termyte 0.1.0

package/dist/index.js

@@ -0,0 +1,383 @@
+#!/usr/bin/env node
+import pc from "picocolors";
+import { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
+import { StdioServerTransport } from "@modelcontextprotocol/sdk/server/stdio.js";
+import { z } from "zod";
+import { kernel } from "./client.js";
+import * as fs from "fs";
+import * as path from "path";
+import * as os from "os";
+import * as https from "https";
+import { v4 as uuidv4 } from "uuid";
+const CONFIG_DIR = path.join(os.homedir(), ".termyte");
+const CONFIG_PATH = path.join(CONFIG_DIR, "config.json");
+// ─── CLI Command Dispatcher ───────────────────────────────────────────────────
+const arg = process.argv[2];
+if (arg === "init") {
+    init().catch(err => {
+        console.error(pc.red(`Init failed: ${err.message}`));
+        process.exit(1);
+    });
+}
+else if (arg === "log" || arg === "logs") {
+    showLogs();
+}
+else if (arg === "status") {
+    checkStatus();
+}
+else if (arg === "--version" || arg === "-v") {
+    console.log("Termyte v0.2.0");
+    process.exit(0);
+}
+else if (arg === "--help" || arg === "-h") {
+    showHelp();
+}
+else {
+    startMcpServer();
+}
+// ─── Interactive CLI Helpers ──────────────────────────────────────────────────
+function syncPrompt(question) {
+    process.stdout.write(question);
+    const buffer = Buffer.alloc(1024);
+    const bytesRead = fs.readSync(0, buffer, 0, 1024, null);
+    return buffer.toString('utf8', 0, bytesRead).trim();
+}
+async function init() {
+    console.log(`\n${pc.bold(pc.cyan("Initializing Termyte Governance..."))}\n`);
+    const home = os.homedir();
+    const agents = [
+        {
+            name: "Claude Code",
+            key: "claude",
+            paths: [path.join(home, ".claude", "settings.json")],
+            type: "json",
+            restart: "Restart Claude Code (close and reopen the app)"
+        },
+        {
+            name: "Cursor",
+            key: "cursor",
+            paths: [path.join(home, ".cursor", "mcp.json"), path.join(home, ".cursor", "config", "mcp.json")],
+            type: "json",
+            restart: "Restart Cursor to activate MCP server"
+        },
+        {
+            name: "Antigravity",
+            key: "antigravity",
+            paths: [path.join(home, ".gemini", "antigravity", "mcp_config.json")],
+            type: "json",
+            restart: "In Antigravity, open ... > Manage MCP Servers and click the refresh button"
+        },
+        {
+            name: "Codex",
+            key: "codex",
+            paths: [path.join(home, ".codex", "config.toml")],
+            type: "toml",
+            restart: "Restart Codex and run /mcp to confirm termyte tools are loaded"
+        },
+    ];
+    const detected = agents.filter(a => a.paths.some(p => fs.existsSync(p)));
+    let selectedAgent = null;
+    if (detected.length > 1) {
+        console.log("Multiple coding agents detected:");
+        detected.forEach((a, i) => console.log(`  ${i + 1}. ${a.name}`));
+        const choice = parseInt(syncPrompt(`Select agent (1-${detected.length}): `));
+        selectedAgent = detected[choice - 1];
+    }
+    else if (detected.length === 1) {
+        selectedAgent = detected[0];
+        console.log(`Detected ${pc.bold(selectedAgent.name)}`);
+    }
+    else {
+        console.log("No coding agent detected. Which agent are you using?");
+        agents.forEach((a, i) => console.log(`  ${i + 1}. ${a.name}`));
+        console.log(`  ${agents.length + 1}. Other (manual setup)`);
+        const choice = parseInt(syncPrompt(`Select agent (1-${agents.length + 1}): `));
+        if (choice > agents.length) {
+            console.log(`\n${pc.yellow("Manual setup required.")}`);
+            console.log("\nAdd this to your MCP config under mcpServers:");
+            console.log(`
+  "termyte": {
+    "command": "npx",
+    "args": ["-y", "termyte-mcp"],
+    "env": {
+      "TERMYTE_DEVICE_ID": "<device_id>",
+      "TERMYTE_API_URL": "https://mcp.causalos.xyz"
+    }
+  }
+
+For TOML-based configs (e.g. Codex):
+
+  [mcp_servers.termyte]
+  command = "npx"
+  args = ["-y", "termyte-mcp"]
+
+  [mcp_servers.termyte.env]
+  TERMYTE_DEVICE_ID = "<device_id>"
+  TERMYTE_API_URL = "https://mcp.causalos.xyz"
+`);
+            process.exit(0);
+        }
+        selectedAgent = agents[choice - 1];
+    }
+    if (!selectedAgent) {
+        console.error(pc.red("Invalid selection."));
+        process.exit(1);
+    }
+    // 2. Device ID Management
+    if (!fs.existsSync(CONFIG_DIR))
+        fs.mkdirSync(CONFIG_DIR, { recursive: true });
+    let termyteConfig = {};
+    if (fs.existsSync(CONFIG_PATH)) {
+        try {
+            termyteConfig = JSON.parse(fs.readFileSync(CONFIG_PATH, "utf-8"));
+        }
+        catch (e) { }
+    }
+    if (!termyteConfig.device_id) {
+        termyteConfig.device_id = uuidv4();
+        termyteConfig.agent = selectedAgent.key;
+        termyteConfig.created_at = new Date().toISOString();
+        fs.writeFileSync(CONFIG_PATH, JSON.stringify(termyteConfig, null, 2));
+        console.log(`Generated Device ID: ${pc.green(termyteConfig.device_id)}`);
+    }
+    else {
+        console.log(`Using existing Device ID: ${pc.green(termyteConfig.device_id)}`);
+    }
+    // 3. Write MCP Config
+    const targetPath = selectedAgent.paths.find((p) => fs.existsSync(p)) || selectedAgent.paths[0];
+    const targetDir = path.dirname(targetPath);
+    if (!fs.existsSync(targetDir)) {
+        fs.mkdirSync(targetDir, { recursive: true });
+    }
+    // Backup if exists
+    if (fs.existsSync(targetPath)) {
+        fs.copyFileSync(targetPath, `${targetPath}.termyte.bak`);
+        console.log(`📦 Backup created: ${path.basename(targetPath)}.termyte.bak`);
+    }
+    if (selectedAgent.type === "json") {
+        let agentConfig = { mcpServers: {} };
+        if (fs.existsSync(targetPath)) {
+            try {
+                agentConfig = JSON.parse(fs.readFileSync(targetPath, "utf-8"));
+            }
+            catch (e) {
+                console.warn(pc.yellow(`Warning: Malformed JSON at ${targetPath}. Starting fresh.`));
+            }
+        }
+        if (!agentConfig.mcpServers)
+            agentConfig.mcpServers = {};
+        agentConfig.mcpServers.termyte = {
+            command: "npx",
+            args: ["-y", "termyte-mcp"],
+            env: {
+                TERMYTE_DEVICE_ID: termyteConfig.device_id,
+                TERMYTE_API_URL: "https://mcp.causalos.xyz"
+            }
+        };
+        fs.writeFileSync(targetPath, JSON.stringify(agentConfig, null, 2));
+    }
+    else if (selectedAgent.type === "toml") {
+        let content = "";
+        if (fs.existsSync(targetPath)) {
+            content = fs.readFileSync(targetPath, "utf-8");
+        }
+        if (content.includes("[mcp_servers.termyte]")) {
+            console.log(`\n${pc.yellow(`Termyte already configured in ${path.basename(targetPath)}.`)}`);
+        }
+        else {
+            let newContent = content;
+            if (!content.includes("rmcp_client = true")) {
+                newContent = "# Required for MCP support\nrmcp_client = true\n\n" + newContent;
+            }
+            newContent += `\n[mcp_servers.termyte]\ncommand = "npx"\nargs = ["-y", "termyte-mcp"]\n\n[mcp_servers.termyte.env]\nTERMYTE_DEVICE_ID = "${termyteConfig.device_id}"\nTERMYTE_API_URL = "https://mcp.causalos.xyz"\n`;
+            fs.writeFileSync(targetPath, newContent);
+        }
+    }
+    // 4. Verification Step
+    const finalContent = fs.readFileSync(targetPath, "utf-8");
+    const verified = selectedAgent.type === "json"
+        ? finalContent.includes('"termyte"')
+        : finalContent.includes("[mcp_servers.termyte]");
+    console.log(pc.green(`MCP entry verified in ${pc.bold(targetPath)}`));
+    // 5. Verify API Connection
+    console.log(`\nVerifying connection to ${pc.cyan("mcp.causalos.xyz")}...`);
+    try {
+        await new Promise((resolve, reject) => {
+            const req = https.get("https://mcp.causalos.xyz/v1/health", {
+                headers: { "x-termyte-device-id": termyteConfig.device_id },
+                timeout: 5000
+            }, (res) => {
+                if (res.statusCode === 200)
+                    resolve(true);
+                else
+                    reject(new Error(`Server returned status ${res.statusCode}`));
+            });
+            req.on('error', reject);
+            req.on('timeout', () => { req.destroy(); reject(new Error("Timeout (5s)")); });
+        });
+        console.log(pc.green("v API Connection Verified"));
+    }
+    catch (err) {
+        console.error(pc.red(`Connection failed: ${err.message}`));
+        console.error("The Termyte sidecar might be down. Please check status later.");
+        process.exit(1);
+    }
+    // 6. Print Success
+    console.log(`\n${pc.green(pc.bold("Termyte active for " + selectedAgent.name))}\n`);
+    console.log(`  Device: ${pc.cyan(termyteConfig.device_id)}`);
+    console.log(`  API:    https://mcp.causalos.xyz ${pc.green("v")}\n`);
+    console.log(`  ${pc.bold(selectedAgent.restart)}\n`);
+    console.log(`  ${pc.bold("npx termyte log")}      -> see what your agent did`);
+    console.log(`  ${pc.bold("npx termyte status")}   -> check connection\n`);
+    process.exit(0);
+}
+function showLogs() {
+    const config = fs.existsSync(CONFIG_PATH) ? JSON.parse(fs.readFileSync(CONFIG_PATH, "utf-8")) : null;
+    if (!config) {
+        console.error(pc.red("Termyte not initialized. Run 'npx termyte init' first."));
+        process.exit(1);
+    }
+    const deviceId = config.device_id;
+    const apiUrl = process.env.TERMYTE_API_URL || "https://mcp.causalos.xyz";
+    console.log(pc.bold(pc.cyan(`\n📋 Termyte Governance Logs [${deviceId}]\n`)));
+    const url = new URL(`${apiUrl}/v1/governance/logs`);
+    const req = https.get({
+        hostname: url.hostname,
+        path: url.pathname,
+        headers: { "x-termyte-device-id": deviceId }
+    }, (res) => {
+        let data = "";
+        res.on("data", chunk => data += chunk);
+        res.on("end", () => {
+            const logs = JSON.parse(data);
+            if (logs.length === 0) {
+                console.log(pc.gray("No events recorded yet."));
+            }
+            else {
+                logs.forEach((l) => {
+                    const verdictColor = l.verdict === "ALLOW" ? pc.green : l.verdict === "BLOCK" ? pc.red : pc.yellow;
+                    const time = new Date(l.timestamp).toLocaleTimeString();
+                    const outcomeIcon = l.success === true ? pc.green("(v)") : l.success === false ? pc.red("(x)") : pc.gray("(-)");
+                    console.log(`${verdictColor(`[${l.verdict}]`)} ${pc.gray(time)} ${pc.bold(l.tool_name)} ${outcomeIcon}`);
+                    if (l.verdict === "BLOCK" && l.reason) {
+                        console.log(pc.red(`  Reason: ${l.reason}`));
+                    }
+                    else if (l.reason && l.verdict !== "ALLOW") {
+                        console.log(pc.gray(`  Note: ${l.reason}`));
+                    }
+                });
+            }
+            process.exit(0);
+        });
+    });
+    req.on("error", err => {
+        console.error(pc.red(`Failed to fetch logs: ${err.message}`));
+        process.exit(1);
+    });
+}
+function checkStatus() {
+    if (!fs.existsSync(CONFIG_PATH)) {
+        console.log(pc.red("Status: Not Initialized"));
+        process.exit(1);
+    }
+    const config = JSON.parse(fs.readFileSync(CONFIG_PATH, "utf-8"));
+    console.log(`\n${pc.bold("Termyte Status")}`);
+    console.log(`  Device ID: ${pc.cyan(config.device_id)}`);
+    console.log(`  Agent:     ${pc.cyan(config.agent || "Unknown")}`);
+    https.get("https://mcp.causalos.xyz/v1/health", {
+        headers: { "x-termyte-device-id": config.device_id },
+        timeout: 3000
+    }, (res) => {
+        if (res.statusCode === 200) {
+            console.log(`  API:       ${pc.green("Online")}`);
+            process.exit(0);
+        }
+        else {
+            console.log(`  API:       ${pc.red(`Error (${res.statusCode})`)}`);
+            process.exit(1);
+        }
+    }).on('error', () => {
+        console.log(`  API:       ${pc.red("Offline")}`);
+        process.exit(1);
+    });
+}
+function showHelp() {
+    console.log(`
+${pc.bold("Termyte — Terminal Governance for Coding Agents")}
+
+Usage:
+  npx termyte init        Setup local device-id and auto-configure agent
+  npx termyte log         Show recent governance events
+  npx termyte status      Check connection to the sidecar
+  npx termyte             Start MCP Server (Standard IO)
+
+Governance:
+  Termyte intercepts agent actions, evaluates them against a deterministic 
+  sandbox and LLM judge, and records everything in a secure ledger.
+`);
+    process.exit(0);
+}
+// ─── MCP Server ──────────────────────────────────────────────────────────────
+async function startMcpServer() {
+    const server = new McpServer({
+        name: "termyte",
+        version: "0.1.0",
+    });
+    let currentSessionId = uuidv4(); // One session ID per MCP server process startup
+    server.tool("execute", "Execute a shell command.", {
+        command: z.string(),
+        args: z.array(z.string()).default([]),
+        cwd: z.string().optional(),
+    }, async ({ command, args, cwd }) => {
+        const action_payload = { command, args, cwd };
+        const session_id = currentSessionId;
+        // 1. Call prepare — invisible to agent
+        const verdict = await kernel.prepareToolCall(session_id, "execute", action_payload);
+        // 2. If blocked, return structured alternative
+        if (verdict.verdict === "BLOCK") {
+            return {
+                content: [{
+                        type: "text",
+                        text: `Action blocked by Termyte.\n` +
+                            `Reason: ${verdict.reason}\n` +
+                            `Alternative: ${verdict.alternative || "No alternative provided."}`
+                    }],
+                isError: true
+            };
+        }
+        // 3. Execute via command sandbox
+        // We use nativeExec from executor.ts as it implements the OS-level sandbox
+        const { nativeExec } = await import("./executor.js");
+        // reconstruct command line string for nativeExec
+        const cmdString = args.length > 0 ? `${command} ${args.map((a) => `"${a.replace(/"/g, '\\"')}"`).join(" ")}` : command;
+        let result;
+        if (cwd) {
+            const originalCwd = process.cwd();
+            try {
+                process.chdir(cwd);
+                result = await nativeExec(cmdString);
+            }
+            finally {
+                process.chdir(originalCwd);
+            }
+        }
+        else {
+            result = await nativeExec(cmdString);
+        }
+        // 4. Call commit — invisible to agent  
+        await kernel.commitToolCall(verdict.tool_call_id || uuidv4(), { stdout: result.stdout, stderr: result.stderr }, result.exit_code === 0, result.exit_code);
+        const combinedOutput = (result.stdout + "\n" + result.stderr).trim();
+        return {
+            content: [{ type: "text", text: combinedOutput || "Command completed with no output." }],
+            isError: result.exit_code !== 0
+        };
+    });
+    try {
+        const transport = new StdioServerTransport();
+        await server.connect(transport);
+    }
+    catch (err) {
+        console.error("MCP Server Error:", err);
+    }
+}
+//# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";AAEA,OAAO,EAAE,MAAM,YAAY,CAAC;AAC5B,OAAO,EAAE,SAAS,EAAE,MAAM,yCAAyC,CAAC;AACpE,OAAO,EAAE,oBAAoB,EAAE,MAAM,2CAA2C,CAAC;AACjF,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AACxB,OAAO,EAAE,MAAM,EAAE,MAAM,aAAa,CAAC;AACrC,OAAO,KAAK,EAAE,MAAM,IAAI,CAAC;AACzB,OAAO,KAAK,IAAI,MAAM,MAAM,CAAC;AAC7B,OAAO,KAAK,EAAE,MAAM,IAAI,CAAC;AACzB,OAAO,KAAK,KAAK,MAAM,OAAO,CAAC;AAC/B,OAAO,EAAE,EAAE,IAAI,MAAM,EAAE,MAAM,MAAM,CAAC;AAEpC,MAAM,UAAU,GAAG,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,EAAE,UAAU,CAAC,CAAC;AACvD,MAAM,WAAW,GAAG,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,aAAa,CAAC,CAAC;AAEzD,iFAAiF;AACjF,MAAM,GAAG,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AAE5B,IAAI,GAAG,KAAK,MAAM,EAAE,CAAC;IACjB,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,CAAC,EAAE;QACf,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC,GAAG,CAAC,gBAAgB,GAAG,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC;QACrD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IACpB,CAAC,CAAC,CAAC;AACP,CAAC;KAAM,IAAI,GAAG,KAAK,KAAK,IAAI,GAAG,KAAK,MAAM,EAAE,CAAC;IACzC,QAAQ,EAAE,CAAC;AACf,CAAC;KAAM,IAAI,GAAG,KAAK,QAAQ,EAAE,CAAC;IAC1B,WAAW,EAAE,CAAC;AAClB,CAAC;KAAM,IAAI,GAAG,KAAK,WAAW,IAAI,GAAG,KAAK,IAAI,EAAE,CAAC;IAC7C,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC,CAAC;IAC9B,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AACpB,CAAC;KAAM,IAAI,GAAG,KAAK,QAAQ,IAAI,GAAG,KAAK,IAAI,EAAE,CAAC;IAC1C,QAAQ,EAAE,CAAC;AACf,CAAC;KAAM,CAAC;IACJ,cAAc,EAAE,CAAC;AACrB,CAAC;AAED,iFAAiF;AACjF,SAAS,UAAU,CAAC,QAAgB;IAChC,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC;IAC/B,MAAM,MAAM,GAAG,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAClC,MAAM,SAAS,GAAG,EAAE,CAAC,QAAQ,CAAC,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,IAAI,EAAE,IAAI,CAAC,CAAC;IACxD,OAAO,MAAM,CAAC,QAAQ,CAAC,MAAM,EAAE,CAAC,EAAE,SAAS,CAAC,CAAC,IAAI,EAAE,CAAC;AACxD,CAAC;AAED,KAAK,UAAU,IAAI;IACf,OAAO,CAAC,GAAG,CAAC,KAAK,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,oCAAoC,CAAC,CAAC,IAAI,CAAC,CAAC;IAE7E,MAAM,IAAI,GAAG,EAAE,CAAC,OAAO,EAAE,CAAC;IAC1B,MAAM,MAAM,GAAG;QACX;YACI,IAAI,EAAE,aAAa;YACnB,GAAG,EAAE,QAAQ;YACb,KAAK,EAAE,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,SAAS,EAAE,eAAe,CAAC,CAAC;YACpD,IAAI,EAAE,MAAM;YACZ,OAAO,EAAE,gDAAgD;SAC5D;QACD;YACI,IAAI,EAAE,QAAQ;YACd,GAAG,EAAE,QAAQ;YACb,KAAK,EAAE,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,SAAS,EAAE,UAAU,CAAC,EAAE,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,SAAS,EAAE,QAAQ,EAAE,UAAU,CAAC,CAAC;YACjG,IAAI,EAAE,MAAM;YACZ,OAAO,EAAE,uCAAuC;SACnD;QACD;YACI,IAAI,EAAE,aAAa;YACnB,GAAG,EAAE,aAAa;YAClB,KAAK,EAAE,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,SAAS,EAAE,aAAa,EAAE,iBAAiB,CAAC,CAAC;YACrE,IAAI,EAAE,MAAM;YACZ,OAAO,EAAE,4EAA4E;SACxF;QACD;YACI,IAAI,EAAE,OAAO;YACb,GAAG,EAAE,OAAO;YACZ,KAAK,EAAE,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,QAAQ,EAAE,aAAa,CAAC,CAAC;YACjD,IAAI,EAAE,MAAM;YACZ,OAAO,EAAE,gEAAgE;SAC5E;KACJ,CAAC;IAEF,MAAM,QAAQ,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IACzE,IAAI,aAAa,GAAQ,IAAI,CAAC;IAE9B,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACtB,OAAO,CAAC,GAAG,CAAC,kCAAkC,CAAC,CAAC;QAChD,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC;QACjE,MAAM,MAAM,GAAG,QAAQ,CAAC,UAAU,CAAC,mBAAmB,QAAQ,CAAC,MAAM,KAAK,CAAC,CAAC,CAAC;QAC7E,aAAa,GAAG,QAAQ,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;IACzC,CAAC;SAAM,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC/B,aAAa,GAAG,QAAQ,CAAC,CAAC,CAAC,CAAC;QAC5B,OAAO,CAAC,GAAG,CAAC,YAAY,EAAE,CAAC,IAAI,CAAC,aAAa,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAC3D,CAAC;SAAM,CAAC;QACJ,OAAO,CAAC,GAAG,CAAC,sDAAsD,CAAC,CAAC;QACpE,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC;QAC/D,OAAO,CAAC,GAAG,CAAC,KAAK,MAAM,CAAC,MAAM,GAAG,CAAC,wBAAwB,CAAC,CAAC;QAC5D,MAAM,MAAM,GAAG,QAAQ,CAAC,UAAU,CAAC,mBAAmB,MAAM,CAAC,MAAM,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC;QAC/E,IAAI,MAAM,GAAG,MAAM,CAAC,MAAM,EAAE,CAAC;YACzB,OAAO,CAAC,GAAG,CAAC,KAAK,EAAE,CAAC,MAAM,CAAC,wBAAwB,CAAC,EAAE,CAAC,CAAC;YACxD,OAAO,CAAC,GAAG,CAAC,iDAAiD,CAAC,CAAC;YAC/D,OAAO,CAAC,GAAG,CAAC;;;;;;;;;;;;;;;;;;;CAmBvB,CAAC,CAAC;YACS,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QACpB,CAAC;QACD,aAAa,GAAG,MAAM,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;IACvC,CAAC;IAED,IAAI,CAAC,aAAa,EAAE,CAAC;QACjB,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC,GAAG,CAAC,oBAAoB,CAAC,CAAC,CAAC;QAC5C,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IACpB,CAAC;IAED,0BAA0B;IAC1B,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,UAAU,CAAC;QAAE,EAAE,CAAC,SAAS,CAAC,UAAU,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IAC9E,IAAI,aAAa,GAAQ,EAAE,CAAC;IAC5B,IAAI,EAAE,CAAC,UAAU,CAAC,WAAW,CAAC,EAAE,CAAC;QAC7B,IAAI,CAAC;YACD,aAAa,GAAG,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,YAAY,CAAC,WAAW,EAAE,OAAO,CAAC,CAAC,CAAC;QACtE,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC,CAAA,CAAC;IAClB,CAAC;IAED,IAAI,CAAC,aAAa,CAAC,SAAS,EAAE,CAAC;QAC3B,aAAa,CAAC,SAAS,GAAG,MAAM,EAAE,CAAC;QACnC,aAAa,CAAC,KAAK,GAAG,aAAa,CAAC,GAAG,CAAC;QACxC,aAAa,CAAC,UAAU,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;QACpD,EAAE,CAAC,aAAa,CAAC,WAAW,EAAE,IAAI,CAAC,SAAS,CAAC,aAAa,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;QACtE,OAAO,CAAC,GAAG,CAAC,wBAAwB,EAAE,CAAC,KAAK,CAAC,aAAa,CAAC,SAAS,CAAC,EAAE,CAAC,CAAC;IAC7E,CAAC;SAAM,CAAC;QACJ,OAAO,CAAC,GAAG,CAAC,6BAA6B,EAAE,CAAC,KAAK,CAAC,aAAa,CAAC,SAAS,CAAC,EAAE,CAAC,CAAC;IAClF,CAAC;IAED,sBAAsB;IACtB,MAAM,UAAU,GAAG,aAAa,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAS,EAAE,EAAE,CAAC,EAAE,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,IAAI,aAAa,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;IACvG,MAAM,SAAS,GAAG,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;IAE3C,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;QAC5B,EAAE,CAAC,SAAS,CAAC,SAAS,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IACjD,CAAC;IAED,mBAAmB;IACnB,IAAI,EAAE,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;QAC5B,EAAE,CAAC,YAAY,CAAC,UAAU,EAAE,GAAG,UAAU,cAAc,CAAC,CAAC;QACzD,OAAO,CAAC,GAAG,CAAC,sBAAsB,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,cAAc,CAAC,CAAC;IAC/E,CAAC;IAED,IAAI,aAAa,CAAC,IAAI,KAAK,MAAM,EAAE,CAAC;QAChC,IAAI,WAAW,GAAQ,EAAE,UAAU,EAAE,EAAE,EAAE,CAAC;QAC1C,IAAI,EAAE,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;YAC5B,IAAI,CAAC;gBACD,WAAW,GAAG,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,YAAY,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC,CAAC;YACnE,CAAC;YAAC,OAAO,CAAC,EAAE,CAAC;gBACT,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC,MAAM,CAAC,8BAA8B,UAAU,mBAAmB,CAAC,CAAC,CAAC;YACzF,CAAC;QACL,CAAC;QACD,IAAI,CAAC,WAAW,CAAC,UAAU;YAAE,WAAW,CAAC,UAAU,GAAG,EAAE,CAAC;QAEzD,WAAW,CAAC,UAAU,CAAC,OAAO,GAAG;YAC7B,OAAO,EAAE,KAAK;YACd,IAAI,EAAE,CAAC,IAAI,EAAE,aAAa,CAAC;YAC3B,GAAG,EAAE;gBACD,iBAAiB,EAAE,aAAa,CAAC,SAAS;gBAC1C,eAAe,EAAE,0BAA0B;aAC9C;SACJ,CAAC;QACF,EAAE,CAAC,aAAa,CAAC,UAAU,EAAE,IAAI,CAAC,SAAS,CAAC,WAAW,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;IACvE,CAAC;SAAM,IAAI,aAAa,CAAC,IAAI,KAAK,MAAM,EAAE,CAAC;QACvC,IAAI,OAAO,GAAG,EAAE,CAAC;QACjB,IAAI,EAAE,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;YAC5B,OAAO,GAAG,EAAE,CAAC,YAAY,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC;QACnD,CAAC;QAED,IAAI,OAAO,CAAC,QAAQ,CAAC,uBAAuB,CAAC,EAAE,CAAC;YAC5C,OAAO,CAAC,GAAG,CAAC,KAAK,EAAE,CAAC,MAAM,CAAC,iCAAiC,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QACjG,CAAC;aAAM,CAAC;YACJ,IAAI,UAAU,GAAG,OAAO,CAAC;YACzB,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,oBAAoB,CAAC,EAAE,CAAC;gBAC1C,UAAU,GAAG,oDAAoD,GAAG,UAAU,CAAC;YACnF,CAAC;YAED,UAAU,IAAI,6HAA6H,aAAa,CAAC,SAAS,mDAAmD,CAAC;YACtN,EAAE,CAAC,aAAa,CAAC,UAAU,EAAE,UAAU,CAAC,CAAC;QAC7C,CAAC;IACL,CAAC;IAED,uBAAuB;IACvB,MAAM,YAAY,GAAG,EAAE,CAAC,YAAY,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC;IAC1D,MAAM,QAAQ,GAAG,aAAa,CAAC,IAAI,KAAK,MAAM;QAC1C,CAAC,CAAC,YAAY,CAAC,QAAQ,CAAC,WAAW,CAAC;QACpC,CAAC,CAAC,YAAY,CAAC,QAAQ,CAAC,uBAAuB,CAAC,CAAC;IAErD,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,KAAK,CAAC,yBAAyB,EAAE,CAAC,IAAI,CAAC,UAAU,CAAC,EAAE,CAAC,CAAC,CAAC;IAEtE,2BAA2B;IAC3B,OAAO,CAAC,GAAG,CAAC,6BAA6B,EAAE,CAAC,IAAI,CAAC,kBAAkB,CAAC,KAAK,CAAC,CAAC;IAC3E,IAAI,CAAC;QACD,MAAM,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;YAClC,MAAM,GAAG,GAAG,KAAK,CAAC,GAAG,CAAC,oCAAoC,EAAE;gBACxD,OAAO,EAAE,EAAE,qBAAqB,EAAE,aAAa,CAAC,SAAS,EAAE;gBAC3D,OAAO,EAAE,IAAI;aAChB,EAAE,CAAC,GAAG,EAAE,EAAE;gBACP,IAAI,GAAG,CAAC,UAAU,KAAK,GAAG;oBAAE,OAAO,CAAC,IAAI,CAAC,CAAC;;oBACrC,MAAM,CAAC,IAAI,KAAK,CAAC,0BAA0B,GAAG,CAAC,UAAU,EAAE,CAAC,CAAC,CAAC;YACvE,CAAC,CAAC,CAAC;YACH,GAAG,CAAC,EAAE,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;YACxB,GAAG,CAAC,EAAE,CAAC,SAAS,EAAE,GAAG,EAAE,GAAG,GAAG,CAAC,OAAO,EAAE,CAAC,CAAC,MAAM,CAAC,IAAI,KAAK,CAAC,cAAc,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;QACnF,CAAC,CAAC,CAAC;QACH,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,KAAK,CAAC,2BAA2B,CAAC,CAAC,CAAC;IACvD,CAAC;IAAC,OAAO,GAAQ,EAAE,CAAC;QAChB,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC,GAAG,CAAC,sBAAsB,GAAG,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC;QAC3D,OAAO,CAAC,KAAK,CAAC,+DAA+D,CAAC,CAAC;QAC/E,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IACpB,CAAC;IAED,mBAAmB;IACnB,OAAO,CAAC,GAAG,CAAC,KAAK,EAAE,CAAC,KAAK,CAAC,EAAE,CAAC,IAAI,CAAC,qBAAqB,GAAG,aAAa,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,CAAC;IACpF,OAAO,CAAC,GAAG,CAAC,aAAa,EAAE,CAAC,IAAI,CAAC,aAAa,CAAC,SAAS,CAAC,EAAE,CAAC,CAAC;IAC7D,OAAO,CAAC,GAAG,CAAC,sCAAsC,EAAE,CAAC,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;IACrE,OAAO,CAAC,GAAG,CAAC,KAAK,EAAE,CAAC,IAAI,CAAC,aAAa,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;IACrD,OAAO,CAAC,GAAG,CAAC,KAAK,EAAE,CAAC,IAAI,CAAC,iBAAiB,CAAC,kCAAkC,CAAC,CAAC;IAC/E,OAAO,CAAC,GAAG,CAAC,KAAK,EAAE,CAAC,IAAI,CAAC,oBAAoB,CAAC,0BAA0B,CAAC,CAAC;IAE1E,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AACpB,CAAC;AAGD,SAAS,QAAQ;IACb,MAAM,MAAM,GAAG,EAAE,CAAC,UAAU,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,YAAY,CAAC,WAAW,EAAE,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;IACrG,IAAI,CAAC,MAAM,EAAE,CAAC;QACV,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC,GAAG,CAAC,wDAAwD,CAAC,CAAC,CAAC;QAChF,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IACpB,CAAC;IACD,MAAM,QAAQ,GAAG,MAAM,CAAC,SAAS,CAAC;IAClC,MAAM,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,eAAe,IAAI,0BAA0B,CAAC;IAEzE,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,iCAAiC,QAAQ,KAAK,CAAC,CAAC,CAAC,CAAC;IAE9E,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,GAAG,MAAM,qBAAqB,CAAC,CAAC;IACpD,MAAM,GAAG,GAAG,KAAK,CAAC,GAAG,CAAC;QAClB,QAAQ,EAAE,GAAG,CAAC,QAAQ;QACtB,IAAI,EAAE,GAAG,CAAC,QAAQ;QAClB,OAAO,EAAE,EAAE,qBAAqB,EAAE,QAAQ,EAAE;KAC/C,EAAE,CAAC,GAAG,EAAE,EAAE;QACP,IAAI,IAAI,GAAG,EAAE,CAAC;QACd,GAAG,CAAC,EAAE,CAAC,MAAM,EAAE,KAAK,CAAC,EAAE,CAAC,IAAI,IAAI,KAAK,CAAC,CAAC;QACvC,GAAG,CAAC,EAAE,CAAC,KAAK,EAAE,GAAG,EAAE;YACf,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;YAC9B,IAAI,IAAI,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;gBACpB,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,IAAI,CAAC,yBAAyB,CAAC,CAAC,CAAC;YACpD,CAAC;iBAAM,CAAC;gBACJ,IAAI,CAAC,OAAO,CAAC,CAAC,CAAM,EAAE,EAAE;oBACpB,MAAM,YAAY,GAAG,CAAC,CAAC,OAAO,KAAK,OAAO,CAAC,CAAC,CAAC,EAAE,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,KAAK,OAAO,CAAC,CAAC,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,MAAM,CAAC;oBACnG,MAAM,IAAI,GAAG,IAAI,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,kBAAkB,EAAE,CAAC;oBACxD,MAAM,WAAW,GAAG,CAAC,CAAC,OAAO,KAAK,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,KAAK,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;oBAEhH,OAAO,CAAC,GAAG,CAAC,GAAG,YAAY,CAAC,IAAI,CAAC,CAAC,OAAO,GAAG,CAAC,IAAI,EAAE,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC,IAAI,WAAW,EAAE,CAAC,CAAC;oBAEzG,IAAI,CAAC,CAAC,OAAO,KAAK,OAAO,IAAI,CAAC,CAAC,MAAM,EAAE,CAAC;wBACpC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,aAAa,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC;oBACjD,CAAC;yBAAM,IAAI,CAAC,CAAC,MAAM,IAAI,CAAC,CAAC,OAAO,KAAK,OAAO,EAAE,CAAC;wBAC3C,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC;oBAChD,CAAC;gBACL,CAAC,CAAC,CAAC;YACP,CAAC;YACD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QACpB,CAAC,CAAC,CAAC;IACP,CAAC,CAAC,CAAC;IAEH,GAAG,CAAC,EAAE,CAAC,OAAO,EAAE,GAAG,CAAC,EAAE;QAClB,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC,GAAG,CAAC,yBAAyB,GAAG,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC;QAC9D,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IACpB,CAAC,CAAC,CAAC;AACP,CAAC;AAED,SAAS,WAAW;IAChB,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,WAAW,CAAC,EAAE,CAAC;QAC9B,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,yBAAyB,CAAC,CAAC,CAAC;QAC/C,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IACpB,CAAC;IACD,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,YAAY,CAAC,WAAW,EAAE,OAAO,CAAC,CAAC,CAAC;IACjE,OAAO,CAAC,GAAG,CAAC,KAAK,EAAE,CAAC,IAAI,CAAC,gBAAgB,CAAC,EAAE,CAAC,CAAC;IAC9C,OAAO,CAAC,GAAG,CAAC,gBAAgB,EAAE,CAAC,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,EAAE,CAAC,CAAC;IACzD,OAAO,CAAC,GAAG,CAAC,gBAAgB,EAAE,CAAC,IAAI,CAAC,MAAM,CAAC,KAAK,IAAI,SAAS,CAAC,EAAE,CAAC,CAAC;IAElE,KAAK,CAAC,GAAG,CAAC,oCAAoC,EAAE;QAC5C,OAAO,EAAE,EAAE,qBAAqB,EAAE,MAAM,CAAC,SAAS,EAAE;QACpD,OAAO,EAAE,IAAI;KAChB,EAAE,CAAC,GAAG,EAAE,EAAE;QACP,IAAI,GAAG,CAAC,UAAU,KAAK,GAAG,EAAE,CAAC;YACzB,OAAO,CAAC,GAAG,CAAC,gBAAgB,EAAE,CAAC,KAAK,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC;YAClD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QACpB,CAAC;aAAM,CAAC;YACJ,OAAO,CAAC,GAAG,CAAC,gBAAgB,EAAE,CAAC,GAAG,CAAC,UAAU,GAAG,CAAC,UAAU,GAAG,CAAC,EAAE,CAAC,CAAC;YACnE,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QACpB,CAAC;IACL,CAAC,CAAC,CAAC,EAAE,CAAC,OAAO,EAAE,GAAG,EAAE;QAChB,OAAO,CAAC,GAAG,CAAC,gBAAgB,EAAE,CAAC,GAAG,CAAC,SAAS,CAAC,EAAE,CAAC,CAAC;QACjD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IACpB,CAAC,CAAC,CAAC;AACP,CAAC;AAED,SAAS,QAAQ;IACb,OAAO,CAAC,GAAG,CAAC;EACd,EAAE,CAAC,IAAI,CAAC,iDAAiD,CAAC;;;;;;;;;;;CAW3D,CAAC,CAAC;IACC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AACpB,CAAC;AAED,gFAAgF;AAChF,KAAK,UAAU,cAAc;IACzB,MAAM,MAAM,GAAG,IAAI,SAAS,CAAC;QACzB,IAAI,EAAE,SAAS;QACf,OAAO,EAAE,OAAO;KACnB,CAAC,CAAC;IAEH,IAAI,gBAAgB,GAAG,MAAM,EAAE,CAAC,CAAC,gDAAgD;IAEjF,MAAM,CAAC,IAAI,CACP,SAAS,EACT,0BAA0B,EAC1B;QACI,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE;QACnB,IAAI,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,OAAO,CAAC,EAAE,CAAC;QACrC,GAAG,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;KAC7B,EACD,KAAK,EAAE,EAAE,OAAO,EAAE,IAAI,EAAE,GAAG,EAAO,EAAE,EAAE;QAClC,MAAM,cAAc,GAAG,EAAE,OAAO,EAAE,IAAI,EAAE,GAAG,EAAE,CAAC;QAC9C,MAAM,UAAU,GAAG,gBAAgB,CAAC;QAEpC,uCAAuC;QACvC,MAAM,OAAO,GAAG,MAAM,MAAM,CAAC,eAAe,CAAC,UAAU,EAAE,SAAS,EAAE,cAAc,CAAC,CAAC;QAEpF,+CAA+C;QAC/C,IAAI,OAAO,CAAC,OAAO,KAAK,OAAO,EAAE,CAAC;YAC9B,OAAO;gBACH,OAAO,EAAE,CAAC;wBACN,IAAI,EAAE,MAAM;wBACZ,IAAI,EAAE,8BAA8B;4BAC9B,WAAW,OAAO,CAAC,MAAM,IAAI;4BAC7B,gBAAgB,OAAO,CAAC,WAAW,IAAI,0BAA0B,EAAE;qBAC5E,CAAC;gBACF,OAAO,EAAE,IAAI;aAChB,CAAC;QACN,CAAC;QAED,iCAAiC;QACjC,2EAA2E;QAC3E,MAAM,EAAE,UAAU,EAAE,GAAG,MAAM,MAAM,CAAC,eAAe,CAAC,CAAC;QACrD,iDAAiD;QACjD,MAAM,SAAS,GAAG,IAAI,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,OAAO,IAAI,IAAI,CAAC,GAAG,CAAC,CAAC,CAAS,EAAE,EAAE,CAAC,IAAI,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,KAAK,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC;QAC/H,IAAI,MAAM,CAAC;QACX,IAAI,GAAG,EAAE,CAAC;YACN,MAAM,WAAW,GAAG,OAAO,CAAC,GAAG,EAAE,CAAC;YAClC,IAAI,CAAC;gBACD,OAAO,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;gBACnB,MAAM,GAAG,MAAM,UAAU,CAAC,SAAS,CAAC,CAAC;YACzC,CAAC;oBAAS,CAAC;gBACP,OAAO,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC;YAC/B,CAAC;QACL,CAAC;aAAM,CAAC;YACJ,MAAM,GAAG,MAAM,UAAU,CAAC,SAAS,CAAC,CAAC;QACzC,CAAC;QAED,wCAAwC;QACxC,MAAM,MAAM,CAAC,cAAc,CACvB,OAAO,CAAC,YAAY,IAAI,MAAM,EAAE,EAChC,EAAE,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,EAChD,MAAM,CAAC,SAAS,KAAK,CAAC,EACtB,MAAM,CAAC,SAAS,CACnB,CAAC;QAEF,MAAM,cAAc,GAAG,CAAC,MAAM,CAAC,MAAM,GAAG,IAAI,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,IAAI,EAAE,CAAC;QACrE,OAAO;YACH,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,cAAc,IAAI,mCAAmC,EAAE,CAAC;YACxF,OAAO,EAAE,MAAM,CAAC,SAAS,KAAK,CAAC;SAClC,CAAC;IACN,CAAC,CACJ,CAAC;IAEF,IAAI,CAAC;QACD,MAAM,SAAS,GAAG,IAAI,oBAAoB,EAAE,CAAC;QAC7C,MAAM,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;IACpC,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACX,OAAO,CAAC,KAAK,CAAC,mBAAmB,EAAE,GAAG,CAAC,CAAC;IAC5C,CAAC;AACL,CAAC"}

package/dist/policy.d.ts

@@ -0,0 +1,6 @@
+export type GovernanceAction = "ALLOW" | "BLOCK" | "UNCERTAIN";
+export declare function getTermyteEnv(): "production" | "development";
+export declare function normalizeVerdict(action: GovernanceAction): GovernanceAction;
+export declare function applyUnifiedPolicy(action: GovernanceAction): GovernanceAction;
+export declare function recommendationFor(action: GovernanceAction): "PROCEED" | "ABORT" | "ESCALATE";
+//# sourceMappingURL=policy.d.ts.map

package/dist/policy.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"policy.d.ts","sourceRoot":"","sources":["../src/policy.ts"],"names":[],"mappings":"AAAA,MAAM,MAAM,gBAAgB,GAAG,OAAO,GAAG,OAAO,GAAG,WAAW,CAAC;AAE/D,wBAAgB,aAAa,IAAI,YAAY,GAAG,aAAa,CAE5D;AAED,wBAAgB,gBAAgB,CAC9B,MAAM,EAAE,gBAAgB,GACvB,gBAAgB,CAKlB;AAED,wBAAgB,kBAAkB,CAAC,MAAM,EAAE,gBAAgB,GAAG,gBAAgB,CAM7E;AAED,wBAAgB,iBAAiB,CAAC,MAAM,EAAE,gBAAgB,GAAG,SAAS,GAAG,OAAO,GAAG,UAAU,CAI5F"}

package/dist/policy.js

@@ -0,0 +1,24 @@
+export function getTermyteEnv() {
+    return process.env.TERMYTE_ENV === "production" ? "production" : "development";
+}
+export function normalizeVerdict(action) {
+    if (action === "ALLOW" || action === "BLOCK" || action === "UNCERTAIN") {
+        return action;
+    }
+    return "UNCERTAIN";
+}
+export function applyUnifiedPolicy(action) {
+    const env = getTermyteEnv();
+    if (env === "production") {
+        return action === "ALLOW" ? "ALLOW" : "BLOCK";
+    }
+    return action === "ALLOW" ? "ALLOW" : "UNCERTAIN";
+}
+export function recommendationFor(action) {
+    if (action === "ALLOW")
+        return "PROCEED";
+    if (action === "BLOCK")
+        return "ABORT";
+    return "ESCALATE";
+}
+//# sourceMappingURL=policy.js.map

package/dist/policy.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"policy.js","sourceRoot":"","sources":["../src/policy.ts"],"names":[],"mappings":"AAEA,MAAM,UAAU,aAAa;IAC3B,OAAO,OAAO,CAAC,GAAG,CAAC,WAAW,KAAK,YAAY,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,aAAa,CAAC;AACjF,CAAC;AAED,MAAM,UAAU,gBAAgB,CAC9B,MAAwB;IAExB,IAAI,MAAM,KAAK,OAAO,IAAI,MAAM,KAAK,OAAO,IAAI,MAAM,KAAK,WAAW,EAAE,CAAC;QACvE,OAAO,MAAM,CAAC;IAChB,CAAC;IACD,OAAO,WAAW,CAAC;AACrB,CAAC;AAED,MAAM,UAAU,kBAAkB,CAAC,MAAwB;IACzD,MAAM,GAAG,GAAG,aAAa,EAAE,CAAC;IAC5B,IAAI,GAAG,KAAK,YAAY,EAAE,CAAC;QACzB,OAAO,MAAM,KAAK,OAAO,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,OAAO,CAAC;IAChD,CAAC;IACD,OAAO,MAAM,KAAK,OAAO,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,WAAW,CAAC;AACpD,CAAC;AAED,MAAM,UAAU,iBAAiB,CAAC,MAAwB;IACxD,IAAI,MAAM,KAAK,OAAO;QAAE,OAAO,SAAS,CAAC;IACzC,IAAI,MAAM,KAAK,OAAO;QAAE,OAAO,OAAO,CAAC;IACvC,OAAO,UAAU,CAAC;AACpB,CAAC"}

package/dist/sanitizer.d.ts

@@ -0,0 +1,28 @@
+/**
+ * Sanitizer: Privacy-First Data Redaction for Termyte
+ *
+ * This utility ensures that sensitive data (API keys, secrets, PII) is redacted
+ * locally within the MCP sidecar before any trajectory data is streamed to the Cloud Runtime.
+ */
+export declare class Sanitizer {
+    private static SECRET_PATTERNS;
+    /**
+     * Redacts sensitive information from a string or JSON object.
+     */
+    static redact(input: any): any;
+    private static redactString;
+    private static redactObject;
+    /**
+     * Generates a stable fingerprint of an action for caching.
+     * Matches the format used in the Cloud Runtime: tool_name:sanitized_args_json
+     */
+    static getFingerprint(toolName: string, args: any): string;
+    private static normalizeShellArgs;
+    /**
+     * Normalizes volatile tokens in a command string so that the fingerprint
+     * matches the one produced by the Rust kernel's Normalizer::normalize_shell().
+     * Must stay in sync with cloud-runtime/src/normalizer.rs.
+     */
+    private static normalizeCommandString;
+}
+//# sourceMappingURL=sanitizer.d.ts.map

package/dist/sanitizer.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"sanitizer.d.ts","sourceRoot":"","sources":["../src/sanitizer.ts"],"names":[],"mappings":"AAEA;;;;;GAKG;AACH,qBAAa,SAAS;IACpB,OAAO,CAAC,MAAM,CAAC,eAAe,CAe5B;IAEF;;OAEG;WACW,MAAM,CAAC,KAAK,EAAE,GAAG,GAAG,GAAG;IAYrC,OAAO,CAAC,MAAM,CAAC,YAAY;IAe3B,OAAO,CAAC,MAAM,CAAC,YAAY;IAU3B;;;OAGG;WACW,cAAc,CAAC,QAAQ,EAAE,MAAM,EAAE,IAAI,EAAE,GAAG,GAAG,MAAM;IAajE,OAAO,CAAC,MAAM,CAAC,kBAAkB;IAUjC;;;;OAIG;IACH,OAAO,CAAC,MAAM,CAAC,sBAAsB;CAyBtC"}

package/dist/sanitizer.js

@@ -0,0 +1,112 @@
+import { createHash } from 'crypto';
+/**
+ * Sanitizer: Privacy-First Data Redaction for Termyte
+ *
+ * This utility ensures that sensitive data (API keys, secrets, PII) is redacted
+ * locally within the MCP sidecar before any trajectory data is streamed to the Cloud Runtime.
+ */
+export class Sanitizer {
+    static SECRET_PATTERNS = {
+        // Standard cloud/service tokens
+        AWS_KEY: /(?:ASIA|AKIA|AROA|AIDA)[A-Z0-9]{16}/g,
+        AWS_SECRET: /(?:aws_secret_access_key|aws_secret)\s*[:=]\s*(?:"|')?[A-Za-z0-9/+=]{40}(?:"|')?/gi,
+        STRIPE_KEY: /sk_live_[0-9a-zA-Z]{24}/g,
+        GITHUB_TOKEN: /(?:ghp|gho|ghu|ghs|ghr)_[a-zA-Z0-9]{36}/g,
+        SLACK_TOKEN: /xox[baprs]-[0-9a-zA-Z]{10,48}/g,
+        // Generic authentication
+        BEARER_TOKEN: /Bearer\s+[a-zA-Z0-9\-._~+/]+=*/gi,
+        BASIC_AUTH: /Basic\s+[a-zA-Z0-9+/]+=*/gi,
+        PRIVATE_KEY: /-----BEGIN (?:RSA|OPENSSH|EC|PGP) PRIVATE KEY-----[\s\S]+?-----END (?:RSA|OPENSSH|EC|PGP) PRIVATE KEY-----/g,
+        // Common sensitive field names in JSON
+        JSON_SECRET_KEY: /"(?:password|secret|token|key|pwd|auth|credential|api_key)":\s*"[^"]+"/gi,
+    };
+    /**
+     * Redacts sensitive information from a string or JSON object.
+     */
+    static redact(input) {
+        if (typeof input === 'string') {
+            return this.redactString(input);
+        }
+        if (typeof input === 'object' && input !== null) {
+            return this.redactObject(input);
+        }
+        return input;
+    }
+    static redactString(str) {
+        let result = str;
+        for (const [label, pattern] of Object.entries(this.SECRET_PATTERNS)) {
+            if (label === 'JSON_SECRET_KEY') {
+                result = result.replace(pattern, (match) => {
+                    const parts = match.split(':');
+                    return `${parts[0]}: "[REDACTED]"`;
+                });
+            }
+            else {
+                result = result.replace(pattern, `[REDACTED_${label}]`);
+            }
+        }
+        return result;
+    }
+    static redactObject(obj) {
+        const jsonStr = JSON.stringify(obj);
+        const redactedStr = this.redactString(jsonStr);
+        try {
+            return JSON.parse(redactedStr);
+        }
+        catch (e) {
+            return redactedStr;
+        }
+    }
+    /**
+     * Generates a stable fingerprint of an action for caching.
+     * Matches the format used in the Cloud Runtime: tool_name:sanitized_args_json
+     */
+    static getFingerprint(toolName, args) {
+        let sanitizedArgs = this.redact(args);
+        // Phase 3: Command Normalization for shell tools
+        if (["run_command", "shell", "run_shell_command"].includes(toolName)) {
+            sanitizedArgs = this.normalizeShellArgs(sanitizedArgs);
+        }
+        const argsJson = JSON.stringify(sanitizedArgs);
+        const canonical = `${toolName}:${argsJson}`;
+        return createHash('sha256').update(canonical).digest('hex');
+    }
+    static normalizeShellArgs(args) {
+        if (typeof args === 'string')
+            return this.normalizeCommandString(args);
+        if (typeof args === 'object' && args !== null) {
+            if (args.command) {
+                return { ...args, command: this.normalizeCommandString(args.command) };
+            }
+        }
+        return args;
+    }
+    /**
+     * Normalizes volatile tokens in a command string so that the fingerprint
+     * matches the one produced by the Rust kernel's Normalizer::normalize_shell().
+     * Must stay in sync with cloud-runtime/src/normalizer.rs.
+     */
+    static normalizeCommandString(cmd) {
+        const trimmed = cmd.trim();
+        if (!trimmed)
+            return cmd;
+        // Mirror Rust RE_TEMP_PATH / RE_ABS_PATH / RE_REL_PATH / RE_SESSION_ID / RE_PORT
+        let result = trimmed
+            .replace(/(?:\/tmp\/|\/var\/tmp\/|\/var\/folders\/|%TEMP%)\S*/gi, '[TEMP_PATH]')
+            .replace(/\/(?:[\w.-]+\/)*[\w.-]+/g, '[ABS_PATH]')
+            .replace(/\.\.?\/(?:[\w.-]+\/)*[\w.-]+/g, '[REL_PATH]')
+            .replace(/session-[a-z0-9]+/gi, '[SESSION_ID]')
+            .replace(/port\s+\d{4,5}/gi, 'port [EPHEMERAL_PORT]');
+        const parts = result.split(/\s+/).filter(Boolean);
+        if (parts.length <= 1)
+            return result;
+        const verb = parts[0];
+        const rest = parts.slice(1);
+        // Separate flags (start with -) from positional arguments and sort flags for
+        // canonical ordering — same logic as Rust: flags.sort() then non_flags.
+        const flags = rest.filter(p => p.startsWith('-')).sort();
+        const nonFlags = rest.filter(p => !p.startsWith('-'));
+        return [verb, ...flags, ...nonFlags].join(' ');
+    }
+}
+//# sourceMappingURL=sanitizer.js.map

package/dist/sanitizer.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"sanitizer.js","sourceRoot":"","sources":["../src/sanitizer.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,QAAQ,CAAC;AAEpC;;;;;GAKG;AACH,MAAM,OAAO,SAAS;IACZ,MAAM,CAAC,eAAe,GAA2B;QACvD,gCAAgC;QAChC,OAAO,EAAE,sCAAsC;QAC/C,UAAU,EAAE,oFAAoF;QAChG,UAAU,EAAE,0BAA0B;QACtC,YAAY,EAAE,0CAA0C;QACxD,WAAW,EAAE,gCAAgC;QAE7C,yBAAyB;QACzB,YAAY,EAAE,kCAAkC;QAChD,UAAU,EAAE,4BAA4B;QACxC,WAAW,EAAE,6GAA6G;QAE1H,uCAAuC;QACvC,eAAe,EAAE,0EAA0E;KAC5F,CAAC;IAEF;;OAEG;IACI,MAAM,CAAC,MAAM,CAAC,KAAU;QAC7B,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YAC9B,OAAO,IAAI,CAAC,YAAY,CAAC,KAAK,CAAC,CAAC;QAClC,CAAC;QAED,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,KAAK,IAAI,EAAE,CAAC;YAChD,OAAO,IAAI,CAAC,YAAY,CAAC,KAAK,CAAC,CAAC;QAClC,CAAC;QAED,OAAO,KAAK,CAAC;IACf,CAAC;IAEO,MAAM,CAAC,YAAY,CAAC,GAAW;QACrC,IAAI,MAAM,GAAG,GAAG,CAAC;QACjB,KAAK,MAAM,CAAC,KAAK,EAAE,OAAO,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,eAAe,CAAC,EAAE,CAAC;YAClE,IAAI,KAAK,KAAK,iBAAiB,EAAE,CAAC;gBAC9B,MAAM,GAAG,MAAM,CAAC,OAAO,CAAC,OAAO,EAAE,CAAC,KAAK,EAAE,EAAE;oBACvC,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;oBAC/B,OAAO,GAAG,KAAK,CAAC,CAAC,CAAC,gBAAgB,CAAC;gBACvC,CAAC,CAAC,CAAC;YACP,CAAC;iBAAM,CAAC;gBACJ,MAAM,GAAG,MAAM,CAAC,OAAO,CAAC,OAAO,EAAE,aAAa,KAAK,GAAG,CAAC,CAAC;YAC5D,CAAC;QACL,CAAC;QACD,OAAO,MAAM,CAAC;IAChB,CAAC;IAEO,MAAM,CAAC,YAAY,CAAC,GAAQ;QAClC,MAAM,OAAO,GAAG,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;QACpC,MAAM,WAAW,GAAG,IAAI,CAAC,YAAY,CAAC,OAAO,CAAC,CAAC;QAC/C,IAAI,CAAC;YACH,OAAO,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC;QACjC,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,OAAO,WAAW,CAAC;QACrB,CAAC;IACH,CAAC;IAED;;;OAGG;IACI,MAAM,CAAC,cAAc,CAAC,QAAgB,EAAE,IAAS;QACtD,IAAI,aAAa,GAAG,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;QAEtC,iDAAiD;QACjD,IAAI,CAAC,aAAa,EAAE,OAAO,EAAE,mBAAmB,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC;YACrE,aAAa,GAAG,IAAI,CAAC,kBAAkB,CAAC,aAAa,CAAC,CAAC;QACzD,CAAC;QAED,MAAM,QAAQ,GAAG,IAAI,CAAC,SAAS,CAAC,aAAa,CAAC,CAAC;QAC/C,MAAM,SAAS,GAAG,GAAG,QAAQ,IAAI,QAAQ,EAAE,CAAC;QAC5C,OAAO,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IAC9D,CAAC;IAEO,MAAM,CAAC,kBAAkB,CAAC,IAAS;QACzC,IAAI,OAAO,IAAI,KAAK,QAAQ;YAAE,OAAO,IAAI,CAAC,sBAAsB,CAAC,IAAI,CAAC,CAAC;QACvE,IAAI,OAAO,IAAI,KAAK,QAAQ,IAAI,IAAI,KAAK,IAAI,EAAE,CAAC;YAC9C,IAAI,IAAI,CAAC,OAAO,EAAE,CAAC;gBACjB,OAAO,EAAE,GAAG,IAAI,EAAE,OAAO,EAAE,IAAI,CAAC,sBAAsB,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;YACzE,CAAC;QACH,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;IAED;;;;OAIG;IACK,MAAM,CAAC,sBAAsB,CAAC,GAAW;QAC/C,MAAM,OAAO,GAAG,GAAG,CAAC,IAAI,EAAE,CAAC;QAC3B,IAAI,CAAC,OAAO;YAAE,OAAO,GAAG,CAAC;QAEzB,iFAAiF;QACjF,IAAI,MAAM,GAAG,OAAO;aACjB,OAAO,CAAC,uDAAuD,EAAE,aAAa,CAAC;aAC/E,OAAO,CAAC,0BAA0B,EAAE,YAAY,CAAC;aACjD,OAAO,CAAC,+BAA+B,EAAE,YAAY,CAAC;aACtD,OAAO,CAAC,qBAAqB,EAAE,cAAc,CAAC;aAC9C,OAAO,CAAC,kBAAkB,EAAE,uBAAuB,CAAC,CAAC;QAExD,MAAM,KAAK,GAAG,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;QAClD,IAAI,KAAK,CAAC,MAAM,IAAI,CAAC;YAAE,OAAO,MAAM,CAAC;QAErC,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAE,CAAC;QACvB,MAAM,IAAI,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;QAE5B,6EAA6E;QAC7E,wEAAwE;QACxE,MAAM,KAAK,GAAG,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;QACzD,MAAM,QAAQ,GAAG,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC;QAEtD,OAAO,CAAC,IAAI,EAAE,GAAG,KAAK,EAAE,GAAG,QAAQ,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IACjD,CAAC"}

package/package.json

@@ -0,0 +1,49 @@
+{
+  "name": "termyte",
+  "version": "0.1.0",
+  "description": "Termyte eats dangerous agent actions before they eat your codebase",
+  "main": "dist/index.js",
+  "bin": {
+    "termyte": "dist/index.js"
+  },
+  "type": "module",
+  "scripts": {
+    "build": "tsc",
+    "start": "node dist/index.js",
+    "dev": "tsc --watch",
+    "test": "vitest run",
+    "prepublishOnly": "npm run build"
+  },
+  "files": [
+    "dist",
+    "proto",
+    "README.md",
+    "LICENSE",
+    "package.json"
+  ],
+  "keywords": [
+    "mcp",
+    "ai-agents",
+    "causal-memory",
+    "deterministic-governance",
+    "split-plane-architecture",
+    "agent-governance",
+    "high-performance-ai"
+  ],
+  "author": "",
+  "license": "ISC",
+  "devDependencies": {
+    "@types/node": "^25.6.0",
+    "ts-node": "^10.9.2",
+    "typescript": "^6.0.2",
+    "vitest": "^4.1.4"
+  },
+  "dependencies": {
+    "@modelcontextprotocol/sdk": "^1.29.0",
+    "@types/uuid": "^10.0.0",
+    "lru-cache": "^11.3.5",
+    "picocolors": "^1.1.1",
+    "uuid": "^14.0.0",
+    "zod": "^4.3.6"
+  }
+}