micro-contracts 0.9.0

package/dist/guardrails/allowlist.js

@@ -0,0 +1,261 @@
+/**
+ * Allowlist verification for guardrails
+ *
+ * Verifies that changed files are within allowed boundaries.
+ */
+import fs from 'fs';
+import path from 'path';
+import { execSync } from 'child_process';
+import { loadGuardrailsConfigWithPath } from './config.js';
+/**
+ * Simple glob pattern matching with negation support
+ * Patterns are evaluated top-to-bottom; last match wins.
+ * - "!pattern" → if matched, result becomes false (exclude)
+ * - "pattern"  → if matched, result becomes true (include)
+ */
+export function matchWithNegation(patterns, file) {
+    if (!patterns || patterns.length === 0)
+        return false;
+    let matched = false;
+    for (const raw of patterns) {
+        const neg = raw.startsWith('!');
+        const pattern = neg ? raw.slice(1) : raw;
+        if (!pattern)
+            continue;
+        if (matchGlob(file, pattern)) {
+            matched = !neg;
+        }
+    }
+    return matched;
+}
+/**
+ * Simple glob pattern matching
+ * Supports:
+ * - * matches any characters except /
+ * - ** matches any characters including / (zero or more path segments)
+ * - ? matches single character
+ */
+export function matchGlob(file, pattern) {
+    // Normalize paths
+    const normalizedFile = file.replace(/\\/g, '/');
+    const normalizedPattern = pattern.replace(/\\/g, '/');
+    return matchGlobInternal(normalizedFile, normalizedPattern);
+}
+/**
+ * Internal glob matching implementation using regex
+ */
+function matchGlobInternal(file, pattern) {
+    // Convert glob pattern to regex step by step
+    let regex = '';
+    let i = 0;
+    while (i < pattern.length) {
+        const char = pattern[i];
+        const nextChar = pattern[i + 1];
+        if (char === '*' && nextChar === '*') {
+            // ** - matches any path segments
+            const afterStars = pattern[i + 2];
+            if (afterStars === '/') {
+                // **/ at start or middle - matches zero or more path segments including nothing
+                regex += '(?:.*/)?';
+                i += 3; // skip **/
+            }
+            else if (i + 2 === pattern.length || afterStars === undefined) {
+                // ** at end - matches everything
+                regex += '.*';
+                i += 2;
+            }
+            else {
+                // ** without trailing / - matches any characters
+                regex += '.*';
+                i += 2;
+            }
+        }
+        else if (char === '*') {
+            // * - matches any characters except /
+            regex += '[^/]*';
+            i++;
+        }
+        else if (char === '?') {
+            // ? - matches single character except /
+            regex += '[^/]';
+            i++;
+        }
+        else if (char === '/') {
+            regex += '/';
+            i++;
+        }
+        else if ('.+^${}()|[]\\'.includes(char)) {
+            // Escape regex special chars
+            regex += '\\' + char;
+            i++;
+        }
+        else {
+            regex += char;
+            i++;
+        }
+    }
+    // Anchor the pattern
+    regex = `^${regex}$`;
+    try {
+        return new RegExp(regex).test(file);
+    }
+    catch {
+        return false;
+    }
+}
+/**
+ * Get list of changed files, filtered to a specific base directory
+ */
+export function getChangedFiles(options) {
+    const { changedFilesPath, baseRef, baseDir } = options;
+    let files;
+    if (changedFilesPath) {
+        // Read from file (CI mode)
+        if (!fs.existsSync(changedFilesPath)) {
+            throw new Error(`Changed files list not found: ${changedFilesPath}`);
+        }
+        files = fs.readFileSync(changedFilesPath, 'utf-8')
+            .trim()
+            .split('\n')
+            .filter(Boolean);
+    }
+    else {
+        // Use git diff (local mode)
+        try {
+            const ref = baseRef || 'HEAD';
+            // Try staged files first
+            let out = execSync('git diff --name-only --cached', { encoding: 'utf8' });
+            files = out.trim().split('\n').filter(Boolean);
+            // If no staged files, try unstaged
+            if (files.length === 0) {
+                out = execSync('git diff --name-only', { encoding: 'utf8' });
+                files = out.trim().split('\n').filter(Boolean);
+            }
+            // If still no files, try diff against base ref
+            if (files.length === 0 && ref !== 'HEAD') {
+                out = execSync(`git diff --name-only ${ref}...HEAD`, { encoding: 'utf8' });
+                files = out.trim().split('\n').filter(Boolean);
+            }
+        }
+        catch (error) {
+            // Git not available or not in a git repo
+            return [];
+        }
+    }
+    // Filter and convert paths relative to baseDir
+    if (baseDir) {
+        // Get git root to resolve absolute paths
+        let gitRoot;
+        try {
+            gitRoot = execSync('git rev-parse --show-toplevel', { encoding: 'utf8' }).trim();
+        }
+        catch {
+            gitRoot = process.cwd();
+        }
+        const absoluteBaseDir = path.resolve(baseDir);
+        // Filter to only files under baseDir and convert to relative paths
+        files = files
+            .map(f => path.resolve(gitRoot, f)) // Convert to absolute
+            .filter(f => f.startsWith(absoluteBaseDir + path.sep) || f === absoluteBaseDir) // Filter to baseDir
+            .map(f => path.relative(absoluteBaseDir, f)); // Convert to relative from baseDir
+    }
+    return files;
+}
+/**
+ * Verify changed files against allowlist
+ */
+export function verifyAllowlist(changedFiles, config) {
+    const violations = [];
+    for (const file of changedFiles) {
+        // 1. Check if protected (not allowed in normal PRs)
+        if (matchWithNegation(config.protected, file)) {
+            violations.push({ file, reason: 'protected' });
+            continue;
+        }
+        // 2. Check if generated (allowed, but must pass drift/manifest checks)
+        if (matchWithNegation(config.generated, file)) {
+            // Generated files are allowed to change, but we don't add a violation
+            // The drift/manifest checks will verify integrity
+            continue;
+        }
+        // 3. Must be in allowed list
+        if (!matchWithNegation(config.allowed, file)) {
+            violations.push({ file, reason: 'not-in-allowlist' });
+        }
+    }
+    return {
+        valid: violations.length === 0,
+        violations,
+    };
+}
+/**
+ * Run allowlist check
+ */
+export async function runAllowlistCheck(options) {
+    const start = Date.now();
+    try {
+        // Load config with path information
+        const { config, baseDir, configPath } = loadGuardrailsConfigWithPath(options.guardrailsPath);
+        // Get changed files relative to guardrails config directory
+        const changedFiles = getChangedFiles({
+            changedFilesPath: options.changedFilesPath,
+            baseDir, // Filter to files under guardrails.yaml directory
+        });
+        if (changedFiles.length === 0) {
+            return {
+                name: 'allowlist',
+                status: 'pass',
+                duration: Date.now() - start,
+                message: configPath
+                    ? `No changed files under ${path.basename(path.dirname(configPath))}/`
+                    : 'No changed files to check',
+            };
+        }
+        // Verify allowlist
+        const result = verifyAllowlist(changedFiles, config);
+        if (result.valid) {
+            return {
+                name: 'allowlist',
+                status: 'pass',
+                duration: Date.now() - start,
+                message: `All ${changedFiles.length} changed files are within allowed boundaries`,
+            };
+        }
+        // Build error details
+        const details = result.violations.map(v => `  - ${v.file} (${v.reason})`);
+        return {
+            name: 'allowlist',
+            status: 'fail',
+            duration: Date.now() - start,
+            message: `${result.violations.length} file(s) are not allowed to be modified`,
+            details,
+        };
+    }
+    catch (error) {
+        return {
+            name: 'allowlist',
+            status: 'fail',
+            duration: Date.now() - start,
+            message: error instanceof Error ? error.message : String(error),
+        };
+    }
+}
+/**
+ * Format allowlist result for CLI output
+ */
+export function formatAllowlistResult(result) {
+    const lines = [];
+    if (result.valid) {
+        lines.push('✅ All changed files are within allowed boundaries');
+    }
+    else {
+        lines.push('❌ The following files are not allowed to be modified in a normal PR:\n');
+        for (const { file, reason } of result.violations) {
+            lines.push(`  - ${file} (${reason})`);
+        }
+        lines.push('\n💡 If this is a generated artifact, run the pinned generator and pass drift/manifest checks.');
+        lines.push('💡 If this should be editable, update guardrails.yaml (allowed/protected/generated).');
+    }
+    return lines.join('\n');
+}
+//# sourceMappingURL=allowlist.js.map

package/dist/guardrails/allowlist.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"allowlist.js","sourceRoot":"","sources":["../../src/guardrails/allowlist.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,MAAM,IAAI,CAAC;AACpB,OAAO,IAAI,MAAM,MAAM,CAAC;AACxB,OAAO,EAAE,QAAQ,EAAE,MAAM,eAAe,CAAC;AAEzC,OAAO,EAAE,4BAA4B,EAAE,MAAM,aAAa,CAAC;AAE3D;;;;;GAKG;AACH,MAAM,UAAU,iBAAiB,CAAC,QAA8B,EAAE,IAAY;IAC5E,IAAI,CAAC,QAAQ,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,KAAK,CAAC;IAErD,IAAI,OAAO,GAAG,KAAK,CAAC;IAEpB,KAAK,MAAM,GAAG,IAAI,QAAQ,EAAE,CAAC;QAC3B,MAAM,GAAG,GAAG,GAAG,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC;QAChC,MAAM,OAAO,GAAG,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC;QACzC,IAAI,CAAC,OAAO;YAAE,SAAS;QAEvB,IAAI,SAAS,CAAC,IAAI,EAAE,OAAO,CAAC,EAAE,CAAC;YAC7B,OAAO,GAAG,CAAC,GAAG,CAAC;QACjB,CAAC;IACH,CAAC;IAED,OAAO,OAAO,CAAC;AACjB,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,SAAS,CAAC,IAAY,EAAE,OAAe;IACrD,kBAAkB;IAClB,MAAM,cAAc,GAAG,IAAI,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;IAChD,MAAM,iBAAiB,GAAG,OAAO,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;IAEtD,OAAO,iBAAiB,CAAC,cAAc,EAAE,iBAAiB,CAAC,CAAC;AAC9D,CAAC;AAED;;GAEG;AACH,SAAS,iBAAiB,CAAC,IAAY,EAAE,OAAe;IACtD,6CAA6C;IAC7C,IAAI,KAAK,GAAG,EAAE,CAAC;IACf,IAAI,CAAC,GAAG,CAAC,CAAC;IAEV,OAAO,CAAC,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC;QAC1B,MAAM,IAAI,GAAG,OAAO,CAAC,CAAC,CAAC,CAAC;QACxB,MAAM,QAAQ,GAAG,OAAO,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;QAEhC,IAAI,IAAI,KAAK,GAAG,IAAI,QAAQ,KAAK,GAAG,EAAE,CAAC;YACrC,iCAAiC;YACjC,MAAM,UAAU,GAAG,OAAO,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;YAElC,IAAI,UAAU,KAAK,GAAG,EAAE,CAAC;gBACvB,gFAAgF;gBAChF,KAAK,IAAI,UAAU,CAAC;gBACpB,CAAC,IAAI,CAAC,CAAC,CAAC,WAAW;YACrB,CAAC;iBAAM,IAAI,CAAC,GAAG,CAAC,KAAK,OAAO,CAAC,MAAM,IAAI,UAAU,KAAK,SAAS,EAAE,CAAC;gBAChE,iCAAiC;gBACjC,KAAK,IAAI,IAAI,CAAC;gBACd,CAAC,IAAI,CAAC,CAAC;YACT,CAAC;iBAAM,CAAC;gBACN,iDAAiD;gBACjD,KAAK,IAAI,IAAI,CAAC;gBACd,CAAC,IAAI,CAAC,CAAC;YACT,CAAC;QACH,CAAC;aAAM,IAAI,IAAI,KAAK,GAAG,EAAE,CAAC;YACxB,sCAAsC;YACtC,KAAK,IAAI,OAAO,CAAC;YACjB,CAAC,EAAE,CAAC;QACN,CAAC;aAAM,IAAI,IAAI,KAAK,GAAG,EAAE,CAAC;YACxB,wCAAwC;YACxC,KAAK,IAAI,MAAM,CAAC;YAChB,CAAC,EAAE,CAAC;QACN,CAAC;aAAM,IAAI,IAAI,KAAK,GAAG,EAAE,CAAC;YACxB,KAAK,IAAI,GAAG,CAAC;YACb,CAAC,EAAE,CAAC;QACN,CAAC;aAAM,IAAI,eAAe,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;YAC1C,6BAA6B;YAC7B,KAAK,IAAI,IAAI,GAAG,IAAI,CAAC;YACrB,CAAC,EAAE,CAAC;QACN,CAAC;aAAM,CAAC;YACN,KAAK,IAAI,IAAI,CAAC;YACd,CAAC,EAAE,CAAC;QACN,CAAC;IACH,CAAC;IAED,qBAAqB;IACrB,KAAK,GAAG,IAAI,KAAK,GAAG,CAAC;IAErB,IAAI,CAAC;QACH,OAAO,IAAI,MAAM,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACtC,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,eAAe,CAAC,OAO/B;IACC,MAAM,EAAE,gBAAgB,EAAE,OAAO,EAAE,OAAO,EAAE,GAAG,OAAO,CAAC;IAEvD,IAAI,KAAe,CAAC;IAEpB,IAAI,gBAAgB,EAAE,CAAC;QACrB,2BAA2B;QAC3B,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,gBAAgB,CAAC,EAAE,CAAC;YACrC,MAAM,IAAI,KAAK,CAAC,iCAAiC,gBAAgB,EAAE,CAAC,CAAC;QACvE,CAAC;QACD,KAAK,GAAG,EAAE,CAAC,YAAY,CAAC,gBAAgB,EAAE,OAAO,CAAC;aAC/C,IAAI,EAAE;aACN,KAAK,CAAC,IAAI,CAAC;aACX,MAAM,CAAC,OAAO,CAAC,CAAC;IACrB,CAAC;SAAM,CAAC;QACN,4BAA4B;QAC5B,IAAI,CAAC;YACH,MAAM,GAAG,GAAG,OAAO,IAAI,MAAM,CAAC;YAC9B,yBAAyB;YACzB,IAAI,GAAG,GAAG,QAAQ,CAAC,+BAA+B,EAAE,EAAE,QAAQ,EAAE,MAAM,EAAE,CAAC,CAAC;YAC1E,KAAK,GAAG,GAAG,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;YAE/C,mCAAmC;YACnC,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;gBACvB,GAAG,GAAG,QAAQ,CAAC,sBAAsB,EAAE,EAAE,QAAQ,EAAE,MAAM,EAAE,CAAC,CAAC;gBAC7D,KAAK,GAAG,GAAG,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;YACjD,CAAC;YAED,+CAA+C;YAC/C,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,IAAI,GAAG,KAAK,MAAM,EAAE,CAAC;gBACzC,GAAG,GAAG,QAAQ,CAAC,wBAAwB,GAAG,SAAS,EAAE,EAAE,QAAQ,EAAE,MAAM,EAAE,CAAC,CAAC;gBAC3E,KAAK,GAAG,GAAG,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;YACjD,CAAC;QACH,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,yCAAyC;YACzC,OAAO,EAAE,CAAC;QACZ,CAAC;IACH,CAAC;IAED,+CAA+C;IAC/C,IAAI,OAAO,EAAE,CAAC;QACZ,yCAAyC;QACzC,IAAI,OAAe,CAAC;QACpB,IAAI,CAAC;YACH,OAAO,GAAG,QAAQ,CAAC,+BAA+B,EAAE,EAAE,QAAQ,EAAE,MAAM,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;QACnF,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,GAAG,OAAO,CAAC,GAAG,EAAE,CAAC;QAC1B,CAAC;QAED,MAAM,eAAe,GAAG,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;QAE9C,mEAAmE;QACnE,KAAK,GAAG,KAAK;aACV,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,IAAI,CAAC,OAAO,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC,CAAE,sBAAsB;aAC1D,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,UAAU,CAAC,eAAe,GAAG,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,KAAK,eAAe,CAAC,CAAE,oBAAoB;aACpG,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,IAAI,CAAC,QAAQ,CAAC,eAAe,EAAE,CAAC,CAAC,CAAC,CAAC,CAAE,mCAAmC;IACtF,CAAC;IAED,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,eAAe,CAC7B,YAAsB,EACtB,MAAwB;IAExB,MAAM,UAAU,GAAyB,EAAE,CAAC;IAE5C,KAAK,MAAM,IAAI,IAAI,YAAY,EAAE,CAAC;QAChC,oDAAoD;QACpD,IAAI,iBAAiB,CAAC,MAAM,CAAC,SAAS,EAAE,IAAI,CAAC,EAAE,CAAC;YAC9C,UAAU,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,WAAW,EAAE,CAAC,CAAC;YAC/C,SAAS;QACX,CAAC;QAED,uEAAuE;QACvE,IAAI,iBAAiB,CAAC,MAAM,CAAC,SAAS,EAAE,IAAI,CAAC,EAAE,CAAC;YAC9C,sEAAsE;YACtE,kDAAkD;YAClD,SAAS;QACX,CAAC;QAED,6BAA6B;QAC7B,IAAI,CAAC,iBAAiB,CAAC,MAAM,CAAC,OAAO,EAAE,IAAI,CAAC,EAAE,CAAC;YAC7C,UAAU,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,kBAAkB,EAAE,CAAC,CAAC;QACxD,CAAC;IACH,CAAC;IAED,OAAO;QACL,KAAK,EAAE,UAAU,CAAC,MAAM,KAAK,CAAC;QAC9B,UAAU;KACX,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,iBAAiB,CAAC,OAAqB;IAC3D,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IAEzB,IAAI,CAAC;QACH,oCAAoC;QACpC,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,UAAU,EAAE,GAAG,4BAA4B,CAAC,OAAO,CAAC,cAAc,CAAC,CAAC;QAE7F,4DAA4D;QAC5D,MAAM,YAAY,GAAG,eAAe,CAAC;YACnC,gBAAgB,EAAE,OAAO,CAAC,gBAAgB;YAC1C,OAAO,EAAG,kDAAkD;SAC7D,CAAC,CAAC;QAEH,IAAI,YAAY,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC9B,OAAO;gBACL,IAAI,EAAE,WAAW;gBACjB,MAAM,EAAE,MAAM;gBACd,QAAQ,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK;gBAC5B,OAAO,EAAE,UAAU;oBACjB,CAAC,CAAC,0BAA0B,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC,GAAG;oBACtE,CAAC,CAAC,2BAA2B;aAChC,CAAC;QACJ,CAAC;QAED,mBAAmB;QACnB,MAAM,MAAM,GAAG,eAAe,CAAC,YAAY,EAAE,MAAM,CAAC,CAAC;QAErD,IAAI,MAAM,CAAC,KAAK,EAAE,CAAC;YACjB,OAAO;gBACL,IAAI,EAAE,WAAW;gBACjB,MAAM,EAAE,MAAM;gBACd,QAAQ,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK;gBAC5B,OAAO,EAAE,OAAO,YAAY,CAAC,MAAM,8CAA8C;aAClF,CAAC;QACJ,CAAC;QAED,sBAAsB;QACtB,MAAM,OAAO,GAAG,MAAM,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CACxC,OAAO,CAAC,CAAC,IAAI,KAAK,CAAC,CAAC,MAAM,GAAG,CAC9B,CAAC;QAEF,OAAO;YACL,IAAI,EAAE,WAAW;YACjB,MAAM,EAAE,MAAM;YACd,QAAQ,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK;YAC5B,OAAO,EAAE,GAAG,MAAM,CAAC,UAAU,CAAC,MAAM,yCAAyC;YAC7E,OAAO;SACR,CAAC;IAEJ,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO;YACL,IAAI,EAAE,WAAW;YACjB,MAAM,EAAE,MAAM;YACd,QAAQ,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK;YAC5B,OAAO,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC;SAChE,CAAC;IACJ,CAAC;AACH,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,qBAAqB,CAAC,MAAuB;IAC3D,MAAM,KAAK,GAAa,EAAE,CAAC;IAE3B,IAAI,MAAM,CAAC,KAAK,EAAE,CAAC;QACjB,KAAK,CAAC,IAAI,CAAC,mDAAmD,CAAC,CAAC;IAClE,CAAC;SAAM,CAAC;QACN,KAAK,CAAC,IAAI,CAAC,wEAAwE,CAAC,CAAC;QAErF,KAAK,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,MAAM,CAAC,UAAU,EAAE,CAAC;YACjD,KAAK,CAAC,IAAI,CAAC,OAAO,IAAI,KAAK,MAAM,GAAG,CAAC,CAAC;QACxC,CAAC;QAED,KAAK,CAAC,IAAI,CAAC,gGAAgG,CAAC,CAAC;QAC7G,KAAK,CAAC,IAAI,CAAC,sFAAsF,CAAC,CAAC;IACrG,CAAC;IAED,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC1B,CAAC"}

package/dist/guardrails/config.d.ts

@@ -0,0 +1,40 @@
+/**
+ * Guardrails configuration parser
+ *
+ * Handles loading and validation of guardrails.yaml configuration files.
+ */
+import type { GuardrailsConfig } from './types.js';
+/**
+ * Default guardrails configuration
+ */
+export declare const DEFAULT_GUARDRAILS: GuardrailsConfig;
+/**
+ * Find guardrails config file in current directory or ancestors
+ */
+export declare function findGuardrailsConfig(startDir?: string): string | null;
+export interface LoadedGuardrailsConfig {
+    config: GuardrailsConfig;
+    /** Directory containing the guardrails config file (for relative path resolution) */
+    baseDir: string;
+    /** Full path to the config file (null if using defaults) */
+    configPath: string | null;
+}
+/**
+ * Load guardrails configuration from file
+ * Falls back to defaults if file not found
+ */
+export declare function loadGuardrailsConfig(configPath?: string): GuardrailsConfig;
+/**
+ * Load guardrails configuration with path information
+ * Returns both the config and the base directory for relative path resolution
+ */
+export declare function loadGuardrailsConfigWithPath(configPath?: string): LoadedGuardrailsConfig;
+/**
+ * Create a guardrails.yaml template
+ */
+export declare function generateGuardrailsTemplate(): string;
+/**
+ * Write guardrails template to file
+ */
+export declare function createGuardrailsConfig(outputPath?: string): void;
+//# sourceMappingURL=config.d.ts.map

package/dist/guardrails/config.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../../src/guardrails/config.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAKH,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,YAAY,CAAC;AAEnD;;GAEG;AACH,eAAO,MAAM,kBAAkB,EAAE,gBAyBhC,CAAC;AAEF;;GAEG;AACH,wBAAgB,oBAAoB,CAAC,QAAQ,CAAC,EAAE,MAAM,GAAG,MAAM,GAAG,IAAI,CAwBrE;AAED,MAAM,WAAW,sBAAsB;IACrC,MAAM,EAAE,gBAAgB,CAAC;IACzB,qFAAqF;IACrF,OAAO,EAAE,MAAM,CAAC;IAChB,4DAA4D;IAC5D,UAAU,EAAE,MAAM,GAAG,IAAI,CAAC;CAC3B;AAED;;;GAGG;AACH,wBAAgB,oBAAoB,CAAC,UAAU,CAAC,EAAE,MAAM,GAAG,gBAAgB,CAG1E;AAED;;;GAGG;AACH,wBAAgB,4BAA4B,CAAC,UAAU,CAAC,EAAE,MAAM,GAAG,sBAAsB,CAiCxF;AAED;;GAEG;AACH,wBAAgB,0BAA0B,IAAI,MAAM,CA4DnD;AAED;;GAEG;AACH,wBAAgB,sBAAsB,CAAC,UAAU,GAAE,MAA0C,GAAG,IAAI,CAGnG"}

package/dist/guardrails/config.js

@@ -0,0 +1,174 @@
+/**
+ * Guardrails configuration parser
+ *
+ * Handles loading and validation of guardrails.yaml configuration files.
+ */
+import fs from 'fs';
+import path from 'path';
+import yaml from 'js-yaml';
+/**
+ * Default guardrails configuration
+ */
+export const DEFAULT_GUARDRAILS = {
+    allowed: [
+        'spec/**/*.yaml',
+        'spec/**/*.yml',
+        'spec/**/*.hbs',
+        'server/src/**/domains/**/*.ts',
+        'server/src/**/container.ts',
+        'server/src/server.ts',
+        'docs/**/*.md',
+        'README.md',
+        'package.json',
+        'tsconfig.json',
+    ],
+    protected: [
+        'spec/spectral.yaml',
+        'spec/_shared/overlays/**',
+        'guardrails.yaml',
+        '.github/**',
+    ],
+    generated: [
+        'packages/**',
+        '**/*.generated.ts',
+        '**/*.generated.yaml',
+        '**/*.generated.yml',
+    ],
+};
+/**
+ * Find guardrails config file in current directory or ancestors
+ */
+export function findGuardrailsConfig(startDir) {
+    const dir = startDir || process.cwd();
+    // Support multiple naming conventions
+    const candidates = [
+        'micro-contracts.guardrails.yaml',
+        'micro-contracts.guardrails.yml',
+        'guardrails.yaml', // Legacy name
+        'guardrails.yml',
+    ];
+    let current = path.resolve(dir);
+    const root = path.parse(current).root;
+    while (current !== root) {
+        for (const candidate of candidates) {
+            const configPath = path.join(current, candidate);
+            if (fs.existsSync(configPath)) {
+                return configPath;
+            }
+        }
+        current = path.dirname(current);
+    }
+    return null;
+}
+/**
+ * Load guardrails configuration from file
+ * Falls back to defaults if file not found
+ */
+export function loadGuardrailsConfig(configPath) {
+    const result = loadGuardrailsConfigWithPath(configPath);
+    return result.config;
+}
+/**
+ * Load guardrails configuration with path information
+ * Returns both the config and the base directory for relative path resolution
+ */
+export function loadGuardrailsConfigWithPath(configPath) {
+    const resolvedPath = configPath || findGuardrailsConfig();
+    if (!resolvedPath || !fs.existsSync(resolvedPath)) {
+        // Return default config with current directory as base
+        return {
+            config: DEFAULT_GUARDRAILS,
+            baseDir: process.cwd(),
+            configPath: null,
+        };
+    }
+    const content = fs.readFileSync(resolvedPath, 'utf-8');
+    const config = yaml.load(content);
+    // Validate basic structure
+    if (typeof config !== 'object' || config === null) {
+        throw new Error(`Invalid guardrails config: ${resolvedPath}`);
+    }
+    // Merge with defaults for any missing sections
+    const mergedConfig = {
+        allowed: config.allowed ?? DEFAULT_GUARDRAILS.allowed,
+        protected: config.protected ?? DEFAULT_GUARDRAILS.protected,
+        generated: config.generated ?? DEFAULT_GUARDRAILS.generated,
+        checks: config.checks, // Pass through checks config
+    };
+    return {
+        config: mergedConfig,
+        baseDir: path.dirname(resolvedPath),
+        configPath: resolvedPath,
+    };
+}
+/**
+ * Create a guardrails.yaml template
+ */
+export function generateGuardrailsTemplate() {
+    const template = `# AI-Driven Development Guardrails Configuration
+# 
+# This file defines which files can be modified in normal development PRs.
+# Patterns use gitignore-style matching with glob patterns.
+# Prefix with ! to negate (exclude) a pattern.
+
+# Files that can be edited in normal development PRs
+allowed:
+  # OpenAPI specs (source of truth)
+  - spec/**/openapi/*.yaml
+  - spec/**/templates/*.hbs
+  
+  # Domain implementations (human-written)
+  - server/src/**/domains/**/*.ts
+  - server/src/**/container.ts
+  - server/src/server.ts
+  
+  # Module-specific overlays (NOT _shared)
+  - server/src/*/overlays/**/*.ts
+  - "!server/src/_shared/overlays/**"
+  
+  # Configuration
+  - micro-contracts.config.yaml
+  - package.json
+  - tsconfig.json
+  
+  # Documentation
+  - docs/**/*.md
+  - README.md
+
+# Files that require special approval
+protected:
+  # Spectral lint rules
+  - spec/spectral.yaml
+  
+  # Shared overlay definitions
+  - spec/_shared/overlays/**
+  
+  # Shared security overlay implementations
+  - server/src/_shared/overlays/**
+  
+  # This guardrails configuration
+  - micro-contracts.guardrails.yaml
+  
+  # CI/workflow definitions
+  - .github/**
+
+# Generated artifacts (committed, but only modified via generate)
+generated:
+  # Contract packages
+  - packages/**
+  
+  # Generated files
+  - "**/*.generated.ts"
+  - "**/*.generated.yaml"
+  - "**/*.generated.yml"
+`;
+    return template;
+}
+/**
+ * Write guardrails template to file
+ */
+export function createGuardrailsConfig(outputPath = 'micro-contracts.guardrails.yaml') {
+    const template = generateGuardrailsTemplate();
+    fs.writeFileSync(outputPath, template);
+}
+//# sourceMappingURL=config.js.map

package/dist/guardrails/config.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"config.js","sourceRoot":"","sources":["../../src/guardrails/config.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,MAAM,IAAI,CAAC;AACpB,OAAO,IAAI,MAAM,MAAM,CAAC;AACxB,OAAO,IAAI,MAAM,SAAS,CAAC;AAG3B;;GAEG;AACH,MAAM,CAAC,MAAM,kBAAkB,GAAqB;IAClD,OAAO,EAAE;QACP,gBAAgB;QAChB,eAAe;QACf,eAAe;QACf,+BAA+B;QAC/B,4BAA4B;QAC5B,sBAAsB;QACtB,cAAc;QACd,WAAW;QACX,cAAc;QACd,eAAe;KAChB;IACD,SAAS,EAAE;QACT,oBAAoB;QACpB,0BAA0B;QAC1B,iBAAiB;QACjB,YAAY;KACb;IACD,SAAS,EAAE;QACT,aAAa;QACb,mBAAmB;QACnB,qBAAqB;QACrB,oBAAoB;KACrB;CACF,CAAC;AAEF;;GAEG;AACH,MAAM,UAAU,oBAAoB,CAAC,QAAiB;IACpD,MAAM,GAAG,GAAG,QAAQ,IAAI,OAAO,CAAC,GAAG,EAAE,CAAC;IACtC,sCAAsC;IACtC,MAAM,UAAU,GAAG;QACjB,iCAAiC;QACjC,gCAAgC;QAChC,iBAAiB,EAAG,cAAc;QAClC,gBAAgB;KACjB,CAAC;IAEF,IAAI,OAAO,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;IAChC,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC;IAEtC,OAAO,OAAO,KAAK,IAAI,EAAE,CAAC;QACxB,KAAK,MAAM,SAAS,IAAI,UAAU,EAAE,CAAC;YACnC,MAAM,UAAU,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,SAAS,CAAC,CAAC;YACjD,IAAI,EAAE,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;gBAC9B,OAAO,UAAU,CAAC;YACpB,CAAC;QACH,CAAC;QACD,OAAO,GAAG,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;IAClC,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC;AAUD;;;GAGG;AACH,MAAM,UAAU,oBAAoB,CAAC,UAAmB;IACtD,MAAM,MAAM,GAAG,4BAA4B,CAAC,UAAU,CAAC,CAAC;IACxD,OAAO,MAAM,CAAC,MAAM,CAAC;AACvB,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,4BAA4B,CAAC,UAAmB;IAC9D,MAAM,YAAY,GAAG,UAAU,IAAI,oBAAoB,EAAE,CAAC;IAE1D,IAAI,CAAC,YAAY,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,YAAY,CAAC,EAAE,CAAC;QAClD,uDAAuD;QACvD,OAAO;YACL,MAAM,EAAE,kBAAkB;YAC1B,OAAO,EAAE,OAAO,CAAC,GAAG,EAAE;YACtB,UAAU,EAAE,IAAI;SACjB,CAAC;IACJ,CAAC;IAED,MAAM,OAAO,GAAG,EAAE,CAAC,YAAY,CAAC,YAAY,EAAE,OAAO,CAAC,CAAC;IACvD,MAAM,MAAM,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,CAAqB,CAAC;IAEtD,2BAA2B;IAC3B,IAAI,OAAO,MAAM,KAAK,QAAQ,IAAI,MAAM,KAAK,IAAI,EAAE,CAAC;QAClD,MAAM,IAAI,KAAK,CAAC,8BAA8B,YAAY,EAAE,CAAC,CAAC;IAChE,CAAC;IAED,+CAA+C;IAC/C,MAAM,YAAY,GAAqB;QACrC,OAAO,EAAE,MAAM,CAAC,OAAO,IAAI,kBAAkB,CAAC,OAAO;QACrD,SAAS,EAAE,MAAM,CAAC,SAAS,IAAI,kBAAkB,CAAC,SAAS;QAC3D,SAAS,EAAE,MAAM,CAAC,SAAS,IAAI,kBAAkB,CAAC,SAAS;QAC3D,MAAM,EAAE,MAAM,CAAC,MAAM,EAAG,6BAA6B;KACtD,CAAC;IAEF,OAAO;QACL,MAAM,EAAE,YAAY;QACpB,OAAO,EAAE,IAAI,CAAC,OAAO,CAAC,YAAY,CAAC;QACnC,UAAU,EAAE,YAAY;KACzB,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,0BAA0B;IACxC,MAAM,QAAQ,GAAG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAwDlB,CAAC;IAEA,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,sBAAsB,CAAC,aAAqB,iCAAiC;IAC3F,MAAM,QAAQ,GAAG,0BAA0B,EAAE,CAAC;IAC9C,EAAE,CAAC,aAAa,CAAC,UAAU,EAAE,QAAQ,CAAC,CAAC;AACzC,CAAC"}

package/dist/guardrails/docs.d.ts

@@ -0,0 +1,24 @@
+/**
+ * Documentation consistency check for guardrails
+ *
+ * Verifies that documentation references (links, file paths, images) are valid.
+ */
+import type { CheckResult, CheckOptions } from './types.js';
+export interface DocIssue {
+    file: string;
+    line: number;
+    issue: string;
+}
+/**
+ * Check a single markdown file for broken references
+ */
+export declare function checkMarkdownFile(docFile: string): DocIssue[];
+/**
+ * Find all markdown files to check
+ */
+export declare function findMarkdownFiles(): Promise<string[]>;
+/**
+ * Run docs consistency check
+ */
+export declare function runDocsCheck(options: CheckOptions): Promise<CheckResult>;
+//# sourceMappingURL=docs.d.ts.map

package/dist/guardrails/docs.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"docs.d.ts","sourceRoot":"","sources":["../../src/guardrails/docs.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAKH,OAAO,KAAK,EAAE,WAAW,EAAE,YAAY,EAAE,MAAM,YAAY,CAAC;AAE5D,MAAM,WAAW,QAAQ;IACvB,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC;IACb,KAAK,EAAE,MAAM,CAAC;CACf;AAoBD;;GAEG;AACH,wBAAgB,iBAAiB,CAAC,OAAO,EAAE,MAAM,GAAG,QAAQ,EAAE,CAsD7D;AAED;;GAEG;AACH,wBAAsB,iBAAiB,IAAI,OAAO,CAAC,MAAM,EAAE,CAAC,CAe3D;AAED;;GAEG;AACH,wBAAsB,YAAY,CAAC,OAAO,EAAE,YAAY,GAAG,OAAO,CAAC,WAAW,CAAC,CAkD9E"}

package/dist/guardrails/docs.js

@@ -0,0 +1,138 @@
+/**
+ * Documentation consistency check for guardrails
+ *
+ * Verifies that documentation references (links, file paths, images) are valid.
+ */
+import fs from 'fs';
+import path from 'path';
+import { glob } from 'glob';
+/**
+ * Check if a path exists relative to a document file
+ */
+function existsRelativeToDoc(docFile, refPath) {
+    // Skip empty, anchor-only, or URL
+    if (!refPath || refPath.startsWith('#') || refPath.includes('://')) {
+        return true;
+    }
+    // Root-relative (starts with /) → resolve from cwd (repo root)
+    // Relative (including ./) → resolve from doc's directory
+    const resolved = refPath.startsWith('/')
+        ? path.resolve(process.cwd(), refPath.slice(1))
+        : path.resolve(path.dirname(docFile), refPath);
+    return fs.existsSync(resolved);
+}
+/**
+ * Check a single markdown file for broken references
+ */
+export function checkMarkdownFile(docFile) {
+    const issues = [];
+    if (!fs.existsSync(docFile)) {
+        return issues;
+    }
+    const lines = fs.readFileSync(docFile, 'utf-8').split('\n');
+    lines.forEach((line, idx) => {
+        const lineNum = idx + 1;
+        // 1. Check file path references like [examples/...] or `examples/...`
+        const pathRefs = line.matchAll(/(?:\[|`)([a-zA-Z0-9_\-./]+\/[a-zA-Z0-9_\-./]+\.[a-zA-Z]+)(?:\]|`)/g);
+        for (const match of pathRefs) {
+            const refPath = match[1];
+            if (!existsRelativeToDoc(docFile, refPath)) {
+                issues.push({
+                    file: docFile,
+                    line: lineNum,
+                    issue: `Referenced file does not exist: ${refPath}`,
+                });
+            }
+        }
+        // 2. Check markdown link targets like ](path#anchor)
+        const linkRefs = line.matchAll(/\]\((?!http)([^)]+)\)/g);
+        for (const match of linkRefs) {
+            const raw = match[1];
+            const linkPath = raw.split('#')[0]; // Remove anchor
+            if (linkPath && !existsRelativeToDoc(docFile, linkPath)) {
+                issues.push({
+                    file: docFile,
+                    line: lineNum,
+                    issue: `Broken link: ${linkPath}`,
+                });
+            }
+        }
+        // 3. Check image references like ![alt](./image.png)
+        const imgRefs = line.matchAll(/!\[[^\]]*\]\((?!http)([^)]+)\)/g);
+        for (const match of imgRefs) {
+            const imgPath = match[1].split('#')[0];
+            if (imgPath && !existsRelativeToDoc(docFile, imgPath)) {
+                issues.push({
+                    file: docFile,
+                    line: lineNum,
+                    issue: `Image not found: ${imgPath}`,
+                });
+            }
+        }
+    });
+    return issues;
+}
+/**
+ * Find all markdown files to check
+ */
+export async function findMarkdownFiles() {
+    const files = [];
+    // Check README.md at root
+    if (fs.existsSync('README.md')) {
+        files.push('README.md');
+    }
+    // Check docs directory
+    const docsFiles = await glob('docs/**/*.md', {
+        ignore: ['**/node_modules/**'],
+    });
+    files.push(...docsFiles);
+    return files;
+}
+/**
+ * Run docs consistency check
+ */
+export async function runDocsCheck(options) {
+    const start = Date.now();
+    try {
+        // Find all markdown files
+        const docFiles = await findMarkdownFiles();
+        if (docFiles.length === 0) {
+            return {
+                name: 'docs',
+                status: 'skip',
+                duration: Date.now() - start,
+                message: 'No documentation files found',
+            };
+        }
+        const allIssues = [];
+        for (const docFile of docFiles) {
+            const issues = checkMarkdownFile(docFile);
+            allIssues.push(...issues);
+        }
+        if (allIssues.length > 0) {
+            const details = allIssues.map(i => `  ${i.file}:${i.line}: ${i.issue}`);
+            return {
+                name: 'docs',
+                status: 'fail',
+                duration: Date.now() - start,
+                message: `${allIssues.length} broken reference(s) in ${docFiles.length} file(s)`,
+                details,
+            };
+        }
+        return {
+            name: 'docs',
+            status: 'pass',
+            duration: Date.now() - start,
+            message: `${docFiles.length} documentation file(s) verified`,
+        };
+    }
+    catch (error) {
+        return {
+            name: 'docs',
+            status: 'fail',
+            duration: Date.now() - start,
+            message: error instanceof Error ? error.message : String(error),
+        };
+    }
+}
+//# sourceMappingURL=docs.js.map

package/dist/guardrails/docs.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"docs.js","sourceRoot":"","sources":["../../src/guardrails/docs.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,MAAM,IAAI,CAAC;AACpB,OAAO,IAAI,MAAM,MAAM,CAAC;AACxB,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAC;AAS5B;;GAEG;AACH,SAAS,mBAAmB,CAAC,OAAe,EAAE,OAAe;IAC3D,kCAAkC;IAClC,IAAI,CAAC,OAAO,IAAI,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,OAAO,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;QACnE,OAAO,IAAI,CAAC;IACd,CAAC;IAED,+DAA+D;IAC/D,yDAAyD;IACzD,MAAM,QAAQ,GAAG,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC;QACtC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;QAC/C,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,OAAO,CAAC,CAAC;IAEjD,OAAO,EAAE,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC;AACjC,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,iBAAiB,CAAC,OAAe;IAC/C,MAAM,MAAM,GAAe,EAAE,CAAC;IAE9B,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,OAAO,CAAC,EAAE,CAAC;QAC5B,OAAO,MAAM,CAAC;IAChB,CAAC;IAED,MAAM,KAAK,GAAG,EAAE,CAAC,YAAY,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAE5D,KAAK,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,GAAG,EAAE,EAAE;QAC1B,MAAM,OAAO,GAAG,GAAG,GAAG,CAAC,CAAC;QAExB,sEAAsE;QACtE,MAAM,QAAQ,GAAG,IAAI,CAAC,QAAQ,CAAC,oEAAoE,CAAC,CAAC;QACrG,KAAK,MAAM,KAAK,IAAI,QAAQ,EAAE,CAAC;YAC7B,MAAM,OAAO,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;YACzB,IAAI,CAAC,mBAAmB,CAAC,OAAO,EAAE,OAAO,CAAC,EAAE,CAAC;gBAC3C,MAAM,CAAC,IAAI,CAAC;oBACV,IAAI,EAAE,OAAO;oBACb,IAAI,EAAE,OAAO;oBACb,KAAK,EAAE,mCAAmC,OAAO,EAAE;iBACpD,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,qDAAqD;QACrD,MAAM,QAAQ,GAAG,IAAI,CAAC,QAAQ,CAAC,wBAAwB,CAAC,CAAC;QACzD,KAAK,MAAM,KAAK,IAAI,QAAQ,EAAE,CAAC;YAC7B,MAAM,GAAG,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;YACrB,MAAM,QAAQ,GAAG,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,gBAAgB;YACpD,IAAI,QAAQ,IAAI,CAAC,mBAAmB,CAAC,OAAO,EAAE,QAAQ,CAAC,EAAE,CAAC;gBACxD,MAAM,CAAC,IAAI,CAAC;oBACV,IAAI,EAAE,OAAO;oBACb,IAAI,EAAE,OAAO;oBACb,KAAK,EAAE,gBAAgB,QAAQ,EAAE;iBAClC,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,qDAAqD;QACrD,MAAM,OAAO,GAAG,IAAI,CAAC,QAAQ,CAAC,iCAAiC,CAAC,CAAC;QACjE,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE,CAAC;YAC5B,MAAM,OAAO,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;YACvC,IAAI,OAAO,IAAI,CAAC,mBAAmB,CAAC,OAAO,EAAE,OAAO,CAAC,EAAE,CAAC;gBACtD,MAAM,CAAC,IAAI,CAAC;oBACV,IAAI,EAAE,OAAO;oBACb,IAAI,EAAE,OAAO;oBACb,KAAK,EAAE,oBAAoB,OAAO,EAAE;iBACrC,CAAC,CAAC;YACL,CAAC;QACH,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,iBAAiB;IACrC,MAAM,KAAK,GAAa,EAAE,CAAC;IAE3B,0BAA0B;IAC1B,IAAI,EAAE,CAAC,UAAU,CAAC,WAAW,CAAC,EAAE,CAAC;QAC/B,KAAK,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;IAC1B,CAAC;IAED,uBAAuB;IACvB,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,cAAc,EAAE;QAC3C,MAAM,EAAE,CAAC,oBAAoB,CAAC;KAC/B,CAAC,CAAC;IACH,KAAK,CAAC,IAAI,CAAC,GAAG,SAAS,CAAC,CAAC;IAEzB,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,YAAY,CAAC,OAAqB;IACtD,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IAEzB,IAAI,CAAC;QACH,0BAA0B;QAC1B,MAAM,QAAQ,GAAG,MAAM,iBAAiB,EAAE,CAAC;QAE3C,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC1B,OAAO;gBACL,IAAI,EAAE,MAAM;gBACZ,MAAM,EAAE,MAAM;gBACd,QAAQ,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK;gBAC5B,OAAO,EAAE,8BAA8B;aACxC,CAAC;QACJ,CAAC;QAED,MAAM,SAAS,GAAe,EAAE,CAAC;QAEjC,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;YAC/B,MAAM,MAAM,GAAG,iBAAiB,CAAC,OAAO,CAAC,CAAC;YAC1C,SAAS,CAAC,IAAI,CAAC,GAAG,MAAM,CAAC,CAAC;QAC5B,CAAC;QAED,IAAI,SAAS,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACzB,MAAM,OAAO,GAAG,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,KAAK,CAAC,CAAC,IAAI,IAAI,CAAC,CAAC,IAAI,KAAK,CAAC,CAAC,KAAK,EAAE,CAAC,CAAC;YAExE,OAAO;gBACL,IAAI,EAAE,MAAM;gBACZ,MAAM,EAAE,MAAM;gBACd,QAAQ,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK;gBAC5B,OAAO,EAAE,GAAG,SAAS,CAAC,MAAM,2BAA2B,QAAQ,CAAC,MAAM,UAAU;gBAChF,OAAO;aACR,CAAC;QACJ,CAAC;QAED,OAAO;YACL,IAAI,EAAE,MAAM;YACZ,MAAM,EAAE,MAAM;YACd,QAAQ,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK;YAC5B,OAAO,EAAE,GAAG,QAAQ,CAAC,MAAM,iCAAiC;SAC7D,CAAC;IAEJ,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO;YACL,IAAI,EAAE,MAAM;YACZ,MAAM,EAAE,MAAM;YACd,QAAQ,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK;YAC5B,OAAO,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC;SAChE,CAAC;IACJ,CAAC;AACH,CAAC"}