@tenova/swt3-ai 0.5.1 → 0.5.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/LICENSE +191 -0
- package/README.md +227 -10
- package/dist/buffer.d.ts +7 -1
- package/dist/buffer.d.ts.map +1 -1
- package/dist/buffer.js +38 -3
- package/dist/buffer.js.map +1 -1
- package/dist/cli.d.ts +13 -0
- package/dist/cli.d.ts.map +1 -0
- package/dist/cli.js +202 -0
- package/dist/cli.js.map +1 -0
- package/dist/config.d.ts +18 -5
- package/dist/config.d.ts.map +1 -1
- package/dist/config.js +346 -42
- package/dist/config.js.map +1 -1
- package/dist/demo.d.ts +1 -1
- package/dist/demo.d.ts.map +1 -1
- package/dist/demo.js +88 -4
- package/dist/demo.js.map +1 -1
- package/dist/doctor.d.ts +20 -0
- package/dist/doctor.d.ts.map +1 -0
- package/dist/doctor.js +357 -0
- package/dist/doctor.js.map +1 -0
- package/dist/environment.d.ts +34 -0
- package/dist/environment.d.ts.map +1 -0
- package/dist/environment.js +99 -0
- package/dist/environment.js.map +1 -0
- package/dist/exporters/chain-monitor.d.ts +55 -0
- package/dist/exporters/chain-monitor.d.ts.map +1 -0
- package/dist/exporters/chain-monitor.js +172 -0
- package/dist/exporters/chain-monitor.js.map +1 -0
- package/dist/hardware.d.ts +96 -0
- package/dist/hardware.d.ts.map +1 -0
- package/dist/hardware.js +265 -0
- package/dist/hardware.js.map +1 -0
- package/dist/index.d.ts +19 -3
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +10 -2
- package/dist/index.js.map +1 -1
- package/dist/merkle.d.ts +107 -0
- package/dist/merkle.d.ts.map +1 -0
- package/dist/merkle.js +226 -0
- package/dist/merkle.js.map +1 -0
- package/dist/schema.d.ts +18 -0
- package/dist/schema.d.ts.map +1 -0
- package/dist/schema.js +255 -0
- package/dist/schema.js.map +1 -0
- package/dist/trust.d.ts +100 -0
- package/dist/trust.d.ts.map +1 -0
- package/dist/trust.js +222 -0
- package/dist/trust.js.map +1 -0
- package/dist/types.d.ts +167 -11
- package/dist/types.d.ts.map +1 -1
- package/dist/types.js +42 -1
- package/dist/types.js.map +1 -1
- package/dist/wal.d.ts +69 -0
- package/dist/wal.d.ts.map +1 -0
- package/dist/wal.js +223 -0
- package/dist/wal.js.map +1 -0
- package/dist/witness.d.ts +293 -1
- package/dist/witness.d.ts.map +1 -1
- package/dist/witness.js +1234 -5
- package/dist/witness.js.map +1 -1
- package/package.json +7 -7
- package/templates/cost-conscious.yaml +35 -0
- package/templates/eu-ai-act-high-risk.yaml +56 -0
- package/templates/granite-sovereign.yaml +55 -0
- package/templates/minimal.yaml +38 -0
- package/templates/mythos-defense.yaml +65 -0
- package/templates/nist-ai-rmf.yaml +47 -0
- package/templates/owasp-agentic-top10.yaml +50 -0
package/dist/merkle.d.ts
ADDED
|
@@ -0,0 +1,107 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* SWT3 AI Witness SDK -- Merkle Tree + Tiered Accumulator.
|
|
3
|
+
*
|
|
4
|
+
* Inline port of libswt3 Merkle primitives (no external dependency)
|
|
5
|
+
* plus a tiered accumulator that computes session-level Merkle roots
|
|
6
|
+
* on each flush.
|
|
7
|
+
*
|
|
8
|
+
* Domain separation (SWT3:LEAF: / SWT3:NODE:) prevents second-preimage
|
|
9
|
+
* attacks. Fingerprints are sorted lexicographically before tree
|
|
10
|
+
* construction for determinism.
|
|
11
|
+
*
|
|
12
|
+
* Tiers:
|
|
13
|
+
* Session root -- computed per flush (SDK-side, this file)
|
|
14
|
+
* Endpoint root -- computed per interval (server-side, daily_merkle_rollups)
|
|
15
|
+
*
|
|
16
|
+
* Spec: SWT3-SPEC-v1.0.md, Section 6.3 (Enclave Integrity)
|
|
17
|
+
* Patent pending.
|
|
18
|
+
*/
|
|
19
|
+
/** Hash a leaf node (a single fingerprint). Domain-separated. */
|
|
20
|
+
export declare function hashLeaf(fingerprint: string): string;
|
|
21
|
+
/** Hash an internal node (two child hashes). Domain-separated. */
|
|
22
|
+
export declare function hashNode(left: string, right: string): string;
|
|
23
|
+
/**
|
|
24
|
+
* Compute the Merkle root from a set of fingerprints.
|
|
25
|
+
* Sorted lexicographically for determinism.
|
|
26
|
+
*/
|
|
27
|
+
export declare function getMerkleRoot(fingerprints: string[]): string;
|
|
28
|
+
/** A single step in a Merkle inclusion proof. */
|
|
29
|
+
export interface MerkleProofStep {
|
|
30
|
+
hash: string;
|
|
31
|
+
position: "left" | "right";
|
|
32
|
+
}
|
|
33
|
+
/** Merkle inclusion proof for a single fingerprint. */
|
|
34
|
+
export interface MerkleProof {
|
|
35
|
+
fingerprint: string;
|
|
36
|
+
leafHash: string;
|
|
37
|
+
root: string;
|
|
38
|
+
steps: MerkleProofStep[];
|
|
39
|
+
}
|
|
40
|
+
/**
|
|
41
|
+
* Generate a Merkle inclusion proof for a fingerprint.
|
|
42
|
+
* Returns null if the fingerprint is not in the set.
|
|
43
|
+
*/
|
|
44
|
+
export declare function getMerkleProof(fingerprints: string[], target: string): MerkleProof | null;
|
|
45
|
+
/**
|
|
46
|
+
* Verify a Merkle inclusion proof. Requires only the fingerprint,
|
|
47
|
+
* proof steps, and claimed root -- no access to the full set needed.
|
|
48
|
+
*/
|
|
49
|
+
export declare function verifyMerkleProof(fingerprint: string, proof: MerkleProof): boolean;
|
|
50
|
+
export interface SessionRoot {
|
|
51
|
+
root: string;
|
|
52
|
+
fingerprints: string[];
|
|
53
|
+
count: number;
|
|
54
|
+
timestamp: string;
|
|
55
|
+
}
|
|
56
|
+
export interface MerkleConfig {
|
|
57
|
+
enabled: boolean;
|
|
58
|
+
accumulatorInterval: number;
|
|
59
|
+
}
|
|
60
|
+
export interface MerkleAccumulatorOptions {
|
|
61
|
+
/** Directory for session root JSONL persistence. Default: $TMPDIR/swt3-merkle */
|
|
62
|
+
persistDir?: string;
|
|
63
|
+
/** Tenant ID for scoping persistence files. */
|
|
64
|
+
tenantId?: string;
|
|
65
|
+
}
|
|
66
|
+
/**
|
|
67
|
+
* Tiered Merkle Accumulator.
|
|
68
|
+
*
|
|
69
|
+
* Collects anchor fingerprints and computes a session-level Merkle root
|
|
70
|
+
* on each flush. Session roots are persisted to a JSONL file for
|
|
71
|
+
* crash recovery and auditor export.
|
|
72
|
+
*
|
|
73
|
+
* Usage:
|
|
74
|
+
* const acc = new MerkleAccumulator({ tenantId: "ACME" });
|
|
75
|
+
* acc.add("abc123def456");
|
|
76
|
+
* acc.add("789012345678");
|
|
77
|
+
* const root = acc.flush(); // computes + persists session root
|
|
78
|
+
*/
|
|
79
|
+
export declare class MerkleAccumulator {
|
|
80
|
+
private fingerprints;
|
|
81
|
+
private sessionRoots;
|
|
82
|
+
private persistPath;
|
|
83
|
+
constructor(options?: MerkleAccumulatorOptions);
|
|
84
|
+
/** Add a fingerprint to the current session batch. */
|
|
85
|
+
add(fingerprint: string): void;
|
|
86
|
+
/** Add multiple fingerprints. */
|
|
87
|
+
addMany(fingerprints: string[]): void;
|
|
88
|
+
/** Number of fingerprints in the current (unflushed) batch. */
|
|
89
|
+
get pending(): number;
|
|
90
|
+
/** All session roots computed so far. */
|
|
91
|
+
get roots(): SessionRoot[];
|
|
92
|
+
/**
|
|
93
|
+
* Compute the Merkle root for the current batch and persist it.
|
|
94
|
+
* Returns the session root entry, or null if the batch is empty.
|
|
95
|
+
*/
|
|
96
|
+
flush(): SessionRoot | null;
|
|
97
|
+
/**
|
|
98
|
+
* Generate a Merkle proof for a fingerprint within a specific session root.
|
|
99
|
+
* If no root is specified, searches the most recent session.
|
|
100
|
+
*/
|
|
101
|
+
prove(fingerprint: string, rootHash?: string): MerkleProof | null;
|
|
102
|
+
/** Reset the accumulator (clears pending fingerprints, keeps history). */
|
|
103
|
+
reset(): void;
|
|
104
|
+
/** Clear all state including history (for testing). */
|
|
105
|
+
clear(): void;
|
|
106
|
+
}
|
|
107
|
+
//# sourceMappingURL=merkle.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"merkle.d.ts","sourceRoot":"","sources":["../src/merkle.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;GAiBG;AAkBH,iEAAiE;AACjE,wBAAgB,QAAQ,CAAC,WAAW,EAAE,MAAM,GAAG,MAAM,CAEpD;AAED,kEAAkE;AAClE,wBAAgB,QAAQ,CAAC,IAAI,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,MAAM,CAE5D;AAED;;;GAGG;AACH,wBAAgB,aAAa,CAAC,YAAY,EAAE,MAAM,EAAE,GAAG,MAAM,CAmB5D;AAED,iDAAiD;AACjD,MAAM,WAAW,eAAe;IAC9B,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC;CAC5B;AAED,uDAAuD;AACvD,MAAM,WAAW,WAAW;IAC1B,WAAW,EAAE,MAAM,CAAC;IACpB,QAAQ,EAAE,MAAM,CAAC;IACjB,IAAI,EAAE,MAAM,CAAC;IACb,KAAK,EAAE,eAAe,EAAE,CAAC;CAC1B;AAED;;;GAGG;AACH,wBAAgB,cAAc,CAC5B,YAAY,EAAE,MAAM,EAAE,EACtB,MAAM,EAAE,MAAM,GACb,WAAW,GAAG,IAAI,CAwCpB;AAED;;;GAGG;AACH,wBAAgB,iBAAiB,CAC/B,WAAW,EAAE,MAAM,EACnB,KAAK,EAAE,WAAW,GACjB,OAAO,CAYT;AAID,MAAM,WAAW,WAAW;IAC1B,IAAI,EAAE,MAAM,CAAC;IACb,YAAY,EAAE,MAAM,EAAE,CAAC;IACvB,KAAK,EAAE,MAAM,CAAC;IACd,SAAS,EAAE,MAAM,CAAC;CACnB;AAID,MAAM,WAAW,YAAY;IAC3B,OAAO,EAAE,OAAO,CAAC;IACjB,mBAAmB,EAAE,MAAM,CAAC;CAC7B;AAID,MAAM,WAAW,wBAAwB;IACvC,iFAAiF;IACjF,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,+CAA+C;IAC/C,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AAED;;;;;;;;;;;;GAYG;AACH,qBAAa,iBAAiB;IAC5B,OAAO,CAAC,YAAY,CAAgB;IACpC,OAAO,CAAC,YAAY,CAAqB;IACzC,OAAO,CAAC,WAAW,CAAgB;gBAEvB,OAAO,GAAE,wBAA6B;IAwBlD,sDAAsD;IACtD,GAAG,CAAC,WAAW,EAAE,MAAM,GAAG,IAAI;IAI9B,iCAAiC;IACjC,OAAO,CAAC,YAAY,EAAE,MAAM,EAAE,GAAG,IAAI;IAIrC,+DAA+D;IAC/D,IAAI,OAAO,IAAI,MAAM,CAEpB;IAED,yCAAyC;IACzC,IAAI,KAAK,IAAI,WAAW,EAAE,CAEzB;IAED;;;OAGG;IACH,KAAK,IAAI,WAAW,GAAG,IAAI;IAuB3B;;;OAGG;IACH,KAAK,CAAC,WAAW,EAAE,MAAM,EAAE,QAAQ,CAAC,EAAE,MAAM,GAAG,WAAW,GAAG,IAAI;IAajE,0EAA0E;IAC1E,KAAK,IAAI,IAAI;IAIb,uDAAuD;IACvD,KAAK,IAAI,IAAI;CAId"}
|
package/dist/merkle.js
ADDED
|
@@ -0,0 +1,226 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* SWT3 AI Witness SDK -- Merkle Tree + Tiered Accumulator.
|
|
3
|
+
*
|
|
4
|
+
* Inline port of libswt3 Merkle primitives (no external dependency)
|
|
5
|
+
* plus a tiered accumulator that computes session-level Merkle roots
|
|
6
|
+
* on each flush.
|
|
7
|
+
*
|
|
8
|
+
* Domain separation (SWT3:LEAF: / SWT3:NODE:) prevents second-preimage
|
|
9
|
+
* attacks. Fingerprints are sorted lexicographically before tree
|
|
10
|
+
* construction for determinism.
|
|
11
|
+
*
|
|
12
|
+
* Tiers:
|
|
13
|
+
* Session root -- computed per flush (SDK-side, this file)
|
|
14
|
+
* Endpoint root -- computed per interval (server-side, daily_merkle_rollups)
|
|
15
|
+
*
|
|
16
|
+
* Spec: SWT3-SPEC-v1.0.md, Section 6.3 (Enclave Integrity)
|
|
17
|
+
* Patent pending.
|
|
18
|
+
*/
|
|
19
|
+
import { createHash } from "node:crypto";
|
|
20
|
+
import { appendFileSync, readFileSync, existsSync, mkdirSync } from "node:fs";
|
|
21
|
+
import { join } from "node:path";
|
|
22
|
+
import { tmpdir } from "node:os";
|
|
23
|
+
// ── Domain Separators ────────────────────────────────────────────────
|
|
24
|
+
const LEAF_PREFIX = "SWT3:LEAF:";
|
|
25
|
+
const NODE_PREFIX = "SWT3:NODE:";
|
|
26
|
+
// ── Merkle Primitives ────────────────────────────────────────────────
|
|
27
|
+
function sha256(data) {
|
|
28
|
+
return createHash("sha256").update(data, "utf-8").digest("hex");
|
|
29
|
+
}
|
|
30
|
+
/** Hash a leaf node (a single fingerprint). Domain-separated. */
|
|
31
|
+
export function hashLeaf(fingerprint) {
|
|
32
|
+
return sha256(LEAF_PREFIX + fingerprint);
|
|
33
|
+
}
|
|
34
|
+
/** Hash an internal node (two child hashes). Domain-separated. */
|
|
35
|
+
export function hashNode(left, right) {
|
|
36
|
+
return sha256(NODE_PREFIX + left + ":" + right);
|
|
37
|
+
}
|
|
38
|
+
/**
|
|
39
|
+
* Compute the Merkle root from a set of fingerprints.
|
|
40
|
+
* Sorted lexicographically for determinism.
|
|
41
|
+
*/
|
|
42
|
+
export function getMerkleRoot(fingerprints) {
|
|
43
|
+
if (fingerprints.length === 0)
|
|
44
|
+
return "";
|
|
45
|
+
const sorted = [...fingerprints].sort();
|
|
46
|
+
let level = sorted.map(hashLeaf);
|
|
47
|
+
while (level.length > 1) {
|
|
48
|
+
const next = [];
|
|
49
|
+
for (let i = 0; i < level.length; i += 2) {
|
|
50
|
+
if (i + 1 < level.length) {
|
|
51
|
+
next.push(hashNode(level[i], level[i + 1]));
|
|
52
|
+
}
|
|
53
|
+
else {
|
|
54
|
+
next.push(level[i]);
|
|
55
|
+
}
|
|
56
|
+
}
|
|
57
|
+
level = next;
|
|
58
|
+
}
|
|
59
|
+
return level[0];
|
|
60
|
+
}
|
|
61
|
+
/**
|
|
62
|
+
* Generate a Merkle inclusion proof for a fingerprint.
|
|
63
|
+
* Returns null if the fingerprint is not in the set.
|
|
64
|
+
*/
|
|
65
|
+
export function getMerkleProof(fingerprints, target) {
|
|
66
|
+
if (fingerprints.length === 0)
|
|
67
|
+
return null;
|
|
68
|
+
const sorted = [...fingerprints].sort();
|
|
69
|
+
const targetIndex = sorted.indexOf(target);
|
|
70
|
+
if (targetIndex === -1)
|
|
71
|
+
return null;
|
|
72
|
+
let level = sorted.map(hashLeaf);
|
|
73
|
+
let index = targetIndex;
|
|
74
|
+
const steps = [];
|
|
75
|
+
while (level.length > 1) {
|
|
76
|
+
const next = [];
|
|
77
|
+
const nextIndex = Math.floor(index / 2);
|
|
78
|
+
for (let i = 0; i < level.length; i += 2) {
|
|
79
|
+
if (i + 1 < level.length) {
|
|
80
|
+
if (i === index || i + 1 === index) {
|
|
81
|
+
if (index % 2 === 0) {
|
|
82
|
+
steps.push({ hash: level[i + 1], position: "right" });
|
|
83
|
+
}
|
|
84
|
+
else {
|
|
85
|
+
steps.push({ hash: level[i], position: "left" });
|
|
86
|
+
}
|
|
87
|
+
}
|
|
88
|
+
next.push(hashNode(level[i], level[i + 1]));
|
|
89
|
+
}
|
|
90
|
+
else {
|
|
91
|
+
next.push(level[i]);
|
|
92
|
+
}
|
|
93
|
+
}
|
|
94
|
+
level = next;
|
|
95
|
+
index = nextIndex;
|
|
96
|
+
}
|
|
97
|
+
return {
|
|
98
|
+
fingerprint: target,
|
|
99
|
+
leafHash: hashLeaf(target),
|
|
100
|
+
root: level[0],
|
|
101
|
+
steps,
|
|
102
|
+
};
|
|
103
|
+
}
|
|
104
|
+
/**
|
|
105
|
+
* Verify a Merkle inclusion proof. Requires only the fingerprint,
|
|
106
|
+
* proof steps, and claimed root -- no access to the full set needed.
|
|
107
|
+
*/
|
|
108
|
+
export function verifyMerkleProof(fingerprint, proof) {
|
|
109
|
+
let current = hashLeaf(fingerprint);
|
|
110
|
+
for (const step of proof.steps) {
|
|
111
|
+
if (step.position === "left") {
|
|
112
|
+
current = hashNode(step.hash, current);
|
|
113
|
+
}
|
|
114
|
+
else {
|
|
115
|
+
current = hashNode(current, step.hash);
|
|
116
|
+
}
|
|
117
|
+
}
|
|
118
|
+
return current === proof.root;
|
|
119
|
+
}
|
|
120
|
+
/**
|
|
121
|
+
* Tiered Merkle Accumulator.
|
|
122
|
+
*
|
|
123
|
+
* Collects anchor fingerprints and computes a session-level Merkle root
|
|
124
|
+
* on each flush. Session roots are persisted to a JSONL file for
|
|
125
|
+
* crash recovery and auditor export.
|
|
126
|
+
*
|
|
127
|
+
* Usage:
|
|
128
|
+
* const acc = new MerkleAccumulator({ tenantId: "ACME" });
|
|
129
|
+
* acc.add("abc123def456");
|
|
130
|
+
* acc.add("789012345678");
|
|
131
|
+
* const root = acc.flush(); // computes + persists session root
|
|
132
|
+
*/
|
|
133
|
+
export class MerkleAccumulator {
|
|
134
|
+
fingerprints = [];
|
|
135
|
+
sessionRoots = [];
|
|
136
|
+
persistPath;
|
|
137
|
+
constructor(options = {}) {
|
|
138
|
+
if (options.persistDir || options.tenantId) {
|
|
139
|
+
const dir = options.persistDir ?? join(tmpdir(), "swt3-merkle");
|
|
140
|
+
mkdirSync(dir, { recursive: true, mode: 0o700 });
|
|
141
|
+
const safe = (options.tenantId ?? "default").replace(/[^a-zA-Z0-9_-]/g, "_");
|
|
142
|
+
this.persistPath = join(dir, `${safe}.roots.jsonl`);
|
|
143
|
+
// Load existing session roots
|
|
144
|
+
if (existsSync(this.persistPath)) {
|
|
145
|
+
const raw = readFileSync(this.persistPath, "utf-8");
|
|
146
|
+
for (const line of raw.split("\n")) {
|
|
147
|
+
if (!line.trim())
|
|
148
|
+
continue;
|
|
149
|
+
try {
|
|
150
|
+
this.sessionRoots.push(JSON.parse(line));
|
|
151
|
+
}
|
|
152
|
+
catch {
|
|
153
|
+
// Corrupted line -- skip
|
|
154
|
+
}
|
|
155
|
+
}
|
|
156
|
+
}
|
|
157
|
+
}
|
|
158
|
+
else {
|
|
159
|
+
this.persistPath = null;
|
|
160
|
+
}
|
|
161
|
+
}
|
|
162
|
+
/** Add a fingerprint to the current session batch. */
|
|
163
|
+
add(fingerprint) {
|
|
164
|
+
this.fingerprints.push(fingerprint);
|
|
165
|
+
}
|
|
166
|
+
/** Add multiple fingerprints. */
|
|
167
|
+
addMany(fingerprints) {
|
|
168
|
+
this.fingerprints.push(...fingerprints);
|
|
169
|
+
}
|
|
170
|
+
/** Number of fingerprints in the current (unflushed) batch. */
|
|
171
|
+
get pending() {
|
|
172
|
+
return this.fingerprints.length;
|
|
173
|
+
}
|
|
174
|
+
/** All session roots computed so far. */
|
|
175
|
+
get roots() {
|
|
176
|
+
return [...this.sessionRoots];
|
|
177
|
+
}
|
|
178
|
+
/**
|
|
179
|
+
* Compute the Merkle root for the current batch and persist it.
|
|
180
|
+
* Returns the session root entry, or null if the batch is empty.
|
|
181
|
+
*/
|
|
182
|
+
flush() {
|
|
183
|
+
if (this.fingerprints.length === 0)
|
|
184
|
+
return null;
|
|
185
|
+
const fps = [...this.fingerprints];
|
|
186
|
+
const root = getMerkleRoot(fps);
|
|
187
|
+
const entry = {
|
|
188
|
+
root,
|
|
189
|
+
fingerprints: fps,
|
|
190
|
+
count: fps.length,
|
|
191
|
+
timestamp: new Date().toISOString(),
|
|
192
|
+
};
|
|
193
|
+
this.sessionRoots.push(entry);
|
|
194
|
+
this.fingerprints = [];
|
|
195
|
+
// Persist to JSONL
|
|
196
|
+
if (this.persistPath) {
|
|
197
|
+
appendFileSync(this.persistPath, JSON.stringify(entry) + "\n", "utf-8");
|
|
198
|
+
}
|
|
199
|
+
return entry;
|
|
200
|
+
}
|
|
201
|
+
/**
|
|
202
|
+
* Generate a Merkle proof for a fingerprint within a specific session root.
|
|
203
|
+
* If no root is specified, searches the most recent session.
|
|
204
|
+
*/
|
|
205
|
+
prove(fingerprint, rootHash) {
|
|
206
|
+
const sessions = rootHash
|
|
207
|
+
? this.sessionRoots.filter((s) => s.root === rootHash)
|
|
208
|
+
: this.sessionRoots.slice(-1);
|
|
209
|
+
for (const session of sessions) {
|
|
210
|
+
const proof = getMerkleProof(session.fingerprints, fingerprint);
|
|
211
|
+
if (proof)
|
|
212
|
+
return proof;
|
|
213
|
+
}
|
|
214
|
+
return null;
|
|
215
|
+
}
|
|
216
|
+
/** Reset the accumulator (clears pending fingerprints, keeps history). */
|
|
217
|
+
reset() {
|
|
218
|
+
this.fingerprints = [];
|
|
219
|
+
}
|
|
220
|
+
/** Clear all state including history (for testing). */
|
|
221
|
+
clear() {
|
|
222
|
+
this.fingerprints = [];
|
|
223
|
+
this.sessionRoots = [];
|
|
224
|
+
}
|
|
225
|
+
}
|
|
226
|
+
//# sourceMappingURL=merkle.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"merkle.js","sourceRoot":"","sources":["../src/merkle.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;GAiBG;AAEH,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AACzC,OAAO,EAAE,cAAc,EAAE,YAAY,EAAE,UAAU,EAAE,SAAS,EAAE,MAAM,SAAS,CAAC;AAC9E,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AACjC,OAAO,EAAE,MAAM,EAAE,MAAM,SAAS,CAAC;AAEjC,wEAAwE;AAExE,MAAM,WAAW,GAAG,YAAY,CAAC;AACjC,MAAM,WAAW,GAAG,YAAY,CAAC;AAEjC,wEAAwE;AAExE,SAAS,MAAM,CAAC,IAAY;IAC1B,OAAO,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;AAClE,CAAC;AAED,iEAAiE;AACjE,MAAM,UAAU,QAAQ,CAAC,WAAmB;IAC1C,OAAO,MAAM,CAAC,WAAW,GAAG,WAAW,CAAC,CAAC;AAC3C,CAAC;AAED,kEAAkE;AAClE,MAAM,UAAU,QAAQ,CAAC,IAAY,EAAE,KAAa;IAClD,OAAO,MAAM,CAAC,WAAW,GAAG,IAAI,GAAG,GAAG,GAAG,KAAK,CAAC,CAAC;AAClD,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,aAAa,CAAC,YAAsB;IAClD,IAAI,YAAY,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,EAAE,CAAC;IAEzC,MAAM,MAAM,GAAG,CAAC,GAAG,YAAY,CAAC,CAAC,IAAI,EAAE,CAAC;IACxC,IAAI,KAAK,GAAG,MAAM,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;IAEjC,OAAO,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACxB,MAAM,IAAI,GAAa,EAAE,CAAC;QAC1B,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC;YACzC,IAAI,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC;gBACzB,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;YAC9C,CAAC;iBAAM,CAAC;gBACN,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;YACtB,CAAC;QACH,CAAC;QACD,KAAK,GAAG,IAAI,CAAC;IACf,CAAC;IAED,OAAO,KAAK,CAAC,CAAC,CAAC,CAAC;AAClB,CAAC;AAgBD;;;GAGG;AACH,MAAM,UAAU,cAAc,CAC5B,YAAsB,EACtB,MAAc;IAEd,IAAI,YAAY,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,IAAI,CAAC;IAE3C,MAAM,MAAM,GAAG,CAAC,GAAG,YAAY,CAAC,CAAC,IAAI,EAAE,CAAC;IACxC,MAAM,WAAW,GAAG,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;IAC3C,IAAI,WAAW,KAAK,CAAC,CAAC;QAAE,OAAO,IAAI,CAAC;IAEpC,IAAI,KAAK,GAAG,MAAM,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;IACjC,IAAI,KAAK,GAAG,WAAW,CAAC;IACxB,MAAM,KAAK,GAAsB,EAAE,CAAC;IAEpC,OAAO,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACxB,MAAM,IAAI,GAAa,EAAE,CAAC;QAC1B,MAAM,SAAS,GAAG,IAAI,CAAC,KAAK,CAAC,KAAK,GAAG,CAAC,CAAC,CAAC;QAExC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC;YACzC,IAAI,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC;gBACzB,IAAI,CAAC,KAAK,KAAK,IAAI,CAAC,GAAG,CAAC,KAAK,KAAK,EAAE,CAAC;oBACnC,IAAI,KAAK,GAAG,CAAC,KAAK,CAAC,EAAE,CAAC;wBACpB,KAAK,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,KAAK,CAAC,CAAC,GAAG,CAAC,CAAC,EAAE,QAAQ,EAAE,OAAO,EAAE,CAAC,CAAC;oBACxD,CAAC;yBAAM,CAAC;wBACN,KAAK,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,KAAK,CAAC,CAAC,CAAC,EAAE,QAAQ,EAAE,MAAM,EAAE,CAAC,CAAC;oBACnD,CAAC;gBACH,CAAC;gBACD,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;YAC9C,CAAC;iBAAM,CAAC;gBACN,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;YACtB,CAAC;QACH,CAAC;QAED,KAAK,GAAG,IAAI,CAAC;QACb,KAAK,GAAG,SAAS,CAAC;IACpB,CAAC;IAED,OAAO;QACL,WAAW,EAAE,MAAM;QACnB,QAAQ,EAAE,QAAQ,CAAC,MAAM,CAAC;QAC1B,IAAI,EAAE,KAAK,CAAC,CAAC,CAAC;QACd,KAAK;KACN,CAAC;AACJ,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,iBAAiB,CAC/B,WAAmB,EACnB,KAAkB;IAElB,IAAI,OAAO,GAAG,QAAQ,CAAC,WAAW,CAAC,CAAC;IAEpC,KAAK,MAAM,IAAI,IAAI,KAAK,CAAC,KAAK,EAAE,CAAC;QAC/B,IAAI,IAAI,CAAC,QAAQ,KAAK,MAAM,EAAE,CAAC;YAC7B,OAAO,GAAG,QAAQ,CAAC,IAAI,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;QACzC,CAAC;aAAM,CAAC;YACN,OAAO,GAAG,QAAQ,CAAC,OAAO,EAAE,IAAI,CAAC,IAAI,CAAC,CAAC;QACzC,CAAC;IACH,CAAC;IAED,OAAO,OAAO,KAAK,KAAK,CAAC,IAAI,CAAC;AAChC,CAAC;AA2BD;;;;;;;;;;;;GAYG;AACH,MAAM,OAAO,iBAAiB;IACpB,YAAY,GAAa,EAAE,CAAC;IAC5B,YAAY,GAAkB,EAAE,CAAC;IACjC,WAAW,CAAgB;IAEnC,YAAY,UAAoC,EAAE;QAChD,IAAI,OAAO,CAAC,UAAU,IAAI,OAAO,CAAC,QAAQ,EAAE,CAAC;YAC3C,MAAM,GAAG,GAAG,OAAO,CAAC,UAAU,IAAI,IAAI,CAAC,MAAM,EAAE,EAAE,aAAa,CAAC,CAAC;YAChE,SAAS,CAAC,GAAG,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;YACjD,MAAM,IAAI,GAAG,CAAC,OAAO,CAAC,QAAQ,IAAI,SAAS,CAAC,CAAC,OAAO,CAAC,iBAAiB,EAAE,GAAG,CAAC,CAAC;YAC7E,IAAI,CAAC,WAAW,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,cAAc,CAAC,CAAC;YAEpD,8BAA8B;YAC9B,IAAI,UAAU,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,CAAC;gBACjC,MAAM,GAAG,GAAG,YAAY,CAAC,IAAI,CAAC,WAAW,EAAE,OAAO,CAAC,CAAC;gBACpD,KAAK,MAAM,IAAI,IAAI,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC;oBACnC,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE;wBAAE,SAAS;oBAC3B,IAAI,CAAC;wBACH,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAgB,CAAC,CAAC;oBAC1D,CAAC;oBAAC,MAAM,CAAC;wBACP,yBAAyB;oBAC3B,CAAC;gBACH,CAAC;YACH,CAAC;QACH,CAAC;aAAM,CAAC;YACN,IAAI,CAAC,WAAW,GAAG,IAAI,CAAC;QAC1B,CAAC;IACH,CAAC;IAED,sDAAsD;IACtD,GAAG,CAAC,WAAmB;QACrB,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;IACtC,CAAC;IAED,iCAAiC;IACjC,OAAO,CAAC,YAAsB;QAC5B,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,GAAG,YAAY,CAAC,CAAC;IAC1C,CAAC;IAED,+DAA+D;IAC/D,IAAI,OAAO;QACT,OAAO,IAAI,CAAC,YAAY,CAAC,MAAM,CAAC;IAClC,CAAC;IAED,yCAAyC;IACzC,IAAI,KAAK;QACP,OAAO,CAAC,GAAG,IAAI,CAAC,YAAY,CAAC,CAAC;IAChC,CAAC;IAED;;;OAGG;IACH,KAAK;QACH,IAAI,IAAI,CAAC,YAAY,CAAC,MAAM,KAAK,CAAC;YAAE,OAAO,IAAI,CAAC;QAEhD,MAAM,GAAG,GAAG,CAAC,GAAG,IAAI,CAAC,YAAY,CAAC,CAAC;QACnC,MAAM,IAAI,GAAG,aAAa,CAAC,GAAG,CAAC,CAAC;QAChC,MAAM,KAAK,GAAgB;YACzB,IAAI;YACJ,YAAY,EAAE,GAAG;YACjB,KAAK,EAAE,GAAG,CAAC,MAAM;YACjB,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;SACpC,CAAC;QAEF,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAC9B,IAAI,CAAC,YAAY,GAAG,EAAE,CAAC;QAEvB,mBAAmB;QACnB,IAAI,IAAI,CAAC,WAAW,EAAE,CAAC;YACrB,cAAc,CAAC,IAAI,CAAC,WAAW,EAAE,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,GAAG,IAAI,EAAE,OAAO,CAAC,CAAC;QAC1E,CAAC;QAED,OAAO,KAAK,CAAC;IACf,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,WAAmB,EAAE,QAAiB;QAC1C,MAAM,QAAQ,GAAG,QAAQ;YACvB,CAAC,CAAC,IAAI,CAAC,YAAY,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,QAAQ,CAAC;YACtD,CAAC,CAAC,IAAI,CAAC,YAAY,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;QAEhC,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;YAC/B,MAAM,KAAK,GAAG,cAAc,CAAC,OAAO,CAAC,YAAY,EAAE,WAAW,CAAC,CAAC;YAChE,IAAI,KAAK;gBAAE,OAAO,KAAK,CAAC;QAC1B,CAAC;QAED,OAAO,IAAI,CAAC;IACd,CAAC;IAED,0EAA0E;IAC1E,KAAK;QACH,IAAI,CAAC,YAAY,GAAG,EAAE,CAAC;IACzB,CAAC;IAED,uDAAuD;IACvD,KAAK;QACH,IAAI,CAAC,YAAY,GAAG,EAAE,CAAC;QACvB,IAAI,CAAC,YAAY,GAAG,EAAE,CAAC;IACzB,CAAC;CACF"}
|
package/dist/schema.d.ts
ADDED
|
@@ -0,0 +1,18 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* SWT3 YAML schema validator.
|
|
3
|
+
*
|
|
4
|
+
* Validates a raw parsed YAML config against the SWT3 schema.
|
|
5
|
+
* Used by `swt3 doctor` and available as a public API for CI/CD.
|
|
6
|
+
*/
|
|
7
|
+
export interface ValidationError {
|
|
8
|
+
path: string;
|
|
9
|
+
message: string;
|
|
10
|
+
severity: "error" | "warning";
|
|
11
|
+
}
|
|
12
|
+
export interface ValidationResult {
|
|
13
|
+
valid: boolean;
|
|
14
|
+
errors: ValidationError[];
|
|
15
|
+
warnings: ValidationError[];
|
|
16
|
+
}
|
|
17
|
+
export declare function validateSchema(raw: Record<string, unknown>): ValidationResult;
|
|
18
|
+
//# sourceMappingURL=schema.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"schema.d.ts","sourceRoot":"","sources":["../src/schema.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,MAAM,WAAW,eAAe;IAC9B,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;IAChB,QAAQ,EAAE,OAAO,GAAG,SAAS,CAAC;CAC/B;AAED,MAAM,WAAW,gBAAgB;IAC/B,KAAK,EAAE,OAAO,CAAC;IACf,MAAM,EAAE,eAAe,EAAE,CAAC;IAC1B,QAAQ,EAAE,eAAe,EAAE,CAAC;CAC7B;AAqGD,wBAAgB,cAAc,CAAC,GAAG,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,gBAAgB,CAqJ7E"}
|
package/dist/schema.js
ADDED
|
@@ -0,0 +1,255 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* SWT3 YAML schema validator.
|
|
3
|
+
*
|
|
4
|
+
* Validates a raw parsed YAML config against the SWT3 schema.
|
|
5
|
+
* Used by `swt3 doctor` and available as a public API for CI/CD.
|
|
6
|
+
*/
|
|
7
|
+
const KNOWN_TOP_LEVEL = new Set([
|
|
8
|
+
"api_key", "api_key_env", "tenant_id", "clearing_level", "endpoint",
|
|
9
|
+
"buffer_size", "flush_interval", "max_retries", "latency_threshold_ms",
|
|
10
|
+
"guardrails_required", "guardrail_names", "factor_handoff", "factor_handoff_path",
|
|
11
|
+
"agent_id", "signing_key", "signing_key_env", "signing_key_id", "signing_key_version",
|
|
12
|
+
"cycle_id", "policy_version", "jurisdiction", "legal_basis", "purpose_class",
|
|
13
|
+
"on_flush", "gateway_mode", "wal_path", "replay_window",
|
|
14
|
+
"token_budget", "procedures", "strict",
|
|
15
|
+
"policy", "trust_mesh", "hardware", "density_policy", "mcp_policy",
|
|
16
|
+
"merkle", "profile", "extends",
|
|
17
|
+
]);
|
|
18
|
+
const VALID_POLICY_KEYS = new Set([
|
|
19
|
+
"require_signing", "min_clearing_level", "required_procedures",
|
|
20
|
+
"require_agent_id", "max_flush_interval", "require_jurisdiction",
|
|
21
|
+
]);
|
|
22
|
+
const VALID_TRUST_MESH_KEYS = new Set([
|
|
23
|
+
"mode", "min_trust_level", "require_signature", "freshness_window",
|
|
24
|
+
"trusted_tenants", "trusted_agents", "deny_agents", "deny_tenants",
|
|
25
|
+
"required_procedures", "signing_keys",
|
|
26
|
+
]);
|
|
27
|
+
const VALID_HARDWARE_KEYS = new Set([
|
|
28
|
+
"require_attestation", "attestation_freshness", "allowed_methods",
|
|
29
|
+
]);
|
|
30
|
+
const VALID_ATTESTATION_METHODS = new Set([
|
|
31
|
+
"tpm_2.0", "secure_enclave", "sgx", "sev", "trustzone", "nitro",
|
|
32
|
+
]);
|
|
33
|
+
const VALID_DENSITY_POLICY_KEYS = new Set([
|
|
34
|
+
"min_anchors_per_1000_tokens", "required_providers",
|
|
35
|
+
"max_chain_gap_seconds", "require_signing_key", "min_trust_level",
|
|
36
|
+
]);
|
|
37
|
+
const VALID_MCP_POLICY_KEYS = new Set([
|
|
38
|
+
"witnessed_tools", "exempt_tools", "require_trust_level",
|
|
39
|
+
"auto_witness", "block_on_failure",
|
|
40
|
+
"max_velocity", "max_chain_depth", "tool_allowlist", "tool_blocklist",
|
|
41
|
+
"fail_secure", "rules", "max_tokens_per_session",
|
|
42
|
+
]);
|
|
43
|
+
const VALID_MERKLE_KEYS = new Set(["enabled", "accumulator_interval"]);
|
|
44
|
+
const SECTION_SCHEMAS = {
|
|
45
|
+
policy: VALID_POLICY_KEYS,
|
|
46
|
+
trust_mesh: VALID_TRUST_MESH_KEYS,
|
|
47
|
+
hardware: VALID_HARDWARE_KEYS,
|
|
48
|
+
density_policy: VALID_DENSITY_POLICY_KEYS,
|
|
49
|
+
mcp_policy: VALID_MCP_POLICY_KEYS,
|
|
50
|
+
merkle: VALID_MERKLE_KEYS,
|
|
51
|
+
};
|
|
52
|
+
function checkType(value, expected, path, errors) {
|
|
53
|
+
if (expected === "number" && typeof value !== "number") {
|
|
54
|
+
errors.push({ path, message: `expected number, got ${typeof value}`, severity: "error" });
|
|
55
|
+
return false;
|
|
56
|
+
}
|
|
57
|
+
if (expected === "boolean" && typeof value !== "boolean") {
|
|
58
|
+
errors.push({ path, message: `expected boolean, got ${typeof value}`, severity: "error" });
|
|
59
|
+
return false;
|
|
60
|
+
}
|
|
61
|
+
if (expected === "string" && typeof value !== "string") {
|
|
62
|
+
errors.push({ path, message: `expected string, got ${typeof value}`, severity: "error" });
|
|
63
|
+
return false;
|
|
64
|
+
}
|
|
65
|
+
if (expected === "string[]" && (!Array.isArray(value) || !value.every((v) => typeof v === "string"))) {
|
|
66
|
+
errors.push({ path, message: `expected string array`, severity: "error" });
|
|
67
|
+
return false;
|
|
68
|
+
}
|
|
69
|
+
return true;
|
|
70
|
+
}
|
|
71
|
+
function editDistance(a, b) {
|
|
72
|
+
const m = a.length, n = b.length;
|
|
73
|
+
const dp = Array.from({ length: m + 1 }, () => Array(n + 1).fill(0));
|
|
74
|
+
for (let i = 0; i <= m; i++)
|
|
75
|
+
dp[i][0] = i;
|
|
76
|
+
for (let j = 0; j <= n; j++)
|
|
77
|
+
dp[0][j] = j;
|
|
78
|
+
for (let i = 1; i <= m; i++) {
|
|
79
|
+
for (let j = 1; j <= n; j++) {
|
|
80
|
+
dp[i][j] = a[i - 1] === b[j - 1]
|
|
81
|
+
? dp[i - 1][j - 1]
|
|
82
|
+
: 1 + Math.min(dp[i - 1][j], dp[i][j - 1], dp[i - 1][j - 1]);
|
|
83
|
+
}
|
|
84
|
+
}
|
|
85
|
+
return dp[m][n];
|
|
86
|
+
}
|
|
87
|
+
function suggestKey(key, validKeys) {
|
|
88
|
+
let best = null;
|
|
89
|
+
let bestDist = 3; // max distance to suggest
|
|
90
|
+
for (const valid of validKeys) {
|
|
91
|
+
const d = editDistance(key, valid);
|
|
92
|
+
if (d < bestDist) {
|
|
93
|
+
bestDist = d;
|
|
94
|
+
best = valid;
|
|
95
|
+
}
|
|
96
|
+
}
|
|
97
|
+
return best;
|
|
98
|
+
}
|
|
99
|
+
export function validateSchema(raw) {
|
|
100
|
+
const errors = [];
|
|
101
|
+
const warnings = [];
|
|
102
|
+
// Top-level key check with did-you-mean suggestions
|
|
103
|
+
for (const key of Object.keys(raw)) {
|
|
104
|
+
if (!KNOWN_TOP_LEVEL.has(key)) {
|
|
105
|
+
const suggestion = suggestKey(key, KNOWN_TOP_LEVEL);
|
|
106
|
+
const msg = suggestion
|
|
107
|
+
? `unknown top-level key (did you mean "${suggestion}"?)`
|
|
108
|
+
: `unknown top-level key`;
|
|
109
|
+
errors.push({ path: key, message: msg, severity: "error" });
|
|
110
|
+
}
|
|
111
|
+
}
|
|
112
|
+
// clearing_level: must be 0-3
|
|
113
|
+
if ("clearing_level" in raw) {
|
|
114
|
+
const cl = raw.clearing_level;
|
|
115
|
+
if (typeof cl !== "number" || ![0, 1, 2, 3].includes(cl)) {
|
|
116
|
+
errors.push({ path: "clearing_level", message: "must be 0, 1, 2, or 3", severity: "error" });
|
|
117
|
+
}
|
|
118
|
+
}
|
|
119
|
+
// trust_mesh.mode enum
|
|
120
|
+
const tm = raw.trust_mesh;
|
|
121
|
+
if (tm && typeof tm === "object") {
|
|
122
|
+
if ("mode" in tm && !["strict", "permissive", "monitor"].includes(tm.mode)) {
|
|
123
|
+
errors.push({ path: "trust_mesh.mode", message: "must be strict, permissive, or monitor", severity: "error" });
|
|
124
|
+
}
|
|
125
|
+
if ("min_trust_level" in tm)
|
|
126
|
+
checkType(tm.min_trust_level, "number", "trust_mesh.min_trust_level", errors);
|
|
127
|
+
if ("require_signature" in tm)
|
|
128
|
+
checkType(tm.require_signature, "boolean", "trust_mesh.require_signature", errors);
|
|
129
|
+
if ("freshness_window" in tm)
|
|
130
|
+
checkType(tm.freshness_window, "number", "trust_mesh.freshness_window", errors);
|
|
131
|
+
if ("trusted_tenants" in tm)
|
|
132
|
+
checkType(tm.trusted_tenants, "string[]", "trust_mesh.trusted_tenants", errors);
|
|
133
|
+
if ("deny_agents" in tm)
|
|
134
|
+
checkType(tm.deny_agents, "string[]", "trust_mesh.deny_agents", errors);
|
|
135
|
+
}
|
|
136
|
+
// hardware.allowed_methods enum validation
|
|
137
|
+
const hw = raw.hardware;
|
|
138
|
+
if (hw && typeof hw === "object") {
|
|
139
|
+
if ("allowed_methods" in hw && Array.isArray(hw.allowed_methods)) {
|
|
140
|
+
for (const method of hw.allowed_methods) {
|
|
141
|
+
if (typeof method === "string" && !VALID_ATTESTATION_METHODS.has(method)) {
|
|
142
|
+
const valid = [...VALID_ATTESTATION_METHODS].sort().join(", ");
|
|
143
|
+
errors.push({
|
|
144
|
+
path: "hardware.allowed_methods",
|
|
145
|
+
message: `unknown attestation method "${method}". Valid: ${valid}`,
|
|
146
|
+
severity: "error",
|
|
147
|
+
});
|
|
148
|
+
}
|
|
149
|
+
}
|
|
150
|
+
}
|
|
151
|
+
}
|
|
152
|
+
// Section key validation
|
|
153
|
+
for (const [section, validKeys] of Object.entries(SECTION_SCHEMAS)) {
|
|
154
|
+
const sec = raw[section];
|
|
155
|
+
if (sec && typeof sec === "object" && !Array.isArray(sec)) {
|
|
156
|
+
for (const key of Object.keys(sec)) {
|
|
157
|
+
if (!validKeys.has(key)) {
|
|
158
|
+
errors.push({ path: `${section}.${key}`, message: "unknown key", severity: "error" });
|
|
159
|
+
}
|
|
160
|
+
}
|
|
161
|
+
}
|
|
162
|
+
}
|
|
163
|
+
// MCP policy chain density validation
|
|
164
|
+
const mcp = raw.mcp_policy;
|
|
165
|
+
if (mcp && typeof mcp === "object") {
|
|
166
|
+
if ("max_velocity" in mcp) {
|
|
167
|
+
if (typeof mcp.max_velocity !== "string") {
|
|
168
|
+
errors.push({ path: "mcp_policy.max_velocity", message: "expected string", severity: "error" });
|
|
169
|
+
}
|
|
170
|
+
else if (!/^\d+\/\d+s$/.test(mcp.max_velocity)) {
|
|
171
|
+
errors.push({ path: "mcp_policy.max_velocity", message: 'must match "N/Xs" format (e.g., "4/30s")', severity: "error" });
|
|
172
|
+
}
|
|
173
|
+
}
|
|
174
|
+
if ("max_chain_depth" in mcp) {
|
|
175
|
+
if (typeof mcp.max_chain_depth !== "number") {
|
|
176
|
+
errors.push({ path: "mcp_policy.max_chain_depth", message: "expected number", severity: "error" });
|
|
177
|
+
}
|
|
178
|
+
else if (mcp.max_chain_depth < 1) {
|
|
179
|
+
errors.push({ path: "mcp_policy.max_chain_depth", message: "must be >= 1", severity: "error" });
|
|
180
|
+
}
|
|
181
|
+
}
|
|
182
|
+
if ("max_tokens_per_session" in mcp) {
|
|
183
|
+
if (typeof mcp.max_tokens_per_session !== "number") {
|
|
184
|
+
errors.push({ path: "mcp_policy.max_tokens_per_session", message: "expected number", severity: "error" });
|
|
185
|
+
}
|
|
186
|
+
else if (mcp.max_tokens_per_session < 1) {
|
|
187
|
+
errors.push({ path: "mcp_policy.max_tokens_per_session", message: "must be >= 1", severity: "error" });
|
|
188
|
+
}
|
|
189
|
+
}
|
|
190
|
+
if ("tool_allowlist" in mcp)
|
|
191
|
+
checkType(mcp.tool_allowlist, "string[]", "mcp_policy.tool_allowlist", errors);
|
|
192
|
+
if ("tool_blocklist" in mcp)
|
|
193
|
+
checkType(mcp.tool_blocklist, "string[]", "mcp_policy.tool_blocklist", errors);
|
|
194
|
+
if ("fail_secure" in mcp)
|
|
195
|
+
checkType(mcp.fail_secure, "boolean", "mcp_policy.fail_secure", errors);
|
|
196
|
+
if ("rules" in mcp) {
|
|
197
|
+
if (!Array.isArray(mcp.rules)) {
|
|
198
|
+
errors.push({ path: "mcp_policy.rules", message: "expected array", severity: "error" });
|
|
199
|
+
}
|
|
200
|
+
else {
|
|
201
|
+
for (let i = 0; i < mcp.rules.length; i++) {
|
|
202
|
+
const rule = mcp.rules[i];
|
|
203
|
+
const prefix = `mcp_policy.rules[${i}]`;
|
|
204
|
+
if (!rule || typeof rule !== "object") {
|
|
205
|
+
errors.push({ path: prefix, message: "expected object", severity: "error" });
|
|
206
|
+
continue;
|
|
207
|
+
}
|
|
208
|
+
if (typeof rule.match !== "string") {
|
|
209
|
+
errors.push({ path: `${prefix}.match`, message: "required string", severity: "error" });
|
|
210
|
+
}
|
|
211
|
+
if (typeof rule.action !== "string" || !["block", "log"].includes(rule.action)) {
|
|
212
|
+
errors.push({ path: `${prefix}.action`, message: 'must be "block" or "log"', severity: "error" });
|
|
213
|
+
}
|
|
214
|
+
if (typeof rule.reason !== "string") {
|
|
215
|
+
errors.push({ path: `${prefix}.reason`, message: "required string", severity: "error" });
|
|
216
|
+
}
|
|
217
|
+
}
|
|
218
|
+
}
|
|
219
|
+
}
|
|
220
|
+
}
|
|
221
|
+
// Policy type checks
|
|
222
|
+
const pol = raw.policy;
|
|
223
|
+
if (pol && typeof pol === "object") {
|
|
224
|
+
if ("require_signing" in pol)
|
|
225
|
+
checkType(pol.require_signing, "boolean", "policy.require_signing", errors);
|
|
226
|
+
if ("min_clearing_level" in pol)
|
|
227
|
+
checkType(pol.min_clearing_level, "number", "policy.min_clearing_level", errors);
|
|
228
|
+
if ("require_agent_id" in pol)
|
|
229
|
+
checkType(pol.require_agent_id, "boolean", "policy.require_agent_id", errors);
|
|
230
|
+
}
|
|
231
|
+
// Numeric range validation
|
|
232
|
+
if ("buffer_size" in raw && typeof raw.buffer_size === "number" && raw.buffer_size < 1) {
|
|
233
|
+
errors.push({ path: "buffer_size", message: "must be >= 1", severity: "error" });
|
|
234
|
+
}
|
|
235
|
+
if ("flush_interval" in raw && typeof raw.flush_interval === "number" && raw.flush_interval < 0.1) {
|
|
236
|
+
errors.push({ path: "flush_interval", message: "must be >= 0.1", severity: "error" });
|
|
237
|
+
}
|
|
238
|
+
if ("max_retries" in raw && typeof raw.max_retries === "number" && raw.max_retries < 0) {
|
|
239
|
+
errors.push({ path: "max_retries", message: "must be >= 0", severity: "error" });
|
|
240
|
+
}
|
|
241
|
+
if (tm && typeof tm === "object") {
|
|
242
|
+
if ("min_trust_level" in tm && typeof tm.min_trust_level === "number" && (tm.min_trust_level < 0 || tm.min_trust_level > 4)) {
|
|
243
|
+
errors.push({ path: "trust_mesh.min_trust_level", message: "must be 0-4", severity: "error" });
|
|
244
|
+
}
|
|
245
|
+
if ("freshness_window" in tm && typeof tm.freshness_window === "number" && tm.freshness_window < 1) {
|
|
246
|
+
errors.push({ path: "trust_mesh.freshness_window", message: "must be >= 1", severity: "error" });
|
|
247
|
+
}
|
|
248
|
+
}
|
|
249
|
+
return {
|
|
250
|
+
valid: errors.length === 0,
|
|
251
|
+
errors,
|
|
252
|
+
warnings,
|
|
253
|
+
};
|
|
254
|
+
}
|
|
255
|
+
//# sourceMappingURL=schema.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"schema.js","sourceRoot":"","sources":["../src/schema.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAcH,MAAM,eAAe,GAAG,IAAI,GAAG,CAAC;IAC9B,SAAS,EAAE,aAAa,EAAE,WAAW,EAAE,gBAAgB,EAAE,UAAU;IACnE,aAAa,EAAE,gBAAgB,EAAE,aAAa,EAAE,sBAAsB;IACtE,qBAAqB,EAAE,iBAAiB,EAAE,gBAAgB,EAAE,qBAAqB;IACjF,UAAU,EAAE,aAAa,EAAE,iBAAiB,EAAE,gBAAgB,EAAE,qBAAqB;IACrF,UAAU,EAAE,gBAAgB,EAAE,cAAc,EAAE,aAAa,EAAE,eAAe;IAC5E,UAAU,EAAE,cAAc,EAAE,UAAU,EAAE,eAAe;IACvD,cAAc,EAAE,YAAY,EAAE,QAAQ;IACtC,QAAQ,EAAE,YAAY,EAAE,UAAU,EAAE,gBAAgB,EAAE,YAAY;IAClE,QAAQ,EAAE,SAAS,EAAE,SAAS;CAC/B,CAAC,CAAC;AAEH,MAAM,iBAAiB,GAAG,IAAI,GAAG,CAAC;IAChC,iBAAiB,EAAE,oBAAoB,EAAE,qBAAqB;IAC9D,kBAAkB,EAAE,oBAAoB,EAAE,sBAAsB;CACjE,CAAC,CAAC;AAEH,MAAM,qBAAqB,GAAG,IAAI,GAAG,CAAC;IACpC,MAAM,EAAE,iBAAiB,EAAE,mBAAmB,EAAE,kBAAkB;IAClE,iBAAiB,EAAE,gBAAgB,EAAE,aAAa,EAAE,cAAc;IAClE,qBAAqB,EAAE,cAAc;CACtC,CAAC,CAAC;AAEH,MAAM,mBAAmB,GAAG,IAAI,GAAG,CAAC;IAClC,qBAAqB,EAAE,uBAAuB,EAAE,iBAAiB;CAClE,CAAC,CAAC;AAEH,MAAM,yBAAyB,GAAG,IAAI,GAAG,CAAC;IACxC,SAAS,EAAE,gBAAgB,EAAE,KAAK,EAAE,KAAK,EAAE,WAAW,EAAE,OAAO;CAChE,CAAC,CAAC;AAEH,MAAM,yBAAyB,GAAG,IAAI,GAAG,CAAC;IACxC,6BAA6B,EAAE,oBAAoB;IACnD,uBAAuB,EAAE,qBAAqB,EAAE,iBAAiB;CAClE,CAAC,CAAC;AAEH,MAAM,qBAAqB,GAAG,IAAI,GAAG,CAAC;IACpC,iBAAiB,EAAE,cAAc,EAAE,qBAAqB;IACxD,cAAc,EAAE,kBAAkB;IAClC,cAAc,EAAE,iBAAiB,EAAE,gBAAgB,EAAE,gBAAgB;IACrE,aAAa,EAAE,OAAO,EAAE,wBAAwB;CACjD,CAAC,CAAC;AAEH,MAAM,iBAAiB,GAAG,IAAI,GAAG,CAAC,CAAC,SAAS,EAAE,sBAAsB,CAAC,CAAC,CAAC;AAEvE,MAAM,eAAe,GAAgC;IACnD,MAAM,EAAE,iBAAiB;IACzB,UAAU,EAAE,qBAAqB;IACjC,QAAQ,EAAE,mBAAmB;IAC7B,cAAc,EAAE,yBAAyB;IACzC,UAAU,EAAE,qBAAqB;IACjC,MAAM,EAAE,iBAAiB;CAC1B,CAAC;AAEF,SAAS,SAAS,CAAC,KAAc,EAAE,QAAgB,EAAE,IAAY,EAAE,MAAyB;IAC1F,IAAI,QAAQ,KAAK,QAAQ,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;QACvD,MAAM,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,OAAO,EAAE,wBAAwB,OAAO,KAAK,EAAE,EAAE,QAAQ,EAAE,OAAO,EAAE,CAAC,CAAC;QAC1F,OAAO,KAAK,CAAC;IACf,CAAC;IACD,IAAI,QAAQ,KAAK,SAAS,IAAI,OAAO,KAAK,KAAK,SAAS,EAAE,CAAC;QACzD,MAAM,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,OAAO,EAAE,yBAAyB,OAAO,KAAK,EAAE,EAAE,QAAQ,EAAE,OAAO,EAAE,CAAC,CAAC;QAC3F,OAAO,KAAK,CAAC;IACf,CAAC;IACD,IAAI,QAAQ,KAAK,QAAQ,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;QACvD,MAAM,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,OAAO,EAAE,wBAAwB,OAAO,KAAK,EAAE,EAAE,QAAQ,EAAE,OAAO,EAAE,CAAC,CAAC;QAC1F,OAAO,KAAK,CAAC;IACf,CAAC;IACD,IAAI,QAAQ,KAAK,UAAU,IAAI,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,OAAO,CAAC,KAAK,QAAQ,CAAC,CAAC,EAAE,CAAC;QACrG,MAAM,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,OAAO,EAAE,uBAAuB,EAAE,QAAQ,EAAE,OAAO,EAAE,CAAC,CAAC;QAC3E,OAAO,KAAK,CAAC;IACf,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,SAAS,YAAY,CAAC,CAAS,EAAE,CAAS;IACxC,MAAM,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,MAAM,CAAC;IACjC,MAAM,EAAE,GAAe,KAAK,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,CAAC,GAAG,CAAC,EAAE,EAAE,GAAG,EAAE,CAAC,KAAK,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC;IACjF,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE;QAAE,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC;IAC1C,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE;QAAE,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC;IAC1C,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC;QAC5B,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC;YAC5B,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC;gBAC9B,CAAC,CAAC,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC;gBAClB,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;QACjE,CAAC;IACH,CAAC;IACD,OAAO,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;AAClB,CAAC;AAED,SAAS,UAAU,CAAC,GAAW,EAAE,SAAsB;IACrD,IAAI,IAAI,GAAkB,IAAI,CAAC;IAC/B,IAAI,QAAQ,GAAG,CAAC,CAAC,CAAC,0BAA0B;IAC5C,KAAK,MAAM,KAAK,IAAI,SAAS,EAAE,CAAC;QAC9B,MAAM,CAAC,GAAG,YAAY,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;QACnC,IAAI,CAAC,GAAG,QAAQ,EAAE,CAAC;YAAC,QAAQ,GAAG,CAAC,CAAC;YAAC,IAAI,GAAG,KAAK,CAAC;QAAC,CAAC;IACnD,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,MAAM,UAAU,cAAc,CAAC,GAA4B;IACzD,MAAM,MAAM,GAAsB,EAAE,CAAC;IACrC,MAAM,QAAQ,GAAsB,EAAE,CAAC;IAEvC,oDAAoD;IACpD,KAAK,MAAM,GAAG,IAAI,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC;QACnC,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC;YAC9B,MAAM,UAAU,GAAG,UAAU,CAAC,GAAG,EAAE,eAAe,CAAC,CAAC;YACpD,MAAM,GAAG,GAAG,UAAU;gBACpB,CAAC,CAAC,wCAAwC,UAAU,KAAK;gBACzD,CAAC,CAAC,uBAAuB,CAAC;YAC5B,MAAM,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,GAAG,EAAE,OAAO,EAAE,GAAG,EAAE,QAAQ,EAAE,OAAO,EAAE,CAAC,CAAC;QAC9D,CAAC;IACH,CAAC;IAED,8BAA8B;IAC9B,IAAI,gBAAgB,IAAI,GAAG,EAAE,CAAC;QAC5B,MAAM,EAAE,GAAG,GAAG,CAAC,cAAc,CAAC;QAC9B,IAAI,OAAO,EAAE,KAAK,QAAQ,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,EAAE,CAAC,EAAE,CAAC;YACzD,MAAM,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,gBAAgB,EAAE,OAAO,EAAE,uBAAuB,EAAE,QAAQ,EAAE,OAAO,EAAE,CAAC,CAAC;QAC/F,CAAC;IACH,CAAC;IAED,uBAAuB;IACvB,MAAM,EAAE,GAAG,GAAG,CAAC,UAAiD,CAAC;IACjE,IAAI,EAAE,IAAI,OAAO,EAAE,KAAK,QAAQ,EAAE,CAAC;QACjC,IAAI,MAAM,IAAI,EAAE,IAAI,CAAC,CAAC,QAAQ,EAAE,YAAY,EAAE,SAAS,CAAC,CAAC,QAAQ,CAAC,EAAE,CAAC,IAAc,CAAC,EAAE,CAAC;YACrF,MAAM,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,iBAAiB,EAAE,OAAO,EAAE,wCAAwC,EAAE,QAAQ,EAAE,OAAO,EAAE,CAAC,CAAC;QACjH,CAAC;QACD,IAAI,iBAAiB,IAAI,EAAE;YAAE,SAAS,CAAC,EAAE,CAAC,eAAe,EAAE,QAAQ,EAAE,4BAA4B,EAAE,MAAM,CAAC,CAAC;QAC3G,IAAI,mBAAmB,IAAI,EAAE;YAAE,SAAS,CAAC,EAAE,CAAC,iBAAiB,EAAE,SAAS,EAAE,8BAA8B,EAAE,MAAM,CAAC,CAAC;QAClH,IAAI,kBAAkB,IAAI,EAAE;YAAE,SAAS,CAAC,EAAE,CAAC,gBAAgB,EAAE,QAAQ,EAAE,6BAA6B,EAAE,MAAM,CAAC,CAAC;QAC9G,IAAI,iBAAiB,IAAI,EAAE;YAAE,SAAS,CAAC,EAAE,CAAC,eAAe,EAAE,UAAU,EAAE,4BAA4B,EAAE,MAAM,CAAC,CAAC;QAC7G,IAAI,aAAa,IAAI,EAAE;YAAE,SAAS,CAAC,EAAE,CAAC,WAAW,EAAE,UAAU,EAAE,wBAAwB,EAAE,MAAM,CAAC,CAAC;IACnG,CAAC;IAED,2CAA2C;IAC3C,MAAM,EAAE,GAAG,GAAG,CAAC,QAA+C,CAAC;IAC/D,IAAI,EAAE,IAAI,OAAO,EAAE,KAAK,QAAQ,EAAE,CAAC;QACjC,IAAI,iBAAiB,IAAI,EAAE,IAAI,KAAK,CAAC,OAAO,CAAC,EAAE,CAAC,eAAe,CAAC,EAAE,CAAC;YACjE,KAAK,MAAM,MAAM,IAAI,EAAE,CAAC,eAAe,EAAE,CAAC;gBACxC,IAAI,OAAO,MAAM,KAAK,QAAQ,IAAI,CAAC,yBAAyB,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC;oBACzE,MAAM,KAAK,GAAG,CAAC,GAAG,yBAAyB,CAAC,CAAC,IAAI,EAAE,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;oBAC/D,MAAM,CAAC,IAAI,CAAC;wBACV,IAAI,EAAE,0BAA0B;wBAChC,OAAO,EAAE,+BAA+B,MAAM,aAAa,KAAK,EAAE;wBAClE,QAAQ,EAAE,OAAO;qBAClB,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;IAED,yBAAyB;IACzB,KAAK,MAAM,CAAC,OAAO,EAAE,SAAS,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,eAAe,CAAC,EAAE,CAAC;QACnE,MAAM,GAAG,GAAG,GAAG,CAAC,OAAO,CAAwC,CAAC;QAChE,IAAI,GAAG,IAAI,OAAO,GAAG,KAAK,QAAQ,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC;YAC1D,KAAK,MAAM,GAAG,IAAI,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC;gBACnC,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC;oBACxB,MAAM,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,GAAG,OAAO,IAAI,GAAG,EAAE,EAAE,OAAO,EAAE,aAAa,EAAE,QAAQ,EAAE,OAAO,EAAE,CAAC,CAAC;gBACxF,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;IAED,sCAAsC;IACtC,MAAM,GAAG,GAAG,GAAG,CAAC,UAAiD,CAAC;IAClE,IAAI,GAAG,IAAI,OAAO,GAAG,KAAK,QAAQ,EAAE,CAAC;QACnC,IAAI,cAAc,IAAI,GAAG,EAAE,CAAC;YAC1B,IAAI,OAAO,GAAG,CAAC,YAAY,KAAK,QAAQ,EAAE,CAAC;gBACzC,MAAM,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,yBAAyB,EAAE,OAAO,EAAE,iBAAiB,EAAE,QAAQ,EAAE,OAAO,EAAE,CAAC,CAAC;YAClG,CAAC;iBAAM,IAAI,CAAC,aAAa,CAAC,IAAI,CAAC,GAAG,CAAC,YAAY,CAAC,EAAE,CAAC;gBACjD,MAAM,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,yBAAyB,EAAE,OAAO,EAAE,0CAA0C,EAAE,QAAQ,EAAE,OAAO,EAAE,CAAC,CAAC;YAC3H,CAAC;QACH,CAAC;QACD,IAAI,iBAAiB,IAAI,GAAG,EAAE,CAAC;YAC7B,IAAI,OAAO,GAAG,CAAC,eAAe,KAAK,QAAQ,EAAE,CAAC;gBAC5C,MAAM,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,4BAA4B,EAAE,OAAO,EAAE,iBAAiB,EAAE,QAAQ,EAAE,OAAO,EAAE,CAAC,CAAC;YACrG,CAAC;iBAAM,IAAI,GAAG,CAAC,eAAe,GAAG,CAAC,EAAE,CAAC;gBACnC,MAAM,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,4BAA4B,EAAE,OAAO,EAAE,cAAc,EAAE,QAAQ,EAAE,OAAO,EAAE,CAAC,CAAC;YAClG,CAAC;QACH,CAAC;QACD,IAAI,wBAAwB,IAAI,GAAG,EAAE,CAAC;YACpC,IAAI,OAAO,GAAG,CAAC,sBAAsB,KAAK,QAAQ,EAAE,CAAC;gBACnD,MAAM,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,mCAAmC,EAAE,OAAO,EAAE,iBAAiB,EAAE,QAAQ,EAAE,OAAO,EAAE,CAAC,CAAC;YAC5G,CAAC;iBAAM,IAAI,GAAG,CAAC,sBAAsB,GAAG,CAAC,EAAE,CAAC;gBAC1C,MAAM,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,mCAAmC,EAAE,OAAO,EAAE,cAAc,EAAE,QAAQ,EAAE,OAAO,EAAE,CAAC,CAAC;YACzG,CAAC;QACH,CAAC;QACD,IAAI,gBAAgB,IAAI,GAAG;YAAE,SAAS,CAAC,GAAG,CAAC,cAAc,EAAE,UAAU,EAAE,2BAA2B,EAAE,MAAM,CAAC,CAAC;QAC5G,IAAI,gBAAgB,IAAI,GAAG;YAAE,SAAS,CAAC,GAAG,CAAC,cAAc,EAAE,UAAU,EAAE,2BAA2B,EAAE,MAAM,CAAC,CAAC;QAC5G,IAAI,aAAa,IAAI,GAAG;YAAE,SAAS,CAAC,GAAG,CAAC,WAAW,EAAE,SAAS,EAAE,wBAAwB,EAAE,MAAM,CAAC,CAAC;QAClG,IAAI,OAAO,IAAI,GAAG,EAAE,CAAC;YACnB,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,EAAE,CAAC;gBAC9B,MAAM,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,kBAAkB,EAAE,OAAO,EAAE,gBAAgB,EAAE,QAAQ,EAAE,OAAO,EAAE,CAAC,CAAC;YAC1F,CAAC;iBAAM,CAAC;gBACN,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,GAAG,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;oBAC1C,MAAM,IAAI,GAAG,GAAG,CAAC,KAAK,CAAC,CAAC,CAA4B,CAAC;oBACrD,MAAM,MAAM,GAAG,oBAAoB,CAAC,GAAG,CAAC;oBACxC,IAAI,CAAC,IAAI,IAAI,OAAO,IAAI,KAAK,QAAQ,EAAE,CAAC;wBACtC,MAAM,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,iBAAiB,EAAE,QAAQ,EAAE,OAAO,EAAE,CAAC,CAAC;wBAC7E,SAAS;oBACX,CAAC;oBACD,IAAI,OAAO,IAAI,CAAC,KAAK,KAAK,QAAQ,EAAE,CAAC;wBACnC,MAAM,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,GAAG,MAAM,QAAQ,EAAE,OAAO,EAAE,iBAAiB,EAAE,QAAQ,EAAE,OAAO,EAAE,CAAC,CAAC;oBAC1F,CAAC;oBACD,IAAI,OAAO,IAAI,CAAC,MAAM,KAAK,QAAQ,IAAI,CAAC,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC;wBAC/E,MAAM,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,GAAG,MAAM,SAAS,EAAE,OAAO,EAAE,0BAA0B,EAAE,QAAQ,EAAE,OAAO,EAAE,CAAC,CAAC;oBACpG,CAAC;oBACD,IAAI,OAAO,IAAI,CAAC,MAAM,KAAK,QAAQ,EAAE,CAAC;wBACpC,MAAM,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,GAAG,MAAM,SAAS,EAAE,OAAO,EAAE,iBAAiB,EAAE,QAAQ,EAAE,OAAO,EAAE,CAAC,CAAC;oBAC3F,CAAC;gBACH,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;IAED,qBAAqB;IACrB,MAAM,GAAG,GAAG,GAAG,CAAC,MAA6C,CAAC;IAC9D,IAAI,GAAG,IAAI,OAAO,GAAG,KAAK,QAAQ,EAAE,CAAC;QACnC,IAAI,iBAAiB,IAAI,GAAG;YAAE,SAAS,CAAC,GAAG,CAAC,eAAe,EAAE,SAAS,EAAE,wBAAwB,EAAE,MAAM,CAAC,CAAC;QAC1G,IAAI,oBAAoB,IAAI,GAAG;YAAE,SAAS,CAAC,GAAG,CAAC,kBAAkB,EAAE,QAAQ,EAAE,2BAA2B,EAAE,MAAM,CAAC,CAAC;QAClH,IAAI,kBAAkB,IAAI,GAAG;YAAE,SAAS,CAAC,GAAG,CAAC,gBAAgB,EAAE,SAAS,EAAE,yBAAyB,EAAE,MAAM,CAAC,CAAC;IAC/G,CAAC;IAED,2BAA2B;IAC3B,IAAI,aAAa,IAAI,GAAG,IAAI,OAAO,GAAG,CAAC,WAAW,KAAK,QAAQ,IAAI,GAAG,CAAC,WAAW,GAAG,CAAC,EAAE,CAAC;QACvF,MAAM,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,aAAa,EAAE,OAAO,EAAE,cAAc,EAAE,QAAQ,EAAE,OAAO,EAAE,CAAC,CAAC;IACnF,CAAC;IACD,IAAI,gBAAgB,IAAI,GAAG,IAAI,OAAO,GAAG,CAAC,cAAc,KAAK,QAAQ,IAAI,GAAG,CAAC,cAAc,GAAG,GAAG,EAAE,CAAC;QAClG,MAAM,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,gBAAgB,EAAE,OAAO,EAAE,gBAAgB,EAAE,QAAQ,EAAE,OAAO,EAAE,CAAC,CAAC;IACxF,CAAC;IACD,IAAI,aAAa,IAAI,GAAG,IAAI,OAAO,GAAG,CAAC,WAAW,KAAK,QAAQ,IAAI,GAAG,CAAC,WAAW,GAAG,CAAC,EAAE,CAAC;QACvF,MAAM,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,aAAa,EAAE,OAAO,EAAE,cAAc,EAAE,QAAQ,EAAE,OAAO,EAAE,CAAC,CAAC;IACnF,CAAC;IACD,IAAI,EAAE,IAAI,OAAO,EAAE,KAAK,QAAQ,EAAE,CAAC;QACjC,IAAI,iBAAiB,IAAI,EAAE,IAAI,OAAO,EAAE,CAAC,eAAe,KAAK,QAAQ,IAAI,CAAC,EAAE,CAAC,eAAe,GAAG,CAAC,IAAI,EAAE,CAAC,eAAe,GAAG,CAAC,CAAC,EAAE,CAAC;YAC5H,MAAM,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,4BAA4B,EAAE,OAAO,EAAE,aAAa,EAAE,QAAQ,EAAE,OAAO,EAAE,CAAC,CAAC;QACjG,CAAC;QACD,IAAI,kBAAkB,IAAI,EAAE,IAAI,OAAO,EAAE,CAAC,gBAAgB,KAAK,QAAQ,IAAI,EAAE,CAAC,gBAAgB,GAAG,CAAC,EAAE,CAAC;YACnG,MAAM,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,6BAA6B,EAAE,OAAO,EAAE,cAAc,EAAE,QAAQ,EAAE,OAAO,EAAE,CAAC,CAAC;QACnG,CAAC;IACH,CAAC;IAED,OAAO;QACL,KAAK,EAAE,MAAM,CAAC,MAAM,KAAK,CAAC;QAC1B,MAAM;QACN,QAAQ;KACT,CAAC;AACJ,CAAC"}
|