@pleri/olam-cli 0.1.12 → 0.1.13

package/dist/commands/upgrade-lock.d.ts

@@ -0,0 +1,102 @@
+/**
+ * `olam upgrade` CLI lock — atomic create-or-fail with stale-lock recovery.
+ *
+ * Lock file: ~/.olam/.upgrade.lock
+ * Contents:  {"pid": <int>, "startTs": <epoch-ms>}
+ *
+ * Stale-lock semantics:
+ *   - File unreadable / parse error / empty  → stale
+ *   - PID not alive (process.kill(pid, 0) throws) → stale
+ *   - PID alive but command name is not node/olam → stale (avoids macOS PID-recycling false-positives)
+ *   - start_ts > 30 min ago → stale
+ *   - Otherwise → live; second invocation refuses with exit 1.
+ *
+ * Atomicity: fs.openSync(path, 'wx') is atomic create-or-fail per POSIX. No TOCTOU window.
+ */
+export declare const LOCK_FILE_PATH: string;
+export declare const STALE_LOCK_TIMEOUT_MS: number;
+export interface LockContent {
+    readonly pid: number;
+    readonly startTs: number;
+}
+export type AcquireResult = {
+    acquired: true;
+    lockPath: string;
+} | {
+    acquired: false;
+    reason: 'live' | 'race';
+    existingPid?: number;
+    existingStartTs?: number;
+};
+/**
+ * Read lock file contents. Returns null on:
+ *   - file missing
+ *   - empty file
+ *   - JSON parse error
+ *   - shape mismatch (missing pid or startTs as numbers)
+ *
+ * Caller treats null as "stale lock; can recover."
+ */
+export declare function readLockFile(lockPath: string): LockContent | null;
+/** Returns true if process exists, false on ESRCH or any other error. */
+export declare function isPidAlive(pid: number): boolean;
+/**
+ * Sentinel returned when `ps` itself is unavailable (binary missing, fork
+ * pressure, container without procfs). Distinct from "ps ran but the PID
+ * doesn't exist" which returns the empty string equivalent (null).
+ *
+ * Callers MUST treat this sentinel as "command unknown — assume live, refuse
+ * to recover" so a missing `ps` binary cannot stealth-break the lock.
+ *
+ * Per audit A1-003: previously returned null on both branches and isStaleLock
+ * treated null as stale, which let `ps`-unavailable invocations silently
+ * unlink a live olam upgrade's lock and corrupt the docker layer cache.
+ */
+export declare const PS_UNAVAILABLE = "__ps_unavailable__";
+/**
+ * Read the command name of a PID via `ps -p <pid> -o comm=`.
+ *
+ * Returns:
+ *   - The command name (e.g. 'node', 'olam') when `ps` ran AND the PID exists.
+ *   - null when `ps` ran but the PID does not exist (ps exit status 1; output empty).
+ *   - PS_UNAVAILABLE sentinel when `ps` failed to spawn (ENOENT, EAGAIN, signalled).
+ */
+export declare function getPidCommand(pid: number): string | null | typeof PS_UNAVAILABLE;
+/**
+ * Match command names that legitimately hold the upgrade lock.
+ *
+ * Accepts:
+ *   - `node`, `olam`, `olam-cli` (canonical)
+ *   - path-prefixed forms (`/usr/local/bin/node` — strip via basename)
+ *   - worker-pool suffixed forms (`node (vitest 1)` — strip parenthesized suffix)
+ *
+ * Rejects unrelated commands (bash, zsh, python3, etc.) so PID recycling to a
+ * non-node process correctly classifies the lock as stale.
+ */
+export declare function isOlamUpgradeCommand(comm: string | null | typeof PS_UNAVAILABLE): boolean;
+/**
+ * Stale-lock test. Returns true if the lock should be recovered (deleted + retried).
+ *
+ * Inputs:
+ *   - content: parsed lock contents (null → empty/parse-error/missing → stale)
+ *   - nowMs: current epoch ms (defaults to Date.now(); injected for test determinism)
+ */
+export declare function isStaleLock(content: LockContent | null, nowMs?: number): boolean;
+/**
+ * Atomically acquire the upgrade lock.
+ *
+ * Returns { acquired: true } on success, or { acquired: false, reason } when a live lock exists.
+ * Stale locks are auto-recovered (delete + retry once).
+ *
+ * Side effects:
+ *   - mkdir -p path.dirname(lockPath) (ensures ~/.olam exists)
+ *   - writes JSON {pid, startTs} to lockPath
+ */
+export declare function acquireLock(lockPath?: string, nowMs?: number): AcquireResult;
+/** Release the lock. Idempotent — no error if file already removed. */
+export declare function releaseLock(lockPath?: string): void;
+/** Format a human-readable refusal message for the operator. */
+export declare function formatRefusalMessage(result: Extract<AcquireResult, {
+    acquired: false;
+}>, lockPath?: string): string;
+//# sourceMappingURL=upgrade-lock.d.ts.map

package/dist/commands/upgrade-lock.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"upgrade-lock.d.ts","sourceRoot":"","sources":["../../src/commands/upgrade-lock.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AAOH,eAAO,MAAM,cAAc,QAAoD,CAAC;AAKhF,eAAO,MAAM,qBAAqB,QAAgB,CAAC;AAEnD,MAAM,WAAW,WAAW;IAC1B,QAAQ,CAAC,GAAG,EAAE,MAAM,CAAC;IACrB,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;CAC1B;AAED,MAAM,MAAM,aAAa,GACrB;IAAE,QAAQ,EAAE,IAAI,CAAC;IAAC,QAAQ,EAAE,MAAM,CAAA;CAAE,GACpC;IACE,QAAQ,EAAE,KAAK,CAAC;IAChB,MAAM,EAAE,MAAM,GAAG,MAAM,CAAC;IACxB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,eAAe,CAAC,EAAE,MAAM,CAAC;CAC1B,CAAC;AAEN;;;;;;;;GAQG;AACH,wBAAgB,YAAY,CAAC,QAAQ,EAAE,MAAM,GAAG,WAAW,GAAG,IAAI,CAWjE;AAED,yEAAyE;AACzE,wBAAgB,UAAU,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAO/C;AAED;;;;;;;;;;;GAWG;AACH,eAAO,MAAM,cAAc,uBAAuB,CAAC;AAEnD;;;;;;;GAOG;AACH,wBAAgB,aAAa,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,GAAG,IAAI,GAAG,OAAO,cAAc,CAWhF;AAED;;;;;;;;;;GAUG;AACH,wBAAgB,oBAAoB,CAAC,IAAI,EAAE,MAAM,GAAG,IAAI,GAAG,OAAO,cAAc,GAAG,OAAO,CAMzF;AAED;;;;;;GAMG;AACH,wBAAgB,WAAW,CAAC,OAAO,EAAE,WAAW,GAAG,IAAI,EAAE,KAAK,GAAE,MAAmB,GAAG,OAAO,CAY5F;AAED;;;;;;;;;GASG;AACH,wBAAgB,WAAW,CACzB,QAAQ,GAAE,MAAuB,EACjC,KAAK,GAAE,MAAmB,GACzB,aAAa,CAkDf;AAED,uEAAuE;AACvE,wBAAgB,WAAW,CAAC,QAAQ,GAAE,MAAuB,GAAG,IAAI,CAOnE;AAED,gEAAgE;AAChE,wBAAgB,oBAAoB,CAClC,MAAM,EAAE,OAAO,CAAC,aAAa,EAAE;IAAE,QAAQ,EAAE,KAAK,CAAA;CAAE,CAAC,EACnD,QAAQ,GAAE,MAAuB,GAChC,MAAM,CASR"}

package/dist/commands/upgrade-lock.js

@@ -0,0 +1,225 @@
+/**
+ * `olam upgrade` CLI lock — atomic create-or-fail with stale-lock recovery.
+ *
+ * Lock file: ~/.olam/.upgrade.lock
+ * Contents:  {"pid": <int>, "startTs": <epoch-ms>}
+ *
+ * Stale-lock semantics:
+ *   - File unreadable / parse error / empty  → stale
+ *   - PID not alive (process.kill(pid, 0) throws) → stale
+ *   - PID alive but command name is not node/olam → stale (avoids macOS PID-recycling false-positives)
+ *   - start_ts > 30 min ago → stale
+ *   - Otherwise → live; second invocation refuses with exit 1.
+ *
+ * Atomicity: fs.openSync(path, 'wx') is atomic create-or-fail per POSIX. No TOCTOU window.
+ */
+import * as fs from 'node:fs';
+import * as os from 'node:os';
+import * as path from 'node:path';
+import { spawnSync } from 'node:child_process';
+export const LOCK_FILE_PATH = path.join(os.homedir(), '.olam', '.upgrade.lock');
+// 5 min — bounds the false-refusal blast-radius after a crash. Real upgrades
+// should always finish well within this window (3-22 min spec; if a build
+// genuinely runs longer the operator gets a 'wait or rm' message, which is
+// fine UX). Per audit A1-004: was 30 min; shortened to 5 min.
+export const STALE_LOCK_TIMEOUT_MS = 5 * 60 * 1000;
+/**
+ * Read lock file contents. Returns null on:
+ *   - file missing
+ *   - empty file
+ *   - JSON parse error
+ *   - shape mismatch (missing pid or startTs as numbers)
+ *
+ * Caller treats null as "stale lock; can recover."
+ */
+export function readLockFile(lockPath) {
+    try {
+        if (!fs.existsSync(lockPath))
+            return null;
+        const raw = fs.readFileSync(lockPath, 'utf-8').trim();
+        if (raw.length === 0)
+            return null;
+        const parsed = JSON.parse(raw);
+        if (typeof parsed.pid !== 'number' || typeof parsed.startTs !== 'number')
+            return null;
+        return { pid: parsed.pid, startTs: parsed.startTs };
+    }
+    catch {
+        return null;
+    }
+}
+/** Returns true if process exists, false on ESRCH or any other error. */
+export function isPidAlive(pid) {
+    try {
+        process.kill(pid, 0);
+        return true;
+    }
+    catch {
+        return false;
+    }
+}
+/**
+ * Sentinel returned when `ps` itself is unavailable (binary missing, fork
+ * pressure, container without procfs). Distinct from "ps ran but the PID
+ * doesn't exist" which returns the empty string equivalent (null).
+ *
+ * Callers MUST treat this sentinel as "command unknown — assume live, refuse
+ * to recover" so a missing `ps` binary cannot stealth-break the lock.
+ *
+ * Per audit A1-003: previously returned null on both branches and isStaleLock
+ * treated null as stale, which let `ps`-unavailable invocations silently
+ * unlink a live olam upgrade's lock and corrupt the docker layer cache.
+ */
+export const PS_UNAVAILABLE = '__ps_unavailable__';
+/**
+ * Read the command name of a PID via `ps -p <pid> -o comm=`.
+ *
+ * Returns:
+ *   - The command name (e.g. 'node', 'olam') when `ps` ran AND the PID exists.
+ *   - null when `ps` ran but the PID does not exist (ps exit status 1; output empty).
+ *   - PS_UNAVAILABLE sentinel when `ps` failed to spawn (ENOENT, EAGAIN, signalled).
+ */
+export function getPidCommand(pid) {
+    const result = spawnSync('ps', ['-p', String(pid), '-o', 'comm='], {
+        encoding: 'utf-8',
+        stdio: ['ignore', 'pipe', 'ignore'],
+    });
+    // Spawn-level failure (status === null + error populated; binary missing,
+    // fork pressure, killed by signal). Distinct from "ps reported pid absent."
+    if (result.status === null || result.error !== undefined)
+        return PS_UNAVAILABLE;
+    if (result.status !== 0)
+        return null;
+    const out = result.stdout.trim();
+    return out.length === 0 ? null : out;
+}
+/**
+ * Match command names that legitimately hold the upgrade lock.
+ *
+ * Accepts:
+ *   - `node`, `olam`, `olam-cli` (canonical)
+ *   - path-prefixed forms (`/usr/local/bin/node` — strip via basename)
+ *   - worker-pool suffixed forms (`node (vitest 1)` — strip parenthesized suffix)
+ *
+ * Rejects unrelated commands (bash, zsh, python3, etc.) so PID recycling to a
+ * non-node process correctly classifies the lock as stale.
+ */
+export function isOlamUpgradeCommand(comm) {
+    if (!comm)
+        return false;
+    if (comm === PS_UNAVAILABLE)
+        return false;
+    const base = comm.split('/').pop() ?? comm;
+    const stripped = base.replace(/\s*\(.*\)\s*$/, '').trim();
+    return stripped === 'node' || stripped === 'olam' || stripped === 'olam-cli';
+}
+/**
+ * Stale-lock test. Returns true if the lock should be recovered (deleted + retried).
+ *
+ * Inputs:
+ *   - content: parsed lock contents (null → empty/parse-error/missing → stale)
+ *   - nowMs: current epoch ms (defaults to Date.now(); injected for test determinism)
+ */
+export function isStaleLock(content, nowMs = Date.now()) {
+    if (!content)
+        return true;
+    if (nowMs - content.startTs > STALE_LOCK_TIMEOUT_MS)
+        return true;
+    if (!isPidAlive(content.pid))
+        return true;
+    const comm = getPidCommand(content.pid);
+    // Audit A1-003 fail-live invariant: if `ps` is unavailable we cannot prove
+    // the PID isn't an olam process. Treat as live (not stale) — operator gets
+    // a refusal message and can `rm ~/.olam/.upgrade.lock` if they're confident
+    // the lock is stale. Better than silently deleting a live lock.
+    if (comm === PS_UNAVAILABLE)
+        return false;
+    if (!isOlamUpgradeCommand(comm))
+        return true;
+    return false;
+}
+/**
+ * Atomically acquire the upgrade lock.
+ *
+ * Returns { acquired: true } on success, or { acquired: false, reason } when a live lock exists.
+ * Stale locks are auto-recovered (delete + retry once).
+ *
+ * Side effects:
+ *   - mkdir -p path.dirname(lockPath) (ensures ~/.olam exists)
+ *   - writes JSON {pid, startTs} to lockPath
+ */
+export function acquireLock(lockPath = LOCK_FILE_PATH, nowMs = Date.now()) {
+    const dir = path.dirname(lockPath);
+    fs.mkdirSync(dir, { recursive: true });
+    for (let attempt = 0; attempt < 2; attempt++) {
+        try {
+            const fd = fs.openSync(lockPath, 'wx', 0o644);
+            try {
+                const content = { pid: process.pid, startTs: nowMs };
+                fs.writeSync(fd, JSON.stringify(content));
+            }
+            finally {
+                fs.closeSync(fd);
+            }
+            return { acquired: true, lockPath };
+        }
+        catch (err) {
+            const code = err.code;
+            if (code !== 'EEXIST')
+                throw err;
+            const existing = readLockFile(lockPath);
+            if (isStaleLock(existing, nowMs)) {
+                try {
+                    fs.unlinkSync(lockPath);
+                }
+                catch (unlinkErr) {
+                    const ucode = unlinkErr.code;
+                    if (ucode !== 'ENOENT')
+                        throw unlinkErr;
+                }
+                continue;
+            }
+            return {
+                acquired: false,
+                reason: 'live',
+                ...(existing?.pid !== undefined && { existingPid: existing.pid }),
+                ...(existing?.startTs !== undefined && { existingStartTs: existing.startTs }),
+            };
+        }
+    }
+    // Both retry attempts hit a non-stale lock. Per audit A1-001: surface this
+    // as 'live' (the user's correct response is "wait or rm if stale"), not
+    // 'race' (which sounded like a transient that warrants retry). Operationally
+    // identical — both branches return acquired:false — but the message text
+    // matches the operator's mental model.
+    const existing = readLockFile(lockPath);
+    return {
+        acquired: false,
+        reason: 'live',
+        ...(existing?.pid !== undefined && { existingPid: existing.pid }),
+        ...(existing?.startTs !== undefined && { existingStartTs: existing.startTs }),
+    };
+}
+/** Release the lock. Idempotent — no error if file already removed. */
+export function releaseLock(lockPath = LOCK_FILE_PATH) {
+    try {
+        fs.unlinkSync(lockPath);
+    }
+    catch (err) {
+        const code = err.code;
+        if (code !== 'ENOENT')
+            throw err;
+    }
+}
+/** Format a human-readable refusal message for the operator. */
+export function formatRefusalMessage(result, lockPath = LOCK_FILE_PATH) {
+    const pidStr = result.existingPid !== undefined ? ` (pid ${result.existingPid})` : '';
+    const lines = [
+        `Upgrade in progress${pidStr}.`,
+        'Wait for the running upgrade to finish, or:',
+        '  - Check progress: olam upgrade --history',
+        `  - If stale (crashed CLI): rm ${lockPath}`,
+    ];
+    return lines.join('\n');
+}
+//# sourceMappingURL=upgrade-lock.js.map

package/dist/commands/upgrade-lock.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"upgrade-lock.js","sourceRoot":"","sources":["../../src/commands/upgrade-lock.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AAEH,OAAO,KAAK,EAAE,MAAM,SAAS,CAAC;AAC9B,OAAO,KAAK,EAAE,MAAM,SAAS,CAAC;AAC9B,OAAO,KAAK,IAAI,MAAM,WAAW,CAAC;AAClC,OAAO,EAAE,SAAS,EAAE,MAAM,oBAAoB,CAAC;AAE/C,MAAM,CAAC,MAAM,cAAc,GAAG,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,EAAE,OAAO,EAAE,eAAe,CAAC,CAAC;AAChF,6EAA6E;AAC7E,0EAA0E;AAC1E,2EAA2E;AAC3E,8DAA8D;AAC9D,MAAM,CAAC,MAAM,qBAAqB,GAAG,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC;AAgBnD;;;;;;;;GAQG;AACH,MAAM,UAAU,YAAY,CAAC,QAAgB;IAC3C,IAAI,CAAC;QACH,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,QAAQ,CAAC;YAAE,OAAO,IAAI,CAAC;QAC1C,MAAM,GAAG,GAAG,EAAE,CAAC,YAAY,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC,IAAI,EAAE,CAAC;QACtD,IAAI,GAAG,CAAC,MAAM,KAAK,CAAC;YAAE,OAAO,IAAI,CAAC;QAClC,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAyB,CAAC;QACvD,IAAI,OAAO,MAAM,CAAC,GAAG,KAAK,QAAQ,IAAI,OAAO,MAAM,CAAC,OAAO,KAAK,QAAQ;YAAE,OAAO,IAAI,CAAC;QACtF,OAAO,EAAE,GAAG,EAAE,MAAM,CAAC,GAAG,EAAE,OAAO,EAAE,MAAM,CAAC,OAAO,EAAE,CAAC;IACtD,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,yEAAyE;AACzE,MAAM,UAAU,UAAU,CAAC,GAAW;IACpC,IAAI,CAAC;QACH,OAAO,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC;QACrB,OAAO,IAAI,CAAC;IACd,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED;;;;;;;;;;;GAWG;AACH,MAAM,CAAC,MAAM,cAAc,GAAG,oBAAoB,CAAC;AAEnD;;;;;;;GAOG;AACH,MAAM,UAAU,aAAa,CAAC,GAAW;IACvC,MAAM,MAAM,GAAG,SAAS,CAAC,IAAI,EAAE,CAAC,IAAI,EAAE,MAAM,CAAC,GAAG,CAAC,EAAE,IAAI,EAAE,OAAO,CAAC,EAAE;QACjE,QAAQ,EAAE,OAAO;QACjB,KAAK,EAAE,CAAC,QAAQ,EAAE,MAAM,EAAE,QAAQ,CAAC;KACpC,CAAC,CAAC;IACH,0EAA0E;IAC1E,4EAA4E;IAC5E,IAAI,MAAM,CAAC,MAAM,KAAK,IAAI,IAAI,MAAM,CAAC,KAAK,KAAK,SAAS;QAAE,OAAO,cAAc,CAAC;IAChF,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,IAAI,CAAC;IACrC,MAAM,GAAG,GAAG,MAAM,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC;IACjC,OAAO,GAAG,CAAC,MAAM,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,GAAG,CAAC;AACvC,CAAC;AAED;;;;;;;;;;GAUG;AACH,MAAM,UAAU,oBAAoB,CAAC,IAA2C;IAC9E,IAAI,CAAC,IAAI;QAAE,OAAO,KAAK,CAAC;IACxB,IAAI,IAAI,KAAK,cAAc;QAAE,OAAO,KAAK,CAAC;IAC1C,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,IAAI,IAAI,CAAC;IAC3C,MAAM,QAAQ,GAAG,IAAI,CAAC,OAAO,CAAC,eAAe,EAAE,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;IAC1D,OAAO,QAAQ,KAAK,MAAM,IAAI,QAAQ,KAAK,MAAM,IAAI,QAAQ,KAAK,UAAU,CAAC;AAC/E,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,WAAW,CAAC,OAA2B,EAAE,QAAgB,IAAI,CAAC,GAAG,EAAE;IACjF,IAAI,CAAC,OAAO;QAAE,OAAO,IAAI,CAAC;IAC1B,IAAI,KAAK,GAAG,OAAO,CAAC,OAAO,GAAG,qBAAqB;QAAE,OAAO,IAAI,CAAC;IACjE,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,GAAG,CAAC;QAAE,OAAO,IAAI,CAAC;IAC1C,MAAM,IAAI,GAAG,aAAa,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;IACxC,2EAA2E;IAC3E,2EAA2E;IAC3E,4EAA4E;IAC5E,gEAAgE;IAChE,IAAI,IAAI,KAAK,cAAc;QAAE,OAAO,KAAK,CAAC;IAC1C,IAAI,CAAC,oBAAoB,CAAC,IAAI,CAAC;QAAE,OAAO,IAAI,CAAC;IAC7C,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;;;;;;;;GASG;AACH,MAAM,UAAU,WAAW,CACzB,WAAmB,cAAc,EACjC,QAAgB,IAAI,CAAC,GAAG,EAAE;IAE1B,MAAM,GAAG,GAAG,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;IACnC,EAAE,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IAEvC,KAAK,IAAI,OAAO,GAAG,CAAC,EAAE,OAAO,GAAG,CAAC,EAAE,OAAO,EAAE,EAAE,CAAC;QAC7C,IAAI,CAAC;YACH,MAAM,EAAE,GAAG,EAAE,CAAC,QAAQ,CAAC,QAAQ,EAAE,IAAI,EAAE,KAAK,CAAC,CAAC;YAC9C,IAAI,CAAC;gBACH,MAAM,OAAO,GAAgB,EAAE,GAAG,EAAE,OAAO,CAAC,GAAG,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC;gBAClE,EAAE,CAAC,SAAS,CAAC,EAAE,EAAE,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC,CAAC;YAC5C,CAAC;oBAAS,CAAC;gBACT,EAAE,CAAC,SAAS,CAAC,EAAE,CAAC,CAAC;YACnB,CAAC;YACD,OAAO,EAAE,QAAQ,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC;QACtC,CAAC;QAAC,OAAO,GAAY,EAAE,CAAC;YACtB,MAAM,IAAI,GAAI,GAA6B,CAAC,IAAI,CAAC;YACjD,IAAI,IAAI,KAAK,QAAQ;gBAAE,MAAM,GAAG,CAAC;YAEjC,MAAM,QAAQ,GAAG,YAAY,CAAC,QAAQ,CAAC,CAAC;YACxC,IAAI,WAAW,CAAC,QAAQ,EAAE,KAAK,CAAC,EAAE,CAAC;gBACjC,IAAI,CAAC;oBACH,EAAE,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC;gBAC1B,CAAC;gBAAC,OAAO,SAAkB,EAAE,CAAC;oBAC5B,MAAM,KAAK,GAAI,SAAmC,CAAC,IAAI,CAAC;oBACxD,IAAI,KAAK,KAAK,QAAQ;wBAAE,MAAM,SAAS,CAAC;gBAC1C,CAAC;gBACD,SAAS;YACX,CAAC;YAED,OAAO;gBACL,QAAQ,EAAE,KAAK;gBACf,MAAM,EAAE,MAAM;gBACd,GAAG,CAAC,QAAQ,EAAE,GAAG,KAAK,SAAS,IAAI,EAAE,WAAW,EAAE,QAAQ,CAAC,GAAG,EAAE,CAAC;gBACjE,GAAG,CAAC,QAAQ,EAAE,OAAO,KAAK,SAAS,IAAI,EAAE,eAAe,EAAE,QAAQ,CAAC,OAAO,EAAE,CAAC;aAC9E,CAAC;QACJ,CAAC;IACH,CAAC;IAED,2EAA2E;IAC3E,wEAAwE;IACxE,6EAA6E;IAC7E,yEAAyE;IACzE,uCAAuC;IACvC,MAAM,QAAQ,GAAG,YAAY,CAAC,QAAQ,CAAC,CAAC;IACxC,OAAO;QACL,QAAQ,EAAE,KAAK;QACf,MAAM,EAAE,MAAM;QACd,GAAG,CAAC,QAAQ,EAAE,GAAG,KAAK,SAAS,IAAI,EAAE,WAAW,EAAE,QAAQ,CAAC,GAAG,EAAE,CAAC;QACjE,GAAG,CAAC,QAAQ,EAAE,OAAO,KAAK,SAAS,IAAI,EAAE,eAAe,EAAE,QAAQ,CAAC,OAAO,EAAE,CAAC;KAC9E,CAAC;AACJ,CAAC;AAED,uEAAuE;AACvE,MAAM,UAAU,WAAW,CAAC,WAAmB,cAAc;IAC3D,IAAI,CAAC;QACH,EAAE,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC;IAC1B,CAAC;IAAC,OAAO,GAAY,EAAE,CAAC;QACtB,MAAM,IAAI,GAAI,GAA6B,CAAC,IAAI,CAAC;QACjD,IAAI,IAAI,KAAK,QAAQ;YAAE,MAAM,GAAG,CAAC;IACnC,CAAC;AACH,CAAC;AAED,gEAAgE;AAChE,MAAM,UAAU,oBAAoB,CAClC,MAAmD,EACnD,WAAmB,cAAc;IAEjC,MAAM,MAAM,GAAG,MAAM,CAAC,WAAW,KAAK,SAAS,CAAC,CAAC,CAAC,SAAS,MAAM,CAAC,WAAW,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC;IACtF,MAAM,KAAK,GAAG;QACZ,sBAAsB,MAAM,GAAG;QAC/B,6CAA6C;QAC7C,4CAA4C;QAC5C,kCAAkC,QAAQ,EAAE;KAC7C,CAAC;IACF,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC1B,CAAC"}

package/dist/commands/upgrade-log.d.ts

@@ -0,0 +1,86 @@
+/**
+ * `~/.olam/upgrade.log` — JSONL append-only audit log for `olam upgrade`.
+ *
+ * Phase 2c — C1.
+ *
+ * Schema:
+ *   {
+ *     ts: ISO 8601,
+ *     started_at: epoch ms,
+ *     ended_at: epoch ms,
+ *     sha_target: string (40-char SHA, captured-after-pull),
+ *     sha_before: { hostCp, authService, devbox },
+ *     sha_after:  { hostCp, authService, devbox },
+ *     status: "success" | "failed" | "rolled_back",
+ *     failed_step: string | null,
+ *     durations_ms: { [step_label]: number }
+ *   }
+ *
+ * Open-per-write semantics — open() + write() + close() per row so
+ * external log-rotators can rename the file mid-run without us writing
+ * to a now-unlinked fd. Best-effort; errors logged to stderr and
+ * swallowed so the audit log never blocks an upgrade from completing.
+ *
+ * `failed_step` MUST hold a step LABEL only (e.g. "bash build-auth.sh"),
+ * NEVER raw stdout/stderr — paths and credentials may leak. (Per audit
+ * security finding A6-007.) The CLI's terminal already shows the full
+ * stderr; the log row records the step name for queryability.
+ */
+/**
+ * Resolve the upgrade-log path lazily so tests can override HOME via
+ * process.env. Lazy resolution is also forward-compatible with operators
+ * who set XDG_DATA_HOME or similar overrides at session start.
+ */
+export declare function getUpgradeLogPath(): string;
+/** Convenience constant for callers who want the production path string. */
+export declare const UPGRADE_LOG_PATH: string;
+export interface UpgradeLogRow {
+    readonly ts: string;
+    readonly started_at: number;
+    readonly ended_at: number;
+    readonly sha_target: string;
+    readonly sha_before?: {
+        readonly hostCp?: string;
+        readonly authService?: string;
+        readonly devbox?: string;
+    };
+    readonly sha_after?: {
+        readonly hostCp?: string;
+        readonly authService?: string;
+        readonly devbox?: string;
+    };
+    readonly status: 'success' | 'failed' | 'rolled_back';
+    readonly failed_step: string | null;
+    readonly durations_ms: Record<string, number>;
+}
+/**
+ * Append a single row to ~/.olam/upgrade.log.
+ *
+ * Open-per-write to survive log rotation. Errors swallowed to stderr —
+ * audit log failure must never block an upgrade.
+ *
+ * `logPath` parameter is a test seam; production callers omit it.
+ */
+export declare function appendUpgradeLog(row: UpgradeLogRow, logPath?: string): void;
+/**
+ * Read up to N most-recent rows from ~/.olam/upgrade.log.
+ *
+ * Returns an empty array on missing file (first-run UX).
+ *
+ * Per audit invariant: corrupt JSON lines (partial mid-write, manual
+ * tampering) are SKIPPED with a stderr warning rather than crashing
+ * `--history`.
+ */
+export declare function readUpgradeLog(limit?: number, logPath?: string): UpgradeLogRow[];
+/** Format duration ms → "1.4s" / "12m04s" / "1h23m" for table display. */
+export declare function formatDuration(ms: number): string;
+/**
+ * Format an array of upgrade-log rows as a 5-column ASCII table:
+ *   timestamp | sha (8-char) | status | duration | failed_step
+ *
+ * Status column uses ✓/✗/↩ icons + plain text for grep-friendliness.
+ */
+export declare function formatHistoryTable(rows: ReadonlyArray<UpgradeLogRow>): string;
+/** Format rows as one JSON object per line (JSONL passthrough — same as on-disk format). */
+export declare function formatHistoryJson(rows: ReadonlyArray<UpgradeLogRow>): string;
+//# sourceMappingURL=upgrade-log.d.ts.map

package/dist/commands/upgrade-log.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"upgrade-log.d.ts","sourceRoot":"","sources":["../../src/commands/upgrade-log.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;GA2BG;AAMH;;;;GAIG;AACH,wBAAgB,iBAAiB,IAAI,MAAM,CAG1C;AAED,4EAA4E;AAC5E,eAAO,MAAM,gBAAgB,QAAsB,CAAC;AAEpD,MAAM,WAAW,aAAa;IAC5B,QAAQ,CAAC,EAAE,EAAE,MAAM,CAAC;IACpB,QAAQ,CAAC,UAAU,EAAE,MAAM,CAAC;IAC5B,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;IAC1B,QAAQ,CAAC,UAAU,EAAE,MAAM,CAAC;IAC5B,QAAQ,CAAC,UAAU,CAAC,EAAE;QACpB,QAAQ,CAAC,MAAM,CAAC,EAAE,MAAM,CAAC;QACzB,QAAQ,CAAC,WAAW,CAAC,EAAE,MAAM,CAAC;QAC9B,QAAQ,CAAC,MAAM,CAAC,EAAE,MAAM,CAAC;KAC1B,CAAC;IACF,QAAQ,CAAC,SAAS,CAAC,EAAE;QACnB,QAAQ,CAAC,MAAM,CAAC,EAAE,MAAM,CAAC;QACzB,QAAQ,CAAC,WAAW,CAAC,EAAE,MAAM,CAAC;QAC9B,QAAQ,CAAC,MAAM,CAAC,EAAE,MAAM,CAAC;KAC1B,CAAC;IACF,QAAQ,CAAC,MAAM,EAAE,SAAS,GAAG,QAAQ,GAAG,aAAa,CAAC;IACtD,QAAQ,CAAC,WAAW,EAAE,MAAM,GAAG,IAAI,CAAC;IACpC,QAAQ,CAAC,YAAY,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;CAC/C;AAED;;;;;;;GAOG;AACH,wBAAgB,gBAAgB,CAAC,GAAG,EAAE,aAAa,EAAE,OAAO,GAAE,MAA4B,GAAG,IAAI,CAUhG;AAED;;;;;;;;GAQG;AACH,wBAAgB,cAAc,CAAC,KAAK,GAAE,MAAW,EAAE,OAAO,GAAE,MAA4B,GAAG,aAAa,EAAE,CAmCzG;AAED,0EAA0E;AAC1E,wBAAgB,cAAc,CAAC,EAAE,EAAE,MAAM,GAAG,MAAM,CAUjD;AAED;;;;;GAKG;AACH,wBAAgB,kBAAkB,CAAC,IAAI,EAAE,aAAa,CAAC,aAAa,CAAC,GAAG,MAAM,CAmB7E;AAED,4FAA4F;AAC5F,wBAAgB,iBAAiB,CAAC,IAAI,EAAE,aAAa,CAAC,aAAa,CAAC,GAAG,MAAM,CAE5E"}

package/dist/commands/upgrade-log.js

@@ -0,0 +1,146 @@
+/**
+ * `~/.olam/upgrade.log` — JSONL append-only audit log for `olam upgrade`.
+ *
+ * Phase 2c — C1.
+ *
+ * Schema:
+ *   {
+ *     ts: ISO 8601,
+ *     started_at: epoch ms,
+ *     ended_at: epoch ms,
+ *     sha_target: string (40-char SHA, captured-after-pull),
+ *     sha_before: { hostCp, authService, devbox },
+ *     sha_after:  { hostCp, authService, devbox },
+ *     status: "success" | "failed" | "rolled_back",
+ *     failed_step: string | null,
+ *     durations_ms: { [step_label]: number }
+ *   }
+ *
+ * Open-per-write semantics — open() + write() + close() per row so
+ * external log-rotators can rename the file mid-run without us writing
+ * to a now-unlinked fd. Best-effort; errors logged to stderr and
+ * swallowed so the audit log never blocks an upgrade from completing.
+ *
+ * `failed_step` MUST hold a step LABEL only (e.g. "bash build-auth.sh"),
+ * NEVER raw stdout/stderr — paths and credentials may leak. (Per audit
+ * security finding A6-007.) The CLI's terminal already shows the full
+ * stderr; the log row records the step name for queryability.
+ */
+import * as fs from 'node:fs';
+import * as os from 'node:os';
+import * as path from 'node:path';
+/**
+ * Resolve the upgrade-log path lazily so tests can override HOME via
+ * process.env. Lazy resolution is also forward-compatible with operators
+ * who set XDG_DATA_HOME or similar overrides at session start.
+ */
+export function getUpgradeLogPath() {
+    const home = process.env['HOME'] ?? os.homedir();
+    return path.join(home, '.olam', 'upgrade.log');
+}
+/** Convenience constant for callers who want the production path string. */
+export const UPGRADE_LOG_PATH = getUpgradeLogPath();
+/**
+ * Append a single row to ~/.olam/upgrade.log.
+ *
+ * Open-per-write to survive log rotation. Errors swallowed to stderr —
+ * audit log failure must never block an upgrade.
+ *
+ * `logPath` parameter is a test seam; production callers omit it.
+ */
+export function appendUpgradeLog(row, logPath = getUpgradeLogPath()) {
+    try {
+        fs.mkdirSync(path.dirname(logPath), { recursive: true });
+        const line = JSON.stringify(row) + '\n';
+        fs.appendFileSync(logPath, line, { mode: 0o644 });
+    }
+    catch (err) {
+        process.stderr.write(`[upgrade-log] failed to append: ${err instanceof Error ? err.message : String(err)}\n`);
+    }
+}
+/**
+ * Read up to N most-recent rows from ~/.olam/upgrade.log.
+ *
+ * Returns an empty array on missing file (first-run UX).
+ *
+ * Per audit invariant: corrupt JSON lines (partial mid-write, manual
+ * tampering) are SKIPPED with a stderr warning rather than crashing
+ * `--history`.
+ */
+export function readUpgradeLog(limit = 10, logPath = getUpgradeLogPath()) {
+    if (!fs.existsSync(logPath))
+        return [];
+    let raw;
+    try {
+        raw = fs.readFileSync(logPath, 'utf-8');
+    }
+    catch (err) {
+        process.stderr.write(`[upgrade-log] failed to read: ${err instanceof Error ? err.message : String(err)}\n`);
+        return [];
+    }
+    const lines = raw.split('\n').filter((l) => l.length > 0);
+    const rows = [];
+    for (let i = 0; i < lines.length; i++) {
+        const line = lines[i];
+        try {
+            const parsed = JSON.parse(line);
+            // Defensive shape check — silently skip rows that don't look right.
+            if (typeof parsed.ts === 'string' &&
+                typeof parsed.started_at === 'number' &&
+                typeof parsed.status === 'string') {
+                rows.push(parsed);
+            }
+            else {
+                process.stderr.write(`[upgrade-log] skipped malformed row at line ${i + 1}\n`);
+            }
+        }
+        catch {
+            process.stderr.write(`[upgrade-log] skipped corrupt JSON at line ${i + 1}\n`);
+        }
+    }
+    // Most recent last (file is chronological); return last N.
+    return rows.slice(-Math.max(0, limit));
+}
+/** Format duration ms → "1.4s" / "12m04s" / "1h23m" for table display. */
+export function formatDuration(ms) {
+    if (ms < 1000)
+        return `${ms}ms`;
+    const totalSec = Math.round(ms / 1000);
+    if (totalSec < 60)
+        return `${totalSec}s`;
+    const min = Math.floor(totalSec / 60);
+    const sec = totalSec % 60;
+    if (min < 60)
+        return `${min}m${String(sec).padStart(2, '0')}s`;
+    const hr = Math.floor(min / 60);
+    const remMin = min % 60;
+    return `${hr}h${String(remMin).padStart(2, '0')}m`;
+}
+/**
+ * Format an array of upgrade-log rows as a 5-column ASCII table:
+ *   timestamp | sha (8-char) | status | duration | failed_step
+ *
+ * Status column uses ✓/✗/↩ icons + plain text for grep-friendliness.
+ */
+export function formatHistoryTable(rows) {
+    if (rows.length === 0) {
+        return 'No upgrade history yet. Run `olam upgrade` to create your first record.';
+    }
+    const lines = [];
+    lines.push('TIMESTAMP                   SHA       STATUS         DURATION   FAILED-STEP');
+    lines.push('────────────────────────────────────────────────────────────────────────────────');
+    for (const r of rows) {
+        const ts = r.ts.slice(0, 19).replace('T', ' ');
+        const sha = r.sha_target.slice(0, 8);
+        const statusIcon = r.status === 'success' ? '✓ success' : r.status === 'rolled_back' ? '↩ rolled_back' : '✗ failed';
+        const dur = formatDuration(r.ended_at - r.started_at);
+        const failed = r.failed_step ?? '';
+        lines.push(`${ts.padEnd(28)}${sha.padEnd(10)}${statusIcon.padEnd(15)}${dur.padEnd(11)}${failed}`);
+    }
+    return lines.join('\n');
+}
+/** Format rows as one JSON object per line (JSONL passthrough — same as on-disk format). */
+export function formatHistoryJson(rows) {
+    return rows.map((r) => JSON.stringify(r)).join('\n');
+}
+//# sourceMappingURL=upgrade-log.js.map

package/dist/commands/upgrade-log.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"upgrade-log.js","sourceRoot":"","sources":["../../src/commands/upgrade-log.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;GA2BG;AAEH,OAAO,KAAK,EAAE,MAAM,SAAS,CAAC;AAC9B,OAAO,KAAK,EAAE,MAAM,SAAS,CAAC;AAC9B,OAAO,KAAK,IAAI,MAAM,WAAW,CAAC;AAElC;;;;GAIG;AACH,MAAM,UAAU,iBAAiB;IAC/B,MAAM,IAAI,GAAG,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC,OAAO,EAAE,CAAC;IACjD,OAAO,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,OAAO,EAAE,aAAa,CAAC,CAAC;AACjD,CAAC;AAED,4EAA4E;AAC5E,MAAM,CAAC,MAAM,gBAAgB,GAAG,iBAAiB,EAAE,CAAC;AAsBpD;;;;;;;GAOG;AACH,MAAM,UAAU,gBAAgB,CAAC,GAAkB,EAAE,UAAkB,iBAAiB,EAAE;IACxF,IAAI,CAAC;QACH,EAAE,CAAC,SAAS,CAAC,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QACzD,MAAM,IAAI,GAAG,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,GAAG,IAAI,CAAC;QACxC,EAAE,CAAC,cAAc,CAAC,OAAO,EAAE,IAAI,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;IACpD,CAAC;IAAC,OAAO,GAAY,EAAE,CAAC;QACtB,OAAO,CAAC,MAAM,CAAC,KAAK,CAClB,mCAAmC,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,IAAI,CACxF,CAAC;IACJ,CAAC;AACH,CAAC;AAED;;;;;;;;GAQG;AACH,MAAM,UAAU,cAAc,CAAC,QAAgB,EAAE,EAAE,UAAkB,iBAAiB,EAAE;IACtF,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,OAAO,CAAC;QAAE,OAAO,EAAE,CAAC;IACvC,IAAI,GAAW,CAAC;IAChB,IAAI,CAAC;QACH,GAAG,GAAG,EAAE,CAAC,YAAY,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;IAC1C,CAAC;IAAC,OAAO,GAAY,EAAE,CAAC;QACtB,OAAO,CAAC,MAAM,CAAC,KAAK,CAClB,iCAAiC,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,IAAI,CACtF,CAAC;QACF,OAAO,EAAE,CAAC;IACZ,CAAC;IAED,MAAM,KAAK,GAAG,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;IAC1D,MAAM,IAAI,GAAoB,EAAE,CAAC;IACjC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACtC,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAE,CAAC;QACvB,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAkB,CAAC;YACjD,oEAAoE;YACpE,IACE,OAAO,MAAM,CAAC,EAAE,KAAK,QAAQ;gBAC7B,OAAO,MAAM,CAAC,UAAU,KAAK,QAAQ;gBACrC,OAAO,MAAM,CAAC,MAAM,KAAK,QAAQ,EACjC,CAAC;gBACD,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;YACpB,CAAC;iBAAM,CAAC;gBACN,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,+CAA+C,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;YACjF,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,8CAA8C,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;QAChF,CAAC;IACH,CAAC;IAED,2DAA2D;IAC3D,OAAO,IAAI,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC,CAAC;AACzC,CAAC;AAED,0EAA0E;AAC1E,MAAM,UAAU,cAAc,CAAC,EAAU;IACvC,IAAI,EAAE,GAAG,IAAI;QAAE,OAAO,GAAG,EAAE,IAAI,CAAC;IAChC,MAAM,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,EAAE,GAAG,IAAI,CAAC,CAAC;IACvC,IAAI,QAAQ,GAAG,EAAE;QAAE,OAAO,GAAG,QAAQ,GAAG,CAAC;IACzC,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,QAAQ,GAAG,EAAE,CAAC,CAAC;IACtC,MAAM,GAAG,GAAG,QAAQ,GAAG,EAAE,CAAC;IAC1B,IAAI,GAAG,GAAG,EAAE;QAAE,OAAO,GAAG,GAAG,IAAI,MAAM,CAAC,GAAG,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,GAAG,CAAC;IAC/D,MAAM,EAAE,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,GAAG,EAAE,CAAC,CAAC;IAChC,MAAM,MAAM,GAAG,GAAG,GAAG,EAAE,CAAC;IACxB,OAAO,GAAG,EAAE,IAAI,MAAM,CAAC,MAAM,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,GAAG,CAAC;AACrD,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,kBAAkB,CAAC,IAAkC;IACnE,IAAI,IAAI,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACtB,OAAO,yEAAyE,CAAC;IACnF,CAAC;IACD,MAAM,KAAK,GAAa,EAAE,CAAC;IAC3B,KAAK,CAAC,IAAI,CAAC,6EAA6E,CAAC,CAAC;IAC1F,KAAK,CAAC,IAAI,CAAC,kFAAkF,CAAC,CAAC;IAC/F,KAAK,MAAM,CAAC,IAAI,IAAI,EAAE,CAAC;QACrB,MAAM,EAAE,GAAG,CAAC,CAAC,EAAE,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,OAAO,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;QAC/C,MAAM,GAAG,GAAG,CAAC,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;QACrC,MAAM,UAAU,GACd,CAAC,CAAC,MAAM,KAAK,SAAS,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,CAAC,MAAM,KAAK,aAAa,CAAC,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,UAAU,CAAC;QACnG,MAAM,GAAG,GAAG,cAAc,CAAC,CAAC,CAAC,QAAQ,GAAG,CAAC,CAAC,UAAU,CAAC,CAAC;QACtD,MAAM,MAAM,GAAG,CAAC,CAAC,WAAW,IAAI,EAAE,CAAC;QACnC,KAAK,CAAC,IAAI,CACR,GAAG,EAAE,CAAC,MAAM,CAAC,EAAE,CAAC,GAAG,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,GAAG,UAAU,CAAC,MAAM,CAAC,EAAE,CAAC,GAAG,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,GAAG,MAAM,EAAE,CACtF,CAAC;IACJ,CAAC;IACD,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC1B,CAAC;AAED,4FAA4F;AAC5F,MAAM,UAAU,iBAAiB,CAAC,IAAkC;IAClE,OAAO,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AACvD,CAAC"}