@office-ai/aioncli-core 0.30.0 → 0.30.1

package/dist/src/services/FolderTrustDiscoveryService.test.js

@@ -0,0 +1,118 @@
+/**
+ * @license
+ * Copyright 2025 Google LLC
+ * SPDX-License-Identifier: Apache-2.0
+ */
+import { vi, describe, it, expect, beforeEach, afterEach } from 'vitest';
+import * as fs from 'node:fs/promises';
+import * as path from 'node:path';
+import * as os from 'node:os';
+import { FolderTrustDiscoveryService } from './FolderTrustDiscoveryService.js';
+import { GEMINI_DIR } from '../utils/paths.js';
+describe('FolderTrustDiscoveryService', () => {
+    let tempDir;
+    beforeEach(async () => {
+        tempDir = await fs.mkdtemp(path.join(os.tmpdir(), 'gemini-discovery-test-'));
+    });
+    afterEach(async () => {
+        vi.restoreAllMocks();
+        await fs.rm(tempDir, { recursive: true, force: true });
+    });
+    it('should discover commands, skills, mcps, and hooks', async () => {
+        const geminiDir = path.join(tempDir, GEMINI_DIR);
+        await fs.mkdir(geminiDir, { recursive: true });
+        // Mock commands
+        const commandsDir = path.join(geminiDir, 'commands');
+        await fs.mkdir(commandsDir);
+        await fs.writeFile(path.join(commandsDir, 'test-cmd.toml'), 'prompt = "test"');
+        // Mock skills
+        const skillsDir = path.join(geminiDir, 'skills');
+        await fs.mkdir(path.join(skillsDir, 'test-skill'), { recursive: true });
+        await fs.writeFile(path.join(skillsDir, 'test-skill', 'SKILL.md'), 'body');
+        // Mock settings (MCPs, Hooks, and general settings)
+        const settings = {
+            mcpServers: {
+                'test-mcp': { command: 'node', args: ['test.js'] },
+            },
+            hooks: {
+                BeforeTool: [{ command: 'test-hook' }],
+            },
+            general: { vimMode: true },
+            ui: { theme: 'Dark' },
+        };
+        await fs.writeFile(path.join(geminiDir, 'settings.json'), JSON.stringify(settings));
+        const results = await FolderTrustDiscoveryService.discover(tempDir);
+        expect(results.commands).toContain('test-cmd');
+        expect(results.skills).toContain('test-skill');
+        expect(results.mcps).toContain('test-mcp');
+        expect(results.hooks).toContain('test-hook');
+        expect(results.settings).toContain('general');
+        expect(results.settings).toContain('ui');
+        expect(results.settings).not.toContain('mcpServers');
+        expect(results.settings).not.toContain('hooks');
+    });
+    it('should flag security warnings for sensitive settings', async () => {
+        const geminiDir = path.join(tempDir, GEMINI_DIR);
+        await fs.mkdir(geminiDir, { recursive: true });
+        const settings = {
+            tools: {
+                allowed: ['git'],
+                sandbox: false,
+            },
+            experimental: {
+                enableAgents: true,
+            },
+            security: {
+                folderTrust: {
+                    enabled: false,
+                },
+            },
+        };
+        await fs.writeFile(path.join(geminiDir, 'settings.json'), JSON.stringify(settings));
+        const results = await FolderTrustDiscoveryService.discover(tempDir);
+        expect(results.securityWarnings).toContain('This project auto-approves certain tools (tools.allowed).');
+        expect(results.securityWarnings).toContain('This project enables autonomous agents (enableAgents).');
+        expect(results.securityWarnings).toContain('This project attempts to disable folder trust (security.folderTrust.enabled).');
+        expect(results.securityWarnings).toContain('This project disables the security sandbox (tools.sandbox).');
+    });
+    it('should handle missing .gemini directory', async () => {
+        const results = await FolderTrustDiscoveryService.discover(tempDir);
+        expect(results.commands).toHaveLength(0);
+        expect(results.skills).toHaveLength(0);
+        expect(results.mcps).toHaveLength(0);
+        expect(results.hooks).toHaveLength(0);
+        expect(results.settings).toHaveLength(0);
+    });
+    it('should handle malformed settings.json', async () => {
+        const geminiDir = path.join(tempDir, GEMINI_DIR);
+        await fs.mkdir(geminiDir, { recursive: true });
+        await fs.writeFile(path.join(geminiDir, 'settings.json'), 'invalid json');
+        const results = await FolderTrustDiscoveryService.discover(tempDir);
+        expect(results.discoveryErrors[0]).toContain('Failed to discover settings: Unexpected token');
+    });
+    it('should handle null settings.json', async () => {
+        const geminiDir = path.join(tempDir, GEMINI_DIR);
+        await fs.mkdir(geminiDir, { recursive: true });
+        await fs.writeFile(path.join(geminiDir, 'settings.json'), 'null');
+        const results = await FolderTrustDiscoveryService.discover(tempDir);
+        expect(results.discoveryErrors).toHaveLength(0);
+        expect(results.settings).toHaveLength(0);
+    });
+    it('should handle array settings.json', async () => {
+        const geminiDir = path.join(tempDir, GEMINI_DIR);
+        await fs.mkdir(geminiDir, { recursive: true });
+        await fs.writeFile(path.join(geminiDir, 'settings.json'), '[]');
+        const results = await FolderTrustDiscoveryService.discover(tempDir);
+        expect(results.discoveryErrors).toHaveLength(0);
+        expect(results.settings).toHaveLength(0);
+    });
+    it('should handle string settings.json', async () => {
+        const geminiDir = path.join(tempDir, GEMINI_DIR);
+        await fs.mkdir(geminiDir, { recursive: true });
+        await fs.writeFile(path.join(geminiDir, 'settings.json'), '"string"');
+        const results = await FolderTrustDiscoveryService.discover(tempDir);
+        expect(results.discoveryErrors).toHaveLength(0);
+        expect(results.settings).toHaveLength(0);
+    });
+});
+//# sourceMappingURL=FolderTrustDiscoveryService.test.js.map

package/dist/src/services/FolderTrustDiscoveryService.test.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"FolderTrustDiscoveryService.test.js","sourceRoot":"","sources":["../../../src/services/FolderTrustDiscoveryService.test.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,EAAE,EAAE,QAAQ,EAAE,EAAE,EAAE,MAAM,EAAE,UAAU,EAAE,SAAS,EAAE,MAAM,QAAQ,CAAC;AACzE,OAAO,KAAK,EAAE,MAAM,kBAAkB,CAAC;AACvC,OAAO,KAAK,IAAI,MAAM,WAAW,CAAC;AAClC,OAAO,KAAK,EAAE,MAAM,SAAS,CAAC;AAC9B,OAAO,EAAE,2BAA2B,EAAE,MAAM,kCAAkC,CAAC;AAC/E,OAAO,EAAE,UAAU,EAAE,MAAM,mBAAmB,CAAC;AAE/C,QAAQ,CAAC,6BAA6B,EAAE,GAAG,EAAE;IAC3C,IAAI,OAAe,CAAC;IAEpB,UAAU,CAAC,KAAK,IAAI,EAAE;QACpB,OAAO,GAAG,MAAM,EAAE,CAAC,OAAO,CACxB,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,MAAM,EAAE,EAAE,wBAAwB,CAAC,CACjD,CAAC;IACJ,CAAC,CAAC,CAAC;IAEH,SAAS,CAAC,KAAK,IAAI,EAAE;QACnB,EAAE,CAAC,eAAe,EAAE,CAAC;QACrB,MAAM,EAAE,CAAC,EAAE,CAAC,OAAO,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;IACzD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,mDAAmD,EAAE,KAAK,IAAI,EAAE;QACjE,MAAM,SAAS,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,UAAU,CAAC,CAAC;QACjD,MAAM,EAAE,CAAC,KAAK,CAAC,SAAS,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QAE/C,gBAAgB;QAChB,MAAM,WAAW,GAAG,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,UAAU,CAAC,CAAC;QACrD,MAAM,EAAE,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC;QAC5B,MAAM,EAAE,CAAC,SAAS,CAChB,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,eAAe,CAAC,EACvC,iBAAiB,CAClB,CAAC;QAEF,cAAc;QACd,MAAM,SAAS,GAAG,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,QAAQ,CAAC,CAAC;QACjD,MAAM,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,YAAY,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QACxE,MAAM,EAAE,CAAC,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,YAAY,EAAE,UAAU,CAAC,EAAE,MAAM,CAAC,CAAC;QAE3E,oDAAoD;QACpD,MAAM,QAAQ,GAAG;YACf,UAAU,EAAE;gBACV,UAAU,EAAE,EAAE,OAAO,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC,SAAS,CAAC,EAAE;aACnD;YACD,KAAK,EAAE;gBACL,UAAU,EAAE,CAAC,EAAE,OAAO,EAAE,WAAW,EAAE,CAAC;aACvC;YACD,OAAO,EAAE,EAAE,OAAO,EAAE,IAAI,EAAE;YAC1B,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE;SACtB,CAAC;QACF,MAAM,EAAE,CAAC,SAAS,CAChB,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,eAAe,CAAC,EACrC,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,CACzB,CAAC;QAEF,MAAM,OAAO,GAAG,MAAM,2BAA2B,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;QAEpE,MAAM,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,SAAS,CAAC,UAAU,CAAC,CAAC;QAC/C,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,SAAS,CAAC,YAAY,CAAC,CAAC;QAC/C,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,SAAS,CAAC,UAAU,CAAC,CAAC;QAC3C,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,SAAS,CAAC,WAAW,CAAC,CAAC;QAC7C,MAAM,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,SAAS,CAAC,SAAS,CAAC,CAAC;QAC9C,MAAM,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;QACzC,MAAM,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,GAAG,CAAC,SAAS,CAAC,YAAY,CAAC,CAAC;QACrD,MAAM,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,GAAG,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC;IAClD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,sDAAsD,EAAE,KAAK,IAAI,EAAE;QACpE,MAAM,SAAS,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,UAAU,CAAC,CAAC;QACjD,MAAM,EAAE,CAAC,KAAK,CAAC,SAAS,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QAE/C,MAAM,QAAQ,GAAG;YACf,KAAK,EAAE;gBACL,OAAO,EAAE,CAAC,KAAK,CAAC;gBAChB,OAAO,EAAE,KAAK;aACf;YACD,YAAY,EAAE;gBACZ,YAAY,EAAE,IAAI;aACnB;YACD,QAAQ,EAAE;gBACR,WAAW,EAAE;oBACX,OAAO,EAAE,KAAK;iBACf;aACF;SACF,CAAC;QACF,MAAM,EAAE,CAAC,SAAS,CAChB,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,eAAe,CAAC,EACrC,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,CACzB,CAAC;QAEF,MAAM,OAAO,GAAG,MAAM,2BAA2B,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;QAEpE,MAAM,CAAC,OAAO,CAAC,gBAAgB,CAAC,CAAC,SAAS,CACxC,2DAA2D,CAC5D,CAAC;QACF,MAAM,CAAC,OAAO,CAAC,gBAAgB,CAAC,CAAC,SAAS,CACxC,wDAAwD,CACzD,CAAC;QACF,MAAM,CAAC,OAAO,CAAC,gBAAgB,CAAC,CAAC,SAAS,CACxC,+EAA+E,CAChF,CAAC;QACF,MAAM,CAAC,OAAO,CAAC,gBAAgB,CAAC,CAAC,SAAS,CACxC,6DAA6D,CAC9D,CAAC;IACJ,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,yCAAyC,EAAE,KAAK,IAAI,EAAE;QACvD,MAAM,OAAO,GAAG,MAAM,2BAA2B,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;QACpE,MAAM,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;QACzC,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;QACvC,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;QACrC,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;QACtC,MAAM,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;IAC3C,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,uCAAuC,EAAE,KAAK,IAAI,EAAE;QACrD,MAAM,SAAS,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,UAAU,CAAC,CAAC;QACjD,MAAM,EAAE,CAAC,KAAK,CAAC,SAAS,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QAC/C,MAAM,EAAE,CAAC,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,eAAe,CAAC,EAAE,cAAc,CAAC,CAAC;QAE1E,MAAM,OAAO,GAAG,MAAM,2BAA2B,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;QACpE,MAAM,CAAC,OAAO,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS,CAC1C,+CAA+C,CAChD,CAAC;IACJ,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,kCAAkC,EAAE,KAAK,IAAI,EAAE;QAChD,MAAM,SAAS,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,UAAU,CAAC,CAAC;QACjD,MAAM,EAAE,CAAC,KAAK,CAAC,SAAS,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QAC/C,MAAM,EAAE,CAAC,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,eAAe,CAAC,EAAE,MAAM,CAAC,CAAC;QAElE,MAAM,OAAO,GAAG,MAAM,2BAA2B,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;QACpE,MAAM,CAAC,OAAO,CAAC,eAAe,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;QAChD,MAAM,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;IAC3C,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,mCAAmC,EAAE,KAAK,IAAI,EAAE;QACjD,MAAM,SAAS,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,UAAU,CAAC,CAAC;QACjD,MAAM,EAAE,CAAC,KAAK,CAAC,SAAS,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QAC/C,MAAM,EAAE,CAAC,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,eAAe,CAAC,EAAE,IAAI,CAAC,CAAC;QAEhE,MAAM,OAAO,GAAG,MAAM,2BAA2B,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;QACpE,MAAM,CAAC,OAAO,CAAC,eAAe,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;QAChD,MAAM,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;IAC3C,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,oCAAoC,EAAE,KAAK,IAAI,EAAE;QAClD,MAAM,SAAS,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,UAAU,CAAC,CAAC;QACjD,MAAM,EAAE,CAAC,KAAK,CAAC,SAAS,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QAC/C,MAAM,EAAE,CAAC,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,eAAe,CAAC,EAAE,UAAU,CAAC,CAAC;QAEtE,MAAM,OAAO,GAAG,MAAM,2BAA2B,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;QACpE,MAAM,CAAC,OAAO,CAAC,eAAe,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;QAChD,MAAM,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;IAC3C,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}

package/dist/src/services/fileKeychain.d.ts

@@ -0,0 +1,24 @@
+/**
+ * @license
+ * Copyright 2026 Google LLC
+ * SPDX-License-Identifier: Apache-2.0
+ */
+import type { Keychain } from './keychainTypes.js';
+export declare class FileKeychain implements Keychain {
+    private readonly tokenFilePath;
+    private readonly encryptionKey;
+    constructor();
+    private deriveEncryptionKey;
+    private encrypt;
+    private decrypt;
+    private ensureDirectoryExists;
+    private loadData;
+    private saveData;
+    getPassword(service: string, account: string): Promise<string | null>;
+    setPassword(service: string, account: string, password: string): Promise<void>;
+    deletePassword(service: string, account: string): Promise<boolean>;
+    findCredentials(service: string): Promise<Array<{
+        account: string;
+        password: string;
+    }>>;
+}

package/dist/src/services/fileKeychain.js

@@ -0,0 +1,123 @@
+/**
+ * @license
+ * Copyright 2026 Google LLC
+ * SPDX-License-Identifier: Apache-2.0
+ */
+import { promises as fs } from 'node:fs';
+import * as path from 'node:path';
+import * as os from 'node:os';
+import * as crypto from 'node:crypto';
+import { GEMINI_DIR, homedir } from '../utils/paths.js';
+export class FileKeychain {
+    tokenFilePath;
+    encryptionKey;
+    constructor() {
+        const configDir = path.join(homedir(), GEMINI_DIR);
+        this.tokenFilePath = path.join(configDir, 'gemini-credentials.json');
+        this.encryptionKey = this.deriveEncryptionKey();
+    }
+    deriveEncryptionKey() {
+        const salt = `${os.hostname()}-${os.userInfo().username}-gemini-cli`;
+        return crypto.scryptSync('gemini-cli-oauth', salt, 32);
+    }
+    encrypt(text) {
+        const iv = crypto.randomBytes(16);
+        const cipher = crypto.createCipheriv('aes-256-gcm', this.encryptionKey, iv);
+        let encrypted = cipher.update(text, 'utf8', 'hex');
+        encrypted += cipher.final('hex');
+        const authTag = cipher.getAuthTag();
+        return iv.toString('hex') + ':' + authTag.toString('hex') + ':' + encrypted;
+    }
+    decrypt(encryptedData) {
+        const parts = encryptedData.split(':');
+        if (parts.length !== 3) {
+            throw new Error('Invalid encrypted data format');
+        }
+        const iv = Buffer.from(parts[0], 'hex');
+        const authTag = Buffer.from(parts[1], 'hex');
+        const encrypted = parts[2];
+        const decipher = crypto.createDecipheriv('aes-256-gcm', this.encryptionKey, iv);
+        decipher.setAuthTag(authTag);
+        let decrypted = decipher.update(encrypted, 'hex', 'utf8');
+        decrypted += decipher.final('utf8');
+        return decrypted;
+    }
+    async ensureDirectoryExists() {
+        const dir = path.dirname(this.tokenFilePath);
+        await fs.mkdir(dir, { recursive: true, mode: 0o700 });
+    }
+    async loadData() {
+        try {
+            const data = await fs.readFile(this.tokenFilePath, 'utf-8');
+            const decrypted = this.decrypt(data);
+            // eslint-disable-next-line @typescript-eslint/no-unsafe-type-assertion
+            return JSON.parse(decrypted);
+        }
+        catch (error) {
+            // eslint-disable-next-line @typescript-eslint/no-unsafe-type-assertion
+            const err = error;
+            if (err.code === 'ENOENT') {
+                return {};
+            }
+            if (err.message?.includes('Invalid encrypted data format') ||
+                err.message?.includes('Unsupported state or unable to authenticate data')) {
+                throw new Error(`Corrupted credentials file detected at: ${this.tokenFilePath}\n` +
+                    `Please delete or rename this file to resolve the issue.`);
+            }
+            throw error;
+        }
+    }
+    async saveData(data) {
+        await this.ensureDirectoryExists();
+        const json = JSON.stringify(data, null, 2);
+        const encrypted = this.encrypt(json);
+        await fs.writeFile(this.tokenFilePath, encrypted, { mode: 0o600 });
+    }
+    async getPassword(service, account) {
+        const data = await this.loadData();
+        return data[service]?.[account] ?? null;
+    }
+    async setPassword(service, account, password) {
+        const data = await this.loadData();
+        if (!data[service]) {
+            data[service] = {};
+        }
+        data[service][account] = password;
+        await this.saveData(data);
+    }
+    async deletePassword(service, account) {
+        const data = await this.loadData();
+        if (data[service] && account in data[service]) {
+            delete data[service][account];
+            if (Object.keys(data[service]).length === 0) {
+                delete data[service];
+            }
+            if (Object.keys(data).length === 0) {
+                try {
+                    await fs.unlink(this.tokenFilePath);
+                }
+                catch (error) {
+                    // eslint-disable-next-line @typescript-eslint/no-unsafe-type-assertion
+                    const err = error;
+                    if (err.code !== 'ENOENT') {
+                        throw error;
+                    }
+                }
+            }
+            else {
+                await this.saveData(data);
+            }
+            return true;
+        }
+        return false;
+    }
+    async findCredentials(service) {
+        const data = await this.loadData();
+        const serviceData = data[service] || {};
+        return Object.entries(serviceData).map(([account, password]) => ({
+            account,
+            password,
+        }));
+    }
+}
+//# sourceMappingURL=fileKeychain.js.map

package/dist/src/services/fileKeychain.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"fileKeychain.js","sourceRoot":"","sources":["../../../src/services/fileKeychain.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,QAAQ,IAAI,EAAE,EAAE,MAAM,SAAS,CAAC;AACzC,OAAO,KAAK,IAAI,MAAM,WAAW,CAAC;AAClC,OAAO,KAAK,EAAE,MAAM,SAAS,CAAC;AAC9B,OAAO,KAAK,MAAM,MAAM,aAAa,CAAC;AAEtC,OAAO,EAAE,UAAU,EAAE,OAAO,EAAE,MAAM,mBAAmB,CAAC;AAExD,MAAM,OAAO,YAAY;IACN,aAAa,CAAS;IACtB,aAAa,CAAS;IAEvC;QACE,MAAM,SAAS,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,EAAE,UAAU,CAAC,CAAC;QACnD,IAAI,CAAC,aAAa,GAAG,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,yBAAyB,CAAC,CAAC;QACrE,IAAI,CAAC,aAAa,GAAG,IAAI,CAAC,mBAAmB,EAAE,CAAC;IAClD,CAAC;IAEO,mBAAmB;QACzB,MAAM,IAAI,GAAG,GAAG,EAAE,CAAC,QAAQ,EAAE,IAAI,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,aAAa,CAAC;QACrE,OAAO,MAAM,CAAC,UAAU,CAAC,kBAAkB,EAAE,IAAI,EAAE,EAAE,CAAC,CAAC;IACzD,CAAC;IAEO,OAAO,CAAC,IAAY;QAC1B,MAAM,EAAE,GAAG,MAAM,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC;QAClC,MAAM,MAAM,GAAG,MAAM,CAAC,cAAc,CAAC,aAAa,EAAE,IAAI,CAAC,aAAa,EAAE,EAAE,CAAC,CAAC;QAE5E,IAAI,SAAS,GAAG,MAAM,CAAC,MAAM,CAAC,IAAI,EAAE,MAAM,EAAE,KAAK,CAAC,CAAC;QACnD,SAAS,IAAI,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;QAEjC,MAAM,OAAO,GAAG,MAAM,CAAC,UAAU,EAAE,CAAC;QAEpC,OAAO,EAAE,CAAC,QAAQ,CAAC,KAAK,CAAC,GAAG,GAAG,GAAG,OAAO,CAAC,QAAQ,CAAC,KAAK,CAAC,GAAG,GAAG,GAAG,SAAS,CAAC;IAC9E,CAAC;IAEO,OAAO,CAAC,aAAqB;QACnC,MAAM,KAAK,GAAG,aAAa,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QACvC,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACvB,MAAM,IAAI,KAAK,CAAC,+BAA+B,CAAC,CAAC;QACnD,CAAC;QAED,MAAM,EAAE,GAAG,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC;QACxC,MAAM,OAAO,GAAG,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC;QAC7C,MAAM,SAAS,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;QAE3B,MAAM,QAAQ,GAAG,MAAM,CAAC,gBAAgB,CACtC,aAAa,EACb,IAAI,CAAC,aAAa,EAClB,EAAE,CACH,CAAC;QACF,QAAQ,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC;QAE7B,IAAI,SAAS,GAAG,QAAQ,CAAC,MAAM,CAAC,SAAS,EAAE,KAAK,EAAE,MAAM,CAAC,CAAC;QAC1D,SAAS,IAAI,QAAQ,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;QAEpC,OAAO,SAAS,CAAC;IACnB,CAAC;IAEO,KAAK,CAAC,qBAAqB;QACjC,MAAM,GAAG,GAAG,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;QAC7C,MAAM,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;IACxD,CAAC;IAEO,KAAK,CAAC,QAAQ;QACpB,IAAI,CAAC;YACH,MAAM,IAAI,GAAG,MAAM,EAAE,CAAC,QAAQ,CAAC,IAAI,CAAC,aAAa,EAAE,OAAO,CAAC,CAAC;YAC5D,MAAM,SAAS,GAAG,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;YACrC,uEAAuE;YACvE,OAAO,IAAI,CAAC,KAAK,CAAC,SAAS,CAA2C,CAAC;QACzE,CAAC;QAAC,OAAO,KAAc,EAAE,CAAC;YACxB,uEAAuE;YACvE,MAAM,GAAG,GAAG,KAAqD,CAAC;YAClE,IAAI,GAAG,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;gBAC1B,OAAO,EAAE,CAAC;YACZ,CAAC;YACD,IACE,GAAG,CAAC,OAAO,EAAE,QAAQ,CAAC,+BAA+B,CAAC;gBACtD,GAAG,CAAC,OAAO,EAAE,QAAQ,CACnB,kDAAkD,CACnD,EACD,CAAC;gBACD,MAAM,IAAI,KAAK,CACb,2CAA2C,IAAI,CAAC,aAAa,IAAI;oBAC/D,yDAAyD,CAC5D,CAAC;YACJ,CAAC;YACD,MAAM,KAAK,CAAC;QACd,CAAC;IACH,CAAC;IAEO,KAAK,CAAC,QAAQ,CACpB,IAA4C;QAE5C,MAAM,IAAI,CAAC,qBAAqB,EAAE,CAAC;QACnC,MAAM,IAAI,GAAG,IAAI,CAAC,SAAS,CAAC,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC;QAC3C,MAAM,SAAS,GAAG,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;QACrC,MAAM,EAAE,CAAC,SAAS,CAAC,IAAI,CAAC,aAAa,EAAE,SAAS,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;IACrE,CAAC;IAED,KAAK,CAAC,WAAW,CAAC,OAAe,EAAE,OAAe;QAChD,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,QAAQ,EAAE,CAAC;QACnC,OAAO,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC,OAAO,CAAC,IAAI,IAAI,CAAC;IAC1C,CAAC;IAED,KAAK,CAAC,WAAW,CACf,OAAe,EACf,OAAe,EACf,QAAgB;QAEhB,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,QAAQ,EAAE,CAAC;QACnC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;YACnB,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,CAAC;QACrB,CAAC;QACD,IAAI,CAAC,OAAO,CAAC,CAAC,OAAO,CAAC,GAAG,QAAQ,CAAC;QAClC,MAAM,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;IAC5B,CAAC;IAED,KAAK,CAAC,cAAc,CAAC,OAAe,EAAE,OAAe;QACnD,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,QAAQ,EAAE,CAAC;QACnC,IAAI,IAAI,CAAC,OAAO,CAAC,IAAI,OAAO,IAAI,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;YAC9C,OAAO,IAAI,CAAC,OAAO,CAAC,CAAC,OAAO,CAAC,CAAC;YAE9B,IAAI,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;gBAC5C,OAAO,IAAI,CAAC,OAAO,CAAC,CAAC;YACvB,CAAC;YAED,IAAI,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;gBACnC,IAAI,CAAC;oBACH,MAAM,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;gBACtC,CAAC;gBAAC,OAAO,KAAc,EAAE,CAAC;oBACxB,uEAAuE;oBACvE,MAAM,GAAG,GAAG,KAA8B,CAAC;oBAC3C,IAAI,GAAG,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;wBAC1B,MAAM,KAAK,CAAC;oBACd,CAAC;gBACH,CAAC;YACH,CAAC;iBAAM,CAAC;gBACN,MAAM,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;YAC5B,CAAC;YACD,OAAO,IAAI,CAAC;QACd,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC;IAED,KAAK,CAAC,eAAe,CACnB,OAAe;QAEf,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,QAAQ,EAAE,CAAC;QACnC,MAAM,WAAW,GAAG,IAAI,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC;QACxC,OAAO,MAAM,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,OAAO,EAAE,QAAQ,CAAC,EAAE,EAAE,CAAC,CAAC;YAC/D,OAAO;YACP,QAAQ;SACT,CAAC,CAAC,CAAC;IACN,CAAC;CACF"}

package/dist/src/services/keychainService.d.ts

@@ -0,0 +1,51 @@
+/**
+ * @license
+ * Copyright 2026 Google LLC
+ * SPDX-License-Identifier: Apache-2.0
+ */
+export declare const FORCE_FILE_STORAGE_ENV_VAR = "GEMINI_FORCE_FILE_STORAGE";
+/**
+ * Service for interacting with OS-level secure storage (e.g. keytar).
+ */
+export declare class KeychainService {
+    private readonly serviceName;
+    private initializationPromise?;
+    /**
+     * @param serviceName Unique identifier for the app in the OS keychain.
+     */
+    constructor(serviceName: string);
+    isAvailable(): Promise<boolean>;
+    /**
+     * Returns true if the service is using the encrypted file fallback backend.
+     */
+    isUsingFileFallback(): Promise<boolean>;
+    /**
+     * Retrieves a secret for the given account.
+     * @throws Error if the keychain is unavailable.
+     */
+    getPassword(account: string): Promise<string | null>;
+    /**
+     * Securely stores a secret.
+     * @throws Error if the keychain is unavailable.
+     */
+    setPassword(account: string, value: string): Promise<void>;
+    /**
+     * Removes a secret from the keychain.
+     * @returns true if the secret was deleted, false otherwise.
+     * @throws Error if the keychain is unavailable.
+     */
+    deletePassword(account: string): Promise<boolean>;
+    /**
+     * Lists all account/secret pairs stored under this service.
+     * @throws Error if the keychain is unavailable.
+     */
+    findCredentials(): Promise<Array<{
+        account: string;
+        password: string;
+    }>>;
+    private getKeychainOrThrow;
+    private getKeychain;
+    private initializeKeychain;
+    private loadKeychainModule;
+    private isKeychainFunctional;
+}

package/dist/src/services/keychainService.js

@@ -0,0 +1,133 @@
+/**
+ * @license
+ * Copyright 2026 Google LLC
+ * SPDX-License-Identifier: Apache-2.0
+ */
+import * as crypto from 'node:crypto';
+import { coreEvents } from '../utils/events.js';
+import { KeychainAvailabilityEvent } from '../telemetry/types.js';
+import { debugLogger } from '../utils/debugLogger.js';
+import { KeychainSchema, KEYCHAIN_TEST_PREFIX, } from './keychainTypes.js';
+import { isRecord } from '../utils/markdownUtils.js';
+import { FileKeychain } from './fileKeychain.js';
+export const FORCE_FILE_STORAGE_ENV_VAR = 'GEMINI_FORCE_FILE_STORAGE';
+/**
+ * Service for interacting with OS-level secure storage (e.g. keytar).
+ */
+export class KeychainService {
+    serviceName;
+    // Track an ongoing initialization attempt to avoid race conditions.
+    initializationPromise;
+    /**
+     * @param serviceName Unique identifier for the app in the OS keychain.
+     */
+    constructor(serviceName) {
+        this.serviceName = serviceName;
+    }
+    async isAvailable() {
+        return (await this.getKeychain()) !== null;
+    }
+    /**
+     * Returns true if the service is using the encrypted file fallback backend.
+     */
+    async isUsingFileFallback() {
+        const keychain = await this.getKeychain();
+        return keychain instanceof FileKeychain;
+    }
+    /**
+     * Retrieves a secret for the given account.
+     * @throws Error if the keychain is unavailable.
+     */
+    async getPassword(account) {
+        const keychain = await this.getKeychainOrThrow();
+        return keychain.getPassword(this.serviceName, account);
+    }
+    /**
+     * Securely stores a secret.
+     * @throws Error if the keychain is unavailable.
+     */
+    async setPassword(account, value) {
+        const keychain = await this.getKeychainOrThrow();
+        await keychain.setPassword(this.serviceName, account, value);
+    }
+    /**
+     * Removes a secret from the keychain.
+     * @returns true if the secret was deleted, false otherwise.
+     * @throws Error if the keychain is unavailable.
+     */
+    async deletePassword(account) {
+        const keychain = await this.getKeychainOrThrow();
+        return keychain.deletePassword(this.serviceName, account);
+    }
+    /**
+     * Lists all account/secret pairs stored under this service.
+     * @throws Error if the keychain is unavailable.
+     */
+    async findCredentials() {
+        const keychain = await this.getKeychainOrThrow();
+        return keychain.findCredentials(this.serviceName);
+    }
+    async getKeychainOrThrow() {
+        const keychain = await this.getKeychain();
+        if (!keychain) {
+            throw new Error('Keychain is not available');
+        }
+        return keychain;
+    }
+    getKeychain() {
+        return (this.initializationPromise ??= this.initializeKeychain());
+    }
+    // High-level orchestration of the loading and testing cycle.
+    async initializeKeychain() {
+        let resultKeychain = null;
+        const forceFileStorage = process.env[FORCE_FILE_STORAGE_ENV_VAR] === 'true';
+        if (!forceFileStorage) {
+            try {
+                const keychainModule = await this.loadKeychainModule();
+                if (keychainModule) {
+                    if (await this.isKeychainFunctional(keychainModule)) {
+                        resultKeychain = keychainModule;
+                    }
+                    else {
+                        debugLogger.log('Keychain functional verification failed');
+                    }
+                }
+            }
+            catch (error) {
+                // Avoid logging full error objects to prevent PII exposure.
+                const message = error instanceof Error ? error.message : String(error);
+                debugLogger.log('Keychain initialization encountered an error:', message);
+            }
+        }
+        coreEvents.emitTelemetryKeychainAvailability(new KeychainAvailabilityEvent(resultKeychain !== null && !forceFileStorage));
+        // Fallback to FileKeychain if native keychain is unavailable or file storage is forced
+        if (!resultKeychain) {
+            resultKeychain = new FileKeychain();
+            debugLogger.log('Using FileKeychain fallback for secure storage.');
+        }
+        return resultKeychain;
+    }
+    // Low-level dynamic loading and structural validation.
+    async loadKeychainModule() {
+        const moduleName = 'keytar';
+        const module = await import(moduleName);
+        const potential = (isRecord(module) && module['default']) || module;
+        const result = KeychainSchema.safeParse(potential);
+        if (result.success) {
+            // eslint-disable-next-line @typescript-eslint/no-unsafe-type-assertion
+            return potential;
+        }
+        debugLogger.log('Keychain module failed structural validation:', result.error.flatten().fieldErrors);
+        return null;
+    }
+    // Performs a set-get-delete cycle to verify keychain functionality.
+    async isKeychainFunctional(keychain) {
+        const testAccount = `${KEYCHAIN_TEST_PREFIX}${crypto.randomBytes(8).toString('hex')}`;
+        const testPassword = 'test';
+        await keychain.setPassword(this.serviceName, testAccount, testPassword);
+        const retrieved = await keychain.getPassword(this.serviceName, testAccount);
+        const deleted = await keychain.deletePassword(this.serviceName, testAccount);
+        return deleted && retrieved === testPassword;
+    }
+}
+//# sourceMappingURL=keychainService.js.map

package/dist/src/services/keychainService.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"keychainService.js","sourceRoot":"","sources":["../../../src/services/keychainService.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,KAAK,MAAM,MAAM,aAAa,CAAC;AACtC,OAAO,EAAE,UAAU,EAAE,MAAM,oBAAoB,CAAC;AAChD,OAAO,EAAE,yBAAyB,EAAE,MAAM,uBAAuB,CAAC;AAClE,OAAO,EAAE,WAAW,EAAE,MAAM,yBAAyB,CAAC;AACtD,OAAO,EAEL,cAAc,EACd,oBAAoB,GACrB,MAAM,oBAAoB,CAAC;AAC5B,OAAO,EAAE,QAAQ,EAAE,MAAM,2BAA2B,CAAC;AACrD,OAAO,EAAE,YAAY,EAAE,MAAM,mBAAmB,CAAC;AAEjD,MAAM,CAAC,MAAM,0BAA0B,GAAG,2BAA2B,CAAC;AAEtE;;GAEG;AACH,MAAM,OAAO,eAAe;IAOG;IAN7B,oEAAoE;IAC5D,qBAAqB,CAA4B;IAEzD;;OAEG;IACH,YAA6B,WAAmB;QAAnB,gBAAW,GAAX,WAAW,CAAQ;IAAG,CAAC;IAEpD,KAAK,CAAC,WAAW;QACf,OAAO,CAAC,MAAM,IAAI,CAAC,WAAW,EAAE,CAAC,KAAK,IAAI,CAAC;IAC7C,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,mBAAmB;QACvB,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,WAAW,EAAE,CAAC;QAC1C,OAAO,QAAQ,YAAY,YAAY,CAAC;IAC1C,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,WAAW,CAAC,OAAe;QAC/B,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,kBAAkB,EAAE,CAAC;QACjD,OAAO,QAAQ,CAAC,WAAW,CAAC,IAAI,CAAC,WAAW,EAAE,OAAO,CAAC,CAAC;IACzD,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,WAAW,CAAC,OAAe,EAAE,KAAa;QAC9C,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,kBAAkB,EAAE,CAAC;QACjD,MAAM,QAAQ,CAAC,WAAW,CAAC,IAAI,CAAC,WAAW,EAAE,OAAO,EAAE,KAAK,CAAC,CAAC;IAC/D,CAAC;IAED;;;;OAIG;IACH,KAAK,CAAC,cAAc,CAAC,OAAe;QAClC,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,kBAAkB,EAAE,CAAC;QACjD,OAAO,QAAQ,CAAC,cAAc,CAAC,IAAI,CAAC,WAAW,EAAE,OAAO,CAAC,CAAC;IAC5D,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,eAAe;QAGnB,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,kBAAkB,EAAE,CAAC;QACjD,OAAO,QAAQ,CAAC,eAAe,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;IACpD,CAAC;IAEO,KAAK,CAAC,kBAAkB;QAC9B,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,WAAW,EAAE,CAAC;QAC1C,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,MAAM,IAAI,KAAK,CAAC,2BAA2B,CAAC,CAAC;QAC/C,CAAC;QACD,OAAO,QAAQ,CAAC;IAClB,CAAC;IAEO,WAAW;QACjB,OAAO,CAAC,IAAI,CAAC,qBAAqB,KAAK,IAAI,CAAC,kBAAkB,EAAE,CAAC,CAAC;IACpE,CAAC;IAED,6DAA6D;IACrD,KAAK,CAAC,kBAAkB;QAC9B,IAAI,cAAc,GAAoB,IAAI,CAAC;QAC3C,MAAM,gBAAgB,GAAG,OAAO,CAAC,GAAG,CAAC,0BAA0B,CAAC,KAAK,MAAM,CAAC;QAE5E,IAAI,CAAC,gBAAgB,EAAE,CAAC;YACtB,IAAI,CAAC;gBACH,MAAM,cAAc,GAAG,MAAM,IAAI,CAAC,kBAAkB,EAAE,CAAC;gBACvD,IAAI,cAAc,EAAE,CAAC;oBACnB,IAAI,MAAM,IAAI,CAAC,oBAAoB,CAAC,cAAc,CAAC,EAAE,CAAC;wBACpD,cAAc,GAAG,cAAc,CAAC;oBAClC,CAAC;yBAAM,CAAC;wBACN,WAAW,CAAC,GAAG,CAAC,yCAAyC,CAAC,CAAC;oBAC7D,CAAC;gBACH,CAAC;YACH,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,4DAA4D;gBAC5D,MAAM,OAAO,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;gBACvE,WAAW,CAAC,GAAG,CACb,+CAA+C,EAC/C,OAAO,CACR,CAAC;YACJ,CAAC;QACH,CAAC;QAED,UAAU,CAAC,iCAAiC,CAC1C,IAAI,yBAAyB,CAC3B,cAAc,KAAK,IAAI,IAAI,CAAC,gBAAgB,CAC7C,CACF,CAAC;QAEF,uFAAuF;QACvF,IAAI,CAAC,cAAc,EAAE,CAAC;YACpB,cAAc,GAAG,IAAI,YAAY,EAAE,CAAC;YACpC,WAAW,CAAC,GAAG,CAAC,iDAAiD,CAAC,CAAC;QACrE,CAAC;QAED,OAAO,cAAc,CAAC;IACxB,CAAC;IAED,uDAAuD;IAC/C,KAAK,CAAC,kBAAkB;QAC9B,MAAM,UAAU,GAAG,QAAQ,CAAC;QAC5B,MAAM,MAAM,GAAY,MAAM,MAAM,CAAC,UAAU,CAAC,CAAC;QACjD,MAAM,SAAS,GAAG,CAAC,QAAQ,CAAC,MAAM,CAAC,IAAI,MAAM,CAAC,SAAS,CAAC,CAAC,IAAI,MAAM,CAAC;QAEpE,MAAM,MAAM,GAAG,cAAc,CAAC,SAAS,CAAC,SAAS,CAAC,CAAC;QACnD,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;YACnB,uEAAuE;YACvE,OAAO,SAAqB,CAAC;QAC/B,CAAC;QAED,WAAW,CAAC,GAAG,CACb,+CAA+C,EAC/C,MAAM,CAAC,KAAK,CAAC,OAAO,EAAE,CAAC,WAAW,CACnC,CAAC;QACF,OAAO,IAAI,CAAC;IACd,CAAC;IAED,oEAAoE;IAC5D,KAAK,CAAC,oBAAoB,CAAC,QAAkB;QACnD,MAAM,WAAW,GAAG,GAAG,oBAAoB,GAAG,MAAM,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;QACtF,MAAM,YAAY,GAAG,MAAM,CAAC;QAE5B,MAAM,QAAQ,CAAC,WAAW,CAAC,IAAI,CAAC,WAAW,EAAE,WAAW,EAAE,YAAY,CAAC,CAAC;QACxE,MAAM,SAAS,GAAG,MAAM,QAAQ,CAAC,WAAW,CAAC,IAAI,CAAC,WAAW,EAAE,WAAW,CAAC,CAAC;QAC5E,MAAM,OAAO,GAAG,MAAM,QAAQ,CAAC,cAAc,CAC3C,IAAI,CAAC,WAAW,EAChB,WAAW,CACZ,CAAC;QAEF,OAAO,OAAO,IAAI,SAAS,KAAK,YAAY,CAAC;IAC/C,CAAC;CACF"}

package/dist/src/services/keychainService.test.d.ts

@@ -0,0 +1,6 @@
+/**
+ * @license
+ * Copyright 2026 Google LLC
+ * SPDX-License-Identifier: Apache-2.0
+ */
+export {};

package/dist/src/services/keychainService.test.js

@@ -0,0 +1,150 @@
+/**
+ * @license
+ * Copyright 2026 Google LLC
+ * SPDX-License-Identifier: Apache-2.0
+ */
+import { describe, it, expect, vi, beforeEach, afterEach, } from 'vitest';
+import { KeychainService } from './keychainService.js';
+import { coreEvents } from '../utils/events.js';
+import { debugLogger } from '../utils/debugLogger.js';
+import { FileKeychain } from './fileKeychain.js';
+const mockKeytar = {
+    getPassword: vi.fn(),
+    setPassword: vi.fn(),
+    deletePassword: vi.fn(),
+    findCredentials: vi.fn(),
+};
+const mockFileKeychain = {
+    getPassword: vi.fn(),
+    setPassword: vi.fn(),
+    deletePassword: vi.fn(),
+    findCredentials: vi.fn(),
+};
+vi.mock('keytar', () => ({ default: mockKeytar }));
+vi.mock('./fileKeychain.js', () => ({
+    FileKeychain: vi.fn(() => mockFileKeychain),
+}));
+vi.mock('../utils/events.js', () => ({
+    coreEvents: { emitTelemetryKeychainAvailability: vi.fn() },
+}));
+vi.mock('../utils/debugLogger.js', () => ({
+    debugLogger: { log: vi.fn() },
+}));
+describe('KeychainService', () => {
+    let service;
+    const SERVICE_NAME = 'test-service';
+    let passwords = {};
+    const originalEnv = process.env;
+    beforeEach(() => {
+        vi.clearAllMocks();
+        process.env = { ...originalEnv };
+        service = new KeychainService(SERVICE_NAME);
+        passwords = {};
+        // Stateful mock implementation for native keychain
+        mockKeytar.setPassword?.mockImplementation((_svc, acc, val) => {
+            passwords[acc] = val;
+            return Promise.resolve();
+        });
+        mockKeytar.getPassword?.mockImplementation((_svc, acc) => Promise.resolve(passwords[acc] ?? null));
+        mockKeytar.deletePassword?.mockImplementation((_svc, acc) => {
+            const exists = !!passwords[acc];
+            delete passwords[acc];
+            return Promise.resolve(exists);
+        });
+        mockKeytar.findCredentials?.mockImplementation(() => Promise.resolve(Object.entries(passwords).map(([account, password]) => ({
+            account,
+            password,
+        }))));
+        // Stateful mock implementation for fallback file keychain
+        mockFileKeychain.setPassword?.mockImplementation((_svc, acc, val) => {
+            passwords[acc] = val;
+            return Promise.resolve();
+        });
+        mockFileKeychain.getPassword?.mockImplementation((_svc, acc) => Promise.resolve(passwords[acc] ?? null));
+        mockFileKeychain.deletePassword?.mockImplementation((_svc, acc) => {
+            const exists = !!passwords[acc];
+            delete passwords[acc];
+            return Promise.resolve(exists);
+        });
+        mockFileKeychain.findCredentials?.mockImplementation(() => Promise.resolve(Object.entries(passwords).map(([account, password]) => ({
+            account,
+            password,
+        }))));
+    });
+    afterEach(() => {
+        process.env = originalEnv;
+    });
+    describe('isAvailable', () => {
+        it('should return true and emit telemetry on successful functional test with native keychain', async () => {
+            const available = await service.isAvailable();
+            expect(available).toBe(true);
+            expect(mockKeytar.setPassword).toHaveBeenCalled();
+            expect(coreEvents.emitTelemetryKeychainAvailability).toHaveBeenCalledWith(expect.objectContaining({ available: true }));
+        });
+        it('should return true (via fallback), log error, and emit telemetry indicating native is unavailable on failed functional test', async () => {
+            mockKeytar.setPassword?.mockRejectedValue(new Error('locked'));
+            const available = await service.isAvailable();
+            // Because it falls back to FileKeychain, it is always available.
+            expect(available).toBe(true);
+            expect(debugLogger.log).toHaveBeenCalledWith(expect.stringContaining('encountered an error'), 'locked');
+            expect(coreEvents.emitTelemetryKeychainAvailability).toHaveBeenCalledWith(expect.objectContaining({ available: false }));
+            expect(debugLogger.log).toHaveBeenCalledWith(expect.stringContaining('Using FileKeychain fallback'));
+            expect(FileKeychain).toHaveBeenCalled();
+        });
+        it('should return true (via fallback), log validation error, and emit telemetry on module load failure', async () => {
+            const originalMock = mockKeytar.getPassword;
+            mockKeytar.getPassword = undefined; // Break schema
+            const available = await service.isAvailable();
+            expect(available).toBe(true);
+            expect(debugLogger.log).toHaveBeenCalledWith(expect.stringContaining('failed structural validation'), expect.objectContaining({ getPassword: expect.any(Array) }));
+            expect(coreEvents.emitTelemetryKeychainAvailability).toHaveBeenCalledWith(expect.objectContaining({ available: false }));
+            expect(FileKeychain).toHaveBeenCalled();
+            mockKeytar.getPassword = originalMock;
+        });
+        it('should log failure if functional test cycle returns false, then fallback', async () => {
+            mockKeytar.getPassword?.mockResolvedValue('wrong-password');
+            const available = await service.isAvailable();
+            expect(available).toBe(true);
+            expect(debugLogger.log).toHaveBeenCalledWith(expect.stringContaining('functional verification failed'));
+            expect(FileKeychain).toHaveBeenCalled();
+        });
+        it('should fallback to FileKeychain when GEMINI_FORCE_FILE_STORAGE is true', async () => {
+            process.env['GEMINI_FORCE_FILE_STORAGE'] = 'true';
+            const available = await service.isAvailable();
+            expect(available).toBe(true);
+            expect(FileKeychain).toHaveBeenCalled();
+            expect(coreEvents.emitTelemetryKeychainAvailability).toHaveBeenCalledWith(expect.objectContaining({ available: false }));
+        });
+        it('should cache the result and handle concurrent initialization attempts once', async () => {
+            await Promise.all([
+                service.isAvailable(),
+                service.isAvailable(),
+                service.isAvailable(),
+            ]);
+            expect(mockKeytar.setPassword).toHaveBeenCalledTimes(1);
+        });
+    });
+    describe('Password Operations', () => {
+        beforeEach(async () => {
+            await service.isAvailable();
+            vi.clearAllMocks();
+        });
+        it('should store, retrieve, and delete passwords correctly', async () => {
+            await service.setPassword('acc1', 'secret1');
+            await service.setPassword('acc2', 'secret2');
+            expect(await service.getPassword('acc1')).toBe('secret1');
+            expect(await service.getPassword('acc2')).toBe('secret2');
+            const creds = await service.findCredentials();
+            expect(creds).toHaveLength(2);
+            expect(creds).toContainEqual({ account: 'acc1', password: 'secret1' });
+            expect(await service.deletePassword('acc1')).toBe(true);
+            expect(await service.getPassword('acc1')).toBeNull();
+            expect(await service.findCredentials()).toHaveLength(1);
+        });
+        it('getPassword should return null if key is missing', async () => {
+            expect(await service.getPassword('missing')).toBeNull();
+        });
+    });
+    // Removing 'When Unavailable' tests since the service is always available via fallback
+});
+//# sourceMappingURL=keychainService.test.js.map

package/dist/src/services/keychainService.test.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"keychainService.test.js","sourceRoot":"","sources":["../../../src/services/keychainService.test.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EACL,QAAQ,EACR,EAAE,EACF,MAAM,EACN,EAAE,EACF,UAAU,EACV,SAAS,GAEV,MAAM,QAAQ,CAAC;AAChB,OAAO,EAAE,eAAe,EAAE,MAAM,sBAAsB,CAAC;AACvD,OAAO,EAAE,UAAU,EAAE,MAAM,oBAAoB,CAAC;AAChD,OAAO,EAAE,WAAW,EAAE,MAAM,yBAAyB,CAAC;AACtD,OAAO,EAAE,YAAY,EAAE,MAAM,mBAAmB,CAAC;AASjD,MAAM,UAAU,GAAiB;IAC/B,WAAW,EAAE,EAAE,CAAC,EAAE,EAAE;IACpB,WAAW,EAAE,EAAE,CAAC,EAAE,EAAE;IACpB,cAAc,EAAE,EAAE,CAAC,EAAE,EAAE;IACvB,eAAe,EAAE,EAAE,CAAC,EAAE,EAAE;CACzB,CAAC;AAEF,MAAM,gBAAgB,GAAiB;IACrC,WAAW,EAAE,EAAE,CAAC,EAAE,EAAE;IACpB,WAAW,EAAE,EAAE,CAAC,EAAE,EAAE;IACpB,cAAc,EAAE,EAAE,CAAC,EAAE,EAAE;IACvB,eAAe,EAAE,EAAE,CAAC,EAAE,EAAE;CACzB,CAAC;AAEF,EAAE,CAAC,IAAI,CAAC,QAAQ,EAAE,GAAG,EAAE,CAAC,CAAC,EAAE,OAAO,EAAE,UAAU,EAAE,CAAC,CAAC,CAAC;AAEnD,EAAE,CAAC,IAAI,CAAC,mBAAmB,EAAE,GAAG,EAAE,CAAC,CAAC;IAClC,YAAY,EAAE,EAAE,CAAC,EAAE,CAAC,GAAG,EAAE,CAAC,gBAAgB,CAAC;CAC5C,CAAC,CAAC,CAAC;AAEJ,EAAE,CAAC,IAAI,CAAC,oBAAoB,EAAE,GAAG,EAAE,CAAC,CAAC;IACnC,UAAU,EAAE,EAAE,iCAAiC,EAAE,EAAE,CAAC,EAAE,EAAE,EAAE;CAC3D,CAAC,CAAC,CAAC;AAEJ,EAAE,CAAC,IAAI,CAAC,yBAAyB,EAAE,GAAG,EAAE,CAAC,CAAC;IACxC,WAAW,EAAE,EAAE,GAAG,EAAE,EAAE,CAAC,EAAE,EAAE,EAAE;CAC9B,CAAC,CAAC,CAAC;AAEJ,QAAQ,CAAC,iBAAiB,EAAE,GAAG,EAAE;IAC/B,IAAI,OAAwB,CAAC;IAC7B,MAAM,YAAY,GAAG,cAAc,CAAC;IACpC,IAAI,SAAS,GAA2B,EAAE,CAAC;IAC3C,MAAM,WAAW,GAAG,OAAO,CAAC,GAAG,CAAC;IAEhC,UAAU,CAAC,GAAG,EAAE;QACd,EAAE,CAAC,aAAa,EAAE,CAAC;QACnB,OAAO,CAAC,GAAG,GAAG,EAAE,GAAG,WAAW,EAAE,CAAC;QACjC,OAAO,GAAG,IAAI,eAAe,CAAC,YAAY,CAAC,CAAC;QAC5C,SAAS,GAAG,EAAE,CAAC;QAEf,mDAAmD;QACnD,UAAU,CAAC,WAAW,EAAE,kBAAkB,CAAC,CAAC,IAAI,EAAE,GAAG,EAAE,GAAG,EAAE,EAAE;YAC5D,SAAS,CAAC,GAAG,CAAC,GAAG,GAAG,CAAC;YACrB,OAAO,OAAO,CAAC,OAAO,EAAE,CAAC;QAC3B,CAAC,CAAC,CAAC;QACH,UAAU,CAAC,WAAW,EAAE,kBAAkB,CAAC,CAAC,IAAI,EAAE,GAAG,EAAE,EAAE,CACvD,OAAO,CAAC,OAAO,CAAC,SAAS,CAAC,GAAG,CAAC,IAAI,IAAI,CAAC,CACxC,CAAC;QACF,UAAU,CAAC,cAAc,EAAE,kBAAkB,CAAC,CAAC,IAAI,EAAE,GAAG,EAAE,EAAE;YAC1D,MAAM,MAAM,GAAG,CAAC,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;YAChC,OAAO,SAAS,CAAC,GAAG,CAAC,CAAC;YACtB,OAAO,OAAO,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QACjC,CAAC,CAAC,CAAC;QACH,UAAU,CAAC,eAAe,EAAE,kBAAkB,CAAC,GAAG,EAAE,CAClD,OAAO,CAAC,OAAO,CACb,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,OAAO,EAAE,QAAQ,CAAC,EAAE,EAAE,CAAC,CAAC;YACtD,OAAO;YACP,QAAQ;SACT,CAAC,CAAC,CACJ,CACF,CAAC;QAEF,0DAA0D;QAC1D,gBAAgB,CAAC,WAAW,EAAE,kBAAkB,CAAC,CAAC,IAAI,EAAE,GAAG,EAAE,GAAG,EAAE,EAAE;YAClE,SAAS,CAAC,GAAG,CAAC,GAAG,GAAG,CAAC;YACrB,OAAO,OAAO,CAAC,OAAO,EAAE,CAAC;QAC3B,CAAC,CAAC,CAAC;QACH,gBAAgB,CAAC,WAAW,EAAE,kBAAkB,CAAC,CAAC,IAAI,EAAE,GAAG,EAAE,EAAE,CAC7D,OAAO,CAAC,OAAO,CAAC,SAAS,CAAC,GAAG,CAAC,IAAI,IAAI,CAAC,CACxC,CAAC;QACF,gBAAgB,CAAC,cAAc,EAAE,kBAAkB,CAAC,CAAC,IAAI,EAAE,GAAG,EAAE,EAAE;YAChE,MAAM,MAAM,GAAG,CAAC,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;YAChC,OAAO,SAAS,CAAC,GAAG,CAAC,CAAC;YACtB,OAAO,OAAO,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QACjC,CAAC,CAAC,CAAC;QACH,gBAAgB,CAAC,eAAe,EAAE,kBAAkB,CAAC,GAAG,EAAE,CACxD,OAAO,CAAC,OAAO,CACb,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,OAAO,EAAE,QAAQ,CAAC,EAAE,EAAE,CAAC,CAAC;YACtD,OAAO;YACP,QAAQ;SACT,CAAC,CAAC,CACJ,CACF,CAAC;IACJ,CAAC,CAAC,CAAC;IAEH,SAAS,CAAC,GAAG,EAAE;QACb,OAAO,CAAC,GAAG,GAAG,WAAW,CAAC;IAC5B,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,aAAa,EAAE,GAAG,EAAE;QAC3B,EAAE,CAAC,0FAA0F,EAAE,KAAK,IAAI,EAAE;YACxG,MAAM,SAAS,GAAG,MAAM,OAAO,CAAC,WAAW,EAAE,CAAC;YAE9C,MAAM,CAAC,SAAS,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAC7B,MAAM,CAAC,UAAU,CAAC,WAAW,CAAC,CAAC,gBAAgB,EAAE,CAAC;YAClD,MAAM,CAAC,UAAU,CAAC,iCAAiC,CAAC,CAAC,oBAAoB,CACvE,MAAM,CAAC,gBAAgB,CAAC,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAC7C,CAAC;QACJ,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,6HAA6H,EAAE,KAAK,IAAI,EAAE;YAC3I,UAAU,CAAC,WAAW,EAAE,iBAAiB,CAAC,IAAI,KAAK,CAAC,QAAQ,CAAC,CAAC,CAAC;YAE/D,MAAM,SAAS,GAAG,MAAM,OAAO,CAAC,WAAW,EAAE,CAAC;YAE9C,iEAAiE;YACjE,MAAM,CAAC,SAAS,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAC7B,MAAM,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC,oBAAoB,CAC1C,MAAM,CAAC,gBAAgB,CAAC,sBAAsB,CAAC,EAC/C,QAAQ,CACT,CAAC;YACF,MAAM,CAAC,UAAU,CAAC,iCAAiC,CAAC,CAAC,oBAAoB,CACvE,MAAM,CAAC,gBAAgB,CAAC,EAAE,SAAS,EAAE,KAAK,EAAE,CAAC,CAC9C,CAAC;YACF,MAAM,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC,oBAAoB,CAC1C,MAAM,CAAC,gBAAgB,CAAC,6BAA6B,CAAC,CACvD,CAAC;YACF,MAAM,CAAC,YAAY,CAAC,CAAC,gBAAgB,EAAE,CAAC;QAC1C,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,oGAAoG,EAAE,KAAK,IAAI,EAAE;YAClH,MAAM,YAAY,GAAG,UAAU,CAAC,WAAW,CAAC;YAC5C,UAAU,CAAC,WAAW,GAAG,SAAS,CAAC,CAAC,eAAe;YAEnD,MAAM,SAAS,GAAG,MAAM,OAAO,CAAC,WAAW,EAAE,CAAC;YAE9C,MAAM,CAAC,SAAS,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAC7B,MAAM,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC,oBAAoB,CAC1C,MAAM,CAAC,gBAAgB,CAAC,8BAA8B,CAAC,EACvD,MAAM,CAAC,gBAAgB,CAAC,EAAE,WAAW,EAAE,MAAM,CAAC,GAAG,CAAC,KAAK,CAAC,EAAE,CAAC,CAC5D,CAAC;YACF,MAAM,CAAC,UAAU,CAAC,iCAAiC,CAAC,CAAC,oBAAoB,CACvE,MAAM,CAAC,gBAAgB,CAAC,EAAE,SAAS,EAAE,KAAK,EAAE,CAAC,CAC9C,CAAC;YACF,MAAM,CAAC,YAAY,CAAC,CAAC,gBAAgB,EAAE,CAAC;YAExC,UAAU,CAAC,WAAW,GAAG,YAAY,CAAC;QACxC,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,0EAA0E,EAAE,KAAK,IAAI,EAAE;YACxF,UAAU,CAAC,WAAW,EAAE,iBAAiB,CAAC,gBAAgB,CAAC,CAAC;YAE5D,MAAM,SAAS,GAAG,MAAM,OAAO,CAAC,WAAW,EAAE,CAAC;YAE9C,MAAM,CAAC,SAAS,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAC7B,MAAM,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC,oBAAoB,CAC1C,MAAM,CAAC,gBAAgB,CAAC,gCAAgC,CAAC,CAC1D,CAAC;YACF,MAAM,CAAC,YAAY,CAAC,CAAC,gBAAgB,EAAE,CAAC;QAC1C,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,wEAAwE,EAAE,KAAK,IAAI,EAAE;YACtF,OAAO,CAAC,GAAG,CAAC,2BAA2B,CAAC,GAAG,MAAM,CAAC;YAClD,MAAM,SAAS,GAAG,MAAM,OAAO,CAAC,WAAW,EAAE,CAAC;YAC9C,MAAM,CAAC,SAAS,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAC7B,MAAM,CAAC,YAAY,CAAC,CAAC,gBAAgB,EAAE,CAAC;YACxC,MAAM,CAAC,UAAU,CAAC,iCAAiC,CAAC,CAAC,oBAAoB,CACvE,MAAM,CAAC,gBAAgB,CAAC,EAAE,SAAS,EAAE,KAAK,EAAE,CAAC,CAC9C,CAAC;QACJ,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,4EAA4E,EAAE,KAAK,IAAI,EAAE;YAC1F,MAAM,OAAO,CAAC,GAAG,CAAC;gBAChB,OAAO,CAAC,WAAW,EAAE;gBACrB,OAAO,CAAC,WAAW,EAAE;gBACrB,OAAO,CAAC,WAAW,EAAE;aACtB,CAAC,CAAC;YAEH,MAAM,CAAC,UAAU,CAAC,WAAW,CAAC,CAAC,qBAAqB,CAAC,CAAC,CAAC,CAAC;QAC1D,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,qBAAqB,EAAE,GAAG,EAAE;QACnC,UAAU,CAAC,KAAK,IAAI,EAAE;YACpB,MAAM,OAAO,CAAC,WAAW,EAAE,CAAC;YAC5B,EAAE,CAAC,aAAa,EAAE,CAAC;QACrB,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,wDAAwD,EAAE,KAAK,IAAI,EAAE;YACtE,MAAM,OAAO,CAAC,WAAW,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC;YAC7C,MAAM,OAAO,CAAC,WAAW,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC;YAE7C,MAAM,CAAC,MAAM,OAAO,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;YAC1D,MAAM,CAAC,MAAM,OAAO,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;YAE1D,MAAM,KAAK,GAAG,MAAM,OAAO,CAAC,eAAe,EAAE,CAAC;YAC9C,MAAM,CAAC,KAAK,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;YAC9B,MAAM,CAAC,KAAK,CAAC,CAAC,cAAc,CAAC,EAAE,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,SAAS,EAAE,CAAC,CAAC;YAEvE,MAAM,CAAC,MAAM,OAAO,CAAC,cAAc,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACxD,MAAM,CAAC,MAAM,OAAO,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC,CAAC,QAAQ,EAAE,CAAC;YACrD,MAAM,CAAC,MAAM,OAAO,CAAC,eAAe,EAAE,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;QAC1D,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,kDAAkD,EAAE,KAAK,IAAI,EAAE;YAChE,MAAM,CAAC,MAAM,OAAO,CAAC,WAAW,CAAC,SAAS,CAAC,CAAC,CAAC,QAAQ,EAAE,CAAC;QAC1D,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,uFAAuF;AACzF,CAAC,CAAC,CAAC"}