@google/gemini-cli-core 0.37.2 → 0.38.0

package/dist/src/sandbox/windows/GeminiSandbox.cs

@@ -21,6 +21,8 @@ using System.Text;
  */
 public class GeminiSandbox {
     // P/Invoke constants and structures
+    private const int JobObjectExtendedLimitInformation = 9;
+    private const int JobObjectNetRateControlInformation = 32;
     private const uint JOB_OBJECT_LIMIT_KILL_ON_JOB_CLOSE = 0x00002000;
     private const uint JOB_OBJECT_LIMIT_DIE_ON_UNHANDLED_EXCEPTION = 0x00000400;
     private const uint JOB_OBJECT_LIMIT_ACTIVE_PROCESS = 0x00000008;
@@ -74,6 +76,9 @@ public class GeminiSandbox {
     [DllImport("kernel32.dll", SetLastError = true)]
     static extern bool AssignProcessToJobObject(IntPtr hJob, IntPtr hProcess);
 
+    [DllImport("kernel32.dll", SetLastError = true)]
+    static extern uint ResumeThread(IntPtr hThread);
+
     [DllImport("advapi32.dll", SetLastError = true)]
     static extern bool OpenProcessToken(IntPtr ProcessHandle, uint DesiredAccess, out IntPtr TokenHandle);
 
@@ -158,8 +163,8 @@ public class GeminiSandbox {
 
     static int Main(string[] args) {
         if (args.Length < 3) {
-            Console.WriteLine("Usage: GeminiSandbox.exe <network:0|1> <cwd> [--forbidden-manifest <path>] <command> [args...]");
-            Console.WriteLine("Internal commands: __read <path>, __write <path>");
+            Console.Error.WriteLine("Usage: GeminiSandbox.exe <network:0|1> <cwd> [--forbidden-manifest <path>] <command> [args...]");
+            Console.Error.WriteLine("Internal commands: __read <path>, __write <path>");
             return 1;
         }
 
@@ -183,7 +188,7 @@ public class GeminiSandbox {
         }
 
         if (argIndex >= args.Length) {
-            Console.WriteLine("Error: Missing command");
+            Console.Error.WriteLine("Error: Missing command");
             return 1;
         }
 
@@ -191,23 +196,25 @@ public class GeminiSandbox {
 
         IntPtr hToken = IntPtr.Zero;
         IntPtr hRestrictedToken = IntPtr.Zero;
-        IntPtr lowIntegritySid = IntPtr.Zero;
+        IntPtr hJob = IntPtr.Zero;
+        PROCESS_INFORMATION pi = new PROCESS_INFORMATION();
 
         try {
             // 1. Duplicate Primary Token
             if (!OpenProcessToken(GetCurrentProcess(), TOKEN_ALL_ACCESS, out hToken)) {
-                Console.WriteLine("Error: OpenProcessToken failed (" + Marshal.GetLastWin32Error() + ")");
+                Console.Error.WriteLine("Error: OpenProcessToken failed (" + Marshal.GetLastWin32Error() + ")");
                 return 1;
             }
 
             // Create a restricted token to strip administrative privileges
             if (!CreateRestrictedToken(hToken, DISABLE_MAX_PRIVILEGE, 0, IntPtr.Zero, 0, IntPtr.Zero, 0, IntPtr.Zero, out hRestrictedToken)) {
-                Console.WriteLine("Error: CreateRestrictedToken failed (" + Marshal.GetLastWin32Error() + ")");
+                Console.Error.WriteLine("Error: CreateRestrictedToken failed (" + Marshal.GetLastWin32Error() + ")");
                 return 1;
             }
 
             // 2. Lower Integrity Level to Low
             // S-1-16-4096 is the SID for "Low Mandatory Level"
+            IntPtr lowIntegritySid = IntPtr.Zero;
             if (ConvertStringSidToSid("S-1-16-4096", out lowIntegritySid)) {
                 TOKEN_MANDATORY_LABEL tml = new TOKEN_MANDATORY_LABEL();
                 tml.Label.Sid = lowIntegritySid;
@@ -217,7 +224,7 @@ public class GeminiSandbox {
                 try {
                     Marshal.StructureToPtr(tml, pTml, false);
                     if (!SetTokenInformation(hRestrictedToken, TokenIntegrityLevel, pTml, (uint)tmlSize)) {
-                        Console.WriteLine("Error: SetTokenInformation failed (" + Marshal.GetLastWin32Error() + ")");
+                        Console.Error.WriteLine("Error: SetTokenInformation failed (" + Marshal.GetLastWin32Error() + ")");
                         return 1;
                     }
                 } finally {
@@ -226,31 +233,48 @@ public class GeminiSandbox {
             }
 
             // 3. Setup Job Object for cleanup
-            IntPtr hJob = CreateJobObject(IntPtr.Zero, null);
+            hJob = CreateJobObject(IntPtr.Zero, null);
+            if (hJob == IntPtr.Zero) {
+                Console.Error.WriteLine("Error: CreateJobObject failed (" + Marshal.GetLastWin32Error() + ")");
+                return 1;
+            }
+
             JOBOBJECT_EXTENDED_LIMIT_INFORMATION jobLimits = new JOBOBJECT_EXTENDED_LIMIT_INFORMATION();
             jobLimits.BasicLimitInformation.LimitFlags = JOB_OBJECT_LIMIT_KILL_ON_JOB_CLOSE | JOB_OBJECT_LIMIT_DIE_ON_UNHANDLED_EXCEPTION;
-            
+
             IntPtr lpJobLimits = Marshal.AllocHGlobal(Marshal.SizeOf(jobLimits));
-            Marshal.StructureToPtr(jobLimits, lpJobLimits, false);
-            SetInformationJobObject(hJob, 9 /* JobObjectExtendedLimitInformation */, lpJobLimits, (uint)Marshal.SizeOf(jobLimits));
-            Marshal.FreeHGlobal(lpJobLimits);
+            try {
+                Marshal.StructureToPtr(jobLimits, lpJobLimits, false);
+                if (!SetInformationJobObject(hJob, JobObjectExtendedLimitInformation, lpJobLimits, (uint)Marshal.SizeOf(jobLimits))) {
+                    Console.Error.WriteLine("Error: SetInformationJobObject(Limits) failed (" + Marshal.GetLastWin32Error() + ")");
+                    return 1;
+                }
+            } finally {
+                Marshal.FreeHGlobal(lpJobLimits);
+            }
 
             if (!networkAccess) {
                 JOBOBJECT_NET_RATE_CONTROL_INFORMATION netLimits = new JOBOBJECT_NET_RATE_CONTROL_INFORMATION();
                 netLimits.MaxBandwidth = 1;
                 netLimits.ControlFlags = 0x1 | 0x2; // ENABLE | MAX_BANDWIDTH
                 netLimits.DscpTag = 0;
-                
+
                 IntPtr lpNetLimits = Marshal.AllocHGlobal(Marshal.SizeOf(netLimits));
-                Marshal.StructureToPtr(netLimits, lpNetLimits, false);
-                SetInformationJobObject(hJob, 32 /* JobObjectNetRateControlInformation */, lpNetLimits, (uint)Marshal.SizeOf(netLimits));
-                Marshal.FreeHGlobal(lpNetLimits);
+                try {
+                    Marshal.StructureToPtr(netLimits, lpNetLimits, false);
+                    if (!SetInformationJobObject(hJob, JobObjectNetRateControlInformation, lpNetLimits, (uint)Marshal.SizeOf(netLimits))) {
+                        // Some versions of Windows might not support network rate control, but we should know if it fails.
+                        Console.Error.WriteLine("Warning: SetInformationJobObject(NetRate) failed (" + Marshal.GetLastWin32Error() + "). Network might not be throttled.");
+                    }
+                } finally {
+                    Marshal.FreeHGlobal(lpNetLimits);
+                }
             }
 
             // 4. Handle Internal Commands or External Process
             if (command == "__read") {
                 if (argIndex + 1 >= args.Length) {
-                    Console.WriteLine("Error: Missing path for __read");
+                    Console.Error.WriteLine("Error: Missing path for __read");
                     return 1;
                 }
                 string path = args[argIndex + 1];
@@ -269,24 +293,31 @@ public class GeminiSandbox {
                 });
             } else if (command == "__write") {
                 if (argIndex + 1 >= args.Length) {
-                    Console.WriteLine("Error: Missing path for __write");
+                    Console.Error.WriteLine("Error: Missing path for __write");
                     return 1;
                 }
                 string path = args[argIndex + 1];
                 CheckForbidden(path, forbiddenPaths);
-                return RunInImpersonation(hRestrictedToken, () => {
-                    try {
-                        using (StreamReader reader = new StreamReader(Console.OpenStandardInput(), System.Text.Encoding.UTF8))
-                        using (FileStream fs = new FileStream(path, FileMode.Create, FileAccess.Write, FileShare.None))
-                        using (StreamWriter writer = new StreamWriter(fs, System.Text.Encoding.UTF8)) {
-                            writer.Write(reader.ReadToEnd());
+
+                try {
+                    using (MemoryStream ms = new MemoryStream()) {
+                        // Buffer stdin before impersonation (as restricted token can't read the inherited pipe).
+                        using (Stream stdin = Console.OpenStandardInput()) {
+                            stdin.CopyTo(ms);
                         }
-                        return 0;
-                    } catch (Exception e) {
-                        Console.Error.WriteLine("Error writing file: " + e.Message);
-                        return 1;
+
+                        return RunInImpersonation(hRestrictedToken, () => {
+                            using (FileStream fs = new FileStream(path, FileMode.Create, FileAccess.Write, FileShare.None)) {
+                                ms.Position = 0;
+                                ms.CopyTo(fs);
+                            }
+                            return 0;
+                        });
                     }
-                });
+                } catch (Exception e) {
+                    Console.Error.WriteLine("Error during __write: " + e.Message);
+                    return 1;
+                }
             }
 
             // External Process
@@ -303,32 +334,49 @@ public class GeminiSandbox {
                 commandLine += QuoteArgument(args[i]);
             }
 
-            PROCESS_INFORMATION pi = new PROCESS_INFORMATION();
-            // Creation Flags: 0x04000000 (CREATE_BREAKAWAY_FROM_JOB) to allow job assignment if parent is in job
-            uint creationFlags = 0;
+            // Creation Flags: 0x01000000 (CREATE_BREAKAWAY_FROM_JOB) to allow job assignment if parent is in job
+            // 0x00000004 (CREATE_SUSPENDED) to prevent the process from executing before being placed in the job
+            uint creationFlags = 0x01000000 | 0x00000004;
             if (!CreateProcessAsUser(hRestrictedToken, null, commandLine, IntPtr.Zero, IntPtr.Zero, true, creationFlags, IntPtr.Zero, cwd, ref si, out pi)) {
-                Console.WriteLine("Error: CreateProcessAsUser failed (" + Marshal.GetLastWin32Error() + ") Command: " + commandLine);
+                int err = Marshal.GetLastWin32Error();
+                Console.Error.WriteLine("Error: CreateProcessAsUser failed (" + err + ") Command: " + commandLine);
+                return 1;
+            }
+
+            if (!AssignProcessToJobObject(hJob, pi.hProcess)) {
+                int err = Marshal.GetLastWin32Error();
+                Console.Error.WriteLine("Error: AssignProcessToJobObject failed (" + err + ") Command: " + commandLine);
+                TerminateProcess(pi.hProcess, 1);
                 return 1;
             }
 
-            AssignProcessToJobObject(hJob, pi.hProcess);
+            ResumeThread(pi.hThread);
+
+            if (WaitForSingleObject(pi.hProcess, 0xFFFFFFFF) == 0xFFFFFFFF) {
+                int err = Marshal.GetLastWin32Error();
+                Console.Error.WriteLine("Error: WaitForSingleObject failed (" + err + ")");
+            }
             
-            // Wait for exit
-            uint waitResult = WaitForSingleObject(pi.hProcess, 0xFFFFFFFF);
             uint exitCode = 0;
-            GetExitCodeProcess(pi.hProcess, out exitCode);
-
-            CloseHandle(pi.hProcess);
-            CloseHandle(pi.hThread);
-            CloseHandle(hJob);
+            if (!GetExitCodeProcess(pi.hProcess, out exitCode)) {
+                int err = Marshal.GetLastWin32Error();
+                Console.Error.WriteLine("Error: GetExitCodeProcess failed (" + err + ")");
+                return 1;
+            }
 
             return (int)exitCode;
         } finally {
             if (hToken != IntPtr.Zero) CloseHandle(hToken);
             if (hRestrictedToken != IntPtr.Zero) CloseHandle(hRestrictedToken);
+            if (hJob != IntPtr.Zero) CloseHandle(hJob);
+            if (pi.hProcess != IntPtr.Zero) CloseHandle(pi.hProcess);
+            if (pi.hThread != IntPtr.Zero) CloseHandle(pi.hThread);
         }
     }
 
+    [DllImport("kernel32.dll", SetLastError = true)]
+    static extern bool TerminateProcess(IntPtr hProcess, uint uExitCode);
+
     [DllImport("kernel32.dll", SetLastError = true)]
     static extern uint WaitForSingleObject(IntPtr hHandle, uint dwMilliseconds);
 
@@ -337,7 +385,7 @@ public class GeminiSandbox {
 
     private static int RunInImpersonation(IntPtr hToken, Func<int> action) {
         if (!ImpersonateLoggedOnUser(hToken)) {
-            Console.WriteLine("Error: ImpersonateLoggedOnUser failed (" + Marshal.GetLastWin32Error() + ")");
+            Console.Error.WriteLine("Error: ImpersonateLoggedOnUser failed (" + Marshal.GetLastWin32Error() + ")");
             return 1;
         }
         try {

package/dist/src/sandbox/windows/WindowsSandboxManager.d.ts

@@ -12,14 +12,18 @@ import type { ShellExecutionResult } from '../../services/shellExecutionService.
  */
 export declare class WindowsSandboxManager implements SandboxManager {
     private readonly options;
+    static readonly HELPER_EXE = "GeminiSandbox.exe";
     private readonly helperPath;
     private initialized;
     private readonly allowedCache;
     private readonly deniedCache;
+    private readonly denialCache;
     constructor(options: GlobalSandboxOptions);
     isKnownSafeCommand(args: string[]): boolean;
     isDangerousCommand(args: string[]): boolean;
     parseDenials(result: ShellExecutionResult): ParsedSandboxDenial | undefined;
+    getWorkspace(): string;
+    getOptions(): GlobalSandboxOptions;
     /**
      * Ensures a file or directory exists.
      */

package/dist/src/sandbox/windows/WindowsSandboxManager.js

@@ -7,7 +7,7 @@ import fs from 'node:fs';
 import path from 'node:path';
 import os from 'node:os';
 import { fileURLToPath } from 'node:url';
-import { GOVERNANCE_FILES, findSecretFiles, sanitizePaths, tryRealpath, resolveSandboxPaths, } from '../../services/sandboxManager.js';
+import { GOVERNANCE_FILES, findSecretFiles, sanitizePaths, resolveSandboxPaths, } from '../../services/sandboxManager.js';
 import { sanitizeEnvironment, getSecureSanitizationConfig, } from '../../services/environmentSanitization.js';
 import { debugLogger } from '../../utils/debugLogger.js';
 import { spawnAsync, getCommandName } from '../../utils/shell-utils.js';
@@ -15,8 +15,12 @@ import { isNodeError } from '../../utils/errors.js';
 import { isKnownSafeCommand, isDangerousCommand, isStrictlyApproved, } from './commandSafety.js';
 import { verifySandboxOverrides } from '../utils/commandUtils.js';
 import { parseWindowsSandboxDenials } from './windowsSandboxDenialUtils.js';
+import { isSubpath, resolveToRealPath, assertValidPathString, } from '../../utils/paths.js';
+import { createSandboxDenialCache, } from '../utils/sandboxDenialUtils.js';
 const __filename = fileURLToPath(import.meta.url);
 const __dirname = path.dirname(__filename);
+// S-1-16-4096 is the SID for "Low Mandatory Level" (Low Integrity)
+const LOW_INTEGRITY_SID = '*S-1-16-4096';
 /**
  * A SandboxManager implementation for Windows that uses Restricted Tokens,
  * Job Objects, and Low Integrity levels for process isolation.
@@ -24,13 +28,15 @@ const __dirname = path.dirname(__filename);
  */
 export class WindowsSandboxManager {
     options;
+    static HELPER_EXE = 'GeminiSandbox.exe';
     helperPath;
     initialized = false;
     allowedCache = new Set();
     deniedCache = new Set();
+    denialCache = createSandboxDenialCache();
     constructor(options) {
         this.options = options;
-        this.helperPath = path.resolve(__dirname, 'GeminiSandbox.exe');
+        this.helperPath = path.resolve(__dirname, WindowsSandboxManager.HELPER_EXE);
     }
     isKnownSafeCommand(args) {
         const toolName = args[0]?.toLowerCase();
@@ -44,12 +50,19 @@ export class WindowsSandboxManager {
         return isDangerousCommand(args);
     }
     parseDenials(result) {
-        return parseWindowsSandboxDenials(result);
+        return parseWindowsSandboxDenials(result, this.denialCache);
+    }
+    getWorkspace() {
+        return this.options.workspace;
+    }
+    getOptions() {
+        return this.options;
     }
     /**
      * Ensures a file or directory exists.
      */
     touch(filePath, isDirectory) {
+        assertValidPathString(filePath);
         try {
             // If it exists (even as a broken symlink), do nothing
             if (fs.lstatSync(filePath))
@@ -134,32 +147,10 @@ export class WindowsSandboxManager {
         const allowOverrides = this.options.modeConfig?.allowOverrides ?? true;
         // Reject override attempts in plan mode
         verifySandboxOverrides(allowOverrides, req.policy);
-        let command = req.command;
-        let args = req.args;
-        let targetPathEnv;
-        // Translate virtual commands for sandboxed file system access
-        if (command === '__read') {
-            // Use PowerShell for safe argument passing via env var
-            targetPathEnv = args[0] || '';
-            command = 'PowerShell.exe';
-            args = [
-                '-NoProfile',
-                '-NonInteractive',
-                '-Command',
-                '& { Get-Content -LiteralPath $env:GEMINI_TARGET_PATH -Raw }',
-            ];
-        }
-        else if (command === '__write') {
-            // Use PowerShell for piping stdin to a file via env var
-            targetPathEnv = args[0] || '';
-            command = 'PowerShell.exe';
-            args = [
-                '-NoProfile',
-                '-NonInteractive',
-                '-Command',
-                '& { $Input | Out-File -FilePath $env:GEMINI_TARGET_PATH -Encoding utf8 }',
-            ];
-        }
+        const command = req.command;
+        const args = req.args;
+        // Native commands __read and __write are passed directly to GeminiSandbox.exe
+        const isYolo = this.options.modeConfig?.yolo ?? false;
         // Fetch persistent approvals for this command
         const commandName = await getCommandName(command, args);
         const persistentPermissions = allowOverrides
@@ -177,7 +168,8 @@ export class WindowsSandboxManager {
                     ...(req.policy?.additionalPermissions?.fileSystem?.write ?? []),
                 ],
             },
-            network: persistentPermissions?.network ||
+            network: isYolo ||
+                persistentPermissions?.network ||
                 req.policy?.additionalPermissions?.network ||
                 false,
         };
@@ -189,39 +181,54 @@ export class WindowsSandboxManager {
         }
         const defaultNetwork = this.options.modeConfig?.network ?? req.policy?.networkAccess ?? false;
         const networkAccess = defaultNetwork || mergedAdditional.network;
-        // 1. Handle filesystem permissions for Low Integrity
-        // Grant "Low Mandatory Level" write access to the workspace.
-        // If not in readonly mode OR it's a strictly approved pipeline, allow workspace writes
+        const { allowed: allowedPaths, forbidden: forbiddenPaths } = await resolveSandboxPaths(this.options, req);
+        // Track all roots where Low Integrity write access has been granted.
+        // New files created within these roots will inherit the Low label.
+        const writableRoots = [];
+        // 1. Workspace access
         const isApproved = allowOverrides
             ? await isStrictlyApproved(command, args, this.options.modeConfig?.approvedTools)
             : false;
         if (!isReadonlyMode || isApproved) {
             await this.grantLowIntegrityAccess(this.options.workspace);
+            writableRoots.push(this.options.workspace);
         }
-        const { allowed: allowedPaths, forbidden: forbiddenPaths } = await resolveSandboxPaths(this.options, req);
-        // Grant "Low Mandatory Level" access to includeDirectories.
+        // 2. Globally included directories
         const includeDirs = sanitizePaths(this.options.includeDirectories);
         for (const includeDir of includeDirs) {
             await this.grantLowIntegrityAccess(includeDir);
+            writableRoots.push(includeDir);
         }
-        // Grant "Low Mandatory Level" read/write access to allowedPaths.
+        // 3. Explicitly allowed paths from the request policy
         for (const allowedPath of allowedPaths) {
-            const resolved = await tryRealpath(allowedPath);
-            if (!fs.existsSync(resolved)) {
+            const resolved = resolveToRealPath(allowedPath);
+            try {
+                await fs.promises.access(resolved, fs.constants.F_OK);
+            }
+            catch {
                 throw new Error(`Sandbox request rejected: Allowed path does not exist: ${resolved}. ` +
                     'On Windows, granular sandbox access can only be granted to existing paths to avoid broad parent directory permissions.');
             }
             await this.grantLowIntegrityAccess(resolved);
+            writableRoots.push(resolved);
         }
-        // Grant "Low Mandatory Level" write access to additional permissions write paths.
+        // 4. Additional write paths (e.g. from internal __write command)
         const additionalWritePaths = sanitizePaths(mergedAdditional.fileSystem?.write);
         for (const writePath of additionalWritePaths) {
-            const resolved = await tryRealpath(writePath);
-            if (!fs.existsSync(resolved)) {
-                throw new Error(`Sandbox request rejected: Additional write path does not exist: ${resolved}. ` +
-                    'On Windows, granular sandbox access can only be granted to existing paths to avoid broad parent directory permissions.');
+            const resolved = resolveToRealPath(writePath);
+            try {
+                await fs.promises.access(resolved, fs.constants.F_OK);
+                await this.grantLowIntegrityAccess(resolved);
+                continue;
+            }
+            catch {
+                // If the file doesn't exist, it's only allowed if it resides within a granted root.
+                const isInherited = writableRoots.some((root) => isSubpath(root, resolved));
+                if (!isInherited) {
+                    throw new Error(`Sandbox request rejected: Additional write path does not exist and its parent directory is not allowed: ${resolved}. ` +
+                        'On Windows, granular sandbox access can only be granted to existing paths to avoid broad parent directory permissions.');
+                }
             }
-            await this.grantLowIntegrityAccess(resolved);
         }
         // 2. Collect secret files and apply protective ACLs
         // On Windows, we explicitly deny access to secret files for Low Integrity
@@ -277,15 +284,6 @@ export class WindowsSandboxManager {
         const tempDir = fs.mkdtempSync(path.join(os.tmpdir(), 'gemini-cli-forbidden-'));
         const manifestPath = path.join(tempDir, 'manifest.txt');
         fs.writeFileSync(manifestPath, allForbidden.join('\n'));
-        // Cleanup on exit
-        process.on('exit', () => {
-            try {
-                fs.rmSync(tempDir, { recursive: true, force: true });
-            }
-            catch {
-                // Ignore errors
-            }
-        });
         // 5. Construct the helper command
         // GeminiSandbox.exe <network:0|1> <cwd> --forbidden-manifest <path> <command> [args...]
         const program = this.helperPath;
@@ -298,14 +296,19 @@ export class WindowsSandboxManager {
             ...args,
         ];
         const finalEnv = { ...sanitizedEnv };
-        if (targetPathEnv !== undefined) {
-            finalEnv['GEMINI_TARGET_PATH'] = targetPathEnv;
-        }
         return {
             program,
             args: finalArgs,
             env: finalEnv,
             cwd: req.cwd,
+            cleanup: () => {
+                try {
+                    fs.rmSync(tempDir, { recursive: true, force: true });
+                }
+                catch {
+                    // Ignore errors
+                }
+            },
         };
     }
     /**
@@ -315,7 +318,7 @@ export class WindowsSandboxManager {
         if (os.platform() !== 'win32') {
             return;
         }
-        const resolvedPath = await tryRealpath(targetPath);
+        const resolvedPath = resolveToRealPath(targetPath);
         if (this.allowedCache.has(resolvedPath)) {
             return;
         }
@@ -331,8 +334,12 @@ export class WindowsSandboxManager {
             return;
         }
         try {
+            // 1. Grant explicit Modify access to the Low Integrity SID
+            // 2. Set the Mandatory Label to Low to allow "Write Up" from Low processes
             await spawnAsync('icacls', [
                 resolvedPath,
+                '/grant',
+                `${LOW_INTEGRITY_SID}:(OI)(CI)(M)`,
                 '/setintegritylevel',
                 '(OI)(CI)Low',
             ]);
@@ -349,7 +356,7 @@ export class WindowsSandboxManager {
         if (os.platform() !== 'win32') {
             return;
         }
-        const resolvedPath = await tryRealpath(targetPath);
+        const resolvedPath = resolveToRealPath(targetPath);
         if (this.deniedCache.has(resolvedPath)) {
             return;
         }
@@ -357,8 +364,6 @@ export class WindowsSandboxManager {
         if (this.isSystemDirectory(resolvedPath)) {
             return;
         }
-        // S-1-16-4096 is the SID for "Low Mandatory Level" (Low Integrity)
-        const LOW_INTEGRITY_SID = '*S-1-16-4096';
         // icacls flags: (OI) Object Inherit, (CI) Container Inherit, (F) Full Access Deny.
         // Omit /T (recursive) for performance; (OI)(CI) ensures inheritance for new items.
         // Windows dynamically evaluates existing items, though deep explicit Allow ACEs

package/dist/src/sandbox/windows/WindowsSandboxManager.js.map

@@ -1 +1 @@
-{"version":3,"file":"WindowsSandboxManager.js","sourceRoot":"","sources":["../../../../src/sandbox/windows/WindowsSandboxManager.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,MAAM,SAAS,CAAC;AACzB,OAAO,IAAI,MAAM,WAAW,CAAC;AAC7B,OAAO,EAAE,MAAM,SAAS,CAAC;AACzB,OAAO,EAAE,aAAa,EAAE,MAAM,UAAU,CAAC;AACzC,OAAO,EAIL,gBAAgB,EAChB,eAAe,EAEf,aAAa,EACb,WAAW,EAGX,mBAAmB,GACpB,MAAM,kCAAkC,CAAC;AAE1C,OAAO,EACL,mBAAmB,EACnB,2BAA2B,GAC5B,MAAM,2CAA2C,CAAC;AACnD,OAAO,EAAE,WAAW,EAAE,MAAM,4BAA4B,CAAC;AACzD,OAAO,EAAE,UAAU,EAAE,cAAc,EAAE,MAAM,4BAA4B,CAAC;AACxE,OAAO,EAAE,WAAW,EAAE,MAAM,uBAAuB,CAAC;AACpD,OAAO,EACL,kBAAkB,EAClB,kBAAkB,EAClB,kBAAkB,GACnB,MAAM,oBAAoB,CAAC;AAC5B,OAAO,EAAE,sBAAsB,EAAE,MAAM,0BAA0B,CAAC;AAClE,OAAO,EAAE,0BAA0B,EAAE,MAAM,gCAAgC,CAAC;AAE5E,MAAM,UAAU,GAAG,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAClD,MAAM,SAAS,GAAG,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;AAE3C;;;;GAIG;AACH,MAAM,OAAO,qBAAqB;IAMH;IALZ,UAAU,CAAS;IAC5B,WAAW,GAAG,KAAK,CAAC;IACX,YAAY,GAAG,IAAI,GAAG,EAAU,CAAC;IACjC,WAAW,GAAG,IAAI,GAAG,EAAU,CAAC;IAEjD,YAA6B,OAA6B;QAA7B,YAAO,GAAP,OAAO,CAAsB;QACxD,IAAI,CAAC,UAAU,GAAG,IAAI,CAAC,OAAO,CAAC,SAAS,EAAE,mBAAmB,CAAC,CAAC;IACjE,CAAC;IAED,kBAAkB,CAAC,IAAc;QAC/B,MAAM,QAAQ,GAAG,IAAI,CAAC,CAAC,CAAC,EAAE,WAAW,EAAE,CAAC;QACxC,MAAM,aAAa,GAAG,IAAI,CAAC,OAAO,CAAC,UAAU,EAAE,aAAa,IAAI,EAAE,CAAC;QACnE,IAAI,QAAQ,IAAI,aAAa,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,WAAW,EAAE,KAAK,QAAQ,CAAC,EAAE,CAAC;YACxE,OAAO,IAAI,CAAC;QACd,CAAC;QACD,OAAO,kBAAkB,CAAC,IAAI,CAAC,CAAC;IAClC,CAAC;IAED,kBAAkB,CAAC,IAAc;QAC/B,OAAO,kBAAkB,CAAC,IAAI,CAAC,CAAC;IAClC,CAAC;IAED,YAAY,CAAC,MAA4B;QACvC,OAAO,0BAA0B,CAAC,MAAM,CAAC,CAAC;IAC5C,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,QAAgB,EAAE,WAAoB;QAClD,IAAI,CAAC;YACH,sDAAsD;YACtD,IAAI,EAAE,CAAC,SAAS,CAAC,QAAQ,CAAC;gBAAE,OAAO;QACrC,CAAC;QAAC,MAAM,CAAC;YACP,gBAAgB;QAClB,CAAC;QAED,IAAI,WAAW,EAAE,CAAC;YAChB,EAAE,CAAC,SAAS,CAAC,QAAQ,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QAC9C,CAAC;aAAM,CAAC;YACN,MAAM,GAAG,GAAG,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;YACnC,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;gBACxB,EAAE,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;YACzC,CAAC;YACD,EAAE,CAAC,SAAS,CAAC,EAAE,CAAC,QAAQ,CAAC,QAAQ,EAAE,GAAG,CAAC,CAAC,CAAC;QAC3C,CAAC;IACH,CAAC;IAEO,KAAK,CAAC,iBAAiB;QAC7B,IAAI,IAAI,CAAC,WAAW;YAAE,OAAO;QAC7B,IAAI,EAAE,CAAC,QAAQ,EAAE,KAAK,OAAO,EAAE,CAAC;YAC9B,IAAI,CAAC,WAAW,GAAG,IAAI,CAAC;YACxB,OAAO;QACT,CAAC;QAED,IAAI,CAAC;YACH,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,UAAU,CAAC,EAAE,CAAC;gBACpC,WAAW,CAAC,GAAG,CACb,8CAA8C,IAAI,CAAC,UAAU,4BAA4B,CAC1F,CAAC;gBACF,mEAAmE;gBACnE,MAAM,UAAU,GAAG,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,QAAQ,EAAE,KAAK,CAAC,CAAC;gBAC5D,IAAI,EAAE,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;oBAC9B,MAAM,UAAU,GAAG,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,IAAI,aAAa,CAAC;oBAC9D,MAAM,QAAQ,GAAG;wBACf,SAAS,EAAE,oBAAoB;wBAC/B,IAAI,CAAC,IAAI,CACP,UAAU,EACV,eAAe,EACf,aAAa,EACb,YAAY,EACZ,SAAS,CACV;wBACD,IAAI,CAAC,IAAI,CACP,UAAU,EACV,eAAe,EACf,WAAW,EACX,YAAY,EACZ,SAAS,CACV;wBACD,8BAA8B;wBAC9B,IAAI,CAAC,IAAI,CACP,UAAU,EACV,eAAe,EACf,aAAa,EACb,MAAM,EACN,SAAS,CACV;wBACD,IAAI,CAAC,IAAI,CACP,UAAU,EACV,eAAe,EACf,WAAW,EACX,MAAM,EACN,SAAS,CACV;wBACD,IAAI,CAAC,IAAI,CACP,UAAU,EACV,eAAe,EACf,aAAa,EACb,MAAM,EACN,SAAS,CACV;qBACF,CAAC;oBAEF,IAAI,QAAQ,GAAG,KAAK,CAAC;oBACrB,KAAK,MAAM,GAAG,IAAI,QAAQ,EAAE,CAAC;wBAC3B,IAAI,CAAC;4BACH,WAAW,CAAC,GAAG,CACb,kDAAkD,GAAG,KAAK,CAC3D,CAAC;4BACF,wDAAwD;4BACxD,MAAM,UAAU,CAAC,GAAG,EAAE,CAAC,OAAO,GAAG,IAAI,CAAC,UAAU,EAAE,UAAU,CAAC,CAAC,CAAC;4BAC/D,WAAW,CAAC,GAAG,CACb,kEAAkE,IAAI,CAAC,UAAU,EAAE,CACpF,CAAC;4BACF,QAAQ,GAAG,IAAI,CAAC;4BAChB,MAAM;wBACR,CAAC;wBAAC,OAAO,CAAC,EAAE,CAAC;4BACX,WAAW,CAAC,GAAG,CACb,kDAAkD,GAAG,KAAK,CAAC,YAAY,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CACvG,CAAC;wBACJ,CAAC;oBACH,CAAC;oBAED,IAAI,CAAC,QAAQ,EAAE,CAAC;wBACd,WAAW,CAAC,GAAG,CACb,kFAAkF,CACnF,CAAC;oBACJ,CAAC;gBACH,CAAC;qBAAM,CAAC;oBACN,WAAW,CAAC,GAAG,CACb,mDAAmD,UAAU,0BAA0B,CACxF,CAAC;gBACJ,CAAC;YACH,CAAC;iBAAM,CAAC;gBACN,WAAW,CAAC,GAAG,CACb,0CAA0C,IAAI,CAAC,UAAU,EAAE,CAC5D,CAAC;YACJ,CAAC;QACH,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,WAAW,CAAC,GAAG,CACb,6DAA6D,EAC7D,CAAC,CACF,CAAC;QACJ,CAAC;QAED,IAAI,CAAC,WAAW,GAAG,IAAI,CAAC;IAC1B,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,cAAc,CAAC,GAAmB;QACtC,MAAM,IAAI,CAAC,iBAAiB,EAAE,CAAC;QAE/B,MAAM,kBAAkB,GAAG,2BAA2B,CACpD,GAAG,CAAC,MAAM,EAAE,kBAAkB,CAC/B,CAAC;QAEF,MAAM,YAAY,GAAG,mBAAmB,CAAC,GAAG,CAAC,GAAG,EAAE,kBAAkB,CAAC,CAAC;QAEtE,MAAM,cAAc,GAAG,IAAI,CAAC,OAAO,CAAC,UAAU,EAAE,QAAQ,IAAI,IAAI,CAAC;QACjE,MAAM,cAAc,GAAG,IAAI,CAAC,OAAO,CAAC,UAAU,EAAE,cAAc,IAAI,IAAI,CAAC;QAEvE,wCAAwC;QACxC,sBAAsB,CAAC,cAAc,EAAE,GAAG,CAAC,MAAM,CAAC,CAAC;QAEnD,IAAI,OAAO,GAAG,GAAG,CAAC,OAAO,CAAC;QAC1B,IAAI,IAAI,GAAG,GAAG,CAAC,IAAI,CAAC;QACpB,IAAI,aAAiC,CAAC;QAEtC,8DAA8D;QAC9D,IAAI,OAAO,KAAK,QAAQ,EAAE,CAAC;YACzB,uDAAuD;YACvD,aAAa,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;YAC9B,OAAO,GAAG,gBAAgB,CAAC;YAC3B,IAAI,GAAG;gBACL,YAAY;gBACZ,iBAAiB;gBACjB,UAAU;gBACV,6DAA6D;aAC9D,CAAC;QACJ,CAAC;aAAM,IAAI,OAAO,KAAK,SAAS,EAAE,CAAC;YACjC,wDAAwD;YACxD,aAAa,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;YAC9B,OAAO,GAAG,gBAAgB,CAAC;YAC3B,IAAI,GAAG;gBACL,YAAY;gBACZ,iBAAiB;gBACjB,UAAU;gBACV,0EAA0E;aAC3E,CAAC;QACJ,CAAC;QAED,8CAA8C;QAC9C,MAAM,WAAW,GAAG,MAAM,cAAc,CAAC,OAAO,EAAE,IAAI,CAAC,CAAC;QACxD,MAAM,qBAAqB,GAAG,cAAc;YAC1C,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,aAAa,EAAE,qBAAqB,CAAC,WAAW,CAAC;YAChE,CAAC,CAAC,SAAS,CAAC;QAEd,wBAAwB;QACxB,MAAM,gBAAgB,GAAuB;YAC3C,UAAU,EAAE;gBACV,IAAI,EAAE;oBACJ,GAAG,CAAC,qBAAqB,EAAE,UAAU,EAAE,IAAI,IAAI,EAAE,CAAC;oBAClD,GAAG,CAAC,GAAG,CAAC,MAAM,EAAE,qBAAqB,EAAE,UAAU,EAAE,IAAI,IAAI,EAAE,CAAC;iBAC/D;gBACD,KAAK,EAAE;oBACL,GAAG,CAAC,qBAAqB,EAAE,UAAU,EAAE,KAAK,IAAI,EAAE,CAAC;oBACnD,GAAG,CAAC,GAAG,CAAC,MAAM,EAAE,qBAAqB,EAAE,UAAU,EAAE,KAAK,IAAI,EAAE,CAAC;iBAChE;aACF;YACD,OAAO,EACL,qBAAqB,EAAE,OAAO;gBAC9B,GAAG,CAAC,MAAM,EAAE,qBAAqB,EAAE,OAAO;gBAC1C,KAAK;SACR,CAAC;QAEF,IAAI,GAAG,CAAC,OAAO,KAAK,QAAQ,IAAI,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC;YAC5C,gBAAgB,CAAC,UAAW,CAAC,IAAK,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC;QACvD,CAAC;aAAM,IAAI,GAAG,CAAC,OAAO,KAAK,SAAS,IAAI,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC;YACpD,gBAAgB,CAAC,UAAW,CAAC,KAAM,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC;QACxD,CAAC;QAED,MAAM,cAAc,GAClB,IAAI,CAAC,OAAO,CAAC,UAAU,EAAE,OAAO,IAAI,GAAG,CAAC,MAAM,EAAE,aAAa,IAAI,KAAK,CAAC;QACzE,MAAM,aAAa,GAAG,cAAc,IAAI,gBAAgB,CAAC,OAAO,CAAC;QAEjE,qDAAqD;QACrD,6DAA6D;QAC7D,uFAAuF;QACvF,MAAM,UAAU,GAAG,cAAc;YAC/B,CAAC,CAAC,MAAM,kBAAkB,CACtB,OAAO,EACP,IAAI,EACJ,IAAI,CAAC,OAAO,CAAC,UAAU,EAAE,aAAa,CACvC;YACH,CAAC,CAAC,KAAK,CAAC;QAEV,IAAI,CAAC,cAAc,IAAI,UAAU,EAAE,CAAC;YAClC,MAAM,IAAI,CAAC,uBAAuB,CAAC,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;QAC7D,CAAC;QAED,MAAM,EAAE,OAAO,EAAE,YAAY,EAAE,SAAS,EAAE,cAAc,EAAE,GACxD,MAAM,mBAAmB,CAAC,IAAI,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC;QAE/C,4DAA4D;QAC5D,MAAM,WAAW,GAAG,aAAa,CAAC,IAAI,CAAC,OAAO,CAAC,kBAAkB,CAAC,CAAC;QACnE,KAAK,MAAM,UAAU,IAAI,WAAW,EAAE,CAAC;YACrC,MAAM,IAAI,CAAC,uBAAuB,CAAC,UAAU,CAAC,CAAC;QACjD,CAAC;QAED,iEAAiE;QACjE,KAAK,MAAM,WAAW,IAAI,YAAY,EAAE,CAAC;YACvC,MAAM,QAAQ,GAAG,MAAM,WAAW,CAAC,WAAW,CAAC,CAAC;YAChD,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;gBAC7B,MAAM,IAAI,KAAK,CACb,0DAA0D,QAAQ,IAAI;oBACpE,wHAAwH,CAC3H,CAAC;YACJ,CAAC;YACD,MAAM,IAAI,CAAC,uBAAuB,CAAC,QAAQ,CAAC,CAAC;QAC/C,CAAC;QAED,kFAAkF;QAClF,MAAM,oBAAoB,GAAG,aAAa,CACxC,gBAAgB,CAAC,UAAU,EAAE,KAAK,CACnC,CAAC;QACF,KAAK,MAAM,SAAS,IAAI,oBAAoB,EAAE,CAAC;YAC7C,MAAM,QAAQ,GAAG,MAAM,WAAW,CAAC,SAAS,CAAC,CAAC;YAC9C,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;gBAC7B,MAAM,IAAI,KAAK,CACb,mEAAmE,QAAQ,IAAI;oBAC7E,wHAAwH,CAC3H,CAAC;YACJ,CAAC;YACD,MAAM,IAAI,CAAC,uBAAuB,CAAC,QAAQ,CAAC,CAAC;QAC/C,CAAC;QAED,oDAAoD;QACpD,0EAA0E;QAC1E,sDAAsD;QACtD,MAAM,cAAc,GAAa,EAAE,CAAC;QACpC,MAAM,UAAU,GAAG,IAAI,GAAG,CAAC;YACzB,IAAI,CAAC,OAAO,CAAC,SAAS;YACtB,GAAG,YAAY;YACf,GAAG,WAAW;SACf,CAAC,CAAC;QACH,KAAK,MAAM,GAAG,IAAI,UAAU,EAAE,CAAC;YAC7B,IAAI,CAAC;gBACH,mFAAmF;gBACnF,MAAM,WAAW,GAAG,MAAM,eAAe,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC;gBAClD,KAAK,MAAM,UAAU,IAAI,WAAW,EAAE,CAAC;oBACrC,IAAI,CAAC;wBACH,cAAc,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;wBAChC,MAAM,IAAI,CAAC,sBAAsB,CAAC,UAAU,CAAC,CAAC;oBAChD,CAAC;oBAAC,OAAO,CAAC,EAAE,CAAC;wBACX,WAAW,CAAC,GAAG,CACb,uDAAuD,UAAU,EAAE,EACnE,CAAC,CACF,CAAC;oBACJ,CAAC;gBACH,CAAC;YACH,CAAC;YAAC,OAAO,CAAC,EAAE,CAAC;gBACX,WAAW,CAAC,GAAG,CACb,yDAAyD,GAAG,EAAE,EAC9D,CAAC,CACF,CAAC;YACJ,CAAC;QACH,CAAC;QAED,+DAA+D;QAC/D,yEAAyE;QACzE,oEAAoE;QACpE,iEAAiE;QACjE,oCAAoC;QACpC,KAAK,MAAM,aAAa,IAAI,cAAc,EAAE,CAAC;YAC3C,IAAI,CAAC;gBACH,MAAM,IAAI,CAAC,sBAAsB,CAAC,aAAa,CAAC,CAAC;YACnD,CAAC;YAAC,OAAO,CAAC,EAAE,CAAC;gBACX,WAAW,CAAC,GAAG,CACb,0DAA0D,aAAa,EAAE,EACzE,CAAC,CACF,CAAC;YACJ,CAAC;QACH,CAAC;QAED,gCAAgC;QAChC,qEAAqE;QACrE,+DAA+D;QAC/D,qFAAqF;QACrF,KAAK,MAAM,IAAI,IAAI,gBAAgB,EAAE,CAAC;YACpC,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,SAAS,EAAE,IAAI,CAAC,IAAI,CAAC,CAAC;YAC9D,IAAI,CAAC,KAAK,CAAC,QAAQ,EAAE,IAAI,CAAC,WAAW,CAAC,CAAC;QACzC,CAAC;QAED,8BAA8B;QAC9B,8DAA8D;QAC9D,MAAM,YAAY,GAAG,KAAK,CAAC,IAAI,CAC7B,IAAI,GAAG,CAAC,CAAC,GAAG,cAAc,EAAE,GAAG,cAAc,CAAC,CAAC,CAChD,CAAC;QACF,MAAM,OAAO,GAAG,EAAE,CAAC,WAAW,CAC5B,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,MAAM,EAAE,EAAE,uBAAuB,CAAC,CAChD,CAAC;QACF,MAAM,YAAY,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,cAAc,CAAC,CAAC;QACxD,EAAE,CAAC,aAAa,CAAC,YAAY,EAAE,YAAY,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC;QAExD,kBAAkB;QAClB,OAAO,CAAC,EAAE,CAAC,MAAM,EAAE,GAAG,EAAE;YACtB,IAAI,CAAC;gBACH,EAAE,CAAC,MAAM,CAAC,OAAO,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;YACvD,CAAC;YAAC,MAAM,CAAC;gBACP,gBAAgB;YAClB,CAAC;QACH,CAAC,CAAC,CAAC;QAEH,kCAAkC;QAClC,wFAAwF;QACxF,MAAM,OAAO,GAAG,IAAI,CAAC,UAAU,CAAC;QAEhC,MAAM,SAAS,GAAG;YAChB,aAAa,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG;YACzB,GAAG,CAAC,GAAG;YACP,sBAAsB;YACtB,YAAY;YACZ,OAAO;YACP,GAAG,IAAI;SACR,CAAC;QAEF,MAAM,QAAQ,GAAG,EAAE,GAAG,YAAY,EAAE,CAAC;QACrC,IAAI,aAAa,KAAK,SAAS,EAAE,CAAC;YAChC,QAAQ,CAAC,oBAAoB,CAAC,GAAG,aAAa,CAAC;QACjD,CAAC;QAED,OAAO;YACL,OAAO;YACP,IAAI,EAAE,SAAS;YACf,GAAG,EAAE,QAAQ;YACb,GAAG,EAAE,GAAG,CAAC,GAAG;SACb,CAAC;IACJ,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,uBAAuB,CAAC,UAAkB;QACtD,IAAI,EAAE,CAAC,QAAQ,EAAE,KAAK,OAAO,EAAE,CAAC;YAC9B,OAAO;QACT,CAAC;QAED,MAAM,YAAY,GAAG,MAAM,WAAW,CAAC,UAAU,CAAC,CAAC;QACnD,IAAI,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,YAAY,CAAC,EAAE,CAAC;YACxC,OAAO;QACT,CAAC;QAED,gEAAgE;QAChE,oDAAoD;QACpD,IACE,YAAY,CAAC,UAAU,CAAC,MAAM,CAAC;YAC/B,CAAC,YAAY,CAAC,UAAU,CAAC,SAAS,CAAC;YACnC,CAAC,YAAY,CAAC,UAAU,CAAC,SAAS,CAAC,EACnC,CAAC;YACD,WAAW,CAAC,GAAG,CACb,oEAAoE,EACpE,YAAY,CACb,CAAC;YACF,OAAO;QACT,CAAC;QAED,IAAI,IAAI,CAAC,iBAAiB,CAAC,YAAY,CAAC,EAAE,CAAC;YACzC,OAAO;QACT,CAAC;QAED,IAAI,CAAC;YACH,MAAM,UAAU,CAAC,QAAQ,EAAE;gBACzB,YAAY;gBACZ,oBAAoB;gBACpB,aAAa;aACd,CAAC,CAAC;YACH,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;QACtC,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,WAAW,CAAC,GAAG,CACb,0CAA0C,EAC1C,YAAY,EACZ,CAAC,CACF,CAAC;QACJ,CAAC;IACH,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,sBAAsB,CAAC,UAAkB;QACrD,IAAI,EAAE,CAAC,QAAQ,EAAE,KAAK,OAAO,EAAE,CAAC;YAC9B,OAAO;QACT,CAAC;QAED,MAAM,YAAY,GAAG,MAAM,WAAW,CAAC,UAAU,CAAC,CAAC;QACnD,IAAI,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,YAAY,CAAC,EAAE,CAAC;YACvC,OAAO;QACT,CAAC;QAED,2CAA2C;QAC3C,IAAI,IAAI,CAAC,iBAAiB,CAAC,YAAY,CAAC,EAAE,CAAC;YACzC,OAAO;QACT,CAAC;QAED,mEAAmE;QACnE,MAAM,iBAAiB,GAAG,cAAc,CAAC;QAEzC,mFAAmF;QACnF,mFAAmF;QACnF,gFAAgF;QAChF,qDAAqD;QACrD,MAAM,gBAAgB,GAAG,aAAa,CAAC;QAEvC,mEAAmE;QACnE,oDAAoD;QACpD,kDAAkD;QAClD,IAAI,CAAC;YACH,MAAM,EAAE,CAAC,QAAQ,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;QACvC,CAAC;QAAC,OAAO,CAAU,EAAE,CAAC;YACpB,IAAI,WAAW,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;gBAC1C,OAAO;YACT,CAAC;YACD,MAAM,CAAC,CAAC;QACV,CAAC;QAED,IAAI,CAAC;YACH,MAAM,UAAU,CAAC,QAAQ,EAAE;gBACzB,YAAY;gBACZ,OAAO;gBACP,GAAG,iBAAiB,IAAI,gBAAgB,EAAE;aAC3C,CAAC,CAAC;YACH,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;QACrC,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,MAAM,IAAI,KAAK,CACb,4CAA4C,YAAY,KACtD,CAAC,YAAY,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAC3C,EAAE,CACH,CAAC;QACJ,CAAC;IACH,CAAC;IAEO,iBAAiB,CAAC,YAAoB;QAC5C,MAAM,UAAU,GAAG,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,IAAI,aAAa,CAAC;QAC9D,MAAM,YAAY,GAAG,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC,IAAI,mBAAmB,CAAC;QACxE,MAAM,eAAe,GACnB,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,IAAI,yBAAyB,CAAC;QAEhE,OAAO,CACL,YAAY,CAAC,WAAW,EAAE,CAAC,UAAU,CAAC,UAAU,CAAC,WAAW,EAAE,CAAC;YAC/D,YAAY,CAAC,WAAW,EAAE,CAAC,UAAU,CAAC,YAAY,CAAC,WAAW,EAAE,CAAC;YACjE,YAAY,CAAC,WAAW,EAAE,CAAC,UAAU,CAAC,eAAe,CAAC,WAAW,EAAE,CAAC,CACrE,CAAC;IACJ,CAAC;CACF"}
+{"version":3,"file":"WindowsSandboxManager.js","sourceRoot":"","sources":["../../../../src/sandbox/windows/WindowsSandboxManager.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,MAAM,SAAS,CAAC;AACzB,OAAO,IAAI,MAAM,WAAW,CAAC;AAC7B,OAAO,EAAE,MAAM,SAAS,CAAC;AACzB,OAAO,EAAE,aAAa,EAAE,MAAM,UAAU,CAAC;AACzC,OAAO,EAIL,gBAAgB,EAChB,eAAe,EAEf,aAAa,EAGb,mBAAmB,GACpB,MAAM,kCAAkC,CAAC;AAE1C,OAAO,EACL,mBAAmB,EACnB,2BAA2B,GAC5B,MAAM,2CAA2C,CAAC;AACnD,OAAO,EAAE,WAAW,EAAE,MAAM,4BAA4B,CAAC;AACzD,OAAO,EAAE,UAAU,EAAE,cAAc,EAAE,MAAM,4BAA4B,CAAC;AACxE,OAAO,EAAE,WAAW,EAAE,MAAM,uBAAuB,CAAC;AACpD,OAAO,EACL,kBAAkB,EAClB,kBAAkB,EAClB,kBAAkB,GACnB,MAAM,oBAAoB,CAAC;AAC5B,OAAO,EAAE,sBAAsB,EAAE,MAAM,0BAA0B,CAAC;AAClE,OAAO,EAAE,0BAA0B,EAAE,MAAM,gCAAgC,CAAC;AAC5E,OAAO,EACL,SAAS,EACT,iBAAiB,EACjB,qBAAqB,GACtB,MAAM,sBAAsB,CAAC;AAC9B,OAAO,EAEL,wBAAwB,GACzB,MAAM,gCAAgC,CAAC;AAExC,MAAM,UAAU,GAAG,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAClD,MAAM,SAAS,GAAG,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;AAE3C,mEAAmE;AACnE,MAAM,iBAAiB,GAAG,cAAc,CAAC;AAEzC;;;;GAIG;AACH,MAAM,OAAO,qBAAqB;IAQH;IAP7B,MAAM,CAAU,UAAU,GAAG,mBAAmB,CAAC;IAChC,UAAU,CAAS;IAC5B,WAAW,GAAG,KAAK,CAAC;IACX,YAAY,GAAG,IAAI,GAAG,EAAU,CAAC;IACjC,WAAW,GAAG,IAAI,GAAG,EAAU,CAAC;IAChC,WAAW,GAAuB,wBAAwB,EAAE,CAAC;IAE9E,YAA6B,OAA6B;QAA7B,YAAO,GAAP,OAAO,CAAsB;QACxD,IAAI,CAAC,UAAU,GAAG,IAAI,CAAC,OAAO,CAAC,SAAS,EAAE,qBAAqB,CAAC,UAAU,CAAC,CAAC;IAC9E,CAAC;IAED,kBAAkB,CAAC,IAAc;QAC/B,MAAM,QAAQ,GAAG,IAAI,CAAC,CAAC,CAAC,EAAE,WAAW,EAAE,CAAC;QACxC,MAAM,aAAa,GAAG,IAAI,CAAC,OAAO,CAAC,UAAU,EAAE,aAAa,IAAI,EAAE,CAAC;QACnE,IAAI,QAAQ,IAAI,aAAa,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,WAAW,EAAE,KAAK,QAAQ,CAAC,EAAE,CAAC;YACxE,OAAO,IAAI,CAAC;QACd,CAAC;QACD,OAAO,kBAAkB,CAAC,IAAI,CAAC,CAAC;IAClC,CAAC;IAED,kBAAkB,CAAC,IAAc;QAC/B,OAAO,kBAAkB,CAAC,IAAI,CAAC,CAAC;IAClC,CAAC;IAED,YAAY,CAAC,MAA4B;QACvC,OAAO,0BAA0B,CAAC,MAAM,EAAE,IAAI,CAAC,WAAW,CAAC,CAAC;IAC9D,CAAC;IAED,YAAY;QACV,OAAO,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC;IAChC,CAAC;IAED,UAAU;QACR,OAAO,IAAI,CAAC,OAAO,CAAC;IACtB,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,QAAgB,EAAE,WAAoB;QAClD,qBAAqB,CAAC,QAAQ,CAAC,CAAC;QAChC,IAAI,CAAC;YACH,sDAAsD;YACtD,IAAI,EAAE,CAAC,SAAS,CAAC,QAAQ,CAAC;gBAAE,OAAO;QACrC,CAAC;QAAC,MAAM,CAAC;YACP,gBAAgB;QAClB,CAAC;QAED,IAAI,WAAW,EAAE,CAAC;YAChB,EAAE,CAAC,SAAS,CAAC,QAAQ,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QAC9C,CAAC;aAAM,CAAC;YACN,MAAM,GAAG,GAAG,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;YACnC,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;gBACxB,EAAE,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;YACzC,CAAC;YACD,EAAE,CAAC,SAAS,CAAC,EAAE,CAAC,QAAQ,CAAC,QAAQ,EAAE,GAAG,CAAC,CAAC,CAAC;QAC3C,CAAC;IACH,CAAC;IAEO,KAAK,CAAC,iBAAiB;QAC7B,IAAI,IAAI,CAAC,WAAW;YAAE,OAAO;QAC7B,IAAI,EAAE,CAAC,QAAQ,EAAE,KAAK,OAAO,EAAE,CAAC;YAC9B,IAAI,CAAC,WAAW,GAAG,IAAI,CAAC;YACxB,OAAO;QACT,CAAC;QAED,IAAI,CAAC;YACH,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,UAAU,CAAC,EAAE,CAAC;gBACpC,WAAW,CAAC,GAAG,CACb,8CAA8C,IAAI,CAAC,UAAU,4BAA4B,CAC1F,CAAC;gBACF,mEAAmE;gBACnE,MAAM,UAAU,GAAG,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,QAAQ,EAAE,KAAK,CAAC,CAAC;gBAC5D,IAAI,EAAE,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;oBAC9B,MAAM,UAAU,GAAG,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,IAAI,aAAa,CAAC;oBAC9D,MAAM,QAAQ,GAAG;wBACf,SAAS,EAAE,oBAAoB;wBAC/B,IAAI,CAAC,IAAI,CACP,UAAU,EACV,eAAe,EACf,aAAa,EACb,YAAY,EACZ,SAAS,CACV;wBACD,IAAI,CAAC,IAAI,CACP,UAAU,EACV,eAAe,EACf,WAAW,EACX,YAAY,EACZ,SAAS,CACV;wBACD,8BAA8B;wBAC9B,IAAI,CAAC,IAAI,CACP,UAAU,EACV,eAAe,EACf,aAAa,EACb,MAAM,EACN,SAAS,CACV;wBACD,IAAI,CAAC,IAAI,CACP,UAAU,EACV,eAAe,EACf,WAAW,EACX,MAAM,EACN,SAAS,CACV;wBACD,IAAI,CAAC,IAAI,CACP,UAAU,EACV,eAAe,EACf,aAAa,EACb,MAAM,EACN,SAAS,CACV;qBACF,CAAC;oBAEF,IAAI,QAAQ,GAAG,KAAK,CAAC;oBACrB,KAAK,MAAM,GAAG,IAAI,QAAQ,EAAE,CAAC;wBAC3B,IAAI,CAAC;4BACH,WAAW,CAAC,GAAG,CACb,kDAAkD,GAAG,KAAK,CAC3D,CAAC;4BACF,wDAAwD;4BACxD,MAAM,UAAU,CAAC,GAAG,EAAE,CAAC,OAAO,GAAG,IAAI,CAAC,UAAU,EAAE,UAAU,CAAC,CAAC,CAAC;4BAC/D,WAAW,CAAC,GAAG,CACb,kEAAkE,IAAI,CAAC,UAAU,EAAE,CACpF,CAAC;4BACF,QAAQ,GAAG,IAAI,CAAC;4BAChB,MAAM;wBACR,CAAC;wBAAC,OAAO,CAAC,EAAE,CAAC;4BACX,WAAW,CAAC,GAAG,CACb,kDAAkD,GAAG,KAAK,CAAC,YAAY,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CACvG,CAAC;wBACJ,CAAC;oBACH,CAAC;oBAED,IAAI,CAAC,QAAQ,EAAE,CAAC;wBACd,WAAW,CAAC,GAAG,CACb,kFAAkF,CACnF,CAAC;oBACJ,CAAC;gBACH,CAAC;qBAAM,CAAC;oBACN,WAAW,CAAC,GAAG,CACb,mDAAmD,UAAU,0BAA0B,CACxF,CAAC;gBACJ,CAAC;YACH,CAAC;iBAAM,CAAC;gBACN,WAAW,CAAC,GAAG,CACb,0CAA0C,IAAI,CAAC,UAAU,EAAE,CAC5D,CAAC;YACJ,CAAC;QACH,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,WAAW,CAAC,GAAG,CACb,6DAA6D,EAC7D,CAAC,CACF,CAAC;QACJ,CAAC;QAED,IAAI,CAAC,WAAW,GAAG,IAAI,CAAC;IAC1B,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,cAAc,CAAC,GAAmB;QACtC,MAAM,IAAI,CAAC,iBAAiB,EAAE,CAAC;QAE/B,MAAM,kBAAkB,GAAG,2BAA2B,CACpD,GAAG,CAAC,MAAM,EAAE,kBAAkB,CAC/B,CAAC;QAEF,MAAM,YAAY,GAAG,mBAAmB,CAAC,GAAG,CAAC,GAAG,EAAE,kBAAkB,CAAC,CAAC;QAEtE,MAAM,cAAc,GAAG,IAAI,CAAC,OAAO,CAAC,UAAU,EAAE,QAAQ,IAAI,IAAI,CAAC;QACjE,MAAM,cAAc,GAAG,IAAI,CAAC,OAAO,CAAC,UAAU,EAAE,cAAc,IAAI,IAAI,CAAC;QAEvE,wCAAwC;QACxC,sBAAsB,CAAC,cAAc,EAAE,GAAG,CAAC,MAAM,CAAC,CAAC;QAEnD,MAAM,OAAO,GAAG,GAAG,CAAC,OAAO,CAAC;QAC5B,MAAM,IAAI,GAAG,GAAG,CAAC,IAAI,CAAC;QAEtB,8EAA8E;QAE9E,MAAM,MAAM,GAAG,IAAI,CAAC,OAAO,CAAC,UAAU,EAAE,IAAI,IAAI,KAAK,CAAC;QAEtD,8CAA8C;QAC9C,MAAM,WAAW,GAAG,MAAM,cAAc,CAAC,OAAO,EAAE,IAAI,CAAC,CAAC;QACxD,MAAM,qBAAqB,GAAG,cAAc;YAC1C,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,aAAa,EAAE,qBAAqB,CAAC,WAAW,CAAC;YAChE,CAAC,CAAC,SAAS,CAAC;QAEd,wBAAwB;QACxB,MAAM,gBAAgB,GAAuB;YAC3C,UAAU,EAAE;gBACV,IAAI,EAAE;oBACJ,GAAG,CAAC,qBAAqB,EAAE,UAAU,EAAE,IAAI,IAAI,EAAE,CAAC;oBAClD,GAAG,CAAC,GAAG,CAAC,MAAM,EAAE,qBAAqB,EAAE,UAAU,EAAE,IAAI,IAAI,EAAE,CAAC;iBAC/D;gBACD,KAAK,EAAE;oBACL,GAAG,CAAC,qBAAqB,EAAE,UAAU,EAAE,KAAK,IAAI,EAAE,CAAC;oBACnD,GAAG,CAAC,GAAG,CAAC,MAAM,EAAE,qBAAqB,EAAE,UAAU,EAAE,KAAK,IAAI,EAAE,CAAC;iBAChE;aACF;YACD,OAAO,EACL,MAAM;gBACN,qBAAqB,EAAE,OAAO;gBAC9B,GAAG,CAAC,MAAM,EAAE,qBAAqB,EAAE,OAAO;gBAC1C,KAAK;SACR,CAAC;QAEF,IAAI,GAAG,CAAC,OAAO,KAAK,QAAQ,IAAI,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC;YAC5C,gBAAgB,CAAC,UAAW,CAAC,IAAK,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC;QACvD,CAAC;aAAM,IAAI,GAAG,CAAC,OAAO,KAAK,SAAS,IAAI,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC;YACpD,gBAAgB,CAAC,UAAW,CAAC,KAAM,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC;QACxD,CAAC;QAED,MAAM,cAAc,GAClB,IAAI,CAAC,OAAO,CAAC,UAAU,EAAE,OAAO,IAAI,GAAG,CAAC,MAAM,EAAE,aAAa,IAAI,KAAK,CAAC;QACzE,MAAM,aAAa,GAAG,cAAc,IAAI,gBAAgB,CAAC,OAAO,CAAC;QAEjE,MAAM,EAAE,OAAO,EAAE,YAAY,EAAE,SAAS,EAAE,cAAc,EAAE,GACxD,MAAM,mBAAmB,CAAC,IAAI,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC;QAE/C,qEAAqE;QACrE,mEAAmE;QACnE,MAAM,aAAa,GAAa,EAAE,CAAC;QAEnC,sBAAsB;QACtB,MAAM,UAAU,GAAG,cAAc;YAC/B,CAAC,CAAC,MAAM,kBAAkB,CACtB,OAAO,EACP,IAAI,EACJ,IAAI,CAAC,OAAO,CAAC,UAAU,EAAE,aAAa,CACvC;YACH,CAAC,CAAC,KAAK,CAAC;QAEV,IAAI,CAAC,cAAc,IAAI,UAAU,EAAE,CAAC;YAClC,MAAM,IAAI,CAAC,uBAAuB,CAAC,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;YAC3D,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;QAC7C,CAAC;QAED,mCAAmC;QACnC,MAAM,WAAW,GAAG,aAAa,CAAC,IAAI,CAAC,OAAO,CAAC,kBAAkB,CAAC,CAAC;QACnE,KAAK,MAAM,UAAU,IAAI,WAAW,EAAE,CAAC;YACrC,MAAM,IAAI,CAAC,uBAAuB,CAAC,UAAU,CAAC,CAAC;YAC/C,aAAa,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;QACjC,CAAC;QAED,sDAAsD;QACtD,KAAK,MAAM,WAAW,IAAI,YAAY,EAAE,CAAC;YACvC,MAAM,QAAQ,GAAG,iBAAiB,CAAC,WAAW,CAAC,CAAC;YAChD,IAAI,CAAC;gBACH,MAAM,EAAE,CAAC,QAAQ,CAAC,MAAM,CAAC,QAAQ,EAAE,EAAE,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;YACxD,CAAC;YAAC,MAAM,CAAC;gBACP,MAAM,IAAI,KAAK,CACb,0DAA0D,QAAQ,IAAI;oBACpE,wHAAwH,CAC3H,CAAC;YACJ,CAAC;YACD,MAAM,IAAI,CAAC,uBAAuB,CAAC,QAAQ,CAAC,CAAC;YAC7C,aAAa,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QAC/B,CAAC;QAED,iEAAiE;QACjE,MAAM,oBAAoB,GAAG,aAAa,CACxC,gBAAgB,CAAC,UAAU,EAAE,KAAK,CACnC,CAAC;QACF,KAAK,MAAM,SAAS,IAAI,oBAAoB,EAAE,CAAC;YAC7C,MAAM,QAAQ,GAAG,iBAAiB,CAAC,SAAS,CAAC,CAAC;YAC9C,IAAI,CAAC;gBACH,MAAM,EAAE,CAAC,QAAQ,CAAC,MAAM,CAAC,QAAQ,EAAE,EAAE,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;gBACtD,MAAM,IAAI,CAAC,uBAAuB,CAAC,QAAQ,CAAC,CAAC;gBAC7C,SAAS;YACX,CAAC;YAAC,MAAM,CAAC;gBACP,oFAAoF;gBACpF,MAAM,WAAW,GAAG,aAAa,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,EAAE,CAC9C,SAAS,CAAC,IAAI,EAAE,QAAQ,CAAC,CAC1B,CAAC;gBAEF,IAAI,CAAC,WAAW,EAAE,CAAC;oBACjB,MAAM,IAAI,KAAK,CACb,2GAA2G,QAAQ,IAAI;wBACrH,wHAAwH,CAC3H,CAAC;gBACJ,CAAC;YACH,CAAC;QACH,CAAC;QAED,oDAAoD;QACpD,0EAA0E;QAC1E,sDAAsD;QACtD,MAAM,cAAc,GAAa,EAAE,CAAC;QACpC,MAAM,UAAU,GAAG,IAAI,GAAG,CAAC;YACzB,IAAI,CAAC,OAAO,CAAC,SAAS;YACtB,GAAG,YAAY;YACf,GAAG,WAAW;SACf,CAAC,CAAC;QACH,KAAK,MAAM,GAAG,IAAI,UAAU,EAAE,CAAC;YAC7B,IAAI,CAAC;gBACH,mFAAmF;gBACnF,MAAM,WAAW,GAAG,MAAM,eAAe,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC;gBAClD,KAAK,MAAM,UAAU,IAAI,WAAW,EAAE,CAAC;oBACrC,IAAI,CAAC;wBACH,cAAc,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;wBAChC,MAAM,IAAI,CAAC,sBAAsB,CAAC,UAAU,CAAC,CAAC;oBAChD,CAAC;oBAAC,OAAO,CAAC,EAAE,CAAC;wBACX,WAAW,CAAC,GAAG,CACb,uDAAuD,UAAU,EAAE,EACnE,CAAC,CACF,CAAC;oBACJ,CAAC;gBACH,CAAC;YACH,CAAC;YAAC,OAAO,CAAC,EAAE,CAAC;gBACX,WAAW,CAAC,GAAG,CACb,yDAAyD,GAAG,EAAE,EAC9D,CAAC,CACF,CAAC;YACJ,CAAC;QACH,CAAC;QAED,+DAA+D;QAC/D,yEAAyE;QACzE,oEAAoE;QACpE,iEAAiE;QACjE,oCAAoC;QACpC,KAAK,MAAM,aAAa,IAAI,cAAc,EAAE,CAAC;YAC3C,IAAI,CAAC;gBACH,MAAM,IAAI,CAAC,sBAAsB,CAAC,aAAa,CAAC,CAAC;YACnD,CAAC;YAAC,OAAO,CAAC,EAAE,CAAC;gBACX,WAAW,CAAC,GAAG,CACb,0DAA0D,aAAa,EAAE,EACzE,CAAC,CACF,CAAC;YACJ,CAAC;QACH,CAAC;QAED,gCAAgC;QAChC,qEAAqE;QACrE,+DAA+D;QAC/D,qFAAqF;QACrF,KAAK,MAAM,IAAI,IAAI,gBAAgB,EAAE,CAAC;YACpC,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,SAAS,EAAE,IAAI,CAAC,IAAI,CAAC,CAAC;YAC9D,IAAI,CAAC,KAAK,CAAC,QAAQ,EAAE,IAAI,CAAC,WAAW,CAAC,CAAC;QACzC,CAAC;QAED,8BAA8B;QAC9B,8DAA8D;QAC9D,MAAM,YAAY,GAAG,KAAK,CAAC,IAAI,CAC7B,IAAI,GAAG,CAAC,CAAC,GAAG,cAAc,EAAE,GAAG,cAAc,CAAC,CAAC,CAChD,CAAC;QACF,MAAM,OAAO,GAAG,EAAE,CAAC,WAAW,CAC5B,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,MAAM,EAAE,EAAE,uBAAuB,CAAC,CAChD,CAAC;QACF,MAAM,YAAY,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,cAAc,CAAC,CAAC;QACxD,EAAE,CAAC,aAAa,CAAC,YAAY,EAAE,YAAY,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC;QAExD,kCAAkC;QAClC,wFAAwF;QACxF,MAAM,OAAO,GAAG,IAAI,CAAC,UAAU,CAAC;QAEhC,MAAM,SAAS,GAAG;YAChB,aAAa,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG;YACzB,GAAG,CAAC,GAAG;YACP,sBAAsB;YACtB,YAAY;YACZ,OAAO;YACP,GAAG,IAAI;SACR,CAAC;QAEF,MAAM,QAAQ,GAAG,EAAE,GAAG,YAAY,EAAE,CAAC;QAErC,OAAO;YACL,OAAO;YACP,IAAI,EAAE,SAAS;YACf,GAAG,EAAE,QAAQ;YACb,GAAG,EAAE,GAAG,CAAC,GAAG;YACZ,OAAO,EAAE,GAAG,EAAE;gBACZ,IAAI,CAAC;oBACH,EAAE,CAAC,MAAM,CAAC,OAAO,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;gBACvD,CAAC;gBAAC,MAAM,CAAC;oBACP,gBAAgB;gBAClB,CAAC;YACH,CAAC;SACF,CAAC;IACJ,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,uBAAuB,CAAC,UAAkB;QACtD,IAAI,EAAE,CAAC,QAAQ,EAAE,KAAK,OAAO,EAAE,CAAC;YAC9B,OAAO;QACT,CAAC;QAED,MAAM,YAAY,GAAG,iBAAiB,CAAC,UAAU,CAAC,CAAC;QACnD,IAAI,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,YAAY,CAAC,EAAE,CAAC;YACxC,OAAO;QACT,CAAC;QAED,gEAAgE;QAChE,oDAAoD;QACpD,IACE,YAAY,CAAC,UAAU,CAAC,MAAM,CAAC;YAC/B,CAAC,YAAY,CAAC,UAAU,CAAC,SAAS,CAAC;YACnC,CAAC,YAAY,CAAC,UAAU,CAAC,SAAS,CAAC,EACnC,CAAC;YACD,WAAW,CAAC,GAAG,CACb,oEAAoE,EACpE,YAAY,CACb,CAAC;YACF,OAAO;QACT,CAAC;QAED,IAAI,IAAI,CAAC,iBAAiB,CAAC,YAAY,CAAC,EAAE,CAAC;YACzC,OAAO;QACT,CAAC;QAED,IAAI,CAAC;YACH,2DAA2D;YAC3D,2EAA2E;YAC3E,MAAM,UAAU,CAAC,QAAQ,EAAE;gBACzB,YAAY;gBACZ,QAAQ;gBACR,GAAG,iBAAiB,cAAc;gBAClC,oBAAoB;gBACpB,aAAa;aACd,CAAC,CAAC;YACH,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;QACtC,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,WAAW,CAAC,GAAG,CACb,0CAA0C,EAC1C,YAAY,EACZ,CAAC,CACF,CAAC;QACJ,CAAC;IACH,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,sBAAsB,CAAC,UAAkB;QACrD,IAAI,EAAE,CAAC,QAAQ,EAAE,KAAK,OAAO,EAAE,CAAC;YAC9B,OAAO;QACT,CAAC;QAED,MAAM,YAAY,GAAG,iBAAiB,CAAC,UAAU,CAAC,CAAC;QACnD,IAAI,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,YAAY,CAAC,EAAE,CAAC;YACvC,OAAO;QACT,CAAC;QAED,2CAA2C;QAC3C,IAAI,IAAI,CAAC,iBAAiB,CAAC,YAAY,CAAC,EAAE,CAAC;YACzC,OAAO;QACT,CAAC;QAED,mFAAmF;QACnF,mFAAmF;QACnF,gFAAgF;QAChF,qDAAqD;QACrD,MAAM,gBAAgB,GAAG,aAAa,CAAC;QAEvC,mEAAmE;QACnE,oDAAoD;QACpD,kDAAkD;QAClD,IAAI,CAAC;YACH,MAAM,EAAE,CAAC,QAAQ,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;QACvC,CAAC;QAAC,OAAO,CAAU,EAAE,CAAC;YACpB,IAAI,WAAW,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;gBAC1C,OAAO;YACT,CAAC;YACD,MAAM,CAAC,CAAC;QACV,CAAC;QAED,IAAI,CAAC;YACH,MAAM,UAAU,CAAC,QAAQ,EAAE;gBACzB,YAAY;gBACZ,OAAO;gBACP,GAAG,iBAAiB,IAAI,gBAAgB,EAAE;aAC3C,CAAC,CAAC;YACH,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;QACrC,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,MAAM,IAAI,KAAK,CACb,4CAA4C,YAAY,KACtD,CAAC,YAAY,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAC3C,EAAE,CACH,CAAC;QACJ,CAAC;IACH,CAAC;IAEO,iBAAiB,CAAC,YAAoB;QAC5C,MAAM,UAAU,GAAG,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,IAAI,aAAa,CAAC;QAC9D,MAAM,YAAY,GAAG,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC,IAAI,mBAAmB,CAAC;QACxE,MAAM,eAAe,GACnB,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,IAAI,yBAAyB,CAAC;QAEhE,OAAO,CACL,YAAY,CAAC,WAAW,EAAE,CAAC,UAAU,CAAC,UAAU,CAAC,WAAW,EAAE,CAAC;YAC/D,YAAY,CAAC,WAAW,EAAE,CAAC,UAAU,CAAC,YAAY,CAAC,WAAW,EAAE,CAAC;YACjE,YAAY,CAAC,WAAW,EAAE,CAAC,UAAU,CAAC,eAAe,CAAC,WAAW,EAAE,CAAC,CACrE,CAAC;IACJ,CAAC"}