@clawdstrike/openclaw 0.1.3 → 0.2.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +11 -0
- package/dist/audit/adapter-logger.d.ts +3 -3
- package/dist/audit/adapter-logger.d.ts.map +1 -1
- package/dist/audit/adapter-logger.js +3 -3
- package/dist/audit/adapter-logger.js.map +1 -1
- package/dist/audit/store.d.ts +2 -2
- package/dist/audit/store.d.ts.map +1 -1
- package/dist/audit/store.js +13 -13
- package/dist/audit/store.js.map +1 -1
- package/dist/classification.d.ts +2 -2
- package/dist/classification.d.ts.map +1 -1
- package/dist/classification.js +96 -28
- package/dist/classification.js.map +1 -1
- package/dist/cli/bin.js +1 -1
- package/dist/cli/commands/audit.d.ts.map +1 -1
- package/dist/cli/commands/audit.js +29 -29
- package/dist/cli/commands/audit.js.map +1 -1
- package/dist/cli/commands/policy.d.ts.map +1 -1
- package/dist/cli/commands/policy.js +33 -33
- package/dist/cli/commands/policy.js.map +1 -1
- package/dist/cli/index.d.ts +1 -1
- package/dist/cli/index.d.ts.map +1 -1
- package/dist/cli/index.js +45 -56
- package/dist/cli/index.js.map +1 -1
- package/dist/config.d.ts +1 -1
- package/dist/config.d.ts.map +1 -1
- package/dist/config.js +9 -9
- package/dist/config.js.map +1 -1
- package/dist/e2e/openclaw-e2e.js +58 -49
- package/dist/e2e/openclaw-e2e.js.map +1 -1
- package/dist/engine-holder.d.ts +2 -2
- package/dist/engine-holder.js +1 -1
- package/dist/guards/egress.d.ts +2 -2
- package/dist/guards/egress.d.ts.map +1 -1
- package/dist/guards/egress.js +71 -73
- package/dist/guards/egress.js.map +1 -1
- package/dist/guards/forbidden-path.d.ts +2 -2
- package/dist/guards/forbidden-path.d.ts.map +1 -1
- package/dist/guards/forbidden-path.js +41 -43
- package/dist/guards/forbidden-path.js.map +1 -1
- package/dist/guards/index.d.ts +6 -6
- package/dist/guards/index.d.ts.map +1 -1
- package/dist/guards/index.js +5 -5
- package/dist/guards/index.js.map +1 -1
- package/dist/guards/patch-integrity.d.ts +2 -2
- package/dist/guards/patch-integrity.d.ts.map +1 -1
- package/dist/guards/patch-integrity.js +69 -70
- package/dist/guards/patch-integrity.js.map +1 -1
- package/dist/guards/secret-leak.d.ts +2 -2
- package/dist/guards/secret-leak.d.ts.map +1 -1
- package/dist/guards/secret-leak.js +81 -82
- package/dist/guards/secret-leak.js.map +1 -1
- package/dist/guards/types.d.ts +2 -2
- package/dist/guards/types.d.ts.map +1 -1
- package/dist/guards/types.js +4 -4
- package/dist/guards/types.js.map +1 -1
- package/dist/hooks/agent-bootstrap/handler.d.ts +1 -1
- package/dist/hooks/agent-bootstrap/handler.d.ts.map +1 -1
- package/dist/hooks/agent-bootstrap/handler.js +5 -5
- package/dist/hooks/agent-bootstrap/handler.js.map +1 -1
- package/dist/hooks/approval-state.d.ts +1 -1
- package/dist/hooks/approval-state.d.ts.map +1 -1
- package/dist/hooks/approval-state.js +15 -15
- package/dist/hooks/approval-state.js.map +1 -1
- package/dist/hooks/approval-utils.d.ts +1 -1
- package/dist/hooks/approval-utils.d.ts.map +1 -1
- package/dist/hooks/approval-utils.js +41 -20
- package/dist/hooks/approval-utils.js.map +1 -1
- package/dist/hooks/audit-logger/handler.d.ts +1 -1
- package/dist/hooks/audit-logger/handler.d.ts.map +1 -1
- package/dist/hooks/audit-logger/handler.js +9 -9
- package/dist/hooks/audit-logger/handler.js.map +1 -1
- package/dist/hooks/cua-bridge/handler.d.ts +4 -4
- package/dist/hooks/cua-bridge/handler.d.ts.map +1 -1
- package/dist/hooks/cua-bridge/handler.js +85 -70
- package/dist/hooks/cua-bridge/handler.js.map +1 -1
- package/dist/hooks/tool-guard/handler.d.ts +1 -1
- package/dist/hooks/tool-guard/handler.d.ts.map +1 -1
- package/dist/hooks/tool-guard/handler.js +112 -101
- package/dist/hooks/tool-guard/handler.js.map +1 -1
- package/dist/hooks/tool-preflight/handler.d.ts +2 -2
- package/dist/hooks/tool-preflight/handler.d.ts.map +1 -1
- package/dist/hooks/tool-preflight/handler.js +115 -91
- package/dist/hooks/tool-preflight/handler.js.map +1 -1
- package/dist/index.d.ts +16 -16
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +18 -18
- package/dist/index.js.map +1 -1
- package/dist/openclaw-adapter.d.ts +2 -2
- package/dist/openclaw-adapter.d.ts.map +1 -1
- package/dist/openclaw-adapter.js +4 -4
- package/dist/openclaw-adapter.js.map +1 -1
- package/dist/plugin.d.ts.map +1 -1
- package/dist/plugin.js +39 -40
- package/dist/plugin.js.map +1 -1
- package/dist/policy/engine.d.ts +1 -1
- package/dist/policy/engine.d.ts.map +1 -1
- package/dist/policy/engine.js +237 -221
- package/dist/policy/engine.js.map +1 -1
- package/dist/policy/index.d.ts +3 -3
- package/dist/policy/index.d.ts.map +1 -1
- package/dist/policy/index.js +3 -3
- package/dist/policy/index.js.map +1 -1
- package/dist/policy/loader.d.ts +1 -1
- package/dist/policy/loader.d.ts.map +1 -1
- package/dist/policy/loader.js +76 -63
- package/dist/policy/loader.js.map +1 -1
- package/dist/policy/validator.d.ts +1 -1
- package/dist/policy/validator.d.ts.map +1 -1
- package/dist/policy/validator.js +158 -151
- package/dist/policy/validator.js.map +1 -1
- package/dist/receipt/signer.d.ts +2 -2
- package/dist/receipt/signer.d.ts.map +1 -1
- package/dist/receipt/signer.js +12 -12
- package/dist/receipt/signer.js.map +1 -1
- package/dist/receipt/types.d.ts +2 -2
- package/dist/receipt/types.d.ts.map +1 -1
- package/dist/sanitizer/output-sanitizer.d.ts +1 -1
- package/dist/sanitizer/output-sanitizer.d.ts.map +1 -1
- package/dist/sanitizer/output-sanitizer.js +8 -8
- package/dist/sanitizer/output-sanitizer.js.map +1 -1
- package/dist/security-prompt.d.ts +1 -1
- package/dist/security-prompt.d.ts.map +1 -1
- package/dist/security-prompt.js +16 -12
- package/dist/security-prompt.js.map +1 -1
- package/dist/tools/policy-check.d.ts +3 -3
- package/dist/tools/policy-check.d.ts.map +1 -1
- package/dist/tools/policy-check.js +60 -52
- package/dist/tools/policy-check.js.map +1 -1
- package/dist/translator/openclaw-translator.d.ts +1 -1
- package/dist/translator/openclaw-translator.d.ts.map +1 -1
- package/dist/translator/openclaw-translator.js +100 -80
- package/dist/translator/openclaw-translator.js.map +1 -1
- package/dist/types.d.ts +11 -13
- package/dist/types.d.ts.map +1 -1
- package/package.json +9 -4
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"validator.js","sourceRoot":"","sources":["../../src/policy/validator.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,cAAc,IAAI,uBAAuB,EAAE,MAAM,qBAAqB,CAAC;AAEhF,MAAM,CAAC,MAAM,qBAAqB,GAAG,kBAAkB,CAAC;AACxD,MAAM,4BAA4B,GAAG,IAAI,GAAG,CAAC,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC,CAAC;AAEjE,MAAM,kBAAkB,GAAG,IAAI,GAAG,CAAC,CAAC,WAAW,EAAE,UAAU,EAAE,MAAM,EAAE,UAAU,CAAC,CAAC,CAAC;AAClF,MAAM,uBAAuB,GAAG,IAAI,GAAG,CAAC,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC,CAAC;AAC5D,MAAM,+BAA+B,GAAG,IAAI,GAAG,CAAC,CAAC,SAAS,EAAE,UAAU,CAAC,CAAC,CAAC;AACzE,MAAM,uBAAuB,GAAG,IAAI,GAAG,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,OAAO,CAAC,CAAC,CAAC;AAC5E,MAAM,qBAAqB,GAAG,IAAI,GAAG,CAAC,CAAC,UAAU,EAAE,YAAY,EAAE,YAAY,CAAC,CAAC,CAAC;AAChF,MAAM,wBAAwB,GAAG,IAAI,GAAG,CAAC,CAAC,SAAS,EAAE,WAAW,EAAE,aAAa,CAAC,CAAC,CAAC;AAElF,MAAM,cAAc,GAAG,gBAAgB,CAAC;AAExC,MAAM,iBAAiB,GAAG,IAAI,GAAG,CAAC;IAChC,wBAAwB;IACxB,2BAA2B;IAC3B,kBAAkB;CACnB,CAAC,CAAC;AAEH,MAAM,WAAW,GAAG,IAAI,GAAG,CAAC;IAC1B,SAAS;IACT,SAAS;IACT,QAAQ;IACR,YAAY;IACZ,WAAW;IACX,OAAO;IACP,QAAQ;IACR,QAAQ;IACR,cAAc;CACf,CAAC,CAAC;AAEH,MAAM,WAAW,GAAG,IAAI,GAAG,CAAC,CAAC,MAAM,EAAE,iBAAiB,EAAE,eAAe,EAAE,gBAAgB,CAAC,CAAC,CAAC;AAC5F,MAAM,eAAe,GAAG,IAAI,GAAG,CAAC,CAAC,qBAAqB,EAAE,oBAAoB,EAAE,iBAAiB,CAAC,CAAC,CAAC;AAClG,MAAM,cAAc,GAAG,IAAI,GAAG,CAAC,CAAC,kBAAkB,EAAE,iBAAiB,CAAC,CAAC,CAAC;AACxE,MAAM,UAAU,GAAG,IAAI,GAAG,CAAC,CAAC,SAAS,EAAE,QAAQ,CAAC,CAAC,CAAC;AAClD,MAAM,WAAW,GAAG,IAAI,GAAG,CAAC,CAAC,uBAAuB,EAAE,eAAe,EAAE,kBAAkB,CAAC,CAAC,CAAC;AAC5F,MAAM,WAAW,GAAG,IAAI,GAAG,CAAC;IAC1B,gBAAgB;IAChB,QAAQ;IACR,aAAa;IACb,iBAAiB;IACjB,UAAU;IACV,QAAQ;IACR,cAAc;IACd,6BAA6B;IAC7B,4BAA4B;CAC7B,CAAC,CAAC;AACH,MAAM,iBAAiB,GAAG,IAAI,GAAG,CAAC,CAAC,SAAS,EAAE,MAAM,EAAE,iBAAiB,CAAC,CAAC,CAAC;AAC1E,MAAM,gCAAgC,GAAG,IAAI,GAAG,CAAC;IAC/C,SAAS;IACT,mBAAmB;IACnB,uBAAuB;IACvB,eAAe;IACf,uBAAuB;IACvB,kBAAkB;IAClB,uBAAuB;IACvB,yBAAyB;CAC1B,CAAC,CAAC;AACH,MAAM,+BAA+B,GAAG,IAAI,GAAG,CAAC;IAC9C,SAAS;IACT,qBAAqB;IACrB,6BAA6B;CAC9B,CAAC,CAAC;AAEH,SAAS,aAAa,CAAC,KAAc;IACnC,OAAO,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,KAAK,IAAI,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;AAC9E,CAAC;AAED,SAAS,iBAAiB,CACxB,GAA4B,EAC5B,KAAa,EACb,OAAoB,EACpB,MAAgB;IAEhB,KAAK,MAAM,GAAG,IAAI,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC;QACnC,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC;YACtB,MAAM,CAAC,IAAI,CAAC,GAAG,KAAK,4BAA4B,GAAG,EAAE,CAAC,CAAC;QACzD,CAAC;IACH,CAAC;AACH,CAAC;AAED,SAAS,aAAa,CACpB,KAAc,EACd,KAAa,EACb,MAAgB;IAEhB,IAAI,KAAK,KAAK,SAAS;QAAE,OAAO;IAChC,IAAI,OAAO,KAAK,KAAK,SAAS,EAAE,CAAC;QAC/B,MAAM,CAAC,IAAI,CAAC,GAAG,KAAK,oBAAoB,CAAC,CAAC;IAC5C,CAAC;AACH,CAAC;AAED,SAAS,iBAAiB,CACxB,KAAc,EACd,KAAa,EACb,MAAgB,EAChB,QAAmB;IAEnB,IAAI,KAAK,KAAK,SAAS;QAAE,OAAO,SAAS,CAAC;IAC1C,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;QAC1B,MAAM,CAAC,IAAI,CAAC,GAAG,KAAK,8BAA8B,CAAC,CAAC;QACpD,OAAO,SAAS,CAAC;IACnB,CAAC;IACD,MAAM,GAAG,GAAa,EAAE,CAAC;IACzB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACtC,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;QACtB,IAAI,OAAO,IAAI,KAAK,QAAQ,EAAE,CAAC;YAC7B,MAAM,CAAC,IAAI,CAAC,GAAG,KAAK,IAAI,CAAC,oBAAoB,CAAC,CAAC;YAC/C,SAAS;QACX,CAAC;QACD,IAAI,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC;YAC5B,MAAM,CAAC,IAAI,CAAC,GAAG,KAAK,IAAI,CAAC,wBAAwB,CAAC,CAAC;YACnD,SAAS;QACX,CAAC;QACD,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACjB,CAAC;IACD,IAAI,QAAQ,IAAI,GAAG,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACjC,QAAQ,CAAC,IAAI,CAAC,GAAG,KAAK,WAAW,CAAC,CAAC;IACrC,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AAED,SAAS,oBAAoB,CAC3B,KAAc,EACd,KAAa,EACb,MAAgB;IAEhB,IAAI,KAAK,KAAK,SAAS;QAAE,OAAO;IAChC,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAC,IAAI,KAAK,IAAI,CAAC,EAAE,CAAC;QACvE,MAAM,CAAC,IAAI,CAAC,GAAG,KAAK,4BAA4B,CAAC,CAAC;IACpD,CAAC;AACH,CAAC;AAED,SAAS,kBAAkB,CACzB,KAAc,EACd,KAAa,EACb,MAAgB;IAEhB,IAAI,KAAK,KAAK,SAAS;QAAE,OAAO;IAChC,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;QACzD,MAAM,CAAC,IAAI,CAAC,GAAG,KAAK,0BAA0B,CAAC,CAAC;IAClD,CAAC;AACH,CAAC;AAED,MAAM,UAAU,cAAc,CAAC,MAAe;IAC5C,MAAM,MAAM,GAAa,EAAE,CAAC;IAC5B,MAAM,QAAQ,GAAa,EAAE,CAAC;IAE9B,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,EAAE,CAAC;QAC3B,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,CAAC,0BAA0B,CAAC,EAAE,QAAQ,EAAE,EAAE,EAAE,CAAC;IAC9E,CAAC;IAED,iBAAiB,CAAC,MAAM,EAAE,QAAQ,EAAE,WAAW,EAAE,MAAM,CAAC,CAAC;IAEzD,MAAM,CAAC,GAAG,MAAgB,CAAC;IAE3B,IAAI,CAAC,CAAC,OAAO,KAAK,SAAS,EAAE,CAAC;QAC5B,MAAM,CAAC,IAAI,CAAC,kCAAkC,qBAAqB,GAAG,CAAC,CAAC;IAC1E,CAAC;SAAM,IAAI,OAAO,CAAC,CAAC,OAAO,KAAK,QAAQ,EAAE,CAAC;QACzC,MAAM,CAAC,IAAI,CAAC,0BAA0B,CAAC,CAAC;IAC1C,CAAC;SAAM,IAAI,4BAA4B,CAAC,GAAG,CAAC,CAAC,CAAC,OAAO,CAAC,EAAE,CAAC;QACvD,MAAM,SAAS,GAAG,uBAAuB,CAAC,MAAa,CAAC,CAAC;QACzD,OAAO;YACL,KAAK,EAAE,SAAS,CAAC,KAAK;YACtB,MAAM,EAAE,SAAS,CAAC,MAAM;YACxB,QAAQ,EAAE,SAAS,CAAC,QAAQ;SAC7B,CAAC;IACJ,CAAC;SAAM,IAAI,CAAC,CAAC,OAAO,KAAK,qBAAqB,EAAE,CAAC;QAC/C,MAAM,CAAC,IAAI,CACT,+BAA+B,CAAC,CAAC,OAAO,gBAAgB,qBAAqB,iBAAiB,CAC/F,CAAC;IACJ,CAAC;IAED,IAAI,CAAC,CAAC,OAAO,KAAK,SAAS,IAAI,OAAO,CAAC,CAAC,OAAO,KAAK,QAAQ,EAAE,CAAC;QAC7D,MAAM,CAAC,IAAI,CAAC,0BAA0B,CAAC,CAAC;IAC1C,CAAC;IAED,oBAAoB;IACpB,IAAI,CAAC,CAAC,MAAM,KAAK,SAAS,EAAE,CAAC;QAC3B,IAAI,CAAC,aAAa,CAAC,CAAC,CAAC,MAAM,CAAC,EAAE,CAAC;YAC7B,MAAM,CAAC,IAAI,CAAC,0BAA0B,CAAC,CAAC;QAC1C,CAAC;aAAM,CAAC;YACN,iBAAiB,CAAC,CAAC,CAAC,MAAM,EAAE,QAAQ,EAAE,WAAW,EAAE,MAAM,CAAC,CAAC;YAC3D,MAAM,IAAI,GAAI,CAAC,CAAC,MAAc,CAAC,IAAI,CAAC;YACpC,IAAI,IAAI,KAAK,SAAS,IAAI,CAAC,CAAC,kBAAkB,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,OAAO,IAAI,KAAK,QAAQ,CAAC,EAAE,CAAC;gBACtF,MAAM,CAAC,IAAI,CAAC,+BAA+B,CAAC,GAAG,kBAAkB,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;YACnF,CAAC;YAED,MAAM,OAAO,GAAG,iBAAiB,CAAE,CAAC,CAAC,MAAc,CAAC,eAAe,EAAE,wBAAwB,EAAE,MAAM,CAAC,CAAC;YACvG,IAAI,IAAI,KAAK,WAAW,IAAI,OAAO,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;gBAC5D,QAAQ,CAAC,IAAI,CAAC,kEAAkE,CAAC,CAAC;YACpF,CAAC;YAED,iBAAiB,CAAE,CAAC,CAAC,MAAc,CAAC,cAAc,EAAE,uBAAuB,EAAE,MAAM,CAAC,CAAC;YACrF,iBAAiB,CAAE,CAAC,CAAC,MAAc,CAAC,aAAa,EAAE,sBAAsB,EAAE,MAAM,CAAC,CAAC;QACrF,CAAC;IACH,CAAC;IAED,wBAAwB;IACxB,IAAI,CAAC,CAAC,UAAU,KAAK,SAAS,EAAE,CAAC;QAC/B,IAAI,CAAC,aAAa,CAAC,CAAC,CAAC,UAAU,CAAC,EAAE,CAAC;YACjC,MAAM,CAAC,IAAI,CAAC,8BAA8B,CAAC,CAAC;QAC9C,CAAC;aAAM,CAAC;YACN,iBAAiB,CAAC,CAAC,CAAC,UAAU,EAAE,YAAY,EAAE,eAAe,EAAE,MAAM,CAAC,CAAC;YACvE,iBAAiB,CAAE,CAAC,CAAC,UAAkB,CAAC,mBAAmB,EAAE,gCAAgC,EAAE,MAAM,CAAC,CAAC;YACvG,iBAAiB,CAAE,CAAC,CAAC,UAAkB,CAAC,kBAAkB,EAAE,+BAA+B,EAAE,MAAM,CAAC,CAAC;YACrG,iBAAiB,CAAE,CAAC,CAAC,UAAkB,CAAC,eAAe,EAAE,4BAA4B,EAAE,MAAM,EAAE,QAAQ,CAAC,CAAC;QAC3G,CAAC;IACH,CAAC;IAED,uBAAuB;IACvB,IAAI,CAAC,CAAC,SAAS,KAAK,SAAS,EAAE,CAAC;QAC9B,IAAI,CAAC,aAAa,CAAC,CAAC,CAAC,SAAS,CAAC,EAAE,CAAC;YAChC,MAAM,CAAC,IAAI,CAAC,6BAA6B,CAAC,CAAC;QAC7C,CAAC;aAAM,CAAC;YACN,iBAAiB,CAAC,CAAC,CAAC,SAAS,EAAE,WAAW,EAAE,cAAc,EAAE,MAAM,CAAC,CAAC;YACpE,iBAAiB,CAAE,CAAC,CAAC,SAAiB,CAAC,gBAAgB,EAAE,4BAA4B,EAAE,MAAM,CAAC,CAAC;YAE/F,MAAM,QAAQ,GAAG,iBAAiB,CAAE,CAAC,CAAC,SAAiB,CAAC,eAAe,EAAE,2BAA2B,EAAE,MAAM,CAAC,CAAC;YAC9G,IAAI,QAAQ,EAAE,CAAC;gBACb,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;oBAC/B,IAAI,CAAC;wBACH,kCAAkC;wBAClC,IAAI,MAAM,CAAC,OAAO,CAAC,CAAC;oBACtB,CAAC;oBAAC,OAAO,GAAG,EAAE,CAAC;wBACb,MAAM,CAAC,IAAI,CAAC,qDAAqD,OAAO,EAAE,CAAC,CAAC;oBAC9E,CAAC;gBACH,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;IAED,yBAAyB;IACzB,IAAI,CAAC,CAAC,KAAK,KAAK,SAAS,EAAE,CAAC;QAC1B,IAAI,CAAC,aAAa,CAAC,CAAC,CAAC,KAAK,CAAC,EAAE,CAAC;YAC5B,MAAM,CAAC,IAAI,CAAC,yBAAyB,CAAC,CAAC;QACzC,CAAC;aAAM,CAAC;YACN,iBAAiB,CAAC,CAAC,CAAC,KAAK,EAAE,OAAO,EAAE,UAAU,EAAE,MAAM,CAAC,CAAC;YACxD,iBAAiB,CAAE,CAAC,CAAC,KAAa,CAAC,OAAO,EAAE,eAAe,EAAE,MAAM,CAAC,CAAC;YACrE,iBAAiB,CAAE,CAAC,CAAC,KAAa,CAAC,MAAM,EAAE,cAAc,EAAE,MAAM,CAAC,CAAC;QACrE,CAAC;IACH,CAAC;IAED,oBAAoB;IACpB,IAAI,CAAC,CAAC,MAAM,KAAK,SAAS,EAAE,CAAC;QAC3B,IAAI,CAAC,aAAa,CAAC,CAAC,CAAC,MAAM,CAAC,EAAE,CAAC;YAC7B,MAAM,CAAC,IAAI,CAAC,0BAA0B,CAAC,CAAC;QAC1C,CAAC;aAAM,CAAC;YACN,iBAAiB,CAAC,CAAC,CAAC,MAAM,EAAE,QAAQ,EAAE,WAAW,EAAE,MAAM,CAAC,CAAC;YAC3D,oBAAoB,CAAE,CAAC,CAAC,MAAc,CAAC,qBAAqB,EAAE,8BAA8B,EAAE,MAAM,CAAC,CAAC;YACtG,oBAAoB,CAAE,CAAC,CAAC,MAAc,CAAC,aAAa,EAAE,sBAAsB,EAAE,MAAM,CAAC,CAAC;YACtF,oBAAoB,CAAE,CAAC,CAAC,MAAc,CAAC,gBAAgB,EAAE,yBAAyB,EAAE,MAAM,CAAC,CAAC;QAC9F,CAAC;IACH,CAAC;IAED,2BAA2B;IAC3B,IAAI,CAAC,CAAC,MAAM,KAAK,SAAS,EAAE,CAAC;QAC3B,IAAI,CAAC,aAAa,CAAC,CAAC,CAAC,MAAM,CAAC,EAAE,CAAC;YAC7B,MAAM,CAAC,IAAI,CAAC,0BAA0B,CAAC,CAAC;QAC1C,CAAC;aAAM,CAAC;YACN,iBAAiB,CAAC,CAAC,CAAC,MAAM,EAAE,QAAQ,EAAE,WAAW,EAAE,MAAM,CAAC,CAAC;YAC3D,aAAa,CAAE,CAAC,CAAC,MAAc,CAAC,cAAc,EAAE,uBAAuB,EAAE,MAAM,CAAC,CAAC;YACjF,aAAa,CAAE,CAAC,CAAC,MAAc,CAAC,MAAM,EAAE,eAAe,EAAE,MAAM,CAAC,CAAC;YACjE,aAAa,CAAE,CAAC,CAAC,MAAc,CAAC,WAAW,EAAE,oBAAoB,EAAE,MAAM,CAAC,CAAC;YAC3E,aAAa,CAAE,CAAC,CAAC,MAAc,CAAC,eAAe,EAAE,wBAAwB,EAAE,MAAM,CAAC,CAAC;YACnF,aAAa,CAAE,CAAC,CAAC,MAAc,CAAC,QAAQ,EAAE,iBAAiB,EAAE,MAAM,CAAC,CAAC;YAErE,MAAM,WAAW,GAAI,CAAC,CAAC,MAAc,CAAC,YAAY,CAAC;YACnD,IAAI,WAAW,KAAK,SAAS,EAAE,CAAC;gBAC9B,IAAI,CAAC,aAAa,CAAC,WAAW,CAAC,EAAE,CAAC;oBAChC,MAAM,CAAC,IAAI,CAAC,uCAAuC,CAAC,CAAC;gBACvD,CAAC;qBAAM,CAAC;oBACN,iBAAiB,CAAC,WAAW,EAAE,qBAAqB,EAAE,iBAAiB,EAAE,MAAM,CAAC,CAAC;oBACjF,aAAa,CAAE,WAAmB,CAAC,OAAO,EAAE,6BAA6B,EAAE,MAAM,CAAC,CAAC;oBAEnF,MAAM,IAAI,GAAI,WAAmB,CAAC,IAAI,CAAC;oBACvC,IAAI,IAAI,KAAK,SAAS,IAAI,CAAC,OAAO,IAAI,KAAK,QAAQ,IAAI,CAAC,wBAAwB,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,EAAE,CAAC;wBAC5F,MAAM,CAAC,IAAI,CAAC,4CAA4C,CAAC,GAAG,wBAAwB,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;oBACtG,CAAC;oBAED,MAAM,cAAc,GAAG,iBAAiB,CAAE,WAAmB,CAAC,eAAe,EAAE,qCAAqC,EAAE,MAAM,CAAC,CAAC;oBAC9H,IAAI,cAAc,IAAI,cAAc,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;wBAClD,QAAQ,CAAC,IAAI,CAAC,oEAAoE,CAAC,CAAC;oBACtF,CAAC;gBACH,CAAC;YACH,CAAC;YAED,MAAM,iBAAiB,GAAI,CAAC,CAAC,MAAc,CAAC,2BAA2B,CAAC;YACxE,IAAI,iBAAiB,KAAK,SAAS,EAAE,CAAC;gBACpC,IAAI,CAAC,aAAa,CAAC,iBAAiB,CAAC,EAAE,CAAC;oBACtC,MAAM,CAAC,IAAI,CAAC,sDAAsD,CAAC,CAAC;gBACtE,CAAC;qBAAM,CAAC;oBACN,iBAAiB,CAAC,iBAAiB,EAAE,oCAAoC,EAAE,gCAAgC,EAAE,MAAM,CAAC,CAAC;oBACrH,aAAa,CAAE,iBAAyB,CAAC,OAAO,EAAE,4CAA4C,EAAE,MAAM,CAAC,CAAC;oBACxG,aAAa,CAAE,iBAAyB,CAAC,iBAAiB,EAAE,sDAAsD,EAAE,MAAM,CAAC,CAAC;oBAC5H,aAAa,CAAE,iBAAyB,CAAC,qBAAqB,EAAE,0DAA0D,EAAE,MAAM,CAAC,CAAC;oBACpI,aAAa,CAAE,iBAAyB,CAAC,aAAa,EAAE,kDAAkD,EAAE,MAAM,CAAC,CAAC;oBACpH,aAAa,CAAE,iBAAyB,CAAC,qBAAqB,EAAE,0DAA0D,EAAE,MAAM,CAAC,CAAC;oBACpI,aAAa,CAAE,iBAAyB,CAAC,gBAAgB,EAAE,qDAAqD,EAAE,MAAM,CAAC,CAAC;oBAC1H,aAAa,CAAE,iBAAyB,CAAC,qBAAqB,EAAE,0DAA0D,EAAE,MAAM,CAAC,CAAC;oBACpI,kBAAkB,CAAE,iBAAyB,CAAC,uBAAuB,EAAE,4DAA4D,EAAE,MAAM,CAAC,CAAC;oBAC7I,IAAI,OAAQ,iBAAyB,CAAC,uBAAuB,KAAK,QAAQ,IAAK,iBAAyB,CAAC,uBAAuB,GAAG,CAAC,EAAE,CAAC;wBACrI,MAAM,CAAC,IAAI,CAAC,yEAAyE,CAAC,CAAC;oBACzF,CAAC;gBACH,CAAC;YACH,CAAC;YAED,MAAM,cAAc,GAAI,CAAC,CAAC,MAAc,CAAC,0BAA0B,CAAC;YACpE,IAAI,cAAc,KAAK,SAAS,EAAE,CAAC;gBACjC,IAAI,CAAC,aAAa,CAAC,cAAc,CAAC,EAAE,CAAC;oBACnC,MAAM,CAAC,IAAI,CAAC,qDAAqD,CAAC,CAAC;gBACrE,CAAC;qBAAM,CAAC;oBACN,iBAAiB,CAAC,cAAc,EAAE,mCAAmC,EAAE,+BAA+B,EAAE,MAAM,CAAC,CAAC;oBAChH,aAAa,CAAE,cAAsB,CAAC,OAAO,EAAE,2CAA2C,EAAE,MAAM,CAAC,CAAC;oBACpG,MAAM,UAAU,GAAG,iBAAiB,CAAE,cAAsB,CAAC,mBAAmB,EAAE,uDAAuD,EAAE,MAAM,CAAC,CAAC;oBACnJ,IAAI,UAAU,IAAI,UAAU,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;wBAC1C,QAAQ,CAAC,IAAI,CAAC,0FAA0F,CAAC,CAAC;oBAC5G,CAAC;oBACD,aAAa,CAAE,cAAsB,CAAC,2BAA2B,EAAE,+DAA+D,EAAE,MAAM,CAAC,CAAC;gBAC9I,CAAC;YACH,CAAC;YAED,MAAM,MAAM,GAAI,CAAC,CAAC,MAAc,CAAC,MAAM,CAAC;YACxC,IAAI,MAAM,KAAK,SAAS,EAAE,CAAC;gBACzB,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC;oBAC3B,MAAM,CAAC,IAAI,CAAC,gCAAgC,CAAC,CAAC;gBAChD,CAAC;qBAAM,CAAC;oBACN,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;wBACvC,uBAAuB,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,iBAAiB,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC;oBACpE,CAAC;gBACH,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;IAED,oFAAoF;IACpF,oBAAoB,CAAC,MAAM,EAAE,QAAQ,EAAE,MAAM,CAAC,CAAC;IAE/C,0BAA0B;IAC1B,IAAI,CAAC,CAAC,YAAY,KAAK,SAAS,EAAE,CAAC;QACjC,IAAI,OAAO,CAAC,CAAC,YAAY,KAAK,QAAQ,EAAE,CAAC;YACvC,MAAM,CAAC,IAAI,CAAC,gCAAgC,CAAC,GAAG,uBAAuB,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACzF,CAAC;aAAM,IAAI,+BAA+B,CAAC,GAAG,CAAC,CAAC,CAAC,YAAY,CAAC,EAAE,CAAC;YAC/D,QAAQ,CAAC,IAAI,CAAC,uBAAuB,CAAC,CAAC,YAAY,kDAAkD,CAAC,CAAC;QACzG,CAAC;aAAM,IAAI,CAAC,uBAAuB,CAAC,GAAG,CAAC,CAAC,CAAC,YAAY,CAAC,EAAE,CAAC;YACxD,MAAM,CAAC,IAAI,CAAC,gCAAgC,CAAC,GAAG,uBAAuB,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACzF,CAAC;IACH,CAAC;IAED,OAAO,EAAE,KAAK,EAAE,MAAM,CAAC,MAAM,KAAK,CAAC,EAAE,MAAM,EAAE,QAAQ,EAAE,CAAC;AAC1D,CAAC;AAED,SAAS,uBAAuB,CAAC,KAAc,EAAE,IAAY,EAAE,MAAgB;IAC7E,IAAI,CAAC,aAAa,CAAC,KAAK,CAAC,EAAE,CAAC;QAC1B,MAAM,CAAC,IAAI,CAAC,GAAG,IAAI,oBAAoB,CAAC,CAAC;QACzC,OAAO;IACT,CAAC;IAED,MAAM,GAAG,GAAG,KAAK,CAAC,OAAO,CAAC;IAC1B,IAAI,OAAO,GAAG,KAAK,QAAQ,IAAI,GAAG,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE,CAAC;QACjD,MAAM,CAAC,IAAI,CAAC,GAAG,IAAI,qCAAqC,CAAC,CAAC;QAC1D,OAAO;IACT,CAAC;IAED,IAAI,CAAC,iBAAiB,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC;QAChC,MAAM,CAAC,IAAI,CAAC,GAAG,IAAI,8CAA8C,GAAG,EAAE,CAAC,CAAC;QACxE,OAAO;IACT,CAAC;IAED,MAAM,OAAO,GAAG,KAAK,CAAC,OAAO,CAAC;IAC9B,IAAI,OAAO,KAAK,SAAS,IAAI,OAAO,OAAO,KAAK,SAAS,EAAE,CAAC;QAC1D,MAAM,CAAC,IAAI,CAAC,GAAG,IAAI,4BAA4B,CAAC,CAAC;IACnD,CAAC;IAED,MAAM,MAAM,GAAG,KAAK,CAAC,MAAM,CAAC;IAC5B,IAAI,MAAM,KAAK,SAAS,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,EAAE,CAAC;QACnD,MAAM,CAAC,IAAI,CAAC,GAAG,IAAI,2BAA2B,CAAC,CAAC;QAChD,OAAO;IACT,CAAC;IAED,MAAM,GAAG,GAAG,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAA4B,CAAC;IAC7E,IAAI,GAAG,KAAK,wBAAwB,EAAE,CAAC;QACrC,aAAa,CAAC,GAAG,EAAE,GAAG,IAAI,iBAAiB,EAAE,MAAM,CAAC,CAAC;IACvD,CAAC;SAAM,IAAI,GAAG,KAAK,2BAA2B,EAAE,CAAC;QAC/C,aAAa,CAAC,GAAG,EAAE,GAAG,IAAI,iBAAiB,EAAE,MAAM,CAAC,CAAC;QACrD,aAAa,CAAC,GAAG,EAAE,GAAG,IAAI,mBAAmB,EAAE,MAAM,CAAC,CAAC;IACzD,CAAC;SAAM,IAAI,GAAG,KAAK,kBAAkB,EAAE,CAAC;QACtC,aAAa,CAAC,GAAG,EAAE,GAAG,IAAI,mBAAmB,EAAE,MAAM,CAAC,CAAC;QACvD,aAAa,CAAC,GAAG,EAAE,GAAG,IAAI,gBAAgB,EAAE,MAAM,CAAC,CAAC;IACtD,CAAC;IAED,MAAM,QAAQ,GAAI,KAAa,CAAC,KAAK,CAAC;IACtC,IAAI,QAAQ,KAAK,SAAS,EAAE,CAAC;QAC3B,mBAAmB,CAAC,QAAQ,EAAE,GAAG,IAAI,QAAQ,EAAE,MAAM,CAAC,CAAC;IACzD,CAAC;AACH,CAAC;AAED,SAAS,mBAAmB,CAAC,KAAc,EAAE,IAAY,EAAE,MAAgB;IACzE,IAAI,CAAC,aAAa,CAAC,KAAK,CAAC,EAAE,CAAC;QAC1B,MAAM,CAAC,IAAI,CAAC,GAAG,IAAI,oBAAoB,CAAC,CAAC;QACzC,OAAO;IACT,CAAC;IAED,MAAM,SAAS,GAAI,KAAa,CAAC,UAAU,CAAC;IAC5C,IAAI,SAAS,KAAK,SAAS,IAAI,CAAC,CAAC,cAAc,CAAC,SAAS,CAAC,IAAI,SAAS,GAAG,GAAG,IAAI,SAAS,GAAG,OAAO,CAAC,EAAE,CAAC;QACtG,MAAM,CAAC,IAAI,CAAC,GAAG,IAAI,4CAA4C,CAAC,CAAC;IACnE,CAAC;IAED,MAAM,SAAS,GAAI,KAAa,CAAC,UAAU,CAAC;IAC5C,IAAI,SAAS,KAAK,SAAS,IAAI,CAAC,OAAO,SAAS,KAAK,QAAQ,IAAI,CAAC,uBAAuB,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC,EAAE,CAAC;QAC1G,MAAM,CAAC,IAAI,CAAC,GAAG,IAAI,+BAA+B,CAAC,GAAG,uBAAuB,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAC/F,CAAC;IAED,MAAM,IAAI,GAAI,KAAa,CAAC,cAAc,CAAC;IAC3C,IAAI,IAAI,KAAK,SAAS,IAAI,CAAC,OAAO,IAAI,KAAK,QAAQ,IAAI,CAAC,qBAAqB,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,EAAE,CAAC;QACzF,MAAM,CAAC,IAAI,CAAC,GAAG,IAAI,mCAAmC,CAAC,GAAG,qBAAqB,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACjG,CAAC;IAED,IAAK,KAAa,CAAC,UAAU,KAAK,SAAS,EAAE,CAAC;QAC5C,IAAI,CAAC,aAAa,CAAE,KAAa,CAAC,UAAU,CAAC,EAAE,CAAC;YAC9C,MAAM,CAAC,IAAI,CAAC,GAAG,IAAI,+BAA+B,CAAC,CAAC;QACtD,CAAC;aAAM,CAAC;YACN,MAAM,EAAE,GAAI,KAAa,CAAC,UAAqC,CAAC;YAChE,MAAM,GAAG,GAAG,EAAE,CAAC,mBAAmB,CAAC;YACnC,MAAM,GAAG,GAAG,EAAE,CAAC,mBAAmB,CAAC;YACnC,IAAI,GAAG,KAAK,SAAS,IAAI,CAAC,CAAC,cAAc,CAAC,GAAG,CAAC,IAAI,GAAG,IAAI,CAAC,CAAC,EAAE,CAAC;gBAC5D,MAAM,CAAC,IAAI,CAAC,GAAG,IAAI,6CAA6C,CAAC,CAAC;YACpE,CAAC;YACD,IAAI,GAAG,KAAK,SAAS,IAAI,CAAC,CAAC,cAAc,CAAC,GAAG,CAAC,IAAI,GAAG,IAAI,CAAC,CAAC,EAAE,CAAC;gBAC5D,MAAM,CAAC,IAAI,CAAC,GAAG,IAAI,6CAA6C,CAAC,CAAC;YACpE,CAAC;YACD,IAAI,GAAG,KAAK,SAAS,IAAI,GAAG,KAAK,SAAS,EAAE,CAAC;gBAC3C,MAAM,CAAC,IAAI,CAAC,GAAG,IAAI,iFAAiF,CAAC,CAAC;YACxG,CAAC;YACD,MAAM,KAAK,GAAG,EAAE,CAAC,KAAK,CAAC;YACvB,IAAI,KAAK,KAAK,SAAS,IAAI,CAAC,OAAO,KAAK,KAAK,QAAQ,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,KAAK,CAAC,IAAI,KAAK,GAAG,CAAC,CAAC,EAAE,CAAC;gBAChG,MAAM,CAAC,IAAI,CAAC,GAAG,IAAI,gCAAgC,CAAC,CAAC;YACvD,CAAC;QACH,CAAC;IACH,CAAC;IAED,IAAK,KAAa,CAAC,KAAK,KAAK,SAAS,EAAE,CAAC;QACvC,IAAI,CAAC,aAAa,CAAE,KAAa,CAAC,KAAK,CAAC,EAAE,CAAC;YACzC,MAAM,CAAC,IAAI,CAAC,GAAG,IAAI,0BAA0B,CAAC,CAAC;QACjD,CAAC;aAAM,CAAC;YACN,MAAM,KAAK,GAAI,KAAa,CAAC,KAAgC,CAAC;YAC9D,MAAM,GAAG,GAAG,KAAK,CAAC,WAAW,CAAC;YAC9B,IAAI,GAAG,KAAK,SAAS,IAAI,CAAC,OAAO,GAAG,KAAK,QAAQ,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,GAAG,CAAC,IAAI,GAAG,GAAG,CAAC,CAAC,EAAE,CAAC;gBACxF,MAAM,CAAC,IAAI,CAAC,GAAG,IAAI,iCAAiC,CAAC,CAAC;YACxD,CAAC;YACD,MAAM,GAAG,GAAG,KAAK,CAAC,WAAW,CAAC;YAC9B,IAAI,GAAG,KAAK,SAAS,IAAI,CAAC,OAAO,GAAG,KAAK,QAAQ,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,GAAG,CAAC,IAAI,GAAG,GAAG,CAAC,CAAC,EAAE,CAAC;gBACxF,MAAM,CAAC,IAAI,CAAC,GAAG,IAAI,iCAAiC,CAAC,CAAC;YACxD,CAAC;QACH,CAAC;IACH,CAAC;IAED,IAAK,KAAa,CAAC,eAAe,KAAK,SAAS,EAAE,CAAC;QACjD,IAAI,CAAC,aAAa,CAAE,KAAa,CAAC,eAAe,CAAC,EAAE,CAAC;YACnD,MAAM,CAAC,IAAI,CAAC,GAAG,IAAI,oCAAoC,CAAC,CAAC;QAC3D,CAAC;aAAM,CAAC;YACN,MAAM,EAAE,GAAI,KAAa,CAAC,eAA0C,CAAC;YACrE,MAAM,CAAC,GAAG,EAAE,CAAC,iBAAiB,CAAC;YAC/B,IAAI,CAAC,KAAK,SAAS,IAAI,CAAC,OAAO,CAAC,KAAK,QAAQ,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC;gBAChF,MAAM,CAAC,IAAI,CAAC,GAAG,IAAI,iDAAiD,CAAC,CAAC;YACxE,CAAC;YACD,MAAM,KAAK,GAAG,EAAE,CAAC,gBAAgB,CAAC;YAClC,IAAI,KAAK,KAAK,SAAS,IAAI,CAAC,OAAO,KAAK,KAAK,QAAQ,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,KAAK,CAAC,IAAI,KAAK,GAAG,IAAI,CAAC,EAAE,CAAC;gBACnG,MAAM,CAAC,IAAI,CAAC,GAAG,IAAI,mDAAmD,CAAC,CAAC;YAC1E,CAAC;YACD,MAAM,CAAC,GAAG,EAAE,CAAC,iBAAiB,CAAC;YAC/B,IAAI,CAAC,KAAK,SAAS,IAAI,CAAC,OAAO,CAAC,KAAK,QAAQ,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC;gBAChF,MAAM,CAAC,IAAI,CAAC,GAAG,IAAI,iDAAiD,CAAC,CAAC;YACxE,CAAC;QACH,CAAC;IACH,CAAC;IAED,IAAK,KAAa,CAAC,KAAK,KAAK,SAAS,EAAE,CAAC;QACvC,IAAI,CAAC,aAAa,CAAE,KAAa,CAAC,KAAK,CAAC,EAAE,CAAC;YACzC,MAAM,CAAC,IAAI,CAAC,GAAG,IAAI,0BAA0B,CAAC,CAAC;QACjD,CAAC;aAAM,CAAC;YACN,MAAM,KAAK,GAAI,KAAa,CAAC,KAAgC,CAAC;YAC9D,MAAM,IAAI,GAAG,KAAK,CAAC,UAAU,CAAC;YAC9B,IAAI,IAAI,KAAK,SAAS,IAAI,CAAC,CAAC,cAAc,CAAC,IAAI,CAAC,IAAI,IAAI,GAAG,CAAC,CAAC,EAAE,CAAC;gBAC9D,MAAM,CAAC,IAAI,CAAC,GAAG,IAAI,gCAAgC,CAAC,CAAC;YACvD,CAAC;YACD,MAAM,IAAI,GAAG,KAAK,CAAC,kBAAkB,CAAC;YACtC,IAAI,IAAI,KAAK,SAAS,IAAI,CAAC,OAAO,IAAI,KAAK,QAAQ,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,IAAI,CAAC,IAAI,IAAI,GAAG,GAAG,CAAC,EAAE,CAAC;gBAC9F,MAAM,CAAC,IAAI,CAAC,GAAG,IAAI,0CAA0C,CAAC,CAAC;YACjE,CAAC;YACD,MAAM,GAAG,GAAG,KAAK,CAAC,cAAc,CAAC;YACjC,IAAI,GAAG,KAAK,SAAS,IAAI,CAAC,OAAO,GAAG,KAAK,QAAQ,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,GAAG,CAAC,IAAI,GAAG,GAAG,GAAG,CAAC,EAAE,CAAC;gBAC1F,MAAM,CAAC,IAAI,CAAC,GAAG,IAAI,sCAAsC,CAAC,CAAC;YAC7D,CAAC;YACD,IAAI,OAAO,IAAI,KAAK,QAAQ,IAAI,OAAO,GAAG,KAAK,QAAQ,IAAI,GAAG,GAAG,IAAI,EAAE,CAAC;gBACtE,MAAM,CAAC,IAAI,CAAC,GAAG,IAAI,qDAAqD,CAAC,CAAC;YAC5E,CAAC;QACH,CAAC;IACH,CAAC;AACH,CAAC;AAED,SAAS,aAAa,CAAC,GAA4B,EAAE,KAAa,EAAE,MAAgB;IAClF,MAAM,GAAG,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;IAChD,MAAM,KAAK,GAAG,GAAG,CAAC,GAAG,CAAC,CAAC;IACvB,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE,CAAC;QACrD,MAAM,CAAC,IAAI,CAAC,GAAG,KAAK,kCAAkC,CAAC,CAAC;IAC1D,CAAC;AACH,CAAC;AAED,SAAS,oBAAoB,CAAC,KAAc,EAAE,IAAY,EAAE,MAAgB;IAC1E,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;QAC9B,KAAK,MAAM,KAAK,IAAI,KAAK,CAAC,QAAQ,CAAC,cAAc,CAAC,EAAE,CAAC;YACnD,MAAM,GAAG,GAAG,KAAK,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;YAC3B,MAAM,OAAO,GAAG,oBAAoB,CAAC,GAAG,CAAC,CAAC;YAC1C,IAAI,CAAC,OAAO,CAAC,EAAE,EAAE,CAAC;gBAChB,MAAM,CAAC,IAAI,CAAC,GAAG,IAAI,KAAK,OAAO,CAAC,KAAK,EAAE,CAAC,CAAC;gBACzC,SAAS;YACX,CAAC;YACD,IAAI,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,KAAK,CAAC,KAAK,SAAS,EAAE,CAAC;gBAC7C,MAAM,CAAC,IAAI,CAAC,GAAG,IAAI,kCAAkC,OAAO,CAAC,KAAK,EAAE,CAAC,CAAC;YACxE,CAAC;QACH,CAAC;QACD,OAAO;IACT,CAAC;IAED,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;QACzB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YACtC,oBAAoB,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,GAAG,IAAI,IAAI,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC;QAC1D,CAAC;QACD,OAAO;IACT,CAAC;IAED,IAAI,aAAa,CAAC,KAAK,CAAC,EAAE,CAAC;QACzB,KAAK,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;YAC3C,oBAAoB,CAAC,CAAC,EAAE,GAAG,IAAI,IAAI,CAAC,EAAE,EAAE,MAAM,CAAC,CAAC;QAClD,CAAC;IACH,CAAC;AACH,CAAC;AAED,SAAS,oBAAoB,CAAC,GAAW;IACvC,IAAI,GAAG,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;QAC/B,MAAM,IAAI,GAAG,GAAG,CAAC,KAAK,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC;QAC1C,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,oCAAoC,EAAE,CAAC;QACpE,CAAC;QACD,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC;IACnC,CAAC;IACD,IAAI,CAAC,GAAG,EAAE,CAAC;QACT,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,4BAA4B,EAAE,CAAC;IAC5D,CAAC;IACD,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,GAAG,EAAE,CAAC;AAClC,CAAC;AAED,SAAS,cAAc,CAAC,KAAc;IACpC,OAAO,OAAO,KAAK,KAAK,QAAQ,IAAI,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;AAC7D,CAAC"}
|
|
1
|
+
{"version":3,"file":"validator.js","sourceRoot":"","sources":["../../src/policy/validator.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,cAAc,IAAI,uBAAuB,EAAE,MAAM,qBAAqB,CAAC;AAGhF,MAAM,CAAC,MAAM,qBAAqB,GAAG,kBAAkB,CAAC;AACxD,MAAM,4BAA4B,GAAG,IAAI,GAAG,CAAC,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC,CAAC;AAEjE,MAAM,kBAAkB,GAAG,IAAI,GAAG,CAAC,CAAC,WAAW,EAAE,UAAU,EAAE,MAAM,EAAE,UAAU,CAAC,CAAC,CAAC;AAClF,MAAM,uBAAuB,GAAG,IAAI,GAAG,CAAC,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC,CAAC;AAC5D,MAAM,+BAA+B,GAAG,IAAI,GAAG,CAAC,CAAC,SAAS,EAAE,UAAU,CAAC,CAAC,CAAC;AACzE,MAAM,uBAAuB,GAAG,IAAI,GAAG,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,OAAO,CAAC,CAAC,CAAC;AAC5E,MAAM,qBAAqB,GAAG,IAAI,GAAG,CAAC,CAAC,UAAU,EAAE,YAAY,EAAE,YAAY,CAAC,CAAC,CAAC;AAChF,MAAM,wBAAwB,GAAG,IAAI,GAAG,CAAC,CAAC,SAAS,EAAE,WAAW,EAAE,aAAa,CAAC,CAAC,CAAC;AAElF,MAAM,cAAc,GAAG,gBAAgB,CAAC;AAExC,MAAM,iBAAiB,GAAG,IAAI,GAAG,CAAC;IAChC,wBAAwB;IACxB,2BAA2B;IAC3B,kBAAkB;CACnB,CAAC,CAAC;AAEH,MAAM,WAAW,GAAG,IAAI,GAAG,CAAC;IAC1B,SAAS;IACT,SAAS;IACT,QAAQ;IACR,YAAY;IACZ,WAAW;IACX,OAAO;IACP,QAAQ;IACR,QAAQ;IACR,cAAc;CACf,CAAC,CAAC;AAEH,MAAM,WAAW,GAAG,IAAI,GAAG,CAAC,CAAC,MAAM,EAAE,iBAAiB,EAAE,eAAe,EAAE,gBAAgB,CAAC,CAAC,CAAC;AAC5F,MAAM,eAAe,GAAG,IAAI,GAAG,CAAC,CAAC,qBAAqB,EAAE,oBAAoB,EAAE,iBAAiB,CAAC,CAAC,CAAC;AAClG,MAAM,cAAc,GAAG,IAAI,GAAG,CAAC,CAAC,kBAAkB,EAAE,iBAAiB,CAAC,CAAC,CAAC;AACxE,MAAM,UAAU,GAAG,IAAI,GAAG,CAAC,CAAC,SAAS,EAAE,QAAQ,CAAC,CAAC,CAAC;AAClD,MAAM,WAAW,GAAG,IAAI,GAAG,CAAC,CAAC,uBAAuB,EAAE,eAAe,EAAE,kBAAkB,CAAC,CAAC,CAAC;AAC5F,MAAM,WAAW,GAAG,IAAI,GAAG,CAAC;IAC1B,gBAAgB;IAChB,QAAQ;IACR,aAAa;IACb,iBAAiB;IACjB,UAAU;IACV,QAAQ;IACR,cAAc;IACd,6BAA6B;IAC7B,4BAA4B;CAC7B,CAAC,CAAC;AACH,MAAM,iBAAiB,GAAG,IAAI,GAAG,CAAC,CAAC,SAAS,EAAE,MAAM,EAAE,iBAAiB,CAAC,CAAC,CAAC;AAC1E,MAAM,gCAAgC,GAAG,IAAI,GAAG,CAAC;IAC/C,SAAS;IACT,mBAAmB;IACnB,uBAAuB;IACvB,eAAe;IACf,uBAAuB;IACvB,kBAAkB;IAClB,uBAAuB;IACvB,yBAAyB;CAC1B,CAAC,CAAC;AACH,MAAM,+BAA+B,GAAG,IAAI,GAAG,CAAC;IAC9C,SAAS;IACT,qBAAqB;IACrB,6BAA6B;CAC9B,CAAC,CAAC;AAEH,SAAS,aAAa,CAAC,KAAc;IACnC,OAAO,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,KAAK,IAAI,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;AAC9E,CAAC;AAED,SAAS,iBAAiB,CACxB,GAA4B,EAC5B,KAAa,EACb,OAAoB,EACpB,MAAgB;IAEhB,KAAK,MAAM,GAAG,IAAI,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC;QACnC,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC;YACtB,MAAM,CAAC,IAAI,CAAC,GAAG,KAAK,4BAA4B,GAAG,EAAE,CAAC,CAAC;QACzD,CAAC;IACH,CAAC;AACH,CAAC;AAED,SAAS,aAAa,CAAC,KAAc,EAAE,KAAa,EAAE,MAAgB;IACpE,IAAI,KAAK,KAAK,SAAS;QAAE,OAAO;IAChC,IAAI,OAAO,KAAK,KAAK,SAAS,EAAE,CAAC;QAC/B,MAAM,CAAC,IAAI,CAAC,GAAG,KAAK,oBAAoB,CAAC,CAAC;IAC5C,CAAC;AACH,CAAC;AAED,SAAS,iBAAiB,CACxB,KAAc,EACd,KAAa,EACb,MAAgB,EAChB,QAAmB;IAEnB,IAAI,KAAK,KAAK,SAAS;QAAE,OAAO,SAAS,CAAC;IAC1C,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;QAC1B,MAAM,CAAC,IAAI,CAAC,GAAG,KAAK,8BAA8B,CAAC,CAAC;QACpD,OAAO,SAAS,CAAC;IACnB,CAAC;IACD,MAAM,GAAG,GAAa,EAAE,CAAC;IACzB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACtC,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;QACtB,IAAI,OAAO,IAAI,KAAK,QAAQ,EAAE,CAAC;YAC7B,MAAM,CAAC,IAAI,CAAC,GAAG,KAAK,IAAI,CAAC,oBAAoB,CAAC,CAAC;YAC/C,SAAS;QACX,CAAC;QACD,IAAI,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC;YAC5B,MAAM,CAAC,IAAI,CAAC,GAAG,KAAK,IAAI,CAAC,wBAAwB,CAAC,CAAC;YACnD,SAAS;QACX,CAAC;QACD,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACjB,CAAC;IACD,IAAI,QAAQ,IAAI,GAAG,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACjC,QAAQ,CAAC,IAAI,CAAC,GAAG,KAAK,WAAW,CAAC,CAAC;IACrC,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AAED,SAAS,oBAAoB,CAAC,KAAc,EAAE,KAAa,EAAE,MAAgB;IAC3E,IAAI,KAAK,KAAK,SAAS;QAAE,OAAO;IAChC,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAC,IAAI,KAAK,IAAI,CAAC,EAAE,CAAC;QACvE,MAAM,CAAC,IAAI,CAAC,GAAG,KAAK,4BAA4B,CAAC,CAAC;IACpD,CAAC;AACH,CAAC;AAED,SAAS,kBAAkB,CAAC,KAAc,EAAE,KAAa,EAAE,MAAgB;IACzE,IAAI,KAAK,KAAK,SAAS;QAAE,OAAO;IAChC,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;QACzD,MAAM,CAAC,IAAI,CAAC,GAAG,KAAK,0BAA0B,CAAC,CAAC;IAClD,CAAC;AACH,CAAC;AAED,MAAM,UAAU,cAAc,CAAC,MAAe;IAC5C,MAAM,MAAM,GAAa,EAAE,CAAC;IAC5B,MAAM,QAAQ,GAAa,EAAE,CAAC;IAE9B,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,EAAE,CAAC;QAC3B,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,CAAC,0BAA0B,CAAC,EAAE,QAAQ,EAAE,EAAE,EAAE,CAAC;IAC9E,CAAC;IAED,iBAAiB,CAAC,MAAM,EAAE,QAAQ,EAAE,WAAW,EAAE,MAAM,CAAC,CAAC;IAEzD,MAAM,CAAC,GAAG,MAAgB,CAAC;IAE3B,IAAI,CAAC,CAAC,OAAO,KAAK,SAAS,EAAE,CAAC;QAC5B,MAAM,CAAC,IAAI,CAAC,kCAAkC,qBAAqB,GAAG,CAAC,CAAC;IAC1E,CAAC;SAAM,IAAI,OAAO,CAAC,CAAC,OAAO,KAAK,QAAQ,EAAE,CAAC;QACzC,MAAM,CAAC,IAAI,CAAC,0BAA0B,CAAC,CAAC;IAC1C,CAAC;SAAM,IAAI,4BAA4B,CAAC,GAAG,CAAC,CAAC,CAAC,OAAO,CAAC,EAAE,CAAC;QACvD,MAAM,SAAS,GAAG,uBAAuB,CAAC,MAAa,CAAC,CAAC;QACzD,OAAO;YACL,KAAK,EAAE,SAAS,CAAC,KAAK;YACtB,MAAM,EAAE,SAAS,CAAC,MAAM;YACxB,QAAQ,EAAE,SAAS,CAAC,QAAQ;SAC7B,CAAC;IACJ,CAAC;SAAM,IAAI,CAAC,CAAC,OAAO,KAAK,qBAAqB,EAAE,CAAC;QAC/C,MAAM,CAAC,IAAI,CACT,+BAA+B,CAAC,CAAC,OAAO,gBAAgB,qBAAqB,iBAAiB,CAC/F,CAAC;IACJ,CAAC;IAED,IAAI,CAAC,CAAC,OAAO,KAAK,SAAS,IAAI,OAAO,CAAC,CAAC,OAAO,KAAK,QAAQ,EAAE,CAAC;QAC7D,MAAM,CAAC,IAAI,CAAC,0BAA0B,CAAC,CAAC;IAC1C,CAAC;IAED,oBAAoB;IACpB,IAAI,CAAC,CAAC,MAAM,KAAK,SAAS,EAAE,CAAC;QAC3B,IAAI,CAAC,aAAa,CAAC,CAAC,CAAC,MAAM,CAAC,EAAE,CAAC;YAC7B,MAAM,CAAC,IAAI,CAAC,0BAA0B,CAAC,CAAC;QAC1C,CAAC;aAAM,CAAC;YACN,iBAAiB,CAAC,CAAC,CAAC,MAAM,EAAE,QAAQ,EAAE,WAAW,EAAE,MAAM,CAAC,CAAC;YAC3D,MAAM,IAAI,GAAI,CAAC,CAAC,MAAc,CAAC,IAAI,CAAC;YACpC,IAAI,IAAI,KAAK,SAAS,IAAI,CAAC,CAAC,kBAAkB,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,OAAO,IAAI,KAAK,QAAQ,CAAC,EAAE,CAAC;gBACtF,MAAM,CAAC,IAAI,CAAC,+BAA+B,CAAC,GAAG,kBAAkB,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;YACnF,CAAC;YAED,MAAM,OAAO,GAAG,iBAAiB,CAC9B,CAAC,CAAC,MAAc,CAAC,eAAe,EACjC,wBAAwB,EACxB,MAAM,CACP,CAAC;YACF,IAAI,IAAI,KAAK,WAAW,IAAI,OAAO,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;gBAC5D,QAAQ,CAAC,IAAI,CAAC,kEAAkE,CAAC,CAAC;YACpF,CAAC;YAED,iBAAiB,CAAE,CAAC,CAAC,MAAc,CAAC,cAAc,EAAE,uBAAuB,EAAE,MAAM,CAAC,CAAC;YACrF,iBAAiB,CAAE,CAAC,CAAC,MAAc,CAAC,aAAa,EAAE,sBAAsB,EAAE,MAAM,CAAC,CAAC;QACrF,CAAC;IACH,CAAC;IAED,wBAAwB;IACxB,IAAI,CAAC,CAAC,UAAU,KAAK,SAAS,EAAE,CAAC;QAC/B,IAAI,CAAC,aAAa,CAAC,CAAC,CAAC,UAAU,CAAC,EAAE,CAAC;YACjC,MAAM,CAAC,IAAI,CAAC,8BAA8B,CAAC,CAAC;QAC9C,CAAC;aAAM,CAAC;YACN,iBAAiB,CAAC,CAAC,CAAC,UAAU,EAAE,YAAY,EAAE,eAAe,EAAE,MAAM,CAAC,CAAC;YACvE,iBAAiB,CACd,CAAC,CAAC,UAAkB,CAAC,mBAAmB,EACzC,gCAAgC,EAChC,MAAM,CACP,CAAC;YACF,iBAAiB,CACd,CAAC,CAAC,UAAkB,CAAC,kBAAkB,EACxC,+BAA+B,EAC/B,MAAM,CACP,CAAC;YACF,iBAAiB,CACd,CAAC,CAAC,UAAkB,CAAC,eAAe,EACrC,4BAA4B,EAC5B,MAAM,EACN,QAAQ,CACT,CAAC;QACJ,CAAC;IACH,CAAC;IAED,uBAAuB;IACvB,IAAI,CAAC,CAAC,SAAS,KAAK,SAAS,EAAE,CAAC;QAC9B,IAAI,CAAC,aAAa,CAAC,CAAC,CAAC,SAAS,CAAC,EAAE,CAAC;YAChC,MAAM,CAAC,IAAI,CAAC,6BAA6B,CAAC,CAAC;QAC7C,CAAC;aAAM,CAAC;YACN,iBAAiB,CAAC,CAAC,CAAC,SAAS,EAAE,WAAW,EAAE,cAAc,EAAE,MAAM,CAAC,CAAC;YACpE,iBAAiB,CACd,CAAC,CAAC,SAAiB,CAAC,gBAAgB,EACrC,4BAA4B,EAC5B,MAAM,CACP,CAAC;YAEF,MAAM,QAAQ,GAAG,iBAAiB,CAC/B,CAAC,CAAC,SAAiB,CAAC,eAAe,EACpC,2BAA2B,EAC3B,MAAM,CACP,CAAC;YACF,IAAI,QAAQ,EAAE,CAAC;gBACb,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;oBAC/B,IAAI,CAAC;wBACH,kCAAkC;wBAClC,IAAI,MAAM,CAAC,OAAO,CAAC,CAAC;oBACtB,CAAC;oBAAC,OAAO,GAAG,EAAE,CAAC;wBACb,MAAM,CAAC,IAAI,CAAC,qDAAqD,OAAO,EAAE,CAAC,CAAC;oBAC9E,CAAC;gBACH,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;IAED,yBAAyB;IACzB,IAAI,CAAC,CAAC,KAAK,KAAK,SAAS,EAAE,CAAC;QAC1B,IAAI,CAAC,aAAa,CAAC,CAAC,CAAC,KAAK,CAAC,EAAE,CAAC;YAC5B,MAAM,CAAC,IAAI,CAAC,yBAAyB,CAAC,CAAC;QACzC,CAAC;aAAM,CAAC;YACN,iBAAiB,CAAC,CAAC,CAAC,KAAK,EAAE,OAAO,EAAE,UAAU,EAAE,MAAM,CAAC,CAAC;YACxD,iBAAiB,CAAE,CAAC,CAAC,KAAa,CAAC,OAAO,EAAE,eAAe,EAAE,MAAM,CAAC,CAAC;YACrE,iBAAiB,CAAE,CAAC,CAAC,KAAa,CAAC,MAAM,EAAE,cAAc,EAAE,MAAM,CAAC,CAAC;QACrE,CAAC;IACH,CAAC;IAED,oBAAoB;IACpB,IAAI,CAAC,CAAC,MAAM,KAAK,SAAS,EAAE,CAAC;QAC3B,IAAI,CAAC,aAAa,CAAC,CAAC,CAAC,MAAM,CAAC,EAAE,CAAC;YAC7B,MAAM,CAAC,IAAI,CAAC,0BAA0B,CAAC,CAAC;QAC1C,CAAC;aAAM,CAAC;YACN,iBAAiB,CAAC,CAAC,CAAC,MAAM,EAAE,QAAQ,EAAE,WAAW,EAAE,MAAM,CAAC,CAAC;YAC3D,oBAAoB,CACjB,CAAC,CAAC,MAAc,CAAC,qBAAqB,EACvC,8BAA8B,EAC9B,MAAM,CACP,CAAC;YACF,oBAAoB,CAAE,CAAC,CAAC,MAAc,CAAC,aAAa,EAAE,sBAAsB,EAAE,MAAM,CAAC,CAAC;YACtF,oBAAoB,CAAE,CAAC,CAAC,MAAc,CAAC,gBAAgB,EAAE,yBAAyB,EAAE,MAAM,CAAC,CAAC;QAC9F,CAAC;IACH,CAAC;IAED,2BAA2B;IAC3B,IAAI,CAAC,CAAC,MAAM,KAAK,SAAS,EAAE,CAAC;QAC3B,IAAI,CAAC,aAAa,CAAC,CAAC,CAAC,MAAM,CAAC,EAAE,CAAC;YAC7B,MAAM,CAAC,IAAI,CAAC,0BAA0B,CAAC,CAAC;QAC1C,CAAC;aAAM,CAAC;YACN,iBAAiB,CAAC,CAAC,CAAC,MAAM,EAAE,QAAQ,EAAE,WAAW,EAAE,MAAM,CAAC,CAAC;YAC3D,aAAa,CAAE,CAAC,CAAC,MAAc,CAAC,cAAc,EAAE,uBAAuB,EAAE,MAAM,CAAC,CAAC;YACjF,aAAa,CAAE,CAAC,CAAC,MAAc,CAAC,MAAM,EAAE,eAAe,EAAE,MAAM,CAAC,CAAC;YACjE,aAAa,CAAE,CAAC,CAAC,MAAc,CAAC,WAAW,EAAE,oBAAoB,EAAE,MAAM,CAAC,CAAC;YAC3E,aAAa,CAAE,CAAC,CAAC,MAAc,CAAC,eAAe,EAAE,wBAAwB,EAAE,MAAM,CAAC,CAAC;YACnF,aAAa,CAAE,CAAC,CAAC,MAAc,CAAC,QAAQ,EAAE,iBAAiB,EAAE,MAAM,CAAC,CAAC;YAErE,MAAM,WAAW,GAAI,CAAC,CAAC,MAAc,CAAC,YAAY,CAAC;YACnD,IAAI,WAAW,KAAK,SAAS,EAAE,CAAC;gBAC9B,IAAI,CAAC,aAAa,CAAC,WAAW,CAAC,EAAE,CAAC;oBAChC,MAAM,CAAC,IAAI,CAAC,uCAAuC,CAAC,CAAC;gBACvD,CAAC;qBAAM,CAAC;oBACN,iBAAiB,CAAC,WAAW,EAAE,qBAAqB,EAAE,iBAAiB,EAAE,MAAM,CAAC,CAAC;oBACjF,aAAa,CAAE,WAAmB,CAAC,OAAO,EAAE,6BAA6B,EAAE,MAAM,CAAC,CAAC;oBAEnF,MAAM,IAAI,GAAI,WAAmB,CAAC,IAAI,CAAC;oBACvC,IACE,IAAI,KAAK,SAAS;wBAClB,CAAC,OAAO,IAAI,KAAK,QAAQ,IAAI,CAAC,wBAAwB,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,EACjE,CAAC;wBACD,MAAM,CAAC,IAAI,CACT,4CAA4C,CAAC,GAAG,wBAAwB,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CACvF,CAAC;oBACJ,CAAC;oBAED,MAAM,cAAc,GAAG,iBAAiB,CACrC,WAAmB,CAAC,eAAe,EACpC,qCAAqC,EACrC,MAAM,CACP,CAAC;oBACF,IAAI,cAAc,IAAI,cAAc,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;wBAClD,QAAQ,CAAC,IAAI,CAAC,oEAAoE,CAAC,CAAC;oBACtF,CAAC;gBACH,CAAC;YACH,CAAC;YAED,MAAM,iBAAiB,GAAI,CAAC,CAAC,MAAc,CAAC,2BAA2B,CAAC;YACxE,IAAI,iBAAiB,KAAK,SAAS,EAAE,CAAC;gBACpC,IAAI,CAAC,aAAa,CAAC,iBAAiB,CAAC,EAAE,CAAC;oBACtC,MAAM,CAAC,IAAI,CAAC,sDAAsD,CAAC,CAAC;gBACtE,CAAC;qBAAM,CAAC;oBACN,iBAAiB,CACf,iBAAiB,EACjB,oCAAoC,EACpC,gCAAgC,EAChC,MAAM,CACP,CAAC;oBACF,aAAa,CACV,iBAAyB,CAAC,OAAO,EAClC,4CAA4C,EAC5C,MAAM,CACP,CAAC;oBACF,aAAa,CACV,iBAAyB,CAAC,iBAAiB,EAC5C,sDAAsD,EACtD,MAAM,CACP,CAAC;oBACF,aAAa,CACV,iBAAyB,CAAC,qBAAqB,EAChD,0DAA0D,EAC1D,MAAM,CACP,CAAC;oBACF,aAAa,CACV,iBAAyB,CAAC,aAAa,EACxC,kDAAkD,EAClD,MAAM,CACP,CAAC;oBACF,aAAa,CACV,iBAAyB,CAAC,qBAAqB,EAChD,0DAA0D,EAC1D,MAAM,CACP,CAAC;oBACF,aAAa,CACV,iBAAyB,CAAC,gBAAgB,EAC3C,qDAAqD,EACrD,MAAM,CACP,CAAC;oBACF,aAAa,CACV,iBAAyB,CAAC,qBAAqB,EAChD,0DAA0D,EAC1D,MAAM,CACP,CAAC;oBACF,kBAAkB,CACf,iBAAyB,CAAC,uBAAuB,EAClD,4DAA4D,EAC5D,MAAM,CACP,CAAC;oBACF,IACE,OAAQ,iBAAyB,CAAC,uBAAuB,KAAK,QAAQ;wBACrE,iBAAyB,CAAC,uBAAuB,GAAG,CAAC,EACtD,CAAC;wBACD,MAAM,CAAC,IAAI,CAAC,yEAAyE,CAAC,CAAC;oBACzF,CAAC;gBACH,CAAC;YACH,CAAC;YAED,MAAM,cAAc,GAAI,CAAC,CAAC,MAAc,CAAC,0BAA0B,CAAC;YACpE,IAAI,cAAc,KAAK,SAAS,EAAE,CAAC;gBACjC,IAAI,CAAC,aAAa,CAAC,cAAc,CAAC,EAAE,CAAC;oBACnC,MAAM,CAAC,IAAI,CAAC,qDAAqD,CAAC,CAAC;gBACrE,CAAC;qBAAM,CAAC;oBACN,iBAAiB,CACf,cAAc,EACd,mCAAmC,EACnC,+BAA+B,EAC/B,MAAM,CACP,CAAC;oBACF,aAAa,CACV,cAAsB,CAAC,OAAO,EAC/B,2CAA2C,EAC3C,MAAM,CACP,CAAC;oBACF,MAAM,UAAU,GAAG,iBAAiB,CACjC,cAAsB,CAAC,mBAAmB,EAC3C,uDAAuD,EACvD,MAAM,CACP,CAAC;oBACF,IAAI,UAAU,IAAI,UAAU,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;wBAC1C,QAAQ,CAAC,IAAI,CACX,0FAA0F,CAC3F,CAAC;oBACJ,CAAC;oBACD,aAAa,CACV,cAAsB,CAAC,2BAA2B,EACnD,+DAA+D,EAC/D,MAAM,CACP,CAAC;gBACJ,CAAC;YACH,CAAC;YAED,MAAM,MAAM,GAAI,CAAC,CAAC,MAAc,CAAC,MAAM,CAAC;YACxC,IAAI,MAAM,KAAK,SAAS,EAAE,CAAC;gBACzB,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC;oBAC3B,MAAM,CAAC,IAAI,CAAC,gCAAgC,CAAC,CAAC;gBAChD,CAAC;qBAAM,CAAC;oBACN,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;wBACvC,uBAAuB,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,iBAAiB,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC;oBACpE,CAAC;gBACH,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;IAED,oFAAoF;IACpF,oBAAoB,CAAC,MAAM,EAAE,QAAQ,EAAE,MAAM,CAAC,CAAC;IAE/C,0BAA0B;IAC1B,IAAI,CAAC,CAAC,YAAY,KAAK,SAAS,EAAE,CAAC;QACjC,IAAI,OAAO,CAAC,CAAC,YAAY,KAAK,QAAQ,EAAE,CAAC;YACvC,MAAM,CAAC,IAAI,CAAC,gCAAgC,CAAC,GAAG,uBAAuB,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACzF,CAAC;aAAM,IAAI,+BAA+B,CAAC,GAAG,CAAC,CAAC,CAAC,YAAY,CAAC,EAAE,CAAC;YAC/D,QAAQ,CAAC,IAAI,CACX,uBAAuB,CAAC,CAAC,YAAY,kDAAkD,CACxF,CAAC;QACJ,CAAC;aAAM,IAAI,CAAC,uBAAuB,CAAC,GAAG,CAAC,CAAC,CAAC,YAAY,CAAC,EAAE,CAAC;YACxD,MAAM,CAAC,IAAI,CAAC,gCAAgC,CAAC,GAAG,uBAAuB,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACzF,CAAC;IACH,CAAC;IAED,OAAO,EAAE,KAAK,EAAE,MAAM,CAAC,MAAM,KAAK,CAAC,EAAE,MAAM,EAAE,QAAQ,EAAE,CAAC;AAC1D,CAAC;AAED,SAAS,uBAAuB,CAAC,KAAc,EAAE,IAAY,EAAE,MAAgB;IAC7E,IAAI,CAAC,aAAa,CAAC,KAAK,CAAC,EAAE,CAAC;QAC1B,MAAM,CAAC,IAAI,CAAC,GAAG,IAAI,oBAAoB,CAAC,CAAC;QACzC,OAAO;IACT,CAAC;IAED,MAAM,GAAG,GAAG,KAAK,CAAC,OAAO,CAAC;IAC1B,IAAI,OAAO,GAAG,KAAK,QAAQ,IAAI,GAAG,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE,CAAC;QACjD,MAAM,CAAC,IAAI,CAAC,GAAG,IAAI,qCAAqC,CAAC,CAAC;QAC1D,OAAO;IACT,CAAC;IAED,IAAI,CAAC,iBAAiB,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC;QAChC,MAAM,CAAC,IAAI,CAAC,GAAG,IAAI,8CAA8C,GAAG,EAAE,CAAC,CAAC;QACxE,OAAO;IACT,CAAC;IAED,MAAM,OAAO,GAAG,KAAK,CAAC,OAAO,CAAC;IAC9B,IAAI,OAAO,KAAK,SAAS,IAAI,OAAO,OAAO,KAAK,SAAS,EAAE,CAAC;QAC1D,MAAM,CAAC,IAAI,CAAC,GAAG,IAAI,4BAA4B,CAAC,CAAC;IACnD,CAAC;IAED,MAAM,MAAM,GAAG,KAAK,CAAC,MAAM,CAAC;IAC5B,IAAI,MAAM,KAAK,SAAS,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,EAAE,CAAC;QACnD,MAAM,CAAC,IAAI,CAAC,GAAG,IAAI,2BAA2B,CAAC,CAAC;QAChD,OAAO;IACT,CAAC;IAED,MAAM,GAAG,GAAG,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAA4B,CAAC;IAC7E,IAAI,GAAG,KAAK,wBAAwB,EAAE,CAAC;QACrC,aAAa,CAAC,GAAG,EAAE,GAAG,IAAI,iBAAiB,EAAE,MAAM,CAAC,CAAC;IACvD,CAAC;SAAM,IAAI,GAAG,KAAK,2BAA2B,EAAE,CAAC;QAC/C,aAAa,CAAC,GAAG,EAAE,GAAG,IAAI,iBAAiB,EAAE,MAAM,CAAC,CAAC;QACrD,aAAa,CAAC,GAAG,EAAE,GAAG,IAAI,mBAAmB,EAAE,MAAM,CAAC,CAAC;IACzD,CAAC;SAAM,IAAI,GAAG,KAAK,kBAAkB,EAAE,CAAC;QACtC,aAAa,CAAC,GAAG,EAAE,GAAG,IAAI,mBAAmB,EAAE,MAAM,CAAC,CAAC;QACvD,aAAa,CAAC,GAAG,EAAE,GAAG,IAAI,gBAAgB,EAAE,MAAM,CAAC,CAAC;IACtD,CAAC;IAED,MAAM,QAAQ,GAAI,KAAa,CAAC,KAAK,CAAC;IACtC,IAAI,QAAQ,KAAK,SAAS,EAAE,CAAC;QAC3B,mBAAmB,CAAC,QAAQ,EAAE,GAAG,IAAI,QAAQ,EAAE,MAAM,CAAC,CAAC;IACzD,CAAC;AACH,CAAC;AAED,SAAS,mBAAmB,CAAC,KAAc,EAAE,IAAY,EAAE,MAAgB;IACzE,IAAI,CAAC,aAAa,CAAC,KAAK,CAAC,EAAE,CAAC;QAC1B,MAAM,CAAC,IAAI,CAAC,GAAG,IAAI,oBAAoB,CAAC,CAAC;QACzC,OAAO;IACT,CAAC;IAED,MAAM,SAAS,GAAI,KAAa,CAAC,UAAU,CAAC;IAC5C,IACE,SAAS,KAAK,SAAS;QACvB,CAAC,CAAC,cAAc,CAAC,SAAS,CAAC,IAAI,SAAS,GAAG,GAAG,IAAI,SAAS,GAAG,OAAO,CAAC,EACtE,CAAC;QACD,MAAM,CAAC,IAAI,CAAC,GAAG,IAAI,4CAA4C,CAAC,CAAC;IACnE,CAAC;IAED,MAAM,SAAS,GAAI,KAAa,CAAC,UAAU,CAAC;IAC5C,IACE,SAAS,KAAK,SAAS;QACvB,CAAC,OAAO,SAAS,KAAK,QAAQ,IAAI,CAAC,uBAAuB,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC,EAC1E,CAAC;QACD,MAAM,CAAC,IAAI,CAAC,GAAG,IAAI,+BAA+B,CAAC,GAAG,uBAAuB,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAC/F,CAAC;IAED,MAAM,IAAI,GAAI,KAAa,CAAC,cAAc,CAAC;IAC3C,IAAI,IAAI,KAAK,SAAS,IAAI,CAAC,OAAO,IAAI,KAAK,QAAQ,IAAI,CAAC,qBAAqB,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,EAAE,CAAC;QACzF,MAAM,CAAC,IAAI,CAAC,GAAG,IAAI,mCAAmC,CAAC,GAAG,qBAAqB,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACjG,CAAC;IAED,IAAK,KAAa,CAAC,UAAU,KAAK,SAAS,EAAE,CAAC;QAC5C,IAAI,CAAC,aAAa,CAAE,KAAa,CAAC,UAAU,CAAC,EAAE,CAAC;YAC9C,MAAM,CAAC,IAAI,CAAC,GAAG,IAAI,+BAA+B,CAAC,CAAC;QACtD,CAAC;aAAM,CAAC;YACN,MAAM,EAAE,GAAI,KAAa,CAAC,UAAqC,CAAC;YAChE,MAAM,GAAG,GAAG,EAAE,CAAC,mBAAmB,CAAC;YACnC,MAAM,GAAG,GAAG,EAAE,CAAC,mBAAmB,CAAC;YACnC,IAAI,GAAG,KAAK,SAAS,IAAI,CAAC,CAAC,cAAc,CAAC,GAAG,CAAC,IAAI,GAAG,IAAI,CAAC,CAAC,EAAE,CAAC;gBAC5D,MAAM,CAAC,IAAI,CAAC,GAAG,IAAI,6CAA6C,CAAC,CAAC;YACpE,CAAC;YACD,IAAI,GAAG,KAAK,SAAS,IAAI,CAAC,CAAC,cAAc,CAAC,GAAG,CAAC,IAAI,GAAG,IAAI,CAAC,CAAC,EAAE,CAAC;gBAC5D,MAAM,CAAC,IAAI,CAAC,GAAG,IAAI,6CAA6C,CAAC,CAAC;YACpE,CAAC;YACD,IAAI,GAAG,KAAK,SAAS,IAAI,GAAG,KAAK,SAAS,EAAE,CAAC;gBAC3C,MAAM,CAAC,IAAI,CACT,GAAG,IAAI,iFAAiF,CACzF,CAAC;YACJ,CAAC;YACD,MAAM,KAAK,GAAG,EAAE,CAAC,KAAK,CAAC;YACvB,IACE,KAAK,KAAK,SAAS;gBACnB,CAAC,OAAO,KAAK,KAAK,QAAQ,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,KAAK,CAAC,IAAI,KAAK,GAAG,CAAC,CAAC,EACpE,CAAC;gBACD,MAAM,CAAC,IAAI,CAAC,GAAG,IAAI,gCAAgC,CAAC,CAAC;YACvD,CAAC;QACH,CAAC;IACH,CAAC;IAED,IAAK,KAAa,CAAC,KAAK,KAAK,SAAS,EAAE,CAAC;QACvC,IAAI,CAAC,aAAa,CAAE,KAAa,CAAC,KAAK,CAAC,EAAE,CAAC;YACzC,MAAM,CAAC,IAAI,CAAC,GAAG,IAAI,0BAA0B,CAAC,CAAC;QACjD,CAAC;aAAM,CAAC;YACN,MAAM,KAAK,GAAI,KAAa,CAAC,KAAgC,CAAC;YAC9D,MAAM,GAAG,GAAG,KAAK,CAAC,WAAW,CAAC;YAC9B,IAAI,GAAG,KAAK,SAAS,IAAI,CAAC,OAAO,GAAG,KAAK,QAAQ,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,GAAG,CAAC,IAAI,GAAG,GAAG,CAAC,CAAC,EAAE,CAAC;gBACxF,MAAM,CAAC,IAAI,CAAC,GAAG,IAAI,iCAAiC,CAAC,CAAC;YACxD,CAAC;YACD,MAAM,GAAG,GAAG,KAAK,CAAC,WAAW,CAAC;YAC9B,IAAI,GAAG,KAAK,SAAS,IAAI,CAAC,OAAO,GAAG,KAAK,QAAQ,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,GAAG,CAAC,IAAI,GAAG,GAAG,CAAC,CAAC,EAAE,CAAC;gBACxF,MAAM,CAAC,IAAI,CAAC,GAAG,IAAI,iCAAiC,CAAC,CAAC;YACxD,CAAC;QACH,CAAC;IACH,CAAC;IAED,IAAK,KAAa,CAAC,eAAe,KAAK,SAAS,EAAE,CAAC;QACjD,IAAI,CAAC,aAAa,CAAE,KAAa,CAAC,eAAe,CAAC,EAAE,CAAC;YACnD,MAAM,CAAC,IAAI,CAAC,GAAG,IAAI,oCAAoC,CAAC,CAAC;QAC3D,CAAC;aAAM,CAAC;YACN,MAAM,EAAE,GAAI,KAAa,CAAC,eAA0C,CAAC;YACrE,MAAM,CAAC,GAAG,EAAE,CAAC,iBAAiB,CAAC;YAC/B,IAAI,CAAC,KAAK,SAAS,IAAI,CAAC,OAAO,CAAC,KAAK,QAAQ,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC;gBAChF,MAAM,CAAC,IAAI,CAAC,GAAG,IAAI,iDAAiD,CAAC,CAAC;YACxE,CAAC;YACD,MAAM,KAAK,GAAG,EAAE,CAAC,gBAAgB,CAAC;YAClC,IACE,KAAK,KAAK,SAAS;gBACnB,CAAC,OAAO,KAAK,KAAK,QAAQ,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,KAAK,CAAC,IAAI,KAAK,GAAG,IAAI,CAAC,EACvE,CAAC;gBACD,MAAM,CAAC,IAAI,CAAC,GAAG,IAAI,mDAAmD,CAAC,CAAC;YAC1E,CAAC;YACD,MAAM,CAAC,GAAG,EAAE,CAAC,iBAAiB,CAAC;YAC/B,IAAI,CAAC,KAAK,SAAS,IAAI,CAAC,OAAO,CAAC,KAAK,QAAQ,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC;gBAChF,MAAM,CAAC,IAAI,CAAC,GAAG,IAAI,iDAAiD,CAAC,CAAC;YACxE,CAAC;QACH,CAAC;IACH,CAAC;IAED,IAAK,KAAa,CAAC,KAAK,KAAK,SAAS,EAAE,CAAC;QACvC,IAAI,CAAC,aAAa,CAAE,KAAa,CAAC,KAAK,CAAC,EAAE,CAAC;YACzC,MAAM,CAAC,IAAI,CAAC,GAAG,IAAI,0BAA0B,CAAC,CAAC;QACjD,CAAC;aAAM,CAAC;YACN,MAAM,KAAK,GAAI,KAAa,CAAC,KAAgC,CAAC;YAC9D,MAAM,IAAI,GAAG,KAAK,CAAC,UAAU,CAAC;YAC9B,IAAI,IAAI,KAAK,SAAS,IAAI,CAAC,CAAC,cAAc,CAAC,IAAI,CAAC,IAAI,IAAI,GAAG,CAAC,CAAC,EAAE,CAAC;gBAC9D,MAAM,CAAC,IAAI,CAAC,GAAG,IAAI,gCAAgC,CAAC,CAAC;YACvD,CAAC;YACD,MAAM,IAAI,GAAG,KAAK,CAAC,kBAAkB,CAAC;YACtC,IACE,IAAI,KAAK,SAAS;gBAClB,CAAC,OAAO,IAAI,KAAK,QAAQ,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,IAAI,CAAC,IAAI,IAAI,GAAG,GAAG,CAAC,EACnE,CAAC;gBACD,MAAM,CAAC,IAAI,CAAC,GAAG,IAAI,0CAA0C,CAAC,CAAC;YACjE,CAAC;YACD,MAAM,GAAG,GAAG,KAAK,CAAC,cAAc,CAAC;YACjC,IAAI,GAAG,KAAK,SAAS,IAAI,CAAC,OAAO,GAAG,KAAK,QAAQ,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,GAAG,CAAC,IAAI,GAAG,GAAG,GAAG,CAAC,EAAE,CAAC;gBAC1F,MAAM,CAAC,IAAI,CAAC,GAAG,IAAI,sCAAsC,CAAC,CAAC;YAC7D,CAAC;YACD,IAAI,OAAO,IAAI,KAAK,QAAQ,IAAI,OAAO,GAAG,KAAK,QAAQ,IAAI,GAAG,GAAG,IAAI,EAAE,CAAC;gBACtE,MAAM,CAAC,IAAI,CAAC,GAAG,IAAI,qDAAqD,CAAC,CAAC;YAC5E,CAAC;QACH,CAAC;IACH,CAAC;AACH,CAAC;AAED,SAAS,aAAa,CAAC,GAA4B,EAAE,KAAa,EAAE,MAAgB;IAClF,MAAM,GAAG,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;IAChD,MAAM,KAAK,GAAG,GAAG,CAAC,GAAG,CAAC,CAAC;IACvB,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE,CAAC;QACrD,MAAM,CAAC,IAAI,CAAC,GAAG,KAAK,kCAAkC,CAAC,CAAC;IAC1D,CAAC;AACH,CAAC;AAED,SAAS,oBAAoB,CAAC,KAAc,EAAE,IAAY,EAAE,MAAgB;IAC1E,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;QAC9B,KAAK,MAAM,KAAK,IAAI,KAAK,CAAC,QAAQ,CAAC,cAAc,CAAC,EAAE,CAAC;YACnD,MAAM,GAAG,GAAG,KAAK,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;YAC3B,MAAM,OAAO,GAAG,oBAAoB,CAAC,GAAG,CAAC,CAAC;YAC1C,IAAI,CAAC,OAAO,CAAC,EAAE,EAAE,CAAC;gBAChB,MAAM,CAAC,IAAI,CAAC,GAAG,IAAI,KAAK,OAAO,CAAC,KAAK,EAAE,CAAC,CAAC;gBACzC,SAAS;YACX,CAAC;YACD,IAAI,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,KAAK,CAAC,KAAK,SAAS,EAAE,CAAC;gBAC7C,MAAM,CAAC,IAAI,CAAC,GAAG,IAAI,kCAAkC,OAAO,CAAC,KAAK,EAAE,CAAC,CAAC;YACxE,CAAC;QACH,CAAC;QACD,OAAO;IACT,CAAC;IAED,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;QACzB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YACtC,oBAAoB,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,GAAG,IAAI,IAAI,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC;QAC1D,CAAC;QACD,OAAO;IACT,CAAC;IAED,IAAI,aAAa,CAAC,KAAK,CAAC,EAAE,CAAC;QACzB,KAAK,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;YAC3C,oBAAoB,CAAC,CAAC,EAAE,GAAG,IAAI,IAAI,CAAC,EAAE,EAAE,MAAM,CAAC,CAAC;QAClD,CAAC;IACH,CAAC;AACH,CAAC;AAED,SAAS,oBAAoB,CAC3B,GAAW;IAEX,IAAI,GAAG,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;QAC/B,MAAM,IAAI,GAAG,GAAG,CAAC,KAAK,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC;QAC1C,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,oCAAoC,EAAE,CAAC;QACpE,CAAC;QACD,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC;IACnC,CAAC;IACD,IAAI,CAAC,GAAG,EAAE,CAAC;QACT,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,4BAA4B,EAAE,CAAC;IAC5D,CAAC;IACD,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,GAAG,EAAE,CAAC;AAClC,CAAC;AAED,SAAS,cAAc,CAAC,KAAc;IACpC,OAAO,OAAO,KAAK,KAAK,QAAQ,IAAI,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;AAC7D,CAAC"}
|
package/dist/receipt/signer.d.ts
CHANGED
|
@@ -6,8 +6,8 @@
|
|
|
6
6
|
* to the Rust Ed25519 signing infrastructure for real cryptographic
|
|
7
7
|
* attestation.
|
|
8
8
|
*/
|
|
9
|
-
import type { Decision, PolicyEvent } from
|
|
10
|
-
import type { DecisionReceipt, ReceiptSignerConfig } from
|
|
9
|
+
import type { Decision, PolicyEvent } from "../types.js";
|
|
10
|
+
import type { DecisionReceipt, ReceiptSignerConfig } from "./types.js";
|
|
11
11
|
/**
|
|
12
12
|
* Creates structured receipt attestations for security decisions.
|
|
13
13
|
*
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"signer.d.ts","sourceRoot":"","sources":["../../src/receipt/signer.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAIH,OAAO,KAAK,EAAE,QAAQ,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AACzD,OAAO,KAAK,EAAE,eAAe,EAAE,mBAAmB,EAAE,MAAM,YAAY,CAAC;AASvE;;;;;;GAMG;AACH,qBAAa,aAAa;IACxB,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAgC;gBAE3C,MAAM,GAAE,mBAAwB;IAQ5C;;;;OAIG;IACH,aAAa,CACX,QAAQ,EAAE,QAAQ,EAClB,KAAK,EAAE,WAAW,EAClB,UAAU,EAAE,MAAM,GACjB,eAAe,GAAG,IAAI;
|
|
1
|
+
{"version":3,"file":"signer.d.ts","sourceRoot":"","sources":["../../src/receipt/signer.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAIH,OAAO,KAAK,EAAE,QAAQ,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AACzD,OAAO,KAAK,EAAE,eAAe,EAAE,mBAAmB,EAAE,MAAM,YAAY,CAAC;AASvE;;;;;;GAMG;AACH,qBAAa,aAAa;IACxB,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAgC;gBAE3C,MAAM,GAAE,mBAAwB;IAQ5C;;;;OAIG;IACH,aAAa,CACX,QAAQ,EAAE,QAAQ,EAClB,KAAK,EAAE,WAAW,EAClB,UAAU,EAAE,MAAM,GACjB,eAAe,GAAG,IAAI;IAiCzB;;;;OAIG;IACH,MAAM,CAAC,UAAU,CAAC,MAAM,EAAE,OAAO,GAAG,MAAM;IAK1C;;;;;;OAMG;IACH,MAAM,CAAC,MAAM,CAAC,OAAO,EAAE,eAAe,GAAG,OAAO;CASjD"}
|
package/dist/receipt/signer.js
CHANGED
|
@@ -6,12 +6,12 @@
|
|
|
6
6
|
* to the Rust Ed25519 signing infrastructure for real cryptographic
|
|
7
7
|
* attestation.
|
|
8
8
|
*/
|
|
9
|
-
import { createHash } from
|
|
9
|
+
import { createHash } from "node:crypto";
|
|
10
10
|
/** Default configuration values for receipt signing */
|
|
11
11
|
const DEFAULTS = {
|
|
12
12
|
enabled: true,
|
|
13
13
|
sign: false,
|
|
14
|
-
keyId:
|
|
14
|
+
keyId: "",
|
|
15
15
|
};
|
|
16
16
|
/**
|
|
17
17
|
* Creates structured receipt attestations for security decisions.
|
|
@@ -40,7 +40,7 @@ export class ReceiptSigner {
|
|
|
40
40
|
}
|
|
41
41
|
// Extract event metadata for the receipt envelope
|
|
42
42
|
const eventData = event.data;
|
|
43
|
-
const toolName = eventData.type ===
|
|
43
|
+
const toolName = eventData.type === "tool" ? eventData.toolName : undefined;
|
|
44
44
|
const resource = extractResource(eventData);
|
|
45
45
|
// TODO: When hush-wasm is integrated, this will produce real Ed25519
|
|
46
46
|
// signatures via SignedReceipt::sign() from hush-core. For now, we
|
|
@@ -60,7 +60,7 @@ export class ReceiptSigner {
|
|
|
60
60
|
resource,
|
|
61
61
|
},
|
|
62
62
|
signature: null,
|
|
63
|
-
algorithm:
|
|
63
|
+
algorithm: "EdDSA",
|
|
64
64
|
keyId: null,
|
|
65
65
|
};
|
|
66
66
|
}
|
|
@@ -71,7 +71,7 @@ export class ReceiptSigner {
|
|
|
71
71
|
*/
|
|
72
72
|
static hashPolicy(policy) {
|
|
73
73
|
const canonical = JSON.stringify(sortKeys(policy));
|
|
74
|
-
return createHash(
|
|
74
|
+
return createHash("sha256").update(canonical).digest("hex");
|
|
75
75
|
}
|
|
76
76
|
/**
|
|
77
77
|
* Verify a receipt signature.
|
|
@@ -101,7 +101,7 @@ function sortKeys(value) {
|
|
|
101
101
|
if (Array.isArray(value)) {
|
|
102
102
|
return value.map(sortKeys);
|
|
103
103
|
}
|
|
104
|
-
if (typeof value ===
|
|
104
|
+
if (typeof value === "object") {
|
|
105
105
|
const sorted = {};
|
|
106
106
|
for (const key of Object.keys(value).sort()) {
|
|
107
107
|
sorted[key] = sortKeys(value[key]);
|
|
@@ -115,17 +115,17 @@ function sortKeys(value) {
|
|
|
115
115
|
*/
|
|
116
116
|
function extractResource(data) {
|
|
117
117
|
switch (data.type) {
|
|
118
|
-
case
|
|
118
|
+
case "file":
|
|
119
119
|
return data.path;
|
|
120
|
-
case
|
|
120
|
+
case "network":
|
|
121
121
|
return data.url ?? data.host;
|
|
122
|
-
case
|
|
122
|
+
case "command":
|
|
123
123
|
return data.command;
|
|
124
|
-
case
|
|
124
|
+
case "tool":
|
|
125
125
|
return data.toolName;
|
|
126
|
-
case
|
|
126
|
+
case "patch":
|
|
127
127
|
return data.filePath;
|
|
128
|
-
case
|
|
128
|
+
case "secret":
|
|
129
129
|
return data.secretName;
|
|
130
130
|
default:
|
|
131
131
|
return undefined;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"signer.js","sourceRoot":"","sources":["../../src/receipt/signer.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AAKzC,uDAAuD;AACvD,MAAM,QAAQ,GAAkC;IAC9C,OAAO,EAAE,IAAI;IACb,IAAI,EAAE,KAAK;IACX,KAAK,EAAE,EAAE;CACV,CAAC;AAEF;;;;;;GAMG;AACH,MAAM,OAAO,aAAa;IACP,MAAM,CAAgC;IAEvD,YAAY,SAA8B,EAAE;QAC1C,IAAI,CAAC,MAAM,GAAG;YACZ,OAAO,EAAE,MAAM,CAAC,OAAO,IAAI,QAAQ,CAAC,OAAO;YAC3C,IAAI,EAAE,MAAM,CAAC,IAAI,IAAI,QAAQ,CAAC,IAAI;YAClC,KAAK,EAAE,MAAM,CAAC,KAAK,IAAI,QAAQ,CAAC,KAAK;SACtC,CAAC;IACJ,CAAC;IAED;;;;OAIG;IACH,aAAa,CACX,QAAkB,EAClB,KAAkB,EAClB,UAAkB;QAElB,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;YACzB,OAAO,IAAI,CAAC;QACd,CAAC;QAED,kDAAkD;QAClD,MAAM,SAAS,GAAG,KAAK,CAAC,IAAI,CAAC;QAC7B,MAAM,QAAQ,
|
|
1
|
+
{"version":3,"file":"signer.js","sourceRoot":"","sources":["../../src/receipt/signer.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AAKzC,uDAAuD;AACvD,MAAM,QAAQ,GAAkC;IAC9C,OAAO,EAAE,IAAI;IACb,IAAI,EAAE,KAAK;IACX,KAAK,EAAE,EAAE;CACV,CAAC;AAEF;;;;;;GAMG;AACH,MAAM,OAAO,aAAa;IACP,MAAM,CAAgC;IAEvD,YAAY,SAA8B,EAAE;QAC1C,IAAI,CAAC,MAAM,GAAG;YACZ,OAAO,EAAE,MAAM,CAAC,OAAO,IAAI,QAAQ,CAAC,OAAO;YAC3C,IAAI,EAAE,MAAM,CAAC,IAAI,IAAI,QAAQ,CAAC,IAAI;YAClC,KAAK,EAAE,MAAM,CAAC,KAAK,IAAI,QAAQ,CAAC,KAAK;SACtC,CAAC;IACJ,CAAC;IAED;;;;OAIG;IACH,aAAa,CACX,QAAkB,EAClB,KAAkB,EAClB,UAAkB;QAElB,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;YACzB,OAAO,IAAI,CAAC;QACd,CAAC;QAED,kDAAkD;QAClD,MAAM,SAAS,GAAG,KAAK,CAAC,IAAI,CAAC;QAC7B,MAAM,QAAQ,GAAG,SAAS,CAAC,IAAI,KAAK,MAAM,CAAC,CAAC,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC,CAAC,SAAS,CAAC;QAC5E,MAAM,QAAQ,GAAG,eAAe,CAAC,SAAS,CAAC,CAAC;QAE5C,qEAAqE;QACrE,mEAAmE;QACnE,gEAAgE;QAChE,OAAO;YACL,EAAE,EAAE,MAAM,CAAC,UAAU,EAAE;YACvB,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YACnC,UAAU;YACV,QAAQ,EAAE;gBACR,MAAM,EAAE,QAAQ,CAAC,MAAM;gBACvB,KAAK,EAAE,QAAQ,CAAC,KAAK;gBACrB,MAAM,EAAE,QAAQ,CAAC,MAAM;aACxB;YACD,KAAK,EAAE;gBACL,IAAI,EAAE,KAAK,CAAC,SAAS;gBACrB,QAAQ;gBACR,QAAQ;aACT;YACD,SAAS,EAAE,IAAI;YACf,SAAS,EAAE,OAAO;YAClB,KAAK,EAAE,IAAI;SACZ,CAAC;IACJ,CAAC;IAED;;;;OAIG;IACH,MAAM,CAAC,UAAU,CAAC,MAAe;QAC/B,MAAM,SAAS,GAAG,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC;QACnD,OAAO,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IAC9D,CAAC;IAED;;;;;;OAMG;IACH,MAAM,CAAC,MAAM,CAAC,OAAwB;QACpC,IAAI,OAAO,CAAC,SAAS,KAAK,IAAI,EAAE,CAAC;YAC/B,OAAO,IAAI,CAAC;QACd,CAAC;QAED,mEAAmE;QACnE,8DAA8D;QAC9D,OAAO,KAAK,CAAC;IACf,CAAC;CACF;AAED;;;;GAIG;AACH,SAAS,QAAQ,CAAC,KAAc;IAC9B,IAAI,KAAK,KAAK,IAAI,IAAI,KAAK,KAAK,SAAS,EAAE,CAAC;QAC1C,OAAO,KAAK,CAAC;IACf,CAAC;IACD,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;QACzB,OAAO,KAAK,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;IAC7B,CAAC;IACD,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;QAC9B,MAAM,MAAM,GAA4B,EAAE,CAAC;QAC3C,KAAK,MAAM,GAAG,IAAI,MAAM,CAAC,IAAI,CAAC,KAAgC,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC;YACvE,MAAM,CAAC,GAAG,CAAC,GAAG,QAAQ,CAAE,KAAiC,CAAC,GAAG,CAAC,CAAC,CAAC;QAClE,CAAC;QACD,OAAO,MAAM,CAAC;IAChB,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;GAEG;AACH,SAAS,eAAe,CAAC,IAAyB;IAChD,QAAQ,IAAI,CAAC,IAAI,EAAE,CAAC;QAClB,KAAK,MAAM;YACT,OAAO,IAAI,CAAC,IAAI,CAAC;QACnB,KAAK,SAAS;YACZ,OAAO,IAAI,CAAC,GAAG,IAAI,IAAI,CAAC,IAAI,CAAC;QAC/B,KAAK,SAAS;YACZ,OAAO,IAAI,CAAC,OAAO,CAAC;QACtB,KAAK,MAAM;YACT,OAAO,IAAI,CAAC,QAAQ,CAAC;QACvB,KAAK,OAAO;YACV,OAAO,IAAI,CAAC,QAAQ,CAAC;QACvB,KAAK,QAAQ;YACX,OAAO,IAAI,CAAC,UAAU,CAAC;QACzB;YACE,OAAO,SAAS,CAAC;IACrB,CAAC;AACH,CAAC"}
|
package/dist/receipt/types.d.ts
CHANGED
|
@@ -21,7 +21,7 @@ export interface DecisionReceipt {
|
|
|
21
21
|
policyHash: string;
|
|
22
22
|
/** The decision that was made */
|
|
23
23
|
decision: {
|
|
24
|
-
status:
|
|
24
|
+
status: "allow" | "warn" | "deny" | "sanitize";
|
|
25
25
|
guard?: string;
|
|
26
26
|
reason?: string;
|
|
27
27
|
};
|
|
@@ -34,7 +34,7 @@ export interface DecisionReceipt {
|
|
|
34
34
|
/** Ed25519 signature in JWS compact format (null when unsigned) */
|
|
35
35
|
signature: string | null;
|
|
36
36
|
/** Signing algorithm (always 'EdDSA' for Ed25519) */
|
|
37
|
-
algorithm:
|
|
37
|
+
algorithm: "EdDSA";
|
|
38
38
|
/** Public key identifier (null when unsigned) */
|
|
39
39
|
keyId: string | null;
|
|
40
40
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/receipt/types.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH;;;;;;GAMG;AACH,MAAM,WAAW,eAAe;IAC9B,gCAAgC;IAChC,EAAE,EAAE,MAAM,CAAC;IACX,yDAAyD;IACzD,SAAS,EAAE,MAAM,CAAC;IAClB,uDAAuD;IACvD,UAAU,EAAE,MAAM,CAAC;IACnB,iCAAiC;IACjC,QAAQ,EAAE;QACR,MAAM,EAAE,OAAO,GAAG,MAAM,GAAG,MAAM,CAAC;
|
|
1
|
+
{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/receipt/types.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH;;;;;;GAMG;AACH,MAAM,WAAW,eAAe;IAC9B,gCAAgC;IAChC,EAAE,EAAE,MAAM,CAAC;IACX,yDAAyD;IACzD,SAAS,EAAE,MAAM,CAAC;IAClB,uDAAuD;IACvD,UAAU,EAAE,MAAM,CAAC;IACnB,iCAAiC;IACjC,QAAQ,EAAE;QACR,MAAM,EAAE,OAAO,GAAG,MAAM,GAAG,MAAM,GAAG,UAAU,CAAC;QAC/C,KAAK,CAAC,EAAE,MAAM,CAAC;QACf,MAAM,CAAC,EAAE,MAAM,CAAC;KACjB,CAAC;IACF,wCAAwC;IACxC,KAAK,EAAE;QACL,IAAI,EAAE,MAAM,CAAC;QACb,QAAQ,CAAC,EAAE,MAAM,CAAC;QAClB,QAAQ,CAAC,EAAE,MAAM,CAAC;KACnB,CAAC;IACF,mEAAmE;IACnE,SAAS,EAAE,MAAM,GAAG,IAAI,CAAC;IACzB,qDAAqD;IACrD,SAAS,EAAE,OAAO,CAAC;IACnB,iDAAiD;IACjD,KAAK,EAAE,MAAM,GAAG,IAAI,CAAC;CACtB;AAED,wCAAwC;AACxC,MAAM,WAAW,mBAAmB;IAClC,mDAAmD;IACnD,OAAO,CAAC,EAAE,OAAO,CAAC;IAClB,yFAAyF;IACzF,IAAI,CAAC,EAAE,OAAO,CAAC;IACf,iCAAiC;IACjC,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB"}
|
|
@@ -5,7 +5,7 @@
|
|
|
5
5
|
* - Never returns raw match text
|
|
6
6
|
* - Uses stable placeholder labels
|
|
7
7
|
*/
|
|
8
|
-
export type SanitizationFindingId =
|
|
8
|
+
export type SanitizationFindingId = "pii_email" | "pii_phone" | "pii_ssn" | "pii_credit_card";
|
|
9
9
|
export interface SanitizationResult {
|
|
10
10
|
sanitized: string;
|
|
11
11
|
redacted: boolean;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"output-sanitizer.d.ts","sourceRoot":"","sources":["../../src/sanitizer/output-sanitizer.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,MAAM,MAAM,qBAAqB,
|
|
1
|
+
{"version":3,"file":"output-sanitizer.d.ts","sourceRoot":"","sources":["../../src/sanitizer/output-sanitizer.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,MAAM,MAAM,qBAAqB,GAAG,WAAW,GAAG,WAAW,GAAG,SAAS,GAAG,iBAAiB,CAAC;AAE9F,MAAM,WAAW,kBAAkB;IACjC,SAAS,EAAE,MAAM,CAAC;IAClB,QAAQ,EAAE,OAAO,CAAC;IAClB,QAAQ,EAAE,qBAAqB,EAAE,CAAC;CACnC;AAiBD,wBAAgB,kBAAkB,CAAC,IAAI,EAAE,MAAM,GAAG,kBAAkB,CAyBnE"}
|
|
@@ -22,22 +22,22 @@ function redactAll(re, input, replacement) {
|
|
|
22
22
|
export function sanitizeOutputText(text) {
|
|
23
23
|
let out = text;
|
|
24
24
|
const findings = [];
|
|
25
|
-
const email = redactAll(EMAIL_RE, out,
|
|
25
|
+
const email = redactAll(EMAIL_RE, out, "[REDACTED:email]");
|
|
26
26
|
out = email.out;
|
|
27
27
|
if (email.hit)
|
|
28
|
-
findings.push(
|
|
29
|
-
const phone = redactAll(PHONE_RE, out,
|
|
28
|
+
findings.push("pii_email");
|
|
29
|
+
const phone = redactAll(PHONE_RE, out, "[REDACTED:phone]");
|
|
30
30
|
out = phone.out;
|
|
31
31
|
if (phone.hit)
|
|
32
|
-
findings.push(
|
|
33
|
-
const ssn = redactAll(SSN_RE, out,
|
|
32
|
+
findings.push("pii_phone");
|
|
33
|
+
const ssn = redactAll(SSN_RE, out, "[REDACTED:ssn]");
|
|
34
34
|
out = ssn.out;
|
|
35
35
|
if (ssn.hit)
|
|
36
|
-
findings.push(
|
|
37
|
-
const cc = redactAll(CREDIT_CARD_RE, out,
|
|
36
|
+
findings.push("pii_ssn");
|
|
37
|
+
const cc = redactAll(CREDIT_CARD_RE, out, "[REDACTED:credit_card]");
|
|
38
38
|
out = cc.out;
|
|
39
39
|
if (cc.hit)
|
|
40
|
-
findings.push(
|
|
40
|
+
findings.push("pii_credit_card");
|
|
41
41
|
return {
|
|
42
42
|
sanitized: out,
|
|
43
43
|
redacted: findings.length > 0,
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"output-sanitizer.js","sourceRoot":"","sources":["../../src/sanitizer/output-sanitizer.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;
|
|
1
|
+
{"version":3,"file":"output-sanitizer.js","sourceRoot":"","sources":["../../src/sanitizer/output-sanitizer.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAUH,MAAM,QAAQ,GAAG,6CAA6C,CAAC;AAC/D,MAAM,QAAQ,GAAG,4EAA4E,CAAC;AAC9F,MAAM,MAAM,GAAG,iCAAiC,CAAC;AACjD,MAAM,cAAc,GAAG,6BAA6B,CAAC;AAErD,SAAS,SAAS,CAAC,EAAU,EAAE,KAAa,EAAE,WAAmB;IAC/D,EAAE,CAAC,SAAS,GAAG,CAAC,CAAC;IACjB,MAAM,GAAG,GAAG,EAAE,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IAC3B,EAAE,CAAC,SAAS,GAAG,CAAC,CAAC;IACjB,IAAI,CAAC,GAAG;QAAE,OAAO,EAAE,GAAG,EAAE,KAAK,EAAE,GAAG,EAAE,KAAK,EAAE,CAAC;IAC5C,MAAM,GAAG,GAAG,KAAK,CAAC,OAAO,CAAC,EAAE,EAAE,WAAW,CAAC,CAAC;IAC3C,EAAE,CAAC,SAAS,GAAG,CAAC,CAAC;IACjB,OAAO,EAAE,GAAG,EAAE,GAAG,EAAE,IAAI,EAAE,CAAC;AAC5B,CAAC;AAED,MAAM,UAAU,kBAAkB,CAAC,IAAY;IAC7C,IAAI,GAAG,GAAG,IAAI,CAAC;IACf,MAAM,QAAQ,GAA4B,EAAE,CAAC;IAE7C,MAAM,KAAK,GAAG,SAAS,CAAC,QAAQ,EAAE,GAAG,EAAE,kBAAkB,CAAC,CAAC;IAC3D,GAAG,GAAG,KAAK,CAAC,GAAG,CAAC;IAChB,IAAI,KAAK,CAAC,GAAG;QAAE,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;IAE1C,MAAM,KAAK,GAAG,SAAS,CAAC,QAAQ,EAAE,GAAG,EAAE,kBAAkB,CAAC,CAAC;IAC3D,GAAG,GAAG,KAAK,CAAC,GAAG,CAAC;IAChB,IAAI,KAAK,CAAC,GAAG;QAAE,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;IAE1C,MAAM,GAAG,GAAG,SAAS,CAAC,MAAM,EAAE,GAAG,EAAE,gBAAgB,CAAC,CAAC;IACrD,GAAG,GAAG,GAAG,CAAC,GAAG,CAAC;IACd,IAAI,GAAG,CAAC,GAAG;QAAE,QAAQ,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;IAEtC,MAAM,EAAE,GAAG,SAAS,CAAC,cAAc,EAAE,GAAG,EAAE,wBAAwB,CAAC,CAAC;IACpE,GAAG,GAAG,EAAE,CAAC,GAAG,CAAC;IACb,IAAI,EAAE,CAAC,GAAG;QAAE,QAAQ,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAC;IAE7C,OAAO;QACL,SAAS,EAAE,GAAG;QACd,QAAQ,EAAE,QAAQ,CAAC,MAAM,GAAG,CAAC;QAC7B,QAAQ;KACT,CAAC;AACJ,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"security-prompt.d.ts","sourceRoot":"","sources":["../src/security-prompt.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,YAAY,CAAC;AAEzC,wBAAgB,sBAAsB,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,
|
|
1
|
+
{"version":3,"file":"security-prompt.d.ts","sourceRoot":"","sources":["../src/security-prompt.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,YAAY,CAAC;AAEzC,wBAAgB,sBAAsB,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,CAkF7D"}
|
package/dist/security-prompt.js
CHANGED
|
@@ -6,13 +6,13 @@ Your tool use is subject to clawdstrike guardrails at the tool boundary (not an
|
|
|
6
6
|
// Network Access section
|
|
7
7
|
sections.push(`
|
|
8
8
|
## Network Access`);
|
|
9
|
-
if (policy.egress?.mode ===
|
|
10
|
-
sections.push(`- Only these domains are allowed: ${policy.egress.allowed_domains.join(
|
|
9
|
+
if (policy.egress?.mode === "allowlist" && policy.egress.allowed_domains?.length) {
|
|
10
|
+
sections.push(`- Only these domains are allowed: ${policy.egress.allowed_domains.join(", ")}`);
|
|
11
11
|
}
|
|
12
|
-
else if (policy.egress?.mode ===
|
|
13
|
-
sections.push(`- These domains are blocked: ${policy.egress.denied_domains.join(
|
|
12
|
+
else if (policy.egress?.mode === "denylist" && policy.egress.denied_domains?.length) {
|
|
13
|
+
sections.push(`- These domains are blocked: ${policy.egress.denied_domains.join(", ")}`);
|
|
14
14
|
}
|
|
15
|
-
else if (policy.egress?.mode ===
|
|
15
|
+
else if (policy.egress?.mode === "deny_all") {
|
|
16
16
|
sections.push(`- All network access is BLOCKED`);
|
|
17
17
|
}
|
|
18
18
|
else {
|
|
@@ -31,7 +31,7 @@ Your tool use is subject to clawdstrike guardrails at the tool boundary (not an
|
|
|
31
31
|
sections.push(`- Default protected paths: ~/.ssh, ~/.aws, ~/.gnupg, .env files`);
|
|
32
32
|
}
|
|
33
33
|
if (policy.filesystem?.allowed_write_roots?.length) {
|
|
34
|
-
sections.push(`- Writes are only allowed in: ${policy.filesystem.allowed_write_roots.join(
|
|
34
|
+
sections.push(`- Writes are only allowed in: ${policy.filesystem.allowed_write_roots.join(", ")}`);
|
|
35
35
|
}
|
|
36
36
|
// Security Tools section
|
|
37
37
|
sections.push(`
|
|
@@ -47,11 +47,15 @@ policy_check({ action: "file_write", resource: "/etc/passwd" })
|
|
|
47
47
|
-> { status: "deny", guard: "forbidden_path", reason: "Forbidden path match: /etc/passwd" }
|
|
48
48
|
\`\`\``);
|
|
49
49
|
// Violation Handling section
|
|
50
|
-
const blockAction = policy.on_violation ===
|
|
51
|
-
|
|
52
|
-
|
|
53
|
-
|
|
54
|
-
|
|
50
|
+
const blockAction = policy.on_violation === "cancel"
|
|
51
|
+
? "BLOCKED"
|
|
52
|
+
: policy.on_violation === "warn"
|
|
53
|
+
? "logged with a warning"
|
|
54
|
+
: policy.on_violation === "isolate"
|
|
55
|
+
? "ISOLATED"
|
|
56
|
+
: policy.on_violation === "escalate"
|
|
57
|
+
? "ESCALATED"
|
|
58
|
+
: "logged";
|
|
55
59
|
sections.push(`
|
|
56
60
|
## Violation Handling
|
|
57
61
|
When a security violation occurs:
|
|
@@ -65,6 +69,6 @@ When a security violation occurs:
|
|
|
65
69
|
- Use known package registries (npm, pypi, crates.io)
|
|
66
70
|
- Never attempt to access credentials or keys
|
|
67
71
|
- When unsure, use \`policy_check\` first`);
|
|
68
|
-
return sections.join(
|
|
72
|
+
return sections.join("\n");
|
|
69
73
|
}
|
|
70
74
|
//# sourceMappingURL=security-prompt.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"security-prompt.js","sourceRoot":"","sources":["../src/security-prompt.ts"],"names":[],"mappings":"AAEA,MAAM,UAAU,sBAAsB,CAAC,MAAc;IACnD,MAAM,QAAQ,GAAa,EAAE,CAAC;IAE9B,QAAQ,CAAC,IAAI,CAAC;;8HAE8G,CAAC,CAAC;IAE9H,yBAAyB;IACzB,QAAQ,CAAC,IAAI,CAAC;kBACE,CAAC,CAAC;IAElB,IAAI,MAAM,CAAC,MAAM,EAAE,IAAI,KAAK,WAAW,IAAI,MAAM,CAAC,MAAM,CAAC,eAAe,EAAE,MAAM,EAAE,CAAC;QACjF,QAAQ,CAAC,IAAI,CAAC,qCAAqC,MAAM,CAAC,MAAM,CAAC,eAAe,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACjG,CAAC;SAAM,IAAI,MAAM,CAAC,MAAM,EAAE,IAAI,KAAK,UAAU,IAAI,MAAM,CAAC,MAAM,CAAC,cAAc,EAAE,MAAM,EAAE,CAAC;QACtF,QAAQ,CAAC,IAAI,CAAC,gCAAgC,MAAM,CAAC,MAAM,CAAC,cAAc,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAC3F,CAAC;SAAM,IAAI,MAAM,CAAC,MAAM,EAAE,IAAI,KAAK,UAAU,EAAE,CAAC;QAC9C,QAAQ,CAAC,IAAI,CAAC,iCAAiC,CAAC,CAAC;IACnD,CAAC;SAAM,CAAC;QACN,QAAQ,CAAC,IAAI,CAAC,yCAAyC,CAAC,CAAC;IAC3D,CAAC;IAED,0BAA0B;IAC1B,QAAQ,CAAC,IAAI,CAAC;mBACG,CAAC,CAAC;IAEnB,IAAI,MAAM,CAAC,UAAU,EAAE,eAAe,EAAE,MAAM,EAAE,CAAC;QAC/C,QAAQ,CAAC,IAAI,CAAC,kDAAkD,CAAC,CAAC;QAClE,KAAK,MAAM,IAAI,IAAI,MAAM,CAAC,UAAU,CAAC,eAAe,EAAE,CAAC;YACrD,QAAQ,CAAC,IAAI,CAAC,OAAO,IAAI,EAAE,CAAC,CAAC;QAC/B,CAAC;IACH,CAAC;SAAM,CAAC;QACN,QAAQ,CAAC,IAAI,CAAC,iEAAiE,CAAC,CAAC;IACnF,CAAC;IAED,IAAI,MAAM,CAAC,UAAU,EAAE,mBAAmB,EAAE,MAAM,EAAE,CAAC;QACnD,QAAQ,CAAC,IAAI,
|
|
1
|
+
{"version":3,"file":"security-prompt.js","sourceRoot":"","sources":["../src/security-prompt.ts"],"names":[],"mappings":"AAEA,MAAM,UAAU,sBAAsB,CAAC,MAAc;IACnD,MAAM,QAAQ,GAAa,EAAE,CAAC;IAE9B,QAAQ,CAAC,IAAI,CAAC;;8HAE8G,CAAC,CAAC;IAE9H,yBAAyB;IACzB,QAAQ,CAAC,IAAI,CAAC;kBACE,CAAC,CAAC;IAElB,IAAI,MAAM,CAAC,MAAM,EAAE,IAAI,KAAK,WAAW,IAAI,MAAM,CAAC,MAAM,CAAC,eAAe,EAAE,MAAM,EAAE,CAAC;QACjF,QAAQ,CAAC,IAAI,CAAC,qCAAqC,MAAM,CAAC,MAAM,CAAC,eAAe,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACjG,CAAC;SAAM,IAAI,MAAM,CAAC,MAAM,EAAE,IAAI,KAAK,UAAU,IAAI,MAAM,CAAC,MAAM,CAAC,cAAc,EAAE,MAAM,EAAE,CAAC;QACtF,QAAQ,CAAC,IAAI,CAAC,gCAAgC,MAAM,CAAC,MAAM,CAAC,cAAc,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAC3F,CAAC;SAAM,IAAI,MAAM,CAAC,MAAM,EAAE,IAAI,KAAK,UAAU,EAAE,CAAC;QAC9C,QAAQ,CAAC,IAAI,CAAC,iCAAiC,CAAC,CAAC;IACnD,CAAC;SAAM,CAAC;QACN,QAAQ,CAAC,IAAI,CAAC,yCAAyC,CAAC,CAAC;IAC3D,CAAC;IAED,0BAA0B;IAC1B,QAAQ,CAAC,IAAI,CAAC;mBACG,CAAC,CAAC;IAEnB,IAAI,MAAM,CAAC,UAAU,EAAE,eAAe,EAAE,MAAM,EAAE,CAAC;QAC/C,QAAQ,CAAC,IAAI,CAAC,kDAAkD,CAAC,CAAC;QAClE,KAAK,MAAM,IAAI,IAAI,MAAM,CAAC,UAAU,CAAC,eAAe,EAAE,CAAC;YACrD,QAAQ,CAAC,IAAI,CAAC,OAAO,IAAI,EAAE,CAAC,CAAC;QAC/B,CAAC;IACH,CAAC;SAAM,CAAC;QACN,QAAQ,CAAC,IAAI,CAAC,iEAAiE,CAAC,CAAC;IACnF,CAAC;IAED,IAAI,MAAM,CAAC,UAAU,EAAE,mBAAmB,EAAE,MAAM,EAAE,CAAC;QACnD,QAAQ,CAAC,IAAI,CACX,iCAAiC,MAAM,CAAC,UAAU,CAAC,mBAAmB,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CACpF,CAAC;IACJ,CAAC;IAED,yBAAyB;IACzB,QAAQ,CAAC,IAAI,CAAC;;;;;;;;;;;OAWT,CAAC,CAAC;IAEP,6BAA6B;IAC7B,MAAM,WAAW,GACf,MAAM,CAAC,YAAY,KAAK,QAAQ;QAC9B,CAAC,CAAC,SAAS;QACX,CAAC,CAAC,MAAM,CAAC,YAAY,KAAK,MAAM;YAC9B,CAAC,CAAC,uBAAuB;YACzB,CAAC,CAAC,MAAM,CAAC,YAAY,KAAK,SAAS;gBACjC,CAAC,CAAC,UAAU;gBACZ,CAAC,CAAC,MAAM,CAAC,YAAY,KAAK,UAAU;oBAClC,CAAC,CAAC,WAAW;oBACb,CAAC,CAAC,QAAQ,CAAC;IAErB,QAAQ,CAAC,IAAI,CAAC;;;2BAGW,WAAW;;wDAEkB,CAAC,CAAC;IAExD,eAAe;IACf,QAAQ,CAAC,IAAI,CAAC;;;;;0CAK0B,CAAC,CAAC;IAE1C,OAAO,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC7B,CAAC"}
|
|
@@ -1,6 +1,6 @@
|
|
|
1
|
-
import
|
|
2
|
-
import {
|
|
3
|
-
export type PolicyCheckAction =
|
|
1
|
+
import { PolicyEngine } from "../policy/engine.js";
|
|
2
|
+
import type { ClawdstrikeConfig, Decision, ToolDefinition } from "../types.js";
|
|
3
|
+
export type PolicyCheckAction = "file_read" | "file_write" | "network" | "network_egress" | "command" | "command_exec" | "tool_call";
|
|
4
4
|
export type PolicyCheckResult = Decision & {
|
|
5
5
|
message: string;
|
|
6
6
|
suggestion?: string;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"policy-check.d.ts","sourceRoot":"","sources":["../../src/tools/policy-check.ts"],"names":[],"mappings":"AAAA,OAAO,
|
|
1
|
+
{"version":3,"file":"policy-check.d.ts","sourceRoot":"","sources":["../../src/tools/policy-check.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,MAAM,qBAAqB,CAAC;AACnD,OAAO,KAAK,EAAE,iBAAiB,EAAE,QAAQ,EAAe,cAAc,EAAE,MAAM,aAAa,CAAC;AAE5F,MAAM,MAAM,iBAAiB,GACzB,WAAW,GACX,YAAY,GACZ,SAAS,GACT,gBAAgB,GAChB,SAAS,GACT,cAAc,GACd,WAAW,CAAC;AAEhB,MAAM,MAAM,iBAAiB,GAAG,QAAQ,GAAG;IACzC,OAAO,EAAE,MAAM,CAAC;IAChB,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB,CAAC;AA2FF,wBAAsB,WAAW,CAC/B,MAAM,EAAE,iBAAiB,EACzB,MAAM,EAAE,iBAAiB,EACzB,QAAQ,EAAE,MAAM,GACf,OAAO,CAAC,iBAAiB,CAAC,CAS5B;AAED,wBAAgB,eAAe,CAAC,MAAM,EAAE,YAAY,GAAG,cAAc,CAgCpE"}
|
|
@@ -1,12 +1,16 @@
|
|
|
1
|
-
import { PolicyEngine } from
|
|
1
|
+
import { PolicyEngine } from "../policy/engine.js";
|
|
2
2
|
function parseNetworkTarget(target) {
|
|
3
3
|
const trimmed = target.trim();
|
|
4
4
|
if (!trimmed)
|
|
5
|
-
return { host:
|
|
5
|
+
return { host: "", port: 0 };
|
|
6
6
|
const tryParse = (value) => {
|
|
7
7
|
try {
|
|
8
8
|
const parsed = new URL(value);
|
|
9
|
-
const port = parsed.port
|
|
9
|
+
const port = parsed.port
|
|
10
|
+
? Number.parseInt(parsed.port, 10)
|
|
11
|
+
: parsed.protocol === "http:"
|
|
12
|
+
? 80
|
|
13
|
+
: 443;
|
|
10
14
|
return { host: parsed.hostname, port, url: value };
|
|
11
15
|
}
|
|
12
16
|
catch {
|
|
@@ -14,125 +18,129 @@ function parseNetworkTarget(target) {
|
|
|
14
18
|
}
|
|
15
19
|
};
|
|
16
20
|
return (tryParse(trimmed) ??
|
|
17
|
-
tryParse(`https://${trimmed}`) ??
|
|
18
|
-
{ host: trimmed.split('/')[0] ?? trimmed, port: 443 });
|
|
21
|
+
tryParse(`https://${trimmed}`) ?? { host: trimmed.split("/")[0] ?? trimmed, port: 443 });
|
|
19
22
|
}
|
|
20
23
|
function buildEvent(action, resource) {
|
|
21
24
|
const now = new Date();
|
|
22
25
|
const eventId = `policy-check-${now.getTime()}-${Math.random().toString(36).slice(2, 8)}`;
|
|
23
26
|
const timestamp = now.toISOString();
|
|
24
27
|
switch (action) {
|
|
25
|
-
case
|
|
28
|
+
case "file_read":
|
|
26
29
|
return {
|
|
27
30
|
eventId,
|
|
28
|
-
eventType:
|
|
31
|
+
eventType: "file_read",
|
|
29
32
|
timestamp,
|
|
30
|
-
data: { type:
|
|
33
|
+
data: { type: "file", path: resource, operation: "read" },
|
|
31
34
|
};
|
|
32
|
-
case
|
|
35
|
+
case "file_write":
|
|
33
36
|
return {
|
|
34
37
|
eventId,
|
|
35
|
-
eventType:
|
|
38
|
+
eventType: "file_write",
|
|
36
39
|
timestamp,
|
|
37
|
-
data: { type:
|
|
40
|
+
data: { type: "file", path: resource, operation: "write" },
|
|
38
41
|
};
|
|
39
|
-
case
|
|
40
|
-
case
|
|
42
|
+
case "network":
|
|
43
|
+
case "network_egress": {
|
|
41
44
|
const { host, port, url } = parseNetworkTarget(resource);
|
|
42
45
|
return {
|
|
43
46
|
eventId,
|
|
44
|
-
eventType:
|
|
47
|
+
eventType: "network_egress",
|
|
45
48
|
timestamp,
|
|
46
|
-
data: { type:
|
|
49
|
+
data: { type: "network", host, port, url },
|
|
47
50
|
};
|
|
48
51
|
}
|
|
49
|
-
case
|
|
50
|
-
case
|
|
52
|
+
case "command":
|
|
53
|
+
case "command_exec": {
|
|
51
54
|
const parts = resource.trim().split(/\s+/).filter(Boolean);
|
|
52
55
|
const [command, ...args] = parts;
|
|
53
56
|
return {
|
|
54
57
|
eventId,
|
|
55
|
-
eventType:
|
|
58
|
+
eventType: "command_exec",
|
|
56
59
|
timestamp,
|
|
57
|
-
data: { type:
|
|
60
|
+
data: { type: "command", command: command ?? "", args },
|
|
58
61
|
};
|
|
59
62
|
}
|
|
60
|
-
case
|
|
63
|
+
case "tool_call":
|
|
61
64
|
default:
|
|
62
65
|
return {
|
|
63
66
|
eventId,
|
|
64
|
-
eventType:
|
|
67
|
+
eventType: "tool_call",
|
|
65
68
|
timestamp,
|
|
66
|
-
data: { type:
|
|
69
|
+
data: { type: "tool", toolName: resource, parameters: {} },
|
|
67
70
|
};
|
|
68
71
|
}
|
|
69
72
|
}
|
|
70
73
|
function formatDecision(decision) {
|
|
71
|
-
if (decision.status ===
|
|
72
|
-
const guard = decision.guard ? ` by ${decision.guard}` :
|
|
73
|
-
const reason = decision.reason ? `: ${decision.reason}` :
|
|
74
|
+
if (decision.status === "deny") {
|
|
75
|
+
const guard = decision.guard ? ` by ${decision.guard}` : "";
|
|
76
|
+
const reason = decision.reason ? `: ${decision.reason}` : "";
|
|
74
77
|
return `Denied${guard}${reason}`;
|
|
75
78
|
}
|
|
76
|
-
if (decision.status ===
|
|
77
|
-
const msg = decision.message ?? decision.reason ??
|
|
79
|
+
if (decision.status === "warn") {
|
|
80
|
+
const msg = decision.message ?? decision.reason ?? "Policy warning";
|
|
78
81
|
return `Warning: ${msg}`;
|
|
79
82
|
}
|
|
80
|
-
return
|
|
83
|
+
return "Action allowed";
|
|
81
84
|
}
|
|
82
85
|
export async function checkPolicy(config, action, resource) {
|
|
83
86
|
const engine = new PolicyEngine(config);
|
|
84
87
|
const event = buildEvent(action, resource);
|
|
85
88
|
const decision = await engine.evaluate(event);
|
|
86
|
-
return {
|
|
89
|
+
return {
|
|
90
|
+
...decision,
|
|
91
|
+
message: formatDecision(decision),
|
|
92
|
+
suggestion: decision.status === "deny" ? getSuggestion(action, resource) : undefined,
|
|
93
|
+
};
|
|
87
94
|
}
|
|
88
95
|
export function policyCheckTool(engine) {
|
|
89
96
|
return {
|
|
90
|
-
name:
|
|
91
|
-
description:
|
|
97
|
+
name: "policy_check",
|
|
98
|
+
description: "Check if an action is allowed by the security policy. Use this BEFORE attempting potentially restricted operations.",
|
|
92
99
|
schema: {
|
|
93
|
-
type:
|
|
100
|
+
type: "object",
|
|
94
101
|
properties: {
|
|
95
102
|
action: {
|
|
96
|
-
type:
|
|
97
|
-
enum: [
|
|
98
|
-
description:
|
|
103
|
+
type: "string",
|
|
104
|
+
enum: ["file_read", "file_write", "network", "command", "tool_call"],
|
|
105
|
+
description: "The type of action to check",
|
|
99
106
|
},
|
|
100
107
|
resource: {
|
|
101
|
-
type:
|
|
102
|
-
description:
|
|
108
|
+
type: "string",
|
|
109
|
+
description: "The resource to check (path, domain, command, or tool name)",
|
|
103
110
|
},
|
|
104
111
|
},
|
|
105
|
-
required: [
|
|
112
|
+
required: ["action", "resource"],
|
|
106
113
|
},
|
|
107
114
|
execute: async (params) => {
|
|
108
|
-
const action = params.action ??
|
|
109
|
-
const resource = typeof params.resource ===
|
|
115
|
+
const action = params.action ?? "tool_call";
|
|
116
|
+
const resource = typeof params.resource === "string" ? params.resource : "";
|
|
110
117
|
const event = buildEvent(action, resource);
|
|
111
118
|
const decision = await engine.evaluate(event);
|
|
112
119
|
return {
|
|
113
120
|
...decision,
|
|
114
121
|
message: formatDecision(decision),
|
|
115
|
-
suggestion: decision.status ===
|
|
122
|
+
suggestion: decision.status === "deny" ? getSuggestion(action, resource) : undefined,
|
|
116
123
|
};
|
|
117
124
|
},
|
|
118
125
|
};
|
|
119
126
|
}
|
|
120
127
|
function getSuggestion(action, resource) {
|
|
121
|
-
if ((action ===
|
|
122
|
-
return
|
|
128
|
+
if ((action === "file_write" || action === "file_read") && resource.includes(".ssh")) {
|
|
129
|
+
return "SSH keys are protected. Consider using a different credential storage method.";
|
|
123
130
|
}
|
|
124
|
-
if ((action ===
|
|
125
|
-
return
|
|
131
|
+
if ((action === "file_write" || action === "file_read") && resource.includes(".aws")) {
|
|
132
|
+
return "AWS credentials are protected. Use environment variables or IAM roles instead.";
|
|
126
133
|
}
|
|
127
|
-
if (action ===
|
|
128
|
-
return
|
|
134
|
+
if (action === "network_egress" || action === "network") {
|
|
135
|
+
return "Try using an allowed domain like api.github.com or pypi.org.";
|
|
129
136
|
}
|
|
130
|
-
if ((action ===
|
|
131
|
-
return
|
|
137
|
+
if ((action === "command_exec" || action === "command") && resource.includes("sudo")) {
|
|
138
|
+
return "Privileged commands are restricted. Try running without sudo.";
|
|
132
139
|
}
|
|
133
|
-
if ((action ===
|
|
134
|
-
|
|
140
|
+
if ((action === "command_exec" || action === "command") &&
|
|
141
|
+
(resource.includes("rm -rf") || resource.includes("dd if="))) {
|
|
142
|
+
return "Destructive commands are blocked. Consider safer alternatives.";
|
|
135
143
|
}
|
|
136
|
-
return
|
|
144
|
+
return "Consider an alternative approach that works within the security policy.";
|
|
137
145
|
}
|
|
138
146
|
//# sourceMappingURL=policy-check.js.map
|