@getaegis/cli 0.8.0 → 0.9.0

package/dist/cli/validation.js

@@ -0,0 +1,104 @@
+/**
+ * CLI input validation helpers.
+ *
+ * Pure functions that validate user-provided CLI flags and exit with a
+ * descriptive error when the input is invalid.  Extracted from cli.ts so
+ * they can be unit-tested independently.
+ */
+// ─── Constants ───────────────────────────────────────────────────
+export const IDENTIFIER_RE = /^[a-zA-Z0-9_-]+$/;
+export const VALID_AUTH_TYPES = ['bearer', 'header', 'basic', 'query'];
+export const VALID_BODY_INSPECTION_MODES = ['off', 'warn', 'block'];
+export const VALID_POLICY_MODES = ['enforce', 'dry-run', 'off'];
+export const VALID_LOG_LEVELS = ['debug', 'info', 'warn', 'error'];
+export const VALID_MCP_TRANSPORTS = ['stdio', 'streamable-http'];
+// ─── Validators ──────────────────────────────────────────────────
+/** Validate an identifier (name, service, etc.) used as a DB key or URL path segment. */
+export function validateIdentifier(value, fieldName) {
+    if (!value || !IDENTIFIER_RE.test(value)) {
+        console.error(`\n✗ Invalid ${fieldName}: "${value}"\n  Must contain only letters, numbers, hyphens, and underscores.\n`);
+        process.exit(1);
+    }
+}
+/** Validate a value is one of the allowed enum values. */
+export function validateEnum(value, allowed, fieldName) {
+    if (!allowed.includes(value)) {
+        console.error(`\n✗ Invalid ${fieldName}: "${value}"\n  Must be one of: ${allowed.join(', ')}\n`);
+        process.exit(1);
+    }
+    return value;
+}
+/** Validate a port number (1–65535). */
+export function validatePort(value, fieldName) {
+    if (Number.isNaN(value) || !Number.isFinite(value) || value < 1 || value > 65535) {
+        console.error(`\n✗ Invalid ${fieldName}: must be a number between 1 and 65535.\n`);
+        process.exit(1);
+    }
+}
+/** Validate a positive integer. */
+export function validatePositiveInt(value, fieldName) {
+    if (Number.isNaN(value) || !Number.isFinite(value) || value < 1 || !Number.isInteger(value)) {
+        console.error(`\n✗ Invalid ${fieldName}: must be a positive integer.\n`);
+        process.exit(1);
+    }
+}
+/** Validate a non-negative float. */
+export function validateNonNegativeFloat(value, fieldName) {
+    if (Number.isNaN(value) || !Number.isFinite(value) || value < 0) {
+        console.error(`\n✗ Invalid ${fieldName}: must be a non-negative number.\n`);
+        process.exit(1);
+    }
+}
+/** Validate a rate limit string (e.g. 100/min) early, before storing. */
+export function validateRateLimit(value) {
+    // Re-uses the same regex from rate-limiter.ts
+    const match = value.match(/^(\d+)\/(sec(?:ond)?|min(?:ute)?|hr|hour|day)$/i);
+    if (!match) {
+        console.error(`\n✗ Invalid rate limit: "${value}"\n  Expected format: <number>/<unit> (e.g. 100/min, 1000/hour, 10/sec)\n`);
+        process.exit(1);
+    }
+    const count = parseInt(match[1], 10);
+    if (count <= 0) {
+        console.error(`\n✗ Invalid rate limit: count must be positive.\n`);
+        process.exit(1);
+    }
+}
+/** Validate a comma-separated domain list. */
+export function validateDomains(raw) {
+    const domains = raw
+        .split(',')
+        .map((d) => d.trim())
+        .filter((d) => d.length > 0);
+    if (domains.length === 0) {
+        console.error(`\n✗ At least one valid domain is required.\n`);
+        process.exit(1);
+    }
+    for (const domain of domains) {
+        // Allow wildcards like *.slack.com — basic sanity check
+        if (!/^[a-zA-Z0-9.*_-]+(\.[a-zA-Z0-9.*_-]+)*$/.test(domain)) {
+            console.error(`\n✗ Invalid domain: "${domain}"\n  Domains must be valid hostnames (e.g. api.slack.com, *.example.com)\n`);
+            process.exit(1);
+        }
+    }
+    return domains;
+}
+/** Validate an ISO date string. */
+export function validateIsoDate(value, fieldName) {
+    const d = new Date(value);
+    if (Number.isNaN(d.getTime())) {
+        console.error(`\n✗ Invalid ${fieldName}: "${value}"\n  Expected ISO 8601 format (e.g. 2026-01-01, 2026-01-01T00:00:00Z)\n`);
+        process.exit(1);
+    }
+}
+// ─── Formatting ──────────────────────────────────────────────────
+/**
+ * Convert a UTC timestamp from SQLite (e.g. "2026-03-09 00:31:38") to
+ * the user's local time string.  SQLite's datetime('now') stores UTC but
+ * omits the 'Z' suffix, so we append it before parsing so JavaScript's
+ * Date constructor treats it as UTC rather than local.
+ */
+export function localTime(utcTimestamp) {
+    const ts = utcTimestamp.endsWith('Z') ? utcTimestamp : `${utcTimestamp}Z`;
+    return new Date(ts).toLocaleString();
+}
+//# sourceMappingURL=validation.js.map

package/dist/cli/validation.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"validation.js","sourceRoot":"","sources":["../../src/cli/validation.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,oEAAoE;AAEpE,MAAM,CAAC,MAAM,aAAa,GAAG,kBAAkB,CAAC;AAEhD,MAAM,CAAC,MAAM,gBAAgB,GAAG,CAAC,QAAQ,EAAE,QAAQ,EAAE,OAAO,EAAE,OAAO,CAAU,CAAC;AAChF,MAAM,CAAC,MAAM,2BAA2B,GAAG,CAAC,KAAK,EAAE,MAAM,EAAE,OAAO,CAAU,CAAC;AAC7E,MAAM,CAAC,MAAM,kBAAkB,GAAG,CAAC,SAAS,EAAE,SAAS,EAAE,KAAK,CAAU,CAAC;AACzE,MAAM,CAAC,MAAM,gBAAgB,GAAG,CAAC,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,OAAO,CAAU,CAAC;AAC5E,MAAM,CAAC,MAAM,oBAAoB,GAAG,CAAC,OAAO,EAAE,iBAAiB,CAAU,CAAC;AAE1E,oEAAoE;AAEpE,yFAAyF;AACzF,MAAM,UAAU,kBAAkB,CAAC,KAAa,EAAE,SAAiB;IACjE,IAAI,CAAC,KAAK,IAAI,CAAC,aAAa,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;QACzC,OAAO,CAAC,KAAK,CACX,eAAe,SAAS,MAAM,KAAK,sEAAsE,CAC1G,CAAC;QACF,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;AACH,CAAC;AAED,0DAA0D;AAC1D,MAAM,UAAU,YAAY,CAC1B,KAAa,EACb,OAAqB,EACrB,SAAiB;IAEjB,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,KAAU,CAAC,EAAE,CAAC;QAClC,OAAO,CAAC,KAAK,CACX,eAAe,SAAS,MAAM,KAAK,wBAAwB,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAClF,CAAC;QACF,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IACD,OAAO,KAAU,CAAC;AACpB,CAAC;AAED,wCAAwC;AACxC,MAAM,UAAU,YAAY,CAAC,KAAa,EAAE,SAAiB;IAC3D,IAAI,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAC,IAAI,KAAK,GAAG,CAAC,IAAI,KAAK,GAAG,KAAK,EAAE,CAAC;QACjF,OAAO,CAAC,KAAK,CAAC,eAAe,SAAS,2CAA2C,CAAC,CAAC;QACnF,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;AACH,CAAC;AAED,mCAAmC;AACnC,MAAM,UAAU,mBAAmB,CAAC,KAAa,EAAE,SAAiB;IAClE,IAAI,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAC,IAAI,KAAK,GAAG,CAAC,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,KAAK,CAAC,EAAE,CAAC;QAC5F,OAAO,CAAC,KAAK,CAAC,eAAe,SAAS,iCAAiC,CAAC,CAAC;QACzE,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;AACH,CAAC;AAED,qCAAqC;AACrC,MAAM,UAAU,wBAAwB,CAAC,KAAa,EAAE,SAAiB;IACvE,IAAI,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAC,IAAI,KAAK,GAAG,CAAC,EAAE,CAAC;QAChE,OAAO,CAAC,KAAK,CAAC,eAAe,SAAS,oCAAoC,CAAC,CAAC;QAC5E,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;AACH,CAAC;AAED,yEAAyE;AACzE,MAAM,UAAU,iBAAiB,CAAC,KAAa;IAC7C,8CAA8C;IAC9C,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,iDAAiD,CAAC,CAAC;IAC7E,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,OAAO,CAAC,KAAK,CACX,4BAA4B,KAAK,2EAA2E,CAC7G,CAAC;QACF,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IACD,MAAM,KAAK,GAAG,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;IACrC,IAAI,KAAK,IAAI,CAAC,EAAE,CAAC;QACf,OAAO,CAAC,KAAK,CAAC,mDAAmD,CAAC,CAAC;QACnE,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;AACH,CAAC;AAED,8CAA8C;AAC9C,MAAM,UAAU,eAAe,CAAC,GAAW;IACzC,MAAM,OAAO,GAAG,GAAG;SAChB,KAAK,CAAC,GAAG,CAAC;SACV,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;SACpB,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;IAC/B,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACzB,OAAO,CAAC,KAAK,CAAC,8CAA8C,CAAC,CAAC;QAC9D,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IACD,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE,CAAC;QAC7B,wDAAwD;QACxD,IAAI,CAAC,yCAAyC,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC;YAC5D,OAAO,CAAC,KAAK,CACX,wBAAwB,MAAM,4EAA4E,CAC3G,CAAC;YACF,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;IACH,CAAC;IACD,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,mCAAmC;AACnC,MAAM,UAAU,eAAe,CAAC,KAAa,EAAE,SAAiB;IAC9D,MAAM,CAAC,GAAG,IAAI,IAAI,CAAC,KAAK,CAAC,CAAC;IAC1B,IAAI,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,OAAO,EAAE,CAAC,EAAE,CAAC;QAC9B,OAAO,CAAC,KAAK,CACX,eAAe,SAAS,MAAM,KAAK,yEAAyE,CAC7G,CAAC;QACF,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;AACH,CAAC;AAED,oEAAoE;AAEpE;;;;;GAKG;AACH,MAAM,UAAU,SAAS,CAAC,YAAoB;IAC5C,MAAM,EAAE,GAAG,YAAY,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,GAAG,YAAY,GAAG,CAAC;IAC1E,OAAO,IAAI,IAAI,CAAC,EAAE,CAAC,CAAC,cAAc,EAAE,CAAC;AACvC,CAAC"}

package/dist/cli.d.ts

@@ -0,0 +1,3 @@
+#!/usr/bin/env node
+export {};
+//# sourceMappingURL=cli.d.ts.map

package/dist/cli.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"cli.d.ts","sourceRoot":"","sources":["../src/cli.ts"],"names":[],"mappings":""}

package/dist/cli.js

@@ -0,0 +1,37 @@
+#!/usr/bin/env node
+import { Command } from 'commander';
+import { registerAgent, registerConfig, registerDashboard, registerDb, registerDoctor, registerGate, registerInit, registerKey, registerLedger, registerMcp, registerPolicy, registerUser, registerVault, registerVaultManager, registerWebhook, } from './cli/index.js';
+import { VERSION } from './version.js';
+const program = new Command();
+program
+    .name('aegis')
+    .description('Credential isolation for AI agents. Store, guard, and record.')
+    .version(VERSION);
+// Register all command groups
+registerVault(program);
+registerVaultManager(program);
+registerGate(program);
+registerAgent(program);
+registerPolicy(program);
+registerMcp(program);
+registerWebhook(program);
+registerLedger(program);
+registerUser(program);
+registerConfig(program);
+registerInit(program);
+registerKey(program);
+registerDoctor(program);
+registerDashboard(program);
+registerDb(program);
+// ── Global error handlers — catch unhandled errors and print clean messages ──
+process.on('uncaughtException', (err) => {
+    console.error(`\n✗ ${err.message}\n`);
+    process.exit(1);
+});
+process.on('unhandledRejection', (reason) => {
+    const message = reason instanceof Error ? reason.message : String(reason);
+    console.error(`\n✗ Unhandled async error: ${message}\n`);
+    process.exit(1);
+});
+program.parse();
+//# sourceMappingURL=cli.js.map

package/dist/cli.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"cli.js","sourceRoot":"","sources":["../src/cli.ts"],"names":[],"mappings":";AAEA,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AACpC,OAAO,EACL,aAAa,EACb,cAAc,EACd,iBAAiB,EACjB,UAAU,EACV,cAAc,EACd,YAAY,EACZ,YAAY,EACZ,WAAW,EACX,cAAc,EACd,WAAW,EACX,cAAc,EACd,YAAY,EACZ,aAAa,EACb,oBAAoB,EACpB,eAAe,GAChB,MAAM,gBAAgB,CAAC;AACxB,OAAO,EAAE,OAAO,EAAE,MAAM,cAAc,CAAC;AAEvC,MAAM,OAAO,GAAG,IAAI,OAAO,EAAE,CAAC;AAE9B,OAAO;KACJ,IAAI,CAAC,OAAO,CAAC;KACb,WAAW,CAAC,+DAA+D,CAAC;KAC5E,OAAO,CAAC,OAAO,CAAC,CAAC;AAEpB,8BAA8B;AAC9B,aAAa,CAAC,OAAO,CAAC,CAAC;AACvB,oBAAoB,CAAC,OAAO,CAAC,CAAC;AAC9B,YAAY,CAAC,OAAO,CAAC,CAAC;AACtB,aAAa,CAAC,OAAO,CAAC,CAAC;AACvB,cAAc,CAAC,OAAO,CAAC,CAAC;AACxB,WAAW,CAAC,OAAO,CAAC,CAAC;AACrB,eAAe,CAAC,OAAO,CAAC,CAAC;AACzB,cAAc,CAAC,OAAO,CAAC,CAAC;AACxB,YAAY,CAAC,OAAO,CAAC,CAAC;AACtB,cAAc,CAAC,OAAO,CAAC,CAAC;AACxB,YAAY,CAAC,OAAO,CAAC,CAAC;AACtB,WAAW,CAAC,OAAO,CAAC,CAAC;AACrB,cAAc,CAAC,OAAO,CAAC,CAAC;AACxB,iBAAiB,CAAC,OAAO,CAAC,CAAC;AAC3B,UAAU,CAAC,OAAO,CAAC,CAAC;AAEpB,gFAAgF;AAChF,OAAO,CAAC,EAAE,CAAC,mBAAmB,EAAE,CAAC,GAA8B,EAAE,EAAE;IACjE,OAAO,CAAC,KAAK,CAAC,OAAO,GAAG,CAAC,OAAO,IAAI,CAAC,CAAC;IACtC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AAClB,CAAC,CAAC,CAAC;AAEH,OAAO,CAAC,EAAE,CAAC,oBAAoB,EAAE,CAAC,MAAe,EAAE,EAAE;IACnD,MAAM,OAAO,GAAG,MAAM,YAAY,KAAK,CAAC,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;IAC1E,OAAO,CAAC,KAAK,CAAC,8BAA8B,OAAO,IAAI,CAAC,CAAC;IACzD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AAClB,CAAC,CAAC,CAAC;AAEH,OAAO,CAAC,KAAK,EAAE,CAAC"}

package/dist/config.d.ts

@@ -0,0 +1,120 @@
+/** Gate proxy configuration. */
+export interface GateConfig {
+    port: number;
+    tls?: {
+        cert: string;
+        key: string;
+    };
+    require_agent_auth: boolean;
+    policy_mode: 'enforce' | 'dry-run' | 'off';
+    policies_dir?: string;
+    /** Maximum request body size in bytes (default: 1048576 = 1 MB). Bodies exceeding this return 413. */
+    max_body_size: number;
+    /** Request timeout in milliseconds (default: 30000 = 30s). Prevents slowloris attacks. */
+    request_timeout: number;
+    /** Maximum concurrent in-flight requests per agent (default: 50). Prevents socket exhaustion. */
+    max_connections_per_agent: number;
+}
+/** Vault configuration. */
+export interface VaultConfig {
+    name: string;
+    data_dir: string;
+    master_key: string;
+}
+/** Observability configuration. */
+export interface ObservabilityConfig {
+    log_level: 'debug' | 'info' | 'warn' | 'error';
+    log_format: 'json' | 'pretty';
+    metrics: boolean;
+    dashboard?: {
+        enabled: boolean;
+        port: number;
+    };
+}
+/** MCP server configuration. */
+export interface McpConfig {
+    transport: 'stdio' | 'streamable-http';
+    port: number;
+}
+/** Webhook configuration (inline in config file). */
+export interface WebhookConfigEntry {
+    url: string;
+    secret?: string;
+    events: string[];
+}
+/** Complete aegis.config.yaml schema. */
+export interface AegisConfigFile {
+    gate?: Partial<GateConfig>;
+    vault?: Partial<VaultConfig>;
+    observability?: Partial<ObservabilityConfig>;
+    mcp?: Partial<McpConfig>;
+    webhooks?: WebhookConfigEntry[];
+}
+/** Resolved Aegis configuration — all fields have values. */
+export interface AegisConfig {
+    port: number;
+    masterKey: string;
+    salt: string;
+    dataDir: string;
+    logLevel: 'debug' | 'info' | 'warn' | 'error';
+    logFormat: 'json' | 'pretty';
+    vaultName: string;
+    tls?: {
+        cert: string;
+        key: string;
+    };
+    requireAgentAuth: boolean;
+    policyMode: 'enforce' | 'dry-run' | 'off';
+    policiesDir?: string;
+    metricsEnabled: boolean;
+    dashboard: {
+        enabled: boolean;
+        port: number;
+    };
+    mcp: {
+        transport: 'stdio' | 'streamable-http';
+        port: number;
+    };
+    webhooks: WebhookConfigEntry[];
+    /** Maximum request body size in bytes (default: 1 MB). */
+    maxBodySize: number;
+    /** Request timeout in milliseconds (default: 30s). */
+    requestTimeout: number;
+    /** Max concurrent in-flight requests per agent (default: 50). */
+    maxConnectionsPerAgent: number;
+    /** Path to the config file used, if any. */
+    configFilePath?: string;
+}
+/**
+ * Find the config file path, checking CWD first, then the CLI script's directory.
+ * The script directory fallback ensures MCP servers spawned by Claude Desktop /
+ * Cursor (which set cwd=/) can still find the config file next to the CLI.
+ * Returns absolute path or null if not found.
+ */
+export declare function findConfigFile(cwd?: string): string | null;
+/**
+ * Parse a YAML config file. Returns the parsed object.
+ * Throws on invalid YAML or file read errors.
+ */
+export declare function parseConfigFile(filePath: string): AegisConfigFile;
+export interface ConfigValidationError {
+    path: string;
+    message: string;
+}
+/**
+ * Validate a parsed config file. Returns an array of errors (empty = valid).
+ */
+export declare function validateConfigFile(config: AegisConfigFile): ConfigValidationError[];
+/**
+ * Load and resolve the full Aegis configuration.
+ *
+ * Resolution order (highest priority wins):
+ *   1. Environment variables (AEGIS_*)
+ *   2. Config file (aegis.config.yaml)
+ *   3. Built-in defaults
+ *
+ * The .env file is loaded into the environment variable layer.
+ * The master key has special handling: env → unseal key file → empty.
+ */
+export declare function getConfig(): AegisConfig;
+//# sourceMappingURL=config.d.ts.map

package/dist/config.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../src/config.ts"],"names":[],"mappings":"AAQA,gCAAgC;AAChC,MAAM,WAAW,UAAU;IACzB,IAAI,EAAE,MAAM,CAAC;IACb,GAAG,CAAC,EAAE;QACJ,IAAI,EAAE,MAAM,CAAC;QACb,GAAG,EAAE,MAAM,CAAC;KACb,CAAC;IACF,kBAAkB,EAAE,OAAO,CAAC;IAC5B,WAAW,EAAE,SAAS,GAAG,SAAS,GAAG,KAAK,CAAC;IAC3C,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,sGAAsG;IACtG,aAAa,EAAE,MAAM,CAAC;IACtB,0FAA0F;IAC1F,eAAe,EAAE,MAAM,CAAC;IACxB,iGAAiG;IACjG,yBAAyB,EAAE,MAAM,CAAC;CACnC;AAED,2BAA2B;AAC3B,MAAM,WAAW,WAAW;IAC1B,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,EAAE,MAAM,CAAC;IACjB,UAAU,EAAE,MAAM,CAAC;CACpB;AAED,mCAAmC;AACnC,MAAM,WAAW,mBAAmB;IAClC,SAAS,EAAE,OAAO,GAAG,MAAM,GAAG,MAAM,GAAG,OAAO,CAAC;IAC/C,UAAU,EAAE,MAAM,GAAG,QAAQ,CAAC;IAC9B,OAAO,EAAE,OAAO,CAAC;IACjB,SAAS,CAAC,EAAE;QACV,OAAO,EAAE,OAAO,CAAC;QACjB,IAAI,EAAE,MAAM,CAAC;KACd,CAAC;CACH;AAED,gCAAgC;AAChC,MAAM,WAAW,SAAS;IACxB,SAAS,EAAE,OAAO,GAAG,iBAAiB,CAAC;IACvC,IAAI,EAAE,MAAM,CAAC;CACd;AAED,qDAAqD;AACrD,MAAM,WAAW,kBAAkB;IACjC,GAAG,EAAE,MAAM,CAAC;IACZ,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,MAAM,EAAE,MAAM,EAAE,CAAC;CAClB;AAED,yCAAyC;AACzC,MAAM,WAAW,eAAe;IAC9B,IAAI,CAAC,EAAE,OAAO,CAAC,UAAU,CAAC,CAAC;IAC3B,KAAK,CAAC,EAAE,OAAO,CAAC,WAAW,CAAC,CAAC;IAC7B,aAAa,CAAC,EAAE,OAAO,CAAC,mBAAmB,CAAC,CAAC;IAC7C,GAAG,CAAC,EAAE,OAAO,CAAC,SAAS,CAAC,CAAC;IACzB,QAAQ,CAAC,EAAE,kBAAkB,EAAE,CAAC;CACjC;AAED,6DAA6D;AAC7D,MAAM,WAAW,WAAW;IAC1B,IAAI,EAAE,MAAM,CAAC;IACb,SAAS,EAAE,MAAM,CAAC;IAClB,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;IAChB,QAAQ,EAAE,OAAO,GAAG,MAAM,GAAG,MAAM,GAAG,OAAO,CAAC;IAC9C,SAAS,EAAE,MAAM,GAAG,QAAQ,CAAC;IAC7B,SAAS,EAAE,MAAM,CAAC;IAClB,GAAG,CAAC,EAAE;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,GAAG,EAAE,MAAM,CAAA;KAAE,CAAC;IACpC,gBAAgB,EAAE,OAAO,CAAC;IAC1B,UAAU,EAAE,SAAS,GAAG,SAAS,GAAG,KAAK,CAAC;IAC1C,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,cAAc,EAAE,OAAO,CAAC;IACxB,SAAS,EAAE;QAAE,OAAO,EAAE,OAAO,CAAC;QAAC,IAAI,EAAE,MAAM,CAAA;KAAE,CAAC;IAC9C,GAAG,EAAE;QAAE,SAAS,EAAE,OAAO,GAAG,iBAAiB,CAAC;QAAC,IAAI,EAAE,MAAM,CAAA;KAAE,CAAC;IAC9D,QAAQ,EAAE,kBAAkB,EAAE,CAAC;IAC/B,0DAA0D;IAC1D,WAAW,EAAE,MAAM,CAAC;IACpB,sDAAsD;IACtD,cAAc,EAAE,MAAM,CAAC;IACvB,iEAAiE;IACjE,sBAAsB,EAAE,MAAM,CAAC;IAC/B,4CAA4C;IAC5C,cAAc,CAAC,EAAE,MAAM,CAAC;CACzB;AA4BD;;;;;GAKG;AACH,wBAAgB,cAAc,CAAC,GAAG,CAAC,EAAE,MAAM,GAAG,MAAM,GAAG,IAAI,CAuB1D;AAED;;;GAGG;AACH,wBAAgB,eAAe,CAAC,QAAQ,EAAE,MAAM,GAAG,eAAe,CAQjE;AAID,MAAM,WAAW,qBAAqB;IACpC,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;CACjB;AAcD;;GAEG;AACH,wBAAgB,kBAAkB,CAAC,MAAM,EAAE,eAAe,GAAG,qBAAqB,EAAE,CAmMnF;AAoBD;;;;;;;;;;GAUG;AACH,wBAAgB,SAAS,IAAI,WAAW,CAyIvC"}