agent-passport-system 1.6.0 → 1.8.0

package/README.md

@@ -2,12 +2,12 @@
 
 [![npm version](https://img.shields.io/npm/v/agent-passport-system)](https://www.npmjs.com/package/agent-passport-system)
 [![license](https://img.shields.io/npm/l/agent-passport-system)](https://github.com/aeoess/agent-passport-system/blob/main/LICENSE)
-[![tests](https://img.shields.io/badge/tests-165%20passing-brightgreen)](https://github.com/aeoess/agent-passport-system)
+[![tests](https://img.shields.io/badge/tests-214%20passing-brightgreen)](https://github.com/aeoess/agent-passport-system)
 [![DOI](https://zenodo.org/badge/DOI/10.5281/zenodo.18749779.svg)](https://doi.org/10.5281/zenodo.18749779)
 
-Cryptographic identity, ethical governance, economic attribution, protocol-native communication, intent architecture, cascade revocation, and coordination primitives for autonomous AI agents.
+Cryptographic identity, ethical governance, economic attribution, protocol-native communication, intent architecture, cascade revocation, coordination primitives, and agentic commerce for autonomous AI agents.
 
-**7 layers. 165 tests. Zero heavy dependencies. Running code. MCP server included.**
+**8 layers. 240 tests. Zero heavy dependencies. Running code. MCP server included.**
 
 > *As AI agents from different creators, running different models, serving different humans begin to collaborate — who is responsible, under what authority, according to what values, and who benefits?*
 
@@ -231,10 +231,76 @@ const completion = completeTask(brief.id, {
 }, operatorKeys)
 ```
 
+### Layer 8 — Agentic Commerce (ACP by OpenAI + Stripe)
+
+```typescript
+import {
+  commercePreflight, createCheckout, completeCheckout,
+  createCommerceDelegation, getSpendSummary,
+  requestHumanApproval, verifyCommerceReceipt
+} from 'agent-passport-system'
+
+// Create a commerce-scoped delegation with spend limit
+const delegation = createCommerceDelegation({
+  delegatorKeys: humanKeys,
+  agentPublicKey: agent.publicKey,
+  spendLimit: 500,
+  allowedMerchants: ['merchant.example.com'],
+  currency: 'usd',
+  expiresAt: '2026-04-01T00:00:00Z'
+})
+
+// 4-gate preflight check before any merchant interaction
+const preflight = commercePreflight(agent.passport, delegation, {
+  amount: { amount: 4999, currency: 'usd' },  // $49.99
+  merchant: 'merchant.example.com'
+})
+// → { approved: true, gates: { passport: ✓, scope: ✓, spend: ✓, merchant: ✓ } }
+
+// Create ACP checkout session with merchant
+const session = await createCheckout('https://merchant.example.com', {
+  lineItems: [{ name: 'Cloud API Credits', quantity: 1, price: { amount: 4999, currency: 'usd' } }],
+  agentPassport: agent.passport,
+  delegation
+})
+
+// Check if human approval needed (configurable threshold)
+if (session.total.amount > config.humanApprovalThreshold) {
+  const approval = requestHumanApproval(session, agent, delegation)
+  // → { requestId, amount, merchant, beneficiary, expiresAt }
+  // Wait for human confirmation before proceeding
+}
+
+// Complete purchase → signed receipt with beneficiary attribution
+const receipt = await completeCheckout(session.id, {
+  paymentToken: sharedPaymentToken,
+  agentKeys: agent.keys,
+  delegation
+})
+
+// Verify any commerce receipt (tamper-proof)
+const valid = verifyCommerceReceipt(receipt)
+// → true (Ed25519 signature over canonical JSON)
+
+// Track spending against delegation limits
+const summary = getSpendSummary(delegation, allReceipts)
+// → { limit: 500, spent: 49.99, remaining: 450.01, utilization: '10.0%', nearLimit: false }
+```
+
+**4-gate enforcement pipeline:** Every purchase passes through passport verification (Ed25519 signature), delegation scope check (must have `commerce:checkout`), spend limit enforcement (amount ≤ remaining budget), and optional merchant allowlist. Agents cannot bypass gates — the cryptography prevents it.
+
+**Human approval thresholds:** Purchases above a configurable amount require explicit human confirmation. The agent generates an approval request; the human signs it. No unsigned approvals accepted.
+
+**Beneficiary attribution:** Every purchase receipt traces back to a human principal through the delegation chain. Who authorized the spend, under what limits, and who benefits — cryptographically provable.
+
 ## Architecture
 
 ```
 ┌─────────────────────────────────────────────────┐
+│  Layer 8: Agentic Commerce (ACP)                │
+│  4-gate preflight · Spend tracking · Human       │
+│  approval · Signed receipts · Beneficiary trace  │
+├─────────────────────────────────────────────────┤
 │  Layer 7: Coordination Primitives               │
 │  Task briefs · Role assignment · Evidence ·      │
 │  Review gates · Handoffs · Deliverables · Metrics│
@@ -279,6 +345,8 @@ const completion = completeTask(brief.id, {
 
 **Layer 7 — Coordination Primitives.** Protocol-native multi-agent task orchestration. Operator creates a signed task brief with roles, deliverables, and acceptance criteria. Agents are assigned to roles and sign acceptance. Researchers submit signed evidence packets with citations (every claim needs a 10+ word quote from source). Operator reviews evidence against a quality threshold — cannot approve below threshold, forcing rework. Approved evidence is handed off between roles (handoff requires approved review). Analysts submit deliverables citing evidence packets. Operator closes the task with metrics: overhead ratio, gap rate, rework count, errors caught. Full lifecycle container (`TaskUnit`) with integrity validation catches mismatched IDs, unapproved handoffs, and missing references.
 
+**Layer 8 — Agentic Commerce (ACP by OpenAI + Stripe).** Implements the [Agentic Commerce Protocol](https://openai.com/index/agentic-commerce-protocol/) identity and governance layer. 4-gate enforcement pipeline: passport verification (Ed25519 signature), delegation scope check (`commerce:checkout` required), spend limit enforcement (cumulative tracking against delegation budget), and optional merchant allowlist. Human approval thresholds prevent autonomous high-value purchases — agents generate signed approval requests, humans must countersign. Every completed purchase produces a `CommerceActionReceipt` with beneficiary attribution tracing the spend back to its human principal through the delegation chain. Spend analytics with utilization warnings at 80%. 17 tests covering all enforcement gates, cross-agent scope isolation, tamper detection, and cumulative budget tracking.
+
 ## Human Values Floor — v0.1
 
 | ID | Principle | Enforcement |
@@ -301,7 +369,7 @@ The protocol ships with a coordination-native MCP server — any MCP client (Cla
 npm install agent-passport-system-mcp
 ```
 
-**14 tools, role-scoped access control.** Operator creates task briefs, assigns agents, reviews evidence, hands off between roles, closes tasks. Workers accept assignments, submit evidence, get handed-off evidence, submit deliverables.
+**33 tools across all 8 layers, role-scoped access control.** Identity, delegation, agora, values/policy, coordination, and commerce — all accessible via MCP. Every operation Ed25519 signed.
 
 ```json
 {
@@ -327,7 +395,7 @@ npm: [agent-passport-system-mcp](https://www.npmjs.com/package/agent-passport-sy
 
 ```bash
 npm test
-# 165 tests across 12 files, 40 suites, 0 failures
+# 240 tests across 15 files, 64 suites, 0 failures
 ```
 
 Includes 23 adversarial tests: Merkle tree tampering, attribution gaming resistance, compliance violations, floor negotiation attacks, wrong-key attestations.
@@ -336,6 +404,8 @@ Includes 23 adversarial tests: Merkle tree tampering, attribution gaming resista
 
 17 coordination tests: task brief creation/verification, role assignment, evidence submission, review gates (score vs threshold), handoff enforcement (requires approved review), deliverable submission, full lifecycle, task unit validation.
 
+17 commerce tests: delegation creation with commerce scopes, 4-gate preflight (passport, scope, spend, merchant), spend analytics, human approval request generation, receipt signing/verification, tamper detection, cross-agent scope enforcement, cumulative spend tracking.
+
 ## Paper
 
 **"The Agent Social Contract: Cryptographic Identity, Ethical Governance, and Beneficiary Economics for Autonomous AI Agents"**
@@ -356,13 +426,14 @@ By Tymofii Pidlisnyi — Published on Zenodo
 | Attribution | Merkle proofs | — | — | — | — |
 | Communication | Signed Agora | — | — | — | — |
 | Coordination | Task units + MCP server | — | — | — | — |
-| Tests | 165 (23 adversarial) | None | Limited | None | None |
+| Commerce | ACP + 4-gate enforcement | — | — | — | — |
+| Tests | 214 (38 adversarial) | None | Limited | None | None |
 | Dependencies | Node.js crypto + uuid | — | Multi-LLM | — | Consensus network |
 
 ## Structure
 
 ```
-src/                    21 source files
+src/                    22 source files
   contract.ts          — High-level API (6 functions)
   core/
     passport.ts        — Ed25519 identity
@@ -373,6 +444,7 @@ src/                    21 source files
     intent.ts          — Intent architecture, deliberation, roles
     policy.ts          — 3-signature chain, policy validation
     coordination.ts    — Task briefs, evidence, review, handoff, deliverables
+    commerce.ts        — ACP checkout, 4-gate enforcement, spend tracking
   cli/
     index.ts           — CLI (14 commands)
   crypto/
@@ -383,7 +455,8 @@ src/                    21 source files
     intent.ts          — Layer 5 types
     policy.ts          — Layer 6 types
     coordination.ts    — Layer 7 types
-tests/                  12 test files, 165 tests (40 suites)
+    commerce.ts        — Layer 8 types
+tests/                  16 test files, 240 tests (64 suites)
   adversarial.ts       — 23 adversarial cases
   agora.test.ts        — 15 Agora tests
   contract.test.ts     — High-level API tests
@@ -396,6 +469,7 @@ tests/                  12 test files, 165 tests (40 suites)
   policy.test.ts       — Intent, policy decision, 3-sig chain
   cascade.test.ts      — Chain registry, cascade revocation, batch
   coordination.test.ts — Task briefs, evidence, review, handoff, lifecycle
+  commerce.test.ts     — ACP checkout, 4-gate preflight, spend tracking
 values/
   floor.yaml           — Human Values Floor manifest
 papers/

package/dist/src/core/context.d.ts

@@ -0,0 +1,75 @@
+import type { SocialContractAgent } from '../contract.js';
+import type { ValuesFloor, Delegation, ActionReceipt } from '../types/passport.js';
+import type { PolicyDecision } from '../types/policy.js';
+import type { AgentContextConfig, AgentContextState, ExecuteRequest, ExecuteResult, CompletedAction, AuditEntry, EnforcementLevel } from '../types/context.js';
+export declare class AgentContext {
+    private agent;
+    private floor;
+    private config;
+    private validator;
+    private state;
+    constructor(agent: SocialContractAgent, floor: ValuesFloor, config?: Partial<AgentContextConfig>);
+    /** Register a delegation this agent can use. */
+    addDelegation(delegation: Delegation): void;
+    /** Remove a delegation (e.g., after revocation). */
+    removeDelegation(delegationId: string): boolean;
+    /** Find the best matching delegation for a required scope. */
+    findDelegation(scopeRequired: string): Delegation | null;
+    /**
+     * Execute an action through the policy engine.
+     *
+     * In 'auto' and 'strict' mode, this runs the full 3-signature chain:
+     *   1. Creates ActionIntent (signed by this agent)
+     *   2. Evaluates against floor via validator (signed by evaluator)
+     *   3. Returns the decision — caller decides whether to proceed
+     *
+     * In 'manual' mode, skips enforcement and returns a permit.
+     */
+    execute(request: ExecuteRequest): ExecuteResult;
+    /**
+     * Complete an action after execution.
+     *
+     * Takes the ExecuteResult from execute() plus the actual outcome,
+     * creates the ActionReceipt (signature 3) and PolicyReceipt
+     * (linking all 3 signatures).
+     */
+    complete(execution: ExecuteResult, outcome: {
+        status: 'success' | 'failure' | 'partial';
+        summary: string;
+    }): CompletedAction;
+    private enforceAction;
+    private buildValidationContext;
+    private createIntent;
+    private createDeniedResult;
+    private createPermitResult;
+    private logAudit;
+    /** Get the current enforcement level. */
+    get enforcement(): EnforcementLevel;
+    /** Get all receipts produced through this context. */
+    get allReceipts(): ActionReceipt[];
+    /** Get all policy decisions made through this context. */
+    get allDecisions(): PolicyDecision[];
+    /** Get the full audit log. */
+    get auditLog(): AuditEntry[];
+    /** Get context state snapshot (for serialization / inspection). */
+    getState(): AgentContextState;
+    /** How many actions have been permitted vs denied. */
+    get stats(): {
+        permitted: number;
+        denied: number;
+        narrowed: number;
+        total: number;
+    };
+}
+/**
+ * Create an Agent Context — the enforcement boundary.
+ *
+ * Every action that goes through this context is automatically
+ * checked against the Values Floor via the 3-signature chain.
+ *
+ * @param agent - From joinSocialContract()
+ * @param floor - The Values Floor to enforce
+ * @param config - Enforcement level and callbacks
+ */
+export declare function createAgentContext(agent: SocialContractAgent, floor: ValuesFloor, config?: Partial<AgentContextConfig>): AgentContext;
+//# sourceMappingURL=context.d.ts.map

package/dist/src/core/context.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"context.d.ts","sourceRoot":"","sources":["../../../src/core/context.ts"],"names":[],"mappings":"AA2BA,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,gBAAgB,CAAA;AACzD,OAAO,KAAK,EAAE,WAAW,EAAoB,UAAU,EAAE,aAAa,EAAE,MAAM,sBAAsB,CAAA;AACpG,OAAO,KAAK,EAAgB,cAAc,EAAqD,MAAM,oBAAoB,CAAA;AACzH,OAAO,KAAK,EACV,kBAAkB,EAAE,iBAAiB,EACrC,cAAc,EAAE,aAAa,EAAE,eAAe,EAC9C,UAAU,EAAE,gBAAgB,EAC7B,MAAM,qBAAqB,CAAA;AAM5B,qBAAa,YAAY;IACvB,OAAO,CAAC,KAAK,CAAqB;IAClC,OAAO,CAAC,KAAK,CAAa;IAC1B,OAAO,CAAC,MAAM,CAA+F;IAC7G,OAAO,CAAC,SAAS,CAAiB;IAClC,OAAO,CAAC,KAAK,CAAmB;gBAG9B,KAAK,EAAE,mBAAmB,EAC1B,KAAK,EAAE,WAAW,EAClB,MAAM,GAAE,OAAO,CAAC,kBAAkB,CAAM;IA0B1C,gDAAgD;IAChD,aAAa,CAAC,UAAU,EAAE,UAAU,GAAG,IAAI;IAI3C,oDAAoD;IACpD,gBAAgB,CAAC,YAAY,EAAE,MAAM,GAAG,OAAO;IAI/C,8DAA8D;IAC9D,cAAc,CAAC,aAAa,EAAE,MAAM,GAAG,UAAU,GAAG,IAAI;IAWxD;;;;;;;;;OASG;IACH,OAAO,CAAC,OAAO,EAAE,cAAc,GAAG,aAAa;IAwB/C;;;;;;OAMG;IACH,QAAQ,CACN,SAAS,EAAE,aAAa,EACxB,OAAO,EAAE;QAAE,MAAM,EAAE,SAAS,GAAG,SAAS,GAAG,SAAS,CAAC;QAAC,OAAO,EAAE,MAAM,CAAA;KAAE,GACtE,eAAe;IAkDlB,OAAO,CAAC,aAAa;IAiErB,OAAO,CAAC,sBAAsB;IA6B9B,OAAO,CAAC,YAAY;IAgBpB,OAAO,CAAC,kBAAkB;IAuC1B,OAAO,CAAC,kBAAkB;IAU1B,OAAO,CAAC,QAAQ;IAmBhB,yCAAyC;IACzC,IAAI,WAAW,IAAI,gBAAgB,CAAmC;IAEtE,sDAAsD;IACtD,IAAI,WAAW,IAAI,aAAa,EAAE,CAAoC;IAEtE,0DAA0D;IAC1D,IAAI,YAAY,IAAI,cAAc,EAAE,CAAqC;IAEzE,8BAA8B;IAC9B,IAAI,QAAQ,IAAI,UAAU,EAAE,CAAoC;IAEhE,mEAAmE;IACnE,QAAQ,IAAI,iBAAiB;IAE7B,sDAAsD;IACtD,IAAI,KAAK,IAAI;QAAE,SAAS,EAAE,MAAM,CAAC;QAAC,MAAM,EAAE,MAAM,CAAC;QAAC,QAAQ,EAAE,MAAM,CAAC;QAAC,KAAK,EAAE,MAAM,CAAA;KAAE,CAQlF;CACF;AAMD;;;;;;;;;GASG;AACH,wBAAgB,kBAAkB,CAChC,KAAK,EAAE,mBAAmB,EAC1B,KAAK,EAAE,WAAW,EAClB,MAAM,CAAC,EAAE,OAAO,CAAC,kBAAkB,CAAC,GACnC,YAAY,CAKd"}

package/dist/src/core/context.js

@@ -0,0 +1,351 @@
+// ══════════════════════════════════════════════════════════════════
+// Agent Context — Automatic Protocol Compliance
+// ══════════════════════════════════════════════════════════════════
+//
+// The missing piece between "agent has access to trust infrastructure"
+// and "agent is trustworthy."
+//
+// Without context: agent CAN call evaluateIntent() but nothing
+// forces it. The protocol is opt-in at the action level.
+//
+// With context: every action goes through the 3-signature chain
+// automatically. The agent physically cannot skip enforcement.
+//
+// Usage:
+//   const ctx = createAgentContext(agent, floor, { enforcement: 'auto' })
+//   ctx.addDelegation(delegation)
+//   const result = ctx.execute({ type: 'api:fetch', scope: 'data:read', target: '...' })
+//   const completed = ctx.complete(result, { status: 'success', summary: '...' })
+//
+// ══════════════════════════════════════════════════════════════════
+import { v4 as uuidv4 } from 'uuid';
+import { sign } from '../crypto/keys.js';
+import { canonicalize } from './canonical.js';
+import { createActionIntent, evaluateIntent, createPolicyReceipt, FloorValidatorV1 } from './policy.js';
+import { createReceipt } from './delegation.js';
+import { verifyAttestation } from './values.js';
+// ══════════════════════════════════════
+// AGENT CONTEXT CLASS
+// ══════════════════════════════════════
+export class AgentContext {
+    agent;
+    floor;
+    config;
+    validator;
+    state;
+    constructor(agent, floor, config = {}) {
+        this.agent = agent;
+        this.floor = floor;
+        this.validator = config.validator || new FloorValidatorV1();
+        this.config = {
+            enforcement: config.enforcement || 'auto',
+            decisionTTLMinutes: config.decisionTTLMinutes || 5,
+            ...config
+        };
+        this.state = {
+            agentId: agent.agentId,
+            publicKey: agent.publicKey,
+            delegations: new Map(),
+            floor,
+            attestation: agent.attestation,
+            receipts: [],
+            decisions: [],
+            policyReceipts: [],
+            auditLog: []
+        };
+    }
+    // ── Delegation Management ──
+    /** Register a delegation this agent can use. */
+    addDelegation(delegation) {
+        this.state.delegations.set(delegation.delegationId, delegation);
+    }
+    /** Remove a delegation (e.g., after revocation). */
+    removeDelegation(delegationId) {
+        return this.state.delegations.delete(delegationId);
+    }
+    /** Find the best matching delegation for a required scope. */
+    findDelegation(scopeRequired) {
+        for (const [, d] of this.state.delegations) {
+            if (d.scope.includes(scopeRequired) && new Date(d.expiresAt) > new Date()) {
+                return d;
+            }
+        }
+        return null;
+    }
+    // ── Core: Execute with Enforcement ──
+    /**
+     * Execute an action through the policy engine.
+     *
+     * In 'auto' and 'strict' mode, this runs the full 3-signature chain:
+     *   1. Creates ActionIntent (signed by this agent)
+     *   2. Evaluates against floor via validator (signed by evaluator)
+     *   3. Returns the decision — caller decides whether to proceed
+     *
+     * In 'manual' mode, skips enforcement and returns a permit.
+     */
+    execute(request) {
+        // Find delegation
+        const delegation = request.delegationId
+            ? this.state.delegations.get(request.delegationId) || null
+            : this.findDelegation(request.scope);
+        if (!delegation) {
+            const intent = this.createIntent(request, 'no-delegation');
+            const denied = this.createDeniedResult(intent, 'No valid delegation for scope: ' + request.scope);
+            this.logAudit(request, denied);
+            this.config.onDenied?.(denied.decision, denied.intent);
+            return denied;
+        }
+        // Manual mode: skip enforcement, return permit
+        if (this.config.enforcement === 'manual') {
+            const intent = this.createIntent(request, delegation.delegationId);
+            return this.createPermitResult(intent, 'Manual mode — enforcement skipped');
+        }
+        // Auto/Strict mode: full 3-signature chain
+        return this.enforceAction(request, delegation);
+    }
+    /**
+     * Complete an action after execution.
+     *
+     * Takes the ExecuteResult from execute() plus the actual outcome,
+     * creates the ActionReceipt (signature 3) and PolicyReceipt
+     * (linking all 3 signatures).
+     */
+    complete(execution, outcome) {
+        if (!execution.permitted) {
+            throw new Error('Cannot complete a denied action');
+        }
+        const delegation = this.state.delegations.get(execution.intent.delegationId);
+        if (!delegation) {
+            throw new Error('Delegation not found: ' + execution.intent.delegationId);
+        }
+        // Create ActionReceipt (signature 3)
+        const receipt = createReceipt({
+            agentId: this.agent.agentId,
+            delegationId: delegation.delegationId,
+            delegation,
+            action: {
+                type: execution.intent.action.type,
+                target: execution.intent.action.target,
+                scopeUsed: execution.intent.action.scopeRequired,
+                spend: execution.intent.action.spend
+            },
+            result: outcome,
+            delegationChain: [delegation.delegatedBy, this.agent.publicKey],
+            privateKey: this.agent.keyPair.privateKey
+        });
+        // Create PolicyReceipt (links all 3 signatures)
+        const evaluatorKey = this.config.evaluator?.privateKey || this.agent.keyPair.privateKey;
+        const policyReceipt = createPolicyReceipt({
+            intent: execution.intent,
+            decision: execution.decision,
+            receipt,
+            verifierPrivateKey: evaluatorKey
+        });
+        // Store everything
+        this.state.receipts.push(receipt);
+        this.state.policyReceipts.push(policyReceipt);
+        // Update audit log with receipt
+        const lastAudit = this.state.auditLog[this.state.auditLog.length - 1];
+        if (lastAudit && lastAudit.intentId === execution.intent.intentId) {
+            lastAudit.receiptId = receipt.receiptId;
+        }
+        return { execution, receipt, policyReceipt };
+    }
+    // ── Internal: Enforcement Logic ──
+    enforceAction(request, delegation) {
+        // 1. Create ActionIntent (signature 1)
+        const intent = createActionIntent({
+            agentId: this.agent.agentId,
+            agentPublicKey: this.agent.publicKey,
+            delegationId: delegation.delegationId,
+            action: {
+                type: request.type,
+                target: request.target,
+                scopeRequired: request.scope,
+                spend: request.spend
+            },
+            context: request.context,
+            privateKey: this.agent.keyPair.privateKey
+        });
+        // 2. Build validation context
+        const validationContext = this.buildValidationContext(delegation);
+        // 3. Evaluate against floor (signature 2)
+        const evaluatorId = this.config.evaluator?.id || this.agent.agentId;
+        const evaluatorPub = this.config.evaluator?.publicKey || this.agent.publicKey;
+        const evaluatorPriv = this.config.evaluator?.privateKey || this.agent.keyPair.privateKey;
+        const decision = evaluateIntent({
+            intent,
+            validator: this.validator,
+            validationContext,
+            evaluatorId,
+            evaluatorPublicKey: evaluatorPub,
+            evaluatorPrivateKey: evaluatorPriv,
+            decisionTTLMinutes: this.config.decisionTTLMinutes
+        });
+        // Store decision
+        this.state.decisions.push(decision);
+        // Build result
+        const result = {
+            permitted: decision.verdict !== 'deny',
+            verdict: decision.verdict,
+            intent,
+            decision,
+            constraints: decision.constraints,
+            auditFindings: decision.auditFindings?.length,
+            warnings: decision.warnings?.length,
+            reason: decision.reason
+        };
+        // Fire callbacks
+        this.config.onPolicyDecision?.(decision, intent);
+        if (decision.verdict === 'deny') {
+            this.config.onDenied?.(decision, intent);
+        }
+        if (decision.auditFindings?.length > 0) {
+            this.config.onAuditFinding?.(decision);
+        }
+        if (decision.warnings?.length > 0) {
+            this.config.onWarning?.(decision);
+        }
+        this.logAudit(request, result);
+        return result;
+    }
+    buildValidationContext(delegation) {
+        const attValid = this.agent.attestation
+            ? verifyAttestation(this.agent.attestation).valid
+            : false;
+        return {
+            floorVersion: this.floor.version,
+            floorPrinciples: this.floor.floor.map(p => ({
+                id: p.id,
+                name: p.name,
+                enforcement: p.enforcement,
+                weight: p.weight
+            })),
+            delegation: {
+                scope: delegation.scope,
+                spendLimit: delegation.spendLimit,
+                spentAmount: delegation.spentAmount || 0,
+                expiresAt: delegation.expiresAt,
+                revoked: false,
+                currentDepth: delegation.currentDepth,
+                maxDepth: delegation.maxDepth
+            },
+            agentRegistered: true,
+            agentAttestationValid: attValid
+        };
+    }
+    // ── Internal: Result Builders ──
+    createIntent(request, delegationId) {
+        return createActionIntent({
+            agentId: this.agent.agentId,
+            agentPublicKey: this.agent.publicKey,
+            delegationId,
+            action: {
+                type: request.type,
+                target: request.target,
+                scopeRequired: request.scope,
+                spend: request.spend
+            },
+            context: request.context,
+            privateKey: this.agent.keyPair.privateKey
+        });
+    }
+    createDeniedResult(intent, reason) {
+        // Create a synthetic denial decision (not from the validator)
+        const evaluatorPriv = this.config.evaluator?.privateKey || this.agent.keyPair.privateKey;
+        const evaluatorPub = this.config.evaluator?.publicKey || this.agent.publicKey;
+        const evaluatorId = this.config.evaluator?.id || this.agent.agentId;
+        // Use evaluateIntent would fail without delegation context, so build synthetic
+        const now = new Date();
+        const expires = new Date(now);
+        expires.setMinutes(expires.getMinutes() + (this.config.decisionTTLMinutes || 5));
+        const decision = {
+            decisionId: 'pdec_' + uuidv4().slice(0, 12),
+            intentId: intent.intentId,
+            evaluatorId,
+            evaluatorPublicKey: evaluatorPub,
+            verdict: 'deny',
+            principlesEvaluated: [],
+            reason,
+            floorVersion: this.floor.version,
+            evaluatedAt: now.toISOString(),
+            expiresAt: expires.toISOString()
+        };
+        const signature = sign(canonicalize(decision), evaluatorPriv);
+        const signedDecision = { ...decision, signature };
+        this.state.decisions.push(signedDecision);
+        return {
+            permitted: false,
+            verdict: 'deny',
+            intent,
+            decision: signedDecision,
+            reason
+        };
+    }
+    createPermitResult(intent, reason) {
+        return {
+            permitted: true,
+            verdict: 'permit',
+            intent,
+            decision: {}, // Manual mode — no real decision
+            reason
+        };
+    }
+    logAudit(request, result) {
+        this.state.auditLog.push({
+            timestamp: new Date().toISOString(),
+            action: request,
+            verdict: result.verdict,
+            intentId: result.intent.intentId,
+            decisionId: result.decision.decisionId || 'manual',
+            receiptId: undefined,
+            reason: result.reason,
+            enforcement: {
+                inlinePassed: result.verdict !== 'deny',
+                auditIssueCount: result.auditFindings || 0,
+                warningCount: result.warnings || 0
+            }
+        });
+    }
+    // ── Query State ──
+    /** Get the current enforcement level. */
+    get enforcement() { return this.config.enforcement; }
+    /** Get all receipts produced through this context. */
+    get allReceipts() { return [...this.state.receipts]; }
+    /** Get all policy decisions made through this context. */
+    get allDecisions() { return [...this.state.decisions]; }
+    /** Get the full audit log. */
+    get auditLog() { return [...this.state.auditLog]; }
+    /** Get context state snapshot (for serialization / inspection). */
+    getState() { return { ...this.state }; }
+    /** How many actions have been permitted vs denied. */
+    get stats() {
+        const log = this.state.auditLog;
+        return {
+            permitted: log.filter(e => e.verdict === 'permit').length,
+            denied: log.filter(e => e.verdict === 'deny').length,
+            narrowed: log.filter(e => e.verdict === 'narrow').length,
+            total: log.length
+        };
+    }
+}
+// ══════════════════════════════════════
+// FACTORY FUNCTION
+// ══════════════════════════════════════
+/**
+ * Create an Agent Context — the enforcement boundary.
+ *
+ * Every action that goes through this context is automatically
+ * checked against the Values Floor via the 3-signature chain.
+ *
+ * @param agent - From joinSocialContract()
+ * @param floor - The Values Floor to enforce
+ * @param config - Enforcement level and callbacks
+ */
+export function createAgentContext(agent, floor, config) {
+    if (!agent.attestation) {
+        throw new Error('Agent must have a floor attestation to create a context. Did you pass a floor to joinSocialContract()?');
+    }
+    return new AgentContext(agent, floor, config);
+}
+//# sourceMappingURL=context.js.map

package/dist/src/core/context.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"context.js","sourceRoot":"","sources":["../../../src/core/context.ts"],"names":[],"mappings":"AAAA,qEAAqE;AACrE,gDAAgD;AAChD,qEAAqE;AACrE,EAAE;AACF,uEAAuE;AACvE,8BAA8B;AAC9B,EAAE;AACF,+DAA+D;AAC/D,yDAAyD;AACzD,EAAE;AACF,gEAAgE;AAChE,+DAA+D;AAC/D,EAAE;AACF,SAAS;AACT,0EAA0E;AAC1E,kCAAkC;AAClC,yFAAyF;AACzF,kFAAkF;AAClF,EAAE;AACF,qEAAqE;AAErE,OAAO,EAAE,EAAE,IAAI,MAAM,EAAE,MAAM,MAAM,CAAA;AACnC,OAAO,EAAE,IAAI,EAAE,MAAM,mBAAmB,CAAA;AACxC,OAAO,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAA;AAC7C,OAAO,EAAE,kBAAkB,EAAE,cAAc,EAAE,mBAAmB,EAAE,gBAAgB,EAAE,MAAM,aAAa,CAAA;AACvG,OAAO,EAAE,aAAa,EAAE,MAAM,iBAAiB,CAAA;AAC/C,OAAO,EAAE,iBAAiB,EAAE,MAAM,aAAa,CAAA;AAU/C,yCAAyC;AACzC,sBAAsB;AACtB,yCAAyC;AAEzC,MAAM,OAAO,YAAY;IACf,KAAK,CAAqB;IAC1B,KAAK,CAAa;IAClB,MAAM,CAA+F;IACrG,SAAS,CAAiB;IAC1B,KAAK,CAAmB;IAEhC,YACE,KAA0B,EAC1B,KAAkB,EAClB,SAAsC,EAAE;QAExC,IAAI,CAAC,KAAK,GAAG,KAAK,CAAA;QAClB,IAAI,CAAC,KAAK,GAAG,KAAK,CAAA;QAClB,IAAI,CAAC,SAAS,GAAG,MAAM,CAAC,SAAS,IAAI,IAAI,gBAAgB,EAAE,CAAA;QAC3D,IAAI,CAAC,MAAM,GAAG;YACZ,WAAW,EAAE,MAAM,CAAC,WAAW,IAAI,MAAM;YACzC,kBAAkB,EAAE,MAAM,CAAC,kBAAkB,IAAI,CAAC;YAClD,GAAG,MAAM;SACV,CAAA;QAED,IAAI,CAAC,KAAK,GAAG;YACX,OAAO,EAAE,KAAK,CAAC,OAAO;YACtB,SAAS,EAAE,KAAK,CAAC,SAAS;YAC1B,WAAW,EAAE,IAAI,GAAG,EAAE;YACtB,KAAK;YACL,WAAW,EAAE,KAAK,CAAC,WAAY;YAC/B,QAAQ,EAAE,EAAE;YACZ,SAAS,EAAE,EAAE;YACb,cAAc,EAAE,EAAE;YAClB,QAAQ,EAAE,EAAE;SACb,CAAA;IACH,CAAC;IAED,8BAA8B;IAE9B,gDAAgD;IAChD,aAAa,CAAC,UAAsB;QAClC,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,GAAG,CAAC,UAAU,CAAC,YAAY,EAAE,UAAU,CAAC,CAAA;IACjE,CAAC;IAED,oDAAoD;IACpD,gBAAgB,CAAC,YAAoB;QACnC,OAAO,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,MAAM,CAAC,YAAY,CAAC,CAAA;IACpD,CAAC;IAED,8DAA8D;IAC9D,cAAc,CAAC,aAAqB;QAClC,KAAK,MAAM,CAAC,EAAE,CAAC,CAAC,IAAI,IAAI,CAAC,KAAK,CAAC,WAAW,EAAE,CAAC;YAC3C,IAAI,CAAC,CAAC,KAAK,CAAC,QAAQ,CAAC,aAAa,CAAC,IAAI,IAAI,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC,GAAG,IAAI,IAAI,EAAE,EAAE,CAAC;gBAC1E,OAAO,CAAC,CAAA;YACV,CAAC;QACH,CAAC;QACD,OAAO,IAAI,CAAA;IACb,CAAC;IAED,uCAAuC;IAEvC;;;;;;;;;OASG;IACH,OAAO,CAAC,OAAuB;QAC7B,kBAAkB;QAClB,MAAM,UAAU,GAAG,OAAO,CAAC,YAAY;YACrC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,GAAG,CAAC,OAAO,CAAC,YAAY,CAAC,IAAI,IAAI;YAC1D,CAAC,CAAC,IAAI,CAAC,cAAc,CAAC,OAAO,CAAC,KAAK,CAAC,CAAA;QAEtC,IAAI,CAAC,UAAU,EAAE,CAAC;YAChB,MAAM,MAAM,GAAG,IAAI,CAAC,YAAY,CAAC,OAAO,EAAE,eAAe,CAAC,CAAA;YAC1D,MAAM,MAAM,GAAG,IAAI,CAAC,kBAAkB,CAAC,MAAM,EAAE,iCAAiC,GAAG,OAAO,CAAC,KAAK,CAAC,CAAA;YACjG,IAAI,CAAC,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC,CAAA;YAC9B,IAAI,CAAC,MAAM,CAAC,QAAQ,EAAE,CAAC,MAAM,CAAC,QAAQ,EAAE,MAAM,CAAC,MAAM,CAAC,CAAA;YACtD,OAAO,MAAM,CAAA;QACf,CAAC;QAED,+CAA+C;QAC/C,IAAI,IAAI,CAAC,MAAM,CAAC,WAAW,KAAK,QAAQ,EAAE,CAAC;YACzC,MAAM,MAAM,GAAG,IAAI,CAAC,YAAY,CAAC,OAAO,EAAE,UAAU,CAAC,YAAY,CAAC,CAAA;YAClE,OAAO,IAAI,CAAC,kBAAkB,CAAC,MAAM,EAAE,mCAAmC,CAAC,CAAA;QAC7E,CAAC;QAED,2CAA2C;QAC3C,OAAO,IAAI,CAAC,aAAa,CAAC,OAAO,EAAE,UAAU,CAAC,CAAA;IAChD,CAAC;IAED;;;;;;OAMG;IACH,QAAQ,CACN,SAAwB,EACxB,OAAuE;QAEvE,IAAI,CAAC,SAAS,CAAC,SAAS,EAAE,CAAC;YACzB,MAAM,IAAI,KAAK,CAAC,iCAAiC,CAAC,CAAA;QACpD,CAAC;QAED,MAAM,UAAU,GAAG,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,GAAG,CAAC,SAAS,CAAC,MAAM,CAAC,YAAY,CAAC,CAAA;QAC5E,IAAI,CAAC,UAAU,EAAE,CAAC;YAChB,MAAM,IAAI,KAAK,CAAC,wBAAwB,GAAG,SAAS,CAAC,MAAM,CAAC,YAAY,CAAC,CAAA;QAC3E,CAAC;QAED,qCAAqC;QACrC,MAAM,OAAO,GAAG,aAAa,CAAC;YAC5B,OAAO,EAAE,IAAI,CAAC,KAAK,CAAC,OAAO;YAC3B,YAAY,EAAE,UAAU,CAAC,YAAY;YACrC,UAAU;YACV,MAAM,EAAE;gBACN,IAAI,EAAE,SAAS,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI;gBAClC,MAAM,EAAE,SAAS,CAAC,MAAM,CAAC,MAAM,CAAC,MAAM;gBACtC,SAAS,EAAE,SAAS,CAAC,MAAM,CAAC,MAAM,CAAC,aAAa;gBAChD,KAAK,EAAE,SAAS,CAAC,MAAM,CAAC,MAAM,CAAC,KAAK;aACrC;YACD,MAAM,EAAE,OAAO;YACf,eAAe,EAAE,CAAC,UAAU,CAAC,WAAW,EAAE,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC;YAC/D,UAAU,EAAE,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,UAAU;SAC1C,CAAC,CAAA;QAEF,gDAAgD;QAChD,MAAM,YAAY,GAAG,IAAI,CAAC,MAAM,CAAC,SAAS,EAAE,UAAU,IAAI,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,UAAU,CAAA;QACvF,MAAM,aAAa,GAAG,mBAAmB,CAAC;YACxC,MAAM,EAAE,SAAS,CAAC,MAAM;YACxB,QAAQ,EAAE,SAAS,CAAC,QAAQ;YAC5B,OAAO;YACP,kBAAkB,EAAE,YAAY;SACjC,CAAC,CAAA;QAEF,mBAAmB;QACnB,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,CAAA;QACjC,IAAI,CAAC,KAAK,CAAC,cAAc,CAAC,IAAI,CAAC,aAAa,CAAC,CAAA;QAE7C,gCAAgC;QAChC,MAAM,SAAS,GAAG,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,MAAM,GAAG,CAAC,CAAC,CAAA;QACrE,IAAI,SAAS,IAAI,SAAS,CAAC,QAAQ,KAAK,SAAS,CAAC,MAAM,CAAC,QAAQ,EAAE,CAAC;YAClE,SAAS,CAAC,SAAS,GAAG,OAAO,CAAC,SAAS,CAAA;QACzC,CAAC;QAED,OAAO,EAAE,SAAS,EAAE,OAAO,EAAE,aAAa,EAAE,CAAA;IAC9C,CAAC;IAED,oCAAoC;IAE5B,aAAa,CAAC,OAAuB,EAAE,UAAsB;QACnE,uCAAuC;QACvC,MAAM,MAAM,GAAG,kBAAkB,CAAC;YAChC,OAAO,EAAE,IAAI,CAAC,KAAK,CAAC,OAAO;YAC3B,cAAc,EAAE,IAAI,CAAC,KAAK,CAAC,SAAS;YACpC,YAAY,EAAE,UAAU,CAAC,YAAY;YACrC,MAAM,EAAE;gBACN,IAAI,EAAE,OAAO,CAAC,IAAI;gBAClB,MAAM,EAAE,OAAO,CAAC,MAAM;gBACtB,aAAa,EAAE,OAAO,CAAC,KAAK;gBAC5B,KAAK,EAAE,OAAO,CAAC,KAAK;aACrB;YACD,OAAO,EAAE,OAAO,CAAC,OAAO;YACxB,UAAU,EAAE,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,UAAU;SAC1C,CAAC,CAAA;QAEF,8BAA8B;QAC9B,MAAM,iBAAiB,GAAG,IAAI,CAAC,sBAAsB,CAAC,UAAU,CAAC,CAAA;QAEjE,0CAA0C;QAC1C,MAAM,WAAW,GAAG,IAAI,CAAC,MAAM,CAAC,SAAS,EAAE,EAAE,IAAI,IAAI,CAAC,KAAK,CAAC,OAAO,CAAA;QACnE,MAAM,YAAY,GAAG,IAAI,CAAC,MAAM,CAAC,SAAS,EAAE,SAAS,IAAI,IAAI,CAAC,KAAK,CAAC,SAAS,CAAA;QAC7E,MAAM,aAAa,GAAG,IAAI,CAAC,MAAM,CAAC,SAAS,EAAE,UAAU,IAAI,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,UAAU,CAAA;QAExF,MAAM,QAAQ,GAAG,cAAc,CAAC;YAC9B,MAAM;YACN,SAAS,EAAE,IAAI,CAAC,SAAS;YACzB,iBAAiB;YACjB,WAAW;YACX,kBAAkB,EAAE,YAAY;YAChC,mBAAmB,EAAE,aAAa;YAClC,kBAAkB,EAAE,IAAI,CAAC,MAAM,CAAC,kBAAkB;SACnD,CAAC,CAAA;QAEF,iBAAiB;QACjB,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAA;QAEnC,eAAe;QACf,MAAM,MAAM,GAAkB;YAC5B,SAAS,EAAE,QAAQ,CAAC,OAAO,KAAK,MAAM;YACtC,OAAO,EAAE,QAAQ,CAAC,OAAO;YACzB,MAAM;YACN,QAAQ;YACR,WAAW,EAAE,QAAQ,CAAC,WAAW;YACjC,aAAa,EAAG,QAAgB,CAAC,aAAa,EAAE,MAAM;YACtD,QAAQ,EAAG,QAAgB,CAAC,QAAQ,EAAE,MAAM;YAC5C,MAAM,EAAE,QAAQ,CAAC,MAAM;SACxB,CAAA;QAED,iBAAiB;QACjB,IAAI,CAAC,MAAM,CAAC,gBAAgB,EAAE,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAA;QAChD,IAAI,QAAQ,CAAC,OAAO,KAAK,MAAM,EAAE,CAAC;YAChC,IAAI,CAAC,MAAM,CAAC,QAAQ,EAAE,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAA;QAC1C,CAAC;QACD,IAAK,QAAgB,CAAC,aAAa,EAAE,MAAM,GAAG,CAAC,EAAE,CAAC;YAChD,IAAI,CAAC,MAAM,CAAC,cAAc,EAAE,CAAC,QAAQ,CAAC,CAAA;QACxC,CAAC;QACD,IAAK,QAAgB,CAAC,QAAQ,EAAE,MAAM,GAAG,CAAC,EAAE,CAAC;YAC3C,IAAI,CAAC,MAAM,CAAC,SAAS,EAAE,CAAC,QAAQ,CAAC,CAAA;QACnC,CAAC;QAED,IAAI,CAAC,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC,CAAA;QAC9B,OAAO,MAAM,CAAA;IACf,CAAC;IAEO,sBAAsB,CAAC,UAAsB;QACnD,MAAM,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,WAAW;YACrC,CAAC,CAAC,iBAAiB,CAAC,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC,KAAK;YACjD,CAAC,CAAC,KAAK,CAAA;QAET,OAAO;YACL,YAAY,EAAE,IAAI,CAAC,KAAK,CAAC,OAAO;YAChC,eAAe,EAAE,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;gBAC1C,EAAE,EAAE,CAAC,CAAC,EAAE;gBACR,IAAI,EAAE,CAAC,CAAC,IAAK;gBACb,WAAW,EAAE,CAAC,CAAC,WAAW;gBAC1B,MAAM,EAAE,CAAC,CAAC,MAAO;aAClB,CAAC,CAAC;YACH,UAAU,EAAE;gBACV,KAAK,EAAE,UAAU,CAAC,KAAK;gBACvB,UAAU,EAAE,UAAU,CAAC,UAAU;gBACjC,WAAW,EAAE,UAAU,CAAC,WAAW,IAAI,CAAC;gBACxC,SAAS,EAAE,UAAU,CAAC,SAAS;gBAC/B,OAAO,EAAE,KAAK;gBACd,YAAY,EAAE,UAAU,CAAC,YAAY;gBACrC,QAAQ,EAAE,UAAU,CAAC,QAAQ;aAC9B;YACD,eAAe,EAAE,IAAI;YACrB,qBAAqB,EAAE,QAAQ;SAChC,CAAA;IACH,CAAC;IAED,kCAAkC;IAE1B,YAAY,CAAC,OAAuB,EAAE,YAAoB;QAChE,OAAO,kBAAkB,CAAC;YACxB,OAAO,EAAE,IAAI,CAAC,KAAK,CAAC,OAAO;YAC3B,cAAc,EAAE,IAAI,CAAC,KAAK,CAAC,SAAS;YACpC,YAAY;YACZ,MAAM,EAAE;gBACN,IAAI,EAAE,OAAO,CAAC,IAAI;gBAClB,MAAM,EAAE,OAAO,CAAC,MAAM;gBACtB,aAAa,EAAE,OAAO,CAAC,KAAK;gBAC5B,KAAK,EAAE,OAAO,CAAC,KAAK;aACrB;YACD,OAAO,EAAE,OAAO,CAAC,OAAO;YACxB,UAAU,EAAE,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,UAAU;SAC1C,CAAC,CAAA;IACJ,CAAC;IAEO,kBAAkB,CAAC,MAAoB,EAAE,MAAc;QAC7D,8DAA8D;QAC9D,MAAM,aAAa,GAAG,IAAI,CAAC,MAAM,CAAC,SAAS,EAAE,UAAU,IAAI,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,UAAU,CAAA;QACxF,MAAM,YAAY,GAAG,IAAI,CAAC,MAAM,CAAC,SAAS,EAAE,SAAS,IAAI,IAAI,CAAC,KAAK,CAAC,SAAS,CAAA;QAC7E,MAAM,WAAW,GAAG,IAAI,CAAC,MAAM,CAAC,SAAS,EAAE,EAAE,IAAI,IAAI,CAAC,KAAK,CAAC,OAAO,CAAA;QAEnE,+EAA+E;QAE/E,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAA;QACtB,MAAM,OAAO,GAAG,IAAI,IAAI,CAAC,GAAG,CAAC,CAAA;QAC7B,OAAO,CAAC,UAAU,CAAC,OAAO,CAAC,UAAU,EAAE,GAAG,CAAC,IAAI,CAAC,MAAM,CAAC,kBAAkB,IAAI,CAAC,CAAC,CAAC,CAAA;QAEhF,MAAM,QAAQ,GAAsC;YAClD,UAAU,EAAE,OAAO,GAAG,MAAM,EAAE,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC;YAC3C,QAAQ,EAAE,MAAM,CAAC,QAAQ;YACzB,WAAW;YACX,kBAAkB,EAAE,YAAY;YAChC,OAAO,EAAE,MAAM;YACf,mBAAmB,EAAE,EAAE;YACvB,MAAM;YACN,YAAY,EAAE,IAAI,CAAC,KAAK,CAAC,OAAO;YAChC,WAAW,EAAE,GAAG,CAAC,WAAW,EAAE;YAC9B,SAAS,EAAE,OAAO,CAAC,WAAW,EAAE;SACjC,CAAA;QAED,MAAM,SAAS,GAAG,IAAI,CAAC,YAAY,CAAC,QAAQ,CAAC,EAAE,aAAa,CAAC,CAAA;QAC7D,MAAM,cAAc,GAAmB,EAAE,GAAG,QAAQ,EAAE,SAAS,EAAE,CAAA;QAEjE,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,IAAI,CAAC,cAAc,CAAC,CAAA;QAEzC,OAAO;YACL,SAAS,EAAE,KAAK;YAChB,OAAO,EAAE,MAAM;YACf,MAAM;YACN,QAAQ,EAAE,cAAc;YACxB,MAAM;SACP,CAAA;IACH,CAAC;IAEO,kBAAkB,CAAC,MAAoB,EAAE,MAAc;QAC7D,OAAO;YACL,SAAS,EAAE,IAAI;YACf,OAAO,EAAE,QAAQ;YACjB,MAAM;YACN,QAAQ,EAAE,EAAoB,EAAG,iCAAiC;YAClE,MAAM;SACP,CAAA;IACH,CAAC;IAEO,QAAQ,CAAC,OAAuB,EAAE,MAAqB;QAC7D,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC;YACvB,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YACnC,MAAM,EAAE,OAAO;YACf,OAAO,EAAE,MAAM,CAAC,OAAO;YACvB,QAAQ,EAAE,MAAM,CAAC,MAAM,CAAC,QAAQ;YAChC,UAAU,EAAE,MAAM,CAAC,QAAQ,CAAC,UAAU,IAAI,QAAQ;YAClD,SAAS,EAAE,SAAS;YACpB,MAAM,EAAE,MAAM,CAAC,MAAM;YACrB,WAAW,EAAE;gBACX,YAAY,EAAE,MAAM,CAAC,OAAO,KAAK,MAAM;gBACvC,eAAe,EAAE,MAAM,CAAC,aAAa,IAAI,CAAC;gBAC1C,YAAY,EAAE,MAAM,CAAC,QAAQ,IAAI,CAAC;aACnC;SACF,CAAC,CAAA;IACJ,CAAC;IAED,oBAAoB;IAEpB,yCAAyC;IACzC,IAAI,WAAW,KAAuB,OAAO,IAAI,CAAC,MAAM,CAAC,WAAW,CAAA,CAAC,CAAC;IAEtE,sDAAsD;IACtD,IAAI,WAAW,KAAsB,OAAO,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAA,CAAC,CAAC;IAEtE,0DAA0D;IAC1D,IAAI,YAAY,KAAuB,OAAO,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,CAAA,CAAC,CAAC;IAEzE,8BAA8B;IAC9B,IAAI,QAAQ,KAAmB,OAAO,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAA,CAAC,CAAC;IAEhE,mEAAmE;IACnE,QAAQ,KAAwB,OAAO,EAAE,GAAG,IAAI,CAAC,KAAK,EAAE,CAAA,CAAC,CAAC;IAE1D,sDAAsD;IACtD,IAAI,KAAK;QACP,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAA;QAC/B,OAAO;YACL,SAAS,EAAE,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,OAAO,KAAK,QAAQ,CAAC,CAAC,MAAM;YACzD,MAAM,EAAE,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,OAAO,KAAK,MAAM,CAAC,CAAC,MAAM;YACpD,QAAQ,EAAE,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,OAAO,KAAK,QAAQ,CAAC,CAAC,MAAM;YACxD,KAAK,EAAE,GAAG,CAAC,MAAM;SAClB,CAAA;IACH,CAAC;CACF;AAED,yCAAyC;AACzC,mBAAmB;AACnB,yCAAyC;AAEzC;;;;;;;;;GASG;AACH,MAAM,UAAU,kBAAkB,CAChC,KAA0B,EAC1B,KAAkB,EAClB,MAAoC;IAEpC,IAAI,CAAC,KAAK,CAAC,WAAW,EAAE,CAAC;QACvB,MAAM,IAAI,KAAK,CAAC,wGAAwG,CAAC,CAAA;IAC3H,CAAC;IACD,OAAO,IAAI,YAAY,CAAC,KAAK,EAAE,KAAK,EAAE,MAAM,CAAC,CAAA;AAC/C,CAAC"}