heron-ai 0.2.2 → 0.4.0

package/dist/src/compliance/mapper.js

@@ -0,0 +1,443 @@
+/**
+ * Maps raw audit signals (systems, transcript, decision metadata) onto the
+ * framework-control bundles defined in `./control-mappings.ts`.
+ *
+ * Output shape: `CategorizedCompliance`, grouped by mandatoriness
+ * (mandatory vs voluntary) and risk category (privacy / IP /
+ * consumer-protection / sector-specific). The report template renders
+ * this directly.
+ *
+ * Post-AAP-42 scope (2026-04-23):
+ *   - Framework gating is simpler — only 3 frameworks (EU AI Act, GDPR,
+ *     ISO/IEC 42001). All fire whenever the finding fires; no
+ *     jurisdiction-specific statutes to narrow-scope.
+ *   - EU AI Act controls tagged `annexIII: true` are gated per-control by
+ *     the detected Annex III signals (biometrics, education, employment,
+ *     essential services, law enforcement). This replaces the prior
+ *     two-framework split (`eu-ai-act` + `eu-ai-act-high-risk`).
+ *   - The overall EU AI Act classification is computed once per audit and
+ *     attached to the `CategorizedCompliance` output so the report can show
+ *     a single "EU AI Act — High-Risk (Annex III §3 Education)" label
+ *     instead of two separate framework blocks.
+ */
+import { CONTROL_MAPPINGS } from './control-mappings.js';
+import { FRAMEWORKS } from './frameworks.js';
+import { MAPPING_VERSION } from './types.js';
+import { isBusinessSystem } from '../util/systems.js';
+export function classifyDecisionImpact(decidesAboutPeople, details) {
+    if (!decidesAboutPeople)
+        return 'none';
+    if (!details || details === 'NOT PROVIDED' || details.trim().length < 10)
+        return 'unclear';
+    const text = details.toLowerCase();
+    const highImpact = /\b(hir(e|ing)|recruit|screen.?candidate|reject|deny|approv(e|al|ing).*(loan|credit|mortgage|claim|application)|terminat|fir(e|ing)|credit.?scor|insurance.?claim|diagnos|prescri|legal.?decision|sentenc|parole|bail|evict|expel|suspend|disqualif|ban\b|block.?user|delist)\b/i;
+    if (highImpact.test(text))
+        return 'high';
+    const mediumImpact = /\b(scor(e|ing)|rank|filter|recommend|prioriti[sz]|moderate|flag|qualif(y|ied)|match|sort|categori[sz]|segment|lead|prospect|outreach|target|personali[sz])\b/i;
+    if (mediumImpact.test(text))
+        return 'medium';
+    return 'unclear';
+}
+// EU AI Act Annex III §1 — biometric identification/categorisation/emotion recognition.
+const BIOMETRIC_PATTERN = new RegExp('\\b(' + [
+    'biometric|facial.?recognition|face.?recognit',
+    'voiceprint|voice.?biometric|speaker.?recognit',
+    'fingerprint|iris|retina|gait',
+    'emotion.?recognition|affect.?detect',
+    'liveness|anti.?spoof',
+].join('|') + ')\\b', 'i');
+// EU AI Act Annex III §3 — education/vocational training assessment.
+const EDUCATION_ASSESSMENT_PATTERN = new RegExp('\\b(' + [
+    'student.?evaluation|grading|exam.?scoring|exam.?proctor',
+    'admission|enrollment|school.?assignment',
+    'academic.?assessment|learning.?assessment',
+    'vocational.?training|apprenticeship',
+].join('|') + ')\\b', 'i');
+// EU AI Act Annex III §6 — law enforcement.
+const LAW_ENFORCEMENT_PATTERN = new RegExp('\\b(' + [
+    'law.?enforcement|police|prosecut',
+    'criminal.?investigation|criminal.?justice',
+    'border|immigration|asylum',
+    'parole|recidivism|sentenc',
+    'predictive.?policing',
+].join('|') + ')\\b', 'i');
+// EU AI Act Annex III §5 — access to essential public/private services.
+// §5(a) public assistance benefits eligibility, §5(b) credit scoring/creditworthiness,
+// §5(c) emergency service dispatch, §5(d) health/life insurance risk assessment.
+const ESSENTIAL_SERVICES_PATTERN = new RegExp('(?:' + [
+    '\\bcredit(?:\\s*scor|worthiness|\\s*rating)', // §5(b) credit scoring / creditworthiness
+    '\\b(?:benefit|eligib|welfare|social\\s*service|public\\s*assistance)\\b',
+    '\\b(?:emergency|911|triage|dispatch)\\b',
+    '\\b(?:life\\s*insur|health\\s*insur|insur(?:ance)?\\s*pric|insur(?:ance)?\\s*risk|underwrit)',
+].join('|') + ')', 'i');
+// isBusinessSystem lives in src/util/systems.ts (shared across report, analyzer, mapper).
+export function detectSignals(systems, transcript, decidesAboutPeople, decisionMakingDetails) {
+    const allText = transcript.map((qa) => qa.answer.toLowerCase()).join(' ');
+    const hasSensitivePII = /\b(ssn|passport|social.?security|date.?of.?birth|dob|bank.?account|credit.?card|driver.?licen[sc]e|tax.?id|national.?id)\b/i.test(allText);
+    const hasPublicPII = /\b(pii|personal|email|name|phone|address|linkedin|profile|title|company)\b/i.test(allText);
+    const hasPII = hasSensitivePII || hasPublicPII;
+    const hasMedicalTerms = /\b(medical|patient|hipaa|diagnosis|prescription|clinical|ehr|emr|phi\b|protected.?health)\b/i.test(allText);
+    const hasHealthInContext = /\b(health)\b/i.test(allText) &&
+        !/health.?check|health.?endpoint|health.?status|health.?ping|health(y|ier)/i.test(allText) &&
+        /\b(data|record|information|system|care|provider)\b/i.test(allText);
+    const hasHealth = hasMedicalTerms || hasHealthInContext;
+    // AAP-43 P1 #4: employment-decision signal must be gated on the explicit
+    // `decidesAboutPeople` interview flag. A regex-only match on transcript
+    // words like "employer" or "candidate" fired Annex III §4 on agents that
+    // never made employment decisions (e.g. curriculum-generation agents).
+    //
+    // AAP-43 post-merge fix (2026-04-24): the gate still fails on a common
+    // shape — the LinkedIn ICP agent answers Q13 with negations like
+    // "does not involve hiring, credit scoring..." — the keyword is present
+    // but its meaning is negated. Two guards:
+    //   1. Trust `decisionMakingDetails` first (the LLM-extracted summary
+    //      field). If it is provided and does NOT match the regex, do not
+    //      fall back to `allText`; the structured field already represents
+    //      the agent's self-classification.
+    //   2. If we must use `allText`, scrub negation windows (`does not
+    //      involve <keyword>`, `not a <keyword>`, `never <keyword>`) before
+    //      matching.
+    const employmentRegex = /\b(hir(e|ing)?|recruit(er|ing)?|employ(ee|er|ment)?|candidates?|resumes?|applicants?)\b/i;
+    // Negation-stripping regex: scrub a short window (up to 3 filler words)
+    // between the negation cue and the employment keyword. Covers:
+    //   - "does not involve hiring"
+    //   - "did not include any candidates"
+    //   - "is not a hiring agent"
+    //   - "is not an employment-screening tool"
+    //   - "not used for recruiting"
+    //   - "never hires"
+    //   - "this agent is not about hiring"
+    const EMPLOYMENT_KW = '(?:hir(?:e|ing)?|recruit(?:er|ing)?|employ(?:ee|er|ment)?|candidates?|resumes?|applicants?)';
+    const FILL = '(?:\\w+(?:[- ]\\w+){0,2}\\s+){0,3}';
+    const negationStrippingRegex = new RegExp([
+        // auxiliary + not + (optional filler up to 3 words) + keyword
+        `\\b(?:does|do|did|is|are|was|were|has|have|had|doesn't|don't|didn't|isn't|aren't|wasn't|weren't|hasn't|haven't|hadn't)\\s+not\\s+${FILL}${EMPLOYMENT_KW}`,
+        // "no" or "never" + up to 3 words + keyword
+        `\\b(?:no|never)\\s+${FILL}${EMPLOYMENT_KW}`,
+        // bare "not" + up to 3 words + keyword ("not a hiring", "not about hiring")
+        `\\bnot\\s+${FILL}${EMPLOYMENT_KW}`,
+    ].join('|'), 'gi');
+    const detailsHasEmployment = typeof decisionMakingDetails === 'string' &&
+        decisionMakingDetails.length > 0 &&
+        employmentRegex.test(decisionMakingDetails.replace(negationStrippingRegex, ' '));
+    const detailsExplicitlyNonEmployment = typeof decisionMakingDetails === 'string' &&
+        decisionMakingDetails.length > 10 &&
+        !employmentRegex.test(decisionMakingDetails.replace(negationStrippingRegex, ' '));
+    const allTextScrubbed = allText.replace(negationStrippingRegex, ' ');
+    const hasEmploymentDecisions = decidesAboutPeople && (detailsHasEmployment ||
+        (!detailsExplicitlyNonEmployment && employmentRegex.test(allTextScrubbed)));
+    const combinedText = (decisionMakingDetails ?? '') + ' ' + allText;
+    const hasBiometricSignal = BIOMETRIC_PATTERN.test(allText);
+    const isEducationAssessmentContext = EDUCATION_ASSESSMENT_PATTERN.test(combinedText);
+    const isLawEnforcementContext = LAW_ENFORCEMENT_PATTERN.test(combinedText);
+    const hasEssentialServicesSignal = ESSENTIAL_SERVICES_PATTERN.test(combinedText);
+    // ── AIUC-1 architecture signals (AAP-44) ──────────────────────────────
+    // Sourced from transcript text (answers to Q11–15). Used for per-control
+    // `gatedBy` filtering so that AIUC-1 controls only render when the
+    // corresponding architecture is actually in play.
+    const hasMCPOrA2A = /\bmcp\b|model\s+context\s+protocol|\ba2a\b|agent-to-agent|agent\s+to\s+agent/i.test(allText);
+    const hasSubAgents = /\bsub-?agent|chain(?:ed|s|ing)?\s+tool|spawn(?:s|ed|ing)?\s+(?:a\s+)?(?:sub-?)?agent|delegate[sd]?\s+to\s+(?:another\s+)?agent|tool\s+orchestrat/i.test(allText);
+    const hasCrossCustomer = /\bmulti-?tenant|multi-?customer|shared\s+deployment|multiple\s+customers|multiple\s+tenants|cross-?tenant|cross-?customer/i.test(allText);
+    const businessSystems = systems.filter(isBusinessSystem);
+    const hasWriteOps = businessSystems.some((s) => s.writeOperations.length > 0);
+    const hasIrreversibleWrites = businessSystems.some((s) => s.writeOperations.some((w) => !w.reversible));
+    const hasExcessivePerms = businessSystems.some((s) => s.scopesDelta.length > 0);
+    const hasScopeCreep = businessSystems.some((s) => s.scopesNeeded.length > 0 &&
+        s.scopesRequested.length > s.scopesNeeded.length);
+    const hasOrgBlast = businessSystems.some((s) => s.blastRadius === 'org-wide' || s.blastRadius === 'cross-tenant');
+    const hasOrgBlastWithWrites = hasOrgBlast && hasWriteOps;
+    const decisionImpact = classifyDecisionImpact(decidesAboutPeople, decisionMakingDetails);
+    // AAP-43 P1 #3: conditional GDPR signals
+    const hasDecisionsAboutPeople = decidesAboutPeople && decisionImpact !== 'none';
+    const transferRegex = /\b(transfer(s|red|ring)?|cross.?border|international(ly)?|outside.?(the.?)?(eu|eea)|US.?based.?(service|provider|processor)|third.?country)\b/i;
+    const hasInternationalTransfer = transferRegex.test(allText) ||
+        // Any business system that is a well-known US-based SaaS → likely cross-border.
+        businessSystems.some((s) => /\b(google|apify|openai|anthropic|telegram|slack|stripe|hubspot|salesforce|vercel|aws|azure|gcp|github|linear)\b/i.test(s.systemId));
+    const hasExternalProcessors = businessSystems.length > 0;
+    const hasLargeScaleProcessing = businessSystems.length >= 3 ||
+        businessSystems.some((s) => s.blastRadius === 'org-wide' || s.blastRadius === 'cross-tenant');
+    return {
+        hasSensitivePII,
+        hasPublicPII,
+        hasPII,
+        hasHealth,
+        hasEmploymentDecisions,
+        hasWriteOps,
+        hasIrreversibleWrites,
+        hasExcessivePerms,
+        hasScopeCreep,
+        hasOrgBlast,
+        hasOrgBlastWithWrites,
+        decisionImpact,
+        businessSystems,
+        hasBiometricSignal,
+        isEducationAssessmentContext,
+        isLawEnforcementContext,
+        hasEssentialServicesSignal,
+        hasDecisionsAboutPeople,
+        hasInternationalTransfer,
+        hasExternalProcessors,
+        hasLargeScaleProcessing,
+        hasMCPOrA2A,
+        hasSubAgents,
+        hasCrossCustomer,
+    };
+}
+// ─── EU AI Act classification ───────────────────────────────────────────────
+/**
+ * Return true if at least one Annex III category signal matches for the given
+ * finding type. Used both to gate individual `annexIII: true` controls and to
+ * compute the overall EU AI Act classification for the audit.
+ */
+function isAnnexIIIApplicableForFinding(findingType, signals) {
+    // §1 — biometrics: tied to sensitive-data
+    if (findingType === 'sensitive-data' &&
+        signals.hasSensitivePII &&
+        signals.hasBiometricSignal) {
+        return true;
+    }
+    // §3 — education/training assessment: tied to decisions-about-people + regulatory-flags
+    if ((findingType === 'decisions-about-people' ||
+        findingType === 'regulatory-flags') &&
+        signals.isEducationAssessmentContext) {
+        return true;
+    }
+    // §4 — employment decisions: tied to decisions-about-people
+    if (findingType === 'decisions-about-people' &&
+        signals.hasEmploymentDecisions &&
+        signals.decisionImpact !== 'none') {
+        return true;
+    }
+    // §5 — access to essential services: tied to high-impact decisions
+    if (findingType === 'decisions-about-people' &&
+        signals.hasEssentialServicesSignal &&
+        signals.decisionImpact === 'high') {
+        return true;
+    }
+    // §6 — law enforcement: tied to decisions-about-people + regulatory-flags
+    if ((findingType === 'decisions-about-people' ||
+        findingType === 'regulatory-flags') &&
+        signals.isLawEnforcementContext) {
+        return true;
+    }
+    return false;
+}
+/**
+ * Compute the EU AI Act classification for the audit based on detected signals.
+ *
+ * This replaces the prior two-framework-entry model where high-risk was a
+ * separate framework ID. Now it is a scope label on the single `eu-ai-act`
+ * framework entry. Called once per audit and attached to the output.
+ *
+ * Prohibited / minimal tiers are out-of-scope for v1 signal detection; we
+ * surface `high-risk` if any Annex III signal matches, otherwise `limited`
+ * (which maps to Art. 50 transparency obligations only).
+ */
+export function classifyEUAIAct(signals) {
+    const categories = [];
+    if (signals.hasBiometricSignal && signals.hasSensitivePII)
+        categories.push('§1 biometric');
+    if (signals.isEducationAssessmentContext)
+        categories.push('§3 education');
+    if (signals.hasEmploymentDecisions && signals.decisionImpact !== 'none')
+        categories.push('§4 employment');
+    if (signals.hasEssentialServicesSignal && signals.decisionImpact === 'high')
+        categories.push('§5 essential services');
+    if (signals.isLawEnforcementContext)
+        categories.push('§6 law enforcement');
+    if (categories.length > 0) {
+        return { classification: 'high-risk', annexIIICategories: categories };
+    }
+    // No Annex III signals — fall back to limited-risk (Art. 50 transparency only).
+    return { classification: 'limited', annexIIICategories: [] };
+}
+function emptyBucket() {
+    return {
+        privacy: [],
+        ip: [],
+        'consumer-protection': [],
+        'sector-specific': [],
+    };
+}
+// ─── Jurisdictional disclaimer appender ────────────────────────────────────
+function disclaimerFor(frameworkId, baseDescription) {
+    switch (frameworkId) {
+        case 'gdpr':
+            return `${baseDescription} Applies if offering goods/services to EU data subjects or monitoring EU-based behaviour (Art. 3(2)).`;
+        case 'eu-ai-act':
+            return `${baseDescription} Applies if placing AI on the EU market, if you are an EU-established deployer, or if outputs are used in the EU.`;
+        case 'iso-42001':
+            return baseDescription;
+        default:
+            return baseDescription;
+    }
+}
+// ─── Per-finding description builder ───────────────────────────────────────
+function describeFinding(findingType, framework, controlIds, signals, decisionDetails) {
+    const ids = controlIds.join(', ');
+    switch (findingType) {
+        case 'excessive-access':
+            return {
+                severity: 'warning',
+                description: `Agent holds permissions beyond stated need. Activates ${framework.name} controls (${ids}). Narrow scopes to the minimum required.`,
+            };
+        case 'scope-creep':
+            return {
+                severity: 'warning',
+                description: `Requested scopes exceed stated needs across one or more systems. Activates ${framework.name} controls (${ids}). Review purpose-limitation and change-management process.`,
+            };
+        case 'sensitive-data': {
+            const sev = signals.hasSensitivePII
+                ? 'action-required'
+                : 'info';
+            const qualifier = signals.hasSensitivePII
+                ? 'sensitive personal data (government IDs, financial identifiers)'
+                : 'personal data';
+            return {
+                severity: sev,
+                description: `Agent processes ${qualifier}. Activates ${framework.name} controls (${ids}). Ensure lawful basis, data minimization, and breach-readiness.`,
+            };
+        }
+        case 'write-risk': {
+            const sev = signals.hasIrreversibleWrites || signals.hasOrgBlastWithWrites
+                ? 'warning'
+                : 'info';
+            const qualifier = signals.hasIrreversibleWrites
+                ? 'Irreversible write operations detected. '
+                : signals.hasOrgBlastWithWrites
+                    ? 'Org-wide blast radius with write access. '
+                    : 'Write operations detected. ';
+            return {
+                severity: sev,
+                description: `${qualifier}Activates ${framework.name} controls (${ids}). Require approval, monitoring, and rollback paths for high-impact operations.`,
+            };
+        }
+        case 'regulatory-flags':
+            return {
+                severity: 'clarification-needed',
+                description: `Agent may operate in a regulated domain (employment, credit, insurance, health, housing, education, legal). Activates ${framework.name} controls (${ids}). Clarify the agent's domain to determine obligations.`,
+            };
+        case 'risk-score':
+            return {
+                severity: 'info',
+                description: `Overall risk rating is anchored to ${framework.name} risk-management controls (${ids}). See Methodology.`,
+            };
+        case 'decisions-about-people': {
+            const impact = signals.decisionImpact;
+            if (impact === 'high') {
+                const employment = /\b(hir(e|ing)?|recruit(er|ing)?|employ(ee|er|ment)?|candidates?|resumes?|applicants?)\b/i.test(decisionDetails ?? '');
+                return {
+                    severity: 'action-required',
+                    description: `High-impact automated decisions about people${employment ? ' (employment context)' : ''}. Activates ${framework.name} controls (${ids}). Requires human oversight, contestability, and explanation of logic.`,
+                };
+            }
+            if (impact === 'medium') {
+                return {
+                    severity: 'info',
+                    description: `Agent influences outcomes for people (scoring/ranking/recommending) without binding legal effects. Activates ${framework.name} controls (${ids}). Maintain transparency and data-subject rights.`,
+                };
+            }
+            if (impact === 'unclear') {
+                return {
+                    severity: 'clarification-needed',
+                    description: `Agent reports making decisions about people but impact level is unclear. Activates ${framework.name} controls (${ids}). Clarify whether decisions have legal/significant effects.`,
+                };
+            }
+            return {
+                severity: 'info',
+                description: `No decisions about people detected. ${framework.name} controls (${ids}) listed for reference.`,
+            };
+        }
+    }
+}
+// ─── Finding gating (is the finding active at all?) ────────────────────────
+function isFindingActive(findingType, signals) {
+    switch (findingType) {
+        case 'excessive-access':
+            return signals.hasExcessivePerms;
+        case 'write-risk':
+            return signals.hasWriteOps;
+        case 'sensitive-data':
+            return signals.hasPII || signals.hasHealth;
+        case 'scope-creep':
+            return signals.hasScopeCreep || signals.hasExcessivePerms;
+        case 'regulatory-flags':
+            return signals.hasHealth || signals.decisionImpact !== 'none';
+        case 'risk-score':
+            return true;
+        case 'decisions-about-people':
+            return true;
+    }
+}
+export function mapFindingsToRiskCategories(input) {
+    const signals = detectSignals(input.systems, input.transcript, input.makesDecisionsAboutPeople === true, input.decisionMakingDetails);
+    const euAiActClassification = classifyEUAIAct(signals);
+    const mandatory = emptyBucket();
+    const voluntary = emptyBucket();
+    const all = [];
+    const activated = new Set();
+    for (const mapping of Object.values(CONTROL_MAPPINGS)) {
+        if (!isFindingActive(mapping.findingType, signals))
+            continue;
+        // Per-control gating:
+        //  - drop EU AI Act controls tagged annexIII=true when the Annex III
+        //    signal set does not fire for this finding type.
+        //  - drop controls tagged gatedBy=[...] when none of the named signals
+        //    are truthy (AIUC-1 architecture gating: MCP, sub-agents, multi-customer).
+        const annexIIIOn = isAnnexIIIApplicableForFinding(mapping.findingType, signals);
+        const applicableControls = mapping.controls.filter((ctrl) => {
+            if (ctrl.frameworkId === 'eu-ai-act' && ctrl.annexIII === true) {
+                if (!annexIIIOn)
+                    return false;
+            }
+            if (ctrl.gatedBy && ctrl.gatedBy.length > 0) {
+                const sigBag = signals;
+                const anyOn = ctrl.gatedBy.some((sig) => sigBag[sig] === true);
+                if (!anyOn)
+                    return false;
+            }
+            return true;
+        });
+        // Group remaining controls by framework — one flag per framework per finding.
+        const byFramework = new Map();
+        for (const ctrl of applicableControls) {
+            const arr = byFramework.get(ctrl.frameworkId) ?? [];
+            arr.push(ctrl);
+            byFramework.set(ctrl.frameworkId, arr);
+        }
+        for (const [frameworkId, controls] of byFramework) {
+            const framework = FRAMEWORKS[frameworkId];
+            const controlIds = controls.map((c) => c.controlId);
+            const { severity, description: baseDescription } = describeFinding(mapping.findingType, framework, controlIds, signals, input.decisionMakingDetails);
+            const description = disclaimerFor(frameworkId, baseDescription);
+            const controlsLabel = controlIds.join(', ');
+            const flag = {
+                framework: `${framework.name} — ${controlsLabel}`,
+                severity,
+                description,
+                frameworkId: framework.id,
+                controlIds,
+                category: mapping.category,
+                tier: framework.tier,
+                mandatoryIn: framework.mandatoryIn,
+                scopeNote: framework.scopeNote,
+                triggeredBy: mapping.findingType,
+                euAiActClassification: framework.id === 'eu-ai-act' ? euAiActClassification.classification : undefined,
+            };
+            all.push(flag);
+            activated.add(framework.id);
+            const bucket = framework.tier === 'mandatory' ? mandatory : voluntary;
+            bucket[mapping.category].push(flag);
+        }
+    }
+    return {
+        mappingVersion: MAPPING_VERSION,
+        mandatory,
+        voluntary,
+        frameworksActivated: [...activated],
+        all,
+        euAiActClassification,
+        signals,
+    };
+}
+//# sourceMappingURL=mapper.js.map

package/dist/src/compliance/mapper.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"mapper.js","sourceRoot":"","sources":["../../../src/compliance/mapper.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;GAqBG;AAOH,OAAO,EAAE,gBAAgB,EAAE,MAAM,uBAAuB,CAAC;AACzD,OAAO,EAAE,UAAU,EAAE,MAAM,iBAAiB,CAAC;AAY7C,OAAO,EAAE,eAAe,EAAE,MAAM,YAAY,CAAC;AAC7C,OAAO,EAAE,gBAAgB,EAAE,MAAM,oBAAoB,CAAC;AAMtD,MAAM,UAAU,sBAAsB,CACpC,kBAA2B,EAC3B,OAAgB;IAEhB,IAAI,CAAC,kBAAkB;QAAE,OAAO,MAAM,CAAC;IACvC,IAAI,CAAC,OAAO,IAAI,OAAO,KAAK,cAAc,IAAI,OAAO,CAAC,IAAI,EAAE,CAAC,MAAM,GAAG,EAAE;QACtE,OAAO,SAAS,CAAC;IAEnB,MAAM,IAAI,GAAG,OAAO,CAAC,WAAW,EAAE,CAAC;IAEnC,MAAM,UAAU,GACd,iRAAiR,CAAC;IACpR,IAAI,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC;QAAE,OAAO,MAAM,CAAC;IAEzC,MAAM,YAAY,GAChB,+JAA+J,CAAC;IAClK,IAAI,YAAY,CAAC,IAAI,CAAC,IAAI,CAAC;QAAE,OAAO,QAAQ,CAAC;IAE7C,OAAO,SAAS,CAAC;AACnB,CAAC;AAyCD,wFAAwF;AACxF,MAAM,iBAAiB,GAAG,IAAI,MAAM,CAClC,MAAM,GAAG;IACP,8CAA8C;IAC9C,+CAA+C;IAC/C,8BAA8B;IAC9B,qCAAqC;IACrC,sBAAsB;CACvB,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,MAAM,EACpB,GAAG,CACJ,CAAC;AAEF,qEAAqE;AACrE,MAAM,4BAA4B,GAAG,IAAI,MAAM,CAC7C,MAAM,GAAG;IACP,yDAAyD;IACzD,yCAAyC;IACzC,2CAA2C;IAC3C,qCAAqC;CACtC,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,MAAM,EACpB,GAAG,CACJ,CAAC;AAEF,4CAA4C;AAC5C,MAAM,uBAAuB,GAAG,IAAI,MAAM,CACxC,MAAM,GAAG;IACP,kCAAkC;IAClC,2CAA2C;IAC3C,2BAA2B;IAC3B,2BAA2B;IAC3B,sBAAsB;CACvB,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,MAAM,EACpB,GAAG,CACJ,CAAC;AAEF,wEAAwE;AACxE,uFAAuF;AACvF,iFAAiF;AACjF,MAAM,0BAA0B,GAAG,IAAI,MAAM,CAC3C,KAAK,GAAG;IACN,6CAA6C,EAAG,0CAA0C;IAC1F,yEAAyE;IACzE,yCAAyC;IACzC,8FAA8F;CAC/F,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,GAAG,EACjB,GAAG,CACJ,CAAC;AAEF,0FAA0F;AAE1F,MAAM,UAAU,aAAa,CAC3B,OAA2B,EAC3B,UAAoB,EACpB,kBAA2B,EAC3B,qBAA8B;IAE9B,MAAM,OAAO,GAAG,UAAU,CAAC,GAAG,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,CAAC,MAAM,CAAC,WAAW,EAAE,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IAE1E,MAAM,eAAe,GACnB,6HAA6H,CAAC,IAAI,CAChI,OAAO,CACR,CAAC;IACJ,MAAM,YAAY,GAChB,6EAA6E,CAAC,IAAI,CAChF,OAAO,CACR,CAAC;IACJ,MAAM,MAAM,GAAG,eAAe,IAAI,YAAY,CAAC;IAE/C,MAAM,eAAe,GACnB,8FAA8F,CAAC,IAAI,CACjG,OAAO,CACR,CAAC;IACJ,MAAM,kBAAkB,GACtB,eAAe,CAAC,IAAI,CAAC,OAAO,CAAC;QAC7B,CAAC,2EAA2E,CAAC,IAAI,CAC/E,OAAO,CACR;QACD,qDAAqD,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IACtE,MAAM,SAAS,GAAG,eAAe,IAAI,kBAAkB,CAAC;IAExD,yEAAyE;IACzE,wEAAwE;IACxE,yEAAyE;IACzE,uEAAuE;IACvE,EAAE;IACF,uEAAuE;IACvE,iEAAiE;IACjE,wEAAwE;IACxE,0CAA0C;IAC1C,sEAAsE;IACtE,sEAAsE;IACtE,uEAAuE;IACvE,wCAAwC;IACxC,mEAAmE;IACnE,wEAAwE;IACxE,iBAAiB;IACjB,MAAM,eAAe,GAAG,0FAA0F,CAAC;IACnH,wEAAwE;IACxE,+DAA+D;IAC/D,gCAAgC;IAChC,uCAAuC;IACvC,8BAA8B;IAC9B,4CAA4C;IAC5C,gCAAgC;IAChC,oBAAoB;IACpB,uCAAuC;IACvC,MAAM,aAAa,GAAG,6FAA6F,CAAC;IACpH,MAAM,IAAI,GAAG,oCAAoC,CAAC;IAClD,MAAM,sBAAsB,GAAG,IAAI,MAAM,CACvC;QACE,8DAA8D;QAC9D,oIAAoI,IAAI,GAAG,aAAa,EAAE;QAC1J,4CAA4C;QAC5C,sBAAsB,IAAI,GAAG,aAAa,EAAE;QAC5C,4EAA4E;QAC5E,aAAa,IAAI,GAAG,aAAa,EAAE;KACpC,CAAC,IAAI,CAAC,GAAG,CAAC,EACX,IAAI,CACL,CAAC;IACF,MAAM,oBAAoB,GACxB,OAAO,qBAAqB,KAAK,QAAQ;QACzC,qBAAqB,CAAC,MAAM,GAAG,CAAC;QAChC,eAAe,CAAC,IAAI,CAAC,qBAAqB,CAAC,OAAO,CAAC,sBAAsB,EAAE,GAAG,CAAC,CAAC,CAAC;IACnF,MAAM,8BAA8B,GAClC,OAAO,qBAAqB,KAAK,QAAQ;QACzC,qBAAqB,CAAC,MAAM,GAAG,EAAE;QACjC,CAAC,eAAe,CAAC,IAAI,CAAC,qBAAqB,CAAC,OAAO,CAAC,sBAAsB,EAAE,GAAG,CAAC,CAAC,CAAC;IACpF,MAAM,eAAe,GAAG,OAAO,CAAC,OAAO,CAAC,sBAAsB,EAAE,GAAG,CAAC,CAAC;IACrE,MAAM,sBAAsB,GAC1B,kBAAkB,IAAI,CACpB,oBAAoB;QACpB,CAAC,CAAC,8BAA8B,IAAI,eAAe,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC,CAC3E,CAAC;IAEJ,MAAM,YAAY,GAAG,CAAC,qBAAqB,IAAI,EAAE,CAAC,GAAG,GAAG,GAAG,OAAO,CAAC;IAEnE,MAAM,kBAAkB,GAAG,iBAAiB,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IAC3D,MAAM,4BAA4B,GAAG,4BAA4B,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;IACrF,MAAM,uBAAuB,GAAG,uBAAuB,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;IAC3E,MAAM,0BAA0B,GAAG,0BAA0B,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;IAEjF,yEAAyE;IACzE,yEAAyE;IACzE,mEAAmE;IACnE,kDAAkD;IAClD,MAAM,WAAW,GACf,+EAA+E,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IAChG,MAAM,YAAY,GAChB,mJAAmJ,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IACpK,MAAM,gBAAgB,GACpB,4HAA4H,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IAE7I,MAAM,eAAe,GAAG,OAAO,CAAC,MAAM,CAAC,gBAAgB,CAAC,CAAC;IAEzD,MAAM,WAAW,GAAG,eAAe,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,eAAe,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;IAC9E,MAAM,qBAAqB,GAAG,eAAe,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CACvD,CAAC,CAAC,eAAe,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,CAC7C,CAAC;IACF,MAAM,iBAAiB,GAAG,eAAe,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,WAAW,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;IAChF,MAAM,aAAa,GAAG,eAAe,CAAC,IAAI,CACxC,CAAC,CAAC,EAAE,EAAE,CACJ,CAAC,CAAC,YAAY,CAAC,MAAM,GAAG,CAAC;QACzB,CAAC,CAAC,eAAe,CAAC,MAAM,GAAG,CAAC,CAAC,YAAY,CAAC,MAAM,CACnD,CAAC;IACF,MAAM,WAAW,GAAG,eAAe,CAAC,IAAI,CACtC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,WAAW,KAAK,UAAU,IAAI,CAAC,CAAC,WAAW,KAAK,cAAc,CACxE,CAAC;IACF,MAAM,qBAAqB,GAAG,WAAW,IAAI,WAAW,CAAC;IAEzD,MAAM,cAAc,GAAG,sBAAsB,CAC3C,kBAAkB,EAClB,qBAAqB,CACtB,CAAC;IAEF,yCAAyC;IACzC,MAAM,uBAAuB,GAAG,kBAAkB,IAAI,cAAc,KAAK,MAAM,CAAC;IAEhF,MAAM,aAAa,GAAG,gJAAgJ,CAAC;IACvK,MAAM,wBAAwB,GAC5B,aAAa,CAAC,IAAI,CAAC,OAAO,CAAC;QAC3B,gFAAgF;QAChF,eAAe,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,kHAAkH,CAAC,IAAI,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC;IAEnK,MAAM,qBAAqB,GAAG,eAAe,CAAC,MAAM,GAAG,CAAC,CAAC;IAEzD,MAAM,uBAAuB,GAC3B,eAAe,CAAC,MAAM,IAAI,CAAC;QAC3B,eAAe,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,WAAW,KAAK,UAAU,IAAI,CAAC,CAAC,WAAW,KAAK,cAAc,CAAC,CAAC;IAEhG,OAAO;QACL,eAAe;QACf,YAAY;QACZ,MAAM;QACN,SAAS;QACT,sBAAsB;QACtB,WAAW;QACX,qBAAqB;QACrB,iBAAiB;QACjB,aAAa;QACb,WAAW;QACX,qBAAqB;QACrB,cAAc;QACd,eAAe;QACf,kBAAkB;QAClB,4BAA4B;QAC5B,uBAAuB;QACvB,0BAA0B;QAC1B,uBAAuB;QACvB,wBAAwB;QACxB,qBAAqB;QACrB,uBAAuB;QACvB,WAAW;QACX,YAAY;QACZ,gBAAgB;KACjB,CAAC;AACJ,CAAC;AAED,+EAA+E;AAE/E;;;;GAIG;AACH,SAAS,8BAA8B,CACrC,WAAwB,EACxB,OAA0B;IAE1B,0CAA0C;IAC1C,IACE,WAAW,KAAK,gBAAgB;QAChC,OAAO,CAAC,eAAe;QACvB,OAAO,CAAC,kBAAkB,EAC1B,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;IAED,wFAAwF;IACxF,IACE,CAAC,WAAW,KAAK,wBAAwB;QACvC,WAAW,KAAK,kBAAkB,CAAC;QACrC,OAAO,CAAC,4BAA4B,EACpC,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;IAED,4DAA4D;IAC5D,IACE,WAAW,KAAK,wBAAwB;QACxC,OAAO,CAAC,sBAAsB;QAC9B,OAAO,CAAC,cAAc,KAAK,MAAM,EACjC,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;IAED,mEAAmE;IACnE,IACE,WAAW,KAAK,wBAAwB;QACxC,OAAO,CAAC,0BAA0B;QAClC,OAAO,CAAC,cAAc,KAAK,MAAM,EACjC,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;IAED,0EAA0E;IAC1E,IACE,CAAC,WAAW,KAAK,wBAAwB;QACvC,WAAW,KAAK,kBAAkB,CAAC;QACrC,OAAO,CAAC,uBAAuB,EAC/B,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;IAED,OAAO,KAAK,CAAC;AACf,CAAC;AAQD;;;;;;;;;;GAUG;AACH,MAAM,UAAU,eAAe,CAC7B,OAA0B;IAE1B,MAAM,UAAU,GAAa,EAAE,CAAC;IAChC,IAAI,OAAO,CAAC,kBAAkB,IAAI,OAAO,CAAC,eAAe;QACvD,UAAU,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;IAClC,IAAI,OAAO,CAAC,4BAA4B;QAAE,UAAU,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;IAC1E,IAAI,OAAO,CAAC,sBAAsB,IAAI,OAAO,CAAC,cAAc,KAAK,MAAM;QACrE,UAAU,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;IACnC,IAAI,OAAO,CAAC,0BAA0B,IAAI,OAAO,CAAC,cAAc,KAAK,MAAM;QACzE,UAAU,CAAC,IAAI,CAAC,uBAAuB,CAAC,CAAC;IAC3C,IAAI,OAAO,CAAC,uBAAuB;QAAE,UAAU,CAAC,IAAI,CAAC,oBAAoB,CAAC,CAAC;IAE3E,IAAI,UAAU,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC1B,OAAO,EAAE,cAAc,EAAE,WAAW,EAAE,kBAAkB,EAAE,UAAU,EAAE,CAAC;IACzE,CAAC;IAED,gFAAgF;IAChF,OAAO,EAAE,cAAc,EAAE,SAAS,EAAE,kBAAkB,EAAE,EAAE,EAAE,CAAC;AAC/D,CAAC;AAwDD,SAAS,WAAW;IAClB,OAAO;QACL,OAAO,EAAE,EAAE;QACX,EAAE,EAAE,EAAE;QACN,qBAAqB,EAAE,EAAE;QACzB,iBAAiB,EAAE,EAAE;KACtB,CAAC;AACJ,CAAC;AAED,8EAA8E;AAE9E,SAAS,aAAa,CAAC,WAAwB,EAAE,eAAuB;IACtE,QAAQ,WAAW,EAAE,CAAC;QACpB,KAAK,MAAM;YACT,OAAO,GAAG,eAAe,uGAAuG,CAAC;QACnI,KAAK,WAAW;YACd,OAAO,GAAG,eAAe,mHAAmH,CAAC;QAC/I,KAAK,WAAW;YACd,OAAO,eAAe,CAAC;QACzB;YACE,OAAO,eAAe,CAAC;IAC3B,CAAC;AACH,CAAC;AAED,8EAA8E;AAE9E,SAAS,eAAe,CACtB,WAAwB,EACxB,SAAoB,EACpB,UAAoB,EACpB,OAA0B,EAC1B,eAAwB;IAExB,MAAM,GAAG,GAAG,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAClC,QAAQ,WAAW,EAAE,CAAC;QACpB,KAAK,kBAAkB;YACrB,OAAO;gBACL,QAAQ,EAAE,SAAS;gBACnB,WAAW,EAAE,yDAAyD,SAAS,CAAC,IAAI,cAAc,GAAG,2CAA2C;aACjJ,CAAC;QAEJ,KAAK,aAAa;YAChB,OAAO;gBACL,QAAQ,EAAE,SAAS;gBACnB,WAAW,EAAE,8EAA8E,SAAS,CAAC,IAAI,cAAc,GAAG,6DAA6D;aACxL,CAAC;QAEJ,KAAK,gBAAgB,CAAC,CAAC,CAAC;YACtB,MAAM,GAAG,GAAiB,OAAO,CAAC,eAAe;gBAC/C,CAAC,CAAC,iBAAiB;gBACnB,CAAC,CAAC,MAAM,CAAC;YACX,MAAM,SAAS,GAAG,OAAO,CAAC,eAAe;gBACvC,CAAC,CAAC,iEAAiE;gBACnE,CAAC,CAAC,eAAe,CAAC;YACpB,OAAO;gBACL,QAAQ,EAAE,GAAG;gBACb,WAAW,EAAE,mBAAmB,SAAS,eAAe,SAAS,CAAC,IAAI,cAAc,GAAG,kEAAkE;aAC1J,CAAC;QACJ,CAAC;QAED,KAAK,YAAY,CAAC,CAAC,CAAC;YAClB,MAAM,GAAG,GACP,OAAO,CAAC,qBAAqB,IAAI,OAAO,CAAC,qBAAqB;gBAC5D,CAAC,CAAC,SAAS;gBACX,CAAC,CAAC,MAAM,CAAC;YACb,MAAM,SAAS,GAAG,OAAO,CAAC,qBAAqB;gBAC7C,CAAC,CAAC,0CAA0C;gBAC5C,CAAC,CAAC,OAAO,CAAC,qBAAqB;oBAC7B,CAAC,CAAC,2CAA2C;oBAC7C,CAAC,CAAC,6BAA6B,CAAC;YACpC,OAAO;gBACL,QAAQ,EAAE,GAAG;gBACb,WAAW,EAAE,GAAG,SAAS,aAAa,SAAS,CAAC,IAAI,cAAc,GAAG,iFAAiF;aACvJ,CAAC;QACJ,CAAC;QAED,KAAK,kBAAkB;YACrB,OAAO;gBACL,QAAQ,EAAE,sBAAsB;gBAChC,WAAW,EAAE,yHAAyH,SAAS,CAAC,IAAI,cAAc,GAAG,yDAAyD;aAC/N,CAAC;QAEJ,KAAK,YAAY;YACf,OAAO;gBACL,QAAQ,EAAE,MAAM;gBAChB,WAAW,EAAE,sCAAsC,SAAS,CAAC,IAAI,8BAA8B,GAAG,qBAAqB;aACxH,CAAC;QAEJ,KAAK,wBAAwB,CAAC,CAAC,CAAC;YAC9B,MAAM,MAAM,GAAG,OAAO,CAAC,cAAc,CAAC;YACtC,IAAI,MAAM,KAAK,MAAM,EAAE,CAAC;gBACtB,MAAM,UAAU,GAAG,0FAA0F,CAAC,IAAI,CAChH,eAAe,IAAI,EAAE,CACtB,CAAC;gBACF,OAAO;oBACL,QAAQ,EAAE,iBAAiB;oBAC3B,WAAW,EAAE,+CACX,UAAU,CAAC,CAAC,CAAC,uBAAuB,CAAC,CAAC,CAAC,EACzC,eAAe,SAAS,CAAC,IAAI,cAAc,GAAG,wEAAwE;iBACvH,CAAC;YACJ,CAAC;YACD,IAAI,MAAM,KAAK,QAAQ,EAAE,CAAC;gBACxB,OAAO;oBACL,QAAQ,EAAE,MAAM;oBAChB,WAAW,EAAE,gHAAgH,SAAS,CAAC,IAAI,cAAc,GAAG,mDAAmD;iBAChN,CAAC;YACJ,CAAC;YACD,IAAI,MAAM,KAAK,SAAS,EAAE,CAAC;gBACzB,OAAO;oBACL,QAAQ,EAAE,sBAAsB;oBAChC,WAAW,EAAE,sFAAsF,SAAS,CAAC,IAAI,cAAc,GAAG,8DAA8D;iBACjM,CAAC;YACJ,CAAC;YACD,OAAO;gBACL,QAAQ,EAAE,MAAM;gBAChB,WAAW,EAAE,uCAAuC,SAAS,CAAC,IAAI,cAAc,GAAG,yBAAyB;aAC7G,CAAC;QACJ,CAAC;IACH,CAAC;AACH,CAAC;AAED,8EAA8E;AAE9E,SAAS,eAAe,CACtB,WAAwB,EACxB,OAA0B;IAE1B,QAAQ,WAAW,EAAE,CAAC;QACpB,KAAK,kBAAkB;YACrB,OAAO,OAAO,CAAC,iBAAiB,CAAC;QACnC,KAAK,YAAY;YACf,OAAO,OAAO,CAAC,WAAW,CAAC;QAC7B,KAAK,gBAAgB;YACnB,OAAO,OAAO,CAAC,MAAM,IAAI,OAAO,CAAC,SAAS,CAAC;QAC7C,KAAK,aAAa;YAChB,OAAO,OAAO,CAAC,aAAa,IAAI,OAAO,CAAC,iBAAiB,CAAC;QAC5D,KAAK,kBAAkB;YACrB,OAAO,OAAO,CAAC,SAAS,IAAI,OAAO,CAAC,cAAc,KAAK,MAAM,CAAC;QAChE,KAAK,YAAY;YACf,OAAO,IAAI,CAAC;QACd,KAAK,wBAAwB;YAC3B,OAAO,IAAI,CAAC;IAChB,CAAC;AACH,CAAC;AAWD,MAAM,UAAU,2BAA2B,CACzC,KAAkB;IAElB,MAAM,OAAO,GAAG,aAAa,CAC3B,KAAK,CAAC,OAAO,EACb,KAAK,CAAC,UAAU,EAChB,KAAK,CAAC,yBAAyB,KAAK,IAAI,EACxC,KAAK,CAAC,qBAAqB,CAC5B,CAAC;IACF,MAAM,qBAAqB,GAAG,eAAe,CAAC,OAAO,CAAC,CAAC;IAEvD,MAAM,SAAS,GAAG,WAAW,EAAE,CAAC;IAChC,MAAM,SAAS,GAAG,WAAW,EAAE,CAAC;IAChC,MAAM,GAAG,GAA0B,EAAE,CAAC;IACtC,MAAM,SAAS,GAAG,IAAI,GAAG,EAAe,CAAC;IAEzC,KAAK,MAAM,OAAO,IAAI,MAAM,CAAC,MAAM,CAAC,gBAAgB,CAAqB,EAAE,CAAC;QAC1E,IAAI,CAAC,eAAe,CAAC,OAAO,CAAC,WAAW,EAAE,OAAO,CAAC;YAAE,SAAS;QAE7D,sBAAsB;QACtB,qEAAqE;QACrE,qDAAqD;QACrD,uEAAuE;QACvE,+EAA+E;QAC/E,MAAM,UAAU,GAAG,8BAA8B,CAAC,OAAO,CAAC,WAAW,EAAE,OAAO,CAAC,CAAC;QAChF,MAAM,kBAAkB,GAAG,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,IAAI,EAAE,EAAE;YAC1D,IAAI,IAAI,CAAC,WAAW,KAAK,WAAW,IAAI,IAAI,CAAC,QAAQ,KAAK,IAAI,EAAE,CAAC;gBAC/D,IAAI,CAAC,UAAU;oBAAE,OAAO,KAAK,CAAC;YAChC,CAAC;YACD,IAAI,IAAI,CAAC,OAAO,IAAI,IAAI,CAAC,OAAO,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBAC5C,MAAM,MAAM,GAAG,OAA6C,CAAC;gBAC7D,MAAM,KAAK,GAAG,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,MAAM,CAAC,GAAG,CAAC,KAAK,IAAI,CAAC,CAAC;gBAC/D,IAAI,CAAC,KAAK;oBAAE,OAAO,KAAK,CAAC;YAC3B,CAAC;YACD,OAAO,IAAI,CAAC;QACd,CAAC,CAAC,CAAC;QAEH,8EAA8E;QAC9E,MAAM,WAAW,GAAG,IAAI,GAAG,EAAmC,CAAC;QAC/D,KAAK,MAAM,IAAI,IAAI,kBAAkB,EAAE,CAAC;YACtC,MAAM,GAAG,GAAG,WAAW,CAAC,GAAG,CAAC,IAAI,CAAC,WAAW,CAAC,IAAI,EAAE,CAAC;YACpD,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACf,WAAW,CAAC,GAAG,CAAC,IAAI,CAAC,WAAW,EAAE,GAAG,CAAC,CAAC;QACzC,CAAC;QAED,KAAK,MAAM,CAAC,WAAW,EAAE,QAAQ,CAAC,IAAI,WAAW,EAAE,CAAC;YAClD,MAAM,SAAS,GAAG,UAAU,CAAC,WAAW,CAAC,CAAC;YAC1C,MAAM,UAAU,GAAG,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC;YACpD,MAAM,EAAE,QAAQ,EAAE,WAAW,EAAE,eAAe,EAAE,GAAG,eAAe,CAChE,OAAO,CAAC,WAAW,EACnB,SAAS,EACT,UAAU,EACV,OAAO,EACP,KAAK,CAAC,qBAAqB,CAC5B,CAAC;YACF,MAAM,WAAW,GAAG,aAAa,CAAC,WAAW,EAAE,eAAe,CAAC,CAAC;YAEhE,MAAM,aAAa,GAAG,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAC5C,MAAM,IAAI,GAAwB;gBAChC,SAAS,EAAE,GAAG,SAAS,CAAC,IAAI,MAAM,aAAa,EAAE;gBACjD,QAAQ;gBACR,WAAW;gBACX,WAAW,EAAE,SAAS,CAAC,EAAE;gBACzB,UAAU;gBACV,QAAQ,EAAE,OAAO,CAAC,QAAQ;gBAC1B,IAAI,EAAE,SAAS,CAAC,IAAI;gBACpB,WAAW,EAAE,SAAS,CAAC,WAAW;gBAClC,SAAS,EAAE,SAAS,CAAC,SAAS;gBAC9B,WAAW,EAAE,OAAO,CAAC,WAAW;gBAChC,qBAAqB,EACnB,SAAS,CAAC,EAAE,KAAK,WAAW,CAAC,CAAC,CAAC,qBAAqB,CAAC,cAAc,CAAC,CAAC,CAAC,SAAS;aAClF,CAAC;YAEF,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACf,SAAS,CAAC,GAAG,CAAC,SAAS,CAAC,EAAE,CAAC,CAAC;YAC5B,MAAM,MAAM,GAAG,SAAS,CAAC,IAAI,KAAK,WAAW,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC;YACtE,MAAM,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACtC,CAAC;IACH,CAAC;IAED,OAAO;QACL,cAAc,EAAE,eAAe;QAC/B,SAAS;QACT,SAAS;QACT,mBAAmB,EAAE,CAAC,GAAG,SAAS,CAAC;QACnC,GAAG;QACH,qBAAqB;QACrB,OAAO;KACR,CAAC;AACJ,CAAC"}

package/dist/src/compliance/types.d.ts

@@ -0,0 +1,120 @@
+/**
+ * Typed primitives for framework-anchored risk scoring.
+ *
+ * Structure:
+ *   types.ts            — pure types + enums + MAPPING_VERSION
+ *   frameworks.ts       — framework metadata registry
+ *   control-mappings.ts — finding → controls table
+ *   mapper.ts           — signal detection + finding → flag projection
+ *
+ * Scope (post-scope-cut 2026-04-23; + AIUC-1 added 2026-04-24; + NIST AI RMF
+ * restored 2026-04-24):
+ *   - EU AI Act      (consolidated — single entry with Annex III classification scope)
+ *   - GDPR
+ *   - ISO/IEC 42001  (currently full standard; Annex-A-only subset planned)
+ *   - AIUC-1         (agent-native standard, pinned to Q2-2026 release 2026-04-15)
+ *   - NIST AI RMF    (US-origin voluntary risk-management framework; GOVERN/MAP/MEASURE/MANAGE)
+ *
+ * Dropped from OSS v1 (kept in git history for restoration):
+ *   - UK GDPR / DPA 2018
+ *   - Colorado AI Act (SB 24-205)
+ *   - HIPAA
+ *   - CCPA / CPRA
+ *   - ISO/IEC 23894
+ *   - SOC 2
+ *   - eu-ai-act-high-risk (merged into eu-ai-act with per-control annexIII tag)
+ *
+ * Rationale: see Linear AAP-42 (scope cut) + AAP-44 (AIUC-1). NIST AI RMF was
+ * cut in AAP-42 but restored on user demand — it is the most widely-referenced
+ * voluntary AI risk-management framework in US enterprise procurement.
+ * Jurisdiction-specific statutes and general AI management frameworks move
+ * to the paid/cloud tier.
+ *
+ * Mappings are INDICATIVE — they surface which framework clauses a finding
+ * typically activates, not a certification that the controls are satisfied.
+ */
+export declare const RISK_CATEGORIES: readonly ["privacy", "ip", "consumer-protection", "sector-specific"];
+export type RiskCategory = (typeof RISK_CATEGORIES)[number];
+export declare const FRAMEWORK_TIERS: readonly ["mandatory", "voluntary"];
+export type FrameworkTier = (typeof FRAMEWORK_TIERS)[number];
+/**
+ * OSS v1 framework set. See file header for scope rationale.
+ */
+export declare const FRAMEWORK_IDS: readonly ["eu-ai-act", "gdpr", "iso-42001", "aiuc-1", "nist-ai-rmf"];
+export type FrameworkId = (typeof FRAMEWORK_IDS)[number];
+export declare const JURISDICTIONS: readonly ["EU", "UK", "US", "global"];
+export type Jurisdiction = (typeof JURISDICTIONS)[number];
+export interface Framework {
+    id: FrameworkId;
+    name: string;
+    tier: FrameworkTier;
+    /**
+     * Jurisdictions where the framework is legally mandatory.
+     * Voluntary frameworks use an empty array.
+     */
+    mandatoryIn: Jurisdiction[];
+    /** Optional clarification on the jurisdictional scope. */
+    scopeNote?: string;
+    /** Optional short blurb rendered in the jurisdictional appendix. */
+    summary?: string;
+    /** Primary source URL: statutory text, regulatory page, or official standard. Required for audit trail. */
+    primarySource: string;
+}
+/**
+ * EU AI Act risk classification for the audited agent.
+ *
+ * Replaces the prior two-entry split (`eu-ai-act` + `eu-ai-act-high-risk`):
+ * now a single framework entry carries a classification computed from the
+ * detected signals, and individual controls opt in or out of the high-risk
+ * tier via the `annexIII` flag on FrameworkControl.
+ */
+export declare const EU_AI_ACT_CLASSIFICATIONS: readonly ["prohibited", "high-risk", "limited", "minimal", "unclassified"];
+export type EUAIActClassification = (typeof EU_AI_ACT_CLASSIFICATIONS)[number];
+export declare const FINDING_TYPES: readonly ["excessive-access", "write-risk", "sensitive-data", "scope-creep", "regulatory-flags", "risk-score", "decisions-about-people"];
+export type FindingType = (typeof FINDING_TYPES)[number];
+export interface FrameworkControl {
+    frameworkId: FrameworkId;
+    /** The specific control, clause, or article ID (e.g. "Art. 9(2)(a)", "A.6.2.6"). */
+    controlId: string;
+    /** Optional human-readable description of the control. */
+    note?: string;
+    /**
+     * EU AI Act only: set to true for controls that apply ONLY when the system
+     * is classified as high-risk under Annex III. Ignored by other frameworks.
+     *
+     * Consolidated here from the prior `eu-ai-act-high-risk` framework entry.
+     */
+    annexIII?: boolean;
+    /**
+     * Optional per-control signal gating. If provided, the control is rendered
+     * only when at least one of the named ComplianceSignals is truthy. Used for
+     * AIUC-1 controls that only apply in specific architectures (e.g. MCP,
+     * multi-customer, sub-agents). Keys are field names of ComplianceSignals;
+     * validation is runtime (in mapper.ts) to avoid a circular type import.
+     */
+    gatedBy?: string[];
+}
+/**
+ * Per-finding-type mapping bundle.
+ */
+export interface ControlMapping {
+    findingType: FindingType;
+    category: RiskCategory;
+    /** Short human-readable summary of what triggers this finding type. */
+    summary: string;
+    controls: FrameworkControl[];
+}
+/**
+ * Version tag for the control-mapping dataset. Bump when the mapping table
+ * is materially updated so downstream consumers can detect staleness.
+ *
+ * History:
+ *   aap-30.2026-04-09 — initial AAP-30 mapping (ISO 23894, NIST AI RMF, EU AI Act, GDPR, SOC 2)
+ *   aap-31.2026-04-15 — AAP-31 restored jurisdiction-specific frameworks (Colorado AI Act, HIPAA, CCPA/CPRA, UK GDPR/DPA 2018)
+ *   aap-42.2026-04-23 — AAP-42 scope cut: dropped 7 jurisdiction-specific / voluntary frameworks; consolidated EU AI Act split into single entry with Annex III classification
+ *   aap-43.2026-04-24 — AAP-43 audit-quality pass: determinism, NOT_PROVIDED scrub, conditional GDPR, Annex III employment gating, overall-status label, adversarial probing
+ *   aap-44.2026-04-24 — AAP-44 added AIUC-1 (Q2-2026 release, pinned to 2026-04-15); 16 controls across 4 finding-types; 3 new architecture signals (hasMCPOrA2A, hasSubAgents, hasCrossCustomer); per-control gatedBy filter
+ *   nist-restore.2026-04-24 — Restored NIST AI RMF as voluntary framework (widely-referenced US-origin AI risk-management framework); GOVERN/MAP/MEASURE/MANAGE controls across 6 finding-types
+ */
+export declare const MAPPING_VERSION: "nist-restore.2026-04-24";
+//# sourceMappingURL=types.d.ts.map

package/dist/src/compliance/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../../src/compliance/types.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAkCG;AAIH,eAAO,MAAM,eAAe,sEAKlB,CAAC;AACX,MAAM,MAAM,YAAY,GAAG,CAAC,OAAO,eAAe,CAAC,CAAC,MAAM,CAAC,CAAC;AAI5D,eAAO,MAAM,eAAe,qCAAsC,CAAC;AACnE,MAAM,MAAM,aAAa,GAAG,CAAC,OAAO,eAAe,CAAC,CAAC,MAAM,CAAC,CAAC;AAE7D;;GAEG;AACH,eAAO,MAAM,aAAa,sEAQhB,CAAC;AACX,MAAM,MAAM,WAAW,GAAG,CAAC,OAAO,aAAa,CAAC,CAAC,MAAM,CAAC,CAAC;AAEzD,eAAO,MAAM,aAAa,uCAAwC,CAAC;AACnE,MAAM,MAAM,YAAY,GAAG,CAAC,OAAO,aAAa,CAAC,CAAC,MAAM,CAAC,CAAC;AAE1D,MAAM,WAAW,SAAS;IACxB,EAAE,EAAE,WAAW,CAAC;IAChB,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,aAAa,CAAC;IACpB;;;OAGG;IACH,WAAW,EAAE,YAAY,EAAE,CAAC;IAC5B,0DAA0D;IAC1D,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,oEAAoE;IACpE,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,2GAA2G;IAC3G,aAAa,EAAE,MAAM,CAAC;CACvB;AAID;;;;;;;GAOG;AACH,eAAO,MAAM,yBAAyB,4EAM5B,CAAC;AACX,MAAM,MAAM,qBAAqB,GAAG,CAAC,OAAO,yBAAyB,CAAC,CAAC,MAAM,CAAC,CAAC;AAI/E,eAAO,MAAM,aAAa,0IAQhB,CAAC;AACX,MAAM,MAAM,WAAW,GAAG,CAAC,OAAO,aAAa,CAAC,CAAC,MAAM,CAAC,CAAC;AAIzD,MAAM,WAAW,gBAAgB;IAC/B,WAAW,EAAE,WAAW,CAAC;IACzB,oFAAoF;IACpF,SAAS,EAAE,MAAM,CAAC;IAClB,0DAA0D;IAC1D,IAAI,CAAC,EAAE,MAAM,CAAC;IACd;;;;;OAKG;IACH,QAAQ,CAAC,EAAE,OAAO,CAAC;IACnB;;;;;;OAMG;IACH,OAAO,CAAC,EAAE,MAAM,EAAE,CAAC;CACpB;AAED;;GAEG;AACH,MAAM,WAAW,cAAc;IAC7B,WAAW,EAAE,WAAW,CAAC;IACzB,QAAQ,EAAE,YAAY,CAAC;IACvB,uEAAuE;IACvE,OAAO,EAAE,MAAM,CAAC;IAChB,QAAQ,EAAE,gBAAgB,EAAE,CAAC;CAC9B;AAID;;;;;;;;;;;GAWG;AACH,eAAO,MAAM,eAAe,EAAG,yBAAkC,CAAC"}