@aictrl/hush 0.1.0 → 0.1.6

package/.github/workflows/ci.yml

@@ -0,0 +1,46 @@
+name: CI
+
+on:
+  push:
+    branches: [ main, master ]
+  pull_request:
+    branches: [ main, master ]
+
+jobs:
+  test:
+    name: Build & Test
+    runs-on: ubuntu-latest
+
+    permissions:
+      pull-requests: write
+      contents: read
+
+    strategy:
+      matrix:
+        node-version: [20.x, 22.x]
+
+    steps:
+      - uses: actions/checkout@v4
+      
+      - name: Use Node.js ${{ matrix.node-version }}
+        uses: actions/setup-node@v4
+        with:
+          node-version: ${{ matrix.node-version }}
+          cache: 'npm'
+          
+      - name: Install dependencies
+        run: npm ci
+        
+      - name: Build
+        run: npm run build
+        
+      - name: Run Tests with Coverage
+        run: npm test
+        
+      # Optional: Post coverage report to PR
+      - name: Report Coverage
+        if: github.event_name == 'pull_request' && matrix.node-version == '22.x'
+        uses: davelosert/vitest-coverage-report-action@v2
+        with:
+          json-summary-path: ./coverage/coverage-summary.json
+          json-final-path: ./coverage/coverage-final.json

package/.github/workflows/e2e-opencode.yml

@@ -0,0 +1,126 @@
+name: E2E - OpenCode + GLM-5 via Hush Gateway
+
+on:
+  pull_request:
+    branches: [main, master]
+  workflow_dispatch:
+    inputs:
+      use_real_api:
+        description: 'Use real ZhipuAI API key (requires ZHIPUAI_API_KEY secret)'
+        type: boolean
+        default: false
+
+permissions:
+  contents: read
+
+concurrency:
+  group: e2e-opencode-${{ github.event.pull_request.number || github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  e2e-gateway-interception:
+    name: Gateway PII Interception (Mock Upstream)
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Use Node.js 22.x
+        uses: actions/setup-node@v4
+        with:
+          node-version: 22.x
+          cache: 'npm'
+
+      - name: Install dependencies
+        run: npm ci
+
+      - name: Run E2E interception test
+        run: |
+          chmod +x scripts/e2e-opencode.sh
+          ./scripts/e2e-opencode.sh
+        env:
+          CI: true
+
+  e2e-opencode-live:
+    name: OpenCode + GLM-5 Live E2E
+    runs-on: ubuntu-latest
+    if: >
+      github.event_name == 'workflow_dispatch' &&
+      github.event.inputs.use_real_api == 'true'
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Use Node.js 22.x
+        uses: actions/setup-node@v4
+        with:
+          node-version: 22.x
+          cache: 'npm'
+
+      - name: Install dependencies & build
+        run: npm ci && npm run build
+
+      - name: Start Hush Gateway (background)
+        run: |
+          DEBUG=true node dist/cli.js > /tmp/gateway.log 2>&1 &
+          GATEWAY_PID=$!
+          echo "GATEWAY_PID=$GATEWAY_PID" >> $GITHUB_ENV
+
+          # Wait for gateway to be ready
+          for i in {1..15}; do
+            if curl -sf http://127.0.0.1:4000/health > /dev/null 2>&1; then
+              echo "Gateway is ready"
+              break
+            fi
+            echo "Waiting for gateway... ($i/15)"
+            sleep 1
+          done
+
+      - name: Check vault is empty before test
+        run: |
+          HEALTH_BEFORE=$(curl -sf http://127.0.0.1:4000/health)
+          echo "Health before: $HEALTH_BEFORE"
+          VAULT_BEFORE=$(echo "$HEALTH_BEFORE" | jq -r '.vaultSize // 0')
+          echo "Vault size before: $VAULT_BEFORE"
+
+      - name: Send PII-laden request through gateway to real GLM-5
+        env:
+          ZHIPU_API_KEY: ${{ secrets.ZHIPUAI_API_KEY }}
+        timeout-minutes: 2
+        run: |
+          # Send a real GLM-5 chat completion through the Hush gateway
+          # This proves PII interception works with the actual ZhipuAI API
+          HTTP_CODE=$(curl -s -o /tmp/response.json -w "%{http_code}" --max-time 60 \
+            -X POST "http://127.0.0.1:4000/api/paas/v4/chat/completions" \
+            -H "Content-Type: application/json" \
+            -H "Authorization: Bearer $ZHIPU_API_KEY" \
+            -d '{
+              "model": "glm-5",
+              "messages": [{"role": "user", "content": "Please confirm receipt. My email is testuser@example-corp.com and server IP is 10.42.99.7. Credentials: api_key=secret_test_a1b2c3d4e5f6g7h8i9j0"}]
+            }') || true
+          echo "HTTP Status: $HTTP_CODE"
+          echo "Response: $(cat /tmp/response.json | head -c 500)"
+          echo ""
+          echo "--- Gateway logs ---"
+          cat /tmp/gateway.log 2>/dev/null || true
+
+      - name: Verify PII was intercepted
+        run: |
+          HEALTH_AFTER=$(curl -sf http://127.0.0.1:4000/health)
+          echo "Health after: $HEALTH_AFTER"
+          VAULT_AFTER=$(echo "$HEALTH_AFTER" | jq -r '.vaultSize // 0')
+          echo "Vault size after: $VAULT_AFTER"
+
+          if [ "$VAULT_AFTER" -gt 0 ]; then
+            echo "SUCCESS: Gateway vault contains $VAULT_AFTER token(s) - PII was intercepted!"
+          else
+            echo "FAILURE: Gateway vault is empty - PII may not have been intercepted"
+            exit 1
+          fi
+
+      - name: Cleanup
+        if: always()
+        run: |
+          if [ -n "$GATEWAY_PID" ]; then
+            kill $GATEWAY_PID 2>/dev/null || true
+          fi

package/.github/workflows/opencode-review.yml

@@ -0,0 +1,101 @@
+name: OpenCode Review
+on:
+  pull_request:
+    branches: [main, master]
+  workflow_dispatch:
+
+concurrency:
+  group: opencode-${{ github.event.pull_request.number || github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  opencode:
+    name: OpenCode AI Review
+    runs-on: ubuntu-latest
+    permissions:
+      pull-requests: write
+      issues: write
+      contents: read
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Check for Relevant Changes
+        id: check_changes
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: |
+          SHA=${{ github.event.pull_request.head.sha || github.sha }}
+          PR_NUMBER=${{ github.event.pull_request.number }}
+          
+          if [ -z "$PR_NUMBER" ]; then
+            echo "Not a pull request, proceeding."
+            echo "skip=false" >> $GITHUB_OUTPUT
+            exit 0
+          fi
+
+          # 1. Check if this SHA was already reviewed
+          echo "Checking if SHA $SHA was already reviewed..."
+          REVIEW_COMMENTS=$(gh pr view $PR_NUMBER --json comments --jq '.comments[].body' | grep -c "Reviewed SHA:" || true)
+          LAST_REVIEW_SHA=$(gh pr view $PR_NUMBER --json comments --jq '.comments[].body' | grep -o "Reviewed SHA: [a-f0-9]\{40\}" | tail -n 1 | cut -d' ' -f3)
+
+          if [ "$LAST_REVIEW_SHA" == "$SHA" ]; then
+            echo "This commit ($SHA) has already been reviewed. Skipping."
+            echo "skip=true" >> $GITHUB_OUTPUT
+            exit 0
+          fi
+
+          # 2. Skip if 2+ reviews already exist (unless manually triggered)
+          IS_MANUAL="${{ github.event_name == 'workflow_dispatch' }}"
+          if [ "$REVIEW_COMMENTS" -ge 2 ] && [ "$IS_MANUAL" != "true" ]; then
+            echo "PR already has $REVIEW_COMMENTS AI reviews. Skipping (use workflow_dispatch to force)."
+            echo "skip=true" >> $GITHUB_OUTPUT
+            exit 0
+          fi
+
+          # 3. Check if there are any "actual code" changes
+          echo "Checking changed files..."
+          # We check src/ and tests/ for relevant logic changes
+          CODE_CHANGES=$(git diff --name-only origin/${{ github.event.pull_request.base.ref }}...$SHA | grep -E '\.(ts|js|json|sh|yml|yaml)$' | grep -vE '^docs/|.*\.md$' || true)
+          
+          if [ -z "$CODE_CHANGES" ]; then
+            echo "No actual code changes detected. Skipping review."
+            echo "skip=true" >> $GITHUB_OUTPUT
+          else
+            echo "Actual code changes detected:"
+            echo "$CODE_CHANGES"
+            echo "skip=false" >> $GITHUB_OUTPUT
+          fi
+
+      - name: Setup OpenCode
+        if: steps.check_changes.outputs.skip != 'true'
+        env:
+          ZHIPU_API_KEY: ${{ secrets.ZHIPUAI_API_KEY }}
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: |
+          # Use GITHUB_TOKEN to avoid rate limits when fetching version info
+          curl -fsSL https://opencode.ai/install | bash -s -- --no-modify-path
+          echo "$HOME/.opencode/bin" >> $GITHUB_PATH
+
+      - name: Direct OpenCode Review
+        if: steps.check_changes.outputs.skip != 'true'
+        env:
+          ZHIPU_API_KEY: ${{ secrets.ZHIPUAI_API_KEY }}
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: |
+          SHA=${{ github.event.pull_request.head.sha || github.sha }}
+          echo "Starting review with GLM-5 for SHA $SHA..."
+          
+          $HOME/.opencode/bin/opencode run --model zai-coding-plan/glm-5 "Review the changes in this PR for the Hush Semantic Gateway.
+
+          Focus areas:
+          1. **Redaction Logic**: Ensure PII patterns are robust and handle edge cases in tool outputs (like JSON or CLI tables).
+          2. **Streaming Integrity**: Check that the SSE/streaming proxy logic doesn't buffer unnecessarily or break the rehydration flow.
+          3. **Security**: Look for potential PII leaks or insecure token handling in the vault.
+          4. **Reliability**: Ensure the proxy handles upstream errors gracefully.
+          
+          Keep the summary concise but technical. Post findings as a markdown comment on the PR.
+          
+          **CRITICAL**: Include the string 'Reviewed SHA: $SHA' at the very end of your comment so I can track which commits have been reviewed."

package/.github/workflows/publish.yml

@@ -0,0 +1,44 @@
+name: Publish to npm
+
+on:
+  push:
+    tags:
+      - 'v*'
+
+permissions:
+  contents: read
+  id-token: write
+
+jobs:
+  publish:
+    name: Build, Test & Publish
+    runs-on: ubuntu-latest
+    environment: release
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - uses: actions/setup-node@v4
+        with:
+          node-version: 24
+          cache: 'npm'
+
+      - name: Install dependencies
+        run: npm ci
+
+      - name: Build
+        run: npm run build
+
+      - name: Run tests
+        run: npm test
+
+      - name: Verify version matches tag
+        run: |
+          PKG_VERSION="v$(node -p "require('./package.json').version")"
+          if [ "$PKG_VERSION" != "${{ github.ref_name }}" ]; then
+            echo "::error::Tag ${{ github.ref_name }} does not match package.json version $PKG_VERSION"
+            exit 1
+          fi
+
+      - name: Publish to npm
+        run: npm publish --provenance --access public

package/CLAUDE.md

@@ -0,0 +1,6 @@
+# hush 🛡️ Mandates
+
+## Development Workflow
+- **PR-Only Pushes:** All code changes, documentation updates, and asset additions MUST be submitted via a Pull Request. Direct pushes to the `master` branch are strictly prohibited.
+- **Verification:** Every PR must pass all existing tests (`npm test`) and maintain or improve the current test coverage before merging.
+- **Security First:** Never bypass security protocols (like `HUSH_AUTH_TOKEN` or local binding) during development or testing.

package/CONTRIBUTING.md

@@ -0,0 +1,29 @@
+# Contributing to AICtrl Gateway
+
+We're excited that you're interested in contributing to AICtrl Gateway! Here's a quick guide to help you get started.
+
+## How to Contribute
+
+1.  **Fork the repository** on GitHub.
+2.  **Clone your fork** locally: `git clone https://github.com/YOUR_USERNAME/gateway.git`
+3.  **Create a new branch** for your feature or bug fix: `git checkout -b my-feature`
+4.  **Make your changes** and ensure tests pass: `npm test`
+5.  **Commit your changes** with a clear message.
+6.  **Push to your branch**: `git push origin my-feature`
+7.  **Open a Pull Request** against the `main` branch.
+
+## Development Setup
+
+1.  Install dependencies: `npm install`
+2.  Run tests: `npm test`
+3.  Build the project: `npm run build`
+
+## Code Style
+
+Please ensure your code follows the existing style and is well-documented with TSDoc comments.
+
+## Reporting Issues
+
+If you find a bug or have a feature request, please [open an issue](https://github.com/aictrl/gateway/issues) on GitHub.
+
+Thank you for your help!

package/Dockerfile

@@ -0,0 +1,25 @@
+# hush 🛡️ - Docker Gateway
+FROM node:18-slim
+
+WORKDIR /app
+
+# Install dependencies first for layer caching
+COPY package*.json ./
+RUN npm install
+
+# Copy source
+COPY . .
+
+# Build TypeScript
+RUN npm run build
+
+# Default environment
+ENV PORT=4000
+ENV HUSH_HOST=0.0.0.0
+# Note: Bind to 0.0.0.0 inside container so Docker can forward it,
+# but host binding remains safe.
+
+EXPOSE 4000
+
+# Start the gateway
+CMD ["node", "dist/cli.js"]

package/GEMINI.md

@@ -0,0 +1,6 @@
+# Mandates
+
+All foundational mandates for this project are maintained in [CLAUDE.md](./CLAUDE.md).
+
+1. All code changes MUST be submitted via Pull Request.
+2. NO direct pushes to `master`.

package/README.md

@@ -3,110 +3,125 @@
 </p>
 
 **hush** is a Semantic Security Gateway for AI agents.
- It acts as a local proxy between your AI tools (like Claude Code, Cursor, or custom CLI agents) and LLM providers (Anthropic, OpenAI).
+It sits between your AI tools (Claude Code, Codex, OpenCode, Gemini CLI) and LLM providers, ensuring that sensitive data — emails, IP addresses, API keys, credit cards — never leaves your machine.
 
-Hush ensures that sensitive data—like emails, IP addresses, and secrets—never leaves your machine by redacting it from prompts and tool outputs before they hit the cloud.
+## Quick Start
 
-## Why Hush?
+```bash
+npm install -g @aictrl/hush
+hush
+```
 
-When an AI agent runs a local tool (like `snow` or `ls`), it often returns PII (Personally Identifiable Information) to the terminal. Without Hush, this sensitive data is sent directly to the LLM provider for processing.
+Hush starts on `http://127.0.0.1:4000`. Now point your AI tool at it:
 
-Hush intercepts this traffic, replaces PII with persistent tokens, and stores the original values in a local `TokenVault`.
+### Claude Code
 
-## Features
+Add to `~/.claude/settings.json`:
 
-- **Semantic Redaction:** Automatically identifies and masks PII (emails, IPs, secrets, credit cards) using high-entropy random tokens (e.g., `[HUSH_EML_8a2b3c]`).
-- **Local Rehydration:** Automatically restores original values in the LLM's response locally. You see the real data; the cloud provider only sees tokens.
-- **Live Protection Dashboard:** Run with `--dashboard` to see a real-time TUI showing PII being blocked and intercepted.
-- **Zero-Trust Architecture:** Local-only processing. PII never leaves your machine. Bindings default to `127.0.0.1`.
-- **Streaming Support:** Robust rehydration for SSE (Server-Sent Events) even when tokens are split across network chunks.
+```json
+{
+  "env": {
+    "ANTHROPIC_BASE_URL": "http://127.0.0.1:4000"
+  }
+}
+```
 
-## Getting Started
+> **Note:** Claude Code subscription (OAuth) tokens are currently blocked by Anthropic for third-party proxies ([anthropics/claude-code#28091](https://github.com/anthropics/claude-code/issues/28091)). If you hit a 401, add `"ANTHROPIC_AUTH_TOKEN": "sk-ant-..."` to the env block above.
 
-### Installation
+### Codex (OpenAI)
 
-```bash
-npm install -g @aictrl/hush
+Add to `~/.codex/config.toml` (or `.codex/config.toml` in your project):
+
+```toml
+model_provider = "hush"
+
+[model_providers.hush]
+base_url = "http://127.0.0.1:4000/v1"
 ```
 
-### Usage
+### OpenCode (ZhipuAI GLM-5)
 
-1.  **Start the hush Gateway:**
-    ```bash
-    hush --dashboard
-    ```
-    hush will start listening on `http://127.0.0.1:4000`.
+Create `opencode.json` in your project root:
 
-2.  **Point your AI tool to the Gateway:**
+```json
+{
+  "provider": {
+    "zai-coding-plan": {
+      "options": {
+        "baseURL": "http://127.0.0.1:4000/api/coding/paas/v4"
+      }
+    }
+  }
+}
+```
 
-    For **Claude Code**:
-    ```bash
-    export ANTHROPIC_BASE_URL=http://127.0.0.1:4000
-    claude
-    ```
+### Gemini CLI
 
-    For **OpenAI-based tools**:
-    ```bash
-    export OPENAI_BASE_URL=http://127.0.0.1:4000/v1
-    ```
+Gemini CLI only supports env vars for endpoint override (no settings file option):
 
-    For **Google Gemini**:
-    ```bash
-    # For the Google Generative AI SDK
-    export GOOGLE_GENERATIVE_AI_BASE_URL=http://127.0.0.1:4000
+```bash
+CODE_ASSIST_ENDPOINT=http://127.0.0.1:4000 gemini
+```
 
-    # For the Gemini CLI
-    export CODE_ASSIST_ENDPOINT=http://127.0.0.1:4000
-    ```
+### Verify it works
 
-## Configuration
+When your AI tool sends a request containing PII, the hush terminal shows:
 
-| Variable | Description | Default |
-|----------|-------------|---------|
-| `PORT` | The port the gateway listens on. | `4000` |
-| `HUSH_HOST` | The host interface to bind to. | `127.0.0.1` |
-| `HUSH_AUTH_TOKEN` | If set, the proxy requires `Authorization: Bearer <token>` | `undefined` |
-| `HUSH_DASHBOARD` | Set to `true` to enable the TUI dashboard. | `false` |
+```
+INFO: Redacted sensitive data from request  path="/v1/messages"  tokenCount=2  duration=1
+```
+
+Your tool still sees the real data (rehydrated locally). The LLM provider only ever sees tokens like `[USER_EMAIL_f22c5a]`.
 
 ## How it Works
 
-1.  **Intercept:** Hush sits locally on your machine as an HTTP proxy.
-2.  **Redact:** Before a request is forwarded to Anthropic/OpenAI, Hush scans the message content for sensitive data and swaps it for tokens (e.g., `[USER_EMAIL_1]`).
-3.  **Vault:** The original data is saved in a local, in-memory `TokenVault`.
-4.  **Forward:** The redacted request is sent to the LLM provider.
-5.  **Rehydrate:** When the LLM responds, Hush re-inserts the original values from the vault before showing the response to you.
+1. **Intercept** — Hush sits on your machine between your AI tool and the LLM provider.
+2. **Redact** — Before forwarding, it scans for PII and swaps it for deterministic tokens (`bulat@aictrl.dev` → `[USER_EMAIL_f22c5a]`).
+3. **Vault** — Original values are saved in a local, in-memory TokenVault (auto-expires after 1 hour).
+4. **Forward** — The redacted request goes to the provider. They never see your real data.
+5. **Rehydrate** — Responses come back with tokens replaced by originals before reaching your tool.
 
-## Development
+## Supported Tools
 
-### Prerequisites
+| Tool | Config | Route |
+|------|--------|-------|
+| Claude Code | `~/.claude/settings.json` | `/v1/messages` → Anthropic |
+| Codex | `~/.codex/config.toml` | `/v1/chat/completions` → OpenAI |
+| OpenCode | `opencode.json` | `/api/paas/v4/**` → ZhipuAI |
+| Gemini CLI | `CODE_ASSIST_ENDPOINT` env var | `/v1beta/models/**` → Google |
+| Any tool | Point base URL at hush | `/*` catch-all with auto-detect |
 
-- Node.js 18+
-- npm
+Hush forwards your existing auth headers transparently — no API keys need to be reconfigured.
 
-### Setup
+## Features
 
-```bash
-git clone https://github.com/aictrl-dev/hush.git
-cd hush
-npm install
-```
+- **Semantic Redaction** — Identifies emails, IPs, secrets, credit cards, phone numbers. Deterministic hash-based tokens (same input → same token).
+- **Local Rehydration** — Restores original values in responses locally. You see real data; the provider sees tokens.
+- **Streaming Support** — SSE-aware rehydration handles tokens split across network chunks.
+- **Live Dashboard** — `hush --dashboard` for a real-time TUI showing PII being blocked.
+- **Zero-Trust** — PII never leaves your machine. Binds to `127.0.0.1` by default.
+- **Universal Proxy** — One instance handles all providers simultaneously. Auto-detects from request path.
 
-### Testing
+## Configuration
 
-```bash
-npm test
-```
+| Variable | Description | Default |
+|----------|-------------|---------|
+| `PORT` | Gateway listen port | `4000` |
+| `HUSH_HOST` | Bind address | `127.0.0.1` |
+| `HUSH_AUTH_TOKEN` | Require auth on all requests to the gateway itself | — |
+| `HUSH_DASHBOARD` | Enable TUI dashboard | `false` |
+| `DEBUG` | Show vault size in `/health` | `false` |
 
-### Building
+## Development
 
 ```bash
-npm run build
+git clone https://github.com/aictrl-dev/hush.git
+cd hush && npm install
+npm run dev        # dev mode with tsx
+npm test           # run tests
+npm run build      # production build
 ```
 
-## Contributing
-
-We welcome contributions! Please see our [CONTRIBUTING.md](CONTRIBUTING.md) for details.
-
 ## License
 
-This project is licensed under the Apache License 2.0 - see the [LICENSE](LICENSE) file for details.
+Apache License 2.0 — see [LICENSE](LICENSE).

package/dist/cli.js

@@ -3,8 +3,17 @@ import { app } from './index.js';
 import { createLogger } from './lib/logger.js';
 const log = createLogger('hush-cli');
 const PORT = process.env.PORT || 4000;
-app.listen(PORT, () => {
+const server = app.listen(PORT, () => {
     log.info(`Hush Semantic Gateway is listening on http://localhost:${PORT}`);
-    log.info(`To use with Claude Code: export ANTHROPIC_BASE_URL=http://localhost:${PORT}`);
+    log.info(`Routes: /v1/messages → Anthropic, /v1/chat/completions → OpenAI, /api/paas/v4/** → ZhipuAI, * → Google`);
+});
+server.on('error', (err) => {
+    if (err.code === 'EADDRINUSE') {
+        log.error(`Port ${PORT} is already in use. Stop the other process or use PORT=<number> hush`);
+    }
+    else {
+        log.error({ err }, 'Failed to start server');
+    }
+    process.exit(1);
 });
 //# sourceMappingURL=cli.js.map

package/dist/cli.js.map

@@ -1 +1 @@
-{"version":3,"file":"cli.js","sourceRoot":"","sources":["../src/cli.ts"],"names":[],"mappings":";AACA,OAAO,EAAE,GAAG,EAAE,MAAM,YAAY,CAAC;AACjC,OAAO,EAAE,YAAY,EAAE,MAAM,iBAAiB,CAAC;AAE/C,MAAM,GAAG,GAAG,YAAY,CAAC,UAAU,CAAC,CAAC;AACrC,MAAM,IAAI,GAAG,OAAO,CAAC,GAAG,CAAC,IAAI,IAAI,IAAI,CAAC;AAEtC,GAAG,CAAC,MAAM,CAAC,IAAI,EAAE,GAAG,EAAE;IACpB,GAAG,CAAC,IAAI,CAAC,0DAA0D,IAAI,EAAE,CAAC,CAAC;IAC3E,GAAG,CAAC,IAAI,CAAC,uEAAuE,IAAI,EAAE,CAAC,CAAC;AAC1F,CAAC,CAAC,CAAC"}
+{"version":3,"file":"cli.js","sourceRoot":"","sources":["../src/cli.ts"],"names":[],"mappings":";AACA,OAAO,EAAE,GAAG,EAAE,MAAM,YAAY,CAAC;AACjC,OAAO,EAAE,YAAY,EAAE,MAAM,iBAAiB,CAAC;AAE/C,MAAM,GAAG,GAAG,YAAY,CAAC,UAAU,CAAC,CAAC;AACrC,MAAM,IAAI,GAAG,OAAO,CAAC,GAAG,CAAC,IAAI,IAAI,IAAI,CAAC;AAEtC,MAAM,MAAM,GAAG,GAAG,CAAC,MAAM,CAAC,IAAI,EAAE,GAAG,EAAE;IACnC,GAAG,CAAC,IAAI,CAAC,0DAA0D,IAAI,EAAE,CAAC,CAAC;IAC3E,GAAG,CAAC,IAAI,CAAC,wGAAwG,CAAC,CAAC;AACrH,CAAC,CAAC,CAAC;AAEH,MAAM,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,GAA0B,EAAE,EAAE;IAChD,IAAI,GAAG,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;QAC9B,GAAG,CAAC,KAAK,CAAC,QAAQ,IAAI,sEAAsE,CAAC,CAAC;IAChG,CAAC;SAAM,CAAC;QACN,GAAG,CAAC,KAAK,CAAC,EAAE,GAAG,EAAE,EAAE,wBAAwB,CAAC,CAAC;IAC/C,CAAC;IACD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AAClB,CAAC,CAAC,CAAC"}