@telora/daemon 0.17.53 → 0.17.56
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/build-info.json +2 -2
- package/dist/auth-liveness.d.ts +41 -0
- package/dist/auth-liveness.d.ts.map +1 -0
- package/dist/auth-liveness.js +68 -0
- package/dist/auth-liveness.js.map +1 -0
- package/dist/backends/agent-backend.d.ts +9 -0
- package/dist/backends/agent-backend.d.ts.map +1 -1
- package/dist/backends/claude/claude-backend.d.ts.map +1 -1
- package/dist/backends/claude/claude-backend.js +8 -0
- package/dist/backends/claude/claude-backend.js.map +1 -1
- package/dist/backends/codex/codex-backend.d.ts +9 -4
- package/dist/backends/codex/codex-backend.d.ts.map +1 -1
- package/dist/backends/codex/codex-backend.js +13 -4
- package/dist/backends/codex/codex-backend.js.map +1 -1
- package/dist/cli/connect.d.ts.map +1 -1
- package/dist/cli/connect.js +10 -0
- package/dist/cli/connect.js.map +1 -1
- package/dist/focus-engine.d.ts.map +1 -1
- package/dist/focus-engine.js +12 -0
- package/dist/focus-engine.js.map +1 -1
- package/dist/focus-executor.d.ts +1 -1
- package/dist/focus-executor.d.ts.map +1 -1
- package/dist/focus-executor.js +41 -4
- package/dist/focus-executor.js.map +1 -1
- package/dist/spawn-environment.d.ts +38 -1
- package/dist/spawn-environment.d.ts.map +1 -1
- package/dist/spawn-environment.js +73 -4
- package/dist/spawn-environment.js.map +1 -1
- package/dist/spawn-sandbox.d.ts +117 -0
- package/dist/spawn-sandbox.d.ts.map +1 -0
- package/dist/spawn-sandbox.js +210 -0
- package/dist/spawn-sandbox.js.map +1 -0
- package/dist/types/config.d.ts +40 -0
- package/dist/types/config.d.ts.map +1 -1
- package/package.json +2 -2
package/dist/focus-executor.js
CHANGED
|
@@ -40,6 +40,7 @@ import { buildRoleFrameworkPrompt, buildRemediationFramingSection, buildResumeDe
|
|
|
40
40
|
import { getFocusDeliveries, getFocusIssues, getProductContextForFocus, getProductDeploymentProfileSnapshot, fetchFocusWorkflow } from './queries/focuses.js';
|
|
41
41
|
import { applyRespawnGuard } from './focus-respawn-guard.js';
|
|
42
42
|
import { buildLeveredSpawnEnvironment, fetchBackendEnvExtras } from './spawn-environment.js';
|
|
43
|
+
import { wrapSpawnCommand, SandboxUnavailableError } from './spawn-sandbox.js';
|
|
43
44
|
import { sanitizeGitSegment } from './git-utils.js';
|
|
44
45
|
import { resolveResumeId, resolveLineageSpec } from './session-lineage.js';
|
|
45
46
|
import { recordFocusTeardown } from './spawn-cooldown.js';
|
|
@@ -186,8 +187,11 @@ export function resolveEffectiveModel(directiveModel, spawnCodexHome, codexModel
|
|
|
186
187
|
* backend's dedicated resume-arg builder. Exported for the spawner barrel
|
|
187
188
|
* surface (legacy ./team-spawner.js consumers).
|
|
188
189
|
*/
|
|
189
|
-
export function buildAgentArgs(backend, config, worktreePath, pipelineConfig, resumeSessionId) {
|
|
190
|
-
|
|
190
|
+
export function buildAgentArgs(backend, config, worktreePath, pipelineConfig, resumeSessionId, allowedTools) {
|
|
191
|
+
// allowedTools comes from the focus role's agent_roles.allowed_tools. The
|
|
192
|
+
// backend applies least-privilege scoping when non-empty; empty/absent =>
|
|
193
|
+
// engine default tool set (documented default policy).
|
|
194
|
+
const base = { config, worktreePath, model: pipelineConfig?.model ?? null, allowedTools };
|
|
191
195
|
return resumeSessionId
|
|
192
196
|
? backend.buildResumeArgs({ ...base, resumeSessionId })
|
|
193
197
|
: backend.buildSpawnArgs(base);
|
|
@@ -626,7 +630,7 @@ export async function spawnFocusTeam(params) {
|
|
|
626
630
|
const effectivePipelineConfig = effectiveModel !== (pipelineConfig?.model ?? null)
|
|
627
631
|
? { ...pipelineConfig, model: effectiveModel }
|
|
628
632
|
: pipelineConfig;
|
|
629
|
-
const args = buildAgentArgs(backend, config, worktreePath, effectivePipelineConfig, resumeId);
|
|
633
|
+
const args = buildAgentArgs(backend, config, worktreePath, effectivePipelineConfig, resumeId, role.allowed_tools);
|
|
630
634
|
// On resume, send an incremental delta (what changed + prior findings to
|
|
631
635
|
// verify) instead of the full role-framework + assembly: the resumed session
|
|
632
636
|
// already holds its role and accumulated context (INJ-D). On a fresh spawn
|
|
@@ -725,8 +729,41 @@ export async function spawnFocusTeam(params) {
|
|
|
725
729
|
return;
|
|
726
730
|
}
|
|
727
731
|
}
|
|
732
|
+
// Wrap the spawn in the OS sandbox (D3). Default mode is 'off' (no change);
|
|
733
|
+
// an explicit sandbox.mode="bwrap" confines the agent's filesystem to its
|
|
734
|
+
// worktree + an explicit read-only allowlist. FAIL-CLOSED: if a required
|
|
735
|
+
// sandbox cannot initialize, refuse the spawn rather than run unconfined.
|
|
736
|
+
let spawnCommand;
|
|
737
|
+
let spawnArgs;
|
|
738
|
+
try {
|
|
739
|
+
const wrapped = wrapSpawnCommand(config, {
|
|
740
|
+
command: backend.resolveCommand(config),
|
|
741
|
+
args,
|
|
742
|
+
worktreePath,
|
|
743
|
+
});
|
|
744
|
+
spawnCommand = wrapped.command;
|
|
745
|
+
spawnArgs = wrapped.args;
|
|
746
|
+
}
|
|
747
|
+
catch (err) {
|
|
748
|
+
if (err instanceof SandboxUnavailableError) {
|
|
749
|
+
console.error(`[focus-executor] Refusing spawn for "${focusName}": ${err.message}`);
|
|
750
|
+
await updateSession(session.id, {
|
|
751
|
+
status: 'failed',
|
|
752
|
+
exit_reason: err.message,
|
|
753
|
+
exit_category: 'sandbox_unavailable',
|
|
754
|
+
ended_at: new Date().toISOString(),
|
|
755
|
+
}).catch(updateErr => {
|
|
756
|
+
console.warn(`[focus-executor] Failed to update session after sandbox refusal:`, updateErr.message);
|
|
757
|
+
});
|
|
758
|
+
if (governor)
|
|
759
|
+
governor.releaseSlot('focus');
|
|
760
|
+
activeTeams.delete(focusId);
|
|
761
|
+
return;
|
|
762
|
+
}
|
|
763
|
+
throw err;
|
|
764
|
+
}
|
|
728
765
|
// Spawn the team lead process
|
|
729
|
-
const proc = spawn(
|
|
766
|
+
const proc = spawn(spawnCommand, spawnArgs, {
|
|
730
767
|
cwd: worktreePath,
|
|
731
768
|
env: spawnEnv,
|
|
732
769
|
stdio: ['pipe', 'pipe', 'pipe'],
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"focus-executor.js","sourceRoot":"","sources":["../src/focus-executor.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA4BG;AAEH,OAAO,EAAE,KAAK,EAAE,MAAM,oBAAoB,CAAC;AAC3C,OAAO,EAAE,SAAS,EAAE,UAAU,EAAE,MAAM,SAAS,CAAC;AAOhD,OAAO,EACL,aAAa,EACb,aAAa,EACb,gBAAgB,GACjB,MAAM,eAAe,CAAC;AACvB,OAAO,EAAE,cAAc,EAAE,UAAU,EAAE,cAAc,EAAE,MAAM,UAAU,CAAC;AACtE,OAAO,EAAE,yBAAyB,EAAE,MAAM,kBAAkB,CAAC;AAC7D,OAAO,EAAE,gBAAgB,EAAE,gBAAgB,EAAE,MAAM,2BAA2B,CAAC;AAC/E,OAAO,EAAE,SAAS,EAAE,YAAY,EAAyB,MAAM,qBAAqB,CAAC;AACrF,OAAO,EAAE,cAAc,EAAE,MAAM,gBAAgB,CAAC;AAChD,OAAO,EAAE,oBAAoB,EAAE,MAAM,2BAA2B,CAAC;AACjE,OAAO,EAAE,wBAAwB,EAAE,8BAA8B,EAAE,uBAAuB,EAAE,MAAM,uBAAuB,CAAC;AAC1H,OAAO,EAAE,kBAAkB,EAAE,cAAc,EAAE,yBAAyB,EAAE,mCAAmC,EAAE,kBAAkB,EAAE,MAAM,sBAAsB,CAAC;AAC9J,OAAO,EAAE,iBAAiB,EAAE,MAAM,0BAA0B,CAAC;AAC7D,OAAO,EAAE,4BAA4B,EAAE,qBAAqB,EAAE,MAAM,wBAAwB,CAAC;AAC7F,OAAO,EAAE,kBAAkB,EAAE,MAAM,gBAAgB,CAAC;AACpD,OAAO,EAAE,eAAe,EAAE,kBAAkB,EAA0B,MAAM,sBAAsB,CAAC;AACnG,OAAO,EAAE,mBAAmB,EAAE,MAAM,qBAAqB,CAAC;AAC1D,OAAO,EAAE,oBAAoB,EAAE,MAAM,uBAAuB,CAAC;AAC7D,OAAO,EAAE,4BAA4B,EAAE,oCAAoC,EAAE,cAAc,EAAE,MAAM,yBAAyB,CAAC;AAC7H,OAAO,EAAE,iCAAiC,EAAoD,MAAM,sBAAsB,CAAC;AAC3H,OAAO,EAAE,4BAA4B,EAAE,MAAM,yBAAyB,CAAC;AACvE,OAAO,EAAE,sBAAsB,EAAE,MAAM,+BAA+B,CAAC;AACvE,kHAAkH;AAClH,OAAO,yBAAyB,CAAC;AACjC,OAAO,EAAE,uBAAuB,EAAE,gBAAgB,EAAE,MAAM,uBAAuB,CAAC;AAClF,OAAO,EAAE,uBAAuB,EAAE,MAAM,6BAA6B,CAAC;AACtE,OAAO,EAAE,gBAAgB,IAAI,gCAAgC,EAAE,MAAM,yBAAyB,CAAC;AAE/F,2EAA2E;AAE3E,OAAO,EACL,cAAc,EACd,qBAAqB,GACtB,MAAM,uBAAuB,CAAC;AAC/B,gFAAgF;AAChF,2EAA2E;AAC3E,wEAAwE;AACxE,OAAO,EACL,mBAAmB,EACnB,oBAAoB,EACpB,sBAAsB,GACvB,MAAM,sBAAsB,CAAC;AAC9B,OAAO,EACL,aAAa,GACd,MAAM,uBAAuB,CAAC;AAC/B,OAAO,EACL,qBAAqB,GACtB,MAAM,uBAAuB,CAAC;AAC/B,OAAO,EAAE,UAAU,EAAE,cAAc,EAA0C,MAAM,qBAAqB,CAAC;AAEzG,2EAA2E;AAE3E,OAAO,EACL,cAAc,EACd,aAAa,EACb,kBAAkB,GACnB,MAAM,uBAAuB,CAAC;AAE/B,OAAO,EACL,gBAAgB,GACjB,MAAM,kBAAkB,CAAC;AAE1B,OAAO,EACL,oBAAoB,EACpB,uBAAuB,EACvB,gBAAgB,EAChB,uBAAuB,GACxB,MAAM,uBAAuB,CAAC;AAI/B,OAAO,EACL,aAAa,EACb,eAAe,EACf,iBAAiB,EACjB,wBAAwB,EACxB,gCAAgC,GACjC,MAAM,uBAAuB,CAAC;AAI/B,qEAAqE;AAErE,IAAI,QAAQ,GAA4B,IAAI,CAAC;AAE7C,oEAAoE;AACpE,MAAM,UAAU,YAAY,CAAC,GAAqB;IAChD,QAAQ,GAAG,GAAG,CAAC;AACjB,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,WAAW;IACzB,OAAO,QAAQ,CAAC;AAClB,CAAC;AAcD;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAqCG;AACH,MAAM,UAAU,wBAAwB,CACtC,UAA0D,EAC1D,SAAiB;IAEjB,IAAI,UAAU,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC5B,OAAO,EAAE,IAAI,EAAE,UAAU,EAAE,CAAC;IAC9B,CAAC;IAED,MAAM,UAAU,GAAwB,EAAE,CAAC;IAC3C,KAAK,MAAM,CAAC,IAAI,UAAU,EAAE,CAAC;QAC3B,MAAM,MAAM,GAAG,CAAC,CAAC,eAAe,IAAI,EAAE,CAAC;QACvC,IAAI,uBAAuB,CAAC,MAAM,CAAC,EAAE,CAAC;YACpC,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;YACnB,SAAS;QACX,CAAC;QACD,IAAI,gBAAgB,CAAC,MAAM,CAAC,EAAE,CAAC;YAC7B,OAAO,CAAC,GAAG,CACT,8BAA8B,CAAC,CAAC,IAAI,WAAW,CAAC,CAAC,YAAY,IAAI;gBACjE,UAAU,MAAM,uDAAuD,SAAS,GAAG,CACpF,CAAC;YACF,MAAM;QACR,CAAC;QACD,2DAA2D;QAC3D,2BAA2B;IAC7B,CAAC;IAED,IAAI,UAAU,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC5B,OAAO,CAAC,GAAG,CAAC,wDAAwD,SAAS,qBAAqB,CAAC,CAAC;QACpG,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC;IAC1B,CAAC;IAED,OAAO,EAAE,IAAI,EAAE,SAAS,EAAE,UAAU,EAAE,UAAU,EAAE,CAAC;AACrD,CAAC;AAED,wEAAwE;AAExE;;GAEG;AACH,MAAM,UAAU,uBAAuB,CAAC,IAAe,EAAE,SAAiB,EAAE,OAAe;IACzF,MAAM,iBAAiB,GAAG,kBAAkB,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACxD,MAAM,OAAO,GAAG,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;IACpC,MAAM,kBAAkB,GAAG,kBAAkB,CAAC,SAAS,CAAC,CAAC;IACzD,OAAO,SAAS,iBAAiB,IAAI,kBAAkB,IAAI,OAAO,EAAE,CAAC;AACvE,CAAC;AAGD;;;;;;GAMG;AACH,MAAM,UAAU,iBAAiB,CAC/B,QAAgB,EAChB,MAA8B;IAE9B,OAAO,QAAQ,KAAK,OAAO,IAAI,MAAM,CAAC,SAAS,CAAC,CAAC,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC;AACjF,CAAC;AAED;;;;;;;;GAQG;AACH,MAAM,UAAU,qBAAqB,CACnC,cAAyC,EACzC,cAAkC,EAClC,UAA8B,EAC9B,aAAwC;IAExC,OAAO,CACL,cAAc;QACd,CAAC,cAAc,IAAI,UAAU,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,IAAI,CAAC;QAClD,aAAa;QACb,IAAI,CACL,CAAC;AACJ,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,cAAc,CAC5B,OAAqB,EACrB,MAAoB,EACpB,YAAoB,EACpB,cAAqC,EACrC,eAA+B;IAE/B,MAAM,IAAI,GAAG,EAAE,MAAM,EAAE,YAAY,EAAE,KAAK,EAAE,cAAc,EAAE,KAAK,IAAI,IAAI,EAAE,CAAC;IAC5E,OAAO,eAAe;QACpB,CAAC,CAAC,OAAO,CAAC,eAAe,CAAC,EAAE,GAAG,IAAI,EAAE,eAAe,EAAE,CAAC;QACvD,CAAC,CAAC,OAAO,CAAC,cAAc,CAAC,IAAI,CAAC,CAAC;AACnC,CAAC;AA0BD;;;;;GAKG;AACH,MAAM,CAAC,KAAK,UAAU,cAAc,CAClC,MAA4B;IAE5B,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,SAAS,EAAE,IAAI,EAAE,cAAc,EAAE,QAAQ,GAAG,KAAK,EAAE,gBAAgB,EAC1F,cAAc,EAAE,gBAAgB,EAAE,GAAG,MAAM,CAAC;IAC9C,MAAM,WAAW,GAAG,cAAc,EAAE,CAAC;IAErC,yEAAyE;IACzE,gFAAgF;IAEhF,uBAAuB;IACvB,IAAI,WAAW,CAAC,GAAG,CAAC,OAAO,CAAC,EAAE,CAAC;QAC7B,OAAO,CAAC,IAAI,CAAC,mDAAmD,SAAS,mBAAmB,CAAC,CAAC;QAC9F,OAAO;IACT,CAAC;IAED,IAAI,MAAM,iBAAiB,CAAC,OAAO,EAAE,SAAS,CAAC;QAAE,OAAO;IAExD,MAAM,eAAe,GAAG,qBAAqB,CAAC,cAAc,CAAC,CAAC;IAC9D,MAAM,UAAU,GAAG,uBAAuB,CAAC,IAAI,EAAE,SAAS,EAAE,OAAO,CAAC,CAAC;IAErE,wBAAwB;IACxB,MAAM,SAAS,GAAmB;QAChC,OAAO;QACP,SAAS;QACT,MAAM,EAAE,IAAI,CAAC,EAAE;QACf,QAAQ,EAAE,IAAI,CAAC,IAAI;QACnB,cAAc,EAAE,MAAM,CAAC,cAAc;QACrC,SAAS,EAAE,MAAM,CAAC,SAAS;QAC3B,eAAe;QACf,cAAc;QACd,SAAS,EAAE,IAAI,IAAI,EAAE;QACrB,KAAK,EAAE,cAAc;QACrB,gBAAgB,EAAE,IAAI,GAAG,EAAE;QAC3B,iBAAiB,EAAE,IAAI,GAAG,EAAE;QAC5B,aAAa,EAAE,KAAK;QACpB,cAAc,EAAE,IAAI;QACpB,gBAAgB,EAAE,IAAI,GAAG,EAAE;QAC3B,aAAa,EAAE,IAAI;QACnB,OAAO,EAAE,IAAI;QACb,SAAS,EAAE,IAAI;QACf,UAAU;QACV,YAAY,EAAE,IAAI;QAClB,sBAAsB,EAAE,KAAK;QAC7B,QAAQ;QACR,kBAAkB,EAAE,IAAI;QACxB,eAAe,EAAE,IAAI;QACrB,oBAAoB,EAAE,IAAI;QAC1B,gBAAgB,EAAE,CAAC;QACnB,yBAAyB,EAAE,IAAI;QAC/B,WAAW,EAAE,QAAQ;QACrB,OAAO,EAAE,QAAQ;KAClB,CAAC;IACF,WAAW,CAAC,GAAG,CAAC,OAAO,EAAE,SAAS,CAAC,CAAC;IAEpC,MAAM,cAAc,GAAG,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,MAAM,CAAC,SAAS,CAAC,CAAC;IAC5E,MAAM,UAAU,GAAG,MAAM,CAAC,QAAQ,CAAC,MAAM,GAAG,CAAC,IAAI,cAAc,CAAC,CAAC,CAAC,KAAK,YAAY,CAAC,cAAc,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC;IAC5G,OAAO,CAAC,GAAG,CAAC,6CAA6C,SAAS,IAAI,QAAQ,CAAC,CAAC,CAAC,cAAc,CAAC,CAAC,CAAC,EAAE,GAAG,UAAU,EAAE,CAAC,CAAC;IACrH,OAAO,CAAC,GAAG,CAAC,WAAW,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC;IACpC,OAAO,CAAC,GAAG,CAAC,YAAY,cAAc,EAAE,KAAK,IAAI,eAAe,EAAE,CAAC,CAAC;IACpE,OAAO,CAAC,GAAG,CAAC,kBAAkB,eAAe,CAAC,UAAU,EAAE,CAAC,CAAC;IAC5D,OAAO,CAAC,GAAG,CAAC,aAAa,UAAU,EAAE,CAAC,CAAC;IACvC,IAAI,MAAM,CAAC,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC/B,OAAO,CAAC,GAAG,CAAC,cAAc,cAAc,CAAC,CAAC,CAAC,YAAY,CAAC,cAAc,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,CAAC,CAAC;QAC1G,OAAO,CAAC,GAAG,CAAC,WAAW,MAAM,CAAC,QAAQ,EAAE,CAAC,CAAC;IAC5C,CAAC;IAED,2EAA2E;IAC3E,4EAA4E;IAC5E,MAAM,gBAAgB,GAA4B,EAAE,CAAC;IAErD,sFAAsF;IACtF,IAAI,UAAU,CAAC;IACf,IAAI,MAAM,CAAC;IACX,IAAI,kBAAkB,CAAC;IACvB,IAAI,yBAAyB,CAAC;IAC9B,IAAI,WAAmB,CAAC;IACxB,IAAI,CAAC;QACH,IAAI,iBAAyE,CAAC;QAC9E,CAAC,UAAU,EAAE,MAAM,EAAE,kBAAkB,EAAE,yBAAyB,EAAE,iBAAiB,CAAC,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC;YACzG,kBAAkB,CAAC,OAAO,CAAC;YAC3B,cAAc,CAAC,OAAO,CAAC;YACvB,yBAAyB,CAAC,MAAM,CAAC,SAAS,EAAE,OAAO,CAAC;YACpD,mCAAmC,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE;gBAClE,OAAO,CAAC,KAAK,CAAC,2EAA2E,EAAG,GAAa,CAAC,OAAO,CAAC,CAAC;gBACnH,OAAO,IAAI,CAAC;YACd,CAAC,CAAC;YACF,CAAC,KAAK,IAAI,EAAE;gBACV,IAAI,CAAC;oBACH,MAAM,WAAW,GAAoB;wBACnC,OAAO;wBACP,WAAW,EAAE,EAAE;wBACf,YAAY,EAAE,IAAI;wBAClB,MAAM;wBACN,cAAc,EAAE,MAAM,CAAC,cAAc;wBACrC,SAAS,EAAE,MAAM,CAAC,SAAS;qBAC5B,CAAC;oBACF,OAAO,MAAM,iCAAiC,CAAC,CAAC,cAAc,EAAE,kBAAkB,CAAC,EAAE,WAAW,CAAC,CAAC;gBACpG,CAAC;gBAAC,OAAO,GAAG,EAAE,CAAC;oBACb,OAAO,CAAC,KAAK,CAAC,4DAA4D,EAAG,GAAa,CAAC,OAAO,CAAC,CAAC;oBACpG,OAAO,EAAE,OAAO,EAAE,EAAE,EAAE,QAAQ,EAAE,EAA6B,EAAE,CAAC;gBAClE,CAAC;YACH,CAAC,CAAC,EAAE;SACL,CAAC,CAAC;QACH,WAAW,GAAG,iBAAiB,CAAC,OAAO,CAAC;QACxC,gBAAgB,CAAC,IAAI,CAAC,GAAG,iBAAiB,CAAC,QAAQ,CAAC,CAAC;IACvD,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,OAAO,CAAC,KAAK,CAAC,uDAAuD,SAAS,IAAI,EAAG,GAAa,CAAC,OAAO,CAAC,CAAC;QAC5G,WAAW,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;QAC5B,OAAO;IACT,CAAC;IAED,4EAA4E;IAC5E,8EAA8E;IAC9E,2EAA2E;IAC3E,+EAA+E;IAC/E,iFAAiF;IACjF,IAAI,mBAAmB,GAAG,EAAE,CAAC;IAC7B,CAAC;QACC,MAAM,YAAY,GAAoB;YACpC,OAAO;YACP,WAAW,EAAE,EAAE;YACf,YAAY,EAAE,IAAI;YAClB,MAAM;YACN,cAAc,EAAE,MAAM,CAAC,cAAc;YACrC,SAAS,EAAE,MAAM,CAAC,SAAS;SAC5B,CAAC;QACF,MAAM,eAAe,GAAG,MAAM,4BAA4B,CAAC,OAAO,EAAE,YAAY,CAAC,CAAC;QAClF,mBAAmB,GAAG,eAAe,CAAC,OAAO,CAAC;QAC9C,gBAAgB,CAAC,IAAI,CAAC,GAAG,eAAe,CAAC,QAAQ,CAAC,CAAC;IACrD,CAAC;IAED,gEAAgE;IAChE,8DAA8D;IAC9D,uEAAuE;IACvE,eAAe;IACf,MAAM,gBAAgB,GAAG,4BAA4B,CAAC,OAAO,CAAC,CAAC;IAC/D,IAAI,gBAAgB,EAAE,CAAC;QACrB,SAAS,CAAC,yBAAyB,GAAG,gBAAgB,CAAC,WAAW,CAAC;QACnE,SAAS,CAAC,WAAW,GAAG,gBAAgB,CAAC,WAAW,CAAC;IACvD,CAAC;IAED,mDAAmD;IACnD,kFAAkF;IAClF,IAAI,oBAAoB,GAAmD,EAAE,CAAC;IAC9E,IAAI,eAAe,GAAG,KAAK,CAAC;IAC5B,IAAI,gBAAgB,EAAE,CAAC;QACrB,oBAAoB,GAAG,UAAU,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,uBAAuB,CAAC,CAAC,CAAC,eAAe,IAAI,EAAE,CAAC,CAAC,CAAC;IAClG,CAAC;SAAM,CAAC;QACN,MAAM,QAAQ,GAAG,wBAAwB,CAAC,UAAU,EAAE,SAAS,CAAC,CAAC;QACjE,IAAI,QAAQ,CAAC,IAAI,KAAK,MAAM,EAAE,CAAC;YAC7B,WAAW,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;YAC5B,OAAO;QACT,CAAC;QACD,IAAI,QAAQ,CAAC,IAAI,KAAK,UAAU,EAAE,CAAC;YACjC,eAAe,GAAG,IAAI,CAAC;YACvB,SAAS,CAAC,aAAa,GAAG,IAAI,CAAC;YAC/B,OAAO,CAAC,GAAG,CAAC,2BAA2B,SAAS,+CAA+C,CAAC,CAAC;QACnG,CAAC;aAAM,CAAC;YACN,oBAAoB,GAAG,QAAQ,CAAC,UAAU,CAAC;QAC7C,CAAC;IACH,CAAC;IAED,+DAA+D;IAC/D,6EAA6E;IAC7E,0EAA0E;IAC1E,sEAAsE;IACtE,KAAK,MAAM,CAAC,IAAI,UAAU,EAAE,CAAC;QAC3B,SAAS,CAAC,gBAAgB,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;QACrC,SAAS,CAAC,gBAAgB,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,sBAAsB,CAAC,CAAC;QAC/D,IAAI,CAAC,uBAAuB,CAAC,CAAC,CAAC,eAAe,IAAI,EAAE,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC,CAAC,eAAe,IAAI,EAAE,CAAC,EAAE,CAAC;YACpG,SAAS,CAAC,iBAAiB,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;QACxC,CAAC;IACH,CAAC;IAED,IAAI,eAAe,EAAE,CAAC;QACpB,OAAO,CAAC,GAAG,CAAC,qCAAqC,CAAC,CAAC;IACrD,CAAC;SAAM,CAAC;QACN,OAAO,CAAC,GAAG,CAAC,iBAAiB,UAAU,CAAC,MAAM,KAAK,oBAAoB,CAAC,MAAM,UAAU,CAAC,CAAC;IAC5F,CAAC;IACD,OAAO,CAAC,GAAG,CAAC,aAAa,MAAM,CAAC,MAAM,EAAE,CAAC,CAAC;IAE1C,8BAA8B;IAC9B,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,MAAM,CAAC,EAAE,CAAC;QAC/B,SAAS,CAAC,MAAM,CAAC,MAAM,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;IAC7D,CAAC;IAED,iFAAiF;IACjF,IAAI,YAAoB,CAAC;IACzB,MAAM,gBAAgB,GAAG,gBAAgB,CAAC,OAAO,CAAC,CAAC;IACnD,IAAI,gBAAgB,EAAE,CAAC;QACrB,YAAY,GAAG,gBAAgB,CAAC,YAAY,CAAC;QAC7C,uEAAuE;QACvE,MAAM,YAAY,GAAG,UAAU,CAAC,CAAC,QAAQ,EAAE,MAAM,CAAC,iBAAiB,CAAC,EAAE,YAAY,CAAC,CAAC;QACpF,IAAI,CAAC,YAAY,CAAC,OAAO,EAAE,CAAC;YAC1B,UAAU,CAAC,CAAC,QAAQ,EAAE,SAAS,CAAC,EAAE,YAAY,CAAC,CAAC;YAChD,OAAO,CAAC,IAAI,CAAC,uCAAuC,SAAS,mCAAmC,CAAC,CAAC;QACpG,CAAC;QACD,OAAO,CAAC,GAAG,CAAC,wBAAwB,YAAY,EAAE,CAAC,CAAC;IACtD,CAAC;SAAM,CAAC;QACN,0DAA0D;QAC1D,IAAI,CAAC,cAAc,CAAC,MAAM,CAAC,QAAQ,CAAC,EAAE,CAAC;YACrC,OAAO,CAAC,IAAI,CAAC,6EAA6E,SAAS,GAAG,CAAC,CAAC;YACxG,WAAW,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;YAC5B,mBAAmB,CAAC,OAAO,CAAC,CAAC;YAC7B,OAAO;QACT,CAAC;QAED,sEAAsE;QACtE,OAAO,CAAC,IAAI,CAAC,gDAAgD,SAAS,oBAAoB,CAAC,CAAC;QAC5F,IAAI,CAAC;YACH,YAAY,GAAG,MAAM,cAAc,CAAC,MAAM,EAAE,UAAU,CAAC,CAAC;YACxD,gBAAgB,CAAC,OAAO,EAAE;gBACxB,OAAO;gBACP,SAAS;gBACT,YAAY;gBACZ,UAAU;gBACV,SAAS,EAAE,IAAI,IAAI,EAAE;aACtB,CAAC,CAAC;YACH,OAAO,CAAC,GAAG,CAAC,gCAAgC,YAAY,EAAE,CAAC,CAAC;YAE5D,sDAAsD;YACtD,IAAI,QAAQ,EAAE,CAAC;gBACb,yBAAyB,CAAC,YAAY,CAAC,CAAC;gBACxC,OAAO,CAAC,GAAG,CAAC,oDAAoD,CAAC,CAAC;YACpE,CAAC;QACH,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,OAAO,CAAC,KAAK,CAAC,yDAAyD,SAAS,IAAI,EAAE,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC;YACxI,WAAW,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;YAC5B,mBAAmB,CAAC,OAAO,CAAC,CAAC;YAC7B,OAAO;QACT,CAAC;IACH,CAAC;IACD,SAAS,CAAC,YAAY,GAAG,YAAY,CAAC;IAEtC,0CAA0C;IAC1C,IAAI,OAAO,CAAC;IACZ,IAAI,CAAC;QACH,OAAO,GAAG,MAAM,aAAa,CAAC;YAC5B,cAAc,EAAE,MAAM,CAAC,cAAc;YACrC,MAAM,EAAE,IAAI,CAAC,EAAE;YACf,OAAO,EAAE,IAAI;YACb,OAAO;YACP,UAAU;YACV,WAAW,EAAE,gBAAgB,EAAE,WAAW,IAAI,QAAQ;SACvD,CAAC,CAAC;QACH,SAAS,CAAC,aAAa,GAAG,OAAO,CAAC,EAAE,CAAC;QACrC,yEAAyE;QACzE,wEAAwE;QACxE,6EAA6E;QAC7E,sEAAsE;QACtE,oBAAoB,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC;IACnC,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,OAAO,CAAC,KAAK,CAAC,wDAAwD,SAAS,IAAI,EAAG,GAAa,CAAC,OAAO,CAAC,CAAC;QAC7G,sEAAsE;QACtE,WAAW,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;QAC5B,OAAO;IACT,CAAC;IAED,cAAc,EAAE,CAAC;IAEjB,8BAA8B;IAC9B,oFAAoF;IACpF,kFAAkF;IAClF,gEAAgE;IAChE,sEAAsE;IACtE,yEAAyE;IACzE,yEAAyE;IACzE,qEAAqE;IACrE,kDAAkD;IAClD,IAAI,oBAAoB,GAAG,CAAC,CAAC;IAC7B,IAAI,aAAa,GAA+C,EAAE,CAAC;IACnE,IAAI,gBAAgB,GAAkB,IAAI,CAAC;IAC3C,IAAI,CAAC;QACH,MAAM,aAAa,GAAG,MAAM,gCAAgC,CAC1D,MAAM,CAAC,cAAc,EAAE,MAAM,CAAC,SAAS,CACxC,CAAC;QACF,MAAM,OAAO,GAAG,aAAa,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,OAAO,CAAC,CAAC;QAChE,MAAM,iBAAiB,GAAG,OAAO,EAAE,mBAAmB,IAAI,IAAI,CAAC;QAC/D,IAAI,iBAAiB,EAAE,CAAC;YACtB,aAAa,GAAG,uBAAuB,CAAC,MAAM,EAAE,iBAAiB,CAAC,CAAC;YACnE,oBAAoB,GAAG,aAAa,CAAC,MAAM,CAAC;QAC9C,CAAC;QACD,gBAAgB,GAAG,OAAO,EAAE,iBAAiB,IAAI,IAAI,CAAC;IACxD,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,OAAO,CAAC,KAAK,CACX,mEAAmE,SAAS,IAAI,EAC/E,GAAa,CAAC,OAAO,CACvB,CAAC;IACJ,CAAC;IAED,+EAA+E;IAC/E,yEAAyE;IACzE,6EAA6E;IAC7E,2CAA2C;IAC3C,IAAI,aAAa,GAAkB,IAAI,CAAC,CAAG,oCAAoC;IAC/E,IAAI,mBAAmB,GAAG,KAAK,CAAC,CAAY,oCAAoC;IAChF,IAAI,cAAc,GAAkB,IAAI,CAAC;IACzC,gFAAgF;IAChF,IAAI,cAAc,GAAkB,IAAI,CAAC;IACzC,0EAA0E;IAC1E,yEAAyE;IACzE,2EAA2E;IAC3E,oCAAoC;IACpC,IAAI,sBAAsB,GAEf,IAAI,CAAC;IAEhB,IAAI,gBAAgB,IAAI,gBAAgB,CAAC,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC;QACxD,0EAA0E;QAC1E,aAAa,GAAG,gBAAgB,CAAC,OAAO,CAAC;QACzC,cAAc,GAAG,gBAAgB,CAAC,KAAK,CAAC;QACxC,cAAc,GAAG,gBAAgB,CAAC,WAAW,KAAK,QAAQ,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,IAAI,CAAC;QAChF,sBAAsB,GAAG,EAAE,OAAO,EAAE,gBAAgB,CAAC,OAAO,EAAE,UAAU,EAAE,gBAAgB,CAAC,UAAU,EAAE,CAAC;QACxG,OAAO,CAAC,GAAG,CACT,uDAAuD,SAAS,IAAI;YACpE,IAAI,gBAAgB,CAAC,OAAO,CAAC,MAAM,4BAA4B,cAAc,IAAI,SAAS,GAAG,CAC9F,CAAC;IACJ,CAAC;SAAM,CAAC;QACN,qEAAqE;QACrE,uEAAuE;QACvE,+DAA+D;QAC/D,sEAAsE;QACtE,+DAA+D;QAC/D,mEAAmE;QACnE,mCAAmC;QACnC,IAAI,qBAAqB,GAAkB,IAAI,CAAC;QAChD,IAAI,mBAAmB,GAAkB,IAAI,CAAC;QAC9C,IAAI,cAAc,GAAkB,IAAI,CAAC;QACzC,IAAI,CAAC;YACH,MAAM,aAAa,GAAG,MAAM,gBAAgB,CAAC,MAAM,CAAC,cAAc,EAAE,MAAM,CAAC,SAAS,CAAC,CAAC;YACtF,MAAM,WAAW,GAAG,aAAa,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,OAAO,CAAC,CAAC;YACpE,MAAM,aAAa,GAAG,WAAW;gBAC/B,CAAC,CAAC,MAAM,cAAc,CAAC,WAAW,CAAC;gBACnC,CAAC,CAAC,IAAI,CAAC;YAET,MAAM,QAAQ,GAAG,MAAM,kBAAkB,CAAC,OAAO,CAAC,CAAC;YACnD,MAAM,YAAY,GAAG,aAAa;gBAChC,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,aAAa,CAAC;gBACnD,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC;YAE5C,IAAI,CAAC,YAAY,EAAE,CAAC;gBAClB,cAAc,GAAG,aAAa;oBAC5B,CAAC,CAAC,+BAA+B,aAAa,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,cAAc;oBACxE,CAAC,CAAC,qDAAqD,CAAC;YAC5D,CAAC;iBAAM,IAAI,CAAC,YAAY,CAAC,cAAc,EAAE,CAAC;gBACxC,cAAc,GAAG,YAAY,CAAC,IAAI,IAAI,IAAI,CAAC;gBAC3C,cAAc,GAAG,UAAU,YAAY,CAAC,IAAI,oCAAoC,CAAC;YACnF,CAAC;iBAAM,CAAC;gBACN,cAAc,GAAG,YAAY,CAAC,IAAI,IAAI,IAAI,CAAC;gBAC3C,sEAAsE;gBACtE,qCAAqC;gBACrC,sBAAsB,GAAG,YAAY,CAAC,cAAc,CAAC;gBACrD,MAAM,EAAE,OAAO,EAAE,gBAAgB,EAAE,QAAQ,EAAE,iBAAiB,EAAE,GAC9D,MAAM,oCAAoC,CACxC,MAAM,EAAE,OAAO,EAAE,YAAY,CAAC,cAAc,EAAE,YAAY,CAC3D,CAAC;gBACJ,IAAI,gBAAgB,CAAC,IAAI,EAAE,EAAE,CAAC;oBAC5B,qBAAqB,GAAG,gBAAgB,CAAC;oBACzC,mBAAmB,GAAG,YAAY,CAAC,cAAc,CAAC,KAAK,CAAC;oBACxD,gBAAgB,CAAC,IAAI,CAAC,GAAG,iBAAiB,CAAC,CAAC;gBAC9C,CAAC;qBAAM,CAAC;oBACN,cAAc,GAAG,8CAA8C,YAAY,CAAC,IAAI,GAAG,CAAC;gBACtF,CAAC;YACH,CAAC;QACH,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,cAAc,GAAG,2BAA4B,GAAa,CAAC,OAAO,EAAE,CAAC;QACvE,CAAC;QAED,IAAI,qBAAqB,EAAE,CAAC;YAC1B,aAAa,GAAG,qBAAqB,CAAC;YACtC,cAAc,GAAG,mBAAmB,CAAC;YACrC,OAAO,CAAC,GAAG,CAAC,+CAA+C,SAAS,MAAM,qBAAqB,CAAC,MAAM,SAAS,CAAC,CAAC;QACnH,CAAC;aAAM,CAAC;YACN,OAAO,CAAC,IAAI,CACV,gDAAgD,SAAS,MAAM,cAAc,IAAI,gBAAgB,EAAE,CACpG,CAAC;YACF,mBAAmB,GAAG,IAAI,CAAC;QAC7B,CAAC;IACH,CAAC;IAED,6EAA6E;IAC7E,4EAA4E;IAC5E,6EAA6E;IAC7E,sEAAsE;IACtE,MAAM,SAAS,GAAG,kBAAkB,CAAC,EAAE,QAAQ,EAAE,sBAAsB,EAAE,SAAS,EAAE,cAAc,EAAE,CAAC,CAAC;IACtG,SAAS,CAAC,OAAO,GAAG,SAAS,CAAC,OAAO,CAAC;IACtC,SAAS,CAAC,WAAW,GAAG,SAAS,CAAC,OAAO,KAAK,QAAQ,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,QAAQ,CAAC;IAE7E,MAAM,UAAU,GAAG,SAAS,CAAC,OAAO,KAAK,QAAQ,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,QAAQ,CAAC;IACxE,MAAM,cAAc,GAAG,cAAc,CAAC;QACpC,aAAa,EAAE,cAAc;QAC7B,IAAI,EAAE,UAAU;QAChB,cAAc,EAAE,MAAM,CAAC,mBAAmB;QAC1C,UAAU,EAAE,gBAAgB;KAC7B,CAAC,CAAC;IACH,MAAM,OAAO,GAAG,UAAU,CAAC,cAAc,CAAC,QAAQ,CAAC,CAAC;IACpD,OAAO,CAAC,GAAG,CACT,gCAAgC,SAAS,UAAU,UAAU,IAAI;QACjE,GAAG,cAAc,CAAC,QAAQ,aAAa,cAAc,CAAC,MAAM,GAAG,CAChE,CAAC;IAEF,0EAA0E;IAC1E,MAAM,aAAa,GAAG;QACpB,OAAO;QACP,SAAS;QACT,gBAAgB;QAChB,cAAc,EAAE,MAAM,CAAC,cAAc;QACrC,SAAS,EAAE,MAAM,CAAC,SAAS;QAC3B,UAAU;QACV,MAAM;QACN,eAAe;QACf,cAAc;QACd,kBAAkB;QAClB,yBAAyB;QACzB,QAAQ;QACR,WAAW;QACX,oBAAoB;QACpB,QAAQ,EAAE,OAAO,CAAC,EAAE;KACrB,CAAC;IAEF,IAAI,MAAc,CAAC;IACnB,IAAI,CAAC,mBAAmB,IAAI,aAAa,KAAK,IAAI,EAAE,CAAC;QACnD,MAAM,OAAO,GAAG,8BAA8B,CAAC,aAAa,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACzE,MAAM,GAAG,wBAAwB,CAAC,IAAI,EAAE,aAAa,CAAC;cAClD,MAAM;cACN,CAAC,OAAO,CAAC,CAAC,CAAC,OAAO,GAAG,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC;cAC/B,aAAa,CAAC;IACpB,CAAC;SAAM,CAAC;QACN,MAAM,GAAG,oBAAoB,CAAC,IAAI,EAAE,aAAa,CAAC,CAAC;IACrD,CAAC;IAED,8EAA8E;IAC9E,6EAA6E;IAC7E,+EAA+E;IAC/E,yEAAyE;IACzE,IAAI,mBAAmB,CAAC,IAAI,EAAE,EAAE,CAAC;QAC/B,MAAM,IAAI,MAAM,GAAG,mBAAmB,CAAC;IACzC,CAAC;IAED,0BAA0B;IAC1B,MAAM,IAAI,GAAG,mBAAmB,CAAC,MAAM,CAAC,MAAM,EAAE,UAAU,EAAE,SAAS,CAAC,CAAC;IAEvE,sBAAsB;IACtB,0EAA0E;IAC1E,0EAA0E;IAC1E,+EAA+E;IAC/E,MAAM,QAAQ,GAAG,eAAe,CAAC;QAC/B,UAAU,EAAE,gBAAgB;QAC5B,OAAO,EAAE,SAAS,CAAC,OAAO;QAC1B,UAAU,EAAE,SAAS,CAAC,UAAU;KACjC,CAAC,CAAC;IACH,4EAA4E;IAC5E,2EAA2E;IAC3E,wCAAwC;IACxC,MAAM,cAAc,GAAG,iBAAiB,CAAC,cAAc,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;IAC1E,oFAAoF;IACpF,sDAAsD;IACtD,MAAM,cAAc,GAAG,qBAAqB,CAC1C,cAAc,EACd,cAAc,EACd,MAAM,CAAC,UAAU,EACjB,cAAc,EAAE,KAAK,CACtB,CAAC;IACF,MAAM,uBAAuB,GAAG,cAAc,KAAK,CAAC,cAAc,EAAE,KAAK,IAAI,IAAI,CAAC;QAChF,CAAC,CAAC,EAAE,GAAG,cAAc,EAAE,KAAK,EAAE,cAAc,EAAoB;QAChE,CAAC,CAAC,cAAc,CAAC;IACnB,MAAM,IAAI,GAAG,cAAc,CAAC,OAAO,EAAE,MAAM,EAAE,YAAY,EAAE,uBAAuB,EAAE,QAAQ,CAAC,CAAC;IAE9F,yEAAyE;IACzE,6EAA6E;IAC7E,2EAA2E;IAC3E,qCAAqC;IACrC,IAAI,aAAa,GAAG,MAAM,CAAC;IAC3B,IAAI,QAAQ,EAAE,CAAC;QACb,IAAI,OAAO,GAAG,EAAE,CAAC;QACjB,IAAI,CAAC;YACH,MAAM,OAAO,GAAoB;gBAC/B,OAAO;gBACP,WAAW,EAAE,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;gBACtC,YAAY;gBACZ,MAAM;gBACN,cAAc,EAAE,MAAM,CAAC,cAAc;gBACrC,SAAS,EAAE,MAAM,CAAC,SAAS;aAC5B,CAAC;YACF,MAAM,EAAE,OAAO,EAAE,GAAG,MAAM,iCAAiC,CAAC,CAAC,uBAAuB,CAAC,EAAE,OAAO,CAAC,CAAC;YAChG,OAAO,GAAG,OAAO,CAAC;QACpB,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,OAAO,CAAC,KAAK,CAAC,iEAAiE,EAAG,GAAa,CAAC,OAAO,CAAC,CAAC;QAC3G,CAAC;QACD,aAAa,GAAG,uBAAuB,CAAC;YACtC,OAAO,EAAE,SAAS,CAAC,OAAO;YAC1B,SAAS;YACT,OAAO;YACP,aAAa;SACd,CAAC,CAAC;QACH,OAAO,CAAC,GAAG,CACT,4CAA4C,QAAQ,SAAS,SAAS,IAAI;YAC1E,yCAAyC,SAAS,CAAC,OAAO,KAAK,aAAa,CAAC,MAAM,UAAU;YAC7F,GAAG,aAAa,CAAC,MAAM,oBAAoB,CAC5C,CAAC;IACJ,CAAC;IACD,yEAAyE;IACzE,wEAAwE;IACxE,4DAA4D;IAC5D,MAAM,UAAU,GAAG,CAAC,gBAAgB,EAAE,WAAW,IAAI,QAAQ,CAAC,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS,CAAC;IACjG,8EAA8E;IAC9E,8EAA8E;IAC9E,2EAA2E;IAC3E,iEAAiE;IACjE,MAAM,UAAU,GAAG,cAAc,IAAI,CAAC,UAAU,KAAK,MAAM,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC;IACtF,8EAA8E;IAC9E,uDAAuD;IACvD,MAAM,QAAQ,GAAG,4BAA4B,CAAC,MAAM,EAAE;QACpD,KAAK,EAAE,MAAM,CAAC,cAAc;QAC5B,OAAO;QACP,SAAS,EAAE,OAAO,CAAC,EAAE;QACrB,KAAK,EAAE,UAAU;QACjB,KAAK,EAAE,UAAU;KAClB,CAAC,CAAC;IACH,kFAAkF;IAClF,wFAAwF;IACxF,MAAM,CAAC,MAAM,CAAC,QAAQ,EAAE,MAAM,qBAAqB,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC,CAAC;IAEjE,6EAA6E;IAC7E,6EAA6E;IAC7E,6EAA6E;IAC7E,IAAI,cAAc,EAAE,CAAC;QACnB,QAAQ,CAAC,UAAU,GAAG,cAAc,CAAC;QACrC,OAAO,CAAC,GAAG,CACT,wCAAwC,SAAS,cAAc,MAAM,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,KAAK;YAChG,GAAG,cAAc,EAAE;YACnB,CAAC,cAAc,CAAC,CAAC,CAAC,YAAY,cAAc,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CACtD,CAAC;IACJ,CAAC;IAED,4EAA4E;IAC5E,yEAAyE;IACzE,uEAAuE;IACvE,KAAK,sBAAsB,CAAC;QAC1B,SAAS,EAAE,OAAO,CAAC,EAAE;QACrB,OAAO;QACP,UAAU,EAAE,IAAI;QAChB,QAAQ,EAAE,gBAAgB;KAC3B,CAAC,CAAC;IAEH,6BAA6B;IAC7B,MAAM,aAAa,CAAC,OAAO,CAAC,EAAE,EAAE;QAC9B,MAAM,EAAE,UAAU;QAClB,UAAU,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;QACpC,WAAW,EAAE,IAAI,CAAC,UAAU;QAC5B,WAAW,EAAE,IAAI,CAAC,UAAU;KAC7B,CAAC,CAAC;IAEH,oDAAoD;IACpD,IAAI,QAAQ,EAAE,CAAC;QACb,IAAI,CAAC;YACH,MAAM,QAAQ,CAAC,WAAW,CAAC,OAAO,CAAC,CAAC;QACtC,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,OAAO,CAAC,IAAI,CAAC,8CAA8C,SAAS,IAAI,EAAG,GAAa,CAAC,OAAO,CAAC,CAAC;YAClG,mEAAmE;YACnE,MAAM,aAAa,CAAC,OAAO,CAAC,EAAE,EAAE;gBAC9B,MAAM,EAAE,QAAQ;gBAChB,WAAW,EAAE,sBAAsB;gBACnC,aAAa,EAAE,iBAAiB;gBAChC,QAAQ,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;aACnC,CAAC,CAAC,KAAK,CAAC,SAAS,CAAC,EAAE;gBACnB,OAAO,CAAC,IAAI,CAAC,kEAAkE,EAAG,SAAmB,CAAC,OAAO,CAAC,CAAC;YACjH,CAAC,CAAC,CAAC;YACH,WAAW,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;YAC5B,OAAO;QACT,CAAC;IACH,CAAC;IAED,8BAA8B;IAC9B,MAAM,IAAI,GAAG,KAAK,CAAC,OAAO,CAAC,cAAc,CAAC,MAAM,CAAC,EAAE,IAAI,EAAE;QACvD,GAAG,EAAE,YAAY;QACjB,GAAG,EAAE,QAAQ;QACb,KAAK,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC;KAChC,CAAC,CAAC;IAEH,SAAS,CAAC,OAAO,GAAG,IAAI,CAAC,GAAG,IAAI,IAAI,CAAC;IACrC,SAAS,CAAC,SAAS,GAAG,IAAI,CAAC,KAAM,CAAC;IAClC,SAAS,CAAC,KAAK,GAAG,WAAW,CAAC;IAE9B,8EAA8E;IAC9E,MAAM,EAAE,kBAAkB,EAAE,eAAe,EAAE,GAAG,oBAAoB,CAAC;QACnE,IAAI,EAAE,OAAO,EAAE,SAAS,EAAE,OAAO,EAAE,SAAS,EAAE,SAAS,EAAE,OAAO,CAAC,EAAE,EAAE,IAAI;KAC1E,CAAC,CAAC;IAEH,4EAA4E;IAC5E,+EAA+E;IAC/E,iCAAiC;IACjC,IAAI,CAAC,KAAM,CAAC,KAAK,CAAC,OAAO,CAAC,WAAW,CAAC,aAAa,CAAC,CAAC,CAAC;IAEtD,4BAA4B;IAC5B,MAAM,aAAa,CAAC,OAAO,CAAC,EAAE,EAAE;QAC9B,MAAM,EAAE,SAAS;QACjB,GAAG,EAAE,IAAI,CAAC,GAAG;KACd,CAAC,CAAC;IAEH,OAAO,CAAC,GAAG,CAAC,2CAA2C,SAAS,WAAW,IAAI,CAAC,GAAG,cAAc,OAAO,CAAC,EAAE,GAAG,CAAC,CAAC;IAEhH,yDAAyD;IACzD,4EAA4E;IAC5E,2EAA2E;IAC3E,6EAA6E;IAC7E,kBAAkB,CAAC,EAAE,CAAC,UAAU,EAAE,CAAC,IAAI,EAAE,EAAE;QACzC,OAAO,CAAC,GAAG,CACT,mCAAmC,SAAS,0BAA0B;YACtE,GAAG,IAAI,CAAC,SAAS,YAAY,IAAI,CAAC,YAAY,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,CAC5D,CAAC;QACF,qBAAqB,CAAC,EAAE,MAAM,EAAE,OAAO,EAAE,SAAS,EAAE,SAAS,EAAE,kBAAkB,EAAE,IAAI,EAAE,cAAc,EAAE,IAAI,EAAE,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,EAAE;YAC3H,OAAO,CAAC,IAAI,CACV,wDAAwD,SAAS,IAAI,EACpE,GAAa,CAAC,OAAO,CACvB,CAAC;YACF,gDAAgD;YAChD,aAAa,CAAC,OAAO,EAAE,SAAS,CAAC,CAAC;QACpC,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,sBAAsB;IACtB,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IAC7B,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,IAAI,EAAE,MAAM,EAAE,EAAE;QAChC,sBAAsB,CAAC;YACrB,IAAI,EAAE,MAAM,EAAE,SAAS,EAAE,OAAO,EAAE,QAAQ,EAAE,SAAS;YACrD,SAAS,EAAE,SAAS,EAAE,OAAO,CAAC,EAAE,EAAE,MAAM,EAAE,kBAAkB;YAC5D,eAAe,EAAE,IAAI,EAAE,MAAM,EAAE,QAAQ,EAAE,cAAc;SACxD,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,EAAE;YACb,OAAO,CAAC,KAAK,CAAC,uDAAuD,SAAS,IAAI,EAAG,GAAa,CAAC,OAAO,CAAC,CAAC;QAC9G,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,KAAK,EAAE,GAAG,EAAE,EAAE;QAC7B,OAAO,CAAC,KAAK,CAAC,mCAAmC,SAAS,UAAU,EAAE,GAAG,CAAC,OAAO,CAAC,CAAC;QAEnF,oDAAoD;QACpD,QAAQ,EAAE,WAAW,CAAC,OAAO,CAAC,CAAC;QAE/B,IAAI,CAAC;YACH,MAAM,SAAS,CACb,GAAG,EAAE,CAAC,aAAa,CAAC,OAAO,CAAC,EAAE,EAAE;gBAC9B,MAAM,EAAE,QAAQ;gBAChB,WAAW,EAAE,kBAAkB,GAAG,CAAC,OAAO,EAAE;gBAC5C,aAAa,EAAE,OAAO;gBACtB,QAAQ,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;aACnC,CAAC,EACF,EAAE,WAAW,EAAE,CAAC,EAAE,WAAW,EAAE,IAAI,EAAE,KAAK,EAAE,sBAAsB,EAAE,CACrE,CAAC;QACJ,CAAC;QAAC,OAAO,SAAS,EAAE,CAAC;YACnB,OAAO,CAAC,IAAI,CAAC,0DAA0D,EAAG,SAAmB,CAAC,OAAO,CAAC,CAAC;QACzG,CAAC;QAED,kBAAkB,CAAC,OAAO,EAAE,CAAC;QAC7B,IAAI,CAAC,eAAe,CAAC,GAAG,EAAE,CAAC;QAC3B,IAAI,CAAC,YAAY,CAAC,GAAG,EAAE,CAAC;QACxB,IAAI,CAAC,WAAW,CAAC,GAAG,EAAE,CAAC;QAEvB,wDAAwD;QACxD,SAAS,CAAC,KAAK,GAAG,YAAY,CAAC;QAC/B,WAAW,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;IAC9B,CAAC,CAAC,CAAC;AACL,CAAC"}
|
|
1
|
+
{"version":3,"file":"focus-executor.js","sourceRoot":"","sources":["../src/focus-executor.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA4BG;AAEH,OAAO,EAAE,KAAK,EAAE,MAAM,oBAAoB,CAAC;AAC3C,OAAO,EAAE,SAAS,EAAE,UAAU,EAAE,MAAM,SAAS,CAAC;AAOhD,OAAO,EACL,aAAa,EACb,aAAa,EACb,gBAAgB,GACjB,MAAM,eAAe,CAAC;AACvB,OAAO,EAAE,cAAc,EAAE,UAAU,EAAE,cAAc,EAAE,MAAM,UAAU,CAAC;AACtE,OAAO,EAAE,yBAAyB,EAAE,MAAM,kBAAkB,CAAC;AAC7D,OAAO,EAAE,gBAAgB,EAAE,gBAAgB,EAAE,MAAM,2BAA2B,CAAC;AAC/E,OAAO,EAAE,SAAS,EAAE,YAAY,EAAyB,MAAM,qBAAqB,CAAC;AACrF,OAAO,EAAE,cAAc,EAAE,MAAM,gBAAgB,CAAC;AAChD,OAAO,EAAE,oBAAoB,EAAE,MAAM,2BAA2B,CAAC;AACjE,OAAO,EAAE,wBAAwB,EAAE,8BAA8B,EAAE,uBAAuB,EAAE,MAAM,uBAAuB,CAAC;AAC1H,OAAO,EAAE,kBAAkB,EAAE,cAAc,EAAE,yBAAyB,EAAE,mCAAmC,EAAE,kBAAkB,EAAE,MAAM,sBAAsB,CAAC;AAC9J,OAAO,EAAE,iBAAiB,EAAE,MAAM,0BAA0B,CAAC;AAC7D,OAAO,EAAE,4BAA4B,EAAE,qBAAqB,EAAE,MAAM,wBAAwB,CAAC;AAC7F,OAAO,EAAE,gBAAgB,EAAE,uBAAuB,EAAE,MAAM,oBAAoB,CAAC;AAC/E,OAAO,EAAE,kBAAkB,EAAE,MAAM,gBAAgB,CAAC;AACpD,OAAO,EAAE,eAAe,EAAE,kBAAkB,EAA0B,MAAM,sBAAsB,CAAC;AACnG,OAAO,EAAE,mBAAmB,EAAE,MAAM,qBAAqB,CAAC;AAC1D,OAAO,EAAE,oBAAoB,EAAE,MAAM,uBAAuB,CAAC;AAC7D,OAAO,EAAE,4BAA4B,EAAE,oCAAoC,EAAE,cAAc,EAAE,MAAM,yBAAyB,CAAC;AAC7H,OAAO,EAAE,iCAAiC,EAAoD,MAAM,sBAAsB,CAAC;AAC3H,OAAO,EAAE,4BAA4B,EAAE,MAAM,yBAAyB,CAAC;AACvE,OAAO,EAAE,sBAAsB,EAAE,MAAM,+BAA+B,CAAC;AACvE,kHAAkH;AAClH,OAAO,yBAAyB,CAAC;AACjC,OAAO,EAAE,uBAAuB,EAAE,gBAAgB,EAAE,MAAM,uBAAuB,CAAC;AAClF,OAAO,EAAE,uBAAuB,EAAE,MAAM,6BAA6B,CAAC;AACtE,OAAO,EAAE,gBAAgB,IAAI,gCAAgC,EAAE,MAAM,yBAAyB,CAAC;AAE/F,2EAA2E;AAE3E,OAAO,EACL,cAAc,EACd,qBAAqB,GACtB,MAAM,uBAAuB,CAAC;AAC/B,gFAAgF;AAChF,2EAA2E;AAC3E,wEAAwE;AACxE,OAAO,EACL,mBAAmB,EACnB,oBAAoB,EACpB,sBAAsB,GACvB,MAAM,sBAAsB,CAAC;AAC9B,OAAO,EACL,aAAa,GACd,MAAM,uBAAuB,CAAC;AAC/B,OAAO,EACL,qBAAqB,GACtB,MAAM,uBAAuB,CAAC;AAC/B,OAAO,EAAE,UAAU,EAAE,cAAc,EAA0C,MAAM,qBAAqB,CAAC;AAEzG,2EAA2E;AAE3E,OAAO,EACL,cAAc,EACd,aAAa,EACb,kBAAkB,GACnB,MAAM,uBAAuB,CAAC;AAE/B,OAAO,EACL,gBAAgB,GACjB,MAAM,kBAAkB,CAAC;AAE1B,OAAO,EACL,oBAAoB,EACpB,uBAAuB,EACvB,gBAAgB,EAChB,uBAAuB,GACxB,MAAM,uBAAuB,CAAC;AAI/B,OAAO,EACL,aAAa,EACb,eAAe,EACf,iBAAiB,EACjB,wBAAwB,EACxB,gCAAgC,GACjC,MAAM,uBAAuB,CAAC;AAI/B,qEAAqE;AAErE,IAAI,QAAQ,GAA4B,IAAI,CAAC;AAE7C,oEAAoE;AACpE,MAAM,UAAU,YAAY,CAAC,GAAqB;IAChD,QAAQ,GAAG,GAAG,CAAC;AACjB,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,WAAW;IACzB,OAAO,QAAQ,CAAC;AAClB,CAAC;AAcD;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAqCG;AACH,MAAM,UAAU,wBAAwB,CACtC,UAA0D,EAC1D,SAAiB;IAEjB,IAAI,UAAU,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC5B,OAAO,EAAE,IAAI,EAAE,UAAU,EAAE,CAAC;IAC9B,CAAC;IAED,MAAM,UAAU,GAAwB,EAAE,CAAC;IAC3C,KAAK,MAAM,CAAC,IAAI,UAAU,EAAE,CAAC;QAC3B,MAAM,MAAM,GAAG,CAAC,CAAC,eAAe,IAAI,EAAE,CAAC;QACvC,IAAI,uBAAuB,CAAC,MAAM,CAAC,EAAE,CAAC;YACpC,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;YACnB,SAAS;QACX,CAAC;QACD,IAAI,gBAAgB,CAAC,MAAM,CAAC,EAAE,CAAC;YAC7B,OAAO,CAAC,GAAG,CACT,8BAA8B,CAAC,CAAC,IAAI,WAAW,CAAC,CAAC,YAAY,IAAI;gBACjE,UAAU,MAAM,uDAAuD,SAAS,GAAG,CACpF,CAAC;YACF,MAAM;QACR,CAAC;QACD,2DAA2D;QAC3D,2BAA2B;IAC7B,CAAC;IAED,IAAI,UAAU,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC5B,OAAO,CAAC,GAAG,CAAC,wDAAwD,SAAS,qBAAqB,CAAC,CAAC;QACpG,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC;IAC1B,CAAC;IAED,OAAO,EAAE,IAAI,EAAE,SAAS,EAAE,UAAU,EAAE,UAAU,EAAE,CAAC;AACrD,CAAC;AAED,wEAAwE;AAExE;;GAEG;AACH,MAAM,UAAU,uBAAuB,CAAC,IAAe,EAAE,SAAiB,EAAE,OAAe;IACzF,MAAM,iBAAiB,GAAG,kBAAkB,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACxD,MAAM,OAAO,GAAG,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;IACpC,MAAM,kBAAkB,GAAG,kBAAkB,CAAC,SAAS,CAAC,CAAC;IACzD,OAAO,SAAS,iBAAiB,IAAI,kBAAkB,IAAI,OAAO,EAAE,CAAC;AACvE,CAAC;AAGD;;;;;;GAMG;AACH,MAAM,UAAU,iBAAiB,CAC/B,QAAgB,EAChB,MAA8B;IAE9B,OAAO,QAAQ,KAAK,OAAO,IAAI,MAAM,CAAC,SAAS,CAAC,CAAC,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC;AACjF,CAAC;AAED;;;;;;;;GAQG;AACH,MAAM,UAAU,qBAAqB,CACnC,cAAyC,EACzC,cAAkC,EAClC,UAA8B,EAC9B,aAAwC;IAExC,OAAO,CACL,cAAc;QACd,CAAC,cAAc,IAAI,UAAU,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,IAAI,CAAC;QAClD,aAAa;QACb,IAAI,CACL,CAAC;AACJ,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,cAAc,CAC5B,OAAqB,EACrB,MAAoB,EACpB,YAAoB,EACpB,cAAqC,EACrC,eAA+B,EAC/B,YAAgC;IAEhC,0EAA0E;IAC1E,0EAA0E;IAC1E,uDAAuD;IACvD,MAAM,IAAI,GAAG,EAAE,MAAM,EAAE,YAAY,EAAE,KAAK,EAAE,cAAc,EAAE,KAAK,IAAI,IAAI,EAAE,YAAY,EAAE,CAAC;IAC1F,OAAO,eAAe;QACpB,CAAC,CAAC,OAAO,CAAC,eAAe,CAAC,EAAE,GAAG,IAAI,EAAE,eAAe,EAAE,CAAC;QACvD,CAAC,CAAC,OAAO,CAAC,cAAc,CAAC,IAAI,CAAC,CAAC;AACnC,CAAC;AA0BD;;;;;GAKG;AACH,MAAM,CAAC,KAAK,UAAU,cAAc,CAClC,MAA4B;IAE5B,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,SAAS,EAAE,IAAI,EAAE,cAAc,EAAE,QAAQ,GAAG,KAAK,EAAE,gBAAgB,EAC1F,cAAc,EAAE,gBAAgB,EAAE,GAAG,MAAM,CAAC;IAC9C,MAAM,WAAW,GAAG,cAAc,EAAE,CAAC;IAErC,yEAAyE;IACzE,gFAAgF;IAEhF,uBAAuB;IACvB,IAAI,WAAW,CAAC,GAAG,CAAC,OAAO,CAAC,EAAE,CAAC;QAC7B,OAAO,CAAC,IAAI,CAAC,mDAAmD,SAAS,mBAAmB,CAAC,CAAC;QAC9F,OAAO;IACT,CAAC;IAED,IAAI,MAAM,iBAAiB,CAAC,OAAO,EAAE,SAAS,CAAC;QAAE,OAAO;IAExD,MAAM,eAAe,GAAG,qBAAqB,CAAC,cAAc,CAAC,CAAC;IAC9D,MAAM,UAAU,GAAG,uBAAuB,CAAC,IAAI,EAAE,SAAS,EAAE,OAAO,CAAC,CAAC;IAErE,wBAAwB;IACxB,MAAM,SAAS,GAAmB;QAChC,OAAO;QACP,SAAS;QACT,MAAM,EAAE,IAAI,CAAC,EAAE;QACf,QAAQ,EAAE,IAAI,CAAC,IAAI;QACnB,cAAc,EAAE,MAAM,CAAC,cAAc;QACrC,SAAS,EAAE,MAAM,CAAC,SAAS;QAC3B,eAAe;QACf,cAAc;QACd,SAAS,EAAE,IAAI,IAAI,EAAE;QACrB,KAAK,EAAE,cAAc;QACrB,gBAAgB,EAAE,IAAI,GAAG,EAAE;QAC3B,iBAAiB,EAAE,IAAI,GAAG,EAAE;QAC5B,aAAa,EAAE,KAAK;QACpB,cAAc,EAAE,IAAI;QACpB,gBAAgB,EAAE,IAAI,GAAG,EAAE;QAC3B,aAAa,EAAE,IAAI;QACnB,OAAO,EAAE,IAAI;QACb,SAAS,EAAE,IAAI;QACf,UAAU;QACV,YAAY,EAAE,IAAI;QAClB,sBAAsB,EAAE,KAAK;QAC7B,QAAQ;QACR,kBAAkB,EAAE,IAAI;QACxB,eAAe,EAAE,IAAI;QACrB,oBAAoB,EAAE,IAAI;QAC1B,gBAAgB,EAAE,CAAC;QACnB,yBAAyB,EAAE,IAAI;QAC/B,WAAW,EAAE,QAAQ;QACrB,OAAO,EAAE,QAAQ;KAClB,CAAC;IACF,WAAW,CAAC,GAAG,CAAC,OAAO,EAAE,SAAS,CAAC,CAAC;IAEpC,MAAM,cAAc,GAAG,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,MAAM,CAAC,SAAS,CAAC,CAAC;IAC5E,MAAM,UAAU,GAAG,MAAM,CAAC,QAAQ,CAAC,MAAM,GAAG,CAAC,IAAI,cAAc,CAAC,CAAC,CAAC,KAAK,YAAY,CAAC,cAAc,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC;IAC5G,OAAO,CAAC,GAAG,CAAC,6CAA6C,SAAS,IAAI,QAAQ,CAAC,CAAC,CAAC,cAAc,CAAC,CAAC,CAAC,EAAE,GAAG,UAAU,EAAE,CAAC,CAAC;IACrH,OAAO,CAAC,GAAG,CAAC,WAAW,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC;IACpC,OAAO,CAAC,GAAG,CAAC,YAAY,cAAc,EAAE,KAAK,IAAI,eAAe,EAAE,CAAC,CAAC;IACpE,OAAO,CAAC,GAAG,CAAC,kBAAkB,eAAe,CAAC,UAAU,EAAE,CAAC,CAAC;IAC5D,OAAO,CAAC,GAAG,CAAC,aAAa,UAAU,EAAE,CAAC,CAAC;IACvC,IAAI,MAAM,CAAC,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC/B,OAAO,CAAC,GAAG,CAAC,cAAc,cAAc,CAAC,CAAC,CAAC,YAAY,CAAC,cAAc,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,CAAC,CAAC;QAC1G,OAAO,CAAC,GAAG,CAAC,WAAW,MAAM,CAAC,QAAQ,EAAE,CAAC,CAAC;IAC5C,CAAC;IAED,2EAA2E;IAC3E,4EAA4E;IAC5E,MAAM,gBAAgB,GAA4B,EAAE,CAAC;IAErD,sFAAsF;IACtF,IAAI,UAAU,CAAC;IACf,IAAI,MAAM,CAAC;IACX,IAAI,kBAAkB,CAAC;IACvB,IAAI,yBAAyB,CAAC;IAC9B,IAAI,WAAmB,CAAC;IACxB,IAAI,CAAC;QACH,IAAI,iBAAyE,CAAC;QAC9E,CAAC,UAAU,EAAE,MAAM,EAAE,kBAAkB,EAAE,yBAAyB,EAAE,iBAAiB,CAAC,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC;YACzG,kBAAkB,CAAC,OAAO,CAAC;YAC3B,cAAc,CAAC,OAAO,CAAC;YACvB,yBAAyB,CAAC,MAAM,CAAC,SAAS,EAAE,OAAO,CAAC;YACpD,mCAAmC,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE;gBAClE,OAAO,CAAC,KAAK,CAAC,2EAA2E,EAAG,GAAa,CAAC,OAAO,CAAC,CAAC;gBACnH,OAAO,IAAI,CAAC;YACd,CAAC,CAAC;YACF,CAAC,KAAK,IAAI,EAAE;gBACV,IAAI,CAAC;oBACH,MAAM,WAAW,GAAoB;wBACnC,OAAO;wBACP,WAAW,EAAE,EAAE;wBACf,YAAY,EAAE,IAAI;wBAClB,MAAM;wBACN,cAAc,EAAE,MAAM,CAAC,cAAc;wBACrC,SAAS,EAAE,MAAM,CAAC,SAAS;qBAC5B,CAAC;oBACF,OAAO,MAAM,iCAAiC,CAAC,CAAC,cAAc,EAAE,kBAAkB,CAAC,EAAE,WAAW,CAAC,CAAC;gBACpG,CAAC;gBAAC,OAAO,GAAG,EAAE,CAAC;oBACb,OAAO,CAAC,KAAK,CAAC,4DAA4D,EAAG,GAAa,CAAC,OAAO,CAAC,CAAC;oBACpG,OAAO,EAAE,OAAO,EAAE,EAAE,EAAE,QAAQ,EAAE,EAA6B,EAAE,CAAC;gBAClE,CAAC;YACH,CAAC,CAAC,EAAE;SACL,CAAC,CAAC;QACH,WAAW,GAAG,iBAAiB,CAAC,OAAO,CAAC;QACxC,gBAAgB,CAAC,IAAI,CAAC,GAAG,iBAAiB,CAAC,QAAQ,CAAC,CAAC;IACvD,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,OAAO,CAAC,KAAK,CAAC,uDAAuD,SAAS,IAAI,EAAG,GAAa,CAAC,OAAO,CAAC,CAAC;QAC5G,WAAW,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;QAC5B,OAAO;IACT,CAAC;IAED,4EAA4E;IAC5E,8EAA8E;IAC9E,2EAA2E;IAC3E,+EAA+E;IAC/E,iFAAiF;IACjF,IAAI,mBAAmB,GAAG,EAAE,CAAC;IAC7B,CAAC;QACC,MAAM,YAAY,GAAoB;YACpC,OAAO;YACP,WAAW,EAAE,EAAE;YACf,YAAY,EAAE,IAAI;YAClB,MAAM;YACN,cAAc,EAAE,MAAM,CAAC,cAAc;YACrC,SAAS,EAAE,MAAM,CAAC,SAAS;SAC5B,CAAC;QACF,MAAM,eAAe,GAAG,MAAM,4BAA4B,CAAC,OAAO,EAAE,YAAY,CAAC,CAAC;QAClF,mBAAmB,GAAG,eAAe,CAAC,OAAO,CAAC;QAC9C,gBAAgB,CAAC,IAAI,CAAC,GAAG,eAAe,CAAC,QAAQ,CAAC,CAAC;IACrD,CAAC;IAED,gEAAgE;IAChE,8DAA8D;IAC9D,uEAAuE;IACvE,eAAe;IACf,MAAM,gBAAgB,GAAG,4BAA4B,CAAC,OAAO,CAAC,CAAC;IAC/D,IAAI,gBAAgB,EAAE,CAAC;QACrB,SAAS,CAAC,yBAAyB,GAAG,gBAAgB,CAAC,WAAW,CAAC;QACnE,SAAS,CAAC,WAAW,GAAG,gBAAgB,CAAC,WAAW,CAAC;IACvD,CAAC;IAED,mDAAmD;IACnD,kFAAkF;IAClF,IAAI,oBAAoB,GAAmD,EAAE,CAAC;IAC9E,IAAI,eAAe,GAAG,KAAK,CAAC;IAC5B,IAAI,gBAAgB,EAAE,CAAC;QACrB,oBAAoB,GAAG,UAAU,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,uBAAuB,CAAC,CAAC,CAAC,eAAe,IAAI,EAAE,CAAC,CAAC,CAAC;IAClG,CAAC;SAAM,CAAC;QACN,MAAM,QAAQ,GAAG,wBAAwB,CAAC,UAAU,EAAE,SAAS,CAAC,CAAC;QACjE,IAAI,QAAQ,CAAC,IAAI,KAAK,MAAM,EAAE,CAAC;YAC7B,WAAW,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;YAC5B,OAAO;QACT,CAAC;QACD,IAAI,QAAQ,CAAC,IAAI,KAAK,UAAU,EAAE,CAAC;YACjC,eAAe,GAAG,IAAI,CAAC;YACvB,SAAS,CAAC,aAAa,GAAG,IAAI,CAAC;YAC/B,OAAO,CAAC,GAAG,CAAC,2BAA2B,SAAS,+CAA+C,CAAC,CAAC;QACnG,CAAC;aAAM,CAAC;YACN,oBAAoB,GAAG,QAAQ,CAAC,UAAU,CAAC;QAC7C,CAAC;IACH,CAAC;IAED,+DAA+D;IAC/D,6EAA6E;IAC7E,0EAA0E;IAC1E,sEAAsE;IACtE,KAAK,MAAM,CAAC,IAAI,UAAU,EAAE,CAAC;QAC3B,SAAS,CAAC,gBAAgB,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;QACrC,SAAS,CAAC,gBAAgB,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,sBAAsB,CAAC,CAAC;QAC/D,IAAI,CAAC,uBAAuB,CAAC,CAAC,CAAC,eAAe,IAAI,EAAE,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC,CAAC,eAAe,IAAI,EAAE,CAAC,EAAE,CAAC;YACpG,SAAS,CAAC,iBAAiB,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;QACxC,CAAC;IACH,CAAC;IAED,IAAI,eAAe,EAAE,CAAC;QACpB,OAAO,CAAC,GAAG,CAAC,qCAAqC,CAAC,CAAC;IACrD,CAAC;SAAM,CAAC;QACN,OAAO,CAAC,GAAG,CAAC,iBAAiB,UAAU,CAAC,MAAM,KAAK,oBAAoB,CAAC,MAAM,UAAU,CAAC,CAAC;IAC5F,CAAC;IACD,OAAO,CAAC,GAAG,CAAC,aAAa,MAAM,CAAC,MAAM,EAAE,CAAC,CAAC;IAE1C,8BAA8B;IAC9B,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,MAAM,CAAC,EAAE,CAAC;QAC/B,SAAS,CAAC,MAAM,CAAC,MAAM,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;IAC7D,CAAC;IAED,iFAAiF;IACjF,IAAI,YAAoB,CAAC;IACzB,MAAM,gBAAgB,GAAG,gBAAgB,CAAC,OAAO,CAAC,CAAC;IACnD,IAAI,gBAAgB,EAAE,CAAC;QACrB,YAAY,GAAG,gBAAgB,CAAC,YAAY,CAAC;QAC7C,uEAAuE;QACvE,MAAM,YAAY,GAAG,UAAU,CAAC,CAAC,QAAQ,EAAE,MAAM,CAAC,iBAAiB,CAAC,EAAE,YAAY,CAAC,CAAC;QACpF,IAAI,CAAC,YAAY,CAAC,OAAO,EAAE,CAAC;YAC1B,UAAU,CAAC,CAAC,QAAQ,EAAE,SAAS,CAAC,EAAE,YAAY,CAAC,CAAC;YAChD,OAAO,CAAC,IAAI,CAAC,uCAAuC,SAAS,mCAAmC,CAAC,CAAC;QACpG,CAAC;QACD,OAAO,CAAC,GAAG,CAAC,wBAAwB,YAAY,EAAE,CAAC,CAAC;IACtD,CAAC;SAAM,CAAC;QACN,0DAA0D;QAC1D,IAAI,CAAC,cAAc,CAAC,MAAM,CAAC,QAAQ,CAAC,EAAE,CAAC;YACrC,OAAO,CAAC,IAAI,CAAC,6EAA6E,SAAS,GAAG,CAAC,CAAC;YACxG,WAAW,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;YAC5B,mBAAmB,CAAC,OAAO,CAAC,CAAC;YAC7B,OAAO;QACT,CAAC;QAED,sEAAsE;QACtE,OAAO,CAAC,IAAI,CAAC,gDAAgD,SAAS,oBAAoB,CAAC,CAAC;QAC5F,IAAI,CAAC;YACH,YAAY,GAAG,MAAM,cAAc,CAAC,MAAM,EAAE,UAAU,CAAC,CAAC;YACxD,gBAAgB,CAAC,OAAO,EAAE;gBACxB,OAAO;gBACP,SAAS;gBACT,YAAY;gBACZ,UAAU;gBACV,SAAS,EAAE,IAAI,IAAI,EAAE;aACtB,CAAC,CAAC;YACH,OAAO,CAAC,GAAG,CAAC,gCAAgC,YAAY,EAAE,CAAC,CAAC;YAE5D,sDAAsD;YACtD,IAAI,QAAQ,EAAE,CAAC;gBACb,yBAAyB,CAAC,YAAY,CAAC,CAAC;gBACxC,OAAO,CAAC,GAAG,CAAC,oDAAoD,CAAC,CAAC;YACpE,CAAC;QACH,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,OAAO,CAAC,KAAK,CAAC,yDAAyD,SAAS,IAAI,EAAE,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC;YACxI,WAAW,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;YAC5B,mBAAmB,CAAC,OAAO,CAAC,CAAC;YAC7B,OAAO;QACT,CAAC;IACH,CAAC;IACD,SAAS,CAAC,YAAY,GAAG,YAAY,CAAC;IAEtC,0CAA0C;IAC1C,IAAI,OAAO,CAAC;IACZ,IAAI,CAAC;QACH,OAAO,GAAG,MAAM,aAAa,CAAC;YAC5B,cAAc,EAAE,MAAM,CAAC,cAAc;YACrC,MAAM,EAAE,IAAI,CAAC,EAAE;YACf,OAAO,EAAE,IAAI;YACb,OAAO;YACP,UAAU;YACV,WAAW,EAAE,gBAAgB,EAAE,WAAW,IAAI,QAAQ;SACvD,CAAC,CAAC;QACH,SAAS,CAAC,aAAa,GAAG,OAAO,CAAC,EAAE,CAAC;QACrC,yEAAyE;QACzE,wEAAwE;QACxE,6EAA6E;QAC7E,sEAAsE;QACtE,oBAAoB,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC;IACnC,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,OAAO,CAAC,KAAK,CAAC,wDAAwD,SAAS,IAAI,EAAG,GAAa,CAAC,OAAO,CAAC,CAAC;QAC7G,sEAAsE;QACtE,WAAW,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;QAC5B,OAAO;IACT,CAAC;IAED,cAAc,EAAE,CAAC;IAEjB,8BAA8B;IAC9B,oFAAoF;IACpF,kFAAkF;IAClF,gEAAgE;IAChE,sEAAsE;IACtE,yEAAyE;IACzE,yEAAyE;IACzE,qEAAqE;IACrE,kDAAkD;IAClD,IAAI,oBAAoB,GAAG,CAAC,CAAC;IAC7B,IAAI,aAAa,GAA+C,EAAE,CAAC;IACnE,IAAI,gBAAgB,GAAkB,IAAI,CAAC;IAC3C,IAAI,CAAC;QACH,MAAM,aAAa,GAAG,MAAM,gCAAgC,CAC1D,MAAM,CAAC,cAAc,EAAE,MAAM,CAAC,SAAS,CACxC,CAAC;QACF,MAAM,OAAO,GAAG,aAAa,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,OAAO,CAAC,CAAC;QAChE,MAAM,iBAAiB,GAAG,OAAO,EAAE,mBAAmB,IAAI,IAAI,CAAC;QAC/D,IAAI,iBAAiB,EAAE,CAAC;YACtB,aAAa,GAAG,uBAAuB,CAAC,MAAM,EAAE,iBAAiB,CAAC,CAAC;YACnE,oBAAoB,GAAG,aAAa,CAAC,MAAM,CAAC;QAC9C,CAAC;QACD,gBAAgB,GAAG,OAAO,EAAE,iBAAiB,IAAI,IAAI,CAAC;IACxD,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,OAAO,CAAC,KAAK,CACX,mEAAmE,SAAS,IAAI,EAC/E,GAAa,CAAC,OAAO,CACvB,CAAC;IACJ,CAAC;IAED,+EAA+E;IAC/E,yEAAyE;IACzE,6EAA6E;IAC7E,2CAA2C;IAC3C,IAAI,aAAa,GAAkB,IAAI,CAAC,CAAG,oCAAoC;IAC/E,IAAI,mBAAmB,GAAG,KAAK,CAAC,CAAY,oCAAoC;IAChF,IAAI,cAAc,GAAkB,IAAI,CAAC;IACzC,gFAAgF;IAChF,IAAI,cAAc,GAAkB,IAAI,CAAC;IACzC,0EAA0E;IAC1E,yEAAyE;IACzE,2EAA2E;IAC3E,oCAAoC;IACpC,IAAI,sBAAsB,GAEf,IAAI,CAAC;IAEhB,IAAI,gBAAgB,IAAI,gBAAgB,CAAC,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC;QACxD,0EAA0E;QAC1E,aAAa,GAAG,gBAAgB,CAAC,OAAO,CAAC;QACzC,cAAc,GAAG,gBAAgB,CAAC,KAAK,CAAC;QACxC,cAAc,GAAG,gBAAgB,CAAC,WAAW,KAAK,QAAQ,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,IAAI,CAAC;QAChF,sBAAsB,GAAG,EAAE,OAAO,EAAE,gBAAgB,CAAC,OAAO,EAAE,UAAU,EAAE,gBAAgB,CAAC,UAAU,EAAE,CAAC;QACxG,OAAO,CAAC,GAAG,CACT,uDAAuD,SAAS,IAAI;YACpE,IAAI,gBAAgB,CAAC,OAAO,CAAC,MAAM,4BAA4B,cAAc,IAAI,SAAS,GAAG,CAC9F,CAAC;IACJ,CAAC;SAAM,CAAC;QACN,qEAAqE;QACrE,uEAAuE;QACvE,+DAA+D;QAC/D,sEAAsE;QACtE,+DAA+D;QAC/D,mEAAmE;QACnE,mCAAmC;QACnC,IAAI,qBAAqB,GAAkB,IAAI,CAAC;QAChD,IAAI,mBAAmB,GAAkB,IAAI,CAAC;QAC9C,IAAI,cAAc,GAAkB,IAAI,CAAC;QACzC,IAAI,CAAC;YACH,MAAM,aAAa,GAAG,MAAM,gBAAgB,CAAC,MAAM,CAAC,cAAc,EAAE,MAAM,CAAC,SAAS,CAAC,CAAC;YACtF,MAAM,WAAW,GAAG,aAAa,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,OAAO,CAAC,CAAC;YACpE,MAAM,aAAa,GAAG,WAAW;gBAC/B,CAAC,CAAC,MAAM,cAAc,CAAC,WAAW,CAAC;gBACnC,CAAC,CAAC,IAAI,CAAC;YAET,MAAM,QAAQ,GAAG,MAAM,kBAAkB,CAAC,OAAO,CAAC,CAAC;YACnD,MAAM,YAAY,GAAG,aAAa;gBAChC,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,aAAa,CAAC;gBACnD,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC;YAE5C,IAAI,CAAC,YAAY,EAAE,CAAC;gBAClB,cAAc,GAAG,aAAa;oBAC5B,CAAC,CAAC,+BAA+B,aAAa,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,cAAc;oBACxE,CAAC,CAAC,qDAAqD,CAAC;YAC5D,CAAC;iBAAM,IAAI,CAAC,YAAY,CAAC,cAAc,EAAE,CAAC;gBACxC,cAAc,GAAG,YAAY,CAAC,IAAI,IAAI,IAAI,CAAC;gBAC3C,cAAc,GAAG,UAAU,YAAY,CAAC,IAAI,oCAAoC,CAAC;YACnF,CAAC;iBAAM,CAAC;gBACN,cAAc,GAAG,YAAY,CAAC,IAAI,IAAI,IAAI,CAAC;gBAC3C,sEAAsE;gBACtE,qCAAqC;gBACrC,sBAAsB,GAAG,YAAY,CAAC,cAAc,CAAC;gBACrD,MAAM,EAAE,OAAO,EAAE,gBAAgB,EAAE,QAAQ,EAAE,iBAAiB,EAAE,GAC9D,MAAM,oCAAoC,CACxC,MAAM,EAAE,OAAO,EAAE,YAAY,CAAC,cAAc,EAAE,YAAY,CAC3D,CAAC;gBACJ,IAAI,gBAAgB,CAAC,IAAI,EAAE,EAAE,CAAC;oBAC5B,qBAAqB,GAAG,gBAAgB,CAAC;oBACzC,mBAAmB,GAAG,YAAY,CAAC,cAAc,CAAC,KAAK,CAAC;oBACxD,gBAAgB,CAAC,IAAI,CAAC,GAAG,iBAAiB,CAAC,CAAC;gBAC9C,CAAC;qBAAM,CAAC;oBACN,cAAc,GAAG,8CAA8C,YAAY,CAAC,IAAI,GAAG,CAAC;gBACtF,CAAC;YACH,CAAC;QACH,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,cAAc,GAAG,2BAA4B,GAAa,CAAC,OAAO,EAAE,CAAC;QACvE,CAAC;QAED,IAAI,qBAAqB,EAAE,CAAC;YAC1B,aAAa,GAAG,qBAAqB,CAAC;YACtC,cAAc,GAAG,mBAAmB,CAAC;YACrC,OAAO,CAAC,GAAG,CAAC,+CAA+C,SAAS,MAAM,qBAAqB,CAAC,MAAM,SAAS,CAAC,CAAC;QACnH,CAAC;aAAM,CAAC;YACN,OAAO,CAAC,IAAI,CACV,gDAAgD,SAAS,MAAM,cAAc,IAAI,gBAAgB,EAAE,CACpG,CAAC;YACF,mBAAmB,GAAG,IAAI,CAAC;QAC7B,CAAC;IACH,CAAC;IAED,6EAA6E;IAC7E,4EAA4E;IAC5E,6EAA6E;IAC7E,sEAAsE;IACtE,MAAM,SAAS,GAAG,kBAAkB,CAAC,EAAE,QAAQ,EAAE,sBAAsB,EAAE,SAAS,EAAE,cAAc,EAAE,CAAC,CAAC;IACtG,SAAS,CAAC,OAAO,GAAG,SAAS,CAAC,OAAO,CAAC;IACtC,SAAS,CAAC,WAAW,GAAG,SAAS,CAAC,OAAO,KAAK,QAAQ,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,QAAQ,CAAC;IAE7E,MAAM,UAAU,GAAG,SAAS,CAAC,OAAO,KAAK,QAAQ,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,QAAQ,CAAC;IACxE,MAAM,cAAc,GAAG,cAAc,CAAC;QACpC,aAAa,EAAE,cAAc;QAC7B,IAAI,EAAE,UAAU;QAChB,cAAc,EAAE,MAAM,CAAC,mBAAmB;QAC1C,UAAU,EAAE,gBAAgB;KAC7B,CAAC,CAAC;IACH,MAAM,OAAO,GAAG,UAAU,CAAC,cAAc,CAAC,QAAQ,CAAC,CAAC;IACpD,OAAO,CAAC,GAAG,CACT,gCAAgC,SAAS,UAAU,UAAU,IAAI;QACjE,GAAG,cAAc,CAAC,QAAQ,aAAa,cAAc,CAAC,MAAM,GAAG,CAChE,CAAC;IAEF,0EAA0E;IAC1E,MAAM,aAAa,GAAG;QACpB,OAAO;QACP,SAAS;QACT,gBAAgB;QAChB,cAAc,EAAE,MAAM,CAAC,cAAc;QACrC,SAAS,EAAE,MAAM,CAAC,SAAS;QAC3B,UAAU;QACV,MAAM;QACN,eAAe;QACf,cAAc;QACd,kBAAkB;QAClB,yBAAyB;QACzB,QAAQ;QACR,WAAW;QACX,oBAAoB;QACpB,QAAQ,EAAE,OAAO,CAAC,EAAE;KACrB,CAAC;IAEF,IAAI,MAAc,CAAC;IACnB,IAAI,CAAC,mBAAmB,IAAI,aAAa,KAAK,IAAI,EAAE,CAAC;QACnD,MAAM,OAAO,GAAG,8BAA8B,CAAC,aAAa,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACzE,MAAM,GAAG,wBAAwB,CAAC,IAAI,EAAE,aAAa,CAAC;cAClD,MAAM;cACN,CAAC,OAAO,CAAC,CAAC,CAAC,OAAO,GAAG,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC;cAC/B,aAAa,CAAC;IACpB,CAAC;SAAM,CAAC;QACN,MAAM,GAAG,oBAAoB,CAAC,IAAI,EAAE,aAAa,CAAC,CAAC;IACrD,CAAC;IAED,8EAA8E;IAC9E,6EAA6E;IAC7E,+EAA+E;IAC/E,yEAAyE;IACzE,IAAI,mBAAmB,CAAC,IAAI,EAAE,EAAE,CAAC;QAC/B,MAAM,IAAI,MAAM,GAAG,mBAAmB,CAAC;IACzC,CAAC;IAED,0BAA0B;IAC1B,MAAM,IAAI,GAAG,mBAAmB,CAAC,MAAM,CAAC,MAAM,EAAE,UAAU,EAAE,SAAS,CAAC,CAAC;IAEvE,sBAAsB;IACtB,0EAA0E;IAC1E,0EAA0E;IAC1E,+EAA+E;IAC/E,MAAM,QAAQ,GAAG,eAAe,CAAC;QAC/B,UAAU,EAAE,gBAAgB;QAC5B,OAAO,EAAE,SAAS,CAAC,OAAO;QAC1B,UAAU,EAAE,SAAS,CAAC,UAAU;KACjC,CAAC,CAAC;IACH,4EAA4E;IAC5E,2EAA2E;IAC3E,wCAAwC;IACxC,MAAM,cAAc,GAAG,iBAAiB,CAAC,cAAc,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;IAC1E,oFAAoF;IACpF,sDAAsD;IACtD,MAAM,cAAc,GAAG,qBAAqB,CAC1C,cAAc,EACd,cAAc,EACd,MAAM,CAAC,UAAU,EACjB,cAAc,EAAE,KAAK,CACtB,CAAC;IACF,MAAM,uBAAuB,GAAG,cAAc,KAAK,CAAC,cAAc,EAAE,KAAK,IAAI,IAAI,CAAC;QAChF,CAAC,CAAC,EAAE,GAAG,cAAc,EAAE,KAAK,EAAE,cAAc,EAAoB;QAChE,CAAC,CAAC,cAAc,CAAC;IACnB,MAAM,IAAI,GAAG,cAAc,CAAC,OAAO,EAAE,MAAM,EAAE,YAAY,EAAE,uBAAuB,EAAE,QAAQ,EAAE,IAAI,CAAC,aAAa,CAAC,CAAC;IAElH,yEAAyE;IACzE,6EAA6E;IAC7E,2EAA2E;IAC3E,qCAAqC;IACrC,IAAI,aAAa,GAAG,MAAM,CAAC;IAC3B,IAAI,QAAQ,EAAE,CAAC;QACb,IAAI,OAAO,GAAG,EAAE,CAAC;QACjB,IAAI,CAAC;YACH,MAAM,OAAO,GAAoB;gBAC/B,OAAO;gBACP,WAAW,EAAE,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;gBACtC,YAAY;gBACZ,MAAM;gBACN,cAAc,EAAE,MAAM,CAAC,cAAc;gBACrC,SAAS,EAAE,MAAM,CAAC,SAAS;aAC5B,CAAC;YACF,MAAM,EAAE,OAAO,EAAE,GAAG,MAAM,iCAAiC,CAAC,CAAC,uBAAuB,CAAC,EAAE,OAAO,CAAC,CAAC;YAChG,OAAO,GAAG,OAAO,CAAC;QACpB,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,OAAO,CAAC,KAAK,CAAC,iEAAiE,EAAG,GAAa,CAAC,OAAO,CAAC,CAAC;QAC3G,CAAC;QACD,aAAa,GAAG,uBAAuB,CAAC;YACtC,OAAO,EAAE,SAAS,CAAC,OAAO;YAC1B,SAAS;YACT,OAAO;YACP,aAAa;SACd,CAAC,CAAC;QACH,OAAO,CAAC,GAAG,CACT,4CAA4C,QAAQ,SAAS,SAAS,IAAI;YAC1E,yCAAyC,SAAS,CAAC,OAAO,KAAK,aAAa,CAAC,MAAM,UAAU;YAC7F,GAAG,aAAa,CAAC,MAAM,oBAAoB,CAC5C,CAAC;IACJ,CAAC;IACD,yEAAyE;IACzE,wEAAwE;IACxE,4DAA4D;IAC5D,MAAM,UAAU,GAAG,CAAC,gBAAgB,EAAE,WAAW,IAAI,QAAQ,CAAC,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS,CAAC;IACjG,8EAA8E;IAC9E,8EAA8E;IAC9E,2EAA2E;IAC3E,iEAAiE;IACjE,MAAM,UAAU,GAAG,cAAc,IAAI,CAAC,UAAU,KAAK,MAAM,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC;IACtF,8EAA8E;IAC9E,uDAAuD;IACvD,MAAM,QAAQ,GAAG,4BAA4B,CAAC,MAAM,EAAE;QACpD,KAAK,EAAE,MAAM,CAAC,cAAc;QAC5B,OAAO;QACP,SAAS,EAAE,OAAO,CAAC,EAAE;QACrB,KAAK,EAAE,UAAU;QACjB,KAAK,EAAE,UAAU;KAClB,CAAC,CAAC;IACH,kFAAkF;IAClF,wFAAwF;IACxF,MAAM,CAAC,MAAM,CAAC,QAAQ,EAAE,MAAM,qBAAqB,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC,CAAC;IAEjE,6EAA6E;IAC7E,6EAA6E;IAC7E,6EAA6E;IAC7E,IAAI,cAAc,EAAE,CAAC;QACnB,QAAQ,CAAC,UAAU,GAAG,cAAc,CAAC;QACrC,OAAO,CAAC,GAAG,CACT,wCAAwC,SAAS,cAAc,MAAM,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,KAAK;YAChG,GAAG,cAAc,EAAE;YACnB,CAAC,cAAc,CAAC,CAAC,CAAC,YAAY,cAAc,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CACtD,CAAC;IACJ,CAAC;IAED,4EAA4E;IAC5E,yEAAyE;IACzE,uEAAuE;IACvE,KAAK,sBAAsB,CAAC;QAC1B,SAAS,EAAE,OAAO,CAAC,EAAE;QACrB,OAAO;QACP,UAAU,EAAE,IAAI;QAChB,QAAQ,EAAE,gBAAgB;KAC3B,CAAC,CAAC;IAEH,6BAA6B;IAC7B,MAAM,aAAa,CAAC,OAAO,CAAC,EAAE,EAAE;QAC9B,MAAM,EAAE,UAAU;QAClB,UAAU,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;QACpC,WAAW,EAAE,IAAI,CAAC,UAAU;QAC5B,WAAW,EAAE,IAAI,CAAC,UAAU;KAC7B,CAAC,CAAC;IAEH,oDAAoD;IACpD,IAAI,QAAQ,EAAE,CAAC;QACb,IAAI,CAAC;YACH,MAAM,QAAQ,CAAC,WAAW,CAAC,OAAO,CAAC,CAAC;QACtC,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,OAAO,CAAC,IAAI,CAAC,8CAA8C,SAAS,IAAI,EAAG,GAAa,CAAC,OAAO,CAAC,CAAC;YAClG,mEAAmE;YACnE,MAAM,aAAa,CAAC,OAAO,CAAC,EAAE,EAAE;gBAC9B,MAAM,EAAE,QAAQ;gBAChB,WAAW,EAAE,sBAAsB;gBACnC,aAAa,EAAE,iBAAiB;gBAChC,QAAQ,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;aACnC,CAAC,CAAC,KAAK,CAAC,SAAS,CAAC,EAAE;gBACnB,OAAO,CAAC,IAAI,CAAC,kEAAkE,EAAG,SAAmB,CAAC,OAAO,CAAC,CAAC;YACjH,CAAC,CAAC,CAAC;YACH,WAAW,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;YAC5B,OAAO;QACT,CAAC;IACH,CAAC;IAED,4EAA4E;IAC5E,0EAA0E;IAC1E,yEAAyE;IACzE,0EAA0E;IAC1E,IAAI,YAAoB,CAAC;IACzB,IAAI,SAAmB,CAAC;IACxB,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,gBAAgB,CAAC,MAAM,EAAE;YACvC,OAAO,EAAE,OAAO,CAAC,cAAc,CAAC,MAAM,CAAC;YACvC,IAAI;YACJ,YAAY;SACb,CAAC,CAAC;QACH,YAAY,GAAG,OAAO,CAAC,OAAO,CAAC;QAC/B,SAAS,GAAG,OAAO,CAAC,IAAI,CAAC;IAC3B,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,IAAI,GAAG,YAAY,uBAAuB,EAAE,CAAC;YAC3C,OAAO,CAAC,KAAK,CAAC,wCAAwC,SAAS,MAAM,GAAG,CAAC,OAAO,EAAE,CAAC,CAAC;YACpF,MAAM,aAAa,CAAC,OAAO,CAAC,EAAE,EAAE;gBAC9B,MAAM,EAAE,QAAQ;gBAChB,WAAW,EAAE,GAAG,CAAC,OAAO;gBACxB,aAAa,EAAE,qBAAqB;gBACpC,QAAQ,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;aACnC,CAAC,CAAC,KAAK,CAAC,SAAS,CAAC,EAAE;gBACnB,OAAO,CAAC,IAAI,CAAC,kEAAkE,EAAG,SAAmB,CAAC,OAAO,CAAC,CAAC;YACjH,CAAC,CAAC,CAAC;YACH,IAAI,QAAQ;gBAAE,QAAQ,CAAC,WAAW,CAAC,OAAO,CAAC,CAAC;YAC5C,WAAW,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;YAC5B,OAAO;QACT,CAAC;QACD,MAAM,GAAG,CAAC;IACZ,CAAC;IAED,8BAA8B;IAC9B,MAAM,IAAI,GAAG,KAAK,CAAC,YAAY,EAAE,SAAS,EAAE;QAC1C,GAAG,EAAE,YAAY;QACjB,GAAG,EAAE,QAAQ;QACb,KAAK,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC;KAChC,CAAC,CAAC;IAEH,SAAS,CAAC,OAAO,GAAG,IAAI,CAAC,GAAG,IAAI,IAAI,CAAC;IACrC,SAAS,CAAC,SAAS,GAAG,IAAI,CAAC,KAAM,CAAC;IAClC,SAAS,CAAC,KAAK,GAAG,WAAW,CAAC;IAE9B,8EAA8E;IAC9E,MAAM,EAAE,kBAAkB,EAAE,eAAe,EAAE,GAAG,oBAAoB,CAAC;QACnE,IAAI,EAAE,OAAO,EAAE,SAAS,EAAE,OAAO,EAAE,SAAS,EAAE,SAAS,EAAE,OAAO,CAAC,EAAE,EAAE,IAAI;KAC1E,CAAC,CAAC;IAEH,4EAA4E;IAC5E,+EAA+E;IAC/E,iCAAiC;IACjC,IAAI,CAAC,KAAM,CAAC,KAAK,CAAC,OAAO,CAAC,WAAW,CAAC,aAAa,CAAC,CAAC,CAAC;IAEtD,4BAA4B;IAC5B,MAAM,aAAa,CAAC,OAAO,CAAC,EAAE,EAAE;QAC9B,MAAM,EAAE,SAAS;QACjB,GAAG,EAAE,IAAI,CAAC,GAAG;KACd,CAAC,CAAC;IAEH,OAAO,CAAC,GAAG,CAAC,2CAA2C,SAAS,WAAW,IAAI,CAAC,GAAG,cAAc,OAAO,CAAC,EAAE,GAAG,CAAC,CAAC;IAEhH,yDAAyD;IACzD,4EAA4E;IAC5E,2EAA2E;IAC3E,6EAA6E;IAC7E,kBAAkB,CAAC,EAAE,CAAC,UAAU,EAAE,CAAC,IAAI,EAAE,EAAE;QACzC,OAAO,CAAC,GAAG,CACT,mCAAmC,SAAS,0BAA0B;YACtE,GAAG,IAAI,CAAC,SAAS,YAAY,IAAI,CAAC,YAAY,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,CAC5D,CAAC;QACF,qBAAqB,CAAC,EAAE,MAAM,EAAE,OAAO,EAAE,SAAS,EAAE,SAAS,EAAE,kBAAkB,EAAE,IAAI,EAAE,cAAc,EAAE,IAAI,EAAE,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,EAAE;YAC3H,OAAO,CAAC,IAAI,CACV,wDAAwD,SAAS,IAAI,EACpE,GAAa,CAAC,OAAO,CACvB,CAAC;YACF,gDAAgD;YAChD,aAAa,CAAC,OAAO,EAAE,SAAS,CAAC,CAAC;QACpC,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,sBAAsB;IACtB,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IAC7B,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,IAAI,EAAE,MAAM,EAAE,EAAE;QAChC,sBAAsB,CAAC;YACrB,IAAI,EAAE,MAAM,EAAE,SAAS,EAAE,OAAO,EAAE,QAAQ,EAAE,SAAS;YACrD,SAAS,EAAE,SAAS,EAAE,OAAO,CAAC,EAAE,EAAE,MAAM,EAAE,kBAAkB;YAC5D,eAAe,EAAE,IAAI,EAAE,MAAM,EAAE,QAAQ,EAAE,cAAc;SACxD,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,EAAE;YACb,OAAO,CAAC,KAAK,CAAC,uDAAuD,SAAS,IAAI,EAAG,GAAa,CAAC,OAAO,CAAC,CAAC;QAC9G,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,KAAK,EAAE,GAAG,EAAE,EAAE;QAC7B,OAAO,CAAC,KAAK,CAAC,mCAAmC,SAAS,UAAU,EAAE,GAAG,CAAC,OAAO,CAAC,CAAC;QAEnF,oDAAoD;QACpD,QAAQ,EAAE,WAAW,CAAC,OAAO,CAAC,CAAC;QAE/B,IAAI,CAAC;YACH,MAAM,SAAS,CACb,GAAG,EAAE,CAAC,aAAa,CAAC,OAAO,CAAC,EAAE,EAAE;gBAC9B,MAAM,EAAE,QAAQ;gBAChB,WAAW,EAAE,kBAAkB,GAAG,CAAC,OAAO,EAAE;gBAC5C,aAAa,EAAE,OAAO;gBACtB,QAAQ,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;aACnC,CAAC,EACF,EAAE,WAAW,EAAE,CAAC,EAAE,WAAW,EAAE,IAAI,EAAE,KAAK,EAAE,sBAAsB,EAAE,CACrE,CAAC;QACJ,CAAC;QAAC,OAAO,SAAS,EAAE,CAAC;YACnB,OAAO,CAAC,IAAI,CAAC,0DAA0D,EAAG,SAAmB,CAAC,OAAO,CAAC,CAAC;QACzG,CAAC;QAED,kBAAkB,CAAC,OAAO,EAAE,CAAC;QAC7B,IAAI,CAAC,eAAe,CAAC,GAAG,EAAE,CAAC;QAC3B,IAAI,CAAC,YAAY,CAAC,GAAG,EAAE,CAAC;QACxB,IAAI,CAAC,WAAW,CAAC,GAAG,EAAE,CAAC;QAEvB,wDAAwD;QACxD,SAAS,CAAC,KAAK,GAAG,YAAY,CAAC;QAC/B,WAAW,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;IAC9B,CAAC,CAAC,CAAC;AACL,CAAC"}
|
|
@@ -11,6 +11,41 @@
|
|
|
11
11
|
* is preserved because it is set intentionally.
|
|
12
12
|
*/
|
|
13
13
|
import type { DaemonConfig } from './types.js';
|
|
14
|
+
/**
|
|
15
|
+
* Environment allowlist for spawned agents (ambient-authority reduction).
|
|
16
|
+
*
|
|
17
|
+
* The daemon used to spread its entire `process.env` into every spawn, so an
|
|
18
|
+
* agent inherited the operator's SSH agent socket, cloud-CLI credentials,
|
|
19
|
+
* registry tokens, and arbitrary host env -- the full operator identity. We now
|
|
20
|
+
* build the spawn environment from an explicit allowlist: only the keys an
|
|
21
|
+
* agent legitimately needs reach it. Everything else (SSH_AUTH_SOCK, AWS_*,
|
|
22
|
+
* GOOGLE_*, GITHUB_TOKEN, NPM_TOKEN, KUBECONFIG, ...) is dropped by construction.
|
|
23
|
+
*
|
|
24
|
+
* Anything the daemon must inject regardless (TELORA_DAEMON_AGENT,
|
|
25
|
+
* TELORA_MCP_PROFILE, CLAUDE_CODE_EXPERIMENTAL_AGENT_TEAMS, OTEL_*, and the
|
|
26
|
+
* per-spawn fetched model secret from fetchBackendEnvExtras) is added explicitly
|
|
27
|
+
* AFTER this filter and is unaffected by it.
|
|
28
|
+
*
|
|
29
|
+
* See docs/security-posture-daemon-execution.md for the rationale and the
|
|
30
|
+
* dedicated-service-user complement.
|
|
31
|
+
*/
|
|
32
|
+
export declare const SPAWN_ENV_ALLOWLIST_EXACT: readonly string[];
|
|
33
|
+
/**
|
|
34
|
+
* Prefix families allowed through. A var is allowed when it equals an exact key
|
|
35
|
+
* above OR starts with one of these prefixes. Kept deliberately narrow:
|
|
36
|
+
* - LC_* locale
|
|
37
|
+
* - GIT_* git author/committer/config the agent needs for local commits
|
|
38
|
+
* (push credentials are NOT here -- the daemon does merge-back)
|
|
39
|
+
* - TELORA_* the agent's MCP server needs URL/tracker/org/product ids
|
|
40
|
+
* - XDG_* config/cache dirs claude/codex may resolve
|
|
41
|
+
* - OTEL_* telemetry (also injected explicitly, but allow inherited ones)
|
|
42
|
+
* - ANTHROPIC_* / OPENAI_* / CODEX_* provider config (base url, etc.)
|
|
43
|
+
*/
|
|
44
|
+
export declare const SPAWN_ENV_ALLOWLIST_PREFIXES: readonly string[];
|
|
45
|
+
/**
|
|
46
|
+
* Pick the allowlisted subset of an environment object. Pure -- exported for tests.
|
|
47
|
+
*/
|
|
48
|
+
export declare function pickAllowedEnv(source: Record<string, string | undefined>): Record<string, string | undefined>;
|
|
14
49
|
/**
|
|
15
50
|
* IDs for OTEL resource attribute correlation. The org/focus/session/delivery
|
|
16
51
|
* fields are optional -- not every spawn knows all of them.
|
|
@@ -62,7 +97,9 @@ export declare function buildLeveredSpawnEnvironment(config: DaemonConfig, ids:
|
|
|
62
97
|
/**
|
|
63
98
|
* Build a clean environment for a spawned agent or team lead process.
|
|
64
99
|
*
|
|
65
|
-
* - Copies process.env
|
|
100
|
+
* - Copies ONLY the allowlisted subset of process.env (pickAllowedEnv) -- the
|
|
101
|
+
* operator's SSH/cloud/registry credentials and arbitrary host env never reach
|
|
102
|
+
* the agent
|
|
66
103
|
* - Sets TELORA_DAEMON_AGENT=1 and TELORA_MCP_PROFILE=execution
|
|
67
104
|
* - Enables CLAUDE_CODE_EXPERIMENTAL_AGENT_TEAMS=1
|
|
68
105
|
* - Strips CLAUDECODE, CLAUDE_CODE_*, and CLAUDECODE_* (except CLAUDE_CODE_EXPERIMENTAL_AGENT_TEAMS)
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"spawn-environment.d.ts","sourceRoot":"","sources":["../src/spawn-environment.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,YAAY,CAAC;AAI/C;;;;;;;;;;;;;;;;;GAiBG;AACH,MAAM,WAAW,QAAQ;IACvB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED;;;;;;;GAOG;AACH,MAAM,WAAW,eAAgB,SAAQ,QAAQ;IAC/C,KAAK,EAAE,MAAM,CAAC;IACd,KAAK,EAAE,MAAM,CAAC;CACf;AAED;;;;;;;;GAQG;AACH,wBAAgB,4BAA4B,CAC1C,MAAM,EAAE,YAAY,EACpB,GAAG,EAAE,eAAe,GACnB,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,SAAS,CAAC,CAEpC;AAED
|
|
1
|
+
{"version":3,"file":"spawn-environment.d.ts","sourceRoot":"","sources":["../src/spawn-environment.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,YAAY,CAAC;AAI/C;;;;;;;;;;;;;;;;;GAiBG;AACH,eAAO,MAAM,yBAAyB,EAAE,SAAS,MAAM,EAiBtD,CAAC;AAEF;;;;;;;;;;GAUG;AACH,eAAO,MAAM,4BAA4B,EAAE,SAAS,MAAM,EAEzD,CAAC;AAEF;;GAEG;AACH,wBAAgB,cAAc,CAC5B,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,SAAS,CAAC,GACzC,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,SAAS,CAAC,CAYpC;AAED;;;;;;;;;;;;;;;;;GAiBG;AACH,MAAM,WAAW,QAAQ;IACvB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED;;;;;;;GAOG;AACH,MAAM,WAAW,eAAgB,SAAQ,QAAQ;IAC/C,KAAK,EAAE,MAAM,CAAC;IACd,KAAK,EAAE,MAAM,CAAC;CACf;AAED;;;;;;;;GAQG;AACH,wBAAgB,4BAA4B,CAC1C,MAAM,EAAE,YAAY,EACpB,GAAG,EAAE,eAAe,GACnB,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,SAAS,CAAC,CAEpC;AAED;;;;;;;;;;;;;;;;GAgBG;AACH,wBAAgB,qBAAqB,CACnC,MAAM,EAAE,YAAY,EACpB,GAAG,EAAE,QAAQ,GACZ,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,SAAS,CAAC,CAgCpC;AAED;;;;;;;;;GASG;AACH,wBAAsB,qBAAqB,CACzC,SAAS,EAAE,MAAM,GAChB,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC,CAcjC"}
|
|
@@ -12,6 +12,71 @@
|
|
|
12
12
|
*/
|
|
13
13
|
import { stripClaudeCodeEnvVars, buildOtelEnv } from '@telora/daemon-core';
|
|
14
14
|
import { callApi } from './queries/shared.js';
|
|
15
|
+
/**
|
|
16
|
+
* Environment allowlist for spawned agents (ambient-authority reduction).
|
|
17
|
+
*
|
|
18
|
+
* The daemon used to spread its entire `process.env` into every spawn, so an
|
|
19
|
+
* agent inherited the operator's SSH agent socket, cloud-CLI credentials,
|
|
20
|
+
* registry tokens, and arbitrary host env -- the full operator identity. We now
|
|
21
|
+
* build the spawn environment from an explicit allowlist: only the keys an
|
|
22
|
+
* agent legitimately needs reach it. Everything else (SSH_AUTH_SOCK, AWS_*,
|
|
23
|
+
* GOOGLE_*, GITHUB_TOKEN, NPM_TOKEN, KUBECONFIG, ...) is dropped by construction.
|
|
24
|
+
*
|
|
25
|
+
* Anything the daemon must inject regardless (TELORA_DAEMON_AGENT,
|
|
26
|
+
* TELORA_MCP_PROFILE, CLAUDE_CODE_EXPERIMENTAL_AGENT_TEAMS, OTEL_*, and the
|
|
27
|
+
* per-spawn fetched model secret from fetchBackendEnvExtras) is added explicitly
|
|
28
|
+
* AFTER this filter and is unaffected by it.
|
|
29
|
+
*
|
|
30
|
+
* See docs/security-posture-daemon-execution.md for the rationale and the
|
|
31
|
+
* dedicated-service-user complement.
|
|
32
|
+
*/
|
|
33
|
+
export const SPAWN_ENV_ALLOWLIST_EXACT = [
|
|
34
|
+
// Core shell / process
|
|
35
|
+
'PATH', 'HOME', 'USER', 'LOGNAME', 'SHELL', 'PWD',
|
|
36
|
+
// Locale / terminal
|
|
37
|
+
'LANG', 'LANGUAGE', 'TERM', 'TERMINFO', 'TZ', 'COLORTERM', 'EDITOR', 'PAGER',
|
|
38
|
+
// Temp dirs
|
|
39
|
+
'TMPDIR', 'TMP', 'TEMP',
|
|
40
|
+
// Node runtime (NOT NODE_OPTIONS -- avoid inherited --require injection)
|
|
41
|
+
'NODE_PATH',
|
|
42
|
+
// TLS / CA bundles (needed for https to Telora/model APIs behind custom CAs)
|
|
43
|
+
'NODE_EXTRA_CA_CERTS', 'SSL_CERT_FILE', 'SSL_CERT_DIR', 'CURL_CA_BUNDLE', 'REQUESTS_CA_BUNDLE',
|
|
44
|
+
// Proxies (egress through a corporate proxy must still work)
|
|
45
|
+
'HTTP_PROXY', 'HTTPS_PROXY', 'NO_PROXY', 'ALL_PROXY',
|
|
46
|
+
'http_proxy', 'https_proxy', 'no_proxy', 'all_proxy',
|
|
47
|
+
// Model/provider API keys the agent backend needs (claude reads ANTHROPIC_API_KEY;
|
|
48
|
+
// codex reads CODEX_API_KEY/OPENAI_API_KEY -- the fetched secret is also merged later)
|
|
49
|
+
'ANTHROPIC_API_KEY', 'OPENAI_API_KEY', 'CODEX_API_KEY',
|
|
50
|
+
];
|
|
51
|
+
/**
|
|
52
|
+
* Prefix families allowed through. A var is allowed when it equals an exact key
|
|
53
|
+
* above OR starts with one of these prefixes. Kept deliberately narrow:
|
|
54
|
+
* - LC_* locale
|
|
55
|
+
* - GIT_* git author/committer/config the agent needs for local commits
|
|
56
|
+
* (push credentials are NOT here -- the daemon does merge-back)
|
|
57
|
+
* - TELORA_* the agent's MCP server needs URL/tracker/org/product ids
|
|
58
|
+
* - XDG_* config/cache dirs claude/codex may resolve
|
|
59
|
+
* - OTEL_* telemetry (also injected explicitly, but allow inherited ones)
|
|
60
|
+
* - ANTHROPIC_* / OPENAI_* / CODEX_* provider config (base url, etc.)
|
|
61
|
+
*/
|
|
62
|
+
export const SPAWN_ENV_ALLOWLIST_PREFIXES = [
|
|
63
|
+
'LC_', 'GIT_', 'TELORA_', 'XDG_', 'OTEL_', 'ANTHROPIC_', 'OPENAI_', 'CODEX_',
|
|
64
|
+
];
|
|
65
|
+
/**
|
|
66
|
+
* Pick the allowlisted subset of an environment object. Pure -- exported for tests.
|
|
67
|
+
*/
|
|
68
|
+
export function pickAllowedEnv(source) {
|
|
69
|
+
const out = {};
|
|
70
|
+
for (const [key, value] of Object.entries(source)) {
|
|
71
|
+
if (value === undefined)
|
|
72
|
+
continue;
|
|
73
|
+
if (SPAWN_ENV_ALLOWLIST_EXACT.includes(key) ||
|
|
74
|
+
SPAWN_ENV_ALLOWLIST_PREFIXES.some((p) => key.startsWith(p))) {
|
|
75
|
+
out[key] = value;
|
|
76
|
+
}
|
|
77
|
+
}
|
|
78
|
+
return out;
|
|
79
|
+
}
|
|
15
80
|
/**
|
|
16
81
|
* Build a clean environment for a LEVERED spawn -- the focus team-lead, the
|
|
17
82
|
* audit assessor, or any spawn running an attributable execution phase against
|
|
@@ -27,7 +92,9 @@ export function buildLeveredSpawnEnvironment(config, ids) {
|
|
|
27
92
|
/**
|
|
28
93
|
* Build a clean environment for a spawned agent or team lead process.
|
|
29
94
|
*
|
|
30
|
-
* - Copies process.env
|
|
95
|
+
* - Copies ONLY the allowlisted subset of process.env (pickAllowedEnv) -- the
|
|
96
|
+
* operator's SSH/cloud/registry credentials and arbitrary host env never reach
|
|
97
|
+
* the agent
|
|
31
98
|
* - Sets TELORA_DAEMON_AGENT=1 and TELORA_MCP_PROFILE=execution
|
|
32
99
|
* - Enables CLAUDE_CODE_EXPERIMENTAL_AGENT_TEAMS=1
|
|
33
100
|
* - Strips CLAUDECODE, CLAUDE_CODE_*, and CLAUDECODE_* (except CLAUDE_CODE_EXPERIMENTAL_AGENT_TEAMS)
|
|
@@ -40,10 +107,12 @@ export function buildLeveredSpawnEnvironment(config, ids) {
|
|
|
40
107
|
* applicable (and for tests that exercise the env plumbing without a phase).
|
|
41
108
|
*/
|
|
42
109
|
export function buildSpawnEnvironment(config, ids) {
|
|
43
|
-
// Start
|
|
44
|
-
//
|
|
110
|
+
// Start from the ALLOWLISTED subset of process.env (ambient-authority
|
|
111
|
+
// reduction -- never the full operator environment), add daemon-specific
|
|
112
|
+
// vars, then strip inherited Claude Code session markers (preserving
|
|
113
|
+
// AGENT_TEAMS).
|
|
45
114
|
const spawnEnv = stripClaudeCodeEnvVars({
|
|
46
|
-
...process.env,
|
|
115
|
+
...pickAllowedEnv(process.env),
|
|
47
116
|
TELORA_DAEMON_AGENT: '1',
|
|
48
117
|
TELORA_MCP_PROFILE: 'execution',
|
|
49
118
|
// Agent Teams always enabled -- focus-level execution model
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"spawn-environment.js","sourceRoot":"","sources":["../src/spawn-environment.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAGH,OAAO,EAAE,sBAAsB,EAAE,YAAY,EAAE,MAAM,qBAAqB,CAAC;AAC3E,OAAO,EAAE,OAAO,EAAE,MAAM,qBAAqB,CAAC;
|
|
1
|
+
{"version":3,"file":"spawn-environment.js","sourceRoot":"","sources":["../src/spawn-environment.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAGH,OAAO,EAAE,sBAAsB,EAAE,YAAY,EAAE,MAAM,qBAAqB,CAAC;AAC3E,OAAO,EAAE,OAAO,EAAE,MAAM,qBAAqB,CAAC;AAE9C;;;;;;;;;;;;;;;;;GAiBG;AACH,MAAM,CAAC,MAAM,yBAAyB,GAAsB;IAC1D,uBAAuB;IACvB,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,SAAS,EAAE,OAAO,EAAE,KAAK;IACjD,oBAAoB;IACpB,MAAM,EAAE,UAAU,EAAE,MAAM,EAAE,UAAU,EAAE,IAAI,EAAE,WAAW,EAAE,QAAQ,EAAE,OAAO;IAC5E,YAAY;IACZ,QAAQ,EAAE,KAAK,EAAE,MAAM;IACvB,yEAAyE;IACzE,WAAW;IACX,6EAA6E;IAC7E,qBAAqB,EAAE,eAAe,EAAE,cAAc,EAAE,gBAAgB,EAAE,oBAAoB;IAC9F,6DAA6D;IAC7D,YAAY,EAAE,aAAa,EAAE,UAAU,EAAE,WAAW;IACpD,YAAY,EAAE,aAAa,EAAE,UAAU,EAAE,WAAW;IACpD,mFAAmF;IACnF,uFAAuF;IACvF,mBAAmB,EAAE,gBAAgB,EAAE,eAAe;CACvD,CAAC;AAEF;;;;;;;;;;GAUG;AACH,MAAM,CAAC,MAAM,4BAA4B,GAAsB;IAC7D,KAAK,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,EAAE,OAAO,EAAE,YAAY,EAAE,SAAS,EAAE,QAAQ;CAC7E,CAAC;AAEF;;GAEG;AACH,MAAM,UAAU,cAAc,CAC5B,MAA0C;IAE1C,MAAM,GAAG,GAAuC,EAAE,CAAC;IACnD,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC;QAClD,IAAI,KAAK,KAAK,SAAS;YAAE,SAAS;QAClC,IACE,yBAAyB,CAAC,QAAQ,CAAC,GAAG,CAAC;YACvC,4BAA4B,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,EAC3D,CAAC;YACD,GAAG,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC;QACnB,CAAC;IACH,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AA0CD;;;;;;;;GAQG;AACH,MAAM,UAAU,4BAA4B,CAC1C,MAAoB,EACpB,GAAoB;IAEpB,OAAO,qBAAqB,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;AAC5C,CAAC;AAED;;;;;;;;;;;;;;;;GAgBG;AACH,MAAM,UAAU,qBAAqB,CACnC,MAAoB,EACpB,GAAa;IAEb,sEAAsE;IACtE,yEAAyE;IACzE,qEAAqE;IACrE,gBAAgB;IAChB,MAAM,QAAQ,GAAG,sBAAsB,CACrC;QACE,GAAG,cAAc,CAAC,OAAO,CAAC,GAAG,CAAC;QAC9B,mBAAmB,EAAE,GAAG;QACxB,kBAAkB,EAAE,WAAW;QAC/B,4DAA4D;QAC5D,oCAAoC,EAAE,GAAG;KAC1C,EACD,EAAE,QAAQ,EAAE,CAAC,sCAAsC,CAAC,EAAE,CACvD,CAAC;IAEF,2DAA2D;IAC3D,MAAM,OAAO,GAAG,YAAY,CAAC;QAC3B,OAAO,EAAE,MAAM,CAAC,SAAS,CAAC,OAAO;QACjC,IAAI,EAAE,MAAM,CAAC,SAAS,CAAC,IAAI;QAC3B,kBAAkB,EAAE;YAClB,eAAe,EAAE,GAAG,CAAC,KAAK;YAC1B,iBAAiB,EAAE,GAAG,CAAC,OAAO;YAC9B,oBAAoB,EAAE,GAAG,CAAC,UAAU;YACpC,mBAAmB,EAAE,GAAG,CAAC,SAAS;YAClC,cAAc,EAAE,GAAG,CAAC,KAAK;YACzB,cAAc,EAAE,GAAG,CAAC,KAAK;SAC1B;KACF,CAAC,CAAC;IACH,MAAM,CAAC,MAAM,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;IAEjC,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED;;;;;;;;;GASG;AACH,MAAM,CAAC,KAAK,UAAU,qBAAqB,CACzC,SAAiB;IAEjB,IAAI,SAAS,KAAK,OAAO,EAAE,CAAC;QAC1B,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,MAAM,OAAO,CAA4B,gBAAgB,EAAE;gBACxE,QAAQ,EAAE,QAAQ;aACnB,CAAC,CAAC;YACH,IAAI,MAAM,CAAC,MAAM,EAAE,CAAC;gBAClB,OAAO,EAAE,aAAa,EAAE,MAAM,CAAC,MAAM,EAAE,CAAC;YAC1C,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,4EAA4E;QAC9E,CAAC;IACH,CAAC;IACD,OAAO,EAAE,CAAC;AACZ,CAAC"}
|
|
@@ -0,0 +1,117 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* OS sandbox for spawned agents -- "make the worktree boundary true" (D3).
|
|
3
|
+
*
|
|
4
|
+
* The daemon spawns agents with --dangerously-skip-permissions /
|
|
5
|
+
* --dangerously-bypass-approvals-and-sandbox. The ONLY isolation around such a
|
|
6
|
+
* spawn used to be a git worktree, which bounds the git branch but NOT the OS:
|
|
7
|
+
* the agent could read sibling repos, the operator's home, SSH/cloud creds, and
|
|
8
|
+
* reach the network freely. This module wraps the spawn command in an OS
|
|
9
|
+
* sandbox (bubblewrap on Linux) so the agent's filesystem is confined to its
|
|
10
|
+
* worktree plus an explicit read-only allowlist (toolchain + model-auth config),
|
|
11
|
+
* with privileged capabilities and namespaces dropped.
|
|
12
|
+
*
|
|
13
|
+
* Posture (see docs/security-posture-daemon-execution.md):
|
|
14
|
+
* - FILESYSTEM confinement + capability/namespace isolation are ENFORCED by bwrap.
|
|
15
|
+
* - OUTBOUND EGRESS allowlisting is NOT enforced here (bubblewrap has no L3/L7
|
|
16
|
+
* egress filter); it is a documented residual gap. Network is shared so the
|
|
17
|
+
* agent can still reach the Telora API / git / registries / model API.
|
|
18
|
+
*
|
|
19
|
+
* FAIL-CLOSED: an EXPLICIT 'bwrap' mode whose sandbox cannot initialize REFUSES
|
|
20
|
+
* the spawn (throws SandboxUnavailableError) rather than running unconfined.
|
|
21
|
+
*
|
|
22
|
+
* DEFAULT is 'off' (see resolveSandboxMode): auto-enabling a sandbox whose
|
|
23
|
+
* per-host read-bind set has not been validated could break real spawns, so
|
|
24
|
+
* operators opt in to 'bwrap' after the per-host validation in
|
|
25
|
+
* docs/runbook-daemon-service-user.md. On Linux with bwrap present we log a
|
|
26
|
+
* recommendation to enable it.
|
|
27
|
+
*
|
|
28
|
+
* Pure command construction (buildSandboxCommand) takes injected deps so it is
|
|
29
|
+
* unit-testable without a real bubblewrap.
|
|
30
|
+
*/
|
|
31
|
+
import type { DaemonConfig, SandboxConfig, SandboxMode } from './types.js';
|
|
32
|
+
/** Thrown when an explicitly-required sandbox cannot initialize (fail-closed). */
|
|
33
|
+
export declare class SandboxUnavailableError extends Error {
|
|
34
|
+
constructor(detail: string);
|
|
35
|
+
}
|
|
36
|
+
/** Default bubblewrap executable name (overridable via deps for tests). */
|
|
37
|
+
export declare const BWRAP_COMMAND = "bwrap";
|
|
38
|
+
/** Return true if an executable name/path exists on the host PATH. */
|
|
39
|
+
export declare function commandOnPath(command: string, env?: NodeJS.ProcessEnv): boolean;
|
|
40
|
+
/** Is bubblewrap available on this host? */
|
|
41
|
+
export declare function isBwrapAvailable(deps?: {
|
|
42
|
+
commandExists?: (cmd: string) => boolean;
|
|
43
|
+
bwrapCommand?: string;
|
|
44
|
+
}): boolean;
|
|
45
|
+
/**
|
|
46
|
+
* Resolve the effective sandbox mode.
|
|
47
|
+
*
|
|
48
|
+
* - explicit config.sandbox.mode wins (and is honored even if unavailable --
|
|
49
|
+
* buildSandboxCommand then fail-closes).
|
|
50
|
+
* - unset + darwin => 'off' (dev; bwrap is Linux-only).
|
|
51
|
+
* - unset + linux => 'off' (safe default), with a warning health event emitted
|
|
52
|
+
* when bwrap is available. Operators opt in explicitly after per-host validation
|
|
53
|
+
* -- see docs/runbook-daemon-service-user.md.
|
|
54
|
+
*/
|
|
55
|
+
export declare function resolveSandboxMode(sandbox: SandboxConfig | undefined, deps?: {
|
|
56
|
+
platform?: NodeJS.Platform;
|
|
57
|
+
bwrapAvailable?: boolean;
|
|
58
|
+
logRecommendation?: (msg: string) => void;
|
|
59
|
+
}): SandboxMode;
|
|
60
|
+
export interface SandboxPolicy {
|
|
61
|
+
/** The worktree -- bound read-write; the agent's only writable host tree. */
|
|
62
|
+
worktreePath: string;
|
|
63
|
+
/** Extra host paths exposed read-only (toolchain, model-auth config, certs). */
|
|
64
|
+
readOnlyPaths?: readonly string[];
|
|
65
|
+
}
|
|
66
|
+
export interface BuildSandboxArgs {
|
|
67
|
+
/** The inner command that would be spawned without a sandbox (e.g. 'claude'). */
|
|
68
|
+
command: string;
|
|
69
|
+
/** The inner command's args. */
|
|
70
|
+
args: readonly string[];
|
|
71
|
+
/** Filesystem policy. */
|
|
72
|
+
policy: SandboxPolicy;
|
|
73
|
+
/** Effective mode (from resolveSandboxMode). */
|
|
74
|
+
mode: SandboxMode;
|
|
75
|
+
/** Whether bubblewrap is available (injected for tests). */
|
|
76
|
+
bwrapAvailable: boolean;
|
|
77
|
+
/** bwrap executable (default 'bwrap'). */
|
|
78
|
+
bwrapCommand?: string;
|
|
79
|
+
/** Called once when mode resolves to running UNCONFINED, for loud logging. */
|
|
80
|
+
onUnconfined?: (reason: string) => void;
|
|
81
|
+
}
|
|
82
|
+
export interface SandboxedCommand {
|
|
83
|
+
command: string;
|
|
84
|
+
args: string[];
|
|
85
|
+
}
|
|
86
|
+
/**
|
|
87
|
+
* Build the (possibly sandbox-wrapped) command + args for a spawn.
|
|
88
|
+
*
|
|
89
|
+
* mode 'off' -> returns the inner command unchanged and emits a loud
|
|
90
|
+
* "running unconfined" signal (the spawn has the daemon user's
|
|
91
|
+
* full authority).
|
|
92
|
+
* mode 'bwrap' -> if bwrap is unavailable, THROWS SandboxUnavailableError
|
|
93
|
+
* (fail-closed); otherwise returns a bwrap invocation that binds
|
|
94
|
+
* the worktree read-write, the readOnlyPaths read-only, system
|
|
95
|
+
* dirs read-only, and drops privileged namespaces.
|
|
96
|
+
*/
|
|
97
|
+
export declare function buildSandboxCommand(opts: BuildSandboxArgs): SandboxedCommand;
|
|
98
|
+
/**
|
|
99
|
+
* High-level helper used by the spawn path: resolve mode from config, derive the
|
|
100
|
+
* read-only allowlist (toolchain + model-auth config), and build the wrapped
|
|
101
|
+
* command. Emits a health event on unconfined runs and refuses (throws) when an
|
|
102
|
+
* explicitly-required sandbox is unavailable.
|
|
103
|
+
*/
|
|
104
|
+
export declare function wrapSpawnCommand(config: DaemonConfig, spawn: {
|
|
105
|
+
command: string;
|
|
106
|
+
args: readonly string[];
|
|
107
|
+
worktreePath: string;
|
|
108
|
+
}): SandboxedCommand;
|
|
109
|
+
/**
|
|
110
|
+
* Derive the read-only host paths a spawn legitimately needs: the toolchain
|
|
111
|
+
* (the backend command's dir + the daemon's own node), the agent's model-auth
|
|
112
|
+
* config under HOME (~/.claude.json, ~/.claude, ~/.codex), and any extra paths
|
|
113
|
+
* configured. Kept narrow -- this is the allowlist that decides what the agent
|
|
114
|
+
* can read OUTSIDE its worktree. Exported for tests.
|
|
115
|
+
*/
|
|
116
|
+
export declare function deriveReadOnlyPaths(config: DaemonConfig, backendCommand: string): string[];
|
|
117
|
+
//# sourceMappingURL=spawn-sandbox.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"spawn-sandbox.d.ts","sourceRoot":"","sources":["../src/spawn-sandbox.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA6BG;AAKH,OAAO,KAAK,EAAE,YAAY,EAAE,aAAa,EAAE,WAAW,EAAE,MAAM,YAAY,CAAC;AAE3E,kFAAkF;AAClF,qBAAa,uBAAwB,SAAQ,KAAK;gBACpC,MAAM,EAAE,MAAM;CAI3B;AAED,2EAA2E;AAC3E,eAAO,MAAM,aAAa,UAAU,CAAC;AAErC,sEAAsE;AACtE,wBAAgB,aAAa,CAAC,OAAO,EAAE,MAAM,EAAE,GAAG,GAAE,MAAM,CAAC,UAAwB,GAAG,OAAO,CAI5F;AAED,4CAA4C;AAC5C,wBAAgB,gBAAgB,CAC9B,IAAI,GAAE;IAAE,aAAa,CAAC,EAAE,CAAC,GAAG,EAAE,MAAM,KAAK,OAAO,CAAC;IAAC,YAAY,CAAC,EAAE,MAAM,CAAA;CAAO,GAC7E,OAAO,CAIT;AAED;;;;;;;;;GASG;AACH,wBAAgB,kBAAkB,CAChC,OAAO,EAAE,aAAa,GAAG,SAAS,EAClC,IAAI,GAAE;IAAE,QAAQ,CAAC,EAAE,MAAM,CAAC,QAAQ,CAAC;IAAC,cAAc,CAAC,EAAE,OAAO,CAAC;IAAC,iBAAiB,CAAC,EAAE,CAAC,GAAG,EAAE,MAAM,KAAK,IAAI,CAAA;CAAO,GAC7G,WAAW,CAwBb;AAED,MAAM,WAAW,aAAa;IAC5B,6EAA6E;IAC7E,YAAY,EAAE,MAAM,CAAC;IACrB,gFAAgF;IAChF,aAAa,CAAC,EAAE,SAAS,MAAM,EAAE,CAAC;CACnC;AAED,MAAM,WAAW,gBAAgB;IAC/B,iFAAiF;IACjF,OAAO,EAAE,MAAM,CAAC;IAChB,gCAAgC;IAChC,IAAI,EAAE,SAAS,MAAM,EAAE,CAAC;IACxB,yBAAyB;IACzB,MAAM,EAAE,aAAa,CAAC;IACtB,gDAAgD;IAChD,IAAI,EAAE,WAAW,CAAC;IAClB,4DAA4D;IAC5D,cAAc,EAAE,OAAO,CAAC;IACxB,0CAA0C;IAC1C,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,8EAA8E;IAC9E,YAAY,CAAC,EAAE,CAAC,MAAM,EAAE,MAAM,KAAK,IAAI,CAAC;CACzC;AAED,MAAM,WAAW,gBAAgB;IAC/B,OAAO,EAAE,MAAM,CAAC;IAChB,IAAI,EAAE,MAAM,EAAE,CAAC;CAChB;AAED;;;;;;;;;;GAUG;AACH,wBAAgB,mBAAmB,CAAC,IAAI,EAAE,gBAAgB,GAAG,gBAAgB,CA0D5E;AAED;;;;;GAKG;AACH,wBAAgB,gBAAgB,CAC9B,MAAM,EAAE,YAAY,EACpB,KAAK,EAAE;IAAE,OAAO,EAAE,MAAM,CAAC;IAAC,IAAI,EAAE,SAAS,MAAM,EAAE,CAAC;IAAC,YAAY,EAAE,MAAM,CAAA;CAAE,GACxE,gBAAgB,CAqBlB;AAED;;;;;;GAMG;AACH,wBAAgB,mBAAmB,CAAC,MAAM,EAAE,YAAY,EAAE,cAAc,EAAE,MAAM,GAAG,MAAM,EAAE,CA0B1F"}
|