@agenshield/sandbox 0.4.4 → 0.5.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/guarded-shell.d.ts +2 -2
- package/guarded-shell.d.ts.map +1 -1
- package/index.js +18 -5
- package/launchdaemon.d.ts.map +1 -1
- package/macos.d.ts.map +1 -1
- package/package.json +2 -2
- package/shield-exec.d.ts +1 -1
- package/shield-exec.d.ts.map +1 -1
- package/wrappers.d.ts.map +1 -1
package/guarded-shell.d.ts
CHANGED
|
@@ -25,10 +25,10 @@ export declare const GUARDED_SHELL_CONTENT = "#!/bin/zsh\n# guarded-shell: launc
|
|
|
25
25
|
* ZDOTDIR .zshenv — runs after /etc/zshenv (which calls path_helper on macOS).
|
|
26
26
|
* Overrides PATH to only include $HOME/bin.
|
|
27
27
|
*/
|
|
28
|
-
export declare const ZDOT_ZSHENV_CONTENT = "# AgenShield restricted .zshenv\n# Runs AFTER /etc/zshenv \u2014 overrides path_helper's full system PATH.\n\n# ALWAYS set HOME based on actual user, never inherit\nexport HOME=\"/Users/$(id -un)\"\nexport HISTFILE=\"$HOME/.zsh_history\"\n\n# Suppress locale to prevent /etc/zshrc from calling locale command\nexport LC_ALL=C LANG=C\n\nexport PATH=\"$HOME/bin\"\nexport SHELL=\"/usr/local/bin/guarded-shell\"\n\n# Clear any leftover env tricks\nunset DYLD_LIBRARY_PATH DYLD_FALLBACK_LIBRARY_PATH DYLD_INSERT_LIBRARIES\nunset PYTHONPATH NODE_PATH RUBYLIB PERL5LIB\nunset SSH_ASKPASS LD_PRELOAD\n";
|
|
28
|
+
export declare const ZDOT_ZSHENV_CONTENT = "# AgenShield restricted .zshenv\n# Runs AFTER /etc/zshenv \u2014 overrides path_helper's full system PATH.\n\n# ALWAYS set HOME based on actual user, never inherit\nexport HOME=\"/Users/$(id -un)\"\nexport HISTFILE=\"$HOME/.zsh_history\"\n\n# Suppress locale to prevent /etc/zshrc from calling locale command\nexport LC_ALL=C LANG=C\n\nexport PATH=\"$HOME/bin\"\nexport SHELL=\"/usr/local/bin/guarded-shell\"\n\n# Clear any leftover env tricks\nunset DYLD_LIBRARY_PATH DYLD_FALLBACK_LIBRARY_PATH DYLD_INSERT_LIBRARIES\nunset PYTHONPATH NODE_PATH RUBYLIB PERL5LIB\nunset SSH_ASKPASS LD_PRELOAD\n\n# Skip system rc files (/etc/zprofile, /etc/zshrc, /etc/zlogin)\n# They may call commands not in our restricted PATH (e.g. locale).\n# ZDOTDIR files (.zshrc) are still read.\nsetopt NO_GLOBAL_RCS\n";
|
|
29
29
|
/**
|
|
30
30
|
* ZDOTDIR .zshrc — interactive shell restrictions.
|
|
31
31
|
* Applies RESTRICTED mode, locks variables, disables builtins, installs hooks.
|
|
32
32
|
*/
|
|
33
|
-
export declare const ZDOT_ZSHRC_CONTENT = "# AgenShield restricted .zshrc\n# Applied to every interactive shell for the agent user.\n\nemulate -LR zsh\n\n# Re-set HISTFILE (safety: ensure it points to agent's home, not ZDOTDIR)\nHISTFILE=\"$HOME/.zsh_history\"\n\n# ---- Shell options ----\n# Note: NOT using setopt RESTRICTED as it disables cd entirely.\n# Instead we use preexec hooks and builtin disable for enforcement.\nsetopt NO_CASE_GLOB\nsetopt NO_BEEP\n\n# ---- Lock critical variables (readonly) ----\ntypeset -r PATH HOME SHELL HISTFILE\n\n# ---- Enforcement helpers ----\ndeny() {\n print -r -- \"Denied by policy\"\n return 126\n}\n\nis_allowed_cmd() {\n local cmd=\"$1\"\n\n # Allow zsh reserved words (if, for, while, [[, case, etc.)\n [[ \"$(whence -w \"$cmd\" 2>/dev/null)\" == *\": reserved\" ]] && return 0\n\n # Allow shell builtins we explicitly permit\n case \"$cmd\" in\n cd|pwd|echo|printf|test|true|false|exit|return|break|continue|shift|set|unset|export|typeset|local|declare|readonly|let|read|print|pushd|popd|dirs|jobs|fg|bg|kill|wait|times|ulimit|umask|history|fc|type|whence|which|where|rehash)\n return 0\n ;;\n esac\n\n # Deny path execution outright\n [[ \"$cmd\" == */* ]] && return 1\n\n # Resolve command path\n local resolved\n resolved=\"$(whence -p -- \"$cmd\" 2>/dev/null)\" || return 1\n\n # Must live under HOME/bin exactly\n [[ \"$resolved\" == \"$HOME/bin/\"* ]] && return 0\n return 1\n}\n\n# ---- Block dangerous builtins ----\ndisable -r builtin command exec eval hash nohup setopt source unfunction functions alias unalias 2>/dev/null || true\n\n# ---- Intercept every interactive command before execution ----\npreexec() {\n local line=\"$1\"\n local cmd=\"${line%%[[:space:]]*}\"\n\n # Empty / whitespace lines\n [[ -z \"$cmd\" ]] && return 0\n\n # Deny anything with slash in the command token (direct path execution)\n [[ \"$cmd\" == */* ]] && { print -r -- \"Denied: direct path execution\"; kill -KILL $$; }\n\n # Deny anything not allowed\n if ! is_allowed_cmd \"$cmd\"; then\n print -r -- \"Denied: $cmd (not in $HOME/bin)\"\n kill -KILL $$\n fi\n}\n\n# ---- Also intercept non-interactive \\`zsh -c\\` cases ----\ntypeset -gi __ash_guard=0\n\nTRAPDEBUG() {\n # Prevent recursion when our own checks invoke whence/is_allowed_cmd\n (( __ash_guard )) && return 0\n\n local line=\"${ZSH_DEBUG_CMD:-$1}\"\n local cmd=\"${line%%[[:space:]]*}\"\n [[ -z \"$cmd\" ]] && return 0\n\n # Skip variable assignments (e.g. resolved=\"$(whence ...)\")\n [[ \"$cmd\" == *=* ]] && return 0\n\n # Skip zsh reserved words ([[, if, for, while, case, etc.)\n __ash_guard=1\n [[ \"$(whence -w \"$cmd\" 2>/dev/null)\" == *\": reserved\" ]] && { __ash_guard=0; return 0; }\n\n [[ \"$cmd\" == */* ]] && { __ash_guard=0; print -r -- \"Denied: direct path execution\"; return 126; }\n is_allowed_cmd \"$cmd\" || { __ash_guard=0; print -r -- \"Denied: $cmd\"; return 126; }\n __ash_guard=0\n return 0\n}\n\n# ---- Ensure accessible working directory ----\ncd \"$HOME\" 2>/dev/null || cd /\n";
|
|
33
|
+
export declare const ZDOT_ZSHRC_CONTENT = "# AgenShield restricted .zshrc\n# Applied to every interactive shell for the agent user.\n\nemulate -LR zsh\n\n# Re-set HISTFILE (safety: ensure it points to agent's home, not ZDOTDIR)\nHISTFILE=\"$HOME/.zsh_history\"\n\n# Re-set PATH (only ~/bin \u2014 override anything that may have been added)\nPATH=\"$HOME/bin\"\n\n# ---- Shell options ----\n# Note: NOT using setopt RESTRICTED as it disables cd entirely.\n# Instead we use preexec hooks and builtin disable for enforcement.\nsetopt NO_CASE_GLOB\nsetopt NO_BEEP\n\n# ---- Lock critical variables (readonly) ----\ntypeset -r PATH HOME SHELL HISTFILE\n\n# ---- Enforcement helpers ----\ndeny() {\n print -r -- \"Denied by policy\"\n return 126\n}\n\nis_allowed_cmd() {\n local cmd=\"$1\"\n\n # Allow zsh reserved words (if, for, while, [[, case, etc.)\n [[ \"$(whence -w \"$cmd\" 2>/dev/null)\" == *\": reserved\" ]] && return 0\n\n # Allow shell builtins we explicitly permit\n case \"$cmd\" in\n cd|pwd|echo|printf|test|true|false|exit|return|break|continue|shift|set|unset|export|typeset|local|declare|readonly|let|read|print|pushd|popd|dirs|jobs|fg|bg|kill|wait|times|ulimit|umask|history|fc|type|whence|which|where|rehash)\n return 0\n ;;\n esac\n\n # Deny path execution outright\n [[ \"$cmd\" == */* ]] && return 1\n\n # Resolve command path\n local resolved\n resolved=\"$(whence -p -- \"$cmd\" 2>/dev/null)\" || return 1\n\n # Must live under HOME/bin exactly\n [[ \"$resolved\" == \"$HOME/bin/\"* ]] && return 0\n return 1\n}\n\n# ---- Block dangerous builtins ----\ndisable -r builtin command exec eval hash nohup setopt source unfunction functions alias unalias 2>/dev/null || true\n\n# ---- Intercept every interactive command before execution ----\npreexec() {\n local line=\"$1\"\n local cmd=\"${line%%[[:space:]]*}\"\n\n # Empty / whitespace lines\n [[ -z \"$cmd\" ]] && return 0\n\n # Deny anything with slash in the command token (direct path execution)\n [[ \"$cmd\" == */* ]] && { print -r -- \"Denied: direct path execution\"; kill -KILL $$; }\n\n # Deny anything not allowed\n if ! is_allowed_cmd \"$cmd\"; then\n print -r -- \"Denied: $cmd (not in $HOME/bin)\"\n kill -KILL $$\n fi\n}\n\n# ---- Also intercept non-interactive \\`zsh -c\\` cases ----\ntypeset -gi __ash_guard=0\n\nTRAPDEBUG() {\n # Prevent recursion when our own checks invoke whence/is_allowed_cmd\n (( __ash_guard )) && return 0\n\n local line=\"${ZSH_DEBUG_CMD:-$1}\"\n local cmd=\"${line%%[[:space:]]*}\"\n [[ -z \"$cmd\" ]] && return 0\n\n # Skip variable assignments (e.g. resolved=\"$(whence ...)\")\n [[ \"$cmd\" == *=* ]] && return 0\n\n # Skip zsh reserved words ([[, if, for, while, case, etc.)\n __ash_guard=1\n [[ \"$(whence -w \"$cmd\" 2>/dev/null)\" == *\": reserved\" ]] && { __ash_guard=0; return 0; }\n\n [[ \"$cmd\" == */* ]] && { __ash_guard=0; print -r -- \"Denied: direct path execution\"; return 126; }\n is_allowed_cmd \"$cmd\" || { __ash_guard=0; print -r -- \"Denied: $cmd\"; return 126; }\n __ash_guard=0\n return 0\n}\n\n# ---- Ensure accessible working directory ----\ncd \"$HOME\" 2>/dev/null || cd /\n";
|
|
34
34
|
//# sourceMappingURL=guarded-shell.d.ts.map
|
package/guarded-shell.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"guarded-shell.d.ts","sourceRoot":"","sources":["../src/guarded-shell.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;AAEH,eAAO,MAAM,kBAAkB,iCAAiC,CAAC;AACjE,eAAO,MAAM,QAAQ,yBAAyB,CAAC;AAE/C;;;GAGG;AACH,eAAO,MAAM,qBAAqB,0jBAgBjC,CAAC;AAEF;;;GAGG;AACH,eAAO,MAAM,mBAAmB,
|
|
1
|
+
{"version":3,"file":"guarded-shell.d.ts","sourceRoot":"","sources":["../src/guarded-shell.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;AAEH,eAAO,MAAM,kBAAkB,iCAAiC,CAAC;AACjE,eAAO,MAAM,QAAQ,yBAAyB,CAAC;AAE/C;;;GAGG;AACH,eAAO,MAAM,qBAAqB,0jBAgBjC,CAAC;AAEF;;;GAGG;AACH,eAAO,MAAM,mBAAmB,8xBAsB/B,CAAC;AAEF;;;GAGG;AACH,eAAO,MAAM,kBAAkB,kkGAkG9B,CAAC"}
|
package/index.js
CHANGED
|
@@ -57,6 +57,11 @@ export SHELL="/usr/local/bin/guarded-shell"
|
|
|
57
57
|
unset DYLD_LIBRARY_PATH DYLD_FALLBACK_LIBRARY_PATH DYLD_INSERT_LIBRARIES
|
|
58
58
|
unset PYTHONPATH NODE_PATH RUBYLIB PERL5LIB
|
|
59
59
|
unset SSH_ASKPASS LD_PRELOAD
|
|
60
|
+
|
|
61
|
+
# Skip system rc files (/etc/zprofile, /etc/zshrc, /etc/zlogin)
|
|
62
|
+
# They may call commands not in our restricted PATH (e.g. locale).
|
|
63
|
+
# ZDOTDIR files (.zshrc) are still read.
|
|
64
|
+
setopt NO_GLOBAL_RCS
|
|
60
65
|
`;
|
|
61
66
|
ZDOT_ZSHRC_CONTENT = `# AgenShield restricted .zshrc
|
|
62
67
|
# Applied to every interactive shell for the agent user.
|
|
@@ -66,6 +71,9 @@ emulate -LR zsh
|
|
|
66
71
|
# Re-set HISTFILE (safety: ensure it points to agent's home, not ZDOTDIR)
|
|
67
72
|
HISTFILE="$HOME/.zsh_history"
|
|
68
73
|
|
|
74
|
+
# Re-set PATH (only ~/bin \u2014 override anything that may have been added)
|
|
75
|
+
PATH="$HOME/bin"
|
|
76
|
+
|
|
69
77
|
# ---- Shell options ----
|
|
70
78
|
# Note: NOT using setopt RESTRICTED as it disables cd entirely.
|
|
71
79
|
# Instead we use preexec hooks and builtin disable for enforcement.
|
|
@@ -293,10 +301,8 @@ var init_shield_exec = __esm({
|
|
|
293
301
|
});
|
|
294
302
|
}
|
|
295
303
|
SHIELD_EXEC_CONTENT = `#!/usr/bin/env node
|
|
296
|
-
|
|
297
|
-
|
|
298
|
-
const path = require('path');
|
|
299
|
-
const net = require('net');
|
|
304
|
+
import path from 'node:path';
|
|
305
|
+
import net from 'node:net';
|
|
300
306
|
|
|
301
307
|
const DEFAULT_SOCKET_PATH = '/var/run/agenshield/agenshield.sock';
|
|
302
308
|
|
|
@@ -4617,6 +4623,13 @@ async function copyBrokerBinary(userConfig) {
|
|
|
4617
4623
|
await execAsync4(`sudo cp "${srcPath}" "${targetPath}"`);
|
|
4618
4624
|
await execAsync4(`sudo chmod 755 "${targetPath}"`);
|
|
4619
4625
|
await execAsync4(`sudo chown root:${socketGroupName} "${targetPath}"`);
|
|
4626
|
+
await execAsync4(
|
|
4627
|
+
`sudo tee /opt/agenshield/package.json > /dev/null << 'PKGJSONEOF'
|
|
4628
|
+
{"type":"module"}
|
|
4629
|
+
PKGJSONEOF`
|
|
4630
|
+
);
|
|
4631
|
+
await execAsync4(`sudo chown root:wheel /opt/agenshield/package.json`);
|
|
4632
|
+
await execAsync4(`sudo chmod 644 /opt/agenshield/package.json`);
|
|
4620
4633
|
return {
|
|
4621
4634
|
success: true,
|
|
4622
4635
|
name: "agenshield-broker",
|
|
@@ -5099,7 +5112,7 @@ async function fixSocketPermissions(config) {
|
|
|
5099
5112
|
message: "Broker socket not created after 10s \u2014 check /var/log/agenshield/broker.error.log"
|
|
5100
5113
|
};
|
|
5101
5114
|
}
|
|
5102
|
-
await execAsync5(`sudo chmod
|
|
5115
|
+
await execAsync5(`sudo chmod 666 "${socketPath}"`);
|
|
5103
5116
|
await execAsync5(`sudo chown ${brokerUsername}:${socketGroupName} "${socketPath}"`);
|
|
5104
5117
|
return {
|
|
5105
5118
|
success: true,
|
package/launchdaemon.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"launchdaemon.d.ts","sourceRoot":"","sources":["../src/launchdaemon.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAWH;;GAEG;AACH,wBAAgB,mBAAmB,CACjC,MAAM,EAAE,OAAO,iBAAiB,EAAE,UAAU,EAC5C,OAAO,CAAC,EAAE;IACR,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB,GACA,MAAM,CA+DR;AAED;;GAEG;AACH,wBAAgB,yBAAyB,CAAC,OAAO,CAAC,EAAE;IAClD,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB,GAAG,MAAM,CA2DT;AAED,MAAM,WAAW,YAAY;IAC3B,OAAO,EAAE,OAAO,CAAC;IACjB,OAAO,EAAE,MAAM,CAAC;IAChB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,MAAM,CAAC,EAAE,OAAO,CAAC;IACjB,KAAK,CAAC,EAAE,KAAK,CAAC;CACf;AAED;;GAEG;AACH,wBAAsB,mBAAmB,CAAC,YAAY,EAAE,MAAM,GAAG,OAAO,CAAC,YAAY,CAAC,CAAC;AACvF;;GAEG;AACH,wBAAsB,mBAAmB,CAAC,OAAO,CAAC,EAAE;IAClD,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB,GAAG,OAAO,CAAC,YAAY,CAAC,CAAC;AA+C1B;;GAEG;AACH,wBAAsB,gBAAgB,IAAI,OAAO,CAAC,YAAY,CAAC,CAe9D;AAED;;GAEG;AACH,wBAAsB,kBAAkB,IAAI,OAAO,CAAC,YAAY,CAAC,CAuBhE;AAED;;GAEG;AACH,wBAAsB,qBAAqB,IAAI,OAAO,CAAC,YAAY,CAAC,CAmBnE;AAED;;GAEG;AACH,wBAAsB,eAAe,IAAI,OAAO,CAAC,OAAO,CAAC,CAOxD;AAED;;GAEG;AACH,wBAAsB,eAAe,IAAI,OAAO,CAAC;IAC/C,SAAS,EAAE,OAAO,CAAC;IACnB,OAAO,EAAE,OAAO,CAAC;IACjB,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,cAAc,CAAC,EAAE,MAAM,CAAC;CACzB,CAAC,CA6CD;AAED;;GAEG;AACH,wBAAsB,aAAa,IAAI,OAAO,CAAC,YAAY,CAAC,CAgB3D;AAED;;;GAGG;AACH,wBAAsB,oBAAoB,CAAC,MAAM,CAAC,EAAE,OAAO,iBAAiB,EAAE,UAAU,GAAG,OAAO,CAAC,YAAY,CAAC,
|
|
1
|
+
{"version":3,"file":"launchdaemon.d.ts","sourceRoot":"","sources":["../src/launchdaemon.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAWH;;GAEG;AACH,wBAAgB,mBAAmB,CACjC,MAAM,EAAE,OAAO,iBAAiB,EAAE,UAAU,EAC5C,OAAO,CAAC,EAAE;IACR,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB,GACA,MAAM,CA+DR;AAED;;GAEG;AACH,wBAAgB,yBAAyB,CAAC,OAAO,CAAC,EAAE;IAClD,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB,GAAG,MAAM,CA2DT;AAED,MAAM,WAAW,YAAY;IAC3B,OAAO,EAAE,OAAO,CAAC;IACjB,OAAO,EAAE,MAAM,CAAC;IAChB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,MAAM,CAAC,EAAE,OAAO,CAAC;IACjB,KAAK,CAAC,EAAE,KAAK,CAAC;CACf;AAED;;GAEG;AACH,wBAAsB,mBAAmB,CAAC,YAAY,EAAE,MAAM,GAAG,OAAO,CAAC,YAAY,CAAC,CAAC;AACvF;;GAEG;AACH,wBAAsB,mBAAmB,CAAC,OAAO,CAAC,EAAE;IAClD,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB,GAAG,OAAO,CAAC,YAAY,CAAC,CAAC;AA+C1B;;GAEG;AACH,wBAAsB,gBAAgB,IAAI,OAAO,CAAC,YAAY,CAAC,CAe9D;AAED;;GAEG;AACH,wBAAsB,kBAAkB,IAAI,OAAO,CAAC,YAAY,CAAC,CAuBhE;AAED;;GAEG;AACH,wBAAsB,qBAAqB,IAAI,OAAO,CAAC,YAAY,CAAC,CAmBnE;AAED;;GAEG;AACH,wBAAsB,eAAe,IAAI,OAAO,CAAC,OAAO,CAAC,CAOxD;AAED;;GAEG;AACH,wBAAsB,eAAe,IAAI,OAAO,CAAC;IAC/C,SAAS,EAAE,OAAO,CAAC;IACnB,OAAO,EAAE,OAAO,CAAC;IACjB,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,cAAc,CAAC,EAAE,MAAM,CAAC;CACzB,CAAC,CA6CD;AAED;;GAEG;AACH,wBAAsB,aAAa,IAAI,OAAO,CAAC,YAAY,CAAC,CAgB3D;AAED;;;GAGG;AACH,wBAAsB,oBAAoB,CAAC,MAAM,CAAC,EAAE,OAAO,iBAAiB,EAAE,UAAU,GAAG,OAAO,CAAC,YAAY,CAAC,CA+C/G"}
|
package/macos.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"macos.d.ts","sourceRoot":"","sources":["../src/macos.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAKH,OAAO,KAAK,EAAE,WAAW,EAAE,aAAa,EAAE,gBAAgB,EAAE,kBAAkB,EAAE,MAAM,SAAS,CAAC;AAuBhG;;GAEG;AACH,wBAAgB,UAAU,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAMpD;AAiBD;;GAEG;AACH,wBAAgB,kBAAkB,IAAI;IAAE,OAAO,EAAE,OAAO,CAAC;IAAC,KAAK,CAAC,EAAE,MAAM,CAAA;CAAE,CAsBzE;AAED;;GAEG;AACH,wBAAgB,iBAAiB,CAAC,MAAM,GAAE,OAAO,CAAC,aAAa,CAAM,GAAG,gBAAgB,CA6FvF;AAED;;GAEG;AACH,wBAAgB,wBAAwB,CAAC,IAAI,EAAE,WAAW,GAAG;IAC3D,OAAO,EAAE,OAAO,CAAC;IACjB,IAAI,CAAC,EAAE,kBAAkB,CAAC;IAC1B,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB,
|
|
1
|
+
{"version":3,"file":"macos.d.ts","sourceRoot":"","sources":["../src/macos.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAKH,OAAO,KAAK,EAAE,WAAW,EAAE,aAAa,EAAE,gBAAgB,EAAE,kBAAkB,EAAE,MAAM,SAAS,CAAC;AAuBhG;;GAEG;AACH,wBAAgB,UAAU,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAMpD;AAiBD;;GAEG;AACH,wBAAgB,kBAAkB,IAAI;IAAE,OAAO,EAAE,OAAO,CAAC;IAAC,KAAK,CAAC,EAAE,MAAM,CAAA;CAAE,CAsBzE;AAED;;GAEG;AACH,wBAAgB,iBAAiB,CAAC,MAAM,GAAE,OAAO,CAAC,aAAa,CAAM,GAAG,gBAAgB,CA6FvF;AAED;;GAEG;AACH,wBAAgB,wBAAwB,CAAC,IAAI,EAAE,WAAW,GAAG;IAC3D,OAAO,EAAE,OAAO,CAAC;IACjB,IAAI,CAAC,EAAE,kBAAkB,CAAC;IAC1B,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB,CAoCA;AAED;;;;;;GAMG;AACH,wBAAgB,iBAAiB,CAC/B,QAAQ,EAAE,MAAM,EAChB,OAAO,GAAE;IAAE,aAAa,CAAC,EAAE,OAAO,CAAA;CAAO,GACxC;IAAE,OAAO,EAAE,OAAO,CAAC;IAAC,KAAK,CAAC,EAAE,MAAM,CAAA;CAAE,CAyCtC"}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@agenshield/sandbox",
|
|
3
|
-
"version": "0.
|
|
3
|
+
"version": "0.5.0",
|
|
4
4
|
"type": "module",
|
|
5
5
|
"description": "User isolation and sandboxing utilities for AgenShield",
|
|
6
6
|
"main": "./index.js",
|
|
@@ -15,7 +15,7 @@
|
|
|
15
15
|
},
|
|
16
16
|
"license": "MIT",
|
|
17
17
|
"dependencies": {
|
|
18
|
-
"@agenshield/skills": "0.
|
|
18
|
+
"@agenshield/skills": "0.5.0",
|
|
19
19
|
"yaml": "^2.7.1"
|
|
20
20
|
},
|
|
21
21
|
"devDependencies": {
|
package/shield-exec.d.ts
CHANGED
|
@@ -16,5 +16,5 @@ export declare const PROXIED_COMMANDS: readonly ["curl", "wget", "git", "ssh", "
|
|
|
16
16
|
/**
|
|
17
17
|
* The content of shield-exec as a string, for installation
|
|
18
18
|
*/
|
|
19
|
-
export declare const SHIELD_EXEC_CONTENT = "#!/usr/bin/env node\
|
|
19
|
+
export declare const SHIELD_EXEC_CONTENT = "#!/usr/bin/env node\nimport path from 'node:path';\nimport net from 'node:net';\n\nconst DEFAULT_SOCKET_PATH = '/var/run/agenshield/agenshield.sock';\n\nfunction sendRequest(socketPath, request) {\n return new Promise((resolve, reject) => {\n const socket = net.createConnection(socketPath, () => {\n socket.write(JSON.stringify(request) + '\\n');\n });\n let data = '';\n socket.on('data', (chunk) => {\n data += chunk.toString();\n const idx = data.indexOf('\\n');\n if (idx >= 0) {\n try {\n const resp = JSON.parse(data.slice(0, idx));\n socket.end();\n resolve(resp);\n } catch (e) {\n socket.end();\n reject(new Error('Invalid JSON response: ' + e.message));\n }\n }\n });\n socket.on('error', (err) => reject(new Error('Socket error: ' + err.message)));\n socket.on('end', () => {\n if (data.trim()) {\n try { resolve(JSON.parse(data.trim())); }\n catch { reject(new Error('Connection closed before response')); }\n } else {\n reject(new Error('Connection closed without response'));\n }\n });\n socket.setTimeout(30000, () => {\n socket.destroy();\n reject(new Error('Request timed out'));\n });\n });\n}\n\nasync function main() {\n const socketPath = process.env.AGENSHIELD_SOCKET || DEFAULT_SOCKET_PATH;\n const invoked = path.basename(process.argv[1] || 'shield-exec');\n const args = process.argv.slice(2);\n const commandName = invoked === 'shield-exec' ? (args.shift() || '') : invoked;\n\n if (!commandName) {\n process.stderr.write('Usage: shield-exec <command> [args...]\\n');\n process.exit(1);\n }\n\n const request = {\n jsonrpc: '2.0',\n id: 'shield-exec-' + Date.now() + '-' + Math.random().toString(36).slice(2, 8),\n method: 'exec',\n params: { command: commandName, args: args, cwd: process.cwd() },\n };\n\n try {\n const response = await sendRequest(socketPath, request);\n if (response.error) {\n process.stderr.write('Error: ' + response.error.message + '\\n');\n process.exit(1);\n }\n const result = response.result;\n if (!result) { process.stderr.write('Error: Empty response\\n'); process.exit(1); }\n if (!result.success) {\n process.stderr.write('Error: ' + (result.error?.message || 'Unknown error') + '\\n');\n process.exit(1);\n }\n const data = result.data;\n if (!data) process.exit(0);\n if (data.stdout) process.stdout.write(data.stdout);\n if (data.stderr) process.stderr.write(data.stderr);\n process.exit(data.exitCode ?? 0);\n } catch (err) {\n process.stderr.write('shield-exec error: ' + err.message + '\\n');\n process.exit(1);\n }\n}\n\nmain().catch((err) => { process.stderr.write('Fatal: ' + err.message + '\\n'); process.exit(1); });\n";
|
|
20
20
|
//# sourceMappingURL=shield-exec.d.ts.map
|
package/shield-exec.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"shield-exec.d.ts","sourceRoot":"","sources":["../src/shield-exec.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAKH,0CAA0C;AAC1C,eAAO,MAAM,gBAAgB,oCAAoC,CAAC;AAKlE,4EAA4E;AAC5E,eAAO,MAAM,gBAAgB,iIAInB,CAAC;AAsKX;;GAEG;AACH,eAAO,MAAM,mBAAmB,
|
|
1
|
+
{"version":3,"file":"shield-exec.d.ts","sourceRoot":"","sources":["../src/shield-exec.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAKH,0CAA0C;AAC1C,eAAO,MAAM,gBAAgB,oCAAoC,CAAC;AAKlE,4EAA4E;AAC5E,eAAO,MAAM,gBAAgB,iIAInB,CAAC;AAsKX;;GAEG;AACH,eAAO,MAAM,mBAAmB,uyFAoF/B,CAAC"}
|
package/wrappers.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"wrappers.d.ts","sourceRoot":"","sources":["../src/wrappers.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAQH,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,iBAAiB,CAAC;AAOlD;;GAEG;AACH,MAAM,WAAW,iBAAiB;IAChC,WAAW,EAAE,MAAM,CAAC;IACpB,qDAAqD;IACrD,YAAY,CAAC,EAAE,OAAO,CAAC;IACvB,oDAAoD;IACpD,eAAe,CAAC,EAAE,OAAO,CAAC;IAC1B,qCAAqC;IACrC,QAAQ,EAAE,CAAC,MAAM,EAAE,aAAa,KAAK,MAAM,CAAC;CAC7C;AAED;;GAEG;AACH,MAAM,WAAW,aAAa;IAC5B,2BAA2B;IAC3B,SAAS,EAAE,MAAM,CAAC;IAClB,qBAAqB;IACrB,aAAa,EAAE,MAAM,CAAC;IACtB,kBAAkB;IAClB,UAAU,EAAE,MAAM,CAAC;IACnB,yBAAyB;IACzB,QAAQ,EAAE,MAAM,CAAC;IACjB,iCAAiC;IACjC,eAAe,EAAE,MAAM,CAAC;IACxB,mEAAmE;IACnE,eAAe,EAAE,MAAM,CAAC;IACxB,gCAAgC;IAChC,WAAW,EAAE,MAAM,CAAC;IACpB,gCAAgC;IAChC,UAAU,EAAE,MAAM,CAAC;IACnB,iCAAiC;IACjC,QAAQ,EAAE,MAAM,CAAC;IACjB,6BAA6B;IAC7B,OAAO,EAAE,MAAM,CAAC;IAChB,8BAA8B;IAC9B,QAAQ,EAAE,MAAM,CAAC;CAClB;AAED;;GAEG;AACH,wBAAgB,uBAAuB,CAAC,UAAU,CAAC,EAAE,UAAU,GAAG,aAAa,CAe9E;AAED;;GAEG;AACH,eAAO,MAAM,mBAAmB,EAAE,MAAM,CAAC,MAAM,EAAE,iBAAiB,CAgWjE,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,QAAQ,EAQhB,MAAM,CAAC,MAAM,EAAE;IAAE,WAAW,EAAE,MAAM,CAAC;IAAC,OAAO,EAAE,MAAM,CAAA;CAAE,CAAC,CAAC;AAE9D,MAAM,WAAW,aAAa;IAC5B,OAAO,EAAE,OAAO,CAAC;IACjB,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;IAChB,KAAK,CAAC,EAAE,KAAK,CAAC;CACf;AAED;;GAEG;AACH,wBAAgB,sBAAsB,CACpC,IAAI,EAAE,MAAM,EACZ,MAAM,CAAC,EAAE,aAAa,GACrB,MAAM,GAAG,IAAI,CAMf;AAED;;GAEG;AACH,wBAAsB,cAAc,CAClC,IAAI,EAAE,MAAM,EACZ,OAAO,EAAE,MAAM,EACf,SAAS,EAAE,MAAM,GAChB,OAAO,CAAC,aAAa,CAAC,CAsBxB;AAED;;GAEG;AACH,wBAAsB,sBAAsB,CAC1C,IAAI,EAAE,MAAM,EACZ,OAAO,EAAE,MAAM,EACf,SAAS,EAAE,MAAM,EACjB,KAAK,CAAC,EAAE,MAAM,EACd,KAAK,CAAC,EAAE,MAAM,GACb,OAAO,CAAC,aAAa,CAAC,CA6BxB;AAED;;GAEG;AACH,wBAAsB,eAAe,CACnC,SAAS,GAAE,MAAsC,EACjD,MAAM,CAAC,EAAE,aAAa,GACrB,OAAO,CAAC,aAAa,EAAE,CAAC,CA2B1B;AAED;;GAEG;AACH,wBAAsB,uBAAuB,CAC3C,KAAK,EAAE,MAAM,EAAE,EACf,SAAS,EAAE,MAAM,EACjB,MAAM,CAAC,EAAE,aAAa,GACrB,OAAO,CAAC,aAAa,EAAE,CAAC,CAsC1B;AAED;;GAEG;AACH,wBAAsB,gBAAgB,CACpC,IAAI,EAAE,MAAM,EACZ,SAAS,EAAE,MAAM,GAChB,OAAO,CAAC,aAAa,CAAC,CA8BxB;AAED;;GAEG;AACH,wBAAsB,iBAAiB,CACrC,SAAS,GAAE,MAAsC,GAChD,OAAO,CAAC,aAAa,EAAE,CAAC,CAS1B;AAED;;GAEG;AACH,wBAAsB,cAAc,CAClC,SAAS,GAAE,MAAsC,GAChD,OAAO,CAAC;IACT,KAAK,EAAE,OAAO,CAAC;IACf,SAAS,EAAE,MAAM,EAAE,CAAC;IACpB,OAAO,EAAE,MAAM,EAAE,CAAC;CACnB,CAAC,CAmBD;AAED;;;;;GAKG;AACH,wBAAsB,kBAAkB,CACtC,UAAU,EAAE,UAAU,EACtB,WAAW,EAAE;IAAE,MAAM,EAAE,MAAM,CAAC;IAAC,WAAW,EAAE,MAAM,CAAA;CAAE,GACnD,OAAO,CAAC;IACT,OAAO,EAAE,OAAO,CAAC;IACjB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,SAAS,CAAC,EAAE,MAAM,EAAE,CAAC;CACtB,CAAC,CAkBD;AAED;;GAEG;AACH,MAAM,WAAW,cAAc;IAC7B,OAAO,CAAC,EAAE,OAAO,CAAC;CACnB;AAED;;GAEG;AACH,wBAAsB,mBAAmB,CACvC,UAAU,CAAC,EAAE,UAAU,EACvB,OAAO,CAAC,EAAE,cAAc,GACvB,OAAO,CAAC,aAAa,CAAC,CAiExB;AAED;;;;;;GAMG;AACH,wBAAsB,iBAAiB,CACrC,UAAU,EAAE,UAAU,EACtB,MAAM,EAAE,MAAM,GACb,OAAO,CAAC;IACT,OAAO,EAAE,OAAO,CAAC;IACjB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,SAAS,CAAC,EAAE,MAAM,EAAE,CAAC;CACtB,CAAC,CA+FD;AAED;;GAEG;AACH,wBAAgB,oBAAoB,IAAI,MAAM,EAAE,CAE/C;AAED;;GAEG;AACH,wBAAgB,oBAAoB,CAAC,IAAI,EAAE,MAAM,GAAG,iBAAiB,GAAG,IAAI,CAE3E;AAED;;GAEG;AACH,wBAAgB,mBAAmB,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAGzD;AAED;;GAEG;AACH,wBAAgB,sBAAsB,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAG5D;AAED;;GAEG;AACH,wBAAsB,iBAAiB,CACrC,IAAI,EAAE,MAAM,EACZ,OAAO,EAAE,MAAM,EACf,SAAS,EAAE,MAAM,EACjB,OAAO,GAAE,OAAe,EACxB,KAAK,CAAC,EAAE,MAAM,EACd,KAAK,CAAC,EAAE,MAAM,GACb,OAAO,CAAC,aAAa,CAAC,CAKxB;AAED;;GAEG;AACH,wBAAsB,oBAAoB,CACxC,IAAI,EAAE,MAAM,EACZ,SAAS,EAAE,MAAM,EACjB,OAAO,GAAE,OAAe,GACvB,OAAO,CAAC,aAAa,CAAC,CAkCxB;AAED;;GAEG;AACH,wBAAsB,aAAa,CACjC,IAAI,EAAE,MAAM,EACZ,SAAS,EAAE,MAAM,EACjB,MAAM,CAAC,EAAE,aAAa,EACtB,OAAO,GAAE,OAAe,GACvB,OAAO,CAAC,aAAa,CAAC,CAiBxB;AAED;;;;;;GAMG;AACH,wBAAsB,iBAAiB,CACrC,UAAU,CAAC,EAAE,UAAU,GACtB,OAAO,CAAC,aAAa,CAAC,CAkCxB;AAED;;;GAGG;AACH,wBAAsB,gBAAgB,CACpC,UAAU,CAAC,EAAE,UAAU,GACtB,OAAO,CAAC,aAAa,CAAC,
|
|
1
|
+
{"version":3,"file":"wrappers.d.ts","sourceRoot":"","sources":["../src/wrappers.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAQH,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,iBAAiB,CAAC;AAOlD;;GAEG;AACH,MAAM,WAAW,iBAAiB;IAChC,WAAW,EAAE,MAAM,CAAC;IACpB,qDAAqD;IACrD,YAAY,CAAC,EAAE,OAAO,CAAC;IACvB,oDAAoD;IACpD,eAAe,CAAC,EAAE,OAAO,CAAC;IAC1B,qCAAqC;IACrC,QAAQ,EAAE,CAAC,MAAM,EAAE,aAAa,KAAK,MAAM,CAAC;CAC7C;AAED;;GAEG;AACH,MAAM,WAAW,aAAa;IAC5B,2BAA2B;IAC3B,SAAS,EAAE,MAAM,CAAC;IAClB,qBAAqB;IACrB,aAAa,EAAE,MAAM,CAAC;IACtB,kBAAkB;IAClB,UAAU,EAAE,MAAM,CAAC;IACnB,yBAAyB;IACzB,QAAQ,EAAE,MAAM,CAAC;IACjB,iCAAiC;IACjC,eAAe,EAAE,MAAM,CAAC;IACxB,mEAAmE;IACnE,eAAe,EAAE,MAAM,CAAC;IACxB,gCAAgC;IAChC,WAAW,EAAE,MAAM,CAAC;IACpB,gCAAgC;IAChC,UAAU,EAAE,MAAM,CAAC;IACnB,iCAAiC;IACjC,QAAQ,EAAE,MAAM,CAAC;IACjB,6BAA6B;IAC7B,OAAO,EAAE,MAAM,CAAC;IAChB,8BAA8B;IAC9B,QAAQ,EAAE,MAAM,CAAC;CAClB;AAED;;GAEG;AACH,wBAAgB,uBAAuB,CAAC,UAAU,CAAC,EAAE,UAAU,GAAG,aAAa,CAe9E;AAED;;GAEG;AACH,eAAO,MAAM,mBAAmB,EAAE,MAAM,CAAC,MAAM,EAAE,iBAAiB,CAgWjE,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,QAAQ,EAQhB,MAAM,CAAC,MAAM,EAAE;IAAE,WAAW,EAAE,MAAM,CAAC;IAAC,OAAO,EAAE,MAAM,CAAA;CAAE,CAAC,CAAC;AAE9D,MAAM,WAAW,aAAa;IAC5B,OAAO,EAAE,OAAO,CAAC;IACjB,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;IAChB,KAAK,CAAC,EAAE,KAAK,CAAC;CACf;AAED;;GAEG;AACH,wBAAgB,sBAAsB,CACpC,IAAI,EAAE,MAAM,EACZ,MAAM,CAAC,EAAE,aAAa,GACrB,MAAM,GAAG,IAAI,CAMf;AAED;;GAEG;AACH,wBAAsB,cAAc,CAClC,IAAI,EAAE,MAAM,EACZ,OAAO,EAAE,MAAM,EACf,SAAS,EAAE,MAAM,GAChB,OAAO,CAAC,aAAa,CAAC,CAsBxB;AAED;;GAEG;AACH,wBAAsB,sBAAsB,CAC1C,IAAI,EAAE,MAAM,EACZ,OAAO,EAAE,MAAM,EACf,SAAS,EAAE,MAAM,EACjB,KAAK,CAAC,EAAE,MAAM,EACd,KAAK,CAAC,EAAE,MAAM,GACb,OAAO,CAAC,aAAa,CAAC,CA6BxB;AAED;;GAEG;AACH,wBAAsB,eAAe,CACnC,SAAS,GAAE,MAAsC,EACjD,MAAM,CAAC,EAAE,aAAa,GACrB,OAAO,CAAC,aAAa,EAAE,CAAC,CA2B1B;AAED;;GAEG;AACH,wBAAsB,uBAAuB,CAC3C,KAAK,EAAE,MAAM,EAAE,EACf,SAAS,EAAE,MAAM,EACjB,MAAM,CAAC,EAAE,aAAa,GACrB,OAAO,CAAC,aAAa,EAAE,CAAC,CAsC1B;AAED;;GAEG;AACH,wBAAsB,gBAAgB,CACpC,IAAI,EAAE,MAAM,EACZ,SAAS,EAAE,MAAM,GAChB,OAAO,CAAC,aAAa,CAAC,CA8BxB;AAED;;GAEG;AACH,wBAAsB,iBAAiB,CACrC,SAAS,GAAE,MAAsC,GAChD,OAAO,CAAC,aAAa,EAAE,CAAC,CAS1B;AAED;;GAEG;AACH,wBAAsB,cAAc,CAClC,SAAS,GAAE,MAAsC,GAChD,OAAO,CAAC;IACT,KAAK,EAAE,OAAO,CAAC;IACf,SAAS,EAAE,MAAM,EAAE,CAAC;IACpB,OAAO,EAAE,MAAM,EAAE,CAAC;CACnB,CAAC,CAmBD;AAED;;;;;GAKG;AACH,wBAAsB,kBAAkB,CACtC,UAAU,EAAE,UAAU,EACtB,WAAW,EAAE;IAAE,MAAM,EAAE,MAAM,CAAC;IAAC,WAAW,EAAE,MAAM,CAAA;CAAE,GACnD,OAAO,CAAC;IACT,OAAO,EAAE,OAAO,CAAC;IACjB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,SAAS,CAAC,EAAE,MAAM,EAAE,CAAC;CACtB,CAAC,CAkBD;AAED;;GAEG;AACH,MAAM,WAAW,cAAc;IAC7B,OAAO,CAAC,EAAE,OAAO,CAAC;CACnB;AAED;;GAEG;AACH,wBAAsB,mBAAmB,CACvC,UAAU,CAAC,EAAE,UAAU,EACvB,OAAO,CAAC,EAAE,cAAc,GACvB,OAAO,CAAC,aAAa,CAAC,CAiExB;AAED;;;;;;GAMG;AACH,wBAAsB,iBAAiB,CACrC,UAAU,EAAE,UAAU,EACtB,MAAM,EAAE,MAAM,GACb,OAAO,CAAC;IACT,OAAO,EAAE,OAAO,CAAC;IACjB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,SAAS,CAAC,EAAE,MAAM,EAAE,CAAC;CACtB,CAAC,CA+FD;AAED;;GAEG;AACH,wBAAgB,oBAAoB,IAAI,MAAM,EAAE,CAE/C;AAED;;GAEG;AACH,wBAAgB,oBAAoB,CAAC,IAAI,EAAE,MAAM,GAAG,iBAAiB,GAAG,IAAI,CAE3E;AAED;;GAEG;AACH,wBAAgB,mBAAmB,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAGzD;AAED;;GAEG;AACH,wBAAgB,sBAAsB,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAG5D;AAED;;GAEG;AACH,wBAAsB,iBAAiB,CACrC,IAAI,EAAE,MAAM,EACZ,OAAO,EAAE,MAAM,EACf,SAAS,EAAE,MAAM,EACjB,OAAO,GAAE,OAAe,EACxB,KAAK,CAAC,EAAE,MAAM,EACd,KAAK,CAAC,EAAE,MAAM,GACb,OAAO,CAAC,aAAa,CAAC,CAKxB;AAED;;GAEG;AACH,wBAAsB,oBAAoB,CACxC,IAAI,EAAE,MAAM,EACZ,SAAS,EAAE,MAAM,EACjB,OAAO,GAAE,OAAe,GACvB,OAAO,CAAC,aAAa,CAAC,CAkCxB;AAED;;GAEG;AACH,wBAAsB,aAAa,CACjC,IAAI,EAAE,MAAM,EACZ,SAAS,EAAE,MAAM,EACjB,MAAM,CAAC,EAAE,aAAa,EACtB,OAAO,GAAE,OAAe,GACvB,OAAO,CAAC,aAAa,CAAC,CAiBxB;AAED;;;;;;GAMG;AACH,wBAAsB,iBAAiB,CACrC,UAAU,CAAC,EAAE,UAAU,GACtB,OAAO,CAAC,aAAa,CAAC,CAkCxB;AAED;;;GAGG;AACH,wBAAsB,gBAAgB,CACpC,UAAU,CAAC,EAAE,UAAU,GACtB,OAAO,CAAC,aAAa,CAAC,CAqDxB;AAED;;;GAGG;AACH,wBAAsB,cAAc,CAClC,UAAU,CAAC,EAAE,UAAU,GACtB,OAAO,CAAC,aAAa,CAAC,CA8BxB;AAED,MAAM,WAAW,mBAAmB;IAClC,OAAO,EAAE,OAAO,CAAC;IACjB,iBAAiB,EAAE,MAAM,EAAE,CAAC;IAC5B,MAAM,EAAE,MAAM,EAAE,CAAC;IACjB,iBAAiB,EAAE,OAAO,CAAC;CAC5B;AAED;;GAEG;AACH,eAAO,MAAM,qBAAqB,UAMjC,CAAC;AAEF;;GAEG;AACH,wBAAsB,oBAAoB,CACxC,MAAM,EAAE,MAAM,EACd,OAAO,CAAC,EAAE;IAAE,OAAO,CAAC,EAAE,OAAO,CAAA;CAAE,GAC9B,OAAO,CAAC;IAAE,OAAO,EAAE,OAAO,CAAC;IAAC,SAAS,EAAE,MAAM,EAAE,CAAC;IAAC,MAAM,EAAE,MAAM,EAAE,CAAA;CAAE,CAAC,CA+BtE;AAED;;GAEG;AACH,wBAAsB,qBAAqB,CAAC,OAAO,EAAE;IACnD,YAAY,EAAE,MAAM,EAAE,CAAC;IACvB,UAAU,EAAE,UAAU,CAAC;IACvB,MAAM,EAAE,MAAM,CAAC;IACf,eAAe,EAAE,MAAM,CAAC;IACxB,OAAO,CAAC,EAAE,OAAO,CAAC;CACnB,GAAG,OAAO,CAAC,mBAAmB,CAAC,CAyF/B"}
|