@agenshield/sandbox 0.4.2 → 0.4.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/guarded-shell.d.ts +2 -2
- package/guarded-shell.d.ts.map +1 -1
- package/index.js +93 -46
- package/launchdaemon.d.ts.map +1 -1
- package/package.json +2 -2
- package/restore.d.ts +0 -4
- package/restore.d.ts.map +1 -1
- package/wrappers.d.ts.map +1 -1
package/guarded-shell.d.ts
CHANGED
|
@@ -20,7 +20,7 @@ export declare const ZDOT_DIR = "/etc/agenshield/zdot";
|
|
|
20
20
|
* Guarded shell launcher — minimal, just sets ZDOTDIR and execs zsh.
|
|
21
21
|
* Restrictions are applied by ZDOT_ZSHENV_CONTENT and ZDOT_ZSHRC_CONTENT.
|
|
22
22
|
*/
|
|
23
|
-
export declare const GUARDED_SHELL_CONTENT = "#!/bin/zsh\n# guarded-shell: launcher for restricted agent shell.\n# All restrictions live in ZDOTDIR files (root-owned, immutable to agent).\nemulate -LR zsh\n\n# Prevent inherited env tricks before handing off to zsh\nunset HOME\nunset DYLD_LIBRARY_PATH DYLD_FALLBACK_LIBRARY_PATH DYLD_INSERT_LIBRARIES\nunset PYTHONPATH NODE_PATH RUBYLIB PERL5LIB\nunset SSH_ASKPASS LD_PRELOAD\n\n# Point zsh at our restricted config directory\nexport ZDOTDIR=\"/etc/agenshield/zdot\"\n\n# Start zsh \u2014 it will read ZDOTDIR/.zshenv then ZDOTDIR/.zshrc\nexec /bin/zsh\n";
|
|
23
|
+
export declare const GUARDED_SHELL_CONTENT = "#!/bin/zsh\n# guarded-shell: launcher for restricted agent shell.\n# All restrictions live in ZDOTDIR files (root-owned, immutable to agent).\nemulate -LR zsh\n\n# Prevent inherited env tricks before handing off to zsh\nunset HOME\nunset DYLD_LIBRARY_PATH DYLD_FALLBACK_LIBRARY_PATH DYLD_INSERT_LIBRARIES\nunset PYTHONPATH NODE_PATH RUBYLIB PERL5LIB\nunset SSH_ASKPASS LD_PRELOAD\n\n# Point zsh at our restricted config directory\nexport ZDOTDIR=\"/etc/agenshield/zdot\"\n\n# Start zsh \u2014 it will read ZDOTDIR/.zshenv then ZDOTDIR/.zshrc\nexec /bin/zsh \"$@\"\n";
|
|
24
24
|
/**
|
|
25
25
|
* ZDOTDIR .zshenv — runs after /etc/zshenv (which calls path_helper on macOS).
|
|
26
26
|
* Overrides PATH to only include $HOME/bin.
|
|
@@ -30,5 +30,5 @@ export declare const ZDOT_ZSHENV_CONTENT = "# AgenShield restricted .zshenv\n# R
|
|
|
30
30
|
* ZDOTDIR .zshrc — interactive shell restrictions.
|
|
31
31
|
* Applies RESTRICTED mode, locks variables, disables builtins, installs hooks.
|
|
32
32
|
*/
|
|
33
|
-
export declare const ZDOT_ZSHRC_CONTENT = "# AgenShield restricted .zshrc\n# Applied to every interactive shell for the agent user.\n\nemulate -LR zsh\n\n# ---- Shell options ----\n# Note: NOT using setopt RESTRICTED as it disables cd entirely.\n# Instead we use preexec hooks and builtin disable for enforcement.\nsetopt NO_CASE_GLOB\nsetopt NO_BEEP\n\n# ---- Lock critical variables (readonly) ----\ntypeset -r PATH HOME SHELL\n\n# ---- Enforcement helpers ----\ndeny() {\n print -r -- \"Denied by policy\"\n return 126\n}\n\nis_allowed_cmd() {\n local cmd=\"$1\"\n\n # Allow zsh reserved words (if, for, while, [[, case, etc.)\n [[ \"$(whence -w \"$cmd\" 2>/dev/null)\" == *\": reserved\" ]] && return 0\n\n # Allow shell builtins we explicitly permit\n case \"$cmd\" in\n cd|pwd|echo|printf|test|true|false|exit|return|break|continue|shift|set|unset|export|typeset|local|declare|readonly|let|read|print|pushd|popd|dirs|jobs|fg|bg|kill|wait|times|ulimit|umask|history|fc|type|whence|which|where|rehash)\n return 0\n ;;\n esac\n\n # Deny path execution outright\n [[ \"$cmd\" == */* ]] && return 1\n\n # Resolve command path\n local resolved\n resolved=\"$(whence -p -- \"$cmd\" 2>/dev/null)\" || return 1\n\n # Must live under HOME/bin exactly\n [[ \"$resolved\" == \"$HOME/bin/\"* ]] && return 0\n return 1\n}\n\n# ---- Block dangerous builtins ----\ndisable -r builtin command exec eval hash nohup setopt source unfunction functions alias unalias 2>/dev/null || true\n\n# ---- Intercept every interactive command before execution ----\npreexec() {\n local line=\"$1\"\n local cmd=\"${line%%[[:space:]]*}\"\n\n # Empty / whitespace lines\n [[ -z \"$cmd\" ]] && return 0\n\n # Deny anything with slash in the command token (direct path execution)\n [[ \"$cmd\" == */* ]] && { print -r -- \"Denied: direct path execution\"; kill -KILL $$; }\n\n # Deny anything not allowed\n if ! is_allowed_cmd \"$cmd\"; then\n print -r -- \"Denied: $cmd (not in $HOME/bin)\"\n kill -KILL $$\n fi\n}\n\n# ---- Also intercept non-interactive \\`zsh -c\\` cases ----\nTRAPDEBUG() {\n local line=\"${ZSH_DEBUG_CMD:-$1}\"\n local cmd=\"${line%%[[:space:]]*}\"\n [[ -z \"$cmd\" ]] && return 0\n\n # Skip zsh reserved words ([[, if, for, while, case, etc.)
|
|
33
|
+
export declare const ZDOT_ZSHRC_CONTENT = "# AgenShield restricted .zshrc\n# Applied to every interactive shell for the agent user.\n\nemulate -LR zsh\n\n# Re-set HISTFILE (safety: ensure it points to agent's home, not ZDOTDIR)\nHISTFILE=\"$HOME/.zsh_history\"\n\n# ---- Shell options ----\n# Note: NOT using setopt RESTRICTED as it disables cd entirely.\n# Instead we use preexec hooks and builtin disable for enforcement.\nsetopt NO_CASE_GLOB\nsetopt NO_BEEP\n\n# ---- Lock critical variables (readonly) ----\ntypeset -r PATH HOME SHELL HISTFILE\n\n# ---- Enforcement helpers ----\ndeny() {\n print -r -- \"Denied by policy\"\n return 126\n}\n\nis_allowed_cmd() {\n local cmd=\"$1\"\n\n # Allow zsh reserved words (if, for, while, [[, case, etc.)\n [[ \"$(whence -w \"$cmd\" 2>/dev/null)\" == *\": reserved\" ]] && return 0\n\n # Allow shell builtins we explicitly permit\n case \"$cmd\" in\n cd|pwd|echo|printf|test|true|false|exit|return|break|continue|shift|set|unset|export|typeset|local|declare|readonly|let|read|print|pushd|popd|dirs|jobs|fg|bg|kill|wait|times|ulimit|umask|history|fc|type|whence|which|where|rehash)\n return 0\n ;;\n esac\n\n # Deny path execution outright\n [[ \"$cmd\" == */* ]] && return 1\n\n # Resolve command path\n local resolved\n resolved=\"$(whence -p -- \"$cmd\" 2>/dev/null)\" || return 1\n\n # Must live under HOME/bin exactly\n [[ \"$resolved\" == \"$HOME/bin/\"* ]] && return 0\n return 1\n}\n\n# ---- Block dangerous builtins ----\ndisable -r builtin command exec eval hash nohup setopt source unfunction functions alias unalias 2>/dev/null || true\n\n# ---- Intercept every interactive command before execution ----\npreexec() {\n local line=\"$1\"\n local cmd=\"${line%%[[:space:]]*}\"\n\n # Empty / whitespace lines\n [[ -z \"$cmd\" ]] && return 0\n\n # Deny anything with slash in the command token (direct path execution)\n [[ \"$cmd\" == */* ]] && { print -r -- \"Denied: direct path execution\"; kill -KILL $$; }\n\n # Deny anything not allowed\n if ! is_allowed_cmd \"$cmd\"; then\n print -r -- \"Denied: $cmd (not in $HOME/bin)\"\n kill -KILL $$\n fi\n}\n\n# ---- Also intercept non-interactive \\`zsh -c\\` cases ----\ntypeset -gi __ash_guard=0\n\nTRAPDEBUG() {\n # Prevent recursion when our own checks invoke whence/is_allowed_cmd\n (( __ash_guard )) && return 0\n\n local line=\"${ZSH_DEBUG_CMD:-$1}\"\n local cmd=\"${line%%[[:space:]]*}\"\n [[ -z \"$cmd\" ]] && return 0\n\n # Skip variable assignments (e.g. resolved=\"$(whence ...)\")\n [[ \"$cmd\" == *=* ]] && return 0\n\n # Skip zsh reserved words ([[, if, for, while, case, etc.)\n __ash_guard=1\n [[ \"$(whence -w \"$cmd\" 2>/dev/null)\" == *\": reserved\" ]] && { __ash_guard=0; return 0; }\n\n [[ \"$cmd\" == */* ]] && { __ash_guard=0; print -r -- \"Denied: direct path execution\"; return 126; }\n is_allowed_cmd \"$cmd\" || { __ash_guard=0; print -r -- \"Denied: $cmd\"; return 126; }\n __ash_guard=0\n return 0\n}\n\n# ---- Ensure accessible working directory ----\ncd \"$HOME\" 2>/dev/null || cd /\n";
|
|
34
34
|
//# sourceMappingURL=guarded-shell.d.ts.map
|
package/guarded-shell.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"guarded-shell.d.ts","sourceRoot":"","sources":["../src/guarded-shell.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;AAEH,eAAO,MAAM,kBAAkB,iCAAiC,CAAC;AACjE,eAAO,MAAM,QAAQ,yBAAyB,CAAC;AAE/C;;;GAGG;AACH,eAAO,MAAM,qBAAqB,
|
|
1
|
+
{"version":3,"file":"guarded-shell.d.ts","sourceRoot":"","sources":["../src/guarded-shell.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;AAEH,eAAO,MAAM,kBAAkB,iCAAiC,CAAC;AACjE,eAAO,MAAM,QAAQ,yBAAyB,CAAC;AAE/C;;;GAGG;AACH,eAAO,MAAM,qBAAqB,0jBAgBjC,CAAC;AAEF;;;GAGG;AACH,eAAO,MAAM,mBAAmB,ulBAiB/B,CAAC;AAEF;;;GAGG;AACH,eAAO,MAAM,kBAAkB,89FA+F9B,CAAC"}
|
package/index.js
CHANGED
|
@@ -38,7 +38,7 @@ unset SSH_ASKPASS LD_PRELOAD
|
|
|
38
38
|
export ZDOTDIR="/etc/agenshield/zdot"
|
|
39
39
|
|
|
40
40
|
# Start zsh \u2014 it will read ZDOTDIR/.zshenv then ZDOTDIR/.zshrc
|
|
41
|
-
exec /bin/zsh
|
|
41
|
+
exec /bin/zsh "$@"
|
|
42
42
|
`;
|
|
43
43
|
ZDOT_ZSHENV_CONTENT = `# AgenShield restricted .zshenv
|
|
44
44
|
# Runs AFTER /etc/zshenv \u2014 overrides path_helper's full system PATH.
|
|
@@ -63,6 +63,9 @@ unset SSH_ASKPASS LD_PRELOAD
|
|
|
63
63
|
|
|
64
64
|
emulate -LR zsh
|
|
65
65
|
|
|
66
|
+
# Re-set HISTFILE (safety: ensure it points to agent's home, not ZDOTDIR)
|
|
67
|
+
HISTFILE="$HOME/.zsh_history"
|
|
68
|
+
|
|
66
69
|
# ---- Shell options ----
|
|
67
70
|
# Note: NOT using setopt RESTRICTED as it disables cd entirely.
|
|
68
71
|
# Instead we use preexec hooks and builtin disable for enforcement.
|
|
@@ -70,7 +73,7 @@ setopt NO_CASE_GLOB
|
|
|
70
73
|
setopt NO_BEEP
|
|
71
74
|
|
|
72
75
|
# ---- Lock critical variables (readonly) ----
|
|
73
|
-
typeset -r PATH HOME SHELL
|
|
76
|
+
typeset -r PATH HOME SHELL HISTFILE
|
|
74
77
|
|
|
75
78
|
# ---- Enforcement helpers ----
|
|
76
79
|
deny() {
|
|
@@ -125,16 +128,26 @@ preexec() {
|
|
|
125
128
|
}
|
|
126
129
|
|
|
127
130
|
# ---- Also intercept non-interactive \\\`zsh -c\\\` cases ----
|
|
131
|
+
typeset -gi __ash_guard=0
|
|
132
|
+
|
|
128
133
|
TRAPDEBUG() {
|
|
134
|
+
# Prevent recursion when our own checks invoke whence/is_allowed_cmd
|
|
135
|
+
(( __ash_guard )) && return 0
|
|
136
|
+
|
|
129
137
|
local line="\${ZSH_DEBUG_CMD:-$1}"
|
|
130
138
|
local cmd="\${line%%[[:space:]]*}"
|
|
131
139
|
[[ -z "$cmd" ]] && return 0
|
|
132
140
|
|
|
133
|
-
# Skip
|
|
134
|
-
[[ "$
|
|
141
|
+
# Skip variable assignments (e.g. resolved="$(whence ...)")
|
|
142
|
+
[[ "$cmd" == *=* ]] && return 0
|
|
135
143
|
|
|
136
|
-
|
|
137
|
-
|
|
144
|
+
# Skip zsh reserved words ([[, if, for, while, case, etc.)
|
|
145
|
+
__ash_guard=1
|
|
146
|
+
[[ "$(whence -w "$cmd" 2>/dev/null)" == *": reserved" ]] && { __ash_guard=0; return 0; }
|
|
147
|
+
|
|
148
|
+
[[ "$cmd" == */* ]] && { __ash_guard=0; print -r -- "Denied: direct path execution"; return 126; }
|
|
149
|
+
is_allowed_cmd "$cmd" || { __ash_guard=0; print -r -- "Denied: $cmd"; return 126; }
|
|
150
|
+
__ash_guard=0
|
|
138
151
|
return 0
|
|
139
152
|
}
|
|
140
153
|
|
|
@@ -1456,7 +1469,7 @@ async function setupSocketDirectory(config) {
|
|
|
1456
1469
|
try {
|
|
1457
1470
|
await execAsync2(`sudo mkdir -p "${socketDir}"`);
|
|
1458
1471
|
await execAsync2(`sudo chown ${cfg.brokerUser.username}:${cfg.groups.socket.name} "${socketDir}"`);
|
|
1459
|
-
await execAsync2(`sudo chmod
|
|
1472
|
+
await execAsync2(`sudo chmod 775 "${socketDir}"`);
|
|
1460
1473
|
return {
|
|
1461
1474
|
success: true,
|
|
1462
1475
|
path: socketDir,
|
|
@@ -3337,33 +3350,42 @@ function findDaemonPidByPort(port) {
|
|
|
3337
3350
|
}
|
|
3338
3351
|
return null;
|
|
3339
3352
|
}
|
|
3353
|
+
function waitForProcessExit(pid, timeoutMs = 5e3) {
|
|
3354
|
+
const start = Date.now();
|
|
3355
|
+
while (Date.now() - start < timeoutMs) {
|
|
3356
|
+
try {
|
|
3357
|
+
process.kill(pid, 0);
|
|
3358
|
+
} catch {
|
|
3359
|
+
return true;
|
|
3360
|
+
}
|
|
3361
|
+
execSync6("sleep 0.2", { stdio: "pipe" });
|
|
3362
|
+
}
|
|
3363
|
+
try {
|
|
3364
|
+
process.kill(pid, "SIGKILL");
|
|
3365
|
+
} catch {
|
|
3366
|
+
return true;
|
|
3367
|
+
}
|
|
3368
|
+
const killStart = Date.now();
|
|
3369
|
+
while (Date.now() - killStart < 2e3) {
|
|
3370
|
+
try {
|
|
3371
|
+
process.kill(pid, 0);
|
|
3372
|
+
} catch {
|
|
3373
|
+
return true;
|
|
3374
|
+
}
|
|
3375
|
+
execSync6("sleep 0.2", { stdio: "pipe" });
|
|
3376
|
+
}
|
|
3377
|
+
return false;
|
|
3378
|
+
}
|
|
3340
3379
|
function stopDaemon() {
|
|
3341
3380
|
const plistPath = "/Library/LaunchDaemons/com.agenshield.daemon.plist";
|
|
3342
3381
|
if (fs7.existsSync(plistPath)) {
|
|
3343
|
-
const result = sudoExec4(`launchctl unload "${plistPath}"`);
|
|
3344
|
-
if (!result.success) {
|
|
3345
|
-
return {
|
|
3346
|
-
step: "stop-daemon",
|
|
3347
|
-
success: true,
|
|
3348
|
-
message: "Daemon stopped (or was not running)"
|
|
3349
|
-
};
|
|
3350
|
-
}
|
|
3351
3382
|
sudoExec4(`rm -f "${plistPath}"`);
|
|
3352
|
-
|
|
3353
|
-
step: "stop-daemon",
|
|
3354
|
-
success: true,
|
|
3355
|
-
message: "Daemon stopped and plist removed"
|
|
3356
|
-
};
|
|
3383
|
+
sudoExec4(`launchctl unload "${plistPath}" 2>/dev/null || true`);
|
|
3357
3384
|
}
|
|
3358
3385
|
const pid = findDaemonPidByPort(DEFAULT_PORT);
|
|
3359
3386
|
if (pid) {
|
|
3360
3387
|
try {
|
|
3361
3388
|
process.kill(pid, "SIGTERM");
|
|
3362
|
-
return {
|
|
3363
|
-
step: "stop-daemon",
|
|
3364
|
-
success: true,
|
|
3365
|
-
message: `Daemon stopped (PID ${pid}, via port lookup)`
|
|
3366
|
-
};
|
|
3367
3389
|
} catch (err) {
|
|
3368
3390
|
const errCode = err.code;
|
|
3369
3391
|
if (errCode === "ESRCH") {
|
|
@@ -3373,13 +3395,18 @@ function stopDaemon() {
|
|
|
3373
3395
|
message: `Daemon process ${pid} already terminated`
|
|
3374
3396
|
};
|
|
3375
3397
|
}
|
|
3376
|
-
|
|
3377
|
-
|
|
3378
|
-
|
|
3379
|
-
|
|
3380
|
-
|
|
3381
|
-
|
|
3398
|
+
sudoExec4(`kill -9 ${pid}`);
|
|
3399
|
+
}
|
|
3400
|
+
const exited = waitForProcessExit(pid);
|
|
3401
|
+
if (!exited) {
|
|
3402
|
+
sudoExec4(`kill -9 ${pid}`);
|
|
3403
|
+
waitForProcessExit(pid, 2e3);
|
|
3382
3404
|
}
|
|
3405
|
+
return {
|
|
3406
|
+
step: "stop-daemon",
|
|
3407
|
+
success: true,
|
|
3408
|
+
message: `Daemon stopped (PID ${pid})`
|
|
3409
|
+
};
|
|
3383
3410
|
}
|
|
3384
3411
|
return {
|
|
3385
3412
|
step: "stop-daemon",
|
|
@@ -3396,8 +3423,8 @@ function stopBrokerDaemon() {
|
|
|
3396
3423
|
message: "Broker daemon not installed (plist not found)"
|
|
3397
3424
|
};
|
|
3398
3425
|
}
|
|
3399
|
-
sudoExec4(`launchctl unload "${plistPath}"`);
|
|
3400
3426
|
sudoExec4(`rm -f "${plistPath}"`);
|
|
3427
|
+
sudoExec4(`launchctl unload "${plistPath}" 2>/dev/null || true`);
|
|
3401
3428
|
return {
|
|
3402
3429
|
step: "stop-broker",
|
|
3403
3430
|
success: true,
|
|
@@ -3688,6 +3715,14 @@ function discoverSocketGroups() {
|
|
|
3688
3715
|
return [];
|
|
3689
3716
|
}
|
|
3690
3717
|
}
|
|
3718
|
+
function isDaemonPresent() {
|
|
3719
|
+
if (fs7.existsSync("/Library/LaunchDaemons/com.agenshield.daemon.plist")) return true;
|
|
3720
|
+
if (findDaemonPidByPort(DEFAULT_PORT)) return true;
|
|
3721
|
+
return false;
|
|
3722
|
+
}
|
|
3723
|
+
function isBrokerPresent() {
|
|
3724
|
+
return fs7.existsSync("/Library/LaunchDaemons/com.agenshield.broker.plist");
|
|
3725
|
+
}
|
|
3691
3726
|
function forceUninstall(onProgress) {
|
|
3692
3727
|
const steps = [];
|
|
3693
3728
|
const runStep = (fn) => {
|
|
@@ -3696,8 +3731,18 @@ function forceUninstall(onProgress) {
|
|
|
3696
3731
|
onProgress?.(result);
|
|
3697
3732
|
return result.success;
|
|
3698
3733
|
};
|
|
3699
|
-
|
|
3700
|
-
|
|
3734
|
+
const MAX_ATTEMPTS = 5;
|
|
3735
|
+
for (let attempt = 0; attempt < MAX_ATTEMPTS; attempt++) {
|
|
3736
|
+
const daemonUp = isDaemonPresent();
|
|
3737
|
+
const brokerUp = isBrokerPresent();
|
|
3738
|
+
if (!daemonUp && !brokerUp) break;
|
|
3739
|
+
if (daemonUp) runStep(() => stopDaemon());
|
|
3740
|
+
if (brokerUp) runStep(() => stopBrokerDaemon());
|
|
3741
|
+
try {
|
|
3742
|
+
execSync6("sleep 1", { encoding: "utf-8" });
|
|
3743
|
+
} catch {
|
|
3744
|
+
}
|
|
3745
|
+
}
|
|
3701
3746
|
const sandboxUsers = discoverSandboxUsers();
|
|
3702
3747
|
for (const username of sandboxUsers) {
|
|
3703
3748
|
runStep(() => killUserProcesses(username));
|
|
@@ -4346,6 +4391,7 @@ async function installGuardedShell(userConfig, options) {
|
|
|
4346
4391
|
const shellPath = GUARDED_SHELL_PATH2;
|
|
4347
4392
|
try {
|
|
4348
4393
|
log(`Installing guarded shell launcher to ${shellPath}`);
|
|
4394
|
+
await execAsync4(`sudo mkdir -p "${path6.dirname(shellPath)}"`);
|
|
4349
4395
|
await execAsync4(`sudo tee "${shellPath}" > /dev/null << 'GUARDEDEOF'
|
|
4350
4396
|
${GUARDED_SHELL_CONTENT2}
|
|
4351
4397
|
GUARDEDEOF`);
|
|
@@ -4800,10 +4846,7 @@ function generateBrokerPlist(config, options) {
|
|
|
4800
4846
|
<true/>
|
|
4801
4847
|
|
|
4802
4848
|
<key>KeepAlive</key>
|
|
4803
|
-
<
|
|
4804
|
-
<key>SuccessfulExit</key>
|
|
4805
|
-
<false/>
|
|
4806
|
-
</dict>
|
|
4849
|
+
<true/>
|
|
4807
4850
|
|
|
4808
4851
|
<key>ThrottleInterval</key>
|
|
4809
4852
|
<integer>10</integer>
|
|
@@ -4862,10 +4905,7 @@ function generateBrokerPlistLegacy(options) {
|
|
|
4862
4905
|
<true/>
|
|
4863
4906
|
|
|
4864
4907
|
<key>KeepAlive</key>
|
|
4865
|
-
<
|
|
4866
|
-
<key>SuccessfulExit</key>
|
|
4867
|
-
<false/>
|
|
4868
|
-
</dict>
|
|
4908
|
+
<true/>
|
|
4869
4909
|
|
|
4870
4910
|
<key>ThrottleInterval</key>
|
|
4871
4911
|
<integer>10</integer>
|
|
@@ -5040,20 +5080,27 @@ async function fixSocketPermissions(config) {
|
|
|
5040
5080
|
const socketDir = "/var/run/agenshield";
|
|
5041
5081
|
const socketPath = `${socketDir}/agenshield.sock`;
|
|
5042
5082
|
const brokerUsername = config?.brokerUser?.username || "ash_default_broker";
|
|
5083
|
+
const socketGroupName = config?.groups?.socket?.name || "ash_default";
|
|
5043
5084
|
try {
|
|
5044
5085
|
await execAsync5(`sudo chmod 775 "${socketDir}"`);
|
|
5045
|
-
let
|
|
5046
|
-
|
|
5086
|
+
let socketFound = false;
|
|
5087
|
+
for (let attempt = 0; attempt < 20; attempt++) {
|
|
5047
5088
|
try {
|
|
5048
5089
|
await fs10.access(socketPath);
|
|
5090
|
+
socketFound = true;
|
|
5049
5091
|
break;
|
|
5050
5092
|
} catch {
|
|
5051
5093
|
await new Promise((resolve6) => setTimeout(resolve6, 500));
|
|
5052
|
-
attempts++;
|
|
5053
5094
|
}
|
|
5054
5095
|
}
|
|
5096
|
+
if (!socketFound) {
|
|
5097
|
+
return {
|
|
5098
|
+
success: false,
|
|
5099
|
+
message: "Broker socket not created after 10s \u2014 check /var/log/agenshield/broker.error.log"
|
|
5100
|
+
};
|
|
5101
|
+
}
|
|
5055
5102
|
await execAsync5(`sudo chmod 660 "${socketPath}"`);
|
|
5056
|
-
await execAsync5(`sudo chown ${brokerUsername}
|
|
5103
|
+
await execAsync5(`sudo chown ${brokerUsername}:${socketGroupName} "${socketPath}"`);
|
|
5057
5104
|
return {
|
|
5058
5105
|
success: true,
|
|
5059
5106
|
message: "Socket permissions configured"
|
package/launchdaemon.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"launchdaemon.d.ts","sourceRoot":"","sources":["../src/launchdaemon.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAWH;;GAEG;AACH,wBAAgB,mBAAmB,CACjC,MAAM,EAAE,OAAO,iBAAiB,EAAE,UAAU,EAC5C,OAAO,CAAC,EAAE;IACR,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB,GACA,MAAM,
|
|
1
|
+
{"version":3,"file":"launchdaemon.d.ts","sourceRoot":"","sources":["../src/launchdaemon.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAWH;;GAEG;AACH,wBAAgB,mBAAmB,CACjC,MAAM,EAAE,OAAO,iBAAiB,EAAE,UAAU,EAC5C,OAAO,CAAC,EAAE;IACR,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB,GACA,MAAM,CA+DR;AAED;;GAEG;AACH,wBAAgB,yBAAyB,CAAC,OAAO,CAAC,EAAE;IAClD,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB,GAAG,MAAM,CA2DT;AAED,MAAM,WAAW,YAAY;IAC3B,OAAO,EAAE,OAAO,CAAC;IACjB,OAAO,EAAE,MAAM,CAAC;IAChB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,MAAM,CAAC,EAAE,OAAO,CAAC;IACjB,KAAK,CAAC,EAAE,KAAK,CAAC;CACf;AAED;;GAEG;AACH,wBAAsB,mBAAmB,CAAC,YAAY,EAAE,MAAM,GAAG,OAAO,CAAC,YAAY,CAAC,CAAC;AACvF;;GAEG;AACH,wBAAsB,mBAAmB,CAAC,OAAO,CAAC,EAAE;IAClD,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB,GAAG,OAAO,CAAC,YAAY,CAAC,CAAC;AA+C1B;;GAEG;AACH,wBAAsB,gBAAgB,IAAI,OAAO,CAAC,YAAY,CAAC,CAe9D;AAED;;GAEG;AACH,wBAAsB,kBAAkB,IAAI,OAAO,CAAC,YAAY,CAAC,CAuBhE;AAED;;GAEG;AACH,wBAAsB,qBAAqB,IAAI,OAAO,CAAC,YAAY,CAAC,CAmBnE;AAED;;GAEG;AACH,wBAAsB,eAAe,IAAI,OAAO,CAAC,OAAO,CAAC,CAOxD;AAED;;GAEG;AACH,wBAAsB,eAAe,IAAI,OAAO,CAAC;IAC/C,SAAS,EAAE,OAAO,CAAC;IACnB,OAAO,EAAE,OAAO,CAAC;IACjB,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,cAAc,CAAC,EAAE,MAAM,CAAC;CACzB,CAAC,CA6CD;AAED;;GAEG;AACH,wBAAsB,aAAa,IAAI,OAAO,CAAC,YAAY,CAAC,CAgB3D;AAED;;;GAGG;AACH,wBAAsB,oBAAoB,CAAC,MAAM,CAAC,EAAE,OAAO,iBAAiB,EAAE,UAAU,GAAG,OAAO,CAAC,YAAY,CAAC,CA8C/G"}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@agenshield/sandbox",
|
|
3
|
-
"version": "0.4.
|
|
3
|
+
"version": "0.4.4",
|
|
4
4
|
"type": "module",
|
|
5
5
|
"description": "User isolation and sandboxing utilities for AgenShield",
|
|
6
6
|
"main": "./index.js",
|
|
@@ -15,7 +15,7 @@
|
|
|
15
15
|
},
|
|
16
16
|
"license": "MIT",
|
|
17
17
|
"dependencies": {
|
|
18
|
-
"@agenshield/skills": "0.4.
|
|
18
|
+
"@agenshield/skills": "0.4.4",
|
|
19
19
|
"yaml": "^2.7.1"
|
|
20
20
|
},
|
|
21
21
|
"devDependencies": {
|
package/restore.d.ts
CHANGED
|
@@ -30,9 +30,5 @@ export declare function canUninstall(): {
|
|
|
30
30
|
backup: InstallationBackup | null;
|
|
31
31
|
error?: string;
|
|
32
32
|
};
|
|
33
|
-
/**
|
|
34
|
-
* Force uninstall without a backup
|
|
35
|
-
* Used when no backup exists but user wants to clean up AgenShield artifacts
|
|
36
|
-
*/
|
|
37
33
|
export declare function forceUninstall(onProgress?: (progress: RestoreProgress) => void): RestoreResult;
|
|
38
34
|
//# sourceMappingURL=restore.d.ts.map
|
package/restore.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"restore.d.ts","sourceRoot":"","sources":["../src/restore.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAKH,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,iBAAiB,CAAC;AAmB1D,MAAM,MAAM,WAAW,GACnB,UAAU,GACV,aAAa,GACb,aAAa,GACb,gBAAgB,GAChB,gBAAgB,GAChB,iBAAiB,GACjB,aAAa,GACb,cAAc,GACd,SAAS,GACT,QAAQ,CAAC;AAEb,MAAM,WAAW,eAAe;IAC9B,IAAI,EAAE,WAAW,CAAC;IAClB,OAAO,EAAE,OAAO,CAAC;IACjB,OAAO,EAAE,MAAM,CAAC;IAChB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED,MAAM,WAAW,aAAa;IAC5B,OAAO,EAAE,OAAO,CAAC;IACjB,KAAK,EAAE,eAAe,EAAE,CAAC;IACzB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;
|
|
1
|
+
{"version":3,"file":"restore.d.ts","sourceRoot":"","sources":["../src/restore.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAKH,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,iBAAiB,CAAC;AAmB1D,MAAM,MAAM,WAAW,GACnB,UAAU,GACV,aAAa,GACb,aAAa,GACb,gBAAgB,GAChB,gBAAgB,GAChB,iBAAiB,GACjB,aAAa,GACb,cAAc,GACd,SAAS,GACT,QAAQ,CAAC;AAEb,MAAM,WAAW,eAAe;IAC9B,IAAI,EAAE,WAAW,CAAC;IAClB,OAAO,EAAE,OAAO,CAAC;IACjB,OAAO,EAAE,MAAM,CAAC;IAChB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED,MAAM,WAAW,aAAa;IAC5B,OAAO,EAAE,OAAO,CAAC;IACjB,KAAK,EAAE,eAAe,EAAE,CAAC;IACzB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AA2XD;;GAEG;AACH,wBAAgB,mBAAmB,CACjC,MAAM,EAAE,kBAAkB,EAC1B,UAAU,CAAC,EAAE,CAAC,QAAQ,EAAE,eAAe,KAAK,IAAI,GAC/C,aAAa,CA+Ef;AAED;;GAEG;AACH,wBAAgB,YAAY,IAAI;IAC9B,YAAY,EAAE,OAAO,CAAC;IACtB,MAAM,EAAE,OAAO,CAAC;IAChB,SAAS,EAAE,OAAO,CAAC;IACnB,MAAM,EAAE,kBAAkB,GAAG,IAAI,CAAC;IAClC,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB,CA+BA;AAuDD,wBAAgB,cAAc,CAC5B,UAAU,CAAC,EAAE,CAAC,QAAQ,EAAE,eAAe,KAAK,IAAI,GAC/C,aAAa,CAuHf"}
|
package/wrappers.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"wrappers.d.ts","sourceRoot":"","sources":["../src/wrappers.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAQH,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,iBAAiB,CAAC;AAOlD;;GAEG;AACH,MAAM,WAAW,iBAAiB;IAChC,WAAW,EAAE,MAAM,CAAC;IACpB,qDAAqD;IACrD,YAAY,CAAC,EAAE,OAAO,CAAC;IACvB,oDAAoD;IACpD,eAAe,CAAC,EAAE,OAAO,CAAC;IAC1B,qCAAqC;IACrC,QAAQ,EAAE,CAAC,MAAM,EAAE,aAAa,KAAK,MAAM,CAAC;CAC7C;AAED;;GAEG;AACH,MAAM,WAAW,aAAa;IAC5B,2BAA2B;IAC3B,SAAS,EAAE,MAAM,CAAC;IAClB,qBAAqB;IACrB,aAAa,EAAE,MAAM,CAAC;IACtB,kBAAkB;IAClB,UAAU,EAAE,MAAM,CAAC;IACnB,yBAAyB;IACzB,QAAQ,EAAE,MAAM,CAAC;IACjB,iCAAiC;IACjC,eAAe,EAAE,MAAM,CAAC;IACxB,mEAAmE;IACnE,eAAe,EAAE,MAAM,CAAC;IACxB,gCAAgC;IAChC,WAAW,EAAE,MAAM,CAAC;IACpB,gCAAgC;IAChC,UAAU,EAAE,MAAM,CAAC;IACnB,iCAAiC;IACjC,QAAQ,EAAE,MAAM,CAAC;IACjB,6BAA6B;IAC7B,OAAO,EAAE,MAAM,CAAC;IAChB,8BAA8B;IAC9B,QAAQ,EAAE,MAAM,CAAC;CAClB;AAED;;GAEG;AACH,wBAAgB,uBAAuB,CAAC,UAAU,CAAC,EAAE,UAAU,GAAG,aAAa,CAe9E;AAED;;GAEG;AACH,eAAO,MAAM,mBAAmB,EAAE,MAAM,CAAC,MAAM,EAAE,iBAAiB,CAgWjE,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,QAAQ,EAQhB,MAAM,CAAC,MAAM,EAAE;IAAE,WAAW,EAAE,MAAM,CAAC;IAAC,OAAO,EAAE,MAAM,CAAA;CAAE,CAAC,CAAC;AAE9D,MAAM,WAAW,aAAa;IAC5B,OAAO,EAAE,OAAO,CAAC;IACjB,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;IAChB,KAAK,CAAC,EAAE,KAAK,CAAC;CACf;AAED;;GAEG;AACH,wBAAgB,sBAAsB,CACpC,IAAI,EAAE,MAAM,EACZ,MAAM,CAAC,EAAE,aAAa,GACrB,MAAM,GAAG,IAAI,CAMf;AAED;;GAEG;AACH,wBAAsB,cAAc,CAClC,IAAI,EAAE,MAAM,EACZ,OAAO,EAAE,MAAM,EACf,SAAS,EAAE,MAAM,GAChB,OAAO,CAAC,aAAa,CAAC,CAsBxB;AAED;;GAEG;AACH,wBAAsB,sBAAsB,CAC1C,IAAI,EAAE,MAAM,EACZ,OAAO,EAAE,MAAM,EACf,SAAS,EAAE,MAAM,EACjB,KAAK,CAAC,EAAE,MAAM,EACd,KAAK,CAAC,EAAE,MAAM,GACb,OAAO,CAAC,aAAa,CAAC,CA6BxB;AAED;;GAEG;AACH,wBAAsB,eAAe,CACnC,SAAS,GAAE,MAAsC,EACjD,MAAM,CAAC,EAAE,aAAa,GACrB,OAAO,CAAC,aAAa,EAAE,CAAC,CA2B1B;AAED;;GAEG;AACH,wBAAsB,uBAAuB,CAC3C,KAAK,EAAE,MAAM,EAAE,EACf,SAAS,EAAE,MAAM,EACjB,MAAM,CAAC,EAAE,aAAa,GACrB,OAAO,CAAC,aAAa,EAAE,CAAC,CAsC1B;AAED;;GAEG;AACH,wBAAsB,gBAAgB,CACpC,IAAI,EAAE,MAAM,EACZ,SAAS,EAAE,MAAM,GAChB,OAAO,CAAC,aAAa,CAAC,CA8BxB;AAED;;GAEG;AACH,wBAAsB,iBAAiB,CACrC,SAAS,GAAE,MAAsC,GAChD,OAAO,CAAC,aAAa,EAAE,CAAC,CAS1B;AAED;;GAEG;AACH,wBAAsB,cAAc,CAClC,SAAS,GAAE,MAAsC,GAChD,OAAO,CAAC;IACT,KAAK,EAAE,OAAO,CAAC;IACf,SAAS,EAAE,MAAM,EAAE,CAAC;IACpB,OAAO,EAAE,MAAM,EAAE,CAAC;CACnB,CAAC,CAmBD;AAED;;;;;GAKG;AACH,wBAAsB,kBAAkB,CACtC,UAAU,EAAE,UAAU,EACtB,WAAW,EAAE;IAAE,MAAM,EAAE,MAAM,CAAC;IAAC,WAAW,EAAE,MAAM,CAAA;CAAE,GACnD,OAAO,CAAC;IACT,OAAO,EAAE,OAAO,CAAC;IACjB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,SAAS,CAAC,EAAE,MAAM,EAAE,CAAC;CACtB,CAAC,CAkBD;AAED;;GAEG;AACH,MAAM,WAAW,cAAc;IAC7B,OAAO,CAAC,EAAE,OAAO,CAAC;CACnB;AAED;;GAEG;AACH,wBAAsB,mBAAmB,CACvC,UAAU,CAAC,EAAE,UAAU,EACvB,OAAO,CAAC,EAAE,cAAc,GACvB,OAAO,CAAC,aAAa,CAAC,
|
|
1
|
+
{"version":3,"file":"wrappers.d.ts","sourceRoot":"","sources":["../src/wrappers.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAQH,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,iBAAiB,CAAC;AAOlD;;GAEG;AACH,MAAM,WAAW,iBAAiB;IAChC,WAAW,EAAE,MAAM,CAAC;IACpB,qDAAqD;IACrD,YAAY,CAAC,EAAE,OAAO,CAAC;IACvB,oDAAoD;IACpD,eAAe,CAAC,EAAE,OAAO,CAAC;IAC1B,qCAAqC;IACrC,QAAQ,EAAE,CAAC,MAAM,EAAE,aAAa,KAAK,MAAM,CAAC;CAC7C;AAED;;GAEG;AACH,MAAM,WAAW,aAAa;IAC5B,2BAA2B;IAC3B,SAAS,EAAE,MAAM,CAAC;IAClB,qBAAqB;IACrB,aAAa,EAAE,MAAM,CAAC;IACtB,kBAAkB;IAClB,UAAU,EAAE,MAAM,CAAC;IACnB,yBAAyB;IACzB,QAAQ,EAAE,MAAM,CAAC;IACjB,iCAAiC;IACjC,eAAe,EAAE,MAAM,CAAC;IACxB,mEAAmE;IACnE,eAAe,EAAE,MAAM,CAAC;IACxB,gCAAgC;IAChC,WAAW,EAAE,MAAM,CAAC;IACpB,gCAAgC;IAChC,UAAU,EAAE,MAAM,CAAC;IACnB,iCAAiC;IACjC,QAAQ,EAAE,MAAM,CAAC;IACjB,6BAA6B;IAC7B,OAAO,EAAE,MAAM,CAAC;IAChB,8BAA8B;IAC9B,QAAQ,EAAE,MAAM,CAAC;CAClB;AAED;;GAEG;AACH,wBAAgB,uBAAuB,CAAC,UAAU,CAAC,EAAE,UAAU,GAAG,aAAa,CAe9E;AAED;;GAEG;AACH,eAAO,MAAM,mBAAmB,EAAE,MAAM,CAAC,MAAM,EAAE,iBAAiB,CAgWjE,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,QAAQ,EAQhB,MAAM,CAAC,MAAM,EAAE;IAAE,WAAW,EAAE,MAAM,CAAC;IAAC,OAAO,EAAE,MAAM,CAAA;CAAE,CAAC,CAAC;AAE9D,MAAM,WAAW,aAAa;IAC5B,OAAO,EAAE,OAAO,CAAC;IACjB,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;IAChB,KAAK,CAAC,EAAE,KAAK,CAAC;CACf;AAED;;GAEG;AACH,wBAAgB,sBAAsB,CACpC,IAAI,EAAE,MAAM,EACZ,MAAM,CAAC,EAAE,aAAa,GACrB,MAAM,GAAG,IAAI,CAMf;AAED;;GAEG;AACH,wBAAsB,cAAc,CAClC,IAAI,EAAE,MAAM,EACZ,OAAO,EAAE,MAAM,EACf,SAAS,EAAE,MAAM,GAChB,OAAO,CAAC,aAAa,CAAC,CAsBxB;AAED;;GAEG;AACH,wBAAsB,sBAAsB,CAC1C,IAAI,EAAE,MAAM,EACZ,OAAO,EAAE,MAAM,EACf,SAAS,EAAE,MAAM,EACjB,KAAK,CAAC,EAAE,MAAM,EACd,KAAK,CAAC,EAAE,MAAM,GACb,OAAO,CAAC,aAAa,CAAC,CA6BxB;AAED;;GAEG;AACH,wBAAsB,eAAe,CACnC,SAAS,GAAE,MAAsC,EACjD,MAAM,CAAC,EAAE,aAAa,GACrB,OAAO,CAAC,aAAa,EAAE,CAAC,CA2B1B;AAED;;GAEG;AACH,wBAAsB,uBAAuB,CAC3C,KAAK,EAAE,MAAM,EAAE,EACf,SAAS,EAAE,MAAM,EACjB,MAAM,CAAC,EAAE,aAAa,GACrB,OAAO,CAAC,aAAa,EAAE,CAAC,CAsC1B;AAED;;GAEG;AACH,wBAAsB,gBAAgB,CACpC,IAAI,EAAE,MAAM,EACZ,SAAS,EAAE,MAAM,GAChB,OAAO,CAAC,aAAa,CAAC,CA8BxB;AAED;;GAEG;AACH,wBAAsB,iBAAiB,CACrC,SAAS,GAAE,MAAsC,GAChD,OAAO,CAAC,aAAa,EAAE,CAAC,CAS1B;AAED;;GAEG;AACH,wBAAsB,cAAc,CAClC,SAAS,GAAE,MAAsC,GAChD,OAAO,CAAC;IACT,KAAK,EAAE,OAAO,CAAC;IACf,SAAS,EAAE,MAAM,EAAE,CAAC;IACpB,OAAO,EAAE,MAAM,EAAE,CAAC;CACnB,CAAC,CAmBD;AAED;;;;;GAKG;AACH,wBAAsB,kBAAkB,CACtC,UAAU,EAAE,UAAU,EACtB,WAAW,EAAE;IAAE,MAAM,EAAE,MAAM,CAAC;IAAC,WAAW,EAAE,MAAM,CAAA;CAAE,GACnD,OAAO,CAAC;IACT,OAAO,EAAE,OAAO,CAAC;IACjB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,SAAS,CAAC,EAAE,MAAM,EAAE,CAAC;CACtB,CAAC,CAkBD;AAED;;GAEG;AACH,MAAM,WAAW,cAAc;IAC7B,OAAO,CAAC,EAAE,OAAO,CAAC;CACnB;AAED;;GAEG;AACH,wBAAsB,mBAAmB,CACvC,UAAU,CAAC,EAAE,UAAU,EACvB,OAAO,CAAC,EAAE,cAAc,GACvB,OAAO,CAAC,aAAa,CAAC,CAiExB;AAED;;;;;;GAMG;AACH,wBAAsB,iBAAiB,CACrC,UAAU,EAAE,UAAU,EACtB,MAAM,EAAE,MAAM,GACb,OAAO,CAAC;IACT,OAAO,EAAE,OAAO,CAAC;IACjB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,SAAS,CAAC,EAAE,MAAM,EAAE,CAAC;CACtB,CAAC,CA+FD;AAED;;GAEG;AACH,wBAAgB,oBAAoB,IAAI,MAAM,EAAE,CAE/C;AAED;;GAEG;AACH,wBAAgB,oBAAoB,CAAC,IAAI,EAAE,MAAM,GAAG,iBAAiB,GAAG,IAAI,CAE3E;AAED;;GAEG;AACH,wBAAgB,mBAAmB,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAGzD;AAED;;GAEG;AACH,wBAAgB,sBAAsB,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAG5D;AAED;;GAEG;AACH,wBAAsB,iBAAiB,CACrC,IAAI,EAAE,MAAM,EACZ,OAAO,EAAE,MAAM,EACf,SAAS,EAAE,MAAM,EACjB,OAAO,GAAE,OAAe,EACxB,KAAK,CAAC,EAAE,MAAM,EACd,KAAK,CAAC,EAAE,MAAM,GACb,OAAO,CAAC,aAAa,CAAC,CAKxB;AAED;;GAEG;AACH,wBAAsB,oBAAoB,CACxC,IAAI,EAAE,MAAM,EACZ,SAAS,EAAE,MAAM,EACjB,OAAO,GAAE,OAAe,GACvB,OAAO,CAAC,aAAa,CAAC,CAkCxB;AAED;;GAEG;AACH,wBAAsB,aAAa,CACjC,IAAI,EAAE,MAAM,EACZ,SAAS,EAAE,MAAM,EACjB,MAAM,CAAC,EAAE,aAAa,EACtB,OAAO,GAAE,OAAe,GACvB,OAAO,CAAC,aAAa,CAAC,CAiBxB;AAED;;;;;;GAMG;AACH,wBAAsB,iBAAiB,CACrC,UAAU,CAAC,EAAE,UAAU,GACtB,OAAO,CAAC,aAAa,CAAC,CAkCxB;AAED;;;GAGG;AACH,wBAAsB,gBAAgB,CACpC,UAAU,CAAC,EAAE,UAAU,GACtB,OAAO,CAAC,aAAa,CAAC,CA0CxB;AAED;;;GAGG;AACH,wBAAsB,cAAc,CAClC,UAAU,CAAC,EAAE,UAAU,GACtB,OAAO,CAAC,aAAa,CAAC,CA8BxB;AAED,MAAM,WAAW,mBAAmB;IAClC,OAAO,EAAE,OAAO,CAAC;IACjB,iBAAiB,EAAE,MAAM,EAAE,CAAC;IAC5B,MAAM,EAAE,MAAM,EAAE,CAAC;IACjB,iBAAiB,EAAE,OAAO,CAAC;CAC5B;AAED;;GAEG;AACH,eAAO,MAAM,qBAAqB,UAMjC,CAAC;AAEF;;GAEG;AACH,wBAAsB,oBAAoB,CACxC,MAAM,EAAE,MAAM,EACd,OAAO,CAAC,EAAE;IAAE,OAAO,CAAC,EAAE,OAAO,CAAA;CAAE,GAC9B,OAAO,CAAC;IAAE,OAAO,EAAE,OAAO,CAAC;IAAC,SAAS,EAAE,MAAM,EAAE,CAAC;IAAC,MAAM,EAAE,MAAM,EAAE,CAAA;CAAE,CAAC,CA+BtE;AAED;;GAEG;AACH,wBAAsB,qBAAqB,CAAC,OAAO,EAAE;IACnD,YAAY,EAAE,MAAM,EAAE,CAAC;IACvB,UAAU,EAAE,UAAU,CAAC;IACvB,MAAM,EAAE,MAAM,CAAC;IACf,eAAe,EAAE,MAAM,CAAC;IACxB,OAAO,CAAC,EAAE,OAAO,CAAC;CACnB,GAAG,OAAO,CAAC,mBAAmB,CAAC,CAyF/B"}
|