@dollhousemcp/mcp-server 1.3.0

package/dist/src/security/InputValidator.js

@@ -0,0 +1,381 @@
+/**
+ * Input validation and sanitization functions
+ */
+import * as path from 'path';
+import { SECURITY_LIMITS, VALIDATION_PATTERNS } from './constants.js';
+import { VALID_CATEGORIES } from '../config/constants.js';
+/**
+ * Enhanced input validation for MCP tools
+ */
+export class MCPInputValidator {
+    /**
+     * Validate a persona identifier (name or filename)
+     */
+    static validatePersonaIdentifier(identifier) {
+        if (!identifier || typeof identifier !== 'string') {
+            throw new Error('Persona identifier must be a non-empty string');
+        }
+        if (identifier.length > 100) {
+            throw new Error('Persona identifier too long (max 100 characters)');
+        }
+        // Allow persona names and filenames
+        const sanitized = sanitizeInput(identifier, 100);
+        if (!sanitized) {
+            throw new Error('Persona identifier contains only invalid characters');
+        }
+        return sanitized;
+    }
+    /**
+     * Validate search query for marketplace
+     */
+    static validateSearchQuery(query) {
+        if (!query || typeof query !== 'string') {
+            throw new Error('Search query must be a non-empty string');
+        }
+        if (query.length < 2) {
+            throw new Error('Search query too short (minimum 2 characters)');
+        }
+        if (query.length > 200) {
+            throw new Error('Search query too long (max 200 characters)');
+        }
+        // Sanitize but preserve spaces for search
+        const sanitized = query
+            .replace(/[\x00-\x1F\x7F]/g, '') // Remove control characters
+            .replace(/[<>'"&]/g, '') // Remove HTML-dangerous characters
+            .replace(/[;&|`$()!\\~*?{}]/g, '') // Remove shell metacharacters (expanded)
+            .replace(/[\u202E\uFEFF]/g, '') // Remove RTL override and zero-width chars
+            .trim();
+        if (!sanitized) {
+            throw new Error('Search query contains only invalid characters');
+        }
+        return sanitized;
+    }
+    /**
+     * Validate marketplace path
+     */
+    static validateMarketplacePath(path) {
+        if (!path || typeof path !== 'string') {
+            throw new Error('Marketplace path must be a non-empty string');
+        }
+        if (path.length > 500) {
+            throw new Error('Marketplace path too long (max 500 characters)');
+        }
+        // GitHub API paths should be safe filename patterns (efficient validation)
+        // Check each character to avoid ReDoS vulnerabilities
+        for (let i = 0; i < path.length; i++) {
+            const char = path[i];
+            if (!/[a-zA-Z0-9\/\-_.]/.test(char)) {
+                throw new Error(`Invalid character '${char}' in marketplace path at position ${i + 1}`);
+            }
+        }
+        // Prevent path traversal in GitHub paths (comprehensive check)
+        const pathLower = path.toLowerCase();
+        const encodedPath = decodeURIComponent(path.replace(/\+/g, ' ')); // Decode URL encoding
+        // Check for various path traversal patterns
+        const traversalPatterns = [
+            '..', // Basic traversal
+            './', // Current directory
+            '/../', // Directory traversal with slashes
+            '\\', // Backslash (Windows-style)
+            '%2e%2e', // URL-encoded ..
+            '%2e%2e%2f', // URL-encoded ../
+            '%2e%2e%5c', // URL-encoded ..\
+            '%252e%252e', // Double URL-encoded ..
+            '..%2f', // Mixed encoding
+            '..%5c', // Mixed encoding with backslash
+            '..../', // Dotdot bypass attempt
+            '..;/', // Semicolon bypass attempt
+        ];
+        for (const pattern of traversalPatterns) {
+            if (pathLower.includes(pattern) || encodedPath.toLowerCase().includes(pattern)) {
+                throw new Error('Path traversal not allowed in marketplace path');
+            }
+        }
+        return path;
+    }
+    /**
+     * Validate URL for import operations
+     */
+    static validateImportUrl(url) {
+        if (!url || typeof url !== 'string') {
+            throw new Error('URL must be a non-empty string');
+        }
+        if (url.length > 2000) {
+            throw new Error('URL too long (max 2000 characters)');
+        }
+        // Reject protocol-relative URLs that could bypass validation
+        if (url.startsWith('//')) {
+            throw new Error('Protocol-relative URLs are not allowed');
+        }
+        try {
+            // Decode URL to prevent encoding-based bypasses
+            let decodedUrl = url;
+            try {
+                decodedUrl = decodeURIComponent(url);
+            }
+            catch {
+                // If decoding fails, use original URL
+            }
+            const parsed = new URL(decodedUrl);
+            // Protocol validation
+            if (!['http:', 'https:'].includes(parsed.protocol)) {
+                throw new Error('Only HTTP(S) URLs are allowed');
+            }
+            // Enhanced SSRF protection with IDN normalization
+            let hostname = parsed.hostname.toLowerCase();
+            // Handle IDN (International Domain Names) by converting to ASCII
+            try {
+                const idnNormalized = new URL(`http://${hostname}`).hostname;
+                hostname = idnNormalized;
+            }
+            catch (idnError) {
+                // If IDN conversion fails, reject the URL for security
+                throw new Error('Invalid hostname: IDN conversion failed - potentially malicious domain name');
+            }
+            // Check for private IPs (now with IDN-normalized hostname)
+            if (this.isPrivateIP(hostname)) {
+                throw new Error('Private network URLs are not allowed');
+            }
+            // Additional SSRF checks for encoded IPs
+            if (this.isEncodedPrivateIP(hostname)) {
+                throw new Error('Encoded private network URLs are not allowed');
+            }
+            return url;
+        }
+        catch (error) {
+            if (error instanceof Error && (error.message.includes('Private network') || error.message.includes('Encoded private'))) {
+                throw error;
+            }
+            const errorMessage = error instanceof Error ? error.message : 'Unknown error';
+            throw new Error(`Invalid URL format: ${errorMessage}`);
+        }
+    }
+    /**
+     * Validate expiry days for sharing
+     */
+    static validateExpiryDays(days) {
+        if (typeof days !== 'number') {
+            throw new Error('Expiry days must be a valid number');
+        }
+        if (isNaN(days) || !isFinite(days)) {
+            throw new Error('Expiry days must be a valid number');
+        }
+        if (days < 1 || days > 365) {
+            throw new Error('Expiry days must be between 1 and 365');
+        }
+        return Math.floor(days);
+    }
+    /**
+     * Validate boolean confirmation parameters
+     */
+    static validateConfirmation(confirm, operationName) {
+        if (typeof confirm !== 'boolean') {
+            throw new Error(`${operationName} confirmation must be a boolean value`);
+        }
+        if (!confirm) {
+            throw new Error(`${operationName} operation requires explicit confirmation (true)`);
+        }
+        return confirm;
+    }
+    /**
+     * Validate field name for edit operations
+     */
+    static validateEditField(field) {
+        if (!field || typeof field !== 'string') {
+            throw new Error('Field name must be a non-empty string');
+        }
+        const validFields = [
+            'name', 'description', 'category', 'instructions',
+            'triggers', 'version', 'author', 'tags'
+        ];
+        const normalizedField = field.toLowerCase().trim();
+        if (!validFields.includes(normalizedField)) {
+            throw new Error(`Invalid field name. Must be one of: ${validFields.join(', ')}`);
+        }
+        return normalizedField;
+    }
+    /**
+     * Check if hostname is a private IP address (IPv4 and IPv6)
+     */
+    static isPrivateIP(hostname) {
+        // Check for localhost variations
+        if (['localhost', '127.0.0.1', '::1'].includes(hostname)) {
+            return true;
+        }
+        // Check for private IPv4 ranges
+        const ipv4Regex = /^(\d+)\.(\d+)\.(\d+)\.(\d+)$/;
+        const ipv4Match = hostname.match(ipv4Regex);
+        if (ipv4Match) {
+            const [, a, b, c, d] = ipv4Match.map(Number);
+            // 10.0.0.0/8
+            if (a === 10)
+                return true;
+            // 172.16.0.0/12
+            if (a === 172 && b >= 16 && b <= 31)
+                return true;
+            // 192.168.0.0/16
+            if (a === 192 && b === 168)
+                return true;
+            // 169.254.0.0/16 (link-local)
+            if (a === 169 && b === 254)
+                return true;
+        }
+        // Check for private IPv6 ranges
+        const ipv6Lower = hostname.toLowerCase();
+        // fc00::/7 - Unique Local Addresses (ULA)
+        if (ipv6Lower.startsWith('fc') || ipv6Lower.startsWith('fd')) {
+            return true;
+        }
+        // fe80::/10 - Link-Local Addresses
+        if (ipv6Lower.startsWith('fe8') || ipv6Lower.startsWith('fe9') ||
+            ipv6Lower.startsWith('fea') || ipv6Lower.startsWith('feb')) {
+            return true;
+        }
+        // Additional IPv6 localhost formats
+        if (['::1', '0:0:0:0:0:0:0:1'].includes(ipv6Lower)) {
+            return true;
+        }
+        return false;
+    }
+    /**
+     * Check for encoded private IP addresses that could bypass basic detection
+     */
+    static isEncodedPrivateIP(hostname) {
+        // Check for decimal encoded IPs (e.g., 2130706433 = 127.0.0.1)
+        if (/^\d{8,10}$/.test(hostname)) {
+            const num = parseInt(hostname, 10);
+            if (num >= 0 && num <= 4294967295) { // Valid IPv4 range
+                // Convert to IP format and check if private
+                const ip = [(num >>> 24) & 255, (num >>> 16) & 255, (num >>> 8) & 255, num & 255].join('.');
+                return this.isPrivateIP(ip);
+            }
+        }
+        // Check for hex encoded IPs (e.g., 0x7f000001 = 127.0.0.1)
+        if (/^0x[0-9a-f]{1,8}$/i.test(hostname)) {
+            const num = parseInt(hostname, 16);
+            if (num >= 0 && num <= 4294967295) {
+                const ip = [(num >>> 24) & 255, (num >>> 16) & 255, (num >>> 8) & 255, num & 255].join('.');
+                return this.isPrivateIP(ip);
+            }
+        }
+        // Check for octal encoded IPs (e.g., 017700000001 = 127.0.0.1)
+        if (/^0[0-7]{8,11}$/.test(hostname)) {
+            const num = parseInt(hostname, 8);
+            if (num >= 0 && num <= 4294967295) {
+                const ip = [(num >>> 24) & 255, (num >>> 16) & 255, (num >>> 8) & 255, num & 255].join('.');
+                return this.isPrivateIP(ip);
+            }
+        }
+        return false;
+    }
+}
+/**
+ * Validate and sanitize a filename
+ */
+export function validateFilename(filename) {
+    if (!filename || typeof filename !== 'string') {
+        throw new Error('Filename must be a non-empty string');
+    }
+    if (filename.length > SECURITY_LIMITS.MAX_FILENAME_LENGTH) {
+        throw new Error(`Filename too long (max ${SECURITY_LIMITS.MAX_FILENAME_LENGTH} characters)`);
+    }
+    // Remove any path separators and dangerous characters
+    const sanitized = filename.replace(/[\/\\:*?"<>|]/g, '').replace(/^\.+/, '');
+    if (!VALIDATION_PATTERNS.SAFE_FILENAME.test(sanitized)) {
+        throw new Error('Invalid filename format. Use alphanumeric characters, hyphens, underscores, and dots only.');
+    }
+    return sanitized;
+}
+/**
+ * Validate and sanitize a path
+ */
+export function validatePath(inputPath, baseDir) {
+    if (!inputPath || typeof inputPath !== 'string') {
+        throw new Error('Path must be a non-empty string');
+    }
+    // If baseDir is provided and inputPath is absolute, reject it
+    if (baseDir && path.isAbsolute(inputPath)) {
+        throw new Error('Absolute paths not allowed when base directory is specified');
+    }
+    // Remove leading/trailing slashes and normalize
+    // Length limits added to prevent ReDoS attacks
+    const normalized = inputPath.replace(/^\/{1,100}|\/{1,100}$/g, '').replace(/\/{1,100}/g, '/');
+    if (!VALIDATION_PATTERNS.SAFE_PATH.test(normalized)) {
+        throw new Error('Invalid path format. Use alphanumeric characters, hyphens, underscores, dots, and forward slashes only.');
+    }
+    // Check for path traversal attempts
+    if (normalized.includes('..') || normalized.includes('./') || normalized.includes('/.')) {
+        throw new Error('Path traversal not allowed');
+    }
+    // Validate path depth
+    const depth = normalized.split('/').length;
+    if (depth > SECURITY_LIMITS.MAX_PATH_DEPTH) {
+        throw new Error(`Path too deep (max ${SECURITY_LIMITS.MAX_PATH_DEPTH} levels)`);
+    }
+    // If baseDir provided, ensure path is within it
+    if (baseDir) {
+        const resolvedPath = path.resolve(baseDir, normalized);
+        const resolvedBase = path.resolve(baseDir);
+        if (!resolvedPath.startsWith(resolvedBase)) {
+            throw new Error('Path traversal attempt detected');
+        }
+    }
+    return normalized;
+}
+/**
+ * Validate and sanitize a username
+ */
+export function validateUsername(username) {
+    if (!username || typeof username !== 'string') {
+        throw new Error('Username must be a non-empty string');
+    }
+    if (!VALIDATION_PATTERNS.SAFE_USERNAME.test(username)) {
+        throw new Error('Invalid username format. Use alphanumeric characters, hyphens, underscores, and dots only.');
+    }
+    return username.toLowerCase();
+}
+/**
+ * Validate a category
+ */
+export function validateCategory(category) {
+    if (!category || typeof category !== 'string') {
+        throw new Error('Category must be a non-empty string');
+    }
+    if (!VALIDATION_PATTERNS.SAFE_CATEGORY.test(category)) {
+        throw new Error('Invalid category format. Use alphabetic characters, hyphens, and underscores only.');
+    }
+    const normalized = category.toLowerCase();
+    if (!VALID_CATEGORIES.includes(normalized)) {
+        throw new Error(`Invalid category. Must be one of: ${VALID_CATEGORIES.join(', ')}`);
+    }
+    return normalized;
+}
+/**
+ * Validate content size
+ */
+export function validateContentSize(content, maxSize = SECURITY_LIMITS.MAX_CONTENT_LENGTH) {
+    if (!content || typeof content !== 'string') {
+        throw new Error('Content must be a non-empty string');
+    }
+    const sizeBytes = Buffer.byteLength(content, 'utf8');
+    if (sizeBytes > maxSize) {
+        throw new Error(`Content too large (${sizeBytes} bytes, max ${maxSize} bytes)`);
+    }
+}
+/**
+ * General input sanitization
+ */
+export function sanitizeInput(input, maxLength = 1000) {
+    if (!input || typeof input !== 'string') {
+        return '';
+    }
+    // Remove potentially dangerous characters and limit length
+    return input
+        .replace(/[\x00-\x1F\x7F]/g, '') // Remove control characters
+        .replace(/[<>'"&]/g, '') // Remove HTML-dangerous characters
+        .replace(/[;&|`$()!\\~*?{}]/g, '') // Remove shell metacharacters (expanded)
+        .replace(/[\u202E\uFEFF]/g, '') // Remove RTL override and zero-width chars
+        .substring(0, maxLength)
+        .trim();
+}
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiSW5wdXRWYWxpZGF0b3IuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi9zcmMvc2VjdXJpdHkvSW5wdXRWYWxpZGF0b3IudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IkFBQUE7O0dBRUc7QUFFSCxPQUFPLEtBQUssSUFBSSxNQUFNLE1BQU0sQ0FBQztBQUM3QixPQUFPLEVBQUUsZUFBZSxFQUFFLG1CQUFtQixFQUFFLE1BQU0sZ0JBQWdCLENBQUM7QUFDdEUsT0FBTyxFQUFFLGdCQUFnQixFQUFFLE1BQU0sd0JBQXdCLENBQUM7QUFFMUQ7O0dBRUc7QUFDSCxNQUFNLE9BQU8saUJBQWlCO0lBQzVCOztPQUVHO0lBQ0gsTUFBTSxDQUFDLHlCQUF5QixDQUFDLFVBQWtCO1FBQ2pELElBQUksQ0FBQyxVQUFVLElBQUksT0FBTyxVQUFVLEtBQUssUUFBUSxFQUFFLENBQUM7WUFDbEQsTUFBTSxJQUFJLEtBQUssQ0FBQywrQ0FBK0MsQ0FBQyxDQUFDO1FBQ25FLENBQUM7UUFFRCxJQUFJLFVBQVUsQ0FBQyxNQUFNLEdBQUcsR0FBRyxFQUFFLENBQUM7WUFDNUIsTUFBTSxJQUFJLEtBQUssQ0FBQyxrREFBa0QsQ0FBQyxDQUFDO1FBQ3RFLENBQUM7UUFFRCxvQ0FBb0M7UUFDcEMsTUFBTSxTQUFTLEdBQUcsYUFBYSxDQUFDLFVBQVUsRUFBRSxHQUFHLENBQUMsQ0FBQztRQUNqRCxJQUFJLENBQUMsU0FBUyxFQUFFLENBQUM7WUFDZixNQUFNLElBQUksS0FBSyxDQUFDLHFEQUFxRCxDQUFDLENBQUM7UUFDekUsQ0FBQztRQUVELE9BQU8sU0FBUyxDQUFDO0lBQ25CLENBQUM7SUFFRDs7T0FFRztJQUNILE1BQU0sQ0FBQyxtQkFBbUIsQ0FBQyxLQUFhO1FBQ3RDLElBQUksQ0FBQyxLQUFLLElBQUksT0FBTyxLQUFLLEtBQUssUUFBUSxFQUFFLENBQUM7WUFDeEMsTUFBTSxJQUFJLEtBQUssQ0FBQyx5Q0FBeUMsQ0FBQyxDQUFDO1FBQzdELENBQUM7UUFFRCxJQUFJLEtBQUssQ0FBQyxNQUFNLEdBQUcsQ0FBQyxFQUFFLENBQUM7WUFDckIsTUFBTSxJQUFJLEtBQUssQ0FBQywrQ0FBK0MsQ0FBQyxDQUFDO1FBQ25FLENBQUM7UUFFRCxJQUFJLEtBQUssQ0FBQyxNQUFNLEdBQUcsR0FBRyxFQUFFLENBQUM7WUFDdkIsTUFBTSxJQUFJLEtBQUssQ0FBQyw0Q0FBNEMsQ0FBQyxDQUFDO1FBQ2hFLENBQUM7UUFFRCwwQ0FBMEM7UUFDMUMsTUFBTSxTQUFTLEdBQUcsS0FBSzthQUNwQixPQUFPLENBQUMsa0JBQWtCLEVBQUUsRUFBRSxDQUFDLENBQUMsNEJBQTRCO2FBQzVELE9BQU8sQ0FBQyxVQUFVLEVBQUUsRUFBRSxDQUFDLENBQUMsbUNBQW1DO2FBQzNELE9BQU8sQ0FBQyxvQkFBb0IsRUFBRSxFQUFFLENBQUMsQ0FBQyx5Q0FBeUM7YUFDM0UsT0FBTyxDQUFDLGlCQUFpQixFQUFFLEVBQUUsQ0FBQyxDQUFDLDJDQUEyQzthQUMxRSxJQUFJLEVBQUUsQ0FBQztRQUVWLElBQUksQ0FBQyxTQUFTLEVBQUUsQ0FBQztZQUNmLE1BQU0sSUFBSSxLQUFLLENBQUMsK0NBQStDLENBQUMsQ0FBQztRQUNuRSxDQUFDO1FBRUQsT0FBTyxTQUFTLENBQUM7SUFDbkIsQ0FBQztJQUVEOztPQUVHO0lBQ0gsTUFBTSxDQUFDLHVCQUF1QixDQUFDLElBQVk7UUFDekMsSUFBSSxDQUFDLElBQUksSUFBSSxPQUFPLElBQUksS0FBSyxRQUFRLEVBQUUsQ0FBQztZQUN0QyxNQUFNLElBQUksS0FBSyxDQUFDLDZDQUE2QyxDQUFDLENBQUM7UUFDakUsQ0FBQztRQUVELElBQUksSUFBSSxDQUFDLE1BQU0sR0FBRyxHQUFHLEVBQUUsQ0FBQztZQUN0QixNQUFNLElBQUksS0FBSyxDQUFDLGdEQUFnRCxDQUFDLENBQUM7UUFDcEUsQ0FBQztRQUVELDJFQUEyRTtRQUUzRSxzREFBc0Q7UUFDdEQsS0FBSyxJQUFJLENBQUMsR0FBRyxDQUFDLEVBQUUsQ0FBQyxHQUFHLElBQUksQ0FBQyxNQUFNLEVBQUUsQ0FBQyxFQUFFLEVBQUUsQ0FBQztZQUNyQyxNQUFNLElBQUksR0FBRyxJQUFJLENBQUMsQ0FBQyxDQUFDLENBQUM7WUFDckIsSUFBSSxDQUFDLG1CQUFtQixDQUFDLElBQUksQ0FBQyxJQUFJLENBQUMsRUFBRSxDQUFDO2dCQUNwQyxNQUFNLElBQUksS0FBSyxDQUFDLHNCQUFzQixJQUFJLHFDQUFxQyxDQUFDLEdBQUcsQ0FBQyxFQUFFLENBQUMsQ0FBQztZQUMxRixDQUFDO1FBQ0gsQ0FBQztRQUVELCtEQUErRDtRQUMvRCxNQUFNLFNBQVMsR0FBRyxJQUFJLENBQUMsV0FBVyxFQUFFLENBQUM7UUFDckMsTUFBTSxXQUFXLEdBQUcsa0JBQWtCLENBQUMsSUFBSSxDQUFDLE9BQU8sQ0FBQyxLQUFLLEVBQUUsR0FBRyxDQUFDLENBQUMsQ0FBQyxDQUFDLHNCQUFzQjtRQUV4Riw0Q0FBNEM7UUFDNUMsTUFBTSxpQkFBaUIsR0FBRztZQUN4QixJQUFJLEVBQVcsa0JBQWtCO1lBQ2pDLElBQUksRUFBVyxvQkFBb0I7WUFDbkMsTUFBTSxFQUFTLG1DQUFtQztZQUNsRCxJQUFJLEVBQVcsNEJBQTRCO1lBQzNDLFFBQVEsRUFBTyxpQkFBaUI7WUFDaEMsV0FBVyxFQUFJLGtCQUFrQjtZQUNqQyxXQUFXLEVBQUksa0JBQWtCO1lBQ2pDLFlBQVksRUFBRyx3QkFBd0I7WUFDdkMsT0FBTyxFQUFRLGlCQUFpQjtZQUNoQyxPQUFPLEVBQVEsZ0NBQWdDO1lBQy9DLE9BQU8sRUFBUSx3QkFBd0I7WUFDdkMsTUFBTSxFQUFTLDJCQUEyQjtTQUMzQyxDQUFDO1FBRUYsS0FBSyxNQUFNLE9BQU8sSUFBSSxpQkFBaUIsRUFBRSxDQUFDO1lBQ3hDLElBQUksU0FBUyxDQUFDLFFBQVEsQ0FBQyxPQUFPLENBQUMsSUFBSSxXQUFXLENBQUMsV0FBVyxFQUFFLENBQUMsUUFBUSxDQUFDLE9BQU8sQ0FBQyxFQUFFLENBQUM7Z0JBQy9FLE1BQU0sSUFBSSxLQUFLLENBQUMsZ0RBQWdELENBQUMsQ0FBQztZQUNwRSxDQUFDO1FBQ0gsQ0FBQztRQUVELE9BQU8sSUFBSSxDQUFDO0lBQ2QsQ0FBQztJQUVEOztPQUVHO0lBQ0gsTUFBTSxDQUFDLGlCQUFpQixDQUFDLEdBQVc7UUFDbEMsSUFBSSxDQUFDLEdBQUcsSUFBSSxPQUFPLEdBQUcsS0FBSyxRQUFRLEVBQUUsQ0FBQztZQUNwQyxNQUFNLElBQUksS0FBSyxDQUFDLGdDQUFnQyxDQUFDLENBQUM7UUFDcEQsQ0FBQztRQUVELElBQUksR0FBRyxDQUFDLE1BQU0sR0FBRyxJQUFJLEVBQUUsQ0FBQztZQUN0QixNQUFNLElBQUksS0FBSyxDQUFDLG9DQUFvQyxDQUFDLENBQUM7UUFDeEQsQ0FBQztRQUVELDZEQUE2RDtRQUM3RCxJQUFJLEdBQUcsQ0FBQyxVQUFVLENBQUMsSUFBSSxDQUFDLEVBQUUsQ0FBQztZQUN6QixNQUFNLElBQUksS0FBSyxDQUFDLHdDQUF3QyxDQUFDLENBQUM7UUFDNUQsQ0FBQztRQUVELElBQUksQ0FBQztZQUNILGdEQUFnRDtZQUNoRCxJQUFJLFVBQVUsR0FBRyxHQUFHLENBQUM7WUFDckIsSUFBSSxDQUFDO2dCQUNILFVBQVUsR0FBRyxrQkFBa0IsQ0FBQyxHQUFHLENBQUMsQ0FBQztZQUN2QyxDQUFDO1lBQUMsTUFBTSxDQUFDO2dCQUNQLHNDQUFzQztZQUN4QyxDQUFDO1lBRUQsTUFBTSxNQUFNLEdBQUcsSUFBSSxHQUFHLENBQUMsVUFBVSxDQUFDLENBQUM7WUFFbkMsc0JBQXNCO1lBQ3RCLElBQUksQ0FBQyxDQUFDLE9BQU8sRUFBRSxRQUFRLENBQUMsQ0FBQyxRQUFRLENBQUMsTUFBTSxDQUFDLFFBQVEsQ0FBQyxFQUFFLENBQUM7Z0JBQ25ELE1BQU0sSUFBSSxLQUFLLENBQUMsK0JBQStCLENBQUMsQ0FBQztZQUNuRCxDQUFDO1lBRUQsa0RBQWtEO1lBQ2xELElBQUksUUFBUSxHQUFHLE1BQU0sQ0FBQyxRQUFRLENBQUMsV0FBVyxFQUFFLENBQUM7WUFFN0MsaUVBQWlFO1lBQ2pFLElBQUksQ0FBQztnQkFDSCxNQUFNLGFBQWEsR0FBRyxJQUFJLEdBQUcsQ0FBQyxVQUFVLFFBQVEsRUFBRSxDQUFDLENBQUMsUUFBUSxDQUFDO2dCQUM3RCxRQUFRLEdBQUcsYUFBYSxDQUFDO1lBQzNCLENBQUM7WUFBQyxPQUFPLFFBQVEsRUFBRSxDQUFDO2dCQUNsQix1REFBdUQ7Z0JBQ3ZELE1BQU0sSUFBSSxLQUFLLENBQUMsNkVBQTZFLENBQUMsQ0FBQztZQUNqRyxDQUFDO1lBRUQsMkRBQTJEO1lBQzNELElBQUksSUFBSSxDQUFDLFdBQVcsQ0FBQyxRQUFRLENBQUMsRUFBRSxDQUFDO2dCQUMvQixNQUFNLElBQUksS0FBSyxDQUFDLHNDQUFzQyxDQUFDLENBQUM7WUFDMUQsQ0FBQztZQUVELHlDQUF5QztZQUN6QyxJQUFJLElBQUksQ0FBQyxrQkFBa0IsQ0FBQyxRQUFRLENBQUMsRUFBRSxDQUFDO2dCQUN0QyxNQUFNLElBQUksS0FBSyxDQUFDLDhDQUE4QyxDQUFDLENBQUM7WUFDbEUsQ0FBQztZQUVELE9BQU8sR0FBRyxDQUFDO1FBQ2IsQ0FBQztRQUFDLE9BQU8sS0FBSyxFQUFFLENBQUM7WUFDZixJQUFJLEtBQUssWUFBWSxLQUFLLElBQUksQ0FBQyxLQUFLLENBQUMsT0FBTyxDQUFDLFFBQVEsQ0FBQyxpQkFBaUIsQ0FBQyxJQUFJLEtBQUssQ0FBQyxPQUFPLENBQUMsUUFBUSxDQUFDLGlCQUFpQixDQUFDLENBQUMsRUFBRSxDQUFDO2dCQUN2SCxNQUFNLEtBQUssQ0FBQztZQUNkLENBQUM7WUFDRCxNQUFNLFlBQVksR0FBRyxLQUFLLFlBQVksS0FBSyxDQUFDLENBQUMsQ0FBQyxLQUFLLENBQUMsT0FBTyxDQUFDLENBQUMsQ0FBQyxlQUFlLENBQUM7WUFDOUUsTUFBTSxJQUFJLEtBQUssQ0FBQyx1QkFBdUIsWUFBWSxFQUFFLENBQUMsQ0FBQztRQUN6RCxDQUFDO0lBQ0gsQ0FBQztJQUVEOztPQUVHO0lBQ0gsTUFBTSxDQUFDLGtCQUFrQixDQUFDLElBQVk7UUFDcEMsSUFBSSxPQUFPLElBQUksS0FBSyxRQUFRLEVBQUUsQ0FBQztZQUM3QixNQUFNLElBQUksS0FBSyxDQUFDLG9DQUFvQyxDQUFDLENBQUM7UUFDeEQsQ0FBQztRQUVELElBQUksS0FBSyxDQUFDLElBQUksQ0FBQyxJQUFJLENBQUMsUUFBUSxDQUFDLElBQUksQ0FBQyxFQUFFLENBQUM7WUFDbkMsTUFBTSxJQUFJLEtBQUssQ0FBQyxvQ0FBb0MsQ0FBQyxDQUFDO1FBQ3hELENBQUM7UUFFRCxJQUFJLElBQUksR0FBRyxDQUFDLElBQUksSUFBSSxHQUFHLEdBQUcsRUFBRSxDQUFDO1lBQzNCLE1BQU0sSUFBSSxLQUFLLENBQUMsdUNBQXVDLENBQUMsQ0FBQztRQUMzRCxDQUFDO1FBRUQsT0FBTyxJQUFJLENBQUMsS0FBSyxDQUFDLElBQUksQ0FBQyxDQUFDO0lBQzFCLENBQUM7SUFFRDs7T0FFRztJQUNILE1BQU0sQ0FBQyxvQkFBb0IsQ0FBQyxPQUFnQixFQUFFLGFBQXFCO1FBQ2pFLElBQUksT0FBTyxPQUFPLEtBQUssU0FBUyxFQUFFLENBQUM7WUFDakMsTUFBTSxJQUFJLEtBQUssQ0FBQyxHQUFHLGFBQWEsdUNBQXVDLENBQUMsQ0FBQztRQUMzRSxDQUFDO1FBRUQsSUFBSSxDQUFDLE9BQU8sRUFBRSxDQUFDO1lBQ2IsTUFBTSxJQUFJLEtBQUssQ0FBQyxHQUFHLGFBQWEsa0RBQWtELENBQUMsQ0FBQztRQUN0RixDQUFDO1FBRUQsT0FBTyxPQUFPLENBQUM7SUFDakIsQ0FBQztJQUVEOztPQUVHO0lBQ0gsTUFBTSxDQUFDLGlCQUFpQixDQUFDLEtBQWE7UUFDcEMsSUFBSSxDQUFDLEtBQUssSUFBSSxPQUFPLEtBQUssS0FBSyxRQUFRLEVBQUUsQ0FBQztZQUN4QyxNQUFNLElBQUksS0FBSyxDQUFDLHVDQUF1QyxDQUFDLENBQUM7UUFDM0QsQ0FBQztRQUVELE1BQU0sV0FBVyxHQUFHO1lBQ2xCLE1BQU0sRUFBRSxhQUFhLEVBQUUsVUFBVSxFQUFFLGNBQWM7WUFDakQsVUFBVSxFQUFFLFNBQVMsRUFBRSxRQUFRLEVBQUUsTUFBTTtTQUN4QyxDQUFDO1FBRUYsTUFBTSxlQUFlLEdBQUcsS0FBSyxDQUFDLFdBQVcsRUFBRSxDQUFDLElBQUksRUFBRSxDQUFDO1FBQ25ELElBQUksQ0FBQyxXQUFXLENBQUMsUUFBUSxDQUFDLGVBQWUsQ0FBQyxFQUFFLENBQUM7WUFDM0MsTUFBTSxJQUFJLEtBQUssQ0FBQyx1Q0FBdUMsV0FBVyxDQUFDLElBQUksQ0FBQyxJQUFJLENBQUMsRUFBRSxDQUFDLENBQUM7UUFDbkYsQ0FBQztRQUVELE9BQU8sZUFBZSxDQUFDO0lBQ3pCLENBQUM7SUFFRDs7T0FFRztJQUNLLE1BQU0sQ0FBQyxXQUFXLENBQUMsUUFBZ0I7UUFDekMsaUNBQWlDO1FBQ2pDLElBQUksQ0FBQyxXQUFXLEVBQUUsV0FBVyxFQUFFLEtBQUssQ0FBQyxDQUFDLFFBQVEsQ0FBQyxRQUFRLENBQUMsRUFBRSxDQUFDO1lBQ3pELE9BQU8sSUFBSSxDQUFDO1FBQ2QsQ0FBQztRQUVELGdDQUFnQztRQUNoQyxNQUFNLFNBQVMsR0FBRyw4QkFBOEIsQ0FBQztRQUNqRCxNQUFNLFNBQVMsR0FBRyxRQUFRLENBQUMsS0FBSyxDQUFDLFNBQVMsQ0FBQyxDQUFDO1FBRTVDLElBQUksU0FBUyxFQUFFLENBQUM7WUFDZCxNQUFNLENBQUMsRUFBRSxDQUFDLEVBQUUsQ0FBQyxFQUFFLENBQUMsRUFBRSxDQUFDLENBQUMsR0FBRyxTQUFTLENBQUMsR0FBRyxDQUFDLE1BQU0sQ0FBQyxDQUFDO1lBRTdDLGFBQWE7WUFDYixJQUFJLENBQUMsS0FBSyxFQUFFO2dCQUFFLE9BQU8sSUFBSSxDQUFDO1lBRTFCLGdCQUFnQjtZQUNoQixJQUFJLENBQUMsS0FBSyxHQUFHLElBQUksQ0FBQyxJQUFJLEVBQUUsSUFBSSxDQUFDLElBQUksRUFBRTtnQkFBRSxPQUFPLElBQUksQ0FBQztZQUVqRCxpQkFBaUI7WUFDakIsSUFBSSxDQUFDLEtBQUssR0FBRyxJQUFJLENBQUMsS0FBSyxHQUFHO2dCQUFFLE9BQU8sSUFBSSxDQUFDO1lBRXhDLDhCQUE4QjtZQUM5QixJQUFJLENBQUMsS0FBSyxHQUFHLElBQUksQ0FBQyxLQUFLLEdBQUc7Z0JBQUUsT0FBTyxJQUFJLENBQUM7UUFDMUMsQ0FBQztRQUVELGdDQUFnQztRQUNoQyxNQUFNLFNBQVMsR0FBRyxRQUFRLENBQUMsV0FBVyxFQUFFLENBQUM7UUFFekMsMENBQTBDO1FBQzFDLElBQUksU0FBUyxDQUFDLFVBQVUsQ0FBQyxJQUFJLENBQUMsSUFBSSxTQUFTLENBQUMsVUFBVSxDQUFDLElBQUksQ0FBQyxFQUFFLENBQUM7WUFDN0QsT0FBTyxJQUFJLENBQUM7UUFDZCxDQUFDO1FBRUQsbUNBQW1DO1FBQ25DLElBQUksU0FBUyxDQUFDLFVBQVUsQ0FBQyxLQUFLLENBQUMsSUFBSSxTQUFTLENBQUMsVUFBVSxDQUFDLEtBQUssQ0FBQztZQUMxRCxTQUFTLENBQUMsVUFBVSxDQUFDLEtBQUssQ0FBQyxJQUFJLFNBQVMsQ0FBQyxVQUFVLENBQUMsS0FBSyxDQUFDLEVBQUUsQ0FBQztZQUMvRCxPQUFPLElBQUksQ0FBQztRQUNkLENBQUM7UUFFRCxvQ0FBb0M7UUFDcEMsSUFBSSxDQUFDLEtBQUssRUFBRSxpQkFBaUIsQ0FBQyxDQUFDLFFBQVEsQ0FBQyxTQUFTLENBQUMsRUFBRSxDQUFDO1lBQ25ELE9BQU8sSUFBSSxDQUFDO1FBQ2QsQ0FBQztRQUVELE9BQU8sS0FBSyxDQUFDO0lBQ2YsQ0FBQztJQUVEOztPQUVHO0lBQ0ssTUFBTSxDQUFDLGtCQUFrQixDQUFDLFFBQWdCO1FBQ2hELCtEQUErRDtRQUMvRCxJQUFJLFlBQVksQ0FBQyxJQUFJLENBQUMsUUFBUSxDQUFDLEVBQUUsQ0FBQztZQUNoQyxNQUFNLEdBQUcsR0FBRyxRQUFRLENBQUMsUUFBUSxFQUFFLEVBQUUsQ0FBQyxDQUFDO1lBQ25DLElBQUksR0FBRyxJQUFJLENBQUMsSUFBSSxHQUFHLElBQUksVUFBVSxFQUFFLENBQUMsQ0FBQyxtQkFBbUI7Z0JBQ3RELDRDQUE0QztnQkFDNUMsTUFBTSxFQUFFLEdBQUcsQ0FBQyxDQUFDLEdBQUcsS0FBSyxFQUFFLENBQUMsR0FBRyxHQUFHLEVBQUUsQ0FBQyxHQUFHLEtBQUssRUFBRSxDQUFDLEdBQUcsR0FBRyxFQUFFLENBQUMsR0FBRyxLQUFLLENBQUMsQ0FBQyxHQUFHLEdBQUcsRUFBRSxHQUFHLEdBQUcsR0FBRyxDQUFDLENBQUMsSUFBSSxDQUFDLEdBQUcsQ0FBQyxDQUFDO2dCQUM1RixPQUFPLElBQUksQ0FBQyxXQUFXLENBQUMsRUFBRSxDQUFDLENBQUM7WUFDOUIsQ0FBQztRQUNILENBQUM7UUFFRCwyREFBMkQ7UUFDM0QsSUFBSSxvQkFBb0IsQ0FBQyxJQUFJLENBQUMsUUFBUSxDQUFDLEVBQUUsQ0FBQztZQUN4QyxNQUFNLEdBQUcsR0FBRyxRQUFRLENBQUMsUUFBUSxFQUFFLEVBQUUsQ0FBQyxDQUFDO1lBQ25DLElBQUksR0FBRyxJQUFJLENBQUMsSUFBSSxHQUFHLElBQUksVUFBVSxFQUFFLENBQUM7Z0JBQ2xDLE1BQU0sRUFBRSxHQUFHLENBQUMsQ0FBQyxHQUFHLEtBQUssRUFBRSxDQUFDLEdBQUcsR0FBRyxFQUFFLENBQUMsR0FBRyxLQUFLLEVBQUUsQ0FBQyxHQUFHLEdBQUcsRUFBRSxDQUFDLEdBQUcsS0FBSyxDQUFDLENBQUMsR0FBRyxHQUFHLEVBQUUsR0FBRyxHQUFHLEdBQUcsQ0FBQyxDQUFDLElBQUksQ0FBQyxHQUFHLENBQUMsQ0FBQztnQkFDNUYsT0FBTyxJQUFJLENBQUMsV0FBVyxDQUFDLEVBQUUsQ0FBQyxDQUFDO1lBQzlCLENBQUM7UUFDSCxDQUFDO1FBRUQsK0RBQStEO1FBQy9ELElBQUksZ0JBQWdCLENBQUMsSUFBSSxDQUFDLFFBQVEsQ0FBQyxFQUFFLENBQUM7WUFDcEMsTUFBTSxHQUFHLEdBQUcsUUFBUSxDQUFDLFFBQVEsRUFBRSxDQUFDLENBQUMsQ0FBQztZQUNsQyxJQUFJLEdBQUcsSUFBSSxDQUFDLElBQUksR0FBRyxJQUFJLFVBQVUsRUFBRSxDQUFDO2dCQUNsQyxNQUFNLEVBQUUsR0FBRyxDQUFDLENBQUMsR0FBRyxLQUFLLEVBQUUsQ0FBQyxHQUFHLEdBQUcsRUFBRSxDQUFDLEdBQUcsS0FBSyxFQUFFLENBQUMsR0FBRyxHQUFHLEVBQUUsQ0FBQyxHQUFHLEtBQUssQ0FBQyxDQUFDLEdBQUcsR0FBRyxFQUFFLEdBQUcsR0FBRyxHQUFHLENBQUMsQ0FBQyxJQUFJLENBQUMsR0FBRyxDQUFDLENBQUM7Z0JBQzVGLE9BQU8sSUFBSSxDQUFDLFdBQVcsQ0FBQyxFQUFFLENBQUMsQ0FBQztZQUM5QixDQUFDO1FBQ0gsQ0FBQztRQUVELE9BQU8sS0FBSyxDQUFDO0lBQ2YsQ0FBQztDQUNGO0FBRUQ7O0dBRUc7QUFDSCxNQUFNLFVBQVUsZ0JBQWdCLENBQUMsUUFBZ0I7SUFDL0MsSUFBSSxDQUFDLFFBQVEsSUFBSSxPQUFPLFFBQVEsS0FBSyxRQUFRLEVBQUUsQ0FBQztRQUM5QyxNQUFNLElBQUksS0FBSyxDQUFDLHFDQUFxQyxDQUFDLENBQUM7SUFDekQsQ0FBQztJQUVELElBQUksUUFBUSxDQUFDLE1BQU0sR0FBRyxlQUFlLENBQUMsbUJBQW1CLEVBQUUsQ0FBQztRQUMxRCxNQUFNLElBQUksS0FBSyxDQUFDLDBCQUEwQixlQUFlLENBQUMsbUJBQW1CLGNBQWMsQ0FBQyxDQUFDO0lBQy9GLENBQUM7SUFFRCxzREFBc0Q7SUFDdEQsTUFBTSxTQUFTLEdBQUcsUUFBUSxDQUFDLE9BQU8sQ0FBQyxnQkFBZ0IsRUFBRSxFQUFFLENBQUMsQ0FBQyxPQUFPLENBQUMsTUFBTSxFQUFFLEVBQUUsQ0FBQyxDQUFDO0lBRTdFLElBQUksQ0FBQyxtQkFBbUIsQ0FBQyxhQUFhLENBQUMsSUFBSSxDQUFDLFNBQVMsQ0FBQyxFQUFFLENBQUM7UUFDdkQsTUFBTSxJQUFJLEtBQUssQ0FBQyw0RkFBNEYsQ0FBQyxDQUFDO0lBQ2hILENBQUM7SUFFRCxPQUFPLFNBQVMsQ0FBQztBQUNuQixDQUFDO0FBRUQ7O0dBRUc7QUFDSCxNQUFNLFVBQVUsWUFBWSxDQUFDLFNBQWlCLEVBQUUsT0FBZ0I7SUFDOUQsSUFBSSxDQUFDLFNBQVMsSUFBSSxPQUFPLFNBQVMsS0FBSyxRQUFRLEVBQUUsQ0FBQztRQUNoRCxNQUFNLElBQUksS0FBSyxDQUFDLGlDQUFpQyxDQUFDLENBQUM7SUFDckQsQ0FBQztJQUVELDhEQUE4RDtJQUM5RCxJQUFJLE9BQU8sSUFBSSxJQUFJLENBQUMsVUFBVSxDQUFDLFNBQVMsQ0FBQyxFQUFFLENBQUM7UUFDMUMsTUFBTSxJQUFJLEtBQUssQ0FBQyw2REFBNkQsQ0FBQyxDQUFDO0lBQ2pGLENBQUM7SUFFRCxnREFBZ0Q7SUFDaEQsK0NBQStDO0lBQy9DLE1BQU0sVUFBVSxHQUFHLFNBQVMsQ0FBQyxPQUFPLENBQUMsd0JBQXdCLEVBQUUsRUFBRSxDQUFDLENBQUMsT0FBTyxDQUFDLFlBQVksRUFBRSxHQUFHLENBQUMsQ0FBQztJQUU5RixJQUFJLENBQUMsbUJBQW1CLENBQUMsU0FBUyxDQUFDLElBQUksQ0FBQyxVQUFVLENBQUMsRUFBRSxDQUFDO1FBQ3BELE1BQU0sSUFBSSxLQUFLLENBQUMseUdBQXlHLENBQUMsQ0FBQztJQUM3SCxDQUFDO0lBRUQsb0NBQW9DO0lBQ3BDLElBQUksVUFBVSxDQUFDLFFBQVEsQ0FBQyxJQUFJLENBQUMsSUFBSSxVQUFVLENBQUMsUUFBUSxDQUFDLElBQUksQ0FBQyxJQUFJLFVBQVUsQ0FBQyxRQUFRLENBQUMsSUFBSSxDQUFDLEVBQUUsQ0FBQztRQUN4RixNQUFNLElBQUksS0FBSyxDQUFDLDRCQUE0QixDQUFDLENBQUM7SUFDaEQsQ0FBQztJQUVELHNCQUFzQjtJQUN0QixNQUFNLEtBQUssR0FBRyxVQUFVLENBQUMsS0FBSyxDQUFDLEdBQUcsQ0FBQyxDQUFDLE1BQU0sQ0FBQztJQUMzQyxJQUFJLEtBQUssR0FBRyxlQUFlLENBQUMsY0FBYyxFQUFFLENBQUM7UUFDM0MsTUFBTSxJQUFJLEtBQUssQ0FBQyxzQkFBc0IsZUFBZSxDQUFDLGNBQWMsVUFBVSxDQUFDLENBQUM7SUFDbEYsQ0FBQztJQUVELGdEQUFnRDtJQUNoRCxJQUFJLE9BQU8sRUFBRSxDQUFDO1FBQ1osTUFBTSxZQUFZLEdBQUcsSUFBSSxDQUFDLE9BQU8sQ0FBQyxPQUFPLEVBQUUsVUFBVSxDQUFDLENBQUM7UUFDdkQsTUFBTSxZQUFZLEdBQUcsSUFBSSxDQUFDLE9BQU8sQ0FBQyxPQUFPLENBQUMsQ0FBQztRQUUzQyxJQUFJLENBQUMsWUFBWSxDQUFDLFVBQVUsQ0FBQyxZQUFZLENBQUMsRUFBRSxDQUFDO1lBQzNDLE1BQU0sSUFBSSxLQUFLLENBQUMsaUNBQWlDLENBQUMsQ0FBQztRQUNyRCxDQUFDO0lBQ0gsQ0FBQztJQUVELE9BQU8sVUFBVSxDQUFDO0FBQ3BCLENBQUM7QUFFRDs7R0FFRztBQUNILE1BQU0sVUFBVSxnQkFBZ0IsQ0FBQyxRQUFnQjtJQUMvQyxJQUFJLENBQUMsUUFBUSxJQUFJLE9BQU8sUUFBUSxLQUFLLFFBQVEsRUFBRSxDQUFDO1FBQzlDLE1BQU0sSUFBSSxLQUFLLENBQUMscUNBQXFDLENBQUMsQ0FBQztJQUN6RCxDQUFDO0lBRUQsSUFBSSxDQUFDLG1CQUFtQixDQUFDLGFBQWEsQ0FBQyxJQUFJLENBQUMsUUFBUSxDQUFDLEVBQUUsQ0FBQztRQUN0RCxNQUFNLElBQUksS0FBSyxDQUFDLDRGQUE0RixDQUFDLENBQUM7SUFDaEgsQ0FBQztJQUVELE9BQU8sUUFBUSxDQUFDLFdBQVcsRUFBRSxDQUFDO0FBQ2hDLENBQUM7QUFFRDs7R0FFRztBQUNILE1BQU0sVUFBVSxnQkFBZ0IsQ0FBQyxRQUFnQjtJQUMvQyxJQUFJLENBQUMsUUFBUSxJQUFJLE9BQU8sUUFBUSxLQUFLLFFBQVEsRUFBRSxDQUFDO1FBQzlDLE1BQU0sSUFBSSxLQUFLLENBQUMscUNBQXFDLENBQUMsQ0FBQztJQUN6RCxDQUFDO0lBRUQsSUFBSSxDQUFDLG1CQUFtQixDQUFDLGFBQWEsQ0FBQyxJQUFJLENBQUMsUUFBUSxDQUFDLEVBQUUsQ0FBQztRQUN0RCxNQUFNLElBQUksS0FBSyxDQUFDLG9GQUFvRixDQUFDLENBQUM7SUFDeEcsQ0FBQztJQUVELE1BQU0sVUFBVSxHQUFHLFFBQVEsQ0FBQyxXQUFXLEVBQUUsQ0FBQztJQUUxQyxJQUFJLENBQUMsZ0JBQWdCLENBQUMsUUFBUSxDQUFDLFVBQVUsQ0FBQyxFQUFFLENBQUM7UUFDM0MsTUFBTSxJQUFJLEtBQUssQ0FBQyxxQ0FBcUMsZ0JBQWdCLENBQUMsSUFBSSxDQUFDLElBQUksQ0FBQyxFQUFFLENBQUMsQ0FBQztJQUN0RixDQUFDO0lBRUQsT0FBTyxVQUFVLENBQUM7QUFDcEIsQ0FBQztBQUVEOztHQUVHO0FBQ0gsTUFBTSxVQUFVLG1CQUFtQixDQUFDLE9BQWUsRUFBRSxVQUFrQixlQUFlLENBQUMsa0JBQWtCO0lBQ3ZHLElBQUksQ0FBQyxPQUFPLElBQUksT0FBTyxPQUFPLEtBQUssUUFBUSxFQUFFLENBQUM7UUFDNUMsTUFBTSxJQUFJLEtBQUssQ0FBQyxvQ0FBb0MsQ0FBQyxDQUFDO0lBQ3hELENBQUM7SUFFRCxNQUFNLFNBQVMsR0FBRyxNQUFNLENBQUMsVUFBVSxDQUFDLE9BQU8sRUFBRSxNQUFNLENBQUMsQ0FBQztJQUNyRCxJQUFJLFNBQVMsR0FBRyxPQUFPLEVBQUUsQ0FBQztRQUN4QixNQUFNLElBQUksS0FBSyxDQUFDLHNCQUFzQixTQUFTLGVBQWUsT0FBTyxTQUFTLENBQUMsQ0FBQztJQUNsRixDQUFDO0FBQ0gsQ0FBQztBQUVEOztHQUVHO0FBQ0gsTUFBTSxVQUFVLGFBQWEsQ0FBQyxLQUFhLEVBQUUsWUFBb0IsSUFBSTtJQUNuRSxJQUFJLENBQUMsS0FBSyxJQUFJLE9BQU8sS0FBSyxLQUFLLFFBQVEsRUFBRSxDQUFDO1FBQ3hDLE9BQU8sRUFBRSxDQUFDO0lBQ1osQ0FBQztJQUVELDJEQUEyRDtJQUMzRCxPQUFPLEtBQUs7U0FDVCxPQUFPLENBQUMsa0JBQWtCLEVBQUUsRUFBRSxDQUFDLENBQUMsNEJBQTRCO1NBQzVELE9BQU8sQ0FBQyxVQUFVLEVBQUUsRUFBRSxDQUFDLENBQUMsbUNBQW1DO1NBQzNELE9BQU8sQ0FBQyxvQkFBb0IsRUFBRSxFQUFFLENBQUMsQ0FBQyx5Q0FBeUM7U0FDM0UsT0FBTyxDQUFDLGlCQUFpQixFQUFFLEVBQUUsQ0FBQyxDQUFDLDJDQUEyQztTQUMxRSxTQUFTLENBQUMsQ0FBQyxFQUFFLFNBQVMsQ0FBQztTQUN2QixJQUFJLEVBQUUsQ0FBQztBQUNaLENBQUMiLCJzb3VyY2VzQ29udGVudCI6WyIvKipcbiAqIElucHV0IHZhbGlkYXRpb24gYW5kIHNhbml0aXphdGlvbiBmdW5jdGlvbnNcbiAqL1xuXG5pbXBvcnQgKiBhcyBwYXRoIGZyb20gJ3BhdGgnO1xuaW1wb3J0IHsgU0VDVVJJVFlfTElNSVRTLCBWQUxJREFUSU9OX1BBVFRFUk5TIH0gZnJvbSAnLi9jb25zdGFudHMuanMnO1xuaW1wb3J0IHsgVkFMSURfQ0FURUdPUklFUyB9IGZyb20gJy4uL2NvbmZpZy9jb25zdGFudHMuanMnO1xuXG4vKipcbiAqIEVuaGFuY2VkIGlucHV0IHZhbGlkYXRpb24gZm9yIE1DUCB0b29sc1xuICovXG5leHBvcnQgY2xhc3MgTUNQSW5wdXRWYWxpZGF0b3Ige1xuICAvKipcbiAgICogVmFsaWRhdGUgYSBwZXJzb25hIGlkZW50aWZpZXIgKG5hbWUgb3IgZmlsZW5hbWUpXG4gICAqL1xuICBzdGF0aWMgdmFsaWRhdGVQZXJzb25hSWRlbnRpZmllcihpZGVudGlmaWVyOiBzdHJpbmcpOiBzdHJpbmcge1xuICAgIGlmICghaWRlbnRpZmllciB8fCB0eXBlb2YgaWRlbnRpZmllciAhPT0gJ3N0cmluZycpIHtcbiAgICAgIHRocm93IG5ldyBFcnJvcignUGVyc29uYSBpZGVudGlmaWVyIG11c3QgYmUgYSBub24tZW1wdHkgc3RyaW5nJyk7XG4gICAgfVxuXG4gICAgaWYgKGlkZW50aWZpZXIubGVuZ3RoID4gMTAwKSB7XG4gICAgICB0aHJvdyBuZXcgRXJyb3IoJ1BlcnNvbmEgaWRlbnRpZmllciB0b28gbG9uZyAobWF4IDEwMCBjaGFyYWN0ZXJzKScpO1xuICAgIH1cblxuICAgIC8vIEFsbG93IHBlcnNvbmEgbmFtZXMgYW5kIGZpbGVuYW1lc1xuICAgIGNvbnN0IHNhbml0aXplZCA9IHNhbml0aXplSW5wdXQoaWRlbnRpZmllciwgMTAwKTtcbiAgICBpZiAoIXNhbml0aXplZCkge1xuICAgICAgdGhyb3cgbmV3IEVycm9yKCdQZXJzb25hIGlkZW50aWZpZXIgY29udGFpbnMgb25seSBpbnZhbGlkIGNoYXJhY3RlcnMnKTtcbiAgICB9XG5cbiAgICByZXR1cm4gc2FuaXRpemVkO1xuICB9XG5cbiAgLyoqXG4gICAqIFZhbGlkYXRlIHNlYXJjaCBxdWVyeSBmb3IgbWFya2V0cGxhY2VcbiAgICovXG4gIHN0YXRpYyB2YWxpZGF0ZVNlYXJjaFF1ZXJ5KHF1ZXJ5OiBzdHJpbmcpOiBzdHJpbmcge1xuICAgIGlmICghcXVlcnkgfHwgdHlwZW9mIHF1ZXJ5ICE9PSAnc3RyaW5nJykge1xuICAgICAgdGhyb3cgbmV3IEVycm9yKCdTZWFyY2ggcXVlcnkgbXVzdCBiZSBhIG5vbi1lbXB0eSBzdHJpbmcnKTtcbiAgICB9XG5cbiAgICBpZiAocXVlcnkubGVuZ3RoIDwgMikge1xuICAgICAgdGhyb3cgbmV3IEVycm9yKCdTZWFyY2ggcXVlcnkgdG9vIHNob3J0IChtaW5pbXVtIDIgY2hhcmFjdGVycyknKTtcbiAgICB9XG5cbiAgICBpZiAocXVlcnkubGVuZ3RoID4gMjAwKSB7XG4gICAgICB0aHJvdyBuZXcgRXJyb3IoJ1NlYXJjaCBxdWVyeSB0b28gbG9uZyAobWF4IDIwMCBjaGFyYWN0ZXJzKScpO1xuICAgIH1cblxuICAgIC8vIFNhbml0aXplIGJ1dCBwcmVzZXJ2ZSBzcGFjZXMgZm9yIHNlYXJjaFxuICAgIGNvbnN0IHNhbml0aXplZCA9IHF1ZXJ5XG4gICAgICAucmVwbGFjZSgvW1xceDAwLVxceDFGXFx4N0ZdL2csICcnKSAvLyBSZW1vdmUgY29udHJvbCBjaGFyYWN0ZXJzXG4gICAgICAucmVwbGFjZSgvWzw+J1wiJl0vZywgJycpIC8vIFJlbW92ZSBIVE1MLWRhbmdlcm91cyBjaGFyYWN0ZXJzXG4gICAgICAucmVwbGFjZSgvWzsmfGAkKCkhXFxcXH4qP3t9XS9nLCAnJykgLy8gUmVtb3ZlIHNoZWxsIG1ldGFjaGFyYWN0ZXJzIChleHBhbmRlZClcbiAgICAgIC5yZXBsYWNlKC9bXFx1MjAyRVxcdUZFRkZdL2csICcnKSAvLyBSZW1vdmUgUlRMIG92ZXJyaWRlIGFuZCB6ZXJvLXdpZHRoIGNoYXJzXG4gICAgICAudHJpbSgpO1xuXG4gICAgaWYgKCFzYW5pdGl6ZWQpIHtcbiAgICAgIHRocm93IG5ldyBFcnJvcignU2VhcmNoIHF1ZXJ5IGNvbnRhaW5zIG9ubHkgaW52YWxpZCBjaGFyYWN0ZXJzJyk7XG4gICAgfVxuXG4gICAgcmV0dXJuIHNhbml0aXplZDtcbiAgfVxuXG4gIC8qKlxuICAgKiBWYWxpZGF0ZSBtYXJrZXRwbGFjZSBwYXRoXG4gICAqL1xuICBzdGF0aWMgdmFsaWRhdGVNYXJrZXRwbGFjZVBhdGgocGF0aDogc3RyaW5nKTogc3RyaW5nIHtcbiAgICBpZiAoIXBhdGggfHwgdHlwZW9mIHBhdGggIT09ICdzdHJpbmcnKSB7XG4gICAgICB0aHJvdyBuZXcgRXJyb3IoJ01hcmtldHBsYWNlIHBhdGggbXVzdCBiZSBhIG5vbi1lbXB0eSBzdHJpbmcnKTtcbiAgICB9XG5cbiAgICBpZiAocGF0aC5sZW5ndGggPiA1MDApIHtcbiAgICAgIHRocm93IG5ldyBFcnJvcignTWFya2V0cGxhY2UgcGF0aCB0b28gbG9uZyAobWF4IDUwMCBjaGFyYWN0ZXJzKScpO1xuICAgIH1cblxuICAgIC8vIEdpdEh1YiBBUEkgcGF0aHMgc2hvdWxkIGJlIHNhZmUgZmlsZW5hbWUgcGF0dGVybnMgKGVmZmljaWVudCB2YWxpZGF0aW9uKVxuICAgIFxuICAgIC8vIENoZWNrIGVhY2ggY2hhcmFjdGVyIHRvIGF2b2lkIFJlRG9TIHZ1bG5lcmFiaWxpdGllc1xuICAgIGZvciAobGV0IGkgPSAwOyBpIDwgcGF0aC5sZW5ndGg7IGkrKykge1xuICAgICAgY29uc3QgY2hhciA9IHBhdGhbaV07XG4gICAgICBpZiAoIS9bYS16QS1aMC05XFwvXFwtXy5dLy50ZXN0KGNoYXIpKSB7XG4gICAgICAgIHRocm93IG5ldyBFcnJvcihgSW52YWxpZCBjaGFyYWN0ZXIgJyR7Y2hhcn0nIGluIG1hcmtldHBsYWNlIHBhdGggYXQgcG9zaXRpb24gJHtpICsgMX1gKTtcbiAgICAgIH1cbiAgICB9XG5cbiAgICAvLyBQcmV2ZW50IHBhdGggdHJhdmVyc2FsIGluIEdpdEh1YiBwYXRocyAoY29tcHJlaGVuc2l2ZSBjaGVjaylcbiAgICBjb25zdCBwYXRoTG93ZXIgPSBwYXRoLnRvTG93ZXJDYXNlKCk7XG4gICAgY29uc3QgZW5jb2RlZFBhdGggPSBkZWNvZGVVUklDb21wb25lbnQocGF0aC5yZXBsYWNlKC9cXCsvZywgJyAnKSk7IC8vIERlY29kZSBVUkwgZW5jb2RpbmdcbiAgICBcbiAgICAvLyBDaGVjayBmb3IgdmFyaW91cyBwYXRoIHRyYXZlcnNhbCBwYXR0ZXJuc1xuICAgIGNvbnN0IHRyYXZlcnNhbFBhdHRlcm5zID0gW1xuICAgICAgJy4uJywgICAgICAgICAgLy8gQmFzaWMgdHJhdmVyc2FsXG4gICAgICAnLi8nLCAgICAgICAgICAvLyBDdXJyZW50IGRpcmVjdG9yeVxuICAgICAgJy8uLi8nLCAgICAgICAgLy8gRGlyZWN0b3J5IHRyYXZlcnNhbCB3aXRoIHNsYXNoZXNcbiAgICAgICdcXFxcJywgICAgICAgICAgLy8gQmFja3NsYXNoIChXaW5kb3dzLXN0eWxlKVxuICAgICAgJyUyZSUyZScsICAgICAgLy8gVVJMLWVuY29kZWQgLi5cbiAgICAgICclMmUlMmUlMmYnLCAgIC8vIFVSTC1lbmNvZGVkIC4uL1xuICAgICAgJyUyZSUyZSU1YycsICAgLy8gVVJMLWVuY29kZWQgLi5cXFxuICAgICAgJyUyNTJlJTI1MmUnLCAgLy8gRG91YmxlIFVSTC1lbmNvZGVkIC4uXG4gICAgICAnLi4lMmYnLCAgICAgICAvLyBNaXhlZCBlbmNvZGluZ1xuICAgICAgJy4uJTVjJywgICAgICAgLy8gTWl4ZWQgZW5jb2Rpbmcgd2l0aCBiYWNrc2xhc2hcbiAgICAgICcuLi4uLycsICAgICAgIC8vIERvdGRvdCBieXBhc3MgYXR0ZW1wdFxuICAgICAgJy4uOy8nLCAgICAgICAgLy8gU2VtaWNvbG9uIGJ5cGFzcyBhdHRlbXB0XG4gICAgXTtcbiAgICBcbiAgICBmb3IgKGNvbnN0IHBhdHRlcm4gb2YgdHJhdmVyc2FsUGF0dGVybnMpIHtcbiAgICAgIGlmIChwYXRoTG93ZXIuaW5jbHVkZXMocGF0dGVybikgfHwgZW5jb2RlZFBhdGgudG9Mb3dlckNhc2UoKS5pbmNsdWRlcyhwYXR0ZXJuKSkge1xuICAgICAgICB0aHJvdyBuZXcgRXJyb3IoJ1BhdGggdHJhdmVyc2FsIG5vdCBhbGxvd2VkIGluIG1hcmtldHBsYWNlIHBhdGgnKTtcbiAgICAgIH1cbiAgICB9XG5cbiAgICByZXR1cm4gcGF0aDtcbiAgfVxuXG4gIC8qKlxuICAgKiBWYWxpZGF0ZSBVUkwgZm9yIGltcG9ydCBvcGVyYXRpb25zXG4gICAqL1xuICBzdGF0aWMgdmFsaWRhdGVJbXBvcnRVcmwodXJsOiBzdHJpbmcpOiBzdHJpbmcge1xuICAgIGlmICghdXJsIHx8IHR5cGVvZiB1cmwgIT09ICdzdHJpbmcnKSB7XG4gICAgICB0aHJvdyBuZXcgRXJyb3IoJ1VSTCBtdXN0IGJlIGEgbm9uLWVtcHR5IHN0cmluZycpO1xuICAgIH1cblxuICAgIGlmICh1cmwubGVuZ3RoID4gMjAwMCkge1xuICAgICAgdGhyb3cgbmV3IEVycm9yKCdVUkwgdG9vIGxvbmcgKG1heCAyMDAwIGNoYXJhY3RlcnMpJyk7XG4gICAgfVxuXG4gICAgLy8gUmVqZWN0IHByb3RvY29sLXJlbGF0aXZlIFVSTHMgdGhhdCBjb3VsZCBieXBhc3MgdmFsaWRhdGlvblxuICAgIGlmICh1cmwuc3RhcnRzV2l0aCgnLy8nKSkge1xuICAgICAgdGhyb3cgbmV3IEVycm9yKCdQcm90b2NvbC1yZWxhdGl2ZSBVUkxzIGFyZSBub3QgYWxsb3dlZCcpO1xuICAgIH1cblxuICAgIHRyeSB7XG4gICAgICAvLyBEZWNvZGUgVVJMIHRvIHByZXZlbnQgZW5jb2RpbmctYmFzZWQgYnlwYXNzZXNcbiAgICAgIGxldCBkZWNvZGVkVXJsID0gdXJsO1xuICAgICAgdHJ5IHtcbiAgICAgICAgZGVjb2RlZFVybCA9IGRlY29kZVVSSUNvbXBvbmVudCh1cmwpO1xuICAgICAgfSBjYXRjaCB7XG4gICAgICAgIC8vIElmIGRlY29kaW5nIGZhaWxzLCB1c2Ugb3JpZ2luYWwgVVJMXG4gICAgICB9XG4gICAgICBcbiAgICAgIGNvbnN0IHBhcnNlZCA9IG5ldyBVUkwoZGVjb2RlZFVybCk7XG4gICAgICBcbiAgICAgIC8vIFByb3RvY29sIHZhbGlkYXRpb25cbiAgICAgIGlmICghWydodHRwOicsICdodHRwczonXS5pbmNsdWRlcyhwYXJzZWQucHJvdG9jb2wpKSB7XG4gICAgICAgIHRocm93IG5ldyBFcnJvcignT25seSBIVFRQKFMpIFVSTHMgYXJlIGFsbG93ZWQnKTtcbiAgICAgIH1cbiAgICAgIFxuICAgICAgLy8gRW5oYW5jZWQgU1NSRiBwcm90ZWN0aW9uIHdpdGggSUROIG5vcm1hbGl6YXRpb25cbiAgICAgIGxldCBob3N0bmFtZSA9IHBhcnNlZC5ob3N0bmFtZS50b0xvd2VyQ2FzZSgpO1xuICAgICAgXG4gICAgICAvLyBIYW5kbGUgSUROIChJbnRlcm5hdGlvbmFsIERvbWFpbiBOYW1lcykgYnkgY29udmVydGluZyB0byBBU0NJSVxuICAgICAgdHJ5IHtcbiAgICAgICAgY29uc3QgaWRuTm9ybWFsaXplZCA9IG5ldyBVUkwoYGh0dHA6Ly8ke2hvc3RuYW1lfWApLmhvc3RuYW1lO1xuICAgICAgICBob3N0bmFtZSA9IGlkbk5vcm1hbGl6ZWQ7XG4gICAgICB9IGNhdGNoIChpZG5FcnJvcikge1xuICAgICAgICAvLyBJZiBJRE4gY29udmVyc2lvbiBmYWlscywgcmVqZWN0IHRoZSBVUkwgZm9yIHNlY3VyaXR5XG4gICAgICAgIHRocm93IG5ldyBFcnJvcignSW52YWxpZCBob3N0bmFtZTogSUROIGNvbnZlcnNpb24gZmFpbGVkIC0gcG90ZW50aWFsbHkgbWFsaWNpb3VzIGRvbWFpbiBuYW1lJyk7XG4gICAgICB9XG4gICAgICBcbiAgICAgIC8vIENoZWNrIGZvciBwcml2YXRlIElQcyAobm93IHdpdGggSUROLW5vcm1hbGl6ZWQgaG9zdG5hbWUpXG4gICAgICBpZiAodGhpcy5pc1ByaXZhdGVJUChob3N0bmFtZSkpIHtcbiAgICAgICAgdGhyb3cgbmV3IEVycm9yKCdQcml2YXRlIG5ldHdvcmsgVVJMcyBhcmUgbm90IGFsbG93ZWQnKTtcbiAgICAgIH1cbiAgICAgIFxuICAgICAgLy8gQWRkaXRpb25hbCBTU1JGIGNoZWNrcyBmb3IgZW5jb2RlZCBJUHNcbiAgICAgIGlmICh0aGlzLmlzRW5jb2RlZFByaXZhdGVJUChob3N0bmFtZSkpIHtcbiAgICAgICAgdGhyb3cgbmV3IEVycm9yKCdFbmNvZGVkIHByaXZhdGUgbmV0d29yayBVUkxzIGFyZSBub3QgYWxsb3dlZCcpO1xuICAgICAgfVxuXG4gICAgICByZXR1cm4gdXJsO1xuICAgIH0gY2F0Y2ggKGVycm9yKSB7XG4gICAgICBpZiAoZXJyb3IgaW5zdGFuY2VvZiBFcnJvciAmJiAoZXJyb3IubWVzc2FnZS5pbmNsdWRlcygnUHJpdmF0ZSBuZXR3b3JrJykgfHwgZXJyb3IubWVzc2FnZS5pbmNsdWRlcygnRW5jb2RlZCBwcml2YXRlJykpKSB7XG4gICAgICAgIHRocm93IGVycm9yO1xuICAgICAgfVxuICAgICAgY29uc3QgZXJyb3JNZXNzYWdlID0gZXJyb3IgaW5zdGFuY2VvZiBFcnJvciA/IGVycm9yLm1lc3NhZ2UgOiAnVW5rbm93biBlcnJvcic7XG4gICAgICB0aHJvdyBuZXcgRXJyb3IoYEludmFsaWQgVVJMIGZvcm1hdDogJHtlcnJvck1lc3NhZ2V9YCk7XG4gICAgfVxuICB9XG5cbiAgLyoqXG4gICAqIFZhbGlkYXRlIGV4cGlyeSBkYXlzIGZvciBzaGFyaW5nXG4gICAqL1xuICBzdGF0aWMgdmFsaWRhdGVFeHBpcnlEYXlzKGRheXM6IG51bWJlcik6IG51bWJlciB7XG4gICAgaWYgKHR5cGVvZiBkYXlzICE9PSAnbnVtYmVyJykge1xuICAgICAgdGhyb3cgbmV3IEVycm9yKCdFeHBpcnkgZGF5cyBtdXN0IGJlIGEgdmFsaWQgbnVtYmVyJyk7XG4gICAgfVxuICAgIFxuICAgIGlmIChpc05hTihkYXlzKSB8fCAhaXNGaW5pdGUoZGF5cykpIHtcbiAgICAgIHRocm93IG5ldyBFcnJvcignRXhwaXJ5IGRheXMgbXVzdCBiZSBhIHZhbGlkIG51bWJlcicpO1xuICAgIH1cblxuICAgIGlmIChkYXlzIDwgMSB8fCBkYXlzID4gMzY1KSB7XG4gICAgICB0aHJvdyBuZXcgRXJyb3IoJ0V4cGlyeSBkYXlzIG11c3QgYmUgYmV0d2VlbiAxIGFuZCAzNjUnKTtcbiAgICB9XG5cbiAgICByZXR1cm4gTWF0aC5mbG9vcihkYXlzKTtcbiAgfVxuXG4gIC8qKlxuICAgKiBWYWxpZGF0ZSBib29sZWFuIGNvbmZpcm1hdGlvbiBwYXJhbWV0ZXJzXG4gICAqL1xuICBzdGF0aWMgdmFsaWRhdGVDb25maXJtYXRpb24oY29uZmlybTogYm9vbGVhbiwgb3BlcmF0aW9uTmFtZTogc3RyaW5nKTogYm9vbGVhbiB7XG4gICAgaWYgKHR5cGVvZiBjb25maXJtICE9PSAnYm9vbGVhbicpIHtcbiAgICAgIHRocm93IG5ldyBFcnJvcihgJHtvcGVyYXRpb25OYW1lfSBjb25maXJtYXRpb24gbXVzdCBiZSBhIGJvb2xlYW4gdmFsdWVgKTtcbiAgICB9XG5cbiAgICBpZiAoIWNvbmZpcm0pIHtcbiAgICAgIHRocm93IG5ldyBFcnJvcihgJHtvcGVyYXRpb25OYW1lfSBvcGVyYXRpb24gcmVxdWlyZXMgZXhwbGljaXQgY29uZmlybWF0aW9uICh0cnVlKWApO1xuICAgIH1cblxuICAgIHJldHVybiBjb25maXJtO1xuICB9XG5cbiAgLyoqXG4gICAqIFZhbGlkYXRlIGZpZWxkIG5hbWUgZm9yIGVkaXQgb3BlcmF0aW9uc1xuICAgKi9cbiAgc3RhdGljIHZhbGlkYXRlRWRpdEZpZWxkKGZpZWxkOiBzdHJpbmcpOiBzdHJpbmcge1xuICAgIGlmICghZmllbGQgfHwgdHlwZW9mIGZpZWxkICE9PSAnc3RyaW5nJykge1xuICAgICAgdGhyb3cgbmV3IEVycm9yKCdGaWVsZCBuYW1lIG11c3QgYmUgYSBub24tZW1wdHkgc3RyaW5nJyk7XG4gICAgfVxuXG4gICAgY29uc3QgdmFsaWRGaWVsZHMgPSBbXG4gICAgICAnbmFtZScsICdkZXNjcmlwdGlvbicsICdjYXRlZ29yeScsICdpbnN0cnVjdGlvbnMnLCBcbiAgICAgICd0cmlnZ2VycycsICd2ZXJzaW9uJywgJ2F1dGhvcicsICd0YWdzJ1xuICAgIF07XG5cbiAgICBjb25zdCBub3JtYWxpemVkRmllbGQgPSBmaWVsZC50b0xvd2VyQ2FzZSgpLnRyaW0oKTtcbiAgICBpZiAoIXZhbGlkRmllbGRzLmluY2x1ZGVzKG5vcm1hbGl6ZWRGaWVsZCkpIHtcbiAgICAgIHRocm93IG5ldyBFcnJvcihgSW52YWxpZCBmaWVsZCBuYW1lLiBNdXN0IGJlIG9uZSBvZjogJHt2YWxpZEZpZWxkcy5qb2luKCcsICcpfWApO1xuICAgIH1cblxuICAgIHJldHVybiBub3JtYWxpemVkRmllbGQ7XG4gIH1cblxuICAvKipcbiAgICogQ2hlY2sgaWYgaG9zdG5hbWUgaXMgYSBwcml2YXRlIElQIGFkZHJlc3MgKElQdjQgYW5kIElQdjYpXG4gICAqL1xuICBwcml2YXRlIHN0YXRpYyBpc1ByaXZhdGVJUChob3N0bmFtZTogc3RyaW5nKTogYm9vbGVhbiB7XG4gICAgLy8gQ2hlY2sgZm9yIGxvY2FsaG9zdCB2YXJpYXRpb25zXG4gICAgaWYgKFsnbG9jYWxob3N0JywgJzEyNy4wLjAuMScsICc6OjEnXS5pbmNsdWRlcyhob3N0bmFtZSkpIHtcbiAgICAgIHJldHVybiB0cnVlO1xuICAgIH1cblxuICAgIC8vIENoZWNrIGZvciBwcml2YXRlIElQdjQgcmFuZ2VzXG4gICAgY29uc3QgaXB2NFJlZ2V4ID0gL14oXFxkKylcXC4oXFxkKylcXC4oXFxkKylcXC4oXFxkKykkLztcbiAgICBjb25zdCBpcHY0TWF0Y2ggPSBob3N0bmFtZS5tYXRjaChpcHY0UmVnZXgpO1xuICAgIFxuICAgIGlmIChpcHY0TWF0Y2gpIHtcbiAgICAgIGNvbnN0IFssIGEsIGIsIGMsIGRdID0gaXB2NE1hdGNoLm1hcChOdW1iZXIpO1xuICAgICAgXG4gICAgICAvLyAxMC4wLjAuMC84XG4gICAgICBpZiAoYSA9PT0gMTApIHJldHVybiB0cnVlO1xuICAgICAgXG4gICAgICAvLyAxNzIuMTYuMC4wLzEyXG4gICAgICBpZiAoYSA9PT0gMTcyICYmIGIgPj0gMTYgJiYgYiA8PSAzMSkgcmV0dXJuIHRydWU7XG4gICAgICBcbiAgICAgIC8vIDE5Mi4xNjguMC4wLzE2XG4gICAgICBpZiAoYSA9PT0gMTkyICYmIGIgPT09IDE2OCkgcmV0dXJuIHRydWU7XG4gICAgICBcbiAgICAgIC8vIDE2OS4yNTQuMC4wLzE2IChsaW5rLWxvY2FsKVxuICAgICAgaWYgKGEgPT09IDE2OSAmJiBiID09PSAyNTQpIHJldHVybiB0cnVlO1xuICAgIH1cblxuICAgIC8vIENoZWNrIGZvciBwcml2YXRlIElQdjYgcmFuZ2VzXG4gICAgY29uc3QgaXB2Nkxvd2VyID0gaG9zdG5hbWUudG9Mb3dlckNhc2UoKTtcbiAgICBcbiAgICAvLyBmYzAwOjovNyAtIFVuaXF1ZSBMb2NhbCBBZGRyZXNzZXMgKFVMQSlcbiAgICBpZiAoaXB2Nkxvd2VyLnN0YXJ0c1dpdGgoJ2ZjJykgfHwgaXB2Nkxvd2VyLnN0YXJ0c1dpdGgoJ2ZkJykpIHtcbiAgICAgIHJldHVybiB0cnVlO1xuICAgIH1cbiAgICBcbiAgICAvLyBmZTgwOjovMTAgLSBMaW5rLUxvY2FsIEFkZHJlc3Nlc1xuICAgIGlmIChpcHY2TG93ZXIuc3RhcnRzV2l0aCgnZmU4JykgfHwgaXB2Nkxvd2VyLnN0YXJ0c1dpdGgoJ2ZlOScpIHx8IFxuICAgICAgICBpcHY2TG93ZXIuc3RhcnRzV2l0aCgnZmVhJykgfHwgaXB2Nkxvd2VyLnN0YXJ0c1dpdGgoJ2ZlYicpKSB7XG4gICAgICByZXR1cm4gdHJ1ZTtcbiAgICB9XG4gICAgXG4gICAgLy8gQWRkaXRpb25hbCBJUHY2IGxvY2FsaG9zdCBmb3JtYXRzXG4gICAgaWYgKFsnOjoxJywgJzA6MDowOjA6MDowOjA6MSddLmluY2x1ZGVzKGlwdjZMb3dlcikpIHtcbiAgICAgIHJldHVybiB0cnVlO1xuICAgIH1cblxuICAgIHJldHVybiBmYWxzZTtcbiAgfVxuXG4gIC8qKlxuICAgKiBDaGVjayBmb3IgZW5jb2RlZCBwcml2YXRlIElQIGFkZHJlc3NlcyB0aGF0IGNvdWxkIGJ5cGFzcyBiYXNpYyBkZXRlY3Rpb25cbiAgICovXG4gIHByaXZhdGUgc3RhdGljIGlzRW5jb2RlZFByaXZhdGVJUChob3N0bmFtZTogc3RyaW5nKTogYm9vbGVhbiB7XG4gICAgLy8gQ2hlY2sgZm9yIGRlY2ltYWwgZW5jb2RlZCBJUHMgKGUuZy4sIDIxMzA3MDY0MzMgPSAxMjcuMC4wLjEpXG4gICAgaWYgKC9eXFxkezgsMTB9JC8udGVzdChob3N0bmFtZSkpIHtcbiAgICAgIGNvbnN0IG51bSA9IHBhcnNlSW50KGhvc3RuYW1lLCAxMCk7XG4gICAgICBpZiAobnVtID49IDAgJiYgbnVtIDw9IDQyOTQ5NjcyOTUpIHsgLy8gVmFsaWQgSVB2NCByYW5nZVxuICAgICAgICAvLyBDb252ZXJ0IHRvIElQIGZvcm1hdCBhbmQgY2hlY2sgaWYgcHJpdmF0ZVxuICAgICAgICBjb25zdCBpcCA9IFsobnVtID4+PiAyNCkgJiAyNTUsIChudW0gPj4+IDE2KSAmIDI1NSwgKG51bSA+Pj4gOCkgJiAyNTUsIG51bSAmIDI1NV0uam9pbignLicpO1xuICAgICAgICByZXR1cm4gdGhpcy5pc1ByaXZhdGVJUChpcCk7XG4gICAgICB9XG4gICAgfVxuICAgIFxuICAgIC8vIENoZWNrIGZvciBoZXggZW5jb2RlZCBJUHMgKGUuZy4sIDB4N2YwMDAwMDEgPSAxMjcuMC4wLjEpXG4gICAgaWYgKC9eMHhbMC05YS1mXXsxLDh9JC9pLnRlc3QoaG9zdG5hbWUpKSB7XG4gICAgICBjb25zdCBudW0gPSBwYXJzZUludChob3N0bmFtZSwgMTYpO1xuICAgICAgaWYgKG51bSA+PSAwICYmIG51bSA8PSA0Mjk0OTY3Mjk1KSB7XG4gICAgICAgIGNvbnN0IGlwID0gWyhudW0gPj4+IDI0KSAmIDI1NSwgKG51bSA+Pj4gMTYpICYgMjU1LCAobnVtID4+PiA4KSAmIDI1NSwgbnVtICYgMjU1XS5qb2luKCcuJyk7XG4gICAgICAgIHJldHVybiB0aGlzLmlzUHJpdmF0ZUlQKGlwKTtcbiAgICAgIH1cbiAgICB9XG4gICAgXG4gICAgLy8gQ2hlY2sgZm9yIG9jdGFsIGVuY29kZWQgSVBzIChlLmcuLCAwMTc3MDAwMDAwMDEgPSAxMjcuMC4wLjEpXG4gICAgaWYgKC9eMFswLTddezgsMTF9JC8udGVzdChob3N0bmFtZSkpIHtcbiAgICAgIGNvbnN0IG51bSA9IHBhcnNlSW50KGhvc3RuYW1lLCA4KTtcbiAgICAgIGlmIChudW0gPj0gMCAmJiBudW0gPD0gNDI5NDk2NzI5NSkge1xuICAgICAgICBjb25zdCBpcCA9IFsobnVtID4+PiAyNCkgJiAyNTUsIChudW0gPj4+IDE2KSAmIDI1NSwgKG51bSA+Pj4gOCkgJiAyNTUsIG51bSAmIDI1NV0uam9pbignLicpO1xuICAgICAgICByZXR1cm4gdGhpcy5pc1ByaXZhdGVJUChpcCk7XG4gICAgICB9XG4gICAgfVxuICAgIFxuICAgIHJldHVybiBmYWxzZTtcbiAgfVxufVxuXG4vKipcbiAqIFZhbGlkYXRlIGFuZCBzYW5pdGl6ZSBhIGZpbGVuYW1lXG4gKi9cbmV4cG9ydCBmdW5jdGlvbiB2YWxpZGF0ZUZpbGVuYW1lKGZpbGVuYW1lOiBzdHJpbmcpOiBzdHJpbmcge1xuICBpZiAoIWZpbGVuYW1lIHx8IHR5cGVvZiBmaWxlbmFtZSAhPT0gJ3N0cmluZycpIHtcbiAgICB0aHJvdyBuZXcgRXJyb3IoJ0ZpbGVuYW1lIG11c3QgYmUgYSBub24tZW1wdHkgc3RyaW5nJyk7XG4gIH1cbiAgXG4gIGlmIChmaWxlbmFtZS5sZW5ndGggPiBTRUNVUklUWV9MSU1JVFMuTUFYX0ZJTEVOQU1FX0xFTkdUSCkge1xuICAgIHRocm93IG5ldyBFcnJvcihgRmlsZW5hbWUgdG9vIGxvbmcgKG1heCAke1NFQ1VSSVRZX0xJTUlUUy5NQVhfRklMRU5BTUVfTEVOR1RIfSBjaGFyYWN0ZXJzKWApO1xuICB9XG4gIFxuICAvLyBSZW1vdmUgYW55IHBhdGggc2VwYXJhdG9ycyBhbmQgZGFuZ2Vyb3VzIGNoYXJhY3RlcnNcbiAgY29uc3Qgc2FuaXRpemVkID0gZmlsZW5hbWUucmVwbGFjZSgvW1xcL1xcXFw6Kj9cIjw+fF0vZywgJycpLnJlcGxhY2UoL15cXC4rLywgJycpO1xuICBcbiAgaWYgKCFWQUxJREFUSU9OX1BBVFRFUk5TLlNBRkVfRklMRU5BTUUudGVzdChzYW5pdGl6ZWQpKSB7XG4gICAgdGhyb3cgbmV3IEVycm9yKCdJbnZhbGlkIGZpbGVuYW1lIGZvcm1hdC4gVXNlIGFscGhhbnVtZXJpYyBjaGFyYWN0ZXJzLCBoeXBoZW5zLCB1bmRlcnNjb3JlcywgYW5kIGRvdHMgb25seS4nKTtcbiAgfVxuICBcbiAgcmV0dXJuIHNhbml0aXplZDtcbn1cblxuLyoqXG4gKiBWYWxpZGF0ZSBhbmQgc2FuaXRpemUgYSBwYXRoXG4gKi9cbmV4cG9ydCBmdW5jdGlvbiB2YWxpZGF0ZVBhdGgoaW5wdXRQYXRoOiBzdHJpbmcsIGJhc2VEaXI/OiBzdHJpbmcpOiBzdHJpbmcge1xuICBpZiAoIWlucHV0UGF0aCB8fCB0eXBlb2YgaW5wdXRQYXRoICE9PSAnc3RyaW5nJykge1xuICAgIHRocm93IG5ldyBFcnJvcignUGF0aCBtdXN0IGJlIGEgbm9uLWVtcHR5IHN0cmluZycpO1xuICB9XG4gIFxuICAvLyBJZiBiYXNlRGlyIGlzIHByb3ZpZGVkIGFuZCBpbnB1dFBhdGggaXMgYWJzb2x1dGUsIHJlamVjdCBpdFxuICBpZiAoYmFzZURpciAmJiBwYXRoLmlzQWJzb2x1dGUoaW5wdXRQYXRoKSkge1xuICAgIHRocm93IG5ldyBFcnJvcignQWJzb2x1dGUgcGF0aHMgbm90IGFsbG93ZWQgd2hlbiBiYXNlIGRpcmVjdG9yeSBpcyBzcGVjaWZpZWQnKTtcbiAgfVxuICBcbiAgLy8gUmVtb3ZlIGxlYWRpbmcvdHJhaWxpbmcgc2xhc2hlcyBhbmQgbm9ybWFsaXplXG4gIC8vIExlbmd0aCBsaW1pdHMgYWRkZWQgdG8gcHJldmVudCBSZURvUyBhdHRhY2tzXG4gIGNvbnN0IG5vcm1hbGl6ZWQgPSBpbnB1dFBhdGgucmVwbGFjZSgvXlxcL3sxLDEwMH18XFwvezEsMTAwfSQvZywgJycpLnJlcGxhY2UoL1xcL3sxLDEwMH0vZywgJy8nKTtcbiAgXG4gIGlmICghVkFMSURBVElPTl9QQVRURVJOUy5TQUZFX1BBVEgudGVzdChub3JtYWxpemVkKSkge1xuICAgIHRocm93IG5ldyBFcnJvcignSW52YWxpZCBwYXRoIGZvcm1hdC4gVXNlIGFscGhhbnVtZXJpYyBjaGFyYWN0ZXJzLCBoeXBoZW5zLCB1bmRlcnNjb3JlcywgZG90cywgYW5kIGZvcndhcmQgc2xhc2hlcyBvbmx5LicpO1xuICB9XG4gIFxuICAvLyBDaGVjayBmb3IgcGF0aCB0cmF2ZXJzYWwgYXR0ZW1wdHNcbiAgaWYgKG5vcm1hbGl6ZWQuaW5jbHVkZXMoJy4uJykgfHwgbm9ybWFsaXplZC5pbmNsdWRlcygnLi8nKSB8fCBub3JtYWxpemVkLmluY2x1ZGVzKCcvLicpKSB7XG4gICAgdGhyb3cgbmV3IEVycm9yKCdQYXRoIHRyYXZlcnNhbCBub3QgYWxsb3dlZCcpO1xuICB9XG4gIFxuICAvLyBWYWxpZGF0ZSBwYXRoIGRlcHRoXG4gIGNvbnN0IGRlcHRoID0gbm9ybWFsaXplZC5zcGxpdCgnLycpLmxlbmd0aDtcbiAgaWYgKGRlcHRoID4gU0VDVVJJVFlfTElNSVRTLk1BWF9QQVRIX0RFUFRIKSB7XG4gICAgdGhyb3cgbmV3IEVycm9yKGBQYXRoIHRvbyBkZWVwIChtYXggJHtTRUNVUklUWV9MSU1JVFMuTUFYX1BBVEhfREVQVEh9IGxldmVscylgKTtcbiAgfVxuICBcbiAgLy8gSWYgYmFzZURpciBwcm92aWRlZCwgZW5zdXJlIHBhdGggaXMgd2l0aGluIGl0XG4gIGlmIChiYXNlRGlyKSB7XG4gICAgY29uc3QgcmVzb2x2ZWRQYXRoID0gcGF0aC5yZXNvbHZlKGJhc2VEaXIsIG5vcm1hbGl6ZWQpO1xuICAgIGNvbnN0IHJlc29sdmVkQmFzZSA9IHBhdGgucmVzb2x2ZShiYXNlRGlyKTtcbiAgICBcbiAgICBpZiAoIXJlc29sdmVkUGF0aC5zdGFydHNXaXRoKHJlc29sdmVkQmFzZSkpIHtcbiAgICAgIHRocm93IG5ldyBFcnJvcignUGF0aCB0cmF2ZXJzYWwgYXR0ZW1wdCBkZXRlY3RlZCcpO1xuICAgIH1cbiAgfVxuICBcbiAgcmV0dXJuIG5vcm1hbGl6ZWQ7XG59XG5cbi8qKlxuICogVmFsaWRhdGUgYW5kIHNhbml0aXplIGEgdXNlcm5hbWVcbiAqL1xuZXhwb3J0IGZ1bmN0aW9uIHZhbGlkYXRlVXNlcm5hbWUodXNlcm5hbWU6IHN0cmluZyk6IHN0cmluZyB7XG4gIGlmICghdXNlcm5hbWUgfHwgdHlwZW9mIHVzZXJuYW1lICE9PSAnc3RyaW5nJykge1xuICAgIHRocm93IG5ldyBFcnJvcignVXNlcm5hbWUgbXVzdCBiZSBhIG5vbi1lbXB0eSBzdHJpbmcnKTtcbiAgfVxuICBcbiAgaWYgKCFWQUxJREFUSU9OX1BBVFRFUk5TLlNBRkVfVVNFUk5BTUUudGVzdCh1c2VybmFtZSkpIHtcbiAgICB0aHJvdyBuZXcgRXJyb3IoJ0ludmFsaWQgdXNlcm5hbWUgZm9ybWF0LiBVc2UgYWxwaGFudW1lcmljIGNoYXJhY3RlcnMsIGh5cGhlbnMsIHVuZGVyc2NvcmVzLCBhbmQgZG90cyBvbmx5LicpO1xuICB9XG4gIFxuICByZXR1cm4gdXNlcm5hbWUudG9Mb3dlckNhc2UoKTtcbn1cblxuLyoqXG4gKiBWYWxpZGF0ZSBhIGNhdGVnb3J5XG4gKi9cbmV4cG9ydCBmdW5jdGlvbiB2YWxpZGF0ZUNhdGVnb3J5KGNhdGVnb3J5OiBzdHJpbmcpOiBzdHJpbmcge1xuICBpZiAoIWNhdGVnb3J5IHx8IHR5cGVvZiBjYXRlZ29yeSAhPT0gJ3N0cmluZycpIHtcbiAgICB0aHJvdyBuZXcgRXJyb3IoJ0NhdGVnb3J5IG11c3QgYmUgYSBub24tZW1wdHkgc3RyaW5nJyk7XG4gIH1cbiAgXG4gIGlmICghVkFMSURBVElPTl9QQVRURVJOUy5TQUZFX0NBVEVHT1JZLnRlc3QoY2F0ZWdvcnkpKSB7XG4gICAgdGhyb3cgbmV3IEVycm9yKCdJbnZhbGlkIGNhdGVnb3J5IGZvcm1hdC4gVXNlIGFscGhhYmV0aWMgY2hhcmFjdGVycywgaHlwaGVucywgYW5kIHVuZGVyc2NvcmVzIG9ubHkuJyk7XG4gIH1cbiAgXG4gIGNvbnN0IG5vcm1hbGl6ZWQgPSBjYXRlZ29yeS50b0xvd2VyQ2FzZSgpO1xuICBcbiAgaWYgKCFWQUxJRF9DQVRFR09SSUVTLmluY2x1ZGVzKG5vcm1hbGl6ZWQpKSB7XG4gICAgdGhyb3cgbmV3IEVycm9yKGBJbnZhbGlkIGNhdGVnb3J5LiBNdXN0IGJlIG9uZSBvZjogJHtWQUxJRF9DQVRFR09SSUVTLmpvaW4oJywgJyl9YCk7XG4gIH1cbiAgXG4gIHJldHVybiBub3JtYWxpemVkO1xufVxuXG4vKipcbiAqIFZhbGlkYXRlIGNvbnRlbnQgc2l6ZVxuICovXG5leHBvcnQgZnVuY3Rpb24gdmFsaWRhdGVDb250ZW50U2l6ZShjb250ZW50OiBzdHJpbmcsIG1heFNpemU6IG51bWJlciA9IFNFQ1VSSVRZX0xJTUlUUy5NQVhfQ09OVEVOVF9MRU5HVEgpOiB2b2lkIHtcbiAgaWYgKCFjb250ZW50IHx8IHR5cGVvZiBjb250ZW50ICE9PSAnc3RyaW5nJykge1xuICAgIHRocm93IG5ldyBFcnJvcignQ29udGVudCBtdXN0IGJlIGEgbm9uLWVtcHR5IHN0cmluZycpO1xuICB9XG4gIFxuICBjb25zdCBzaXplQnl0ZXMgPSBCdWZmZXIuYnl0ZUxlbmd0aChjb250ZW50LCAndXRmOCcpO1xuICBpZiAoc2l6ZUJ5dGVzID4gbWF4U2l6ZSkge1xuICAgIHRocm93IG5ldyBFcnJvcihgQ29udGVudCB0b28gbGFyZ2UgKCR7c2l6ZUJ5dGVzfSBieXRlcywgbWF4ICR7bWF4U2l6ZX0gYnl0ZXMpYCk7XG4gIH1cbn1cblxuLyoqXG4gKiBHZW5lcmFsIGlucHV0IHNhbml0aXphdGlvblxuICovXG5leHBvcnQgZnVuY3Rpb24gc2FuaXRpemVJbnB1dChpbnB1dDogc3RyaW5nLCBtYXhMZW5ndGg6IG51bWJlciA9IDEwMDApOiBzdHJpbmcge1xuICBpZiAoIWlucHV0IHx8IHR5cGVvZiBpbnB1dCAhPT0gJ3N0cmluZycpIHtcbiAgICByZXR1cm4gJyc7XG4gIH1cbiAgXG4gIC8vIFJlbW92ZSBwb3RlbnRpYWxseSBkYW5nZXJvdXMgY2hhcmFjdGVycyBhbmQgbGltaXQgbGVuZ3RoXG4gIHJldHVybiBpbnB1dFxuICAgIC5yZXBsYWNlKC9bXFx4MDAtXFx4MUZcXHg3Rl0vZywgJycpIC8vIFJlbW92ZSBjb250cm9sIGNoYXJhY3RlcnNcbiAgICAucmVwbGFjZSgvWzw+J1wiJl0vZywgJycpIC8vIFJlbW92ZSBIVE1MLWRhbmdlcm91cyBjaGFyYWN0ZXJzXG4gICAgLnJlcGxhY2UoL1s7JnxgJCgpIVxcXFx+Kj97fV0vZywgJycpIC8vIFJlbW92ZSBzaGVsbCBtZXRhY2hhcmFjdGVycyAoZXhwYW5kZWQpXG4gICAgLnJlcGxhY2UoL1tcXHUyMDJFXFx1RkVGRl0vZywgJycpIC8vIFJlbW92ZSBSVEwgb3ZlcnJpZGUgYW5kIHplcm8td2lkdGggY2hhcnNcbiAgICAuc3Vic3RyaW5nKDAsIG1heExlbmd0aClcbiAgICAudHJpbSgpO1xufSJdfQ==

package/dist/src/security/commandValidator.d.ts

@@ -0,0 +1,7 @@
+import { SpawnOptions } from 'child_process';
+export declare class CommandValidator {
+    static sanitizeCommand(cmd: string, args: string[]): void;
+    private static isSafeArgument;
+    static secureExec(command: string, args: string[], options?: SpawnOptions): Promise<string>;
+}
+//# sourceMappingURL=commandValidator.d.ts.map

package/dist/src/security/commandValidator.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"commandValidator.d.ts","sourceRoot":"","sources":["../../../src/security/commandValidator.ts"],"names":[],"mappings":"AAAA,OAAO,EAAS,YAAY,EAAE,MAAM,eAAe,CAAC;AAUpD,qBAAa,gBAAgB;IAC3B,MAAM,CAAC,eAAe,CAAC,GAAG,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,GAAG,IAAI;IAczD,OAAO,CAAC,MAAM,CAAC,cAAc;WAKhB,UAAU,CAAC,OAAO,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,EAAE,OAAO,CAAC,EAAE,YAAY,GAAG,OAAO,CAAC,MAAM,CAAC;CA0DlG"}

package/dist/src/security/commandValidator.js

@@ -0,0 +1,77 @@
+import { spawn } from 'child_process';
+const ALLOWED_COMMANDS = {
+    git: ['pull', 'status', 'log', 'rev-parse', 'branch', 'checkout', 'fetch', '--abbrev-ref', 'HEAD', '--porcelain'],
+    npm: ['install', 'run', 'audit', 'ci', '--version', 'build'],
+    node: ['--version'],
+    npx: ['--version']
+};
+export class CommandValidator {
+    static sanitizeCommand(cmd, args) {
+        if (!ALLOWED_COMMANDS[cmd]) {
+            throw new Error(`Command not allowed: ${cmd}`);
+        }
+        const allowedArgs = ALLOWED_COMMANDS[cmd];
+        for (const arg of args) {
+            // Check if it's in allowed list or matches safe pattern
+            if (!allowedArgs.includes(arg) && !this.isSafeArgument(arg)) {
+                throw new Error(`Argument not allowed: ${arg}`);
+            }
+        }
+    }
+    static isSafeArgument(arg) {
+        // Allow alphanumeric, dash, underscore, dot, and forward slash
+        return /^[a-zA-Z0-9\-_.\/]+$/.test(arg);
+    }
+    static async secureExec(command, args, options) {
+        this.sanitizeCommand(command, args);
+        const safeOptions = {
+            ...options,
+            stdio: ['ignore', 'pipe', 'pipe'],
+            env: {
+                ...process.env,
+                PATH: '/usr/bin:/bin:/usr/local/bin' // Restrict PATH
+            },
+            cwd: options?.cwd || process.cwd(),
+            timeout: options?.timeout || 30000 // 30 second default
+        };
+        return new Promise((resolve, reject) => {
+            const proc = spawn(command, args, safeOptions);
+            let stdout = '';
+            let stderr = '';
+            let timeoutHandle;
+            let isCompleted = false;
+            // Helper to safely resolve/reject only once
+            const complete = (fn) => {
+                if (!isCompleted) {
+                    isCompleted = true;
+                    if (timeoutHandle) {
+                        clearTimeout(timeoutHandle);
+                    }
+                    fn();
+                }
+            };
+            // Handle timeout
+            if (options?.timeout) {
+                timeoutHandle = setTimeout(() => {
+                    proc.kill('SIGTERM');
+                    complete(() => reject(new Error(`Command timed out after ${options.timeout}ms`)));
+                }, options.timeout);
+                timeoutHandle.unref();
+            }
+            proc.stdout?.on('data', (data) => stdout += data);
+            proc.stderr?.on('data', (data) => stderr += data);
+            proc.on('exit', (code) => {
+                if (code === 0) {
+                    complete(() => resolve(stdout.trim()));
+                }
+                else {
+                    complete(() => reject(new Error(`Command failed (${code}): ${stderr}`)));
+                }
+            });
+            proc.on('error', (error) => {
+                complete(() => reject(error));
+            });
+        });
+    }
+}
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiY29tbWFuZFZhbGlkYXRvci5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uLy4uL3NyYy9zZWN1cml0eS9jb21tYW5kVmFsaWRhdG9yLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiJBQUFBLE9BQU8sRUFBRSxLQUFLLEVBQWdCLE1BQU0sZUFBZSxDQUFDO0FBR3BELE1BQU0sZ0JBQWdCLEdBQTZCO0lBQ2pELEdBQUcsRUFBRSxDQUFDLE1BQU0sRUFBRSxRQUFRLEVBQUUsS0FBSyxFQUFFLFdBQVcsRUFBRSxRQUFRLEVBQUUsVUFBVSxFQUFFLE9BQU8sRUFBRSxjQUFjLEVBQUUsTUFBTSxFQUFFLGFBQWEsQ0FBQztJQUNqSCxHQUFHLEVBQUUsQ0FBQyxTQUFTLEVBQUUsS0FBSyxFQUFFLE9BQU8sRUFBRSxJQUFJLEVBQUUsV0FBVyxFQUFFLE9BQU8sQ0FBQztJQUM1RCxJQUFJLEVBQUUsQ0FBQyxXQUFXLENBQUM7SUFDbkIsR0FBRyxFQUFFLENBQUMsV0FBVyxDQUFDO0NBQ25CLENBQUM7QUFFRixNQUFNLE9BQU8sZ0JBQWdCO0lBQzNCLE1BQU0sQ0FBQyxlQUFlLENBQUMsR0FBVyxFQUFFLElBQWM7UUFDaEQsSUFBSSxDQUFDLGdCQUFnQixDQUFDLEdBQUcsQ0FBQyxFQUFFLENBQUM7WUFDM0IsTUFBTSxJQUFJLEtBQUssQ0FBQyx3QkFBd0IsR0FBRyxFQUFFLENBQUMsQ0FBQztRQUNqRCxDQUFDO1FBRUQsTUFBTSxXQUFXLEdBQUcsZ0JBQWdCLENBQUMsR0FBRyxDQUFDLENBQUM7UUFDMUMsS0FBSyxNQUFNLEdBQUcsSUFBSSxJQUFJLEVBQUUsQ0FBQztZQUN2Qix3REFBd0Q7WUFDeEQsSUFBSSxDQUFDLFdBQVcsQ0FBQyxRQUFRLENBQUMsR0FBRyxDQUFDLElBQUksQ0FBQyxJQUFJLENBQUMsY0FBYyxDQUFDLEdBQUcsQ0FBQyxFQUFFLENBQUM7Z0JBQzVELE1BQU0sSUFBSSxLQUFLLENBQUMseUJBQXlCLEdBQUcsRUFBRSxDQUFDLENBQUM7WUFDbEQsQ0FBQztRQUNILENBQUM7SUFDSCxDQUFDO0lBRU8sTUFBTSxDQUFDLGNBQWMsQ0FBQyxHQUFXO1FBQ3ZDLCtEQUErRDtRQUMvRCxPQUFPLHNCQUFzQixDQUFDLElBQUksQ0FBQyxHQUFHLENBQUMsQ0FBQztJQUMxQyxDQUFDO0lBRUQsTUFBTSxDQUFDLEtBQUssQ0FBQyxVQUFVLENBQUMsT0FBZSxFQUFFLElBQWMsRUFBRSxPQUFzQjtRQUM3RSxJQUFJLENBQUMsZUFBZSxDQUFDLE9BQU8sRUFBRSxJQUFJLENBQUMsQ0FBQztRQUVwQyxNQUFNLFdBQVcsR0FBaUI7WUFDaEMsR0FBRyxPQUFPO1lBQ1YsS0FBSyxFQUFFLENBQUMsUUFBUSxFQUFFLE1BQU0sRUFBRSxNQUFNLENBQUM7WUFDakMsR0FBRyxFQUFFO2dCQUNILEdBQUcsT0FBTyxDQUFDLEdBQUc7Z0JBQ2QsSUFBSSxFQUFFLDhCQUE4QixDQUFDLGdCQUFnQjthQUN0RDtZQUNELEdBQUcsRUFBRSxPQUFPLEVBQUUsR0FBRyxJQUFJLE9BQU8sQ0FBQyxHQUFHLEVBQUU7WUFDbEMsT0FBTyxFQUFFLE9BQU8sRUFBRSxPQUFPLElBQUksS0FBSyxDQUFDLG9CQUFvQjtTQUN4RCxDQUFDO1FBRUYsT0FBTyxJQUFJLE9BQU8sQ0FBQyxDQUFDLE9BQU8sRUFBRSxNQUFNLEVBQUUsRUFBRTtZQUNyQyxNQUFNLElBQUksR0FBRyxLQUFLLENBQUMsT0FBTyxFQUFFLElBQUksRUFBRSxXQUFXLENBQUMsQ0FBQztZQUUvQyxJQUFJLE1BQU0sR0FBRyxFQUFFLENBQUM7WUFDaEIsSUFBSSxNQUFNLEdBQUcsRUFBRSxDQUFDO1lBQ2hCLElBQUksYUFBeUMsQ0FBQztZQUM5QyxJQUFJLFdBQVcsR0FBRyxLQUFLLENBQUM7WUFFeEIsNENBQTRDO1lBQzVDLE1BQU0sUUFBUSxHQUFHLENBQUMsRUFBYyxFQUFFLEVBQUU7Z0JBQ2xDLElBQUksQ0FBQyxXQUFXLEVBQUUsQ0FBQztvQkFDakIsV0FBVyxHQUFHLElBQUksQ0FBQztvQkFDbkIsSUFBSSxhQUFhLEVBQUUsQ0FBQzt3QkFDbEIsWUFBWSxDQUFDLGFBQWEsQ0FBQyxDQUFDO29CQUM5QixDQUFDO29CQUNELEVBQUUsRUFBRSxDQUFDO2dCQUNQLENBQUM7WUFDSCxDQUFDLENBQUM7WUFFRixpQkFBaUI7WUFDakIsSUFBSSxPQUFPLEVBQUUsT0FBTyxFQUFFLENBQUM7Z0JBQ3JCLGFBQWEsR0FBRyxVQUFVLENBQUMsR0FBRyxFQUFFO29CQUM5QixJQUFJLENBQUMsSUFBSSxDQUFDLFNBQVMsQ0FBQyxDQUFDO29CQUNyQixRQUFRLENBQUMsR0FBRyxFQUFFLENBQUMsTUFBTSxDQUFDLElBQUksS0FBSyxDQUFDLDJCQUEyQixPQUFPLENBQUMsT0FBTyxJQUFJLENBQUMsQ0FBQyxDQUFDLENBQUM7Z0JBQ3BGLENBQUMsRUFBRSxPQUFPLENBQUMsT0FBTyxDQUFDLENBQUM7Z0JBQ3BCLGFBQWEsQ0FBQyxLQUFLLEVBQUUsQ0FBQztZQUN4QixDQUFDO1lBRUQsSUFBSSxDQUFDLE1BQU0sRUFBRSxFQUFFLENBQUMsTUFBTSxFQUFFLENBQUMsSUFBSSxFQUFFLEVBQUUsQ0FBQyxNQUFNLElBQUksSUFBSSxDQUFDLENBQUM7WUFDbEQsSUFBSSxDQUFDLE1BQU0sRUFBRSxFQUFFLENBQUMsTUFBTSxFQUFFLENBQUMsSUFBSSxFQUFFLEVBQUUsQ0FBQyxNQUFNLElBQUksSUFBSSxDQUFDLENBQUM7WUFFbEQsSUFBSSxDQUFDLEVBQUUsQ0FBQyxNQUFNLEVBQUUsQ0FBQyxJQUFJLEVBQUUsRUFBRTtnQkFDdkIsSUFBSSxJQUFJLEtBQUssQ0FBQyxFQUFFLENBQUM7b0JBQ2YsUUFBUSxDQUFDLEdBQUcsRUFBRSxDQUFDLE9BQU8sQ0FBQyxNQUFNLENBQUMsSUFBSSxFQUFFLENBQUMsQ0FBQyxDQUFDO2dCQUN6QyxDQUFDO3FCQUFNLENBQUM7b0JBQ04sUUFBUSxDQUFDLEdBQUcsRUFBRSxDQUFDLE1BQU0sQ0FBQyxJQUFJLEtBQUssQ0FBQyxtQkFBbUIsSUFBSSxNQUFNLE1BQU0sRUFBRSxDQUFDLENBQUMsQ0FBQyxDQUFDO2dCQUMzRSxDQUFDO1lBQ0gsQ0FBQyxDQUFDLENBQUM7WUFFSCxJQUFJLENBQUMsRUFBRSxDQUFDLE9BQU8sRUFBRSxDQUFDLEtBQUssRUFBRSxFQUFFO2dCQUN6QixRQUFRLENBQUMsR0FBRyxFQUFFLENBQUMsTUFBTSxDQUFDLEtBQUssQ0FBQyxDQUFDLENBQUM7WUFDaEMsQ0FBQyxDQUFDLENBQUM7UUFDTCxDQUFDLENBQUMsQ0FBQztJQUNMLENBQUM7Q0FDRiIsInNvdXJjZXNDb250ZW50IjpbImltcG9ydCB7IHNwYXduLCBTcGF3bk9wdGlvbnMgfSBmcm9tICdjaGlsZF9wcm9jZXNzJztcbmltcG9ydCBwYXRoIGZyb20gJ3BhdGgnO1xuXG5jb25zdCBBTExPV0VEX0NPTU1BTkRTOiBSZWNvcmQ8c3RyaW5nLCBzdHJpbmdbXT4gPSB7XG4gIGdpdDogWydwdWxsJywgJ3N0YXR1cycsICdsb2cnLCAncmV2LXBhcnNlJywgJ2JyYW5jaCcsICdjaGVja291dCcsICdmZXRjaCcsICctLWFiYnJldi1yZWYnLCAnSEVBRCcsICctLXBvcmNlbGFpbiddLFxuICBucG06IFsnaW5zdGFsbCcsICdydW4nLCAnYXVkaXQnLCAnY2knLCAnLS12ZXJzaW9uJywgJ2J1aWxkJ10sXG4gIG5vZGU6IFsnLS12ZXJzaW9uJ10sXG4gIG5weDogWyctLXZlcnNpb24nXVxufTtcblxuZXhwb3J0IGNsYXNzIENvbW1hbmRWYWxpZGF0b3Ige1xuICBzdGF0aWMgc2FuaXRpemVDb21tYW5kKGNtZDogc3RyaW5nLCBhcmdzOiBzdHJpbmdbXSk6IHZvaWQge1xuICAgIGlmICghQUxMT1dFRF9DT01NQU5EU1tjbWRdKSB7XG4gICAgICB0aHJvdyBuZXcgRXJyb3IoYENvbW1hbmQgbm90IGFsbG93ZWQ6ICR7Y21kfWApO1xuICAgIH1cbiAgICBcbiAgICBjb25zdCBhbGxvd2VkQXJncyA9IEFMTE9XRURfQ09NTUFORFNbY21kXTtcbiAgICBmb3IgKGNvbnN0IGFyZyBvZiBhcmdzKSB7XG4gICAgICAvLyBDaGVjayBpZiBpdCdzIGluIGFsbG93ZWQgbGlzdCBvciBtYXRjaGVzIHNhZmUgcGF0dGVyblxuICAgICAgaWYgKCFhbGxvd2VkQXJncy5pbmNsdWRlcyhhcmcpICYmICF0aGlzLmlzU2FmZUFyZ3VtZW50KGFyZykpIHtcbiAgICAgICAgdGhyb3cgbmV3IEVycm9yKGBBcmd1bWVudCBub3QgYWxsb3dlZDogJHthcmd9YCk7XG4gICAgICB9XG4gICAgfVxuICB9XG5cbiAgcHJpdmF0ZSBzdGF0aWMgaXNTYWZlQXJndW1lbnQoYXJnOiBzdHJpbmcpOiBib29sZWFuIHtcbiAgICAvLyBBbGxvdyBhbHBoYW51bWVyaWMsIGRhc2gsIHVuZGVyc2NvcmUsIGRvdCwgYW5kIGZvcndhcmQgc2xhc2hcbiAgICByZXR1cm4gL15bYS16QS1aMC05XFwtXy5cXC9dKyQvLnRlc3QoYXJnKTtcbiAgfVxuXG4gIHN0YXRpYyBhc3luYyBzZWN1cmVFeGVjKGNvbW1hbmQ6IHN0cmluZywgYXJnczogc3RyaW5nW10sIG9wdGlvbnM/OiBTcGF3bk9wdGlvbnMpOiBQcm9taXNlPHN0cmluZz4ge1xuICAgIHRoaXMuc2FuaXRpemVDb21tYW5kKGNvbW1hbmQsIGFyZ3MpO1xuICAgIFxuICAgIGNvbnN0IHNhZmVPcHRpb25zOiBTcGF3bk9wdGlvbnMgPSB7XG4gICAgICAuLi5vcHRpb25zLFxuICAgICAgc3RkaW86IFsnaWdub3JlJywgJ3BpcGUnLCAncGlwZSddLFxuICAgICAgZW52OiB7XG4gICAgICAgIC4uLnByb2Nlc3MuZW52LFxuICAgICAgICBQQVRIOiAnL3Vzci9iaW46L2JpbjovdXNyL2xvY2FsL2JpbicgLy8gUmVzdHJpY3QgUEFUSFxuICAgICAgfSxcbiAgICAgIGN3ZDogb3B0aW9ucz8uY3dkIHx8IHByb2Nlc3MuY3dkKCksXG4gICAgICB0aW1lb3V0OiBvcHRpb25zPy50aW1lb3V0IHx8IDMwMDAwIC8vIDMwIHNlY29uZCBkZWZhdWx0XG4gICAgfTtcbiAgICBcbiAgICByZXR1cm4gbmV3IFByb21pc2UoKHJlc29sdmUsIHJlamVjdCkgPT4ge1xuICAgICAgY29uc3QgcHJvYyA9IHNwYXduKGNvbW1hbmQsIGFyZ3MsIHNhZmVPcHRpb25zKTtcbiAgICAgIFxuICAgICAgbGV0IHN0ZG91dCA9ICcnO1xuICAgICAgbGV0IHN0ZGVyciA9ICcnO1xuICAgICAgbGV0IHRpbWVvdXRIYW5kbGU6IE5vZGVKUy5UaW1lb3V0IHwgdW5kZWZpbmVkO1xuICAgICAgbGV0IGlzQ29tcGxldGVkID0gZmFsc2U7XG4gICAgICBcbiAgICAgIC8vIEhlbHBlciB0byBzYWZlbHkgcmVzb2x2ZS9yZWplY3Qgb25seSBvbmNlXG4gICAgICBjb25zdCBjb21wbGV0ZSA9IChmbjogKCkgPT4gdm9pZCkgPT4ge1xuICAgICAgICBpZiAoIWlzQ29tcGxldGVkKSB7XG4gICAgICAgICAgaXNDb21wbGV0ZWQgPSB0cnVlO1xuICAgICAgICAgIGlmICh0aW1lb3V0SGFuZGxlKSB7XG4gICAgICAgICAgICBjbGVhclRpbWVvdXQodGltZW91dEhhbmRsZSk7XG4gICAgICAgICAgfVxuICAgICAgICAgIGZuKCk7XG4gICAgICAgIH1cbiAgICAgIH07XG4gICAgICBcbiAgICAgIC8vIEhhbmRsZSB0aW1lb3V0XG4gICAgICBpZiAob3B0aW9ucz8udGltZW91dCkge1xuICAgICAgICB0aW1lb3V0SGFuZGxlID0gc2V0VGltZW91dCgoKSA9PiB7XG4gICAgICAgICAgcHJvYy5raWxsKCdTSUdURVJNJyk7XG4gICAgICAgICAgY29tcGxldGUoKCkgPT4gcmVqZWN0KG5ldyBFcnJvcihgQ29tbWFuZCB0aW1lZCBvdXQgYWZ0ZXIgJHtvcHRpb25zLnRpbWVvdXR9bXNgKSkpO1xuICAgICAgICB9LCBvcHRpb25zLnRpbWVvdXQpO1xuICAgICAgICB0aW1lb3V0SGFuZGxlLnVucmVmKCk7XG4gICAgICB9XG4gICAgICBcbiAgICAgIHByb2Muc3Rkb3V0Py5vbignZGF0YScsIChkYXRhKSA9PiBzdGRvdXQgKz0gZGF0YSk7XG4gICAgICBwcm9jLnN0ZGVycj8ub24oJ2RhdGEnLCAoZGF0YSkgPT4gc3RkZXJyICs9IGRhdGEpO1xuICAgICAgXG4gICAgICBwcm9jLm9uKCdleGl0JywgKGNvZGUpID0+IHtcbiAgICAgICAgaWYgKGNvZGUgPT09IDApIHtcbiAgICAgICAgICBjb21wbGV0ZSgoKSA9PiByZXNvbHZlKHN0ZG91dC50cmltKCkpKTtcbiAgICAgICAgfSBlbHNlIHtcbiAgICAgICAgICBjb21wbGV0ZSgoKSA9PiByZWplY3QobmV3IEVycm9yKGBDb21tYW5kIGZhaWxlZCAoJHtjb2RlfSk6ICR7c3RkZXJyfWApKSk7XG4gICAgICAgIH1cbiAgICAgIH0pO1xuICAgICAgXG4gICAgICBwcm9jLm9uKCdlcnJvcicsIChlcnJvcikgPT4ge1xuICAgICAgICBjb21wbGV0ZSgoKSA9PiByZWplY3QoZXJyb3IpKTtcbiAgICAgIH0pO1xuICAgIH0pO1xuICB9XG59Il19

package/dist/src/security/constants.d.ts

@@ -0,0 +1,21 @@
+/**
+ * Security-related constants and limits
+ */
+export declare const SECURITY_LIMITS: {
+    MAX_PERSONA_SIZE_BYTES: number;
+    MAX_FILENAME_LENGTH: number;
+    MAX_PATH_DEPTH: number;
+    MAX_CONTENT_LENGTH: number;
+    RATE_LIMIT_REQUESTS: number;
+    RATE_LIMIT_WINDOW_MS: number;
+    CACHE_TTL_MS: number;
+    MAX_SEARCH_RESULTS: number;
+};
+export declare const VALIDATION_PATTERNS: {
+    SAFE_FILENAME: RegExp;
+    SAFE_PATH: RegExp;
+    SAFE_USERNAME: RegExp;
+    SAFE_CATEGORY: RegExp;
+    SAFE_EMAIL: RegExp;
+};
+//# sourceMappingURL=constants.d.ts.map

package/dist/src/security/constants.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"constants.d.ts","sourceRoot":"","sources":["../../../src/security/constants.ts"],"names":[],"mappings":"AAAA;;GAEG;AAGH,eAAO,MAAM,eAAe;;;;;;;;;CAS3B,CAAC;AAGF,eAAO,MAAM,mBAAmB;;;;;;CAM/B,CAAC"}

package/dist/src/security/constants.js

@@ -0,0 +1,23 @@
+/**
+ * Security-related constants and limits
+ */
+// Security and performance limits
+export const SECURITY_LIMITS = {
+    MAX_PERSONA_SIZE_BYTES: 1024 * 1024 * 2, // 2MB max persona file size
+    MAX_FILENAME_LENGTH: 255, // Max filename length
+    MAX_PATH_DEPTH: 10, // Max directory depth for paths
+    MAX_CONTENT_LENGTH: 500000, // Max persona content length (500KB)
+    RATE_LIMIT_REQUESTS: 100, // Max requests per window
+    RATE_LIMIT_WINDOW_MS: 60 * 1000, // 1 minute window
+    CACHE_TTL_MS: 5 * 60 * 1000, // 5 minute cache TTL
+    MAX_SEARCH_RESULTS: 50 // Max search results to return
+};
+// Input validation patterns
+export const VALIDATION_PATTERNS = {
+    SAFE_FILENAME: /^[a-zA-Z0-9][a-zA-Z0-9\-_.]{0,250}[a-zA-Z0-9]$/,
+    SAFE_PATH: /^[a-zA-Z0-9\/\-_.]{1,500}$/,
+    SAFE_USERNAME: /^[a-zA-Z0-9][a-zA-Z0-9\-_.]{0,30}[a-zA-Z0-9]$/,
+    SAFE_CATEGORY: /^[a-zA-Z][a-zA-Z0-9\-_]{0,20}$/,
+    SAFE_EMAIL: /^[^\s@]{1,64}@[^\s@]{1,253}\.[^\s@]{1,63}$/ // RFC 5321 compliant limits
+};
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiY29uc3RhbnRzLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vLi4vc3JjL3NlY3VyaXR5L2NvbnN0YW50cy50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiQUFBQTs7R0FFRztBQUVILGtDQUFrQztBQUNsQyxNQUFNLENBQUMsTUFBTSxlQUFlLEdBQUc7SUFDN0Isc0JBQXNCLEVBQUUsSUFBSSxHQUFHLElBQUksR0FBRyxDQUFDLEVBQUcsNEJBQTRCO0lBQ3RFLG1CQUFtQixFQUFFLEdBQUcsRUFBbUIsc0JBQXNCO0lBQ2pFLGNBQWMsRUFBRSxFQUFFLEVBQXdCLGdDQUFnQztJQUMxRSxrQkFBa0IsRUFBRSxNQUFNLEVBQWdCLHFDQUFxQztJQUMvRSxtQkFBbUIsRUFBRSxHQUFHLEVBQWtCLDBCQUEwQjtJQUNwRSxvQkFBb0IsRUFBRSxFQUFFLEdBQUcsSUFBSSxFQUFVLGtCQUFrQjtJQUMzRCxZQUFZLEVBQUUsQ0FBQyxHQUFHLEVBQUUsR0FBRyxJQUFJLEVBQWMscUJBQXFCO0lBQzlELGtCQUFrQixFQUFFLEVBQUUsQ0FBb0IsK0JBQStCO0NBQzFFLENBQUM7QUFFRiw0QkFBNEI7QUFDNUIsTUFBTSxDQUFDLE1BQU0sbUJBQW1CLEdBQUc7SUFDakMsYUFBYSxFQUFFLGdEQUFnRDtJQUMvRCxTQUFTLEVBQUUsNEJBQTRCO0lBQ3ZDLGFBQWEsRUFBRSwrQ0FBK0M7SUFDOUQsYUFBYSxFQUFFLGdDQUFnQztJQUMvQyxVQUFVLEVBQUUsNENBQTRDLENBQUUsNEJBQTRCO0NBQ3ZGLENBQUMiLCJzb3VyY2VzQ29udGVudCI6WyIvKipcbiAqIFNlY3VyaXR5LXJlbGF0ZWQgY29uc3RhbnRzIGFuZCBsaW1pdHNcbiAqL1xuXG4vLyBTZWN1cml0eSBhbmQgcGVyZm9ybWFuY2UgbGltaXRzXG5leHBvcnQgY29uc3QgU0VDVVJJVFlfTElNSVRTID0ge1xuICBNQVhfUEVSU09OQV9TSVpFX0JZVEVTOiAxMDI0ICogMTAyNCAqIDIsICAvLyAyTUIgbWF4IHBlcnNvbmEgZmlsZSBzaXplXG4gIE1BWF9GSUxFTkFNRV9MRU5HVEg6IDI1NSwgICAgICAgICAgICAgICAgICAvLyBNYXggZmlsZW5hbWUgbGVuZ3RoXG4gIE1BWF9QQVRIX0RFUFRIOiAxMCwgICAgICAgICAgICAgICAgICAgICAgIC8vIE1heCBkaXJlY3RvcnkgZGVwdGggZm9yIHBhdGhzXG4gIE1BWF9DT05URU5UX0xFTkdUSDogNTAwMDAwLCAgICAgICAgICAgICAgIC8vIE1heCBwZXJzb25hIGNvbnRlbnQgbGVuZ3RoICg1MDBLQilcbiAgUkFURV9MSU1JVF9SRVFVRVNUUzogMTAwLCAgICAgICAgICAgICAgICAgLy8gTWF4IHJlcXVlc3RzIHBlciB3aW5kb3dcbiAgUkFURV9MSU1JVF9XSU5ET1dfTVM6IDYwICogMTAwMCwgICAgICAgICAvLyAxIG1pbnV0ZSB3aW5kb3dcbiAgQ0FDSEVfVFRMX01TOiA1ICogNjAgKiAxMDAwLCAgICAgICAgICAgICAvLyA1IG1pbnV0ZSBjYWNoZSBUVExcbiAgTUFYX1NFQVJDSF9SRVNVTFRTOiA1MCAgICAgICAgICAgICAgICAgICAgLy8gTWF4IHNlYXJjaCByZXN1bHRzIHRvIHJldHVyblxufTtcblxuLy8gSW5wdXQgdmFsaWRhdGlvbiBwYXR0ZXJuc1xuZXhwb3J0IGNvbnN0IFZBTElEQVRJT05fUEFUVEVSTlMgPSB7XG4gIFNBRkVfRklMRU5BTUU6IC9eW2EtekEtWjAtOV1bYS16QS1aMC05XFwtXy5dezAsMjUwfVthLXpBLVowLTldJC8sXG4gIFNBRkVfUEFUSDogL15bYS16QS1aMC05XFwvXFwtXy5dezEsNTAwfSQvLFxuICBTQUZFX1VTRVJOQU1FOiAvXlthLXpBLVowLTldW2EtekEtWjAtOVxcLV8uXXswLDMwfVthLXpBLVowLTldJC8sXG4gIFNBRkVfQ0FURUdPUlk6IC9eW2EtekEtWl1bYS16QS1aMC05XFwtX117MCwyMH0kLyxcbiAgU0FGRV9FTUFJTDogL15bXlxcc0BdezEsNjR9QFteXFxzQF17MSwyNTN9XFwuW15cXHNAXXsxLDYzfSQvICAvLyBSRkMgNTMyMSBjb21wbGlhbnQgbGltaXRzXG59OyJdfQ==