@oh-my-matrix/autopilot 2.1.2 → 3.0.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +125 -10
- package/dist/index.d.ts +1 -1
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +338 -93
- package/dist/index.js.map +1 -1
- package/dist/src/autopilot-state.d.ts +17 -0
- package/dist/src/autopilot-state.d.ts.map +1 -1
- package/dist/src/autopilot-state.js +52 -8
- package/dist/src/autopilot-state.js.map +1 -1
- package/dist/src/command-runner.d.ts +2 -6
- package/dist/src/command-runner.d.ts.map +1 -1
- package/dist/src/command-runner.js +4 -34
- package/dist/src/command-runner.js.map +1 -1
- package/dist/src/completion-detector.d.ts.map +1 -1
- package/dist/src/completion-detector.js +16 -8
- package/dist/src/completion-detector.js.map +1 -1
- package/dist/src/effort-injection.d.ts +21 -2
- package/dist/src/effort-injection.d.ts.map +1 -1
- package/dist/src/effort-injection.js +37 -9
- package/dist/src/effort-injection.js.map +1 -1
- package/dist/src/event-shape.contract.d.ts +21 -0
- package/dist/src/event-shape.contract.d.ts.map +1 -0
- package/dist/src/event-shape.contract.js +10 -0
- package/dist/src/event-shape.contract.js.map +1 -0
- package/dist/src/logger.d.ts.map +1 -1
- package/dist/src/logger.js +42 -7
- package/dist/src/logger.js.map +1 -1
- package/dist/src/model-routing.d.ts +36 -0
- package/dist/src/model-routing.d.ts.map +1 -0
- package/dist/src/model-routing.js +106 -0
- package/dist/src/model-routing.js.map +1 -0
- package/dist/src/orchestrator.d.ts +34 -1
- package/dist/src/orchestrator.d.ts.map +1 -1
- package/dist/src/orchestrator.js +113 -12
- package/dist/src/orchestrator.js.map +1 -1
- package/dist/src/projection.d.ts +8 -2
- package/dist/src/projection.d.ts.map +1 -1
- package/dist/src/projection.js +15 -1
- package/dist/src/projection.js.map +1 -1
- package/dist/src/stall-detector.d.ts +4 -1
- package/dist/src/stall-detector.d.ts.map +1 -1
- package/dist/src/stall-detector.js +7 -3
- package/dist/src/stall-detector.js.map +1 -1
- package/dist/src/tool-error-tracker.d.ts +16 -0
- package/dist/src/tool-error-tracker.d.ts.map +1 -1
- package/dist/src/tool-error-tracker.js +16 -0
- package/dist/src/tool-error-tracker.js.map +1 -1
- package/dist/src/types.d.ts +67 -5
- package/dist/src/types.d.ts.map +1 -1
- package/dist/src/types.js +45 -1
- package/dist/src/types.js.map +1 -1
- package/dist/src/workflow-config.d.ts.map +1 -1
- package/dist/src/workflow-config.js +108 -14
- package/dist/src/workflow-config.js.map +1 -1
- package/openclaw.plugin.json +81 -4
- package/package.json +14 -5
- package/dist/src/audit-persister.d.ts +0 -25
- package/dist/src/audit-persister.d.ts.map +0 -1
- package/dist/src/audit-persister.js +0 -162
- package/dist/src/audit-persister.js.map +0 -1
- package/dist/src/permission-policy.d.ts +0 -36
- package/dist/src/permission-policy.d.ts.map +0 -1
- package/dist/src/permission-policy.js +0 -265
- package/dist/src/permission-policy.js.map +0 -1
|
@@ -1,265 +0,0 @@
|
|
|
1
|
-
"use strict";
|
|
2
|
-
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
-
exports.resolveReal = resolveReal;
|
|
4
|
-
exports.classifyCommand = classifyCommand;
|
|
5
|
-
exports.decidePermission = decidePermission;
|
|
6
|
-
/**
|
|
7
|
-
* M2.4: Permission policy + Command Classifier
|
|
8
|
-
*
|
|
9
|
-
* Determines whether a tool call is allowed, requires approval, or is blocked
|
|
10
|
-
* based on the current permission mode (Guarded YOLO / Full YOLO / Manual Approval).
|
|
11
|
-
*/
|
|
12
|
-
const fs_1 = require("fs");
|
|
13
|
-
const path_1 = require("path");
|
|
14
|
-
/**
|
|
15
|
-
* Resolve a path to its canonical real path, normalising symlinks.
|
|
16
|
-
* Falls back to path.resolve (which at least normalises `.`, `..`, and
|
|
17
|
-
* redundant separators) when the path does not exist on disk.
|
|
18
|
-
*
|
|
19
|
-
* Exported for unit-testing.
|
|
20
|
-
*/
|
|
21
|
-
function resolveReal(p) {
|
|
22
|
-
try {
|
|
23
|
-
return (0, fs_1.realpathSync)(p);
|
|
24
|
-
}
|
|
25
|
-
catch {
|
|
26
|
-
return (0, path_1.resolve)(p);
|
|
27
|
-
}
|
|
28
|
-
}
|
|
29
|
-
/**
|
|
30
|
-
* Classify a command/tool call into a CommandClass category.
|
|
31
|
-
*/
|
|
32
|
-
function classifyCommand(tool, args = [], toolKind) {
|
|
33
|
-
const toolLower = tool.toLowerCase();
|
|
34
|
-
// If toolKind is explicitly provided, trust it — but cross-check destructive_git
|
|
35
|
-
// against toolName to prevent plugin injection (e.g. toolKind='destructive_git' on 'rm').
|
|
36
|
-
if (toolKind) {
|
|
37
|
-
// Normalize common aliases
|
|
38
|
-
const kindNormalized = toolKind === 'read' ? 'read_only' : toolKind;
|
|
39
|
-
const validKinds = [
|
|
40
|
-
'read_only', 'workspace_write', 'validation', 'safe_git',
|
|
41
|
-
'worktree_create', 'workspace_cleanup', 'destructive_git',
|
|
42
|
-
'network', 'credential_access', 'system_write',
|
|
43
|
-
];
|
|
44
|
-
if (validKinds.includes(kindNormalized)) {
|
|
45
|
-
// Security: destructive_git may only be claimed by git itself.
|
|
46
|
-
// Widen to git.exe (Windows) and common wrappers (hub, gh).
|
|
47
|
-
// Any other toolName claiming this class falls through to name-based classification.
|
|
48
|
-
const GIT_TOOLS = new Set(['git', 'git.exe', 'hub', 'gh']);
|
|
49
|
-
if (kindNormalized === 'destructive_git' && !GIT_TOOLS.has(toolLower)) {
|
|
50
|
-
// fall through to name-based classification below
|
|
51
|
-
}
|
|
52
|
-
else {
|
|
53
|
-
return kindNormalized;
|
|
54
|
-
}
|
|
55
|
-
}
|
|
56
|
-
}
|
|
57
|
-
// ─── Generic exec tools: classify by first arg ────────────
|
|
58
|
-
// When toolName is a generic executor (e.g., code_mode_exec),
|
|
59
|
-
// the actual command is in the args array.
|
|
60
|
-
const genericExecTools = ['code_mode_exec', 'shell_exec', 'terminal', 'bash', 'sh', 'exec'];
|
|
61
|
-
if (genericExecTools.includes(toolLower) && args.length > 0) {
|
|
62
|
-
// Reclassify using the first arg as the actual tool
|
|
63
|
-
const [actualTool, ...restArgs] = args;
|
|
64
|
-
return classifyCommand(actualTool, restArgs, toolKind);
|
|
65
|
-
}
|
|
66
|
-
// ─── System commands ─────────────────────────────────────
|
|
67
|
-
if (toolLower === 'sudo')
|
|
68
|
-
return 'system_write';
|
|
69
|
-
if (toolLower === 'chmod' || toolLower === 'chown')
|
|
70
|
-
return 'system_write';
|
|
71
|
-
if (toolLower === 'launchctl')
|
|
72
|
-
return 'system_write';
|
|
73
|
-
// Disk-level destructive commands: format, partition, overwrite — same risk as sudo
|
|
74
|
-
if (['dd', 'mkfs', 'mkfs.ext4', 'mkfs.vfat', 'mkfs.ntfs', 'fdisk', 'parted', 'wipefs'].includes(toolLower)) {
|
|
75
|
-
return 'system_write';
|
|
76
|
-
}
|
|
77
|
-
// Windows system-level dangerous commands (X-3, X-6)
|
|
78
|
-
// Privilege escalation (= sudo): runas
|
|
79
|
-
if (toolLower === 'runas')
|
|
80
|
-
return 'system_write';
|
|
81
|
-
// ACL/ownership management (= chmod/chown): icacls, cacls, takeown
|
|
82
|
-
if (['icacls', 'cacls', 'takeown'].includes(toolLower))
|
|
83
|
-
return 'system_write';
|
|
84
|
-
// Service management (= launchctl/systemctl): sc, sc.exe, schtasks, net (X-6: net start/stop)
|
|
85
|
-
if (['sc', 'sc.exe', 'schtasks', 'schtasks.exe', 'net', 'net.exe'].includes(toolLower))
|
|
86
|
-
return 'system_write';
|
|
87
|
-
// Disk-level destructive (= mkfs/fdisk): format, diskpart
|
|
88
|
-
if (['format', 'diskpart'].includes(toolLower))
|
|
89
|
-
return 'system_write';
|
|
90
|
-
// Registry modification — no Unix equivalent, equally dangerous
|
|
91
|
-
if (toolLower === 'reg' || toolLower === 'reg.exe' || toolLower === 'regedit')
|
|
92
|
-
return 'system_write';
|
|
93
|
-
// ─── Credential access ───────────────────────────────────
|
|
94
|
-
if (toolLower.includes('credential') || toolLower.includes('keychain') || toolLower.includes('ssh-key')) {
|
|
95
|
-
return 'credential_access';
|
|
96
|
-
}
|
|
97
|
-
// ─── Git commands ────────────────────────────────────────
|
|
98
|
-
if (toolLower === 'git' && args.length > 0) {
|
|
99
|
-
const sub = args[0];
|
|
100
|
-
// worktree subcommands
|
|
101
|
-
if (sub === 'worktree') {
|
|
102
|
-
if (args[1] === 'add')
|
|
103
|
-
return 'worktree_create';
|
|
104
|
-
if (args[1] === 'remove')
|
|
105
|
-
return 'workspace_cleanup';
|
|
106
|
-
}
|
|
107
|
-
// destructive git
|
|
108
|
-
if (sub === 'reset' && args.includes('--hard'))
|
|
109
|
-
return 'destructive_git';
|
|
110
|
-
if (sub === 'clean')
|
|
111
|
-
return 'destructive_git';
|
|
112
|
-
if (sub === 'checkout' && args.includes('--'))
|
|
113
|
-
return 'destructive_git';
|
|
114
|
-
// network git
|
|
115
|
-
if (sub === 'push' || sub === 'fetch' || sub === 'pull' || sub === 'clone')
|
|
116
|
-
return 'network';
|
|
117
|
-
// safe git
|
|
118
|
-
const safeGitSubs = ['status', 'diff', 'log', 'branch', 'show', 'rev-parse', 'remote', 'stash', 'tag', 'add', 'commit', 'reset'];
|
|
119
|
-
if (safeGitSubs.includes(sub))
|
|
120
|
-
return 'safe_git';
|
|
121
|
-
}
|
|
122
|
-
// ─── Package managers ────────────────────────────────────
|
|
123
|
-
if (toolLower === 'pnpm' || toolLower === 'npm' || toolLower === 'yarn') {
|
|
124
|
-
const sub = args[0];
|
|
125
|
-
if (sub === 'install' || sub === 'add' || sub === 'update')
|
|
126
|
-
return 'network';
|
|
127
|
-
if (sub === 'test' || sub === 'run')
|
|
128
|
-
return 'validation';
|
|
129
|
-
if (sub === 'exec')
|
|
130
|
-
return 'validation';
|
|
131
|
-
return 'unknown';
|
|
132
|
-
}
|
|
133
|
-
if (toolLower === 'npx')
|
|
134
|
-
return 'validation';
|
|
135
|
-
// ─── Network tools ───────────────────────────────────────
|
|
136
|
-
if (toolLower === 'curl' || toolLower === 'wget')
|
|
137
|
-
return 'network';
|
|
138
|
-
// ─── Filesystem destructive commands ─────────────────────
|
|
139
|
-
if (['rm', 'rmdir', 'shred'].includes(toolLower)) {
|
|
140
|
-
return 'workspace_cleanup';
|
|
141
|
-
}
|
|
142
|
-
// Windows equivalents (X-4): del/erase (= rm), rd (= rmdir)
|
|
143
|
-
if (['del', 'erase', 'rd'].includes(toolLower)) {
|
|
144
|
-
return 'workspace_cleanup';
|
|
145
|
-
}
|
|
146
|
-
// ─── B-4: env <cmd> passes through to the actual command ────
|
|
147
|
-
if (toolLower === 'env' && args.length > 0) {
|
|
148
|
-
return classifyCommand(args[0], args.slice(1), toolKind);
|
|
149
|
-
}
|
|
150
|
-
// ─── Read-only tools ─────────────────────────────────────
|
|
151
|
-
const readOnlyTools = [
|
|
152
|
-
'rg', 'grep', 'ls', 'find', 'cat', 'head', 'tail', 'wc', 'sort', 'uniq',
|
|
153
|
-
'file', 'stat', 'which', 'echo', 'pwd', 'env',
|
|
154
|
-
// Windows equivalents (X-5): dir=ls, type=cat, where=which, findstr=grep
|
|
155
|
-
'dir', 'type', 'where', 'findstr', 'more',
|
|
156
|
-
// Common agent tool names for reading files/content
|
|
157
|
-
'read_file', 'read', 'view', 'get_file', 'open_file', 'list_files',
|
|
158
|
-
'list_directory', 'glob', 'search_files',
|
|
159
|
-
];
|
|
160
|
-
if (readOnlyTools.includes(toolLower))
|
|
161
|
-
return 'read_only';
|
|
162
|
-
return 'unknown';
|
|
163
|
-
}
|
|
164
|
-
/**
|
|
165
|
-
* Decide permission for a tool call based on classification.
|
|
166
|
-
*/
|
|
167
|
-
function decidePermission(input) {
|
|
168
|
-
const { toolName, toolKind, command = [], cwd, workspacePath, workflowAllowsDestructiveGit } = input;
|
|
169
|
-
const cmdClass = classifyCommand(toolName, command, toolKind);
|
|
170
|
-
// ─── Unconditional blocks ─────────────────────────────────
|
|
171
|
-
if (cmdClass === 'credential_access') {
|
|
172
|
-
return {
|
|
173
|
-
outcome: 'block',
|
|
174
|
-
reason: 'Credential/keychain access is always blocked',
|
|
175
|
-
message: 'Credential access commands are not allowed in any mode',
|
|
176
|
-
};
|
|
177
|
-
}
|
|
178
|
-
if (cmdClass === 'system_write') {
|
|
179
|
-
return {
|
|
180
|
-
outcome: 'block',
|
|
181
|
-
reason: 'System-level write operations are always blocked',
|
|
182
|
-
message: 'System write commands (sudo, chmod, chown, etc.) are not allowed',
|
|
183
|
-
};
|
|
184
|
-
}
|
|
185
|
-
// ─── Allowed commands ────────────────────────────────────
|
|
186
|
-
if (cmdClass === 'read_only') {
|
|
187
|
-
return { outcome: 'allow', reason: `Read-only command: ${toolName}`, audit: true };
|
|
188
|
-
}
|
|
189
|
-
if (cmdClass === 'safe_git') {
|
|
190
|
-
return { outcome: 'allow', reason: `Safe git command: ${command.join(' ')}`, audit: true };
|
|
191
|
-
}
|
|
192
|
-
if (cmdClass === 'validation') {
|
|
193
|
-
return { outcome: 'allow', reason: `Validation command: ${command.join(' ')}`, audit: true };
|
|
194
|
-
}
|
|
195
|
-
if (cmdClass === 'workspace_write') {
|
|
196
|
-
return { outcome: 'allow', reason: `Workspace write: ${toolName}`, audit: true };
|
|
197
|
-
}
|
|
198
|
-
if (cmdClass === 'worktree_create') {
|
|
199
|
-
return { outcome: 'allow', reason: 'Worktree creation by workspace manager', audit: true };
|
|
200
|
-
}
|
|
201
|
-
// ─── Destructive git ─────────────────────────────────────
|
|
202
|
-
if (cmdClass === 'destructive_git') {
|
|
203
|
-
if (workflowAllowsDestructiveGit) {
|
|
204
|
-
// Verify cwd is within workspace — use resolveReal to handle symlinks
|
|
205
|
-
// (e.g. macOS /tmp → /private/tmp) and normalise paths before comparing.
|
|
206
|
-
// We also require a path-separator boundary so that /workspace-evil does
|
|
207
|
-
// not falsely match /workspace.
|
|
208
|
-
if (workspacePath && cwd) {
|
|
209
|
-
const realCwd = resolveReal(cwd);
|
|
210
|
-
const realWorkspace = resolveReal(workspacePath);
|
|
211
|
-
// Containment check — must handle both Unix and Windows paths correctly (X-1).
|
|
212
|
-
//
|
|
213
|
-
// Strategy: normalise backslashes to forward slashes first (handles C:\foo\bar),
|
|
214
|
-
// then use path.relative() for the containment check (separator-agnostic, handles
|
|
215
|
-
// symlinks and avoids the /workspace-evil false-positive of naive startsWith).
|
|
216
|
-
const normCwd = realCwd.replace(/\\/g, '/');
|
|
217
|
-
const normWorkspace = realWorkspace.replace(/\\/g, '/');
|
|
218
|
-
const rel = (0, path_1.relative)(normWorkspace, normCwd);
|
|
219
|
-
const isContained = rel === '' || (!rel.startsWith('..') && !(0, path_1.isAbsolute)(rel));
|
|
220
|
-
if (isContained) {
|
|
221
|
-
return {
|
|
222
|
-
outcome: 'allow',
|
|
223
|
-
reason: `Destructive git allowed by workflow config in workspace: ${command.join(' ')}`,
|
|
224
|
-
audit: true,
|
|
225
|
-
};
|
|
226
|
-
}
|
|
227
|
-
}
|
|
228
|
-
}
|
|
229
|
-
return {
|
|
230
|
-
outcome: 'block',
|
|
231
|
-
reason: `Destructive git command blocked: ${command.join(' ')}`,
|
|
232
|
-
message: 'Destructive git commands are blocked',
|
|
233
|
-
};
|
|
234
|
-
}
|
|
235
|
-
// ─── Network ─────────────────────────────────────────────
|
|
236
|
-
// Auto-execute network commands (npm install, git push/fetch/pull/clone, curl/wget).
|
|
237
|
-
// credential_access is still blocked above (separate class).
|
|
238
|
-
if (cmdClass === 'network') {
|
|
239
|
-
return {
|
|
240
|
-
outcome: 'allow',
|
|
241
|
-
reason: `Network command allowed: ${command.join(' ')}`,
|
|
242
|
-
audit: true,
|
|
243
|
-
};
|
|
244
|
-
}
|
|
245
|
-
// ─── Workspace cleanup ───────────────────────────────────
|
|
246
|
-
// rm/rmdir/shred are catastrophic + unrecoverable — blocked, user must perform manually.
|
|
247
|
-
if (cmdClass === 'workspace_cleanup') {
|
|
248
|
-
return {
|
|
249
|
-
outcome: 'block',
|
|
250
|
-
reason: `Workspace cleanup blocked: ${command.join(' ')}`,
|
|
251
|
-
message: 'rm/rmdir/shred commands are blocked in autopilot — perform them manually',
|
|
252
|
-
};
|
|
253
|
-
}
|
|
254
|
-
// ─── Unknown / unclassified ──────────────────────────────
|
|
255
|
-
// Blacklist strategy: dangerous operations are explicitly blocked above.
|
|
256
|
-
// Anything not recognized is allowed by default — a whitelist approach would
|
|
257
|
-
// block every new tool or wrapper the gateway introduces, causing "Approval
|
|
258
|
-
// timed out" errors that are indistinguishable from real failures.
|
|
259
|
-
return {
|
|
260
|
-
outcome: 'allow',
|
|
261
|
-
reason: `Unclassified command allowed by default: ${toolName} ${command.join(' ')}`,
|
|
262
|
-
audit: true,
|
|
263
|
-
};
|
|
264
|
-
}
|
|
265
|
-
//# sourceMappingURL=permission-policy.js.map
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"permission-policy.js","sourceRoot":"","sources":["../../src/permission-policy.ts"],"names":[],"mappings":";;AAiBA,kCAMC;AAmBD,0CAiIC;AAKD,4CA4GC;AA5RD;;;;;GAKG;AACH,2BAAkC;AAClC,+BAAqD;AAGrD;;;;;;GAMG;AACH,SAAgB,WAAW,CAAC,CAAS;IACnC,IAAI,CAAC;QACH,OAAO,IAAA,iBAAY,EAAC,CAAC,CAAC,CAAC;IACzB,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAA,cAAO,EAAC,CAAC,CAAC,CAAC;IACpB,CAAC;AACH,CAAC;AAgBD;;GAEG;AACH,SAAgB,eAAe,CAC7B,IAAY,EACZ,OAAiB,EAAE,EACnB,QAAiB;IAEjB,MAAM,SAAS,GAAG,IAAI,CAAC,WAAW,EAAE,CAAC;IAErC,iFAAiF;IACjF,0FAA0F;IAC1F,IAAI,QAAQ,EAAE,CAAC;QACb,2BAA2B;QAC3B,MAAM,cAAc,GAAG,QAAQ,KAAK,MAAM,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,QAAQ,CAAC;QACpE,MAAM,UAAU,GAAmB;YACjC,WAAW,EAAE,iBAAiB,EAAE,YAAY,EAAE,UAAU;YACxD,iBAAiB,EAAE,mBAAmB,EAAE,iBAAiB;YACzD,SAAS,EAAE,mBAAmB,EAAE,cAAc;SAC/C,CAAC;QACF,IAAI,UAAU,CAAC,QAAQ,CAAC,cAA8B,CAAC,EAAE,CAAC;YACxD,+DAA+D;YAC/D,4DAA4D;YAC5D,qFAAqF;YACrF,MAAM,SAAS,GAAG,IAAI,GAAG,CAAC,CAAC,KAAK,EAAE,SAAS,EAAE,KAAK,EAAE,IAAI,CAAC,CAAC,CAAC;YAC3D,IAAI,cAAc,KAAK,iBAAiB,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,SAAS,CAAC,EAAE,CAAC;gBACtE,kDAAkD;YACpD,CAAC;iBAAM,CAAC;gBACN,OAAO,cAA8B,CAAC;YACxC,CAAC;QACH,CAAC;IACH,CAAC;IAED,6DAA6D;IAC7D,8DAA8D;IAC9D,2CAA2C;IAC3C,MAAM,gBAAgB,GAAG,CAAC,gBAAgB,EAAE,YAAY,EAAE,UAAU,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,CAAC,CAAC;IAC5F,IAAI,gBAAgB,CAAC,QAAQ,CAAC,SAAS,CAAC,IAAI,IAAI,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC5D,oDAAoD;QACpD,MAAM,CAAC,UAAU,EAAE,GAAG,QAAQ,CAAC,GAAG,IAAI,CAAC;QACvC,OAAO,eAAe,CAAC,UAAU,EAAE,QAAQ,EAAE,QAAQ,CAAC,CAAC;IACzD,CAAC;IAED,4DAA4D;IAC5D,IAAI,SAAS,KAAK,MAAM;QAAE,OAAO,cAAc,CAAC;IAChD,IAAI,SAAS,KAAK,OAAO,IAAI,SAAS,KAAK,OAAO;QAAE,OAAO,cAAc,CAAC;IAC1E,IAAI,SAAS,KAAK,WAAW;QAAE,OAAO,cAAc,CAAC;IACrD,oFAAoF;IACpF,IAAI,CAAC,IAAI,EAAE,MAAM,EAAE,WAAW,EAAE,WAAW,EAAE,WAAW,EAAE,OAAO,EAAE,QAAQ,EAAE,QAAQ,CAAC,CAAC,QAAQ,CAAC,SAAS,CAAC,EAAE,CAAC;QAC3G,OAAO,cAAc,CAAC;IACxB,CAAC;IACD,qDAAqD;IACrD,uCAAuC;IACvC,IAAI,SAAS,KAAK,OAAO;QAAE,OAAO,cAAc,CAAC;IACjD,mEAAmE;IACnE,IAAI,CAAC,QAAQ,EAAE,OAAO,EAAE,SAAS,CAAC,CAAC,QAAQ,CAAC,SAAS,CAAC;QAAE,OAAO,cAAc,CAAC;IAC9E,8FAA8F;IAC9F,IAAI,CAAC,IAAI,EAAE,QAAQ,EAAE,UAAU,EAAE,cAAc,EAAE,KAAK,EAAE,SAAS,CAAC,CAAC,QAAQ,CAAC,SAAS,CAAC;QAAE,OAAO,cAAc,CAAC;IAC9G,0DAA0D;IAC1D,IAAI,CAAC,QAAQ,EAAE,UAAU,CAAC,CAAC,QAAQ,CAAC,SAAS,CAAC;QAAE,OAAO,cAAc,CAAC;IACtE,gEAAgE;IAChE,IAAI,SAAS,KAAK,KAAK,IAAI,SAAS,KAAK,SAAS,IAAI,SAAS,KAAK,SAAS;QAAE,OAAO,cAAc,CAAC;IAErG,4DAA4D;IAC5D,IAAI,SAAS,CAAC,QAAQ,CAAC,YAAY,CAAC,IAAI,SAAS,CAAC,QAAQ,CAAC,UAAU,CAAC,IAAI,SAAS,CAAC,QAAQ,CAAC,SAAS,CAAC,EAAE,CAAC;QACxG,OAAO,mBAAmB,CAAC;IAC7B,CAAC;IAED,4DAA4D;IAC5D,IAAI,SAAS,KAAK,KAAK,IAAI,IAAI,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC3C,MAAM,GAAG,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC;QAEpB,uBAAuB;QACvB,IAAI,GAAG,KAAK,UAAU,EAAE,CAAC;YACvB,IAAI,IAAI,CAAC,CAAC,CAAC,KAAK,KAAK;gBAAE,OAAO,iBAAiB,CAAC;YAChD,IAAI,IAAI,CAAC,CAAC,CAAC,KAAK,QAAQ;gBAAE,OAAO,mBAAmB,CAAC;QACvD,CAAC;QAED,kBAAkB;QAClB,IAAI,GAAG,KAAK,OAAO,IAAI,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC;YAAE,OAAO,iBAAiB,CAAC;QACzE,IAAI,GAAG,KAAK,OAAO;YAAE,OAAO,iBAAiB,CAAC;QAC9C,IAAI,GAAG,KAAK,UAAU,IAAI,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC;YAAE,OAAO,iBAAiB,CAAC;QAExE,cAAc;QACd,IAAI,GAAG,KAAK,MAAM,IAAI,GAAG,KAAK,OAAO,IAAI,GAAG,KAAK,MAAM,IAAI,GAAG,KAAK,OAAO;YAAE,OAAO,SAAS,CAAC;QAE7F,WAAW;QACX,MAAM,WAAW,GAAG,CAAC,QAAQ,EAAE,MAAM,EAAE,KAAK,EAAE,QAAQ,EAAE,MAAM,EAAE,WAAW,EAAE,QAAQ,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,QAAQ,EAAE,OAAO,CAAC,CAAC;QACjI,IAAI,WAAW,CAAC,QAAQ,CAAC,GAAG,CAAC;YAAE,OAAO,UAAU,CAAC;IACnD,CAAC;IAED,4DAA4D;IAC5D,IAAI,SAAS,KAAK,MAAM,IAAI,SAAS,KAAK,KAAK,IAAI,SAAS,KAAK,MAAM,EAAE,CAAC;QACxE,MAAM,GAAG,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC;QACpB,IAAI,GAAG,KAAK,SAAS,IAAI,GAAG,KAAK,KAAK,IAAI,GAAG,KAAK,QAAQ;YAAE,OAAO,SAAS,CAAC;QAC7E,IAAI,GAAG,KAAK,MAAM,IAAI,GAAG,KAAK,KAAK;YAAE,OAAO,YAAY,CAAC;QACzD,IAAI,GAAG,KAAK,MAAM;YAAE,OAAO,YAAY,CAAC;QACxC,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,IAAI,SAAS,KAAK,KAAK;QAAE,OAAO,YAAY,CAAC;IAE7C,4DAA4D;IAC5D,IAAI,SAAS,KAAK,MAAM,IAAI,SAAS,KAAK,MAAM;QAAE,OAAO,SAAS,CAAC;IAEnE,4DAA4D;IAC5D,IAAI,CAAC,IAAI,EAAE,OAAO,EAAE,OAAO,CAAC,CAAC,QAAQ,CAAC,SAAS,CAAC,EAAE,CAAC;QACjD,OAAO,mBAAmB,CAAC;IAC7B,CAAC;IACD,4DAA4D;IAC5D,IAAI,CAAC,KAAK,EAAE,OAAO,EAAE,IAAI,CAAC,CAAC,QAAQ,CAAC,SAAS,CAAC,EAAE,CAAC;QAC/C,OAAO,mBAAmB,CAAC;IAC7B,CAAC;IAED,+DAA+D;IAC/D,IAAI,SAAS,KAAK,KAAK,IAAI,IAAI,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC3C,OAAO,eAAe,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,QAAQ,CAAC,CAAC;IAC3D,CAAC;IAED,4DAA4D;IAC5D,MAAM,aAAa,GAAG;QACpB,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,MAAM;QACvE,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,KAAK;QAC7C,yEAAyE;QACzE,KAAK,EAAE,MAAM,EAAE,OAAO,EAAE,SAAS,EAAE,MAAM;QACzC,oDAAoD;QACpD,WAAW,EAAE,MAAM,EAAE,MAAM,EAAE,UAAU,EAAE,WAAW,EAAE,YAAY;QAClE,gBAAgB,EAAE,MAAM,EAAE,cAAc;KACzC,CAAC;IACF,IAAI,aAAa,CAAC,QAAQ,CAAC,SAAS,CAAC;QAAE,OAAO,WAAW,CAAC;IAE1D,OAAO,SAAS,CAAC;AACnB,CAAC;AAED;;GAEG;AACH,SAAgB,gBAAgB,CAAC,KAA8B;IAC7D,MAAM,EAAE,QAAQ,EAAE,QAAQ,EAAE,OAAO,GAAG,EAAE,EAAE,GAAG,EAAE,aAAa,EAAE,4BAA4B,EAAE,GAAG,KAAK,CAAC;IACrG,MAAM,QAAQ,GAAG,eAAe,CAAC,QAAQ,EAAE,OAAO,EAAE,QAAQ,CAAC,CAAC;IAE9D,6DAA6D;IAC7D,IAAI,QAAQ,KAAK,mBAAmB,EAAE,CAAC;QACrC,OAAO;YACL,OAAO,EAAE,OAAO;YAChB,MAAM,EAAE,8CAA8C;YACtD,OAAO,EAAE,wDAAwD;SAClE,CAAC;IACJ,CAAC;IAED,IAAI,QAAQ,KAAK,cAAc,EAAE,CAAC;QAChC,OAAO;YACL,OAAO,EAAE,OAAO;YAChB,MAAM,EAAE,kDAAkD;YAC1D,OAAO,EAAE,kEAAkE;SAC5E,CAAC;IACJ,CAAC;IAED,4DAA4D;IAC5D,IAAI,QAAQ,KAAK,WAAW,EAAE,CAAC;QAC7B,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,MAAM,EAAE,sBAAsB,QAAQ,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC;IACrF,CAAC;IAED,IAAI,QAAQ,KAAK,UAAU,EAAE,CAAC;QAC5B,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,MAAM,EAAE,qBAAqB,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC;IAC7F,CAAC;IAED,IAAI,QAAQ,KAAK,YAAY,EAAE,CAAC;QAC9B,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,MAAM,EAAE,uBAAuB,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC;IAC/F,CAAC;IAED,IAAI,QAAQ,KAAK,iBAAiB,EAAE,CAAC;QACnC,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,MAAM,EAAE,oBAAoB,QAAQ,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC;IACnF,CAAC;IAED,IAAI,QAAQ,KAAK,iBAAiB,EAAE,CAAC;QACnC,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,MAAM,EAAE,wCAAwC,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC;IAC7F,CAAC;IAED,4DAA4D;IAC5D,IAAI,QAAQ,KAAK,iBAAiB,EAAE,CAAC;QACnC,IAAI,4BAA4B,EAAE,CAAC;YACjC,sEAAsE;YACtE,yEAAyE;YACzE,yEAAyE;YACzE,gCAAgC;YAChC,IAAI,aAAa,IAAI,GAAG,EAAE,CAAC;gBACzB,MAAM,OAAO,GAAG,WAAW,CAAC,GAAG,CAAC,CAAC;gBACjC,MAAM,aAAa,GAAG,WAAW,CAAC,aAAa,CAAC,CAAC;gBACjD,+EAA+E;gBAC/E,EAAE;gBACF,iFAAiF;gBACjF,kFAAkF;gBAClF,+EAA+E;gBAC/E,MAAM,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;gBAC5C,MAAM,aAAa,GAAG,aAAa,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;gBACxD,MAAM,GAAG,GAAG,IAAA,eAAQ,EAAC,aAAa,EAAE,OAAO,CAAC,CAAC;gBAC7C,MAAM,WAAW,GAAG,GAAG,KAAK,EAAE,IAAI,CAAC,CAAC,GAAG,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,IAAA,iBAAU,EAAC,GAAG,CAAC,CAAC,CAAC;gBAC9E,IAAI,WAAW,EAAE,CAAC;oBAChB,OAAO;wBACL,OAAO,EAAE,OAAO;wBAChB,MAAM,EAAE,4DAA4D,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE;wBACvF,KAAK,EAAE,IAAI;qBACZ,CAAC;gBACJ,CAAC;YACH,CAAC;QACH,CAAC;QACD,OAAO;YACL,OAAO,EAAE,OAAO;YAChB,MAAM,EAAE,oCAAoC,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE;YAC/D,OAAO,EAAE,sCAAsC;SAChD,CAAC;IACJ,CAAC;IAED,4DAA4D;IAC5D,qFAAqF;IACrF,6DAA6D;IAC7D,IAAI,QAAQ,KAAK,SAAS,EAAE,CAAC;QAC3B,OAAO;YACL,OAAO,EAAE,OAAO;YAChB,MAAM,EAAE,4BAA4B,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE;YACvD,KAAK,EAAE,IAAI;SACZ,CAAC;IACJ,CAAC;IAED,4DAA4D;IAC5D,yFAAyF;IACzF,IAAI,QAAQ,KAAK,mBAAmB,EAAE,CAAC;QACrC,OAAO;YACL,OAAO,EAAE,OAAO;YAChB,MAAM,EAAE,8BAA8B,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE;YACzD,OAAO,EAAE,0EAA0E;SACpF,CAAC;IACJ,CAAC;IAED,4DAA4D;IAC5D,yEAAyE;IACzE,6EAA6E;IAC7E,4EAA4E;IAC5E,mEAAmE;IACnE,OAAO;QACL,OAAO,EAAE,OAAO;QAChB,MAAM,EAAE,4CAA4C,QAAQ,IAAI,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE;QACnF,KAAK,EAAE,IAAI;KACZ,CAAC;AACJ,CAAC"}
|