@enactprotocol/cli 2.0.0 → 2.0.2

package/dist/commands/sign/index.js

@@ -0,0 +1,507 @@
+/**
+ * enact sign command
+ *
+ * Cryptographically sign a tool using Sigstore keyless signing.
+ * Creates an in-toto attestation, logs to Rekor transparency log,
+ * and submits the attestation to the Enact registry.
+ *
+ * Supports both local paths and remote tool references:
+ *   - Local: enact sign ./my-tool
+ *   - Remote: enact sign author/tool@1.0.0
+ */
+import { readFileSync, writeFileSync } from "node:fs";
+import { dirname, join, resolve } from "node:path";
+import { createApiClient, getToolVersion, submitAttestation as submitAttestationToRegistry, } from "@enactprotocol/api";
+import { getSecret } from "@enactprotocol/secrets";
+import { addTrustedAuditor, emailToProviderIdentity, getTrustedAuditors, loadConfig, loadManifestFromDir, tryLoadManifest, validateManifest, } from "@enactprotocol/shared";
+import { createEnactToolStatement, signAttestation, } from "@enactprotocol/trust";
+import { colors, confirm, dim, error, formatError, info, json, keyValue, newline, success, symbols, warning, withSpinner, } from "../../utils";
+/** Auth namespace for token storage */
+const AUTH_NAMESPACE = "enact:auth";
+const ACCESS_TOKEN_KEY = "access_token";
+/** Default output filename for the signature bundle */
+const DEFAULT_BUNDLE_FILENAME = ".sigstore-bundle.json";
+/**
+ * Parse a remote tool reference like "author/tool@1.0.0"
+ * Returns null if not a valid remote reference
+ */
+function parseRemoteToolRef(ref) {
+    // Remote refs look like: author/tool@version or org/author/tool@version
+    // They don't start with . or / and contain @ for version
+    if (ref.startsWith(".") || ref.startsWith("/") || ref.startsWith("~")) {
+        return null;
+    }
+    const atIndex = ref.lastIndexOf("@");
+    if (atIndex === -1 || atIndex === 0) {
+        return null;
+    }
+    const name = ref.substring(0, atIndex);
+    const version = ref.substring(atIndex + 1);
+    // Must have at least one / in the name (author/tool)
+    if (!name.includes("/") || !version) {
+        return null;
+    }
+    return { name, version };
+}
+/**
+ * Find the manifest file in a directory or at a path
+ */
+function findManifestPath(pathArg) {
+    const absolutePath = resolve(pathArg);
+    // Check if it's a directory or file
+    try {
+        // Try loading from directory first
+        const loaded = loadManifestFromDir(absolutePath);
+        return {
+            manifestPath: loaded.filePath,
+            manifestDir: absolutePath,
+        };
+    }
+    catch {
+        // Try as a direct file path
+        const loaded = tryLoadManifest(absolutePath);
+        if (loaded) {
+            return {
+                manifestPath: absolutePath,
+                manifestDir: dirname(absolutePath),
+            };
+        }
+        throw new Error(`No manifest found at: ${pathArg}`);
+    }
+}
+/**
+ * Display signing preview (dry run)
+ */
+function displayDryRun(manifestPath, manifest, outputPath, options) {
+    newline();
+    info(colors.bold("Dry Run Preview - Signing"));
+    newline();
+    keyValue("Tool", manifest.name);
+    keyValue("Version", manifest.version ?? "unversioned");
+    keyValue("Manifest", manifestPath);
+    keyValue("Output", outputPath);
+    keyValue("Submit to registry", options.local ? "No (local only)" : "Yes");
+    newline();
+    info("Actions that would be performed:");
+    dim("  1. Authenticate via OIDC (browser-based OAuth flow)");
+    dim("  2. Create in-toto attestation for tool manifest");
+    dim("  3. Request signing certificate from Fulcio");
+    dim("  4. Sign attestation with ephemeral keypair");
+    dim("  5. Log signature to Rekor transparency log");
+    dim(`  6. Write bundle to ${outputPath}`);
+    if (!options.local) {
+        dim("  7. Submit attestation to Enact registry");
+    }
+    newline();
+    warning("Note: Actual signing requires OIDC authentication.");
+    dim("You will be prompted to authenticate in your browser.");
+}
+/**
+ * Prompt user to add themselves to trusted auditors list (local config)
+ */
+async function promptAddToTrustList(auditorEmail, isInteractive) {
+    if (!isInteractive) {
+        return false;
+    }
+    try {
+        // Convert email to provider:identity format (e.g., github:alice)
+        const providerIdentity = emailToProviderIdentity(auditorEmail);
+        // Check if already in local trust list
+        const trustedAuditors = getTrustedAuditors();
+        if (trustedAuditors.includes(providerIdentity)) {
+            // Already trusted
+            return false;
+        }
+        newline();
+        info(colors.command("Trust Configuration"));
+        newline();
+        dim(`You signed this tool with: ${colors.bold(auditorEmail)}`);
+        dim(`Identity format: ${colors.bold(providerIdentity)}`);
+        dim("This identity is not currently in your local trusted auditors list.");
+        newline();
+        const shouldAdd = await confirm("Would you like to add this identity to ~/.enact/config.yaml?", true);
+        if (!shouldAdd) {
+            return false;
+        }
+        // Add to local config file
+        const added = addTrustedAuditor(providerIdentity);
+        if (added) {
+            newline();
+            success(`Added ${providerIdentity} to ~/.enact/config.yaml`);
+            dim("This tool (and others you sign) will now be automatically trusted");
+            return true;
+        }
+        return false;
+    }
+    catch (err) {
+        // Silently fail if trust update fails - don't block signing
+        if (err instanceof Error) {
+            dim(`Note: Could not update trust list: ${err.message}`);
+        }
+        return false;
+    }
+}
+/**
+ * Display signing result
+ */
+function displayResult(bundle, outputPath, manifest, options, registryResult) {
+    if (options.json) {
+        json({
+            success: true,
+            tool: manifest.name,
+            version: manifest.version ?? "unversioned",
+            bundlePath: outputPath,
+            bundle,
+            registry: registryResult
+                ? {
+                    submitted: true,
+                    auditor: registryResult.auditor,
+                    rekorLogIndex: registryResult.rekorLogIndex,
+                }
+                : { submitted: false },
+        });
+        return;
+    }
+    newline();
+    success(`Successfully signed ${manifest.name}@${manifest.version ?? "unversioned"}`);
+    newline();
+    keyValue("Bundle saved to", outputPath);
+    // Show some bundle details
+    if (bundle.verificationMaterial?.tlogEntries?.[0]) {
+        const entry = bundle.verificationMaterial.tlogEntries[0];
+        if (entry.logIndex !== undefined) {
+            keyValue("Rekor log index", String(entry.logIndex));
+        }
+    }
+    // Show registry submission result
+    if (registryResult) {
+        newline();
+        success("Attestation submitted to registry");
+        keyValue("Auditor identity", registryResult.auditor);
+    }
+    else if (!options.local) {
+        newline();
+        warning("Attestation was not submitted to registry (use --local to suppress this warning)");
+    }
+    newline();
+    if (options.local) {
+        info("Note: Attestation saved locally only (--local flag)");
+        dim("  • Run 'enact sign .' without --local to submit to registry");
+    }
+}
+/**
+ * Sign a remote tool from the registry
+ */
+async function signRemoteTool(toolRef, options, _ctx) {
+    const config = loadConfig();
+    const registryUrl = process.env.ENACT_REGISTRY_URL ??
+        config.registry?.url ??
+        "https://siikwkfgsmouioodghho.supabase.co/functions/v1";
+    const client = createApiClient({ baseUrl: registryUrl });
+    // Fetch tool info from registry
+    info(`Fetching ${toolRef.name}@${toolRef.version} from registry...`);
+    let toolInfo;
+    try {
+        toolInfo = await getToolVersion(client, toolRef.name, toolRef.version);
+    }
+    catch (err) {
+        error(`Tool not found: ${toolRef.name}@${toolRef.version}`);
+        if (err instanceof Error) {
+            dim(`  ${err.message}`);
+        }
+        process.exit(1);
+    }
+    newline();
+    keyValue("Tool", toolInfo.name);
+    keyValue("Version", toolInfo.version);
+    keyValue("Bundle hash", toolInfo.bundle.hash);
+    keyValue("Published by", toolInfo.publishedBy.username);
+    // Show existing attestations
+    if (toolInfo.attestations.length > 0) {
+        newline();
+        info("Existing attestations:");
+        for (const att of toolInfo.attestations) {
+            dim(`  • ${att.auditor} (${att.auditorProvider})`);
+        }
+    }
+    // Dry run mode
+    if (options.dryRun) {
+        newline();
+        info(colors.bold("Dry Run - Would perform:"));
+        dim("  1. Authenticate via OIDC (browser-based OAuth flow)");
+        dim("  2. Create in-toto attestation for bundle hash");
+        dim("  3. Request signing certificate from Fulcio");
+        dim("  4. Sign attestation with ephemeral keypair");
+        dim("  5. Log signature to Rekor transparency log");
+        dim("  6. Submit attestation to registry");
+        newline();
+        warning("Note: Actual signing requires OIDC authentication.");
+        return;
+    }
+    // Check auth before doing anything - remote signing always submits to registry
+    const authToken = await getSecret(AUTH_NAMESPACE, ACCESS_TOKEN_KEY);
+    if (!authToken) {
+        error("Not authenticated with registry");
+        dim("Run 'enact auth login' to authenticate before signing remote tools");
+        process.exit(1);
+    }
+    // Confirm signing
+    if (_ctx.isInteractive) {
+        newline();
+        const shouldSign = await confirm(`Sign ${toolInfo.name}@${toolInfo.version} with your identity?`, true);
+        if (!shouldSign) {
+            info("Signing cancelled");
+            return;
+        }
+    }
+    // Sign the attestation (using bundle hash as the artifact)
+    const attestationOptions = {
+        name: toolInfo.name,
+        version: toolInfo.version,
+        publisher: options.identity ?? "unknown",
+        description: toolInfo.description,
+        buildTimestamp: new Date(),
+        bundleHash: toolInfo.bundle.hash,
+    };
+    // Create the in-toto statement - use bundle hash as the "content" for remote tools
+    const statement = createEnactToolStatement(toolInfo.bundle.hash, attestationOptions);
+    // Sign it
+    const result = await withSpinner("Signing attestation...", async () => {
+        try {
+            return await signAttestation(statement, {
+                timeout: 120000, // 2 minutes for OIDC flow
+            });
+        }
+        catch (err) {
+            if (err instanceof Error && err.message.includes("cancelled")) {
+                throw new Error("Signing cancelled by user");
+            }
+            throw err;
+        }
+    });
+    // Submit to registry
+    client.setAuthToken(authToken);
+    try {
+        const attestationResult = await withSpinner("Submitting attestation to registry...", async () => {
+            return await submitAttestationToRegistry(client, {
+                name: toolInfo.name,
+                version: toolInfo.version,
+                sigstoreBundle: result.bundle,
+            });
+        });
+        newline();
+        success(`Signed ${toolInfo.name}@${toolInfo.version}`);
+        keyValue("Auditor identity", attestationResult.auditor);
+        if (attestationResult.rekorLogIndex) {
+            keyValue("Rekor log index", String(attestationResult.rekorLogIndex));
+        }
+        // Prompt to add to trust list
+        if (_ctx.isInteractive && !options.json) {
+            await promptAddToTrustList(attestationResult.auditor, _ctx.isInteractive);
+        }
+        if (options.json) {
+            json({
+                success: true,
+                tool: toolInfo.name,
+                version: toolInfo.version,
+                auditor: attestationResult.auditor,
+                rekorLogIndex: attestationResult.rekorLogIndex,
+            });
+        }
+    }
+    catch (err) {
+        error("Failed to submit attestation to registry");
+        if (err instanceof Error) {
+            dim(`  ${err.message}`);
+        }
+        process.exit(1);
+    }
+}
+/**
+ * Sign command handler (local files)
+ */
+async function signLocalTool(pathArg, options, _ctx) {
+    // Find manifest
+    const { manifestPath, manifestDir } = findManifestPath(pathArg);
+    const manifestContent = readFileSync(manifestPath, "utf-8");
+    // Load and validate manifest
+    const loaded = tryLoadManifest(manifestPath);
+    if (!loaded) {
+        error(`Failed to load manifest from: ${manifestPath}`);
+        process.exit(1);
+    }
+    const manifest = loaded.manifest;
+    // Validate manifest
+    const validation = validateManifest(manifest);
+    if (!validation.valid && validation.errors) {
+        error("Manifest validation failed:");
+        for (const err of validation.errors) {
+            dim(`  ${symbols.cross} ${err.path}: ${err.message}`);
+        }
+        process.exit(1);
+    }
+    // Determine output path
+    const outputPath = options.output
+        ? resolve(options.output)
+        : join(manifestDir, DEFAULT_BUNDLE_FILENAME);
+    // Dry run mode
+    if (options.dryRun) {
+        displayDryRun(manifestPath, manifest, outputPath, options);
+        return;
+    }
+    // Prepare attestation options
+    const attestationOptions = {
+        name: manifest.name,
+        version: manifest.version ?? "1.0.0",
+        publisher: options.identity ?? "unknown",
+        description: manifest.description,
+        buildTimestamp: new Date(),
+    };
+    // Check for git repository for source info
+    try {
+        const { execSync } = await import("node:child_process");
+        const gitCommit = execSync("git rev-parse HEAD", {
+            cwd: manifestDir,
+            encoding: "utf-8",
+        }).trim();
+        attestationOptions.sourceCommit = gitCommit;
+        const remoteUrl = execSync("git remote get-url origin", {
+            cwd: manifestDir,
+            encoding: "utf-8",
+        }).trim();
+        attestationOptions.repository = remoteUrl;
+    }
+    catch {
+        // Not a git repository or git not available
+        if (options.verbose) {
+            dim("Note: Not a git repository, skipping source commit info");
+        }
+    }
+    // Create in-toto attestation statement
+    const statement = createEnactToolStatement(manifestContent, attestationOptions);
+    if (options.verbose) {
+        info("Created attestation statement:");
+        dim(JSON.stringify(statement, null, 2));
+        newline();
+    }
+    // Sign the attestation
+    info("Starting OIDC signing flow...");
+    dim("A browser window will open for authentication.");
+    newline();
+    const result = await withSpinner("Signing attestation...", async () => {
+        try {
+            // Cast statement to Record<string, unknown> for signAttestation
+            return await signAttestation(statement, {
+                timeout: 120000, // 2 minutes for OIDC flow
+            });
+        }
+        catch (err) {
+            // Re-throw with more context
+            if (err instanceof Error) {
+                if (err.message.includes("OIDC") || err.message.includes("token")) {
+                    throw new Error(`OIDC authentication failed: ${err.message}\nMake sure you complete the browser authentication flow.`);
+                }
+                if (err.message.includes("Fulcio") || err.message.includes("certificate")) {
+                    throw new Error(`Certificate issuance failed: ${err.message}\nThis may be a temporary issue with the Sigstore infrastructure.`);
+                }
+                if (err.message.includes("Rekor") || err.message.includes("transparency")) {
+                    throw new Error(`Transparency log failed: ${err.message}\nThis may be a temporary issue with the Sigstore infrastructure.`);
+                }
+            }
+            throw err;
+        }
+    });
+    // Save the bundle locally
+    writeFileSync(outputPath, JSON.stringify(result.bundle, null, 2));
+    // Submit attestation to registry (unless --local)
+    let registryResult;
+    if (!options.local) {
+        // Check for auth token from keyring
+        const authToken = await getSecret(AUTH_NAMESPACE, ACCESS_TOKEN_KEY);
+        if (!authToken) {
+            warning("Not authenticated with registry - attestation saved locally only");
+            dim("Run 'enact auth login' to authenticate, then sign again to submit");
+        }
+        else {
+            const client = createApiClient();
+            client.setAuthToken(authToken);
+            try {
+                const attestationResult = await withSpinner("Submitting attestation to registry...", async () => {
+                    // Submit the Sigstore bundle directly (v2 API)
+                    return await submitAttestationToRegistry(client, {
+                        name: manifest.name,
+                        version: manifest.version ?? "1.0.0",
+                        sigstoreBundle: result.bundle,
+                    });
+                });
+                registryResult = {
+                    auditor: attestationResult.auditor,
+                    rekorLogIndex: attestationResult.rekorLogIndex,
+                };
+                // Prompt to add auditor to trust list (if interactive and not in JSON mode)
+                if (!options.json && _ctx.isInteractive) {
+                    await promptAddToTrustList(attestationResult.auditor, _ctx.isInteractive);
+                }
+            }
+            catch (err) {
+                warning("Failed to submit attestation to registry");
+                if (err instanceof Error) {
+                    dim(`  ${err.message}`);
+                }
+                dim("The attestation was saved locally and logged to Rekor.");
+                dim("You can try submitting again later.");
+            }
+        }
+    }
+    // Display result
+    displayResult(result.bundle, outputPath, manifest, options, registryResult);
+}
+/**
+ * Main sign command handler - routes to local or remote
+ */
+async function signHandler(pathArg, options, ctx) {
+    // Check if this is a remote tool reference (author/tool@version)
+    const remoteRef = parseRemoteToolRef(pathArg);
+    if (remoteRef) {
+        // Sign remote tool from registry
+        await signRemoteTool(remoteRef, options, ctx);
+    }
+    else {
+        // Sign local tool
+        await signLocalTool(pathArg, options, ctx);
+    }
+}
+/**
+ * Configure the sign command
+ */
+export function configureSignCommand(program) {
+    program
+        .command("sign")
+        .description("Cryptographically sign a tool and submit attestation to registry")
+        .argument("<path>", "Path to tool directory, manifest file, or remote tool (author/tool@version)")
+        .option("-i, --identity <email>", "Sign with specific identity (uses OAuth)")
+        .option("-o, --output <path>", "Output path for signature bundle (local only)")
+        .option("--dry-run", "Show what would be signed without signing")
+        .option("--local", "Save signature locally only, do not submit to registry")
+        .option("-v, --verbose", "Show detailed output")
+        .option("--json", "Output result as JSON")
+        .action(async (pathArg, options) => {
+        const ctx = {
+            cwd: process.cwd(),
+            options,
+            isCI: Boolean(process.env.CI),
+            isInteractive: process.stdout.isTTY ?? false,
+        };
+        try {
+            await signHandler(pathArg, options, ctx);
+        }
+        catch (err) {
+            error(formatError(err));
+            if (options.verbose && err instanceof Error && err.stack) {
+                dim(err.stack);
+            }
+            process.exit(1);
+        }
+    });
+}
+//# sourceMappingURL=index.js.map

package/dist/commands/sign/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/commands/sign/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAEH,OAAO,EAAE,YAAY,EAAE,aAAa,EAAE,MAAM,SAAS,CAAC;AACtD,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AACnD,OAAO,EACL,eAAe,EACf,cAAc,EACd,iBAAiB,IAAI,2BAA2B,GACjD,MAAM,oBAAoB,CAAC;AAC5B,OAAO,EAAE,SAAS,EAAE,MAAM,wBAAwB,CAAC;AACnD,OAAO,EACL,iBAAiB,EACjB,uBAAuB,EACvB,kBAAkB,EAClB,UAAU,EACV,mBAAmB,EACnB,eAAe,EACf,gBAAgB,GACjB,MAAM,uBAAuB,CAAC;AAC/B,OAAO,EAGL,wBAAwB,EACxB,eAAe,GAChB,MAAM,sBAAsB,CAAC;AAG9B,OAAO,EACL,MAAM,EACN,OAAO,EACP,GAAG,EACH,KAAK,EACL,WAAW,EACX,IAAI,EACJ,IAAI,EACJ,QAAQ,EACR,OAAO,EACP,OAAO,EACP,OAAO,EACP,OAAO,EACP,WAAW,GACZ,MAAM,aAAa,CAAC;AAErB,uCAAuC;AACvC,MAAM,cAAc,GAAG,YAAY,CAAC;AACpC,MAAM,gBAAgB,GAAG,cAAc,CAAC;AASxC,uDAAuD;AACvD,MAAM,uBAAuB,GAAG,uBAAuB,CAAC;AAExD;;;GAGG;AACH,SAAS,kBAAkB,CAAC,GAAW;IACrC,wEAAwE;IACxE,yDAAyD;IACzD,IAAI,GAAG,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,GAAG,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,GAAG,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;QACtE,OAAO,IAAI,CAAC;IACd,CAAC;IAED,MAAM,OAAO,GAAG,GAAG,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC;IACrC,IAAI,OAAO,KAAK,CAAC,CAAC,IAAI,OAAO,KAAK,CAAC,EAAE,CAAC;QACpC,OAAO,IAAI,CAAC;IACd,CAAC;IAED,MAAM,IAAI,GAAG,GAAG,CAAC,SAAS,CAAC,CAAC,EAAE,OAAO,CAAC,CAAC;IACvC,MAAM,OAAO,GAAG,GAAG,CAAC,SAAS,CAAC,OAAO,GAAG,CAAC,CAAC,CAAC;IAE3C,qDAAqD;IACrD,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,CAAC,OAAO,EAAE,CAAC;QACpC,OAAO,IAAI,CAAC;IACd,CAAC;IAED,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC;AAC3B,CAAC;AAED;;GAEG;AACH,SAAS,gBAAgB,CAAC,OAAe;IACvC,MAAM,YAAY,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;IAEtC,oCAAoC;IACpC,IAAI,CAAC;QACH,mCAAmC;QACnC,MAAM,MAAM,GAAG,mBAAmB,CAAC,YAAY,CAAC,CAAC;QACjD,OAAO;YACL,YAAY,EAAE,MAAM,CAAC,QAAQ;YAC7B,WAAW,EAAE,YAAY;SAC1B,CAAC;IACJ,CAAC;IAAC,MAAM,CAAC;QACP,4BAA4B;QAC5B,MAAM,MAAM,GAAG,eAAe,CAAC,YAAY,CAAC,CAAC;QAC7C,IAAI,MAAM,EAAE,CAAC;YACX,OAAO;gBACL,YAAY,EAAE,YAAY;gBAC1B,WAAW,EAAE,OAAO,CAAC,YAAY,CAAC;aACnC,CAAC;QACJ,CAAC;QACD,MAAM,IAAI,KAAK,CAAC,yBAAyB,OAAO,EAAE,CAAC,CAAC;IACtD,CAAC;AACH,CAAC;AAED;;GAEG;AACH,SAAS,aAAa,CACpB,YAAoB,EACpB,QAAkE,EAClE,UAAkB,EAClB,OAAoB;IAEpB,OAAO,EAAE,CAAC;IACV,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,2BAA2B,CAAC,CAAC,CAAC;IAC/C,OAAO,EAAE,CAAC;IAEV,QAAQ,CAAC,MAAM,EAAE,QAAQ,CAAC,IAAI,CAAC,CAAC;IAChC,QAAQ,CAAC,SAAS,EAAE,QAAQ,CAAC,OAAO,IAAI,aAAa,CAAC,CAAC;IACvD,QAAQ,CAAC,UAAU,EAAE,YAAY,CAAC,CAAC;IACnC,QAAQ,CAAC,QAAQ,EAAE,UAAU,CAAC,CAAC;IAC/B,QAAQ,CAAC,oBAAoB,EAAE,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,iBAAiB,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC;IAC1E,OAAO,EAAE,CAAC;IAEV,IAAI,CAAC,kCAAkC,CAAC,CAAC;IACzC,GAAG,CAAC,uDAAuD,CAAC,CAAC;IAC7D,GAAG,CAAC,mDAAmD,CAAC,CAAC;IACzD,GAAG,CAAC,8CAA8C,CAAC,CAAC;IACpD,GAAG,CAAC,8CAA8C,CAAC,CAAC;IACpD,GAAG,CAAC,8CAA8C,CAAC,CAAC;IACpD,GAAG,CAAC,wBAAwB,UAAU,EAAE,CAAC,CAAC;IAC1C,IAAI,CAAC,OAAO,CAAC,KAAK,EAAE,CAAC;QACnB,GAAG,CAAC,2CAA2C,CAAC,CAAC;IACnD,CAAC;IACD,OAAO,EAAE,CAAC;IAEV,OAAO,CAAC,oDAAoD,CAAC,CAAC;IAC9D,GAAG,CAAC,uDAAuD,CAAC,CAAC;AAC/D,CAAC;AAED;;GAEG;AACH,KAAK,UAAU,oBAAoB,CACjC,YAAoB,EACpB,aAAsB;IAEtB,IAAI,CAAC,aAAa,EAAE,CAAC;QACnB,OAAO,KAAK,CAAC;IACf,CAAC;IAED,IAAI,CAAC;QACH,iEAAiE;QACjE,MAAM,gBAAgB,GAAG,uBAAuB,CAAC,YAAY,CAAC,CAAC;QAE/D,uCAAuC;QACvC,MAAM,eAAe,GAAG,kBAAkB,EAAE,CAAC;QAC7C,IAAI,eAAe,CAAC,QAAQ,CAAC,gBAAgB,CAAC,EAAE,CAAC;YAC/C,kBAAkB;YAClB,OAAO,KAAK,CAAC;QACf,CAAC;QAED,OAAO,EAAE,CAAC;QACV,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,qBAAqB,CAAC,CAAC,CAAC;QAC5C,OAAO,EAAE,CAAC;QACV,GAAG,CAAC,8BAA8B,MAAM,CAAC,IAAI,CAAC,YAAY,CAAC,EAAE,CAAC,CAAC;QAC/D,GAAG,CAAC,oBAAoB,MAAM,CAAC,IAAI,CAAC,gBAAgB,CAAC,EAAE,CAAC,CAAC;QACzD,GAAG,CAAC,qEAAqE,CAAC,CAAC;QAC3E,OAAO,EAAE,CAAC;QAEV,MAAM,SAAS,GAAG,MAAM,OAAO,CAC7B,8DAA8D,EAC9D,IAAI,CACL,CAAC;QAEF,IAAI,CAAC,SAAS,EAAE,CAAC;YACf,OAAO,KAAK,CAAC;QACf,CAAC;QAED,2BAA2B;QAC3B,MAAM,KAAK,GAAG,iBAAiB,CAAC,gBAAgB,CAAC,CAAC;QAElD,IAAI,KAAK,EAAE,CAAC;YACV,OAAO,EAAE,CAAC;YACV,OAAO,CAAC,SAAS,gBAAgB,0BAA0B,CAAC,CAAC;YAC7D,GAAG,CAAC,mEAAmE,CAAC,CAAC;YACzE,OAAO,IAAI,CAAC;QACd,CAAC;QAED,OAAO,KAAK,CAAC;IACf,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,4DAA4D;QAC5D,IAAI,GAAG,YAAY,KAAK,EAAE,CAAC;YACzB,GAAG,CAAC,sCAAsC,GAAG,CAAC,OAAO,EAAE,CAAC,CAAC;QAC3D,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED;;GAEG;AACH,SAAS,aAAa,CACpB,MAAsB,EACtB,UAAkB,EAClB,QAA4C,EAC5C,OAAoB,EACpB,cAAuE;IAEvE,IAAI,OAAO,CAAC,IAAI,EAAE,CAAC;QACjB,IAAI,CAAC;YACH,OAAO,EAAE,IAAI;YACb,IAAI,EAAE,QAAQ,CAAC,IAAI;YACnB,OAAO,EAAE,QAAQ,CAAC,OAAO,IAAI,aAAa;YAC1C,UAAU,EAAE,UAAU;YACtB,MAAM;YACN,QAAQ,EAAE,cAAc;gBACtB,CAAC,CAAC;oBACE,SAAS,EAAE,IAAI;oBACf,OAAO,EAAE,cAAc,CAAC,OAAO;oBAC/B,aAAa,EAAE,cAAc,CAAC,aAAa;iBAC5C;gBACH,CAAC,CAAC,EAAE,SAAS,EAAE,KAAK,EAAE;SACzB,CAAC,CAAC;QACH,OAAO;IACT,CAAC;IAED,OAAO,EAAE,CAAC;IACV,OAAO,CAAC,uBAAuB,QAAQ,CAAC,IAAI,IAAI,QAAQ,CAAC,OAAO,IAAI,aAAa,EAAE,CAAC,CAAC;IACrF,OAAO,EAAE,CAAC;IAEV,QAAQ,CAAC,iBAAiB,EAAE,UAAU,CAAC,CAAC;IAExC,2BAA2B;IAC3B,IAAI,MAAM,CAAC,oBAAoB,EAAE,WAAW,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QAClD,MAAM,KAAK,GAAG,MAAM,CAAC,oBAAoB,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC;QACzD,IAAI,KAAK,CAAC,QAAQ,KAAK,SAAS,EAAE,CAAC;YACjC,QAAQ,CAAC,iBAAiB,EAAE,MAAM,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC,CAAC;QACtD,CAAC;IACH,CAAC;IAED,kCAAkC;IAClC,IAAI,cAAc,EAAE,CAAC;QACnB,OAAO,EAAE,CAAC;QACV,OAAO,CAAC,mCAAmC,CAAC,CAAC;QAC7C,QAAQ,CAAC,kBAAkB,EAAE,cAAc,CAAC,OAAO,CAAC,CAAC;IACvD,CAAC;SAAM,IAAI,CAAC,OAAO,CAAC,KAAK,EAAE,CAAC;QAC1B,OAAO,EAAE,CAAC;QACV,OAAO,CAAC,kFAAkF,CAAC,CAAC;IAC9F,CAAC;IAED,OAAO,EAAE,CAAC;IACV,IAAI,OAAO,CAAC,KAAK,EAAE,CAAC;QAClB,IAAI,CAAC,qDAAqD,CAAC,CAAC;QAC5D,GAAG,CAAC,8DAA8D,CAAC,CAAC;IACtE,CAAC;AACH,CAAC;AAED;;GAEG;AACH,KAAK,UAAU,cAAc,CAC3B,OAA0C,EAC1C,OAAoB,EACpB,IAAoB;IAEpB,MAAM,MAAM,GAAG,UAAU,EAAE,CAAC;IAC5B,MAAM,WAAW,GACf,OAAO,CAAC,GAAG,CAAC,kBAAkB;QAC9B,MAAM,CAAC,QAAQ,EAAE,GAAG;QACpB,uDAAuD,CAAC;IAC1D,MAAM,MAAM,GAAG,eAAe,CAAC,EAAE,OAAO,EAAE,WAAW,EAAE,CAAC,CAAC;IAEzD,gCAAgC;IAChC,IAAI,CAAC,YAAY,OAAO,CAAC,IAAI,IAAI,OAAO,CAAC,OAAO,mBAAmB,CAAC,CAAC;IAErE,IAAI,QAAoD,CAAC;IACzD,IAAI,CAAC;QACH,QAAQ,GAAG,MAAM,cAAc,CAAC,MAAM,EAAE,OAAO,CAAC,IAAI,EAAE,OAAO,CAAC,OAAO,CAAC,CAAC;IACzE,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,KAAK,CAAC,mBAAmB,OAAO,CAAC,IAAI,IAAI,OAAO,CAAC,OAAO,EAAE,CAAC,CAAC;QAC5D,IAAI,GAAG,YAAY,KAAK,EAAE,CAAC;YACzB,GAAG,CAAC,KAAK,GAAG,CAAC,OAAO,EAAE,CAAC,CAAC;QAC1B,CAAC;QACD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IAED,OAAO,EAAE,CAAC;IACV,QAAQ,CAAC,MAAM,EAAE,QAAQ,CAAC,IAAI,CAAC,CAAC;IAChC,QAAQ,CAAC,SAAS,EAAE,QAAQ,CAAC,OAAO,CAAC,CAAC;IACtC,QAAQ,CAAC,aAAa,EAAE,QAAQ,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;IAC9C,QAAQ,CAAC,cAAc,EAAE,QAAQ,CAAC,WAAW,CAAC,QAAQ,CAAC,CAAC;IAExD,6BAA6B;IAC7B,IAAI,QAAQ,CAAC,YAAY,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACrC,OAAO,EAAE,CAAC;QACV,IAAI,CAAC,wBAAwB,CAAC,CAAC;QAC/B,KAAK,MAAM,GAAG,IAAI,QAAQ,CAAC,YAAY,EAAE,CAAC;YACxC,GAAG,CAAC,OAAO,GAAG,CAAC,OAAO,KAAK,GAAG,CAAC,eAAe,GAAG,CAAC,CAAC;QACrD,CAAC;IACH,CAAC;IAED,eAAe;IACf,IAAI,OAAO,CAAC,MAAM,EAAE,CAAC;QACnB,OAAO,EAAE,CAAC;QACV,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,0BAA0B,CAAC,CAAC,CAAC;QAC9C,GAAG,CAAC,uDAAuD,CAAC,CAAC;QAC7D,GAAG,CAAC,iDAAiD,CAAC,CAAC;QACvD,GAAG,CAAC,8CAA8C,CAAC,CAAC;QACpD,GAAG,CAAC,8CAA8C,CAAC,CAAC;QACpD,GAAG,CAAC,8CAA8C,CAAC,CAAC;QACpD,GAAG,CAAC,qCAAqC,CAAC,CAAC;QAC3C,OAAO,EAAE,CAAC;QACV,OAAO,CAAC,oDAAoD,CAAC,CAAC;QAC9D,OAAO;IACT,CAAC;IAED,+EAA+E;IAC/E,MAAM,SAAS,GAAG,MAAM,SAAS,CAAC,cAAc,EAAE,gBAAgB,CAAC,CAAC;IACpE,IAAI,CAAC,SAAS,EAAE,CAAC;QACf,KAAK,CAAC,iCAAiC,CAAC,CAAC;QACzC,GAAG,CAAC,oEAAoE,CAAC,CAAC;QAC1E,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IAED,kBAAkB;IAClB,IAAI,IAAI,CAAC,aAAa,EAAE,CAAC;QACvB,OAAO,EAAE,CAAC;QACV,MAAM,UAAU,GAAG,MAAM,OAAO,CAC9B,QAAQ,QAAQ,CAAC,IAAI,IAAI,QAAQ,CAAC,OAAO,sBAAsB,EAC/D,IAAI,CACL,CAAC;QACF,IAAI,CAAC,UAAU,EAAE,CAAC;YAChB,IAAI,CAAC,mBAAmB,CAAC,CAAC;YAC1B,OAAO;QACT,CAAC;IACH,CAAC;IAED,2DAA2D;IAC3D,MAAM,kBAAkB,GAAgC;QACtD,IAAI,EAAE,QAAQ,CAAC,IAAI;QACnB,OAAO,EAAE,QAAQ,CAAC,OAAO;QACzB,SAAS,EAAE,OAAO,CAAC,QAAQ,IAAI,SAAS;QACxC,WAAW,EAAE,QAAQ,CAAC,WAAW;QACjC,cAAc,EAAE,IAAI,IAAI,EAAE;QAC1B,UAAU,EAAE,QAAQ,CAAC,MAAM,CAAC,IAAI;KACjC,CAAC;IAEF,mFAAmF;IACnF,MAAM,SAAS,GAAG,wBAAwB,CAAC,QAAQ,CAAC,MAAM,CAAC,IAAI,EAAE,kBAAkB,CAAC,CAAC;IAErF,UAAU;IACV,MAAM,MAAM,GAAG,MAAM,WAAW,CAAC,wBAAwB,EAAE,KAAK,IAAI,EAAE;QACpE,IAAI,CAAC;YACH,OAAO,MAAM,eAAe,CAAC,SAA+C,EAAE;gBAC5E,OAAO,EAAE,MAAM,EAAE,0BAA0B;aAC5C,CAAC,CAAC;QACL,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,IAAI,GAAG,YAAY,KAAK,IAAI,GAAG,CAAC,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAC,EAAE,CAAC;gBAC9D,MAAM,IAAI,KAAK,CAAC,2BAA2B,CAAC,CAAC;YAC/C,CAAC;YACD,MAAM,GAAG,CAAC;QACZ,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,qBAAqB;IACrB,MAAM,CAAC,YAAY,CAAC,SAAS,CAAC,CAAC;IAE/B,IAAI,CAAC;QACH,MAAM,iBAAiB,GAAG,MAAM,WAAW,CACzC,uCAAuC,EACvC,KAAK,IAAI,EAAE;YACT,OAAO,MAAM,2BAA2B,CAAC,MAAM,EAAE;gBAC/C,IAAI,EAAE,QAAQ,CAAC,IAAI;gBACnB,OAAO,EAAE,QAAQ,CAAC,OAAO;gBACzB,cAAc,EAAE,MAAM,CAAC,MAA4C;aACpE,CAAC,CAAC;QACL,CAAC,CACF,CAAC;QAEF,OAAO,EAAE,CAAC;QACV,OAAO,CAAC,UAAU,QAAQ,CAAC,IAAI,IAAI,QAAQ,CAAC,OAAO,EAAE,CAAC,CAAC;QACvD,QAAQ,CAAC,kBAAkB,EAAE,iBAAiB,CAAC,OAAO,CAAC,CAAC;QACxD,IAAI,iBAAiB,CAAC,aAAa,EAAE,CAAC;YACpC,QAAQ,CAAC,iBAAiB,EAAE,MAAM,CAAC,iBAAiB,CAAC,aAAa,CAAC,CAAC,CAAC;QACvE,CAAC;QAED,8BAA8B;QAC9B,IAAI,IAAI,CAAC,aAAa,IAAI,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC;YACxC,MAAM,oBAAoB,CAAC,iBAAiB,CAAC,OAAO,EAAE,IAAI,CAAC,aAAa,CAAC,CAAC;QAC5E,CAAC;QAED,IAAI,OAAO,CAAC,IAAI,EAAE,CAAC;YACjB,IAAI,CAAC;gBACH,OAAO,EAAE,IAAI;gBACb,IAAI,EAAE,QAAQ,CAAC,IAAI;gBACnB,OAAO,EAAE,QAAQ,CAAC,OAAO;gBACzB,OAAO,EAAE,iBAAiB,CAAC,OAAO;gBAClC,aAAa,EAAE,iBAAiB,CAAC,aAAa;aAC/C,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,KAAK,CAAC,0CAA0C,CAAC,CAAC;QAClD,IAAI,GAAG,YAAY,KAAK,EAAE,CAAC;YACzB,GAAG,CAAC,KAAK,GAAG,CAAC,OAAO,EAAE,CAAC,CAAC;QAC1B,CAAC;QACD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;AACH,CAAC;AAED;;GAEG;AACH,KAAK,UAAU,aAAa,CAC1B,OAAe,EACf,OAAoB,EACpB,IAAoB;IAEpB,gBAAgB;IAChB,MAAM,EAAE,YAAY,EAAE,WAAW,EAAE,GAAG,gBAAgB,CAAC,OAAO,CAAC,CAAC;IAChE,MAAM,eAAe,GAAG,YAAY,CAAC,YAAY,EAAE,OAAO,CAAC,CAAC;IAE5D,6BAA6B;IAC7B,MAAM,MAAM,GAAG,eAAe,CAAC,YAAY,CAAC,CAAC;IAC7C,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,KAAK,CAAC,iCAAiC,YAAY,EAAE,CAAC,CAAC;QACvD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IAED,MAAM,QAAQ,GAAG,MAAM,CAAC,QAAQ,CAAC;IAEjC,oBAAoB;IACpB,MAAM,UAAU,GAAG,gBAAgB,CAAC,QAAQ,CAAC,CAAC;IAC9C,IAAI,CAAC,UAAU,CAAC,KAAK,IAAI,UAAU,CAAC,MAAM,EAAE,CAAC;QAC3C,KAAK,CAAC,6BAA6B,CAAC,CAAC;QACrC,KAAK,MAAM,GAAG,IAAI,UAAU,CAAC,MAAM,EAAE,CAAC;YACpC,GAAG,CAAC,KAAK,OAAO,CAAC,KAAK,IAAI,GAAG,CAAC,IAAI,KAAK,GAAG,CAAC,OAAO,EAAE,CAAC,CAAC;QACxD,CAAC;QACD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IAED,wBAAwB;IACxB,MAAM,UAAU,GAAG,OAAO,CAAC,MAAM;QAC/B,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,MAAM,CAAC;QACzB,CAAC,CAAC,IAAI,CAAC,WAAW,EAAE,uBAAuB,CAAC,CAAC;IAE/C,eAAe;IACf,IAAI,OAAO,CAAC,MAAM,EAAE,CAAC;QACnB,aAAa,CAAC,YAAY,EAAE,QAAQ,EAAE,UAAU,EAAE,OAAO,CAAC,CAAC;QAC3D,OAAO;IACT,CAAC;IAED,8BAA8B;IAC9B,MAAM,kBAAkB,GAAgC;QACtD,IAAI,EAAE,QAAQ,CAAC,IAAI;QACnB,OAAO,EAAE,QAAQ,CAAC,OAAO,IAAI,OAAO;QACpC,SAAS,EAAE,OAAO,CAAC,QAAQ,IAAI,SAAS;QACxC,WAAW,EAAE,QAAQ,CAAC,WAAW;QACjC,cAAc,EAAE,IAAI,IAAI,EAAE;KAC3B,CAAC;IAEF,2CAA2C;IAC3C,IAAI,CAAC;QACH,MAAM,EAAE,QAAQ,EAAE,GAAG,MAAM,MAAM,CAAC,oBAAoB,CAAC,CAAC;QACxD,MAAM,SAAS,GAAG,QAAQ,CAAC,oBAAoB,EAAE;YAC/C,GAAG,EAAE,WAAW;YAChB,QAAQ,EAAE,OAAO;SAClB,CAAC,CAAC,IAAI,EAAE,CAAC;QACV,kBAAkB,CAAC,YAAY,GAAG,SAAS,CAAC;QAE5C,MAAM,SAAS,GAAG,QAAQ,CAAC,2BAA2B,EAAE;YACtD,GAAG,EAAE,WAAW;YAChB,QAAQ,EAAE,OAAO;SAClB,CAAC,CAAC,IAAI,EAAE,CAAC;QACV,kBAAkB,CAAC,UAAU,GAAG,SAAS,CAAC;IAC5C,CAAC;IAAC,MAAM,CAAC;QACP,4CAA4C;QAC5C,IAAI,OAAO,CAAC,OAAO,EAAE,CAAC;YACpB,GAAG,CAAC,yDAAyD,CAAC,CAAC;QACjE,CAAC;IACH,CAAC;IAED,uCAAuC;IACvC,MAAM,SAAS,GAAG,wBAAwB,CAAC,eAAe,EAAE,kBAAkB,CAAC,CAAC;IAEhF,IAAI,OAAO,CAAC,OAAO,EAAE,CAAC;QACpB,IAAI,CAAC,gCAAgC,CAAC,CAAC;QACvC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;QACxC,OAAO,EAAE,CAAC;IACZ,CAAC;IAED,uBAAuB;IACvB,IAAI,CAAC,+BAA+B,CAAC,CAAC;IACtC,GAAG,CAAC,gDAAgD,CAAC,CAAC;IACtD,OAAO,EAAE,CAAC;IAEV,MAAM,MAAM,GAAG,MAAM,WAAW,CAAC,wBAAwB,EAAE,KAAK,IAAI,EAAE;QACpE,IAAI,CAAC;YACH,gEAAgE;YAChE,OAAO,MAAM,eAAe,CAAC,SAA+C,EAAE;gBAC5E,OAAO,EAAE,MAAM,EAAE,0BAA0B;aAC5C,CAAC,CAAC;QACL,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,6BAA6B;YAC7B,IAAI,GAAG,YAAY,KAAK,EAAE,CAAC;gBACzB,IAAI,GAAG,CAAC,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAC,IAAI,GAAG,CAAC,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;oBAClE,MAAM,IAAI,KAAK,CACb,+BAA+B,GAAG,CAAC,OAAO,2DAA2D,CACtG,CAAC;gBACJ,CAAC;gBACD,IAAI,GAAG,CAAC,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAC,IAAI,GAAG,CAAC,OAAO,CAAC,QAAQ,CAAC,aAAa,CAAC,EAAE,CAAC;oBAC1E,MAAM,IAAI,KAAK,CACb,gCAAgC,GAAG,CAAC,OAAO,mEAAmE,CAC/G,CAAC;gBACJ,CAAC;gBACD,IAAI,GAAG,CAAC,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAC,IAAI,GAAG,CAAC,OAAO,CAAC,QAAQ,CAAC,cAAc,CAAC,EAAE,CAAC;oBAC1E,MAAM,IAAI,KAAK,CACb,4BAA4B,GAAG,CAAC,OAAO,mEAAmE,CAC3G,CAAC;gBACJ,CAAC;YACH,CAAC;YACD,MAAM,GAAG,CAAC;QACZ,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,0BAA0B;IAC1B,aAAa,CAAC,UAAU,EAAE,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;IAElE,kDAAkD;IAClD,IAAI,cAAkF,CAAC;IAEvF,IAAI,CAAC,OAAO,CAAC,KAAK,EAAE,CAAC;QACnB,oCAAoC;QACpC,MAAM,SAAS,GAAG,MAAM,SAAS,CAAC,cAAc,EAAE,gBAAgB,CAAC,CAAC;QAEpE,IAAI,CAAC,SAAS,EAAE,CAAC;YACf,OAAO,CAAC,kEAAkE,CAAC,CAAC;YAC5E,GAAG,CAAC,mEAAmE,CAAC,CAAC;QAC3E,CAAC;aAAM,CAAC;YACN,MAAM,MAAM,GAAG,eAAe,EAAE,CAAC;YACjC,MAAM,CAAC,YAAY,CAAC,SAAS,CAAC,CAAC;YAE/B,IAAI,CAAC;gBACH,MAAM,iBAAiB,GAAG,MAAM,WAAW,CACzC,uCAAuC,EACvC,KAAK,IAAI,EAAE;oBACT,+CAA+C;oBAC/C,OAAO,MAAM,2BAA2B,CAAC,MAAM,EAAE;wBAC/C,IAAI,EAAE,QAAQ,CAAC,IAAI;wBACnB,OAAO,EAAE,QAAQ,CAAC,OAAO,IAAI,OAAO;wBACpC,cAAc,EAAE,MAAM,CAAC,MAA4C;qBACpE,CAAC,CAAC;gBACL,CAAC,CACF,CAAC;gBAEF,cAAc,GAAG;oBACf,OAAO,EAAE,iBAAiB,CAAC,OAAO;oBAClC,aAAa,EAAE,iBAAiB,CAAC,aAAa;iBAC/C,CAAC;gBAEF,4EAA4E;gBAC5E,IAAI,CAAC,OAAO,CAAC,IAAI,IAAI,IAAI,CAAC,aAAa,EAAE,CAAC;oBACxC,MAAM,oBAAoB,CAAC,iBAAiB,CAAC,OAAO,EAAE,IAAI,CAAC,aAAa,CAAC,CAAC;gBAC5E,CAAC;YACH,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,OAAO,CAAC,0CAA0C,CAAC,CAAC;gBACpD,IAAI,GAAG,YAAY,KAAK,EAAE,CAAC;oBACzB,GAAG,CAAC,KAAK,GAAG,CAAC,OAAO,EAAE,CAAC,CAAC;gBAC1B,CAAC;gBACD,GAAG,CAAC,wDAAwD,CAAC,CAAC;gBAC9D,GAAG,CAAC,qCAAqC,CAAC,CAAC;YAC7C,CAAC;QACH,CAAC;IACH,CAAC;IAED,iBAAiB;IACjB,aAAa,CAAC,MAAM,CAAC,MAAM,EAAE,UAAU,EAAE,QAAQ,EAAE,OAAO,EAAE,cAAc,CAAC,CAAC;AAC9E,CAAC;AAED;;GAEG;AACH,KAAK,UAAU,WAAW,CACxB,OAAe,EACf,OAAoB,EACpB,GAAmB;IAEnB,iEAAiE;IACjE,MAAM,SAAS,GAAG,kBAAkB,CAAC,OAAO,CAAC,CAAC;IAE9C,IAAI,SAAS,EAAE,CAAC;QACd,iCAAiC;QACjC,MAAM,cAAc,CAAC,SAAS,EAAE,OAAO,EAAE,GAAG,CAAC,CAAC;IAChD,CAAC;SAAM,CAAC;QACN,kBAAkB;QAClB,MAAM,aAAa,CAAC,OAAO,EAAE,OAAO,EAAE,GAAG,CAAC,CAAC;IAC7C,CAAC;AACH,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,oBAAoB,CAAC,OAAgB;IACnD,OAAO;SACJ,OAAO,CAAC,MAAM,CAAC;SACf,WAAW,CAAC,kEAAkE,CAAC;SAC/E,QAAQ,CACP,QAAQ,EACR,6EAA6E,CAC9E;SACA,MAAM,CAAC,wBAAwB,EAAE,0CAA0C,CAAC;SAC5E,MAAM,CAAC,qBAAqB,EAAE,+CAA+C,CAAC;SAC9E,MAAM,CAAC,WAAW,EAAE,2CAA2C,CAAC;SAChE,MAAM,CAAC,SAAS,EAAE,wDAAwD,CAAC;SAC3E,MAAM,CAAC,eAAe,EAAE,sBAAsB,CAAC;SAC/C,MAAM,CAAC,QAAQ,EAAE,uBAAuB,CAAC;SACzC,MAAM,CAAC,KAAK,EAAE,OAAe,EAAE,OAAoB,EAAE,EAAE;QACtD,MAAM,GAAG,GAAmB;YAC1B,GAAG,EAAE,OAAO,CAAC,GAAG,EAAE;YAClB,OAAO;YACP,IAAI,EAAE,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC;YAC7B,aAAa,EAAE,OAAO,CAAC,MAAM,CAAC,KAAK,IAAI,KAAK;SAC7C,CAAC;QAEF,IAAI,CAAC;YACH,MAAM,WAAW,CAAC,OAAO,EAAE,OAAO,EAAE,GAAG,CAAC,CAAC;QAC3C,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,KAAK,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC;YACxB,IAAI,OAAO,CAAC,OAAO,IAAI,GAAG,YAAY,KAAK,IAAI,GAAG,CAAC,KAAK,EAAE,CAAC;gBACzD,GAAG,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;YACjB,CAAC;YACD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;IACH,CAAC,CAAC,CAAC;AACP,CAAC"}

package/dist/commands/trust/index.d.ts

@@ -0,0 +1,13 @@
+/**
+ * enact trust command
+ *
+ * Manage trusted identities for attestation verification.
+ * Uses a unified model: all trust is based on cryptographic attestations.
+ * Publishers who want their tools trusted should self-sign them.
+ */
+import type { Command } from "commander";
+/**
+ * Configure the trust command
+ */
+export declare function configureTrustCommand(program: Command): void;
+//# sourceMappingURL=index.d.ts.map

package/dist/commands/trust/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/commands/trust/index.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAoBH,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AA+VzC;;GAEG;AACH,wBAAgB,qBAAqB,CAAC,OAAO,EAAE,OAAO,GAAG,IAAI,CAwE5D"}