agentfootprint 6.16.0 → 6.18.0

package/dist/adapters/observability/audit.js

@@ -0,0 +1,559 @@
+"use strict";
+/**
+ * auditExport — tamper-evident audit bundle (backlog #20, compliance
+ * wedge item 2; pairs with #19's `otelObservability` GenAI spans).
+ *
+ * Consumes the typed `agentfootprint.*` event stream and accumulates an
+ * append-only, HASH-CHAINED record log: every record carries the SHA-256
+ * of its own canonical serialization plus the hash of the previous
+ * record. Flipping a single byte anywhere in an exported bundle makes
+ * `verifyAuditBundle` name the exact record that broke — the
+ * record-keeping shape EU AI Act Art. 12 asks for (events the system
+ * logged, in order, demonstrably unmodified since capture).
+ *
+ * Pattern: Observability strategy (one purpose — chain accumulation)
+ *          + pure offline verifier.
+ * Role:    Outer ring (Hexagonal). Attach via
+ *          `agent.enable.observability({ strategy: auditExport() })`.
+ * Emits:   nothing — terminal sink.
+ *
+ * ## What lands in the chain
+ *
+ * One record per typed event, in dispatch order: decisions
+ * (`agent.route_decided`, `composition.route_decided` incl. decide()
+ * evidence), tool calls (`stream.tool_start/_end`), validation
+ * rejections (#9), permission verdicts and halts, credential lifecycle,
+ * costs, errors, skill/memory/context activity. Each new `meta.runId`
+ * is anchored by a GENESIS record (`audit.genesis`) carrying the runId,
+ * the agent identity, and library versions — runs chain back-to-back in
+ * one log, so silently DROPPING a whole run breaks the chain too.
+ *
+ * High-volume content deltas (`stream.token`, `stream.thinking_delta`)
+ * are excluded by default (`includeTokenEvents: true` to include).
+ *
+ * ## Record / bundle schema
+ *
+ * ```
+ * AuditRecord  = { seq, timestamp, eventType, payload, meta, prevHash, hash }
+ *   hash       = SHA-256 hex over canonicalJson(record minus `hash`)
+ *   prevHash   = previous record's `hash` (ZERO_HASH at chain start)
+ * AuditBundle  = { header, records, finalHash }
+ *   header     = { format, hashAlgorithm, canonicalization, chainHead,
+ *                  firstSeq, recordCount, exportedAt, library }
+ * ```
+ *
+ * Canonicalization is `afp-cjson/1` (see `lib/canonicalJson.ts` — those
+ * rules ARE the contract; the header names them so independent
+ * verifiers can re-implement byte-exactly).
+ *
+ * ## Persistence + long runs
+ *
+ * Persistence is the CONSUMER's job — the bundle is plain JSON
+ * (`JSON.stringify(strategy.bundle())`, store anywhere). For long runs,
+ * `drain()` returns the records accumulated since the last drain while
+ * keeping the chain intact ACROSS drains: each segment's
+ * `header.chainHead` equals the previous segment's `finalHash`, so
+ * `verifyAuditBundle([seg1, seg2, ...])` re-verifies the concatenation
+ * end-to-end.
+ *
+ * ## PII discipline (mirrors #19's otelObservability)
+ *
+ * Payloads enter records through a bounding layer — by default
+ * (`payloadMode: 'bounded'`) record payloads NEVER carry raw runtime
+ * values that can echo PII:
+ *
+ *   - tool args             → `'[keys: …]'` (top-level key NAMES only)
+ *   - tool results          → `'[type: …]'` (typeof only)
+ *   - userPrompt / LLM content / thinking blocks / history
+ *                           → `'[N chars]'` / `'[N messages]'` markers
+ *   - content PREVIEWS (`contentSummary` on context/memory events,
+ *     `rawContent`, `resultSummary`, `droppedSummaries`) → markers
+ *     (for short content a preview IS the content; `contentHash`
+ *     stays — it links identical content without echoing it)
+ *   - error MESSAGE strings (`error`, `errorMessage`, `lastError`,
+ *     `rawOutput`)          → `'[N chars]'` (messages can echo values)
+ *   - free-form Records (`questionPayload`, `resumeInput`, risk/eval
+ *     `evidence`, memory `scoreEvidence`) → `'[keys: …]'`
+ *
+ * Everything else is embedded as the registry payload (sanitized:
+ * strings capped at 256 chars, lists at 32 items, cycles broken) —
+ * those payloads are bounded by construction: identifiers, counts,
+ * enums, decide() evidence (engine-bounded + redaction-aware),
+ * validation issues (paths/TYPES per #9), credential events (no
+ * secrets by contract).
+ *
+ * `payloadMode: 'verbatim'` embeds full payloads (still
+ * JSON-sanitized). For Art. 12 completeness on an access-controlled
+ * store that is often the point — but the bundle then carries prompts,
+ * tool args/results and model output. Treat it as PII-bearing, and
+ * remember the Agent sets NO footprintjs RedactionPolicy by default
+ * (policies you do set redact the emit channel UPSTREAM of this
+ * strategy, so redacted events arrive here already redacted).
+ *
+ * ## Tamper-EVIDENT, not tamper-PROOF (honest threat model)
+ *
+ * The chain proves INTERNAL consistency: any partial modification —
+ * edit, insert, delete, reorder, drop-a-run — is detected and named.
+ * It does NOT prove provenance: an adversary holding the only copy can
+ * recompute every hash from the mutation onward and present a
+ * self-consistent forgery. For non-repudiation, anchor `finalHash`
+ * externally as part of your retention process (write-once/WORM store,
+ * signed log, RFC 3161 timestamping, or simply a second party) — then
+ * a whole-suffix recomputation no longer matches the anchor.
+ *
+ * ## Runtime requirements
+ *
+ * Hashing uses `node:crypto` (`createHash('sha256')`) — zero new
+ * dependencies, imported lazily at first use (same gating as the
+ * optional vendor SDKs in this folder, so merely importing this module
+ * stays browser-safe). `auditExport` and `verifyAuditBundle` therefore
+ * run anywhere `node:crypto` exists: Node ≥ 20, Bun, Deno,
+ * edge runtimes with Node compat (e.g. Cloudflare `nodejs_compat`).
+ * In a browser there is no SYNC SHA-256 (WebCrypto is async-only), so
+ * both throw a descriptive error — verify server-side, or re-implement
+ * verification from the documented contract (it is pure: recompute
+ * SHA-256 over `afp-cjson/1` canonicalization and walk the chain).
+ *
+ * @example Capture → export → verify
+ * ```ts
+ * import { auditExport, verifyAuditBundle } from 'agentfootprint/observability-providers';
+ *
+ * const audit = auditExport({ agent: 'loan-officer' });
+ * const stop = agent.enable.observability({ strategy: audit });
+ * await agent.run({ message: 'assess application A-17' });
+ * stop();
+ *
+ * const bundle = audit.bundle();            // JSON-serializable
+ * await fs.writeFile('run.audit.json', JSON.stringify(bundle));
+ *
+ * const check = verifyAuditBundle(bundle);  // offline — no agent needed
+ * // check.valid === true; tamper with one byte → { valid: false, brokenAt: <seq> }
+ * ```
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.verifyAuditBundle = exports.auditExport = exports.AUDIT_BUNDLE_FORMAT = exports.AUDIT_GENESIS_EVENT_TYPE = exports.AUDIT_ZERO_HASH = void 0;
+const canonicalJson_js_1 = require("../../lib/canonicalJson.js");
+const lazyRequire_js_1 = require("../../lib/lazyRequire.js");
+// ─── Public types ─────────────────────────────────────────────────────
+/** SHA-256 of "nothing" — the `prevHash` of the first record in a
+ *  chain and the `chainHead` of a chain's first segment. */
+exports.AUDIT_ZERO_HASH = '0'.repeat(64);
+/** `eventType` of the per-run genesis record. Deliberately OUTSIDE the
+ *  `agentfootprint.*` registry namespace — it is a chain-level record,
+ *  not a dispatched event (#20 ships zero new typed events). */
+exports.AUDIT_GENESIS_EVENT_TYPE = 'audit.genesis';
+/** Format identifier carried on every bundle header. */
+exports.AUDIT_BUNDLE_FORMAT = 'agentfootprint.audit/1';
+let cryptoModule;
+function resolveCrypto() {
+    if (cryptoModule)
+        return cryptoModule;
+    try {
+        cryptoModule = (0, lazyRequire_js_1.lazyRequire)('node:crypto');
+    }
+    catch {
+        throw new Error('auditExport/verifyAuditBundle require `node:crypto` for synchronous SHA-256 ' +
+            '(available in Node ≥ 20, Bun, Deno, and edge runtimes with Node compat). ' +
+            'Browsers expose only async WebCrypto — capture/verify audit bundles server-side.');
+    }
+    if (typeof cryptoModule.createHash !== 'function') {
+        throw new Error('auditExport: `node:crypto` resolved but `createHash` is missing.');
+    }
+    return cryptoModule;
+}
+function sha256Hex(text) {
+    return resolveCrypto().createHash('sha256').update(text, 'utf8').digest('hex');
+}
+/** Best-effort library version for header + genesis.
+ *
+ *  Tries the package self-reference first (`exports["./package.json"]`
+ *  — resolves from source and the CJS build), then relative paths to
+ *  the root manifest (the ESM build sits under `dist/esm/`, whose
+ *  type-stamp `package.json` has no `name`, which breaks Node's
+ *  self-reference scope; relative specifiers resolve from
+ *  `lib/lazyRequire` — `../../` from `src//dist/lib`, `../../../`
+ *  from `dist/esm/lib`). The `name` guard rejects any manifest that
+ *  isn't actually ours. 'unknown' where nothing resolves (bundlers). */
+function libraryVersion() {
+    for (const specifier of [
+        'agentfootprint/package.json',
+        '../../package.json',
+        '../../../package.json',
+    ]) {
+        try {
+            const pkg = (0, lazyRequire_js_1.lazyRequire)(specifier);
+            if (pkg.name === 'agentfootprint' && typeof pkg.version === 'string')
+                return pkg.version;
+        }
+        catch {
+            /* try the next candidate */
+        }
+    }
+    return 'unknown';
+}
+// ─── JSON sanitization (both modes) ──────────────────────────────────
+/** Caps mirror otel.ts's bounding discipline (defense-in-depth — the
+ *  registry payloads are mostly bounded upstream). */
+const MAX_STRING_CHARS = 256;
+const MAX_LIST_ITEMS = 32;
+const MAX_DEPTH = 8;
+/**
+ * Convert any value to a JSON-safe, size-bounded tree:
+ * strings capped, arrays capped with an overflow marker, cycles
+ * broken, depth capped, Date → ISO, bigint → string, non-finite →
+ * null, functions/symbols/undefined dropped (objects) or null
+ * (arrays). Output always canonicalizes without throwing.
+ */
+function sanitizeJson(value, depth = 0, seen = new Set()) {
+    if (value === null)
+        return null;
+    switch (typeof value) {
+        case 'string':
+            return value.length > MAX_STRING_CHARS ? `${value.slice(0, MAX_STRING_CHARS - 1)}…` : value;
+        case 'number':
+            return Number.isFinite(value) ? value : null;
+        case 'boolean':
+            return value;
+        case 'bigint':
+            return String(value);
+        case 'undefined':
+        case 'function':
+        case 'symbol':
+            return undefined;
+        default:
+            break;
+    }
+    const obj = value;
+    if (obj instanceof Date)
+        return obj.toISOString();
+    if (depth >= MAX_DEPTH)
+        return '[truncated: depth]';
+    if (seen.has(obj))
+        return '[circular]';
+    seen.add(obj);
+    try {
+        if (Array.isArray(obj)) {
+            const capped = obj.slice(0, MAX_LIST_ITEMS).map((item) => {
+                const sanitized = sanitizeJson(item, depth + 1, seen);
+                return sanitized === undefined ? null : sanitized;
+            });
+            if (obj.length > MAX_LIST_ITEMS)
+                capped.push(`…+${obj.length - MAX_LIST_ITEMS} more`);
+            return capped;
+        }
+        const out = {};
+        for (const [key, entry] of Object.entries(obj)) {
+            const sanitized = sanitizeJson(entry, depth + 1, seen);
+            if (sanitized !== undefined)
+                out[key] = sanitized;
+        }
+        return out;
+    }
+    finally {
+        seen.delete(obj);
+    }
+}
+// ─── Bounding layer (payloadMode: 'bounded') ─────────────────────────
+/** `'[23 chars]'` — length evidence without content. */
+function charsMarker(value) {
+    return typeof value === 'string' ? `[${value.length} chars]` : `[type: ${typeofOf(value)}]`;
+}
+/** `'[keys: a, b, c]'` — shape evidence for free-form Records. */
+function keysMarker(value) {
+    if (value === null || typeof value !== 'object')
+        return `[type: ${typeofOf(value)}]`;
+    const keys = Object.keys(value).slice(0, MAX_LIST_ITEMS);
+    return `[keys: ${keys.join(', ')}]`;
+}
+function typeofOf(value) {
+    return value === null ? 'null' : typeof value;
+}
+/**
+ * Content-bearing fields per event type → bounded replacement.
+ * Only fields that can echo raw runtime values appear here; everything
+ * else passes through `sanitizeJson` untouched (see module docs for
+ * the per-domain verbatim/summarized table).
+ */
+const BOUND_FIELDS = {
+    'agentfootprint.agent.turn_start': { userPrompt: charsMarker },
+    'agentfootprint.agent.turn_end': { finalContent: charsMarker },
+    'agentfootprint.agent.iteration_end': {
+        history: (v) => (Array.isArray(v) ? `[${v.length} messages]` : charsMarker(v)),
+    },
+    'agentfootprint.agent.output_schema_validation_failed': { rawOutput: charsMarker },
+    'agentfootprint.stream.llm_end': { content: charsMarker },
+    'agentfootprint.stream.token': { content: charsMarker },
+    'agentfootprint.stream.thinking_delta': { content: charsMarker },
+    'agentfootprint.stream.thinking_end': {
+        blocks: (v) => (Array.isArray(v) ? `[${v.length} blocks]` : charsMarker(v)),
+    },
+    'agentfootprint.stream.tool_start': { args: keysMarker },
+    'agentfootprint.stream.tool_end': { result: (v) => `[type: ${typeofOf(v)}]` },
+    // contentSummary is a raw-content PREVIEW (not a redacted summary) —
+    // for short content it IS the content, so it is bounded like content.
+    // `contentHash` stays verbatim: it links identical injections across
+    // records without echoing a byte of them.
+    'agentfootprint.context.injected': { rawContent: charsMarker, contentSummary: charsMarker },
+    'agentfootprint.context.slot_composed': {
+        droppedSummaries: (v) => (Array.isArray(v) ? `[${v.length} summaries]` : charsMarker(v)),
+    },
+    'agentfootprint.composition.merge_end': { resultSummary: charsMarker },
+    'agentfootprint.memory.attached': { contentSummary: charsMarker },
+    'agentfootprint.memory.written': { contentSummary: charsMarker },
+    'agentfootprint.pause.request': { questionPayload: keysMarker },
+    'agentfootprint.pause.resume': { resumeInput: keysMarker },
+    'agentfootprint.risk.flagged': { evidence: keysMarker },
+    'agentfootprint.eval.score': { evidence: keysMarker },
+    'agentfootprint.memory.strategy_applied': { scoreEvidence: keysMarker },
+};
+/** Error-MESSAGE field names — bounded in EVERY event (messages can
+ *  echo runtime values; mirrors #19's "stage + scope only" rule). The
+ *  classifier fields (`errorName`, `errorKind`) stay verbatim. */
+const ERROR_MESSAGE_FIELDS = new Set(['error', 'errorMessage', 'lastError']);
+function boundPayload(eventType, payload) {
+    if (payload === null || typeof payload !== 'object' || Array.isArray(payload)) {
+        return sanitizeJson(payload);
+    }
+    const fieldRules = BOUND_FIELDS[eventType];
+    const out = {};
+    for (const [key, value] of Object.entries(payload)) {
+        const rule = fieldRules?.[key];
+        if (rule !== undefined) {
+            out[key] = rule(value);
+            continue;
+        }
+        if (ERROR_MESSAGE_FIELDS.has(key) && typeof value === 'string') {
+            out[key] = charsMarker(value);
+            continue;
+        }
+        const sanitized = sanitizeJson(value);
+        if (sanitized !== undefined)
+            out[key] = sanitized;
+    }
+    return out;
+}
+// ─── Strategy factory ────────────────────────────────────────────────
+/** Excluded by default — high-volume content deltas. */
+const TOKEN_EVENT_TYPES = new Set([
+    'agentfootprint.stream.token',
+    'agentfootprint.stream.thinking_delta',
+]);
+function auditExport(opts = {}) {
+    const payloadMode = opts.payloadMode ?? 'bounded';
+    const includeTokenEvents = opts.includeTokenEvents === true;
+    const version = libraryVersion();
+    // Chain state — survives drains; one chain per strategy instance.
+    let nextSeq = 0;
+    let lastHash = exports.AUDIT_ZERO_HASH;
+    let segmentHead = exports.AUDIT_ZERO_HASH;
+    let segmentFirstSeq = 0;
+    let retained = [];
+    const seenRunIds = new Set();
+    let stopped = false;
+    function append(eventType, timestamp, payload, meta) {
+        const preimage = { seq: nextSeq, timestamp, eventType, payload, meta, prevHash: lastHash };
+        const hash = sha256Hex((0, canonicalJson_js_1.canonicalJson)(preimage));
+        retained.push({ ...preimage, hash });
+        lastHash = hash;
+        nextSeq += 1;
+    }
+    function appendGenesis(runId, timestamp) {
+        append(exports.AUDIT_GENESIS_EVENT_TYPE, timestamp, {
+            runId,
+            ...(opts.agent !== undefined && { agent: opts.agent }),
+            library: { name: 'agentfootprint', version },
+            ...(opts.versions !== undefined && { versions: sanitizeJson(opts.versions) }),
+            payloadMode,
+        }, { runId });
+    }
+    function makeBundle() {
+        return {
+            header: {
+                format: exports.AUDIT_BUNDLE_FORMAT,
+                hashAlgorithm: 'sha-256',
+                canonicalization: canonicalJson_js_1.CANONICAL_JSON_VERSION,
+                chainHead: segmentHead,
+                firstSeq: segmentFirstSeq,
+                recordCount: retained.length,
+                exportedAt: Date.now(),
+                library: { name: 'agentfootprint', version },
+            },
+            records: [...retained],
+            finalHash: lastHash,
+        };
+    }
+    return {
+        name: 'audit',
+        capabilities: { events: true },
+        /** Attach-time check (the `validate()` contract) — fail fast where
+         *  `node:crypto` is unavailable instead of on the first event. */
+        validate() {
+            resolveCrypto();
+        },
+        exportEvent(event) {
+            if (stopped)
+                return;
+            if (!includeTokenEvents && TOKEN_EVENT_TYPES.has(event.type))
+                return;
+            // Real dispatcher envelopes carry meta (bridge/eventMeta.ts).
+            // Hand-fed events without it are still recorded — an audit sink
+            // must never silently drop — under the 'unattributed' run anchor.
+            const meta = event.meta;
+            const runId = typeof meta?.runId === 'string' ? meta.runId : 'unattributed';
+            const timestamp = typeof meta?.wallClockMs === 'number' ? meta.wallClockMs : Date.now();
+            if (!seenRunIds.has(runId)) {
+                seenRunIds.add(runId);
+                appendGenesis(runId, timestamp);
+            }
+            // wallClockMs lives on `timestamp`; the rest of the meta rides
+            // along sanitized (runtimeStageId, paths, turn/iter indices, …).
+            const { wallClockMs: _lifted, ...metaRest } = meta ?? {};
+            void _lifted;
+            const recordMeta = {
+                ...sanitizeJson(metaRest),
+                runId,
+            };
+            const payload = payloadMode === 'bounded'
+                ? boundPayload(event.type, event.payload)
+                : sanitizeJson(event.payload);
+            append(event.type, timestamp, payload, recordMeta);
+        },
+        flush() {
+            // In-memory sink — nothing to flush. Export via bundle()/drain().
+        },
+        stop() {
+            // Stop OBSERVING; never destroy collected evidence — consumers
+            // drain/bundle after stop.
+            stopped = true;
+        },
+        bundle() {
+            return makeBundle();
+        },
+        drain() {
+            const segment = makeBundle();
+            segmentHead = lastHash;
+            segmentFirstSeq = nextSeq;
+            retained = [];
+            return segment;
+        },
+        recordCount() {
+            return retained.length;
+        },
+    };
+}
+exports.auditExport = auditExport;
+// ─── Offline verification (pure — no agent, no strategy) ─────────────
+/**
+ * Recompute the hash chain of a bundle (or of consecutive drained
+ * segments, in order) and report the exact record where integrity
+ * breaks. Pure function over JSON data — runs offline, long after the
+ * run, with no agent and no strategy instance.
+ *
+ * Checks, in order, per segment:
+ *   1. header format / algorithm / canonicalization are supported
+ *   2. `recordCount` matches `records.length`
+ *   3. segment continuity (`chainHead`/`firstSeq` extend the previous
+ *      segment's `finalHash`/seq range)
+ *   4. per record: `seq` is contiguous, `prevHash` links the previous
+ *      record, and SHA-256 over the canonical preimage (the record
+ *      minus `hash` — so ADDED fields are caught too) matches `hash`
+ *   5. `finalHash` equals the last record's hash
+ */
+function verifyAuditBundle(input) {
+    const segments = Array.isArray(input)
+        ? input
+        : [input];
+    let recordsChecked = 0;
+    let expectedChainHead;
+    let expectedFirstSeq;
+    const fail = (reason, brokenAt) => ({
+        valid: false,
+        recordsChecked,
+        ...(brokenAt !== undefined && { brokenAt }),
+        reason,
+    });
+    if (segments.length === 0)
+        return fail('no bundles supplied');
+    for (let s = 0; s < segments.length; s++) {
+        const segment = segments[s];
+        const where = segments.length > 1 ? ` (segment ${s})` : '';
+        if (segment === undefined || typeof segment !== 'object') {
+            return fail(`bundle is not an object${where}`);
+        }
+        const { header, records, finalHash } = segment;
+        if (header === undefined || !Array.isArray(records) || typeof finalHash !== 'string') {
+            return fail(`bundle missing header/records/finalHash${where}`);
+        }
+        if (header.format !== exports.AUDIT_BUNDLE_FORMAT) {
+            return fail(`unsupported format '${String(header.format)}'${where}`);
+        }
+        if (header.hashAlgorithm !== 'sha-256') {
+            return fail(`unsupported hashAlgorithm '${String(header.hashAlgorithm)}'${where}`);
+        }
+        if (header.canonicalization !== canonicalJson_js_1.CANONICAL_JSON_VERSION) {
+            return fail(`unsupported canonicalization '${String(header.canonicalization)}'${where}`);
+        }
+        if (header.recordCount !== records.length) {
+            return fail(`recordCount ${String(header.recordCount)} does not match ${records.length} records${where}`);
+        }
+        if (expectedChainHead !== undefined && header.chainHead !== expectedChainHead) {
+            return fail(`segment discontinuity — chainHead does not match previous segment's finalHash${where}`, header.firstSeq);
+        }
+        if (expectedFirstSeq !== undefined && header.firstSeq !== expectedFirstSeq) {
+            return fail(`segment discontinuity — firstSeq ${String(header.firstSeq)}, expected ${expectedFirstSeq}${where}`, expectedFirstSeq);
+        }
+        // Head-truncation invariant (adversarial-review finding): a segment
+        // claiming to be the chain START (firstSeq 0) MUST anchor on the zero
+        // hash, and a segment anchored on the zero hash MUST claim seq 0 —
+        // both directions. Without this, an attacker could drop the first K
+        // records (genesis included — agent identity, versions, payload-mode
+        // declaration) and forge `chainHead` from the survivor's prevHash;
+        // `finalHash` is untouched by that attack, so external finalHash
+        // anchoring alone would NOT catch it. With the invariant, a head-
+        // truncated forgery must declare firstSeq > 0 — visibly NOT a chain
+        // start — and auditors reject leading segments missing seq 0.
+        if (header.firstSeq === 0 && header.chainHead !== exports.AUDIT_ZERO_HASH) {
+            return fail(`head-truncation guard — firstSeq 0 requires chainHead to be the zero hash${where}`, 0);
+        }
+        if (header.chainHead === exports.AUDIT_ZERO_HASH && header.firstSeq !== 0) {
+            return fail(`head-truncation guard — zero-hash chainHead requires firstSeq 0, got ${String(header.firstSeq)}${where}`, header.firstSeq);
+        }
+        let prevHash = header.chainHead;
+        for (let i = 0; i < records.length; i++) {
+            const record = records[i];
+            const expectedSeq = header.firstSeq + i;
+            if (record === null || typeof record !== 'object') {
+                return fail(`record at seq ${expectedSeq} is not an object`, expectedSeq);
+            }
+            if (record.seq !== expectedSeq) {
+                return fail(`sequence mismatch — record carries seq ${String(record.seq)}, expected ${expectedSeq}`, expectedSeq);
+            }
+            if (record.prevHash !== prevHash) {
+                return fail(`chain broken — prevHash does not match the preceding record's hash`, expectedSeq);
+            }
+            let recomputed;
+            try {
+                const { hash: _stored, ...preimage } = record;
+                void _stored;
+                recomputed = sha256Hex((0, canonicalJson_js_1.canonicalJson)(preimage));
+            }
+            catch (err) {
+                return fail(`record not canonicalizable (${err instanceof Error ? err.message : String(err)})`, expectedSeq);
+            }
+            if (recomputed !== record.hash) {
+                return fail(`hash mismatch — record content does not match its hash (tampered or corrupted)`, expectedSeq);
+            }
+            prevHash = record.hash;
+            recordsChecked += 1;
+        }
+        if (finalHash !== prevHash) {
+            const lastSeq = header.firstSeq + records.length - 1;
+            return fail(`finalHash does not match the last record's hash${where}`, records.length > 0 ? lastSeq : header.firstSeq);
+        }
+        expectedChainHead = finalHash;
+        expectedFirstSeq = header.firstSeq + records.length;
+    }
+    return { valid: true, recordsChecked };
+}
+exports.verifyAuditBundle = verifyAuditBundle;
+//# sourceMappingURL=audit.js.map

package/dist/adapters/observability/audit.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"audit.js","sourceRoot":"","sources":["../../../src/adapters/observability/audit.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAkIG;;;AAGH,iEAAmF;AACnF,6DAAuD;AAGvD,yEAAyE;AAEzE;4DAC4D;AAC/C,QAAA,eAAe,GAAG,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;AAE9C;;gEAEgE;AACnD,QAAA,wBAAwB,GAAG,eAAe,CAAC;AAExD,wDAAwD;AAC3C,QAAA,mBAAmB,GAAG,wBAAwB,CAAC;AAqG5D,IAAI,YAA0C,CAAC;AAE/C,SAAS,aAAa;IACpB,IAAI,YAAY;QAAE,OAAO,YAAY,CAAC;IACtC,IAAI,CAAC;QACH,YAAY,GAAG,IAAA,4BAAW,EAAmB,aAAa,CAAC,CAAC;IAC9D,CAAC;IAAC,MAAM,CAAC;QACP,MAAM,IAAI,KAAK,CACb,8EAA8E;YAC5E,2EAA2E;YAC3E,kFAAkF,CACrF,CAAC;IACJ,CAAC;IACD,IAAI,OAAO,YAAY,CAAC,UAAU,KAAK,UAAU,EAAE,CAAC;QAClD,MAAM,IAAI,KAAK,CAAC,kEAAkE,CAAC,CAAC;IACtF,CAAC;IACD,OAAO,YAAY,CAAC;AACtB,CAAC;AAED,SAAS,SAAS,CAAC,IAAY;IAC7B,OAAO,aAAa,EAAE,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;AACjF,CAAC;AAED;;;;;;;;;wEASwE;AACxE,SAAS,cAAc;IACrB,KAAK,MAAM,SAAS,IAAI;QACtB,6BAA6B;QAC7B,oBAAoB;QACpB,uBAAuB;KACxB,EAAE,CAAC;QACF,IAAI,CAAC;YACH,MAAM,GAAG,GAAG,IAAA,4BAAW,EAAsC,SAAS,CAAC,CAAC;YACxE,IAAI,GAAG,CAAC,IAAI,KAAK,gBAAgB,IAAI,OAAO,GAAG,CAAC,OAAO,KAAK,QAAQ;gBAAE,OAAO,GAAG,CAAC,OAAO,CAAC;QAC3F,CAAC;QAAC,MAAM,CAAC;YACP,4BAA4B;QAC9B,CAAC;IACH,CAAC;IACD,OAAO,SAAS,CAAC;AACnB,CAAC;AAED,wEAAwE;AAExE;sDACsD;AACtD,MAAM,gBAAgB,GAAG,GAAG,CAAC;AAC7B,MAAM,cAAc,GAAG,EAAE,CAAC;AAC1B,MAAM,SAAS,GAAG,CAAC,CAAC;AAEpB;;;;;;GAMG;AACH,SAAS,YAAY,CAAC,KAAc,EAAE,KAAK,GAAG,CAAC,EAAE,OAAO,IAAI,GAAG,EAAU;IACvE,IAAI,KAAK,KAAK,IAAI;QAAE,OAAO,IAAI,CAAC;IAChC,QAAQ,OAAO,KAAK,EAAE,CAAC;QACrB,KAAK,QAAQ;YACX,OAAO,KAAK,CAAC,MAAM,GAAG,gBAAgB,CAAC,CAAC,CAAC,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,gBAAgB,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,KAAK,CAAC;QAC9F,KAAK,QAAQ;YACX,OAAO,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC;QAC/C,KAAK,SAAS;YACZ,OAAO,KAAK,CAAC;QACf,KAAK,QAAQ;YACX,OAAO,MAAM,CAAC,KAAK,CAAC,CAAC;QACvB,KAAK,WAAW,CAAC;QACjB,KAAK,UAAU,CAAC;QAChB,KAAK,QAAQ;YACX,OAAO,SAAS,CAAC;QACnB;YACE,MAAM;IACV,CAAC;IAED,MAAM,GAAG,GAAG,KAAe,CAAC;IAC5B,IAAI,GAAG,YAAY,IAAI;QAAE,OAAO,GAAG,CAAC,WAAW,EAAE,CAAC;IAClD,IAAI,KAAK,IAAI,SAAS;QAAE,OAAO,oBAAoB,CAAC;IACpD,IAAI,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC;QAAE,OAAO,YAAY,CAAC;IACvC,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;IACd,IAAI,CAAC;QACH,IAAI,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC;YACvB,MAAM,MAAM,GAAG,GAAG,CAAC,KAAK,CAAC,CAAC,EAAE,cAAc,CAAC,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE;gBACvD,MAAM,SAAS,GAAG,YAAY,CAAC,IAAI,EAAE,KAAK,GAAG,CAAC,EAAE,IAAI,CAAC,CAAC;gBACtD,OAAO,SAAS,KAAK,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC;YACpD,CAAC,CAAC,CAAC;YACH,IAAI,GAAG,CAAC,MAAM,GAAG,cAAc;gBAAE,MAAM,CAAC,IAAI,CAAC,KAAK,GAAG,CAAC,MAAM,GAAG,cAAc,OAAO,CAAC,CAAC;YACtF,OAAO,MAAM,CAAC;QAChB,CAAC;QACD,MAAM,GAAG,GAA4B,EAAE,CAAC;QACxC,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC;YAC/C,MAAM,SAAS,GAAG,YAAY,CAAC,KAAK,EAAE,KAAK,GAAG,CAAC,EAAE,IAAI,CAAC,CAAC;YACvD,IAAI,SAAS,KAAK,SAAS;gBAAE,GAAG,CAAC,GAAG,CAAC,GAAG,SAAS,CAAC;QACpD,CAAC;QACD,OAAO,GAAG,CAAC;IACb,CAAC;YAAS,CAAC;QACT,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;IACnB,CAAC;AACH,CAAC;AAED,wEAAwE;AAExE,wDAAwD;AACxD,SAAS,WAAW,CAAC,KAAc;IACjC,OAAO,OAAO,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,MAAM,SAAS,CAAC,CAAC,CAAC,UAAU,QAAQ,CAAC,KAAK,CAAC,GAAG,CAAC;AAC9F,CAAC;AAED,kEAAkE;AAClE,SAAS,UAAU,CAAC,KAAc;IAChC,IAAI,KAAK,KAAK,IAAI,IAAI,OAAO,KAAK,KAAK,QAAQ;QAAE,OAAO,UAAU,QAAQ,CAAC,KAAK,CAAC,GAAG,CAAC;IACrF,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC,KAAe,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,cAAc,CAAC,CAAC;IACnE,OAAO,UAAU,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC;AACtC,CAAC;AAED,SAAS,QAAQ,CAAC,KAAc;IAC9B,OAAO,KAAK,KAAK,IAAI,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,OAAO,KAAK,CAAC;AAChD,CAAC;AAED;;;;;GAKG;AACH,MAAM,YAAY,GAEd;IACF,iCAAiC,EAAE,EAAE,UAAU,EAAE,WAAW,EAAE;IAC9D,+BAA+B,EAAE,EAAE,YAAY,EAAE,WAAW,EAAE;IAC9D,oCAAoC,EAAE;QACpC,OAAO,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,MAAM,YAAY,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC;KAC/E;IACD,sDAAsD,EAAE,EAAE,SAAS,EAAE,WAAW,EAAE;IAClF,+BAA+B,EAAE,EAAE,OAAO,EAAE,WAAW,EAAE;IACzD,6BAA6B,EAAE,EAAE,OAAO,EAAE,WAAW,EAAE;IACvD,sCAAsC,EAAE,EAAE,OAAO,EAAE,WAAW,EAAE;IAChE,oCAAoC,EAAE;QACpC,MAAM,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,MAAM,UAAU,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC;KAC5E;IACD,kCAAkC,EAAE,EAAE,IAAI,EAAE,UAAU,EAAE;IACxD,gCAAgC,EAAE,EAAE,MAAM,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,UAAU,QAAQ,CAAC,CAAC,CAAC,GAAG,EAAE;IAC7E,qEAAqE;IACrE,sEAAsE;IACtE,qEAAqE;IACrE,0CAA0C;IAC1C,iCAAiC,EAAE,EAAE,UAAU,EAAE,WAAW,EAAE,cAAc,EAAE,WAAW,EAAE;IAC3F,sCAAsC,EAAE;QACtC,gBAAgB,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,MAAM,aAAa,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC;KACzF;IACD,sCAAsC,EAAE,EAAE,aAAa,EAAE,WAAW,EAAE;IACtE,gCAAgC,EAAE,EAAE,cAAc,EAAE,WAAW,EAAE;IACjE,+BAA+B,EAAE,EAAE,cAAc,EAAE,WAAW,EAAE;IAChE,8BAA8B,EAAE,EAAE,eAAe,EAAE,UAAU,EAAE;IAC/D,6BAA6B,EAAE,EAAE,WAAW,EAAE,UAAU,EAAE;IAC1D,6BAA6B,EAAE,EAAE,QAAQ,EAAE,UAAU,EAAE;IACvD,2BAA2B,EAAE,EAAE,QAAQ,EAAE,UAAU,EAAE;IACrD,wCAAwC,EAAE,EAAE,aAAa,EAAE,UAAU,EAAE;CACxE,CAAC;AAEF;;kEAEkE;AAClE,MAAM,oBAAoB,GAAwB,IAAI,GAAG,CAAC,CAAC,OAAO,EAAE,cAAc,EAAE,WAAW,CAAC,CAAC,CAAC;AAElG,SAAS,YAAY,CAAC,SAAiB,EAAE,OAAgB;IACvD,IAAI,OAAO,KAAK,IAAI,IAAI,OAAO,OAAO,KAAK,QAAQ,IAAI,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC;QAC9E,OAAO,YAAY,CAAC,OAAO,CAAC,CAAC;IAC/B,CAAC;IACD,MAAM,UAAU,GAAG,YAAY,CAAC,SAAS,CAAC,CAAC;IAC3C,MAAM,GAAG,GAA4B,EAAE,CAAC;IACxC,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC;QACnD,MAAM,IAAI,GAAG,UAAU,EAAE,CAAC,GAAG,CAAC,CAAC;QAC/B,IAAI,IAAI,KAAK,SAAS,EAAE,CAAC;YACvB,GAAG,CAAC,GAAG,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC;YACvB,SAAS;QACX,CAAC;QACD,IAAI,oBAAoB,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YAC/D,GAAG,CAAC,GAAG,CAAC,GAAG,WAAW,CAAC,KAAK,CAAC,CAAC;YAC9B,SAAS;QACX,CAAC;QACD,MAAM,SAAS,GAAG,YAAY,CAAC,KAAK,CAAC,CAAC;QACtC,IAAI,SAAS,KAAK,SAAS;YAAE,GAAG,CAAC,GAAG,CAAC,GAAG,SAAS,CAAC;IACpD,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AAED,wEAAwE;AAExE,wDAAwD;AACxD,MAAM,iBAAiB,GAAwB,IAAI,GAAG,CAAC;IACrD,6BAA6B;IAC7B,sCAAsC;CACvC,CAAC,CAAC;AAEH,SAAgB,WAAW,CAAC,OAA2B,EAAE;IACvD,MAAM,WAAW,GAAG,IAAI,CAAC,WAAW,IAAI,SAAS,CAAC;IAClD,MAAM,kBAAkB,GAAG,IAAI,CAAC,kBAAkB,KAAK,IAAI,CAAC;IAC5D,MAAM,OAAO,GAAG,cAAc,EAAE,CAAC;IAEjC,kEAAkE;IAClE,IAAI,OAAO,GAAG,CAAC,CAAC;IAChB,IAAI,QAAQ,GAAG,uBAAe,CAAC;IAC/B,IAAI,WAAW,GAAG,uBAAe,CAAC;IAClC,IAAI,eAAe,GAAG,CAAC,CAAC;IACxB,IAAI,QAAQ,GAAkB,EAAE,CAAC;IACjC,MAAM,UAAU,GAAG,IAAI,GAAG,EAAU,CAAC;IACrC,IAAI,OAAO,GAAG,KAAK,CAAC;IAEpB,SAAS,MAAM,CACb,SAAiB,EACjB,SAAiB,EACjB,OAAgB,EAChB,IAAyB;QAEzB,MAAM,QAAQ,GAAG,EAAE,GAAG,EAAE,OAAO,EAAE,SAAS,EAAE,SAAS,EAAE,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,QAAQ,EAAE,CAAC;QAC3F,MAAM,IAAI,GAAG,SAAS,CAAC,IAAA,gCAAa,EAAC,QAAQ,CAAC,CAAC,CAAC;QAChD,QAAQ,CAAC,IAAI,CAAC,EAAE,GAAG,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAC;QACrC,QAAQ,GAAG,IAAI,CAAC;QAChB,OAAO,IAAI,CAAC,CAAC;IACf,CAAC;IAED,SAAS,aAAa,CAAC,KAAa,EAAE,SAAiB;QACrD,MAAM,CACJ,gCAAwB,EACxB,SAAS,EACT;YACE,KAAK;YACL,GAAG,CAAC,IAAI,CAAC,KAAK,KAAK,SAAS,IAAI,EAAE,KAAK,EAAE,IAAI,CAAC,KAAK,EAAE,CAAC;YACtD,OAAO,EAAE,EAAE,IAAI,EAAE,gBAAgB,EAAE,OAAO,EAAE;YAC5C,GAAG,CAAC,IAAI,CAAC,QAAQ,KAAK,SAAS,IAAI,EAAE,QAAQ,EAAE,YAAY,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC;YAC7E,WAAW;SACZ,EACD,EAAE,KAAK,EAAE,CACV,CAAC;IACJ,CAAC;IAED,SAAS,UAAU;QACjB,OAAO;YACL,MAAM,EAAE;gBACN,MAAM,EAAE,2BAAmB;gBAC3B,aAAa,EAAE,SAAS;gBACxB,gBAAgB,EAAE,yCAAsB;gBACxC,SAAS,EAAE,WAAW;gBACtB,QAAQ,EAAE,eAAe;gBACzB,WAAW,EAAE,QAAQ,CAAC,MAAM;gBAC5B,UAAU,EAAE,IAAI,CAAC,GAAG,EAAE;gBACtB,OAAO,EAAE,EAAE,IAAI,EAAE,gBAAgB,EAAE,OAAO,EAAE;aAC7C;YACD,OAAO,EAAE,CAAC,GAAG,QAAQ,CAAC;YACtB,SAAS,EAAE,QAAQ;SACpB,CAAC;IACJ,CAAC;IAED,OAAO;QACL,IAAI,EAAE,OAAO;QACb,YAAY,EAAE,EAAE,MAAM,EAAE,IAAI,EAAE;QAE9B;0EACkE;QAClE,QAAQ;YACN,aAAa,EAAE,CAAC;QAClB,CAAC;QAED,WAAW,CAAC,KAA0B;YACpC,IAAI,OAAO;gBAAE,OAAO;YACpB,IAAI,CAAC,kBAAkB,IAAI,iBAAiB,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC;gBAAE,OAAO;YAErE,8DAA8D;YAC9D,gEAAgE;YAChE,kEAAkE;YAClE,MAAM,IAAI,GAAI,KAAuD,CAAC,IAAI,CAAC;YAC3E,MAAM,KAAK,GAAG,OAAO,IAAI,EAAE,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,cAAc,CAAC;YAC5E,MAAM,SAAS,GAAG,OAAO,IAAI,EAAE,WAAW,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC;YAExF,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,KAAK,CAAC,EAAE,CAAC;gBAC3B,UAAU,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;gBACtB,aAAa,CAAC,KAAK,EAAE,SAAS,CAAC,CAAC;YAClC,CAAC;YAED,+DAA+D;YAC/D,iEAAiE;YACjE,MAAM,EAAE,WAAW,EAAE,OAAO,EAAE,GAAG,QAAQ,EAAE,GAAG,IAAI,IAAI,EAAE,CAAC;YACzD,KAAK,OAAO,CAAC;YACb,MAAM,UAAU,GAAG;gBACjB,GAAI,YAAY,CAAC,QAAQ,CAA6B;gBACtD,KAAK;aACiB,CAAC;YAEzB,MAAM,OAAO,GACX,WAAW,KAAK,SAAS;gBACvB,CAAC,CAAC,YAAY,CAAC,KAAK,CAAC,IAAI,EAAE,KAAK,CAAC,OAAO,CAAC;gBACzC,CAAC,CAAC,YAAY,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;YAElC,MAAM,CAAC,KAAK,CAAC,IAAI,EAAE,SAAS,EAAE,OAAO,EAAE,UAAU,CAAC,CAAC;QACrD,CAAC;QAED,KAAK;YACH,kEAAkE;QACpE,CAAC;QAED,IAAI;YACF,+DAA+D;YAC/D,2BAA2B;YAC3B,OAAO,GAAG,IAAI,CAAC;QACjB,CAAC;QAED,MAAM;YACJ,OAAO,UAAU,EAAE,CAAC;QACtB,CAAC;QAED,KAAK;YACH,MAAM,OAAO,GAAG,UAAU,EAAE,CAAC;YAC7B,WAAW,GAAG,QAAQ,CAAC;YACvB,eAAe,GAAG,OAAO,CAAC;YAC1B,QAAQ,GAAG,EAAE,CAAC;YACd,OAAO,OAAO,CAAC;QACjB,CAAC;QAED,WAAW;YACT,OAAO,QAAQ,CAAC,MAAM,CAAC;QACzB,CAAC;KACF,CAAC;AACJ,CAAC;AAhID,kCAgIC;AAED,wEAAwE;AAExE;;;;;;;;;;;;;;;GAeG;AACH,SAAgB,iBAAiB,CAAC,KAA2C;IAC3E,MAAM,QAAQ,GAA2B,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC;QAC3D,CAAC,CAAE,KAAgC;QACnC,CAAC,CAAC,CAAC,KAAoB,CAAC,CAAC;IAC3B,IAAI,cAAc,GAAG,CAAC,CAAC;IACvB,IAAI,iBAAqC,CAAC;IAC1C,IAAI,gBAAoC,CAAC;IAEzC,MAAM,IAAI,GAAG,CAAC,MAAc,EAAE,QAAiB,EAAqB,EAAE,CAAC,CAAC;QACtE,KAAK,EAAE,KAAK;QACZ,cAAc;QACd,GAAG,CAAC,QAAQ,KAAK,SAAS,IAAI,EAAE,QAAQ,EAAE,CAAC;QAC3C,MAAM;KACP,CAAC,CAAC;IAEH,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,IAAI,CAAC,qBAAqB,CAAC,CAAC;IAE9D,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,QAAQ,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACzC,MAAM,OAAO,GAAG,QAAQ,CAAC,CAAC,CAAC,CAAC;QAC5B,MAAM,KAAK,GAAG,QAAQ,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,aAAa,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC;QAC3D,IAAI,OAAO,KAAK,SAAS,IAAI,OAAO,OAAO,KAAK,QAAQ,EAAE,CAAC;YACzD,OAAO,IAAI,CAAC,0BAA0B,KAAK,EAAE,CAAC,CAAC;QACjD,CAAC;QACD,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,SAAS,EAAE,GAAG,OAAO,CAAC;QAC/C,IAAI,MAAM,KAAK,SAAS,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,IAAI,OAAO,SAAS,KAAK,QAAQ,EAAE,CAAC;YACrF,OAAO,IAAI,CAAC,0CAA0C,KAAK,EAAE,CAAC,CAAC;QACjE,CAAC;QACD,IAAI,MAAM,CAAC,MAAM,KAAK,2BAAmB,EAAE,CAAC;YAC1C,OAAO,IAAI,CAAC,uBAAuB,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,KAAK,EAAE,CAAC,CAAC;QACvE,CAAC;QACD,IAAI,MAAM,CAAC,aAAa,KAAK,SAAS,EAAE,CAAC;YACvC,OAAO,IAAI,CAAC,8BAA8B,MAAM,CAAC,MAAM,CAAC,aAAa,CAAC,IAAI,KAAK,EAAE,CAAC,CAAC;QACrF,CAAC;QACD,IAAI,MAAM,CAAC,gBAAgB,KAAK,yCAAsB,EAAE,CAAC;YACvD,OAAO,IAAI,CAAC,iCAAiC,MAAM,CAAC,MAAM,CAAC,gBAAgB,CAAC,IAAI,KAAK,EAAE,CAAC,CAAC;QAC3F,CAAC;QACD,IAAI,MAAM,CAAC,WAAW,KAAK,OAAO,CAAC,MAAM,EAAE,CAAC;YAC1C,OAAO,IAAI,CACT,eAAe,MAAM,CAAC,MAAM,CAAC,WAAW,CAAC,mBACvC,OAAO,CAAC,MACV,WAAW,KAAK,EAAE,CACnB,CAAC;QACJ,CAAC;QACD,IAAI,iBAAiB,KAAK,SAAS,IAAI,MAAM,CAAC,SAAS,KAAK,iBAAiB,EAAE,CAAC;YAC9E,OAAO,IAAI,CACT,gFAAgF,KAAK,EAAE,EACvF,MAAM,CAAC,QAAQ,CAChB,CAAC;QACJ,CAAC;QACD,IAAI,gBAAgB,KAAK,SAAS,IAAI,MAAM,CAAC,QAAQ,KAAK,gBAAgB,EAAE,CAAC;YAC3E,OAAO,IAAI,CACT,oCAAoC,MAAM,CACxC,MAAM,CAAC,QAAQ,CAChB,cAAc,gBAAgB,GAAG,KAAK,EAAE,EACzC,gBAAgB,CACjB,CAAC;QACJ,CAAC;QACD,oEAAoE;QACpE,sEAAsE;QACtE,mEAAmE;QACnE,oEAAoE;QACpE,qEAAqE;QACrE,mEAAmE;QACnE,iEAAiE;QACjE,kEAAkE;QAClE,oEAAoE;QACpE,8DAA8D;QAC9D,IAAI,MAAM,CAAC,QAAQ,KAAK,CAAC,IAAI,MAAM,CAAC,SAAS,KAAK,uBAAe,EAAE,CAAC;YAClE,OAAO,IAAI,CACT,4EAA4E,KAAK,EAAE,EACnF,CAAC,CACF,CAAC;QACJ,CAAC;QACD,IAAI,MAAM,CAAC,SAAS,KAAK,uBAAe,IAAI,MAAM,CAAC,QAAQ,KAAK,CAAC,EAAE,CAAC;YAClE,OAAO,IAAI,CACT,wEAAwE,MAAM,CAC5E,MAAM,CAAC,QAAQ,CAChB,GAAG,KAAK,EAAE,EACX,MAAM,CAAC,QAAQ,CAChB,CAAC;QACJ,CAAC;QAED,IAAI,QAAQ,GAAG,MAAM,CAAC,SAAS,CAAC;QAChC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YACxC,MAAM,MAAM,GAAG,OAAO,CAAC,CAAC,CAA4B,CAAC;YACrD,MAAM,WAAW,GAAG,MAAM,CAAC,QAAQ,GAAG,CAAC,CAAC;YACxC,IAAI,MAAM,KAAK,IAAI,IAAI,OAAO,MAAM,KAAK,QAAQ,EAAE,CAAC;gBAClD,OAAO,IAAI,CAAC,iBAAiB,WAAW,mBAAmB,EAAE,WAAW,CAAC,CAAC;YAC5E,CAAC;YACD,IAAI,MAAM,CAAC,GAAG,KAAK,WAAW,EAAE,CAAC;gBAC/B,OAAO,IAAI,CACT,0CAA0C,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC,cAAc,WAAW,EAAE,EACvF,WAAW,CACZ,CAAC;YACJ,CAAC;YACD,IAAI,MAAM,CAAC,QAAQ,KAAK,QAAQ,EAAE,CAAC;gBACjC,OAAO,IAAI,CACT,oEAAoE,EACpE,WAAW,CACZ,CAAC;YACJ,CAAC;YACD,IAAI,UAAkB,CAAC;YACvB,IAAI,CAAC;gBACH,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,GAAG,QAAQ,EAAE,GAAG,MAAM,CAAC;gBAC9C,KAAK,OAAO,CAAC;gBACb,UAAU,GAAG,SAAS,CAAC,IAAA,gCAAa,EAAC,QAAQ,CAAC,CAAC,CAAC;YAClD,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,OAAO,IAAI,CACT,+BAA+B,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,GAAG,EAClF,WAAW,CACZ,CAAC;YACJ,CAAC;YACD,IAAI,UAAU,KAAK,MAAM,CAAC,IAAI,EAAE,CAAC;gBAC/B,OAAO,IAAI,CACT,gFAAgF,EAChF,WAAW,CACZ,CAAC;YACJ,CAAC;YACD,QAAQ,GAAG,MAAM,CAAC,IAAI,CAAC;YACvB,cAAc,IAAI,CAAC,CAAC;QACtB,CAAC;QAED,IAAI,SAAS,KAAK,QAAQ,EAAE,CAAC;YAC3B,MAAM,OAAO,GAAG,MAAM,CAAC,QAAQ,GAAG,OAAO,CAAC,MAAM,GAAG,CAAC,CAAC;YACrD,OAAO,IAAI,CACT,kDAAkD,KAAK,EAAE,EACzD,OAAO,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,QAAQ,CAC/C,CAAC;QACJ,CAAC;QACD,iBAAiB,GAAG,SAAS,CAAC;QAC9B,gBAAgB,GAAG,MAAM,CAAC,QAAQ,GAAG,OAAO,CAAC,MAAM,CAAC;IACtD,CAAC;IAED,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,cAAc,EAAE,CAAC;AACzC,CAAC;AAtID,8CAsIC"}