@tenova/swt3-ai 0.5.0 → 0.5.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +279 -2
- package/dist/buffer.d.ts +7 -1
- package/dist/buffer.d.ts.map +1 -1
- package/dist/buffer.js +38 -3
- package/dist/buffer.js.map +1 -1
- package/dist/cli.d.ts +13 -0
- package/dist/cli.d.ts.map +1 -0
- package/dist/cli.js +202 -0
- package/dist/cli.js.map +1 -0
- package/dist/config.d.ts +18 -5
- package/dist/config.d.ts.map +1 -1
- package/dist/config.js +346 -42
- package/dist/config.js.map +1 -1
- package/dist/demo.d.ts +1 -1
- package/dist/demo.d.ts.map +1 -1
- package/dist/demo.js +88 -4
- package/dist/demo.js.map +1 -1
- package/dist/doctor.d.ts +20 -0
- package/dist/doctor.d.ts.map +1 -0
- package/dist/doctor.js +357 -0
- package/dist/doctor.js.map +1 -0
- package/dist/environment.d.ts +34 -0
- package/dist/environment.d.ts.map +1 -0
- package/dist/environment.js +99 -0
- package/dist/environment.js.map +1 -0
- package/dist/exporters/chain-monitor.d.ts +55 -0
- package/dist/exporters/chain-monitor.d.ts.map +1 -0
- package/dist/exporters/chain-monitor.js +172 -0
- package/dist/exporters/chain-monitor.js.map +1 -0
- package/dist/hardware.d.ts +96 -0
- package/dist/hardware.d.ts.map +1 -0
- package/dist/hardware.js +265 -0
- package/dist/hardware.js.map +1 -0
- package/dist/index.d.ts +19 -3
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +10 -2
- package/dist/index.js.map +1 -1
- package/dist/merkle.d.ts +107 -0
- package/dist/merkle.d.ts.map +1 -0
- package/dist/merkle.js +226 -0
- package/dist/merkle.js.map +1 -0
- package/dist/schema.d.ts +18 -0
- package/dist/schema.d.ts.map +1 -0
- package/dist/schema.js +255 -0
- package/dist/schema.js.map +1 -0
- package/dist/trust.d.ts +100 -0
- package/dist/trust.d.ts.map +1 -0
- package/dist/trust.js +222 -0
- package/dist/trust.js.map +1 -0
- package/dist/types.d.ts +167 -11
- package/dist/types.d.ts.map +1 -1
- package/dist/types.js +42 -1
- package/dist/types.js.map +1 -1
- package/dist/wal.d.ts +69 -0
- package/dist/wal.d.ts.map +1 -0
- package/dist/wal.js +223 -0
- package/dist/wal.js.map +1 -0
- package/dist/witness.d.ts +293 -1
- package/dist/witness.d.ts.map +1 -1
- package/dist/witness.js +1234 -5
- package/dist/witness.js.map +1 -1
- package/package.json +4 -2
- package/templates/eu-ai-act-high-risk.yaml +56 -0
- package/templates/granite-sovereign.yaml +55 -0
- package/templates/minimal.yaml +38 -0
- package/templates/mythos-defense.yaml +65 -0
- package/templates/nist-ai-rmf.yaml +47 -0
- package/templates/owasp-agentic-top10.yaml +50 -0
package/dist/config.js
CHANGED
|
@@ -14,7 +14,11 @@
|
|
|
14
14
|
*
|
|
15
15
|
* Requires: `npm install yaml`
|
|
16
16
|
*/
|
|
17
|
+
import { createHash } from "node:crypto";
|
|
17
18
|
import { readFileSync, existsSync } from "node:fs";
|
|
19
|
+
import { join, dirname } from "node:path";
|
|
20
|
+
import { fileURLToPath } from "node:url";
|
|
21
|
+
import { validateSchema as runSchemaValidation } from "./schema.js";
|
|
18
22
|
/** Snake_case to camelCase key mapping for YAML -> WitnessOptions. */
|
|
19
23
|
const KEY_MAP = {
|
|
20
24
|
api_key: "apiKey",
|
|
@@ -38,12 +42,67 @@ const KEY_MAP = {
|
|
|
38
42
|
purpose_class: "purposeClass",
|
|
39
43
|
on_flush: "onFlush",
|
|
40
44
|
gateway_mode: "gatewayMode",
|
|
45
|
+
wal_path: "walPath",
|
|
46
|
+
replay_window: "replayWindow",
|
|
47
|
+
token_budget: "tokenBudget",
|
|
41
48
|
};
|
|
42
49
|
/** Env-suffix fields that resolve from process.env. */
|
|
43
50
|
const ENV_FIELDS = {
|
|
44
51
|
api_key_env: "apiKey",
|
|
45
52
|
signing_key_env: "signingKey",
|
|
46
53
|
};
|
|
54
|
+
/** Top-level sections extracted before key mapping. */
|
|
55
|
+
const SECTION_KEYS = new Set(["policy", "trust_mesh", "hardware", "density_policy", "mcp_policy", "merkle", "profile"]);
|
|
56
|
+
// ── Typo Protection Sets ──────────────────────────────────────────────
|
|
57
|
+
const VALID_POLICY_KEYS = new Set([
|
|
58
|
+
"require_signing",
|
|
59
|
+
"min_clearing_level",
|
|
60
|
+
"required_procedures",
|
|
61
|
+
"require_agent_id",
|
|
62
|
+
"max_flush_interval",
|
|
63
|
+
"require_jurisdiction",
|
|
64
|
+
]);
|
|
65
|
+
const VALID_TRUST_MESH_KEYS = new Set([
|
|
66
|
+
"mode", "min_trust_level", "require_signature", "freshness_window",
|
|
67
|
+
"trusted_tenants", "trusted_agents", "deny_agents", "deny_tenants",
|
|
68
|
+
"required_procedures", "signing_keys",
|
|
69
|
+
]);
|
|
70
|
+
const VALID_HARDWARE_KEYS = new Set([
|
|
71
|
+
"require_attestation", "attestation_freshness", "allowed_methods",
|
|
72
|
+
]);
|
|
73
|
+
const VALID_DENSITY_POLICY_KEYS = new Set([
|
|
74
|
+
"min_anchors_per_1000_tokens", "required_providers",
|
|
75
|
+
"max_chain_gap_seconds", "require_signing_key", "min_trust_level",
|
|
76
|
+
]);
|
|
77
|
+
const VALID_MCP_POLICY_KEYS = new Set([
|
|
78
|
+
"witnessed_tools", "exempt_tools", "require_trust_level",
|
|
79
|
+
"auto_witness", "block_on_failure",
|
|
80
|
+
"max_velocity", "max_chain_depth", "tool_allowlist", "tool_blocklist",
|
|
81
|
+
"fail_secure", "rules", "max_tokens_per_session",
|
|
82
|
+
]);
|
|
83
|
+
const VALID_MERKLE_KEYS = new Set([
|
|
84
|
+
"enabled", "accumulator_interval",
|
|
85
|
+
]);
|
|
86
|
+
const VALID_PROFILES = new Set([
|
|
87
|
+
"eu-ai-act-high-risk",
|
|
88
|
+
"granite-sovereign",
|
|
89
|
+
"mythos-defense",
|
|
90
|
+
"nist-ai-rmf",
|
|
91
|
+
"owasp-agentic-top10",
|
|
92
|
+
"minimal",
|
|
93
|
+
]);
|
|
94
|
+
// ── YAML Parsing ──────────────────────────────────────────────────────
|
|
95
|
+
function getYamlParser() {
|
|
96
|
+
try {
|
|
97
|
+
// eslint-disable-next-line @typescript-eslint/no-require-imports
|
|
98
|
+
const yamlMod = require("yaml");
|
|
99
|
+
return yamlMod.parse;
|
|
100
|
+
}
|
|
101
|
+
catch {
|
|
102
|
+
throw new Error("The 'yaml' package is required for .swt3.yaml support. " +
|
|
103
|
+
"Install it with: npm install yaml");
|
|
104
|
+
}
|
|
105
|
+
}
|
|
47
106
|
function findConfig(path) {
|
|
48
107
|
if (path) {
|
|
49
108
|
if (!existsSync(path)) {
|
|
@@ -58,23 +117,63 @@ function findConfig(path) {
|
|
|
58
117
|
throw new Error("No SWT3 config file found. Create swt3.yaml or .swt3.yaml, " +
|
|
59
118
|
"or pass an explicit path to loadConfig().");
|
|
60
119
|
}
|
|
61
|
-
|
|
62
|
-
|
|
63
|
-
|
|
64
|
-
|
|
65
|
-
|
|
66
|
-
|
|
67
|
-
|
|
68
|
-
|
|
69
|
-
|
|
70
|
-
|
|
71
|
-
|
|
72
|
-
|
|
73
|
-
|
|
74
|
-
|
|
75
|
-
|
|
76
|
-
|
|
77
|
-
|
|
120
|
+
// ── Extends / Composition ─────────────────────────────────────────────
|
|
121
|
+
const MAX_EXTENDS_DEPTH = 10;
|
|
122
|
+
function processExtends(raw, configDir, parse, visited = new Set(), depth = 0, rootDir) {
|
|
123
|
+
const extendsVal = raw.extends;
|
|
124
|
+
if (!extendsVal)
|
|
125
|
+
return { merged: raw, extendedContents: [] };
|
|
126
|
+
delete raw.extends;
|
|
127
|
+
if (depth >= MAX_EXTENDS_DEPTH) {
|
|
128
|
+
throw new Error(`Extends depth limit exceeded (max ${MAX_EXTENDS_DEPTH})`);
|
|
129
|
+
}
|
|
130
|
+
// The root directory is the top-level config file's parent -- set on first call
|
|
131
|
+
const boundary = rootDir ?? configDir;
|
|
132
|
+
const files = Array.isArray(extendsVal) ? extendsVal : [extendsVal];
|
|
133
|
+
let base = {};
|
|
134
|
+
const allContents = [];
|
|
135
|
+
for (const file of files) {
|
|
136
|
+
const isAbsolute = file.startsWith("/");
|
|
137
|
+
const resolved = isAbsolute
|
|
138
|
+
? file
|
|
139
|
+
: join(configDir, file);
|
|
140
|
+
if (!existsSync(resolved)) {
|
|
141
|
+
throw new Error(`Extends file not found: ${file} (resolved: ${resolved})`);
|
|
142
|
+
}
|
|
143
|
+
const real = require("node:fs").realpathSync(resolved);
|
|
144
|
+
// Path containment: relative paths must resolve within the root config directory tree
|
|
145
|
+
if (!isAbsolute) {
|
|
146
|
+
const realBoundary = require("node:fs").realpathSync(boundary);
|
|
147
|
+
if (!real.startsWith(realBoundary + "/") && real !== realBoundary) {
|
|
148
|
+
throw new Error(`Extends path escapes config directory: ${file} (resolved: ${real}). ` +
|
|
149
|
+
`Use an absolute path if this is intentional.`);
|
|
150
|
+
}
|
|
151
|
+
}
|
|
152
|
+
if (visited.has(real)) {
|
|
153
|
+
throw new Error(`Circular extends detected: ${file} (resolved: ${real})`);
|
|
154
|
+
}
|
|
155
|
+
visited.add(real);
|
|
156
|
+
const content = readFileSync(resolved, "utf-8");
|
|
157
|
+
allContents.push(content);
|
|
158
|
+
let parentRaw = parse(content);
|
|
159
|
+
if (!parentRaw || typeof parentRaw !== "object") {
|
|
160
|
+
throw new Error(`Invalid extends file: ${file} (expected a YAML mapping)`);
|
|
161
|
+
}
|
|
162
|
+
const parentDir = dirname(resolved);
|
|
163
|
+
const parentResult = processExtends(parentRaw, parentDir, parse, visited, depth + 1, boundary);
|
|
164
|
+
allContents.unshift(...parentResult.extendedContents);
|
|
165
|
+
parentRaw = parentResult.merged;
|
|
166
|
+
base = deepMerge(base, parentRaw);
|
|
167
|
+
}
|
|
168
|
+
return { merged: deepMerge(base, raw), extendedContents: allContents };
|
|
169
|
+
}
|
|
170
|
+
// ── Section Helpers ───────────────────────────────────────────────────
|
|
171
|
+
function validateKeys(section, validKeys, sectionName) {
|
|
172
|
+
const unknown = Object.keys(section).filter((k) => !validKeys.has(k));
|
|
173
|
+
if (unknown.length > 0) {
|
|
174
|
+
throw new Error(`Unknown ${sectionName} keys: ${unknown.sort().join(", ")}`);
|
|
175
|
+
}
|
|
176
|
+
}
|
|
78
177
|
function extractPolicy(raw) {
|
|
79
178
|
const policy = raw.policy;
|
|
80
179
|
if (!policy)
|
|
@@ -83,13 +182,171 @@ function extractPolicy(raw) {
|
|
|
83
182
|
if (typeof policy !== "object" || Array.isArray(policy)) {
|
|
84
183
|
throw new Error("'policy' must be a YAML mapping");
|
|
85
184
|
}
|
|
86
|
-
|
|
87
|
-
if (unknown.length > 0) {
|
|
88
|
-
throw new Error(`Unknown policy keys: ${unknown.sort().join(", ")}`);
|
|
89
|
-
}
|
|
185
|
+
validateKeys(policy, VALID_POLICY_KEYS, "policy");
|
|
90
186
|
return policy;
|
|
91
187
|
}
|
|
92
|
-
function
|
|
188
|
+
function extractTrustMesh(raw) {
|
|
189
|
+
const section = raw.trust_mesh;
|
|
190
|
+
if (!section)
|
|
191
|
+
return null;
|
|
192
|
+
delete raw.trust_mesh;
|
|
193
|
+
if (typeof section !== "object" || Array.isArray(section)) {
|
|
194
|
+
throw new Error("'trust_mesh' must be a YAML mapping");
|
|
195
|
+
}
|
|
196
|
+
validateKeys(section, VALID_TRUST_MESH_KEYS, "trust_mesh");
|
|
197
|
+
const mode = section.mode ?? "permissive";
|
|
198
|
+
if (!["strict", "permissive", "monitor"].includes(mode)) {
|
|
199
|
+
throw new Error(`trust_mesh.mode must be strict, permissive, or monitor (got: ${mode})`);
|
|
200
|
+
}
|
|
201
|
+
// Resolve signing_keys _env references
|
|
202
|
+
const rawKeys = section.signing_keys ?? [];
|
|
203
|
+
const resolvedKeys = rawKeys.map((entry) => {
|
|
204
|
+
if (!entry.agent)
|
|
205
|
+
throw new Error("trust_mesh.signing_keys[].agent is required");
|
|
206
|
+
if (!entry.key_env)
|
|
207
|
+
throw new Error("trust_mesh.signing_keys[].key_env is required");
|
|
208
|
+
const value = process.env[entry.key_env];
|
|
209
|
+
if (!value) {
|
|
210
|
+
throw new Error(`Environment variable '${entry.key_env}' (from trust_mesh.signing_keys) is not set`);
|
|
211
|
+
}
|
|
212
|
+
return { agent: entry.agent, key: value };
|
|
213
|
+
});
|
|
214
|
+
// Validate trusted_agents structure
|
|
215
|
+
const trustedAgents = section.trusted_agents ?? [];
|
|
216
|
+
for (const ta of trustedAgents) {
|
|
217
|
+
if (!ta.tenant || !ta.agent) {
|
|
218
|
+
throw new Error("trust_mesh.trusted_agents entries must have 'tenant' and 'agent' fields");
|
|
219
|
+
}
|
|
220
|
+
}
|
|
221
|
+
return {
|
|
222
|
+
mode: mode,
|
|
223
|
+
minTrustLevel: section.min_trust_level ?? 1,
|
|
224
|
+
requireSignature: section.require_signature ?? false,
|
|
225
|
+
freshnessWindow: section.freshness_window ?? 86400,
|
|
226
|
+
trustedTenants: section.trusted_tenants ?? [],
|
|
227
|
+
trustedAgents,
|
|
228
|
+
denyAgents: section.deny_agents ?? [],
|
|
229
|
+
denyTenants: section.deny_tenants ?? [],
|
|
230
|
+
requiredProcedures: section.required_procedures ?? [],
|
|
231
|
+
signingKeys: resolvedKeys,
|
|
232
|
+
};
|
|
233
|
+
}
|
|
234
|
+
function extractHardware(raw) {
|
|
235
|
+
const section = raw.hardware;
|
|
236
|
+
if (!section)
|
|
237
|
+
return null;
|
|
238
|
+
delete raw.hardware;
|
|
239
|
+
if (typeof section !== "object" || Array.isArray(section)) {
|
|
240
|
+
throw new Error("'hardware' must be a YAML mapping");
|
|
241
|
+
}
|
|
242
|
+
validateKeys(section, VALID_HARDWARE_KEYS, "hardware");
|
|
243
|
+
return {
|
|
244
|
+
requireAttestation: section.require_attestation ?? false,
|
|
245
|
+
attestationFreshness: section.attestation_freshness ?? 3600,
|
|
246
|
+
allowedMethods: section.allowed_methods ?? [],
|
|
247
|
+
};
|
|
248
|
+
}
|
|
249
|
+
function extractDensityPolicy(raw) {
|
|
250
|
+
const section = raw.density_policy;
|
|
251
|
+
if (!section)
|
|
252
|
+
return null;
|
|
253
|
+
delete raw.density_policy;
|
|
254
|
+
if (typeof section !== "object" || Array.isArray(section)) {
|
|
255
|
+
throw new Error("'density_policy' must be a YAML mapping");
|
|
256
|
+
}
|
|
257
|
+
validateKeys(section, VALID_DENSITY_POLICY_KEYS, "density_policy");
|
|
258
|
+
return {
|
|
259
|
+
minAnchorsPerThousandTokens: section.min_anchors_per_1000_tokens ?? 1,
|
|
260
|
+
requiredProviders: section.required_providers ?? [],
|
|
261
|
+
maxChainGapSeconds: section.max_chain_gap_seconds ?? 60,
|
|
262
|
+
requireSigningKey: section.require_signing_key ?? false,
|
|
263
|
+
minTrustLevel: section.min_trust_level ?? 1,
|
|
264
|
+
};
|
|
265
|
+
}
|
|
266
|
+
function extractMcpPolicy(raw) {
|
|
267
|
+
const section = raw.mcp_policy;
|
|
268
|
+
if (!section)
|
|
269
|
+
return null;
|
|
270
|
+
delete raw.mcp_policy;
|
|
271
|
+
if (typeof section !== "object" || Array.isArray(section)) {
|
|
272
|
+
throw new Error("'mcp_policy' must be a YAML mapping");
|
|
273
|
+
}
|
|
274
|
+
validateKeys(section, VALID_MCP_POLICY_KEYS, "mcp_policy");
|
|
275
|
+
const rawRules = section.rules ?? [];
|
|
276
|
+
const rules = rawRules.map((r) => ({
|
|
277
|
+
match: r.match ?? "*",
|
|
278
|
+
action: r.action ?? "block",
|
|
279
|
+
reason: r.reason ?? "",
|
|
280
|
+
...(r.params ? { params: r.params } : {}),
|
|
281
|
+
}));
|
|
282
|
+
return {
|
|
283
|
+
witnessedTools: section.witnessed_tools ?? [],
|
|
284
|
+
exemptTools: section.exempt_tools ?? [],
|
|
285
|
+
requireTrustLevel: section.require_trust_level ?? 0,
|
|
286
|
+
autoWitness: section.auto_witness ?? true,
|
|
287
|
+
blockOnFailure: section.block_on_failure ?? false,
|
|
288
|
+
maxVelocity: section.max_velocity,
|
|
289
|
+
maxChainDepth: section.max_chain_depth,
|
|
290
|
+
toolAllowlist: section.tool_allowlist ?? [],
|
|
291
|
+
toolBlocklist: section.tool_blocklist ?? [],
|
|
292
|
+
failSecure: section.fail_secure ?? true,
|
|
293
|
+
rules,
|
|
294
|
+
maxTokensPerSession: section.max_tokens_per_session,
|
|
295
|
+
};
|
|
296
|
+
}
|
|
297
|
+
function extractMerkle(raw) {
|
|
298
|
+
const section = raw.merkle;
|
|
299
|
+
if (!section)
|
|
300
|
+
return null;
|
|
301
|
+
delete raw.merkle;
|
|
302
|
+
if (typeof section !== "object" || Array.isArray(section)) {
|
|
303
|
+
throw new Error("'merkle' must be a YAML mapping");
|
|
304
|
+
}
|
|
305
|
+
validateKeys(section, VALID_MERKLE_KEYS, "merkle");
|
|
306
|
+
return {
|
|
307
|
+
enabled: section.enabled ?? true,
|
|
308
|
+
accumulatorInterval: section.accumulator_interval ?? 0,
|
|
309
|
+
};
|
|
310
|
+
}
|
|
311
|
+
// ── Profile / Template System ─────────────────────────────────────────
|
|
312
|
+
function deepMerge(base, override) {
|
|
313
|
+
const result = { ...base };
|
|
314
|
+
for (const [key, value] of Object.entries(override)) {
|
|
315
|
+
if (value && typeof value === "object" && !Array.isArray(value) &&
|
|
316
|
+
result[key] && typeof result[key] === "object" && !Array.isArray(result[key])) {
|
|
317
|
+
result[key] = deepMerge(result[key], value);
|
|
318
|
+
}
|
|
319
|
+
else {
|
|
320
|
+
result[key] = value;
|
|
321
|
+
}
|
|
322
|
+
}
|
|
323
|
+
return result;
|
|
324
|
+
}
|
|
325
|
+
function loadProfile(profileName, parse) {
|
|
326
|
+
if (!VALID_PROFILES.has(profileName)) {
|
|
327
|
+
throw new Error(`Unknown profile: '${profileName}'. Valid profiles: ${[...VALID_PROFILES].sort().join(", ")}`);
|
|
328
|
+
}
|
|
329
|
+
let templatesDir;
|
|
330
|
+
try {
|
|
331
|
+
const __dirname = dirname(fileURLToPath(import.meta.url));
|
|
332
|
+
templatesDir = join(__dirname, "..", "templates");
|
|
333
|
+
}
|
|
334
|
+
catch {
|
|
335
|
+
templatesDir = join(__dirname, "..", "templates");
|
|
336
|
+
}
|
|
337
|
+
const templatePath = join(templatesDir, `${profileName}.yaml`);
|
|
338
|
+
if (!existsSync(templatePath)) {
|
|
339
|
+
throw new Error(`Profile template not found: ${templatePath}`);
|
|
340
|
+
}
|
|
341
|
+
const content = readFileSync(templatePath, "utf-8");
|
|
342
|
+
const tmpl = parse(content);
|
|
343
|
+
if (!tmpl || typeof tmpl !== "object") {
|
|
344
|
+
throw new Error(`Invalid profile template: ${profileName}`);
|
|
345
|
+
}
|
|
346
|
+
return tmpl;
|
|
347
|
+
}
|
|
348
|
+
// ── Policy Validation ─────────────────────────────────────────────────
|
|
349
|
+
export function validatePolicy(config, policy) {
|
|
93
350
|
if (policy.require_signing && !config.signingKey) {
|
|
94
351
|
throw new Error("Policy violation: require_signing is true but no signing_key configured");
|
|
95
352
|
}
|
|
@@ -122,33 +379,60 @@ function validatePolicy(config, policy) {
|
|
|
122
379
|
}
|
|
123
380
|
}
|
|
124
381
|
}
|
|
382
|
+
// ── Config Hash ───────────────────────────────────────────────────────
|
|
383
|
+
export function computeConfigHash(content) {
|
|
384
|
+
return createHash("sha256").update(content, "utf-8").digest("hex");
|
|
385
|
+
}
|
|
386
|
+
// ── Public API ────────────────────────────────────────────────────────
|
|
125
387
|
/**
|
|
126
388
|
* Load a .swt3.yaml config file and return a WitnessOptions object.
|
|
127
|
-
*
|
|
128
|
-
* @param path - Explicit path to YAML file. If omitted, searches for
|
|
129
|
-
* swt3.yaml or .swt3.yaml in the current directory.
|
|
130
|
-
* @returns WitnessOptions compatible with `new Witness(options)`.
|
|
131
|
-
* @throws If file not found, env var missing, yaml package not installed, or policy violation.
|
|
389
|
+
* Backward-compatible: returns WitnessOptions only (no trust_mesh, hardware, etc.).
|
|
132
390
|
*/
|
|
133
391
|
export function loadConfig(path) {
|
|
134
|
-
|
|
135
|
-
|
|
136
|
-
|
|
137
|
-
|
|
138
|
-
|
|
139
|
-
|
|
140
|
-
|
|
141
|
-
|
|
142
|
-
"Install it with: npm install yaml");
|
|
143
|
-
}
|
|
392
|
+
return loadFullConfig(path).witnessOptions;
|
|
393
|
+
}
|
|
394
|
+
/**
|
|
395
|
+
* Load a .swt3.yaml config file and return the full parsed config
|
|
396
|
+
* including trust_mesh, hardware, density_policy, and config hash.
|
|
397
|
+
*/
|
|
398
|
+
export function loadFullConfig(path) {
|
|
399
|
+
const parse = getYamlParser();
|
|
144
400
|
const configPath = findConfig(path);
|
|
145
401
|
const content = readFileSync(configPath, "utf-8");
|
|
146
|
-
|
|
402
|
+
let raw = parse(content);
|
|
147
403
|
if (!raw || typeof raw !== "object") {
|
|
148
|
-
throw new Error(
|
|
404
|
+
throw new Error("Invalid config file: expected a YAML mapping");
|
|
149
405
|
}
|
|
150
|
-
//
|
|
406
|
+
// Extends: load parent files and deep-merge (extends < profile < user config)
|
|
407
|
+
const configDir = dirname(require("node:path").resolve(configPath));
|
|
408
|
+
const realPath = require("node:fs").realpathSync(require("node:path").resolve(configPath));
|
|
409
|
+
// Containment boundary: one level above config dir (allows ../shared.yaml but blocks ../../etc/passwd)
|
|
410
|
+
const extendsRootDir = dirname(configDir);
|
|
411
|
+
const extendsResult = processExtends(raw, configDir, parse, new Set([realPath]), 0, extendsRootDir);
|
|
412
|
+
raw = extendsResult.merged;
|
|
413
|
+
// Config hash: includes all extended files + main file
|
|
414
|
+
const allContents = [...extendsResult.extendedContents, content].join("\n");
|
|
415
|
+
const configHash = computeConfigHash(allContents);
|
|
416
|
+
// Profile: load base template and deep-merge user config on top
|
|
417
|
+
const profileName = raw.profile;
|
|
418
|
+
if (profileName) {
|
|
419
|
+
delete raw.profile;
|
|
420
|
+
const template = loadProfile(profileName, parse);
|
|
421
|
+
raw = deepMerge(template, raw);
|
|
422
|
+
}
|
|
423
|
+
// Schema validation: catch typos and unknown keys before they silently pass through
|
|
424
|
+
const schemaResult = runSchemaValidation(raw);
|
|
425
|
+
if (!schemaResult.valid) {
|
|
426
|
+
const msgs = schemaResult.errors.map((e) => `${e.path}: ${e.message}`);
|
|
427
|
+
throw new Error(`SWT3 config validation failed:\n ${msgs.join("\n ")}`);
|
|
428
|
+
}
|
|
429
|
+
// Extract governance sections before key mapping
|
|
151
430
|
const policy = extractPolicy(raw);
|
|
431
|
+
const trustMesh = extractTrustMesh(raw);
|
|
432
|
+
const hardware = extractHardware(raw);
|
|
433
|
+
const densityPolicy = extractDensityPolicy(raw);
|
|
434
|
+
const mcpPolicy = extractMcpPolicy(raw);
|
|
435
|
+
const merkle = extractMerkle(raw);
|
|
152
436
|
const result = {};
|
|
153
437
|
// Resolve _env fields from environment
|
|
154
438
|
for (const [envKey, targetKey] of Object.entries(ENV_FIELDS)) {
|
|
@@ -165,7 +449,9 @@ export function loadConfig(path) {
|
|
|
165
449
|
// Map remaining keys from snake_case to camelCase
|
|
166
450
|
for (const [key, value] of Object.entries(raw)) {
|
|
167
451
|
if (key in ENV_FIELDS)
|
|
168
|
-
continue;
|
|
452
|
+
continue;
|
|
453
|
+
if (SECTION_KEYS.has(key))
|
|
454
|
+
continue;
|
|
169
455
|
const camelKey = KEY_MAP[key] || key;
|
|
170
456
|
result[camelKey] = value;
|
|
171
457
|
}
|
|
@@ -173,6 +459,24 @@ export function loadConfig(path) {
|
|
|
173
459
|
if (policy) {
|
|
174
460
|
validatePolicy(result, policy);
|
|
175
461
|
}
|
|
176
|
-
|
|
462
|
+
// Convert internal Policy to public PolicyConfig (camelCase)
|
|
463
|
+
const policyConfig = policy ? {
|
|
464
|
+
requireSigning: policy.require_signing,
|
|
465
|
+
minClearingLevel: policy.min_clearing_level,
|
|
466
|
+
requiredProcedures: policy.required_procedures,
|
|
467
|
+
requireAgentId: policy.require_agent_id,
|
|
468
|
+
maxFlushInterval: policy.max_flush_interval,
|
|
469
|
+
requireJurisdiction: policy.require_jurisdiction,
|
|
470
|
+
} : null;
|
|
471
|
+
return {
|
|
472
|
+
witnessOptions: result,
|
|
473
|
+
trustMesh,
|
|
474
|
+
hardware,
|
|
475
|
+
densityPolicy,
|
|
476
|
+
mcpPolicy,
|
|
477
|
+
merkle,
|
|
478
|
+
policy: policyConfig,
|
|
479
|
+
configHash,
|
|
480
|
+
};
|
|
177
481
|
}
|
|
178
482
|
//# sourceMappingURL=config.js.map
|
package/dist/config.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"config.js","sourceRoot":"","sources":["../src/config.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;AAEH,OAAO,EAAE,YAAY,EAAE,UAAU,EAAE,MAAM,SAAS,CAAC;AAGnD,sEAAsE;AACtE,MAAM,OAAO,GAA2B;IACtC,OAAO,EAAE,QAAQ;IACjB,SAAS,EAAE,UAAU;IACrB,cAAc,EAAE,eAAe;IAC/B,WAAW,EAAE,YAAY;IACzB,cAAc,EAAE,eAAe;IAC/B,WAAW,EAAE,YAAY;IACzB,oBAAoB,EAAE,oBAAoB;IAC1C,mBAAmB,EAAE,oBAAoB;IACzC,eAAe,EAAE,gBAAgB;IACjC,cAAc,EAAE,eAAe;IAC/B,mBAAmB,EAAE,mBAAmB;IACxC,QAAQ,EAAE,SAAS;IACnB,WAAW,EAAE,YAAY;IACzB,cAAc,EAAE,cAAc;IAC9B,mBAAmB,EAAE,mBAAmB;IACxC,QAAQ,EAAE,SAAS;IACnB,cAAc,EAAE,eAAe;IAC/B,WAAW,EAAE,YAAY;IACzB,aAAa,EAAE,cAAc;IAC7B,QAAQ,EAAE,SAAS;IACnB,YAAY,EAAE,aAAa;CAC5B,CAAC;AAEF,uDAAuD;AACvD,MAAM,UAAU,GAA2B;IACzC,WAAW,EAAE,QAAQ;IACrB,eAAe,EAAE,YAAY;CAC9B,CAAC;AAEF,SAAS,UAAU,CAAC,IAAa;IAC/B,IAAI,IAAI,EAAE,CAAC;QACT,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC;YACtB,MAAM,IAAI,KAAK,CAAC,+BAA+B,IAAI,EAAE,CAAC,CAAC;QACzD,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;IACD,KAAK,MAAM,IAAI,IAAI,CAAC,WAAW,EAAE,YAAY,CAAC,EAAE,CAAC;QAC/C,IAAI,UAAU,CAAC,IAAI,CAAC;YAAE,OAAO,IAAI,CAAC;IACpC,CAAC;IACD,MAAM,IAAI,KAAK,CACb,6DAA6D;QAC7D,2CAA2C,CAC5C,CAAC;AACJ,CAAC;AAED;;;;;;;GAOG;AACH,2CAA2C;AAC3C,MAAM,iBAAiB,GAAG,IAAI,GAAG,CAAC;IAChC,iBAAiB;IACjB,oBAAoB;IACpB,qBAAqB;IACrB,kBAAkB;IAClB,oBAAoB;IACpB,sBAAsB;CACvB,CAAC,CAAC;AAWH,SAAS,aAAa,CAAC,GAA4B;IACjD,MAAM,MAAM,GAAG,GAAG,CAAC,MAA6C,CAAC;IACjE,IAAI,CAAC,MAAM;QAAE,OAAO,IAAI,CAAC;IACzB,OAAO,GAAG,CAAC,MAAM,CAAC;IAElB,IAAI,OAAO,MAAM,KAAK,QAAQ,IAAI,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC;QACxD,MAAM,IAAI,KAAK,CAAC,iCAAiC,CAAC,CAAC;IACrD,CAAC;IAED,MAAM,OAAO,GAAG,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,iBAAiB,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;IAC7E,IAAI,OAAO,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACvB,MAAM,IAAI,KAAK,CAAC,wBAAwB,OAAO,CAAC,IAAI,EAAE,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACvE,CAAC;IAED,OAAO,MAAgB,CAAC;AAC1B,CAAC;AAED,SAAS,cAAc,CAAC,MAA+B,EAAE,MAAc;IACrE,IAAI,MAAM,CAAC,eAAe,IAAI,CAAC,MAAM,CAAC,UAAU,EAAE,CAAC;QACjD,MAAM,IAAI,KAAK,CACb,yEAAyE,CAC1E,CAAC;IACJ,CAAC;IAED,IAAI,MAAM,CAAC,kBAAkB,KAAK,SAAS,EAAE,CAAC;QAC5C,MAAM,MAAM,GAAI,MAAM,CAAC,aAAwB,IAAI,CAAC,CAAC;QACrD,IAAI,MAAM,GAAG,MAAM,CAAC,kBAAkB,EAAE,CAAC;YACvC,MAAM,IAAI,KAAK,CACb,oCAAoC,MAAM,gCAAgC,MAAM,CAAC,kBAAkB,EAAE,CACtG,CAAC;QACJ,CAAC;IACH,CAAC;IAED,IAAI,MAAM,CAAC,gBAAgB,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;QAC/C,MAAM,IAAI,KAAK,CACb,uEAAuE,CACxE,CAAC;IACJ,CAAC;IAED,IAAI,MAAM,CAAC,oBAAoB,IAAI,CAAC,MAAM,CAAC,YAAY,EAAE,CAAC;QACxD,MAAM,IAAI,KAAK,CACb,+EAA+E,CAChF,CAAC;IACJ,CAAC;IAED,IAAI,MAAM,CAAC,kBAAkB,KAAK,SAAS,EAAE,CAAC;QAC5C,MAAM,MAAM,GAAI,MAAM,CAAC,aAAwB,IAAI,CAAC,CAAC;QACrD,IAAI,MAAM,GAAG,MAAM,CAAC,kBAAkB,EAAE,CAAC;YACvC,MAAM,IAAI,KAAK,CACb,oCAAoC,MAAM,gCAAgC,MAAM,CAAC,kBAAkB,GAAG,CACvG,CAAC;QACJ,CAAC;IACH,CAAC;IAED,IAAI,MAAM,CAAC,mBAAmB,EAAE,CAAC;QAC/B,MAAM,UAAU,GAAG,MAAM,CAAC,UAAkC,CAAC;QAC7D,IAAI,UAAU,KAAK,SAAS,EAAE,CAAC;YAC7B,MAAM,aAAa,GAAG,IAAI,GAAG,CAAC,UAAU,CAAC,CAAC;YAC1C,MAAM,OAAO,GAAG,MAAM,CAAC,mBAAmB,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,aAAa,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;YAChF,IAAI,OAAO,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBACvB,MAAM,IAAI,KAAK,CACb,0CAA0C,OAAO,CAAC,IAAI,EAAE,CAAC,IAAI,CAAC,IAAI,CAAC,qCAAqC,CACzG,CAAC;YACJ,CAAC;QACH,CAAC;IACH,CAAC;AACH,CAAC;AAED;;;;;;;GAOG;AACH,MAAM,UAAU,UAAU,CAAC,IAAa;IACtC,IAAI,KAAiC,CAAC;IACtC,IAAI,CAAC;QACH,iEAAiE;QACjE,MAAM,OAAO,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;QAChC,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC;IACxB,CAAC;IAAC,MAAM,CAAC;QACP,MAAM,IAAI,KAAK,CACb,yDAAyD;YACzD,mCAAmC,CACpC,CAAC;IACJ,CAAC;IAED,MAAM,UAAU,GAAG,UAAU,CAAC,IAAI,CAAC,CAAC;IACpC,MAAM,OAAO,GAAG,YAAY,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC;IAClD,MAAM,GAAG,GAAG,KAAK,CAAC,OAAO,CAA4B,CAAC;IAEtD,IAAI,CAAC,GAAG,IAAI,OAAO,GAAG,KAAK,QAAQ,EAAE,CAAC;QACpC,MAAM,IAAI,KAAK,CAAC,8CAA8C,CAAC,CAAC;IAClE,CAAC;IAED,wCAAwC;IACxC,MAAM,MAAM,GAAG,aAAa,CAAC,GAAG,CAAC,CAAC;IAElC,MAAM,MAAM,GAA4B,EAAE,CAAC;IAE3C,uCAAuC;IACvC,KAAK,MAAM,CAAC,MAAM,EAAE,SAAS,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,UAAU,CAAC,EAAE,CAAC;QAC7D,IAAI,MAAM,IAAI,GAAG,EAAE,CAAC;YAClB,MAAM,OAAO,GAAG,GAAG,CAAC,MAAM,CAAW,CAAC;YACtC,MAAM,KAAK,GAAG,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;YACnC,IAAI,CAAC,KAAK,EAAE,CAAC;gBACX,MAAM,IAAI,KAAK,CACb,yBAAyB,OAAO,WAAW,MAAM,cAAc,CAChE,CAAC;YACJ,CAAC;YACD,MAAM,CAAC,SAAS,CAAC,GAAG,KAAK,CAAC;YAC1B,OAAO,GAAG,CAAC,MAAM,CAAC,CAAC;QACrB,CAAC;IACH,CAAC;IAED,kDAAkD;IAClD,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC;QAC/C,IAAI,GAAG,IAAI,UAAU;YAAE,SAAS,CAAC,kBAAkB;QACnD,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,IAAI,GAAG,CAAC;QACrC,MAAM,CAAC,QAAQ,CAAC,GAAG,KAAK,CAAC;IAC3B,CAAC;IAED,iDAAiD;IACjD,IAAI,MAAM,EAAE,CAAC;QACX,cAAc,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACjC,CAAC;IAED,OAAO,MAAmC,CAAC;AAC7C,CAAC"}
|
|
1
|
+
{"version":3,"file":"config.js","sourceRoot":"","sources":["../src/config.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;AAEH,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AACzC,OAAO,EAAE,YAAY,EAAE,UAAU,EAAE,MAAM,SAAS,CAAC;AACnD,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AAC1C,OAAO,EAAE,aAAa,EAAE,MAAM,UAAU,CAAC;AACzC,OAAO,EAAE,cAAc,IAAI,mBAAmB,EAAE,MAAM,aAAa,CAAC;AAMpE,sEAAsE;AACtE,MAAM,OAAO,GAA2B;IACtC,OAAO,EAAE,QAAQ;IACjB,SAAS,EAAE,UAAU;IACrB,cAAc,EAAE,eAAe;IAC/B,WAAW,EAAE,YAAY;IACzB,cAAc,EAAE,eAAe;IAC/B,WAAW,EAAE,YAAY;IACzB,oBAAoB,EAAE,oBAAoB;IAC1C,mBAAmB,EAAE,oBAAoB;IACzC,eAAe,EAAE,gBAAgB;IACjC,cAAc,EAAE,eAAe;IAC/B,mBAAmB,EAAE,mBAAmB;IACxC,QAAQ,EAAE,SAAS;IACnB,WAAW,EAAE,YAAY;IACzB,cAAc,EAAE,cAAc;IAC9B,mBAAmB,EAAE,mBAAmB;IACxC,QAAQ,EAAE,SAAS;IACnB,cAAc,EAAE,eAAe;IAC/B,WAAW,EAAE,YAAY;IACzB,aAAa,EAAE,cAAc;IAC7B,QAAQ,EAAE,SAAS;IACnB,YAAY,EAAE,aAAa;IAC3B,QAAQ,EAAE,SAAS;IACnB,aAAa,EAAE,cAAc;IAC7B,YAAY,EAAE,aAAa;CAC5B,CAAC;AAEF,uDAAuD;AACvD,MAAM,UAAU,GAA2B;IACzC,WAAW,EAAE,QAAQ;IACrB,eAAe,EAAE,YAAY;CAC9B,CAAC;AAEF,uDAAuD;AACvD,MAAM,YAAY,GAAG,IAAI,GAAG,CAAC,CAAC,QAAQ,EAAE,YAAY,EAAE,UAAU,EAAE,gBAAgB,EAAE,YAAY,EAAE,QAAQ,EAAE,SAAS,CAAC,CAAC,CAAC;AAExH,yEAAyE;AAEzE,MAAM,iBAAiB,GAAG,IAAI,GAAG,CAAC;IAChC,iBAAiB;IACjB,oBAAoB;IACpB,qBAAqB;IACrB,kBAAkB;IAClB,oBAAoB;IACpB,sBAAsB;CACvB,CAAC,CAAC;AAEH,MAAM,qBAAqB,GAAG,IAAI,GAAG,CAAC;IACpC,MAAM,EAAE,iBAAiB,EAAE,mBAAmB,EAAE,kBAAkB;IAClE,iBAAiB,EAAE,gBAAgB,EAAE,aAAa,EAAE,cAAc;IAClE,qBAAqB,EAAE,cAAc;CACtC,CAAC,CAAC;AAEH,MAAM,mBAAmB,GAAG,IAAI,GAAG,CAAC;IAClC,qBAAqB,EAAE,uBAAuB,EAAE,iBAAiB;CAClE,CAAC,CAAC;AAEH,MAAM,yBAAyB,GAAG,IAAI,GAAG,CAAC;IACxC,6BAA6B,EAAE,oBAAoB;IACnD,uBAAuB,EAAE,qBAAqB,EAAE,iBAAiB;CAClE,CAAC,CAAC;AAEH,MAAM,qBAAqB,GAAG,IAAI,GAAG,CAAC;IACpC,iBAAiB,EAAE,cAAc,EAAE,qBAAqB;IACxD,cAAc,EAAE,kBAAkB;IAClC,cAAc,EAAE,iBAAiB,EAAE,gBAAgB,EAAE,gBAAgB;IACrE,aAAa,EAAE,OAAO,EAAE,wBAAwB;CACjD,CAAC,CAAC;AAEH,MAAM,iBAAiB,GAAG,IAAI,GAAG,CAAC;IAChC,SAAS,EAAE,sBAAsB;CAClC,CAAC,CAAC;AAEH,MAAM,cAAc,GAAG,IAAI,GAAG,CAAC;IAC7B,qBAAqB;IACrB,mBAAmB;IACnB,gBAAgB;IAChB,aAAa;IACb,qBAAqB;IACrB,SAAS;CACV,CAAC,CAAC;AAEH,yEAAyE;AAEzE,SAAS,aAAa;IACpB,IAAI,CAAC;QACH,iEAAiE;QACjE,MAAM,OAAO,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;QAChC,OAAO,OAAO,CAAC,KAAK,CAAC;IACvB,CAAC;IAAC,MAAM,CAAC;QACP,MAAM,IAAI,KAAK,CACb,yDAAyD;YACzD,mCAAmC,CACpC,CAAC;IACJ,CAAC;AACH,CAAC;AAED,SAAS,UAAU,CAAC,IAAa;IAC/B,IAAI,IAAI,EAAE,CAAC;QACT,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC;YACtB,MAAM,IAAI,KAAK,CAAC,+BAA+B,IAAI,EAAE,CAAC,CAAC;QACzD,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;IACD,KAAK,MAAM,IAAI,IAAI,CAAC,WAAW,EAAE,YAAY,CAAC,EAAE,CAAC;QAC/C,IAAI,UAAU,CAAC,IAAI,CAAC;YAAE,OAAO,IAAI,CAAC;IACpC,CAAC;IACD,MAAM,IAAI,KAAK,CACb,6DAA6D;QAC7D,2CAA2C,CAC5C,CAAC;AACJ,CAAC;AAED,yEAAyE;AAEzE,MAAM,iBAAiB,GAAG,EAAE,CAAC;AAE7B,SAAS,cAAc,CACrB,GAA4B,EAC5B,SAAiB,EACjB,KAAiC,EACjC,UAAuB,IAAI,GAAG,EAAE,EAChC,QAAgB,CAAC,EACjB,OAAgB;IAEhB,MAAM,UAAU,GAAG,GAAG,CAAC,OAAwC,CAAC;IAChE,IAAI,CAAC,UAAU;QAAE,OAAO,EAAE,MAAM,EAAE,GAAG,EAAE,gBAAgB,EAAE,EAAE,EAAE,CAAC;IAC9D,OAAO,GAAG,CAAC,OAAO,CAAC;IAEnB,IAAI,KAAK,IAAI,iBAAiB,EAAE,CAAC;QAC/B,MAAM,IAAI,KAAK,CAAC,qCAAqC,iBAAiB,GAAG,CAAC,CAAC;IAC7E,CAAC;IAED,gFAAgF;IAChF,MAAM,QAAQ,GAAG,OAAO,IAAI,SAAS,CAAC;IAEtC,MAAM,KAAK,GAAG,KAAK,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC;IACpE,IAAI,IAAI,GAA4B,EAAE,CAAC;IACvC,MAAM,WAAW,GAAa,EAAE,CAAC;IAEjC,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,MAAM,UAAU,GAAG,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC;QACxC,MAAM,QAAQ,GAAG,UAAU;YACzB,CAAC,CAAC,IAAI;YACN,CAAC,CAAC,IAAI,CAAC,SAAS,EAAE,IAAI,CAAC,CAAC;QAE1B,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;YAC1B,MAAM,IAAI,KAAK,CAAC,2BAA2B,IAAI,eAAe,QAAQ,GAAG,CAAC,CAAC;QAC7E,CAAC;QAED,MAAM,IAAI,GAAG,OAAO,CAAC,SAAS,CAAC,CAAC,YAAY,CAAC,QAAQ,CAAC,CAAC;QAEvD,sFAAsF;QACtF,IAAI,CAAC,UAAU,EAAE,CAAC;YAChB,MAAM,YAAY,GAAG,OAAO,CAAC,SAAS,CAAC,CAAC,YAAY,CAAC,QAAQ,CAAC,CAAC;YAC/D,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,YAAY,GAAG,GAAG,CAAC,IAAI,IAAI,KAAK,YAAY,EAAE,CAAC;gBAClE,MAAM,IAAI,KAAK,CACb,0CAA0C,IAAI,eAAe,IAAI,KAAK;oBACtE,8CAA8C,CAC/C,CAAC;YACJ,CAAC;QACH,CAAC;QAED,IAAI,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC;YACtB,MAAM,IAAI,KAAK,CAAC,8BAA8B,IAAI,eAAe,IAAI,GAAG,CAAC,CAAC;QAC5E,CAAC;QAED,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;QAClB,MAAM,OAAO,GAAG,YAAY,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;QAChD,WAAW,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QAE1B,IAAI,SAAS,GAAG,KAAK,CAAC,OAAO,CAA4B,CAAC;QAC1D,IAAI,CAAC,SAAS,IAAI,OAAO,SAAS,KAAK,QAAQ,EAAE,CAAC;YAChD,MAAM,IAAI,KAAK,CAAC,yBAAyB,IAAI,4BAA4B,CAAC,CAAC;QAC7E,CAAC;QAED,MAAM,SAAS,GAAG,OAAO,CAAC,QAAQ,CAAC,CAAC;QACpC,MAAM,YAAY,GAAG,cAAc,CAAC,SAAS,EAAE,SAAS,EAAE,KAAK,EAAE,OAAO,EAAE,KAAK,GAAG,CAAC,EAAE,QAAQ,CAAC,CAAC;QAC/F,WAAW,CAAC,OAAO,CAAC,GAAG,YAAY,CAAC,gBAAgB,CAAC,CAAC;QACtD,SAAS,GAAG,YAAY,CAAC,MAAM,CAAC;QAEhC,IAAI,GAAG,SAAS,CAAC,IAAI,EAAE,SAAS,CAAC,CAAC;IACpC,CAAC;IAED,OAAO,EAAE,MAAM,EAAE,SAAS,CAAC,IAAI,EAAE,GAAG,CAAC,EAAE,gBAAgB,EAAE,WAAW,EAAE,CAAC;AACzE,CAAC;AAED,yEAAyE;AAEzE,SAAS,YAAY,CAAC,OAAgC,EAAE,SAAsB,EAAE,WAAmB;IACjG,MAAM,OAAO,GAAG,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;IACtE,IAAI,OAAO,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACvB,MAAM,IAAI,KAAK,CAAC,WAAW,WAAW,UAAU,OAAO,CAAC,IAAI,EAAE,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAC/E,CAAC;AACH,CAAC;AAWD,SAAS,aAAa,CAAC,GAA4B;IACjD,MAAM,MAAM,GAAG,GAAG,CAAC,MAA6C,CAAC;IACjE,IAAI,CAAC,MAAM;QAAE,OAAO,IAAI,CAAC;IACzB,OAAO,GAAG,CAAC,MAAM,CAAC;IAElB,IAAI,OAAO,MAAM,KAAK,QAAQ,IAAI,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC;QACxD,MAAM,IAAI,KAAK,CAAC,iCAAiC,CAAC,CAAC;IACrD,CAAC;IAED,YAAY,CAAC,MAAM,EAAE,iBAAiB,EAAE,QAAQ,CAAC,CAAC;IAClD,OAAO,MAAgB,CAAC;AAC1B,CAAC;AAED,SAAS,gBAAgB,CAAC,GAA4B;IACpD,MAAM,OAAO,GAAG,GAAG,CAAC,UAAiD,CAAC;IACtE,IAAI,CAAC,OAAO;QAAE,OAAO,IAAI,CAAC;IAC1B,OAAO,GAAG,CAAC,UAAU,CAAC;IAEtB,IAAI,OAAO,OAAO,KAAK,QAAQ,IAAI,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC;QAC1D,MAAM,IAAI,KAAK,CAAC,qCAAqC,CAAC,CAAC;IACzD,CAAC;IAED,YAAY,CAAC,OAAO,EAAE,qBAAqB,EAAE,YAAY,CAAC,CAAC;IAE3D,MAAM,IAAI,GAAI,OAAO,CAAC,IAAe,IAAI,YAAY,CAAC;IACtD,IAAI,CAAC,CAAC,QAAQ,EAAE,YAAY,EAAE,SAAS,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;QACxD,MAAM,IAAI,KAAK,CAAC,gEAAgE,IAAI,GAAG,CAAC,CAAC;IAC3F,CAAC;IAED,uCAAuC;IACvC,MAAM,OAAO,GAAI,OAAO,CAAC,YAA0D,IAAI,EAAE,CAAC;IAC1F,MAAM,YAAY,GAAG,OAAO,CAAC,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE;QACzC,IAAI,CAAC,KAAK,CAAC,KAAK;YAAE,MAAM,IAAI,KAAK,CAAC,6CAA6C,CAAC,CAAC;QACjF,IAAI,CAAC,KAAK,CAAC,OAAO;YAAE,MAAM,IAAI,KAAK,CAAC,+CAA+C,CAAC,CAAC;QACrF,MAAM,KAAK,GAAG,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;QACzC,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,MAAM,IAAI,KAAK,CAAC,yBAAyB,KAAK,CAAC,OAAO,6CAA6C,CAAC,CAAC;QACvG,CAAC;QACD,OAAO,EAAE,KAAK,EAAE,KAAK,CAAC,KAAK,EAAE,GAAG,EAAE,KAAK,EAAE,CAAC;IAC5C,CAAC,CAAC,CAAC;IAEH,oCAAoC;IACpC,MAAM,aAAa,GAAI,OAAO,CAAC,cAA2D,IAAI,EAAE,CAAC;IACjG,KAAK,MAAM,EAAE,IAAI,aAAa,EAAE,CAAC;QAC/B,IAAI,CAAC,EAAE,CAAC,MAAM,IAAI,CAAC,EAAE,CAAC,KAAK,EAAE,CAAC;YAC5B,MAAM,IAAI,KAAK,CAAC,yEAAyE,CAAC,CAAC;QAC7F,CAAC;IACH,CAAC;IAED,OAAO;QACL,IAAI,EAAE,IAA2C;QACjD,aAAa,EAAG,OAAO,CAAC,eAA0B,IAAI,CAAC;QACvD,gBAAgB,EAAG,OAAO,CAAC,iBAA6B,IAAI,KAAK;QACjE,eAAe,EAAG,OAAO,CAAC,gBAA2B,IAAI,KAAK;QAC9D,cAAc,EAAG,OAAO,CAAC,eAA4B,IAAI,EAAE;QAC3D,aAAa;QACb,UAAU,EAAG,OAAO,CAAC,WAAwB,IAAI,EAAE;QACnD,WAAW,EAAG,OAAO,CAAC,YAAyB,IAAI,EAAE;QACrD,kBAAkB,EAAG,OAAO,CAAC,mBAAgC,IAAI,EAAE;QACnE,WAAW,EAAE,YAAY;KAC1B,CAAC;AACJ,CAAC;AAED,SAAS,eAAe,CAAC,GAA4B;IACnD,MAAM,OAAO,GAAG,GAAG,CAAC,QAA+C,CAAC;IACpE,IAAI,CAAC,OAAO;QAAE,OAAO,IAAI,CAAC;IAC1B,OAAO,GAAG,CAAC,QAAQ,CAAC;IAEpB,IAAI,OAAO,OAAO,KAAK,QAAQ,IAAI,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC;QAC1D,MAAM,IAAI,KAAK,CAAC,mCAAmC,CAAC,CAAC;IACvD,CAAC;IAED,YAAY,CAAC,OAAO,EAAE,mBAAmB,EAAE,UAAU,CAAC,CAAC;IAEvD,OAAO;QACL,kBAAkB,EAAG,OAAO,CAAC,mBAA+B,IAAI,KAAK;QACrE,oBAAoB,EAAG,OAAO,CAAC,qBAAgC,IAAI,IAAI;QACvE,cAAc,EAAG,OAAO,CAAC,eAA4B,IAAI,EAAE;KAC5D,CAAC;AACJ,CAAC;AAED,SAAS,oBAAoB,CAAC,GAA4B;IACxD,MAAM,OAAO,GAAG,GAAG,CAAC,cAAqD,CAAC;IAC1E,IAAI,CAAC,OAAO;QAAE,OAAO,IAAI,CAAC;IAC1B,OAAO,GAAG,CAAC,cAAc,CAAC;IAE1B,IAAI,OAAO,OAAO,KAAK,QAAQ,IAAI,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC;QAC1D,MAAM,IAAI,KAAK,CAAC,yCAAyC,CAAC,CAAC;IAC7D,CAAC;IAED,YAAY,CAAC,OAAO,EAAE,yBAAyB,EAAE,gBAAgB,CAAC,CAAC;IAEnE,OAAO;QACL,2BAA2B,EAAG,OAAO,CAAC,2BAAsC,IAAI,CAAC;QACjF,iBAAiB,EAAG,OAAO,CAAC,kBAA+B,IAAI,EAAE;QACjE,kBAAkB,EAAG,OAAO,CAAC,qBAAgC,IAAI,EAAE;QACnE,iBAAiB,EAAG,OAAO,CAAC,mBAA+B,IAAI,KAAK;QACpE,aAAa,EAAG,OAAO,CAAC,eAA0B,IAAI,CAAC;KACxD,CAAC;AACJ,CAAC;AAED,SAAS,gBAAgB,CAAC,GAA4B;IACpD,MAAM,OAAO,GAAG,GAAG,CAAC,UAAiD,CAAC;IACtE,IAAI,CAAC,OAAO;QAAE,OAAO,IAAI,CAAC;IAC1B,OAAO,GAAG,CAAC,UAAU,CAAC;IAEtB,IAAI,OAAO,OAAO,KAAK,QAAQ,IAAI,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC;QAC1D,MAAM,IAAI,KAAK,CAAC,qCAAqC,CAAC,CAAC;IACzD,CAAC;IAED,YAAY,CAAC,OAAO,EAAE,qBAAqB,EAAE,YAAY,CAAC,CAAC;IAE3D,MAAM,QAAQ,GAAI,OAAO,CAAC,KAAwC,IAAI,EAAE,CAAC;IACzE,MAAM,KAAK,GAAG,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;QACjC,KAAK,EAAG,CAAC,CAAC,KAAgB,IAAI,GAAG;QACjC,MAAM,EAAG,CAAC,CAAC,MAA0B,IAAI,OAAO;QAChD,MAAM,EAAG,CAAC,CAAC,MAAiB,IAAI,EAAE;QAClC,GAAG,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,MAAM,EAAE,CAAC,CAAC,MAAiC,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;KACrE,CAAC,CAAC,CAAC;IAEJ,OAAO;QACL,cAAc,EAAG,OAAO,CAAC,eAA4B,IAAI,EAAE;QAC3D,WAAW,EAAG,OAAO,CAAC,YAAyB,IAAI,EAAE;QACrD,iBAAiB,EAAG,OAAO,CAAC,mBAA8B,IAAI,CAAC;QAC/D,WAAW,EAAG,OAAO,CAAC,YAAwB,IAAI,IAAI;QACtD,cAAc,EAAG,OAAO,CAAC,gBAA4B,IAAI,KAAK;QAC9D,WAAW,EAAE,OAAO,CAAC,YAAkC;QACvD,aAAa,EAAE,OAAO,CAAC,eAAqC;QAC5D,aAAa,EAAG,OAAO,CAAC,cAA2B,IAAI,EAAE;QACzD,aAAa,EAAG,OAAO,CAAC,cAA2B,IAAI,EAAE;QACzD,UAAU,EAAG,OAAO,CAAC,WAAuB,IAAI,IAAI;QACpD,KAAK;QACL,mBAAmB,EAAE,OAAO,CAAC,sBAA4C;KAC1E,CAAC;AACJ,CAAC;AAED,SAAS,aAAa,CAAC,GAA4B;IACjD,MAAM,OAAO,GAAG,GAAG,CAAC,MAA6C,CAAC;IAClE,IAAI,CAAC,OAAO;QAAE,OAAO,IAAI,CAAC;IAC1B,OAAO,GAAG,CAAC,MAAM,CAAC;IAElB,IAAI,OAAO,OAAO,KAAK,QAAQ,IAAI,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC;QAC1D,MAAM,IAAI,KAAK,CAAC,iCAAiC,CAAC,CAAC;IACrD,CAAC;IAED,YAAY,CAAC,OAAO,EAAE,iBAAiB,EAAE,QAAQ,CAAC,CAAC;IAEnD,OAAO;QACL,OAAO,EAAG,OAAO,CAAC,OAAmB,IAAI,IAAI;QAC7C,mBAAmB,EAAG,OAAO,CAAC,oBAA+B,IAAI,CAAC;KACnE,CAAC;AACJ,CAAC;AAED,yEAAyE;AAEzE,SAAS,SAAS,CAChB,IAA6B,EAC7B,QAAiC;IAEjC,MAAM,MAAM,GAAG,EAAE,GAAG,IAAI,EAAE,CAAC;IAC3B,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE,CAAC;QACpD,IACE,KAAK,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC;YAC3D,MAAM,CAAC,GAAG,CAAC,IAAI,OAAO,MAAM,CAAC,GAAG,CAAC,KAAK,QAAQ,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,EAC7E,CAAC;YACD,MAAM,CAAC,GAAG,CAAC,GAAG,SAAS,CACrB,MAAM,CAAC,GAAG,CAA4B,EACtC,KAAgC,CACjC,CAAC;QACJ,CAAC;aAAM,CAAC;YACN,MAAM,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC;QACtB,CAAC;IACH,CAAC;IACD,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,SAAS,WAAW,CAAC,WAAmB,EAAE,KAAiC;IACzE,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,WAAW,CAAC,EAAE,CAAC;QACrC,MAAM,IAAI,KAAK,CACb,qBAAqB,WAAW,sBAAsB,CAAC,GAAG,cAAc,CAAC,CAAC,IAAI,EAAE,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAC9F,CAAC;IACJ,CAAC;IACD,IAAI,YAAoB,CAAC;IACzB,IAAI,CAAC;QACH,MAAM,SAAS,GAAG,OAAO,CAAC,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;QAC1D,YAAY,GAAG,IAAI,CAAC,SAAS,EAAE,IAAI,EAAE,WAAW,CAAC,CAAC;IACpD,CAAC;IAAC,MAAM,CAAC;QACP,YAAY,GAAG,IAAI,CAAC,SAAS,EAAE,IAAI,EAAE,WAAW,CAAC,CAAC;IACpD,CAAC;IACD,MAAM,YAAY,GAAG,IAAI,CAAC,YAAY,EAAE,GAAG,WAAW,OAAO,CAAC,CAAC;IAC/D,IAAI,CAAC,UAAU,CAAC,YAAY,CAAC,EAAE,CAAC;QAC9B,MAAM,IAAI,KAAK,CAAC,+BAA+B,YAAY,EAAE,CAAC,CAAC;IACjE,CAAC;IACD,MAAM,OAAO,GAAG,YAAY,CAAC,YAAY,EAAE,OAAO,CAAC,CAAC;IACpD,MAAM,IAAI,GAAG,KAAK,CAAC,OAAO,CAA4B,CAAC;IACvD,IAAI,CAAC,IAAI,IAAI,OAAO,IAAI,KAAK,QAAQ,EAAE,CAAC;QACtC,MAAM,IAAI,KAAK,CAAC,6BAA6B,WAAW,EAAE,CAAC,CAAC;IAC9D,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,yEAAyE;AAEzE,MAAM,UAAU,cAAc,CAAC,MAA+B,EAAE,MAAc;IAC5E,IAAI,MAAM,CAAC,eAAe,IAAI,CAAC,MAAM,CAAC,UAAU,EAAE,CAAC;QACjD,MAAM,IAAI,KAAK,CACb,yEAAyE,CAC1E,CAAC;IACJ,CAAC;IAED,IAAI,MAAM,CAAC,kBAAkB,KAAK,SAAS,EAAE,CAAC;QAC5C,MAAM,MAAM,GAAI,MAAM,CAAC,aAAwB,IAAI,CAAC,CAAC;QACrD,IAAI,MAAM,GAAG,MAAM,CAAC,kBAAkB,EAAE,CAAC;YACvC,MAAM,IAAI,KAAK,CACb,oCAAoC,MAAM,gCAAgC,MAAM,CAAC,kBAAkB,EAAE,CACtG,CAAC;QACJ,CAAC;IACH,CAAC;IAED,IAAI,MAAM,CAAC,gBAAgB,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;QAC/C,MAAM,IAAI,KAAK,CACb,uEAAuE,CACxE,CAAC;IACJ,CAAC;IAED,IAAI,MAAM,CAAC,oBAAoB,IAAI,CAAC,MAAM,CAAC,YAAY,EAAE,CAAC;QACxD,MAAM,IAAI,KAAK,CACb,+EAA+E,CAChF,CAAC;IACJ,CAAC;IAED,IAAI,MAAM,CAAC,kBAAkB,KAAK,SAAS,EAAE,CAAC;QAC5C,MAAM,MAAM,GAAI,MAAM,CAAC,aAAwB,IAAI,CAAC,CAAC;QACrD,IAAI,MAAM,GAAG,MAAM,CAAC,kBAAkB,EAAE,CAAC;YACvC,MAAM,IAAI,KAAK,CACb,oCAAoC,MAAM,gCAAgC,MAAM,CAAC,kBAAkB,GAAG,CACvG,CAAC;QACJ,CAAC;IACH,CAAC;IAED,IAAI,MAAM,CAAC,mBAAmB,EAAE,CAAC;QAC/B,MAAM,UAAU,GAAG,MAAM,CAAC,UAAkC,CAAC;QAC7D,IAAI,UAAU,KAAK,SAAS,EAAE,CAAC;YAC7B,MAAM,aAAa,GAAG,IAAI,GAAG,CAAC,UAAU,CAAC,CAAC;YAC1C,MAAM,OAAO,GAAG,MAAM,CAAC,mBAAmB,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,aAAa,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;YAChF,IAAI,OAAO,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBACvB,MAAM,IAAI,KAAK,CACb,0CAA0C,OAAO,CAAC,IAAI,EAAE,CAAC,IAAI,CAAC,IAAI,CAAC,qCAAqC,CACzG,CAAC;YACJ,CAAC;QACH,CAAC;IACH,CAAC;AACH,CAAC;AAED,yEAAyE;AAEzE,MAAM,UAAU,iBAAiB,CAAC,OAAe;IAC/C,OAAO,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;AACrE,CAAC;AAED,yEAAyE;AAEzE;;;GAGG;AACH,MAAM,UAAU,UAAU,CAAC,IAAa;IACtC,OAAO,cAAc,CAAC,IAAI,CAAC,CAAC,cAA2C,CAAC;AAC1E,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,cAAc,CAAC,IAAa;IAC1C,MAAM,KAAK,GAAG,aAAa,EAAE,CAAC;IAE9B,MAAM,UAAU,GAAG,UAAU,CAAC,IAAI,CAAC,CAAC;IACpC,MAAM,OAAO,GAAG,YAAY,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC;IAElD,IAAI,GAAG,GAAG,KAAK,CAAC,OAAO,CAA4B,CAAC;IAEpD,IAAI,CAAC,GAAG,IAAI,OAAO,GAAG,KAAK,QAAQ,EAAE,CAAC;QACpC,MAAM,IAAI,KAAK,CAAC,8CAA8C,CAAC,CAAC;IAClE,CAAC;IAED,8EAA8E;IAC9E,MAAM,SAAS,GAAG,OAAO,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC,CAAC;IACpE,MAAM,QAAQ,GAAG,OAAO,CAAC,SAAS,CAAC,CAAC,YAAY,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC,CAAC;IAC3F,uGAAuG;IACvG,MAAM,cAAc,GAAG,OAAO,CAAC,SAAS,CAAC,CAAC;IAC1C,MAAM,aAAa,GAAG,cAAc,CAAC,GAAG,EAAE,SAAS,EAAE,KAAK,EAAE,IAAI,GAAG,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,CAAC,EAAE,cAAc,CAAC,CAAC;IACpG,GAAG,GAAG,aAAa,CAAC,MAAM,CAAC;IAE3B,uDAAuD;IACvD,MAAM,WAAW,GAAG,CAAC,GAAG,aAAa,CAAC,gBAAgB,EAAE,OAAO,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAC5E,MAAM,UAAU,GAAG,iBAAiB,CAAC,WAAW,CAAC,CAAC;IAElD,gEAAgE;IAChE,MAAM,WAAW,GAAG,GAAG,CAAC,OAA6B,CAAC;IACtD,IAAI,WAAW,EAAE,CAAC;QAChB,OAAO,GAAG,CAAC,OAAO,CAAC;QACnB,MAAM,QAAQ,GAAG,WAAW,CAAC,WAAW,EAAE,KAAK,CAAC,CAAC;QACjD,GAAG,GAAG,SAAS,CAAC,QAAQ,EAAE,GAAG,CAAC,CAAC;IACjC,CAAC;IAED,oFAAoF;IACpF,MAAM,YAAY,GAAG,mBAAmB,CAAC,GAAG,CAAC,CAAC;IAC9C,IAAI,CAAC,YAAY,CAAC,KAAK,EAAE,CAAC;QACxB,MAAM,IAAI,GAAG,YAAY,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,CAAC,CAAC,IAAI,KAAK,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC;QACvE,MAAM,IAAI,KAAK,CAAC,qCAAqC,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;IAC5E,CAAC;IAED,iDAAiD;IACjD,MAAM,MAAM,GAAG,aAAa,CAAC,GAAG,CAAC,CAAC;IAClC,MAAM,SAAS,GAAG,gBAAgB,CAAC,GAAG,CAAC,CAAC;IACxC,MAAM,QAAQ,GAAG,eAAe,CAAC,GAAG,CAAC,CAAC;IACtC,MAAM,aAAa,GAAG,oBAAoB,CAAC,GAAG,CAAC,CAAC;IAChD,MAAM,SAAS,GAAG,gBAAgB,CAAC,GAAG,CAAC,CAAC;IACxC,MAAM,MAAM,GAAG,aAAa,CAAC,GAAG,CAAC,CAAC;IAElC,MAAM,MAAM,GAA4B,EAAE,CAAC;IAE3C,uCAAuC;IACvC,KAAK,MAAM,CAAC,MAAM,EAAE,SAAS,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,UAAU,CAAC,EAAE,CAAC;QAC7D,IAAI,MAAM,IAAI,GAAG,EAAE,CAAC;YAClB,MAAM,OAAO,GAAG,GAAG,CAAC,MAAM,CAAW,CAAC;YACtC,MAAM,KAAK,GAAG,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;YACnC,IAAI,CAAC,KAAK,EAAE,CAAC;gBACX,MAAM,IAAI,KAAK,CACb,yBAAyB,OAAO,WAAW,MAAM,cAAc,CAChE,CAAC;YACJ,CAAC;YACD,MAAM,CAAC,SAAS,CAAC,GAAG,KAAK,CAAC;YAC1B,OAAO,GAAG,CAAC,MAAM,CAAC,CAAC;QACrB,CAAC;IACH,CAAC;IAED,kDAAkD;IAClD,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC;QAC/C,IAAI,GAAG,IAAI,UAAU;YAAE,SAAS;QAChC,IAAI,YAAY,CAAC,GAAG,CAAC,GAAG,CAAC;YAAE,SAAS;QACpC,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,IAAI,GAAG,CAAC;QACrC,MAAM,CAAC,QAAQ,CAAC,GAAG,KAAK,CAAC;IAC3B,CAAC;IAED,iDAAiD;IACjD,IAAI,MAAM,EAAE,CAAC;QACX,cAAc,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACjC,CAAC;IAED,6DAA6D;IAC7D,MAAM,YAAY,GAAwB,MAAM,CAAC,CAAC,CAAC;QACjD,cAAc,EAAE,MAAM,CAAC,eAAe;QACtC,gBAAgB,EAAE,MAAM,CAAC,kBAAkB;QAC3C,kBAAkB,EAAE,MAAM,CAAC,mBAAmB;QAC9C,cAAc,EAAE,MAAM,CAAC,gBAAgB;QACvC,gBAAgB,EAAE,MAAM,CAAC,kBAAkB;QAC3C,mBAAmB,EAAE,MAAM,CAAC,oBAAoB;KACjD,CAAC,CAAC,CAAC,IAAI,CAAC;IAET,OAAO;QACL,cAAc,EAAE,MAAM;QACtB,SAAS;QACT,QAAQ;QACR,aAAa;QACb,SAAS;QACT,MAAM;QACN,MAAM,EAAE,YAAY;QACpB,UAAU;KACX,CAAC;AACJ,CAAC"}
|
package/dist/demo.d.ts
CHANGED
package/dist/demo.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"demo.d.ts","sourceRoot":"","sources":["../src/demo.ts"],"names":[],"mappings":";AACA;;;;;;;GAOG"}
|
|
1
|
+
{"version":3,"file":"demo.d.ts","sourceRoot":"","sources":["../src/demo.ts"],"names":[],"mappings":";AACA;;;;;;;GAOG;AA4QH,wBAAsB,WAAW,kBA2FhC"}
|
package/dist/demo.js
CHANGED
|
@@ -139,10 +139,10 @@ async function main() {
|
|
|
139
139
|
console.log(` ${D}Preview a live auditor view (no account required):${R}`);
|
|
140
140
|
console.log(` ${C}https://sovereign.tenova.io/audit/axm_audit_demo_eu_ai_act_public${R}`);
|
|
141
141
|
console.log();
|
|
142
|
-
console.log(` ${D}Full conformity requires all
|
|
142
|
+
console.log(` ${D}Full conformity requires all 40 AI procedures. Connect to close the gap:${R}`);
|
|
143
143
|
console.log(` ${C}https://sovereign.tenova.io/signup?ref=sdk_demo${R}`);
|
|
144
144
|
console.log();
|
|
145
|
-
console.log(` ${D}SDK docs: ${C}https://sovereign.tenova.io/docs
|
|
145
|
+
console.log(` ${D}SDK docs: ${C}https://sovereign.tenova.io/docs${R}`);
|
|
146
146
|
console.log(` ${D}Book a pilot: ${C}https://calendly.com/tenova-axiom/30min${R}`);
|
|
147
147
|
console.log(` ${D}GitHub: ${C}https://github.com/tenova-labs/swt3-ai${R}`);
|
|
148
148
|
console.log();
|
|
@@ -220,7 +220,7 @@ ${uncoveredRows}
|
|
|
220
220
|
<h2>Anchor Evidence (Demo)</h2>
|
|
221
221
|
<pre>${anchorText}</pre>
|
|
222
222
|
|
|
223
|
-
<p>Full conformity requires all
|
|
223
|
+
<p>Full conformity requires all 40 AI procedures across inference, model governance, guardrails, RAG, skills, and explainability domains.</p>
|
|
224
224
|
<a class="cta-secondary" href="https://sovereign.tenova.io/audit/axm_audit_demo_eu_ai_act_public">See Live Auditor View \u2192</a>
|
|
225
225
|
<a class="cta" href="https://sovereign.tenova.io/signup?ref=sdk_demo">Close the Gap \u2014 Free Account</a>
|
|
226
226
|
<p style="margin-top:.75rem;font-size:.8rem;color:#9CA3AF">Preview a real tenant's EU AI Act posture (no account required) \u2014 then create your own.</p>
|
|
@@ -234,5 +234,89 @@ ${uncoveredRows}
|
|
|
234
234
|
</body>
|
|
235
235
|
</html>`;
|
|
236
236
|
}
|
|
237
|
-
|
|
237
|
+
export async function runMeshTest() {
|
|
238
|
+
const { TrustRegistry, verifyCredential, signCredential, TRUST_LEVEL_NAMES, TRUST_DENIED, } = await import("./trust.js");
|
|
239
|
+
const { createHash } = await import("node:crypto");
|
|
240
|
+
console.log();
|
|
241
|
+
console.log(`${B}SWT3 Trust Mesh Simulation${R}`);
|
|
242
|
+
console.log(`${D}Two agents. One handshake. Zero network calls.${R}`);
|
|
243
|
+
console.log(`${D}${"─".repeat(56)}${R}`);
|
|
244
|
+
console.log();
|
|
245
|
+
// ── Agent Setup ──
|
|
246
|
+
console.log(` ${C}Agents:${R}`);
|
|
247
|
+
console.log(` ${G}Alice${R} tenant=EU_REGULATED profile=eu-ai-act-high-risk ${D}(signed, guardrails, CL2)${R}`);
|
|
248
|
+
console.log(` ${A}Bob${R} tenant=DEV_SANDBOX profile=minimal ${D}(unsigned, no guardrails, CL0)${R}`);
|
|
249
|
+
console.log();
|
|
250
|
+
const now = Date.now();
|
|
251
|
+
const fp = (s) => createHash("sha256").update(s).digest("hex").slice(0, 12);
|
|
252
|
+
// Alice: strict, signed, high clearing
|
|
253
|
+
const aliceRegistry = new TrustRegistry();
|
|
254
|
+
aliceRegistry.setMinTrustLevel(2);
|
|
255
|
+
aliceRegistry.setRequireSignature(true);
|
|
256
|
+
aliceRegistry.trustTenant("DEV_SANDBOX");
|
|
257
|
+
const aliceCredential = {
|
|
258
|
+
agentId: "alice-agent", tenantId: "EU_REGULATED",
|
|
259
|
+
anchorFingerprint: fp("alice-anchor-" + now),
|
|
260
|
+
anchorTimestampMs: now,
|
|
261
|
+
isSigned: true, procedures: ["AI-INF.1", "AI-GRD.1", "AI-FAIR.1"],
|
|
262
|
+
clearingLevel: 2, hasGuardrails: true, hasHardwareAttestation: false,
|
|
263
|
+
};
|
|
264
|
+
// Bob: permissive, unsigned, minimal
|
|
265
|
+
const bobRegistry = new TrustRegistry();
|
|
266
|
+
bobRegistry.setMinTrustLevel(0);
|
|
267
|
+
bobRegistry.trustTenant("EU_REGULATED");
|
|
268
|
+
const bobCredential = {
|
|
269
|
+
agentId: "bob-agent", tenantId: "DEV_SANDBOX",
|
|
270
|
+
anchorFingerprint: fp("bob-anchor-" + now),
|
|
271
|
+
anchorTimestampMs: now,
|
|
272
|
+
isSigned: false, procedures: [],
|
|
273
|
+
clearingLevel: 0, hasGuardrails: false, hasHardwareAttestation: false,
|
|
274
|
+
};
|
|
275
|
+
// ── Step 1: Alice presents ──
|
|
276
|
+
console.log(` ${C}Step 1: Alice presents credential to Bob${R}`);
|
|
277
|
+
console.log(` Procedures: ${G}${aliceCredential.procedures.join(", ")}${R}`);
|
|
278
|
+
console.log(` Signed: ${G}yes${R} | Guardrails: ${G}yes${R} | Hardware: ${A}no${R} | Clearing: ${G}${aliceCredential.clearingLevel}${R}`);
|
|
279
|
+
console.log();
|
|
280
|
+
// ── Step 2: Bob verifies Alice ──
|
|
281
|
+
console.log(` ${C}Step 2: Bob verifies Alice's credential${R}`);
|
|
282
|
+
const bobResult = verifyCredential(aliceCredential, bobRegistry, "DEV_SANDBOX");
|
|
283
|
+
console.log(` Checks: ${bobResult.checksPerformed} performed, ${bobResult.checksPassed} passed`);
|
|
284
|
+
console.log(` Trust level: ${bobResult.trustLevel} (${TRUST_LEVEL_NAMES[bobResult.trustLevel] ?? "unknown"})`);
|
|
285
|
+
if (bobResult.granted) {
|
|
286
|
+
console.log(` Result: ${G}GRANTED${R}`);
|
|
287
|
+
}
|
|
288
|
+
else {
|
|
289
|
+
console.log(` Denial reason: ${RD}${bobResult.denialReason}${R}`);
|
|
290
|
+
console.log(` Result: ${RD}DENIED${R}`);
|
|
291
|
+
}
|
|
292
|
+
console.log();
|
|
293
|
+
// ── Step 3: Bob presents ──
|
|
294
|
+
console.log(` ${C}Step 3: Bob presents credential to Alice${R}`);
|
|
295
|
+
console.log(` Procedures: ${D}(none)${R}`);
|
|
296
|
+
console.log(` Signed: ${RD}no${R} | Guardrails: ${RD}no${R} | Hardware: ${A}no${R} | Clearing: ${A}${bobCredential.clearingLevel}${R}`);
|
|
297
|
+
console.log();
|
|
298
|
+
// ── Step 4: Alice verifies Bob ──
|
|
299
|
+
console.log(` ${C}Step 4: Alice verifies Bob's credential${R}`);
|
|
300
|
+
const aliceResult = verifyCredential(bobCredential, aliceRegistry, "EU_REGULATED");
|
|
301
|
+
console.log(` Checks: ${aliceResult.checksPerformed} performed, ${aliceResult.checksPassed} passed`);
|
|
302
|
+
console.log(` Trust level: ${aliceResult.trustLevel} (${TRUST_LEVEL_NAMES[aliceResult.trustLevel] ?? "unknown"})`);
|
|
303
|
+
if (aliceResult.granted) {
|
|
304
|
+
console.log(` Result: ${G}GRANTED${R}`);
|
|
305
|
+
}
|
|
306
|
+
else {
|
|
307
|
+
console.log(` Denial reason: ${RD}${aliceResult.denialReason}${R}`);
|
|
308
|
+
console.log(` Result: ${RD}DENIED${R}`);
|
|
309
|
+
}
|
|
310
|
+
console.log();
|
|
311
|
+
// ── Summary ──
|
|
312
|
+
console.log(` ${B}Summary:${R} Asymmetric trust -- Alice is ${G}accepted${R}, Bob is ${RD}rejected${R}.`);
|
|
313
|
+
console.log(` ${D}This is how .swt3.yaml policy controls who your agent communicates with.${R}`);
|
|
314
|
+
console.log();
|
|
315
|
+
}
|
|
316
|
+
if (process.argv.includes("--mesh-test")) {
|
|
317
|
+
runMeshTest();
|
|
318
|
+
}
|
|
319
|
+
else {
|
|
320
|
+
main();
|
|
321
|
+
}
|
|
238
322
|
//# sourceMappingURL=demo.js.map
|