@dotsetlabs/tollgate 0.2.2 → 0.3.0

package/dist/guard/engine.js

@@ -0,0 +1,430 @@
+/**
+ * Guard Engine - Core orchestrator for AI Shell Guardian
+ *
+ * The GuardEngine evaluates shell commands through multiple stages:
+ * 1. Fast path - Skip analysis for known-safe commands
+ * 2. Allowlist - Exact match bypass
+ * 3. Denylist - Pattern-based blocking
+ * 4. Analysis - Risk classification via ShellAnalyzer
+ * 5. Custom rules - Pattern-based policy overrides
+ * 6. Session grants - Check for existing approvals
+ * 7. Risk policy - Map risk level to action
+ * 8. Approval - Prompt user if needed
+ *
+ * @example
+ * ```typescript
+ * const engine = new GuardEngine({ config: loadGuardConfig() });
+ * const result = await engine.evaluate({ command: 'rm -rf node_modules' });
+ *
+ * if (result.allowed) {
+ *   // Execute the command
+ * } else {
+ *   console.log(`Blocked: ${result.reason}`);
+ * }
+ * ```
+ */
+import { v4 as uuidv4 } from 'uuid';
+import { ShellAnalyzer } from '../analyzers/shell.js';
+import { SessionManager, InMemorySessionStore } from '../session/manager.js';
+import { SqliteSessionStore } from '../session/sqlite-store.js';
+import { TerminalApprovalHandler } from '../approval/terminal.js';
+import { AuditLogger } from '../audit/logger.js';
+import { DEFAULT_GUARD_CONFIG, compileRules, compileDenylist, } from './config.js';
+import { DEFAULT_APPROVAL_TIMEOUT_MS } from '../constants.js';
+import { getDataDir } from '../utils/config.js';
+import { join } from 'node:path';
+/**
+ * GuardEngine orchestrates command validation and approval.
+ */
+export class GuardEngine {
+    config;
+    analyzer;
+    sessionManager;
+    approvalHandler;
+    auditLogger;
+    // Pre-compiled patterns for performance
+    compiledRules;
+    compiledDenylist;
+    // Fast path prefix set for O(1) lookup
+    fastPathPrefixes;
+    constructor(options) {
+        this.config = options.config;
+        // Initialize analyzer
+        this.analyzer = new ShellAnalyzer();
+        // Initialize session manager
+        const sessionPath = options.sessionPath ?? join(getDataDir(), 'guard-sessions.db');
+        const sessionStore = options.persistSessions
+            ? new SqliteSessionStore(sessionPath)
+            : new InMemorySessionStore();
+        this.sessionManager = new SessionManager(sessionStore);
+        // Initialize approval handler
+        const timeoutMs = options.timeoutMs ?? DEFAULT_APPROVAL_TIMEOUT_MS;
+        this.approvalHandler = new TerminalApprovalHandler(timeoutMs);
+        // Initialize audit logger (if enabled)
+        this.auditLogger = this.config.audit.enabled
+            ? new AuditLogger({
+                dbPath: options.auditPath,
+                enableRedaction: this.config.audit.redactSecrets,
+            })
+            : null;
+        // Pre-compile patterns
+        this.compiledRules = compileRules(this.config.rules);
+        this.compiledDenylist = compileDenylist(this.config.denylist);
+        // Build fast path prefix set
+        this.fastPathPrefixes = new Set(this.config.fastPath.enabled ? this.config.fastPath.safePrefixes : []);
+    }
+    /**
+     * Evaluate a command and determine if it should be allowed to execute.
+     *
+     * @param context - The command context to evaluate
+     * @returns Result indicating whether command is allowed and why
+     */
+    async evaluate(context) {
+        const startTime = Date.now();
+        const { command } = context;
+        // Normalize command for consistent matching
+        const normalizedCommand = command.trim();
+        // Stage 1: Fast path for known-safe commands
+        if (this.matchesFastPath(normalizedCommand)) {
+            return this.createResult({
+                allowed: true,
+                reason: 'Fast path: known safe command',
+                riskLevel: 'safe',
+                analysis: { risk: 'safe', reason: 'Fast path bypass' },
+                decisionSource: 'allowlist',
+                evaluationTimeMs: Date.now() - startTime,
+            });
+        }
+        // Stage 2: Check allowlist (exact matches)
+        if (this.isAllowlisted(normalizedCommand)) {
+            return this.createResult({
+                allowed: true,
+                reason: 'Allowlisted command',
+                riskLevel: 'safe',
+                analysis: { risk: 'safe', reason: 'Allowlist match' },
+                decisionSource: 'allowlist',
+                evaluationTimeMs: Date.now() - startTime,
+            });
+        }
+        // Stage 3: Check denylist (pattern matches)
+        const denyMatch = this.matchesDenylist(normalizedCommand);
+        if (denyMatch) {
+            const result = this.createResult({
+                allowed: false,
+                reason: denyMatch.reason ?? 'Blocked by denylist',
+                riskLevel: 'dangerous',
+                analysis: {
+                    risk: 'dangerous',
+                    reason: denyMatch.reason ?? 'Denylist match',
+                    metadata: { pattern: denyMatch.originalPattern },
+                },
+                decisionSource: 'denylist',
+                evaluationTimeMs: Date.now() - startTime,
+            });
+            await this.logDecision(context, result, 'denied');
+            return result;
+        }
+        // Stage 4: Analyze command with ShellAnalyzer
+        const analysis = this.analyzer.analyze(normalizedCommand);
+        // Stage 5: Check custom rules
+        const ruleMatch = this.matchCustomRule(normalizedCommand);
+        if (ruleMatch) {
+            if (ruleMatch.action === 'allow') {
+                return this.createResult({
+                    allowed: true,
+                    reason: ruleMatch.reason,
+                    riskLevel: analysis.risk,
+                    analysis,
+                    decisionSource: 'rule',
+                    evaluationTimeMs: Date.now() - startTime,
+                });
+            }
+            if (ruleMatch.action === 'deny') {
+                const result = this.createResult({
+                    allowed: false,
+                    reason: ruleMatch.reason,
+                    riskLevel: analysis.risk,
+                    analysis,
+                    decisionSource: 'rule',
+                    evaluationTimeMs: Date.now() - startTime,
+                });
+                await this.logDecision(context, result, 'denied');
+                return result;
+            }
+            // 'prompt' falls through to normal flow
+        }
+        // Stage 6: Apply risk-based policy
+        const action = this.config.risks[analysis.risk] ?? 'prompt';
+        if (action === 'allow') {
+            return this.createResult({
+                allowed: true,
+                reason: analysis.reason,
+                riskLevel: analysis.risk,
+                analysis,
+                decisionSource: 'risk',
+                evaluationTimeMs: Date.now() - startTime,
+            });
+        }
+        if (action === 'deny') {
+            const result = this.createResult({
+                allowed: false,
+                reason: analysis.reason,
+                riskLevel: analysis.risk,
+                analysis,
+                decisionSource: 'risk',
+                evaluationTimeMs: Date.now() - startTime,
+            });
+            await this.logDecision(context, result, 'denied');
+            return result;
+        }
+        // Stage 7: Check for existing session grant
+        const commandCategory = this.extractCommandCategory(normalizedCommand);
+        const grantCheck = await this.sessionManager.checkGrant({
+            server: 'guard',
+            tool: commandCategory,
+            args: { command: normalizedCommand },
+            timestamp: new Date(),
+        });
+        if (grantCheck.granted && grantCheck.grant) {
+            const result = this.createResult({
+                allowed: true,
+                reason: `Session grant: ${this.sessionManager.formatGrant(grantCheck.grant)}`,
+                riskLevel: analysis.risk,
+                analysis,
+                sessionGrantId: grantCheck.grant.id,
+                decisionSource: 'session',
+                evaluationTimeMs: Date.now() - startTime,
+            });
+            if (this.config.audit.logAllCommands) {
+                await this.logDecision(context, result, 'allowed');
+            }
+            return result;
+        }
+        // Stage 8: Dry-run mode - don't prompt
+        if (context.dryRun) {
+            return this.createResult({
+                allowed: false,
+                reason: 'Would prompt for approval (dry-run mode)',
+                riskLevel: analysis.risk,
+                analysis,
+                decisionSource: 'risk',
+                evaluationTimeMs: Date.now() - startTime,
+            });
+        }
+        // Stage 9: Prompt for approval
+        const approval = await this.promptApproval(context, analysis, commandCategory);
+        if (approval.result === 'approved') {
+            let sessionGrantId;
+            // Create session grant if requested
+            if (approval.sessionGrant) {
+                const grant = await this.sessionManager.createGrant({
+                    context: {
+                        server: 'guard',
+                        tool: commandCategory,
+                        args: { command: normalizedCommand },
+                        timestamp: new Date(),
+                    },
+                    scope: approval.sessionGrant.scope,
+                    duration: approval.sessionGrant.duration,
+                    grantedBy: 'terminal',
+                });
+                sessionGrantId = grant.id;
+            }
+            const result = this.createResult({
+                allowed: true,
+                reason: 'User approved',
+                riskLevel: analysis.risk,
+                analysis,
+                sessionGrantId,
+                decisionSource: 'user',
+                evaluationTimeMs: Date.now() - startTime,
+            });
+            await this.logDecision(context, result, 'allowed', 'approved');
+            return result;
+        }
+        // User denied or timed out
+        const result = this.createResult({
+            allowed: false,
+            reason: approval.result === 'timeout' ? 'Approval timed out' : 'User denied',
+            riskLevel: analysis.risk,
+            analysis,
+            decisionSource: 'user',
+            evaluationTimeMs: Date.now() - startTime,
+        });
+        await this.logDecision(context, result, 'denied', approval.result);
+        return result;
+    }
+    /**
+     * Analyze a command without prompting (for preview/display).
+     */
+    analyze(command) {
+        return this.analyzer.analyze(command.trim());
+    }
+    /**
+     * Check if command matches fast path prefixes.
+     */
+    matchesFastPath(command) {
+        if (!this.config.fastPath.enabled) {
+            return false;
+        }
+        // Check exact prefix matches
+        for (const prefix of this.fastPathPrefixes) {
+            if (command === prefix || command.startsWith(prefix + ' ')) {
+                return true;
+            }
+        }
+        return false;
+    }
+    /**
+     * Check if command is in the allowlist.
+     */
+    isAllowlisted(command) {
+        return this.config.allowlist.includes(command);
+    }
+    /**
+     * Check if command matches any denylist pattern.
+     */
+    matchesDenylist(command) {
+        for (const deny of this.compiledDenylist) {
+            if (deny.pattern.test(command)) {
+                return deny;
+            }
+        }
+        return null;
+    }
+    /**
+     * Check if command matches any custom rule.
+     */
+    matchCustomRule(command) {
+        for (const rule of this.compiledRules) {
+            if (rule.pattern.test(command)) {
+                return rule;
+            }
+        }
+        return null;
+    }
+    /**
+     * Extract the primary command for session scoping.
+     */
+    extractCommandCategory(command) {
+        // Get first word (the actual command)
+        const firstWord = command.split(/\s+/)[0] ?? 'unknown';
+        // Handle common patterns
+        if (firstWord === 'sudo' || firstWord === 'doas') {
+            // Get the command after sudo/doas
+            const parts = command.split(/\s+/);
+            return parts[1] ?? firstWord;
+        }
+        return firstWord;
+    }
+    /**
+     * Prompt user for approval.
+     */
+    async promptApproval(context, analysis, commandCategory) {
+        const request = {
+            id: uuidv4(),
+            context: {
+                server: 'guard',
+                tool: commandCategory,
+                args: { command: context.command },
+                timestamp: new Date(),
+            },
+            decision: {
+                action: 'prompt',
+                reason: analysis.reason,
+                matchedRule: 'guard-policy',
+                analysis: {
+                    analyzer: 'shell',
+                    risk: analysis.risk,
+                    triggers: analysis.triggers,
+                },
+            },
+            timestamp: new Date(),
+            sessionConfig: {
+                allowRemember: this.config.session.allowRemember,
+                defaultScope: this.config.session.defaultScope,
+                allowedDurations: this.config.session.allowedDurations,
+            },
+        };
+        return this.approvalHandler.prompt(request);
+    }
+    /**
+     * Create a GuardResult with consistent structure.
+     */
+    createResult(partial) {
+        return {
+            allowed: partial.allowed,
+            reason: partial.reason,
+            riskLevel: partial.riskLevel,
+            analysis: partial.analysis,
+            sessionGrantId: partial.sessionGrantId,
+            decisionSource: partial.decisionSource,
+            evaluationTimeMs: partial.evaluationTimeMs,
+        };
+    }
+    /**
+     * Log a guard decision to the audit log.
+     */
+    async logDecision(context, result, decision, userResponse) {
+        if (!this.auditLogger) {
+            return;
+        }
+        // Log as a tool call attempt (reusing existing audit infrastructure)
+        const auditId = this.auditLogger.logAttempt({
+            server: 'guard',
+            tool: this.extractCommandCategory(context.command),
+            args: { command: context.command, cwd: context.cwd, shell: context.shell },
+            timestamp: new Date(),
+        }, {
+            action: result.allowed ? 'allow' : 'deny',
+            reason: result.reason,
+            matchedRule: result.decisionSource,
+            analysis: result.analysis ? {
+                analyzer: 'shell',
+                risk: result.analysis.risk,
+                triggers: result.analysis.triggers,
+            } : undefined,
+        }, result.sessionGrantId);
+        // Log the result
+        this.auditLogger.logResult(auditId, userResponse ?? (result.allowed ? 'approved' : 'denied'), result.allowed ? 'success' : 'error', result.allowed ? undefined : result.reason, result.evaluationTimeMs);
+    }
+    /**
+     * Get session manager for external access (e.g., CLI commands).
+     */
+    getSessionManager() {
+        return this.sessionManager;
+    }
+    /**
+     * Get audit logger for external access (e.g., CLI commands).
+     */
+    getAuditLogger() {
+        return this.auditLogger;
+    }
+    /**
+     * Get current configuration.
+     */
+    getConfig() {
+        return this.config;
+    }
+    /**
+     * Clean up resources.
+     */
+    close() {
+        this.sessionManager.close();
+        this.approvalHandler.close();
+        this.auditLogger?.close();
+    }
+}
+/**
+ * Create a GuardEngine with default configuration.
+ */
+export function createGuardEngine(options) {
+    return new GuardEngine({
+        config: options?.config ?? DEFAULT_GUARD_CONFIG,
+        auditPath: options?.auditPath,
+        sessionPath: options?.sessionPath,
+        persistSessions: options?.persistSessions,
+        timeoutMs: options?.timeoutMs,
+    });
+}
+//# sourceMappingURL=engine.js.map

package/dist/guard/engine.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"engine.js","sourceRoot":"","sources":["../../src/guard/engine.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;GAwBG;AAEH,OAAO,EAAE,EAAE,IAAI,MAAM,EAAE,MAAM,MAAM,CAAC;AACpC,OAAO,EAAE,aAAa,EAAE,MAAM,uBAAuB,CAAC;AAEtD,OAAO,EAAE,cAAc,EAAE,oBAAoB,EAAE,MAAM,uBAAuB,CAAC;AAC7E,OAAO,EAAE,kBAAkB,EAAE,MAAM,4BAA4B,CAAC;AAChE,OAAO,EAAE,uBAAuB,EAAE,MAAM,yBAAyB,CAAC;AAElE,OAAO,EAAE,WAAW,EAAE,MAAM,oBAAoB,CAAC;AAOjD,OAAO,EACL,oBAAoB,EACpB,YAAY,EACZ,eAAe,GAGhB,MAAM,aAAa,CAAC;AACrB,OAAO,EAAE,2BAA2B,EAAE,MAAM,iBAAiB,CAAC;AAC9D,OAAO,EAAE,UAAU,EAAE,MAAM,oBAAoB,CAAC;AAChD,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AAEjC;;GAEG;AACH,MAAM,OAAO,WAAW;IACL,MAAM,CAAc;IACpB,QAAQ,CAAgB;IACxB,cAAc,CAAiB;IAC/B,eAAe,CAAkB;IACjC,WAAW,CAAqB;IAEjD,wCAAwC;IACvB,aAAa,CAAiB;IAC9B,gBAAgB,CAAwB;IAEzD,uCAAuC;IACtB,gBAAgB,CAAc;IAE/C,YAAY,OAA2B;QACrC,IAAI,CAAC,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;QAE7B,sBAAsB;QACtB,IAAI,CAAC,QAAQ,GAAG,IAAI,aAAa,EAAE,CAAC;QAEpC,6BAA6B;QAC7B,MAAM,WAAW,GAAG,OAAO,CAAC,WAAW,IAAI,IAAI,CAAC,UAAU,EAAE,EAAE,mBAAmB,CAAC,CAAC;QACnF,MAAM,YAAY,GAAG,OAAO,CAAC,eAAe;YAC1C,CAAC,CAAC,IAAI,kBAAkB,CAAC,WAAW,CAAC;YACrC,CAAC,CAAC,IAAI,oBAAoB,EAAE,CAAC;QAC/B,IAAI,CAAC,cAAc,GAAG,IAAI,cAAc,CAAC,YAAY,CAAC,CAAC;QAEvD,8BAA8B;QAC9B,MAAM,SAAS,GAAG,OAAO,CAAC,SAAS,IAAI,2BAA2B,CAAC;QACnE,IAAI,CAAC,eAAe,GAAG,IAAI,uBAAuB,CAAC,SAAS,CAAC,CAAC;QAE9D,uCAAuC;QACvC,IAAI,CAAC,WAAW,GAAG,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,OAAO;YAC1C,CAAC,CAAC,IAAI,WAAW,CAAC;gBACd,MAAM,EAAE,OAAO,CAAC,SAAS;gBACzB,eAAe,EAAE,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,aAAa;aACjD,CAAC;YACJ,CAAC,CAAC,IAAI,CAAC;QAET,uBAAuB;QACvB,IAAI,CAAC,aAAa,GAAG,YAAY,CAAC,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QACrD,IAAI,CAAC,gBAAgB,GAAG,eAAe,CAAC,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;QAE9D,6BAA6B;QAC7B,IAAI,CAAC,gBAAgB,GAAG,IAAI,GAAG,CAC7B,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,YAAY,CAAC,CAAC,CAAC,EAAE,CACtE,CAAC;IACJ,CAAC;IAED;;;;;OAKG;IACH,KAAK,CAAC,QAAQ,CAAC,OAAqB;QAClC,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QAC7B,MAAM,EAAE,OAAO,EAAE,GAAG,OAAO,CAAC;QAE5B,4CAA4C;QAC5C,MAAM,iBAAiB,GAAG,OAAO,CAAC,IAAI,EAAE,CAAC;QAEzC,6CAA6C;QAC7C,IAAI,IAAI,CAAC,eAAe,CAAC,iBAAiB,CAAC,EAAE,CAAC;YAC5C,OAAO,IAAI,CAAC,YAAY,CAAC;gBACvB,OAAO,EAAE,IAAI;gBACb,MAAM,EAAE,+BAA+B;gBACvC,SAAS,EAAE,MAAM;gBACjB,QAAQ,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,MAAM,EAAE,kBAAkB,EAAE;gBACtD,cAAc,EAAE,WAAW;gBAC3B,gBAAgB,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS;aACzC,CAAC,CAAC;QACL,CAAC;QAED,2CAA2C;QAC3C,IAAI,IAAI,CAAC,aAAa,CAAC,iBAAiB,CAAC,EAAE,CAAC;YAC1C,OAAO,IAAI,CAAC,YAAY,CAAC;gBACvB,OAAO,EAAE,IAAI;gBACb,MAAM,EAAE,qBAAqB;gBAC7B,SAAS,EAAE,MAAM;gBACjB,QAAQ,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,MAAM,EAAE,iBAAiB,EAAE;gBACrD,cAAc,EAAE,WAAW;gBAC3B,gBAAgB,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS;aACzC,CAAC,CAAC;QACL,CAAC;QAED,4CAA4C;QAC5C,MAAM,SAAS,GAAG,IAAI,CAAC,eAAe,CAAC,iBAAiB,CAAC,CAAC;QAC1D,IAAI,SAAS,EAAE,CAAC;YACd,MAAM,MAAM,GAAG,IAAI,CAAC,YAAY,CAAC;gBAC/B,OAAO,EAAE,KAAK;gBACd,MAAM,EAAE,SAAS,CAAC,MAAM,IAAI,qBAAqB;gBACjD,SAAS,EAAE,WAAW;gBACtB,QAAQ,EAAE;oBACR,IAAI,EAAE,WAAW;oBACjB,MAAM,EAAE,SAAS,CAAC,MAAM,IAAI,gBAAgB;oBAC5C,QAAQ,EAAE,EAAE,OAAO,EAAE,SAAS,CAAC,eAAe,EAAE;iBACjD;gBACD,cAAc,EAAE,UAAU;gBAC1B,gBAAgB,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS;aACzC,CAAC,CAAC;YAEH,MAAM,IAAI,CAAC,WAAW,CAAC,OAAO,EAAE,MAAM,EAAE,QAAQ,CAAC,CAAC;YAClD,OAAO,MAAM,CAAC;QAChB,CAAC;QAED,8CAA8C;QAC9C,MAAM,QAAQ,GAAG,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,iBAAiB,CAAC,CAAC;QAE1D,8BAA8B;QAC9B,MAAM,SAAS,GAAG,IAAI,CAAC,eAAe,CAAC,iBAAiB,CAAC,CAAC;QAC1D,IAAI,SAAS,EAAE,CAAC;YACd,IAAI,SAAS,CAAC,MAAM,KAAK,OAAO,EAAE,CAAC;gBACjC,OAAO,IAAI,CAAC,YAAY,CAAC;oBACvB,OAAO,EAAE,IAAI;oBACb,MAAM,EAAE,SAAS,CAAC,MAAM;oBACxB,SAAS,EAAE,QAAQ,CAAC,IAAI;oBACxB,QAAQ;oBACR,cAAc,EAAE,MAAM;oBACtB,gBAAgB,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS;iBACzC,CAAC,CAAC;YACL,CAAC;YAED,IAAI,SAAS,CAAC,MAAM,KAAK,MAAM,EAAE,CAAC;gBAChC,MAAM,MAAM,GAAG,IAAI,CAAC,YAAY,CAAC;oBAC/B,OAAO,EAAE,KAAK;oBACd,MAAM,EAAE,SAAS,CAAC,MAAM;oBACxB,SAAS,EAAE,QAAQ,CAAC,IAAI;oBACxB,QAAQ;oBACR,cAAc,EAAE,MAAM;oBACtB,gBAAgB,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS;iBACzC,CAAC,CAAC;gBAEH,MAAM,IAAI,CAAC,WAAW,CAAC,OAAO,EAAE,MAAM,EAAE,QAAQ,CAAC,CAAC;gBAClD,OAAO,MAAM,CAAC;YAChB,CAAC;YAED,wCAAwC;QAC1C,CAAC;QAED,mCAAmC;QACnC,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,QAAQ,CAAC;QAE5D,IAAI,MAAM,KAAK,OAAO,EAAE,CAAC;YACvB,OAAO,IAAI,CAAC,YAAY,CAAC;gBACvB,OAAO,EAAE,IAAI;gBACb,MAAM,EAAE,QAAQ,CAAC,MAAM;gBACvB,SAAS,EAAE,QAAQ,CAAC,IAAI;gBACxB,QAAQ;gBACR,cAAc,EAAE,MAAM;gBACtB,gBAAgB,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS;aACzC,CAAC,CAAC;QACL,CAAC;QAED,IAAI,MAAM,KAAK,MAAM,EAAE,CAAC;YACtB,MAAM,MAAM,GAAG,IAAI,CAAC,YAAY,CAAC;gBAC/B,OAAO,EAAE,KAAK;gBACd,MAAM,EAAE,QAAQ,CAAC,MAAM;gBACvB,SAAS,EAAE,QAAQ,CAAC,IAAI;gBACxB,QAAQ;gBACR,cAAc,EAAE,MAAM;gBACtB,gBAAgB,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS;aACzC,CAAC,CAAC;YAEH,MAAM,IAAI,CAAC,WAAW,CAAC,OAAO,EAAE,MAAM,EAAE,QAAQ,CAAC,CAAC;YAClD,OAAO,MAAM,CAAC;QAChB,CAAC;QAED,4CAA4C;QAC5C,MAAM,eAAe,GAAG,IAAI,CAAC,sBAAsB,CAAC,iBAAiB,CAAC,CAAC;QACvE,MAAM,UAAU,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,UAAU,CAAC;YACtD,MAAM,EAAE,OAAO;YACf,IAAI,EAAE,eAAe;YACrB,IAAI,EAAE,EAAE,OAAO,EAAE,iBAAiB,EAAE;YACpC,SAAS,EAAE,IAAI,IAAI,EAAE;SACtB,CAAC,CAAC;QAEH,IAAI,UAAU,CAAC,OAAO,IAAI,UAAU,CAAC,KAAK,EAAE,CAAC;YAC3C,MAAM,MAAM,GAAG,IAAI,CAAC,YAAY,CAAC;gBAC/B,OAAO,EAAE,IAAI;gBACb,MAAM,EAAE,kBAAkB,IAAI,CAAC,cAAc,CAAC,WAAW,CAAC,UAAU,CAAC,KAAK,CAAC,EAAE;gBAC7E,SAAS,EAAE,QAAQ,CAAC,IAAI;gBACxB,QAAQ;gBACR,cAAc,EAAE,UAAU,CAAC,KAAK,CAAC,EAAE;gBACnC,cAAc,EAAE,SAAS;gBACzB,gBAAgB,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS;aACzC,CAAC,CAAC;YAEH,IAAI,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,cAAc,EAAE,CAAC;gBACrC,MAAM,IAAI,CAAC,WAAW,CAAC,OAAO,EAAE,MAAM,EAAE,SAAS,CAAC,CAAC;YACrD,CAAC;YAED,OAAO,MAAM,CAAC;QAChB,CAAC;QAED,uCAAuC;QACvC,IAAI,OAAO,CAAC,MAAM,EAAE,CAAC;YACnB,OAAO,IAAI,CAAC,YAAY,CAAC;gBACvB,OAAO,EAAE,KAAK;gBACd,MAAM,EAAE,0CAA0C;gBAClD,SAAS,EAAE,QAAQ,CAAC,IAAI;gBACxB,QAAQ;gBACR,cAAc,EAAE,MAAM;gBACtB,gBAAgB,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS;aACzC,CAAC,CAAC;QACL,CAAC;QAED,+BAA+B;QAC/B,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,OAAO,EAAE,QAAQ,EAAE,eAAe,CAAC,CAAC;QAE/E,IAAI,QAAQ,CAAC,MAAM,KAAK,UAAU,EAAE,CAAC;YACnC,IAAI,cAAkC,CAAC;YAEvC,oCAAoC;YACpC,IAAI,QAAQ,CAAC,YAAY,EAAE,CAAC;gBAC1B,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,WAAW,CAAC;oBAClD,OAAO,EAAE;wBACP,MAAM,EAAE,OAAO;wBACf,IAAI,EAAE,eAAe;wBACrB,IAAI,EAAE,EAAE,OAAO,EAAE,iBAAiB,EAAE;wBACpC,SAAS,EAAE,IAAI,IAAI,EAAE;qBACtB;oBACD,KAAK,EAAE,QAAQ,CAAC,YAAY,CAAC,KAAK;oBAClC,QAAQ,EAAE,QAAQ,CAAC,YAAY,CAAC,QAAQ;oBACxC,SAAS,EAAE,UAAU;iBACtB,CAAC,CAAC;gBACH,cAAc,GAAG,KAAK,CAAC,EAAE,CAAC;YAC5B,CAAC;YAED,MAAM,MAAM,GAAG,IAAI,CAAC,YAAY,CAAC;gBAC/B,OAAO,EAAE,IAAI;gBACb,MAAM,EAAE,eAAe;gBACvB,SAAS,EAAE,QAAQ,CAAC,IAAI;gBACxB,QAAQ;gBACR,cAAc;gBACd,cAAc,EAAE,MAAM;gBACtB,gBAAgB,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS;aACzC,CAAC,CAAC;YAEH,MAAM,IAAI,CAAC,WAAW,CAAC,OAAO,EAAE,MAAM,EAAE,SAAS,EAAE,UAAU,CAAC,CAAC;YAC/D,OAAO,MAAM,CAAC;QAChB,CAAC;QAED,2BAA2B;QAC3B,MAAM,MAAM,GAAG,IAAI,CAAC,YAAY,CAAC;YAC/B,OAAO,EAAE,KAAK;YACd,MAAM,EAAE,QAAQ,CAAC,MAAM,KAAK,SAAS,CAAC,CAAC,CAAC,oBAAoB,CAAC,CAAC,CAAC,aAAa;YAC5E,SAAS,EAAE,QAAQ,CAAC,IAAI;YACxB,QAAQ;YACR,cAAc,EAAE,MAAM;YACtB,gBAAgB,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS;SACzC,CAAC,CAAC;QAEH,MAAM,IAAI,CAAC,WAAW,CAAC,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,QAAQ,CAAC,MAAM,CAAC,CAAC;QACnE,OAAO,MAAM,CAAC;IAChB,CAAC;IAED;;OAEG;IACH,OAAO,CAAC,OAAe;QACrB,OAAO,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC,CAAC;IAC/C,CAAC;IAED;;OAEG;IACK,eAAe,CAAC,OAAe;QACrC,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,OAAO,EAAE,CAAC;YAClC,OAAO,KAAK,CAAC;QACf,CAAC;QAED,6BAA6B;QAC7B,KAAK,MAAM,MAAM,IAAI,IAAI,CAAC,gBAAgB,EAAE,CAAC;YAC3C,IAAI,OAAO,KAAK,MAAM,IAAI,OAAO,CAAC,UAAU,CAAC,MAAM,GAAG,GAAG,CAAC,EAAE,CAAC;gBAC3D,OAAO,IAAI,CAAC;YACd,CAAC;QACH,CAAC;QAED,OAAO,KAAK,CAAC;IACf,CAAC;IAED;;OAEG;IACK,aAAa,CAAC,OAAe;QACnC,OAAO,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;IACjD,CAAC;IAED;;OAEG;IACK,eAAe,CAAC,OAAe;QACrC,KAAK,MAAM,IAAI,IAAI,IAAI,CAAC,gBAAgB,EAAE,CAAC;YACzC,IAAI,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;gBAC/B,OAAO,IAAI,CAAC;YACd,CAAC;QACH,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;IAED;;OAEG;IACK,eAAe,CAAC,OAAe;QACrC,KAAK,MAAM,IAAI,IAAI,IAAI,CAAC,aAAa,EAAE,CAAC;YACtC,IAAI,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;gBAC/B,OAAO,IAAI,CAAC;YACd,CAAC;QACH,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;IAED;;OAEG;IACK,sBAAsB,CAAC,OAAe;QAC5C,sCAAsC;QACtC,MAAM,SAAS,GAAG,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,SAAS,CAAC;QAEvD,yBAAyB;QACzB,IAAI,SAAS,KAAK,MAAM,IAAI,SAAS,KAAK,MAAM,EAAE,CAAC;YACjD,kCAAkC;YAClC,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;YACnC,OAAO,KAAK,CAAC,CAAC,CAAC,IAAI,SAAS,CAAC;QAC/B,CAAC;QAED,OAAO,SAAS,CAAC;IACnB,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,cAAc,CAC1B,OAAqB,EACrB,QAAwB,EACxB,eAAuB;QAEvB,MAAM,OAAO,GAAoB;YAC/B,EAAE,EAAE,MAAM,EAAE;YACZ,OAAO,EAAE;gBACP,MAAM,EAAE,OAAO;gBACf,IAAI,EAAE,eAAe;gBACrB,IAAI,EAAE,EAAE,OAAO,EAAE,OAAO,CAAC,OAAO,EAAE;gBAClC,SAAS,EAAE,IAAI,IAAI,EAAE;aACtB;YACD,QAAQ,EAAE;gBACR,MAAM,EAAE,QAAQ;gBAChB,MAAM,EAAE,QAAQ,CAAC,MAAM;gBACvB,WAAW,EAAE,cAAc;gBAC3B,QAAQ,EAAE;oBACR,QAAQ,EAAE,OAAO;oBACjB,IAAI,EAAE,QAAQ,CAAC,IAAI;oBACnB,QAAQ,EAAE,QAAQ,CAAC,QAAQ;iBAC5B;aACF;YACD,SAAS,EAAE,IAAI,IAAI,EAAE;YACrB,aAAa,EAAE;gBACb,aAAa,EAAE,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,aAAa;gBAChD,YAAY,EAAE,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,YAAY;gBAC9C,gBAAgB,EAAE,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,gBAAgB;aACvD;SACF,CAAC;QAEF,OAAO,IAAI,CAAC,eAAe,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;IAC9C,CAAC;IAED;;OAEG;IACK,YAAY,CAAC,OAAqE;QACxF,OAAO;YACL,OAAO,EAAE,OAAO,CAAC,OAAO;YACxB,MAAM,EAAE,OAAO,CAAC,MAAM;YACtB,SAAS,EAAE,OAAO,CAAC,SAAS;YAC5B,QAAQ,EAAE,OAAO,CAAC,QAAQ;YAC1B,cAAc,EAAE,OAAO,CAAC,cAAc;YACtC,cAAc,EAAE,OAAO,CAAC,cAAc;YACtC,gBAAgB,EAAE,OAAO,CAAC,gBAAgB;SAC3C,CAAC;IACJ,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,WAAW,CACvB,OAAqB,EACrB,MAAmB,EACnB,QAA2C,EAC3C,YAAgD;QAEhD,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC;YACtB,OAAO;QACT,CAAC;QAED,qEAAqE;QACrE,MAAM,OAAO,GAAG,IAAI,CAAC,WAAW,CAAC,UAAU,CACzC;YACE,MAAM,EAAE,OAAO;YACf,IAAI,EAAE,IAAI,CAAC,sBAAsB,CAAC,OAAO,CAAC,OAAO,CAAC;YAClD,IAAI,EAAE,EAAE,OAAO,EAAE,OAAO,CAAC,OAAO,EAAE,GAAG,EAAE,OAAO,CAAC,GAAG,EAAE,KAAK,EAAE,OAAO,CAAC,KAAK,EAAE;YAC1E,SAAS,EAAE,IAAI,IAAI,EAAE;SACtB,EACD;YACE,MAAM,EAAE,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM;YACzC,MAAM,EAAE,MAAM,CAAC,MAAM;YACrB,WAAW,EAAE,MAAM,CAAC,cAAc;YAClC,QAAQ,EAAE,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC;gBAC1B,QAAQ,EAAE,OAAO;gBACjB,IAAI,EAAE,MAAM,CAAC,QAAQ,CAAC,IAAI;gBAC1B,QAAQ,EAAE,MAAM,CAAC,QAAQ,CAAC,QAAQ;aACnC,CAAC,CAAC,CAAC,SAAS;SACd,EACD,MAAM,CAAC,cAAc,CACtB,CAAC;QAEF,iBAAiB;QACjB,IAAI,CAAC,WAAW,CAAC,SAAS,CACxB,OAAO,EACP,YAAY,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,QAAQ,CAAC,EACxD,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,OAAO,EACpC,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,MAAM,CAAC,MAAM,EAC1C,MAAM,CAAC,gBAAgB,CACxB,CAAC;IACJ,CAAC;IAED;;OAEG;IACH,iBAAiB;QACf,OAAO,IAAI,CAAC,cAAc,CAAC;IAC7B,CAAC;IAED;;OAEG;IACH,cAAc;QACZ,OAAO,IAAI,CAAC,WAAW,CAAC;IAC1B,CAAC;IAED;;OAEG;IACH,SAAS;QACP,OAAO,IAAI,CAAC,MAAM,CAAC;IACrB,CAAC;IAED;;OAEG;IACH,KAAK;QACH,IAAI,CAAC,cAAc,CAAC,KAAK,EAAE,CAAC;QAC5B,IAAI,CAAC,eAAe,CAAC,KAAK,EAAE,CAAC;QAC7B,IAAI,CAAC,WAAW,EAAE,KAAK,EAAE,CAAC;IAC5B,CAAC;CACF;AAED;;GAEG;AACH,MAAM,UAAU,iBAAiB,CAAC,OAAqC;IACrE,OAAO,IAAI,WAAW,CAAC;QACrB,MAAM,EAAE,OAAO,EAAE,MAAM,IAAI,oBAAoB;QAC/C,SAAS,EAAE,OAAO,EAAE,SAAS;QAC7B,WAAW,EAAE,OAAO,EAAE,WAAW;QACjC,eAAe,EAAE,OAAO,EAAE,eAAe;QACzC,SAAS,EAAE,OAAO,EAAE,SAAS;KAC9B,CAAC,CAAC;AACL,CAAC"}

package/dist/guard/enhanced-engine.d.ts

@@ -0,0 +1,151 @@
+/**
+ * Enhanced Guard Engine - Full-featured AI Shell Guardian
+ *
+ * Extends the base GuardEngine with:
+ * - Context-aware risk assessment (project, git, directory, environment)
+ * - Safer alternatives suggestions
+ * - Command preview with effect analysis
+ * - Reversibility scoring
+ * - Pattern learning for policy suggestions
+ * - Enhanced approval UI
+ */
+import type { AnalysisResult } from '../analyzers/types.js';
+import { SessionManager } from '../session/manager.js';
+import { AuditLogger } from '../audit/logger.js';
+import type { GuardConfig, GuardContext, GuardResult, GuardEngineOptions } from './types.js';
+import type { EnhancedGuardContext } from './context/types.js';
+import type { AlternativeResult } from './alternatives/types.js';
+import type { CommandPreview } from './preview/types.js';
+import type { ReversibilityAssessment } from './reversibility/index.js';
+import { LearningEngine } from './learning/index.js';
+/**
+ * Extended options for the enhanced guard engine.
+ */
+export interface EnhancedGuardEngineOptions extends GuardEngineOptions {
+    /** Whether to enable context enhancement */
+    enableContext?: boolean;
+    /** Whether to enable alternatives suggestions */
+    enableAlternatives?: boolean;
+    /** Whether to enable command preview */
+    enablePreview?: boolean;
+    /** Whether to enable reversibility analysis */
+    enableReversibility?: boolean;
+    /** Whether to enable pattern learning */
+    enableLearning?: boolean;
+    /** Whether to use enhanced approval UI */
+    enhancedUI?: boolean;
+    /** Path for learning data storage */
+    learningPath?: string;
+}
+/**
+ * Extended result with enhanced information.
+ */
+export interface EnhancedGuardResult extends GuardResult {
+    /** Enhanced context information */
+    enhancedContext?: EnhancedGuardContext;
+    /** Safer alternatives if available */
+    alternatives?: AlternativeResult;
+    /** Command preview if generated */
+    preview?: CommandPreview;
+    /** Reversibility assessment if evaluated */
+    reversibility?: ReversibilityAssessment;
+    /** Risk modifier from context (-1 to 1) */
+    riskModifier?: number;
+    /** If user chose an alternative */
+    chosenAlternative?: string;
+}
+/**
+ * EnhancedGuardEngine adds sophisticated context-aware features
+ * to the base Shell Guardian functionality.
+ */
+export declare class EnhancedGuardEngine {
+    private readonly config;
+    private readonly analyzer;
+    private readonly sessionManager;
+    private readonly auditLogger;
+    private readonly compiledRules;
+    private readonly compiledDenylist;
+    private readonly fastPathPrefixes;
+    private readonly contextProvider;
+    private readonly alternativesFinder;
+    private readonly previewGenerator;
+    private readonly reversibilityAnalyzer;
+    private readonly learningEngine;
+    private readonly approvalHandler;
+    private readonly useEnhancedUI;
+    constructor(options: EnhancedGuardEngineOptions);
+    /**
+     * Evaluate a command with full enhanced analysis.
+     */
+    evaluate(context: GuardContext): Promise<EnhancedGuardResult>;
+    /**
+     * Build enhanced context from base context.
+     */
+    private buildEnhancedContext;
+    /**
+     * Apply risk modifier based on context.
+     */
+    private applyRiskModifier;
+    /**
+     * Generate command preview if enabled.
+     */
+    private generatePreview;
+    /**
+     * Find alternatives if enabled.
+     */
+    private findAlternatives;
+    /**
+     * Assess reversibility if enabled.
+     */
+    private assessReversibility;
+    /**
+     * Prompt for enhanced approval.
+     */
+    private promptEnhancedApproval;
+    private matchesFastPath;
+    private isAllowlisted;
+    private matchesDenylist;
+    private matchCustomRule;
+    private extractCommandCategory;
+    private createEnhancedResult;
+    private logDecision;
+    /**
+     * Analyze a command without prompting.
+     */
+    analyze(command: string): AnalysisResult;
+    /**
+     * Preview a command (dry-run).
+     */
+    preview(command: string): Promise<{
+        analysis: AnalysisResult;
+        preview?: CommandPreview;
+        alternatives?: AlternativeResult;
+        reversibility?: ReversibilityAssessment;
+        context?: EnhancedGuardContext;
+    }>;
+    /**
+     * Get learning engine for external access.
+     */
+    getLearningEngine(): LearningEngine | null;
+    /**
+     * Get session manager.
+     */
+    getSessionManager(): SessionManager;
+    /**
+     * Get audit logger.
+     */
+    getAuditLogger(): AuditLogger | null;
+    /**
+     * Get configuration.
+     */
+    getConfig(): GuardConfig;
+    /**
+     * Clean up resources.
+     */
+    close(): void;
+}
+/**
+ * Create an enhanced guard engine with all features.
+ */
+export declare function createEnhancedGuardEngine(options?: Partial<EnhancedGuardEngineOptions>): EnhancedGuardEngine;
+//# sourceMappingURL=enhanced-engine.d.ts.map

package/dist/guard/enhanced-engine.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"enhanced-engine.d.ts","sourceRoot":"","sources":["../../src/guard/enhanced-engine.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAIH,OAAO,KAAK,EAAE,cAAc,EAAa,MAAM,uBAAuB,CAAC;AACvE,OAAO,EAAE,cAAc,EAAwB,MAAM,uBAAuB,CAAC;AAG7E,OAAO,EAAE,WAAW,EAAE,MAAM,oBAAoB,CAAC;AACjD,OAAO,KAAK,EACV,WAAW,EACX,YAAY,EACZ,WAAW,EACX,kBAAkB,EACnB,MAAM,YAAY,CAAC;AAkBpB,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,oBAAoB,CAAC;AAM/D,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,yBAAyB,CAAC;AAMjE,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,oBAAoB,CAAC;AAMzD,OAAO,KAAK,EAAE,uBAAuB,EAAE,MAAM,0BAA0B,CAAC;AACxE,OAAO,EACL,cAAc,EAEf,MAAM,qBAAqB,CAAC;AAO7B;;GAEG;AACH,MAAM,WAAW,0BAA2B,SAAQ,kBAAkB;IACpE,4CAA4C;IAC5C,aAAa,CAAC,EAAE,OAAO,CAAC;IACxB,iDAAiD;IACjD,kBAAkB,CAAC,EAAE,OAAO,CAAC;IAC7B,wCAAwC;IACxC,aAAa,CAAC,EAAE,OAAO,CAAC;IACxB,+CAA+C;IAC/C,mBAAmB,CAAC,EAAE,OAAO,CAAC;IAC9B,yCAAyC;IACzC,cAAc,CAAC,EAAE,OAAO,CAAC;IACzB,0CAA0C;IAC1C,UAAU,CAAC,EAAE,OAAO,CAAC;IACrB,qCAAqC;IACrC,YAAY,CAAC,EAAE,MAAM,CAAC;CACvB;AAED;;GAEG;AACH,MAAM,WAAW,mBAAoB,SAAQ,WAAW;IACtD,mCAAmC;IACnC,eAAe,CAAC,EAAE,oBAAoB,CAAC;IACvC,sCAAsC;IACtC,YAAY,CAAC,EAAE,iBAAiB,CAAC;IACjC,mCAAmC;IACnC,OAAO,CAAC,EAAE,cAAc,CAAC;IACzB,4CAA4C;IAC5C,aAAa,CAAC,EAAE,uBAAuB,CAAC;IACxC,2CAA2C;IAC3C,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,mCAAmC;IACnC,iBAAiB,CAAC,EAAE,MAAM,CAAC;CAC5B;AAED;;;GAGG;AACH,qBAAa,mBAAmB;IAC9B,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAc;IACrC,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAgB;IACzC,OAAO,CAAC,QAAQ,CAAC,cAAc,CAAiB;IAChD,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAqB;IAGjD,OAAO,CAAC,QAAQ,CAAC,aAAa,CAAiB;IAC/C,OAAO,CAAC,QAAQ,CAAC,gBAAgB,CAAwB;IACzD,OAAO,CAAC,QAAQ,CAAC,gBAAgB,CAAc;IAG/C,OAAO,CAAC,QAAQ,CAAC,eAAe,CAAyB;IACzD,OAAO,CAAC,QAAQ,CAAC,kBAAkB,CAA4B;IAC/D,OAAO,CAAC,QAAQ,CAAC,gBAAgB,CAA0B;IAC3D,OAAO,CAAC,QAAQ,CAAC,qBAAqB,CAA+B;IACrE,OAAO,CAAC,QAAQ,CAAC,cAAc,CAAwB;IACvD,OAAO,CAAC,QAAQ,CAAC,eAAe,CAAkB;IAClD,OAAO,CAAC,QAAQ,CAAC,aAAa,CAAU;gBAE5B,OAAO,EAAE,0BAA0B;IAiD/C;;OAEG;IACG,QAAQ,CAAC,OAAO,EAAE,YAAY,GAAG,OAAO,CAAC,mBAAmB,CAAC;IA+QnE;;OAEG;YACW,oBAAoB;IAiBlC;;OAEG;IACH,OAAO,CAAC,iBAAiB;IAwDzB;;OAEG;YACW,eAAe;IAiB7B;;OAEG;IACH,OAAO,CAAC,gBAAgB;IAgBxB;;OAEG;IACH,OAAO,CAAC,mBAAmB;IAgB3B;;OAEG;YACW,sBAAsB;IAsDpC,OAAO,CAAC,eAAe;IAYvB,OAAO,CAAC,aAAa;IAIrB,OAAO,CAAC,eAAe;IASvB,OAAO,CAAC,eAAe;IASvB,OAAO,CAAC,sBAAsB;IAS9B,OAAO,CAAC,oBAAoB;YAoBd,WAAW;IAyCzB;;OAEG;IACH,OAAO,CAAC,OAAO,EAAE,MAAM,GAAG,cAAc;IAIxC;;OAEG;IACG,OAAO,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC;QACtC,QAAQ,EAAE,cAAc,CAAC;QACzB,OAAO,CAAC,EAAE,cAAc,CAAC;QACzB,YAAY,CAAC,EAAE,iBAAiB,CAAC;QACjC,aAAa,CAAC,EAAE,uBAAuB,CAAC;QACxC,OAAO,CAAC,EAAE,oBAAoB,CAAC;KAChC,CAAC;IAYF;;OAEG;IACH,iBAAiB,IAAI,cAAc,GAAG,IAAI;IAI1C;;OAEG;IACH,iBAAiB,IAAI,cAAc;IAInC;;OAEG;IACH,cAAc,IAAI,WAAW,GAAG,IAAI;IAIpC;;OAEG;IACH,SAAS,IAAI,WAAW;IAIxB;;OAEG;IACH,KAAK,IAAI,IAAI;CAKd;AAED;;GAEG;AACH,wBAAgB,yBAAyB,CACvC,OAAO,CAAC,EAAE,OAAO,CAAC,0BAA0B,CAAC,GAC5C,mBAAmB,CAerB"}