@dungle-scrubs/tallow 0.8.6 → 0.8.8
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +20 -1
- package/dist/auth-hardening.d.ts +17 -23
- package/dist/auth-hardening.d.ts.map +1 -1
- package/dist/auth-hardening.js +78 -33
- package/dist/auth-hardening.js.map +1 -1
- package/dist/cli.js +394 -55
- package/dist/cli.js.map +1 -1
- package/dist/config.d.ts +1 -1
- package/dist/config.js +1 -1
- package/dist/fatal-errors.js +1 -1
- package/dist/fatal-errors.js.map +1 -1
- package/dist/index.d.ts +2 -2
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +1 -1
- package/dist/index.js.map +1 -1
- package/dist/interactive-mode-patch.d.ts +2 -0
- package/dist/interactive-mode-patch.d.ts.map +1 -1
- package/dist/interactive-mode-patch.js +36 -0
- package/dist/interactive-mode-patch.js.map +1 -1
- package/dist/plugins.d.ts +27 -2
- package/dist/plugins.d.ts.map +1 -1
- package/dist/plugins.js +163 -2
- package/dist/plugins.js.map +1 -1
- package/dist/project-trust-banner.d.ts +32 -0
- package/dist/project-trust-banner.d.ts.map +1 -0
- package/dist/project-trust-banner.js +60 -0
- package/dist/project-trust-banner.js.map +1 -0
- package/dist/sdk.d.ts +117 -2
- package/dist/sdk.d.ts.map +1 -1
- package/dist/sdk.js +685 -97
- package/dist/sdk.js.map +1 -1
- package/dist/session-utils.d.ts +8 -0
- package/dist/session-utils.d.ts.map +1 -1
- package/dist/session-utils.js +38 -1
- package/dist/session-utils.js.map +1 -1
- package/dist/startup-profile.d.ts +31 -0
- package/dist/startup-profile.d.ts.map +1 -0
- package/dist/startup-profile.js +30 -0
- package/dist/startup-profile.js.map +1 -0
- package/dist/startup-timing.d.ts +21 -0
- package/dist/startup-timing.d.ts.map +1 -0
- package/dist/startup-timing.js +50 -0
- package/dist/startup-timing.js.map +1 -0
- package/extensions/__integration__/plan-rejection-feedback.test.ts +272 -0
- package/extensions/__integration__/shell-policy-confirm.test.ts +85 -4
- package/extensions/__integration__/worktree.test.ts +88 -0
- package/extensions/_icons/extension.json +10 -0
- package/extensions/_icons/index.ts +2 -3
- package/extensions/_shared/__tests__/lazy-init.test.ts +84 -0
- package/extensions/_shared/__tests__/permissions.test.ts +59 -1
- package/extensions/_shared/__tests__/shell-policy.test.ts +67 -0
- package/extensions/_shared/inline-preview.ts +2 -4
- package/extensions/_shared/interop-events.ts +52 -1
- package/extensions/_shared/lazy-init.ts +177 -0
- package/extensions/_shared/permissions.ts +355 -31
- package/extensions/_shared/shell-policy.ts +31 -8
- package/extensions/_shared/tallow-paths.ts +48 -0
- package/extensions/agent-commands-tool/__tests__/parsing.test.ts +40 -1
- package/extensions/agent-commands-tool/extension.json +10 -0
- package/extensions/agent-commands-tool/index.ts +38 -6
- package/extensions/ask-user-question-tool/extension.json +10 -0
- package/extensions/background-task-tool/__tests__/render-style.test.ts +32 -0
- package/extensions/background-task-tool/extension.json +12 -0
- package/extensions/background-task-tool/index.ts +205 -67
- package/extensions/bash-tool-enhanced/__tests__/render-style.test.ts +45 -0
- package/extensions/bash-tool-enhanced/extension.json +11 -0
- package/extensions/bash-tool-enhanced/index.ts +56 -42
- package/extensions/cd-tool/extension.json +11 -0
- package/extensions/cd-tool/index.ts +3 -3
- package/extensions/cheatsheet/extension.json +10 -0
- package/extensions/claude-bridge/extension.json +10 -0
- package/extensions/claude-bridge/index.ts +2 -1
- package/extensions/clear/extension.json +10 -0
- package/extensions/command-expansion/__tests__/expansion.test.ts +84 -1
- package/extensions/command-expansion/extension.json +10 -0
- package/extensions/command-expansion/index.ts +134 -18
- package/extensions/command-prompt/__tests__/plugin-sources.test.ts +49 -0
- package/extensions/command-prompt/extension.json +11 -0
- package/extensions/command-prompt/index.ts +36 -0
- package/extensions/context-files/__tests__/add-dir.test.ts +1 -1
- package/extensions/context-files/__tests__/lazy-init.test.ts +242 -0
- package/extensions/context-files/extension.json +11 -0
- package/extensions/context-files/index.ts +79 -16
- package/extensions/context-fork/__tests__/context-fork.test.ts +88 -0
- package/extensions/context-fork/extension.json +10 -0
- package/extensions/context-fork/index.ts +98 -17
- package/extensions/context-usage/__tests__/tool-result-memory.test.ts +62 -0
- package/extensions/context-usage/extension.json +10 -0
- package/extensions/context-usage/index.ts +169 -8
- package/extensions/custom-footer/extension.json +10 -0
- package/extensions/debug/__tests__/analysis.test.ts +35 -2
- package/extensions/debug/__tests__/diagnostics-commands.test.ts +253 -0
- package/extensions/debug/analysis.ts +53 -16
- package/extensions/debug/extension.json +38 -0
- package/extensions/debug/index.ts +229 -87
- package/extensions/debug/logger.ts +2 -2
- package/extensions/edit-tool-enhanced/__tests__/render-style.test.ts +47 -0
- package/extensions/edit-tool-enhanced/extension.json +10 -0
- package/extensions/edit-tool-enhanced/index.ts +32 -9
- package/extensions/file-reference/extension.json +10 -0
- package/extensions/git-status/extension.json +10 -0
- package/extensions/health/extension.json +10 -0
- package/extensions/health/index.ts +2 -2
- package/extensions/hooks/__tests__/claude-compat.test.ts +31 -0
- package/extensions/hooks/extension.json +40 -0
- package/extensions/hooks/hooks.schema.json +17 -1
- package/extensions/hooks/index.ts +52 -7
- package/extensions/init/extension.json +10 -0
- package/extensions/lsp/__tests__/lsp-timeouts.test.ts +236 -2
- package/extensions/lsp/__tests__/lsp-tools.test.ts +17 -1
- package/extensions/lsp/extension.json +18 -0
- package/extensions/lsp/index.ts +122 -10
- package/extensions/mcp-adapter-tool/__tests__/lazy-init.test.ts +349 -0
- package/extensions/mcp-adapter-tool/extension.json +12 -0
- package/extensions/mcp-adapter-tool/index.ts +133 -41
- package/extensions/minimal-skill-display/extension.json +10 -0
- package/extensions/output-styles-tool/extension.json +11 -0
- package/extensions/output-styles-tool/index.ts +2 -4
- package/extensions/permissions/extension.json +11 -0
- package/extensions/permissions/index.ts +34 -12
- package/extensions/plan-mode-tool/extension.json +20 -0
- package/extensions/plan-mode-tool/index.ts +119 -4
- package/extensions/progress-indicator/extension.json +10 -0
- package/extensions/prompt-suggestions/extension.json +10 -0
- package/extensions/prompt-suggestions/index.ts +2 -3
- package/extensions/random-spinner/extension.json +10 -0
- package/extensions/random-spinner/index.ts +2 -3
- package/extensions/read-tool-enhanced/__tests__/notebook-read.test.ts +100 -0
- package/extensions/read-tool-enhanced/__tests__/notebook.test.ts +136 -0
- package/extensions/read-tool-enhanced/__tests__/render-style.test.ts +49 -0
- package/extensions/read-tool-enhanced/extension.json +14 -3
- package/extensions/read-tool-enhanced/index.ts +170 -44
- package/extensions/read-tool-enhanced/notebook.ts +526 -0
- package/extensions/rewind/__tests__/snapshots.test.ts +43 -1
- package/extensions/rewind/extension.json +11 -0
- package/extensions/rewind/snapshots.ts +18 -6
- package/extensions/session-memory/extension.json +10 -0
- package/extensions/session-memory/index.ts +3 -2
- package/extensions/session-namer/extension.json +10 -0
- package/extensions/shell-interpolation/extension.json +10 -0
- package/extensions/show-system-prompt/extension.json +10 -0
- package/extensions/skill-commands/extension.json +10 -0
- package/extensions/slash-command-bridge/extension.json +23 -3
- package/extensions/stats/extension.json +11 -0
- package/extensions/stats/stats-log.ts +2 -3
- package/extensions/subagent-tool/__tests__/auto-cheap-model.test.ts +87 -36
- package/extensions/subagent-tool/__tests__/background-retention.test.ts +135 -0
- package/extensions/subagent-tool/__tests__/discovery-defaults.test.ts +23 -0
- package/extensions/subagent-tool/__tests__/isolation-frontmatter.test.ts +100 -0
- package/extensions/subagent-tool/__tests__/model-router-explicit-resolution.test.ts +114 -0
- package/extensions/subagent-tool/__tests__/model-router-routing-options.test.ts +125 -0
- package/extensions/subagent-tool/__tests__/model-router-select-options.test.ts +157 -0
- package/extensions/subagent-tool/__tests__/model-router.test.ts +69 -0
- package/extensions/subagent-tool/__tests__/presentation-rendering.test.ts +326 -0
- package/extensions/subagent-tool/__tests__/process-liveness.test.ts +141 -0
- package/extensions/subagent-tool/__tests__/subagent-status-retention.test.ts +144 -0
- package/extensions/subagent-tool/agents.ts +77 -16
- package/extensions/subagent-tool/extension.json +11 -0
- package/extensions/subagent-tool/index.ts +1100 -353
- package/extensions/subagent-tool/model-router.ts +656 -23
- package/extensions/subagent-tool/process.ts +646 -37
- package/extensions/subagent-tool/schema.ts +11 -0
- package/extensions/subagent-tool/widget.ts +184 -10
- package/extensions/tasks/__tests__/widget-subagents.test.ts +426 -0
- package/extensions/tasks/agents/index.ts +9 -18
- package/extensions/tasks/commands/register-tasks-extension.ts +277 -135
- package/extensions/tasks/extension.json +27 -1
- package/extensions/tasks/state/index.ts +2 -2
- package/extensions/tasks/ui/index.ts +13 -11
- package/extensions/teams-tool/__tests__/dashboard-feed.test.ts +87 -0
- package/extensions/teams-tool/__tests__/message-retention.test.ts +149 -0
- package/extensions/teams-tool/dashboard/feed.ts +63 -18
- package/extensions/teams-tool/dashboard/state.ts +29 -9
- package/extensions/teams-tool/dashboard.ts +103 -63
- package/extensions/teams-tool/extension.json +20 -0
- package/extensions/teams-tool/sessions/spawn.ts +1 -1
- package/extensions/teams-tool/store.ts +80 -0
- package/extensions/theme-selector/extension.json +12 -0
- package/extensions/theme-selector/index.ts +3 -7
- package/extensions/tool-display/extension.json +8 -0
- package/extensions/tool-display/index.ts +178 -1
- package/extensions/upstream-check/extension.json +10 -0
- package/extensions/web-fetch-tool/extension.json +10 -0
- package/extensions/web-search-tool/extension.json +10 -0
- package/extensions/wezterm-notify/__tests__/index.test.ts +232 -0
- package/extensions/wezterm-notify/__tests__/lua-behavior.test.ts +62 -0
- package/extensions/wezterm-notify/extension.json +18 -1
- package/extensions/wezterm-notify/index.ts +187 -37
- package/extensions/wezterm-notify/wezterm/tallow.lua +28 -14
- package/extensions/wezterm-pane-control/extension.json +11 -0
- package/extensions/worktree/__tests__/lifecycle.test.ts +115 -0
- package/extensions/worktree/extension.json +31 -0
- package/extensions/worktree/index.ts +149 -0
- package/extensions/worktree/lifecycle.ts +372 -0
- package/extensions/write-tool-enhanced/extension.json +15 -1
- package/extensions/write-tool-enhanced/index.ts +25 -8
- package/package.json +6 -5
- package/schemas/settings.schema.json +75 -0
- package/skills/tallow-expert/SKILL.md +2 -2
- package/templates/commands/implement.md +21 -5
package/README.md
CHANGED
|
@@ -31,7 +31,7 @@
|
|
|
31
31
|
Tallow is a terminal coding agent that starts minimal and scales up. Install only the
|
|
32
32
|
extensions, themes, and agents your project needs, or enable everything. It drops into
|
|
33
33
|
existing Claude Code projects via `.claude/` bridging, so nothing breaks when you switch.
|
|
34
|
-
Ships with
|
|
34
|
+
Ships with 51 extensions, 34 themes, and 10 specialized agents.
|
|
35
35
|
|
|
36
36
|
## Quick start
|
|
37
37
|
|
|
@@ -122,6 +122,25 @@ tallow --tools readonly # read, grep, find, ls only
|
|
|
122
122
|
tallow --tools none # chat only, no tools
|
|
123
123
|
```
|
|
124
124
|
|
|
125
|
+
### Extension catalog + least-privilege startup
|
|
126
|
+
|
|
127
|
+
Use the extension catalog to inspect what each extension does:
|
|
128
|
+
|
|
129
|
+
```bash
|
|
130
|
+
tallow extensions # table view (default)
|
|
131
|
+
tallow extensions --json # machine-readable catalog
|
|
132
|
+
tallow extensions tasks # details for one extension ID
|
|
133
|
+
```
|
|
134
|
+
|
|
135
|
+
For least-privilege sessions, start from an explicit allowlist:
|
|
136
|
+
|
|
137
|
+
```bash
|
|
138
|
+
tallow --extensions-only --extension tasks --extension lsp
|
|
139
|
+
tallow --extensions-only --extension read-tool-enhanced --extension write-tool-enhanced
|
|
140
|
+
```
|
|
141
|
+
|
|
142
|
+
Repeat `--extension <selector>` to add only what the task needs.
|
|
143
|
+
|
|
125
144
|
See the [full CLI reference](https://tallow.dungle-scrubs.com) for all flags
|
|
126
145
|
and modes (RPC, JSON, piped stdin, shell interpolation, etc.)
|
|
127
146
|
|
package/dist/auth-hardening.d.ts
CHANGED
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
import {
|
|
1
|
+
import { AuthStorage } from "@mariozechner/pi-coding-agent";
|
|
2
2
|
/** Result of the plaintext migration run. */
|
|
3
3
|
export interface MigrationResult {
|
|
4
4
|
/** Providers migrated from plaintext/op:// to secure references. */
|
|
@@ -22,30 +22,24 @@ export interface ApiKeySecretStore {
|
|
|
22
22
|
export interface SecureAuthStorageOptions {
|
|
23
23
|
readonly secretStore?: ApiKeySecretStore;
|
|
24
24
|
}
|
|
25
|
-
/**
|
|
26
|
-
|
|
27
|
-
|
|
28
|
-
|
|
29
|
-
|
|
25
|
+
/** Return value from {@link createSecureAuthStorage}. */
|
|
26
|
+
export interface SecureAuthStorageResult {
|
|
27
|
+
/** AuthStorage instance with secure persistence. */
|
|
28
|
+
readonly authStorage: AuthStorage;
|
|
29
|
+
/** Providers migrated from plaintext to secure references on creation. */
|
|
30
30
|
readonly migration: MigrationResult;
|
|
31
|
-
private readonly authPathValue;
|
|
32
|
-
private readonly secretStore;
|
|
33
|
-
/**
|
|
34
|
-
* Create a secure auth storage instance and run one-time migration.
|
|
35
|
-
*
|
|
36
|
-
* @param authPath - Absolute auth.json path
|
|
37
|
-
* @param options - Optional testing dependencies
|
|
38
|
-
*/
|
|
39
|
-
constructor(authPath: string, options?: SecureAuthStorageOptions);
|
|
40
|
-
/**
|
|
41
|
-
* Persist a provider credential.
|
|
42
|
-
* API keys are converted to secure references before writing to disk.
|
|
43
|
-
*
|
|
44
|
-
* @param provider - Provider ID
|
|
45
|
-
* @param credential - Credential payload
|
|
46
|
-
*/
|
|
47
|
-
set(provider: string, credential: AuthCredential): void;
|
|
48
31
|
}
|
|
32
|
+
/**
|
|
33
|
+
* Create an AuthStorage instance with secure persistence.
|
|
34
|
+
* Raw API keys are normalized to references at the storage-backend layer,
|
|
35
|
+
* ensuring they never reach disk in plaintext. Runs one-time migration
|
|
36
|
+
* for any existing plaintext keys.
|
|
37
|
+
*
|
|
38
|
+
* @param authPath - Absolute auth.json path
|
|
39
|
+
* @param options - Optional testing dependencies
|
|
40
|
+
* @returns AuthStorage instance and migration result
|
|
41
|
+
*/
|
|
42
|
+
export declare function createSecureAuthStorage(authPath: string, options?: SecureAuthStorageOptions): SecureAuthStorageResult;
|
|
49
43
|
/**
|
|
50
44
|
* Fail when auth.json permissions are insecure.
|
|
51
45
|
*
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"auth-hardening.d.ts","sourceRoot":"","sources":["../src/auth-hardening.ts"],"names":[],"mappings":"AAIA,OAAO,
|
|
1
|
+
{"version":3,"file":"auth-hardening.d.ts","sourceRoot":"","sources":["../src/auth-hardening.ts"],"names":[],"mappings":"AAIA,OAAO,EAGN,WAAW,EAGX,MAAM,+BAA+B,CAAC;AASvC,6CAA6C;AAC7C,MAAM,WAAW,eAAe;IAC/B,oEAAoE;IACpE,QAAQ,CAAC,iBAAiB,EAAE,SAAS,MAAM,EAAE,CAAC;CAC9C;AAED,0DAA0D;AAC1D,MAAM,MAAM,gBAAgB,GAAG,UAAU,GAAG,WAAW,CAAC;AAExD;;GAEG;AACH,MAAM,WAAW,iBAAiB;IACjC;;;;;;OAMG;IACH,KAAK,CAAC,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,GAAG,MAAM,CAAC;CAChD;AAED,MAAM,WAAW,wBAAwB;IACxC,QAAQ,CAAC,WAAW,CAAC,EAAE,iBAAiB,CAAC;CACzC;AAED,yDAAyD;AACzD,MAAM,WAAW,uBAAuB;IACvC,oDAAoD;IACpD,QAAQ,CAAC,WAAW,EAAE,WAAW,CAAC;IAClC,0EAA0E;IAC1E,QAAQ,CAAC,SAAS,EAAE,eAAe,CAAC;CACpC;AA+ED;;;;;;;;;GASG;AACH,wBAAgB,uBAAuB,CACtC,QAAQ,EAAE,MAAM,EAChB,OAAO,GAAE,wBAA6B,GACpC,uBAAuB,CAUzB;AAED;;;;;;GAMG;AACH,wBAAgB,+BAA+B,CAAC,QAAQ,EAAE,MAAM,GAAG,IAAI,CAUtE;AAED;;;;;;;;GAQG;AACH,wBAAgB,qBAAqB,CACpC,QAAQ,EAAE,MAAM,EAChB,QAAQ,EAAE,MAAM,EAChB,WAAW,EAAE,MAAM,EACnB,WAAW,GAAE,iBAA6C,GACxD,gBAAgB,CAMlB;AAED;;;;;;GAMG;AACH,wBAAgB,uBAAuB,CACtC,QAAQ,EAAE,MAAM,EAChB,WAAW,GAAE,iBAA6C,GACxD,eAAe,CA0BjB;AAED;;;;;;;;;GASG;AACH,wBAAgB,2BAA2B,IAAI,MAAM,GAAG,SAAS,CAUhE"}
|
package/dist/auth-hardening.js
CHANGED
|
@@ -2,7 +2,7 @@ import { execFileSync } from "node:child_process";
|
|
|
2
2
|
import { existsSync, mkdirSync, readFileSync, statSync } from "node:fs";
|
|
3
3
|
import { platform } from "node:os";
|
|
4
4
|
import { dirname } from "node:path";
|
|
5
|
-
import { AuthStorage, } from "@mariozechner/pi-coding-agent";
|
|
5
|
+
import { AuthStorage, FileAuthStorageBackend, } from "@mariozechner/pi-coding-agent";
|
|
6
6
|
import { atomicWriteFileSync, restoreFromBackup } from "./atomic-write.js";
|
|
7
7
|
const AUTH_FILE_MODE = 0o600;
|
|
8
8
|
const AUTH_DIRECTORY_MODE = 0o700;
|
|
@@ -10,50 +10,95 @@ const KEYCHAIN_ACCOUNT = "tallow";
|
|
|
10
10
|
const KEYCHAIN_SERVICE_PREFIX = "tallow.api-key";
|
|
11
11
|
const ENV_REFERENCE_PATTERN = /^[A-Z][A-Z0-9]*_[A-Z0-9_]*$/;
|
|
12
12
|
/**
|
|
13
|
-
*
|
|
14
|
-
*
|
|
13
|
+
* AuthStorageBackend that intercepts writes to normalize API key credentials.
|
|
14
|
+
* Wraps FileAuthStorageBackend — raw keys are converted to secure references
|
|
15
|
+
* (keychain/opchain/env/shell) before they reach disk.
|
|
15
16
|
*/
|
|
16
|
-
|
|
17
|
-
|
|
18
|
-
authPathValue;
|
|
17
|
+
class SecureFileAuthStorageBackend {
|
|
18
|
+
inner;
|
|
19
19
|
secretStore;
|
|
20
20
|
/**
|
|
21
|
-
* Create a secure auth storage instance and run one-time migration.
|
|
22
|
-
*
|
|
23
21
|
* @param authPath - Absolute auth.json path
|
|
24
|
-
* @param
|
|
22
|
+
* @param secretStore - Backend for raw key storage
|
|
25
23
|
*/
|
|
26
|
-
constructor(authPath,
|
|
27
|
-
|
|
28
|
-
this.
|
|
29
|
-
this.secretStore = options.secretStore ?? createApiKeySecretStore();
|
|
30
|
-
assertSecureAuthFilePermissions(authPath);
|
|
31
|
-
this.migration = migratePlaintextApiKeys(authPath, this.secretStore);
|
|
32
|
-
if (this.migration.migratedProviders.length > 0) {
|
|
33
|
-
super.reload();
|
|
34
|
-
}
|
|
24
|
+
constructor(authPath, secretStore) {
|
|
25
|
+
this.inner = new FileAuthStorageBackend(authPath);
|
|
26
|
+
this.secretStore = secretStore;
|
|
35
27
|
}
|
|
36
28
|
/**
|
|
37
|
-
*
|
|
38
|
-
* API keys are converted to secure references before writing to disk.
|
|
29
|
+
* Execute fn under lock, normalizing any API keys in the write payload.
|
|
39
30
|
*
|
|
40
|
-
* @param
|
|
41
|
-
* @
|
|
31
|
+
* @param fn - Lock callback receiving current content
|
|
32
|
+
* @returns Result from fn
|
|
33
|
+
*/
|
|
34
|
+
withLock(fn) {
|
|
35
|
+
return this.inner.withLock((current) => {
|
|
36
|
+
const lockResult = fn(current);
|
|
37
|
+
if (lockResult.next !== undefined) {
|
|
38
|
+
lockResult.next = this.normalizeStorageContent(lockResult.next);
|
|
39
|
+
}
|
|
40
|
+
return lockResult;
|
|
41
|
+
});
|
|
42
|
+
}
|
|
43
|
+
/**
|
|
44
|
+
* Async variant of withLock.
|
|
45
|
+
*
|
|
46
|
+
* @param fn - Async lock callback receiving current content
|
|
47
|
+
* @returns Result from fn
|
|
48
|
+
*/
|
|
49
|
+
withLockAsync(fn) {
|
|
50
|
+
return this.inner.withLockAsync(async (current) => {
|
|
51
|
+
const lockResult = await fn(current);
|
|
52
|
+
if (lockResult.next !== undefined) {
|
|
53
|
+
lockResult.next = this.normalizeStorageContent(lockResult.next);
|
|
54
|
+
}
|
|
55
|
+
return lockResult;
|
|
56
|
+
});
|
|
57
|
+
}
|
|
58
|
+
/**
|
|
59
|
+
* Parse JSON content and normalize any raw API keys to secure references.
|
|
60
|
+
*
|
|
61
|
+
* @param jsonContent - Serialized auth data
|
|
62
|
+
* @returns Normalized JSON content
|
|
42
63
|
*/
|
|
43
|
-
|
|
44
|
-
|
|
45
|
-
|
|
46
|
-
|
|
47
|
-
|
|
64
|
+
normalizeStorageContent(jsonContent) {
|
|
65
|
+
try {
|
|
66
|
+
const data = JSON.parse(jsonContent);
|
|
67
|
+
let changed = false;
|
|
68
|
+
for (const [provider, credential] of Object.entries(data)) {
|
|
69
|
+
if (credential?.type !== "api_key" || typeof credential.key !== "string")
|
|
70
|
+
continue;
|
|
71
|
+
const normalized = normalizeApiKeyValue(provider, credential.key, this.secretStore);
|
|
72
|
+
if (normalized !== credential.key) {
|
|
73
|
+
data[provider].key = normalized;
|
|
74
|
+
changed = true;
|
|
75
|
+
}
|
|
76
|
+
}
|
|
77
|
+
return changed ? JSON.stringify(data, null, 2) : jsonContent;
|
|
78
|
+
}
|
|
79
|
+
catch {
|
|
80
|
+
return jsonContent;
|
|
48
81
|
}
|
|
49
|
-
const secureCredential = {
|
|
50
|
-
type: "api_key",
|
|
51
|
-
key: normalizeApiKeyValue(provider, credential.key, this.secretStore),
|
|
52
|
-
};
|
|
53
|
-
super.set(provider, secureCredential);
|
|
54
|
-
assertSecureAuthFilePermissions(this.authPathValue);
|
|
55
82
|
}
|
|
56
83
|
}
|
|
84
|
+
/**
|
|
85
|
+
* Create an AuthStorage instance with secure persistence.
|
|
86
|
+
* Raw API keys are normalized to references at the storage-backend layer,
|
|
87
|
+
* ensuring they never reach disk in plaintext. Runs one-time migration
|
|
88
|
+
* for any existing plaintext keys.
|
|
89
|
+
*
|
|
90
|
+
* @param authPath - Absolute auth.json path
|
|
91
|
+
* @param options - Optional testing dependencies
|
|
92
|
+
* @returns AuthStorage instance and migration result
|
|
93
|
+
*/
|
|
94
|
+
export function createSecureAuthStorage(authPath, options = {}) {
|
|
95
|
+
const secretStore = options.secretStore ?? createApiKeySecretStore();
|
|
96
|
+
assertSecureAuthFilePermissions(authPath);
|
|
97
|
+
const migration = migratePlaintextApiKeys(authPath, secretStore);
|
|
98
|
+
const backend = new SecureFileAuthStorageBackend(authPath, secretStore);
|
|
99
|
+
const authStorage = AuthStorage.fromStorage(backend);
|
|
100
|
+
return { authStorage, migration };
|
|
101
|
+
}
|
|
57
102
|
/**
|
|
58
103
|
* Fail when auth.json permissions are insecure.
|
|
59
104
|
*
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"auth-hardening.js","sourceRoot":"","sources":["../src/auth-hardening.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAClD,OAAO,EAAE,UAAU,EAAE,SAAS,EAAE,YAAY,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAC;AACxE,OAAO,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAC;AACnC,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AACpC,OAAO,EAGN,WAAW,
|
|
1
|
+
{"version":3,"file":"auth-hardening.js","sourceRoot":"","sources":["../src/auth-hardening.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAClD,OAAO,EAAE,UAAU,EAAE,SAAS,EAAE,YAAY,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAC;AACxE,OAAO,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAC;AACnC,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AACpC,OAAO,EAGN,WAAW,EAEX,sBAAsB,GACtB,MAAM,+BAA+B,CAAC;AACvC,OAAO,EAAE,mBAAmB,EAAE,iBAAiB,EAAE,MAAM,mBAAmB,CAAC;AAE3E,MAAM,cAAc,GAAG,KAAK,CAAC;AAC7B,MAAM,mBAAmB,GAAG,KAAK,CAAC;AAClC,MAAM,gBAAgB,GAAG,QAAQ,CAAC;AAClC,MAAM,uBAAuB,GAAG,gBAAgB,CAAC;AACjD,MAAM,qBAAqB,GAAG,6BAA6B,CAAC;AAqC5D;;;;GAIG;AACH,MAAM,4BAA4B;IAChB,KAAK,CAAyB;IAC9B,WAAW,CAAoB;IAEhD;;;OAGG;IACH,YAAY,QAAgB,EAAE,WAA8B;QAC3D,IAAI,CAAC,KAAK,GAAG,IAAI,sBAAsB,CAAC,QAAQ,CAAC,CAAC;QAClD,IAAI,CAAC,WAAW,GAAG,WAAW,CAAC;IAChC,CAAC;IAED;;;;;OAKG;IACH,QAAQ,CAAI,EAAiE;QAC5E,OAAO,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC,OAAO,EAAE,EAAE;YACtC,MAAM,UAAU,GAAG,EAAE,CAAC,OAAO,CAAC,CAAC;YAC/B,IAAI,UAAU,CAAC,IAAI,KAAK,SAAS,EAAE,CAAC;gBACnC,UAAU,CAAC,IAAI,GAAG,IAAI,CAAC,uBAAuB,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC;YACjE,CAAC;YACD,OAAO,UAAU,CAAC;QACnB,CAAC,CAAC,CAAC;IACJ,CAAC;IAED;;;;;OAKG;IACH,aAAa,CACZ,EAA0E;QAE1E,OAAO,IAAI,CAAC,KAAK,CAAC,aAAa,CAAC,KAAK,EAAE,OAAO,EAAE,EAAE;YACjD,MAAM,UAAU,GAAG,MAAM,EAAE,CAAC,OAAO,CAAC,CAAC;YACrC,IAAI,UAAU,CAAC,IAAI,KAAK,SAAS,EAAE,CAAC;gBACnC,UAAU,CAAC,IAAI,GAAG,IAAI,CAAC,uBAAuB,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC;YACjE,CAAC;YACD,OAAO,UAAU,CAAC;QACnB,CAAC,CAAC,CAAC;IACJ,CAAC;IAED;;;;;OAKG;IACK,uBAAuB,CAAC,WAAmB;QAClD,IAAI,CAAC;YACJ,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,WAAW,CAAmC,CAAC;YACvE,IAAI,OAAO,GAAG,KAAK,CAAC;YACpB,KAAK,MAAM,CAAC,QAAQ,EAAE,UAAU,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC;gBAC3D,IAAI,UAAU,EAAE,IAAI,KAAK,SAAS,IAAI,OAAO,UAAU,CAAC,GAAG,KAAK,QAAQ;oBAAE,SAAS;gBACnF,MAAM,UAAU,GAAG,oBAAoB,CAAC,QAAQ,EAAE,UAAU,CAAC,GAAG,EAAE,IAAI,CAAC,WAAW,CAAC,CAAC;gBACpF,IAAI,UAAU,KAAK,UAAU,CAAC,GAAG,EAAE,CAAC;oBAClC,IAAI,CAAC,QAAQ,CAAsB,CAAC,GAAG,GAAG,UAAU,CAAC;oBACtD,OAAO,GAAG,IAAI,CAAC;gBAChB,CAAC;YACF,CAAC;YACD,OAAO,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,WAAW,CAAC;QAC9D,CAAC;QAAC,MAAM,CAAC;YACR,OAAO,WAAW,CAAC;QACpB,CAAC;IACF,CAAC;CACD;AAED;;;;;;;;;GASG;AACH,MAAM,UAAU,uBAAuB,CACtC,QAAgB,EAChB,UAAoC,EAAE;IAEtC,MAAM,WAAW,GAAG,OAAO,CAAC,WAAW,IAAI,uBAAuB,EAAE,CAAC;IAErE,+BAA+B,CAAC,QAAQ,CAAC,CAAC;IAC1C,MAAM,SAAS,GAAG,uBAAuB,CAAC,QAAQ,EAAE,WAAW,CAAC,CAAC;IAEjE,MAAM,OAAO,GAAG,IAAI,4BAA4B,CAAC,QAAQ,EAAE,WAAW,CAAC,CAAC;IACxE,MAAM,WAAW,GAAG,WAAW,CAAC,WAAW,CAAC,OAAO,CAAC,CAAC;IAErD,OAAO,EAAE,WAAW,EAAE,SAAS,EAAE,CAAC;AACnC,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,+BAA+B,CAAC,QAAgB;IAC/D,IAAI,QAAQ,EAAE,KAAK,OAAO;QAAE,OAAO;IACnC,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC;QAAE,OAAO;IAElC,MAAM,IAAI,GAAG,QAAQ,CAAC,QAAQ,CAAC,CAAC,IAAI,GAAG,KAAK,CAAC;IAC7C,IAAI,IAAI,KAAK,cAAc,EAAE,CAAC;QAC7B,MAAM,IAAI,KAAK,CACd,sCAAsC,QAAQ,yBAAyB,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,GAAG,CAC1F,CAAC;IACH,CAAC;AACF,CAAC;AAED;;;;;;;;GAQG;AACH,MAAM,UAAU,qBAAqB,CACpC,QAAgB,EAChB,QAAgB,EAChB,WAAmB,EACnB,cAAiC,uBAAuB,EAAE;IAE1D,MAAM,IAAI,GAAG,YAAY,CAAC,QAAQ,CAAC,CAAC;IACpC,MAAM,aAAa,GAAG,oBAAoB,CAAC,QAAQ,EAAE,WAAW,EAAE,WAAW,CAAC,CAAC;IAC/E,IAAI,CAAC,QAAQ,CAAC,GAAG,EAAE,IAAI,EAAE,SAAS,EAAE,GAAG,EAAE,aAAa,EAAE,CAAC;IACzD,aAAa,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAC;IAC9B,OAAO,0BAA0B,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,WAAW,CAAC;AAC7E,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,uBAAuB,CACtC,QAAgB,EAChB,cAAiC,uBAAuB,EAAE;IAE1D,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;QAC3B,OAAO,EAAE,iBAAiB,EAAE,EAAE,EAAE,CAAC;IAClC,CAAC;IAED,MAAM,IAAI,GAAG,YAAY,CAAC,QAAQ,CAAC,CAAC;IACpC,MAAM,iBAAiB,GAAa,EAAE,CAAC;IACvC,IAAI,OAAO,GAAG,KAAK,CAAC;IAEpB,KAAK,MAAM,CAAC,QAAQ,EAAE,UAAU,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC;QAC3D,IAAI,CAAC,UAAU,IAAI,UAAU,CAAC,IAAI,KAAK,SAAS;YAAE,SAAS;QAC3D,IAAI,OAAO,UAAU,CAAC,GAAG,KAAK,QAAQ;YAAE,SAAS;QAEjD,MAAM,aAAa,GAAG,oBAAoB,CAAC,QAAQ,EAAE,UAAU,CAAC,GAAG,EAAE,WAAW,CAAC,CAAC;QAClF,IAAI,aAAa,KAAK,UAAU,CAAC,GAAG;YAAE,SAAS;QAE/C,IAAI,CAAC,QAAQ,CAAC,GAAG,EAAE,IAAI,EAAE,SAAS,EAAE,GAAG,EAAE,aAAa,EAAE,CAAC;QACzD,iBAAiB,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QACjC,OAAO,GAAG,IAAI,CAAC;IAChB,CAAC;IAED,IAAI,OAAO,EAAE,CAAC;QACb,aAAa,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAC;IAC/B,CAAC;IAED,OAAO,EAAE,iBAAiB,EAAE,CAAC;AAC9B,CAAC;AAED;;;;;;;;;GASG;AACH,MAAM,UAAU,2BAA2B;IAC1C,MAAM,UAAU,GAAG,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC;IAC9C,MAAM,UAAU,GAAG,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAC;IAElD,IAAI,UAAU,IAAI,UAAU,EAAE,CAAC;QAC9B,MAAM,IAAI,KAAK,CAAC,4DAA4D,CAAC,CAAC;IAC/E,CAAC;IACD,IAAI,UAAU;QAAE,OAAO,UAAU,CAAC;IAClC,IAAI,CAAC,UAAU;QAAE,OAAO,SAAS,CAAC;IAClC,OAAO,qBAAqB,CAAC,UAAU,CAAC,CAAC;AAC1C,CAAC;AAED;;;;GAIG;AACH,SAAS,uBAAuB;IAC/B,IAAI,QAAQ,EAAE,KAAK,QAAQ,EAAE,CAAC;QAC7B,OAAO,IAAI,kBAAkB,EAAE,CAAC;IACjC,CAAC;IACD,OAAO,IAAI,sBAAsB,EAAE,CAAC;AACrC,CAAC;AAED;;;;;;;GAOG;AACH,SAAS,oBAAoB,CAC5B,QAAgB,EAChB,KAAa,EACb,WAA8B;IAE9B,MAAM,YAAY,GAAG,KAAK,CAAC,IAAI,EAAE,CAAC;IAClC,IAAI,CAAC,YAAY,EAAE,CAAC;QACnB,MAAM,IAAI,KAAK,CAAC,qCAAqC,QAAQ,IAAI,CAAC,CAAC;IACpE,CAAC;IAED,IAAI,YAAY,CAAC,UAAU,CAAC,GAAG,CAAC;QAAE,OAAO,YAAY,CAAC;IACtD,IAAI,YAAY,CAAC,UAAU,CAAC,OAAO,CAAC;QAAE,OAAO,yBAAyB,CAAC,YAAY,CAAC,CAAC;IACrF,IAAI,qBAAqB,CAAC,IAAI,CAAC,YAAY,CAAC;QAAE,OAAO,YAAY,CAAC;IAElE,OAAO,WAAW,CAAC,KAAK,CAAC,QAAQ,EAAE,YAAY,CAAC,CAAC;AAClD,CAAC;AAED;;;;;GAKG;AACH,SAAS,YAAY,CAAC,QAAgB;IACrC,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC;QAAE,OAAO,EAAE,CAAC;IACrC,IAAI,CAAC;QACJ,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAmC,CAAC;QAC7F,IAAI,MAAM,IAAI,OAAO,MAAM,KAAK,QAAQ,EAAE,CAAC;YAC1C,OAAO,MAAM,CAAC;QACf,CAAC;QACD,OAAO,EAAE,CAAC;IACX,CAAC;IAAC,MAAM,CAAC;QACR,oDAAoD;QACpD,MAAM,QAAQ,GAAG,iBAAiB,CAAC,QAAQ,EAAE,CAAC,OAAO,EAAE,EAAE;YACxD,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;QACrB,CAAC,CAAC,CAAC;QACH,IAAI,QAAQ,EAAE,CAAC;YACd,OAAO,CAAC,KAAK,CAAC,uDAAuD,CAAC,CAAC;YACvE,IAAI,CAAC;gBACJ,OAAO,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAmC,CAAC;YACtF,CAAC;YAAC,MAAM,CAAC;gBACR,OAAO,EAAE,CAAC;YACX,CAAC;QACF,CAAC;QACD,OAAO,EAAE,CAAC;IACX,CAAC;AACF,CAAC;AAED;;;;;;GAMG;AACH,SAAS,aAAa,CAAC,QAAgB,EAAE,IAAoC;IAC5E,MAAM,GAAG,GAAG,OAAO,CAAC,QAAQ,CAAC,CAAC;IAC9B,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;QACtB,SAAS,CAAC,GAAG,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,IAAI,EAAE,mBAAmB,EAAE,CAAC,CAAC;IAChE,CAAC;IACD,mBAAmB,CAAC,QAAQ,EAAE,GAAG,IAAI,CAAC,SAAS,CAAC,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE;QACnE,KAAK,EAAE,IAAI;QACX,IAAI,EAAE,cAAc;QACpB,MAAM,EAAE,IAAI;KACZ,CAAC,CAAC;AACJ,CAAC;AAED;;;;;GAKG;AACH,SAAS,qBAAqB,CAAC,SAAiB;IAC/C,IAAI,SAAS,CAAC,UAAU,CAAC,OAAO,CAAC,EAAE,CAAC;QACnC,OAAO,cAAc,CAAC,SAAS,CAAC,CAAC;IAClC,CAAC;IACD,IAAI,SAAS,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;QAC/B,OAAO,eAAe,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;IAC5C,CAAC;IACD,IAAI,qBAAqB,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,CAAC;QAC3C,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;QACxC,IAAI,CAAC,QAAQ,EAAE,CAAC;YACf,MAAM,IAAI,KAAK,CAAC,8CAA8C,SAAS,EAAE,CAAC,CAAC;QAC5E,CAAC;QACD,OAAO,QAAQ,CAAC;IACjB,CAAC;IACD,OAAO,SAAS,CAAC;AAClB,CAAC;AAED;;;;;;;;;GASG;AACH,SAAS,eAAe,CAAC,OAAe;IACvC,yDAAyD;IACzD,IAAI,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;QAC5B,MAAM,IAAI,KAAK,CAAC,8CAA8C,CAAC,CAAC;IACjE,CAAC;IACD,IAAI,OAAO,CAAC,MAAM,GAAG,IAAI,EAAE,CAAC;QAC3B,MAAM,IAAI,KAAK,CAAC,uDAAuD,CAAC,CAAC;IAC1E,CAAC;IAED,kEAAkE;IAClE,gFAAgF;IAChF,2EAA2E;IAC3E,IAAI,+BAA+B,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;QACnD,MAAM,IAAI,KAAK,CACd,0DAA0D;YACzD,wEAAwE;YACxE,8EAA8E,CAC/E,CAAC;IACH,CAAC;IAED,2FAA2F;IAC3F,sFAAsF;IACtF,2EAA2E;IAC3E,MAAM,MAAM,GAAG,YAAY,CAAC,IAAI,EAAE,CAAC,IAAI,EAAE,OAAO,CAAC,EAAE;QAClD,QAAQ,EAAE,OAAO;QACjB,OAAO,EAAE,MAAM;QACf,KAAK,EAAE,CAAC,QAAQ,EAAE,MAAM,EAAE,QAAQ,CAAC;KACnC,CAAC,CAAC;IACH,MAAM,KAAK,GAAG,MAAM,CAAC,IAAI,EAAE,CAAC;IAC5B,IAAI,CAAC,KAAK,EAAE,CAAC;QACZ,MAAM,IAAI,KAAK,CAAC,4DAA4D,CAAC,CAAC;IAC/E,CAAC;IACD,OAAO,KAAK,CAAC;AACd,CAAC;AAED;;;;;GAKG;AACH,SAAS,cAAc,CAAC,SAAiB;IACxC,MAAM,MAAM,GAAG,YAAY,CAAC,SAAS,EAAE,CAAC,QAAQ,EAAE,IAAI,EAAE,MAAM,EAAE,SAAS,CAAC,EAAE;QAC3E,QAAQ,EAAE,OAAO;QACjB,KAAK,EAAE,CAAC,QAAQ,EAAE,MAAM,EAAE,QAAQ,CAAC;KACnC,CAAC,CAAC;IACH,MAAM,KAAK,GAAG,MAAM,CAAC,IAAI,EAAE,CAAC;IAC5B,IAAI,CAAC,KAAK,EAAE,CAAC;QACZ,MAAM,IAAI,KAAK,CAAC,uCAAuC,SAAS,GAAG,CAAC,CAAC;IACtE,CAAC;IACD,OAAO,KAAK,CAAC;AACd,CAAC;AAED;;;;;GAKG;AACH,SAAS,yBAAyB,CAAC,SAAiB;IACnD,OAAO,2BAA2B,aAAa,CAAC,SAAS,CAAC,EAAE,CAAC;AAC9D,CAAC;AAED;;;;;GAKG;AACH,SAAS,aAAa,CAAC,KAAa;IACnC,OAAO,IAAI,KAAK,CAAC,OAAO,CAAC,IAAI,EAAE,OAAO,CAAC,GAAG,CAAC;AAC5C,CAAC;AAED;;;;;GAKG;AACH,SAAS,0BAA0B,CAAC,KAAa;IAChD,OAAO,KAAK,CAAC,UAAU,CAAC,kCAAkC,CAAC,CAAC;AAC7D,CAAC;AAED;;GAEG;AACH,MAAM,kBAAkB;IACvB;;;;;;OAMG;IACH,KAAK,CAAC,QAAgB,EAAE,MAAc;QACrC,MAAM,OAAO,GAAG,GAAG,uBAAuB,IAAI,QAAQ,EAAE,CAAC;QACzD,YAAY,CACX,UAAU,EACV,CAAC,sBAAsB,EAAE,IAAI,EAAE,IAAI,EAAE,gBAAgB,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,CAAC,EACnF,EAAE,KAAK,EAAE,QAAQ,EAAE,CACnB,CAAC;QAEF,MAAM,QAAQ,GAAG,YAAY,CAC5B,UAAU,EACV,CAAC,uBAAuB,EAAE,IAAI,EAAE,IAAI,EAAE,gBAAgB,EAAE,IAAI,EAAE,OAAO,CAAC,EACtE,EAAE,QAAQ,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC,QAAQ,EAAE,MAAM,EAAE,QAAQ,CAAC,EAAE,CAC1D,CAAC,IAAI,EAAE,CAAC;QAET,IAAI,QAAQ,KAAK,MAAM,EAAE,CAAC;YACzB,MAAM,IAAI,KAAK,CAAC,8CAA8C,QAAQ,IAAI,CAAC,CAAC;QAC7E,CAAC;QAED,OAAO;YACN,oCAAoC;YACpC,MAAM,aAAa,CAAC,gBAAgB,CAAC,EAAE;YACvC,MAAM,aAAa,CAAC,OAAO,CAAC,EAAE;SAC9B,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IACb,CAAC;CACD;AAED;;GAEG;AACH,MAAM,sBAAsB;IAC3B;;;;;;OAMG;IACH,KAAK,CAAC,QAAgB,EAAE,OAAe;QACtC,MAAM,IAAI,KAAK,CACd,qDAAqD,QAAQ,QAAQ,QAAQ,EAAE,IAAI;YAClF,gFAAgF,CACjF,CAAC;IACH,CAAC;CACD"}
|