@lannguyensi/harness 0.13.0 → 0.15.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +55 -0
- package/README.md +11 -1
- package/dist/cli/approve/understanding.d.ts +15 -0
- package/dist/cli/approve/understanding.js +26 -6
- package/dist/cli/approve/understanding.js.map +1 -1
- package/dist/cli/explain.js +11 -1
- package/dist/cli/explain.js.map +1 -1
- package/dist/cli/index.js +9 -2
- package/dist/cli/index.js.map +1 -1
- package/dist/cli/init/composer.d.ts +29 -0
- package/dist/cli/init/composer.js +377 -0
- package/dist/cli/init/composer.js.map +1 -0
- package/dist/cli/init/dependencies.d.ts +25 -0
- package/dist/cli/init/dependencies.js +100 -10
- package/dist/cli/init/dependencies.js.map +1 -1
- package/dist/cli/init/index.d.ts +18 -1
- package/dist/cli/init/index.js +17 -7
- package/dist/cli/init/index.js.map +1 -1
- package/dist/cli/init/interactive.d.ts +31 -2
- package/dist/cli/init/interactive.js +321 -79
- package/dist/cli/init/interactive.js.map +1 -1
- package/dist/cli/init/templates.d.ts +1 -1
- package/dist/cli/init/templates.js +60 -9
- package/dist/cli/init/templates.js.map +1 -1
- package/dist/cli/pack/hook-codex-pre-tool-use.d.ts +2 -0
- package/dist/cli/pack/hook-codex-pre-tool-use.js +35 -9
- package/dist/cli/pack/hook-codex-pre-tool-use.js.map +1 -1
- package/dist/cli/pack/hook-pre-tool-use.d.ts +1 -1
- package/dist/cli/pack/hook-pre-tool-use.js +80 -25
- package/dist/cli/pack/hook-pre-tool-use.js.map +1 -1
- package/dist/cli/validate/checks.d.ts +1 -1
- package/dist/cli/validate/checks.js +1 -7
- package/dist/cli/validate/checks.js.map +1 -1
- package/dist/io/harness-lock.js +1 -9
- package/dist/io/harness-lock.js.map +1 -1
- package/dist/policies/index.d.ts +1 -1
- package/dist/policies/index.js +1 -1
- package/dist/policies/index.js.map +1 -1
- package/dist/policies/ledger-client.js +3 -9
- package/dist/policies/ledger-client.js.map +1 -1
- package/dist/policies/producers.d.ts +12 -0
- package/dist/policies/producers.js +61 -0
- package/dist/policies/producers.js.map +1 -0
- package/dist/policies/requires.d.ts +23 -0
- package/dist/policies/requires.js +39 -0
- package/dist/policies/requires.js.map +1 -1
- package/dist/policy-packs/builtin/understanding-before-execution-runtime.d.ts +44 -6
- package/dist/policy-packs/builtin/understanding-before-execution-runtime.js +126 -10
- package/dist/policy-packs/builtin/understanding-before-execution-runtime.js.map +1 -1
- package/dist/runtime/expand-home.d.ts +14 -0
- package/dist/runtime/expand-home.js +54 -0
- package/dist/runtime/expand-home.js.map +1 -0
- package/dist/runtime/intercept.d.ts +8 -0
- package/dist/runtime/intercept.js +24 -1
- package/dist/runtime/intercept.js.map +1 -1
- package/dist/runtime/ledger-add.js +10 -3
- package/dist/runtime/ledger-add.js.map +1 -1
- package/dist/runtime/ledger-record.js +11 -10
- package/dist/runtime/ledger-record.js.map +1 -1
- package/dist/schema/index.d.ts +281 -101
- package/dist/schema/permission-profiles.d.ts +125 -125
- package/dist/schema/policies.d.ts +261 -0
- package/dist/schema/policies.js +50 -0
- package/dist/schema/policies.js.map +1 -1
- package/package.json +1 -1
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"understanding-before-execution-runtime.js","sourceRoot":"","sources":["../../../src/policy-packs/builtin/understanding-before-execution-runtime.ts"],"names":[],"mappings":"AAAA,4EAA4E;AAC5E,EAAE;AACF,qEAAqE;AACrE,YAAY;AACZ,EAAE;AACF,oEAAoE;AACpE,
|
|
1
|
+
{"version":3,"file":"understanding-before-execution-runtime.js","sourceRoot":"","sources":["../../../src/policy-packs/builtin/understanding-before-execution-runtime.ts"],"names":[],"mappings":"AAAA,4EAA4E;AAC5E,EAAE;AACF,qEAAqE;AACrE,YAAY;AACZ,EAAE;AACF,yEAAyE;AACzE,qEAAqE;AACrE,uEAAuE;AACvE,sEAAsE;AACtE,qEAAqE;AACrE,0EAA0E;AAC1E,qEAAqE;AACrE,wEAAwE;AACxE,sEAAsE;AACtE,oEAAoE;AACpE,qEAAqE;AACrE,4DAA4D;AAC5D,wDAAwD;AACxD,kEAAkE;AAClE,qEAAqE;AACrE,gEAAgE;AAChE,sEAAsE;AACtE,iEAAiE;AACjE,uEAAuE;AACvE,sEAAsE;AACtE,iBAAiB;AACjB,EAAE;AACF,wEAAwE;AACxE,sEAAsE;AACtE,uEAAuE;AACvE,kDAAkD;AAElD,OAAO,KAAK,EAAE,MAAM,SAAS,CAAC;AAC9B,OAAO,KAAK,IAAI,MAAM,WAAW,CAAC;AAClC,OAAO,EAAE,eAAe,EAAE,MAAM,0BAA0B,CAAC;AAE3D,OAAO,EAAE,oBAAoB,EAAE,MAAM,gCAAgC,CAAC;AAEtE,MAAM,CAAC,MAAM,0BAA0B,GAAG,yBAAyB,CAAC;AAEpE,MAAM,CAAC,MAAM,uBAAuB,GAAG,YAAY,CAAC;AAiBpD,MAAM,uBAAuB,GAAG,qBAAqB,CAAC;AACtD,MAAM,cAAc,GAAG,SAAS,CAAC;AAEjC;;;;;;;;GAQG;AACH,MAAM,CAAC,MAAM,eAAe,GAAG,+BAA+B,CAAC;AAE/D;;;;;;;;;GASG;AACH,MAAM,UAAU,iBAAiB,CAAC,MAAc,OAAO,CAAC,GAAG,EAAE;IAC3D,MAAM,OAAO,GAAG,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC,CAAC;IAC7C,IAAI,OAAO,OAAO,KAAK,QAAQ,IAAI,OAAO,CAAC,MAAM,GAAG,CAAC;QAAE,OAAO,OAAO,CAAC;IACtE,OAAO,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,uBAAuB,EAAE,cAAc,CAAC,CAAC;AACjE,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,qBAAqB,CAAC,YAAoB;IACxD,OAAO,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,YAAY,CAAC,EAAE,uBAAuB,EAAE,cAAc,CAAC,CAAC;AACxF,CAAC;AAED,8DAA8D;AAC9D,MAAM,UAAU,oBAAoB,CAAC,SAAiB;IACpD,OAAO,GAAG,0BAA0B,GAAG,SAAS,EAAE,CAAC;AACrD,CAAC;AAED,SAAS,aAAa,CAAC,IAAY;IACjC,IAAI,CAAC;QACH,OAAO,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAC1B,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,SAAS,mBAAmB,CAAC,QAAgB;IAC3C,IAAI,GAAW,CAAC;IAChB,IAAI,CAAC;QACH,GAAG,GAAG,EAAE,CAAC,YAAY,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;IAC1C,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;IACD,MAAM,MAAM,GAAG,aAAa,CAAC,GAAG,CAAC,CAAC;IAClC,IAAI,CAAC,MAAM,IAAI,OAAO,MAAM,KAAK,QAAQ,IAAI,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC;QAAE,OAAO,IAAI,CAAC;IAChF,MAAM,GAAG,GAAG,MAAiC,CAAC;IAC9C,OAAO;QACL,QAAQ;QACR,SAAS,EAAE,OAAO,GAAG,CAAC,WAAW,CAAC,KAAK,QAAQ,CAAC,CAAC,CAAE,GAAG,CAAC,WAAW,CAAY,CAAC,CAAC,CAAC,IAAI;QACrF,cAAc,EACZ,OAAO,GAAG,CAAC,gBAAgB,CAAC,KAAK,QAAQ,CAAC,CAAC,CAAE,GAAG,CAAC,gBAAgB,CAAY,CAAC,CAAC,CAAC,IAAI;QACtF,UAAU,EAAE,OAAO,GAAG,CAAC,YAAY,CAAC,KAAK,QAAQ,CAAC,CAAC,CAAE,GAAG,CAAC,YAAY,CAAY,CAAC,CAAC,CAAC,IAAI;KACzF,CAAC;AACJ,CAAC;AAED;;;;;;;GAOG;AACH,MAAM,UAAU,oBAAoB,CAAC,GAAW;IAC9C,IAAI,KAAe,CAAC;IACpB,IAAI,CAAC;QACH,KAAK,GAAG,EAAE,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC;IAC9B,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,CAAC;IACZ,CAAC;IACD,MAAM,OAAO,GAAwD,EAAE,CAAC;IACxE,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC;YAAE,SAAS;QACtC,MAAM,IAAI,GAAG,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC;QAClC,IAAI,IAAc,CAAC;QACnB,IAAI,CAAC;YACH,IAAI,GAAG,EAAE,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;QAC3B,CAAC;QAAC,MAAM,CAAC;YACP,SAAS;QACX,CAAC;QACD,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE;YAAE,SAAS;QAC7B,MAAM,MAAM,GAAG,mBAAmB,CAAC,IAAI,CAAC,CAAC;QACzC,IAAI,CAAC,MAAM;YAAE,SAAS;QACtB,OAAO,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,OAAO,EAAE,IAAI,CAAC,OAAO,EAAE,CAAC,CAAC;IAClD,CAAC;IACD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,GAAG,CAAC,CAAC,OAAO,CAAC,CAAC;IAC9C,OAAO,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC;AACtC,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,0BAA0B,CACxC,OAA0B,EAC1B,SAAiB;IAEjB,sBAAsB;IACtB,KAAK,MAAM,CAAC,IAAI,OAAO,EAAE,CAAC;QACxB,IAAI,CAAC,CAAC,SAAS,KAAK,SAAS;YAAE,OAAO,CAAC,CAAC;IAC1C,CAAC;IACD,8DAA8D;IAC9D,mEAAmE;IACnE,oEAAoE;IACpE,+BAA+B;IAC/B,KAAK,MAAM,CAAC,IAAI,OAAO,EAAE,CAAC;QACxB,IAAI,CAAC,CAAC,SAAS,KAAK,IAAI;YAAE,OAAO,CAAC,CAAC;IACrC,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAQD;;;;;GAKG;AACH,MAAM,UAAU,mBAAmB,CAAC,CAAc;IAChD,IAAI,CAAC,CAAC,IAAI,KAAK,oBAAoB;QAAE,OAAO,IAAI,CAAC;IACjD,IAAI,OAAO,CAAC,CAAC,OAAO,KAAK,QAAQ,IAAI,CAAC,CAAC,OAAO,CAAC,UAAU,CAAC,GAAG,oBAAoB,GAAG,CAAC,EAAE,CAAC;QACtF,OAAO,IAAI,CAAC;IACd,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;;;;;;;;GASG;AACH,MAAM,UAAU,kBAAkB,CAChC,OAAsB,EACtB,SAAiB;IAEjB,MAAM,MAAM,GAAG,oBAAoB,CAAC,SAAS,CAAC,CAAC;IAC/C,IAAI,OAAO,GAAG,CAAC,CAAC;IAChB,KAAK,MAAM,CAAC,IAAI,OAAO,EAAE,CAAC;QACxB,IAAI,mBAAmB,CAAC,CAAC,CAAC;YAAE,SAAS;QACrC,OAAO,IAAI,CAAC,CAAC;QACb,IAAI,OAAO,CAAC,CAAC,OAAO,KAAK,QAAQ,IAAI,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;YAChE,OAAO;gBACL,OAAO,EAAE,IAAI;gBACb,MAAM,EAAE,qBAAqB,MAAM,eAAe,CAAC,CAAC,SAAS,yDAAyD,uBAAuB,IAAI,SAAS,GAAG;aAC9J,CAAC;QACJ,CAAC;IACH,CAAC;IACD,OAAO;QACL,OAAO,EAAE,KAAK;QACd,MAAM,EAAE,2BAA2B,MAAM,aAAa,OAAO,8BAA8B;KAC5F,CAAC;AACJ,CAAC;AAED,0DAA0D;AAC1D,MAAM,UAAU,qBAAqB,CAAC,YAAoB,EAAE,SAAiB;IAC3E,OAAO,IAAI,CAAC,IAAI,CAAC,YAAY,EAAE,uBAAuB,EAAE,SAAS,CAAC,CAAC;AACrE,CAAC;AAOD;;;;;;;GAOG;AACH,MAAM,UAAU,mBAAmB,CACjC,YAAoB,EACpB,SAAiB,EACjB,MAAsB;IAEtB,MAAM,QAAQ,GAAG,qBAAqB,CAAC,YAAY,EAAE,SAAS,CAAC,CAAC;IAChE,eAAe,CAAC,QAAQ,EAAE,GAAG,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC;IAClE,OAAO,QAAQ,CAAC;AAClB,CAAC;AAQD;;;;;;;;;;GAUG;AACH,MAAM,UAAU,mBAAmB,CAAC,YAAoB,EAAE,SAAiB;IACzE,MAAM,QAAQ,GAAG,qBAAqB,CAAC,YAAY,EAAE,SAAS,CAAC,CAAC;IAChE,IAAI,IAAc,CAAC;IACnB,IAAI,CAAC;QACH,kEAAkE;QAClE,4DAA4D;QAC5D,kEAAkE;QAClE,gEAAgE;QAChE,6DAA6D;QAC7D,2DAA2D;QAC3D,0BAA0B;QAC1B,IAAI,GAAG,EAAE,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC;IAChC,CAAC;IAAC,MAAM,CAAC;QACP,OAAO;YACL,OAAO,EAAE,KAAK;YACd,MAAM,EAAE,yBAAyB,QAAQ,EAAE;YAC3C,MAAM,EAAE,IAAI;SACb,CAAC;IACJ,CAAC;IACD,IAAI,IAAI,CAAC,cAAc,EAAE,EAAE,CAAC;QAC1B,OAAO;YACL,OAAO,EAAE,KAAK;YACd,MAAM,EAAE,sDAAsD,QAAQ,EAAE;YACxE,MAAM,EAAE,IAAI;SACb,CAAC;IACJ,CAAC;IACD,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,EAAE,CAAC;QACnB,OAAO;YACL,OAAO,EAAE,KAAK;YACd,MAAM,EAAE,+CAA+C,QAAQ,EAAE;YACjE,MAAM,EAAE,IAAI;SACb,CAAC;IACJ,CAAC;IACD,IAAI,MAAM,GAA0B,IAAI,CAAC;IACzC,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,EAAE,CAAC,YAAY,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;QAC9C,MAAM,MAAM,GAAG,aAAa,CAAC,GAAG,CAAC,CAAC;QAClC,IAAI,MAAM,IAAI,OAAO,MAAM,KAAK,QAAQ,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC;YACnE,MAAM,GAAG,GAAG,MAAiC,CAAC;YAC9C,MAAM,UAAU,GAAG,OAAO,GAAG,CAAC,YAAY,CAAC,KAAK,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;YAClF,MAAM,UAAU,GAAG,OAAO,GAAG,CAAC,YAAY,CAAC,KAAK,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;YAClF,IAAI,UAAU,CAAC,MAAM,GAAG,CAAC,IAAI,UAAU,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBACnD,MAAM,GAAG,EAAE,UAAU,EAAE,UAAU,EAAE,CAAC;YACtC,CAAC;QACH,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,4DAA4D;IAC9D,CAAC;IACD,MAAM,UAAU,GAAG,MAAM;QACvB,CAAC,CAAC,eAAe,MAAM,CAAC,UAAU,OAAO,MAAM,CAAC,UAAU,EAAE;QAC5D,CAAC,CAAC,sEAAsE,CAAC;IAC3E,OAAO;QACL,OAAO,EAAE,IAAI;QACb,MAAM,EAAE,uBAAuB,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,KAAK,UAAU,EAAE;QACvE,MAAM;KACP,CAAC;AACJ,CAAC;AAED,mFAAmF;AACnF,MAAM,UAAU,mBAAmB,CAAC,YAAoB,EAAE,SAAiB;IACzE,IAAI,CAAC;QACH,EAAE,CAAC,MAAM,CAAC,qBAAqB,CAAC,YAAY,EAAE,SAAS,CAAC,CAAC,CAAC;IAC5D,CAAC;IAAC,MAAM,CAAC;QACP,kBAAkB;IACpB,CAAC;AACH,CAAC;AAED,MAAM,UAAU,oBAAoB,CAClC,UAAkB,EAClB,SAAiB;IAEjB,MAAM,OAAO,GAAG,oBAAoB,CAAC,UAAU,CAAC,CAAC;IACjD,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACzB,OAAO;YACL,QAAQ,EAAE,KAAK;YACf,MAAM,EAAE,uBAAuB,UAAU,EAAE;YAC3C,MAAM,EAAE,IAAI;SACb,CAAC;IACJ,CAAC;IACD,MAAM,MAAM,GAAG,0BAA0B,CAAC,OAAO,EAAE,SAAS,CAAC,CAAC;IAC9D,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,OAAO;YACL,QAAQ,EAAE,KAAK;YACf,MAAM,EAAE,gCAAgC,SAAS,KAAK,OAAO,CAAC,MAAM,gCAAgC;YACpG,MAAM,EAAE,IAAI;SACb,CAAC;IACJ,CAAC;IACD,IAAI,MAAM,CAAC,cAAc,KAAK,UAAU,EAAE,CAAC;QACzC,OAAO;YACL,QAAQ,EAAE,KAAK;YACf,MAAM,EAAE,iBAAiB,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,QAAQ,CAAC,uBACrD,MAAM,CAAC,cAAc,IAAI,WAC3B,EAAE;YACF,MAAM,EAAE,MAAM;SACf,CAAC;IACJ,CAAC;IACD,OAAO;QACL,QAAQ,EAAE,IAAI;QACd,MAAM,EAAE,iCAAiC,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,QAAQ,CAAC,GACrE,MAAM,CAAC,UAAU,CAAC,CAAC,CAAC,iBAAiB,MAAM,CAAC,UAAU,GAAG,CAAC,CAAC,CAAC,EAC9D,EAAE;QACF,MAAM,EAAE,MAAM;KACf,CAAC;AACJ,CAAC"}
|
|
@@ -0,0 +1,14 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Expand `~` / `~/...` in `value` against `home`. Returns `value`
|
|
3
|
+
* unchanged when no leading tilde is present. `home` defaults to
|
|
4
|
+
* `os.homedir()` so callers don't need to pass it; tests inject a
|
|
5
|
+
* fixed home for determinism.
|
|
6
|
+
*/
|
|
7
|
+
export declare function expandHome(value: string, home?: string): string;
|
|
8
|
+
/**
|
|
9
|
+
* Map every value in an env-style record through {@link expandHome}.
|
|
10
|
+
* Returns a new object; the input is not mutated. `undefined` input
|
|
11
|
+
* returns `undefined` so callers can pass through optional configs
|
|
12
|
+
* without a guard.
|
|
13
|
+
*/
|
|
14
|
+
export declare function expandHomeInEnv(env: Record<string, string> | undefined, home?: string): Record<string, string> | undefined;
|
|
@@ -0,0 +1,54 @@
|
|
|
1
|
+
// Expand a leading `~/` (or bare `~`) to the operator's HOME directory.
|
|
2
|
+
// Defense-in-depth: MCP `env:` values and `command:` array entries in
|
|
3
|
+
// the manifest are passed verbatim to Node's `spawn`, which does NOT
|
|
4
|
+
// shell-interpolate. A literal `~/.evidence-ledger/ledger.db` in env
|
|
5
|
+
// scatters a cwd-relative `./~/...` rogue path; the
|
|
6
|
+
// agent-tasks/42d224a6 incident was caused by exactly this. The
|
|
7
|
+
// validate-time warning (src/cli/validate/checks.ts) catches the
|
|
8
|
+
// common case at apply, but a manifest that bypasses validate (or
|
|
9
|
+
// that the operator ignored the warning on) still has the footgun.
|
|
10
|
+
// Expanding here turns it into a non-issue.
|
|
11
|
+
//
|
|
12
|
+
// Scope:
|
|
13
|
+
// - Leading `~/` substring or bare `~` expands.
|
|
14
|
+
// - Anywhere-else `~/` in the middle of a string stays literal
|
|
15
|
+
// (e.g. an SSH-style `git@github.com:user/repo~/tag` would not
|
|
16
|
+
// be touched, though such shapes don't appear in practice).
|
|
17
|
+
// - `${HOME}` shell-style interpolation is NOT supported here; that
|
|
18
|
+
// is a separate scope (shell-style would invite further surprises
|
|
19
|
+
// like `${USER}` and unset-var ambiguity).
|
|
20
|
+
// - Inherited `process.env` values are NOT expanded by callers
|
|
21
|
+
// (only the manifest's `mcpEnv` overrides are). The operator's
|
|
22
|
+
// shell owns its own exports; harness only owns what the manifest
|
|
23
|
+
// declares.
|
|
24
|
+
import * as os from "node:os";
|
|
25
|
+
import * as path from "node:path";
|
|
26
|
+
/**
|
|
27
|
+
* Expand `~` / `~/...` in `value` against `home`. Returns `value`
|
|
28
|
+
* unchanged when no leading tilde is present. `home` defaults to
|
|
29
|
+
* `os.homedir()` so callers don't need to pass it; tests inject a
|
|
30
|
+
* fixed home for determinism.
|
|
31
|
+
*/
|
|
32
|
+
export function expandHome(value, home = os.homedir()) {
|
|
33
|
+
if (value === "~")
|
|
34
|
+
return home;
|
|
35
|
+
if (value.startsWith("~/"))
|
|
36
|
+
return path.join(home, value.slice(2));
|
|
37
|
+
return value;
|
|
38
|
+
}
|
|
39
|
+
/**
|
|
40
|
+
* Map every value in an env-style record through {@link expandHome}.
|
|
41
|
+
* Returns a new object; the input is not mutated. `undefined` input
|
|
42
|
+
* returns `undefined` so callers can pass through optional configs
|
|
43
|
+
* without a guard.
|
|
44
|
+
*/
|
|
45
|
+
export function expandHomeInEnv(env, home = os.homedir()) {
|
|
46
|
+
if (!env)
|
|
47
|
+
return env;
|
|
48
|
+
const out = {};
|
|
49
|
+
for (const [k, v] of Object.entries(env)) {
|
|
50
|
+
out[k] = expandHome(v, home);
|
|
51
|
+
}
|
|
52
|
+
return out;
|
|
53
|
+
}
|
|
54
|
+
//# sourceMappingURL=expand-home.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"expand-home.js","sourceRoot":"","sources":["../../src/runtime/expand-home.ts"],"names":[],"mappings":"AAAA,wEAAwE;AACxE,sEAAsE;AACtE,qEAAqE;AACrE,qEAAqE;AACrE,oDAAoD;AACpD,gEAAgE;AAChE,iEAAiE;AACjE,kEAAkE;AAClE,mEAAmE;AACnE,4CAA4C;AAC5C,EAAE;AACF,SAAS;AACT,kDAAkD;AAClD,iEAAiE;AACjE,mEAAmE;AACnE,gEAAgE;AAChE,sEAAsE;AACtE,sEAAsE;AACtE,+CAA+C;AAC/C,iEAAiE;AACjE,mEAAmE;AACnE,sEAAsE;AACtE,gBAAgB;AAEhB,OAAO,KAAK,EAAE,MAAM,SAAS,CAAC;AAC9B,OAAO,KAAK,IAAI,MAAM,WAAW,CAAC;AAElC;;;;;GAKG;AACH,MAAM,UAAU,UAAU,CAAC,KAAa,EAAE,OAAe,EAAE,CAAC,OAAO,EAAE;IACnE,IAAI,KAAK,KAAK,GAAG;QAAE,OAAO,IAAI,CAAC;IAC/B,IAAI,KAAK,CAAC,UAAU,CAAC,IAAI,CAAC;QAAE,OAAO,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;IACnE,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,eAAe,CAC7B,GAAuC,EACvC,OAAe,EAAE,CAAC,OAAO,EAAE;IAE3B,IAAI,CAAC,GAAG;QAAE,OAAO,GAAG,CAAC;IACrB,MAAM,GAAG,GAA2B,EAAE,CAAC;IACvC,KAAK,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC;QACzC,GAAG,CAAC,CAAC,CAAC,GAAG,UAAU,CAAC,CAAC,EAAE,IAAI,CAAC,CAAC;IAC/B,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC"}
|
|
@@ -20,6 +20,14 @@ export interface PolicyDecision {
|
|
|
20
20
|
matchedCount: number;
|
|
21
21
|
reason: string;
|
|
22
22
|
};
|
|
23
|
+
/**
|
|
24
|
+
* One-line "to satisfy" hint synthesised from the policy's `requires`
|
|
25
|
+
* spec. Carried on the live decision so the deny-envelope formatter
|
|
26
|
+
* can append it to the user-facing reason text together with the
|
|
27
|
+
* session id. Optional because the warn-degraded path (requires eval
|
|
28
|
+
* threw) skips the requires evaluator and has no hint to forward.
|
|
29
|
+
*/
|
|
30
|
+
recordHint?: string;
|
|
23
31
|
evaluatedAt: string;
|
|
24
32
|
}
|
|
25
33
|
/**
|
|
@@ -6,6 +6,7 @@
|
|
|
6
6
|
// Side effects (stdin, stdout, ledger I/O) live in the thin CLI entrypoint
|
|
7
7
|
// that wraps this.
|
|
8
8
|
import { evaluateExtract, evaluateRequires, parseDurationSeconds, substituteTemplate, } from "../policies/index.js";
|
|
9
|
+
import { renderProducers } from "../policies/producers.js";
|
|
9
10
|
import { POLICY_DECISION_TYPE } from "./ledger-record.js";
|
|
10
11
|
import { resolveSessionId } from "./session-id.js";
|
|
11
12
|
function policyMatchesEvent(policy, event) {
|
|
@@ -131,6 +132,7 @@ async function evaluateOnePolicy(policy, options) {
|
|
|
131
132
|
matchedCount: evaluation.matchedCount,
|
|
132
133
|
reason: evaluation.reason,
|
|
133
134
|
},
|
|
135
|
+
recordHint: evaluation.recordHint,
|
|
134
136
|
evaluatedAt,
|
|
135
137
|
};
|
|
136
138
|
}
|
|
@@ -169,7 +171,28 @@ export async function intercept(options) {
|
|
|
169
171
|
}
|
|
170
172
|
const blocking = decisions.find((d) => d.enforcement === "block" && d.outcome === "deny");
|
|
171
173
|
if (blocking) {
|
|
172
|
-
const
|
|
174
|
+
const sessionId = resolveSessionId(options.event.session_id);
|
|
175
|
+
// Append the "to satisfy" hint so Claude Code's deny message tells
|
|
176
|
+
// the operator (or the agent reading the same surface) what evidence
|
|
177
|
+
// would unblock the gate, instead of just naming the missing tag.
|
|
178
|
+
// The hint is content + window only; it does not prescribe a
|
|
179
|
+
// recording verb so the deny path stays neutral on producer (see
|
|
180
|
+
// agent-tasks/88ca4bb3 for why "use mcp__..." would be the wrong
|
|
181
|
+
// suggestion when the engine is the source of that suggestion).
|
|
182
|
+
const hintSuffix = blocking.recordHint
|
|
183
|
+
? ` To satisfy: ${blocking.recordHint} (session \`${sessionId}\`).`
|
|
184
|
+
: "";
|
|
185
|
+
// Opt-in producer block: when the policy declares `producers:` in
|
|
186
|
+
// the manifest, render the structured remediation list (bash / mcp
|
|
187
|
+
// / ask recipes) with ${VAR} placeholders substituted against the
|
|
188
|
+
// same extract.values the ledger_tag was resolved with. Schema
|
|
189
|
+
// validation guarantees at least one `mcp` producer per declared
|
|
190
|
+
// list, so an agent stuck in a Bash lockout always has an ungated
|
|
191
|
+
// recovery path. Policies without `producers:` get the legacy
|
|
192
|
+
// neutral deny envelope unchanged (agent-tasks/3804b785).
|
|
193
|
+
const blockingPolicy = matching.find((p) => p.name === blocking.policyName);
|
|
194
|
+
const producersBlock = renderProducers(blockingPolicy?.producers, blocking.extractValues);
|
|
195
|
+
const reasonText = `${blocking.policyName}: ${blocking.reason}.${hintSuffix}${producersBlock}`;
|
|
173
196
|
const block = {
|
|
174
197
|
decision: "block",
|
|
175
198
|
reason: reasonText,
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"intercept.js","sourceRoot":"","sources":["../../src/runtime/intercept.ts"],"names":[],"mappings":"AAAA,qEAAqE;AACrE,EAAE;AACF,6EAA6E;AAC7E,4EAA4E;AAC5E,wEAAwE;AACxE,2EAA2E;AAC3E,mBAAmB;AAEnB,OAAO,EACL,eAAe,EACf,gBAAgB,EAChB,oBAAoB,EACpB,kBAAkB,GAOnB,MAAM,sBAAsB,CAAC;
|
|
1
|
+
{"version":3,"file":"intercept.js","sourceRoot":"","sources":["../../src/runtime/intercept.ts"],"names":[],"mappings":"AAAA,qEAAqE;AACrE,EAAE;AACF,6EAA6E;AAC7E,4EAA4E;AAC5E,wEAAwE;AACxE,2EAA2E;AAC3E,mBAAmB;AAEnB,OAAO,EACL,eAAe,EACf,gBAAgB,EAChB,oBAAoB,EACpB,kBAAkB,GAOnB,MAAM,sBAAsB,CAAC;AAC9B,OAAO,EAAE,eAAe,EAAE,MAAM,0BAA0B,CAAC;AAE3D,OAAO,EAAE,oBAAoB,EAAE,MAAM,oBAAoB,CAAC;AAC1D,OAAO,EAAE,gBAAgB,EAAE,MAAM,iBAAiB,CAAC;AAmFnD,SAAS,kBAAkB,CAAC,MAAc,EAAE,KAAgB;IAC1D,IAAI,MAAM,CAAC,OAAO,CAAC,KAAK,KAAK,KAAK,CAAC,eAAe;QAAE,OAAO,KAAK,CAAC;IACjE,IAAI,MAAM,CAAC,OAAO,CAAC,KAAK,KAAK,SAAS,EAAE,CAAC;QACvC,IAAI,OAAO,KAAK,CAAC,SAAS,KAAK,QAAQ;YAAE,OAAO,KAAK,CAAC;QACtD,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,QAAQ,CAAC,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC;YAAE,OAAO,KAAK,CAAC;IACpE,CAAC;IACD,IAAI,MAAM,CAAC,OAAO,CAAC,UAAU,KAAK,SAAS,EAAE,CAAC;QAC5C,MAAM,IAAI,GAAG,KAAK,CAAC,UAA+C,CAAC;QACnE,IAAI,CAAC,IAAI,IAAI,OAAO,IAAI,CAAC,OAAO,KAAK,QAAQ;YAAE,OAAO,KAAK,CAAC;QAC5D,IAAI,EAAU,CAAC;QACf,IAAI,CAAC;YACH,EAAE,GAAG,IAAI,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;QAC7C,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,KAAK,CAAC;QACf,CAAC;QACD,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC;YAAE,OAAO,KAAK,CAAC;IAC3C,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,SAAS,iBAAiB,CAAC,KAAgB;IACzC,OAAO;QACL,QAAQ,EAAE,KAAK,CAAC,UAAU;QAC1B,KAAK;QACL,OAAO,EAAE,EAAE,EAAE,EAAE,KAAK,CAAC,UAAU,IAAI,EAAE,EAAE;QACvC,GAAG,EAAE,EAAE;KACR,CAAC;AACJ,CAAC;AAED,KAAK,UAAU,iBAAiB,CAC9B,MAAc,EACd,OAAyB;IAEzB,MAAM,WAAW,GAAG,CAAC,OAAO,CAAC,GAAG,IAAI,IAAI,IAAI,EAAE,CAAC,CAAC,WAAW,EAAE,CAAC;IAC9D,MAAM,GAAG,GAAG,iBAAiB,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;IAC7C,MAAM,OAAO,GAAG,eAAe,CAC7B,MAAM,CAAC,OAAO,CAAC,OAAO,IAAI,EAAE,EAC5B,GAAG,EACH,OAAO,CAAC,QAAQ,CACjB,CAAC;IACF,MAAM,eAAe,GAAG,OAAO,CAAC,SAAS;SACtC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,KAAK,SAAS,CAAC;SACrC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC;IACrB,MAAM,GAAG,GAAG,kBAAkB,CAAC,MAAM,CAAC,QAAQ,CAAC,UAAU,EAAE,OAAO,CAAC,MAAM,CAAC,CAAC;IAC3E,MAAM,SAAS,GAAG,GAAG,CAAC,MAAM,CAAC;IAC7B,MAAM,UAAU,GAAG,CAAC,GAAG,eAAe,EAAE,GAAG,GAAG,CAAC,OAAO,CAAC,CAAC;IAExD,IAAI,UAAU,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC1B,OAAO;YACL,UAAU,EAAE,MAAM,CAAC,IAAI;YACvB,WAAW,EAAE,MAAM,CAAC,WAAW;YAC/B,OAAO,EAAE,eAAe;YACxB,MAAM,EAAE,kCAAkC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE;YACjE,aAAa,EAAE,OAAO,CAAC,MAAM;YAC7B,SAAS;YACT,WAAW;SACZ,CAAC;IACJ,CAAC;IAED,MAAM,SAAS,GAAG,gBAAgB,CAAC,OAAO,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC;IAC7D,IAAI,WAA8B,CAAC;IACnC,IAAI,CAAC;QACH,WAAW,GAAG,MAAM,OAAO,CAAC,MAAM,CAAC,KAAK,CACtC,SAAS,EACT,SAAS,EACT,OAAO,CAAC,eAAe,CACxB,CAAC;IACJ,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,WAAW,GAAG;YACZ,IAAI,EAAE,UAAU;YAChB,MAAM,EAAE,uBAAwB,GAAa,CAAC,OAAO,EAAE;SACxD,CAAC;IACJ,CAAC;IAED,IAAI,WAAW,CAAC,IAAI,KAAK,UAAU,EAAE,CAAC;QACpC,OAAO;YACL,UAAU,EAAE,MAAM,CAAC,IAAI;YACvB,WAAW,EAAE,MAAM,CAAC,WAAW;YAC/B,OAAO,EAAE,eAAe;YACxB,MAAM,EAAE,WAAW,CAAC,MAAM;YAC1B,aAAa,EAAE,OAAO,CAAC,MAAM;YAC7B,SAAS;YACT,WAAW;SACZ,CAAC;IACJ,CAAC;IAED,sEAAsE;IACtE,sDAAsD;IACtD,IAAI,MAAM,CAAC,QAAQ,CAAC,MAAM,KAAK,SAAS,EAAE,CAAC;QACzC,IAAI,CAAC;YACH,oBAAoB,CAAC,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;QAC/C,CAAC;QAAC,MAAM,CAAC;YACP,OAAO;gBACL,UAAU,EAAE,MAAM,CAAC,IAAI;gBACvB,WAAW,EAAE,MAAM,CAAC,WAAW;gBAC/B,OAAO,EAAE,eAAe;gBACxB,MAAM,EAAE,mBAAmB,MAAM,CAAC,QAAQ,CAAC,MAAM,EAAE;gBACnD,aAAa,EAAE,OAAO,CAAC,MAAM;gBAC7B,SAAS;gBACT,WAAW;aACZ,CAAC;QACJ,CAAC;IACH,CAAC;IAED,MAAM,QAAQ,GAA4B,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,GAAG,EAAE,OAAO,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;IAClF,MAAM,QAAQ,GAAG,kBAAkB,CAAC,WAAW,CAAC,OAAO,EAAE,SAAS,CAAC,CAAC;IACpE,IAAI,UAA8B,CAAC;IACnC,IAAI,CAAC;QACH,UAAU,GAAG,gBAAgB,CAC3B,EAAE,GAAG,MAAM,CAAC,QAAQ,EAAE,UAAU,EAAE,SAAS,EAAE,EAC7C,QAAQ,EACR,QAAQ,CACT,CAAC;IACJ,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,OAAO;YACL,UAAU,EAAE,MAAM,CAAC,IAAI;YACvB,WAAW,EAAE,MAAM,CAAC,WAAW;YAC/B,OAAO,EAAE,eAAe;YACxB,MAAM,EAAE,wBAAyB,GAAa,CAAC,OAAO,EAAE;YACxD,aAAa,EAAE,OAAO,CAAC,MAAM;YAC7B,SAAS;YACT,WAAW;SACZ,CAAC;IACJ,CAAC;IAED,MAAM,OAAO,GAAkB,UAAU,CAAC,OAAO,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC;IACrE,OAAO;QACL,UAAU,EAAE,MAAM,CAAC,IAAI;QACvB,WAAW,EAAE,MAAM,CAAC,WAAW;QAC/B,OAAO;QACP,MAAM,EAAE,UAAU,CAAC,MAAM;QACzB,aAAa,EAAE,OAAO,CAAC,MAAM;QAC7B,SAAS;QACT,YAAY,EAAE;YACZ,YAAY,EAAE,UAAU,CAAC,YAAY;YACrC,MAAM,EAAE,UAAU,CAAC,MAAM;SAC1B;QACD,UAAU,EAAE,UAAU,CAAC,UAAU;QACjC,WAAW;KACZ,CAAC;AACJ,CAAC;AAED,SAAS,kBAAkB,CAAC,OAAsB,EAAE,GAAW;IAC7D,0EAA0E;IAC1E,0EAA0E;IAC1E,yEAAyE;IACzE,yEAAyE;IACzE,EAAE;IACF,gEAAgE;IAChE,mEAAmE;IACnE,iEAAiE;IACjE,4DAA4D;IAC5D,6DAA6D;IAC7D,OAAO,OAAO,CAAC,MAAM,CACnB,CAAC,CAAC,EAAE,EAAE,CACJ,CAAC,CAAC,IAAI,KAAK,oBAAoB;QAC/B,+DAA+D;QAC/D,+DAA+D;QAC/D,iEAAiE;QACjE,8DAA8D;QAC9D,oDAAoD;QACpD,CAAC,CAAC,CAAC,OAAO,CAAC,UAAU,CAAC,GAAG,oBAAoB,GAAG,CAAC;QACjD,CAAC,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,MAAM,KAAK,SAAS,IAAI,CAAC,CAAC,MAAM,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,CAClF,CAAC;AACJ,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,SAAS,CAC7B,OAAyB;IAEzB,MAAM,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CACtD,kBAAkB,CAAC,CAAC,EAAE,OAAO,CAAC,KAAK,CAAC,CACrC,CAAC;IACF,MAAM,SAAS,GAAqB,EAAE,CAAC;IACvC,KAAK,MAAM,MAAM,IAAI,QAAQ,EAAE,CAAC;QAC9B,MAAM,QAAQ,GAAG,MAAM,iBAAiB,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;QAC1D,SAAS,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QACzB,IAAI,CAAC;YACH,MAAM,OAAO,CAAC,MAAM,CAAC,MAAM,CAAC,QAAQ,EAAE,gBAAgB,CAAC,OAAO,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC,CAAC;QACpF,CAAC;QAAC,MAAM,CAAC;YACP,wEAAwE;QAC1E,CAAC;IACH,CAAC;IAED,MAAM,QAAQ,GAAG,SAAS,CAAC,IAAI,CAC7B,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,WAAW,KAAK,OAAO,IAAI,CAAC,CAAC,OAAO,KAAK,MAAM,CACzD,CAAC;IACF,IAAI,QAAQ,EAAE,CAAC;QACb,MAAM,SAAS,GAAG,gBAAgB,CAAC,OAAO,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC;QAC7D,mEAAmE;QACnE,qEAAqE;QACrE,kEAAkE;QAClE,6DAA6D;QAC7D,iEAAiE;QACjE,iEAAiE;QACjE,gEAAgE;QAChE,MAAM,UAAU,GAAG,QAAQ,CAAC,UAAU;YACpC,CAAC,CAAC,gBAAgB,QAAQ,CAAC,UAAU,eAAe,SAAS,MAAM;YACnE,CAAC,CAAC,EAAE,CAAC;QACP,kEAAkE;QAClE,mEAAmE;QACnE,kEAAkE;QAClE,+DAA+D;QAC/D,iEAAiE;QACjE,kEAAkE;QAClE,8DAA8D;QAC9D,0DAA0D;QAC1D,MAAM,cAAc,GAAG,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,QAAQ,CAAC,UAAU,CAAC,CAAC;QAC5E,MAAM,cAAc,GAAG,eAAe,CACpC,cAAc,EAAE,SAAS,EACzB,QAAQ,CAAC,aAAa,CACvB,CAAC;QACF,MAAM,UAAU,GAAG,GAAG,QAAQ,CAAC,UAAU,KAAK,QAAQ,CAAC,MAAM,IAAI,UAAU,GAAG,cAAc,EAAE,CAAC;QAC/F,MAAM,KAAK,GAAmB;YAC5B,QAAQ,EAAE,OAAO;YACjB,MAAM,EAAE,UAAU;SACnB,CAAC;QACF,qEAAqE;QACrE,qEAAqE;QACrE,oEAAoE;QACpE,yCAAyC;QACzC,IAAI,OAAO,CAAC,KAAK,CAAC,eAAe,KAAK,YAAY,EAAE,CAAC;YACnD,KAAK,CAAC,kBAAkB,GAAG;gBACzB,aAAa,EAAE,YAAY;gBAC3B,kBAAkB,EAAE,MAAM;gBAC1B,+DAA+D;gBAC/D,8DAA8D;gBAC9D,wBAAwB,EAAE,UAAU;aACrC,CAAC;QACJ,CAAC;QACD,OAAO,EAAE,SAAS,EAAE,SAAS,EAAE,KAAK,EAAE,CAAC;IACzC,CAAC;IACD,OAAO,EAAE,SAAS,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC;AACxC,CAAC"}
|
|
@@ -8,14 +8,21 @@
|
|
|
8
8
|
// All failure paths resolve to `{ ok: false, reason }` so callers can
|
|
9
9
|
// degrade gracefully rather than throw mid-CLI.
|
|
10
10
|
import { spawn } from "node:child_process";
|
|
11
|
+
import { expandHome, expandHomeInEnv } from "./expand-home.js";
|
|
11
12
|
import { VERSION } from "../version.js";
|
|
12
13
|
const DEFAULT_TIMEOUT_MS = 5_000;
|
|
13
14
|
export async function addLedgerFact(opts) {
|
|
14
15
|
if (opts.mcpCommand.length === 0) {
|
|
15
16
|
return { ok: false, reason: "grounding-mcp command is empty" };
|
|
16
17
|
}
|
|
17
|
-
|
|
18
|
-
|
|
18
|
+
// Defense-in-depth (agent-tasks/973596d7): expand leading `~/` in
|
|
19
|
+
// command tokens AND env values. Node's `spawn` does not
|
|
20
|
+
// shell-interpolate; a literal `~/...` would otherwise become a
|
|
21
|
+
// cwd-relative rogue path. ledger-record.ts does the same; the
|
|
22
|
+
// shared helper lives in ./expand-home.ts.
|
|
23
|
+
const exe = expandHome(opts.mcpCommand[0]);
|
|
24
|
+
const args = opts.mcpCommand.slice(1).map((p) => expandHome(p));
|
|
25
|
+
const expandedEnv = expandHomeInEnv(opts.mcpEnv);
|
|
19
26
|
const timeoutMs = opts.timeoutMs ?? DEFAULT_TIMEOUT_MS;
|
|
20
27
|
return new Promise((resolve) => {
|
|
21
28
|
let settled = false;
|
|
@@ -35,7 +42,7 @@ export async function addLedgerFact(opts) {
|
|
|
35
42
|
try {
|
|
36
43
|
child = spawn(exe, args, {
|
|
37
44
|
cwd: opts.cwd,
|
|
38
|
-
env: { ...process.env, ...(
|
|
45
|
+
env: { ...process.env, ...(expandedEnv ?? {}) },
|
|
39
46
|
stdio: ["pipe", "pipe", "pipe"],
|
|
40
47
|
});
|
|
41
48
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"ledger-add.js","sourceRoot":"","sources":["../../src/runtime/ledger-add.ts"],"names":[],"mappings":"AAAA,0EAA0E;AAC1E,EAAE;AACF,kEAAkE;AAClE,mEAAmE;AACnE,kEAAkE;AAClE,kEAAkE;AAClE,EAAE;AACF,sEAAsE;AACtE,gDAAgD;AAEhD,OAAO,EAAE,KAAK,EAAE,MAAM,oBAAoB,CAAC;AAC3C,OAAO,EAAE,OAAO,EAAE,MAAM,eAAe,CAAC;AAExC,MAAM,kBAAkB,GAAG,KAAK,CAAC;AAcjC,MAAM,CAAC,KAAK,UAAU,aAAa,CACjC,IAA0B;IAE1B,IAAI,IAAI,CAAC,UAAU,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACjC,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,gCAAgC,EAAE,CAAC;IACjE,CAAC;IACD,MAAM,GAAG,GAAG,IAAI,CAAC,UAAU,CAAC,CAAC,CAAE,CAAC;
|
|
1
|
+
{"version":3,"file":"ledger-add.js","sourceRoot":"","sources":["../../src/runtime/ledger-add.ts"],"names":[],"mappings":"AAAA,0EAA0E;AAC1E,EAAE;AACF,kEAAkE;AAClE,mEAAmE;AACnE,kEAAkE;AAClE,kEAAkE;AAClE,EAAE;AACF,sEAAsE;AACtE,gDAAgD;AAEhD,OAAO,EAAE,KAAK,EAAE,MAAM,oBAAoB,CAAC;AAC3C,OAAO,EAAE,UAAU,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAC;AAC/D,OAAO,EAAE,OAAO,EAAE,MAAM,eAAe,CAAC;AAExC,MAAM,kBAAkB,GAAG,KAAK,CAAC;AAcjC,MAAM,CAAC,KAAK,UAAU,aAAa,CACjC,IAA0B;IAE1B,IAAI,IAAI,CAAC,UAAU,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACjC,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,gCAAgC,EAAE,CAAC;IACjE,CAAC;IACD,kEAAkE;IAClE,yDAAyD;IACzD,gEAAgE;IAChE,+DAA+D;IAC/D,2CAA2C;IAC3C,MAAM,GAAG,GAAG,UAAU,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAE,CAAC,CAAC;IAC5C,MAAM,IAAI,GAAG,IAAI,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,CAAC;IAChE,MAAM,WAAW,GAAG,eAAe,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;IACjD,MAAM,SAAS,GAAG,IAAI,CAAC,SAAS,IAAI,kBAAkB,CAAC;IAEvD,OAAO,IAAI,OAAO,CAAsB,CAAC,OAAO,EAAE,EAAE;QAClD,IAAI,OAAO,GAAG,KAAK,CAAC;QACpB,MAAM,MAAM,GAAG,CAAC,MAA2B,EAAQ,EAAE;YACnD,IAAI,OAAO;gBAAE,OAAO;YACpB,OAAO,GAAG,IAAI,CAAC;YACf,IAAI,CAAC;gBACH,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;YACxB,CAAC;YAAC,MAAM,CAAC;gBACP,YAAY;YACd,CAAC;YACD,OAAO,CAAC,MAAM,CAAC,CAAC;QAClB,CAAC,CAAC;QAEF,IAAI,KAA+B,CAAC;QACpC,IAAI,CAAC;YACH,KAAK,GAAG,KAAK,CAAC,GAAG,EAAE,IAAI,EAAE;gBACvB,GAAG,EAAE,IAAI,CAAC,GAAG;gBACb,GAAG,EAAE,EAAE,GAAG,OAAO,CAAC,GAAG,EAAE,GAAG,CAAC,WAAW,IAAI,EAAE,CAAC,EAAE;gBAC/C,KAAK,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC;aAChC,CAAC,CAAC;QACL,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,OAAO,CAAC,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,iBAAkB,GAAa,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC;YAC1E,OAAO;QACT,CAAC;QAED,IAAI,SAAS,GAAG,EAAE,CAAC;QACnB,IAAI,SAAS,GAAG,EAAE,CAAC;QACnB,KAAK,CAAC,MAAO,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC;QAClC,KAAK,CAAC,MAAO,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC;QAClC,KAAK,CAAC,MAAO,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,KAAa,EAAE,EAAE;YACzC,SAAS,IAAI,KAAK,CAAC;YACnB,IAAI,EAAE,GAAG,SAAS,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;YACjC,OAAO,EAAE,KAAK,CAAC,CAAC,EAAE,CAAC;gBACjB,MAAM,IAAI,GAAG,SAAS,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;gBAC3C,SAAS,GAAG,SAAS,CAAC,KAAK,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC;gBACpC,IAAI,IAAI,EAAE,CAAC;oBACT,IAAI,CAAC;wBACH,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAG1B,CAAC;wBACF,IAAI,GAAG,CAAC,EAAE,KAAK,CAAC,EAAE,CAAC;4BACjB,yDAAyD;4BACzD,IAAI,CAAC;gCACH,KAAK,CAAC,KAAM,CAAC,KAAK,CAChB,GAAG,IAAI,CAAC,SAAS,CAAC;oCAChB,OAAO,EAAE,KAAK;oCACd,MAAM,EAAE,2BAA2B;iCACpC,CAAC,IAAI,CACP,CAAC;gCACF,KAAK,CAAC,KAAM,CAAC,KAAK,CAChB,GAAG,IAAI,CAAC,SAAS,CAAC;oCAChB,OAAO,EAAE,KAAK;oCACd,EAAE,EAAE,CAAC;oCACL,MAAM,EAAE,YAAY;oCACpB,MAAM,EAAE;wCACN,IAAI,EAAE,YAAY;wCAClB,SAAS,EAAE;4CACT,SAAS,EAAE,IAAI,CAAC,SAAS;4CACzB,IAAI,EAAE,MAAM;4CACZ,OAAO,EAAE,IAAI,CAAC,OAAO;4CACrB,MAAM,EAAE,IAAI,CAAC,MAAM;yCACpB;qCACF;iCACF,CAAC,IAAI,CACP,CAAC;4BACJ,CAAC;4BAAC,OAAO,GAAG,EAAE,CAAC;gCACb,MAAM,CAAC,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,qBAAsB,GAAa,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC;4BAC/E,CAAC;wBACH,CAAC;6BAAM,IAAI,GAAG,CAAC,EAAE,KAAK,CAAC,EAAE,CAAC;4BACxB,IAAI,GAAG,CAAC,KAAK,EAAE,CAAC;gCACd,MAAM,CAAC;oCACL,EAAE,EAAE,KAAK;oCACT,MAAM,EAAE,qBAAqB,GAAG,CAAC,KAAK,CAAC,OAAO,IAAI,SAAS,EAAE;iCAC9D,CAAC,CAAC;gCACH,OAAO;4BACT,CAAC;4BACD,MAAM,CAAC,EAAE,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC;4BACrB,OAAO;wBACT,CAAC;oBACH,CAAC;oBAAC,MAAM,CAAC;wBACP,qBAAqB;oBACvB,CAAC;gBACH,CAAC;gBACD,EAAE,GAAG,SAAS,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;YAC/B,CAAC;QACH,CAAC,CAAC,CAAC;QACH,KAAK,CAAC,MAAO,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,KAAa,EAAE,EAAE;YACzC,SAAS,IAAI,KAAK,CAAC;QACrB,CAAC,CAAC,CAAC;QACH,KAAK,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,GAAU,EAAE,EAAE;YAC/B,MAAM,CAAC,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,iBAAiB,GAAG,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC;QAChE,CAAC,CAAC,CAAC;QACH,KAAK,CAAC,EAAE,CAAC,MAAM,EAAE,GAAG,EAAE;YACpB,MAAM,IAAI,GAAG,SAAS,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,GAAG,EAAE,EAAE,IAAI,EAAE,IAAI,aAAa,CAAC;YACzE,MAAM,CAAC,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,yBAAyB,IAAI,EAAE,EAAE,CAAC,CAAC;QACjE,CAAC,CAAC,CAAC;QACH,KAAK,CAAC,KAAM,CAAC,EAAE,CAAC,OAAO,EAAE,GAAG,EAAE;YAC5B,oCAAoC;QACtC,CAAC,CAAC,CAAC;QAEH,IAAI,CAAC;YACH,KAAK,CAAC,KAAM,CAAC,KAAK,CAChB,GAAG,IAAI,CAAC,SAAS,CAAC;gBAChB,OAAO,EAAE,KAAK;gBACd,EAAE,EAAE,CAAC;gBACL,MAAM,EAAE,YAAY;gBACpB,MAAM,EAAE;oBACN,eAAe,EAAE,YAAY;oBAC7B,YAAY,EAAE,EAAE;oBAChB,UAAU,EAAE,EAAE,IAAI,EAAE,oBAAoB,EAAE,OAAO,EAAE,OAAO,EAAE;iBAC7D;aACF,CAAC,IAAI,CACP,CAAC;QACJ,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,CAAC,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,sBAAuB,GAAa,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC;YAC9E,OAAO;QACT,CAAC;QAED,MAAM,CAAC,GAAG,UAAU,CAAC,GAAG,EAAE;YACxB,MAAM,CAAC,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,+BAA+B,SAAS,IAAI,EAAE,CAAC,CAAC;QAC9E,CAAC,EAAE,SAAS,CAAC,CAAC;QACd,CAAC,CAAC,KAAK,EAAE,CAAC;IACZ,CAAC,CAAC,CAAC;AACL,CAAC"}
|
|
@@ -7,6 +7,7 @@
|
|
|
7
7
|
// `harness explain --trace` (Phase 4 #6/#7) grep for.
|
|
8
8
|
import { spawn } from "node:child_process";
|
|
9
9
|
import { parseLedgerTimestamp } from "../policies/timestamp.js";
|
|
10
|
+
import { expandHome, expandHomeInEnv } from "./expand-home.js";
|
|
10
11
|
import { VERSION } from "../version.js";
|
|
11
12
|
const DEFAULT_TIMEOUT_MS = 5_000;
|
|
12
13
|
const SOURCE = "harness-policy-intercept";
|
|
@@ -19,13 +20,6 @@ const SOURCE = "harness-policy-intercept";
|
|
|
19
20
|
*/
|
|
20
21
|
export const POLICY_DECISION_TYPE = "policy_decision";
|
|
21
22
|
const PREFIX = POLICY_DECISION_TYPE;
|
|
22
|
-
function expandHomePath(p) {
|
|
23
|
-
if (p === "~")
|
|
24
|
-
return process.env.HOME ?? "";
|
|
25
|
-
if (p.startsWith("~/"))
|
|
26
|
-
return `${process.env.HOME ?? ""}/${p.slice(2)}`;
|
|
27
|
-
return p;
|
|
28
|
-
}
|
|
29
23
|
export function payloadFromDecision(decision) {
|
|
30
24
|
return {
|
|
31
25
|
name: decision.policyName,
|
|
@@ -82,17 +76,24 @@ export async function recordPolicyDecision(decision, sessionId, opts) {
|
|
|
82
76
|
if (!list || list.length === 0) {
|
|
83
77
|
return { ok: false, reason: "grounding-mcp command is empty" };
|
|
84
78
|
}
|
|
85
|
-
const exe =
|
|
86
|
-
const args = list.slice(1).map(
|
|
79
|
+
const exe = expandHome(list[0]);
|
|
80
|
+
const args = list.slice(1).map((p) => expandHome(p));
|
|
87
81
|
const timeoutMs = opts.timeoutMs ?? DEFAULT_TIMEOUT_MS;
|
|
88
82
|
const payload = payloadFromDecision(decision);
|
|
89
83
|
const content = encodeLedgerContent(payload);
|
|
84
|
+
// Defense-in-depth (agent-tasks/973596d7): expand leading `~/` in
|
|
85
|
+
// every env value before merging into the spawned process env. The
|
|
86
|
+
// validate-time warning still fires for operators with the literal
|
|
87
|
+
// tilde in their manifest, but a manifest that bypassed validate
|
|
88
|
+
// (or the warning was ignored on) cannot now scatter a rogue
|
|
89
|
+
// cwd-relative `./~/…` path. See expandHome doc for scope.
|
|
90
|
+
const expandedEnv = expandHomeInEnv(opts.mcpEnv);
|
|
90
91
|
return new Promise((resolve) => {
|
|
91
92
|
let child;
|
|
92
93
|
try {
|
|
93
94
|
child = spawn(exe, args, {
|
|
94
95
|
cwd: opts.cwd,
|
|
95
|
-
env: { ...process.env, ...(
|
|
96
|
+
env: { ...process.env, ...(expandedEnv ?? {}) },
|
|
96
97
|
stdio: ["pipe", "pipe", "pipe"],
|
|
97
98
|
});
|
|
98
99
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"ledger-record.js","sourceRoot":"","sources":["../../src/runtime/ledger-record.ts"],"names":[],"mappings":"AAAA,mDAAmD;AACnD,EAAE;AACF,kEAAkE;AAClE,8EAA8E;AAC9E,6EAA6E;AAC7E,8DAA8D;AAC9D,sDAAsD;AAEtD,OAAO,EAAE,KAAK,EAAE,MAAM,oBAAoB,CAAC;AAE3C,OAAO,EAAE,oBAAoB,EAAE,MAAM,0BAA0B,CAAC;
|
|
1
|
+
{"version":3,"file":"ledger-record.js","sourceRoot":"","sources":["../../src/runtime/ledger-record.ts"],"names":[],"mappings":"AAAA,mDAAmD;AACnD,EAAE;AACF,kEAAkE;AAClE,8EAA8E;AAC9E,6EAA6E;AAC7E,8DAA8D;AAC9D,sDAAsD;AAEtD,OAAO,EAAE,KAAK,EAAE,MAAM,oBAAoB,CAAC;AAE3C,OAAO,EAAE,oBAAoB,EAAE,MAAM,0BAA0B,CAAC;AAChE,OAAO,EAAE,UAAU,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAC;AAE/D,OAAO,EAAE,OAAO,EAAE,MAAM,eAAe,CAAC;AASxC,MAAM,kBAAkB,GAAG,KAAK,CAAC;AACjC,MAAM,MAAM,GAAG,0BAA0B,CAAC;AAE1C;;;;;;GAMG;AACH,MAAM,CAAC,MAAM,oBAAoB,GAAG,iBAAiB,CAAC;AACtD,MAAM,MAAM,GAAG,oBAAoB,CAAC;AAapC,MAAM,UAAU,mBAAmB,CACjC,QAAwB;IAExB,OAAO;QACL,IAAI,EAAE,QAAQ,CAAC,UAAU;QACzB,OAAO,EAAE,QAAQ,CAAC,OAAO;QACzB,WAAW,EAAE,QAAQ,CAAC,WAAW;QACjC,MAAM,EAAE,QAAQ,CAAC,MAAM;QACvB,SAAS,EAAE,QAAQ,CAAC,SAAS;QAC7B,aAAa,EAAE,QAAQ,CAAC,aAAa;QACrC,GAAG,CAAC,QAAQ,CAAC,YAAY,IAAI,EAAE,YAAY,EAAE,QAAQ,CAAC,YAAY,EAAE,CAAC;QACrE,WAAW,EAAE,QAAQ,CAAC,WAAW;KAClC,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,mBAAmB,CAAC,OAA8B;IAChE,OAAO,GAAG,MAAM,IAAI,OAAO,CAAC,IAAI,IAAI,OAAO,CAAC,OAAO,IAAI,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,EAAE,CAAC;AACnF,CAAC;AAED;;;;;;;;;;;;;GAaG;AACH,MAAM,UAAU,eAAe,CAC7B,KAAkB,EAClB,OAA8B;IAE9B,MAAM,WAAW,GAAG,oBAAoB,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC;IAC9D,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,WAAW,CAAC;QAAE,OAAO,WAAW,CAAC;IACnD,IAAI,KAAK,CAAC,SAAS,YAAY,IAAI;QAAE,OAAO,KAAK,CAAC,SAAS,CAAC,OAAO,EAAE,CAAC;IACtE,OAAO,oBAAoB,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC;AAC/C,CAAC;AAED,MAAM,UAAU,mBAAmB,CAAC,OAAe;IACjD,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,GAAG,MAAM,GAAG,CAAC;QAAE,OAAO,IAAI,CAAC;IACnD,MAAM,KAAK,GAAG,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;IACnC,IAAI,KAAK,KAAK,CAAC,CAAC;QAAE,OAAO,IAAI,CAAC;IAC9B,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,KAAK,GAAG,CAAC,CAAC,CAA0B,CAAC;QAC1E,OAAO,GAAG,CAAC;IACb,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,oBAAoB,CACxC,QAAwB,EACxB,SAAiB,EACjB,IAAyB;IAEzB,MAAM,IAAI,GAAG,IAAI,CAAC,UAAU,CAAC;IAC7B,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC/B,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,gCAAgC,EAAE,CAAC;IACjE,CAAC;IACD,MAAM,GAAG,GAAG,UAAU,CAAC,IAAI,CAAC,CAAC,CAAE,CAAC,CAAC;IACjC,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,CAAC;IACrD,MAAM,SAAS,GAAG,IAAI,CAAC,SAAS,IAAI,kBAAkB,CAAC;IACvD,MAAM,OAAO,GAAG,mBAAmB,CAAC,QAAQ,CAAC,CAAC;IAC9C,MAAM,OAAO,GAAG,mBAAmB,CAAC,OAAO,CAAC,CAAC;IAC7C,kEAAkE;IAClE,mEAAmE;IACnE,mEAAmE;IACnE,iEAAiE;IACjE,6DAA6D;IAC7D,2DAA2D;IAC3D,MAAM,WAAW,GAAG,eAAe,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;IAEjD,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE;QAC7B,IAAI,KAAK,CAAC;QACV,IAAI,CAAC;YACH,KAAK,GAAG,KAAK,CAAC,GAAG,EAAE,IAAI,EAAE;gBACvB,GAAG,EAAE,IAAI,CAAC,GAAG;gBACb,GAAG,EAAE,EAAE,GAAG,OAAO,CAAC,GAAG,EAAE,GAAG,CAAC,WAAW,IAAI,EAAE,CAAC,EAAE;gBAC/C,KAAK,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC;aAChC,CAAC,CAAC;QACL,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,OAAO,CAAC,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,iBAAkB,GAAa,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC;YAC1E,OAAO;QACT,CAAC;QAED,IAAI,OAAO,GAAG,KAAK,CAAC;QACpB,MAAM,MAAM,GAAG,CAAC,CAAmC,EAAQ,EAAE;YAC3D,IAAI,OAAO;gBAAE,OAAO;YACpB,OAAO,GAAG,IAAI,CAAC;YACf,IAAI,CAAC;gBACH,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;YACxB,CAAC;YAAC,MAAM,CAAC;gBACP,YAAY;YACd,CAAC;YACD,OAAO,CAAC,CAAC,CAAC,CAAC;QACb,CAAC,CAAC;QAEF,IAAI,SAAS,GAAG,EAAE,CAAC;QACnB,IAAI,SAAS,GAAG,EAAE,CAAC;QACnB,IAAI,UAAU,GAAG,KAAK,CAAC;QACvB,IAAI,YAAY,GAAG,KAAK,CAAC;QAEzB;;;;;WAKG;QACH,MAAM,cAAc,GAAG,GAAS,EAAE;YAChC,KAAK,CAAC,KAAK,CAAC,KAAK,CACf,GAAG,IAAI,CAAC,SAAS,CAAC;gBAChB,OAAO,EAAE,KAAK;gBACd,EAAE,EAAE,CAAC;gBACL,MAAM,EAAE,YAAY;gBACpB,MAAM,EAAE;oBACN,IAAI,EAAE,YAAY;oBAClB,SAAS,EAAE;wBACT,SAAS;wBACT,IAAI,EAAE,oBAAoB;wBAC1B,OAAO;wBACP,MAAM,EAAE,MAAM;qBACf;iBACF;aACF,CAAC,IAAI,CACP,CAAC;QACJ,CAAC,CAAC;QAEF,MAAM,eAAe,GAAG,GAAS,EAAE;YACjC,YAAY,GAAG,IAAI,CAAC;YACpB,KAAK,CAAC,KAAK,CAAC,KAAK,CACf,GAAG,IAAI,CAAC,SAAS,CAAC;gBAChB,OAAO,EAAE,KAAK;gBACd,EAAE,EAAE,CAAC;gBACL,MAAM,EAAE,YAAY;gBACpB,MAAM,EAAE;oBACN,IAAI,EAAE,YAAY;oBAClB,SAAS,EAAE;wBACT,SAAS;wBACT,IAAI,EAAE,MAAM;wBACZ,OAAO;wBACP,MAAM,EAAE,MAAM;qBACf;iBACF;aACF,CAAC,IAAI,CACP,CAAC;QACJ,CAAC,CAAC;QAEF,KAAK,CAAC,MAAM,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,KAAa,EAAE,EAAE;YACxC,SAAS,IAAI,KAAK,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;YACpC,IAAI,EAAE,GAAG,SAAS,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;YACjC,OAAO,EAAE,KAAK,CAAC,CAAC,EAAE,CAAC;gBACjB,MAAM,IAAI,GAAG,SAAS,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;gBAC3C,SAAS,GAAG,SAAS,CAAC,KAAK,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC;gBACpC,IAAI,IAAI,EAAE,CAAC;oBACT,IAAI,CAAC;wBACH,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAG1B,CAAC;wBACF,IAAI,GAAG,CAAC,EAAE,KAAK,CAAC,IAAI,CAAC,UAAU,EAAE,CAAC;4BAChC,KAAK,CAAC,KAAK,CAAC,KAAK,CACf,GAAG,IAAI,CAAC,SAAS,CAAC;gCAChB,OAAO,EAAE,KAAK;gCACd,MAAM,EAAE,2BAA2B;6BACpC,CAAC,IAAI,CACP,CAAC;4BACF,cAAc,EAAE,CAAC;4BACjB,UAAU,GAAG,IAAI,CAAC;wBACpB,CAAC;6BAAM,IAAI,GAAG,CAAC,EAAE,KAAK,CAAC,EAAE,CAAC;4BACxB,IAAI,GAAG,CAAC,KAAK,EAAE,CAAC;gCACd,0CAA0C;gCAC1C,mDAAmD;gCACnD,oCAAoC;gCACpC,IAAI,CAAC,YAAY,EAAE,CAAC;oCAClB,eAAe,EAAE,CAAC;oCAClB,OAAO;gCACT,CAAC;gCACD,MAAM,CAAC;oCACL,EAAE,EAAE,KAAK;oCACT,MAAM,EAAE,qBAAqB,GAAG,CAAC,KAAK,CAAC,OAAO,IAAI,SAAS,EAAE;iCAC9D,CAAC,CAAC;gCACH,OAAO;4BACT,CAAC;4BACD,MAAM,CAAC,EAAE,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC;4BACrB,OAAO;wBACT,CAAC;6BAAM,IAAI,GAAG,CAAC,EAAE,KAAK,CAAC,EAAE,CAAC;4BACxB,IAAI,GAAG,CAAC,KAAK,EAAE,CAAC;gCACd,MAAM,CAAC;oCACL,EAAE,EAAE,KAAK;oCACT,MAAM,EAAE,qBAAqB,GAAG,CAAC,KAAK,CAAC,OAAO,IAAI,SAAS,EAAE;iCAC9D,CAAC,CAAC;gCACH,OAAO;4BACT,CAAC;4BACD,MAAM,CAAC,EAAE,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC;4BACrB,OAAO;wBACT,CAAC;oBACH,CAAC;oBAAC,MAAM,CAAC;wBACP,qBAAqB;oBACvB,CAAC;gBACH,CAAC;gBACD,EAAE,GAAG,SAAS,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;YAC/B,CAAC;QACH,CAAC,CAAC,CAAC;QACH,KAAK,CAAC,MAAM,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,CAAS,EAAE,EAAE;YACpC,SAAS,IAAI,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;QAClC,CAAC,CAAC,CAAC;QACH,KAAK,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,GAAU,EAAE,EAAE;YAC/B,MAAM,CAAC,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,iBAAiB,GAAG,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC;QAChE,CAAC,CAAC,CAAC;QACH,KAAK,CAAC,EAAE,CAAC,MAAM,EAAE,GAAG,EAAE;YACpB,MAAM,IAAI,GAAG,SAAS,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,GAAG,EAAE,EAAE,IAAI,EAAE,IAAI,aAAa,CAAC;YACzE,MAAM,CAAC,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,yBAAyB,IAAI,EAAE,EAAE,CAAC,CAAC;QACjE,CAAC,CAAC,CAAC;QACH,KAAK,CAAC,KAAK,CAAC,EAAE,CAAC,OAAO,EAAE,GAAG,EAAE;YAC3B,kCAAkC;QACpC,CAAC,CAAC,CAAC;QAEH,IAAI,CAAC;YACH,KAAK,CAAC,KAAK,CAAC,KAAK,CACf,GAAG,IAAI,CAAC,SAAS,CAAC;gBAChB,OAAO,EAAE,KAAK;gBACd,EAAE,EAAE,CAAC;gBACL,MAAM,EAAE,YAAY;gBACpB,MAAM,EAAE;oBACN,eAAe,EAAE,YAAY;oBAC7B,YAAY,EAAE,EAAE;oBAChB,UAAU,EAAE,EAAE,IAAI,EAAE,0BAA0B,EAAE,OAAO,EAAE,OAAO,EAAE;iBACnE;aACF,CAAC,IAAI,CACP,CAAC;QACJ,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,CAAC,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,sBAAuB,GAAa,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC;YAC9E,OAAO;QACT,CAAC;QAED,MAAM,CAAC,GAAG,UAAU,CAAC,GAAG,EAAE;YACxB,MAAM,CAAC,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,+BAA+B,SAAS,IAAI,EAAE,CAAC,CAAC;QAC9E,CAAC,EAAE,SAAS,CAAC,CAAC;QACd,CAAC,CAAC,KAAK,EAAE,CAAC;IACZ,CAAC,CAAC,CAAC;AACL,CAAC"}
|