smol-symphony 0.2.0 → 0.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (716) hide show
  1. package/AGENTS.md +41 -22
  2. package/DESIGN.md +494 -273
  3. package/README.md +109 -57
  4. package/SPEC.md +33 -24
  5. package/WORKFLOW.minimal.yaml +34 -0
  6. package/{WORKFLOW.template.md → WORKFLOW.template.yaml} +409 -256
  7. package/WORKFLOW.yaml +487 -0
  8. package/assets/skills/symphony-issues/SKILL.md +136 -0
  9. package/assets/symphony-mise.system.toml +68 -0
  10. package/dist/src/bin/symphony.js +30 -0
  11. package/dist/src/bin/symphony.js.map +1 -0
  12. package/dist/src/core/actions/context.js +109 -0
  13. package/dist/src/core/actions/context.js.map +1 -0
  14. package/dist/{actions/parsing.js → src/core/actions/parse.js} +33 -114
  15. package/dist/src/core/actions/parse.js.map +1 -0
  16. package/dist/src/core/actions/plan.js +197 -0
  17. package/dist/src/core/actions/plan.js.map +1 -0
  18. package/dist/src/core/actions/predicates.js +111 -0
  19. package/dist/src/core/actions/predicates.js.map +1 -0
  20. package/dist/src/core/actions/run-fold.js +248 -0
  21. package/dist/src/core/actions/run-fold.js.map +1 -0
  22. package/dist/src/core/actions/template.js +118 -0
  23. package/dist/src/core/actions/template.js.map +1 -0
  24. package/dist/src/core/cli/args.js +116 -0
  25. package/dist/src/core/cli/args.js.map +1 -0
  26. package/dist/src/core/coerce.js +75 -0
  27. package/dist/src/core/coerce.js.map +1 -0
  28. package/dist/src/core/credential/account-id.js +20 -0
  29. package/dist/src/core/credential/account-id.js.map +1 -0
  30. package/dist/src/core/credential/adapter-config.js +136 -0
  31. package/dist/src/core/credential/adapter-config.js.map +1 -0
  32. package/dist/src/core/credential/availability.js +98 -0
  33. package/dist/src/core/credential/availability.js.map +1 -0
  34. package/dist/src/core/credential/extract.js +228 -0
  35. package/dist/src/core/credential/extract.js.map +1 -0
  36. package/dist/src/core/credential/fake-creds.js +171 -0
  37. package/dist/src/core/credential/fake-creds.js.map +1 -0
  38. package/dist/src/core/credential/identity.js +125 -0
  39. package/dist/src/core/credential/identity.js.map +1 -0
  40. package/dist/src/core/credential/shape.js +230 -0
  41. package/dist/src/core/credential/shape.js.map +1 -0
  42. package/dist/src/core/credential/strings.js +15 -0
  43. package/dist/src/core/credential/strings.js.map +1 -0
  44. package/dist/src/core/doctor/checks.js +303 -0
  45. package/dist/src/core/doctor/checks.js.map +1 -0
  46. package/dist/src/core/git/result.js +107 -0
  47. package/dist/src/core/git/result.js.map +1 -0
  48. package/dist/src/core/http/decisions.js +225 -0
  49. package/dist/src/core/http/decisions.js.map +1 -0
  50. package/dist/{http.js → src/core/http/render.js} +472 -738
  51. package/dist/src/core/http/render.js.map +1 -0
  52. package/dist/{http-handlers.js → src/core/http/routes.js} +52 -87
  53. package/dist/src/core/http/routes.js.map +1 -0
  54. package/dist/src/core/http/views.js +181 -0
  55. package/dist/src/core/http/views.js.map +1 -0
  56. package/dist/src/core/image/managed-image.js +95 -0
  57. package/dist/src/core/image/managed-image.js.map +1 -0
  58. package/dist/src/core/issue/file.js +149 -0
  59. package/dist/src/core/issue/file.js.map +1 -0
  60. package/dist/src/core/issue/parse.js +210 -0
  61. package/dist/src/core/issue/parse.js.map +1 -0
  62. package/dist/src/core/mcp/dispatch.js +239 -0
  63. package/dist/src/core/mcp/dispatch.js.map +1 -0
  64. package/dist/src/core/mcp/post-move.js +92 -0
  65. package/dist/src/core/mcp/post-move.js.map +1 -0
  66. package/dist/src/core/mcp/protocol.js +293 -0
  67. package/dist/src/core/mcp/protocol.js.map +1 -0
  68. package/dist/src/core/mcp/url.js +162 -0
  69. package/dist/src/core/mcp/url.js.map +1 -0
  70. package/dist/src/core/path.js +63 -0
  71. package/dist/src/core/path.js.map +1 -0
  72. package/dist/src/core/reconcile/image-decide.js +48 -0
  73. package/dist/src/core/reconcile/image-decide.js.map +1 -0
  74. package/dist/src/core/reconcile/ledger.js +142 -0
  75. package/dist/src/core/reconcile/ledger.js.map +1 -0
  76. package/dist/src/core/reconcile/pr-classify.js +62 -0
  77. package/dist/src/core/reconcile/pr-classify.js.map +1 -0
  78. package/dist/{reconciler → src/core/reconcile}/pr-decide.js +25 -12
  79. package/dist/src/core/reconcile/pr-decide.js.map +1 -0
  80. package/dist/src/core/reconcile/pr-loop.js +161 -0
  81. package/dist/src/core/reconcile/pr-loop.js.map +1 -0
  82. package/dist/src/core/reconcile/pr-notes.js +35 -0
  83. package/dist/src/core/reconcile/pr-notes.js.map +1 -0
  84. package/dist/src/core/reconcile/vm-decide.js +70 -0
  85. package/dist/src/core/reconcile/vm-decide.js.map +1 -0
  86. package/dist/src/core/reconcile/vm-reap.js +207 -0
  87. package/dist/src/core/reconcile/vm-reap.js.map +1 -0
  88. package/dist/src/core/reconcile/workspace-decide.js +162 -0
  89. package/dist/src/core/reconcile/workspace-decide.js.map +1 -0
  90. package/dist/src/core/runlog/summary.js +231 -0
  91. package/dist/src/core/runlog/summary.js.map +1 -0
  92. package/dist/src/core/runner/dispatch-config.js +95 -0
  93. package/dist/src/core/runner/dispatch-config.js.map +1 -0
  94. package/dist/src/core/runner/injection.js +61 -0
  95. package/dist/src/core/runner/injection.js.map +1 -0
  96. package/dist/src/core/runner/mise.js +210 -0
  97. package/dist/src/core/runner/mise.js.map +1 -0
  98. package/dist/src/core/runner/prompt.js +720 -0
  99. package/dist/src/core/runner/prompt.js.map +1 -0
  100. package/dist/src/core/runner/turn.js +242 -0
  101. package/dist/src/core/runner/turn.js.map +1 -0
  102. package/dist/src/core/runner/vm-plan.js +390 -0
  103. package/dist/src/core/runner/vm-plan.js.map +1 -0
  104. package/dist/src/core/schedule/admission.js +123 -0
  105. package/dist/src/core/schedule/admission.js.map +1 -0
  106. package/dist/src/core/schedule/circuit-breaker.js +111 -0
  107. package/dist/src/core/schedule/circuit-breaker.js.map +1 -0
  108. package/dist/src/core/schedule/eligibility.js +83 -0
  109. package/dist/src/core/schedule/eligibility.js.map +1 -0
  110. package/dist/src/core/schedule/reconcile-issue.js +82 -0
  111. package/dist/src/core/schedule/reconcile-issue.js.map +1 -0
  112. package/dist/src/core/schedule/retry.js +96 -0
  113. package/dist/src/core/schedule/retry.js.map +1 -0
  114. package/dist/src/core/schedule/sleep-cycle.js +133 -0
  115. package/dist/src/core/schedule/sleep-cycle.js.map +1 -0
  116. package/dist/src/core/schedule/slots.js +124 -0
  117. package/dist/src/core/schedule/slots.js.map +1 -0
  118. package/dist/src/core/schedule/tick.js +553 -0
  119. package/dist/src/core/schedule/tick.js.map +1 -0
  120. package/dist/src/core/schedule/token-fold.js +181 -0
  121. package/dist/src/core/schedule/token-fold.js.map +1 -0
  122. package/dist/src/core/state-resolve.js +86 -0
  123. package/dist/src/core/state-resolve.js.map +1 -0
  124. package/dist/src/core/vm-guards.js +278 -0
  125. package/dist/src/core/vm-guards.js.map +1 -0
  126. package/dist/src/core/workflow/derive.js +107 -0
  127. package/dist/src/core/workflow/derive.js.map +1 -0
  128. package/dist/src/core/workflow/parse.js +687 -0
  129. package/dist/src/core/workflow/parse.js.map +1 -0
  130. package/dist/src/core/workflow/prompt-probe.js +78 -0
  131. package/dist/src/core/workflow/prompt-probe.js.map +1 -0
  132. package/dist/src/core/workflow/validate.js +189 -0
  133. package/dist/src/core/workflow/validate.js.map +1 -0
  134. package/dist/src/core/workspace-key.js +19 -0
  135. package/dist/src/core/workspace-key.js.map +1 -0
  136. package/dist/src/shell/actions-runner.js +356 -0
  137. package/dist/src/shell/actions-runner.js.map +1 -0
  138. package/dist/src/shell/adapter/adapter-registry.js +45 -0
  139. package/dist/src/shell/adapter/adapter-registry.js.map +1 -0
  140. package/dist/src/shell/adapter/clock-random.js +96 -0
  141. package/dist/src/shell/adapter/clock-random.js.map +1 -0
  142. package/dist/src/shell/adapter/gondolin-dispatch-helpers.js +158 -0
  143. package/dist/src/shell/adapter/gondolin-dispatch-helpers.js.map +1 -0
  144. package/dist/src/shell/adapter/gondolin-dispatch.js +385 -0
  145. package/dist/src/shell/adapter/gondolin-dispatch.js.map +1 -0
  146. package/dist/src/shell/adapter/gondolin-image-converter.js +233 -0
  147. package/dist/src/shell/adapter/gondolin-image-converter.js.map +1 -0
  148. package/dist/src/shell/adapter/gondolin-image-fetch.js +180 -0
  149. package/dist/src/shell/adapter/gondolin-image-fetch.js.map +1 -0
  150. package/dist/src/shell/adapter/launcher-asset.js +57 -0
  151. package/dist/src/shell/adapter/launcher-asset.js.map +1 -0
  152. package/dist/src/shell/adapter/mise-config-asset.js +65 -0
  153. package/dist/src/shell/adapter/mise-config-asset.js.map +1 -0
  154. package/dist/src/shell/adapter/workflow-loader.js +304 -0
  155. package/dist/src/shell/adapter/workflow-loader.js.map +1 -0
  156. package/dist/src/shell/cli/doctor.js +268 -0
  157. package/dist/src/shell/cli/doctor.js.map +1 -0
  158. package/dist/src/shell/effect-interpreter-families.js +314 -0
  159. package/dist/src/shell/effect-interpreter-families.js.map +1 -0
  160. package/dist/src/shell/effect-interpreter.js +29 -0
  161. package/dist/src/shell/effect-interpreter.js.map +1 -0
  162. package/dist/src/shell/interp/acp-frame.js +137 -0
  163. package/dist/src/shell/interp/acp-frame.js.map +1 -0
  164. package/dist/src/shell/interp/acp-ws-conn.js +320 -0
  165. package/dist/src/shell/interp/acp-ws-conn.js.map +1 -0
  166. package/dist/src/shell/interp/acp-ws-frames.js +159 -0
  167. package/dist/src/shell/interp/acp-ws-frames.js.map +1 -0
  168. package/dist/src/shell/interp/acp-ws.js +197 -0
  169. package/dist/src/shell/interp/acp-ws.js.map +1 -0
  170. package/dist/src/shell/interp/acp.js +319 -0
  171. package/dist/src/shell/interp/acp.js.map +1 -0
  172. package/dist/src/shell/interp/credential-defaults.js +128 -0
  173. package/dist/src/shell/interp/credential-defaults.js.map +1 -0
  174. package/dist/src/shell/interp/credential-hooks.js +149 -0
  175. package/dist/src/shell/interp/credential-hooks.js.map +1 -0
  176. package/dist/src/shell/interp/credential-registry.js +226 -0
  177. package/dist/src/shell/interp/credential-registry.js.map +1 -0
  178. package/dist/src/shell/interp/credential.js +103 -0
  179. package/dist/src/shell/interp/credential.js.map +1 -0
  180. package/dist/src/shell/interp/gh.js +163 -0
  181. package/dist/src/shell/interp/gh.js.map +1 -0
  182. package/dist/src/shell/interp/git.js +28 -0
  183. package/dist/src/shell/interp/git.js.map +1 -0
  184. package/dist/src/shell/interp/log.js +213 -0
  185. package/dist/src/shell/interp/log.js.map +1 -0
  186. package/dist/src/shell/interp/process.js +178 -0
  187. package/dist/src/shell/interp/process.js.map +1 -0
  188. package/dist/src/shell/interp/runlog.js +193 -0
  189. package/dist/src/shell/interp/runlog.js.map +1 -0
  190. package/dist/src/shell/interp/timer.js +64 -0
  191. package/dist/src/shell/interp/timer.js.map +1 -0
  192. package/dist/src/shell/interp/tracker-disk.js +99 -0
  193. package/dist/src/shell/interp/tracker-disk.js.map +1 -0
  194. package/dist/src/shell/interp/tracker-parse.js +71 -0
  195. package/dist/src/shell/interp/tracker-parse.js.map +1 -0
  196. package/dist/src/shell/interp/tracker-scan.js +238 -0
  197. package/dist/src/shell/interp/tracker-scan.js.map +1 -0
  198. package/dist/src/shell/interp/tracker-write.js +91 -0
  199. package/dist/src/shell/interp/tracker-write.js.map +1 -0
  200. package/dist/src/shell/interp/tracker.js +41 -0
  201. package/dist/src/shell/interp/tracker.js.map +1 -0
  202. package/dist/src/shell/interp/tty.js +48 -0
  203. package/dist/src/shell/interp/tty.js.map +1 -0
  204. package/dist/src/shell/interp/vm.js +199 -0
  205. package/dist/src/shell/interp/vm.js.map +1 -0
  206. package/dist/src/shell/interp/workspace.js +310 -0
  207. package/dist/src/shell/interp/workspace.js.map +1 -0
  208. package/dist/src/shell/main-acp.js +78 -0
  209. package/dist/src/shell/main-acp.js.map +1 -0
  210. package/dist/src/shell/main-adapters.js +222 -0
  211. package/dist/src/shell/main-adapters.js.map +1 -0
  212. package/dist/src/shell/main-credential.js +122 -0
  213. package/dist/src/shell/main-credential.js.map +1 -0
  214. package/dist/src/shell/main-doctor.js +22 -0
  215. package/dist/src/shell/main-doctor.js.map +1 -0
  216. package/dist/src/shell/main-entry.js +46 -0
  217. package/dist/src/shell/main-entry.js.map +1 -0
  218. package/dist/src/shell/main-http-csrf.js +45 -0
  219. package/dist/src/shell/main-http-csrf.js.map +1 -0
  220. package/dist/src/shell/main-http-handler.js +389 -0
  221. package/dist/src/shell/main-http-handler.js.map +1 -0
  222. package/dist/src/shell/main-http-mcp.js +122 -0
  223. package/dist/src/shell/main-http-mcp.js.map +1 -0
  224. package/dist/src/shell/main-http-views.js +253 -0
  225. package/dist/src/shell/main-http-views.js.map +1 -0
  226. package/dist/src/shell/main-http.js +76 -0
  227. package/dist/src/shell/main-http.js.map +1 -0
  228. package/dist/src/shell/main-loops.js +130 -0
  229. package/dist/src/shell/main-loops.js.map +1 -0
  230. package/dist/src/shell/main-mcp.js +129 -0
  231. package/dist/src/shell/main-mcp.js.map +1 -0
  232. package/dist/src/shell/main-orchestrator.js +120 -0
  233. package/dist/src/shell/main-orchestrator.js.map +1 -0
  234. package/dist/src/shell/main-preflight.js +43 -0
  235. package/dist/src/shell/main-preflight.js.map +1 -0
  236. package/dist/src/shell/main-reconcilers-helpers.js +244 -0
  237. package/dist/src/shell/main-reconcilers-helpers.js.map +1 -0
  238. package/dist/src/shell/main-reconcilers-pr.js +148 -0
  239. package/dist/src/shell/main-reconcilers-pr.js.map +1 -0
  240. package/dist/src/shell/main-reconcilers.js +225 -0
  241. package/dist/src/shell/main-reconcilers.js.map +1 -0
  242. package/dist/src/shell/main-runner.js +355 -0
  243. package/dist/src/shell/main-runner.js.map +1 -0
  244. package/dist/src/shell/main-scaffold.js +116 -0
  245. package/dist/src/shell/main-scaffold.js.map +1 -0
  246. package/dist/src/shell/main-shutdown.js +115 -0
  247. package/dist/src/shell/main-shutdown.js.map +1 -0
  248. package/dist/src/shell/main-startup.js +48 -0
  249. package/dist/src/shell/main-startup.js.map +1 -0
  250. package/dist/src/shell/main-substrates.js +43 -0
  251. package/dist/src/shell/main-substrates.js.map +1 -0
  252. package/dist/src/shell/main.js +385 -0
  253. package/dist/src/shell/main.js.map +1 -0
  254. package/dist/src/shell/orchestrator-feedback.js +69 -0
  255. package/dist/src/shell/orchestrator-feedback.js.map +1 -0
  256. package/dist/src/shell/orchestrator-image.js +167 -0
  257. package/dist/src/shell/orchestrator-image.js.map +1 -0
  258. package/dist/src/shell/orchestrator-loop.js +468 -0
  259. package/dist/src/shell/orchestrator-loop.js.map +1 -0
  260. package/dist/src/shell/orchestrator-reconcile.js +36 -0
  261. package/dist/src/shell/orchestrator-reconcile.js.map +1 -0
  262. package/dist/src/shell/reconciler-loop.js +228 -0
  263. package/dist/src/shell/reconciler-loop.js.map +1 -0
  264. package/dist/src/shell/runner-loop-turn.js +301 -0
  265. package/dist/src/shell/runner-loop-turn.js.map +1 -0
  266. package/dist/src/shell/runner-loop.js +338 -0
  267. package/dist/src/shell/runner-loop.js.map +1 -0
  268. package/dist/src/shell/server/http.js +208 -0
  269. package/dist/src/shell/server/http.js.map +1 -0
  270. package/dist/src/shell/server/mcp-runtime-effects.js +237 -0
  271. package/dist/src/shell/server/mcp-runtime-effects.js.map +1 -0
  272. package/dist/src/shell/server/mcp-runtime.js +99 -0
  273. package/dist/src/shell/server/mcp-runtime.js.map +1 -0
  274. package/dist/src/shell/workspace-key.js +14 -0
  275. package/dist/src/shell/workspace-key.js.map +1 -0
  276. package/dist/src/types/acp.js +8 -0
  277. package/dist/src/types/acp.js.map +1 -0
  278. package/dist/src/types/actions/plan.js +6 -0
  279. package/dist/src/types/actions/plan.js.map +1 -0
  280. package/dist/src/types/actions/predicates.js +6 -0
  281. package/dist/src/types/actions/predicates.js.map +1 -0
  282. package/dist/src/types/actions/run-fold.js +8 -0
  283. package/dist/src/types/actions/run-fold.js.map +1 -0
  284. package/dist/src/types/actions.js +7 -0
  285. package/dist/src/types/actions.js.map +1 -0
  286. package/dist/src/types/adapter/clock-random.js +4 -0
  287. package/dist/src/types/adapter/clock-random.js.map +1 -0
  288. package/dist/src/types/adapter/gondolin-image-converter.js +5 -0
  289. package/dist/src/types/adapter/gondolin-image-converter.js.map +1 -0
  290. package/dist/src/types/adapter/gondolin-image-fetch.js +5 -0
  291. package/dist/src/types/adapter/gondolin-image-fetch.js.map +1 -0
  292. package/dist/src/types/adapter/workflow-loader.js +4 -0
  293. package/dist/src/types/adapter/workflow-loader.js.map +1 -0
  294. package/dist/src/types/cli/args.js +8 -0
  295. package/dist/src/types/cli/args.js.map +1 -0
  296. package/dist/src/types/config.js +8 -0
  297. package/dist/src/types/config.js.map +1 -0
  298. package/dist/src/types/credential-interp.js +6 -0
  299. package/dist/src/types/credential-interp.js.map +1 -0
  300. package/dist/src/types/credentials.js +10 -0
  301. package/dist/src/types/credentials.js.map +1 -0
  302. package/dist/src/types/doctor.js +7 -0
  303. package/dist/src/types/doctor.js.map +1 -0
  304. package/dist/src/types/domain.js +7 -0
  305. package/dist/src/types/domain.js.map +1 -0
  306. package/dist/src/types/effect.js +15 -0
  307. package/dist/src/types/effect.js.map +1 -0
  308. package/dist/src/types/errors.js +39 -0
  309. package/dist/src/types/errors.js.map +1 -0
  310. package/dist/src/types/http/decisions.js +6 -0
  311. package/dist/src/types/http/decisions.js.map +1 -0
  312. package/dist/src/types/http/render.js +10 -0
  313. package/dist/src/types/http/render.js.map +1 -0
  314. package/dist/src/types/http/views.js +6 -0
  315. package/dist/src/types/http/views.js.map +1 -0
  316. package/dist/src/types/http.js +9 -0
  317. package/dist/src/types/http.js.map +1 -0
  318. package/dist/src/types/image/managed-image.js +7 -0
  319. package/dist/src/types/image/managed-image.js.map +1 -0
  320. package/dist/src/types/interp/effect-interpreter.js +8 -0
  321. package/dist/src/types/interp/effect-interpreter.js.map +1 -0
  322. package/dist/src/types/interp/tracker.js +7 -0
  323. package/dist/src/types/interp/tracker.js.map +1 -0
  324. package/dist/src/types/issue/file.js +6 -0
  325. package/dist/src/types/issue/file.js.map +1 -0
  326. package/dist/src/types/issue/parse.js +8 -0
  327. package/dist/src/types/issue/parse.js.map +1 -0
  328. package/dist/src/types/main-acp.js +13 -0
  329. package/dist/src/types/main-acp.js.map +1 -0
  330. package/dist/src/types/main-adapters.js +5 -0
  331. package/dist/src/types/main-adapters.js.map +1 -0
  332. package/dist/src/types/main-credential.js +21 -0
  333. package/dist/src/types/main-credential.js.map +1 -0
  334. package/dist/src/types/main-doctor.js +6 -0
  335. package/dist/src/types/main-doctor.js.map +1 -0
  336. package/dist/src/types/main-http-handler.js +12 -0
  337. package/dist/src/types/main-http-handler.js.map +1 -0
  338. package/dist/src/types/main-http.js +5 -0
  339. package/dist/src/types/main-http.js.map +1 -0
  340. package/dist/src/types/main-loops.js +5 -0
  341. package/dist/src/types/main-loops.js.map +1 -0
  342. package/dist/src/types/main-mcp.js +12 -0
  343. package/dist/src/types/main-mcp.js.map +1 -0
  344. package/dist/src/types/main-orchestrator.js +5 -0
  345. package/dist/src/types/main-orchestrator.js.map +1 -0
  346. package/dist/src/types/main-reconcilers.js +11 -0
  347. package/dist/src/types/main-reconcilers.js.map +1 -0
  348. package/dist/src/types/main-runner.js +13 -0
  349. package/dist/src/types/main-runner.js.map +1 -0
  350. package/dist/src/types/main-startup.js +5 -0
  351. package/dist/src/types/main-startup.js.map +1 -0
  352. package/dist/src/types/main-substrates.js +5 -0
  353. package/dist/src/types/main-substrates.js.map +1 -0
  354. package/dist/src/types/mcp/dispatch.js +4 -0
  355. package/dist/src/types/mcp/dispatch.js.map +1 -0
  356. package/dist/src/types/mcp/post-move.js +7 -0
  357. package/dist/src/types/mcp/post-move.js.map +1 -0
  358. package/dist/src/types/mcp.js +9 -0
  359. package/dist/src/types/mcp.js.map +1 -0
  360. package/dist/src/types/ports.js +12 -0
  361. package/dist/src/types/ports.js.map +1 -0
  362. package/dist/src/types/reconcile/image-decide.js +5 -0
  363. package/dist/src/types/reconcile/image-decide.js.map +1 -0
  364. package/dist/src/types/reconcile/ledger.js +7 -0
  365. package/dist/src/types/reconcile/ledger.js.map +1 -0
  366. package/dist/src/types/reconcile/pr-loop.js +8 -0
  367. package/dist/src/types/reconcile/pr-loop.js.map +1 -0
  368. package/dist/src/types/reconcile/vm-reap.js +8 -0
  369. package/dist/src/types/reconcile/vm-reap.js.map +1 -0
  370. package/dist/src/types/reconcile/workspace-decide.js +7 -0
  371. package/dist/src/types/reconcile/workspace-decide.js.map +1 -0
  372. package/dist/src/types/reconcile.js +9 -0
  373. package/dist/src/types/reconcile.js.map +1 -0
  374. package/dist/src/types/runlog.js +7 -0
  375. package/dist/src/types/runlog.js.map +1 -0
  376. package/dist/src/types/runner/actions-runner.js +12 -0
  377. package/dist/src/types/runner/actions-runner.js.map +1 -0
  378. package/dist/src/types/runner/gondolin-dispatch.js +5 -0
  379. package/dist/src/types/runner/gondolin-dispatch.js.map +1 -0
  380. package/dist/src/types/runner/injection.js +6 -0
  381. package/dist/src/types/runner/injection.js.map +1 -0
  382. package/dist/src/types/runner/runner-loop.js +5 -0
  383. package/dist/src/types/runner/runner-loop.js.map +1 -0
  384. package/dist/src/types/runner/turn.js +4 -0
  385. package/dist/src/types/runner/turn.js.map +1 -0
  386. package/dist/src/types/runner/vm-plan.js +4 -0
  387. package/dist/src/types/runner/vm-plan.js.map +1 -0
  388. package/dist/src/types/runtime.js +9 -0
  389. package/dist/src/types/runtime.js.map +1 -0
  390. package/dist/src/types/schedule/admission.js +7 -0
  391. package/dist/src/types/schedule/admission.js.map +1 -0
  392. package/dist/src/types/schedule/circuit-breaker.js +2 -0
  393. package/dist/src/types/schedule/circuit-breaker.js.map +1 -0
  394. package/dist/src/types/schedule/eligibility.js +9 -0
  395. package/dist/src/types/schedule/eligibility.js.map +1 -0
  396. package/dist/src/types/schedule/orchestrator-loop.js +10 -0
  397. package/dist/src/types/schedule/orchestrator-loop.js.map +1 -0
  398. package/dist/src/types/schedule/sleep-cycle.js +4 -0
  399. package/dist/src/types/schedule/sleep-cycle.js.map +1 -0
  400. package/dist/src/types/schedule/slots.js +8 -0
  401. package/dist/src/types/schedule/slots.js.map +1 -0
  402. package/dist/src/types/schedule/tick.js +9 -0
  403. package/dist/src/types/schedule/tick.js.map +1 -0
  404. package/dist/src/types/server/mcp-runtime.js +8 -0
  405. package/dist/src/types/server/mcp-runtime.js.map +1 -0
  406. package/dist/src/types/workflow/parse.js +4 -0
  407. package/dist/src/types/workflow/parse.js.map +1 -0
  408. package/dist/tests/core/account-id.test.js +35 -0
  409. package/dist/tests/core/account-id.test.js.map +1 -0
  410. package/dist/tests/core/actions-parse.test.js +176 -0
  411. package/dist/tests/core/actions-parse.test.js.map +1 -0
  412. package/dist/tests/core/adapter-config.test.js +133 -0
  413. package/dist/tests/core/adapter-config.test.js.map +1 -0
  414. package/dist/tests/core/admission.test.js +215 -0
  415. package/dist/tests/core/admission.test.js.map +1 -0
  416. package/dist/tests/core/args.test.js +132 -0
  417. package/dist/tests/core/args.test.js.map +1 -0
  418. package/dist/tests/core/availability.test.js +62 -0
  419. package/dist/tests/core/availability.test.js.map +1 -0
  420. package/dist/tests/core/checks.test.js +395 -0
  421. package/dist/tests/core/checks.test.js.map +1 -0
  422. package/dist/tests/core/circuit-breaker.test.js +172 -0
  423. package/dist/tests/core/circuit-breaker.test.js.map +1 -0
  424. package/dist/tests/core/coerce.test.js +87 -0
  425. package/dist/tests/core/coerce.test.js.map +1 -0
  426. package/dist/tests/core/context.test.js +228 -0
  427. package/dist/tests/core/context.test.js.map +1 -0
  428. package/dist/tests/core/decisions.test.js +310 -0
  429. package/dist/tests/core/decisions.test.js.map +1 -0
  430. package/dist/tests/core/derive.test.js +205 -0
  431. package/dist/tests/core/derive.test.js.map +1 -0
  432. package/dist/tests/core/dispatch-config.test.js +164 -0
  433. package/dist/tests/core/dispatch-config.test.js.map +1 -0
  434. package/dist/tests/core/dispatch.test.js +302 -0
  435. package/dist/tests/core/dispatch.test.js.map +1 -0
  436. package/dist/tests/core/eligibility.test.js +163 -0
  437. package/dist/tests/core/eligibility.test.js.map +1 -0
  438. package/dist/tests/core/extract.test.js +139 -0
  439. package/dist/tests/core/extract.test.js.map +1 -0
  440. package/dist/tests/core/fake-creds.test.js +134 -0
  441. package/dist/tests/core/fake-creds.test.js.map +1 -0
  442. package/dist/tests/core/file.test.js +197 -0
  443. package/dist/tests/core/file.test.js.map +1 -0
  444. package/dist/tests/core/git-result.test.js +113 -0
  445. package/dist/tests/core/git-result.test.js.map +1 -0
  446. package/dist/tests/core/identity.test.js +180 -0
  447. package/dist/tests/core/identity.test.js.map +1 -0
  448. package/dist/tests/core/image-decide.test.js +59 -0
  449. package/dist/tests/core/image-decide.test.js.map +1 -0
  450. package/dist/tests/core/injection.test.js +163 -0
  451. package/dist/tests/core/injection.test.js.map +1 -0
  452. package/dist/tests/core/ledger.test.js +218 -0
  453. package/dist/tests/core/ledger.test.js.map +1 -0
  454. package/dist/tests/core/managed-image.test.js +68 -0
  455. package/dist/tests/core/managed-image.test.js.map +1 -0
  456. package/dist/tests/core/mise.test.js +138 -0
  457. package/dist/tests/core/mise.test.js.map +1 -0
  458. package/dist/tests/core/parse.test.js +174 -0
  459. package/dist/tests/core/parse.test.js.map +1 -0
  460. package/dist/tests/core/path.test.js +50 -0
  461. package/dist/tests/core/path.test.js.map +1 -0
  462. package/dist/tests/core/plan.test.js +218 -0
  463. package/dist/tests/core/plan.test.js.map +1 -0
  464. package/dist/tests/core/post-move.test.js +162 -0
  465. package/dist/tests/core/post-move.test.js.map +1 -0
  466. package/dist/tests/core/pr-classify.test.js +117 -0
  467. package/dist/tests/core/pr-classify.test.js.map +1 -0
  468. package/dist/tests/core/pr-decide.test.js +298 -0
  469. package/dist/tests/core/pr-decide.test.js.map +1 -0
  470. package/dist/tests/core/pr-loop.test.js +301 -0
  471. package/dist/tests/core/pr-loop.test.js.map +1 -0
  472. package/dist/tests/core/pr-notes.test.js +165 -0
  473. package/dist/tests/core/pr-notes.test.js.map +1 -0
  474. package/dist/tests/core/predicates.test.js +154 -0
  475. package/dist/tests/core/predicates.test.js.map +1 -0
  476. package/dist/tests/core/prompt.test.js +189 -0
  477. package/dist/tests/core/prompt.test.js.map +1 -0
  478. package/dist/tests/core/protocol.test.js +195 -0
  479. package/dist/tests/core/protocol.test.js.map +1 -0
  480. package/dist/tests/core/reconcile-issue.test.js +116 -0
  481. package/dist/tests/core/reconcile-issue.test.js.map +1 -0
  482. package/dist/tests/core/render.test.js +549 -0
  483. package/dist/tests/core/render.test.js.map +1 -0
  484. package/dist/tests/core/retry.test.js +186 -0
  485. package/dist/tests/core/retry.test.js.map +1 -0
  486. package/dist/tests/core/routes.test.js +247 -0
  487. package/dist/tests/core/routes.test.js.map +1 -0
  488. package/dist/tests/core/run-fold.test.js +299 -0
  489. package/dist/tests/core/run-fold.test.js.map +1 -0
  490. package/dist/tests/core/shape.test.js +185 -0
  491. package/dist/tests/core/shape.test.js.map +1 -0
  492. package/dist/tests/core/sleep-cycle.test.js +150 -0
  493. package/dist/tests/core/sleep-cycle.test.js.map +1 -0
  494. package/dist/tests/core/slots.test.js +201 -0
  495. package/dist/tests/core/slots.test.js.map +1 -0
  496. package/dist/tests/core/state-resolve.test.js +80 -0
  497. package/dist/tests/core/state-resolve.test.js.map +1 -0
  498. package/dist/tests/core/summary.test.js +200 -0
  499. package/dist/tests/core/summary.test.js.map +1 -0
  500. package/dist/tests/core/template.test.js +116 -0
  501. package/dist/tests/core/template.test.js.map +1 -0
  502. package/dist/tests/core/tick.test.js +558 -0
  503. package/dist/tests/core/tick.test.js.map +1 -0
  504. package/dist/tests/core/token-fold.test.js +176 -0
  505. package/dist/tests/core/token-fold.test.js.map +1 -0
  506. package/dist/tests/core/turn.test.js +388 -0
  507. package/dist/tests/core/turn.test.js.map +1 -0
  508. package/dist/tests/core/url.test.js +118 -0
  509. package/dist/tests/core/url.test.js.map +1 -0
  510. package/dist/tests/core/validate.test.js +247 -0
  511. package/dist/tests/core/validate.test.js.map +1 -0
  512. package/dist/tests/core/views.test.js +252 -0
  513. package/dist/tests/core/views.test.js.map +1 -0
  514. package/dist/tests/core/vm-decide.test.js +110 -0
  515. package/dist/tests/core/vm-decide.test.js.map +1 -0
  516. package/dist/tests/core/vm-guards.test.js +153 -0
  517. package/dist/tests/core/vm-guards.test.js.map +1 -0
  518. package/dist/tests/core/vm-plan.test.js +332 -0
  519. package/dist/tests/core/vm-plan.test.js.map +1 -0
  520. package/dist/tests/core/vm-reap.test.js +196 -0
  521. package/dist/tests/core/vm-reap.test.js.map +1 -0
  522. package/dist/tests/core/workflow-parse.test.js +493 -0
  523. package/dist/tests/core/workflow-parse.test.js.map +1 -0
  524. package/dist/tests/core/workspace-decide.test.js +236 -0
  525. package/dist/tests/core/workspace-decide.test.js.map +1 -0
  526. package/dist/tests/helpers/fixtures.js +167 -0
  527. package/dist/tests/helpers/fixtures.js.map +1 -0
  528. package/dist/tests/shell/acp-substrate.test.js +101 -0
  529. package/dist/tests/shell/acp-substrate.test.js.map +1 -0
  530. package/dist/tests/shell/actions-runner-push.test.js +203 -0
  531. package/dist/tests/shell/actions-runner-push.test.js.map +1 -0
  532. package/dist/tests/shell/credential-hooks.test.js +36 -0
  533. package/dist/tests/shell/credential-hooks.test.js.map +1 -0
  534. package/dist/tests/shell/credential-registry.test.js +165 -0
  535. package/dist/tests/shell/credential-registry.test.js.map +1 -0
  536. package/dist/tests/shell/credential-substrate.test.js +179 -0
  537. package/dist/tests/shell/credential-substrate.test.js.map +1 -0
  538. package/dist/tests/shell/dockerfile-mise-pin.test.js +51 -0
  539. package/dist/tests/shell/dockerfile-mise-pin.test.js.map +1 -0
  540. package/dist/tests/shell/doctor.test.js +101 -0
  541. package/dist/tests/shell/doctor.test.js.map +1 -0
  542. package/dist/tests/shell/effect-vm-create.test.js +52 -0
  543. package/dist/tests/shell/effect-vm-create.test.js.map +1 -0
  544. package/dist/tests/shell/gh-port.test.js +63 -0
  545. package/dist/tests/shell/gh-port.test.js.map +1 -0
  546. package/dist/tests/shell/gondolin-dispatch-guard.test.js +144 -0
  547. package/dist/tests/shell/gondolin-dispatch-guard.test.js.map +1 -0
  548. package/dist/tests/shell/gondolin-dispatch-shquote.test.js +168 -0
  549. package/dist/tests/shell/gondolin-dispatch-shquote.test.js.map +1 -0
  550. package/dist/tests/shell/gondolin-image-converter.test.js +208 -0
  551. package/dist/tests/shell/gondolin-image-converter.test.js.map +1 -0
  552. package/dist/tests/shell/gondolin-image-fetch.test.js +93 -0
  553. package/dist/tests/shell/gondolin-image-fetch.test.js.map +1 -0
  554. package/dist/tests/shell/http-handler.test.js +608 -0
  555. package/dist/tests/shell/http-handler.test.js.map +1 -0
  556. package/dist/tests/shell/http-server.test.js +53 -0
  557. package/dist/tests/shell/http-server.test.js.map +1 -0
  558. package/dist/tests/shell/mcp-runtime.test.js +366 -0
  559. package/dist/tests/shell/mcp-runtime.test.js.map +1 -0
  560. package/dist/tests/shell/mise-config-asset.test.js +87 -0
  561. package/dist/tests/shell/mise-config-asset.test.js.map +1 -0
  562. package/dist/tests/shell/orchestrator-loop.test.js +583 -0
  563. package/dist/tests/shell/orchestrator-loop.test.js.map +1 -0
  564. package/dist/tests/shell/reconciler-passes.test.js +314 -0
  565. package/dist/tests/shell/reconciler-passes.test.js.map +1 -0
  566. package/dist/tests/shell/runner-loop-turn.test.js +97 -0
  567. package/dist/tests/shell/runner-loop-turn.test.js.map +1 -0
  568. package/dist/tests/shell/runner-slice.test.js +536 -0
  569. package/dist/tests/shell/runner-slice.test.js.map +1 -0
  570. package/dist/tests/shell/scaffold.test.js +65 -0
  571. package/dist/tests/shell/scaffold.test.js.map +1 -0
  572. package/dist/tests/shell/tick-config.test.js +83 -0
  573. package/dist/tests/shell/tick-config.test.js.map +1 -0
  574. package/dist/tests/shell/tracker-parse-dates.test.js +44 -0
  575. package/dist/tests/shell/tracker-parse-dates.test.js.map +1 -0
  576. package/dist/tests/shell/tracker-write-issue.test.js +154 -0
  577. package/dist/tests/shell/tracker-write-issue.test.js.map +1 -0
  578. package/dist/tests/shell/workflow-prompt-split.test.js +208 -0
  579. package/dist/tests/shell/workflow-prompt-split.test.js.map +1 -0
  580. package/dist/tests/shell/workspace-live-config.test.js +140 -0
  581. package/dist/tests/shell/workspace-live-config.test.js.map +1 -0
  582. package/package.json +21 -9
  583. package/patches/@earendil-works+gondolin+0.12.0.patch +173 -0
  584. package/prompts/Reflect.md +91 -0
  585. package/prompts/Review.md +97 -0
  586. package/prompts/Todo.md +96 -0
  587. package/prompts/_footer.md +41 -0
  588. package/prompts/_preamble.md +42 -0
  589. package/prompts-minimal/Todo.md +26 -0
  590. package/scripts/postinstall.mjs +63 -0
  591. package/scripts/vm-agent.mjs +312 -90
  592. package/WORKFLOW.md +0 -744
  593. package/dist/acp-bridge.js +0 -324
  594. package/dist/acp-bridge.js.map +0 -1
  595. package/dist/actions/cache.js +0 -191
  596. package/dist/actions/cache.js.map +0 -1
  597. package/dist/actions/effects.js +0 -41
  598. package/dist/actions/effects.js.map +0 -1
  599. package/dist/actions/executor.js +0 -570
  600. package/dist/actions/executor.js.map +0 -1
  601. package/dist/actions/index.js +0 -13
  602. package/dist/actions/index.js.map +0 -1
  603. package/dist/actions/parsing.js.map +0 -1
  604. package/dist/actions/predicate-env.js +0 -27
  605. package/dist/actions/predicate-env.js.map +0 -1
  606. package/dist/actions/predicates.js +0 -49
  607. package/dist/actions/predicates.js.map +0 -1
  608. package/dist/actions/templating.js +0 -66
  609. package/dist/actions/templating.js.map +0 -1
  610. package/dist/actions/types.js +0 -15
  611. package/dist/actions/types.js.map +0 -1
  612. package/dist/agent/acp.js +0 -473
  613. package/dist/agent/acp.js.map +0 -1
  614. package/dist/agent/adapter-names.js +0 -159
  615. package/dist/agent/adapter-names.js.map +0 -1
  616. package/dist/agent/adapters.js +0 -511
  617. package/dist/agent/adapters.js.map +0 -1
  618. package/dist/agent/credential-extractors.js +0 -342
  619. package/dist/agent/credential-extractors.js.map +0 -1
  620. package/dist/agent/credential-secrets.js +0 -628
  621. package/dist/agent/credential-secrets.js.map +0 -1
  622. package/dist/agent/credential-ticker.js +0 -57
  623. package/dist/agent/credential-ticker.js.map +0 -1
  624. package/dist/agent/gondolin-creds-staging.js +0 -356
  625. package/dist/agent/gondolin-creds-staging.js.map +0 -1
  626. package/dist/agent/gondolin-dispatch.js +0 -375
  627. package/dist/agent/gondolin-dispatch.js.map +0 -1
  628. package/dist/agent/gondolin.js +0 -124
  629. package/dist/agent/gondolin.js.map +0 -1
  630. package/dist/agent/runner-decisions.js +0 -134
  631. package/dist/agent/runner-decisions.js.map +0 -1
  632. package/dist/agent/runner.js +0 -1456
  633. package/dist/agent/runner.js.map +0 -1
  634. package/dist/agent/tool-call-summary.js +0 -102
  635. package/dist/agent/tool-call-summary.js.map +0 -1
  636. package/dist/agent/vm-acp-mapping.js +0 -73
  637. package/dist/agent/vm-acp-mapping.js.map +0 -1
  638. package/dist/agent/vm-guards.js +0 -262
  639. package/dist/agent/vm-guards.js.map +0 -1
  640. package/dist/agent/vm-port.js +0 -22
  641. package/dist/agent/vm-port.js.map +0 -1
  642. package/dist/agent/vm-process-registry.js +0 -79
  643. package/dist/agent/vm-process-registry.js.map +0 -1
  644. package/dist/bin/cli-args.js +0 -105
  645. package/dist/bin/cli-args.js.map +0 -1
  646. package/dist/bin/symphony.js +0 -794
  647. package/dist/bin/symphony.js.map +0 -1
  648. package/dist/errors.js +0 -15
  649. package/dist/errors.js.map +0 -1
  650. package/dist/http-disk.js +0 -135
  651. package/dist/http-disk.js.map +0 -1
  652. package/dist/http-handlers.js.map +0 -1
  653. package/dist/http.js.map +0 -1
  654. package/dist/issues.js +0 -178
  655. package/dist/issues.js.map +0 -1
  656. package/dist/logging.js +0 -203
  657. package/dist/logging.js.map +0 -1
  658. package/dist/mcp.js +0 -706
  659. package/dist/mcp.js.map +0 -1
  660. package/dist/memory.js +0 -85
  661. package/dist/memory.js.map +0 -1
  662. package/dist/orchestrator-decisions.js +0 -331
  663. package/dist/orchestrator-decisions.js.map +0 -1
  664. package/dist/orchestrator.js +0 -1569
  665. package/dist/orchestrator.js.map +0 -1
  666. package/dist/prompt.js +0 -65
  667. package/dist/prompt.js.map +0 -1
  668. package/dist/reconciler/cache.js +0 -65
  669. package/dist/reconciler/cache.js.map +0 -1
  670. package/dist/reconciler/index.js +0 -448
  671. package/dist/reconciler/index.js.map +0 -1
  672. package/dist/reconciler/ledger.js +0 -131
  673. package/dist/reconciler/ledger.js.map +0 -1
  674. package/dist/reconciler/pr-adapters.js +0 -174
  675. package/dist/reconciler/pr-adapters.js.map +0 -1
  676. package/dist/reconciler/pr-decide.js.map +0 -1
  677. package/dist/reconciler/pr.js +0 -422
  678. package/dist/reconciler/pr.js.map +0 -1
  679. package/dist/reconciler/types.js +0 -12
  680. package/dist/reconciler/types.js.map +0 -1
  681. package/dist/reconciler/vm.js +0 -243
  682. package/dist/reconciler/vm.js.map +0 -1
  683. package/dist/reconciler/workspace-defaults.js +0 -83
  684. package/dist/reconciler/workspace-defaults.js.map +0 -1
  685. package/dist/reconciler/workspace.js +0 -272
  686. package/dist/reconciler/workspace.js.map +0 -1
  687. package/dist/runlog.js +0 -403
  688. package/dist/runlog.js.map +0 -1
  689. package/dist/scaffold.js +0 -165
  690. package/dist/scaffold.js.map +0 -1
  691. package/dist/trackers/local.js +0 -445
  692. package/dist/trackers/local.js.map +0 -1
  693. package/dist/trackers/types.js +0 -10
  694. package/dist/trackers/types.js.map +0 -1
  695. package/dist/types.js +0 -3
  696. package/dist/types.js.map +0 -1
  697. package/dist/util/clock.js +0 -12
  698. package/dist/util/clock.js.map +0 -1
  699. package/dist/util/crypto.js +0 -25
  700. package/dist/util/crypto.js.map +0 -1
  701. package/dist/util/frontmatter.js +0 -70
  702. package/dist/util/frontmatter.js.map +0 -1
  703. package/dist/util/fs-issues.js +0 -22
  704. package/dist/util/fs-issues.js.map +0 -1
  705. package/dist/util/process.js +0 -152
  706. package/dist/util/process.js.map +0 -1
  707. package/dist/util/workspace-key.js +0 -10
  708. package/dist/util/workspace-key.js.map +0 -1
  709. package/dist/workflow-loader.js +0 -147
  710. package/dist/workflow-loader.js.map +0 -1
  711. package/dist/workflow.js +0 -822
  712. package/dist/workflow.js.map +0 -1
  713. package/dist/workspace-types.js +0 -8
  714. package/dist/workspace-types.js.map +0 -1
  715. package/dist/workspace.js +0 -443
  716. package/dist/workspace.js.map +0 -1
package/dist/tests/shell/credential-substrate.test.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"credential-substrate.test.js","sourceRoot":"","sources":["../../../tests/shell/credential-substrate.test.ts"],"names":[],"mappings":"AAAA,8EAA8E;AAC9E,4EAA4E;AAC5E,EAAE;AACF,6EAA6E;AAC7E,4EAA4E;AAC5E,oFAAoF;AACpF,kFAAkF;AAClF,+CAA+C;AAC/C,gFAAgF;AAChF,mFAAmF;AACnF,2EAA2E;AAE3E,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AACjC,OAAO,MAAM,MAAM,oBAAoB,CAAC;AAExC,OAAO,EAAE,wBAAwB,EAAE,MAAM,oCAAoC,CAAC;AAK9E,oFAAoF;AACpF,OAAO,EACL,kBAAkB,EAAE,iBAAiB,EAAE,gBAAgB,GACxD,MAAM,sCAAsC,CAAC;AAC9C,OAAO,EAAE,qBAAqB,EAAE,oBAAoB,EAAE,MAAM,uCAAuC,CAAC;AACpG,OAAO,EACL,yCAAyC,EAAE,uBAAuB,EAAE,kBAAkB,GACvF,MAAM,oCAAoC,CAAC;AAC5C,OAAO,EAAE,sBAAsB,EAAE,MAAM,yCAAyC,CAAC;AACjF,OAAO,EAAE,kBAAkB,EAAE,MAAM,6CAA6C,CAAC;AAEjF,MAAM,OAAO,GAAY,EAAE,IAAI,EAAE,GAAG,EAAE,CAAC,SAAS,EAAE,SAAS,KAAK,OAAO,OAAO,CAAC,CAAC,CAAC,EAAE,CAAC;AAEpF,oEAAoE;AACpE,IAAI,GAAG,GAAG,CAAC,CAAC;AACZ,MAAM,WAAW,GAAiB,EAAE,QAAQ,EAAE,GAAG,EAAE,CAAC,QAAQ,EAAE,GAAG,EAAE,EAAE,CAAC;AAEtE,MAAM,IAAI,GAAuB;IAC/B,IAAI,EAAE;QACJ,kBAAkB,EAAE,iBAAiB,EAAE,gBAAgB,EAAE,qBAAqB;QAC9E,oBAAoB;KACrB;IACD,yCAAyC;IACzC,uBAAuB;IACvB,sBAAsB;IACtB,kBAAkB;IAClB,kBAAkB;CACnB,CAAC;AAEF,SAAS,KAAK,CAAC,MAAoD,EAAE;IACnE,GAAG,GAAG,CAAC,CAAC;IACR,OAAO,wBAAwB,CAAC;QAC9B,IAAI,EAAE,IAAI,EAAE,MAAM,EAAE,WAAW,EAAE,gBAAgB,EAAE,GAAG,EAAE,CAAC,CAAC,EAAE,eAAe,EAAE,GAAG,EAAE,CAAC,OAAO;QAC1F,gBAAgB,EAAE,GAAG,EAAE,CAAC,IAAI,GAAG,CAAC,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC,EAAE,GAAG,EAAE,GAAG,EAAE,OAAO;KACxE,CAAC,CAAC;AACL,CAAC;AAED,2DAA2D;AAC3D,MAAM,iBAAiB,GAAc;IACnC,WAAW,EAAE,sCAAsC;IACnD,WAAW,EAAE,IAAI;IACjB,YAAY,EAAE,IAAI;IAClB,gBAAgB,EAAE,sCAAsC;CACzD,CAAC;AAEF,IAAI,CAAC,8EAA8E,EAAE,GAAG,EAAE;IACxF,MAAM,GAAG,GAAG,KAAK,EAAE,CAAC;IACpB,MAAM,IAAI,GAAG,GAAG,CAAC,gBAAgB,CAAC,QAAQ,CAAC,CAAC;IAE5C,gEAAgE;IAChE,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,UAAU,CAAC,CAAC;IAC3C,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,UAAU,EAAE,sBAAsB,CAAC,CAAC;IAEtD,kFAAkF;IAClF,+EAA+E;IAC/E,MAAM,IAAI,GAAG,GAAG,CAAC,cAAc,CAAC;QAC9B,OAAO,EAAE,QAAQ,EAAE,WAAW,EAAE,IAAI,CAAC,WAAW,EAAE,UAAU,EAAE,IAAI,CAAC,UAAU;QAC7E,cAAc,EAAE,EAAE,WAAW,EAAE,GAAG,EAAE,gBAAgB,EAAE,GAAG,EAAE,EAAE,aAAa,EAAE,IAAI;KACjF,CAAC,CAAC;IACH,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,UAAU,CAAC,EAAE,IAAI,CAAC,WAAW,CAAC,CAAC;IAC1D,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,SAAS,CAAC,QAAQ,CAAC,mBAAmB,CAAC,CAAC,CAAC;IAChF,MAAM,CAAC,EAAE,CAAC,KAAK,EAAE,+BAA+B,CAAC,CAAC;IAClD,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,KAAM,CAAC,OAAO,CAAqE,CAAC;IAC9G,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,aAAa,CAAC,WAAW,EAAE,IAAI,CAAC,WAAW,CAAC,CAAC,CAAC,kCAAkC;IACpG,4FAA4F;IAC5F,MAAM,CAAC,EAAE,CAAC,CAAC,UAAU,CAAC,IAAI,CAAC,MAAM,CAAC,aAAa,CAAC,YAAY,CAAC,CAAC,CAAC;IAC/D,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,aAAa,CAAC,YAAY,EAAE,cAAc,CAAC,CAAC;AAClE,CAAC,CAAC,CAAC;AAEH,IAAI,CAAC,gFAAgF,EAAE,GAAG,EAAE;IAC1F,MAAM,GAAG,GAAG,KAAK,EAAE,CAAC;IACpB,MAAM,IAAI,GAAG,GAAG,CAAC,gBAAgB,CAAC,QAAQ,CAAC,CAAC;IAC5C,MAAM,WAAW,GAAG,GAAG,CAAC,gBAAgB,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,oBAAoB,CAAC,CAAC,CAAC;IAEzE,mFAAmF;IACnF,8EAA8E;IAC9E,MAAM,SAAS,GAAc,EAAE,WAAW,EAAE,0BAA0B,EAAE,WAAW,EAAE,IAAI,EAAE,CAAC;IAC5F,MAAM,MAAM,GAAG,GAAG,CAAC,eAAe,CAAC;QACjC,SAAS,EAAE,QAAQ,EAAE,UAAU,EAAE,IAAI,CAAC,UAAU,EAAE,WAAW,EAAE,IAAI,CAAC,WAAW;QAC/E,iBAAiB,EAAE,IAAI,CAAC,iBAAiB,EAAE,YAAY,EAAE,WAAW,CAAC,YAAY,EAAE,KAAK,EAAE,SAAS;KACpG,CAAC,CAAC;IAEH,uEAAuE;IACvE,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,IAAI,CAAC,UAAU,CAAC,EAAE,IAAI,CAAC,WAAW,CAAC,CAAC;IAC5D,MAAM,CAAC,EAAE,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,QAAQ,CAAC,SAAS,CAAC,WAAW,CAAC,CAAC,CAAC;IAEtE,kFAAkF;IAClF,kFAAkF;IAClF,MAAM,MAAM,GAAG,MAAM,CAAC,aAAa,CAAC,WAAW,EAAE,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,IAAI,CAAC,UAAU,CAAC,CAAC;IAC1F,MAAM,CAAC,EAAE,CAAC,MAAM,EAAE,iDAAiD,CAAC,CAAC;IACrE,MAAM,CAAC,SAAS,CAAC,MAAO,CAAC,KAAK,EAAE,CAAC,mBAAmB,CAAC,CAAC,CAAC;IACvD,MAAM,CAAC,EAAE,CAAC,CAAC,MAAO,CAAC,KAAK,CAAC,QAAQ,CAAC,oBAAoB,CAAC,CAAC,CAAC;IACzD,2EAA2E;IAC3E,MAAM,CAAC,EAAE,CAAC,MAAM,CAAC,YAAY,CAAC,QAAQ,CAAC,oBAAoB,CAAC,CAAC,CAAC;IAC9D,MAAM,CAAC,EAAE,CAAC,MAAM,CAAC,YAAY,CAAC,QAAQ,CAAC,mBAAmB,CAAC,CAAC,CAAC;AAC/D,CAAC,CAAC,CAAC;AAEH,IAAI,CAAC,oFAAoF,EAAE,KAAK,IAAI,EAAE;IACpG,MAAM,GAAG,GAAG,KAAK,EAAE,CAAC;IACpB,MAAM,IAAI,GAAG,GAAG,CAAC,gBAAgB,CAAC,OAAO,EAAE,iBAAiB,CAAC,gBAAgB,CAAC,CAAC;IAC/E,MAAM,MAAM,GAAG,GAAG,CAAC,eAAe,CAAC;QACjC,SAAS,EAAE,OAAO,EAAE,UAAU,EAAE,IAAI,CAAC,UAAU,EAAE,WAAW,EAAE,IAAI,CAAC,WAAW;QAC9E,iBAAiB,EAAE,IAAI,CAAC,iBAAiB,EAAE,YAAY,EAAE,CAAC,aAAa,CAAC,EAAE,KAAK,EAAE,iBAAiB;KACnG,CAAC,CAAC;IAEH,MAAM,CAAC,EAAE,CAAC,MAAM,CAAC,SAAS,CAAC,SAAS,EAAE,yBAAyB,CAAC,CAAC;IACjE,MAAM,GAAG,GAAG,IAAI,OAAO,CAAC,qCAAqC,EAAE,EAAE,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,EAAE,CAAC,CAAC;IACpI,MAAM,GAAG,GAAG,MAAM,MAAM,CAAC,SAAS,CAAC,SAAU,CAAC,GAAG,CAAC,CAAC;IAEnD,+EAA+E;IAC/E,kDAAkD;IAClD,MAAM,CAAC,EAAE,CAAC,GAAG,YAAY,OAAO,EAAE,kDAAkD,CAAC,CAAC;IACtF,MAAM,SAAS,GAAG,GAAc,CAAC;IACjC,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;IACnC,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,QAAQ,EAAE,aAAa,CAAC,CAAC;IAC1C,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,QAAQ,EAAE,8BAA8B,CAAC,CAAC;IAC3D,MAAM,CAAC,KAAK,CAAC,SAAS,CAAC,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,EAAE,iBAAiB,CAAC,gBAAgB,CAAC,CAAC;AAChG,CAAC,CAAC,CAAC;AAEH,IAAI,CAAC,uLAAuL,EAAE,KAAK,IAAI,EAAE;IACvM,MAAM,GAAG,GAAG,KAAK,EAAE,CAAC;IACpB,MAAM,IAAI,GAAG,GAAG,CAAC,gBAAgB,CAAC,OAAO,EAAE,iBAAiB,CAAC,gBAAgB,CAAC,CAAC;IAC/E,MAAM,MAAM,GAAG,GAAG,CAAC,eAAe,CAAC;QACjC,SAAS,EAAE,OAAO,EAAE,UAAU,EAAE,IAAI,CAAC,UAAU,EAAE,WAAW,EAAE,IAAI,CAAC,WAAW;QAC9E,iBAAiB,EAAE,IAAI,CAAC,iBAAiB;QACzC,YAAY,EAAE,CAAC,aAAa,EAAE,oBAAoB,EAAE,YAAY,CAAC,EAAE,KAAK,EAAE,iBAAiB;KAC5F,CAAC,CAAC;IACH,oFAAoF;IACpF,kFAAkF;IAClF,iFAAiF;IACjF,gFAAgF;IAChF,iFAAiF;IACjF,KAAK,MAAM,MAAM,IAAI;QACnB,wDAAwD;QACxD,oCAAoC;KACrC,EAAE,CAAC;QACF,MAAM,GAAG,GAAG,MAAM,MAAM,CAAC,SAAS,CAAC,SAAU,CAAC,IAAI,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC;QACnE,IAAI,GAAG,YAAY,OAAO,EAAE,CAAC;YAC3B,MAAM,CAAC,KAAK,CAAC,IAAI,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,QAAQ,EAAE,IAAI,GAAG,CAAC,MAAM,CAAC,CAAC,QAAQ,CAAC,CAAC;QACpE,CAAC;IACH,CAAC;AACH,CAAC,CAAC,CAAC;AAEH,IAAI,CAAC,iFAAiF,EAAE,KAAK,IAAI,EAAE;IACjG,MAAM,GAAG,GAAG,KAAK,EAAE,CAAC;IACpB,MAAM,IAAI,GAAG,GAAG,CAAC,gBAAgB,CAAC,OAAO,CAAC,CAAC;IAC3C,MAAM,WAAW,GAAc,EAAE,WAAW,EAAE,iBAAiB,EAAE,WAAW,EAAE,IAAI,EAAE,CAAC;IACrF,MAAM,MAAM,GAAG,GAAG,CAAC,eAAe,CAAC;QACjC,SAAS,EAAE,OAAO,EAAE,UAAU,EAAE,IAAI,CAAC,UAAU,EAAE,WAAW,EAAE,IAAI,CAAC,WAAW;QAC9E,iBAAiB,EAAE,IAAI,CAAC,iBAAiB,EAAE,YAAY,EAAE,CAAC,aAAa,CAAC,EAAE,KAAK,EAAE,WAAW;KAC7F,CAAC,CAAC;IACH,MAAM,GAAG,GAAG,IAAI,OAAO,CAAC,qCAAqC,EAAE,EAAE,MAAM,EAAE,MAAM,EAAE,CAAC,CAAC;IACnF,MAAM,GAAG,GAAG,MAAM,MAAM,CAAC,SAAS,CAAC,SAAU,CAAC,GAAG,CAAC,CAAC;IACnD,mFAAmF;IACnF,iFAAiF;IACjF,oEAAoE;IACpE,IAAI,GAAG,YAAY,OAAO,EAAE,CAAC;QAC3B,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QAC7B,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,QAAQ,EAAE,gBAAgB,CAAC,CAAC;QAC7C,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,QAAQ,EAAE,eAAe,CAAC,CAAC;IAC9C,CAAC;AACH,CAAC,CAAC,CAAC;AAEH,IAAI,CAAC,kFAAkF,EAAE,GAAG,EAAE;IAC5F,MAAM,GAAG,GAAG,KAAK,EAAE,CAAC;IACpB,KAAK,MAAM,OAAO,IAAI,CAAC,QAAQ,EAAE,OAAO,CAAU,EAAE,CAAC;QACnD,MAAM,IAAI,GAAG,GAAG,CAAC,gBAAgB,CAAC,OAAO,CAAC,CAAC;QAC3C,MAAM,KAAK,GAAqB,OAAO,KAAK,OAAO,CAAC,CAAC,CAAC,iBAAiB,CAAC,CAAC,CAAC,EAAE,WAAW,EAAE,MAAM,EAAE,WAAW,EAAE,IAAI,EAAE,CAAC;QACrH,MAAM,MAAM,GAAG,GAAG,CAAC,eAAe,CAAC;YACjC,SAAS,EAAE,OAAO,EAAE,UAAU,EAAE,IAAI,CAAC,UAAU,EAAE,WAAW,EAAE,IAAI,CAAC,WAAW;YAC9E,iBAAiB,EAAE,IAAI,CAAC,iBAAiB,EAAE,YAAY,EAAE,CAAC,GAAG,IAAI,CAAC,iBAAiB,CAAC,EAAE,KAAK;SAC5F,CAAC,CAAC;QACH,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,SAAS,CAAC,UAAU,EAAE,SAAS,EAAE,GAAG,OAAO,4BAA4B,CAAC,CAAC;QAC7F,MAAM,CAAC,EAAE,CAAC,MAAM,CAAC,SAAS,CAAC,SAAS,EAAE,GAAG,OAAO,sBAAsB,CAAC,CAAC;IAC1E,CAAC;AACH,CAAC,CAAC,CAAC;AAEH,IAAI,CAAC,qEAAqE,EAAE,GAAG,EAAE;IAC/E,MAAM,GAAG,GAAG,KAAK,EAAE,CAAC;IACpB,yEAAyE;IACzE,mEAAmE;IACnE,MAAM,CAAC,KAAK,CAAC,OAAO,GAAG,CAAC,IAAI,CAAC,KAAK,EAAE,UAAU,CAAC,CAAC;IAChD,MAAM,CAAC,KAAK,CAAC,OAAO,GAAG,CAAC,IAAI,CAAC,OAAO,EAAE,UAAU,CAAC,CAAC;IAClD,MAAM,CAAC,KAAK,CAAC,OAAO,GAAG,CAAC,QAAQ,CAAC,QAAQ,EAAE,UAAU,CAAC,CAAC;IACvD,MAAM,CAAC,KAAK,CAAC,OAAO,GAAG,CAAC,MAAM,CAAC,KAAK,EAAE,UAAU,CAAC,CAAC;IAClD,MAAM,CAAC,KAAK,CAAC,OAAO,GAAG,CAAC,MAAM,CAAC,IAAI,EAAE,UAAU,CAAC,CAAC;AACnD,CAAC,CAAC,CAAC"}
package/dist/tests/shell/dockerfile-mise-pin.test.js ADDED
@@ -0,0 +1,51 @@
1
+ // Guard test for the agent image's mise install (images/agents/Dockerfile.agents,
2
+ // issue 209).
3
+ //
4
+ // LOAD-BEARING (issue 209 review): the base image must install mise from a PINNED,
5
+ // checksum-verified artifact under repo control — NOT a live `curl https://mise.run | sh`
6
+ // pipe that would run whatever installer + binary the endpoint serves at build time.
7
+ // This test reads the tracked Dockerfile and asserts the install stays a download +
8
+ // `sha256sum -c` against repo-pinned per-arch hashes, so a future edit can't silently
9
+ // regress to an unchecked pipe-to-shell or drift the verified version away from its hash.
10
+ import { test } from 'node:test';
11
+ import assert from 'node:assert/strict';
12
+ import { readFileSync } from 'node:fs';
13
+ import { fileURLToPath } from 'node:url';
14
+ const DOCKERFILE = fileURLToPath(new URL('../../images/agents/Dockerfile.agents', import.meta.url));
15
+ const source = readFileSync(DOCKERFILE, 'utf8');
16
+ // The build INSTRUCTIONS only (Dockerfile comments are full-line `#…`). The header
17
+ // comments deliberately NAME the `curl https://mise.run | sh` anti-pattern to explain
18
+ // what the install avoids, so the pipe-to-shell guard must inspect instructions, not prose.
19
+ const instructions = source
20
+ .split('\n')
21
+ .filter((l) => !/^\s*#/.test(l))
22
+ .join('\n');
23
+ // The repo-pinned mise version + per-arch tarball SHA-256s. These must match the
24
+ // Dockerfile ARGs exactly; bumping mise is a conscious edit to BOTH the version and the
25
+ // hashes (recomputed from the same registry tarball the build downloads — see the
26
+ // Dockerfile comment). Keeping them here makes an accidental version/hash drift a test
27
+ // failure rather than a build that verifies a stale or mismatched artifact.
28
+ const PINNED_VERSION = '2026.4.16';
29
+ const PINNED_SHA256 = {
30
+ amd64: '782fcbe718f0383c9a73483ab8fff6cbfd1106d0e1858617af24c038ca6c7c75',
31
+ arm64: '0c1ed86b847d4100f94aad88f1e5bf907984eda5eea705f6c1b1b385fbb5cdf2',
32
+ };
33
+ test('mise is NOT installed via a pipe-to-shell (no curl | sh, no mise.run)', () => {
34
+ assert.doesNotMatch(instructions, /mise\.run/, 'must not curl the mise.run installer (unpinned, served at build time)');
35
+ // No `... | sh` / `| bash` install pipe in any build instruction.
36
+ assert.doesNotMatch(instructions, /\|\s*(sh|bash)\b/, 'must not pipe a downloaded script into a shell');
37
+ });
38
+ test('mise install verifies the downloaded artifact with sha256sum -c', () => {
39
+ assert.match(instructions, /sha256sum\s+-c/, 'install must verify via `sha256sum -c`');
40
+ });
41
+ test('mise version + per-arch tarball SHA-256s are pinned under repo control', () => {
42
+ assert.match(source, new RegExp(`ARG\\s+MISE_VERSION=${PINNED_VERSION.replace(/\./g, '\\.')}\\b`), `MISE_VERSION must be pinned to ${PINNED_VERSION}`);
43
+ assert.match(source, new RegExp(`ARG\\s+MISE_SHA256_AMD64=${PINNED_SHA256.amd64}\\b`), 'amd64 tarball SHA-256 must be pinned to the verified value');
44
+ assert.match(source, new RegExp(`ARG\\s+MISE_SHA256_ARM64=${PINNED_SHA256.arm64}\\b`), 'arm64 tarball SHA-256 must be pinned to the verified value');
45
+ });
46
+ test('mise is downloaded from the registry.npmjs.org platform package', () => {
47
+ // The verified artifact is the @jdxcode/mise-linux-<arch> npm tarball (an already
48
+ // allowed mise egress host), so the pinned hash can be recomputed from the same source.
49
+ assert.match(source, /registry\.npmjs\.org\/@jdxcode\/mise-linux-/, 'must download the mise binary from the @jdxcode/mise-linux-<arch> npm package');
50
+ });
51
+ //# sourceMappingURL=dockerfile-mise-pin.test.js.map
package/dist/tests/shell/dockerfile-mise-pin.test.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"dockerfile-mise-pin.test.js","sourceRoot":"","sources":["../../../tests/shell/dockerfile-mise-pin.test.ts"],"names":[],"mappings":"AAAA,kFAAkF;AAClF,cAAc;AACd,EAAE;AACF,mFAAmF;AACnF,0FAA0F;AAC1F,qFAAqF;AACrF,oFAAoF;AACpF,sFAAsF;AACtF,0FAA0F;AAE1F,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AACjC,OAAO,MAAM,MAAM,oBAAoB,CAAC;AACxC,OAAO,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AACvC,OAAO,EAAE,aAAa,EAAE,MAAM,UAAU,CAAC;AAEzC,MAAM,UAAU,GAAG,aAAa,CAC9B,IAAI,GAAG,CAAC,uCAAuC,EAAE,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAClE,CAAC;AACF,MAAM,MAAM,GAAG,YAAY,CAAC,UAAU,EAAE,MAAM,CAAC,CAAC;AAEhD,mFAAmF;AACnF,sFAAsF;AACtF,4FAA4F;AAC5F,MAAM,YAAY,GAAG,MAAM;KACxB,KAAK,CAAC,IAAI,CAAC;KACX,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;KAC/B,IAAI,CAAC,IAAI,CAAC,CAAC;AAEd,iFAAiF;AACjF,wFAAwF;AACxF,kFAAkF;AAClF,uFAAuF;AACvF,4EAA4E;AAC5E,MAAM,cAAc,GAAG,WAAW,CAAC;AACnC,MAAM,aAAa,GAAG;IACpB,KAAK,EAAE,kEAAkE;IACzE,KAAK,EAAE,kEAAkE;CACjE,CAAC;AAEX,IAAI,CAAC,uEAAuE,EAAE,GAAG,EAAE;IACjF,MAAM,CAAC,YAAY,CACjB,YAAY,EACZ,WAAW,EACX,uEAAuE,CACxE,CAAC;IACF,kEAAkE;IAClE,MAAM,CAAC,YAAY,CACjB,YAAY,EACZ,kBAAkB,EAClB,gDAAgD,CACjD,CAAC;AACJ,CAAC,CAAC,CAAC;AAEH,IAAI,CAAC,iEAAiE,EAAE,GAAG,EAAE;IAC3E,MAAM,CAAC,KAAK,CAAC,YAAY,EAAE,gBAAgB,EAAE,wCAAwC,CAAC,CAAC;AACzF,CAAC,CAAC,CAAC;AAEH,IAAI,CAAC,wEAAwE,EAAE,GAAG,EAAE;IAClF,MAAM,CAAC,KAAK,CACV,MAAM,EACN,IAAI,MAAM,CAAC,uBAAuB,cAAc,CAAC,OAAO,CAAC,KAAK,EAAE,KAAK,CAAC,KAAK,CAAC,EAC5E,kCAAkC,cAAc,EAAE,CACnD,CAAC;IACF,MAAM,CAAC,KAAK,CACV,MAAM,EACN,IAAI,MAAM,CAAC,4BAA4B,aAAa,CAAC,KAAK,KAAK,CAAC,EAChE,4DAA4D,CAC7D,CAAC;IACF,MAAM,CAAC,KAAK,CACV,MAAM,EACN,IAAI,MAAM,CAAC,4BAA4B,aAAa,CAAC,KAAK,KAAK,CAAC,EAChE,4DAA4D,CAC7D,CAAC;AACJ,CAAC,CAAC,CAAC;AAEH,IAAI,CAAC,iEAAiE,EAAE,GAAG,EAAE;IAC3E,kFAAkF;IAClF,wFAAwF;IACxF,MAAM,CAAC,KAAK,CACV,MAAM,EACN,6CAA6C,EAC7C,+EAA+E,CAChF,CAAC;AACJ,CAAC,CAAC,CAAC"}
package/dist/tests/shell/doctor.test.js ADDED
@@ -0,0 +1,101 @@
1
+ // Shell test for the `symphony doctor` credential probe wiring — pins the §4a fix:
2
+ // the doctor must resolve host-credential PATHS through the SAME injected core
3
+ // builders the startup probe (workflow-loader) uses, instead of joining them
4
+ // inline; this asserts the doctor's codex probe message embeds the core-derived
5
+ // `hostCodexCredentialPath`.
6
+ import { test } from 'node:test';
7
+ import assert from 'node:assert/strict';
8
+ import os from 'node:os';
9
+ import path from 'node:path';
10
+ import { mkdtemp, mkdir, writeFile, rm } from 'node:fs/promises';
11
+ import { parse as parseYaml } from 'yaml';
12
+ import { defaultDoctorDeps, runDoctorCli } from '../../src/shell/cli/doctor.js';
13
+ import { loadWorkflowProbed } from '../../src/shell/adapter/workflow-loader.js';
14
+ // REAL core credential decisions (the SAME bundle main.ts injects into the doctor).
15
+ import { hostClaudeCredentialPath, hostCodexCredentialPath, codexCredentialAvailable, codexMissingCredentialMessage, isKnownAdapter, } from '../../src/core/credential/availability.js';
16
+ import { requiredAdapterIds } from '../../src/core/workflow/derive.js';
17
+ import { parseWorkflow } from '../../src/core/workflow/parse.js';
18
+ import { probePromptTemplates } from '../../src/core/workflow/prompt-probe.js';
19
+ // REAL core doctor render bundle (the SAME functions main.ts threads into runDoctorCli).
20
+ import { checkNodeVersion, checkWorkflow, checkGondolinImage, checkTrackerRoot, checkDashboardPort, formatDoctorReport, doctorReportPassed, } from '../../src/core/doctor/checks.js';
21
+ const CORE = {
22
+ hostClaudeCredentialPath,
23
+ hostCodexCredentialPath,
24
+ codexCredentialAvailable,
25
+ codexMissingCredentialMessage,
26
+ requiredAdapterIds,
27
+ isKnownAdapter,
28
+ };
29
+ test('doctor codex probe message embeds the core-derived hostCodexCredentialPath', () => {
30
+ const home = os.homedir();
31
+ const deps = defaultDoctorDeps(CORE);
32
+ // OPENAI_API_KEY set → codex available (no fs read), and the PASS detail names
33
+ // the core codex path. This is deterministic regardless of the host fs.
34
+ const probe = deps.probeCredential('codex', { OPENAI_API_KEY: 'sk-test' });
35
+ assert.equal(probe.readable, true);
36
+ assert.match(probe.detail, new RegExp(hostCodexCredentialPath(home).replace(/[.]/g, '\\.')));
37
+ });
38
+ test('doctor classifiers throw a clear error when the composition root never injected core', () => {
39
+ const deps = defaultDoctorDeps(); // no core bundle
40
+ assert.throws(() => deps.probeCredential('codex', {}), /core credential\/adapter decisions must be injected/);
41
+ });
42
+ // ─── render-probe threaded through the doctor load path ────────────────────────
43
+ //
44
+ // Pins the fix: `symphony doctor` must FAIL on an UNPARSEABLE per-state prompt_file,
45
+ // not just a missing one. Wire the doctor EXACTLY as main.ts does — load through
46
+ // loadWorkflowProbed (which runs the pure render-probe) and render with the real
47
+ // core check bundle — against a split workflow whose Todo.md has an unknown Liquid
48
+ // tag. The workflow check must FAIL with the render error, and the doctor exits 1.
49
+ const DOCTOR_RENDER = {
50
+ checkNodeVersion,
51
+ checkWorkflow,
52
+ checkGondolinImage,
53
+ checkTrackerRoot,
54
+ checkDashboardPort,
55
+ formatDoctorReport,
56
+ doctorReportPassed,
57
+ };
58
+ const parse = (text, workflowPath) => {
59
+ const { config, definition } = parseWorkflow(text, workflowPath, { parseYaml }, process.env);
60
+ return { config, definition };
61
+ };
62
+ test('symphony doctor FAILs an unparseable prompt_file via the threaded render-probe', async () => {
63
+ const dir = await mkdtemp(path.join(os.tmpdir(), 'sym-doctor-bad-prompt-'));
64
+ try {
65
+ await mkdir(path.join(dir, 'prompts'), { recursive: true });
66
+ // `{% include %}` is the no-include escape hatch the strict-Liquid subset rejects.
67
+ await writeFile(path.join(dir, 'prompts', 'Todo.md'), 'Body: {% include "x.md" %}');
68
+ const wf = path.join(dir, 'WORKFLOW.yaml');
69
+ await writeFile(wf, [
70
+ 'tracker:',
71
+ ' kind: local',
72
+ 'states:',
73
+ ' Todo:',
74
+ ' role: active',
75
+ ' prompt_file: prompts/Todo.md',
76
+ ' Done:',
77
+ ' role: terminal',
78
+ ' Triage:',
79
+ ' role: holding',
80
+ ].join('\n'));
81
+ let report = '';
82
+ // loadConfig wired identically to main.ts's doctor closure (load + render-probe).
83
+ const deps = {
84
+ ...defaultDoctorDeps(CORE),
85
+ loadConfig: (p) => loadWorkflowProbed(p, parse, probePromptTemplates).then((r) => r.config),
86
+ };
87
+ const code = await runDoctorCli({ workflowPath: wf, port: null }, DOCTOR_RENDER, deps, (s) => {
88
+ report += s;
89
+ });
90
+ assert.equal(code, 1, 'doctor must exit non-zero on an unparseable prompt_file');
91
+ assert.match(report, /FAIL\s+workflow/, 'the workflow check must FAIL');
92
+ assert.match(report, /failed to render/, 'the render-probe error must surface in the report');
93
+ // Error attribution: the doctor report must name the offending SOURCE FILE
94
+ // (absolute path of the bad prompt_file), not just the assembled blob/state.
95
+ assert.ok(report.includes(path.join(dir, 'prompts', 'Todo.md')), 'the doctor report must name the offending prompt file path');
96
+ }
97
+ finally {
98
+ await rm(dir, { recursive: true, force: true });
99
+ }
100
+ });
101
+ //# sourceMappingURL=doctor.test.js.map
package/dist/tests/shell/doctor.test.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"doctor.test.js","sourceRoot":"","sources":["../../../tests/shell/doctor.test.ts"],"names":[],"mappings":"AAAA,mFAAmF;AACnF,+EAA+E;AAC/E,6EAA6E;AAC7E,gFAAgF;AAChF,6BAA6B;AAE7B,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AACjC,OAAO,MAAM,MAAM,oBAAoB,CAAC;AACxC,OAAO,EAAE,MAAM,SAAS,CAAC;AACzB,OAAO,IAAI,MAAM,WAAW,CAAC;AAC7B,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,SAAS,EAAE,EAAE,EAAE,MAAM,kBAAkB,CAAC;AACjE,OAAO,EAAE,KAAK,IAAI,SAAS,EAAE,MAAM,MAAM,CAAC;AAE1C,OAAO,EAAE,iBAAiB,EAAE,YAAY,EAAE,MAAM,+BAA+B,CAAC;AAChF,OAAO,EAAE,kBAAkB,EAAE,MAAM,4CAA4C,CAAC;AAEhF,oFAAoF;AACpF,OAAO,EACL,wBAAwB,EACxB,uBAAuB,EACvB,wBAAwB,EACxB,6BAA6B,EAC7B,cAAc,GACf,MAAM,2CAA2C,CAAC;AACnD,OAAO,EAAE,kBAAkB,EAAE,MAAM,mCAAmC,CAAC;AACvE,OAAO,EAAE,aAAa,EAAE,MAAM,kCAAkC,CAAC;AACjE,OAAO,EAAE,oBAAoB,EAAE,MAAM,yCAAyC,CAAC;AAC/E,yFAAyF;AACzF,OAAO,EACL,gBAAgB,EAChB,aAAa,EACb,kBAAkB,EAClB,gBAAgB,EAChB,kBAAkB,EAClB,kBAAkB,EAClB,kBAAkB,GACnB,MAAM,iCAAiC,CAAC;AAEzC,MAAM,IAAI,GAAG;IACX,wBAAwB;IACxB,uBAAuB;IACvB,wBAAwB;IACxB,6BAA6B;IAC7B,kBAAkB;IAClB,cAAc;CACf,CAAC;AAEF,IAAI,CAAC,4EAA4E,EAAE,GAAG,EAAE;IACtF,MAAM,IAAI,GAAG,EAAE,CAAC,OAAO,EAAE,CAAC;IAC1B,MAAM,IAAI,GAAG,iBAAiB,CAAC,IAAI,CAAC,CAAC;IACrC,+EAA+E;IAC/E,wEAAwE;IACxE,MAAM,KAAK,GAAG,IAAI,CAAC,eAAe,CAAC,OAAO,EAAE,EAAE,cAAc,EAAE,SAAS,EAAwC,CAAC,CAAC;IACjH,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAC;IACnC,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,MAAM,EAAE,IAAI,MAAM,CAAC,uBAAuB,CAAC,IAAI,CAAC,CAAC,OAAO,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC,CAAC,CAAC;AAC/F,CAAC,CAAC,CAAC;AAEH,IAAI,CAAC,sFAAsF,EAAE,GAAG,EAAE;IAChG,MAAM,IAAI,GAAG,iBAAiB,EAAE,CAAC,CAAC,iBAAiB;IACnD,MAAM,CAAC,MAAM,CACX,GAAG,EAAE,CAAC,IAAI,CAAC,eAAe,CAAC,OAAO,EAAE,EAAwC,CAAC,EAC7E,qDAAqD,CACtD,CAAC;AACJ,CAAC,CAAC,CAAC;AAEH,kFAAkF;AAClF,EAAE;AACF,qFAAqF;AACrF,iFAAiF;AACjF,iFAAiF;AACjF,mFAAmF;AACnF,mFAAmF;AAEnF,MAAM,aAAa,GAAG;IACpB,gBAAgB;IAChB,aAAa;IACb,kBAAkB;IAClB,gBAAgB;IAChB,kBAAkB;IAClB,kBAAkB;IAClB,kBAAkB;CACnB,CAAC;AAEF,MAAM,KAAK,GAAsB,CAAC,IAAI,EAAE,YAAY,EAAE,EAAE;IACtD,MAAM,EAAE,MAAM,EAAE,UAAU,EAAE,GAAG,aAAa,CAAC,IAAI,EAAE,YAAY,EAAE,EAAE,SAAS,EAAE,EAAE,OAAO,CAAC,GAAG,CAAC,CAAC;IAC7F,OAAO,EAAE,MAAM,EAAE,UAAU,EAAE,CAAC;AAChC,CAAC,CAAC;AAEF,IAAI,CAAC,gFAAgF,EAAE,KAAK,IAAI,EAAE;IAChG,MAAM,GAAG,GAAG,MAAM,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,MAAM,EAAE,EAAE,wBAAwB,CAAC,CAAC,CAAC;IAC5E,IAAI,CAAC;QACH,MAAM,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,SAAS,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QAC5D,mFAAmF;QACnF,MAAM,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,SAAS,EAAE,SAAS,CAAC,EAAE,4BAA4B,CAAC,CAAC;QACpF,MAAM,EAAE,GAAG,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,eAAe,CAAC,CAAC;QAC3C,MAAM,SAAS,CACb,EAAE,EACF;YACE,UAAU;YACV,eAAe;YACf,SAAS;YACT,SAAS;YACT,kBAAkB;YAClB,kCAAkC;YAClC,SAAS;YACT,oBAAoB;YACpB,WAAW;YACX,mBAAmB;SACpB,CAAC,IAAI,CAAC,IAAI,CAAC,CACb,CAAC;QAEF,IAAI,MAAM,GAAG,EAAE,CAAC;QAChB,kFAAkF;QAClF,MAAM,IAAI,GAAG;YACX,GAAG,iBAAiB,CAAC,IAAI,CAAC;YAC1B,UAAU,EAAE,CAAC,CAAS,EAAE,EAAE,CAAC,kBAAkB,CAAC,CAAC,EAAE,KAAK,EAAE,oBAAoB,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC;SACpG,CAAC;QACF,MAAM,IAAI,GAAG,MAAM,YAAY,CAAC,EAAE,YAAY,EAAE,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE,EAAE,aAAa,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,EAAE;YAC3F,MAAM,IAAI,CAAC,CAAC;QACd,CAAC,CAAC,CAAC;QAEH,MAAM,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC,EAAE,yDAAyD,CAAC,CAAC;QACjF,MAAM,CAAC,KAAK,CAAC,MAAM,EAAE,iBAAiB,EAAE,8BAA8B,CAAC,CAAC;QACxE,MAAM,CAAC,KAAK,CAAC,MAAM,EAAE,kBAAkB,EAAE,mDAAmD,CAAC,CAAC;QAC9F,2EAA2E;QAC3E,6EAA6E;QAC7E,MAAM,CAAC,EAAE,CACP,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,SAAS,EAAE,SAAS,CAAC,CAAC,EACrD,4DAA4D,CAC7D,CAAC;IACJ,CAAC;YAAS,CAAC;QACT,MAAM,EAAE,CAAC,GAAG,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;IAClD,CAAC;AACH,CAAC,CAAC,CAAC"}
package/dist/tests/shell/effect-vm-create.test.js ADDED
@@ -0,0 +1,52 @@
1
+ // Focused test for the `vm` effect family's `create` handler (issue 222): the
2
+ // `vm:create` effect carries `rootfsSize` and the handler threads it into the
3
+ // CreateVmOptions it hands the VmClient port. Only `deps.vm` is exercised, so the rest
4
+ // of EffectAdapters is an inert cast.
5
+ import { test } from 'node:test';
6
+ import assert from 'node:assert/strict';
7
+ import { buildFamilies } from '../../src/shell/effect-interpreter-families.js';
8
+ function createEffect(rootfsSize) {
9
+ return {
10
+ family: 'vm',
11
+ kind: 'create',
12
+ sessionLabel: 'symphony-test',
13
+ imagePath: '/img',
14
+ cpus: 1,
15
+ memMib: 512,
16
+ rootfsSize,
17
+ mounts: [],
18
+ env: {},
19
+ guestFiles: [],
20
+ allowWebSockets: false,
21
+ tcpHosts: {},
22
+ };
23
+ }
24
+ function familiesCapturingCreate() {
25
+ let captured = null;
26
+ const vm = {
27
+ createVm: async (opts) => {
28
+ captured = opts;
29
+ return { id: 'vm-1', exec: () => { throw new Error('unused'); }, close: async () => undefined };
30
+ },
31
+ listSessions: async () => [],
32
+ gc: async () => 0,
33
+ killAllVms: () => 0,
34
+ };
35
+ const families = buildFamilies({ vm });
36
+ return {
37
+ run: (rootfsSize) => Promise.resolve(families.vm(createEffect(rootfsSize))),
38
+ captured: () => captured,
39
+ };
40
+ }
41
+ test('vm:create effect threads rootfsSize into CreateVmOptions', async () => {
42
+ const f = familiesCapturingCreate();
43
+ const result = await f.run('5G');
44
+ assert.deepEqual(result, { kind: 'vm_created', vmId: 'vm-1', hostPid: undefined });
45
+ assert.equal(f.captured()?.rootfsSize, '5G');
46
+ });
47
+ test('vm:create effect with no rootfsSize leaves it undefined (substrate default)', async () => {
48
+ const f = familiesCapturingCreate();
49
+ await f.run(undefined);
50
+ assert.equal(f.captured()?.rootfsSize, undefined);
51
+ });
52
+ //# sourceMappingURL=effect-vm-create.test.js.map
package/dist/tests/shell/effect-vm-create.test.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"effect-vm-create.test.js","sourceRoot":"","sources":["../../../tests/shell/effect-vm-create.test.ts"],"names":[],"mappings":"AAAA,8EAA8E;AAC9E,8EAA8E;AAC9E,uFAAuF;AACvF,sCAAsC;AAEtC,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AACjC,OAAO,MAAM,MAAM,oBAAoB,CAAC;AAExC,OAAO,EAAE,aAAa,EAAE,MAAM,gDAAgD,CAAC;AAK/E,SAAS,YAAY,CAAC,UAAmB;IACvC,OAAO;QACL,MAAM,EAAE,IAAI;QACZ,IAAI,EAAE,QAAQ;QACd,YAAY,EAAE,eAAe;QAC7B,SAAS,EAAE,MAAM;QACjB,IAAI,EAAE,CAAC;QACP,MAAM,EAAE,GAAG;QACX,UAAU;QACV,MAAM,EAAE,EAAE;QACV,GAAG,EAAE,EAAE;QACP,UAAU,EAAE,EAAE;QACd,eAAe,EAAE,KAAK;QACtB,QAAQ,EAAE,EAAE;KACb,CAAC;AACJ,CAAC;AAED,SAAS,uBAAuB;IAC9B,IAAI,QAAQ,GAA2B,IAAI,CAAC;IAC5C,MAAM,EAAE,GAAa;QACnB,QAAQ,EAAE,KAAK,EAAE,IAAqB,EAAqB,EAAE;YAC3D,QAAQ,GAAG,IAAI,CAAC;YAChB,OAAO,EAAE,EAAE,EAAE,MAAM,EAAE,IAAI,EAAE,GAAG,EAAE,GAAG,MAAM,IAAI,KAAK,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,KAAK,IAAI,EAAE,CAAC,SAAS,EAAE,CAAC;QAClG,CAAC;QACD,YAAY,EAAE,KAAK,IAAI,EAAE,CAAC,EAAE;QAC5B,EAAE,EAAE,KAAK,IAAI,EAAE,CAAC,CAAC;QACjB,UAAU,EAAE,GAAG,EAAE,CAAC,CAAC;KACpB,CAAC;IACF,MAAM,QAAQ,GAAG,aAAa,CAAC,EAAE,EAAE,EAA+B,CAAC,CAAC;IACpE,OAAO;QACL,GAAG,EAAE,CAAC,UAAmB,EAAE,EAAE,CAAC,OAAO,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAG,CAAC,YAAY,CAAC,UAAU,CAAC,CAAC,CAAC;QACrF,QAAQ,EAAE,GAAG,EAAE,CAAC,QAAQ;KACzB,CAAC;AACJ,CAAC;AAED,IAAI,CAAC,0DAA0D,EAAE,KAAK,IAAI,EAAE;IAC1E,MAAM,CAAC,GAAG,uBAAuB,EAAE,CAAC;IACpC,MAAM,MAAM,GAAG,MAAM,CAAC,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;IACjC,MAAM,CAAC,SAAS,CAAC,MAAM,EAAE,EAAE,IAAI,EAAE,YAAY,EAAE,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,SAAS,EAAE,CAAC,CAAC;IACnF,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,QAAQ,EAAE,EAAE,UAAU,EAAE,IAAI,CAAC,CAAC;AAC/C,CAAC,CAAC,CAAC;AAEH,IAAI,CAAC,6EAA6E,EAAE,KAAK,IAAI,EAAE;IAC7F,MAAM,CAAC,GAAG,uBAAuB,EAAE,CAAC;IACpC,MAAM,CAAC,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;IACvB,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,QAAQ,EAAE,EAAE,UAAU,EAAE,SAAS,CAAC,CAAC;AACpD,CAAC,CAAC,CAAC"}
package/dist/tests/shell/gh-port.test.js ADDED
@@ -0,0 +1,63 @@
1
+ // GhCliPort `--repo <slug>` injection (issue: PR-autopilot repo targeting).
2
+ //
3
+ // The autopilot runs `gh` from the stable source repo, whose `origin` may not be
4
+ // the configured `workspace.github_repo` (the out-of-repo control-dir layout) or
5
+ // may be absent. So the adapter appends `--repo <slug>` to autopilot `gh pr`
6
+ // verbs — except `pr create`, which runs in the per-issue workspace whose origin
7
+ // is already the target. A null slug (local-only) leaves argv untouched.
8
+ import { test } from 'node:test';
9
+ import assert from 'node:assert/strict';
10
+ import { GhCliPort } from '../../src/shell/interp/gh.js';
11
+ function fakeProc() {
12
+ const calls = [];
13
+ const proc = {
14
+ run: async (argv) => {
15
+ calls.push(argv);
16
+ // argv is ['gh','pr',<sub>,...]; feed the read methods parseable payloads.
17
+ const sub = argv[2];
18
+ const stdout = sub === 'list' ? '[]' : sub === 'view' ? '{}' : '';
19
+ return { ran: true, exit_code: 0, signal: null, timed_out: false, stdout, stderr: '' };
20
+ },
21
+ };
22
+ return { proc, calls };
23
+ }
24
+ const repoArg = (c) => c && c.includes('--repo') ? c[c.indexOf('--repo') + 1] : undefined;
25
+ test('GhCliPort: --repo <slug> is appended to autopilot pr verbs (merge/close/update/view/list)', async () => {
26
+ const { proc, calls } = fakeProc();
27
+ const gh = new GhCliPort(proc, { repoSlug: () => 'o/r' });
28
+ await gh.run(['pr', 'merge', '7', '--auto', '--squash', '--delete-branch'], '/cwd');
29
+ await gh.run(['pr', 'close', '7'], '/cwd');
30
+ await gh.run(['pr', 'update-branch', '7'], '/cwd');
31
+ await gh.prView('/cwd', 7);
32
+ await gh.prListForBranch('/cwd', 'agent/7');
33
+ assert.equal(calls.length, 5);
34
+ for (const c of calls) {
35
+ assert.equal(c[0], 'gh');
36
+ assert.equal(repoArg(c), 'o/r', `expected --repo o/r in: ${c.join(' ')}`);
37
+ }
38
+ });
39
+ test('GhCliPort: pr create is exempt (runs in the workspace whose origin is the target)', async () => {
40
+ const { proc, calls } = fakeProc();
41
+ const gh = new GhCliPort(proc, { repoSlug: () => 'o/r' });
42
+ await gh.run(['pr', 'create', '--head', 'agent/7', '--base', 'main', '--title', 't'], '/cwd');
43
+ assert.equal(repoArg(calls[0]), undefined, 'pr create must NOT get --repo');
44
+ });
45
+ test('GhCliPort: a null slug (local-only) infers from cwd — argv untouched', async () => {
46
+ const { proc, calls } = fakeProc();
47
+ const gh = new GhCliPort(proc, { repoSlug: () => null });
48
+ await gh.run(['pr', 'merge', '7', '--auto'], '/cwd');
49
+ assert.equal(repoArg(calls[0]), undefined, 'null slug → no --repo');
50
+ });
51
+ test('GhCliPort: no repoSlug accessor configured — argv untouched', async () => {
52
+ const { proc, calls } = fakeProc();
53
+ const gh = new GhCliPort(proc);
54
+ await gh.run(['pr', 'merge', '7'], '/cwd');
55
+ assert.equal(repoArg(calls[0]), undefined, 'no accessor → no --repo');
56
+ });
57
+ test('GhCliPort: non-pr commands are never repo-scoped', async () => {
58
+ const { proc, calls } = fakeProc();
59
+ const gh = new GhCliPort(proc, { repoSlug: () => 'o/r' });
60
+ await gh.run(['api', 'user'], '/cwd');
61
+ assert.equal(repoArg(calls[0]), undefined, 'non-pr command → no --repo');
62
+ });
63
+ //# sourceMappingURL=gh-port.test.js.map
package/dist/tests/shell/gh-port.test.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"gh-port.test.js","sourceRoot":"","sources":["../../../tests/shell/gh-port.test.ts"],"names":[],"mappings":"AAAA,4EAA4E;AAC5E,EAAE;AACF,iFAAiF;AACjF,iFAAiF;AACjF,6EAA6E;AAC7E,iFAAiF;AACjF,yEAAyE;AAEzE,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AACjC,OAAO,MAAM,MAAM,oBAAoB,CAAC;AAExC,OAAO,EAAE,SAAS,EAAE,MAAM,8BAA8B,CAAC;AAIzD,SAAS,QAAQ;IACf,MAAM,KAAK,GAAe,EAAE,CAAC;IAC7B,MAAM,IAAI,GAAkB;QAC1B,GAAG,EAAE,KAAK,EAAE,IAAc,EAA0B,EAAE;YACpD,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACjB,2EAA2E;YAC3E,MAAM,GAAG,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC;YACpB,MAAM,MAAM,GAAG,GAAG,KAAK,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,GAAG,KAAK,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC;YAClE,OAAO,EAAE,GAAG,EAAE,IAAI,EAAE,SAAS,EAAE,CAAC,EAAE,MAAM,EAAE,IAAI,EAAE,SAAS,EAAE,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,EAAE,EAAE,CAAC;QACzF,CAAC;KACF,CAAC;IACF,OAAO,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC;AACzB,CAAC;AAED,MAAM,OAAO,GAAG,CAAC,CAAuB,EAAsB,EAAE,CAC9D,CAAC,IAAI,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;AAErE,IAAI,CAAC,2FAA2F,EAAE,KAAK,IAAI,EAAE;IAC3G,MAAM,EAAE,IAAI,EAAE,KAAK,EAAE,GAAG,QAAQ,EAAE,CAAC;IACnC,MAAM,EAAE,GAAG,IAAI,SAAS,CAAC,IAAI,EAAE,EAAE,QAAQ,EAAE,GAAG,EAAE,CAAC,KAAK,EAAE,CAAC,CAAC;IAC1D,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,OAAO,EAAE,GAAG,EAAE,QAAQ,EAAE,UAAU,EAAE,iBAAiB,CAAC,EAAE,MAAM,CAAC,CAAC;IACpF,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,OAAO,EAAE,GAAG,CAAC,EAAE,MAAM,CAAC,CAAC;IAC3C,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,eAAe,EAAE,GAAG,CAAC,EAAE,MAAM,CAAC,CAAC;IACnD,MAAM,EAAE,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC;IAC3B,MAAM,EAAE,CAAC,eAAe,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC;IAC5C,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC;IAC9B,KAAK,MAAM,CAAC,IAAI,KAAK,EAAE,CAAC;QACtB,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,IAAI,CAAC,CAAC;QACzB,MAAM,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,2BAA2B,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAC5E,CAAC;AACH,CAAC,CAAC,CAAC;AAEH,IAAI,CAAC,mFAAmF,EAAE,KAAK,IAAI,EAAE;IACnG,MAAM,EAAE,IAAI,EAAE,KAAK,EAAE,GAAG,QAAQ,EAAE,CAAC;IACnC,MAAM,EAAE,GAAG,IAAI,SAAS,CAAC,IAAI,EAAE,EAAE,QAAQ,EAAE,GAAG,EAAE,CAAC,KAAK,EAAE,CAAC,CAAC;IAC1D,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,QAAQ,EAAE,QAAQ,EAAE,SAAS,EAAE,QAAQ,EAAE,MAAM,EAAE,SAAS,EAAE,GAAG,CAAC,EAAE,MAAM,CAAC,CAAC;IAC9F,MAAM,CAAC,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE,SAAS,EAAE,+BAA+B,CAAC,CAAC;AAC9E,CAAC,CAAC,CAAC;AAEH,IAAI,CAAC,sEAAsE,EAAE,KAAK,IAAI,EAAE;IACtF,MAAM,EAAE,IAAI,EAAE,KAAK,EAAE,GAAG,QAAQ,EAAE,CAAC;IACnC,MAAM,EAAE,GAAG,IAAI,SAAS,CAAC,IAAI,EAAE,EAAE,QAAQ,EAAE,GAAG,EAAE,CAAC,IAAI,EAAE,CAAC,CAAC;IACzD,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,OAAO,EAAE,GAAG,EAAE,QAAQ,CAAC,EAAE,MAAM,CAAC,CAAC;IACrD,MAAM,CAAC,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE,SAAS,EAAE,uBAAuB,CAAC,CAAC;AACtE,CAAC,CAAC,CAAC;AAEH,IAAI,CAAC,6DAA6D,EAAE,KAAK,IAAI,EAAE;IAC7E,MAAM,EAAE,IAAI,EAAE,KAAK,EAAE,GAAG,QAAQ,EAAE,CAAC;IACnC,MAAM,EAAE,GAAG,IAAI,SAAS,CAAC,IAAI,CAAC,CAAC;IAC/B,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,OAAO,EAAE,GAAG,CAAC,EAAE,MAAM,CAAC,CAAC;IAC3C,MAAM,CAAC,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE,SAAS,EAAE,yBAAyB,CAAC,CAAC;AACxE,CAAC,CAAC,CAAC;AAEH,IAAI,CAAC,kDAAkD,EAAE,KAAK,IAAI,EAAE;IAClE,MAAM,EAAE,IAAI,EAAE,KAAK,EAAE,GAAG,QAAQ,EAAE,CAAC;IACnC,MAAM,EAAE,GAAG,IAAI,SAAS,CAAC,IAAI,EAAE,EAAE,QAAQ,EAAE,GAAG,EAAE,CAAC,KAAK,EAAE,CAAC,CAAC;IAC1D,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,KAAK,EAAE,MAAM,CAAC,EAAE,MAAM,CAAC,CAAC;IACtC,MAAM,CAAC,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE,SAAS,EAAE,4BAA4B,CAAC,CAAC;AAC3E,CAAC,CAAC,CAAC"}
package/dist/tests/shell/gondolin-dispatch-guard.test.js ADDED
@@ -0,0 +1,144 @@
1
+ // Focused tests for the §2a security wire: the GondolinDispatcher must HARD-FAIL
2
+ // (via the injected core credential-mount guard) BEFORE createVm if any plan mount
3
+ // overlaps a credential directory — the runtime teeth of the host-only-refresh
4
+ // invariant vm-plan.ts documents.
5
+ //
6
+ // Wires the REAL pure core guard (assertNoCredentialMounts) into the dispatcher,
7
+ // the same way main.ts injects it.
8
+ import { test } from 'node:test';
9
+ import assert from 'node:assert/strict';
10
+ import os from 'node:os';
11
+ import { GondolinDispatcher } from '../../src/shell/adapter/gondolin-dispatch.js';
12
+ import { assertNoCredentialMounts } from '../../src/core/vm-guards.js';
13
+ import { byoProbeFailureMessage } from '../../src/core/runner/vm-plan.js';
14
+ import { CredentialMountError } from '../../src/types/errors.js';
15
+ const HOME = os.homedir();
16
+ /** Identity realpath: the guard tests exercise LEXICAL overlap; a dedicated test
17
+ * below injects a symlink-resolving stub to prove the resolved-path rejection. */
18
+ const identityRealpath = async (p) => p;
19
+ /** A per-dispatch egress bundle — inert hooks + a no-op secret manager (the guard
20
+ * tests never reach createVm's hooks; this just satisfies the option shape). */
21
+ const egress = {
22
+ httpHooks: {},
23
+ secretManager: {},
24
+ secretName: 'ANTHROPIC_AUTH_TOKEN',
25
+ adapterId: 'claude',
26
+ };
27
+ function planWith(mounts) {
28
+ return {
29
+ sessionLabel: 'symphony-test',
30
+ imagePath: '/img',
31
+ cpus: 1,
32
+ memMib: 512,
33
+ rootfsSize: '3G',
34
+ mounts,
35
+ env: {},
36
+ guestFiles: [{ guestPath: '/opt/vm-agent.mjs', content: 'x', mode: 0o755 }],
37
+ agentCommand: ['node', '/opt/vm-agent.mjs'],
38
+ tunnel: { mcpGuestBaseUrl: 'http://symphony-mcp:7001', acpWsGuestUrl: 'ws://symphony-mcp:7001/acp', tcpHostEntry: {} },
39
+ allowWebSockets: false,
40
+ // These guard tests abort at the mount guard (or the createVm sentinel) before the
41
+ // install/probe steps, so the mise slice is never executed (empty commands).
42
+ mise: { env: {}, prepCommand: [], installCommand: [] },
43
+ };
44
+ }
45
+ // Inert mise deciders — these guard tests never reach the install/probe steps, so the
46
+ // injected probe-script / install-failure / project-detect deciders are never called.
47
+ const probeScript = () => 'set -e';
48
+ const miseInstallMsg = () => 'mise install failed';
49
+ const noProjectConfig = () => false;
50
+ const noopLog = {
51
+ emit: () => undefined,
52
+ withIssue: () => noopLog,
53
+ };
54
+ function dispatchOptions(plan) {
55
+ return { plan, launchEnv: {}, adapterBin: 'claude', workdir: '/work', egress, onStderr: () => undefined };
56
+ }
57
+ // A VmClient whose createVm records whether it was reached (and throws a sentinel
58
+ // so we don't have to drive the full post-create bring-up).
59
+ class SENTINEL extends Error {
60
+ }
61
+ function spyVmClient() {
62
+ let called = false;
63
+ let mounts = null;
64
+ const client = {
65
+ createVm: async (opts) => {
66
+ called = true;
67
+ mounts = opts.mounts;
68
+ throw new SENTINEL('createVm reached');
69
+ },
70
+ listSessions: async () => [],
71
+ gc: async () => 0,
72
+ killAllVms: () => 0,
73
+ };
74
+ return { client, createVmCalled: () => called, mountsSeen: () => mounts };
75
+ }
76
+ const noopRegistry = {
77
+ register: async () => ({ deregister: () => undefined }),
78
+ };
79
+ test('dispatch HARD-FAILS before createVm when a mount overlaps a credential dir', async () => {
80
+ const spy = spyVmClient();
81
+ const dispatcher = new GondolinDispatcher(spy.client, noopRegistry, assertNoCredentialMounts, identityRealpath, byoProbeFailureMessage, probeScript, miseInstallMsg, noProjectConfig, noopLog);
82
+ const plan = planWith([{ host: '/home/u/work', guest: '/work', readonly: false }, { host: '~/.codex', guest: '/g', readonly: true }]);
83
+ await assert.rejects(() => dispatcher.dispatch(dispatchOptions(plan)), CredentialMountError);
84
+ // The guard threw → createVm must NEVER have been reached.
85
+ assert.equal(spy.createVmCalled(), false);
86
+ });
87
+ test('dispatch HARD-FAILS before createVm when a mount is the home root', async () => {
88
+ const spy = spyVmClient();
89
+ const dispatcher = new GondolinDispatcher(spy.client, noopRegistry, assertNoCredentialMounts, identityRealpath, byoProbeFailureMessage, probeScript, miseInstallMsg, noProjectConfig, noopLog);
90
+ const plan = planWith([{ host: HOME, guest: '/g', readonly: false }]);
91
+ await assert.rejects(() => dispatcher.dispatch(dispatchOptions(plan)), CredentialMountError);
92
+ assert.equal(spy.createVmCalled(), false);
93
+ });
94
+ test('dispatch proceeds to createVm with the plan mounts when no mount is credential-bearing', async () => {
95
+ const spy = spyVmClient();
96
+ const dispatcher = new GondolinDispatcher(spy.client, noopRegistry, assertNoCredentialMounts, identityRealpath, byoProbeFailureMessage, probeScript, miseInstallMsg, noProjectConfig, noopLog);
97
+ const benign = [{ host: '/srv/work/issue-1', guest: '/srv/work/issue-1', readonly: false }];
98
+ const plan = planWith(benign);
99
+ // createVm is reached (then throws our sentinel) — the guard passed.
100
+ await assert.rejects(() => dispatcher.dispatch(dispatchOptions(plan)), SENTINEL);
101
+ assert.equal(spy.createVmCalled(), true);
102
+ assert.deepEqual(spy.mountsSeen(), benign);
103
+ });
104
+ test('the injected guard is invoked BEFORE createVm (order check)', async () => {
105
+ const order = [];
106
+ let createVmReached = false;
107
+ const client = {
108
+ createVm: async () => {
109
+ order.push('createVm');
110
+ createVmReached = true;
111
+ throw new SENTINEL('stop');
112
+ },
113
+ listSessions: async () => [],
114
+ gc: async () => 0,
115
+ killAllVms: () => 0,
116
+ };
117
+ // Recording guard that throws, so createVm must never run.
118
+ const recordingGuard = (mounts) => {
119
+ order.push('guard');
120
+ assertNoCredentialMounts(mounts, { homeDir: HOME });
121
+ };
122
+ const dispatcher = new GondolinDispatcher(client, noopRegistry, recordingGuard, identityRealpath, byoProbeFailureMessage, probeScript, miseInstallMsg, noProjectConfig, noopLog);
123
+ const plan = planWith([{ host: '~/.ssh', guest: '/g', readonly: true }]);
124
+ await assert.rejects(() => dispatcher.dispatch(dispatchOptions(plan)), CredentialMountError);
125
+ assert.deepEqual(order, ['guard']);
126
+ assert.equal(createVmReached, false);
127
+ });
128
+ test('dispatch HARD-FAILS on a SYMLINKED credential mount (lexical-benign, resolves to ~/.codex) — codex HIGH', async () => {
129
+ const spy = spyVmClient();
130
+ // The mount's lexical host path is benign (/srv/links/creds) — the LEXICAL-only
131
+ // core guard would pass it — but its realpath resolves into ~/.codex. The injected
132
+ // resolver mimics fs.realpath following that symlink; the dispatcher must feed the
133
+ // RESOLVED path to the guard and reject.
134
+ const codexDir = `${HOME}/.codex`;
135
+ const symlinkRealpath = async (p) => p === '/srv/links/creds' ? codexDir : p;
136
+ const dispatcher = new GondolinDispatcher(spy.client, noopRegistry, assertNoCredentialMounts, symlinkRealpath, byoProbeFailureMessage, probeScript, miseInstallMsg, noProjectConfig, noopLog);
137
+ const plan = planWith([{ host: '/srv/links/creds', guest: '/g', readonly: true }]);
138
+ // Sanity: the LEXICAL guard alone would NOT catch this (proves the resolved-path
139
+ // pass is what rejects it, not the lexical one).
140
+ assertNoCredentialMounts(plan.mounts, { homeDir: HOME }); // does not throw
141
+ await assert.rejects(() => dispatcher.dispatch(dispatchOptions(plan)), CredentialMountError);
142
+ assert.equal(spy.createVmCalled(), false, 'symlinked credential mount must abort before createVm');
143
+ });
144
+ //# sourceMappingURL=gondolin-dispatch-guard.test.js.map
package/dist/tests/shell/gondolin-dispatch-guard.test.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"gondolin-dispatch-guard.test.js","sourceRoot":"","sources":["../../../tests/shell/gondolin-dispatch-guard.test.ts"],"names":[],"mappings":"AAAA,iFAAiF;AACjF,mFAAmF;AACnF,+EAA+E;AAC/E,kCAAkC;AAClC,EAAE;AACF,iFAAiF;AACjF,mCAAmC;AACnC,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AACjC,OAAO,MAAM,MAAM,oBAAoB,CAAC;AACxC,OAAO,EAAE,MAAM,SAAS,CAAC;AAEzB,OAAO,EAAE,kBAAkB,EAAE,MAAM,8CAA8C,CAAC;AAClF,OAAO,EAAE,wBAAwB,EAAE,MAAM,6BAA6B,CAAC;AACvE,OAAO,EAAE,sBAAsB,EAAE,MAAM,kCAAkC,CAAC;AAC1E,OAAO,EAAE,oBAAoB,EAAE,MAAM,2BAA2B,CAAC;AAUjE,MAAM,IAAI,GAAG,EAAE,CAAC,OAAO,EAAE,CAAC;AAE1B;mFACmF;AACnF,MAAM,gBAAgB,GAAyB,KAAK,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC;AAE9D;iFACiF;AACjF,MAAM,MAAM,GAA2B;IACrC,SAAS,EAAE,EAAW;IACtB,aAAa,EAAE,EAAW;IAC1B,UAAU,EAAE,sBAAsB;IAClC,SAAS,EAAE,QAAQ;CACpB,CAAC;AAEF,SAAS,QAAQ,CAAC,MAAiB;IACjC,OAAO;QACL,YAAY,EAAE,eAAe;QAC7B,SAAS,EAAE,MAAM;QACjB,IAAI,EAAE,CAAC;QACP,MAAM,EAAE,GAAG;QACX,UAAU,EAAE,IAAI;QAChB,MAAM;QACN,GAAG,EAAE,EAAE;QACP,UAAU,EAAE,CAAC,EAAE,SAAS,EAAE,mBAAmB,EAAE,OAAO,EAAE,GAAG,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC;QAC3E,YAAY,EAAE,CAAC,MAAM,EAAE,mBAAmB,CAAC;QAC3C,MAAM,EAAE,EAAE,eAAe,EAAE,0BAA0B,EAAE,aAAa,EAAE,4BAA4B,EAAE,YAAY,EAAE,EAAE,EAAE;QACtH,eAAe,EAAE,KAAK;QACtB,mFAAmF;QACnF,6EAA6E;QAC7E,IAAI,EAAE,EAAE,GAAG,EAAE,EAAE,EAAE,WAAW,EAAE,EAAE,EAAE,cAAc,EAAE,EAAE,EAAE;KACvD,CAAC;AACJ,CAAC;AAED,sFAAsF;AACtF,sFAAsF;AACtF,MAAM,WAAW,GAAG,GAAW,EAAE,CAAC,QAAQ,CAAC;AAC3C,MAAM,cAAc,GAAG,GAAW,EAAE,CAAC,qBAAqB,CAAC;AAC3D,MAAM,eAAe,GAAG,GAAY,EAAE,CAAC,KAAK,CAAC;AAE7C,MAAM,OAAO,GAAY;IACvB,IAAI,EAAE,GAAG,EAAE,CAAC,SAAS;IACrB,SAAS,EAAE,GAAG,EAAE,CAAC,OAAO;CACH,CAAC;AAExB,SAAS,eAAe,CAAC,IAAY;IACnC,OAAO,EAAE,IAAI,EAAE,SAAS,EAAE,EAAE,EAAE,UAAU,EAAE,QAAQ,EAAE,OAAO,EAAE,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,GAAG,EAAE,CAAC,SAAS,EAAE,CAAC;AAC5G,CAAC;AAED,kFAAkF;AAClF,4DAA4D;AAC5D,MAAM,QAAS,SAAQ,KAAK;CAAG;AAC/B,SAAS,WAAW;IAClB,IAAI,MAAM,GAAG,KAAK,CAAC;IACnB,IAAI,MAAM,GAAqB,IAAI,CAAC;IACpC,MAAM,MAAM,GAAG;QACb,QAAQ,EAAE,KAAK,EAAE,IAAqB,EAAE,EAAE;YACxC,MAAM,GAAG,IAAI,CAAC;YACd,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC;YACrB,MAAM,IAAI,QAAQ,CAAC,kBAAkB,CAAC,CAAC;QACzC,CAAC;QACD,YAAY,EAAE,KAAK,IAAI,EAAE,CAAC,EAAE;QAC5B,EAAE,EAAE,KAAK,IAAI,EAAE,CAAC,CAAC;QACjB,UAAU,EAAE,GAAG,EAAE,CAAC,CAAC;KACG,CAAC;IACzB,OAAO,EAAE,MAAM,EAAE,cAAc,EAAE,GAAG,EAAE,CAAC,MAAM,EAAE,UAAU,EAAE,GAAG,EAAE,CAAC,MAAM,EAAE,CAAC;AAC5E,CAAC;AAED,MAAM,YAAY,GAAmB;IACnC,QAAQ,EAAE,KAAK,IAAI,EAAE,CAAC,CAAC,EAAE,UAAU,EAAE,GAAG,EAAE,CAAC,SAAS,EAAE,CAAC;CACxD,CAAC;AAEF,IAAI,CAAC,4EAA4E,EAAE,KAAK,IAAI,EAAE;IAC5F,MAAM,GAAG,GAAG,WAAW,EAAE,CAAC;IAC1B,MAAM,UAAU,GAAG,IAAI,kBAAkB,CAAC,GAAG,CAAC,MAAM,EAAE,YAAY,EAAE,wBAAwB,EAAE,gBAAgB,EAAE,sBAAsB,EAAE,WAAW,EAAE,cAAc,EAAE,eAAe,EAAE,OAAO,CAAC,CAAC;IAE/L,MAAM,IAAI,GAAG,QAAQ,CAAC,CAAC,EAAE,IAAI,EAAE,cAAc,EAAE,KAAK,EAAE,OAAO,EAAE,QAAQ,EAAE,KAAK,EAAE,EAAE,EAAE,IAAI,EAAE,UAAU,EAAE,KAAK,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC;IACtI,MAAM,MAAM,CAAC,OAAO,CAAC,GAAG,EAAE,CAAC,UAAU,CAAC,QAAQ,CAAC,eAAe,CAAC,IAAI,CAAC,CAAC,EAAE,oBAAoB,CAAC,CAAC;IAE7F,2DAA2D;IAC3D,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,cAAc,EAAE,EAAE,KAAK,CAAC,CAAC;AAC5C,CAAC,CAAC,CAAC;AAEH,IAAI,CAAC,mEAAmE,EAAE,KAAK,IAAI,EAAE;IACnF,MAAM,GAAG,GAAG,WAAW,EAAE,CAAC;IAC1B,MAAM,UAAU,GAAG,IAAI,kBAAkB,CAAC,GAAG,CAAC,MAAM,EAAE,YAAY,EAAE,wBAAwB,EAAE,gBAAgB,EAAE,sBAAsB,EAAE,WAAW,EAAE,cAAc,EAAE,eAAe,EAAE,OAAO,CAAC,CAAC;IAE/L,MAAM,IAAI,GAAG,QAAQ,CAAC,CAAC,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,QAAQ,EAAE,KAAK,EAAE,CAAC,CAAC,CAAC;IACtE,MAAM,MAAM,CAAC,OAAO,CAAC,GAAG,EAAE,CAAC,UAAU,CAAC,QAAQ,CAAC,eAAe,CAAC,IAAI,CAAC,CAAC,EAAE,oBAAoB,CAAC,CAAC;IAC7F,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,cAAc,EAAE,EAAE,KAAK,CAAC,CAAC;AAC5C,CAAC,CAAC,CAAC;AAEH,IAAI,CAAC,wFAAwF,EAAE,KAAK,IAAI,EAAE;IACxG,MAAM,GAAG,GAAG,WAAW,EAAE,CAAC;IAC1B,MAAM,UAAU,GAAG,IAAI,kBAAkB,CAAC,GAAG,CAAC,MAAM,EAAE,YAAY,EAAE,wBAAwB,EAAE,gBAAgB,EAAE,sBAAsB,EAAE,WAAW,EAAE,cAAc,EAAE,eAAe,EAAE,OAAO,CAAC,CAAC;IAE/L,MAAM,MAAM,GAAc,CAAC,EAAE,IAAI,EAAE,mBAAmB,EAAE,KAAK,EAAE,mBAAmB,EAAE,QAAQ,EAAE,KAAK,EAAE,CAAC,CAAC;IACvG,MAAM,IAAI,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC;IAC9B,qEAAqE;IACrE,MAAM,MAAM,CAAC,OAAO,CAAC,GAAG,EAAE,CAAC,UAAU,CAAC,QAAQ,CAAC,eAAe,CAAC,IAAI,CAAC,CAAC,EAAE,QAAQ,CAAC,CAAC;IACjF,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,cAAc,EAAE,EAAE,IAAI,CAAC,CAAC;IACzC,MAAM,CAAC,SAAS,CAAC,GAAG,CAAC,UAAU,EAAE,EAAE,MAAM,CAAC,CAAC;AAC7C,CAAC,CAAC,CAAC;AAEH,IAAI,CAAC,6DAA6D,EAAE,KAAK,IAAI,EAAE;IAC7E,MAAM,KAAK,GAAa,EAAE,CAAC;IAC3B,IAAI,eAAe,GAAG,KAAK,CAAC;IAC5B,MAAM,MAAM,GAAG;QACb,QAAQ,EAAE,KAAK,IAAI,EAAE;YACnB,KAAK,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;YACvB,eAAe,GAAG,IAAI,CAAC;YACvB,MAAM,IAAI,QAAQ,CAAC,MAAM,CAAC,CAAC;QAC7B,CAAC;QACD,YAAY,EAAE,KAAK,IAAI,EAAE,CAAC,EAAE;QAC5B,EAAE,EAAE,KAAK,IAAI,EAAE,CAAC,CAAC;QACjB,UAAU,EAAE,GAAG,EAAE,CAAC,CAAC;KACG,CAAC;IACzB,2DAA2D;IAC3D,MAAM,cAAc,GAAG,CAAC,MAA0B,EAAQ,EAAE;QAC1D,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QACpB,wBAAwB,CAAC,MAAM,EAAE,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC;IACtD,CAAC,CAAC;IACF,MAAM,UAAU,GAAG,IAAI,kBAAkB,CAAC,MAAM,EAAE,YAAY,EAAE,cAAc,EAAE,gBAAgB,EAAE,sBAAsB,EAAE,WAAW,EAAE,cAAc,EAAE,eAAe,EAAE,OAAO,CAAC,CAAC;IACjL,MAAM,IAAI,GAAG,QAAQ,CAAC,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,KAAK,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC;IACzE,MAAM,MAAM,CAAC,OAAO,CAAC,GAAG,EAAE,CAAC,UAAU,CAAC,QAAQ,CAAC,eAAe,CAAC,IAAI,CAAC,CAAC,EAAE,oBAAoB,CAAC,CAAC;IAC7F,MAAM,CAAC,SAAS,CAAC,KAAK,EAAE,CAAC,OAAO,CAAC,CAAC,CAAC;IACnC,MAAM,CAAC,KAAK,CAAC,eAAe,EAAE,KAAK,CAAC,CAAC;AACvC,CAAC,CAAC,CAAC;AAEH,IAAI,CAAC,yGAAyG,EAAE,KAAK,IAAI,EAAE;IACzH,MAAM,GAAG,GAAG,WAAW,EAAE,CAAC;IAC1B,gFAAgF;IAChF,mFAAmF;IACnF,mFAAmF;IACnF,yCAAyC;IACzC,MAAM,QAAQ,GAAG,GAAG,IAAI,SAAS,CAAC;IAClC,MAAM,eAAe,GAAyB,KAAK,EAAE,CAAC,EAAE,EAAE,CACxD,CAAC,KAAK,kBAAkB,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC;IAC1C,MAAM,UAAU,GAAG,IAAI,kBAAkB,CAAC,GAAG,CAAC,MAAM,EAAE,YAAY,EAAE,wBAAwB,EAAE,eAAe,EAAE,sBAAsB,EAAE,WAAW,EAAE,cAAc,EAAE,eAAe,EAAE,OAAO,CAAC,CAAC;IAE9L,MAAM,IAAI,GAAG,QAAQ,CAAC,CAAC,EAAE,IAAI,EAAE,kBAAkB,EAAE,KAAK,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC;IACnF,iFAAiF;IACjF,iDAAiD;IACjD,wBAAwB,CAAC,IAAI,CAAC,MAAM,EAAE,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,iBAAiB;IAC3E,MAAM,MAAM,CAAC,OAAO,CAAC,GAAG,EAAE,CAAC,UAAU,CAAC,QAAQ,CAAC,eAAe,CAAC,IAAI,CAAC,CAAC,EAAE,oBAAoB,CAAC,CAAC;IAC7F,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,cAAc,EAAE,EAAE,KAAK,EAAE,uDAAuD,CAAC,CAAC;AACrG,CAAC,CAAC,CAAC"}