@runhalo/engine 0.5.0 → 0.6.0

package/dist/review-board/two-agent-review.js

@@ -0,0 +1,463 @@
+"use strict";
+/**
+ * Sprint 13a Week 2: Two-Agent Review Board Prototype
+ *
+ * Two parallel AI agents review each violation from different perspectives:
+ * - Agent 1 (Regulatory): Legal/compliance risk lens, errs toward confirming
+ * - Agent 2 (Code Context): Code quality lens, errs toward precision
+ *
+ * Consensus logic: Both must agree to dismiss (consensus-to-dismiss).
+ * Cost: 2x single-agent (two parallel API calls), not 3x.
+ *
+ * Guardrail: False dismiss rate must be below 20% on ground truth dataset.
+ * If not achieved in 1.5 days, ship single-agent with calibration protocol.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.resolveConsensus = resolveConsensus;
+exports.buildRegulatorySystemPrompt = buildRegulatorySystemPrompt;
+exports.buildCodeContextSystemPrompt = buildCodeContextSystemPrompt;
+exports.buildViolationPrompt = buildViolationPrompt;
+exports.runTwoAgentReview = runTwoAgentReview;
+exports.scoreConsensusVerdicts = scoreConsensusVerdicts;
+exports.formatAccuracyReport = formatAccuracyReport;
+// ─── Verdict Priority ───────────────────────────────────────────────────────
+// Higher number = higher severity. Used for consensus resolution.
+const VERDICT_PRIORITY = {
+    dismissed: 0,
+    downgraded: 1,
+    confirmed: 2,
+    escalated: 3,
+};
+// ─── Consensus Logic ────────────────────────────────────────────────────────
+/**
+ * Resolve two agent verdicts into a consensus result.
+ *
+ * Rules (consensus-to-dismiss):
+ * 1. Both dismiss → dismissed (high confidence both agree it's FP)
+ * 2. Both confirm → confirmed (high agreement)
+ * 3. Both escalate → escalated
+ * 4. Both downgrade → downgraded
+ * 5. One confirms/escalates, one dismisses → confirmed (safety bias)
+ * 6. One downgrades, one confirms → confirmed at lower confidence
+ * 7. One downgrades, one dismisses → downgraded (middle ground)
+ */
+function resolveConsensus(regulatory, codeContext) {
+    const regPriority = VERDICT_PRIORITY[regulatory.verdict] ?? 2;
+    const codePriority = VERDICT_PRIORITY[codeContext.verdict] ?? 2;
+    let finalVerdict;
+    let finalConfidence;
+    let agreementLevel;
+    let consensusReason;
+    let fpReason;
+    let fpPatternId;
+    if (regulatory.verdict === codeContext.verdict) {
+        // Full agreement
+        finalVerdict = regulatory.verdict;
+        finalConfidence = Math.round((regulatory.confidence + codeContext.confidence) / 2);
+        agreementLevel = 'full';
+        consensusReason = `Both agents agree: ${finalVerdict}`;
+        if (finalVerdict === 'dismissed') {
+            fpReason = regulatory.fpReason || codeContext.fpReason;
+            fpPatternId = regulatory.fpPatternId || codeContext.fpPatternId;
+        }
+    }
+    else if (Math.abs(regPriority - codePriority) === 1) {
+        // Partial agreement (adjacent verdicts)
+        agreementLevel = 'partial';
+        if (regPriority > codePriority) {
+            // Regulatory is stricter → use regulatory verdict (safety bias)
+            finalVerdict = regulatory.verdict;
+            finalConfidence = Math.max(Math.round((regulatory.confidence + codeContext.confidence) / 2) - 1, 1);
+            consensusReason = `Regulatory agent stricter (${regulatory.verdict}) vs code context (${codeContext.verdict}). Safety bias applied.`;
+        }
+        else {
+            // Code context is stricter → use code context verdict
+            finalVerdict = codeContext.verdict;
+            finalConfidence = Math.max(Math.round((regulatory.confidence + codeContext.confidence) / 2) - 1, 1);
+            consensusReason = `Code context agent stricter (${codeContext.verdict}) vs regulatory (${regulatory.verdict}).`;
+        }
+    }
+    else {
+        // Split verdict (non-adjacent, e.g., confirm vs dismiss)
+        agreementLevel = 'split';
+        // Consensus-to-dismiss: if EITHER agent flags concern, confirm
+        if (regPriority >= VERDICT_PRIORITY.confirmed || codePriority >= VERDICT_PRIORITY.confirmed) {
+            finalVerdict = 'confirmed';
+            const confirmer = regPriority >= codePriority ? regulatory : codeContext;
+            finalConfidence = Math.max(confirmer.confidence - 1, 1);
+            consensusReason = `Split verdict: ${regulatory.verdict} (regulatory) vs ${codeContext.verdict} (code). Confirmed per consensus-to-dismiss policy.`;
+        }
+        else {
+            // Both below confirmed (e.g., both downgraded or one dismissed + one downgraded)
+            finalVerdict = regPriority > codePriority ? regulatory.verdict : codeContext.verdict;
+            finalConfidence = Math.round((regulatory.confidence + codeContext.confidence) / 2);
+            consensusReason = `Split verdict resolved to ${finalVerdict}.`;
+        }
+    }
+    return {
+        ruleId: regulatory.ruleId || codeContext.ruleId,
+        finalVerdict,
+        finalConfidence: Math.max(1, Math.min(10, finalConfidence)),
+        regulatoryVerdict: regulatory,
+        codeContextVerdict: codeContext,
+        agreementLevel,
+        consensusReason,
+        fpReason,
+        fpPatternId,
+    };
+}
+// ─── System Prompts ─────────────────────────────────────────────────────────
+/**
+ * Regulatory Compliance Agent system prompt.
+ * Focuses on legal risk, enforcement precedent, statutory requirements.
+ * Bias: Err toward confirming (safety first — missing a real violation is worse).
+ */
+function buildRegulatorySystemPrompt(fpChecklists, repoMetadata) {
+    const ageContext = repoMetadata?.target_age_range
+        ? `The target audience is children aged ${repoMetadata.target_age_range}.`
+        : 'Assume the product may serve children of any age under 18.';
+    return `You are Agent 1 of the Halo Two-Agent Review Board: the REGULATORY COMPLIANCE SPECIALIST.
+
+YOUR ROLE: Evaluate each violation through a legal and regulatory lens. Your priority is CHILD SAFETY. You represent the perspective of a regulator at the FTC Children's Privacy Bureau or the UK ICO.
+
+${ageContext}
+
+== YOUR EVALUATION CRITERIA ==
+
+1. STATUTORY COMPLIANCE: Does this code violate COPPA, AADCA, UK AADC, or EU AI Act requirements as written in the statute?
+2. ENFORCEMENT PRECEDENT: Would the FTC, ICO, or a state AG pursue this pattern based on recent enforcement actions?
+3. CHILD HARM POTENTIAL: Even if technically legal, does this create risk of developmental harm to children?
+4. DATA LIFECYCLE: Does this code handle children's data in a way that creates retention, exposure, or consent gaps?
+
+== DECISION RULES ==
+
+1. Check the FP checklist FIRST. If a pattern clearly matches (vendor code, test file, doc generator) → DISMISS.
+2. If NO FP pattern matches, CONFIRM. A regulator would flag this.
+3. When the violation is technically present but with mitigating factors (framework escaping, admin-only) → DOWNGRADE.
+4. When in doubt, CONFIRM. A missed real violation in a children's product is worse than a false alarm.
+5. You may ONLY dismiss if you can cite a specific FP pattern from the checklist below.
+
+== CRITICAL CONSTRAINTS (Sprint 13b) ==
+- You may ONLY use fpPatternId values that appear in the FP CHECKLISTS below. Do NOT invent new pattern IDs.
+- "admin-internal" is NOT a valid dismiss reason when child/student data (email, name, PII) is being processed.
+- "vendor-library" is NOT a valid dismiss reason when vendor code is bundled in a child-facing production app.
+- "generic-code-pattern" or "generic-boolean-assignment" are NEVER valid dismiss reasons. Evaluate what the code DOES.
+- If a code snippet handles student_email, child data, account management, or personal data → CONFIRM regardless of context.
+- ~60% of violations should be confirmed. If you dismiss >50%, you are being too aggressive.
+
+== CONFIDENCE SCALE (1-10) ==
+
+1-2: Clear false positive (vendor, test, doc generator) → dismiss
+3-4: Likely false positive with specific evidence → dismiss with explanation
+5-6: Ambiguous but with mitigating factors → downgrade
+7-8: Genuine compliance concern → confirm
+9-10: Critical child safety risk, potential enforcement action → confirm/escalate
+
+== FP CHECKLISTS ==
+${fpChecklists}
+
+Respond with ONLY a JSON array. Each element:
+{
+  "ruleId": "string",
+  "verdict": "confirmed" | "downgraded" | "escalated" | "dismissed",
+  "confidence": <1-10>,
+  "reasoning": "2-3 sentences explaining your regulatory assessment",
+  "fpReason": "pattern name if dismissed, null otherwise",
+  "fpPatternId": "pattern ID if dismissed, null otherwise"
+}`;
+}
+/**
+ * Code Context Agent system prompt.
+ * Focuses on code semantics, framework behavior, false positive detection.
+ * Bias: Err toward precision (fewer false positives, more accurate analysis).
+ */
+function buildCodeContextSystemPrompt(fpChecklists, repoMetadata) {
+    const frameworkContext = repoMetadata?.framework
+        ? `The codebase uses ${repoMetadata.framework}. Consider framework-specific behaviors (auto-escaping, middleware, built-in protections).`
+        : '';
+    return `You are Agent 2 of the Halo Two-Agent Review Board: the CODE CONTEXT SPECIALIST.
+
+YOUR ROLE: Evaluate each violation through a software engineering lens. Your priority is ACCURACY. You understand frameworks, libraries, and code patterns deeply. The regex scanner produces ~25% false positives — your job is to distinguish real violations from scanner noise.
+
+${frameworkContext}
+
+== YOUR EVALUATION CRITERIA ==
+
+1. CODE SEMANTICS: Does the flagged code ACTUALLY do what the rule claims? Or did regex match something benign?
+2. FRAMEWORK BEHAVIOR: Does the framework handle this automatically? (e.g., React auto-escaping, Django CSRF)
+3. EXECUTION CONTEXT: Is this code reachable? Dead code, comments, examples, and config should be dismissed.
+4. PATTERN RECOGNITION: Match against known FP patterns. If the pattern clearly matches a checklist item → DISMISS.
+
+== DECISION RULES ==
+
+1. Check the FP checklist FIRST. If a specific pattern matches → DISMISS with the pattern ID.
+2. Analyze the surrounding code context (5 lines before + after). Does the code ACTUALLY implement what the rule flags?
+3. Consider the framework: React JSX auto-escapes, Django templates auto-escape, etc. → DOWNGRADE if framework handles it.
+4. If the code genuinely does what the rule says with no mitigation → CONFIRM.
+5. You may ONLY dismiss if you can cite a specific FP pattern from the checklist below.
+
+== CRITICAL CONSTRAINTS (Sprint 13b) ==
+- You may ONLY use fpPatternId values that appear in the FP CHECKLISTS below. Do NOT invent new pattern IDs like "vendor-library", "generic-boolean-assignment", "auth-token-pattern", or "non-social-media-context".
+- VENDOR CODE RULE: Bundled third-party code (TinyMCE, Chart.js, jQuery plugins) that executes in a child-facing production app IS in scope. Only dismiss vendor code if it is in a separate, non-bundled package.
+- ADMIN CODE RULE: Admin/staff code that processes child data (student emails, account management, enrollment) is compliance-relevant. Do NOT dismiss as "admin-internal".
+- GENERIC CODE RULE: Simple-looking code (boolean assignments, data assignments, function calls) can still be compliance violations. Evaluate what the code DOES in context, not how simple it looks.
+- If no checklist item matches, you MUST confirm or downgrade. Never dismiss without a checklist match.
+- ~60% of violations should be confirmed. If you dismiss >50%, you are being too aggressive.
+
+== PRECISION FOCUS ==
+
+Your value is catching FALSE POSITIVES the regex scanner produces. Key FP categories:
+- Vendor/third-party code that is NOT bundled in the child-facing app
+- Test/fixture/mock code that doesn't run in production
+- Framework auto-mitigations (auto-escaping, CSRF protection)
+- Sanitized inputs (DOMPurify, bleach, htmlspecialchars)
+- Comments, documentation strings, TODO notes
+- Cookie consent implementations (privacy-protective code flagged as violation)
+- Media playback flagged as media capture
+
+IMPORTANT: Do NOT dismiss admin routes or bundled vendor code automatically. These are common false-dismiss triggers.
+
+== CONFIDENCE SCALE (1-10) ==
+
+1-2: Obvious FP (standalone test, comment, doc generator) → dismiss
+3-4: Clear FP pattern match → dismiss
+5-6: Framework mitigates but technically present → downgrade
+7-8: Real issue in production code → confirm
+9-10: Serious vulnerability with no mitigation → confirm/escalate
+
+== FP CHECKLISTS ==
+${fpChecklists}
+
+Respond with ONLY a JSON array. Each element:
+{
+  "ruleId": "string",
+  "verdict": "confirmed" | "downgraded" | "escalated" | "dismissed",
+  "confidence": <1-10>,
+  "reasoning": "2-3 sentences explaining your code analysis",
+  "fpReason": "pattern name if dismissed, null otherwise",
+  "fpPatternId": "pattern ID if dismissed, null otherwise"
+}`;
+}
+// ─── Violation Prompt Builder ───────────────────────────────────────────────
+/**
+ * Build the violation prompt (shared by both agents — same data, different lens).
+ */
+function buildViolationPrompt(violations) {
+    const items = violations.map((v, i) => {
+        const metaFlags = v.fileMetadata
+            ? `Context Flags: isVendor=${v.fileMetadata.isVendor}, isTest=${v.fileMetadata.isTest}, isAdmin=${v.fileMetadata.isAdmin}, isConsent=${v.fileMetadata.isConsent}, isDocGenerator=${v.fileMetadata.isDocGenerator}`
+            : 'Context Flags: not available';
+        const langInfo = v.fileMetadata?.language || v.language || 'unknown';
+        const framework = v.fileMetadata?.detectedFramework || 'unknown';
+        const codeBlock = v.surroundingCode || v.codeSnippet || 'No code available';
+        return `--- Violation ${i + 1} ---
+Rule: ${v.ruleId}${v.ruleName ? ` (${v.ruleName})` : ''}
+Severity: ${v.severity}
+File: ${v.filePath}
+Line: ${v.line}
+Language: ${langInfo}
+Framework: ${framework}
+${metaFlags}
+AST Verdict: ${v.astVerdict || 'regex_only'}
+Context Confidence: ${v.contextConfidence ?? 'N/A'}
+
+Code:
+\`\`\`
+${codeBlock}
+\`\`\`
+
+Message: ${v.message}`;
+    });
+    return `Review these ${violations.length} violation(s).
+
+YOUR PROCESS for each violation:
+1. Check file path and metadata flags FIRST.
+2. Read the code context. Does the code ACTUALLY do what the rule says?
+3. Check the rule-specific FP checklist. Does any pattern match?
+4. Only if no dismissal reason found → CONFIRM.
+
+${items.join('\n\n')}
+
+Respond with ONLY a JSON array. No other text.`;
+}
+async function callAnthropicAPI(systemPrompt, userPrompt, config) {
+    const model = config.model || 'claude-sonnet-4-20250514';
+    const maxTokens = config.maxTokens || 4096;
+    const response = await fetch('https://api.anthropic.com/v1/messages', {
+        method: 'POST',
+        headers: {
+            'Content-Type': 'application/json',
+            'x-api-key': config.anthropicApiKey,
+            'anthropic-version': '2023-06-01',
+        },
+        body: JSON.stringify({
+            model,
+            max_tokens: maxTokens,
+            system: systemPrompt,
+            messages: [{ role: 'user', content: userPrompt }],
+        }),
+    });
+    if (!response.ok) {
+        const errText = await response.text();
+        throw new Error(`Anthropic API error ${response.status}: ${errText}`);
+    }
+    // eslint-disable-next-line @typescript-eslint/no-explicit-any
+    const result = await response.json();
+    const responseText = result.content?.[0]?.text || '[]';
+    let verdicts;
+    try {
+        const cleaned = responseText.replace(/^```json?\n?/i, '').replace(/\n?```$/i, '').trim();
+        verdicts = JSON.parse(cleaned);
+    }
+    catch {
+        throw new Error(`Failed to parse agent response: ${responseText.substring(0, 200)}`);
+    }
+    return {
+        verdicts,
+        inputTokens: result.usage?.input_tokens || 0,
+        outputTokens: result.usage?.output_tokens || 0,
+    };
+}
+/**
+ * Run the two-agent review on a batch of violations.
+ * Both agents run in parallel, then consensus is resolved.
+ */
+async function runTwoAgentReview(violations, fpChecklists, config, repoMetadata) {
+    const startTime = Date.now();
+    const regulatoryPrompt = buildRegulatorySystemPrompt(fpChecklists, repoMetadata);
+    const codeContextPrompt = buildCodeContextSystemPrompt(fpChecklists, repoMetadata);
+    const violationPrompt = buildViolationPrompt(violations);
+    // Run both agents in parallel
+    const [regulatoryResult, codeContextResult] = await Promise.all([
+        callAnthropicAPI(regulatoryPrompt, violationPrompt, config),
+        callAnthropicAPI(codeContextPrompt, violationPrompt, config),
+    ]);
+    // Resolve consensus for each violation
+    const consensusResults = [];
+    for (let i = 0; i < violations.length; i++) {
+        const regVerdict = regulatoryResult.verdicts[i] || {
+            ruleId: violations[i].ruleId,
+            verdict: 'confirmed',
+            confidence: 7,
+            reasoning: 'Regulatory agent could not assess. Defaulting to confirmed.',
+        };
+        const codeVerdict = codeContextResult.verdicts[i] || {
+            ruleId: violations[i].ruleId,
+            verdict: 'confirmed',
+            confidence: 7,
+            reasoning: 'Code context agent could not assess. Defaulting to confirmed.',
+        };
+        consensusResults.push(resolveConsensus(regVerdict, codeVerdict));
+    }
+    // Compute stats
+    const totalInputTokens = regulatoryResult.inputTokens + codeContextResult.inputTokens;
+    const totalOutputTokens = regulatoryResult.outputTokens + codeContextResult.outputTokens;
+    const costUsd = (totalInputTokens * 3.0 / 1000000) + (totalOutputTokens * 15.0 / 1000000);
+    const agreementStats = {
+        full_agreement: consensusResults.filter(r => r.agreementLevel === 'full').length,
+        partial_agreement: consensusResults.filter(r => r.agreementLevel === 'partial').length,
+        split_decisions: consensusResults.filter(r => r.agreementLevel === 'split').length,
+        total: consensusResults.length,
+    };
+    return {
+        consensusResults,
+        regulatoryVerdicts: regulatoryResult.verdicts,
+        codeContextVerdicts: codeContextResult.verdicts,
+        cost: {
+            input_tokens: totalInputTokens,
+            output_tokens: totalOutputTokens,
+            estimated_usd: costUsd,
+        },
+        latency_ms: Date.now() - startTime,
+        agreement_stats: agreementStats,
+    };
+}
+/**
+ * Score two-agent consensus verdicts against ground truth.
+ */
+function scoreConsensusVerdicts(groundTruth, verdicts) {
+    let fpTotal = 0, fpDismissed = 0;
+    let tpTotal = 0, tpFalseDismissed = 0;
+    let confirmedTp = 0, confirmedTotal = 0;
+    let fullAgreement = 0, totalWithVerdicts = 0;
+    const perCategory = {};
+    for (const entry of groundTruth) {
+        const verdict = verdicts.get(entry.id);
+        if (!verdict)
+            continue;
+        totalWithVerdicts++;
+        if (verdict.agreementLevel === 'full')
+            fullAgreement++;
+        const isDismissed = verdict.finalVerdict === 'dismissed';
+        const isConfirmed = verdict.finalVerdict === 'confirmed' || verdict.finalVerdict === 'escalated';
+        if (entry.label === 'fp') {
+            fpTotal++;
+            if (isDismissed)
+                fpDismissed++;
+        }
+        else {
+            tpTotal++;
+            if (isDismissed)
+                tpFalseDismissed++;
+        }
+        if (isConfirmed) {
+            confirmedTotal++;
+            if (entry.label === 'tp')
+                confirmedTp++;
+        }
+        // Per-category tracking
+        const cat = entry.ruleCategory || entry.ruleId;
+        if (!perCategory[cat]) {
+            perCategory[cat] = { total: 0, correct: 0, accuracy: 0 };
+        }
+        perCategory[cat].total++;
+        const correct = (entry.label === 'fp' && isDismissed) || (entry.label === 'tp' && !isDismissed);
+        if (correct)
+            perCategory[cat].correct++;
+    }
+    // Compute per-category accuracy
+    for (const cat of Object.keys(perCategory)) {
+        perCategory[cat].accuracy = perCategory[cat].total > 0
+            ? Math.round((perCategory[cat].correct / perCategory[cat].total) * 1000) / 10
+            : 0;
+    }
+    return {
+        totalEntries: totalWithVerdicts,
+        fpDismissRate: fpTotal > 0 ? Math.round((fpDismissed / fpTotal) * 1000) / 10 : 0,
+        tpFalseDismissRate: tpTotal > 0 ? Math.round((tpFalseDismissed / tpTotal) * 1000) / 10 : 0,
+        precision: confirmedTotal > 0 ? Math.round((confirmedTp / confirmedTotal) * 1000) / 10 : 0,
+        agreementRate: totalWithVerdicts > 0 ? Math.round((fullAgreement / totalWithVerdicts) * 1000) / 10 : 0,
+        perCategory,
+    };
+}
+/**
+ * Format accuracy metrics as a readable report.
+ */
+function formatAccuracyReport(metrics) {
+    const lines = [
+        '═══ Two-Agent Review Board — Accuracy Report ═══',
+        '',
+        `Total entries scored: ${metrics.totalEntries}`,
+        `FP dismiss rate:     ${metrics.fpDismissRate}% (target: >80%)`,
+        `TP false dismiss:    ${metrics.tpFalseDismissRate}% (target: <20%, HARD GATE)`,
+        `Precision:           ${metrics.precision}%`,
+        `Agent agreement:     ${metrics.agreementRate}%`,
+        '',
+        '── Per-Category Breakdown ──',
+    ];
+    const sorted = Object.entries(metrics.perCategory)
+        .sort(([, a], [, b]) => b.total - a.total);
+    for (const [cat, data] of sorted) {
+        lines.push(`  ${cat.padEnd(25)} ${data.correct}/${data.total} (${data.accuracy}%)`);
+    }
+    lines.push('');
+    if (metrics.tpFalseDismissRate >= 20) {
+        lines.push('FAIL: TP false dismiss rate exceeds 20% guardrail.');
+        lines.push('ACTION: Revert to single-agent. Revisit multi-agent in Sprint 13b.');
+    }
+    else {
+        lines.push('PASS: TP false dismiss rate within guardrail.');
+    }
+    return lines.join('\n');
+}
+//# sourceMappingURL=two-agent-review.js.map

package/dist/review-board/two-agent-review.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"two-agent-review.js","sourceRoot":"","sources":["../../src/review-board/two-agent-review.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;GAYG;;AA6EH,4CA0EC;AASD,kEAyDC;AAOD,oEAsEC;AAOD,oDAwCC;AAsFD,8CA6DC;AA8BD,wDA0DC;AAKD,oDA6BC;AA7iBD,+EAA+E;AAC/E,kEAAkE;AAElE,MAAM,gBAAgB,GAA2B;IAC/C,SAAS,EAAE,CAAC;IACZ,UAAU,EAAE,CAAC;IACb,SAAS,EAAE,CAAC;IACZ,SAAS,EAAE,CAAC;CACb,CAAC;AAEF,+EAA+E;AAE/E;;;;;;;;;;;GAWG;AACH,SAAgB,gBAAgB,CAC9B,UAAwB,EACxB,WAAyB;IAEzB,MAAM,WAAW,GAAG,gBAAgB,CAAC,UAAU,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;IAC9D,MAAM,YAAY,GAAG,gBAAgB,CAAC,WAAW,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;IAEhE,IAAI,YAA6C,CAAC;IAClD,IAAI,eAAuB,CAAC;IAC5B,IAAI,cAAiD,CAAC;IACtD,IAAI,eAAuB,CAAC;IAC5B,IAAI,QAA4B,CAAC;IACjC,IAAI,WAA+B,CAAC;IAEpC,IAAI,UAAU,CAAC,OAAO,KAAK,WAAW,CAAC,OAAO,EAAE,CAAC;QAC/C,iBAAiB;QACjB,YAAY,GAAG,UAAU,CAAC,OAAO,CAAC;QAClC,eAAe,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,UAAU,CAAC,UAAU,GAAG,WAAW,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC;QACnF,cAAc,GAAG,MAAM,CAAC;QACxB,eAAe,GAAG,sBAAsB,YAAY,EAAE,CAAC;QACvD,IAAI,YAAY,KAAK,WAAW,EAAE,CAAC;YACjC,QAAQ,GAAG,UAAU,CAAC,QAAQ,IAAI,WAAW,CAAC,QAAQ,CAAC;YACvD,WAAW,GAAG,UAAU,CAAC,WAAW,IAAI,WAAW,CAAC,WAAW,CAAC;QAClE,CAAC;IACH,CAAC;SAAM,IAAI,IAAI,CAAC,GAAG,CAAC,WAAW,GAAG,YAAY,CAAC,KAAK,CAAC,EAAE,CAAC;QACtD,wCAAwC;QACxC,cAAc,GAAG,SAAS,CAAC;QAE3B,IAAI,WAAW,GAAG,YAAY,EAAE,CAAC;YAC/B,gEAAgE;YAChE,YAAY,GAAG,UAAU,CAAC,OAAO,CAAC;YAClC,eAAe,GAAG,IAAI,CAAC,GAAG,CACxB,IAAI,CAAC,KAAK,CAAC,CAAC,UAAU,CAAC,UAAU,GAAG,WAAW,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,EACpE,CAAC,CACF,CAAC;YACF,eAAe,GAAG,8BAA8B,UAAU,CAAC,OAAO,sBAAsB,WAAW,CAAC,OAAO,yBAAyB,CAAC;QACvI,CAAC;aAAM,CAAC;YACN,sDAAsD;YACtD,YAAY,GAAG,WAAW,CAAC,OAAO,CAAC;YACnC,eAAe,GAAG,IAAI,CAAC,GAAG,CACxB,IAAI,CAAC,KAAK,CAAC,CAAC,UAAU,CAAC,UAAU,GAAG,WAAW,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,EACpE,CAAC,CACF,CAAC;YACF,eAAe,GAAG,gCAAgC,WAAW,CAAC,OAAO,oBAAoB,UAAU,CAAC,OAAO,IAAI,CAAC;QAClH,CAAC;IACH,CAAC;SAAM,CAAC;QACN,yDAAyD;QACzD,cAAc,GAAG,OAAO,CAAC;QAEzB,+DAA+D;QAC/D,IAAI,WAAW,IAAI,gBAAgB,CAAC,SAAS,IAAI,YAAY,IAAI,gBAAgB,CAAC,SAAS,EAAE,CAAC;YAC5F,YAAY,GAAG,WAAW,CAAC;YAC3B,MAAM,SAAS,GAAG,WAAW,IAAI,YAAY,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,WAAW,CAAC;YACzE,eAAe,GAAG,IAAI,CAAC,GAAG,CAAC,SAAS,CAAC,UAAU,GAAG,CAAC,EAAE,CAAC,CAAC,CAAC;YACxD,eAAe,GAAG,kBAAkB,UAAU,CAAC,OAAO,oBAAoB,WAAW,CAAC,OAAO,qDAAqD,CAAC;QACrJ,CAAC;aAAM,CAAC;YACN,iFAAiF;YACjF,YAAY,GAAG,WAAW,GAAG,YAAY,CAAC,CAAC,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC,CAAC,WAAW,CAAC,OAAO,CAAC;YACrF,eAAe,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,UAAU,CAAC,UAAU,GAAG,WAAW,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC;YACnF,eAAe,GAAG,6BAA6B,YAAY,GAAG,CAAC;QACjE,CAAC;IACH,CAAC;IAED,OAAO;QACL,MAAM,EAAE,UAAU,CAAC,MAAM,IAAI,WAAW,CAAC,MAAM;QAC/C,YAAY;QACZ,eAAe,EAAE,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,eAAe,CAAC,CAAC;QAC3D,iBAAiB,EAAE,UAAU;QAC7B,kBAAkB,EAAE,WAAW;QAC/B,cAAc;QACd,eAAe;QACf,QAAQ;QACR,WAAW;KACZ,CAAC;AACJ,CAAC;AAED,+EAA+E;AAE/E;;;;GAIG;AACH,SAAgB,2BAA2B,CACzC,YAAoB,EACpB,YAAgE;IAEhE,MAAM,UAAU,GAAG,YAAY,EAAE,gBAAgB;QAC/C,CAAC,CAAC,wCAAwC,YAAY,CAAC,gBAAgB,GAAG;QAC1E,CAAC,CAAC,4DAA4D,CAAC;IAEjE,OAAO;;;;EAIP,UAAU;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAkCV,YAAY;;;;;;;;;;EAUZ,CAAC;AACH,CAAC;AAED;;;;GAIG;AACH,SAAgB,4BAA4B,CAC1C,YAAoB,EACpB,YAAgE;IAEhE,MAAM,gBAAgB,GAAG,YAAY,EAAE,SAAS;QAC9C,CAAC,CAAC,qBAAqB,YAAY,CAAC,SAAS,4FAA4F;QACzI,CAAC,CAAC,EAAE,CAAC;IAEP,OAAO;;;;EAIP,gBAAgB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EA+ChB,YAAY;;;;;;;;;;EAUZ,CAAC;AACH,CAAC;AAED,+EAA+E;AAE/E;;GAEG;AACH,SAAgB,oBAAoB,CAAC,UAA4B;IAC/D,MAAM,KAAK,GAAG,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE;QACpC,MAAM,SAAS,GAAG,CAAC,CAAC,YAAY;YAC9B,CAAC,CAAC,2BAA2B,CAAC,CAAC,YAAY,CAAC,QAAQ,YAAY,CAAC,CAAC,YAAY,CAAC,MAAM,aAAa,CAAC,CAAC,YAAY,CAAC,OAAO,eAAe,CAAC,CAAC,YAAY,CAAC,SAAS,oBAAoB,CAAC,CAAC,YAAY,CAAC,cAAc,EAAE;YAClN,CAAC,CAAC,8BAA8B,CAAC;QAEnC,MAAM,QAAQ,GAAG,CAAC,CAAC,YAAY,EAAE,QAAQ,IAAI,CAAC,CAAC,QAAQ,IAAI,SAAS,CAAC;QACrE,MAAM,SAAS,GAAG,CAAC,CAAC,YAAY,EAAE,iBAAiB,IAAI,SAAS,CAAC;QACjE,MAAM,SAAS,GAAG,CAAC,CAAC,eAAe,IAAI,CAAC,CAAC,WAAW,IAAI,mBAAmB,CAAC;QAE5E,OAAO,iBAAiB,CAAC,GAAG,CAAC;QACzB,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,QAAQ,GAAG,CAAC,CAAC,CAAC,EAAE;YAC3C,CAAC,CAAC,QAAQ;QACd,CAAC,CAAC,QAAQ;QACV,CAAC,CAAC,IAAI;YACF,QAAQ;aACP,SAAS;EACpB,SAAS;eACI,CAAC,CAAC,UAAU,IAAI,YAAY;sBACrB,CAAC,CAAC,iBAAiB,IAAI,KAAK;;;;EAIhD,SAAS;;;WAGA,CAAC,CAAC,OAAO,EAAE,CAAC;IACrB,CAAC,CAAC,CAAC;IAEH,OAAO,gBAAgB,UAAU,CAAC,MAAM;;;;;;;;EAQxC,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC;;+CAE2B,CAAC;AAChD,CAAC;AAeD,KAAK,UAAU,gBAAgB,CAC7B,YAAoB,EACpB,UAAkB,EAClB,MAAsB;IAEtB,MAAM,KAAK,GAAG,MAAM,CAAC,KAAK,IAAI,0BAA0B,CAAC;IACzD,MAAM,SAAS,GAAG,MAAM,CAAC,SAAS,IAAI,IAAI,CAAC;IAE3C,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,uCAAuC,EAAE;QACpE,MAAM,EAAE,MAAM;QACd,OAAO,EAAE;YACP,cAAc,EAAE,kBAAkB;YAClC,WAAW,EAAE,MAAM,CAAC,eAAe;YACnC,mBAAmB,EAAE,YAAY;SAClC;QACD,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;YACnB,KAAK;YACL,UAAU,EAAE,SAAS;YACrB,MAAM,EAAE,YAAY;YACpB,QAAQ,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,UAAU,EAAE,CAAuB;SACxE,CAAC;KACH,CAAC,CAAC;IAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;QACjB,MAAM,OAAO,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;QACtC,MAAM,IAAI,KAAK,CAAC,uBAAuB,QAAQ,CAAC,MAAM,KAAK,OAAO,EAAE,CAAC,CAAC;IACxE,CAAC;IAED,8DAA8D;IAC9D,MAAM,MAAM,GAAQ,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;IAC1C,MAAM,YAAY,GAAG,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC,EAAE,IAAI,IAAI,IAAI,CAAC;IAEvD,IAAI,QAAwB,CAAC;IAC7B,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,YAAY,CAAC,OAAO,CAAC,eAAe,EAAE,EAAE,CAAC,CAAC,OAAO,CAAC,UAAU,EAAE,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;QACzF,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;IACjC,CAAC;IAAC,MAAM,CAAC;QACP,MAAM,IAAI,KAAK,CAAC,mCAAmC,YAAY,CAAC,SAAS,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE,CAAC,CAAC;IACvF,CAAC;IAED,OAAO;QACL,QAAQ;QACR,WAAW,EAAE,MAAM,CAAC,KAAK,EAAE,YAAY,IAAI,CAAC;QAC5C,YAAY,EAAE,MAAM,CAAC,KAAK,EAAE,aAAa,IAAI,CAAC;KAC/C,CAAC;AACJ,CAAC;AAsBD;;;GAGG;AACI,KAAK,UAAU,iBAAiB,CACrC,UAA4B,EAC5B,YAAoB,EACpB,MAAsB,EACtB,YAAgE;IAEhE,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IAE7B,MAAM,gBAAgB,GAAG,2BAA2B,CAAC,YAAY,EAAE,YAAY,CAAC,CAAC;IACjF,MAAM,iBAAiB,GAAG,4BAA4B,CAAC,YAAY,EAAE,YAAY,CAAC,CAAC;IACnF,MAAM,eAAe,GAAG,oBAAoB,CAAC,UAAU,CAAC,CAAC;IAEzD,8BAA8B;IAC9B,MAAM,CAAC,gBAAgB,EAAE,iBAAiB,CAAC,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC;QAC9D,gBAAgB,CAAC,gBAAgB,EAAE,eAAe,EAAE,MAAM,CAAC;QAC3D,gBAAgB,CAAC,iBAAiB,EAAE,eAAe,EAAE,MAAM,CAAC;KAC7D,CAAC,CAAC;IAEH,uCAAuC;IACvC,MAAM,gBAAgB,GAAsB,EAAE,CAAC;IAC/C,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,UAAU,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QAC3C,MAAM,UAAU,GAAG,gBAAgB,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI;YACjD,MAAM,EAAE,UAAU,CAAC,CAAC,CAAC,CAAC,MAAM;YAC5B,OAAO,EAAE,WAAoB;YAC7B,UAAU,EAAE,CAAC;YACb,SAAS,EAAE,6DAA6D;SACzE,CAAC;QACF,MAAM,WAAW,GAAG,iBAAiB,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI;YACnD,MAAM,EAAE,UAAU,CAAC,CAAC,CAAC,CAAC,MAAM;YAC5B,OAAO,EAAE,WAAoB;YAC7B,UAAU,EAAE,CAAC;YACb,SAAS,EAAE,+DAA+D;SAC3E,CAAC;QAEF,gBAAgB,CAAC,IAAI,CAAC,gBAAgB,CAAC,UAAU,EAAE,WAAW,CAAC,CAAC,CAAC;IACnE,CAAC;IAED,gBAAgB;IAChB,MAAM,gBAAgB,GAAG,gBAAgB,CAAC,WAAW,GAAG,iBAAiB,CAAC,WAAW,CAAC;IACtF,MAAM,iBAAiB,GAAG,gBAAgB,CAAC,YAAY,GAAG,iBAAiB,CAAC,YAAY,CAAC;IACzF,MAAM,OAAO,GAAG,CAAC,gBAAgB,GAAG,GAAG,GAAG,OAAS,CAAC,GAAG,CAAC,iBAAiB,GAAG,IAAI,GAAG,OAAS,CAAC,CAAC;IAE9F,MAAM,cAAc,GAAG;QACrB,cAAc,EAAE,gBAAgB,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,cAAc,KAAK,MAAM,CAAC,CAAC,MAAM;QAChF,iBAAiB,EAAE,gBAAgB,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,cAAc,KAAK,SAAS,CAAC,CAAC,MAAM;QACtF,eAAe,EAAE,gBAAgB,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,cAAc,KAAK,OAAO,CAAC,CAAC,MAAM;QAClF,KAAK,EAAE,gBAAgB,CAAC,MAAM;KAC/B,CAAC;IAEF,OAAO;QACL,gBAAgB;QAChB,kBAAkB,EAAE,gBAAgB,CAAC,QAAQ;QAC7C,mBAAmB,EAAE,iBAAiB,CAAC,QAAQ;QAC/C,IAAI,EAAE;YACJ,YAAY,EAAE,gBAAgB;YAC9B,aAAa,EAAE,iBAAiB;YAChC,aAAa,EAAE,OAAO;SACvB;QACD,UAAU,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS;QAClC,eAAe,EAAE,cAAc;KAChC,CAAC;AACJ,CAAC;AA2BD;;GAEG;AACH,SAAgB,sBAAsB,CACpC,WAA+B,EAC/B,QAAsC;IAEtC,IAAI,OAAO,GAAG,CAAC,EAAE,WAAW,GAAG,CAAC,CAAC;IACjC,IAAI,OAAO,GAAG,CAAC,EAAE,gBAAgB,GAAG,CAAC,CAAC;IACtC,IAAI,WAAW,GAAG,CAAC,EAAE,cAAc,GAAG,CAAC,CAAC;IACxC,IAAI,aAAa,GAAG,CAAC,EAAE,iBAAiB,GAAG,CAAC,CAAC;IAC7C,MAAM,WAAW,GAAmC,EAAE,CAAC;IAEvD,KAAK,MAAM,KAAK,IAAI,WAAW,EAAE,CAAC;QAChC,MAAM,OAAO,GAAG,QAAQ,CAAC,GAAG,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;QACvC,IAAI,CAAC,OAAO;YAAE,SAAS;QACvB,iBAAiB,EAAE,CAAC;QAEpB,IAAI,OAAO,CAAC,cAAc,KAAK,MAAM;YAAE,aAAa,EAAE,CAAC;QAEvD,MAAM,WAAW,GAAG,OAAO,CAAC,YAAY,KAAK,WAAW,CAAC;QACzD,MAAM,WAAW,GAAG,OAAO,CAAC,YAAY,KAAK,WAAW,IAAI,OAAO,CAAC,YAAY,KAAK,WAAW,CAAC;QAEjG,IAAI,KAAK,CAAC,KAAK,KAAK,IAAI,EAAE,CAAC;YACzB,OAAO,EAAE,CAAC;YACV,IAAI,WAAW;gBAAE,WAAW,EAAE,CAAC;QACjC,CAAC;aAAM,CAAC;YACN,OAAO,EAAE,CAAC;YACV,IAAI,WAAW;gBAAE,gBAAgB,EAAE,CAAC;QACtC,CAAC;QAED,IAAI,WAAW,EAAE,CAAC;YAChB,cAAc,EAAE,CAAC;YACjB,IAAI,KAAK,CAAC,KAAK,KAAK,IAAI;gBAAE,WAAW,EAAE,CAAC;QAC1C,CAAC;QAED,wBAAwB;QACxB,MAAM,GAAG,GAAG,KAAK,CAAC,YAAY,IAAI,KAAK,CAAC,MAAM,CAAC;QAC/C,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,EAAE,CAAC;YACtB,WAAW,CAAC,GAAG,CAAC,GAAG,EAAE,KAAK,EAAE,CAAC,EAAE,OAAO,EAAE,CAAC,EAAE,QAAQ,EAAE,CAAC,EAAE,CAAC;QAC3D,CAAC;QACD,WAAW,CAAC,GAAG,CAAC,CAAC,KAAK,EAAE,CAAC;QACzB,MAAM,OAAO,GAAG,CAAC,KAAK,CAAC,KAAK,KAAK,IAAI,IAAI,WAAW,CAAC,IAAI,CAAC,KAAK,CAAC,KAAK,KAAK,IAAI,IAAI,CAAC,WAAW,CAAC,CAAC;QAChG,IAAI,OAAO;YAAE,WAAW,CAAC,GAAG,CAAC,CAAC,OAAO,EAAE,CAAC;IAC1C,CAAC;IAED,gCAAgC;IAChC,KAAK,MAAM,GAAG,IAAI,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,CAAC;QAC3C,WAAW,CAAC,GAAG,CAAC,CAAC,QAAQ,GAAG,WAAW,CAAC,GAAG,CAAC,CAAC,KAAK,GAAG,CAAC;YACpD,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC,OAAO,GAAG,WAAW,CAAC,GAAG,CAAC,CAAC,KAAK,CAAC,GAAG,IAAI,CAAC,GAAG,EAAE;YAC7E,CAAC,CAAC,CAAC,CAAC;IACR,CAAC;IAED,OAAO;QACL,YAAY,EAAE,iBAAiB;QAC/B,aAAa,EAAE,OAAO,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,WAAW,GAAG,OAAO,CAAC,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC,CAAC;QAChF,kBAAkB,EAAE,OAAO,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,gBAAgB,GAAG,OAAO,CAAC,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC,CAAC;QAC1F,SAAS,EAAE,cAAc,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,WAAW,GAAG,cAAc,CAAC,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC,CAAC;QAC1F,aAAa,EAAE,iBAAiB,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,aAAa,GAAG,iBAAiB,CAAC,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC,CAAC;QACtG,WAAW;KACZ,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,SAAgB,oBAAoB,CAAC,OAAwB;IAC3D,MAAM,KAAK,GAAa;QACtB,kDAAkD;QAClD,EAAE;QACF,yBAAyB,OAAO,CAAC,YAAY,EAAE;QAC/C,wBAAwB,OAAO,CAAC,aAAa,kBAAkB;QAC/D,wBAAwB,OAAO,CAAC,kBAAkB,6BAA6B;QAC/E,wBAAwB,OAAO,CAAC,SAAS,GAAG;QAC5C,wBAAwB,OAAO,CAAC,aAAa,GAAG;QAChD,EAAE;QACF,8BAA8B;KAC/B,CAAC;IAEF,MAAM,MAAM,GAAG,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,WAAW,CAAC;SAC/C,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC;IAE7C,KAAK,MAAM,CAAC,GAAG,EAAE,IAAI,CAAC,IAAI,MAAM,EAAE,CAAC;QACjC,KAAK,CAAC,IAAI,CAAC,KAAK,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,IAAI,IAAI,CAAC,OAAO,IAAI,IAAI,CAAC,KAAK,KAAK,IAAI,CAAC,QAAQ,IAAI,CAAC,CAAC;IACtF,CAAC;IAED,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACf,IAAI,OAAO,CAAC,kBAAkB,IAAI,EAAE,EAAE,CAAC;QACrC,KAAK,CAAC,IAAI,CAAC,oDAAoD,CAAC,CAAC;QACjE,KAAK,CAAC,IAAI,CAAC,oEAAoE,CAAC,CAAC;IACnF,CAAC;SAAM,CAAC;QACN,KAAK,CAAC,IAAI,CAAC,+CAA+C,CAAC,CAAC;IAC9D,CAAC;IAED,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC1B,CAAC"}

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@runhalo/engine",
-  "version": "0.5.0",
-  "description": "Halo rule engine — child online safety compliance detection with tree-sitter AST analysis. 114 rules across 10 jurisdictions including COPPA, UK AADC, EU DSA, EU AI Act, and more.",
+  "version": "0.6.0",
+  "description": "Halo rule engine — child online safety compliance detection. 130 rules across 10 packs covering COPPA, UK AADC, EU DSA, EU AI Act, and more.",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",
   "files": [
@@ -37,6 +37,9 @@
   },
   "author": "Mindful Media <hello@mindfulmedia.org> (https://mindfulmedia.org)",
   "license": "Apache-2.0",
+  "publishConfig": {
+    "access": "public"
+  },
   "dependencies": {
     "glob": "^10.3.10",
     "js-yaml": "^3.14.2",

package/rules/coppa-tier-1.yaml

@@ -13,7 +13,7 @@ rules:
       name: Unverified Social Login Providers
       coppaSection: "§ 312.5 (Parental Consent) & COPPA 2.0 § 312.11 (Mixed Audience)"
       severity: critical
-      penaltyRange: "$51,744 per violation"
+      penaltyRange: "$53,088 per violation"
       languages:
         - typescript
         - javascript
@@ -46,7 +46,7 @@ rules:
       name: Sensitive Data in GET Requests
       coppaSection: "§ 312.2 (Definitions - Personal Information)"
       severity: high
-      penaltyRange: "$51,744 per violation"
+      penaltyRange: "$53,088 per violation"
       languages:
         - typescript
         - javascript
@@ -80,7 +80,7 @@ rules:
       name: Restricted Third-Party Ad Trackers
       coppaSection: "§ 312.2 (Definitions - Support for Internal Operations) - COPPA 2.0 Focus"
       severity: critical
-      penaltyRange: "$51,744 per violation"
+      penaltyRange: "$53,088 per violation"
       languages:
         - typescript
         - javascript
@@ -123,7 +123,7 @@ rules:
       name: Precise Geolocation Without Parental Consent
       coppaSection: "§ 312.2 (Personal Information)"
       severity: high
-      penaltyRange: "$51,744 per violation"
+      penaltyRange: "$53,088 per violation"
       languages:
         - typescript
         - javascript
@@ -159,18 +159,23 @@ rules:
 
   # ============================================
   # 5. coppa-retention-005: Missing Data Retention Policy
+  # Updated: 2026-03-12 — COPPA 2025 final rule explicitly
+  # prohibits indefinite retention (§ 312.10)
   # ============================================
   - metadata:
       id: coppa-retention-005
       name: Missing Data Retention Policy in Database Schemas
-      coppaSection: "§ 312.10 (Data Retention and Deletion) - COPPA 2.0 Focus"
+      coppaSection: "§ 312.10 (Data Retention and Deletion) - COPPA 2025 Final Rule"
       severity: medium
-      penaltyRange: "Regulatory scrutiny / Audit failure"
+      penaltyRange: "$53,088 per violation (indefinite retention prohibition)"
       languages:
         - typescript
         - javascript
         - python
         - sql
+        - go
+        - java
+        - kotlin
       falsePositiveRisk: high
     patterns:
       - regex:
@@ -186,17 +191,19 @@ rules:
           pattern: "class\\s+\\w+.*extends\\s+Model(?!.*deletedAt)"
           flags: "g"
     autoFix:
-      description: "Add TTL index or expiration field to schema"
+      description: "Add explicit retention period, TTL index, and deletion mechanism per COPPA 2025 § 312.10"
       replacement: |
-        // Mongoose - Add TTL index
+        // Mongoose - Add TTL index with explicit retention period
         new Schema({
           createdAt: { type: Date, expires: '365d' },
+          retentionDays: { type: Number, default: 365 },
           email: String
         });
-        
-        // Sequelize - Add deletedAt
+
+        // Sequelize - Add deletedAt with retention config
         sequelize.define('User', {
           deletedAt: { type: DataTypes.DATE },
+          retentionDays: { type: DataTypes.INTEGER, defaultValue: 365 },
           // ... other fields
         }, {
           paranoid: true