veto-sdk 1.17.0 → 2.2.0

package/dist/cli/replay-engine.d.ts

@@ -0,0 +1,77 @@
+/**
+ * Shared replay engine used by both `replay` and `diff` commands.
+ *
+ * Pure deterministic evaluation — no LLM calls, no cloud calls, no network.
+ *
+ * @module cli/replay-engine
+ */
+import { type ASTNode } from '../compiler/index.js';
+import { RuleLoader } from '../rules/loader.js';
+import type { Rule } from '../rules/types.js';
+type RuleDecision = 'allow' | 'deny' | 'require_approval';
+type SnapshotKind = 'file' | 'directory' | 'git-file';
+export interface PolicySnapshot {
+    kind: SnapshotKind;
+    source: string;
+    rules: Rule[];
+    rulesByTool: Map<string, Rule[]>;
+    globalRules: Rule[];
+}
+export interface ReplaySnapshot {
+    globalRules: Rule[];
+    rulesByTool: Map<string, Rule[]>;
+}
+export interface ReplayCall {
+    index: number;
+    line: number;
+    tool: string;
+    arguments: Record<string, unknown>;
+    timestamp: string;
+    decision?: RuleDecision;
+    ruleId?: string;
+    sessionId?: string;
+    agentId?: string;
+    userId?: string;
+    role?: string;
+    custom?: Record<string, unknown>;
+}
+export interface ReplayDecision {
+    decision: RuleDecision;
+    ruleId?: string;
+    ruleName?: string;
+    reason?: string;
+}
+export interface ReplayHistoryEntry {
+    toolName: string;
+    arguments: Record<string, unknown>;
+    decision: RuleDecision;
+    timestamp: Date;
+}
+export interface ParsedReplayLog {
+    calls: ReplayCall[];
+    totalLines: number;
+    invalidLines: number;
+    invalidLineNumbers: number[];
+}
+export interface DecisionCounts {
+    allow: number;
+    deny: number;
+    require_approval: number;
+}
+export declare function isPlainObject(value: unknown): value is Record<string, unknown>;
+export declare function normalizeOptionalString(value: unknown): string | undefined;
+export declare function normalizeTimestamp(raw: unknown): string | null;
+export declare function parseReplayLog(logPath: string): ParsedReplayLog;
+export declare function parseReplayLogContent(content: string, sourceName?: string): ParsedReplayLog;
+export declare function evaluateExpressionSafely(expression: string, context: Record<string, unknown>, cache: Map<string, ASTNode>): boolean;
+export declare function matchesReplayRule(rule: Rule, call: ReplayCall, history: readonly ReplayHistoryEntry[], expressionCache: Map<string, ASTNode>): boolean;
+export declare function buildReplaySnapshot(snapshot: PolicySnapshot): ReplaySnapshot;
+export declare function decideReplayCall(replaySnapshot: ReplaySnapshot, call: ReplayCall, history: readonly ReplayHistoryEntry[], expressionCache: Map<string, ASTNode>): ReplayDecision;
+export declare function replayCalls(snapshot: PolicySnapshot, calls: readonly ReplayCall[]): ReplayDecision[];
+export declare function countDecisions(decisions: readonly ReplayDecision[]): DecisionCounts;
+export declare function createRuleLoader(): RuleLoader;
+export declare function getPathType(inputPath: string): 'file' | 'directory';
+export declare function createSnapshotFromLoader(kind: SnapshotKind, source: string, loader: RuleLoader): PolicySnapshot;
+export declare function loadPolicySnapshot(inputPath: string): PolicySnapshot;
+export {};
+//# sourceMappingURL=replay-engine.d.ts.map

package/dist/cli/replay-engine.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"replay-engine.d.ts","sourceRoot":"","sources":["../../src/cli/replay-engine.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAKH,OAAO,EAA0C,KAAK,OAAO,EAAE,MAAM,sBAAsB,CAAC;AAC5F,OAAO,EAAE,UAAU,EAAE,MAAM,oBAAoB,CAAC;AAEhD,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,mBAAmB,CAAC;AAO9C,KAAK,YAAY,GAAG,OAAO,GAAG,MAAM,GAAG,kBAAkB,CAAC;AAC1D,KAAK,YAAY,GAAG,MAAM,GAAG,WAAW,GAAG,UAAU,CAAC;AAEtD,MAAM,WAAW,cAAc;IAC7B,IAAI,EAAE,YAAY,CAAC;IACnB,MAAM,EAAE,MAAM,CAAC;IACf,KAAK,EAAE,IAAI,EAAE,CAAC;IACd,WAAW,EAAE,GAAG,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC;IACjC,WAAW,EAAE,IAAI,EAAE,CAAC;CACrB;AAED,MAAM,WAAW,cAAc;IAC7B,WAAW,EAAE,IAAI,EAAE,CAAC;IACpB,WAAW,EAAE,GAAG,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC;CAClC;AAED,MAAM,WAAW,UAAU;IACzB,KAAK,EAAE,MAAM,CAAC;IACd,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC;IACb,SAAS,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACnC,SAAS,EAAE,MAAM,CAAC;IAClB,QAAQ,CAAC,EAAE,YAAY,CAAC;IACxB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,MAAM,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CAClC;AAED,MAAM,WAAW,cAAc;IAC7B,QAAQ,EAAE,YAAY,CAAC;IACvB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAED,MAAM,WAAW,kBAAkB;IACjC,QAAQ,EAAE,MAAM,CAAC;IACjB,SAAS,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACnC,QAAQ,EAAE,YAAY,CAAC;IACvB,SAAS,EAAE,IAAI,CAAC;CACjB;AAED,MAAM,WAAW,eAAe;IAC9B,KAAK,EAAE,UAAU,EAAE,CAAC;IACpB,UAAU,EAAE,MAAM,CAAC;IACnB,YAAY,EAAE,MAAM,CAAC;IACrB,kBAAkB,EAAE,MAAM,EAAE,CAAC;CAC9B;AAED,MAAM,WAAW,cAAc;IAC7B,KAAK,EAAE,MAAM,CAAC;IACd,IAAI,EAAE,MAAM,CAAC;IACb,gBAAgB,EAAE,MAAM,CAAC;CAC1B;AAYD,wBAAgB,aAAa,CAAC,KAAK,EAAE,OAAO,GAAG,KAAK,IAAI,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAK9E;AAED,wBAAgB,uBAAuB,CAAC,KAAK,EAAE,OAAO,GAAG,MAAM,GAAG,SAAS,CAM1E;AAED,wBAAgB,kBAAkB,CAAC,GAAG,EAAE,OAAO,GAAG,MAAM,GAAG,IAAI,CAS9D;AAMD,wBAAgB,cAAc,CAAC,OAAO,EAAE,MAAM,GAAG,eAAe,CAO/D;AAED,wBAAgB,qBAAqB,CAAC,OAAO,EAAE,MAAM,EAAE,UAAU,SAAW,GAAG,eAAe,CAuF7F;AAMD,wBAAgB,wBAAwB,CACtC,UAAU,EAAE,MAAM,EAClB,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAChC,KAAK,EAAE,GAAG,CAAC,MAAM,EAAE,OAAO,CAAC,GAC1B,OAAO,CAgBT;AA8GD,wBAAgB,iBAAiB,CAC/B,IAAI,EAAE,IAAI,EACV,IAAI,EAAE,UAAU,EAChB,OAAO,EAAE,SAAS,kBAAkB,EAAE,EACtC,eAAe,EAAE,GAAG,CAAC,MAAM,EAAE,OAAO,CAAC,GACpC,OAAO,CAwBT;AAMD,wBAAgB,mBAAmB,CAAC,QAAQ,EAAE,cAAc,GAAG,cAAc,CAe5E;AAED,wBAAgB,gBAAgB,CAC9B,cAAc,EAAE,cAAc,EAC9B,IAAI,EAAE,UAAU,EAChB,OAAO,EAAE,SAAS,kBAAkB,EAAE,EACtC,eAAe,EAAE,GAAG,CAAC,MAAM,EAAE,OAAO,CAAC,GACpC,cAAc,CAwDhB;AAED,wBAAgB,WAAW,CAAC,QAAQ,EAAE,cAAc,EAAE,KAAK,EAAE,SAAS,UAAU,EAAE,GAAG,cAAc,EAAE,CAmBpG;AAED,wBAAgB,cAAc,CAAC,SAAS,EAAE,SAAS,cAAc,EAAE,GAAG,cAAc,CAYnF;AAMD,wBAAgB,gBAAgB,IAAI,UAAU,CAI7C;AAED,wBAAgB,WAAW,CAAC,SAAS,EAAE,MAAM,GAAG,MAAM,GAAG,WAAW,CAUnE;AAED,wBAAgB,wBAAwB,CAAC,IAAI,EAAE,YAAY,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,UAAU,GAAG,cAAc,CAe/G;AAED,wBAAgB,kBAAkB,CAAC,SAAS,EAAE,MAAM,GAAG,cAAc,CAapE"}

package/dist/cli/replay-engine.js

@@ -0,0 +1,379 @@
+/**
+ * Shared replay engine used by both `replay` and `diff` commands.
+ *
+ * Pure deterministic evaluation — no LLM calls, no cloud calls, no network.
+ *
+ * @module cli/replay-engine
+ */
+import { existsSync, readFileSync, statSync } from 'node:fs';
+import { resolve } from 'node:path';
+import { parse as parseYaml } from 'yaml';
+import { compile as compileExpression, evaluate } from '../compiler/index.js';
+import { RuleLoader } from '../rules/loader.js';
+import { evaluateConditionCollections } from '../rules/condition-evaluator.js';
+import { silentLogger } from '../utils/logger.js';
+// ---------------------------------------------------------------------------
+// Constants
+// ---------------------------------------------------------------------------
+const DEFAULT_SYNTHETIC_BASE_MS = Date.parse('2000-01-01T00:00:00.000Z');
+// ---------------------------------------------------------------------------
+// Helpers
+// ---------------------------------------------------------------------------
+export function isPlainObject(value) {
+    return Boolean(value)
+        && typeof value === 'object'
+        && !Array.isArray(value)
+        && (Object.getPrototypeOf(value) === Object.prototype || Object.getPrototypeOf(value) === null);
+}
+export function normalizeOptionalString(value) {
+    if (typeof value !== 'string') {
+        return undefined;
+    }
+    const trimmed = value.trim();
+    return trimmed.length > 0 ? trimmed : undefined;
+}
+export function normalizeTimestamp(raw) {
+    if (raw instanceof Date) {
+        return Number.isNaN(raw.getTime()) ? null : raw.toISOString();
+    }
+    if (typeof raw === 'string' || typeof raw === 'number') {
+        const parsed = new Date(raw);
+        return Number.isNaN(parsed.getTime()) ? null : parsed.toISOString();
+    }
+    return null;
+}
+// ---------------------------------------------------------------------------
+// Log parsing
+// ---------------------------------------------------------------------------
+export function parseReplayLog(logPath) {
+    if (!existsSync(logPath)) {
+        throw new Error(`Log file not found: ${logPath}`);
+    }
+    const content = readFileSync(logPath, 'utf-8');
+    return parseReplayLogContent(content, logPath);
+}
+export function parseReplayLogContent(content, sourceName = 'inline') {
+    const lines = content.split(/\r?\n/);
+    const calls = [];
+    const invalidLineNumbers = [];
+    let totalLines = 0;
+    let syntheticCounter = 0;
+    for (let lineIndex = 0; lineIndex < lines.length; lineIndex++) {
+        const lineNumber = lineIndex + 1;
+        const rawLine = lines[lineIndex].trim();
+        if (!rawLine) {
+            continue;
+        }
+        totalLines += 1;
+        let parsed;
+        try {
+            parsed = JSON.parse(rawLine);
+        }
+        catch {
+            invalidLineNumbers.push(lineNumber);
+            continue;
+        }
+        if (!isPlainObject(parsed)) {
+            invalidLineNumbers.push(lineNumber);
+            continue;
+        }
+        const tool = normalizeOptionalString(parsed.toolName ?? parsed.tool_name ?? parsed.tool ?? parsed.name);
+        const argumentsValue = parsed.arguments ?? parsed.args;
+        if (!tool || !isPlainObject(argumentsValue)) {
+            invalidLineNumbers.push(lineNumber);
+            continue;
+        }
+        let timestamp = normalizeTimestamp(parsed.timestamp);
+        if (!timestamp) {
+            if (parsed.timestamp === undefined) {
+                timestamp = new Date(DEFAULT_SYNTHETIC_BASE_MS + (syntheticCounter * 1000)).toISOString();
+                syntheticCounter += 1;
+            }
+            else {
+                invalidLineNumbers.push(lineNumber);
+                continue;
+            }
+        }
+        // Parse optional original decision for replay comparison
+        const rawDecision = normalizeOptionalString(parsed.decision);
+        const decision = (rawDecision === 'allow' || rawDecision === 'deny' || rawDecision === 'require_approval')
+            ? rawDecision
+            : undefined;
+        calls.push({
+            index: calls.length + 1,
+            line: lineNumber,
+            tool,
+            arguments: argumentsValue,
+            timestamp,
+            decision,
+            ruleId: normalizeOptionalString(parsed.ruleId ?? parsed.rule_id),
+            sessionId: normalizeOptionalString(parsed.sessionId ?? parsed.session_id),
+            agentId: normalizeOptionalString(parsed.agentId ?? parsed.agent_id),
+            userId: normalizeOptionalString(parsed.userId ?? parsed.user_id),
+            role: normalizeOptionalString(parsed.role),
+            custom: isPlainObject(parsed.custom) ? parsed.custom : undefined,
+        });
+    }
+    if (calls.length === 0) {
+        const detail = invalidLineNumbers.length > 0
+            ? ` (${invalidLineNumbers.length} invalid line${invalidLineNumbers.length > 1 ? 's' : ''}: ${invalidLineNumbers.slice(0, 10).join(', ')}${invalidLineNumbers.length > 10 ? ', ...' : ''} — missing required 'toolName'/'tool' and 'arguments'/'args' fields)`
+            : '';
+        throw new Error(`No valid replay calls found in: ${sourceName}${detail}`);
+    }
+    return {
+        calls,
+        totalLines,
+        invalidLines: invalidLineNumbers.length,
+        invalidLineNumbers,
+    };
+}
+// ---------------------------------------------------------------------------
+// Expression evaluation
+// ---------------------------------------------------------------------------
+export function evaluateExpressionSafely(expression, context, cache) {
+    let ast = cache.get(expression);
+    if (!ast) {
+        try {
+            ast = compileExpression(expression);
+            cache.set(expression, ast);
+        }
+        catch {
+            return false;
+        }
+    }
+    try {
+        return Boolean(evaluate(ast, context));
+    }
+    catch {
+        return false;
+    }
+}
+// ---------------------------------------------------------------------------
+// Rule matching
+// ---------------------------------------------------------------------------
+function matchesRuleAgentScope(rule, agentId) {
+    if (!rule.agents) {
+        return true;
+    }
+    if (Array.isArray(rule.agents)) {
+        const includeOnly = rule.agents.filter((value) => typeof value === 'string');
+        return agentId !== undefined && includeOnly.includes(agentId);
+    }
+    const excluded = rule.agents.not.filter((value) => typeof value === 'string');
+    return agentId === undefined || !excluded.includes(agentId);
+}
+function buildReplayCallContext(call) {
+    return {
+        ...call.arguments,
+        tool_name: call.tool,
+        arguments: call.arguments,
+        session_id: call.sessionId,
+        agent_id: call.agentId,
+        user_id: call.userId,
+        role: call.role,
+        custom: call.custom,
+    };
+}
+function buildHistoricalContext(entry) {
+    return {
+        ...entry.arguments,
+        tool_name: entry.toolName,
+        arguments: entry.arguments,
+        decision: entry.decision,
+        timestamp: entry.timestamp.toISOString(),
+    };
+}
+function hasMatchingHistoryEntry(constraint, history, now, expressionCache) {
+    const nowMs = now.getTime();
+    const withinMs = typeof constraint.within === 'number'
+        ? Math.max(0, constraint.within) * 1000
+        : null;
+    return history.some((entry) => {
+        if (entry.toolName !== constraint.tool) {
+            return false;
+        }
+        if (entry.decision === 'deny') {
+            return false;
+        }
+        if (withinMs !== null) {
+            const ageMs = nowMs - entry.timestamp.getTime();
+            if (ageMs < 0 || ageMs > withinMs) {
+                return false;
+            }
+        }
+        return evaluateConditionCollections(constraint.conditions, constraint.condition_groups, buildHistoricalContext(entry), {
+            now: entry.timestamp,
+            evaluateExpression: (expression, context) => evaluateExpressionSafely(expression, context, expressionCache),
+        });
+    });
+}
+function matchesSequenceConstraints(rule, history, now, expressionCache) {
+    const blockedBy = rule.blocked_by ?? [];
+    const requires = rule.requires ?? [];
+    if (blockedBy.length === 0 && requires.length === 0) {
+        return true;
+    }
+    const blockedByMatched = blockedBy.some((constraint) => hasMatchingHistoryEntry(constraint, history, now, expressionCache));
+    const missingRequirement = requires.some((constraint) => !hasMatchingHistoryEntry(constraint, history, now, expressionCache));
+    // OR semantics: the rule fires if ANY blocking history exists OR ANY
+    // required prior call is missing. Each constraint type independently
+    // triggers the rule — they are not combined with AND.
+    return blockedByMatched || missingRequirement;
+}
+export function matchesReplayRule(rule, call, history, expressionCache) {
+    if (!matchesRuleAgentScope(rule, call.agentId)) {
+        return false;
+    }
+    const callTime = new Date(call.timestamp);
+    const context = buildReplayCallContext(call);
+    const conditionsMatch = evaluateConditionCollections(rule.conditions, rule.condition_groups, context, {
+        now: callTime,
+        evaluateExpression: (expression, evaluationContext) => evaluateExpressionSafely(expression, evaluationContext, expressionCache),
+    });
+    if (!conditionsMatch) {
+        return false;
+    }
+    return matchesSequenceConstraints(rule, history, callTime, expressionCache);
+}
+// ---------------------------------------------------------------------------
+// Core replay
+// ---------------------------------------------------------------------------
+export function buildReplaySnapshot(snapshot) {
+    const globalRules = snapshot.globalRules.filter((rule) => rule.enabled !== false);
+    const rulesByTool = new Map();
+    for (const [toolName, rules] of snapshot.rulesByTool.entries()) {
+        const enabledRules = rules.filter((rule) => rule.enabled !== false);
+        if (enabledRules.length > 0) {
+            rulesByTool.set(toolName, enabledRules);
+        }
+    }
+    return {
+        globalRules,
+        rulesByTool,
+    };
+}
+export function decideReplayCall(replaySnapshot, call, history, expressionCache) {
+    const toolRules = replaySnapshot.rulesByTool.get(call.tool) ?? [];
+    const rules = [...replaySnapshot.globalRules, ...toolRules];
+    if (rules.length === 0) {
+        return { decision: 'allow' };
+    }
+    // Collect all matching rules, then return the most restrictive outcome.
+    // Priority: block > require_approval > allow (prevents approval from shadowing denial).
+    let denyRule = null;
+    let approvalRule = null;
+    let firstAllowRule = null;
+    for (const rule of rules) {
+        if (!matchesReplayRule(rule, call, history, expressionCache)) {
+            continue;
+        }
+        if (rule.action === 'block' && !denyRule) {
+            denyRule = rule;
+        }
+        else if (rule.action === 'require_approval' && !approvalRule) {
+            approvalRule = rule;
+        }
+        else if (rule.action === 'allow' && !firstAllowRule) {
+            firstAllowRule = rule;
+        }
+    }
+    if (denyRule) {
+        return {
+            decision: 'deny',
+            ruleId: denyRule.id,
+            ruleName: denyRule.name,
+            reason: denyRule.description ?? `Matched rule: ${denyRule.name}`,
+        };
+    }
+    if (approvalRule) {
+        return {
+            decision: 'require_approval',
+            ruleId: approvalRule.id,
+            ruleName: approvalRule.name,
+            reason: approvalRule.description ?? `Matched rule: ${approvalRule.name}`,
+        };
+    }
+    if (firstAllowRule) {
+        return {
+            decision: 'allow',
+            ruleId: firstAllowRule.id,
+            ruleName: firstAllowRule.name,
+            reason: firstAllowRule.description ?? `Allowed by rule: ${firstAllowRule.name}`,
+        };
+    }
+    return { decision: 'allow' };
+}
+export function replayCalls(snapshot, calls) {
+    const replaySnapshot = buildReplaySnapshot(snapshot);
+    const expressionCache = new Map();
+    const history = [];
+    const decisions = [];
+    for (const call of calls) {
+        const decision = decideReplayCall(replaySnapshot, call, history, expressionCache);
+        decisions.push(decision);
+        history.push({
+            toolName: call.tool,
+            arguments: call.arguments,
+            decision: decision.decision,
+            timestamp: new Date(call.timestamp),
+        });
+    }
+    return decisions;
+}
+export function countDecisions(decisions) {
+    const counts = {
+        allow: 0,
+        deny: 0,
+        require_approval: 0,
+    };
+    for (const decision of decisions) {
+        counts[decision.decision] += 1;
+    }
+    return counts;
+}
+// ---------------------------------------------------------------------------
+// Policy loading
+// ---------------------------------------------------------------------------
+export function createRuleLoader() {
+    const loader = new RuleLoader({ logger: silentLogger });
+    loader.setYamlParser(parseYaml);
+    return loader;
+}
+export function getPathType(inputPath) {
+    if (!existsSync(inputPath)) {
+        throw new Error(`Path not found: ${inputPath}`);
+    }
+    const stats = statSync(inputPath);
+    if (stats.isFile())
+        return 'file';
+    if (stats.isDirectory())
+        return 'directory';
+    throw new Error(`Path must be a file or directory: ${inputPath}`);
+}
+export function createSnapshotFromLoader(kind, source, loader) {
+    const loaded = loader.getRules();
+    const rulesByTool = new Map();
+    for (const [toolName, rules] of loaded.rulesByTool.entries()) {
+        rulesByTool.set(toolName, [...rules]);
+    }
+    return {
+        kind,
+        source,
+        rules: [...loaded.allRules],
+        rulesByTool,
+        globalRules: [...loaded.globalRules],
+    };
+}
+export function loadPolicySnapshot(inputPath) {
+    const resolvedPath = resolve(inputPath);
+    const pathType = getPathType(resolvedPath);
+    const loader = createRuleLoader();
+    if (pathType === 'file') {
+        const content = readFileSync(resolvedPath, 'utf-8');
+        loader.loadFromString(content, resolvedPath);
+        return createSnapshotFromLoader('file', resolvedPath, loader);
+    }
+    loader.loadFromDirectory(resolvedPath, true);
+    return createSnapshotFromLoader('directory', resolvedPath, loader);
+}
+//# sourceMappingURL=replay-engine.js.map

package/dist/cli/replay-engine.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"replay-engine.js","sourceRoot":"","sources":["../../src/cli/replay-engine.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,EAAE,UAAU,EAAE,YAAY,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAC;AAC7D,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AACpC,OAAO,EAAE,KAAK,IAAI,SAAS,EAAE,MAAM,MAAM,CAAC;AAC1C,OAAO,EAAE,OAAO,IAAI,iBAAiB,EAAE,QAAQ,EAAgB,MAAM,sBAAsB,CAAC;AAC5F,OAAO,EAAE,UAAU,EAAE,MAAM,oBAAoB,CAAC;AAChD,OAAO,EAAE,4BAA4B,EAAE,MAAM,iCAAiC,CAAC;AAE/E,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAgElD,8EAA8E;AAC9E,YAAY;AACZ,8EAA8E;AAE9E,MAAM,yBAAyB,GAAG,IAAI,CAAC,KAAK,CAAC,0BAA0B,CAAC,CAAC;AAEzE,8EAA8E;AAC9E,UAAU;AACV,8EAA8E;AAE9E,MAAM,UAAU,aAAa,CAAC,KAAc;IAC1C,OAAO,OAAO,CAAC,KAAK,CAAC;WAChB,OAAO,KAAK,KAAK,QAAQ;WACzB,CAAC,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC;WACrB,CAAC,MAAM,CAAC,cAAc,CAAC,KAAK,CAAC,KAAK,MAAM,CAAC,SAAS,IAAI,MAAM,CAAC,cAAc,CAAC,KAAK,CAAC,KAAK,IAAI,CAAC,CAAC;AACpG,CAAC;AAED,MAAM,UAAU,uBAAuB,CAAC,KAAc;IACpD,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;QAC9B,OAAO,SAAS,CAAC;IACnB,CAAC;IACD,MAAM,OAAO,GAAG,KAAK,CAAC,IAAI,EAAE,CAAC;IAC7B,OAAO,OAAO,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,SAAS,CAAC;AAClD,CAAC;AAED,MAAM,UAAU,kBAAkB,CAAC,GAAY;IAC7C,IAAI,GAAG,YAAY,IAAI,EAAE,CAAC;QACxB,OAAO,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,GAAG,CAAC,WAAW,EAAE,CAAC;IAChE,CAAC;IACD,IAAI,OAAO,GAAG,KAAK,QAAQ,IAAI,OAAO,GAAG,KAAK,QAAQ,EAAE,CAAC;QACvD,MAAM,MAAM,GAAG,IAAI,IAAI,CAAC,GAAG,CAAC,CAAC;QAC7B,OAAO,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,MAAM,CAAC,WAAW,EAAE,CAAC;IACtE,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,8EAA8E;AAC9E,cAAc;AACd,8EAA8E;AAE9E,MAAM,UAAU,cAAc,CAAC,OAAe;IAC5C,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,EAAE,CAAC;QACzB,MAAM,IAAI,KAAK,CAAC,uBAAuB,OAAO,EAAE,CAAC,CAAC;IACpD,CAAC;IAED,MAAM,OAAO,GAAG,YAAY,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;IAC/C,OAAO,qBAAqB,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;AACjD,CAAC;AAED,MAAM,UAAU,qBAAqB,CAAC,OAAe,EAAE,UAAU,GAAG,QAAQ;IAC1E,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;IAErC,MAAM,KAAK,GAAiB,EAAE,CAAC;IAC/B,MAAM,kBAAkB,GAAa,EAAE,CAAC;IACxC,IAAI,UAAU,GAAG,CAAC,CAAC;IACnB,IAAI,gBAAgB,GAAG,CAAC,CAAC;IAEzB,KAAK,IAAI,SAAS,GAAG,CAAC,EAAE,SAAS,GAAG,KAAK,CAAC,MAAM,EAAE,SAAS,EAAE,EAAE,CAAC;QAC9D,MAAM,UAAU,GAAG,SAAS,GAAG,CAAC,CAAC;QACjC,MAAM,OAAO,GAAG,KAAK,CAAC,SAAS,CAAC,CAAC,IAAI,EAAE,CAAC;QAExC,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,SAAS;QACX,CAAC;QAED,UAAU,IAAI,CAAC,CAAC;QAEhB,IAAI,MAAe,CAAC;QACpB,IAAI,CAAC;YACH,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;QAC/B,CAAC;QAAC,MAAM,CAAC;YACP,kBAAkB,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;YACpC,SAAS;QACX,CAAC;QAED,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,EAAE,CAAC;YAC3B,kBAAkB,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;YACpC,SAAS;QACX,CAAC;QAED,MAAM,IAAI,GAAG,uBAAuB,CAClC,MAAM,CAAC,QAAQ,IAAI,MAAM,CAAC,SAAS,IAAI,MAAM,CAAC,IAAI,IAAI,MAAM,CAAC,IAAI,CAClE,CAAC;QACF,MAAM,cAAc,GAAG,MAAM,CAAC,SAAS,IAAI,MAAM,CAAC,IAAI,CAAC;QAEvD,IAAI,CAAC,IAAI,IAAI,CAAC,aAAa,CAAC,cAAc,CAAC,EAAE,CAAC;YAC5C,kBAAkB,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;YACpC,SAAS;QACX,CAAC;QAED,IAAI,SAAS,GAAG,kBAAkB,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;QACrD,IAAI,CAAC,SAAS,EAAE,CAAC;YACf,IAAI,MAAM,CAAC,SAAS,KAAK,SAAS,EAAE,CAAC;gBACnC,SAAS,GAAG,IAAI,IAAI,CAAC,yBAAyB,GAAG,CAAC,gBAAgB,GAAG,IAAI,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC;gBAC1F,gBAAgB,IAAI,CAAC,CAAC;YACxB,CAAC;iBAAM,CAAC;gBACN,kBAAkB,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;gBACpC,SAAS;YACX,CAAC;QACH,CAAC;QAED,yDAAyD;QACzD,MAAM,WAAW,GAAG,uBAAuB,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;QAC7D,MAAM,QAAQ,GAAG,CAAC,WAAW,KAAK,OAAO,IAAI,WAAW,KAAK,MAAM,IAAI,WAAW,KAAK,kBAAkB,CAAC;YACxG,CAAC,CAAC,WAAW;YACb,CAAC,CAAC,SAAS,CAAC;QAEd,KAAK,CAAC,IAAI,CAAC;YACT,KAAK,EAAE,KAAK,CAAC,MAAM,GAAG,CAAC;YACvB,IAAI,EAAE,UAAU;YAChB,IAAI;YACJ,SAAS,EAAE,cAAc;YACzB,SAAS;YACT,QAAQ;YACR,MAAM,EAAE,uBAAuB,CAAC,MAAM,CAAC,MAAM,IAAI,MAAM,CAAC,OAAO,CAAC;YAChE,SAAS,EAAE,uBAAuB,CAAC,MAAM,CAAC,SAAS,IAAI,MAAM,CAAC,UAAU,CAAC;YACzE,OAAO,EAAE,uBAAuB,CAAC,MAAM,CAAC,OAAO,IAAI,MAAM,CAAC,QAAQ,CAAC;YACnE,MAAM,EAAE,uBAAuB,CAAC,MAAM,CAAC,MAAM,IAAI,MAAM,CAAC,OAAO,CAAC;YAChE,IAAI,EAAE,uBAAuB,CAAC,MAAM,CAAC,IAAI,CAAC;YAC1C,MAAM,EAAE,aAAa,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS;SACjE,CAAC,CAAC;IACL,CAAC;IAED,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACvB,MAAM,MAAM,GAAG,kBAAkB,CAAC,MAAM,GAAG,CAAC;YAC1C,CAAC,CAAC,KAAK,kBAAkB,CAAC,MAAM,gBAAgB,kBAAkB,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,KAAK,kBAAkB,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,kBAAkB,CAAC,MAAM,GAAG,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,sEAAsE;YAC7P,CAAC,CAAC,EAAE,CAAC;QACP,MAAM,IAAI,KAAK,CAAC,mCAAmC,UAAU,GAAG,MAAM,EAAE,CAAC,CAAC;IAC5E,CAAC;IAED,OAAO;QACL,KAAK;QACL,UAAU;QACV,YAAY,EAAE,kBAAkB,CAAC,MAAM;QACvC,kBAAkB;KACnB,CAAC;AACJ,CAAC;AAED,8EAA8E;AAC9E,wBAAwB;AACxB,8EAA8E;AAE9E,MAAM,UAAU,wBAAwB,CACtC,UAAkB,EAClB,OAAgC,EAChC,KAA2B;IAE3B,IAAI,GAAG,GAAG,KAAK,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;IAChC,IAAI,CAAC,GAAG,EAAE,CAAC;QACT,IAAI,CAAC;YACH,GAAG,GAAG,iBAAiB,CAAC,UAAU,CAAC,CAAC;YACpC,KAAK,CAAC,GAAG,CAAC,UAAU,EAAE,GAAG,CAAC,CAAC;QAC7B,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;IAED,IAAI,CAAC;QACH,OAAO,OAAO,CAAC,QAAQ,CAAC,GAAG,EAAE,OAAO,CAAC,CAAC,CAAC;IACzC,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED,8EAA8E;AAC9E,gBAAgB;AAChB,8EAA8E;AAE9E,SAAS,qBAAqB,CAAC,IAAU,EAAE,OAAgB;IACzD,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC;QACjB,OAAO,IAAI,CAAC;IACd,CAAC;IAED,IAAI,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC;QAC/B,MAAM,WAAW,GAAG,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,KAAK,EAAmB,EAAE,CAAC,OAAO,KAAK,KAAK,QAAQ,CAAC,CAAC;QAC9F,OAAO,OAAO,KAAK,SAAS,IAAI,WAAW,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;IAChE,CAAC;IAED,MAAM,QAAQ,GAAG,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,KAAK,EAAmB,EAAE,CAAC,OAAO,KAAK,KAAK,QAAQ,CAAC,CAAC;IAC/F,OAAO,OAAO,KAAK,SAAS,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;AAC9D,CAAC;AAED,SAAS,sBAAsB,CAAC,IAAgB;IAC9C,OAAO;QACL,GAAG,IAAI,CAAC,SAAS;QACjB,SAAS,EAAE,IAAI,CAAC,IAAI;QACpB,SAAS,EAAE,IAAI,CAAC,SAAS;QACzB,UAAU,EAAE,IAAI,CAAC,SAAS;QAC1B,QAAQ,EAAE,IAAI,CAAC,OAAO;QACtB,OAAO,EAAE,IAAI,CAAC,MAAM;QACpB,IAAI,EAAE,IAAI,CAAC,IAAI;QACf,MAAM,EAAE,IAAI,CAAC,MAAM;KACpB,CAAC;AACJ,CAAC;AAED,SAAS,sBAAsB,CAAC,KAAyB;IACvD,OAAO;QACL,GAAG,KAAK,CAAC,SAAS;QAClB,SAAS,EAAE,KAAK,CAAC,QAAQ;QACzB,SAAS,EAAE,KAAK,CAAC,SAAS;QAC1B,QAAQ,EAAE,KAAK,CAAC,QAAQ;QACxB,SAAS,EAAE,KAAK,CAAC,SAAS,CAAC,WAAW,EAAE;KACzC,CAAC;AACJ,CAAC;AAED,SAAS,uBAAuB,CAC9B,UAAiD,EACjD,OAAsC,EACtC,GAAS,EACT,eAAqC;IAErC,MAAM,KAAK,GAAG,GAAG,CAAC,OAAO,EAAE,CAAC;IAC5B,MAAM,QAAQ,GAAG,OAAO,UAAU,CAAC,MAAM,KAAK,QAAQ;QACpD,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,UAAU,CAAC,MAAM,CAAC,GAAG,IAAI;QACvC,CAAC,CAAC,IAAI,CAAC;IAET,OAAO,OAAO,CAAC,IAAI,CAAC,CAAC,KAAK,EAAE,EAAE;QAC5B,IAAI,KAAK,CAAC,QAAQ,KAAK,UAAU,CAAC,IAAI,EAAE,CAAC;YACvC,OAAO,KAAK,CAAC;QACf,CAAC;QAED,IAAI,KAAK,CAAC,QAAQ,KAAK,MAAM,EAAE,CAAC;YAC9B,OAAO,KAAK,CAAC;QACf,CAAC;QAED,IAAI,QAAQ,KAAK,IAAI,EAAE,CAAC;YACtB,MAAM,KAAK,GAAG,KAAK,GAAG,KAAK,CAAC,SAAS,CAAC,OAAO,EAAE,CAAC;YAChD,IAAI,KAAK,GAAG,CAAC,IAAI,KAAK,GAAG,QAAQ,EAAE,CAAC;gBAClC,OAAO,KAAK,CAAC;YACf,CAAC;QACH,CAAC;QAED,OAAO,4BAA4B,CACjC,UAAU,CAAC,UAAU,EACrB,UAAU,CAAC,gBAAgB,EAC3B,sBAAsB,CAAC,KAAK,CAAC,EAC7B;YACE,GAAG,EAAE,KAAK,CAAC,SAAS;YACpB,kBAAkB,EAAE,CAAC,UAAU,EAAE,OAAO,EAAE,EAAE,CAC1C,wBAAwB,CAAC,UAAU,EAAE,OAAO,EAAE,eAAe,CAAC;SACjE,CACF,CAAC;IACJ,CAAC,CAAC,CAAC;AACL,CAAC;AAED,SAAS,0BAA0B,CACjC,IAAU,EACV,OAAsC,EACtC,GAAS,EACT,eAAqC;IAErC,MAAM,SAAS,GAAG,IAAI,CAAC,UAAU,IAAI,EAAE,CAAC;IACxC,MAAM,QAAQ,GAAG,IAAI,CAAC,QAAQ,IAAI,EAAE,CAAC;IAErC,IAAI,SAAS,CAAC,MAAM,KAAK,CAAC,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACpD,OAAO,IAAI,CAAC;IACd,CAAC;IAED,MAAM,gBAAgB,GAAG,SAAS,CAAC,IAAI,CAAC,CAAC,UAAU,EAAE,EAAE,CACrD,uBAAuB,CAAC,UAAU,EAAE,OAAO,EAAE,GAAG,EAAE,eAAe,CAAC,CACnE,CAAC;IAEF,MAAM,kBAAkB,GAAG,QAAQ,CAAC,IAAI,CAAC,CAAC,UAAU,EAAE,EAAE,CACtD,CAAC,uBAAuB,CAAC,UAAU,EAAE,OAAO,EAAE,GAAG,EAAE,eAAe,CAAC,CACpE,CAAC;IAEF,qEAAqE;IACrE,qEAAqE;IACrE,sDAAsD;IACtD,OAAO,gBAAgB,IAAI,kBAAkB,CAAC;AAChD,CAAC;AAED,MAAM,UAAU,iBAAiB,CAC/B,IAAU,EACV,IAAgB,EAChB,OAAsC,EACtC,eAAqC;IAErC,IAAI,CAAC,qBAAqB,CAAC,IAAI,EAAE,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;QAC/C,OAAO,KAAK,CAAC;IACf,CAAC;IAED,MAAM,QAAQ,GAAG,IAAI,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;IAC1C,MAAM,OAAO,GAAG,sBAAsB,CAAC,IAAI,CAAC,CAAC;IAE7C,MAAM,eAAe,GAAG,4BAA4B,CAClD,IAAI,CAAC,UAAU,EACf,IAAI,CAAC,gBAAgB,EACrB,OAAO,EACP;QACE,GAAG,EAAE,QAAQ;QACb,kBAAkB,EAAE,CAAC,UAAU,EAAE,iBAAiB,EAAE,EAAE,CACpD,wBAAwB,CAAC,UAAU,EAAE,iBAAiB,EAAE,eAAe,CAAC;KAC3E,CACF,CAAC;IAEF,IAAI,CAAC,eAAe,EAAE,CAAC;QACrB,OAAO,KAAK,CAAC;IACf,CAAC;IAED,OAAO,0BAA0B,CAAC,IAAI,EAAE,OAAO,EAAE,QAAQ,EAAE,eAAe,CAAC,CAAC;AAC9E,CAAC;AAED,8EAA8E;AAC9E,cAAc;AACd,8EAA8E;AAE9E,MAAM,UAAU,mBAAmB,CAAC,QAAwB;IAC1D,MAAM,WAAW,GAAG,QAAQ,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,OAAO,KAAK,KAAK,CAAC,CAAC;IAClF,MAAM,WAAW,GAAG,IAAI,GAAG,EAAkB,CAAC;IAE9C,KAAK,MAAM,CAAC,QAAQ,EAAE,KAAK,CAAC,IAAI,QAAQ,CAAC,WAAW,CAAC,OAAO,EAAE,EAAE,CAAC;QAC/D,MAAM,YAAY,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,OAAO,KAAK,KAAK,CAAC,CAAC;QACpE,IAAI,YAAY,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC5B,WAAW,CAAC,GAAG,CAAC,QAAQ,EAAE,YAAY,CAAC,CAAC;QAC1C,CAAC;IACH,CAAC;IAED,OAAO;QACL,WAAW;QACX,WAAW;KACZ,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,gBAAgB,CAC9B,cAA8B,EAC9B,IAAgB,EAChB,OAAsC,EACtC,eAAqC;IAErC,MAAM,SAAS,GAAG,cAAc,CAAC,WAAW,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;IAClE,MAAM,KAAK,GAAG,CAAC,GAAG,cAAc,CAAC,WAAW,EAAE,GAAG,SAAS,CAAC,CAAC;IAE5D,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACvB,OAAO,EAAE,QAAQ,EAAE,OAAO,EAAE,CAAC;IAC/B,CAAC;IAED,wEAAwE;IACxE,wFAAwF;IACxF,IAAI,QAAQ,GAAgB,IAAI,CAAC;IACjC,IAAI,YAAY,GAAgB,IAAI,CAAC;IACrC,IAAI,cAAc,GAAgB,IAAI,CAAC;IAEvC,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,IAAI,CAAC,iBAAiB,CAAC,IAAI,EAAE,IAAI,EAAE,OAAO,EAAE,eAAe,CAAC,EAAE,CAAC;YAC7D,SAAS;QACX,CAAC;QAED,IAAI,IAAI,CAAC,MAAM,KAAK,OAAO,IAAI,CAAC,QAAQ,EAAE,CAAC;YACzC,QAAQ,GAAG,IAAI,CAAC;QAClB,CAAC;aAAM,IAAI,IAAI,CAAC,MAAM,KAAK,kBAAkB,IAAI,CAAC,YAAY,EAAE,CAAC;YAC/D,YAAY,GAAG,IAAI,CAAC;QACtB,CAAC;aAAM,IAAI,IAAI,CAAC,MAAM,KAAK,OAAO,IAAI,CAAC,cAAc,EAAE,CAAC;YACtD,cAAc,GAAG,IAAI,CAAC;QACxB,CAAC;IACH,CAAC;IAED,IAAI,QAAQ,EAAE,CAAC;QACb,OAAO;YACL,QAAQ,EAAE,MAAM;YAChB,MAAM,EAAE,QAAQ,CAAC,EAAE;YACnB,QAAQ,EAAE,QAAQ,CAAC,IAAI;YACvB,MAAM,EAAE,QAAQ,CAAC,WAAW,IAAI,iBAAiB,QAAQ,CAAC,IAAI,EAAE;SACjE,CAAC;IACJ,CAAC;IAED,IAAI,YAAY,EAAE,CAAC;QACjB,OAAO;YACL,QAAQ,EAAE,kBAAkB;YAC5B,MAAM,EAAE,YAAY,CAAC,EAAE;YACvB,QAAQ,EAAE,YAAY,CAAC,IAAI;YAC3B,MAAM,EAAE,YAAY,CAAC,WAAW,IAAI,iBAAiB,YAAY,CAAC,IAAI,EAAE;SACzE,CAAC;IACJ,CAAC;IAED,IAAI,cAAc,EAAE,CAAC;QACnB,OAAO;YACL,QAAQ,EAAE,OAAO;YACjB,MAAM,EAAE,cAAc,CAAC,EAAE;YACzB,QAAQ,EAAE,cAAc,CAAC,IAAI;YAC7B,MAAM,EAAE,cAAc,CAAC,WAAW,IAAI,oBAAoB,cAAc,CAAC,IAAI,EAAE;SAChF,CAAC;IACJ,CAAC;IAED,OAAO,EAAE,QAAQ,EAAE,OAAO,EAAE,CAAC;AAC/B,CAAC;AAED,MAAM,UAAU,WAAW,CAAC,QAAwB,EAAE,KAA4B;IAChF,MAAM,cAAc,GAAG,mBAAmB,CAAC,QAAQ,CAAC,CAAC;IACrD,MAAM,eAAe,GAAG,IAAI,GAAG,EAAmB,CAAC;IACnD,MAAM,OAAO,GAAyB,EAAE,CAAC;IACzC,MAAM,SAAS,GAAqB,EAAE,CAAC;IAEvC,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,MAAM,QAAQ,GAAG,gBAAgB,CAAC,cAAc,EAAE,IAAI,EAAE,OAAO,EAAE,eAAe,CAAC,CAAC;QAClF,SAAS,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QAEzB,OAAO,CAAC,IAAI,CAAC;YACX,QAAQ,EAAE,IAAI,CAAC,IAAI;YACnB,SAAS,EAAE,IAAI,CAAC,SAAS;YACzB,QAAQ,EAAE,QAAQ,CAAC,QAAQ;YAC3B,SAAS,EAAE,IAAI,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC;SACpC,CAAC,CAAC;IACL,CAAC;IAED,OAAO,SAAS,CAAC;AACnB,CAAC;AAED,MAAM,UAAU,cAAc,CAAC,SAAoC;IACjE,MAAM,MAAM,GAAmB;QAC7B,KAAK,EAAE,CAAC;QACR,IAAI,EAAE,CAAC;QACP,gBAAgB,EAAE,CAAC;KACpB,CAAC;IAEF,KAAK,MAAM,QAAQ,IAAI,SAAS,EAAE,CAAC;QACjC,MAAM,CAAC,QAAQ,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;IACjC,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,8EAA8E;AAC9E,iBAAiB;AACjB,8EAA8E;AAE9E,MAAM,UAAU,gBAAgB;IAC9B,MAAM,MAAM,GAAG,IAAI,UAAU,CAAC,EAAE,MAAM,EAAE,YAAY,EAAE,CAAC,CAAC;IACxD,MAAM,CAAC,aAAa,CAAC,SAAS,CAAC,CAAC;IAChC,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,MAAM,UAAU,WAAW,CAAC,SAAiB;IAC3C,IAAI,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;QAC3B,MAAM,IAAI,KAAK,CAAC,mBAAmB,SAAS,EAAE,CAAC,CAAC;IAClD,CAAC;IAED,MAAM,KAAK,GAAG,QAAQ,CAAC,SAAS,CAAC,CAAC;IAClC,IAAI,KAAK,CAAC,MAAM,EAAE;QAAE,OAAO,MAAM,CAAC;IAClC,IAAI,KAAK,CAAC,WAAW,EAAE;QAAE,OAAO,WAAW,CAAC;IAE5C,MAAM,IAAI,KAAK,CAAC,qCAAqC,SAAS,EAAE,CAAC,CAAC;AACpE,CAAC;AAED,MAAM,UAAU,wBAAwB,CAAC,IAAkB,EAAE,MAAc,EAAE,MAAkB;IAC7F,MAAM,MAAM,GAAG,MAAM,CAAC,QAAQ,EAAE,CAAC;IACjC,MAAM,WAAW,GAAG,IAAI,GAAG,EAAkB,CAAC;IAE9C,KAAK,MAAM,CAAC,QAAQ,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,WAAW,CAAC,OAAO,EAAE,EAAE,CAAC;QAC7D,WAAW,CAAC,GAAG,CAAC,QAAQ,EAAE,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC;IACxC,CAAC;IAED,OAAO;QACL,IAAI;QACJ,MAAM;QACN,KAAK,EAAE,CAAC,GAAG,MAAM,CAAC,QAAQ,CAAC;QAC3B,WAAW;QACX,WAAW,EAAE,CAAC,GAAG,MAAM,CAAC,WAAW,CAAC;KACrC,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,kBAAkB,CAAC,SAAiB;IAClD,MAAM,YAAY,GAAG,OAAO,CAAC,SAAS,CAAC,CAAC;IACxC,MAAM,QAAQ,GAAG,WAAW,CAAC,YAAY,CAAC,CAAC;IAC3C,MAAM,MAAM,GAAG,gBAAgB,EAAE,CAAC;IAElC,IAAI,QAAQ,KAAK,MAAM,EAAE,CAAC;QACxB,MAAM,OAAO,GAAG,YAAY,CAAC,YAAY,EAAE,OAAO,CAAC,CAAC;QACpD,MAAM,CAAC,cAAc,CAAC,OAAO,EAAE,YAAY,CAAC,CAAC;QAC7C,OAAO,wBAAwB,CAAC,MAAM,EAAE,YAAY,EAAE,MAAM,CAAC,CAAC;IAChE,CAAC;IAED,MAAM,CAAC,iBAAiB,CAAC,YAAY,EAAE,IAAI,CAAC,CAAC;IAC7C,OAAO,wBAAwB,CAAC,WAAW,EAAE,YAAY,EAAE,MAAM,CAAC,CAAC;AACrE,CAAC"}

package/dist/cli/replay.d.ts

@@ -0,0 +1,57 @@
+/**
+ * `veto replay` — replay recorded tool calls against a policy to show
+ * what would be allowed, denied, or require approval.
+ *
+ * Pure deterministic evaluation. No LLM calls, no cloud calls, no network.
+ *
+ * @module cli/replay
+ */
+import { type DecisionCounts } from './replay-engine.js';
+type ReportFormat = 'text' | 'json';
+export interface ReplayOptions {
+    policy: string;
+    log: string;
+    diff?: boolean;
+    format?: ReportFormat;
+    quiet?: boolean;
+}
+export interface ReplayChangedCall {
+    index: number;
+    line: number;
+    tool: string;
+    arguments: Record<string, unknown>;
+    timestamp: string;
+    originalDecision: string;
+    replayedDecision: string;
+    ruleId?: string;
+    ruleName?: string;
+    reason?: string;
+}
+export interface ReplayDeniedGroup {
+    tool: string;
+    count: number;
+    reason?: string;
+}
+export interface ReplayReport {
+    timestamp: string;
+    policySource: string;
+    logSource: string;
+    totalCalls: number;
+    invalidLines: number;
+    decisions: DecisionCounts;
+    topDenied: ReplayDeniedGroup[];
+    topRequireApproval: ReplayDeniedGroup[];
+    changed: {
+        total: number;
+        calls: ReplayChangedCall[];
+    };
+    hasOriginalDecisions: boolean;
+}
+export interface ReplayResult {
+    success: boolean;
+    report: ReplayReport | null;
+    errors: string[];
+}
+export declare function replay(options: ReplayOptions): Promise<ReplayResult>;
+export {};
+//# sourceMappingURL=replay.d.ts.map

package/dist/cli/replay.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"replay.d.ts","sourceRoot":"","sources":["../../src/cli/replay.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAGH,OAAO,EAOL,KAAK,cAAc,EAEpB,MAAM,oBAAoB,CAAC;AAM5B,KAAK,YAAY,GAAG,MAAM,GAAG,MAAM,CAAC;AAEpC,MAAM,WAAW,aAAa;IAC5B,MAAM,EAAE,MAAM,CAAC;IACf,GAAG,EAAE,MAAM,CAAC;IACZ,IAAI,CAAC,EAAE,OAAO,CAAC;IACf,MAAM,CAAC,EAAE,YAAY,CAAC;IACtB,KAAK,CAAC,EAAE,OAAO,CAAC;CACjB;AAED,MAAM,WAAW,iBAAiB;IAChC,KAAK,EAAE,MAAM,CAAC;IACd,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC;IACb,SAAS,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACnC,SAAS,EAAE,MAAM,CAAC;IAClB,gBAAgB,EAAE,MAAM,CAAC;IACzB,gBAAgB,EAAE,MAAM,CAAC;IACzB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAED,MAAM,WAAW,iBAAiB;IAChC,IAAI,EAAE,MAAM,CAAC;IACb,KAAK,EAAE,MAAM,CAAC;IACd,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAED,MAAM,WAAW,YAAY;IAC3B,SAAS,EAAE,MAAM,CAAC;IAClB,YAAY,EAAE,MAAM,CAAC;IACrB,SAAS,EAAE,MAAM,CAAC;IAClB,UAAU,EAAE,MAAM,CAAC;IACnB,YAAY,EAAE,MAAM,CAAC;IACrB,SAAS,EAAE,cAAc,CAAC;IAC1B,SAAS,EAAE,iBAAiB,EAAE,CAAC;IAC/B,kBAAkB,EAAE,iBAAiB,EAAE,CAAC;IACxC,OAAO,EAAE;QACP,KAAK,EAAE,MAAM,CAAC;QACd,KAAK,EAAE,iBAAiB,EAAE,CAAC;KAC5B,CAAC;IACF,oBAAoB,EAAE,OAAO,CAAC;CAC/B;AAED,MAAM,WAAW,YAAY;IAC3B,OAAO,EAAE,OAAO,CAAC;IACjB,MAAM,EAAE,YAAY,GAAG,IAAI,CAAC;IAC5B,MAAM,EAAE,MAAM,EAAE,CAAC;CAClB;AA2LD,wBAAsB,MAAM,CAAC,OAAO,EAAE,aAAa,GAAG,OAAO,CAAC,YAAY,CAAC,CAwC1E"}