@google/gemini-cli-core 0.37.2 → 0.38.0

package/dist/src/sandbox/linux/LinuxSandboxManager.test.js

@@ -7,7 +7,6 @@ import { describe, it, expect, vi, beforeEach, afterEach } from 'vitest';
 import { LinuxSandboxManager } from './LinuxSandboxManager.js';
 import fs from 'node:fs';
 import path from 'node:path';
-import * as shellUtils from '../../utils/shell-utils.js';
 vi.mock('node:fs', async () => {
     const actual = await vi.importActual('node:fs');
     return {
@@ -63,95 +62,53 @@ describe('LinuxSandboxManager', () => {
     afterEach(() => {
         vi.restoreAllMocks();
     });
-    const getBwrapArgs = async (req, customManager) => {
-        const mgr = customManager || manager;
-        const result = await mgr.prepareCommand(req);
-        expect(result.program).toBe('sh');
-        expect(result.args[0]).toBe('-c');
-        expect(result.args[1]).toBe('bpf_path="$1"; shift; exec bwrap "$@" 9< "$bpf_path"');
-        expect(result.args[2]).toBe('_');
-        expect(result.args[3]).toMatch(/gemini-cli-seccomp-.*\.bpf$/);
-        return result.args.slice(4);
-    };
     describe('prepareCommand', () => {
-        it('should correctly format the base command and args', async () => {
-            const bwrapArgs = await getBwrapArgs({
+        it('wraps the command and arguments correctly using a temporary file', async () => {
+            const result = await manager.prepareCommand({
                 command: 'ls',
                 args: ['-la'],
                 cwd: workspace,
-                env: {},
-            });
-            expect(bwrapArgs).toEqual([
-                '--unshare-all',
-                '--new-session',
-                '--die-with-parent',
-                '--ro-bind',
-                '/',
-                '/',
-                '--dev',
-                '/dev',
-                '--proc',
-                '/proc',
-                '--tmpfs',
-                '/tmp',
-                '--ro-bind-try',
-                workspace,
-                workspace,
-                '--ro-bind',
-                `${workspace}/.gitignore`,
-                `${workspace}/.gitignore`,
-                '--ro-bind',
-                `${workspace}/.geminiignore`,
-                `${workspace}/.geminiignore`,
-                '--ro-bind',
-                `${workspace}/.git`,
-                `${workspace}/.git`,
-                '--seccomp',
-                '9',
-                '--',
-                'ls',
-                '-la',
-            ]);
+                env: { PATH: '/usr/bin' },
+            });
+            expect(result.program).toBe('sh');
+            expect(result.args[0]).toBe('-c');
+            expect(result.args[1]).toContain('exec bwrap --args 8 "$@" 8< "$args_path" 9< "$bpf_path"');
+            expect(result.args[result.args.length - 3]).toBe('--');
+            expect(result.args[result.args.length - 2]).toBe('ls');
+            expect(result.args[result.args.length - 1]).toBe('-la');
+            expect(result.env['PATH']).toBe('/usr/bin');
         });
-        it('binds workspace read-write when readonly is false', async () => {
-            const customManager = new LinuxSandboxManager({
-                workspace,
-                modeConfig: { readonly: false },
-            });
-            const bwrapArgs = await getBwrapArgs({
+        it('cleans up the temporary arguments file', async () => {
+            const result = await manager.prepareCommand({
                 command: 'ls',
                 args: [],
                 cwd: workspace,
                 env: {},
-            }, customManager);
-            expect(bwrapArgs).toContain('--bind-try');
-            expect(bwrapArgs).toContain(workspace);
+            });
+            expect(result.cleanup).toBeDefined();
+            result.cleanup();
+            expect(fs.unlinkSync).toHaveBeenCalled();
+            const unlinkCall = vi.mocked(fs.unlinkSync).mock.calls[0];
+            expect(unlinkCall[0]).toMatch(/gemini-cli-bwrap-args-.*\.args$/);
         });
-        it('maps network permissions to --share-net', async () => {
-            const bwrapArgs = await getBwrapArgs({
-                command: 'curl',
-                args: [],
+        it('translates virtual commands', async () => {
+            const readResult = await manager.prepareCommand({
+                command: '__read',
+                args: [path.join(workspace, 'file.txt')],
                 cwd: workspace,
                 env: {},
-                policy: { additionalPermissions: { network: true } },
             });
-            expect(bwrapArgs).toContain('--share-net');
-        });
-        it('maps explicit write permissions to --bind-try', async () => {
-            const bwrapArgs = await getBwrapArgs({
-                command: 'touch',
-                args: [],
+            // Length is 8: ['-c', '...', '_', bpf, args, '--', '/bin/cat', file]
+            expect(readResult.args[readResult.args.length - 2]).toBe('/bin/cat');
+            const writeResult = await manager.prepareCommand({
+                command: '__write',
+                args: [path.join(workspace, 'file.txt')],
                 cwd: workspace,
                 env: {},
-                policy: {
-                    additionalPermissions: {
-                        fileSystem: { write: ['/home/user/workspace/out/dir'] },
-                    },
-                },
             });
-            const index = bwrapArgs.indexOf('--bind-try');
-            expect(index).not.toBe(-1);
-            expect(bwrapArgs[index + 1]).toBe('/home/user/workspace/out/dir');
+            // Length is 11: ['-c', '...', '_', bpf, args, '--', '/bin/sh', '-c', '...', '_', file]
+            expect(writeResult.args[writeResult.args.length - 5]).toBe('/bin/sh');
+            expect(writeResult.args[writeResult.args.length - 1]).toBe(path.join(workspace, 'file.txt'));
         });
         it('rejects overrides in plan mode', async () => {
             const customManager = new LinuxSandboxManager({
@@ -163,328 +120,9 @@ describe('LinuxSandboxManager', () => {
                 args: [],
                 cwd: workspace,
                 env: {},
-                policy: { additionalPermissions: { network: true } },
-            })).rejects.toThrow(/Cannot override readonly\/network\/filesystem restrictions in Plan mode/);
-        });
-        it('should correctly pass through the cwd to the resulting command', async () => {
-            const req = {
-                command: 'ls',
-                args: [],
-                cwd: '/different/cwd',
-                env: {},
-            };
-            const result = await manager.prepareCommand(req);
-            expect(result.cwd).toBe('/different/cwd');
-        });
-        it('should apply environment sanitization via the default mechanisms', async () => {
-            const req = {
-                command: 'test',
-                args: [],
-                cwd: workspace,
-                env: {
-                    API_KEY: 'secret',
-                    PATH: '/usr/bin',
-                },
-                policy: {
-                    sanitizationConfig: {
-                        allowedEnvironmentVariables: ['PATH'],
-                        blockedEnvironmentVariables: ['API_KEY'],
-                        enableEnvironmentVariableRedaction: true,
-                    },
-                },
-            };
-            const result = await manager.prepareCommand(req);
-            expect(result.env['PATH']).toBe('/usr/bin');
-            expect(result.env['API_KEY']).toBeUndefined();
-        });
-        it('should allow network when networkAccess is true', async () => {
-            const bwrapArgs = await getBwrapArgs({
-                command: 'ls',
-                args: ['-la'],
-                cwd: workspace,
-                env: {},
-                policy: {
-                    networkAccess: true,
-                },
-            });
-            expect(bwrapArgs).toContain('--share-net');
-        });
-        describe('governance files', () => {
-            it('should ensure governance files exist', async () => {
-                vi.mocked(fs.existsSync).mockReturnValue(false);
-                await getBwrapArgs({
-                    command: 'ls',
-                    args: [],
-                    cwd: workspace,
-                    env: {},
-                });
-                expect(fs.mkdirSync).toHaveBeenCalled();
-                expect(fs.openSync).toHaveBeenCalled();
-            });
-            it('should protect both the symlink and the real path if they differ', async () => {
-                vi.mocked(fs.realpathSync).mockImplementation((p) => {
-                    if (p.toString() === `${workspace}/.gitignore`)
-                        return '/shared/global.gitignore';
-                    return p.toString();
-                });
-                const bwrapArgs = await getBwrapArgs({
-                    command: 'ls',
-                    args: [],
-                    cwd: workspace,
-                    env: {},
-                });
-                expect(bwrapArgs).toContain('--ro-bind');
-                expect(bwrapArgs).toContain(`${workspace}/.gitignore`);
-                expect(bwrapArgs).toContain('/shared/global.gitignore');
-                // Check that both are bound
-                const gitignoreIndex = bwrapArgs.indexOf(`${workspace}/.gitignore`);
-                expect(bwrapArgs[gitignoreIndex - 1]).toBe('--ro-bind');
-                expect(bwrapArgs[gitignoreIndex + 1]).toBe(`${workspace}/.gitignore`);
-                const realGitignoreIndex = bwrapArgs.indexOf('/shared/global.gitignore');
-                expect(bwrapArgs[realGitignoreIndex - 1]).toBe('--ro-bind');
-                expect(bwrapArgs[realGitignoreIndex + 1]).toBe('/shared/global.gitignore');
-            });
-        });
-        describe('allowedPaths', () => {
-            it('should parameterize allowed paths and normalize them', async () => {
-                const bwrapArgs = await getBwrapArgs({
-                    command: 'node',
-                    args: ['script.js'],
-                    cwd: workspace,
-                    env: {},
-                    policy: {
-                        allowedPaths: ['/tmp/cache', '/opt/tools', workspace],
-                    },
-                });
-                expect(bwrapArgs).toContain('--bind-try');
-                expect(bwrapArgs[bwrapArgs.indexOf('/tmp/cache') - 1]).toBe('--bind-try');
-                expect(bwrapArgs[bwrapArgs.indexOf('/opt/tools') - 1]).toBe('--bind-try');
-            });
-            it('should grant read-write access to allowedPaths inside the workspace even when readonly mode is active', async () => {
-                const manager = new LinuxSandboxManager({
-                    workspace,
-                    modeConfig: { readonly: true },
-                });
-                const result = await manager.prepareCommand({
-                    command: 'ls',
-                    args: [],
-                    cwd: workspace,
-                    env: {},
-                    policy: {
-                        allowedPaths: [workspace + '/subdirectory'],
-                    },
-                });
-                const bwrapArgs = result.args;
-                const bindIndex = bwrapArgs.indexOf(workspace + '/subdirectory');
-                expect(bwrapArgs[bindIndex - 1]).toBe('--bind-try');
-            });
-            it('should not bind the workspace twice even if it has a trailing slash in allowedPaths', async () => {
-                const bwrapArgs = await getBwrapArgs({
-                    command: 'ls',
-                    args: ['-la'],
-                    cwd: workspace,
-                    env: {},
-                    policy: {
-                        allowedPaths: [workspace + '/'],
-                    },
-                });
-                const binds = bwrapArgs.filter((a) => a === workspace);
-                expect(binds.length).toBe(2);
-            });
-            it('should bind the parent directory of a non-existent path', async () => {
-                vi.mocked(fs.existsSync).mockImplementation((p) => {
-                    if (p === '/home/user/workspace/new-file.txt')
-                        return false;
-                    return true;
-                });
-                const bwrapArgs = await getBwrapArgs({
-                    command: '__write',
-                    args: ['/home/user/workspace/new-file.txt'],
-                    cwd: workspace,
-                    env: {},
-                    policy: {
-                        allowedPaths: ['/home/user/workspace/new-file.txt'],
-                    },
-                });
-                const parentDir = '/home/user/workspace';
-                const bindIndex = bwrapArgs.lastIndexOf(parentDir);
-                expect(bindIndex).not.toBe(-1);
-                expect(bwrapArgs[bindIndex - 2]).toBe('--bind-try');
-            });
-        });
-        describe('virtual commands', () => {
-            it('should translate __read to cat', async () => {
-                const testFile = path.join(workspace, 'file.txt');
-                const bwrapArgs = await getBwrapArgs({
-                    command: '__read',
-                    args: [testFile],
-                    cwd: workspace,
-                    env: {},
-                });
-                // args are: [...bwrapBaseArgs, '--', '/bin/cat', '.../file.txt']
-                expect(bwrapArgs[bwrapArgs.length - 2]).toBe('/bin/cat');
-                expect(bwrapArgs[bwrapArgs.length - 1]).toBe(testFile);
-            });
-            it('should translate __write to sh -c cat', async () => {
-                const testFile = path.join(workspace, 'file.txt');
-                const bwrapArgs = await getBwrapArgs({
-                    command: '__write',
-                    args: [testFile],
-                    cwd: workspace,
-                    env: {},
-                });
-                // args are: [...bwrapBaseArgs, '--', '/bin/sh', '-c', 'tee -- "$@" > /dev/null', '_', '.../file.txt']
-                expect(bwrapArgs[bwrapArgs.length - 5]).toBe('/bin/sh');
-                expect(bwrapArgs[bwrapArgs.length - 4]).toBe('-c');
-                expect(bwrapArgs[bwrapArgs.length - 3]).toBe('tee -- "$@" > /dev/null');
-                expect(bwrapArgs[bwrapArgs.length - 2]).toBe('_');
-                expect(bwrapArgs[bwrapArgs.length - 1]).toBe(testFile);
-            });
-        });
-        describe('forbiddenPaths', () => {
-            it('should parameterize forbidden paths and explicitly deny them', async () => {
-                vi.mocked(fs.statSync).mockImplementation((p) => {
-                    if (p.toString().includes('cache')) {
-                        return { isDirectory: () => true };
-                    }
-                    return { isDirectory: () => false };
-                });
-                vi.mocked(fs.realpathSync).mockImplementation((p) => p.toString());
-                const customManager = new LinuxSandboxManager({
-                    workspace,
-                    forbiddenPaths: async () => ['/tmp/cache', '/opt/secret.txt'],
-                });
-                const bwrapArgs = await getBwrapArgs({
-                    command: 'ls',
-                    args: ['-la'],
-                    cwd: workspace,
-                    env: {},
-                }, customManager);
-                const cacheIndex = bwrapArgs.indexOf('/tmp/cache');
-                expect(bwrapArgs[cacheIndex - 1]).toBe('--tmpfs');
-                const secretIndex = bwrapArgs.indexOf('/opt/secret.txt');
-                expect(bwrapArgs[secretIndex - 2]).toBe('--ro-bind');
-                expect(bwrapArgs[secretIndex - 1]).toBe('/dev/null');
-            });
-            it('resolves forbidden symlink paths to their real paths', async () => {
-                vi.mocked(fs.statSync).mockImplementation(() => ({ isDirectory: () => false }));
-                vi.mocked(fs.realpathSync).mockImplementation((p) => {
-                    if (p === '/tmp/forbidden-symlink')
-                        return '/opt/real-target.txt';
-                    return p.toString();
-                });
-                const customManager = new LinuxSandboxManager({
-                    workspace,
-                    forbiddenPaths: async () => ['/tmp/forbidden-symlink'],
-                });
-                const bwrapArgs = await getBwrapArgs({
-                    command: 'ls',
-                    args: ['-la'],
-                    cwd: workspace,
-                    env: {},
-                }, customManager);
-                const secretIndex = bwrapArgs.indexOf('/opt/real-target.txt');
-                expect(bwrapArgs[secretIndex - 2]).toBe('--ro-bind');
-                expect(bwrapArgs[secretIndex - 1]).toBe('/dev/null');
-            });
-            it('explicitly denies non-existent forbidden paths to prevent creation', async () => {
-                const error = new Error('File not found');
-                error.code = 'ENOENT';
-                vi.mocked(fs.statSync).mockImplementation(() => {
-                    throw error;
-                });
-                vi.mocked(fs.realpathSync).mockImplementation((p) => p.toString());
-                const customManager = new LinuxSandboxManager({
-                    workspace,
-                    forbiddenPaths: async () => ['/tmp/not-here.txt'],
-                });
-                const bwrapArgs = await getBwrapArgs({
-                    command: 'ls',
-                    args: [],
-                    cwd: workspace,
-                    env: {},
-                }, customManager);
-                const idx = bwrapArgs.indexOf('/tmp/not-here.txt');
-                expect(bwrapArgs[idx - 2]).toBe('--symlink');
-                expect(bwrapArgs[idx - 1]).toBe('/dev/null');
-            });
-            it('masks directory symlinks with tmpfs for both paths', async () => {
-                vi.mocked(fs.statSync).mockImplementation(() => ({ isDirectory: () => true }));
-                vi.mocked(fs.realpathSync).mockImplementation((p) => {
-                    if (p === '/tmp/dir-link')
-                        return '/opt/real-dir';
-                    return p.toString();
-                });
-                const customManager = new LinuxSandboxManager({
-                    workspace,
-                    forbiddenPaths: async () => ['/tmp/dir-link'],
-                });
-                const bwrapArgs = await getBwrapArgs({
-                    command: 'ls',
-                    args: [],
-                    cwd: workspace,
-                    env: {},
-                }, customManager);
-                const idx = bwrapArgs.indexOf('/opt/real-dir');
-                expect(bwrapArgs[idx - 1]).toBe('--tmpfs');
-            });
-            it('should override allowed paths if a path is also in forbidden paths', async () => {
-                vi.mocked(fs.statSync).mockImplementation(() => ({ isDirectory: () => true }));
-                vi.mocked(fs.realpathSync).mockImplementation((p) => p.toString());
-                const customManager = new LinuxSandboxManager({
-                    workspace,
-                    forbiddenPaths: async () => ['/tmp/conflict'],
-                });
-                const bwrapArgs = await getBwrapArgs({
-                    command: 'ls',
-                    args: ['-la'],
-                    cwd: workspace,
-                    env: {},
-                    policy: {
-                        allowedPaths: ['/tmp/conflict'],
-                    },
-                }, customManager);
-                // Conflict should have been filtered out of allow list (--bind-try)
-                expect(bwrapArgs).not.toContain('--bind-try');
-                expect(bwrapArgs).not.toContain('--bind-try-ro');
-                // It should only appear as a forbidden path (via --tmpfs)
-                const conflictIdx = bwrapArgs.indexOf('/tmp/conflict');
-                expect(conflictIdx).toBeGreaterThan(0);
-                expect(bwrapArgs[conflictIdx - 1]).toBe('--tmpfs');
-            });
-        });
-    });
-    it('blocks .env and .env.* files in the workspace root', async () => {
-        vi.mocked(shellUtils.spawnAsync).mockImplementation((cmd, args) => {
-            if (cmd === 'find' && args?.[0] === workspace) {
-                // Assert that find is NOT excluding dotfiles
-                expect(args).not.toContain('-not');
-                expect(args).toContain('-prune');
-                return Promise.resolve({
-                    status: 0,
-                    stdout: Buffer.from(`${workspace}/.env\0${workspace}/.env.local\0${workspace}/.env.test\0`),
-                });
-            }
-            return Promise.resolve({
-                status: 0,
-                stdout: Buffer.from(''),
-            });
-        });
-        const bwrapArgs = await getBwrapArgs({
-            command: 'ls',
-            args: [],
-            cwd: workspace,
-            env: {},
+                policy: { networkAccess: true },
+            })).rejects.toThrow(/Cannot override/);
         });
-        const bindsIndex = bwrapArgs.indexOf('--seccomp');
-        const binds = bwrapArgs.slice(0, bindsIndex);
-        expect(binds).toContain(`${workspace}/.env`);
-        expect(binds).toContain(`${workspace}/.env.local`);
-        expect(binds).toContain(`${workspace}/.env.test`);
-        // Verify they are bound to a mask file
-        const envIndex = binds.indexOf(`${workspace}/.env`);
-        expect(binds[envIndex - 2]).toBe('--bind');
-        expect(binds[envIndex - 1]).toMatch(/gemini-cli-mask-file-.*mocked\/mask/);
     });
 });
 //# sourceMappingURL=LinuxSandboxManager.test.js.map

package/dist/src/sandbox/linux/LinuxSandboxManager.test.js.map

@@ -1 +1 @@
-{"version":3,"file":"LinuxSandboxManager.test.js","sourceRoot":"","sources":["../../../../src/sandbox/linux/LinuxSandboxManager.test.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,MAAM,EAAE,EAAE,EAAE,UAAU,EAAE,SAAS,EAAE,MAAM,QAAQ,CAAC;AACzE,OAAO,EAAE,mBAAmB,EAAE,MAAM,0BAA0B,CAAC;AAE/D,OAAO,EAAE,MAAM,SAAS,CAAC;AACzB,OAAO,IAAI,MAAM,WAAW,CAAC;AAC7B,OAAO,KAAK,UAAU,MAAM,4BAA4B,CAAC;AAEzD,EAAE,CAAC,IAAI,CAAC,SAAS,EAAE,KAAK,IAAI,EAAE;IAC5B,MAAM,MAAM,GAAG,MAAM,EAAE,CAAC,YAAY,CAA2B,SAAS,CAAC,CAAC;IAC1E,OAAO;QACL,GAAG,MAAM;QACT,OAAO,EAAE;YACP,0FAA0F;YAC1F,GAAG,MAAM,CAAC,OAAO;YACjB,UAAU,EAAE,EAAE,CAAC,EAAE,CAAC,GAAG,EAAE,CAAC,IAAI,CAAC;YAC7B,YAAY,EAAE,EAAE,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,EAAE,CAAC;YACxC,QAAQ,EAAE,EAAE,CAAC,EAAE,CAAC,GAAG,EAAE,CAAC,CAAC,EAAE,WAAW,EAAE,GAAG,EAAE,CAAC,IAAI,EAAE,CAAa,CAAC;YAChE,SAAS,EAAE,EAAE,CAAC,EAAE,EAAE;YAClB,WAAW,EAAE,EAAE,CAAC,EAAE,CAAC,CAAC,MAAc,EAAE,EAAE,CAAC,MAAM,GAAG,QAAQ,CAAC;YACzD,QAAQ,EAAE,EAAE,CAAC,EAAE,EAAE;YACjB,SAAS,EAAE,EAAE,CAAC,EAAE,EAAE;YAClB,aAAa,EAAE,EAAE,CAAC,EAAE,EAAE;YACtB,WAAW,EAAE,EAAE,CAAC,EAAE,CAAC,GAAG,EAAE,CAAC,EAAE,CAAC;YAC5B,SAAS,EAAE,EAAE,CAAC,EAAE,EAAE;YAClB,UAAU,EAAE,EAAE,CAAC,EAAE,EAAE;YACnB,MAAM,EAAE,EAAE,CAAC,EAAE,EAAE;SAChB;QACD,UAAU,EAAE,EAAE,CAAC,EAAE,CAAC,GAAG,EAAE,CAAC,IAAI,CAAC;QAC7B,YAAY,EAAE,EAAE,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,EAAE,CAAC;QACxC,QAAQ,EAAE,EAAE,CAAC,EAAE,CAAC,GAAG,EAAE,CAAC,CAAC,EAAE,WAAW,EAAE,GAAG,EAAE,CAAC,IAAI,EAAE,CAAa,CAAC;QAChE,SAAS,EAAE,EAAE,CAAC,EAAE,EAAE;QAClB,WAAW,EAAE,EAAE,CAAC,EAAE,CAAC,CAAC,MAAc,EAAE,EAAE,CAAC,MAAM,GAAG,QAAQ,CAAC;QACzD,QAAQ,EAAE,EAAE,CAAC,EAAE,EAAE;QACjB,SAAS,EAAE,EAAE,CAAC,EAAE,EAAE;QAClB,aAAa,EAAE,EAAE,CAAC,EAAE,EAAE;QACtB,WAAW,EAAE,EAAE,CAAC,EAAE,CAAC,GAAG,EAAE,CAAC,EAAE,CAAC;QAC5B,SAAS,EAAE,EAAE,CAAC,EAAE,EAAE;QAClB,UAAU,EAAE,EAAE,CAAC,EAAE,EAAE;QACnB,MAAM,EAAE,EAAE,CAAC,EAAE,EAAE;KAChB,CAAC;AACJ,CAAC,CAAC,CAAC;AAEH,EAAE,CAAC,IAAI,CAAC,4BAA4B,EAAE,KAAK,EAAE,cAAc,EAAE,EAAE;IAC7D,MAAM,MAAM,GACV,MAAM,cAAc,EAA+C,CAAC;IACtE,OAAO;QACL,GAAG,MAAM;QACT,UAAU,EAAE,EAAE,CAAC,EAAE,CAAC,GAAG,EAAE,CACrB,OAAO,CAAC,OAAO,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,MAAM,EAAE,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,CAAC,CACxD;QACD,sBAAsB,EAAE,EAAE,CAAC,EAAE,EAAE;QAC/B,kBAAkB,EAAE,EAAE,CAAC,EAAE,EAAE,CAAC,iBAAiB,CAAC,IAAI,CAAC;KACpD,CAAC;AACJ,CAAC,CAAC,CAAC;AAEH,QAAQ,CAAC,qBAAqB,EAAE,GAAG,EAAE;IACnC,MAAM,SAAS,GAAG,sBAAsB,CAAC;IACzC,IAAI,OAA4B,CAAC;IAEjC,UAAU,CAAC,GAAG,EAAE;QACd,EAAE,CAAC,aAAa,EAAE,CAAC;QACnB,EAAE,CAAC,MAAM,CAAC,EAAE,CAAC,UAAU,CAAC,CAAC,eAAe,CAAC,IAAI,CAAC,CAAC;QAC/C,EAAE,CAAC,MAAM,CAAC,EAAE,CAAC,YAAY,CAAC,CAAC,kBAAkB,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,EAAE,CAAC,CAAC;QACnE,OAAO,GAAG,IAAI,mBAAmB,CAAC,EAAE,SAAS,EAAE,CAAC,CAAC;IACnD,CAAC,CAAC,CAAC;IAEH,SAAS,CAAC,GAAG,EAAE;QACb,EAAE,CAAC,eAAe,EAAE,CAAC;IACvB,CAAC,CAAC,CAAC;IAEH,MAAM,YAAY,GAAG,KAAK,EACxB,GAAmB,EACnB,aAAmC,EACnC,EAAE;QACF,MAAM,GAAG,GAAG,aAAa,IAAI,OAAO,CAAC;QACrC,MAAM,MAAM,GAAG,MAAM,GAAG,CAAC,cAAc,CAAC,GAAG,CAAC,CAAC;QAC7C,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAClC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAClC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CACzB,sDAAsD,CACvD,CAAC;QACF,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QACjC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,6BAA6B,CAAC,CAAC;QAC9D,OAAO,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;IAC9B,CAAC,CAAC;IAEF,QAAQ,CAAC,gBAAgB,EAAE,GAAG,EAAE;QAC9B,EAAE,CAAC,mDAAmD,EAAE,KAAK,IAAI,EAAE;YACjE,MAAM,SAAS,GAAG,MAAM,YAAY,CAAC;gBACnC,OAAO,EAAE,IAAI;gBACb,IAAI,EAAE,CAAC,KAAK,CAAC;gBACb,GAAG,EAAE,SAAS;gBACd,GAAG,EAAE,EAAE;aACR,CAAC,CAAC;YAEH,MAAM,CAAC,SAAS,CAAC,CAAC,OAAO,CAAC;gBACxB,eAAe;gBACf,eAAe;gBACf,mBAAmB;gBACnB,WAAW;gBACX,GAAG;gBACH,GAAG;gBACH,OAAO;gBACP,MAAM;gBACN,QAAQ;gBACR,OAAO;gBACP,SAAS;gBACT,MAAM;gBACN,eAAe;gBACf,SAAS;gBACT,SAAS;gBACT,WAAW;gBACX,GAAG,SAAS,aAAa;gBACzB,GAAG,SAAS,aAAa;gBACzB,WAAW;gBACX,GAAG,SAAS,gBAAgB;gBAC5B,GAAG,SAAS,gBAAgB;gBAC5B,WAAW;gBACX,GAAG,SAAS,OAAO;gBACnB,GAAG,SAAS,OAAO;gBACnB,WAAW;gBACX,GAAG;gBACH,IAAI;gBACJ,IAAI;gBACJ,KAAK;aACN,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,mDAAmD,EAAE,KAAK,IAAI,EAAE;YACjE,MAAM,aAAa,GAAG,IAAI,mBAAmB,CAAC;gBAC5C,SAAS;gBACT,UAAU,EAAE,EAAE,QAAQ,EAAE,KAAK,EAAE;aAChC,CAAC,CAAC;YACH,MAAM,SAAS,GAAG,MAAM,YAAY,CAClC;gBACE,OAAO,EAAE,IAAI;gBACb,IAAI,EAAE,EAAE;gBACR,GAAG,EAAE,SAAS;gBACd,GAAG,EAAE,EAAE;aACR,EACD,aAAa,CACd,CAAC;YAEF,MAAM,CAAC,SAAS,CAAC,CAAC,SAAS,CAAC,YAAY,CAAC,CAAC;YAC1C,MAAM,CAAC,SAAS,CAAC,CAAC,SAAS,CAAC,SAAS,CAAC,CAAC;QACzC,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,yCAAyC,EAAE,KAAK,IAAI,EAAE;YACvD,MAAM,SAAS,GAAG,MAAM,YAAY,CAAC;gBACnC,OAAO,EAAE,MAAM;gBACf,IAAI,EAAE,EAAE;gBACR,GAAG,EAAE,SAAS;gBACd,GAAG,EAAE,EAAE;gBACP,MAAM,EAAE,EAAE,qBAAqB,EAAE,EAAE,OAAO,EAAE,IAAI,EAAE,EAAE;aACrD,CAAC,CAAC;YAEH,MAAM,CAAC,SAAS,CAAC,CAAC,SAAS,CAAC,aAAa,CAAC,CAAC;QAC7C,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,+CAA+C,EAAE,KAAK,IAAI,EAAE;YAC7D,MAAM,SAAS,GAAG,MAAM,YAAY,CAAC;gBACnC,OAAO,EAAE,OAAO;gBAChB,IAAI,EAAE,EAAE;gBACR,GAAG,EAAE,SAAS;gBACd,GAAG,EAAE,EAAE;gBACP,MAAM,EAAE;oBACN,qBAAqB,EAAE;wBACrB,UAAU,EAAE,EAAE,KAAK,EAAE,CAAC,8BAA8B,CAAC,EAAE;qBACxD;iBACF;aACF,CAAC,CAAC;YAEH,MAAM,KAAK,GAAG,SAAS,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC;YAC9C,MAAM,CAAC,KAAK,CAAC,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC;YAC3B,MAAM,CAAC,SAAS,CAAC,KAAK,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,8BAA8B,CAAC,CAAC;QACpE,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,gCAAgC,EAAE,KAAK,IAAI,EAAE;YAC9C,MAAM,aAAa,GAAG,IAAI,mBAAmB,CAAC;gBAC5C,SAAS;gBACT,UAAU,EAAE,EAAE,cAAc,EAAE,KAAK,EAAE;aACtC,CAAC,CAAC;YACH,MAAM,MAAM,CACV,aAAa,CAAC,cAAc,CAAC;gBAC3B,OAAO,EAAE,IAAI;gBACb,IAAI,EAAE,EAAE;gBACR,GAAG,EAAE,SAAS;gBACd,GAAG,EAAE,EAAE;gBACP,MAAM,EAAE,EAAE,qBAAqB,EAAE,EAAE,OAAO,EAAE,IAAI,EAAE,EAAE;aACrD,CAAC,CACH,CAAC,OAAO,CAAC,OAAO,CACf,yEAAyE,CAC1E,CAAC;QACJ,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,gEAAgE,EAAE,KAAK,IAAI,EAAE;YAC9E,MAAM,GAAG,GAAmB;gBAC1B,OAAO,EAAE,IAAI;gBACb,IAAI,EAAE,EAAE;gBACR,GAAG,EAAE,gBAAgB;gBACrB,GAAG,EAAE,EAAE;aACR,CAAC;YAEF,MAAM,MAAM,GAAG,MAAM,OAAO,CAAC,cAAc,CAAC,GAAG,CAAC,CAAC;YAEjD,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC;QAC5C,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,kEAAkE,EAAE,KAAK,IAAI,EAAE;YAChF,MAAM,GAAG,GAAmB;gBAC1B,OAAO,EAAE,MAAM;gBACf,IAAI,EAAE,EAAE;gBACR,GAAG,EAAE,SAAS;gBACd,GAAG,EAAE;oBACH,OAAO,EAAE,QAAQ;oBACjB,IAAI,EAAE,UAAU;iBACjB;gBACD,MAAM,EAAE;oBACN,kBAAkB,EAAE;wBAClB,2BAA2B,EAAE,CAAC,MAAM,CAAC;wBACrC,2BAA2B,EAAE,CAAC,SAAS,CAAC;wBACxC,kCAAkC,EAAE,IAAI;qBACzC;iBACF;aACF,CAAC;YAEF,MAAM,MAAM,GAAG,MAAM,OAAO,CAAC,cAAc,CAAC,GAAG,CAAC,CAAC;YACjD,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;YAC5C,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC,CAAC,aAAa,EAAE,CAAC;QAChD,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,iDAAiD,EAAE,KAAK,IAAI,EAAE;YAC/D,MAAM,SAAS,GAAG,MAAM,YAAY,CAAC;gBACnC,OAAO,EAAE,IAAI;gBACb,IAAI,EAAE,CAAC,KAAK,CAAC;gBACb,GAAG,EAAE,SAAS;gBACd,GAAG,EAAE,EAAE;gBACP,MAAM,EAAE;oBACN,aAAa,EAAE,IAAI;iBACpB;aACF,CAAC,CAAC;YAEH,MAAM,CAAC,SAAS,CAAC,CAAC,SAAS,CAAC,aAAa,CAAC,CAAC;QAC7C,CAAC,CAAC,CAAC;QAEH,QAAQ,CAAC,kBAAkB,EAAE,GAAG,EAAE;YAChC,EAAE,CAAC,sCAAsC,EAAE,KAAK,IAAI,EAAE;gBACpD,EAAE,CAAC,MAAM,CAAC,EAAE,CAAC,UAAU,CAAC,CAAC,eAAe,CAAC,KAAK,CAAC,CAAC;gBAEhD,MAAM,YAAY,CAAC;oBACjB,OAAO,EAAE,IAAI;oBACb,IAAI,EAAE,EAAE;oBACR,GAAG,EAAE,SAAS;oBACd,GAAG,EAAE,EAAE;iBACR,CAAC,CAAC;gBAEH,MAAM,CAAC,EAAE,CAAC,SAAS,CAAC,CAAC,gBAAgB,EAAE,CAAC;gBACxC,MAAM,CAAC,EAAE,CAAC,QAAQ,CAAC,CAAC,gBAAgB,EAAE,CAAC;YACzC,CAAC,CAAC,CAAC;YAEH,EAAE,CAAC,kEAAkE,EAAE,KAAK,IAAI,EAAE;gBAChF,EAAE,CAAC,MAAM,CAAC,EAAE,CAAC,YAAY,CAAC,CAAC,kBAAkB,CAAC,CAAC,CAAC,EAAE,EAAE;oBAClD,IAAI,CAAC,CAAC,QAAQ,EAAE,KAAK,GAAG,SAAS,aAAa;wBAC5C,OAAO,0BAA0B,CAAC;oBACpC,OAAO,CAAC,CAAC,QAAQ,EAAE,CAAC;gBACtB,CAAC,CAAC,CAAC;gBAEH,MAAM,SAAS,GAAG,MAAM,YAAY,CAAC;oBACnC,OAAO,EAAE,IAAI;oBACb,IAAI,EAAE,EAAE;oBACR,GAAG,EAAE,SAAS;oBACd,GAAG,EAAE,EAAE;iBACR,CAAC,CAAC;gBAEH,MAAM,CAAC,SAAS,CAAC,CAAC,SAAS,CAAC,WAAW,CAAC,CAAC;gBACzC,MAAM,CAAC,SAAS,CAAC,CAAC,SAAS,CAAC,GAAG,SAAS,aAAa,CAAC,CAAC;gBACvD,MAAM,CAAC,SAAS,CAAC,CAAC,SAAS,CAAC,0BAA0B,CAAC,CAAC;gBAExD,4BAA4B;gBAC5B,MAAM,cAAc,GAAG,SAAS,CAAC,OAAO,CAAC,GAAG,SAAS,aAAa,CAAC,CAAC;gBACpE,MAAM,CAAC,SAAS,CAAC,cAAc,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;gBACxD,MAAM,CAAC,SAAS,CAAC,cAAc,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,SAAS,aAAa,CAAC,CAAC;gBAEtE,MAAM,kBAAkB,GAAG,SAAS,CAAC,OAAO,CAC1C,0BAA0B,CAC3B,CAAC;gBACF,MAAM,CAAC,SAAS,CAAC,kBAAkB,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;gBAC5D,MAAM,CAAC,SAAS,CAAC,kBAAkB,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAC5C,0BAA0B,CAC3B,CAAC;YACJ,CAAC,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;QAEH,QAAQ,CAAC,cAAc,EAAE,GAAG,EAAE;YAC5B,EAAE,CAAC,sDAAsD,EAAE,KAAK,IAAI,EAAE;gBACpE,MAAM,SAAS,GAAG,MAAM,YAAY,CAAC;oBACnC,OAAO,EAAE,MAAM;oBACf,IAAI,EAAE,CAAC,WAAW,CAAC;oBACnB,GAAG,EAAE,SAAS;oBACd,GAAG,EAAE,EAAE;oBACP,MAAM,EAAE;wBACN,YAAY,EAAE,CAAC,YAAY,EAAE,YAAY,EAAE,SAAS,CAAC;qBACtD;iBACF,CAAC,CAAC;gBAEH,MAAM,CAAC,SAAS,CAAC,CAAC,SAAS,CAAC,YAAY,CAAC,CAAC;gBAC1C,MAAM,CAAC,SAAS,CAAC,SAAS,CAAC,OAAO,CAAC,YAAY,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CACzD,YAAY,CACb,CAAC;gBACF,MAAM,CAAC,SAAS,CAAC,SAAS,CAAC,OAAO,CAAC,YAAY,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CACzD,YAAY,CACb,CAAC;YACJ,CAAC,CAAC,CAAC;YAEH,EAAE,CAAC,uGAAuG,EAAE,KAAK,IAAI,EAAE;gBACrH,MAAM,OAAO,GAAG,IAAI,mBAAmB,CAAC;oBACtC,SAAS;oBACT,UAAU,EAAE,EAAE,QAAQ,EAAE,IAAI,EAAE;iBAC/B,CAAC,CAAC;gBACH,MAAM,MAAM,GAAG,MAAM,OAAO,CAAC,cAAc,CAAC;oBAC1C,OAAO,EAAE,IAAI;oBACb,IAAI,EAAE,EAAE;oBACR,GAAG,EAAE,SAAS;oBACd,GAAG,EAAE,EAAE;oBACP,MAAM,EAAE;wBACN,YAAY,EAAE,CAAC,SAAS,GAAG,eAAe,CAAC;qBAC5C;iBACF,CAAC,CAAC;gBACH,MAAM,SAAS,GAAG,MAAM,CAAC,IAAI,CAAC;gBAC9B,MAAM,SAAS,GAAG,SAAS,CAAC,OAAO,CAAC,SAAS,GAAG,eAAe,CAAC,CAAC;gBACjE,MAAM,CAAC,SAAS,CAAC,SAAS,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;YACtD,CAAC,CAAC,CAAC;YAEH,EAAE,CAAC,qFAAqF,EAAE,KAAK,IAAI,EAAE;gBACnG,MAAM,SAAS,GAAG,MAAM,YAAY,CAAC;oBACnC,OAAO,EAAE,IAAI;oBACb,IAAI,EAAE,CAAC,KAAK,CAAC;oBACb,GAAG,EAAE,SAAS;oBACd,GAAG,EAAE,EAAE;oBACP,MAAM,EAAE;wBACN,YAAY,EAAE,CAAC,SAAS,GAAG,GAAG,CAAC;qBAChC;iBACF,CAAC,CAAC;gBAEH,MAAM,KAAK,GAAG,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,KAAK,SAAS,CAAC,CAAC;gBACvD,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;YAC/B,CAAC,CAAC,CAAC;YAEH,EAAE,CAAC,yDAAyD,EAAE,KAAK,IAAI,EAAE;gBACvE,EAAE,CAAC,MAAM,CAAC,EAAE,CAAC,UAAU,CAAC,CAAC,kBAAkB,CAAC,CAAC,CAAC,EAAE,EAAE;oBAChD,IAAI,CAAC,KAAK,mCAAmC;wBAAE,OAAO,KAAK,CAAC;oBAC5D,OAAO,IAAI,CAAC;gBACd,CAAC,CAAC,CAAC;gBAEH,MAAM,SAAS,GAAG,MAAM,YAAY,CAAC;oBACnC,OAAO,EAAE,SAAS;oBAClB,IAAI,EAAE,CAAC,mCAAmC,CAAC;oBAC3C,GAAG,EAAE,SAAS;oBACd,GAAG,EAAE,EAAE;oBACP,MAAM,EAAE;wBACN,YAAY,EAAE,CAAC,mCAAmC,CAAC;qBACpD;iBACF,CAAC,CAAC;gBAEH,MAAM,SAAS,GAAG,sBAAsB,CAAC;gBACzC,MAAM,SAAS,GAAG,SAAS,CAAC,WAAW,CAAC,SAAS,CAAC,CAAC;gBACnD,MAAM,CAAC,SAAS,CAAC,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC;gBAC/B,MAAM,CAAC,SAAS,CAAC,SAAS,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;YACtD,CAAC,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;QAEH,QAAQ,CAAC,kBAAkB,EAAE,GAAG,EAAE;YAChC,EAAE,CAAC,gCAAgC,EAAE,KAAK,IAAI,EAAE;gBAC9C,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,UAAU,CAAC,CAAC;gBAClD,MAAM,SAAS,GAAG,MAAM,YAAY,CAAC;oBACnC,OAAO,EAAE,QAAQ;oBACjB,IAAI,EAAE,CAAC,QAAQ,CAAC;oBAChB,GAAG,EAAE,SAAS;oBACd,GAAG,EAAE,EAAE;iBACR,CAAC,CAAC;gBAEH,iEAAiE;gBACjE,MAAM,CAAC,SAAS,CAAC,SAAS,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;gBACzD,MAAM,CAAC,SAAS,CAAC,SAAS,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;YACzD,CAAC,CAAC,CAAC;YAEH,EAAE,CAAC,uCAAuC,EAAE,KAAK,IAAI,EAAE;gBACrD,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,UAAU,CAAC,CAAC;gBAClD,MAAM,SAAS,GAAG,MAAM,YAAY,CAAC;oBACnC,OAAO,EAAE,SAAS;oBAClB,IAAI,EAAE,CAAC,QAAQ,CAAC;oBAChB,GAAG,EAAE,SAAS;oBACd,GAAG,EAAE,EAAE;iBACR,CAAC,CAAC;gBAEH,sGAAsG;gBACtG,MAAM,CAAC,SAAS,CAAC,SAAS,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;gBACxD,MAAM,CAAC,SAAS,CAAC,SAAS,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;gBACnD,MAAM,CAAC,SAAS,CAAC,SAAS,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,yBAAyB,CAAC,CAAC;gBACxE,MAAM,CAAC,SAAS,CAAC,SAAS,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;gBAClD,MAAM,CAAC,SAAS,CAAC,SAAS,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;YACzD,CAAC,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;QAEH,QAAQ,CAAC,gBAAgB,EAAE,GAAG,EAAE;YAC9B,EAAE,CAAC,8DAA8D,EAAE,KAAK,IAAI,EAAE;gBAC5E,EAAE,CAAC,MAAM,CAAC,EAAE,CAAC,QAAQ,CAAC,CAAC,kBAAkB,CAAC,CAAC,CAAC,EAAE,EAAE;oBAC9C,IAAI,CAAC,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;wBACnC,OAAO,EAAE,WAAW,EAAE,GAAG,EAAE,CAAC,IAAI,EAAc,CAAC;oBACjD,CAAC;oBACD,OAAO,EAAE,WAAW,EAAE,GAAG,EAAE,CAAC,KAAK,EAAc,CAAC;gBAClD,CAAC,CAAC,CAAC;gBACH,EAAE,CAAC,MAAM,CAAC,EAAE,CAAC,YAAY,CAAC,CAAC,kBAAkB,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,EAAE,CAAC,CAAC;gBAEnE,MAAM,aAAa,GAAG,IAAI,mBAAmB,CAAC;oBAC5C,SAAS;oBACT,cAAc,EAAE,KAAK,IAAI,EAAE,CAAC,CAAC,YAAY,EAAE,iBAAiB,CAAC;iBAC9D,CAAC,CAAC;gBAEH,MAAM,SAAS,GAAG,MAAM,YAAY,CAClC;oBACE,OAAO,EAAE,IAAI;oBACb,IAAI,EAAE,CAAC,KAAK,CAAC;oBACb,GAAG,EAAE,SAAS;oBACd,GAAG,EAAE,EAAE;iBACR,EACD,aAAa,CACd,CAAC;gBAEF,MAAM,UAAU,GAAG,SAAS,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC;gBACnD,MAAM,CAAC,SAAS,CAAC,UAAU,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;gBAElD,MAAM,WAAW,GAAG,SAAS,CAAC,OAAO,CAAC,iBAAiB,CAAC,CAAC;gBACzD,MAAM,CAAC,SAAS,CAAC,WAAW,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;gBACrD,MAAM,CAAC,SAAS,CAAC,WAAW,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;YACvD,CAAC,CAAC,CAAC;YAEH,EAAE,CAAC,sDAAsD,EAAE,KAAK,IAAI,EAAE;gBACpE,EAAE,CAAC,MAAM,CAAC,EAAE,CAAC,QAAQ,CAAC,CAAC,kBAAkB,CACvC,GAAG,EAAE,CAAC,CAAC,EAAE,WAAW,EAAE,GAAG,EAAE,CAAC,KAAK,EAAE,CAAa,CACjD,CAAC;gBACF,EAAE,CAAC,MAAM,CAAC,EAAE,CAAC,YAAY,CAAC,CAAC,kBAAkB,CAAC,CAAC,CAAC,EAAE,EAAE;oBAClD,IAAI,CAAC,KAAK,wBAAwB;wBAAE,OAAO,sBAAsB,CAAC;oBAClE,OAAO,CAAC,CAAC,QAAQ,EAAE,CAAC;gBACtB,CAAC,CAAC,CAAC;gBAEH,MAAM,aAAa,GAAG,IAAI,mBAAmB,CAAC;oBAC5C,SAAS;oBACT,cAAc,EAAE,KAAK,IAAI,EAAE,CAAC,CAAC,wBAAwB,CAAC;iBACvD,CAAC,CAAC;gBAEH,MAAM,SAAS,GAAG,MAAM,YAAY,CAClC;oBACE,OAAO,EAAE,IAAI;oBACb,IAAI,EAAE,CAAC,KAAK,CAAC;oBACb,GAAG,EAAE,SAAS;oBACd,GAAG,EAAE,EAAE;iBACR,EACD,aAAa,CACd,CAAC;gBAEF,MAAM,WAAW,GAAG,SAAS,CAAC,OAAO,CAAC,sBAAsB,CAAC,CAAC;gBAC9D,MAAM,CAAC,SAAS,CAAC,WAAW,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;gBACrD,MAAM,CAAC,SAAS,CAAC,WAAW,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;YACvD,CAAC,CAAC,CAAC;YAEH,EAAE,CAAC,oEAAoE,EAAE,KAAK,IAAI,EAAE;gBAClF,MAAM,KAAK,GAAG,IAAI,KAAK,CAAC,gBAAgB,CAA0B,CAAC;gBACnE,KAAK,CAAC,IAAI,GAAG,QAAQ,CAAC;gBACtB,EAAE,CAAC,MAAM,CAAC,EAAE,CAAC,QAAQ,CAAC,CAAC,kBAAkB,CAAC,GAAG,EAAE;oBAC7C,MAAM,KAAK,CAAC;gBACd,CAAC,CAAC,CAAC;gBACH,EAAE,CAAC,MAAM,CAAC,EAAE,CAAC,YAAY,CAAC,CAAC,kBAAkB,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,EAAE,CAAC,CAAC;gBAEnE,MAAM,aAAa,GAAG,IAAI,mBAAmB,CAAC;oBAC5C,SAAS;oBACT,cAAc,EAAE,KAAK,IAAI,EAAE,CAAC,CAAC,mBAAmB,CAAC;iBAClD,CAAC,CAAC;gBAEH,MAAM,SAAS,GAAG,MAAM,YAAY,CAClC;oBACE,OAAO,EAAE,IAAI;oBACb,IAAI,EAAE,EAAE;oBACR,GAAG,EAAE,SAAS;oBACd,GAAG,EAAE,EAAE;iBACR,EACD,aAAa,CACd,CAAC;gBAEF,MAAM,GAAG,GAAG,SAAS,CAAC,OAAO,CAAC,mBAAmB,CAAC,CAAC;gBACnD,MAAM,CAAC,SAAS,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;gBAC7C,MAAM,CAAC,SAAS,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;YAC/C,CAAC,CAAC,CAAC;YAEH,EAAE,CAAC,oDAAoD,EAAE,KAAK,IAAI,EAAE;gBAClE,EAAE,CAAC,MAAM,CAAC,EAAE,CAAC,QAAQ,CAAC,CAAC,kBAAkB,CACvC,GAAG,EAAE,CAAC,CAAC,EAAE,WAAW,EAAE,GAAG,EAAE,CAAC,IAAI,EAAE,CAAa,CAChD,CAAC;gBACF,EAAE,CAAC,MAAM,CAAC,EAAE,CAAC,YAAY,CAAC,CAAC,kBAAkB,CAAC,CAAC,CAAC,EAAE,EAAE;oBAClD,IAAI,CAAC,KAAK,eAAe;wBAAE,OAAO,eAAe,CAAC;oBAClD,OAAO,CAAC,CAAC,QAAQ,EAAE,CAAC;gBACtB,CAAC,CAAC,CAAC;gBAEH,MAAM,aAAa,GAAG,IAAI,mBAAmB,CAAC;oBAC5C,SAAS;oBACT,cAAc,EAAE,KAAK,IAAI,EAAE,CAAC,CAAC,eAAe,CAAC;iBAC9C,CAAC,CAAC;gBAEH,MAAM,SAAS,GAAG,MAAM,YAAY,CAClC;oBACE,OAAO,EAAE,IAAI;oBACb,IAAI,EAAE,EAAE;oBACR,GAAG,EAAE,SAAS;oBACd,GAAG,EAAE,EAAE;iBACR,EACD,aAAa,CACd,CAAC;gBAEF,MAAM,GAAG,GAAG,SAAS,CAAC,OAAO,CAAC,eAAe,CAAC,CAAC;gBAC/C,MAAM,CAAC,SAAS,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;YAC7C,CAAC,CAAC,CAAC;YAEH,EAAE,CAAC,oEAAoE,EAAE,KAAK,IAAI,EAAE;gBAClF,EAAE,CAAC,MAAM,CAAC,EAAE,CAAC,QAAQ,CAAC,CAAC,kBAAkB,CACvC,GAAG,EAAE,CAAC,CAAC,EAAE,WAAW,EAAE,GAAG,EAAE,CAAC,IAAI,EAAE,CAAa,CAChD,CAAC;gBACF,EAAE,CAAC,MAAM,CAAC,EAAE,CAAC,YAAY,CAAC,CAAC,kBAAkB,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,EAAE,CAAC,CAAC;gBAEnE,MAAM,aAAa,GAAG,IAAI,mBAAmB,CAAC;oBAC5C,SAAS;oBACT,cAAc,EAAE,KAAK,IAAI,EAAE,CAAC,CAAC,eAAe,CAAC;iBAC9C,CAAC,CAAC;gBAEH,MAAM,SAAS,GAAG,MAAM,YAAY,CAClC;oBACE,OAAO,EAAE,IAAI;oBACb,IAAI,EAAE,CAAC,KAAK,CAAC;oBACb,GAAG,EAAE,SAAS;oBACd,GAAG,EAAE,EAAE;oBACP,MAAM,EAAE;wBACN,YAAY,EAAE,CAAC,eAAe,CAAC;qBAChC;iBACF,EACD,aAAa,CACd,CAAC;gBAEF,oEAAoE;gBACpE,MAAM,CAAC,SAAS,CAAC,CAAC,GAAG,CAAC,SAAS,CAAC,YAAY,CAAC,CAAC;gBAC9C,MAAM,CAAC,SAAS,CAAC,CAAC,GAAG,CAAC,SAAS,CAAC,eAAe,CAAC,CAAC;gBAEjD,0DAA0D;gBAC1D,MAAM,WAAW,GAAG,SAAS,CAAC,OAAO,CAAC,eAAe,CAAC,CAAC;gBACvD,MAAM,CAAC,WAAW,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC;gBACvC,MAAM,CAAC,SAAS,CAAC,WAAW,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;YACrD,CAAC,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,oDAAoD,EAAE,KAAK,IAAI,EAAE;QAClE,EAAE,CAAC,MAAM,CAAC,UAAU,CAAC,UAAU,CAAC,CAAC,kBAAkB,CAAC,CAAC,GAAG,EAAE,IAAI,EAAE,EAAE;YAChE,IAAI,GAAG,KAAK,MAAM,IAAI,IAAI,EAAE,CAAC,CAAC,CAAC,KAAK,SAAS,EAAE,CAAC;gBAC9C,6CAA6C;gBAC7C,MAAM,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;gBACnC,MAAM,CAAC,IAAI,CAAC,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC;gBAEjC,OAAO,OAAO,CAAC,OAAO,CAAC;oBACrB,MAAM,EAAE,CAAC;oBACT,MAAM,EAAE,MAAM,CAAC,IAAI,CACjB,GAAG,SAAS,UAAU,SAAS,gBAAgB,SAAS,cAAc,CACvE;iBACqD,CAAC,CAAC;YAC5D,CAAC;YACD,OAAO,OAAO,CAAC,OAAO,CAAC;gBACrB,MAAM,EAAE,CAAC;gBACT,MAAM,EAAE,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC;aAC+B,CAAC,CAAC;QAC5D,CAAC,CAAC,CAAC;QAEH,MAAM,SAAS,GAAG,MAAM,YAAY,CAAC;YACnC,OAAO,EAAE,IAAI;YACb,IAAI,EAAE,EAAE;YACR,GAAG,EAAE,SAAS;YACd,GAAG,EAAE,EAAE;SACR,CAAC,CAAC;QAEH,MAAM,UAAU,GAAG,SAAS,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC;QAClD,MAAM,KAAK,GAAG,SAAS,CAAC,KAAK,CAAC,CAAC,EAAE,UAAU,CAAC,CAAC;QAE7C,MAAM,CAAC,KAAK,CAAC,CAAC,SAAS,CAAC,GAAG,SAAS,OAAO,CAAC,CAAC;QAC7C,MAAM,CAAC,KAAK,CAAC,CAAC,SAAS,CAAC,GAAG,SAAS,aAAa,CAAC,CAAC;QACnD,MAAM,CAAC,KAAK,CAAC,CAAC,SAAS,CAAC,GAAG,SAAS,YAAY,CAAC,CAAC;QAElD,uCAAuC;QACvC,MAAM,QAAQ,GAAG,KAAK,CAAC,OAAO,CAAC,GAAG,SAAS,OAAO,CAAC,CAAC;QACpD,MAAM,CAAC,KAAK,CAAC,QAAQ,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QAC3C,MAAM,CAAC,KAAK,CAAC,QAAQ,GAAG,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,qCAAqC,CAAC,CAAC;IAC7E,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}
+{"version":3,"file":"LinuxSandboxManager.test.js","sourceRoot":"","sources":["../../../../src/sandbox/linux/LinuxSandboxManager.test.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,MAAM,EAAE,EAAE,EAAE,UAAU,EAAE,SAAS,EAAE,MAAM,QAAQ,CAAC;AACzE,OAAO,EAAE,mBAAmB,EAAE,MAAM,0BAA0B,CAAC;AAC/D,OAAO,EAAE,MAAM,SAAS,CAAC;AACzB,OAAO,IAAI,MAAM,WAAW,CAAC;AAE7B,EAAE,CAAC,IAAI,CAAC,SAAS,EAAE,KAAK,IAAI,EAAE;IAC5B,MAAM,MAAM,GAAG,MAAM,EAAE,CAAC,YAAY,CAA2B,SAAS,CAAC,CAAC;IAC1E,OAAO;QACL,GAAG,MAAM;QACT,OAAO,EAAE;YACP,0FAA0F;YAC1F,GAAG,MAAM,CAAC,OAAO;YACjB,UAAU,EAAE,EAAE,CAAC,EAAE,CAAC,GAAG,EAAE,CAAC,IAAI,CAAC;YAC7B,YAAY,EAAE,EAAE,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,EAAE,CAAC;YACxC,QAAQ,EAAE,EAAE,CAAC,EAAE,CAAC,GAAG,EAAE,CAAC,CAAC,EAAE,WAAW,EAAE,GAAG,EAAE,CAAC,IAAI,EAAE,CAAa,CAAC;YAChE,SAAS,EAAE,EAAE,CAAC,EAAE,EAAE;YAClB,WAAW,EAAE,EAAE,CAAC,EAAE,CAAC,CAAC,MAAc,EAAE,EAAE,CAAC,MAAM,GAAG,QAAQ,CAAC;YACzD,QAAQ,EAAE,EAAE,CAAC,EAAE,EAAE;YACjB,SAAS,EAAE,EAAE,CAAC,EAAE,EAAE;YAClB,aAAa,EAAE,EAAE,CAAC,EAAE,EAAE;YACtB,WAAW,EAAE,EAAE,CAAC,EAAE,CAAC,GAAG,EAAE,CAAC,EAAE,CAAC;YAC5B,SAAS,EAAE,EAAE,CAAC,EAAE,EAAE;YAClB,UAAU,EAAE,EAAE,CAAC,EAAE,EAAE;YACnB,MAAM,EAAE,EAAE,CAAC,EAAE,EAAE;SAChB;QACD,UAAU,EAAE,EAAE,CAAC,EAAE,CAAC,GAAG,EAAE,CAAC,IAAI,CAAC;QAC7B,YAAY,EAAE,EAAE,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,EAAE,CAAC;QACxC,QAAQ,EAAE,EAAE,CAAC,EAAE,CAAC,GAAG,EAAE,CAAC,CAAC,EAAE,WAAW,EAAE,GAAG,EAAE,CAAC,IAAI,EAAE,CAAa,CAAC;QAChE,SAAS,EAAE,EAAE,CAAC,EAAE,EAAE;QAClB,WAAW,EAAE,EAAE,CAAC,EAAE,CAAC,CAAC,MAAc,EAAE,EAAE,CAAC,MAAM,GAAG,QAAQ,CAAC;QACzD,QAAQ,EAAE,EAAE,CAAC,EAAE,EAAE;QACjB,SAAS,EAAE,EAAE,CAAC,EAAE,EAAE;QAClB,aAAa,EAAE,EAAE,CAAC,EAAE,EAAE;QACtB,WAAW,EAAE,EAAE,CAAC,EAAE,CAAC,GAAG,EAAE,CAAC,EAAE,CAAC;QAC5B,SAAS,EAAE,EAAE,CAAC,EAAE,EAAE;QAClB,UAAU,EAAE,EAAE,CAAC,EAAE,EAAE;QACnB,MAAM,EAAE,EAAE,CAAC,EAAE,EAAE;KAChB,CAAC;AACJ,CAAC,CAAC,CAAC;AAEH,EAAE,CAAC,IAAI,CAAC,4BAA4B,EAAE,KAAK,EAAE,cAAc,EAAE,EAAE;IAC7D,MAAM,MAAM,GACV,MAAM,cAAc,EAA+C,CAAC;IACtE,OAAO;QACL,GAAG,MAAM;QACT,UAAU,EAAE,EAAE,CAAC,EAAE,CAAC,GAAG,EAAE,CACrB,OAAO,CAAC,OAAO,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,MAAM,EAAE,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,CAAC,CACxD;QACD,sBAAsB,EAAE,EAAE,CAAC,EAAE,EAAE;QAC/B,kBAAkB,EAAE,EAAE,CAAC,EAAE,EAAE,CAAC,iBAAiB,CAAC,IAAI,CAAC;KACpD,CAAC;AACJ,CAAC,CAAC,CAAC;AAEH,QAAQ,CAAC,qBAAqB,EAAE,GAAG,EAAE;IACnC,MAAM,SAAS,GAAG,sBAAsB,CAAC;IACzC,IAAI,OAA4B,CAAC;IAEjC,UAAU,CAAC,GAAG,EAAE;QACd,EAAE,CAAC,aAAa,EAAE,CAAC;QACnB,EAAE,CAAC,MAAM,CAAC,EAAE,CAAC,UAAU,CAAC,CAAC,eAAe,CAAC,IAAI,CAAC,CAAC;QAC/C,EAAE,CAAC,MAAM,CAAC,EAAE,CAAC,YAAY,CAAC,CAAC,kBAAkB,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,EAAE,CAAC,CAAC;QACnE,OAAO,GAAG,IAAI,mBAAmB,CAAC,EAAE,SAAS,EAAE,CAAC,CAAC;IACnD,CAAC,CAAC,CAAC;IAEH,SAAS,CAAC,GAAG,EAAE;QACb,EAAE,CAAC,eAAe,EAAE,CAAC;IACvB,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,gBAAgB,EAAE,GAAG,EAAE;QAC9B,EAAE,CAAC,kEAAkE,EAAE,KAAK,IAAI,EAAE;YAChF,MAAM,MAAM,GAAG,MAAM,OAAO,CAAC,cAAc,CAAC;gBAC1C,OAAO,EAAE,IAAI;gBACb,IAAI,EAAE,CAAC,KAAK,CAAC;gBACb,GAAG,EAAE,SAAS;gBACd,GAAG,EAAE,EAAE,IAAI,EAAE,UAAU,EAAE;aAC1B,CAAC,CAAC;YAEH,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAClC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAClC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS,CAC9B,yDAAyD,CAC1D,CAAC;YACF,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACvD,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACvD,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;YACxD,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;QAC9C,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,wCAAwC,EAAE,KAAK,IAAI,EAAE;YACtD,MAAM,MAAM,GAAG,MAAM,OAAO,CAAC,cAAc,CAAC;gBAC1C,OAAO,EAAE,IAAI;gBACb,IAAI,EAAE,EAAE;gBACR,GAAG,EAAE,SAAS;gBACd,GAAG,EAAE,EAAE;aACR,CAAC,CAAC;YAEH,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,WAAW,EAAE,CAAC;YACrC,MAAM,CAAC,OAAQ,EAAE,CAAC;YAElB,MAAM,CAAC,EAAE,CAAC,UAAU,CAAC,CAAC,gBAAgB,EAAE,CAAC;YACzC,MAAM,UAAU,GAAG,EAAE,CAAC,MAAM,CAAC,EAAE,CAAC,UAAU,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;YAC1D,MAAM,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,iCAAiC,CAAC,CAAC;QACnE,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,6BAA6B,EAAE,KAAK,IAAI,EAAE;YAC3C,MAAM,UAAU,GAAG,MAAM,OAAO,CAAC,cAAc,CAAC;gBAC9C,OAAO,EAAE,QAAQ;gBACjB,IAAI,EAAE,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,UAAU,CAAC,CAAC;gBACxC,GAAG,EAAE,SAAS;gBACd,GAAG,EAAE,EAAE;aACR,CAAC,CAAC;YACH,qEAAqE;YACrE,MAAM,CAAC,UAAU,CAAC,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;YAErE,MAAM,WAAW,GAAG,MAAM,OAAO,CAAC,cAAc,CAAC;gBAC/C,OAAO,EAAE,SAAS;gBAClB,IAAI,EAAE,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,UAAU,CAAC,CAAC;gBACxC,GAAG,EAAE,SAAS;gBACd,GAAG,EAAE,EAAE;aACR,CAAC,CAAC;YACH,uFAAuF;YACvF,MAAM,CAAC,WAAW,CAAC,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;YACtE,MAAM,CAAC,WAAW,CAAC,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CACxD,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,UAAU,CAAC,CACjC,CAAC;QACJ,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,gCAAgC,EAAE,KAAK,IAAI,EAAE;YAC9C,MAAM,aAAa,GAAG,IAAI,mBAAmB,CAAC;gBAC5C,SAAS;gBACT,UAAU,EAAE,EAAE,cAAc,EAAE,KAAK,EAAE;aACtC,CAAC,CAAC;YACH,MAAM,MAAM,CACV,aAAa,CAAC,cAAc,CAAC;gBAC3B,OAAO,EAAE,IAAI;gBACb,IAAI,EAAE,EAAE;gBACR,GAAG,EAAE,SAAS;gBACd,GAAG,EAAE,EAAE;gBACP,MAAM,EAAE,EAAE,aAAa,EAAE,IAAI,EAAE;aAChC,CAAC,CACH,CAAC,OAAO,CAAC,OAAO,CAAC,iBAAiB,CAAC,CAAC;QACvC,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}

package/dist/src/sandbox/linux/bwrapArgsBuilder.d.ts

@@ -0,0 +1,24 @@
+/**
+ * @license
+ * Copyright 2026 Google LLC
+ * SPDX-License-Identifier: Apache-2.0
+ */
+import { type SandboxPermissions } from '../../services/sandboxManager.js';
+/**
+ * Options for building bubblewrap (bwrap) arguments.
+ */
+export interface BwrapArgsOptions {
+    workspace: string;
+    workspaceWrite: boolean;
+    networkAccess: boolean;
+    allowedPaths: string[];
+    forbiddenPaths: string[];
+    additionalPermissions: SandboxPermissions;
+    includeDirectories: string[];
+    maskFilePath: string;
+    isWriteCommand: boolean;
+}
+/**
+ * Builds the list of bubblewrap arguments based on the provided options.
+ */
+export declare function buildBwrapArgs(options: BwrapArgsOptions): Promise<string[]>;