npm - network-ai - Versions diffs - 4.15.3 → 5.0.0 - Mend

network-ai 4.15.3 → 5.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (204) hide show

package/INTEGRATION_GUIDE.md +11 -4
package/QUICKSTART.md +31 -4
package/README.md +37 -15
package/bin/dashboard.ts +146 -0
package/bin/mcp-server.ts +3 -2
package/dist/adapters/adapter-registry.d.ts +33 -1
package/dist/adapters/adapter-registry.d.ts.map +1 -1
package/dist/adapters/adapter-registry.js +49 -0
package/dist/adapters/adapter-registry.js.map +1 -1
package/dist/adapters/anthropic-computer-use-adapter.d.ts +132 -0
package/dist/adapters/anthropic-computer-use-adapter.d.ts.map +1 -0
package/dist/adapters/anthropic-computer-use-adapter.js +180 -0
package/dist/adapters/anthropic-computer-use-adapter.js.map +1 -0
package/dist/adapters/browser-agent-adapter.d.ts +121 -0
package/dist/adapters/browser-agent-adapter.d.ts.map +1 -0
package/dist/adapters/browser-agent-adapter.js +219 -0
package/dist/adapters/browser-agent-adapter.js.map +1 -0
package/dist/adapters/copilot-adapter.d.ts +59 -0
package/dist/adapters/copilot-adapter.d.ts.map +1 -0
package/dist/adapters/copilot-adapter.js +132 -0
package/dist/adapters/copilot-adapter.js.map +1 -0
package/dist/adapters/index.d.ts +15 -1
package/dist/adapters/index.d.ts.map +1 -1
package/dist/adapters/index.js +22 -1
package/dist/adapters/index.js.map +1 -1
package/dist/adapters/langgraph-adapter.d.ts +70 -0
package/dist/adapters/langgraph-adapter.d.ts.map +1 -0
package/dist/adapters/langgraph-adapter.js +119 -0
package/dist/adapters/langgraph-adapter.js.map +1 -0
package/dist/adapters/openai-agents-adapter.d.ts +100 -0
package/dist/adapters/openai-agents-adapter.d.ts.map +1 -0
package/dist/adapters/openai-agents-adapter.js +118 -0
package/dist/adapters/openai-agents-adapter.js.map +1 -0
package/dist/adapters/pydantic-ai-adapter.d.ts +104 -0
package/dist/adapters/pydantic-ai-adapter.d.ts.map +1 -0
package/dist/adapters/pydantic-ai-adapter.js +163 -0
package/dist/adapters/pydantic-ai-adapter.js.map +1 -0
package/dist/adapters/vertex-ai-adapter.d.ts +122 -0
package/dist/adapters/vertex-ai-adapter.d.ts.map +1 -0
package/dist/adapters/vertex-ai-adapter.js +166 -0
package/dist/adapters/vertex-ai-adapter.js.map +1 -0
package/dist/bin/dashboard.d.ts +11 -0
package/dist/bin/dashboard.d.ts.map +1 -0
package/dist/bin/dashboard.js +135 -0
package/dist/bin/dashboard.js.map +1 -0
package/dist/bin/mcp-server.js +3 -2
package/dist/bin/mcp-server.js.map +1 -1
package/dist/index.d.ts +103 -559
package/dist/index.d.ts.map +1 -1
package/dist/index.js +295 -1074
package/dist/index.js.map +1 -1
package/dist/lib/adapter-test-harness.d.ts +88 -0
package/dist/lib/adapter-test-harness.d.ts.map +1 -0
package/dist/lib/adapter-test-harness.js +118 -0
package/dist/lib/adapter-test-harness.js.map +1 -0
package/dist/lib/agent-conversation.d.ts +115 -0
package/dist/lib/agent-conversation.d.ts.map +1 -0
package/dist/lib/agent-conversation.js +155 -0
package/dist/lib/agent-conversation.js.map +1 -0
package/dist/lib/agent-debate.d.ts +115 -0
package/dist/lib/agent-debate.d.ts.map +1 -0
package/dist/lib/agent-debate.js +146 -0
package/dist/lib/agent-debate.js.map +1 -0
package/dist/lib/agent-memory.d.ts +157 -0
package/dist/lib/agent-memory.d.ts.map +1 -0
package/dist/lib/agent-memory.js +336 -0
package/dist/lib/agent-memory.js.map +1 -0
package/dist/lib/agent-vcr.d.ts +133 -0
package/dist/lib/agent-vcr.d.ts.map +1 -0
package/dist/lib/agent-vcr.js +218 -0
package/dist/lib/agent-vcr.js.map +1 -0
package/dist/lib/anomaly-detector.d.ts +112 -0
package/dist/lib/anomaly-detector.d.ts.map +1 -0
package/dist/lib/anomaly-detector.js +178 -0
package/dist/lib/anomaly-detector.js.map +1 -0
package/dist/lib/approval-inbox.d.ts +147 -0
package/dist/lib/approval-inbox.d.ts.map +1 -0
package/dist/lib/approval-inbox.js +385 -0
package/dist/lib/approval-inbox.js.map +1 -0
package/dist/lib/auth-guardian.d.ts +170 -0
package/dist/lib/auth-guardian.d.ts.map +1 -0
package/dist/lib/auth-guardian.js +604 -0
package/dist/lib/auth-guardian.js.map +1 -0
package/dist/lib/auth-validator.d.ts +70 -0
package/dist/lib/auth-validator.d.ts.map +1 -0
package/dist/lib/auth-validator.js +32 -0
package/dist/lib/auth-validator.js.map +1 -0
package/dist/lib/blackboard-validator.d.ts +56 -0
package/dist/lib/blackboard-validator.d.ts.map +1 -1
package/dist/lib/blackboard-validator.js +181 -4
package/dist/lib/blackboard-validator.js.map +1 -1
package/dist/lib/comparison-runner.d.ts +99 -0
package/dist/lib/comparison-runner.d.ts.map +1 -0
package/dist/lib/comparison-runner.js +138 -0
package/dist/lib/comparison-runner.js.map +1 -0
package/dist/lib/config-watcher.d.ts +109 -0
package/dist/lib/config-watcher.d.ts.map +1 -0
package/dist/lib/config-watcher.js +215 -0
package/dist/lib/config-watcher.js.map +1 -0
package/dist/lib/cost-governor.d.ts +105 -0
package/dist/lib/cost-governor.d.ts.map +1 -0
package/dist/lib/cost-governor.js +128 -0
package/dist/lib/cost-governor.js.map +1 -0
package/dist/lib/cost-heatmap.d.ts +104 -0
package/dist/lib/cost-heatmap.d.ts.map +1 -0
package/dist/lib/cost-heatmap.js +161 -0
package/dist/lib/cost-heatmap.js.map +1 -0
package/dist/lib/coverage-reporter.d.ts +92 -0
package/dist/lib/coverage-reporter.d.ts.map +1 -0
package/dist/lib/coverage-reporter.js +177 -0
package/dist/lib/coverage-reporter.js.map +1 -0
package/dist/lib/dashboard-server.d.ts +71 -0
package/dist/lib/dashboard-server.d.ts.map +1 -0
package/dist/lib/dashboard-server.js +403 -0
package/dist/lib/dashboard-server.js.map +1 -0
package/dist/lib/dry-run.d.ts +73 -0
package/dist/lib/dry-run.d.ts.map +1 -0
package/dist/lib/dry-run.js +130 -0
package/dist/lib/dry-run.js.map +1 -0
package/dist/lib/errors.d.ts +15 -0
package/dist/lib/errors.d.ts.map +1 -1
package/dist/lib/errors.js +38 -0
package/dist/lib/errors.js.map +1 -1
package/dist/lib/event-bus.d.ts +167 -0
package/dist/lib/event-bus.d.ts.map +1 -0
package/dist/lib/event-bus.js +229 -0
package/dist/lib/event-bus.js.map +1 -0
package/dist/lib/explainability.d.ts +85 -0
package/dist/lib/explainability.d.ts.map +1 -0
package/dist/lib/explainability.js +102 -0
package/dist/lib/explainability.js.map +1 -0
package/dist/lib/goal-dsl.d.ts +157 -0
package/dist/lib/goal-dsl.d.ts.map +1 -0
package/dist/lib/goal-dsl.js +392 -0
package/dist/lib/goal-dsl.js.map +1 -0
package/dist/lib/job-queue.d.ts +183 -0
package/dist/lib/job-queue.d.ts.map +1 -0
package/dist/lib/job-queue.js +310 -0
package/dist/lib/job-queue.js.map +1 -0
package/dist/lib/learning-loop.d.ts +113 -0
package/dist/lib/learning-loop.d.ts.map +1 -0
package/dist/lib/learning-loop.js +181 -0
package/dist/lib/learning-loop.js.map +1 -0
package/dist/lib/lifecycle-hooks.d.ts +116 -0
package/dist/lib/lifecycle-hooks.d.ts.map +1 -0
package/dist/lib/lifecycle-hooks.js +148 -0
package/dist/lib/lifecycle-hooks.js.map +1 -0
package/dist/lib/locked-blackboard.d.ts.map +1 -1
package/dist/lib/locked-blackboard.js +9 -5
package/dist/lib/locked-blackboard.js.map +1 -1
package/dist/lib/mcp-tool-consumer.d.ts +153 -0
package/dist/lib/mcp-tool-consumer.d.ts.map +1 -0
package/dist/lib/mcp-tool-consumer.js +320 -0
package/dist/lib/mcp-tool-consumer.js.map +1 -0
package/dist/lib/metrics.d.ts +119 -0
package/dist/lib/metrics.d.ts.map +1 -0
package/dist/lib/metrics.js +284 -0
package/dist/lib/metrics.js.map +1 -0
package/dist/lib/orchestrator-types.d.ts +309 -0
package/dist/lib/orchestrator-types.d.ts.map +1 -0
package/dist/lib/orchestrator-types.js +61 -0
package/dist/lib/orchestrator-types.js.map +1 -0
package/dist/lib/otel-bridge.d.ts +74 -0
package/dist/lib/otel-bridge.d.ts.map +1 -0
package/dist/lib/otel-bridge.js +167 -0
package/dist/lib/otel-bridge.js.map +1 -0
package/dist/lib/playground.d.ts +76 -0
package/dist/lib/playground.d.ts.map +1 -0
package/dist/lib/playground.js +224 -0
package/dist/lib/playground.js.map +1 -0
package/dist/lib/quadtree.d.ts +114 -0
package/dist/lib/quadtree.d.ts.map +1 -0
package/dist/lib/quadtree.js +259 -0
package/dist/lib/quadtree.js.map +1 -0
package/dist/lib/shared-blackboard.d.ts +101 -0
package/dist/lib/shared-blackboard.d.ts.map +1 -0
package/dist/lib/shared-blackboard.js +249 -0
package/dist/lib/shared-blackboard.js.map +1 -0
package/dist/lib/speculative-executor.d.ts +89 -0
package/dist/lib/speculative-executor.d.ts.map +1 -0
package/dist/lib/speculative-executor.js +107 -0
package/dist/lib/speculative-executor.js.map +1 -0
package/dist/lib/swarm-transport.d.ts +150 -0
package/dist/lib/swarm-transport.d.ts.map +1 -0
package/dist/lib/swarm-transport.js +307 -0
package/dist/lib/swarm-transport.js.map +1 -0
package/dist/lib/task-decomposer.d.ts +41 -0
package/dist/lib/task-decomposer.d.ts.map +1 -0
package/dist/lib/task-decomposer.js +272 -0
package/dist/lib/task-decomposer.js.map +1 -0
package/dist/lib/timeline-scrubber.d.ts +84 -0
package/dist/lib/timeline-scrubber.d.ts.map +1 -0
package/dist/lib/timeline-scrubber.js +173 -0
package/dist/lib/timeline-scrubber.js.map +1 -0
package/dist/lib/topology.d.ts +361 -0
package/dist/lib/topology.d.ts.map +1 -0
package/dist/lib/topology.js +591 -0
package/dist/lib/topology.js.map +1 -0
package/dist/security.d.ts +95 -0
package/dist/security.d.ts.map +1 -1
package/dist/security.js +266 -4
package/dist/security.js.map +1 -1
package/package.json +7 -5
package/types/agent-adapter.d.ts +5 -0

package/dist/lib/auth-guardian.js ADDED Viewed

@@ -0,0 +1,604 @@
+"use strict";
+/**
+ * Universal permission wall for multi-agent systems.
+ *
+ * Evaluates permission requests using a weighted formula of justification
+ * quality (40%), agent trust level (30%), and risk score (30%).
+ * Resource types, risk profiles, trust levels, and restrictions are all
+ * configurable — works for coding, finance, DevOps, or any domain.
+ *
+ * @module AuthGuardian
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.AuthGuardian = void 0;
+const fs_1 = require("fs");
+const path_1 = require("path");
+const crypto_1 = require("crypto");
+const security_1 = require("../security");
+const errors_1 = require("./errors");
+const orchestrator_types_1 = require("./orchestrator-types");
+/**
+ * Universal permission wall for multi-agent systems.
+ *
+ * Evaluates permission requests using a weighted formula of justification
+ * quality (40%), agent trust level (30%), and risk score (30%).
+ * Resource types, risk profiles, trust levels, and restrictions are all
+ * configurable — works for coding, finance, DevOps, or any domain.
+ *
+ * @example
+ * ```typescript
+ * const guardian = new AuthGuardian({
+ *   trustLevels: [{ agentId: 'analyst', trustLevel: 0.8 }],
+ *   resourceProfiles: { CUSTOM_API: { baseRisk: 0.5, defaultRestrictions: ['audit_required'] } },
+ * });
+ *
+ * const grant = await guardian.requestPermission(
+ *   'analyst', 'CUSTOM_API', 'Need to fetch Q4 revenue data for report', 'read'
+ * );
+ * if (grant.granted) {
+ *   // Use grant.grantToken to prove authorization
+ * }
+ * ```
+ */
+class AuthGuardian {
+    activeGrants = new Map();
+    agentTrustLevels = new Map();
+    agentTrustConfigs = new Map();
+    resourceProfiles = new Map();
+    auditLog = [];
+    auditLogPath;
+    trustConfigPath;
+    signingAlgorithm;
+    hmacSecret;
+    ed25519PrivateKey;
+    ed25519PublicKey;
+    constructor(options) {
+        this.auditLogPath = options?.auditLogPath ?? orchestrator_types_1.CONFIG.auditLogPath;
+        this.trustConfigPath = options?.trustConfigPath ?? orchestrator_types_1.CONFIG.trustConfigPath;
+        this.signingAlgorithm = options?.algorithm ?? 'hmac-sha256';
+        if (this.signingAlgorithm === 'ed25519') {
+            const { publicKey, privateKey } = (0, crypto_1.generateKeyPairSync)('ed25519');
+            this.ed25519PrivateKey = privateKey;
+            this.ed25519PublicKey = publicKey;
+            this.hmacSecret = '';
+        }
+        else {
+            this.ed25519PrivateKey = null;
+            this.ed25519PublicKey = null;
+            this.hmacSecret = options?.hmacSecret ?? (0, crypto_1.randomUUID)();
+        }
+        // Load resource profiles (file → user-provided → defaults)
+        const fileProfiles = this.loadResourceProfilesFromDisk();
+        const profiles = { ...orchestrator_types_1.DEFAULT_RESOURCE_PROFILES, ...fileProfiles, ...(options?.resourceProfiles ?? {}) };
+        for (const [name, profile] of Object.entries(profiles)) {
+            this.resourceProfiles.set(name, profile);
+        }
+        // Load trust levels (try disk first, then user-provided, then defaults)
+        const trustConfigs = options?.trustLevels ?? this.loadTrustFromDisk() ?? orchestrator_types_1.DEFAULT_AGENT_TRUST;
+        for (const config of trustConfigs) {
+            this.agentTrustLevels.set(config.agentId, config.trustLevel);
+            this.agentTrustConfigs.set(config.agentId, config);
+        }
+        // Load existing audit log from disk
+        this.loadAuditFromDisk();
+    }
+    /**
+     * Register a new resource type at runtime.
+     * Makes the system extensible for any domain.
+     */
+    registerResourceType(name, profile) {
+        if (!name || typeof name !== 'string' || name.trim() === '') {
+            throw new errors_1.ValidationError('resource name must be a non-empty string');
+        }
+        if (!profile || typeof profile !== 'object' || typeof profile.baseRisk !== 'number') {
+            throw new errors_1.ValidationError('profile must be an object with a numeric baseRisk');
+        }
+        if (profile.baseRisk < 0 || profile.baseRisk > 1) {
+            throw new errors_1.ValidationError('profile.baseRisk must be between 0 and 1');
+        }
+        if (!Array.isArray(profile.defaultRestrictions)) {
+            throw new errors_1.ValidationError('profile.defaultRestrictions must be an array');
+        }
+        this.resourceProfiles.set(name, profile);
+    }
+    /**
+     * Register or update an agent's trust configuration at runtime.
+     */
+    registerAgentTrust(config) {
+        if (!config || typeof config !== 'object') {
+            throw new errors_1.ValidationError('config must be an object');
+        }
+        if (!config.agentId || typeof config.agentId !== 'string' || config.agentId.trim() === '') {
+            throw new errors_1.ValidationError('config.agentId must be a non-empty string');
+        }
+        if (typeof config.trustLevel !== 'number' || config.trustLevel < 0 || config.trustLevel > 1) {
+            throw new errors_1.ValidationError('config.trustLevel must be a number between 0 and 1');
+        }
+        this.agentTrustLevels.set(config.agentId, config.trustLevel);
+        this.agentTrustConfigs.set(config.agentId, config);
+        this.persistTrustToDisk();
+    }
+    /**
+     * Request permission to access a resource.
+     * resourceType is now a free string -- validated against registered profiles.
+     */
+    async requestPermission(agentId, resourceType, justification, scope) {
+        if (!agentId || typeof agentId !== 'string') {
+            throw new errors_1.ValidationError('agentId must be a non-empty string');
+        }
+        if (!resourceType || typeof resourceType !== 'string') {
+            throw new errors_1.ValidationError('resourceType must be a non-empty string');
+        }
+        if (!justification || typeof justification !== 'string') {
+            throw new errors_1.ValidationError('justification must be a non-empty string');
+        }
+        // Sanitize inputs
+        let safeAgentId;
+        let safeJustification;
+        try {
+            safeAgentId = security_1.InputSanitizer.sanitizeAgentId(agentId);
+            safeJustification = security_1.InputSanitizer.sanitizeString(justification, 2000);
+        }
+        catch {
+            safeAgentId = agentId.replace(/[^a-zA-Z0-9_-]/g, '').slice(0, 64) || 'unknown';
+            safeJustification = justification.slice(0, 2000);
+        }
+        this.log('permission_request', { agentId: safeAgentId, resourceType, justification: safeJustification, scope });
+        // Check if agent is allowed to access this resource type
+        const agentConfig = this.agentTrustConfigs.get(safeAgentId);
+        if (agentConfig && agentConfig.allowedResources && !agentConfig.allowedResources.includes('*')) {
+            if (!agentConfig.allowedResources.includes(resourceType)) {
+                this.log('permission_denied', { agentId: safeAgentId, resourceType, reason: 'resource_not_in_allowlist' });
+                return {
+                    granted: false,
+                    grantToken: null,
+                    expiresAt: null,
+                    restrictions: [],
+                    reason: `Agent '${safeAgentId}' is not authorized to access '${resourceType}'. Allowed: ${agentConfig.allowedResources.join(', ')}`,
+                };
+            }
+        }
+        // Evaluate the permission request
+        const evaluation = this.evaluateRequest(safeAgentId, resourceType, safeJustification, scope);
+        if (!evaluation.approved) {
+            this.log('permission_denied', { agentId: safeAgentId, resourceType, reason: evaluation.reason });
+            return {
+                granted: false,
+                grantToken: null,
+                expiresAt: null,
+                restrictions: [],
+                reason: evaluation.reason,
+            };
+        }
+        // Generate grant token
+        const grantToken = this.generateGrantToken();
+        const expiresAt = new Date(Date.now() + orchestrator_types_1.CONFIG.grantTokenTTL).toISOString();
+        const grant = {
+            grantToken,
+            resourceType,
+            agentId: safeAgentId,
+            expiresAt,
+            restrictions: evaluation.restrictions,
+            scope,
+        };
+        this.activeGrants.set(grantToken, grant);
+        this.log('permission_granted', { grantToken, agentId: safeAgentId, resourceType, expiresAt, restrictions: evaluation.restrictions });
+        return {
+            granted: true,
+            grantToken,
+            expiresAt,
+            restrictions: evaluation.restrictions,
+        };
+    }
+    /**
+     * Validate a grant token and return `true` if it is active and not expired.
+     *
+     * @param token - The grant token to validate
+     * @returns `true` if the token is valid, `false` otherwise
+     */
+    validateToken(token) {
+        if (!token || typeof token !== 'string')
+            return false;
+        const grant = this.activeGrants.get(token);
+        if (!grant)
+            return false;
+        if (new Date(grant.expiresAt) < new Date()) {
+            this.activeGrants.delete(token);
+            return false;
+        }
+        return true;
+    }
+    /**
+     * Validate a token and return the full grant object (including restrictions
+     * and scope) for point-of-use enforcement.
+     *
+     * @param token - The grant token to validate
+     * @returns The grant details, or `null` if invalid/expired
+     */
+    validateTokenWithGrant(token) {
+        if (!token || typeof token !== 'string')
+            return null;
+        const grant = this.activeGrants.get(token);
+        if (!grant)
+            return null;
+        if (new Date(grant.expiresAt) < new Date()) {
+            this.activeGrants.delete(token);
+            return null;
+        }
+        return grant;
+    }
+    /**
+     * Enforce restrictions on an operation. Returns an error string if
+     * the operation violates any restriction, or `null` if all restrictions pass.
+     *
+     * @param grantToken  - The grant token authorizing the operation
+     * @param operation   - Description of the operation to check against restrictions
+     * @returns Error message string if a restriction is violated, or `null` if allowed
+     */
+    enforceRestrictions(grantToken, operation) {
+        if (!grantToken || typeof grantToken !== 'string') {
+            return 'Invalid or expired grant token';
+        }
+        const grant = this.validateTokenWithGrant(grantToken);
+        if (!grant)
+            return 'Invalid or expired grant token';
+        for (const restriction of grant.restrictions) {
+            // Enforce read_only
+            if (restriction === 'read_only' && operation.type && operation.type !== 'read') {
+                return `Restriction 'read_only' violated: attempted '${operation.type}'`;
+            }
+            // Enforce max_records
+            const maxRecordsMatch = restriction.match(/^max_records:(\d+)$/);
+            if (maxRecordsMatch && operation.recordCount) {
+                const max = parseInt(maxRecordsMatch[1], 10);
+                if (operation.recordCount > max) {
+                    return `Restriction '${restriction}' violated: requested ${operation.recordCount} records`;
+                }
+            }
+            // Enforce sandbox_only
+            if (restriction === 'sandbox_only' && operation.targetPath) {
+                if (/^\/|^[A-Z]:\\(?:Windows|Program)/i.test(operation.targetPath)) {
+                    return `Restriction 'sandbox_only' violated: path '${operation.targetPath}' is outside sandbox`;
+                }
+            }
+            // Enforce no_sudo
+            if (restriction === 'no_sudo' && operation.command) {
+                if (/\bsudo\b/i.test(operation.command)) {
+                    return `Restriction 'no_sudo' violated: command contains sudo`;
+                }
+            }
+            // Enforce workspace_only
+            if (restriction === 'workspace_only' && operation.targetPath) {
+                if (/\.\.[/\\]/.test(operation.targetPath)) {
+                    return `Restriction 'workspace_only' violated: path traversal detected`;
+                }
+            }
+            // Enforce no_system_dirs
+            if (restriction === 'no_system_dirs' && operation.targetPath) {
+                if (/(?:\/etc|\/usr|\/var|\\Windows|\\System32)/i.test(operation.targetPath)) {
+                    return `Restriction 'no_system_dirs' violated: system directory access`;
+                }
+            }
+            // Enforce no_attachments
+            if (restriction === 'no_attachments' && operation.hasAttachments) {
+                return `Restriction 'no_attachments' violated`;
+            }
+        }
+        return null; // All restrictions passed
+    }
+    /**
+     * Revoke a grant token, immediately invalidating it.
+     * Silently no-ops if the token doesn't exist.
+     *
+     * @param token - The grant token to revoke
+     */
+    revokeToken(token) {
+        this.activeGrants.delete(token);
+        this.log('permission_revoked', { token });
+    }
+    evaluateRequest(agentId, resourceType, justification, scope) {
+        // 1. Justification Quality (40% weight) -- now includes resource-relevance
+        const justificationScore = this.scoreJustification(justification, resourceType);
+        if (justificationScore < 0.3) {
+            return {
+                approved: false,
+                reason: 'Justification is insufficient. Please provide specific task context.',
+                restrictions: [],
+            };
+        }
+        // 2. Agent Trust Level (30% weight)
+        const trustLevel = this.agentTrustLevels.get(agentId) ?? 0.5;
+        if (trustLevel < 0.4) {
+            return {
+                approved: false,
+                reason: 'Agent trust level is below threshold. Escalate to human operator.',
+                restrictions: [],
+            };
+        }
+        // 3. Risk Assessment (30% weight)
+        const riskScore = this.assessRisk(resourceType, scope);
+        if (riskScore > 0.8) {
+            return {
+                approved: false,
+                reason: 'Risk assessment exceeds acceptable threshold. Narrow the requested scope.',
+                restrictions: [],
+            };
+        }
+        // Get restrictions from resource profile (data-driven, not hardcoded)
+        const profile = this.resourceProfiles.get(resourceType);
+        const restrictions = profile
+            ? [...profile.defaultRestrictions]
+            : ['audit_required']; // Unknown resources get audited by default
+        // Calculate weighted approval
+        const weightedScore = (justificationScore * 0.4) + (trustLevel * 0.3) + ((1 - riskScore) * 0.3);
+        const approved = weightedScore >= 0.5;
+        return {
+            approved,
+            reason: approved ? undefined : 'Combined evaluation score below threshold.',
+            restrictions,
+        };
+    }
+    /**
+     * Improved justification scoring with resource-relevance checking.
+     * Prevents trivial gaming by verifying the justification mentions
+     * concepts relevant to the requested resource.
+     */
+    scoreJustification(justification, resourceType) {
+        let score = 0;
+        // Length scoring
+        if (justification.length > 20)
+            score += 0.15;
+        if (justification.length > 50)
+            score += 0.15;
+        // Intent keywords
+        if (/task|purpose|need|require|generate|analyze|process|build|deploy|test|review/i.test(justification))
+            score += 0.15;
+        // Specificity keywords
+        if (/specific|particular|exact|for\s+the|in\s+order\s+to|because|so\s+that/i.test(justification))
+            score += 0.15;
+        // Penalty for vague/test phrasing
+        if (/^test$|^debug$|^try$|^just\s+testing/i.test(justification.trim()))
+            score -= 0.3;
+        // Resource-relevance check: does the justification mention anything related
+        // to the requested resource? (+0.2 bonus for relevant context)
+        if (resourceType) {
+            const relevancePatterns = {
+                SAP_API: /sap|erp|invoice|procurement|purchase|material|vendor/i,
+                FINANCIAL_API: /financ|revenue|budget|accounting|payment|ledger|balance/i,
+                DATA_EXPORT: /export|report|csv|download|extract|migrate/i,
+                FILE_SYSTEM: /file|read|write|save|load|path|directory|workspace/i,
+                SHELL_EXEC: /command|script|compile|build|run|execute|terminal/i,
+                GIT: /git|commit|branch|merge|pull|push|repository|diff/i,
+                PACKAGE_MANAGER: /package|install|dependency|npm|pip|cargo|module/i,
+                BUILD_TOOL: /build|compile|webpack|tsc|make|gradle|cargo/i,
+                DOCKER: /container|docker|image|deploy|service|compose/i,
+                CLOUD_DEPLOY: /deploy|cloud|staging|production|release|infrastructure/i,
+                DATABASE: /database|query|sql|table|record|schema|migration/i,
+                EXTERNAL_SERVICE: /api|service|endpoint|webhook|request|fetch/i,
+                EMAIL: /email|mail|send|notification|alert|message/i,
+                WEBHOOK: /webhook|callback|notification|event|dispatch/i,
+            };
+            const pattern = relevancePatterns[resourceType];
+            if (pattern && pattern.test(justification)) {
+                score += 0.2;
+            }
+            else if (pattern && !pattern.test(justification)) {
+                // Justification doesn't mention anything relevant -- small penalty
+                score -= 0.1;
+            }
+        }
+        // Bonus for mentioning a task/ticket ID
+        if (/(?:task|ticket|issue|jira|pr|bug)[_\-#]?\s*\d+/i.test(justification))
+            score += 0.1;
+        return Math.max(0, Math.min(score, 1));
+    }
+    assessRisk(resourceType, scope) {
+        // Look up base risk from registered profile (not hardcoded)
+        const profile = this.resourceProfiles.get(resourceType);
+        let risk = profile?.baseRisk ?? 0.5; // Unknown resources get medium risk
+        // Broad scopes increase risk
+        if (!scope || scope === '*' || scope === 'all') {
+            risk += 0.2;
+        }
+        // Write/delete operations increase risk
+        if (scope && /write|delete|update|modify|execute|deploy/i.test(scope)) {
+            risk += 0.2;
+        }
+        return Math.min(risk, 1);
+    }
+    generateGrantToken() {
+        const id = (0, crypto_1.randomUUID)().replace(/-/g, '');
+        const payload = `grant_${id}`;
+        if (this.signingAlgorithm === 'ed25519' && this.ed25519PrivateKey) {
+            const sig = (0, crypto_1.sign)(null, Buffer.from(payload), this.ed25519PrivateKey).toString('base64url');
+            return `${payload}.${sig}`;
+        }
+        // HMAC: append signature so tokens are tamper-evident
+        const sig = (0, crypto_1.createHmac)('sha256', this.hmacSecret).update(payload).digest('base64url');
+        return `${payload}.${sig}`;
+    }
+    /**
+     * Verify a grant token's cryptographic signature.
+     * For Ed25519 tokens, this can be done by any party holding the public key.
+     * For HMAC tokens, only the issuing AuthGuardian can verify.
+     *
+     * @param token - The grant token to verify
+     * @returns `true` if the signature is valid
+     */
+    verifyTokenSignature(token) {
+        const dotIndex = token.lastIndexOf('.');
+        if (dotIndex === -1)
+            return false;
+        const payload = token.slice(0, dotIndex);
+        const sig = token.slice(dotIndex + 1);
+        if (this.signingAlgorithm === 'ed25519' && this.ed25519PublicKey) {
+            try {
+                return (0, crypto_1.verify)(null, Buffer.from(payload), this.ed25519PublicKey, Buffer.from(sig, 'base64url'));
+            }
+            catch {
+                return false;
+            }
+        }
+        const expected = (0, crypto_1.createHmac)('sha256', this.hmacSecret).update(payload).digest('base64url');
+        // Constant-time comparison
+        if (expected.length !== sig.length)
+            return false;
+        let result = 0;
+        for (let i = 0; i < expected.length; i++) {
+            result |= expected.charCodeAt(i) ^ sig.charCodeAt(i);
+        }
+        return result === 0;
+    }
+    /**
+     * Get the signing algorithm used by this AuthGuardian instance.
+     */
+    getSigningAlgorithm() {
+        return this.signingAlgorithm;
+    }
+    /**
+     * Export the Ed25519 public key in PEM format for third-party verification.
+     * Returns `null` if the instance uses HMAC signing.
+     */
+    exportPublicKey() {
+        if (!this.ed25519PublicKey)
+            return null;
+        return this.ed25519PublicKey.export({ type: 'spki', format: 'pem' });
+    }
+    log(action, details) {
+        const entry = {
+            timestamp: new Date().toISOString(),
+            action,
+            details,
+        };
+        this.auditLog.push(entry);
+        // Persist to disk (non-blocking — in-memory array is the source of truth)
+        try {
+            const dir = (0, path_1.join)('.', 'data');
+            if (!(0, fs_1.existsSync)(dir)) {
+                (0, fs_1.mkdirSync)(dir, { recursive: true });
+            }
+            (0, fs_1.appendFile)(this.auditLogPath, JSON.stringify(entry) + '\n', () => { });
+        }
+        catch {
+            // Non-fatal -- log is also in memory
+        }
+    }
+    /**
+     * Get all active (non-expired) permission grants.
+     * Automatically cleans up expired grants before returning.
+     */
+    getActiveGrants() {
+        // Clean expired grants
+        const now = new Date();
+        for (const [token, grant] of this.activeGrants.entries()) {
+            if (new Date(grant.expiresAt) < now) {
+                this.activeGrants.delete(token);
+            }
+        }
+        return Array.from(this.activeGrants.values());
+    }
+    /**
+     * Get the full audit log of permission decisions.
+     * Returns a defensive copy.
+     */
+    getAuditLog() {
+        return [...this.auditLog];
+    }
+    /**
+     * Get all registered resource profiles.
+     */
+    getResourceProfiles() {
+        return Object.fromEntries(this.resourceProfiles);
+    }
+    /**
+     * Get the allowed namespaces for an agent (used by blackboard scoping).
+     */
+    getAgentNamespaces(agentId) {
+        if (!agentId || typeof agentId !== 'string')
+            return ['task:'];
+        const config = this.agentTrustConfigs.get(agentId);
+        return config?.allowedNamespaces ?? ['task:'];
+    }
+    // ---- Persistence helpers ----
+    /** Path for the resource profiles policy file. */
+    get resourceProfilesPath() {
+        return (0, path_1.join)('.', 'data', 'resource-profiles.json');
+    }
+    /**
+     * Load resource profiles from `data/resource-profiles.json` if it exists.
+     * Expected format: `{ "PROFILE_NAME": { baseRisk, defaultRestrictions, description? } }`
+     */
+    loadResourceProfilesFromDisk() {
+        try {
+            if ((0, fs_1.existsSync)(this.resourceProfilesPath)) {
+                const raw = (0, fs_1.readFileSync)(this.resourceProfilesPath, 'utf-8');
+                const parsed = JSON.parse(raw);
+                if (parsed && typeof parsed === 'object' && !Array.isArray(parsed)) {
+                    return parsed;
+                }
+            }
+        }
+        catch { /* ignore — fall back to defaults */ }
+        return null;
+    }
+    /**
+     * Persist the current resource profiles to `data/resource-profiles.json`.
+     * Useful after calling registerResourceType() at runtime.
+     */
+    persistResourceProfiles() {
+        try {
+            const dir = (0, path_1.join)('.', 'data');
+            if (!(0, fs_1.existsSync)(dir)) {
+                (0, fs_1.mkdirSync)(dir, { recursive: true });
+            }
+            const profiles = {};
+            for (const [name, profile] of this.resourceProfiles) {
+                profiles[name] = profile;
+            }
+            (0, fs_1.writeFile)(this.resourceProfilesPath, JSON.stringify(profiles, null, 2), () => { });
+        }
+        catch {
+            // Non-fatal
+        }
+    }
+    loadTrustFromDisk() {
+        try {
+            if ((0, fs_1.existsSync)(this.trustConfigPath)) {
+                const raw = (0, fs_1.readFileSync)(this.trustConfigPath, 'utf-8');
+                return JSON.parse(raw);
+            }
+        }
+        catch { /* ignore */ }
+        return null;
+    }
+    persistTrustToDisk() {
+        try {
+            const dir = (0, path_1.join)('.', 'data');
+            if (!(0, fs_1.existsSync)(dir)) {
+                (0, fs_1.mkdirSync)(dir, { recursive: true });
+            }
+            const configs = Array.from(this.agentTrustConfigs.values());
+            (0, fs_1.writeFile)(this.trustConfigPath, JSON.stringify(configs, null, 2), () => { });
+        }
+        catch {
+            // Non-fatal
+        }
+    }
+    loadAuditFromDisk() {
+        try {
+            if ((0, fs_1.existsSync)(this.auditLogPath)) {
+                const raw = (0, fs_1.readFileSync)(this.auditLogPath, 'utf-8');
+                const lines = raw.trim().split('\n').filter(l => l);
+                for (const line of lines) {
+                    try {
+                        this.auditLog.push(JSON.parse(line));
+                    }
+                    catch { /* skip malformed */ }
+                }
+            }
+        }
+        catch { /* ignore */ }
+    }
+}
+exports.AuthGuardian = AuthGuardian;
+//# sourceMappingURL=auth-guardian.js.map

package/dist/lib/auth-guardian.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"auth-guardian.js","sourceRoot":"","sources":["../../lib/auth-guardian.ts"],"names":[],"mappings":";AAAA;;;;;;;;;GASG;;;AAEH,2BAA+G;AAC/G,+BAA4B;AAC5B,mCAA8H;AAC9H,0CAA6C;AAC7C,qCAA2C;AAC3C,6DAI8B;AAQ9B;;;;;;;;;;;;;;;;;;;;;;GAsBG;AACH,MAAa,YAAY;IACf,YAAY,GAA6B,IAAI,GAAG,EAAE,CAAC;IACnD,gBAAgB,GAAwB,IAAI,GAAG,EAAE,CAAC;IAClD,iBAAiB,GAAkC,IAAI,GAAG,EAAE,CAAC;IAC7D,gBAAgB,GAAiC,IAAI,GAAG,EAAE,CAAC;IAC3D,QAAQ,GAAmE,EAAE,CAAC;IAC9E,YAAY,CAAS;IACrB,eAAe,CAAS;IACf,gBAAgB,CAA4B;IAC5C,UAAU,CAAS;IACnB,iBAAiB,CAAmB;IACpC,gBAAgB,CAAmB;IAEpD,YAAY,OASX;QACC,IAAI,CAAC,YAAY,GAAG,OAAO,EAAE,YAAY,IAAI,2BAAM,CAAC,YAAY,CAAC;QACjE,IAAI,CAAC,eAAe,GAAG,OAAO,EAAE,eAAe,IAAI,2BAAM,CAAC,eAAe,CAAC;QAC1E,IAAI,CAAC,gBAAgB,GAAG,OAAO,EAAE,SAAS,IAAI,aAAa,CAAC;QAE5D,IAAI,IAAI,CAAC,gBAAgB,KAAK,SAAS,EAAE,CAAC;YACxC,MAAM,EAAE,SAAS,EAAE,UAAU,EAAE,GAAG,IAAA,4BAAmB,EAAC,SAAS,CAAC,CAAC;YACjE,IAAI,CAAC,iBAAiB,GAAG,UAAU,CAAC;YACpC,IAAI,CAAC,gBAAgB,GAAG,SAAS,CAAC;YAClC,IAAI,CAAC,UAAU,GAAG,EAAE,CAAC;QACvB,CAAC;aAAM,CAAC;YACN,IAAI,CAAC,iBAAiB,GAAG,IAAI,CAAC;YAC9B,IAAI,CAAC,gBAAgB,GAAG,IAAI,CAAC;YAC7B,IAAI,CAAC,UAAU,GAAG,OAAO,EAAE,UAAU,IAAI,IAAA,mBAAU,GAAE,CAAC;QACxD,CAAC;QAED,2DAA2D;QAC3D,MAAM,YAAY,GAAG,IAAI,CAAC,4BAA4B,EAAE,CAAC;QACzD,MAAM,QAAQ,GAAG,EAAE,GAAG,8CAAyB,EAAE,GAAG,YAAY,EAAE,GAAG,CAAC,OAAO,EAAE,gBAAgB,IAAI,EAAE,CAAC,EAAE,CAAC;QACzG,KAAK,MAAM,CAAC,IAAI,EAAE,OAAO,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE,CAAC;YACvD,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;QAC3C,CAAC;QAED,wEAAwE;QACxE,MAAM,YAAY,GAAG,OAAO,EAAE,WAAW,IAAI,IAAI,CAAC,iBAAiB,EAAE,IAAI,wCAAmB,CAAC;QAC7F,KAAK,MAAM,MAAM,IAAI,YAAY,EAAE,CAAC;YAClC,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,MAAM,CAAC,OAAO,EAAE,MAAM,CAAC,UAAU,CAAC,CAAC;YAC7D,IAAI,CAAC,iBAAiB,CAAC,GAAG,CAAC,MAAM,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;QACrD,CAAC;QAED,oCAAoC;QACpC,IAAI,CAAC,iBAAiB,EAAE,CAAC;IAC3B,CAAC;IAED;;;OAGG;IACH,oBAAoB,CAAC,IAAY,EAAE,OAAwB;QACzD,IAAI,CAAC,IAAI,IAAI,OAAO,IAAI,KAAK,QAAQ,IAAI,IAAI,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE,CAAC;YAC5D,MAAM,IAAI,wBAAe,CAAC,0CAA0C,CAAC,CAAC;QACxE,CAAC;QACD,IAAI,CAAC,OAAO,IAAI,OAAO,OAAO,KAAK,QAAQ,IAAI,OAAO,OAAO,CAAC,QAAQ,KAAK,QAAQ,EAAE,CAAC;YACpF,MAAM,IAAI,wBAAe,CAAC,mDAAmD,CAAC,CAAC;QACjF,CAAC;QACD,IAAI,OAAO,CAAC,QAAQ,GAAG,CAAC,IAAI,OAAO,CAAC,QAAQ,GAAG,CAAC,EAAE,CAAC;YACjD,MAAM,IAAI,wBAAe,CAAC,0CAA0C,CAAC,CAAC;QACxE,CAAC;QACD,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,mBAAmB,CAAC,EAAE,CAAC;YAChD,MAAM,IAAI,wBAAe,CAAC,8CAA8C,CAAC,CAAC;QAC5E,CAAC;QACD,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;IAC3C,CAAC;IAED;;OAEG;IACH,kBAAkB,CAAC,MAAwB;QACzC,IAAI,CAAC,MAAM,IAAI,OAAO,MAAM,KAAK,QAAQ,EAAE,CAAC;YAC1C,MAAM,IAAI,wBAAe,CAAC,0BAA0B,CAAC,CAAC;QACxD,CAAC;QACD,IAAI,CAAC,MAAM,CAAC,OAAO,IAAI,OAAO,MAAM,CAAC,OAAO,KAAK,QAAQ,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE,CAAC;YAC1F,MAAM,IAAI,wBAAe,CAAC,2CAA2C,CAAC,CAAC;QACzE,CAAC;QACD,IAAI,OAAO,MAAM,CAAC,UAAU,KAAK,QAAQ,IAAI,MAAM,CAAC,UAAU,GAAG,CAAC,IAAI,MAAM,CAAC,UAAU,GAAG,CAAC,EAAE,CAAC;YAC5F,MAAM,IAAI,wBAAe,CAAC,oDAAoD,CAAC,CAAC;QAClF,CAAC;QACD,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,MAAM,CAAC,OAAO,EAAE,MAAM,CAAC,UAAU,CAAC,CAAC;QAC7D,IAAI,CAAC,iBAAiB,CAAC,GAAG,CAAC,MAAM,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;QACnD,IAAI,CAAC,kBAAkB,EAAE,CAAC;IAC5B,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,iBAAiB,CACrB,OAAe,EACf,YAAoB,EACpB,aAAqB,EACrB,KAAc;QAEd,IAAI,CAAC,OAAO,IAAI,OAAO,OAAO,KAAK,QAAQ,EAAE,CAAC;YAC5C,MAAM,IAAI,wBAAe,CAAC,oCAAoC,CAAC,CAAC;QAClE,CAAC;QACD,IAAI,CAAC,YAAY,IAAI,OAAO,YAAY,KAAK,QAAQ,EAAE,CAAC;YACtD,MAAM,IAAI,wBAAe,CAAC,yCAAyC,CAAC,CAAC;QACvE,CAAC;QACD,IAAI,CAAC,aAAa,IAAI,OAAO,aAAa,KAAK,QAAQ,EAAE,CAAC;YACxD,MAAM,IAAI,wBAAe,CAAC,0CAA0C,CAAC,CAAC;QACxE,CAAC;QACD,kBAAkB;QAClB,IAAI,WAAmB,CAAC;QACxB,IAAI,iBAAyB,CAAC;QAC9B,IAAI,CAAC;YACH,WAAW,GAAG,yBAAc,CAAC,eAAe,CAAC,OAAO,CAAC,CAAC;YACtD,iBAAiB,GAAG,yBAAc,CAAC,cAAc,CAAC,aAAa,EAAE,IAAI,CAAC,CAAC;QACzE,CAAC;QAAC,MAAM,CAAC;YACP,WAAW,GAAG,OAAO,CAAC,OAAO,CAAC,iBAAiB,EAAE,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,SAAS,CAAC;YAC/E,iBAAiB,GAAG,aAAa,CAAC,KAAK,CAAC,CAAC,EAAE,IAAI,CAAC,CAAC;QACnD,CAAC;QAED,IAAI,CAAC,GAAG,CAAC,oBAAoB,EAAE,EAAE,OAAO,EAAE,WAAW,EAAE,YAAY,EAAE,aAAa,EAAE,iBAAiB,EAAE,KAAK,EAAE,CAAC,CAAC;QAEhH,yDAAyD;QACzD,MAAM,WAAW,GAAG,IAAI,CAAC,iBAAiB,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC;QAC5D,IAAI,WAAW,IAAI,WAAW,CAAC,gBAAgB,IAAI,CAAC,WAAW,CAAC,gBAAgB,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;YAC/F,IAAI,CAAC,WAAW,CAAC,gBAAgB,CAAC,QAAQ,CAAC,YAAY,CAAC,EAAE,CAAC;gBACzD,IAAI,CAAC,GAAG,CAAC,mBAAmB,EAAE,EAAE,OAAO,EAAE,WAAW,EAAE,YAAY,EAAE,MAAM,EAAE,2BAA2B,EAAE,CAAC,CAAC;gBAC3G,OAAO;oBACL,OAAO,EAAE,KAAK;oBACd,UAAU,EAAE,IAAI;oBAChB,SAAS,EAAE,IAAI;oBACf,YAAY,EAAE,EAAE;oBAChB,MAAM,EAAE,UAAU,WAAW,kCAAkC,YAAY,eAAe,WAAW,CAAC,gBAAgB,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE;iBACpI,CAAC;YACJ,CAAC;QACH,CAAC;QAED,kCAAkC;QAClC,MAAM,UAAU,GAAG,IAAI,CAAC,eAAe,CAAC,WAAW,EAAE,YAAY,EAAE,iBAAiB,EAAE,KAAK,CAAC,CAAC;QAE7F,IAAI,CAAC,UAAU,CAAC,QAAQ,EAAE,CAAC;YACzB,IAAI,CAAC,GAAG,CAAC,mBAAmB,EAAE,EAAE,OAAO,EAAE,WAAW,EAAE,YAAY,EAAE,MAAM,EAAE,UAAU,CAAC,MAAM,EAAE,CAAC,CAAC;YACjG,OAAO;gBACL,OAAO,EAAE,KAAK;gBACd,UAAU,EAAE,IAAI;gBAChB,SAAS,EAAE,IAAI;gBACf,YAAY,EAAE,EAAE;gBAChB,MAAM,EAAE,UAAU,CAAC,MAAM;aAC1B,CAAC;QACJ,CAAC;QAED,uBAAuB;QACvB,MAAM,UAAU,GAAG,IAAI,CAAC,kBAAkB,EAAE,CAAC;QAC7C,MAAM,SAAS,GAAG,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,2BAAM,CAAC,aAAa,CAAC,CAAC,WAAW,EAAE,CAAC;QAE5E,MAAM,KAAK,GAAgB;YACzB,UAAU;YACV,YAAY;YACZ,OAAO,EAAE,WAAW;YACpB,SAAS;YACT,YAAY,EAAE,UAAU,CAAC,YAAY;YACrC,KAAK;SACN,CAAC;QAEF,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,UAAU,EAAE,KAAK,CAAC,CAAC;QACzC,IAAI,CAAC,GAAG,CAAC,oBAAoB,EAAE,EAAE,UAAU,EAAE,OAAO,EAAE,WAAW,EAAE,YAAY,EAAE,SAAS,EAAE,YAAY,EAAE,UAAU,CAAC,YAAY,EAAE,CAAC,CAAC;QAErI,OAAO;YACL,OAAO,EAAE,IAAI;YACb,UAAU;YACV,SAAS;YACT,YAAY,EAAE,UAAU,CAAC,YAAY;SACtC,CAAC;IACJ,CAAC;IAED;;;;;OAKG;IACH,aAAa,CAAC,KAAa;QACzB,IAAI,CAAC,KAAK,IAAI,OAAO,KAAK,KAAK,QAAQ;YAAE,OAAO,KAAK,CAAC;QACtD,MAAM,KAAK,GAAG,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;QAC3C,IAAI,CAAC,KAAK;YAAE,OAAO,KAAK,CAAC;QAEzB,IAAI,IAAI,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,GAAG,IAAI,IAAI,EAAE,EAAE,CAAC;YAC3C,IAAI,CAAC,YAAY,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;YAChC,OAAO,KAAK,CAAC;QACf,CAAC;QAED,OAAO,IAAI,CAAC;IACd,CAAC;IAED;;;;;;OAMG;IACH,sBAAsB,CAAC,KAAa;QAClC,IAAI,CAAC,KAAK,IAAI,OAAO,KAAK,KAAK,QAAQ;YAAE,OAAO,IAAI,CAAC;QACrD,MAAM,KAAK,GAAG,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;QAC3C,IAAI,CAAC,KAAK;YAAE,OAAO,IAAI,CAAC;QAExB,IAAI,IAAI,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,GAAG,IAAI,IAAI,EAAE,EAAE,CAAC;YAC3C,IAAI,CAAC,YAAY,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;YAChC,OAAO,IAAI,CAAC;QACd,CAAC;QAED,OAAO,KAAK,CAAC;IACf,CAAC;IAED;;;;;;;OAOG;IACH,mBAAmB,CAAC,UAAkB,EAAE,SAMvC;QACC,IAAI,CAAC,UAAU,IAAI,OAAO,UAAU,KAAK,QAAQ,EAAE,CAAC;YAClD,OAAO,gCAAgC,CAAC;QAC1C,CAAC;QACD,MAAM,KAAK,GAAG,IAAI,CAAC,sBAAsB,CAAC,UAAU,CAAC,CAAC;QACtD,IAAI,CAAC,KAAK;YAAE,OAAO,gCAAgC,CAAC;QAEpD,KAAK,MAAM,WAAW,IAAI,KAAK,CAAC,YAAY,EAAE,CAAC;YAC7C,oBAAoB;YACpB,IAAI,WAAW,KAAK,WAAW,IAAI,SAAS,CAAC,IAAI,IAAI,SAAS,CAAC,IAAI,KAAK,MAAM,EAAE,CAAC;gBAC/E,OAAO,gDAAgD,SAAS,CAAC,IAAI,GAAG,CAAC;YAC3E,CAAC;YAED,sBAAsB;YACtB,MAAM,eAAe,GAAG,WAAW,CAAC,KAAK,CAAC,qBAAqB,CAAC,CAAC;YACjE,IAAI,eAAe,IAAI,SAAS,CAAC,WAAW,EAAE,CAAC;gBAC7C,MAAM,GAAG,GAAG,QAAQ,CAAC,eAAe,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;gBAC7C,IAAI,SAAS,CAAC,WAAW,GAAG,GAAG,EAAE,CAAC;oBAChC,OAAO,gBAAgB,WAAW,yBAAyB,SAAS,CAAC,WAAW,UAAU,CAAC;gBAC7F,CAAC;YACH,CAAC;YAED,uBAAuB;YACvB,IAAI,WAAW,KAAK,cAAc,IAAI,SAAS,CAAC,UAAU,EAAE,CAAC;gBAC3D,IAAI,mCAAmC,CAAC,IAAI,CAAC,SAAS,CAAC,UAAU,CAAC,EAAE,CAAC;oBACnE,OAAO,8CAA8C,SAAS,CAAC,UAAU,sBAAsB,CAAC;gBAClG,CAAC;YACH,CAAC;YAED,kBAAkB;YAClB,IAAI,WAAW,KAAK,SAAS,IAAI,SAAS,CAAC,OAAO,EAAE,CAAC;gBACnD,IAAI,WAAW,CAAC,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,EAAE,CAAC;oBACxC,OAAO,uDAAuD,CAAC;gBACjE,CAAC;YACH,CAAC;YAED,yBAAyB;YACzB,IAAI,WAAW,KAAK,gBAAgB,IAAI,SAAS,CAAC,UAAU,EAAE,CAAC;gBAC7D,IAAI,WAAW,CAAC,IAAI,CAAC,SAAS,CAAC,UAAU,CAAC,EAAE,CAAC;oBAC3C,OAAO,gEAAgE,CAAC;gBAC1E,CAAC;YACH,CAAC;YAED,yBAAyB;YACzB,IAAI,WAAW,KAAK,gBAAgB,IAAI,SAAS,CAAC,UAAU,EAAE,CAAC;gBAC7D,IAAI,6CAA6C,CAAC,IAAI,CAAC,SAAS,CAAC,UAAU,CAAC,EAAE,CAAC;oBAC7E,OAAO,gEAAgE,CAAC;gBAC1E,CAAC;YACH,CAAC;YAED,yBAAyB;YACzB,IAAI,WAAW,KAAK,gBAAgB,IAAI,SAAS,CAAC,cAAc,EAAE,CAAC;gBACjE,OAAO,uCAAuC,CAAC;YACjD,CAAC;QACH,CAAC;QAED,OAAO,IAAI,CAAC,CAAC,0BAA0B;IACzC,CAAC;IAED;;;;;OAKG;IACH,WAAW,CAAC,KAAa;QACvB,IAAI,CAAC,YAAY,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QAChC,IAAI,CAAC,GAAG,CAAC,oBAAoB,EAAE,EAAE,KAAK,EAAE,CAAC,CAAC;IAC5C,CAAC;IAEO,eAAe,CACrB,OAAe,EACf,YAAoB,EACpB,aAAqB,EACrB,KAAc;QAEd,2EAA2E;QAC3E,MAAM,kBAAkB,GAAG,IAAI,CAAC,kBAAkB,CAAC,aAAa,EAAE,YAAY,CAAC,CAAC;QAChF,IAAI,kBAAkB,GAAG,GAAG,EAAE,CAAC;YAC7B,OAAO;gBACL,QAAQ,EAAE,KAAK;gBACf,MAAM,EAAE,sEAAsE;gBAC9E,YAAY,EAAE,EAAE;aACjB,CAAC;QACJ,CAAC;QAED,oCAAoC;QACpC,MAAM,UAAU,GAAG,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,GAAG,CAAC;QAC7D,IAAI,UAAU,GAAG,GAAG,EAAE,CAAC;YACrB,OAAO;gBACL,QAAQ,EAAE,KAAK;gBACf,MAAM,EAAE,mEAAmE;gBAC3E,YAAY,EAAE,EAAE;aACjB,CAAC;QACJ,CAAC;QAED,kCAAkC;QAClC,MAAM,SAAS,GAAG,IAAI,CAAC,UAAU,CAAC,YAAY,EAAE,KAAK,CAAC,CAAC;QACvD,IAAI,SAAS,GAAG,GAAG,EAAE,CAAC;YACpB,OAAO;gBACL,QAAQ,EAAE,KAAK;gBACf,MAAM,EAAE,2EAA2E;gBACnF,YAAY,EAAE,EAAE;aACjB,CAAC;QACJ,CAAC;QAED,sEAAsE;QACtE,MAAM,OAAO,GAAG,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;QACxD,MAAM,YAAY,GAAG,OAAO;YAC1B,CAAC,CAAC,CAAC,GAAG,OAAO,CAAC,mBAAmB,CAAC;YAClC,CAAC,CAAC,CAAC,gBAAgB,CAAC,CAAC,CAAC,2CAA2C;QAEnE,8BAA8B;QAC9B,MAAM,aAAa,GAAG,CAAC,kBAAkB,GAAG,GAAG,CAAC,GAAG,CAAC,UAAU,GAAG,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,SAAS,CAAC,GAAG,GAAG,CAAC,CAAC;QAChG,MAAM,QAAQ,GAAG,aAAa,IAAI,GAAG,CAAC;QAEtC,OAAO;YACL,QAAQ;YACR,MAAM,EAAE,QAAQ,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,4CAA4C;YAC3E,YAAY;SACb,CAAC;IACJ,CAAC;IAED;;;;OAIG;IACK,kBAAkB,CAAC,aAAqB,EAAE,YAAqB;QACrE,IAAI,KAAK,GAAG,CAAC,CAAC;QAEd,iBAAiB;QACjB,IAAI,aAAa,CAAC,MAAM,GAAG,EAAE;YAAE,KAAK,IAAI,IAAI,CAAC;QAC7C,IAAI,aAAa,CAAC,MAAM,GAAG,EAAE;YAAE,KAAK,IAAI,IAAI,CAAC;QAE7C,kBAAkB;QAClB,IAAI,8EAA8E,CAAC,IAAI,CAAC,aAAa,CAAC;YAAE,KAAK,IAAI,IAAI,CAAC;QAEtH,uBAAuB;QACvB,IAAI,wEAAwE,CAAC,IAAI,CAAC,aAAa,CAAC;YAAE,KAAK,IAAI,IAAI,CAAC;QAEhH,kCAAkC;QAClC,IAAI,uCAAuC,CAAC,IAAI,CAAC,aAAa,CAAC,IAAI,EAAE,CAAC;YAAE,KAAK,IAAI,GAAG,CAAC;QAErF,4EAA4E;QAC5E,+DAA+D;QAC/D,IAAI,YAAY,EAAE,CAAC;YACjB,MAAM,iBAAiB,GAA2B;gBAChD,OAAO,EAAE,uDAAuD;gBAChE,aAAa,EAAE,0DAA0D;gBACzE,WAAW,EAAE,6CAA6C;gBAC1D,WAAW,EAAE,qDAAqD;gBAClE,UAAU,EAAE,oDAAoD;gBAChE,GAAG,EAAE,oDAAoD;gBACzD,eAAe,EAAE,kDAAkD;gBACnE,UAAU,EAAE,8CAA8C;gBAC1D,MAAM,EAAE,gDAAgD;gBACxD,YAAY,EAAE,yDAAyD;gBACvE,QAAQ,EAAE,mDAAmD;gBAC7D,gBAAgB,EAAE,6CAA6C;gBAC/D,KAAK,EAAE,6CAA6C;gBACpD,OAAO,EAAE,+CAA+C;aACzD,CAAC;YAEF,MAAM,OAAO,GAAG,iBAAiB,CAAC,YAAY,CAAC,CAAC;YAChD,IAAI,OAAO,IAAI,OAAO,CAAC,IAAI,CAAC,aAAa,CAAC,EAAE,CAAC;gBAC3C,KAAK,IAAI,GAAG,CAAC;YACf,CAAC;iBAAM,IAAI,OAAO,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,aAAa,CAAC,EAAE,CAAC;gBACnD,mEAAmE;gBACnE,KAAK,IAAI,GAAG,CAAC;YACf,CAAC;QACH,CAAC;QAED,wCAAwC;QACxC,IAAI,iDAAiD,CAAC,IAAI,CAAC,aAAa,CAAC;YAAE,KAAK,IAAI,GAAG,CAAC;QAExF,OAAO,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,IAAI,CAAC,GAAG,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC,CAAC;IACzC,CAAC;IAEO,UAAU,CAAC,YAAoB,EAAE,KAAc;QACrD,4DAA4D;QAC5D,MAAM,OAAO,GAAG,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;QACxD,IAAI,IAAI,GAAG,OAAO,EAAE,QAAQ,IAAI,GAAG,CAAC,CAAC,oCAAoC;QAEzE,6BAA6B;QAC7B,IAAI,CAAC,KAAK,IAAI,KAAK,KAAK,GAAG,IAAI,KAAK,KAAK,KAAK,EAAE,CAAC;YAC/C,IAAI,IAAI,GAAG,CAAC;QACd,CAAC;QAED,wCAAwC;QACxC,IAAI,KAAK,IAAI,4CAA4C,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;YACtE,IAAI,IAAI,GAAG,CAAC;QACd,CAAC;QAED,OAAO,IAAI,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC;IAC3B,CAAC;IAEO,kBAAkB;QACxB,MAAM,EAAE,GAAG,IAAA,mBAAU,GAAE,CAAC,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;QAC1C,MAAM,OAAO,GAAG,SAAS,EAAE,EAAE,CAAC;QAC9B,IAAI,IAAI,CAAC,gBAAgB,KAAK,SAAS,IAAI,IAAI,CAAC,iBAAiB,EAAE,CAAC;YAClE,MAAM,GAAG,GAAG,IAAA,aAAW,EAAC,IAAI,EAAE,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,IAAI,CAAC,iBAAiB,CAAC,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;YAClG,OAAO,GAAG,OAAO,IAAI,GAAG,EAAE,CAAC;QAC7B,CAAC;QACD,sDAAsD;QACtD,MAAM,GAAG,GAAG,IAAA,mBAAU,EAAC,QAAQ,EAAE,IAAI,CAAC,UAAU,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC;QACtF,OAAO,GAAG,OAAO,IAAI,GAAG,EAAE,CAAC;IAC7B,CAAC;IAED;;;;;;;OAOG;IACH,oBAAoB,CAAC,KAAa;QAChC,MAAM,QAAQ,GAAG,KAAK,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC;QACxC,IAAI,QAAQ,KAAK,CAAC,CAAC;YAAE,OAAO,KAAK,CAAC;QAClC,MAAM,OAAO,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,QAAQ,CAAC,CAAC;QACzC,MAAM,GAAG,GAAG,KAAK,CAAC,KAAK,CAAC,QAAQ,GAAG,CAAC,CAAC,CAAC;QACtC,IAAI,IAAI,CAAC,gBAAgB,KAAK,SAAS,IAAI,IAAI,CAAC,gBAAgB,EAAE,CAAC;YACjE,IAAI,CAAC;gBACH,OAAO,IAAA,eAAa,EAAC,IAAI,EAAE,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,IAAI,CAAC,gBAAgB,EAAE,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,WAAW,CAAC,CAAC,CAAC;YACzG,CAAC;YAAC,MAAM,CAAC;gBACP,OAAO,KAAK,CAAC;YACf,CAAC;QACH,CAAC;QACD,MAAM,QAAQ,GAAG,IAAA,mBAAU,EAAC,QAAQ,EAAE,IAAI,CAAC,UAAU,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC;QAC3F,2BAA2B;QAC3B,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,CAAC,MAAM;YAAE,OAAO,KAAK,CAAC;QACjD,IAAI,MAAM,GAAG,CAAC,CAAC;QACf,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,QAAQ,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YACzC,MAAM,IAAI,QAAQ,CAAC,UAAU,CAAC,CAAC,CAAC,GAAG,GAAG,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC;QACvD,CAAC;QACD,OAAO,MAAM,KAAK,CAAC,CAAC;IACtB,CAAC;IAED;;OAEG;IACH,mBAAmB;QACjB,OAAO,IAAI,CAAC,gBAAgB,CAAC;IAC/B,CAAC;IAED;;;OAGG;IACH,eAAe;QACb,IAAI,CAAC,IAAI,CAAC,gBAAgB;YAAE,OAAO,IAAI,CAAC;QACxC,OAAO,IAAI,CAAC,gBAAgB,CAAC,MAAM,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,CAAW,CAAC;IACjF,CAAC;IAEO,GAAG,CAAC,MAAc,EAAE,OAAgB;QAC1C,MAAM,KAAK,GAAG;YACZ,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YACnC,MAAM;YACN,OAAO;SACR,CAAC;QACF,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAE1B,0EAA0E;QAC1E,IAAI,CAAC;YACH,MAAM,GAAG,GAAG,IAAA,WAAI,EAAC,GAAG,EAAE,MAAM,CAAC,CAAC;YAC9B,IAAI,CAAC,IAAA,eAAU,EAAC,GAAG,CAAC,EAAE,CAAC;gBACrB,IAAA,cAAS,EAAC,GAAG,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;YACtC,CAAC;YACD,IAAA,eAAU,EAAC,IAAI,CAAC,YAAY,EAAE,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,GAAG,IAAI,EAAE,GAAG,EAAE,GAAE,CAAC,CAAC,CAAC;QACxE,CAAC;QAAC,MAAM,CAAC;YACP,qCAAqC;QACvC,CAAC;IACH,CAAC;IAED;;;OAGG;IACH,eAAe;QACb,uBAAuB;QACvB,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC;QACvB,KAAK,MAAM,CAAC,KAAK,EAAE,KAAK,CAAC,IAAI,IAAI,CAAC,YAAY,CAAC,OAAO,EAAE,EAAE,CAAC;YACzD,IAAI,IAAI,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,GAAG,GAAG,EAAE,CAAC;gBACpC,IAAI,CAAC,YAAY,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;YAClC,CAAC;QACH,CAAC;QACD,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,YAAY,CAAC,MAAM,EAAE,CAAC,CAAC;IAChD,CAAC;IAED;;;OAGG;IACH,WAAW;QACT,OAAO,CAAC,GAAG,IAAI,CAAC,QAAQ,CAAC,CAAC;IAC5B,CAAC;IAED;;OAEG;IACH,mBAAmB;QACjB,OAAO,MAAM,CAAC,WAAW,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC;IACnD,CAAC;IAED;;OAEG;IACH,kBAAkB,CAAC,OAAe;QAChC,IAAI,CAAC,OAAO,IAAI,OAAO,OAAO,KAAK,QAAQ;YAAE,OAAO,CAAC,OAAO,CAAC,CAAC;QAC9D,MAAM,MAAM,GAAG,IAAI,CAAC,iBAAiB,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;QACnD,OAAO,MAAM,EAAE,iBAAiB,IAAI,CAAC,OAAO,CAAC,CAAC;IAChD,CAAC;IAED,gCAAgC;IAEhC,kDAAkD;IAClD,IAAY,oBAAoB;QAC9B,OAAO,IAAA,WAAI,EAAC,GAAG,EAAE,MAAM,EAAE,wBAAwB,CAAC,CAAC;IACrD,CAAC;IAED;;;OAGG;IACK,4BAA4B;QAClC,IAAI,CAAC;YACH,IAAI,IAAA,eAAU,EAAC,IAAI,CAAC,oBAAoB,CAAC,EAAE,CAAC;gBAC1C,MAAM,GAAG,GAAG,IAAA,iBAAY,EAAC,IAAI,CAAC,oBAAoB,EAAE,OAAO,CAAC,CAAC;gBAC7D,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;gBAC/B,IAAI,MAAM,IAAI,OAAO,MAAM,KAAK,QAAQ,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC;oBACnE,OAAO,MAAyC,CAAC;gBACnD,CAAC;YACH,CAAC;QACH,CAAC;QAAC,MAAM,CAAC,CAAC,oCAAoC,CAAC,CAAC;QAChD,OAAO,IAAI,CAAC;IACd,CAAC;IAED;;;OAGG;IACH,uBAAuB;QACrB,IAAI,CAAC;YACH,MAAM,GAAG,GAAG,IAAA,WAAI,EAAC,GAAG,EAAE,MAAM,CAAC,CAAC;YAC9B,IAAI,CAAC,IAAA,eAAU,EAAC,GAAG,CAAC,EAAE,CAAC;gBACrB,IAAA,cAAS,EAAC,GAAG,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;YACtC,CAAC;YACD,MAAM,QAAQ,GAAoC,EAAE,CAAC;YACrD,KAAK,MAAM,CAAC,IAAI,EAAE,OAAO,CAAC,IAAI,IAAI,CAAC,gBAAgB,EAAE,CAAC;gBACpD,QAAQ,CAAC,IAAI,CAAC,GAAG,OAAO,CAAC;YAC3B,CAAC;YACD,IAAA,cAAS,EAAC,IAAI,CAAC,oBAAoB,EAAE,IAAI,CAAC,SAAS,CAAC,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,GAAG,EAAE,GAAE,CAAC,CAAC,CAAC;QACpF,CAAC;QAAC,MAAM,CAAC;YACP,YAAY;QACd,CAAC;IACH,CAAC;IAEO,iBAAiB;QACvB,IAAI,CAAC;YACH,IAAI,IAAA,eAAU,EAAC,IAAI,CAAC,eAAe,CAAC,EAAE,CAAC;gBACrC,MAAM,GAAG,GAAG,IAAA,iBAAY,EAAC,IAAI,CAAC,eAAe,EAAE,OAAO,CAAC,CAAC;gBACxD,OAAO,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;YACzB,CAAC;QACH,CAAC;QAAC,MAAM,CAAC,CAAC,YAAY,CAAC,CAAC;QACxB,OAAO,IAAI,CAAC;IACd,CAAC;IAEO,kBAAkB;QACxB,IAAI,CAAC;YACH,MAAM,GAAG,GAAG,IAAA,WAAI,EAAC,GAAG,EAAE,MAAM,CAAC,CAAC;YAC9B,IAAI,CAAC,IAAA,eAAU,EAAC,GAAG,CAAC,EAAE,CAAC;gBACrB,IAAA,cAAS,EAAC,GAAG,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;YACtC,CAAC;YACD,MAAM,OAAO,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,iBAAiB,CAAC,MAAM,EAAE,CAAC,CAAC;YAC5D,IAAA,cAAS,EAAC,IAAI,CAAC,eAAe,EAAE,IAAI,CAAC,SAAS,CAAC,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,GAAG,EAAE,GAAE,CAAC,CAAC,CAAC;QAC9E,CAAC;QAAC,MAAM,CAAC;YACP,YAAY;QACd,CAAC;IACH,CAAC;IAEO,iBAAiB;QACvB,IAAI,CAAC;YACH,IAAI,IAAA,eAAU,EAAC,IAAI,CAAC,YAAY,CAAC,EAAE,CAAC;gBAClC,MAAM,GAAG,GAAG,IAAA,iBAAY,EAAC,IAAI,CAAC,YAAY,EAAE,OAAO,CAAC,CAAC;gBACrD,MAAM,KAAK,GAAG,GAAG,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;gBACpD,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;oBACzB,IAAI,CAAC;wBACH,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC;oBACvC,CAAC;oBAAC,MAAM,CAAC,CAAC,oBAAoB,CAAC,CAAC;gBAClC,CAAC;YACH,CAAC;QACH,CAAC;QAAC,MAAM,CAAC,CAAC,YAAY,CAAC,CAAC;IAC1B,CAAC;CACF;AAlnBD,oCAknBC"}