@oddessentials/odd-ai-reviewers 1.0.0

package/dist/config/mitigation-config.js

@@ -0,0 +1,430 @@
+/**
+ * Mitigation Configuration Parser
+ *
+ * Parses and validates custom mitigation pattern configuration.
+ * Implements:
+ * - T052: Config parser using Zod schemas
+ * - T053: Pattern validation ensuring declarative/side-effect-free per FR-015
+ * - T054: Pattern override support (confidence, deprecated)
+ * - T055: Pattern disable list support
+ * - FR-016: Validate patterns at configuration time with clear error messages
+ */
+import { ControlFlowConfigSchema, } from '../agents/control_flow/types.js';
+// =============================================================================
+// FR-015: Declarative Pattern Validation
+// =============================================================================
+/**
+ * Reserved words that cannot be used in pattern names (security measure).
+ */
+const RESERVED_PATTERN_WORDS = [
+    'eval',
+    'Function',
+    'setTimeout',
+    'setInterval',
+    'exec',
+    'spawn',
+    'require',
+    'import',
+];
+/**
+ * Maximum allowed pattern name/namePattern length.
+ */
+const MAX_PATTERN_NAME_LENGTH = 256;
+/**
+ * Maximum allowed patterns in a single configuration.
+ */
+const MAX_CUSTOM_PATTERNS = 100;
+/**
+ * Maximum allowed overrides in a single configuration.
+ */
+const MAX_PATTERN_OVERRIDES = 200;
+/**
+ * Maximum allowed disabled patterns in a single configuration.
+ */
+const MAX_DISABLED_PATTERNS = 200;
+/**
+ * Validate that a pattern is declarative and side-effect-free per FR-015.
+ *
+ * Patterns must only contain:
+ * - Function name matching (exact or regex)
+ * - Parameter constraints
+ * - Return value assertions
+ * - Module specifications
+ *
+ * No executable code, callbacks, or side effects are allowed.
+ */
+export function validatePatternIsDeclarative(pattern) {
+    const errors = [];
+    const warnings = [];
+    // Check pattern ID is valid
+    if (!pattern.id || pattern.id.trim().length === 0) {
+        errors.push({
+            code: 'EMPTY_PATTERN_ID',
+            path: ['id'],
+            message: 'Pattern ID cannot be empty',
+        });
+    }
+    // Check for reserved words in pattern name matching
+    if (pattern.match.name) {
+        for (const reserved of RESERVED_PATTERN_WORDS) {
+            if (pattern.match.name === reserved) {
+                errors.push({
+                    code: 'RESERVED_PATTERN_NAME',
+                    path: ['match', 'name'],
+                    message: `Pattern name "${reserved}" is reserved and cannot be used`,
+                });
+            }
+        }
+    }
+    // Validate namePattern is a valid regex
+    if (pattern.match.namePattern) {
+        if (pattern.match.namePattern.length > MAX_PATTERN_NAME_LENGTH) {
+            errors.push({
+                code: 'PATTERN_TOO_LONG',
+                path: ['match', 'namePattern'],
+                message: `Pattern regex exceeds maximum length of ${MAX_PATTERN_NAME_LENGTH} characters`,
+            });
+        }
+        try {
+            // Trust: REPO_CONFIG - Pattern from repository configuration, validated at config load time
+            // Control: Try-catch validates syntax before use. See docs/security/regex-threat-model.md
+            // eslint-disable-next-line security/detect-non-literal-regexp -- Validated config pattern
+            new RegExp(pattern.match.namePattern);
+        }
+        catch (e) {
+            errors.push({
+                code: 'INVALID_REGEX',
+                path: ['match', 'namePattern'],
+                message: `Invalid regex pattern: ${e.message}`,
+            });
+        }
+        // Check for overly complex/dangerous regex patterns
+        if (hasExponentialRegex(pattern.match.namePattern)) {
+            warnings.push({
+                code: 'COMPLEX_REGEX',
+                path: ['match', 'namePattern'],
+                message: 'Pattern contains potentially slow regex. Consider simplifying.',
+            });
+        }
+    }
+    // Either name or namePattern should be specified for function/method calls
+    if ((pattern.match.type === 'function_call' || pattern.match.type === 'method_call') &&
+        !pattern.match.name &&
+        !pattern.match.namePattern) {
+        errors.push({
+            code: 'MISSING_MATCH_CRITERIA',
+            path: ['match'],
+            message: 'Function/method call patterns must specify either name or namePattern',
+        });
+    }
+    // Validate parameter constraints are reasonable
+    if (pattern.match.parameters) {
+        const seenIndices = new Set();
+        for (let i = 0; i < pattern.match.parameters.length; i++) {
+            const param = pattern.match.parameters[i];
+            if (!param)
+                continue;
+            if (seenIndices.has(param.index)) {
+                errors.push({
+                    code: 'DUPLICATE_PARAM_INDEX',
+                    path: ['match', 'parameters', i.toString()],
+                    message: `Duplicate parameter index: ${param.index}`,
+                });
+            }
+            seenIndices.add(param.index);
+            if (param.index < 0 || param.index > 10) {
+                warnings.push({
+                    code: 'UNUSUAL_PARAM_INDEX',
+                    path: ['match', 'parameters', i.toString()],
+                    message: `Parameter index ${param.index} is unusual. Most functions have fewer than 10 parameters.`,
+                });
+            }
+        }
+    }
+    // Check that mitigates contains at least one entry
+    if (!pattern.mitigates || pattern.mitigates.length === 0) {
+        errors.push({
+            code: 'EMPTY_MITIGATES',
+            path: ['mitigates'],
+            message: 'Pattern must mitigate at least one vulnerability type',
+        });
+    }
+    // Warn about deprecated patterns without reason
+    if (pattern.deprecated && !pattern.deprecationReason) {
+        warnings.push({
+            code: 'DEPRECATED_NO_REASON',
+            path: ['deprecationReason'],
+            message: 'Deprecated patterns should include a deprecation reason',
+        });
+    }
+    return {
+        valid: errors.length === 0,
+        errors,
+        warnings,
+    };
+}
+/**
+ * Check if a regex pattern might have exponential backtracking.
+ * This is a simple heuristic check, not a complete analysis.
+ */
+function hasExponentialRegex(pattern) {
+    // Check for nested quantifiers like (a+)+ or (a*)*
+    if (/\([^)]*[+*]\)[+*]/.test(pattern)) {
+        return true;
+    }
+    // Check for overlapping alternatives with quantifiers
+    if (/\([^|)]*\|[^)]*\)[+*]/.test(pattern)) {
+        return true;
+    }
+    return false;
+}
+// =============================================================================
+// Pattern Override Validation
+// =============================================================================
+/**
+ * Validate a pattern override.
+ */
+export function validatePatternOverride(override) {
+    const errors = [];
+    const warnings = [];
+    if (!override.patternId || override.patternId.trim().length === 0) {
+        errors.push({
+            code: 'EMPTY_PATTERN_ID',
+            path: ['patternId'],
+            message: 'Override must specify a pattern ID',
+        });
+    }
+    // Warn if override has no actual changes
+    if (override.confidence === undefined && override.deprecated === undefined) {
+        warnings.push({
+            code: 'NO_OVERRIDE_CHANGES',
+            path: [],
+            message: 'Override has no changes specified (confidence or deprecated)',
+        });
+    }
+    // Warn about deprecation without reason
+    if (override.deprecated && !override.deprecationReason) {
+        warnings.push({
+            code: 'DEPRECATED_NO_REASON',
+            path: ['deprecationReason'],
+            message: 'Deprecated overrides should include a deprecation reason',
+        });
+    }
+    return {
+        valid: errors.length === 0,
+        errors,
+        warnings,
+    };
+}
+// =============================================================================
+// Configuration Parsing
+// =============================================================================
+/**
+ * Parse and validate a control flow configuration.
+ *
+ * This function:
+ * 1. Parses the config using Zod schema
+ * 2. Validates each custom pattern is declarative (FR-015)
+ * 3. Validates pattern overrides
+ * 4. Checks for conflicts and issues
+ */
+export function parseControlFlowConfig(rawConfig) {
+    const errors = [];
+    const warnings = [];
+    // Step 1: Parse with Zod schema
+    const parseResult = ControlFlowConfigSchema.safeParse(rawConfig);
+    if (!parseResult.success) {
+        for (const issue of parseResult.error.issues) {
+            errors.push({
+                code: 'SCHEMA_VALIDATION',
+                path: issue.path.map(String),
+                message: issue.message,
+            });
+        }
+        return { success: false, errors, warnings };
+    }
+    const config = parseResult.data;
+    // Step 2: Validate custom patterns count
+    if (config.mitigationPatterns.length > MAX_CUSTOM_PATTERNS) {
+        errors.push({
+            code: 'TOO_MANY_PATTERNS',
+            path: ['mitigationPatterns'],
+            message: `Too many custom patterns. Maximum is ${MAX_CUSTOM_PATTERNS}, got ${config.mitigationPatterns.length}`,
+        });
+    }
+    // Step 3: Validate each custom pattern
+    const patternIds = new Set();
+    for (let i = 0; i < config.mitigationPatterns.length; i++) {
+        const pattern = config.mitigationPatterns[i];
+        if (!pattern)
+            continue;
+        // Check for duplicate IDs
+        if (patternIds.has(pattern.id)) {
+            errors.push({
+                code: 'DUPLICATE_PATTERN_ID',
+                path: ['mitigationPatterns', i.toString()],
+                message: `Duplicate pattern ID: ${pattern.id}`,
+            });
+        }
+        patternIds.add(pattern.id);
+        // Validate pattern is declarative
+        const patternResult = validatePatternIsDeclarative(pattern);
+        for (const error of patternResult.errors) {
+            errors.push({
+                ...error,
+                path: ['mitigationPatterns', i.toString(), ...error.path],
+            });
+        }
+        for (const warning of patternResult.warnings) {
+            warnings.push({
+                ...warning,
+                path: ['mitigationPatterns', i.toString(), ...warning.path],
+            });
+        }
+    }
+    // Step 4: Validate overrides count
+    if (config.patternOverrides.length > MAX_PATTERN_OVERRIDES) {
+        errors.push({
+            code: 'TOO_MANY_OVERRIDES',
+            path: ['patternOverrides'],
+            message: `Too many pattern overrides. Maximum is ${MAX_PATTERN_OVERRIDES}, got ${config.patternOverrides.length}`,
+        });
+    }
+    // Step 5: Validate each override
+    const overrideIds = new Set();
+    for (let i = 0; i < config.patternOverrides.length; i++) {
+        const override = config.patternOverrides[i];
+        if (!override)
+            continue;
+        // Check for duplicate override IDs
+        if (overrideIds.has(override.patternId)) {
+            warnings.push({
+                code: 'DUPLICATE_OVERRIDE',
+                path: ['patternOverrides', i.toString()],
+                message: `Multiple overrides for pattern: ${override.patternId}. Only the last one will apply.`,
+            });
+        }
+        overrideIds.add(override.patternId);
+        // Validate override
+        const overrideResult = validatePatternOverride(override);
+        for (const error of overrideResult.errors) {
+            errors.push({
+                ...error,
+                path: ['patternOverrides', i.toString(), ...error.path],
+            });
+        }
+        for (const warning of overrideResult.warnings) {
+            warnings.push({
+                ...warning,
+                path: ['patternOverrides', i.toString(), ...warning.path],
+            });
+        }
+    }
+    // Step 6: Validate disabled patterns count
+    if (config.disabledPatterns.length > MAX_DISABLED_PATTERNS) {
+        errors.push({
+            code: 'TOO_MANY_DISABLED',
+            path: ['disabledPatterns'],
+            message: `Too many disabled patterns. Maximum is ${MAX_DISABLED_PATTERNS}, got ${config.disabledPatterns.length}`,
+        });
+    }
+    // Step 7: Check for duplicates in disabled patterns
+    const disabledSet = new Set();
+    for (let i = 0; i < config.disabledPatterns.length; i++) {
+        const id = config.disabledPatterns[i];
+        if (!id)
+            continue;
+        if (disabledSet.has(id)) {
+            warnings.push({
+                code: 'DUPLICATE_DISABLED',
+                path: ['disabledPatterns', i.toString()],
+                message: `Pattern "${id}" is listed multiple times in disabled patterns`,
+            });
+        }
+        disabledSet.add(id);
+    }
+    // Step 8: Check for conflicts between overrides and disabled
+    for (const override of config.patternOverrides) {
+        if (config.disabledPatterns.includes(override.patternId)) {
+            warnings.push({
+                code: 'OVERRIDE_DISABLED_CONFLICT',
+                path: ['patternOverrides'],
+                message: `Pattern "${override.patternId}" has an override but is also disabled. The pattern will be disabled.`,
+            });
+        }
+    }
+    return {
+        success: errors.length === 0,
+        config: errors.length === 0 ? config : undefined,
+        errors,
+        warnings,
+    };
+}
+// =============================================================================
+// Pattern Application
+// =============================================================================
+/**
+ * Apply pattern overrides to a set of patterns.
+ *
+ * Returns a new array with overrides applied.
+ */
+export function applyPatternOverrides(patterns, overrides) {
+    const overrideMap = new Map();
+    for (const override of overrides) {
+        overrideMap.set(override.patternId, override);
+    }
+    return patterns.map((pattern) => {
+        const override = overrideMap.get(pattern.id);
+        if (!override) {
+            return pattern;
+        }
+        return {
+            ...pattern,
+            confidence: override.confidence ?? pattern.confidence,
+            deprecated: override.deprecated ?? pattern.deprecated,
+            deprecationReason: override.deprecationReason ?? pattern.deprecationReason,
+        };
+    });
+}
+/**
+ * Filter out disabled patterns.
+ */
+export function filterDisabledPatterns(patterns, disabledIds) {
+    const disabledSet = new Set(disabledIds);
+    return patterns.filter((p) => !disabledSet.has(p.id));
+}
+/**
+ * Get effective patterns after applying overrides and filtering disabled.
+ */
+export function getEffectivePatterns(builtInPatterns, customPatterns, overrides, disabledIds) {
+    // Combine built-in and custom patterns
+    const allPatterns = [...builtInPatterns, ...customPatterns];
+    // Apply overrides
+    const withOverrides = applyPatternOverrides(allPatterns, overrides);
+    // Filter disabled
+    const filtered = filterDisabledPatterns(withOverrides, disabledIds);
+    // Filter deprecated
+    return filtered.filter((p) => !p.deprecated);
+}
+// =============================================================================
+// Error Formatting
+// =============================================================================
+/**
+ * Format validation errors for display.
+ */
+export function formatValidationErrors(errors) {
+    if (errors.length === 0) {
+        return 'No errors';
+    }
+    return errors.map((e) => `[${e.code}] ${e.path.join('.')}: ${e.message}`).join('\n');
+}
+/**
+ * Format validation warnings for display.
+ */
+export function formatValidationWarnings(warnings) {
+    if (warnings.length === 0) {
+        return 'No warnings';
+    }
+    return warnings.map((w) => `[${w.code}] ${w.path.join('.')}: ${w.message}`).join('\n');
+}
+//# sourceMappingURL=mitigation-config.js.map

package/dist/config/mitigation-config.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"mitigation-config.js","sourceRoot":"","sources":["../../src/config/mitigation-config.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAEH,OAAO,EAIL,uBAAuB,GACxB,MAAM,iCAAiC,CAAC;AA2CzC,gFAAgF;AAChF,yCAAyC;AACzC,gFAAgF;AAEhF;;GAEG;AACH,MAAM,sBAAsB,GAAG;IAC7B,MAAM;IACN,UAAU;IACV,YAAY;IACZ,aAAa;IACb,MAAM;IACN,OAAO;IACP,SAAS;IACT,QAAQ;CACT,CAAC;AAEF;;GAEG;AACH,MAAM,uBAAuB,GAAG,GAAG,CAAC;AAEpC;;GAEG;AACH,MAAM,mBAAmB,GAAG,GAAG,CAAC;AAEhC;;GAEG;AACH,MAAM,qBAAqB,GAAG,GAAG,CAAC;AAElC;;GAEG;AACH,MAAM,qBAAqB,GAAG,GAAG,CAAC;AAElC;;;;;;;;;;GAUG;AACH,MAAM,UAAU,4BAA4B,CAAC,OAA0B;IACrE,MAAM,MAAM,GAA6B,EAAE,CAAC;IAC5C,MAAM,QAAQ,GAA+B,EAAE,CAAC;IAEhD,4BAA4B;IAC5B,IAAI,CAAC,OAAO,CAAC,EAAE,IAAI,OAAO,CAAC,EAAE,CAAC,IAAI,EAAE,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAClD,MAAM,CAAC,IAAI,CAAC;YACV,IAAI,EAAE,kBAAkB;YACxB,IAAI,EAAE,CAAC,IAAI,CAAC;YACZ,OAAO,EAAE,4BAA4B;SACtC,CAAC,CAAC;IACL,CAAC;IAED,oDAAoD;IACpD,IAAI,OAAO,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC;QACvB,KAAK,MAAM,QAAQ,IAAI,sBAAsB,EAAE,CAAC;YAC9C,IAAI,OAAO,CAAC,KAAK,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;gBACpC,MAAM,CAAC,IAAI,CAAC;oBACV,IAAI,EAAE,uBAAuB;oBAC7B,IAAI,EAAE,CAAC,OAAO,EAAE,MAAM,CAAC;oBACvB,OAAO,EAAE,iBAAiB,QAAQ,kCAAkC;iBACrE,CAAC,CAAC;YACL,CAAC;QACH,CAAC;IACH,CAAC;IAED,wCAAwC;IACxC,IAAI,OAAO,CAAC,KAAK,CAAC,WAAW,EAAE,CAAC;QAC9B,IAAI,OAAO,CAAC,KAAK,CAAC,WAAW,CAAC,MAAM,GAAG,uBAAuB,EAAE,CAAC;YAC/D,MAAM,CAAC,IAAI,CAAC;gBACV,IAAI,EAAE,kBAAkB;gBACxB,IAAI,EAAE,CAAC,OAAO,EAAE,aAAa,CAAC;gBAC9B,OAAO,EAAE,2CAA2C,uBAAuB,aAAa;aACzF,CAAC,CAAC;QACL,CAAC;QAED,IAAI,CAAC;YACH,4FAA4F;YAC5F,0FAA0F;YAC1F,0FAA0F;YAC1F,IAAI,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC;QACxC,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,MAAM,CAAC,IAAI,CAAC;gBACV,IAAI,EAAE,eAAe;gBACrB,IAAI,EAAE,CAAC,OAAO,EAAE,aAAa,CAAC;gBAC9B,OAAO,EAAE,0BAA2B,CAAW,CAAC,OAAO,EAAE;aAC1D,CAAC,CAAC;QACL,CAAC;QAED,oDAAoD;QACpD,IAAI,mBAAmB,CAAC,OAAO,CAAC,KAAK,CAAC,WAAW,CAAC,EAAE,CAAC;YACnD,QAAQ,CAAC,IAAI,CAAC;gBACZ,IAAI,EAAE,eAAe;gBACrB,IAAI,EAAE,CAAC,OAAO,EAAE,aAAa,CAAC;gBAC9B,OAAO,EAAE,gEAAgE;aAC1E,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,2EAA2E;IAC3E,IACE,CAAC,OAAO,CAAC,KAAK,CAAC,IAAI,KAAK,eAAe,IAAI,OAAO,CAAC,KAAK,CAAC,IAAI,KAAK,aAAa,CAAC;QAChF,CAAC,OAAO,CAAC,KAAK,CAAC,IAAI;QACnB,CAAC,OAAO,CAAC,KAAK,CAAC,WAAW,EAC1B,CAAC;QACD,MAAM,CAAC,IAAI,CAAC;YACV,IAAI,EAAE,wBAAwB;YAC9B,IAAI,EAAE,CAAC,OAAO,CAAC;YACf,OAAO,EAAE,uEAAuE;SACjF,CAAC,CAAC;IACL,CAAC;IAED,gDAAgD;IAChD,IAAI,OAAO,CAAC,KAAK,CAAC,UAAU,EAAE,CAAC;QAC7B,MAAM,WAAW,GAAG,IAAI,GAAG,EAAU,CAAC;QACtC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,OAAO,CAAC,KAAK,CAAC,UAAU,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YACzD,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC;YAC1C,IAAI,CAAC,KAAK;gBAAE,SAAS;YAErB,IAAI,WAAW,CAAC,GAAG,CAAC,KAAK,CAAC,KAAK,CAAC,EAAE,CAAC;gBACjC,MAAM,CAAC,IAAI,CAAC;oBACV,IAAI,EAAE,uBAAuB;oBAC7B,IAAI,EAAE,CAAC,OAAO,EAAE,YAAY,EAAE,CAAC,CAAC,QAAQ,EAAE,CAAC;oBAC3C,OAAO,EAAE,8BAA8B,KAAK,CAAC,KAAK,EAAE;iBACrD,CAAC,CAAC;YACL,CAAC;YACD,WAAW,CAAC,GAAG,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;YAE7B,IAAI,KAAK,CAAC,KAAK,GAAG,CAAC,IAAI,KAAK,CAAC,KAAK,GAAG,EAAE,EAAE,CAAC;gBACxC,QAAQ,CAAC,IAAI,CAAC;oBACZ,IAAI,EAAE,qBAAqB;oBAC3B,IAAI,EAAE,CAAC,OAAO,EAAE,YAAY,EAAE,CAAC,CAAC,QAAQ,EAAE,CAAC;oBAC3C,OAAO,EAAE,mBAAmB,KAAK,CAAC,KAAK,4DAA4D;iBACpG,CAAC,CAAC;YACL,CAAC;QACH,CAAC;IACH,CAAC;IAED,mDAAmD;IACnD,IAAI,CAAC,OAAO,CAAC,SAAS,IAAI,OAAO,CAAC,SAAS,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACzD,MAAM,CAAC,IAAI,CAAC;YACV,IAAI,EAAE,iBAAiB;YACvB,IAAI,EAAE,CAAC,WAAW,CAAC;YACnB,OAAO,EAAE,uDAAuD;SACjE,CAAC,CAAC;IACL,CAAC;IAED,gDAAgD;IAChD,IAAI,OAAO,CAAC,UAAU,IAAI,CAAC,OAAO,CAAC,iBAAiB,EAAE,CAAC;QACrD,QAAQ,CAAC,IAAI,CAAC;YACZ,IAAI,EAAE,sBAAsB;YAC5B,IAAI,EAAE,CAAC,mBAAmB,CAAC;YAC3B,OAAO,EAAE,yDAAyD;SACnE,CAAC,CAAC;IACL,CAAC;IAED,OAAO;QACL,KAAK,EAAE,MAAM,CAAC,MAAM,KAAK,CAAC;QAC1B,MAAM;QACN,QAAQ;KACT,CAAC;AACJ,CAAC;AAED;;;GAGG;AACH,SAAS,mBAAmB,CAAC,OAAe;IAC1C,mDAAmD;IACnD,IAAI,mBAAmB,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;QACtC,OAAO,IAAI,CAAC;IACd,CAAC;IAED,sDAAsD;IACtD,IAAI,uBAAuB,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;QAC1C,OAAO,IAAI,CAAC;IACd,CAAC;IAED,OAAO,KAAK,CAAC;AACf,CAAC;AAED,gFAAgF;AAChF,8BAA8B;AAC9B,gFAAgF;AAEhF;;GAEG;AACH,MAAM,UAAU,uBAAuB,CAAC,QAAyB;IAC/D,MAAM,MAAM,GAA6B,EAAE,CAAC;IAC5C,MAAM,QAAQ,GAA+B,EAAE,CAAC;IAEhD,IAAI,CAAC,QAAQ,CAAC,SAAS,IAAI,QAAQ,CAAC,SAAS,CAAC,IAAI,EAAE,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAClE,MAAM,CAAC,IAAI,CAAC;YACV,IAAI,EAAE,kBAAkB;YACxB,IAAI,EAAE,CAAC,WAAW,CAAC;YACnB,OAAO,EAAE,oCAAoC;SAC9C,CAAC,CAAC;IACL,CAAC;IAED,yCAAyC;IACzC,IAAI,QAAQ,CAAC,UAAU,KAAK,SAAS,IAAI,QAAQ,CAAC,UAAU,KAAK,SAAS,EAAE,CAAC;QAC3E,QAAQ,CAAC,IAAI,CAAC;YACZ,IAAI,EAAE,qBAAqB;YAC3B,IAAI,EAAE,EAAE;YACR,OAAO,EAAE,8DAA8D;SACxE,CAAC,CAAC;IACL,CAAC;IAED,wCAAwC;IACxC,IAAI,QAAQ,CAAC,UAAU,IAAI,CAAC,QAAQ,CAAC,iBAAiB,EAAE,CAAC;QACvD,QAAQ,CAAC,IAAI,CAAC;YACZ,IAAI,EAAE,sBAAsB;YAC5B,IAAI,EAAE,CAAC,mBAAmB,CAAC;YAC3B,OAAO,EAAE,0DAA0D;SACpE,CAAC,CAAC;IACL,CAAC;IAED,OAAO;QACL,KAAK,EAAE,MAAM,CAAC,MAAM,KAAK,CAAC;QAC1B,MAAM;QACN,QAAQ;KACT,CAAC;AACJ,CAAC;AAED,gFAAgF;AAChF,wBAAwB;AACxB,gFAAgF;AAEhF;;;;;;;;GAQG;AACH,MAAM,UAAU,sBAAsB,CAAC,SAAkB;IACvD,MAAM,MAAM,GAA6B,EAAE,CAAC;IAC5C,MAAM,QAAQ,GAA+B,EAAE,CAAC;IAEhD,gCAAgC;IAChC,MAAM,WAAW,GAAG,uBAAuB,CAAC,SAAS,CAAC,SAAS,CAAC,CAAC;IACjE,IAAI,CAAC,WAAW,CAAC,OAAO,EAAE,CAAC;QACzB,KAAK,MAAM,KAAK,IAAI,WAAW,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC;YAC7C,MAAM,CAAC,IAAI,CAAC;gBACV,IAAI,EAAE,mBAAmB;gBACzB,IAAI,EAAE,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC;gBAC5B,OAAO,EAAE,KAAK,CAAC,OAAO;aACvB,CAAC,CAAC;QACL,CAAC;QACD,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,QAAQ,EAAE,CAAC;IAC9C,CAAC;IAED,MAAM,MAAM,GAAG,WAAW,CAAC,IAAI,CAAC;IAEhC,yCAAyC;IACzC,IAAI,MAAM,CAAC,kBAAkB,CAAC,MAAM,GAAG,mBAAmB,EAAE,CAAC;QAC3D,MAAM,CAAC,IAAI,CAAC;YACV,IAAI,EAAE,mBAAmB;YACzB,IAAI,EAAE,CAAC,oBAAoB,CAAC;YAC5B,OAAO,EAAE,wCAAwC,mBAAmB,SAAS,MAAM,CAAC,kBAAkB,CAAC,MAAM,EAAE;SAChH,CAAC,CAAC;IACL,CAAC;IAED,uCAAuC;IACvC,MAAM,UAAU,GAAG,IAAI,GAAG,EAAU,CAAC;IACrC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,MAAM,CAAC,kBAAkB,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QAC1D,MAAM,OAAO,GAAG,MAAM,CAAC,kBAAkB,CAAC,CAAC,CAAC,CAAC;QAC7C,IAAI,CAAC,OAAO;YAAE,SAAS;QAEvB,0BAA0B;QAC1B,IAAI,UAAU,CAAC,GAAG,CAAC,OAAO,CAAC,EAAE,CAAC,EAAE,CAAC;YAC/B,MAAM,CAAC,IAAI,CAAC;gBACV,IAAI,EAAE,sBAAsB;gBAC5B,IAAI,EAAE,CAAC,oBAAoB,EAAE,CAAC,CAAC,QAAQ,EAAE,CAAC;gBAC1C,OAAO,EAAE,yBAAyB,OAAO,CAAC,EAAE,EAAE;aAC/C,CAAC,CAAC;QACL,CAAC;QACD,UAAU,CAAC,GAAG,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC;QAE3B,kCAAkC;QAClC,MAAM,aAAa,GAAG,4BAA4B,CAAC,OAAO,CAAC,CAAC;QAC5D,KAAK,MAAM,KAAK,IAAI,aAAa,CAAC,MAAM,EAAE,CAAC;YACzC,MAAM,CAAC,IAAI,CAAC;gBACV,GAAG,KAAK;gBACR,IAAI,EAAE,CAAC,oBAAoB,EAAE,CAAC,CAAC,QAAQ,EAAE,EAAE,GAAG,KAAK,CAAC,IAAI,CAAC;aAC1D,CAAC,CAAC;QACL,CAAC;QACD,KAAK,MAAM,OAAO,IAAI,aAAa,CAAC,QAAQ,EAAE,CAAC;YAC7C,QAAQ,CAAC,IAAI,CAAC;gBACZ,GAAG,OAAO;gBACV,IAAI,EAAE,CAAC,oBAAoB,EAAE,CAAC,CAAC,QAAQ,EAAE,EAAE,GAAG,OAAO,CAAC,IAAI,CAAC;aAC5D,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,mCAAmC;IACnC,IAAI,MAAM,CAAC,gBAAgB,CAAC,MAAM,GAAG,qBAAqB,EAAE,CAAC;QAC3D,MAAM,CAAC,IAAI,CAAC;YACV,IAAI,EAAE,oBAAoB;YAC1B,IAAI,EAAE,CAAC,kBAAkB,CAAC;YAC1B,OAAO,EAAE,0CAA0C,qBAAqB,SAAS,MAAM,CAAC,gBAAgB,CAAC,MAAM,EAAE;SAClH,CAAC,CAAC;IACL,CAAC;IAED,iCAAiC;IACjC,MAAM,WAAW,GAAG,IAAI,GAAG,EAAU,CAAC;IACtC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,MAAM,CAAC,gBAAgB,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACxD,MAAM,QAAQ,GAAG,MAAM,CAAC,gBAAgB,CAAC,CAAC,CAAC,CAAC;QAC5C,IAAI,CAAC,QAAQ;YAAE,SAAS;QAExB,mCAAmC;QACnC,IAAI,WAAW,CAAC,GAAG,CAAC,QAAQ,CAAC,SAAS,CAAC,EAAE,CAAC;YACxC,QAAQ,CAAC,IAAI,CAAC;gBACZ,IAAI,EAAE,oBAAoB;gBAC1B,IAAI,EAAE,CAAC,kBAAkB,EAAE,CAAC,CAAC,QAAQ,EAAE,CAAC;gBACxC,OAAO,EAAE,mCAAmC,QAAQ,CAAC,SAAS,iCAAiC;aAChG,CAAC,CAAC;QACL,CAAC;QACD,WAAW,CAAC,GAAG,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC;QAEpC,oBAAoB;QACpB,MAAM,cAAc,GAAG,uBAAuB,CAAC,QAAQ,CAAC,CAAC;QACzD,KAAK,MAAM,KAAK,IAAI,cAAc,CAAC,MAAM,EAAE,CAAC;YAC1C,MAAM,CAAC,IAAI,CAAC;gBACV,GAAG,KAAK;gBACR,IAAI,EAAE,CAAC,kBAAkB,EAAE,CAAC,CAAC,QAAQ,EAAE,EAAE,GAAG,KAAK,CAAC,IAAI,CAAC;aACxD,CAAC,CAAC;QACL,CAAC;QACD,KAAK,MAAM,OAAO,IAAI,cAAc,CAAC,QAAQ,EAAE,CAAC;YAC9C,QAAQ,CAAC,IAAI,CAAC;gBACZ,GAAG,OAAO;gBACV,IAAI,EAAE,CAAC,kBAAkB,EAAE,CAAC,CAAC,QAAQ,EAAE,EAAE,GAAG,OAAO,CAAC,IAAI,CAAC;aAC1D,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,2CAA2C;IAC3C,IAAI,MAAM,CAAC,gBAAgB,CAAC,MAAM,GAAG,qBAAqB,EAAE,CAAC;QAC3D,MAAM,CAAC,IAAI,CAAC;YACV,IAAI,EAAE,mBAAmB;YACzB,IAAI,EAAE,CAAC,kBAAkB,CAAC;YAC1B,OAAO,EAAE,0CAA0C,qBAAqB,SAAS,MAAM,CAAC,gBAAgB,CAAC,MAAM,EAAE;SAClH,CAAC,CAAC;IACL,CAAC;IAED,oDAAoD;IACpD,MAAM,WAAW,GAAG,IAAI,GAAG,EAAU,CAAC;IACtC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,MAAM,CAAC,gBAAgB,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACxD,MAAM,EAAE,GAAG,MAAM,CAAC,gBAAgB,CAAC,CAAC,CAAC,CAAC;QACtC,IAAI,CAAC,EAAE;YAAE,SAAS;QAElB,IAAI,WAAW,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE,CAAC;YACxB,QAAQ,CAAC,IAAI,CAAC;gBACZ,IAAI,EAAE,oBAAoB;gBAC1B,IAAI,EAAE,CAAC,kBAAkB,EAAE,CAAC,CAAC,QAAQ,EAAE,CAAC;gBACxC,OAAO,EAAE,YAAY,EAAE,iDAAiD;aACzE,CAAC,CAAC;QACL,CAAC;QACD,WAAW,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IACtB,CAAC;IAED,6DAA6D;IAC7D,KAAK,MAAM,QAAQ,IAAI,MAAM,CAAC,gBAAgB,EAAE,CAAC;QAC/C,IAAI,MAAM,CAAC,gBAAgB,CAAC,QAAQ,CAAC,QAAQ,CAAC,SAAS,CAAC,EAAE,CAAC;YACzD,QAAQ,CAAC,IAAI,CAAC;gBACZ,IAAI,EAAE,4BAA4B;gBAClC,IAAI,EAAE,CAAC,kBAAkB,CAAC;gBAC1B,OAAO,EAAE,YAAY,QAAQ,CAAC,SAAS,uEAAuE;aAC/G,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,OAAO;QACL,OAAO,EAAE,MAAM,CAAC,MAAM,KAAK,CAAC;QAC5B,MAAM,EAAE,MAAM,CAAC,MAAM,KAAK,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS;QAChD,MAAM;QACN,QAAQ;KACT,CAAC;AACJ,CAAC;AAED,gFAAgF;AAChF,sBAAsB;AACtB,gFAAgF;AAEhF;;;;GAIG;AACH,MAAM,UAAU,qBAAqB,CACnC,QAA6B,EAC7B,SAA4B;IAE5B,MAAM,WAAW,GAAG,IAAI,GAAG,EAA2B,CAAC;IACvD,KAAK,MAAM,QAAQ,IAAI,SAAS,EAAE,CAAC;QACjC,WAAW,CAAC,GAAG,CAAC,QAAQ,CAAC,SAAS,EAAE,QAAQ,CAAC,CAAC;IAChD,CAAC;IAED,OAAO,QAAQ,CAAC,GAAG,CAAC,CAAC,OAAO,EAAE,EAAE;QAC9B,MAAM,QAAQ,GAAG,WAAW,CAAC,GAAG,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC;QAC7C,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,OAAO,OAAO,CAAC;QACjB,CAAC;QAED,OAAO;YACL,GAAG,OAAO;YACV,UAAU,EAAE,QAAQ,CAAC,UAAU,IAAI,OAAO,CAAC,UAAU;YACrD,UAAU,EAAE,QAAQ,CAAC,UAAU,IAAI,OAAO,CAAC,UAAU;YACrD,iBAAiB,EAAE,QAAQ,CAAC,iBAAiB,IAAI,OAAO,CAAC,iBAAiB;SAC3E,CAAC;IACJ,CAAC,CAAC,CAAC;AACL,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,sBAAsB,CACpC,QAA6B,EAC7B,WAAqB;IAErB,MAAM,WAAW,GAAG,IAAI,GAAG,CAAC,WAAW,CAAC,CAAC;IACzC,OAAO,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;AACxD,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,oBAAoB,CAClC,eAAoC,EACpC,cAAmC,EACnC,SAA4B,EAC5B,WAAqB;IAErB,uCAAuC;IACvC,MAAM,WAAW,GAAG,CAAC,GAAG,eAAe,EAAE,GAAG,cAAc,CAAC,CAAC;IAE5D,kBAAkB;IAClB,MAAM,aAAa,GAAG,qBAAqB,CAAC,WAAW,EAAE,SAAS,CAAC,CAAC;IAEpE,kBAAkB;IAClB,MAAM,QAAQ,GAAG,sBAAsB,CAAC,aAAa,EAAE,WAAW,CAAC,CAAC;IAEpE,oBAAoB;IACpB,OAAO,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC;AAC/C,CAAC;AAED,gFAAgF;AAChF,mBAAmB;AACnB,gFAAgF;AAEhF;;GAEG;AACH,MAAM,UAAU,sBAAsB,CAAC,MAAgC;IACrE,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACxB,OAAO,WAAW,CAAC;IACrB,CAAC;IAED,OAAO,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,CAAC,IAAI,KAAK,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AACvF,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,wBAAwB,CAAC,QAAoC;IAC3E,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC1B,OAAO,aAAa,CAAC;IACvB,CAAC;IAED,OAAO,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,CAAC,IAAI,KAAK,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AACzF,CAAC"}

package/dist/config/providers.d.ts

@@ -0,0 +1,118 @@
+/**
+ * Provider Resolution Module
+ *
+ * Handles LLM provider resolution with strict precedence rules.
+ * Extracted from config.ts to improve modularity.
+ */
+import type { Config, AgentId } from './schemas.js';
+/**
+ * Check if model is a completions-only model (not chat-compatible).
+ * Used for preflight validation to prevent 404 errors.
+ *
+ * @param model - Model name to check
+ * @returns true if model is completions-only and NOT compatible with chat API
+ */
+export declare function isCompletionsOnlyModel(model: string): boolean;
+/**
+ * Provider type for LLM agents.
+ * Router resolves provider once; agents use this without guessing.
+ */
+export type LlmProvider = 'anthropic' | 'openai' | 'azure-openai' | 'ollama';
+/**
+ * Resolved configuration tuple for logging and reproducibility (FR-011).
+ * Captures the fully resolved state at preflight time.
+ *
+ * INVARIANT: This tuple is logged at preflight and locked for the entire run.
+ * INVARIANT: keySource logs env var name, never the actual secret value.
+ */
+export interface ResolvedConfigTuple {
+    /** Resolved LLM provider */
+    provider: LlmProvider | null;
+    /** Effective model name (may be auto-applied default for single-key setups) */
+    model: string;
+    /** Source of API key, e.g., "env:OPENAI_API_KEY" */
+    keySource: string | null;
+    /** Source of config: "file" (from .ai-review.yml), "defaults" (built-in), "merged" (both) */
+    configSource: 'file' | 'defaults' | 'merged';
+    /** Path to config file if file source */
+    configPath?: string;
+    /** Tuple format version - increment when fields are added/changed */
+    schemaVersion: number;
+    /** Resolution logic version - increment when resolution behavior changes */
+    resolutionVersion: number;
+}
+/** Current schema version for ResolvedConfigTuple */
+export declare const RESOLVED_CONFIG_SCHEMA_VERSION = 1;
+/** Current resolution logic version */
+export declare const RESOLVED_CONFIG_RESOLUTION_VERSION = 1;
+/**
+ * Resolve the key source string for a provider (FR-011 logging).
+ *
+ * INVARIANT: Returns env var name, NEVER the actual secret value.
+ * INVARIANT: For Azure, returns first present key (API_KEY takes precedence).
+ *
+ * @param provider - The resolved provider
+ * @param env - Environment variables to check
+ * @returns Key source string like "env:OPENAI_API_KEY" or null if no key found
+ */
+export declare function resolveKeySource(provider: LlmProvider, env: Record<string, string | undefined>): string | null;
+/**
+ * Resolve the config source based on whether config came from file or defaults.
+ *
+ * @param config - The resolved configuration
+ * @param configPath - Path to config file, or undefined if no file loaded
+ * @returns Config source: 'file', 'defaults', or 'merged'
+ */
+export declare function resolveConfigSource(config: Config, configPath: string | undefined): 'file' | 'defaults' | 'merged';
+/**
+ * Infer provider from model name (heuristic, not contract).
+ * Used for preflight validation to catch provider/model mismatches early.
+ *
+ * @param model - Model name to classify
+ * @returns Inferred provider or 'unknown' if can't determine
+ */
+export declare function inferProviderFromModel(model: string): 'anthropic' | 'openai' | 'unknown';
+/**
+ * Resolve effective model using precedence order:
+ * 1. MODEL env var (user override)
+ * 2. config.models.default (repo config)
+ *
+ * INVARIANT: Router owns model resolution. Agents receive the resolved model.
+ * INVARIANT: No hardcoded fallbacks. Misconfiguration fails preflight.
+ */
+export declare function resolveEffectiveModel(config: Config, env: Record<string, string | undefined>): string;
+/**
+ * Resolve the effective LLM provider for an agent.
+ *
+ * PRECEDENCE ORDER:
+ * 1. Explicit config.provider field (user override - T010)
+ * 2. Anthropic wins if agent supports it and key is present
+ * 3. Azure only for Azure-capable agents
+ * 4. OpenAI as fallback
+ *
+ * INVARIANT: Explicit provider bypasses auto-detection.
+ * INVARIANT: Azure only for Azure-capable agents.
+ * INVARIANT: No silent fallback. Missing keys = preflight failure.
+ *
+ * @param agentId - The agent to resolve provider for
+ * @param env - Environment variables to check for keys
+ * @param explicitProvider - Optional explicit provider from config.provider field
+ * @returns Provider to use, or null if no valid provider available
+ */
+export declare function resolveProvider(agentId: AgentId, env: Record<string, string | undefined>, explicitProvider?: LlmProvider): LlmProvider | null;
+/**
+ * Build the resolved configuration tuple for logging (FR-011).
+ *
+ * INVARIANT: This tuple captures the fully resolved state at preflight time.
+ * INVARIANT: keySource logs env var name, NEVER the actual secret value.
+ * INVARIANT: Tuple is immutable after construction.
+ *
+ * @param provider - Resolved provider (may be null for static-only runs)
+ * @param model - Effective model name
+ * @param env - Environment variables for key source resolution
+ * @param config - Configuration for config source resolution
+ * @param configPath - Path to config file, or undefined if no file loaded
+ * @returns Fully populated ResolvedConfigTuple
+ */
+export declare function buildResolvedConfigTuple(provider: LlmProvider | null, model: string, env: Record<string, string | undefined>, config: Config, configPath: string | undefined): ResolvedConfigTuple;
+//# sourceMappingURL=providers.d.ts.map

package/dist/config/providers.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"providers.d.ts","sourceRoot":"","sources":["../../src/config/providers.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,KAAK,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,cAAc,CAAC;AAkBpD;;;;;;GAMG;AACH,wBAAgB,sBAAsB,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAE7D;AAED;;;GAGG;AACH,MAAM,MAAM,WAAW,GAAG,WAAW,GAAG,QAAQ,GAAG,cAAc,GAAG,QAAQ,CAAC;AAE7E;;;;;;GAMG;AACH,MAAM,WAAW,mBAAmB;IAClC,4BAA4B;IAC5B,QAAQ,EAAE,WAAW,GAAG,IAAI,CAAC;IAE7B,+EAA+E;IAC/E,KAAK,EAAE,MAAM,CAAC;IAEd,oDAAoD;IACpD,SAAS,EAAE,MAAM,GAAG,IAAI,CAAC;IAEzB,6FAA6F;IAC7F,YAAY,EAAE,MAAM,GAAG,UAAU,GAAG,QAAQ,CAAC;IAE7C,yCAAyC;IACzC,UAAU,CAAC,EAAE,MAAM,CAAC;IAEpB,qEAAqE;IACrE,aAAa,EAAE,MAAM,CAAC;IAEtB,4EAA4E;IAC5E,iBAAiB,EAAE,MAAM,CAAC;CAC3B;AAED,qDAAqD;AACrD,eAAO,MAAM,8BAA8B,IAAI,CAAC;AAEhD,uCAAuC;AACvC,eAAO,MAAM,kCAAkC,IAAI,CAAC;AAapD;;;;;;;;;GASG;AACH,wBAAgB,gBAAgB,CAC9B,QAAQ,EAAE,WAAW,EACrB,GAAG,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,SAAS,CAAC,GACtC,MAAM,GAAG,IAAI,CAYf;AAED;;;;;;GAMG;AACH,wBAAgB,mBAAmB,CACjC,MAAM,EAAE,MAAM,EACd,UAAU,EAAE,MAAM,GAAG,SAAS,GAC7B,MAAM,GAAG,UAAU,GAAG,QAAQ,CAoBhC;AAcD;;;;;;GAMG;AACH,wBAAgB,sBAAsB,CAAC,KAAK,EAAE,MAAM,GAAG,WAAW,GAAG,QAAQ,GAAG,SAAS,CAIxF;AAED;;;;;;;GAOG;AACH,wBAAgB,qBAAqB,CACnC,MAAM,EAAE,MAAM,EACd,GAAG,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,SAAS,CAAC,GACtC,MAAM,CAeR;AAED;;;;;;;;;;;;;;;;;GAiBG;AACH,wBAAgB,eAAe,CAC7B,OAAO,EAAE,OAAO,EAChB,GAAG,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,SAAS,CAAC,EACvC,gBAAgB,CAAC,EAAE,WAAW,GAC7B,WAAW,GAAG,IAAI,CAkDpB;AAED;;;;;;;;;;;;;GAaG;AACH,wBAAgB,wBAAwB,CACtC,QAAQ,EAAE,WAAW,GAAG,IAAI,EAC5B,KAAK,EAAE,MAAM,EACb,GAAG,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,SAAS,CAAC,EACvC,MAAM,EAAE,MAAM,EACd,UAAU,EAAE,MAAM,GAAG,SAAS,GAC7B,mBAAmB,CAmBrB"}