@priyanshumit/macos-terminal-mcp 0.3.0

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 Priyanshu Mittal
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md

@@ -0,0 +1,219 @@
+# macos-terminal-mcp
+
+A local MCP server that lets AI agents inspect and drive your macOS Terminal.app tabs — list windows, read scrollback, execute commands, and clear buffers, all gated by a three-tier safety model plus per-call user confirmation for any write operation.
+
+## What it does
+
+Eleven MCP tools across three categories:
+
+### Terminal interaction
+
+| Tool | Read/Write | Description |
+|---|---|---|
+| `terminal_list` | read | Enumerate every open Terminal.app tab with tty, title, busy state, and foreground processes. |
+| `terminal_read` | read | Return the full buffer + scrollback of a specific tab, identified by tty. |
+| `terminal_execute` | **write** | Type a command into a specific tab and press Enter. Evaluated against the safety policy; runs auto/confirms/refuses depending on level. |
+| `terminal_clear` | **write** | Wipe scrollback of a specific tab via Cmd+K. Briefly steals focus. |
+
+### Safety policy management
+
+| Tool | Read/Write | Description |
+|---|---|---|
+| `safety_list` | read | Show all current safety patterns with their levels. |
+| `safety_add` | **write** | Propose a new pattern + level; user approves via dialog before persisting. |
+| `safety_remove` | **write** | Drop a pattern. Warns prominently in the dialog if the pattern is `forbidden`. |
+| `safety_set_level` | **write** | Change the level of an existing pattern. Warns when downgrading from `forbidden`. |
+
+### Async approval queue
+
+| Tool | Read/Write | Description |
+|---|---|---|
+| `pending_list` | read | Snapshot of commands currently awaiting approval. |
+| `pending_approve` | **write** | Approve a queued command by id. Triggers its own confirmation dialog. |
+| `pending_deny` | **write** | Deny a queued command. |
+
+Write tools are **off by default**. Set `WRITE_TOOLS_ENABLED=1` in the server's environment to enable them. Even when enabled, every non-`safe` operation triggers a native macOS confirmation dialog.
+
+## Prerequisites
+
+- macOS (uses JXA / `osascript`)
+- Node ≥ 20
+- Terminal.app (the stock macOS terminal)
+
+## Install
+
+### Option A: via npm (recommended)
+
+Once published:
+
+```bash
+# Run directly without installing
+npx -y @priyanshumit/macos-terminal-mcp
+
+# Or install globally
+npm install -g @priyanshumit/macos-terminal-mcp
+```
+
+### Option B: from source
+
+```bash
+git clone https://github.com/priyanshumit/macos-terminal-mcp.git
+cd macos-terminal-mcp
+npm install
+npm run build
+```
+
+## macOS permissions
+
+First time the MCP server controls Terminal.app, macOS will prompt for permission:
+
+> *"node" wants access to control "Terminal".*
+
+Click **OK**. The setting is remembered in **System Settings → Privacy & Security → Automation**.
+
+`terminal_clear` additionally requires **Accessibility** permission (it uses System Events to simulate Cmd+K). Grant under **System Settings → Privacy & Security → Accessibility**.
+
+## Scrollback configuration
+
+For `terminal_read` to return meaningful history, set Terminal.app's scrollback to a generous size:
+
+**Terminal.app → Settings → Profiles → (your profile) → Window → Scrollback**: set to **Unlimited** or a large fixed number.
+
+## Register with Claude Code
+
+```bash
+claude mcp add macos-terminal --command=npx --args=-y --args=@priyanshumit/macos-terminal-mcp
+```
+
+Or add to `~/.claude.json` / project `.mcp.json` manually:
+
+```json
+{
+  "mcpServers": {
+    "macos-terminal": {
+      "command": "npx",
+      "args": ["-y", "@priyanshumit/macos-terminal-mcp"]
+    }
+  }
+}
+```
+
+To enable write tools, add the env block:
+
+```json
+{
+  "mcpServers": {
+    "macos-terminal": {
+      "command": "npx",
+      "args": ["-y", "@priyanshumit/macos-terminal-mcp"],
+      "env": { "WRITE_TOOLS_ENABLED": "1" }
+    }
+  }
+}
+```
+
+Restart Claude Code. You should see the eleven tools listed.
+
+## Three-tier safety model
+
+Every `terminal_execute` call is evaluated against a list of regex patterns, each tagged with a level:
+
+| Level | Behavior |
+|---|---|
+| `safe` | Auto-run, no confirmation |
+| `requires_approval` | Native confirmation dialog (also enqueued for async approval via `pending_*`) |
+| `forbidden` | **Refused outright** — no dialog can approve it. To run a forbidden command, do it yourself in a real terminal. |
+
+**Evaluation rule: highest-restriction wins.** If a command matches both a `safe` pattern and a `forbidden` pattern, it's forbidden. This blocks composite-command bypasses like `ls && rm -rf /tmp/x` — the safe `^ls` match doesn't shield the forbidden `\brm\s+-rf?\b` match.
+
+**Default if no pattern matches**: `requires_approval`. New/unknown commands always confirm.
+
+## Default forbidden patterns
+
+| Pattern | Why |
+|---|---|
+| `\brm\s+-rf?\b` | Recursive delete |
+| `\bsudo\b` | Privilege escalation — humans only |
+| `\|\s*(bash\|sh\|zsh)\b` | Pipe-to-shell — common attack vector |
+| `\bcurl\b[^\|;]*\|`, `\bwget\b[^\|;]*\|` | Curl/wget piped to anything |
+| `>\s*/etc/`, `>\s*/dev/` | Writing to /etc or /dev |
+| `/etc/passwd`, `/etc/shadow`, `~/.ssh` | System or credential files |
+| `\bdd\s+if=` | dd — can overwrite disks |
+| `\bgit\s+push\s+(--force\|-f)\b` | Force push |
+| `\bgit\s+reset\s+--hard\b` | Discards local work |
+| `\bgit\s+clean\s+-[fdx]+\b` | Destructive git clean |
+| `\bshutdown\b`, `\breboot\b`, `\bkillall\b` | System control |
+| `:\(\)\{:\|:&\};:` | Fork bomb |
+
+The full list is in `src/safety/patterns.ts`. Customize via `safety_*` tools or by editing `~/.config/macos-terminal-mcp/safety.json` directly.
+
+## Customizing patterns
+
+**From within Claude:**
+
+> *"Add `^cargo build` as a safe pattern."* → Claude calls `safety_add({pattern: "^cargo build", level: "safe"})` → you click Allow on the dialog → it's persisted.
+
+> *"Show me the current safety policy."* → `safety_list` returns the JSON.
+
+> *"Forbidden `^docker\\s+rm`."* → Claude calls `safety_add({pattern: "^docker\\s+rm", level: "forbidden"})` → dialog → persisted.
+
+**By editing the file:**
+
+`~/.config/macos-terminal-mcp/safety.json`:
+
+```json
+{
+  "patterns": [
+    { "pattern": "^cargo build\\b", "level": "safe", "description": "Rust builds" },
+    { "pattern": "\\bmy-deploy-script\\b", "level": "forbidden", "description": "Never deploy from AI" }
+  ]
+}
+```
+
+If the file has the v1 schema (`{"allowlist": [...], "denylist": [...]}`), it's automatically migrated on load.
+
+## Async approval queue
+
+When `terminal_execute` triggers `requires_approval`, two things happen in parallel:
+1. A native macOS dialog pops asking you to Allow/Deny.
+2. The command is enqueued — visible via `pending_list`, resolvable via `pending_approve(id)` / `pending_deny(id, reason)`.
+
+Whichever path resolves first wins. For solo desktop use, the dialog is the canonical signal. For headless/remote/team contexts, the queue tools provide an out-of-band approval path.
+
+Pending entries auto-expire after 10 minutes. The queue is in-memory only — a server restart drops all pending entries.
+
+## Usage examples
+
+Once registered, from Claude Code:
+
+- *"List my open terminals."* → `terminal_list`
+- *"What's the last 50 lines from /dev/ttys062?"* → `terminal_read({tty: "/dev/ttys062", lines: 50})`
+- *"Run `git status` in /dev/ttys054."* → `terminal_execute` (auto-runs, safe pattern)
+- *"Run `rm -rf /tmp/cache` in /dev/ttys054."* → **refused** (matches forbidden pattern)
+- *"Run `cargo test` in /dev/ttys054."* → dialog pops (no safe pattern matches, default requires_approval)
+- *"Show me what's in the approval queue."* → `pending_list`
+- *"Approve queued command abc-123."* → `pending_approve({id: "abc-123"})` — also pops a dialog
+
+## Troubleshooting
+
+**"osascript exited 1: ... not authorized"**
+Automation permission has not been granted. Open System Settings → Privacy & Security → Automation, find the process, allow it to control Terminal.
+
+**Confirmation dialogs never appear**
+The MCP server is in a context without a GUI session. Test:
+```bash
+osascript -l JavaScript -e 'Application.currentApplication().includeStandardAdditions = true; Application.currentApplication().displayDialog("test")'
+```
+
+**`terminal_clear` does nothing**
+Requires Accessibility permission, and the target window must accept keyboard focus. If you have multiple Terminal windows, focus may not settle on the intended one before the keystroke fires. Run `terminal_list` first to confirm the tty.
+
+**`terminal_read` returns less than expected**
+Terminal.app's scrollback cap is profile-controlled. Increase under Terminal.app → Settings → Profiles → Window → Scrollback.
+
+**Command refused as "forbidden" but I have a legit reason**
+Forbidden patterns intentionally cannot be approved via the tool. Either run the command yourself in a real terminal, or use `safety_set_level({pattern: "...", level: "requires_approval"})` to downgrade — you'll see a downgrade warning in the confirmation dialog.
+
+## License
+
+MIT — see [LICENSE](./LICENSE).

package/dist/applescript.js

@@ -0,0 +1,75 @@
+import { spawn } from "node:child_process";
+export class OsascriptError extends Error {
+    stderr;
+    code;
+    timedOut;
+    constructor(message, stderr, code, timedOut = false) {
+        super(message);
+        this.stderr = stderr;
+        this.code = code;
+        this.timedOut = timedOut;
+        this.name = "OsascriptError";
+    }
+}
+const DEFAULT_TIMEOUT_MS = 30_000;
+export function runJxa(script, options = {}) {
+    const timeoutMs = options.timeoutMs ?? DEFAULT_TIMEOUT_MS;
+    return new Promise((resolve, reject) => {
+        const proc = spawn("osascript", ["-l", "JavaScript"], {
+            stdio: ["pipe", "pipe", "pipe"],
+        });
+        let stdout = "";
+        let stderr = "";
+        let settled = false;
+        const timer = setTimeout(() => {
+            if (settled)
+                return;
+            settled = true;
+            try {
+                proc.kill("SIGKILL");
+            }
+            catch {
+                /* ignore */
+            }
+            reject(new OsascriptError(`osascript timed out after ${timeoutMs}ms`, stderr.trim(), -1, true));
+        }, timeoutMs);
+        proc.stdout.on("data", (chunk) => {
+            stdout += chunk.toString("utf8");
+        });
+        proc.stderr.on("data", (chunk) => {
+            stderr += chunk.toString("utf8");
+        });
+        proc.on("error", (err) => {
+            if (settled)
+                return;
+            settled = true;
+            clearTimeout(timer);
+            reject(err);
+        });
+        proc.on("close", (code) => {
+            if (settled)
+                return;
+            settled = true;
+            clearTimeout(timer);
+            if (code === 0) {
+                resolve(stdout.replace(/\n$/, ""));
+            }
+            else {
+                reject(new OsascriptError(`osascript exited ${code}: ${stderr.trim()}`, stderr.trim(), code ?? -1));
+            }
+        });
+        proc.stdin.write(script);
+        proc.stdin.end();
+    });
+}
+export async function runJxaJson(script, options = {}) {
+    const output = await runJxa(script, options);
+    try {
+        return JSON.parse(output);
+    }
+    catch (err) {
+        const preview = output.length > 500 ? `${output.slice(0, 500)}…` : output;
+        throw new OsascriptError(`JXA stdout was not valid JSON: ${err.message}\nOutput: ${preview}`, output, -1);
+    }
+}
+//# sourceMappingURL=applescript.js.map

package/dist/applescript.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"applescript.js","sourceRoot":"","sources":["../src/applescript.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,EAAE,MAAM,oBAAoB,CAAC;AAE3C,MAAM,OAAO,cAAe,SAAQ,KAAK;IAGrB;IACA;IACA;IAJlB,YACE,OAAe,EACC,MAAc,EACd,IAAY,EACZ,WAAW,KAAK;QAEhC,KAAK,CAAC,OAAO,CAAC,CAAC;QAJC,WAAM,GAAN,MAAM,CAAQ;QACd,SAAI,GAAJ,IAAI,CAAQ;QACZ,aAAQ,GAAR,QAAQ,CAAQ;QAGhC,IAAI,CAAC,IAAI,GAAG,gBAAgB,CAAC;IAC/B,CAAC;CACF;AAOD,MAAM,kBAAkB,GAAG,MAAM,CAAC;AAElC,MAAM,UAAU,MAAM,CAAC,MAAc,EAAE,UAAyB,EAAE;IAChE,MAAM,SAAS,GAAG,OAAO,CAAC,SAAS,IAAI,kBAAkB,CAAC;IAC1D,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;QACrC,MAAM,IAAI,GAAG,KAAK,CAAC,WAAW,EAAE,CAAC,IAAI,EAAE,YAAY,CAAC,EAAE;YACpD,KAAK,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC;SAChC,CAAC,CAAC;QACH,IAAI,MAAM,GAAG,EAAE,CAAC;QAChB,IAAI,MAAM,GAAG,EAAE,CAAC;QAChB,IAAI,OAAO,GAAG,KAAK,CAAC;QAEpB,MAAM,KAAK,GAAG,UAAU,CAAC,GAAG,EAAE;YAC5B,IAAI,OAAO;gBAAE,OAAO;YACpB,OAAO,GAAG,IAAI,CAAC;YACf,IAAI,CAAC;gBACH,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;YACvB,CAAC;YAAC,MAAM,CAAC;gBACP,YAAY;YACd,CAAC;YACD,MAAM,CACJ,IAAI,cAAc,CAAC,6BAA6B,SAAS,IAAI,EAAE,MAAM,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC,EAAE,IAAI,CAAC,CACxF,CAAC;QACJ,CAAC,EAAE,SAAS,CAAC,CAAC;QAEd,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,KAAa,EAAE,EAAE;YACvC,MAAM,IAAI,KAAK,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;QACnC,CAAC,CAAC,CAAC;QACH,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,KAAa,EAAE,EAAE;YACvC,MAAM,IAAI,KAAK,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;QACnC,CAAC,CAAC,CAAC;QACH,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,GAAG,EAAE,EAAE;YACvB,IAAI,OAAO;gBAAE,OAAO;YACpB,OAAO,GAAG,IAAI,CAAC;YACf,YAAY,CAAC,KAAK,CAAC,CAAC;YACpB,MAAM,CAAC,GAAG,CAAC,CAAC;QACd,CAAC,CAAC,CAAC;QACH,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,IAAI,EAAE,EAAE;YACxB,IAAI,OAAO;gBAAE,OAAO;YACpB,OAAO,GAAG,IAAI,CAAC;YACf,YAAY,CAAC,KAAK,CAAC,CAAC;YACpB,IAAI,IAAI,KAAK,CAAC,EAAE,CAAC;gBACf,OAAO,CAAC,MAAM,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC,CAAC;YACrC,CAAC;iBAAM,CAAC;gBACN,MAAM,CACJ,IAAI,cAAc,CAChB,oBAAoB,IAAI,KAAK,MAAM,CAAC,IAAI,EAAE,EAAE,EAC5C,MAAM,CAAC,IAAI,EAAE,EACb,IAAI,IAAI,CAAC,CAAC,CACX,CACF,CAAC;YACJ,CAAC;QACH,CAAC,CAAC,CAAC;QACH,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;QACzB,IAAI,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC;IACnB,CAAC,CAAC,CAAC;AACL,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,UAAU,CAAI,MAAc,EAAE,UAAyB,EAAE;IAC7E,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAC7C,IAAI,CAAC;QACH,OAAO,IAAI,CAAC,KAAK,CAAC,MAAM,CAAM,CAAC;IACjC,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,OAAO,GAAG,MAAM,CAAC,MAAM,GAAG,GAAG,CAAC,CAAC,CAAC,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,MAAM,CAAC;QAC1E,MAAM,IAAI,cAAc,CACtB,kCAAmC,GAAa,CAAC,OAAO,aAAa,OAAO,EAAE,EAC9E,MAAM,EACN,CAAC,CAAC,CACH,CAAC;IACJ,CAAC;AACH,CAAC"}

package/dist/index.js

@@ -0,0 +1,16 @@
+#!/usr/bin/env node
+import { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
+import { StdioServerTransport } from "@modelcontextprotocol/sdk/server/stdio.js";
+import { registerAll } from "./tools/register.js";
+const server = new McpServer({ name: "macos-terminal-mcp", version: "0.1.0" }, { capabilities: { tools: {} } });
+registerAll(server);
+async function main() {
+    const transport = new StdioServerTransport();
+    await server.connect(transport);
+    process.stderr.write("[macos-terminal-mcp] server ready on stdio\n");
+}
+main().catch((err) => {
+    process.stderr.write(`[macos-terminal-mcp] fatal: ${err instanceof Error ? err.message : String(err)}\n`);
+    process.exit(1);
+});
+//# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";AACA,OAAO,EAAE,SAAS,EAAE,MAAM,yCAAyC,CAAC;AACpE,OAAO,EAAE,oBAAoB,EAAE,MAAM,2CAA2C,CAAC;AACjF,OAAO,EAAE,WAAW,EAAE,MAAM,qBAAqB,CAAC;AAElD,MAAM,MAAM,GAAG,IAAI,SAAS,CAC1B,EAAE,IAAI,EAAE,oBAAoB,EAAE,OAAO,EAAE,OAAO,EAAE,EAChD,EAAE,YAAY,EAAE,EAAE,KAAK,EAAE,EAAE,EAAE,EAAE,CAChC,CAAC;AAEF,WAAW,CAAC,MAAM,CAAC,CAAC;AAEpB,KAAK,UAAU,IAAI;IACjB,MAAM,SAAS,GAAG,IAAI,oBAAoB,EAAE,CAAC;IAC7C,MAAM,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;IAChC,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,8CAA8C,CAAC,CAAC;AACvE,CAAC;AAED,IAAI,EAAE,CAAC,KAAK,CAAC,CAAC,GAAY,EAAE,EAAE;IAC5B,OAAO,CAAC,MAAM,CAAC,KAAK,CAClB,+BAA+B,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,IAAI,CACpF,CAAC;IACF,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AAClB,CAAC,CAAC,CAAC"}

package/dist/safety/audit.js

@@ -0,0 +1,30 @@
+import { appendFile, mkdir } from "node:fs/promises";
+import { homedir } from "node:os";
+import { dirname, join } from "node:path";
+function resolveDefaultPath() {
+    const xdg = process.env.XDG_STATE_HOME;
+    const base = xdg && xdg.length > 0 ? xdg : join(homedir(), ".local", "state");
+    return join(base, "macos-terminal-mcp", "audit.log");
+}
+export const AUDIT_LOG_PATH = resolveDefaultPath();
+const COMMAND_TRUNCATE = 1000;
+function truncate(s, max) {
+    return s.length > max ? `${s.slice(0, max)}…[+${s.length - max}]` : s;
+}
+export async function appendAudit(entry, path = AUDIT_LOG_PATH) {
+    const record = {
+        timestamp: entry.timestamp ?? new Date().toISOString(),
+        ...entry,
+    };
+    if (record.command !== undefined) {
+        record.command = truncate(record.command, COMMAND_TRUNCATE);
+    }
+    try {
+        await mkdir(dirname(path), { recursive: true });
+        await appendFile(path, `${JSON.stringify(record)}\n`, "utf8");
+    }
+    catch (err) {
+        process.stderr.write(`[macos-terminal-mcp] audit log write failed: ${err.message}\n`);
+    }
+}
+//# sourceMappingURL=audit.js.map

package/dist/safety/audit.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"audit.js","sourceRoot":"","sources":["../../src/safety/audit.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,KAAK,EAAE,MAAM,kBAAkB,CAAC;AACrD,OAAO,EAAE,OAAO,EAAE,MAAM,SAAS,CAAC;AAClC,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AAmB1C,SAAS,kBAAkB;IACzB,MAAM,GAAG,GAAG,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC;IACvC,MAAM,IAAI,GAAG,GAAG,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,EAAE,EAAE,QAAQ,EAAE,OAAO,CAAC,CAAC;IAC9E,OAAO,IAAI,CAAC,IAAI,EAAE,oBAAoB,EAAE,WAAW,CAAC,CAAC;AACvD,CAAC;AAED,MAAM,CAAC,MAAM,cAAc,GAAG,kBAAkB,EAAE,CAAC;AAEnD,MAAM,gBAAgB,GAAG,IAAI,CAAC;AAE9B,SAAS,QAAQ,CAAC,CAAS,EAAE,GAAW;IACtC,OAAO,CAAC,CAAC,MAAM,GAAG,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,MAAM,CAAC,CAAC,MAAM,GAAG,GAAG,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;AACxE,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,WAAW,CAC/B,KAA6D,EAC7D,OAAe,cAAc;IAE7B,MAAM,MAAM,GAAe;QACzB,SAAS,EAAE,KAAK,CAAC,SAAS,IAAI,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;QACtD,GAAG,KAAK;KACT,CAAC;IACF,IAAI,MAAM,CAAC,OAAO,KAAK,SAAS,EAAE,CAAC;QACjC,MAAM,CAAC,OAAO,GAAG,QAAQ,CAAC,MAAM,CAAC,OAAO,EAAE,gBAAgB,CAAC,CAAC;IAC9D,CAAC;IACD,IAAI,CAAC;QACH,MAAM,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QAChD,MAAM,UAAU,CAAC,IAAI,EAAE,GAAG,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC;IAChE,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,OAAO,CAAC,MAAM,CAAC,KAAK,CAClB,gDAAiD,GAAa,CAAC,OAAO,IAAI,CAC3E,CAAC;IACJ,CAAC;AACH,CAAC"}

package/dist/safety/confirm.js

@@ -0,0 +1,44 @@
+import { runJxa } from "../applescript.js";
+export function isWriteToolsEnabled() {
+    return process.env.WRITE_TOOLS_ENABLED === "1";
+}
+const DEFAULT_DIALOG_TIMEOUT_SEC = 300;
+export async function confirmWithUser(req) {
+    const allow = req.allowLabel ?? "Allow";
+    const deny = req.denyLabel ?? "Deny";
+    const timeoutSec = req.timeoutSeconds ?? DEFAULT_DIALOG_TIMEOUT_SEC;
+    const script = `
+var app = Application.currentApplication();
+app.includeStandardAdditions = true;
+(function () {
+  try {
+    var result = app.displayDialog(
+      ${JSON.stringify(req.message)},
+      {
+        buttons: [${JSON.stringify(deny)}, ${JSON.stringify(allow)}],
+        defaultButton: ${JSON.stringify(deny)},
+        cancelButton: ${JSON.stringify(deny)},
+        withTitle: ${JSON.stringify(req.title)},
+        withIcon: "caution",
+        givingUpAfter: ${timeoutSec}
+      }
+    );
+    if (result.gaveUp) return "TIMEOUT";
+    return result.buttonReturned === ${JSON.stringify(allow)} ? "ALLOW" : "DENY";
+  } catch (e) {
+    return "DENY";
+  }
+})();
+`;
+    // Outer osascript timeout is dialog timeout + 10s buffer so the dialog's own
+    // givingUpAfter has a chance to fire before the spawn-level kill engages.
+    const result = await runJxa(script, { timeoutMs: (timeoutSec + 10) * 1000 });
+    return result.trim() === "ALLOW";
+}
+export function writeToolsDisabledMessage(toolName) {
+    return (`${toolName} is disabled. Write tools (terminal_execute, terminal_clear, safety_*) ` +
+        `are off by default for safety. To enable, set environment variable ` +
+        `WRITE_TOOLS_ENABLED=1 in the MCP server's env block. Each non-"safe" call ` +
+        `still prompts via a native macOS dialog.`);
+}
+//# sourceMappingURL=confirm.js.map

package/dist/safety/confirm.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"confirm.js","sourceRoot":"","sources":["../../src/safety/confirm.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,mBAAmB,CAAC;AAE3C,MAAM,UAAU,mBAAmB;IACjC,OAAO,OAAO,CAAC,GAAG,CAAC,mBAAmB,KAAK,GAAG,CAAC;AACjD,CAAC;AAWD,MAAM,0BAA0B,GAAG,GAAG,CAAC;AAEvC,MAAM,CAAC,KAAK,UAAU,eAAe,CAAC,GAAmB;IACvD,MAAM,KAAK,GAAG,GAAG,CAAC,UAAU,IAAI,OAAO,CAAC;IACxC,MAAM,IAAI,GAAG,GAAG,CAAC,SAAS,IAAI,MAAM,CAAC;IACrC,MAAM,UAAU,GAAG,GAAG,CAAC,cAAc,IAAI,0BAA0B,CAAC;IACpE,MAAM,MAAM,GAAG;;;;;;QAMT,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,OAAO,CAAC;;oBAEf,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,KAAK,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC;yBACzC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC;wBACrB,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC;qBACvB,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,KAAK,CAAC;;yBAErB,UAAU;;;;uCAII,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC;;;;;CAK3D,CAAC;IACA,6EAA6E;IAC7E,0EAA0E;IAC1E,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,MAAM,EAAE,EAAE,SAAS,EAAE,CAAC,UAAU,GAAG,EAAE,CAAC,GAAG,IAAI,EAAE,CAAC,CAAC;IAC7E,OAAO,MAAM,CAAC,IAAI,EAAE,KAAK,OAAO,CAAC;AACnC,CAAC;AAED,MAAM,UAAU,yBAAyB,CAAC,QAAgB;IACxD,OAAO,CACL,GAAG,QAAQ,yEAAyE;QACpF,qEAAqE;QACrE,4EAA4E;QAC5E,0CAA0C,CAC3C,CAAC;AACJ,CAAC"}

package/dist/safety/patterns.js

@@ -0,0 +1,176 @@
+import { mkdir, readFile, writeFile } from "node:fs/promises";
+import { homedir } from "node:os";
+import { dirname, join } from "node:path";
+export const SAFETY_CONFIG_PATH = join(homedir(), ".config", "macos-terminal-mcp", "safety.json");
+const DEFAULT_PATTERNS = [
+    // FORBIDDEN — never run, even with confirmation. The user must run these in a terminal themselves.
+    {
+        pattern: "\\brm\\s+-rf?\\b",
+        level: "forbidden",
+        description: "Recursive rm — too destructive to expose to an AI agent",
+    },
+    {
+        pattern: "\\bsudo\\b",
+        level: "forbidden",
+        description: "Privilege escalation should always be done by a human",
+    },
+    {
+        pattern: "\\|\\s*(bash|sh|zsh)\\b",
+        level: "forbidden",
+        description: "Piping into a shell — common attack vector",
+    },
+    {
+        pattern: "\\bcurl\\b[^|;]*\\|",
+        level: "forbidden",
+        description: "curl piped to another command",
+    },
+    {
+        pattern: "\\bwget\\b[^|;]*\\|",
+        level: "forbidden",
+        description: "wget piped to another command",
+    },
+    { pattern: ">\\s*/etc/", level: "forbidden", description: "Writing to /etc" },
+    { pattern: ">\\s*/dev/", level: "forbidden", description: "Writing to /dev" },
+    { pattern: "/etc/passwd", level: "forbidden", description: "Touching /etc/passwd" },
+    { pattern: "/etc/shadow", level: "forbidden", description: "Touching /etc/shadow" },
+    { pattern: "~/.ssh", level: "forbidden", description: "Touching SSH keys" },
+    { pattern: "\\bdd\\s+if=", level: "forbidden", description: "dd — can overwrite disks" },
+    { pattern: ":\\(\\)\\{:\\|:&\\};:", level: "forbidden", description: "Fork bomb" },
+    { pattern: "\\bshutdown\\b", level: "forbidden", description: "System shutdown" },
+    { pattern: "\\breboot\\b", level: "forbidden", description: "System reboot" },
+    { pattern: "\\bkillall\\b", level: "forbidden", description: "Mass process kill" },
+    {
+        pattern: "\\bgit\\s+push\\s+(--force|-f)\\b",
+        level: "forbidden",
+        description: "Force push — usually a mistake",
+    },
+    {
+        pattern: "\\bgit\\s+reset\\s+--hard\\b",
+        level: "forbidden",
+        description: "git reset --hard — discards local work",
+    },
+    {
+        pattern: "\\bgit\\s+clean\\s+-[fdx]+\\b",
+        level: "forbidden",
+        description: "git clean with -f flags — destructive",
+    },
+    // SAFE — auto-run, no confirmation needed.
+    { pattern: "^ls(\\s|$)", level: "safe", description: "List directory contents" },
+    { pattern: "^pwd(\\s|$)", level: "safe", description: "Print working directory" },
+    { pattern: "^cd(\\s|$)", level: "safe", description: "Change directory" },
+    { pattern: "^echo(\\s|$)", level: "safe", description: "Echo arguments" },
+    { pattern: "^cat\\s", level: "safe", description: "Print file contents" },
+    { pattern: "^less\\s", level: "safe", description: "Page through a file" },
+    { pattern: "^head\\s", level: "safe", description: "First N lines of a file" },
+    { pattern: "^tail\\s", level: "safe", description: "Last N lines of a file" },
+    { pattern: "^which\\s", level: "safe", description: "Locate a command" },
+    { pattern: "^type\\s", level: "safe", description: "Describe a command" },
+    { pattern: "^date(\\s|$)", level: "safe", description: "Current date/time" },
+    { pattern: "^whoami(\\s|$)", level: "safe", description: "Current user" },
+    { pattern: "^uptime(\\s|$)", level: "safe", description: "System uptime" },
+    {
+        pattern: "^git\\s+(status|log|diff|branch|show|remote|stash list)\\b",
+        level: "safe",
+        description: "Read-only git operations",
+    },
+    {
+        pattern: "^npm\\s+(test|run\\s+test|run\\s+lint|run\\s+typecheck)\\b",
+        level: "safe",
+        description: "Common npm read-ish operations",
+    },
+    { pattern: "^node\\s+--version\\b", level: "safe" },
+    { pattern: "^python3?\\s+--version\\b", level: "safe" },
+];
+export async function loadSafetyConfig(path = SAFETY_CONFIG_PATH) {
+    try {
+        const raw = await readFile(path, "utf8");
+        const parsed = JSON.parse(raw);
+        return normalizeConfig(parsed);
+    }
+    catch {
+        return { patterns: DEFAULT_PATTERNS };
+    }
+}
+export async function saveSafetyConfig(config, path = SAFETY_CONFIG_PATH) {
+    await mkdir(dirname(path), { recursive: true });
+    await writeFile(path, `${JSON.stringify(config, null, 2)}\n`, "utf8");
+}
+export function defaultPatterns() {
+    return DEFAULT_PATTERNS.map((p) => ({ ...p }));
+}
+export function normalizeConfig(raw) {
+    if (!raw || typeof raw !== "object")
+        return { patterns: DEFAULT_PATTERNS };
+    const o = raw;
+    if (Array.isArray(o.patterns)) {
+        return {
+            patterns: o.patterns.filter((e) => isValidEntry(e)),
+        };
+    }
+    // Migrate v1 schema {allowlist: [], denylist: []} → v2 {patterns: [...]}
+    if (Array.isArray(o.allowlist) || Array.isArray(o.denylist)) {
+        const patterns = [];
+        if (Array.isArray(o.denylist)) {
+            for (const p of o.denylist) {
+                if (typeof p === "string") {
+                    patterns.push({
+                        pattern: p,
+                        level: "requires_approval",
+                        description: "Migrated from v1 denylist",
+                    });
+                }
+            }
+        }
+        if (Array.isArray(o.allowlist)) {
+            for (const p of o.allowlist) {
+                if (typeof p === "string") {
+                    patterns.push({
+                        pattern: p,
+                        level: "safe",
+                        description: "Migrated from v1 allowlist",
+                    });
+                }
+            }
+        }
+        return { patterns: patterns.length > 0 ? patterns : DEFAULT_PATTERNS };
+    }
+    return { patterns: DEFAULT_PATTERNS };
+}
+function isValidEntry(e) {
+    if (!e || typeof e !== "object")
+        return false;
+    const o = e;
+    return (typeof o.pattern === "string" &&
+        (o.level === "safe" || o.level === "requires_approval" || o.level === "forbidden") &&
+        (o.description === undefined || typeof o.description === "string"));
+}
+const LEVEL_RANK = {
+    safe: 0,
+    requires_approval: 1,
+    forbidden: 2,
+};
+export function evaluateCommand(command, config) {
+    let result = null;
+    for (const entry of config.patterns) {
+        if (!testPattern(entry.pattern, command))
+            continue;
+        if (!result || LEVEL_RANK[entry.level] > LEVEL_RANK[result.level]) {
+            result = {
+                level: entry.level,
+                matchedPattern: entry.pattern,
+                matchedDescription: entry.description,
+            };
+        }
+    }
+    // No pattern matched — default is requires_approval (safer than safe)
+    return result ?? { level: "requires_approval" };
+}
+function testPattern(pattern, command) {
+    try {
+        return new RegExp(pattern).test(command);
+    }
+    catch {
+        return false;
+    }
+}
+//# sourceMappingURL=patterns.js.map

package/dist/safety/patterns.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"patterns.js","sourceRoot":"","sources":["../../src/safety/patterns.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,EAAE,QAAQ,EAAE,SAAS,EAAE,MAAM,kBAAkB,CAAC;AAC9D,OAAO,EAAE,OAAO,EAAE,MAAM,SAAS,CAAC;AAClC,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AAc1C,MAAM,CAAC,MAAM,kBAAkB,GAAG,IAAI,CAAC,OAAO,EAAE,EAAE,SAAS,EAAE,oBAAoB,EAAE,aAAa,CAAC,CAAC;AAElG,MAAM,gBAAgB,GAAmB;IACvC,mGAAmG;IACnG;QACE,OAAO,EAAE,kBAAkB;QAC3B,KAAK,EAAE,WAAW;QAClB,WAAW,EAAE,yDAAyD;KACvE;IACD;QACE,OAAO,EAAE,YAAY;QACrB,KAAK,EAAE,WAAW;QAClB,WAAW,EAAE,uDAAuD;KACrE;IACD;QACE,OAAO,EAAE,yBAAyB;QAClC,KAAK,EAAE,WAAW;QAClB,WAAW,EAAE,4CAA4C;KAC1D;IACD;QACE,OAAO,EAAE,qBAAqB;QAC9B,KAAK,EAAE,WAAW;QAClB,WAAW,EAAE,+BAA+B;KAC7C;IACD;QACE,OAAO,EAAE,qBAAqB;QAC9B,KAAK,EAAE,WAAW;QAClB,WAAW,EAAE,+BAA+B;KAC7C;IACD,EAAE,OAAO,EAAE,YAAY,EAAE,KAAK,EAAE,WAAW,EAAE,WAAW,EAAE,iBAAiB,EAAE;IAC7E,EAAE,OAAO,EAAE,YAAY,EAAE,KAAK,EAAE,WAAW,EAAE,WAAW,EAAE,iBAAiB,EAAE;IAC7E,EAAE,OAAO,EAAE,aAAa,EAAE,KAAK,EAAE,WAAW,EAAE,WAAW,EAAE,sBAAsB,EAAE;IACnF,EAAE,OAAO,EAAE,aAAa,EAAE,KAAK,EAAE,WAAW,EAAE,WAAW,EAAE,sBAAsB,EAAE;IACnF,EAAE,OAAO,EAAE,QAAQ,EAAE,KAAK,EAAE,WAAW,EAAE,WAAW,EAAE,mBAAmB,EAAE;IAC3E,EAAE,OAAO,EAAE,cAAc,EAAE,KAAK,EAAE,WAAW,EAAE,WAAW,EAAE,0BAA0B,EAAE;IACxF,EAAE,OAAO,EAAE,uBAAuB,EAAE,KAAK,EAAE,WAAW,EAAE,WAAW,EAAE,WAAW,EAAE;IAClF,EAAE,OAAO,EAAE,gBAAgB,EAAE,KAAK,EAAE,WAAW,EAAE,WAAW,EAAE,iBAAiB,EAAE;IACjF,EAAE,OAAO,EAAE,cAAc,EAAE,KAAK,EAAE,WAAW,EAAE,WAAW,EAAE,eAAe,EAAE;IAC7E,EAAE,OAAO,EAAE,eAAe,EAAE,KAAK,EAAE,WAAW,EAAE,WAAW,EAAE,mBAAmB,EAAE;IAClF;QACE,OAAO,EAAE,mCAAmC;QAC5C,KAAK,EAAE,WAAW;QAClB,WAAW,EAAE,gCAAgC;KAC9C;IACD;QACE,OAAO,EAAE,8BAA8B;QACvC,KAAK,EAAE,WAAW;QAClB,WAAW,EAAE,wCAAwC;KACtD;IACD;QACE,OAAO,EAAE,+BAA+B;QACxC,KAAK,EAAE,WAAW;QAClB,WAAW,EAAE,uCAAuC;KACrD;IAED,2CAA2C;IAC3C,EAAE,OAAO,EAAE,YAAY,EAAE,KAAK,EAAE,MAAM,EAAE,WAAW,EAAE,yBAAyB,EAAE;IAChF,EAAE,OAAO,EAAE,aAAa,EAAE,KAAK,EAAE,MAAM,EAAE,WAAW,EAAE,yBAAyB,EAAE;IACjF,EAAE,OAAO,EAAE,YAAY,EAAE,KAAK,EAAE,MAAM,EAAE,WAAW,EAAE,kBAAkB,EAAE;IACzE,EAAE,OAAO,EAAE,cAAc,EAAE,KAAK,EAAE,MAAM,EAAE,WAAW,EAAE,gBAAgB,EAAE;IACzE,EAAE,OAAO,EAAE,SAAS,EAAE,KAAK,EAAE,MAAM,EAAE,WAAW,EAAE,qBAAqB,EAAE;IACzE,EAAE,OAAO,EAAE,UAAU,EAAE,KAAK,EAAE,MAAM,EAAE,WAAW,EAAE,qBAAqB,EAAE;IAC1E,EAAE,OAAO,EAAE,UAAU,EAAE,KAAK,EAAE,MAAM,EAAE,WAAW,EAAE,yBAAyB,EAAE;IAC9E,EAAE,OAAO,EAAE,UAAU,EAAE,KAAK,EAAE,MAAM,EAAE,WAAW,EAAE,wBAAwB,EAAE;IAC7E,EAAE,OAAO,EAAE,WAAW,EAAE,KAAK,EAAE,MAAM,EAAE,WAAW,EAAE,kBAAkB,EAAE;IACxE,EAAE,OAAO,EAAE,UAAU,EAAE,KAAK,EAAE,MAAM,EAAE,WAAW,EAAE,oBAAoB,EAAE;IACzE,EAAE,OAAO,EAAE,cAAc,EAAE,KAAK,EAAE,MAAM,EAAE,WAAW,EAAE,mBAAmB,EAAE;IAC5E,EAAE,OAAO,EAAE,gBAAgB,EAAE,KAAK,EAAE,MAAM,EAAE,WAAW,EAAE,cAAc,EAAE;IACzE,EAAE,OAAO,EAAE,gBAAgB,EAAE,KAAK,EAAE,MAAM,EAAE,WAAW,EAAE,eAAe,EAAE;IAC1E;QACE,OAAO,EAAE,4DAA4D;QACrE,KAAK,EAAE,MAAM;QACb,WAAW,EAAE,0BAA0B;KACxC;IACD;QACE,OAAO,EAAE,4DAA4D;QACrE,KAAK,EAAE,MAAM;QACb,WAAW,EAAE,gCAAgC;KAC9C;IACD,EAAE,OAAO,EAAE,uBAAuB,EAAE,KAAK,EAAE,MAAM,EAAE;IACnD,EAAE,OAAO,EAAE,2BAA2B,EAAE,KAAK,EAAE,MAAM,EAAE;CACxD,CAAC;AAEF,MAAM,CAAC,KAAK,UAAU,gBAAgB,CAAC,OAAe,kBAAkB;IACtE,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC;QACzC,MAAM,MAAM,GAAY,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QACxC,OAAO,eAAe,CAAC,MAAM,CAAC,CAAC;IACjC,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,QAAQ,EAAE,gBAAgB,EAAE,CAAC;IACxC,CAAC;AACH,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,gBAAgB,CACpC,MAAoB,EACpB,OAAe,kBAAkB;IAEjC,MAAM,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IAChD,MAAM,SAAS,CAAC,IAAI,EAAE,GAAG,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC;AACxE,CAAC;AAED,MAAM,UAAU,eAAe;IAC7B,OAAO,gBAAgB,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE,CAAC,CAAC,CAAC;AACjD,CAAC;AAED,MAAM,UAAU,eAAe,CAAC,GAAY;IAC1C,IAAI,CAAC,GAAG,IAAI,OAAO,GAAG,KAAK,QAAQ;QAAE,OAAO,EAAE,QAAQ,EAAE,gBAAgB,EAAE,CAAC;IAC3E,MAAM,CAAC,GAAG,GAA8B,CAAC;IACzC,IAAI,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,QAAQ,CAAC,EAAE,CAAC;QAC9B,OAAO;YACL,QAAQ,EAAE,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAU,EAAqB,EAAE,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;SAChF,CAAC;IACJ,CAAC;IACD,yEAAyE;IACzE,IAAI,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,SAAS,CAAC,IAAI,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,QAAQ,CAAC,EAAE,CAAC;QAC5D,MAAM,QAAQ,GAAmB,EAAE,CAAC;QACpC,IAAI,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,QAAQ,CAAC,EAAE,CAAC;YAC9B,KAAK,MAAM,CAAC,IAAI,CAAC,CAAC,QAAQ,EAAE,CAAC;gBAC3B,IAAI,OAAO,CAAC,KAAK,QAAQ,EAAE,CAAC;oBAC1B,QAAQ,CAAC,IAAI,CAAC;wBACZ,OAAO,EAAE,CAAC;wBACV,KAAK,EAAE,mBAAmB;wBAC1B,WAAW,EAAE,2BAA2B;qBACzC,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;QACH,CAAC;QACD,IAAI,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,SAAS,CAAC,EAAE,CAAC;YAC/B,KAAK,MAAM,CAAC,IAAI,CAAC,CAAC,SAAS,EAAE,CAAC;gBAC5B,IAAI,OAAO,CAAC,KAAK,QAAQ,EAAE,CAAC;oBAC1B,QAAQ,CAAC,IAAI,CAAC;wBACZ,OAAO,EAAE,CAAC;wBACV,KAAK,EAAE,MAAM;wBACb,WAAW,EAAE,4BAA4B;qBAC1C,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;QACH,CAAC;QACD,OAAO,EAAE,QAAQ,EAAE,QAAQ,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,gBAAgB,EAAE,CAAC;IACzE,CAAC;IACD,OAAO,EAAE,QAAQ,EAAE,gBAAgB,EAAE,CAAC;AACxC,CAAC;AAED,SAAS,YAAY,CAAC,CAAU;IAC9B,IAAI,CAAC,CAAC,IAAI,OAAO,CAAC,KAAK,QAAQ;QAAE,OAAO,KAAK,CAAC;IAC9C,MAAM,CAAC,GAAG,CAA4B,CAAC;IACvC,OAAO,CACL,OAAO,CAAC,CAAC,OAAO,KAAK,QAAQ;QAC7B,CAAC,CAAC,CAAC,KAAK,KAAK,MAAM,IAAI,CAAC,CAAC,KAAK,KAAK,mBAAmB,IAAI,CAAC,CAAC,KAAK,KAAK,WAAW,CAAC;QAClF,CAAC,CAAC,CAAC,WAAW,KAAK,SAAS,IAAI,OAAO,CAAC,CAAC,WAAW,KAAK,QAAQ,CAAC,CACnE,CAAC;AACJ,CAAC;AAQD,MAAM,UAAU,GAAgC;IAC9C,IAAI,EAAE,CAAC;IACP,iBAAiB,EAAE,CAAC;IACpB,SAAS,EAAE,CAAC;CACb,CAAC;AAEF,MAAM,UAAU,eAAe,CAAC,OAAe,EAAE,MAAoB;IACnE,IAAI,MAAM,GAAyB,IAAI,CAAC;IACxC,KAAK,MAAM,KAAK,IAAI,MAAM,CAAC,QAAQ,EAAE,CAAC;QACpC,IAAI,CAAC,WAAW,CAAC,KAAK,CAAC,OAAO,EAAE,OAAO,CAAC;YAAE,SAAS;QACnD,IAAI,CAAC,MAAM,IAAI,UAAU,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,UAAU,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC;YAClE,MAAM,GAAG;gBACP,KAAK,EAAE,KAAK,CAAC,KAAK;gBAClB,cAAc,EAAE,KAAK,CAAC,OAAO;gBAC7B,kBAAkB,EAAE,KAAK,CAAC,WAAW;aACtC,CAAC;QACJ,CAAC;IACH,CAAC;IACD,sEAAsE;IACtE,OAAO,MAAM,IAAI,EAAE,KAAK,EAAE,mBAAmB,EAAE,CAAC;AAClD,CAAC;AAED,SAAS,WAAW,CAAC,OAAe,EAAE,OAAe;IACnD,IAAI,CAAC;QACH,OAAO,IAAI,MAAM,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IAC3C,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC"}