@guardion/guardion 0.2.0 → 0.4.0

package/dist/connectors/claude-code/src/collect.d.ts

@@ -0,0 +1,5 @@
+import { type ScannedTool } from '../../../core/inventory.js';
+import { type InventoryConfig } from '../../../core/config.js';
+/** Discover local Claude Code tools (skills, MCP servers, plugins, built-ins). Never throws. */
+export declare function collectInventory(cwd: string, inventory?: Partial<InventoryConfig>): ScannedTool[];
+//# sourceMappingURL=collect.d.ts.map

package/dist/connectors/claude-code/src/collect.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"collect.d.ts","sourceRoot":"","sources":["../../../../connectors/claude-code/src/collect.ts"],"names":[],"mappings":"AAQA,OAAO,EAAE,KAAK,WAAW,EAAE,MAAM,4BAA4B,CAAC;AAC9D,OAAO,EAA4B,KAAK,eAAe,EAAE,MAAM,yBAAyB,CAAC;AAEzF,gGAAgG;AAChG,wBAAgB,gBAAgB,CAAC,GAAG,EAAE,MAAM,EAAE,SAAS,CAAC,EAAE,OAAO,CAAC,eAAe,CAAC,GAAG,WAAW,EAAE,CAMjG"}

package/dist/connectors/claude-code/src/collect.js

@@ -0,0 +1,17 @@
+// Claude Code connector — local tool discovery. Delegates to the zero-dep CJS
+// scanner (hooks/tool-scanner.cjs) which knows the Claude Code paths
+// (~/.claude/skills, ~/.claude/plugins, .mcp.json). Universal types + the Guard
+// submission live in core/inventory.
+import path from 'node:path';
+import { createRequire } from 'node:module';
+import { fileURLToPath } from 'node:url';
+import { DEFAULT_INVENTORY_CONFIG } from '../../../core/config.js';
+/** Discover local Claude Code tools (skills, MCP servers, plugins, built-ins). Never throws. */
+export function collectInventory(cwd, inventory) {
+    const requireCjs = createRequire(import.meta.url);
+    // tool-scanner.cjs sits in this connector's hooks/; dist mirrors source.
+    const scannerPath = path.resolve(path.dirname(fileURLToPath(import.meta.url)), '..', 'hooks', 'tool-scanner.cjs');
+    const { collectLocalTools } = requireCjs(scannerPath);
+    return collectLocalTools(cwd, { ...DEFAULT_INVENTORY_CONFIG, ...(inventory ?? {}) });
+}
+//# sourceMappingURL=collect.js.map

package/dist/connectors/claude-code/src/collect.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"collect.js","sourceRoot":"","sources":["../../../../connectors/claude-code/src/collect.ts"],"names":[],"mappings":"AAAA,8EAA8E;AAC9E,qEAAqE;AACrE,gFAAgF;AAChF,qCAAqC;AACrC,OAAO,IAAI,MAAM,WAAW,CAAC;AAC7B,OAAO,EAAE,aAAa,EAAE,MAAM,aAAa,CAAC;AAC5C,OAAO,EAAE,aAAa,EAAE,MAAM,UAAU,CAAC;AAGzC,OAAO,EAAE,wBAAwB,EAAwB,MAAM,yBAAyB,CAAC;AAEzF,gGAAgG;AAChG,MAAM,UAAU,gBAAgB,CAAC,GAAW,EAAE,SAAoC;IAChF,MAAM,UAAU,GAAG,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IAClD,yEAAyE;IACzE,MAAM,WAAW,GAAG,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,IAAI,EAAE,OAAO,EAAE,kBAAkB,CAAC,CAAC;IAClH,MAAM,EAAE,iBAAiB,EAAE,GAAG,UAAU,CAAC,WAAW,CAAC,CAAC;IACtD,OAAO,iBAAiB,CAAC,GAAG,EAAE,EAAE,GAAG,wBAAwB,EAAE,GAAG,CAAC,SAAS,IAAI,EAAE,CAAC,EAAE,CAAC,CAAC;AACvF,CAAC"}

package/dist/{installer.d.ts → connectors/claude-code/src/installer.d.ts}

@@ -1,7 +1,8 @@
 import type { ClaudeSettings, ScanResult } from './scanner.js';
-import type { GuardionConfig } from './config.js';
+import { type GuardionConfig } from '../../../core/config.js';
 export interface PatchOptions {
     config: GuardionConfig;
+    token: string;
     dev?: boolean;
     dryRun?: boolean;
 }

package/dist/connectors/claude-code/src/installer.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"installer.d.ts","sourceRoot":"","sources":["../../../../connectors/claude-code/src/installer.ts"],"names":[],"mappings":"AAWA,OAAO,KAAK,EAAE,cAAc,EAAE,UAAU,EAAmB,MAAM,cAAc,CAAC;AAChF,OAAO,EACL,KAAK,cAAc,EAGpB,MAAM,yBAAyB,CAAC;AAwGjC,MAAM,WAAW,YAAY;IAC3B,MAAM,EAAG,cAAc,CAAC;IACxB,KAAK,EAAI,MAAM,CAAC;IAChB,GAAG,CAAC,EAAK,OAAO,CAAC;IACjB,MAAM,CAAC,EAAE,OAAO,CAAC;CAClB;AAED,wBAAgB,KAAK,CAAC,IAAI,EAAE,UAAU,EAAE,IAAI,EAAE,YAAY,GAAG,cAAc,CAmB1E;AAID,wBAAgB,aAAa,CAAC,QAAQ,EAAE,MAAM,EAAE,QAAQ,EAAE,cAAc,GAAG,IAAI,CAM9E;AAID,wBAAgB,MAAM,CAAC,YAAY,EAAE,MAAM,GAAG,MAAM,GAAG,IAAI,CAO1D;AAmBD,wBAAgB,OAAO,CAAC,YAAY,EAAE,MAAM,GAAG,MAAM,GAAG,IAAI,CAgB3D;AAID,wBAAgB,qBAAqB,CAAC,QAAQ,EAAE,cAAc,GAAG,cAAc,CAmC9E"}

package/dist/connectors/claude-code/src/installer.js

@@ -0,0 +1,190 @@
+import fs from 'node:fs';
+import path from 'node:path';
+import { fileURLToPath } from 'node:url';
+import { BACKUP_SUFFIX, BACKUP_KEEP, HEADER_API_KEY, HEADER_PROVIDER, HEADER_POLICY, } from '../../../core/constants.js';
+import { DEFAULT_GATEWAY, resolvedHookEvents, } from '../../../core/config.js';
+// Production hook command — scoped npm package, works everywhere
+const HOOK_COMMAND_NPX = 'npx --yes @guardion/guardion hook';
+// Resolve absolute path to the CJS hook for local dev (no npm needed)
+function resolveLocalHookPath() {
+    const here = path.dirname(fileURLToPath(import.meta.url));
+    const candidates = [
+        path.resolve(here, '..', 'hooks', 'guardion-hook.cjs'),
+        path.resolve(here, '..', '..', 'hooks', 'guardion-hook.cjs'),
+    ];
+    for (const c of candidates) {
+        if (fs.existsSync(c))
+            return c;
+    }
+    return candidates[0];
+}
+function hookCommand(dev) {
+    return dev ? `node ${resolveLocalHookPath()}` : HOOK_COMMAND_NPX;
+}
+function buildHooks(cfg, dev) {
+    const command = hookCommand(dev);
+    const events = resolvedHookEvents(cfg);
+    const result = {};
+    for (const event of events) {
+        result[event] = [{ matcher: '', hooks: [{ type: 'command', command }] }];
+    }
+    return result;
+}
+// ── Env block ─────────────────────────────────────────────────────────────────
+function buildEnv(cfg, token) {
+    const base = {
+        GUARDION_TIER: cfg.tier,
+        GUARDION_API_URL: cfg.api_url,
+        GUARDION_POLICY: cfg.policy,
+        GUARDION_APPLICATION: cfg.application,
+    };
+    if (cfg.tier === 'full') {
+        const gw = { ...DEFAULT_GATEWAY, ...cfg.gateway };
+        const provider = gw.provider;
+        // Custom headers sent on every LLM request through the gateway.
+        // Lines are newline-separated "Key: value" pairs.
+        const customHeaders = [
+            `${HEADER_API_KEY}: ${token}`,
+            `${HEADER_PROVIDER}: ${provider}`,
+            `${HEADER_POLICY}: ${cfg.policy}`,
+        ];
+        if (provider === 'vertex-ai') {
+            if (gw.vertex_project_id)
+                customHeaders.push(`x-guardion-vertex-project-id: ${gw.vertex_project_id}`);
+            if (gw.vertex_region)
+                customHeaders.push(`x-guardion-vertex-region: ${gw.vertex_region}`);
+        }
+        base.ANTHROPIC_BASE_URL = gw.url;
+        base.ANTHROPIC_CUSTOM_HEADERS = customHeaders.join('\n');
+        base.GUARDION_GATEWAY_URL = gw.url;
+        base.GUARDION_MCP_URL = gw.mcp_url;
+    }
+    return base;
+}
+// ── MCP rewriting (full tier only) ───────────────────────────────────────────
+// Existing MCP servers are proxied through the Guardion MCP gateway so that
+// tool call traffic is also evaluated for policy violations.
+function rewriteMcpServers(servers, mcpBaseUrl) {
+    const out = {};
+    for (const [name, cfg] of Object.entries(servers)) {
+        // Skip servers that are already pointing at a Guardion endpoint
+        if (typeof cfg.url === 'string' && cfg.url.includes('guardion')) {
+            out[name] = cfg;
+            continue;
+        }
+        out[name] = {
+            type: 'http',
+            url: `${mcpBaseUrl}/${name}/mcp`,
+            headers: { Authorization: 'Bearer $GUARDION_TOKEN' },
+        };
+    }
+    return out;
+}
+export function patch(scan, opts) {
+    const base = scan.settings
+        ? JSON.parse(JSON.stringify(scan.settings))
+        : {};
+    base.env = { ...(base.env ?? {}), ...buildEnv(opts.config, opts.token) };
+    base.hooks = { ...(base.hooks ?? {}), ...buildHooks(opts.config, opts.dev ?? false) };
+    // Full tier: proxy MCP servers through the Guardion MCP gateway
+    if (opts.config.tier === 'full' && Object.keys(scan.mcpServers).length > 0) {
+        const mcpUrl = opts.config.gateway?.mcp_url
+            ?? (opts.dev ? 'http://localhost:8082/mcp' : DEFAULT_GATEWAY.mcp_url);
+        base.mcpServers = {
+            ...(base.mcpServers ?? {}),
+            ...rewriteMcpServers(scan.mcpServers, mcpUrl),
+        };
+    }
+    return base;
+}
+// ── Write ─────────────────────────────────────────────────────────────────────
+export function writeSettings(filePath, settings) {
+    const dir = path.dirname(filePath);
+    fs.mkdirSync(dir, { recursive: true });
+    const tmp = filePath + '.tmp';
+    fs.writeFileSync(tmp, JSON.stringify(settings, null, 2) + '\n', 'utf-8');
+    fs.renameSync(tmp, filePath);
+}
+// ── Backup (timestamped, keep last N) ────────────────────────────────────────
+export function backup(settingsPath) {
+    if (!fs.existsSync(settingsPath))
+        return null;
+    const ts = new Date().toISOString().replace(/[:.]/g, '-').slice(0, 19);
+    const backupPath = `${settingsPath}${BACKUP_SUFFIX}-${ts}.bak`;
+    fs.copyFileSync(settingsPath, backupPath);
+    pruneBackups(settingsPath);
+    return backupPath;
+}
+function pruneBackups(settingsPath) {
+    const dir = path.dirname(settingsPath);
+    const base = path.basename(settingsPath);
+    const prefix = `${base}${BACKUP_SUFFIX}-`;
+    try {
+        const backups = fs.readdirSync(dir)
+            .filter(f => f.startsWith(prefix) && f.endsWith('.bak'))
+            .map(f => ({ name: f, mtime: fs.statSync(path.join(dir, f)).mtimeMs }))
+            .sort((a, b) => b.mtime - a.mtime);
+        for (const old of backups.slice(BACKUP_KEEP)) {
+            fs.unlinkSync(path.join(dir, old.name));
+        }
+    }
+    catch { /* non-critical */ }
+}
+// ── Restore ───────────────────────────────────────────────────────────────────
+export function restore(settingsPath) {
+    const dir = path.dirname(settingsPath);
+    const base = path.basename(settingsPath);
+    const prefix = `${base}${BACKUP_SUFFIX}-`;
+    try {
+        const backups = fs.readdirSync(dir)
+            .filter(f => f.startsWith(prefix) && f.endsWith('.bak'))
+            .sort().reverse();
+        if (backups.length === 0)
+            return null;
+        const latest = path.join(dir, backups[0]);
+        fs.copyFileSync(latest, settingsPath);
+        fs.unlinkSync(latest);
+        return latest;
+    }
+    catch {
+        return null;
+    }
+}
+// ── Remove Guardion entries ───────────────────────────────────────────────────
+export function removeGuardionEntries(settings) {
+    const cleaned = JSON.parse(JSON.stringify(settings));
+    if (cleaned.env) {
+        for (const key of Object.keys(cleaned.env)) {
+            if (key.startsWith('GUARDION_') || key === 'ANTHROPIC_BASE_URL') {
+                delete cleaned.env[key];
+            }
+        }
+        // Remove Guardion-injected custom headers but preserve ANTHROPIC_CUSTOM_HEADERS
+        // if the user had their own headers before Guardion was installed
+        if (cleaned.env.ANTHROPIC_CUSTOM_HEADERS) {
+            const lines = cleaned.env.ANTHROPIC_CUSTOM_HEADERS.split('\n')
+                .filter((l) => !l.startsWith('x-guardion-'));
+            if (lines.length === 0)
+                delete cleaned.env.ANTHROPIC_CUSTOM_HEADERS;
+            else
+                cleaned.env.ANTHROPIC_CUSTOM_HEADERS = lines.join('\n');
+        }
+    }
+    if (cleaned.hooks) {
+        for (const [event, hookList] of Object.entries(cleaned.hooks)) {
+            const filtered = hookList.filter(entry => {
+                if (entry.hooks)
+                    return !entry.hooks.some(h => h.command?.includes('guardion'));
+                return !entry.command?.includes('guardion');
+            });
+            if (filtered.length === 0)
+                delete cleaned.hooks[event];
+            else
+                cleaned.hooks[event] = filtered;
+        }
+        if (Object.keys(cleaned.hooks).length === 0)
+            delete cleaned.hooks;
+    }
+    return cleaned;
+}
+//# sourceMappingURL=installer.js.map

package/dist/connectors/claude-code/src/installer.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"installer.js","sourceRoot":"","sources":["../../../../connectors/claude-code/src/installer.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAQ,SAAS,CAAC;AAC3B,OAAO,IAAI,MAAM,WAAW,CAAC;AAC7B,OAAO,EAAE,aAAa,EAAE,MAAM,UAAU,CAAC;AACzC,OAAO,EAEL,aAAa,EACb,WAAW,EACX,cAAc,EACd,eAAe,EACf,aAAa,GACd,MAAM,4BAA4B,CAAC;AAEpC,OAAO,EAEL,eAAe,EACf,kBAAkB,GACnB,MAAM,yBAAyB,CAAC;AAEjC,iEAAiE;AACjE,MAAM,gBAAgB,GAAG,mCAAmC,CAAC;AAE7D,sEAAsE;AACtE,SAAS,oBAAoB;IAC3B,MAAM,IAAI,GAAG,IAAI,CAAC,OAAO,CAAC,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;IAC1D,MAAM,UAAU,GAAG;QACjB,IAAI,CAAC,OAAO,CAAC,IAAI,EAAE,IAAI,EAAE,OAAO,EAAE,mBAAmB,CAAC;QACtD,IAAI,CAAC,OAAO,CAAC,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,OAAO,EAAE,mBAAmB,CAAC;KAC7D,CAAC;IACF,KAAK,MAAM,CAAC,IAAI,UAAU,EAAE,CAAC;QAC3B,IAAI,EAAE,CAAC,UAAU,CAAC,CAAC,CAAC;YAAE,OAAO,CAAC,CAAC;IACjC,CAAC;IACD,OAAO,UAAU,CAAC,CAAC,CAAC,CAAC;AACvB,CAAC;AAUD,SAAS,WAAW,CAAC,GAAY;IAC/B,OAAO,GAAG,CAAC,CAAC,CAAC,QAAQ,oBAAoB,EAAE,EAAE,CAAC,CAAC,CAAC,gBAAgB,CAAC;AACnE,CAAC;AAED,SAAS,UAAU,CACjB,GAAmB,EACnB,GAAY;IAEZ,MAAM,OAAO,GAAG,WAAW,CAAC,GAAG,CAAC,CAAC;IACjC,MAAM,MAAM,GAAI,kBAAkB,CAAC,GAAG,CAAC,CAAC;IACxC,MAAM,MAAM,GAAwC,EAAE,CAAC;IACvD,KAAK,MAAM,KAAK,IAAI,MAAM,EAAE,CAAC;QAC3B,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,EAAE,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,CAAC,EAAE,IAAI,EAAE,SAAS,EAAE,OAAO,EAAE,CAAC,EAAE,CAAC,CAAC;IAC3E,CAAC;IACD,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,iFAAiF;AAEjF,SAAS,QAAQ,CAAC,GAAmB,EAAE,KAAa;IAClD,MAAM,IAAI,GAA2B;QACnC,aAAa,EAAS,GAAG,CAAC,IAAI;QAC9B,gBAAgB,EAAM,GAAG,CAAC,OAAO;QACjC,eAAe,EAAO,GAAG,CAAC,MAAM;QAChC,oBAAoB,EAAE,GAAG,CAAC,WAAW;KACtC,CAAC;IAEF,IAAI,GAAG,CAAC,IAAI,KAAK,MAAM,EAAE,CAAC;QACxB,MAAM,EAAE,GAAS,EAAE,GAAG,eAAe,EAAE,GAAG,GAAG,CAAC,OAAO,EAAE,CAAC;QACxD,MAAM,QAAQ,GAAG,EAAE,CAAC,QAAQ,CAAC;QAE7B,gEAAgE;QAChE,kDAAkD;QAClD,MAAM,aAAa,GAAa;YAC9B,GAAG,cAAc,KAAK,KAAK,EAAE;YAC7B,GAAG,eAAe,KAAK,QAAQ,EAAE;YACjC,GAAG,aAAa,KAAK,GAAG,CAAC,MAAM,EAAE;SAClC,CAAC;QACF,IAAI,QAAQ,KAAK,WAAW,EAAE,CAAC;YAC7B,IAAI,EAAE,CAAC,iBAAiB;gBAAE,aAAa,CAAC,IAAI,CAAC,iCAAiC,EAAE,CAAC,iBAAiB,EAAE,CAAC,CAAC;YACtG,IAAI,EAAE,CAAC,aAAa;gBAAM,aAAa,CAAC,IAAI,CAAC,6BAA6B,EAAE,CAAC,aAAa,EAAE,CAAC,CAAC;QAChG,CAAC;QAED,IAAI,CAAC,kBAAkB,GAAS,EAAE,CAAC,GAAG,CAAC;QACvC,IAAI,CAAC,wBAAwB,GAAG,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACzD,IAAI,CAAC,oBAAoB,GAAO,EAAE,CAAC,GAAG,CAAC;QACvC,IAAI,CAAC,gBAAgB,GAAW,EAAE,CAAC,OAAO,CAAC;IAC7C,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC;AAED,gFAAgF;AAChF,4EAA4E;AAC5E,6DAA6D;AAE7D,SAAS,iBAAiB,CACxB,OAAwC,EACxC,UAAkB;IAElB,MAAM,GAAG,GAAoC,EAAE,CAAC;IAChD,KAAK,MAAM,CAAC,IAAI,EAAE,GAAG,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC;QAClD,gEAAgE;QAChE,IAAI,OAAO,GAAG,CAAC,GAAG,KAAK,QAAQ,IAAI,GAAG,CAAC,GAAG,CAAC,QAAQ,CAAC,UAAU,CAAC,EAAE,CAAC;YAChE,GAAG,CAAC,IAAI,CAAC,GAAG,GAAG,CAAC;YAChB,SAAS;QACX,CAAC;QACD,GAAG,CAAC,IAAI,CAAC,GAAG;YACV,IAAI,EAAK,MAAM;YACf,GAAG,EAAM,GAAG,UAAU,IAAI,IAAI,MAAM;YACpC,OAAO,EAAE,EAAE,aAAa,EAAE,wBAAwB,EAAE;SACrD,CAAC;IACJ,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AAWD,MAAM,UAAU,KAAK,CAAC,IAAgB,EAAE,IAAkB;IACxD,MAAM,IAAI,GAAmB,IAAI,CAAC,QAAQ;QACxC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QAC3C,CAAC,CAAC,EAAE,CAAC;IAEP,IAAI,CAAC,GAAG,GAAK,EAAE,GAAG,CAAC,IAAI,CAAC,GAAG,IAAI,EAAE,CAAC,EAAI,GAAG,QAAQ,CAAC,IAAI,CAAC,MAAM,EAAE,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;IAC7E,IAAI,CAAC,KAAK,GAAG,EAAE,GAAG,CAAC,IAAI,CAAC,KAAK,IAAI,EAAE,CAAC,EAAE,GAAG,UAAU,CAAC,IAAI,CAAC,MAAM,EAAE,IAAI,CAAC,GAAG,IAAI,KAAK,CAAC,EAAE,CAAC;IAEtF,gEAAgE;IAChE,IAAI,IAAI,CAAC,MAAM,CAAC,IAAI,KAAK,MAAM,IAAI,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC3E,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,OAAO;eACtC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,2BAA2B,CAAC,CAAC,CAAC,eAAe,CAAC,OAAO,CAAC,CAAC;QACxE,IAAI,CAAC,UAAU,GAAG;YAChB,GAAG,CAAC,IAAI,CAAC,UAAU,IAAI,EAAE,CAAC;YAC1B,GAAG,iBAAiB,CAAC,IAAI,CAAC,UAAU,EAAE,MAAM,CAAC;SAC9C,CAAC;IACJ,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC;AAED,iFAAiF;AAEjF,MAAM,UAAU,aAAa,CAAC,QAAgB,EAAE,QAAwB;IACtE,MAAM,GAAG,GAAG,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;IACnC,EAAE,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IACvC,MAAM,GAAG,GAAG,QAAQ,GAAG,MAAM,CAAC;IAC9B,EAAE,CAAC,aAAa,CAAC,GAAG,EAAE,IAAI,CAAC,SAAS,CAAC,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAC,GAAG,IAAI,EAAE,OAAO,CAAC,CAAC;IACzE,EAAE,CAAC,UAAU,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAC;AAC/B,CAAC;AAED,gFAAgF;AAEhF,MAAM,UAAU,MAAM,CAAC,YAAoB;IACzC,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,YAAY,CAAC;QAAE,OAAO,IAAI,CAAC;IAC9C,MAAM,EAAE,GAAW,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC,OAAO,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;IAC/E,MAAM,UAAU,GAAG,GAAG,YAAY,GAAG,aAAa,IAAI,EAAE,MAAM,CAAC;IAC/D,EAAE,CAAC,YAAY,CAAC,YAAY,EAAE,UAAU,CAAC,CAAC;IAC1C,YAAY,CAAC,YAAY,CAAC,CAAC;IAC3B,OAAO,UAAU,CAAC;AACpB,CAAC;AAED,SAAS,YAAY,CAAC,YAAoB;IACxC,MAAM,GAAG,GAAM,IAAI,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC;IAC1C,MAAM,IAAI,GAAK,IAAI,CAAC,QAAQ,CAAC,YAAY,CAAC,CAAC;IAC3C,MAAM,MAAM,GAAG,GAAG,IAAI,GAAG,aAAa,GAAG,CAAC;IAC1C,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,EAAE,CAAC,WAAW,CAAC,GAAG,CAAC;aAChC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,UAAU,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;aACvD,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,KAAK,EAAE,EAAE,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC;aACtE,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC;QACrC,KAAK,MAAM,GAAG,IAAI,OAAO,CAAC,KAAK,CAAC,WAAW,CAAC,EAAE,CAAC;YAC7C,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC;QAC1C,CAAC;IACH,CAAC;IAAC,MAAM,CAAC,CAAC,kBAAkB,CAAC,CAAC;AAChC,CAAC;AAED,iFAAiF;AAEjF,MAAM,UAAU,OAAO,CAAC,YAAoB;IAC1C,MAAM,GAAG,GAAM,IAAI,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC;IAC1C,MAAM,IAAI,GAAK,IAAI,CAAC,QAAQ,CAAC,YAAY,CAAC,CAAC;IAC3C,MAAM,MAAM,GAAG,GAAG,IAAI,GAAG,aAAa,GAAG,CAAC;IAC1C,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,EAAE,CAAC,WAAW,CAAC,GAAG,CAAC;aAChC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,UAAU,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;aACvD,IAAI,EAAE,CAAC,OAAO,EAAE,CAAC;QACpB,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC;YAAE,OAAO,IAAI,CAAC;QACtC,MAAM,MAAM,GAAG,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC;QAC1C,EAAE,CAAC,YAAY,CAAC,MAAM,EAAE,YAAY,CAAC,CAAC;QACtC,EAAE,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC;QACtB,OAAO,MAAM,CAAC;IAChB,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,iFAAiF;AAEjF,MAAM,UAAU,qBAAqB,CAAC,QAAwB;IAC5D,MAAM,OAAO,GAAmB,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC,CAAC;IAErE,IAAI,OAAO,CAAC,GAAG,EAAE,CAAC;QAChB,KAAK,MAAM,GAAG,IAAI,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC;YAC3C,IAAI,GAAG,CAAC,UAAU,CAAC,WAAW,CAAC,IAAI,GAAG,KAAK,oBAAoB,EAAE,CAAC;gBAChE,OAAO,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;YAC1B,CAAC;QACH,CAAC;QACD,gFAAgF;QAChF,kEAAkE;QAClE,IAAI,OAAO,CAAC,GAAG,CAAC,wBAAwB,EAAE,CAAC;YACzC,MAAM,KAAK,GAAG,OAAO,CAAC,GAAG,CAAC,wBAAwB,CAAC,KAAK,CAAC,IAAI,CAAC;iBAC3D,MAAM,CAAC,CAAC,CAAS,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,aAAa,CAAC,CAAC,CAAC;YACvD,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC;gBAAE,OAAO,OAAO,CAAC,GAAG,CAAC,wBAAwB,CAAC;;gBAC/D,OAAO,CAAC,GAAG,CAAC,wBAAwB,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC/D,CAAC;IACH,CAAC;IAED,IAAI,OAAO,CAAC,KAAK,EAAE,CAAC;QAClB,KAAK,MAAM,CAAC,KAAK,EAAE,QAAQ,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;YAC9D,MAAM,QAAQ,GAAI,QAGf,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE;gBACjB,IAAI,KAAK,CAAC,KAAK;oBAAE,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,CAAC,CAAC;gBAChF,OAAO,CAAC,KAAK,CAAC,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,CAAC;YAC9C,CAAC,CAAC,CAAC;YACH,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC;gBAAE,OAAO,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;;gBAClD,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,QAAQ,CAAC;QACvC,CAAC;QACD,IAAI,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,MAAM,KAAK,CAAC;YAAE,OAAO,OAAO,CAAC,KAAK,CAAC;IACpE,CAAC;IAED,OAAO,OAAO,CAAC;AACjB,CAAC"}

package/dist/connectors/claude-code/src/scanner.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"scanner.d.ts","sourceRoot":"","sources":["../../../../connectors/claude-code/src/scanner.ts"],"names":[],"mappings":"AAKA,MAAM,WAAW,cAAc;IAC7B,GAAG,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAC7B,KAAK,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,EAAE,CAAC,CAAC;IAClC,UAAU,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,eAAe,CAAC,CAAC;IAC7C,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;CACxB;AAED,MAAM,WAAW,eAAe;IAC9B,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,IAAI,CAAC,EAAE,MAAM,EAAE,CAAC;IAChB,GAAG,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAC7B,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACjC,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;CACxB;AAED,MAAM,WAAW,UAAU;IACzB,YAAY,EAAE,MAAM,CAAC;IACrB,QAAQ,EAAE,cAAc,GAAG,IAAI,CAAC;IAChC,mBAAmB,EAAE,OAAO,CAAC;IAC7B,UAAU,EAAE,MAAM,CAAC,MAAM,EAAE,eAAe,CAAC,CAAC;CAC7C;AAED,wBAAgB,YAAY,CAAC,QAAQ,EAAE,MAAM,GAAG,cAAc,GAAG,IAAI,CAMpE;AAED,wBAAgB,IAAI,IAAI,UAAU,CAejC"}

package/dist/{scanner.js → connectors/claude-code/src/scanner.js}

@@ -1,5 +1,5 @@
 import fs from 'node:fs';
-import { CLAUDE_SETTINGS_PATH } from './constants.js';
+import { CLAUDE_SETTINGS_PATH } from '../../../core/constants.js';
 export function readSettings(filePath) {
     try {
         return JSON.parse(fs.readFileSync(filePath, 'utf-8'));

package/dist/connectors/claude-code/src/scanner.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"scanner.js","sourceRoot":"","sources":["../../../../connectors/claude-code/src/scanner.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,SAAS,CAAC;AAGzB,OAAO,EAAE,oBAAoB,EAAE,MAAM,4BAA4B,CAAC;AA0BlE,MAAM,UAAU,YAAY,CAAC,QAAgB;IAC3C,IAAI,CAAC;QACH,OAAO,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,YAAY,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAmB,CAAC;IAC1E,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,MAAM,UAAU,IAAI;IAClB,MAAM,YAAY,GAAG,oBAAoB,CAAC;IAC1C,MAAM,QAAQ,GAAG,YAAY,CAAC,YAAY,CAAC,CAAC;IAC5C,MAAM,UAAU,GAAG;QACjB,GAAG,CAAC,QAAQ,EAAE,UAAU,IAAI,EAAE,CAAC;KAChC,CAAC;IAEF,uEAAuE;IACvE,MAAM,mBAAmB,GAAG,OAAO,CACjC,QAAQ,EAAE,GAAG,EAAE,aAAa;QAC1B,QAAQ,EAAE,GAAG,EAAE,gBAAgB;QAC/B,IAAI,CAAC,SAAS,CAAC,QAAQ,EAAE,KAAK,IAAI,EAAE,CAAC,CAAC,QAAQ,CAAC,UAAU,CAAC,CAC7D,CAAC;IAEF,OAAO,EAAE,YAAY,EAAE,QAAQ,EAAE,mBAAmB,EAAE,UAAU,EAAE,CAAC;AACrE,CAAC"}

package/dist/core/config.d.ts

@@ -0,0 +1,239 @@
+import { z } from 'zod';
+declare const GatewaySchema: z.ZodObject<{
+    /** Base URL of the Guardion gateway container / cloud endpoint */
+    url: z.ZodDefault<z.ZodString>;
+    /** MCP proxy base URL */
+    mcp_url: z.ZodDefault<z.ZodString>;
+    /** LLM provider the gateway will forward to */
+    provider: z.ZodDefault<z.ZodEnum<["anthropic", "vertex-ai", "bedrock", "openai"]>>;
+    /** Vertex AI only */
+    vertex_project_id: z.ZodDefault<z.ZodString>;
+    vertex_region: z.ZodDefault<z.ZodString>;
+}, "strip", z.ZodTypeAny, {
+    url: string;
+    mcp_url: string;
+    provider: "anthropic" | "vertex-ai" | "bedrock" | "openai";
+    vertex_project_id: string;
+    vertex_region: string;
+}, {
+    url?: string | undefined;
+    mcp_url?: string | undefined;
+    provider?: "anthropic" | "vertex-ai" | "bedrock" | "openai" | undefined;
+    vertex_project_id?: string | undefined;
+    vertex_region?: string | undefined;
+}>;
+declare const HooksConfigSchema: z.ZodObject<{
+    /**
+     * Subset of Claude Code hook events to register.
+     * Defaults to all supported events when omitted.
+     * Security teams can narrow this list via MDM config.
+     */
+    events: z.ZodDefault<z.ZodArray<z.ZodString, "many">>;
+    /** Milliseconds to wait for Guard API before giving up (fire-and-forget) */
+    timeout_ms: z.ZodDefault<z.ZodNumber>;
+}, "strip", z.ZodTypeAny, {
+    events: string[];
+    timeout_ms: number;
+}, {
+    events?: string[] | undefined;
+    timeout_ms?: number | undefined;
+}>;
+declare const InventoryConfigSchema: z.ZodObject<{
+    /** Master switch — set to false to disable all local tool inventory scanning */
+    enabled: z.ZodDefault<z.ZodBoolean>;
+    /** Scan local SKILL.md files (~/.claude/skills, project .claude/skills, plugin cache) */
+    scan_skills: z.ZodDefault<z.ZodBoolean>;
+    /** Scan configured MCP servers (settings.json, .mcp.json) */
+    scan_mcp: z.ZodDefault<z.ZodBoolean>;
+    /** Scan installed plugins / their declared MCP servers */
+    scan_plugins: z.ZodDefault<z.ZodBoolean>;
+    /** Include Claude Code built-in tools (Bash, Read, Write, …) */
+    scan_builtins: z.ZodDefault<z.ZodBoolean>;
+}, "strip", z.ZodTypeAny, {
+    enabled: boolean;
+    scan_skills: boolean;
+    scan_mcp: boolean;
+    scan_plugins: boolean;
+    scan_builtins: boolean;
+}, {
+    enabled?: boolean | undefined;
+    scan_skills?: boolean | undefined;
+    scan_mcp?: boolean | undefined;
+    scan_plugins?: boolean | undefined;
+    scan_builtins?: boolean | undefined;
+}>;
+declare const ConfigSchema: z.ZodObject<{
+    version: z.ZodLiteral<1>;
+    /**
+     * Deployment tier:
+     *   hooks — fire-and-forget hook events to Guard API, no LLM proxy
+     *   full  — route all LLM traffic through Guardion gateway + hook events
+     */
+    tier: z.ZodEnum<["hooks", "full"]>;
+    /** Guard API base URL */
+    api_url: z.ZodString;
+    /** Policy slug to evaluate hook events against */
+    policy: z.ZodString;
+    /** Application label attached to every event in the console */
+    application: z.ZodString;
+    /** Gateway proxy settings (full tier only) */
+    gateway: z.ZodOptional<z.ZodObject<{
+        /** Base URL of the Guardion gateway container / cloud endpoint */
+        url: z.ZodDefault<z.ZodString>;
+        /** MCP proxy base URL */
+        mcp_url: z.ZodDefault<z.ZodString>;
+        /** LLM provider the gateway will forward to */
+        provider: z.ZodDefault<z.ZodEnum<["anthropic", "vertex-ai", "bedrock", "openai"]>>;
+        /** Vertex AI only */
+        vertex_project_id: z.ZodDefault<z.ZodString>;
+        vertex_region: z.ZodDefault<z.ZodString>;
+    }, "strip", z.ZodTypeAny, {
+        url: string;
+        mcp_url: string;
+        provider: "anthropic" | "vertex-ai" | "bedrock" | "openai";
+        vertex_project_id: string;
+        vertex_region: string;
+    }, {
+        url?: string | undefined;
+        mcp_url?: string | undefined;
+        provider?: "anthropic" | "vertex-ai" | "bedrock" | "openai" | undefined;
+        vertex_project_id?: string | undefined;
+        vertex_region?: string | undefined;
+    }>>;
+    /** Hook event configuration */
+    hooks: z.ZodOptional<z.ZodObject<{
+        /**
+         * Subset of Claude Code hook events to register.
+         * Defaults to all supported events when omitted.
+         * Security teams can narrow this list via MDM config.
+         */
+        events: z.ZodDefault<z.ZodArray<z.ZodString, "many">>;
+        /** Milliseconds to wait for Guard API before giving up (fire-and-forget) */
+        timeout_ms: z.ZodDefault<z.ZodNumber>;
+    }, "strip", z.ZodTypeAny, {
+        events: string[];
+        timeout_ms: number;
+    }, {
+        events?: string[] | undefined;
+        timeout_ms?: number | undefined;
+    }>>;
+    /** Local tool inventory scanning (sent to Guard API on SessionStart) */
+    inventory: z.ZodOptional<z.ZodObject<{
+        /** Master switch — set to false to disable all local tool inventory scanning */
+        enabled: z.ZodDefault<z.ZodBoolean>;
+        /** Scan local SKILL.md files (~/.claude/skills, project .claude/skills, plugin cache) */
+        scan_skills: z.ZodDefault<z.ZodBoolean>;
+        /** Scan configured MCP servers (settings.json, .mcp.json) */
+        scan_mcp: z.ZodDefault<z.ZodBoolean>;
+        /** Scan installed plugins / their declared MCP servers */
+        scan_plugins: z.ZodDefault<z.ZodBoolean>;
+        /** Include Claude Code built-in tools (Bash, Read, Write, …) */
+        scan_builtins: z.ZodDefault<z.ZodBoolean>;
+    }, "strip", z.ZodTypeAny, {
+        enabled: boolean;
+        scan_skills: boolean;
+        scan_mcp: boolean;
+        scan_plugins: boolean;
+        scan_builtins: boolean;
+    }, {
+        enabled?: boolean | undefined;
+        scan_skills?: boolean | undefined;
+        scan_mcp?: boolean | undefined;
+        scan_plugins?: boolean | undefined;
+        scan_builtins?: boolean | undefined;
+    }>>;
+    /**
+     * P2 enforcement: when true, PreToolUse/PostToolUse make a SYNCHRONOUS Guard
+     * eval and can deny/warn on tool input+output. Default OFF (observability-
+     * first) so policy false positives can't block real work on day one.
+     */
+    enforce: z.ZodDefault<z.ZodBoolean>;
+    /**
+     * If the Guard eval is unreachable/times out: false (default) = fail-open
+     * (allow); true = fail-closed (deny). Should mirror the policy's fail_mode.
+     */
+    fail_closed: z.ZodDefault<z.ZodBoolean>;
+    /**
+     * Default mode for the `guardion mcp` interposer when not set per-server:
+     *   dlp (anonymize, never block) | enforce (block on deny + redact) | monitor (observe).
+     * Per-server `--mode` on the injected prefix overrides this.
+     */
+    mode: z.ZodOptional<z.ZodEnum<["dlp", "enforce", "monitor"]>>;
+    /** Interposer: apply Guard corrections (default true). */
+    redact: z.ZodOptional<z.ZodBoolean>;
+    /** Interposer: tool-list integrity check at connect (default true). */
+    integrity: z.ZodOptional<z.ZodBoolean>;
+}, "strip", z.ZodTypeAny, {
+    version: 1;
+    tier: "hooks" | "full";
+    api_url: string;
+    policy: string;
+    application: string;
+    enforce: boolean;
+    fail_closed: boolean;
+    hooks?: {
+        events: string[];
+        timeout_ms: number;
+    } | undefined;
+    gateway?: {
+        url: string;
+        mcp_url: string;
+        provider: "anthropic" | "vertex-ai" | "bedrock" | "openai";
+        vertex_project_id: string;
+        vertex_region: string;
+    } | undefined;
+    inventory?: {
+        enabled: boolean;
+        scan_skills: boolean;
+        scan_mcp: boolean;
+        scan_plugins: boolean;
+        scan_builtins: boolean;
+    } | undefined;
+    mode?: "enforce" | "dlp" | "monitor" | undefined;
+    redact?: boolean | undefined;
+    integrity?: boolean | undefined;
+}, {
+    version: 1;
+    tier: "hooks" | "full";
+    api_url: string;
+    policy: string;
+    application: string;
+    hooks?: {
+        events?: string[] | undefined;
+        timeout_ms?: number | undefined;
+    } | undefined;
+    gateway?: {
+        url?: string | undefined;
+        mcp_url?: string | undefined;
+        provider?: "anthropic" | "vertex-ai" | "bedrock" | "openai" | undefined;
+        vertex_project_id?: string | undefined;
+        vertex_region?: string | undefined;
+    } | undefined;
+    inventory?: {
+        enabled?: boolean | undefined;
+        scan_skills?: boolean | undefined;
+        scan_mcp?: boolean | undefined;
+        scan_plugins?: boolean | undefined;
+        scan_builtins?: boolean | undefined;
+    } | undefined;
+    enforce?: boolean | undefined;
+    fail_closed?: boolean | undefined;
+    mode?: "enforce" | "dlp" | "monitor" | undefined;
+    redact?: boolean | undefined;
+    integrity?: boolean | undefined;
+}>;
+export type GuardionConfig = z.infer<typeof ConfigSchema>;
+export type GatewayConfig = z.infer<typeof GatewaySchema>;
+export type HooksConfig = z.infer<typeof HooksConfigSchema>;
+export type InventoryConfig = z.infer<typeof InventoryConfigSchema>;
+export declare const DEFAULT_GATEWAY: GatewayConfig;
+export declare const DEFAULT_HOOKS_CONFIG: HooksConfig;
+export declare const DEFAULT_INVENTORY_CONFIG: InventoryConfig;
+export declare const DEFAULT_CONFIG: GuardionConfig;
+/** Resolved hooks events — falls back to all events when not configured */
+export declare function resolvedHookEvents(cfg: GuardionConfig): readonly string[];
+export declare function readConfig(): GuardionConfig | null;
+export declare function readConfigOrDefault(): GuardionConfig;
+export declare function writeConfig(cfg: GuardionConfig): void;
+export {};
+//# sourceMappingURL=config.d.ts.map

package/dist/core/config.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../../core/config.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAaxB,QAAA,MAAM,aAAa;IACjB,kEAAkE;;IAElE,yBAAyB;;IAEzB,+CAA+C;;IAE/C,qBAAqB;;;;;;;;;;;;;;;EAGrB,CAAC;AAEH,QAAA,MAAM,iBAAiB;IACrB;;;;OAIG;;IAEH,4EAA4E;;;;;;;;EAE5E,CAAC;AAEH,QAAA,MAAM,qBAAqB;IACzB,gFAAgF;;IAEhF,yFAAyF;;IAEzF,6DAA6D;;IAE7D,0DAA0D;;IAE1D,gEAAgE;;;;;;;;;;;;;;EAEhE,CAAC;AAIH,QAAA,MAAM,YAAY;;IAEhB;;;;OAIG;;IAEH,yBAAyB;;IAEzB,kDAAkD;;IAElD,+DAA+D;;IAE/D,8CAA8C;;QAnD9C,kEAAkE;;QAElE,yBAAyB;;QAEzB,+CAA+C;;QAE/C,qBAAqB;;;;;;;;;;;;;;;;IA+CrB,+BAA+B;;QAzC/B;;;;WAIG;;QAEH,4EAA4E;;;;;;;;;IAqC5E,wEAAwE;;QAhCxE,gFAAgF;;QAEhF,yFAAyF;;QAEzF,6DAA6D;;QAE7D,0DAA0D;;QAE1D,gEAAgE;;;;;;;;;;;;;;;IA0BhE;;;;OAIG;;IAEH;;;OAGG;;IAEH;;;;OAIG;;IAEH,0DAA0D;;IAE1D,uEAAuE;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAEvE,CAAC;AAEH,MAAM,MAAM,cAAc,GAAK,CAAC,CAAC,KAAK,CAAC,OAAO,YAAY,CAAC,CAAC;AAC5D,MAAM,MAAM,aAAa,GAAM,CAAC,CAAC,KAAK,CAAC,OAAO,aAAa,CAAC,CAAC;AAC7D,MAAM,MAAM,WAAW,GAAQ,CAAC,CAAC,KAAK,CAAC,OAAO,iBAAiB,CAAC,CAAC;AACjE,MAAM,MAAM,eAAe,GAAI,CAAC,CAAC,KAAK,CAAC,OAAO,qBAAqB,CAAC,CAAC;AAIrE,eAAO,MAAM,eAAe,EAAE,aAM7B,CAAC;AAEF,eAAO,MAAM,oBAAoB,EAAE,WAGlC,CAAC;AAEF,eAAO,MAAM,wBAAwB,EAAE,eAMtC,CAAC;AAEF,eAAO,MAAM,cAAc,EAAE,cAQ5B,CAAC;AAEF,2EAA2E;AAC3E,wBAAgB,kBAAkB,CAAC,GAAG,EAAE,cAAc,GAAG,SAAS,MAAM,EAAE,CAKzE;AAID,wBAAgB,UAAU,IAAI,cAAc,GAAG,IAAI,CASlD;AAED,wBAAgB,mBAAmB,IAAI,cAAc,CAEpD;AAID,wBAAgB,WAAW,CAAC,GAAG,EAAE,cAAc,GAAG,IAAI,CAerD"}