@dotsetlabs/tollgate 0.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/LICENSE +21 -0
- package/README.md +885 -0
- package/dist/analyzers/filesystem.d.ts +26 -0
- package/dist/analyzers/filesystem.d.ts.map +1 -0
- package/dist/analyzers/filesystem.js +284 -0
- package/dist/analyzers/filesystem.js.map +1 -0
- package/dist/analyzers/http.d.ts +90 -0
- package/dist/analyzers/http.d.ts.map +1 -0
- package/dist/analyzers/http.js +433 -0
- package/dist/analyzers/http.js.map +1 -0
- package/dist/analyzers/index.d.ts +101 -0
- package/dist/analyzers/index.d.ts.map +1 -0
- package/dist/analyzers/index.js +342 -0
- package/dist/analyzers/index.js.map +1 -0
- package/dist/analyzers/loader.d.ts +114 -0
- package/dist/analyzers/loader.d.ts.map +1 -0
- package/dist/analyzers/loader.js +184 -0
- package/dist/analyzers/loader.js.map +1 -0
- package/dist/analyzers/prompt-injection.d.ts +95 -0
- package/dist/analyzers/prompt-injection.d.ts.map +1 -0
- package/dist/analyzers/prompt-injection.js +725 -0
- package/dist/analyzers/prompt-injection.js.map +1 -0
- package/dist/analyzers/sdk.d.ts +230 -0
- package/dist/analyzers/sdk.d.ts.map +1 -0
- package/dist/analyzers/sdk.js +283 -0
- package/dist/analyzers/sdk.js.map +1 -0
- package/dist/analyzers/shell.d.ts +20 -0
- package/dist/analyzers/shell.d.ts.map +1 -0
- package/dist/analyzers/shell.js +297 -0
- package/dist/analyzers/shell.js.map +1 -0
- package/dist/analyzers/sql.d.ts +37 -0
- package/dist/analyzers/sql.d.ts.map +1 -0
- package/dist/analyzers/sql.js +455 -0
- package/dist/analyzers/sql.js.map +1 -0
- package/dist/analyzers/types.d.ts +117 -0
- package/dist/analyzers/types.d.ts.map +1 -0
- package/dist/analyzers/types.js +46 -0
- package/dist/analyzers/types.js.map +1 -0
- package/dist/approval/interactive.d.ts +72 -0
- package/dist/approval/interactive.d.ts.map +1 -0
- package/dist/approval/interactive.js +550 -0
- package/dist/approval/interactive.js.map +1 -0
- package/dist/approval/terminal.d.ts +59 -0
- package/dist/approval/terminal.d.ts.map +1 -0
- package/dist/approval/terminal.js +238 -0
- package/dist/approval/terminal.js.map +1 -0
- package/dist/approval/types.d.ts +66 -0
- package/dist/approval/types.d.ts.map +1 -0
- package/dist/approval/types.js +2 -0
- package/dist/approval/types.js.map +1 -0
- package/dist/audit/exporter.d.ts +138 -0
- package/dist/audit/exporter.d.ts.map +1 -0
- package/dist/audit/exporter.js +366 -0
- package/dist/audit/exporter.js.map +1 -0
- package/dist/audit/logger.d.ts +156 -0
- package/dist/audit/logger.d.ts.map +1 -0
- package/dist/audit/logger.js +406 -0
- package/dist/audit/logger.js.map +1 -0
- package/dist/audit/redaction.d.ts +110 -0
- package/dist/audit/redaction.d.ts.map +1 -0
- package/dist/audit/redaction.js +307 -0
- package/dist/audit/redaction.js.map +1 -0
- package/dist/audit/schema.d.ts +76 -0
- package/dist/audit/schema.d.ts.map +1 -0
- package/dist/audit/schema.js +122 -0
- package/dist/audit/schema.js.map +1 -0
- package/dist/cli/commands/doctor.d.ts +34 -0
- package/dist/cli/commands/doctor.d.ts.map +1 -0
- package/dist/cli/commands/doctor.js +431 -0
- package/dist/cli/commands/doctor.js.map +1 -0
- package/dist/cli/commands/export.d.ts +18 -0
- package/dist/cli/commands/export.d.ts.map +1 -0
- package/dist/cli/commands/export.js +63 -0
- package/dist/cli/commands/export.js.map +1 -0
- package/dist/cli/commands/init.d.ts +12 -0
- package/dist/cli/commands/init.d.ts.map +1 -0
- package/dist/cli/commands/init.js +102 -0
- package/dist/cli/commands/init.js.map +1 -0
- package/dist/cli/commands/logs.d.ts +11 -0
- package/dist/cli/commands/logs.d.ts.map +1 -0
- package/dist/cli/commands/logs.js +60 -0
- package/dist/cli/commands/logs.js.map +1 -0
- package/dist/cli/commands/scan.d.ts +29 -0
- package/dist/cli/commands/scan.d.ts.map +1 -0
- package/dist/cli/commands/scan.js +251 -0
- package/dist/cli/commands/scan.js.map +1 -0
- package/dist/cli/commands/serve.d.ts +26 -0
- package/dist/cli/commands/serve.d.ts.map +1 -0
- package/dist/cli/commands/serve.js +424 -0
- package/dist/cli/commands/serve.js.map +1 -0
- package/dist/cli/commands/start.d.ts +20 -0
- package/dist/cli/commands/start.d.ts.map +1 -0
- package/dist/cli/commands/start.js +82 -0
- package/dist/cli/commands/start.js.map +1 -0
- package/dist/cli/commands/stats.d.ts +10 -0
- package/dist/cli/commands/stats.d.ts.map +1 -0
- package/dist/cli/commands/stats.js +42 -0
- package/dist/cli/commands/stats.js.map +1 -0
- package/dist/cli/commands/templates.d.ts +26 -0
- package/dist/cli/commands/templates.d.ts.map +1 -0
- package/dist/cli/commands/templates.js +221 -0
- package/dist/cli/commands/templates.js.map +1 -0
- package/dist/cli/commands/validate.d.ts +12 -0
- package/dist/cli/commands/validate.d.ts.map +1 -0
- package/dist/cli/commands/validate.js +107 -0
- package/dist/cli/commands/validate.js.map +1 -0
- package/dist/cli/commands/wrap.d.ts +19 -0
- package/dist/cli/commands/wrap.d.ts.map +1 -0
- package/dist/cli/commands/wrap.js +59 -0
- package/dist/cli/commands/wrap.js.map +1 -0
- package/dist/cli/index.d.ts +17 -0
- package/dist/cli/index.d.ts.map +1 -0
- package/dist/cli/index.js +202 -0
- package/dist/cli/index.js.map +1 -0
- package/dist/cli/ui.d.ts +139 -0
- package/dist/cli/ui.d.ts.map +1 -0
- package/dist/cli/ui.js +271 -0
- package/dist/cli/ui.js.map +1 -0
- package/dist/constants.d.ts +33 -0
- package/dist/constants.d.ts.map +1 -0
- package/dist/constants.js +54 -0
- package/dist/constants.js.map +1 -0
- package/dist/errors.d.ts +28 -0
- package/dist/errors.d.ts.map +1 -0
- package/dist/errors.js +37 -0
- package/dist/errors.js.map +1 -0
- package/dist/index.d.ts +49 -0
- package/dist/index.d.ts.map +1 -0
- package/dist/index.js +82 -0
- package/dist/index.js.map +1 -0
- package/dist/orchestrator/index.d.ts +11 -0
- package/dist/orchestrator/index.d.ts.map +1 -0
- package/dist/orchestrator/index.js +10 -0
- package/dist/orchestrator/index.js.map +1 -0
- package/dist/orchestrator/manager.d.ts +127 -0
- package/dist/orchestrator/manager.d.ts.map +1 -0
- package/dist/orchestrator/manager.js +498 -0
- package/dist/orchestrator/manager.js.map +1 -0
- package/dist/orchestrator/types.d.ts +141 -0
- package/dist/orchestrator/types.d.ts.map +1 -0
- package/dist/orchestrator/types.js +9 -0
- package/dist/orchestrator/types.js.map +1 -0
- package/dist/policy/engine.d.ts +55 -0
- package/dist/policy/engine.d.ts.map +1 -0
- package/dist/policy/engine.js +288 -0
- package/dist/policy/engine.js.map +1 -0
- package/dist/policy/natural-language.d.ts +141 -0
- package/dist/policy/natural-language.d.ts.map +1 -0
- package/dist/policy/natural-language.js +552 -0
- package/dist/policy/natural-language.js.map +1 -0
- package/dist/policy/parser.d.ts +141 -0
- package/dist/policy/parser.d.ts.map +1 -0
- package/dist/policy/parser.js +314 -0
- package/dist/policy/parser.js.map +1 -0
- package/dist/policy/types.d.ts +428 -0
- package/dist/policy/types.d.ts.map +1 -0
- package/dist/policy/types.js +32 -0
- package/dist/policy/types.js.map +1 -0
- package/dist/policy/validator.d.ts +72 -0
- package/dist/policy/validator.d.ts.map +1 -0
- package/dist/policy/validator.js +453 -0
- package/dist/policy/validator.js.map +1 -0
- package/dist/proxy/bridge.d.ts +84 -0
- package/dist/proxy/bridge.d.ts.map +1 -0
- package/dist/proxy/bridge.js +217 -0
- package/dist/proxy/bridge.js.map +1 -0
- package/dist/proxy/client.d.ts +130 -0
- package/dist/proxy/client.d.ts.map +1 -0
- package/dist/proxy/client.js +290 -0
- package/dist/proxy/client.js.map +1 -0
- package/dist/proxy/server.d.ts +111 -0
- package/dist/proxy/server.d.ts.map +1 -0
- package/dist/proxy/server.js +444 -0
- package/dist/proxy/server.js.map +1 -0
- package/dist/scanner.d.ts +91 -0
- package/dist/scanner.d.ts.map +1 -0
- package/dist/scanner.js +373 -0
- package/dist/scanner.js.map +1 -0
- package/dist/session/index.d.ts +32 -0
- package/dist/session/index.d.ts.map +1 -0
- package/dist/session/index.js +31 -0
- package/dist/session/index.js.map +1 -0
- package/dist/session/manager.d.ts +166 -0
- package/dist/session/manager.d.ts.map +1 -0
- package/dist/session/manager.js +454 -0
- package/dist/session/manager.js.map +1 -0
- package/dist/session/sqlite-store.d.ts +54 -0
- package/dist/session/sqlite-store.d.ts.map +1 -0
- package/dist/session/sqlite-store.js +209 -0
- package/dist/session/sqlite-store.js.map +1 -0
- package/dist/session/types.d.ts +179 -0
- package/dist/session/types.d.ts.map +1 -0
- package/dist/session/types.js +38 -0
- package/dist/session/types.js.map +1 -0
- package/dist/templates.d.ts +64 -0
- package/dist/templates.d.ts.map +1 -0
- package/dist/templates.js +451 -0
- package/dist/templates.js.map +1 -0
- package/dist/utils/config.d.ts +57 -0
- package/dist/utils/config.d.ts.map +1 -0
- package/dist/utils/config.js +104 -0
- package/dist/utils/config.js.map +1 -0
- package/dist/utils/errors.d.ts +18 -0
- package/dist/utils/errors.d.ts.map +1 -0
- package/dist/utils/errors.js +35 -0
- package/dist/utils/errors.js.map +1 -0
- package/dist/utils/logger.d.ts +144 -0
- package/dist/utils/logger.d.ts.map +1 -0
- package/dist/utils/logger.js +300 -0
- package/dist/utils/logger.js.map +1 -0
- package/dist/wizard.d.ts +68 -0
- package/dist/wizard.d.ts.map +1 -0
- package/dist/wizard.js +395 -0
- package/dist/wizard.js.map +1 -0
- package/package.json +99 -0
|
@@ -0,0 +1,552 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Natural Language Policy Parser
|
|
3
|
+
*
|
|
4
|
+
* Converts human-readable policy statements into structured ToolPolicy objects.
|
|
5
|
+
* Uses rule-based pattern matching to interpret common policy expressions.
|
|
6
|
+
*
|
|
7
|
+
* @example
|
|
8
|
+
* ```typescript
|
|
9
|
+
* import { parsePolicy, parseNaturalPolicies } from '@dotsetlabs/tollgate/policy';
|
|
10
|
+
*
|
|
11
|
+
* const policy = parsePolicy('Allow read operations on postgres');
|
|
12
|
+
* // { action: 'smart', analyzer: 'sql', risks: { read: 'allow', write: 'deny', ... } }
|
|
13
|
+
*
|
|
14
|
+
* const policies = parseNaturalPolicies([
|
|
15
|
+
* 'Allow read operations on postgres',
|
|
16
|
+
* 'Deny destructive queries on any database',
|
|
17
|
+
* 'Prompt for file writes outside /tmp'
|
|
18
|
+
* ]);
|
|
19
|
+
* ```
|
|
20
|
+
*
|
|
21
|
+
* @module policy/natural-language
|
|
22
|
+
*/
|
|
23
|
+
// Action keywords and their mappings
|
|
24
|
+
const ACTION_PATTERNS = {
|
|
25
|
+
'allow': 'allow',
|
|
26
|
+
'permit': 'allow',
|
|
27
|
+
'enable': 'allow',
|
|
28
|
+
'approve': 'allow',
|
|
29
|
+
'grant': 'allow',
|
|
30
|
+
'let': 'allow',
|
|
31
|
+
'deny': 'deny',
|
|
32
|
+
'block': 'deny',
|
|
33
|
+
'reject': 'deny',
|
|
34
|
+
'forbid': 'deny',
|
|
35
|
+
'prohibit': 'deny',
|
|
36
|
+
'disallow': 'deny',
|
|
37
|
+
'prevent': 'deny',
|
|
38
|
+
'prompt': 'prompt',
|
|
39
|
+
'ask': 'prompt',
|
|
40
|
+
'confirm': 'prompt',
|
|
41
|
+
'require approval': 'prompt',
|
|
42
|
+
'review': 'prompt',
|
|
43
|
+
'check': 'prompt',
|
|
44
|
+
};
|
|
45
|
+
// Risk level keywords and their mappings
|
|
46
|
+
const RISK_PATTERNS = {
|
|
47
|
+
// Individual risk levels
|
|
48
|
+
'safe': ['safe'],
|
|
49
|
+
'read': ['read'],
|
|
50
|
+
'read-only': ['read'],
|
|
51
|
+
'readonly': ['read'],
|
|
52
|
+
'select': ['read'],
|
|
53
|
+
'query': ['read'],
|
|
54
|
+
'write': ['write'],
|
|
55
|
+
'insert': ['write'],
|
|
56
|
+
'create': ['write'],
|
|
57
|
+
'destructive': ['destructive'],
|
|
58
|
+
'update': ['destructive'],
|
|
59
|
+
'delete': ['destructive'],
|
|
60
|
+
'modify': ['destructive'],
|
|
61
|
+
'alter': ['destructive'],
|
|
62
|
+
'dangerous': ['dangerous'],
|
|
63
|
+
'drop': ['dangerous'],
|
|
64
|
+
'truncate': ['dangerous'],
|
|
65
|
+
'admin': ['dangerous'],
|
|
66
|
+
// Combined/category patterns (only match as standalone words, not in "any server")
|
|
67
|
+
'all operations': ['safe', 'read', 'write', 'destructive', 'dangerous'],
|
|
68
|
+
'any operations': ['safe', 'read', 'write', 'destructive', 'dangerous'],
|
|
69
|
+
'everything': ['safe', 'read', 'write', 'destructive', 'dangerous'],
|
|
70
|
+
'all': ['safe', 'read', 'write', 'destructive', 'dangerous'],
|
|
71
|
+
'read operations': ['read'],
|
|
72
|
+
'write operations': ['write'],
|
|
73
|
+
'destructive operations': ['destructive'],
|
|
74
|
+
'dangerous operations': ['dangerous'],
|
|
75
|
+
'mutations': ['write', 'destructive', 'dangerous'],
|
|
76
|
+
'changes': ['write', 'destructive', 'dangerous'],
|
|
77
|
+
'modifications': ['write', 'destructive', 'dangerous'],
|
|
78
|
+
};
|
|
79
|
+
// Analyzer type keywords
|
|
80
|
+
const ANALYZER_PATTERNS = {
|
|
81
|
+
'sql': 'sql',
|
|
82
|
+
'database': 'sql',
|
|
83
|
+
'db': 'sql',
|
|
84
|
+
'query': 'sql',
|
|
85
|
+
'queries': 'sql',
|
|
86
|
+
'file': 'filesystem',
|
|
87
|
+
'filesystem': 'filesystem',
|
|
88
|
+
'fs': 'filesystem',
|
|
89
|
+
'path': 'filesystem',
|
|
90
|
+
'shell': 'shell',
|
|
91
|
+
'command': 'shell',
|
|
92
|
+
'commands': 'shell',
|
|
93
|
+
'bash': 'shell',
|
|
94
|
+
'terminal': 'shell',
|
|
95
|
+
'exec': 'shell',
|
|
96
|
+
'http': 'http',
|
|
97
|
+
'fetch': 'http',
|
|
98
|
+
'request': 'http',
|
|
99
|
+
'requests': 'http',
|
|
100
|
+
'api': 'http',
|
|
101
|
+
'url': 'http',
|
|
102
|
+
};
|
|
103
|
+
// Server type patterns (for inferring server patterns)
|
|
104
|
+
const SERVER_TYPE_PATTERNS = {
|
|
105
|
+
'postgres': ['postgres', 'postgresql', 'pg'],
|
|
106
|
+
'mysql': ['mysql', 'mariadb'],
|
|
107
|
+
'sqlite': ['sqlite', 'sqlite3'],
|
|
108
|
+
'database': ['*sql*', '*db*', '*database*'],
|
|
109
|
+
'any database': ['*sql*', '*db*', '*database*'],
|
|
110
|
+
'filesystem': ['*file*', '*fs*'],
|
|
111
|
+
'shell': ['*shell*', '*terminal*', '*bash*'],
|
|
112
|
+
'http': ['*http*', '*fetch*', '*api*'],
|
|
113
|
+
};
|
|
114
|
+
/**
|
|
115
|
+
* Normalize input string for matching.
|
|
116
|
+
*/
|
|
117
|
+
function normalize(input) {
|
|
118
|
+
return input.toLowerCase().trim();
|
|
119
|
+
}
|
|
120
|
+
/**
|
|
121
|
+
* Infer the appropriate analyzer from a server name/pattern.
|
|
122
|
+
* Returns null if the server name doesn't clearly indicate a type.
|
|
123
|
+
*/
|
|
124
|
+
function inferAnalyzerFromServer(serverPattern) {
|
|
125
|
+
const lower = serverPattern.toLowerCase();
|
|
126
|
+
// Database servers -> SQL analyzer
|
|
127
|
+
if (lower.includes('postgres') ||
|
|
128
|
+
lower.includes('mysql') ||
|
|
129
|
+
lower.includes('sqlite') ||
|
|
130
|
+
lower.includes('mariadb') ||
|
|
131
|
+
lower.includes('mssql') ||
|
|
132
|
+
lower.includes('oracle') ||
|
|
133
|
+
lower === 'db' ||
|
|
134
|
+
lower === 'database') {
|
|
135
|
+
return 'sql';
|
|
136
|
+
}
|
|
137
|
+
// Filesystem servers -> filesystem analyzer
|
|
138
|
+
if (lower.includes('file') ||
|
|
139
|
+
lower.includes('fs') ||
|
|
140
|
+
lower === 'filesystem') {
|
|
141
|
+
return 'filesystem';
|
|
142
|
+
}
|
|
143
|
+
// Shell servers -> shell analyzer
|
|
144
|
+
if (lower.includes('shell') ||
|
|
145
|
+
lower.includes('bash') ||
|
|
146
|
+
lower.includes('terminal') ||
|
|
147
|
+
lower.includes('exec')) {
|
|
148
|
+
return 'shell';
|
|
149
|
+
}
|
|
150
|
+
// HTTP servers -> http analyzer
|
|
151
|
+
if (lower.includes('http') ||
|
|
152
|
+
lower.includes('api') ||
|
|
153
|
+
lower.includes('fetch') ||
|
|
154
|
+
lower.includes('web')) {
|
|
155
|
+
return 'http';
|
|
156
|
+
}
|
|
157
|
+
return null;
|
|
158
|
+
}
|
|
159
|
+
/**
|
|
160
|
+
* Extract the action from a policy statement.
|
|
161
|
+
*/
|
|
162
|
+
function extractAction(input) {
|
|
163
|
+
const normalized = normalize(input);
|
|
164
|
+
// Check for multi-word patterns first
|
|
165
|
+
for (const [pattern, action] of Object.entries(ACTION_PATTERNS)) {
|
|
166
|
+
if (pattern.includes(' ')) {
|
|
167
|
+
if (normalized.includes(pattern)) {
|
|
168
|
+
return {
|
|
169
|
+
action,
|
|
170
|
+
remaining: normalized.replace(pattern, '').trim(),
|
|
171
|
+
};
|
|
172
|
+
}
|
|
173
|
+
}
|
|
174
|
+
}
|
|
175
|
+
// Check for single word patterns at the start
|
|
176
|
+
const words = normalized.split(/\s+/);
|
|
177
|
+
const firstWord = words[0];
|
|
178
|
+
if (firstWord && ACTION_PATTERNS[firstWord]) {
|
|
179
|
+
return {
|
|
180
|
+
action: ACTION_PATTERNS[firstWord],
|
|
181
|
+
remaining: words.slice(1).join(' '),
|
|
182
|
+
};
|
|
183
|
+
}
|
|
184
|
+
return null;
|
|
185
|
+
}
|
|
186
|
+
/**
|
|
187
|
+
* Extract risk levels from a policy statement.
|
|
188
|
+
*/
|
|
189
|
+
function extractRiskLevels(input) {
|
|
190
|
+
const normalized = normalize(input);
|
|
191
|
+
const foundRisks = [];
|
|
192
|
+
let remaining = normalized;
|
|
193
|
+
// Check for multi-word patterns first
|
|
194
|
+
const sortedPatterns = Object.entries(RISK_PATTERNS)
|
|
195
|
+
.sort(([a], [b]) => b.length - a.length);
|
|
196
|
+
for (const [pattern, risks] of sortedPatterns) {
|
|
197
|
+
if (remaining.includes(pattern)) {
|
|
198
|
+
foundRisks.push(...risks);
|
|
199
|
+
remaining = remaining.replace(pattern, '').trim();
|
|
200
|
+
}
|
|
201
|
+
}
|
|
202
|
+
if (foundRisks.length > 0) {
|
|
203
|
+
// Deduplicate
|
|
204
|
+
return {
|
|
205
|
+
risks: [...new Set(foundRisks)],
|
|
206
|
+
remaining,
|
|
207
|
+
};
|
|
208
|
+
}
|
|
209
|
+
return null;
|
|
210
|
+
}
|
|
211
|
+
/**
|
|
212
|
+
* Extract analyzer type from a policy statement.
|
|
213
|
+
*/
|
|
214
|
+
function extractAnalyzer(input) {
|
|
215
|
+
const normalized = normalize(input);
|
|
216
|
+
for (const [pattern, analyzer] of Object.entries(ANALYZER_PATTERNS)) {
|
|
217
|
+
// Look for the pattern as a word boundary
|
|
218
|
+
const regex = new RegExp(`\\b${pattern}\\b`, 'i');
|
|
219
|
+
if (regex.test(normalized)) {
|
|
220
|
+
return {
|
|
221
|
+
analyzer,
|
|
222
|
+
remaining: normalized.replace(regex, '').trim(),
|
|
223
|
+
};
|
|
224
|
+
}
|
|
225
|
+
}
|
|
226
|
+
return null;
|
|
227
|
+
}
|
|
228
|
+
/**
|
|
229
|
+
* Extract server pattern from a policy statement.
|
|
230
|
+
*/
|
|
231
|
+
function extractServerPattern(input) {
|
|
232
|
+
const normalized = normalize(input);
|
|
233
|
+
// Check for "any/all server(s)/database(s)" patterns FIRST (highest priority)
|
|
234
|
+
const anyMatch = normalized.match(/\b(?:on\s+)?(any|all)\s+(server|servers|database|databases|db|dbs|shell|shells|filesystem|filesystems|http|api)s?\b/i);
|
|
235
|
+
if (anyMatch) {
|
|
236
|
+
return {
|
|
237
|
+
pattern: '*',
|
|
238
|
+
remaining: normalized.replace(anyMatch[0], '').trim(),
|
|
239
|
+
};
|
|
240
|
+
}
|
|
241
|
+
// Look for "on <server>" patterns
|
|
242
|
+
const onMatch = normalized.match(/\bon\s+(?:the\s+)?(\w+(?:\s+\w+)?)/);
|
|
243
|
+
if (onMatch && onMatch[1]) {
|
|
244
|
+
const serverName = onMatch[1];
|
|
245
|
+
// Skip if serverName starts with "any" or "all" (already handled above)
|
|
246
|
+
if (/^(any|all)\s/i.test(serverName)) {
|
|
247
|
+
return null;
|
|
248
|
+
}
|
|
249
|
+
// Check if it's a known server type
|
|
250
|
+
for (const [type, patterns] of Object.entries(SERVER_TYPE_PATTERNS)) {
|
|
251
|
+
if (serverName.includes(type) || type.includes(serverName)) {
|
|
252
|
+
return {
|
|
253
|
+
pattern: patterns[0],
|
|
254
|
+
remaining: normalized.replace(onMatch[0], '').trim(),
|
|
255
|
+
};
|
|
256
|
+
}
|
|
257
|
+
}
|
|
258
|
+
// Use as literal server name
|
|
259
|
+
return {
|
|
260
|
+
pattern: serverName.replace(/\s+/g, '-'),
|
|
261
|
+
remaining: normalized.replace(onMatch[0], '').trim(),
|
|
262
|
+
};
|
|
263
|
+
}
|
|
264
|
+
// Look for "all <type>" patterns (fallback)
|
|
265
|
+
const allMatch = normalized.match(/\ball\s+(\w+)/);
|
|
266
|
+
if (allMatch && allMatch[1]) {
|
|
267
|
+
return {
|
|
268
|
+
pattern: '*',
|
|
269
|
+
remaining: normalized.replace(allMatch[0], '').trim(),
|
|
270
|
+
};
|
|
271
|
+
}
|
|
272
|
+
return null;
|
|
273
|
+
}
|
|
274
|
+
/**
|
|
275
|
+
* Extract tool pattern from a policy statement.
|
|
276
|
+
*/
|
|
277
|
+
function extractToolPattern(input) {
|
|
278
|
+
const normalized = normalize(input);
|
|
279
|
+
// Look for specific tool references
|
|
280
|
+
const toolMatch = normalized.match(/\b(?:tool|function|method)\s+(\w+)/);
|
|
281
|
+
if (toolMatch && toolMatch[1]) {
|
|
282
|
+
return {
|
|
283
|
+
pattern: toolMatch[1],
|
|
284
|
+
remaining: normalized.replace(toolMatch[0], '').trim(),
|
|
285
|
+
};
|
|
286
|
+
}
|
|
287
|
+
// Look for glob-like patterns
|
|
288
|
+
const globMatch = normalized.match(/\b(\w+\*|\*\w+|\w+_\*|\*_\w+)/);
|
|
289
|
+
if (globMatch && globMatch[1]) {
|
|
290
|
+
return {
|
|
291
|
+
pattern: globMatch[1],
|
|
292
|
+
remaining: normalized.replace(globMatch[0], '').trim(),
|
|
293
|
+
};
|
|
294
|
+
}
|
|
295
|
+
return null;
|
|
296
|
+
}
|
|
297
|
+
/**
|
|
298
|
+
* Convert a PolicyAction to a RiskMappingAction.
|
|
299
|
+
* 'smart' is converted to 'prompt' as a safe default.
|
|
300
|
+
*/
|
|
301
|
+
function toRiskMappingAction(action) {
|
|
302
|
+
if (action === 'smart')
|
|
303
|
+
return 'prompt';
|
|
304
|
+
return action;
|
|
305
|
+
}
|
|
306
|
+
/**
|
|
307
|
+
* Build a RiskMapping from the extracted information.
|
|
308
|
+
*
|
|
309
|
+
* When specific risks are targeted, only those risks are set in the mapping.
|
|
310
|
+
* This allows partial policies to merge correctly without overwriting
|
|
311
|
+
* risk levels from other policies.
|
|
312
|
+
*/
|
|
313
|
+
function buildRiskMapping(action, targetRisks, _defaultAction = 'prompt') {
|
|
314
|
+
const allRisks = ['safe', 'read', 'write', 'destructive', 'dangerous'];
|
|
315
|
+
const mapping = {};
|
|
316
|
+
const mappedAction = toRiskMappingAction(action);
|
|
317
|
+
// If specific risks are targeted, only set those (allows merging)
|
|
318
|
+
if (targetRisks && targetRisks.length > 0 && targetRisks.length < allRisks.length) {
|
|
319
|
+
for (const risk of targetRisks) {
|
|
320
|
+
mapping[risk] = mappedAction;
|
|
321
|
+
}
|
|
322
|
+
}
|
|
323
|
+
else {
|
|
324
|
+
// Apply action to all risks
|
|
325
|
+
for (const risk of allRisks) {
|
|
326
|
+
mapping[risk] = mappedAction;
|
|
327
|
+
}
|
|
328
|
+
}
|
|
329
|
+
return mapping;
|
|
330
|
+
}
|
|
331
|
+
/**
|
|
332
|
+
* Parse a single natural language policy statement.
|
|
333
|
+
*
|
|
334
|
+
* @param input - The natural language policy statement
|
|
335
|
+
* @param options - Parser options
|
|
336
|
+
* @returns Parsed policy result
|
|
337
|
+
*
|
|
338
|
+
* @example
|
|
339
|
+
* ```typescript
|
|
340
|
+
* const result = parsePolicy('Allow read operations on postgres');
|
|
341
|
+
* if (result.success) {
|
|
342
|
+
* console.log(result.policy); // { action: 'smart', analyzer: 'sql', ... }
|
|
343
|
+
* console.log(result.serverPattern); // 'postgres'
|
|
344
|
+
* }
|
|
345
|
+
* ```
|
|
346
|
+
*/
|
|
347
|
+
export function parsePolicy(input, options = {}) {
|
|
348
|
+
const { defaultAction = 'prompt' } = options;
|
|
349
|
+
if (!input || typeof input !== 'string') {
|
|
350
|
+
return {
|
|
351
|
+
success: false,
|
|
352
|
+
error: 'Input must be a non-empty string',
|
|
353
|
+
input: String(input),
|
|
354
|
+
};
|
|
355
|
+
}
|
|
356
|
+
// Extract components
|
|
357
|
+
const actionResult = extractAction(input);
|
|
358
|
+
if (!actionResult) {
|
|
359
|
+
return {
|
|
360
|
+
success: false,
|
|
361
|
+
error: 'Could not identify action (allow/deny/prompt). Start with a verb like "Allow", "Deny", or "Prompt for".',
|
|
362
|
+
input,
|
|
363
|
+
};
|
|
364
|
+
}
|
|
365
|
+
const { action } = actionResult;
|
|
366
|
+
let remaining = actionResult.remaining;
|
|
367
|
+
// Extract risk levels
|
|
368
|
+
const riskResult = extractRiskLevels(remaining);
|
|
369
|
+
const targetRisks = riskResult?.risks ?? null;
|
|
370
|
+
if (riskResult) {
|
|
371
|
+
remaining = riskResult.remaining;
|
|
372
|
+
}
|
|
373
|
+
// Extract server pattern BEFORE analyzer (to handle "any database" before "database" is consumed)
|
|
374
|
+
const serverResult = extractServerPattern(remaining);
|
|
375
|
+
const serverPattern = serverResult?.pattern ?? '*';
|
|
376
|
+
if (serverResult) {
|
|
377
|
+
remaining = serverResult.remaining;
|
|
378
|
+
}
|
|
379
|
+
// Extract analyzer
|
|
380
|
+
const analyzerResult = extractAnalyzer(remaining);
|
|
381
|
+
const analyzer = analyzerResult?.analyzer;
|
|
382
|
+
if (analyzerResult) {
|
|
383
|
+
remaining = analyzerResult.remaining;
|
|
384
|
+
}
|
|
385
|
+
// Extract tool pattern
|
|
386
|
+
const toolResult = extractToolPattern(remaining);
|
|
387
|
+
const toolPattern = toolResult?.pattern ?? '*';
|
|
388
|
+
// Build the policy
|
|
389
|
+
const policy = {
|
|
390
|
+
action: action,
|
|
391
|
+
};
|
|
392
|
+
// Determine if we should use smart analysis
|
|
393
|
+
const shouldUseSmart = analyzer || (targetRisks && targetRisks.length > 0);
|
|
394
|
+
if (shouldUseSmart) {
|
|
395
|
+
policy.action = 'smart';
|
|
396
|
+
// Add analyzer if detected or infer from server pattern context
|
|
397
|
+
if (analyzer) {
|
|
398
|
+
policy.analyzer = analyzer;
|
|
399
|
+
}
|
|
400
|
+
else if (serverPattern !== '*') {
|
|
401
|
+
// Infer analyzer from server pattern - only for specific server names
|
|
402
|
+
const inferredAnalyzer = inferAnalyzerFromServer(serverPattern);
|
|
403
|
+
if (inferredAnalyzer) {
|
|
404
|
+
policy.analyzer = inferredAnalyzer;
|
|
405
|
+
}
|
|
406
|
+
}
|
|
407
|
+
// Note: We no longer auto-infer 'sql' analyzer for generic risk-based policies
|
|
408
|
+
// The analyzer should be explicitly specified or inferred from server context
|
|
409
|
+
// This prevents SQL analyzer being applied to filesystem/shell operations
|
|
410
|
+
// Build risk mapping
|
|
411
|
+
policy.risks = buildRiskMapping(action, targetRisks, defaultAction);
|
|
412
|
+
}
|
|
413
|
+
// Build interpretation
|
|
414
|
+
const parts = [];
|
|
415
|
+
parts.push(`${action.toUpperCase()}`);
|
|
416
|
+
if (targetRisks && targetRisks.length > 0) {
|
|
417
|
+
parts.push(`${targetRisks.join('/')} operations`);
|
|
418
|
+
}
|
|
419
|
+
else {
|
|
420
|
+
parts.push('all operations');
|
|
421
|
+
}
|
|
422
|
+
if (analyzer) {
|
|
423
|
+
parts.push(`using ${analyzer} analyzer`);
|
|
424
|
+
}
|
|
425
|
+
parts.push(`on server "${serverPattern}" tool "${toolPattern}"`);
|
|
426
|
+
return {
|
|
427
|
+
success: true,
|
|
428
|
+
policy,
|
|
429
|
+
serverPattern,
|
|
430
|
+
toolPattern,
|
|
431
|
+
input,
|
|
432
|
+
interpretation: parts.join(' '),
|
|
433
|
+
};
|
|
434
|
+
}
|
|
435
|
+
/**
|
|
436
|
+
* Parse multiple natural language policy statements.
|
|
437
|
+
*
|
|
438
|
+
* @param inputs - Array of natural language policy statements
|
|
439
|
+
* @param options - Parser options
|
|
440
|
+
* @returns Array of parsed policy results
|
|
441
|
+
*
|
|
442
|
+
* @example
|
|
443
|
+
* ```typescript
|
|
444
|
+
* const results = parseNaturalPolicies([
|
|
445
|
+
* 'Allow read operations on postgres',
|
|
446
|
+
* 'Deny destructive queries on any database',
|
|
447
|
+
* 'Prompt for file writes',
|
|
448
|
+
* ]);
|
|
449
|
+
*
|
|
450
|
+
* const successful = results.filter(r => r.success);
|
|
451
|
+
* const failed = results.filter(r => !r.success);
|
|
452
|
+
* ```
|
|
453
|
+
*/
|
|
454
|
+
export function parseNaturalPolicies(inputs, options = {}) {
|
|
455
|
+
return inputs.map(input => parsePolicy(input, options));
|
|
456
|
+
}
|
|
457
|
+
/**
|
|
458
|
+
* Convert parsed natural language policies to a server configuration.
|
|
459
|
+
*
|
|
460
|
+
* Groups policies by server pattern and builds tool configurations.
|
|
461
|
+
*
|
|
462
|
+
* @param policies - Array of parsed policies
|
|
463
|
+
* @returns Object mapping server patterns to their tool configurations
|
|
464
|
+
*
|
|
465
|
+
* @example
|
|
466
|
+
* ```typescript
|
|
467
|
+
* const parsed = parseNaturalPolicies([
|
|
468
|
+
* 'Allow read operations on postgres',
|
|
469
|
+
* 'Deny dangerous operations on postgres',
|
|
470
|
+
* ]);
|
|
471
|
+
*
|
|
472
|
+
* const config = policiesToConfig(parsed);
|
|
473
|
+
* // { 'postgres': { tools: { '*': { action: 'smart', ... } } } }
|
|
474
|
+
* ```
|
|
475
|
+
*/
|
|
476
|
+
export function policiesToConfig(policies) {
|
|
477
|
+
const config = {};
|
|
478
|
+
for (const parsed of policies) {
|
|
479
|
+
if (!parsed.success || !parsed.policy)
|
|
480
|
+
continue;
|
|
481
|
+
const serverPattern = parsed.serverPattern ?? '*';
|
|
482
|
+
const toolPattern = parsed.toolPattern ?? '*';
|
|
483
|
+
if (!config[serverPattern]) {
|
|
484
|
+
config[serverPattern] = { tools: {} };
|
|
485
|
+
}
|
|
486
|
+
// Merge policies for the same tool pattern
|
|
487
|
+
const existing = config[serverPattern].tools[toolPattern];
|
|
488
|
+
if (existing && existing.risks && parsed.policy.risks) {
|
|
489
|
+
// Merge risk mappings (later policies take precedence)
|
|
490
|
+
existing.risks = { ...existing.risks, ...parsed.policy.risks };
|
|
491
|
+
}
|
|
492
|
+
else {
|
|
493
|
+
config[serverPattern].tools[toolPattern] = parsed.policy;
|
|
494
|
+
}
|
|
495
|
+
}
|
|
496
|
+
return config;
|
|
497
|
+
}
|
|
498
|
+
/**
|
|
499
|
+
* Validate a natural language policy statement without parsing.
|
|
500
|
+
*
|
|
501
|
+
* @param input - The policy statement to validate
|
|
502
|
+
* @returns Whether the statement appears valid
|
|
503
|
+
*/
|
|
504
|
+
export function isValidPolicyStatement(input) {
|
|
505
|
+
if (!input || typeof input !== 'string')
|
|
506
|
+
return false;
|
|
507
|
+
const result = parsePolicy(input);
|
|
508
|
+
return result.success;
|
|
509
|
+
}
|
|
510
|
+
/**
|
|
511
|
+
* Get suggestions for fixing an invalid policy statement.
|
|
512
|
+
*
|
|
513
|
+
* @param input - The invalid policy statement
|
|
514
|
+
* @returns Array of suggested corrections
|
|
515
|
+
*/
|
|
516
|
+
export function getSuggestions(input) {
|
|
517
|
+
const suggestions = [];
|
|
518
|
+
const normalized = normalize(input);
|
|
519
|
+
// Check if missing action
|
|
520
|
+
const hasAction = Object.keys(ACTION_PATTERNS).some(pattern => normalized.startsWith(pattern) || normalized.includes(` ${pattern} `));
|
|
521
|
+
if (!hasAction) {
|
|
522
|
+
suggestions.push('Start with an action like "Allow", "Deny", or "Prompt for"');
|
|
523
|
+
suggestions.push(`Example: "Allow ${input}"`);
|
|
524
|
+
suggestions.push(`Example: "Deny ${input}"`);
|
|
525
|
+
}
|
|
526
|
+
// Check if could use more specific risk level
|
|
527
|
+
const hasRisk = Object.keys(RISK_PATTERNS).some(pattern => normalized.includes(pattern));
|
|
528
|
+
if (!hasRisk) {
|
|
529
|
+
suggestions.push('Consider specifying a risk level: "read", "write", "destructive", or "dangerous"');
|
|
530
|
+
}
|
|
531
|
+
// Check if could specify target
|
|
532
|
+
const hasTarget = normalized.includes(' on ') || normalized.includes(' for ');
|
|
533
|
+
if (!hasTarget) {
|
|
534
|
+
suggestions.push('Consider specifying a target: "on postgres", "on any database"');
|
|
535
|
+
}
|
|
536
|
+
return suggestions;
|
|
537
|
+
}
|
|
538
|
+
/**
|
|
539
|
+
* Common policy templates for quick reference.
|
|
540
|
+
*/
|
|
541
|
+
export const POLICY_TEMPLATES = {
|
|
542
|
+
allowReadOnly: 'Allow read operations on ${server}',
|
|
543
|
+
denyDangerous: 'Deny dangerous operations on any server',
|
|
544
|
+
promptForWrites: 'Prompt for write operations on ${server}',
|
|
545
|
+
allowAll: 'Allow all operations on ${server}',
|
|
546
|
+
denyAll: 'Deny all operations on ${server}',
|
|
547
|
+
promptAll: 'Prompt for all operations on ${server}',
|
|
548
|
+
readOnlyDatabase: 'Allow read operations and deny mutations on ${server}',
|
|
549
|
+
safeFileAccess: 'Allow read operations and prompt for writes on filesystem',
|
|
550
|
+
restrictedShell: 'Deny dangerous commands and prompt for destructive operations on shell',
|
|
551
|
+
};
|
|
552
|
+
//# sourceMappingURL=natural-language.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"natural-language.js","sourceRoot":"","sources":["../../src/policy/natural-language.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;GAqBG;AAqCH,qCAAqC;AACrC,MAAM,eAAe,GAAiC;IACpD,OAAO,EAAE,OAAO;IAChB,QAAQ,EAAE,OAAO;IACjB,QAAQ,EAAE,OAAO;IACjB,SAAS,EAAE,OAAO;IAClB,OAAO,EAAE,OAAO;IAChB,KAAK,EAAE,OAAO;IAEd,MAAM,EAAE,MAAM;IACd,OAAO,EAAE,MAAM;IACf,QAAQ,EAAE,MAAM;IAChB,QAAQ,EAAE,MAAM;IAChB,UAAU,EAAE,MAAM;IAClB,UAAU,EAAE,MAAM;IAClB,SAAS,EAAE,MAAM;IAEjB,QAAQ,EAAE,QAAQ;IAClB,KAAK,EAAE,QAAQ;IACf,SAAS,EAAE,QAAQ;IACnB,kBAAkB,EAAE,QAAQ;IAC5B,QAAQ,EAAE,QAAQ;IAClB,OAAO,EAAE,QAAQ;CAClB,CAAC;AAEF,yCAAyC;AACzC,MAAM,aAAa,GAAgC;IACjD,yBAAyB;IACzB,MAAM,EAAE,CAAC,MAAM,CAAC;IAChB,MAAM,EAAE,CAAC,MAAM,CAAC;IAChB,WAAW,EAAE,CAAC,MAAM,CAAC;IACrB,UAAU,EAAE,CAAC,MAAM,CAAC;IACpB,QAAQ,EAAE,CAAC,MAAM,CAAC;IAClB,OAAO,EAAE,CAAC,MAAM,CAAC;IAEjB,OAAO,EAAE,CAAC,OAAO,CAAC;IAClB,QAAQ,EAAE,CAAC,OAAO,CAAC;IACnB,QAAQ,EAAE,CAAC,OAAO,CAAC;IAEnB,aAAa,EAAE,CAAC,aAAa,CAAC;IAC9B,QAAQ,EAAE,CAAC,aAAa,CAAC;IACzB,QAAQ,EAAE,CAAC,aAAa,CAAC;IACzB,QAAQ,EAAE,CAAC,aAAa,CAAC;IACzB,OAAO,EAAE,CAAC,aAAa,CAAC;IAExB,WAAW,EAAE,CAAC,WAAW,CAAC;IAC1B,MAAM,EAAE,CAAC,WAAW,CAAC;IACrB,UAAU,EAAE,CAAC,WAAW,CAAC;IACzB,OAAO,EAAE,CAAC,WAAW,CAAC;IAEtB,mFAAmF;IACnF,gBAAgB,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,aAAa,EAAE,WAAW,CAAC;IACvE,gBAAgB,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,aAAa,EAAE,WAAW,CAAC;IACvE,YAAY,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,aAAa,EAAE,WAAW,CAAC;IACnE,KAAK,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,aAAa,EAAE,WAAW,CAAC;IAE5D,iBAAiB,EAAE,CAAC,MAAM,CAAC;IAC3B,kBAAkB,EAAE,CAAC,OAAO,CAAC;IAC7B,wBAAwB,EAAE,CAAC,aAAa,CAAC;IACzC,sBAAsB,EAAE,CAAC,WAAW,CAAC;IAErC,WAAW,EAAE,CAAC,OAAO,EAAE,aAAa,EAAE,WAAW,CAAC;IAClD,SAAS,EAAE,CAAC,OAAO,EAAE,aAAa,EAAE,WAAW,CAAC;IAChD,eAAe,EAAE,CAAC,OAAO,EAAE,aAAa,EAAE,WAAW,CAAC;CACvD,CAAC;AAEF,yBAAyB;AACzB,MAAM,iBAAiB,GAA2B;IAChD,KAAK,EAAE,KAAK;IACZ,UAAU,EAAE,KAAK;IACjB,IAAI,EAAE,KAAK;IACX,OAAO,EAAE,KAAK;IACd,SAAS,EAAE,KAAK;IAEhB,MAAM,EAAE,YAAY;IACpB,YAAY,EAAE,YAAY;IAC1B,IAAI,EAAE,YAAY;IAClB,MAAM,EAAE,YAAY;IAEpB,OAAO,EAAE,OAAO;IAChB,SAAS,EAAE,OAAO;IAClB,UAAU,EAAE,OAAO;IACnB,MAAM,EAAE,OAAO;IACf,UAAU,EAAE,OAAO;IACnB,MAAM,EAAE,OAAO;IAEf,MAAM,EAAE,MAAM;IACd,OAAO,EAAE,MAAM;IACf,SAAS,EAAE,MAAM;IACjB,UAAU,EAAE,MAAM;IAClB,KAAK,EAAE,MAAM;IACb,KAAK,EAAE,MAAM;CACd,CAAC;AAEF,uDAAuD;AACvD,MAAM,oBAAoB,GAA6B;IACrD,UAAU,EAAE,CAAC,UAAU,EAAE,YAAY,EAAE,IAAI,CAAC;IAC5C,OAAO,EAAE,CAAC,OAAO,EAAE,SAAS,CAAC;IAC7B,QAAQ,EAAE,CAAC,QAAQ,EAAE,SAAS,CAAC;IAC/B,UAAU,EAAE,CAAC,OAAO,EAAE,MAAM,EAAE,YAAY,CAAC;IAC3C,cAAc,EAAE,CAAC,OAAO,EAAE,MAAM,EAAE,YAAY,CAAC;IAC/C,YAAY,EAAE,CAAC,QAAQ,EAAE,MAAM,CAAC;IAChC,OAAO,EAAE,CAAC,SAAS,EAAE,YAAY,EAAE,QAAQ,CAAC;IAC5C,MAAM,EAAE,CAAC,QAAQ,EAAE,SAAS,EAAE,OAAO,CAAC;CACvC,CAAC;AAEF;;GAEG;AACH,SAAS,SAAS,CAAC,KAAa;IAC9B,OAAO,KAAK,CAAC,WAAW,EAAE,CAAC,IAAI,EAAE,CAAC;AACpC,CAAC;AAED;;;GAGG;AACH,SAAS,uBAAuB,CAAC,aAAqB;IACpD,MAAM,KAAK,GAAG,aAAa,CAAC,WAAW,EAAE,CAAC;IAE1C,mCAAmC;IACnC,IACE,KAAK,CAAC,QAAQ,CAAC,UAAU,CAAC;QAC1B,KAAK,CAAC,QAAQ,CAAC,OAAO,CAAC;QACvB,KAAK,CAAC,QAAQ,CAAC,QAAQ,CAAC;QACxB,KAAK,CAAC,QAAQ,CAAC,SAAS,CAAC;QACzB,KAAK,CAAC,QAAQ,CAAC,OAAO,CAAC;QACvB,KAAK,CAAC,QAAQ,CAAC,QAAQ,CAAC;QACxB,KAAK,KAAK,IAAI;QACd,KAAK,KAAK,UAAU,EACpB,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC;IAED,4CAA4C;IAC5C,IACE,KAAK,CAAC,QAAQ,CAAC,MAAM,CAAC;QACtB,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC;QACpB,KAAK,KAAK,YAAY,EACtB,CAAC;QACD,OAAO,YAAY,CAAC;IACtB,CAAC;IAED,kCAAkC;IAClC,IACE,KAAK,CAAC,QAAQ,CAAC,OAAO,CAAC;QACvB,KAAK,CAAC,QAAQ,CAAC,MAAM,CAAC;QACtB,KAAK,CAAC,QAAQ,CAAC,UAAU,CAAC;QAC1B,KAAK,CAAC,QAAQ,CAAC,MAAM,CAAC,EACtB,CAAC;QACD,OAAO,OAAO,CAAC;IACjB,CAAC;IAED,gCAAgC;IAChC,IACE,KAAK,CAAC,QAAQ,CAAC,MAAM,CAAC;QACtB,KAAK,CAAC,QAAQ,CAAC,KAAK,CAAC;QACrB,KAAK,CAAC,QAAQ,CAAC,OAAO,CAAC;QACvB,KAAK,CAAC,QAAQ,CAAC,KAAK,CAAC,EACrB,CAAC;QACD,OAAO,MAAM,CAAC;IAChB,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;GAEG;AACH,SAAS,aAAa,CAAC,KAAa;IAClC,MAAM,UAAU,GAAG,SAAS,CAAC,KAAK,CAAC,CAAC;IAEpC,sCAAsC;IACtC,KAAK,MAAM,CAAC,OAAO,EAAE,MAAM,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,eAAe,CAAC,EAAE,CAAC;QAChE,IAAI,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;YAC1B,IAAI,UAAU,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;gBACjC,OAAO;oBACL,MAAM;oBACN,SAAS,EAAE,UAAU,CAAC,OAAO,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC,IAAI,EAAE;iBAClD,CAAC;YACJ,CAAC;QACH,CAAC;IACH,CAAC;IAED,8CAA8C;IAC9C,MAAM,KAAK,GAAG,UAAU,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;IACtC,MAAM,SAAS,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;IAE3B,IAAI,SAAS,IAAI,eAAe,CAAC,SAAS,CAAC,EAAE,CAAC;QAC5C,OAAO;YACL,MAAM,EAAE,eAAe,CAAC,SAAS,CAAC;YAClC,SAAS,EAAE,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC;SACpC,CAAC;IACJ,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;GAEG;AACH,SAAS,iBAAiB,CAAC,KAAa;IACtC,MAAM,UAAU,GAAG,SAAS,CAAC,KAAK,CAAC,CAAC;IACpC,MAAM,UAAU,GAAgB,EAAE,CAAC;IACnC,IAAI,SAAS,GAAG,UAAU,CAAC;IAE3B,sCAAsC;IACtC,MAAM,cAAc,GAAG,MAAM,CAAC,OAAO,CAAC,aAAa,CAAC;SACjD,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,MAAM,CAAC,CAAC;IAE3C,KAAK,MAAM,CAAC,OAAO,EAAE,KAAK,CAAC,IAAI,cAAc,EAAE,CAAC;QAC9C,IAAI,SAAS,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;YAChC,UAAU,CAAC,IAAI,CAAC,GAAG,KAAK,CAAC,CAAC;YAC1B,SAAS,GAAG,SAAS,CAAC,OAAO,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;QACpD,CAAC;IACH,CAAC;IAED,IAAI,UAAU,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC1B,cAAc;QACd,OAAO;YACL,KAAK,EAAE,CAAC,GAAG,IAAI,GAAG,CAAC,UAAU,CAAC,CAAC;YAC/B,SAAS;SACV,CAAC;IACJ,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;GAEG;AACH,SAAS,eAAe,CAAC,KAAa;IACpC,MAAM,UAAU,GAAG,SAAS,CAAC,KAAK,CAAC,CAAC;IAEpC,KAAK,MAAM,CAAC,OAAO,EAAE,QAAQ,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,iBAAiB,CAAC,EAAE,CAAC;QACpE,0CAA0C;QAC1C,MAAM,KAAK,GAAG,IAAI,MAAM,CAAC,MAAM,OAAO,KAAK,EAAE,GAAG,CAAC,CAAC;QAClD,IAAI,KAAK,CAAC,IAAI,CAAC,UAAU,CAAC,EAAE,CAAC;YAC3B,OAAO;gBACL,QAAQ;gBACR,SAAS,EAAE,UAAU,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC,IAAI,EAAE;aAChD,CAAC;QACJ,CAAC;IACH,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;GAEG;AACH,SAAS,oBAAoB,CAAC,KAAa;IACzC,MAAM,UAAU,GAAG,SAAS,CAAC,KAAK,CAAC,CAAC;IAEpC,8EAA8E;IAC9E,MAAM,QAAQ,GAAG,UAAU,CAAC,KAAK,CAAC,sHAAsH,CAAC,CAAC;IAC1J,IAAI,QAAQ,EAAE,CAAC;QACb,OAAO;YACL,OAAO,EAAE,GAAG;YACZ,SAAS,EAAE,UAAU,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,IAAI,EAAE;SACtD,CAAC;IACJ,CAAC;IAED,kCAAkC;IAClC,MAAM,OAAO,GAAG,UAAU,CAAC,KAAK,CAAC,oCAAoC,CAAC,CAAC;IACvE,IAAI,OAAO,IAAI,OAAO,CAAC,CAAC,CAAC,EAAE,CAAC;QAC1B,MAAM,UAAU,GAAG,OAAO,CAAC,CAAC,CAAC,CAAC;QAE9B,wEAAwE;QACxE,IAAI,eAAe,CAAC,IAAI,CAAC,UAAU,CAAC,EAAE,CAAC;YACrC,OAAO,IAAI,CAAC;QACd,CAAC;QAED,oCAAoC;QACpC,KAAK,MAAM,CAAC,IAAI,EAAE,QAAQ,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,oBAAoB,CAAC,EAAE,CAAC;YACpE,IAAI,UAAU,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,EAAE,CAAC;gBAC3D,OAAO;oBACL,OAAO,EAAE,QAAQ,CAAC,CAAC,CAAC;oBACpB,SAAS,EAAE,UAAU,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,IAAI,EAAE;iBACrD,CAAC;YACJ,CAAC;QACH,CAAC;QAED,6BAA6B;QAC7B,OAAO;YACL,OAAO,EAAE,UAAU,CAAC,OAAO,CAAC,MAAM,EAAE,GAAG,CAAC;YACxC,SAAS,EAAE,UAAU,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,IAAI,EAAE;SACrD,CAAC;IACJ,CAAC;IAED,4CAA4C;IAC5C,MAAM,QAAQ,GAAG,UAAU,CAAC,KAAK,CAAC,eAAe,CAAC,CAAC;IACnD,IAAI,QAAQ,IAAI,QAAQ,CAAC,CAAC,CAAC,EAAE,CAAC;QAC5B,OAAO;YACL,OAAO,EAAE,GAAG;YACZ,SAAS,EAAE,UAAU,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,IAAI,EAAE;SACtD,CAAC;IACJ,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;GAEG;AACH,SAAS,kBAAkB,CAAC,KAAa;IACvC,MAAM,UAAU,GAAG,SAAS,CAAC,KAAK,CAAC,CAAC;IAEpC,oCAAoC;IACpC,MAAM,SAAS,GAAG,UAAU,CAAC,KAAK,CAAC,oCAAoC,CAAC,CAAC;IACzE,IAAI,SAAS,IAAI,SAAS,CAAC,CAAC,CAAC,EAAE,CAAC;QAC9B,OAAO;YACL,OAAO,EAAE,SAAS,CAAC,CAAC,CAAC;YACrB,SAAS,EAAE,UAAU,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,IAAI,EAAE;SACvD,CAAC;IACJ,CAAC;IAED,8BAA8B;IAC9B,MAAM,SAAS,GAAG,UAAU,CAAC,KAAK,CAAC,+BAA+B,CAAC,CAAC;IACpE,IAAI,SAAS,IAAI,SAAS,CAAC,CAAC,CAAC,EAAE,CAAC;QAC9B,OAAO;YACL,OAAO,EAAE,SAAS,CAAC,CAAC,CAAC;YACrB,SAAS,EAAE,UAAU,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,IAAI,EAAE;SACvD,CAAC;IACJ,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC;AAKD;;;GAGG;AACH,SAAS,mBAAmB,CAAC,MAAoB;IAC/C,IAAI,MAAM,KAAK,OAAO;QAAE,OAAO,QAAQ,CAAC;IACxC,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;;;;;GAMG;AACH,SAAS,gBAAgB,CACvB,MAAoB,EACpB,WAA+B,EAC/B,iBAA+B,QAAQ;IAEvC,MAAM,QAAQ,GAAgB,CAAC,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,aAAa,EAAE,WAAW,CAAC,CAAC;IACpF,MAAM,OAAO,GAAgB,EAAE,CAAC;IAChC,MAAM,YAAY,GAAG,mBAAmB,CAAC,MAAM,CAAC,CAAC;IAEjD,kEAAkE;IAClE,IAAI,WAAW,IAAI,WAAW,CAAC,MAAM,GAAG,CAAC,IAAI,WAAW,CAAC,MAAM,GAAG,QAAQ,CAAC,MAAM,EAAE,CAAC;QAClF,KAAK,MAAM,IAAI,IAAI,WAAW,EAAE,CAAC;YAC/B,OAAO,CAAC,IAAI,CAAC,GAAG,YAAY,CAAC;QAC/B,CAAC;IACH,CAAC;SAAM,CAAC;QACN,4BAA4B;QAC5B,KAAK,MAAM,IAAI,IAAI,QAAQ,EAAE,CAAC;YAC5B,OAAO,CAAC,IAAI,CAAC,GAAG,YAAY,CAAC;QAC/B,CAAC;IACH,CAAC;IAED,OAAO,OAAO,CAAC;AACjB,CAAC;AAED;;;;;;;;;;;;;;;GAeG;AACH,MAAM,UAAU,WAAW,CACzB,KAAa,EACb,UAAyB,EAAE;IAE3B,MAAM,EAAE,aAAa,GAAG,QAAQ,EAAE,GAAG,OAAO,CAAC;IAE7C,IAAI,CAAC,KAAK,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;QACxC,OAAO;YACL,OAAO,EAAE,KAAK;YACd,KAAK,EAAE,kCAAkC;YACzC,KAAK,EAAE,MAAM,CAAC,KAAK,CAAC;SACrB,CAAC;IACJ,CAAC;IAED,qBAAqB;IACrB,MAAM,YAAY,GAAG,aAAa,CAAC,KAAK,CAAC,CAAC;IAC1C,IAAI,CAAC,YAAY,EAAE,CAAC;QAClB,OAAO;YACL,OAAO,EAAE,KAAK;YACd,KAAK,EAAE,yGAAyG;YAChH,KAAK;SACN,CAAC;IACJ,CAAC;IAED,MAAM,EAAE,MAAM,EAAE,GAAG,YAAY,CAAC;IAChC,IAAI,SAAS,GAAG,YAAY,CAAC,SAAS,CAAC;IAEvC,sBAAsB;IACtB,MAAM,UAAU,GAAG,iBAAiB,CAAC,SAAS,CAAC,CAAC;IAChD,MAAM,WAAW,GAAG,UAAU,EAAE,KAAK,IAAI,IAAI,CAAC;IAC9C,IAAI,UAAU,EAAE,CAAC;QACf,SAAS,GAAG,UAAU,CAAC,SAAS,CAAC;IACnC,CAAC;IAED,kGAAkG;IAClG,MAAM,YAAY,GAAG,oBAAoB,CAAC,SAAS,CAAC,CAAC;IACrD,MAAM,aAAa,GAAG,YAAY,EAAE,OAAO,IAAI,GAAG,CAAC;IACnD,IAAI,YAAY,EAAE,CAAC;QACjB,SAAS,GAAG,YAAY,CAAC,SAAS,CAAC;IACrC,CAAC;IAED,mBAAmB;IACnB,MAAM,cAAc,GAAG,eAAe,CAAC,SAAS,CAAC,CAAC;IAClD,MAAM,QAAQ,GAAG,cAAc,EAAE,QAAQ,CAAC;IAC1C,IAAI,cAAc,EAAE,CAAC;QACnB,SAAS,GAAG,cAAc,CAAC,SAAS,CAAC;IACvC,CAAC;IAED,uBAAuB;IACvB,MAAM,UAAU,GAAG,kBAAkB,CAAC,SAAS,CAAC,CAAC;IACjD,MAAM,WAAW,GAAG,UAAU,EAAE,OAAO,IAAI,GAAG,CAAC;IAE/C,mBAAmB;IACnB,MAAM,MAAM,GAAe;QACzB,MAAM,EAAE,MAAM;KACf,CAAC;IAEF,4CAA4C;IAC5C,MAAM,cAAc,GAAG,QAAQ,IAAI,CAAC,WAAW,IAAI,WAAW,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;IAE3E,IAAI,cAAc,EAAE,CAAC;QACnB,MAAM,CAAC,MAAM,GAAG,OAAO,CAAC;QAExB,gEAAgE;QAChE,IAAI,QAAQ,EAAE,CAAC;YACb,MAAM,CAAC,QAAQ,GAAG,QAAQ,CAAC;QAC7B,CAAC;aAAM,IAAI,aAAa,KAAK,GAAG,EAAE,CAAC;YACjC,sEAAsE;YACtE,MAAM,gBAAgB,GAAG,uBAAuB,CAAC,aAAa,CAAC,CAAC;YAChE,IAAI,gBAAgB,EAAE,CAAC;gBACrB,MAAM,CAAC,QAAQ,GAAG,gBAAgB,CAAC;YACrC,CAAC;QACH,CAAC;QACD,+EAA+E;QAC/E,8EAA8E;QAC9E,0EAA0E;QAE1E,qBAAqB;QACrB,MAAM,CAAC,KAAK,GAAG,gBAAgB,CAAC,MAAM,EAAE,WAAW,EAAE,aAAa,CAAC,CAAC;IACtE,CAAC;IAED,uBAAuB;IACvB,MAAM,KAAK,GAAa,EAAE,CAAC;IAC3B,KAAK,CAAC,IAAI,CAAC,GAAG,MAAM,CAAC,WAAW,EAAE,EAAE,CAAC,CAAC;IACtC,IAAI,WAAW,IAAI,WAAW,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC1C,KAAK,CAAC,IAAI,CAAC,GAAG,WAAW,CAAC,IAAI,CAAC,GAAG,CAAC,aAAa,CAAC,CAAC;IACpD,CAAC;SAAM,CAAC;QACN,KAAK,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC;IAC/B,CAAC;IACD,IAAI,QAAQ,EAAE,CAAC;QACb,KAAK,CAAC,IAAI,CAAC,SAAS,QAAQ,WAAW,CAAC,CAAC;IAC3C,CAAC;IACD,KAAK,CAAC,IAAI,CAAC,cAAc,aAAa,WAAW,WAAW,GAAG,CAAC,CAAC;IAEjE,OAAO;QACL,OAAO,EAAE,IAAI;QACb,MAAM;QACN,aAAa;QACb,WAAW;QACX,KAAK;QACL,cAAc,EAAE,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC;KAChC,CAAC;AACJ,CAAC;AAED;;;;;;;;;;;;;;;;;;GAkBG;AACH,MAAM,UAAU,oBAAoB,CAClC,MAAgB,EAChB,UAAyB,EAAE;IAE3B,OAAO,MAAM,CAAC,GAAG,CAAC,KAAK,CAAC,EAAE,CAAC,WAAW,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC,CAAC;AAC1D,CAAC;AAED;;;;;;;;;;;;;;;;;;GAkBG;AACH,MAAM,UAAU,gBAAgB,CAC9B,QAAwB;IAExB,MAAM,MAAM,GAA0D,EAAE,CAAC;IAEzE,KAAK,MAAM,MAAM,IAAI,QAAQ,EAAE,CAAC;QAC9B,IAAI,CAAC,MAAM,CAAC,OAAO,IAAI,CAAC,MAAM,CAAC,MAAM;YAAE,SAAS;QAEhD,MAAM,aAAa,GAAG,MAAM,CAAC,aAAa,IAAI,GAAG,CAAC;QAClD,MAAM,WAAW,GAAG,MAAM,CAAC,WAAW,IAAI,GAAG,CAAC;QAE9C,IAAI,CAAC,MAAM,CAAC,aAAa,CAAC,EAAE,CAAC;YAC3B,MAAM,CAAC,aAAa,CAAC,GAAG,EAAE,KAAK,EAAE,EAAE,EAAE,CAAC;QACxC,CAAC;QAED,2CAA2C;QAC3C,MAAM,QAAQ,GAAG,MAAM,CAAC,aAAa,CAAC,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC;QAC1D,IAAI,QAAQ,IAAI,QAAQ,CAAC,KAAK,IAAI,MAAM,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC;YACtD,uDAAuD;YACvD,QAAQ,CAAC,KAAK,GAAG,EAAE,GAAG,QAAQ,CAAC,KAAK,EAAE,GAAG,MAAM,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC;QACjE,CAAC;aAAM,CAAC;YACN,MAAM,CAAC,aAAa,CAAC,CAAC,KAAK,CAAC,WAAW,CAAC,GAAG,MAAM,CAAC,MAAM,CAAC;QAC3D,CAAC;IACH,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,sBAAsB,CAAC,KAAa;IAClD,IAAI,CAAC,KAAK,IAAI,OAAO,KAAK,KAAK,QAAQ;QAAE,OAAO,KAAK,CAAC;IACtD,MAAM,MAAM,GAAG,WAAW,CAAC,KAAK,CAAC,CAAC;IAClC,OAAO,MAAM,CAAC,OAAO,CAAC;AACxB,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,cAAc,CAAC,KAAa;IAC1C,MAAM,WAAW,GAAa,EAAE,CAAC;IACjC,MAAM,UAAU,GAAG,SAAS,CAAC,KAAK,CAAC,CAAC;IAEpC,0BAA0B;IAC1B,MAAM,SAAS,GAAG,MAAM,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC,IAAI,CACjD,OAAO,CAAC,EAAE,CAAC,UAAU,CAAC,UAAU,CAAC,OAAO,CAAC,IAAI,UAAU,CAAC,QAAQ,CAAC,IAAI,OAAO,GAAG,CAAC,CACjF,CAAC;IAEF,IAAI,CAAC,SAAS,EAAE,CAAC;QACf,WAAW,CAAC,IAAI,CAAC,4DAA4D,CAAC,CAAC;QAC/E,WAAW,CAAC,IAAI,CAAC,mBAAmB,KAAK,GAAG,CAAC,CAAC;QAC9C,WAAW,CAAC,IAAI,CAAC,kBAAkB,KAAK,GAAG,CAAC,CAAC;IAC/C,CAAC;IAED,8CAA8C;IAC9C,MAAM,OAAO,GAAG,MAAM,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC,IAAI,CAC7C,OAAO,CAAC,EAAE,CAAC,UAAU,CAAC,QAAQ,CAAC,OAAO,CAAC,CACxC,CAAC;IAEF,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,WAAW,CAAC,IAAI,CAAC,kFAAkF,CAAC,CAAC;IACvG,CAAC;IAED,gCAAgC;IAChC,MAAM,SAAS,GAAG,UAAU,CAAC,QAAQ,CAAC,MAAM,CAAC,IAAI,UAAU,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;IAE9E,IAAI,CAAC,SAAS,EAAE,CAAC;QACf,WAAW,CAAC,IAAI,CAAC,gEAAgE,CAAC,CAAC;IACrF,CAAC;IAED,OAAO,WAAW,CAAC;AACrB,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,MAAM,gBAAgB,GAAG;IAC9B,aAAa,EAAE,oCAAoC;IACnD,aAAa,EAAE,yCAAyC;IACxD,eAAe,EAAE,0CAA0C;IAC3D,QAAQ,EAAE,mCAAmC;IAC7C,OAAO,EAAE,kCAAkC;IAC3C,SAAS,EAAE,wCAAwC;IACnD,gBAAgB,EAAE,uDAAuD;IACzE,cAAc,EAAE,2DAA2D;IAC3E,eAAe,EAAE,wEAAwE;CACjF,CAAC"}
|