@google/gemini-cli-core 0.24.0-preview.3 → 0.25.0-preview.0

package/dist/src/policy/shell-safety.test.js

@@ -3,26 +3,98 @@
  * Copyright 2025 Google LLC
  * SPDX-License-Identifier: Apache-2.0
  */
-import { describe, it, expect, beforeEach } from 'vitest';
+import { describe, it, expect, beforeEach, vi } from 'vitest';
+// Mock shell-utils to avoid relying on tree-sitter WASM which is flaky in CI on Windows
+vi.mock('../utils/shell-utils.js', async (importOriginal) => {
+    const actual = await importOriginal();
+    // Static map of test commands to their expected subcommands
+    // This mirrors what the real parser would output for these specific strings
+    const commandMap = {
+        'git log': ['git log'],
+        'git log --oneline': ['git log --oneline'],
+        'git logout': ['git logout'],
+        'git log && rm -rf /': ['git log', 'rm -rf /'],
+        'git log; rm -rf /': ['git log', 'rm -rf /'],
+        'git log || rm -rf /': ['git log', 'rm -rf /'],
+        'git log &&& rm -rf /': [], // Simulates parse failure
+        'echo $(rm -rf /)': ['echo $(rm -rf /)', 'rm -rf /'],
+        'echo $(git log)': ['echo $(git log)', 'git log'],
+        'echo `rm -rf /`': ['echo `rm -rf /`', 'rm -rf /'],
+        'diff <(git log) <(rm -rf /)': [
+            'diff <(git log) <(rm -rf /)',
+            'git log',
+            'rm -rf /',
+        ],
+        'tee >(rm -rf /)': ['tee >(rm -rf /)', 'rm -rf /'],
+        'git log | rm -rf /': ['git log', 'rm -rf /'],
+        'git log --format=$(rm -rf /)': [
+            'git log --format=$(rm -rf /)',
+            'rm -rf /',
+        ],
+        'git log && echo $(git log | rm -rf /)': [
+            'git log',
+            'echo $(git log | rm -rf /)',
+            'git log',
+            'rm -rf /',
+        ],
+        'git log && echo $(git log)': ['git log', 'echo $(git log)', 'git log'],
+        'git log > /tmp/test': ['git log > /tmp/test'],
+        'git log @(Get-Process)': [], // Simulates parse failure (Bash parser vs PowerShell syntax)
+        'git commit -m "msg" && git push': ['git commit -m "msg"', 'git push'],
+        'git status && unknown_command': ['git status', 'unknown_command'],
+        'unknown_command_1 && another_unknown_command': [
+            'unknown_command_1',
+            'another_unknown_command',
+        ],
+        'known_ask_command_1 && known_ask_command_2': [
+            'known_ask_command_1',
+            'known_ask_command_2',
+        ],
+    };
+    return {
+        ...actual,
+        initializeShellParsers: vi.fn(),
+        splitCommands: (command) => {
+            if (Object.prototype.hasOwnProperty.call(commandMap, command)) {
+                return commandMap[command];
+            }
+            const known = commandMap[command];
+            if (known)
+                return known;
+            // Default fallback for unmatched simple cases in development, but explicit map is better
+            return [command];
+        },
+        hasRedirection: (command) => 
+        // Simple regex check sufficient for testing the policy engine's handling of the *result* of hasRedirection
+        /[><]/.test(command),
+    };
+});
 import { PolicyEngine } from './policy-engine.js';
 import { PolicyDecision, ApprovalMode } from './types.js';
+import { buildArgsPatterns } from './utils.js';
 describe('Shell Safety Policy', () => {
     let policyEngine;
-    beforeEach(() => {
-        policyEngine = new PolicyEngine({
+    // Helper to create a policy engine with a simple command prefix rule
+    function createPolicyEngineWithPrefix(prefix) {
+        const argsPatterns = buildArgsPatterns(undefined, prefix, undefined);
+        // Since buildArgsPatterns returns array of patterns (strings), we pick the first one
+        // and compile it.
+        const argsPattern = new RegExp(argsPatterns[0]);
+        return new PolicyEngine({
             rules: [
                 {
                     toolName: 'run_shell_command',
-                    // Mimic the regex generated by toml-loader for commandPrefix = ["git log"]
-                    // Regex: "command":"git log(?:[\s"]|$)
-                    argsPattern: /"command":"git log(?:[\s"]|$)/,
+                    argsPattern,
                     decision: PolicyDecision.ALLOW,
-                    priority: 1.01, // Higher priority than default
+                    priority: 1.01,
                 },
             ],
             defaultDecision: PolicyDecision.ASK_USER,
             approvalMode: ApprovalMode.DEFAULT,
         });
+    }
+    beforeEach(() => {
+        policyEngine = createPolicyEngineWithPrefix('git log');
     });
     it('SHOULD match "git log" exactly', async () => {
         const toolCall = {
@@ -61,15 +133,306 @@ describe('Shell Safety Policy', () => {
         const result = await policyEngine.check(toolCall, undefined);
         expect(result.decision).toBe(PolicyDecision.ASK_USER);
     });
+    it('SHOULD NOT allow "git log; rm -rf /" (semicolon separator)', async () => {
+        const toolCall = {
+            name: 'run_shell_command',
+            args: { command: 'git log; rm -rf /' },
+        };
+        const result = await policyEngine.check(toolCall, undefined);
+        expect(result.decision).toBe(PolicyDecision.ASK_USER);
+    });
+    it('SHOULD NOT allow "git log || rm -rf /" (OR separator)', async () => {
+        const toolCall = {
+            name: 'run_shell_command',
+            args: { command: 'git log || rm -rf /' },
+        };
+        const result = await policyEngine.check(toolCall, undefined);
+        expect(result.decision).toBe(PolicyDecision.ASK_USER);
+    });
     it('SHOULD NOT allow "git log &&& rm -rf /" when prefix is "git log" (parse failure)', async () => {
         const toolCall = {
             name: 'run_shell_command',
             args: { command: 'git log &&& rm -rf /' },
         };
         // Desired behavior: Should fail safe (ASK_USER or DENY) because parsing failed.
-        // If we let it pass as "single command" that matches prefix, it's dangerous.
         const result = await policyEngine.check(toolCall, undefined);
         expect(result.decision).toBe(PolicyDecision.ASK_USER);
     });
+    it('SHOULD NOT allow command substitution $(rm -rf /)', async () => {
+        const toolCall = {
+            name: 'run_shell_command',
+            args: { command: 'echo $(rm -rf /)' },
+        };
+        // `splitCommands` recursively finds nested commands (e.g., `rm` inside `echo $()`).
+        // The policy engine requires ALL extracted commands to be allowed.
+        // Since `rm` does not match the allowed prefix, this should result in ASK_USER.
+        const echoPolicy = createPolicyEngineWithPrefix('echo');
+        const result = await echoPolicy.check(toolCall, undefined);
+        expect(result.decision).toBe(PolicyDecision.ASK_USER);
+    });
+    it('SHOULD allow command substitution if inner command is ALSO allowed', async () => {
+        // Both `echo` and `git` allowed.
+        const argsPatternsEcho = buildArgsPatterns(undefined, 'echo', undefined);
+        const argsPatternsGit = buildArgsPatterns(undefined, 'git', undefined); // Allow all git
+        const policyEngineWithBoth = new PolicyEngine({
+            rules: [
+                {
+                    toolName: 'run_shell_command',
+                    argsPattern: new RegExp(argsPatternsEcho[0]),
+                    decision: PolicyDecision.ALLOW,
+                    priority: 2,
+                },
+                {
+                    toolName: 'run_shell_command',
+                    argsPattern: new RegExp(argsPatternsGit[0]),
+                    decision: PolicyDecision.ALLOW,
+                    priority: 2,
+                },
+            ],
+            defaultDecision: PolicyDecision.ASK_USER,
+        });
+        const toolCall = {
+            name: 'run_shell_command',
+            args: { command: 'echo $(git log)' },
+        };
+        const result = await policyEngineWithBoth.check(toolCall, undefined);
+        expect(result.decision).toBe(PolicyDecision.ALLOW);
+    });
+    it('SHOULD NOT allow command substitution with backticks `rm -rf /`', async () => {
+        const toolCall = {
+            name: 'run_shell_command',
+            args: { command: 'echo `rm -rf /`' },
+        };
+        const result = await policyEngine.check(toolCall, undefined);
+        expect(result.decision).toBe(PolicyDecision.ASK_USER);
+    });
+    it('SHOULD NOT allow process substitution <(rm -rf /)', async () => {
+        const toolCall = {
+            name: 'run_shell_command',
+            args: { command: 'diff <(git log) <(rm -rf /)' },
+        };
+        const result = await policyEngine.check(toolCall, undefined);
+        expect(result.decision).toBe(PolicyDecision.ASK_USER);
+    });
+    it('SHOULD NOT allow process substitution >(rm -rf /)', async () => {
+        // Note: >(...) is output substitution, but syntax is similar.
+        const toolCall = {
+            name: 'run_shell_command',
+            args: { command: 'tee >(rm -rf /)' },
+        };
+        const result = await policyEngine.check(toolCall, undefined);
+        expect(result.decision).toBe(PolicyDecision.ASK_USER);
+    });
+    it('SHOULD NOT allow piped commands "git log | rm -rf /"', async () => {
+        const toolCall = {
+            name: 'run_shell_command',
+            args: { command: 'git log | rm -rf /' },
+        };
+        const result = await policyEngine.check(toolCall, undefined);
+        expect(result.decision).toBe(PolicyDecision.ASK_USER);
+    });
+    it('SHOULD NOT allow argument injection via --arg=$(rm -rf /)', async () => {
+        const toolCall = {
+            name: 'run_shell_command',
+            args: { command: 'git log --format=$(rm -rf /)' },
+        };
+        const result = await policyEngine.check(toolCall, undefined);
+        expect(result.decision).toBe(PolicyDecision.ASK_USER);
+    });
+    it('SHOULD NOT allow complex nested commands "git log && echo $(git log | rm -rf /)"', async () => {
+        const toolCall = {
+            name: 'run_shell_command',
+            args: { command: 'git log && echo $(git log | rm -rf /)' },
+        };
+        const result = await policyEngine.check(toolCall, undefined);
+        expect(result.decision).toBe(PolicyDecision.ASK_USER);
+    });
+    it('SHOULD allow complex allowed commands "git log && echo $(git log)"', async () => {
+        // Both `echo` and `git` allowed.
+        const argsPatternsEcho = buildArgsPatterns(undefined, 'echo', undefined);
+        const argsPatternsGit = buildArgsPatterns(undefined, 'git', undefined);
+        const policyEngineWithBoth = new PolicyEngine({
+            rules: [
+                {
+                    toolName: 'run_shell_command',
+                    argsPattern: new RegExp(argsPatternsEcho[0]),
+                    decision: PolicyDecision.ALLOW,
+                    priority: 2,
+                },
+                {
+                    toolName: 'run_shell_command',
+                    // Matches "git" at start of *subcommand*
+                    argsPattern: new RegExp(argsPatternsGit[0]),
+                    decision: PolicyDecision.ALLOW,
+                    priority: 2,
+                },
+            ],
+            defaultDecision: PolicyDecision.ASK_USER,
+        });
+        const toolCall = {
+            name: 'run_shell_command',
+            args: { command: 'git log && echo $(git log)' },
+        };
+        const result = await policyEngineWithBoth.check(toolCall, undefined);
+        expect(result.decision).toBe(PolicyDecision.ALLOW);
+    });
+    it('SHOULD NOT allow generic redirection > /tmp/test', async () => {
+        // Current logic downgrades ALLOW to ASK_USER for redirections if redirection is not explicitly allowed.
+        const toolCall = {
+            name: 'run_shell_command',
+            args: { command: 'git log > /tmp/test' },
+        };
+        const result = await policyEngine.check(toolCall, undefined);
+        expect(result.decision).toBe(PolicyDecision.ASK_USER);
+    });
+    it('SHOULD allow generic redirection > /tmp/test if allowRedirection is true', async () => {
+        // If PolicyRule has allowRedirection: true, it should stay ALLOW
+        const argsPatternsGitLog = buildArgsPatterns(undefined, 'git log', undefined);
+        const policyWithRedirection = new PolicyEngine({
+            rules: [
+                {
+                    toolName: 'run_shell_command',
+                    argsPattern: new RegExp(argsPatternsGitLog[0]),
+                    decision: PolicyDecision.ALLOW,
+                    priority: 2,
+                    allowRedirection: true,
+                },
+            ],
+            defaultDecision: PolicyDecision.ASK_USER,
+        });
+        const toolCall = {
+            name: 'run_shell_command',
+            args: { command: 'git log > /tmp/test' },
+        };
+        const result = await policyWithRedirection.check(toolCall, undefined);
+        expect(result.decision).toBe(PolicyDecision.ALLOW);
+    });
+    it('SHOULD NOT allow PowerShell @(...) usage if it implies code execution', async () => {
+        // Bash parser fails on PowerShell syntax @(...) (returns empty subcommands).
+        // The policy engine correctly identifies this as unparseable and falls back to ASK_USER.
+        const toolCall = {
+            name: 'run_shell_command',
+            args: { command: 'git log @(Get-Process)' },
+        };
+        const result = await policyEngine.check(toolCall, undefined);
+        expect(result.decision).toBe(PolicyDecision.ASK_USER);
+    });
+    it('SHOULD match DENY rule even if nested/chained with unknown command', async () => {
+        // Scenario:
+        // git commit -m "..." (Unknown/No Rule -> ASK_USER)
+        // git push (DENY -> DENY)
+        // Overall should be DENY.
+        const argsPatternsPush = buildArgsPatterns(undefined, 'git push', undefined);
+        const denyPushPolicy = new PolicyEngine({
+            rules: [
+                {
+                    toolName: 'run_shell_command',
+                    argsPattern: new RegExp(argsPatternsPush[0]),
+                    decision: PolicyDecision.DENY,
+                    priority: 2,
+                },
+            ],
+            defaultDecision: PolicyDecision.ASK_USER,
+        });
+        const toolCall = {
+            name: 'run_shell_command',
+            args: { command: 'git commit -m "msg" && git push' },
+        };
+        const result = await denyPushPolicy.check(toolCall, undefined);
+        expect(result.decision).toBe(PolicyDecision.DENY);
+    });
+    it('SHOULD aggregate ALLOW + ASK_USER to ASK_USER and blame the ASK_USER part', async () => {
+        // Scenario:
+        // `git status` (ALLOW) && `unknown_command` (ASK_USER by default)
+        // Expected: ASK_USER, and the matched rule should be related to the unknown_command
+        const argsPatternsGitStatus = buildArgsPatterns(undefined, 'git status', undefined);
+        const policyEngine = new PolicyEngine({
+            rules: [
+                {
+                    toolName: 'run_shell_command',
+                    argsPattern: new RegExp(argsPatternsGitStatus[0]),
+                    decision: PolicyDecision.ALLOW,
+                    priority: 2,
+                    name: 'allow_git_status_rule', // Give a name to easily identify
+                },
+            ],
+            defaultDecision: PolicyDecision.ASK_USER,
+        });
+        const toolCall = {
+            name: 'run_shell_command',
+            args: { command: 'git status && unknown_command' },
+        };
+        const result = await policyEngine.check(toolCall, undefined);
+        expect(result.decision).toBe(PolicyDecision.ASK_USER);
+        // Expect the matched rule to be null/undefined since it's the default decision for 'unknown_command'
+        // or the rule that led to the ASK_USER decision. In this case, it should be the rule for 'unknown_command', which is the default decision.
+        // The policy engine's `matchedRule` will be the rule that caused the final decision.
+        // If it's a default ASK_USER, then `result.rule` should be undefined.
+        expect(result.rule).toBeUndefined();
+    });
+    it('SHOULD aggregate ASK_USER (default) + ASK_USER (rule) to ASK_USER and blame the specific ASK_USER rule', async () => {
+        // Scenario:
+        // `unknown_command_1` (ASK_USER by default) && `another_unknown_command` (ASK_USER by explicit rule)
+        // Expected: ASK_USER, and the matched rule should be the explicit ASK_USER rule
+        const argsPatternsAnotherUnknown = buildArgsPatterns(undefined, 'another_unknown_command', undefined);
+        const policyEngine = new PolicyEngine({
+            rules: [
+                {
+                    toolName: 'run_shell_command',
+                    argsPattern: new RegExp(argsPatternsAnotherUnknown[0]),
+                    decision: PolicyDecision.ASK_USER,
+                    priority: 2,
+                    name: 'ask_another_unknown_command_rule',
+                },
+            ],
+            defaultDecision: PolicyDecision.ASK_USER,
+        });
+        const toolCall = {
+            name: 'run_shell_command',
+            args: { command: 'unknown_command_1 && another_unknown_command' },
+        };
+        const result = await policyEngine.check(toolCall, undefined);
+        expect(result.decision).toBe(PolicyDecision.ASK_USER);
+        // The first command triggers default ASK_USER (undefined rule).
+        // The second triggers explicit ASK_USER rule.
+        // We attribute to the first cause => undefined.
+        expect(result.rule).toBeUndefined();
+    });
+    it('SHOULD aggregate ASK_USER (rule) + ASK_USER (rule) to ASK_USER and blame the first specific ASK_USER rule in subcommands', async () => {
+        // Scenario:
+        // `known_ask_command_1` (ASK_USER by explicit rule 1) && `known_ask_command_2` (ASK_USER by explicit rule 2)
+        // Expected: ASK_USER, and the matched rule should be explicit ASK_USER rule 1.
+        // The current implementation prioritizes the rule that changes the decision to ASK_USER, if any.
+        // If multiple rules lead to ASK_USER, it takes the first one.
+        const argsPatternsAsk1 = buildArgsPatterns(undefined, 'known_ask_command_1', undefined);
+        const argsPatternsAsk2 = buildArgsPatterns(undefined, 'known_ask_command_2', undefined);
+        const policyEngine = new PolicyEngine({
+            rules: [
+                {
+                    toolName: 'run_shell_command',
+                    argsPattern: new RegExp(argsPatternsAsk1[0]),
+                    decision: PolicyDecision.ASK_USER,
+                    priority: 2,
+                    name: 'ask_rule_1',
+                },
+                {
+                    toolName: 'run_shell_command',
+                    argsPattern: new RegExp(argsPatternsAsk2[0]),
+                    decision: PolicyDecision.ASK_USER,
+                    priority: 2,
+                    name: 'ask_rule_2',
+                },
+            ],
+            defaultDecision: PolicyDecision.ALLOW, // Set default to ALLOW to ensure rules are hit
+        });
+        const toolCall = {
+            name: 'run_shell_command',
+            args: { command: 'known_ask_command_1 && known_ask_command_2' },
+        };
+        const result = await policyEngine.check(toolCall, undefined);
+        expect(result.decision).toBe(PolicyDecision.ASK_USER);
+        // Expect the rule that first caused ASK_USER to be blamed
+        expect(result.rule?.name).toBe('ask_rule_1');
+    });
 });
 //# sourceMappingURL=shell-safety.test.js.map

package/dist/src/policy/shell-safety.test.js.map

@@ -1 +1 @@
-{"version":3,"file":"shell-safety.test.js","sourceRoot":"","sources":["../../../src/policy/shell-safety.test.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,QAAQ,CAAC;AAC1D,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAClD,OAAO,EAAE,cAAc,EAAE,YAAY,EAAE,MAAM,YAAY,CAAC;AAG1D,QAAQ,CAAC,qBAAqB,EAAE,GAAG,EAAE;IACnC,IAAI,YAA0B,CAAC;IAE/B,UAAU,CAAC,GAAG,EAAE;QACd,YAAY,GAAG,IAAI,YAAY,CAAC;YAC9B,KAAK,EAAE;gBACL;oBACE,QAAQ,EAAE,mBAAmB;oBAC7B,2EAA2E;oBAC3E,uCAAuC;oBACvC,WAAW,EAAE,+BAA+B;oBAC5C,QAAQ,EAAE,cAAc,CAAC,KAAK;oBAC9B,QAAQ,EAAE,IAAI,EAAE,+BAA+B;iBAChD;aACF;YACD,eAAe,EAAE,cAAc,CAAC,QAAQ;YACxC,YAAY,EAAE,YAAY,CAAC,OAAO;SACnC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,gCAAgC,EAAE,KAAK,IAAI,EAAE;QAC9C,MAAM,QAAQ,GAAiB;YAC7B,IAAI,EAAE,mBAAmB;YACzB,IAAI,EAAE,EAAE,OAAO,EAAE,SAAS,EAAE;SAC7B,CAAC;QACF,MAAM,MAAM,GAAG,MAAM,YAAY,CAAC,KAAK,CAAC,QAAQ,EAAE,SAAS,CAAC,CAAC;QAC7D,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,cAAc,CAAC,KAAK,CAAC,CAAC;IACrD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,uCAAuC,EAAE,KAAK,IAAI,EAAE;QACrD,MAAM,QAAQ,GAAiB;YAC7B,IAAI,EAAE,mBAAmB;YACzB,IAAI,EAAE,EAAE,OAAO,EAAE,mBAAmB,EAAE;SACvC,CAAC;QACF,MAAM,MAAM,GAAG,MAAM,YAAY,CAAC,KAAK,CAAC,QAAQ,EAAE,SAAS,CAAC,CAAC;QAC7D,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,cAAc,CAAC,KAAK,CAAC,CAAC;IACrD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,+EAA+E,EAAE,KAAK,IAAI,EAAE;QAC7F,MAAM,QAAQ,GAAiB;YAC7B,IAAI,EAAE,mBAAmB;YACzB,IAAI,EAAE,EAAE,OAAO,EAAE,YAAY,EAAE;SAChC,CAAC;QAEF,uDAAuD;QACvD,2EAA2E;QAC3E,MAAM,MAAM,GAAG,MAAM,YAAY,CAAC,KAAK,CAAC,QAAQ,EAAE,SAAS,CAAC,CAAC;QAC7D,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,cAAc,CAAC,QAAQ,CAAC,CAAC;IACxD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,sGAAsG,EAAE,KAAK,IAAI,EAAE;QACpH,MAAM,QAAQ,GAAiB;YAC7B,IAAI,EAAE,mBAAmB;YACzB,IAAI,EAAE,EAAE,OAAO,EAAE,qBAAqB,EAAE;SACzC,CAAC;QAEF,yEAAyE;QACzE,qEAAqE;QACrE,gCAAgC;QAChC,MAAM,MAAM,GAAG,MAAM,YAAY,CAAC,KAAK,CAAC,QAAQ,EAAE,SAAS,CAAC,CAAC;QAC7D,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,cAAc,CAAC,QAAQ,CAAC,CAAC;IACxD,CAAC,CAAC,CAAC;IACH,EAAE,CAAC,kFAAkF,EAAE,KAAK,IAAI,EAAE;QAChG,MAAM,QAAQ,GAAiB;YAC7B,IAAI,EAAE,mBAAmB;YACzB,IAAI,EAAE,EAAE,OAAO,EAAE,sBAAsB,EAAE;SAC1C,CAAC;QAEF,gFAAgF;QAChF,6EAA6E;QAC7E,MAAM,MAAM,GAAG,MAAM,YAAY,CAAC,KAAK,CAAC,QAAQ,EAAE,SAAS,CAAC,CAAC;QAC7D,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,cAAc,CAAC,QAAQ,CAAC,CAAC;IACxD,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}
+{"version":3,"file":"shell-safety.test.js","sourceRoot":"","sources":["../../../src/policy/shell-safety.test.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,MAAM,EAAE,UAAU,EAAE,EAAE,EAAE,MAAM,QAAQ,CAAC;AAE9D,wFAAwF;AACxF,EAAE,CAAC,IAAI,CAAC,yBAAyB,EAAE,KAAK,EAAE,cAAc,EAAE,EAAE;IAC1D,MAAM,MAAM,GACV,MAAM,cAAc,EAA4C,CAAC;IAEnE,4DAA4D;IAC5D,4EAA4E;IAC5E,MAAM,UAAU,GAA6B;QAC3C,SAAS,EAAE,CAAC,SAAS,CAAC;QACtB,mBAAmB,EAAE,CAAC,mBAAmB,CAAC;QAC1C,YAAY,EAAE,CAAC,YAAY,CAAC;QAC5B,qBAAqB,EAAE,CAAC,SAAS,EAAE,UAAU,CAAC;QAC9C,mBAAmB,EAAE,CAAC,SAAS,EAAE,UAAU,CAAC;QAC5C,qBAAqB,EAAE,CAAC,SAAS,EAAE,UAAU,CAAC;QAC9C,sBAAsB,EAAE,EAAE,EAAE,0BAA0B;QACtD,kBAAkB,EAAE,CAAC,kBAAkB,EAAE,UAAU,CAAC;QACpD,iBAAiB,EAAE,CAAC,iBAAiB,EAAE,SAAS,CAAC;QACjD,iBAAiB,EAAE,CAAC,iBAAiB,EAAE,UAAU,CAAC;QAClD,6BAA6B,EAAE;YAC7B,6BAA6B;YAC7B,SAAS;YACT,UAAU;SACX;QACD,iBAAiB,EAAE,CAAC,iBAAiB,EAAE,UAAU,CAAC;QAClD,oBAAoB,EAAE,CAAC,SAAS,EAAE,UAAU,CAAC;QAC7C,8BAA8B,EAAE;YAC9B,8BAA8B;YAC9B,UAAU;SACX;QACD,uCAAuC,EAAE;YACvC,SAAS;YACT,4BAA4B;YAC5B,SAAS;YACT,UAAU;SACX;QACD,4BAA4B,EAAE,CAAC,SAAS,EAAE,iBAAiB,EAAE,SAAS,CAAC;QACvE,qBAAqB,EAAE,CAAC,qBAAqB,CAAC;QAC9C,wBAAwB,EAAE,EAAE,EAAE,6DAA6D;QAC3F,iCAAiC,EAAE,CAAC,qBAAqB,EAAE,UAAU,CAAC;QACtE,+BAA+B,EAAE,CAAC,YAAY,EAAE,iBAAiB,CAAC;QAClE,8CAA8C,EAAE;YAC9C,mBAAmB;YACnB,yBAAyB;SAC1B;QACD,4CAA4C,EAAE;YAC5C,qBAAqB;YACrB,qBAAqB;SACtB;KACF,CAAC;IAEF,OAAO;QACL,GAAG,MAAM;QACT,sBAAsB,EAAE,EAAE,CAAC,EAAE,EAAE;QAC/B,aAAa,EAAE,CAAC,OAAe,EAAE,EAAE;YACjC,IAAI,MAAM,CAAC,SAAS,CAAC,cAAc,CAAC,IAAI,CAAC,UAAU,EAAE,OAAO,CAAC,EAAE,CAAC;gBAC9D,OAAO,UAAU,CAAC,OAAO,CAAC,CAAC;YAC7B,CAAC;YACD,MAAM,KAAK,GAAG,UAAU,CAAC,OAAO,CAAC,CAAC;YAClC,IAAI,KAAK;gBAAE,OAAO,KAAK,CAAC;YACxB,yFAAyF;YACzF,OAAO,CAAC,OAAO,CAAC,CAAC;QACnB,CAAC;QACD,cAAc,EAAE,CAAC,OAAe,EAAE,EAAE;QAClC,2GAA2G;QAC3G,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC;KACvB,CAAC;AACJ,CAAC,CAAC,CAAC;AAEH,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAClD,OAAO,EAAE,cAAc,EAAE,YAAY,EAAE,MAAM,YAAY,CAAC;AAE1D,OAAO,EAAE,iBAAiB,EAAE,MAAM,YAAY,CAAC;AAE/C,QAAQ,CAAC,qBAAqB,EAAE,GAAG,EAAE;IACnC,IAAI,YAA0B,CAAC;IAE/B,qEAAqE;IACrE,SAAS,4BAA4B,CAAC,MAAc;QAClD,MAAM,YAAY,GAAG,iBAAiB,CAAC,SAAS,EAAE,MAAM,EAAE,SAAS,CAAC,CAAC;QACrE,qFAAqF;QACrF,kBAAkB;QAClB,MAAM,WAAW,GAAG,IAAI,MAAM,CAAC,YAAY,CAAC,CAAC,CAAE,CAAC,CAAC;QAEjD,OAAO,IAAI,YAAY,CAAC;YACtB,KAAK,EAAE;gBACL;oBACE,QAAQ,EAAE,mBAAmB;oBAC7B,WAAW;oBACX,QAAQ,EAAE,cAAc,CAAC,KAAK;oBAC9B,QAAQ,EAAE,IAAI;iBACf;aACF;YACD,eAAe,EAAE,cAAc,CAAC,QAAQ;YACxC,YAAY,EAAE,YAAY,CAAC,OAAO;SACnC,CAAC,CAAC;IACL,CAAC;IAED,UAAU,CAAC,GAAG,EAAE;QACd,YAAY,GAAG,4BAA4B,CAAC,SAAS,CAAC,CAAC;IACzD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,gCAAgC,EAAE,KAAK,IAAI,EAAE;QAC9C,MAAM,QAAQ,GAAiB;YAC7B,IAAI,EAAE,mBAAmB;YACzB,IAAI,EAAE,EAAE,OAAO,EAAE,SAAS,EAAE;SAC7B,CAAC;QACF,MAAM,MAAM,GAAG,MAAM,YAAY,CAAC,KAAK,CAAC,QAAQ,EAAE,SAAS,CAAC,CAAC;QAC7D,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,cAAc,CAAC,KAAK,CAAC,CAAC;IACrD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,uCAAuC,EAAE,KAAK,IAAI,EAAE;QACrD,MAAM,QAAQ,GAAiB;YAC7B,IAAI,EAAE,mBAAmB;YACzB,IAAI,EAAE,EAAE,OAAO,EAAE,mBAAmB,EAAE;SACvC,CAAC;QACF,MAAM,MAAM,GAAG,MAAM,YAAY,CAAC,KAAK,CAAC,QAAQ,EAAE,SAAS,CAAC,CAAC;QAC7D,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,cAAc,CAAC,KAAK,CAAC,CAAC;IACrD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,+EAA+E,EAAE,KAAK,IAAI,EAAE;QAC7F,MAAM,QAAQ,GAAiB;YAC7B,IAAI,EAAE,mBAAmB;YACzB,IAAI,EAAE,EAAE,OAAO,EAAE,YAAY,EAAE;SAChC,CAAC;QAEF,uDAAuD;QACvD,2EAA2E;QAC3E,MAAM,MAAM,GAAG,MAAM,YAAY,CAAC,KAAK,CAAC,QAAQ,EAAE,SAAS,CAAC,CAAC;QAC7D,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,cAAc,CAAC,QAAQ,CAAC,CAAC;IACxD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,sGAAsG,EAAE,KAAK,IAAI,EAAE;QACpH,MAAM,QAAQ,GAAiB;YAC7B,IAAI,EAAE,mBAAmB;YACzB,IAAI,EAAE,EAAE,OAAO,EAAE,qBAAqB,EAAE;SACzC,CAAC;QAEF,yEAAyE;QACzE,qEAAqE;QACrE,gCAAgC;QAChC,MAAM,MAAM,GAAG,MAAM,YAAY,CAAC,KAAK,CAAC,QAAQ,EAAE,SAAS,CAAC,CAAC;QAC7D,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,cAAc,CAAC,QAAQ,CAAC,CAAC;IACxD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,4DAA4D,EAAE,KAAK,IAAI,EAAE;QAC1E,MAAM,QAAQ,GAAiB;YAC7B,IAAI,EAAE,mBAAmB;YACzB,IAAI,EAAE,EAAE,OAAO,EAAE,mBAAmB,EAAE;SACvC,CAAC;QACF,MAAM,MAAM,GAAG,MAAM,YAAY,CAAC,KAAK,CAAC,QAAQ,EAAE,SAAS,CAAC,CAAC;QAC7D,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,cAAc,CAAC,QAAQ,CAAC,CAAC;IACxD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,uDAAuD,EAAE,KAAK,IAAI,EAAE;QACrE,MAAM,QAAQ,GAAiB;YAC7B,IAAI,EAAE,mBAAmB;YACzB,IAAI,EAAE,EAAE,OAAO,EAAE,qBAAqB,EAAE;SACzC,CAAC;QACF,MAAM,MAAM,GAAG,MAAM,YAAY,CAAC,KAAK,CAAC,QAAQ,EAAE,SAAS,CAAC,CAAC;QAC7D,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,cAAc,CAAC,QAAQ,CAAC,CAAC;IACxD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,kFAAkF,EAAE,KAAK,IAAI,EAAE;QAChG,MAAM,QAAQ,GAAiB;YAC7B,IAAI,EAAE,mBAAmB;YACzB,IAAI,EAAE,EAAE,OAAO,EAAE,sBAAsB,EAAE;SAC1C,CAAC;QAEF,gFAAgF;QAChF,MAAM,MAAM,GAAG,MAAM,YAAY,CAAC,KAAK,CAAC,QAAQ,EAAE,SAAS,CAAC,CAAC;QAC7D,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,cAAc,CAAC,QAAQ,CAAC,CAAC;IACxD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,mDAAmD,EAAE,KAAK,IAAI,EAAE;QACjE,MAAM,QAAQ,GAAiB;YAC7B,IAAI,EAAE,mBAAmB;YACzB,IAAI,EAAE,EAAE,OAAO,EAAE,kBAAkB,EAAE;SACtC,CAAC;QACF,oFAAoF;QACpF,mEAAmE;QACnE,gFAAgF;QAChF,MAAM,UAAU,GAAG,4BAA4B,CAAC,MAAM,CAAC,CAAC;QACxD,MAAM,MAAM,GAAG,MAAM,UAAU,CAAC,KAAK,CAAC,QAAQ,EAAE,SAAS,CAAC,CAAC;QAC3D,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,cAAc,CAAC,QAAQ,CAAC,CAAC;IACxD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,oEAAoE,EAAE,KAAK,IAAI,EAAE;QAClF,iCAAiC;QACjC,MAAM,gBAAgB,GAAG,iBAAiB,CAAC,SAAS,EAAE,MAAM,EAAE,SAAS,CAAC,CAAC;QACzE,MAAM,eAAe,GAAG,iBAAiB,CAAC,SAAS,EAAE,KAAK,EAAE,SAAS,CAAC,CAAC,CAAC,gBAAgB;QAExF,MAAM,oBAAoB,GAAG,IAAI,YAAY,CAAC;YAC5C,KAAK,EAAE;gBACL;oBACE,QAAQ,EAAE,mBAAmB;oBAC7B,WAAW,EAAE,IAAI,MAAM,CAAC,gBAAgB,CAAC,CAAC,CAAE,CAAC;oBAC7C,QAAQ,EAAE,cAAc,CAAC,KAAK;oBAC9B,QAAQ,EAAE,CAAC;iBACZ;gBACD;oBACE,QAAQ,EAAE,mBAAmB;oBAC7B,WAAW,EAAE,IAAI,MAAM,CAAC,eAAe,CAAC,CAAC,CAAE,CAAC;oBAC5C,QAAQ,EAAE,cAAc,CAAC,KAAK;oBAC9B,QAAQ,EAAE,CAAC;iBACZ;aACF;YACD,eAAe,EAAE,cAAc,CAAC,QAAQ;SACzC,CAAC,CAAC;QAEH,MAAM,QAAQ,GAAiB;YAC7B,IAAI,EAAE,mBAAmB;YACzB,IAAI,EAAE,EAAE,OAAO,EAAE,iBAAiB,EAAE;SACrC,CAAC;QAEF,MAAM,MAAM,GAAG,MAAM,oBAAoB,CAAC,KAAK,CAAC,QAAQ,EAAE,SAAS,CAAC,CAAC;QACrE,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,cAAc,CAAC,KAAK,CAAC,CAAC;IACrD,CAAC,CAAC,CAAC;IACH,EAAE,CAAC,iEAAiE,EAAE,KAAK,IAAI,EAAE;QAC/E,MAAM,QAAQ,GAAiB;YAC7B,IAAI,EAAE,mBAAmB;YACzB,IAAI,EAAE,EAAE,OAAO,EAAE,iBAAiB,EAAE;SACrC,CAAC;QACF,MAAM,MAAM,GAAG,MAAM,YAAY,CAAC,KAAK,CAAC,QAAQ,EAAE,SAAS,CAAC,CAAC;QAC7D,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,cAAc,CAAC,QAAQ,CAAC,CAAC;IACxD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,mDAAmD,EAAE,KAAK,IAAI,EAAE;QACjE,MAAM,QAAQ,GAAiB;YAC7B,IAAI,EAAE,mBAAmB;YACzB,IAAI,EAAE,EAAE,OAAO,EAAE,6BAA6B,EAAE;SACjD,CAAC;QACF,MAAM,MAAM,GAAG,MAAM,YAAY,CAAC,KAAK,CAAC,QAAQ,EAAE,SAAS,CAAC,CAAC;QAC7D,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,cAAc,CAAC,QAAQ,CAAC,CAAC;IACxD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,mDAAmD,EAAE,KAAK,IAAI,EAAE;QACjE,8DAA8D;QAC9D,MAAM,QAAQ,GAAiB;YAC7B,IAAI,EAAE,mBAAmB;YACzB,IAAI,EAAE,EAAE,OAAO,EAAE,iBAAiB,EAAE;SACrC,CAAC;QACF,MAAM,MAAM,GAAG,MAAM,YAAY,CAAC,KAAK,CAAC,QAAQ,EAAE,SAAS,CAAC,CAAC;QAC7D,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,cAAc,CAAC,QAAQ,CAAC,CAAC;IACxD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,sDAAsD,EAAE,KAAK,IAAI,EAAE;QACpE,MAAM,QAAQ,GAAiB;YAC7B,IAAI,EAAE,mBAAmB;YACzB,IAAI,EAAE,EAAE,OAAO,EAAE,oBAAoB,EAAE;SACxC,CAAC;QACF,MAAM,MAAM,GAAG,MAAM,YAAY,CAAC,KAAK,CAAC,QAAQ,EAAE,SAAS,CAAC,CAAC;QAC7D,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,cAAc,CAAC,QAAQ,CAAC,CAAC;IACxD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,2DAA2D,EAAE,KAAK,IAAI,EAAE;QACzE,MAAM,QAAQ,GAAiB;YAC7B,IAAI,EAAE,mBAAmB;YACzB,IAAI,EAAE,EAAE,OAAO,EAAE,8BAA8B,EAAE;SAClD,CAAC;QACF,MAAM,MAAM,GAAG,MAAM,YAAY,CAAC,KAAK,CAAC,QAAQ,EAAE,SAAS,CAAC,CAAC;QAC7D,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,cAAc,CAAC,QAAQ,CAAC,CAAC;IACxD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,kFAAkF,EAAE,KAAK,IAAI,EAAE;QAChG,MAAM,QAAQ,GAAiB;YAC7B,IAAI,EAAE,mBAAmB;YACzB,IAAI,EAAE,EAAE,OAAO,EAAE,uCAAuC,EAAE;SAC3D,CAAC;QACF,MAAM,MAAM,GAAG,MAAM,YAAY,CAAC,KAAK,CAAC,QAAQ,EAAE,SAAS,CAAC,CAAC;QAC7D,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,cAAc,CAAC,QAAQ,CAAC,CAAC;IACxD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,oEAAoE,EAAE,KAAK,IAAI,EAAE;QAClF,iCAAiC;QACjC,MAAM,gBAAgB,GAAG,iBAAiB,CAAC,SAAS,EAAE,MAAM,EAAE,SAAS,CAAC,CAAC;QACzE,MAAM,eAAe,GAAG,iBAAiB,CAAC,SAAS,EAAE,KAAK,EAAE,SAAS,CAAC,CAAC;QAEvE,MAAM,oBAAoB,GAAG,IAAI,YAAY,CAAC;YAC5C,KAAK,EAAE;gBACL;oBACE,QAAQ,EAAE,mBAAmB;oBAC7B,WAAW,EAAE,IAAI,MAAM,CAAC,gBAAgB,CAAC,CAAC,CAAE,CAAC;oBAC7C,QAAQ,EAAE,cAAc,CAAC,KAAK;oBAC9B,QAAQ,EAAE,CAAC;iBACZ;gBACD;oBACE,QAAQ,EAAE,mBAAmB;oBAC7B,yCAAyC;oBACzC,WAAW,EAAE,IAAI,MAAM,CAAC,eAAe,CAAC,CAAC,CAAE,CAAC;oBAC5C,QAAQ,EAAE,cAAc,CAAC,KAAK;oBAC9B,QAAQ,EAAE,CAAC;iBACZ;aACF;YACD,eAAe,EAAE,cAAc,CAAC,QAAQ;SACzC,CAAC,CAAC;QAEH,MAAM,QAAQ,GAAiB;YAC7B,IAAI,EAAE,mBAAmB;YACzB,IAAI,EAAE,EAAE,OAAO,EAAE,4BAA4B,EAAE;SAChD,CAAC;QAEF,MAAM,MAAM,GAAG,MAAM,oBAAoB,CAAC,KAAK,CAAC,QAAQ,EAAE,SAAS,CAAC,CAAC;QACrE,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,cAAc,CAAC,KAAK,CAAC,CAAC;IACrD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,kDAAkD,EAAE,KAAK,IAAI,EAAE;QAChE,wGAAwG;QACxG,MAAM,QAAQ,GAAiB;YAC7B,IAAI,EAAE,mBAAmB;YACzB,IAAI,EAAE,EAAE,OAAO,EAAE,qBAAqB,EAAE;SACzC,CAAC;QACF,MAAM,MAAM,GAAG,MAAM,YAAY,CAAC,KAAK,CAAC,QAAQ,EAAE,SAAS,CAAC,CAAC;QAC7D,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,cAAc,CAAC,QAAQ,CAAC,CAAC;IACxD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,0EAA0E,EAAE,KAAK,IAAI,EAAE;QACxF,iEAAiE;QACjE,MAAM,kBAAkB,GAAG,iBAAiB,CAC1C,SAAS,EACT,SAAS,EACT,SAAS,CACV,CAAC;QACF,MAAM,qBAAqB,GAAG,IAAI,YAAY,CAAC;YAC7C,KAAK,EAAE;gBACL;oBACE,QAAQ,EAAE,mBAAmB;oBAC7B,WAAW,EAAE,IAAI,MAAM,CAAC,kBAAkB,CAAC,CAAC,CAAE,CAAC;oBAC/C,QAAQ,EAAE,cAAc,CAAC,KAAK;oBAC9B,QAAQ,EAAE,CAAC;oBACX,gBAAgB,EAAE,IAAI;iBACvB;aACF;YACD,eAAe,EAAE,cAAc,CAAC,QAAQ;SACzC,CAAC,CAAC;QAEH,MAAM,QAAQ,GAAiB;YAC7B,IAAI,EAAE,mBAAmB;YACzB,IAAI,EAAE,EAAE,OAAO,EAAE,qBAAqB,EAAE;SACzC,CAAC;QACF,MAAM,MAAM,GAAG,MAAM,qBAAqB,CAAC,KAAK,CAAC,QAAQ,EAAE,SAAS,CAAC,CAAC;QACtE,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,cAAc,CAAC,KAAK,CAAC,CAAC;IACrD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,uEAAuE,EAAE,KAAK,IAAI,EAAE;QACrF,6EAA6E;QAC7E,yFAAyF;QACzF,MAAM,QAAQ,GAAiB;YAC7B,IAAI,EAAE,mBAAmB;YACzB,IAAI,EAAE,EAAE,OAAO,EAAE,wBAAwB,EAAE;SAC5C,CAAC;QACF,MAAM,MAAM,GAAG,MAAM,YAAY,CAAC,KAAK,CAAC,QAAQ,EAAE,SAAS,CAAC,CAAC;QAC7D,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,cAAc,CAAC,QAAQ,CAAC,CAAC;IACxD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,oEAAoE,EAAE,KAAK,IAAI,EAAE;QAClF,YAAY;QACZ,oDAAoD;QACpD,0BAA0B;QAC1B,0BAA0B;QAC1B,MAAM,gBAAgB,GAAG,iBAAiB,CACxC,SAAS,EACT,UAAU,EACV,SAAS,CACV,CAAC;QAEF,MAAM,cAAc,GAAG,IAAI,YAAY,CAAC;YACtC,KAAK,EAAE;gBACL;oBACE,QAAQ,EAAE,mBAAmB;oBAC7B,WAAW,EAAE,IAAI,MAAM,CAAC,gBAAgB,CAAC,CAAC,CAAE,CAAC;oBAC7C,QAAQ,EAAE,cAAc,CAAC,IAAI;oBAC7B,QAAQ,EAAE,CAAC;iBACZ;aACF;YACD,eAAe,EAAE,cAAc,CAAC,QAAQ;SACzC,CAAC,CAAC;QAEH,MAAM,QAAQ,GAAiB;YAC7B,IAAI,EAAE,mBAAmB;YACzB,IAAI,EAAE,EAAE,OAAO,EAAE,iCAAiC,EAAE;SACrD,CAAC;QAEF,MAAM,MAAM,GAAG,MAAM,cAAc,CAAC,KAAK,CAAC,QAAQ,EAAE,SAAS,CAAC,CAAC;QAC/D,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,CAAC;IACpD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,2EAA2E,EAAE,KAAK,IAAI,EAAE;QACzF,YAAY;QACZ,kEAAkE;QAClE,oFAAoF;QACpF,MAAM,qBAAqB,GAAG,iBAAiB,CAC7C,SAAS,EACT,YAAY,EACZ,SAAS,CACV,CAAC;QAEF,MAAM,YAAY,GAAG,IAAI,YAAY,CAAC;YACpC,KAAK,EAAE;gBACL;oBACE,QAAQ,EAAE,mBAAmB;oBAC7B,WAAW,EAAE,IAAI,MAAM,CAAC,qBAAqB,CAAC,CAAC,CAAE,CAAC;oBAClD,QAAQ,EAAE,cAAc,CAAC,KAAK;oBAC9B,QAAQ,EAAE,CAAC;oBACX,IAAI,EAAE,uBAAuB,EAAE,iCAAiC;iBACjE;aACF;YACD,eAAe,EAAE,cAAc,CAAC,QAAQ;SACzC,CAAC,CAAC;QAEH,MAAM,QAAQ,GAAiB;YAC7B,IAAI,EAAE,mBAAmB;YACzB,IAAI,EAAE,EAAE,OAAO,EAAE,+BAA+B,EAAE;SACnD,CAAC;QAEF,MAAM,MAAM,GAAG,MAAM,YAAY,CAAC,KAAK,CAAC,QAAQ,EAAE,SAAS,CAAC,CAAC;QAC7D,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,cAAc,CAAC,QAAQ,CAAC,CAAC;QACtD,qGAAqG;QACrG,2IAA2I;QAC3I,qFAAqF;QACrF,sEAAsE;QACtE,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,aAAa,EAAE,CAAC;IACtC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,wGAAwG,EAAE,KAAK,IAAI,EAAE;QACtH,YAAY;QACZ,qGAAqG;QACrG,gFAAgF;QAChF,MAAM,0BAA0B,GAAG,iBAAiB,CAClD,SAAS,EACT,yBAAyB,EACzB,SAAS,CACV,CAAC;QAEF,MAAM,YAAY,GAAG,IAAI,YAAY,CAAC;YACpC,KAAK,EAAE;gBACL;oBACE,QAAQ,EAAE,mBAAmB;oBAC7B,WAAW,EAAE,IAAI,MAAM,CAAC,0BAA0B,CAAC,CAAC,CAAE,CAAC;oBACvD,QAAQ,EAAE,cAAc,CAAC,QAAQ;oBACjC,QAAQ,EAAE,CAAC;oBACX,IAAI,EAAE,kCAAkC;iBACzC;aACF;YACD,eAAe,EAAE,cAAc,CAAC,QAAQ;SACzC,CAAC,CAAC;QAEH,MAAM,QAAQ,GAAiB;YAC7B,IAAI,EAAE,mBAAmB;YACzB,IAAI,EAAE,EAAE,OAAO,EAAE,8CAA8C,EAAE;SAClE,CAAC;QAEF,MAAM,MAAM,GAAG,MAAM,YAAY,CAAC,KAAK,CAAC,QAAQ,EAAE,SAAS,CAAC,CAAC;QAC7D,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,cAAc,CAAC,QAAQ,CAAC,CAAC;QACtD,gEAAgE;QAChE,8CAA8C;QAC9C,gDAAgD;QAChD,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,aAAa,EAAE,CAAC;IACtC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,0HAA0H,EAAE,KAAK,IAAI,EAAE;QACxI,YAAY;QACZ,6GAA6G;QAC7G,+EAA+E;QAC/E,iGAAiG;QACjG,8DAA8D;QAC9D,MAAM,gBAAgB,GAAG,iBAAiB,CACxC,SAAS,EACT,qBAAqB,EACrB,SAAS,CACV,CAAC;QACF,MAAM,gBAAgB,GAAG,iBAAiB,CACxC,SAAS,EACT,qBAAqB,EACrB,SAAS,CACV,CAAC;QAEF,MAAM,YAAY,GAAG,IAAI,YAAY,CAAC;YACpC,KAAK,EAAE;gBACL;oBACE,QAAQ,EAAE,mBAAmB;oBAC7B,WAAW,EAAE,IAAI,MAAM,CAAC,gBAAgB,CAAC,CAAC,CAAE,CAAC;oBAC7C,QAAQ,EAAE,cAAc,CAAC,QAAQ;oBACjC,QAAQ,EAAE,CAAC;oBACX,IAAI,EAAE,YAAY;iBACnB;gBACD;oBACE,QAAQ,EAAE,mBAAmB;oBAC7B,WAAW,EAAE,IAAI,MAAM,CAAC,gBAAgB,CAAC,CAAC,CAAE,CAAC;oBAC7C,QAAQ,EAAE,cAAc,CAAC,QAAQ;oBACjC,QAAQ,EAAE,CAAC;oBACX,IAAI,EAAE,YAAY;iBACnB;aACF;YACD,eAAe,EAAE,cAAc,CAAC,KAAK,EAAE,+CAA+C;SACvF,CAAC,CAAC;QAEH,MAAM,QAAQ,GAAiB;YAC7B,IAAI,EAAE,mBAAmB;YACzB,IAAI,EAAE,EAAE,OAAO,EAAE,4CAA4C,EAAE;SAChE,CAAC;QAEF,MAAM,MAAM,GAAG,MAAM,YAAY,CAAC,KAAK,CAAC,QAAQ,EAAE,SAAS,CAAC,CAAC;QAC7D,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,cAAc,CAAC,QAAQ,CAAC,CAAC;QACtD,0DAA0D;QAC1D,MAAM,CAAC,MAAM,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;IAC/C,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}

package/dist/src/policy/types.d.ts

@@ -62,6 +62,10 @@ export interface InProcessCheckerConfig {
  */
 export type SafetyCheckerConfig = ExternalCheckerConfig | InProcessCheckerConfig;
 export interface PolicyRule {
+    /**
+     * A unique name for the policy rule, useful for identification and debugging.
+     */
+    name?: string;
     /**
      * The name of the tool this rule applies to.
      * If undefined, the rule applies to all tools.

package/dist/src/policy/utils.js

@@ -31,7 +31,10 @@ export function buildArgsPatterns(argsPattern, commandPrefix, commandRegex) {
         // always followed by a space or a closing quote.
         return prefixes.map((prefix) => {
             const jsonPrefix = JSON.stringify(prefix).slice(1, -1);
-            return `"command":"${escapeRegex(jsonPrefix)}(?:[\\s"]|$)`;
+            // We allow [\s], ["], or the specific sequence [\"] (for escaped quotes
+            // in JSON). We do NOT allow generic [\\], which would match "git\status"
+            // -> "gitstatus".
+            return `"command":"${escapeRegex(jsonPrefix)}(?:[\\s"]|\\\\")`;
         });
     }
     if (commandRegex) {

package/dist/src/policy/utils.js.map

@@ -1 +1 @@
-{"version":3,"file":"utils.js","sourceRoot":"","sources":["../../../src/policy/utils.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH;;GAEG;AACH,MAAM,UAAU,WAAW,CAAC,IAAY;IACtC,OAAO,IAAI,CAAC,OAAO,CAAC,2BAA2B,EAAE,MAAM,CAAC,CAAC;AAC3D,CAAC;AAED;;;;;;;;;;GAUG;AACH,MAAM,UAAU,iBAAiB,CAC/B,WAAoB,EACpB,aAAiC,EACjC,YAAqB;IAErB,IAAI,aAAa,EAAE,CAAC;QAClB,MAAM,QAAQ,GAAG,KAAK,CAAC,OAAO,CAAC,aAAa,CAAC;YAC3C,CAAC,CAAC,aAAa;YACf,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC;QAEpB,gDAAgD;QAChD,4EAA4E;QAC5E,wEAAwE;QACxE,iDAAiD;QACjD,OAAO,QAAQ,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,EAAE;YAC7B,MAAM,UAAU,GAAG,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;YACvD,OAAO,cAAc,WAAW,CAAC,UAAU,CAAC,cAAc,CAAC;QAC7D,CAAC,CAAC,CAAC;IACL,CAAC;IAED,IAAI,YAAY,EAAE,CAAC;QACjB,OAAO,CAAC,cAAc,YAAY,EAAE,CAAC,CAAC;IACxC,CAAC;IAED,OAAO,CAAC,WAAW,CAAC,CAAC;AACvB,CAAC"}
+{"version":3,"file":"utils.js","sourceRoot":"","sources":["../../../src/policy/utils.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH;;GAEG;AACH,MAAM,UAAU,WAAW,CAAC,IAAY;IACtC,OAAO,IAAI,CAAC,OAAO,CAAC,2BAA2B,EAAE,MAAM,CAAC,CAAC;AAC3D,CAAC;AAED;;;;;;;;;;GAUG;AACH,MAAM,UAAU,iBAAiB,CAC/B,WAAoB,EACpB,aAAiC,EACjC,YAAqB;IAErB,IAAI,aAAa,EAAE,CAAC;QAClB,MAAM,QAAQ,GAAG,KAAK,CAAC,OAAO,CAAC,aAAa,CAAC;YAC3C,CAAC,CAAC,aAAa;YACf,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC;QAEpB,gDAAgD;QAChD,4EAA4E;QAC5E,wEAAwE;QACxE,iDAAiD;QACjD,OAAO,QAAQ,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,EAAE;YAC7B,MAAM,UAAU,GAAG,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;YACvD,wEAAwE;YACxE,yEAAyE;YACzE,kBAAkB;YAClB,OAAO,cAAc,WAAW,CAAC,UAAU,CAAC,kBAAkB,CAAC;QACjE,CAAC,CAAC,CAAC;IACL,CAAC;IAED,IAAI,YAAY,EAAE,CAAC;QACjB,OAAO,CAAC,cAAc,YAAY,EAAE,CAAC,CAAC;IACxC,CAAC;IAED,OAAO,CAAC,WAAW,CAAC,CAAC;AACvB,CAAC"}

package/dist/src/policy/utils.test.js

@@ -24,13 +24,13 @@ describe('policy/utils', () => {
         });
         it('should build pattern from a single commandPrefix', () => {
             const result = buildArgsPatterns(undefined, 'ls', undefined);
-            expect(result).toEqual(['"command":"ls(?:[\\s"]|$)']);
+            expect(result).toEqual(['"command":"ls(?:[\\s"]|\\\\")']);
         });
         it('should build patterns from an array of commandPrefixes', () => {
             const result = buildArgsPatterns(undefined, ['ls', 'cd'], undefined);
             expect(result).toEqual([
-                '"command":"ls(?:[\\s"]|$)',
-                '"command":"cd(?:[\\s"]|$)',
+                '"command":"ls(?:[\\s"]|\\\\")',
+                '"command":"cd(?:[\\s"]|\\\\")',
             ]);
         });
         it('should build pattern from commandRegex', () => {
@@ -39,7 +39,7 @@ describe('policy/utils', () => {
         });
         it('should prioritize commandPrefix over commandRegex and argsPattern', () => {
             const result = buildArgsPatterns('raw', 'prefix', 'regex');
-            expect(result).toEqual(['"command":"prefix(?:[\\s"]|$)']);
+            expect(result).toEqual(['"command":"prefix(?:[\\s"]|\\\\")']);
         });
         it('should prioritize commandRegex over argsPattern if no commandPrefix', () => {
             const result = buildArgsPatterns('raw', undefined, 'regex');
@@ -47,18 +47,46 @@ describe('policy/utils', () => {
         });
         it('should escape characters in commandPrefix', () => {
             const result = buildArgsPatterns(undefined, 'git checkout -b', undefined);
-            expect(result).toEqual(['"command":"git\\ checkout\\ \\-b(?:[\\s"]|$)']);
+            expect(result).toEqual([
+                '"command":"git\\ checkout\\ \\-b(?:[\\s"]|\\\\")',
+            ]);
         });
         it('should correctly escape quotes in commandPrefix', () => {
             const result = buildArgsPatterns(undefined, 'git "fix"', undefined);
             expect(result).toEqual([
-                '"command":"git\\ \\\\\\"fix\\\\\\"(?:[\\s"]|$)',
+                '"command":"git\\ \\\\\\"fix\\\\\\"(?:[\\s"]|\\\\")',
             ]);
         });
         it('should handle undefined correctly when no inputs are provided', () => {
             const result = buildArgsPatterns(undefined, undefined, undefined);
             expect(result).toEqual([undefined]);
         });
+        it('should match prefixes followed by JSON escaped quotes', () => {
+            // Testing the security fix logic: allowing "echo \"foo\""
+            const prefix = 'echo ';
+            const patterns = buildArgsPatterns(undefined, prefix, undefined);
+            const regex = new RegExp(patterns[0]);
+            // Mimic JSON stringified args
+            // echo "foo" -> {"command":"echo \"foo\""}
+            const validJsonArgs = '{"command":"echo \\"foo\\""}';
+            expect(regex.test(validJsonArgs)).toBe(true);
+        });
+        it('should NOT match prefixes followed by raw backslashes (security check)', () => {
+            // Testing that we blocked the hole: "echo\foo"
+            const prefix = 'echo ';
+            const patterns = buildArgsPatterns(undefined, prefix, undefined);
+            const regex = new RegExp(patterns[0]);
+            // echo\foo -> {"command":"echo\\foo"}
+            // In regex matching: "echo " is followed by "\" which is NOT in [\s"] and is not \"
+            const attackJsonArgs = '{"command":"echo\\\\foo"}';
+            expect(regex.test(attackJsonArgs)).toBe(false);
+            // Also validation for "git " matching "git\status"
+            const gitPatterns = buildArgsPatterns(undefined, 'git ', undefined);
+            const gitRegex = new RegExp(gitPatterns[0]);
+            // git\status -> {"command":"git\\status"}
+            const gitAttack = '{"command":"git\\\\status"}';
+            expect(gitRegex.test(gitAttack)).toBe(false);
+        });
     });
 });
 //# sourceMappingURL=utils.test.js.map

package/dist/src/policy/utils.test.js.map

@@ -1 +1 @@
-{"version":3,"file":"utils.test.js","sourceRoot":"","sources":["../../../src/policy/utils.test.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,MAAM,EAAE,MAAM,QAAQ,CAAC;AAC9C,OAAO,EAAE,WAAW,EAAE,iBAAiB,EAAE,MAAM,YAAY,CAAC;AAE5D,QAAQ,CAAC,cAAc,EAAE,GAAG,EAAE;IAC5B,QAAQ,CAAC,aAAa,EAAE,GAAG,EAAE;QAC3B,EAAE,CAAC,wCAAwC,EAAE,GAAG,EAAE;YAChD,MAAM,KAAK,GAAG,oBAAoB,CAAC;YACnC,MAAM,OAAO,GAAG,WAAW,CAAC,KAAK,CAAC,CAAC;YACnC,MAAM,CAAC,OAAO,CAAC,CAAC,IAAI,CAClB,sDAAsD,CACvD,CAAC;QACJ,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,oEAAoE,EAAE,GAAG,EAAE;YAC5E,MAAM,KAAK,GAAG,WAAW,CAAC;YAC1B,MAAM,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACzC,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,mBAAmB,EAAE,GAAG,EAAE;QACjC,EAAE,CAAC,kEAAkE,EAAE,GAAG,EAAE;YAC1E,MAAM,MAAM,GAAG,iBAAiB,CAAC,YAAY,EAAE,SAAS,EAAE,SAAS,CAAC,CAAC;YACrE,MAAM,CAAC,MAAM,CAAC,CAAC,OAAO,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC;QACzC,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,kDAAkD,EAAE,GAAG,EAAE;YAC1D,MAAM,MAAM,GAAG,iBAAiB,CAAC,SAAS,EAAE,IAAI,EAAE,SAAS,CAAC,CAAC;YAC7D,MAAM,CAAC,MAAM,CAAC,CAAC,OAAO,CAAC,CAAC,2BAA2B,CAAC,CAAC,CAAC;QACxD,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,wDAAwD,EAAE,GAAG,EAAE;YAChE,MAAM,MAAM,GAAG,iBAAiB,CAAC,SAAS,EAAE,CAAC,IAAI,EAAE,IAAI,CAAC,EAAE,SAAS,CAAC,CAAC;YACrE,MAAM,CAAC,MAAM,CAAC,CAAC,OAAO,CAAC;gBACrB,2BAA2B;gBAC3B,2BAA2B;aAC5B,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,wCAAwC,EAAE,GAAG,EAAE;YAChD,MAAM,MAAM,GAAG,iBAAiB,CAAC,SAAS,EAAE,SAAS,EAAE,WAAW,CAAC,CAAC;YACpE,MAAM,CAAC,MAAM,CAAC,CAAC,OAAO,CAAC,CAAC,sBAAsB,CAAC,CAAC,CAAC;QACnD,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,mEAAmE,EAAE,GAAG,EAAE;YAC3E,MAAM,MAAM,GAAG,iBAAiB,CAAC,KAAK,EAAE,QAAQ,EAAE,OAAO,CAAC,CAAC;YAC3D,MAAM,CAAC,MAAM,CAAC,CAAC,OAAO,CAAC,CAAC,+BAA+B,CAAC,CAAC,CAAC;QAC5D,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,qEAAqE,EAAE,GAAG,EAAE;YAC7E,MAAM,MAAM,GAAG,iBAAiB,CAAC,KAAK,EAAE,SAAS,EAAE,OAAO,CAAC,CAAC;YAC5D,MAAM,CAAC,MAAM,CAAC,CAAC,OAAO,CAAC,CAAC,kBAAkB,CAAC,CAAC,CAAC;QAC/C,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,2CAA2C,EAAE,GAAG,EAAE;YACnD,MAAM,MAAM,GAAG,iBAAiB,CAAC,SAAS,EAAE,iBAAiB,EAAE,SAAS,CAAC,CAAC;YAC1E,MAAM,CAAC,MAAM,CAAC,CAAC,OAAO,CAAC,CAAC,8CAA8C,CAAC,CAAC,CAAC;QAC3E,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,iDAAiD,EAAE,GAAG,EAAE;YACzD,MAAM,MAAM,GAAG,iBAAiB,CAAC,SAAS,EAAE,WAAW,EAAE,SAAS,CAAC,CAAC;YACpE,MAAM,CAAC,MAAM,CAAC,CAAC,OAAO,CAAC;gBACrB,gDAAgD;aACjD,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,+DAA+D,EAAE,GAAG,EAAE;YACvE,MAAM,MAAM,GAAG,iBAAiB,CAAC,SAAS,EAAE,SAAS,EAAE,SAAS,CAAC,CAAC;YAClE,MAAM,CAAC,MAAM,CAAC,CAAC,OAAO,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC;QACtC,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}
+{"version":3,"file":"utils.test.js","sourceRoot":"","sources":["../../../src/policy/utils.test.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,MAAM,EAAE,MAAM,QAAQ,CAAC;AAC9C,OAAO,EAAE,WAAW,EAAE,iBAAiB,EAAE,MAAM,YAAY,CAAC;AAE5D,QAAQ,CAAC,cAAc,EAAE,GAAG,EAAE;IAC5B,QAAQ,CAAC,aAAa,EAAE,GAAG,EAAE;QAC3B,EAAE,CAAC,wCAAwC,EAAE,GAAG,EAAE;YAChD,MAAM,KAAK,GAAG,oBAAoB,CAAC;YACnC,MAAM,OAAO,GAAG,WAAW,CAAC,KAAK,CAAC,CAAC;YACnC,MAAM,CAAC,OAAO,CAAC,CAAC,IAAI,CAClB,sDAAsD,CACvD,CAAC;QACJ,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,oEAAoE,EAAE,GAAG,EAAE;YAC5E,MAAM,KAAK,GAAG,WAAW,CAAC;YAC1B,MAAM,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACzC,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,mBAAmB,EAAE,GAAG,EAAE;QACjC,EAAE,CAAC,kEAAkE,EAAE,GAAG,EAAE;YAC1E,MAAM,MAAM,GAAG,iBAAiB,CAAC,YAAY,EAAE,SAAS,EAAE,SAAS,CAAC,CAAC;YACrE,MAAM,CAAC,MAAM,CAAC,CAAC,OAAO,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC;QACzC,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,kDAAkD,EAAE,GAAG,EAAE;YAC1D,MAAM,MAAM,GAAG,iBAAiB,CAAC,SAAS,EAAE,IAAI,EAAE,SAAS,CAAC,CAAC;YAC7D,MAAM,CAAC,MAAM,CAAC,CAAC,OAAO,CAAC,CAAC,+BAA+B,CAAC,CAAC,CAAC;QAC5D,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,wDAAwD,EAAE,GAAG,EAAE;YAChE,MAAM,MAAM,GAAG,iBAAiB,CAAC,SAAS,EAAE,CAAC,IAAI,EAAE,IAAI,CAAC,EAAE,SAAS,CAAC,CAAC;YACrE,MAAM,CAAC,MAAM,CAAC,CAAC,OAAO,CAAC;gBACrB,+BAA+B;gBAC/B,+BAA+B;aAChC,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,wCAAwC,EAAE,GAAG,EAAE;YAChD,MAAM,MAAM,GAAG,iBAAiB,CAAC,SAAS,EAAE,SAAS,EAAE,WAAW,CAAC,CAAC;YACpE,MAAM,CAAC,MAAM,CAAC,CAAC,OAAO,CAAC,CAAC,sBAAsB,CAAC,CAAC,CAAC;QACnD,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,mEAAmE,EAAE,GAAG,EAAE;YAC3E,MAAM,MAAM,GAAG,iBAAiB,CAAC,KAAK,EAAE,QAAQ,EAAE,OAAO,CAAC,CAAC;YAC3D,MAAM,CAAC,MAAM,CAAC,CAAC,OAAO,CAAC,CAAC,mCAAmC,CAAC,CAAC,CAAC;QAChE,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,qEAAqE,EAAE,GAAG,EAAE;YAC7E,MAAM,MAAM,GAAG,iBAAiB,CAAC,KAAK,EAAE,SAAS,EAAE,OAAO,CAAC,CAAC;YAC5D,MAAM,CAAC,MAAM,CAAC,CAAC,OAAO,CAAC,CAAC,kBAAkB,CAAC,CAAC,CAAC;QAC/C,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,2CAA2C,EAAE,GAAG,EAAE;YACnD,MAAM,MAAM,GAAG,iBAAiB,CAAC,SAAS,EAAE,iBAAiB,EAAE,SAAS,CAAC,CAAC;YAC1E,MAAM,CAAC,MAAM,CAAC,CAAC,OAAO,CAAC;gBACrB,kDAAkD;aACnD,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,iDAAiD,EAAE,GAAG,EAAE;YACzD,MAAM,MAAM,GAAG,iBAAiB,CAAC,SAAS,EAAE,WAAW,EAAE,SAAS,CAAC,CAAC;YACpE,MAAM,CAAC,MAAM,CAAC,CAAC,OAAO,CAAC;gBACrB,oDAAoD;aACrD,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,+DAA+D,EAAE,GAAG,EAAE;YACvE,MAAM,MAAM,GAAG,iBAAiB,CAAC,SAAS,EAAE,SAAS,EAAE,SAAS,CAAC,CAAC;YAClE,MAAM,CAAC,MAAM,CAAC,CAAC,OAAO,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC;QACtC,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,uDAAuD,EAAE,GAAG,EAAE;YAC/D,0DAA0D;YAC1D,MAAM,MAAM,GAAG,OAAO,CAAC;YACvB,MAAM,QAAQ,GAAG,iBAAiB,CAAC,SAAS,EAAE,MAAM,EAAE,SAAS,CAAC,CAAC;YACjE,MAAM,KAAK,GAAG,IAAI,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAE,CAAC,CAAC;YAEvC,8BAA8B;YAC9B,2CAA2C;YAC3C,MAAM,aAAa,GAAG,8BAA8B,CAAC;YACrD,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC/C,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,wEAAwE,EAAE,GAAG,EAAE;YAChF,+CAA+C;YAC/C,MAAM,MAAM,GAAG,OAAO,CAAC;YACvB,MAAM,QAAQ,GAAG,iBAAiB,CAAC,SAAS,EAAE,MAAM,EAAE,SAAS,CAAC,CAAC;YACjE,MAAM,KAAK,GAAG,IAAI,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAE,CAAC,CAAC;YAEvC,sCAAsC;YACtC,oFAAoF;YACpF,MAAM,cAAc,GAAG,2BAA2B,CAAC;YACnD,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;YAE/C,mDAAmD;YACnD,MAAM,WAAW,GAAG,iBAAiB,CAAC,SAAS,EAAE,MAAM,EAAE,SAAS,CAAC,CAAC;YACpE,MAAM,QAAQ,GAAG,IAAI,MAAM,CAAC,WAAW,CAAC,CAAC,CAAE,CAAC,CAAC;YAC7C,0CAA0C;YAC1C,MAAM,SAAS,GAAG,6BAA6B,CAAC;YAChD,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAC/C,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}

package/dist/src/routing/routingStrategy.d.ts

@@ -32,6 +32,8 @@ export interface RoutingContext {
     request: PartListUnion;
     /** An abort signal to cancel an LLM call during routing. */
     signal: AbortSignal;
+    /** The model string requested for this turn, if any. */
+    requestedModel?: string;
 }
 /**
  * The core interface that all routing strategies must implement.

package/dist/src/routing/strategies/classifierStrategy.js

@@ -134,7 +134,7 @@ export class ClassifierStrategy {
             const routerResponse = ClassifierResponseSchema.parse(jsonResponse);
             const reasoning = routerResponse.reasoning;
             const latencyMs = Date.now() - startTime;
-            const selectedModel = resolveClassifierModel(config.getModel(), routerResponse.model_choice, config.getPreviewFeatures());
+            const selectedModel = resolveClassifierModel(context.requestedModel ?? config.getModel(), routerResponse.model_choice, config.getPreviewFeatures());
             return {
                 model: selectedModel,
                 metadata: {

package/dist/src/routing/strategies/classifierStrategy.js.map

@@ -1 +1 @@
-{"version":3,"file":"classifierStrategy.js","sourceRoot":"","sources":["../../../../src/routing/strategies/classifierStrategy.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAExB,OAAO,EAAE,eAAe,EAAE,MAAM,gCAAgC,CAAC;AAMjE,OAAO,EAAE,sBAAsB,EAAE,MAAM,wBAAwB,CAAC;AAChE,OAAO,EAAE,iBAAiB,EAAE,IAAI,EAAE,MAAM,eAAe,CAAC;AAExD,OAAO,EACL,cAAc,EACd,kBAAkB,GACnB,MAAM,kCAAkC,CAAC;AAC1C,OAAO,EAAE,WAAW,EAAE,MAAM,4BAA4B,CAAC;AAEzD,2EAA2E;AAC3E,MAAM,yBAAyB,GAAG,CAAC,CAAC;AACpC,MAAM,qBAAqB,GAAG,EAAE,CAAC;AAEjC,MAAM,WAAW,GAAG,OAAO,CAAC;AAC5B,MAAM,SAAS,GAAG,KAAK,CAAC;AAExB,MAAM,wBAAwB,GAAG;2IAC0G,WAAW,oBAAoB,SAAS;QAC3K,WAAW;QACX,SAAS;;8BAEa,SAAS;;;;;6BAKV,WAAW;;;;;;;;;;;;;kBAatB,WAAW,OAAO,SAAS;;;;;;;;;;;qBAWxB,SAAS;;;;;;;qBAOT,WAAW;;;;;;;qBAOX,SAAS;;;;;;;qBAOT,WAAW;;;;;;;;qBAQX,SAAS;;;;;;;qBAOT,WAAW;;CAE/B,CAAC;AAEF,MAAM,eAAe,GAAG;IACtB,IAAI,EAAE,IAAI,CAAC,MAAM;IACjB,UAAU,EAAE;QACV,SAAS,EAAE;YACT,IAAI,EAAE,IAAI,CAAC,MAAM;YACjB,WAAW,EACT,iFAAiF;SACpF;QACD,YAAY,EAAE;YACZ,IAAI,EAAE,IAAI,CAAC,MAAM;YACjB,IAAI,EAAE,CAAC,WAAW,EAAE,SAAS,CAAC;SAC/B;KACF;IACD,QAAQ,EAAE,CAAC,WAAW,EAAE,cAAc,CAAC;CACxC,CAAC;AAEF,MAAM,wBAAwB,GAAG,CAAC,CAAC,MAAM,CAAC;IACxC,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE;IACrB,YAAY,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,WAAW,EAAE,SAAS,CAAC,CAAC;CAC/C,CAAC,CAAC;AAEH,MAAM,OAAO,kBAAkB;IACpB,IAAI,GAAG,YAAY,CAAC;IAE7B,KAAK,CAAC,KAAK,CACT,OAAuB,EACvB,MAAc,EACd,aAA4B;QAE5B,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QAC7B,IAAI,CAAC;YACH,IAAI,QAAQ,GAAG,eAAe,CAAC,QAAQ,EAAE,CAAC;YAC1C,IAAI,CAAC,QAAQ,EAAE,CAAC;gBACd,QAAQ,GAAG,8BAA8B,IAAI,CAAC,GAAG,EAAE,IAAI,IAAI,CAAC,MAAM,EAAE;qBACjE,QAAQ,CAAC,EAAE,CAAC;qBACZ,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC;gBACd,WAAW,CAAC,IAAI,CACd,gFAAgF,QAAQ,EAAE,CAC3F,CAAC;YACJ,CAAC;YAED,MAAM,YAAY,GAAG,OAAO,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,qBAAqB,CAAC,CAAC;YAEnE,iCAAiC;YACjC,gEAAgE;YAChE,MAAM,YAAY,GAAG,YAAY,CAAC,MAAM,CACtC,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC,cAAc,CAAC,OAAO,CAAC,IAAI,CAAC,kBAAkB,CAAC,OAAO,CAAC,CACtE,CAAC;YAEF,oDAAoD;YACpD,MAAM,YAAY,GAAG,YAAY,CAAC,KAAK,CAAC,CAAC,yBAAyB,CAAC,CAAC;YAEpE,MAAM,YAAY,GAAG,MAAM,aAAa,CAAC,YAAY,CAAC;gBACpD,cAAc,EAAE,EAAE,KAAK,EAAE,YAAY,EAAE;gBACvC,QAAQ,EAAE,CAAC,GAAG,YAAY,EAAE,iBAAiB,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;gBAC/D,MAAM,EAAE,eAAe;gBACvB,iBAAiB,EAAE,wBAAwB;gBAC3C,WAAW,EAAE,OAAO,CAAC,MAAM;gBAC3B,QAAQ;aACT,CAAC,CAAC;YAEH,MAAM,cAAc,GAAG,wBAAwB,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC;YAEpE,MAAM,SAAS,GAAG,cAAc,CAAC,SAAS,CAAC;YAC3C,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS,CAAC;YACzC,MAAM,aAAa,GAAG,sBAAsB,CAC1C,MAAM,CAAC,QAAQ,EAAE,EACjB,cAAc,CAAC,YAAY,EAC3B,MAAM,CAAC,kBAAkB,EAAE,CAC5B,CAAC;YAEF,OAAO;gBACL,KAAK,EAAE,aAAa;gBACpB,QAAQ,EAAE;oBACR,MAAM,EAAE,YAAY;oBACpB,SAAS;oBACT,SAAS;iBACV;aACF,CAAC;QACJ,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,2EAA2E;YAC3E,wEAAwE;YACxE,WAAW,CAAC,IAAI,CAAC,sCAAsC,EAAE,KAAK,CAAC,CAAC;YAChE,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;CACF"}
+{"version":3,"file":"classifierStrategy.js","sourceRoot":"","sources":["../../../../src/routing/strategies/classifierStrategy.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAExB,OAAO,EAAE,eAAe,EAAE,MAAM,gCAAgC,CAAC;AAMjE,OAAO,EAAE,sBAAsB,EAAE,MAAM,wBAAwB,CAAC;AAChE,OAAO,EAAE,iBAAiB,EAAE,IAAI,EAAE,MAAM,eAAe,CAAC;AAExD,OAAO,EACL,cAAc,EACd,kBAAkB,GACnB,MAAM,kCAAkC,CAAC;AAC1C,OAAO,EAAE,WAAW,EAAE,MAAM,4BAA4B,CAAC;AAEzD,2EAA2E;AAC3E,MAAM,yBAAyB,GAAG,CAAC,CAAC;AACpC,MAAM,qBAAqB,GAAG,EAAE,CAAC;AAEjC,MAAM,WAAW,GAAG,OAAO,CAAC;AAC5B,MAAM,SAAS,GAAG,KAAK,CAAC;AAExB,MAAM,wBAAwB,GAAG;2IAC0G,WAAW,oBAAoB,SAAS;QAC3K,WAAW;QACX,SAAS;;8BAEa,SAAS;;;;;6BAKV,WAAW;;;;;;;;;;;;;kBAatB,WAAW,OAAO,SAAS;;;;;;;;;;;qBAWxB,SAAS;;;;;;;qBAOT,WAAW;;;;;;;qBAOX,SAAS;;;;;;;qBAOT,WAAW;;;;;;;;qBAQX,SAAS;;;;;;;qBAOT,WAAW;;CAE/B,CAAC;AAEF,MAAM,eAAe,GAAG;IACtB,IAAI,EAAE,IAAI,CAAC,MAAM;IACjB,UAAU,EAAE;QACV,SAAS,EAAE;YACT,IAAI,EAAE,IAAI,CAAC,MAAM;YACjB,WAAW,EACT,iFAAiF;SACpF;QACD,YAAY,EAAE;YACZ,IAAI,EAAE,IAAI,CAAC,MAAM;YACjB,IAAI,EAAE,CAAC,WAAW,EAAE,SAAS,CAAC;SAC/B;KACF;IACD,QAAQ,EAAE,CAAC,WAAW,EAAE,cAAc,CAAC;CACxC,CAAC;AAEF,MAAM,wBAAwB,GAAG,CAAC,CAAC,MAAM,CAAC;IACxC,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE;IACrB,YAAY,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,WAAW,EAAE,SAAS,CAAC,CAAC;CAC/C,CAAC,CAAC;AAEH,MAAM,OAAO,kBAAkB;IACpB,IAAI,GAAG,YAAY,CAAC;IAE7B,KAAK,CAAC,KAAK,CACT,OAAuB,EACvB,MAAc,EACd,aAA4B;QAE5B,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QAC7B,IAAI,CAAC;YACH,IAAI,QAAQ,GAAG,eAAe,CAAC,QAAQ,EAAE,CAAC;YAC1C,IAAI,CAAC,QAAQ,EAAE,CAAC;gBACd,QAAQ,GAAG,8BAA8B,IAAI,CAAC,GAAG,EAAE,IAAI,IAAI,CAAC,MAAM,EAAE;qBACjE,QAAQ,CAAC,EAAE,CAAC;qBACZ,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC;gBACd,WAAW,CAAC,IAAI,CACd,gFAAgF,QAAQ,EAAE,CAC3F,CAAC;YACJ,CAAC;YAED,MAAM,YAAY,GAAG,OAAO,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,qBAAqB,CAAC,CAAC;YAEnE,iCAAiC;YACjC,gEAAgE;YAChE,MAAM,YAAY,GAAG,YAAY,CAAC,MAAM,CACtC,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC,cAAc,CAAC,OAAO,CAAC,IAAI,CAAC,kBAAkB,CAAC,OAAO,CAAC,CACtE,CAAC;YAEF,oDAAoD;YACpD,MAAM,YAAY,GAAG,YAAY,CAAC,KAAK,CAAC,CAAC,yBAAyB,CAAC,CAAC;YAEpE,MAAM,YAAY,GAAG,MAAM,aAAa,CAAC,YAAY,CAAC;gBACpD,cAAc,EAAE,EAAE,KAAK,EAAE,YAAY,EAAE;gBACvC,QAAQ,EAAE,CAAC,GAAG,YAAY,EAAE,iBAAiB,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;gBAC/D,MAAM,EAAE,eAAe;gBACvB,iBAAiB,EAAE,wBAAwB;gBAC3C,WAAW,EAAE,OAAO,CAAC,MAAM;gBAC3B,QAAQ;aACT,CAAC,CAAC;YAEH,MAAM,cAAc,GAAG,wBAAwB,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC;YAEpE,MAAM,SAAS,GAAG,cAAc,CAAC,SAAS,CAAC;YAC3C,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS,CAAC;YACzC,MAAM,aAAa,GAAG,sBAAsB,CAC1C,OAAO,CAAC,cAAc,IAAI,MAAM,CAAC,QAAQ,EAAE,EAC3C,cAAc,CAAC,YAAY,EAC3B,MAAM,CAAC,kBAAkB,EAAE,CAC5B,CAAC;YAEF,OAAO;gBACL,KAAK,EAAE,aAAa;gBACpB,QAAQ,EAAE;oBACR,MAAM,EAAE,YAAY;oBACpB,SAAS;oBACT,SAAS;iBACV;aACF,CAAC;QACJ,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,2EAA2E;YAC3E,wEAAwE;YACxE,WAAW,CAAC,IAAI,CAAC,sCAAsC,EAAE,KAAK,CAAC,CAAC;YAChE,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;CACF"}

package/dist/src/routing/strategies/classifierStrategy.test.js

@@ -193,5 +193,21 @@ describe('ClassifierStrategy', () => {
         expect(consoleWarnSpy).toHaveBeenCalledWith(expect.stringContaining('Could not find promptId in context. This is unexpected. Using a fallback ID:'));
         consoleWarnSpy.mockRestore();
     });
+    it('should respect requestedModel from context in resolveClassifierModel', async () => {
+        const requestedModel = DEFAULT_GEMINI_MODEL; // Pro model
+        const mockApiResponse = {
+            reasoning: 'Choice is flash',
+            model_choice: 'flash',
+        };
+        vi.mocked(mockBaseLlmClient.generateJson).mockResolvedValue(mockApiResponse);
+        const contextWithRequestedModel = {
+            ...mockContext,
+            requestedModel,
+        };
+        const decision = await strategy.route(contextWithRequestedModel, mockConfig, mockBaseLlmClient);
+        expect(decision).not.toBeNull();
+        // Since requestedModel is Pro, and choice is flash, it should resolve to Flash
+        expect(decision?.model).toBe(DEFAULT_GEMINI_FLASH_MODEL);
+    });
 });
 //# sourceMappingURL=classifierStrategy.test.js.map