@vigil-guard/vge-cc-guard 0.9.0-beta.1

package/dist/daemon/posttool-enforcement.js

@@ -0,0 +1,511 @@
+import * as crypto from 'crypto';
+import { DEFAULT_CONFIG } from '../shared/config-schema.js';
+import { canonicalizeKey } from './allowlist.js';
+import { routeResponse } from './confidence-router.js';
+import { getCurrentConfig, resolveToolPolicy } from './tool-policy.js';
+import { createSession, getSessionLookupContext, addResourceAllow, addResourceBlock, isResourceBlocked, transitionState, } from './session-state.js';
+import { scanToolOutput } from './vge-client.js';
+import { analysisAuditFields, resolveAnalysisSource } from './analysis-source.js';
+import { normalizeToolResponse } from './tool-response-normalizer.js';
+import { ResponseCache } from './response-cache.js';
+import { logPostToolKillTurn, logPostToolOutputScanFailedOpen, logPostToolOutputScanSkippedFailOpen, logToolOutputAnalyzed, logToolOutputEscalated, } from './audit-logger.js';
+import { buildConversationFromTranscript } from './conversation-context.js';
+import { conversationDecisionTimeoutMs } from './decision-timeout.js';
+import { describeVgeBlockReason, isExplicitVgeBlock } from './blocking-decision-triggers.js';
+import { createOrJoinBlockingDecision, waitForDecision, } from './decision-broker.js';
+import { createPostToolDecisionEscrow, renderActivePostToolDecisionForParentAgent, renderPostToolEscrowStopReason, } from './posttool-decision-escrow.js';
+import { consumePostToolAllowOnce, grantPostToolLocalFallbackAllowSession, isPostToolLocalFallbackAllowed, satisfyReadReplayFromToolInput, } from './posttool-decision-state.js';
+import { hasActivePreToolConversationDecision } from './pretool-decision-escrow.js';
+import { decisionOwnerFromHookPayload } from './decision-owner.js';
+import { debugLogger } from './debug-logger.js';
+import { recordPostToolScanFailure, recordPostToolScanSkipped } from './decision-metrics.js';
+import { isFailOpenEligibleVgeFailure } from './vge-scan-failure-policy.js';
+import { getPostToolBackpressureDecision, recordVgeOverloadFailure, recordVgeOverloadSuccess, releaseHalfOpenProbe, } from './vge-overload-backpressure.js';
+import { resourceLabelForPostToolPrompt, renderBlockedPostToolOutput, renderFramedPostToolOutput, renderQuarantinedPostToolOutput, } from './posttool-render.js';
+const responseCache = new ResponseCache();
+export function prunePostToolResponseCache() {
+    responseCache.prune();
+}
+function sleep(ms) {
+    return ms > 0 ? new Promise((resolve) => setTimeout(resolve, ms)) : Promise.resolve();
+}
+function branchScores(vgeResult) {
+    return {
+        heuristics: vgeResult.branches.heuristics?.score ?? 0,
+        semantic: vgeResult.branches.semantic?.score ?? 0,
+        llmGuard: vgeResult.branches.llmGuard?.score ?? 0,
+    };
+}
+function userBlockedResult() {
+    return {
+        decision: 'BLOCKED',
+        score: 0,
+        branches: {},
+        blockMessage: 'This tool output was previously blocked by user decision.',
+    };
+}
+function localPostToolScanFailureResult(reason) {
+    return {
+        decision: 'BLOCKED',
+        score: 0,
+        branches: {},
+        localFallbackReason: `posttool_scan_${reason}`,
+    };
+}
+function maybeSatisfyReadReplay(payload) {
+    if (payload.tool_name === 'Read') {
+        satisfyReadReplayFromToolInput(payload.session_id, payload.tool_input, decisionOwnerFromHookPayload(payload));
+    }
+}
+function warnAnalysisSourceIssue(payload, analysisSource) {
+    if (analysisSource.credentialPath === true) {
+        debugLogger().warn({
+            event: 'posttool_analysis_source_credential_path',
+            sessionId: payload.session_id,
+            toolName: payload.tool_name,
+            sourceKind: analysisSource.sourceKind,
+            sourcePath: analysisSource.sourcePath,
+        });
+    }
+    if (analysisSource.fallbackReason) {
+        debugLogger().warn({
+            event: 'posttool_analysis_source_fallback',
+            sessionId: payload.session_id,
+            toolName: payload.tool_name,
+            sourceKind: analysisSource.sourceKind,
+            fallbackReason: analysisSource.fallbackReason,
+        });
+    }
+}
+export async function enforcePostTool(payload) {
+    const owner = decisionOwnerFromHookPayload(payload);
+    const toolPolicy = resolveToolPolicy(payload.tool_name);
+    const contextBeforeCreate = getSessionLookupContext(payload.session_id);
+    const session = contextBeforeCreate.data ?? createSession(payload.session_id, null);
+    const context = contextBeforeCreate.data
+        ? contextBeforeCreate
+        : getSessionLookupContext(payload.session_id);
+    const resourceId = canonicalizeKey(payload.tool_name, payload.tool_input);
+    const userAllowlisted = session.allowlist.has(resourceId);
+    const allowlistEscalationId = session.allowlistEscalationIds.get(resourceId) ?? null;
+    const analysisSource = resolveAnalysisSource(payload);
+    warnAnalysisSourceIssue(payload, analysisSource);
+    const normalized = normalizeToolResponse(analysisSource.source, payload.tool_error);
+    const config = getCurrentConfig() ?? DEFAULT_CONFIG;
+    const isSubagentToolOutput = owner.kind === 'subagent' || context.isSubagent;
+    if (payload.tool_name === 'Agent') {
+        const pendingPostToolDecision = renderActivePostToolDecisionForParentAgent(payload.session_id);
+        if (pendingPostToolDecision) {
+            const stopReason = [
+                'VGE Agent Guard: a subagent has a pending VGE decision.',
+                'The parent Agent result is withheld until the decision is resolved.',
+                '',
+                pendingPostToolDecision,
+            ].join('\n');
+            logPostToolKillTurn({
+                sessionId: payload.session_id,
+                toolName: payload.tool_name,
+                resourceId,
+                routerOutcome: 'ESCALATE',
+                originalSizeBytes: normalized.contentBytes,
+                originalHash: normalized.contentHash,
+                synthesizedBy: 'policy_engine',
+                killReason: 'pending_subagent_decision',
+            });
+            return {
+                ccOutput: {
+                    continue: false,
+                    stopReason,
+                    hookSpecificOutput: { hookEventName: 'PostToolUse', additionalContext: stopReason },
+                },
+            };
+        }
+    }
+    if (isResourceBlocked(session, resourceId)) {
+        return {
+            ccOutput: renderBlockedPostToolOutput({
+                payload,
+                resourceId,
+                vgeResult: userBlockedResult(),
+                routerOutcome: 'ESCALATE',
+                originalSizeBytes: normalized.contentBytes,
+                originalHash: normalized.contentHash,
+                actionTaken: 'user_blocklist_redacted',
+                failReason: 'user_block',
+                analysisSource,
+            }),
+        };
+    }
+    if (!userAllowlisted &&
+        consumePostToolAllowOnce({
+            sessionId: payload.session_id,
+            owner,
+            toolName: payload.tool_name,
+            resourceId,
+            contentHash: normalized.contentHash,
+        })) {
+        maybeSatisfyReadReplay(payload);
+        return { ccOutput: null };
+    }
+    if (!toolPolicy.analyze_output) {
+        logToolOutputAnalyzed({
+            sessionId: payload.session_id,
+            toolName: payload.tool_name,
+            resourceId,
+            escalationId: allowlistEscalationId,
+            userAllowlisted: false,
+            routerOutcome: 'ALLOW',
+            enforcementTaken: 'none',
+            ...analysisAuditFields(analysisSource),
+        });
+        maybeSatisfyReadReplay(payload);
+        return { ccOutput: null };
+    }
+    const conversation = buildConversationFromTranscript(payload.transcript_path);
+    const cacheKey = `${resourceId}:sha256:${normalized.contentHash}`;
+    const cached = userAllowlisted ? null : responseCache.get(cacheKey);
+    let vgeResult = cached;
+    if (!cached) {
+        const canUseBackpressure = config.policy.vge_failure_mode.posttool_output === 'fail_open' &&
+            !(isSubagentToolOutput && config.policy.subagent_output_analysis === 'off');
+        const backpressure = canUseBackpressure
+            ? getPostToolBackpressureDecision({
+                stage: 'posttool_output',
+                toolName: payload.tool_name,
+                config: config.policy.vge_overload_backpressure.posttool_output,
+            })
+            : { kind: 'allow' };
+        if (backpressure.kind === 'skip') {
+            transitionState(payload.session_id, 'caution');
+            recordPostToolScanSkipped(backpressure.reason);
+            logPostToolOutputScanSkippedFailOpen({
+                sessionId: payload.session_id,
+                toolName: payload.tool_name,
+                resourceId,
+                skipReason: backpressure.reason,
+                cooldownRemainingMs: backpressure.cooldownRemainingMs,
+                triggerFailureReason: backpressure.triggerFailureReason,
+                triggerHttpStatus: backpressure.triggerHttpStatus,
+                originalHash: normalized.contentHash,
+                originalSizeBytes: normalized.contentBytes,
+            });
+            return { ccOutput: null };
+        }
+        const probeId = backpressure.kind === 'probe' ? backpressure.probeId : null;
+        if (backpressure.kind === 'probe')
+            await sleep(backpressure.halfOpenJitterMs);
+        const scan = await scanToolOutput(normalized.textToAnalyze, payload.tool_name, resourceId, payload.session_id, {
+            userAllowlisted,
+            toolInput: payload.tool_input,
+            toolResultContent: normalized.toolResultContent,
+            toolResultIsError: normalized.isError,
+            escalationId: allowlistEscalationId,
+            subagent: owner.kind === 'subagent' || context.isSubagent,
+            agentId: payload.agent_id,
+            agentType: payload.agent_type,
+            parentSessionId: context.parentSessionId,
+            conversation,
+        }).finally(() => {
+            if (probeId)
+                releaseHalfOpenProbe('posttool_output', probeId);
+        });
+        if (scan.result)
+            recordVgeOverloadSuccess('posttool_output');
+        if (!scan.result &&
+            scan.failureReason &&
+            config.policy.vge_failure_mode.posttool_output === 'fail_open' &&
+            isFailOpenEligibleVgeFailure({ failureReason: scan.failureReason, httpStatus: scan.httpStatus })) {
+            recordPostToolScanFailure(scan.failureReason, 'fail_open');
+            // ADR-0006: network and timeout failures fail open but do not open overload cooldown.
+            const cooldown = recordVgeOverloadFailure({
+                stage: 'posttool_output',
+                failure: {
+                    failureReason: scan.failureReason,
+                    httpStatus: scan.httpStatus,
+                    retryAfterMs: scan.retryAfterMs,
+                },
+                config: config.policy.vge_overload_backpressure.posttool_output,
+            });
+            transitionState(payload.session_id, 'caution');
+            logPostToolOutputScanFailedOpen({
+                sessionId: payload.session_id,
+                toolName: payload.tool_name,
+                resourceId,
+                failureReason: scan.failureReason,
+                httpStatus: scan.httpStatus,
+                elapsedMs: scan.elapsedMs,
+                localRequestId: scan.localRequestId,
+                attempt: scan.attempt,
+                retryAfterMs: scan.retryAfterMs,
+                ...(cooldown.cooldownStarted
+                    ? {
+                        cooldownStarted: true,
+                        cooldownMs: cooldown.cooldownMs,
+                        cooldownUntilMs: cooldown.cooldownUntilMs,
+                    }
+                    : { cooldownStarted: false }),
+            });
+            maybeSatisfyReadReplay(payload);
+            return { ccOutput: null };
+        }
+        vgeResult = scan.result ?? (scan.failureReason ? localPostToolScanFailureResult(scan.failureReason) : null);
+        if (scan.failureReason)
+            recordPostToolScanFailure(scan.failureReason);
+        if (scan.result && !userAllowlisted)
+            responseCache.set(cacheKey, scan.result);
+    }
+    if (!vgeResult) {
+        recordPostToolScanFailure('vge_error');
+        vgeResult = localPostToolScanFailureResult('vge_error');
+    }
+    const outcome = routeResponse(vgeResult);
+    if (vgeResult.localFallbackReason &&
+        isPostToolLocalFallbackAllowed({
+            sessionId: payload.session_id,
+            toolName: payload.tool_name,
+            reason: vgeResult.localFallbackReason,
+        })) {
+        logToolOutputAnalyzed({
+            sessionId: payload.session_id,
+            toolName: payload.tool_name,
+            resourceId,
+            escalationId: allowlistEscalationId,
+            userAllowlisted: true,
+            routerOutcome: outcome,
+            enforcementTaken: 'none',
+            ...analysisAuditFields(analysisSource),
+        });
+        maybeSatisfyReadReplay(payload);
+        return { ccOutput: null };
+    }
+    if (isSubagentToolOutput && config.policy.subagent_output_analysis === 'off') {
+        logToolOutputAnalyzed({
+            sessionId: payload.session_id,
+            toolName: payload.tool_name,
+            resourceId,
+            escalationId: allowlistEscalationId,
+            userAllowlisted,
+            routerOutcome: outcome,
+            enforcementTaken: 'none',
+            ...analysisAuditFields(analysisSource),
+        });
+        maybeSatisfyReadReplay(payload);
+        return { ccOutput: null };
+    }
+    if (userAllowlisted) {
+        logToolOutputAnalyzed({
+            sessionId: payload.session_id,
+            toolName: payload.tool_name,
+            resourceId,
+            escalationId: allowlistEscalationId,
+            userAllowlisted: true,
+            routerOutcome: outcome,
+            enforcementTaken: 'none',
+            ...analysisAuditFields(analysisSource),
+        });
+        maybeSatisfyReadReplay(payload);
+        return { ccOutput: null };
+    }
+    if (outcome === 'ALLOW') {
+        logToolOutputAnalyzed({
+            sessionId: payload.session_id,
+            toolName: payload.tool_name,
+            resourceId,
+            escalationId: allowlistEscalationId,
+            userAllowlisted: false,
+            routerOutcome: outcome,
+            enforcementTaken: 'none',
+            ...analysisAuditFields(analysisSource),
+        });
+        maybeSatisfyReadReplay(payload);
+        return { ccOutput: null };
+    }
+    if (outcome === 'HARD_TAINT' || outcome === 'SOFT_TAINT') {
+        transitionState(payload.session_id, outcome === 'HARD_TAINT' ? 'tainted' : 'caution');
+        logToolOutputAnalyzed({
+            sessionId: payload.session_id,
+            toolName: payload.tool_name,
+            resourceId,
+            escalationId: allowlistEscalationId,
+            userAllowlisted: false,
+            routerOutcome: outcome,
+            enforcementTaken: 'tainted',
+            ...analysisAuditFields(analysisSource),
+        });
+    }
+    if (isExplicitVgeBlock(vgeResult)) {
+        logToolOutputAnalyzed({
+            sessionId: payload.session_id,
+            toolName: payload.tool_name,
+            resourceId,
+            escalationId: allowlistEscalationId,
+            userAllowlisted: false,
+            routerOutcome: outcome,
+            enforcementTaken: 'escalated',
+            ...analysisAuditFields(analysisSource),
+        });
+        if (hasActivePreToolConversationDecision(payload.session_id)) {
+            return {
+                ccOutput: renderBlockedPostToolOutput({
+                    payload,
+                    resourceId,
+                    vgeResult,
+                    routerOutcome: outcome,
+                    originalSizeBytes: normalized.contentBytes,
+                    originalHash: normalized.contentHash,
+                    actionTaken: 'session_locked',
+                    failReason: 'session_locked',
+                    analysisSource,
+                }),
+            };
+        }
+        const created = createOrJoinBlockingDecision({
+            sessionId: payload.session_id,
+            owner,
+            kind: 'posttool_output',
+            toolName: payload.tool_name,
+            resourceId,
+            resourceLabel: resourceLabelForPostToolPrompt(payload, resourceId),
+            reason: describeVgeBlockReason(vgeResult),
+            vgeResult,
+            timeoutMs: conversationDecisionTimeoutMs(config),
+            resolverStaleMs: config.policy.resolver_heartbeat_stale_ms,
+        });
+        if (created.type === 'fail_closed' && created.reason === 'resolver_missing') {
+            const escrowDecision = createPostToolDecisionEscrow({
+                decision: created.decision,
+                toolName: payload.tool_name,
+                resourceId,
+                routerOutcome: outcome,
+                vgeResult,
+                contentBytes: normalized.contentBytes,
+                contentHash: normalized.contentHash,
+                toolInput: payload.tool_input,
+            });
+            const decisionPrompt = renderPostToolEscrowStopReason(escrowDecision);
+            return {
+                ccOutput: renderQuarantinedPostToolOutput({
+                    payload,
+                    resourceId,
+                    vgeResult,
+                    routerOutcome: outcome,
+                    originalSizeBytes: normalized.contentBytes,
+                    originalHash: normalized.contentHash,
+                    decisionPrompt,
+                    decisionExpiresAt: created.decision.expiresAt,
+                    analysisSource,
+                }),
+            };
+        }
+        if (created.type === 'fail_closed') {
+            return {
+                ccOutput: renderBlockedPostToolOutput({
+                    payload,
+                    resourceId,
+                    vgeResult,
+                    routerOutcome: outcome,
+                    originalSizeBytes: normalized.contentBytes,
+                    originalHash: normalized.contentHash,
+                    actionTaken: created.reason,
+                    failReason: created.reason,
+                    analysisSource,
+                }),
+            };
+        }
+        const resolved = await waitForDecision(created.decisionId);
+        if (resolved.choice === 'allow_once')
+            return { ccOutput: null };
+        if (resolved.choice === 'allow_session') {
+            if (vgeResult.localFallbackReason) {
+                grantPostToolLocalFallbackAllowSession({
+                    decisionId: created.decisionId,
+                    reason: vgeResult.localFallbackReason,
+                    sessionId: payload.session_id,
+                    toolName: payload.tool_name,
+                });
+            }
+            else {
+                addResourceAllow(payload.session_id, resourceId, created.decisionId);
+            }
+            return { ccOutput: null };
+        }
+        if (resolved.choice === 'block') {
+            addResourceBlock(payload.session_id, resourceId, created.decisionId);
+            return {
+                ccOutput: renderBlockedPostToolOutput({
+                    payload,
+                    resourceId,
+                    vgeResult,
+                    routerOutcome: outcome,
+                    originalSizeBytes: normalized.contentBytes,
+                    originalHash: normalized.contentHash,
+                    actionTaken: 'user_block',
+                    failReason: 'user_block',
+                    analysisSource,
+                }),
+            };
+        }
+        return {
+            ccOutput: renderBlockedPostToolOutput({
+                payload,
+                resourceId,
+                vgeResult,
+                routerOutcome: outcome,
+                originalSizeBytes: normalized.contentBytes,
+                originalHash: normalized.contentHash,
+                actionTaken: resolved.failClosedReason ?? 'terminal_without_choice',
+                failReason: resolved.failClosedReason ?? 'terminal_without_choice',
+                analysisSource,
+            }),
+        };
+    }
+    if (outcome === 'ESCALATE') {
+        const escalationId = `frame_${crypto.randomUUID()}`;
+        logToolOutputAnalyzed({
+            sessionId: payload.session_id,
+            toolName: payload.tool_name,
+            resourceId,
+            escalationId: allowlistEscalationId,
+            userAllowlisted: false,
+            routerOutcome: outcome,
+            enforcementTaken: 'escalated',
+            ...analysisAuditFields(analysisSource),
+        });
+        logToolOutputEscalated({
+            escalationId,
+            sessionId: payload.session_id,
+            toolName: payload.tool_name,
+            resourceId,
+            analysisId: vgeResult.id ?? null,
+            branches: branchScores(vgeResult),
+            routerOutcome: outcome,
+        });
+    }
+    if (outcome === 'HARD_TAINT') {
+        return {
+            ccOutput: renderBlockedPostToolOutput({
+                payload,
+                resourceId,
+                vgeResult,
+                routerOutcome: outcome,
+                originalSizeBytes: normalized.contentBytes,
+                originalHash: normalized.contentHash,
+                actionTaken: 'hard_taint_redacted',
+                failReason: 'user_block',
+                analysisSource,
+            }),
+        };
+    }
+    return {
+        ccOutput: renderFramedPostToolOutput({
+            payload,
+            resourceId,
+            vgeResult,
+            routerOutcome: outcome,
+            originalSizeBytes: normalized.contentBytes,
+            originalHash: normalized.contentHash,
+            analysisSource,
+        }),
+    };
+}
+//# sourceMappingURL=posttool-enforcement.js.map

package/dist/daemon/posttool-enforcement.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"posttool-enforcement.js","sourceRoot":"","sources":["../../src/daemon/posttool-enforcement.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,MAAM,MAAM,QAAQ,CAAC;AAEjC,OAAO,EAAE,cAAc,EAAE,MAAM,4BAA4B,CAAC;AAC5D,OAAO,EAAE,eAAe,EAAE,MAAM,gBAAgB,CAAC;AACjD,OAAO,EAAE,aAAa,EAAE,MAAM,wBAAwB,CAAC;AACvD,OAAO,EAAE,gBAAgB,EAAE,iBAAiB,EAAE,MAAM,kBAAkB,CAAC;AACvE,OAAO,EACL,aAAa,EACb,uBAAuB,EACvB,gBAAgB,EAChB,gBAAgB,EAChB,iBAAiB,EACjB,eAAe,GAChB,MAAM,oBAAoB,CAAC;AAC5B,OAAO,EAAE,cAAc,EAAoC,MAAM,iBAAiB,CAAC;AACnF,OAAO,EAAE,mBAAmB,EAAE,qBAAqB,EAA+B,MAAM,sBAAsB,CAAC;AAC/G,OAAO,EAAE,qBAAqB,EAAE,MAAM,+BAA+B,CAAC;AACtE,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AACpD,OAAO,EACL,mBAAmB,EACnB,+BAA+B,EAC/B,oCAAoC,EACpC,qBAAqB,EACrB,sBAAsB,GACvB,MAAM,mBAAmB,CAAC;AAC3B,OAAO,EAAE,+BAA+B,EAAE,MAAM,2BAA2B,CAAC;AAC5E,OAAO,EAAE,6BAA6B,EAAE,MAAM,uBAAuB,CAAC;AACtE,OAAO,EAAE,sBAAsB,EAAE,kBAAkB,EAAE,MAAM,iCAAiC,CAAC;AAC7F,OAAO,EACL,4BAA4B,EAC5B,eAAe,GAChB,MAAM,sBAAsB,CAAC;AAC9B,OAAO,EACL,4BAA4B,EAC5B,0CAA0C,EAC1C,8BAA8B,GAC/B,MAAM,+BAA+B,CAAC;AACvC,OAAO,EACL,wBAAwB,EACxB,sCAAsC,EACtC,8BAA8B,EAC9B,8BAA8B,GAC/B,MAAM,8BAA8B,CAAC;AACtC,OAAO,EAAE,oCAAoC,EAAE,MAAM,8BAA8B,CAAC;AACpF,OAAO,EAAE,4BAA4B,EAAE,MAAM,qBAAqB,CAAC;AACnE,OAAO,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAChD,OAAO,EAAE,yBAAyB,EAAE,yBAAyB,EAAE,MAAM,uBAAuB,CAAC;AAC7F,OAAO,EAAE,4BAA4B,EAAE,MAAM,8BAA8B,CAAC;AAC5E,OAAO,EACL,+BAA+B,EAC/B,wBAAwB,EACxB,wBAAwB,EACxB,oBAAoB,GACrB,MAAM,gCAAgC,CAAC;AACxC,OAAO,EACL,8BAA8B,EAC9B,2BAA2B,EAC3B,0BAA0B,EAC1B,+BAA+B,GAChC,MAAM,sBAAsB,CAAC;AAE9B,MAAM,aAAa,GAAG,IAAI,aAAa,EAAE,CAAC;AAM1C,MAAM,UAAU,0BAA0B;IACxC,aAAa,CAAC,KAAK,EAAE,CAAC;AACxB,CAAC;AAED,SAAS,KAAK,CAAC,EAAU;IACvB,OAAO,EAAE,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,UAAU,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,OAAO,EAAE,CAAC;AACxF,CAAC;AAED,SAAS,YAAY,CAAC,SAA8B;IAClD,OAAO;QACL,UAAU,EAAE,SAAS,CAAC,QAAQ,CAAC,UAAU,EAAE,KAAK,IAAI,CAAC;QACrD,QAAQ,EAAE,SAAS,CAAC,QAAQ,CAAC,QAAQ,EAAE,KAAK,IAAI,CAAC;QACjD,QAAQ,EAAE,SAAS,CAAC,QAAQ,CAAC,QAAQ,EAAE,KAAK,IAAI,CAAC;KAClD,CAAC;AACJ,CAAC;AAED,SAAS,iBAAiB;IACxB,OAAO;QACL,QAAQ,EAAE,SAAS;QACnB,KAAK,EAAE,CAAC;QACR,QAAQ,EAAE,EAAE;QACZ,YAAY,EAAE,2DAA2D;KAC1E,CAAC;AACJ,CAAC;AAED,SAAS,8BAA8B,CAAC,MAAmC;IACzE,OAAO;QACL,QAAQ,EAAE,SAAS;QACnB,KAAK,EAAE,CAAC;QACR,QAAQ,EAAE,EAAE;QACZ,mBAAmB,EAAE,iBAAiB,MAAM,EAAE;KAC/C,CAAC;AACJ,CAAC;AAED,SAAS,sBAAsB,CAAC,OAA0B;IACxD,IAAI,OAAO,CAAC,SAAS,KAAK,MAAM,EAAE,CAAC;QACjC,8BAA8B,CAAC,OAAO,CAAC,UAAU,EAAE,OAAO,CAAC,UAAU,EAAE,4BAA4B,CAAC,OAAO,CAAC,CAAC,CAAC;IAChH,CAAC;AACH,CAAC;AAED,SAAS,uBAAuB,CAAC,OAA0B,EAAE,cAAsC;IACjG,IAAI,cAAc,CAAC,cAAc,KAAK,IAAI,EAAE,CAAC;QAC3C,WAAW,EAAE,CAAC,IAAI,CAAC;YACjB,KAAK,EAAE,0CAA0C;YACjD,SAAS,EAAE,OAAO,CAAC,UAAU;YAC7B,QAAQ,EAAE,OAAO,CAAC,SAAS;YAC3B,UAAU,EAAE,cAAc,CAAC,UAAU;YACrC,UAAU,EAAE,cAAc,CAAC,UAAU;SACtC,CAAC,CAAC;IACL,CAAC;IAED,IAAI,cAAc,CAAC,cAAc,EAAE,CAAC;QAClC,WAAW,EAAE,CAAC,IAAI,CAAC;YACjB,KAAK,EAAE,mCAAmC;YAC1C,SAAS,EAAE,OAAO,CAAC,UAAU;YAC7B,QAAQ,EAAE,OAAO,CAAC,SAAS;YAC3B,UAAU,EAAE,cAAc,CAAC,UAAU;YACrC,cAAc,EAAE,cAAc,CAAC,cAAc;SAC9C,CAAC,CAAC;IACL,CAAC;AACH,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,eAAe,CAAC,OAA0B;IAC9D,MAAM,KAAK,GAAG,4BAA4B,CAAC,OAAO,CAAC,CAAC;IACpD,MAAM,UAAU,GAAG,iBAAiB,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;IACxD,MAAM,mBAAmB,GAAG,uBAAuB,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;IACxE,MAAM,OAAO,GAAG,mBAAmB,CAAC,IAAI,IAAI,aAAa,CAAC,OAAO,CAAC,UAAU,EAAE,IAAI,CAAC,CAAC;IACpF,MAAM,OAAO,GAAG,mBAAmB,CAAC,IAAI;QACtC,CAAC,CAAC,mBAAmB;QACrB,CAAC,CAAC,uBAAuB,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;IAChD,MAAM,UAAU,GAAG,eAAe,CAAC,OAAO,CAAC,SAAS,EAAE,OAAO,CAAC,UAAU,CAAC,CAAC;IAC1E,MAAM,eAAe,GAAG,OAAO,CAAC,SAAS,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;IAC1D,MAAM,qBAAqB,GAAG,OAAO,CAAC,sBAAsB,CAAC,GAAG,CAAC,UAAU,CAAC,IAAI,IAAI,CAAC;IACrF,MAAM,cAAc,GAAG,qBAAqB,CAAC,OAAO,CAAC,CAAC;IACtD,uBAAuB,CAAC,OAAO,EAAE,cAAc,CAAC,CAAC;IACjD,MAAM,UAAU,GAAG,qBAAqB,CAAC,cAAc,CAAC,MAAM,EAAE,OAAO,CAAC,UAAU,CAAC,CAAC;IACpF,MAAM,MAAM,GAAG,gBAAgB,EAAE,IAAI,cAAc,CAAC;IACpD,MAAM,oBAAoB,GAAG,KAAK,CAAC,IAAI,KAAK,UAAU,IAAI,OAAO,CAAC,UAAU,CAAC;IAE7E,IAAI,OAAO,CAAC,SAAS,KAAK,OAAO,EAAE,CAAC;QAClC,MAAM,uBAAuB,GAAG,0CAA0C,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;QAC/F,IAAI,uBAAuB,EAAE,CAAC;YAC5B,MAAM,UAAU,GAAG;gBACjB,yDAAyD;gBACzD,qEAAqE;gBACrE,EAAE;gBACF,uBAAuB;aACxB,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACb,mBAAmB,CAAC;gBAClB,SAAS,EAAE,OAAO,CAAC,UAAU;gBAC7B,QAAQ,EAAE,OAAO,CAAC,SAAS;gBAC3B,UAAU;gBACV,aAAa,EAAE,UAAU;gBACzB,iBAAiB,EAAE,UAAU,CAAC,YAAY;gBAC1C,YAAY,EAAE,UAAU,CAAC,WAAW;gBACpC,aAAa,EAAE,eAAe;gBAC9B,UAAU,EAAE,2BAA2B;aACxC,CAAC,CAAC;YACH,OAAO;gBACL,QAAQ,EAAE;oBACR,QAAQ,EAAE,KAAK;oBACf,UAAU;oBACV,kBAAkB,EAAE,EAAE,aAAa,EAAE,aAAa,EAAE,iBAAiB,EAAE,UAAU,EAAE;iBACpF;aACF,CAAC;QACJ,CAAC;IACH,CAAC;IAED,IAAI,iBAAiB,CAAC,OAAO,EAAE,UAAU,CAAC,EAAE,CAAC;QAC3C,OAAO;YACL,QAAQ,EAAE,2BAA2B,CAAC;gBACpC,OAAO;gBACP,UAAU;gBACV,SAAS,EAAE,iBAAiB,EAAE;gBAC9B,aAAa,EAAE,UAAU;gBACzB,iBAAiB,EAAE,UAAU,CAAC,YAAY;gBAC1C,YAAY,EAAE,UAAU,CAAC,WAAW;gBACpC,WAAW,EAAE,yBAAyB;gBACtC,UAAU,EAAE,YAAY;gBACxB,cAAc;aACf,CAAC;SACH,CAAC;IACJ,CAAC;IAED,IACE,CAAC,eAAe;QAChB,wBAAwB,CAAC;YACvB,SAAS,EAAE,OAAO,CAAC,UAAU;YAC7B,KAAK;YACL,QAAQ,EAAE,OAAO,CAAC,SAAS;YAC3B,UAAU;YACV,WAAW,EAAE,UAAU,CAAC,WAAW;SACpC,CAAC,EACF,CAAC;QACD,sBAAsB,CAAC,OAAO,CAAC,CAAC;QAChC,OAAO,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;IAC5B,CAAC;IAED,IAAI,CAAC,UAAU,CAAC,cAAc,EAAE,CAAC;QAC/B,qBAAqB,CAAC;YACpB,SAAS,EAAE,OAAO,CAAC,UAAU;YAC7B,QAAQ,EAAE,OAAO,CAAC,SAAS;YAC3B,UAAU;YACV,YAAY,EAAE,qBAAqB;YACnC,eAAe,EAAE,KAAK;YACtB,aAAa,EAAE,OAAO;YACtB,gBAAgB,EAAE,MAAM;YACxB,GAAG,mBAAmB,CAAC,cAAc,CAAC;SACvC,CAAC,CAAC;QACH,sBAAsB,CAAC,OAAO,CAAC,CAAC;QAChC,OAAO,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;IAC5B,CAAC;IAED,MAAM,YAAY,GAAG,+BAA+B,CAAC,OAAO,CAAC,eAAe,CAAC,CAAC;IAC9E,MAAM,QAAQ,GAAG,GAAG,UAAU,WAAW,UAAU,CAAC,WAAW,EAAE,CAAC;IAClE,MAAM,MAAM,GAAG,eAAe,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,aAAa,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;IACpE,IAAI,SAAS,GAAG,MAAM,CAAC;IACvB,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,MAAM,kBAAkB,GACtB,MAAM,CAAC,MAAM,CAAC,gBAAgB,CAAC,eAAe,KAAK,WAAW;YAC9D,CAAC,CAAC,oBAAoB,IAAI,MAAM,CAAC,MAAM,CAAC,wBAAwB,KAAK,KAAK,CAAC,CAAC;QAC9E,MAAM,YAAY,GAAG,kBAAkB;YACrC,CAAC,CAAC,+BAA+B,CAAC;gBAC9B,KAAK,EAAE,iBAAiB;gBACxB,QAAQ,EAAE,OAAO,CAAC,SAAS;gBAC3B,MAAM,EAAE,MAAM,CAAC,MAAM,CAAC,yBAAyB,CAAC,eAAe;aAChE,CAAC;YACJ,CAAC,CAAC,EAAE,IAAI,EAAE,OAAgB,EAAE,CAAC;QAE/B,IAAI,YAAY,CAAC,IAAI,KAAK,MAAM,EAAE,CAAC;YACjC,eAAe,CAAC,OAAO,CAAC,UAAU,EAAE,SAAS,CAAC,CAAC;YAC/C,yBAAyB,CAAC,YAAY,CAAC,MAAM,CAAC,CAAC;YAC/C,oCAAoC,CAAC;gBACnC,SAAS,EAAE,OAAO,CAAC,UAAU;gBAC7B,QAAQ,EAAE,OAAO,CAAC,SAAS;gBAC3B,UAAU;gBACV,UAAU,EAAE,YAAY,CAAC,MAAM;gBAC/B,mBAAmB,EAAE,YAAY,CAAC,mBAAmB;gBACrD,oBAAoB,EAAE,YAAY,CAAC,oBAAoB;gBACvD,iBAAiB,EAAE,YAAY,CAAC,iBAAiB;gBACjD,YAAY,EAAE,UAAU,CAAC,WAAW;gBACpC,iBAAiB,EAAE,UAAU,CAAC,YAAY;aAC3C,CAAC,CAAC;YACH,OAAO,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;QAC5B,CAAC;QAED,MAAM,OAAO,GAAG,YAAY,CAAC,IAAI,KAAK,OAAO,CAAC,CAAC,CAAC,YAAY,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC;QAC5E,IAAI,YAAY,CAAC,IAAI,KAAK,OAAO;YAAE,MAAM,KAAK,CAAC,YAAY,CAAC,gBAAgB,CAAC,CAAC;QAE9E,MAAM,IAAI,GAAG,MAAM,cAAc,CAC/B,UAAU,CAAC,aAAa,EACxB,OAAO,CAAC,SAAS,EACjB,UAAU,EACV,OAAO,CAAC,UAAU,EAClB;YACE,eAAe;YACf,SAAS,EAAE,OAAO,CAAC,UAAU;YAC7B,iBAAiB,EAAE,UAAU,CAAC,iBAAiB;YAC/C,iBAAiB,EAAE,UAAU,CAAC,OAAO;YACrC,YAAY,EAAE,qBAAqB;YACnC,QAAQ,EAAE,KAAK,CAAC,IAAI,KAAK,UAAU,IAAI,OAAO,CAAC,UAAU;YACzD,OAAO,EAAE,OAAO,CAAC,QAAQ;YACzB,SAAS,EAAE,OAAO,CAAC,UAAU;YAC7B,eAAe,EAAE,OAAO,CAAC,eAAe;YACxC,YAAY;SACb,CACF,CAAC,OAAO,CAAC,GAAG,EAAE;YACb,IAAI,OAAO;gBAAE,oBAAoB,CAAC,iBAAiB,EAAE,OAAO,CAAC,CAAC;QAChE,CAAC,CAAC,CAAC;QACH,IAAI,IAAI,CAAC,MAAM;YAAE,wBAAwB,CAAC,iBAAiB,CAAC,CAAC;QAC7D,IACE,CAAC,IAAI,CAAC,MAAM;YACZ,IAAI,CAAC,aAAa;YAClB,MAAM,CAAC,MAAM,CAAC,gBAAgB,CAAC,eAAe,KAAK,WAAW;YAC9D,4BAA4B,CAAC,EAAE,aAAa,EAAE,IAAI,CAAC,aAAa,EAAE,UAAU,EAAE,IAAI,CAAC,UAAU,EAAE,CAAC,EAChG,CAAC;YACD,yBAAyB,CAAC,IAAI,CAAC,aAAa,EAAE,WAAW,CAAC,CAAC;YAC3D,sFAAsF;YACtF,MAAM,QAAQ,GAAG,wBAAwB,CAAC;gBACxC,KAAK,EAAE,iBAAiB;gBACxB,OAAO,EAAE;oBACP,aAAa,EAAE,IAAI,CAAC,aAAa;oBACjC,UAAU,EAAE,IAAI,CAAC,UAAU;oBAC3B,YAAY,EAAE,IAAI,CAAC,YAAY;iBAChC;gBACD,MAAM,EAAE,MAAM,CAAC,MAAM,CAAC,yBAAyB,CAAC,eAAe;aAChE,CAAC,CAAC;YACH,eAAe,CAAC,OAAO,CAAC,UAAU,EAAE,SAAS,CAAC,CAAC;YAC/C,+BAA+B,CAAC;gBAC9B,SAAS,EAAE,OAAO,CAAC,UAAU;gBAC7B,QAAQ,EAAE,OAAO,CAAC,SAAS;gBAC3B,UAAU;gBACV,aAAa,EAAE,IAAI,CAAC,aAAa;gBACjC,UAAU,EAAE,IAAI,CAAC,UAAU;gBAC3B,SAAS,EAAE,IAAI,CAAC,SAAS;gBACzB,cAAc,EAAE,IAAI,CAAC,cAAc;gBACnC,OAAO,EAAE,IAAI,CAAC,OAAO;gBACrB,YAAY,EAAE,IAAI,CAAC,YAAY;gBAC/B,GAAG,CAAC,QAAQ,CAAC,eAAe;oBAC1B,CAAC,CAAC;wBACE,eAAe,EAAE,IAAI;wBACrB,UAAU,EAAE,QAAQ,CAAC,UAAU;wBAC/B,eAAe,EAAE,QAAQ,CAAC,eAAe;qBAC1C;oBACH,CAAC,CAAC,EAAE,eAAe,EAAE,KAAK,EAAE,CAAC;aAChC,CAAC,CAAC;YACH,sBAAsB,CAAC,OAAO,CAAC,CAAC;YAChC,OAAO,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;QAC5B,CAAC;QACD,SAAS,GAAG,IAAI,CAAC,MAAM,IAAI,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC,CAAC,8BAA8B,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;QAC5G,IAAI,IAAI,CAAC,aAAa;YAAE,yBAAyB,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;QACtE,IAAI,IAAI,CAAC,MAAM,IAAI,CAAC,eAAe;YAAE,aAAa,CAAC,GAAG,CAAC,QAAQ,EAAE,IAAI,CAAC,MAAM,CAAC,CAAC;IAChF,CAAC;IAED,IAAI,CAAC,SAAS,EAAE,CAAC;QACf,yBAAyB,CAAC,WAAW,CAAC,CAAC;QACvC,SAAS,GAAG,8BAA8B,CAAC,WAAW,CAAC,CAAC;IAC1D,CAAC;IAED,MAAM,OAAO,GAAG,aAAa,CAAC,SAAS,CAAC,CAAC;IAEzC,IACE,SAAS,CAAC,mBAAmB;QAC7B,8BAA8B,CAAC;YAC7B,SAAS,EAAE,OAAO,CAAC,UAAU;YAC7B,QAAQ,EAAE,OAAO,CAAC,SAAS;YAC3B,MAAM,EAAE,SAAS,CAAC,mBAAmB;SACtC,CAAC,EACF,CAAC;QACD,qBAAqB,CAAC;YACpB,SAAS,EAAE,OAAO,CAAC,UAAU;YAC7B,QAAQ,EAAE,OAAO,CAAC,SAAS;YAC3B,UAAU;YACV,YAAY,EAAE,qBAAqB;YACnC,eAAe,EAAE,IAAI;YACrB,aAAa,EAAE,OAAO;YACtB,gBAAgB,EAAE,MAAM;YACxB,GAAG,mBAAmB,CAAC,cAAc,CAAC;SACvC,CAAC,CAAC;QACH,sBAAsB,CAAC,OAAO,CAAC,CAAC;QAChC,OAAO,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;IAC5B,CAAC;IAED,IAAI,oBAAoB,IAAI,MAAM,CAAC,MAAM,CAAC,wBAAwB,KAAK,KAAK,EAAE,CAAC;QAC7E,qBAAqB,CAAC;YACpB,SAAS,EAAE,OAAO,CAAC,UAAU;YAC7B,QAAQ,EAAE,OAAO,CAAC,SAAS;YAC3B,UAAU;YACV,YAAY,EAAE,qBAAqB;YACnC,eAAe;YACf,aAAa,EAAE,OAAO;YACtB,gBAAgB,EAAE,MAAM;YACxB,GAAG,mBAAmB,CAAC,cAAc,CAAC;SACvC,CAAC,CAAC;QACH,sBAAsB,CAAC,OAAO,CAAC,CAAC;QAChC,OAAO,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;IAC5B,CAAC;IAED,IAAI,eAAe,EAAE,CAAC;QACpB,qBAAqB,CAAC;YACpB,SAAS,EAAE,OAAO,CAAC,UAAU;YAC7B,QAAQ,EAAE,OAAO,CAAC,SAAS;YAC3B,UAAU;YACV,YAAY,EAAE,qBAAqB;YACnC,eAAe,EAAE,IAAI;YACrB,aAAa,EAAE,OAAO;YACtB,gBAAgB,EAAE,MAAM;YACxB,GAAG,mBAAmB,CAAC,cAAc,CAAC;SACvC,CAAC,CAAC;QACH,sBAAsB,CAAC,OAAO,CAAC,CAAC;QAChC,OAAO,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;IAC5B,CAAC;IAED,IAAI,OAAO,KAAK,OAAO,EAAE,CAAC;QACxB,qBAAqB,CAAC;YACpB,SAAS,EAAE,OAAO,CAAC,UAAU;YAC7B,QAAQ,EAAE,OAAO,CAAC,SAAS;YAC3B,UAAU;YACV,YAAY,EAAE,qBAAqB;YACnC,eAAe,EAAE,KAAK;YACtB,aAAa,EAAE,OAAO;YACtB,gBAAgB,EAAE,MAAM;YACxB,GAAG,mBAAmB,CAAC,cAAc,CAAC;SACvC,CAAC,CAAC;QACH,sBAAsB,CAAC,OAAO,CAAC,CAAC;QAChC,OAAO,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;IAC5B,CAAC;IAED,IAAI,OAAO,KAAK,YAAY,IAAI,OAAO,KAAK,YAAY,EAAE,CAAC;QACzD,eAAe,CAAC,OAAO,CAAC,UAAU,EAAE,OAAO,KAAK,YAAY,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC;QACtF,qBAAqB,CAAC;YACpB,SAAS,EAAE,OAAO,CAAC,UAAU;YAC7B,QAAQ,EAAE,OAAO,CAAC,SAAS;YAC3B,UAAU;YACV,YAAY,EAAE,qBAAqB;YACnC,eAAe,EAAE,KAAK;YACtB,aAAa,EAAE,OAAO;YACtB,gBAAgB,EAAE,SAAS;YAC3B,GAAG,mBAAmB,CAAC,cAAc,CAAC;SACvC,CAAC,CAAC;IACL,CAAC;IAED,IAAI,kBAAkB,CAAC,SAAS,CAAC,EAAE,CAAC;QAClC,qBAAqB,CAAC;YACpB,SAAS,EAAE,OAAO,CAAC,UAAU;YAC7B,QAAQ,EAAE,OAAO,CAAC,SAAS;YAC3B,UAAU;YACV,YAAY,EAAE,qBAAqB;YACnC,eAAe,EAAE,KAAK;YACtB,aAAa,EAAE,OAAO;YACtB,gBAAgB,EAAE,WAAW;YAC7B,GAAG,mBAAmB,CAAC,cAAc,CAAC;SACvC,CAAC,CAAC;QAEH,IAAI,oCAAoC,CAAC,OAAO,CAAC,UAAU,CAAC,EAAE,CAAC;YAC7D,OAAO;gBACL,QAAQ,EAAE,2BAA2B,CAAC;oBACpC,OAAO;oBACP,UAAU;oBACV,SAAS;oBACT,aAAa,EAAE,OAAO;oBACtB,iBAAiB,EAAE,UAAU,CAAC,YAAY;oBAC1C,YAAY,EAAE,UAAU,CAAC,WAAW;oBACpC,WAAW,EAAE,gBAAgB;oBAC7B,UAAU,EAAE,gBAAgB;oBAC5B,cAAc;iBACf,CAAC;aACH,CAAC;QACJ,CAAC;QAED,MAAM,OAAO,GAAG,4BAA4B,CAAC;YAC3C,SAAS,EAAE,OAAO,CAAC,UAAU;YAC7B,KAAK;YACL,IAAI,EAAE,iBAAiB;YACvB,QAAQ,EAAE,OAAO,CAAC,SAAS;YAC3B,UAAU;YACV,aAAa,EAAE,8BAA8B,CAAC,OAAO,EAAE,UAAU,CAAC;YAClE,MAAM,EAAE,sBAAsB,CAAC,SAAS,CAAC;YACzC,SAAS;YACT,SAAS,EAAE,6BAA6B,CAAC,MAAM,CAAC;YAChD,eAAe,EAAE,MAAM,CAAC,MAAM,CAAC,2BAA2B;SAC3D,CAAC,CAAC;QAEH,IAAI,OAAO,CAAC,IAAI,KAAK,aAAa,IAAI,OAAO,CAAC,MAAM,KAAK,kBAAkB,EAAE,CAAC;YAC5E,MAAM,cAAc,GAAG,4BAA4B,CAAC;gBAClD,QAAQ,EAAE,OAAO,CAAC,QAAQ;gBAC1B,QAAQ,EAAE,OAAO,CAAC,SAAS;gBAC3B,UAAU;gBACV,aAAa,EAAE,OAAO;gBACtB,SAAS;gBACT,YAAY,EAAE,UAAU,CAAC,YAAY;gBACrC,WAAW,EAAE,UAAU,CAAC,WAAW;gBACnC,SAAS,EAAE,OAAO,CAAC,UAAU;aAC9B,CAAC,CAAC;YACH,MAAM,cAAc,GAAG,8BAA8B,CAAC,cAAc,CAAC,CAAC;YACtE,OAAO;gBACL,QAAQ,EAAE,+BAA+B,CAAC;oBACxC,OAAO;oBACP,UAAU;oBACV,SAAS;oBACT,aAAa,EAAE,OAAO;oBACtB,iBAAiB,EAAE,UAAU,CAAC,YAAY;oBAC1C,YAAY,EAAE,UAAU,CAAC,WAAW;oBACpC,cAAc;oBACd,iBAAiB,EAAE,OAAO,CAAC,QAAQ,CAAC,SAAS;oBAC7C,cAAc;iBACf,CAAC;aACH,CAAC;QACJ,CAAC;QAED,IAAI,OAAO,CAAC,IAAI,KAAK,aAAa,EAAE,CAAC;YACnC,OAAO;gBACL,QAAQ,EAAE,2BAA2B,CAAC;oBACpC,OAAO;oBACP,UAAU;oBACV,SAAS;oBACT,aAAa,EAAE,OAAO;oBACtB,iBAAiB,EAAE,UAAU,CAAC,YAAY;oBAC1C,YAAY,EAAE,UAAU,CAAC,WAAW;oBACpC,WAAW,EAAE,OAAO,CAAC,MAAM;oBAC3B,UAAU,EAAE,OAAO,CAAC,MAAM;oBAC1B,cAAc;iBACf,CAAC;aACH,CAAC;QACJ,CAAC;QAED,MAAM,QAAQ,GAAG,MAAM,eAAe,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;QAC3D,IAAI,QAAQ,CAAC,MAAM,KAAK,YAAY;YAAE,OAAO,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;QAChE,IAAI,QAAQ,CAAC,MAAM,KAAK,eAAe,EAAE,CAAC;YACxC,IAAI,SAAS,CAAC,mBAAmB,EAAE,CAAC;gBAClC,sCAAsC,CAAC;oBACrC,UAAU,EAAE,OAAO,CAAC,UAAU;oBAC9B,MAAM,EAAE,SAAS,CAAC,mBAAmB;oBACrC,SAAS,EAAE,OAAO,CAAC,UAAU;oBAC7B,QAAQ,EAAE,OAAO,CAAC,SAAS;iBAC5B,CAAC,CAAC;YACL,CAAC;iBAAM,CAAC;gBACN,gBAAgB,CAAC,OAAO,CAAC,UAAU,EAAE,UAAU,EAAE,OAAO,CAAC,UAAU,CAAC,CAAC;YACvE,CAAC;YACD,OAAO,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;QAC5B,CAAC;QACD,IAAI,QAAQ,CAAC,MAAM,KAAK,OAAO,EAAE,CAAC;YAChC,gBAAgB,CAAC,OAAO,CAAC,UAAU,EAAE,UAAU,EAAE,OAAO,CAAC,UAAU,CAAC,CAAC;YACrE,OAAO;gBACL,QAAQ,EAAE,2BAA2B,CAAC;oBACpC,OAAO;oBACP,UAAU;oBACV,SAAS;oBACT,aAAa,EAAE,OAAO;oBACtB,iBAAiB,EAAE,UAAU,CAAC,YAAY;oBAC1C,YAAY,EAAE,UAAU,CAAC,WAAW;oBACpC,WAAW,EAAE,YAAY;oBACzB,UAAU,EAAE,YAAY;oBACxB,cAAc;iBACf,CAAC;aACH,CAAC;QACJ,CAAC;QACD,OAAO;YACL,QAAQ,EAAE,2BAA2B,CAAC;gBACpC,OAAO;gBACP,UAAU;gBACV,SAAS;gBACT,aAAa,EAAE,OAAO;gBACtB,iBAAiB,EAAE,UAAU,CAAC,YAAY;gBAC1C,YAAY,EAAE,UAAU,CAAC,WAAW;gBACpC,WAAW,EAAE,QAAQ,CAAC,gBAAgB,IAAI,yBAAyB;gBACnE,UAAU,EAAE,QAAQ,CAAC,gBAAgB,IAAI,yBAAyB;gBAClE,cAAc;aACf,CAAC;SACH,CAAC;IACJ,CAAC;IAED,IAAI,OAAO,KAAK,UAAU,EAAE,CAAC;QAC3B,MAAM,YAAY,GAAG,SAAS,MAAM,CAAC,UAAU,EAAE,EAAE,CAAC;QACpD,qBAAqB,CAAC;YACpB,SAAS,EAAE,OAAO,CAAC,UAAU;YAC7B,QAAQ,EAAE,OAAO,CAAC,SAAS;YAC3B,UAAU;YACV,YAAY,EAAE,qBAAqB;YACnC,eAAe,EAAE,KAAK;YACtB,aAAa,EAAE,OAAO;YACtB,gBAAgB,EAAE,WAAW;YAC7B,GAAG,mBAAmB,CAAC,cAAc,CAAC;SACvC,CAAC,CAAC;QACH,sBAAsB,CAAC;YACrB,YAAY;YACZ,SAAS,EAAE,OAAO,CAAC,UAAU;YAC7B,QAAQ,EAAE,OAAO,CAAC,SAAS;YAC3B,UAAU;YACV,UAAU,EAAE,SAAS,CAAC,EAAE,IAAI,IAAI;YAChC,QAAQ,EAAE,YAAY,CAAC,SAAS,CAAC;YACjC,aAAa,EAAE,OAAO;SACvB,CAAC,CAAC;IACL,CAAC;IAED,IAAI,OAAO,KAAK,YAAY,EAAE,CAAC;QAC7B,OAAO;YACL,QAAQ,EAAE,2BAA2B,CAAC;gBACpC,OAAO;gBACP,UAAU;gBACV,SAAS;gBACT,aAAa,EAAE,OAAO;gBACtB,iBAAiB,EAAE,UAAU,CAAC,YAAY;gBAC1C,YAAY,EAAE,UAAU,CAAC,WAAW;gBACpC,WAAW,EAAE,qBAAqB;gBAClC,UAAU,EAAE,YAAY;gBACxB,cAAc;aACf,CAAC;SACH,CAAC;IACJ,CAAC;IAED,OAAO;QACL,QAAQ,EAAE,0BAA0B,CAAC;YACnC,OAAO;YACP,UAAU;YACV,SAAS;YACT,aAAa,EAAE,OAAO;YACtB,iBAAiB,EAAE,UAAU,CAAC,YAAY;YAC1C,YAAY,EAAE,UAAU,CAAC,WAAW;YACpC,cAAc;SACf,CAAC;KACH,CAAC;AACJ,CAAC"}

package/dist/daemon/posttool-render.d.ts

@@ -0,0 +1,48 @@
+import type { CCPostToolPayload, GuardResponseSubset, RouterOutcome } from '../shared/types.js';
+import { type ResolvedAnalysisSource } from './analysis-source.js';
+import { type SynthesizedBy } from './audit-logger.js';
+import type { BlockingDecisionFailReason } from './decision-broker.js';
+import type { SecurityFrameVariant } from './security-frame.js';
+export declare function frameAction(outcome: RouterOutcome): string;
+export declare function synthesizedByForPostTool(vgeResult: GuardResponseSubset, failReason?: BlockingDecisionFailReason | 'user_block'): SynthesizedBy;
+export declare function stopReason(reason: BlockingDecisionFailReason | 'user_block', opts?: {
+    decisionExpiresAt?: number;
+}): string;
+export declare function oneLine(value: string, maxLength?: number): string;
+export declare function stringField(input: Record<string, unknown>, key: string): string | null;
+export declare function resourceLabelForPostToolPrompt(payload: CCPostToolPayload, resourceId: string): string;
+export declare function resolvePostToolFrameVariant(toolName: string, routerOutcome: RouterOutcome): SecurityFrameVariant;
+export declare function renderBlockedPostToolOutput(params: {
+    payload: CCPostToolPayload;
+    resourceId: string;
+    vgeResult: GuardResponseSubset;
+    routerOutcome: RouterOutcome;
+    originalSizeBytes: number;
+    originalHash: string;
+    actionTaken: string;
+    failReason: BlockingDecisionFailReason | 'user_block';
+    analysisSource: ResolvedAnalysisSource;
+}): unknown;
+export declare function renderQuarantinedPostToolOutput(params: {
+    payload: CCPostToolPayload;
+    resourceId: string;
+    vgeResult: GuardResponseSubset;
+    routerOutcome: RouterOutcome;
+    originalSizeBytes: number;
+    originalHash: string;
+    decisionPrompt: string;
+    decisionExpiresAt?: number;
+    analysisSource: ResolvedAnalysisSource;
+}): unknown;
+export declare function neutralFailClosedFrame(payload: CCPostToolPayload): string;
+export declare function renderPostToolFailClosedOutput(payload: CCPostToolPayload): unknown;
+export declare function renderFramedPostToolOutput(params: {
+    payload: CCPostToolPayload;
+    resourceId: string;
+    vgeResult: GuardResponseSubset;
+    routerOutcome: RouterOutcome;
+    originalSizeBytes: number;
+    originalHash: string;
+    analysisSource: ResolvedAnalysisSource;
+}): unknown;
+//# sourceMappingURL=posttool-render.d.ts.map

package/dist/daemon/posttool-render.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"posttool-render.d.ts","sourceRoot":"","sources":["../../src/daemon/posttool-render.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,iBAAiB,EAAE,mBAAmB,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAC;AAChG,OAAO,EAAuB,KAAK,sBAAsB,EAAE,MAAM,sBAAsB,CAAC;AACxF,OAAO,EAIL,KAAK,aAAa,EACnB,MAAM,mBAAmB,CAAC;AAC3B,OAAO,KAAK,EAAE,0BAA0B,EAAE,MAAM,sBAAsB,CAAC;AAGvE,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,qBAAqB,CAAC;AAsChE,wBAAgB,WAAW,CAAC,OAAO,EAAE,aAAa,GAAG,MAAM,CAE1D;AAED,wBAAgB,wBAAwB,CACtC,SAAS,EAAE,mBAAmB,EAC9B,UAAU,CAAC,EAAE,0BAA0B,GAAG,YAAY,GACrD,aAAa,CAOf;AAED,wBAAgB,UAAU,CACxB,MAAM,EAAE,0BAA0B,GAAG,YAAY,EACjD,IAAI,GAAE;IAAE,iBAAiB,CAAC,EAAE,MAAM,CAAA;CAAO,GACxC,MAAM,CAkBR;AAED,wBAAgB,OAAO,CAAC,KAAK,EAAE,MAAM,EAAE,SAAS,SAAM,GAAG,MAAM,CAI9D;AAED,wBAAgB,WAAW,CAAC,KAAK,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAAE,GAAG,EAAE,MAAM,GAAG,MAAM,GAAG,IAAI,CAGtF;AAED,wBAAgB,8BAA8B,CAAC,OAAO,EAAE,iBAAiB,EAAE,UAAU,EAAE,MAAM,GAAG,MAAM,CAarG;AAED,wBAAgB,2BAA2B,CACzC,QAAQ,EAAE,MAAM,EAChB,aAAa,EAAE,aAAa,GAC3B,oBAAoB,CAItB;AAED,wBAAgB,2BAA2B,CAAC,MAAM,EAAE;IAClD,OAAO,EAAE,iBAAiB,CAAC;IAC3B,UAAU,EAAE,MAAM,CAAC;IACnB,SAAS,EAAE,mBAAmB,CAAC;IAC/B,aAAa,EAAE,aAAa,CAAC;IAC7B,iBAAiB,EAAE,MAAM,CAAC;IAC1B,YAAY,EAAE,MAAM,CAAC;IACrB,WAAW,EAAE,MAAM,CAAC;IACpB,UAAU,EAAE,0BAA0B,GAAG,YAAY,CAAC;IACtD,cAAc,EAAE,sBAAsB,CAAC;CACxC,GAAG,OAAO,CA0FV;AAED,wBAAgB,+BAA+B,CAAC,MAAM,EAAE;IACtD,OAAO,EAAE,iBAAiB,CAAC;IAC3B,UAAU,EAAE,MAAM,CAAC;IACnB,SAAS,EAAE,mBAAmB,CAAC;IAC/B,aAAa,EAAE,aAAa,CAAC;IAC7B,iBAAiB,EAAE,MAAM,CAAC;IAC1B,YAAY,EAAE,MAAM,CAAC;IACrB,cAAc,EAAE,MAAM,CAAC;IACvB,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B,cAAc,EAAE,sBAAsB,CAAC;CACxC,GAAG,OAAO,CAsGV;AAED,wBAAgB,sBAAsB,CAAC,OAAO,EAAE,iBAAiB,GAAG,MAAM,CAWzE;AAED,wBAAgB,8BAA8B,CAAC,OAAO,EAAE,iBAAiB,GAAG,OAAO,CASlF;AAED,wBAAgB,0BAA0B,CAAC,MAAM,EAAE;IACjD,OAAO,EAAE,iBAAiB,CAAC;IAC3B,UAAU,EAAE,MAAM,CAAC;IACnB,SAAS,EAAE,mBAAmB,CAAC;IAC/B,aAAa,EAAE,aAAa,CAAC;IAC7B,iBAAiB,EAAE,MAAM,CAAC;IAC1B,YAAY,EAAE,MAAM,CAAC;IACrB,cAAc,EAAE,sBAAsB,CAAC;CACxC,GAAG,OAAO,CA8BV"}