@oscharko-dev/keiko-evidence 0.2.0

package/dist/promptEnhancement/manifestSchema.js

@@ -0,0 +1,307 @@
+// Prompt Enhancement evidence manifest shape (Epic #1307, Issue #1313; ADR-0044 §1/§5).
+//
+// Versioned, persistable record the Prompt Enhancer writes through `keiko-evidence` after a run.
+// Mirrors the Quality Intelligence evidence template (record → redact → hash → validate → write) but
+// for the enhancer domain. It captures exactly what AC4 requires — the original input, the enhanced
+// output, the applied rules, the assumptions, the candidate scores, the model metadata when
+// applicable, and the verification status — and NOTHING that could leak a secret: the original input is
+// a SHA-256 fingerprint plus a redacted, truncated excerpt; every other free-text field is passed
+// through the security redactor before it reaches this shape.
+//
+// Schema evolution follows the EVIDENCE_SCHEMA_VERSION rule: a breaking structural change introduces a
+// NEW `peEvidenceSchemaVersion` literal member rather than mutating the current literal, so persisted artefacts stay
+// discriminable across versions.
+import { GROUNDING_DIRECTIVES, LEAST_PRIVILEGE_CONSTRAINTS, PROMPT_SAFETY_DECISIONS, PROMPT_SAFETY_VERIFICATION_STATUSES, isPromptSafetyViolationCode, } from "@oscharko-dev/keiko-contracts";
+export const PROMPT_ENHANCEMENT_EVIDENCE_SCHEMA_VERSION = 2;
+const ALLOWED_STATUSES = new Set([
+    "validated",
+    "requires-human-review",
+    "rejected",
+]);
+// ─── Strict-schema gate ──────────────────────────────────────────────────────────────
+// The closed set of allowed top-level keys. A persisted record carrying any extra key fails the gate
+// on read, matching the EvidenceManifest discipline. Update in lock-step with the interface above.
+const ALLOWED_TOP_LEVEL_KEYS = new Set([
+    "peEvidenceSchemaVersion",
+    "runId",
+    "recordedAt",
+    "requestId",
+    "status",
+    "inputRedactedFingerprintSha256",
+    "inputExcerptRedacted",
+    "enhancedPromptId",
+    "enhancedPromptTextRedacted",
+    "appliedSafetyRules",
+    "appliedGroundingDirectives",
+    "assumptions",
+    "candidateScores",
+    "safety",
+    "modelMetadata",
+    "redactionSummary",
+    "integrityHashes",
+    "totals",
+]);
+const HEX_SHA256 = /^[0-9a-f]{64}$/u;
+const isRecord = (value) => typeof value === "object" && value !== null && !Array.isArray(value);
+const isNonNegativeInteger = (value) => typeof value === "number" && Number.isInteger(value) && value >= 0;
+const isUnitInterval = (value) => typeof value === "number" && Number.isFinite(value) && value >= 0 && value <= 1;
+const isStringArray = (value) => Array.isArray(value) && value.every((entry) => typeof entry === "string");
+const isUniqueStringArray = (value, allowed) => isStringArray(value) &&
+    value.every((entry) => allowed.includes(entry)) &&
+    new Set(value).size === value.length;
+const isGroundingDirectiveArray = (value) => isUniqueStringArray(value, GROUNDING_DIRECTIVES);
+const isLeastPrivilegeArray = (value) => isUniqueStringArray(value, LEAST_PRIVILEGE_CONSTRAINTS);
+function validateRedactionSummary(value) {
+    if (!isRecord(value))
+        return "redactionSummary must be an object";
+    if (!isNonNegativeInteger(value.totalStringsScanned)) {
+        return "redactionSummary.totalStringsScanned must be a non-negative integer";
+    }
+    if (!isNonNegativeInteger(value.stringsRedacted)) {
+        return "redactionSummary.stringsRedacted must be a non-negative integer";
+    }
+    if (!isRecord(value.patternsMatched)) {
+        return "redactionSummary.patternsMatched must be an object";
+    }
+    if (Object.values(value.patternsMatched).some((count) => !isNonNegativeInteger(count))) {
+        return "redactionSummary.patternsMatched values must be non-negative integers";
+    }
+    return undefined;
+}
+function validateIntegrityHashes(value) {
+    if (!isRecord(value))
+        return "integrityHashes must be an object";
+    for (const key of ["enhancedOutput", "appliedRules", "candidateScores", "record"]) {
+        if (typeof value[key] !== "string" || !HEX_SHA256.test(value[key])) {
+            return `integrityHashes.${key} must be a SHA-256 hex digest`;
+        }
+    }
+    return undefined;
+}
+function validateCandidateScoreRow(row, index) {
+    const label = `candidateScores[${String(index)}]`;
+    if (!isRecord(row))
+        return `${label} must be an object`;
+    if (typeof row.candidateId !== "string" || row.candidateId.length === 0) {
+        return `${label}.candidateId must be a non-empty string`;
+    }
+    if (typeof row.profile !== "string" || row.profile.length === 0) {
+        return `${label}.profile must be a non-empty string`;
+    }
+    if (!isUnitInterval(row.aggregateScore)) {
+        return `${label}.aggregateScore must be a number in [0, 1]`;
+    }
+    if (!isNonNegativeInteger(row.estimatedTokens)) {
+        return `${label}.estimatedTokens must be a non-negative integer`;
+    }
+    if (typeof row.selected !== "boolean") {
+        return `${label}.selected must be a boolean`;
+    }
+    return undefined;
+}
+function validateCandidateScoreRows(value) {
+    if (!Array.isArray(value))
+        return "candidateScores must be an array";
+    for (const [index, row] of value.entries()) {
+        const error = validateCandidateScoreRow(row, index);
+        if (error !== undefined)
+            return error;
+    }
+    return undefined;
+}
+function validateSafetyRecordScalars(value) {
+    if (typeof value.decision !== "string" ||
+        !PROMPT_SAFETY_DECISIONS.includes(value.decision)) {
+        return "safety.decision must be a known safety decision";
+    }
+    if (typeof value.verificationStatus !== "string" ||
+        !PROMPT_SAFETY_VERIFICATION_STATUSES.includes(value.verificationStatus)) {
+        return "safety.verificationStatus must be a known verification status";
+    }
+    if (typeof value.requiresHumanReview !== "boolean") {
+        return "safety.requiresHumanReview must be a boolean";
+    }
+    return undefined;
+}
+function validateSafetyRecordLists(value) {
+    if (!Array.isArray(value.findingCodes) ||
+        value.findingCodes.some((code) => !isPromptSafetyViolationCode(code))) {
+        return "safety.findingCodes must be an array of known violation codes";
+    }
+    if (!isLeastPrivilegeArray(value.leastPrivilege)) {
+        return "safety.leastPrivilege must be an array of unique least-privilege constraints";
+    }
+    return undefined;
+}
+function validateAcceptedSafetyStatus(value) {
+    if (value.decision !== "accepted" ||
+        value.verificationStatus !== "passed" ||
+        value.requiresHumanReview) {
+        return "status validated must match an accepted safety record";
+    }
+    return undefined;
+}
+function validateReviewSafetyStatus(value) {
+    const leastPrivilege = value.leastPrivilege;
+    if (value.decision !== "requires-human-review" ||
+        value.verificationStatus !== "passed-with-review" ||
+        !value.requiresHumanReview ||
+        !leastPrivilege.includes("require-human-approval")) {
+        return "status requires-human-review must match a review-gated safety record";
+    }
+    return undefined;
+}
+function validateRejectedSafetyStatus(value) {
+    const findingCodes = value.findingCodes;
+    if (value.decision !== "rejected" ||
+        value.verificationStatus !== "failed" ||
+        findingCodes.length === 0) {
+        return "status rejected must match a failed safety record with findings";
+    }
+    return undefined;
+}
+function validateSafetyStatusConsistency(value, status) {
+    if (status === "validated")
+        return validateAcceptedSafetyStatus(value);
+    if (status === "requires-human-review")
+        return validateReviewSafetyStatus(value);
+    return validateRejectedSafetyStatus(value);
+}
+function validateSafetyRecord(value, status) {
+    if (!isRecord(value))
+        return "safety must be an object";
+    return (validateSafetyRecordScalars(value) ??
+        validateSafetyRecordLists(value) ??
+        validateSafetyStatusConsistency(value, status));
+}
+function validateModelMetadata(value) {
+    if (!isRecord(value))
+        return "modelMetadata must be an object";
+    if (typeof value.deterministic !== "boolean") {
+        return "modelMetadata.deterministic must be a boolean";
+    }
+    if (value.modelId !== undefined && typeof value.modelId !== "string") {
+        return "modelMetadata.modelId must be a string when present";
+    }
+    if (value.profile !== undefined && typeof value.profile !== "string") {
+        return "modelMetadata.profile must be a string when present";
+    }
+    return undefined;
+}
+function validateTotals(value) {
+    if (!isRecord(value))
+        return "totals must be an object";
+    for (const key of [
+        "candidateScores",
+        "appliedSafetyRules",
+        "assumptions",
+        "safetyFindings",
+    ]) {
+        if (!isNonNegativeInteger(value[key])) {
+            return `totals.${key} must be a non-negative integer`;
+        }
+    }
+    return undefined;
+}
+const schemaError = (reason) => ({
+    ok: false,
+    reason,
+});
+function validateManifestIdentityFields(record) {
+    if (typeof record.runId !== "string" || record.runId.length === 0) {
+        return "runId must be a non-empty string";
+    }
+    if (typeof record.recordedAt !== "string" || Number.isNaN(Date.parse(record.recordedAt))) {
+        return "recordedAt must be an ISO timestamp string";
+    }
+    if (typeof record.requestId !== "string" || record.requestId.length === 0) {
+        return "requestId must be a non-empty string";
+    }
+    return undefined;
+}
+function validateManifestTextFields(record) {
+    if (typeof record.inputRedactedFingerprintSha256 !== "string" ||
+        !HEX_SHA256.test(record.inputRedactedFingerprintSha256)) {
+        return "inputRedactedFingerprintSha256 must be a SHA-256 hex digest";
+    }
+    for (const key of [
+        "inputExcerptRedacted",
+        "enhancedPromptId",
+        "enhancedPromptTextRedacted",
+    ]) {
+        if (typeof record[key] !== "string") {
+            return `${key} must be a string`;
+        }
+    }
+    return undefined;
+}
+function validateManifestCollectionFields(record) {
+    if (!isStringArray(record.appliedSafetyRules)) {
+        return "appliedSafetyRules must be an array of strings";
+    }
+    if (!isGroundingDirectiveArray(record.appliedGroundingDirectives)) {
+        return "appliedGroundingDirectives must be an array of unique grounding directives";
+    }
+    if (!isStringArray(record.assumptions)) {
+        return "assumptions must be an array of strings";
+    }
+    return undefined;
+}
+function validateManifestNestedFields(record, status) {
+    const candidateError = validateCandidateScoreRows(record.candidateScores);
+    if (candidateError !== undefined)
+        return candidateError;
+    const safetyError = validateSafetyRecord(record.safety, status);
+    if (safetyError !== undefined)
+        return safetyError;
+    const modelMetadataError = validateModelMetadata(record.modelMetadata);
+    if (modelMetadataError !== undefined)
+        return modelMetadataError;
+    const redactionError = validateRedactionSummary(record.redactionSummary);
+    if (redactionError !== undefined)
+        return redactionError;
+    const integrityError = validateIntegrityHashes(record.integrityHashes);
+    if (integrityError !== undefined)
+        return integrityError;
+    const totalsError = validateTotals(record.totals);
+    if (totalsError !== undefined)
+        return totalsError;
+    return undefined;
+}
+function validateManifestFields(record) {
+    const status = record.status;
+    const error = validateManifestIdentityFields(record) ??
+        validateManifestTextFields(record) ??
+        validateManifestCollectionFields(record) ??
+        validateManifestNestedFields(record, status);
+    if (error !== undefined)
+        return schemaError(error);
+    return { ok: true, reason: undefined };
+}
+/**
+ * Strict-schema gate for a deserialised Prompt Enhancement evidence record. Validates the
+ * schema-version literal, the closed set of top-level keys, and the status enum. Counts/integrity
+ * correctness is orthogonally enforced by the builder before persist and re-checked on read by the
+ * store.
+ */
+export function validatePromptEnhancementEvidenceManifest(value) {
+    if (typeof value !== "object" || value === null) {
+        return { ok: false, reason: "manifest is not an object" };
+    }
+    const record = value;
+    if (record.peEvidenceSchemaVersion !== PROMPT_ENHANCEMENT_EVIDENCE_SCHEMA_VERSION) {
+        return {
+            ok: false,
+            reason: `unexpected peEvidenceSchemaVersion (expected ${String(PROMPT_ENHANCEMENT_EVIDENCE_SCHEMA_VERSION)})`,
+        };
+    }
+    for (const key of Object.keys(record)) {
+        if (!ALLOWED_TOP_LEVEL_KEYS.has(key)) {
+            return { ok: false, reason: `unknown manifest key: ${key}` };
+        }
+    }
+    if (typeof record.status !== "string" || !ALLOWED_STATUSES.has(record.status)) {
+        return { ok: false, reason: "invalid status" };
+    }
+    return validateManifestFields(record);
+}

package/dist/promptEnhancement/redaction.d.ts

@@ -0,0 +1,17 @@
+import type { PromptEnhancementRedactionSummary } from "./manifestSchema.js";
+export interface PromptEnhancementRedactionOptions {
+    readonly additionalSecrets?: readonly string[] | undefined;
+    readonly redactAllStrings?: boolean | undefined;
+}
+export interface PromptEnhancementRedactionResult<TValue> {
+    readonly redacted: TValue;
+    readonly summary: PromptEnhancementRedactionSummary;
+}
+/**
+ * Redact every string leaf of a plain-JSON Prompt Enhancement evidence value. Idempotent: scanning
+ * already-redacted text matches no pattern (the `[REDACTED]` marker carries no credential shape), so
+ * re-running this over its own output is a no-op modulo the counters. The generic `TValue` is a
+ * phantom: callers pass an object shape and get the same shape back (JSON has no class identity).
+ */
+export declare function redactPromptEnhancementEvidence<TValue>(value: TValue, options?: PromptEnhancementRedactionOptions): PromptEnhancementRedactionResult<TValue>;
+//# sourceMappingURL=redaction.d.ts.map

package/dist/promptEnhancement/redaction.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"redaction.d.ts","sourceRoot":"","sources":["../../src/promptEnhancement/redaction.ts"],"names":[],"mappings":"AAUA,OAAO,KAAK,EAAE,iCAAiC,EAAE,MAAM,qBAAqB,CAAC;AA+D7E,MAAM,WAAW,iCAAiC;IAIhD,QAAQ,CAAC,iBAAiB,CAAC,EAAE,SAAS,MAAM,EAAE,GAAG,SAAS,CAAC;IAG3D,QAAQ,CAAC,gBAAgB,CAAC,EAAE,OAAO,GAAG,SAAS,CAAC;CACjD;AAED,MAAM,WAAW,gCAAgC,CAAC,MAAM;IACtD,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;IAC1B,QAAQ,CAAC,OAAO,EAAE,iCAAiC,CAAC;CACrD;AAED;;;;;GAKG;AACH,wBAAgB,+BAA+B,CAAC,MAAM,EACpD,KAAK,EAAE,MAAM,EACb,OAAO,GAAE,iCAAsC,GAC9C,gCAAgC,CAAC,MAAM,CAAC,CAW1C"}

package/dist/promptEnhancement/redaction.js

@@ -0,0 +1,66 @@
+// Prompt Enhancement redaction wrapper (Issue #1313, ADR-0044 §5).
+//
+// Runs the authoritative `redact` from `@oscharko-dev/keiko-security` over every string leaf of a
+// candidate Prompt Enhancement evidence record, returning the redacted value plus a counts-only
+// `redactionSummary` (matched-string count, never the matched text). Topology literals (baseUrl/proxy
+// values) are passed through as `additionalSecrets` for substring redaction. When opaque credentials
+// (API keys/tokens) are configured, callers set `redactAllStrings`; every string leaf is replaced by
+// a fixed marker before evidence hashing, so credential values never travel toward hash inputs.
+import { redact } from "@oscharko-dev/keiko-security";
+const REDACTED = "[REDACTED]";
+function createCounter() {
+    return {
+        totalStringsScanned: 0,
+        stringsRedacted: 0,
+        patternsMatched: { "security-package": 0, "opaque-secret": 0 },
+    };
+}
+function redactString(input, additionalSecrets, redactAllStrings, counter) {
+    counter.totalStringsScanned += 1;
+    if (redactAllStrings) {
+        counter.patternsMatched["opaque-secret"] = (counter.patternsMatched["opaque-secret"] ?? 0) + 1;
+        counter.stringsRedacted += 1;
+        return REDACTED;
+    }
+    const redacted = redact(input, additionalSecrets);
+    if (redacted !== input) {
+        counter.patternsMatched["security-package"] =
+            (counter.patternsMatched["security-package"] ?? 0) + 1;
+        counter.stringsRedacted += 1;
+    }
+    return redacted;
+}
+function deepRedact(value, additionalSecrets, redactAllStrings, counter) {
+    if (typeof value === "string") {
+        return redactString(value, additionalSecrets, redactAllStrings, counter);
+    }
+    if (Array.isArray(value)) {
+        return value.map((item) => deepRedact(item, additionalSecrets, redactAllStrings, counter));
+    }
+    if (typeof value === "object" && value !== null) {
+        const out = {};
+        for (const [key, child] of Object.entries(value)) {
+            out[key] = deepRedact(child, additionalSecrets, redactAllStrings, counter);
+        }
+        return out;
+    }
+    return value;
+}
+/**
+ * Redact every string leaf of a plain-JSON Prompt Enhancement evidence value. Idempotent: scanning
+ * already-redacted text matches no pattern (the `[REDACTED]` marker carries no credential shape), so
+ * re-running this over its own output is a no-op modulo the counters. The generic `TValue` is a
+ * phantom: callers pass an object shape and get the same shape back (JSON has no class identity).
+ */
+export function redactPromptEnhancementEvidence(value, options = {}) {
+    const additionalSecrets = options.additionalSecrets ?? [];
+    const redactAllStrings = options.redactAllStrings ?? false;
+    const counter = createCounter();
+    const redacted = deepRedact(value, additionalSecrets, redactAllStrings, counter);
+    const summary = {
+        totalStringsScanned: counter.totalStringsScanned,
+        stringsRedacted: counter.stringsRedacted,
+        patternsMatched: { ...counter.patternsMatched },
+    };
+    return { redacted, summary };
+}

package/dist/promptEnhancement/store.d.ts

@@ -0,0 +1,64 @@
+import { type WorkspaceFs } from "@oscharko-dev/keiko-workspace";
+import type { GroundingDirective } from "@oscharko-dev/keiko-contracts";
+import { type PromptEnhancementCandidateScoreRow, type PromptEnhancementEvidenceManifest, type PromptEnhancementEvidenceStatus, type PromptEnhancementModelMetadata, type PromptEnhancementSafetyRecord } from "./manifestSchema.js";
+import { type PromptEnhancementRedactionOptions } from "./redaction.js";
+export declare const PE_SUBDIR = "pe";
+export interface PromptEnhancementRecordInput {
+    readonly runId: string;
+    readonly recordedAt: string;
+    readonly requestId: string;
+    readonly status: PromptEnhancementEvidenceStatus;
+    readonly originalInput: string;
+    readonly inputExcerptMaxChars?: number | undefined;
+    readonly enhancedPromptId: string;
+    readonly enhancedPromptText: string;
+    readonly appliedSafetyRules: readonly string[];
+    readonly appliedGroundingDirectives: readonly GroundingDirective[];
+    readonly assumptions: readonly string[];
+    readonly candidateScores: readonly PromptEnhancementCandidateScoreRow[];
+    readonly safety: PromptEnhancementSafetyRecord;
+    readonly modelMetadata: PromptEnhancementModelMetadata;
+}
+export interface PromptEnhancementRecordOptions {
+    readonly store?: PromptEnhancementLocalStore | undefined;
+    readonly evidenceDir?: string | undefined;
+    readonly redaction?: PromptEnhancementRedactionOptions | undefined;
+}
+export interface PromptEnhancementRecordResult {
+    readonly manifest: PromptEnhancementEvidenceManifest;
+    readonly location: string;
+}
+export declare function buildPromptEnhancementEvidenceManifest(input: PromptEnhancementRecordInput, redaction?: PromptEnhancementRedactionOptions): {
+    readonly manifest: PromptEnhancementEvidenceManifest;
+};
+export interface PromptEnhancementLocalStore {
+    readonly record: (manifest: PromptEnhancementEvidenceManifest) => string;
+    readonly load: (runId: string) => PromptEnhancementEvidenceManifest | undefined;
+    readonly list: () => readonly string[];
+    readonly location: (runId: string) => string;
+    readonly delete: (runId: string) => boolean;
+}
+export declare function createInMemoryPromptEnhancementLocalStore(): PromptEnhancementLocalStore;
+export interface PromptEnhancementNodeStoreOptions {
+    readonly fs?: WorkspaceFs;
+    readonly randomSuffix?: () => string;
+}
+/**
+ * Build a Prompt Enhancement store that writes under `<evidenceDir>/pe/`. The caller passes the SAME
+ * evidence dir it would pass to `createNodeEvidenceStore`; the store layers the `pe/` subdir itself.
+ */
+export declare function createNodePromptEnhancementLocalStore(evidenceDir: string, options?: PromptEnhancementNodeStoreOptions): PromptEnhancementLocalStore;
+/**
+ * Build and persist a Prompt Enhancement run record. Redacts every free-text leaf, hashes the redacted
+ * groups, validates the totals invariant, then writes the manifest through the resolved store. The
+ * store is supplied via `options.store` (explicit, e.g. in-memory for tests) or `options.evidenceDir`
+ * (resolve to a node adapter); one MUST be provided.
+ */
+export declare function recordPromptEnhancementRun(input: PromptEnhancementRecordInput, options?: PromptEnhancementRecordOptions): PromptEnhancementRecordResult;
+export interface PromptEnhancementLoadOptions {
+    readonly store?: PromptEnhancementLocalStore | undefined;
+    readonly evidenceDir?: string | undefined;
+}
+export declare function loadPromptEnhancementRun(runId: string, options?: PromptEnhancementLoadOptions): PromptEnhancementEvidenceManifest | undefined;
+export declare function listPromptEnhancementRuns(options?: PromptEnhancementLoadOptions): readonly string[];
+//# sourceMappingURL=store.d.ts.map

package/dist/promptEnhancement/store.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"store.d.ts","sourceRoot":"","sources":["../../src/promptEnhancement/store.ts"],"names":[],"mappings":"AA2BA,OAAO,EAA0B,KAAK,WAAW,EAAE,MAAM,+BAA+B,CAAC;AAGzF,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,+BAA+B,CAAC;AAExE,OAAO,EAGL,KAAK,kCAAkC,EACvC,KAAK,iCAAiC,EACtC,KAAK,+BAA+B,EAEpC,KAAK,8BAA8B,EACnC,KAAK,6BAA6B,EACnC,MAAM,qBAAqB,CAAC;AAC7B,OAAO,EAEL,KAAK,iCAAiC,EACvC,MAAM,gBAAgB,CAAC;AAIxB,eAAO,MAAM,SAAS,OAAO,CAAC;AAO9B,MAAM,WAAW,4BAA4B;IAC3C,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAC;IACvB,QAAQ,CAAC,UAAU,EAAE,MAAM,CAAC;IAC5B,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;IAC3B,QAAQ,CAAC,MAAM,EAAE,+BAA+B,CAAC;IAGjD,QAAQ,CAAC,aAAa,EAAE,MAAM,CAAC;IAC/B,QAAQ,CAAC,oBAAoB,CAAC,EAAE,MAAM,GAAG,SAAS,CAAC;IACnD,QAAQ,CAAC,gBAAgB,EAAE,MAAM,CAAC;IAElC,QAAQ,CAAC,kBAAkB,EAAE,MAAM,CAAC;IACpC,QAAQ,CAAC,kBAAkB,EAAE,SAAS,MAAM,EAAE,CAAC;IAC/C,QAAQ,CAAC,0BAA0B,EAAE,SAAS,kBAAkB,EAAE,CAAC;IACnE,QAAQ,CAAC,WAAW,EAAE,SAAS,MAAM,EAAE,CAAC;IACxC,QAAQ,CAAC,eAAe,EAAE,SAAS,kCAAkC,EAAE,CAAC;IACxE,QAAQ,CAAC,MAAM,EAAE,6BAA6B,CAAC;IAC/C,QAAQ,CAAC,aAAa,EAAE,8BAA8B,CAAC;CACxD;AAED,MAAM,WAAW,8BAA8B;IAC7C,QAAQ,CAAC,KAAK,CAAC,EAAE,2BAA2B,GAAG,SAAS,CAAC;IACzD,QAAQ,CAAC,WAAW,CAAC,EAAE,MAAM,GAAG,SAAS,CAAC;IAC1C,QAAQ,CAAC,SAAS,CAAC,EAAE,iCAAiC,GAAG,SAAS,CAAC;CACpE;AAED,MAAM,WAAW,6BAA6B;IAC5C,QAAQ,CAAC,QAAQ,EAAE,iCAAiC,CAAC;IACrD,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;CAC3B;AAuHD,wBAAgB,sCAAsC,CACpD,KAAK,EAAE,4BAA4B,EACnC,SAAS,GAAE,iCAAsC,GAChD;IAAE,QAAQ,CAAC,QAAQ,EAAE,iCAAiC,CAAA;CAAE,CA2B1D;AA8CD,MAAM,WAAW,2BAA2B;IAC1C,QAAQ,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,iCAAiC,KAAK,MAAM,CAAC;IACzE,QAAQ,CAAC,IAAI,EAAE,CAAC,KAAK,EAAE,MAAM,KAAK,iCAAiC,GAAG,SAAS,CAAC;IAChF,QAAQ,CAAC,IAAI,EAAE,MAAM,SAAS,MAAM,EAAE,CAAC;IACvC,QAAQ,CAAC,QAAQ,EAAE,CAAC,KAAK,EAAE,MAAM,KAAK,MAAM,CAAC;IAC7C,QAAQ,CAAC,MAAM,EAAE,CAAC,KAAK,EAAE,MAAM,KAAK,OAAO,CAAC;CAC7C;AAGD,wBAAgB,yCAAyC,IAAI,2BAA2B,CAyBvF;AA0ND,MAAM,WAAW,iCAAiC;IAChD,QAAQ,CAAC,EAAE,CAAC,EAAE,WAAW,CAAC;IAC1B,QAAQ,CAAC,YAAY,CAAC,EAAE,MAAM,MAAM,CAAC;CACtC;AAED;;;GAGG;AACH,wBAAgB,qCAAqC,CACnD,WAAW,EAAE,MAAM,EACnB,OAAO,GAAE,iCAAsC,GAC9C,2BAA2B,CAsB7B;AAeD;;;;;GAKG;AACH,wBAAgB,0BAA0B,CACxC,KAAK,EAAE,4BAA4B,EACnC,OAAO,GAAE,8BAAmC,GAC3C,6BAA6B,CAS/B;AAED,MAAM,WAAW,4BAA4B;IAC3C,QAAQ,CAAC,KAAK,CAAC,EAAE,2BAA2B,GAAG,SAAS,CAAC;IACzD,QAAQ,CAAC,WAAW,CAAC,EAAE,MAAM,GAAG,SAAS,CAAC;CAC3C;AAYD,wBAAgB,wBAAwB,CACtC,KAAK,EAAE,MAAM,EACb,OAAO,GAAE,4BAAiC,GACzC,iCAAiC,GAAG,SAAS,CAE/C;AAED,wBAAgB,yBAAyB,CACvC,OAAO,GAAE,4BAAiC,GACzC,SAAS,MAAM,EAAE,CAEnB"}