@they-juanreina/compost-cli 0.1.3 → 0.1.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/commands/agreement.d.ts.map +1 -1
- package/dist/commands/agreement.js +2 -2
- package/dist/commands/agreement.js.map +1 -1
- package/dist/commands/backup.d.ts +3 -0
- package/dist/commands/backup.d.ts.map +1 -0
- package/dist/commands/backup.js +31 -0
- package/dist/commands/backup.js.map +1 -0
- package/dist/commands/chat.d.ts.map +1 -1
- package/dist/commands/chat.js +3 -2
- package/dist/commands/chat.js.map +1 -1
- package/dist/commands/export.d.ts.map +1 -1
- package/dist/commands/export.js +2 -2
- package/dist/commands/export.js.map +1 -1
- package/dist/commands/import.d.ts.map +1 -1
- package/dist/commands/import.js +5 -0
- package/dist/commands/import.js.map +1 -1
- package/dist/commands/ingest.d.ts.map +1 -1
- package/dist/commands/ingest.js +1 -0
- package/dist/commands/ingest.js.map +1 -1
- package/dist/commands/init.d.ts.map +1 -1
- package/dist/commands/init.js +1 -0
- package/dist/commands/init.js.map +1 -1
- package/dist/commands/reindex.d.ts.map +1 -1
- package/dist/commands/reindex.js +18 -8
- package/dist/commands/reindex.js.map +1 -1
- package/dist/commands/search.d.ts.map +1 -1
- package/dist/commands/search.js +10 -0
- package/dist/commands/search.js.map +1 -1
- package/dist/commands/secrets.d.ts.map +1 -1
- package/dist/commands/secrets.js +13 -11
- package/dist/commands/secrets.js.map +1 -1
- package/dist/commands/setup.d.ts.map +1 -1
- package/dist/commands/setup.js +5 -1
- package/dist/commands/setup.js.map +1 -1
- package/dist/commands/setupItem.d.ts +26 -0
- package/dist/commands/setupItem.d.ts.map +1 -0
- package/dist/commands/setupItem.js +145 -0
- package/dist/commands/setupItem.js.map +1 -0
- package/dist/commands/transcribe.d.ts.map +1 -1
- package/dist/commands/transcribe.js +25 -8
- package/dist/commands/transcribe.js.map +1 -1
- package/dist/commands/watch.d.ts.map +1 -1
- package/dist/commands/watch.js +53 -6
- package/dist/commands/watch.js.map +1 -1
- package/dist/errors.d.ts +5 -1
- package/dist/errors.d.ts.map +1 -1
- package/dist/errors.js +6 -0
- package/dist/errors.js.map +1 -1
- package/dist/exporters/pdf.d.ts.map +1 -1
- package/dist/exporters/pdf.js +2 -1
- package/dist/exporters/pdf.js.map +1 -1
- package/dist/legacy_client.d.ts.map +1 -1
- package/dist/legacy_client.js +2 -1
- package/dist/legacy_client.js.map +1 -1
- package/dist/lib/artifacts.d.ts +3 -1
- package/dist/lib/artifacts.d.ts.map +1 -1
- package/dist/lib/artifacts.js +15 -20
- package/dist/lib/artifacts.js.map +1 -1
- package/dist/lib/backup.d.ts +37 -0
- package/dist/lib/backup.d.ts.map +1 -0
- package/dist/lib/backup.js +57 -0
- package/dist/lib/backup.js.map +1 -0
- package/dist/lib/childEnv.d.ts +13 -0
- package/dist/lib/childEnv.d.ts.map +1 -0
- package/dist/lib/childEnv.js +45 -0
- package/dist/lib/childEnv.js.map +1 -0
- package/dist/lib/events.d.ts +10 -0
- package/dist/lib/events.d.ts.map +1 -1
- package/dist/lib/events.js +20 -1
- package/dist/lib/events.js.map +1 -1
- package/dist/lib/journal.d.ts +0 -4
- package/dist/lib/journal.d.ts.map +1 -1
- package/dist/lib/journal.js +8 -18
- package/dist/lib/journal.js.map +1 -1
- package/dist/lib/legacyNative.d.ts +1 -8
- package/dist/lib/legacyNative.d.ts.map +1 -1
- package/dist/lib/legacyNative.js +10 -23
- package/dist/lib/legacyNative.js.map +1 -1
- package/dist/lib/migrate.d.ts.map +1 -1
- package/dist/lib/migrate.js +9 -2
- package/dist/lib/migrate.js.map +1 -1
- package/dist/lib/nativeRuntime.d.ts +31 -0
- package/dist/lib/nativeRuntime.d.ts.map +1 -1
- package/dist/lib/nativeRuntime.js +38 -0
- package/dist/lib/nativeRuntime.js.map +1 -1
- package/dist/lib/pathSafe.d.ts +8 -0
- package/dist/lib/pathSafe.d.ts.map +1 -0
- package/dist/lib/pathSafe.js +12 -0
- package/dist/lib/pathSafe.js.map +1 -0
- package/dist/lib/provisionNative.d.ts.map +1 -1
- package/dist/lib/provisionNative.js +6 -2
- package/dist/lib/provisionNative.js.map +1 -1
- package/dist/lib/reads.d.ts.map +1 -1
- package/dist/lib/reads.js +2 -2
- package/dist/lib/reads.js.map +1 -1
- package/dist/lib/redact.d.ts +7 -0
- package/dist/lib/redact.d.ts.map +1 -0
- package/dist/lib/redact.js +45 -0
- package/dist/lib/redact.js.map +1 -0
- package/dist/lib/rerun.d.ts.map +1 -1
- package/dist/lib/rerun.js +3 -9
- package/dist/lib/rerun.js.map +1 -1
- package/dist/lib/retrieve.d.ts.map +1 -1
- package/dist/lib/retrieve.js +2 -1
- package/dist/lib/retrieve.js.map +1 -1
- package/dist/lib/saturate.js +3 -3
- package/dist/lib/saturate.js.map +1 -1
- package/dist/lib/secrets.d.ts.map +1 -1
- package/dist/lib/secrets.js +84 -77
- package/dist/lib/secrets.js.map +1 -1
- package/dist/lib/seedResolve.d.ts +5 -0
- package/dist/lib/seedResolve.d.ts.map +1 -1
- package/dist/lib/seedResolve.js +12 -3
- package/dist/lib/seedResolve.js.map +1 -1
- package/dist/lib/session.d.ts.map +1 -1
- package/dist/lib/session.js +6 -4
- package/dist/lib/session.js.map +1 -1
- package/dist/lib/sessionId.d.ts +9 -0
- package/dist/lib/sessionId.d.ts.map +1 -0
- package/dist/lib/sessionId.js +37 -0
- package/dist/lib/sessionId.js.map +1 -0
- package/dist/lib/setup.d.ts +4 -0
- package/dist/lib/setup.d.ts.map +1 -1
- package/dist/lib/setup.js +28 -23
- package/dist/lib/setup.js.map +1 -1
- package/dist/lib/setupItem.d.ts +99 -0
- package/dist/lib/setupItem.d.ts.map +1 -0
- package/dist/lib/setupItem.js +262 -0
- package/dist/lib/setupItem.js.map +1 -0
- package/dist/lib/setupWizard.d.ts +2 -0
- package/dist/lib/setupWizard.d.ts.map +1 -1
- package/dist/lib/setupWizard.js +144 -20
- package/dist/lib/setupWizard.js.map +1 -1
- package/dist/lib/snap.d.ts.map +1 -1
- package/dist/lib/snap.js +5 -0
- package/dist/lib/snap.js.map +1 -1
- package/dist/lib/stdin.d.ts +5 -0
- package/dist/lib/stdin.d.ts.map +1 -0
- package/dist/lib/stdin.js +12 -0
- package/dist/lib/stdin.js.map +1 -0
- package/dist/lib/transcribeNative.d.ts +4 -9
- package/dist/lib/transcribeNative.d.ts.map +1 -1
- package/dist/lib/transcribeNative.js +11 -26
- package/dist/lib/transcribeNative.js.map +1 -1
- package/dist/lib/validate.d.ts.map +1 -1
- package/dist/lib/validate.js +2 -1
- package/dist/lib/validate.js.map +1 -1
- package/dist/lib/version.d.ts.map +1 -1
- package/dist/lib/version.js +2 -10
- package/dist/lib/version.js.map +1 -1
- package/dist/llm/adapter.d.ts +5 -0
- package/dist/llm/adapter.d.ts.map +1 -1
- package/dist/llm/adapter.js +25 -8
- package/dist/llm/adapter.js.map +1 -1
- package/dist/llm/http.d.ts +22 -1
- package/dist/llm/http.d.ts.map +1 -1
- package/dist/llm/http.js +52 -30
- package/dist/llm/http.js.map +1 -1
- package/dist/llm/providers/anthropic.d.ts.map +1 -1
- package/dist/llm/providers/anthropic.js +6 -9
- package/dist/llm/providers/anthropic.js.map +1 -1
- package/dist/llm/providers/ollama.d.ts.map +1 -1
- package/dist/llm/providers/ollama.js +2 -7
- package/dist/llm/providers/ollama.js.map +1 -1
- package/dist/llm/providers/openai_compatible.d.ts.map +1 -1
- package/dist/llm/providers/openai_compatible.js +2 -7
- package/dist/llm/providers/openai_compatible.js.map +1 -1
- package/dist/logging.d.ts.map +1 -1
- package/dist/logging.js +3 -1
- package/dist/logging.js.map +1 -1
- package/dist/loops/embed_worker.d.ts +3 -0
- package/dist/loops/embed_worker.d.ts.map +1 -1
- package/dist/loops/embed_worker.js +11 -4
- package/dist/loops/embed_worker.js.map +1 -1
- package/dist/loops/legacy_worker.d.ts.map +1 -1
- package/dist/loops/legacy_worker.js +12 -3
- package/dist/loops/legacy_worker.js.map +1 -1
- package/dist/loops/supervisor.d.ts +4 -0
- package/dist/loops/supervisor.d.ts.map +1 -1
- package/dist/loops/supervisor.js +6 -2
- package/dist/loops/supervisor.js.map +1 -1
- package/dist/loops/transcribe_worker.d.ts +3 -0
- package/dist/loops/transcribe_worker.d.ts.map +1 -1
- package/dist/loops/transcribe_worker.js +13 -4
- package/dist/loops/transcribe_worker.js.map +1 -1
- package/dist/output.d.ts.map +1 -1
- package/dist/output.js +5 -4
- package/dist/output.js.map +1 -1
- package/dist/render/glyphs.d.ts +30 -0
- package/dist/render/glyphs.d.ts.map +1 -0
- package/dist/render/glyphs.js +38 -0
- package/dist/render/glyphs.js.map +1 -0
- package/dist/render/human.d.ts +2 -0
- package/dist/render/human.d.ts.map +1 -1
- package/dist/render/human.js +12 -4
- package/dist/render/human.js.map +1 -1
- package/dist/router.d.ts.map +1 -1
- package/dist/router.js +16 -3
- package/dist/router.js.map +1 -1
- package/dist/transcriber_client.d.ts.map +1 -1
- package/dist/transcriber_client.js +2 -1
- package/dist/transcriber_client.js.map +1 -1
- package/package.json +4 -4
- package/templates/AGENTS.md +1 -1
- package/transcriber/app/transcribe_cli.py +15 -1
package/dist/lib/secrets.js
CHANGED
|
@@ -2,7 +2,7 @@ import { execFileSync } from 'node:child_process';
|
|
|
2
2
|
import { chmodSync, existsSync, mkdirSync, readdirSync, readFileSync, rmSync, statSync, writeFileSync, } from 'node:fs';
|
|
3
3
|
import { homedir } from 'node:os';
|
|
4
4
|
import { join, relative } from 'node:path';
|
|
5
|
-
import { CompostError } from '../errors.js';
|
|
5
|
+
import { CompostError, errMessage } from '../errors.js';
|
|
6
6
|
/**
|
|
7
7
|
* Secret resolution + storage (#236 readiness hardening).
|
|
8
8
|
*
|
|
@@ -24,6 +24,15 @@ import { CompostError } from '../errors.js';
|
|
|
24
24
|
*/
|
|
25
25
|
/** Keychain service name (macOS `-s` / Linux `service` attribute). */
|
|
26
26
|
export const KEYCHAIN_SERVICE = 'compost';
|
|
27
|
+
/**
|
|
28
|
+
* Names that `loadSecretsEnv` copied from the 0600 file into `process.env` this
|
|
29
|
+
* run. Because the autoload makes a file-stored secret resolve via `process.env`
|
|
30
|
+
* first, resolution would otherwise mislabel its source as `env`. Tracking the
|
|
31
|
+
* autoloaded names lets `resolveSecret`/`listSecrets` report the truthful
|
|
32
|
+
* `file` source (the value is the file's, not a shell export). Empty until
|
|
33
|
+
* `loadSecretsEnv` runs (so direct unit tests are unaffected).
|
|
34
|
+
*/
|
|
35
|
+
const autoloadedNames = new Set();
|
|
27
36
|
/**
|
|
28
37
|
* Well-known secret names. Used by `compost secrets list` (which never reads
|
|
29
38
|
* the value, only reports presence) and to decide what's worth probing in the
|
|
@@ -71,6 +80,16 @@ export function fileIsSecure(path, platform = process.platform) {
|
|
|
71
80
|
return true; // absent file can't leak
|
|
72
81
|
}
|
|
73
82
|
}
|
|
83
|
+
/** The POSIX mode bits of `path`, or undefined when it can't be stat'd (absent
|
|
84
|
+
* or unreadable) — lets a perms check skip what it can't see. */
|
|
85
|
+
function statMode(path) {
|
|
86
|
+
try {
|
|
87
|
+
return statSync(path).mode;
|
|
88
|
+
}
|
|
89
|
+
catch {
|
|
90
|
+
return undefined;
|
|
91
|
+
}
|
|
92
|
+
}
|
|
74
93
|
// ---------------------------------------------------------------------------
|
|
75
94
|
// Dotenv parsing
|
|
76
95
|
// ---------------------------------------------------------------------------
|
|
@@ -149,6 +168,14 @@ function ensureSecureHome(deps) {
|
|
|
149
168
|
}
|
|
150
169
|
return dir;
|
|
151
170
|
}
|
|
171
|
+
/** Serialize the dotenv to `path` with 0600 perms — `mode` on create, plus an
|
|
172
|
+
* explicit chmod on POSIX so an already-loose file is tightened (the write mode
|
|
173
|
+
* is umask-masked and on its own won't downgrade a permissive existing file). */
|
|
174
|
+
function writeDotenv600(path, values, deps) {
|
|
175
|
+
writeFileSync(path, serializeDotenv(values), { mode: 0o600 });
|
|
176
|
+
if ((deps.platform ?? process.platform) !== 'win32')
|
|
177
|
+
chmodSync(path, 0o600);
|
|
178
|
+
}
|
|
152
179
|
/** Write/replace a single key in the dotenv, always (re)normalizing perms to
|
|
153
180
|
* 0600. Reads existing contents raw (bypassing the secrecy gate) so a key set
|
|
154
181
|
* on a previously-loose file both preserves siblings and *fixes* the perms. */
|
|
@@ -157,9 +184,7 @@ function writeSecretToFile(name, value, deps) {
|
|
|
157
184
|
const path = secretsEnvPath(deps);
|
|
158
185
|
const existing = existsSync(path) ? parseDotenv(readFileSync(path, 'utf8')) : {};
|
|
159
186
|
existing[name] = value;
|
|
160
|
-
|
|
161
|
-
if ((deps.platform ?? process.platform) !== 'win32')
|
|
162
|
-
chmodSync(path, 0o600);
|
|
187
|
+
writeDotenv600(path, existing, deps);
|
|
163
188
|
return path;
|
|
164
189
|
}
|
|
165
190
|
/** Remove a key from the dotenv. Returns true if the key was present. */
|
|
@@ -175,9 +200,7 @@ function removeSecretFromFile(name, deps) {
|
|
|
175
200
|
rmSync(path, { force: true });
|
|
176
201
|
}
|
|
177
202
|
else {
|
|
178
|
-
|
|
179
|
-
if ((deps.platform ?? process.platform) !== 'win32')
|
|
180
|
-
chmodSync(path, 0o600);
|
|
203
|
+
writeDotenv600(path, existing, deps);
|
|
181
204
|
}
|
|
182
205
|
return true;
|
|
183
206
|
}
|
|
@@ -197,25 +220,25 @@ function runCmd(cmd, args, input) {
|
|
|
197
220
|
return { ok: false, stdout: out, code: typeof e.status === 'number' ? e.status : null };
|
|
198
221
|
}
|
|
199
222
|
}
|
|
223
|
+
/** Map a `runCmd` result to its newline-trimmed stdout, or undefined when the
|
|
224
|
+
* command failed or produced no value — the shared keychain-read shape. */
|
|
225
|
+
function cmdValue(r) {
|
|
226
|
+
if (!r.ok)
|
|
227
|
+
return undefined;
|
|
228
|
+
const v = r.stdout.replace(/\n$/, '');
|
|
229
|
+
return v === '' ? undefined : v;
|
|
230
|
+
}
|
|
200
231
|
/** macOS Keychain via the `security` CLI. NB: `add-generic-password -w <value>`
|
|
201
|
-
* passes the secret as an argv
|
|
202
|
-
*
|
|
232
|
+
* passes the secret as an argv element, briefly visible to `ps` for the lifetime
|
|
233
|
+
* of the spawned `security` process. The interactive `-w` (no value) prompt form
|
|
234
|
+
* reads the password from the controlling TTY, not stdin, so it can't be fed via
|
|
235
|
+
* our piped `runCmd` without allocating a pty — not worth it under the single-user
|
|
236
|
+
* threat model. The exposure is documented in SECURITY.md ("Storing your tokens"). */
|
|
203
237
|
function macKeychain() {
|
|
204
238
|
return {
|
|
205
239
|
label: `macOS Keychain (service "${KEYCHAIN_SERVICE}")`,
|
|
206
240
|
get(name) {
|
|
207
|
-
|
|
208
|
-
'find-generic-password',
|
|
209
|
-
'-s',
|
|
210
|
-
KEYCHAIN_SERVICE,
|
|
211
|
-
'-a',
|
|
212
|
-
name,
|
|
213
|
-
'-w',
|
|
214
|
-
]);
|
|
215
|
-
if (!r.ok)
|
|
216
|
-
return undefined;
|
|
217
|
-
const v = r.stdout.replace(/\n$/, '');
|
|
218
|
-
return v === '' ? undefined : v;
|
|
241
|
+
return cmdValue(runCmd('security', ['find-generic-password', '-s', KEYCHAIN_SERVICE, '-a', name, '-w']));
|
|
219
242
|
},
|
|
220
243
|
set(name, value) {
|
|
221
244
|
const r = runCmd('security', [
|
|
@@ -247,11 +270,7 @@ function linuxKeychain() {
|
|
|
247
270
|
return {
|
|
248
271
|
label: `Secret Service (libsecret, service "${KEYCHAIN_SERVICE}")`,
|
|
249
272
|
get(name) {
|
|
250
|
-
|
|
251
|
-
if (!r.ok)
|
|
252
|
-
return undefined;
|
|
253
|
-
const v = r.stdout.replace(/\n$/, '');
|
|
254
|
-
return v === '' ? undefined : v;
|
|
273
|
+
return cmdValue(runCmd('secret-tool', ['lookup', ...attrs(name)]));
|
|
255
274
|
},
|
|
256
275
|
set(name, value) {
|
|
257
276
|
const r = runCmd('secret-tool', ['store', '--label', `${KEYCHAIN_SERVICE}: ${name}`, ...attrs(name)], value);
|
|
@@ -290,8 +309,11 @@ export function resolveSecret(name, opts = {}) {
|
|
|
290
309
|
const names = [name, ...(opts.aliases ?? [])];
|
|
291
310
|
for (const key of names) {
|
|
292
311
|
const v = env[key];
|
|
293
|
-
if (v && v.trim() !== '')
|
|
294
|
-
|
|
312
|
+
if (v && v.trim() !== '') {
|
|
313
|
+
// If the autoload put this here, its real home is the 0600 file — report
|
|
314
|
+
// that, not 'env', so the user isn't told a managed file is a shell export.
|
|
315
|
+
return { value: v, source: autoloadedNames.has(key) ? 'file' : 'env' };
|
|
316
|
+
}
|
|
295
317
|
}
|
|
296
318
|
const kc = detectKeychain(opts);
|
|
297
319
|
if (kc) {
|
|
@@ -325,7 +347,7 @@ export function setSecret(name, value, deps = {}) {
|
|
|
325
347
|
return { name, stored_in: 'keychain', location: kc.label };
|
|
326
348
|
}
|
|
327
349
|
catch (err) {
|
|
328
|
-
const reason =
|
|
350
|
+
const reason = errMessage(err);
|
|
329
351
|
const path = writeSecretToFile(name, value, deps);
|
|
330
352
|
return { name, stored_in: 'file', location: path, fallback_reason: reason };
|
|
331
353
|
}
|
|
@@ -356,7 +378,9 @@ export function listSecrets(deps = {}) {
|
|
|
356
378
|
for (const name of candidates) {
|
|
357
379
|
const sources = [];
|
|
358
380
|
const e = env[name];
|
|
359
|
-
|
|
381
|
+
// An autoloaded name is in env only because of the file — count it once, as
|
|
382
|
+
// 'file' (below), not 'env', so it doesn't masquerade/double-count.
|
|
383
|
+
if (e && e.trim() !== '' && !autoloadedNames.has(name))
|
|
360
384
|
sources.push('env');
|
|
361
385
|
if (kc) {
|
|
362
386
|
const v = kc.get(name);
|
|
@@ -391,6 +415,8 @@ export function loadSecretsEnv(deps = {}) {
|
|
|
391
415
|
if (cur === undefined || cur === '') {
|
|
392
416
|
env[k] = v;
|
|
393
417
|
loaded.push(k);
|
|
418
|
+
// Remember the file is the true source, so resolution doesn't mislabel it 'env'.
|
|
419
|
+
autoloadedNames.add(k);
|
|
394
420
|
}
|
|
395
421
|
}
|
|
396
422
|
return { path: read.path, loaded, skipped: null };
|
|
@@ -415,41 +441,27 @@ export function auditSecretsPerms(deps = {}) {
|
|
|
415
441
|
const issues = [];
|
|
416
442
|
const home = compostHome(deps);
|
|
417
443
|
// Home dir: flag group/world-writable (the dangerous case for a secrets dir).
|
|
418
|
-
|
|
419
|
-
|
|
420
|
-
|
|
421
|
-
|
|
422
|
-
|
|
423
|
-
|
|
424
|
-
|
|
425
|
-
|
|
426
|
-
|
|
427
|
-
detail: 'group/world-writable — others could replace files here',
|
|
428
|
-
});
|
|
429
|
-
}
|
|
430
|
-
}
|
|
431
|
-
catch {
|
|
432
|
-
// unreadable dir: nothing we can assert
|
|
433
|
-
}
|
|
444
|
+
const homeMode = statMode(home);
|
|
445
|
+
if (homeMode !== undefined && (homeMode & 0o022) !== 0) {
|
|
446
|
+
issues.push({
|
|
447
|
+
path: home,
|
|
448
|
+
kind: 'dir',
|
|
449
|
+
mode: octal(homeMode),
|
|
450
|
+
fix: `chmod 700 ${home}`,
|
|
451
|
+
detail: 'group/world-writable — others could replace files here',
|
|
452
|
+
});
|
|
434
453
|
}
|
|
435
454
|
// The managed dotenv specifically.
|
|
436
455
|
const sp = secretsEnvPath(deps);
|
|
437
|
-
|
|
438
|
-
|
|
439
|
-
|
|
440
|
-
|
|
441
|
-
|
|
442
|
-
|
|
443
|
-
|
|
444
|
-
|
|
445
|
-
|
|
446
|
-
detail: 'secrets file is group/world-readable',
|
|
447
|
-
});
|
|
448
|
-
}
|
|
449
|
-
}
|
|
450
|
-
catch {
|
|
451
|
-
// ignore
|
|
452
|
-
}
|
|
456
|
+
const spMode = statMode(sp);
|
|
457
|
+
if (spMode !== undefined && (spMode & 0o077) !== 0) {
|
|
458
|
+
issues.push({
|
|
459
|
+
path: sp,
|
|
460
|
+
kind: 'file',
|
|
461
|
+
mode: octal(spMode),
|
|
462
|
+
fix: `chmod 600 ${sp}`,
|
|
463
|
+
detail: 'secrets file is group/world-readable',
|
|
464
|
+
});
|
|
453
465
|
}
|
|
454
466
|
// Bounded scan for other secret-ish files left around the home dir.
|
|
455
467
|
const seen = new Set(issues.map((i) => i.path));
|
|
@@ -482,21 +494,16 @@ export function auditSecretsPerms(deps = {}) {
|
|
|
482
494
|
continue;
|
|
483
495
|
if (seen.has(full))
|
|
484
496
|
continue;
|
|
485
|
-
|
|
486
|
-
|
|
487
|
-
|
|
488
|
-
|
|
489
|
-
|
|
490
|
-
|
|
491
|
-
|
|
492
|
-
|
|
493
|
-
|
|
494
|
-
|
|
495
|
-
});
|
|
496
|
-
}
|
|
497
|
-
}
|
|
498
|
-
catch {
|
|
499
|
-
// ignore unreadable entry
|
|
497
|
+
const m = statMode(full);
|
|
498
|
+
if (m !== undefined && (m & 0o077) !== 0) {
|
|
499
|
+
seen.add(full);
|
|
500
|
+
issues.push({
|
|
501
|
+
path: full,
|
|
502
|
+
kind: 'file',
|
|
503
|
+
mode: octal(m),
|
|
504
|
+
fix: `chmod 600 ${full}`,
|
|
505
|
+
detail: 'looks like a secret file and is group/world-readable',
|
|
506
|
+
});
|
|
500
507
|
}
|
|
501
508
|
}
|
|
502
509
|
};
|
package/dist/lib/secrets.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"secrets.js","sourceRoot":"","sources":["../../src/lib/secrets.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAA;AACjD,OAAO,EACL,SAAS,EACT,UAAU,EACV,SAAS,EACT,WAAW,EACX,YAAY,EACZ,MAAM,EACN,QAAQ,EACR,aAAa,GACd,MAAM,SAAS,CAAA;AAChB,OAAO,EAAE,OAAO,EAAE,MAAM,SAAS,CAAA;AACjC,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,MAAM,WAAW,CAAA;AAE1C,OAAO,EAAE,YAAY,EAAE,MAAM,cAAc,CAAA;AAE3C;;;;;;;;;;;;;;;;;;GAkBG;AAEH,sEAAsE;AACtE,MAAM,CAAC,MAAM,gBAAgB,GAAG,SAAS,CAAA;AAUzC;;;;GAIG;AACH,MAAM,CAAC,MAAM,kBAAkB,GAAG;IAChC,mBAAmB;IACnB,UAAU;IACV,mBAAmB;IACnB,gBAAgB;CACR,CAAA;AAEV,uEAAuE;AACvE,MAAM,CAAC,MAAM,UAAU,GAAG,CAAC,UAAU,CAAC,CAAA;AA6BtC,8EAA8E;AAC9E,QAAQ;AACR,8EAA8E;AAE9E;2EAC2E;AAC3E,MAAM,UAAU,WAAW,CAAC,OAAoB,EAAE;IAChD,IAAI,IAAI,CAAC,IAAI,EAAE,IAAI,EAAE;QAAE,OAAO,IAAI,CAAC,IAAI,CAAA;IACvC,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,IAAI,OAAO,CAAC,GAAG,CAAA;IACnC,OAAO,GAAG,CAAC,YAAY,EAAE,IAAI,EAAE,CAAC,CAAC,CAAE,GAAG,CAAC,YAAuB,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,EAAE,EAAE,UAAU,CAAC,CAAA;AAC9F,CAAC;AAED;iFACiF;AACjF,MAAM,UAAU,cAAc,CAAC,OAAoB,EAAE;IACnD,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,IAAI,OAAO,CAAC,GAAG,CAAA;IACnC,IAAI,GAAG,CAAC,mBAAmB,EAAE,IAAI,EAAE;QAAE,OAAO,GAAG,CAAC,mBAA6B,CAAA;IAC7E,OAAO,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,EAAE,aAAa,CAAC,CAAA;AAC/C,CAAC;AAgBD,SAAS,KAAK,CAAC,IAAY;IACzB,OAAO,CAAC,IAAI,GAAG,KAAK,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,CAAA;AACpD,CAAC;AAED;gFACgF;AAChF,MAAM,UAAU,YAAY,CAAC,IAAY,EAAE,WAA4B,OAAO,CAAC,QAAQ;IACrF,IAAI,QAAQ,KAAK,OAAO;QAAE,OAAO,IAAI,CAAA;IACrC,IAAI,CAAC;QACH,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,IAAI,GAAG,KAAK,CAAC,KAAK,CAAC,CAAA;IAC5C,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAA,CAAC,yBAAyB;IACvC,CAAC;AACH,CAAC;AAED,8EAA8E;AAC9E,iBAAiB;AACjB,8EAA8E;AAE9E,MAAM,WAAW,GAAG,0BAA0B,CAAA;AAE9C,8EAA8E;AAC9E,MAAM,UAAU,gBAAgB,CAAC,IAAY;IAC3C,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;QAC5B,MAAM,IAAI,YAAY,CACpB,eAAe,EACf,wBAAwB,IAAI,uHAAuH,CACpJ,CAAA;IACH,CAAC;AACH,CAAC;AAED;;;qBAGqB;AACrB,MAAM,UAAU,WAAW,CAAC,IAAY;IACtC,MAAM,GAAG,GAA2B,EAAE,CAAA;IACtC,KAAK,MAAM,OAAO,IAAI,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC;QACvC,MAAM,IAAI,GAAG,OAAO,CAAC,IAAI,EAAE,CAAA;QAC3B,IAAI,IAAI,KAAK,EAAE,IAAI,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC;YAAE,SAAQ;QACjD,MAAM,EAAE,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,CAAA;QAC5B,IAAI,EAAE,KAAK,CAAC,CAAC;YAAE,SAAQ;QACvB,MAAM,GAAG,GAAG,IAAI;aACb,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC;aACZ,IAAI,EAAE;aACN,OAAO,CAAC,YAAY,EAAE,EAAE,CAAC,CAAA;QAC5B,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,GAAG,CAAC;YAAE,SAAQ;QACpC,IAAI,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC,IAAI,EAAE,CAAA;QACnC,IACE,GAAG,CAAC,MAAM,IAAI,CAAC;YACf,CAAC,CAAC,GAAG,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAC1F,CAAC;YACD,GAAG,GAAG,GAAG,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAA;QACxB,CAAC;QACD,GAAG,CAAC,GAAG,CAAC,GAAG,GAAG,CAAA;IAChB,CAAC;IACD,OAAO,GAAG,CAAA;AACZ,CAAC;AAED,SAAS,eAAe,CAAC,MAA8B;IACrD,MAAM,MAAM,GACV,8EAA8E;QAC9E,6EAA6E;QAC7E,2DAA2D,CAAA;IAC7D,MAAM,IAAI,GAAG,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC;SAChC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC;SAC5B,IAAI,CAAC,IAAI,CAAC,CAAA;IACb,OAAO,IAAI,CAAC,CAAC,CAAC,GAAG,MAAM,GAAG,IAAI,IAAI,CAAC,CAAC,CAAC,MAAM,CAAA;AAC7C,CAAC;AAWD;6EAC6E;AAC7E,MAAM,UAAU,eAAe,CAAC,OAAoB,EAAE;IACpD,MAAM,QAAQ,GAAG,IAAI,CAAC,QAAQ,IAAI,OAAO,CAAC,QAAQ,CAAA;IAClD,MAAM,IAAI,GAAG,cAAc,CAAC,IAAI,CAAC,CAAA;IACjC,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC;QAAE,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,EAAE,EAAE,CAAA;IAC/E,IAAI,CAAC,YAAY,CAAC,IAAI,EAAE,QAAQ,CAAC,EAAE,CAAC;QAClC,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,EAAE,EAAE,CAAA;IAC1D,CAAC;IACD,IAAI,CAAC;QACH,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,WAAW,CAAC,YAAY,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC,EAAE,CAAA;IAC9F,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,MAAM,IAAI,YAAY,CAAC,UAAU,EAAE,kBAAkB,IAAI,EAAE,EAAE,EAAE,KAAK,EAAE,CAAC,CAAA;IACzE,CAAC;AACH,CAAC;AAED,wDAAwD;AACxD,SAAS,gBAAgB,CAAC,IAAiB;IACzC,MAAM,GAAG,GAAG,WAAW,CAAC,IAAI,CAAC,CAAA;IAC7B,SAAS,CAAC,GAAG,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAA;IAChD,IAAI,CAAC,IAAI,CAAC,QAAQ,IAAI,OAAO,CAAC,QAAQ,CAAC,KAAK,OAAO,EAAE,CAAC;QACpD,IAAI,CAAC;YACH,SAAS,CAAC,GAAG,EAAE,KAAK,CAAC,CAAA;QACvB,CAAC;QAAC,MAAM,CAAC;YACP,2EAA2E;QAC7E,CAAC;IACH,CAAC;IACD,OAAO,GAAG,CAAA;AACZ,CAAC;AAED;;+EAE+E;AAC/E,SAAS,iBAAiB,CAAC,IAAY,EAAE,KAAa,EAAE,IAAiB;IACvE,gBAAgB,CAAC,IAAI,CAAC,CAAA;IACtB,MAAM,IAAI,GAAG,cAAc,CAAC,IAAI,CAAC,CAAA;IACjC,MAAM,QAAQ,GAAG,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,WAAW,CAAC,YAAY,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,CAAA;IAChF,QAAQ,CAAC,IAAI,CAAC,GAAG,KAAK,CAAA;IACtB,aAAa,CAAC,IAAI,EAAE,eAAe,CAAC,QAAQ,CAAC,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAA;IAC/D,IAAI,CAAC,IAAI,CAAC,QAAQ,IAAI,OAAO,CAAC,QAAQ,CAAC,KAAK,OAAO;QAAE,SAAS,CAAC,IAAI,EAAE,KAAK,CAAC,CAAA;IAC3E,OAAO,IAAI,CAAA;AACb,CAAC;AAED,yEAAyE;AACzE,SAAS,oBAAoB,CAAC,IAAY,EAAE,IAAiB;IAC3D,MAAM,IAAI,GAAG,cAAc,CAAC,IAAI,CAAC,CAAA;IACjC,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC;QAAE,OAAO,KAAK,CAAA;IACnC,MAAM,QAAQ,GAAG,WAAW,CAAC,YAAY,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC,CAAA;IACxD,IAAI,CAAC,CAAC,IAAI,IAAI,QAAQ,CAAC;QAAE,OAAO,KAAK,CAAA;IACrC,OAAO,QAAQ,CAAC,IAAI,CAAC,CAAA;IACrB,IAAI,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACvC,MAAM,CAAC,IAAI,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAA;IAC/B,CAAC;SAAM,CAAC;QACN,aAAa,CAAC,IAAI,EAAE,eAAe,CAAC,QAAQ,CAAC,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAA;QAC/D,IAAI,CAAC,IAAI,CAAC,QAAQ,IAAI,OAAO,CAAC,QAAQ,CAAC,KAAK,OAAO;YAAE,SAAS,CAAC,IAAI,EAAE,KAAK,CAAC,CAAA;IAC7E,CAAC;IACD,OAAO,IAAI,CAAA;AACb,CAAC;AAaD,SAAS,MAAM,CAAC,GAAW,EAAE,IAAc,EAAE,KAAc;IACzD,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,YAAY,CAAC,GAAG,EAAE,IAAI,EAAE;YACrC,QAAQ,EAAE,MAAM;YAChB,KAAK,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,QAAQ,CAAC;YACjC,OAAO,EAAE,IAAI;YACb,GAAG,CAAC,KAAK,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;SAC1C,CAAC,CAAA;QACF,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC,EAAE,CAAA;IACtC,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,CAAC,GAAG,GAA2D,CAAA;QACrE,MAAM,GAAG,GAAG,OAAO,CAAC,CAAC,MAAM,KAAK,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,MAAM,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAA;QAClF,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,GAAG,EAAE,IAAI,EAAE,OAAO,CAAC,CAAC,MAAM,KAAK,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI,EAAE,CAAA;IACzF,CAAC;AACH,CAAC;AAED;;kFAEkF;AAClF,SAAS,WAAW;IAClB,OAAO;QACL,KAAK,EAAE,4BAA4B,gBAAgB,IAAI;QACvD,GAAG,CAAC,IAAI;YACN,MAAM,CAAC,GAAG,MAAM,CAAC,UAAU,EAAE;gBAC3B,uBAAuB;gBACvB,IAAI;gBACJ,gBAAgB;gBAChB,IAAI;gBACJ,IAAI;gBACJ,IAAI;aACL,CAAC,CAAA;YACF,IAAI,CAAC,CAAC,CAAC,EAAE;gBAAE,OAAO,SAAS,CAAA;YAC3B,MAAM,CAAC,GAAG,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAA;YACrC,OAAO,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,CAAA;QACjC,CAAC;QACD,GAAG,CAAC,IAAI,EAAE,KAAK;YACb,MAAM,CAAC,GAAG,MAAM,CAAC,UAAU,EAAE;gBAC3B,sBAAsB;gBACtB,IAAI;gBACJ,gBAAgB;gBAChB,IAAI;gBACJ,IAAI;gBACJ,IAAI;gBACJ,GAAG,gBAAgB,KAAK,IAAI,EAAE;gBAC9B,IAAI,EAAE,oBAAoB;gBAC1B,IAAI;gBACJ,KAAK;aACN,CAAC,CAAA;YACF,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC;gBACV,MAAM,IAAI,YAAY,CACpB,UAAU,EACV,8CAA8C,CAAC,CAAC,IAAI,IAAI,aAAa,GAAG,CACzE,CAAA;YACH,CAAC;QACH,CAAC;QACD,GAAG,CAAC,IAAI;YACN,MAAM,CAAC,GAAG,MAAM,CAAC,UAAU,EAAE,CAAC,yBAAyB,EAAE,IAAI,EAAE,gBAAgB,EAAE,IAAI,EAAE,IAAI,CAAC,CAAC,CAAA;YAC7F,OAAO,CAAC,CAAC,EAAE,CAAA;QACb,CAAC;KACF,CAAA;AACH,CAAC;AAED;wEACwE;AACxE,SAAS,aAAa;IACpB,MAAM,KAAK,GAAG,CAAC,IAAY,EAAE,EAAE,CAAC,CAAC,SAAS,EAAE,gBAAgB,EAAE,KAAK,EAAE,IAAI,CAAC,CAAA;IAC1E,OAAO;QACL,KAAK,EAAE,uCAAuC,gBAAgB,IAAI;QAClE,GAAG,CAAC,IAAI;YACN,MAAM,CAAC,GAAG,MAAM,CAAC,aAAa,EAAE,CAAC,QAAQ,EAAE,GAAG,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,CAAA;YAC3D,IAAI,CAAC,CAAC,CAAC,EAAE;gBAAE,OAAO,SAAS,CAAA;YAC3B,MAAM,CAAC,GAAG,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAA;YACrC,OAAO,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,CAAA;QACjC,CAAC;QACD,GAAG,CAAC,IAAI,EAAE,KAAK;YACb,MAAM,CAAC,GAAG,MAAM,CACd,aAAa,EACb,CAAC,OAAO,EAAE,SAAS,EAAE,GAAG,gBAAgB,KAAK,IAAI,EAAE,EAAE,GAAG,KAAK,CAAC,IAAI,CAAC,CAAC,EACpE,KAAK,CACN,CAAA;YACD,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC;gBACV,MAAM,IAAI,YAAY,CACpB,UAAU,EACV,kCAAkC,CAAC,CAAC,IAAI,IAAI,aAAa,iCAAiC,CAC3F,CAAA;YACH,CAAC;QACH,CAAC;QACD,GAAG,CAAC,IAAI;YACN,MAAM,CAAC,GAAG,MAAM,CAAC,aAAa,EAAE,CAAC,OAAO,EAAE,GAAG,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,CAAA;YAC1D,OAAO,CAAC,CAAC,EAAE,CAAA;QACb,CAAC;KACF,CAAA;AACH,CAAC;AAED,2EAA2E;AAC3E,SAAS,iBAAiB;IACxB,OAAO,MAAM,CAAC,aAAa,EAAE,EAAE,CAAC,CAAC,IAAI,KAAK,IAAI,CAAA;AAChD,CAAC;AAED,sEAAsE;AACtE,MAAM,UAAU,cAAc,CAAC,OAAoB,EAAE;IACnD,IAAI,IAAI,CAAC,QAAQ,KAAK,SAAS;QAAE,OAAO,IAAI,CAAC,QAAQ,CAAA;IACrD,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,IAAI,OAAO,CAAC,GAAG,CAAA;IACnC,IAAI,GAAG,CAAC,mBAAmB,EAAE,IAAI,EAAE;QAAE,OAAO,IAAI,CAAA;IAChD,MAAM,QAAQ,GAAG,IAAI,CAAC,QAAQ,IAAI,OAAO,CAAC,QAAQ,CAAA;IAClD,IAAI,QAAQ,KAAK,QAAQ;QAAE,OAAO,WAAW,EAAE,CAAA;IAC/C,IAAI,QAAQ,KAAK,OAAO;QAAE,OAAO,iBAAiB,EAAE,CAAC,CAAC,CAAC,aAAa,EAAE,CAAC,CAAC,CAAC,IAAI,CAAA;IAC7E,OAAO,IAAI,CAAA,CAAC,kCAAkC;AAChD,CAAC;AAWD;gFACgF;AAChF,MAAM,UAAU,aAAa,CAAC,IAAY,EAAE,OAAoB,EAAE;IAChE,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,IAAI,OAAO,CAAC,GAAG,CAAA;IACnC,MAAM,KAAK,GAAG,CAAC,IAAI,EAAE,GAAG,CAAC,IAAI,CAAC,OAAO,IAAI,EAAE,CAAC,CAAC,CAAA;IAE7C,KAAK,MAAM,GAAG,IAAI,KAAK,EAAE,CAAC;QACxB,MAAM,CAAC,GAAG,GAAG,CAAC,GAAG,CAAC,CAAA;QAClB,IAAI,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,KAAK,EAAE;YAAE,OAAO,EAAE,KAAK,EAAE,CAAC,EAAE,MAAM,EAAE,KAAK,EAAE,CAAA;IAC9D,CAAC;IAED,MAAM,EAAE,GAAG,cAAc,CAAC,IAAI,CAAC,CAAA;IAC/B,IAAI,EAAE,EAAE,CAAC;QACP,KAAK,MAAM,GAAG,IAAI,KAAK,EAAE,CAAC;YACxB,MAAM,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,GAAG,CAAC,CAAA;YACrB,IAAI,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,KAAK,EAAE;gBAAE,OAAO,EAAE,KAAK,EAAE,CAAC,EAAE,MAAM,EAAE,UAAU,EAAE,CAAA;QACnE,CAAC;IACH,CAAC;IAED,MAAM,IAAI,GAAG,eAAe,CAAC,IAAI,CAAC,CAAA;IAClC,IAAI,IAAI,CAAC,MAAM,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC;QAC/B,KAAK,MAAM,GAAG,IAAI,KAAK,EAAE,CAAC;YACxB,MAAM,CAAC,GAAG,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,CAAA;YAC1B,IAAI,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,KAAK,EAAE;gBAAE,OAAO,EAAE,KAAK,EAAE,CAAC,EAAE,MAAM,EAAE,MAAM,EAAE,CAAA;QAC/D,CAAC;IACH,CAAC;IACD,OAAO,SAAS,CAAA;AAClB,CAAC;AAWD;gDACgD;AAChD,MAAM,UAAU,SAAS,CAAC,IAAY,EAAE,KAAa,EAAE,OAAoB,EAAE;IAC3E,gBAAgB,CAAC,IAAI,CAAC,CAAA;IACtB,IAAI,KAAK,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE,CAAC;QACxB,MAAM,IAAI,YAAY,CAAC,eAAe,EAAE,wCAAwC,IAAI,GAAG,CAAC,CAAA;IAC1F,CAAC;IACD,MAAM,EAAE,GAAG,cAAc,CAAC,IAAI,CAAC,CAAA;IAC/B,IAAI,EAAE,EAAE,CAAC;QACP,IAAI,CAAC;YACH,EAAE,CAAC,GAAG,CAAC,IAAI,EAAE,KAAK,CAAC,CAAA;YACnB,OAAO,EAAE,IAAI,EAAE,SAAS,EAAE,UAAU,EAAE,QAAQ,EAAE,EAAE,CAAC,KAAK,EAAE,CAAA;QAC5D,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,MAAM,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAA;YAC/D,MAAM,IAAI,GAAG,iBAAiB,CAAC,IAAI,EAAE,KAAK,EAAE,IAAI,CAAC,CAAA;YACjD,OAAO,EAAE,IAAI,EAAE,SAAS,EAAE,MAAM,EAAE,QAAQ,EAAE,IAAI,EAAE,eAAe,EAAE,MAAM,EAAE,CAAA;QAC7E,CAAC;IACH,CAAC;IACD,MAAM,IAAI,GAAG,iBAAiB,CAAC,IAAI,EAAE,KAAK,EAAE,IAAI,CAAC,CAAA;IACjD,OAAO,EAAE,IAAI,EAAE,SAAS,EAAE,MAAM,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAA;AACpD,CAAC;AAOD;8CAC8C;AAC9C,MAAM,UAAU,QAAQ,CAAC,IAAY,EAAE,OAAoB,EAAE;IAC3D,gBAAgB,CAAC,IAAI,CAAC,CAAA;IACtB,MAAM,OAAO,GAAmB,EAAE,CAAA;IAClC,MAAM,EAAE,GAAG,cAAc,CAAC,IAAI,CAAC,CAAA;IAC/B,IAAI,EAAE,EAAE,GAAG,CAAC,IAAI,CAAC;QAAE,OAAO,CAAC,IAAI,CAAC,UAAU,CAAC,CAAA;IAC3C,IAAI,oBAAoB,CAAC,IAAI,EAAE,IAAI,CAAC;QAAE,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,CAAA;IAC1D,OAAO,EAAE,IAAI,EAAE,YAAY,EAAE,OAAO,EAAE,CAAA;AACxC,CAAC;AAQD;yDACyD;AACzD,MAAM,UAAU,WAAW,CAAC,OAAoB,EAAE;IAIhD,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,IAAI,OAAO,CAAC,GAAG,CAAA;IACnC,MAAM,EAAE,GAAG,cAAc,CAAC,IAAI,CAAC,CAAA;IAC/B,MAAM,IAAI,GAAG,eAAe,CAAC,IAAI,CAAC,CAAA;IAClC,MAAM,UAAU,GAAG,IAAI,GAAG,CAAS,CAAC,GAAG,kBAAkB,EAAE,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,CAAA;IAExF,MAAM,KAAK,GAAoB,EAAE,CAAA;IACjC,KAAK,MAAM,IAAI,IAAI,UAAU,EAAE,CAAC;QAC9B,MAAM,OAAO,GAAmB,EAAE,CAAA;QAClC,MAAM,CAAC,GAAG,GAAG,CAAC,IAAI,CAAC,CAAA;QACnB,IAAI,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,KAAK,EAAE;YAAE,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAA;QAC7C,IAAI,EAAE,EAAE,CAAC;YACP,MAAM,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,IAAI,CAAC,CAAA;YACtB,IAAI,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,KAAK,EAAE;gBAAE,OAAO,CAAC,IAAI,CAAC,UAAU,CAAC,CAAA;QACpD,CAAC;QACD,IAAI,IAAI,CAAC,MAAM,IAAI,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC;YAAE,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,CAAA;QAC1D,IAAI,OAAO,CAAC,MAAM,GAAG,CAAC;YAAE,KAAK,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC,CAAA;IACvD,CAAC;IACD,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAA;IAClD,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,CAAA;AACxB,CAAC;AAcD;;;;gEAIgE;AAChE,MAAM,UAAU,cAAc,CAC5B,OAAuD,EAAE;IAEzD,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,IAAI,OAAO,CAAC,GAAG,CAAA;IACnC,MAAM,IAAI,GAAG,eAAe,CAAC,IAAI,CAAC,CAAA;IAClC,IAAI,CAAC,IAAI,CAAC,MAAM;QAAE,OAAO,EAAE,IAAI,EAAE,IAAI,CAAC,IAAI,EAAE,MAAM,EAAE,EAAE,EAAE,OAAO,EAAE,WAAW,EAAE,CAAA;IAC9E,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC;QACjB,IAAI,CAAC,IAAI,EAAE,CACT,6BAA6B,IAAI,CAAC,IAAI,sDAAsD,IAAI,CAAC,IAAI,EAAE,CACxG,CAAA;QACD,OAAO,EAAE,IAAI,EAAE,IAAI,CAAC,IAAI,EAAE,MAAM,EAAE,EAAE,EAAE,OAAO,EAAE,gBAAgB,EAAE,CAAA;IACnE,CAAC;IACD,MAAM,MAAM,GAAa,EAAE,CAAA;IAC3B,KAAK,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC;QACjD,MAAM,GAAG,GAAG,GAAG,CAAC,CAAC,CAAC,CAAA;QAClB,IAAI,GAAG,KAAK,SAAS,IAAI,GAAG,KAAK,EAAE,EAAE,CAAC;YACpC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,CAAA;YACV,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,CAAA;QAChB,CAAC;IACH,CAAC;IACD,OAAO,EAAE,IAAI,EAAE,IAAI,CAAC,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,CAAA;AACnD,CAAC;AAED,8EAA8E;AAC9E,yCAAyC;AACzC,8EAA8E;AAE9E,MAAM,cAAc,GAAG,IAAI,GAAG,CAAC,CAAC,kBAAkB,EAAE,cAAc,EAAE,MAAM,EAAE,aAAa,CAAC,CAAC,CAAA;AAC3F,MAAM,YAAY,GAAG,wDAAwD,CAAA;AAC7E,MAAM,gBAAgB,GAAG,IAAI,CAAA;AAE7B;;;;;;sDAMsD;AACtD,MAAM,UAAU,iBAAiB,CAAC,OAAoB,EAAE;IACtD,MAAM,QAAQ,GAAG,IAAI,CAAC,QAAQ,IAAI,OAAO,CAAC,QAAQ,CAAA;IAClD,IAAI,QAAQ,KAAK,OAAO;QAAE,OAAO,EAAE,CAAA;IACnC,MAAM,MAAM,GAAgB,EAAE,CAAA;IAC9B,MAAM,IAAI,GAAG,WAAW,CAAC,IAAI,CAAC,CAAA;IAE9B,8EAA8E;IAC9E,IAAI,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC;QACrB,IAAI,CAAC;YACH,MAAM,CAAC,GAAG,QAAQ,CAAC,IAAI,CAAC,CAAC,IAAI,CAAA;YAC7B,IAAI,CAAC,CAAC,GAAG,KAAK,CAAC,KAAK,CAAC,EAAE,CAAC;gBACtB,MAAM,CAAC,IAAI,CAAC;oBACV,IAAI,EAAE,IAAI;oBACV,IAAI,EAAE,KAAK;oBACX,IAAI,EAAE,KAAK,CAAC,CAAC,CAAC;oBACd,GAAG,EAAE,aAAa,IAAI,EAAE;oBACxB,MAAM,EAAE,wDAAwD;iBACjE,CAAC,CAAA;YACJ,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,wCAAwC;QAC1C,CAAC;IACH,CAAC;IAED,mCAAmC;IACnC,MAAM,EAAE,GAAG,cAAc,CAAC,IAAI,CAAC,CAAA;IAC/B,IAAI,UAAU,CAAC,EAAE,CAAC,EAAE,CAAC;QACnB,IAAI,CAAC;YACH,MAAM,CAAC,GAAG,QAAQ,CAAC,EAAE,CAAC,CAAC,IAAI,CAAA;YAC3B,IAAI,CAAC,CAAC,GAAG,KAAK,CAAC,KAAK,CAAC,EAAE,CAAC;gBACtB,MAAM,CAAC,IAAI,CAAC;oBACV,IAAI,EAAE,EAAE;oBACR,IAAI,EAAE,MAAM;oBACZ,IAAI,EAAE,KAAK,CAAC,CAAC,CAAC;oBACd,GAAG,EAAE,aAAa,EAAE,EAAE;oBACtB,MAAM,EAAE,sCAAsC;iBAC/C,CAAC,CAAA;YACJ,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,SAAS;QACX,CAAC;IACH,CAAC;IAED,oEAAoE;IACpE,MAAM,IAAI,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAA;IAC/C,IAAI,MAAM,GAAG,gBAAgB,CAAA;IAC7B,MAAM,IAAI,GAAG,CAAC,GAAW,EAAE,KAAa,EAAQ,EAAE;QAChD,IAAI,KAAK,GAAG,CAAC,IAAI,MAAM,IAAI,CAAC;YAAE,OAAM;QACpC,IAAI,OAAmC,CAAA;QACvC,IAAI,CAAC;YACH,OAAO,GAAG,WAAW,CAAC,GAAG,EAAE,EAAE,aAAa,EAAE,IAAI,EAAE,CAAC,CAAA;QACrD,CAAC;QAAC,MAAM,CAAC;YACP,OAAM;QACR,CAAC;QACD,KAAK,MAAM,GAAG,IAAI,OAAO,EAAE,CAAC;YAC1B,IAAI,EAAE,MAAM,IAAI,CAAC;gBAAE,OAAM;YACzB,IAAI,GAAG,CAAC,cAAc,EAAE;gBAAE,SAAQ,CAAC,gCAAgC;YACnE,MAAM,IAAI,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,CAAC,IAAI,CAAC,CAAA;YAChC,IAAI,GAAG,CAAC,WAAW,EAAE,EAAE,CAAC;gBACtB,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC;oBAAE,IAAI,CAAC,IAAI,EAAE,KAAK,GAAG,CAAC,CAAC,CAAA;gBACxD,SAAQ;YACV,CAAC;YACD,IAAI,CAAC,GAAG,CAAC,MAAM,EAAE;gBAAE,SAAQ;YAC3B,MAAM,GAAG,GAAG,QAAQ,CAAC,IAAI,EAAE,IAAI,CAAC,CAAA;YAChC,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,GAAG,CAAC;gBAAE,SAAQ;YACrC,IAAI,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC;gBAAE,SAAQ;YAC5B,IAAI,CAAC;gBACH,MAAM,CAAC,GAAG,QAAQ,CAAC,IAAI,CAAC,CAAC,IAAI,CAAA;gBAC7B,IAAI,CAAC,CAAC,GAAG,KAAK,CAAC,KAAK,CAAC,EAAE,CAAC;oBACtB,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,CAAA;oBACd,MAAM,CAAC,IAAI,CAAC;wBACV,IAAI,EAAE,IAAI;wBACV,IAAI,EAAE,MAAM;wBACZ,IAAI,EAAE,KAAK,CAAC,CAAC,CAAC;wBACd,GAAG,EAAE,aAAa,IAAI,EAAE;wBACxB,MAAM,EAAE,sDAAsD;qBAC/D,CAAC,CAAA;gBACJ,CAAC;YACH,CAAC;YAAC,MAAM,CAAC;gBACP,0BAA0B;YAC5B,CAAC;QACH,CAAC;IACH,CAAC,CAAA;IACD,IAAI,UAAU,CAAC,IAAI,CAAC;QAAE,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC,CAAA;IAEnC,OAAO,MAAM,CAAA;AACf,CAAC"}
|
|
1
|
+
{"version":3,"file":"secrets.js","sourceRoot":"","sources":["../../src/lib/secrets.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAA;AACjD,OAAO,EACL,SAAS,EACT,UAAU,EACV,SAAS,EACT,WAAW,EACX,YAAY,EACZ,MAAM,EACN,QAAQ,EACR,aAAa,GACd,MAAM,SAAS,CAAA;AAChB,OAAO,EAAE,OAAO,EAAE,MAAM,SAAS,CAAA;AACjC,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,MAAM,WAAW,CAAA;AAE1C,OAAO,EAAE,YAAY,EAAE,UAAU,EAAE,MAAM,cAAc,CAAA;AAEvD;;;;;;;;;;;;;;;;;;GAkBG;AAEH,sEAAsE;AACtE,MAAM,CAAC,MAAM,gBAAgB,GAAG,SAAS,CAAA;AAUzC;;;;;;;GAOG;AACH,MAAM,eAAe,GAAG,IAAI,GAAG,EAAU,CAAA;AAEzC;;;;GAIG;AACH,MAAM,CAAC,MAAM,kBAAkB,GAAG;IAChC,mBAAmB;IACnB,UAAU;IACV,mBAAmB;IACnB,gBAAgB;CACR,CAAA;AAEV,uEAAuE;AACvE,MAAM,CAAC,MAAM,UAAU,GAAG,CAAC,UAAU,CAAC,CAAA;AA6BtC,8EAA8E;AAC9E,QAAQ;AACR,8EAA8E;AAE9E;2EAC2E;AAC3E,MAAM,UAAU,WAAW,CAAC,OAAoB,EAAE;IAChD,IAAI,IAAI,CAAC,IAAI,EAAE,IAAI,EAAE;QAAE,OAAO,IAAI,CAAC,IAAI,CAAA;IACvC,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,IAAI,OAAO,CAAC,GAAG,CAAA;IACnC,OAAO,GAAG,CAAC,YAAY,EAAE,IAAI,EAAE,CAAC,CAAC,CAAE,GAAG,CAAC,YAAuB,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,EAAE,EAAE,UAAU,CAAC,CAAA;AAC9F,CAAC;AAED;iFACiF;AACjF,MAAM,UAAU,cAAc,CAAC,OAAoB,EAAE;IACnD,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,IAAI,OAAO,CAAC,GAAG,CAAA;IACnC,IAAI,GAAG,CAAC,mBAAmB,EAAE,IAAI,EAAE;QAAE,OAAO,GAAG,CAAC,mBAA6B,CAAA;IAC7E,OAAO,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,EAAE,aAAa,CAAC,CAAA;AAC/C,CAAC;AAgBD,SAAS,KAAK,CAAC,IAAY;IACzB,OAAO,CAAC,IAAI,GAAG,KAAK,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,CAAA;AACpD,CAAC;AAED;gFACgF;AAChF,MAAM,UAAU,YAAY,CAAC,IAAY,EAAE,WAA4B,OAAO,CAAC,QAAQ;IACrF,IAAI,QAAQ,KAAK,OAAO;QAAE,OAAO,IAAI,CAAA;IACrC,IAAI,CAAC;QACH,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,IAAI,GAAG,KAAK,CAAC,KAAK,CAAC,CAAA;IAC5C,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAA,CAAC,yBAAyB;IACvC,CAAC;AACH,CAAC;AAED;iEACiE;AACjE,SAAS,QAAQ,CAAC,IAAY;IAC5B,IAAI,CAAC;QACH,OAAO,QAAQ,CAAC,IAAI,CAAC,CAAC,IAAI,CAAA;IAC5B,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,SAAS,CAAA;IAClB,CAAC;AACH,CAAC;AAED,8EAA8E;AAC9E,iBAAiB;AACjB,8EAA8E;AAE9E,MAAM,WAAW,GAAG,0BAA0B,CAAA;AAE9C,8EAA8E;AAC9E,MAAM,UAAU,gBAAgB,CAAC,IAAY;IAC3C,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;QAC5B,MAAM,IAAI,YAAY,CACpB,eAAe,EACf,wBAAwB,IAAI,uHAAuH,CACpJ,CAAA;IACH,CAAC;AACH,CAAC;AAED;;;qBAGqB;AACrB,MAAM,UAAU,WAAW,CAAC,IAAY;IACtC,MAAM,GAAG,GAA2B,EAAE,CAAA;IACtC,KAAK,MAAM,OAAO,IAAI,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC;QACvC,MAAM,IAAI,GAAG,OAAO,CAAC,IAAI,EAAE,CAAA;QAC3B,IAAI,IAAI,KAAK,EAAE,IAAI,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC;YAAE,SAAQ;QACjD,MAAM,EAAE,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,CAAA;QAC5B,IAAI,EAAE,KAAK,CAAC,CAAC;YAAE,SAAQ;QACvB,MAAM,GAAG,GAAG,IAAI;aACb,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC;aACZ,IAAI,EAAE;aACN,OAAO,CAAC,YAAY,EAAE,EAAE,CAAC,CAAA;QAC5B,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,GAAG,CAAC;YAAE,SAAQ;QACpC,IAAI,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC,IAAI,EAAE,CAAA;QACnC,IACE,GAAG,CAAC,MAAM,IAAI,CAAC;YACf,CAAC,CAAC,GAAG,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAC1F,CAAC;YACD,GAAG,GAAG,GAAG,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAA;QACxB,CAAC;QACD,GAAG,CAAC,GAAG,CAAC,GAAG,GAAG,CAAA;IAChB,CAAC;IACD,OAAO,GAAG,CAAA;AACZ,CAAC;AAED,SAAS,eAAe,CAAC,MAA8B;IACrD,MAAM,MAAM,GACV,8EAA8E;QAC9E,6EAA6E;QAC7E,2DAA2D,CAAA;IAC7D,MAAM,IAAI,GAAG,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC;SAChC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC;SAC5B,IAAI,CAAC,IAAI,CAAC,CAAA;IACb,OAAO,IAAI,CAAC,CAAC,CAAC,GAAG,MAAM,GAAG,IAAI,IAAI,CAAC,CAAC,CAAC,MAAM,CAAA;AAC7C,CAAC;AAWD;6EAC6E;AAC7E,MAAM,UAAU,eAAe,CAAC,OAAoB,EAAE;IACpD,MAAM,QAAQ,GAAG,IAAI,CAAC,QAAQ,IAAI,OAAO,CAAC,QAAQ,CAAA;IAClD,MAAM,IAAI,GAAG,cAAc,CAAC,IAAI,CAAC,CAAA;IACjC,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC;QAAE,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,EAAE,EAAE,CAAA;IAC/E,IAAI,CAAC,YAAY,CAAC,IAAI,EAAE,QAAQ,CAAC,EAAE,CAAC;QAClC,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,EAAE,EAAE,CAAA;IAC1D,CAAC;IACD,IAAI,CAAC;QACH,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,WAAW,CAAC,YAAY,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC,EAAE,CAAA;IAC9F,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,MAAM,IAAI,YAAY,CAAC,UAAU,EAAE,kBAAkB,IAAI,EAAE,EAAE,EAAE,KAAK,EAAE,CAAC,CAAA;IACzE,CAAC;AACH,CAAC;AAED,wDAAwD;AACxD,SAAS,gBAAgB,CAAC,IAAiB;IACzC,MAAM,GAAG,GAAG,WAAW,CAAC,IAAI,CAAC,CAAA;IAC7B,SAAS,CAAC,GAAG,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAA;IAChD,IAAI,CAAC,IAAI,CAAC,QAAQ,IAAI,OAAO,CAAC,QAAQ,CAAC,KAAK,OAAO,EAAE,CAAC;QACpD,IAAI,CAAC;YACH,SAAS,CAAC,GAAG,EAAE,KAAK,CAAC,CAAA;QACvB,CAAC;QAAC,MAAM,CAAC;YACP,2EAA2E;QAC7E,CAAC;IACH,CAAC;IACD,OAAO,GAAG,CAAA;AACZ,CAAC;AAED;;iFAEiF;AACjF,SAAS,cAAc,CAAC,IAAY,EAAE,MAA8B,EAAE,IAAiB;IACrF,aAAa,CAAC,IAAI,EAAE,eAAe,CAAC,MAAM,CAAC,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAA;IAC7D,IAAI,CAAC,IAAI,CAAC,QAAQ,IAAI,OAAO,CAAC,QAAQ,CAAC,KAAK,OAAO;QAAE,SAAS,CAAC,IAAI,EAAE,KAAK,CAAC,CAAA;AAC7E,CAAC;AAED;;+EAE+E;AAC/E,SAAS,iBAAiB,CAAC,IAAY,EAAE,KAAa,EAAE,IAAiB;IACvE,gBAAgB,CAAC,IAAI,CAAC,CAAA;IACtB,MAAM,IAAI,GAAG,cAAc,CAAC,IAAI,CAAC,CAAA;IACjC,MAAM,QAAQ,GAAG,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,WAAW,CAAC,YAAY,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,CAAA;IAChF,QAAQ,CAAC,IAAI,CAAC,GAAG,KAAK,CAAA;IACtB,cAAc,CAAC,IAAI,EAAE,QAAQ,EAAE,IAAI,CAAC,CAAA;IACpC,OAAO,IAAI,CAAA;AACb,CAAC;AAED,yEAAyE;AACzE,SAAS,oBAAoB,CAAC,IAAY,EAAE,IAAiB;IAC3D,MAAM,IAAI,GAAG,cAAc,CAAC,IAAI,CAAC,CAAA;IACjC,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC;QAAE,OAAO,KAAK,CAAA;IACnC,MAAM,QAAQ,GAAG,WAAW,CAAC,YAAY,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC,CAAA;IACxD,IAAI,CAAC,CAAC,IAAI,IAAI,QAAQ,CAAC;QAAE,OAAO,KAAK,CAAA;IACrC,OAAO,QAAQ,CAAC,IAAI,CAAC,CAAA;IACrB,IAAI,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACvC,MAAM,CAAC,IAAI,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAA;IAC/B,CAAC;SAAM,CAAC;QACN,cAAc,CAAC,IAAI,EAAE,QAAQ,EAAE,IAAI,CAAC,CAAA;IACtC,CAAC;IACD,OAAO,IAAI,CAAA;AACb,CAAC;AAaD,SAAS,MAAM,CAAC,GAAW,EAAE,IAAc,EAAE,KAAc;IACzD,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,YAAY,CAAC,GAAG,EAAE,IAAI,EAAE;YACrC,QAAQ,EAAE,MAAM;YAChB,KAAK,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,QAAQ,CAAC;YACjC,OAAO,EAAE,IAAI;YACb,GAAG,CAAC,KAAK,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;SAC1C,CAAC,CAAA;QACF,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC,EAAE,CAAA;IACtC,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,CAAC,GAAG,GAA2D,CAAA;QACrE,MAAM,GAAG,GAAG,OAAO,CAAC,CAAC,MAAM,KAAK,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,MAAM,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAA;QAClF,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,GAAG,EAAE,IAAI,EAAE,OAAO,CAAC,CAAC,MAAM,KAAK,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI,EAAE,CAAA;IACzF,CAAC;AACH,CAAC;AAED;2EAC2E;AAC3E,SAAS,QAAQ,CAAC,CAAY;IAC5B,IAAI,CAAC,CAAC,CAAC,EAAE;QAAE,OAAO,SAAS,CAAA;IAC3B,MAAM,CAAC,GAAG,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAA;IACrC,OAAO,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,CAAA;AACjC,CAAC;AAED;;;;;sFAKsF;AACtF,SAAS,WAAW;IAClB,OAAO;QACL,KAAK,EAAE,4BAA4B,gBAAgB,IAAI;QACvD,GAAG,CAAC,IAAI;YACN,OAAO,QAAQ,CACb,MAAM,CAAC,UAAU,EAAE,CAAC,uBAAuB,EAAE,IAAI,EAAE,gBAAgB,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,CAAC,CAAC,CACxF,CAAA;QACH,CAAC;QACD,GAAG,CAAC,IAAI,EAAE,KAAK;YACb,MAAM,CAAC,GAAG,MAAM,CAAC,UAAU,EAAE;gBAC3B,sBAAsB;gBACtB,IAAI;gBACJ,gBAAgB;gBAChB,IAAI;gBACJ,IAAI;gBACJ,IAAI;gBACJ,GAAG,gBAAgB,KAAK,IAAI,EAAE;gBAC9B,IAAI,EAAE,oBAAoB;gBAC1B,IAAI;gBACJ,KAAK;aACN,CAAC,CAAA;YACF,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC;gBACV,MAAM,IAAI,YAAY,CACpB,UAAU,EACV,8CAA8C,CAAC,CAAC,IAAI,IAAI,aAAa,GAAG,CACzE,CAAA;YACH,CAAC;QACH,CAAC;QACD,GAAG,CAAC,IAAI;YACN,MAAM,CAAC,GAAG,MAAM,CAAC,UAAU,EAAE,CAAC,yBAAyB,EAAE,IAAI,EAAE,gBAAgB,EAAE,IAAI,EAAE,IAAI,CAAC,CAAC,CAAA;YAC7F,OAAO,CAAC,CAAC,EAAE,CAAA;QACb,CAAC;KACF,CAAA;AACH,CAAC;AAED;wEACwE;AACxE,SAAS,aAAa;IACpB,MAAM,KAAK,GAAG,CAAC,IAAY,EAAE,EAAE,CAAC,CAAC,SAAS,EAAE,gBAAgB,EAAE,KAAK,EAAE,IAAI,CAAC,CAAA;IAC1E,OAAO;QACL,KAAK,EAAE,uCAAuC,gBAAgB,IAAI;QAClE,GAAG,CAAC,IAAI;YACN,OAAO,QAAQ,CAAC,MAAM,CAAC,aAAa,EAAE,CAAC,QAAQ,EAAE,GAAG,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAA;QACpE,CAAC;QACD,GAAG,CAAC,IAAI,EAAE,KAAK;YACb,MAAM,CAAC,GAAG,MAAM,CACd,aAAa,EACb,CAAC,OAAO,EAAE,SAAS,EAAE,GAAG,gBAAgB,KAAK,IAAI,EAAE,EAAE,GAAG,KAAK,CAAC,IAAI,CAAC,CAAC,EACpE,KAAK,CACN,CAAA;YACD,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC;gBACV,MAAM,IAAI,YAAY,CACpB,UAAU,EACV,kCAAkC,CAAC,CAAC,IAAI,IAAI,aAAa,iCAAiC,CAC3F,CAAA;YACH,CAAC;QACH,CAAC;QACD,GAAG,CAAC,IAAI;YACN,MAAM,CAAC,GAAG,MAAM,CAAC,aAAa,EAAE,CAAC,OAAO,EAAE,GAAG,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,CAAA;YAC1D,OAAO,CAAC,CAAC,EAAE,CAAA;QACb,CAAC;KACF,CAAA;AACH,CAAC;AAED,2EAA2E;AAC3E,SAAS,iBAAiB;IACxB,OAAO,MAAM,CAAC,aAAa,EAAE,EAAE,CAAC,CAAC,IAAI,KAAK,IAAI,CAAA;AAChD,CAAC;AAED,sEAAsE;AACtE,MAAM,UAAU,cAAc,CAAC,OAAoB,EAAE;IACnD,IAAI,IAAI,CAAC,QAAQ,KAAK,SAAS;QAAE,OAAO,IAAI,CAAC,QAAQ,CAAA;IACrD,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,IAAI,OAAO,CAAC,GAAG,CAAA;IACnC,IAAI,GAAG,CAAC,mBAAmB,EAAE,IAAI,EAAE;QAAE,OAAO,IAAI,CAAA;IAChD,MAAM,QAAQ,GAAG,IAAI,CAAC,QAAQ,IAAI,OAAO,CAAC,QAAQ,CAAA;IAClD,IAAI,QAAQ,KAAK,QAAQ;QAAE,OAAO,WAAW,EAAE,CAAA;IAC/C,IAAI,QAAQ,KAAK,OAAO;QAAE,OAAO,iBAAiB,EAAE,CAAC,CAAC,CAAC,aAAa,EAAE,CAAC,CAAC,CAAC,IAAI,CAAA;IAC7E,OAAO,IAAI,CAAA,CAAC,kCAAkC;AAChD,CAAC;AAWD;gFACgF;AAChF,MAAM,UAAU,aAAa,CAAC,IAAY,EAAE,OAAoB,EAAE;IAChE,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,IAAI,OAAO,CAAC,GAAG,CAAA;IACnC,MAAM,KAAK,GAAG,CAAC,IAAI,EAAE,GAAG,CAAC,IAAI,CAAC,OAAO,IAAI,EAAE,CAAC,CAAC,CAAA;IAE7C,KAAK,MAAM,GAAG,IAAI,KAAK,EAAE,CAAC;QACxB,MAAM,CAAC,GAAG,GAAG,CAAC,GAAG,CAAC,CAAA;QAClB,IAAI,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE,CAAC;YACzB,yEAAyE;YACzE,4EAA4E;YAC5E,OAAO,EAAE,KAAK,EAAE,CAAC,EAAE,MAAM,EAAE,eAAe,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,KAAK,EAAE,CAAA;QACxE,CAAC;IACH,CAAC;IAED,MAAM,EAAE,GAAG,cAAc,CAAC,IAAI,CAAC,CAAA;IAC/B,IAAI,EAAE,EAAE,CAAC;QACP,KAAK,MAAM,GAAG,IAAI,KAAK,EAAE,CAAC;YACxB,MAAM,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,GAAG,CAAC,CAAA;YACrB,IAAI,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,KAAK,EAAE;gBAAE,OAAO,EAAE,KAAK,EAAE,CAAC,EAAE,MAAM,EAAE,UAAU,EAAE,CAAA;QACnE,CAAC;IACH,CAAC;IAED,MAAM,IAAI,GAAG,eAAe,CAAC,IAAI,CAAC,CAAA;IAClC,IAAI,IAAI,CAAC,MAAM,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC;QAC/B,KAAK,MAAM,GAAG,IAAI,KAAK,EAAE,CAAC;YACxB,MAAM,CAAC,GAAG,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,CAAA;YAC1B,IAAI,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,KAAK,EAAE;gBAAE,OAAO,EAAE,KAAK,EAAE,CAAC,EAAE,MAAM,EAAE,MAAM,EAAE,CAAA;QAC/D,CAAC;IACH,CAAC;IACD,OAAO,SAAS,CAAA;AAClB,CAAC;AAWD;gDACgD;AAChD,MAAM,UAAU,SAAS,CAAC,IAAY,EAAE,KAAa,EAAE,OAAoB,EAAE;IAC3E,gBAAgB,CAAC,IAAI,CAAC,CAAA;IACtB,IAAI,KAAK,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE,CAAC;QACxB,MAAM,IAAI,YAAY,CAAC,eAAe,EAAE,wCAAwC,IAAI,GAAG,CAAC,CAAA;IAC1F,CAAC;IACD,MAAM,EAAE,GAAG,cAAc,CAAC,IAAI,CAAC,CAAA;IAC/B,IAAI,EAAE,EAAE,CAAC;QACP,IAAI,CAAC;YACH,EAAE,CAAC,GAAG,CAAC,IAAI,EAAE,KAAK,CAAC,CAAA;YACnB,OAAO,EAAE,IAAI,EAAE,SAAS,EAAE,UAAU,EAAE,QAAQ,EAAE,EAAE,CAAC,KAAK,EAAE,CAAA;QAC5D,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,MAAM,GAAG,UAAU,CAAC,GAAG,CAAC,CAAA;YAC9B,MAAM,IAAI,GAAG,iBAAiB,CAAC,IAAI,EAAE,KAAK,EAAE,IAAI,CAAC,CAAA;YACjD,OAAO,EAAE,IAAI,EAAE,SAAS,EAAE,MAAM,EAAE,QAAQ,EAAE,IAAI,EAAE,eAAe,EAAE,MAAM,EAAE,CAAA;QAC7E,CAAC;IACH,CAAC;IACD,MAAM,IAAI,GAAG,iBAAiB,CAAC,IAAI,EAAE,KAAK,EAAE,IAAI,CAAC,CAAA;IACjD,OAAO,EAAE,IAAI,EAAE,SAAS,EAAE,MAAM,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAA;AACpD,CAAC;AAOD;8CAC8C;AAC9C,MAAM,UAAU,QAAQ,CAAC,IAAY,EAAE,OAAoB,EAAE;IAC3D,gBAAgB,CAAC,IAAI,CAAC,CAAA;IACtB,MAAM,OAAO,GAAmB,EAAE,CAAA;IAClC,MAAM,EAAE,GAAG,cAAc,CAAC,IAAI,CAAC,CAAA;IAC/B,IAAI,EAAE,EAAE,GAAG,CAAC,IAAI,CAAC;QAAE,OAAO,CAAC,IAAI,CAAC,UAAU,CAAC,CAAA;IAC3C,IAAI,oBAAoB,CAAC,IAAI,EAAE,IAAI,CAAC;QAAE,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,CAAA;IAC1D,OAAO,EAAE,IAAI,EAAE,YAAY,EAAE,OAAO,EAAE,CAAA;AACxC,CAAC;AAQD;yDACyD;AACzD,MAAM,UAAU,WAAW,CAAC,OAAoB,EAAE;IAIhD,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,IAAI,OAAO,CAAC,GAAG,CAAA;IACnC,MAAM,EAAE,GAAG,cAAc,CAAC,IAAI,CAAC,CAAA;IAC/B,MAAM,IAAI,GAAG,eAAe,CAAC,IAAI,CAAC,CAAA;IAClC,MAAM,UAAU,GAAG,IAAI,GAAG,CAAS,CAAC,GAAG,kBAAkB,EAAE,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,CAAA;IAExF,MAAM,KAAK,GAAoB,EAAE,CAAA;IACjC,KAAK,MAAM,IAAI,IAAI,UAAU,EAAE,CAAC;QAC9B,MAAM,OAAO,GAAmB,EAAE,CAAA;QAClC,MAAM,CAAC,GAAG,GAAG,CAAC,IAAI,CAAC,CAAA;QACnB,4EAA4E;QAC5E,oEAAoE;QACpE,IAAI,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,KAAK,EAAE,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,IAAI,CAAC;YAAE,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAA;QAC3E,IAAI,EAAE,EAAE,CAAC;YACP,MAAM,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,IAAI,CAAC,CAAA;YACtB,IAAI,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,KAAK,EAAE;gBAAE,OAAO,CAAC,IAAI,CAAC,UAAU,CAAC,CAAA;QACpD,CAAC;QACD,IAAI,IAAI,CAAC,MAAM,IAAI,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC;YAAE,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,CAAA;QAC1D,IAAI,OAAO,CAAC,MAAM,GAAG,CAAC;YAAE,KAAK,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC,CAAA;IACvD,CAAC;IACD,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAA;IAClD,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,CAAA;AACxB,CAAC;AAcD;;;;gEAIgE;AAChE,MAAM,UAAU,cAAc,CAC5B,OAAuD,EAAE;IAEzD,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,IAAI,OAAO,CAAC,GAAG,CAAA;IACnC,MAAM,IAAI,GAAG,eAAe,CAAC,IAAI,CAAC,CAAA;IAClC,IAAI,CAAC,IAAI,CAAC,MAAM;QAAE,OAAO,EAAE,IAAI,EAAE,IAAI,CAAC,IAAI,EAAE,MAAM,EAAE,EAAE,EAAE,OAAO,EAAE,WAAW,EAAE,CAAA;IAC9E,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC;QACjB,IAAI,CAAC,IAAI,EAAE,CACT,6BAA6B,IAAI,CAAC,IAAI,sDAAsD,IAAI,CAAC,IAAI,EAAE,CACxG,CAAA;QACD,OAAO,EAAE,IAAI,EAAE,IAAI,CAAC,IAAI,EAAE,MAAM,EAAE,EAAE,EAAE,OAAO,EAAE,gBAAgB,EAAE,CAAA;IACnE,CAAC;IACD,MAAM,MAAM,GAAa,EAAE,CAAA;IAC3B,KAAK,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC;QACjD,MAAM,GAAG,GAAG,GAAG,CAAC,CAAC,CAAC,CAAA;QAClB,IAAI,GAAG,KAAK,SAAS,IAAI,GAAG,KAAK,EAAE,EAAE,CAAC;YACpC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,CAAA;YACV,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,CAAA;YACd,iFAAiF;YACjF,eAAe,CAAC,GAAG,CAAC,CAAC,CAAC,CAAA;QACxB,CAAC;IACH,CAAC;IACD,OAAO,EAAE,IAAI,EAAE,IAAI,CAAC,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,CAAA;AACnD,CAAC;AAED,8EAA8E;AAC9E,yCAAyC;AACzC,8EAA8E;AAE9E,MAAM,cAAc,GAAG,IAAI,GAAG,CAAC,CAAC,kBAAkB,EAAE,cAAc,EAAE,MAAM,EAAE,aAAa,CAAC,CAAC,CAAA;AAC3F,MAAM,YAAY,GAAG,wDAAwD,CAAA;AAC7E,MAAM,gBAAgB,GAAG,IAAI,CAAA;AAE7B;;;;;;sDAMsD;AACtD,MAAM,UAAU,iBAAiB,CAAC,OAAoB,EAAE;IACtD,MAAM,QAAQ,GAAG,IAAI,CAAC,QAAQ,IAAI,OAAO,CAAC,QAAQ,CAAA;IAClD,IAAI,QAAQ,KAAK,OAAO;QAAE,OAAO,EAAE,CAAA;IACnC,MAAM,MAAM,GAAgB,EAAE,CAAA;IAC9B,MAAM,IAAI,GAAG,WAAW,CAAC,IAAI,CAAC,CAAA;IAE9B,8EAA8E;IAC9E,MAAM,QAAQ,GAAG,QAAQ,CAAC,IAAI,CAAC,CAAA;IAC/B,IAAI,QAAQ,KAAK,SAAS,IAAI,CAAC,QAAQ,GAAG,KAAK,CAAC,KAAK,CAAC,EAAE,CAAC;QACvD,MAAM,CAAC,IAAI,CAAC;YACV,IAAI,EAAE,IAAI;YACV,IAAI,EAAE,KAAK;YACX,IAAI,EAAE,KAAK,CAAC,QAAQ,CAAC;YACrB,GAAG,EAAE,aAAa,IAAI,EAAE;YACxB,MAAM,EAAE,wDAAwD;SACjE,CAAC,CAAA;IACJ,CAAC;IAED,mCAAmC;IACnC,MAAM,EAAE,GAAG,cAAc,CAAC,IAAI,CAAC,CAAA;IAC/B,MAAM,MAAM,GAAG,QAAQ,CAAC,EAAE,CAAC,CAAA;IAC3B,IAAI,MAAM,KAAK,SAAS,IAAI,CAAC,MAAM,GAAG,KAAK,CAAC,KAAK,CAAC,EAAE,CAAC;QACnD,MAAM,CAAC,IAAI,CAAC;YACV,IAAI,EAAE,EAAE;YACR,IAAI,EAAE,MAAM;YACZ,IAAI,EAAE,KAAK,CAAC,MAAM,CAAC;YACnB,GAAG,EAAE,aAAa,EAAE,EAAE;YACtB,MAAM,EAAE,sCAAsC;SAC/C,CAAC,CAAA;IACJ,CAAC;IAED,oEAAoE;IACpE,MAAM,IAAI,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAA;IAC/C,IAAI,MAAM,GAAG,gBAAgB,CAAA;IAC7B,MAAM,IAAI,GAAG,CAAC,GAAW,EAAE,KAAa,EAAQ,EAAE;QAChD,IAAI,KAAK,GAAG,CAAC,IAAI,MAAM,IAAI,CAAC;YAAE,OAAM;QACpC,IAAI,OAAmC,CAAA;QACvC,IAAI,CAAC;YACH,OAAO,GAAG,WAAW,CAAC,GAAG,EAAE,EAAE,aAAa,EAAE,IAAI,EAAE,CAAC,CAAA;QACrD,CAAC;QAAC,MAAM,CAAC;YACP,OAAM;QACR,CAAC;QACD,KAAK,MAAM,GAAG,IAAI,OAAO,EAAE,CAAC;YAC1B,IAAI,EAAE,MAAM,IAAI,CAAC;gBAAE,OAAM;YACzB,IAAI,GAAG,CAAC,cAAc,EAAE;gBAAE,SAAQ,CAAC,gCAAgC;YACnE,MAAM,IAAI,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,CAAC,IAAI,CAAC,CAAA;YAChC,IAAI,GAAG,CAAC,WAAW,EAAE,EAAE,CAAC;gBACtB,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC;oBAAE,IAAI,CAAC,IAAI,EAAE,KAAK,GAAG,CAAC,CAAC,CAAA;gBACxD,SAAQ;YACV,CAAC;YACD,IAAI,CAAC,GAAG,CAAC,MAAM,EAAE;gBAAE,SAAQ;YAC3B,MAAM,GAAG,GAAG,QAAQ,CAAC,IAAI,EAAE,IAAI,CAAC,CAAA;YAChC,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,GAAG,CAAC;gBAAE,SAAQ;YACrC,IAAI,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC;gBAAE,SAAQ;YAC5B,MAAM,CAAC,GAAG,QAAQ,CAAC,IAAI,CAAC,CAAA;YACxB,IAAI,CAAC,KAAK,SAAS,IAAI,CAAC,CAAC,GAAG,KAAK,CAAC,KAAK,CAAC,EAAE,CAAC;gBACzC,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,CAAA;gBACd,MAAM,CAAC,IAAI,CAAC;oBACV,IAAI,EAAE,IAAI;oBACV,IAAI,EAAE,MAAM;oBACZ,IAAI,EAAE,KAAK,CAAC,CAAC,CAAC;oBACd,GAAG,EAAE,aAAa,IAAI,EAAE;oBACxB,MAAM,EAAE,sDAAsD;iBAC/D,CAAC,CAAA;YACJ,CAAC;QACH,CAAC;IACH,CAAC,CAAA;IACD,IAAI,UAAU,CAAC,IAAI,CAAC;QAAE,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC,CAAA;IAEnC,OAAO,MAAM,CAAA;AACf,CAAC"}
|
|
@@ -1,3 +1,8 @@
|
|
|
1
|
+
/** The seed's display name: its directory basename. The single way to derive a
|
|
2
|
+
* name from a seed path — replaces an ad-hoc mix of `split('/').pop() ?? 'seed'`
|
|
3
|
+
* (which mishandles Windows separators) and bare `basename`. Named `…Of` so it
|
|
4
|
+
* doesn't shadow the conventional `const seedName` at call sites. */
|
|
5
|
+
export declare function seedNameOf(seedPath: string): string;
|
|
1
6
|
/**
|
|
2
7
|
* Resolve a seed directory path. If `seed` is given, use Seeds/<seed>.
|
|
3
8
|
* Otherwise require exactly one seed under ./Seeds and return it.
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"seedResolve.d.ts","sourceRoot":"","sources":["../../src/lib/seedResolve.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"seedResolve.d.ts","sourceRoot":"","sources":["../../src/lib/seedResolve.ts"],"names":[],"mappings":"AAMA;;;qEAGqE;AACrE,wBAAgB,UAAU,CAAC,QAAQ,EAAE,MAAM,GAAG,MAAM,CAEnD;AA6CD;;;;;;;;GAQG;AACH,wBAAgB,eAAe,CAAC,GAAG,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,MAAM,GAAG,MAAM,CA0BlE"}
|
package/dist/lib/seedResolve.js
CHANGED
|
@@ -1,6 +1,14 @@
|
|
|
1
1
|
import { existsSync, readdirSync, statSync } from 'node:fs';
|
|
2
|
-
import { isAbsolute, join,
|
|
2
|
+
import { basename, isAbsolute, join, resolve, sep } from 'node:path';
|
|
3
3
|
import { CompostError } from '../errors.js';
|
|
4
|
+
import { isContainedUnder } from './pathSafe.js';
|
|
5
|
+
/** The seed's display name: its directory basename. The single way to derive a
|
|
6
|
+
* name from a seed path — replaces an ad-hoc mix of `split('/').pop() ?? 'seed'`
|
|
7
|
+
* (which mishandles Windows separators) and bare `basename`. Named `…Of` so it
|
|
8
|
+
* doesn't shadow the conventional `const seedName` at call sites. */
|
|
9
|
+
export function seedNameOf(seedPath) {
|
|
10
|
+
return basename(seedPath);
|
|
11
|
+
}
|
|
4
12
|
/**
|
|
5
13
|
* Seed names are labels, not paths (#211). We reject the patterns that let an
|
|
6
14
|
* attacker escape the Seeds/ root: path separators, `..` segments, absolute
|
|
@@ -27,8 +35,9 @@ function assertSeedName(seed) {
|
|
|
27
35
|
}
|
|
28
36
|
}
|
|
29
37
|
function assertContainedUnder(seedPath, root) {
|
|
30
|
-
|
|
31
|
-
|
|
38
|
+
// seed is non-empty (assertSeedName), so seedPath never equals root here —
|
|
39
|
+
// the strict isContainedUnder is equivalent for every reachable input.
|
|
40
|
+
if (!isContainedUnder(root, seedPath)) {
|
|
32
41
|
throw new CompostError('INVALID_INPUT', `--seed resolves outside the Seeds/ root: ${seedPath}`);
|
|
33
42
|
}
|
|
34
43
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"seedResolve.js","sourceRoot":"","sources":["../../src/lib/seedResolve.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,WAAW,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAA;AAC3D,OAAO,EAAE,
|
|
1
|
+
{"version":3,"file":"seedResolve.js","sourceRoot":"","sources":["../../src/lib/seedResolve.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,WAAW,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAA;AAC3D,OAAO,EAAE,QAAQ,EAAE,UAAU,EAAE,IAAI,EAAE,OAAO,EAAE,GAAG,EAAE,MAAM,WAAW,CAAA;AAEpE,OAAO,EAAE,YAAY,EAAE,MAAM,cAAc,CAAA;AAC3C,OAAO,EAAE,gBAAgB,EAAE,MAAM,eAAe,CAAA;AAEhD;;;qEAGqE;AACrE,MAAM,UAAU,UAAU,CAAC,QAAgB;IACzC,OAAO,QAAQ,CAAC,QAAQ,CAAC,CAAA;AAC3B,CAAC;AAED;;;;;;;;;;GAUG;AACH,SAAS,cAAc,CAAC,IAAY;IAClC,IAAI,IAAI,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACtB,MAAM,IAAI,YAAY,CAAC,eAAe,EAAE,wBAAwB,CAAC,CAAA;IACnE,CAAC;IACD,IAAI,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;QAC9C,MAAM,IAAI,YAAY,CACpB,eAAe,EACf,8CAA8C,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,EAAE,CACrE,CAAA;IACH,CAAC;IACD,IAAI,IAAI,KAAK,GAAG,IAAI,IAAI,KAAK,IAAI,IAAI,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;QACpE,MAAM,IAAI,YAAY,CACpB,eAAe,EACf,4CAA4C,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,EAAE,CACnE,CAAA;IACH,CAAC;IACD,IAAI,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC;QACrB,MAAM,IAAI,YAAY,CACpB,eAAe,EACf,oDAAoD,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,EAAE,CAC3E,CAAA;IACH,CAAC;AACH,CAAC;AAED,SAAS,oBAAoB,CAAC,QAAgB,EAAE,IAAY;IAC1D,2EAA2E;IAC3E,uEAAuE;IACvE,IAAI,CAAC,gBAAgB,CAAC,IAAI,EAAE,QAAQ,CAAC,EAAE,CAAC;QACtC,MAAM,IAAI,YAAY,CAAC,eAAe,EAAE,4CAA4C,QAAQ,EAAE,CAAC,CAAA;IACjG,CAAC;AACH,CAAC;AAED;;;;;;;;GAQG;AACH,MAAM,UAAU,eAAe,CAAC,GAAW,EAAE,IAAa;IACxD,MAAM,IAAI,GAAG,OAAO,CAAC,GAAG,EAAE,OAAO,CAAC,CAAA;IAClC,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC;QACtB,MAAM,IAAI,YAAY,CAAC,aAAa,EAAE,0BAA0B,IAAI,EAAE,CAAC,CAAA;IACzE,CAAC;IACD,IAAI,IAAI,KAAK,SAAS,EAAE,CAAC;QACvB,cAAc,CAAC,IAAI,CAAC,CAAA;QACpB,MAAM,CAAC,GAAG,OAAO,CAAC,IAAI,EAAE,IAAI,CAAC,CAAA;QAC7B,oBAAoB,CAAC,CAAC,EAAE,IAAI,CAAC,CAAA;QAC7B,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,EAAE,CAAC;YACnB,MAAM,IAAI,YAAY,CAAC,aAAa,EAAE,SAAS,IAAI,qBAAqB,IAAI,EAAE,CAAC,CAAA;QACjF,CAAC;QACD,OAAO,CAAC,CAAA;IACV,CAAC;IACD,MAAM,OAAO,GAAG,WAAW,CAAC,IAAI,CAAC,CAAC,MAAM,CACtC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,QAAQ,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE,CACnE,CAAA;IACD,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC;QAAE,MAAM,IAAI,YAAY,CAAC,aAAa,EAAE,kBAAkB,IAAI,EAAE,CAAC,CAAA;IACzF,IAAI,OAAO,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACvB,MAAM,IAAI,YAAY,CACpB,eAAe,EACf,wBAAwB,IAAI,KAAK,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,wBAAwB,CAC5E,CAAA;IACH,CAAC;IACD,8HAA8H;IAC9H,OAAO,OAAO,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC,CAAE,CAAC,CAAA;AACnC,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"session.d.ts","sourceRoot":"","sources":["../../src/lib/session.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"session.d.ts","sourceRoot":"","sources":["../../src/lib/session.ts"],"names":[],"mappings":"AAOA,MAAM,WAAW,WAAW;IAC1B,UAAU,EAAE,MAAM,CAAA;IAClB,IAAI,EAAE,MAAM,CAAA;IACZ,eAAe,EAAE,MAAM,CAAA;IACvB,UAAU,EAAE,OAAO,CAAA;IACnB,MAAM,EAAE,KAAK,CAAC;QAAE,EAAE,EAAE,MAAM,CAAC;QAAC,KAAK,EAAE,MAAM,CAAC;QAAC,OAAO,EAAE,MAAM,CAAC;QAAC,IAAI,EAAE,MAAM,CAAA;KAAE,CAAC,CAAA;CAC5E;AAED,MAAM,WAAW,cAAc;IAC7B,UAAU,EAAE,MAAM,CAAA;IAClB,cAAc,EAAE,OAAO,CAAA;IACvB,eAAe,EAAE,MAAM,CAAA;IACvB,WAAW,EAAE,MAAM,CAAA;IACnB,WAAW,EAAE,MAAM,GAAG,IAAI,CAAA;CAC3B;AAED;;;;;GAKG;AACH,wBAAgB,YAAY,CAAC,QAAQ,EAAE,MAAM,GAAG,cAAc,EAAE,CA2C/D;AAED;;;;GAIG;AACH,wBAAgB,UAAU,CAAC,QAAQ,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,GAAG,WAAW,CA8B3E"}
|
package/dist/lib/session.js
CHANGED
|
@@ -1,6 +1,8 @@
|
|
|
1
1
|
import { existsSync, readdirSync, readFileSync } from 'node:fs';
|
|
2
2
|
import { join } from 'node:path';
|
|
3
3
|
import { CompostError } from '../errors.js';
|
|
4
|
+
import { seedNameOf } from './seedResolve.js';
|
|
5
|
+
import { assertSessionContained } from './sessionId.js';
|
|
4
6
|
/**
|
|
5
7
|
* List a seed's sessions with lightweight counts for the seed home page and the
|
|
6
8
|
* sessions API. Cheap: parses each transcript.json only for top-level counts,
|
|
@@ -54,9 +56,9 @@ export function listSessions(seedPath) {
|
|
|
54
56
|
* agent can pull a full session into context.
|
|
55
57
|
*/
|
|
56
58
|
export function getSession(seedPath, sessionId) {
|
|
57
|
-
|
|
58
|
-
|
|
59
|
-
|
|
59
|
+
// Validate the id (regex) AND assert it stays under <seed>/sessions/ before
|
|
60
|
+
// any fs op — the containment backstop is belt-and-braces over the regex.
|
|
61
|
+
assertSessionContained(seedPath, sessionId);
|
|
60
62
|
const dir = join(seedPath, 'sessions', sessionId);
|
|
61
63
|
if (!existsSync(dir)) {
|
|
62
64
|
throw new CompostError('FILE_NOT_FOUND', `No session "${sessionId}" under ${seedPath}/sessions`);
|
|
@@ -74,7 +76,7 @@ export function getSession(seedPath, sessionId) {
|
|
|
74
76
|
}
|
|
75
77
|
return {
|
|
76
78
|
session_id: sessionId,
|
|
77
|
-
seed: seedPath
|
|
79
|
+
seed: seedNameOf(seedPath),
|
|
78
80
|
transcript_path: transcriptPath,
|
|
79
81
|
transcript,
|
|
80
82
|
frames: deriveFrameIndex(transcript, dir),
|
package/dist/lib/session.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"session.js","sourceRoot":"","sources":["../../src/lib/session.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,WAAW,EAAE,YAAY,EAAE,MAAM,SAAS,CAAA;AAC/D,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAA;AAEhC,OAAO,EAAE,YAAY,EAAE,MAAM,cAAc,CAAA;
|
|
1
|
+
{"version":3,"file":"session.js","sourceRoot":"","sources":["../../src/lib/session.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,WAAW,EAAE,YAAY,EAAE,MAAM,SAAS,CAAA;AAC/D,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAA;AAEhC,OAAO,EAAE,YAAY,EAAE,MAAM,cAAc,CAAA;AAC3C,OAAO,EAAE,UAAU,EAAE,MAAM,kBAAkB,CAAA;AAC7C,OAAO,EAAE,sBAAsB,EAAE,MAAM,gBAAgB,CAAA;AAkBvD;;;;;GAKG;AACH,MAAM,UAAU,YAAY,CAAC,QAAgB;IAC3C,MAAM,GAAG,GAAG,IAAI,CAAC,QAAQ,EAAE,UAAU,CAAC,CAAA;IACtC,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC;QAAE,OAAO,EAAE,CAAA;IAC/B,MAAM,GAAG,GAAG,WAAW,CAAC,GAAG,EAAE,EAAE,aAAa,EAAE,IAAI,EAAE,CAAC;SAClD,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,WAAW,EAAE,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC;SACpF,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC;SAClB,IAAI,EAAE,CAAA;IAET,OAAO,GAAG,CAAC,GAAG,CAAC,CAAC,UAAU,EAAE,EAAE;QAC5B,MAAM,cAAc,GAAG,IAAI,CAAC,GAAG,EAAE,UAAU,EAAE,iBAAiB,CAAC,CAAA;QAC/D,IAAI,CAAC,UAAU,CAAC,cAAc,CAAC,EAAE,CAAC;YAChC,OAAO;gBACL,UAAU;gBACV,cAAc,EAAE,KAAK;gBACrB,eAAe,EAAE,CAAC;gBAClB,WAAW,EAAE,CAAC;gBACd,WAAW,EAAE,IAAI;aAClB,CAAA;QACH,CAAC;QACD,IAAI,CAAC;YACH,MAAM,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,cAAc,EAAE,MAAM,CAAC,CAIxD,CAAA;YACD,OAAO;gBACL,UAAU;gBACV,cAAc,EAAE,IAAI;gBACpB,eAAe,EAAE,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;gBACtE,WAAW,EAAE,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;gBAC1D,WAAW,EAAE,OAAO,CAAC,CAAC,WAAW,KAAK,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,IAAI;aACtE,CAAA;QACH,CAAC;QAAC,MAAM,CAAC;YACP,0EAA0E;YAC1E,OAAO;gBACL,UAAU;gBACV,cAAc,EAAE,KAAK;gBACrB,eAAe,EAAE,CAAC;gBAClB,WAAW,EAAE,CAAC;gBACd,WAAW,EAAE,IAAI;aAClB,CAAA;QACH,CAAC;IACH,CAAC,CAAC,CAAA;AACJ,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,UAAU,CAAC,QAAgB,EAAE,SAAiB;IAC5D,4EAA4E;IAC5E,0EAA0E;IAC1E,sBAAsB,CAAC,QAAQ,EAAE,SAAS,CAAC,CAAA;IAC3C,MAAM,GAAG,GAAG,IAAI,CAAC,QAAQ,EAAE,UAAU,EAAE,SAAS,CAAC,CAAA;IACjD,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;QACrB,MAAM,IAAI,YAAY,CAAC,gBAAgB,EAAE,eAAe,SAAS,WAAW,QAAQ,WAAW,CAAC,CAAA;IAClG,CAAC;IACD,MAAM,cAAc,GAAG,IAAI,CAAC,GAAG,EAAE,iBAAiB,CAAC,CAAA;IACnD,IAAI,CAAC,UAAU,CAAC,cAAc,CAAC,EAAE,CAAC;QAChC,MAAM,IAAI,YAAY,CACpB,gBAAgB,EAChB,YAAY,SAAS,8DAA8D,CACpF,CAAA;IACH,CAAC;IAED,IAAI,UAAmB,CAAA;IACvB,IAAI,CAAC;QACH,UAAU,GAAG,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,cAAc,EAAE,MAAM,CAAC,CAAC,CAAA;IAC/D,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,IAAI,YAAY,CAAC,eAAe,EAAE,mBAAmB,cAAc,KAAK,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,CAAA;IAC9F,CAAC;IAED,OAAO;QACL,UAAU,EAAE,SAAS;QACrB,IAAI,EAAE,UAAU,CAAC,QAAQ,CAAC;QAC1B,eAAe,EAAE,cAAc;QAC/B,UAAU;QACV,MAAM,EAAE,gBAAgB,CAAC,UAAU,EAAE,GAAG,CAAC;KAC1C,CAAA;AACH,CAAC;AAED;;;;GAIG;AACH,SAAS,gBAAgB,CAAC,UAAmB,EAAE,UAAkB;IAC/D,MAAM,cAAc,GAAI,UAAmC,CAAC,MAAM,CAAA;IAClE,IAAI,KAAK,CAAC,OAAO,CAAC,cAAc,CAAC,EAAE,CAAC;QAClC,OAAO,cAAc;aAClB,MAAM,CAAC,CAAC,CAAC,EAAgC,EAAE,CAAC,OAAO,CAAC,KAAK,QAAQ,IAAI,CAAC,KAAK,IAAI,CAAC;aAChF,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;YACX,EAAE,EAAE,MAAM,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,CAAC;YACtB,KAAK,EAAE,OAAO,CAAC,CAAC,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;YAChD,OAAO,EAAE,MAAM,CAAC,CAAC,CAAC,OAAO,IAAI,SAAS,CAAC;YACvC,IAAI,EAAE,MAAM,CAAC,CAAC,CAAC,IAAI,IAAI,EAAE,CAAC;SAC3B,CAAC,CAAC,CAAA;IACP,CAAC;IACD,2EAA2E;IAC3E,MAAM,SAAS,GAAG,IAAI,CAAC,UAAU,EAAE,QAAQ,CAAC,CAAA;IAC5C,IAAI,CAAC,UAAU,CAAC,SAAS,CAAC;QAAE,OAAO,EAAE,CAAA;IACrC,OAAO,WAAW,CAAC,SAAS,CAAC;SAC1B,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,oBAAoB,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;SAC3C,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,KAAK,EAAE,CAAC,EAAE,OAAO,EAAE,SAAS,EAAE,IAAI,EAAE,IAAI,CAAC,QAAQ,EAAE,CAAC,CAAC,EAAE,CAAC,CAAC,CAAA;AACnF,CAAC"}
|
|
@@ -0,0 +1,9 @@
|
|
|
1
|
+
/** Throw INVALID_INPUT unless `sessionId` is a bare, path-safe label. */
|
|
2
|
+
export declare function assertSessionId(sessionId: string): void;
|
|
3
|
+
/**
|
|
4
|
+
* Resolve `<seedPath>/sessions/<sessionId>` and assert it stays under the
|
|
5
|
+
* seed's `sessions/` root. Returns the validated absolute directory. Catches
|
|
6
|
+
* any escape the deny-list regex might miss before any fs op runs.
|
|
7
|
+
*/
|
|
8
|
+
export declare function assertSessionContained(seedPath: string, sessionId: string): string;
|
|
9
|
+
//# sourceMappingURL=sessionId.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"sessionId.d.ts","sourceRoot":"","sources":["../../src/lib/sessionId.ts"],"names":[],"mappings":"AAmBA,yEAAyE;AACzE,wBAAgB,eAAe,CAAC,SAAS,EAAE,MAAM,GAAG,IAAI,CAOvD;AAED;;;;GAIG;AACH,wBAAgB,sBAAsB,CAAC,QAAQ,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,GAAG,MAAM,CAQlF"}
|
|
@@ -0,0 +1,37 @@
|
|
|
1
|
+
import { resolve } from 'node:path';
|
|
2
|
+
import { CompostError } from '../errors.js';
|
|
3
|
+
import { isContainedUnder } from './pathSafe.js';
|
|
4
|
+
/**
|
|
5
|
+
* Session ids are bare labels, not paths (#211 followup). A session id indexes
|
|
6
|
+
* into `<seed>/sessions/<id>/`, so a value containing a path separator or a `..`
|
|
7
|
+
* segment would let a write/exec path escape the seed. The read path
|
|
8
|
+
* (`getSession`, session.ts) and the Docker transcriber HTTP route already
|
|
9
|
+
* enforce this regex; this module is the single source of truth so every
|
|
10
|
+
* write/exec entry (import, snap, native transcribe) validates identically.
|
|
11
|
+
*
|
|
12
|
+
* The pattern intentionally disallows `.` entirely, so `.`, `..`, and `./`
|
|
13
|
+
* cannot appear — `assertSessionContained` below is belt-and-braces in the
|
|
14
|
+
* spirit of `assertContainedUnder` in seedResolve.ts.
|
|
15
|
+
*/
|
|
16
|
+
const SESSION_ID_RE = /^[A-Za-z0-9_-]+$/;
|
|
17
|
+
/** Throw INVALID_INPUT unless `sessionId` is a bare, path-safe label. */
|
|
18
|
+
export function assertSessionId(sessionId) {
|
|
19
|
+
if (!SESSION_ID_RE.test(sessionId)) {
|
|
20
|
+
throw new CompostError('INVALID_INPUT', `Invalid session id ${JSON.stringify(sessionId)} — use letters, digits, '-' or '_' only (no path separators or '..').`);
|
|
21
|
+
}
|
|
22
|
+
}
|
|
23
|
+
/**
|
|
24
|
+
* Resolve `<seedPath>/sessions/<sessionId>` and assert it stays under the
|
|
25
|
+
* seed's `sessions/` root. Returns the validated absolute directory. Catches
|
|
26
|
+
* any escape the deny-list regex might miss before any fs op runs.
|
|
27
|
+
*/
|
|
28
|
+
export function assertSessionContained(seedPath, sessionId) {
|
|
29
|
+
assertSessionId(sessionId);
|
|
30
|
+
const sessionsRoot = resolve(seedPath, 'sessions');
|
|
31
|
+
const dir = resolve(sessionsRoot, sessionId);
|
|
32
|
+
if (!isContainedUnder(sessionsRoot, dir)) {
|
|
33
|
+
throw new CompostError('INVALID_INPUT', `Session id resolves outside the seed: ${dir}`);
|
|
34
|
+
}
|
|
35
|
+
return dir;
|
|
36
|
+
}
|
|
37
|
+
//# sourceMappingURL=sessionId.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"sessionId.js","sourceRoot":"","sources":["../../src/lib/sessionId.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAA;AAEnC,OAAO,EAAE,YAAY,EAAE,MAAM,cAAc,CAAA;AAC3C,OAAO,EAAE,gBAAgB,EAAE,MAAM,eAAe,CAAA;AAEhD;;;;;;;;;;;GAWG;AACH,MAAM,aAAa,GAAG,kBAAkB,CAAA;AAExC,yEAAyE;AACzE,MAAM,UAAU,eAAe,CAAC,SAAiB;IAC/C,IAAI,CAAC,aAAa,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,CAAC;QACnC,MAAM,IAAI,YAAY,CACpB,eAAe,EACf,sBAAsB,IAAI,CAAC,SAAS,CAAC,SAAS,CAAC,uEAAuE,CACvH,CAAA;IACH,CAAC;AACH,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,sBAAsB,CAAC,QAAgB,EAAE,SAAiB;IACxE,eAAe,CAAC,SAAS,CAAC,CAAA;IAC1B,MAAM,YAAY,GAAG,OAAO,CAAC,QAAQ,EAAE,UAAU,CAAC,CAAA;IAClD,MAAM,GAAG,GAAG,OAAO,CAAC,YAAY,EAAE,SAAS,CAAC,CAAA;IAC5C,IAAI,CAAC,gBAAgB,CAAC,YAAY,EAAE,GAAG,CAAC,EAAE,CAAC;QACzC,MAAM,IAAI,YAAY,CAAC,eAAe,EAAE,yCAAyC,GAAG,EAAE,CAAC,CAAA;IACzF,CAAC;IACD,OAAO,GAAG,CAAA;AACZ,CAAC"}
|
package/dist/lib/setup.d.ts
CHANGED
|
@@ -39,6 +39,10 @@ export interface SetupDeps {
|
|
|
39
39
|
/** Keychain backend for HF-token resolution; `null` forces file-only (tests). */
|
|
40
40
|
keychain?: KeychainBackend | null;
|
|
41
41
|
}
|
|
42
|
+
/** Per-repo timeout for the gated-license probe — a slow/hanging HuggingFace
|
|
43
|
+
* response must never stall `compost setup`, which is meant to be cheap and
|
|
44
|
+
* deterministic. On timeout the check degrades to a "could not verify" warn. */
|
|
45
|
+
export declare const LICENSE_PROBE_TIMEOUT_MS = 5000;
|
|
42
46
|
/**
|
|
43
47
|
* Run every prerequisite probe and return a checklist. Read-only: probes,
|
|
44
48
|
* never installs. The `/compost-setup` skill reads this JSON and offers to run
|
package/dist/lib/setup.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"setup.d.ts","sourceRoot":"","sources":["../../src/lib/setup.ts"],"names":[],"mappings":"AAKA,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,iBAAiB,CAAA;
|
|
1
|
+
{"version":3,"file":"setup.d.ts","sourceRoot":"","sources":["../../src/lib/setup.ts"],"names":[],"mappings":"AAKA,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,iBAAiB,CAAA;AAGhD,OAAO,EAAiC,KAAK,eAAe,EAAiB,MAAM,cAAc,CAAA;AAKjG,MAAM,MAAM,WAAW,GAAG,IAAI,GAAG,MAAM,GAAG,MAAM,CAAA;AAEhD,MAAM,WAAW,UAAU;IACzB,oDAAoD;IACpD,EAAE,EAAE,MAAM,CAAA;IACV,uBAAuB;IACvB,KAAK,EAAE,MAAM,CAAA;IACb,MAAM,EAAE,WAAW,CAAA;IACnB,wBAAwB;IACxB,MAAM,EAAE,MAAM,CAAA;IACd,4DAA4D;IAC5D,GAAG,EAAE,MAAM,GAAG,IAAI,CAAA;CACnB;AAED,MAAM,WAAW,WAAW;IAC1B,cAAc,EAAE,KAAK,CAAA;IACrB,KAAK,EAAE,OAAO,CAAA;IACd,MAAM,EAAE,UAAU,EAAE,CAAA;CACrB;AAED,MAAM,WAAW,SAAS;IACxB,GAAG,CAAC,EAAE,MAAM,CAAA;IACZ,SAAS,CAAC,EAAE,SAAS,CAAA;IACrB,wEAAwE;IACxE,IAAI,CAAC,EAAE,CAAC,GAAG,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,KAAK,OAAO,CAAC;QAAE,MAAM,EAAE,MAAM,CAAC;QAAC,EAAE,EAAE,OAAO,CAAA;KAAE,CAAC,CAAA;IAChF,GAAG,CAAC,EAAE,MAAM,CAAC,UAAU,CAAA;IACvB,wDAAwD;IACxD,SAAS,CAAC,EAAE,MAAM,CAAA;IAClB,4DAA4D;IAC5D,cAAc,CAAC,EAAE,MAAM,CAAA;IACvB,iEAAiE;IACjE,oBAAoB,CAAC,EAAE,MAAM,EAAE,CAAA;IAC/B,2EAA2E;IAC3E,YAAY,CAAC,EAAE,OAAO,CAAA;IACtB,sEAAsE;IACtE,IAAI,CAAC,EAAE,MAAM,CAAA;IACb,iFAAiF;IACjF,QAAQ,CAAC,EAAE,eAAe,GAAG,IAAI,CAAA;CAClC;AAID;;gFAEgF;AAChF,eAAO,MAAM,wBAAwB,OAAO,CAAA;AAe5C;;;;;GAKG;AACH,wBAAsB,QAAQ,CAAC,IAAI,GAAE,SAAc,GAAG,OAAO,CAAC,WAAW,CAAC,CA6TzE"}
|
package/dist/lib/setup.js
CHANGED
|
@@ -2,16 +2,22 @@ import { execFile } from 'node:child_process';
|
|
|
2
2
|
import { existsSync, readdirSync } from 'node:fs';
|
|
3
3
|
import { join, resolve } from 'node:path';
|
|
4
4
|
import { promisify } from 'node:util';
|
|
5
|
-
import { resolveFetch } from '../llm/http.js';
|
|
5
|
+
import { fetchWithTimeout, resolveFetch } from '../llm/http.js';
|
|
6
|
+
import { scrubbedEnv } from './childEnv.js';
|
|
6
7
|
import { diagnoseNativeRuntime, isAppleSilicon, resolveNativeRuntime } from './nativeRuntime.js';
|
|
7
8
|
import { auditSecretsPerms, HF_ALIASES, resolveSecret } from './secrets.js';
|
|
8
9
|
import { checkVersionStatus, UPGRADE_COMMAND } from './version.js';
|
|
9
10
|
const execFileAsync = promisify(execFile);
|
|
10
11
|
const PYANNOTE_GATED_REPOS = ['pyannote/speaker-diarization-3.1', 'pyannote/segmentation-3.0'];
|
|
12
|
+
/** Per-repo timeout for the gated-license probe — a slow/hanging HuggingFace
|
|
13
|
+
* response must never stall `compost setup`, which is meant to be cheap and
|
|
14
|
+
* deterministic. On timeout the check degrades to a "could not verify" warn. */
|
|
15
|
+
export const LICENSE_PROBE_TIMEOUT_MS = 5000;
|
|
11
16
|
const DEFAULT_REQUIRED_MODELS = ['bge-m3'];
|
|
12
17
|
const defaultExec = async (cmd, args) => {
|
|
13
18
|
try {
|
|
14
|
-
|
|
19
|
+
// Probes (docker info, python import checks) need no compost secrets (#236).
|
|
20
|
+
const { stdout } = await execFileAsync(cmd, args, { timeout: 5000, env: scrubbedEnv() });
|
|
15
21
|
return { stdout, ok: true };
|
|
16
22
|
}
|
|
17
23
|
catch (err) {
|
|
@@ -244,32 +250,31 @@ export async function runSetup(deps = {}) {
|
|
|
244
250
|
// 6. pyannote license — must be a FILE fetch, not a metadata ping (the
|
|
245
251
|
// /api/models endpoint returns 200 even when the license isn't accepted).
|
|
246
252
|
for (const repo of PYANNOTE_GATED_REPOS) {
|
|
247
|
-
|
|
253
|
+
const id = `pyannote:${repo}`;
|
|
254
|
+
const label = `pyannote license: ${repo}`;
|
|
248
255
|
try {
|
|
249
|
-
const res = await fetchImpl
|
|
250
|
-
|
|
251
|
-
|
|
252
|
-
|
|
253
|
-
|
|
256
|
+
const res = await fetchWithTimeout(fetchImpl, `https://huggingface.co/${repo}/resolve/main/config.yaml`, { method: 'GET', headers: { Authorization: `Bearer ${hfToken}` } }, LICENSE_PROBE_TIMEOUT_MS);
|
|
257
|
+
checks.push(res.ok
|
|
258
|
+
? { id, label, status: 'ok', detail: 'accepted', fix: null }
|
|
259
|
+
: {
|
|
260
|
+
id,
|
|
261
|
+
label,
|
|
262
|
+
status: 'warn',
|
|
263
|
+
detail: 'license not accepted (403 on the gated model file)',
|
|
264
|
+
fix: `Accept at https://huggingface.co/${repo} (logged in as the token's account)`,
|
|
265
|
+
});
|
|
254
266
|
}
|
|
255
267
|
catch {
|
|
256
|
-
|
|
257
|
-
|
|
258
|
-
|
|
259
|
-
|
|
260
|
-
|
|
261
|
-
label: `pyannote license: ${repo}`,
|
|
262
|
-
status: 'ok',
|
|
263
|
-
detail: 'accepted',
|
|
264
|
-
fix: null,
|
|
265
|
-
}
|
|
266
|
-
: {
|
|
267
|
-
id: `pyannote:${repo}`,
|
|
268
|
-
label: `pyannote license: ${repo}`,
|
|
268
|
+
// Network failure or the probe timed out — can't verify, but a flaky or
|
|
269
|
+
// slow HuggingFace must not fail setup; surface an unverified warn.
|
|
270
|
+
checks.push({
|
|
271
|
+
id,
|
|
272
|
+
label,
|
|
269
273
|
status: 'warn',
|
|
270
|
-
detail: '
|
|
271
|
-
fix: `
|
|
274
|
+
detail: 'could not verify license (HuggingFace unreachable or timed out)',
|
|
275
|
+
fix: `Check at https://huggingface.co/${repo}`,
|
|
272
276
|
});
|
|
277
|
+
}
|
|
273
278
|
}
|
|
274
279
|
}
|
|
275
280
|
// 7. Seeds/ directory present.
|