@de-otio/chaoskb-client 0.3.6 → 0.3.8

package/dist/cli/bootstrap.d.ts

@@ -1,5 +1,11 @@
 export declare const CHAOSKB_DIR: string;
 export declare const FILE_KEY_PATH: string;
+/** OS keychain service name for chaoskb-managed slots. */
+export declare const KEYRING_SERVICE = "chaoskb";
+/** Fallback Ed25519 identity slot names. These live alongside the
+ *  personal master in the same service namespace. */
+export declare const IDENTITY_SECRET_SLOT = "identity-secret";
+export declare const IDENTITY_PUBLIC_SLOT = "identity-public";
 export interface BootstrapOptions {
     /** Override the base directory (default: ~/.chaoskb). For testing. */
     baseDir?: string;
@@ -7,9 +13,11 @@ export interface BootstrapOptions {
 /**
  * Auto-bootstrap ChaosKB on first launch.
  *
- * Creates ~/.chaoskb/, generates a master key, stores it in the OS keyring,
- * initializes the database, and writes config.json — all with standard
- * security tier and no interactive prompts.
+ * Creates ~/.chaoskb/, generates a master key, wraps it with the user's
+ * SSH public key (via keyring's `StandardTier`), persists the wrapped
+ * blob in the OS keychain, initializes the database, and writes
+ * config.json — all with standard security tier and no interactive
+ * prompts.
  *
  * Idempotent: no-ops if config.json already exists.
  * Concurrency-safe: uses file-based locking to prevent races.

package/dist/cli/bootstrap.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"bootstrap.d.ts","sourceRoot":"","sources":["../../cli/bootstrap.ts"],"names":[],"mappings":"AAMA,eAAO,MAAM,WAAW,QAAsC,CAAC;AAC/D,eAAO,MAAM,aAAa,QAAuC,CAAC;AAElE,MAAM,WAAW,gBAAgB;IAC/B,sEAAsE;IACtE,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB;AAMD;;;;;;;;;GASG;AACH,wBAAsB,SAAS,CAAC,OAAO,CAAC,EAAE,gBAAgB,GAAG,OAAO,CAAC,IAAI,CAAC,CAsGzE;AA4XD;;;GAGG;AACH,wBAAsB,qBAAqB,CAAC,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAqB7E"}
+{"version":3,"file":"bootstrap.d.ts","sourceRoot":"","sources":["../../cli/bootstrap.ts"],"names":[],"mappings":"AAoBA,eAAO,MAAM,WAAW,QAAsC,CAAC;AAC/D,eAAO,MAAM,aAAa,QAAuC,CAAC;AAElE,0DAA0D;AAC1D,eAAO,MAAM,eAAe,YAAY,CAAC;AACzC;qDACqD;AACrD,eAAO,MAAM,oBAAoB,oBAAoB,CAAC;AACtD,eAAO,MAAM,oBAAoB,oBAAoB,CAAC;AAEtD,MAAM,WAAW,gBAAgB;IAC/B,sEAAsE;IACtE,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB;AAsCD;;;;;;;;;;;GAWG;AACH,wBAAsB,SAAS,CAAC,OAAO,CAAC,EAAE,gBAAgB,GAAG,OAAO,CAAC,IAAI,CAAC,CA6IzE;AA8XD;;;GAGG;AACH,wBAAsB,qBAAqB,CAAC,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAsB7E"}

package/dist/cli/bootstrap.js

@@ -1,18 +1,57 @@
 import * as fs from 'node:fs';
 import * as path from 'node:path';
 import * as os from 'node:os';
+import { randomBytes } from 'node:crypto';
+import { KeyRing, StandardTier, OsKeychainStorage, FileSystemStorage, OsKeychainUnavailable, parseSshPublicKey, } from '@de-otio/keyring';
+import { SecureBuffer, asMasterKey } from '@de-otio/crypto-envelope';
 import { acquireBootstrapLock } from './bootstrap-lock.js';
 export const CHAOSKB_DIR = path.join(os.homedir(), '.chaoskb');
 export const FILE_KEY_PATH = path.join(CHAOSKB_DIR, 'master.key');
+/** OS keychain service name for chaoskb-managed slots. */
+export const KEYRING_SERVICE = 'chaoskb';
+/** Fallback Ed25519 identity slot names. These live alongside the
+ *  personal master in the same service namespace. */
+export const IDENTITY_SECRET_SLOT = 'identity-secret';
+export const IDENTITY_PUBLIC_SLOT = 'identity-public';
 function resolveDir(baseDir) {
     return baseDir ?? CHAOSKB_DIR;
 }
+/**
+ * Build the chaoskb keyring storage. Prefers the OS keychain; falls back
+ * to a filesystem store when `CHAOSKB_KEY_STORAGE=file` is set or the OS
+ * keychain is unavailable (headless CI, unsupported platform).
+ *
+ * The filesystem fallback mirrors the previous `master.key` location but
+ * uses keyring's `FileSystemStorage` format — slot files under a 0700
+ * directory. Wire format is v1 per keyring.
+ */
+async function buildStorage(baseDir) {
+    const wantFile = process.env.CHAOSKB_KEY_STORAGE === 'file';
+    if (wantFile) {
+        const fsDir = path.join(baseDir, 'keyring');
+        fs.mkdirSync(fsDir, { recursive: true, mode: 0o700 });
+        return {
+            storage: new FileSystemStorage({ root: fsDir }),
+            kind: 'file',
+        };
+    }
+    // OS keychain is checked lazily when the first put/get/delete is made.
+    return {
+        storage: new OsKeychainStorage({
+            service: KEYRING_SERVICE,
+            acceptedTiers: ['standard'],
+        }),
+        kind: 'os-keychain',
+    };
+}
 /**
  * Auto-bootstrap ChaosKB on first launch.
  *
- * Creates ~/.chaoskb/, generates a master key, stores it in the OS keyring,
- * initializes the database, and writes config.json — all with standard
- * security tier and no interactive prompts.
+ * Creates ~/.chaoskb/, generates a master key, wraps it with the user's
+ * SSH public key (via keyring's `StandardTier`), persists the wrapped
+ * blob in the OS keychain, initializes the database, and writes
+ * config.json — all with standard security tier and no interactive
+ * prompts.
  *
  * Idempotent: no-ops if config.json already exists.
  * Concurrency-safe: uses file-based locking to prevent races.
@@ -21,7 +60,6 @@ export async function bootstrap(options) {
     const chaoskbDir = resolveDir(options?.baseDir);
     const configPath = path.join(chaoskbDir, 'config.json');
     const modelsDir = path.join(chaoskbDir, 'models');
-    const fileKeyPath = path.join(chaoskbDir, 'master.key');
     // Fast path: already configured
     if (fs.existsSync(configPath)) {
         return;
@@ -40,44 +78,78 @@ export async function bootstrap(options) {
         if (!fs.existsSync(modelsDir)) {
             fs.mkdirSync(modelsDir, { recursive: true, mode: 0o700 });
         }
-        // 2. Generate master key
-        const { EncryptionService } = await import('../crypto/encryption-service.js');
-        const encryption = new EncryptionService();
-        const masterKey = encryption.generateMasterKey();
-        // 3. Store master key
+        // 2. Detect SSH key for zero-config sync and as the keyring tier input.
+        const sshResult = await detectSSHKey(chaoskbDir);
+        // 3. Generate a random 32-byte master key (plain Uint8Array — we hand
+        //    it to keyring which owns its SecureBuffer lifecycle).
+        const masterBytes = new Uint8Array(randomBytes(32));
+        const masterSb = SecureBuffer.from(Buffer.from(masterBytes));
+        const master = asMasterKey(masterSb);
+        // Keep a copy for sync registration (pre-upload). Zeroed at the end.
+        const masterKeyCopy = Buffer.from(masterBytes);
+        masterBytes.fill(0);
+        // 4. Wrap the master with the SSH key and persist via keyring.
+        let keyringOk = false;
         try {
-            await storeKeyInKeyring(masterKey);
+            if (sshResult.publicKey) {
+                const tier = StandardTier.fromSshKey(sshResult.publicKey);
+                const { storage } = await buildStorage(chaoskbDir);
+                const ring = new KeyRing({ tier, storage });
+                await ring.setup(master);
+                keyringOk = true;
+                if (process.platform === 'darwin') {
+                    process.stderr.write('Storing encryption key in macOS Keychain.\n' +
+                        'You may see a system dialog asking to allow keychain access — this is expected.\n');
+                }
+            }
         }
         catch (keyringError) {
-            // Keyring failed — check for file-based fallback
-            if (process.env.CHAOSKB_KEY_STORAGE === 'file') {
-                process.stderr.write('\n⚠ OS keyring unavailable. Storing key in ' + fileKeyPath + ' (file-based).\n' +
+            // Master not yet disposed — fall through to file fallback.
+            if (process.env.CHAOSKB_KEY_STORAGE === 'file' || keyringError instanceof OsKeychainUnavailable) {
+                process.stderr.write('\n⚠ OS keyring unavailable. Storing key in ' +
+                    FILE_KEY_PATH +
+                    ' (file-based).\n' +
                     '  This is less secure than the OS keyring. The key file is readable by any process running as your user.\n\n');
-                fs.writeFileSync(fileKeyPath, masterKey.buffer.toString('hex'), { mode: 0o600 });
+                fs.writeFileSync(path.join(chaoskbDir, 'master.key'), masterKeyCopy.toString('hex'), {
+                    mode: 0o600,
+                });
+                keyringOk = true;
             }
             else {
-                masterKey.dispose();
+                master.dispose();
+                masterKeyCopy.fill(0);
                 throw new Error(`Failed to store master key in OS keyring: ${keyringError instanceof Error ? keyringError.message : String(keyringError)}\n\n` +
                     '  To fix this, either:\n' +
                     '  • Install/configure your OS keyring service (macOS Keychain, Linux Secret Service, Windows Credential Manager)\n' +
                     '  • Set CHAOSKB_KEY_STORAGE=file to use file-based key storage (less secure)\n');
             }
         }
-        // Copy master key bytes before disposing (needed for sync registration)
-        const masterKeyBytes = Buffer.from(masterKey.buffer);
-        masterKey.dispose();
-        // 4. Initialize database
+        if (!keyringOk && !sshResult.publicKey) {
+            // No SSH key at all AND we didn't persist yet — fall back to file
+            // storage so the bootstrap can still complete.
+            if (process.env.CHAOSKB_KEY_STORAGE === 'file') {
+                fs.writeFileSync(path.join(chaoskbDir, 'master.key'), masterKeyCopy.toString('hex'), {
+                    mode: 0o600,
+                });
+            }
+            else {
+                master.dispose();
+                masterKeyCopy.fill(0);
+                throw new Error('No SSH key found and CHAOSKB_KEY_STORAGE=file not set. ' +
+                    'Run `ssh-keygen` or set CHAOSKB_KEY_STORAGE=file to continue.');
+            }
+        }
+        master.dispose();
+        // 5. Initialize database
         const { DatabaseManager } = await import('../storage/database-manager.js');
         const dbManager = new DatabaseManager(chaoskbDir);
         const db = dbManager.getPersonalDb();
         db.close();
         dbManager.closeAll();
-        // 5. Detect SSH key for zero-config sync
-        const sshResult = await detectSSHKey();
         // 6. Register with sync server (non-blocking)
-        const syncResult = await attemptSyncRegistration(sshResult, masterKeyBytes);
+        const syncResult = await attemptSyncRegistration(sshResult, masterKeyCopy, chaoskbDir);
         // Zero the copy
-        masterKeyBytes.fill(0);
+        masterKeyCopy.fill(0);
         // 7. Write config
         const config = {
             securityTier: 'standard',
@@ -112,7 +184,7 @@ export async function bootstrap(options) {
  * Priority: ssh-agent (Ed25519 > RSA) → filesystem (id_ed25519 > id_rsa)
  * If no SSH key found, returns source: 'none'.
  */
-async function detectSSHKey() {
+async function detectSSHKey(baseDir) {
     // Respect opt-out
     if (process.env.CHAOSKB_SYNC === 'off') {
         return { publicKey: null, fingerprint: null, keyPath: null, source: 'none' };
@@ -150,8 +222,7 @@ async function detectSSHKey() {
         if (fs.existsSync(pubKeyPath)) {
             try {
                 const content = fs.readFileSync(pubKeyPath, 'utf-8').trim();
-                const { parseSSHPublicKey } = await import('../crypto/ssh-keys.js');
-                const parsed = parseSSHPublicKey(content);
+                const parsed = parseSshPublicKey(content);
                 return {
                     publicKey: content,
                     fingerprint: parsed.fingerprint,
@@ -167,7 +238,7 @@ async function detectSSHKey() {
     }
     // No SSH key found — try generating a fallback key in keyring
     try {
-        const fallback = await generateFallbackKey();
+        const fallback = await generateFallbackKey(baseDir);
         if (fallback)
             return fallback;
     }
@@ -179,19 +250,40 @@ async function detectSSHKey() {
 /**
  * Generate a fallback Ed25519 key pair and store it in the OS keyring.
  * Never written to disk. Returns null if keyring is unavailable.
+ *
+ * Uses keyring's `OsKeychainStorage` directly at dedicated slot names.
+ * Stored as a degenerate `WrappedKey` shape — the slot contract is a
+ * `WrappedKey`, so we wrap the raw identity bytes in the `envelope`
+ * field and use tier='standard' purely as a placeholder. This is a
+ * chaoskb-specific convention; the bytes are not AEAD-wrapped because
+ * the whole point is that there's no other key material to wrap them
+ * with on a new install.
  */
-async function generateFallbackKey() {
+async function generateFallbackKey(_baseDir) {
     const sodium = (await import('sodium-native')).default;
-    const { KeyringService } = await import('../crypto/keyring.js');
     const pk = Buffer.alloc(sodium.crypto_sign_PUBLICKEYBYTES);
     const sk = Buffer.alloc(sodium.crypto_sign_SECRETKEYBYTES);
     sodium.crypto_sign_keypair(pk, sk);
     try {
-        // Store secret key in keyring only (never on disk)
-        const keyring = new KeyringService();
-        const { SecureBuffer } = await import('../crypto/secure-buffer.js');
-        await keyring.store('chaoskb', 'identity-secret', SecureBuffer.from(sk));
-        await keyring.store('chaoskb', 'identity-public', SecureBuffer.from(pk));
+        const storage = new OsKeychainStorage({
+            service: KEYRING_SERVICE,
+            acceptedTiers: ['standard'],
+        });
+        const now = new Date().toISOString();
+        const skWrapped = {
+            v: 1,
+            tier: 'standard',
+            envelope: new Uint8Array(sk),
+            ts: now,
+        };
+        const pkWrapped = {
+            v: 1,
+            tier: 'standard',
+            envelope: new Uint8Array(pk),
+            ts: now,
+        };
+        await storage.put(IDENTITY_SECRET_SLOT, skWrapped);
+        await storage.put(IDENTITY_PUBLIC_SLOT, pkWrapped);
     }
     catch {
         sk.fill(0);
@@ -200,10 +292,7 @@ async function generateFallbackKey() {
     // Build the SSH public key line
     const { createHash } = await import('node:crypto');
     const typeStr = Buffer.from('ssh-ed25519');
-    const keyBlob = Buffer.concat([
-        uint32BE(typeStr.length), typeStr,
-        uint32BE(pk.length), pk,
-    ]);
+    const keyBlob = Buffer.concat([uint32BE(typeStr.length), typeStr, uint32BE(pk.length), pk]);
     const base64Blob = keyBlob.toString('base64');
     const fingerprint = 'SHA256:' + createHash('sha256').update(keyBlob).digest('base64').replace(/=+$/, '');
     sk.fill(0);
@@ -226,7 +315,7 @@ const DEFAULT_SYNC_ENDPOINT = 'https://sync.chaoskb.com';
  * Non-blocking: if the server is unreachable, returns pending=true
  * and the next launch will retry.
  */
-async function attemptSyncRegistration(ssh, masterKeyBuffer) {
+async function attemptSyncRegistration(ssh, masterKeyBuffer, baseDir) {
     if (process.env.CHAOSKB_SYNC === 'off' || !ssh.publicKey) {
         return { enabled: false, pending: false, endpoint: null };
     }
@@ -243,7 +332,7 @@ async function attemptSyncRegistration(ssh, masterKeyBuffer) {
         if (!challengeRes.ok) {
             return { enabled: false, pending: true, endpoint };
         }
-        const { challenge } = await challengeRes.json();
+        const { challenge } = (await challengeRes.json());
         // Step 2: Sign the challenge using SSHSigner (handles OpenSSH key formats + ssh-agent)
         const { SSHSigner } = await import('../sync/ssh-signer.js');
         const signer = new SSHSigner(ssh.keyPath ?? undefined);
@@ -275,15 +364,15 @@ async function attemptSyncRegistration(ssh, masterKeyBuffer) {
             // Other server errors — mark as pending for retry
             return { enabled: false, pending: true, endpoint };
         }
-        const regResult = await response.json();
-        // Existing account — download and unwrap master key (new-device restore)
+        const regResult = (await response.json());
+        // Existing account — download and store the server's wrapped master.
         if (regResult.status === 'existing') {
-            await restoreMasterKey(endpoint, ssh);
+            await restoreMasterKey(endpoint, ssh, baseDir);
             return { enabled: true, pending: false, endpoint };
         }
         // New account — wrap master key and upload
         if (masterKeyBuffer.length > 0) {
-            await uploadWrappedMasterKey(endpoint, ssh, masterKeyBuffer);
+            await uploadWrappedMasterKey(endpoint, ssh, masterKeyBuffer, baseDir);
         }
         return { enabled: true, pending: false, endpoint };
     }
@@ -306,19 +395,20 @@ async function fetchWithTimeout(url, init) {
     }
 }
 /**
- * Wrap the master key with the SSH public key and upload to the sync server.
- * The wrapped blob is signed with the SSH private key for integrity verification.
+ * Wrap the master key with the SSH public key and upload to the sync
+ * server. Uses keyring's `StandardTier.wrap` so the wire format is v1.
  */
-async function uploadWrappedMasterKey(endpoint, ssh, masterKeyBuffer) {
+async function uploadWrappedMasterKey(endpoint, ssh, masterKeyBuffer, _baseDir) {
     if (!ssh.publicKey)
         return;
-    const { parseSSHPublicKey } = await import('../crypto/ssh-keys.js');
-    const { wrapMasterKey } = await import('../crypto/tiers/standard.js');
-    const { SecureBuffer } = await import('../crypto/secure-buffer.js');
-    const keyInfo = parseSSHPublicKey(ssh.publicKey);
-    const secureMasterKey = SecureBuffer.from(masterKeyBuffer);
+    const tier = StandardTier.fromSshKey(ssh.publicKey);
+    const masterSb = SecureBuffer.from(Buffer.from(masterKeyBuffer));
+    const master = asMasterKey(masterSb);
     try {
-        const wrappedBlob = wrapMasterKey(secureMasterKey, keyInfo);
+        const wrapped = await tier.wrap(master);
+        // Wire format: raw `WrappedKey.envelope` bytes. The server stores
+        // them opaquely — only the client (which has the SSH private key) can
+        // unwrap them.
         const { createSyncHttpClientFromConfig } = await import('../sync/client-factory.js');
         const { DatabaseManager } = await import('../storage/database-manager.js');
         const db = new DatabaseManager().getPersonalDb();
@@ -326,20 +416,23 @@ async function uploadWrappedMasterKey(endpoint, ssh, masterKeyBuffer) {
             endpoint,
             sshKeyPath: ssh.keyPath ?? undefined,
         }, db.syncSequence);
-        await client.put('/v1/wrapped-key', wrappedBlob);
+        await client.put('/v1/wrapped-key', wrapped.envelope);
     }
     finally {
-        secureMasterKey.dispose();
+        master.dispose();
     }
 }
 /**
  * Restore the master key on a new device.
  *
- * Downloads the wrapped master key blob from the server,
- * verifies the signature, unwraps with the SSH private key,
- * and stores in the OS keyring.
+ * Downloads the wrapped master-key blob from the server and persists it
+ * verbatim into keyring storage at the `__personal` slot. We also attempt
+ * an `unlockWithSshKey` to verify the bytes are usable with the local SSH
+ * private key; the unwrapped master is immediately discarded — the
+ * keyring stays in its wrapped form on disk, to be unlocked on demand by
+ * `initializeDependencies`.
  */
-async function restoreMasterKey(endpoint, ssh) {
+async function restoreMasterKey(endpoint, ssh, baseDir) {
     if (!ssh.publicKey)
         return;
     const { createSyncHttpClientFromConfig } = await import('../sync/client-factory.js');
@@ -353,63 +446,34 @@ async function restoreMasterKey(endpoint, ssh) {
     if (!response.ok) {
         throw new Error(`Failed to download wrapped key: ${response.status}`);
     }
-    const wrappedBlob = new Uint8Array(await response.arrayBuffer());
-    // Unwrap with SSH private key
-    const { parseSSHPublicKey } = await import('../crypto/ssh-keys.js');
-    const keyInfo = parseSSHPublicKey(ssh.publicKey);
-    if (keyInfo.type === 'ed25519') {
-        const { unwrapMasterKeyEd25519 } = await import('../crypto/tiers/standard.js');
-        // Read the private key to get the secret key bytes for unwrapping
-        // For Ed25519 unwrap, we need the raw secret key — ssh-agent can sign
-        // but can't expose the raw key for crypto_box_seal_open.
-        // Fall back to key file for unwrapping.
-        if (ssh.keyPath) {
-            const keyData = fs.readFileSync(ssh.keyPath, 'utf-8');
-            const { createPrivateKey } = await import('node:crypto');
-            const keyObj = createPrivateKey({ key: keyData, format: 'pem' });
-            const exported = keyObj.export({ type: 'pkcs8', format: 'der' });
-            // Ed25519 PKCS8 DER: last 32 bytes are the private key, preceded by 2-byte wrapper
-            // The actual key bytes are at offset 16 (after DER headers), 32 bytes of seed + 32 bytes of public
-            const derBuf = Buffer.from(exported);
-            // Extract the 32-byte seed from the PKCS8 structure
-            // PKCS8 for Ed25519: 30 2e 02 01 00 30 05 06 03 2b 65 70 04 22 04 20 [32 bytes seed]
-            const seedOffset = derBuf.indexOf(Buffer.from([0x04, 0x20]), 12);
-            if (seedOffset === -1) {
-                throw new Error('Could not extract Ed25519 seed from private key');
-            }
-            const seed = derBuf.subarray(seedOffset + 2, seedOffset + 34);
-            // Generate the full 64-byte secret key from the seed
-            const sodium = (await import('sodium-native')).default;
-            const fullSk = Buffer.alloc(sodium.crypto_sign_SECRETKEYBYTES);
-            const fullPk = Buffer.alloc(sodium.crypto_sign_PUBLICKEYBYTES);
-            sodium.crypto_sign_seed_keypair(fullPk, fullSk, seed);
-            const masterKey = unwrapMasterKeyEd25519(wrappedBlob, fullSk, fullPk);
-            // Store in keyring
-            await storeKeyInKeyring(masterKey);
-            masterKey.dispose();
-            // Zero sensitive buffers
-            fullSk.fill(0);
-            seed.fill(0);
-        }
-        else {
-            // Key is in agent only — can't extract raw key for crypto_box_seal_open
-            // This is a known limitation: agent-only keys can sign but can't unwrap sealed boxes
-            throw new Error('Cannot restore master key: SSH key is in agent only (no key file).\n' +
-                'crypto_box_seal_open requires the raw private key. Ensure the key file is available at ~/.ssh/id_ed25519');
+    const wrappedEnvelopeBytes = new Uint8Array(await response.arrayBuffer());
+    // Persist to keyring storage as a v1 WrappedKey.
+    const wrapped = {
+        v: 1,
+        tier: 'standard',
+        envelope: wrappedEnvelopeBytes,
+        sshFingerprint: ssh.fingerprint ?? undefined,
+        ts: new Date().toISOString(),
+    };
+    const { storage } = await buildStorage(baseDir);
+    await storage.put('__personal', wrapped);
+    // Verify it's unwrappable with the local SSH key (non-fatal: if the key
+    // file is missing, the unlock below will just skip and the unwrap will
+    // happen lazily on first MCP tool use).
+    if (ssh.keyPath) {
+        try {
+            const pem = fs.readFileSync(ssh.keyPath, 'utf-8');
+            const tier = StandardTier.fromSshKey(ssh.publicKey);
+            const ring = new KeyRing({ tier, storage });
+            await ring.unlockWithSshKey(pem);
+            await ring.lock();
         }
-    }
-    else {
-        // RSA unwrap
-        const { unwrapMasterKeyRSA } = await import('../crypto/tiers/standard.js');
-        const { createPrivateKey } = await import('node:crypto');
-        if (!ssh.keyPath) {
-            throw new Error('Cannot restore master key: no RSA key file path');
+        catch (err) {
+            // Verification failed — surface a diagnostic but leave the blob
+            // in place. Unlock failure now is unusual but not catastrophic;
+            // the MCP server will retry on tool-call time.
+            process.stderr.write(`Warning: downloaded wrapped key failed verify-unlock: ${err instanceof Error ? err.message : String(err)}\n`);
         }
-        const keyData = fs.readFileSync(ssh.keyPath, 'utf-8');
-        const rsaPrivKey = createPrivateKey({ key: keyData, format: 'pem' });
-        const masterKey = unwrapMasterKeyRSA(wrappedBlob, rsaPrivKey);
-        await storeKeyInKeyring(masterKey);
-        masterKey.dispose();
     }
     process.stderr.write('Master key restored from sync server. Your knowledge base will sync shortly.\n');
 }
@@ -422,10 +486,11 @@ export async function retrySyncRegistration(configPath) {
         const configData = JSON.parse(fs.readFileSync(configPath, 'utf-8'));
         if (!configData.syncPending)
             return;
-        const sshResult = await detectSSHKey();
+        const baseDir = path.dirname(configPath);
+        const sshResult = await detectSSHKey(baseDir);
         if (!sshResult.publicKey)
             return;
-        const syncResult = await attemptSyncRegistration(sshResult, Buffer.alloc(0));
+        const syncResult = await attemptSyncRegistration(sshResult, Buffer.alloc(0), baseDir);
         if (syncResult.enabled || !syncResult.pending) {
             // Either succeeded or permanently failed — clear pending
             configData.syncEnabled = syncResult.enabled;
@@ -441,14 +506,4 @@ export async function retrySyncRegistration(configPath) {
         // Retry failed silently — will try again next launch
     }
 }
-async function storeKeyInKeyring(masterKey) {
-    // macOS: warn about potential keychain access dialog
-    if (process.platform === 'darwin') {
-        process.stderr.write('Storing encryption key in macOS Keychain.\n' +
-            'You may see a system dialog asking to allow keychain access — this is expected.\n');
-    }
-    const { KeyringService } = await import('../crypto/keyring.js');
-    const keyring = new KeyringService();
-    await keyring.store('chaoskb', 'master-key', masterKey);
-}
 //# sourceMappingURL=bootstrap.js.map

package/dist/cli/bootstrap.js.map

@@ -1 +1 @@
-{"version":3,"file":"bootstrap.js","sourceRoot":"","sources":["../../cli/bootstrap.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,MAAM,SAAS,CAAC;AAC9B,OAAO,KAAK,IAAI,MAAM,WAAW,CAAC;AAClC,OAAO,KAAK,EAAE,MAAM,SAAS,CAAC;AAC9B,OAAO,EAAE,oBAAoB,EAAE,MAAM,qBAAqB,CAAC;AAG3D,MAAM,CAAC,MAAM,WAAW,GAAG,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,EAAE,UAAU,CAAC,CAAC;AAC/D,MAAM,CAAC,MAAM,aAAa,GAAG,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,YAAY,CAAC,CAAC;AAOlE,SAAS,UAAU,CAAC,OAAgB;IAClC,OAAO,OAAO,IAAI,WAAW,CAAC;AAChC,CAAC;AAED;;;;;;;;;GASG;AACH,MAAM,CAAC,KAAK,UAAU,SAAS,CAAC,OAA0B;IACxD,MAAM,UAAU,GAAG,UAAU,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;IAChD,MAAM,UAAU,GAAG,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,aAAa,CAAC,CAAC;IACxD,MAAM,SAAS,GAAG,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,QAAQ,CAAC,CAAC;IAClD,MAAM,WAAW,GAAG,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,YAAY,CAAC,CAAC;IAExD,gCAAgC;IAChC,IAAI,EAAE,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;QAC9B,OAAO;IACT,CAAC;IAED,MAAM,WAAW,GAAG,MAAM,oBAAoB,CAAC,UAAU,CAAC,CAAC;IAC3D,IAAI,CAAC;QACH,mFAAmF;QACnF,IAAI,EAAE,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;YAC9B,OAAO;QACT,CAAC;QAED,gCAAgC;QAChC,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;YAC/B,EAAE,CAAC,SAAS,CAAC,UAAU,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;QAC7D,CAAC;QACD,EAAE,CAAC,SAAS,CAAC,UAAU,EAAE,KAAK,CAAC,CAAC;QAEhC,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;YAC9B,EAAE,CAAC,SAAS,CAAC,SAAS,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;QAC5D,CAAC;QAED,yBAAyB;QACzB,MAAM,EAAE,iBAAiB,EAAE,GAAG,MAAM,MAAM,CAAC,iCAAiC,CAAC,CAAC;QAC9E,MAAM,UAAU,GAAG,IAAI,iBAAiB,EAAE,CAAC;QAC3C,MAAM,SAAS,GAAG,UAAU,CAAC,iBAAiB,EAAE,CAAC;QAEjD,sBAAsB;QACtB,IAAI,CAAC;YACH,MAAM,iBAAiB,CAAC,SAAS,CAAC,CAAC;QACrC,CAAC;QAAC,OAAO,YAAY,EAAE,CAAC;YACtB,iDAAiD;YACjD,IAAI,OAAO,CAAC,GAAG,CAAC,mBAAmB,KAAK,MAAM,EAAE,CAAC;gBAC/C,OAAO,CAAC,MAAM,CAAC,KAAK,CAClB,6CAA6C,GAAG,WAAW,GAAG,kBAAkB;oBAChF,8GAA8G,CAC/G,CAAC;gBACF,EAAE,CAAC,aAAa,CAAC,WAAW,EAAE,SAAS,CAAC,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;YACnF,CAAC;iBAAM,CAAC;gBACN,SAAS,CAAC,OAAO,EAAE,CAAC;gBACpB,MAAM,IAAI,KAAK,CACb,6CAA6C,YAAY,YAAY,KAAK,CAAC,CAAC,CAAC,YAAY,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,YAAY,CAAC,MAAM;oBAC9H,0BAA0B;oBAC1B,oHAAoH;oBACpH,gFAAgF,CACjF,CAAC;YACJ,CAAC;QACH,CAAC;QAED,wEAAwE;QACxE,MAAM,cAAc,GAAG,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;QACrD,SAAS,CAAC,OAAO,EAAE,CAAC;QAEpB,yBAAyB;QACzB,MAAM,EAAE,eAAe,EAAE,GAAG,MAAM,MAAM,CAAC,gCAAgC,CAAC,CAAC;QAC3E,MAAM,SAAS,GAAG,IAAI,eAAe,CAAC,UAAU,CAAC,CAAC;QAClD,MAAM,EAAE,GAAG,SAAS,CAAC,aAAa,EAAE,CAAC;QACrC,EAAE,CAAC,KAAK,EAAE,CAAC;QACX,SAAS,CAAC,QAAQ,EAAE,CAAC;QAErB,yCAAyC;QACzC,MAAM,SAAS,GAAG,MAAM,YAAY,EAAE,CAAC;QAEvC,8CAA8C;QAC9C,MAAM,UAAU,GAAG,MAAM,uBAAuB,CAAC,SAAS,EAAE,cAAc,CAAC,CAAC;QAE5E,gBAAgB;QAChB,cAAc,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAEvB,kBAAkB;QAClB,MAAM,MAAM,GAAkB;YAC5B,YAAY,EAAE,UAAU;YACxB,QAAQ,EAAE,EAAE;YACZ,WAAW,EAAE,UAAU,CAAC,OAAO;YAC/B,WAAW,EAAE,UAAU,CAAC,OAAO;YAC/B,GAAG,CAAC,UAAU,CAAC,QAAQ,IAAI,EAAE,QAAQ,EAAE,UAAU,CAAC,QAAQ,EAAE,CAAC;YAC7D,GAAG,CAAC,SAAS,CAAC,WAAW,IAAI,EAAE,iBAAiB,EAAE,SAAS,CAAC,WAAW,EAAE,CAAC;YAC1E,GAAG,CAAC,SAAS,CAAC,OAAO,IAAI,EAAE,UAAU,EAAE,SAAS,CAAC,OAAO,EAAE,CAAC;SAC5D,CAAC;QACF,EAAE,CAAC,aAAa,CAAC,UAAU,EAAE,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;QAE/E,qBAAqB;QACrB,IAAI,UAAU,CAAC,OAAO,EAAE,CAAC;YACvB,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,8DAA8D,CAAC,CAAC;QACvF,CAAC;aAAM,IAAI,UAAU,CAAC,OAAO,EAAE,CAAC;YAC9B,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,uDAAuD,CAAC,CAAC;QAChF,CAAC;aAAM,IAAI,CAAC,SAAS,CAAC,SAAS,EAAE,CAAC;YAChC,OAAO,CAAC,MAAM,CAAC,KAAK,CAClB,wEAAwE;gBACxE,yEAAyE;gBACzE,yCAAyC,CAC1C,CAAC;QACJ,CAAC;IACH,CAAC;YAAS,CAAC;QACT,WAAW,EAAE,CAAC;IAChB,CAAC;AACH,CAAC;AAWD;;;;;GAKG;AACH,KAAK,UAAU,YAAY;IACzB,kBAAkB;IAClB,IAAI,OAAO,CAAC,GAAG,CAAC,YAAY,KAAK,KAAK,EAAE,CAAC;QACvC,OAAO,EAAE,SAAS,EAAE,IAAI,EAAE,WAAW,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,MAAM,EAAE,CAAC;IAC/E,CAAC;IAED,sBAAsB;IACtB,IAAI,OAAO,CAAC,GAAG,CAAC,aAAa,EAAE,CAAC;QAC9B,IAAI,CAAC;YACH,MAAM,EAAE,gBAAgB,EAAE,GAAG,MAAM,MAAM,CAAC,wBAAwB,CAAC,CAAC;YACpE,MAAM,IAAI,GAAG,MAAM,gBAAgB,EAAE,CAAC;YAEtC,0BAA0B;YAC1B,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,SAAS,CAAC,CAAC;YACvD,MAAM,GAAG,GAAG,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,KAAK,CAAC,CAAC;YAC/C,MAAM,MAAM,GAAG,OAAO,IAAI,GAAG,CAAC;YAE9B,IAAI,MAAM,EAAE,CAAC;gBACX,OAAO;oBACL,SAAS,EAAE,OAAO,MAAM,CAAC,IAAI,KAAK,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,KAAK,IAAI,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,cAAc,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE;oBAC1H,WAAW,EAAE,MAAM,CAAC,WAAW;oBAC/B,OAAO,EAAE,IAAI;oBACb,MAAM,EAAE,OAAO;iBAChB,CAAC;YACJ,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,6DAA6D;QAC/D,CAAC;IACH,CAAC;IAED,iBAAiB;IACjB,MAAM,MAAM,GAAG,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,EAAE,MAAM,CAAC,CAAC;IAC/C,MAAM,UAAU,GAAG;QACjB,EAAE,IAAI,EAAE,gBAAgB,EAAE,OAAO,EAAE,YAAY,EAAE;QACjD,EAAE,IAAI,EAAE,YAAY,EAAE,OAAO,EAAE,QAAQ,EAAE;KAC1C,CAAC;IAEF,KAAK,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,UAAU,EAAE,CAAC;QAC3C,MAAM,UAAU,GAAG,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;QAC3C,IAAI,EAAE,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;YAC9B,IAAI,CAAC;gBACH,MAAM,OAAO,GAAG,EAAE,CAAC,YAAY,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC,IAAI,EAAE,CAAC;gBAC5D,MAAM,EAAE,iBAAiB,EAAE,GAAG,MAAM,MAAM,CAAC,uBAAuB,CAAC,CAAC;gBACpE,MAAM,MAAM,GAAG,iBAAiB,CAAC,OAAO,CAAC,CAAC;gBAC1C,OAAO;oBACL,SAAS,EAAE,OAAO;oBAClB,WAAW,EAAE,MAAM,CAAC,WAAW;oBAC/B,OAAO,EAAE,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,OAAO,CAAC;oBACnC,MAAM,EAAE,MAAM;iBACf,CAAC;YACJ,CAAC;YAAC,MAAM,CAAC;gBACP,4BAA4B;gBAC5B,SAAS;YACX,CAAC;QACH,CAAC;IACH,CAAC;IAED,8DAA8D;IAC9D,IAAI,CAAC;QACH,MAAM,QAAQ,GAAG,MAAM,mBAAmB,EAAE,CAAC;QAC7C,IAAI,QAAQ;YAAE,OAAO,QAAQ,CAAC;IAChC,CAAC;IAAC,MAAM,CAAC;QACP,8CAA8C;IAChD,CAAC;IAED,OAAO,EAAE,SAAS,EAAE,IAAI,EAAE,WAAW,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,MAAM,EAAE,CAAC;AAC/E,CAAC;AAED;;;GAGG;AACH,KAAK,UAAU,mBAAmB;IAChC,MAAM,MAAM,GAAG,CAAC,MAAM,MAAM,CAAC,eAAe,CAAC,CAAC,CAAC,OAAc,CAAC;IAC9D,MAAM,EAAE,cAAc,EAAE,GAAG,MAAM,MAAM,CAAC,sBAAsB,CAAC,CAAC;IAEhE,MAAM,EAAE,GAAG,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,0BAAoC,CAAC,CAAC;IACrE,MAAM,EAAE,GAAG,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,0BAAoC,CAAC,CAAC;IACrE,MAAM,CAAC,mBAAmB,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC;IAEnC,IAAI,CAAC;QACH,mDAAmD;QACnD,MAAM,OAAO,GAAG,IAAI,cAAc,EAAE,CAAC;QACrC,MAAM,EAAE,YAAY,EAAE,GAAG,MAAM,MAAM,CAAC,4BAA4B,CAAC,CAAC;QACpE,MAAM,OAAO,CAAC,KAAK,CAAC,SAAS,EAAE,iBAAiB,EAAE,YAAY,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,CAAC;QACzE,MAAM,OAAO,CAAC,KAAK,CAAC,SAAS,EAAE,iBAAiB,EAAE,YAAY,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,CAAC;IAC3E,CAAC;IAAC,MAAM,CAAC;QACP,EAAE,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QACX,OAAO,IAAI,CAAC;IACd,CAAC;IAED,gCAAgC;IAChC,MAAM,EAAE,UAAU,EAAE,GAAG,MAAM,MAAM,CAAC,aAAa,CAAC,CAAC;IACnD,MAAM,OAAO,GAAG,MAAM,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;IAC3C,MAAM,OAAO,GAAG,MAAM,CAAC,MAAM,CAAC;QAC5B,QAAQ,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,OAAO;QACjC,QAAQ,CAAC,EAAE,CAAC,MAAM,CAAC,EAAE,EAAE;KACxB,CAAC,CAAC;IACH,MAAM,UAAU,GAAG,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;IAC9C,MAAM,WAAW,GAAG,SAAS,GAAG,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;IAEzG,EAAE,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAEX,OAAO;QACL,SAAS,EAAE,eAAe,UAAU,EAAE;QACtC,WAAW;QACX,OAAO,EAAE,IAAI;QACb,MAAM,EAAE,MAAM,EAAE,4DAA4D;KAC7E,CAAC;AACJ,CAAC;AAED,SAAS,QAAQ,CAAC,CAAS;IACzB,MAAM,GAAG,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;IAC5B,GAAG,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC;IACrB,OAAO,GAAG,CAAC;AACb,CAAC;AAUD,MAAM,qBAAqB,GAAG,0BAA0B,CAAC;AAEzD;;;;;GAKG;AACH,KAAK,UAAU,uBAAuB,CACpC,GAAuB,EACvB,eAAuB;IAEvB,IAAI,OAAO,CAAC,GAAG,CAAC,YAAY,KAAK,KAAK,IAAI,CAAC,GAAG,CAAC,SAAS,EAAE,CAAC;QACzD,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,OAAO,EAAE,KAAK,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;IAC5D,CAAC;IAED,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,qBAAqB,IAAI,qBAAqB,CAAC;IAE5E,gEAAgE;IAChE,mDAAmD;IACnD,MAAM,KAAK,GAAG,GAAG,CAAC,SAAS,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;IACzC,MAAM,eAAe,GAAG,KAAK,CAAC,MAAM,IAAI,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,SAAS,CAAC;IAErE,IAAI,CAAC;QACH,yCAAyC;QACzC,MAAM,YAAY,GAAG,MAAM,gBAAgB,CAAC,GAAG,QAAQ,wBAAwB,EAAE;YAC/E,MAAM,EAAE,KAAK;SACd,CAAC,CAAC;QAEH,IAAI,CAAC,YAAY,CAAC,EAAE,EAAE,CAAC;YACrB,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC;QACrD,CAAC;QAED,MAAM,EAAE,SAAS,EAAE,GAAG,MAAM,YAAY,CAAC,IAAI,EAA2B,CAAC;QAEzE,uFAAuF;QACvF,MAAM,EAAE,SAAS,EAAE,GAAG,MAAM,MAAM,CAAC,uBAAuB,CAAC,CAAC;QAC5D,MAAM,MAAM,GAAG,IAAI,SAAS,CAAC,GAAG,CAAC,OAAO,IAAI,SAAS,CAAC,CAAC;QACvD,MAAM,EAAE,SAAS,EAAE,eAAe,EAAE,SAAS,EAAE,eAAe,EAAE,GAAG,MAAM,MAAM,CAAC,yBAAyB,CAAC,SAAS,CAAC,CAAC;QAErH,sEAAsE;QACtE,MAAM,YAAY,GAAG,eAAe,IAAI,eAAe,CAAC;QAExD,yCAAyC;QACzC,MAAM,QAAQ,GAAG,MAAM,gBAAgB,CAAC,GAAG,QAAQ,mBAAmB,EAAE;YACtE,MAAM,EAAE,MAAM;YACd,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;YAC/C,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;gBACnB,SAAS,EAAE,YAAY;gBACvB,eAAe;gBACf,cAAc,EAAE,SAAS;aAC1B,CAAC;SACH,CAAC,CAAC;QAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;YACjB,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;YACrD,MAAM,MAAM,GAAI,IAAgC,CAAC,MAAM,CAAC;YAExD,IAAI,MAAM,KAAK,eAAe,EAAE,CAAC;gBAC/B,OAAO,CAAC,MAAM,CAAC,KAAK,CAClB,sEAAsE;oBACtE,sEAAsE,CACvE,CAAC;gBACF,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,OAAO,EAAE,KAAK,EAAE,QAAQ,EAAE,CAAC;YACtD,CAAC;YAED,qEAAqE;YACrE,IAAK,IAAgC,CAAC,KAAK,KAAK,oBAAoB,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;gBAChG,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,KAAK,EAAE,QAAQ,EAAE,CAAC;YACrD,CAAC;YAED,kDAAkD;YAClD,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC;QACrD,CAAC;QAED,MAAM,SAAS,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAyC,CAAC;QAE/E,yEAAyE;QACzE,IAAI,SAAS,CAAC,MAAM,KAAK,UAAU,EAAE,CAAC;YACpC,MAAM,gBAAgB,CAAC,QAAQ,EAAE,GAAG,CAAC,CAAC;YACtC,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,KAAK,EAAE,QAAQ,EAAE,CAAC;QACrD,CAAC;QAED,2CAA2C;QAC3C,IAAI,eAAe,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC/B,MAAM,sBAAsB,CAAC,QAAQ,EAAE,GAAG,EAAE,eAAe,CAAC,CAAC;QAC/D,CAAC;QAED,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,KAAK,EAAE,QAAQ,EAAE,CAAC;IACrD,CAAC;IAAC,MAAM,CAAC;QACP,4CAA4C;QAC5C,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC;IACrD,CAAC;AACH,CAAC;AAED;;GAEG;AACH,KAAK,UAAU,gBAAgB,CAAC,GAAW,EAAE,IAAiB;IAC5D,MAAM,UAAU,GAAG,IAAI,eAAe,EAAE,CAAC;IACzC,MAAM,SAAS,GAAG,UAAU,CAAC,GAAG,EAAE,CAAC,UAAU,CAAC,KAAK,EAAE,EAAE,MAAM,CAAC,CAAC;IAC/D,IAAI,CAAC;QACH,OAAO,MAAM,KAAK,CAAC,GAAG,EAAE,EAAE,GAAG,IAAI,EAAE,MAAM,EAAE,UAAU,CAAC,MAAM,EAAE,CAAC,CAAC;IAClE,CAAC;YAAS,CAAC;QACT,YAAY,CAAC,SAAS,CAAC,CAAC;IAC1B,CAAC;AACH,CAAC;AAED;;;GAGG;AACH,KAAK,UAAU,sBAAsB,CACnC,QAAgB,EAChB,GAAuB,EACvB,eAAuB;IAEvB,IAAI,CAAC,GAAG,CAAC,SAAS;QAAE,OAAO;IAE3B,MAAM,EAAE,iBAAiB,EAAE,GAAG,MAAM,MAAM,CAAC,uBAAuB,CAAC,CAAC;IACpE,MAAM,EAAE,aAAa,EAAE,GAAG,MAAM,MAAM,CAAC,6BAA6B,CAAC,CAAC;IACtE,MAAM,EAAE,YAAY,EAAE,GAAG,MAAM,MAAM,CAAC,4BAA4B,CAAC,CAAC;IAEpE,MAAM,OAAO,GAAG,iBAAiB,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;IACjD,MAAM,eAAe,GAAG,YAAY,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;IAE3D,IAAI,CAAC;QACH,MAAM,WAAW,GAAG,aAAa,CAAC,eAAe,EAAE,OAAO,CAAC,CAAC;QAE5D,MAAM,EAAE,8BAA8B,EAAE,GAAG,MAAM,MAAM,CAAC,2BAA2B,CAAC,CAAC;QACrF,MAAM,EAAE,eAAe,EAAE,GAAG,MAAM,MAAM,CAAC,gCAAgC,CAAC,CAAC;QAC3E,MAAM,EAAE,GAAG,IAAI,eAAe,EAAE,CAAC,aAAa,EAAE,CAAC;QACjD,MAAM,MAAM,GAAG,8BAA8B,CAAC;YAC5C,QAAQ;YACR,UAAU,EAAE,GAAG,CAAC,OAAO,IAAI,SAAS;SACrC,EAAE,EAAE,CAAC,YAAY,CAAC,CAAC;QAEpB,MAAM,MAAM,CAAC,GAAG,CAAC,iBAAiB,EAAE,WAAW,CAAC,CAAC;IACnD,CAAC;YAAS,CAAC;QACT,eAAe,CAAC,OAAO,EAAE,CAAC;IAC5B,CAAC;AACH,CAAC;AAED;;;;;;GAMG;AACH,KAAK,UAAU,gBAAgB,CAC7B,QAAgB,EAChB,GAAuB;IAEvB,IAAI,CAAC,GAAG,CAAC,SAAS;QAAE,OAAO;IAE3B,MAAM,EAAE,8BAA8B,EAAE,GAAG,MAAM,MAAM,CAAC,2BAA2B,CAAC,CAAC;IACrF,MAAM,EAAE,eAAe,EAAE,GAAG,MAAM,MAAM,CAAC,gCAAgC,CAAC,CAAC;IAC3E,MAAM,EAAE,GAAG,IAAI,eAAe,EAAE,CAAC,aAAa,EAAE,CAAC;IACjD,MAAM,MAAM,GAAG,8BAA8B,CAAC;QAC5C,QAAQ;QACR,UAAU,EAAE,GAAG,CAAC,OAAO,IAAI,SAAS;KACrC,EAAE,EAAE,CAAC,YAAY,CAAC,CAAC;IAEpB,MAAM,QAAQ,GAAG,MAAM,MAAM,CAAC,GAAG,CAAC,iBAAiB,CAAC,CAAC;IAErD,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;QACjB,MAAM,IAAI,KAAK,CAAC,mCAAmC,QAAQ,CAAC,MAAM,EAAE,CAAC,CAAC;IACxE,CAAC;IAED,MAAM,WAAW,GAAG,IAAI,UAAU,CAAC,MAAM,QAAQ,CAAC,WAAW,EAAE,CAAC,CAAC;IAEjE,8BAA8B;IAC9B,MAAM,EAAE,iBAAiB,EAAE,GAAG,MAAM,MAAM,CAAC,uBAAuB,CAAC,CAAC;IACpE,MAAM,OAAO,GAAG,iBAAiB,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;IAEjD,IAAI,OAAO,CAAC,IAAI,KAAK,SAAS,EAAE,CAAC;QAC/B,MAAM,EAAE,sBAAsB,EAAE,GAAG,MAAM,MAAM,CAAC,6BAA6B,CAAC,CAAC;QAC/E,kEAAkE;QAClE,sEAAsE;QACtE,yDAAyD;QACzD,wCAAwC;QACxC,IAAI,GAAG,CAAC,OAAO,EAAE,CAAC;YAChB,MAAM,OAAO,GAAG,EAAE,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;YACtD,MAAM,EAAE,gBAAgB,EAAE,GAAG,MAAM,MAAM,CAAC,aAAa,CAAC,CAAC;YACzD,MAAM,MAAM,GAAG,gBAAgB,CAAC,EAAE,GAAG,EAAE,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC,CAAC;YACjE,MAAM,QAAQ,GAAG,MAAM,CAAC,MAAM,CAAC,EAAE,IAAI,EAAE,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC,CAAC;YACjE,mFAAmF;YACnF,mGAAmG;YACnG,MAAM,MAAM,GAAG,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;YACrC,oDAAoD;YACpD,qFAAqF;YACrF,MAAM,UAAU,GAAG,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;YACjE,IAAI,UAAU,KAAK,CAAC,CAAC,EAAE,CAAC;gBACtB,MAAM,IAAI,KAAK,CAAC,iDAAiD,CAAC,CAAC;YACrE,CAAC;YACD,MAAM,IAAI,GAAG,MAAM,CAAC,QAAQ,CAAC,UAAU,GAAG,CAAC,EAAE,UAAU,GAAG,EAAE,CAAC,CAAC;YAE9D,qDAAqD;YACrD,MAAM,MAAM,GAAG,CAAC,MAAM,MAAM,CAAC,eAAe,CAAC,CAAC,CAAC,OAAc,CAAC;YAC9D,MAAM,MAAM,GAAG,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,0BAAoC,CAAC,CAAC;YACzE,MAAM,MAAM,GAAG,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,0BAAoC,CAAC,CAAC;YACzE,MAAM,CAAC,wBAAwB,CAAC,MAAM,EAAE,MAAM,EAAE,IAAI,CAAC,CAAC;YAEtD,MAAM,SAAS,GAAG,sBAAsB,CAAC,WAAW,EAAE,MAAM,EAAE,MAAM,CAAC,CAAC;YAEtE,mBAAmB;YACnB,MAAM,iBAAiB,CAAC,SAAS,CAAC,CAAC;YACnC,SAAS,CAAC,OAAO,EAAE,CAAC;YAEpB,yBAAyB;YACzB,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;YACf,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QACf,CAAC;aAAM,CAAC;YACN,wEAAwE;YACxE,qFAAqF;YACrF,MAAM,IAAI,KAAK,CACb,sEAAsE;gBACtE,0GAA0G,CAC3G,CAAC;QACJ,CAAC;IACH,CAAC;SAAM,CAAC;QACN,aAAa;QACb,MAAM,EAAE,kBAAkB,EAAE,GAAG,MAAM,MAAM,CAAC,6BAA6B,CAAC,CAAC;QAC3E,MAAM,EAAE,gBAAgB,EAAE,GAAG,MAAM,MAAM,CAAC,aAAa,CAAC,CAAC;QACzD,IAAI,CAAC,GAAG,CAAC,OAAO,EAAE,CAAC;YACjB,MAAM,IAAI,KAAK,CAAC,iDAAiD,CAAC,CAAC;QACrE,CAAC;QACD,MAAM,OAAO,GAAG,EAAE,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;QACtD,MAAM,UAAU,GAAG,gBAAgB,CAAC,EAAE,GAAG,EAAE,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC,CAAC;QACrE,MAAM,SAAS,GAAG,kBAAkB,CAAC,WAAW,EAAE,UAAU,CAAC,CAAC;QAC9D,MAAM,iBAAiB,CAAC,SAAS,CAAC,CAAC;QACnC,SAAS,CAAC,OAAO,EAAE,CAAC;IACtB,CAAC;IAED,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,gFAAgF,CAAC,CAAC;AACzG,CAAC;AAED;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,qBAAqB,CAAC,UAAkB;IAC5D,IAAI,CAAC;QACH,MAAM,UAAU,GAAG,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,YAAY,CAAC,UAAU,EAAE,OAAO,CAAC,CAAkB,CAAC;QACrF,IAAI,CAAC,UAAU,CAAC,WAAW;YAAE,OAAO;QAEpC,MAAM,SAAS,GAAG,MAAM,YAAY,EAAE,CAAC;QACvC,IAAI,CAAC,SAAS,CAAC,SAAS;YAAE,OAAO;QAEjC,MAAM,UAAU,GAAG,MAAM,uBAAuB,CAAC,SAAS,EAAE,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;QAE7E,IAAI,UAAU,CAAC,OAAO,IAAI,CAAC,UAAU,CAAC,OAAO,EAAE,CAAC;YAC9C,yDAAyD;YACzD,UAAU,CAAC,WAAW,GAAG,UAAU,CAAC,OAAO,CAAC;YAC5C,UAAU,CAAC,WAAW,GAAG,KAAK,CAAC;YAC/B,IAAI,UAAU,CAAC,QAAQ;gBAAE,UAAU,CAAC,QAAQ,GAAG,UAAU,CAAC,QAAQ,CAAC;YACnE,IAAI,SAAS,CAAC,WAAW;gBAAE,UAAU,CAAC,iBAAiB,GAAG,SAAS,CAAC,WAAW,CAAC;YAChF,EAAE,CAAC,aAAa,CAAC,UAAU,EAAE,IAAI,CAAC,SAAS,CAAC,UAAU,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;QACrF,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,qDAAqD;IACvD,CAAC;AACH,CAAC;AAED,KAAK,UAAU,iBAAiB,CAAC,SAA6B;IAC5D,qDAAqD;IACrD,IAAI,OAAO,CAAC,QAAQ,KAAK,QAAQ,EAAE,CAAC;QAClC,OAAO,CAAC,MAAM,CAAC,KAAK,CAClB,6CAA6C;YAC7C,mFAAmF,CACpF,CAAC;IACJ,CAAC;IAED,MAAM,EAAE,cAAc,EAAE,GAAG,MAAM,MAAM,CAAC,sBAAsB,CAAC,CAAC;IAChE,MAAM,OAAO,GAAG,IAAI,cAAc,EAAE,CAAC;IACrC,MAAM,OAAO,CAAC,KAAK,CAAC,SAAS,EAAE,YAAY,EAAE,SAAuD,CAAC,CAAC;AACxG,CAAC"}
+{"version":3,"file":"bootstrap.js","sourceRoot":"","sources":["../../cli/bootstrap.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,MAAM,SAAS,CAAC;AAC9B,OAAO,KAAK,IAAI,MAAM,WAAW,CAAC;AAClC,OAAO,KAAK,EAAE,MAAM,SAAS,CAAC;AAC9B,OAAO,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAC1C,OAAO,EACL,OAAO,EACP,YAAY,EACZ,iBAAiB,EACjB,iBAAiB,EACjB,qBAAqB,EACrB,iBAAiB,GAGlB,MAAM,kBAAkB,CAAC;AAC1B,OAAO,EAAE,YAAY,EAAE,WAAW,EAAE,MAAM,0BAA0B,CAAC;AAGrE,OAAO,EAAE,oBAAoB,EAAE,MAAM,qBAAqB,CAAC;AAG3D,MAAM,CAAC,MAAM,WAAW,GAAG,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,EAAE,UAAU,CAAC,CAAC;AAC/D,MAAM,CAAC,MAAM,aAAa,GAAG,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,YAAY,CAAC,CAAC;AAElE,0DAA0D;AAC1D,MAAM,CAAC,MAAM,eAAe,GAAG,SAAS,CAAC;AACzC;qDACqD;AACrD,MAAM,CAAC,MAAM,oBAAoB,GAAG,iBAAiB,CAAC;AACtD,MAAM,CAAC,MAAM,oBAAoB,GAAG,iBAAiB,CAAC;AAOtD,SAAS,UAAU,CAAC,OAAgB;IAClC,OAAO,OAAO,IAAI,WAAW,CAAC;AAChC,CAAC;AAED;;;;;;;;GAQG;AACH,KAAK,UAAU,YAAY,CAAC,OAAe;IAIzC,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,mBAAmB,KAAK,MAAM,CAAC;IAC5D,IAAI,QAAQ,EAAE,CAAC;QACb,MAAM,KAAK,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,SAAS,CAAC,CAAC;QAC5C,EAAE,CAAC,SAAS,CAAC,KAAK,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;QACtD,OAAO;YACL,OAAO,EAAE,IAAI,iBAAiB,CAAC,EAAE,IAAI,EAAE,KAAK,EAAE,CAA2B;YACzE,IAAI,EAAE,MAAM;SACb,CAAC;IACJ,CAAC;IACD,uEAAuE;IACvE,OAAO;QACL,OAAO,EAAE,IAAI,iBAAiB,CAAa;YACzC,OAAO,EAAE,eAAe;YACxB,aAAa,EAAE,CAAC,UAAU,CAAU;SACrC,CAAC;QACF,IAAI,EAAE,aAAa;KACpB,CAAC;AACJ,CAAC;AAED;;;;;;;;;;;GAWG;AACH,MAAM,CAAC,KAAK,UAAU,SAAS,CAAC,OAA0B;IACxD,MAAM,UAAU,GAAG,UAAU,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;IAChD,MAAM,UAAU,GAAG,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,aAAa,CAAC,CAAC;IACxD,MAAM,SAAS,GAAG,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,QAAQ,CAAC,CAAC;IAElD,gCAAgC;IAChC,IAAI,EAAE,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;QAC9B,OAAO;IACT,CAAC;IAED,MAAM,WAAW,GAAG,MAAM,oBAAoB,CAAC,UAAU,CAAC,CAAC;IAC3D,IAAI,CAAC;QACH,mFAAmF;QACnF,IAAI,EAAE,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;YAC9B,OAAO;QACT,CAAC;QAED,gCAAgC;QAChC,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;YAC/B,EAAE,CAAC,SAAS,CAAC,UAAU,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;QAC7D,CAAC;QACD,EAAE,CAAC,SAAS,CAAC,UAAU,EAAE,KAAK,CAAC,CAAC;QAEhC,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;YAC9B,EAAE,CAAC,SAAS,CAAC,SAAS,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;QAC5D,CAAC;QAED,wEAAwE;QACxE,MAAM,SAAS,GAAG,MAAM,YAAY,CAAC,UAAU,CAAC,CAAC;QAEjD,sEAAsE;QACtE,2DAA2D;QAC3D,MAAM,WAAW,GAAG,IAAI,UAAU,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC,CAAC;QACpD,MAAM,QAAQ,GAAG,YAAY,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,CAAC;QAC7D,MAAM,MAAM,GAAc,WAAW,CAAC,QAAQ,CAAC,CAAC;QAEhD,qEAAqE;QACrE,MAAM,aAAa,GAAG,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;QAC/C,WAAW,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAEpB,+DAA+D;QAC/D,IAAI,SAAS,GAAG,KAAK,CAAC;QACtB,IAAI,CAAC;YACH,IAAI,SAAS,CAAC,SAAS,EAAE,CAAC;gBACxB,MAAM,IAAI,GAAG,YAAY,CAAC,UAAU,CAAC,SAAS,CAAC,SAAS,CAAC,CAAC;gBAC1D,MAAM,EAAE,OAAO,EAAE,GAAG,MAAM,YAAY,CAAC,UAAU,CAAC,CAAC;gBACnD,MAAM,IAAI,GAAG,IAAI,OAAO,CAAC,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC,CAAC;gBAC5C,MAAM,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;gBACzB,SAAS,GAAG,IAAI,CAAC;gBAEjB,IAAI,OAAO,CAAC,QAAQ,KAAK,QAAQ,EAAE,CAAC;oBAClC,OAAO,CAAC,MAAM,CAAC,KAAK,CAClB,6CAA6C;wBAC3C,mFAAmF,CACtF,CAAC;gBACJ,CAAC;YACH,CAAC;QACH,CAAC;QAAC,OAAO,YAAY,EAAE,CAAC;YACtB,2DAA2D;YAC3D,IAAI,OAAO,CAAC,GAAG,CAAC,mBAAmB,KAAK,MAAM,IAAI,YAAY,YAAY,qBAAqB,EAAE,CAAC;gBAChG,OAAO,CAAC,MAAM,CAAC,KAAK,CAClB,6CAA6C;oBAC3C,aAAa;oBACb,kBAAkB;oBAClB,8GAA8G,CACjH,CAAC;gBACF,EAAE,CAAC,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,YAAY,CAAC,EAAE,aAAa,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE;oBACnF,IAAI,EAAE,KAAK;iBACZ,CAAC,CAAC;gBACH,SAAS,GAAG,IAAI,CAAC;YACnB,CAAC;iBAAM,CAAC;gBACN,MAAM,CAAC,OAAO,EAAE,CAAC;gBACjB,aAAa,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;gBACtB,MAAM,IAAI,KAAK,CACb,6CAA6C,YAAY,YAAY,KAAK,CAAC,CAAC,CAAC,YAAY,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,YAAY,CAAC,MAAM;oBAC5H,0BAA0B;oBAC1B,oHAAoH;oBACpH,gFAAgF,CACnF,CAAC;YACJ,CAAC;QACH,CAAC;QAED,IAAI,CAAC,SAAS,IAAI,CAAC,SAAS,CAAC,SAAS,EAAE,CAAC;YACvC,kEAAkE;YAClE,+CAA+C;YAC/C,IAAI,OAAO,CAAC,GAAG,CAAC,mBAAmB,KAAK,MAAM,EAAE,CAAC;gBAC/C,EAAE,CAAC,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,YAAY,CAAC,EAAE,aAAa,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE;oBACnF,IAAI,EAAE,KAAK;iBACZ,CAAC,CAAC;YACL,CAAC;iBAAM,CAAC;gBACN,MAAM,CAAC,OAAO,EAAE,CAAC;gBACjB,aAAa,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;gBACtB,MAAM,IAAI,KAAK,CACb,yDAAyD;oBACvD,+DAA+D,CAClE,CAAC;YACJ,CAAC;QACH,CAAC;QAED,MAAM,CAAC,OAAO,EAAE,CAAC;QAEjB,yBAAyB;QACzB,MAAM,EAAE,eAAe,EAAE,GAAG,MAAM,MAAM,CAAC,gCAAgC,CAAC,CAAC;QAC3E,MAAM,SAAS,GAAG,IAAI,eAAe,CAAC,UAAU,CAAC,CAAC;QAClD,MAAM,EAAE,GAAG,SAAS,CAAC,aAAa,EAAE,CAAC;QACrC,EAAE,CAAC,KAAK,EAAE,CAAC;QACX,SAAS,CAAC,QAAQ,EAAE,CAAC;QAErB,8CAA8C;QAC9C,MAAM,UAAU,GAAG,MAAM,uBAAuB,CAAC,SAAS,EAAE,aAAa,EAAE,UAAU,CAAC,CAAC;QAEvF,gBAAgB;QAChB,aAAa,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAEtB,kBAAkB;QAClB,MAAM,MAAM,GAAkB;YAC5B,YAAY,EAAE,UAAU;YACxB,QAAQ,EAAE,EAAE;YACZ,WAAW,EAAE,UAAU,CAAC,OAAO;YAC/B,WAAW,EAAE,UAAU,CAAC,OAAO;YAC/B,GAAG,CAAC,UAAU,CAAC,QAAQ,IAAI,EAAE,QAAQ,EAAE,UAAU,CAAC,QAAQ,EAAE,CAAC;YAC7D,GAAG,CAAC,SAAS,CAAC,WAAW,IAAI,EAAE,iBAAiB,EAAE,SAAS,CAAC,WAAW,EAAE,CAAC;YAC1E,GAAG,CAAC,SAAS,CAAC,OAAO,IAAI,EAAE,UAAU,EAAE,SAAS,CAAC,OAAO,EAAE,CAAC;SAC5D,CAAC;QACF,EAAE,CAAC,aAAa,CAAC,UAAU,EAAE,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;QAE/E,qBAAqB;QACrB,IAAI,UAAU,CAAC,OAAO,EAAE,CAAC;YACvB,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,8DAA8D,CAAC,CAAC;QACvF,CAAC;aAAM,IAAI,UAAU,CAAC,OAAO,EAAE,CAAC;YAC9B,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,uDAAuD,CAAC,CAAC;QAChF,CAAC;aAAM,IAAI,CAAC,SAAS,CAAC,SAAS,EAAE,CAAC;YAChC,OAAO,CAAC,MAAM,CAAC,KAAK,CAClB,wEAAwE;gBACtE,yEAAyE;gBACzE,yCAAyC,CAC5C,CAAC;QACJ,CAAC;IACH,CAAC;YAAS,CAAC;QACT,WAAW,EAAE,CAAC;IAChB,CAAC;AACH,CAAC;AAWD;;;;;GAKG;AACH,KAAK,UAAU,YAAY,CAAC,OAAe;IACzC,kBAAkB;IAClB,IAAI,OAAO,CAAC,GAAG,CAAC,YAAY,KAAK,KAAK,EAAE,CAAC;QACvC,OAAO,EAAE,SAAS,EAAE,IAAI,EAAE,WAAW,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,MAAM,EAAE,CAAC;IAC/E,CAAC;IAED,sBAAsB;IACtB,IAAI,OAAO,CAAC,GAAG,CAAC,aAAa,EAAE,CAAC;QAC9B,IAAI,CAAC;YACH,MAAM,EAAE,gBAAgB,EAAE,GAAG,MAAM,MAAM,CAAC,wBAAwB,CAAC,CAAC;YACpE,MAAM,IAAI,GAAG,MAAM,gBAAgB,EAAE,CAAC;YAEtC,0BAA0B;YAC1B,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,SAAS,CAAC,CAAC;YACvD,MAAM,GAAG,GAAG,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,KAAK,CAAC,CAAC;YAC/C,MAAM,MAAM,GAAG,OAAO,IAAI,GAAG,CAAC;YAE9B,IAAI,MAAM,EAAE,CAAC;gBACX,OAAO;oBACL,SAAS,EAAE,OAAO,MAAM,CAAC,IAAI,KAAK,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,KAAK,IAAI,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,cAAc,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE;oBAC1H,WAAW,EAAE,MAAM,CAAC,WAAW;oBAC/B,OAAO,EAAE,IAAI;oBACb,MAAM,EAAE,OAAO;iBAChB,CAAC;YACJ,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,6DAA6D;QAC/D,CAAC;IACH,CAAC;IAED,iBAAiB;IACjB,MAAM,MAAM,GAAG,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,EAAE,MAAM,CAAC,CAAC;IAC/C,MAAM,UAAU,GAAG;QACjB,EAAE,IAAI,EAAE,gBAAgB,EAAE,OAAO,EAAE,YAAY,EAAE;QACjD,EAAE,IAAI,EAAE,YAAY,EAAE,OAAO,EAAE,QAAQ,EAAE;KAC1C,CAAC;IAEF,KAAK,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,UAAU,EAAE,CAAC;QAC3C,MAAM,UAAU,GAAG,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;QAC3C,IAAI,EAAE,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;YAC9B,IAAI,CAAC;gBACH,MAAM,OAAO,GAAG,EAAE,CAAC,YAAY,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC,IAAI,EAAE,CAAC;gBAC5D,MAAM,MAAM,GAAG,iBAAiB,CAAC,OAAO,CAAC,CAAC;gBAC1C,OAAO;oBACL,SAAS,EAAE,OAAO;oBAClB,WAAW,EAAE,MAAM,CAAC,WAAW;oBAC/B,OAAO,EAAE,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,OAAO,CAAC;oBACnC,MAAM,EAAE,MAAM;iBACf,CAAC;YACJ,CAAC;YAAC,MAAM,CAAC;gBACP,4BAA4B;gBAC5B,SAAS;YACX,CAAC;QACH,CAAC;IACH,CAAC;IAED,8DAA8D;IAC9D,IAAI,CAAC;QACH,MAAM,QAAQ,GAAG,MAAM,mBAAmB,CAAC,OAAO,CAAC,CAAC;QACpD,IAAI,QAAQ;YAAE,OAAO,QAAQ,CAAC;IAChC,CAAC;IAAC,MAAM,CAAC;QACP,8CAA8C;IAChD,CAAC;IAED,OAAO,EAAE,SAAS,EAAE,IAAI,EAAE,WAAW,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,MAAM,EAAE,CAAC;AAC/E,CAAC;AAED;;;;;;;;;;;GAWG;AACH,KAAK,UAAU,mBAAmB,CAAC,QAAgB;IACjD,MAAM,MAAM,GAAG,CAAC,MAAM,MAAM,CAAC,eAAe,CAAC,CAAC,CAAC,OAI9C,CAAC;IAEF,MAAM,EAAE,GAAG,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,0BAA0B,CAAC,CAAC;IAC3D,MAAM,EAAE,GAAG,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,0BAA0B,CAAC,CAAC;IAC3D,MAAM,CAAC,mBAAmB,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC;IAEnC,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,IAAI,iBAAiB,CAAa;YAChD,OAAO,EAAE,eAAe;YACxB,aAAa,EAAE,CAAC,UAAU,CAAU;SACrC,CAAC,CAAC;QACH,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;QACrC,MAAM,SAAS,GAAe;YAC5B,CAAC,EAAE,CAAC;YACJ,IAAI,EAAE,UAAU;YAChB,QAAQ,EAAE,IAAI,UAAU,CAAC,EAAE,CAAC;YAC5B,EAAE,EAAE,GAAG;SACR,CAAC;QACF,MAAM,SAAS,GAAe;YAC5B,CAAC,EAAE,CAAC;YACJ,IAAI,EAAE,UAAU;YAChB,QAAQ,EAAE,IAAI,UAAU,CAAC,EAAE,CAAC;YAC5B,EAAE,EAAE,GAAG;SACR,CAAC;QACF,MAAM,OAAO,CAAC,GAAG,CAAC,oBAAoB,EAAE,SAAS,CAAC,CAAC;QACnD,MAAM,OAAO,CAAC,GAAG,CAAC,oBAAoB,EAAE,SAAS,CAAC,CAAC;IACrD,CAAC;IAAC,MAAM,CAAC;QACP,EAAE,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QACX,OAAO,IAAI,CAAC;IACd,CAAC;IAED,gCAAgC;IAChC,MAAM,EAAE,UAAU,EAAE,GAAG,MAAM,MAAM,CAAC,aAAa,CAAC,CAAC;IACnD,MAAM,OAAO,GAAG,MAAM,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;IAC3C,MAAM,OAAO,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,OAAO,EAAE,QAAQ,CAAC,EAAE,CAAC,MAAM,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC;IAC5F,MAAM,UAAU,GAAG,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;IAC9C,MAAM,WAAW,GACf,SAAS,GAAG,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;IAEvF,EAAE,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAEX,OAAO;QACL,SAAS,EAAE,eAAe,UAAU,EAAE;QACtC,WAAW;QACX,OAAO,EAAE,IAAI;QACb,MAAM,EAAE,MAAM,EAAE,4DAA4D;KAC7E,CAAC;AACJ,CAAC;AAED,SAAS,QAAQ,CAAC,CAAS;IACzB,MAAM,GAAG,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;IAC5B,GAAG,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC;IACrB,OAAO,GAAG,CAAC;AACb,CAAC;AAUD,MAAM,qBAAqB,GAAG,0BAA0B,CAAC;AAEzD;;;;;GAKG;AACH,KAAK,UAAU,uBAAuB,CACpC,GAAuB,EACvB,eAAuB,EACvB,OAAe;IAEf,IAAI,OAAO,CAAC,GAAG,CAAC,YAAY,KAAK,KAAK,IAAI,CAAC,GAAG,CAAC,SAAS,EAAE,CAAC;QACzD,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,OAAO,EAAE,KAAK,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;IAC5D,CAAC;IAED,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,qBAAqB,IAAI,qBAAqB,CAAC;IAE5E,gEAAgE;IAChE,mDAAmD;IACnD,MAAM,KAAK,GAAG,GAAG,CAAC,SAAS,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;IACzC,MAAM,eAAe,GAAG,KAAK,CAAC,MAAM,IAAI,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,SAAS,CAAC;IAErE,IAAI,CAAC;QACH,yCAAyC;QACzC,MAAM,YAAY,GAAG,MAAM,gBAAgB,CAAC,GAAG,QAAQ,wBAAwB,EAAE;YAC/E,MAAM,EAAE,KAAK;SACd,CAAC,CAAC;QAEH,IAAI,CAAC,YAAY,CAAC,EAAE,EAAE,CAAC;YACrB,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC;QACrD,CAAC;QAED,MAAM,EAAE,SAAS,EAAE,GAAG,CAAC,MAAM,YAAY,CAAC,IAAI,EAAE,CAA0B,CAAC;QAE3E,uFAAuF;QACvF,MAAM,EAAE,SAAS,EAAE,GAAG,MAAM,MAAM,CAAC,uBAAuB,CAAC,CAAC;QAC5D,MAAM,MAAM,GAAG,IAAI,SAAS,CAAC,GAAG,CAAC,OAAO,IAAI,SAAS,CAAC,CAAC;QACvD,MAAM,EAAE,SAAS,EAAE,eAAe,EAAE,SAAS,EAAE,eAAe,EAAE,GAC9D,MAAM,MAAM,CAAC,yBAAyB,CAAC,SAAS,CAAC,CAAC;QAEpD,sEAAsE;QACtE,MAAM,YAAY,GAAG,eAAe,IAAI,eAAe,CAAC;QAExD,yCAAyC;QACzC,MAAM,QAAQ,GAAG,MAAM,gBAAgB,CAAC,GAAG,QAAQ,mBAAmB,EAAE;YACtE,MAAM,EAAE,MAAM;YACd,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;YAC/C,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;gBACnB,SAAS,EAAE,YAAY;gBACvB,eAAe;gBACf,cAAc,EAAE,SAAS;aAC1B,CAAC;SACH,CAAC,CAAC;QAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;YACjB,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;YACrD,MAAM,MAAM,GAAI,IAAgC,CAAC,MAAM,CAAC;YAExD,IAAI,MAAM,KAAK,eAAe,EAAE,CAAC;gBAC/B,OAAO,CAAC,MAAM,CAAC,KAAK,CAClB,sEAAsE;oBACpE,sEAAsE,CACzE,CAAC;gBACF,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,OAAO,EAAE,KAAK,EAAE,QAAQ,EAAE,CAAC;YACtD,CAAC;YAED,qEAAqE;YACrE,IAAK,IAAgC,CAAC,KAAK,KAAK,oBAAoB,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;gBAChG,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,KAAK,EAAE,QAAQ,EAAE,CAAC;YACrD,CAAC;YAED,kDAAkD;YAClD,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC;QACrD,CAAC;QAED,MAAM,SAAS,GAAG,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAwC,CAAC;QAEjF,qEAAqE;QACrE,IAAI,SAAS,CAAC,MAAM,KAAK,UAAU,EAAE,CAAC;YACpC,MAAM,gBAAgB,CAAC,QAAQ,EAAE,GAAG,EAAE,OAAO,CAAC,CAAC;YAC/C,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,KAAK,EAAE,QAAQ,EAAE,CAAC;QACrD,CAAC;QAED,2CAA2C;QAC3C,IAAI,eAAe,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC/B,MAAM,sBAAsB,CAAC,QAAQ,EAAE,GAAG,EAAE,eAAe,EAAE,OAAO,CAAC,CAAC;QACxE,CAAC;QAED,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,KAAK,EAAE,QAAQ,EAAE,CAAC;IACrD,CAAC;IAAC,MAAM,CAAC;QACP,4CAA4C;QAC5C,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC;IACrD,CAAC;AACH,CAAC;AAED;;GAEG;AACH,KAAK,UAAU,gBAAgB,CAAC,GAAW,EAAE,IAAiB;IAC5D,MAAM,UAAU,GAAG,IAAI,eAAe,EAAE,CAAC;IACzC,MAAM,SAAS,GAAG,UAAU,CAAC,GAAG,EAAE,CAAC,UAAU,CAAC,KAAK,EAAE,EAAE,MAAM,CAAC,CAAC;IAC/D,IAAI,CAAC;QACH,OAAO,MAAM,KAAK,CAAC,GAAG,EAAE,EAAE,GAAG,IAAI,EAAE,MAAM,EAAE,UAAU,CAAC,MAAM,EAAE,CAAC,CAAC;IAClE,CAAC;YAAS,CAAC;QACT,YAAY,CAAC,SAAS,CAAC,CAAC;IAC1B,CAAC;AACH,CAAC;AAED;;;GAGG;AACH,KAAK,UAAU,sBAAsB,CACnC,QAAgB,EAChB,GAAuB,EACvB,eAAuB,EACvB,QAAgB;IAEhB,IAAI,CAAC,GAAG,CAAC,SAAS;QAAE,OAAO;IAE3B,MAAM,IAAI,GAAG,YAAY,CAAC,UAAU,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;IACpD,MAAM,QAAQ,GAAG,YAAY,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC,CAAC;IACjE,MAAM,MAAM,GAAG,WAAW,CAAC,QAAQ,CAAC,CAAC;IACrC,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QACxC,kEAAkE;QAClE,sEAAsE;QACtE,eAAe;QACf,MAAM,EAAE,8BAA8B,EAAE,GAAG,MAAM,MAAM,CAAC,2BAA2B,CAAC,CAAC;QACrF,MAAM,EAAE,eAAe,EAAE,GAAG,MAAM,MAAM,CAAC,gCAAgC,CAAC,CAAC;QAC3E,MAAM,EAAE,GAAG,IAAI,eAAe,EAAE,CAAC,aAAa,EAAE,CAAC;QACjD,MAAM,MAAM,GAAG,8BAA8B,CAC3C;YACE,QAAQ;YACR,UAAU,EAAE,GAAG,CAAC,OAAO,IAAI,SAAS;SACrC,EACD,EAAE,CAAC,YAAY,CAChB,CAAC;QAEF,MAAM,MAAM,CAAC,GAAG,CAAC,iBAAiB,EAAE,OAAO,CAAC,QAAQ,CAAC,CAAC;IACxD,CAAC;YAAS,CAAC;QACT,MAAM,CAAC,OAAO,EAAE,CAAC;IACnB,CAAC;AACH,CAAC;AAED;;;;;;;;;GASG;AACH,KAAK,UAAU,gBAAgB,CAC7B,QAAgB,EAChB,GAAuB,EACvB,OAAe;IAEf,IAAI,CAAC,GAAG,CAAC,SAAS;QAAE,OAAO;IAE3B,MAAM,EAAE,8BAA8B,EAAE,GAAG,MAAM,MAAM,CAAC,2BAA2B,CAAC,CAAC;IACrF,MAAM,EAAE,eAAe,EAAE,GAAG,MAAM,MAAM,CAAC,gCAAgC,CAAC,CAAC;IAC3E,MAAM,EAAE,GAAG,IAAI,eAAe,EAAE,CAAC,aAAa,EAAE,CAAC;IACjD,MAAM,MAAM,GAAG,8BAA8B,CAC3C;QACE,QAAQ;QACR,UAAU,EAAE,GAAG,CAAC,OAAO,IAAI,SAAS;KACrC,EACD,EAAE,CAAC,YAAY,CAChB,CAAC;IAEF,MAAM,QAAQ,GAAG,MAAM,MAAM,CAAC,GAAG,CAAC,iBAAiB,CAAC,CAAC;IAErD,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;QACjB,MAAM,IAAI,KAAK,CAAC,mCAAmC,QAAQ,CAAC,MAAM,EAAE,CAAC,CAAC;IACxE,CAAC;IAED,MAAM,oBAAoB,GAAG,IAAI,UAAU,CAAC,MAAM,QAAQ,CAAC,WAAW,EAAE,CAAC,CAAC;IAE1E,iDAAiD;IACjD,MAAM,OAAO,GAAe;QAC1B,CAAC,EAAE,CAAC;QACJ,IAAI,EAAE,UAAU;QAChB,QAAQ,EAAE,oBAAoB;QAC9B,cAAc,EAAE,GAAG,CAAC,WAAW,IAAI,SAAS;QAC5C,EAAE,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;KAC7B,CAAC;IAEF,MAAM,EAAE,OAAO,EAAE,GAAG,MAAM,YAAY,CAAC,OAAO,CAAC,CAAC;IAChD,MAAM,OAAO,CAAC,GAAG,CAAC,YAAY,EAAE,OAAO,CAAC,CAAC;IAEzC,wEAAwE;IACxE,uEAAuE;IACvE,wCAAwC;IACxC,IAAI,GAAG,CAAC,OAAO,EAAE,CAAC;QAChB,IAAI,CAAC;YACH,MAAM,GAAG,GAAG,EAAE,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;YAClD,MAAM,IAAI,GAAG,YAAY,CAAC,UAAU,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;YACpD,MAAM,IAAI,GAAG,IAAI,OAAO,CAAC,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC,CAAC;YAC5C,MAAM,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,CAAC;YACjC,MAAM,IAAI,CAAC,IAAI,EAAE,CAAC;QACpB,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,gEAAgE;YAChE,gEAAgE;YAChE,+CAA+C;YAC/C,OAAO,CAAC,MAAM,CAAC,KAAK,CAClB,yDAAyD,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,IAAI,CAC9G,CAAC;QACJ,CAAC;IACH,CAAC;IAED,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,gFAAgF,CAAC,CAAC;AACzG,CAAC;AAED;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,qBAAqB,CAAC,UAAkB;IAC5D,IAAI,CAAC;QACH,MAAM,UAAU,GAAG,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,YAAY,CAAC,UAAU,EAAE,OAAO,CAAC,CAAkB,CAAC;QACrF,IAAI,CAAC,UAAU,CAAC,WAAW;YAAE,OAAO;QAEpC,MAAM,OAAO,GAAG,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;QACzC,MAAM,SAAS,GAAG,MAAM,YAAY,CAAC,OAAO,CAAC,CAAC;QAC9C,IAAI,CAAC,SAAS,CAAC,SAAS;YAAE,OAAO;QAEjC,MAAM,UAAU,GAAG,MAAM,uBAAuB,CAAC,SAAS,EAAE,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,OAAO,CAAC,CAAC;QAEtF,IAAI,UAAU,CAAC,OAAO,IAAI,CAAC,UAAU,CAAC,OAAO,EAAE,CAAC;YAC9C,yDAAyD;YACzD,UAAU,CAAC,WAAW,GAAG,UAAU,CAAC,OAAO,CAAC;YAC5C,UAAU,CAAC,WAAW,GAAG,KAAK,CAAC;YAC/B,IAAI,UAAU,CAAC,QAAQ;gBAAE,UAAU,CAAC,QAAQ,GAAG,UAAU,CAAC,QAAQ,CAAC;YACnE,IAAI,SAAS,CAAC,WAAW;gBAAE,UAAU,CAAC,iBAAiB,GAAG,SAAS,CAAC,WAAW,CAAC;YAChF,EAAE,CAAC,aAAa,CAAC,UAAU,EAAE,IAAI,CAAC,SAAS,CAAC,UAAU,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;QACrF,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,qDAAqD;IACvD,CAAC;AACH,CAAC"}

package/dist/cli/commands/config.d.ts

@@ -1,13 +1,39 @@
+import { type WrappedKey } from '@de-otio/keyring';
 /**
  * Upgrade security tier.
  *
- * Standard → Maximum: re-wrap master key under Argon2id-derived key from passphrase.
- * Enhanced → Maximum: same as above, with note that mnemonic is invalidated.
+ * Standard → Maximum: unlock master via the current Standard tier,
+ * then re-wrap under a passphrase-derived KEK via keyring's `MaximumTier`.
  *
- * Note: The Enhanced tier (BIP39 mnemonic) is deprecated. New upgrades only
- * support "maximum". Existing Enhanced-tier users can still upgrade to Maximum.
+ * Note: The Enhanced tier (BIP39 mnemonic) is deprecated. New upgrades
+ * only support "maximum".
  */
 export declare function upgradeTierCommand(tier: string, options?: {
     dryRun?: boolean;
 }): Promise<void>;
+/** Parse the serialised form back into a WrappedKey. */
+export declare function parseWrappedKey(json: string): WrappedKey;
+export interface SafetyCommandOptions {
+    show?: boolean;
+    strict?: boolean;
+    noStrict?: boolean;
+    urlhaus?: boolean;
+    noUrlhaus?: boolean;
+    gsbKey?: string;
+    clearGsbKey?: boolean;
+    spamhausDbl?: boolean;
+    noSpamhausDbl?: boolean;
+    remoteTimeoutMs?: string;
+    injectionPolicy?: string;
+    secretsPolicy?: string;
+    reset?: boolean;
+}
+/**
+ * `chaoskb-mcp config safety [flags]`
+ *
+ * Show or update the safety-checker configuration. Each flag is
+ * independently applied; unset flags leave the existing value alone.
+ * `--reset` clears the entire safety section back to defaults.
+ */
+export declare function safetyCommand(options: SafetyCommandOptions): Promise<void>;
 //# sourceMappingURL=config.d.ts.map

package/dist/cli/commands/config.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../../../cli/commands/config.ts"],"names":[],"mappings":"AAqBA;;;;;;;;GAQG;AACH,wBAAsB,kBAAkB,CAAC,IAAI,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE;IAAE,MAAM,CAAC,EAAE,OAAO,CAAA;CAAE,GAAG,OAAO,CAAC,IAAI,CAAC,CAsEpG"}
+{"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../../../cli/commands/config.ts"],"names":[],"mappings":"AAIA,OAAO,EAOL,KAAK,UAAU,EAChB,MAAM,kBAAkB,CAAC;AAgD1B;;;;;;;;GAQG;AACH,wBAAsB,kBAAkB,CACtC,IAAI,EAAE,MAAM,EACZ,OAAO,CAAC,EAAE;IAAE,MAAM,CAAC,EAAE,OAAO,CAAA;CAAE,GAC7B,OAAO,CAAC,IAAI,CAAC,CA6Df;AAoID,wDAAwD;AACxD,wBAAgB,eAAe,CAAC,IAAI,EAAE,MAAM,GAAG,UAAU,CA8CxD;AAoBD,MAAM,WAAW,oBAAoB;IACnC,IAAI,CAAC,EAAE,OAAO,CAAC;IACf,MAAM,CAAC,EAAE,OAAO,CAAC;IACjB,QAAQ,CAAC,EAAE,OAAO,CAAC;IACnB,OAAO,CAAC,EAAE,OAAO,CAAC;IAClB,SAAS,CAAC,EAAE,OAAO,CAAC;IACpB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,WAAW,CAAC,EAAE,OAAO,CAAC;IACtB,WAAW,CAAC,EAAE,OAAO,CAAC;IACtB,aAAa,CAAC,EAAE,OAAO,CAAC;IACxB,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,KAAK,CAAC,EAAE,OAAO,CAAC;CACjB;AA6BD;;;;;;GAMG;AACH,wBAAsB,aAAa,CAAC,OAAO,EAAE,oBAAoB,GAAG,OAAO,CAAC,IAAI,CAAC,CAgFhF"}