hackmyagent 0.16.5 → 0.17.0

package/dist/arp/intelligence/verify-classification.d.ts

@@ -0,0 +1,124 @@
+/**
+ * NanoMind-Guard classification verifier (AIComply P1, producer side).
+ *
+ * This module is the producer-side companion to the L0-comply gate on
+ * `IntelligenceCoordinator`. NanoMind-Guard produces classification labels
+ * for runtime events; every result it emits is hybrid-signed with
+ * Ed25519+ML-DSA-44 (the high-throughput variant, deliberately chosen over
+ * ML-DSA-65 to keep per-event signing cost bounded). Before the coordinator
+ * can trust a classification, the signature must verify and the class must
+ * pass a tier-keyed rejection matrix that bounds what a given capability
+ * tier can ever emit, regardless of what the per-manifest permitted list
+ * says.
+ *
+ * The order of checks is:
+ *
+ *   1. Schema sanity of the result object and signature block.
+ *   2. Algorithm gate: the signature must advertise Ed25519+ML-DSA-44.
+ *      Anything else is refused before any crypto runs, so an attacker
+ *      cannot downgrade the Guard to a weaker algorithm.
+ *   3. Key and signature byte-size checks after base64 decode. Node's
+ *      `Buffer.from(_, 'base64')` is permissive, so malformed inputs are
+ *      caught here as KEY_FORMAT_ERROR rather than falling through to a
+ *      SIGNATURE_INVALID that hides a structural problem.
+ *   4. Hybrid signature verification over the canonical signed payload.
+ *      Both halves must pass; the underlying `hybridVerify` is
+ *      non-short-circuit for timing reasons.
+ *   5. Freshness: the signed timestamp must be within `maxAgeMs` of now and
+ *      must not be more than `futureSkewMs` in the future.
+ *   6. Rejection matrix keyed on `manifest.tier`. Any classification on the
+ *      absolute deny list is rejected regardless of tier. Any classification
+ *      whose minimum required tier exceeds the manifest's tier is rejected.
+ *      Any classification not in the registry is rejected as unknown
+ *      (parse-to-deny).
+ *
+ * A verified result returns `{valid: true, classification}`; the caller
+ * assigns `event.data.classification = result.classification` before
+ * handing the event to the coordinator, where the session 26 comply gate
+ * takes over and enforces the per-manifest permitted/prohibited lists. This
+ * is a defense-in-depth composition: the rejection matrix here is a hard
+ * ceiling that even a permissive manifest cannot override; the per-manifest
+ * lists are a narrower policy on top of that ceiling.
+ *
+ * Parse-to-deny (CR-001) applies to every failure path. The function never
+ * throws; all rejection branches return a typed `{valid: false}` object.
+ * Callers must treat `valid === false` as authoritative and refuse to
+ * populate `event.data.classification` on failure.
+ */
+import type { CapabilityTier, NanoMindGuardResult, NanoMindGuardVerifyOptions, NanoMindGuardVerifyResult } from '../types';
+import type { HybridAlgorithm } from '../crypto/types';
+/**
+ * Only hybrid algorithm accepted for NanoMind-Guard classification results.
+ * ML-DSA-44 is the FIPS 204 high-throughput variant. Do not accept ML-DSA-65
+ * here: the manifest loader uses ML-DSA-65 for long-lived capability
+ * manifests, and keeping the two algorithm lanes disjoint prevents a
+ * manifest key from being mistakenly used to mint per-event classifications.
+ */
+export declare const GUARD_SIGNATURE_ALGORITHM: HybridAlgorithm;
+/**
+ * Default freshness window for a Guard signature. Per-event signing is
+ * expected to complete well under a second, so 5 minutes is a generous
+ * upper bound that still closes the replay window.
+ */
+export declare const DEFAULT_MAX_AGE_MS: number;
+/**
+ * Default tolerance for signatures that appear to be timestamped in the
+ * future. Accounts for small clock skew between the Guard and the
+ * coordinator; anything beyond this is a bug or an attack.
+ */
+export declare const DEFAULT_FUTURE_SKEW_MS: number;
+/**
+ * Minimum capability tier required to act on a given classification. A
+ * classification not in this registry is treated as unknown and denied
+ * outright (parse-to-deny, CR-001). Callers that want to allow a new class
+ * must add it here first; silent acceptance is a vulnerability.
+ *
+ * The exact values are policy, not physics: they are the floor below which
+ * ARP will not execute the class regardless of the per-manifest envelope.
+ * A more permissive tier still has to pass the per-manifest comply gate
+ * inside the coordinator before the class actually runs.
+ */
+export declare const CLASSIFICATION_MIN_TIER: Readonly<Record<string, CapabilityTier>>;
+/**
+ * Classifications that are denied at every tier, including privileged.
+ * Raw credential access is always routed through the credential broker, so
+ * a Guard result labelled `credential-access` or `credential-exfiltration`
+ * is by construction a signal that something is wrong. Parse-to-deny.
+ */
+export declare const ABSOLUTE_DENY_CLASSES: ReadonlySet<string>;
+/**
+ * Produce canonical signed-payload bytes for a NanoMind-Guard result.
+ * Exported so out-of-repo signers can produce byte-identical payloads. Any
+ * drift between signer and verifier defeats verification.
+ *
+ * Canonicalization rules:
+ *   1. Remove the `signature` field if present.
+ *   2. Serialize as JSON with recursively sorted object keys and no
+ *      whitespace between tokens.
+ *   3. Encode as UTF-8.
+ */
+export declare function canonicalizeGuardResultPayload(payload: Record<string, unknown>): Uint8Array;
+/**
+ * Verify a NanoMind-Guard classification result and clear it against the
+ * capability manifest's tier. Never throws; every failure path returns a
+ * typed `{valid: false, code, reason}` the caller routes on.
+ *
+ * On success, the returned `classification` is the cleared label the caller
+ * should write into `event.data.classification` before handing the event to
+ * the coordinator. The per-manifest permitted/prohibited envelope is NOT
+ * applied here; the coordinator's L0-comply gate handles that layer.
+ */
+export declare function verifyClassification(result: NanoMindGuardResult, options: NanoMindGuardVerifyOptions): Promise<NanoMindGuardVerifyResult>;
+/**
+ * Convenience wrapper: verify a Guard result and, on success, write the
+ * cleared classification into `event.data.classification` so the
+ * coordinator's L0-comply gate can consume it. Returns the verification
+ * result regardless of outcome so callers can route on the reason without
+ * re-running verification. On rejection, `event.data.classification` is
+ * LEFT UNCHANGED -- a failed verification must never plant a classification.
+ *
+ * The `event.data` argument is typed as `Record<string, unknown>` because
+ * that matches `ARPEvent.data`; the caller passes `event.data` directly.
+ */
+export declare function applyVerifiedClassification(eventData: Record<string, unknown>, result: NanoMindGuardResult, options: NanoMindGuardVerifyOptions): Promise<NanoMindGuardVerifyResult>;
+//# sourceMappingURL=verify-classification.d.ts.map

package/dist/arp/intelligence/verify-classification.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"verify-classification.d.ts","sourceRoot":"","sources":["../../../src/arp/intelligence/verify-classification.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA8CG;AAEH,OAAO,KAAK,EACV,cAAc,EACd,mBAAmB,EAEnB,0BAA0B,EAC1B,yBAAyB,EAC1B,MAAM,UAAU,CAAC;AAOlB,OAAO,KAAK,EAGV,eAAe,EAChB,MAAM,iBAAiB,CAAC;AAEzB;;;;;;GAMG;AACH,eAAO,MAAM,yBAAyB,EAAE,eACnB,CAAC;AAEtB;;;;GAIG;AACH,eAAO,MAAM,kBAAkB,QAAgB,CAAC;AAEhD;;;;GAIG;AACH,eAAO,MAAM,sBAAsB,QAAY,CAAC;AAehD;;;;;;;;;;GAUG;AACH,eAAO,MAAM,uBAAuB,EAAE,QAAQ,CAAC,MAAM,CAAC,MAAM,EAAE,cAAc,CAAC,CAiB5E,CAAC;AAEF;;;;;GAKG;AACH,eAAO,MAAM,qBAAqB,EAAE,WAAW,CAAC,MAAM,CAGpD,CAAC;AAEH;;;;;;;;;;GAUG;AACH,wBAAgB,8BAA8B,CAC5C,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAC/B,UAAU,CAIZ;AAeD;;;;;;;;;GASG;AACH,wBAAsB,oBAAoB,CACxC,MAAM,EAAE,mBAAmB,EAC3B,OAAO,EAAE,0BAA0B,GAClC,OAAO,CAAC,yBAAyB,CAAC,CAmJpC;AAkED;;;;;;;;;;GAUG;AACH,wBAAsB,2BAA2B,CAC/C,SAAS,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAClC,MAAM,EAAE,mBAAmB,EAC3B,OAAO,EAAE,0BAA0B,GAClC,OAAO,CAAC,yBAAyB,CAAC,CAMpC"}

package/dist/arp/intelligence/verify-classification.js

@@ -0,0 +1,329 @@
+"use strict";
+/**
+ * NanoMind-Guard classification verifier (AIComply P1, producer side).
+ *
+ * This module is the producer-side companion to the L0-comply gate on
+ * `IntelligenceCoordinator`. NanoMind-Guard produces classification labels
+ * for runtime events; every result it emits is hybrid-signed with
+ * Ed25519+ML-DSA-44 (the high-throughput variant, deliberately chosen over
+ * ML-DSA-65 to keep per-event signing cost bounded). Before the coordinator
+ * can trust a classification, the signature must verify and the class must
+ * pass a tier-keyed rejection matrix that bounds what a given capability
+ * tier can ever emit, regardless of what the per-manifest permitted list
+ * says.
+ *
+ * The order of checks is:
+ *
+ *   1. Schema sanity of the result object and signature block.
+ *   2. Algorithm gate: the signature must advertise Ed25519+ML-DSA-44.
+ *      Anything else is refused before any crypto runs, so an attacker
+ *      cannot downgrade the Guard to a weaker algorithm.
+ *   3. Key and signature byte-size checks after base64 decode. Node's
+ *      `Buffer.from(_, 'base64')` is permissive, so malformed inputs are
+ *      caught here as KEY_FORMAT_ERROR rather than falling through to a
+ *      SIGNATURE_INVALID that hides a structural problem.
+ *   4. Hybrid signature verification over the canonical signed payload.
+ *      Both halves must pass; the underlying `hybridVerify` is
+ *      non-short-circuit for timing reasons.
+ *   5. Freshness: the signed timestamp must be within `maxAgeMs` of now and
+ *      must not be more than `futureSkewMs` in the future.
+ *   6. Rejection matrix keyed on `manifest.tier`. Any classification on the
+ *      absolute deny list is rejected regardless of tier. Any classification
+ *      whose minimum required tier exceeds the manifest's tier is rejected.
+ *      Any classification not in the registry is rejected as unknown
+ *      (parse-to-deny).
+ *
+ * A verified result returns `{valid: true, classification}`; the caller
+ * assigns `event.data.classification = result.classification` before
+ * handing the event to the coordinator, where the session 26 comply gate
+ * takes over and enforces the per-manifest permitted/prohibited lists. This
+ * is a defense-in-depth composition: the rejection matrix here is a hard
+ * ceiling that even a permissive manifest cannot override; the per-manifest
+ * lists are a narrower policy on top of that ceiling.
+ *
+ * Parse-to-deny (CR-001) applies to every failure path. The function never
+ * throws; all rejection branches return a typed `{valid: false}` object.
+ * Callers must treat `valid === false` as authoritative and refuse to
+ * populate `event.data.classification` on failure.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ABSOLUTE_DENY_CLASSES = exports.CLASSIFICATION_MIN_TIER = exports.DEFAULT_FUTURE_SKEW_MS = exports.DEFAULT_MAX_AGE_MS = exports.GUARD_SIGNATURE_ALGORITHM = void 0;
+exports.canonicalizeGuardResultPayload = canonicalizeGuardResultPayload;
+exports.verifyClassification = verifyClassification;
+exports.applyVerifiedClassification = applyVerifiedClassification;
+const hybrid_signing_1 = require("../crypto/hybrid-signing");
+/**
+ * Only hybrid algorithm accepted for NanoMind-Guard classification results.
+ * ML-DSA-44 is the FIPS 204 high-throughput variant. Do not accept ML-DSA-65
+ * here: the manifest loader uses ML-DSA-65 for long-lived capability
+ * manifests, and keeping the two algorithm lanes disjoint prevents a
+ * manifest key from being mistakenly used to mint per-event classifications.
+ */
+exports.GUARD_SIGNATURE_ALGORITHM = 'Ed25519+ML-DSA-44';
+/**
+ * Default freshness window for a Guard signature. Per-event signing is
+ * expected to complete well under a second, so 5 minutes is a generous
+ * upper bound that still closes the replay window.
+ */
+exports.DEFAULT_MAX_AGE_MS = 5 * 60 * 1000;
+/**
+ * Default tolerance for signatures that appear to be timestamped in the
+ * future. Accounts for small clock skew between the Guard and the
+ * coordinator; anything beyond this is a bug or an attack.
+ */
+exports.DEFAULT_FUTURE_SKEW_MS = 30 * 1000;
+/**
+ * Total order on capability tiers. A classification requiring tier T is
+ * permitted only when the manifest's tier is at least T. Synchronized with
+ * `CapabilityTier` in `../types.ts`.
+ */
+const TIER_LEVEL = {
+    minimal: 0,
+    read: 1,
+    execute: 2,
+    mutate: 3,
+    privileged: 4,
+};
+/**
+ * Minimum capability tier required to act on a given classification. A
+ * classification not in this registry is treated as unknown and denied
+ * outright (parse-to-deny, CR-001). Callers that want to allow a new class
+ * must add it here first; silent acceptance is a vulnerability.
+ *
+ * The exact values are policy, not physics: they are the floor below which
+ * ARP will not execute the class regardless of the per-manifest envelope.
+ * A more permissive tier still has to pass the per-manifest comply gate
+ * inside the coordinator before the class actually runs.
+ */
+exports.CLASSIFICATION_MIN_TIER = {
+    // Tier 0: minimal -- read-only, no side effects
+    'documentation': 'minimal',
+    // Tier 1: read -- observe state, no mutation
+    'code-analysis': 'read',
+    'data-read': 'read',
+    // Tier 2: execute -- sandboxed side effects and controlled egress
+    'code-generation': 'execute',
+    'network-egress': 'execute',
+    'process-spawn': 'execute',
+    // Tier 3: mutate -- write user-visible state
+    'data-write': 'mutate',
+    'file-write': 'mutate',
+    // Tier 4: privileged -- irreversible or cross-user effects
+    'file-delete': 'privileged',
+    'system-mutation': 'privileged',
+    'privileged-operation': 'privileged',
+};
+/**
+ * Classifications that are denied at every tier, including privileged.
+ * Raw credential access is always routed through the credential broker, so
+ * a Guard result labelled `credential-access` or `credential-exfiltration`
+ * is by construction a signal that something is wrong. Parse-to-deny.
+ */
+exports.ABSOLUTE_DENY_CLASSES = new Set([
+    'credential-access',
+    'credential-exfiltration',
+]);
+/**
+ * Produce canonical signed-payload bytes for a NanoMind-Guard result.
+ * Exported so out-of-repo signers can produce byte-identical payloads. Any
+ * drift between signer and verifier defeats verification.
+ *
+ * Canonicalization rules:
+ *   1. Remove the `signature` field if present.
+ *   2. Serialize as JSON with recursively sorted object keys and no
+ *      whitespace between tokens.
+ *   3. Encode as UTF-8.
+ */
+function canonicalizeGuardResultPayload(payload) {
+    const stripped = { ...payload };
+    delete stripped.signature;
+    return new TextEncoder().encode(stableStringify(stripped));
+}
+function stableStringify(value) {
+    if (value === null || typeof value !== 'object')
+        return JSON.stringify(value);
+    if (Array.isArray(value)) {
+        return `[${value.map((v) => stableStringify(v)).join(',')}]`;
+    }
+    const obj = value;
+    const keys = Object.keys(obj).sort();
+    const pairs = keys.map((k) => `${JSON.stringify(k)}:${stableStringify(obj[k])}`);
+    return `{${pairs.join(',')}}`;
+}
+/**
+ * Verify a NanoMind-Guard classification result and clear it against the
+ * capability manifest's tier. Never throws; every failure path returns a
+ * typed `{valid: false, code, reason}` the caller routes on.
+ *
+ * On success, the returned `classification` is the cleared label the caller
+ * should write into `event.data.classification` before handing the event to
+ * the coordinator. The per-manifest permitted/prohibited envelope is NOT
+ * applied here; the coordinator's L0-comply gate handles that layer.
+ */
+async function verifyClassification(result, options) {
+    // 1. Schema sanity. We refuse to crypto-verify a malformed object.
+    const schemaError = validateResultSchema(result);
+    if (schemaError !== null) {
+        return invalid('SCHEMA_ERROR', schemaError);
+    }
+    // 2. Algorithm gate. The Guard MUST advertise Ed25519+ML-DSA-44. Refusing
+    // anything else prevents algorithm downgrade, and prevents a manifest
+    // key (ML-DSA-65) from being replayed as a classification signing key.
+    const sig = result.signature;
+    if (sig.alg !== exports.GUARD_SIGNATURE_ALGORITHM) {
+        return invalid('ALGORITHM_UNSUPPORTED', `signature algorithm must be ${exports.GUARD_SIGNATURE_ALGORITHM}, got ${JSON.stringify(sig.alg)}`);
+    }
+    if (options.guardPublicKey.algorithm !== exports.GUARD_SIGNATURE_ALGORITHM) {
+        return invalid('ALGORITHM_UNSUPPORTED', `guard public key algorithm must be ${exports.GUARD_SIGNATURE_ALGORITHM}, got ${JSON.stringify(options.guardPublicKey.algorithm)}`);
+    }
+    if (options.guardPublicKey.mldsaVariant !== 'ML-DSA-44') {
+        return invalid('ALGORITHM_UNSUPPORTED', `guard public key mldsaVariant must be ML-DSA-44, got ${JSON.stringify(options.guardPublicKey.mldsaVariant)}`);
+    }
+    // 3. Decode keys and signature. Base64 decode followed by FIPS 204 size
+    // checks; any failure here is KEY_FORMAT_ERROR so callers can tell
+    // "structurally malformed" apart from "cryptographically wrong".
+    let publicKeyBytes;
+    let signatureBytes;
+    try {
+        const encodedPk = options.guardPublicKey;
+        publicKeyBytes = (0, hybrid_signing_1.decodeHybridPublicKey)(encodedPk);
+        const encodedSig = {
+            alg: exports.GUARD_SIGNATURE_ALGORITHM,
+            ed25519Sig: sig.ed25519Sig,
+            mldsaSig: sig.mldsaSig,
+            ts: sig.ts,
+        };
+        signatureBytes = (0, hybrid_signing_1.decodeHybridSignature)(encodedSig);
+    }
+    catch (err) {
+        return invalid('KEY_FORMAT_ERROR', `failed to decode hybrid key or signature bytes: ${err.message}`);
+    }
+    if (!(0, hybrid_signing_1.validateKeySize)('Ed25519', 'publicKey', publicKeyBytes.ed25519PublicKey)) {
+        return invalid('KEY_FORMAT_ERROR', `ed25519 public key has wrong length: ${publicKeyBytes.ed25519PublicKey.length}`);
+    }
+    if (!(0, hybrid_signing_1.validateKeySize)('ML-DSA-44', 'publicKey', publicKeyBytes.mldsaPublicKey)) {
+        return invalid('KEY_FORMAT_ERROR', `ml-dsa-44 public key has wrong length: ${publicKeyBytes.mldsaPublicKey.length}`);
+    }
+    if (!(0, hybrid_signing_1.validateKeySize)('Ed25519', 'signature', signatureBytes.ed25519Sig)) {
+        return invalid('KEY_FORMAT_ERROR', `ed25519 signature has wrong length: ${signatureBytes.ed25519Sig.length}`);
+    }
+    if (!(0, hybrid_signing_1.validateKeySize)('ML-DSA-44', 'signature', signatureBytes.mldsaSig)) {
+        return invalid('KEY_FORMAT_ERROR', `ml-dsa-44 signature has wrong length: ${signatureBytes.mldsaSig.length}`);
+    }
+    // 4. Canonicalize the signed payload (result minus signature block) and
+    // run the non-short-circuit hybrid verifier. Both halves are evaluated on
+    // every call.
+    const canonical = canonicalizeGuardResultPayload(result);
+    const verifyResult = await (0, hybrid_signing_1.hybridVerify)(canonical, signatureBytes, publicKeyBytes);
+    if (!verifyResult.valid) {
+        return invalid('SIGNATURE_INVALID', verifyResult.reason ?? 'hybrid signature rejected by verifier');
+    }
+    // 5. Freshness check. Runs AFTER signature verification so that an
+    // attacker who manipulates the timestamp cannot distinguish "signature
+    // broken" from "timestamp too old" via timing or error code. A valid
+    // signature over a stale timestamp is still STALE.
+    const now = (options.now ?? Date.now)();
+    const maxAgeMs = options.maxAgeMs ?? exports.DEFAULT_MAX_AGE_MS;
+    const futureSkewMs = options.futureSkewMs ?? exports.DEFAULT_FUTURE_SKEW_MS;
+    const age = now - result.timestamp;
+    if (age > maxAgeMs) {
+        return invalid('STALE', `signature timestamp is ${age} ms old, exceeds maxAgeMs=${maxAgeMs}`);
+    }
+    if (-age > futureSkewMs) {
+        return invalid('FUTURE_DATED', `signature timestamp is ${-age} ms in the future, exceeds futureSkewMs=${futureSkewMs}`);
+    }
+    // 6. Tier rejection matrix. The absolute deny list is checked first and
+    // applies at every tier. Unknown classifications are parse-to-deny.
+    if (exports.ABSOLUTE_DENY_CLASSES.has(result.classification)) {
+        return invalid('ABSOLUTE_DENY', `classification ${JSON.stringify(result.classification)} is on the absolute deny list`);
+    }
+    const requiredTier = exports.CLASSIFICATION_MIN_TIER[result.classification];
+    if (requiredTier === undefined) {
+        return invalid('UNKNOWN_CLASSIFICATION', `classification ${JSON.stringify(result.classification)} is not in the tier registry; parse-to-deny`);
+    }
+    const manifestLevel = TIER_LEVEL[options.manifest.tier];
+    const requiredLevel = TIER_LEVEL[requiredTier];
+    if (manifestLevel < requiredLevel) {
+        return invalid('TIER_REJECTED', `classification ${JSON.stringify(result.classification)} requires tier ${requiredTier}, manifest tier is ${options.manifest.tier}`);
+    }
+    return {
+        valid: true,
+        classification: result.classification,
+        tier: options.manifest.tier,
+        confidence: result.confidence,
+    };
+}
+/**
+ * Validate the runtime shape of a `NanoMindGuardResult`. Returns a
+ * human-readable error string on failure, or `null` if the result passes.
+ * Kept as a string-returning helper so the caller can wrap the result in a
+ * typed `invalid()` without mixing exception and value control flow.
+ */
+function validateResultSchema(result) {
+    if (result === null || typeof result !== 'object') {
+        return 'result must be an object';
+    }
+    if (typeof result.classification !== 'string' || result.classification.length === 0) {
+        return 'classification must be a non-empty string';
+    }
+    if (typeof result.confidence !== 'number' ||
+        !Number.isFinite(result.confidence) ||
+        result.confidence < 0 ||
+        result.confidence > 1) {
+        return 'confidence must be a finite number in [0, 1]';
+    }
+    if (typeof result.modelVersion !== 'string' || result.modelVersion.length === 0) {
+        return 'modelVersion must be a non-empty string';
+    }
+    if (typeof result.contentHash !== 'string' ||
+        !/^[0-9a-fA-F]{64}$/.test(result.contentHash)) {
+        return 'contentHash must be a 64-character hex string (SHA-256)';
+    }
+    if (typeof result.timestamp !== 'number' || !Number.isFinite(result.timestamp)) {
+        return 'timestamp must be a finite number (Unix ms)';
+    }
+    const sig = result.signature;
+    if (sig === null || typeof sig !== 'object') {
+        return 'signature must be a mapping';
+    }
+    if (typeof sig.alg !== 'string') {
+        return 'signature.alg must be a string';
+    }
+    if (typeof sig.ed25519Sig !== 'string' || sig.ed25519Sig.length === 0) {
+        return 'signature.ed25519Sig must be a non-empty base64 string';
+    }
+    if (typeof sig.mldsaSig !== 'string' || sig.mldsaSig.length === 0) {
+        return 'signature.mldsaSig must be a non-empty base64 string';
+    }
+    if (typeof sig.ts !== 'number' || !Number.isFinite(sig.ts)) {
+        return 'signature.ts must be a finite number';
+    }
+    return null;
+}
+/**
+ * Ensure the structurally identical invalid-result shape across every
+ * failure branch. Kept as a tiny helper so the TypeScript discriminant on
+ * `valid` narrows correctly in callers.
+ */
+function invalid(code, reason) {
+    return { valid: false, code, reason };
+}
+/**
+ * Convenience wrapper: verify a Guard result and, on success, write the
+ * cleared classification into `event.data.classification` so the
+ * coordinator's L0-comply gate can consume it. Returns the verification
+ * result regardless of outcome so callers can route on the reason without
+ * re-running verification. On rejection, `event.data.classification` is
+ * LEFT UNCHANGED -- a failed verification must never plant a classification.
+ *
+ * The `event.data` argument is typed as `Record<string, unknown>` because
+ * that matches `ARPEvent.data`; the caller passes `event.data` directly.
+ */
+async function applyVerifiedClassification(eventData, result, options) {
+    const verifyResult = await verifyClassification(result, options);
+    if (verifyResult.valid) {
+        eventData.classification = verifyResult.classification;
+    }
+    return verifyResult;
+}
+//# sourceMappingURL=verify-classification.js.map

package/dist/arp/intelligence/verify-classification.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"verify-classification.js","sourceRoot":"","sources":["../../../src/arp/intelligence/verify-classification.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA8CG;;;AA8GH,wEAMC;AAyBD,oDAsJC;AA6ED,kEAUC;AAjXD,6DAKkC;AAOlC;;;;;;GAMG;AACU,QAAA,yBAAyB,GACpC,mBAAmB,CAAC;AAEtB;;;;GAIG;AACU,QAAA,kBAAkB,GAAG,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC;AAEhD;;;;GAIG;AACU,QAAA,sBAAsB,GAAG,EAAE,GAAG,IAAI,CAAC;AAEhD;;;;GAIG;AACH,MAAM,UAAU,GAAmC;IACjD,OAAO,EAAE,CAAC;IACV,IAAI,EAAE,CAAC;IACP,OAAO,EAAE,CAAC;IACV,MAAM,EAAE,CAAC;IACT,UAAU,EAAE,CAAC;CACd,CAAC;AAEF;;;;;;;;;;GAUG;AACU,QAAA,uBAAuB,GAA6C;IAC/E,gDAAgD;IAChD,eAAe,EAAE,SAAS;IAC1B,6CAA6C;IAC7C,eAAe,EAAE,MAAM;IACvB,WAAW,EAAE,MAAM;IACnB,kEAAkE;IAClE,iBAAiB,EAAE,SAAS;IAC5B,gBAAgB,EAAE,SAAS;IAC3B,eAAe,EAAE,SAAS;IAC1B,6CAA6C;IAC7C,YAAY,EAAE,QAAQ;IACtB,YAAY,EAAE,QAAQ;IACtB,2DAA2D;IAC3D,aAAa,EAAE,YAAY;IAC3B,iBAAiB,EAAE,YAAY;IAC/B,sBAAsB,EAAE,YAAY;CACrC,CAAC;AAEF;;;;;GAKG;AACU,QAAA,qBAAqB,GAAwB,IAAI,GAAG,CAAC;IAChE,mBAAmB;IACnB,yBAAyB;CAC1B,CAAC,CAAC;AAEH;;;;;;;;;;GAUG;AACH,SAAgB,8BAA8B,CAC5C,OAAgC;IAEhC,MAAM,QAAQ,GAA4B,EAAE,GAAG,OAAO,EAAE,CAAC;IACzD,OAAO,QAAQ,CAAC,SAAS,CAAC;IAC1B,OAAO,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,eAAe,CAAC,QAAQ,CAAC,CAAC,CAAC;AAC7D,CAAC;AAED,SAAS,eAAe,CAAC,KAAc;IACrC,IAAI,KAAK,KAAK,IAAI,IAAI,OAAO,KAAK,KAAK,QAAQ;QAAE,OAAO,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC;IAC9E,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;QACzB,OAAO,IAAI,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC;IAC/D,CAAC;IACD,MAAM,GAAG,GAAG,KAAgC,CAAC;IAC7C,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,CAAC;IACrC,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,CACpB,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,IAAI,eAAe,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,CACzD,CAAC;IACF,OAAO,IAAI,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC;AAChC,CAAC;AAED;;;;;;;;;GASG;AACI,KAAK,UAAU,oBAAoB,CACxC,MAA2B,EAC3B,OAAmC;IAEnC,mEAAmE;IACnE,MAAM,WAAW,GAAG,oBAAoB,CAAC,MAAM,CAAC,CAAC;IACjD,IAAI,WAAW,KAAK,IAAI,EAAE,CAAC;QACzB,OAAO,OAAO,CAAC,cAAc,EAAE,WAAW,CAAC,CAAC;IAC9C,CAAC;IAED,0EAA0E;IAC1E,sEAAsE;IACtE,uEAAuE;IACvE,MAAM,GAAG,GAAG,MAAM,CAAC,SAAS,CAAC;IAC7B,IAAI,GAAG,CAAC,GAAG,KAAK,iCAAyB,EAAE,CAAC;QAC1C,OAAO,OAAO,CACZ,uBAAuB,EACvB,+BAA+B,iCAAyB,SAAS,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAC3F,CAAC;IACJ,CAAC;IACD,IAAI,OAAO,CAAC,cAAc,CAAC,SAAS,KAAK,iCAAyB,EAAE,CAAC;QACnE,OAAO,OAAO,CACZ,uBAAuB,EACvB,sCAAsC,iCAAyB,SAAS,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,cAAc,CAAC,SAAS,CAAC,EAAE,CAC3H,CAAC;IACJ,CAAC;IACD,IAAI,OAAO,CAAC,cAAc,CAAC,YAAY,KAAK,WAAW,EAAE,CAAC;QACxD,OAAO,OAAO,CACZ,uBAAuB,EACvB,wDAAwD,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,cAAc,CAAC,YAAY,CAAC,EAAE,CAC9G,CAAC;IACJ,CAAC;IAED,wEAAwE;IACxE,mEAAmE;IACnE,iEAAiE;IACjE,IAAI,cAAc,CAAC;IACnB,IAAI,cAAc,CAAC;IACnB,IAAI,CAAC;QACH,MAAM,SAAS,GAA2B,OAAO,CAAC,cAAc,CAAC;QACjE,cAAc,GAAG,IAAA,sCAAqB,EAAC,SAAS,CAAC,CAAC;QAElD,MAAM,UAAU,GAA2B;YACzC,GAAG,EAAE,iCAAyB;YAC9B,UAAU,EAAE,GAAG,CAAC,UAAU;YAC1B,QAAQ,EAAE,GAAG,CAAC,QAAQ;YACtB,EAAE,EAAE,GAAG,CAAC,EAAE;SACX,CAAC;QACF,cAAc,GAAG,IAAA,sCAAqB,EAAC,UAAU,CAAC,CAAC;IACrD,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,OAAO,OAAO,CACZ,kBAAkB,EAClB,mDAAoD,GAAa,CAAC,OAAO,EAAE,CAC5E,CAAC;IACJ,CAAC;IAED,IAAI,CAAC,IAAA,gCAAe,EAAC,SAAS,EAAE,WAAW,EAAE,cAAc,CAAC,gBAAgB,CAAC,EAAE,CAAC;QAC9E,OAAO,OAAO,CACZ,kBAAkB,EAClB,wCAAwC,cAAc,CAAC,gBAAgB,CAAC,MAAM,EAAE,CACjF,CAAC;IACJ,CAAC;IACD,IAAI,CAAC,IAAA,gCAAe,EAAC,WAAW,EAAE,WAAW,EAAE,cAAc,CAAC,cAAc,CAAC,EAAE,CAAC;QAC9E,OAAO,OAAO,CACZ,kBAAkB,EAClB,0CAA0C,cAAc,CAAC,cAAc,CAAC,MAAM,EAAE,CACjF,CAAC;IACJ,CAAC;IACD,IAAI,CAAC,IAAA,gCAAe,EAAC,SAAS,EAAE,WAAW,EAAE,cAAc,CAAC,UAAU,CAAC,EAAE,CAAC;QACxE,OAAO,OAAO,CACZ,kBAAkB,EAClB,uCAAuC,cAAc,CAAC,UAAU,CAAC,MAAM,EAAE,CAC1E,CAAC;IACJ,CAAC;IACD,IAAI,CAAC,IAAA,gCAAe,EAAC,WAAW,EAAE,WAAW,EAAE,cAAc,CAAC,QAAQ,CAAC,EAAE,CAAC;QACxE,OAAO,OAAO,CACZ,kBAAkB,EAClB,yCAAyC,cAAc,CAAC,QAAQ,CAAC,MAAM,EAAE,CAC1E,CAAC;IACJ,CAAC;IAED,wEAAwE;IACxE,0EAA0E;IAC1E,cAAc;IACd,MAAM,SAAS,GAAG,8BAA8B,CAC9C,MAA4C,CAC7C,CAAC;IACF,MAAM,YAAY,GAAG,MAAM,IAAA,6BAAY,EACrC,SAAS,EACT,cAAc,EACd,cAAc,CACf,CAAC;IACF,IAAI,CAAC,YAAY,CAAC,KAAK,EAAE,CAAC;QACxB,OAAO,OAAO,CACZ,mBAAmB,EACnB,YAAY,CAAC,MAAM,IAAI,uCAAuC,CAC/D,CAAC;IACJ,CAAC;IAED,mEAAmE;IACnE,uEAAuE;IACvE,qEAAqE;IACrE,mDAAmD;IACnD,MAAM,GAAG,GAAG,CAAC,OAAO,CAAC,GAAG,IAAI,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC;IACxC,MAAM,QAAQ,GAAG,OAAO,CAAC,QAAQ,IAAI,0BAAkB,CAAC;IACxD,MAAM,YAAY,GAAG,OAAO,CAAC,YAAY,IAAI,8BAAsB,CAAC;IACpE,MAAM,GAAG,GAAG,GAAG,GAAG,MAAM,CAAC,SAAS,CAAC;IACnC,IAAI,GAAG,GAAG,QAAQ,EAAE,CAAC;QACnB,OAAO,OAAO,CACZ,OAAO,EACP,0BAA0B,GAAG,6BAA6B,QAAQ,EAAE,CACrE,CAAC;IACJ,CAAC;IACD,IAAI,CAAC,GAAG,GAAG,YAAY,EAAE,CAAC;QACxB,OAAO,OAAO,CACZ,cAAc,EACd,0BAA0B,CAAC,GAAG,2CAA2C,YAAY,EAAE,CACxF,CAAC;IACJ,CAAC;IAED,wEAAwE;IACxE,oEAAoE;IACpE,IAAI,6BAAqB,CAAC,GAAG,CAAC,MAAM,CAAC,cAAc,CAAC,EAAE,CAAC;QACrD,OAAO,OAAO,CACZ,eAAe,EACf,kBAAkB,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,cAAc,CAAC,+BAA+B,CACvF,CAAC;IACJ,CAAC;IACD,MAAM,YAAY,GAAG,+BAAuB,CAAC,MAAM,CAAC,cAAc,CAAC,CAAC;IACpE,IAAI,YAAY,KAAK,SAAS,EAAE,CAAC;QAC/B,OAAO,OAAO,CACZ,wBAAwB,EACxB,kBAAkB,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,cAAc,CAAC,6CAA6C,CACrG,CAAC;IACJ,CAAC;IACD,MAAM,aAAa,GAAG,UAAU,CAAC,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;IACxD,MAAM,aAAa,GAAG,UAAU,CAAC,YAAY,CAAC,CAAC;IAC/C,IAAI,aAAa,GAAG,aAAa,EAAE,CAAC;QAClC,OAAO,OAAO,CACZ,eAAe,EACf,kBAAkB,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,cAAc,CAAC,kBAAkB,YAAY,sBAAsB,OAAO,CAAC,QAAQ,CAAC,IAAI,EAAE,CACnI,CAAC;IACJ,CAAC;IAED,OAAO;QACL,KAAK,EAAE,IAAI;QACX,cAAc,EAAE,MAAM,CAAC,cAAc;QACrC,IAAI,EAAE,OAAO,CAAC,QAAQ,CAAC,IAAI;QAC3B,UAAU,EAAE,MAAM,CAAC,UAAU;KAC9B,CAAC;AACJ,CAAC;AAED;;;;;GAKG;AACH,SAAS,oBAAoB,CAAC,MAA2B;IACvD,IAAI,MAAM,KAAK,IAAI,IAAI,OAAO,MAAM,KAAK,QAAQ,EAAE,CAAC;QAClD,OAAO,0BAA0B,CAAC;IACpC,CAAC;IACD,IAAI,OAAO,MAAM,CAAC,cAAc,KAAK,QAAQ,IAAI,MAAM,CAAC,cAAc,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACpF,OAAO,2CAA2C,CAAC;IACrD,CAAC;IACD,IACE,OAAO,MAAM,CAAC,UAAU,KAAK,QAAQ;QACrC,CAAC,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,UAAU,CAAC;QACnC,MAAM,CAAC,UAAU,GAAG,CAAC;QACrB,MAAM,CAAC,UAAU,GAAG,CAAC,EACrB,CAAC;QACD,OAAO,8CAA8C,CAAC;IACxD,CAAC;IACD,IAAI,OAAO,MAAM,CAAC,YAAY,KAAK,QAAQ,IAAI,MAAM,CAAC,YAAY,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAChF,OAAO,yCAAyC,CAAC;IACnD,CAAC;IACD,IACE,OAAO,MAAM,CAAC,WAAW,KAAK,QAAQ;QACtC,CAAC,mBAAmB,CAAC,IAAI,CAAC,MAAM,CAAC,WAAW,CAAC,EAC7C,CAAC;QACD,OAAO,yDAAyD,CAAC;IACnE,CAAC;IACD,IAAI,OAAO,MAAM,CAAC,SAAS,KAAK,QAAQ,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,SAAS,CAAC,EAAE,CAAC;QAC/E,OAAO,6CAA6C,CAAC;IACvD,CAAC;IACD,MAAM,GAAG,GAAG,MAAM,CAAC,SAAS,CAAC;IAC7B,IAAI,GAAG,KAAK,IAAI,IAAI,OAAO,GAAG,KAAK,QAAQ,EAAE,CAAC;QAC5C,OAAO,6BAA6B,CAAC;IACvC,CAAC;IACD,IAAI,OAAO,GAAG,CAAC,GAAG,KAAK,QAAQ,EAAE,CAAC;QAChC,OAAO,gCAAgC,CAAC;IAC1C,CAAC;IACD,IAAI,OAAO,GAAG,CAAC,UAAU,KAAK,QAAQ,IAAI,GAAG,CAAC,UAAU,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACtE,OAAO,wDAAwD,CAAC;IAClE,CAAC;IACD,IAAI,OAAO,GAAG,CAAC,QAAQ,KAAK,QAAQ,IAAI,GAAG,CAAC,QAAQ,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAClE,OAAO,sDAAsD,CAAC;IAChE,CAAC;IACD,IAAI,OAAO,GAAG,CAAC,EAAE,KAAK,QAAQ,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE,CAAC;QAC3D,OAAO,sCAAsC,CAAC;IAChD,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;;;GAIG;AACH,SAAS,OAAO,CACd,IAAkC,EAClC,MAAc;IAEd,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC;AACxC,CAAC;AAED;;;;;;;;;;GAUG;AACI,KAAK,UAAU,2BAA2B,CAC/C,SAAkC,EAClC,MAA2B,EAC3B,OAAmC;IAEnC,MAAM,YAAY,GAAG,MAAM,oBAAoB,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACjE,IAAI,YAAY,CAAC,KAAK,EAAE,CAAC;QACvB,SAAS,CAAC,cAAc,GAAG,YAAY,CAAC,cAAc,CAAC;IACzD,CAAC;IACD,OAAO,YAAY,CAAC;AACtB,CAAC"}

package/dist/arp/proxy/server.d.ts

@@ -1,4 +1,4 @@
-import type { ProxyConfig } from '../types';
+import type { ProxyConfig, CapabilityManifest, ManifestRejectionLog } from '../types';
 import type { EventEngine } from '../engine/event-engine';
 import type { PromptInterceptor } from '../interceptors/prompt';
 import type { MCPProtocolInterceptor } from '../interceptors/mcp-protocol';
@@ -8,20 +8,50 @@ export interface ARPProxyDeps {
     promptInterceptor?: PromptInterceptor;
     mcpInterceptor?: MCPProtocolInterceptor;
     a2aInterceptor?: A2AProtocolInterceptor;
+    /**
+     * Optional hook invoked when a capability manifest is rejected at proxy
+     * start. Implementations should forward the structured log to a SIEM or
+     * audit trail. If not provided, a single-line structured JSON record is
+     * written to stderr via `console.error` so that a deployed proxy still
+     * leaves evidence of the rejection.
+     *
+     * The rejection entry never crosses the wire to clients; clients only see
+     * a generic 403 deny reason.
+     */
+    onManifestRejection?: (entry: ManifestRejectionLog) => void;
 }
-/**
- * ARP HTTP Reverse Proxy — sits between clients and upstream AI services,
- * inspecting requests and responses for AI-layer threats.
- *
- * Zero external dependencies (uses Node.js built-in http module).
- * Alert-only by default; optional blockOnDetection mode.
- */
 export declare class ARPProxy {
     private readonly config;
     private readonly deps;
     private server;
+    /**
+     * Loaded capability manifest once verification succeeds at start(). Kept on
+     * the instance so downstream wiring (e.g. IntelligenceCoordinator comply
+     * checks) can read it without re-loading the YAML.
+     */
+    private manifest;
+    /**
+     * Set to true when manifest loading failed at start(). In this state the
+     * HTTP server still accepts connections (so the deploy does not crash) but
+     * every request is answered with the generic 403 deny reason. Fail closed
+     * per CR-001.
+     */
+    private manifestRejected;
     constructor(config: ProxyConfig, deps: ARPProxyDeps);
+    /** The verified manifest, or null if none was configured / it was rejected. */
+    getManifest(): CapabilityManifest | null;
+    /** True if the proxy is in deny-all state due to a manifest rejection. */
+    isManifestRejected(): boolean;
     start(): Promise<void>;
+    /**
+     * Emit a structured log entry for a manifest rejection. Client responses
+     * only ever carry the generic deny reason; the discrete error code and any
+     * loader-provided reason stay in the log channel.
+     *
+     * Wraps the user-supplied hook in a try/catch so that a misbehaving hook
+     * cannot convert a soft rejection into a hard crash.
+     */
+    private reportManifestRejection;
     stop(): Promise<void>;
     getPort(): number;
     private handleRequest;

package/dist/arp/proxy/server.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"server.d.ts","sourceRoot":"","sources":["../../../src/arp/proxy/server.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,WAAW,EAA2B,MAAM,UAAU,CAAC;AACrE,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,wBAAwB,CAAC;AAC1D,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,wBAAwB,CAAC;AAChE,OAAO,KAAK,EAAE,sBAAsB,EAAE,MAAM,8BAA8B,CAAC;AAC3E,OAAO,KAAK,EAAE,sBAAsB,EAAE,MAAM,8BAA8B,CAAC;AAG3E,MAAM,WAAW,YAAY;IAC3B,MAAM,EAAE,WAAW,CAAC;IACpB,iBAAiB,CAAC,EAAE,iBAAiB,CAAC;IACtC,cAAc,CAAC,EAAE,sBAAsB,CAAC;IACxC,cAAc,CAAC,EAAE,sBAAsB,CAAC;CACzC;AAED;;;;;;GAMG;AACH,qBAAa,QAAQ;IACnB,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAc;IACrC,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAe;IACpC,OAAO,CAAC,MAAM,CAA4B;gBAE9B,MAAM,EAAE,WAAW,EAAE,IAAI,EAAE,YAAY;IAK7C,KAAK,IAAI,OAAO,CAAC,IAAI,CAAC;IAmBtB,IAAI,IAAI,OAAO,CAAC,IAAI,CAAC;IAU3B,OAAO,IAAI,MAAM;YAUH,aAAa;IAiD3B,OAAO,CAAC,YAAY;IAQpB;;;OAGG;YACW,cAAc;IA8B5B;;OAEG;YACW,eAAe;IA+B7B,sFAAsF;IACtF,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,mBAAmB,CAAc;IAEzD;;;OAGG;IACH,OAAO,CAAC,sBAAsB;IAW9B,OAAO,CAAC,oBAAoB;IAuB5B,OAAO,CAAC,qBAAqB;IAwB7B,OAAO,CAAC,iBAAiB;IAwBzB,OAAO,CAAC,kBAAkB;IAgC1B,OAAO,CAAC,kBAAkB;IAqB1B,OAAO,CAAC,iBAAiB;IAmDzB;;;;OAIG;IACH,OAAO,CAAC,gBAAgB;CAmBzB"}
+{"version":3,"file":"server.d.ts","sourceRoot":"","sources":["../../../src/arp/proxy/server.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EACV,WAAW,EAGX,kBAAkB,EAClB,oBAAoB,EACrB,MAAM,UAAU,CAAC;AAClB,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,wBAAwB,CAAC;AAC1D,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,wBAAwB,CAAC;AAChE,OAAO,KAAK,EAAE,sBAAsB,EAAE,MAAM,8BAA8B,CAAC;AAC3E,OAAO,KAAK,EAAE,sBAAsB,EAAE,MAAM,8BAA8B,CAAC;AAO3E,MAAM,WAAW,YAAY;IAC3B,MAAM,EAAE,WAAW,CAAC;IACpB,iBAAiB,CAAC,EAAE,iBAAiB,CAAC;IACtC,cAAc,CAAC,EAAE,sBAAsB,CAAC;IACxC,cAAc,CAAC,EAAE,sBAAsB,CAAC;IACxC;;;;;;;;;OASG;IACH,mBAAmB,CAAC,EAAE,CAAC,KAAK,EAAE,oBAAoB,KAAK,IAAI,CAAC;CAC7D;AAiBD,qBAAa,QAAQ;IACnB,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAc;IACrC,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAe;IACpC,OAAO,CAAC,MAAM,CAA4B;IAC1C;;;;OAIG;IACH,OAAO,CAAC,QAAQ,CAAmC;IACnD;;;;;OAKG;IACH,OAAO,CAAC,gBAAgB,CAAS;gBAErB,MAAM,EAAE,WAAW,EAAE,IAAI,EAAE,YAAY;IAKnD,+EAA+E;IAC/E,WAAW,IAAI,kBAAkB,GAAG,IAAI;IAIxC,0EAA0E;IAC1E,kBAAkB,IAAI,OAAO;IAIvB,KAAK,IAAI,OAAO,CAAC,IAAI,CAAC;IAkC5B;;;;;;;OAOG;IACH,OAAO,CAAC,uBAAuB;IAmCzB,IAAI,IAAI,OAAO,CAAC,IAAI,CAAC;IAU3B,OAAO,IAAI,MAAM;YAUH,aAAa;IAyD3B,OAAO,CAAC,YAAY;IAQpB;;;OAGG;YACW,cAAc;IA8B5B;;OAEG;YACW,eAAe;IA+B7B,sFAAsF;IACtF,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,mBAAmB,CAAc;IAEzD;;;OAGG;IACH,OAAO,CAAC,sBAAsB;IAW9B,OAAO,CAAC,oBAAoB;IAuB5B,OAAO,CAAC,qBAAqB;IAwB7B,OAAO,CAAC,iBAAiB;IAwBzB,OAAO,CAAC,kBAAkB;IAgC1B,OAAO,CAAC,kBAAkB;IAqB1B,OAAO,CAAC,iBAAiB;IAmDzB;;;;OAIG;IACH,OAAO,CAAC,gBAAgB;CAmBzB"}