npm - @unimatrix27/ralph-harness - Versions diffs - 1.0.0 - Mend

@unimatrix27/ralph-harness 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (103) hide show

package/CONTRIBUTING.md +89 -0
package/README.md +401 -0
package/dist/bin/ralph-bootstrap-aws.d.ts +3 -0
package/dist/bin/ralph-bootstrap-aws.d.ts.map +1 -0
package/dist/bin/ralph-bootstrap-aws.js +43 -0
package/dist/bin/ralph-bootstrap-aws.js.map +1 -0
package/dist/bin/ralph-fire.d.ts +3 -0
package/dist/bin/ralph-fire.d.ts.map +1 -0
package/dist/bin/ralph-fire.js +59 -0
package/dist/bin/ralph-fire.js.map +1 -0
package/dist/bin/ralph-gsm.d.ts +3 -0
package/dist/bin/ralph-gsm.d.ts.map +1 -0
package/dist/bin/ralph-gsm.js +93 -0
package/dist/bin/ralph-gsm.js.map +1 -0
package/dist/bin/ralph-orchestrate.d.ts +3 -0
package/dist/bin/ralph-orchestrate.d.ts.map +1 -0
package/dist/bin/ralph-orchestrate.js +20 -0
package/dist/bin/ralph-orchestrate.js.map +1 -0
package/dist/bin/ralph-sync-credential.d.ts +3 -0
package/dist/bin/ralph-sync-credential.d.ts.map +1 -0
package/dist/bin/ralph-sync-credential.js +44 -0
package/dist/bin/ralph-sync-credential.js.map +1 -0
package/dist/bin/ralph-sync-github-pat.d.ts +3 -0
package/dist/bin/ralph-sync-github-pat.d.ts.map +1 -0
package/dist/bin/ralph-sync-github-pat.js +93 -0
package/dist/bin/ralph-sync-github-pat.js.map +1 -0
package/dist/bin/ralph-tail-logs.d.ts +3 -0
package/dist/bin/ralph-tail-logs.d.ts.map +1 -0
package/dist/bin/ralph-tail-logs.js +72 -0
package/dist/bin/ralph-tail-logs.js.map +1 -0
package/dist/bin/ralph-validate-config.d.ts +3 -0
package/dist/bin/ralph-validate-config.d.ts.map +1 -0
package/dist/bin/ralph-validate-config.js +41 -0
package/dist/bin/ralph-validate-config.js.map +1 -0
package/dist/lib/aws-bootstrap.d.ts +53 -0
package/dist/lib/aws-bootstrap.d.ts.map +1 -0
package/dist/lib/aws-bootstrap.js +438 -0
package/dist/lib/aws-bootstrap.js.map +1 -0
package/dist/lib/aws-clients.d.ts +17 -0
package/dist/lib/aws-clients.d.ts.map +1 -0
package/dist/lib/aws-clients.js +25 -0
package/dist/lib/aws-clients.js.map +1 -0
package/dist/lib/claude-runner.d.ts +21 -0
package/dist/lib/claude-runner.d.ts.map +1 -0
package/dist/lib/claude-runner.js +101 -0
package/dist/lib/claude-runner.js.map +1 -0
package/dist/lib/credential-syncer.d.ts +27 -0
package/dist/lib/credential-syncer.d.ts.map +1 -0
package/dist/lib/credential-syncer.js +116 -0
package/dist/lib/credential-syncer.js.map +1 -0
package/dist/lib/ec2-orchestrator.d.ts +38 -0
package/dist/lib/ec2-orchestrator.d.ts.map +1 -0
package/dist/lib/ec2-orchestrator.js +469 -0
package/dist/lib/ec2-orchestrator.js.map +1 -0
package/dist/lib/env-loader.d.ts +18 -0
package/dist/lib/env-loader.d.ts.map +1 -0
package/dist/lib/env-loader.js +120 -0
package/dist/lib/env-loader.js.map +1 -0
package/dist/lib/fire-launcher.d.ts +59 -0
package/dist/lib/fire-launcher.d.ts.map +1 -0
package/dist/lib/fire-launcher.js +320 -0
package/dist/lib/fire-launcher.js.map +1 -0
package/dist/lib/gh-runner.d.ts +13 -0
package/dist/lib/gh-runner.d.ts.map +1 -0
package/dist/lib/gh-runner.js +50 -0
package/dist/lib/gh-runner.js.map +1 -0
package/dist/lib/github-state-mutator.d.ts +11 -0
package/dist/lib/github-state-mutator.d.ts.map +1 -0
package/dist/lib/github-state-mutator.js +179 -0
package/dist/lib/github-state-mutator.js.map +1 -0
package/dist/lib/phase-result-schemas.d.ts +88 -0
package/dist/lib/phase-result-schemas.d.ts.map +1 -0
package/dist/lib/phase-result-schemas.js +180 -0
package/dist/lib/phase-result-schemas.js.map +1 -0
package/dist/lib/post-hoc-agent-stuck-checker.d.ts +26 -0
package/dist/lib/post-hoc-agent-stuck-checker.d.ts.map +1 -0
package/dist/lib/post-hoc-agent-stuck-checker.js +142 -0
package/dist/lib/post-hoc-agent-stuck-checker.js.map +1 -0
package/dist/lib/prompt-renderer.d.ts +4 -0
package/dist/lib/prompt-renderer.d.ts.map +1 -0
package/dist/lib/prompt-renderer.js +30 -0
package/dist/lib/prompt-renderer.js.map +1 -0
package/dist/lib/security-runner.d.ts +7 -0
package/dist/lib/security-runner.d.ts.map +1 -0
package/dist/lib/security-runner.js +53 -0
package/dist/lib/security-runner.js.map +1 -0
package/dist/lib/structured-log-emitter.d.ts +53 -0
package/dist/lib/structured-log-emitter.d.ts.map +1 -0
package/dist/lib/structured-log-emitter.js +122 -0
package/dist/lib/structured-log-emitter.js.map +1 -0
package/dist/lib/target-config-schema.d.ts +28 -0
package/dist/lib/target-config-schema.d.ts.map +1 -0
package/dist/lib/target-config-schema.js +157 -0
package/dist/lib/target-config-schema.js.map +1 -0
package/dist/lib/user-data-renderer.d.ts +20 -0
package/dist/lib/user-data-renderer.d.ts.map +1 -0
package/dist/lib/user-data-renderer.js +75 -0
package/dist/lib/user-data-renderer.js.map +1 -0
package/lib/cloud-init/system-setup.sh +338 -0
package/package.json +55 -0
package/prompts/discovery.md +182 -0
package/prompts/implementation.md +161 -0
package/prompts/review.md +135 -0

package/dist/lib/aws-bootstrap.js ADDED Viewed

@@ -0,0 +1,438 @@
+// aws-bootstrap — idempotent AWS-side and target-side bootstrap for the
+// ralph-harness operator. Public functions ensure each resource exists;
+// re-running on an already-bootstrapped account is a clean no-op.
+//
+// Public surface:
+//   ensureKmsAlias(clients, alias)
+//   ensureSsmSecureString(clients, name, description, kmsAlias)
+//   ensureIamRoleAndProfile(clients, role, profile, githubKey, oauthKey, logGroup, kmsAlias)
+//   ensureSecurityGroup(clients, name, description)
+//   ensureLogGroup(clients, name)
+//   ensureAgentStuckLabel(repo, label)
+//   runAll(opts)
+//
+// Idempotency contract (must match lib/aws-bootstrap.sh — bash module is
+// being deleted in this slice; the contract is what's tested):
+//   Every ensure* function probes for the resource's current state and only
+//   issues create/put calls when state is missing. On second run the only
+//   AWS calls made are read-only describe/get operations.
+//
+// Errors throw; the CLI (ralph-bootstrap-aws) maps them to exit codes.
+import { CreateLogGroupCommand, DescribeLogGroupsCommand, } from "@aws-sdk/client-cloudwatch-logs";
+import { CreateSecurityGroupCommand, DescribeSecurityGroupsCommand, DescribeVpcsCommand, } from "@aws-sdk/client-ec2";
+import { AddRoleToInstanceProfileCommand, AttachRolePolicyCommand, CreateInstanceProfileCommand, CreateRoleCommand, GetInstanceProfileCommand, GetRoleCommand, GetRolePolicyCommand, ListAttachedRolePoliciesCommand, PutRolePolicyCommand, } from "@aws-sdk/client-iam";
+import { CreateAliasCommand, CreateKeyCommand, DescribeKeyCommand, } from "@aws-sdk/client-kms";
+import { GetParameterCommand, ParameterAlreadyExists, PutParameterCommand, } from "@aws-sdk/client-ssm";
+import { GetCallerIdentityCommand } from "@aws-sdk/client-sts";
+import { AWS_REGION } from "./aws-clients.js";
+import { GhRunnerError, runGh } from "./gh-runner.js";
+export const MODULE_PREFIX = "aws-bootstrap";
+export const DEFAULTS = {
+    region: AWS_REGION,
+    kmsAlias: "alias/ralph",
+    iamRole: "ralph-ec2-role",
+    iamProfile: "ralph-ec2-profile",
+    sgName: "ralph-sg",
+    agentStuckLabel: "agent-stuck",
+    agentStuckColor: "d73a4a",
+    githubKey: "/ralph/github-pat",
+    oauthKey: "/ralph/claude-oauth-credential",
+    logGroup: "/ralph/main",
+};
+export function moduleErr(message) {
+    return `${MODULE_PREFIX}: error: ${message}`;
+}
+export function moduleInfo(message) {
+    return `${MODULE_PREFIX}: ${message}`;
+}
+const defaultInfo = (line) => process.stdout.write(`${line}\n`);
+// ---- KMS -------------------------------------------------------------
+// ensureKmsAlias — ensure a KMS CMK exists behind the given alias. If the
+// alias resolves, no-op. Otherwise create a symmetric encrypt/decrypt key
+// and point the alias at it.
+export async function ensureKmsAlias(clients, alias, info = defaultInfo) {
+    try {
+        await clients.kms.send(new DescribeKeyCommand({ KeyId: alias }));
+        info(moduleInfo(`kms: ${alias} already exists`));
+        return;
+    }
+    catch (err) {
+        if (!isNotFound(err))
+            throw err;
+    }
+    const created = await clients.kms.send(new CreateKeyCommand({
+        Description: `ralph-harness CMK (used by ${alias})`,
+        KeyUsage: "ENCRYPT_DECRYPT",
+    }));
+    const keyId = created.KeyMetadata?.KeyId;
+    if (!keyId) {
+        throw new Error(moduleErr(`kms: create-key returned no KeyId`));
+    }
+    await clients.kms.send(new CreateAliasCommand({ AliasName: alias, TargetKeyId: keyId }));
+    info(moduleInfo(`kms: created ${alias} -> ${keyId}`));
+}
+// ---- SSM SecureString -----------------------------------------------
+const SSM_PLACEHOLDER = "PLACEHOLDER-set-via-credential-syncer";
+// ensureSsmSecureString — ensure a SecureString parameter exists at <name>.
+// If missing, create it with a placeholder. If present, leave it untouched
+// (we never overwrite an existing parameter).
+export async function ensureSsmSecureString(clients, name, description, kmsAlias, info = defaultInfo) {
+    try {
+        await clients.ssm.send(new GetParameterCommand({ Name: name, WithDecryption: true }));
+        info(moduleInfo(`ssm: ${name} already exists`));
+        return;
+    }
+    catch (err) {
+        if (!isNotFound(err))
+            throw err;
+    }
+    try {
+        await clients.ssm.send(new PutParameterCommand({
+            Name: name,
+            Description: description,
+            Type: "SecureString",
+            KeyId: kmsAlias,
+            Value: SSM_PLACEHOLDER,
+            Overwrite: false,
+        }));
+    }
+    catch (err) {
+        // Race: another caller created it between our get and put. Treat the
+        // already-exists error as success — the post-condition is "parameter
+        // exists with some value", which is satisfied either way.
+        if (err instanceof ParameterAlreadyExists) {
+            info(moduleInfo(`ssm: ${name} already exists (raced put)`));
+            return;
+        }
+        throw err;
+    }
+    info(moduleInfo(`ssm: created ${name}`));
+}
+const TRUST_POLICY = {
+    Version: "2012-10-17",
+    Statement: [
+        {
+            Sid: "EC2AssumeRole",
+            Effect: "Allow",
+            Action: ["sts:AssumeRole"],
+            // The IAM service ignores Sid uniqueness in trust docs; this is just
+            // the canonical shape. Kept as a literal so the JSON we send is stable.
+            Resource: "ec2.amazonaws.com",
+        },
+    ],
+};
+// The bash port emits the trust policy in a slightly different shape (single
+// Principal:Service statement). The IAM API requires that exact shape, so we
+// emit raw JSON for the trust policy rather than reusing the inline-policy
+// builder.
+const TRUST_POLICY_DOC_JSON = JSON.stringify({
+    Version: "2012-10-17",
+    Statement: [
+        {
+            Effect: "Allow",
+            Principal: { Service: "ec2.amazonaws.com" },
+            Action: "sts:AssumeRole",
+        },
+    ],
+});
+export function buildInlinePolicy(account, githubKey, oauthKey, logGroup, kmsAlias, region = DEFAULTS.region) {
+    return {
+        Version: "2012-10-17",
+        Statement: [
+            {
+                Sid: "ReadAssignedSSMParameters",
+                Effect: "Allow",
+                Action: ["ssm:GetParameter", "ssm:GetParameters"],
+                Resource: [
+                    `arn:aws:ssm:${region}:${account}:parameter${githubKey}`,
+                    `arn:aws:ssm:${region}:${account}:parameter${oauthKey}`,
+                ],
+            },
+            {
+                Sid: "DecryptRalphKMS",
+                Effect: "Allow",
+                Action: ["kms:Decrypt"],
+                Resource: "*",
+                Condition: {
+                    "ForAnyValue:StringEquals": { "kms:ResourceAliases": kmsAlias },
+                },
+            },
+            {
+                Sid: "PutRalphLogs",
+                Effect: "Allow",
+                Action: [
+                    "logs:CreateLogStream",
+                    "logs:PutLogEvents",
+                    "logs:DescribeLogStreams",
+                ],
+                Resource: `arn:aws:logs:${region}:${account}:log-group:${logGroup}:*`,
+            },
+        ],
+    };
+}
+// canonicalJson — stable key-sorted JSON. Used to compare an existing inline
+// policy against the desired one without false-diffing on key order.
+export function canonicalJson(value) {
+    return JSON.stringify(sortKeys(value));
+}
+function sortKeys(value) {
+    if (Array.isArray(value))
+        return value.map(sortKeys);
+    if (value && typeof value === "object") {
+        const obj = value;
+        const out = {};
+        for (const k of Object.keys(obj).sort()) {
+            out[k] = sortKeys(obj[k]);
+        }
+        return out;
+    }
+    return value;
+}
+// ensureIamRoleAndProfile — ensure the EC2 role exists with the EC2 trust
+// policy, AmazonSSMManagedInstanceCore attached, and the inline policy
+// `ralph-inline` granting:
+//   - SSM read on the two assigned parameter keys
+//   - kms:Decrypt scoped to <kmsAlias>
+//   - PutLogEvents scoped to <logGroup>
+// Plus: the instance profile exists and the role is attached to it.
+export async function ensureIamRoleAndProfile(clients, role, profile, githubKey, oauthKey, logGroup, kmsAlias, info = defaultInfo, region = DEFAULTS.region) {
+    const account = await getAccountId(clients);
+    const inlineDoc = buildInlinePolicy(account, githubKey, oauthKey, logGroup, kmsAlias, region);
+    // role
+    let roleExists = false;
+    try {
+        await clients.iam.send(new GetRoleCommand({ RoleName: role }));
+        roleExists = true;
+    }
+    catch (err) {
+        if (!isNotFound(err))
+            throw err;
+    }
+    if (roleExists) {
+        info(moduleInfo(`iam: role ${role} already exists`));
+    }
+    else {
+        await clients.iam.send(new CreateRoleCommand({
+            RoleName: role,
+            Description: "ralph-harness EC2 worker role",
+            AssumeRolePolicyDocument: TRUST_POLICY_DOC_JSON,
+        }));
+        info(moduleInfo(`iam: created role ${role}`));
+    }
+    // managed policy attach
+    const attached = await clients.iam.send(new ListAttachedRolePoliciesCommand({ RoleName: role }));
+    const ssmManaged = (attached.AttachedPolicies ?? []).some((p) => p.PolicyName === "AmazonSSMManagedInstanceCore");
+    if (ssmManaged) {
+        info(moduleInfo(`iam: AmazonSSMManagedInstanceCore already attached to ${role}`));
+    }
+    else {
+        await clients.iam.send(new AttachRolePolicyCommand({
+            RoleName: role,
+            PolicyArn: "arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore",
+        }));
+        info(moduleInfo(`iam: attached AmazonSSMManagedInstanceCore to ${role}`));
+    }
+    // inline policy
+    let existingInlineRaw;
+    try {
+        const got = await clients.iam.send(new GetRolePolicyCommand({
+            RoleName: role,
+            PolicyName: "ralph-inline",
+        }));
+        // GetRolePolicy returns the document URL-encoded in the bash CLI; the
+        // SDK decodes it for us into a JSON string.
+        existingInlineRaw = got.PolicyDocument;
+    }
+    catch (err) {
+        if (!isNotFound(err))
+            throw err;
+    }
+    const desiredCompact = canonicalJson(inlineDoc);
+    let existingCompact = "";
+    if (existingInlineRaw) {
+        try {
+            existingCompact = canonicalJson(JSON.parse(decodeURIComponent(existingInlineRaw)));
+        }
+        catch {
+            // The SDK may already return a decoded JSON string. Try parse-as-is.
+            try {
+                existingCompact = canonicalJson(JSON.parse(existingInlineRaw));
+            }
+            catch {
+                existingCompact = "";
+            }
+        }
+    }
+    if (existingCompact === desiredCompact) {
+        info(moduleInfo(`iam: inline policy ralph-inline already up to date on ${role}`));
+    }
+    else {
+        await clients.iam.send(new PutRolePolicyCommand({
+            RoleName: role,
+            PolicyName: "ralph-inline",
+            PolicyDocument: JSON.stringify(inlineDoc),
+        }));
+        info(moduleInfo(`iam: wrote inline policy ralph-inline on ${role}`));
+    }
+    // instance profile
+    let profileExists = false;
+    let profileHasRole = false;
+    try {
+        const got = await clients.iam.send(new GetInstanceProfileCommand({ InstanceProfileName: profile }));
+        profileExists = true;
+        profileHasRole = (got.InstanceProfile?.Roles ?? []).some((r) => r.RoleName === role);
+    }
+    catch (err) {
+        if (!isNotFound(err))
+            throw err;
+    }
+    if (profileExists) {
+        info(moduleInfo(`iam: instance profile ${profile} already exists`));
+    }
+    else {
+        await clients.iam.send(new CreateInstanceProfileCommand({ InstanceProfileName: profile }));
+        info(moduleInfo(`iam: created instance profile ${profile}`));
+    }
+    if (profileHasRole) {
+        info(moduleInfo(`iam: role ${role} already attached to profile ${profile}`));
+    }
+    else {
+        await clients.iam.send(new AddRoleToInstanceProfileCommand({
+            InstanceProfileName: profile,
+            RoleName: role,
+        }));
+        info(moduleInfo(`iam: attached role ${role} to profile ${profile}`));
+    }
+}
+// ---- EC2 security group ---------------------------------------------
+// ensureSecurityGroup — ensure a security group named <name> exists in the
+// region's default VPC. Newly-created groups inherit the default
+// "no inbound, all outbound" posture, which is what the harness wants.
+export async function ensureSecurityGroup(clients, name, description, info = defaultInfo, region = DEFAULTS.region) {
+    const vpcs = await clients.ec2.send(new DescribeVpcsCommand({
+        Filters: [{ Name: "is-default", Values: ["true"] }],
+    }));
+    const vpcId = vpcs.Vpcs?.[0]?.VpcId;
+    if (!vpcId) {
+        throw new Error(moduleErr(`no default VPC in region ${region}; refusing to create security group`));
+    }
+    const existing = await clients.ec2.send(new DescribeSecurityGroupsCommand({
+        Filters: [
+            { Name: "group-name", Values: [name] },
+            { Name: "vpc-id", Values: [vpcId] },
+        ],
+    }));
+    const existingId = existing.SecurityGroups?.[0]?.GroupId;
+    if (existingId) {
+        info(moduleInfo(`ec2: security group ${name} already exists (${existingId})`));
+        return;
+    }
+    const created = await clients.ec2.send(new CreateSecurityGroupCommand({
+        GroupName: name,
+        Description: description,
+        VpcId: vpcId,
+    }));
+    info(moduleInfo(`ec2: created security group ${name} (${created.GroupId})`));
+}
+// ---- CloudWatch log group -------------------------------------------
+// ensureLogGroup — ensure a CloudWatch log group named <name> exists.
+export async function ensureLogGroup(clients, name, info = defaultInfo) {
+    const list = await clients.logs.send(new DescribeLogGroupsCommand({ logGroupNamePrefix: name }));
+    const found = (list.logGroups ?? []).some((g) => g.logGroupName === name);
+    if (found) {
+        info(moduleInfo(`logs: log group ${name} already exists`));
+        return;
+    }
+    await clients.logs.send(new CreateLogGroupCommand({ logGroupName: name }));
+    info(moduleInfo(`logs: created log group ${name}`));
+}
+// ---- target-side gh label -------------------------------------------
+// ensureAgentStuckLabel — ensure the target repo has the configured stuck
+// label (red). Uses `gh label`, not the AWS SDK.
+export function ensureAgentStuckLabel(repo, label, info = defaultInfo, color = DEFAULTS.agentStuckColor) {
+    let existing = [];
+    try {
+        const r = runGh([
+            "label",
+            "list",
+            "--repo",
+            repo,
+            "--json",
+            "name",
+            "--jq",
+            ".[].name",
+        ]);
+        existing = r.stdout
+            .split("\n")
+            .map((l) => l.trim())
+            .filter((l) => l.length > 0);
+    }
+    catch (err) {
+        // gh exits non-zero only on a real failure (auth missing, repo not
+        // found). Surface that — listing labels is a precondition.
+        throw err instanceof GhRunnerError
+            ? new Error(moduleErr(`label list ${repo} failed: ${err.message}`))
+            : err;
+    }
+    if (existing.includes(label)) {
+        info(moduleInfo(`github: label ${label} already exists on ${repo}`));
+        return;
+    }
+    runGh([
+        "label",
+        "create",
+        label,
+        "--repo",
+        repo,
+        "--color",
+        color,
+        "--description",
+        "Set by ralph-harness when an iteration escapes via the stuck-budget path.",
+    ]);
+    info(moduleInfo(`github: created label ${label} on ${repo}`));
+}
+// runAll — ensure every resource. Idempotent on second run.
+export async function runAll(opts) {
+    const { clients, repo, githubKey = DEFAULTS.githubKey, oauthKey = DEFAULTS.oauthKey, logGroup = DEFAULTS.logGroup, kmsAlias = DEFAULTS.kmsAlias, iamRole = DEFAULTS.iamRole, iamProfile = DEFAULTS.iamProfile, sgName = DEFAULTS.sgName, agentStuckLabel = DEFAULTS.agentStuckLabel, region = DEFAULTS.region, info = defaultInfo, } = opts;
+    info(moduleInfo(`region=${region} target=${repo}`));
+    info(moduleInfo(`github_key=${githubKey} oauth_key=${oauthKey} log_group=${logGroup}`));
+    await ensureKmsAlias(clients, kmsAlias, info);
+    await ensureSsmSecureString(clients, githubKey, "ralph-harness GitHub PAT (SecureString placeholder)", kmsAlias, info);
+    await ensureSsmSecureString(clients, oauthKey, "ralph-harness Claude OAuth credential (SecureString placeholder)", kmsAlias, info);
+    await ensureLogGroup(clients, logGroup, info);
+    await ensureIamRoleAndProfile(clients, iamRole, iamProfile, githubKey, oauthKey, logGroup, kmsAlias, info, region);
+    await ensureSecurityGroup(clients, sgName, "ralph-harness EC2 worker (no inbound, all outbound)", info, region);
+    ensureAgentStuckLabel(repo, agentStuckLabel, info);
+}
+// ---- helpers --------------------------------------------------------
+async function getAccountId(clients) {
+    const r = await clients.sts.send(new GetCallerIdentityCommand({}));
+    if (!r.Account) {
+        throw new Error(moduleErr("sts: GetCallerIdentity returned no Account"));
+    }
+    return r.Account;
+}
+// isNotFound — recognize "resource doesn't exist" errors from the AWS SDK
+// across services. Each service has its own typed exception, but they all
+// share the `name` property convention.
+function isNotFound(err) {
+    if (!err || typeof err !== "object")
+        return false;
+    const e = err;
+    const name = e.name ?? e.Code ?? "";
+    if (name === "NotFoundException" ||
+        name === "NoSuchEntityException" ||
+        name === "ParameterNotFound" ||
+        name === "ResourceNotFoundException" ||
+        name === "ResourceNotFoundFault" ||
+        name === "NotFound" ||
+        name === "InvalidGroup.NotFound") {
+        return true;
+    }
+    // Some errors only carry the httpStatusCode — IAM GetRole returns 404 with
+    // name=NoSuchEntityException already, but be defensive.
+    if (e.$metadata?.httpStatusCode === 404)
+        return true;
+    return false;
+}
+//# sourceMappingURL=aws-bootstrap.js.map

package/dist/lib/aws-bootstrap.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"aws-bootstrap.js","sourceRoot":"","sources":["../../src/lib/aws-bootstrap.ts"],"names":[],"mappings":"AAAA,wEAAwE;AACxE,wEAAwE;AACxE,kEAAkE;AAClE,EAAE;AACF,kBAAkB;AAClB,mCAAmC;AACnC,gEAAgE;AAChE,6FAA6F;AAC7F,oDAAoD;AACpD,kCAAkC;AAClC,uCAAuC;AACvC,iBAAiB;AACjB,EAAE;AACF,yEAAyE;AACzE,+DAA+D;AAC/D,4EAA4E;AAC5E,0EAA0E;AAC1E,0DAA0D;AAC1D,EAAE;AACF,uEAAuE;AAEvE,OAAO,EACL,qBAAqB,EACrB,wBAAwB,GACzB,MAAM,iCAAiC,CAAC;AACzC,OAAO,EACL,0BAA0B,EAC1B,6BAA6B,EAC7B,mBAAmB,GACpB,MAAM,qBAAqB,CAAC;AAC7B,OAAO,EACL,+BAA+B,EAC/B,uBAAuB,EACvB,4BAA4B,EAC5B,iBAAiB,EACjB,yBAAyB,EACzB,cAAc,EACd,oBAAoB,EACpB,+BAA+B,EAC/B,oBAAoB,GACrB,MAAM,qBAAqB,CAAC;AAC7B,OAAO,EACL,kBAAkB,EAClB,gBAAgB,EAChB,kBAAkB,GACnB,MAAM,qBAAqB,CAAC;AAC7B,OAAO,EACL,mBAAmB,EACnB,sBAAsB,EACtB,mBAAmB,GACpB,MAAM,qBAAqB,CAAC;AAC7B,OAAO,EAAE,wBAAwB,EAAE,MAAM,qBAAqB,CAAC;AAE/D,OAAO,EAAE,UAAU,EAAmB,MAAM,kBAAkB,CAAC;AAC/D,OAAO,EAAE,aAAa,EAAE,KAAK,EAAE,MAAM,gBAAgB,CAAC;AAEtD,MAAM,CAAC,MAAM,aAAa,GAAG,eAAe,CAAC;AAE7C,MAAM,CAAC,MAAM,QAAQ,GAAG;IACtB,MAAM,EAAE,UAAU;IAClB,QAAQ,EAAE,aAAa;IACvB,OAAO,EAAE,gBAAgB;IACzB,UAAU,EAAE,mBAAmB;IAC/B,MAAM,EAAE,UAAU;IAClB,eAAe,EAAE,aAAa;IAC9B,eAAe,EAAE,QAAQ;IACzB,SAAS,EAAE,mBAAmB;IAC9B,QAAQ,EAAE,gCAAgC;IAC1C,QAAQ,EAAE,aAAa;CACf,CAAC;AAEX,MAAM,UAAU,SAAS,CAAC,OAAe;IACvC,OAAO,GAAG,aAAa,YAAY,OAAO,EAAE,CAAC;AAC/C,CAAC;AAED,MAAM,UAAU,UAAU,CAAC,OAAe;IACxC,OAAO,GAAG,aAAa,KAAK,OAAO,EAAE,CAAC;AACxC,CAAC;AAID,MAAM,WAAW,GAAW,CAAC,IAAI,EAAE,EAAE,CAAC,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,IAAI,IAAI,CAAC,CAAC;AAExE,yEAAyE;AAEzE,0EAA0E;AAC1E,0EAA0E;AAC1E,6BAA6B;AAC7B,MAAM,CAAC,KAAK,UAAU,cAAc,CAClC,OAAmB,EACnB,KAAa,EACb,OAAe,WAAW;IAE1B,IAAI,CAAC;QACH,MAAM,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,kBAAkB,CAAC,EAAE,KAAK,EAAE,KAAK,EAAE,CAAC,CAAC,CAAC;QACjE,IAAI,CAAC,UAAU,CAAC,QAAQ,KAAK,iBAAiB,CAAC,CAAC,CAAC;QACjD,OAAO;IACT,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC;YAAE,MAAM,GAAG,CAAC;IAClC,CAAC;IAED,MAAM,OAAO,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC,IAAI,CACpC,IAAI,gBAAgB,CAAC;QACnB,WAAW,EAAE,8BAA8B,KAAK,GAAG;QACnD,QAAQ,EAAE,iBAAiB;KAC5B,CAAC,CACH,CAAC;IACF,MAAM,KAAK,GAAG,OAAO,CAAC,WAAW,EAAE,KAAK,CAAC;IACzC,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,MAAM,IAAI,KAAK,CAAC,SAAS,CAAC,mCAAmC,CAAC,CAAC,CAAC;IAClE,CAAC;IAED,MAAM,OAAO,CAAC,GAAG,CAAC,IAAI,CACpB,IAAI,kBAAkB,CAAC,EAAE,SAAS,EAAE,KAAK,EAAE,WAAW,EAAE,KAAK,EAAE,CAAC,CACjE,CAAC;IACF,IAAI,CAAC,UAAU,CAAC,gBAAgB,KAAK,OAAO,KAAK,EAAE,CAAC,CAAC,CAAC;AACxD,CAAC;AAED,wEAAwE;AAExE,MAAM,eAAe,GAAG,uCAAuC,CAAC;AAEhE,4EAA4E;AAC5E,2EAA2E;AAC3E,8CAA8C;AAC9C,MAAM,CAAC,KAAK,UAAU,qBAAqB,CACzC,OAAmB,EACnB,IAAY,EACZ,WAAmB,EACnB,QAAgB,EAChB,OAAe,WAAW;IAE1B,IAAI,CAAC;QACH,MAAM,OAAO,CAAC,GAAG,CAAC,IAAI,CACpB,IAAI,mBAAmB,CAAC,EAAE,IAAI,EAAE,IAAI,EAAE,cAAc,EAAE,IAAI,EAAE,CAAC,CAC9D,CAAC;QACF,IAAI,CAAC,UAAU,CAAC,QAAQ,IAAI,iBAAiB,CAAC,CAAC,CAAC;QAChD,OAAO;IACT,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC;YAAE,MAAM,GAAG,CAAC;IAClC,CAAC;IAED,IAAI,CAAC;QACH,MAAM,OAAO,CAAC,GAAG,CAAC,IAAI,CACpB,IAAI,mBAAmB,CAAC;YACtB,IAAI,EAAE,IAAI;YACV,WAAW,EAAE,WAAW;YACxB,IAAI,EAAE,cAAc;YACpB,KAAK,EAAE,QAAQ;YACf,KAAK,EAAE,eAAe;YACtB,SAAS,EAAE,KAAK;SACjB,CAAC,CACH,CAAC;IACJ,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,qEAAqE;QACrE,qEAAqE;QACrE,0DAA0D;QAC1D,IAAI,GAAG,YAAY,sBAAsB,EAAE,CAAC;YAC1C,IAAI,CAAC,UAAU,CAAC,QAAQ,IAAI,6BAA6B,CAAC,CAAC,CAAC;YAC5D,OAAO;QACT,CAAC;QACD,MAAM,GAAG,CAAC;IACZ,CAAC;IACD,IAAI,CAAC,UAAU,CAAC,gBAAgB,IAAI,EAAE,CAAC,CAAC,CAAC;AAC3C,CAAC;AAiBD,MAAM,YAAY,GAAc;IAC9B,OAAO,EAAE,YAAY;IACrB,SAAS,EAAE;QACT;YACE,GAAG,EAAE,eAAe;YACpB,MAAM,EAAE,OAAO;YACf,MAAM,EAAE,CAAC,gBAAgB,CAAC;YAC1B,qEAAqE;YACrE,wEAAwE;YACxE,QAAQ,EAAE,mBAAmB;SAC9B;KACF;CACsB,CAAC;AAE1B,6EAA6E;AAC7E,6EAA6E;AAC7E,2EAA2E;AAC3E,WAAW;AACX,MAAM,qBAAqB,GAAG,IAAI,CAAC,SAAS,CAAC;IAC3C,OAAO,EAAE,YAAY;IACrB,SAAS,EAAE;QACT;YACE,MAAM,EAAE,OAAO;YACf,SAAS,EAAE,EAAE,OAAO,EAAE,mBAAmB,EAAE;YAC3C,MAAM,EAAE,gBAAgB;SACzB;KACF;CACF,CAAC,CAAC;AAEH,MAAM,UAAU,iBAAiB,CAC/B,OAAe,EACf,SAAiB,EACjB,QAAgB,EAChB,QAAgB,EAChB,QAAgB,EAChB,SAAiB,QAAQ,CAAC,MAAM;IAEhC,OAAO;QACL,OAAO,EAAE,YAAY;QACrB,SAAS,EAAE;YACT;gBACE,GAAG,EAAE,2BAA2B;gBAChC,MAAM,EAAE,OAAO;gBACf,MAAM,EAAE,CAAC,kBAAkB,EAAE,mBAAmB,CAAC;gBACjD,QAAQ,EAAE;oBACR,eAAe,MAAM,IAAI,OAAO,aAAa,SAAS,EAAE;oBACxD,eAAe,MAAM,IAAI,OAAO,aAAa,QAAQ,EAAE;iBACxD;aACF;YACD;gBACE,GAAG,EAAE,iBAAiB;gBACtB,MAAM,EAAE,OAAO;gBACf,MAAM,EAAE,CAAC,aAAa,CAAC;gBACvB,QAAQ,EAAE,GAAG;gBACb,SAAS,EAAE;oBACT,0BAA0B,EAAE,EAAE,qBAAqB,EAAE,QAAQ,EAAE;iBAChE;aACF;YACD;gBACE,GAAG,EAAE,cAAc;gBACnB,MAAM,EAAE,OAAO;gBACf,MAAM,EAAE;oBACN,sBAAsB;oBACtB,mBAAmB;oBACnB,yBAAyB;iBAC1B;gBACD,QAAQ,EAAE,gBAAgB,MAAM,IAAI,OAAO,cAAc,QAAQ,IAAI;aACtE;SACF;KACF,CAAC;AACJ,CAAC;AAED,6EAA6E;AAC7E,qEAAqE;AACrE,MAAM,UAAU,aAAa,CAAC,KAAc;IAC1C,OAAO,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC;AACzC,CAAC;AAED,SAAS,QAAQ,CAAC,KAAc;IAC9B,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC;QAAE,OAAO,KAAK,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;IACrD,IAAI,KAAK,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;QACvC,MAAM,GAAG,GAAG,KAAgC,CAAC;QAC7C,MAAM,GAAG,GAA4B,EAAE,CAAC;QACxC,KAAK,MAAM,CAAC,IAAI,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC;YACxC,GAAG,CAAC,CAAC,CAAC,GAAG,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;QAC5B,CAAC;QACD,OAAO,GAAG,CAAC;IACb,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,0EAA0E;AAC1E,uEAAuE;AACvE,2BAA2B;AAC3B,kDAAkD;AAClD,uCAAuC;AACvC,wCAAwC;AACxC,oEAAoE;AACpE,MAAM,CAAC,KAAK,UAAU,uBAAuB,CAC3C,OAAmB,EACnB,IAAY,EACZ,OAAe,EACf,SAAiB,EACjB,QAAgB,EAChB,QAAgB,EAChB,QAAgB,EAChB,OAAe,WAAW,EAC1B,SAAiB,QAAQ,CAAC,MAAM;IAEhC,MAAM,OAAO,GAAG,MAAM,YAAY,CAAC,OAAO,CAAC,CAAC;IAC5C,MAAM,SAAS,GAAG,iBAAiB,CACjC,OAAO,EACP,SAAS,EACT,QAAQ,EACR,QAAQ,EACR,QAAQ,EACR,MAAM,CACP,CAAC;IAEF,OAAO;IACP,IAAI,UAAU,GAAG,KAAK,CAAC;IACvB,IAAI,CAAC;QACH,MAAM,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,cAAc,CAAC,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC;QAC/D,UAAU,GAAG,IAAI,CAAC;IACpB,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC;YAAE,MAAM,GAAG,CAAC;IAClC,CAAC;IACD,IAAI,UAAU,EAAE,CAAC;QACf,IAAI,CAAC,UAAU,CAAC,aAAa,IAAI,iBAAiB,CAAC,CAAC,CAAC;IACvD,CAAC;SAAM,CAAC;QACN,MAAM,OAAO,CAAC,GAAG,CAAC,IAAI,CACpB,IAAI,iBAAiB,CAAC;YACpB,QAAQ,EAAE,IAAI;YACd,WAAW,EAAE,+BAA+B;YAC5C,wBAAwB,EAAE,qBAAqB;SAChD,CAAC,CACH,CAAC;QACF,IAAI,CAAC,UAAU,CAAC,qBAAqB,IAAI,EAAE,CAAC,CAAC,CAAC;IAChD,CAAC;IAED,wBAAwB;IACxB,MAAM,QAAQ,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC,IAAI,CACrC,IAAI,+BAA+B,CAAC,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC,CACxD,CAAC;IACF,MAAM,UAAU,GAAG,CAAC,QAAQ,CAAC,gBAAgB,IAAI,EAAE,CAAC,CAAC,IAAI,CACvD,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,UAAU,KAAK,8BAA8B,CACvD,CAAC;IACF,IAAI,UAAU,EAAE,CAAC;QACf,IAAI,CACF,UAAU,CACR,yDAAyD,IAAI,EAAE,CAChE,CACF,CAAC;IACJ,CAAC;SAAM,CAAC;QACN,MAAM,OAAO,CAAC,GAAG,CAAC,IAAI,CACpB,IAAI,uBAAuB,CAAC;YAC1B,QAAQ,EAAE,IAAI;YACd,SAAS,EAAE,sDAAsD;SAClE,CAAC,CACH,CAAC;QACF,IAAI,CAAC,UAAU,CAAC,iDAAiD,IAAI,EAAE,CAAC,CAAC,CAAC;IAC5E,CAAC;IAED,gBAAgB;IAChB,IAAI,iBAAqC,CAAC;IAC1C,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC,IAAI,CAChC,IAAI,oBAAoB,CAAC;YACvB,QAAQ,EAAE,IAAI;YACd,UAAU,EAAE,cAAc;SAC3B,CAAC,CACH,CAAC;QACF,sEAAsE;QACtE,4CAA4C;QAC5C,iBAAiB,GAAG,GAAG,CAAC,cAAc,CAAC;IACzC,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC;YAAE,MAAM,GAAG,CAAC;IAClC,CAAC;IACD,MAAM,cAAc,GAAG,aAAa,CAAC,SAAS,CAAC,CAAC;IAChD,IAAI,eAAe,GAAG,EAAE,CAAC;IACzB,IAAI,iBAAiB,EAAE,CAAC;QACtB,IAAI,CAAC;YACH,eAAe,GAAG,aAAa,CAC7B,IAAI,CAAC,KAAK,CAAC,kBAAkB,CAAC,iBAAiB,CAAC,CAAC,CAClD,CAAC;QACJ,CAAC;QAAC,MAAM,CAAC;YACP,qEAAqE;YACrE,IAAI,CAAC;gBACH,eAAe,GAAG,aAAa,CAAC,IAAI,CAAC,KAAK,CAAC,iBAAiB,CAAC,CAAC,CAAC;YACjE,CAAC;YAAC,MAAM,CAAC;gBACP,eAAe,GAAG,EAAE,CAAC;YACvB,CAAC;QACH,CAAC;IACH,CAAC;IACD,IAAI,eAAe,KAAK,cAAc,EAAE,CAAC;QACvC,IAAI,CACF,UAAU,CACR,yDAAyD,IAAI,EAAE,CAChE,CACF,CAAC;IACJ,CAAC;SAAM,CAAC;QACN,MAAM,OAAO,CAAC,GAAG,CAAC,IAAI,CACpB,IAAI,oBAAoB,CAAC;YACvB,QAAQ,EAAE,IAAI;YACd,UAAU,EAAE,cAAc;YAC1B,cAAc,EAAE,IAAI,CAAC,SAAS,CAAC,SAAS,CAAC;SAC1C,CAAC,CACH,CAAC;QACF,IAAI,CAAC,UAAU,CAAC,4CAA4C,IAAI,EAAE,CAAC,CAAC,CAAC;IACvE,CAAC;IAED,mBAAmB;IACnB,IAAI,aAAa,GAAG,KAAK,CAAC;IAC1B,IAAI,cAAc,GAAG,KAAK,CAAC;IAC3B,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC,IAAI,CAChC,IAAI,yBAAyB,CAAC,EAAE,mBAAmB,EAAE,OAAO,EAAE,CAAC,CAChE,CAAC;QACF,aAAa,GAAG,IAAI,CAAC;QACrB,cAAc,GAAG,CAAC,GAAG,CAAC,eAAe,EAAE,KAAK,IAAI,EAAE,CAAC,CAAC,IAAI,CACtD,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,IAAI,CAC3B,CAAC;IACJ,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC;YAAE,MAAM,GAAG,CAAC;IAClC,CAAC;IAED,IAAI,aAAa,EAAE,CAAC;QAClB,IAAI,CAAC,UAAU,CAAC,yBAAyB,OAAO,iBAAiB,CAAC,CAAC,CAAC;IACtE,CAAC;SAAM,CAAC;QACN,MAAM,OAAO,CAAC,GAAG,CAAC,IAAI,CACpB,IAAI,4BAA4B,CAAC,EAAE,mBAAmB,EAAE,OAAO,EAAE,CAAC,CACnE,CAAC;QACF,IAAI,CAAC,UAAU,CAAC,iCAAiC,OAAO,EAAE,CAAC,CAAC,CAAC;IAC/D,CAAC;IAED,IAAI,cAAc,EAAE,CAAC;QACnB,IAAI,CACF,UAAU,CAAC,aAAa,IAAI,gCAAgC,OAAO,EAAE,CAAC,CACvE,CAAC;IACJ,CAAC;SAAM,CAAC;QACN,MAAM,OAAO,CAAC,GAAG,CAAC,IAAI,CACpB,IAAI,+BAA+B,CAAC;YAClC,mBAAmB,EAAE,OAAO;YAC5B,QAAQ,EAAE,IAAI;SACf,CAAC,CACH,CAAC;QACF,IAAI,CAAC,UAAU,CAAC,sBAAsB,IAAI,eAAe,OAAO,EAAE,CAAC,CAAC,CAAC;IACvE,CAAC;AACH,CAAC;AAED,wEAAwE;AAExE,2EAA2E;AAC3E,iEAAiE;AACjE,uEAAuE;AACvE,MAAM,CAAC,KAAK,UAAU,mBAAmB,CACvC,OAAmB,EACnB,IAAY,EACZ,WAAmB,EACnB,OAAe,WAAW,EAC1B,SAAiB,QAAQ,CAAC,MAAM;IAEhC,MAAM,IAAI,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC,IAAI,CACjC,IAAI,mBAAmB,CAAC;QACtB,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,YAAY,EAAE,MAAM,EAAE,CAAC,MAAM,CAAC,EAAE,CAAC;KACpD,CAAC,CACH,CAAC;IACF,MAAM,KAAK,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,CAAC;IACpC,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,MAAM,IAAI,KAAK,CACb,SAAS,CACP,4BAA4B,MAAM,qCAAqC,CACxE,CACF,CAAC;IACJ,CAAC;IAED,MAAM,QAAQ,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC,IAAI,CACrC,IAAI,6BAA6B,CAAC;QAChC,OAAO,EAAE;YACP,EAAE,IAAI,EAAE,YAAY,EAAE,MAAM,EAAE,CAAC,IAAI,CAAC,EAAE;YACtC,EAAE,IAAI,EAAE,QAAQ,EAAE,MAAM,EAAE,CAAC,KAAK,CAAC,EAAE;SACpC;KACF,CAAC,CACH,CAAC;IACF,MAAM,UAAU,GAAG,QAAQ,CAAC,cAAc,EAAE,CAAC,CAAC,CAAC,EAAE,OAAO,CAAC;IACzD,IAAI,UAAU,EAAE,CAAC;QACf,IAAI,CACF,UAAU,CAAC,uBAAuB,IAAI,oBAAoB,UAAU,GAAG,CAAC,CACzE,CAAC;QACF,OAAO;IACT,CAAC;IAED,MAAM,OAAO,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC,IAAI,CACpC,IAAI,0BAA0B,CAAC;QAC7B,SAAS,EAAE,IAAI;QACf,WAAW,EAAE,WAAW;QACxB,KAAK,EAAE,KAAK;KACb,CAAC,CACH,CAAC;IACF,IAAI,CACF,UAAU,CAAC,+BAA+B,IAAI,KAAK,OAAO,CAAC,OAAO,GAAG,CAAC,CACvE,CAAC;AACJ,CAAC;AAED,wEAAwE;AAExE,sEAAsE;AACtE,MAAM,CAAC,KAAK,UAAU,cAAc,CAClC,OAAmB,EACnB,IAAY,EACZ,OAAe,WAAW;IAE1B,MAAM,IAAI,GAAG,MAAM,OAAO,CAAC,IAAI,CAAC,IAAI,CAClC,IAAI,wBAAwB,CAAC,EAAE,kBAAkB,EAAE,IAAI,EAAE,CAAC,CAC3D,CAAC;IACF,MAAM,KAAK,GAAG,CAAC,IAAI,CAAC,SAAS,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,YAAY,KAAK,IAAI,CAAC,CAAC;IAC1E,IAAI,KAAK,EAAE,CAAC;QACV,IAAI,CAAC,UAAU,CAAC,mBAAmB,IAAI,iBAAiB,CAAC,CAAC,CAAC;QAC3D,OAAO;IACT,CAAC;IACD,MAAM,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,qBAAqB,CAAC,EAAE,YAAY,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC;IAC3E,IAAI,CAAC,UAAU,CAAC,2BAA2B,IAAI,EAAE,CAAC,CAAC,CAAC;AACtD,CAAC;AAED,wEAAwE;AAExE,0EAA0E;AAC1E,iDAAiD;AACjD,MAAM,UAAU,qBAAqB,CACnC,IAAY,EACZ,KAAa,EACb,OAAe,WAAW,EAC1B,QAAgB,QAAQ,CAAC,eAAe;IAExC,IAAI,QAAQ,GAAa,EAAE,CAAC;IAC5B,IAAI,CAAC;QACH,MAAM,CAAC,GAAG,KAAK,CAAC;YACd,OAAO;YACP,MAAM;YACN,QAAQ;YACR,IAAI;YACJ,QAAQ;YACR,MAAM;YACN,MAAM;YACN,UAAU;SACX,CAAC,CAAC;QACH,QAAQ,GAAG,CAAC,CAAC,MAAM;aAChB,KAAK,CAAC,IAAI,CAAC;aACX,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;aACpB,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;IACjC,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,mEAAmE;QACnE,2DAA2D;QAC3D,MAAM,GAAG,YAAY,aAAa;YAChC,CAAC,CAAC,IAAI,KAAK,CAAC,SAAS,CAAC,cAAc,IAAI,YAAY,GAAG,CAAC,OAAO,EAAE,CAAC,CAAC;YACnE,CAAC,CAAC,GAAG,CAAC;IACV,CAAC;IACD,IAAI,QAAQ,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;QAC7B,IAAI,CAAC,UAAU,CAAC,iBAAiB,KAAK,sBAAsB,IAAI,EAAE,CAAC,CAAC,CAAC;QACrE,OAAO;IACT,CAAC;IACD,KAAK,CAAC;QACJ,OAAO;QACP,QAAQ;QACR,KAAK;QACL,QAAQ;QACR,IAAI;QACJ,SAAS;QACT,KAAK;QACL,eAAe;QACf,2EAA2E;KAC5E,CAAC,CAAC;IACH,IAAI,CAAC,UAAU,CAAC,yBAAyB,KAAK,OAAO,IAAI,EAAE,CAAC,CAAC,CAAC;AAChE,CAAC;AAmBD,4DAA4D;AAC5D,MAAM,CAAC,KAAK,UAAU,MAAM,CAAC,IAAmB;IAC9C,MAAM,EACJ,OAAO,EACP,IAAI,EACJ,SAAS,GAAG,QAAQ,CAAC,SAAS,EAC9B,QAAQ,GAAG,QAAQ,CAAC,QAAQ,EAC5B,QAAQ,GAAG,QAAQ,CAAC,QAAQ,EAC5B,QAAQ,GAAG,QAAQ,CAAC,QAAQ,EAC5B,OAAO,GAAG,QAAQ,CAAC,OAAO,EAC1B,UAAU,GAAG,QAAQ,CAAC,UAAU,EAChC,MAAM,GAAG,QAAQ,CAAC,MAAM,EACxB,eAAe,GAAG,QAAQ,CAAC,eAAe,EAC1C,MAAM,GAAG,QAAQ,CAAC,MAAM,EACxB,IAAI,GAAG,WAAW,GACnB,GAAG,IAAI,CAAC;IAET,IAAI,CAAC,UAAU,CAAC,UAAU,MAAM,WAAW,IAAI,EAAE,CAAC,CAAC,CAAC;IACpD,IAAI,CACF,UAAU,CACR,cAAc,SAAS,cAAc,QAAQ,cAAc,QAAQ,EAAE,CACtE,CACF,CAAC;IAEF,MAAM,cAAc,CAAC,OAAO,EAAE,QAAQ,EAAE,IAAI,CAAC,CAAC;IAC9C,MAAM,qBAAqB,CACzB,OAAO,EACP,SAAS,EACT,qDAAqD,EACrD,QAAQ,EACR,IAAI,CACL,CAAC;IACF,MAAM,qBAAqB,CACzB,OAAO,EACP,QAAQ,EACR,kEAAkE,EAClE,QAAQ,EACR,IAAI,CACL,CAAC;IACF,MAAM,cAAc,CAAC,OAAO,EAAE,QAAQ,EAAE,IAAI,CAAC,CAAC;IAC9C,MAAM,uBAAuB,CAC3B,OAAO,EACP,OAAO,EACP,UAAU,EACV,SAAS,EACT,QAAQ,EACR,QAAQ,EACR,QAAQ,EACR,IAAI,EACJ,MAAM,CACP,CAAC;IACF,MAAM,mBAAmB,CACvB,OAAO,EACP,MAAM,EACN,qDAAqD,EACrD,IAAI,EACJ,MAAM,CACP,CAAC;IACF,qBAAqB,CAAC,IAAI,EAAE,eAAe,EAAE,IAAI,CAAC,CAAC;AACrD,CAAC;AAED,wEAAwE;AAExE,KAAK,UAAU,YAAY,CAAC,OAAmB;IAC7C,MAAM,CAAC,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,wBAAwB,CAAC,EAAE,CAAC,CAAC,CAAC;IACnE,IAAI,CAAC,CAAC,CAAC,OAAO,EAAE,CAAC;QACf,MAAM,IAAI,KAAK,CAAC,SAAS,CAAC,4CAA4C,CAAC,CAAC,CAAC;IAC3E,CAAC;IACD,OAAO,CAAC,CAAC,OAAO,CAAC;AACnB,CAAC;AAED,0EAA0E;AAC1E,0EAA0E;AAC1E,wCAAwC;AACxC,SAAS,UAAU,CAAC,GAAY;IAC9B,IAAI,CAAC,GAAG,IAAI,OAAO,GAAG,KAAK,QAAQ;QAAE,OAAO,KAAK,CAAC;IAClD,MAAM,CAAC,GAAG,GAAgF,CAAC;IAC3F,MAAM,IAAI,GAAG,CAAC,CAAC,IAAI,IAAI,CAAC,CAAC,IAAI,IAAI,EAAE,CAAC;IACpC,IACE,IAAI,KAAK,mBAAmB;QAC5B,IAAI,KAAK,uBAAuB;QAChC,IAAI,KAAK,mBAAmB;QAC5B,IAAI,KAAK,2BAA2B;QACpC,IAAI,KAAK,uBAAuB;QAChC,IAAI,KAAK,UAAU;QACnB,IAAI,KAAK,uBAAuB,EAChC,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;IACD,2EAA2E;IAC3E,wDAAwD;IACxD,IAAI,CAAC,CAAC,SAAS,EAAE,cAAc,KAAK,GAAG;QAAE,OAAO,IAAI,CAAC;IACrD,OAAO,KAAK,CAAC;AACf,CAAC"}

package/dist/lib/aws-clients.d.ts ADDED Viewed

@@ -0,0 +1,17 @@
+import { CloudWatchLogsClient } from "@aws-sdk/client-cloudwatch-logs";
+import { EC2Client } from "@aws-sdk/client-ec2";
+import { IAMClient } from "@aws-sdk/client-iam";
+import { KMSClient } from "@aws-sdk/client-kms";
+import { SSMClient } from "@aws-sdk/client-ssm";
+import { STSClient } from "@aws-sdk/client-sts";
+export declare const AWS_REGION = "eu-central-1";
+export interface AwsClients {
+    kms: KMSClient;
+    ssm: SSMClient;
+    iam: IAMClient;
+    ec2: EC2Client;
+    logs: CloudWatchLogsClient;
+    sts: STSClient;
+}
+export declare function defaultAwsClients(region?: string): AwsClients;
+//# sourceMappingURL=aws-clients.d.ts.map

package/dist/lib/aws-clients.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"aws-clients.d.ts","sourceRoot":"","sources":["../../src/lib/aws-clients.ts"],"names":[],"mappings":"AAQA,OAAO,EAAE,oBAAoB,EAAE,MAAM,iCAAiC,CAAC;AACvE,OAAO,EAAE,SAAS,EAAE,MAAM,qBAAqB,CAAC;AAChD,OAAO,EAAE,SAAS,EAAE,MAAM,qBAAqB,CAAC;AAChD,OAAO,EAAE,SAAS,EAAE,MAAM,qBAAqB,CAAC;AAChD,OAAO,EAAE,SAAS,EAAE,MAAM,qBAAqB,CAAC;AAChD,OAAO,EAAE,SAAS,EAAE,MAAM,qBAAqB,CAAC;AAEhD,eAAO,MAAM,UAAU,iBAAiB,CAAC;AAEzC,MAAM,WAAW,UAAU;IACzB,GAAG,EAAE,SAAS,CAAC;IACf,GAAG,EAAE,SAAS,CAAC;IACf,GAAG,EAAE,SAAS,CAAC;IACf,GAAG,EAAE,SAAS,CAAC;IACf,IAAI,EAAE,oBAAoB,CAAC;IAC3B,GAAG,EAAE,SAAS,CAAC;CAChB;AAED,wBAAgB,iBAAiB,CAAC,MAAM,GAAE,MAAmB,GAAG,UAAU,CASzE"}

package/dist/lib/aws-clients.js ADDED Viewed

@@ -0,0 +1,25 @@
+// aws-clients — typed wrappers around the AWS SDK clients the operator CLIs
+// need. Centralized so every module shares the same region and credential
+// chain, and so tests can inject mocks via the `AwsClients` interface.
+//
+// Region is forced to `eu-central-1` — matching the bash port and the rest
+// of the harness. Override only via the explicit constructor argument (used
+// by tests).
+import { CloudWatchLogsClient } from "@aws-sdk/client-cloudwatch-logs";
+import { EC2Client } from "@aws-sdk/client-ec2";
+import { IAMClient } from "@aws-sdk/client-iam";
+import { KMSClient } from "@aws-sdk/client-kms";
+import { SSMClient } from "@aws-sdk/client-ssm";
+import { STSClient } from "@aws-sdk/client-sts";
+export const AWS_REGION = "eu-central-1";
+export function defaultAwsClients(region = AWS_REGION) {
+    return {
+        kms: new KMSClient({ region }),
+        ssm: new SSMClient({ region }),
+        iam: new IAMClient({ region }),
+        ec2: new EC2Client({ region }),
+        logs: new CloudWatchLogsClient({ region }),
+        sts: new STSClient({ region }),
+    };
+}
+//# sourceMappingURL=aws-clients.js.map

package/dist/lib/aws-clients.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"aws-clients.js","sourceRoot":"","sources":["../../src/lib/aws-clients.ts"],"names":[],"mappings":"AAAA,4EAA4E;AAC5E,0EAA0E;AAC1E,uEAAuE;AACvE,EAAE;AACF,2EAA2E;AAC3E,4EAA4E;AAC5E,aAAa;AAEb,OAAO,EAAE,oBAAoB,EAAE,MAAM,iCAAiC,CAAC;AACvE,OAAO,EAAE,SAAS,EAAE,MAAM,qBAAqB,CAAC;AAChD,OAAO,EAAE,SAAS,EAAE,MAAM,qBAAqB,CAAC;AAChD,OAAO,EAAE,SAAS,EAAE,MAAM,qBAAqB,CAAC;AAChD,OAAO,EAAE,SAAS,EAAE,MAAM,qBAAqB,CAAC;AAChD,OAAO,EAAE,SAAS,EAAE,MAAM,qBAAqB,CAAC;AAEhD,MAAM,CAAC,MAAM,UAAU,GAAG,cAAc,CAAC;AAWzC,MAAM,UAAU,iBAAiB,CAAC,SAAiB,UAAU;IAC3D,OAAO;QACL,GAAG,EAAE,IAAI,SAAS,CAAC,EAAE,MAAM,EAAE,CAAC;QAC9B,GAAG,EAAE,IAAI,SAAS,CAAC,EAAE,MAAM,EAAE,CAAC;QAC9B,GAAG,EAAE,IAAI,SAAS,CAAC,EAAE,MAAM,EAAE,CAAC;QAC9B,GAAG,EAAE,IAAI,SAAS,CAAC,EAAE,MAAM,EAAE,CAAC;QAC9B,IAAI,EAAE,IAAI,oBAAoB,CAAC,EAAE,MAAM,EAAE,CAAC;QAC1C,GAAG,EAAE,IAAI,SAAS,CAAC,EAAE,MAAM,EAAE,CAAC;KAC/B,CAAC;AACJ,CAAC"}

package/dist/lib/claude-runner.d.ts ADDED Viewed

@@ -0,0 +1,21 @@
+export declare const MODULE_PREFIX = "claude-runner";
+export interface RunClaudeOptions {
+    bin?: string;
+    flags?: string;
+    model?: string;
+    env?: NodeJS.ProcessEnv;
+    stdout?: NodeJS.WritableStream;
+    stderr?: NodeJS.WritableStream;
+}
+export interface ClaudeResult {
+    exitCode: number;
+}
+export declare class ClaudeRunnerError extends Error {
+    readonly cause: unknown;
+    constructor(cause: unknown, message: string);
+}
+export declare function resolveFlags(env?: NodeJS.ProcessEnv): string;
+export declare function resolveBin(env?: NodeJS.ProcessEnv): string;
+export declare function buildArgv(flags: string, model?: string): string[];
+export declare function runClaude(prompt: string, opts?: RunClaudeOptions): Promise<ClaudeResult>;
+//# sourceMappingURL=claude-runner.d.ts.map

package/dist/lib/claude-runner.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"claude-runner.d.ts","sourceRoot":"","sources":["../../src/lib/claude-runner.ts"],"names":[],"mappings":"AA4BA,eAAO,MAAM,aAAa,kBAAkB,CAAC;AAM7C,MAAM,WAAW,gBAAgB;IAC/B,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,KAAK,CAAC,EAAE,MAAM,CAAC;IAEf,GAAG,CAAC,EAAE,MAAM,CAAC,UAAU,CAAC;IAGxB,MAAM,CAAC,EAAE,MAAM,CAAC,cAAc,CAAC;IAC/B,MAAM,CAAC,EAAE,MAAM,CAAC,cAAc,CAAC;CAChC;AAED,MAAM,WAAW,YAAY;IAC3B,QAAQ,EAAE,MAAM,CAAC;CAClB;AAED,qBAAa,iBAAkB,SAAQ,KAAK;aACd,KAAK,EAAE,OAAO;gBAAd,KAAK,EAAE,OAAO,EAAE,OAAO,EAAE,MAAM;CAI5D;AAMD,wBAAgB,YAAY,CAAC,GAAG,GAAE,MAAM,CAAC,UAAwB,GAAG,MAAM,CAKzE;AAED,wBAAgB,UAAU,CAAC,GAAG,GAAE,MAAM,CAAC,UAAwB,GAAG,MAAM,CAIvE;AAED,wBAAgB,SAAS,CACvB,KAAK,EAAE,MAAM,EACb,KAAK,CAAC,EAAE,MAAM,GACb,MAAM,EAAE,CAMV;AAYD,wBAAsB,SAAS,CAC7B,MAAM,EAAE,MAAM,EACd,IAAI,GAAE,gBAAqB,GAC1B,OAAO,CAAC,YAAY,CAAC,CA6CvB"}

package/dist/lib/claude-runner.js ADDED Viewed

@@ -0,0 +1,101 @@
+// claude-runner — subprocess wrapper around `claude --print`.
+//
+// Exists so the orchestrator can be unit-tested by mocking exactly one module
+// instead of stubbing the `claude` binary. The contract:
+//
+//   runClaude(prompt, opts) — spawn `claude --print [flags...]`, pipe the
+//     prompt to stdin, forward stdout/stderr to the parent so CloudWatch
+//     captures everything. Returns { exitCode } once the child exits.
+//
+// Knobs (read from opts; falls back to env or hard defaults):
+//   bin           — process binary; default `claude` (override:
+//                   RALPH_CLAUDE_BIN). Tests inject a stub.
+//   flags         — extra CLI flags split on whitespace; default
+//                   `--permission-mode bypassPermissions` (override:
+//                   RALPH_CLAUDE_FLAGS). RALPH_DEBUG_TRANSCRIPT=1 swaps in the
+//                   stream-json + --verbose set so the per-instance
+//                   CloudWatch stream captures every assistant message and
+//                   tool_use/tool_result.
+//   model         — passed as `--model <value>` if set. Phase callers pull
+//                   from RALPH_DISCOVERY_MODEL / RALPH_IMPL_MODEL /
+//                   RALPH_REVIEW_MODEL.
+//
+// The wrapper does not interpret the prompt or claude's output — it is a
+// thin pipe. Callers branch on exitCode and on the contract files claude
+// writes under /tmp/ralph/.
+import { spawn } from "node:child_process";
+export const MODULE_PREFIX = "claude-runner";
+const DEFAULT_FLAGS = "--permission-mode bypassPermissions";
+const DEBUG_FLAGS = "--permission-mode bypassPermissions --output-format stream-json --verbose";
+export class ClaudeRunnerError extends Error {
+    cause;
+    constructor(cause, message) {
+        super(message);
+        this.cause = cause;
+        this.name = "ClaudeRunnerError";
+    }
+}
+// resolveFlags — picks the flag set per the env contract:
+//   RALPH_DEBUG_TRANSCRIPT=1 → DEBUG_FLAGS (stream-json + --verbose)
+//   RALPH_CLAUDE_FLAGS set    → use as-is
+//   else                      → DEFAULT_FLAGS
+export function resolveFlags(env = process.env) {
+    if (env.RALPH_DEBUG_TRANSCRIPT === "1")
+        return DEBUG_FLAGS;
+    const explicit = env.RALPH_CLAUDE_FLAGS;
+    if (explicit && explicit.length > 0)
+        return explicit;
+    return DEFAULT_FLAGS;
+}
+export function resolveBin(env = process.env) {
+    return env.RALPH_CLAUDE_BIN && env.RALPH_CLAUDE_BIN.length > 0
+        ? env.RALPH_CLAUDE_BIN
+        : "claude";
+}
+export function buildArgv(flags, model) {
+    const argv = ["--print", ...splitFlags(flags)];
+    if (model && model.length > 0) {
+        argv.push("--model", model);
+    }
+    return argv;
+}
+function splitFlags(s) {
+    // The bash port used `${RALPH_CLAUDE_FLAGS:-...}` array-splitting, which
+    // splits on IFS. We replicate by splitting on runs of whitespace and
+    // dropping empty fragments.
+    return s
+        .split(/[ \t\n]+/)
+        .map((t) => t.trim())
+        .filter((t) => t.length > 0);
+}
+export async function runClaude(prompt, opts = {}) {
+    const env = opts.env ?? process.env;
+    const bin = opts.bin ?? resolveBin(env);
+    const flags = opts.flags ?? resolveFlags(env);
+    const argv = buildArgv(flags, opts.model);
+    const stdout = opts.stdout ?? process.stdout;
+    const stderr = opts.stderr ?? process.stderr;
+    return new Promise((resolve, reject) => {
+        let child;
+        try {
+            child = spawn(bin, argv, {
+                env: { ...env },
+                stdio: ["pipe", "pipe", "pipe"],
+            });
+        }
+        catch (err) {
+            reject(new ClaudeRunnerError(err, `${MODULE_PREFIX}: failed to spawn ${bin}: ${err instanceof Error ? err.message : String(err)}`));
+            return;
+        }
+        child.on("error", (err) => {
+            reject(new ClaudeRunnerError(err, `${MODULE_PREFIX}: ${bin} errored: ${err.message}`));
+        });
+        child.stdout?.on("data", (chunk) => stdout.write(chunk));
+        child.stderr?.on("data", (chunk) => stderr.write(chunk));
+        child.on("close", (code) => {
+            resolve({ exitCode: code ?? -1 });
+        });
+        child.stdin?.end(prompt);
+    });
+}
+//# sourceMappingURL=claude-runner.js.map

package/dist/lib/claude-runner.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"claude-runner.js","sourceRoot":"","sources":["../../src/lib/claude-runner.ts"],"names":[],"mappings":"AAAA,8DAA8D;AAC9D,EAAE;AACF,8EAA8E;AAC9E,yDAAyD;AACzD,EAAE;AACF,0EAA0E;AAC1E,yEAAyE;AACzE,sEAAsE;AACtE,EAAE;AACF,8DAA8D;AAC9D,gEAAgE;AAChE,4DAA4D;AAC5D,iEAAiE;AACjE,qEAAqE;AACrE,+EAA+E;AAC/E,oEAAoE;AACpE,2EAA2E;AAC3E,0CAA0C;AAC1C,2EAA2E;AAC3E,oEAAoE;AACpE,wCAAwC;AACxC,EAAE;AACF,yEAAyE;AACzE,yEAAyE;AACzE,4BAA4B;AAE5B,OAAO,EAAE,KAAK,EAAE,MAAM,oBAAoB,CAAC;AAE3C,MAAM,CAAC,MAAM,aAAa,GAAG,eAAe,CAAC;AAE7C,MAAM,aAAa,GAAG,qCAAqC,CAAC;AAC5D,MAAM,WAAW,GACf,2EAA2E,CAAC;AAkB9E,MAAM,OAAO,iBAAkB,SAAQ,KAAK;IACd;IAA5B,YAA4B,KAAc,EAAE,OAAe;QACzD,KAAK,CAAC,OAAO,CAAC,CAAC;QADW,UAAK,GAAL,KAAK,CAAS;QAExC,IAAI,CAAC,IAAI,GAAG,mBAAmB,CAAC;IAClC,CAAC;CACF;AAED,0DAA0D;AAC1D,qEAAqE;AACrE,0CAA0C;AAC1C,8CAA8C;AAC9C,MAAM,UAAU,YAAY,CAAC,MAAyB,OAAO,CAAC,GAAG;IAC/D,IAAI,GAAG,CAAC,sBAAsB,KAAK,GAAG;QAAE,OAAO,WAAW,CAAC;IAC3D,MAAM,QAAQ,GAAG,GAAG,CAAC,kBAAkB,CAAC;IACxC,IAAI,QAAQ,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC;QAAE,OAAO,QAAQ,CAAC;IACrD,OAAO,aAAa,CAAC;AACvB,CAAC;AAED,MAAM,UAAU,UAAU,CAAC,MAAyB,OAAO,CAAC,GAAG;IAC7D,OAAO,GAAG,CAAC,gBAAgB,IAAI,GAAG,CAAC,gBAAgB,CAAC,MAAM,GAAG,CAAC;QAC5D,CAAC,CAAC,GAAG,CAAC,gBAAgB;QACtB,CAAC,CAAC,QAAQ,CAAC;AACf,CAAC;AAED,MAAM,UAAU,SAAS,CACvB,KAAa,EACb,KAAc;IAEd,MAAM,IAAI,GAAG,CAAC,SAAS,EAAE,GAAG,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC;IAC/C,IAAI,KAAK,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC9B,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,KAAK,CAAC,CAAC;IAC9B,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,SAAS,UAAU,CAAC,CAAS;IAC3B,yEAAyE;IACzE,qEAAqE;IACrE,4BAA4B;IAC5B,OAAO,CAAC;SACL,KAAK,CAAC,UAAU,CAAC;SACjB,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;SACpB,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;AACjC,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,SAAS,CAC7B,MAAc,EACd,OAAyB,EAAE;IAE3B,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,IAAI,OAAO,CAAC,GAAG,CAAC;IACpC,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,IAAI,UAAU,CAAC,GAAG,CAAC,CAAC;IACxC,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,IAAI,YAAY,CAAC,GAAG,CAAC,CAAC;IAC9C,MAAM,IAAI,GAAG,SAAS,CAAC,KAAK,EAAE,IAAI,CAAC,KAAK,CAAC,CAAC;IAC1C,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,IAAI,OAAO,CAAC,MAAM,CAAC;IAC7C,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,IAAI,OAAO,CAAC,MAAM,CAAC;IAE7C,OAAO,IAAI,OAAO,CAAe,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;QACnD,IAAI,KAAK,CAAC;QACV,IAAI,CAAC;YACH,KAAK,GAAG,KAAK,CAAC,GAAG,EAAE,IAAI,EAAE;gBACvB,GAAG,EAAE,EAAE,GAAG,GAAG,EAAuB;gBACpC,KAAK,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC;aAChC,CAAC,CAAC;QACL,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,CACJ,IAAI,iBAAiB,CACnB,GAAG,EACH,GAAG,aAAa,qBAAqB,GAAG,KACtC,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CACjD,EAAE,CACH,CACF,CAAC;YACF,OAAO;QACT,CAAC;QAED,KAAK,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,GAAU,EAAE,EAAE;YAC/B,MAAM,CACJ,IAAI,iBAAiB,CACnB,GAAG,EACH,GAAG,aAAa,KAAK,GAAG,aAAa,GAAG,CAAC,OAAO,EAAE,CACnD,CACF,CAAC;QACJ,CAAC,CAAC,CAAC;QAEH,KAAK,CAAC,MAAM,EAAE,EAAE,CAAC,MAAM,EAAE,CAAC,KAAK,EAAE,EAAE,CAAC,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC;QACzD,KAAK,CAAC,MAAM,EAAE,EAAE,CAAC,MAAM,EAAE,CAAC,KAAK,EAAE,EAAE,CAAC,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC;QAEzD,KAAK,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,IAAI,EAAE,EAAE;YACzB,OAAO,CAAC,EAAE,QAAQ,EAAE,IAAI,IAAI,CAAC,CAAC,EAAE,CAAC,CAAC;QACpC,CAAC,CAAC,CAAC;QAEH,KAAK,CAAC,KAAK,EAAE,GAAG,CAAC,MAAM,CAAC,CAAC;IAC3B,CAAC,CAAC,CAAC;AACL,CAAC"}