B,MAAM,CAAC,SAAS,CAAC,iBAAiB,CAAC,YAAY,IAAI,MAAM,aACjF,MAAM,CAAC,SAAS,CAAC,iBAAiB,CAAC,OAAO,IAAI,KAChD,KAAK,MAAM,CAAC,SAAS,CAAC,iBAAiB,CAAC,eAAe,IAAI,KAAK,sBAAsB,CACvF,CAAC;IACF,KAAK,CAAC,IAAI,CAAC,wBAAwB,MAAM,CAAC,SAAS,CAAC,eAAe,IAAI,KAAK,EAAE,CAAC,CAAC;IAChF,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAEf,KAAK,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;IAC3B,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACf,KAAK,CAAC,IAAI,CACR,YAAY,QAAQ,CAAC,MAAM,CAAC,SAAS,CAAC,OAAO,CAAC,aAAa,QAAQ,CAAC,MAAM,CAAC,SAAS,CAAC,OAAO,CAAC,aAAa,QAAQ,CAAC,MAAM,CAAC,SAAS,CAAC,OAAO,CAAC,eAAe,QAAQ,CAAC,MAAM,CAAC,SAAS,CAAC,SAAS,CAAC,EAAE,CAClM,CAAC;IACF,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAEf,KAAK,CAAC,IAAI,CAAC,qBAAqB,CAAC,CAAC;IAClC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACf,KAAK,MAAM,IAAI,IAAI,MAAM,CAAC,cAAc;QAAE,KAAK,CAAC,IAAI,CAAC,KAAK,IAAI,EAAE,CAAC,CAAC;IAClE,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAEf,KAAK,CAAC,IAAI,CAAC,6BAA6B,CAAC,CAAC;IAC1C,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACf,KAAK,MAAM,IAAI,IAAI,MAAM,CAAC,oBAAoB;QAAE,KAAK,CAAC,IAAI,CAAC,KAAK,IAAI,EAAE,CAAC,CAAC;IACxE,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAEf,KAAK,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC;IAC7B,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACf,KAAK,MAAM,IAAI,IAAI,MAAM,CAAC,WAAW;QAAE,KAAK,CAAC,IAAI,CAAC,KAAK,IAAI,EAAE,CAAC,CAAC;IAC/D,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAEf,KAAK,CAAC,IAAI,CAAC,2BAA2B,CAAC,CAAC;IACxC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACf,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IAClB,KAAK,MAAM,GAAG,IAAI,MAAM,CAAC,WAAW;QAAE,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IACtD,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IAClB,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAEf,KAAK,CAAC,IAAI,CACR,sHAAsH,MAAM,CAAC,OAAO,CAAC,QAAQ,CAAC,IAAI,CAChJ,IAAI,CACL,IAAI,CACN,CAAC;IACF,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACf,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC1B,CAAC"}
@@ -1,8 +1,23 @@
1
1
  import { type GovernanceSession, type IntentRedactionReasonCode, type IntentSummaryV1 } from '@neurcode-ai/governance-runtime';
2
+ import { type RepoIntelligenceEvidence } from '@neurcode-ai/contracts';
2
3
  export declare const RUNTIME_CLOUD_SESSION_SCHEMA_VERSION: "neurcode.runtime-cloud-session.v1";
3
4
  export declare const RUNTIME_LIVE_SESSION_SCHEMA_VERSION: "neurcode.runtime-live-session.v3";
4
5
  type UnknownRecord = Record<string, unknown>;
5
6
  export declare function buildRuntimeIntentSummary(session: GovernanceSession, classification?: 'cloud_safe' | 'shareable'): IntentSummaryV1;
7
+ /**
8
+ * Project a local `RepoIntelligenceEvidence` object into a source-free, depth-bounded form
9
+ * safe to attach at the SESSION level of a cloud runtime payload. Returns null when the input
10
+ * is not valid evidence or the bounded projection would still fail the cloud privacy gate —
11
+ * in that case the session uploads WITHOUT repo-intelligence rather than failing the whole
12
+ * upload (fail-safe: omit, never leak, never block other evidence).
13
+ *
14
+ * Source-freeness is structural (the producer already emits no source). This projection
15
+ * additionally drops the deep `matchedFacts`/`related` arrays (depth 9+ even at session
16
+ * level, and they carry path/symbol labels) and bounds every array/string. `graph.summary`
17
+ * (languages, package/service names, counts) IS retained — it is depth-safe at session level
18
+ * and powers the dashboard's language-coverage and graph-posture panels.
19
+ */
20
+ export declare function projectRepoIntelligenceForCloud(value: unknown): RepoIntelligenceEvidence | null;
6
21
  export declare function buildCloudSafeRuntimeSession(session: GovernanceSession): UnknownRecord;
7
22
  export declare function projectRuntimePayloadForCloud(payload: UnknownRecord): UnknownRecord;
8
23
  export declare function runtimePrivacySchemaVersions(): string[];
@@ -1 +1 @@
1
- {"version":3,"file":"runtime-privacy.d.ts","sourceRoot":"","sources":["../../src/utils/runtime-privacy.ts"],"names":[],"mappings":"AAAA,OAAO,EAOL,KAAK,iBAAiB,EAEtB,KAAK,yBAAyB,EAC9B,KAAK,eAAe,EAErB,MAAM,iCAAiC,CAAC;AAEzC,eAAO,MAAM,oCAAoC,EAAG,mCAA4C,CAAC;AACjG,eAAO,MAAM,mCAAmC,EAAG,kCAA2C,CAAC;AAE/F,KAAK,aAAa,GAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;AA+F7C,wBAAgB,yBAAyB,CACvC,OAAO,EAAE,iBAAiB,EAC1B,cAAc,GAAE,YAAY,GAAG,WAA0B,GACxD,eAAe,CAqBjB;AAqHD,wBAAgB,4BAA4B,CAAC,OAAO,EAAE,iBAAiB,GAAG,aAAa,CA0DtF;AA8BD,wBAAgB,6BAA6B,CAAC,OAAO,EAAE,aAAa,GAAG,aAAa,CAwBnF;AAED,wBAAgB,4BAA4B,IAAI,MAAM,EAAE,CAOvD;AAED,wBAAgB,2BAA2B,CAAC,KAAK,EAAE,OAAO,GAAG,yBAAyB,EAAE,CA2BvF"}
1
+ {"version":3,"file":"runtime-privacy.d.ts","sourceRoot":"","sources":["../../src/utils/runtime-privacy.ts"],"names":[],"mappings":"AAAA,OAAO,EAQL,KAAK,iBAAiB,EAEtB,KAAK,yBAAyB,EAC9B,KAAK,eAAe,EAErB,MAAM,iCAAiC,CAAC;AACzC,OAAO,EAGL,KAAK,wBAAwB,EAC9B,MAAM,wBAAwB,CAAC;AAEhC,eAAO,MAAM,oCAAoC,EAAG,mCAA4C,CAAC;AACjG,eAAO,MAAM,mCAAmC,EAAG,kCAA2C,CAAC;AAE/F,KAAK,aAAa,GAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;AA+F7C,wBAAgB,yBAAyB,CACvC,OAAO,EAAE,iBAAiB,EAC1B,cAAc,GAAE,YAAY,GAAG,WAA0B,GACxD,eAAe,CAqBjB;AA2CD;;;;;;;;;;;;GAYG;AACH,wBAAgB,+BAA+B,CAAC,KAAK,EAAE,OAAO,GAAG,wBAAwB,GAAG,IAAI,CA6G/F;AA0HD,wBAAgB,4BAA4B,CAAC,OAAO,EAAE,iBAAiB,GAAG,aAAa,CA+DtF;AA8BD,wBAAgB,6BAA6B,CAAC,OAAO,EAAE,aAAa,GAAG,aAAa,CAwBnF;AAED,wBAAgB,4BAA4B,IAAI,MAAM,EAAE,CAOvD;AAED,wBAAgB,2BAA2B,CAAC,KAAK,EAAE,OAAO,GAAG,yBAAyB,EAAE,CA2BvF"}
@@ -2,11 +2,13 @@
2
2
  Object.defineProperty(exports, "__esModule", { value: true });
3
3
  exports.RUNTIME_LIVE_SESSION_SCHEMA_VERSION = exports.RUNTIME_CLOUD_SESSION_SCHEMA_VERSION = void 0;
4
4
  exports.buildRuntimeIntentSummary = buildRuntimeIntentSummary;
5
+ exports.projectRepoIntelligenceForCloud = projectRepoIntelligenceForCloud;
5
6
  exports.buildCloudSafeRuntimeSession = buildCloudSafeRuntimeSession;
6
7
  exports.projectRuntimePayloadForCloud = projectRuntimePayloadForCloud;
7
8
  exports.runtimePrivacySchemaVersions = runtimePrivacySchemaVersions;
8
9
  exports.privacyReasonCodesFromError = privacyReasonCodesFromError;
9
10
  const governance_runtime_1 = require("@neurcode-ai/governance-runtime");
11
+ const contracts_1 = require("@neurcode-ai/contracts");
10
12
  exports.RUNTIME_CLOUD_SESSION_SCHEMA_VERSION = 'neurcode.runtime-cloud-session.v1';
11
13
  exports.RUNTIME_LIVE_SESSION_SCHEMA_VERSION = 'neurcode.runtime-live-session.v3';
12
14
  function asRecord(value) {
@@ -134,6 +136,162 @@ function eventReasonCodes(event) {
134
136
  reasons.add(blockType);
135
137
  return Array.from(reasons).sort((left, right) => left.localeCompare(right)).slice(0, 12);
136
138
  }
139
+ // Bounds for one session-level cloud repo-intelligence projection. One evidence object per
140
+ // session (the latest) is node-cheap, so these caps exist for tidy payloads rather than to
141
+ // fit the aggregate node budget.
142
+ const MAX_CLOUD_FINDINGS = 25;
143
+ const MAX_CLOUD_ADVISORY = 25;
144
+ const MAX_CLOUD_RULE_IDS = 64;
145
+ const MAX_CLOUD_SUMMARY_ITEMS = 100;
146
+ const MAX_EVIDENCE_TEXT = 280;
147
+ function boundedStringList(value, maxItems, maxLength = 160) {
148
+ if (!Array.isArray(value))
149
+ return [];
150
+ const out = [];
151
+ for (const item of value) {
152
+ const cleaned = stringValue(item, maxLength);
153
+ if (cleaned)
154
+ out.push(cleaned);
155
+ if (out.length >= maxItems)
156
+ break;
157
+ }
158
+ return out;
159
+ }
160
+ const ABSOLUTE_PATH_VALUE = /(?:^|[^A-Za-z0-9_-])(?:\/(?:Users|home|private|tmp|var|etc|root|Volumes|opt|usr|workspace|app)\/[^\s"'`)]+|[A-Za-z]:[\\/][^\s"'`)]+|\\\\[A-Za-z0-9._-]+[\\/][^\s"'`)]+)/;
161
+ function hasAbsolutePathValue(value) {
162
+ if (typeof value === 'string')
163
+ return ABSOLUTE_PATH_VALUE.test(value.normalize('NFKC'));
164
+ if (Array.isArray(value))
165
+ return value.some((item) => hasAbsolutePathValue(item));
166
+ if (!value || typeof value !== 'object')
167
+ return false;
168
+ return Object.values(value).some((child) => hasAbsolutePathValue(child));
169
+ }
170
+ /**
171
+ * Project a local `RepoIntelligenceEvidence` object into a source-free, depth-bounded form
172
+ * safe to attach at the SESSION level of a cloud runtime payload. Returns null when the input
173
+ * is not valid evidence or the bounded projection would still fail the cloud privacy gate —
174
+ * in that case the session uploads WITHOUT repo-intelligence rather than failing the whole
175
+ * upload (fail-safe: omit, never leak, never block other evidence).
176
+ *
177
+ * Source-freeness is structural (the producer already emits no source). This projection
178
+ * additionally drops the deep `matchedFacts`/`related` arrays (depth 9+ even at session
179
+ * level, and they carry path/symbol labels) and bounds every array/string. `graph.summary`
180
+ * (languages, package/service names, counts) IS retained — it is depth-safe at session level
181
+ * and powers the dashboard's language-coverage and graph-posture panels.
182
+ */
183
+ function projectRepoIntelligenceForCloud(value) {
184
+ if (!(0, contracts_1.isRepoIntelligenceEvidence)(value))
185
+ return null;
186
+ const evidence = value;
187
+ const graph = evidence.graph;
188
+ const freshness = graph.freshness;
189
+ const projected = {
190
+ schemaVersion: evidence.schemaVersion,
191
+ evidenceId: stringValue(evidence.evidenceId, 200) ?? evidence.evidenceId,
192
+ generatedAt: evidence.generatedAt,
193
+ classification: evidence.classification,
194
+ verdict: evidence.verdict,
195
+ enforcement: {
196
+ adapterId: stringValue(evidence.enforcement.adapterId, 120) ?? evidence.enforcement.adapterId,
197
+ capability: evidence.enforcement.capability,
198
+ timing: evidence.enforcement.timing,
199
+ decisionBinding: evidence.enforcement.decisionBinding,
200
+ },
201
+ graph: {
202
+ graphId: graph.graphId,
203
+ schemaVersion: graph.schemaVersion,
204
+ ...(graph.canonicalModel ? { canonicalModel: graph.canonicalModel } : {}),
205
+ storageSchemaVersion: graph.storageSchemaVersion ?? null,
206
+ freshness: {
207
+ state: freshness.state,
208
+ ...(freshness.posture ? { posture: freshness.posture } : {}),
209
+ indexedAt: freshness.indexedAt,
210
+ gitHead: freshness.gitHead,
211
+ workingTreeHash: freshness.workingTreeHash,
212
+ staleFileCount: freshness.staleFileCount,
213
+ unsupportedFileCount: freshness.unsupportedFileCount,
214
+ reasonCodes: boundedStringList(freshness.reasonCodes, 32, 128),
215
+ },
216
+ lastSuccessfulIndexAt: graph.lastSuccessfulIndexAt ?? null,
217
+ lastAttemptedIndexAt: graph.lastAttemptedIndexAt ?? null,
218
+ unsupportedPercent: graph.unsupportedPercent,
219
+ coverage: graph.coverage ?? null,
220
+ ...(graph.deterministicEvidenceEligible !== undefined
221
+ ? { deterministicEvidenceEligible: graph.deterministicEvidenceEligible } : {}),
222
+ ...(graph.deterministicEnforcementEligible !== undefined
223
+ ? { deterministicEnforcementEligible: graph.deterministicEnforcementEligible } : {}),
224
+ enforcementIneligibilityReasons: boundedStringList(graph.enforcementIneligibilityReasons, 64, 128),
225
+ ...(graph.recoveryCommand ? { recoveryCommand: graph.recoveryCommand } : {}),
226
+ ...(graph.runtimeCompatibility ? { runtimeCompatibility: graph.runtimeCompatibility } : {}),
227
+ ...(graph.summary ? {
228
+ summary: {
229
+ languages: graph.summary.languages.slice(0, 64).map((language) => ({
230
+ language: language.language,
231
+ depth: language.depth,
232
+ filesSeen: language.filesSeen,
233
+ filesAnalyzed: language.filesAnalyzed,
234
+ filesUnsupported: language.filesUnsupported,
235
+ })),
236
+ packages: boundedStringList(graph.summary.packages, MAX_CLOUD_SUMMARY_ITEMS, 200),
237
+ services: boundedStringList(graph.summary.services, MAX_CLOUD_SUMMARY_ITEMS, 200),
238
+ ownershipZoneCount: graph.summary.ownershipZoneCount,
239
+ sensitiveSurfaceCount: graph.summary.sensitiveSurfaceCount,
240
+ },
241
+ } : {}),
242
+ // DROP graph.coverageAuthority and graph.relationshipAuthority (unbounded nested depth,
243
+ // not read by the cloud API or dashboard).
244
+ },
245
+ policy: {
246
+ evaluatedRuleIds: boundedStringList(evidence.policy.evaluatedRuleIds, MAX_CLOUD_RULE_IDS, 200),
247
+ notEvaluatedRuleIds: boundedStringList(evidence.policy.notEvaluatedRuleIds, MAX_CLOUD_RULE_IDS, 200),
248
+ findings: evidence.policy.findings.slice(0, MAX_CLOUD_FINDINGS).map((finding) => ({
249
+ findingId: stringValue(finding.findingId, 160) ?? finding.findingId,
250
+ ruleId: stringValue(finding.ruleId, 200) ?? finding.ruleId,
251
+ family: finding.family,
252
+ verdict: finding.verdict,
253
+ truth: finding.truth,
254
+ // matchedFacts carry repo-relative path + symbol labels and nest to depth 9 even at
255
+ // session level. Drop the contents; the rule id + explanation/remediation remain.
256
+ matchedFacts: [],
257
+ explanation: stringValue(finding.explanation, MAX_EVIDENCE_TEXT) ?? '',
258
+ remediation: stringValue(finding.remediation, MAX_EVIDENCE_TEXT) ?? '',
259
+ })),
260
+ },
261
+ advisory: evidence.advisory.slice(0, MAX_CLOUD_ADVISORY).map((finding) => ({
262
+ schemaVersion: finding.schemaVersion,
263
+ findingId: stringValue(finding.findingId, 160) ?? finding.findingId,
264
+ providerId: stringValue(finding.providerId, 120) ?? finding.providerId,
265
+ category: finding.category,
266
+ truth: finding.truth,
267
+ confidence: finding.confidence,
268
+ rationaleCategories: boundedStringList(finding.rationaleCategories, 16, 80),
269
+ // related[] carries path/symbol labels + extra depth; drop for the cloud projection.
270
+ related: [],
271
+ limitations: boundedStringList(finding.limitations, 16, 160),
272
+ suppressed: finding.suppressed,
273
+ cacheKey: stringValue(finding.cacheKey, 120) ?? finding.cacheKey,
274
+ })),
275
+ signature: {
276
+ trust: evidence.signature.trust,
277
+ receiptId: evidence.signature.receiptId,
278
+ recordHash: evidence.signature.recordHash,
279
+ },
280
+ privacy: (0, contracts_1.sourceFreePrivacyContract)(),
281
+ };
282
+ // The projection must independently satisfy the shape contract and the cloud privacy gate
283
+ // at the DEEPEST real nesting (`body.sessions[i].repoIntelligence`, the bulk evidence
284
+ // upload). If either fails, omit it so a single oversized evaluation never fail-closes the
285
+ // whole session upload.
286
+ if (!(0, contracts_1.isRepoIntelligenceEvidence)(projected))
287
+ return null;
288
+ const gate = (0, governance_runtime_1.validatePrivacySafeCloudPayload)({ sessions: [{ repoIntelligence: projected }] });
289
+ if (!gate.ok)
290
+ return null;
291
+ if (hasAbsolutePathValue(projected))
292
+ return null;
293
+ return projected;
294
+ }
137
295
  function cloudSafeEvent(event) {
138
296
  const detail = asRecord(event.detail);
139
297
  const approvalContext = asRecord(detail?.approvalContext);
@@ -169,6 +327,24 @@ function cloudSafeEvent(event) {
169
327
  result.detail = compactDetail;
170
328
  return result;
171
329
  }
330
+ /**
331
+ * The most recent source-free repo-intelligence evidence produced during the session, as a
332
+ * bounded cloud projection. Attached at the SESSION level (not per-event) because the cloud
333
+ * privacy gate's depth budget (MAX_CLOUD_DEPTH) cannot accommodate a structured evidence
334
+ * object nested under `sessions[i].events[j].detail`. The cloud ingestion re-associates this
335
+ * with the latest governed check event so the per-event evidence query still resolves it.
336
+ */
337
+ function latestCloudRepoIntelligence(session) {
338
+ for (let index = session.events.length - 1; index >= 0; index -= 1) {
339
+ const candidate = asRecord(asRecord(session.events[index].detail)?.repoIntelligence);
340
+ if (!candidate)
341
+ continue;
342
+ const projected = projectRepoIntelligenceForCloud(candidate);
343
+ if (projected)
344
+ return projected;
345
+ }
346
+ return null;
347
+ }
172
348
  function architectureSummary(session) {
173
349
  const obligations = session.contract.architectureObligations ?? [];
174
350
  return {
@@ -231,6 +407,7 @@ function scopeAuthoritySummary(session) {
231
407
  }
232
408
  function buildCloudSafeRuntimeSession(session) {
233
409
  const events = session.events.slice(-80).map(cloudSafeEvent);
410
+ const repoIntelligence = latestCloudRepoIntelligence(session);
234
411
  const safe = {
235
412
  schemaVersion: session.schemaVersion,
236
413
  cloudSchemaVersion: exports.RUNTIME_CLOUD_SESSION_SCHEMA_VERSION,
@@ -258,6 +435,10 @@ function buildCloudSafeRuntimeSession(session) {
258
435
  ruleIds: Array.from(new Set(session.contract.architectureObligations?.map((item) => item.id).filter(Boolean) ?? [])).sort().slice(0, 64),
259
436
  },
260
437
  events,
438
+ // Source-free latest repo-intelligence evidence for this session, if any. Session-level
439
+ // placement keeps it within the cloud privacy depth budget; the cloud ingestion attaches
440
+ // it to the latest governed check event so the per-event evidence query resolves it.
441
+ ...(repoIntelligence ? { repoIntelligence } : {}),
261
442
  livePayload: {
262
443
  schemaVersion: exports.RUNTIME_LIVE_SESSION_SCHEMA_VERSION,
263
444
  compacted: true,