@rozek/nanoclaw 1.2.17

package/dist/container-runner.js

@@ -0,0 +1,467 @@
+/**
+ * Container Runner for NanoClaw
+ * Spawns agent execution in containers and handles IPC
+ */
+import { exec, spawn } from 'child_process';
+import fs from 'fs';
+import path from 'path';
+import { CONTAINER_IMAGE, CONTAINER_MAX_OUTPUT_SIZE, CONTAINER_TIMEOUT, CREDENTIAL_PROXY_PORT, DATA_DIR, GROUPS_DIR, IDLE_TIMEOUT, TIMEZONE, } from './config.js';
+import { resolveGroupFolderPath, resolveGroupIpcPath } from './group-folder.js';
+import { logger } from './logger.js';
+import { CONTAINER_HOST_GATEWAY, CONTAINER_RUNTIME_BIN, hostGatewayArgs, readonlyMountArgs, stopContainer, } from './container-runtime.js';
+import { detectAuthMode } from './credential-proxy.js';
+import { validateAdditionalMounts } from './mount-security.js';
+// Sentinel markers for robust output parsing (must match agent-runner)
+const OUTPUT_START_MARKER = '---NANOCLAW_OUTPUT_START---';
+const OUTPUT_END_MARKER = '---NANOCLAW_OUTPUT_END---';
+function buildVolumeMounts(group, isMain) {
+    const mounts = [];
+    const projectRoot = process.cwd();
+    const groupDir = resolveGroupFolderPath(group.folder);
+    if (isMain) {
+        // Main gets the project root read-only. Writable paths the agent needs
+        // (group folder, IPC, .claude/) are mounted separately below.
+        // Read-only prevents the agent from modifying host application code
+        // (src/, dist/, package.json, etc.) which would bypass the sandbox
+        // entirely on next restart.
+        mounts.push({
+            hostPath: projectRoot,
+            containerPath: '/workspace/project',
+            readonly: true,
+        });
+        // Shadow .env so the agent cannot read secrets from the mounted project root.
+        // Credentials are injected by the credential proxy, never exposed to containers.
+        const envFile = path.join(projectRoot, '.env');
+        if (fs.existsSync(envFile)) {
+            mounts.push({
+                hostPath: '/dev/null',
+                containerPath: '/workspace/project/.env',
+                readonly: true,
+            });
+        }
+        // Main also gets its group folder as the working directory
+        mounts.push({
+            hostPath: groupDir,
+            containerPath: '/workspace/group',
+            readonly: false,
+        });
+    }
+    else {
+        // Other groups only get their own folder
+        mounts.push({
+            hostPath: groupDir,
+            containerPath: '/workspace/group',
+            readonly: false,
+        });
+        // Global memory directory (read-only for non-main)
+        // Only directory mounts are supported, not file mounts
+        const globalDir = path.join(GROUPS_DIR, 'global');
+        if (fs.existsSync(globalDir)) {
+            mounts.push({
+                hostPath: globalDir,
+                containerPath: '/workspace/global',
+                readonly: true,
+            });
+        }
+    }
+    // Per-group Claude sessions directory (isolated from other groups)
+    // Each group gets their own .claude/ to prevent cross-group session access
+    const groupSessionsDir = path.join(DATA_DIR, 'sessions', group.folder, '.claude');
+    fs.mkdirSync(groupSessionsDir, { recursive: true });
+    const settingsFile = path.join(groupSessionsDir, 'settings.json');
+    if (!fs.existsSync(settingsFile)) {
+        fs.writeFileSync(settingsFile, JSON.stringify({
+            env: {
+                // Enable agent swarms (subagent orchestration)
+                // https://code.claude.com/docs/en/agent-teams#orchestrate-teams-of-claude-code-sessions
+                CLAUDE_CODE_EXPERIMENTAL_AGENT_TEAMS: '1',
+                // Load CLAUDE.md from additional mounted directories
+                // https://code.claude.com/docs/en/memory#load-memory-from-additional-directories
+                CLAUDE_CODE_ADDITIONAL_DIRECTORIES_CLAUDE_MD: '1',
+                // Enable Claude's memory feature (persists user preferences between sessions)
+                // https://code.claude.com/docs/en/memory#manage-auto-memory
+                CLAUDE_CODE_DISABLE_AUTO_MEMORY: '0',
+            },
+        }, null, 2) + '\n');
+    }
+    // Sync skills from container/skills/ into each group's .claude/skills/
+    const skillsSrc = path.join(process.cwd(), 'container', 'skills');
+    const skillsDst = path.join(groupSessionsDir, 'skills');
+    if (fs.existsSync(skillsSrc)) {
+        for (const skillDir of fs.readdirSync(skillsSrc)) {
+            const srcDir = path.join(skillsSrc, skillDir);
+            if (!fs.statSync(srcDir).isDirectory())
+                continue;
+            const dstDir = path.join(skillsDst, skillDir);
+            fs.cpSync(srcDir, dstDir, { recursive: true });
+        }
+    }
+    mounts.push({
+        hostPath: groupSessionsDir,
+        containerPath: '/home/node/.claude',
+        readonly: false,
+    });
+    // Per-group IPC namespace: each group gets its own IPC directory
+    // This prevents cross-group privilege escalation via IPC
+    const groupIpcDir = resolveGroupIpcPath(group.folder);
+    fs.mkdirSync(path.join(groupIpcDir, 'messages'), { recursive: true });
+    fs.mkdirSync(path.join(groupIpcDir, 'tasks'), { recursive: true });
+    fs.mkdirSync(path.join(groupIpcDir, 'input'), { recursive: true });
+    mounts.push({
+        hostPath: groupIpcDir,
+        containerPath: '/workspace/ipc',
+        readonly: false,
+    });
+    // Copy agent-runner source into a per-group writable location so agents
+    // can customize it (add tools, change behavior) without affecting other
+    // groups. Recompiled on container startup via entrypoint.sh.
+    const agentRunnerSrc = path.join(projectRoot, 'container', 'agent-runner', 'src');
+    const groupAgentRunnerDir = path.join(DATA_DIR, 'sessions', group.folder, 'agent-runner-src');
+    if (!fs.existsSync(groupAgentRunnerDir) && fs.existsSync(agentRunnerSrc)) {
+        fs.cpSync(agentRunnerSrc, groupAgentRunnerDir, { recursive: true });
+    }
+    mounts.push({
+        hostPath: groupAgentRunnerDir,
+        containerPath: '/app/src',
+        readonly: false,
+    });
+    // Additional mounts validated against external allowlist (tamper-proof from containers)
+    if (group.containerConfig?.additionalMounts) {
+        const validatedMounts = validateAdditionalMounts(group.containerConfig.additionalMounts, group.name, isMain);
+        mounts.push(...validatedMounts);
+    }
+    return mounts;
+}
+function buildContainerArgs(mounts, containerName) {
+    const args = ['run', '-i', '--rm', '--name', containerName];
+    // Pass host timezone so container's local time matches the user's
+    args.push('-e', `TZ=${TIMEZONE}`);
+    // Route API traffic through the credential proxy (containers never see real secrets)
+    args.push('-e', `ANTHROPIC_BASE_URL=http://${CONTAINER_HOST_GATEWAY}:${CREDENTIAL_PROXY_PORT}`);
+    // Mirror the host's auth method with a placeholder value.
+    // API key mode: SDK sends x-api-key, proxy replaces with real key.
+    // OAuth mode:   SDK exchanges placeholder token for temp API key,
+    //               proxy injects real OAuth token on that exchange request.
+    const authMode = detectAuthMode();
+    if (authMode === 'api-key') {
+        args.push('-e', 'ANTHROPIC_API_KEY=placeholder');
+    }
+    else {
+        args.push('-e', 'CLAUDE_CODE_OAUTH_TOKEN=placeholder');
+    }
+    // Runtime-specific args for host gateway resolution
+    args.push(...hostGatewayArgs());
+    // Run as host user so bind-mounted files are accessible.
+    // Skip when running as root (uid 0), as the container's node user (uid 1000),
+    // or when getuid is unavailable (native Windows without WSL).
+    const hostUid = process.getuid?.();
+    const hostGid = process.getgid?.();
+    if (hostUid != null && hostUid !== 0 && hostUid !== 1000) {
+        args.push('--user', `${hostUid}:${hostGid}`);
+        args.push('-e', 'HOME=/home/node');
+    }
+    for (const mount of mounts) {
+        if (mount.readonly) {
+            args.push(...readonlyMountArgs(mount.hostPath, mount.containerPath));
+        }
+        else {
+            args.push('-v', `${mount.hostPath}:${mount.containerPath}`);
+        }
+    }
+    args.push(CONTAINER_IMAGE);
+    return args;
+}
+export async function runContainerAgent(group, input, onProcess, onOutput) {
+    const startTime = Date.now();
+    const groupDir = resolveGroupFolderPath(group.folder);
+    fs.mkdirSync(groupDir, { recursive: true });
+    const mounts = buildVolumeMounts(group, input.isMain);
+    const safeName = group.folder.replace(/[^a-zA-Z0-9-]/g, '-');
+    const containerName = `nanoclaw-${safeName}-${Date.now()}`;
+    const containerArgs = buildContainerArgs(mounts, containerName);
+    logger.debug({
+        group: group.name,
+        containerName,
+        mounts: mounts.map((m) => `${m.hostPath} -> ${m.containerPath}${m.readonly ? ' (ro)' : ''}`),
+        containerArgs: containerArgs.join(' '),
+    }, 'Container mount configuration');
+    logger.info({
+        group: group.name,
+        containerName,
+        mountCount: mounts.length,
+        isMain: input.isMain,
+    }, 'Spawning container agent');
+    const logsDir = path.join(groupDir, 'logs');
+    fs.mkdirSync(logsDir, { recursive: true });
+    return new Promise((resolve) => {
+        const container = spawn(CONTAINER_RUNTIME_BIN, containerArgs, {
+            stdio: ['pipe', 'pipe', 'pipe'],
+        });
+        onProcess(container, containerName);
+        let stdout = '';
+        let stderr = '';
+        let stdoutTruncated = false;
+        let stderrTruncated = false;
+        container.stdin.write(JSON.stringify(input));
+        container.stdin.end();
+        // Streaming output: parse OUTPUT_START/END marker pairs as they arrive
+        let parseBuffer = '';
+        let newSessionId;
+        let outputChain = Promise.resolve();
+        container.stdout.on('data', (data) => {
+            const chunk = data.toString();
+            // Always accumulate for logging
+            if (!stdoutTruncated) {
+                const remaining = CONTAINER_MAX_OUTPUT_SIZE - stdout.length;
+                if (chunk.length > remaining) {
+                    stdout += chunk.slice(0, remaining);
+                    stdoutTruncated = true;
+                    logger.warn({ group: group.name, size: stdout.length }, 'Container stdout truncated due to size limit');
+                }
+                else {
+                    stdout += chunk;
+                }
+            }
+            // Stream-parse for output markers
+            if (onOutput) {
+                parseBuffer += chunk;
+                let startIdx;
+                while ((startIdx = parseBuffer.indexOf(OUTPUT_START_MARKER)) !== -1) {
+                    const endIdx = parseBuffer.indexOf(OUTPUT_END_MARKER, startIdx);
+                    if (endIdx === -1)
+                        break; // Incomplete pair, wait for more data
+                    const jsonStr = parseBuffer
+                        .slice(startIdx + OUTPUT_START_MARKER.length, endIdx)
+                        .trim();
+                    parseBuffer = parseBuffer.slice(endIdx + OUTPUT_END_MARKER.length);
+                    try {
+                        const parsed = JSON.parse(jsonStr);
+                        if (parsed.newSessionId) {
+                            newSessionId = parsed.newSessionId;
+                        }
+                        hadStreamingOutput = true;
+                        // Activity detected — reset the hard timeout
+                        resetTimeout();
+                        // Call onOutput for all markers (including null results)
+                        // so idle timers start even for "silent" query completions.
+                        outputChain = outputChain.then(() => onOutput(parsed));
+                    }
+                    catch (err) {
+                        logger.warn({ group: group.name, error: err }, 'Failed to parse streamed output chunk');
+                    }
+                }
+            }
+        });
+        container.stderr.on('data', (data) => {
+            const chunk = data.toString();
+            const lines = chunk.trim().split('\n');
+            for (const line of lines) {
+                if (line)
+                    logger.debug({ container: group.folder }, line);
+            }
+            // Don't reset timeout on stderr — SDK writes debug logs continuously.
+            // Timeout only resets on actual output (OUTPUT_MARKER in stdout).
+            if (stderrTruncated)
+                return;
+            const remaining = CONTAINER_MAX_OUTPUT_SIZE - stderr.length;
+            if (chunk.length > remaining) {
+                stderr += chunk.slice(0, remaining);
+                stderrTruncated = true;
+                logger.warn({ group: group.name, size: stderr.length }, 'Container stderr truncated due to size limit');
+            }
+            else {
+                stderr += chunk;
+            }
+        });
+        let timedOut = false;
+        let hadStreamingOutput = false;
+        const configTimeout = group.containerConfig?.timeout || CONTAINER_TIMEOUT;
+        // Grace period: hard timeout must be at least IDLE_TIMEOUT + 30s so the
+        // graceful _close sentinel has time to trigger before the hard kill fires.
+        const timeoutMs = Math.max(configTimeout, IDLE_TIMEOUT + 30_000);
+        const killOnTimeout = () => {
+            timedOut = true;
+            logger.error({ group: group.name, containerName }, 'Container timeout, stopping gracefully');
+            exec(stopContainer(containerName), { timeout: 15000 }, (err) => {
+                if (err) {
+                    logger.warn({ group: group.name, containerName, err }, 'Graceful stop failed, force killing');
+                    container.kill('SIGKILL');
+                }
+            });
+        };
+        let timeout = setTimeout(killOnTimeout, timeoutMs);
+        // Reset the timeout whenever there's activity (streaming output)
+        const resetTimeout = () => {
+            clearTimeout(timeout);
+            timeout = setTimeout(killOnTimeout, timeoutMs);
+        };
+        container.on('close', (code) => {
+            clearTimeout(timeout);
+            const duration = Date.now() - startTime;
+            if (timedOut) {
+                const ts = new Date().toISOString().replace(/[:.]/g, '-');
+                const timeoutLog = path.join(logsDir, `container-${ts}.log`);
+                fs.writeFileSync(timeoutLog, [
+                    `=== Container Run Log (TIMEOUT) ===`,
+                    `Timestamp: ${new Date().toISOString()}`,
+                    `Group: ${group.name}`,
+                    `Container: ${containerName}`,
+                    `Duration: ${duration}ms`,
+                    `Exit Code: ${code}`,
+                    `Had Streaming Output: ${hadStreamingOutput}`,
+                ].join('\n'));
+                // Timeout after output = idle cleanup, not failure.
+                // The agent already sent its response; this is just the
+                // container being reaped after the idle period expired.
+                if (hadStreamingOutput) {
+                    logger.info({ group: group.name, containerName, duration, code }, 'Container timed out after output (idle cleanup)');
+                    outputChain.then(() => {
+                        resolve({
+                            status: 'success',
+                            result: null,
+                            newSessionId,
+                        });
+                    });
+                    return;
+                }
+                logger.error({ group: group.name, containerName, duration, code }, 'Container timed out with no output');
+                resolve({
+                    status: 'error',
+                    result: null,
+                    error: `Container timed out after ${configTimeout}ms`,
+                });
+                return;
+            }
+            const timestamp = new Date().toISOString().replace(/[:.]/g, '-');
+            const logFile = path.join(logsDir, `container-${timestamp}.log`);
+            const isVerbose = process.env.LOG_LEVEL === 'debug' || process.env.LOG_LEVEL === 'trace';
+            const logLines = [
+                `=== Container Run Log ===`,
+                `Timestamp: ${new Date().toISOString()}`,
+                `Group: ${group.name}`,
+                `IsMain: ${input.isMain}`,
+                `Duration: ${duration}ms`,
+                `Exit Code: ${code}`,
+                `Stdout Truncated: ${stdoutTruncated}`,
+                `Stderr Truncated: ${stderrTruncated}`,
+                ``,
+            ];
+            const isError = code !== 0;
+            if (isVerbose || isError) {
+                logLines.push(`=== Input ===`, JSON.stringify(input, null, 2), ``, `=== Container Args ===`, containerArgs.join(' '), ``, `=== Mounts ===`, mounts
+                    .map((m) => `${m.hostPath} -> ${m.containerPath}${m.readonly ? ' (ro)' : ''}`)
+                    .join('\n'), ``, `=== Stderr${stderrTruncated ? ' (TRUNCATED)' : ''} ===`, stderr, ``, `=== Stdout${stdoutTruncated ? ' (TRUNCATED)' : ''} ===`, stdout);
+            }
+            else {
+                logLines.push(`=== Input Summary ===`, `Prompt length: ${input.prompt.length} chars`, `Session ID: ${input.sessionId || 'new'}`, ``, `=== Mounts ===`, mounts
+                    .map((m) => `${m.containerPath}${m.readonly ? ' (ro)' : ''}`)
+                    .join('\n'), ``);
+            }
+            fs.writeFileSync(logFile, logLines.join('\n'));
+            logger.debug({ logFile, verbose: isVerbose }, 'Container log written');
+            if (code !== 0) {
+                logger.error({
+                    group: group.name,
+                    code,
+                    duration,
+                    stderr,
+                    stdout,
+                    logFile,
+                }, 'Container exited with error');
+                resolve({
+                    status: 'error',
+                    result: null,
+                    error: `Container exited with code ${code}: ${stderr.slice(-200)}`,
+                });
+                return;
+            }
+            // Streaming mode: wait for output chain to settle, return completion marker
+            if (onOutput) {
+                outputChain.then(() => {
+                    logger.info({ group: group.name, duration, newSessionId }, 'Container completed (streaming mode)');
+                    resolve({
+                        status: 'success',
+                        result: null,
+                        newSessionId,
+                    });
+                });
+                return;
+            }
+            // Legacy mode: parse the last output marker pair from accumulated stdout
+            try {
+                // Extract JSON between sentinel markers for robust parsing
+                const startIdx = stdout.indexOf(OUTPUT_START_MARKER);
+                const endIdx = stdout.indexOf(OUTPUT_END_MARKER);
+                let jsonLine;
+                if (startIdx !== -1 && endIdx !== -1 && endIdx > startIdx) {
+                    jsonLine = stdout
+                        .slice(startIdx + OUTPUT_START_MARKER.length, endIdx)
+                        .trim();
+                }
+                else {
+                    // Fallback: last non-empty line (backwards compatibility)
+                    const lines = stdout.trim().split('\n');
+                    jsonLine = lines[lines.length - 1];
+                }
+                const output = JSON.parse(jsonLine);
+                logger.info({
+                    group: group.name,
+                    duration,
+                    status: output.status,
+                    hasResult: !!output.result,
+                }, 'Container completed');
+                resolve(output);
+            }
+            catch (err) {
+                logger.error({
+                    group: group.name,
+                    stdout,
+                    stderr,
+                    error: err,
+                }, 'Failed to parse container output');
+                resolve({
+                    status: 'error',
+                    result: null,
+                    error: `Failed to parse container output: ${err instanceof Error ? err.message : String(err)}`,
+                });
+            }
+        });
+        container.on('error', (err) => {
+            clearTimeout(timeout);
+            logger.error({ group: group.name, containerName, error: err }, 'Container spawn error');
+            resolve({
+                status: 'error',
+                result: null,
+                error: `Container spawn error: ${err.message}`,
+            });
+        });
+    });
+}
+export function writeTasksSnapshot(groupFolder, isMain, tasks) {
+    // Write filtered tasks to the group's IPC directory
+    const groupIpcDir = resolveGroupIpcPath(groupFolder);
+    fs.mkdirSync(groupIpcDir, { recursive: true });
+    // Main sees all tasks, others only see their own
+    const filteredTasks = isMain
+        ? tasks
+        : tasks.filter((t) => t.groupFolder === groupFolder);
+    const tasksFile = path.join(groupIpcDir, 'current_tasks.json');
+    fs.writeFileSync(tasksFile, JSON.stringify(filteredTasks, null, 2));
+}
+/**
+ * Write available groups snapshot for the container to read.
+ * Only main group can see all available groups (for activation).
+ * Non-main groups only see their own registration status.
+ */
+export function writeGroupsSnapshot(groupFolder, isMain, groups, registeredJids) {
+    const groupIpcDir = resolveGroupIpcPath(groupFolder);
+    fs.mkdirSync(groupIpcDir, { recursive: true });
+    // Main sees all groups; others see nothing (they can't activate groups)
+    const visibleGroups = isMain ? groups : [];
+    const groupsFile = path.join(groupIpcDir, 'available_groups.json');
+    fs.writeFileSync(groupsFile, JSON.stringify({
+        groups: visibleGroups,
+        lastSync: new Date().toISOString(),
+    }, null, 2));
+}
+//# sourceMappingURL=container-runner.js.map

package/dist/container-runner.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"container-runner.js","sourceRoot":"","sources":["../src/container-runner.ts"],"names":[],"mappings":"AAAA;;;GAGG;AACH,OAAO,EAAgB,IAAI,EAAE,KAAK,EAAE,MAAM,eAAe,CAAC;AAC1D,OAAO,EAAE,MAAM,IAAI,CAAC;AACpB,OAAO,IAAI,MAAM,MAAM,CAAC;AAExB,OAAO,EACL,eAAe,EACf,yBAAyB,EACzB,iBAAiB,EACjB,qBAAqB,EACrB,QAAQ,EACR,UAAU,EACV,YAAY,EACZ,QAAQ,GACT,MAAM,aAAa,CAAC;AACrB,OAAO,EAAE,sBAAsB,EAAE,mBAAmB,EAAE,MAAM,mBAAmB,CAAC;AAChF,OAAO,EAAE,MAAM,EAAE,MAAM,aAAa,CAAC;AACrC,OAAO,EACL,sBAAsB,EACtB,qBAAqB,EACrB,eAAe,EACf,iBAAiB,EACjB,aAAa,GACd,MAAM,wBAAwB,CAAC;AAChC,OAAO,EAAE,cAAc,EAAE,MAAM,uBAAuB,CAAC;AACvD,OAAO,EAAE,wBAAwB,EAAE,MAAM,qBAAqB,CAAC;AAG/D,uEAAuE;AACvE,MAAM,mBAAmB,GAAG,6BAA6B,CAAC;AAC1D,MAAM,iBAAiB,GAAG,2BAA2B,CAAC;AAyBtD,SAAS,iBAAiB,CACxB,KAAsB,EACtB,MAAe;IAEf,MAAM,MAAM,GAAkB,EAAE,CAAC;IACjC,MAAM,WAAW,GAAG,OAAO,CAAC,GAAG,EAAE,CAAC;IAClC,MAAM,QAAQ,GAAG,sBAAsB,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;IAEtD,IAAI,MAAM,EAAE,CAAC;QACX,uEAAuE;QACvE,8DAA8D;QAC9D,oEAAoE;QACpE,mEAAmE;QACnE,4BAA4B;QAC5B,MAAM,CAAC,IAAI,CAAC;YACV,QAAQ,EAAE,WAAW;YACrB,aAAa,EAAE,oBAAoB;YACnC,QAAQ,EAAE,IAAI;SACf,CAAC,CAAC;QAEH,8EAA8E;QAC9E,iFAAiF;QACjF,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,MAAM,CAAC,CAAC;QAC/C,IAAI,EAAE,CAAC,UAAU,CAAC,OAAO,CAAC,EAAE,CAAC;YAC3B,MAAM,CAAC,IAAI,CAAC;gBACV,QAAQ,EAAE,WAAW;gBACrB,aAAa,EAAE,yBAAyB;gBACxC,QAAQ,EAAE,IAAI;aACf,CAAC,CAAC;QACL,CAAC;QAED,2DAA2D;QAC3D,MAAM,CAAC,IAAI,CAAC;YACV,QAAQ,EAAE,QAAQ;YAClB,aAAa,EAAE,kBAAkB;YACjC,QAAQ,EAAE,KAAK;SAChB,CAAC,CAAC;IACL,CAAC;SAAM,CAAC;QACN,yCAAyC;QACzC,MAAM,CAAC,IAAI,CAAC;YACV,QAAQ,EAAE,QAAQ;YAClB,aAAa,EAAE,kBAAkB;YACjC,QAAQ,EAAE,KAAK;SAChB,CAAC,CAAC;QAEH,mDAAmD;QACnD,uDAAuD;QACvD,MAAM,SAAS,GAAG,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,QAAQ,CAAC,CAAC;QAClD,IAAI,EAAE,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;YAC7B,MAAM,CAAC,IAAI,CAAC;gBACV,QAAQ,EAAE,SAAS;gBACnB,aAAa,EAAE,mBAAmB;gBAClC,QAAQ,EAAE,IAAI;aACf,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,mEAAmE;IACnE,2EAA2E;IAC3E,MAAM,gBAAgB,GAAG,IAAI,CAAC,IAAI,CAChC,QAAQ,EACR,UAAU,EACV,KAAK,CAAC,MAAM,EACZ,SAAS,CACV,CAAC;IACF,EAAE,CAAC,SAAS,CAAC,gBAAgB,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IACpD,MAAM,YAAY,GAAG,IAAI,CAAC,IAAI,CAAC,gBAAgB,EAAE,eAAe,CAAC,CAAC;IAClE,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,YAAY,CAAC,EAAE,CAAC;QACjC,EAAE,CAAC,aAAa,CACd,YAAY,EACZ,IAAI,CAAC,SAAS,CACZ;YACE,GAAG,EAAE;gBACH,+CAA+C;gBAC/C,wFAAwF;gBACxF,oCAAoC,EAAE,GAAG;gBACzC,qDAAqD;gBACrD,iFAAiF;gBACjF,4CAA4C,EAAE,GAAG;gBACjD,8EAA8E;gBAC9E,4DAA4D;gBAC5D,+BAA+B,EAAE,GAAG;aACrC;SACF,EACD,IAAI,EACJ,CAAC,CACF,GAAG,IAAI,CACT,CAAC;IACJ,CAAC;IAED,uEAAuE;IACvE,MAAM,SAAS,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,WAAW,EAAE,QAAQ,CAAC,CAAC;IAClE,MAAM,SAAS,GAAG,IAAI,CAAC,IAAI,CAAC,gBAAgB,EAAE,QAAQ,CAAC,CAAC;IACxD,IAAI,EAAE,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;QAC7B,KAAK,MAAM,QAAQ,IAAI,EAAE,CAAC,WAAW,CAAC,SAAS,CAAC,EAAE,CAAC;YACjD,MAAM,MAAM,GAAG,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,QAAQ,CAAC,CAAC;YAC9C,IAAI,CAAC,EAAE,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,WAAW,EAAE;gBAAE,SAAS;YACjD,MAAM,MAAM,GAAG,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,QAAQ,CAAC,CAAC;YAC9C,EAAE,CAAC,MAAM,CAAC,MAAM,EAAE,MAAM,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QACjD,CAAC;IACH,CAAC;IACD,MAAM,CAAC,IAAI,CAAC;QACV,QAAQ,EAAE,gBAAgB;QAC1B,aAAa,EAAE,oBAAoB;QACnC,QAAQ,EAAE,KAAK;KAChB,CAAC,CAAC;IAEH,iEAAiE;IACjE,yDAAyD;IACzD,MAAM,WAAW,GAAG,mBAAmB,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;IACtD,EAAE,CAAC,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,UAAU,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IACtE,EAAE,CAAC,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,OAAO,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IACnE,EAAE,CAAC,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,OAAO,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IACnE,MAAM,CAAC,IAAI,CAAC;QACV,QAAQ,EAAE,WAAW;QACrB,aAAa,EAAE,gBAAgB;QAC/B,QAAQ,EAAE,KAAK;KAChB,CAAC,CAAC;IAEH,wEAAwE;IACxE,wEAAwE;IACxE,6DAA6D;IAC7D,MAAM,cAAc,GAAG,IAAI,CAAC,IAAI,CAC9B,WAAW,EACX,WAAW,EACX,cAAc,EACd,KAAK,CACN,CAAC;IACF,MAAM,mBAAmB,GAAG,IAAI,CAAC,IAAI,CACnC,QAAQ,EACR,UAAU,EACV,KAAK,CAAC,MAAM,EACZ,kBAAkB,CACnB,CAAC;IACF,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,mBAAmB,CAAC,IAAI,EAAE,CAAC,UAAU,CAAC,cAAc,CAAC,EAAE,CAAC;QACzE,EAAE,CAAC,MAAM,CAAC,cAAc,EAAE,mBAAmB,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IACtE,CAAC;IACD,MAAM,CAAC,IAAI,CAAC;QACV,QAAQ,EAAE,mBAAmB;QAC7B,aAAa,EAAE,UAAU;QACzB,QAAQ,EAAE,KAAK;KAChB,CAAC,CAAC;IAEH,wFAAwF;IACxF,IAAI,KAAK,CAAC,eAAe,EAAE,gBAAgB,EAAE,CAAC;QAC5C,MAAM,eAAe,GAAG,wBAAwB,CAC9C,KAAK,CAAC,eAAe,CAAC,gBAAgB,EACtC,KAAK,CAAC,IAAI,EACV,MAAM,CACP,CAAC;QACF,MAAM,CAAC,IAAI,CAAC,GAAG,eAAe,CAAC,CAAC;IAClC,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,SAAS,kBAAkB,CACzB,MAAqB,EACrB,aAAqB;IAErB,MAAM,IAAI,GAAa,CAAC,KAAK,EAAE,IAAI,EAAE,MAAM,EAAE,QAAQ,EAAE,aAAa,CAAC,CAAC;IAEtE,kEAAkE;IAClE,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,MAAM,QAAQ,EAAE,CAAC,CAAC;IAElC,qFAAqF;IACrF,IAAI,CAAC,IAAI,CACP,IAAI,EACJ,6BAA6B,sBAAsB,IAAI,qBAAqB,EAAE,CAC/E,CAAC;IAEF,0DAA0D;IAC1D,mEAAmE;IACnE,kEAAkE;IAClE,yEAAyE;IACzE,MAAM,QAAQ,GAAG,cAAc,EAAE,CAAC;IAClC,IAAI,QAAQ,KAAK,SAAS,EAAE,CAAC;QAC3B,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,+BAA+B,CAAC,CAAC;IACnD,CAAC;SAAM,CAAC;QACN,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,qCAAqC,CAAC,CAAC;IACzD,CAAC;IAED,oDAAoD;IACpD,IAAI,CAAC,IAAI,CAAC,GAAG,eAAe,EAAE,CAAC,CAAC;IAEhC,yDAAyD;IACzD,8EAA8E;IAC9E,8DAA8D;IAC9D,MAAM,OAAO,GAAG,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC;IACnC,MAAM,OAAO,GAAG,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC;IACnC,IAAI,OAAO,IAAI,IAAI,IAAI,OAAO,KAAK,CAAC,IAAI,OAAO,KAAK,IAAI,EAAE,CAAC;QACzD,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,GAAG,OAAO,IAAI,OAAO,EAAE,CAAC,CAAC;QAC7C,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,iBAAiB,CAAC,CAAC;IACrC,CAAC;IAED,KAAK,MAAM,KAAK,IAAI,MAAM,EAAE,CAAC;QAC3B,IAAI,KAAK,CAAC,QAAQ,EAAE,CAAC;YACnB,IAAI,CAAC,IAAI,CAAC,GAAG,iBAAiB,CAAC,KAAK,CAAC,QAAQ,EAAE,KAAK,CAAC,aAAa,CAAC,CAAC,CAAC;QACvE,CAAC;aAAM,CAAC;YACN,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,GAAG,KAAK,CAAC,QAAQ,IAAI,KAAK,CAAC,aAAa,EAAE,CAAC,CAAC;QAC9D,CAAC;IACH,CAAC;IAED,IAAI,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;IAE3B,OAAO,IAAI,CAAC;AACd,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,iBAAiB,CACrC,KAAsB,EACtB,KAAqB,EACrB,SAA8D,EAC9D,QAAqD;IAErD,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IAE7B,MAAM,QAAQ,GAAG,sBAAsB,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;IACtD,EAAE,CAAC,SAAS,CAAC,QAAQ,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IAE5C,MAAM,MAAM,GAAG,iBAAiB,CAAC,KAAK,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC;IACtD,MAAM,QAAQ,GAAG,KAAK,CAAC,MAAM,CAAC,OAAO,CAAC,gBAAgB,EAAE,GAAG,CAAC,CAAC;IAC7D,MAAM,aAAa,GAAG,YAAY,QAAQ,IAAI,IAAI,CAAC,GAAG,EAAE,EAAE,CAAC;IAC3D,MAAM,aAAa,GAAG,kBAAkB,CAAC,MAAM,EAAE,aAAa,CAAC,CAAC;IAEhE,MAAM,CAAC,KAAK,CACV;QACE,KAAK,EAAE,KAAK,CAAC,IAAI;QACjB,aAAa;QACb,MAAM,EAAE,MAAM,CAAC,GAAG,CAChB,CAAC,CAAC,EAAE,EAAE,CACJ,GAAG,CAAC,CAAC,QAAQ,OAAO,CAAC,CAAC,aAAa,GAAG,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,EAAE,CACpE;QACD,aAAa,EAAE,aAAa,CAAC,IAAI,CAAC,GAAG,CAAC;KACvC,EACD,+BAA+B,CAChC,CAAC;IAEF,MAAM,CAAC,IAAI,CACT;QACE,KAAK,EAAE,KAAK,CAAC,IAAI;QACjB,aAAa;QACb,UAAU,EAAE,MAAM,CAAC,MAAM;QACzB,MAAM,EAAE,KAAK,CAAC,MAAM;KACrB,EACD,0BAA0B,CAC3B,CAAC;IAEF,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;IAC5C,EAAE,CAAC,SAAS,CAAC,OAAO,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IAE3C,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE;QAC7B,MAAM,SAAS,GAAG,KAAK,CAAC,qBAAqB,EAAE,aAAa,EAAE;YAC5D,KAAK,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC;SAChC,CAAC,CAAC;QAEH,SAAS,CAAC,SAAS,EAAE,aAAa,CAAC,CAAC;QAEpC,IAAI,MAAM,GAAG,EAAE,CAAC;QAChB,IAAI,MAAM,GAAG,EAAE,CAAC;QAChB,IAAI,eAAe,GAAG,KAAK,CAAC;QAC5B,IAAI,eAAe,GAAG,KAAK,CAAC;QAE5B,SAAS,CAAC,KAAK,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC,CAAC;QAC7C,SAAS,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC;QAEtB,uEAAuE;QACvE,IAAI,WAAW,GAAG,EAAE,CAAC;QACrB,IAAI,YAAgC,CAAC;QACrC,IAAI,WAAW,GAAG,OAAO,CAAC,OAAO,EAAE,CAAC;QAEpC,SAAS,CAAC,MAAM,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,EAAE;YACnC,MAAM,KAAK,GAAG,IAAI,CAAC,QAAQ,EAAE,CAAC;YAE9B,gCAAgC;YAChC,IAAI,CAAC,eAAe,EAAE,CAAC;gBACrB,MAAM,SAAS,GAAG,yBAAyB,GAAG,MAAM,CAAC,MAAM,CAAC;gBAC5D,IAAI,KAAK,CAAC,MAAM,GAAG,SAAS,EAAE,CAAC;oBAC7B,MAAM,IAAI,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,SAAS,CAAC,CAAC;oBACpC,eAAe,GAAG,IAAI,CAAC;oBACvB,MAAM,CAAC,IAAI,CACT,EAAE,KAAK,EAAE,KAAK,CAAC,IAAI,EAAE,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,EAC1C,8CAA8C,CAC/C,CAAC;gBACJ,CAAC;qBAAM,CAAC;oBACN,MAAM,IAAI,KAAK,CAAC;gBAClB,CAAC;YACH,CAAC;YAED,kCAAkC;YAClC,IAAI,QAAQ,EAAE,CAAC;gBACb,WAAW,IAAI,KAAK,CAAC;gBACrB,IAAI,QAAgB,CAAC;gBACrB,OAAO,CAAC,QAAQ,GAAG,WAAW,CAAC,OAAO,CAAC,mBAAmB,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC;oBACpE,MAAM,MAAM,GAAG,WAAW,CAAC,OAAO,CAAC,iBAAiB,EAAE,QAAQ,CAAC,CAAC;oBAChE,IAAI,MAAM,KAAK,CAAC,CAAC;wBAAE,MAAM,CAAC,sCAAsC;oBAEhE,MAAM,OAAO,GAAG,WAAW;yBACxB,KAAK,CAAC,QAAQ,GAAG,mBAAmB,CAAC,MAAM,EAAE,MAAM,CAAC;yBACpD,IAAI,EAAE,CAAC;oBACV,WAAW,GAAG,WAAW,CAAC,KAAK,CAAC,MAAM,GAAG,iBAAiB,CAAC,MAAM,CAAC,CAAC;oBAEnE,IAAI,CAAC;wBACH,MAAM,MAAM,GAAoB,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;wBACpD,IAAI,MAAM,CAAC,YAAY,EAAE,CAAC;4BACxB,YAAY,GAAG,MAAM,CAAC,YAAY,CAAC;wBACrC,CAAC;wBACD,kBAAkB,GAAG,IAAI,CAAC;wBAC1B,6CAA6C;wBAC7C,YAAY,EAAE,CAAC;wBACf,yDAAyD;wBACzD,4DAA4D;wBAC5D,WAAW,GAAG,WAAW,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC;oBACzD,CAAC;oBAAC,OAAO,GAAG,EAAE,CAAC;wBACb,MAAM,CAAC,IAAI,CACT,EAAE,KAAK,EAAE,KAAK,CAAC,IAAI,EAAE,KAAK,EAAE,GAAG,EAAE,EACjC,uCAAuC,CACxC,CAAC;oBACJ,CAAC;gBACH,CAAC;YACH,CAAC;QACH,CAAC,CAAC,CAAC;QAEH,SAAS,CAAC,MAAM,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,EAAE;YACnC,MAAM,KAAK,GAAG,IAAI,CAAC,QAAQ,EAAE,CAAC;YAC9B,MAAM,KAAK,GAAG,KAAK,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;YACvC,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;gBACzB,IAAI,IAAI;oBAAE,MAAM,CAAC,KAAK,CAAC,EAAE,SAAS,EAAE,KAAK,CAAC,MAAM,EAAE,EAAE,IAAI,CAAC,CAAC;YAC5D,CAAC;YACD,sEAAsE;YACtE,kEAAkE;YAClE,IAAI,eAAe;gBAAE,OAAO;YAC5B,MAAM,SAAS,GAAG,yBAAyB,GAAG,MAAM,CAAC,MAAM,CAAC;YAC5D,IAAI,KAAK,CAAC,MAAM,GAAG,SAAS,EAAE,CAAC;gBAC7B,MAAM,IAAI,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,SAAS,CAAC,CAAC;gBACpC,eAAe,GAAG,IAAI,CAAC;gBACvB,MAAM,CAAC,IAAI,CACT,EAAE,KAAK,EAAE,KAAK,CAAC,IAAI,EAAE,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,EAC1C,8CAA8C,CAC/C,CAAC;YACJ,CAAC;iBAAM,CAAC;gBACN,MAAM,IAAI,KAAK,CAAC;YAClB,CAAC;QACH,CAAC,CAAC,CAAC;QAEH,IAAI,QAAQ,GAAG,KAAK,CAAC;QACrB,IAAI,kBAAkB,GAAG,KAAK,CAAC;QAC/B,MAAM,aAAa,GAAG,KAAK,CAAC,eAAe,EAAE,OAAO,IAAI,iBAAiB,CAAC;QAC1E,wEAAwE;QACxE,2EAA2E;QAC3E,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,CAAC,aAAa,EAAE,YAAY,GAAG,MAAM,CAAC,CAAC;QAEjE,MAAM,aAAa,GAAG,GAAG,EAAE;YACzB,QAAQ,GAAG,IAAI,CAAC;YAChB,MAAM,CAAC,KAAK,CACV,EAAE,KAAK,EAAE,KAAK,CAAC,IAAI,EAAE,aAAa,EAAE,EACpC,wCAAwC,CACzC,CAAC;YACF,IAAI,CAAC,aAAa,CAAC,aAAa,CAAC,EAAE,EAAE,OAAO,EAAE,KAAK,EAAE,EAAE,CAAC,GAAG,EAAE,EAAE;gBAC7D,IAAI,GAAG,EAAE,CAAC;oBACR,MAAM,CAAC,IAAI,CACT,EAAE,KAAK,EAAE,KAAK,CAAC,IAAI,EAAE,aAAa,EAAE,GAAG,EAAE,EACzC,qCAAqC,CACtC,CAAC;oBACF,SAAS,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;gBAC5B,CAAC;YACH,CAAC,CAAC,CAAC;QACL,CAAC,CAAC;QAEF,IAAI,OAAO,GAAG,UAAU,CAAC,aAAa,EAAE,SAAS,CAAC,CAAC;QAEnD,iEAAiE;QACjE,MAAM,YAAY,GAAG,GAAG,EAAE;YACxB,YAAY,CAAC,OAAO,CAAC,CAAC;YACtB,OAAO,GAAG,UAAU,CAAC,aAAa,EAAE,SAAS,CAAC,CAAC;QACjD,CAAC,CAAC;QAEF,SAAS,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,IAAI,EAAE,EAAE;YAC7B,YAAY,CAAC,OAAO,CAAC,CAAC;YACtB,MAAM,QAAQ,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS,CAAC;YAExC,IAAI,QAAQ,EAAE,CAAC;gBACb,MAAM,EAAE,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC,OAAO,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC;gBAC1D,MAAM,UAAU,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,aAAa,EAAE,MAAM,CAAC,CAAC;gBAC7D,EAAE,CAAC,aAAa,CACd,UAAU,EACV;oBACE,qCAAqC;oBACrC,cAAc,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,EAAE;oBACxC,UAAU,KAAK,CAAC,IAAI,EAAE;oBACtB,cAAc,aAAa,EAAE;oBAC7B,aAAa,QAAQ,IAAI;oBACzB,cAAc,IAAI,EAAE;oBACpB,yBAAyB,kBAAkB,EAAE;iBAC9C,CAAC,IAAI,CAAC,IAAI,CAAC,CACb,CAAC;gBAEF,oDAAoD;gBACpD,wDAAwD;gBACxD,wDAAwD;gBACxD,IAAI,kBAAkB,EAAE,CAAC;oBACvB,MAAM,CAAC,IAAI,CACT,EAAE,KAAK,EAAE,KAAK,CAAC,IAAI,EAAE,aAAa,EAAE,QAAQ,EAAE,IAAI,EAAE,EACpD,iDAAiD,CAClD,CAAC;oBACF,WAAW,CAAC,IAAI,CAAC,GAAG,EAAE;wBACpB,OAAO,CAAC;4BACN,MAAM,EAAE,SAAS;4BACjB,MAAM,EAAE,IAAI;4BACZ,YAAY;yBACb,CAAC,CAAC;oBACL,CAAC,CAAC,CAAC;oBACH,OAAO;gBACT,CAAC;gBAED,MAAM,CAAC,KAAK,CACV,EAAE,KAAK,EAAE,KAAK,CAAC,IAAI,EAAE,aAAa,EAAE,QAAQ,EAAE,IAAI,EAAE,EACpD,oCAAoC,CACrC,CAAC;gBAEF,OAAO,CAAC;oBACN,MAAM,EAAE,OAAO;oBACf,MAAM,EAAE,IAAI;oBACZ,KAAK,EAAE,6BAA6B,aAAa,IAAI;iBACtD,CAAC,CAAC;gBACH,OAAO;YACT,CAAC;YAED,MAAM,SAAS,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC,OAAO,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC;YACjE,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,aAAa,SAAS,MAAM,CAAC,CAAC;YACjE,MAAM,SAAS,GACb,OAAO,CAAC,GAAG,CAAC,SAAS,KAAK,OAAO,IAAI,OAAO,CAAC,GAAG,CAAC,SAAS,KAAK,OAAO,CAAC;YAEzE,MAAM,QAAQ,GAAG;gBACf,2BAA2B;gBAC3B,cAAc,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,EAAE;gBACxC,UAAU,KAAK,CAAC,IAAI,EAAE;gBACtB,WAAW,KAAK,CAAC,MAAM,EAAE;gBACzB,aAAa,QAAQ,IAAI;gBACzB,cAAc,IAAI,EAAE;gBACpB,qBAAqB,eAAe,EAAE;gBACtC,qBAAqB,eAAe,EAAE;gBACtC,EAAE;aACH,CAAC;YAEF,MAAM,OAAO,GAAG,IAAI,KAAK,CAAC,CAAC;YAE3B,IAAI,SAAS,IAAI,OAAO,EAAE,CAAC;gBACzB,QAAQ,CAAC,IAAI,CACX,eAAe,EACf,IAAI,CAAC,SAAS,CAAC,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC,EAC9B,EAAE,EACF,wBAAwB,EACxB,aAAa,CAAC,IAAI,CAAC,GAAG,CAAC,EACvB,EAAE,EACF,gBAAgB,EAChB,MAAM;qBACH,GAAG,CACF,CAAC,CAAC,EAAE,EAAE,CACJ,GAAG,CAAC,CAAC,QAAQ,OAAO,CAAC,CAAC,aAAa,GAAG,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,EAAE,CACpE;qBACA,IAAI,CAAC,IAAI,CAAC,EACb,EAAE,EACF,aAAa,eAAe,CAAC,CAAC,CAAC,cAAc,CAAC,CAAC,CAAC,EAAE,MAAM,EACxD,MAAM,EACN,EAAE,EACF,aAAa,eAAe,CAAC,CAAC,CAAC,cAAc,CAAC,CAAC,CAAC,EAAE,MAAM,EACxD,MAAM,CACP,CAAC;YACJ,CAAC;iBAAM,CAAC;gBACN,QAAQ,CAAC,IAAI,CACX,uBAAuB,EACvB,kBAAkB,KAAK,CAAC,MAAM,CAAC,MAAM,QAAQ,EAC7C,eAAe,KAAK,CAAC,SAAS,IAAI,KAAK,EAAE,EACzC,EAAE,EACF,gBAAgB,EAChB,MAAM;qBACH,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,CAAC,CAAC,aAAa,GAAG,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC;qBAC5D,IAAI,CAAC,IAAI,CAAC,EACb,EAAE,CACH,CAAC;YACJ,CAAC;YAED,EAAE,CAAC,aAAa,CAAC,OAAO,EAAE,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC;YAC/C,MAAM,CAAC,KAAK,CAAC,EAAE,OAAO,EAAE,OAAO,EAAE,SAAS,EAAE,EAAE,uBAAuB,CAAC,CAAC;YAEvE,IAAI,IAAI,KAAK,CAAC,EAAE,CAAC;gBACf,MAAM,CAAC,KAAK,CACV;oBACE,KAAK,EAAE,KAAK,CAAC,IAAI;oBACjB,IAAI;oBACJ,QAAQ;oBACR,MAAM;oBACN,MAAM;oBACN,OAAO;iBACR,EACD,6BAA6B,CAC9B,CAAC;gBAEF,OAAO,CAAC;oBACN,MAAM,EAAE,OAAO;oBACf,MAAM,EAAE,IAAI;oBACZ,KAAK,EAAE,8BAA8B,IAAI,KAAK,MAAM,CAAC,KAAK,CAAC,CAAC,GAAG,CAAC,EAAE;iBACnE,CAAC,CAAC;gBACH,OAAO;YACT,CAAC;YAED,4EAA4E;YAC5E,IAAI,QAAQ,EAAE,CAAC;gBACb,WAAW,CAAC,IAAI,CAAC,GAAG,EAAE;oBACpB,MAAM,CAAC,IAAI,CACT,EAAE,KAAK,EAAE,KAAK,CAAC,IAAI,EAAE,QAAQ,EAAE,YAAY,EAAE,EAC7C,sCAAsC,CACvC,CAAC;oBACF,OAAO,CAAC;wBACN,MAAM,EAAE,SAAS;wBACjB,MAAM,EAAE,IAAI;wBACZ,YAAY;qBACb,CAAC,CAAC;gBACL,CAAC,CAAC,CAAC;gBACH,OAAO;YACT,CAAC;YAED,yEAAyE;YACzE,IAAI,CAAC;gBACH,2DAA2D;gBAC3D,MAAM,QAAQ,GAAG,MAAM,CAAC,OAAO,CAAC,mBAAmB,CAAC,CAAC;gBACrD,MAAM,MAAM,GAAG,MAAM,CAAC,OAAO,CAAC,iBAAiB,CAAC,CAAC;gBAEjD,IAAI,QAAgB,CAAC;gBACrB,IAAI,QAAQ,KAAK,CAAC,CAAC,IAAI,MAAM,KAAK,CAAC,CAAC,IAAI,MAAM,GAAG,QAAQ,EAAE,CAAC;oBAC1D,QAAQ,GAAG,MAAM;yBACd,KAAK,CAAC,QAAQ,GAAG,mBAAmB,CAAC,MAAM,EAAE,MAAM,CAAC;yBACpD,IAAI,EAAE,CAAC;gBACZ,CAAC;qBAAM,CAAC;oBACN,0DAA0D;oBAC1D,MAAM,KAAK,GAAG,MAAM,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;oBACxC,QAAQ,GAAG,KAAK,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;gBACrC,CAAC;gBAED,MAAM,MAAM,GAAoB,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC;gBAErD,MAAM,CAAC,IAAI,CACT;oBACE,KAAK,EAAE,KAAK,CAAC,IAAI;oBACjB,QAAQ;oBACR,MAAM,EAAE,MAAM,CAAC,MAAM;oBACrB,SAAS,EAAE,CAAC,CAAC,MAAM,CAAC,MAAM;iBAC3B,EACD,qBAAqB,CACtB,CAAC;gBAEF,OAAO,CAAC,MAAM,CAAC,CAAC;YAClB,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,MAAM,CAAC,KAAK,CACV;oBACE,KAAK,EAAE,KAAK,CAAC,IAAI;oBACjB,MAAM;oBACN,MAAM;oBACN,KAAK,EAAE,GAAG;iBACX,EACD,kCAAkC,CACnC,CAAC;gBAEF,OAAO,CAAC;oBACN,MAAM,EAAE,OAAO;oBACf,MAAM,EAAE,IAAI;oBACZ,KAAK,EAAE,qCAAqC,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE;iBAC/F,CAAC,CAAC;YACL,CAAC;QACH,CAAC,CAAC,CAAC;QAEH,SAAS,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,GAAG,EAAE,EAAE;YAC5B,YAAY,CAAC,OAAO,CAAC,CAAC;YACtB,MAAM,CAAC,KAAK,CACV,EAAE,KAAK,EAAE,KAAK,CAAC,IAAI,EAAE,aAAa,EAAE,KAAK,EAAE,GAAG,EAAE,EAChD,uBAAuB,CACxB,CAAC;YACF,OAAO,CAAC;gBACN,MAAM,EAAE,OAAO;gBACf,MAAM,EAAE,IAAI;gBACZ,KAAK,EAAE,0BAA0B,GAAG,CAAC,OAAO,EAAE;aAC/C,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;AACL,CAAC;AAED,MAAM,UAAU,kBAAkB,CAChC,WAAmB,EACnB,MAAe,EACf,KAQE;IAEF,oDAAoD;IACpD,MAAM,WAAW,GAAG,mBAAmB,CAAC,WAAW,CAAC,CAAC;IACrD,EAAE,CAAC,SAAS,CAAC,WAAW,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IAE/C,iDAAiD;IACjD,MAAM,aAAa,GAAG,MAAM;QAC1B,CAAC,CAAC,KAAK;QACP,CAAC,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,WAAW,KAAK,WAAW,CAAC,CAAC;IAEvD,MAAM,SAAS,GAAG,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,oBAAoB,CAAC,CAAC;IAC/D,EAAE,CAAC,aAAa,CAAC,SAAS,EAAE,IAAI,CAAC,SAAS,CAAC,aAAa,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;AACtE,CAAC;AASD;;;;GAIG;AACH,MAAM,UAAU,mBAAmB,CACjC,WAAmB,EACnB,MAAe,EACf,MAAwB,EACxB,cAA2B;IAE3B,MAAM,WAAW,GAAG,mBAAmB,CAAC,WAAW,CAAC,CAAC;IACrD,EAAE,CAAC,SAAS,CAAC,WAAW,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IAE/C,wEAAwE;IACxE,MAAM,aAAa,GAAG,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC;IAE3C,MAAM,UAAU,GAAG,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,uBAAuB,CAAC,CAAC;IACnE,EAAE,CAAC,aAAa,CACd,UAAU,EACV,IAAI,CAAC,SAAS,CACZ;QACE,MAAM,EAAE,aAAa;QACrB,QAAQ,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;KACnC,EACD,IAAI,EACJ,CAAC,CACF,CACF,CAAC;AACJ,CAAC"}

package/dist/container-runner.test.d.ts

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=container-runner.test.d.ts.map

package/dist/container-runner.test.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"container-runner.test.d.ts","sourceRoot":"","sources":["../src/container-runner.test.ts"],"names":[],"mappings":""}

package/dist/container-runner.test.js

@@ -0,0 +1,150 @@
+import { describe, it, expect, beforeEach, vi, afterEach } from 'vitest';
+import { EventEmitter } from 'events';
+import { PassThrough } from 'stream';
+// Sentinel markers must match container-runner.ts
+const OUTPUT_START_MARKER = '---NANOCLAW_OUTPUT_START---';
+const OUTPUT_END_MARKER = '---NANOCLAW_OUTPUT_END---';
+// Mock config
+vi.mock('./config.js', () => ({
+    CONTAINER_IMAGE: 'nanoclaw-agent:latest',
+    CONTAINER_MAX_OUTPUT_SIZE: 10485760,
+    CONTAINER_TIMEOUT: 1800000, // 30min
+    CREDENTIAL_PROXY_PORT: 3001,
+    DATA_DIR: '/tmp/nanoclaw-test-data',
+    GROUPS_DIR: '/tmp/nanoclaw-test-groups',
+    IDLE_TIMEOUT: 1800000, // 30min
+    TIMEZONE: 'America/Los_Angeles',
+}));
+// Mock logger
+vi.mock('./logger.js', () => ({
+    logger: {
+        debug: vi.fn(),
+        info: vi.fn(),
+        warn: vi.fn(),
+        error: vi.fn(),
+    },
+}));
+// Mock fs
+vi.mock('fs', async () => {
+    const actual = await vi.importActual('fs');
+    return {
+        ...actual,
+        default: {
+            ...actual,
+            existsSync: vi.fn(() => false),
+            mkdirSync: vi.fn(),
+            writeFileSync: vi.fn(),
+            readFileSync: vi.fn(() => ''),
+            readdirSync: vi.fn(() => []),
+            statSync: vi.fn(() => ({ isDirectory: () => false })),
+            copyFileSync: vi.fn(),
+        },
+    };
+});
+// Mock mount-security
+vi.mock('./mount-security.js', () => ({
+    validateAdditionalMounts: vi.fn(() => []),
+}));
+// Create a controllable fake ChildProcess
+function createFakeProcess() {
+    const proc = new EventEmitter();
+    proc.stdin = new PassThrough();
+    proc.stdout = new PassThrough();
+    proc.stderr = new PassThrough();
+    proc.kill = vi.fn();
+    proc.pid = 12345;
+    return proc;
+}
+let fakeProc;
+// Mock child_process.spawn
+vi.mock('child_process', async () => {
+    const actual = await vi.importActual('child_process');
+    return {
+        ...actual,
+        spawn: vi.fn(() => fakeProc),
+        exec: vi.fn((_cmd, _opts, cb) => {
+            if (cb)
+                cb(null);
+            return new EventEmitter();
+        }),
+    };
+});
+import { runContainerAgent } from './container-runner.js';
+const testGroup = {
+    name: 'Test Group',
+    folder: 'test-group',
+    trigger: '@Andy',
+    added_at: new Date().toISOString(),
+};
+const testInput = {
+    prompt: 'Hello',
+    groupFolder: 'test-group',
+    chatJid: 'test@g.us',
+    isMain: false,
+};
+function emitOutputMarker(proc, output) {
+    const json = JSON.stringify(output);
+    proc.stdout.push(`${OUTPUT_START_MARKER}\n${json}\n${OUTPUT_END_MARKER}\n`);
+}
+describe('container-runner timeout behavior', () => {
+    beforeEach(() => {
+        vi.useFakeTimers();
+        fakeProc = createFakeProcess();
+    });
+    afterEach(() => {
+        vi.useRealTimers();
+    });
+    it('timeout after output resolves as success', async () => {
+        const onOutput = vi.fn(async () => { });
+        const resultPromise = runContainerAgent(testGroup, testInput, () => { }, onOutput);
+        // Emit output with a result
+        emitOutputMarker(fakeProc, {
+            status: 'success',
+            result: 'Here is my response',
+            newSessionId: 'session-123',
+        });
+        // Let output processing settle
+        await vi.advanceTimersByTimeAsync(10);
+        // Fire the hard timeout (IDLE_TIMEOUT + 30s = 1830000ms)
+        await vi.advanceTimersByTimeAsync(1830000);
+        // Emit close event (as if container was stopped by the timeout)
+        fakeProc.emit('close', 137);
+        // Let the promise resolve
+        await vi.advanceTimersByTimeAsync(10);
+        const result = await resultPromise;
+        expect(result.status).toBe('success');
+        expect(result.newSessionId).toBe('session-123');
+        expect(onOutput).toHaveBeenCalledWith(expect.objectContaining({ result: 'Here is my response' }));
+    });
+    it('timeout with no output resolves as error', async () => {
+        const onOutput = vi.fn(async () => { });
+        const resultPromise = runContainerAgent(testGroup, testInput, () => { }, onOutput);
+        // No output emitted — fire the hard timeout
+        await vi.advanceTimersByTimeAsync(1830000);
+        // Emit close event
+        fakeProc.emit('close', 137);
+        await vi.advanceTimersByTimeAsync(10);
+        const result = await resultPromise;
+        expect(result.status).toBe('error');
+        expect(result.error).toContain('timed out');
+        expect(onOutput).not.toHaveBeenCalled();
+    });
+    it('normal exit after output resolves as success', async () => {
+        const onOutput = vi.fn(async () => { });
+        const resultPromise = runContainerAgent(testGroup, testInput, () => { }, onOutput);
+        // Emit output
+        emitOutputMarker(fakeProc, {
+            status: 'success',
+            result: 'Done',
+            newSessionId: 'session-456',
+        });
+        await vi.advanceTimersByTimeAsync(10);
+        // Normal exit (no timeout)
+        fakeProc.emit('close', 0);
+        await vi.advanceTimersByTimeAsync(10);
+        const result = await resultPromise;
+        expect(result.status).toBe('success');
+        expect(result.newSessionId).toBe('session-456');
+    });
+});
+//# sourceMappingURL=container-runner.test.js.map