@agenshield/broker 0.1.0

package/package.json

@@ -0,0 +1,34 @@
+{
+  "name": "@agenshield/broker",
+  "version": "0.1.0",
+  "type": "module",
+  "description": "AgenShield broker daemon with Unix socket and HTTP fallback",
+  "main": "./index.js",
+  "types": "./index.d.ts",
+  "bin": {
+    "agenshield-broker": "./main.js",
+    "shield-client": "./client/shield-client.js"
+  },
+  "exports": {
+    "./package.json": "./package.json",
+    ".": {
+      "types": "./index.d.ts",
+      "import": "./index.js",
+      "default": "./index.js"
+    },
+    "./client": {
+      "types": "./client/index.d.ts",
+      "import": "./client/index.js",
+      "default": "./client/index.js"
+    }
+  },
+  "license": "MIT",
+  "dependencies": {
+    "@agenshield/ipc": "0.1.0"
+  },
+  "devDependencies": {
+    "@types/node": "^24.0.0",
+    "tsx": "^4.21.0",
+    "typescript": "^5.9.3"
+  }
+}

package/policies/builtin.d.ts

@@ -0,0 +1,15 @@
+/**
+ * Built-in Security Policies
+ *
+ * Default policies that ship with AgenShield.
+ */
+import type { PolicyConfig, PolicyRule } from './enforcer.js';
+/**
+ * Built-in policy rules
+ */
+export declare const BuiltinPolicies: PolicyRule[];
+/**
+ * Get default policy configuration
+ */
+export declare function getDefaultPolicies(): PolicyConfig;
+//# sourceMappingURL=builtin.d.ts.map

package/policies/builtin.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"builtin.d.ts","sourceRoot":"","sources":["../../src/policies/builtin.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,KAAK,EAAE,YAAY,EAAE,UAAU,EAAE,MAAM,eAAe,CAAC;AAE9D;;GAEG;AACH,eAAO,MAAM,eAAe,EAAE,UAAU,EAyLvC,CAAC;AAEF;;GAEG;AACH,wBAAgB,kBAAkB,IAAI,YAAY,CAgCjD"}

package/policies/command-allowlist.d.ts

@@ -0,0 +1,62 @@
+/**
+ * Command Allowlist Manager
+ *
+ * Manages both static (builtin) and dynamic (admin-configured) allowed commands.
+ * Dynamic commands are persisted to /opt/agenshield/config/allowed-commands.json.
+ */
+/**
+ * Dynamic allowed command entry
+ */
+export interface AllowedCommand {
+    name: string;
+    paths: string[];
+    addedAt: string;
+    addedBy: string;
+    category?: string;
+}
+export declare class CommandAllowlist {
+    private configPath;
+    private dynamicCommands;
+    constructor(configPath: string);
+    /**
+     * Load dynamic commands from disk
+     */
+    load(): void;
+    /**
+     * Persist dynamic commands to disk
+     */
+    save(): void;
+    /**
+     * Add a dynamic command
+     */
+    add(cmd: AllowedCommand): void;
+    /**
+     * Remove a dynamic command
+     */
+    remove(name: string): boolean;
+    /**
+     * Get a dynamic command by name
+     */
+    get(name: string): AllowedCommand | undefined;
+    /**
+     * List all commands (builtin + dynamic)
+     */
+    list(): Array<AllowedCommand & {
+        builtin: boolean;
+    }>;
+    /**
+     * List only dynamic commands
+     */
+    listDynamic(): AllowedCommand[];
+    /**
+     * Check if a command name conflicts with a builtin
+     */
+    isBuiltin(name: string): boolean;
+    /**
+     * Resolve a command name to an absolute path.
+     * Checks builtin commands first, then dynamic commands.
+     * Returns null if the command is not allowed.
+     */
+    resolve(command: string): string | null;
+}
+//# sourceMappingURL=command-allowlist.d.ts.map

package/policies/command-allowlist.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"command-allowlist.d.ts","sourceRoot":"","sources":["../../src/policies/command-allowlist.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAKH;;GAEG;AACH,MAAM,WAAW,cAAc;IAC7B,IAAI,EAAE,MAAM,CAAC;IACb,KAAK,EAAE,MAAM,EAAE,CAAC;IAChB,OAAO,EAAE,MAAM,CAAC;IAChB,OAAO,EAAE,MAAM,CAAC;IAChB,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AAiDD,qBAAa,gBAAgB;IAC3B,OAAO,CAAC,UAAU,CAAS;IAC3B,OAAO,CAAC,eAAe,CAA0C;gBAErD,UAAU,EAAE,MAAM;IAK9B;;OAEG;IACH,IAAI,IAAI,IAAI;IAkBZ;;OAEG;IACH,IAAI,IAAI,IAAI;IAcZ;;OAEG;IACH,GAAG,CAAC,GAAG,EAAE,cAAc,GAAG,IAAI;IAK9B;;OAEG;IACH,MAAM,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO;IAQ7B;;OAEG;IACH,GAAG,CAAC,IAAI,EAAE,MAAM,GAAG,cAAc,GAAG,SAAS;IAI7C;;OAEG;IACH,IAAI,IAAI,KAAK,CAAC,cAAc,GAAG;QAAE,OAAO,EAAE,OAAO,CAAA;KAAE,CAAC;IAsBpD;;OAEG;IACH,WAAW,IAAI,cAAc,EAAE;IAI/B;;OAEG;IACH,SAAS,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO;IAIhC;;;;OAIG;IACH,OAAO,CAAC,OAAO,EAAE,MAAM,GAAG,MAAM,GAAG,IAAI;CAmCxC"}

package/policies/enforcer.d.ts

@@ -0,0 +1,98 @@
+/**
+ * Policy Enforcer
+ *
+ * Evaluates operations against configured policies.
+ */
+import type { HandlerContext } from '../types.js';
+/**
+ * Policy rule definition
+ */
+export interface PolicyRule {
+    id: string;
+    name: string;
+    action: 'allow' | 'deny' | 'approval';
+    target: 'skill' | 'command' | 'url';
+    operations: string[];
+    patterns: string[];
+    enabled: boolean;
+    priority: number;
+}
+/**
+ * Policy check result
+ */
+export interface PolicyCheckResult {
+    allowed: boolean;
+    policyId?: string;
+    reason?: string;
+}
+/**
+ * Policy configuration
+ */
+export interface PolicyConfig {
+    version: string;
+    defaultAction: 'allow' | 'deny';
+    rules: PolicyRule[];
+    fsConstraints?: {
+        allowedPaths: string[];
+        deniedPatterns: string[];
+    };
+    networkConstraints?: {
+        allowedHosts: string[];
+        deniedHosts: string[];
+        allowedPorts: number[];
+    };
+}
+export interface PolicyEnforcerOptions {
+    policiesPath: string;
+    defaultPolicies: PolicyConfig;
+    failOpen: boolean;
+}
+export declare class PolicyEnforcer {
+    private policies;
+    private policiesPath;
+    private failOpen;
+    private lastLoad;
+    private reloadInterval;
+    constructor(options: PolicyEnforcerOptions);
+    /**
+     * Load policies from disk
+     */
+    private loadPolicies;
+    /**
+     * Maybe reload policies if stale
+     */
+    private maybeReload;
+    /**
+     * Check if an operation is allowed
+     */
+    check(operation: string, params: Record<string, unknown>, context: HandlerContext): Promise<PolicyCheckResult>;
+    /**
+     * Extract target from operation params
+     */
+    private extractTarget;
+    /**
+     * Check if target matches any patterns
+     */
+    private matchesPatterns;
+    /**
+     * Match a single pattern (supports glob-like matching)
+     */
+    private matchPattern;
+    /**
+     * Check operation-specific constraints
+     */
+    private checkConstraints;
+    /**
+     * Get all configured policies
+     */
+    getPolicies(): PolicyConfig;
+    /**
+     * Add a policy rule at runtime
+     */
+    addRule(rule: PolicyRule): void;
+    /**
+     * Remove a policy rule
+     */
+    removeRule(id: string): boolean;
+}
+//# sourceMappingURL=enforcer.d.ts.map

package/policies/enforcer.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"enforcer.d.ts","sourceRoot":"","sources":["../../src/policies/enforcer.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAIH,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,aAAa,CAAC;AAElD;;GAEG;AACH,MAAM,WAAW,UAAU;IACzB,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,EAAE,OAAO,GAAG,MAAM,GAAG,UAAU,CAAC;IACtC,MAAM,EAAE,OAAO,GAAG,SAAS,GAAG,KAAK,CAAC;IACpC,UAAU,EAAE,MAAM,EAAE,CAAC;IACrB,QAAQ,EAAE,MAAM,EAAE,CAAC;IACnB,OAAO,EAAE,OAAO,CAAC;IACjB,QAAQ,EAAE,MAAM,CAAC;CAClB;AAED;;GAEG;AACH,MAAM,WAAW,iBAAiB;IAChC,OAAO,EAAE,OAAO,CAAC;IACjB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAED;;GAEG;AACH,MAAM,WAAW,YAAY;IAC3B,OAAO,EAAE,MAAM,CAAC;IAChB,aAAa,EAAE,OAAO,GAAG,MAAM,CAAC;IAChC,KAAK,EAAE,UAAU,EAAE,CAAC;IACpB,aAAa,CAAC,EAAE;QACd,YAAY,EAAE,MAAM,EAAE,CAAC;QACvB,cAAc,EAAE,MAAM,EAAE,CAAC;KAC1B,CAAC;IACF,kBAAkB,CAAC,EAAE;QACnB,YAAY,EAAE,MAAM,EAAE,CAAC;QACvB,WAAW,EAAE,MAAM,EAAE,CAAC;QACtB,YAAY,EAAE,MAAM,EAAE,CAAC;KACxB,CAAC;CACH;AAED,MAAM,WAAW,qBAAqB;IACpC,YAAY,EAAE,MAAM,CAAC;IACrB,eAAe,EAAE,YAAY,CAAC;IAC9B,QAAQ,EAAE,OAAO,CAAC;CACnB;AAED,qBAAa,cAAc;IACzB,OAAO,CAAC,QAAQ,CAAe;IAC/B,OAAO,CAAC,YAAY,CAAS;IAC7B,OAAO,CAAC,QAAQ,CAAU;IAC1B,OAAO,CAAC,QAAQ,CAAa;IAC7B,OAAO,CAAC,cAAc,CAAiB;gBAE3B,OAAO,EAAE,qBAAqB;IAQ1C;;OAEG;IACH,OAAO,CAAC,YAAY;IA4CpB;;OAEG;IACH,OAAO,CAAC,WAAW;IAMnB;;OAEG;IACG,KAAK,CACT,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAC/B,OAAO,EAAE,cAAc,GACtB,OAAO,CAAC,iBAAiB,CAAC;IAuD7B;;OAEG;IACH,OAAO,CAAC,aAAa;IAmBrB;;OAEG;IACH,OAAO,CAAC,eAAe;IASvB;;OAEG;IACH,OAAO,CAAC,YAAY;IAapB;;OAEG;IACH,OAAO,CAAC,gBAAgB;IA8GxB;;OAEG;IACH,WAAW,IAAI,YAAY;IAK3B;;OAEG;IACH,OAAO,CAAC,IAAI,EAAE,UAAU,GAAG,IAAI;IAK/B;;OAEG;IACH,UAAU,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO;CAQhC"}

package/policies/index.d.ts

@@ -0,0 +1,8 @@
+/**
+ * Policy exports
+ */
+export { PolicyEnforcer } from './enforcer.js';
+export { BuiltinPolicies, getDefaultPolicies } from './builtin.js';
+export { CommandAllowlist } from './command-allowlist.js';
+export type { AllowedCommand } from './command-allowlist.js';
+//# sourceMappingURL=index.d.ts.map

package/policies/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/policies/index.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,EAAE,cAAc,EAAE,MAAM,eAAe,CAAC;AAC/C,OAAO,EAAE,eAAe,EAAE,kBAAkB,EAAE,MAAM,cAAc,CAAC;AACnE,OAAO,EAAE,gBAAgB,EAAE,MAAM,wBAAwB,CAAC;AAC1D,YAAY,EAAE,cAAc,EAAE,MAAM,wBAAwB,CAAC"}

package/seatbelt/generator.d.ts

@@ -0,0 +1,39 @@
+/**
+ * Seatbelt Profile Generator
+ *
+ * Generates macOS Seatbelt (sandbox-exec) profiles.
+ */
+export interface SeatbeltOptions {
+    workspacePath: string;
+    socketPath: string;
+    allowedBinPaths: string[];
+    allowedReadPaths: string[];
+    additionalRules?: string[];
+}
+export interface OperationSeatbeltOptions {
+    operation: string;
+    targetPath?: string;
+    targetHost?: string;
+    targetPort?: number;
+}
+export declare class SeatbeltGenerator {
+    private templates;
+    constructor();
+    /**
+     * Generate the main agent seatbelt profile
+     */
+    generateAgentProfile(options: SeatbeltOptions): string;
+    /**
+     * Generate a per-operation seatbelt profile
+     */
+    generateOperationProfile(options: OperationSeatbeltOptions): string;
+    /**
+     * Install seatbelt profiles to disk
+     */
+    installProfiles(outputDir: string, options: SeatbeltOptions): Promise<void>;
+    /**
+     * Verify a seatbelt profile is valid
+     */
+    verifyProfile(profilePath: string): Promise<boolean>;
+}
+//# sourceMappingURL=generator.d.ts.map

package/seatbelt/generator.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"generator.d.ts","sourceRoot":"","sources":["../../src/seatbelt/generator.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAMH,MAAM,WAAW,eAAe;IAC9B,aAAa,EAAE,MAAM,CAAC;IACtB,UAAU,EAAE,MAAM,CAAC;IACnB,eAAe,EAAE,MAAM,EAAE,CAAC;IAC1B,gBAAgB,EAAE,MAAM,EAAE,CAAC;IAC3B,eAAe,CAAC,EAAE,MAAM,EAAE,CAAC;CAC5B;AAED,MAAM,WAAW,wBAAwB;IACvC,SAAS,EAAE,MAAM,CAAC;IAClB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;AAED,qBAAa,iBAAiB;IAC5B,OAAO,CAAC,SAAS,CAAoB;;IAMrC;;OAEG;IACH,oBAAoB,CAAC,OAAO,EAAE,eAAe,GAAG,MAAM;IA+FtD;;OAEG;IACH,wBAAwB,CAAC,OAAO,EAAE,wBAAwB,GAAG,MAAM;IAqBnE;;OAEG;IACG,eAAe,CACnB,SAAS,EAAE,MAAM,EACjB,OAAO,EAAE,eAAe,GACvB,OAAO,CAAC,IAAI,CAAC;IA4BhB;;OAEG;IACG,aAAa,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;CAuB3D"}

package/seatbelt/templates.d.ts

@@ -0,0 +1,36 @@
+/**
+ * Seatbelt Profile Templates
+ *
+ * Base templates for different operation types.
+ */
+export declare class SeatbeltTemplates {
+    /**
+     * Base profile with minimal permissions
+     */
+    baseProfile(): string;
+    /**
+     * Profile for file read operations
+     */
+    fileReadProfile(targetPath: string): string;
+    /**
+     * Profile for file write operations
+     */
+    fileWriteProfile(targetPath: string): string;
+    /**
+     * Profile for HTTP request operations
+     */
+    httpRequestProfile(host?: string, port?: number): string;
+    /**
+     * Profile for command execution
+     */
+    execProfile(binaryPath?: string): string;
+    /**
+     * Profile for broker daemon (has network)
+     */
+    brokerProfile(socketPath: string): string;
+    /**
+     * Deny-all profile for testing
+     */
+    denyAllProfile(): string;
+}
+//# sourceMappingURL=templates.d.ts.map

package/seatbelt/templates.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"templates.d.ts","sourceRoot":"","sources":["../../src/seatbelt/templates.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,qBAAa,iBAAiB;IAC5B;;OAEG;IACH,WAAW,IAAI,MAAM;IAkBrB;;OAEG;IACH,eAAe,CAAC,UAAU,EAAE,MAAM,GAAG,MAAM;IAyB3C;;OAEG;IACH,gBAAgB,CAAC,UAAU,EAAE,MAAM,GAAG,MAAM;IAyB5C;;OAEG;IACH,kBAAkB,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,MAAM,GAAG,MAAM;IAsCxD;;OAEG;IACH,WAAW,CAAC,UAAU,CAAC,EAAE,MAAM,GAAG,MAAM;IAkCxC;;OAEG;IACH,aAAa,CAAC,UAAU,EAAE,MAAM,GAAG,MAAM;IAuCzC;;OAEG;IACH,cAAc,IAAI,MAAM;CAMzB"}

package/secrets/vault.d.ts

@@ -0,0 +1,67 @@
+/**
+ * Secret Vault
+ *
+ * Encrypted secrets storage and retrieval.
+ */
+export interface VaultOptions {
+    vaultPath: string;
+    keyPath?: string;
+}
+export interface VaultSecret {
+    name: string;
+    value: string;
+    createdAt: Date;
+    lastAccessedAt?: Date;
+    accessCount: number;
+}
+export declare class SecretVault {
+    private vaultPath;
+    private key;
+    private data;
+    constructor(options: VaultOptions);
+    /**
+     * Initialize the vault
+     */
+    initialize(): Promise<void>;
+    /**
+     * Load or create the encryption key
+     */
+    private loadOrCreateKey;
+    /**
+     * Load vault data from disk
+     */
+    private load;
+    /**
+     * Save vault data to disk
+     */
+    private save;
+    /**
+     * Encrypt a value
+     */
+    private encrypt;
+    /**
+     * Decrypt a value
+     */
+    private decrypt;
+    /**
+     * Get a secret by name
+     */
+    get(name: string): Promise<VaultSecret | null>;
+    /**
+     * Set a secret
+     */
+    set(name: string, value: string): Promise<void>;
+    /**
+     * Delete a secret
+     */
+    delete(name: string): Promise<boolean>;
+    /**
+     * List all secret names
+     */
+    list(): Promise<string[]>;
+    /**
+     * Check if a secret exists
+     */
+    has(name: string): Promise<boolean>;
+}
+//# sourceMappingURL=vault.d.ts.map

package/secrets/vault.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"vault.d.ts","sourceRoot":"","sources":["../../src/secrets/vault.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAKH,MAAM,WAAW,YAAY;IAC3B,SAAS,EAAE,MAAM,CAAC;IAClB,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB;AAED,MAAM,WAAW,WAAW;IAC1B,IAAI,EAAE,MAAM,CAAC;IACb,KAAK,EAAE,MAAM,CAAC;IACd,SAAS,EAAE,IAAI,CAAC;IAChB,cAAc,CAAC,EAAE,IAAI,CAAC;IACtB,WAAW,EAAE,MAAM,CAAC;CACrB;AAeD,qBAAa,WAAW;IACtB,OAAO,CAAC,SAAS,CAAS;IAC1B,OAAO,CAAC,GAAG,CAAuB;IAClC,OAAO,CAAC,IAAI,CAA0B;gBAE1B,OAAO,EAAE,YAAY;IAIjC;;OAEG;IACG,UAAU,IAAI,OAAO,CAAC,IAAI,CAAC;IAQjC;;OAEG;YACW,eAAe;IAc7B;;OAEG;YACW,IAAI;IAalB;;OAEG;YACW,IAAI;IAUlB;;OAEG;IACH,OAAO,CAAC,OAAO;IAoBf;;OAEG;IACH,OAAO,CAAC,OAAO;IAmBf;;OAEG;IACG,GAAG,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,WAAW,GAAG,IAAI,CAAC;IA8BpD;;OAEG;IACG,GAAG,CAAC,IAAI,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAgBrD;;OAEG;IACG,MAAM,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IAc5C;;OAEG;IACG,IAAI,IAAI,OAAO,CAAC,MAAM,EAAE,CAAC;IAQ/B;;OAEG;IACG,GAAG,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;CAO1C"}

package/server.d.ts

@@ -0,0 +1,54 @@
+/**
+ * Unix Socket Server
+ *
+ * Primary IPC server for the broker daemon.
+ * Handles JSON-RPC 2.0 requests over newline-delimited JSON.
+ */
+import type { BrokerConfig } from './types.js';
+import type { PolicyEnforcer } from './policies/enforcer.js';
+import type { AuditLogger } from './audit/logger.js';
+import type { SecretVault } from './secrets/vault.js';
+export interface UnixSocketServerOptions {
+    config: BrokerConfig;
+    policyEnforcer: PolicyEnforcer;
+    auditLogger: AuditLogger;
+    secretVault: SecretVault;
+}
+export declare class UnixSocketServer {
+    private server;
+    private config;
+    private policyEnforcer;
+    private auditLogger;
+    private secretVault;
+    private connections;
+    constructor(options: UnixSocketServerOptions);
+    /**
+     * Start the Unix socket server
+     */
+    start(): Promise<void>;
+    /**
+     * Stop the Unix socket server
+     */
+    stop(): Promise<void>;
+    /**
+     * Handle a new client connection
+     */
+    private handleConnection;
+    /**
+     * Process a JSON-RPC request
+     */
+    private processRequest;
+    /**
+     * Get the handler for an operation type
+     */
+    private getHandler;
+    /**
+     * Extract target from request for audit logging
+     */
+    private extractTarget;
+    /**
+     * Create an error response
+     */
+    private errorResponse;
+}
+//# sourceMappingURL=server.d.ts.map

package/server.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"server.d.ts","sourceRoot":"","sources":["../src/server.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAKH,OAAO,KAAK,EACV,YAAY,EAIb,MAAM,YAAY,CAAC;AACpB,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,wBAAwB,CAAC;AAC7D,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AACrD,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,oBAAoB,CAAC;AAGtD,MAAM,WAAW,uBAAuB;IACtC,MAAM,EAAE,YAAY,CAAC;IACrB,cAAc,EAAE,cAAc,CAAC;IAC/B,WAAW,EAAE,WAAW,CAAC;IACzB,WAAW,EAAE,WAAW,CAAC;CAC1B;AAED,qBAAa,gBAAgB;IAC3B,OAAO,CAAC,MAAM,CAA2B;IACzC,OAAO,CAAC,MAAM,CAAe;IAC7B,OAAO,CAAC,cAAc,CAAiB;IACvC,OAAO,CAAC,WAAW,CAAc;IACjC,OAAO,CAAC,WAAW,CAAc;IACjC,OAAO,CAAC,WAAW,CAA8B;gBAErC,OAAO,EAAE,uBAAuB;IAO5C;;OAEG;IACG,KAAK,IAAI,OAAO,CAAC,IAAI,CAAC;IA4B5B;;OAEG;IACG,IAAI,IAAI,OAAO,CAAC,IAAI,CAAC;IA0B3B;;OAEG;IACH,OAAO,CAAC,gBAAgB;IA+BxB;;OAEG;YACW,cAAc;IAoG5B;;OAEG;IACH,OAAO,CAAC,UAAU;IAyBlB;;OAEG;IACH,OAAO,CAAC,aAAa;IAWrB;;OAEG;IACH,OAAO,CAAC,aAAa;CAWtB"}