@neurcode-ai/cli 0.9.38 → 0.9.40

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (34) hide show
  1. package/LICENSE +201 -0
  2. package/dist/api-client.d.ts +54 -0
  3. package/dist/api-client.d.ts.map +1 -1
  4. package/dist/api-client.js +36 -0
  5. package/dist/api-client.js.map +1 -1
  6. package/dist/commands/feedback.d.ts.map +1 -1
  7. package/dist/commands/feedback.js +145 -0
  8. package/dist/commands/feedback.js.map +1 -1
  9. package/dist/commands/guard.d.ts +3 -0
  10. package/dist/commands/guard.d.ts.map +1 -0
  11. package/dist/commands/guard.js +390 -0
  12. package/dist/commands/guard.js.map +1 -0
  13. package/dist/commands/policy.d.ts.map +1 -1
  14. package/dist/commands/policy.js +106 -1
  15. package/dist/commands/policy.js.map +1 -1
  16. package/dist/commands/remediate.d.ts +3 -0
  17. package/dist/commands/remediate.d.ts.map +1 -1
  18. package/dist/commands/remediate.js +221 -67
  19. package/dist/commands/remediate.js.map +1 -1
  20. package/dist/commands/verify.d.ts +4 -0
  21. package/dist/commands/verify.d.ts.map +1 -1
  22. package/dist/commands/verify.js +201 -0
  23. package/dist/commands/verify.js.map +1 -1
  24. package/dist/index.js +15 -0
  25. package/dist/index.js.map +1 -1
  26. package/dist/utils/policy-compiler.d.ts +4 -0
  27. package/dist/utils/policy-compiler.d.ts.map +1 -1
  28. package/dist/utils/policy-compiler.js +43 -0
  29. package/dist/utils/policy-compiler.js.map +1 -1
  30. package/dist/utils/runtime-guard.d.ts +93 -0
  31. package/dist/utils/runtime-guard.d.ts.map +1 -0
  32. package/dist/utils/runtime-guard.js +327 -0
  33. package/dist/utils/runtime-guard.js.map +1 -0
  34. package/package.json +9 -10
package/dist/commands/guard.js ADDED
@@ -0,0 +1,390 @@
1
+ "use strict";
2
+ Object.defineProperty(exports, "__esModule", { value: true });
3
+ exports.runtimeGuardCommand = runtimeGuardCommand;
4
+ const fs_1 = require("fs");
5
+ const path_1 = require("path");
6
+ const diff_parser_1 = require("@neurcode-ai/diff-parser");
7
+ const project_root_1 = require("../utils/project-root");
8
+ const state_1 = require("../utils/state");
9
+ const git_1 = require("../utils/git");
10
+ const runtime_guard_1 = require("../utils/runtime-guard");
11
+ const change_contract_1 = require("../utils/change-contract");
12
+ const policy_compiler_1 = require("../utils/policy-compiler");
13
+ let chalk;
14
+ try {
15
+ chalk = require('chalk');
16
+ }
17
+ catch {
18
+ chalk = {
19
+ bold: (value) => value,
20
+ cyan: (value) => value,
21
+ dim: (value) => value,
22
+ green: (value) => value,
23
+ yellow: (value) => value,
24
+ red: (value) => value,
25
+ };
26
+ }
27
+ function normalizeRepoPath(value) {
28
+ return value.replace(/\\/g, '/').replace(/^\.\//, '').trim();
29
+ }
30
+ function emitJson(payload) {
31
+ console.log(JSON.stringify(payload, null, 2));
32
+ }
33
+ function resolveDiffText(options) {
34
+ if (options.staged) {
35
+ return (0, git_1.execGitCommand)('git diff --cached');
36
+ }
37
+ if (options.head) {
38
+ return (0, git_1.getDiffFromBase)('HEAD');
39
+ }
40
+ if (typeof options.base === 'string' && options.base.trim()) {
41
+ return (0, git_1.getDiffFromBase)(options.base.trim());
42
+ }
43
+ return (0, git_1.getDiffFromBase)('HEAD~1');
44
+ }
45
+ function buildStartFailurePayload(errors) {
46
+ return {
47
+ success: false,
48
+ message: `Runtime guard start failed: ${errors.join('; ')}`,
49
+ errors,
50
+ };
51
+ }
52
+ function evaluateSourceDrift(projectRoot, artifact) {
53
+ const violations = [];
54
+ if (artifact.source.changeContractPath) {
55
+ const contractRead = (0, change_contract_1.readChangeContract)(projectRoot, artifact.source.changeContractPath);
56
+ if (!contractRead.contract) {
57
+ violations.push({
58
+ code: 'RUNTIME_GUARD_CHANGE_CONTRACT_DRIFT',
59
+ message: contractRead.error
60
+ ? `Runtime guard change contract invalid (${contractRead.error})`
61
+ : `Runtime guard change contract missing (${contractRead.path})`,
62
+ });
63
+ }
64
+ else if (artifact.source.changeContractExpectedFilesFingerprint &&
65
+ contractRead.contract.expectedFilesFingerprint !== artifact.source.changeContractExpectedFilesFingerprint) {
66
+ violations.push({
67
+ code: 'RUNTIME_GUARD_CHANGE_CONTRACT_DRIFT',
68
+ message: `Runtime guard change contract drift detected (expected files fingerprint changed: ` +
69
+ `${artifact.source.changeContractExpectedFilesFingerprint} -> ${contractRead.contract.expectedFilesFingerprint})`,
70
+ });
71
+ }
72
+ }
73
+ if (artifact.source.compiledPolicyPath) {
74
+ const compiledRead = (0, policy_compiler_1.readCompiledPolicyArtifact)(projectRoot, artifact.source.compiledPolicyPath);
75
+ if (!compiledRead.artifact) {
76
+ violations.push({
77
+ code: 'RUNTIME_GUARD_COMPILED_POLICY_DRIFT',
78
+ message: compiledRead.error
79
+ ? `Runtime guard compiled policy invalid (${compiledRead.error})`
80
+ : `Runtime guard compiled policy missing (${compiledRead.path})`,
81
+ });
82
+ }
83
+ else if (artifact.source.compiledPolicyFingerprint &&
84
+ compiledRead.artifact.fingerprint !== artifact.source.compiledPolicyFingerprint) {
85
+ violations.push({
86
+ code: 'RUNTIME_GUARD_COMPILED_POLICY_DRIFT',
87
+ message: `Runtime guard compiled policy drift detected (fingerprint changed: ` +
88
+ `${artifact.source.compiledPolicyFingerprint} -> ${compiledRead.artifact.fingerprint})`,
89
+ });
90
+ }
91
+ }
92
+ return violations;
93
+ }
94
+ function printStatus(path, artifact) {
95
+ console.log(chalk.bold.cyan('\n🧱 Runtime Guard Status\n'));
96
+ console.log(chalk.dim(`Path: ${path}`));
97
+ console.log(chalk.dim(`Guard ID: ${artifact.guardId}`));
98
+ console.log(chalk.dim(`Mode: ${artifact.mode}`));
99
+ console.log(chalk.dim(`Active: ${artifact.active ? 'yes' : 'no'}`));
100
+ console.log(chalk.dim(`Created: ${artifact.createdAt}`));
101
+ if (artifact.archivedAt) {
102
+ console.log(chalk.dim(`Archived: ${artifact.archivedAt}`));
103
+ }
104
+ console.log(chalk.dim(`Plan ID: ${artifact.source.planId || '(none)'}`));
105
+ console.log(chalk.dim(`Expected files: ${artifact.expectedFiles.length}`));
106
+ console.log(chalk.dim(`Deterministic rules: ${artifact.deterministic.ruleCount}`));
107
+ console.log(chalk.dim(`Unmatched statements: ${artifact.deterministic.unmatchedStatements.length}`));
108
+ console.log(chalk.dim(`Checks run: ${artifact.stats.checksRun} (blocked ${artifact.stats.blockedChecks})`));
109
+ if (artifact.stats.lastCheckedAt) {
110
+ console.log(chalk.dim(`Last check: ${artifact.stats.lastCheckedAt}`));
111
+ }
112
+ console.log('');
113
+ }
114
+ function runtimeGuardCommand(program) {
115
+ const guard = program
116
+ .command('guard')
117
+ .description('Pre-generation runtime guardrail enforcement for deterministic governance');
118
+ guard
119
+ .command('start')
120
+ .description('Start runtime guard session from deterministic artifacts')
121
+ .option('--plan-id <id>', 'Plan ID override for runtime guard scope')
122
+ .option('--runtime-guard <path>', 'Runtime guard artifact path (default: .neurcode/runtime-guard.json)')
123
+ .option('--change-contract <path>', 'Change contract path (default: .neurcode/change-contract.json)')
124
+ .option('--compiled-policy <path>', 'Compiled policy path (default: neurcode.policy.compiled.json)')
125
+ .option('--strict', 'Require change contract + compiled policy artifacts (default)', true)
126
+ .option('--no-strict', 'Allow advisory runtime guard start without full deterministic artifacts')
127
+ .option('--json', 'Output machine-readable JSON')
128
+ .action((options) => {
129
+ const projectRoot = (0, project_root_1.resolveNeurcodeProjectRoot)(process.cwd());
130
+ const strict = options.strict !== false;
131
+ const changeContractRead = (0, change_contract_1.readChangeContract)(projectRoot, options.changeContract);
132
+ const compiledPolicyRead = (0, policy_compiler_1.readCompiledPolicyArtifact)(projectRoot, options.compiledPolicy);
133
+ const planId = (typeof options.planId === 'string' && options.planId.trim() ? options.planId.trim() : null)
134
+ || changeContractRead.contract?.planId
135
+ || (0, state_1.getActivePlanId)();
136
+ const errors = [];
137
+ if (strict && !changeContractRead.contract) {
138
+ errors.push(changeContractRead.error
139
+ ? `change contract invalid (${changeContractRead.error})`
140
+ : `change contract missing (${changeContractRead.path})`);
141
+ }
142
+ if (strict && !compiledPolicyRead.artifact) {
143
+ errors.push(compiledPolicyRead.error
144
+ ? `compiled policy invalid (${compiledPolicyRead.error})`
145
+ : `compiled policy missing (${compiledPolicyRead.path})`);
146
+ }
147
+ if (planId &&
148
+ changeContractRead.contract?.planId &&
149
+ planId !== changeContractRead.contract.planId) {
150
+ errors.push(`plan mismatch: requested ${planId}, change contract is ${changeContractRead.contract.planId}`);
151
+ }
152
+ const expectedFiles = changeContractRead.contract?.expectedFiles || [];
153
+ if (strict && expectedFiles.length === 0) {
154
+ errors.push('change contract has empty expected file scope');
155
+ }
156
+ if (strict && !planId) {
157
+ errors.push('planId missing (pass --plan-id or generate/import a plan contract first)');
158
+ }
159
+ if (errors.length > 0) {
160
+ if (options.json) {
161
+ emitJson(buildStartFailurePayload(errors));
162
+ }
163
+ else {
164
+ console.error(chalk.red('\n❌ Runtime guard start failed\n'));
165
+ for (const entry of errors) {
166
+ console.error(chalk.red(`• ${entry}`));
167
+ }
168
+ console.error('');
169
+ }
170
+ process.exit(1);
171
+ }
172
+ const deterministicRules = compiledPolicyRead.artifact
173
+ ? (0, policy_compiler_1.hydrateCompiledPolicyRules)(compiledPolicyRead.artifact)
174
+ : [];
175
+ const artifact = (0, runtime_guard_1.createRuntimeGuardArtifact)({
176
+ mode: strict ? 'strict' : 'advisory',
177
+ planId,
178
+ sessionId: (0, state_1.getSessionId)(),
179
+ projectId: (0, state_1.getProjectId)(),
180
+ changeContractPath: changeContractRead.contract ? changeContractRead.path : null,
181
+ changeContractId: changeContractRead.contract?.contractId || null,
182
+ changeContractExpectedFilesFingerprint: changeContractRead.contract?.expectedFilesFingerprint || null,
183
+ compiledPolicyPath: compiledPolicyRead.artifact ? compiledPolicyRead.path : null,
184
+ compiledPolicyFingerprint: compiledPolicyRead.artifact?.fingerprint || null,
185
+ expectedFiles,
186
+ deterministicRules,
187
+ unmatchedStatements: compiledPolicyRead.artifact?.compilation.unmatchedStatements || [],
188
+ });
189
+ const writtenPath = (0, runtime_guard_1.writeRuntimeGuardArtifact)(projectRoot, artifact, options.runtimeGuard);
190
+ if (options.json) {
191
+ emitJson({
192
+ success: true,
193
+ message: 'Runtime guard started.',
194
+ path: writtenPath,
195
+ guard: {
196
+ guardId: artifact.guardId,
197
+ mode: artifact.mode,
198
+ active: artifact.active,
199
+ planId: artifact.source.planId,
200
+ expectedFiles: artifact.expectedFiles.length,
201
+ deterministicRules: artifact.deterministic.ruleCount,
202
+ unmatchedStatements: artifact.deterministic.unmatchedStatements.length,
203
+ },
204
+ });
205
+ return;
206
+ }
207
+ console.log(chalk.bold.cyan('\n🧱 Runtime Guard Started\n'));
208
+ console.log(chalk.green(`Path: ${writtenPath}`));
209
+ console.log(chalk.dim(`Guard ID: ${artifact.guardId}`));
210
+ console.log(chalk.dim(`Mode: ${artifact.mode}`));
211
+ console.log(chalk.dim(`Plan ID: ${artifact.source.planId || '(none)'}`));
212
+ console.log(chalk.dim(`Expected files: ${artifact.expectedFiles.length}`));
213
+ console.log(chalk.dim(`Deterministic rules: ${artifact.deterministic.ruleCount}`));
214
+ if (artifact.deterministic.unmatchedStatements.length > 0) {
215
+ console.log(chalk.yellow(`Unmatched deterministic statements: ${artifact.deterministic.unmatchedStatements.length}`));
216
+ }
217
+ console.log(chalk.dim('\nRun `neurcode guard check --staged` before commit to enforce runtime scope.\n'));
218
+ });
219
+ guard
220
+ .command('check')
221
+ .description('Check current diff against active runtime guard session')
222
+ .option('--runtime-guard <path>', 'Runtime guard artifact path (default: .neurcode/runtime-guard.json)')
223
+ .option('--staged', 'Check staged changes only')
224
+ .option('--head', 'Check working tree against HEAD')
225
+ .option('--base <ref>', 'Check working tree against specific git ref')
226
+ .option('--json', 'Output machine-readable JSON')
227
+ .action((options) => {
228
+ const projectRoot = (0, project_root_1.resolveNeurcodeProjectRoot)(process.cwd());
229
+ const guardRead = (0, runtime_guard_1.readRuntimeGuardArtifact)(projectRoot, options.runtimeGuard);
230
+ if (!guardRead.artifact) {
231
+ const message = guardRead.error
232
+ ? `Runtime guard invalid (${guardRead.error})`
233
+ : `Runtime guard not found (${guardRead.path})`;
234
+ if (options.json) {
235
+ emitJson({
236
+ success: false,
237
+ message,
238
+ path: guardRead.path,
239
+ });
240
+ }
241
+ else {
242
+ console.error(chalk.red(`\n❌ ${message}\n`));
243
+ }
244
+ process.exit(1);
245
+ }
246
+ const diffText = resolveDiffText(options);
247
+ const parsed = (0, diff_parser_1.parseDiff)(diffText);
248
+ const filtered = parsed.map((file) => ({
249
+ ...file,
250
+ path: normalizeRepoPath(file.path),
251
+ }));
252
+ const fileContents = {};
253
+ for (const file of filtered) {
254
+ const absolutePath = (0, path_1.resolve)(projectRoot, file.path);
255
+ if ((0, fs_1.existsSync)(absolutePath)) {
256
+ try {
257
+ fileContents[file.path] = (0, fs_1.readFileSync)(absolutePath, 'utf-8');
258
+ }
259
+ catch {
260
+ // Best-effort file content loading.
261
+ }
262
+ }
263
+ }
264
+ const baseEvaluation = (0, runtime_guard_1.evaluateRuntimeGuardArtifact)(guardRead.artifact, filtered, fileContents);
265
+ const sourceDriftViolations = evaluateSourceDrift(projectRoot, guardRead.artifact);
266
+ const violations = [...baseEvaluation.violations, ...sourceDriftViolations];
267
+ const pass = violations.length === 0;
268
+ const updatedArtifact = (0, runtime_guard_1.withRuntimeGuardCheckStats)(guardRead.artifact, {
269
+ blocked: !pass,
270
+ });
271
+ (0, runtime_guard_1.writeRuntimeGuardArtifact)(projectRoot, updatedArtifact, options.runtimeGuard);
272
+ if (options.json) {
273
+ emitJson({
274
+ success: pass,
275
+ pass,
276
+ guardId: updatedArtifact.guardId,
277
+ mode: updatedArtifact.mode,
278
+ path: guardRead.path,
279
+ changedFiles: baseEvaluation.changedFiles,
280
+ outOfScopeFiles: baseEvaluation.outOfScopeFiles,
281
+ constraintViolations: baseEvaluation.constraintViolations,
282
+ violations,
283
+ adherenceScore: baseEvaluation.adherenceScore,
284
+ plannedFilesModified: baseEvaluation.plannedFilesModified,
285
+ totalPlannedFiles: baseEvaluation.totalPlannedFiles,
286
+ stats: updatedArtifact.stats,
287
+ message: pass
288
+ ? 'Runtime guard check passed.'
289
+ : `Runtime guard blocked ${violations.length} violation(s).`,
290
+ });
291
+ }
292
+ else if (pass) {
293
+ console.log(chalk.bold.cyan('\n🧱 Runtime Guard Check\n'));
294
+ console.log(chalk.green('✅ Pass'));
295
+ console.log(chalk.dim(`Changed files: ${baseEvaluation.changedFiles.length}`));
296
+ console.log(chalk.dim(`Scope adherence: ${baseEvaluation.adherenceScore}%`));
297
+ console.log('');
298
+ }
299
+ else {
300
+ console.log(chalk.bold.cyan('\n🧱 Runtime Guard Check\n'));
301
+ console.log(chalk.red(`⛔ Blocked (${violations.length} violation(s))`));
302
+ for (const violation of violations) {
303
+ const prefix = violation.file ? `${violation.file}: ` : '';
304
+ console.log(chalk.red(`• [${violation.code}] ${prefix}${violation.message}`));
305
+ }
306
+ console.log('');
307
+ }
308
+ process.exit(pass ? 0 : 1);
309
+ });
310
+ guard
311
+ .command('status')
312
+ .description('Show runtime guard session status')
313
+ .option('--runtime-guard <path>', 'Runtime guard artifact path (default: .neurcode/runtime-guard.json)')
314
+ .option('--json', 'Output machine-readable JSON')
315
+ .action((options) => {
316
+ const projectRoot = (0, project_root_1.resolveNeurcodeProjectRoot)(process.cwd());
317
+ const guardRead = (0, runtime_guard_1.readRuntimeGuardArtifact)(projectRoot, options.runtimeGuard);
318
+ if (!guardRead.artifact) {
319
+ const message = guardRead.error
320
+ ? `Runtime guard invalid (${guardRead.error})`
321
+ : `Runtime guard not found (${guardRead.path})`;
322
+ if (options.json) {
323
+ emitJson({
324
+ success: false,
325
+ path: guardRead.path,
326
+ message,
327
+ });
328
+ }
329
+ else {
330
+ console.error(chalk.red(`\n❌ ${message}\n`));
331
+ }
332
+ process.exit(1);
333
+ }
334
+ if (options.json) {
335
+ emitJson({
336
+ success: true,
337
+ path: guardRead.path,
338
+ guard: guardRead.artifact,
339
+ });
340
+ return;
341
+ }
342
+ printStatus(guardRead.path, guardRead.artifact);
343
+ });
344
+ guard
345
+ .command('stop')
346
+ .description('Stop the active runtime guard session')
347
+ .option('--runtime-guard <path>', 'Runtime guard artifact path (default: .neurcode/runtime-guard.json)')
348
+ .option('--json', 'Output machine-readable JSON')
349
+ .action((options) => {
350
+ const projectRoot = (0, project_root_1.resolveNeurcodeProjectRoot)(process.cwd());
351
+ const guardRead = (0, runtime_guard_1.readRuntimeGuardArtifact)(projectRoot, options.runtimeGuard);
352
+ if (!guardRead.artifact) {
353
+ const message = guardRead.error
354
+ ? `Runtime guard invalid (${guardRead.error})`
355
+ : `Runtime guard not found (${guardRead.path})`;
356
+ if (options.json) {
357
+ emitJson({
358
+ success: false,
359
+ path: guardRead.path,
360
+ message,
361
+ });
362
+ }
363
+ else {
364
+ console.error(chalk.red(`\n❌ ${message}\n`));
365
+ }
366
+ process.exit(1);
367
+ }
368
+ const stopped = (0, runtime_guard_1.markRuntimeGuardStopped)(guardRead.artifact);
369
+ const writtenPath = (0, runtime_guard_1.writeRuntimeGuardArtifact)(projectRoot, stopped, options.runtimeGuard);
370
+ if (options.json) {
371
+ emitJson({
372
+ success: true,
373
+ path: writtenPath,
374
+ guardId: stopped.guardId,
375
+ active: stopped.active,
376
+ archivedAt: stopped.archivedAt,
377
+ message: 'Runtime guard stopped.',
378
+ });
379
+ return;
380
+ }
381
+ console.log(chalk.bold.cyan('\n🧱 Runtime Guard Stopped\n'));
382
+ console.log(chalk.green(`Path: ${writtenPath}`));
383
+ console.log(chalk.dim(`Guard ID: ${stopped.guardId}`));
384
+ if (stopped.archivedAt) {
385
+ console.log(chalk.dim(`Archived at: ${stopped.archivedAt}`));
386
+ }
387
+ console.log('');
388
+ });
389
+ }
390
+ //# sourceMappingURL=guard.js.map
package/dist/commands/guard.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"guard.js","sourceRoot":"","sources":["../../src/commands/guard.ts"],"names":[],"mappings":";;AAmKA,kDA8SC;AAhdD,2BAA8C;AAC9C,+BAA+B;AAC/B,0DAAqD;AACrD,wDAAmE;AACnE,0CAAkG;AAClG,sCAA+D;AAC/D,0DASgC;AAChC,8DAA8D;AAC9D,8DAAkG;AAElG,IAAI,KAAU,CAAC;AACf,IAAI,CAAC;IACH,KAAK,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;AAC3B,CAAC;AAAC,MAAM,CAAC;IACP,KAAK,GAAG;QACN,IAAI,EAAE,CAAC,KAAa,EAAE,EAAE,CAAC,KAAK;QAC9B,IAAI,EAAE,CAAC,KAAa,EAAE,EAAE,CAAC,KAAK;QAC9B,GAAG,EAAE,CAAC,KAAa,EAAE,EAAE,CAAC,KAAK;QAC7B,KAAK,EAAE,CAAC,KAAa,EAAE,EAAE,CAAC,KAAK;QAC/B,MAAM,EAAE,CAAC,KAAa,EAAE,EAAE,CAAC,KAAK;QAChC,GAAG,EAAE,CAAC,KAAa,EAAE,EAAE,CAAC,KAAK;KAC9B,CAAC;AACJ,CAAC;AA6BD,SAAS,iBAAiB,CAAC,KAAa;IACtC,OAAO,KAAK,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;AAC/D,CAAC;AAED,SAAS,QAAQ,CAAC,OAAgC;IAChD,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;AAChD,CAAC;AAED,SAAS,eAAe,CAAC,OAA0B;IACjD,IAAI,OAAO,CAAC,MAAM,EAAE,CAAC;QACnB,OAAO,IAAA,oBAAc,EAAC,mBAAmB,CAAC,CAAC;IAC7C,CAAC;IACD,IAAI,OAAO,CAAC,IAAI,EAAE,CAAC;QACjB,OAAO,IAAA,qBAAe,EAAC,MAAM,CAAC,CAAC;IACjC,CAAC;IACD,IAAI,OAAO,OAAO,CAAC,IAAI,KAAK,QAAQ,IAAI,OAAO,CAAC,IAAI,CAAC,IAAI,EAAE,EAAE,CAAC;QAC5D,OAAO,IAAA,qBAAe,EAAC,OAAO,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC;IAC9C,CAAC;IACD,OAAO,IAAA,qBAAe,EAAC,QAAQ,CAAC,CAAC;AACnC,CAAC;AAED,SAAS,wBAAwB,CAAC,MAAgB;IAChD,OAAO;QACL,OAAO,EAAE,KAAK;QACd,OAAO,EAAE,+BAA+B,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE;QAC3D,MAAM;KACP,CAAC;AACJ,CAAC;AAED,SAAS,mBAAmB,CAAC,WAAmB,EAAE,QAA8B;IAC9E,MAAM,UAAU,GAA4B,EAAE,CAAC;IAC/C,IAAI,QAAQ,CAAC,MAAM,CAAC,kBAAkB,EAAE,CAAC;QACvC,MAAM,YAAY,GAAG,IAAA,oCAAkB,EAAC,WAAW,EAAE,QAAQ,CAAC,MAAM,CAAC,kBAAkB,CAAC,CAAC;QACzF,IAAI,CAAC,YAAY,CAAC,QAAQ,EAAE,CAAC;YAC3B,UAAU,CAAC,IAAI,CAAC;gBACd,IAAI,EAAE,qCAAqC;gBAC3C,OAAO,EAAE,YAAY,CAAC,KAAK;oBACzB,CAAC,CAAC,0CAA0C,YAAY,CAAC,KAAK,GAAG;oBACjE,CAAC,CAAC,0CAA0C,YAAY,CAAC,IAAI,GAAG;aACnE,CAAC,CAAC;QACL,CAAC;aAAM,IACL,QAAQ,CAAC,MAAM,CAAC,sCAAsC;YACtD,YAAY,CAAC,QAAQ,CAAC,wBAAwB,KAAK,QAAQ,CAAC,MAAM,CAAC,sCAAsC,EACzG,CAAC;YACD,UAAU,CAAC,IAAI,CAAC;gBACd,IAAI,EAAE,qCAAqC;gBAC3C,OAAO,EACL,oFAAoF;oBACpF,GAAG,QAAQ,CAAC,MAAM,CAAC,sCAAsC,OAAO,YAAY,CAAC,QAAQ,CAAC,wBAAwB,GAAG;aACpH,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,IAAI,QAAQ,CAAC,MAAM,CAAC,kBAAkB,EAAE,CAAC;QACvC,MAAM,YAAY,GAAG,IAAA,4CAA0B,EAAC,WAAW,EAAE,QAAQ,CAAC,MAAM,CAAC,kBAAkB,CAAC,CAAC;QACjG,IAAI,CAAC,YAAY,CAAC,QAAQ,EAAE,CAAC;YAC3B,UAAU,CAAC,IAAI,CAAC;gBACd,IAAI,EAAE,qCAAqC;gBAC3C,OAAO,EAAE,YAAY,CAAC,KAAK;oBACzB,CAAC,CAAC,0CAA0C,YAAY,CAAC,KAAK,GAAG;oBACjE,CAAC,CAAC,0CAA0C,YAAY,CAAC,IAAI,GAAG;aACnE,CAAC,CAAC;QACL,CAAC;aAAM,IACL,QAAQ,CAAC,MAAM,CAAC,yBAAyB;YACzC,YAAY,CAAC,QAAQ,CAAC,WAAW,KAAK,QAAQ,CAAC,MAAM,CAAC,yBAAyB,EAC/E,CAAC;YACD,UAAU,CAAC,IAAI,CAAC;gBACd,IAAI,EAAE,qCAAqC;gBAC3C,OAAO,EACL,qEAAqE;oBACrE,GAAG,QAAQ,CAAC,MAAM,CAAC,yBAAyB,OAAO,YAAY,CAAC,QAAQ,CAAC,WAAW,GAAG;aAC1F,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IACD,OAAO,UAAU,CAAC;AACpB,CAAC;AAED,SAAS,WAAW,CAAC,IAAY,EAAE,QAA8B;IAC/D,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,6BAA6B,CAAC,CAAC,CAAC;IAC5D,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,SAAS,IAAI,EAAE,CAAC,CAAC,CAAC;IACxC,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,aAAa,QAAQ,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC;IACxD,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,SAAS,QAAQ,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC;IACjD,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,WAAW,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC;IACpE,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,YAAY,QAAQ,CAAC,SAAS,EAAE,CAAC,CAAC,CAAC;IACzD,IAAI,QAAQ,CAAC,UAAU,EAAE,CAAC;QACxB,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,aAAa,QAAQ,CAAC,UAAU,EAAE,CAAC,CAAC,CAAC;IAC7D,CAAC;IACD,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,YAAY,QAAQ,CAAC,MAAM,CAAC,MAAM,IAAI,QAAQ,EAAE,CAAC,CAAC,CAAC;IACzE,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,mBAAmB,QAAQ,CAAC,aAAa,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC;IAC3E,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,wBAAwB,QAAQ,CAAC,aAAa,CAAC,SAAS,EAAE,CAAC,CAAC,CAAC;IACnF,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,yBAAyB,QAAQ,CAAC,aAAa,CAAC,mBAAmB,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC;IACrG,OAAO,CAAC,GAAG,CACT,KAAK,CAAC,GAAG,CACP,eAAe,QAAQ,CAAC,KAAK,CAAC,SAAS,aAAa,QAAQ,CAAC,KAAK,CAAC,aAAa,GAAG,CACpF,CACF,CAAC;IACF,IAAI,QAAQ,CAAC,KAAK,CAAC,aAAa,EAAE,CAAC;QACjC,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,eAAe,QAAQ,CAAC,KAAK,CAAC,aAAa,EAAE,CAAC,CAAC,CAAC;IACxE,CAAC;IACD,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;AAClB,CAAC;AAED,SAAgB,mBAAmB,CAAC,OAAgB;IAClD,MAAM,KAAK,GAAG,OAAO;SAClB,OAAO,CAAC,OAAO,CAAC;SAChB,WAAW,CAAC,2EAA2E,CAAC,CAAC;IAE5F,KAAK;SACF,OAAO,CAAC,OAAO,CAAC;SAChB,WAAW,CAAC,0DAA0D,CAAC;SACvE,MAAM,CAAC,gBAAgB,EAAE,0CAA0C,CAAC;SACpE,MAAM,CAAC,wBAAwB,EAAE,qEAAqE,CAAC;SACvG,MAAM,CAAC,0BAA0B,EAAE,gEAAgE,CAAC;SACpG,MAAM,CAAC,0BAA0B,EAAE,+DAA+D,CAAC;SACnG,MAAM,CAAC,UAAU,EAAE,+DAA+D,EAAE,IAAI,CAAC;SACzF,MAAM,CAAC,aAAa,EAAE,yEAAyE,CAAC;SAChG,MAAM,CAAC,QAAQ,EAAE,8BAA8B,CAAC;SAChD,MAAM,CAAC,CAAC,OAA0B,EAAE,EAAE;QACrC,MAAM,WAAW,GAAG,IAAA,yCAA0B,EAAC,OAAO,CAAC,GAAG,EAAE,CAAC,CAAC;QAC9D,MAAM,MAAM,GAAG,OAAO,CAAC,MAAM,KAAK,KAAK,CAAC;QACxC,MAAM,kBAAkB,GAAG,IAAA,oCAAkB,EAAC,WAAW,EAAE,OAAO,CAAC,cAAc,CAAC,CAAC;QACnF,MAAM,kBAAkB,GAAG,IAAA,4CAA0B,EAAC,WAAW,EAAE,OAAO,CAAC,cAAc,CAAC,CAAC;QAE3F,MAAM,MAAM,GACV,CAAC,OAAO,OAAO,CAAC,MAAM,KAAK,QAAQ,IAAI,OAAO,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC;eACzF,kBAAkB,CAAC,QAAQ,EAAE,MAAM;eACnC,IAAA,uBAAe,GAAE,CAAC;QACvB,MAAM,MAAM,GAAa,EAAE,CAAC;QAE5B,IAAI,MAAM,IAAI,CAAC,kBAAkB,CAAC,QAAQ,EAAE,CAAC;YAC3C,MAAM,CAAC,IAAI,CACT,kBAAkB,CAAC,KAAK;gBACtB,CAAC,CAAC,4BAA4B,kBAAkB,CAAC,KAAK,GAAG;gBACzD,CAAC,CAAC,4BAA4B,kBAAkB,CAAC,IAAI,GAAG,CAC3D,CAAC;QACJ,CAAC;QACD,IAAI,MAAM,IAAI,CAAC,kBAAkB,CAAC,QAAQ,EAAE,CAAC;YAC3C,MAAM,CAAC,IAAI,CACT,kBAAkB,CAAC,KAAK;gBACtB,CAAC,CAAC,4BAA4B,kBAAkB,CAAC,KAAK,GAAG;gBACzD,CAAC,CAAC,4BAA4B,kBAAkB,CAAC,IAAI,GAAG,CAC3D,CAAC;QACJ,CAAC;QACD,IACE,MAAM;YACN,kBAAkB,CAAC,QAAQ,EAAE,MAAM;YACnC,MAAM,KAAK,kBAAkB,CAAC,QAAQ,CAAC,MAAM,EAC7C,CAAC;YACD,MAAM,CAAC,IAAI,CACT,4BAA4B,MAAM,wBAAwB,kBAAkB,CAAC,QAAQ,CAAC,MAAM,EAAE,CAC/F,CAAC;QACJ,CAAC;QAED,MAAM,aAAa,GAAG,kBAAkB,CAAC,QAAQ,EAAE,aAAa,IAAI,EAAE,CAAC;QACvE,IAAI,MAAM,IAAI,aAAa,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACzC,MAAM,CAAC,IAAI,CAAC,+CAA+C,CAAC,CAAC;QAC/D,CAAC;QAED,IAAI,MAAM,IAAI,CAAC,MAAM,EAAE,CAAC;YACtB,MAAM,CAAC,IAAI,CAAC,0EAA0E,CAAC,CAAC;QAC1F,CAAC;QAED,IAAI,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACtB,IAAI,OAAO,CAAC,IAAI,EAAE,CAAC;gBACjB,QAAQ,CAAC,wBAAwB,CAAC,MAAM,CAAC,CAAC,CAAC;YAC7C,CAAC;iBAAM,CAAC;gBACN,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,kCAAkC,CAAC,CAAC,CAAC;gBAC7D,KAAK,MAAM,KAAK,IAAI,MAAM,EAAE,CAAC;oBAC3B,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,KAAK,KAAK,EAAE,CAAC,CAAC,CAAC;gBACzC,CAAC;gBACD,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;YACpB,CAAC;YACD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;QAED,MAAM,kBAAkB,GAAG,kBAAkB,CAAC,QAAQ;YACpD,CAAC,CAAC,IAAA,4CAA0B,EAAC,kBAAkB,CAAC,QAAQ,CAAC;YACzD,CAAC,CAAC,EAAE,CAAC;QAEP,MAAM,QAAQ,GAAG,IAAA,0CAA0B,EAAC;YAC1C,IAAI,EAAE,MAAM,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,UAAU;YACpC,MAAM;YACN,SAAS,EAAE,IAAA,oBAAY,GAAE;YACzB,SAAS,EAAE,IAAA,oBAAiB,GAAE;YAC9B,kBAAkB,EAAE,kBAAkB,CAAC,QAAQ,CAAC,CAAC,CAAC,kBAAkB,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI;YAChF,gBAAgB,EAAE,kBAAkB,CAAC,QAAQ,EAAE,UAAU,IAAI,IAAI;YACjE,sCAAsC,EAAE,kBAAkB,CAAC,QAAQ,EAAE,wBAAwB,IAAI,IAAI;YACrG,kBAAkB,EAAE,kBAAkB,CAAC,QAAQ,CAAC,CAAC,CAAC,kBAAkB,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI;YAChF,yBAAyB,EAAE,kBAAkB,CAAC,QAAQ,EAAE,WAAW,IAAI,IAAI;YAC3E,aAAa;YACb,kBAAkB;YAClB,mBAAmB,EAAE,kBAAkB,CAAC,QAAQ,EAAE,WAAW,CAAC,mBAAmB,IAAI,EAAE;SACxF,CAAC,CAAC;QACH,MAAM,WAAW,GAAG,IAAA,yCAAyB,EAAC,WAAW,EAAE,QAAQ,EAAE,OAAO,CAAC,YAAY,CAAC,CAAC;QAE3F,IAAI,OAAO,CAAC,IAAI,EAAE,CAAC;YACjB,QAAQ,CAAC;gBACP,OAAO,EAAE,IAAI;gBACb,OAAO,EAAE,wBAAwB;gBACjC,IAAI,EAAE,WAAW;gBACjB,KAAK,EAAE;oBACL,OAAO,EAAE,QAAQ,CAAC,OAAO;oBACzB,IAAI,EAAE,QAAQ,CAAC,IAAI;oBACnB,MAAM,EAAE,QAAQ,CAAC,MAAM;oBACvB,MAAM,EAAE,QAAQ,CAAC,MAAM,CAAC,MAAM;oBAC9B,aAAa,EAAE,QAAQ,CAAC,aAAa,CAAC,MAAM;oBAC5C,kBAAkB,EAAE,QAAQ,CAAC,aAAa,CAAC,SAAS;oBACpD,mBAAmB,EAAE,QAAQ,CAAC,aAAa,CAAC,mBAAmB,CAAC,MAAM;iBACvE;aACF,CAAC,CAAC;YACH,OAAO;QACT,CAAC;QAED,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,8BAA8B,CAAC,CAAC,CAAC;QAC7D,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,KAAK,CAAC,SAAS,WAAW,EAAE,CAAC,CAAC,CAAC;QACjD,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,aAAa,QAAQ,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC;QACxD,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,SAAS,QAAQ,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC;QACjD,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,YAAY,QAAQ,CAAC,MAAM,CAAC,MAAM,IAAI,QAAQ,EAAE,CAAC,CAAC,CAAC;QACzE,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,mBAAmB,QAAQ,CAAC,aAAa,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC;QAC3E,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,wBAAwB,QAAQ,CAAC,aAAa,CAAC,SAAS,EAAE,CAAC,CAAC,CAAC;QACnF,IAAI,QAAQ,CAAC,aAAa,CAAC,mBAAmB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC1D,OAAO,CAAC,GAAG,CACT,KAAK,CAAC,MAAM,CACV,uCAAuC,QAAQ,CAAC,aAAa,CAAC,mBAAmB,CAAC,MAAM,EAAE,CAC3F,CACF,CAAC;QACJ,CAAC;QACD,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,iFAAiF,CAAC,CAAC,CAAC;IAC5G,CAAC,CAAC,CAAC;IAEL,KAAK;SACF,OAAO,CAAC,OAAO,CAAC;SAChB,WAAW,CAAC,yDAAyD,CAAC;SACtE,MAAM,CAAC,wBAAwB,EAAE,qEAAqE,CAAC;SACvG,MAAM,CAAC,UAAU,EAAE,2BAA2B,CAAC;SAC/C,MAAM,CAAC,QAAQ,EAAE,iCAAiC,CAAC;SACnD,MAAM,CAAC,cAAc,EAAE,6CAA6C,CAAC;SACrE,MAAM,CAAC,QAAQ,EAAE,8BAA8B,CAAC;SAChD,MAAM,CAAC,CAAC,OAA0B,EAAE,EAAE;QACrC,MAAM,WAAW,GAAG,IAAA,yCAA0B,EAAC,OAAO,CAAC,GAAG,EAAE,CAAC,CAAC;QAC9D,MAAM,SAAS,GAAG,IAAA,wCAAwB,EAAC,WAAW,EAAE,OAAO,CAAC,YAAY,CAAC,CAAC;QAC9E,IAAI,CAAC,SAAS,CAAC,QAAQ,EAAE,CAAC;YACxB,MAAM,OAAO,GAAG,SAAS,CAAC,KAAK;gBAC7B,CAAC,CAAC,0BAA0B,SAAS,CAAC,KAAK,GAAG;gBAC9C,CAAC,CAAC,4BAA4B,SAAS,CAAC,IAAI,GAAG,CAAC;YAClD,IAAI,OAAO,CAAC,IAAI,EAAE,CAAC;gBACjB,QAAQ,CAAC;oBACP,OAAO,EAAE,KAAK;oBACd,OAAO;oBACP,IAAI,EAAE,SAAS,CAAC,IAAI;iBACrB,CAAC,CAAC;YACL,CAAC;iBAAM,CAAC;gBACN,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,OAAO,OAAO,IAAI,CAAC,CAAC,CAAC;YAC/C,CAAC;YACD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;QAED,MAAM,QAAQ,GAAG,eAAe,CAAC,OAAO,CAAC,CAAC;QAC1C,MAAM,MAAM,GAAG,IAAA,uBAAS,EAAC,QAAQ,CAAC,CAAC;QACnC,MAAM,QAAQ,GAAG,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;YACrC,GAAG,IAAI;YACP,IAAI,EAAE,iBAAiB,CAAC,IAAI,CAAC,IAAI,CAAC;SACnC,CAAC,CAAC,CAAC;QACJ,MAAM,YAAY,GAA2B,EAAE,CAAC;QAChD,KAAK,MAAM,IAAI,IAAI,QAAQ,EAAE,CAAC;YAC5B,MAAM,YAAY,GAAG,IAAA,cAAO,EAAC,WAAW,EAAE,IAAI,CAAC,IAAI,CAAC,CAAC;YACrD,IAAI,IAAA,eAAU,EAAC,YAAY,CAAC,EAAE,CAAC;gBAC7B,IAAI,CAAC;oBACH,YAAY,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,IAAA,iBAAY,EAAC,YAAY,EAAE,OAAO,CAAC,CAAC;gBAChE,CAAC;gBAAC,MAAM,CAAC;oBACP,oCAAoC;gBACtC,CAAC;YACH,CAAC;QACH,CAAC;QACD,MAAM,cAAc,GAAG,IAAA,4CAA4B,EAAC,SAAS,CAAC,QAAQ,EAAE,QAAQ,EAAE,YAAY,CAAC,CAAC;QAChG,MAAM,qBAAqB,GAAG,mBAAmB,CAAC,WAAW,EAAE,SAAS,CAAC,QAAQ,CAAC,CAAC;QACnF,MAAM,UAAU,GAAG,CAAC,GAAG,cAAc,CAAC,UAAU,EAAE,GAAG,qBAAqB,CAAC,CAAC;QAC5E,MAAM,IAAI,GAAG,UAAU,CAAC,MAAM,KAAK,CAAC,CAAC;QAErC,MAAM,eAAe,GAAG,IAAA,0CAA0B,EAAC,SAAS,CAAC,QAAQ,EAAE;YACrE,OAAO,EAAE,CAAC,IAAI;SACf,CAAC,CAAC;QACH,IAAA,yCAAyB,EAAC,WAAW,EAAE,eAAe,EAAE,OAAO,CAAC,YAAY,CAAC,CAAC;QAE9E,IAAI,OAAO,CAAC,IAAI,EAAE,CAAC;YACjB,QAAQ,CAAC;gBACP,OAAO,EAAE,IAAI;gBACb,IAAI;gBACJ,OAAO,EAAE,eAAe,CAAC,OAAO;gBAChC,IAAI,EAAE,eAAe,CAAC,IAAI;gBAC1B,IAAI,EAAE,SAAS,CAAC,IAAI;gBACpB,YAAY,EAAE,cAAc,CAAC,YAAY;gBACzC,eAAe,EAAE,cAAc,CAAC,eAAe;gBAC/C,oBAAoB,EAAE,cAAc,CAAC,oBAAoB;gBACzD,UAAU;gBACV,cAAc,EAAE,cAAc,CAAC,cAAc;gBAC7C,oBAAoB,EAAE,cAAc,CAAC,oBAAoB;gBACzD,iBAAiB,EAAE,cAAc,CAAC,iBAAiB;gBACnD,KAAK,EAAE,eAAe,CAAC,KAAK;gBAC5B,OAAO,EAAE,IAAI;oBACX,CAAC,CAAC,6BAA6B;oBAC/B,CAAC,CAAC,yBAAyB,UAAU,CAAC,MAAM,gBAAgB;aAC/D,CAAC,CAAC;QACL,CAAC;aAAM,IAAI,IAAI,EAAE,CAAC;YAChB,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,4BAA4B,CAAC,CAAC,CAAC;YAC3D,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC,CAAC;YACnC,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,kBAAkB,cAAc,CAAC,YAAY,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC;YAC/E,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,oBAAoB,cAAc,CAAC,cAAc,GAAG,CAAC,CAAC,CAAC;YAC7E,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QAClB,CAAC;aAAM,CAAC;YACN,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,4BAA4B,CAAC,CAAC,CAAC;YAC3D,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,cAAc,UAAU,CAAC,MAAM,gBAAgB,CAAC,CAAC,CAAC;YACxE,KAAK,MAAM,SAAS,IAAI,UAAU,EAAE,CAAC;gBACnC,MAAM,MAAM,GAAG,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,GAAG,SAAS,CAAC,IAAI,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC;gBAC3D,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,MAAM,SAAS,CAAC,IAAI,KAAK,MAAM,GAAG,SAAS,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC;YAChF,CAAC;YACD,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QAClB,CAAC;QAED,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IAC7B,CAAC,CAAC,CAAC;IAEL,KAAK;SACF,OAAO,CAAC,QAAQ,CAAC;SACjB,WAAW,CAAC,mCAAmC,CAAC;SAChD,MAAM,CAAC,wBAAwB,EAAE,qEAAqE,CAAC;SACvG,MAAM,CAAC,QAAQ,EAAE,8BAA8B,CAAC;SAChD,MAAM,CAAC,CAAC,OAA2B,EAAE,EAAE;QACtC,MAAM,WAAW,GAAG,IAAA,yCAA0B,EAAC,OAAO,CAAC,GAAG,EAAE,CAAC,CAAC;QAC9D,MAAM,SAAS,GAAG,IAAA,wCAAwB,EAAC,WAAW,EAAE,OAAO,CAAC,YAAY,CAAC,CAAC;QAC9E,IAAI,CAAC,SAAS,CAAC,QAAQ,EAAE,CAAC;YACxB,MAAM,OAAO,GAAG,SAAS,CAAC,KAAK;gBAC7B,CAAC,CAAC,0BAA0B,SAAS,CAAC,KAAK,GAAG;gBAC9C,CAAC,CAAC,4BAA4B,SAAS,CAAC,IAAI,GAAG,CAAC;YAClD,IAAI,OAAO,CAAC,IAAI,EAAE,CAAC;gBACjB,QAAQ,CAAC;oBACP,OAAO,EAAE,KAAK;oBACd,IAAI,EAAE,SAAS,CAAC,IAAI;oBACpB,OAAO;iBACR,CAAC,CAAC;YACL,CAAC;iBAAM,CAAC;gBACN,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,OAAO,OAAO,IAAI,CAAC,CAAC,CAAC;YAC/C,CAAC;YACD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;QAED,IAAI,OAAO,CAAC,IAAI,EAAE,CAAC;YACjB,QAAQ,CAAC;gBACP,OAAO,EAAE,IAAI;gBACb,IAAI,EAAE,SAAS,CAAC,IAAI;gBACpB,KAAK,EAAE,SAAS,CAAC,QAAQ;aAC1B,CAAC,CAAC;YACH,OAAO;QACT,CAAC;QAED,WAAW,CAAC,SAAS,CAAC,IAAI,EAAE,SAAS,CAAC,QAAQ,CAAC,CAAC;IAClD,CAAC,CAAC,CAAC;IAEL,KAAK;SACF,OAAO,CAAC,MAAM,CAAC;SACf,WAAW,CAAC,uCAAuC,CAAC;SACpD,MAAM,CAAC,wBAAwB,EAAE,qEAAqE,CAAC;SACvG,MAAM,CAAC,QAAQ,EAAE,8BAA8B,CAAC;SAChD,MAAM,CAAC,CAAC,OAAyB,EAAE,EAAE;QACpC,MAAM,WAAW,GAAG,IAAA,yCAA0B,EAAC,OAAO,CAAC,GAAG,EAAE,CAAC,CAAC;QAC9D,MAAM,SAAS,GAAG,IAAA,wCAAwB,EAAC,WAAW,EAAE,OAAO,CAAC,YAAY,CAAC,CAAC;QAC9E,IAAI,CAAC,SAAS,CAAC,QAAQ,EAAE,CAAC;YACxB,MAAM,OAAO,GAAG,SAAS,CAAC,KAAK;gBAC7B,CAAC,CAAC,0BAA0B,SAAS,CAAC,KAAK,GAAG;gBAC9C,CAAC,CAAC,4BAA4B,SAAS,CAAC,IAAI,GAAG,CAAC;YAClD,IAAI,OAAO,CAAC,IAAI,EAAE,CAAC;gBACjB,QAAQ,CAAC;oBACP,OAAO,EAAE,KAAK;oBACd,IAAI,EAAE,SAAS,CAAC,IAAI;oBACpB,OAAO;iBACR,CAAC,CAAC;YACL,CAAC;iBAAM,CAAC;gBACN,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,OAAO,OAAO,IAAI,CAAC,CAAC,CAAC;YAC/C,CAAC;YACD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;QAED,MAAM,OAAO,GAAG,IAAA,uCAAuB,EAAC,SAAS,CAAC,QAAQ,CAAC,CAAC;QAC5D,MAAM,WAAW,GAAG,IAAA,yCAAyB,EAAC,WAAW,EAAE,OAAO,EAAE,OAAO,CAAC,YAAY,CAAC,CAAC;QAC1F,IAAI,OAAO,CAAC,IAAI,EAAE,CAAC;YACjB,QAAQ,CAAC;gBACP,OAAO,EAAE,IAAI;gBACb,IAAI,EAAE,WAAW;gBACjB,OAAO,EAAE,OAAO,CAAC,OAAO;gBACxB,MAAM,EAAE,OAAO,CAAC,MAAM;gBACtB,UAAU,EAAE,OAAO,CAAC,UAAU;gBAC9B,OAAO,EAAE,wBAAwB;aAClC,CAAC,CAAC;YACH,OAAO;QACT,CAAC;QAED,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,8BAA8B,CAAC,CAAC,CAAC;QAC7D,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,KAAK,CAAC,SAAS,WAAW,EAAE,CAAC,CAAC,CAAC;QACjD,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,aAAa,OAAO,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC;QACvD,IAAI,OAAO,CAAC,UAAU,EAAE,CAAC;YACvB,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,gBAAgB,OAAO,CAAC,UAAU,EAAE,CAAC,CAAC,CAAC;QAC/D,CAAC;QACD,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAClB,CAAC,CAAC,CAAC;AACP,CAAC"}
package/dist/commands/policy.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"policy.d.ts","sourceRoot":"","sources":["../../src/commands/policy.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AA0KpC,wBAAgB,aAAa,CAAC,OAAO,EAAE,OAAO,GAAG,IAAI,CAknDpD"}
1
+ {"version":3,"file":"policy.d.ts","sourceRoot":"","sources":["../../src/commands/policy.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AAsLpC,wBAAgB,aAAa,CAAC,OAAO,EAAE,OAAO,GAAG,IAAI,CA0vDpD"}
package/dist/commands/policy.js CHANGED
@@ -36,6 +36,16 @@ function toJsonPack(pack) {
36
36
  ruleCount: Array.isArray(pack.rules) ? pack.rules.length : 0,
37
37
  };
38
38
  }
39
+ const BOOTSTRAP_INTENT_BY_PACK = {
40
+ fintech: 'No payment bypass, no secret literals, and no unsafe migration shortcuts.',
41
+ hipaa: 'No PHI leakage in logs, no auth bypass, and no plaintext sensitive data handling.',
42
+ soc2: 'No auth bypass, no secret literals, and no CI/workflow integrity regressions.',
43
+ 'startup-fast': 'No secret literals, no unsafe debug backdoors, and keep changes scoped.',
44
+ node: 'No auth bypass, no secret literals, and no unsafe child_process shell execution.',
45
+ python: 'No credential leakage, no unsafe eval/exec patterns, and protect dependency boundaries.',
46
+ java: 'No auth bypass, no credential literals, and no insecure security-configuration drift.',
47
+ frontend: 'No client-side secret leakage, no unsafe DOM injection, and no auth-route bypass.',
48
+ };
39
49
  function loadPolicyRuntimeConfig() {
40
50
  const config = (0, config_1.loadConfig)();
41
51
  if (process.env.NEURCODE_API_KEY) {
@@ -108,7 +118,7 @@ async function resolveCustomPolicies(client, includeDashboardPolicies, requireDa
108
118
  function policyCommand(program) {
109
119
  const policy = program
110
120
  .command('policy')
111
- .description('Install and manage enterprise policy packs (fintech, hipaa, soc2, startup-fast)');
121
+ .description('Install and manage enterprise policy packs (fintech, hipaa, soc2, startup-fast, node, python, java, frontend)');
112
122
  policy
113
123
  .command('list')
114
124
  .description('List available policy packs')
@@ -204,6 +214,101 @@ function policyCommand(program) {
204
214
  process.exit(1);
205
215
  }
206
216
  });
217
+ policy
218
+ .command('bootstrap')
219
+ .description('Install a stack policy pack and generate lock + compiled artifact in one deterministic step')
220
+ .argument('<pack-id>', 'Policy pack ID')
221
+ .option('--force', 'Replace any existing installed policy pack')
222
+ .option('--intent <text>', 'Optional deterministic intent constraints for compilation')
223
+ .option('--include-dashboard', 'Include dashboard custom policies in lock + compile')
224
+ .option('--require-dashboard', 'Fail if dashboard custom policies cannot be loaded')
225
+ .option('--require-deterministic-match', 'Fail if any intent statement cannot be compiled into deterministic enforcement rules')
226
+ .option('--output <path>', 'Output file path (default: neurcode.policy.compiled.json)')
227
+ .option('--json', 'Output as JSON')
228
+ .action(async (packId, options) => {
229
+ const cwd = (0, project_root_1.resolveNeurcodeProjectRoot)(process.cwd());
230
+ const config = loadPolicyRuntimeConfig();
231
+ const client = new api_client_1.ApiClient(config);
232
+ try {
233
+ const installed = (0, policy_packs_1.installPolicyPack)(cwd, packId, options.force === true);
234
+ const includeDashboard = options.includeDashboard === true;
235
+ const customPolicyResolution = await resolveCustomPolicies(client, includeDashboard, options.requireDashboard === true);
236
+ const customRules = customPolicyResolution.includeDashboardPolicies
237
+ ? (0, custom_policy_rules_1.mapActiveCustomPoliciesToRules)(customPolicyResolution.customPolicies)
238
+ : [];
239
+ const snapshot = (0, policy_packs_1.buildPolicyStateSnapshot)({
240
+ policyPack: (0, policy_packs_1.getInstalledPolicyPackRules)(cwd),
241
+ policyPackRules: installed.rules,
242
+ customPolicies: customPolicyResolution.customPolicies,
243
+ customRules,
244
+ includeDashboardPolicies: customPolicyResolution.includeDashboardPolicies,
245
+ });
246
+ const lockPath = (0, policy_packs_1.writePolicyLockFile)(cwd, snapshot);
247
+ const resolvedIntent = (options.intent && options.intent.trim())
248
+ || BOOTSTRAP_INTENT_BY_PACK[installed.packId]
249
+ || '';
250
+ const compiledUnsigned = (0, policy_compiler_1.buildCompiledPolicyArtifact)({
251
+ includeDashboardPolicies: customPolicyResolution.includeDashboardPolicies,
252
+ policyLockPath: (0, policy_packs_1.getPolicyLockPath)(cwd),
253
+ policyLockFingerprint: snapshot.effective.fingerprint,
254
+ policyPack: {
255
+ id: installed.packId,
256
+ name: installed.packName,
257
+ version: installed.version,
258
+ },
259
+ defaultRuleCount: snapshot.defaultRules.count,
260
+ policyPackRuleCount: installed.rules.length,
261
+ customRuleCount: customRules.length,
262
+ effectiveRuleCount: snapshot.effective.ruleCount,
263
+ intentConstraints: resolvedIntent,
264
+ policyRules: customPolicyResolution.customPolicies.map((policy) => policy.rule_text),
265
+ });
266
+ const artifactSigningConfig = (0, artifact_signature_1.resolveGovernanceArtifactSigningConfigFromEnv)();
267
+ const compiled = (0, artifact_signature_1.signGovernanceArtifact)(compiledUnsigned, artifactSigningConfig);
268
+ if (options.requireDeterministicMatch === true
269
+ && compiled.compilation.unmatchedStatements.length > 0) {
270
+ throw new Error(`Deterministic policy compilation blocked: ${compiled.compilation.unmatchedStatements.length} intent statement(s) could not be converted into enforceable rules.`);
271
+ }
272
+ const artifactPath = (0, policy_compiler_1.writeCompiledPolicyArtifact)(cwd, compiled, options.output);
273
+ if (options.json) {
274
+ console.log(JSON.stringify({
275
+ bootstrap: {
276
+ packId: installed.packId,
277
+ packName: installed.packName,
278
+ version: installed.version,
279
+ lockPath,
280
+ compiledPolicyPath: artifactPath,
281
+ dashboardMode: compiled.source.includeDashboardPolicies ? 'dashboard' : 'disabled',
282
+ deterministicRuleCount: compiled.compilation.deterministicRuleCount,
283
+ unmatchedStatements: compiled.compilation.unmatchedStatements,
284
+ effectiveRuleCount: snapshot.effective.ruleCount,
285
+ },
286
+ warning: customPolicyResolution.dashboardWarning || null,
287
+ }, null, 2));
288
+ return;
289
+ }
290
+ console.log(chalk.green('\n✅ Policy bootstrap complete\n'));
291
+ console.log(chalk.cyan(`Pack: ${installed.packName}`) + chalk.dim(` (${installed.packId}@${installed.version})`));
292
+ console.log(chalk.dim(`Lock baseline: ${lockPath}`));
293
+ console.log(chalk.dim(`Compiled artifact: ${artifactPath}`));
294
+ console.log(chalk.dim(`Effective rules: ${snapshot.effective.ruleCount}`));
295
+ console.log(chalk.dim(`Deterministic compiled rules: ${compiled.compilation.deterministicRuleCount}`));
296
+ console.log(chalk.dim(`Unmatched intent statements: ${compiled.compilation.unmatchedStatements.length}`));
297
+ if (customPolicyResolution.dashboardWarning) {
298
+ console.log(chalk.yellow(`\n⚠️ ${customPolicyResolution.dashboardWarning}`));
299
+ }
300
+ console.log(chalk.dim('\nNext: run `neurcode verify --record --compiled-policy neurcode.policy.compiled.json --enforce-change-contract --strict-artifacts`.\n'));
301
+ }
302
+ catch (error) {
303
+ const message = error instanceof Error ? error.message : 'Unknown error';
304
+ if (options.json) {
305
+ console.log(JSON.stringify({ error: message }, null, 2));
306
+ process.exit(1);
307
+ }
308
+ console.error(chalk.red(`\n❌ ${message}\n`));
309
+ process.exit(1);
310
+ }
311
+ });
207
312
  policy
208
313
  .command('uninstall')
209
314
  .description('Remove the installed policy pack from this repository')