@ebowwa/seedinstallation 0.2.4 → 0.4.0

package/dist/sudo.js

@@ -1,235 +1,136 @@
-/**
- * Composable sudo command runner for local and remote (SSH) contexts.
- * Supports arbitrary commands, package installs, file writes, and service management.
- */
-import { spawn } from "child_process";
-// ---------------------------------------------------------------------------
-// Core: run a command with sudo
-// ---------------------------------------------------------------------------
-/** Run an arbitrary command with sudo. */
-export async function sudo(cmd, opts) {
-    const parts = Array.isArray(cmd) ? cmd : cmd.split(/\s+/);
-    const envPrefix = opts.env
-        ? Object.entries(opts.env).map(([k, v]) => `${k}=${shellEscape(v)}`)
-        : [];
-    const sudoCmd = ["sudo", ...envPrefix, ...parts];
-    return exec(sudoCmd, opts);
-}
-const installCmd = {
-    apt: ["apt-get", "install", "-y"],
-    dnf: ["dnf", "install", "-y"],
-    apk: ["apk", "add", "--no-cache"],
-};
-const updateCmd = {
-    apt: ["apt-get", "update", "-qq"],
-    dnf: ["dnf", "check-update"],
-    apk: ["apk", "update"],
-};
-/** Install one or more system packages. */
-export async function pkgInstall(packages, opts) {
-    const pm = opts.pm ?? "apt";
-    const envOverride = {
-        ...opts.env,
-        ...(opts.nonInteractive !== false ? { DEBIAN_FRONTEND: "noninteractive" } : {}),
-    };
-    // Update package index first
-    await sudo(updateCmd[pm], { ...opts, env: envOverride, quiet: true });
-    return sudo([...installCmd[pm], ...packages], {
-        ...opts,
-        env: envOverride,
+var __defProp = Object.defineProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, {
+      get: all[name],
+      enumerable: true,
+      configurable: true,
+      set: (newValue) => all[name] = () => newValue
     });
+};
+var __esm = (fn, res) => () => (fn && (res = fn(fn = 0)), res);
+
+// sudo.ts
+var exports_sudo = {};
+__export(exports_sudo, {
+  writeFile: () => writeFile,
+  sudo: () => sudo,
+  serviceEnable: () => serviceEnable,
+  service: () => service,
+  pkgInstall: () => pkgInstall,
+  exec: () => exec
+});
+async function sudo(cmd, opts) {
+  const parts = Array.isArray(cmd) ? cmd : cmd.split(/\s+/);
+  const envPrefix = opts.env ? Object.entries(opts.env).map(([k, v]) => `${k}=${shellEscape(v)}`) : [];
+  const sudoCmd = ["sudo", ...envPrefix, ...parts];
+  return exec(sudoCmd, opts);
 }
-/** Write content to a privileged file path using tee. */
-export async function writeFile(path, content, opts) {
-    const op = opts.append ? "-a" : "";
-    const teeCmd = `tee ${op} ${shellEscape(path)}`.trim();
-    // Pipe content through sudo tee
-    const result = await execPipe(content, ["sudo", teeCmd], opts);
-    if (result.ok && opts.mode) {
-        await sudo(["chmod", opts.mode, path], opts);
-    }
-    if (result.ok && opts.owner) {
-        await sudo(["chown", opts.owner, path], opts);
-    }
-    return result;
+async function pkgInstall(packages, opts) {
+  const pm = opts.pm ?? "apt";
+  const envOverride = {
+    ...opts.env,
+    ...opts.nonInteractive !== false ? { DEBIAN_FRONTEND: "noninteractive" } : {}
+  };
+  await sudo(updateCmd[pm], { ...opts, env: envOverride, quiet: true });
+  return sudo([...installCmd[pm], ...packages], {
+    ...opts,
+    env: envOverride
+  });
 }
-/** Manage a systemd service. */
-export async function service(name, action, opts) {
-    return sudo(["systemctl", action, name], opts);
+async function writeFile(path, content, opts) {
+  const op = opts.append ? "-a" : "";
+  const teeCmd = `tee ${op} ${shellEscape(path)}`.trim();
+  const result = await execPipe(content, ["sudo", teeCmd], opts);
+  if (result.ok && opts.mode) {
+    await sudo(["chmod", opts.mode, path], opts);
+  }
+  if (result.ok && opts.owner) {
+    await sudo(["chown", opts.owner, path], opts);
+  }
+  return result;
 }
-/** Enable and start a service in one call. */
-export async function serviceEnable(name, opts) {
-    return sudo(["systemctl", "enable", "--now", name], opts);
+async function service(name, action, opts) {
+  return sudo(["systemctl", action, name], opts);
+}
+async function serviceEnable(name, opts) {
+  return sudo(["systemctl", "enable", "--now", name], opts);
 }
-// ---------------------------------------------------------------------------
-// Internals
-// ---------------------------------------------------------------------------
 function buildSshPrefix(ctx) {
-    const parts = ["ssh", "-F", "/dev/null", "-o", "StrictHostKeyChecking=no", "-o", "UserKnownHostsFile=/dev/null"];
-    if (ctx.keyPath)
-        parts.push("-i", ctx.keyPath);
-    else if (ctx.key)
-        parts.push("-i", ctx.key);
-    if (ctx.port)
-        parts.push("-p", String(ctx.port));
-    parts.push(`${ctx.user ?? "root"}@${ctx.host}`);
-    return parts;
+  const parts = ["ssh", "-F", "/dev/null", "-o", "StrictHostKeyChecking=no", "-o", "UserKnownHostsFile=/dev/null"];
+  if (ctx.keyPath)
+    parts.push("-i", ctx.keyPath);
+  else if (ctx.key)
+    parts.push("-i", ctx.key);
+  if (ctx.port)
+    parts.push("-p", String(ctx.port));
+  parts.push(`${ctx.user ?? "root"}@${ctx.host}`);
+  return parts;
 }
-export async function exec(args, opts) {
-    const finalArgs = opts.context.type === "ssh"
-        ? [...buildSshPrefix(opts.context), args.map(shellEscape).join(" ")]
-        : args;
-    return new Promise((resolve, reject) => {
-        const timeout = opts.timeout ?? 30_000;
-        let timer;
-        const spawnArgs = finalArgs[0].includes(" ")
-            ? ["sh", "-c", finalArgs.join(" ")]
-            : finalArgs;
-        const proc = spawn(spawnArgs[0], spawnArgs.slice(1), {
-            stdio: ["ignore", "pipe", "pipe"],
-        });
-        let stdout = "";
-        let stderr = "";
-        proc.stdout?.on("data", (data) => {
-            stdout += data.toString();
-        });
-        proc.stderr?.on("data", (data) => {
-            stderr += data.toString();
-        });
-        if (timeout) {
-            timer = setTimeout(() => {
-                proc.kill();
-                resolve({
-                    stdout: opts.quiet ? "" : stdout,
-                    stderr: stderr + "\nCommand timed out",
-                    exitCode: 124,
-                    ok: false,
-                });
-            }, timeout);
-        }
-        proc.on("close", (code) => {
-            if (timer)
-                clearTimeout(timer);
-            resolve({
-                stdout: opts.quiet ? "" : stdout,
-                stderr,
-                exitCode: code ?? 0,
-                ok: code === 0,
-            });
-        });
-        proc.on("error", (err) => {
-            if (timer)
-                clearTimeout(timer);
-            reject(new Error(`Command failed: ${err.message}`));
-        });
-    });
+async function exec(args, opts) {
+  const finalArgs = opts.context.type === "ssh" ? [...buildSshPrefix(opts.context), args.map(shellEscape).join(" ")] : args;
+  const proc = Bun.spawn(finalArgs, {
+    stdout: "pipe",
+    stderr: "pipe",
+    timeout: opts.timeout ?? 30000
+  });
+  const exitCode = await proc.exited;
+  const stdout = opts.quiet ? "" : await new Response(proc.stdout).text();
+  const stderr = await new Response(proc.stderr).text();
+  return { stdout, stderr, exitCode, ok: exitCode === 0 };
 }
 async function execPipe(input, args, opts) {
-    if (opts.context.type === "ssh") {
-        // Over SSH: echo content | ssh user@host 'sudo tee /path'
-        const sshPrefix = buildSshPrefix(opts.context);
-        const remoteCmd = args.join(" ");
-        const fullArgs = [...sshPrefix, remoteCmd];
-        return new Promise((resolve, reject) => {
-            const timeout = opts.timeout ?? 30_000;
-            let timer;
-            const spawnArgs = fullArgs[0].includes(" ")
-                ? ["sh", "-c", fullArgs.join(" ")]
-                : fullArgs;
-            const proc = spawn(spawnArgs[0], spawnArgs.slice(1), {
-                stdio: ["pipe", "pipe", "pipe"],
-            });
-            // Write input to stdin
-            if (proc.stdin) {
-                proc.stdin.write(input);
-                proc.stdin.end();
-            }
-            let stdout = "";
-            let stderr = "";
-            proc.stdout?.on("data", (data) => {
-                stdout += data.toString();
-            });
-            proc.stderr?.on("data", (data) => {
-                stderr += data.toString();
-            });
-            if (timeout) {
-                timer = setTimeout(() => {
-                    proc.kill();
-                    resolve({
-                        stdout: opts.quiet ? "" : stdout,
-                        stderr: stderr + "\nCommand timed out",
-                        exitCode: 124,
-                        ok: false,
-                    });
-                }, timeout);
-            }
-            proc.on("close", (code) => {
-                if (timer)
-                    clearTimeout(timer);
-                resolve({
-                    stdout: opts.quiet ? "" : stdout,
-                    stderr,
-                    exitCode: code ?? 0,
-                    ok: code === 0,
-                });
-            });
-            proc.on("error", (err) => {
-                if (timer)
-                    clearTimeout(timer);
-                reject(new Error(`Command failed: ${err.message}`));
-            });
-        });
-    }
-    // Local: pipe through shell
-    return new Promise((resolve, reject) => {
-        const timeout = opts.timeout ?? 30_000;
-        let timer;
-        const proc = spawn("sh", ["-c", args.join(" ")], {
-            stdio: ["pipe", "pipe", "pipe"],
-        });
-        // Write input to stdin
-        if (proc.stdin) {
-            proc.stdin.write(input);
-            proc.stdin.end();
-        }
-        let stdout = "";
-        let stderr = "";
-        proc.stdout?.on("data", (data) => {
-            stdout += data.toString();
-        });
-        proc.stderr?.on("data", (data) => {
-            stderr += data.toString();
-        });
-        if (timeout) {
-            timer = setTimeout(() => {
-                proc.kill();
-                resolve({
-                    stdout: opts.quiet ? "" : stdout,
-                    stderr: stderr + "\nCommand timed out",
-                    exitCode: 124,
-                    ok: false,
-                });
-            }, timeout);
-        }
-        proc.on("close", (code) => {
-            if (timer)
-                clearTimeout(timer);
-            resolve({
-                stdout: opts.quiet ? "" : stdout,
-                stderr,
-                exitCode: code ?? 0,
-                ok: code === 0,
-            });
-        });
-        proc.on("error", (err) => {
-            if (timer)
-                clearTimeout(timer);
-            reject(new Error(`Command failed: ${err.message}`));
-        });
+  if (opts.context.type === "ssh") {
+    const sshPrefix = buildSshPrefix(opts.context);
+    const remoteCmd = args.join(" ");
+    const fullArgs = [...sshPrefix, remoteCmd];
+    const proc2 = Bun.spawn(fullArgs, {
+      stdin: new TextEncoder().encode(input),
+      stdout: "pipe",
+      stderr: "pipe",
+      timeout: opts.timeout ?? 30000
     });
+    const exitCode2 = await proc2.exited;
+    const stdout2 = opts.quiet ? "" : await new Response(proc2.stdout).text();
+    const stderr2 = await new Response(proc2.stderr).text();
+    return { stdout: stdout2, stderr: stderr2, exitCode: exitCode2, ok: exitCode2 === 0 };
+  }
+  const proc = Bun.spawn(["sh", "-c", args.join(" ")], {
+    stdin: new TextEncoder().encode(input),
+    stdout: "pipe",
+    stderr: "pipe",
+    timeout: opts.timeout ?? 30000
+  });
+  const exitCode = await proc.exited;
+  const stdout = opts.quiet ? "" : await new Response(proc.stdout).text();
+  const stderr = await new Response(proc.stderr).text();
+  return { stdout, stderr, exitCode, ok: exitCode === 0 };
 }
 function shellEscape(s) {
-    if (/^[a-zA-Z0-9._\-\/=:@]+$/.test(s))
-        return s;
-    return `'${s.replace(/'/g, "'\\''")}'`;
+  if (/^[a-zA-Z0-9._\-\/=:@]+$/.test(s))
+    return s;
+  return `'${s.replace(/'/g, "'\\''")}'`;
 }
+var installCmd, updateCmd;
+var init_sudo = __esm(() => {
+  installCmd = {
+    apt: ["apt-get", "install", "-y"],
+    dnf: ["dnf", "install", "-y"],
+    apk: ["apk", "add", "--no-cache"]
+  };
+  updateCmd = {
+    apt: ["apt-get", "update", "-qq"],
+    dnf: ["dnf", "check-update"],
+    apk: ["apk", "update"]
+  };
+});
+init_sudo();
+
+export {
+  writeFile,
+  sudo,
+  serviceEnable,
+  service,
+  pkgInstall,
+  exec
+};

package/dist/systemd.d.ts

@@ -1,8 +1,105 @@
 /**
- * Systemd service unit creation and management.
+ * Systemd service unit creation and management with security hardening.
+ *
+ * @example Creating a secure web service
+ * ```typescript
+ * import { createServiceUnit, SECURITY_PRESETS, enableAndStartService } from "@ebowwa/seedinstallation/systemd";
+ *
+ * const webService = await createServiceUnit("my-api", {
+ *   description: "My API Service",
+ *   workingDirectory: "/opt/my-api",
+ *   execStart: "/usr/bin/node /opt/my-api/index.js",
+ *   user: "api-user",
+ *   ...SECURITY_PRESETS.network,
+ *   readWritePaths: ["/var/log/my-api", "/var/lib/my-api"],
+ *   environment: {
+ *     NODE_ENV: "production",
+ *     PORT: "8911",
+ *   },
+ *   context: sudoContext,
+ * });
+ *
+ * await enableAndStartService("my-api", { context: sudoContext });
+ * ```
+ *
+ * @example Creating a service with custom security
+ * ```typescript
+ * const customService = await createServiceUnit("custom-agent", {
+ *   description: "Custom Agent",
+ *   workingDirectory: "/opt/agent",
+ *   execStart: "/usr/bin/node /opt/agent/index.js",
+ *   user: "agent",
+ *   // Apply strict security but relax some options
+ *   ...SECURITY_PRESETS.strict,
+ *   // Allow specific directory for agent data
+ *   readWritePaths: ["/var/lib/agent", "/var/log/agent"],
+ *   // Allow network communication
+ *   restrictAddressFamilies: ["AF_UNIX", "AF_INET", "AF_INET6"],
+ *   // Allow binding to privileged ports
+ *   capabilityBoundingSet: ["CAP_NET_BIND_SERVICE"],
+ *   ambientCapabilities: ["CAP_NET_BIND_SERVICE"],
+ *   context: sudoContext,
+ * });
+ * ```
+ *
+ * @example Creating a development service with minimal security
+ * ```typescript
+ * const devService = await createServiceUnit("dev-service", {
+ *   description: "Development Service",
+ *   workingDirectory: "/home/dev/project",
+ *   execStart: "npm run dev",
+ *   user: "dev",
+ *   ...SECURITY_PRESETS.minimal,
+ *   // Allow full home directory access for development
+ *   readWritePaths: ["/home/dev"],
+ *   context: sudoContext,
+ * });
+ * ```
+ *
  * Works with both local and SSH contexts via ExecContext from sudo.ts.
  */
-import type { SudoOptions, ExecResult } from "./sudo.js";
+import type { SudoOptions, ExecResult } from "./sudo";
+/**
+ * Result of systemd availability check
+ */
+export interface SystemdCheckResult {
+    /** Whether systemd is available on this system */
+    available: boolean;
+    /** Reason why systemd is not available (undefined if available) */
+    reason?: "not_found" | "not_running" | "no_permission" | "unknown";
+    /** Human-readable message */
+    message: string;
+}
+/**
+ * Check if systemd is available on the system.
+ *
+ * Detection methods (tried in order):
+ * 1. Check if systemctl command exists
+ * 2. Check if /run/systemd/system directory exists
+ * 3. Try running systemctl --version
+ *
+ * Results are cached after first call.
+ *
+ * @param opts - Optional execution context (defaults to local if not provided)
+ *
+ * @example Skip systemd operations on non-systemd systems
+ * ```typescript
+ * import { hasSystemd, createServiceUnit } from "@ebowwa/seedinstallation/systemd";
+ *
+ * if (!(await hasSystemd()).available) {
+ *   console.log("Running in container/without systemd - skipping service creation");
+ *   // Run process directly instead
+ * } else {
+ *   await createServiceUnit("my-service", { ... });
+ * }
+ * ```
+ */
+export declare function hasSystemd(opts?: SudoOptions): Promise<SystemdCheckResult>;
+/**
+ * Clear the systemd detection cache.
+ * Useful for testing or when system state may have changed.
+ */
+export declare function clearSystemdCache(): void;
 export interface ServiceUnitOptions {
     /** Service description */
     description: string;
@@ -40,6 +137,52 @@ export interface ServiceUnitOptions {
     nice?: number;
     /** Additional unit file sections (e.g. [Install], [Unit] extras) */
     extras?: string;
+    /** Prevent the process and its children from gaining new privileges via execve */
+    noNewPrivileges?: boolean;
+    /** Mount /tmp and /var/tmp as private, empty directories */
+    privateTmp?: boolean;
+    /** Make the file system hierarchy read-only (strict = full read-only except /var, /etc, /home) */
+    protectSystem?: "strict" | "full" | "yes";
+    /** Mount /home and /root read-only or as tmpfs (true = read-only) */
+    protectHome?: boolean | "read-only" | "tmpfs";
+    /** Paths that should be mounted read-only (default: all paths except readWritePaths) */
+    readOnlyPaths?: string[];
+    /** Paths that should be writable (whitelist approach for security) */
+    readWritePaths?: string[];
+    /** Restrict real-time scheduling access */
+    restrictRealtime?: boolean;
+    /** Deny writing to memory/execute permissions (prevents JIT compilation, W^X) */
+    memoryDenyWriteExecute?: boolean;
+    /** Make kernel tunables (sysctl, /proc/sys, /sys) read-only */
+    protectKernelTunables?: boolean;
+    /** Prevent kernel module loading/unloading */
+    protectKernelModules?: boolean;
+    /** Prevent access to cgroups filesystem */
+    protectControlGroups?: boolean;
+    /** Restrict address families (e.g., ["AF_UNIX", "AF_INET", "AF_INET6"]) */
+    restrictAddressFamilies?: string[];
+    /** Create device node whitelist (empty = no device access) */
+    deviceAllow?: string[];
+    /** Make device nodes read-only */
+    devicePolicy?: "auto" | "closed" | "strict";
+    /** Restrict system call access (systemd 241+) */
+    systemCallFilter?: string[];
+    /** Restrict filesystem namespaces */
+    restrictNamespaces?: boolean | string[];
+    /** Set personality (e.g., "x86-64") */
+    personality?: string;
+    /** Lock personality with syscalls */
+    lockPersonality?: boolean;
+    /** Remove CAP_SYS_* capabilities */
+    removeCapability?: string[];
+    /** Bounding set to drop capabilities */
+    capabilityBoundingSet?: string[];
+    /** Ambient capabilities to keep */
+    ambientCapabilities?: string[];
+    /** Private devices namespace (/dev whitelist) */
+    privateDevices?: boolean;
+    /** Mount /usr read-only */
+    protectKernelLogs?: boolean;
 }
 export interface ServiceResult extends ExecResult {
     /** Path to the unit file */
@@ -104,7 +247,7 @@ export declare function serviceExists(name: string, opts: SudoOptions): Promise<
 /**
  * Get service logs via journalctl.
  */
-export declare function getServiceLogs(name: string, opts: SudoOptions & {
+export declare function getServiceLogs(name: string, opts?: SudoOptions & {
     /** Number of lines to show (default: 100) */
     lines?: number;
     /** Follow logs */
@@ -112,3 +255,64 @@ export declare function getServiceLogs(name: string, opts: SudoOptions & {
     /** Show logs since timestamp */
     since?: string;
 }): Promise<string>;
+/**
+ * Security hardening presets for systemd services.
+ * Apply these using spread syntax: { ...SECURITY_PRESETS.strict, ...customOptions }
+ */
+export declare const SECURITY_PRESETS: Record<string, Partial<ServiceUnitOptions>>;
+/**
+ * Helper to merge security preset with custom options.
+ * Custom options override preset values.
+ */
+export declare function withSecurityPreset(preset: keyof typeof SECURITY_PRESETS, customOptions: ServiceUnitOptions): ServiceUnitOptions;
+/**
+ * Options for safe systemd operations
+ */
+export interface SafeSystemdOptions {
+    /** Whether to throw error if systemd is not available (default: true) */
+    requireSystemd?: boolean;
+    /** Callback to run when systemd is not available */
+    onNoSystemd?: (check: SystemdCheckResult) => void | Promise<void>;
+    /** Execution context (defaults to local if not provided) */
+    context?: SudoOptions["context"];
+    /** Environment variables */
+    env?: Record<string, string>;
+    /** Timeout in ms */
+    timeout?: number;
+    /** Suppress output */
+    quiet?: boolean;
+}
+/**
+ * Safely execute a systemd operation with automatic detection.
+ *
+ * If systemd is not available, either:
+ * - Throws an error (if requireSystemd = true, default)
+ * - Calls onNoSystemd callback (if provided)
+ * - Returns undefined gracefully
+ *
+ * @example
+ * ```typescript
+ * import { safeSystemd, createServiceUnit } from "@ebowwa/seedinstallation/systemd";
+ *
+ * // Will throw if no systemd
+ * await safeSystemd(async () => {
+ *   await createServiceUnit("my-service", { ... });
+ * });
+ *
+ * // Will skip gracefully if no systemd
+ * await safeSystemd(
+ *   async () => {
+ *     await createServiceUnit("my-service", { ... });
+ *   },
+ *   {
+ *     requireSystemd: false,
+ *     onNoSystemd: async (check) => {
+ *       console.log(`No systemd: ${check.message}`);
+ *       // Run process directly instead
+ *     },
+ *   }
+ * );
+ * ```
+ */
+export declare function safeSystemd<T>(operation: () => Promise<T>, options?: SafeSystemdOptions): Promise<T | undefined>;
+//# sourceMappingURL=systemd.d.ts.map

package/dist/systemd.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"systemd.d.ts","sourceRoot":"","sources":["../systemd.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA2DG;AAEH,OAAO,KAAK,EAAe,WAAW,EAAE,UAAU,EAAE,MAAM,QAAQ,CAAC;AAiBnE;;GAEG;AACH,MAAM,WAAW,kBAAkB;IACjC,kDAAkD;IAClD,SAAS,EAAE,OAAO,CAAC;IACnB,mEAAmE;IACnE,MAAM,CAAC,EAAE,WAAW,GAAG,aAAa,GAAG,eAAe,GAAG,SAAS,CAAC;IACnE,6BAA6B;IAC7B,OAAO,EAAE,MAAM,CAAC;CACjB;AAOD;;;;;;;;;;;;;;;;;;;;;;;GAuBG;AACH,wBAAsB,UAAU,CAAC,IAAI,CAAC,EAAE,WAAW,GAAG,OAAO,CAAC,kBAAkB,CAAC,CAoEhF;AAED;;;GAGG;AACH,wBAAgB,iBAAiB,IAAI,IAAI,CAExC;AAMD,MAAM,WAAW,kBAAkB;IACjC,0BAA0B;IAC1B,WAAW,EAAE,MAAM,CAAC;IACpB,wCAAwC;IACxC,KAAK,CAAC,EAAE,MAAM,EAAE,CAAC;IACjB,mCAAmC;IACnC,KAAK,CAAC,EAAE,MAAM,EAAE,CAAC;IACjB,uCAAuC;IACvC,IAAI,CAAC,EAAE,QAAQ,GAAG,SAAS,GAAG,MAAM,GAAG,SAAS,GAAG,QAAQ,GAAG,MAAM,CAAC;IACrE,uCAAuC;IACvC,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,sBAAsB;IACtB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,wBAAwB;IACxB,gBAAgB,EAAE,MAAM,CAAC;IACzB,yBAAyB;IACzB,SAAS,EAAE,MAAM,CAAC;IAClB,qDAAqD;IACrD,YAAY,CAAC,EAAE,MAAM,EAAE,CAAC;IACxB,oCAAoC;IACpC,YAAY,CAAC,EAAE,MAAM,EAAE,CAAC;IACxB,yCAAyC;IACzC,OAAO,CAAC,EAAE,IAAI,GAAG,QAAQ,GAAG,YAAY,GAAG,YAAY,GAAG,aAAa,GAAG,UAAU,GAAG,aAAa,CAAC;IACrG,qCAAqC;IACrC,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,4BAA4B;IAC5B,WAAW,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACrC,+BAA+B;IAC/B,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,gDAAgD;IAChD,cAAc,CAAC,EAAE,SAAS,GAAG,QAAQ,GAAG,MAAM,GAAG,aAAa,CAAC;IAC/D,0BAA0B;IAC1B,aAAa,CAAC,EAAE,SAAS,GAAG,QAAQ,GAAG,MAAM,GAAG,SAAS,CAAC;IAC1D,6BAA6B;IAC7B,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,oEAAoE;IACpE,MAAM,CAAC,EAAE,MAAM,CAAC;IAMhB,kFAAkF;IAClF,eAAe,CAAC,EAAE,OAAO,CAAC;IAC1B,4DAA4D;IAC5D,UAAU,CAAC,EAAE,OAAO,CAAC;IACrB,kGAAkG;IAClG,aAAa,CAAC,EAAE,QAAQ,GAAG,MAAM,GAAG,KAAK,CAAC;IAC1C,qEAAqE;IACrE,WAAW,CAAC,EAAE,OAAO,GAAG,WAAW,GAAG,OAAO,CAAC;IAC9C,wFAAwF;IACxF,aAAa,CAAC,EAAE,MAAM,EAAE,CAAC;IACzB,sEAAsE;IACtE,cAAc,CAAC,EAAE,MAAM,EAAE,CAAC;IAC1B,2CAA2C;IAC3C,gBAAgB,CAAC,EAAE,OAAO,CAAC;IAC3B,iFAAiF;IACjF,sBAAsB,CAAC,EAAE,OAAO,CAAC;IACjC,+DAA+D;IAC/D,qBAAqB,CAAC,EAAE,OAAO,CAAC;IAChC,8CAA8C;IAC9C,oBAAoB,CAAC,EAAE,OAAO,CAAC;IAC/B,2CAA2C;IAC3C,oBAAoB,CAAC,EAAE,OAAO,CAAC;IAC/B,2EAA2E;IAC3E,uBAAuB,CAAC,EAAE,MAAM,EAAE,CAAC;IACnC,8DAA8D;IAC9D,WAAW,CAAC,EAAE,MAAM,EAAE,CAAC;IACvB,kCAAkC;IAClC,YAAY,CAAC,EAAE,MAAM,GAAG,QAAQ,GAAG,QAAQ,CAAC;IAC5C,iDAAiD;IACjD,gBAAgB,CAAC,EAAE,MAAM,EAAE,CAAC;IAC5B,qCAAqC;IACrC,kBAAkB,CAAC,EAAE,OAAO,GAAG,MAAM,EAAE,CAAC;IACxC,uCAAuC;IACvC,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,qCAAqC;IACrC,eAAe,CAAC,EAAE,OAAO,CAAC;IAC1B,oCAAoC;IACpC,gBAAgB,CAAC,EAAE,MAAM,EAAE,CAAC;IAC5B,wCAAwC;IACxC,qBAAqB,CAAC,EAAE,MAAM,EAAE,CAAC;IACjC,mCAAmC;IACnC,mBAAmB,CAAC,EAAE,MAAM,EAAE,CAAC;IAC/B,iDAAiD;IACjD,cAAc,CAAC,EAAE,OAAO,CAAC;IACzB,2BAA2B;IAC3B,iBAAiB,CAAC,EAAE,OAAO,CAAC;CAC7B;AAED,MAAM,WAAW,aAAc,SAAQ,UAAU;IAC/C,4BAA4B;IAC5B,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AAMD;;GAEG;AACH,wBAAgB,mBAAmB,CACjC,IAAI,EAAE,MAAM,EACZ,IAAI,EAAE,kBAAkB,GACvB,MAAM,CAqFR;AAED;;GAEG;AACH,wBAAsB,iBAAiB,CACrC,IAAI,EAAE,MAAM,EACZ,IAAI,EAAE,kBAAkB,GAAG,WAAW,GACrC,OAAO,CAAC,aAAa,CAAC,CAuBxB;AAMD;;GAEG;AACH,wBAAsB,aAAa,CACjC,IAAI,EAAE,MAAM,EACZ,IAAI,EAAE,WAAW,GAChB,OAAO,CAAC,UAAU,CAAC,CAErB;AAED;;GAEG;AACH,wBAAsB,cAAc,CAClC,IAAI,EAAE,MAAM,EACZ,IAAI,EAAE,WAAW,GAChB,OAAO,CAAC,UAAU,CAAC,CAErB;AAED;;GAEG;AACH,wBAAsB,YAAY,CAChC,IAAI,EAAE,MAAM,EACZ,IAAI,EAAE,WAAW,GAChB,OAAO,CAAC,UAAU,CAAC,CAErB;AAED;;GAEG;AACH,wBAAsB,WAAW,CAC/B,IAAI,EAAE,MAAM,EACZ,IAAI,EAAE,WAAW,GAChB,OAAO,CAAC,UAAU,CAAC,CAErB;AAED;;GAEG;AACH,wBAAsB,cAAc,CAClC,IAAI,EAAE,MAAM,EACZ,IAAI,EAAE,WAAW,GAChB,OAAO,CAAC,UAAU,CAAC,CAErB;AAED;;GAEG;AACH,wBAAsB,aAAa,CACjC,IAAI,EAAE,MAAM,EACZ,IAAI,EAAE,WAAW,GAChB,OAAO,CAAC,UAAU,CAAC,CAErB;AAED;;GAEG;AACH,wBAAsB,gBAAgB,CACpC,IAAI,EAAE,MAAM,EACZ,IAAI,EAAE,WAAW,GAChB,OAAO,CAAC,aAAa,CAAC,CAsBxB;AAED,MAAM,WAAW,aAAa;IAC5B,sCAAsC;IACtC,MAAM,EAAE,OAAO,CAAC;IAChB,8CAA8C;IAC9C,MAAM,EAAE,OAAO,CAAC;IAChB,gDAAgD;IAChD,QAAQ,EAAE,MAAM,CAAC;IACjB,uBAAuB;IACvB,OAAO,EAAE,MAAM,CAAC;IAChB,0BAA0B;IAC1B,WAAW,EAAE,MAAM,CAAC;CACrB;AAED;;GAEG;AACH,wBAAsB,qBAAqB,CACzC,IAAI,EAAE,MAAM,EACZ,IAAI,EAAE,WAAW,GAChB,OAAO,CAAC,UAAU,CAAC,CAErB;AAED;;GAEG;AACH,wBAAsB,aAAa,CACjC,IAAI,EAAE,MAAM,EACZ,IAAI,EAAE,WAAW,GAChB,OAAO,CAAC,OAAO,CAAC,CAMlB;AAED;;GAEG;AACH,wBAAsB,cAAc,CAClC,IAAI,EAAE,MAAM,EACZ,IAAI,GAAE,WAAW,GAAG;IAClB,6CAA6C;IAC7C,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,kBAAkB;IAClB,MAAM,CAAC,EAAE,OAAO,CAAC;IACjB,gCAAgC;IAChC,KAAK,CAAC,EAAE,MAAM,CAAC;CACX,GACL,OAAO,CAAC,MAAM,CAAC,CAOjB;AAMD;;;GAGG;AACH,eAAO,MAAM,gBAAgB,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,kBAAkB,CAAC,CAgGxE,CAAC;AAEF;;;GAGG;AACH,wBAAgB,kBAAkB,CAChC,MAAM,EAAE,MAAM,OAAO,gBAAgB,EACrC,aAAa,EAAE,kBAAkB,GAChC,kBAAkB,CAKpB;AAMD;;GAEG;AACH,MAAM,WAAW,kBAAkB;IACjC,yEAAyE;IACzE,cAAc,CAAC,EAAE,OAAO,CAAC;IACzB,oDAAoD;IACpD,WAAW,CAAC,EAAE,CAAC,KAAK,EAAE,kBAAkB,KAAK,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAClE,4DAA4D;IAC5D,OAAO,CAAC,EAAE,WAAW,CAAC,SAAS,CAAC,CAAC;IACjC,4BAA4B;IAC5B,GAAG,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAC7B,oBAAoB;IACpB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,sBAAsB;IACtB,KAAK,CAAC,EAAE,OAAO,CAAC;CACjB;AAED;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA+BG;AACH,wBAAsB,WAAW,CAAC,CAAC,EACjC,SAAS,EAAE,MAAM,OAAO,CAAC,CAAC,CAAC,EAC3B,OAAO,GAAE,kBAAuB,GAC/B,OAAO,CAAC,CAAC,GAAG,SAAS,CAAC,CAwBxB"}