agentlock-shared 0.1.0 → 0.2.0

package/.turbo/turbo-build.log

@@ -1,4 +1,4 @@
 
-> @agentlock/shared@0.1.0 build D:\agentlock\packages\shared
+> agentlock-shared@0.1.0 build D:\agentlock\packages\shared
 > tsc
 

package/.turbo/turbo-test.log

@@ -1,34 +1,76 @@
 
-> @agentlock/shared@0.1.0 test D:\agentlock\packages\shared
+> agentlock-shared@0.1.0 test D:\agentlock\packages\shared
 > vitest run
 
 ▲ [WARNING] The condition "types" here will never be used as it comes after both "import" and "require" [package.json]
 
-    package.json:11:6:
-      11 │       "types": "./dist/index.d.ts"
+    package.json:10:6:
+      10 │       "types": "./dist/index.d.ts"
          ╵       ~~~~~~~
 
   The "import" condition comes earlier and will be used for all "import" statements:
 
-    package.json:9:6:
-      9 │       "import": "./dist/index.js",
+    package.json:8:6:
+      8 │       "import": "./dist/index.js",
         ╵       ~~~~~~~~
 
   The "require" condition comes earlier and will be used for all "require" calls:
 
-    package.json:10:6:
-      10 │       "require": "./dist/index.js",
-         ╵       ~~~~~~~~~
+    package.json:9:6:
+      9 │       "require": "./dist/index.js",
+        ╵       ~~~~~~~~~
 
 
  RUN  v4.0.18 D:/agentlock/packages/shared
 
- ✓ src/__tests__/redact.test.ts (5 tests) 4ms
- ✓ src/__tests__/policy.test.ts (7 tests) 4ms
- ✓ src/__tests__/signing.test.ts (7 tests) 68ms
+ ❯ src/__tests__/policy.test.ts (21 tests | 1 failed) 12ms
+     × should ALLOW read actions by default 7ms
+     ✓ should REQUIRE_APPROVAL for write actions 0ms
+     ✓ should BLOCK admin actions 0ms
+     ✓ should REQUIRE_APPROVAL for financial actions 0ms
+     ✓ should BLOCK disallowed HTTP domains 0ms
+     ✓ should BLOCK explicitly blocklisted domains 0ms
+     ✓ should REQUIRE_APPROVAL for admin actions even when defaultMode is allow 0ms
+     ✓ should REQUIRE_APPROVAL for financial actions even when defaultMode is allow 0ms
+     ✓ should REQUIRE_APPROVAL for admin action even with explicit ALLOW rule 0ms
+     ✓ should REQUIRE_APPROVAL for financial action even with explicit ALLOW rule 0ms
+     ✓ should still respect explicit rules for admin even with defaultMode allow 0ms
+     ✓ should BLOCK when cost exceeds limit 0ms
+     ✓ should enforce HTTP domain allowlist even with mixed-case tool name 0ms
+     ✓ should match tool-specific rules case-insensitively 0ms
+     ✓ should not match subdomain of blocklisted domain (e.g., notevil.com vs evil.com) 0ms
+     ✓ should BLOCK HTTP tool with no URL in payload 0ms
+     ✓ should REQUIRE_APPROVAL for browser.open 0ms
+     ✓ should BLOCK browser.* actions without a session (reaching policy engine) 0ms
+     ✓ should BLOCK unknown action types 0ms
+     ✓ should not enforce budget check when cost_estimate is omitted 0ms
+     ✓ should REQUIRE_APPROVAL when HTTP allowlist is empty (safe default) 0ms
+ ✓ src/__tests__/redact.test.ts (5 tests) 5ms
+ ✓ src/__tests__/signing.test.ts (7 tests) 73ms
+ ✓ src/__tests__/messaging.test.ts (11 tests) 7ms
+
+⎯⎯⎯⎯⎯⎯⎯ Failed Tests 1 ⎯⎯⎯⎯⎯⎯⎯
+
+ FAIL  src/__tests__/policy.test.ts > Policy Engine > should ALLOW read actions by default
+AssertionError: expected 'BLOCK' to be 'ALLOW' // Object.is equality
+
+Expected: "ALLOW"
+Received: "BLOCK"
+
+ ❯ src/__tests__/policy.test.ts:8:67
+      6|   it('should ALLOW read actions by default', () => {
+      7|     const action: AgentActionRequest = { action_type: 'read', tool: 'h…
+      8|     expect(evaluatePolicy(action, DEFAULT_POLICY_RULES).decision).toBe…
+       |                                                                   ^
+      9|   });
+     10| 
+
+⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯[1/1]⎯
+
 
- Test Files  3 passed (3)
-      Tests  19 passed (19)
-   Start at  21:09:06
-   Duration  482ms (transform 192ms, setup 0ms, import 287ms, tests 75ms, environment 0ms)
+ Test Files  1 failed | 3 passed (4)
+      Tests  1 failed | 43 passed (44)
+   Start at  00:05:31
+   Duration  738ms (transform 982ms, setup 0ms, import 1.39s, tests 96ms, environment 1ms)
 
+ ELIFECYCLE  Test failed. See above for more details.

package/dist/__tests__/crypto.test.js

@@ -1,53 +1,143 @@
 "use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
 Object.defineProperty(exports, "__esModule", { value: true });
 const vitest_1 = require("vitest");
-const crypto_1 = require("../crypto");
-(0, vitest_1.describe)('crypto', () => {
-    (0, vitest_1.describe)('encrypt / decrypt', () => {
-        (0, vitest_1.it)('roundtrips plaintext', () => {
-            const key = (0, crypto_1.generateKey)();
-            const plaintext = 'Hello, world!';
-            const encrypted = (0, crypto_1.encrypt)(plaintext, key);
-            (0, vitest_1.expect)((0, crypto_1.decrypt)(encrypted, key)).toBe(plaintext);
-        });
-        (0, vitest_1.it)('throws with wrong key', () => {
-            const key = (0, crypto_1.generateKey)();
-            const wrongKey = (0, crypto_1.generateKey)();
-            const encrypted = (0, crypto_1.encrypt)('secret', key);
-            (0, vitest_1.expect)(() => (0, crypto_1.decrypt)(encrypted, wrongKey)).toThrow('Decryption failed');
-        });
-        (0, vitest_1.it)('handles JSON payloads', () => {
-            const key = (0, crypto_1.generateKey)();
-            const data = JSON.stringify({ foo: 'bar', num: 42, arr: [1, 2, 3] });
-            const encrypted = (0, crypto_1.encrypt)(data, key);
-            (0, vitest_1.expect)(JSON.parse((0, crypto_1.decrypt)(encrypted, key))).toEqual(JSON.parse(data));
-        });
-    });
-    (0, vitest_1.describe)('encryptDEK / decryptDEK', () => {
-        (0, vitest_1.it)('roundtrips a DEK through master key', () => {
-            const masterKey = (0, crypto_1.generateKey)();
-            const dek = (0, crypto_1.generateKey)();
-            const encrypted = (0, crypto_1.encryptDEK)(dek, masterKey);
-            const decrypted = (0, crypto_1.decryptDEK)(encrypted, masterKey);
-            (0, vitest_1.expect)(Buffer.from(decrypted).equals(Buffer.from(dek))).toBe(true);
-        });
-    });
-    (0, vitest_1.describe)('encryptCredential / decryptCredential', () => {
-        (0, vitest_1.it)('roundtrips a credential payload', () => {
-            const masterKey = (0, crypto_1.generateKey)();
-            const payload = { api_key: 'sk-test-123', endpoint: 'https://api.example.com' };
-            const { encryptedDEK, encryptedPayload } = (0, crypto_1.encryptCredential)(payload, masterKey);
-            (0, vitest_1.expect)(typeof encryptedDEK).toBe('string');
-            (0, vitest_1.expect)(typeof encryptedPayload).toBe('string');
-            const decrypted = (0, crypto_1.decryptCredential)(encryptedDEK, encryptedPayload, masterKey);
-            (0, vitest_1.expect)(decrypted).toEqual(payload);
-        });
-        (0, vitest_1.it)('fails with wrong master key', () => {
-            const masterKey = (0, crypto_1.generateKey)();
-            const wrongKey = (0, crypto_1.generateKey)();
-            const { encryptedDEK, encryptedPayload } = (0, crypto_1.encryptCredential)({ secret: 'value' }, masterKey);
-            (0, vitest_1.expect)(() => (0, crypto_1.decryptCredential)(encryptedDEK, encryptedPayload, wrongKey)).toThrow();
-        });
+const tweetnacl_1 = __importDefault(require("tweetnacl"));
+const crypto_js_1 = require("../crypto.js");
+// Deterministic test key (not from env -- tests must not depend on MASTER_KEY)
+const testMasterKey = tweetnacl_1.default.randomBytes(32);
+(0, vitest_1.describe)('encrypt / decrypt (low-level)', () => {
+    (0, vitest_1.it)('round-trips a string', () => {
+        const data = 'hello world';
+        const encrypted = (0, crypto_js_1.encrypt)(data, testMasterKey);
+        (0, vitest_1.expect)(encrypted).not.toBe(data);
+        (0, vitest_1.expect)((0, crypto_js_1.decrypt)(encrypted, testMasterKey)).toBe(data);
+    });
+    (0, vitest_1.it)('produces different ciphertext each call (random nonce)', () => {
+        const data = 'deterministic?';
+        const a = (0, crypto_js_1.encrypt)(data, testMasterKey);
+        const b = (0, crypto_js_1.encrypt)(data, testMasterKey);
+        (0, vitest_1.expect)(a).not.toBe(b);
+    });
+    (0, vitest_1.it)('rejects wrong key', () => {
+        const data = 'secret';
+        const encrypted = (0, crypto_js_1.encrypt)(data, testMasterKey);
+        const wrongKey = tweetnacl_1.default.randomBytes(32);
+        (0, vitest_1.expect)(() => (0, crypto_js_1.decrypt)(encrypted, wrongKey)).toThrow('Decryption failed');
+    });
+    (0, vitest_1.it)('handles empty string', () => {
+        const encrypted = (0, crypto_js_1.encrypt)('', testMasterKey);
+        (0, vitest_1.expect)((0, crypto_js_1.decrypt)(encrypted, testMasterKey)).toBe('');
+    });
+    (0, vitest_1.it)('handles unicode', () => {
+        const data = 'Hello unicode world';
+        const encrypted = (0, crypto_js_1.encrypt)(data, testMasterKey);
+        (0, vitest_1.expect)((0, crypto_js_1.decrypt)(encrypted, testMasterKey)).toBe(data);
+    });
+});
+(0, vitest_1.describe)('envelopeEncrypt / envelopeDecrypt', () => {
+    (0, vitest_1.it)('round-trips a string', () => {
+        const data = 'envelope test data';
+        const encrypted = (0, crypto_js_1.envelopeEncrypt)(data, testMasterKey);
+        (0, vitest_1.expect)(encrypted).toMatch(/^env1:/);
+        (0, vitest_1.expect)((0, crypto_js_1.envelopeDecrypt)(encrypted, testMasterKey)).toBe(data);
+    });
+    (0, vitest_1.it)('produces different ciphertext each call (fresh DEK + nonce)', () => {
+        const data = 'same data';
+        const a = (0, crypto_js_1.envelopeEncrypt)(data, testMasterKey);
+        const b = (0, crypto_js_1.envelopeEncrypt)(data, testMasterKey);
+        (0, vitest_1.expect)(a).not.toBe(b);
+    });
+    (0, vitest_1.it)('rejects wrong master key', () => {
+        const data = 'secret';
+        const encrypted = (0, crypto_js_1.envelopeEncrypt)(data, testMasterKey);
+        const wrongKey = tweetnacl_1.default.randomBytes(32);
+        (0, vitest_1.expect)(() => (0, crypto_js_1.envelopeDecrypt)(encrypted, wrongKey)).toThrow();
+    });
+    (0, vitest_1.it)('handles empty string', () => {
+        const encrypted = (0, crypto_js_1.envelopeEncrypt)('', testMasterKey);
+        (0, vitest_1.expect)((0, crypto_js_1.envelopeDecrypt)(encrypted, testMasterKey)).toBe('');
+    });
+    (0, vitest_1.it)('handles large data', () => {
+        const data = 'x'.repeat(100_000);
+        const encrypted = (0, crypto_js_1.envelopeEncrypt)(data, testMasterKey);
+        (0, vitest_1.expect)((0, crypto_js_1.envelopeDecrypt)(encrypted, testMasterKey)).toBe(data);
+    });
+    (0, vitest_1.it)('handles JSON data', () => {
+        const obj = { tool: 'http', payload: { url: 'https://example.com' }, nested: [1, 2, 3] };
+        const data = JSON.stringify(obj);
+        const encrypted = (0, crypto_js_1.envelopeEncrypt)(data, testMasterKey);
+        const decrypted = JSON.parse((0, crypto_js_1.envelopeDecrypt)(encrypted, testMasterKey));
+        (0, vitest_1.expect)(decrypted).toEqual(obj);
+    });
+    (0, vitest_1.it)('envelopeDecrypt rejects non-envelope data', () => {
+        const legacy = (0, crypto_js_1.encrypt)('legacy data', testMasterKey);
+        (0, vitest_1.expect)(() => (0, crypto_js_1.envelopeDecrypt)(legacy, testMasterKey)).toThrow('missing env1: prefix');
+    });
+    (0, vitest_1.it)('rejects malformed envelope (no separator)', () => {
+        (0, vitest_1.expect)(() => (0, crypto_js_1.envelopeDecrypt)('env1:nodatahere', testMasterKey)).toThrow('missing DEK/payload separator');
+    });
+    (0, vitest_1.it)('rejects malformed envelope (empty parts)', () => {
+        // env1:: has withoutPrefix=":" where lastIndexOf(':') returns 0,
+        // caught by the separatorIndex <= 0 check
+        (0, vitest_1.expect)(() => (0, crypto_js_1.envelopeDecrypt)('env1::', testMasterKey)).toThrow('missing DEK/payload separator');
+        // env1:abc: has empty payload after separator
+        (0, vitest_1.expect)(() => (0, crypto_js_1.envelopeDecrypt)('env1:abc:', testMasterKey)).toThrow('empty DEK or payload');
+    });
+});
+(0, vitest_1.describe)('decrypt() backward compatibility', () => {
+    (0, vitest_1.it)('transparently decrypts envelope-encrypted data', () => {
+        const data = 'new envelope data';
+        const encrypted = (0, crypto_js_1.envelopeEncrypt)(data, testMasterKey);
+        // decrypt() should auto-detect the env1: prefix and handle it
+        (0, vitest_1.expect)((0, crypto_js_1.decrypt)(encrypted, testMasterKey)).toBe(data);
+    });
+    (0, vitest_1.it)('still decrypts legacy direct-encrypted data', () => {
+        const data = 'legacy direct data';
+        const encrypted = (0, crypto_js_1.encrypt)(data, testMasterKey);
+        // Legacy data should still work with decrypt()
+        (0, vitest_1.expect)((0, crypto_js_1.decrypt)(encrypted, testMasterKey)).toBe(data);
+    });
+    (0, vitest_1.it)('handles mixed legacy and envelope data in sequence', () => {
+        const legacyData = 'old format';
+        const envelopeData = 'new format';
+        const legacyEncrypted = (0, crypto_js_1.encrypt)(legacyData, testMasterKey);
+        const envelopeEncrypted = (0, crypto_js_1.envelopeEncrypt)(envelopeData, testMasterKey);
+        // Both should decrypt through the same decrypt() function
+        (0, vitest_1.expect)((0, crypto_js_1.decrypt)(legacyEncrypted, testMasterKey)).toBe(legacyData);
+        (0, vitest_1.expect)((0, crypto_js_1.decrypt)(envelopeEncrypted, testMasterKey)).toBe(envelopeData);
+    });
+});
+(0, vitest_1.describe)('encryptCredential / decryptCredential (existing DEK pattern)', () => {
+    (0, vitest_1.it)('still works correctly after envelope changes', () => {
+        const payload = { api_key: 'sk-test-12345', name: 'test-cred' };
+        const { encryptedDEK, encryptedPayload } = (0, crypto_js_1.encryptCredential)(payload, testMasterKey);
+        const decrypted = (0, crypto_js_1.decryptCredential)(encryptedDEK, encryptedPayload, testMasterKey);
+        (0, vitest_1.expect)(decrypted).toEqual(payload);
+    });
+});
+(0, vitest_1.describe)('envelope format structure', () => {
+    (0, vitest_1.it)('has exactly the env1:wrappedDEK:payload format', () => {
+        const encrypted = (0, crypto_js_1.envelopeEncrypt)('test', testMasterKey);
+        const parts = encrypted.split(':');
+        // Should be: "env1", wrappedDEK (base64), payload (base64)
+        (0, vitest_1.expect)(parts[0]).toBe('env1');
+        (0, vitest_1.expect)(parts.length).toBe(3);
+        // Both parts after prefix should be valid base64
+        (0, vitest_1.expect)(parts[1].length).toBeGreaterThan(0);
+        (0, vitest_1.expect)(parts[2].length).toBeGreaterThan(0);
+    });
+    (0, vitest_1.it)('base64 parts do not contain colons', () => {
+        // Run multiple times to catch edge cases with different random nonces
+        for (let i = 0; i < 20; i++) {
+            const encrypted = (0, crypto_js_1.envelopeEncrypt)(`test data ${i}`, testMasterKey);
+            const withoutPrefix = encrypted.slice(5); // remove "env1:"
+            const colonCount = (withoutPrefix.match(/:/g) || []).length;
+            // Exactly one colon separating wrappedDEK and payload
+            (0, vitest_1.expect)(colonCount).toBe(1);
+        }
     });
 });
 //# sourceMappingURL=crypto.test.js.map

package/dist/__tests__/crypto.test.js.map

@@ -1 +1 @@
-{"version":3,"file":"crypto.test.js","sourceRoot":"","sources":["../../src/__tests__/crypto.test.ts"],"names":[],"mappings":";;AAAA,mCAA8C;AAC9C,sCAQmB;AAEnB,IAAA,iBAAQ,EAAC,QAAQ,EAAE,GAAG,EAAE;IACtB,IAAA,iBAAQ,EAAC,mBAAmB,EAAE,GAAG,EAAE;QACjC,IAAA,WAAE,EAAC,sBAAsB,EAAE,GAAG,EAAE;YAC9B,MAAM,GAAG,GAAG,IAAA,oBAAW,GAAE,CAAC;YAC1B,MAAM,SAAS,GAAG,eAAe,CAAC;YAClC,MAAM,SAAS,GAAG,IAAA,gBAAO,EAAC,SAAS,EAAE,GAAG,CAAC,CAAC;YAC1C,IAAA,eAAM,EAAC,IAAA,gBAAO,EAAC,SAAS,EAAE,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;QAClD,CAAC,CAAC,CAAC;QAEH,IAAA,WAAE,EAAC,uBAAuB,EAAE,GAAG,EAAE;YAC/B,MAAM,GAAG,GAAG,IAAA,oBAAW,GAAE,CAAC;YAC1B,MAAM,QAAQ,GAAG,IAAA,oBAAW,GAAE,CAAC;YAC/B,MAAM,SAAS,GAAG,IAAA,gBAAO,EAAC,QAAQ,EAAE,GAAG,CAAC,CAAC;YACzC,IAAA,eAAM,EAAC,GAAG,EAAE,CAAC,IAAA,gBAAO,EAAC,SAAS,EAAE,QAAQ,CAAC,CAAC,CAAC,OAAO,CAAC,mBAAmB,CAAC,CAAC;QAC1E,CAAC,CAAC,CAAC;QAEH,IAAA,WAAE,EAAC,uBAAuB,EAAE,GAAG,EAAE;YAC/B,MAAM,GAAG,GAAG,IAAA,oBAAW,GAAE,CAAC;YAC1B,MAAM,IAAI,GAAG,IAAI,CAAC,SAAS,CAAC,EAAE,GAAG,EAAE,KAAK,EAAE,GAAG,EAAE,EAAE,EAAE,GAAG,EAAE,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC,EAAE,CAAC,CAAC;YACrE,MAAM,SAAS,GAAG,IAAA,gBAAO,EAAC,IAAI,EAAE,GAAG,CAAC,CAAC;YACrC,IAAA,eAAM,EAAC,IAAI,CAAC,KAAK,CAAC,IAAA,gBAAO,EAAC,SAAS,EAAE,GAAG,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC;QACxE,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,IAAA,iBAAQ,EAAC,yBAAyB,EAAE,GAAG,EAAE;QACvC,IAAA,WAAE,EAAC,qCAAqC,EAAE,GAAG,EAAE;YAC7C,MAAM,SAAS,GAAG,IAAA,oBAAW,GAAE,CAAC;YAChC,MAAM,GAAG,GAAG,IAAA,oBAAW,GAAE,CAAC;YAC1B,MAAM,SAAS,GAAG,IAAA,mBAAU,EAAC,GAAG,EAAE,SAAS,CAAC,CAAC;YAC7C,MAAM,SAAS,GAAG,IAAA,mBAAU,EAAC,SAAS,EAAE,SAAS,CAAC,CAAC;YACnD,IAAA,eAAM,EAAC,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACrE,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,IAAA,iBAAQ,EAAC,uCAAuC,EAAE,GAAG,EAAE;QACrD,IAAA,WAAE,EAAC,iCAAiC,EAAE,GAAG,EAAE;YACzC,MAAM,SAAS,GAAG,IAAA,oBAAW,GAAE,CAAC;YAChC,MAAM,OAAO,GAAG,EAAE,OAAO,EAAE,aAAa,EAAE,QAAQ,EAAE,yBAAyB,EAAE,CAAC;YAChF,MAAM,EAAE,YAAY,EAAE,gBAAgB,EAAE,GAAG,IAAA,0BAAiB,EAAC,OAAO,EAAE,SAAS,CAAC,CAAC;YAEjF,IAAA,eAAM,EAAC,OAAO,YAAY,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;YAC3C,IAAA,eAAM,EAAC,OAAO,gBAAgB,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;YAE/C,MAAM,SAAS,GAAG,IAAA,0BAAiB,EAAC,YAAY,EAAE,gBAAgB,EAAE,SAAS,CAAC,CAAC;YAC/E,IAAA,eAAM,EAAC,SAAS,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;QACrC,CAAC,CAAC,CAAC;QAEH,IAAA,WAAE,EAAC,6BAA6B,EAAE,GAAG,EAAE;YACrC,MAAM,SAAS,GAAG,IAAA,oBAAW,GAAE,CAAC;YAChC,MAAM,QAAQ,GAAG,IAAA,oBAAW,GAAE,CAAC;YAC/B,MAAM,EAAE,YAAY,EAAE,gBAAgB,EAAE,GAAG,IAAA,0BAAiB,EAC1D,EAAE,MAAM,EAAE,OAAO,EAAE,EACnB,SAAS,CACV,CAAC;YACF,IAAA,eAAM,EAAC,GAAG,EAAE,CAAC,IAAA,0BAAiB,EAAC,YAAY,EAAE,gBAAgB,EAAE,QAAQ,CAAC,CAAC,CAAC,OAAO,EAAE,CAAC;QACtF,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}
+{"version":3,"file":"crypto.test.js","sourceRoot":"","sources":["../../src/__tests__/crypto.test.ts"],"names":[],"mappings":";;;;;AAAA,mCAA8C;AAC9C,0DAA6B;AAE7B,4CAQsB;AAEtB,+EAA+E;AAC/E,MAAM,aAAa,GAAG,mBAAI,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC;AAE3C,IAAA,iBAAQ,EAAC,+BAA+B,EAAE,GAAG,EAAE;IAC7C,IAAA,WAAE,EAAC,sBAAsB,EAAE,GAAG,EAAE;QAC9B,MAAM,IAAI,GAAG,aAAa,CAAC;QAC3B,MAAM,SAAS,GAAG,IAAA,mBAAO,EAAC,IAAI,EAAE,aAAa,CAAC,CAAC;QAC/C,IAAA,eAAM,EAAC,SAAS,CAAC,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACjC,IAAA,eAAM,EAAC,IAAA,mBAAO,EAAC,SAAS,EAAE,aAAa,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACvD,CAAC,CAAC,CAAC;IAEH,IAAA,WAAE,EAAC,wDAAwD,EAAE,GAAG,EAAE;QAChE,MAAM,IAAI,GAAG,gBAAgB,CAAC;QAC9B,MAAM,CAAC,GAAG,IAAA,mBAAO,EAAC,IAAI,EAAE,aAAa,CAAC,CAAC;QACvC,MAAM,CAAC,GAAG,IAAA,mBAAO,EAAC,IAAI,EAAE,aAAa,CAAC,CAAC;QACvC,IAAA,eAAM,EAAC,CAAC,CAAC,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IACxB,CAAC,CAAC,CAAC;IAEH,IAAA,WAAE,EAAC,mBAAmB,EAAE,GAAG,EAAE;QAC3B,MAAM,IAAI,GAAG,QAAQ,CAAC;QACtB,MAAM,SAAS,GAAG,IAAA,mBAAO,EAAC,IAAI,EAAE,aAAa,CAAC,CAAC;QAC/C,MAAM,QAAQ,GAAG,mBAAI,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC;QACtC,IAAA,eAAM,EAAC,GAAG,EAAE,CAAC,IAAA,mBAAO,EAAC,SAAS,EAAE,QAAQ,CAAC,CAAC,CAAC,OAAO,CAAC,mBAAmB,CAAC,CAAC;IAC1E,CAAC,CAAC,CAAC;IAEH,IAAA,WAAE,EAAC,sBAAsB,EAAE,GAAG,EAAE;QAC9B,MAAM,SAAS,GAAG,IAAA,mBAAO,EAAC,EAAE,EAAE,aAAa,CAAC,CAAC;QAC7C,IAAA,eAAM,EAAC,IAAA,mBAAO,EAAC,SAAS,EAAE,aAAa,CAAC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACrD,CAAC,CAAC,CAAC;IAEH,IAAA,WAAE,EAAC,iBAAiB,EAAE,GAAG,EAAE;QACzB,MAAM,IAAI,GAAG,qBAAqB,CAAC;QACnC,MAAM,SAAS,GAAG,IAAA,mBAAO,EAAC,IAAI,EAAE,aAAa,CAAC,CAAC;QAC/C,IAAA,eAAM,EAAC,IAAA,mBAAO,EAAC,SAAS,EAAE,aAAa,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACvD,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,IAAA,iBAAQ,EAAC,mCAAmC,EAAE,GAAG,EAAE;IACjD,IAAA,WAAE,EAAC,sBAAsB,EAAE,GAAG,EAAE;QAC9B,MAAM,IAAI,GAAG,oBAAoB,CAAC;QAClC,MAAM,SAAS,GAAG,IAAA,2BAAe,EAAC,IAAI,EAAE,aAAa,CAAC,CAAC;QACvD,IAAA,eAAM,EAAC,SAAS,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;QACpC,IAAA,eAAM,EAAC,IAAA,2BAAe,EAAC,SAAS,EAAE,aAAa,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAC/D,CAAC,CAAC,CAAC;IAEH,IAAA,WAAE,EAAC,6DAA6D,EAAE,GAAG,EAAE;QACrE,MAAM,IAAI,GAAG,WAAW,CAAC;QACzB,MAAM,CAAC,GAAG,IAAA,2BAAe,EAAC,IAAI,EAAE,aAAa,CAAC,CAAC;QAC/C,MAAM,CAAC,GAAG,IAAA,2BAAe,EAAC,IAAI,EAAE,aAAa,CAAC,CAAC;QAC/C,IAAA,eAAM,EAAC,CAAC,CAAC,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IACxB,CAAC,CAAC,CAAC;IAEH,IAAA,WAAE,EAAC,0BAA0B,EAAE,GAAG,EAAE;QAClC,MAAM,IAAI,GAAG,QAAQ,CAAC;QACtB,MAAM,SAAS,GAAG,IAAA,2BAAe,EAAC,IAAI,EAAE,aAAa,CAAC,CAAC;QACvD,MAAM,QAAQ,GAAG,mBAAI,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC;QACtC,IAAA,eAAM,EAAC,GAAG,EAAE,CAAC,IAAA,2BAAe,EAAC,SAAS,EAAE,QAAQ,CAAC,CAAC,CAAC,OAAO,EAAE,CAAC;IAC/D,CAAC,CAAC,CAAC;IAEH,IAAA,WAAE,EAAC,sBAAsB,EAAE,GAAG,EAAE;QAC9B,MAAM,SAAS,GAAG,IAAA,2BAAe,EAAC,EAAE,EAAE,aAAa,CAAC,CAAC;QACrD,IAAA,eAAM,EAAC,IAAA,2BAAe,EAAC,SAAS,EAAE,aAAa,CAAC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAC7D,CAAC,CAAC,CAAC;IAEH,IAAA,WAAE,EAAC,oBAAoB,EAAE,GAAG,EAAE;QAC5B,MAAM,IAAI,GAAG,GAAG,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;QACjC,MAAM,SAAS,GAAG,IAAA,2BAAe,EAAC,IAAI,EAAE,aAAa,CAAC,CAAC;QACvD,IAAA,eAAM,EAAC,IAAA,2BAAe,EAAC,SAAS,EAAE,aAAa,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAC/D,CAAC,CAAC,CAAC;IAEH,IAAA,WAAE,EAAC,mBAAmB,EAAE,GAAG,EAAE;QAC3B,MAAM,GAAG,GAAG,EAAE,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,EAAE,GAAG,EAAE,qBAAqB,EAAE,EAAE,MAAM,EAAE,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC,EAAE,CAAC;QACzF,MAAM,IAAI,GAAG,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;QACjC,MAAM,SAAS,GAAG,IAAA,2BAAe,EAAC,IAAI,EAAE,aAAa,CAAC,CAAC;QACvD,MAAM,SAAS,GAAG,IAAI,CAAC,KAAK,CAAC,IAAA,2BAAe,EAAC,SAAS,EAAE,aAAa,CAAC,CAAC,CAAC;QACxE,IAAA,eAAM,EAAC,SAAS,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;IACjC,CAAC,CAAC,CAAC;IAEH,IAAA,WAAE,EAAC,2CAA2C,EAAE,GAAG,EAAE;QACnD,MAAM,MAAM,GAAG,IAAA,mBAAO,EAAC,aAAa,EAAE,aAAa,CAAC,CAAC;QACrD,IAAA,eAAM,EAAC,GAAG,EAAE,CAAC,IAAA,2BAAe,EAAC,MAAM,EAAE,aAAa,CAAC,CAAC,CAAC,OAAO,CAAC,sBAAsB,CAAC,CAAC;IACvF,CAAC,CAAC,CAAC;IAEH,IAAA,WAAE,EAAC,2CAA2C,EAAE,GAAG,EAAE;QACnD,IAAA,eAAM,EAAC,GAAG,EAAE,CAAC,IAAA,2BAAe,EAAC,iBAAiB,EAAE,aAAa,CAAC,CAAC,CAAC,OAAO,CAAC,+BAA+B,CAAC,CAAC;IAC3G,CAAC,CAAC,CAAC;IAEH,IAAA,WAAE,EAAC,0CAA0C,EAAE,GAAG,EAAE;QAClD,iEAAiE;QACjE,0CAA0C;QAC1C,IAAA,eAAM,EAAC,GAAG,EAAE,CAAC,IAAA,2BAAe,EAAC,QAAQ,EAAE,aAAa,CAAC,CAAC,CAAC,OAAO,CAAC,+BAA+B,CAAC,CAAC;QAChG,8CAA8C;QAC9C,IAAA,eAAM,EAAC,GAAG,EAAE,CAAC,IAAA,2BAAe,EAAC,WAAW,EAAE,aAAa,CAAC,CAAC,CAAC,OAAO,CAAC,sBAAsB,CAAC,CAAC;IAC5F,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,IAAA,iBAAQ,EAAC,kCAAkC,EAAE,GAAG,EAAE;IAChD,IAAA,WAAE,EAAC,gDAAgD,EAAE,GAAG,EAAE;QACxD,MAAM,IAAI,GAAG,mBAAmB,CAAC;QACjC,MAAM,SAAS,GAAG,IAAA,2BAAe,EAAC,IAAI,EAAE,aAAa,CAAC,CAAC;QACvD,8DAA8D;QAC9D,IAAA,eAAM,EAAC,IAAA,mBAAO,EAAC,SAAS,EAAE,aAAa,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACvD,CAAC,CAAC,CAAC;IAEH,IAAA,WAAE,EAAC,6CAA6C,EAAE,GAAG,EAAE;QACrD,MAAM,IAAI,GAAG,oBAAoB,CAAC;QAClC,MAAM,SAAS,GAAG,IAAA,mBAAO,EAAC,IAAI,EAAE,aAAa,CAAC,CAAC;QAC/C,+CAA+C;QAC/C,IAAA,eAAM,EAAC,IAAA,mBAAO,EAAC,SAAS,EAAE,aAAa,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACvD,CAAC,CAAC,CAAC;IAEH,IAAA,WAAE,EAAC,oDAAoD,EAAE,GAAG,EAAE;QAC5D,MAAM,UAAU,GAAG,YAAY,CAAC;QAChC,MAAM,YAAY,GAAG,YAAY,CAAC;QAElC,MAAM,eAAe,GAAG,IAAA,mBAAO,EAAC,UAAU,EAAE,aAAa,CAAC,CAAC;QAC3D,MAAM,iBAAiB,GAAG,IAAA,2BAAe,EAAC,YAAY,EAAE,aAAa,CAAC,CAAC;QAEvE,0DAA0D;QAC1D,IAAA,eAAM,EAAC,IAAA,mBAAO,EAAC,eAAe,EAAE,aAAa,CAAC,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;QACjE,IAAA,eAAM,EAAC,IAAA,mBAAO,EAAC,iBAAiB,EAAE,aAAa,CAAC,CAAC,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;IACvE,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,IAAA,iBAAQ,EAAC,8DAA8D,EAAE,GAAG,EAAE;IAC5E,IAAA,WAAE,EAAC,8CAA8C,EAAE,GAAG,EAAE;QACtD,MAAM,OAAO,GAAG,EAAE,OAAO,EAAE,eAAe,EAAE,IAAI,EAAE,WAAW,EAAE,CAAC;QAChE,MAAM,EAAE,YAAY,EAAE,gBAAgB,EAAE,GAAG,IAAA,6BAAiB,EAAC,OAAO,EAAE,aAAa,CAAC,CAAC;QACrF,MAAM,SAAS,GAAG,IAAA,6BAAiB,EAAC,YAAY,EAAE,gBAAgB,EAAE,aAAa,CAAC,CAAC;QACnF,IAAA,eAAM,EAAC,SAAS,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;IACrC,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,IAAA,iBAAQ,EAAC,2BAA2B,EAAE,GAAG,EAAE;IACzC,IAAA,WAAE,EAAC,gDAAgD,EAAE,GAAG,EAAE;QACxD,MAAM,SAAS,GAAG,IAAA,2BAAe,EAAC,MAAM,EAAE,aAAa,CAAC,CAAC;QACzD,MAAM,KAAK,GAAG,SAAS,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QACnC,2DAA2D;QAC3D,IAAA,eAAM,EAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QAC9B,IAAA,eAAM,EAAC,KAAK,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAC7B,iDAAiD;QACjD,IAAA,eAAM,EAAC,KAAK,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC;QAC3C,IAAA,eAAM,EAAC,KAAK,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC;IAC7C,CAAC,CAAC,CAAC;IAEH,IAAA,WAAE,EAAC,oCAAoC,EAAE,GAAG,EAAE;QAC5C,sEAAsE;QACtE,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,EAAE,EAAE,CAAC;YAC5B,MAAM,SAAS,GAAG,IAAA,2BAAe,EAAC,aAAa,CAAC,EAAE,EAAE,aAAa,CAAC,CAAC;YACnE,MAAM,aAAa,GAAG,SAAS,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,iBAAiB;YAC3D,MAAM,UAAU,GAAG,CAAC,aAAa,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC,MAAM,CAAC;YAC5D,sDAAsD;YACtD,IAAA,eAAM,EAAC,UAAU,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAC7B,CAAC;IACH,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}

package/dist/__tests__/messaging.test.d.ts

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=messaging.test.d.ts.map

package/dist/__tests__/messaging.test.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"messaging.test.d.ts","sourceRoot":"","sources":["../../src/__tests__/messaging.test.ts"],"names":[],"mappings":""}

package/dist/__tests__/messaging.test.js

@@ -0,0 +1,75 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const vitest_1 = require("vitest");
+const schemas_1 = require("../schemas");
+(0, vitest_1.describe)('SendMessageSchema', () => {
+    (0, vitest_1.it)('accepts valid message with content only', () => {
+        const result = schemas_1.SendMessageSchema.safeParse({ content: 'Hello agent' });
+        (0, vitest_1.expect)(result.success).toBe(true);
+    });
+    (0, vitest_1.it)('accepts message with thread_id and expires_at', () => {
+        const result = schemas_1.SendMessageSchema.safeParse({
+            content: 'Do this task',
+            thread_id: '550e8400-e29b-41d4-a716-446655440000',
+            expires_at: '2026-04-01T12:00:00Z',
+        });
+        (0, vitest_1.expect)(result.success).toBe(true);
+    });
+    (0, vitest_1.it)('rejects empty content', () => {
+        const result = schemas_1.SendMessageSchema.safeParse({ content: '' });
+        (0, vitest_1.expect)(result.success).toBe(false);
+    });
+    (0, vitest_1.it)('rejects content over 4096 chars', () => {
+        const result = schemas_1.SendMessageSchema.safeParse({ content: 'x'.repeat(4097) });
+        (0, vitest_1.expect)(result.success).toBe(false);
+    });
+    (0, vitest_1.it)('rejects invalid thread_id', () => {
+        const result = schemas_1.SendMessageSchema.safeParse({ content: 'hi', thread_id: 'not-a-uuid' });
+        (0, vitest_1.expect)(result.success).toBe(false);
+    });
+});
+(0, vitest_1.describe)('AgentSendMessageSchema', () => {
+    (0, vitest_1.it)('requires thread_id', () => {
+        const result = schemas_1.AgentSendMessageSchema.safeParse({ content: 'Reply' });
+        (0, vitest_1.expect)(result.success).toBe(false);
+    });
+    (0, vitest_1.it)('accepts valid reply', () => {
+        const result = schemas_1.AgentSendMessageSchema.safeParse({
+            content: 'I found 3 files',
+            thread_id: '550e8400-e29b-41d4-a716-446655440000',
+        });
+        (0, vitest_1.expect)(result.success).toBe(true);
+    });
+});
+(0, vitest_1.describe)('ApproveRequestSchema with reply_message', () => {
+    (0, vitest_1.it)('accepts approve without reply', () => {
+        const result = schemas_1.ApproveRequestSchema.safeParse({ action: 'approve' });
+        (0, vitest_1.expect)(result.success).toBe(true);
+    });
+    (0, vitest_1.it)('accepts approve with reply_message', () => {
+        const result = schemas_1.ApproveRequestSchema.safeParse({
+            action: 'approve',
+            reply_message: 'Only delete files older than 7 days',
+        });
+        (0, vitest_1.expect)(result.success).toBe(true);
+        if (result.success) {
+            (0, vitest_1.expect)(result.data.reply_message).toBe('Only delete files older than 7 days');
+        }
+    });
+    (0, vitest_1.it)('accepts deny with reason and reply_message', () => {
+        const result = schemas_1.ApproveRequestSchema.safeParse({
+            action: 'deny',
+            reason: 'Too risky',
+            reply_message: 'Try a safer approach',
+        });
+        (0, vitest_1.expect)(result.success).toBe(true);
+    });
+    (0, vitest_1.it)('rejects reply_message over 2000 chars', () => {
+        const result = schemas_1.ApproveRequestSchema.safeParse({
+            action: 'approve',
+            reply_message: 'x'.repeat(2001),
+        });
+        (0, vitest_1.expect)(result.success).toBe(false);
+    });
+});
+//# sourceMappingURL=messaging.test.js.map

package/dist/__tests__/messaging.test.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"messaging.test.js","sourceRoot":"","sources":["../../src/__tests__/messaging.test.ts"],"names":[],"mappings":";;AAAA,mCAA8C;AAC9C,wCAA6F;AAE7F,IAAA,iBAAQ,EAAC,mBAAmB,EAAE,GAAG,EAAE;IACjC,IAAA,WAAE,EAAC,yCAAyC,EAAE,GAAG,EAAE;QACjD,MAAM,MAAM,GAAG,2BAAiB,CAAC,SAAS,CAAC,EAAE,OAAO,EAAE,aAAa,EAAE,CAAC,CAAC;QACvE,IAAA,eAAM,EAAC,MAAM,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACpC,CAAC,CAAC,CAAC;IAEH,IAAA,WAAE,EAAC,+CAA+C,EAAE,GAAG,EAAE;QACvD,MAAM,MAAM,GAAG,2BAAiB,CAAC,SAAS,CAAC;YACzC,OAAO,EAAE,cAAc;YACvB,SAAS,EAAE,sCAAsC;YACjD,UAAU,EAAE,sBAAsB;SACnC,CAAC,CAAC;QACH,IAAA,eAAM,EAAC,MAAM,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACpC,CAAC,CAAC,CAAC;IAEH,IAAA,WAAE,EAAC,uBAAuB,EAAE,GAAG,EAAE;QAC/B,MAAM,MAAM,GAAG,2BAAiB,CAAC,SAAS,CAAC,EAAE,OAAO,EAAE,EAAE,EAAE,CAAC,CAAC;QAC5D,IAAA,eAAM,EAAC,MAAM,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IACrC,CAAC,CAAC,CAAC;IAEH,IAAA,WAAE,EAAC,iCAAiC,EAAE,GAAG,EAAE;QACzC,MAAM,MAAM,GAAG,2BAAiB,CAAC,SAAS,CAAC,EAAE,OAAO,EAAE,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QAC1E,IAAA,eAAM,EAAC,MAAM,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IACrC,CAAC,CAAC,CAAC;IAEH,IAAA,WAAE,EAAC,2BAA2B,EAAE,GAAG,EAAE;QACnC,MAAM,MAAM,GAAG,2BAAiB,CAAC,SAAS,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,SAAS,EAAE,YAAY,EAAE,CAAC,CAAC;QACvF,IAAA,eAAM,EAAC,MAAM,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IACrC,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,IAAA,iBAAQ,EAAC,wBAAwB,EAAE,GAAG,EAAE;IACtC,IAAA,WAAE,EAAC,oBAAoB,EAAE,GAAG,EAAE;QAC5B,MAAM,MAAM,GAAG,gCAAsB,CAAC,SAAS,CAAC,EAAE,OAAO,EAAE,OAAO,EAAE,CAAC,CAAC;QACtE,IAAA,eAAM,EAAC,MAAM,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IACrC,CAAC,CAAC,CAAC;IAEH,IAAA,WAAE,EAAC,qBAAqB,EAAE,GAAG,EAAE;QAC7B,MAAM,MAAM,GAAG,gCAAsB,CAAC,SAAS,CAAC;YAC9C,OAAO,EAAE,iBAAiB;YAC1B,SAAS,EAAE,sCAAsC;SAClD,CAAC,CAAC;QACH,IAAA,eAAM,EAAC,MAAM,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACpC,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,IAAA,iBAAQ,EAAC,yCAAyC,EAAE,GAAG,EAAE;IACvD,IAAA,WAAE,EAAC,+BAA+B,EAAE,GAAG,EAAE;QACvC,MAAM,MAAM,GAAG,8BAAoB,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,SAAS,EAAE,CAAC,CAAC;QACrE,IAAA,eAAM,EAAC,MAAM,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACpC,CAAC,CAAC,CAAC;IAEH,IAAA,WAAE,EAAC,oCAAoC,EAAE,GAAG,EAAE;QAC5C,MAAM,MAAM,GAAG,8BAAoB,CAAC,SAAS,CAAC;YAC5C,MAAM,EAAE,SAAS;YACjB,aAAa,EAAE,qCAAqC;SACrD,CAAC,CAAC;QACH,IAAA,eAAM,EAAC,MAAM,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAClC,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;YACnB,IAAA,eAAM,EAAC,MAAM,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC,IAAI,CAAC,qCAAqC,CAAC,CAAC;QAChF,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,IAAA,WAAE,EAAC,4CAA4C,EAAE,GAAG,EAAE;QACpD,MAAM,MAAM,GAAG,8BAAoB,CAAC,SAAS,CAAC;YAC5C,MAAM,EAAE,MAAM;YACd,MAAM,EAAE,WAAW;YACnB,aAAa,EAAE,sBAAsB;SACtC,CAAC,CAAC;QACH,IAAA,eAAM,EAAC,MAAM,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACpC,CAAC,CAAC,CAAC;IAEH,IAAA,WAAE,EAAC,uCAAuC,EAAE,GAAG,EAAE;QAC/C,MAAM,MAAM,GAAG,8BAAoB,CAAC,SAAS,CAAC;YAC5C,MAAM,EAAE,SAAS;YACjB,aAAa,EAAE,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC;SAChC,CAAC,CAAC;QACH,IAAA,eAAM,EAAC,MAAM,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IACrC,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}

package/dist/__tests__/policy.test.js

@@ -4,7 +4,8 @@ const vitest_1 = require("vitest");
 const policy_js_1 = require("../policy.js");
 (0, vitest_1.describe)('Policy Engine', () => {
     (0, vitest_1.it)('should ALLOW read actions by default', () => {
-        const action = { action_type: 'read', tool: 'http', payload: {} };
+        // Use a non-http tool to test the default read policy (http without URL is now correctly blocked)
+        const action = { action_type: 'read', tool: 'demo.list', payload: {} };
         (0, vitest_1.expect)((0, policy_js_1.evaluatePolicy)(action, policy_js_1.DEFAULT_POLICY_RULES).decision).toBe('ALLOW');
     });
     (0, vitest_1.it)('should REQUIRE_APPROVAL for write actions', () => {
@@ -43,19 +44,37 @@ const policy_js_1 = require("../policy.js");
         };
         (0, vitest_1.expect)((0, policy_js_1.evaluatePolicy)(action, rules).decision).toBe('BLOCK');
     });
-    (0, vitest_1.it)('should ALLOW admin actions when defaultMode is allow and no matching rule', () => {
+    (0, vitest_1.it)('should REQUIRE_APPROVAL for admin actions even when defaultMode is allow', () => {
         const action = { action_type: 'admin', tool: 'system', payload: {} };
         const rules = { ...policy_js_1.DEFAULT_POLICY_RULES, defaultMode: 'allow', rules: [] };
         const result = (0, policy_js_1.evaluatePolicy)(action, rules);
-        (0, vitest_1.expect)(result.decision).toBe('ALLOW');
-        (0, vitest_1.expect)(result.reason).toBe('Default policy');
+        (0, vitest_1.expect)(result.decision).toBe('REQUIRE_APPROVAL');
     });
-    (0, vitest_1.it)('should ALLOW financial actions when defaultMode is allow and no matching rule', () => {
+    (0, vitest_1.it)('should REQUIRE_APPROVAL for financial actions even when defaultMode is allow', () => {
         const action = { action_type: 'financial', tool: 'stripe', payload: {} };
         const rules = { ...policy_js_1.DEFAULT_POLICY_RULES, defaultMode: 'allow', rules: [] };
         const result = (0, policy_js_1.evaluatePolicy)(action, rules);
-        (0, vitest_1.expect)(result.decision).toBe('ALLOW');
-        (0, vitest_1.expect)(result.reason).toBe('Default policy');
+        (0, vitest_1.expect)(result.decision).toBe('REQUIRE_APPROVAL');
+    });
+    (0, vitest_1.it)('should REQUIRE_APPROVAL for admin action even with explicit ALLOW rule', () => {
+        const action = { action_type: 'admin', tool: 'admin.delete_user', payload: {} };
+        const rules = {
+            ...policy_js_1.DEFAULT_POLICY_RULES,
+            defaultMode: 'allow',
+            rules: [{ action_type: 'admin', decision: 'ALLOW' }],
+        };
+        const result = (0, policy_js_1.evaluatePolicy)(action, rules);
+        (0, vitest_1.expect)(result.decision).toBe('REQUIRE_APPROVAL');
+    });
+    (0, vitest_1.it)('should REQUIRE_APPROVAL for financial action even with explicit ALLOW rule', () => {
+        const action = { action_type: 'financial', tool: 'stripe.charge', payload: {} };
+        const rules = {
+            ...policy_js_1.DEFAULT_POLICY_RULES,
+            defaultMode: 'allow',
+            rules: [{ action_type: 'financial', decision: 'ALLOW' }],
+        };
+        const result = (0, policy_js_1.evaluatePolicy)(action, rules);
+        (0, vitest_1.expect)(result.decision).toBe('REQUIRE_APPROVAL');
     });
     (0, vitest_1.it)('should still respect explicit rules for admin even with defaultMode allow', () => {
         const action = { action_type: 'admin', tool: 'system', payload: {} };
@@ -76,5 +95,103 @@ const policy_js_1 = require("../policy.js");
         const rules = { ...policy_js_1.DEFAULT_POLICY_RULES, limits: { maxCostPerAction: 100 } };
         (0, vitest_1.expect)((0, policy_js_1.evaluatePolicy)(action, rules).decision).toBe('BLOCK');
     });
+    // --- Case-sensitivity bypass tests ---
+    (0, vitest_1.it)('should enforce HTTP domain allowlist even with mixed-case tool name', () => {
+        const action = {
+            action_type: 'read',
+            tool: 'Http.get',
+            payload: { url: 'https://evil.com/data', method: 'GET' },
+        };
+        const rules = {
+            ...policy_js_1.DEFAULT_POLICY_RULES,
+            http: { allowedDomains: ['trusted.com'], allowedMethods: ['GET'], blockList: [] },
+        };
+        (0, vitest_1.expect)((0, policy_js_1.evaluatePolicy)(action, rules).decision).toBe('BLOCK');
+    });
+    (0, vitest_1.it)('should match tool-specific rules case-insensitively', () => {
+        const action = {
+            action_type: 'read',
+            tool: 'MCP.list_tools',
+            payload: {},
+        };
+        const result = (0, policy_js_1.evaluatePolicy)(action, policy_js_1.DEFAULT_POLICY_RULES);
+        (0, vitest_1.expect)(result.decision).toBe('ALLOW');
+    });
+    // --- URL edge cases ---
+    (0, vitest_1.it)('should not match subdomain of blocklisted domain (e.g., notevil.com vs evil.com)', () => {
+        const action = {
+            action_type: 'read',
+            tool: 'http.get',
+            payload: { url: 'https://notevil.com/data', method: 'GET' },
+        };
+        const rules = {
+            ...policy_js_1.DEFAULT_POLICY_RULES,
+            http: { allowedDomains: ['notevil.com', 'trusted.com'], allowedMethods: ['GET'], blockList: ['evil.com'] },
+        };
+        (0, vitest_1.expect)((0, policy_js_1.evaluatePolicy)(action, rules).decision).not.toBe('BLOCK');
+    });
+    (0, vitest_1.it)('should BLOCK HTTP tool with no URL in payload', () => {
+        const action = {
+            action_type: 'read',
+            tool: 'http.get',
+            payload: {},
+        };
+        const rules = {
+            ...policy_js_1.DEFAULT_POLICY_RULES,
+            http: { allowedDomains: ['trusted.com'], allowedMethods: ['GET'], blockList: [] },
+        };
+        (0, vitest_1.expect)((0, policy_js_1.evaluatePolicy)(action, rules).decision).toBe('BLOCK');
+    });
+    // --- Browser tool policy ---
+    (0, vitest_1.it)('should REQUIRE_APPROVAL for browser.open', () => {
+        const action = {
+            action_type: 'write',
+            tool: 'browser.open',
+            payload: { url: 'https://example.com' },
+        };
+        const result = (0, policy_js_1.evaluatePolicy)(action, policy_js_1.DEFAULT_POLICY_RULES);
+        (0, vitest_1.expect)(result.decision).toBe('REQUIRE_APPROVAL');
+    });
+    (0, vitest_1.it)('should BLOCK browser.* actions without a session (reaching policy engine)', () => {
+        const action = {
+            action_type: 'write',
+            tool: 'browser.click',
+            payload: {},
+        };
+        const result = (0, policy_js_1.evaluatePolicy)(action, policy_js_1.DEFAULT_POLICY_RULES);
+        (0, vitest_1.expect)(result.decision).toBe('BLOCK');
+    });
+    // --- Unknown action_type ---
+    (0, vitest_1.it)('should BLOCK unknown action types', () => {
+        const action = {
+            action_type: 'delete',
+            tool: 'custom.tool',
+            payload: {},
+        };
+        const result = (0, policy_js_1.evaluatePolicy)(action, policy_js_1.DEFAULT_POLICY_RULES);
+        (0, vitest_1.expect)(result.decision).toBe('BLOCK');
+    });
+    // --- cost_estimate omission ---
+    (0, vitest_1.it)('should not enforce budget check when cost_estimate is omitted', () => {
+        const action = {
+            action_type: 'write',
+            tool: 'demo',
+            payload: {},
+            // cost_estimate intentionally omitted
+        };
+        const rules = { ...policy_js_1.DEFAULT_POLICY_RULES, limits: { maxCostPerAction: 100 } };
+        // Should match action_type 'write' rule, not be BLOCK-ed by cost limit
+        (0, vitest_1.expect)((0, policy_js_1.evaluatePolicy)(action, rules).decision).toBe('REQUIRE_APPROVAL');
+    });
+    // --- HTTP allowlist not configured ---
+    (0, vitest_1.it)('should REQUIRE_APPROVAL when HTTP allowlist is empty (safe default)', () => {
+        const action = {
+            action_type: 'read',
+            tool: 'http.get',
+            payload: { url: 'https://any-site.com/data', method: 'GET' },
+        };
+        const result = (0, policy_js_1.evaluatePolicy)(action, policy_js_1.DEFAULT_POLICY_RULES);
+        (0, vitest_1.expect)(result.decision).toBe('REQUIRE_APPROVAL');
+    });
 });
 //# sourceMappingURL=policy.test.js.map

package/dist/__tests__/policy.test.js.map

@@ -1 +1 @@
-{"version":3,"file":"policy.test.js","sourceRoot":"","sources":["../../src/__tests__/policy.test.ts"],"names":[],"mappings":";;AAAA,mCAA8C;AAC9C,4CAAoE;AAGpE,IAAA,iBAAQ,EAAC,eAAe,EAAE,GAAG,EAAE;IAC7B,IAAA,WAAE,EAAC,sCAAsC,EAAE,GAAG,EAAE;QAC9C,MAAM,MAAM,GAAuB,EAAE,WAAW,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,EAAE,EAAE,CAAC;QACtF,IAAA,eAAM,EAAC,IAAA,0BAAc,EAAC,MAAM,EAAE,gCAAoB,CAAC,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IAC9E,CAAC,CAAC,CAAC;IAEH,IAAA,WAAE,EAAC,2CAA2C,EAAE,GAAG,EAAE;QACnD,MAAM,MAAM,GAAuB,EAAE,WAAW,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,EAAE,EAAE,CAAC;QACvF,IAAA,eAAM,EAAC,IAAA,0BAAc,EAAC,MAAM,EAAE,gCAAoB,CAAC,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC;IACzF,CAAC,CAAC,CAAC;IAEH,IAAA,WAAE,EAAC,4BAA4B,EAAE,GAAG,EAAE;QACpC,MAAM,MAAM,GAAuB,EAAE,WAAW,EAAE,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,OAAO,EAAE,EAAE,EAAE,CAAC;QACzF,IAAA,eAAM,EAAC,IAAA,0BAAc,EAAC,MAAM,EAAE,gCAAoB,CAAC,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IAC9E,CAAC,CAAC,CAAC;IAEH,IAAA,WAAE,EAAC,+CAA+C,EAAE,GAAG,EAAE;QACvD,MAAM,MAAM,GAAuB,EAAE,WAAW,EAAE,WAAW,EAAE,IAAI,EAAE,QAAQ,EAAE,OAAO,EAAE,EAAE,EAAE,CAAC;QAC7F,IAAA,eAAM,EAAC,IAAA,0BAAc,EAAC,MAAM,EAAE,gCAAoB,CAAC,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC;IACzF,CAAC,CAAC,CAAC;IAEH,IAAA,WAAE,EAAC,sCAAsC,EAAE,GAAG,EAAE;QAC9C,MAAM,MAAM,GAAuB;YACjC,WAAW,EAAE,MAAM;YACnB,IAAI,EAAE,MAAM;YACZ,OAAO,EAAE,EAAE,GAAG,EAAE,uBAAuB,EAAE,MAAM,EAAE,KAAK,EAAE;SACzD,CAAC;QACF,MAAM,KAAK,GAAG;YACZ,GAAG,gCAAoB;YACvB,IAAI,EAAE,EAAE,cAAc,EAAE,CAAC,aAAa,CAAC,EAAE,cAAc,EAAE,CAAC,KAAK,CAAC,EAAE,SAAS,EAAE,EAAE,EAAE;SAClF,CAAC;QACF,IAAA,eAAM,EAAC,IAAA,0BAAc,EAAC,MAAM,EAAE,KAAK,CAAC,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IAC/D,CAAC,CAAC,CAAC;IAEH,IAAA,WAAE,EAAC,6CAA6C,EAAE,GAAG,EAAE;QACrD,MAAM,MAAM,GAAuB;YACjC,WAAW,EAAE,MAAM;YACnB,IAAI,EAAE,MAAM;YACZ,OAAO,EAAE,EAAE,GAAG,EAAE,uBAAuB,EAAE,MAAM,EAAE,KAAK,EAAE;SACzD,CAAC;QACF,MAAM,KAAK,GAAG;YACZ,GAAG,gCAAoB;YACvB,IAAI,EAAE,EAAE,cAAc,EAAE,EAAE,EAAE,cAAc,EAAE,CAAC,KAAK,CAAC,EAAE,SAAS,EAAE,CAAC,UAAU,CAAC,EAAE;SAC/E,CAAC;QACF,IAAA,eAAM,EAAC,IAAA,0BAAc,EAAC,MAAM,EAAE,KAAK,CAAC,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IAC/D,CAAC,CAAC,CAAC;IAEH,IAAA,WAAE,EAAC,2EAA2E,EAAE,GAAG,EAAE;QACnF,MAAM,MAAM,GAAuB,EAAE,WAAW,EAAE,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,OAAO,EAAE,EAAE,EAAE,CAAC;QACzF,MAAM,KAAK,GAAG,EAAE,GAAG,gCAAoB,EAAE,WAAW,EAAE,OAAgB,EAAE,KAAK,EAAE,EAAE,EAAE,CAAC;QACpF,MAAM,MAAM,GAAG,IAAA,0BAAc,EAAC,MAAM,EAAE,KAAK,CAAC,CAAC;QAC7C,IAAA,eAAM,EAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QACtC,IAAA,eAAM,EAAC,MAAM,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC;IAC/C,CAAC,CAAC,CAAC;IAEH,IAAA,WAAE,EAAC,+EAA+E,EAAE,GAAG,EAAE;QACvF,MAAM,MAAM,GAAuB,EAAE,WAAW,EAAE,WAAW,EAAE,IAAI,EAAE,QAAQ,EAAE,OAAO,EAAE,EAAE,EAAE,CAAC;QAC7F,MAAM,KAAK,GAAG,EAAE,GAAG,gCAAoB,EAAE,WAAW,EAAE,OAAgB,EAAE,KAAK,EAAE,EAAE,EAAE,CAAC;QACpF,MAAM,MAAM,GAAG,IAAA,0BAAc,EAAC,MAAM,EAAE,KAAK,CAAC,CAAC;QAC7C,IAAA,eAAM,EAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QACtC,IAAA,eAAM,EAAC,MAAM,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC;IAC/C,CAAC,CAAC,CAAC;IAEH,IAAA,WAAE,EAAC,2EAA2E,EAAE,GAAG,EAAE;QACnF,MAAM,MAAM,GAAuB,EAAE,WAAW,EAAE,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,OAAO,EAAE,EAAE,EAAE,CAAC;QACzF,MAAM,KAAK,GAAG;YACZ,GAAG,gCAAoB;YACvB,WAAW,EAAE,OAAgB;YAC7B,KAAK,EAAE,CAAC,EAAE,WAAW,EAAE,OAAgB,EAAE,QAAQ,EAAE,OAAgB,EAAE,CAAC;SACvE,CAAC;QACF,IAAA,eAAM,EAAC,IAAA,0BAAc,EAAC,MAAM,EAAE,KAAK,CAAC,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IAC/D,CAAC,CAAC,CAAC;IAEH,IAAA,WAAE,EAAC,sCAAsC,EAAE,GAAG,EAAE;QAC9C,MAAM,MAAM,GAAuB;YACjC,WAAW,EAAE,WAAW;YACxB,IAAI,EAAE,QAAQ;YACd,OAAO,EAAE,EAAE;YACX,aAAa,EAAE,IAAI;SACpB,CAAC;QACF,MAAM,KAAK,GAAG,EAAE,GAAG,gCAAoB,EAAE,MAAM,EAAE,EAAE,gBAAgB,EAAE,GAAG,EAAE,EAAE,CAAC;QAC7E,IAAA,eAAM,EAAC,IAAA,0BAAc,EAAC,MAAM,EAAE,KAAK,CAAC,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IAC/D,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}
+{"version":3,"file":"policy.test.js","sourceRoot":"","sources":["../../src/__tests__/policy.test.ts"],"names":[],"mappings":";;AAAA,mCAA8C;AAC9C,4CAAoE;AAGpE,IAAA,iBAAQ,EAAC,eAAe,EAAE,GAAG,EAAE;IAC7B,IAAA,WAAE,EAAC,sCAAsC,EAAE,GAAG,EAAE;QAC9C,kGAAkG;QAClG,MAAM,MAAM,GAAuB,EAAE,WAAW,EAAE,MAAM,EAAE,IAAI,EAAE,WAAW,EAAE,OAAO,EAAE,EAAE,EAAE,CAAC;QAC3F,IAAA,eAAM,EAAC,IAAA,0BAAc,EAAC,MAAM,EAAE,gCAAoB,CAAC,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IAC9E,CAAC,CAAC,CAAC;IAEH,IAAA,WAAE,EAAC,2CAA2C,EAAE,GAAG,EAAE;QACnD,MAAM,MAAM,GAAuB,EAAE,WAAW,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,EAAE,EAAE,CAAC;QACvF,IAAA,eAAM,EAAC,IAAA,0BAAc,EAAC,MAAM,EAAE,gCAAoB,CAAC,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC;IACzF,CAAC,CAAC,CAAC;IAEH,IAAA,WAAE,EAAC,4BAA4B,EAAE,GAAG,EAAE;QACpC,MAAM,MAAM,GAAuB,EAAE,WAAW,EAAE,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,OAAO,EAAE,EAAE,EAAE,CAAC;QACzF,IAAA,eAAM,EAAC,IAAA,0BAAc,EAAC,MAAM,EAAE,gCAAoB,CAAC,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IAC9E,CAAC,CAAC,CAAC;IAEH,IAAA,WAAE,EAAC,+CAA+C,EAAE,GAAG,EAAE;QACvD,MAAM,MAAM,GAAuB,EAAE,WAAW,EAAE,WAAW,EAAE,IAAI,EAAE,QAAQ,EAAE,OAAO,EAAE,EAAE,EAAE,CAAC;QAC7F,IAAA,eAAM,EAAC,IAAA,0BAAc,EAAC,MAAM,EAAE,gCAAoB,CAAC,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC;IACzF,CAAC,CAAC,CAAC;IAEH,IAAA,WAAE,EAAC,sCAAsC,EAAE,GAAG,EAAE;QAC9C,MAAM,MAAM,GAAuB;YACjC,WAAW,EAAE,MAAM;YACnB,IAAI,EAAE,MAAM;YACZ,OAAO,EAAE,EAAE,GAAG,EAAE,uBAAuB,EAAE,MAAM,EAAE,KAAK,EAAE;SACzD,CAAC;QACF,MAAM,KAAK,GAAG;YACZ,GAAG,gCAAoB;YACvB,IAAI,EAAE,EAAE,cAAc,EAAE,CAAC,aAAa,CAAC,EAAE,cAAc,EAAE,CAAC,KAAK,CAAC,EAAE,SAAS,EAAE,EAAE,EAAE;SAClF,CAAC;QACF,IAAA,eAAM,EAAC,IAAA,0BAAc,EAAC,MAAM,EAAE,KAAK,CAAC,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IAC/D,CAAC,CAAC,CAAC;IAEH,IAAA,WAAE,EAAC,6CAA6C,EAAE,GAAG,EAAE;QACrD,MAAM,MAAM,GAAuB;YACjC,WAAW,EAAE,MAAM;YACnB,IAAI,EAAE,MAAM;YACZ,OAAO,EAAE,EAAE,GAAG,EAAE,uBAAuB,EAAE,MAAM,EAAE,KAAK,EAAE;SACzD,CAAC;QACF,MAAM,KAAK,GAAG;YACZ,GAAG,gCAAoB;YACvB,IAAI,EAAE,EAAE,cAAc,EAAE,EAAE,EAAE,cAAc,EAAE,CAAC,KAAK,CAAC,EAAE,SAAS,EAAE,CAAC,UAAU,CAAC,EAAE;SAC/E,CAAC;QACF,IAAA,eAAM,EAAC,IAAA,0BAAc,EAAC,MAAM,EAAE,KAAK,CAAC,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IAC/D,CAAC,CAAC,CAAC;IAEH,IAAA,WAAE,EAAC,0EAA0E,EAAE,GAAG,EAAE;QAClF,MAAM,MAAM,GAAuB,EAAE,WAAW,EAAE,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,OAAO,EAAE,EAAE,EAAE,CAAC;QACzF,MAAM,KAAK,GAAG,EAAE,GAAG,gCAAoB,EAAE,WAAW,EAAE,OAAgB,EAAE,KAAK,EAAE,EAAE,EAAE,CAAC;QACpF,MAAM,MAAM,GAAG,IAAA,0BAAc,EAAC,MAAM,EAAE,KAAK,CAAC,CAAC;QAC7C,IAAA,eAAM,EAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC;IACnD,CAAC,CAAC,CAAC;IAEH,IAAA,WAAE,EAAC,8EAA8E,EAAE,GAAG,EAAE;QACtF,MAAM,MAAM,GAAuB,EAAE,WAAW,EAAE,WAAW,EAAE,IAAI,EAAE,QAAQ,EAAE,OAAO,EAAE,EAAE,EAAE,CAAC;QAC7F,MAAM,KAAK,GAAG,EAAE,GAAG,gCAAoB,EAAE,WAAW,EAAE,OAAgB,EAAE,KAAK,EAAE,EAAE,EAAE,CAAC;QACpF,MAAM,MAAM,GAAG,IAAA,0BAAc,EAAC,MAAM,EAAE,KAAK,CAAC,CAAC;QAC7C,IAAA,eAAM,EAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC;IACnD,CAAC,CAAC,CAAC;IAEH,IAAA,WAAE,EAAC,wEAAwE,EAAE,GAAG,EAAE;QAChF,MAAM,MAAM,GAAuB,EAAE,WAAW,EAAE,OAAO,EAAE,IAAI,EAAE,mBAAmB,EAAE,OAAO,EAAE,EAAE,EAAE,CAAC;QACpG,MAAM,KAAK,GAAG;YACZ,GAAG,gCAAoB;YACvB,WAAW,EAAE,OAAgB;YAC7B,KAAK,EAAE,CAAC,EAAE,WAAW,EAAE,OAAgB,EAAE,QAAQ,EAAE,OAAgB,EAAE,CAAC;SACvE,CAAC;QACF,MAAM,MAAM,GAAG,IAAA,0BAAc,EAAC,MAAM,EAAE,KAAK,CAAC,CAAC;QAC7C,IAAA,eAAM,EAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC;IACnD,CAAC,CAAC,CAAC;IAEH,IAAA,WAAE,EAAC,4EAA4E,EAAE,GAAG,EAAE;QACpF,MAAM,MAAM,GAAuB,EAAE,WAAW,EAAE,WAAW,EAAE,IAAI,EAAE,eAAe,EAAE,OAAO,EAAE,EAAE,EAAE,CAAC;QACpG,MAAM,KAAK,GAAG;YACZ,GAAG,gCAAoB;YACvB,WAAW,EAAE,OAAgB;YAC7B,KAAK,EAAE,CAAC,EAAE,WAAW,EAAE,WAAoB,EAAE,QAAQ,EAAE,OAAgB,EAAE,CAAC;SAC3E,CAAC;QACF,MAAM,MAAM,GAAG,IAAA,0BAAc,EAAC,MAAM,EAAE,KAAK,CAAC,CAAC;QAC7C,IAAA,eAAM,EAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC;IACnD,CAAC,CAAC,CAAC;IAEH,IAAA,WAAE,EAAC,2EAA2E,EAAE,GAAG,EAAE;QACnF,MAAM,MAAM,GAAuB,EAAE,WAAW,EAAE,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,OAAO,EAAE,EAAE,EAAE,CAAC;QACzF,MAAM,KAAK,GAAG;YACZ,GAAG,gCAAoB;YACvB,WAAW,EAAE,OAAgB;YAC7B,KAAK,EAAE,CAAC,EAAE,WAAW,EAAE,OAAgB,EAAE,QAAQ,EAAE,OAAgB,EAAE,CAAC;SACvE,CAAC;QACF,IAAA,eAAM,EAAC,IAAA,0BAAc,EAAC,MAAM,EAAE,KAAK,CAAC,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IAC/D,CAAC,CAAC,CAAC;IAEH,IAAA,WAAE,EAAC,sCAAsC,EAAE,GAAG,EAAE;QAC9C,MAAM,MAAM,GAAuB;YACjC,WAAW,EAAE,WAAW;YACxB,IAAI,EAAE,QAAQ;YACd,OAAO,EAAE,EAAE;YACX,aAAa,EAAE,IAAI;SACpB,CAAC;QACF,MAAM,KAAK,GAAG,EAAE,GAAG,gCAAoB,EAAE,MAAM,EAAE,EAAE,gBAAgB,EAAE,GAAG,EAAE,EAAE,CAAC;QAC7E,IAAA,eAAM,EAAC,IAAA,0BAAc,EAAC,MAAM,EAAE,KAAK,CAAC,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IAC/D,CAAC,CAAC,CAAC;IAEH,wCAAwC;IAExC,IAAA,WAAE,EAAC,qEAAqE,EAAE,GAAG,EAAE;QAC7E,MAAM,MAAM,GAAuB;YACjC,WAAW,EAAE,MAAM;YACnB,IAAI,EAAE,UAAU;YAChB,OAAO,EAAE,EAAE,GAAG,EAAE,uBAAuB,EAAE,MAAM,EAAE,KAAK,EAAE;SACzD,CAAC;QACF,MAAM,KAAK,GAAG;YACZ,GAAG,gCAAoB;YACvB,IAAI,EAAE,EAAE,cAAc,EAAE,CAAC,aAAa,CAAC,EAAE,cAAc,EAAE,CAAC,KAAK,CAAC,EAAE,SAAS,EAAE,EAAE,EAAE;SAClF,CAAC;QACF,IAAA,eAAM,EAAC,IAAA,0BAAc,EAAC,MAAM,EAAE,KAAK,CAAC,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IAC/D,CAAC,CAAC,CAAC;IAEH,IAAA,WAAE,EAAC,qDAAqD,EAAE,GAAG,EAAE;QAC7D,MAAM,MAAM,GAAuB;YACjC,WAAW,EAAE,MAAM;YACnB,IAAI,EAAE,gBAAgB;YACtB,OAAO,EAAE,EAAE;SACZ,CAAC;QACF,MAAM,MAAM,GAAG,IAAA,0BAAc,EAAC,MAAM,EAAE,gCAAoB,CAAC,CAAC;QAC5D,IAAA,eAAM,EAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IACxC,CAAC,CAAC,CAAC;IAEH,yBAAyB;IAEzB,IAAA,WAAE,EAAC,kFAAkF,EAAE,GAAG,EAAE;QAC1F,MAAM,MAAM,GAAuB;YACjC,WAAW,EAAE,MAAM;YACnB,IAAI,EAAE,UAAU;YAChB,OAAO,EAAE,EAAE,GAAG,EAAE,0BAA0B,EAAE,MAAM,EAAE,KAAK,EAAE;SAC5D,CAAC;QACF,MAAM,KAAK,GAAG;YACZ,GAAG,gCAAoB;YACvB,IAAI,EAAE,EAAE,cAAc,EAAE,CAAC,aAAa,EAAE,aAAa,CAAC,EAAE,cAAc,EAAE,CAAC,KAAK,CAAC,EAAE,SAAS,EAAE,CAAC,UAAU,CAAC,EAAE;SAC3G,CAAC;QACF,IAAA,eAAM,EAAC,IAAA,0BAAc,EAAC,MAAM,EAAE,KAAK,CAAC,CAAC,QAAQ,CAAC,CAAC,GAAG,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IACnE,CAAC,CAAC,CAAC;IAEH,IAAA,WAAE,EAAC,+CAA+C,EAAE,GAAG,EAAE;QACvD,MAAM,MAAM,GAAuB;YACjC,WAAW,EAAE,MAAM;YACnB,IAAI,EAAE,UAAU;YAChB,OAAO,EAAE,EAAE;SACZ,CAAC;QACF,MAAM,KAAK,GAAG;YACZ,GAAG,gCAAoB;YACvB,IAAI,EAAE,EAAE,cAAc,EAAE,CAAC,aAAa,CAAC,EAAE,cAAc,EAAE,CAAC,KAAK,CAAC,EAAE,SAAS,EAAE,EAAE,EAAE;SAClF,CAAC;QACF,IAAA,eAAM,EAAC,IAAA,0BAAc,EAAC,MAAM,EAAE,KAAK,CAAC,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IAC/D,CAAC,CAAC,CAAC;IAEH,8BAA8B;IAE9B,IAAA,WAAE,EAAC,0CAA0C,EAAE,GAAG,EAAE;QAClD,MAAM,MAAM,GAAuB;YACjC,WAAW,EAAE,OAAO;YACpB,IAAI,EAAE,cAAc;YACpB,OAAO,EAAE,EAAE,GAAG,EAAE,qBAAqB,EAAE;SACxC,CAAC;QACF,MAAM,MAAM,GAAG,IAAA,0BAAc,EAAC,MAAM,EAAE,gCAAoB,CAAC,CAAC;QAC5D,IAAA,eAAM,EAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC;IACnD,CAAC,CAAC,CAAC;IAEH,IAAA,WAAE,EAAC,2EAA2E,EAAE,GAAG,EAAE;QACnF,MAAM,MAAM,GAAuB;YACjC,WAAW,EAAE,OAAO;YACpB,IAAI,EAAE,eAAe;YACrB,OAAO,EAAE,EAAE;SACZ,CAAC;QACF,MAAM,MAAM,GAAG,IAAA,0BAAc,EAAC,MAAM,EAAE,gCAAoB,CAAC,CAAC;QAC5D,IAAA,eAAM,EAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IACxC,CAAC,CAAC,CAAC;IAEH,8BAA8B;IAE9B,IAAA,WAAE,EAAC,mCAAmC,EAAE,GAAG,EAAE;QAC3C,MAAM,MAAM,GAAG;YACb,WAAW,EAAE,QAAkB;YAC/B,IAAI,EAAE,aAAa;YACnB,OAAO,EAAE,EAAE;SACZ,CAAC;QACF,MAAM,MAAM,GAAG,IAAA,0BAAc,EAAC,MAAM,EAAE,gCAAoB,CAAC,CAAC;QAC5D,IAAA,eAAM,EAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IACxC,CAAC,CAAC,CAAC;IAEH,iCAAiC;IAEjC,IAAA,WAAE,EAAC,+DAA+D,EAAE,GAAG,EAAE;QACvE,MAAM,MAAM,GAAuB;YACjC,WAAW,EAAE,OAAO;YACpB,IAAI,EAAE,MAAM;YACZ,OAAO,EAAE,EAAE;YACX,sCAAsC;SACvC,CAAC;QACF,MAAM,KAAK,GAAG,EAAE,GAAG,gCAAoB,EAAE,MAAM,EAAE,EAAE,gBAAgB,EAAE,GAAG,EAAE,EAAE,CAAC;QAC7E,uEAAuE;QACvE,IAAA,eAAM,EAAC,IAAA,0BAAc,EAAC,MAAM,EAAE,KAAK,CAAC,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC;IAC1E,CAAC,CAAC,CAAC;IAEH,wCAAwC;IAExC,IAAA,WAAE,EAAC,qEAAqE,EAAE,GAAG,EAAE;QAC7E,MAAM,MAAM,GAAuB;YACjC,WAAW,EAAE,MAAM;YACnB,IAAI,EAAE,UAAU;YAChB,OAAO,EAAE,EAAE,GAAG,EAAE,2BAA2B,EAAE,MAAM,EAAE,KAAK,EAAE;SAC7D,CAAC;QACF,MAAM,MAAM,GAAG,IAAA,0BAAc,EAAC,MAAM,EAAE,gCAAoB,CAAC,CAAC;QAC5D,IAAA,eAAM,EAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC;IACnD,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}