autotel-genai 0.2.1 → 0.3.0

package/dist/agent/index.cjs

@@ -1,7 +1,11 @@
 Object.defineProperty(exports, Symbol.toStringTag, { value: 'Module' });
-const require_agent = require('../agent-CiG_LZL8.cjs');
+const require_agent_security = require('../agent-security-BhUTos0B.cjs');
+const require_agent = require('../agent-2GmZ6vDV.cjs');
 
 exports.AGENT_AUDIT_SCHEMA_VERSION = require_agent.AGENT_AUDIT_SCHEMA_VERSION;
+exports.AGENT_PLAN_RISK_ATTR = require_agent.AGENT_PLAN_RISK_ATTR;
+exports.AGENT_SECURITY_ATTR = require_agent_security.AGENT_SECURITY_ATTR;
+exports.agentContextFromSpan = require_agent_security.agentContextFromSpan;
 exports.canonicalizeForHash = require_agent.canonicalizeForHash;
 exports.createAgentAuditMetadata = require_agent.createAgentAuditMetadata;
 exports.createAgentIdentityRegistry = require_agent.createAgentIdentityRegistry;
@@ -9,14 +13,27 @@ exports.createSignedEventEnvelope = require_agent.createSignedEventEnvelope;
 exports.defineAgentAction = require_agent.defineAgentAction;
 exports.defineAgentToolCall = require_agent.defineAgentToolCall;
 exports.delegateToAgent = require_agent.delegateToAgent;
+exports.deriveActionRiskClass = require_agent_security.deriveActionRiskClass;
 exports.flattenAgentAttributes = require_agent.flattenAgentAttributes;
 exports.hashPayload = require_agent.hashPayload;
+exports.heuristicPlanRiskClassifier = require_agent.heuristicPlanRiskClassifier;
+exports.recordActionRiskClass = require_agent_security.recordActionRiskClass;
+exports.recordActiveScopes = require_agent_security.recordActiveScopes;
 exports.recordAgentHandoff = require_agent.recordAgentHandoff;
+exports.recordControllerId = require_agent_security.recordControllerId;
 exports.recordDecisionBasis = require_agent.recordDecisionBasis;
+exports.recordHumanApproval = require_agent_security.recordHumanApproval;
+exports.recordInputProvenance = require_agent_security.recordInputProvenance;
+exports.recordMemoryAccess = require_agent_security.recordMemoryAccess;
+exports.recordPlanRiskAssessment = require_agent.recordPlanRiskAssessment;
+exports.recordPlanStep = require_agent_security.recordPlanStep;
 exports.recordPolicyDecision = require_agent.recordPolicyDecision;
+exports.recordRenderOutput = require_agent_security.recordRenderOutput;
 exports.resolvePrivacyProfile = require_agent.resolvePrivacyProfile;
+exports.runAgentPlanClassifier = require_agent.runAgentPlanClassifier;
 exports.sanitizeAuditPayload = require_agent.sanitizeAuditPayload;
 exports.setAgentAttributes = require_agent.setAgentAttributes;
+exports.tryRecordHumanApproval = require_agent_security.tryRecordHumanApproval;
 exports.verifyEventEnvelopeHash = require_agent.verifyEventEnvelopeHash;
 exports.withAgentAction = require_agent.withAgentAction;
 exports.withAgentSession = require_agent.withAgentSession;

package/dist/agent/index.d.cts

@@ -1,3 +1,4 @@
-import { $ as ToolCallMetadata, A as AgentAuditEventEnvelope, B as AgentSessionActionMetadata, C as flattenAgentAttributes, D as AgentActionMetadata, E as AgentActionFactory, F as AgentIdentityRecord, G as AiLifecycleStage, H as AgentSessionStatus, I as AgentIdentityRegistry, J as PolicyDecision, K as DelegationContext, L as AgentIdentityStatus, M as AgentEventKind, N as AgentHandler, O as AgentActionOptions, P as AgentIdentity, Q as ScopedToolDefinition, R as AgentMetadataInput, S as recordAgentHandoff, T as createAgentAuditMetadata, U as AgentToolCallActionMetadata, V as AgentSessionMetadata, W as AgentToolCallOptions, X as PrivacyProfile, Y as PolicyMetadata, Z as PrivacyProfileName, _ as withAgentAction, a as PrivacyProfileInput, at as AGENT_AUDIT_SCHEMA_VERSION, b as RecordAgentHandoffMetadata, c as ProvisionAgentIdentityInput, d as createAgentIdentityRegistry, et as ToolStatus, f as withAgentSession, g as recordPolicyDecision, h as recordDecisionBasis, i as verifyEventEnvelopeHash, it as hashPayload, j as AgentDecisionMetadata, k as AgentAiMetadata, l as RevokeAgentIdentityInput, m as defineAgentToolCall, n as CreateSignedEventEnvelopeOptions, nt as HashPayloadOptions, o as resolvePrivacyProfile, p as defineAgentAction, q as GovernanceMetadata, r as createSignedEventEnvelope, rt as canonicalizeForHash, s as sanitizeAuditPayload, t as withScopedTool, tt as AgentContext, u as RotateAgentIdentityInput, v as withAgentToolCall, w as setAgentAttributes, x as delegateToAgent, y as DelegateToAgentInput, z as AgentOutcome } from "../index-DMz730Z-.cjs";
+import { $ as AgentToolCallOptions, A as delegateToAgent, B as AgentDecisionMetadata, C as defineAgentToolCall, D as withAgentToolCall, E as withAgentAction, F as AgentActionFactory, G as AgentIdentityRegistry, H as AgentHandler, I as AgentActionMetadata, J as AgentOutcome, K as AgentIdentityStatus, L as AgentActionOptions, M as flattenAgentAttributes, N as setAgentAttributes, O as DelegateToAgentInput, P as createAgentAuditMetadata, Q as AgentToolCallActionMetadata, R as AgentAiMetadata, S as defineAgentAction, T as recordPolicyDecision, U as AgentIdentity, V as AgentEventKind, W as AgentIdentityRecord, X as AgentSessionMetadata, Y as AgentSessionActionMetadata, Z as AgentSessionStatus, _ as ProvisionAgentIdentityInput, a as AgentPlanRiskVerdict, at as PrivacyProfile, b as createAgentIdentityRegistry, c as recordPlanRiskAssessment, ct as ToolCallMetadata, d as CreateSignedEventEnvelopeOptions, dt as canonicalizeForHash, et as AiLifecycleStage, f as createSignedEventEnvelope, ft as hashPayload, g as sanitizeAuditPayload, h as resolvePrivacyProfile, i as AgentPlanClassifierResult, it as PolicyMetadata, j as recordAgentHandoff, k as RecordAgentHandoffMetadata, l as runAgentPlanClassifier, lt as ToolStatus, m as PrivacyProfileInput, n as AgentPlanClassifier, nt as GovernanceMetadata, o as RecordPlanRiskAssessmentOptions, ot as PrivacyProfileName, p as verifyEventEnvelopeHash, pt as AGENT_AUDIT_SCHEMA_VERSION, q as AgentMetadataInput, r as AgentPlanClassifierInput, rt as PolicyDecision, s as heuristicPlanRiskClassifier, st as ScopedToolDefinition, t as AGENT_PLAN_RISK_ATTR, tt as DelegationContext, u as withScopedTool, ut as HashPayloadOptions, v as RevokeAgentIdentityInput, w as recordDecisionBasis, x as withAgentSession, y as RotateAgentIdentityInput, z as AgentAuditEventEnvelope } from "../index-DyghHy5i.cjs";
 import { a as TokenUsage, i as ModelPricing } from "../cost-DXTkBUUW.cjs";
-export { AGENT_AUDIT_SCHEMA_VERSION, type AgentActionFactory, type AgentActionMetadata, type AgentActionOptions, type AgentAiMetadata, type AgentAuditEventEnvelope, type AgentContext, type AgentDecisionMetadata, type AgentEventKind, type AgentHandler, type AgentIdentity, type AgentIdentityRecord, type AgentIdentityRegistry, type AgentIdentityStatus, type AgentMetadataInput, type AgentOutcome, type AgentSessionActionMetadata, type AgentSessionMetadata, type AgentSessionStatus, type AgentToolCallActionMetadata, type AgentToolCallOptions, type AiLifecycleStage, type CreateSignedEventEnvelopeOptions, type DelegateToAgentInput, type DelegationContext, type GovernanceMetadata, type HashPayloadOptions, type ModelPricing, type PolicyDecision, type PolicyMetadata, type PrivacyProfile, type PrivacyProfileInput, type PrivacyProfileName, type ProvisionAgentIdentityInput, type RecordAgentHandoffMetadata, type RevokeAgentIdentityInput, type RotateAgentIdentityInput, type ScopedToolDefinition, type TokenUsage, type ToolCallMetadata, type ToolStatus, canonicalizeForHash, createAgentAuditMetadata, createAgentIdentityRegistry, createSignedEventEnvelope, defineAgentAction, defineAgentToolCall, delegateToAgent, flattenAgentAttributes, hashPayload, recordAgentHandoff, recordDecisionBasis, recordPolicyDecision, resolvePrivacyProfile, sanitizeAuditPayload, setAgentAttributes, verifyEventEnvelopeHash, withAgentAction, withAgentSession, withAgentToolCall, withScopedTool };
+import { C as recordPlanStep, D as agentContextFromSpan, E as AgentContext, S as recordMemoryAccess, T as tryRecordHumanApproval, _ as recordActionRiskClass, a as AgentInputProvenance, b as recordHumanApproval, c as AgentSecurityRecordOptions, d as RecordHumanApprovalInput, f as RecordInputProvenanceInput, g as deriveActionRiskClass, h as RecordRenderOutputInput, i as AgentConsentOutcome, l as RecordActiveScopesInput, m as RecordPlanStepInput, n as ActionRiskHints, o as AgentMemoryOperation, p as RecordMemoryAccessInput, r as AgentActionRiskClass, s as AgentOutputFormat, t as AGENT_SECURITY_ATTR, u as RecordControllerInput, v as recordActiveScopes, w as recordRenderOutput, x as recordInputProvenance, y as recordControllerId } from "../agent-security-N6nE3V3A.cjs";
+export { AGENT_AUDIT_SCHEMA_VERSION, AGENT_PLAN_RISK_ATTR, AGENT_SECURITY_ATTR, type ActionRiskHints, type AgentActionFactory, type AgentActionMetadata, type AgentActionOptions, type AgentActionRiskClass, type AgentAiMetadata, type AgentAuditEventEnvelope, type AgentConsentOutcome, type AgentContext, type AgentDecisionMetadata, type AgentEventKind, type AgentHandler, type AgentIdentity, type AgentIdentityRecord, type AgentIdentityRegistry, type AgentIdentityStatus, type AgentInputProvenance, type AgentMemoryOperation, type AgentMetadataInput, type AgentOutcome, type AgentOutputFormat, type AgentPlanClassifier, type AgentPlanClassifierInput, type AgentPlanClassifierResult, type AgentPlanRiskVerdict, type AgentSecurityRecordOptions, type AgentSessionActionMetadata, type AgentSessionMetadata, type AgentSessionStatus, type AgentToolCallActionMetadata, type AgentToolCallOptions, type AiLifecycleStage, type CreateSignedEventEnvelopeOptions, type DelegateToAgentInput, type DelegationContext, type GovernanceMetadata, type HashPayloadOptions, type ModelPricing, type PolicyDecision, type PolicyMetadata, type PrivacyProfile, type PrivacyProfileInput, type PrivacyProfileName, type ProvisionAgentIdentityInput, type RecordActiveScopesInput, type RecordAgentHandoffMetadata, type RecordControllerInput, type RecordHumanApprovalInput, type RecordInputProvenanceInput, type RecordMemoryAccessInput, type RecordPlanRiskAssessmentOptions, type RecordPlanStepInput, type RecordRenderOutputInput, type RevokeAgentIdentityInput, type RotateAgentIdentityInput, type ScopedToolDefinition, type TokenUsage, type ToolCallMetadata, type ToolStatus, agentContextFromSpan, canonicalizeForHash, createAgentAuditMetadata, createAgentIdentityRegistry, createSignedEventEnvelope, defineAgentAction, defineAgentToolCall, delegateToAgent, deriveActionRiskClass, flattenAgentAttributes, hashPayload, heuristicPlanRiskClassifier, recordActionRiskClass, recordActiveScopes, recordAgentHandoff, recordControllerId, recordDecisionBasis, recordHumanApproval, recordInputProvenance, recordMemoryAccess, recordPlanRiskAssessment, recordPlanStep, recordPolicyDecision, recordRenderOutput, resolvePrivacyProfile, runAgentPlanClassifier, sanitizeAuditPayload, setAgentAttributes, tryRecordHumanApproval, verifyEventEnvelopeHash, withAgentAction, withAgentSession, withAgentToolCall, withScopedTool };

package/dist/agent/index.d.ts

@@ -1,3 +1,4 @@
-import { $ as ToolCallMetadata, A as AgentAuditEventEnvelope, B as AgentSessionActionMetadata, C as flattenAgentAttributes, D as AgentActionMetadata, E as AgentActionFactory, F as AgentIdentityRecord, G as AiLifecycleStage, H as AgentSessionStatus, I as AgentIdentityRegistry, J as PolicyDecision, K as DelegationContext, L as AgentIdentityStatus, M as AgentEventKind, N as AgentHandler, O as AgentActionOptions, P as AgentIdentity, Q as ScopedToolDefinition, R as AgentMetadataInput, S as recordAgentHandoff, T as createAgentAuditMetadata, U as AgentToolCallActionMetadata, V as AgentSessionMetadata, W as AgentToolCallOptions, X as PrivacyProfile, Y as PolicyMetadata, Z as PrivacyProfileName, _ as withAgentAction, a as PrivacyProfileInput, at as AGENT_AUDIT_SCHEMA_VERSION, b as RecordAgentHandoffMetadata, c as ProvisionAgentIdentityInput, d as createAgentIdentityRegistry, et as ToolStatus, f as withAgentSession, g as recordPolicyDecision, h as recordDecisionBasis, i as verifyEventEnvelopeHash, it as hashPayload, j as AgentDecisionMetadata, k as AgentAiMetadata, l as RevokeAgentIdentityInput, m as defineAgentToolCall, n as CreateSignedEventEnvelopeOptions, nt as HashPayloadOptions, o as resolvePrivacyProfile, p as defineAgentAction, q as GovernanceMetadata, r as createSignedEventEnvelope, rt as canonicalizeForHash, s as sanitizeAuditPayload, t as withScopedTool, tt as AgentContext, u as RotateAgentIdentityInput, v as withAgentToolCall, w as setAgentAttributes, x as delegateToAgent, y as DelegateToAgentInput, z as AgentOutcome } from "../index-CedOJ0OP.js";
+import { $ as AgentToolCallOptions, A as delegateToAgent, B as AgentDecisionMetadata, C as defineAgentToolCall, D as withAgentToolCall, E as withAgentAction, F as AgentActionFactory, G as AgentIdentityRegistry, H as AgentHandler, I as AgentActionMetadata, J as AgentOutcome, K as AgentIdentityStatus, L as AgentActionOptions, M as flattenAgentAttributes, N as setAgentAttributes, O as DelegateToAgentInput, P as createAgentAuditMetadata, Q as AgentToolCallActionMetadata, R as AgentAiMetadata, S as defineAgentAction, T as recordPolicyDecision, U as AgentIdentity, V as AgentEventKind, W as AgentIdentityRecord, X as AgentSessionMetadata, Y as AgentSessionActionMetadata, Z as AgentSessionStatus, _ as ProvisionAgentIdentityInput, a as AgentPlanRiskVerdict, at as PrivacyProfile, b as createAgentIdentityRegistry, c as recordPlanRiskAssessment, ct as ToolCallMetadata, d as CreateSignedEventEnvelopeOptions, dt as canonicalizeForHash, et as AiLifecycleStage, f as createSignedEventEnvelope, ft as hashPayload, g as sanitizeAuditPayload, h as resolvePrivacyProfile, i as AgentPlanClassifierResult, it as PolicyMetadata, j as recordAgentHandoff, k as RecordAgentHandoffMetadata, l as runAgentPlanClassifier, lt as ToolStatus, m as PrivacyProfileInput, n as AgentPlanClassifier, nt as GovernanceMetadata, o as RecordPlanRiskAssessmentOptions, ot as PrivacyProfileName, p as verifyEventEnvelopeHash, pt as AGENT_AUDIT_SCHEMA_VERSION, q as AgentMetadataInput, r as AgentPlanClassifierInput, rt as PolicyDecision, s as heuristicPlanRiskClassifier, st as ScopedToolDefinition, t as AGENT_PLAN_RISK_ATTR, tt as DelegationContext, u as withScopedTool, ut as HashPayloadOptions, v as RevokeAgentIdentityInput, w as recordDecisionBasis, x as withAgentSession, y as RotateAgentIdentityInput, z as AgentAuditEventEnvelope } from "../index-Dxt0bm0M.js";
 import { a as TokenUsage, i as ModelPricing } from "../cost-DXTkBUUW.js";
-export { AGENT_AUDIT_SCHEMA_VERSION, type AgentActionFactory, type AgentActionMetadata, type AgentActionOptions, type AgentAiMetadata, type AgentAuditEventEnvelope, type AgentContext, type AgentDecisionMetadata, type AgentEventKind, type AgentHandler, type AgentIdentity, type AgentIdentityRecord, type AgentIdentityRegistry, type AgentIdentityStatus, type AgentMetadataInput, type AgentOutcome, type AgentSessionActionMetadata, type AgentSessionMetadata, type AgentSessionStatus, type AgentToolCallActionMetadata, type AgentToolCallOptions, type AiLifecycleStage, type CreateSignedEventEnvelopeOptions, type DelegateToAgentInput, type DelegationContext, type GovernanceMetadata, type HashPayloadOptions, type ModelPricing, type PolicyDecision, type PolicyMetadata, type PrivacyProfile, type PrivacyProfileInput, type PrivacyProfileName, type ProvisionAgentIdentityInput, type RecordAgentHandoffMetadata, type RevokeAgentIdentityInput, type RotateAgentIdentityInput, type ScopedToolDefinition, type TokenUsage, type ToolCallMetadata, type ToolStatus, canonicalizeForHash, createAgentAuditMetadata, createAgentIdentityRegistry, createSignedEventEnvelope, defineAgentAction, defineAgentToolCall, delegateToAgent, flattenAgentAttributes, hashPayload, recordAgentHandoff, recordDecisionBasis, recordPolicyDecision, resolvePrivacyProfile, sanitizeAuditPayload, setAgentAttributes, verifyEventEnvelopeHash, withAgentAction, withAgentSession, withAgentToolCall, withScopedTool };
+import { C as recordPlanStep, D as agentContextFromSpan, E as AgentContext, S as recordMemoryAccess, T as tryRecordHumanApproval, _ as recordActionRiskClass, a as AgentInputProvenance, b as recordHumanApproval, c as AgentSecurityRecordOptions, d as RecordHumanApprovalInput, f as RecordInputProvenanceInput, g as deriveActionRiskClass, h as RecordRenderOutputInput, i as AgentConsentOutcome, l as RecordActiveScopesInput, m as RecordPlanStepInput, n as ActionRiskHints, o as AgentMemoryOperation, p as RecordMemoryAccessInput, r as AgentActionRiskClass, s as AgentOutputFormat, t as AGENT_SECURITY_ATTR, u as RecordControllerInput, v as recordActiveScopes, w as recordRenderOutput, x as recordInputProvenance, y as recordControllerId } from "../agent-security-N6nE3V3A.js";
+export { AGENT_AUDIT_SCHEMA_VERSION, AGENT_PLAN_RISK_ATTR, AGENT_SECURITY_ATTR, type ActionRiskHints, type AgentActionFactory, type AgentActionMetadata, type AgentActionOptions, type AgentActionRiskClass, type AgentAiMetadata, type AgentAuditEventEnvelope, type AgentConsentOutcome, type AgentContext, type AgentDecisionMetadata, type AgentEventKind, type AgentHandler, type AgentIdentity, type AgentIdentityRecord, type AgentIdentityRegistry, type AgentIdentityStatus, type AgentInputProvenance, type AgentMemoryOperation, type AgentMetadataInput, type AgentOutcome, type AgentOutputFormat, type AgentPlanClassifier, type AgentPlanClassifierInput, type AgentPlanClassifierResult, type AgentPlanRiskVerdict, type AgentSecurityRecordOptions, type AgentSessionActionMetadata, type AgentSessionMetadata, type AgentSessionStatus, type AgentToolCallActionMetadata, type AgentToolCallOptions, type AiLifecycleStage, type CreateSignedEventEnvelopeOptions, type DelegateToAgentInput, type DelegationContext, type GovernanceMetadata, type HashPayloadOptions, type ModelPricing, type PolicyDecision, type PolicyMetadata, type PrivacyProfile, type PrivacyProfileInput, type PrivacyProfileName, type ProvisionAgentIdentityInput, type RecordActiveScopesInput, type RecordAgentHandoffMetadata, type RecordControllerInput, type RecordHumanApprovalInput, type RecordInputProvenanceInput, type RecordMemoryAccessInput, type RecordPlanRiskAssessmentOptions, type RecordPlanStepInput, type RecordRenderOutputInput, type RevokeAgentIdentityInput, type RotateAgentIdentityInput, type ScopedToolDefinition, type TokenUsage, type ToolCallMetadata, type ToolStatus, agentContextFromSpan, canonicalizeForHash, createAgentAuditMetadata, createAgentIdentityRegistry, createSignedEventEnvelope, defineAgentAction, defineAgentToolCall, delegateToAgent, deriveActionRiskClass, flattenAgentAttributes, hashPayload, heuristicPlanRiskClassifier, recordActionRiskClass, recordActiveScopes, recordAgentHandoff, recordControllerId, recordDecisionBasis, recordHumanApproval, recordInputProvenance, recordMemoryAccess, recordPlanRiskAssessment, recordPlanStep, recordPolicyDecision, recordRenderOutput, resolvePrivacyProfile, runAgentPlanClassifier, sanitizeAuditPayload, setAgentAttributes, tryRecordHumanApproval, verifyEventEnvelopeHash, withAgentAction, withAgentSession, withAgentToolCall, withScopedTool };

package/dist/agent/index.js

@@ -1,3 +1,4 @@
-import { _ as setAgentAttributes, a as sanitizeAuditPayload, b as hashPayload, c as delegateToAgent, d as defineAgentToolCall, f as recordDecisionBasis, g as flattenAgentAttributes, h as withAgentToolCall, i as resolvePrivacyProfile, l as recordAgentHandoff, m as withAgentAction, n as createSignedEventEnvelope, o as createAgentIdentityRegistry, p as recordPolicyDecision, r as verifyEventEnvelopeHash, s as withAgentSession, t as withScopedTool, u as defineAgentAction, v as createAgentAuditMetadata, x as AGENT_AUDIT_SCHEMA_VERSION, y as canonicalizeForHash } from "../agent-DZL-uNAc.js";
+import { a as recordControllerId, c as recordMemoryAccess, d as tryRecordHumanApproval, i as recordActiveScopes, l as recordPlanStep, n as deriveActionRiskClass, o as recordHumanApproval, p as agentContextFromSpan, r as recordActionRiskClass, s as recordInputProvenance, t as AGENT_SECURITY_ATTR, u as recordRenderOutput } from "../agent-security-ChL0rIh-.js";
+import { C as canonicalizeForHash, S as createAgentAuditMetadata, T as AGENT_AUDIT_SCHEMA_VERSION, _ as recordPolicyDecision, a as withScopedTool, b as flattenAgentAttributes, c as resolvePrivacyProfile, d as withAgentSession, f as delegateToAgent, g as recordDecisionBasis, h as defineAgentToolCall, i as runAgentPlanClassifier, l as sanitizeAuditPayload, m as defineAgentAction, n as heuristicPlanRiskClassifier, o as createSignedEventEnvelope, p as recordAgentHandoff, r as recordPlanRiskAssessment, s as verifyEventEnvelopeHash, t as AGENT_PLAN_RISK_ATTR, u as createAgentIdentityRegistry, v as withAgentAction, w as hashPayload, x as setAgentAttributes, y as withAgentToolCall } from "../agent-yHB-GF6g.js";
 
-export { AGENT_AUDIT_SCHEMA_VERSION, canonicalizeForHash, createAgentAuditMetadata, createAgentIdentityRegistry, createSignedEventEnvelope, defineAgentAction, defineAgentToolCall, delegateToAgent, flattenAgentAttributes, hashPayload, recordAgentHandoff, recordDecisionBasis, recordPolicyDecision, resolvePrivacyProfile, sanitizeAuditPayload, setAgentAttributes, verifyEventEnvelopeHash, withAgentAction, withAgentSession, withAgentToolCall, withScopedTool };
+export { AGENT_AUDIT_SCHEMA_VERSION, AGENT_PLAN_RISK_ATTR, AGENT_SECURITY_ATTR, agentContextFromSpan, canonicalizeForHash, createAgentAuditMetadata, createAgentIdentityRegistry, createSignedEventEnvelope, defineAgentAction, defineAgentToolCall, delegateToAgent, deriveActionRiskClass, flattenAgentAttributes, hashPayload, heuristicPlanRiskClassifier, recordActionRiskClass, recordActiveScopes, recordAgentHandoff, recordControllerId, recordDecisionBasis, recordHumanApproval, recordInputProvenance, recordMemoryAccess, recordPlanRiskAssessment, recordPlanStep, recordPolicyDecision, recordRenderOutput, resolvePrivacyProfile, runAgentPlanClassifier, sanitizeAuditPayload, setAgentAttributes, tryRecordHumanApproval, verifyEventEnvelopeHash, withAgentAction, withAgentSession, withAgentToolCall, withScopedTool };

package/dist/{agent-CiG_LZL8.cjs → agent-2GmZ6vDV.cjs}

@@ -1,8 +1,9 @@
 const require_cost = require('./cost.cjs');
 const require_attributes = require('./attributes-dxuRzqXC.cjs');
+const require_agent_security = require('./agent-security-BhUTos0B.cjs');
 let autotel = require("autotel");
-let node_crypto = require("node:crypto");
 let autotel_audit = require("autotel-audit");
+let node_crypto = require("node:crypto");
 
 //#region src/agent/constants.ts
 const AGENT_AUDIT_SCHEMA_VERSION = "1.1.0";
@@ -159,68 +160,10 @@ function buildLifecycleUpdateContext(metadata) {
 	};
 }
 
-//#endregion
-//#region src/agent/context.ts
-const MISSING_CONTEXT_MESSAGE = "[autotel-genai] No active trace context. Wrap the call in trace()/instrument(), pass options.ctx, or set options.onMissingContext to \"warn\"/\"skip\" to degrade gracefully instead of throwing.";
-/**
-* Resolve an agent context without throwing. Returns `null` when no trace context
-* is available, so callers can degrade gracefully (best-effort instrumentation).
-*/
-const INVALID_TRACE_ID = "00000000000000000000000000000000";
-function resolveContextSafe(ctx) {
-	if (ctx) return ctx;
-	const span = autotel.otelTrace.getActiveSpan();
-	if (!span) return null;
-	const ids = (0, autotel.getTraceContext)();
-	const sc = span.spanContext();
-	const traceId = ids?.traceId ?? sc.traceId;
-	if (!traceId || traceId === INVALID_TRACE_ID) return null;
-	return {
-		traceId,
-		spanId: ids?.spanId ?? sc.spanId,
-		correlationId: ids?.correlationId ?? traceId.slice(0, 16),
-		setAttribute: (key, value) => span.setAttribute(key, value),
-		setAttributes: (attrs) => span.setAttributes(attrs)
-	};
-}
-function resolveContext(ctx) {
-	const resolved = resolveContextSafe(ctx);
-	if (resolved) return resolved;
-	throw new Error(MISSING_CONTEXT_MESSAGE);
-}
-const warnedMissingContext = /* @__PURE__ */ new Set();
-/** Warn (once per action) that an agent action is running without a trace context. */
-function warnMissingContextOnce(action) {
-	if (warnedMissingContext.has(action)) return;
-	warnedMissingContext.add(action);
-	console.warn(`[autotel-genai] No active trace context for "${action}" — running un-audited. Wrap the call in trace()/instrument() or pass options.ctx to capture agent audit telemetry. (set options.onMissingContext: "throw" to fail fast, or "skip" to silence this warning)`);
-}
-function toAttributeValue(value) {
-	if (typeof value === "string" || typeof value === "number" || typeof value === "boolean") return value;
-	if (Array.isArray(value)) {
-		if (value.every((entry) => typeof entry === "string")) return value;
-		if (value.every((entry) => typeof entry === "number")) return value;
-		if (value.every((entry) => typeof entry === "boolean")) return value;
-		try {
-			return JSON.stringify(value);
-		} catch {
-			return "<serialization-failed>";
-		}
-	}
-	if (value instanceof Date) return value.toISOString();
-	if (typeof value === "bigint") return value.toString(10);
-	if (value === null || value === void 0) return;
-	try {
-		return JSON.stringify(value);
-	} catch {
-		return "<serialization-failed>";
-	}
-}
-
 //#endregion
 //#region src/agent/attributes.ts
 function setIfPresent(target, key, value) {
-	const attr = toAttributeValue(value);
+	const attr = require_agent_security.toAttributeValue(value);
 	if (attr !== void 0) target[key] = attr;
 }
 function appendIdentityAttributes(attrs, agent) {
@@ -307,7 +250,7 @@ function flattenAgentAttributes(metadata) {
 	return attrs;
 }
 function setAgentAttributes(metadata, ctx) {
-	resolveContext(ctx).setAttributes(flattenAgentAttributes(metadata));
+	require_agent_security.resolveContext(ctx).setAttributes(flattenAgentAttributes(metadata));
 }
 /**
 * Stamp only the terminal outcome on the active span. Used by lifecycle
@@ -315,7 +258,7 @@ function setAgentAttributes(metadata, ctx) {
 * nested step already wrote — e.g. a tool call's `tool.status=complete`.
 */
 function setAgentOutcome(outcome, ctx) {
-	resolveContext(ctx).setAttribute("agent.outcome", outcome);
+	require_agent_security.resolveContext(ctx).setAttribute("agent.outcome", outcome);
 }
 
 //#endregion
@@ -374,11 +317,11 @@ async function withAgentAction(metadata, fn, options = {}) {
 }
 function recordPolicyDecision(metadata, options = {}) {
 	const normalized = normalizeMetadata(metadata);
-	const traceCtx = resolveContextSafe(options.ctx);
+	const traceCtx = require_agent_security.resolveContextSafe(options.ctx);
 	if (!traceCtx) {
 		const mode = options.onMissingContext ?? "warn";
-		if (mode === "throw") throw new Error(MISSING_CONTEXT_MESSAGE);
-		if (mode === "warn") warnMissingContextOnce(normalized.action);
+		if (mode === "throw") throw new Error(require_agent_security.MISSING_CONTEXT_MESSAGE);
+		if (mode === "warn") require_agent_security.warnMissingContextOnce(normalized.action);
 		return;
 	}
 	const logger = options.logger ?? (0, autotel.getRequestLoggerSafe)() ?? (0, autotel.createNoopRequestLogger)();
@@ -906,6 +849,19 @@ async function withScopedTool(definition, input, fn, options = {}) {
 			governance,
 			decision: buildDecision(input, definition.decision, definition.privacyProfile)
 		}, options);
+		(0, autotel_audit.securityEvent)({
+			name: "llm.tool_call.denied",
+			category: "llm",
+			outcome: "denied",
+			severity: "warning",
+			reason: denial.reason,
+			targetType: "tool",
+			targetId: definition.tool.name,
+			policyId: definition.policyId
+		}, {
+			ctx: options.ctx,
+			onMissingContext: options.onMissingContext ?? "warn"
+		});
 		throw (0, autotel.createStructuredError)({
 			status: 403,
 			code: "AGENT_SCOPE_DENIED",
@@ -946,6 +902,99 @@ async function withScopedTool(definition, input, fn, options = {}) {
 	}, fn, options);
 }
 
+//#endregion
+//#region src/agent/agent-plan-classifier.ts
+/** Canonical plan-risk attribute keys (Google SAIF plan-risk predictor aligned). */
+const AGENT_PLAN_RISK_ATTR = {
+	verdict: "agent.plan.risk.verdict",
+	score: "agent.plan.risk.score",
+	categories: "agent.plan.risk.categories",
+	toolSequence: "agent.plan.risk.tool_sequence"
+};
+function setPlanRiskAttrs(ctx, attrs) {
+	const traceCtx = require_agent_security.resolveContext(ctx);
+	const mapped = {};
+	for (const [key, value] of Object.entries(attrs)) {
+		const attr = require_agent_security.toAttributeValue(value);
+		if (attr !== void 0) mapped[key] = attr;
+	}
+	if (Object.keys(mapped).length > 0) traceCtx.setAttributes(mapped);
+}
+/**
+* Stamp plan-risk assessment attrs on the active span.
+*/
+function recordPlanRiskAssessment(options) {
+	const { assessment, toolSequence } = options;
+	setPlanRiskAttrs(options.ctx, {
+		[AGENT_PLAN_RISK_ATTR.verdict]: assessment.verdict,
+		...assessment.score !== void 0 && { [AGENT_PLAN_RISK_ATTR.score]: assessment.score },
+		...assessment.categories?.length && { [AGENT_PLAN_RISK_ATTR.categories]: assessment.categories },
+		...toolSequence?.length && { [AGENT_PLAN_RISK_ATTR.toolSequence]: toolSequence },
+		...assessment.reason !== void 0 && { "decision.summary": assessment.reason }
+	});
+	if (options.emitSecurityEvent && assessment.verdict !== "low") (0, autotel_audit.securityEvent)({
+		name: "llm.plan.risk.elevated",
+		category: "llm",
+		outcome: assessment.verdict === "critical" ? "blocked" : "denied",
+		severity: assessment.verdict === "critical" ? "critical" : assessment.verdict === "high" ? "error" : "warning",
+		reason: assessment.reason ?? assessment.verdict,
+		...assessment.score !== void 0 && { score: assessment.score },
+		...assessment.categories?.length && { categories: assessment.categories.join(",") }
+	}, { ctx: options.ctx });
+}
+/**
+* Run a pluggable plan-risk classifier and record its verdict on the span.
+* Classifier failures degrade quietly (no assessment recorded).
+*/
+async function runAgentPlanClassifier(classifier, input, options = {}) {
+	let assessment;
+	try {
+		assessment = await classifier(input);
+	} catch {
+		return;
+	}
+	if (!assessment) return void 0;
+	recordPlanRiskAssessment({
+		...options,
+		assessment,
+		toolSequence: input.toolSequence
+	});
+	return assessment;
+}
+const DESTRUCTIVE_TOOL = /\b(delete|remove|send|post|transfer|pay|upload|execute)\b/i;
+const UNTRUSTED_READ = /\b(read|fetch|get|search|load|parse|inbox|email|web|scrape)\b/i;
+/**
+* Dependency-free first-pass plan-risk heuristic. Opt-in — pass as
+* `AgentPlanClassifier` or wrap your own Model Armor / Llama Guard adapter.
+*/
+function heuristicPlanRiskClassifier() {
+	return ({ toolSequence }) => {
+		if (toolSequence.length === 0) return {
+			verdict: "low",
+			score: 0
+		};
+		const normalized = toolSequence.map((name) => name.replaceAll("_", " "));
+		const hasDestructive = normalized.some((name) => DESTRUCTIVE_TOOL.test(name));
+		const hasUntrustedRead = normalized.some((name) => UNTRUSTED_READ.test(name));
+		if (hasDestructive && hasUntrustedRead) return {
+			verdict: "high",
+			score: .85,
+			categories: ["untrusted_to_destructive_chain"],
+			reason: "mixed_untrusted_and_destructive_tools"
+		};
+		if (toolSequence.length >= 8) return {
+			verdict: "medium",
+			score: .55,
+			categories: ["long_tool_chain"],
+			reason: "long_tool_sequence"
+		};
+		return {
+			verdict: "low",
+			score: .1
+		};
+	};
+}
+
 //#endregion
 Object.defineProperty(exports, 'AGENT_AUDIT_SCHEMA_VERSION', {
   enumerable: true,
@@ -953,6 +1002,12 @@ Object.defineProperty(exports, 'AGENT_AUDIT_SCHEMA_VERSION', {
     return AGENT_AUDIT_SCHEMA_VERSION;
   }
 });
+Object.defineProperty(exports, 'AGENT_PLAN_RISK_ATTR', {
+  enumerable: true,
+  get: function () {
+    return AGENT_PLAN_RISK_ATTR;
+  }
+});
 Object.defineProperty(exports, 'canonicalizeForHash', {
   enumerable: true,
   get: function () {
@@ -1007,6 +1062,12 @@ Object.defineProperty(exports, 'hashPayload', {
     return hashPayload;
   }
 });
+Object.defineProperty(exports, 'heuristicPlanRiskClassifier', {
+  enumerable: true,
+  get: function () {
+    return heuristicPlanRiskClassifier;
+  }
+});
 Object.defineProperty(exports, 'recordAgentHandoff', {
   enumerable: true,
   get: function () {
@@ -1019,6 +1080,12 @@ Object.defineProperty(exports, 'recordDecisionBasis', {
     return recordDecisionBasis;
   }
 });
+Object.defineProperty(exports, 'recordPlanRiskAssessment', {
+  enumerable: true,
+  get: function () {
+    return recordPlanRiskAssessment;
+  }
+});
 Object.defineProperty(exports, 'recordPolicyDecision', {
   enumerable: true,
   get: function () {
@@ -1031,6 +1098,12 @@ Object.defineProperty(exports, 'resolvePrivacyProfile', {
     return resolvePrivacyProfile;
   }
 });
+Object.defineProperty(exports, 'runAgentPlanClassifier', {
+  enumerable: true,
+  get: function () {
+    return runAgentPlanClassifier;
+  }
+});
 Object.defineProperty(exports, 'sanitizeAuditPayload', {
   enumerable: true,
   get: function () {
@@ -1073,4 +1146,4 @@ Object.defineProperty(exports, 'withScopedTool', {
     return withScopedTool;
   }
 });
-//# sourceMappingURL=agent-CiG_LZL8.cjs.map
+//# sourceMappingURL=agent-2GmZ6vDV.cjs.map

package/dist/agent-2GmZ6vDV.cjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"agent-2GmZ6vDV.cjs","names":["toAttributeValue","resolveContext","genAiRequestAttributes","genAiResponseAttributes","estimateLLMCost","genAiUsageAttributes","resolveContextSafe","MISSING_CONTEXT_MESSAGE","toIsoString","toIsoString","normalizeScopes","resolveContext","toAttributeValue"],"sources":["../src/agent/constants.ts","../src/agent/hash.ts","../src/agent/metadata.ts","../src/agent/attributes.ts","../src/agent/runtime.ts","../src/agent/delegation.ts","../src/agent/session.ts","../src/agent/identity-registry.ts","../src/agent/privacy.ts","../src/agent/non-repudiation.ts","../src/agent/scoped-tool.ts","../src/agent/agent-plan-classifier.ts"],"sourcesContent":["export const AGENT_AUDIT_SCHEMA_VERSION = '1.1.0';\n","import { createHash } from 'node:crypto';\n\nexport interface HashPayloadOptions {\n  algorithm?: 'sha256';\n}\n\nfunction canonicalize(value: unknown): unknown {\n  if (value instanceof Date) {\n    return value.toISOString();\n  }\n\n  if (typeof value === 'bigint') {\n    return value.toString(10);\n  }\n\n  if (Array.isArray(value)) {\n    return value.map((entry) => canonicalize(entry));\n  }\n\n  if (value && typeof value === 'object') {\n    // `toSorted()` would need ES2023 lib types; keep runtime output ES2022-friendly.\n    const entries = Object.entries(value as Record<string, unknown>);\n    entries.sort(([left], [right]) => left.localeCompare(right));\n    return Object.fromEntries(\n      entries.map(([key, entryValue]) => [key, canonicalize(entryValue)]),\n    );\n  }\n\n  return value;\n}\n\nexport function canonicalizeForHash(value: unknown): string {\n  return JSON.stringify(canonicalize(value));\n}\n\nexport function hashPayload(\n  value: unknown,\n  options: HashPayloadOptions = {},\n): string {\n  const algorithm = options.algorithm ?? 'sha256';\n  const canonical = canonicalizeForHash(value);\n  const digest = createHash(algorithm).update(canonical).digest('hex');\n  return `${algorithm}:${digest}`;\n}\n","import { AGENT_AUDIT_SCHEMA_VERSION } from './constants.js';\nimport { hashPayload } from './hash.js';\nimport type {\n  AgentActionMetadata,\n  AgentDecisionMetadata,\n  AgentEventKind,\n  GovernanceMetadata,\n  ToolCallMetadata,\n} from './types.js';\n\ninterface AuditMetadataLike {\n  action: string;\n  resource?: string;\n  actorId?: string;\n  category?: string;\n  outcome?: string;\n  [key: string]: unknown;\n}\n\nexport function defaultEventKind(\n  metadata: AgentActionMetadata,\n): AgentEventKind {\n  if (metadata.eventKind) return metadata.eventKind;\n  if (metadata.tool) return 'tool_call';\n  if (metadata.policy) return 'policy_decision';\n  return 'action';\n}\n\nexport function normalizeTool(\n  tool?: ToolCallMetadata,\n): ToolCallMetadata | undefined {\n  if (!tool) return undefined;\n\n  return {\n    name: tool.name,\n    ...(tool.callId !== undefined && { callId: tool.callId }),\n    inputHash:\n      tool.input === undefined\n        ? tool.inputHash\n        : (tool.inputHash ?? hashPayload(tool.input)),\n    outputHash:\n      tool.output === undefined\n        ? tool.outputHash\n        : (tool.outputHash ?? hashPayload(tool.output)),\n    ...(tool.status !== undefined && { status: tool.status }),\n    ...(tool.executionMs !== undefined && { executionMs: tool.executionMs }),\n  };\n}\n\nexport function sanitizeTool(\n  tool?: ToolCallMetadata,\n): ToolCallMetadata | undefined {\n  if (!tool) return undefined;\n\n  return {\n    name: tool.name,\n    ...(tool.callId !== undefined && { callId: tool.callId }),\n    ...(tool.inputHash !== undefined && { inputHash: tool.inputHash }),\n    ...(tool.outputHash !== undefined && { outputHash: tool.outputHash }),\n    ...(tool.status !== undefined && { status: tool.status }),\n    ...(tool.executionMs !== undefined && { executionMs: tool.executionMs }),\n  };\n}\n\nexport function sanitizeGovernance(\n  governance?: GovernanceMetadata,\n): GovernanceMetadata | undefined {\n  if (!governance) return undefined;\n  return {\n    ...(governance.reviewRequired !== undefined && {\n      reviewRequired: governance.reviewRequired,\n    }),\n    ...(governance.reviewerId !== undefined && {\n      reviewerId: governance.reviewerId,\n    }),\n    ...(governance.controlId !== undefined && {\n      controlId: governance.controlId,\n    }),\n    ...(governance.documentationUrl !== undefined && {\n      documentationUrl: governance.documentationUrl,\n    }),\n    ...(governance.lifecycleStage !== undefined && {\n      lifecycleStage: governance.lifecycleStage,\n    }),\n    ...(governance.framework !== undefined && {\n      framework: governance.framework,\n    }),\n  };\n}\n\nfunction normalizeDecision(\n  decision?: AgentDecisionMetadata,\n  reasoningSummary?: string,\n): AgentDecisionMetadata | undefined {\n  if (decision) {\n    return {\n      ...decision,\n      summary: decision.summary ?? reasoningSummary ?? '',\n    };\n  }\n\n  if (reasoningSummary === undefined) return undefined;\n\n  return {\n    summary: reasoningSummary,\n  };\n}\n\nexport function createAgentAuditMetadata(\n  metadata: AgentActionMetadata,\n): AgentActionMetadata {\n  const eventKind = defaultEventKind(metadata);\n\n  if (eventKind === 'tool_call' && !metadata.tool) {\n    throw new Error(\n      '[autotel-genai] eventKind \"tool_call\" requires metadata.tool.',\n    );\n  }\n\n  if (eventKind === 'policy_decision' && !metadata.policy) {\n    throw new Error(\n      '[autotel-genai] eventKind \"policy_decision\" requires metadata.policy.',\n    );\n  }\n\n  if (eventKind === 'handoff' && !metadata.delegation) {\n    throw new Error(\n      '[autotel-genai] eventKind \"handoff\" requires metadata.delegation.',\n    );\n  }\n\n  const delegation =\n    metadata.delegation &&\n    (\n      metadata.delegation.authorityLineageHash === undefined ||\n      metadata.delegation.depth === undefined\n    )\n      ? {\n          ...metadata.delegation,\n          ...(metadata.delegation.authorityLineage && {\n            authorityLineageHash:\n              metadata.delegation.authorityLineageHash ??\n              hashPayload(metadata.delegation.authorityLineage),\n            depth:\n              metadata.delegation.depth ??\n              Math.max(metadata.delegation.authorityLineage.length - 1, 0),\n          }),\n        }\n      : metadata.delegation;\n\n  return {\n    ...metadata,\n    schemaVersion: metadata.schemaVersion ?? AGENT_AUDIT_SCHEMA_VERSION,\n    eventKind,\n    decision: normalizeDecision(metadata.decision, metadata.reasoningSummary),\n    ...(delegation !== undefined && { delegation }),\n  };\n}\n\nexport function normalizeMetadata(\n  metadata: AgentActionMetadata,\n): AgentActionMetadata {\n  const normalized = createAgentAuditMetadata(metadata);\n  return {\n    ...normalized,\n    tool: normalizeTool(normalized.tool),\n  };\n}\n\nexport function buildAuditMetadata(\n  metadata: AgentActionMetadata,\n): AuditMetadataLike {\n  return {\n    action: metadata.action,\n    ...(metadata.resource !== undefined && { resource: metadata.resource }),\n    actorId:\n      metadata.actorId ??\n      metadata.delegation?.parentIdentity ??\n      metadata.agent.id,\n    category: metadata.category ?? 'agent',\n    ...(metadata.outcome !== undefined && { outcome: metadata.outcome }),\n    agentId: metadata.agent.id,\n    agentEventKind: metadata.eventKind,\n    agentAuditVersion: metadata.schemaVersion,\n    ...(metadata.agent.version !== undefined && {\n      agentVersion: metadata.agent.version,\n    }),\n    ...(metadata.tool?.name !== undefined && { toolName: metadata.tool.name }),\n    ...(metadata.policy?.decision !== undefined && {\n      policyDecision: metadata.policy.decision,\n    }),\n    ...(metadata.session?.status !== undefined && {\n      sessionStatus: metadata.session.status,\n    }),\n  };\n}\n\nexport function buildLoggerContext(\n  metadata: AgentActionMetadata,\n): Record<string, unknown> {\n  const tool = sanitizeTool(metadata.tool);\n  const governance = sanitizeGovernance(metadata.governance);\n\n  const context: Record<string, unknown> = {\n    agent: {\n      ...metadata.agent,\n      ...(metadata.resource !== undefined && { resource: metadata.resource }),\n      ...(metadata.outcome !== undefined && { outcome: metadata.outcome }),\n      ...(metadata.reasoningSummary !== undefined && {\n        reasoningSummary: metadata.reasoningSummary,\n      }),\n      schemaVersion: metadata.schemaVersion ?? AGENT_AUDIT_SCHEMA_VERSION,\n      eventKind: metadata.eventKind ?? defaultEventKind(metadata),\n    },\n    ...(metadata.delegation !== undefined && {\n      delegation: metadata.delegation,\n    }),\n    ...(tool !== undefined && { tool }),\n    ...(metadata.policy !== undefined && { policy: metadata.policy }),\n    ...(governance !== undefined && { governance }),\n    ...(metadata.session !== undefined && { session: metadata.session }),\n    ...(metadata.decision !== undefined && { decision: metadata.decision }),\n  };\n\n  // Hand the request logger an independent copy. `logger.set()` deep-merges and\n  // intentionally *concatenates* array fields across calls (autotel wide-event\n  // semantics). Agent lifecycles call `.set()` more than once per action with\n  // the same `delegation`/`decision` objects, so sharing references would let\n  // the merge mutate arrays (e.g. `authority_lineage`) in place — which would\n  // then leak onto the span via `setAgentAttributes`. Cloning keeps the\n  // span-bound metadata pristine.\n  return structuredClone(context);\n}\n\n/**\n * Context for the *completion* `logger.set()` of a specialized lifecycle\n * wrapper. Carries only the domain state that finished mutating — tool or\n * session status. Outcome is owned by `withAgentAction`, which wraps every\n * variant and stamps it on both span and log. This deliberately omits the\n * request-level `delegation`/`decision` blocks: those were set once at the\n * start, and re-sending them would concatenate their array fields into the\n * wide event (see `buildLoggerContext`).\n */\nexport function buildLifecycleUpdateContext(\n  metadata: AgentActionMetadata,\n): Record<string, unknown> {\n  const tool = sanitizeTool(metadata.tool);\n  return {\n    ...(tool !== undefined && { tool }),\n    ...(metadata.session !== undefined && {\n      session: structuredClone(metadata.session),\n    }),\n  };\n}\n","import { AGENT_AUDIT_SCHEMA_VERSION } from './constants.js';\nimport { resolveContext, toAttributeValue, type AgentContext } from './context.js';\nimport { defaultEventKind, normalizeMetadata } from './metadata.js';\nimport type {\n  AgentActionMetadata,\n  AgentDecisionMetadata,\n  AgentIdentity,\n  AgentSessionMetadata,\n  DelegationContext,\n  GovernanceMetadata,\n  PolicyMetadata,\n  ToolCallMetadata,\n} from './types.js';\n\ntype AttributeValue =\n  | string\n  | number\n  | boolean\n  | string[]\n  | number[]\n  | boolean[];\n\ntype AttributeMap = Record<string, AttributeValue>;\n\nfunction setIfPresent(target: AttributeMap, key: string, value: unknown): void {\n  const attr = toAttributeValue(value);\n  if (attr !== undefined) {\n    target[key] = attr;\n  }\n}\n\nfunction appendIdentityAttributes(attrs: AttributeMap, agent: AgentIdentity): void {\n  setIfPresent(attrs, 'agent.id', agent.id);\n  setIfPresent(attrs, 'agent.version', agent.version);\n  setIfPresent(attrs, 'agent.framework', agent.framework);\n  setIfPresent(attrs, 'agent.model', agent.model);\n  setIfPresent(attrs, 'agent.role', agent.role);\n  setIfPresent(attrs, 'agent.session.id', agent.sessionId);\n  setIfPresent(attrs, 'agent.conversation.id', agent.conversationId);\n}\n\nfunction appendDelegationAttributes(\n  attrs: AttributeMap,\n  delegation?: DelegationContext,\n): void {\n  if (!delegation) return;\n  setIfPresent(attrs, 'delegation.parent_identity', delegation.parentIdentity);\n  setIfPresent(attrs, 'delegation.scope', delegation.scope);\n  setIfPresent(attrs, 'delegation.token_id', delegation.tokenId);\n  setIfPresent(attrs, 'delegation.id', delegation.delegationId);\n  setIfPresent(attrs, 'delegation.authority_lineage', delegation.authorityLineage);\n  setIfPresent(\n    attrs,\n    'delegation.authority_lineage_hash',\n    delegation.authorityLineageHash,\n  );\n  setIfPresent(attrs, 'delegation.depth', delegation.depth);\n  setIfPresent(attrs, 'delegation.issued_at', delegation.issuedAt);\n  setIfPresent(attrs, 'delegation.expires_at', delegation.expiresAt);\n}\n\nfunction appendToolAttributes(attrs: AttributeMap, tool?: ToolCallMetadata): void {\n  if (!tool) return;\n  setIfPresent(attrs, 'tool.name', tool.name);\n  setIfPresent(attrs, 'tool.call.id', tool.callId);\n  setIfPresent(attrs, 'tool.input_hash', tool.inputHash);\n  setIfPresent(attrs, 'tool.output_hash', tool.outputHash);\n  setIfPresent(attrs, 'tool.status', tool.status);\n  setIfPresent(attrs, 'tool.execution_ms', tool.executionMs);\n}\n\nfunction appendPolicyAttributes(attrs: AttributeMap, policy?: PolicyMetadata): void {\n  if (!policy) return;\n  setIfPresent(attrs, 'policy.decision', policy.decision);\n  setIfPresent(attrs, 'policy.id', policy.policyId);\n  setIfPresent(attrs, 'policy.risk_score', policy.riskScore);\n  setIfPresent(attrs, 'policy.reason', policy.reason);\n}\n\nfunction appendGovernanceAttributes(\n  attrs: AttributeMap,\n  governance?: GovernanceMetadata,\n): void {\n  if (!governance) return;\n  setIfPresent(attrs, 'governance.review_required', governance.reviewRequired);\n  setIfPresent(attrs, 'governance.reviewer_id', governance.reviewerId);\n  setIfPresent(attrs, 'governance.control_id', governance.controlId);\n  setIfPresent(attrs, 'governance.documentation_url', governance.documentationUrl);\n  setIfPresent(attrs, 'governance.lifecycle_stage', governance.lifecycleStage);\n  setIfPresent(attrs, 'governance.framework', governance.framework);\n}\n\nfunction appendSessionAttributes(\n  attrs: AttributeMap,\n  session?: AgentSessionMetadata,\n): void {\n  if (!session) return;\n  setIfPresent(attrs, 'agent.session.status', session.status);\n  setIfPresent(attrs, 'agent.session.started_at', session.startedAt);\n  setIfPresent(attrs, 'agent.session.ended_at', session.endedAt);\n  setIfPresent(attrs, 'agent.session.delegated_by', session.delegatedBy);\n}\n\nfunction appendDecisionAttributes(\n  attrs: AttributeMap,\n  decision?: AgentDecisionMetadata,\n): void {\n  if (!decision) return;\n  setIfPresent(attrs, 'decision.summary', decision.summary);\n  setIfPresent(attrs, 'decision.input_hash', decision.inputHash);\n  setIfPresent(attrs, 'decision.policy_ids', decision.policyIds);\n  setIfPresent(attrs, 'decision.justification_codes', decision.justificationCodes);\n  setIfPresent(attrs, 'decision.evidence_ids', decision.evidenceIds);\n  setIfPresent(attrs, 'decision.review_required', decision.reviewRequired);\n  setIfPresent(attrs, 'decision.confidence', decision.confidence);\n}\n\nexport function flattenAgentAttributes(\n  metadata: AgentActionMetadata,\n): AttributeMap {\n  const normalized = normalizeMetadata(metadata);\n  const attrs: AttributeMap = {\n    'autotel.agent': true,\n    'agent.action': normalized.action,\n    'agent.audit.version':\n      normalized.schemaVersion ?? AGENT_AUDIT_SCHEMA_VERSION,\n    'agent.event.kind': normalized.eventKind ?? defaultEventKind(normalized),\n  };\n\n  setIfPresent(attrs, 'agent.resource', normalized.resource);\n  setIfPresent(attrs, 'agent.outcome', normalized.outcome);\n  setIfPresent(attrs, 'reasoning.summary', normalized.reasoningSummary);\n  appendIdentityAttributes(attrs, normalized.agent);\n  appendDelegationAttributes(attrs, normalized.delegation);\n  appendToolAttributes(attrs, normalized.tool);\n  appendPolicyAttributes(attrs, normalized.policy);\n  appendGovernanceAttributes(attrs, normalized.governance);\n  appendSessionAttributes(attrs, normalized.session);\n  appendDecisionAttributes(attrs, normalized.decision);\n\n  return attrs;\n}\n\nexport function setAgentAttributes(\n  metadata: AgentActionMetadata,\n  ctx?: AgentContext,\n): void {\n  const traceCtx = resolveContext(ctx);\n  traceCtx.setAttributes(flattenAgentAttributes(metadata));\n}\n\n/**\n * Stamp only the terminal outcome on the active span. Used by lifecycle\n * wrappers on completion so they don't re-flatten (and clobber) richer state a\n * nested step already wrote — e.g. a tool call's `tool.status=complete`.\n */\nexport function setAgentOutcome(\n  outcome: AgentActionMetadata['outcome'] & string,\n  ctx?: AgentContext,\n): void {\n  resolveContext(ctx).setAttribute('agent.outcome', outcome);\n}\n","import {\n  createNoopRequestLogger,\n  getRequestLoggerSafe,\n  type RequestLogger,\n} from 'autotel';\nimport { forceKeepAuditEvent, withAudit } from 'autotel-audit';\nimport { estimateLLMCost, type TokenUsage } from '../cost.js';\nimport {\n  genAiRequestAttributes,\n  genAiResponseAttributes,\n  genAiUsageAttributes,\n  type GenAiAttributeMap,\n} from '../attributes.js';\nimport { setAgentAttributes, setAgentOutcome } from './attributes.js';\nimport {\n  buildLoggerContext,\n  buildLifecycleUpdateContext,\n  buildAuditMetadata,\n  normalizeMetadata,\n} from './metadata.js';\nimport {\n  MISSING_CONTEXT_MESSAGE,\n  resolveContextSafe,\n  warnMissingContextOnce,\n  type AgentContext,\n} from './context.js';\nimport { hashPayload } from './hash.js';\nimport type {\n  AgentActionFactory,\n  AgentActionMetadata,\n  AgentAiMetadata,\n  AgentActionOptions,\n  AgentHandler,\n  AgentMetadataInput,\n  AgentToolCallActionMetadata,\n  AgentToolCallOptions,\n  ToolCallMetadata,\n} from './types.js';\n\n/**\n * Record canonical OpenTelemetry GenAI semantic attributes for an LLM-backed\n * agent action, reusing the local cost model. Best-effort: anything unknown is\n * simply omitted. `gen_ai.request.model` is always recorded; token counts and\n * the estimated `gen_ai.usage.cost.usd` are recorded when `usage` is available\n * (up front via metadata, or post-call via `options.extractUsage`).\n *\n * Emits canonical v1.42.0 keys only — no `gen_ai.usage.total_tokens` (not a\n * registry attribute) and no legacy `gen.ai.*` names.\n */\nfunction recordAiTelemetry(\n  ctx: AgentContext,\n  ai: AgentAiMetadata,\n  usage?: TokenUsage,\n): void {\n  const attrs: GenAiAttributeMap = {\n    ...genAiRequestAttributes({\n      operation: ai.operation,\n      provider: ai.provider,\n      model: ai.model,\n    }),\n    ...genAiResponseAttributes({\n      model: ai.responseModel,\n      id: ai.responseId,\n      finishReasons: ai.finishReasons,\n    }),\n  };\n  if (usage) {\n    const cost = estimateLLMCost(\n      ai.model,\n      usage,\n      ai.pricing ? { pricing: ai.pricing } : undefined,\n    );\n    Object.assign(attrs, genAiUsageAttributes({ ...usage, costUsd: cost }));\n  }\n  ctx.setAttributes(attrs);\n}\n\nexport async function withAgentAction<T>(\n  metadata: AgentActionMetadata,\n  fn: AgentHandler<T>,\n  options: AgentActionOptions = {},\n): Promise<T> {\n  const normalized = normalizeMetadata(metadata);\n\n  return withAudit(\n    buildAuditMetadata(normalized),\n    async (ctx: AgentContext, logger: RequestLogger) => {\n      setAgentAttributes(normalized, ctx);\n      logger.set(buildLoggerContext(normalized));\n\n      try {\n        const result = await fn(ctx as AgentContext, logger);\n        const outcome = normalized.outcome ?? 'success';\n        setAgentOutcome(outcome, ctx);\n        logger.set({ agent: { outcome } });\n        if (normalized.ai) {\n          recordAiTelemetry(\n            ctx,\n            normalized.ai,\n            options.extractUsage?.(result) ?? normalized.ai.usage,\n          );\n        }\n        return result;\n      } catch (error) {\n        setAgentOutcome('failure', ctx);\n        logger.set({ agent: { outcome: 'failure' } });\n        if (normalized.ai) recordAiTelemetry(ctx, normalized.ai);\n        throw error;\n      }\n    },\n    options,\n  );\n}\n\nexport function recordPolicyDecision(\n  metadata: AgentActionMetadata,\n  options: AgentActionOptions = {},\n): void {\n  const normalized = normalizeMetadata(metadata);\n  const traceCtx = resolveContextSafe(options.ctx);\n\n  // No trace context: degrade per onMissingContext instead of throwing into\n  // business logic. A policy decision we couldn't record is not worth a crash.\n  if (!traceCtx) {\n    const mode = options.onMissingContext ?? 'warn';\n    if (mode === 'throw') {\n      throw new Error(MISSING_CONTEXT_MESSAGE);\n    }\n    if (mode === 'warn') {\n      warnMissingContextOnce(normalized.action);\n    }\n    return;\n  }\n\n  const logger =\n    options.logger ?? getRequestLoggerSafe() ?? createNoopRequestLogger();\n\n  if (options.forceKeep !== false) {\n    forceKeepAuditEvent(traceCtx);\n  }\n\n  setAgentAttributes(normalized, traceCtx);\n  logger.set(buildLoggerContext(normalized));\n\n  if (options.emitNow) {\n    logger.emitNow();\n  }\n}\n\nexport function recordDecisionBasis(\n  metadata: AgentActionMetadata,\n  options: AgentActionOptions = {},\n): void {\n  if (!metadata.decision && !metadata.reasoningSummary) {\n    throw new Error(\n      '[autotel-genai] recordDecisionBasis requires metadata.decision or metadata.reasoningSummary.',\n    );\n  }\n\n  recordPolicyDecision(metadata, options);\n}\n\n/**\n * Define a reusable, instrumented agent action — the `trace()`-style factory\n * companion to `withAgentAction`. Declare it once at module scope and call the\n * returned function many times; each call opens its own audit scope.\n *\n * `metadata` may be a static object or a function of the call arguments, so\n * call-specific fields can be derived per invocation.\n *\n * @example\n * ```ts\n * const planTrip = defineAgentAction(\n *   (req: TripRequest) => ({\n *     action: 'agent.trip.plan',\n *     agent: { id: 'planner' },\n *     delegation: { parentIdentity: req.userId, scope: ['trip:plan'] },\n *   }),\n *   (ctx) => async (req: TripRequest) => planItinerary(req),\n * );\n *\n * await planTrip({ userId: 'usr_1', destination: 'Lisbon' });\n * ```\n */\nexport function defineAgentAction<TArgs extends unknown[], TResult>(\n  metadata: AgentMetadataInput<TArgs, AgentActionMetadata>,\n  factory: AgentActionFactory<TArgs, TResult>,\n  options: AgentActionOptions = {},\n): (...args: TArgs) => Promise<TResult> {\n  return (...args: TArgs): Promise<TResult> => {\n    const resolved =\n      typeof metadata === 'function' ? metadata(...args) : metadata;\n    return withAgentAction(\n      resolved,\n      (ctx, logger) => factory(ctx, logger)(...args),\n      options,\n    );\n  };\n}\n\n/**\n * Define a reusable, instrumented agent tool call — the `trace()`-style factory\n * companion to `withAgentToolCall`. Declare it once and call it per invocation;\n * tool inputs/results are hashed (never attached raw) on every call.\n *\n * Pass `metadata` as a function of the arguments when `tool.input` (or any other\n * field) depends on the call, so each invocation hashes its own input.\n *\n * @example\n * ```ts\n * const handleRefund = defineAgentToolCall(\n *   (req: RefundRequest) => ({\n *     action: 'agent.refund.tool_call',\n *     resource: 'stripe_refund_v3',\n *     agent: { id: 'refunds-specialist' },\n *     tool: { name: 'stripe_refund_v3', input: { refundId: req.refundId } },\n *   }),\n *   (ctx) => async (req: RefundRequest) => stripe.refunds.create(req),\n * );\n *\n * await handleRefund({ refundId: 're_123' });\n * ```\n */\nexport function defineAgentToolCall<TArgs extends unknown[], TResult>(\n  metadata: AgentMetadataInput<TArgs, AgentToolCallActionMetadata>,\n  factory: AgentActionFactory<TArgs, TResult>,\n  options: AgentToolCallOptions = {},\n): (...args: TArgs) => Promise<TResult> {\n  return (...args: TArgs): Promise<TResult> => {\n    const resolved =\n      typeof metadata === 'function' ? metadata(...args) : metadata;\n    return withAgentToolCall(\n      resolved,\n      (ctx, logger) => factory(ctx, logger)(...args),\n      options,\n    );\n  };\n}\n\nexport async function withAgentToolCall<T>(\n  metadata: AgentActionMetadata & { tool: ToolCallMetadata },\n  fn: AgentHandler<T>,\n  options: AgentToolCallOptions = {},\n): Promise<T> {\n  const start = Date.now();\n  const normalized = normalizeMetadata({\n    ...metadata,\n    tool: {\n      ...metadata.tool,\n      status: metadata.tool?.status ?? 'planned',\n    } as ToolCallMetadata,\n  });\n\n  return withAgentAction(\n    normalized,\n    async (ctx, logger) => {\n      try {\n        const result = await fn(ctx, logger);\n        const executionMs = Date.now() - start;\n        const completed: AgentActionMetadata = {\n          ...normalized,\n          outcome: normalized.outcome ?? 'success',\n          tool: {\n            ...metadata.tool,\n            inputHash: normalized.tool?.inputHash,\n            outputHash:\n              normalized.tool?.outputHash ??\n              (options.hashResult === false ? undefined : hashPayload(result)),\n            status: 'complete',\n            executionMs,\n          },\n        };\n        setAgentAttributes(completed, ctx);\n        logger.set(buildLifecycleUpdateContext(normalizeMetadata(completed)));\n        return result;\n      } catch (error) {\n        const failed: AgentActionMetadata = {\n          ...normalized,\n          outcome: 'failure',\n          tool: {\n            ...metadata.tool,\n            inputHash: normalized.tool?.inputHash,\n            status: 'error',\n            executionMs: Date.now() - start,\n          },\n        };\n        setAgentAttributes(failed, ctx);\n        logger.set(buildLifecycleUpdateContext(normalizeMetadata(failed)));\n        throw error;\n      }\n    },\n    options,\n  );\n}\n","import { hashPayload } from './hash.js';\nimport { recordPolicyDecision } from './runtime.js';\nimport type {\n  AgentActionOptions,\n  AgentIdentity,\n  DelegationContext,\n  GovernanceMetadata,\n} from './types.js';\n\nfunction buildAuthorityLineage(\n  parentIdentity: string,\n  agentId: string,\n  existingLineage?: string[],\n): string[] {\n  const lineage = existingLineage ? [...existingLineage] : [parentIdentity];\n  if (lineage.at(-1) !== agentId) {\n    lineage.push(agentId);\n  }\n  return lineage;\n}\n\nexport interface DelegateToAgentInput {\n  parentIdentity: string;\n  targetAgentId: string;\n  scope?: string | string[];\n  tokenId?: string;\n  delegationId?: string;\n  authorityLineage?: string[];\n  issuedAt?: string | Date;\n  expiresAt?: string | Date;\n}\n\nexport interface RecordAgentHandoffMetadata {\n  action: string;\n  fromAgent: AgentIdentity;\n  toAgent: AgentIdentity;\n  parentIdentity: string;\n  resource?: string;\n  scope?: string | string[];\n  tokenId?: string;\n  delegationId?: string;\n  authorityLineage?: string[];\n  governance?: GovernanceMetadata;\n}\n\nexport function delegateToAgent(input: DelegateToAgentInput): DelegationContext {\n  const authorityLineage = buildAuthorityLineage(\n    input.parentIdentity,\n    input.targetAgentId,\n    input.authorityLineage,\n  );\n\n  return {\n    parentIdentity: input.parentIdentity,\n    ...(input.scope !== undefined && { scope: input.scope }),\n    ...(input.tokenId !== undefined && { tokenId: input.tokenId }),\n    ...(input.delegationId !== undefined && { delegationId: input.delegationId }),\n    authorityLineage,\n    authorityLineageHash: hashPayload(authorityLineage),\n    depth: Math.max(authorityLineage.length - 1, 0),\n    issuedAt: input.issuedAt ?? new Date().toISOString(),\n    ...(input.expiresAt !== undefined && { expiresAt: input.expiresAt }),\n  };\n}\n\nexport function recordAgentHandoff(\n  metadata: RecordAgentHandoffMetadata,\n  options: AgentActionOptions = {},\n): void {\n  // Seed the lineage with the source agent when the caller didn't supply one,\n  // so the \"from\" side of the handoff is recorded in the canonical, queryable\n  // `delegation.authority_lineage` (and its hash) rather than surviving only in\n  // the free-text reasoningSummary.\n  const authorityLineage =\n    metadata.authorityLineage ?? [metadata.parentIdentity, metadata.fromAgent.id];\n\n  const delegation = delegateToAgent({\n    parentIdentity: metadata.parentIdentity,\n    targetAgentId: metadata.toAgent.id,\n    scope: metadata.scope,\n    tokenId: metadata.tokenId,\n    delegationId: metadata.delegationId,\n    authorityLineage,\n  });\n\n  recordPolicyDecision(\n    {\n      action: metadata.action,\n      resource: metadata.resource,\n      eventKind: 'handoff',\n      agent: metadata.toAgent,\n      delegation,\n      governance: metadata.governance,\n      reasoningSummary: `Control passed from ${metadata.fromAgent.id} to ${metadata.toAgent.id}.`,\n    },\n    options,\n  );\n}\n","import { buildLifecycleUpdateContext } from './metadata.js';\nimport { setAgentAttributes } from './attributes.js';\nimport { withAgentAction } from './runtime.js';\nimport type {\n  AgentActionOptions,\n  AgentHandler,\n  AgentSessionActionMetadata,\n} from './types.js';\n\nfunction toIsoString(value?: string | Date): string {\n  if (!value) return new Date().toISOString();\n  return value instanceof Date ? value.toISOString() : value;\n}\n\nexport async function withAgentSession<T>(\n  metadata: AgentSessionActionMetadata,\n  fn: AgentHandler<T>,\n  options: AgentActionOptions = {},\n): Promise<T> {\n  const startedAt = toIsoString(metadata.session?.startedAt);\n\n  return withAgentAction(\n    {\n      ...metadata,\n      category: metadata.category ?? 'agent_session',\n      session: {\n        ...metadata.session,\n        status: metadata.session?.status ?? 'active',\n        startedAt,\n      },\n    },\n    async (ctx, logger) => {\n      try {\n        const result = await fn(ctx, logger);\n        const completed = {\n          ...metadata,\n          outcome: metadata.outcome ?? 'success',\n          session: {\n            ...metadata.session,\n            status: 'completed' as const,\n            startedAt,\n            endedAt: new Date().toISOString(),\n          },\n        };\n        setAgentAttributes(completed, ctx);\n        logger.set(buildLifecycleUpdateContext(completed));\n        return result;\n      } catch (error) {\n        const failed = {\n          ...metadata,\n          outcome: 'failure' as const,\n          session: {\n            ...metadata.session,\n            status: 'failed' as const,\n            startedAt,\n            endedAt: new Date().toISOString(),\n          },\n        };\n        setAgentAttributes(failed, ctx);\n        logger.set(buildLifecycleUpdateContext(failed));\n        throw error;\n      }\n    },\n    options,\n  );\n}\n","import { hashPayload } from './hash.js';\nimport { delegateToAgent } from './delegation.js';\nimport type {\n  AgentIdentity,\n  AgentIdentityRegistry,\n  AgentIdentityRecord,\n  AgentIdentityStatus,\n  DelegationContext,\n} from './types.js';\n\nfunction toIsoString(value?: string | Date): string | undefined {\n  if (!value) return undefined;\n  return value instanceof Date ? value.toISOString() : value;\n}\n\nfunction normalizeScopes(scope?: string | string[]): string[] {\n  if (!scope) return [];\n  return Array.isArray(scope) ? [...scope] : [scope];\n}\n\nfunction isExpired(record: AgentIdentityRecord, at: string): boolean {\n  return record.expiresAt !== undefined && record.expiresAt < at;\n}\n\nexport interface ProvisionAgentIdentityInput {\n  agent: AgentIdentity;\n  scopes?: string[];\n  tokenId?: string;\n  delegatedBy?: string;\n  provisionedAt?: string | Date;\n  expiresAt?: string | Date;\n  metadata?: Record<string, unknown>;\n}\n\nexport interface RotateAgentIdentityInput {\n  scopes?: string[];\n  tokenId?: string;\n  delegatedBy?: string;\n  rotatedAt?: string | Date;\n  expiresAt?: string | Date;\n  metadata?: Record<string, unknown>;\n}\n\nexport interface RevokeAgentIdentityInput {\n  reason: string;\n  revokedAt?: string | Date;\n}\n\nexport function createAgentIdentityRegistry(\n  initial: ProvisionAgentIdentityInput[] = [],\n): AgentIdentityRegistry {\n  const records = new Map<string, AgentIdentityRecord>();\n\n  const provisionIdentity = (\n    input: ProvisionAgentIdentityInput,\n  ): AgentIdentityRecord => {\n    const now = toIsoString(input.provisionedAt) ?? new Date().toISOString();\n    const record: AgentIdentityRecord = {\n      agent: input.agent,\n      scopes: input.scopes ?? [],\n      status: 'active',\n      tokenId: input.tokenId,\n      tokenHash:\n        input.tokenId === undefined ? undefined : hashPayload(input.tokenId),\n      delegatedBy: input.delegatedBy,\n      provisionedAt: now,\n      expiresAt: toIsoString(input.expiresAt),\n      metadata: input.metadata,\n    };\n    records.set(input.agent.id, record);\n    return record;\n  };\n\n  for (const item of initial) {\n    provisionIdentity(item);\n  }\n\n  return {\n    provisionIdentity,\n    rotateIdentity(agentId: string, input: RotateAgentIdentityInput = {}) {\n      const existing = records.get(agentId);\n      if (!existing) {\n        throw new Error(\n          `[autotel-genai] Cannot rotate unknown agent identity \"${agentId}\".`,\n        );\n      }\n\n      const rotatedAt = toIsoString(input.rotatedAt) ?? new Date().toISOString();\n      const record: AgentIdentityRecord = {\n        ...existing,\n        scopes: input.scopes ?? existing.scopes,\n        status: 'rotated',\n        tokenId: input.tokenId ?? existing.tokenId,\n        tokenHash:\n          input.tokenId === undefined\n            ? existing.tokenHash\n            : hashPayload(input.tokenId),\n        delegatedBy: input.delegatedBy ?? existing.delegatedBy,\n        rotatedAt,\n        expiresAt: toIsoString(input.expiresAt) ?? existing.expiresAt,\n        metadata: input.metadata ?? existing.metadata,\n      };\n      records.set(agentId, record);\n      return record;\n    },\n    revokeIdentity(agentId: string, input: RevokeAgentIdentityInput) {\n      const existing = records.get(agentId);\n      if (!existing) {\n        throw new Error(\n          `[autotel-genai] Cannot revoke unknown agent identity \"${agentId}\".`,\n        );\n      }\n\n      const revokedAt = toIsoString(input.revokedAt) ?? new Date().toISOString();\n      const record: AgentIdentityRecord = {\n        ...existing,\n        status: 'revoked',\n        revokedAt,\n        revocationReason: input.reason,\n      };\n      records.set(agentId, record);\n      return record;\n    },\n    getIdentity(agentId: string) {\n      return records.get(agentId);\n    },\n    getIdentityStatus(agentId: string, at = new Date().toISOString()) {\n      const record = records.get(agentId);\n      if (!record) return;\n      return isExpired(record, at) ? 'expired' : record.status;\n    },\n    assertUsable(agentId: string, at = new Date().toISOString()) {\n      const record = records.get(agentId);\n      if (!record) {\n        throw new Error(\n          `[autotel-genai] Unknown agent identity \"${agentId}\". Provision it before use.`,\n        );\n      }\n\n      const status: AgentIdentityStatus = isExpired(record, at)\n        ? 'expired'\n        : record.status;\n\n      if (status !== 'active' && status !== 'rotated') {\n        throw new Error(\n          `[autotel-genai] Agent identity \"${agentId}\" is ${status} and cannot execute delegated work.`,\n        );\n      }\n\n      return record;\n    },\n    assertScopes(agentId: string, requiredScopes: string[]) {\n      const record = this.assertUsable(agentId);\n      const missing = requiredScopes.filter(\n        (scope) => !record.scopes.includes(scope),\n      );\n\n      if (missing.length > 0) {\n        throw new Error(\n          `[autotel-genai] Agent identity \"${agentId}\" is missing delegated scopes: ${missing.join(', ')}.`,\n        );\n      }\n\n      return record;\n    },\n    issueDelegation(agentId: string, input) {\n      const record = this.assertUsable(agentId);\n      const scope = normalizeScopes(input.scope);\n      if (scope.length > 0) {\n        this.assertScopes(agentId, scope);\n      }\n\n      return delegateToAgent({\n        parentIdentity: input.parentIdentity,\n        targetAgentId: record.agent.id,\n        scope: input.scope ?? record.scopes,\n        tokenId: input.tokenId ?? record.tokenId,\n        delegationId: input.delegationId,\n        authorityLineage: input.authorityLineage,\n        issuedAt: input.issuedAt,\n        expiresAt: input.expiresAt ?? record.expiresAt,\n      }) satisfies DelegationContext;\n    },\n    list() {\n      return [...records.values()];\n    },\n  };\n}\n","import { hashPayload } from './hash.js';\nimport type { PrivacyProfile, PrivacyProfileName } from './types.js';\n\nexport type PrivacyProfileInput = PrivacyProfileName | PrivacyProfile;\n\nconst PRIVACY_PROFILES: Record<PrivacyProfileName, PrivacyProfile> = {\n  strict: {\n    name: 'strict',\n    hashKeys: [\n      /email/i,\n      /phone/i,\n      /user_?id/i,\n      /account/i,\n      /customer/i,\n      /card/i,\n      /iban/i,\n      /tax/i,\n    ],\n    dropKeys: [\n      /secret/i,\n      /token/i,\n      /api[_-]?key/i,\n      /authorization/i,\n      /cookie/i,\n      /password/i,\n      /bearer/i,\n    ],\n    maskKeys: [/name/i, /address/i, /prompt/i, /message/i, /content/i],\n    maxStringLength: 256,\n  },\n  pci: {\n    name: 'pci',\n    hashKeys: [/card/i, /pan/i, /account/i, /customer/i, /email/i],\n    dropKeys: [/cvv/i, /cvc/i, /secret/i, /token/i, /api[_-]?key/i],\n    maskKeys: [/name/i, /address/i],\n    maxStringLength: 128,\n  },\n  healthcare: {\n    name: 'healthcare',\n    hashKeys: [/patient/i, /mrn/i, /member/i, /email/i, /phone/i],\n    dropKeys: [/diagnosis/i, /notes/i, /secret/i, /token/i, /password/i],\n    maskKeys: [/name/i, /address/i, /symptom/i],\n    maxStringLength: 128,\n  },\n};\n\nfunction maskValue(value: unknown): unknown {\n  if (typeof value !== 'string') {\n    return '<masked>';\n  }\n\n  if (value.length <= 6) return '***';\n  return `${value.slice(0, 3)}***${value.slice(-3)}`;\n}\n\nfunction matches(patterns: RegExp[] | undefined, key: string): boolean {\n  return patterns?.some((pattern) => pattern.test(key)) ?? false;\n}\n\nfunction truncateString(value: string, maxLength?: number): string {\n  if (maxLength === undefined || value.length <= maxLength) {\n    return value;\n  }\n\n  return `${value.slice(0, maxLength)}…`;\n}\n\nfunction sanitizeNode(\n  value: unknown,\n  profile: PrivacyProfile,\n  keyPath: string,\n): unknown {\n  if (value instanceof Date) {\n    return value.toISOString();\n  }\n\n  const lowered = keyPath.toLowerCase();\n\n  if (matches(profile.dropKeys, lowered)) {\n    return '<redacted>';\n  }\n\n  if (matches(profile.hashKeys, lowered)) {\n    return hashPayload(value);\n  }\n\n  if (matches(profile.maskKeys, lowered)) {\n    return maskValue(value);\n  }\n\n  if (typeof value === 'string') {\n    return truncateString(value, profile.maxStringLength);\n  }\n\n  if (Array.isArray(value)) {\n    return value.map((entry, index) =>\n      sanitizeNode(entry, profile, `${keyPath}[${index}]`),\n    );\n  }\n\n  if (value && typeof value === 'object') {\n    return Object.fromEntries(\n      Object.entries(value as Record<string, unknown>).map(([key, entry]) => [\n        key,\n        sanitizeNode(entry, profile, keyPath ? `${keyPath}.${key}` : key),\n      ]),\n    );\n  }\n\n  if (typeof value === 'bigint') {\n    return value.toString(10);\n  }\n\n  return value;\n}\n\nexport function resolvePrivacyProfile(\n  profile: PrivacyProfileInput = 'strict',\n): PrivacyProfile {\n  return typeof profile === 'string' ? PRIVACY_PROFILES[profile] : profile;\n}\n\nexport function sanitizeAuditPayload(\n  value: unknown,\n  profile: PrivacyProfileInput = 'strict',\n): unknown {\n  return sanitizeNode(value, resolvePrivacyProfile(profile), '');\n}\n","import { AGENT_AUDIT_SCHEMA_VERSION } from './constants.js';\nimport { canonicalizeForHash, hashPayload } from './hash.js';\nimport { normalizeMetadata } from './metadata.js';\nimport { sanitizeAuditPayload, type PrivacyProfileInput } from './privacy.js';\nimport type {\n  AgentActionMetadata,\n  AgentAuditEventEnvelope,\n} from './types.js';\n\nfunction toIsoString(value?: string | Date): string {\n  if (!value) return new Date().toISOString();\n  return value instanceof Date ? value.toISOString() : value;\n}\n\nexport interface CreateSignedEventEnvelopeOptions {\n  emittedAt?: string | Date;\n  previousEventHash?: string;\n  evidence?: unknown;\n  privacyProfile?: PrivacyProfileInput;\n  signer?: (serialized: string) => string | Promise<string>;\n}\n\nexport async function createSignedEventEnvelope(\n  metadata: AgentActionMetadata,\n  options: CreateSignedEventEnvelopeOptions = {},\n): Promise<AgentAuditEventEnvelope> {\n  const normalized = normalizeMetadata(metadata);\n  const envelopeBase = {\n    schemaVersion: normalized.schemaVersion ?? AGENT_AUDIT_SCHEMA_VERSION,\n    emittedAt: toIsoString(options.emittedAt),\n    ...(options.previousEventHash !== undefined && {\n      previousEventHash: options.previousEventHash,\n    }),\n    metadata: normalized,\n    ...(options.evidence !== undefined && {\n      evidence: sanitizeAuditPayload(\n        options.evidence,\n        options.privacyProfile ?? 'strict',\n      ),\n    }),\n  };\n\n  const eventHash = hashPayload(envelopeBase);\n  const signature = options.signer\n    ? await options.signer(canonicalizeForHash(envelopeBase))\n    : undefined;\n\n  return {\n    ...envelopeBase,\n    eventHash,\n    ...(signature !== undefined && { signature }),\n  };\n}\n\nexport function verifyEventEnvelopeHash(\n  envelope: AgentAuditEventEnvelope,\n): boolean {\n  const expected = hashPayload({\n    schemaVersion: envelope.schemaVersion,\n    emittedAt: envelope.emittedAt,\n    ...(envelope.previousEventHash !== undefined && {\n      previousEventHash: envelope.previousEventHash,\n    }),\n    metadata: envelope.metadata,\n    ...(envelope.evidence !== undefined && {\n      evidence: envelope.evidence,\n    }),\n  });\n  return envelope.eventHash === expected;\n}\n","import { createStructuredError } from 'autotel';\nimport { securityEvent } from 'autotel-audit';\nimport { sanitizeAuditPayload, type PrivacyProfileInput } from './privacy.js';\nimport { recordDecisionBasis, recordPolicyDecision, withAgentToolCall } from './runtime.js';\nimport { hashPayload } from './hash.js';\nimport type {\n  AgentActionOptions,\n  AgentDecisionMetadata,\n  AgentHandler,\n  AgentToolCallOptions,\n  DelegationContext,\n  GovernanceMetadata,\n  PolicyMetadata,\n  ScopedToolDefinition,\n} from './types.js';\n\nfunction normalizeScopes(scope?: string | string[]): string[] {\n  if (!scope) return [];\n  return Array.isArray(scope) ? scope : [scope];\n}\n\nfunction missingScopes(\n  delegated: string[],\n  required: string[],\n): string[] {\n  return required.filter((scope) => !delegated.includes(scope));\n}\n\ninterface ScopeDenial {\n  scopes: string[];\n  reason: string;\n  why: string;\n}\n\n/**\n * Decide whether a scoped tool call must be denied.\n *\n * When the identity is registry-backed, the registry is authoritative: a\n * delegation may only *narrow* the stored grant, never widen it. Scopes a\n * caller claims that the registry never granted are a forged escalation and are\n * denied before any missing-scope check — otherwise passing an explicit\n * `delegation.scope` could grant access the registry record does not allow.\n */\nfunction resolveScopeDenial(\n  claimedScopes: string[],\n  requiredScopes: string[],\n  registryScopes: string[] | undefined,\n): ScopeDenial | undefined {\n  const unauthorized = registryScopes\n    ? claimedScopes.filter((scope) => !registryScopes.includes(scope))\n    : [];\n  if (unauthorized.length > 0) {\n    return {\n      scopes: unauthorized,\n      reason: `unauthorized_scope:${unauthorized.join(',')}`,\n      why: `Delegation claims scopes the identity was never granted: ${unauthorized.join(', ')}`,\n    };\n  }\n\n  const missing = missingScopes(claimedScopes, requiredScopes);\n  if (missing.length > 0) {\n    return {\n      scopes: missing,\n      reason: `missing_scope:${missing.join(',')}`,\n      why: `Missing delegated scopes: ${missing.join(', ')}`,\n    };\n  }\n\n  return undefined;\n}\n\nfunction resolveDelegation(\n  definition: Pick<ScopedToolDefinition<unknown>, 'agent' | 'delegation' | 'identityRegistry'>,\n): DelegationContext | undefined {\n  const registry = definition.identityRegistry;\n  if (registry) {\n    registry.assertUsable(definition.agent.id);\n  }\n\n  return definition.delegation;\n}\n\nfunction buildGovernance(\n  governance: GovernanceMetadata | undefined,\n  reviewRequired: boolean | undefined,\n): GovernanceMetadata | undefined {\n  if (!governance && reviewRequired === undefined) return governance;\n  return {\n    ...governance,\n    ...(reviewRequired !== undefined && { reviewRequired }),\n  };\n}\n\nfunction buildDecision(\n  input: unknown,\n  decision: AgentDecisionMetadata | undefined,\n  privacyProfile: PrivacyProfileInput | undefined,\n): AgentDecisionMetadata | undefined {\n  if (!decision) return undefined;\n\n  const sanitizedInput = sanitizeAuditPayload(input, privacyProfile ?? 'strict');\n  return {\n    ...decision,\n    inputHash: decision.inputHash ?? hashPayload(sanitizedInput),\n  };\n}\n\nexport async function withScopedTool<TInput, TOutput>(\n  definition: ScopedToolDefinition<TInput>,\n  input: TInput,\n  fn: AgentHandler<TOutput>,\n  options: AgentToolCallOptions & AgentActionOptions = {},\n): Promise<TOutput> {\n  const requiredScopes = definition.requiredScopes ?? [];\n  const delegation = resolveDelegation(definition);\n  const registryScopes = definition.identityRegistry?.getIdentity(\n    definition.agent.id,\n  )?.scopes;\n  const claimedScopes = normalizeScopes(delegation?.scope ?? registryScopes);\n  const denial = resolveScopeDenial(\n    claimedScopes,\n    requiredScopes,\n    registryScopes,\n  );\n  const policy: PolicyMetadata | undefined =\n    definition.policyId || definition.riskScore !== undefined || denial\n      ? {\n          decision: denial ? 'deny' : 'permit',\n          ...(definition.policyId !== undefined && {\n            policyId: definition.policyId,\n          }),\n          ...(definition.riskScore !== undefined && {\n            riskScore: definition.riskScore,\n          }),\n          ...(denial && { reason: denial.reason }),\n        }\n      : undefined;\n\n  const governance = buildGovernance(\n    definition.governance,\n    definition.reviewRequired,\n  );\n\n  if (policy && policy.decision === 'deny' && denial) {\n    recordPolicyDecision(\n      {\n        action: definition.action,\n        resource: definition.resource ?? definition.tool.name,\n        category: definition.category,\n        agent: definition.agent,\n        delegation,\n        policy,\n        governance,\n        decision: buildDecision(\n          input,\n          definition.decision,\n          definition.privacyProfile,\n        ),\n      },\n      options,\n    );\n\n    securityEvent(\n      {\n        name: 'llm.tool_call.denied',\n        category: 'llm',\n        outcome: 'denied',\n        severity: 'warning',\n        reason: denial.reason,\n        targetType: 'tool',\n        targetId: definition.tool.name,\n        policyId: definition.policyId,\n      },\n      { ctx: options.ctx, onMissingContext: options.onMissingContext ?? 'warn' },\n    );\n\n    throw createStructuredError({\n      status: 403,\n      code: 'AGENT_SCOPE_DENIED',\n      message: `Agent \"${definition.agent.id}\" cannot invoke ${definition.tool.name}.`,\n      why: denial.why,\n      fix: 'Grant the missing scopes or route the task to an agent with the required delegation.',\n    });\n  }\n\n  if (policy) {\n    recordPolicyDecision(\n      {\n        action: `${definition.action}.policy`,\n        resource: definition.resource ?? definition.tool.name,\n        category: definition.category,\n        agent: definition.agent,\n        delegation,\n        policy,\n        governance,\n      },\n      options,\n    );\n  }\n\n  if (definition.decision) {\n    recordDecisionBasis(\n      {\n        action: `${definition.action}.decision`,\n        resource: definition.resource ?? definition.tool.name,\n        category: definition.category,\n        agent: definition.agent,\n        delegation,\n        governance,\n        decision: buildDecision(\n          input,\n          definition.decision,\n          definition.privacyProfile,\n        ),\n      },\n      options,\n    );\n  }\n\n  return withAgentToolCall(\n    {\n      action: definition.action,\n      resource: definition.resource ?? definition.tool.name,\n      category: definition.category,\n      agent: definition.agent,\n      delegation,\n      governance,\n      tool: {\n        ...definition.tool,\n        input,\n      },\n    },\n    fn,\n    options,\n  );\n}\n","import { securityEvent } from 'autotel-audit';\nimport { resolveContext, toAttributeValue, type AgentContext } from './context.js';\n\n/** Canonical plan-risk attribute keys (Google SAIF plan-risk predictor aligned). */\nexport const AGENT_PLAN_RISK_ATTR = {\n  verdict: 'agent.plan.risk.verdict',\n  score: 'agent.plan.risk.score',\n  categories: 'agent.plan.risk.categories',\n  toolSequence: 'agent.plan.risk.tool_sequence',\n} as const;\n\nexport type AgentPlanRiskVerdict = 'low' | 'medium' | 'high' | 'critical';\n\nexport interface AgentPlanClassifierInput {\n  /** Proposed tool names in execution order. */\n  toolSequence: string[];\n  stepIndex?: number;\n  summary?: string;\n  policyIds?: string[];\n  /** Extra context attrs (scopes, intents) — values are coerced for OTel. */\n  context?: Record<string, unknown>;\n}\n\nexport interface AgentPlanClassifierResult {\n  verdict: AgentPlanRiskVerdict;\n  /** 0..1 risk score from the classifier. */\n  score?: number;\n  categories?: string[];\n  reason?: string;\n}\n\nexport type AgentPlanClassifier = (\n  input: AgentPlanClassifierInput,\n) =>\n  | AgentPlanClassifierResult\n  | undefined\n  | Promise<AgentPlanClassifierResult | undefined>;\n\nexport interface RecordPlanRiskAssessmentOptions {\n  ctx?: AgentContext;\n  assessment: AgentPlanClassifierResult;\n  toolSequence?: string[];\n  /** Emit `llm.plan.risk.elevated` when verdict is not `low`. Default false. */\n  emitSecurityEvent?: boolean;\n}\n\nfunction setPlanRiskAttrs(\n  ctx: AgentContext | undefined,\n  attrs: Record<string, unknown>,\n): void {\n  const traceCtx = resolveContext(ctx);\n  const mapped: Record<string, string | number | boolean | string[] | number[] | boolean[]> =\n    {};\n  for (const [key, value] of Object.entries(attrs)) {\n    const attr = toAttributeValue(value);\n    if (attr !== undefined) {\n      mapped[key] = attr;\n    }\n  }\n  if (Object.keys(mapped).length > 0) {\n    traceCtx.setAttributes(mapped);\n  }\n}\n\n/**\n * Stamp plan-risk assessment attrs on the active span.\n */\nexport function recordPlanRiskAssessment(\n  options: RecordPlanRiskAssessmentOptions,\n): void {\n  const { assessment, toolSequence } = options;\n  setPlanRiskAttrs(options.ctx, {\n    [AGENT_PLAN_RISK_ATTR.verdict]: assessment.verdict,\n    ...(assessment.score !== undefined && {\n      [AGENT_PLAN_RISK_ATTR.score]: assessment.score,\n    }),\n    ...(assessment.categories?.length && {\n      [AGENT_PLAN_RISK_ATTR.categories]: assessment.categories,\n    }),\n    ...(toolSequence?.length && {\n      [AGENT_PLAN_RISK_ATTR.toolSequence]: toolSequence,\n    }),\n    ...(assessment.reason !== undefined && { 'decision.summary': assessment.reason }),\n  });\n\n  if (\n    options.emitSecurityEvent &&\n    assessment.verdict !== 'low'\n  ) {\n    securityEvent(\n      {\n        name: 'llm.plan.risk.elevated',\n        category: 'llm',\n        outcome: assessment.verdict === 'critical' ? 'blocked' : 'denied',\n        severity:\n          assessment.verdict === 'critical'\n            ? 'critical'\n            : assessment.verdict === 'high'\n              ? 'error'\n              : 'warning',\n        reason: assessment.reason ?? assessment.verdict,\n        ...(assessment.score !== undefined && { score: assessment.score }),\n        ...(assessment.categories?.length && {\n          categories: assessment.categories.join(','),\n        }),\n      },\n      { ctx: options.ctx },\n    );\n  }\n}\n\n/**\n * Run a pluggable plan-risk classifier and record its verdict on the span.\n * Classifier failures degrade quietly (no assessment recorded).\n */\nexport async function runAgentPlanClassifier(\n  classifier: AgentPlanClassifier,\n  input: AgentPlanClassifierInput,\n  options: Omit<RecordPlanRiskAssessmentOptions, 'assessment'> = {},\n): Promise<AgentPlanClassifierResult | undefined> {\n  let assessment: AgentPlanClassifierResult | undefined;\n  try {\n    assessment = await classifier(input);\n  } catch {\n    return undefined;\n  }\n  if (!assessment) return undefined;\n  recordPlanRiskAssessment({\n    ...options,\n    assessment,\n    toolSequence: input.toolSequence,\n  });\n  return assessment;\n}\n\nconst DESTRUCTIVE_TOOL = /\\b(delete|remove|send|post|transfer|pay|upload|execute)\\b/i;\nconst UNTRUSTED_READ = /\\b(read|fetch|get|search|load|parse|inbox|email|web|scrape)\\b/i;\n\n/**\n * Dependency-free first-pass plan-risk heuristic. Opt-in — pass as\n * `AgentPlanClassifier` or wrap your own Model Armor / Llama Guard adapter.\n */\nexport function heuristicPlanRiskClassifier(): AgentPlanClassifier {\n  return ({ toolSequence }) => {\n    if (toolSequence.length === 0) {\n      return { verdict: 'low', score: 0 };\n    }\n\n    const normalized = toolSequence.map((name) => name.replaceAll('_', ' '));\n    const hasDestructive = normalized.some((name) => DESTRUCTIVE_TOOL.test(name));\n    const hasUntrustedRead = normalized.some((name) => UNTRUSTED_READ.test(name));\n\n    if (hasDestructive && hasUntrustedRead) {\n      return {\n        verdict: 'high',\n        score: 0.85,\n        categories: ['untrusted_to_destructive_chain'],\n        reason: 'mixed_untrusted_and_destructive_tools',\n      };\n    }\n\n    if (toolSequence.length >= 8) {\n      return {\n        verdict: 'medium',\n        score: 0.55,\n        categories: ['long_tool_chain'],\n        reason: 'long_tool_sequence',\n      };\n    }\n\n    return { verdict: 'low', score: 0.1 };\n  };\n}\n"],"mappings":";;;;;;;;AAAA,MAAa,6BAA6B;;;;ACM1C,SAAS,aAAa,OAAyB;CAC7C,IAAI,iBAAiB,MACnB,OAAO,MAAM,YAAY;CAG3B,IAAI,OAAO,UAAU,UACnB,OAAO,MAAM,SAAS,EAAE;CAG1B,IAAI,MAAM,QAAQ,KAAK,GACrB,OAAO,MAAM,KAAK,UAAU,aAAa,KAAK,CAAC;CAGjD,IAAI,SAAS,OAAO,UAAU,UAAU;EAEtC,MAAM,UAAU,OAAO,QAAQ,KAAgC;EAC/D,QAAQ,MAAM,CAAC,OAAO,CAAC,WAAW,KAAK,cAAc,KAAK,CAAC;EAC3D,OAAO,OAAO,YACZ,QAAQ,KAAK,CAAC,KAAK,gBAAgB,CAAC,KAAK,aAAa,UAAU,CAAC,CAAC,CACpE;CACF;CAEA,OAAO;AACT;AAEA,SAAgB,oBAAoB,OAAwB;CAC1D,OAAO,KAAK,UAAU,aAAa,KAAK,CAAC;AAC3C;AAEA,SAAgB,YACd,OACA,UAA8B,CAAC,GACvB;CACR,MAAM,YAAY,QAAQ,aAAa;CACvC,MAAM,YAAY,oBAAoB,KAAK;CAE3C,OAAO,GAAG,UAAU,+BADM,SAAS,CAAC,CAAC,OAAO,SAAS,CAAC,CAAC,OAAO,KAClC;AAC9B;;;;ACxBA,SAAgB,iBACd,UACgB;CAChB,IAAI,SAAS,WAAW,OAAO,SAAS;CACxC,IAAI,SAAS,MAAM,OAAO;CAC1B,IAAI,SAAS,QAAQ,OAAO;CAC5B,OAAO;AACT;AAEA,SAAgB,cACd,MAC8B;CAC9B,IAAI,CAAC,MAAM,OAAO;CAElB,OAAO;EACL,MAAM,KAAK;EACX,GAAI,KAAK,WAAW,UAAa,EAAE,QAAQ,KAAK,OAAO;EACvD,WACE,KAAK,UAAU,SACX,KAAK,YACJ,KAAK,aAAa,YAAY,KAAK,KAAK;EAC/C,YACE,KAAK,WAAW,SACZ,KAAK,aACJ,KAAK,cAAc,YAAY,KAAK,MAAM;EACjD,GAAI,KAAK,WAAW,UAAa,EAAE,QAAQ,KAAK,OAAO;EACvD,GAAI,KAAK,gBAAgB,UAAa,EAAE,aAAa,KAAK,YAAY;CACxE;AACF;AAEA,SAAgB,aACd,MAC8B;CAC9B,IAAI,CAAC,MAAM,OAAO;CAElB,OAAO;EACL,MAAM,KAAK;EACX,GAAI,KAAK,WAAW,UAAa,EAAE,QAAQ,KAAK,OAAO;EACvD,GAAI,KAAK,cAAc,UAAa,EAAE,WAAW,KAAK,UAAU;EAChE,GAAI,KAAK,eAAe,UAAa,EAAE,YAAY,KAAK,WAAW;EACnE,GAAI,KAAK,WAAW,UAAa,EAAE,QAAQ,KAAK,OAAO;EACvD,GAAI,KAAK,gBAAgB,UAAa,EAAE,aAAa,KAAK,YAAY;CACxE;AACF;AAEA,SAAgB,mBACd,YACgC;CAChC,IAAI,CAAC,YAAY,OAAO;CACxB,OAAO;EACL,GAAI,WAAW,mBAAmB,UAAa,EAC7C,gBAAgB,WAAW,eAC7B;EACA,GAAI,WAAW,eAAe,UAAa,EACzC,YAAY,WAAW,WACzB;EACA,GAAI,WAAW,cAAc,UAAa,EACxC,WAAW,WAAW,UACxB;EACA,GAAI,WAAW,qBAAqB,UAAa,EAC/C,kBAAkB,WAAW,iBAC/B;EACA,GAAI,WAAW,mBAAmB,UAAa,EAC7C,gBAAgB,WAAW,eAC7B;EACA,GAAI,WAAW,cAAc,UAAa,EACxC,WAAW,WAAW,UACxB;CACF;AACF;AAEA,SAAS,kBACP,UACA,kBACmC;CACnC,IAAI,UACF,OAAO;EACL,GAAG;EACH,SAAS,SAAS,WAAW,oBAAoB;CACnD;CAGF,IAAI,qBAAqB,QAAW,OAAO;CAE3C,OAAO,EACL,SAAS,iBACX;AACF;AAEA,SAAgB,yBACd,UACqB;CACrB,MAAM,YAAY,iBAAiB,QAAQ;CAE3C,IAAI,cAAc,eAAe,CAAC,SAAS,MACzC,MAAM,IAAI,MACR,iEACF;CAGF,IAAI,cAAc,qBAAqB,CAAC,SAAS,QAC/C,MAAM,IAAI,MACR,yEACF;CAGF,IAAI,cAAc,aAAa,CAAC,SAAS,YACvC,MAAM,IAAI,MACR,qEACF;CAGF,MAAM,aACJ,SAAS,eAEP,SAAS,WAAW,yBAAyB,UAC7C,SAAS,WAAW,UAAU,UAE5B;EACE,GAAG,SAAS;EACZ,GAAI,SAAS,WAAW,oBAAoB;GAC1C,sBACE,SAAS,WAAW,wBACpB,YAAY,SAAS,WAAW,gBAAgB;GAClD,OACE,SAAS,WAAW,SACpB,KAAK,IAAI,SAAS,WAAW,iBAAiB,SAAS,GAAG,CAAC;EAC/D;CACF,IACA,SAAS;CAEf,OAAO;EACL,GAAG;EACH,eAAe,SAAS;EACxB;EACA,UAAU,kBAAkB,SAAS,UAAU,SAAS,gBAAgB;EACxE,GAAI,eAAe,UAAa,EAAE,WAAW;CAC/C;AACF;AAEA,SAAgB,kBACd,UACqB;CACrB,MAAM,aAAa,yBAAyB,QAAQ;CACpD,OAAO;EACL,GAAG;EACH,MAAM,cAAc,WAAW,IAAI;CACrC;AACF;AAEA,SAAgB,mBACd,UACmB;CACnB,OAAO;EACL,QAAQ,SAAS;EACjB,GAAI,SAAS,aAAa,UAAa,EAAE,UAAU,SAAS,SAAS;EACrE,SACE,SAAS,WACT,SAAS,YAAY,kBACrB,SAAS,MAAM;EACjB,UAAU,SAAS,YAAY;EAC/B,GAAI,SAAS,YAAY,UAAa,EAAE,SAAS,SAAS,QAAQ;EAClE,SAAS,SAAS,MAAM;EACxB,gBAAgB,SAAS;EACzB,mBAAmB,SAAS;EAC5B,GAAI,SAAS,MAAM,YAAY,UAAa,EAC1C,cAAc,SAAS,MAAM,QAC/B;EACA,GAAI,SAAS,MAAM,SAAS,UAAa,EAAE,UAAU,SAAS,KAAK,KAAK;EACxE,GAAI,SAAS,QAAQ,aAAa,UAAa,EAC7C,gBAAgB,SAAS,OAAO,SAClC;EACA,GAAI,SAAS,SAAS,WAAW,UAAa,EAC5C,eAAe,SAAS,QAAQ,OAClC;CACF;AACF;AAEA,SAAgB,mBACd,UACyB;CACzB,MAAM,OAAO,aAAa,SAAS,IAAI;CACvC,MAAM,aAAa,mBAAmB,SAAS,UAAU;CAEzD,MAAM,UAAmC;EACvC,OAAO;GACL,GAAG,SAAS;GACZ,GAAI,SAAS,aAAa,UAAa,EAAE,UAAU,SAAS,SAAS;GACrE,GAAI,SAAS,YAAY,UAAa,EAAE,SAAS,SAAS,QAAQ;GAClE,GAAI,SAAS,qBAAqB,UAAa,EAC7C,kBAAkB,SAAS,iBAC7B;GACA,eAAe,SAAS;GACxB,WAAW,SAAS,aAAa,iBAAiB,QAAQ;EAC5D;EACA,GAAI,SAAS,eAAe,UAAa,EACvC,YAAY,SAAS,WACvB;EACA,GAAI,SAAS,UAAa,EAAE,KAAK;EACjC,GAAI,SAAS,WAAW,UAAa,EAAE,QAAQ,SAAS,OAAO;EAC/D,GAAI,eAAe,UAAa,EAAE,WAAW;EAC7C,GAAI,SAAS,YAAY,UAAa,EAAE,SAAS,SAAS,QAAQ;EAClE,GAAI,SAAS,aAAa,UAAa,EAAE,UAAU,SAAS,SAAS;CACvE;CASA,OAAO,gBAAgB,OAAO;AAChC;;;;;;;;;;AAWA,SAAgB,4BACd,UACyB;CACzB,MAAM,OAAO,aAAa,SAAS,IAAI;CACvC,OAAO;EACL,GAAI,SAAS,UAAa,EAAE,KAAK;EACjC,GAAI,SAAS,YAAY,UAAa,EACpC,SAAS,gBAAgB,SAAS,OAAO,EAC3C;CACF;AACF;;;;ACrOA,SAAS,aAAa,QAAsB,KAAa,OAAsB;CAC7E,MAAM,OAAOA,wCAAiB,KAAK;CACnC,IAAI,SAAS,QACX,OAAO,OAAO;AAElB;AAEA,SAAS,yBAAyB,OAAqB,OAA4B;CACjF,aAAa,OAAO,YAAY,MAAM,EAAE;CACxC,aAAa,OAAO,iBAAiB,MAAM,OAAO;CAClD,aAAa,OAAO,mBAAmB,MAAM,SAAS;CACtD,aAAa,OAAO,eAAe,MAAM,KAAK;CAC9C,aAAa,OAAO,cAAc,MAAM,IAAI;CAC5C,aAAa,OAAO,oBAAoB,MAAM,SAAS;CACvD,aAAa,OAAO,yBAAyB,MAAM,cAAc;AACnE;AAEA,SAAS,2BACP,OACA,YACM;CACN,IAAI,CAAC,YAAY;CACjB,aAAa,OAAO,8BAA8B,WAAW,cAAc;CAC3E,aAAa,OAAO,oBAAoB,WAAW,KAAK;CACxD,aAAa,OAAO,uBAAuB,WAAW,OAAO;CAC7D,aAAa,OAAO,iBAAiB,WAAW,YAAY;CAC5D,aAAa,OAAO,gCAAgC,WAAW,gBAAgB;CAC/E,aACE,OACA,qCACA,WAAW,oBACb;CACA,aAAa,OAAO,oBAAoB,WAAW,KAAK;CACxD,aAAa,OAAO,wBAAwB,WAAW,QAAQ;CAC/D,aAAa,OAAO,yBAAyB,WAAW,SAAS;AACnE;AAEA,SAAS,qBAAqB,OAAqB,MAA+B;CAChF,IAAI,CAAC,MAAM;CACX,aAAa,OAAO,aAAa,KAAK,IAAI;CAC1C,aAAa,OAAO,gBAAgB,KAAK,MAAM;CAC/C,aAAa,OAAO,mBAAmB,KAAK,SAAS;CACrD,aAAa,OAAO,oBAAoB,KAAK,UAAU;CACvD,aAAa,OAAO,eAAe,KAAK,MAAM;CAC9C,aAAa,OAAO,qBAAqB,KAAK,WAAW;AAC3D;AAEA,SAAS,uBAAuB,OAAqB,QAA+B;CAClF,IAAI,CAAC,QAAQ;CACb,aAAa,OAAO,mBAAmB,OAAO,QAAQ;CACtD,aAAa,OAAO,aAAa,OAAO,QAAQ;CAChD,aAAa,OAAO,qBAAqB,OAAO,SAAS;CACzD,aAAa,OAAO,iBAAiB,OAAO,MAAM;AACpD;AAEA,SAAS,2BACP,OACA,YACM;CACN,IAAI,CAAC,YAAY;CACjB,aAAa,OAAO,8BAA8B,WAAW,cAAc;CAC3E,aAAa,OAAO,0BAA0B,WAAW,UAAU;CACnE,aAAa,OAAO,yBAAyB,WAAW,SAAS;CACjE,aAAa,OAAO,gCAAgC,WAAW,gBAAgB;CAC/E,aAAa,OAAO,8BAA8B,WAAW,cAAc;CAC3E,aAAa,OAAO,wBAAwB,WAAW,SAAS;AAClE;AAEA,SAAS,wBACP,OACA,SACM;CACN,IAAI,CAAC,SAAS;CACd,aAAa,OAAO,wBAAwB,QAAQ,MAAM;CAC1D,aAAa,OAAO,4BAA4B,QAAQ,SAAS;CACjE,aAAa,OAAO,0BAA0B,QAAQ,OAAO;CAC7D,aAAa,OAAO,8BAA8B,QAAQ,WAAW;AACvE;AAEA,SAAS,yBACP,OACA,UACM;CACN,IAAI,CAAC,UAAU;CACf,aAAa,OAAO,oBAAoB,SAAS,OAAO;CACxD,aAAa,OAAO,uBAAuB,SAAS,SAAS;CAC7D,aAAa,OAAO,uBAAuB,SAAS,SAAS;CAC7D,aAAa,OAAO,gCAAgC,SAAS,kBAAkB;CAC/E,aAAa,OAAO,yBAAyB,SAAS,WAAW;CACjE,aAAa,OAAO,4BAA4B,SAAS,cAAc;CACvE,aAAa,OAAO,uBAAuB,SAAS,UAAU;AAChE;AAEA,SAAgB,uBACd,UACc;CACd,MAAM,aAAa,kBAAkB,QAAQ;CAC7C,MAAM,QAAsB;EAC1B,iBAAiB;EACjB,gBAAgB,WAAW;EAC3B,uBACE,WAAW;EACb,oBAAoB,WAAW,aAAa,iBAAiB,UAAU;CACzE;CAEA,aAAa,OAAO,kBAAkB,WAAW,QAAQ;CACzD,aAAa,OAAO,iBAAiB,WAAW,OAAO;CACvD,aAAa,OAAO,qBAAqB,WAAW,gBAAgB;CACpE,yBAAyB,OAAO,WAAW,KAAK;CAChD,2BAA2B,OAAO,WAAW,UAAU;CACvD,qBAAqB,OAAO,WAAW,IAAI;CAC3C,uBAAuB,OAAO,WAAW,MAAM;CAC/C,2BAA2B,OAAO,WAAW,UAAU;CACvD,wBAAwB,OAAO,WAAW,OAAO;CACjD,yBAAyB,OAAO,WAAW,QAAQ;CAEnD,OAAO;AACT;AAEA,SAAgB,mBACd,UACA,KACM;CAEN,AADiBC,sCAAe,GACzB,CAAC,CAAC,cAAc,uBAAuB,QAAQ,CAAC;AACzD;;;;;;AAOA,SAAgB,gBACd,SACA,KACM;CACN,sCAAe,GAAG,CAAC,CAAC,aAAa,iBAAiB,OAAO;AAC3D;;;;;;;;;;;;;;AChHA,SAAS,kBACP,KACA,IACA,OACM;CACN,MAAM,QAA2B;EAC/B,GAAGC,0CAAuB;GACxB,WAAW,GAAG;GACd,UAAU,GAAG;GACb,OAAO,GAAG;EACZ,CAAC;EACD,GAAGC,2CAAwB;GACzB,OAAO,GAAG;GACV,IAAI,GAAG;GACP,eAAe,GAAG;EACpB,CAAC;CACH;CACA,IAAI,OAAO;EACT,MAAM,OAAOC,6BACX,GAAG,OACH,OACA,GAAG,UAAU,EAAE,SAAS,GAAG,QAAQ,IAAI,MACzC;EACA,OAAO,OAAO,OAAOC,wCAAqB;GAAE,GAAG;GAAO,SAAS;EAAK,CAAC,CAAC;CACxE;CACA,IAAI,cAAc,KAAK;AACzB;AAEA,eAAsB,gBACpB,UACA,IACA,UAA8B,CAAC,GACnB;CACZ,MAAM,aAAa,kBAAkB,QAAQ;CAE7C,oCACE,mBAAmB,UAAU,GAC7B,OAAO,KAAmB,WAA0B;EAClD,mBAAmB,YAAY,GAAG;EAClC,OAAO,IAAI,mBAAmB,UAAU,CAAC;EAEzC,IAAI;GACF,MAAM,SAAS,MAAM,GAAG,KAAqB,MAAM;GACnD,MAAM,UAAU,WAAW,WAAW;GACtC,gBAAgB,SAAS,GAAG;GAC5B,OAAO,IAAI,EAAE,OAAO,EAAE,QAAQ,EAAE,CAAC;GACjC,IAAI,WAAW,IACb,kBACE,KACA,WAAW,IACX,QAAQ,eAAe,MAAM,KAAK,WAAW,GAAG,KAClD;GAEF,OAAO;EACT,SAAS,OAAO;GACd,gBAAgB,WAAW,GAAG;GAC9B,OAAO,IAAI,EAAE,OAAO,EAAE,SAAS,UAAU,EAAE,CAAC;GAC5C,IAAI,WAAW,IAAI,kBAAkB,KAAK,WAAW,EAAE;GACvD,MAAM;EACR;CACF,GACA,OACF;AACF;AAEA,SAAgB,qBACd,UACA,UAA8B,CAAC,GACzB;CACN,MAAM,aAAa,kBAAkB,QAAQ;CAC7C,MAAM,WAAWC,0CAAmB,QAAQ,GAAG;CAI/C,IAAI,CAAC,UAAU;EACb,MAAM,OAAO,QAAQ,oBAAoB;EACzC,IAAI,SAAS,SACX,MAAM,IAAI,MAAMC,8CAAuB;EAEzC,IAAI,SAAS,QACX,8CAAuB,WAAW,MAAM;EAE1C;CACF;CAEA,MAAM,SACJ,QAAQ,4CAA+B,0CAA6B;CAEtE,IAAI,QAAQ,cAAc,OACxB,uCAAoB,QAAQ;CAG9B,mBAAmB,YAAY,QAAQ;CACvC,OAAO,IAAI,mBAAmB,UAAU,CAAC;CAEzC,IAAI,QAAQ,SACV,OAAO,QAAQ;AAEnB;AAEA,SAAgB,oBACd,UACA,UAA8B,CAAC,GACzB;CACN,IAAI,CAAC,SAAS,YAAY,CAAC,SAAS,kBAClC,MAAM,IAAI,MACR,8FACF;CAGF,qBAAqB,UAAU,OAAO;AACxC;;;;;;;;;;;;;;;;;;;;;;;AAwBA,SAAgB,kBACd,UACA,SACA,UAA8B,CAAC,GACO;CACtC,QAAQ,GAAG,SAAkC;EAG3C,OAAO,gBADL,OAAO,aAAa,aAAa,SAAS,GAAG,IAAI,IAAI,WAGpD,KAAK,WAAW,QAAQ,KAAK,MAAM,CAAC,CAAC,GAAG,IAAI,GAC7C,OACF;CACF;AACF;;;;;;;;;;;;;;;;;;;;;;;;AAyBA,SAAgB,oBACd,UACA,SACA,UAAgC,CAAC,GACK;CACtC,QAAQ,GAAG,SAAkC;EAG3C,OAAO,kBADL,OAAO,aAAa,aAAa,SAAS,GAAG,IAAI,IAAI,WAGpD,KAAK,WAAW,QAAQ,KAAK,MAAM,CAAC,CAAC,GAAG,IAAI,GAC7C,OACF;CACF;AACF;AAEA,eAAsB,kBACpB,UACA,IACA,UAAgC,CAAC,GACrB;CACZ,MAAM,QAAQ,KAAK,IAAI;CACvB,MAAM,aAAa,kBAAkB;EACnC,GAAG;EACH,MAAM;GACJ,GAAG,SAAS;GACZ,QAAQ,SAAS,MAAM,UAAU;EACnC;CACF,CAAC;CAED,OAAO,gBACL,YACA,OAAO,KAAK,WAAW;EACrB,IAAI;GACF,MAAM,SAAS,MAAM,GAAG,KAAK,MAAM;GACnC,MAAM,cAAc,KAAK,IAAI,IAAI;GACjC,MAAM,YAAiC;IACrC,GAAG;IACH,SAAS,WAAW,WAAW;IAC/B,MAAM;KACJ,GAAG,SAAS;KACZ,WAAW,WAAW,MAAM;KAC5B,YACE,WAAW,MAAM,eAChB,QAAQ,eAAe,QAAQ,SAAY,YAAY,MAAM;KAChE,QAAQ;KACR;IACF;GACF;GACA,mBAAmB,WAAW,GAAG;GACjC,OAAO,IAAI,4BAA4B,kBAAkB,SAAS,CAAC,CAAC;GACpE,OAAO;EACT,SAAS,OAAO;GACd,MAAM,SAA8B;IAClC,GAAG;IACH,SAAS;IACT,MAAM;KACJ,GAAG,SAAS;KACZ,WAAW,WAAW,MAAM;KAC5B,QAAQ;KACR,aAAa,KAAK,IAAI,IAAI;IAC5B;GACF;GACA,mBAAmB,QAAQ,GAAG;GAC9B,OAAO,IAAI,4BAA4B,kBAAkB,MAAM,CAAC,CAAC;GACjE,MAAM;EACR;CACF,GACA,OACF;AACF;;;;AC5RA,SAAS,sBACP,gBACA,SACA,iBACU;CACV,MAAM,UAAU,kBAAkB,CAAC,GAAG,eAAe,IAAI,CAAC,cAAc;CACxE,IAAI,QAAQ,GAAG,EAAE,MAAM,SACrB,QAAQ,KAAK,OAAO;CAEtB,OAAO;AACT;AA0BA,SAAgB,gBAAgB,OAAgD;CAC9E,MAAM,mBAAmB,sBACvB,MAAM,gBACN,MAAM,eACN,MAAM,gBACR;CAEA,OAAO;EACL,gBAAgB,MAAM;EACtB,GAAI,MAAM,UAAU,UAAa,EAAE,OAAO,MAAM,MAAM;EACtD,GAAI,MAAM,YAAY,UAAa,EAAE,SAAS,MAAM,QAAQ;EAC5D,GAAI,MAAM,iBAAiB,UAAa,EAAE,cAAc,MAAM,aAAa;EAC3E;EACA,sBAAsB,YAAY,gBAAgB;EAClD,OAAO,KAAK,IAAI,iBAAiB,SAAS,GAAG,CAAC;EAC9C,UAAU,MAAM,6BAAY,IAAI,KAAK,EAAC,CAAC,YAAY;EACnD,GAAI,MAAM,cAAc,UAAa,EAAE,WAAW,MAAM,UAAU;CACpE;AACF;AAEA,SAAgB,mBACd,UACA,UAA8B,CAAC,GACzB;CAKN,MAAM,mBACJ,SAAS,oBAAoB,CAAC,SAAS,gBAAgB,SAAS,UAAU,EAAE;CAE9E,MAAM,aAAa,gBAAgB;EACjC,gBAAgB,SAAS;EACzB,eAAe,SAAS,QAAQ;EAChC,OAAO,SAAS;EAChB,SAAS,SAAS;EAClB,cAAc,SAAS;EACvB;CACF,CAAC;CAED,qBACE;EACE,QAAQ,SAAS;EACjB,UAAU,SAAS;EACnB,WAAW;EACX,OAAO,SAAS;EAChB;EACA,YAAY,SAAS;EACrB,kBAAkB,uBAAuB,SAAS,UAAU,GAAG,MAAM,SAAS,QAAQ,GAAG;CAC3F,GACA,OACF;AACF;;;;ACxFA,SAASC,cAAY,OAA+B;CAClD,IAAI,CAAC,OAAO,wBAAO,IAAI,KAAK,EAAC,CAAC,YAAY;CAC1C,OAAO,iBAAiB,OAAO,MAAM,YAAY,IAAI;AACvD;AAEA,eAAsB,iBACpB,UACA,IACA,UAA8B,CAAC,GACnB;CACZ,MAAM,YAAYA,cAAY,SAAS,SAAS,SAAS;CAEzD,OAAO,gBACL;EACE,GAAG;EACH,UAAU,SAAS,YAAY;EAC/B,SAAS;GACP,GAAG,SAAS;GACZ,QAAQ,SAAS,SAAS,UAAU;GACpC;EACF;CACF,GACA,OAAO,KAAK,WAAW;EACrB,IAAI;GACF,MAAM,SAAS,MAAM,GAAG,KAAK,MAAM;GACnC,MAAM,YAAY;IAChB,GAAG;IACH,SAAS,SAAS,WAAW;IAC7B,SAAS;KACP,GAAG,SAAS;KACZ,QAAQ;KACR;KACA,0BAAS,IAAI,KAAK,EAAC,CAAC,YAAY;IAClC;GACF;GACA,mBAAmB,WAAW,GAAG;GACjC,OAAO,IAAI,4BAA4B,SAAS,CAAC;GACjD,OAAO;EACT,SAAS,OAAO;GACd,MAAM,SAAS;IACb,GAAG;IACH,SAAS;IACT,SAAS;KACP,GAAG,SAAS;KACZ,QAAQ;KACR;KACA,0BAAS,IAAI,KAAK,EAAC,CAAC,YAAY;IAClC;GACF;GACA,mBAAmB,QAAQ,GAAG;GAC9B,OAAO,IAAI,4BAA4B,MAAM,CAAC;GAC9C,MAAM;EACR;CACF,GACA,OACF;AACF;;;;ACvDA,SAASC,cAAY,OAA2C;CAC9D,IAAI,CAAC,OAAO,OAAO;CACnB,OAAO,iBAAiB,OAAO,MAAM,YAAY,IAAI;AACvD;AAEA,SAASC,kBAAgB,OAAqC;CAC5D,IAAI,CAAC,OAAO,OAAO,CAAC;CACpB,OAAO,MAAM,QAAQ,KAAK,IAAI,CAAC,GAAG,KAAK,IAAI,CAAC,KAAK;AACnD;AAEA,SAAS,UAAU,QAA6B,IAAqB;CACnE,OAAO,OAAO,cAAc,UAAa,OAAO,YAAY;AAC9D;AA0BA,SAAgB,4BACd,UAAyC,CAAC,GACnB;CACvB,MAAM,0BAAU,IAAI,IAAiC;CAErD,MAAM,qBACJ,UACwB;EACxB,MAAM,MAAMD,cAAY,MAAM,aAAa,sBAAK,IAAI,KAAK,EAAC,CAAC,YAAY;EACvE,MAAM,SAA8B;GAClC,OAAO,MAAM;GACb,QAAQ,MAAM,UAAU,CAAC;GACzB,QAAQ;GACR,SAAS,MAAM;GACf,WACE,MAAM,YAAY,SAAY,SAAY,YAAY,MAAM,OAAO;GACrE,aAAa,MAAM;GACnB,eAAe;GACf,WAAWA,cAAY,MAAM,SAAS;GACtC,UAAU,MAAM;EAClB;EACA,QAAQ,IAAI,MAAM,MAAM,IAAI,MAAM;EAClC,OAAO;CACT;CAEA,KAAK,MAAM,QAAQ,SACjB,kBAAkB,IAAI;CAGxB,OAAO;EACL;EACA,eAAe,SAAiB,QAAkC,CAAC,GAAG;GACpE,MAAM,WAAW,QAAQ,IAAI,OAAO;GACpC,IAAI,CAAC,UACH,MAAM,IAAI,MACR,yDAAyD,QAAQ,GACnE;GAGF,MAAM,YAAYA,cAAY,MAAM,SAAS,sBAAK,IAAI,KAAK,EAAC,CAAC,YAAY;GACzE,MAAM,SAA8B;IAClC,GAAG;IACH,QAAQ,MAAM,UAAU,SAAS;IACjC,QAAQ;IACR,SAAS,MAAM,WAAW,SAAS;IACnC,WACE,MAAM,YAAY,SACd,SAAS,YACT,YAAY,MAAM,OAAO;IAC/B,aAAa,MAAM,eAAe,SAAS;IAC3C;IACA,WAAWA,cAAY,MAAM,SAAS,KAAK,SAAS;IACpD,UAAU,MAAM,YAAY,SAAS;GACvC;GACA,QAAQ,IAAI,SAAS,MAAM;GAC3B,OAAO;EACT;EACA,eAAe,SAAiB,OAAiC;GAC/D,MAAM,WAAW,QAAQ,IAAI,OAAO;GACpC,IAAI,CAAC,UACH,MAAM,IAAI,MACR,yDAAyD,QAAQ,GACnE;GAGF,MAAM,YAAYA,cAAY,MAAM,SAAS,sBAAK,IAAI,KAAK,EAAC,CAAC,YAAY;GACzE,MAAM,SAA8B;IAClC,GAAG;IACH,QAAQ;IACR;IACA,kBAAkB,MAAM;GAC1B;GACA,QAAQ,IAAI,SAAS,MAAM;GAC3B,OAAO;EACT;EACA,YAAY,SAAiB;GAC3B,OAAO,QAAQ,IAAI,OAAO;EAC5B;EACA,kBAAkB,SAAiB,sBAAK,IAAI,KAAK,EAAC,CAAC,YAAY,GAAG;GAChE,MAAM,SAAS,QAAQ,IAAI,OAAO;GAClC,IAAI,CAAC,QAAQ;GACb,OAAO,UAAU,QAAQ,EAAE,IAAI,YAAY,OAAO;EACpD;EACA,aAAa,SAAiB,sBAAK,IAAI,KAAK,EAAC,CAAC,YAAY,GAAG;GAC3D,MAAM,SAAS,QAAQ,IAAI,OAAO;GAClC,IAAI,CAAC,QACH,MAAM,IAAI,MACR,2CAA2C,QAAQ,4BACrD;GAGF,MAAM,SAA8B,UAAU,QAAQ,EAAE,IACpD,YACA,OAAO;GAEX,IAAI,WAAW,YAAY,WAAW,WACpC,MAAM,IAAI,MACR,mCAAmC,QAAQ,OAAO,OAAO,oCAC3D;GAGF,OAAO;EACT;EACA,aAAa,SAAiB,gBAA0B;GACtD,MAAM,SAAS,KAAK,aAAa,OAAO;GACxC,MAAM,UAAU,eAAe,QAC5B,UAAU,CAAC,OAAO,OAAO,SAAS,KAAK,CAC1C;GAEA,IAAI,QAAQ,SAAS,GACnB,MAAM,IAAI,MACR,mCAAmC,QAAQ,iCAAiC,QAAQ,KAAK,IAAI,EAAE,EACjG;GAGF,OAAO;EACT;EACA,gBAAgB,SAAiB,OAAO;GACtC,MAAM,SAAS,KAAK,aAAa,OAAO;GACxC,MAAM,QAAQC,kBAAgB,MAAM,KAAK;GACzC,IAAI,MAAM,SAAS,GACjB,KAAK,aAAa,SAAS,KAAK;GAGlC,OAAO,gBAAgB;IACrB,gBAAgB,MAAM;IACtB,eAAe,OAAO,MAAM;IAC5B,OAAO,MAAM,SAAS,OAAO;IAC7B,SAAS,MAAM,WAAW,OAAO;IACjC,cAAc,MAAM;IACpB,kBAAkB,MAAM;IACxB,UAAU,MAAM;IAChB,WAAW,MAAM,aAAa,OAAO;GACvC,CAAC;EACH;EACA,OAAO;GACL,OAAO,CAAC,GAAG,QAAQ,OAAO,CAAC;EAC7B;CACF;AACF;;;;ACtLA,MAAM,mBAA+D;CACnE,QAAQ;EACN,MAAM;EACN,UAAU;GACR;GACA;GACA;GACA;GACA;GACA;GACA;GACA;EACF;EACA,UAAU;GACR;GACA;GACA;GACA;GACA;GACA;GACA;EACF;EACA,UAAU;GAAC;GAAS;GAAY;GAAW;GAAY;EAAU;EACjE,iBAAiB;CACnB;CACA,KAAK;EACH,MAAM;EACN,UAAU;GAAC;GAAS;GAAQ;GAAY;GAAa;EAAQ;EAC7D,UAAU;GAAC;GAAQ;GAAQ;GAAW;GAAU;EAAc;EAC9D,UAAU,CAAC,SAAS,UAAU;EAC9B,iBAAiB;CACnB;CACA,YAAY;EACV,MAAM;EACN,UAAU;GAAC;GAAY;GAAQ;GAAW;GAAU;EAAQ;EAC5D,UAAU;GAAC;GAAc;GAAU;GAAW;GAAU;EAAW;EACnE,UAAU;GAAC;GAAS;GAAY;EAAU;EAC1C,iBAAiB;CACnB;AACF;AAEA,SAAS,UAAU,OAAyB;CAC1C,IAAI,OAAO,UAAU,UACnB,OAAO;CAGT,IAAI,MAAM,UAAU,GAAG,OAAO;CAC9B,OAAO,GAAG,MAAM,MAAM,GAAG,CAAC,EAAE,KAAK,MAAM,MAAM,EAAE;AACjD;AAEA,SAAS,QAAQ,UAAgC,KAAsB;CACrE,OAAO,UAAU,MAAM,YAAY,QAAQ,KAAK,GAAG,CAAC,KAAK;AAC3D;AAEA,SAAS,eAAe,OAAe,WAA4B;CACjE,IAAI,cAAc,UAAa,MAAM,UAAU,WAC7C,OAAO;CAGT,OAAO,GAAG,MAAM,MAAM,GAAG,SAAS,EAAE;AACtC;AAEA,SAAS,aACP,OACA,SACA,SACS;CACT,IAAI,iBAAiB,MACnB,OAAO,MAAM,YAAY;CAG3B,MAAM,UAAU,QAAQ,YAAY;CAEpC,IAAI,QAAQ,QAAQ,UAAU,OAAO,GACnC,OAAO;CAGT,IAAI,QAAQ,QAAQ,UAAU,OAAO,GACnC,OAAO,YAAY,KAAK;CAG1B,IAAI,QAAQ,QAAQ,UAAU,OAAO,GACnC,OAAO,UAAU,KAAK;CAGxB,IAAI,OAAO,UAAU,UACnB,OAAO,eAAe,OAAO,QAAQ,eAAe;CAGtD,IAAI,MAAM,QAAQ,KAAK,GACrB,OAAO,MAAM,KAAK,OAAO,UACvB,aAAa,OAAO,SAAS,GAAG,QAAQ,GAAG,MAAM,EAAE,CACrD;CAGF,IAAI,SAAS,OAAO,UAAU,UAC5B,OAAO,OAAO,YACZ,OAAO,QAAQ,KAAgC,CAAC,CAAC,KAAK,CAAC,KAAK,WAAW,CACrE,KACA,aAAa,OAAO,SAAS,UAAU,GAAG,QAAQ,GAAG,QAAQ,GAAG,CAClE,CAAC,CACH;CAGF,IAAI,OAAO,UAAU,UACnB,OAAO,MAAM,SAAS,EAAE;CAG1B,OAAO;AACT;AAEA,SAAgB,sBACd,UAA+B,UACf;CAChB,OAAO,OAAO,YAAY,WAAW,iBAAiB,WAAW;AACnE;AAEA,SAAgB,qBACd,OACA,UAA+B,UACtB;CACT,OAAO,aAAa,OAAO,sBAAsB,OAAO,GAAG,EAAE;AAC/D;;;;ACtHA,SAAS,YAAY,OAA+B;CAClD,IAAI,CAAC,OAAO,wBAAO,IAAI,KAAK,EAAC,CAAC,YAAY;CAC1C,OAAO,iBAAiB,OAAO,MAAM,YAAY,IAAI;AACvD;AAUA,eAAsB,0BACpB,UACA,UAA4C,CAAC,GACX;CAClC,MAAM,aAAa,kBAAkB,QAAQ;CAC7C,MAAM,eAAe;EACnB,eAAe,WAAW;EAC1B,WAAW,YAAY,QAAQ,SAAS;EACxC,GAAI,QAAQ,sBAAsB,UAAa,EAC7C,mBAAmB,QAAQ,kBAC7B;EACA,UAAU;EACV,GAAI,QAAQ,aAAa,UAAa,EACpC,UAAU,qBACR,QAAQ,UACR,QAAQ,kBAAkB,QAC5B,EACF;CACF;CAEA,MAAM,YAAY,YAAY,YAAY;CAC1C,MAAM,YAAY,QAAQ,SACtB,MAAM,QAAQ,OAAO,oBAAoB,YAAY,CAAC,IACtD;CAEJ,OAAO;EACL,GAAG;EACH;EACA,GAAI,cAAc,UAAa,EAAE,UAAU;CAC7C;AACF;AAEA,SAAgB,wBACd,UACS;CACT,MAAM,WAAW,YAAY;EAC3B,eAAe,SAAS;EACxB,WAAW,SAAS;EACpB,GAAI,SAAS,sBAAsB,UAAa,EAC9C,mBAAmB,SAAS,kBAC9B;EACA,UAAU,SAAS;EACnB,GAAI,SAAS,aAAa,UAAa,EACrC,UAAU,SAAS,SACrB;CACF,CAAC;CACD,OAAO,SAAS,cAAc;AAChC;;;;ACrDA,SAAS,gBAAgB,OAAqC;CAC5D,IAAI,CAAC,OAAO,OAAO,CAAC;CACpB,OAAO,MAAM,QAAQ,KAAK,IAAI,QAAQ,CAAC,KAAK;AAC9C;AAEA,SAAS,cACP,WACA,UACU;CACV,OAAO,SAAS,QAAQ,UAAU,CAAC,UAAU,SAAS,KAAK,CAAC;AAC9D;;;;;;;;;;AAiBA,SAAS,mBACP,eACA,gBACA,gBACyB;CACzB,MAAM,eAAe,iBACjB,cAAc,QAAQ,UAAU,CAAC,eAAe,SAAS,KAAK,CAAC,IAC/D,CAAC;CACL,IAAI,aAAa,SAAS,GACxB,OAAO;EACL,QAAQ;EACR,QAAQ,sBAAsB,aAAa,KAAK,GAAG;EACnD,KAAK,4DAA4D,aAAa,KAAK,IAAI;CACzF;CAGF,MAAM,UAAU,cAAc,eAAe,cAAc;CAC3D,IAAI,QAAQ,SAAS,GACnB,OAAO;EACL,QAAQ;EACR,QAAQ,iBAAiB,QAAQ,KAAK,GAAG;EACzC,KAAK,6BAA6B,QAAQ,KAAK,IAAI;CACrD;AAIJ;AAEA,SAAS,kBACP,YAC+B;CAC/B,MAAM,WAAW,WAAW;CAC5B,IAAI,UACF,SAAS,aAAa,WAAW,MAAM,EAAE;CAG3C,OAAO,WAAW;AACpB;AAEA,SAAS,gBACP,YACA,gBACgC;CAChC,IAAI,CAAC,cAAc,mBAAmB,QAAW,OAAO;CACxD,OAAO;EACL,GAAG;EACH,GAAI,mBAAmB,UAAa,EAAE,eAAe;CACvD;AACF;AAEA,SAAS,cACP,OACA,UACA,gBACmC;CACnC,IAAI,CAAC,UAAU,OAAO;CAEtB,MAAM,iBAAiB,qBAAqB,OAAO,kBAAkB,QAAQ;CAC7E,OAAO;EACL,GAAG;EACH,WAAW,SAAS,aAAa,YAAY,cAAc;CAC7D;AACF;AAEA,eAAsB,eACpB,YACA,OACA,IACA,UAAqD,CAAC,GACpC;CAClB,MAAM,iBAAiB,WAAW,kBAAkB,CAAC;CACrD,MAAM,aAAa,kBAAkB,UAAU;CAC/C,MAAM,iBAAiB,WAAW,kBAAkB,YAClD,WAAW,MAAM,EACnB,CAAC,EAAE;CAEH,MAAM,SAAS,mBADO,gBAAgB,YAAY,SAAS,cAE7C,GACZ,gBACA,cACF;CACA,MAAM,SACJ,WAAW,YAAY,WAAW,cAAc,UAAa,SACzD;EACE,UAAU,SAAS,SAAS;EAC5B,GAAI,WAAW,aAAa,UAAa,EACvC,UAAU,WAAW,SACvB;EACA,GAAI,WAAW,cAAc,UAAa,EACxC,WAAW,WAAW,UACxB;EACA,GAAI,UAAU,EAAE,QAAQ,OAAO,OAAO;CACxC,IACA;CAEN,MAAM,aAAa,gBACjB,WAAW,YACX,WAAW,cACb;CAEA,IAAI,UAAU,OAAO,aAAa,UAAU,QAAQ;EAClD,qBACE;GACE,QAAQ,WAAW;GACnB,UAAU,WAAW,YAAY,WAAW,KAAK;GACjD,UAAU,WAAW;GACrB,OAAO,WAAW;GAClB;GACA;GACA;GACA,UAAU,cACR,OACA,WAAW,UACX,WAAW,cACb;EACF,GACA,OACF;EAEA,iCACE;GACE,MAAM;GACN,UAAU;GACV,SAAS;GACT,UAAU;GACV,QAAQ,OAAO;GACf,YAAY;GACZ,UAAU,WAAW,KAAK;GAC1B,UAAU,WAAW;EACvB,GACA;GAAE,KAAK,QAAQ;GAAK,kBAAkB,QAAQ,oBAAoB;EAAO,CAC3E;EAEA,yCAA4B;GAC1B,QAAQ;GACR,MAAM;GACN,SAAS,UAAU,WAAW,MAAM,GAAG,kBAAkB,WAAW,KAAK,KAAK;GAC9E,KAAK,OAAO;GACZ,KAAK;EACP,CAAC;CACH;CAEA,IAAI,QACF,qBACE;EACE,QAAQ,GAAG,WAAW,OAAO;EAC7B,UAAU,WAAW,YAAY,WAAW,KAAK;EACjD,UAAU,WAAW;EACrB,OAAO,WAAW;EAClB;EACA;EACA;CACF,GACA,OACF;CAGF,IAAI,WAAW,UACb,oBACE;EACE,QAAQ,GAAG,WAAW,OAAO;EAC7B,UAAU,WAAW,YAAY,WAAW,KAAK;EACjD,UAAU,WAAW;EACrB,OAAO,WAAW;EAClB;EACA;EACA,UAAU,cACR,OACA,WAAW,UACX,WAAW,cACb;CACF,GACA,OACF;CAGF,OAAO,kBACL;EACE,QAAQ,WAAW;EACnB,UAAU,WAAW,YAAY,WAAW,KAAK;EACjD,UAAU,WAAW;EACrB,OAAO,WAAW;EAClB;EACA;EACA,MAAM;GACJ,GAAG,WAAW;GACd;EACF;CACF,GACA,IACA,OACF;AACF;;;;;ACvOA,MAAa,uBAAuB;CAClC,SAAS;CACT,OAAO;CACP,YAAY;CACZ,cAAc;AAChB;AAqCA,SAAS,iBACP,KACA,OACM;CACN,MAAM,WAAWC,sCAAe,GAAG;CACnC,MAAM,SACJ,CAAC;CACH,KAAK,MAAM,CAAC,KAAK,UAAU,OAAO,QAAQ,KAAK,GAAG;EAChD,MAAM,OAAOC,wCAAiB,KAAK;EACnC,IAAI,SAAS,QACX,OAAO,OAAO;CAElB;CACA,IAAI,OAAO,KAAK,MAAM,CAAC,CAAC,SAAS,GAC/B,SAAS,cAAc,MAAM;AAEjC;;;;AAKA,SAAgB,yBACd,SACM;CACN,MAAM,EAAE,YAAY,iBAAiB;CACrC,iBAAiB,QAAQ,KAAK;GAC3B,qBAAqB,UAAU,WAAW;EAC3C,GAAI,WAAW,UAAU,UAAa,GACnC,qBAAqB,QAAQ,WAAW,MAC3C;EACA,GAAI,WAAW,YAAY,UAAU,GAClC,qBAAqB,aAAa,WAAW,WAChD;EACA,GAAI,cAAc,UAAU,GACzB,qBAAqB,eAAe,aACvC;EACA,GAAI,WAAW,WAAW,UAAa,EAAE,oBAAoB,WAAW,OAAO;CACjF,CAAC;CAED,IACE,QAAQ,qBACR,WAAW,YAAY,OAEvB,iCACE;EACE,MAAM;EACN,UAAU;EACV,SAAS,WAAW,YAAY,aAAa,YAAY;EACzD,UACE,WAAW,YAAY,aACnB,aACA,WAAW,YAAY,SACrB,UACA;EACR,QAAQ,WAAW,UAAU,WAAW;EACxC,GAAI,WAAW,UAAU,UAAa,EAAE,OAAO,WAAW,MAAM;EAChE,GAAI,WAAW,YAAY,UAAU,EACnC,YAAY,WAAW,WAAW,KAAK,GAAG,EAC5C;CACF,GACA,EAAE,KAAK,QAAQ,IAAI,CACrB;AAEJ;;;;;AAMA,eAAsB,uBACpB,YACA,OACA,UAA+D,CAAC,GAChB;CAChD,IAAI;CACJ,IAAI;EACF,aAAa,MAAM,WAAW,KAAK;CACrC,QAAQ;EACN;CACF;CACA,IAAI,CAAC,YAAY,OAAO;CACxB,yBAAyB;EACvB,GAAG;EACH;EACA,cAAc,MAAM;CACtB,CAAC;CACD,OAAO;AACT;AAEA,MAAM,mBAAmB;AACzB,MAAM,iBAAiB;;;;;AAMvB,SAAgB,8BAAmD;CACjE,QAAQ,EAAE,mBAAmB;EAC3B,IAAI,aAAa,WAAW,GAC1B,OAAO;GAAE,SAAS;GAAO,OAAO;EAAE;EAGpC,MAAM,aAAa,aAAa,KAAK,SAAS,KAAK,WAAW,KAAK,GAAG,CAAC;EACvE,MAAM,iBAAiB,WAAW,MAAM,SAAS,iBAAiB,KAAK,IAAI,CAAC;EAC5E,MAAM,mBAAmB,WAAW,MAAM,SAAS,eAAe,KAAK,IAAI,CAAC;EAE5E,IAAI,kBAAkB,kBACpB,OAAO;GACL,SAAS;GACT,OAAO;GACP,YAAY,CAAC,gCAAgC;GAC7C,QAAQ;EACV;EAGF,IAAI,aAAa,UAAU,GACzB,OAAO;GACL,SAAS;GACT,OAAO;GACP,YAAY,CAAC,iBAAiB;GAC9B,QAAQ;EACV;EAGF,OAAO;GAAE,SAAS;GAAO,OAAO;EAAI;CACtC;AACF"}