@intutic/cli 0.1.0 → 0.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (162) hide show
  1. package/dist/cli.js +309 -0
  2. package/dist/cli.js.map +1 -1
  3. package/dist/commands/benchmark.d.ts +31 -0
  4. package/dist/commands/benchmark.d.ts.map +1 -0
  5. package/dist/commands/benchmark.js +211 -0
  6. package/dist/commands/benchmark.js.map +1 -0
  7. package/dist/commands/connect.d.ts +8 -6
  8. package/dist/commands/connect.d.ts.map +1 -1
  9. package/dist/commands/connect.js +322 -82
  10. package/dist/commands/connect.js.map +1 -1
  11. package/dist/commands/enterprise-install.d.ts +36 -0
  12. package/dist/commands/enterprise-install.d.ts.map +1 -0
  13. package/dist/commands/enterprise-install.js +289 -0
  14. package/dist/commands/enterprise-install.js.map +1 -0
  15. package/dist/commands/eval.d.ts +13 -0
  16. package/dist/commands/eval.d.ts.map +1 -0
  17. package/dist/commands/eval.js +67 -0
  18. package/dist/commands/eval.js.map +1 -0
  19. package/dist/commands/exec.d.ts +34 -0
  20. package/dist/commands/exec.d.ts.map +1 -0
  21. package/dist/commands/exec.js +114 -0
  22. package/dist/commands/exec.js.map +1 -0
  23. package/dist/commands/exec.test.d.ts +2 -0
  24. package/dist/commands/exec.test.d.ts.map +1 -0
  25. package/dist/commands/exec.test.js +29 -0
  26. package/dist/commands/exec.test.js.map +1 -0
  27. package/dist/commands/export.d.ts +21 -0
  28. package/dist/commands/export.d.ts.map +1 -0
  29. package/dist/commands/export.js +116 -0
  30. package/dist/commands/export.js.map +1 -0
  31. package/dist/commands/init.d.ts.map +1 -1
  32. package/dist/commands/init.js +28 -2
  33. package/dist/commands/init.js.map +1 -1
  34. package/dist/commands/install-daemon.d.ts +61 -0
  35. package/dist/commands/install-daemon.d.ts.map +1 -0
  36. package/dist/commands/install-daemon.js +691 -0
  37. package/dist/commands/install-daemon.js.map +1 -0
  38. package/dist/commands/install-daemon.test.d.ts +2 -0
  39. package/dist/commands/install-daemon.test.d.ts.map +1 -0
  40. package/dist/commands/install-daemon.test.js +93 -0
  41. package/dist/commands/install-daemon.test.js.map +1 -0
  42. package/dist/commands/login.js +2 -2
  43. package/dist/commands/login.js.map +1 -1
  44. package/dist/commands/logout.js +1 -1
  45. package/dist/commands/logout.js.map +1 -1
  46. package/dist/commands/mdm.d.ts +23 -0
  47. package/dist/commands/mdm.d.ts.map +1 -0
  48. package/dist/commands/mdm.js +134 -0
  49. package/dist/commands/mdm.js.map +1 -0
  50. package/dist/commands/sop-audit.d.ts +17 -0
  51. package/dist/commands/sop-audit.d.ts.map +1 -0
  52. package/dist/commands/sop-audit.js +136 -0
  53. package/dist/commands/sop-audit.js.map +1 -0
  54. package/dist/commands/status.d.ts.map +1 -1
  55. package/dist/commands/status.js +53 -1
  56. package/dist/commands/status.js.map +1 -1
  57. package/dist/commands/syncContext.d.ts +18 -0
  58. package/dist/commands/syncContext.d.ts.map +1 -0
  59. package/dist/commands/syncContext.js +37 -0
  60. package/dist/commands/syncContext.js.map +1 -0
  61. package/dist/commands/traces.d.ts +13 -0
  62. package/dist/commands/traces.d.ts.map +1 -1
  63. package/dist/commands/traces.js +104 -10
  64. package/dist/commands/traces.js.map +1 -1
  65. package/dist/commands/whoami.js +1 -1
  66. package/dist/commands/whoami.js.map +1 -1
  67. package/dist/config/keychain.d.ts +28 -0
  68. package/dist/config/keychain.d.ts.map +1 -0
  69. package/dist/config/keychain.js +99 -0
  70. package/dist/config/keychain.js.map +1 -0
  71. package/dist/config/store.d.ts +3 -3
  72. package/dist/config/store.d.ts.map +1 -1
  73. package/dist/config/store.js +30 -6
  74. package/dist/config/store.js.map +1 -1
  75. package/dist/harness/aider.d.ts +4 -3
  76. package/dist/harness/aider.d.ts.map +1 -1
  77. package/dist/harness/aider.js +13 -27
  78. package/dist/harness/aider.js.map +1 -1
  79. package/dist/harness/claudeDesktop.d.ts +18 -0
  80. package/dist/harness/claudeDesktop.d.ts.map +1 -0
  81. package/dist/harness/claudeDesktop.js +69 -0
  82. package/dist/harness/claudeDesktop.js.map +1 -0
  83. package/dist/harness/cline.d.ts +13 -0
  84. package/dist/harness/cline.d.ts.map +1 -0
  85. package/dist/harness/cline.js +75 -0
  86. package/dist/harness/cline.js.map +1 -0
  87. package/dist/harness/codex.d.ts +4 -4
  88. package/dist/harness/codex.d.ts.map +1 -1
  89. package/dist/harness/codex.js +33 -21
  90. package/dist/harness/codex.js.map +1 -1
  91. package/dist/harness/continue.d.ts +14 -0
  92. package/dist/harness/continue.d.ts.map +1 -0
  93. package/dist/harness/continue.js +97 -0
  94. package/dist/harness/continue.js.map +1 -0
  95. package/dist/harness/cursor.d.ts +13 -1
  96. package/dist/harness/cursor.d.ts.map +1 -1
  97. package/dist/harness/cursor.js +59 -3
  98. package/dist/harness/cursor.js.map +1 -1
  99. package/dist/harness/detector.d.ts +1 -1
  100. package/dist/harness/detector.d.ts.map +1 -1
  101. package/dist/harness/detector.js +13 -1
  102. package/dist/harness/detector.js.map +1 -1
  103. package/dist/harness/goose.d.ts +13 -0
  104. package/dist/harness/goose.d.ts.map +1 -0
  105. package/dist/harness/goose.js +45 -0
  106. package/dist/harness/goose.js.map +1 -0
  107. package/dist/harness/n8n.d.ts +8 -4
  108. package/dist/harness/n8n.d.ts.map +1 -1
  109. package/dist/harness/n8n.js +108 -13
  110. package/dist/harness/n8n.js.map +1 -1
  111. package/dist/harness/openWebUI.d.ts +13 -0
  112. package/dist/harness/openWebUI.d.ts.map +1 -0
  113. package/dist/harness/openWebUI.js +25 -0
  114. package/dist/harness/openWebUI.js.map +1 -0
  115. package/dist/harness/openhands.d.ts +3 -3
  116. package/dist/harness/openhands.d.ts.map +1 -1
  117. package/dist/harness/openhands.js +13 -9
  118. package/dist/harness/openhands.js.map +1 -1
  119. package/dist/harness/rooCode.d.ts +14 -0
  120. package/dist/harness/rooCode.d.ts.map +1 -0
  121. package/dist/harness/rooCode.js +77 -0
  122. package/dist/harness/rooCode.js.map +1 -0
  123. package/dist/harness/types.d.ts.map +1 -1
  124. package/dist/harness/types.js +6 -0
  125. package/dist/harness/types.js.map +1 -1
  126. package/dist/harness/vscodeSettingsWriter.d.ts +40 -0
  127. package/dist/harness/vscodeSettingsWriter.d.ts.map +1 -0
  128. package/dist/harness/vscodeSettingsWriter.js +116 -0
  129. package/dist/harness/vscodeSettingsWriter.js.map +1 -0
  130. package/dist/harness/windsurf.d.ts +13 -1
  131. package/dist/harness/windsurf.d.ts.map +1 -1
  132. package/dist/harness/windsurf.js +58 -3
  133. package/dist/harness/windsurf.js.map +1 -1
  134. package/dist/lib/api.d.ts +2 -0
  135. package/dist/lib/api.d.ts.map +1 -1
  136. package/dist/lib/api.js +3 -0
  137. package/dist/lib/api.js.map +1 -1
  138. package/dist/lib/envInjector.d.ts +24 -0
  139. package/dist/lib/envInjector.d.ts.map +1 -0
  140. package/dist/lib/envInjector.js +146 -0
  141. package/dist/lib/envInjector.js.map +1 -0
  142. package/dist/lib/envInjector.test.d.ts +2 -0
  143. package/dist/lib/envInjector.test.d.ts.map +1 -0
  144. package/dist/lib/envInjector.test.js +32 -0
  145. package/dist/lib/envInjector.test.js.map +1 -0
  146. package/dist/lib/gitHooks.d.ts +19 -0
  147. package/dist/lib/gitHooks.d.ts.map +1 -0
  148. package/dist/lib/gitHooks.js +58 -0
  149. package/dist/lib/gitHooks.js.map +1 -0
  150. package/dist/lib/onboarding.d.ts +17 -0
  151. package/dist/lib/onboarding.d.ts.map +1 -0
  152. package/dist/lib/onboarding.js +164 -0
  153. package/dist/lib/onboarding.js.map +1 -0
  154. package/dist/lib/process.d.ts +53 -0
  155. package/dist/lib/process.d.ts.map +1 -0
  156. package/dist/lib/process.js +181 -0
  157. package/dist/lib/process.js.map +1 -0
  158. package/dist/lib/process.test.d.ts +2 -0
  159. package/dist/lib/process.test.d.ts.map +1 -0
  160. package/dist/lib/process.test.js +44 -0
  161. package/dist/lib/process.test.js.map +1 -0
  162. package/package.json +39 -17
@@ -1,18 +1,20 @@
1
1
  /**
2
2
  * `intutic connect` — Start the sync daemon.
3
3
  *
4
- * Runs a 30-second polling loop that:
5
- * 1. Fetches config from control plane (active SOPs, proxy URL)
6
- * 2. Writes SOP content to harness config files
7
- * 3. Computes SHA-256 hashes of written files
8
- * 4. Reports hashes + status to control plane
4
+ * Runs a persistent WebSocket client for real-time config updates,
5
+ * a real-time filesystem watcher for configuration drift detection,
6
+ * and a 30-second HTTP polling loop as a secondary fallback.
9
7
  *
8
+ * LLD #14 — connect.ts
10
9
  * HLD §3.14 — Real-Time State Mirroring
11
- * LLD #8 — Sync Daemon / CLI
10
+ *
12
11
  * @module
13
12
  */
14
13
  export declare function runConnect(opts: {
15
14
  dev?: boolean;
16
15
  interval?: string;
16
+ workspaceId?: string;
17
+ apiKey?: string;
18
+ controlPlaneUrl?: string;
17
19
  }): Promise<void>;
18
20
  //# sourceMappingURL=connect.d.ts.map
@@ -1 +1 @@
1
- {"version":3,"file":"connect.d.ts","sourceRoot":"","sources":["../../src/commands/connect.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAcH,wBAAsB,UAAU,CAAC,IAAI,EAAE;IAAE,GAAG,CAAC,EAAE,OAAO,CAAC;IAAC,QAAQ,CAAC,EAAE,MAAM,CAAA;CAAE,GAAG,OAAO,CAAC,IAAI,CAAC,CAgK1F"}
1
+ {"version":3,"file":"connect.d.ts","sourceRoot":"","sources":["../../src/commands/connect.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAkCH,wBAAsB,UAAU,CAAC,IAAI,EAAE;IACrC,GAAG,CAAC,EAAE,OAAO,CAAA;IACb,QAAQ,CAAC,EAAE,MAAM,CAAA;IACjB,WAAW,CAAC,EAAE,MAAM,CAAA;IACpB,MAAM,CAAC,EAAE,MAAM,CAAA;IACf,eAAe,CAAC,EAAE,MAAM,CAAA;CACzB,GAAG,OAAO,CAAC,IAAI,CAAC,CAiahB"}
@@ -1,146 +1,380 @@
1
1
  /**
2
2
  * `intutic connect` — Start the sync daemon.
3
3
  *
4
- * Runs a 30-second polling loop that:
5
- * 1. Fetches config from control plane (active SOPs, proxy URL)
6
- * 2. Writes SOP content to harness config files
7
- * 3. Computes SHA-256 hashes of written files
8
- * 4. Reports hashes + status to control plane
4
+ * Runs a persistent WebSocket client for real-time config updates,
5
+ * a real-time filesystem watcher for configuration drift detection,
6
+ * and a 30-second HTTP polling loop as a secondary fallback.
9
7
  *
8
+ * LLD #14 — connect.ts
10
9
  * HLD §3.14 — Real-Time State Mirroring
11
- * LLD #8 — Sync Daemon / CLI
10
+ *
12
11
  * @module
13
12
  */
13
+ import * as node_path from 'node:path';
14
+ import * as node_fs from 'node:fs/promises';
14
15
  import { log } from '../lib/logger.js';
15
- import { loadCredentials, loadConfig, saveConfig, loadIntegrity, saveIntegrity } from '../config/store.js';
16
+ import { loadCredentials, loadConfig, saveConfig, loadIntegrity, saveIntegrity, } from '../config/store.js';
16
17
  import { resolveControlPlaneUrl } from '../config/paths.js';
17
18
  import { createApiClient } from '../lib/api.js';
18
19
  import { getAdapter } from '../harness/detector.js';
20
+ import { printOnboardingGuide } from '../lib/onboarding.js';
19
21
  import { newIso } from '@intutic/id';
20
22
  import pc from 'picocolors';
23
+ import { SyncWsClient, startWatcher, updatePreToolUseHooks, injectMcpServer, guardSettingsFile, writeRuntimeEnv, runComplianceProbes, drainHookEvents, } from '@intutic/sync-daemon';
24
+ import { watch } from 'chokidar';
21
25
  const DEFAULT_POLL_INTERVAL = 30_000;
22
26
  export async function runConnect(opts) {
23
27
  // 1. Load credentials + config
24
- const creds = loadCredentials();
28
+ let creds = await loadCredentials();
29
+ if (opts.workspaceId && opts.apiKey) {
30
+ creds = {
31
+ workspaceId: opts.workspaceId,
32
+ apiKey: opts.apiKey,
33
+ email: 'daemon@intutic.ai',
34
+ controlPlaneUrl: opts.controlPlaneUrl ?? 'https://api.intutic.ai',
35
+ storedAt: newIso(),
36
+ };
37
+ }
25
38
  if (!creds) {
26
39
  log.error('Not authenticated. Run `intutic login` first.');
27
40
  process.exit(1);
28
41
  }
29
- const config = loadConfig();
42
+ let config = loadConfig();
43
+ if (!config && opts.workspaceId && opts.apiKey) {
44
+ config = {
45
+ workspaceId: opts.workspaceId,
46
+ harnesses: [],
47
+ configVersion: 0,
48
+ devMode: opts.dev || false,
49
+ };
50
+ }
30
51
  if (!config) {
31
52
  log.error('Workspace not initialized. Run `intutic init` first.');
32
53
  process.exit(1);
33
54
  }
34
- const devMode = opts.dev || process.env.INTUTIC_DEV === '1' || config.devMode;
35
- const controlPlaneUrl = resolveControlPlaneUrl(devMode);
55
+ const safeCreds = creds;
56
+ const safeConfig = config;
57
+ const devMode = opts.dev || process.env.INTUTIC_DEV === '1' || safeConfig.devMode;
58
+ const controlPlaneUrl = opts.controlPlaneUrl || resolveControlPlaneUrl(devMode);
36
59
  const pollInterval = opts.interval ? parseInt(opts.interval, 10) : DEFAULT_POLL_INTERVAL;
37
60
  const connectedSince = newIso();
38
- const client = createApiClient(controlPlaneUrl, creds.apiKey);
61
+ const client = createApiClient(controlPlaneUrl, safeCreds.apiKey);
39
62
  log.header('Intutic — Sync Daemon');
40
- log.field('Workspace', creds.workspaceId);
63
+ log.field('Workspace', safeCreds.workspaceId);
41
64
  log.field('Control Plane', controlPlaneUrl);
42
65
  log.field('Poll Interval', `${pollInterval / 1000}s`);
43
- log.field('Harnesses', config.harnesses.join(', ') || '(none)');
44
- console.log('');
45
- log.info('Starting sync loop... (Ctrl+C to stop)');
66
+ log.field('Harnesses', safeConfig.harnesses.join(', ') || '(none)');
67
+ // Print onboarding setup instructions for active harnesses
68
+ printOnboardingGuide(safeConfig.harnesses, safeCreds.apiKey, devMode);
69
+ log.info('Starting sync daemon... (Ctrl+C to stop)');
46
70
  console.log('');
47
71
  // 2. AbortController for clean shutdown
48
72
  const ac = new AbortController();
49
73
  const shutdown = () => {
50
- log.info('Shutting down...');
74
+ log.info('Shutting down sync daemon...');
51
75
  ac.abort();
52
76
  };
53
77
  process.on('SIGINT', shutdown);
54
78
  process.on('SIGTERM', shutdown);
55
- // 3. Sync loop
56
- let localConfigVersion = config.configVersion;
57
- while (!ac.signal.aborted) {
58
- try {
59
- // a. Fetch config from control plane
60
- const syncConfig = await client.fetchConfig(creds.workspaceId);
61
- let sopsWritten = 0;
62
- // b. If config version is newer, write to harness files
63
- if (syncConfig.configVersion > localConfigVersion) {
64
- for (const harnessType of config.harnesses) {
65
- const adapter = getAdapter(harnessType);
66
- if (!adapter)
67
- continue;
68
- const targetSops = syncConfig.sops.filter((sop) => sop.harnessTargets.includes(harnessType));
69
- if (targetSops.length === 0)
70
- continue;
71
- const written = await adapter.writeConfig(config.workspaceRoot, targetSops, syncConfig.proxyUrl);
72
- if (written) {
73
- sopsWritten += targetSops.length;
74
- }
75
- }
76
- localConfigVersion = syncConfig.configVersion;
77
- saveConfig({ ...config, configVersion: localConfigVersion });
78
- }
79
- // c. Compute file hashes + update integrity store
80
- const fileHashes = [];
81
- const canonicalHashes = {};
82
- // Build canonical hash map from synced SOPs
83
- const integrity = loadIntegrity(config.workspaceRoot);
84
- if (integrity) {
85
- Object.assign(canonicalHashes, integrity.files);
86
- }
87
- for (const harnessType of config.harnesses) {
79
+ let localConfigVersion = safeConfig.configVersion;
80
+ let lastCachedConfig = null;
81
+ // 3. Define configuration applier function
82
+ async function applySyncConfig(syncConfig, force = false) {
83
+ let sopsWritten = 0;
84
+ lastCachedConfig = syncConfig;
85
+ if (syncConfig.configVersion > localConfigVersion || force) {
86
+ log.info(`Applying configuration v${syncConfig.configVersion}...`);
87
+ // a. Write configs for all active harnesses
88
+ for (const harnessType of safeConfig.harnesses) {
88
89
  const adapter = getAdapter(harnessType);
89
- if (!adapter || !adapter.configFileName)
90
+ if (!adapter)
90
91
  continue;
91
- const currentHash = await adapter.readCurrentHash(config.workspaceRoot);
92
- if (!currentHash)
92
+ const targetSops = syncConfig.sops.filter((sop) => sop.harnessTargets.includes(harnessType));
93
+ if (targetSops.length === 0 && !force)
93
94
  continue;
94
- const canonical = canonicalHashes[adapter.configFileName] ?? currentHash;
95
- fileHashes.push({
96
- filePath: adapter.configFileName,
97
- localHash: currentHash,
98
- canonicalHash: canonical,
99
- drifted: currentHash !== canonical,
100
- });
101
- // Update canonical hash to current
102
- canonicalHashes[adapter.configFileName] = currentHash;
95
+ const written = await adapter.writeConfig(safeConfig.workspaceRoot, targetSops, syncConfig.proxyUrl);
96
+ if (written) {
97
+ sopsWritten += targetSops.length;
98
+ }
103
99
  }
104
- // Save integrity store
105
- saveIntegrity(config.workspaceRoot, {
106
- lastSyncAt: newIso(),
107
- configVersion: localConfigVersion,
108
- files: canonicalHashes,
100
+ // b. Invalidate/update Claude Code hooks and settings
101
+ if (safeConfig.harnesses.includes('claude-code')) {
102
+ try {
103
+ await updatePreToolUseHooks(safeConfig.workspaceRoot, syncConfig.sops, syncConfig.settings);
104
+ }
105
+ catch (err) {
106
+ log.warn(`Failed to update Claude Code hooks: ${err instanceof Error ? err.message : String(err)}`);
107
+ }
108
+ }
109
+ // c. Inject + proxy-wrap MCP servers across all supported harnesses
110
+ try {
111
+ await injectMcpServer(safeConfig.workspaceRoot, safeCreds.workspaceId);
112
+ }
113
+ catch (err) {
114
+ log.warn(`Failed to inject MCP server configs: ${err instanceof Error ? err.message : String(err)}`);
115
+ }
116
+ localConfigVersion = syncConfig.configVersion;
117
+ saveConfig({ ...safeConfig, configVersion: localConfigVersion });
118
+ }
119
+ // c. Compute file hashes + update integrity store
120
+ const fileHashes = [];
121
+ const canonicalHashes = {};
122
+ // Load current integrity file list
123
+ const integrity = loadIntegrity(safeConfig.workspaceRoot);
124
+ if (integrity) {
125
+ Object.assign(canonicalHashes, integrity.files);
126
+ }
127
+ for (const harnessType of safeConfig.harnesses) {
128
+ const adapter = getAdapter(harnessType);
129
+ if (!adapter || !adapter.configFileName)
130
+ continue;
131
+ const currentHash = await adapter.readCurrentHash(safeConfig.workspaceRoot);
132
+ if (!currentHash)
133
+ continue;
134
+ const canonical = canonicalHashes[adapter.configFileName] ?? currentHash;
135
+ fileHashes.push({
136
+ filePath: adapter.configFileName,
137
+ localHash: currentHash,
138
+ canonicalHash: canonical,
139
+ drifted: currentHash !== canonical,
109
140
  });
110
- // d. Report hashes to control plane
111
- let driftCount = 0;
112
- if (fileHashes.length > 0) {
141
+ // Update canonical hash to current
142
+ canonicalHashes[adapter.configFileName] = currentHash;
143
+ }
144
+ // Save integrity store
145
+ saveIntegrity(safeConfig.workspaceRoot, {
146
+ lastSyncAt: newIso(),
147
+ configVersion: localConfigVersion,
148
+ files: canonicalHashes,
149
+ });
150
+ // d. Report hashes to control plane
151
+ let driftCount = 0;
152
+ if (fileHashes.length > 0) {
153
+ try {
113
154
  const hashReport = await client.reportHashes({
114
- workspaceId: creds.workspaceId,
115
- harnessType: config.harnesses[0],
155
+ workspaceId: safeCreds.workspaceId,
156
+ harnessType: safeConfig.harnesses[0],
116
157
  files: fileHashes,
117
158
  reportedAt: newIso(),
118
159
  });
119
160
  driftCount = hashReport.driftCount;
120
161
  }
121
- // e. Report status
162
+ catch (err) {
163
+ log.warn(`Failed to report integrity hashes: ${err instanceof Error ? err.message : String(err)}`);
164
+ }
165
+ }
166
+ // e. Report status heartbeat
167
+ try {
122
168
  await client.reportStatus({
123
- workspaceId: creds.workspaceId,
169
+ workspaceId: safeCreds.workspaceId,
124
170
  configVersion: localConfigVersion,
125
171
  connectedSince,
126
172
  lastSyncAt: newIso(),
127
- harnesses: config.harnesses.map((h) => ({
173
+ harnesses: safeConfig.harnesses.map((h) => ({
128
174
  type: h,
129
175
  configPath: getAdapter(h)?.configFileName ?? '',
130
176
  detected: true,
131
177
  lastWriteAt: sopsWritten > 0 ? newIso() : null,
132
178
  })),
133
179
  });
134
- // f. Log result
135
- const driftLabel = driftCount > 0 ? pc.yellow(` — ${driftCount} drift(s)`) : '';
136
- log.dim(`[sync] Config v${localConfigVersion} — ${sopsWritten} SOPs synced${driftLabel} — next check in ${pollInterval / 1000}s`);
137
180
  }
138
181
  catch (err) {
139
- // Per-iteration error log and continue
140
- log.error(`Sync failed: ${err instanceof Error ? err.message : String(err)}`);
141
- log.dim('Will retry next interval...');
182
+ log.warn(`Failed to send daemon heartbeat: ${err instanceof Error ? err.message : String(err)}`);
183
+ }
184
+ const driftLabel = driftCount > 0 ? pc.yellow(` ${driftCount} drift(s) detected`) : '';
185
+ log.dim(`[sync] Config v${localConfigVersion} — ${sopsWritten} SOPs synced${driftLabel}`);
186
+ // Refresh runtime env with resolved settings
187
+ try {
188
+ await writeRuntimeEnv({
189
+ controlPlaneUrl,
190
+ apiKey: safeCreds.apiKey,
191
+ workspaceId: safeCreds.workspaceId,
192
+ mcpProxyFailBehavior: syncConfig.settings?.mcpProxyFailBehavior,
193
+ mcpProxyMode: syncConfig.settings?.mcpProxyMode,
194
+ bypassEnforcementTier: syncConfig.settings?.bypassEnforcementTier,
195
+ });
196
+ }
197
+ catch (err) {
198
+ log.warn(`Could not write runtime env file (non-fatal): ${err instanceof Error ? err.message : String(err)}`);
199
+ }
200
+ return sopsWritten;
201
+ }
202
+ // Helper to run compliance probes (Phase 6)
203
+ const runProbes = async () => {
204
+ try {
205
+ const hookEventsLog = node_path.join(safeConfig.workspaceRoot, '.intutic', 'events', 'hook-events.jsonl');
206
+ await node_fs.mkdir(node_path.dirname(hookEventsLog), { recursive: true });
207
+ const probeResults = await runComplianceProbes(safeCreds.workspaceId);
208
+ let hasBypass = false;
209
+ for (const res of probeResults) {
210
+ if (!res.contained && res.incident) {
211
+ const entry = JSON.stringify(res.incident) + '\n';
212
+ await node_fs.appendFile(hookEventsLog, entry, 'utf-8');
213
+ hasBypass = true;
214
+ }
215
+ }
216
+ if (hasBypass) {
217
+ log.warn('[Security] Network containment bypass detected! Incident recorded.');
218
+ }
219
+ }
220
+ catch (err) {
221
+ log.warn(`Compliance probes failed (non-fatal): ${err instanceof Error ? err.message : String(err)}`);
222
+ }
223
+ };
224
+ // Helper to drain hook events (WS-A)
225
+ const runDrain = async () => {
226
+ try {
227
+ const drained = await drainHookEvents(safeConfig.workspaceRoot, controlPlaneUrl, safeCreds.apiKey);
228
+ if (drained > 0) {
229
+ log.info(`[sync-daemon] Drained ${drained} hook governance events to control plane`);
230
+ }
231
+ }
232
+ catch (err) {
233
+ log.warn(`[sync-daemon] Hook event drain error (non-fatal): ${err instanceof Error ? err.message : String(err)}`);
234
+ }
235
+ };
236
+ // Step 0: Write runtime env file (hook scripts source this for credentials)
237
+ try {
238
+ await writeRuntimeEnv({
239
+ controlPlaneUrl,
240
+ apiKey: safeCreds.apiKey,
241
+ workspaceId: safeCreds.workspaceId,
242
+ });
243
+ }
244
+ catch (err) {
245
+ log.warn(`Could not write runtime env file (non-fatal): ${err instanceof Error ? err.message : String(err)}`);
246
+ }
247
+ // 4. Start WebSocket client
248
+ const wsClient = new SyncWsClient({
249
+ controlPlaneUrl,
250
+ apiKey: safeCreds.apiKey,
251
+ workspaceId: safeCreds.workspaceId,
252
+ onConfigUpdate: async (syncConfig) => {
253
+ try {
254
+ await applySyncConfig(syncConfig);
255
+ }
256
+ catch (err) {
257
+ log.error(`Failed to apply push configuration: ${err instanceof Error ? err.message : String(err)}`);
258
+ }
259
+ },
260
+ signal: ac.signal,
261
+ });
262
+ wsClient.connect();
263
+ // FSEvents-driven hook event drain
264
+ const hookEventsLog = node_path.join(safeConfig.workspaceRoot, '.intutic', 'events', 'hook-events.jsonl');
265
+ let fsWatcher = null;
266
+ let drainSafetyTimer = null;
267
+ try {
268
+ await node_fs.mkdir(node_path.dirname(hookEventsLog), { recursive: true });
269
+ fsWatcher = watch(hookEventsLog, { ignoreInitial: true, persistent: false });
270
+ fsWatcher.on('change', runDrain);
271
+ fsWatcher.on('add', runDrain);
272
+ }
273
+ catch (err) {
274
+ // chokidar unavailable - rely on fallback
275
+ }
276
+ // 60-second safety-net drain poll
277
+ drainSafetyTimer = setInterval(runDrain, 60_000);
278
+ // Run initial compliance check on startup
279
+ await runProbes();
280
+ // 5. Start Filesystem Watcher
281
+ const watcher = startWatcher(safeConfig.workspaceRoot, safeConfig.harnesses, async (changedPath) => {
282
+ const filename = node_path.basename(changedPath);
283
+ // A. Handle git-context.json
284
+ if (filename === 'git-context.json') {
285
+ try {
286
+ const raw = await node_fs.readFile(changedPath, 'utf-8');
287
+ const data = JSON.parse(raw);
288
+ wsClient.send({
289
+ type: 'context_report',
290
+ git: data.git,
291
+ });
292
+ log.info(`Git context reported to control plane: branch=${data.git?.branch}`);
293
+ }
294
+ catch (err) {
295
+ log.warn(`Failed to sync Git context metadata: ${err instanceof Error ? err.message : String(err)}`);
296
+ }
297
+ return;
298
+ }
299
+ // B. Handle Claude Code settings.json tamper detection (privilege escalation guard)
300
+ if (filename === 'settings.json' || filename === 'settings.local.json') {
301
+ try {
302
+ const sops = lastCachedConfig?.sops ?? [];
303
+ const tampered = await guardSettingsFile(changedPath, safeConfig.workspaceRoot, sops);
304
+ if (tampered) {
305
+ log.warn(`[Security] Governance settings tamper detected and restored: ${changedPath}`);
306
+ wsClient.send({
307
+ type: 'drift_report',
308
+ harnessType: 'claude-code',
309
+ filePath: changedPath,
310
+ localHash: '',
311
+ canonicalHash: '',
312
+ });
313
+ }
314
+ }
315
+ catch (err) {
316
+ log.error(`Settings guard error: ${err instanceof Error ? err.message : String(err)}`);
317
+ }
318
+ return;
319
+ }
320
+ // B. Handle governed harness file drift detection
321
+ const matchingHarness = safeConfig.harnesses.find((h) => getAdapter(h)?.configFileName === filename);
322
+ if (!matchingHarness)
323
+ return;
324
+ const adapter = getAdapter(matchingHarness);
325
+ if (!adapter)
326
+ return;
327
+ const currentHash = await adapter.readCurrentHash(safeConfig.workspaceRoot);
328
+ const integrity = loadIntegrity(safeConfig.workspaceRoot);
329
+ if (!integrity)
330
+ return;
331
+ const canonical = integrity.files[adapter.configFileName] ?? '';
332
+ if (currentHash !== canonical) {
333
+ log.warn(`Governed config file "${filename}" modification detected! Reverting to approved baseline...`);
334
+ // Backup drifted version first
335
+ try {
336
+ const content = await node_fs.readFile(changedPath, 'utf-8');
337
+ const backupPath = changedPath + '.drift-backup';
338
+ await node_fs.writeFile(backupPath, content, 'utf-8');
339
+ log.dim(`Drifted file backed up to: ${backupPath}`);
340
+ }
341
+ catch {
342
+ // Ignore backup failure
343
+ }
344
+ // Revert from cached config or fetch fresh config
345
+ try {
346
+ let syncConfig = lastCachedConfig;
347
+ if (!syncConfig) {
348
+ syncConfig = await client.fetchConfig(safeCreds.workspaceId);
349
+ }
350
+ await applySyncConfig(syncConfig, true);
351
+ // Report incident via WebSocket/HTTP
352
+ wsClient.send({
353
+ type: 'drift_report',
354
+ harnessType: adapter.type,
355
+ filePath: adapter.configFileName,
356
+ localHash: currentHash || '',
357
+ canonicalHash: canonical,
358
+ });
359
+ }
360
+ catch (err) {
361
+ log.error(`Failed to automatically revert file drift: ${err instanceof Error ? err.message : String(err)}`);
362
+ }
363
+ }
364
+ });
365
+ // 6. Secondary fallback HTTP poll loop
366
+ while (!ac.signal.aborted) {
367
+ try {
368
+ const syncConfig = await client.fetchConfig(safeCreds.workspaceId);
369
+ await applySyncConfig(syncConfig);
370
+ // Run compliance probes on each iteration
371
+ await runProbes();
372
+ }
373
+ catch (err) {
374
+ log.error(`Sync iteration failed: ${err instanceof Error ? err.message : String(err)}`);
375
+ log.dim(`Retrying in ${pollInterval / 1000}s...`);
142
376
  }
143
- // g. Sleep until next poll (or abort)
377
+ // Sleep until next interval (AbortSignal-aware)
144
378
  await new Promise((resolve) => {
145
379
  const timer = setTimeout(resolve, pollInterval);
146
380
  ac.signal.addEventListener('abort', () => {
@@ -149,6 +383,12 @@ export async function runConnect(opts) {
149
383
  }, { once: true });
150
384
  });
151
385
  }
386
+ // Cleanup watcher, intervals, and WS connection on exit
387
+ watcher.stop();
388
+ fsWatcher?.close();
389
+ if (drainSafetyTimer)
390
+ clearInterval(drainSafetyTimer);
391
+ wsClient.close();
152
392
  log.success('Sync daemon stopped.');
153
393
  }
154
394
  //# sourceMappingURL=connect.js.map
@@ -1 +1 @@
1
- {"version":3,"file":"connect.js","sourceRoot":"","sources":["../../src/commands/connect.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAEH,OAAO,EAAE,GAAG,EAAE,MAAM,kBAAkB,CAAA;AACtC,OAAO,EAAE,eAAe,EAAE,UAAU,EAAE,UAAU,EAAE,aAAa,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAA;AAC1G,OAAO,EAAE,sBAAsB,EAAE,MAAM,oBAAoB,CAAA;AAC3D,OAAO,EAAE,eAAe,EAAE,MAAM,eAAe,CAAA;AAE/C,OAAO,EAAE,UAAU,EAAgB,MAAM,wBAAwB,CAAA;AACjE,OAAO,EAAE,MAAM,EAAE,MAAM,aAAa,CAAA;AAEpC,OAAO,EAAE,MAAM,YAAY,CAAA;AAE3B,MAAM,qBAAqB,GAAG,MAAM,CAAA;AAEpC,MAAM,CAAC,KAAK,UAAU,UAAU,CAAC,IAA0C;IACzE,+BAA+B;IAC/B,MAAM,KAAK,GAAG,eAAe,EAAE,CAAA;IAC/B,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,GAAG,CAAC,KAAK,CAAC,+CAA+C,CAAC,CAAA;QAC1D,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAA;IACjB,CAAC;IAED,MAAM,MAAM,GAAG,UAAU,EAAE,CAAA;IAC3B,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,GAAG,CAAC,KAAK,CAAC,sDAAsD,CAAC,CAAA;QACjE,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAA;IACjB,CAAC;IAED,MAAM,OAAO,GAAG,IAAI,CAAC,GAAG,IAAI,OAAO,CAAC,GAAG,CAAC,WAAW,KAAK,GAAG,IAAI,MAAM,CAAC,OAAO,CAAA;IAC7E,MAAM,eAAe,GAAG,sBAAsB,CAAC,OAAO,CAAC,CAAA;IACvD,MAAM,YAAY,GAAG,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,qBAAqB,CAAA;IACxF,MAAM,cAAc,GAAG,MAAM,EAAE,CAAA;IAE/B,MAAM,MAAM,GAAG,eAAe,CAAC,eAAe,EAAE,KAAK,CAAC,MAAM,CAAC,CAAA;IAE7D,GAAG,CAAC,MAAM,CAAC,uBAAuB,CAAC,CAAA;IACnC,GAAG,CAAC,KAAK,CAAC,WAAW,EAAE,KAAK,CAAC,WAAW,CAAC,CAAA;IACzC,GAAG,CAAC,KAAK,CAAC,eAAe,EAAE,eAAe,CAAC,CAAA;IAC3C,GAAG,CAAC,KAAK,CAAC,eAAe,EAAE,GAAG,YAAY,GAAG,IAAI,GAAG,CAAC,CAAA;IACrD,GAAG,CAAC,KAAK,CAAC,WAAW,EAAE,MAAM,CAAC,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,QAAQ,CAAC,CAAA;IAC/D,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAA;IACf,GAAG,CAAC,IAAI,CAAC,wCAAwC,CAAC,CAAA;IAClD,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAA;IAEf,wCAAwC;IACxC,MAAM,EAAE,GAAG,IAAI,eAAe,EAAE,CAAA;IAChC,MAAM,QAAQ,GAAG,GAAG,EAAE;QACpB,GAAG,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAA;QAC5B,EAAE,CAAC,KAAK,EAAE,CAAA;IACZ,CAAC,CAAA;IACD,OAAO,CAAC,EAAE,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAA;IAC9B,OAAO,CAAC,EAAE,CAAC,SAAS,EAAE,QAAQ,CAAC,CAAA;IAE/B,eAAe;IACf,IAAI,kBAAkB,GAAG,MAAM,CAAC,aAAa,CAAA;IAE7C,OAAO,CAAC,EAAE,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;QAC1B,IAAI,CAAC;YACH,qCAAqC;YACrC,MAAM,UAAU,GAAG,MAAM,MAAM,CAAC,WAAW,CAAC,KAAK,CAAC,WAAW,CAAC,CAAA;YAE9D,IAAI,WAAW,GAAG,CAAC,CAAA;YAEnB,wDAAwD;YACxD,IAAI,UAAU,CAAC,aAAa,GAAG,kBAAkB,EAAE,CAAC;gBAClD,KAAK,MAAM,WAAW,IAAI,MAAM,CAAC,SAAS,EAAE,CAAC;oBAC3C,MAAM,OAAO,GAAG,UAAU,CAAC,WAAW,CAAC,CAAA;oBACvC,IAAI,CAAC,OAAO;wBAAE,SAAQ;oBAEtB,MAAM,UAAU,GAAG,UAAU,CAAC,IAAI,CAAC,MAAM,CACvC,CAAC,GAAG,EAAE,EAAE,CAAC,GAAG,CAAC,cAAc,CAAC,QAAQ,CAAC,WAA0B,CAAC,CACjE,CAAA;oBACD,IAAI,UAAU,CAAC,MAAM,KAAK,CAAC;wBAAE,SAAQ;oBAErC,MAAM,OAAO,GAAG,MAAM,OAAO,CAAC,WAAW,CACvC,MAAM,CAAC,aAAa,EACpB,UAAU,EACV,UAAU,CAAC,QAAQ,CACpB,CAAA;oBACD,IAAI,OAAO,EAAE,CAAC;wBACZ,WAAW,IAAI,UAAU,CAAC,MAAM,CAAA;oBAClC,CAAC;gBACH,CAAC;gBAED,kBAAkB,GAAG,UAAU,CAAC,aAAa,CAAA;gBAC7C,UAAU,CAAC,EAAE,GAAG,MAAM,EAAE,aAAa,EAAE,kBAAkB,EAAE,CAAC,CAAA;YAC9D,CAAC;YAED,kDAAkD;YAClD,MAAM,UAAU,GAAkB,EAAE,CAAA;YACpC,MAAM,eAAe,GAA2B,EAAE,CAAA;YAElD,4CAA4C;YAC5C,MAAM,SAAS,GAAG,aAAa,CAAC,MAAM,CAAC,aAAa,CAAC,CAAA;YACrD,IAAI,SAAS,EAAE,CAAC;gBACd,MAAM,CAAC,MAAM,CAAC,eAAe,EAAE,SAAS,CAAC,KAAK,CAAC,CAAA;YACjD,CAAC;YAED,KAAK,MAAM,WAAW,IAAI,MAAM,CAAC,SAAS,EAAE,CAAC;gBAC3C,MAAM,OAAO,GAAG,UAAU,CAAC,WAAW,CAAC,CAAA;gBACvC,IAAI,CAAC,OAAO,IAAI,CAAC,OAAO,CAAC,cAAc;oBAAE,SAAQ;gBAEjD,MAAM,WAAW,GAAG,MAAM,OAAO,CAAC,eAAe,CAAC,MAAM,CAAC,aAAa,CAAC,CAAA;gBACvE,IAAI,CAAC,WAAW;oBAAE,SAAQ;gBAE1B,MAAM,SAAS,GAAG,eAAe,CAAC,OAAO,CAAC,cAAc,CAAC,IAAI,WAAW,CAAA;gBACxE,UAAU,CAAC,IAAI,CAAC;oBACd,QAAQ,EAAE,OAAO,CAAC,cAAc;oBAChC,SAAS,EAAE,WAAW;oBACtB,aAAa,EAAE,SAAS;oBACxB,OAAO,EAAE,WAAW,KAAK,SAAS;iBACnC,CAAC,CAAA;gBAEF,mCAAmC;gBACnC,eAAe,CAAC,OAAO,CAAC,cAAc,CAAC,GAAG,WAAW,CAAA;YACvD,CAAC;YAED,uBAAuB;YACvB,aAAa,CAAC,MAAM,CAAC,aAAa,EAAE;gBAClC,UAAU,EAAE,MAAM,EAAE;gBACpB,aAAa,EAAE,kBAAkB;gBACjC,KAAK,EAAE,eAAe;aACvB,CAAC,CAAA;YAEF,oCAAoC;YACpC,IAAI,UAAU,GAAG,CAAC,CAAA;YAClB,IAAI,UAAU,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBAC1B,MAAM,UAAU,GAAG,MAAM,MAAM,CAAC,YAAY,CAAC;oBAC3C,WAAW,EAAE,KAAK,CAAC,WAAW;oBAC9B,WAAW,EAAE,MAAM,CAAC,SAAS,CAAC,CAAC,CAAgB;oBAC/C,KAAK,EAAE,UAAU;oBACjB,UAAU,EAAE,MAAM,EAAE;iBACrB,CAAC,CAAA;gBACF,UAAU,GAAG,UAAU,CAAC,UAAU,CAAA;YACpC,CAAC;YAED,mBAAmB;YACnB,MAAM,MAAM,CAAC,YAAY,CAAC;gBACxB,WAAW,EAAE,KAAK,CAAC,WAAW;gBAC9B,aAAa,EAAE,kBAAkB;gBACjC,cAAc;gBACd,UAAU,EAAE,MAAM,EAAE;gBACpB,SAAS,EAAE,MAAM,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;oBACtC,IAAI,EAAE,CAAgB;oBACtB,UAAU,EAAE,UAAU,CAAC,CAAC,CAAC,EAAE,cAAc,IAAI,EAAE;oBAC/C,QAAQ,EAAE,IAAI;oBACd,WAAW,EAAE,WAAW,GAAG,CAAC,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC,IAAI;iBAC/C,CAAC,CAAC;aACJ,CAAC,CAAA;YAEF,gBAAgB;YAChB,MAAM,UAAU,GAAG,UAAU,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,MAAM,CAAC,MAAM,UAAU,WAAW,CAAC,CAAC,CAAC,CAAC,EAAE,CAAA;YAC/E,GAAG,CAAC,GAAG,CACL,kBAAkB,kBAAkB,MAAM,WAAW,eAAe,UAAU,oBAAoB,YAAY,GAAG,IAAI,GAAG,CACzH,CAAA;QACH,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,yCAAyC;YACzC,GAAG,CAAC,KAAK,CACP,gBAAgB,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,CACnE,CAAA;YACD,GAAG,CAAC,GAAG,CAAC,6BAA6B,CAAC,CAAA;QACxC,CAAC;QAED,sCAAsC;QACtC,MAAM,IAAI,OAAO,CAAO,CAAC,OAAO,EAAE,EAAE;YAClC,MAAM,KAAK,GAAG,UAAU,CAAC,OAAO,EAAE,YAAY,CAAC,CAAA;YAC/C,EAAE,CAAC,MAAM,CAAC,gBAAgB,CAAC,OAAO,EAAE,GAAG,EAAE;gBACvC,YAAY,CAAC,KAAK,CAAC,CAAA;gBACnB,OAAO,EAAE,CAAA;YACX,CAAC,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC,CAAA;QACpB,CAAC,CAAC,CAAA;IACJ,CAAC;IAED,GAAG,CAAC,OAAO,CAAC,sBAAsB,CAAC,CAAA;AACrC,CAAC"}
1
+ {"version":3,"file":"connect.js","sourceRoot":"","sources":["../../src/commands/connect.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH,OAAO,KAAK,SAAS,MAAM,WAAW,CAAA;AACtC,OAAO,KAAK,OAAO,MAAM,kBAAkB,CAAA;AAC3C,OAAO,EAAE,GAAG,EAAE,MAAM,kBAAkB,CAAA;AACtC,OAAO,EACL,eAAe,EACf,UAAU,EACV,UAAU,EACV,aAAa,EACb,aAAa,GACd,MAAM,oBAAoB,CAAA;AAC3B,OAAO,EAAE,sBAAsB,EAAE,MAAM,oBAAoB,CAAA;AAC3D,OAAO,EAAE,eAAe,EAAE,MAAM,eAAe,CAAA;AAC/C,OAAO,EAAE,UAAU,EAAE,MAAM,wBAAwB,CAAA;AACnD,OAAO,EAAE,oBAAoB,EAAE,MAAM,sBAAsB,CAAA;AAC3D,OAAO,EAAE,MAAM,EAAE,MAAM,aAAa,CAAA;AAEpC,OAAO,EAAE,MAAM,YAAY,CAAA;AAE3B,OAAO,EACL,YAAY,EACZ,YAAY,EACZ,qBAAqB,EACrB,eAAe,EACf,iBAAiB,EACjB,eAAe,EACf,mBAAmB,EACnB,eAAe,GAChB,MAAM,sBAAsB,CAAA;AAC7B,OAAO,EAAE,KAAK,EAAE,MAAM,UAAU,CAAA;AAEhC,MAAM,qBAAqB,GAAG,MAAM,CAAA;AAEpC,MAAM,CAAC,KAAK,UAAU,UAAU,CAAC,IAMhC;IACC,+BAA+B;IAC/B,IAAI,KAAK,GAAG,MAAM,eAAe,EAAE,CAAA;IACnC,IAAI,IAAI,CAAC,WAAW,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC;QACpC,KAAK,GAAG;YACN,WAAW,EAAE,IAAI,CAAC,WAAW;YAC7B,MAAM,EAAE,IAAI,CAAC,MAAM;YACnB,KAAK,EAAE,mBAAmB;YAC1B,eAAe,EAAE,IAAI,CAAC,eAAe,IAAI,wBAAwB;YACjE,QAAQ,EAAE,MAAM,EAAE;SACnB,CAAA;IACH,CAAC;IAED,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,GAAG,CAAC,KAAK,CAAC,+CAA+C,CAAC,CAAA;QAC1D,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAA;IACjB,CAAC;IAED,IAAI,MAAM,GAAG,UAAU,EAAE,CAAA;IACzB,IAAI,CAAC,MAAM,IAAI,IAAI,CAAC,WAAW,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC;QAC/C,MAAM,GAAG;YACP,WAAW,EAAE,IAAI,CAAC,WAAW;YAC7B,SAAS,EAAE,EAAE;YACb,aAAa,EAAE,CAAC;YAChB,OAAO,EAAE,IAAI,CAAC,GAAG,IAAI,KAAK;SACpB,CAAA;IACV,CAAC;IAED,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,GAAG,CAAC,KAAK,CAAC,sDAAsD,CAAC,CAAA;QACjE,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAA;IACjB,CAAC;IAED,MAAM,SAAS,GAAG,KAAK,CAAA;IACvB,MAAM,UAAU,GAAG,MAAM,CAAA;IAEzB,MAAM,OAAO,GAAG,IAAI,CAAC,GAAG,IAAI,OAAO,CAAC,GAAG,CAAC,WAAW,KAAK,GAAG,IAAI,UAAU,CAAC,OAAO,CAAA;IACjF,MAAM,eAAe,GAAG,IAAI,CAAC,eAAe,IAAI,sBAAsB,CAAC,OAAO,CAAC,CAAA;IAC/E,MAAM,YAAY,GAAG,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,qBAAqB,CAAA;IACxF,MAAM,cAAc,GAAG,MAAM,EAAE,CAAA;IAE/B,MAAM,MAAM,GAAG,eAAe,CAAC,eAAe,EAAE,SAAS,CAAC,MAAM,CAAC,CAAA;IAEjE,GAAG,CAAC,MAAM,CAAC,uBAAuB,CAAC,CAAA;IACnC,GAAG,CAAC,KAAK,CAAC,WAAW,EAAE,SAAS,CAAC,WAAW,CAAC,CAAA;IAC7C,GAAG,CAAC,KAAK,CAAC,eAAe,EAAE,eAAe,CAAC,CAAA;IAC3C,GAAG,CAAC,KAAK,CAAC,eAAe,EAAE,GAAG,YAAY,GAAG,IAAI,GAAG,CAAC,CAAA;IACrD,GAAG,CAAC,KAAK,CAAC,WAAW,EAAE,UAAU,CAAC,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,QAAQ,CAAC,CAAA;IAEnE,2DAA2D;IAC3D,oBAAoB,CAAC,UAAU,CAAC,SAAS,EAAE,SAAS,CAAC,MAAM,EAAE,OAAO,CAAC,CAAA;IAErE,GAAG,CAAC,IAAI,CAAC,0CAA0C,CAAC,CAAA;IACpD,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAA;IAEf,wCAAwC;IACxC,MAAM,EAAE,GAAG,IAAI,eAAe,EAAE,CAAA;IAChC,MAAM,QAAQ,GAAG,GAAG,EAAE;QACpB,GAAG,CAAC,IAAI,CAAC,8BAA8B,CAAC,CAAA;QACxC,EAAE,CAAC,KAAK,EAAE,CAAA;IACZ,CAAC,CAAA;IACD,OAAO,CAAC,EAAE,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAA;IAC9B,OAAO,CAAC,EAAE,CAAC,SAAS,EAAE,QAAQ,CAAC,CAAA;IAE/B,IAAI,kBAAkB,GAAG,UAAU,CAAC,aAAa,CAAA;IACjD,IAAI,gBAAgB,GAA6B,IAAI,CAAA;IAErD,2CAA2C;IAC3C,KAAK,UAAU,eAAe,CAAC,UAA6B,EAAE,KAAK,GAAG,KAAK;QACzE,IAAI,WAAW,GAAG,CAAC,CAAA;QACnB,gBAAgB,GAAG,UAAU,CAAA;QAE7B,IAAI,UAAU,CAAC,aAAa,GAAG,kBAAkB,IAAI,KAAK,EAAE,CAAC;YAC3D,GAAG,CAAC,IAAI,CAAC,2BAA2B,UAAU,CAAC,aAAa,KAAK,CAAC,CAAA;YAElE,4CAA4C;YAC5C,KAAK,MAAM,WAAW,IAAI,UAAU,CAAC,SAAS,EAAE,CAAC;gBAC/C,MAAM,OAAO,GAAG,UAAU,CAAC,WAAW,CAAC,CAAA;gBACvC,IAAI,CAAC,OAAO;oBAAE,SAAQ;gBAEtB,MAAM,UAAU,GAAG,UAAU,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,EAAE,CAChD,GAAG,CAAC,cAAc,CAAC,QAAQ,CAAC,WAA0B,CAAC,CACxD,CAAA;gBACD,IAAI,UAAU,CAAC,MAAM,KAAK,CAAC,IAAI,CAAC,KAAK;oBAAE,SAAQ;gBAE/C,MAAM,OAAO,GAAG,MAAM,OAAO,CAAC,WAAW,CACvC,UAAU,CAAC,aAAa,EACxB,UAAU,EACV,UAAU,CAAC,QAAQ,CACpB,CAAA;gBACD,IAAI,OAAO,EAAE,CAAC;oBACZ,WAAW,IAAI,UAAU,CAAC,MAAM,CAAA;gBAClC,CAAC;YACH,CAAC;YAED,sDAAsD;YACtD,IAAI,UAAU,CAAC,SAAS,CAAC,QAAQ,CAAC,aAA4B,CAAC,EAAE,CAAC;gBAChE,IAAI,CAAC;oBACH,MAAM,qBAAqB,CACzB,UAAU,CAAC,aAAa,EACxB,UAAU,CAAC,IAAI,EACf,UAAU,CAAC,QAA8C,CAC1D,CAAA;gBACH,CAAC;gBAAC,OAAO,GAAG,EAAE,CAAC;oBACb,GAAG,CAAC,IAAI,CAAC,uCAAuC,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,CAAA;gBACrG,CAAC;YACH,CAAC;YAED,oEAAoE;YACpE,IAAI,CAAC;gBACH,MAAM,eAAe,CAAC,UAAU,CAAC,aAAa,EAAE,SAAS,CAAC,WAAW,CAAC,CAAA;YACxE,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,GAAG,CAAC,IAAI,CAAC,wCAAwC,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,CAAA;YACtG,CAAC;YAED,kBAAkB,GAAG,UAAU,CAAC,aAAa,CAAA;YAC7C,UAAU,CAAC,EAAE,GAAG,UAAU,EAAE,aAAa,EAAE,kBAAkB,EAAE,CAAC,CAAA;QAClE,CAAC;QAED,kDAAkD;QAClD,MAAM,UAAU,GAAkB,EAAE,CAAA;QACpC,MAAM,eAAe,GAA2B,EAAE,CAAA;QAElD,mCAAmC;QACnC,MAAM,SAAS,GAAG,aAAa,CAAC,UAAU,CAAC,aAAa,CAAC,CAAA;QACzD,IAAI,SAAS,EAAE,CAAC;YACd,MAAM,CAAC,MAAM,CAAC,eAAe,EAAE,SAAS,CAAC,KAAK,CAAC,CAAA;QACjD,CAAC;QAED,KAAK,MAAM,WAAW,IAAI,UAAU,CAAC,SAAS,EAAE,CAAC;YAC/C,MAAM,OAAO,GAAG,UAAU,CAAC,WAAW,CAAC,CAAA;YACvC,IAAI,CAAC,OAAO,IAAI,CAAC,OAAO,CAAC,cAAc;gBAAE,SAAQ;YAEjD,MAAM,WAAW,GAAG,MAAM,OAAO,CAAC,eAAe,CAAC,UAAU,CAAC,aAAa,CAAC,CAAA;YAC3E,IAAI,CAAC,WAAW;gBAAE,SAAQ;YAE1B,MAAM,SAAS,GAAG,eAAe,CAAC,OAAO,CAAC,cAAc,CAAC,IAAI,WAAW,CAAA;YACxE,UAAU,CAAC,IAAI,CAAC;gBACd,QAAQ,EAAE,OAAO,CAAC,cAAc;gBAChC,SAAS,EAAE,WAAW;gBACtB,aAAa,EAAE,SAAS;gBACxB,OAAO,EAAE,WAAW,KAAK,SAAS;aACnC,CAAC,CAAA;YAEF,mCAAmC;YACnC,eAAe,CAAC,OAAO,CAAC,cAAc,CAAC,GAAG,WAAW,CAAA;QACvD,CAAC;QAED,uBAAuB;QACvB,aAAa,CAAC,UAAU,CAAC,aAAa,EAAE;YACtC,UAAU,EAAE,MAAM,EAAE;YACpB,aAAa,EAAE,kBAAkB;YACjC,KAAK,EAAE,eAAe;SACvB,CAAC,CAAA;QAEF,oCAAoC;QACpC,IAAI,UAAU,GAAG,CAAC,CAAA;QAClB,IAAI,UAAU,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC1B,IAAI,CAAC;gBACH,MAAM,UAAU,GAAG,MAAM,MAAM,CAAC,YAAY,CAAC;oBAC3C,WAAW,EAAE,SAAS,CAAC,WAAW;oBAClC,WAAW,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,CAAgB;oBACnD,KAAK,EAAE,UAAU;oBACjB,UAAU,EAAE,MAAM,EAAE;iBACrB,CAAC,CAAA;gBACF,UAAU,GAAG,UAAU,CAAC,UAAU,CAAA;YACpC,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,GAAG,CAAC,IAAI,CAAC,sCAAsC,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,CAAA;YACpG,CAAC;QACH,CAAC;QAED,6BAA6B;QAC7B,IAAI,CAAC;YACH,MAAM,MAAM,CAAC,YAAY,CAAC;gBACxB,WAAW,EAAE,SAAS,CAAC,WAAW;gBAClC,aAAa,EAAE,kBAAkB;gBACjC,cAAc;gBACd,UAAU,EAAE,MAAM,EAAE;gBACpB,SAAS,EAAE,UAAU,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;oBAC1C,IAAI,EAAE,CAAgB;oBACtB,UAAU,EAAE,UAAU,CAAC,CAAC,CAAC,EAAE,cAAc,IAAI,EAAE;oBAC/C,QAAQ,EAAE,IAAI;oBACd,WAAW,EAAE,WAAW,GAAG,CAAC,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC,IAAI;iBAC/C,CAAC,CAAC;aACJ,CAAC,CAAA;QACJ,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,GAAG,CAAC,IAAI,CAAC,oCAAoC,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,CAAA;QAClG,CAAC;QAED,MAAM,UAAU,GAAG,UAAU,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,MAAM,CAAC,MAAM,UAAU,oBAAoB,CAAC,CAAC,CAAC,CAAC,EAAE,CAAA;QACxF,GAAG,CAAC,GAAG,CACL,kBAAkB,kBAAkB,MAAM,WAAW,eAAe,UAAU,EAAE,CACjF,CAAA;QAED,6CAA6C;QAC7C,IAAI,CAAC;YACH,MAAM,eAAe,CAAC;gBACpB,eAAe;gBACf,MAAM,EAAE,SAAS,CAAC,MAAM;gBACxB,WAAW,EAAE,SAAS,CAAC,WAAW;gBAClC,oBAAoB,EAAE,UAAU,CAAC,QAAQ,EAAE,oBAAoB;gBAC/D,YAAY,EAAE,UAAU,CAAC,QAAQ,EAAE,YAAY;gBAC/C,qBAAqB,EAAE,UAAU,CAAC,QAAQ,EAAE,qBAAqB;aAClE,CAAC,CAAA;QACJ,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,GAAG,CAAC,IAAI,CAAC,iDAAiD,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,CAAA;QAC/G,CAAC;QAED,OAAO,WAAW,CAAA;IACpB,CAAC;IAED,4CAA4C;IAC5C,MAAM,SAAS,GAAG,KAAK,IAAI,EAAE;QAC3B,IAAI,CAAC;YACH,MAAM,aAAa,GAAG,SAAS,CAAC,IAAI,CAAC,UAAU,CAAC,aAAa,EAAE,UAAU,EAAE,QAAQ,EAAE,mBAAmB,CAAC,CAAA;YACzG,MAAM,OAAO,CAAC,KAAK,CAAC,SAAS,CAAC,OAAO,CAAC,aAAa,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAA;YAE1E,MAAM,YAAY,GAAG,MAAM,mBAAmB,CAAC,SAAS,CAAC,WAAW,CAAC,CAAA;YACrE,IAAI,SAAS,GAAG,KAAK,CAAA;YACrB,KAAK,MAAM,GAAG,IAAI,YAAY,EAAE,CAAC;gBAC/B,IAAI,CAAC,GAAG,CAAC,SAAS,IAAI,GAAG,CAAC,QAAQ,EAAE,CAAC;oBACnC,MAAM,KAAK,GAAG,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,QAAQ,CAAC,GAAG,IAAI,CAAA;oBACjD,MAAM,OAAO,CAAC,UAAU,CAAC,aAAa,EAAE,KAAK,EAAE,OAAO,CAAC,CAAA;oBACvD,SAAS,GAAG,IAAI,CAAA;gBAClB,CAAC;YACH,CAAC;YACD,IAAI,SAAS,EAAE,CAAC;gBACd,GAAG,CAAC,IAAI,CAAC,oEAAoE,CAAC,CAAA;YAChF,CAAC;QACH,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,GAAG,CAAC,IAAI,CAAC,yCAAyC,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,CAAA;QACvG,CAAC;IACH,CAAC,CAAA;IAED,qCAAqC;IACrC,MAAM,QAAQ,GAAG,KAAK,IAAI,EAAE;QAC1B,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,MAAM,eAAe,CAAC,UAAU,CAAC,aAAa,EAAE,eAAe,EAAE,SAAS,CAAC,MAAM,CAAC,CAAA;YAClG,IAAI,OAAO,GAAG,CAAC,EAAE,CAAC;gBAChB,GAAG,CAAC,IAAI,CAAC,yBAAyB,OAAO,0CAA0C,CAAC,CAAA;YACtF,CAAC;QACH,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,GAAG,CAAC,IAAI,CAAC,qDAAqD,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,CAAA;QACnH,CAAC;IACH,CAAC,CAAA;IAED,4EAA4E;IAC5E,IAAI,CAAC;QACH,MAAM,eAAe,CAAC;YACpB,eAAe;YACf,MAAM,EAAE,SAAS,CAAC,MAAM;YACxB,WAAW,EAAE,SAAS,CAAC,WAAW;SACnC,CAAC,CAAA;IACJ,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,GAAG,CAAC,IAAI,CAAC,iDAAiD,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,CAAA;IAC/G,CAAC;IAED,4BAA4B;IAC5B,MAAM,QAAQ,GAAG,IAAI,YAAY,CAAC;QAChC,eAAe;QACf,MAAM,EAAE,SAAS,CAAC,MAAM;QACxB,WAAW,EAAE,SAAS,CAAC,WAAW;QAClC,cAAc,EAAE,KAAK,EAAE,UAAU,EAAE,EAAE;YACnC,IAAI,CAAC;gBACH,MAAM,eAAe,CAAC,UAAU,CAAC,CAAA;YACnC,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,GAAG,CAAC,KAAK,CAAC,uCAAuC,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,CAAA;YACtG,CAAC;QACH,CAAC;QACD,MAAM,EAAE,EAAE,CAAC,MAAM;KAClB,CAAC,CAAA;IAEF,QAAQ,CAAC,OAAO,EAAE,CAAA;IAElB,mCAAmC;IACnC,MAAM,aAAa,GAAG,SAAS,CAAC,IAAI,CAAC,UAAU,CAAC,aAAa,EAAE,UAAU,EAAE,QAAQ,EAAE,mBAAmB,CAAC,CAAA;IACzG,IAAI,SAAS,GAAoC,IAAI,CAAA;IACrD,IAAI,gBAAgB,GAA0C,IAAI,CAAA;IAElE,IAAI,CAAC;QACH,MAAM,OAAO,CAAC,KAAK,CAAC,SAAS,CAAC,OAAO,CAAC,aAAa,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAA;QAC1E,SAAS,GAAG,KAAK,CAAC,aAAa,EAAE,EAAE,aAAa,EAAE,IAAI,EAAE,UAAU,EAAE,KAAK,EAAE,CAAC,CAAA;QAC5E,SAAS,CAAC,EAAE,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAA;QAChC,SAAS,CAAC,EAAE,CAAC,KAAK,EAAE,QAAQ,CAAC,CAAA;IAC/B,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,0CAA0C;IAC5C,CAAC;IAED,kCAAkC;IAClC,gBAAgB,GAAG,WAAW,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAA;IAEhD,0CAA0C;IAC1C,MAAM,SAAS,EAAE,CAAA;IAEjB,8BAA8B;IAC9B,MAAM,OAAO,GAAG,YAAY,CAAC,UAAU,CAAC,aAAa,EAAE,UAAU,CAAC,SAAS,EAAE,KAAK,EAAE,WAAW,EAAE,EAAE;QACjG,MAAM,QAAQ,GAAG,SAAS,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAA;QAEhD,6BAA6B;QAC7B,IAAI,QAAQ,KAAK,kBAAkB,EAAE,CAAC;YACpC,IAAI,CAAC;gBACH,MAAM,GAAG,GAAG,MAAM,OAAO,CAAC,QAAQ,CAAC,WAAW,EAAE,OAAO,CAAC,CAAA;gBACxD,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;gBAC5B,QAAQ,CAAC,IAAI,CAAC;oBACZ,IAAI,EAAE,gBAAgB;oBACtB,GAAG,EAAE,IAAI,CAAC,GAAG;iBACd,CAAC,CAAA;gBACF,GAAG,CAAC,IAAI,CAAC,iDAAiD,IAAI,CAAC,GAAG,EAAE,MAAM,EAAE,CAAC,CAAA;YAC/E,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,GAAG,CAAC,IAAI,CAAC,wCAAwC,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,CAAA;YACtG,CAAC;YACD,OAAM;QACR,CAAC;QAED,oFAAoF;QACpF,IAAI,QAAQ,KAAK,eAAe,IAAI,QAAQ,KAAK,qBAAqB,EAAE,CAAC;YACvE,IAAI,CAAC;gBACH,MAAM,IAAI,GAAG,gBAAgB,EAAE,IAAI,IAAI,EAAE,CAAA;gBACzC,MAAM,QAAQ,GAAG,MAAM,iBAAiB,CAAC,WAAW,EAAE,UAAU,CAAC,aAAa,EAAE,IAAI,CAAC,CAAA;gBACrF,IAAI,QAAQ,EAAE,CAAC;oBACb,GAAG,CAAC,IAAI,CAAC,gEAAgE,WAAW,EAAE,CAAC,CAAA;oBACvF,QAAQ,CAAC,IAAI,CAAC;wBACZ,IAAI,EAAE,cAAc;wBACpB,WAAW,EAAE,aAAa;wBAC1B,QAAQ,EAAE,WAAW;wBACrB,SAAS,EAAE,EAAE;wBACb,aAAa,EAAE,EAAE;qBAClB,CAAC,CAAA;gBACJ,CAAC;YACH,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,GAAG,CAAC,KAAK,CAAC,yBAAyB,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,CAAA;YACxF,CAAC;YACD,OAAM;QACR,CAAC;QAED,kDAAkD;QAClD,MAAM,eAAe,GAAG,UAAU,CAAC,SAAS,CAAC,IAAI,CAC/C,CAAC,CAAC,EAAE,EAAE,CAAC,UAAU,CAAC,CAAC,CAAC,EAAE,cAAc,KAAK,QAAQ,CAClD,CAAA;QACD,IAAI,CAAC,eAAe;YAAE,OAAM;QAE5B,MAAM,OAAO,GAAG,UAAU,CAAC,eAAe,CAAC,CAAA;QAC3C,IAAI,CAAC,OAAO;YAAE,OAAM;QAEpB,MAAM,WAAW,GAAG,MAAM,OAAO,CAAC,eAAe,CAAC,UAAU,CAAC,aAAa,CAAC,CAAA;QAC3E,MAAM,SAAS,GAAG,aAAa,CAAC,UAAU,CAAC,aAAa,CAAC,CAAA;QACzD,IAAI,CAAC,SAAS;YAAE,OAAM;QACtB,MAAM,SAAS,GAAG,SAAS,CAAC,KAAK,CAAC,OAAO,CAAC,cAAc,CAAC,IAAI,EAAE,CAAA;QAE/D,IAAI,WAAW,KAAK,SAAS,EAAE,CAAC;YAC9B,GAAG,CAAC,IAAI,CACN,yBAAyB,QAAQ,4DAA4D,CAC9F,CAAA;YAED,+BAA+B;YAC/B,IAAI,CAAC;gBACH,MAAM,OAAO,GAAG,MAAM,OAAO,CAAC,QAAQ,CAAC,WAAW,EAAE,OAAO,CAAC,CAAA;gBAC5D,MAAM,UAAU,GAAG,WAAW,GAAG,eAAe,CAAA;gBAChD,MAAM,OAAO,CAAC,SAAS,CAAC,UAAU,EAAE,OAAO,EAAE,OAAO,CAAC,CAAA;gBACrD,GAAG,CAAC,GAAG,CAAC,8BAA8B,UAAU,EAAE,CAAC,CAAA;YACrD,CAAC;YAAC,MAAM,CAAC;gBACP,wBAAwB;YAC1B,CAAC;YAED,kDAAkD;YAClD,IAAI,CAAC;gBACH,IAAI,UAAU,GAAG,gBAAgB,CAAA;gBACjC,IAAI,CAAC,UAAU,EAAE,CAAC;oBAChB,UAAU,GAAG,MAAM,MAAM,CAAC,WAAW,CAAC,SAAS,CAAC,WAAW,CAAC,CAAA;gBAC9D,CAAC;gBACD,MAAM,eAAe,CAAC,UAAU,EAAE,IAAI,CAAC,CAAA;gBAEvC,qCAAqC;gBACrC,QAAQ,CAAC,IAAI,CAAC;oBACZ,IAAI,EAAE,cAAc;oBACpB,WAAW,EAAE,OAAO,CAAC,IAAI;oBACzB,QAAQ,EAAE,OAAO,CAAC,cAAc;oBAChC,SAAS,EAAE,WAAW,IAAI,EAAE;oBAC5B,aAAa,EAAE,SAAS;iBACzB,CAAC,CAAA;YACJ,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,GAAG,CAAC,KAAK,CAAC,8CAA8C,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,CAAA;YAC7G,CAAC;QACH,CAAC;IACH,CAAC,CAAC,CAAA;IAEF,uCAAuC;IACvC,OAAO,CAAC,EAAE,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;QAC1B,IAAI,CAAC;YACH,MAAM,UAAU,GAAG,MAAM,MAAM,CAAC,WAAW,CAAC,SAAS,CAAC,WAAW,CAAC,CAAA;YAClE,MAAM,eAAe,CAAC,UAAU,CAAC,CAAA;YACjC,0CAA0C;YAC1C,MAAM,SAAS,EAAE,CAAA;QACnB,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,GAAG,CAAC,KAAK,CACP,0BAA0B,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,CAC7E,CAAA;YACD,GAAG,CAAC,GAAG,CAAC,eAAe,YAAY,GAAG,IAAI,MAAM,CAAC,CAAA;QACnD,CAAC;QAED,gDAAgD;QAChD,MAAM,IAAI,OAAO,CAAO,CAAC,OAAO,EAAE,EAAE;YAClC,MAAM,KAAK,GAAG,UAAU,CAAC,OAAO,EAAE,YAAY,CAAC,CAAA;YAC/C,EAAE,CAAC,MAAM,CAAC,gBAAgB,CAAC,OAAO,EAAE,GAAG,EAAE;gBACvC,YAAY,CAAC,KAAK,CAAC,CAAA;gBACnB,OAAO,EAAE,CAAA;YACX,CAAC,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC,CAAA;QACpB,CAAC,CAAC,CAAA;IACJ,CAAC;IAED,wDAAwD;IACxD,OAAO,CAAC,IAAI,EAAE,CAAA;IACd,SAAS,EAAE,KAAK,EAAE,CAAA;IAClB,IAAI,gBAAgB;QAAE,aAAa,CAAC,gBAAgB,CAAC,CAAA;IACrD,QAAQ,CAAC,KAAK,EAAE,CAAA;IAEhB,GAAG,CAAC,OAAO,CAAC,sBAAsB,CAAC,CAAA;AACrC,CAAC"}
@@ -0,0 +1,36 @@
1
+ /**
2
+ * enterprise-install.ts — `intutic enterprise-install` CLI command.
3
+ *
4
+ * Requires elevated privileges (sudo on macOS/Linux, admin on Windows).
5
+ * Writes system-level governance hooks that survive user-level tampering:
6
+ *
7
+ * macOS:
8
+ * - /etc/cursor/hooks.json (system Cursor hooks)
9
+ * - System keychain CA trust entry for Intutic proxy CA cert
10
+ * - MDM configuration profile generator
11
+ *
12
+ * Linux:
13
+ * - /etc/cursor/hooks.json
14
+ * - /usr/local/share/ca-certificates/intutic-ca.crt + update-ca-certificates
15
+ *
16
+ * Windows:
17
+ * - certutil -addstore Root intutic-ca.crt
18
+ * - HKLM registry-based Cursor hooks (via PowerShell)
19
+ *
20
+ * Usage: sudo intutic enterprise-install
21
+ *
22
+ * LLD #14 — Phase 3 cross-harness defence
23
+ * @module
24
+ */
25
+ /**
26
+ * Main enterprise-install entry point.
27
+ * Called by the `intutic enterprise-install` CLI command.
28
+ */
29
+ export declare function enterpriseInstall(options: {
30
+ proxyUrl: string;
31
+ workspaceRoot?: string;
32
+ mdmOutputDir?: string;
33
+ firewallOutputDir?: string;
34
+ generateMdmOnly?: boolean;
35
+ }): Promise<void>;
36
+ //# sourceMappingURL=enterprise-install.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"enterprise-install.d.ts","sourceRoot":"","sources":["../../src/commands/enterprise-install.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;GAuBG;AA+OH;;;GAGG;AACH,wBAAsB,iBAAiB,CAAC,OAAO,EAAE;IAC/C,QAAQ,EAAE,MAAM,CAAA;IAChB,aAAa,CAAC,EAAE,MAAM,CAAA;IACtB,YAAY,CAAC,EAAE,MAAM,CAAA;IACrB,iBAAiB,CAAC,EAAE,MAAM,CAAA;IAC1B,eAAe,CAAC,EAAE,OAAO,CAAA;CAC1B,GAAG,OAAO,CAAC,IAAI,CAAC,CAyDhB"}