@google/gemini-cli-core 0.36.0 → 0.37.0-preview.1

package/dist/src/sandbox/windows/WindowsSandboxManager.js

@@ -7,10 +7,14 @@ import fs from 'node:fs';
 import path from 'node:path';
 import os from 'node:os';
 import { fileURLToPath } from 'node:url';
-import { GOVERNANCE_FILES, sanitizePaths, } from '../../services/sandboxManager.js';
+import { GOVERNANCE_FILES, findSecretFiles, sanitizePaths, tryRealpath, resolveSandboxPaths, } from '../../services/sandboxManager.js';
 import { sanitizeEnvironment, getSecureSanitizationConfig, } from '../../services/environmentSanitization.js';
 import { debugLogger } from '../../utils/debugLogger.js';
-import { spawnAsync } from '../../utils/shell-utils.js';
+import { spawnAsync, getCommandName } from '../../utils/shell-utils.js';
+import { isNodeError } from '../../utils/errors.js';
+import { isKnownSafeCommand, isDangerousCommand, isStrictlyApproved, } from './commandSafety.js';
+import { verifySandboxOverrides } from '../utils/commandUtils.js';
+import { parseWindowsSandboxDenials } from './windowsSandboxDenialUtils.js';
 const __filename = fileURLToPath(import.meta.url);
 const __dirname = path.dirname(__filename);
 /**
@@ -22,11 +26,26 @@ export class WindowsSandboxManager {
     options;
     helperPath;
     initialized = false;
-    lowIntegrityCache = new Set();
+    allowedCache = new Set();
+    deniedCache = new Set();
     constructor(options) {
         this.options = options;
         this.helperPath = path.resolve(__dirname, 'GeminiSandbox.exe');
     }
+    isKnownSafeCommand(args) {
+        const toolName = args[0]?.toLowerCase();
+        const approvedTools = this.options.modeConfig?.approvedTools ?? [];
+        if (toolName && approvedTools.some((t) => t.toLowerCase() === toolName)) {
+            return true;
+        }
+        return isKnownSafeCommand(args);
+    }
+    isDangerousCommand(args) {
+        return isDangerousCommand(args);
+    }
+    parseDenials(result) {
+        return parseWindowsSandboxDenials(result);
+    }
     /**
      * Ensures a file or directory exists.
      */
@@ -111,49 +130,182 @@ export class WindowsSandboxManager {
         await this.ensureInitialized();
         const sanitizationConfig = getSecureSanitizationConfig(req.policy?.sanitizationConfig);
         const sanitizedEnv = sanitizeEnvironment(req.env, sanitizationConfig);
+        const isReadonlyMode = this.options.modeConfig?.readonly ?? true;
+        const allowOverrides = this.options.modeConfig?.allowOverrides ?? true;
+        // Reject override attempts in plan mode
+        verifySandboxOverrides(allowOverrides, req.policy);
+        let command = req.command;
+        let args = req.args;
+        let targetPathEnv;
+        // Translate virtual commands for sandboxed file system access
+        if (command === '__read') {
+            // Use PowerShell for safe argument passing via env var
+            targetPathEnv = args[0] || '';
+            command = 'PowerShell.exe';
+            args = [
+                '-NoProfile',
+                '-NonInteractive',
+                '-Command',
+                '& { Get-Content -LiteralPath $env:GEMINI_TARGET_PATH -Raw }',
+            ];
+        }
+        else if (command === '__write') {
+            // Use PowerShell for piping stdin to a file via env var
+            targetPathEnv = args[0] || '';
+            command = 'PowerShell.exe';
+            args = [
+                '-NoProfile',
+                '-NonInteractive',
+                '-Command',
+                '& { $Input | Out-File -FilePath $env:GEMINI_TARGET_PATH -Encoding utf8 }',
+            ];
+        }
+        // Fetch persistent approvals for this command
+        const commandName = await getCommandName(command, args);
+        const persistentPermissions = allowOverrides
+            ? this.options.policyManager?.getCommandPermissions(commandName)
+            : undefined;
+        // Merge all permissions
+        const mergedAdditional = {
+            fileSystem: {
+                read: [
+                    ...(persistentPermissions?.fileSystem?.read ?? []),
+                    ...(req.policy?.additionalPermissions?.fileSystem?.read ?? []),
+                ],
+                write: [
+                    ...(persistentPermissions?.fileSystem?.write ?? []),
+                    ...(req.policy?.additionalPermissions?.fileSystem?.write ?? []),
+                ],
+            },
+            network: persistentPermissions?.network ||
+                req.policy?.additionalPermissions?.network ||
+                false,
+        };
+        if (req.command === '__read' && req.args[0]) {
+            mergedAdditional.fileSystem.read.push(req.args[0]);
+        }
+        else if (req.command === '__write' && req.args[0]) {
+            mergedAdditional.fileSystem.write.push(req.args[0]);
+        }
+        const defaultNetwork = this.options.modeConfig?.network ?? req.policy?.networkAccess ?? false;
+        const networkAccess = defaultNetwork || mergedAdditional.network;
         // 1. Handle filesystem permissions for Low Integrity
         // Grant "Low Mandatory Level" write access to the workspace.
-        await this.grantLowIntegrityAccess(this.options.workspace);
-        // Grant "Low Mandatory Level" read access to allowedPaths.
-        const allowedPaths = sanitizePaths(req.policy?.allowedPaths) || [];
+        // If not in readonly mode OR it's a strictly approved pipeline, allow workspace writes
+        const isApproved = allowOverrides
+            ? await isStrictlyApproved(command, args, this.options.modeConfig?.approvedTools)
+            : false;
+        if (!isReadonlyMode || isApproved) {
+            await this.grantLowIntegrityAccess(this.options.workspace);
+        }
+        const { allowed: allowedPaths, forbidden: forbiddenPaths } = await resolveSandboxPaths(this.options, req);
+        // Grant "Low Mandatory Level" access to includeDirectories.
+        const includeDirs = sanitizePaths(this.options.includeDirectories);
+        for (const includeDir of includeDirs) {
+            await this.grantLowIntegrityAccess(includeDir);
+        }
+        // Grant "Low Mandatory Level" read/write access to allowedPaths.
         for (const allowedPath of allowedPaths) {
-            await this.grantLowIntegrityAccess(allowedPath);
+            const resolved = await tryRealpath(allowedPath);
+            if (!fs.existsSync(resolved)) {
+                throw new Error(`Sandbox request rejected: Allowed path does not exist: ${resolved}. ` +
+                    'On Windows, granular sandbox access can only be granted to existing paths to avoid broad parent directory permissions.');
+            }
+            await this.grantLowIntegrityAccess(resolved);
+        }
+        // Grant "Low Mandatory Level" write access to additional permissions write paths.
+        const additionalWritePaths = sanitizePaths(mergedAdditional.fileSystem?.write);
+        for (const writePath of additionalWritePaths) {
+            const resolved = await tryRealpath(writePath);
+            if (!fs.existsSync(resolved)) {
+                throw new Error(`Sandbox request rejected: Additional write path does not exist: ${resolved}. ` +
+                    'On Windows, granular sandbox access can only be granted to existing paths to avoid broad parent directory permissions.');
+            }
+            await this.grantLowIntegrityAccess(resolved);
+        }
+        // 2. Collect secret files and apply protective ACLs
+        // On Windows, we explicitly deny access to secret files for Low Integrity
+        // processes to ensure they cannot be read or written.
+        const secretsToBlock = [];
+        const searchDirs = new Set([
+            this.options.workspace,
+            ...allowedPaths,
+            ...includeDirs,
+        ]);
+        for (const dir of searchDirs) {
+            try {
+                // We use maxDepth 3 to catch common nested secrets while keeping performance high.
+                const secretFiles = await findSecretFiles(dir, 3);
+                for (const secretFile of secretFiles) {
+                    try {
+                        secretsToBlock.push(secretFile);
+                        await this.denyLowIntegrityAccess(secretFile);
+                    }
+                    catch (e) {
+                        debugLogger.log(`WindowsSandboxManager: Failed to secure secret file ${secretFile}`, e);
+                    }
+                }
+            }
+            catch (e) {
+                debugLogger.log(`WindowsSandboxManager: Failed to find secret files in ${dir}`, e);
+            }
         }
-        // TODO: handle forbidden paths
-        // 2. Protected governance files
+        // Denies access to forbiddenPaths for Low Integrity processes.
+        // Note: Denying access to arbitrary paths (like system files) via icacls
+        // is restricted to avoid host corruption. External commands rely on
+        // Low Integrity read/write restrictions, while internal commands
+        // use the manifest for enforcement.
+        for (const forbiddenPath of forbiddenPaths) {
+            try {
+                await this.denyLowIntegrityAccess(forbiddenPath);
+            }
+            catch (e) {
+                debugLogger.log(`WindowsSandboxManager: Failed to secure forbidden path ${forbiddenPath}`, e);
+            }
+        }
+        // 3. Protected governance files
         // These must exist on the host before running the sandbox to prevent
         // the sandboxed process from creating them with Low integrity.
         // By being created as Medium integrity, they are write-protected from Low processes.
         for (const file of GOVERNANCE_FILES) {
             const filePath = path.join(this.options.workspace, file.path);
             this.touch(filePath, file.isDirectory);
-            // We resolve real paths to ensure protection for both the symlink and its target.
+        }
+        // 4. Forbidden paths manifest
+        // We use a manifest file to avoid command-line length limits.
+        const allForbidden = Array.from(new Set([...secretsToBlock, ...forbiddenPaths]));
+        const tempDir = fs.mkdtempSync(path.join(os.tmpdir(), 'gemini-cli-forbidden-'));
+        const manifestPath = path.join(tempDir, 'manifest.txt');
+        fs.writeFileSync(manifestPath, allForbidden.join('\n'));
+        // Cleanup on exit
+        process.on('exit', () => {
             try {
-                const realPath = fs.realpathSync(filePath);
-                if (realPath !== filePath) {
-                    // If it's a symlink, the target is already implicitly protected
-                    // if it's outside the Low integrity workspace (likely Medium).
-                    // If it's inside, we ensure it's not accidentally Low.
-                }
+                fs.rmSync(tempDir, { recursive: true, force: true });
             }
             catch {
-                // Ignore realpath errors
+                // Ignore errors
             }
-        }
-        // 3. Construct the helper command
-        // GeminiSandbox.exe <network:0|1> <cwd> <command> [args...]
+        });
+        // 5. Construct the helper command
+        // GeminiSandbox.exe <network:0|1> <cwd> --forbidden-manifest <path> <command> [args...]
         const program = this.helperPath;
-        // If the command starts with __, it's an internal command for the sandbox helper itself.
-        const args = [
-            req.policy?.networkAccess ? '1' : '0',
+        const finalArgs = [
+            networkAccess ? '1' : '0',
             req.cwd,
-            req.command,
-            ...req.args,
+            '--forbidden-manifest',
+            manifestPath,
+            command,
+            ...args,
         ];
+        const finalEnv = { ...sanitizedEnv };
+        if (targetPathEnv !== undefined) {
+            finalEnv['GEMINI_TARGET_PATH'] = targetPathEnv;
+        }
         return {
             program,
-            args,
-            env: sanitizedEnv,
+            args: finalArgs,
+            env: finalEnv,
+            cwd: req.cwd,
         };
     }
     /**
@@ -163,26 +315,86 @@ export class WindowsSandboxManager {
         if (os.platform() !== 'win32') {
             return;
         }
-        const resolvedPath = path.resolve(targetPath);
-        if (this.lowIntegrityCache.has(resolvedPath)) {
+        const resolvedPath = await tryRealpath(targetPath);
+        if (this.allowedCache.has(resolvedPath)) {
             return;
         }
-        // Never modify integrity levels for system directories
-        const systemRoot = process.env['SystemRoot'] || 'C:\\Windows';
-        const programFiles = process.env['ProgramFiles'] || 'C:\\Program Files';
-        const programFilesX86 = process.env['ProgramFiles(x86)'] || 'C:\\Program Files (x86)';
-        if (resolvedPath.toLowerCase().startsWith(systemRoot.toLowerCase()) ||
-            resolvedPath.toLowerCase().startsWith(programFiles.toLowerCase()) ||
-            resolvedPath.toLowerCase().startsWith(programFilesX86.toLowerCase())) {
+        // Explicitly reject UNC paths to prevent credential theft/SSRF,
+        // but allow local extended-length and device paths.
+        if (resolvedPath.startsWith('\\\\') &&
+            !resolvedPath.startsWith('\\\\?\\') &&
+            !resolvedPath.startsWith('\\\\.\\')) {
+            debugLogger.log('WindowsSandboxManager: Rejecting UNC path for Low Integrity grant:', resolvedPath);
+            return;
+        }
+        if (this.isSystemDirectory(resolvedPath)) {
             return;
         }
         try {
-            await spawnAsync('icacls', [resolvedPath, '/setintegritylevel', 'Low']);
-            this.lowIntegrityCache.add(resolvedPath);
+            await spawnAsync('icacls', [
+                resolvedPath,
+                '/setintegritylevel',
+                '(OI)(CI)Low',
+            ]);
+            this.allowedCache.add(resolvedPath);
         }
         catch (e) {
             debugLogger.log('WindowsSandboxManager: icacls failed for', resolvedPath, e);
         }
     }
+    /**
+     * Explicitly denies access to a path for Low Integrity processes using icacls.
+     */
+    async denyLowIntegrityAccess(targetPath) {
+        if (os.platform() !== 'win32') {
+            return;
+        }
+        const resolvedPath = await tryRealpath(targetPath);
+        if (this.deniedCache.has(resolvedPath)) {
+            return;
+        }
+        // Never modify ACEs for system directories
+        if (this.isSystemDirectory(resolvedPath)) {
+            return;
+        }
+        // S-1-16-4096 is the SID for "Low Mandatory Level" (Low Integrity)
+        const LOW_INTEGRITY_SID = '*S-1-16-4096';
+        // icacls flags: (OI) Object Inherit, (CI) Container Inherit, (F) Full Access Deny.
+        // Omit /T (recursive) for performance; (OI)(CI) ensures inheritance for new items.
+        // Windows dynamically evaluates existing items, though deep explicit Allow ACEs
+        // could potentially bypass this inherited Deny rule.
+        const DENY_ALL_INHERIT = '(OI)(CI)(F)';
+        // icacls fails on non-existent paths, so we cannot explicitly deny
+        // paths that do not yet exist (unlike macOS/Linux).
+        // Skip to prevent sandbox initialization failure.
+        try {
+            await fs.promises.stat(resolvedPath);
+        }
+        catch (e) {
+            if (isNodeError(e) && e.code === 'ENOENT') {
+                return;
+            }
+            throw e;
+        }
+        try {
+            await spawnAsync('icacls', [
+                resolvedPath,
+                '/deny',
+                `${LOW_INTEGRITY_SID}:${DENY_ALL_INHERIT}`,
+            ]);
+            this.deniedCache.add(resolvedPath);
+        }
+        catch (e) {
+            throw new Error(`Failed to deny access to forbidden path: ${resolvedPath}. ${e instanceof Error ? e.message : String(e)}`);
+        }
+    }
+    isSystemDirectory(resolvedPath) {
+        const systemRoot = process.env['SystemRoot'] || 'C:\\Windows';
+        const programFiles = process.env['ProgramFiles'] || 'C:\\Program Files';
+        const programFilesX86 = process.env['ProgramFiles(x86)'] || 'C:\\Program Files (x86)';
+        return (resolvedPath.toLowerCase().startsWith(systemRoot.toLowerCase()) ||
+            resolvedPath.toLowerCase().startsWith(programFiles.toLowerCase()) ||
+            resolvedPath.toLowerCase().startsWith(programFilesX86.toLowerCase()));
+    }
 }
 //# sourceMappingURL=WindowsSandboxManager.js.map

package/dist/src/sandbox/windows/WindowsSandboxManager.js.map

@@ -1 +1 @@
-{"version":3,"file":"WindowsSandboxManager.js","sourceRoot":"","sources":["../../../../src/sandbox/windows/WindowsSandboxManager.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,MAAM,SAAS,CAAC;AACzB,OAAO,IAAI,MAAM,WAAW,CAAC;AAC7B,OAAO,EAAE,MAAM,SAAS,CAAC;AACzB,OAAO,EAAE,aAAa,EAAE,MAAM,UAAU,CAAC;AACzC,OAAO,EAIL,gBAAgB,EAEhB,aAAa,GACd,MAAM,kCAAkC,CAAC;AAC1C,OAAO,EACL,mBAAmB,EACnB,2BAA2B,GAC5B,MAAM,2CAA2C,CAAC;AACnD,OAAO,EAAE,WAAW,EAAE,MAAM,4BAA4B,CAAC;AACzD,OAAO,EAAE,UAAU,EAAE,MAAM,4BAA4B,CAAC;AAExD,MAAM,UAAU,GAAG,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAClD,MAAM,SAAS,GAAG,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;AAE3C;;;;GAIG;AACH,MAAM,OAAO,qBAAqB;IAKH;IAJZ,UAAU,CAAS;IAC5B,WAAW,GAAG,KAAK,CAAC;IACX,iBAAiB,GAAG,IAAI,GAAG,EAAU,CAAC;IAEvD,YAA6B,OAA6B;QAA7B,YAAO,GAAP,OAAO,CAAsB;QACxD,IAAI,CAAC,UAAU,GAAG,IAAI,CAAC,OAAO,CAAC,SAAS,EAAE,mBAAmB,CAAC,CAAC;IACjE,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,QAAgB,EAAE,WAAoB;QAClD,IAAI,CAAC;YACH,sDAAsD;YACtD,IAAI,EAAE,CAAC,SAAS,CAAC,QAAQ,CAAC;gBAAE,OAAO;QACrC,CAAC;QAAC,MAAM,CAAC;YACP,gBAAgB;QAClB,CAAC;QAED,IAAI,WAAW,EAAE,CAAC;YAChB,EAAE,CAAC,SAAS,CAAC,QAAQ,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QAC9C,CAAC;aAAM,CAAC;YACN,MAAM,GAAG,GAAG,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;YACnC,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;gBACxB,EAAE,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;YACzC,CAAC;YACD,EAAE,CAAC,SAAS,CAAC,EAAE,CAAC,QAAQ,CAAC,QAAQ,EAAE,GAAG,CAAC,CAAC,CAAC;QAC3C,CAAC;IACH,CAAC;IAEO,KAAK,CAAC,iBAAiB;QAC7B,IAAI,IAAI,CAAC,WAAW;YAAE,OAAO;QAC7B,IAAI,EAAE,CAAC,QAAQ,EAAE,KAAK,OAAO,EAAE,CAAC;YAC9B,IAAI,CAAC,WAAW,GAAG,IAAI,CAAC;YACxB,OAAO;QACT,CAAC;QAED,IAAI,CAAC;YACH,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,UAAU,CAAC,EAAE,CAAC;gBACpC,WAAW,CAAC,GAAG,CACb,8CAA8C,IAAI,CAAC,UAAU,4BAA4B,CAC1F,CAAC;gBACF,mEAAmE;gBACnE,MAAM,UAAU,GAAG,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,QAAQ,EAAE,KAAK,CAAC,CAAC;gBAC5D,IAAI,EAAE,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;oBAC9B,MAAM,UAAU,GAAG,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,IAAI,aAAa,CAAC;oBAC9D,MAAM,QAAQ,GAAG;wBACf,SAAS,EAAE,oBAAoB;wBAC/B,IAAI,CAAC,IAAI,CACP,UAAU,EACV,eAAe,EACf,aAAa,EACb,YAAY,EACZ,SAAS,CACV;wBACD,IAAI,CAAC,IAAI,CACP,UAAU,EACV,eAAe,EACf,WAAW,EACX,YAAY,EACZ,SAAS,CACV;wBACD,8BAA8B;wBAC9B,IAAI,CAAC,IAAI,CACP,UAAU,EACV,eAAe,EACf,aAAa,EACb,MAAM,EACN,SAAS,CACV;wBACD,IAAI,CAAC,IAAI,CACP,UAAU,EACV,eAAe,EACf,WAAW,EACX,MAAM,EACN,SAAS,CACV;wBACD,IAAI,CAAC,IAAI,CACP,UAAU,EACV,eAAe,EACf,aAAa,EACb,MAAM,EACN,SAAS,CACV;qBACF,CAAC;oBAEF,IAAI,QAAQ,GAAG,KAAK,CAAC;oBACrB,KAAK,MAAM,GAAG,IAAI,QAAQ,EAAE,CAAC;wBAC3B,IAAI,CAAC;4BACH,WAAW,CAAC,GAAG,CACb,kDAAkD,GAAG,KAAK,CAC3D,CAAC;4BACF,wDAAwD;4BACxD,MAAM,UAAU,CAAC,GAAG,EAAE,CAAC,OAAO,GAAG,IAAI,CAAC,UAAU,EAAE,UAAU,CAAC,CAAC,CAAC;4BAC/D,WAAW,CAAC,GAAG,CACb,kEAAkE,IAAI,CAAC,UAAU,EAAE,CACpF,CAAC;4BACF,QAAQ,GAAG,IAAI,CAAC;4BAChB,MAAM;wBACR,CAAC;wBAAC,OAAO,CAAC,EAAE,CAAC;4BACX,WAAW,CAAC,GAAG,CACb,kDAAkD,GAAG,KAAK,CAAC,YAAY,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CACvG,CAAC;wBACJ,CAAC;oBACH,CAAC;oBAED,IAAI,CAAC,QAAQ,EAAE,CAAC;wBACd,WAAW,CAAC,GAAG,CACb,kFAAkF,CACnF,CAAC;oBACJ,CAAC;gBACH,CAAC;qBAAM,CAAC;oBACN,WAAW,CAAC,GAAG,CACb,mDAAmD,UAAU,0BAA0B,CACxF,CAAC;gBACJ,CAAC;YACH,CAAC;iBAAM,CAAC;gBACN,WAAW,CAAC,GAAG,CACb,0CAA0C,IAAI,CAAC,UAAU,EAAE,CAC5D,CAAC;YACJ,CAAC;QACH,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,WAAW,CAAC,GAAG,CACb,6DAA6D,EAC7D,CAAC,CACF,CAAC;QACJ,CAAC;QAED,IAAI,CAAC,WAAW,GAAG,IAAI,CAAC;IAC1B,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,cAAc,CAAC,GAAmB;QACtC,MAAM,IAAI,CAAC,iBAAiB,EAAE,CAAC;QAE/B,MAAM,kBAAkB,GAAG,2BAA2B,CACpD,GAAG,CAAC,MAAM,EAAE,kBAAkB,CAC/B,CAAC;QAEF,MAAM,YAAY,GAAG,mBAAmB,CAAC,GAAG,CAAC,GAAG,EAAE,kBAAkB,CAAC,CAAC;QAEtE,qDAAqD;QACrD,6DAA6D;QAC7D,MAAM,IAAI,CAAC,uBAAuB,CAAC,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;QAE3D,2DAA2D;QAC3D,MAAM,YAAY,GAAG,aAAa,CAAC,GAAG,CAAC,MAAM,EAAE,YAAY,CAAC,IAAI,EAAE,CAAC;QACnE,KAAK,MAAM,WAAW,IAAI,YAAY,EAAE,CAAC;YACvC,MAAM,IAAI,CAAC,uBAAuB,CAAC,WAAW,CAAC,CAAC;QAClD,CAAC;QAED,+BAA+B;QAE/B,gCAAgC;QAChC,qEAAqE;QACrE,+DAA+D;QAC/D,qFAAqF;QACrF,KAAK,MAAM,IAAI,IAAI,gBAAgB,EAAE,CAAC;YACpC,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,SAAS,EAAE,IAAI,CAAC,IAAI,CAAC,CAAC;YAC9D,IAAI,CAAC,KAAK,CAAC,QAAQ,EAAE,IAAI,CAAC,WAAW,CAAC,CAAC;YAEvC,kFAAkF;YAClF,IAAI,CAAC;gBACH,MAAM,QAAQ,GAAG,EAAE,CAAC,YAAY,CAAC,QAAQ,CAAC,CAAC;gBAC3C,IAAI,QAAQ,KAAK,QAAQ,EAAE,CAAC;oBAC1B,gEAAgE;oBAChE,+DAA+D;oBAC/D,uDAAuD;gBACzD,CAAC;YACH,CAAC;YAAC,MAAM,CAAC;gBACP,yBAAyB;YAC3B,CAAC;QACH,CAAC;QAED,kCAAkC;QAClC,4DAA4D;QAC5D,MAAM,OAAO,GAAG,IAAI,CAAC,UAAU,CAAC;QAEhC,yFAAyF;QACzF,MAAM,IAAI,GAAG;YACX,GAAG,CAAC,MAAM,EAAE,aAAa,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG;YACrC,GAAG,CAAC,GAAG;YACP,GAAG,CAAC,OAAO;YACX,GAAG,GAAG,CAAC,IAAI;SACZ,CAAC;QAEF,OAAO;YACL,OAAO;YACP,IAAI;YACJ,GAAG,EAAE,YAAY;SAClB,CAAC;IACJ,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,uBAAuB,CAAC,UAAkB;QACtD,IAAI,EAAE,CAAC,QAAQ,EAAE,KAAK,OAAO,EAAE,CAAC;YAC9B,OAAO;QACT,CAAC;QAED,MAAM,YAAY,GAAG,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;QAC9C,IAAI,IAAI,CAAC,iBAAiB,CAAC,GAAG,CAAC,YAAY,CAAC,EAAE,CAAC;YAC7C,OAAO;QACT,CAAC;QAED,uDAAuD;QACvD,MAAM,UAAU,GAAG,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,IAAI,aAAa,CAAC;QAC9D,MAAM,YAAY,GAAG,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC,IAAI,mBAAmB,CAAC;QACxE,MAAM,eAAe,GACnB,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,IAAI,yBAAyB,CAAC;QAEhE,IACE,YAAY,CAAC,WAAW,EAAE,CAAC,UAAU,CAAC,UAAU,CAAC,WAAW,EAAE,CAAC;YAC/D,YAAY,CAAC,WAAW,EAAE,CAAC,UAAU,CAAC,YAAY,CAAC,WAAW,EAAE,CAAC;YACjE,YAAY,CAAC,WAAW,EAAE,CAAC,UAAU,CAAC,eAAe,CAAC,WAAW,EAAE,CAAC,EACpE,CAAC;YACD,OAAO;QACT,CAAC;QAED,IAAI,CAAC;YACH,MAAM,UAAU,CAAC,QAAQ,EAAE,CAAC,YAAY,EAAE,oBAAoB,EAAE,KAAK,CAAC,CAAC,CAAC;YACxE,IAAI,CAAC,iBAAiB,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;QAC3C,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,WAAW,CAAC,GAAG,CACb,0CAA0C,EAC1C,YAAY,EACZ,CAAC,CACF,CAAC;QACJ,CAAC;IACH,CAAC;CACF"}
+{"version":3,"file":"WindowsSandboxManager.js","sourceRoot":"","sources":["../../../../src/sandbox/windows/WindowsSandboxManager.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,MAAM,SAAS,CAAC;AACzB,OAAO,IAAI,MAAM,WAAW,CAAC;AAC7B,OAAO,EAAE,MAAM,SAAS,CAAC;AACzB,OAAO,EAAE,aAAa,EAAE,MAAM,UAAU,CAAC;AACzC,OAAO,EAIL,gBAAgB,EAChB,eAAe,EAEf,aAAa,EACb,WAAW,EAGX,mBAAmB,GACpB,MAAM,kCAAkC,CAAC;AAE1C,OAAO,EACL,mBAAmB,EACnB,2BAA2B,GAC5B,MAAM,2CAA2C,CAAC;AACnD,OAAO,EAAE,WAAW,EAAE,MAAM,4BAA4B,CAAC;AACzD,OAAO,EAAE,UAAU,EAAE,cAAc,EAAE,MAAM,4BAA4B,CAAC;AACxE,OAAO,EAAE,WAAW,EAAE,MAAM,uBAAuB,CAAC;AACpD,OAAO,EACL,kBAAkB,EAClB,kBAAkB,EAClB,kBAAkB,GACnB,MAAM,oBAAoB,CAAC;AAC5B,OAAO,EAAE,sBAAsB,EAAE,MAAM,0BAA0B,CAAC;AAClE,OAAO,EAAE,0BAA0B,EAAE,MAAM,gCAAgC,CAAC;AAE5E,MAAM,UAAU,GAAG,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAClD,MAAM,SAAS,GAAG,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;AAE3C;;;;GAIG;AACH,MAAM,OAAO,qBAAqB;IAMH;IALZ,UAAU,CAAS;IAC5B,WAAW,GAAG,KAAK,CAAC;IACX,YAAY,GAAG,IAAI,GAAG,EAAU,CAAC;IACjC,WAAW,GAAG,IAAI,GAAG,EAAU,CAAC;IAEjD,YAA6B,OAA6B;QAA7B,YAAO,GAAP,OAAO,CAAsB;QACxD,IAAI,CAAC,UAAU,GAAG,IAAI,CAAC,OAAO,CAAC,SAAS,EAAE,mBAAmB,CAAC,CAAC;IACjE,CAAC;IAED,kBAAkB,CAAC,IAAc;QAC/B,MAAM,QAAQ,GAAG,IAAI,CAAC,CAAC,CAAC,EAAE,WAAW,EAAE,CAAC;QACxC,MAAM,aAAa,GAAG,IAAI,CAAC,OAAO,CAAC,UAAU,EAAE,aAAa,IAAI,EAAE,CAAC;QACnE,IAAI,QAAQ,IAAI,aAAa,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,WAAW,EAAE,KAAK,QAAQ,CAAC,EAAE,CAAC;YACxE,OAAO,IAAI,CAAC;QACd,CAAC;QACD,OAAO,kBAAkB,CAAC,IAAI,CAAC,CAAC;IAClC,CAAC;IAED,kBAAkB,CAAC,IAAc;QAC/B,OAAO,kBAAkB,CAAC,IAAI,CAAC,CAAC;IAClC,CAAC;IAED,YAAY,CAAC,MAA4B;QACvC,OAAO,0BAA0B,CAAC,MAAM,CAAC,CAAC;IAC5C,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,QAAgB,EAAE,WAAoB;QAClD,IAAI,CAAC;YACH,sDAAsD;YACtD,IAAI,EAAE,CAAC,SAAS,CAAC,QAAQ,CAAC;gBAAE,OAAO;QACrC,CAAC;QAAC,MAAM,CAAC;YACP,gBAAgB;QAClB,CAAC;QAED,IAAI,WAAW,EAAE,CAAC;YAChB,EAAE,CAAC,SAAS,CAAC,QAAQ,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QAC9C,CAAC;aAAM,CAAC;YACN,MAAM,GAAG,GAAG,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;YACnC,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;gBACxB,EAAE,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;YACzC,CAAC;YACD,EAAE,CAAC,SAAS,CAAC,EAAE,CAAC,QAAQ,CAAC,QAAQ,EAAE,GAAG,CAAC,CAAC,CAAC;QAC3C,CAAC;IACH,CAAC;IAEO,KAAK,CAAC,iBAAiB;QAC7B,IAAI,IAAI,CAAC,WAAW;YAAE,OAAO;QAC7B,IAAI,EAAE,CAAC,QAAQ,EAAE,KAAK,OAAO,EAAE,CAAC;YAC9B,IAAI,CAAC,WAAW,GAAG,IAAI,CAAC;YACxB,OAAO;QACT,CAAC;QAED,IAAI,CAAC;YACH,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,UAAU,CAAC,EAAE,CAAC;gBACpC,WAAW,CAAC,GAAG,CACb,8CAA8C,IAAI,CAAC,UAAU,4BAA4B,CAC1F,CAAC;gBACF,mEAAmE;gBACnE,MAAM,UAAU,GAAG,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,QAAQ,EAAE,KAAK,CAAC,CAAC;gBAC5D,IAAI,EAAE,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;oBAC9B,MAAM,UAAU,GAAG,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,IAAI,aAAa,CAAC;oBAC9D,MAAM,QAAQ,GAAG;wBACf,SAAS,EAAE,oBAAoB;wBAC/B,IAAI,CAAC,IAAI,CACP,UAAU,EACV,eAAe,EACf,aAAa,EACb,YAAY,EACZ,SAAS,CACV;wBACD,IAAI,CAAC,IAAI,CACP,UAAU,EACV,eAAe,EACf,WAAW,EACX,YAAY,EACZ,SAAS,CACV;wBACD,8BAA8B;wBAC9B,IAAI,CAAC,IAAI,CACP,UAAU,EACV,eAAe,EACf,aAAa,EACb,MAAM,EACN,SAAS,CACV;wBACD,IAAI,CAAC,IAAI,CACP,UAAU,EACV,eAAe,EACf,WAAW,EACX,MAAM,EACN,SAAS,CACV;wBACD,IAAI,CAAC,IAAI,CACP,UAAU,EACV,eAAe,EACf,aAAa,EACb,MAAM,EACN,SAAS,CACV;qBACF,CAAC;oBAEF,IAAI,QAAQ,GAAG,KAAK,CAAC;oBACrB,KAAK,MAAM,GAAG,IAAI,QAAQ,EAAE,CAAC;wBAC3B,IAAI,CAAC;4BACH,WAAW,CAAC,GAAG,CACb,kDAAkD,GAAG,KAAK,CAC3D,CAAC;4BACF,wDAAwD;4BACxD,MAAM,UAAU,CAAC,GAAG,EAAE,CAAC,OAAO,GAAG,IAAI,CAAC,UAAU,EAAE,UAAU,CAAC,CAAC,CAAC;4BAC/D,WAAW,CAAC,GAAG,CACb,kEAAkE,IAAI,CAAC,UAAU,EAAE,CACpF,CAAC;4BACF,QAAQ,GAAG,IAAI,CAAC;4BAChB,MAAM;wBACR,CAAC;wBAAC,OAAO,CAAC,EAAE,CAAC;4BACX,WAAW,CAAC,GAAG,CACb,kDAAkD,GAAG,KAAK,CAAC,YAAY,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CACvG,CAAC;wBACJ,CAAC;oBACH,CAAC;oBAED,IAAI,CAAC,QAAQ,EAAE,CAAC;wBACd,WAAW,CAAC,GAAG,CACb,kFAAkF,CACnF,CAAC;oBACJ,CAAC;gBACH,CAAC;qBAAM,CAAC;oBACN,WAAW,CAAC,GAAG,CACb,mDAAmD,UAAU,0BAA0B,CACxF,CAAC;gBACJ,CAAC;YACH,CAAC;iBAAM,CAAC;gBACN,WAAW,CAAC,GAAG,CACb,0CAA0C,IAAI,CAAC,UAAU,EAAE,CAC5D,CAAC;YACJ,CAAC;QACH,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,WAAW,CAAC,GAAG,CACb,6DAA6D,EAC7D,CAAC,CACF,CAAC;QACJ,CAAC;QAED,IAAI,CAAC,WAAW,GAAG,IAAI,CAAC;IAC1B,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,cAAc,CAAC,GAAmB;QACtC,MAAM,IAAI,CAAC,iBAAiB,EAAE,CAAC;QAE/B,MAAM,kBAAkB,GAAG,2BAA2B,CACpD,GAAG,CAAC,MAAM,EAAE,kBAAkB,CAC/B,CAAC;QAEF,MAAM,YAAY,GAAG,mBAAmB,CAAC,GAAG,CAAC,GAAG,EAAE,kBAAkB,CAAC,CAAC;QAEtE,MAAM,cAAc,GAAG,IAAI,CAAC,OAAO,CAAC,UAAU,EAAE,QAAQ,IAAI,IAAI,CAAC;QACjE,MAAM,cAAc,GAAG,IAAI,CAAC,OAAO,CAAC,UAAU,EAAE,cAAc,IAAI,IAAI,CAAC;QAEvE,wCAAwC;QACxC,sBAAsB,CAAC,cAAc,EAAE,GAAG,CAAC,MAAM,CAAC,CAAC;QAEnD,IAAI,OAAO,GAAG,GAAG,CAAC,OAAO,CAAC;QAC1B,IAAI,IAAI,GAAG,GAAG,CAAC,IAAI,CAAC;QACpB,IAAI,aAAiC,CAAC;QAEtC,8DAA8D;QAC9D,IAAI,OAAO,KAAK,QAAQ,EAAE,CAAC;YACzB,uDAAuD;YACvD,aAAa,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;YAC9B,OAAO,GAAG,gBAAgB,CAAC;YAC3B,IAAI,GAAG;gBACL,YAAY;gBACZ,iBAAiB;gBACjB,UAAU;gBACV,6DAA6D;aAC9D,CAAC;QACJ,CAAC;aAAM,IAAI,OAAO,KAAK,SAAS,EAAE,CAAC;YACjC,wDAAwD;YACxD,aAAa,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;YAC9B,OAAO,GAAG,gBAAgB,CAAC;YAC3B,IAAI,GAAG;gBACL,YAAY;gBACZ,iBAAiB;gBACjB,UAAU;gBACV,0EAA0E;aAC3E,CAAC;QACJ,CAAC;QAED,8CAA8C;QAC9C,MAAM,WAAW,GAAG,MAAM,cAAc,CAAC,OAAO,EAAE,IAAI,CAAC,CAAC;QACxD,MAAM,qBAAqB,GAAG,cAAc;YAC1C,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,aAAa,EAAE,qBAAqB,CAAC,WAAW,CAAC;YAChE,CAAC,CAAC,SAAS,CAAC;QAEd,wBAAwB;QACxB,MAAM,gBAAgB,GAAuB;YAC3C,UAAU,EAAE;gBACV,IAAI,EAAE;oBACJ,GAAG,CAAC,qBAAqB,EAAE,UAAU,EAAE,IAAI,IAAI,EAAE,CAAC;oBAClD,GAAG,CAAC,GAAG,CAAC,MAAM,EAAE,qBAAqB,EAAE,UAAU,EAAE,IAAI,IAAI,EAAE,CAAC;iBAC/D;gBACD,KAAK,EAAE;oBACL,GAAG,CAAC,qBAAqB,EAAE,UAAU,EAAE,KAAK,IAAI,EAAE,CAAC;oBACnD,GAAG,CAAC,GAAG,CAAC,MAAM,EAAE,qBAAqB,EAAE,UAAU,EAAE,KAAK,IAAI,EAAE,CAAC;iBAChE;aACF;YACD,OAAO,EACL,qBAAqB,EAAE,OAAO;gBAC9B,GAAG,CAAC,MAAM,EAAE,qBAAqB,EAAE,OAAO;gBAC1C,KAAK;SACR,CAAC;QAEF,IAAI,GAAG,CAAC,OAAO,KAAK,QAAQ,IAAI,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC;YAC5C,gBAAgB,CAAC,UAAW,CAAC,IAAK,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC;QACvD,CAAC;aAAM,IAAI,GAAG,CAAC,OAAO,KAAK,SAAS,IAAI,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC;YACpD,gBAAgB,CAAC,UAAW,CAAC,KAAM,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC;QACxD,CAAC;QAED,MAAM,cAAc,GAClB,IAAI,CAAC,OAAO,CAAC,UAAU,EAAE,OAAO,IAAI,GAAG,CAAC,MAAM,EAAE,aAAa,IAAI,KAAK,CAAC;QACzE,MAAM,aAAa,GAAG,cAAc,IAAI,gBAAgB,CAAC,OAAO,CAAC;QAEjE,qDAAqD;QACrD,6DAA6D;QAC7D,uFAAuF;QACvF,MAAM,UAAU,GAAG,cAAc;YAC/B,CAAC,CAAC,MAAM,kBAAkB,CACtB,OAAO,EACP,IAAI,EACJ,IAAI,CAAC,OAAO,CAAC,UAAU,EAAE,aAAa,CACvC;YACH,CAAC,CAAC,KAAK,CAAC;QAEV,IAAI,CAAC,cAAc,IAAI,UAAU,EAAE,CAAC;YAClC,MAAM,IAAI,CAAC,uBAAuB,CAAC,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;QAC7D,CAAC;QAED,MAAM,EAAE,OAAO,EAAE,YAAY,EAAE,SAAS,EAAE,cAAc,EAAE,GACxD,MAAM,mBAAmB,CAAC,IAAI,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC;QAE/C,4DAA4D;QAC5D,MAAM,WAAW,GAAG,aAAa,CAAC,IAAI,CAAC,OAAO,CAAC,kBAAkB,CAAC,CAAC;QACnE,KAAK,MAAM,UAAU,IAAI,WAAW,EAAE,CAAC;YACrC,MAAM,IAAI,CAAC,uBAAuB,CAAC,UAAU,CAAC,CAAC;QACjD,CAAC;QAED,iEAAiE;QACjE,KAAK,MAAM,WAAW,IAAI,YAAY,EAAE,CAAC;YACvC,MAAM,QAAQ,GAAG,MAAM,WAAW,CAAC,WAAW,CAAC,CAAC;YAChD,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;gBAC7B,MAAM,IAAI,KAAK,CACb,0DAA0D,QAAQ,IAAI;oBACpE,wHAAwH,CAC3H,CAAC;YACJ,CAAC;YACD,MAAM,IAAI,CAAC,uBAAuB,CAAC,QAAQ,CAAC,CAAC;QAC/C,CAAC;QAED,kFAAkF;QAClF,MAAM,oBAAoB,GAAG,aAAa,CACxC,gBAAgB,CAAC,UAAU,EAAE,KAAK,CACnC,CAAC;QACF,KAAK,MAAM,SAAS,IAAI,oBAAoB,EAAE,CAAC;YAC7C,MAAM,QAAQ,GAAG,MAAM,WAAW,CAAC,SAAS,CAAC,CAAC;YAC9C,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;gBAC7B,MAAM,IAAI,KAAK,CACb,mEAAmE,QAAQ,IAAI;oBAC7E,wHAAwH,CAC3H,CAAC;YACJ,CAAC;YACD,MAAM,IAAI,CAAC,uBAAuB,CAAC,QAAQ,CAAC,CAAC;QAC/C,CAAC;QAED,oDAAoD;QACpD,0EAA0E;QAC1E,sDAAsD;QACtD,MAAM,cAAc,GAAa,EAAE,CAAC;QACpC,MAAM,UAAU,GAAG,IAAI,GAAG,CAAC;YACzB,IAAI,CAAC,OAAO,CAAC,SAAS;YACtB,GAAG,YAAY;YACf,GAAG,WAAW;SACf,CAAC,CAAC;QACH,KAAK,MAAM,GAAG,IAAI,UAAU,EAAE,CAAC;YAC7B,IAAI,CAAC;gBACH,mFAAmF;gBACnF,MAAM,WAAW,GAAG,MAAM,eAAe,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC;gBAClD,KAAK,MAAM,UAAU,IAAI,WAAW,EAAE,CAAC;oBACrC,IAAI,CAAC;wBACH,cAAc,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;wBAChC,MAAM,IAAI,CAAC,sBAAsB,CAAC,UAAU,CAAC,CAAC;oBAChD,CAAC;oBAAC,OAAO,CAAC,EAAE,CAAC;wBACX,WAAW,CAAC,GAAG,CACb,uDAAuD,UAAU,EAAE,EACnE,CAAC,CACF,CAAC;oBACJ,CAAC;gBACH,CAAC;YACH,CAAC;YAAC,OAAO,CAAC,EAAE,CAAC;gBACX,WAAW,CAAC,GAAG,CACb,yDAAyD,GAAG,EAAE,EAC9D,CAAC,CACF,CAAC;YACJ,CAAC;QACH,CAAC;QAED,+DAA+D;QAC/D,yEAAyE;QACzE,oEAAoE;QACpE,iEAAiE;QACjE,oCAAoC;QACpC,KAAK,MAAM,aAAa,IAAI,cAAc,EAAE,CAAC;YAC3C,IAAI,CAAC;gBACH,MAAM,IAAI,CAAC,sBAAsB,CAAC,aAAa,CAAC,CAAC;YACnD,CAAC;YAAC,OAAO,CAAC,EAAE,CAAC;gBACX,WAAW,CAAC,GAAG,CACb,0DAA0D,aAAa,EAAE,EACzE,CAAC,CACF,CAAC;YACJ,CAAC;QACH,CAAC;QAED,gCAAgC;QAChC,qEAAqE;QACrE,+DAA+D;QAC/D,qFAAqF;QACrF,KAAK,MAAM,IAAI,IAAI,gBAAgB,EAAE,CAAC;YACpC,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,SAAS,EAAE,IAAI,CAAC,IAAI,CAAC,CAAC;YAC9D,IAAI,CAAC,KAAK,CAAC,QAAQ,EAAE,IAAI,CAAC,WAAW,CAAC,CAAC;QACzC,CAAC;QAED,8BAA8B;QAC9B,8DAA8D;QAC9D,MAAM,YAAY,GAAG,KAAK,CAAC,IAAI,CAC7B,IAAI,GAAG,CAAC,CAAC,GAAG,cAAc,EAAE,GAAG,cAAc,CAAC,CAAC,CAChD,CAAC;QACF,MAAM,OAAO,GAAG,EAAE,CAAC,WAAW,CAC5B,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,MAAM,EAAE,EAAE,uBAAuB,CAAC,CAChD,CAAC;QACF,MAAM,YAAY,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,cAAc,CAAC,CAAC;QACxD,EAAE,CAAC,aAAa,CAAC,YAAY,EAAE,YAAY,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC;QAExD,kBAAkB;QAClB,OAAO,CAAC,EAAE,CAAC,MAAM,EAAE,GAAG,EAAE;YACtB,IAAI,CAAC;gBACH,EAAE,CAAC,MAAM,CAAC,OAAO,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;YACvD,CAAC;YAAC,MAAM,CAAC;gBACP,gBAAgB;YAClB,CAAC;QACH,CAAC,CAAC,CAAC;QAEH,kCAAkC;QAClC,wFAAwF;QACxF,MAAM,OAAO,GAAG,IAAI,CAAC,UAAU,CAAC;QAEhC,MAAM,SAAS,GAAG;YAChB,aAAa,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG;YACzB,GAAG,CAAC,GAAG;YACP,sBAAsB;YACtB,YAAY;YACZ,OAAO;YACP,GAAG,IAAI;SACR,CAAC;QAEF,MAAM,QAAQ,GAAG,EAAE,GAAG,YAAY,EAAE,CAAC;QACrC,IAAI,aAAa,KAAK,SAAS,EAAE,CAAC;YAChC,QAAQ,CAAC,oBAAoB,CAAC,GAAG,aAAa,CAAC;QACjD,CAAC;QAED,OAAO;YACL,OAAO;YACP,IAAI,EAAE,SAAS;YACf,GAAG,EAAE,QAAQ;YACb,GAAG,EAAE,GAAG,CAAC,GAAG;SACb,CAAC;IACJ,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,uBAAuB,CAAC,UAAkB;QACtD,IAAI,EAAE,CAAC,QAAQ,EAAE,KAAK,OAAO,EAAE,CAAC;YAC9B,OAAO;QACT,CAAC;QAED,MAAM,YAAY,GAAG,MAAM,WAAW,CAAC,UAAU,CAAC,CAAC;QACnD,IAAI,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,YAAY,CAAC,EAAE,CAAC;YACxC,OAAO;QACT,CAAC;QAED,gEAAgE;QAChE,oDAAoD;QACpD,IACE,YAAY,CAAC,UAAU,CAAC,MAAM,CAAC;YAC/B,CAAC,YAAY,CAAC,UAAU,CAAC,SAAS,CAAC;YACnC,CAAC,YAAY,CAAC,UAAU,CAAC,SAAS,CAAC,EACnC,CAAC;YACD,WAAW,CAAC,GAAG,CACb,oEAAoE,EACpE,YAAY,CACb,CAAC;YACF,OAAO;QACT,CAAC;QAED,IAAI,IAAI,CAAC,iBAAiB,CAAC,YAAY,CAAC,EAAE,CAAC;YACzC,OAAO;QACT,CAAC;QAED,IAAI,CAAC;YACH,MAAM,UAAU,CAAC,QAAQ,EAAE;gBACzB,YAAY;gBACZ,oBAAoB;gBACpB,aAAa;aACd,CAAC,CAAC;YACH,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;QACtC,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,WAAW,CAAC,GAAG,CACb,0CAA0C,EAC1C,YAAY,EACZ,CAAC,CACF,CAAC;QACJ,CAAC;IACH,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,sBAAsB,CAAC,UAAkB;QACrD,IAAI,EAAE,CAAC,QAAQ,EAAE,KAAK,OAAO,EAAE,CAAC;YAC9B,OAAO;QACT,CAAC;QAED,MAAM,YAAY,GAAG,MAAM,WAAW,CAAC,UAAU,CAAC,CAAC;QACnD,IAAI,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,YAAY,CAAC,EAAE,CAAC;YACvC,OAAO;QACT,CAAC;QAED,2CAA2C;QAC3C,IAAI,IAAI,CAAC,iBAAiB,CAAC,YAAY,CAAC,EAAE,CAAC;YACzC,OAAO;QACT,CAAC;QAED,mEAAmE;QACnE,MAAM,iBAAiB,GAAG,cAAc,CAAC;QAEzC,mFAAmF;QACnF,mFAAmF;QACnF,gFAAgF;QAChF,qDAAqD;QACrD,MAAM,gBAAgB,GAAG,aAAa,CAAC;QAEvC,mEAAmE;QACnE,oDAAoD;QACpD,kDAAkD;QAClD,IAAI,CAAC;YACH,MAAM,EAAE,CAAC,QAAQ,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;QACvC,CAAC;QAAC,OAAO,CAAU,EAAE,CAAC;YACpB,IAAI,WAAW,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;gBAC1C,OAAO;YACT,CAAC;YACD,MAAM,CAAC,CAAC;QACV,CAAC;QAED,IAAI,CAAC;YACH,MAAM,UAAU,CAAC,QAAQ,EAAE;gBACzB,YAAY;gBACZ,OAAO;gBACP,GAAG,iBAAiB,IAAI,gBAAgB,EAAE;aAC3C,CAAC,CAAC;YACH,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;QACrC,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,MAAM,IAAI,KAAK,CACb,4CAA4C,YAAY,KACtD,CAAC,YAAY,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAC3C,EAAE,CACH,CAAC;QACJ,CAAC;IACH,CAAC;IAEO,iBAAiB,CAAC,YAAoB;QAC5C,MAAM,UAAU,GAAG,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,IAAI,aAAa,CAAC;QAC9D,MAAM,YAAY,GAAG,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC,IAAI,mBAAmB,CAAC;QACxE,MAAM,eAAe,GACnB,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,IAAI,yBAAyB,CAAC;QAEhE,OAAO,CACL,YAAY,CAAC,WAAW,EAAE,CAAC,UAAU,CAAC,UAAU,CAAC,WAAW,EAAE,CAAC;YAC/D,YAAY,CAAC,WAAW,EAAE,CAAC,UAAU,CAAC,YAAY,CAAC,WAAW,EAAE,CAAC;YACjE,YAAY,CAAC,WAAW,EAAE,CAAC,UAAU,CAAC,eAAe,CAAC,WAAW,EAAE,CAAC,CACrE,CAAC;IACJ,CAAC;CACF"}