@tangle-network/agent-app 0.1.5 → 0.1.7

package/dist/chunk-KWHLTXLE.js

@@ -0,0 +1,95 @@
+// src/redact/index.ts
+var DEFAULT_REDACTION_PATTERNS = [
+  { kind: "ssn", pattern: /\d{3}-\d{2}-\d{4}/ },
+  { kind: "ein", pattern: /\d{2}-\d{7}/ }
+];
+var SENSITIVE_KEYS = /* @__PURE__ */ new Set([
+  "ssn",
+  "ein",
+  "password",
+  "apikey",
+  "token",
+  "secret",
+  "authorization",
+  "email",
+  "phone"
+]);
+function redactString(value, patterns) {
+  for (const { kind, pattern } of patterns) {
+    if (pattern.test(value)) return `[REDACTED:${kind}]`;
+  }
+  return value;
+}
+function isPlainObject(value) {
+  if (value === null || typeof value !== "object") return false;
+  const proto = Object.getPrototypeOf(value);
+  return proto === Object.prototype || proto === null;
+}
+function redactForIngestion(value, options = {}) {
+  const patterns = options.extraPatterns ? [...DEFAULT_REDACTION_PATTERNS, ...options.extraPatterns] : DEFAULT_REDACTION_PATTERNS;
+  const walk = (v) => {
+    if (typeof v === "string") return redactString(v, patterns);
+    if (Array.isArray(v)) return v.map(walk);
+    if (isPlainObject(v)) {
+      const out = {};
+      for (const [k, val] of Object.entries(v)) {
+        out[k] = SENSITIVE_KEYS.has(k.toLowerCase()) ? "[REDACTED:field]" : walk(val);
+      }
+      return out;
+    }
+    return v;
+  };
+  return walk(value);
+}
+function detectSpans(text, patterns = DEFAULT_REDACTION_PATTERNS) {
+  const raw = [];
+  for (const { kind, pattern } of patterns) {
+    const g = new RegExp(pattern.source, pattern.flags.includes("g") ? pattern.flags : `${pattern.flags}g`);
+    for (const m of text.matchAll(g)) {
+      if (m.index === void 0 || m[0].length === 0) continue;
+      raw.push({ kind, start: m.index, end: m.index + m[0].length, text: m[0] });
+    }
+  }
+  raw.sort((a, b) => a.start - b.start || b.end - a.end);
+  const spans = [];
+  let cursor = -1;
+  let i = 0;
+  for (const s of raw) {
+    if (s.start < cursor) continue;
+    spans.push({ id: `span-${i++}`, ...s });
+    cursor = s.end;
+  }
+  return spans;
+}
+async function buildRedactedDocument(text, options) {
+  const spans = detectSpans(text, options.patterns);
+  const segments = [];
+  let pos = 0;
+  for (const span of spans) {
+    if (span.start > pos) segments.push({ type: "text", text: text.slice(pos, span.start) });
+    segments.push({ type: "redacted", id: span.id, kind: span.kind, cipher: await options.encrypt(span.text) });
+    pos = span.end;
+  }
+  if (pos < text.length) segments.push({ type: "text", text: text.slice(pos) });
+  return { segments };
+}
+async function revealSpan(doc, spanId, options) {
+  const seg = doc.segments.find(
+    (s) => s.type === "redacted" && s.id === spanId
+  );
+  if (!seg) return { ok: false, reason: "not_found" };
+  const allowed = await options.canReveal({ id: seg.id, kind: seg.kind });
+  if (!allowed) return { ok: false, reason: "forbidden" };
+  const value = await options.decrypt(seg.cipher);
+  if (options.onReveal) await options.onReveal({ id: seg.id, kind: seg.kind });
+  return { ok: true, value };
+}
+
+export {
+  DEFAULT_REDACTION_PATTERNS,
+  redactForIngestion,
+  detectSpans,
+  buildRedactedDocument,
+  revealSpan
+};
+//# sourceMappingURL=chunk-KWHLTXLE.js.map

package/dist/chunk-KWHLTXLE.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../src/redact/index.ts"],"sourcesContent":["/**\n * PII redaction — two complementary modes.\n *\n * 1. ONE-WAY scrub (`redactForIngestion`): for production trace payloads. Tool\n *    args + results (and once, the LLM span's prompt) cross the wire into the\n *    ingestion store, which also feeds the analyst-loop's LLM prompts, so\n *    personal identifiers MUST be stripped before they leave the request path.\n *    Destructive — the original is gone, replaced by a sentinel.\n *\n * 2. REVERSIBLE redaction (`buildRedactedDocument` / `revealSpan`): for the UI.\n *    A document is split into text + redacted segments; each redacted original\n *    is kept ENCRYPTED (via a caller-supplied `encrypt` seam → `agent-app/crypto`)\n *    so a viewer can reveal a single span on demand, gated by an authorization\n *    callback and an audit hook. The mask is presentation; the original is\n *    recoverable by an authorized reveal, not lost.\n *\n * Discipline: cheap deterministic string patterns + well-known sensitive object\n * keys (value replaced, key kept, so the shape stays debuggable); recurse arrays\n * + plain objects only; NEVER throw on the one-way path.\n */\n\n/** A named PII pattern. `pattern` is matched case-insensitively at the string\n *  level; keep it non-global (global instances are derived where needed). */\nexport interface RedactionPattern {\n  kind: string\n  pattern: RegExp\n}\n\n/** The default deterministic patterns. Extend via the `extraPatterns` /\n *  `patterns` options rather than forking this module (the seam that lets a\n *  product add e.g. a credit-card matcher without a local copy). */\nexport const DEFAULT_REDACTION_PATTERNS: readonly RedactionPattern[] = [\n  { kind: 'ssn', pattern: /\\d{3}-\\d{2}-\\d{4}/ },\n  { kind: 'ein', pattern: /\\d{2}-\\d{7}/ },\n]\n\nconst SENSITIVE_KEYS = new Set([\n  'ssn',\n  'ein',\n  'password',\n  'apikey',\n  'token',\n  'secret',\n  'authorization',\n  'email',\n  'phone',\n])\n\nexport interface RedactForIngestionOptions {\n  /** Extra patterns appended to {@link DEFAULT_REDACTION_PATTERNS} for the\n   *  string-level scrub (e.g. credit-card). Additive — defaults still apply. */\n  extraPatterns?: readonly RedactionPattern[]\n}\n\nfunction redactString(value: string, patterns: readonly RedactionPattern[]): string {\n  for (const { kind, pattern } of patterns) {\n    if (pattern.test(value)) return `[REDACTED:${kind}]`\n  }\n  return value\n}\n\nfunction isPlainObject(value: unknown): value is Record<string, unknown> {\n  if (value === null || typeof value !== 'object') return false\n  const proto = Object.getPrototypeOf(value)\n  return proto === Object.prototype || proto === null\n}\n\n/**\n * One-way PII scrub for telemetry/ingestion. Backward-compatible: called with no\n * options it behaves exactly as before (SSN/EIN strings + sensitive object keys\n * → sentinels). `extraPatterns` lets a product add matchers (e.g. credit-card)\n * without forking this module.\n */\nexport function redactForIngestion(value: unknown, options: RedactForIngestionOptions = {}): unknown {\n  const patterns = options.extraPatterns\n    ? [...DEFAULT_REDACTION_PATTERNS, ...options.extraPatterns]\n    : DEFAULT_REDACTION_PATTERNS\n  const walk = (v: unknown): unknown => {\n    if (typeof v === 'string') return redactString(v, patterns)\n    if (Array.isArray(v)) return v.map(walk)\n    if (isPlainObject(v)) {\n      const out: Record<string, unknown> = {}\n      for (const [k, val] of Object.entries(v)) {\n        out[k] = SENSITIVE_KEYS.has(k.toLowerCase()) ? '[REDACTED:field]' : walk(val)\n      }\n      return out\n    }\n    return v\n  }\n  return walk(value)\n}\n\n// ── Reversible document redaction (the UI path) ─────────────────────────────\n\n/** A detected PII span in a source string. */\nexport interface RedactionSpan {\n  /** Stable within a document (index-derived) — used for reveal + audit. */\n  id: string\n  kind: string\n  start: number\n  end: number\n  text: string\n}\n\n/**\n * Find non-overlapping PII spans in `text`. Matches every pattern, sorts by\n * position, and drops overlaps (first match wins). Deterministic — no ids that\n * vary per call.\n */\nexport function detectSpans(\n  text: string,\n  patterns: readonly RedactionPattern[] = DEFAULT_REDACTION_PATTERNS,\n): RedactionSpan[] {\n  const raw: Array<{ kind: string; start: number; end: number; text: string }> = []\n  for (const { kind, pattern } of patterns) {\n    const g = new RegExp(pattern.source, pattern.flags.includes('g') ? pattern.flags : `${pattern.flags}g`)\n    for (const m of text.matchAll(g)) {\n      if (m.index === undefined || m[0].length === 0) continue\n      raw.push({ kind, start: m.index, end: m.index + m[0].length, text: m[0] })\n    }\n  }\n  raw.sort((a, b) => a.start - b.start || b.end - a.end)\n  const spans: RedactionSpan[] = []\n  let cursor = -1\n  let i = 0\n  for (const s of raw) {\n    if (s.start < cursor) continue // overlaps an earlier (higher-priority) span\n    spans.push({ id: `span-${i++}`, ...s })\n    cursor = s.end\n  }\n  return spans\n}\n\n/** A redacted document segment: literal text, or a masked span with the\n *  original kept ENCRYPTED for an authorized reveal. */\nexport type RedactedDocSegment =\n  | { type: 'text'; text: string }\n  | { type: 'redacted'; id: string; kind: string; cipher: string }\n\nexport interface RedactedDocument {\n  segments: RedactedDocSegment[]\n}\n\nexport interface BuildRedactedDocumentOptions {\n  /** Encrypt one original span value. Wire it to `agent-app/crypto`\n   *  (`encryptWithKey` / `createFieldCrypto`). The cipher is what's stored. */\n  encrypt: (plaintext: string) => string | Promise<string>\n  /** Patterns to detect (default: {@link DEFAULT_REDACTION_PATTERNS}). */\n  patterns?: readonly RedactionPattern[]\n}\n\n/**\n * Split `text` into text + redacted segments, encrypting each redacted span's\n * original. The result carries NO plaintext PII — only the masked structure and\n * ciphertext — so it is safe to ship to a client; reveal happens server-side via\n * {@link revealSpan}.\n */\nexport async function buildRedactedDocument(\n  text: string,\n  options: BuildRedactedDocumentOptions,\n): Promise<RedactedDocument> {\n  const spans = detectSpans(text, options.patterns)\n  const segments: RedactedDocSegment[] = []\n  let pos = 0\n  for (const span of spans) {\n    if (span.start > pos) segments.push({ type: 'text', text: text.slice(pos, span.start) })\n    segments.push({ type: 'redacted', id: span.id, kind: span.kind, cipher: await options.encrypt(span.text) })\n    pos = span.end\n  }\n  if (pos < text.length) segments.push({ type: 'text', text: text.slice(pos) })\n  return { segments }\n}\n\nexport interface RevealSpanOptions {\n  /** Decrypt a span cipher. Wire to `agent-app/crypto` (`decryptWithKey`). */\n  decrypt: (cipher: string) => string | Promise<string>\n  /** Authorization gate — return false to deny the reveal (fail-closed). */\n  canReveal: (segment: { id: string; kind: string }) => boolean | Promise<boolean>\n  /** Audit hook — invoked only on a granted reveal (the caller records who/when). */\n  onReveal?: (segment: { id: string; kind: string }) => void | Promise<void>\n}\n\nexport interface RevealResult {\n  ok: boolean\n  value?: string\n  /** `not_found` | `forbidden` when `ok` is false. */\n  reason?: string\n}\n\n/**\n * Reveal one redacted span's original, gated + audited. Fail-closed: an unknown\n * id or a denied `canReveal` returns `{ ok: false }` and never decrypts; a\n * granted reveal decrypts, fires `onReveal` for the audit trail, and returns the\n * value.\n */\nexport async function revealSpan(\n  doc: RedactedDocument,\n  spanId: string,\n  options: RevealSpanOptions,\n): Promise<RevealResult> {\n  const seg = doc.segments.find((s): s is Extract<RedactedDocSegment, { type: 'redacted' }> =>\n    s.type === 'redacted' && s.id === spanId,\n  )\n  if (!seg) return { ok: false, reason: 'not_found' }\n  const allowed = await options.canReveal({ id: seg.id, kind: seg.kind })\n  if (!allowed) return { ok: false, reason: 'forbidden' }\n  const value = await options.decrypt(seg.cipher)\n  if (options.onReveal) await options.onReveal({ id: seg.id, kind: seg.kind })\n  return { ok: true, value }\n}\n"],"mappings":";AA+BO,IAAM,6BAA0D;AAAA,EACrE,EAAE,MAAM,OAAO,SAAS,oBAAoB;AAAA,EAC5C,EAAE,MAAM,OAAO,SAAS,cAAc;AACxC;AAEA,IAAM,iBAAiB,oBAAI,IAAI;AAAA,EAC7B;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACF,CAAC;AAQD,SAAS,aAAa,OAAe,UAA+C;AAClF,aAAW,EAAE,MAAM,QAAQ,KAAK,UAAU;AACxC,QAAI,QAAQ,KAAK,KAAK,EAAG,QAAO,aAAa,IAAI;AAAA,EACnD;AACA,SAAO;AACT;AAEA,SAAS,cAAc,OAAkD;AACvE,MAAI,UAAU,QAAQ,OAAO,UAAU,SAAU,QAAO;AACxD,QAAM,QAAQ,OAAO,eAAe,KAAK;AACzC,SAAO,UAAU,OAAO,aAAa,UAAU;AACjD;AAQO,SAAS,mBAAmB,OAAgB,UAAqC,CAAC,GAAY;AACnG,QAAM,WAAW,QAAQ,gBACrB,CAAC,GAAG,4BAA4B,GAAG,QAAQ,aAAa,IACxD;AACJ,QAAM,OAAO,CAAC,MAAwB;AACpC,QAAI,OAAO,MAAM,SAAU,QAAO,aAAa,GAAG,QAAQ;AAC1D,QAAI,MAAM,QAAQ,CAAC,EAAG,QAAO,EAAE,IAAI,IAAI;AACvC,QAAI,cAAc,CAAC,GAAG;AACpB,YAAM,MAA+B,CAAC;AACtC,iBAAW,CAAC,GAAG,GAAG,KAAK,OAAO,QAAQ,CAAC,GAAG;AACxC,YAAI,CAAC,IAAI,eAAe,IAAI,EAAE,YAAY,CAAC,IAAI,qBAAqB,KAAK,GAAG;AAAA,MAC9E;AACA,aAAO;AAAA,IACT;AACA,WAAO;AAAA,EACT;AACA,SAAO,KAAK,KAAK;AACnB;AAmBO,SAAS,YACd,MACA,WAAwC,4BACvB;AACjB,QAAM,MAAyE,CAAC;AAChF,aAAW,EAAE,MAAM,QAAQ,KAAK,UAAU;AACxC,UAAM,IAAI,IAAI,OAAO,QAAQ,QAAQ,QAAQ,MAAM,SAAS,GAAG,IAAI,QAAQ,QAAQ,GAAG,QAAQ,KAAK,GAAG;AACtG,eAAW,KAAK,KAAK,SAAS,CAAC,GAAG;AAChC,UAAI,EAAE,UAAU,UAAa,EAAE,CAAC,EAAE,WAAW,EAAG;AAChD,UAAI,KAAK,EAAE,MAAM,OAAO,EAAE,OAAO,KAAK,EAAE,QAAQ,EAAE,CAAC,EAAE,QAAQ,MAAM,EAAE,CAAC,EAAE,CAAC;AAAA,IAC3E;AAAA,EACF;AACA,MAAI,KAAK,CAAC,GAAG,MAAM,EAAE,QAAQ,EAAE,SAAS,EAAE,MAAM,EAAE,GAAG;AACrD,QAAM,QAAyB,CAAC;AAChC,MAAI,SAAS;AACb,MAAI,IAAI;AACR,aAAW,KAAK,KAAK;AACnB,QAAI,EAAE,QAAQ,OAAQ;AACtB,UAAM,KAAK,EAAE,IAAI,QAAQ,GAAG,IAAI,GAAG,EAAE,CAAC;AACtC,aAAS,EAAE;AAAA,EACb;AACA,SAAO;AACT;AA0BA,eAAsB,sBACpB,MACA,SAC2B;AAC3B,QAAM,QAAQ,YAAY,MAAM,QAAQ,QAAQ;AAChD,QAAM,WAAiC,CAAC;AACxC,MAAI,MAAM;AACV,aAAW,QAAQ,OAAO;AACxB,QAAI,KAAK,QAAQ,IAAK,UAAS,KAAK,EAAE,MAAM,QAAQ,MAAM,KAAK,MAAM,KAAK,KAAK,KAAK,EAAE,CAAC;AACvF,aAAS,KAAK,EAAE,MAAM,YAAY,IAAI,KAAK,IAAI,MAAM,KAAK,MAAM,QAAQ,MAAM,QAAQ,QAAQ,KAAK,IAAI,EAAE,CAAC;AAC1G,UAAM,KAAK;AAAA,EACb;AACA,MAAI,MAAM,KAAK,OAAQ,UAAS,KAAK,EAAE,MAAM,QAAQ,MAAM,KAAK,MAAM,GAAG,EAAE,CAAC;AAC5E,SAAO,EAAE,SAAS;AACpB;AAwBA,eAAsB,WACpB,KACA,QACA,SACuB;AACvB,QAAM,MAAM,IAAI,SAAS;AAAA,IAAK,CAAC,MAC7B,EAAE,SAAS,cAAc,EAAE,OAAO;AAAA,EACpC;AACA,MAAI,CAAC,IAAK,QAAO,EAAE,IAAI,OAAO,QAAQ,YAAY;AAClD,QAAM,UAAU,MAAM,QAAQ,UAAU,EAAE,IAAI,IAAI,IAAI,MAAM,IAAI,KAAK,CAAC;AACtE,MAAI,CAAC,QAAS,QAAO,EAAE,IAAI,OAAO,QAAQ,YAAY;AACtD,QAAM,QAAQ,MAAM,QAAQ,QAAQ,IAAI,MAAM;AAC9C,MAAI,QAAQ,SAAU,OAAM,QAAQ,SAAS,EAAE,IAAI,IAAI,IAAI,MAAM,IAAI,KAAK,CAAC;AAC3E,SAAO,EAAE,IAAI,MAAM,MAAM;AAC3B;","names":[]}

package/dist/chunk-SD2H4FWY.js

@@ -0,0 +1,43 @@
+// src/harness/index.ts
+var KNOWN_HARNESSES = [
+  "opencode",
+  "claude-code",
+  "kimi-code",
+  "codex",
+  "amp",
+  "factory-droids",
+  "pi",
+  "hermes",
+  "forge",
+  "openclaw",
+  "acp",
+  "cursor",
+  "cli-base"
+];
+var DEFAULT_HARNESS = "opencode";
+var HARNESS_SET = new Set(KNOWN_HARNESSES);
+function isHarness(value) {
+  return typeof value === "string" && HARNESS_SET.has(value);
+}
+function coerceHarness(value, fallback = DEFAULT_HARNESS) {
+  return isHarness(value) ? value : fallback;
+}
+function resolveSessionHarness(input = {}) {
+  const fallback = input.fallback ?? DEFAULT_HARNESS;
+  if (isHarness(input.sessionHarness)) {
+    const locked = input.sessionHarness;
+    const swapAttempted = isHarness(input.requested) && input.requested !== locked;
+    return { harness: locked, locked: true, swapAttempted };
+  }
+  const harness = coerceHarness(input.requested, coerceHarness(input.workspaceDefault, fallback));
+  return { harness, locked: false, swapAttempted: false };
+}
+
+export {
+  KNOWN_HARNESSES,
+  DEFAULT_HARNESS,
+  isHarness,
+  coerceHarness,
+  resolveSessionHarness
+};
+//# sourceMappingURL=chunk-SD2H4FWY.js.map

package/dist/chunk-SD2H4FWY.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../src/harness/index.ts"],"sourcesContent":["/**\n * Coding-agent harness selection — taxonomy, coercion, and the session-lock invariant.\n *\n * A \"harness\" is the coding-agent CLI a sandbox drives (opencode / codex /\n * claude-code / …). The shell governs WHICH harness a chat session uses and\n * enforces that a session is LOCKED to the harness it started with — the model\n * may change mid-session, the harness may not (swapping it mid-session would\n * orphan the session's running agent state). Every product otherwise hand-rolls\n * this and hard-codes a single harness; this is the one place the rule lives.\n *\n * Substrate-free: the harness list mirrors the sandbox SDK's `BackendType` as a\n * plain string union (no sandbox dependency). The consumer owns storage — which\n * harness a workspace defaults to, which one a session locked — and maps the\n * resolved value onto the SDK's `backend.type`.\n */\n\n/** The known coding-agent backends. Mirrors `@tangle-network/sandbox`'s\n *  `BackendType`; kept structural so this module needs no sandbox dependency. */\nexport const KNOWN_HARNESSES = [\n  'opencode',\n  'claude-code',\n  'kimi-code',\n  'codex',\n  'amp',\n  'factory-droids',\n  'pi',\n  'hermes',\n  'forge',\n  'openclaw',\n  'acp',\n  'cursor',\n  'cli-base',\n] as const\n\nexport type Harness = (typeof KNOWN_HARNESSES)[number]\n\nexport const DEFAULT_HARNESS: Harness = 'opencode'\n\nconst HARNESS_SET: ReadonlySet<string> = new Set(KNOWN_HARNESSES)\n\nexport function isHarness(value: unknown): value is Harness {\n  return typeof value === 'string' && HARNESS_SET.has(value)\n}\n\n/** Coerce an arbitrary value to a known harness, falling back (default `opencode`). */\nexport function coerceHarness(value: unknown, fallback: Harness = DEFAULT_HARNESS): Harness {\n  return isHarness(value) ? value : fallback\n}\n\nexport interface ResolveSessionHarnessInput {\n  /** The harness already locked to this session (recorded at its first turn). */\n  sessionHarness?: unknown\n  /** The harness requested now — a new session's choice, or a turn's attempt to switch. */\n  requested?: unknown\n  /** The workspace's default harness, used only when starting a fresh session. */\n  workspaceDefault?: unknown\n  /** Final fallback when nothing else resolves (default `opencode`). */\n  fallback?: Harness\n}\n\nexport interface ResolvedSessionHarness {\n  /** The harness to actually run — the locked one when the session already has it. */\n  harness: Harness\n  /** True when the session already had a locked harness (this turn did not pick it). */\n  locked: boolean\n  /** True when `requested` differs from the locked harness — a forbidden mid-session\n   *  swap the caller should reject or warn on. The lock always wins regardless. */\n  swapAttempted: boolean\n}\n\n/**\n * Resolve the harness for a turn, enforcing the session lock.\n *\n * - **Session already started** (`sessionHarness` is a known harness): that harness\n *   wins (`locked: true`); a differing `requested` sets `swapAttempted` so the caller\n *   can reject the swap. The model is a separate per-turn concern and is unaffected.\n * - **Fresh session**: pick `requested → workspaceDefault → fallback`. The caller\n *   persists the result as the session's lock for every subsequent turn.\n */\nexport function resolveSessionHarness(input: ResolveSessionHarnessInput = {}): ResolvedSessionHarness {\n  const fallback = input.fallback ?? DEFAULT_HARNESS\n  if (isHarness(input.sessionHarness)) {\n    const locked = input.sessionHarness\n    const swapAttempted = isHarness(input.requested) && input.requested !== locked\n    return { harness: locked, locked: true, swapAttempted }\n  }\n  const harness = coerceHarness(input.requested, coerceHarness(input.workspaceDefault, fallback))\n  return { harness, locked: false, swapAttempted: false }\n}\n"],"mappings":";AAkBO,IAAM,kBAAkB;AAAA,EAC7B;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACF;AAIO,IAAM,kBAA2B;AAExC,IAAM,cAAmC,IAAI,IAAI,eAAe;AAEzD,SAAS,UAAU,OAAkC;AAC1D,SAAO,OAAO,UAAU,YAAY,YAAY,IAAI,KAAK;AAC3D;AAGO,SAAS,cAAc,OAAgB,WAAoB,iBAA0B;AAC1F,SAAO,UAAU,KAAK,IAAI,QAAQ;AACpC;AAgCO,SAAS,sBAAsB,QAAoC,CAAC,GAA2B;AACpG,QAAM,WAAW,MAAM,YAAY;AACnC,MAAI,UAAU,MAAM,cAAc,GAAG;AACnC,UAAM,SAAS,MAAM;AACrB,UAAM,gBAAgB,UAAU,MAAM,SAAS,KAAK,MAAM,cAAc;AACxE,WAAO,EAAE,SAAS,QAAQ,QAAQ,MAAM,cAAc;AAAA,EACxD;AACA,QAAM,UAAU,cAAc,MAAM,WAAW,cAAc,MAAM,kBAAkB,QAAQ,CAAC;AAC9F,SAAO,EAAE,SAAS,QAAQ,OAAO,eAAe,MAAM;AACxD;","names":[]}

package/dist/harness/index.d.ts

@@ -0,0 +1,54 @@
+/**
+ * Coding-agent harness selection — taxonomy, coercion, and the session-lock invariant.
+ *
+ * A "harness" is the coding-agent CLI a sandbox drives (opencode / codex /
+ * claude-code / …). The shell governs WHICH harness a chat session uses and
+ * enforces that a session is LOCKED to the harness it started with — the model
+ * may change mid-session, the harness may not (swapping it mid-session would
+ * orphan the session's running agent state). Every product otherwise hand-rolls
+ * this and hard-codes a single harness; this is the one place the rule lives.
+ *
+ * Substrate-free: the harness list mirrors the sandbox SDK's `BackendType` as a
+ * plain string union (no sandbox dependency). The consumer owns storage — which
+ * harness a workspace defaults to, which one a session locked — and maps the
+ * resolved value onto the SDK's `backend.type`.
+ */
+/** The known coding-agent backends. Mirrors `@tangle-network/sandbox`'s
+ *  `BackendType`; kept structural so this module needs no sandbox dependency. */
+declare const KNOWN_HARNESSES: readonly ["opencode", "claude-code", "kimi-code", "codex", "amp", "factory-droids", "pi", "hermes", "forge", "openclaw", "acp", "cursor", "cli-base"];
+type Harness = (typeof KNOWN_HARNESSES)[number];
+declare const DEFAULT_HARNESS: Harness;
+declare function isHarness(value: unknown): value is Harness;
+/** Coerce an arbitrary value to a known harness, falling back (default `opencode`). */
+declare function coerceHarness(value: unknown, fallback?: Harness): Harness;
+interface ResolveSessionHarnessInput {
+    /** The harness already locked to this session (recorded at its first turn). */
+    sessionHarness?: unknown;
+    /** The harness requested now — a new session's choice, or a turn's attempt to switch. */
+    requested?: unknown;
+    /** The workspace's default harness, used only when starting a fresh session. */
+    workspaceDefault?: unknown;
+    /** Final fallback when nothing else resolves (default `opencode`). */
+    fallback?: Harness;
+}
+interface ResolvedSessionHarness {
+    /** The harness to actually run — the locked one when the session already has it. */
+    harness: Harness;
+    /** True when the session already had a locked harness (this turn did not pick it). */
+    locked: boolean;
+    /** True when `requested` differs from the locked harness — a forbidden mid-session
+     *  swap the caller should reject or warn on. The lock always wins regardless. */
+    swapAttempted: boolean;
+}
+/**
+ * Resolve the harness for a turn, enforcing the session lock.
+ *
+ * - **Session already started** (`sessionHarness` is a known harness): that harness
+ *   wins (`locked: true`); a differing `requested` sets `swapAttempted` so the caller
+ *   can reject the swap. The model is a separate per-turn concern and is unaffected.
+ * - **Fresh session**: pick `requested → workspaceDefault → fallback`. The caller
+ *   persists the result as the session's lock for every subsequent turn.
+ */
+declare function resolveSessionHarness(input?: ResolveSessionHarnessInput): ResolvedSessionHarness;
+
+export { DEFAULT_HARNESS, type Harness, KNOWN_HARNESSES, type ResolveSessionHarnessInput, type ResolvedSessionHarness, coerceHarness, isHarness, resolveSessionHarness };

package/dist/harness/index.js

@@ -0,0 +1,15 @@
+import {
+  DEFAULT_HARNESS,
+  KNOWN_HARNESSES,
+  coerceHarness,
+  isHarness,
+  resolveSessionHarness
+} from "../chunk-SD2H4FWY.js";
+export {
+  DEFAULT_HARNESS,
+  KNOWN_HARNESSES,
+  coerceHarness,
+  isHarness,
+  resolveSessionHarness
+};
+//# sourceMappingURL=index.js.map

package/dist/harness/index.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":[],"sourcesContent":[],"mappings":"","names":[]}

package/dist/index.d.ts

@@ -6,6 +6,7 @@ export { AppToolLoopOptions, LoopEvent, LoopToolCall, OpenAICompatStreamTurnOpti
 export { createTokenRecallChecker, producedFromToolEvents } from './eval/index.js';
 export { KnowledgeRequirementSpec, KnowledgeSignal, KnowledgeStateAccessor, SatisfiedByRule, buildKnowledgeRequirements, deriveSignals } from './knowledge/index.js';
 export { CreateKnowledgeLoopDeps, KnowledgeCandidate, KnowledgeDecider, KnowledgeDeciderInput, KnowledgeDecision, KnowledgeGateVerdict, KnowledgeLoop, KnowledgeLoopDriver, createKnowledgeLoop, createReviewerDecider, reviewCandidate } from './knowledge-loop/index.js';
+export { DEFAULT_HARNESS, Harness, KNOWN_HARNESSES, ResolveSessionHarnessInput, ResolvedSessionHarness, coerceHarness, isHarness, resolveSessionHarness } from './harness/index.js';
 export { AgentAppConfig, AgentDelegationConfig, AgentIdentityConfig, AgentIntegrationsConfig, AgentKnowledgeConfig, AgentTaxonomyConfig, AgentUiConfig, KnowledgeLoopConfig, KnowledgeSourceSpec, agentAppConfigJsonSchema, defineAgentApp } from './config/index.js';
 export { D1Like, D1PreparedLike, DrizzleColumnLike, DrizzleSqliteCoreLike, PRESET_MIGRATION_SQL, PRESET_TABLES, PresetBillingOptions, PresetKnowledgeAccessorOptions, PresetToolHandlerOptions, VaultKv, createD1KnowledgeStateAccessor, createPresetDrizzleSchema, createPresetFieldCrypto, createPresetToolHandlers, createPresetWorkspaceKeyManager, createPresetWorkspaceKeyStore } from './preset-cloudflare/index.js';
 export { KeyCrypto, KeyProvisioner, PlanLimit, PlatformBalanceInfo, PlatformBalanceManager, PlatformBalanceManagerOptions, PlatformBillingClient, PlatformIdentity, PlatformProductUsage, SharedBillingState, WorkspaceKeyManager, WorkspaceKeyManagerOptions, WorkspaceKeyRecord, WorkspaceKeyStore, WorkspaceModelKeyUsage, createPlatformBalanceManager, createWorkspaceKeyManager } from './billing/index.js';
@@ -13,7 +14,7 @@ export { DeriveKeyOptions, createFieldCrypto, decodeHexKey, decryptAesGcm, decry
 export { JsonRecord, PersistedChatMessageForTurn, ResolvedChatTurn, StreamEvent, asRecord, asString, buildUserTextParts, encodeEvent, finalizeAssistantParts, getPartKey, mergePersistedPart, messageHasTurnId, normalizeClientTurnId, normalizePersistedPart, normalizeTime, normalizeToolEvent, resolveChatTurn, resolveToolId, resolveToolName } from './stream/index.js';
 export { HubExecClient, HubExecClientOptions, HubExecErrorCode, HubExecResult, HubInvokeDeps, HubInvokeInput, HubInvokeOutcome, ParsedIntegrationAction, invokeIntegrationHub, resolveIntegrationAction } from './integrations/index.js';
 export { JsonObject, KvLike, RateLimitResult, RequestContext, SecurityHeaderOptions, addSecurityHeaders, checkRateLimit, extractRequestContext, parseJsonObjectBody, requireString } from './web/index.js';
-export { redactForIngestion } from './redact/index.js';
+export { BuildRedactedDocumentOptions, DEFAULT_REDACTION_PATTERNS, RedactForIngestionOptions, RedactedDocSegment, RedactedDocument, RedactionPattern, RedactionSpan, RevealResult, RevealSpanOptions, buildRedactedDocument, detectSpans, redactForIngestion, revealSpan } from './redact/index.js';
 export { CompletionRequirement, CompletionVerdict, CorrectnessChecker, ProducedState, RuntimeEventLike, SatisfiedBy, TaskGold, createLlmCorrectnessChecker, extractProducedState, verifyCompletion, weightedComposite } from '@tangle-network/agent-eval';
 export { D as DEFAULT_TANGLE_ROUTER_BASE_URL, R as ResolveModelOptions, T as TangleModelConfig, r as resolveTangleModelConfig } from './model-BOP69mVu.js';
 import '@tangle-network/agent-knowledge';

package/dist/index.js

@@ -1,3 +1,17 @@
+import {
+  DEFAULT_REDACTION_PATTERNS,
+  buildRedactedDocument,
+  detectSpans,
+  redactForIngestion,
+  revealSpan
+} from "./chunk-KWHLTXLE.js";
+import {
+  DEFAULT_HARNESS,
+  KNOWN_HARNESSES,
+  coerceHarness,
+  isHarness,
+  resolveSessionHarness
+} from "./chunk-SD2H4FWY.js";
 import {
   agentAppConfigJsonSchema,
   defineAgentApp
@@ -56,9 +70,6 @@ import {
   parseJsonObjectBody,
   requireString
 } from "./chunk-CN75FIPT.js";
-import {
-  redactForIngestion
-} from "./chunk-C5CREGT2.js";
 import {
   APP_TOOL_NAMES,
   DEFAULT_APP_TOOL_PATHS,
@@ -115,11 +126,14 @@ import {
 export {
   APP_TOOL_NAMES,
   DEFAULT_APP_TOOL_PATHS,
+  DEFAULT_HARNESS,
   DEFAULT_HEADER_NAMES,
+  DEFAULT_REDACTION_PATTERNS,
   DEFAULT_TANGLE_ROUTER_BASE_URL,
   DELEGATION_MCP_SERVER_KEY,
   DELEGATION_TOOLS,
   HubExecClient,
+  KNOWN_HARNESSES,
   PRESET_MIGRATION_SQL,
   PRESET_TABLES,
   ToolInputError,
@@ -134,8 +148,10 @@ export {
   buildDelegationMcpServer,
   buildHttpMcpServer,
   buildKnowledgeRequirements,
+  buildRedactedDocument,
   buildUserTextParts,
   checkRateLimit,
+  coerceHarness,
   createAppToolRuntimeExecutor,
   createBrokerTokenProvider,
   createCapabilityToken,
@@ -161,6 +177,7 @@ export {
   delegationMcpForConfig,
   deriveKey,
   deriveSignals,
+  detectSpans,
   dispatchAppTool,
   encodeEvent,
   encryptAesGcm,
@@ -173,6 +190,7 @@ export {
   handleAppToolRequest,
   invokeIntegrationHub,
   isAppToolName,
+  isHarness,
   mergePersistedPart,
   messageHasTurnId,
   normalizeClientTurnId,
@@ -187,9 +205,11 @@ export {
   requireString,
   resolveChatTurn,
   resolveIntegrationAction,
+  resolveSessionHarness,
   resolveTangleModelConfig,
   resolveToolId,
   resolveToolName,
+  revealSpan,
   reviewCandidate,
   runAppToolLoop,
   streamAppToolLoop,

package/dist/redact/index.d.ts

@@ -1,22 +1,114 @@
 /**
- * PII redaction for production trace payloads.
+ * PII redaction — two complementary modes.
  *
- * The chat-trace emission sites pass tool args + results — and at one
- * point the LLM span carried the system prompt + user message verbatim
- * — through the wire. Anything that lands in the ingestion store is
- * also fair game for the analyst-loop's LLM prompts, so personal
- * identifiers MUST be stripped before they leave the request path.
+ * 1. ONE-WAY scrub (`redactForIngestion`): for production trace payloads. Tool
+ *    args + results (and once, the LLM span's prompt) cross the wire into the
+ *    ingestion store, which also feeds the analyst-loop's LLM prompts, so
+ *    personal identifiers MUST be stripped before they leave the request path.
+ *    Destructive — the original is gone, replaced by a sentinel.
  *
- * Discipline:
- *   - Match cheap, deterministic patterns at the string level (SSN, EIN).
- *   - Match well-known sensitive object keys (case-insensitive) and
- *     replace the value, never the key, so the shape of the object
- *     remains debuggable.
- *   - Recurse arrays + plain objects only; pass through everything else
- *     unchanged (numbers, booleans, null, undefined, functions, etc).
- *   - NEVER throw — a redaction failure must not crash the chat handler.
- *     Unrecognized inputs round-trip as-is.
+ * 2. REVERSIBLE redaction (`buildRedactedDocument` / `revealSpan`): for the UI.
+ *    A document is split into text + redacted segments; each redacted original
+ *    is kept ENCRYPTED (via a caller-supplied `encrypt` seam → `agent-app/crypto`)
+ *    so a viewer can reveal a single span on demand, gated by an authorization
+ *    callback and an audit hook. The mask is presentation; the original is
+ *    recoverable by an authorized reveal, not lost.
+ *
+ * Discipline: cheap deterministic string patterns + well-known sensitive object
+ * keys (value replaced, key kept, so the shape stays debuggable); recurse arrays
+ * + plain objects only; NEVER throw on the one-way path.
+ */
+/** A named PII pattern. `pattern` is matched case-insensitively at the string
+ *  level; keep it non-global (global instances are derived where needed). */
+interface RedactionPattern {
+    kind: string;
+    pattern: RegExp;
+}
+/** The default deterministic patterns. Extend via the `extraPatterns` /
+ *  `patterns` options rather than forking this module (the seam that lets a
+ *  product add e.g. a credit-card matcher without a local copy). */
+declare const DEFAULT_REDACTION_PATTERNS: readonly RedactionPattern[];
+interface RedactForIngestionOptions {
+    /** Extra patterns appended to {@link DEFAULT_REDACTION_PATTERNS} for the
+     *  string-level scrub (e.g. credit-card). Additive — defaults still apply. */
+    extraPatterns?: readonly RedactionPattern[];
+}
+/**
+ * One-way PII scrub for telemetry/ingestion. Backward-compatible: called with no
+ * options it behaves exactly as before (SSN/EIN strings + sensitive object keys
+ * → sentinels). `extraPatterns` lets a product add matchers (e.g. credit-card)
+ * without forking this module.
+ */
+declare function redactForIngestion(value: unknown, options?: RedactForIngestionOptions): unknown;
+/** A detected PII span in a source string. */
+interface RedactionSpan {
+    /** Stable within a document (index-derived) — used for reveal + audit. */
+    id: string;
+    kind: string;
+    start: number;
+    end: number;
+    text: string;
+}
+/**
+ * Find non-overlapping PII spans in `text`. Matches every pattern, sorts by
+ * position, and drops overlaps (first match wins). Deterministic — no ids that
+ * vary per call.
+ */
+declare function detectSpans(text: string, patterns?: readonly RedactionPattern[]): RedactionSpan[];
+/** A redacted document segment: literal text, or a masked span with the
+ *  original kept ENCRYPTED for an authorized reveal. */
+type RedactedDocSegment = {
+    type: 'text';
+    text: string;
+} | {
+    type: 'redacted';
+    id: string;
+    kind: string;
+    cipher: string;
+};
+interface RedactedDocument {
+    segments: RedactedDocSegment[];
+}
+interface BuildRedactedDocumentOptions {
+    /** Encrypt one original span value. Wire it to `agent-app/crypto`
+     *  (`encryptWithKey` / `createFieldCrypto`). The cipher is what's stored. */
+    encrypt: (plaintext: string) => string | Promise<string>;
+    /** Patterns to detect (default: {@link DEFAULT_REDACTION_PATTERNS}). */
+    patterns?: readonly RedactionPattern[];
+}
+/**
+ * Split `text` into text + redacted segments, encrypting each redacted span's
+ * original. The result carries NO plaintext PII — only the masked structure and
+ * ciphertext — so it is safe to ship to a client; reveal happens server-side via
+ * {@link revealSpan}.
+ */
+declare function buildRedactedDocument(text: string, options: BuildRedactedDocumentOptions): Promise<RedactedDocument>;
+interface RevealSpanOptions {
+    /** Decrypt a span cipher. Wire to `agent-app/crypto` (`decryptWithKey`). */
+    decrypt: (cipher: string) => string | Promise<string>;
+    /** Authorization gate — return false to deny the reveal (fail-closed). */
+    canReveal: (segment: {
+        id: string;
+        kind: string;
+    }) => boolean | Promise<boolean>;
+    /** Audit hook — invoked only on a granted reveal (the caller records who/when). */
+    onReveal?: (segment: {
+        id: string;
+        kind: string;
+    }) => void | Promise<void>;
+}
+interface RevealResult {
+    ok: boolean;
+    value?: string;
+    /** `not_found` | `forbidden` when `ok` is false. */
+    reason?: string;
+}
+/**
+ * Reveal one redacted span's original, gated + audited. Fail-closed: an unknown
+ * id or a denied `canReveal` returns `{ ok: false }` and never decrypts; a
+ * granted reveal decrypts, fires `onReveal` for the audit trail, and returns the
+ * value.
  */
-declare function redactForIngestion(value: unknown): unknown;
+declare function revealSpan(doc: RedactedDocument, spanId: string, options: RevealSpanOptions): Promise<RevealResult>;
 
-export { redactForIngestion };
+export { type BuildRedactedDocumentOptions, DEFAULT_REDACTION_PATTERNS, type RedactForIngestionOptions, type RedactedDocSegment, type RedactedDocument, type RedactionPattern, type RedactionSpan, type RevealResult, type RevealSpanOptions, buildRedactedDocument, detectSpans, redactForIngestion, revealSpan };

package/dist/redact/index.js

@@ -1,7 +1,15 @@
 import {
-  redactForIngestion
-} from "../chunk-C5CREGT2.js";
+  DEFAULT_REDACTION_PATTERNS,
+  buildRedactedDocument,
+  detectSpans,
+  redactForIngestion,
+  revealSpan
+} from "../chunk-KWHLTXLE.js";
 export {
-  redactForIngestion
+  DEFAULT_REDACTION_PATTERNS,
+  buildRedactedDocument,
+  detectSpans,
+  redactForIngestion,
+  revealSpan
 };
 //# sourceMappingURL=index.js.map

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@tangle-network/agent-app",
-  "version": "0.1.5",
+  "version": "0.1.7",
   "packageManager": "pnpm@10.33.4",
   "description": "Application-shell framework for Tangle agent products: a bounded tool loop, the structured agent→app tool side channel, integration-hub client, per-workspace billing, and crypto — composed over the Tangle agent substrate through typed seams.",
   "keywords": [
@@ -76,6 +76,11 @@
       "import": "./dist/knowledge-loop/index.js",
       "default": "./dist/knowledge-loop/index.js"
     },
+    "./harness": {
+      "types": "./dist/harness/index.d.ts",
+      "import": "./dist/harness/index.js",
+      "default": "./dist/harness/index.js"
+    },
     "./preset-cloudflare": {
       "types": "./dist/preset-cloudflare/index.d.ts",
       "import": "./dist/preset-cloudflare/index.js",

package/dist/chunk-C5CREGT2.js

@@ -1,45 +0,0 @@
-// src/redact/index.ts
-var SSN_PATTERN = /\d{3}-\d{2}-\d{4}/;
-var EIN_PATTERN = /\d{2}-\d{7}/;
-var SENSITIVE_KEYS = /* @__PURE__ */ new Set([
-  "ssn",
-  "ein",
-  "password",
-  "apikey",
-  "token",
-  "secret",
-  "authorization",
-  "email",
-  "phone"
-]);
-function redactString(value) {
-  if (SSN_PATTERN.test(value)) return "[REDACTED:ssn]";
-  if (EIN_PATTERN.test(value)) return "[REDACTED:ein]";
-  return value;
-}
-function isPlainObject(value) {
-  if (value === null || typeof value !== "object") return false;
-  const proto = Object.getPrototypeOf(value);
-  return proto === Object.prototype || proto === null;
-}
-function redactForIngestion(value) {
-  if (typeof value === "string") return redactString(value);
-  if (Array.isArray(value)) return value.map(redactForIngestion);
-  if (isPlainObject(value)) {
-    const out = {};
-    for (const [k, v] of Object.entries(value)) {
-      if (SENSITIVE_KEYS.has(k.toLowerCase())) {
-        out[k] = "[REDACTED:field]";
-        continue;
-      }
-      out[k] = redactForIngestion(v);
-    }
-    return out;
-  }
-  return value;
-}
-
-export {
-  redactForIngestion
-};
-//# sourceMappingURL=chunk-C5CREGT2.js.map

package/dist/chunk-C5CREGT2.js.map

@@ -1 +0,0 @@
-{"version":3,"sources":["../src/redact/index.ts"],"sourcesContent":["/**\n * PII redaction for production trace payloads.\n *\n * The chat-trace emission sites pass tool args + results — and at one\n * point the LLM span carried the system prompt + user message verbatim\n * — through the wire. Anything that lands in the ingestion store is\n * also fair game for the analyst-loop's LLM prompts, so personal\n * identifiers MUST be stripped before they leave the request path.\n *\n * Discipline:\n *   - Match cheap, deterministic patterns at the string level (SSN, EIN).\n *   - Match well-known sensitive object keys (case-insensitive) and\n *     replace the value, never the key, so the shape of the object\n *     remains debuggable.\n *   - Recurse arrays + plain objects only; pass through everything else\n *     unchanged (numbers, booleans, null, undefined, functions, etc).\n *   - NEVER throw — a redaction failure must not crash the chat handler.\n *     Unrecognized inputs round-trip as-is.\n */\n\nconst SSN_PATTERN = /\\d{3}-\\d{2}-\\d{4}/\nconst EIN_PATTERN = /\\d{2}-\\d{7}/\n\nconst SENSITIVE_KEYS = new Set([\n  'ssn',\n  'ein',\n  'password',\n  'apikey',\n  'token',\n  'secret',\n  'authorization',\n  'email',\n  'phone',\n])\n\nfunction redactString(value: string): string {\n  if (SSN_PATTERN.test(value)) return '[REDACTED:ssn]'\n  if (EIN_PATTERN.test(value)) return '[REDACTED:ein]'\n  return value\n}\n\nfunction isPlainObject(value: unknown): value is Record<string, unknown> {\n  if (value === null || typeof value !== 'object') return false\n  const proto = Object.getPrototypeOf(value)\n  return proto === Object.prototype || proto === null\n}\n\nexport function redactForIngestion(value: unknown): unknown {\n  if (typeof value === 'string') return redactString(value)\n  if (Array.isArray(value)) return value.map(redactForIngestion)\n  if (isPlainObject(value)) {\n    const out: Record<string, unknown> = {}\n    for (const [k, v] of Object.entries(value)) {\n      if (SENSITIVE_KEYS.has(k.toLowerCase())) {\n        out[k] = '[REDACTED:field]'\n        continue\n      }\n      out[k] = redactForIngestion(v)\n    }\n    return out\n  }\n  return value\n}\n"],"mappings":";AAoBA,IAAM,cAAc;AACpB,IAAM,cAAc;AAEpB,IAAM,iBAAiB,oBAAI,IAAI;AAAA,EAC7B;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACF,CAAC;AAED,SAAS,aAAa,OAAuB;AAC3C,MAAI,YAAY,KAAK,KAAK,EAAG,QAAO;AACpC,MAAI,YAAY,KAAK,KAAK,EAAG,QAAO;AACpC,SAAO;AACT;AAEA,SAAS,cAAc,OAAkD;AACvE,MAAI,UAAU,QAAQ,OAAO,UAAU,SAAU,QAAO;AACxD,QAAM,QAAQ,OAAO,eAAe,KAAK;AACzC,SAAO,UAAU,OAAO,aAAa,UAAU;AACjD;AAEO,SAAS,mBAAmB,OAAyB;AAC1D,MAAI,OAAO,UAAU,SAAU,QAAO,aAAa,KAAK;AACxD,MAAI,MAAM,QAAQ,KAAK,EAAG,QAAO,MAAM,IAAI,kBAAkB;AAC7D,MAAI,cAAc,KAAK,GAAG;AACxB,UAAM,MAA+B,CAAC;AACtC,eAAW,CAAC,GAAG,CAAC,KAAK,OAAO,QAAQ,KAAK,GAAG;AAC1C,UAAI,eAAe,IAAI,EAAE,YAAY,CAAC,GAAG;AACvC,YAAI,CAAC,IAAI;AACT;AAAA,MACF;AACA,UAAI,CAAC,IAAI,mBAAmB,CAAC;AAAA,IAC/B;AACA,WAAO;AAAA,EACT;AACA,SAAO;AACT;","names":[]}