veto-sdk 1.1.0 → 1.3.0

package/README.md

@@ -4,17 +4,16 @@ A guardrail system for AI agent tool calls. Veto intercepts and validates tool c
 
 ## How It Works
 
-1. Define your tools with handlers
-2. Wrap them with Veto to get `definitions` and `implementations`
-3. Pass `definitions` to the AI model
-4. Execute tool calls using `implementations` - validation happens automatically
+1. **Initialize** Veto.
+2. **Wrap** your tools using `veto.wrap()`.
+3. **Pass** the wrapped tools to your AI agent/model.
 
-When a tool is executed, Veto:
-1. Looks up applicable rules from your YAML configuration
-2. Sends the call context and rules to your validation API
-3. Blocks or allows the call based on the API response
+When the AI model calls a tool, Veto automatically:
+1. Intercepts the call.
+2. Validates arguments against your rules (via YAML & LLM).
+3. Blocks or Allows execution based on the result.
 
-The AI model remains unaware of the guardrail - tool schemas are unchanged.
+The AI model remains unaware of the guardrail - the tool interface is preserved.
 
 ## Installation
 
@@ -24,84 +23,57 @@ npm install veto
 
 ## Quick Start
 
-### 1. Initialize Veto in your project
+### 1. Initialize Veto
 
+Run the CLI to create configuration:
 ```bash
 npx veto init
 ```
+This creates a `veto/` directory with `veto.config.yaml` and default rules.
 
-This creates a `veto/` directory with configuration and default rules.
+### 2. Wrap Your Tools
 
-### 2. Define your tools and wrap them
+Veto's `wrap()` method is provider-agnostic. It works with LangChain, Vercel AI SDK, or any custom tool object.
 
 ```typescript
-import { Veto, ToolCallDeniedError } from 'veto';
-
-// Define tools with handlers
-const tools = [
-  {
-    name: 'read_file',
-    description: 'Read a file',
-    inputSchema: {
-      type: 'object',
-      properties: { path: { type: 'string' } },
-      required: ['path']
-    },
-    handler: async (args) => {
-      return fs.readFileSync(args.path, 'utf-8');
-    }
-  },
-  {
-    name: 'write_file',
-    description: 'Write a file',
-    inputSchema: {
-      type: 'object',
-      properties: {
-        path: { type: 'string' },
-        content: { type: 'string' }
-      },
-      required: ['path', 'content']
-    },
-    handler: async (args) => {
-      fs.writeFileSync(args.path, args.content);
-      return 'OK';
-    }
-  }
+import { Veto } from 'veto';
+import { tool } from '@langchain/core/tools'; // Example with LangChain
+
+// 1. Define your tools normally
+const myTools = [
+  tool(async (args) => { ... }, { name: 'my_tool', ... }),
+  // ...
 ];
 
-// Initialize Veto and wrap tools
+// 2. Initialize Veto
 const veto = await Veto.init();
-const { definitions, implementations } = veto.wrapTools(tools);
-
-// Use implementations - validation happens automatically
-try {
-  const content = await implementations.read_file({ path: '/home/user/file.txt' });
-  console.log(content);
-} catch (error) {
-  if (error instanceof ToolCallDeniedError) {
-    console.log('Blocked:', error.reason);
-  }
-}
+
+// 3. Wrap tools (Validation logic is injected)
+// Types are preserved: wrappedTools has same type as myTools
+const wrappedTools = veto.wrap(myTools);
+
+// 4. Pass to your Agent/LLM
+const agent = createAgent({
+  tools: wrappedTools,
+  // ...
+});
 ```
 
-### 3. Configure rules
+### 3. Configure Rules
 
-Edit `veto/rules/defaults.yaml`:
+Edit `veto/rules/financial.yaml` (example):
 
 ```yaml
 rules:
-  - id: block-system-paths
-    name: Block system path access
-    enabled: true
-    severity: critical
+  - id: limit-transfers
+    name: Limit large transfers
     action: block
     tools:
-      - read_file
-      - write_file
+      - transfer_funds
     conditions:
-      - field: arguments.path
-        operator: starts_with
-        value: /etc
+      - field: arguments.amount
+        operator: greater_than
+        value: 1000
 ```
 
 ## Configuration
@@ -114,16 +86,18 @@ version: "1.0"
 # Operating mode
 mode: "strict"  # "strict" blocks calls, "log" only logs them
 
-# Validation API endpoint
-api:
-  baseUrl: "http://localhost:8080"
-  endpoint: "/tool/call/check"
-  timeout: 10000
-  retries: 2
+# Validation Backend
+validation:
+  mode: "custom" # "api", "kernel", or "custom"
+
+# Custom Provider (if mode is custom)
+custom:
+  provider: "gemini" # or openai, anthropic
+  model: "gemini-3-flash-preview"
 
 # Logging
 logging:
-  level: "info"  # debug, info, warn, error, silent
+  level: "info"
 
 # Rules
 rules:
@@ -131,223 +105,49 @@ rules:
   recursive: true
 ```
 
-### Operating Modes
-
-| Mode | Behavior |
-|------|----------|
-| `strict` | Blocks tool calls when the validation API returns a block decision |
-| `log` | Logs block decisions but allows all tool calls to proceed |
-
-Override mode programmatically:
-
-```typescript
-const veto = await Veto.init({ mode: 'log' });
-```
-
-## Validation API
-
-Veto sends a POST request to your validation API with the tool call context and applicable rules.
-
-### Request
-
-```
-POST /tool/call/check
-Content-Type: application/json
-```
-
-```json
-{
-  "context": {
-    "call_id": "call_abc123",
-    "tool_name": "read_file",
-    "arguments": { "path": "/etc/passwd" },
-    "timestamp": "2024-01-15T10:30:00Z",
-    "call_history": []
-  },
-  "rules": [
-    {
-      "id": "block-system-paths",
-      "name": "Block system path access",
-      "severity": "critical",
-      "conditions": [
-        {
-          "field": "arguments.path",
-          "operator": "starts_with",
-          "value": "/etc"
-        }
-      ]
-    }
-  ]
-}
-```
-
-### Response
-
-```json
-{
-  "should_pass_weight": 0.1,
-  "should_block_weight": 0.9,
-  "decision": "block",
-  "reasoning": "Access to /etc is blocked by security policy"
-}
-```
-
-The `decision` field must be either `"pass"` or `"block"`.
-
-## Rule Format
-
-```yaml
-rules:
-  - id: unique-rule-id
-    name: Human readable name
-    description: What this rule does
-    enabled: true
-    severity: critical    # critical, high, medium, low, info
-    action: block         # block, warn, log, allow
-    tools:                # tools this applies to (empty = all tools)
-      - read_file
-      - write_file
-    conditions:           # all conditions must match
-      - field: arguments.path
-        operator: starts_with
-        value: /etc
-```
-
-### Condition Operators
-
-| Operator | Description |
-|----------|-------------|
-| `equals` | Exact match |
-| `not_equals` | Not equal |
-| `contains` | String contains substring |
-| `not_contains` | String does not contain substring |
-| `starts_with` | String starts with prefix |
-| `ends_with` | String ends with suffix |
-| `matches` | Regex pattern match |
-| `greater_than` | Numeric greater than |
-| `less_than` | Numeric less than |
-| `in` | Value in list |
-| `not_in` | Value not in list |
-
-## Provider Integration
-
-### OpenAI
-
-```typescript
-import { Veto, toOpenAITools, fromOpenAIToolCall } from 'veto';
-
-const veto = await Veto.init();
-const { definitions, implementations } = veto.wrapTools(myTools);
-
-// Pass definitions to OpenAI
-const response = await openai.chat.completions.create({
-  model: 'gpt-4',
-  tools: toOpenAITools(definitions),
-  messages: [...]
-});
-
-// Execute tool calls using implementations
-for (const call of response.choices[0].message.tool_calls ?? []) {
-  const args = JSON.parse(call.function.arguments);
-  try {
-    const result = await implementations[call.function.name](args);
-    console.log('Result:', result);
-  } catch (error) {
-    if (error instanceof ToolCallDeniedError) {
-      console.log('Blocked:', error.reason);
-    }
-  }
-}
-```
-
-### Anthropic
-
-```typescript
-import { Veto, toAnthropicTools, fromAnthropicToolUse } from 'veto';
-
-const veto = await Veto.init();
-const { definitions, implementations } = veto.wrapTools(myTools);
-
-// Pass definitions to Anthropic
-const response = await anthropic.messages.create({
-  model: 'claude-3-opus-20240229',
-  tools: toAnthropicTools(definitions),
-  messages: [...]
-});
-
-// Execute tool calls using implementations
-for (const block of response.content) {
-  if (block.type === 'tool_use') {
-    try {
-      const result = await implementations[block.name](block.input);
-      console.log('Result:', result);
-    } catch (error) {
-      if (error instanceof ToolCallDeniedError) {
-        console.log('Blocked:', error.reason);
-      }
-    }
-  }
-}
-```
-
 ## API Reference
 
-### Veto.init(options?)
+### `Veto.init(options?)`
 
-Initialize Veto by loading configuration and rules.
+Initialize Veto. Loads configuration from `./veto` by default.
 
 ```typescript
 const veto = await Veto.init();
-
-// With options
-const veto = await Veto.init({
-  configDir: './my-veto-config',
-  mode: 'log',
-  logLevel: 'debug'
-});
 ```
 
-### veto.wrapTools(tools)
+### `veto.wrap<T>(tools: T[]): T[]`
 
-Wrap tools and return definitions and implementations.
+Wraps an array of tools. The returned tools have Veto validation injected into their execution handler. Preserves the original tool types for full compatibility with your AI framework.
 
 ```typescript
-const { definitions, implementations } = veto.wrapTools(tools);
-
-// definitions: Tool schemas to pass to AI models (no handlers)
-// implementations: Object with wrapped handler functions keyed by tool name
+const wrappedForLangChain = veto.wrap(langChainTools);
+const wrappedForVercel = veto.wrap(vercelTools);
 ```
 
-### veto.validateToolCall(call)
+### `veto.wrapTool<T>(tool: T): T`
 
-Manually validate a tool call (for custom execution flows).
+Wraps a single tool instance.
 
 ```typescript
-const result = await veto.validateToolCall({
-  id: 'call_123',
-  name: 'read_file',
-  arguments: { path: '/some/path' }
-});
-
-if (result.allowed) {
-  // Execute
-}
+const safeTool = veto.wrapTool(myTool);
 ```
 
-### veto.getMode()
+### `veto.getHistoryStats()`
 
-Get current operating mode.
+Returns statistics about allowed vs blocked calls.
 
 ```typescript
-const mode = veto.getMode(); // 'strict' or 'log'
+const stats = veto.getHistoryStats();
+console.log(stats);
+// { totalCalls: 5, allowedCalls: 4, deniedCalls: 1, ... }
 ```
 
-### veto.getLoadedRules()
+### `veto.clearHistory()`
 
-Get all loaded rules.
+Resets the history statistics.
 
 ```typescript
-const rules = veto.getLoadedRules();
+veto.clearHistory();
 ```
 
 ## CLI Commands
@@ -355,17 +155,49 @@ const rules = veto.getLoadedRules();
 | Command | Description |
 |---------|-------------|
 | `npx veto init` | Initialize Veto in current directory |
-| `npx veto init --force` | Reinitialize, overwriting existing files |
-| `npx veto help` | Show help |
 | `npx veto version` | Show version |
 
-## Environment Variables
+## General Rule YAML Format
+
+Each rule file (e.g., `veto/rules/policy.yaml`) can contain one or more rules.
+
+```yaml
+rules:
+  - id: unique-rule-id           # [Required] Unique identifier for the rule
+    name: Human readable name    # [Required] Descriptive name for logging
+    enabled: true                # [Optional] Default: true
+    severity: high               # [Optional] critical, high, medium, low, info. Default: medium
+    action: block                # [Required] block, warn, log, allow.
+    
+    # Scope: Which tools does this rule apply to?
+    tools:                       # [Optional] List of tool names.
+      - make_payment             # If omitted or empty, applies to ALL tools (Global Rule).
+      
+    # Static Conditions (Optional):
+    # Evaluated locally before LLM validation. Fast checks for specific values.
+    conditions:
+      - field: arguments.amount  # Dot notation for nested arguments
+        operator: greater_than   # equals, contains, starts_with, ends_with, greater_than, less_than
+        value: 1000
+
+    # description (Optional):
+    # Natural language guidance for the validation LLM.
+    description: "Ensure the payment recipient is a verified vendor."
+```
+
+## Rule Matching Logic
+
+Veto uses a two-step process to determine if a tool call is safe:
+
+### 1. Rule Selection (Which rules apply?)
+Veto selects rules based on the `tools` list in your YAML:
+*   **Tool-Specific Rules**: If a rule lists specific tools (e.g., `tools: [make_payment]`), it ONLY applies when those tools are called.
+*   **Global Rules**: If `tools` is missing or empty `[]`, the rule activates for **EVERY** tool call. Use this for universal policies (e.g., "Do not reveal internal file paths").
 
-| Variable | Description |
-|----------|-------------|
-| `VETO_LOG_LEVEL` | Override log level |
-| `VETO_SESSION_ID` | Session ID for tracking |
-| `VETO_AGENT_ID` | Agent ID for tracking |
+### 2. Validation Execution
+For each intercepted tool call, Veto aggregates all applicable rules (Global + Specific) and validates them:
+*   **Static Conditions**: If `conditions` are defined, they are checked first by the Validation Engine. If a condition matches (e.g., `amount > 1000`), the rule triggers immediately.
+*   **Semantic Validation**: If no static conditions are matched (or none exist), the rule's `name` and `description` are passed to the LLM (via API, Kernel, or Custom provider) to semantically verify if the tool call violates the rule context.
 
 ## License
 

package/dist/cli/templates.d.ts

@@ -6,7 +6,7 @@
 /**
  * Default veto.config.yaml content.
  */
-export declare const DEFAULT_CONFIG = "# Veto Configuration\n# See README.md for documentation\n\nversion: \"1.0\"\n\n# Operating mode:\n#   \"strict\" - Block tool calls when validation fails\n#   \"log\"    - Only log validation failures, allow calls to proceed\nmode: \"strict\"\n\n# Validation API endpoint (internal)\napi:\n  baseUrl: \"http://localhost:8080\"\n  endpoint: \"/tool/call/check\"\n  timeout: 10000\n  retries: 2\n  retryDelay: 1000\n\n# Logging\nlogging:\n  level: \"info\"  # debug, info, warn, error, silent\n\n# Rules configuration\nrules:\n  directory: \"./rules\"\n  recursive: true\n";
+export declare const DEFAULT_CONFIG = "# Veto Configuration\n# See README.md for documentation\n\nversion: \"1.0\"\n\n# Operating mode:\n#   \"strict\" - Block tool calls when validation fails\n#   \"log\"    - Only log validation failures, allow calls to proceed\nmode: \"strict\"\n\n# Validation mode:\n#   \"api\"    - Use external HTTP API (default)\n#   \"kernel\" - Use local Ollama model\n#   \"custom\" - Use specified LLM provider\nvalidation:\n  mode: \"api\"\n\n# Validation API endpoint (for mode: \"api\")\napi:\n  baseUrl: \"http://localhost:8080\"\n  endpoint: \"/tool/call/check\"\n  timeout: 10000\n  retries: 2\n  retryDelay: 1000\n\n# Kernel configuration (for mode: \"kernel\")\n# kernel:\n#   baseUrl: \"http://localhost:11434/v1\"\n#   model: \"hf.co/ycaleb/veto-warden-4b-GGUF:Q4_K_M\"\n#   temperature: 0.1\n#   maxTokens: 256\n\n# Custom LLM provider (for mode: \"custom\")\n# custom:\n#   provider: \"openai\"  # openai | anthropic | gemini | openrouter\n#   model: \"gpt-4o\"\n#   # apiKey: \"sk-...\"  # Or set OPENAI_API_KEY env var\n#   temperature: 0.1\n#   maxTokens: 500\n#   # baseUrl: \"https://api.openai.com/v1\"  # Optional override\n\n# Logging\nlogging:\n  level: \"info\"  # debug, info, warn, error, silent\n\n# Rules configuration\nrules:\n  directory: \"./rules\"\n  recursive: true\n";
 /**
  * Default rules/defaults.yaml content.
  */
@@ -18,5 +18,5 @@ export declare const GITIGNORE_ADDITIONS = "\n# Veto\nveto/.env\nveto/*.local.ya
 /**
  * Example .env file content.
  */
-export declare const ENV_EXAMPLE = "# Veto Environment Variables\n# Copy this to .env and fill in values\n\n# Override log level (debug, info, warn, error, silent)\n# VETO_LOG_LEVEL=debug\n\n# Session/Agent tracking (optional)\n# VETO_SESSION_ID=\n# VETO_AGENT_ID=\n";
+export declare const ENV_EXAMPLE = "# Veto Environment Variables\n# Copy this to .env and fill in values\n\n# Override log level (debug, info, warn, error, silent)\n# VETO_LOG_LEVEL=debug\n\n# Session/Agent tracking (optional)\n# VETO_SESSION_ID=\n# VETO_AGENT_ID=\n\n# Custom LLM Provider API Keys (for validation.mode: \"custom\")\n# OPENAI_API_KEY=sk-...\n# ANTHROPIC_API_KEY=sk-ant-...\n# GEMINI_API_KEY=...\n# OPENROUTER_API_KEY=sk-or-...\n";
 //# sourceMappingURL=templates.d.ts.map

package/dist/cli/templates.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"templates.d.ts","sourceRoot":"","sources":["../../src/cli/templates.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH;;GAEG;AACH,eAAO,MAAM,cAAc,+jBA0B1B,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,aAAa,oqDAuEzB,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,mBAAmB,6CAI/B,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,WAAW,2OASvB,CAAC"}
+{"version":3,"file":"templates.d.ts","sourceRoot":"","sources":["../../src/cli/templates.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH;;GAEG;AACH,eAAO,MAAM,cAAc,8wCAiD1B,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,aAAa,oqDAuEzB,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,mBAAmB,6CAI/B,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,WAAW,8ZAevB,CAAC"}

package/dist/cli/templates.js

@@ -16,7 +16,14 @@ version: "1.0"
 #   "log"    - Only log validation failures, allow calls to proceed
 mode: "strict"
 
-# Validation API endpoint (internal)
+# Validation mode:
+#   "api"    - Use external HTTP API (default)
+#   "kernel" - Use local Ollama model
+#   "custom" - Use specified LLM provider
+validation:
+  mode: "api"
+
+# Validation API endpoint (for mode: "api")
 api:
   baseUrl: "http://localhost:8080"
   endpoint: "/tool/call/check"
@@ -24,6 +31,22 @@ api:
   retries: 2
   retryDelay: 1000
 
+# Kernel configuration (for mode: "kernel")
+# kernel:
+#   baseUrl: "http://localhost:11434/v1"
+#   model: "hf.co/ycaleb/veto-warden-4b-GGUF:Q4_K_M"
+#   temperature: 0.1
+#   maxTokens: 256
+
+# Custom LLM provider (for mode: "custom")
+# custom:
+#   provider: "openai"  # openai | anthropic | gemini | openrouter
+#   model: "gpt-4o"
+#   # apiKey: "sk-..."  # Or set OPENAI_API_KEY env var
+#   temperature: 0.1
+#   maxTokens: 500
+#   # baseUrl: "https://api.openai.com/v1"  # Optional override
+
 # Logging
 logging:
   level: "info"  # debug, info, warn, error, silent
@@ -128,5 +151,11 @@ export const ENV_EXAMPLE = `# Veto Environment Variables
 # Session/Agent tracking (optional)
 # VETO_SESSION_ID=
 # VETO_AGENT_ID=
+
+# Custom LLM Provider API Keys (for validation.mode: "custom")
+# OPENAI_API_KEY=sk-...
+# ANTHROPIC_API_KEY=sk-ant-...
+# GEMINI_API_KEY=...
+# OPENROUTER_API_KEY=sk-or-...
 `;
 //# sourceMappingURL=templates.js.map

package/dist/cli/templates.js.map

@@ -1 +1 @@
-{"version":3,"file":"templates.js","sourceRoot":"","sources":["../../src/cli/templates.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH;;GAEG;AACH,MAAM,CAAC,MAAM,cAAc,GAAG;;;;;;;;;;;;;;;;;;;;;;;;;;CA0B7B,CAAC;AAEF;;GAEG;AACH,MAAM,CAAC,MAAM,aAAa,GAAG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAuE5B,CAAC;AAEF;;GAEG;AACH,MAAM,CAAC,MAAM,mBAAmB,GAAG;;;;CAIlC,CAAC;AAEF;;GAEG;AACH,MAAM,CAAC,MAAM,WAAW,GAAG;;;;;;;;;CAS1B,CAAC"}
+{"version":3,"file":"templates.js","sourceRoot":"","sources":["../../src/cli/templates.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH;;GAEG;AACH,MAAM,CAAC,MAAM,cAAc,GAAG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAiD7B,CAAC;AAEF;;GAEG;AACH,MAAM,CAAC,MAAM,aAAa,GAAG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAuE5B,CAAC;AAEF;;GAEG;AACH,MAAM,CAAC,MAAM,mBAAmB,GAAG;;;;CAIlC,CAAC;AAEF;;GAEG;AACH,MAAM,CAAC,MAAM,WAAW,GAAG;;;;;;;;;;;;;;;CAe1B,CAAC"}

package/dist/cloud/client.d.ts

@@ -0,0 +1,40 @@
+/**
+ * Veto Cloud API client.
+ *
+ * Handles communication with the Veto Cloud API for:
+ * - Tool registration (sends tool signatures for policy template generation)
+ * - Tool call validation (validates tool calls against cloud-managed policies)
+ * - Approval polling (polls approval records until resolved)
+ *
+ * @module cloud/client
+ */
+import type { Logger } from '../utils/logger.js';
+import type { VetoCloudConfig, CloudToolRegistration, CloudToolRegistrationResponse, CloudValidationResponse, ApprovalData, ApprovalPollOptions } from './types.js';
+export interface VetoCloudClientOptions {
+    config?: VetoCloudConfig;
+    logger: Logger;
+}
+export declare class VetoCloudClient {
+    private readonly config;
+    private readonly logger;
+    private readonly registeredTools;
+    constructor(options: VetoCloudClientOptions);
+    private resolveConfig;
+    private getHeaders;
+    registerTools(tools: CloudToolRegistration[]): Promise<CloudToolRegistrationResponse>;
+    validate(toolName: string, args: Record<string, unknown>, context?: Record<string, unknown>): Promise<CloudValidationResponse>;
+    pollApproval(approvalId: string, options?: ApprovalPollOptions): Promise<ApprovalData>;
+    isToolRegistered(toolName: string): boolean;
+    clearRegistrationCache(): void;
+    private fetchWithTimeout;
+    private delay;
+}
+/**
+ * Error thrown when an approval poll times out.
+ */
+export declare class ApprovalTimeoutError extends Error {
+    readonly approvalId: string;
+    readonly timeoutMs: number;
+    constructor(approvalId: string, timeoutMs: number);
+}
+//# sourceMappingURL=client.d.ts.map

package/dist/cloud/client.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"client.d.ts","sourceRoot":"","sources":["../../src/cloud/client.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,oBAAoB,CAAC;AACjD,OAAO,KAAK,EACV,eAAe,EAEf,qBAAqB,EACrB,6BAA6B,EAC7B,uBAAuB,EACvB,YAAY,EACZ,mBAAmB,EACpB,MAAM,YAAY,CAAC;AAEpB,MAAM,WAAW,sBAAsB;IACrC,MAAM,CAAC,EAAE,eAAe,CAAC;IACzB,MAAM,EAAE,MAAM,CAAC;CAChB;AAID,qBAAa,eAAe;IAC1B,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAsB;IAC7C,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAS;IAChC,OAAO,CAAC,QAAQ,CAAC,eAAe,CAAqB;gBAEzC,OAAO,EAAE,sBAAsB;IAK3C,OAAO,CAAC,aAAa;IAUrB,OAAO,CAAC,UAAU;IAUZ,aAAa,CACjB,KAAK,EAAE,qBAAqB,EAAE,GAC7B,OAAO,CAAC,6BAA6B,CAAC;IAwFnC,QAAQ,CACZ,QAAQ,EAAE,MAAM,EAChB,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAC7B,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAChC,OAAO,CAAC,uBAAuB,CAAC;IAuF7B,YAAY,CAChB,UAAU,EAAE,MAAM,EAClB,OAAO,CAAC,EAAE,mBAAmB,GAC5B,OAAO,CAAC,YAAY,CAAC;IAqDxB,gBAAgB,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO;IAI3C,sBAAsB,IAAI,IAAI;YAIhB,gBAAgB;IAuB9B,OAAO,CAAC,KAAK;CAGd;AAED;;GAEG;AACH,qBAAa,oBAAqB,SAAQ,KAAK;IAC7C,QAAQ,CAAC,UAAU,EAAE,MAAM,CAAC;IAC5B,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;gBAEf,UAAU,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM;CAQlD"}