@dotsetlabs/tollgate 0.2.2 → 0.3.0

package/dist/guard/config.js

@@ -0,0 +1,260 @@
+/**
+ * Guard Configuration
+ *
+ * Handles loading and validation of guard configuration from:
+ * 1. ~/.config/tollgate/guard.yaml (user config)
+ * 2. ./tollgate.yaml (project config)
+ * 3. CLI options (highest priority)
+ */
+import { readFileSync, existsSync } from 'node:fs';
+import { join } from 'node:path';
+import { homedir } from 'node:os';
+import { parse as parseYaml } from 'yaml';
+/**
+ * Default risk action mapping.
+ *
+ * - safe/read: Allow without prompt (common dev commands)
+ * - write: Prompt for approval (file modifications)
+ * - destructive: Prompt for approval (deletions, overwrites)
+ * - dangerous: Always deny (system damage potential)
+ */
+export const DEFAULT_RISK_ACTIONS = {
+    safe: 'allow',
+    read: 'allow',
+    write: 'prompt',
+    destructive: 'prompt',
+    dangerous: 'deny',
+};
+/**
+ * Default session configuration.
+ */
+export const DEFAULT_SESSION_CONFIG = {
+    allowRemember: true,
+    defaultScope: 'tool',
+    allowedDurations: ['once', '5min', '15min', 'session'],
+    persistSessions: false,
+};
+/**
+ * Default fast path configuration.
+ *
+ * These command prefixes skip analysis entirely for performance.
+ * Only truly safe, read-only commands should be included.
+ */
+export const DEFAULT_FAST_PATH_CONFIG = {
+    enabled: true,
+    safePrefixes: [
+        // Navigation & listing
+        'ls', 'cd', 'pwd', 'tree',
+        // Reading
+        'cat', 'less', 'more', 'head', 'tail', 'bat',
+        // Searching (read-only)
+        'grep', 'rg', 'ag', 'find', 'fd', 'which', 'whereis', 'type', 'file',
+        // Help & info
+        'man', 'help', 'info', 'tldr',
+        // History & shell builtins
+        'history', 'alias', 'echo', 'printf',
+        // Version checking
+        'node --version', 'npm --version', 'python --version', 'go version',
+        'git --version', 'rustc --version', 'cargo --version',
+        // Git read-only
+        'git status', 'git diff', 'git log', 'git branch', 'git show',
+        'git remote -v', 'git stash list',
+        // Package info (read-only)
+        'npm list', 'npm ls', 'npm outdated', 'pip list', 'pip show',
+        // Environment
+        'env', 'printenv', 'whoami', 'id', 'hostname', 'uname',
+        // Date/time
+        'date', 'cal', 'uptime',
+    ],
+};
+/**
+ * Default audit configuration.
+ */
+export const DEFAULT_AUDIT_CONFIG = {
+    enabled: true,
+    logAllCommands: false, // Only log prompted/denied by default
+    redactSecrets: true,
+};
+/**
+ * Default UI configuration.
+ */
+export const DEFAULT_UI_CONFIG = {
+    showRiskLevel: true,
+    showPattern: false, // Can be noisy
+    showCategory: true,
+    colors: true,
+    timeout: 60, // 60 seconds
+};
+/**
+ * Complete default guard configuration.
+ */
+export const DEFAULT_GUARD_CONFIG = {
+    enabled: true,
+    risks: DEFAULT_RISK_ACTIONS,
+    session: DEFAULT_SESSION_CONFIG,
+    rules: [],
+    allowlist: [],
+    denylist: [],
+    fastPath: DEFAULT_FAST_PATH_CONFIG,
+    audit: DEFAULT_AUDIT_CONFIG,
+    ui: DEFAULT_UI_CONFIG,
+};
+/**
+ * Configuration file paths in order of precedence (lowest to highest).
+ */
+export function getConfigPaths() {
+    const paths = [];
+    // User-level config
+    const userConfig = join(homedir(), '.config', 'tollgate', 'guard.yaml');
+    if (existsSync(userConfig)) {
+        paths.push(userConfig);
+    }
+    // Project-level config (tollgate.yaml with guard section)
+    const projectConfig = join(process.cwd(), 'tollgate.yaml');
+    if (existsSync(projectConfig)) {
+        paths.push(projectConfig);
+    }
+    return paths;
+}
+/**
+ * Load guard configuration from a YAML file.
+ */
+export function loadConfigFromFile(path) {
+    try {
+        const content = readFileSync(path, 'utf8');
+        const parsed = parseYaml(content);
+        // Config might be at root or under 'guard' key
+        if (parsed?.guard) {
+            return parsed.guard;
+        }
+        // If it looks like a guard config at root level
+        if (parsed?.risks || parsed?.rules || parsed?.allowlist) {
+            return parsed;
+        }
+        return null;
+    }
+    catch {
+        return null;
+    }
+}
+/**
+ * Deep merge two objects, with source taking precedence.
+ */
+function deepMerge(target, source) {
+    const result = { ...target };
+    for (const key of Object.keys(source)) {
+        const sourceValue = source[key];
+        const targetValue = target[key];
+        if (sourceValue !== undefined &&
+            typeof sourceValue === 'object' &&
+            sourceValue !== null &&
+            !Array.isArray(sourceValue) &&
+            typeof targetValue === 'object' &&
+            targetValue !== null &&
+            !Array.isArray(targetValue)) {
+            // Recursively merge objects
+            result[key] = deepMerge(targetValue, sourceValue);
+        }
+        else if (sourceValue !== undefined) {
+            // Override with source value
+            result[key] = sourceValue;
+        }
+    }
+    return result;
+}
+/**
+ * Load and merge guard configuration from all sources.
+ *
+ * Priority (lowest to highest):
+ * 1. Default configuration
+ * 2. User config (~/.config/tollgate/guard.yaml)
+ * 3. Project config (./tollgate.yaml)
+ * 4. CLI options (passed via overrides)
+ */
+export function loadGuardConfig(overrides) {
+    let config = { ...DEFAULT_GUARD_CONFIG };
+    // Load from config files
+    const configPaths = getConfigPaths();
+    for (const path of configPaths) {
+        const fileConfig = loadConfigFromFile(path);
+        if (fileConfig) {
+            config = deepMerge(config, fileConfig);
+        }
+    }
+    // Apply CLI overrides
+    if (overrides) {
+        config = deepMerge(config, overrides);
+    }
+    return config;
+}
+/**
+ * Validate guard configuration.
+ */
+export function validateGuardConfig(config) {
+    const errors = [];
+    // Validate risk mapping
+    const validRisks = ['safe', 'read', 'write', 'destructive', 'dangerous'];
+    const validActions = ['allow', 'prompt', 'deny'];
+    for (const [risk, action] of Object.entries(config.risks)) {
+        if (!validRisks.includes(risk)) {
+            errors.push(`Invalid risk level: ${risk}`);
+        }
+        if (!validActions.includes(action)) {
+            errors.push(`Invalid action for ${risk}: ${action}`);
+        }
+    }
+    // Validate rules
+    for (const rule of config.rules) {
+        try {
+            new RegExp(rule.pattern);
+        }
+        catch {
+            errors.push(`Invalid regex pattern in rule: ${rule.pattern}`);
+        }
+        if (!validActions.includes(rule.action)) {
+            errors.push(`Invalid action in rule: ${rule.action}`);
+        }
+    }
+    // Validate denylist patterns
+    for (const deny of config.denylist) {
+        try {
+            new RegExp(deny.pattern);
+        }
+        catch {
+            errors.push(`Invalid regex pattern in denylist: ${deny.pattern}`);
+        }
+    }
+    // Validate session config
+    const validScopes = ['exact', 'tool', 'server', 'pattern'];
+    if (!validScopes.includes(config.session.defaultScope)) {
+        errors.push(`Invalid default scope: ${config.session.defaultScope}`);
+    }
+    const validDurations = ['once', '5min', '15min', '30min', 'session'];
+    for (const duration of config.session.allowedDurations) {
+        if (!validDurations.includes(duration)) {
+            errors.push(`Invalid duration: ${duration}`);
+        }
+    }
+    // Validate UI timeout
+    if (config.ui.timeout < 1 || config.ui.timeout > 300) {
+        errors.push(`Timeout must be between 1 and 300 seconds, got: ${config.ui.timeout}`);
+    }
+    return errors;
+}
+export function compileRules(rules) {
+    return rules
+        .map((rule) => ({
+        ...rule,
+        pattern: new RegExp(rule.pattern, 'i'),
+        originalPattern: rule.pattern,
+    }))
+        .sort((a, b) => (b.priority ?? 0) - (a.priority ?? 0)); // Higher priority first
+}
+export function compileDenylist(denylist) {
+    return denylist.map((deny) => ({
+        ...deny,
+        pattern: new RegExp(deny.pattern, 'i'),
+        originalPattern: deny.pattern,
+    }));
+}
+//# sourceMappingURL=config.js.map

package/dist/guard/config.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"config.js","sourceRoot":"","sources":["../../src/guard/config.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,EAAE,YAAY,EAAE,UAAU,EAAE,MAAM,SAAS,CAAC;AACnD,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AACjC,OAAO,EAAE,OAAO,EAAE,MAAM,SAAS,CAAC;AAClC,OAAO,EAAE,KAAK,IAAI,SAAS,EAAE,MAAM,MAAM,CAAC;AAY1C;;;;;;;GAOG;AACH,MAAM,CAAC,MAAM,oBAAoB,GAAsB;IACrD,IAAI,EAAE,OAAO;IACb,IAAI,EAAE,OAAO;IACb,KAAK,EAAE,QAAQ;IACf,WAAW,EAAE,QAAQ;IACrB,SAAS,EAAE,MAAM;CAClB,CAAC;AAEF;;GAEG;AACH,MAAM,CAAC,MAAM,sBAAsB,GAAuB;IACxD,aAAa,EAAE,IAAI;IACnB,YAAY,EAAE,MAAM;IACpB,gBAAgB,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,SAAS,CAAC;IACtD,eAAe,EAAE,KAAK;CACvB,CAAC;AAEF;;;;;GAKG;AACH,MAAM,CAAC,MAAM,wBAAwB,GAAwB;IAC3D,OAAO,EAAE,IAAI;IACb,YAAY,EAAE;QACZ,uBAAuB;QACvB,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,MAAM;QACzB,UAAU;QACV,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,KAAK;QAC5C,wBAAwB;QACxB,MAAM,EAAE,IAAI,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,SAAS,EAAE,MAAM,EAAE,MAAM;QACpE,cAAc;QACd,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM;QAC7B,2BAA2B;QAC3B,SAAS,EAAE,OAAO,EAAE,MAAM,EAAE,QAAQ;QACpC,mBAAmB;QACnB,gBAAgB,EAAE,eAAe,EAAE,kBAAkB,EAAE,YAAY;QACnE,eAAe,EAAE,iBAAiB,EAAE,iBAAiB;QACrD,gBAAgB;QAChB,YAAY,EAAE,UAAU,EAAE,SAAS,EAAE,YAAY,EAAE,UAAU;QAC7D,eAAe,EAAE,gBAAgB;QACjC,2BAA2B;QAC3B,UAAU,EAAE,QAAQ,EAAE,cAAc,EAAE,UAAU,EAAE,UAAU;QAC5D,cAAc;QACd,KAAK,EAAE,UAAU,EAAE,QAAQ,EAAE,IAAI,EAAE,UAAU,EAAE,OAAO;QACtD,YAAY;QACZ,MAAM,EAAE,KAAK,EAAE,QAAQ;KACxB;CACF,CAAC;AAEF;;GAEG;AACH,MAAM,CAAC,MAAM,oBAAoB,GAAqB;IACpD,OAAO,EAAE,IAAI;IACb,cAAc,EAAE,KAAK,EAAE,sCAAsC;IAC7D,aAAa,EAAE,IAAI;CACpB,CAAC;AAEF;;GAEG;AACH,MAAM,CAAC,MAAM,iBAAiB,GAAkB;IAC9C,aAAa,EAAE,IAAI;IACnB,WAAW,EAAE,KAAK,EAAE,eAAe;IACnC,YAAY,EAAE,IAAI;IAClB,MAAM,EAAE,IAAI;IACZ,OAAO,EAAE,EAAE,EAAE,aAAa;CAC3B,CAAC;AAEF;;GAEG;AACH,MAAM,CAAC,MAAM,oBAAoB,GAAgB;IAC/C,OAAO,EAAE,IAAI;IACb,KAAK,EAAE,oBAAoB;IAC3B,OAAO,EAAE,sBAAsB;IAC/B,KAAK,EAAE,EAAE;IACT,SAAS,EAAE,EAAE;IACb,QAAQ,EAAE,EAAE;IACZ,QAAQ,EAAE,wBAAwB;IAClC,KAAK,EAAE,oBAAoB;IAC3B,EAAE,EAAE,iBAAiB;CACtB,CAAC;AAEF;;GAEG;AACH,MAAM,UAAU,cAAc;IAC5B,MAAM,KAAK,GAAa,EAAE,CAAC;IAE3B,oBAAoB;IACpB,MAAM,UAAU,GAAG,IAAI,CAAC,OAAO,EAAE,EAAE,SAAS,EAAE,UAAU,EAAE,YAAY,CAAC,CAAC;IACxE,IAAI,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;QAC3B,KAAK,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;IACzB,CAAC;IAED,0DAA0D;IAC1D,MAAM,aAAa,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,eAAe,CAAC,CAAC;IAC3D,IAAI,UAAU,CAAC,aAAa,CAAC,EAAE,CAAC;QAC9B,KAAK,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;IAC5B,CAAC;IAED,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,kBAAkB,CAAC,IAAY;IAC7C,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,YAAY,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC;QAC3C,MAAM,MAAM,GAAG,SAAS,CAAC,OAAO,CAAC,CAAC;QAElC,+CAA+C;QAC/C,IAAI,MAAM,EAAE,KAAK,EAAE,CAAC;YAClB,OAAO,MAAM,CAAC,KAA6B,CAAC;QAC9C,CAAC;QAED,gDAAgD;QAChD,IAAI,MAAM,EAAE,KAAK,IAAI,MAAM,EAAE,KAAK,IAAI,MAAM,EAAE,SAAS,EAAE,CAAC;YACxD,OAAO,MAA8B,CAAC;QACxC,CAAC;QAED,OAAO,IAAI,CAAC;IACd,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED;;GAEG;AACH,SAAS,SAAS,CAAmB,MAAS,EAAE,MAAkB;IAChE,MAAM,MAAM,GAAG,EAAE,GAAG,MAAM,EAAE,CAAC;IAE7B,KAAK,MAAM,GAAG,IAAI,MAAM,CAAC,IAAI,CAAC,MAAM,CAAmB,EAAE,CAAC;QACxD,MAAM,WAAW,GAAG,MAAM,CAAC,GAAG,CAAC,CAAC;QAChC,MAAM,WAAW,GAAG,MAAM,CAAC,GAAG,CAAC,CAAC;QAEhC,IACE,WAAW,KAAK,SAAS;YACzB,OAAO,WAAW,KAAK,QAAQ;YAC/B,WAAW,KAAK,IAAI;YACpB,CAAC,KAAK,CAAC,OAAO,CAAC,WAAW,CAAC;YAC3B,OAAO,WAAW,KAAK,QAAQ;YAC/B,WAAW,KAAK,IAAI;YACpB,CAAC,KAAK,CAAC,OAAO,CAAC,WAAW,CAAC,EAC3B,CAAC;YACD,4BAA4B;YAC5B,MAAM,CAAC,GAAG,CAAC,GAAG,SAAS,CACrB,WAAqB,EACrB,WAA8B,CACjB,CAAC;QAClB,CAAC;aAAM,IAAI,WAAW,KAAK,SAAS,EAAE,CAAC;YACrC,6BAA6B;YAC7B,MAAM,CAAC,GAAG,CAAC,GAAG,WAAyB,CAAC;QAC1C,CAAC;IACH,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;;;;;;;GAQG;AACH,MAAM,UAAU,eAAe,CAAC,SAAgC;IAC9D,IAAI,MAAM,GAAgB,EAAE,GAAG,oBAAoB,EAAE,CAAC;IAEtD,yBAAyB;IACzB,MAAM,WAAW,GAAG,cAAc,EAAE,CAAC;IACrC,KAAK,MAAM,IAAI,IAAI,WAAW,EAAE,CAAC;QAC/B,MAAM,UAAU,GAAG,kBAAkB,CAAC,IAAI,CAAC,CAAC;QAC5C,IAAI,UAAU,EAAE,CAAC;YACf,MAAM,GAAG,SAAS,CAAC,MAAM,EAAE,UAAU,CAAC,CAAC;QACzC,CAAC;IACH,CAAC;IAED,sBAAsB;IACtB,IAAI,SAAS,EAAE,CAAC;QACd,MAAM,GAAG,SAAS,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC;IACxC,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,mBAAmB,CAAC,MAAmB;IACrD,MAAM,MAAM,GAAa,EAAE,CAAC;IAE5B,wBAAwB;IACxB,MAAM,UAAU,GAAG,CAAC,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,aAAa,EAAE,WAAW,CAAC,CAAC;IACzE,MAAM,YAAY,GAAG,CAAC,OAAO,EAAE,QAAQ,EAAE,MAAM,CAAC,CAAC;IAEjD,KAAK,MAAM,CAAC,IAAI,EAAE,MAAM,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC;QAC1D,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;YAC/B,MAAM,CAAC,IAAI,CAAC,uBAAuB,IAAI,EAAE,CAAC,CAAC;QAC7C,CAAC;QACD,IAAI,CAAC,YAAY,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;YACnC,MAAM,CAAC,IAAI,CAAC,sBAAsB,IAAI,KAAK,MAAM,EAAE,CAAC,CAAC;QACvD,CAAC;IACH,CAAC;IAED,iBAAiB;IACjB,KAAK,MAAM,IAAI,IAAI,MAAM,CAAC,KAAK,EAAE,CAAC;QAChC,IAAI,CAAC;YACH,IAAI,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QAC3B,CAAC;QAAC,MAAM,CAAC;YACP,MAAM,CAAC,IAAI,CAAC,kCAAkC,IAAI,CAAC,OAAO,EAAE,CAAC,CAAC;QAChE,CAAC;QACD,IAAI,CAAC,YAAY,CAAC,QAAQ,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC;YACxC,MAAM,CAAC,IAAI,CAAC,2BAA2B,IAAI,CAAC,MAAM,EAAE,CAAC,CAAC;QACxD,CAAC;IACH,CAAC;IAED,6BAA6B;IAC7B,KAAK,MAAM,IAAI,IAAI,MAAM,CAAC,QAAQ,EAAE,CAAC;QACnC,IAAI,CAAC;YACH,IAAI,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QAC3B,CAAC;QAAC,MAAM,CAAC;YACP,MAAM,CAAC,IAAI,CAAC,sCAAsC,IAAI,CAAC,OAAO,EAAE,CAAC,CAAC;QACpE,CAAC;IACH,CAAC;IAED,0BAA0B;IAC1B,MAAM,WAAW,GAAG,CAAC,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,SAAS,CAAC,CAAC;IAC3D,IAAI,CAAC,WAAW,CAAC,QAAQ,CAAC,MAAM,CAAC,OAAO,CAAC,YAAY,CAAC,EAAE,CAAC;QACvD,MAAM,CAAC,IAAI,CAAC,0BAA0B,MAAM,CAAC,OAAO,CAAC,YAAY,EAAE,CAAC,CAAC;IACvE,CAAC;IAED,MAAM,cAAc,GAAG,CAAC,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,OAAO,EAAE,SAAS,CAAC,CAAC;IACrE,KAAK,MAAM,QAAQ,IAAI,MAAM,CAAC,OAAO,CAAC,gBAAgB,EAAE,CAAC;QACvD,IAAI,CAAC,cAAc,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC;YACvC,MAAM,CAAC,IAAI,CAAC,qBAAqB,QAAQ,EAAE,CAAC,CAAC;QAC/C,CAAC;IACH,CAAC;IAED,sBAAsB;IACtB,IAAI,MAAM,CAAC,EAAE,CAAC,OAAO,GAAG,CAAC,IAAI,MAAM,CAAC,EAAE,CAAC,OAAO,GAAG,GAAG,EAAE,CAAC;QACrD,MAAM,CAAC,IAAI,CAAC,mDAAmD,MAAM,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,CAAC;IACtF,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC;AAUD,MAAM,UAAU,YAAY,CAAC,KAAkB;IAC7C,OAAO,KAAK;SACT,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;QACd,GAAG,IAAI;QACP,OAAO,EAAE,IAAI,MAAM,CAAC,IAAI,CAAC,OAAO,EAAE,GAAG,CAAC;QACtC,eAAe,EAAE,IAAI,CAAC,OAAO;KAC9B,CAAC,CAAC;SACF,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,QAAQ,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,QAAQ,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,wBAAwB;AACpF,CAAC;AAUD,MAAM,UAAU,eAAe,CAAC,QAAuB;IACrD,OAAO,QAAQ,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;QAC7B,GAAG,IAAI;QACP,OAAO,EAAE,IAAI,MAAM,CAAC,IAAI,CAAC,OAAO,EAAE,GAAG,CAAC;QACtC,eAAe,EAAE,IAAI,CAAC,OAAO;KAC9B,CAAC,CAAC,CAAC;AACN,CAAC"}

package/dist/guard/context/directory.d.ts

@@ -0,0 +1,35 @@
+/**
+ * Directory Sensitivity Scoring for Shell Guardian
+ *
+ * Evaluates how sensitive a directory is to help with risk assessment.
+ */
+import type { DirectoryContext, ProjectContext } from './types.js';
+/**
+ * Score directory sensitivity.
+ *
+ * @param targetPath - Path to evaluate
+ * @param project - Optional project context
+ * @returns Directory context with sensitivity information
+ */
+export declare function scoreSensitivity(targetPath: string, project?: ProjectContext): DirectoryContext;
+/**
+ * Get sensitive paths that would be affected by operating on a directory.
+ *
+ * @param targetPath - Path to check
+ * @returns List of sensitive paths that would be affected
+ */
+export declare function getSensitivePathsAffected(targetPath: string): string[];
+/**
+ * Get a human-readable description of why a path is sensitive.
+ */
+export declare function getSensitivityDescription(context: DirectoryContext): string;
+/**
+ * Check if a path should trigger extra confirmation.
+ */
+export declare function requiresExtraConfirmation(context: DirectoryContext): boolean;
+/**
+ * Get the relative risk modifier based on sensitivity.
+ * Returns a multiplier for risk scoring.
+ */
+export declare function getSensitivityRiskModifier(context: DirectoryContext): number;
+//# sourceMappingURL=directory.d.ts.map

package/dist/guard/context/directory.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"directory.d.ts","sourceRoot":"","sources":["../../../src/guard/context/directory.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAIH,OAAO,KAAK,EAAE,gBAAgB,EAAE,cAAc,EAAE,MAAM,YAAY,CAAC;AAmFnE;;;;;;GAMG;AACH,wBAAgB,gBAAgB,CAC9B,UAAU,EAAE,MAAM,EAClB,OAAO,CAAC,EAAE,cAAc,GACvB,gBAAgB,CAiFlB;AAwBD;;;;;GAKG;AACH,wBAAgB,yBAAyB,CAAC,UAAU,EAAE,MAAM,GAAG,MAAM,EAAE,CAoBtE;AAED;;GAEG;AACH,wBAAgB,yBAAyB,CAAC,OAAO,EAAE,gBAAgB,GAAG,MAAM,CAc3E;AAED;;GAEG;AACH,wBAAgB,yBAAyB,CAAC,OAAO,EAAE,gBAAgB,GAAG,OAAO,CAE5E;AAED;;;GAGG;AACH,wBAAgB,0BAA0B,CAAC,OAAO,EAAE,gBAAgB,GAAG,MAAM,CAM5E"}

package/dist/guard/context/directory.js

@@ -0,0 +1,243 @@
+/**
+ * Directory Sensitivity Scoring for Shell Guardian
+ *
+ * Evaluates how sensitive a directory is to help with risk assessment.
+ */
+import { resolve } from 'node:path';
+import { homedir } from 'node:os';
+/**
+ * Sensitive paths categorized by severity.
+ */
+const SENSITIVE_PATHS = {
+    /** Critical system paths - never modify */
+    critical: [
+        '/',
+        '/etc',
+        '/usr',
+        '/bin',
+        '/sbin',
+        '/boot',
+        '/var',
+        '/root',
+        '/lib',
+        '/lib64',
+        '/opt',
+        '/srv',
+        '/sys',
+        '/proc',
+        '/dev',
+    ],
+    /** High sensitivity - user config and security */
+    high: [
+        '~/.ssh',
+        '~/.gnupg',
+        '~/.gpg',
+        '~/.config',
+        '~/.local/share',
+        '~/.aws',
+        '~/.azure',
+        '~/.gcloud',
+        '~/.kube',
+        '~/.docker',
+        '~/.npmrc',
+        '~/.pypirc',
+        '~/.netrc',
+        '~/.gitconfig',
+        '~/.git-credentials',
+        '~/.bash_history',
+        '~/.zsh_history',
+        '~/.password-store',
+        '~/.vault-token',
+    ],
+    /** Medium sensitivity - user data */
+    medium: [
+        '~',
+        '~/Documents',
+        '~/Desktop',
+        '~/Pictures',
+        '~/Music',
+        '~/Videos',
+        '~/Downloads',
+        '~/Library', // macOS
+    ],
+    /** Low sensitivity - temp/cache */
+    low: [
+        '/tmp',
+        '/var/tmp',
+        '~/.cache',
+        '~/.local/cache',
+    ],
+};
+/**
+ * Expand ~ to home directory.
+ */
+function expandPath(path) {
+    const home = homedir();
+    if (path.startsWith('~/')) {
+        return resolve(home, path.slice(2));
+    }
+    if (path === '~') {
+        return home;
+    }
+    return resolve(path);
+}
+/**
+ * Score directory sensitivity.
+ *
+ * @param targetPath - Path to evaluate
+ * @param project - Optional project context
+ * @returns Directory context with sensitivity information
+ */
+export function scoreSensitivity(targetPath, project) {
+    const resolvedTarget = resolve(targetPath);
+    const home = homedir();
+    const reasons = [];
+    let sensitivity = 0;
+    // Check critical paths (100 sensitivity)
+    for (const criticalPath of SENSITIVE_PATHS.critical) {
+        const expanded = expandPath(criticalPath);
+        if (isPathMatch(resolvedTarget, expanded)) {
+            sensitivity = Math.max(sensitivity, 100);
+            reasons.push(`Critical system path: ${criticalPath}`);
+        }
+    }
+    // Check high sensitivity paths (80 sensitivity)
+    for (const highPath of SENSITIVE_PATHS.high) {
+        const expanded = expandPath(highPath);
+        if (isPathMatch(resolvedTarget, expanded)) {
+            sensitivity = Math.max(sensitivity, 80);
+            reasons.push(`Sensitive config/credentials: ${highPath}`);
+        }
+    }
+    // Check medium sensitivity paths (50 sensitivity)
+    for (const mediumPath of SENSITIVE_PATHS.medium) {
+        const expanded = expandPath(mediumPath);
+        if (isPathMatch(resolvedTarget, expanded)) {
+            sensitivity = Math.max(sensitivity, 50);
+            reasons.push(`User data directory: ${mediumPath}`);
+        }
+    }
+    // Check low sensitivity paths (10 sensitivity)
+    for (const lowPath of SENSITIVE_PATHS.low) {
+        const expanded = expandPath(lowPath);
+        if (isPathMatch(resolvedTarget, expanded)) {
+            sensitivity = Math.min(sensitivity, 10); // Lower if in temp
+            reasons.push(`Temporary/cache directory: ${lowPath}`);
+        }
+    }
+    // Check if in project
+    const isInProject = project
+        ? isPathMatch(resolvedTarget, project.root) || resolvedTarget.startsWith(project.root + '/')
+        : false;
+    if (isInProject && project) {
+        // Reduce sensitivity for project directories
+        if (sensitivity > 30) {
+            sensitivity = 30;
+            reasons.push(`Inside project: ${project.name || project.root}`);
+        }
+        // Further reduce for regenerable directories
+        const { isRegenerablePath } = require('./project.js');
+        if (isRegenerablePath(resolvedTarget, project)) {
+            sensitivity = Math.min(sensitivity, 10);
+            reasons.push('Regenerable directory (can be recreated by package manager)');
+        }
+    }
+    // Default sensitivity for unknown paths
+    if (sensitivity === 0 && reasons.length === 0) {
+        sensitivity = 20;
+        reasons.push('Standard directory');
+    }
+    // Determine path characteristics
+    const isHome = resolvedTarget === home || resolvedTarget.startsWith(home + '/');
+    const isSystem = SENSITIVE_PATHS.critical.some(p => isPathMatch(resolvedTarget, expandPath(p)));
+    const isTemp = SENSITIVE_PATHS.low.some(p => isPathMatch(resolvedTarget, expandPath(p)));
+    return {
+        sensitivity,
+        sensitivityReasons: reasons,
+        isHome,
+        isSystem,
+        isInProject,
+        isTemp,
+    };
+}
+/**
+ * Check if target path matches or is within a sensitive path.
+ */
+function isPathMatch(target, sensitivePath) {
+    // Exact match
+    if (target === sensitivePath) {
+        return true;
+    }
+    // Target is inside sensitive path
+    if (target.startsWith(sensitivePath + '/')) {
+        return true;
+    }
+    // Target is a parent of sensitive path (e.g., rm -rf ~ would affect ~/.ssh)
+    if (sensitivePath.startsWith(target + '/')) {
+        return true;
+    }
+    return false;
+}
+/**
+ * Get sensitive paths that would be affected by operating on a directory.
+ *
+ * @param targetPath - Path to check
+ * @returns List of sensitive paths that would be affected
+ */
+export function getSensitivePathsAffected(targetPath) {
+    const resolvedTarget = resolve(targetPath);
+    const affected = [];
+    const allPaths = [
+        ...SENSITIVE_PATHS.critical,
+        ...SENSITIVE_PATHS.high,
+        ...SENSITIVE_PATHS.medium,
+    ];
+    for (const sensitivePath of allPaths) {
+        const expanded = expandPath(sensitivePath);
+        // Check if sensitive path is inside target
+        if (expanded.startsWith(resolvedTarget + '/') || expanded === resolvedTarget) {
+            affected.push(sensitivePath);
+        }
+    }
+    return affected;
+}
+/**
+ * Get a human-readable description of why a path is sensitive.
+ */
+export function getSensitivityDescription(context) {
+    if (context.sensitivity >= 100) {
+        return 'CRITICAL: System-level directory that should never be modified directly';
+    }
+    if (context.sensitivity >= 80) {
+        return 'HIGH: Contains sensitive credentials or security configuration';
+    }
+    if (context.sensitivity >= 50) {
+        return 'MEDIUM: User data directory with potentially important files';
+    }
+    if (context.sensitivity >= 20) {
+        return 'LOW: Standard directory with normal risk level';
+    }
+    return 'MINIMAL: Temporary or regenerable directory';
+}
+/**
+ * Check if a path should trigger extra confirmation.
+ */
+export function requiresExtraConfirmation(context) {
+    return context.sensitivity >= 50;
+}
+/**
+ * Get the relative risk modifier based on sensitivity.
+ * Returns a multiplier for risk scoring.
+ */
+export function getSensitivityRiskModifier(context) {
+    if (context.sensitivity >= 100)
+        return 2.0; // Double risk
+    if (context.sensitivity >= 80)
+        return 1.5; // 50% more risk
+    if (context.sensitivity >= 50)
+        return 1.2; // 20% more risk
+    if (context.sensitivity >= 20)
+        return 1.0; // Normal risk
+    return 0.5; // Half risk (temp/regenerable)
+}
+//# sourceMappingURL=directory.js.map

package/dist/guard/context/directory.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"directory.js","sourceRoot":"","sources":["../../../src/guard/context/directory.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AACpC,OAAO,EAAE,OAAO,EAAE,MAAM,SAAS,CAAC;AAGlC;;GAEG;AACH,MAAM,eAAe,GAAG;IACtB,2CAA2C;IAC3C,QAAQ,EAAE;QACR,GAAG;QACH,MAAM;QACN,MAAM;QACN,MAAM;QACN,OAAO;QACP,OAAO;QACP,MAAM;QACN,OAAO;QACP,MAAM;QACN,QAAQ;QACR,MAAM;QACN,MAAM;QACN,MAAM;QACN,OAAO;QACP,MAAM;KACP;IAED,kDAAkD;IAClD,IAAI,EAAE;QACJ,QAAQ;QACR,UAAU;QACV,QAAQ;QACR,WAAW;QACX,gBAAgB;QAChB,QAAQ;QACR,UAAU;QACV,WAAW;QACX,SAAS;QACT,WAAW;QACX,UAAU;QACV,WAAW;QACX,UAAU;QACV,cAAc;QACd,oBAAoB;QACpB,iBAAiB;QACjB,gBAAgB;QAChB,mBAAmB;QACnB,gBAAgB;KACjB;IAED,qCAAqC;IACrC,MAAM,EAAE;QACN,GAAG;QACH,aAAa;QACb,WAAW;QACX,YAAY;QACZ,SAAS;QACT,UAAU;QACV,aAAa;QACb,WAAW,EAAE,QAAQ;KACtB;IAED,mCAAmC;IACnC,GAAG,EAAE;QACH,MAAM;QACN,UAAU;QACV,UAAU;QACV,gBAAgB;KACjB;CACF,CAAC;AAEF;;GAEG;AACH,SAAS,UAAU,CAAC,IAAY;IAC9B,MAAM,IAAI,GAAG,OAAO,EAAE,CAAC;IACvB,IAAI,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC;QAC1B,OAAO,OAAO,CAAC,IAAI,EAAE,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;IACtC,CAAC;IACD,IAAI,IAAI,KAAK,GAAG,EAAE,CAAC;QACjB,OAAO,IAAI,CAAC;IACd,CAAC;IACD,OAAO,OAAO,CAAC,IAAI,CAAC,CAAC;AACvB,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,gBAAgB,CAC9B,UAAkB,EAClB,OAAwB;IAExB,MAAM,cAAc,GAAG,OAAO,CAAC,UAAU,CAAC,CAAC;IAC3C,MAAM,IAAI,GAAG,OAAO,EAAE,CAAC;IACvB,MAAM,OAAO,GAAa,EAAE,CAAC;IAC7B,IAAI,WAAW,GAAG,CAAC,CAAC;IAEpB,yCAAyC;IACzC,KAAK,MAAM,YAAY,IAAI,eAAe,CAAC,QAAQ,EAAE,CAAC;QACpD,MAAM,QAAQ,GAAG,UAAU,CAAC,YAAY,CAAC,CAAC;QAC1C,IAAI,WAAW,CAAC,cAAc,EAAE,QAAQ,CAAC,EAAE,CAAC;YAC1C,WAAW,GAAG,IAAI,CAAC,GAAG,CAAC,WAAW,EAAE,GAAG,CAAC,CAAC;YACzC,OAAO,CAAC,IAAI,CAAC,yBAAyB,YAAY,EAAE,CAAC,CAAC;QACxD,CAAC;IACH,CAAC;IAED,gDAAgD;IAChD,KAAK,MAAM,QAAQ,IAAI,eAAe,CAAC,IAAI,EAAE,CAAC;QAC5C,MAAM,QAAQ,GAAG,UAAU,CAAC,QAAQ,CAAC,CAAC;QACtC,IAAI,WAAW,CAAC,cAAc,EAAE,QAAQ,CAAC,EAAE,CAAC;YAC1C,WAAW,GAAG,IAAI,CAAC,GAAG,CAAC,WAAW,EAAE,EAAE,CAAC,CAAC;YACxC,OAAO,CAAC,IAAI,CAAC,iCAAiC,QAAQ,EAAE,CAAC,CAAC;QAC5D,CAAC;IACH,CAAC;IAED,kDAAkD;IAClD,KAAK,MAAM,UAAU,IAAI,eAAe,CAAC,MAAM,EAAE,CAAC;QAChD,MAAM,QAAQ,GAAG,UAAU,CAAC,UAAU,CAAC,CAAC;QACxC,IAAI,WAAW,CAAC,cAAc,EAAE,QAAQ,CAAC,EAAE,CAAC;YAC1C,WAAW,GAAG,IAAI,CAAC,GAAG,CAAC,WAAW,EAAE,EAAE,CAAC,CAAC;YACxC,OAAO,CAAC,IAAI,CAAC,wBAAwB,UAAU,EAAE,CAAC,CAAC;QACrD,CAAC;IACH,CAAC;IAED,+CAA+C;IAC/C,KAAK,MAAM,OAAO,IAAI,eAAe,CAAC,GAAG,EAAE,CAAC;QAC1C,MAAM,QAAQ,GAAG,UAAU,CAAC,OAAO,CAAC,CAAC;QACrC,IAAI,WAAW,CAAC,cAAc,EAAE,QAAQ,CAAC,EAAE,CAAC;YAC1C,WAAW,GAAG,IAAI,CAAC,GAAG,CAAC,WAAW,EAAE,EAAE,CAAC,CAAC,CAAC,mBAAmB;YAC5D,OAAO,CAAC,IAAI,CAAC,8BAA8B,OAAO,EAAE,CAAC,CAAC;QACxD,CAAC;IACH,CAAC;IAED,sBAAsB;IACtB,MAAM,WAAW,GAAG,OAAO;QACzB,CAAC,CAAC,WAAW,CAAC,cAAc,EAAE,OAAO,CAAC,IAAI,CAAC,IAAI,cAAc,CAAC,UAAU,CAAC,OAAO,CAAC,IAAI,GAAG,GAAG,CAAC;QAC5F,CAAC,CAAC,KAAK,CAAC;IAEV,IAAI,WAAW,IAAI,OAAO,EAAE,CAAC;QAC3B,6CAA6C;QAC7C,IAAI,WAAW,GAAG,EAAE,EAAE,CAAC;YACrB,WAAW,GAAG,EAAE,CAAC;YACjB,OAAO,CAAC,IAAI,CAAC,mBAAmB,OAAO,CAAC,IAAI,IAAI,OAAO,CAAC,IAAI,EAAE,CAAC,CAAC;QAClE,CAAC;QAED,6CAA6C;QAC7C,MAAM,EAAE,iBAAiB,EAAE,GAAG,OAAO,CAAC,cAAc,CAAC,CAAC;QACtD,IAAI,iBAAiB,CAAC,cAAc,EAAE,OAAO,CAAC,EAAE,CAAC;YAC/C,WAAW,GAAG,IAAI,CAAC,GAAG,CAAC,WAAW,EAAE,EAAE,CAAC,CAAC;YACxC,OAAO,CAAC,IAAI,CAAC,6DAA6D,CAAC,CAAC;QAC9E,CAAC;IACH,CAAC;IAED,wCAAwC;IACxC,IAAI,WAAW,KAAK,CAAC,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC9C,WAAW,GAAG,EAAE,CAAC;QACjB,OAAO,CAAC,IAAI,CAAC,oBAAoB,CAAC,CAAC;IACrC,CAAC;IAED,iCAAiC;IACjC,MAAM,MAAM,GAAG,cAAc,KAAK,IAAI,IAAI,cAAc,CAAC,UAAU,CAAC,IAAI,GAAG,GAAG,CAAC,CAAC;IAChF,MAAM,QAAQ,GAAG,eAAe,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,WAAW,CAAC,cAAc,EAAE,UAAU,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IAChG,MAAM,MAAM,GAAG,eAAe,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,WAAW,CAAC,cAAc,EAAE,UAAU,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IAEzF,OAAO;QACL,WAAW;QACX,kBAAkB,EAAE,OAAO;QAC3B,MAAM;QACN,QAAQ;QACR,WAAW;QACX,MAAM;KACP,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,SAAS,WAAW,CAAC,MAAc,EAAE,aAAqB;IACxD,cAAc;IACd,IAAI,MAAM,KAAK,aAAa,EAAE,CAAC;QAC7B,OAAO,IAAI,CAAC;IACd,CAAC;IAED,kCAAkC;IAClC,IAAI,MAAM,CAAC,UAAU,CAAC,aAAa,GAAG,GAAG,CAAC,EAAE,CAAC;QAC3C,OAAO,IAAI,CAAC;IACd,CAAC;IAED,4EAA4E;IAC5E,IAAI,aAAa,CAAC,UAAU,CAAC,MAAM,GAAG,GAAG,CAAC,EAAE,CAAC;QAC3C,OAAO,IAAI,CAAC;IACd,CAAC;IAED,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,yBAAyB,CAAC,UAAkB;IAC1D,MAAM,cAAc,GAAG,OAAO,CAAC,UAAU,CAAC,CAAC;IAC3C,MAAM,QAAQ,GAAa,EAAE,CAAC;IAE9B,MAAM,QAAQ,GAAG;QACf,GAAG,eAAe,CAAC,QAAQ;QAC3B,GAAG,eAAe,CAAC,IAAI;QACvB,GAAG,eAAe,CAAC,MAAM;KAC1B,CAAC;IAEF,KAAK,MAAM,aAAa,IAAI,QAAQ,EAAE,CAAC;QACrC,MAAM,QAAQ,GAAG,UAAU,CAAC,aAAa,CAAC,CAAC;QAE3C,2CAA2C;QAC3C,IAAI,QAAQ,CAAC,UAAU,CAAC,cAAc,GAAG,GAAG,CAAC,IAAI,QAAQ,KAAK,cAAc,EAAE,CAAC;YAC7E,QAAQ,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;QAC/B,CAAC;IACH,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,yBAAyB,CAAC,OAAyB;IACjE,IAAI,OAAO,CAAC,WAAW,IAAI,GAAG,EAAE,CAAC;QAC/B,OAAO,yEAAyE,CAAC;IACnF,CAAC;IACD,IAAI,OAAO,CAAC,WAAW,IAAI,EAAE,EAAE,CAAC;QAC9B,OAAO,gEAAgE,CAAC;IAC1E,CAAC;IACD,IAAI,OAAO,CAAC,WAAW,IAAI,EAAE,EAAE,CAAC;QAC9B,OAAO,8DAA8D,CAAC;IACxE,CAAC;IACD,IAAI,OAAO,CAAC,WAAW,IAAI,EAAE,EAAE,CAAC;QAC9B,OAAO,gDAAgD,CAAC;IAC1D,CAAC;IACD,OAAO,6CAA6C,CAAC;AACvD,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,yBAAyB,CAAC,OAAyB;IACjE,OAAO,OAAO,CAAC,WAAW,IAAI,EAAE,CAAC;AACnC,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,0BAA0B,CAAC,OAAyB;IAClE,IAAI,OAAO,CAAC,WAAW,IAAI,GAAG;QAAE,OAAO,GAAG,CAAC,CAAE,cAAc;IAC3D,IAAI,OAAO,CAAC,WAAW,IAAI,EAAE;QAAE,OAAO,GAAG,CAAC,CAAG,gBAAgB;IAC7D,IAAI,OAAO,CAAC,WAAW,IAAI,EAAE;QAAE,OAAO,GAAG,CAAC,CAAG,gBAAgB;IAC7D,IAAI,OAAO,CAAC,WAAW,IAAI,EAAE;QAAE,OAAO,GAAG,CAAC,CAAG,cAAc;IAC3D,OAAO,GAAG,CAAC,CAAmC,+BAA+B;AAC/E,CAAC"}

package/dist/guard/context/environment.d.ts

@@ -0,0 +1,31 @@
+/**
+ * Environment Detection for Shell Guardian
+ *
+ * Detects the execution environment (development, CI, production)
+ * to adjust risk assessment accordingly.
+ */
+import type { EnvironmentContext } from './types.js';
+/**
+ * Detect execution environment.
+ *
+ * @returns Environment context
+ */
+export declare function detectEnvironment(): EnvironmentContext;
+/**
+ * Get risk modifier based on environment.
+ * Production and CI environments should have stricter controls.
+ */
+export declare function getEnvironmentRiskModifier(env: EnvironmentContext): number;
+/**
+ * Check if environment requires extra caution.
+ */
+export declare function requiresExtraCaution(env: EnvironmentContext): boolean;
+/**
+ * Get warning message for risky environment.
+ */
+export declare function getEnvironmentWarning(env: EnvironmentContext): string | undefined;
+/**
+ * Check if destructive operations should be blocked.
+ */
+export declare function shouldBlockDestructive(env: EnvironmentContext): boolean;
+//# sourceMappingURL=environment.d.ts.map

package/dist/guard/context/environment.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"environment.d.ts","sourceRoot":"","sources":["../../../src/guard/context/environment.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAIH,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,YAAY,CAAC;AA+DrD;;;;GAIG;AACH,wBAAgB,iBAAiB,IAAI,kBAAkB,CAuEtD;AAiBD;;;GAGG;AACH,wBAAgB,0BAA0B,CAAC,GAAG,EAAE,kBAAkB,GAAG,MAAM,CAuB1E;AAED;;GAEG;AACH,wBAAgB,oBAAoB,CAAC,GAAG,EAAE,kBAAkB,GAAG,OAAO,CAIrE;AAED;;GAEG;AACH,wBAAgB,qBAAqB,CAAC,GAAG,EAAE,kBAAkB,GAAG,MAAM,GAAG,SAAS,CAoBjF;AAED;;GAEG;AACH,wBAAgB,sBAAsB,CAAC,GAAG,EAAE,kBAAkB,GAAG,OAAO,CAGvE"}