governance-sdk 0.5.0

package/dist/policy.js

@@ -0,0 +1,161 @@
+/**
+ * Policy Engine — before-action enforcement for AI agents.
+ *
+ * Evaluates rules in priority order against enforcement contexts.
+ * Preset builders are in policy-presets.ts.
+ */
+import { getBuiltinConditions } from "./conditions/builtins.js";
+import { getDefaultStage } from "./policy-stage-defaults.js";
+/**
+ * Create a standalone policy engine for before-action enforcement.
+ *
+ * Each engine has its own isolated condition registry — built-in conditions
+ * are registered automatically, and custom conditions can be added via
+ * `config.conditions` or `engine.registerCondition()`.
+ *
+ * @param config - Rules, default outcome, and custom conditions
+ * @returns A PolicyEngine with evaluate, addRule, removeRule, getRules, and condition management
+ *
+ * @example
+ * ```ts
+ * const engine = createPolicyEngine({
+ *   rules: [blockTools(['shell_exec'])],
+ *   conditions: [{ name: 'geo_fence', description: 'Block by region', evaluator: myEval }],
+ * });
+ * const decision = engine.evaluate({ agentId: 'a1', action: 'tool_call', tool: 'shell_exec' });
+ * ```
+ */
+export function createPolicyEngine(config = {}) {
+    // Instance-scoped condition registry — fully isolated per engine
+    const registry = new Map();
+    function evaluateCondition(condition, ctx) {
+        // Inline custom evaluators (params.evaluate is a function)
+        const evalFn = condition.params?.evaluate;
+        if (typeof evalFn === "function") {
+            const r = evalFn(ctx);
+            if (r && typeof r === "object" && typeof r.then === "function") {
+                throw new Error("Custom policy evaluator returned a Promise — evaluators must be synchronous.");
+            }
+            return r;
+        }
+        const entry = registry.get(condition.type);
+        if (!entry) {
+            throw new Error(`Unknown condition type "${condition.type}" — register it via engine.registerCondition()`);
+        }
+        return entry.evaluator(ctx, condition.params);
+    }
+    // Register built-in conditions
+    for (const def of getBuiltinConditions(evaluateCondition)) {
+        registry.set(def.name, def);
+    }
+    // Register any custom conditions from config
+    for (const entry of config.conditions ?? []) {
+        registry.set(entry.name, entry);
+    }
+    const rules = [...(config.rules ?? [])];
+    const defaultOutcome = config.defaultOutcome ?? "allow";
+    function evaluate(ctx) {
+        const active = rules.filter((r) => r.enabled).sort((a, b) => b.priority - a.priority);
+        for (const rule of active) {
+            if (evaluateCondition(rule.condition, ctx)) {
+                return {
+                    blocked: rule.outcome === "block" || rule.outcome === "require_approval",
+                    reason: rule.reason,
+                    ruleId: rule.id,
+                    outcome: rule.outcome,
+                    evaluatedAt: new Date().toISOString(),
+                    rulesEvaluated: active.length,
+                };
+            }
+        }
+        return {
+            blocked: defaultOutcome === "block",
+            reason: "No policy rules matched",
+            ruleId: null,
+            outcome: defaultOutcome,
+            evaluatedAt: new Date().toISOString(),
+            rulesEvaluated: active.length,
+        };
+    }
+    function addRule(rule) {
+        const idx = rules.findIndex((r) => r.id === rule.id);
+        if (idx >= 0)
+            rules[idx] = rule;
+        else
+            rules.push(rule);
+    }
+    function removeRule(ruleId) {
+        const idx = rules.findIndex((r) => r.id === ruleId);
+        if (idx >= 0)
+            rules.splice(idx, 1);
+    }
+    function evaluateStage(ctx, stage) {
+        const active = rules
+            .filter((r) => r.enabled && (r.stage ?? getDefaultStage(r.condition.type)) === stage)
+            .sort((a, b) => b.priority - a.priority);
+        for (const rule of active) {
+            if (evaluateCondition(rule.condition, ctx)) {
+                return {
+                    blocked: rule.outcome === "block" || rule.outcome === "require_approval",
+                    reason: rule.reason,
+                    ruleId: rule.id,
+                    outcome: rule.outcome,
+                    evaluatedAt: new Date().toISOString(),
+                    rulesEvaluated: active.length,
+                };
+            }
+        }
+        return {
+            blocked: defaultOutcome === "block",
+            reason: "No policy rules matched",
+            ruleId: null,
+            outcome: defaultOutcome,
+            evaluatedAt: new Date().toISOString(),
+            rulesEvaluated: active.length,
+        };
+    }
+    function getRules(stage) {
+        if (stage)
+            return rules.filter((r) => (r.stage ?? getDefaultStage(r.condition.type)) === stage);
+        return [...rules];
+    }
+    function registerCondition(entry, opts) {
+        if (registry.has(entry.name) && !opts?.override) {
+            throw new Error(`Condition type "${entry.name}" is already registered. Use { override: true } to replace.`);
+        }
+        registry.set(entry.name, entry);
+    }
+    function unregisterCondition(name) {
+        return registry.delete(name);
+    }
+    function getRegisteredCondition(name) {
+        return registry.get(name);
+    }
+    function getRegisteredConditions() {
+        return [...registry.values()];
+    }
+    function clearConditionRegistry(opts) {
+        registry.clear();
+        if (opts?.keepBuiltins) {
+            for (const def of getBuiltinConditions(evaluateCondition)) {
+                registry.set(def.name, def);
+            }
+        }
+    }
+    return {
+        evaluate,
+        evaluateStage,
+        addRule,
+        removeRule,
+        getRules,
+        get ruleCount() { return rules.filter((r) => r.enabled).length; },
+        registerCondition,
+        unregisterCondition,
+        getRegisteredCondition,
+        getRegisteredConditions,
+        clearConditionRegistry,
+    };
+}
+// ─── Re-export presets ──────────────────────────────────────────
+export { blockTools, allowOnlyTools, requireApproval, tokenBudget, rateLimit, requireLevel, requireSequence, timeWindow, } from "./policy-presets.js";
+//# sourceMappingURL=policy.js.map

package/dist/policy.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"policy.js","sourceRoot":"","sources":["../src/policy.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAAE,oBAAoB,EAAE,MAAM,0BAA0B,CAAC;AAChE,OAAO,EAAE,eAAe,EAAE,MAAM,4BAA4B,CAAC;AAuH7D;;;;;;;;;;;;;;;;;;GAkBG;AACH,MAAM,UAAU,kBAAkB,CAAC,SAA6B,EAAE;IAChE,iEAAiE;IACjE,MAAM,QAAQ,GAAG,IAAI,GAAG,EAAmC,CAAC;IAE5D,SAAS,iBAAiB,CAAC,SAA0B,EAAE,GAAuB;QAC5E,2DAA2D;QAC3D,MAAM,MAAM,GAAG,SAAS,CAAC,MAAM,EAAE,QAAQ,CAAC;QAC1C,IAAI,OAAO,MAAM,KAAK,UAAU,EAAE,CAAC;YACjC,MAAM,CAAC,GAAI,MAA+C,CAAC,GAAG,CAAC,CAAC;YAChE,IAAI,CAAC,IAAI,OAAO,CAAC,KAAK,QAAQ,IAAI,OAAQ,CAAsB,CAAC,IAAI,KAAK,UAAU,EAAE,CAAC;gBACrF,MAAM,IAAI,KAAK,CAAC,8EAA8E,CAAC,CAAC;YAClG,CAAC;YACD,OAAO,CAAC,CAAC;QACX,CAAC;QAED,MAAM,KAAK,GAAG,QAAQ,CAAC,GAAG,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;QAC3C,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,MAAM,IAAI,KAAK,CAAC,2BAA2B,SAAS,CAAC,IAAI,gDAAgD,CAAC,CAAC;QAC7G,CAAC;QACD,OAAO,KAAK,CAAC,SAAS,CAAC,GAAG,EAAE,SAAS,CAAC,MAAM,CAAC,CAAC;IAChD,CAAC;IAED,+BAA+B;IAC/B,KAAK,MAAM,GAAG,IAAI,oBAAoB,CAAC,iBAAiB,CAAC,EAAE,CAAC;QAC1D,QAAQ,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;IAC9B,CAAC;IAED,6CAA6C;IAC7C,KAAK,MAAM,KAAK,IAAI,MAAM,CAAC,UAAU,IAAI,EAAE,EAAE,CAAC;QAC5C,QAAQ,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;IAClC,CAAC;IAED,MAAM,KAAK,GAAiB,CAAC,GAAG,CAAC,MAAM,CAAC,KAAK,IAAI,EAAE,CAAC,CAAC,CAAC;IACtD,MAAM,cAAc,GAAG,MAAM,CAAC,cAAc,IAAI,OAAO,CAAC;IAExD,SAAS,QAAQ,CAAC,GAAuB;QACvC,MAAM,MAAM,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,GAAG,CAAC,CAAC,QAAQ,CAAC,CAAC;QAEtF,KAAK,MAAM,IAAI,IAAI,MAAM,EAAE,CAAC;YAC1B,IAAI,iBAAiB,CAAC,IAAI,CAAC,SAAS,EAAE,GAAG,CAAC,EAAE,CAAC;gBAC3C,OAAO;oBACL,OAAO,EAAE,IAAI,CAAC,OAAO,KAAK,OAAO,IAAI,IAAI,CAAC,OAAO,KAAK,kBAAkB;oBACxE,MAAM,EAAE,IAAI,CAAC,MAAM;oBACnB,MAAM,EAAE,IAAI,CAAC,EAAE;oBACf,OAAO,EAAE,IAAI,CAAC,OAAO;oBACrB,WAAW,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;oBACrC,cAAc,EAAE,MAAM,CAAC,MAAM;iBAC9B,CAAC;YACJ,CAAC;QACH,CAAC;QAED,OAAO;YACL,OAAO,EAAE,cAAc,KAAK,OAAO;YACnC,MAAM,EAAE,yBAAyB;YACjC,MAAM,EAAE,IAAI;YACZ,OAAO,EAAE,cAAc;YACvB,WAAW,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YACrC,cAAc,EAAE,MAAM,CAAC,MAAM;SAC9B,CAAC;IACJ,CAAC;IAED,SAAS,OAAO,CAAC,IAAgB;QAC/B,MAAM,GAAG,GAAG,KAAK,CAAC,SAAS,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,IAAI,CAAC,EAAE,CAAC,CAAC;QACrD,IAAI,GAAG,IAAI,CAAC;YAAE,KAAK,CAAC,GAAG,CAAC,GAAG,IAAI,CAAC;;YAC3B,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACxB,CAAC;IAED,SAAS,UAAU,CAAC,MAAc;QAChC,MAAM,GAAG,GAAG,KAAK,CAAC,SAAS,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,MAAM,CAAC,CAAC;QACpD,IAAI,GAAG,IAAI,CAAC;YAAE,KAAK,CAAC,MAAM,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC;IACrC,CAAC;IAED,SAAS,aAAa,CAAC,GAAuB,EAAE,KAAkB;QAChE,MAAM,MAAM,GAAG,KAAK;aACjB,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,IAAI,CAAC,CAAC,CAAC,KAAK,IAAI,eAAe,CAAC,CAAC,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,KAAK,KAAK,CAAC;aACpF,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,GAAG,CAAC,CAAC,QAAQ,CAAC,CAAC;QAE3C,KAAK,MAAM,IAAI,IAAI,MAAM,EAAE,CAAC;YAC1B,IAAI,iBAAiB,CAAC,IAAI,CAAC,SAAS,EAAE,GAAG,CAAC,EAAE,CAAC;gBAC3C,OAAO;oBACL,OAAO,EAAE,IAAI,CAAC,OAAO,KAAK,OAAO,IAAI,IAAI,CAAC,OAAO,KAAK,kBAAkB;oBACxE,MAAM,EAAE,IAAI,CAAC,MAAM;oBACnB,MAAM,EAAE,IAAI,CAAC,EAAE;oBACf,OAAO,EAAE,IAAI,CAAC,OAAO;oBACrB,WAAW,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;oBACrC,cAAc,EAAE,MAAM,CAAC,MAAM;iBAC9B,CAAC;YACJ,CAAC;QACH,CAAC;QAED,OAAO;YACL,OAAO,EAAE,cAAc,KAAK,OAAO;YACnC,MAAM,EAAE,yBAAyB;YACjC,MAAM,EAAE,IAAI;YACZ,OAAO,EAAE,cAAc;YACvB,WAAW,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YACrC,cAAc,EAAE,MAAM,CAAC,MAAM;SAC9B,CAAC;IACJ,CAAC;IAED,SAAS,QAAQ,CAAC,KAAmB;QACnC,IAAI,KAAK;YAAE,OAAO,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,KAAK,IAAI,eAAe,CAAC,CAAC,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,KAAK,KAAK,CAAC,CAAC;QAChG,OAAO,CAAC,GAAG,KAAK,CAAC,CAAC;IACpB,CAAC;IAED,SAAS,iBAAiB,CAAC,KAA8B,EAAE,IAA6B;QACtF,IAAI,QAAQ,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,QAAQ,EAAE,CAAC;YAChD,MAAM,IAAI,KAAK,CAAC,mBAAmB,KAAK,CAAC,IAAI,6DAA6D,CAAC,CAAC;QAC9G,CAAC;QACD,QAAQ,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;IAClC,CAAC;IAED,SAAS,mBAAmB,CAAC,IAAY;QACvC,OAAO,QAAQ,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;IAC/B,CAAC;IAED,SAAS,sBAAsB,CAAC,IAAY;QAC1C,OAAO,QAAQ,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;IAC5B,CAAC;IAED,SAAS,uBAAuB;QAC9B,OAAO,CAAC,GAAG,QAAQ,CAAC,MAAM,EAAE,CAAC,CAAC;IAChC,CAAC;IAED,SAAS,sBAAsB,CAAC,IAAiC;QAC/D,QAAQ,CAAC,KAAK,EAAE,CAAC;QACjB,IAAI,IAAI,EAAE,YAAY,EAAE,CAAC;YACvB,KAAK,MAAM,GAAG,IAAI,oBAAoB,CAAC,iBAAiB,CAAC,EAAE,CAAC;gBAC1D,QAAQ,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;YAC9B,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO;QACL,QAAQ;QACR,aAAa;QACb,OAAO;QACP,UAAU;QACV,QAAQ;QACR,IAAI,SAAS,KAAK,OAAO,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC;QACjE,iBAAiB;QACjB,mBAAmB;QACnB,sBAAsB;QACtB,uBAAuB;QACvB,sBAAsB;KACvB,CAAC;AACJ,CAAC;AAED,mEAAmE;AAEnE,OAAO,EACL,UAAU,EACV,cAAc,EACd,eAAe,EACf,WAAW,EACX,SAAS,EACT,YAAY,EACZ,eAAe,EACf,UAAU,GACX,MAAM,qBAAqB,CAAC"}

package/dist/remote-enforce.d.ts

@@ -0,0 +1,44 @@
+/**
+ * Remote Enforcement — proxy enforce() and register() to Lua Governance Cloud.
+ *
+ * When serverUrl is configured, these functions POST to the remote API
+ * instead of evaluating locally. All other methods (audit, score, policies)
+ * continue to work locally.
+ */
+import type { EnforcementContext, EnforcementDecision } from "./policy.js";
+import type { AgentRegistration, GovernanceAssessment } from "./types.js";
+export interface RemoteConfig {
+    serverUrl: string;
+    apiKey: string;
+    /** Request timeout in milliseconds (default: 30000) */
+    timeout?: number;
+}
+export interface RemoteRegisterResult {
+    id: string;
+    score: number;
+    level: number;
+    status: string;
+    assessment: GovernanceAssessment;
+}
+/** Error thrown when remote API returns a non-OK response */
+export declare class RemoteEnforcementError extends Error {
+    readonly statusCode: number;
+    readonly responseBody: string;
+    constructor(message: string, statusCode: number, responseBody: string);
+}
+/**
+ * Create a remote enforcer that proxies calls to Lua Governance Cloud.
+ *
+ * @param config - Remote server URL and API key
+ * @returns Object with remote enforce and register functions
+ */
+export declare function createRemoteEnforcer(config: RemoteConfig): {
+    enforce: (ctx: EnforcementContext, stage?: "preprocess" | "process" | "postprocess") => Promise<EnforcementDecision>;
+    register: (input: AgentRegistration) => Promise<RemoteRegisterResult>;
+};
+/**
+ * Validate remote config — throws if serverUrl is set but apiKey is missing,
+ * or if serverUrl is not a valid http/https URL.
+ */
+export declare function validateRemoteConfig(serverUrl?: string, apiKey?: string): void;
+//# sourceMappingURL=remote-enforce.d.ts.map

package/dist/remote-enforce.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"remote-enforce.d.ts","sourceRoot":"","sources":["../src/remote-enforce.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,KAAK,EAAE,kBAAkB,EAAE,mBAAmB,EAAE,MAAM,aAAa,CAAC;AAC3E,OAAO,KAAK,EAAE,iBAAiB,EAAE,oBAAoB,EAAE,MAAM,YAAY,CAAC;AAI1E,MAAM,WAAW,YAAY;IAC3B,SAAS,EAAE,MAAM,CAAC;IAClB,MAAM,EAAE,MAAM,CAAC;IACf,uDAAuD;IACvD,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB;AAED,MAAM,WAAW,oBAAoB;IACnC,EAAE,EAAE,MAAM,CAAC;IACX,KAAK,EAAE,MAAM,CAAC;IACd,KAAK,EAAE,MAAM,CAAC;IACd,MAAM,EAAE,MAAM,CAAC;IACf,UAAU,EAAE,oBAAoB,CAAC;CAClC;AAED,6DAA6D;AAC7D,qBAAa,sBAAuB,SAAQ,KAAK;aAG7B,UAAU,EAAE,MAAM;aAClB,YAAY,EAAE,MAAM;gBAFpC,OAAO,EAAE,MAAM,EACC,UAAU,EAAE,MAAM,EAClB,YAAY,EAAE,MAAM;CAKvC;AAID;;;;;GAKG;AACH,wBAAgB,oBAAoB,CAAC,MAAM,EAAE,YAAY;mBAMhD,kBAAkB,UACf,YAAY,GAAG,SAAS,GAAG,aAAa,KAC/C,OAAO,CAAC,mBAAmB,CAAC;sBAmCM,iBAAiB,KAAG,OAAO,CAAC,oBAAoB,CAAC;EAoBvF;AAED;;;GAGG;AACH,wBAAgB,oBAAoB,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,MAAM,CAAC,EAAE,MAAM,GAAG,IAAI,CAc9E"}

package/dist/remote-enforce.js

@@ -0,0 +1,99 @@
+/**
+ * Remote Enforcement — proxy enforce() and register() to Lua Governance Cloud.
+ *
+ * When serverUrl is configured, these functions POST to the remote API
+ * instead of evaluating locally. All other methods (audit, score, policies)
+ * continue to work locally.
+ */
+/** Error thrown when remote API returns a non-OK response */
+export class RemoteEnforcementError extends Error {
+    statusCode;
+    responseBody;
+    constructor(message, statusCode, responseBody) {
+        super(message);
+        this.statusCode = statusCode;
+        this.responseBody = responseBody;
+        this.name = "RemoteEnforcementError";
+    }
+}
+// ─── Remote Enforcer ────────────────────────────────────────────
+/**
+ * Create a remote enforcer that proxies calls to Lua Governance Cloud.
+ *
+ * @param config - Remote server URL and API key
+ * @returns Object with remote enforce and register functions
+ */
+export function createRemoteEnforcer(config) {
+    const { serverUrl, apiKey } = config;
+    const timeout = config.timeout ?? 30_000;
+    const baseUrl = serverUrl.replace(/\/$/, "");
+    async function remoteEnforce(ctx, stage) {
+        const endpoint = stage
+            ? `${baseUrl}/api/v1/enforce/${stage}`
+            : `${baseUrl}/api/v1/enforce`;
+        const response = await fetch(endpoint, {
+            method: "POST",
+            headers: {
+                "Content-Type": "application/json",
+                "Authorization": `Bearer ${apiKey}`,
+            },
+            body: JSON.stringify(ctx),
+            signal: AbortSignal.timeout(timeout),
+        });
+        if (!response.ok) {
+            const body = await response.text();
+            throw new RemoteEnforcementError(`Remote enforce failed: ${response.status} ${response.statusText}`, response.status, body);
+        }
+        const body = await response.json();
+        // API returns { decision: {...}, duration, operationId } — unwrap if nested
+        return "decision" in body && body.decision && typeof body.decision === "object" && "blocked" in body.decision
+            ? body.decision
+            : body;
+    }
+    /**
+     * Remote register is a local-only operation — the API auto-registers
+     * agents on first enforce call, so no dedicated endpoint exists.
+     * Returns a synthetic result so callers can use agent.id in enforce().
+     */
+    async function remoteRegister(input) {
+        return {
+            id: input.name,
+            score: 0,
+            level: 0,
+            status: "registered",
+            assessment: {
+                agentId: input.name,
+                agentName: input.name,
+                compositeScore: 0,
+                level: { level: 0, label: "pending", autonomy: "none", minScore: 0, maxScore: 0 },
+                status: "registered",
+                dimensions: [],
+                recommendations: [],
+                assessedAt: new Date().toISOString(),
+            },
+        };
+    }
+    return { enforce: remoteEnforce, register: remoteRegister };
+}
+/**
+ * Validate remote config — throws if serverUrl is set but apiKey is missing,
+ * or if serverUrl is not a valid http/https URL.
+ */
+export function validateRemoteConfig(serverUrl, apiKey) {
+    if (!serverUrl)
+        return;
+    if (!apiKey) {
+        throw new Error("apiKey is required when serverUrl is configured");
+    }
+    let parsed;
+    try {
+        parsed = new URL(serverUrl);
+    }
+    catch {
+        throw new Error(`Invalid serverUrl: "${serverUrl}" is not a valid URL`);
+    }
+    if (parsed.protocol !== "http:" && parsed.protocol !== "https:") {
+        throw new Error(`Invalid serverUrl protocol "${parsed.protocol}" — only http: and https: are allowed`);
+    }
+}
+//# sourceMappingURL=remote-enforce.js.map

package/dist/remote-enforce.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"remote-enforce.js","sourceRoot":"","sources":["../src/remote-enforce.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAsBH,6DAA6D;AAC7D,MAAM,OAAO,sBAAuB,SAAQ,KAAK;IAG7B;IACA;IAHlB,YACE,OAAe,EACC,UAAkB,EAClB,YAAoB;QAEpC,KAAK,CAAC,OAAO,CAAC,CAAC;QAHC,eAAU,GAAV,UAAU,CAAQ;QAClB,iBAAY,GAAZ,YAAY,CAAQ;QAGpC,IAAI,CAAC,IAAI,GAAG,wBAAwB,CAAC;IACvC,CAAC;CACF;AAED,mEAAmE;AAEnE;;;;;GAKG;AACH,MAAM,UAAU,oBAAoB,CAAC,MAAoB;IACvD,MAAM,EAAE,SAAS,EAAE,MAAM,EAAE,GAAG,MAAM,CAAC;IACrC,MAAM,OAAO,GAAG,MAAM,CAAC,OAAO,IAAI,MAAM,CAAC;IACzC,MAAM,OAAO,GAAG,SAAS,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;IAE7C,KAAK,UAAU,aAAa,CAC1B,GAAuB,EACvB,KAAgD;QAEhD,MAAM,QAAQ,GAAG,KAAK;YACpB,CAAC,CAAC,GAAG,OAAO,mBAAmB,KAAK,EAAE;YACtC,CAAC,CAAC,GAAG,OAAO,iBAAiB,CAAC;QAChC,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,QAAQ,EAAE;YACrC,MAAM,EAAE,MAAM;YACd,OAAO,EAAE;gBACP,cAAc,EAAE,kBAAkB;gBAClC,eAAe,EAAE,UAAU,MAAM,EAAE;aACpC;YACD,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC;YACzB,MAAM,EAAE,WAAW,CAAC,OAAO,CAAC,OAAO,CAAC;SACrC,CAAC,CAAC;QAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;YACjB,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;YACnC,MAAM,IAAI,sBAAsB,CAC9B,0BAA0B,QAAQ,CAAC,MAAM,IAAI,QAAQ,CAAC,UAAU,EAAE,EAClE,QAAQ,CAAC,MAAM,EACf,IAAI,CACL,CAAC;QACJ,CAAC;QAED,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAA6D,CAAC;QAC9F,4EAA4E;QAC5E,OAAO,UAAU,IAAI,IAAI,IAAI,IAAI,CAAC,QAAQ,IAAI,OAAO,IAAI,CAAC,QAAQ,KAAK,QAAQ,IAAI,SAAS,IAAI,IAAI,CAAC,QAAQ;YAC3G,CAAC,CAAC,IAAI,CAAC,QAAQ;YACf,CAAC,CAAC,IAA2B,CAAC;IAClC,CAAC;IAED;;;;OAIG;IACH,KAAK,UAAU,cAAc,CAAC,KAAwB;QACpD,OAAO;YACL,EAAE,EAAE,KAAK,CAAC,IAAI;YACd,KAAK,EAAE,CAAC;YACR,KAAK,EAAE,CAAC;YACR,MAAM,EAAE,YAAY;YACpB,UAAU,EAAE;gBACV,OAAO,EAAE,KAAK,CAAC,IAAI;gBACnB,SAAS,EAAE,KAAK,CAAC,IAAI;gBACrB,cAAc,EAAE,CAAC;gBACjB,KAAK,EAAE,EAAE,KAAK,EAAE,CAAC,EAAE,KAAK,EAAE,SAAS,EAAE,QAAQ,EAAE,MAAM,EAAE,QAAQ,EAAE,CAAC,EAAE,QAAQ,EAAE,CAAC,EAAE;gBACjF,MAAM,EAAE,YAAY;gBACpB,UAAU,EAAE,EAAE;gBACd,eAAe,EAAE,EAAE;gBACnB,UAAU,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;aACrC;SACF,CAAC;IACJ,CAAC;IAED,OAAO,EAAE,OAAO,EAAE,aAAa,EAAE,QAAQ,EAAE,cAAc,EAAE,CAAC;AAC9D,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,oBAAoB,CAAC,SAAkB,EAAE,MAAe;IACtE,IAAI,CAAC,SAAS;QAAE,OAAO;IACvB,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,MAAM,IAAI,KAAK,CAAC,iDAAiD,CAAC,CAAC;IACrE,CAAC;IACD,IAAI,MAAW,CAAC;IAChB,IAAI,CAAC;QACH,MAAM,GAAG,IAAI,GAAG,CAAC,SAAS,CAAC,CAAC;IAC9B,CAAC;IAAC,MAAM,CAAC;QACP,MAAM,IAAI,KAAK,CAAC,uBAAuB,SAAS,sBAAsB,CAAC,CAAC;IAC1E,CAAC;IACD,IAAI,MAAM,CAAC,QAAQ,KAAK,OAAO,IAAI,MAAM,CAAC,QAAQ,KAAK,QAAQ,EAAE,CAAC;QAChE,MAAM,IAAI,KAAK,CAAC,+BAA+B,MAAM,CAAC,QAAQ,uCAAuC,CAAC,CAAC;IACzG,CAAC;AACH,CAAC"}

package/dist/repo-patterns.d.ts

@@ -0,0 +1,32 @@
+/**
+ * Repository scanning patterns — detects agent capabilities from source code.
+ *
+ * Pure pattern matching. No I/O, no network, no dependencies.
+ * Feed it file contents, get capability detection results.
+ */
+/** Detection result for a single capability */
+export interface CapabilityDetection {
+    capability: "hasAuth" | "hasGuardrails" | "hasObservability" | "hasAuditLog";
+    detected: boolean;
+    confidence: number;
+    evidence: string[];
+}
+/** Full repo scan result */
+export interface RepoScanResult {
+    detections: CapabilityDetection[];
+    framework: string | null;
+    tools: string[];
+    channels: string[];
+    dependencies: string[];
+    scannedFiles: number;
+}
+/**
+ * Scan file contents for agent capabilities.
+ * Feed this a Map of filePath → fileContent.
+ */
+export declare function scanRepoContents(fileContents: Map<string, string>): RepoScanResult;
+/** Files worth scanning — skip node_modules, dist, tests, assets. */
+export declare const SCAN_GLOBS: string[];
+/** Files to skip even if they match globs. */
+export declare const SCAN_IGNORE: RegExp[];
+//# sourceMappingURL=repo-patterns.d.ts.map

package/dist/repo-patterns.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"repo-patterns.d.ts","sourceRoot":"","sources":["../src/repo-patterns.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,+CAA+C;AAC/C,MAAM,WAAW,mBAAmB;IAClC,UAAU,EAAE,SAAS,GAAG,eAAe,GAAG,kBAAkB,GAAG,aAAa,CAAC;IAC7E,QAAQ,EAAE,OAAO,CAAC;IAClB,UAAU,EAAE,MAAM,CAAC;IACnB,QAAQ,EAAE,MAAM,EAAE,CAAC;CACpB;AAED,4BAA4B;AAC5B,MAAM,WAAW,cAAc;IAC7B,UAAU,EAAE,mBAAmB,EAAE,CAAC;IAClC,SAAS,EAAE,MAAM,GAAG,IAAI,CAAC;IACzB,KAAK,EAAE,MAAM,EAAE,CAAC;IAChB,QAAQ,EAAE,MAAM,EAAE,CAAC;IACnB,YAAY,EAAE,MAAM,EAAE,CAAC;IACvB,YAAY,EAAE,MAAM,CAAC;CACtB;AAqMD;;;GAGG;AACH,wBAAgB,gBAAgB,CAAC,YAAY,EAAE,GAAG,CAAC,MAAM,EAAE,MAAM,CAAC,GAAG,cAAc,CAuBlF;AAED,qEAAqE;AACrE,eAAO,MAAM,UAAU,UAUtB,CAAC;AAEF,8CAA8C;AAC9C,eAAO,MAAM,WAAW,UASvB,CAAC"}

package/dist/repo-patterns.js

@@ -0,0 +1,222 @@
+/**
+ * Repository scanning patterns — detects agent capabilities from source code.
+ *
+ * Pure pattern matching. No I/O, no network, no dependencies.
+ * Feed it file contents, get capability detection results.
+ */
+// ── Auth patterns ───────────────────────────────────────────────
+const AUTH_PATTERNS = [
+    { pattern: /(?:@clerk|@auth0|next-auth|@supabase\/auth|passport|lucia-auth|better-auth)/, weight: 0.9, label: "Auth library import" },
+    { pattern: /(?:withAuth|requireAuth|authenticate|isAuthenticated|verifyToken|getSession)\s*\(/, weight: 0.8, label: "Auth middleware call" },
+    { pattern: /(?:Bearer|Authorization|JWT|oauth|OIDC|SSO)\b/i, weight: 0.5, label: "Auth protocol reference" },
+    { pattern: /(?:signIn|signUp|signOut|login|logout|createUser)\s*[=(]/, weight: 0.6, label: "Auth flow function" },
+    { pattern: /(?:middleware|auth)\.(ts|js|tsx)/, weight: 0.4, label: "Auth middleware file" },
+    { pattern: /(?:RBAC|ACL|role|permission).*(?:check|verify|require)/i, weight: 0.7, label: "Access control logic" },
+    { pattern: /(?:apiKey|api_key|API_KEY|serviceKey|service_key)/, weight: 0.5, label: "API key pattern" },
+];
+// ── Guardrail patterns ──────────────────────────────────────────
+const GUARDRAIL_PATTERNS = [
+    { pattern: /(?:@lua\/governance|createGovernance|gov\.enforce)/, weight: 0.95, label: "Lua Governance SDK" },
+    { pattern: /(?:guardrail|guard|safety|filter|sanitize|validate)(?:Input|Output|Response|Request)/i, weight: 0.7, label: "Guardrail function" },
+    { pattern: /(?:zod|yup|joi|superstruct|valibot)/, weight: 0.5, label: "Schema validation library" },
+    { pattern: /(?:z\.object|z\.string|z\.number|z\.array)\s*\(/, weight: 0.6, label: "Zod schema usage" },
+    { pattern: /(?:contentFilter|toxicity|moderation|safety)(?:Check|Filter|Guard)/i, weight: 0.8, label: "Content safety filter" },
+    { pattern: /(?:rateLimit|rateLimiter|throttle)\s*\(/, weight: 0.6, label: "Rate limiting" },
+    { pattern: /(?:injection|xss|sql|csrf).*(?:detect|prevent|guard|filter)/i, weight: 0.7, label: "Injection prevention" },
+    { pattern: /(?:maxTokens|max_tokens|token_limit|tokenBudget)/, weight: 0.5, label: "Token budget control" },
+];
+// ── Observability patterns ──────────────────────────────────────
+const OBSERVABILITY_PATTERNS = [
+    { pattern: /(?:@opentelemetry|opentelemetry|otel)/, weight: 0.9, label: "OpenTelemetry" },
+    { pattern: /(?:@sentry|sentry|Sentry\.init)/, weight: 0.8, label: "Sentry" },
+    { pattern: /(?:@datadog|dd-trace|datadog)/, weight: 0.8, label: "Datadog" },
+    { pattern: /(?:pino|winston|bunyan|loglevel|consola)\b/, weight: 0.6, label: "Structured logging" },
+    { pattern: /(?:trace|span|tracer|instrument)(?:\.start|\.end|\s*\()/, weight: 0.7, label: "Tracing instrumentation" },
+    { pattern: /(?:prometheus|grafana|newrelic|axiom|betterstack)/, weight: 0.7, label: "Monitoring platform" },
+    { pattern: /(?:langfuse|langsmith|helicone|braintrust)/, weight: 0.8, label: "AI observability" },
+    { pattern: /(?:metrics|histogram|counter|gauge)\.(?:record|inc|observe)/, weight: 0.6, label: "Metrics recording" },
+];
+// ── Audit log patterns ──────────────────────────────────────────
+const AUDIT_PATTERNS = [
+    { pattern: /(?:audit|auditLog|audit_log|createAuditEvent)/, weight: 0.9, label: "Audit log reference" },
+    { pattern: /(?:gov\.audit|audit\.log|auditTrail)\s*[.(]/, weight: 0.95, label: "Audit logging call" },
+    { pattern: /(?:eventType|event_type).*(?:created|updated|deleted|accessed)/i, weight: 0.6, label: "Event type tracking" },
+    { pattern: /(?:immutable|tamper|hash.*chain|integrity).*(?:log|event|record)/i, weight: 0.7, label: "Tamper-evident logging" },
+    { pattern: /(?:GDPR|SOC\s*2|HIPAA|compliance).*(?:log|audit|record)/i, weight: 0.6, label: "Compliance logging" },
+];
+// ── Framework detection ─────────────────────────────────────────
+// Order matters — first match wins. Lua before Mastra (Lua uses Mastra under the hood).
+const FRAMEWORK_PATTERNS = [
+    { pattern: /["']lua-cli["']|LuaAgent|LuaTool|LuaSkill/, framework: "lua" },
+    { pattern: /["']@mastra\/core["']|["']mastra["']/, framework: "mastra" },
+    { pattern: /["']langchain["']|["']@langchain\//, framework: "langchain" },
+    { pattern: /["']crewai["']/, framework: "crewai" },
+    { pattern: /["']autogen["']/, framework: "autogen" },
+    { pattern: /["']openai["'].*(?:agent|assistant)/i, framework: "openai" },
+    { pattern: /["']@vercel\/ai["']|["']ai["']/, framework: "vercel-ai" },
+    { pattern: /["']@modelcontextprotocol\//, framework: "mcp" },
+    { pattern: /["']@aws-sdk\/client-bedrock["']/, framework: "bedrock" },
+    { pattern: /["']@genkit-ai\//, framework: "genkit" },
+    { pattern: /["']@anthropic-ai\/sdk["']/, framework: "anthropic" },
+];
+// ── Tool detection ──────────────────────────────────────────────
+const GENERIC_TOOL_PATTERNS = [
+    // Generic: createTool("name"), defineTool("name"), tool("name")
+    /(?:createTool|defineTool|tool)\s*\(\s*["'`]([^"'`]+)["'`]/g,
+    // MCP: server.tool("name")
+    /server\.tool\s*\(\s*["'`]([^"'`]+)["'`]/g,
+    // Mastra/generic: createTool({ id: "name" }) or new Tool({ id: "name" })
+    /(?:createTool|new\s+Tool)\s*\(\s*\{[^}]*id\s*:\s*["'`]([^"'`]+)["'`]/g,
+    // Vercel AI: tools.name = ...
+    /tools\.([a-z][a-z0-9_]+)\s*=/g,
+];
+// Lua agents: class FooTool implements LuaTool { name = "foo_bar" }
+// name is always within a few lines of `implements LuaTool`
+const LUA_TOOL_NAME_PATTERN = /implements\s+LuaTool\s*\{[\s\n]*name\s*=\s*["'`]([^"'`]+)["'`]/g;
+// ── Channel detection ───────────────────────────────────────────
+const CHANNEL_PATTERNS = [
+    // Lua agent channels — detected from preprocessors, channel refs, env vars
+    { pattern: /Lua\.request\.channel\s*===?\s*["']slack["']|SLACK_BOT_TOKEN|SLACK_.*CHANNEL/i, channel: "slack" },
+    { pattern: /Lua\.request\.channel\s*===?\s*["']email["']|emailIngestion|email.*[Pp]reProcessor/, channel: "email" },
+    { pattern: /Lua\.request\.channel\s*===?\s*["']whatsapp["']|WHATSAPP_.*TOKEN/, channel: "whatsapp" },
+    // Generic SDK/library patterns
+    { pattern: /(?:@slack\/web-api|@slack\/bolt|SlackApp|WebClient)\b/, channel: "slack" },
+    { pattern: /(?:nodemailer|@sendgrid|ses\.send|resend|postmark)\b/i, channel: "email" },
+    { pattern: /(?:twilio.*whatsapp|whatsapp.*api)/i, channel: "whatsapp" },
+    { pattern: /(?:twilio.*sms|sendSms|messagebird)/i, channel: "sms" },
+    { pattern: /(?:discord\.js|@discordjs|DiscordClient)/i, channel: "discord" },
+    { pattern: /(?:telegraf|node-telegram|Telegraf)\b/, channel: "telegram" },
+    { pattern: /(?:@microsoft\/teams|botframework)\b/, channel: "teams" },
+    { pattern: /(?:webhook|webhookUrl|sendWebhook|notifyWebhook)/i, channel: "webhook" },
+    { pattern: /(?:express\(\)|fastify\(|new\s+Hono|new\s+Elysia)/, channel: "api" },
+];
+// ── Public API ──────────────────────────────────────────────────
+/** Score a capability against file contents. Returns 0-1 confidence. */
+function scoreCapability(fileContents, patterns) {
+    const evidence = [];
+    let totalWeight = 0;
+    for (const [filePath, content] of fileContents) {
+        for (const p of patterns) {
+            if (p.pattern.test(content)) {
+                evidence.push(`${p.label} in ${filePath}`);
+                totalWeight += p.weight;
+            }
+        }
+    }
+    // Normalize: 2+ strong signals = high confidence
+    const confidence = Math.min(1, totalWeight / 2);
+    return { confidence, evidence };
+}
+/** Detect framework from package.json or source files. */
+function detectFramework(fileContents) {
+    for (const [, content] of fileContents) {
+        for (const f of FRAMEWORK_PATTERNS) {
+            if (f.pattern.test(content))
+                return f.framework;
+        }
+    }
+    return null;
+}
+/** Extract tool names from source code. */
+function extractTools(fileContents, framework) {
+    const tools = new Set();
+    const patterns = framework === "lua"
+        ? [LUA_TOOL_NAME_PATTERN, ...GENERIC_TOOL_PATTERNS]
+        : GENERIC_TOOL_PATTERNS;
+    for (const [, content] of fileContents) {
+        for (const pattern of patterns) {
+            pattern.lastIndex = 0;
+            let match;
+            while ((match = pattern.exec(content)) !== null) {
+                const name = match[1];
+                if (isValidToolName(name))
+                    tools.add(name);
+            }
+        }
+    }
+    return [...tools];
+}
+/** Filter obvious false positives from tool name extraction. */
+function isValidToolName(name) {
+    if (name.length < 2 || name.length > 64)
+        return false;
+    // Common JS identifiers that aren't tool names
+    if (/^(id|name|type|key|value|data|error|result|input|output|config|options|default)$/.test(name))
+        return false;
+    return true;
+}
+/** Detect communication channels from source code. */
+function extractChannels(fileContents) {
+    const channels = new Set();
+    for (const [, content] of fileContents) {
+        for (const { pattern, channel } of CHANNEL_PATTERNS) {
+            if (pattern.test(content)) {
+                channels.add(channel);
+            }
+        }
+    }
+    return [...channels];
+}
+/** Extract dependencies from package.json content. */
+function extractDeps(packageJson) {
+    try {
+        const pkg = JSON.parse(packageJson);
+        return [
+            ...Object.keys(pkg.dependencies ?? {}),
+            ...Object.keys(pkg.devDependencies ?? {}),
+        ];
+    }
+    catch {
+        return [];
+    }
+}
+/**
+ * Scan file contents for agent capabilities.
+ * Feed this a Map of filePath → fileContent.
+ */
+export function scanRepoContents(fileContents) {
+    const auth = scoreCapability(fileContents, AUTH_PATTERNS);
+    const guardrails = scoreCapability(fileContents, GUARDRAIL_PATTERNS);
+    const observability = scoreCapability(fileContents, OBSERVABILITY_PATTERNS);
+    const auditLog = scoreCapability(fileContents, AUDIT_PATTERNS);
+    const pkgContent = fileContents.get("package.json") ?? "";
+    const deps = extractDeps(pkgContent);
+    const framework = detectFramework(fileContents);
+    return {
+        detections: [
+            { capability: "hasAuth", detected: auth.confidence >= 0.4, confidence: auth.confidence, evidence: auth.evidence },
+            { capability: "hasGuardrails", detected: guardrails.confidence >= 0.4, confidence: guardrails.confidence, evidence: guardrails.evidence },
+            { capability: "hasObservability", detected: observability.confidence >= 0.4, confidence: observability.confidence, evidence: observability.evidence },
+            { capability: "hasAuditLog", detected: auditLog.confidence >= 0.4, confidence: auditLog.confidence, evidence: auditLog.evidence },
+        ],
+        framework,
+        tools: extractTools(fileContents, framework),
+        channels: extractChannels(fileContents),
+        dependencies: deps,
+        scannedFiles: fileContents.size,
+    };
+}
+/** Files worth scanning — skip node_modules, dist, tests, assets. */
+export const SCAN_GLOBS = [
+    "package.json",
+    "src/**/*.ts",
+    "src/**/*.tsx",
+    "src/**/*.js",
+    "lib/**/*.ts",
+    "app/**/*.ts",
+    "app/**/*.tsx",
+    "middleware.ts",
+    "middleware.js",
+];
+/** Files to skip even if they match globs. */
+export const SCAN_IGNORE = [
+    /node_modules/,
+    /\.next/,
+    /dist\//,
+    /\.test\./,
+    /\.spec\./,
+    /\.d\.ts$/,
+    /__tests__/,
+    /coverage\//,
+];
+//# sourceMappingURL=repo-patterns.js.map

package/dist/repo-patterns.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"repo-patterns.js","sourceRoot":"","sources":["../src/repo-patterns.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AA0BH,mEAAmE;AAEnE,MAAM,aAAa,GAAiB;IAClC,EAAE,OAAO,EAAE,6EAA6E,EAAE,MAAM,EAAE,GAAG,EAAE,KAAK,EAAE,qBAAqB,EAAE;IACrI,EAAE,OAAO,EAAE,mFAAmF,EAAE,MAAM,EAAE,GAAG,EAAE,KAAK,EAAE,sBAAsB,EAAE;IAC5I,EAAE,OAAO,EAAE,gDAAgD,EAAE,MAAM,EAAE,GAAG,EAAE,KAAK,EAAE,yBAAyB,EAAE;IAC5G,EAAE,OAAO,EAAE,0DAA0D,EAAE,MAAM,EAAE,GAAG,EAAE,KAAK,EAAE,oBAAoB,EAAE;IACjH,EAAE,OAAO,EAAE,kCAAkC,EAAE,MAAM,EAAE,GAAG,EAAE,KAAK,EAAE,sBAAsB,EAAE;IAC3F,EAAE,OAAO,EAAE,yDAAyD,EAAE,MAAM,EAAE,GAAG,EAAE,KAAK,EAAE,sBAAsB,EAAE;IAClH,EAAE,OAAO,EAAE,mDAAmD,EAAE,MAAM,EAAE,GAAG,EAAE,KAAK,EAAE,iBAAiB,EAAE;CACxG,CAAC;AAEF,mEAAmE;AAEnE,MAAM,kBAAkB,GAAiB;IACvC,EAAE,OAAO,EAAE,oDAAoD,EAAE,MAAM,EAAE,IAAI,EAAE,KAAK,EAAE,oBAAoB,EAAE;IAC5G,EAAE,OAAO,EAAE,uFAAuF,EAAE,MAAM,EAAE,GAAG,EAAE,KAAK,EAAE,oBAAoB,EAAE;IAC9I,EAAE,OAAO,EAAE,qCAAqC,EAAE,MAAM,EAAE,GAAG,EAAE,KAAK,EAAE,2BAA2B,EAAE;IACnG,EAAE,OAAO,EAAE,iDAAiD,EAAE,MAAM,EAAE,GAAG,EAAE,KAAK,EAAE,kBAAkB,EAAE;IACtG,EAAE,OAAO,EAAE,qEAAqE,EAAE,MAAM,EAAE,GAAG,EAAE,KAAK,EAAE,uBAAuB,EAAE;IAC/H,EAAE,OAAO,EAAE,yCAAyC,EAAE,MAAM,EAAE,GAAG,EAAE,KAAK,EAAE,eAAe,EAAE;IAC3F,EAAE,OAAO,EAAE,8DAA8D,EAAE,MAAM,EAAE,GAAG,EAAE,KAAK,EAAE,sBAAsB,EAAE;IACvH,EAAE,OAAO,EAAE,kDAAkD,EAAE,MAAM,EAAE,GAAG,EAAE,KAAK,EAAE,sBAAsB,EAAE;CAC5G,CAAC;AAEF,mEAAmE;AAEnE,MAAM,sBAAsB,GAAiB;IAC3C,EAAE,OAAO,EAAE,uCAAuC,EAAE,MAAM,EAAE,GAAG,EAAE,KAAK,EAAE,eAAe,EAAE;IACzF,EAAE,OAAO,EAAE,iCAAiC,EAAE,MAAM,EAAE,GAAG,EAAE,KAAK,EAAE,QAAQ,EAAE;IAC5E,EAAE,OAAO,EAAE,+BAA+B,EAAE,MAAM,EAAE,GAAG,EAAE,KAAK,EAAE,SAAS,EAAE;IAC3E,EAAE,OAAO,EAAE,4CAA4C,EAAE,MAAM,EAAE,GAAG,EAAE,KAAK,EAAE,oBAAoB,EAAE;IACnG,EAAE,OAAO,EAAE,yDAAyD,EAAE,MAAM,EAAE,GAAG,EAAE,KAAK,EAAE,yBAAyB,EAAE;IACrH,EAAE,OAAO,EAAE,mDAAmD,EAAE,MAAM,EAAE,GAAG,EAAE,KAAK,EAAE,qBAAqB,EAAE;IAC3G,EAAE,OAAO,EAAE,4CAA4C,EAAE,MAAM,EAAE,GAAG,EAAE,KAAK,EAAE,kBAAkB,EAAE;IACjG,EAAE,OAAO,EAAE,6DAA6D,EAAE,MAAM,EAAE,GAAG,EAAE,KAAK,EAAE,mBAAmB,EAAE;CACpH,CAAC;AAEF,mEAAmE;AAEnE,MAAM,cAAc,GAAiB;IACnC,EAAE,OAAO,EAAE,+CAA+C,EAAE,MAAM,EAAE,GAAG,EAAE,KAAK,EAAE,qBAAqB,EAAE;IACvG,EAAE,OAAO,EAAE,6CAA6C,EAAE,MAAM,EAAE,IAAI,EAAE,KAAK,EAAE,oBAAoB,EAAE;IACrG,EAAE,OAAO,EAAE,iEAAiE,EAAE,MAAM,EAAE,GAAG,EAAE,KAAK,EAAE,qBAAqB,EAAE;IACzH,EAAE,OAAO,EAAE,mEAAmE,EAAE,MAAM,EAAE,GAAG,EAAE,KAAK,EAAE,wBAAwB,EAAE;IAC9H,EAAE,OAAO,EAAE,0DAA0D,EAAE,MAAM,EAAE,GAAG,EAAE,KAAK,EAAE,oBAAoB,EAAE;CAClH,CAAC;AAEF,mEAAmE;AACnE,wFAAwF;AAExF,MAAM,kBAAkB,GAAkD;IACxE,EAAE,OAAO,EAAE,2CAA2C,EAAE,SAAS,EAAE,KAAK,EAAE;IAC1E,EAAE,OAAO,EAAE,sCAAsC,EAAE,SAAS,EAAE,QAAQ,EAAE;IACxE,EAAE,OAAO,EAAE,oCAAoC,EAAE,SAAS,EAAE,WAAW,EAAE;IACzE,EAAE,OAAO,EAAE,gBAAgB,EAAE,SAAS,EAAE,QAAQ,EAAE;IAClD,EAAE,OAAO,EAAE,iBAAiB,EAAE,SAAS,EAAE,SAAS,EAAE;IACpD,EAAE,OAAO,EAAE,sCAAsC,EAAE,SAAS,EAAE,QAAQ,EAAE;IACxE,EAAE,OAAO,EAAE,gCAAgC,EAAE,SAAS,EAAE,WAAW,EAAE;IACrE,EAAE,OAAO,EAAE,6BAA6B,EAAE,SAAS,EAAE,KAAK,EAAE;IAC5D,EAAE,OAAO,EAAE,kCAAkC,EAAE,SAAS,EAAE,SAAS,EAAE;IACrE,EAAE,OAAO,EAAE,kBAAkB,EAAE,SAAS,EAAE,QAAQ,EAAE;IACpD,EAAE,OAAO,EAAE,4BAA4B,EAAE,SAAS,EAAE,WAAW,EAAE;CAClE,CAAC;AAEF,mEAAmE;AAEnE,MAAM,qBAAqB,GAAa;IACtC,gEAAgE;IAChE,4DAA4D;IAC5D,2BAA2B;IAC3B,0CAA0C;IAC1C,yEAAyE;IACzE,uEAAuE;IACvE,8BAA8B;IAC9B,+BAA+B;CAChC,CAAC;AAEF,oEAAoE;AACpE,4DAA4D;AAC5D,MAAM,qBAAqB,GAAG,iEAAiE,CAAC;AAEhG,mEAAmE;AAEnE,MAAM,gBAAgB,GAAgD;IACpE,2EAA2E;IAC3E,EAAE,OAAO,EAAE,+EAA+E,EAAE,OAAO,EAAE,OAAO,EAAE;IAC9G,EAAE,OAAO,EAAE,oFAAoF,EAAE,OAAO,EAAE,OAAO,EAAE;IACnH,EAAE,OAAO,EAAE,kEAAkE,EAAE,OAAO,EAAE,UAAU,EAAE;IACpG,+BAA+B;IAC/B,EAAE,OAAO,EAAE,uDAAuD,EAAE,OAAO,EAAE,OAAO,EAAE;IACtF,EAAE,OAAO,EAAE,uDAAuD,EAAE,OAAO,EAAE,OAAO,EAAE;IACtF,EAAE,OAAO,EAAE,qCAAqC,EAAE,OAAO,EAAE,UAAU,EAAE;IACvE,EAAE,OAAO,EAAE,sCAAsC,EAAE,OAAO,EAAE,KAAK,EAAE;IACnE,EAAE,OAAO,EAAE,2CAA2C,EAAE,OAAO,EAAE,SAAS,EAAE;IAC5E,EAAE,OAAO,EAAE,uCAAuC,EAAE,OAAO,EAAE,UAAU,EAAE;IACzE,EAAE,OAAO,EAAE,sCAAsC,EAAE,OAAO,EAAE,OAAO,EAAE;IACrE,EAAE,OAAO,EAAE,mDAAmD,EAAE,OAAO,EAAE,SAAS,EAAE;IACpF,EAAE,OAAO,EAAE,mDAAmD,EAAE,OAAO,EAAE,KAAK,EAAE;CACjF,CAAC;AAEF,mEAAmE;AAEnE,wEAAwE;AACxE,SAAS,eAAe,CACtB,YAAiC,EACjC,QAAsB;IAEtB,MAAM,QAAQ,GAAa,EAAE,CAAC;IAC9B,IAAI,WAAW,GAAG,CAAC,CAAC;IAEpB,KAAK,MAAM,CAAC,QAAQ,EAAE,OAAO,CAAC,IAAI,YAAY,EAAE,CAAC;QAC/C,KAAK,MAAM,CAAC,IAAI,QAAQ,EAAE,CAAC;YACzB,IAAI,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;gBAC5B,QAAQ,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,KAAK,OAAO,QAAQ,EAAE,CAAC,CAAC;gBAC3C,WAAW,IAAI,CAAC,CAAC,MAAM,CAAC;YAC1B,CAAC;QACH,CAAC;IACH,CAAC;IAED,iDAAiD;IACjD,MAAM,UAAU,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,WAAW,GAAG,CAAC,CAAC,CAAC;IAChD,OAAO,EAAE,UAAU,EAAE,QAAQ,EAAE,CAAC;AAClC,CAAC;AAED,0DAA0D;AAC1D,SAAS,eAAe,CAAC,YAAiC;IACxD,KAAK,MAAM,CAAC,EAAE,OAAO,CAAC,IAAI,YAAY,EAAE,CAAC;QACvC,KAAK,MAAM,CAAC,IAAI,kBAAkB,EAAE,CAAC;YACnC,IAAI,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC;gBAAE,OAAO,CAAC,CAAC,SAAS,CAAC;QAClD,CAAC;IACH,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,2CAA2C;AAC3C,SAAS,YAAY,CAAC,YAAiC,EAAE,SAAwB;IAC/E,MAAM,KAAK,GAAG,IAAI,GAAG,EAAU,CAAC;IAChC,MAAM,QAAQ,GAAG,SAAS,KAAK,KAAK;QAClC,CAAC,CAAC,CAAC,qBAAqB,EAAE,GAAG,qBAAqB,CAAC;QACnD,CAAC,CAAC,qBAAqB,CAAC;IAE1B,KAAK,MAAM,CAAC,EAAE,OAAO,CAAC,IAAI,YAAY,EAAE,CAAC;QACvC,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;YAC/B,OAAO,CAAC,SAAS,GAAG,CAAC,CAAC;YACtB,IAAI,KAAK,CAAC;YACV,OAAO,CAAC,KAAK,GAAG,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;gBAChD,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;gBACtB,IAAI,eAAe,CAAC,IAAI,CAAC;oBAAE,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;YAC7C,CAAC;QACH,CAAC;IACH,CAAC;IACD,OAAO,CAAC,GAAG,KAAK,CAAC,CAAC;AACpB,CAAC;AAED,gEAAgE;AAChE,SAAS,eAAe,CAAC,IAAY;IACnC,IAAI,IAAI,CAAC,MAAM,GAAG,CAAC,IAAI,IAAI,CAAC,MAAM,GAAG,EAAE;QAAE,OAAO,KAAK,CAAC;IACtD,+CAA+C;IAC/C,IAAI,kFAAkF,CAAC,IAAI,CAAC,IAAI,CAAC;QAAE,OAAO,KAAK,CAAC;IAChH,OAAO,IAAI,CAAC;AACd,CAAC;AAED,sDAAsD;AACtD,SAAS,eAAe,CAAC,YAAiC;IACxD,MAAM,QAAQ,GAAG,IAAI,GAAG,EAAU,CAAC;IACnC,KAAK,MAAM,CAAC,EAAE,OAAO,CAAC,IAAI,YAAY,EAAE,CAAC;QACvC,KAAK,MAAM,EAAE,OAAO,EAAE,OAAO,EAAE,IAAI,gBAAgB,EAAE,CAAC;YACpD,IAAI,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;gBAC1B,QAAQ,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;YACxB,CAAC;QACH,CAAC;IACH,CAAC;IACD,OAAO,CAAC,GAAG,QAAQ,CAAC,CAAC;AACvB,CAAC;AAED,sDAAsD;AACtD,SAAS,WAAW,CAAC,WAAmB;IACtC,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC;QACpC,OAAO;YACL,GAAG,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,YAAY,IAAI,EAAE,CAAC;YACtC,GAAG,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,eAAe,IAAI,EAAE,CAAC;SAC1C,CAAC;IACJ,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,CAAC;IACZ,CAAC;AACH,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,gBAAgB,CAAC,YAAiC;IAChE,MAAM,IAAI,GAAG,eAAe,CAAC,YAAY,EAAE,aAAa,CAAC,CAAC;IAC1D,MAAM,UAAU,GAAG,eAAe,CAAC,YAAY,EAAE,kBAAkB,CAAC,CAAC;IACrE,MAAM,aAAa,GAAG,eAAe,CAAC,YAAY,EAAE,sBAAsB,CAAC,CAAC;IAC5E,MAAM,QAAQ,GAAG,eAAe,CAAC,YAAY,EAAE,cAAc,CAAC,CAAC;IAE/D,MAAM,UAAU,GAAG,YAAY,CAAC,GAAG,CAAC,cAAc,CAAC,IAAI,EAAE,CAAC;IAC1D,MAAM,IAAI,GAAG,WAAW,CAAC,UAAU,CAAC,CAAC;IACrC,MAAM,SAAS,GAAG,eAAe,CAAC,YAAY,CAAC,CAAC;IAEhD,OAAO;QACL,UAAU,EAAE;YACV,EAAE,UAAU,EAAE,SAAS,EAAE,QAAQ,EAAE,IAAI,CAAC,UAAU,IAAI,GAAG,EAAE,UAAU,EAAE,IAAI,CAAC,UAAU,EAAE,QAAQ,EAAE,IAAI,CAAC,QAAQ,EAAE;YACjH,EAAE,UAAU,EAAE,eAAe,EAAE,QAAQ,EAAE,UAAU,CAAC,UAAU,IAAI,GAAG,EAAE,UAAU,EAAE,UAAU,CAAC,UAAU,EAAE,QAAQ,EAAE,UAAU,CAAC,QAAQ,EAAE;YACzI,EAAE,UAAU,EAAE,kBAAkB,EAAE,QAAQ,EAAE,aAAa,CAAC,UAAU,IAAI,GAAG,EAAE,UAAU,EAAE,aAAa,CAAC,UAAU,EAAE,QAAQ,EAAE,aAAa,CAAC,QAAQ,EAAE;YACrJ,EAAE,UAAU,EAAE,aAAa,EAAE,QAAQ,EAAE,QAAQ,CAAC,UAAU,IAAI,GAAG,EAAE,UAAU,EAAE,QAAQ,CAAC,UAAU,EAAE,QAAQ,EAAE,QAAQ,CAAC,QAAQ,EAAE;SAClI;QACD,SAAS;QACT,KAAK,EAAE,YAAY,CAAC,YAAY,EAAE,SAAS,CAAC;QAC5C,QAAQ,EAAE,eAAe,CAAC,YAAY,CAAC;QACvC,YAAY,EAAE,IAAI;QAClB,YAAY,EAAE,YAAY,CAAC,IAAI;KAChC,CAAC;AACJ,CAAC;AAED,qEAAqE;AACrE,MAAM,CAAC,MAAM,UAAU,GAAG;IACxB,cAAc;IACd,aAAa;IACb,cAAc;IACd,aAAa;IACb,aAAa;IACb,aAAa;IACb,cAAc;IACd,eAAe;IACf,eAAe;CAChB,CAAC;AAEF,8CAA8C;AAC9C,MAAM,CAAC,MAAM,WAAW,GAAG;IACzB,cAAc;IACd,QAAQ;IACR,QAAQ;IACR,UAAU;IACV,UAAU;IACV,UAAU;IACV,WAAW;IACX,YAAY;CACb,CAAC"}