@true-and-useful/janee 0.10.0 → 0.11.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +32 -0
- package/dist/cli/commands/authority.d.ts +7 -0
- package/dist/cli/commands/authority.d.ts.map +1 -0
- package/dist/cli/commands/authority.js +48 -0
- package/dist/cli/commands/authority.js.map +1 -0
- package/dist/cli/commands/serve-mcp.d.ts +5 -0
- package/dist/cli/commands/serve-mcp.d.ts.map +1 -1
- package/dist/cli/commands/serve-mcp.js +87 -13
- package/dist/cli/commands/serve-mcp.js.map +1 -1
- package/dist/cli/config-yaml.js +1 -1
- package/dist/cli/config-yaml.js.map +1 -1
- package/dist/cli/index.js +13 -0
- package/dist/cli/index.js.map +1 -1
- package/dist/core/authority.d.ts +66 -0
- package/dist/core/authority.d.ts.map +1 -0
- package/dist/core/authority.js +170 -0
- package/dist/core/authority.js.map +1 -0
- package/dist/core/exec.d.ts +16 -18
- package/dist/core/exec.d.ts.map +1 -1
- package/dist/core/exec.js +51 -58
- package/dist/core/exec.js.map +1 -1
- package/dist/core/mcp-server.d.ts +11 -0
- package/dist/core/mcp-server.d.ts.map +1 -1
- package/dist/core/mcp-server.js +87 -34
- package/dist/core/mcp-server.js.map +1 -1
- package/dist/core/runner-proxy.d.ts +12 -0
- package/dist/core/runner-proxy.d.ts.map +1 -0
- package/dist/core/runner-proxy.js +96 -0
- package/dist/core/runner-proxy.js.map +1 -0
- package/package.json +1 -1
|
@@ -0,0 +1,170 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
3
|
+
return (mod && mod.__esModule) ? mod : { "default": mod };
|
|
4
|
+
};
|
|
5
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
6
|
+
exports.createAuthorityApp = createAuthorityApp;
|
|
7
|
+
exports.buildAuthorityHooks = buildAuthorityHooks;
|
|
8
|
+
exports.authorityAuthorizeExec = authorityAuthorizeExec;
|
|
9
|
+
exports.authorityCompleteExec = authorityCompleteExec;
|
|
10
|
+
const express_1 = __importDefault(require("express"));
|
|
11
|
+
const crypto_1 = require("crypto");
|
|
12
|
+
const exec_js_1 = require("./exec.js");
|
|
13
|
+
function createAuthorityApp(apiKey, hooks) {
|
|
14
|
+
const app = (0, express_1.default)();
|
|
15
|
+
app.use(express_1.default.json({ limit: '512kb' }));
|
|
16
|
+
app.use((req, res, next) => {
|
|
17
|
+
if (req.path === '/v1/health') {
|
|
18
|
+
next();
|
|
19
|
+
return;
|
|
20
|
+
}
|
|
21
|
+
const provided = req.header('x-janee-runner-key');
|
|
22
|
+
if (!provided || provided.length !== apiKey.length ||
|
|
23
|
+
!(0, crypto_1.timingSafeEqual)(Buffer.from(provided), Buffer.from(apiKey))) {
|
|
24
|
+
res.status(401).json({ error: 'Unauthorized runner request' });
|
|
25
|
+
return;
|
|
26
|
+
}
|
|
27
|
+
next();
|
|
28
|
+
});
|
|
29
|
+
app.get('/v1/health', (_req, res) => {
|
|
30
|
+
res.status(200).json({ ok: true, mode: 'authority' });
|
|
31
|
+
});
|
|
32
|
+
app.post('/v1/exec/authorize', async (req, res) => {
|
|
33
|
+
try {
|
|
34
|
+
const body = req.body;
|
|
35
|
+
if (!body?.runner?.runnerId || !Array.isArray(body?.command) || body.command.length === 0 || !body.capabilityId) {
|
|
36
|
+
res.status(400).json({ error: 'Invalid authorize request' });
|
|
37
|
+
return;
|
|
38
|
+
}
|
|
39
|
+
const response = await hooks.authorizeExec(body);
|
|
40
|
+
res.status(200).json(response);
|
|
41
|
+
}
|
|
42
|
+
catch (error) {
|
|
43
|
+
res.status(403).json({ error: error instanceof Error ? error.message : 'Authorization failed' });
|
|
44
|
+
}
|
|
45
|
+
});
|
|
46
|
+
app.post('/v1/exec/complete', async (req, res) => {
|
|
47
|
+
try {
|
|
48
|
+
const body = req.body;
|
|
49
|
+
if (!body?.grantId) {
|
|
50
|
+
res.status(400).json({ error: 'grantId is required' });
|
|
51
|
+
return;
|
|
52
|
+
}
|
|
53
|
+
await hooks.completeExec(body);
|
|
54
|
+
res.status(200).json({ ok: true });
|
|
55
|
+
}
|
|
56
|
+
catch (error) {
|
|
57
|
+
res.status(500).json({ error: error instanceof Error ? error.message : 'completion failed' });
|
|
58
|
+
}
|
|
59
|
+
});
|
|
60
|
+
return app;
|
|
61
|
+
}
|
|
62
|
+
/**
|
|
63
|
+
* Build standard authority exec hooks from config.
|
|
64
|
+
* Used by both standalone `janee authority` and integrated HTTP serve.
|
|
65
|
+
*/
|
|
66
|
+
function buildAuthorityHooks(config, auditLogger) {
|
|
67
|
+
const grantCache = new Map();
|
|
68
|
+
return {
|
|
69
|
+
authorizeExec: async (req) => {
|
|
70
|
+
const cap = config.capabilities.find((c) => c.name === req.capabilityId);
|
|
71
|
+
if (!cap)
|
|
72
|
+
throw new Error(`Unknown capability: ${req.capabilityId}`);
|
|
73
|
+
if (cap.mode !== 'exec')
|
|
74
|
+
throw new Error('Capability is not exec-mode');
|
|
75
|
+
if (cap.allowedAgents && cap.allowedAgents.length > 0 && req.agentId && !cap.allowedAgents.includes(req.agentId)) {
|
|
76
|
+
throw new Error(`Agent ${req.agentId} is not allowed for capability ${cap.name}`);
|
|
77
|
+
}
|
|
78
|
+
const cmdCheck = (0, exec_js_1.validateCommand)(req.command, cap.allowCommands || []);
|
|
79
|
+
if (!cmdCheck.allowed) {
|
|
80
|
+
throw new Error(cmdCheck.reason || 'Command denied by policy');
|
|
81
|
+
}
|
|
82
|
+
const service = config.services[cap.service];
|
|
83
|
+
if (!service)
|
|
84
|
+
throw new Error(`Service not found: ${cap.service}`);
|
|
85
|
+
let credential = '';
|
|
86
|
+
let extraCredentials;
|
|
87
|
+
if (service.auth.type === 'bearer') {
|
|
88
|
+
credential = service.auth.key || '';
|
|
89
|
+
}
|
|
90
|
+
else if (service.auth.type === 'hmac-mexc' || service.auth.type === 'hmac-bybit' || service.auth.type === 'hmac-okx') {
|
|
91
|
+
extraCredentials = {
|
|
92
|
+
apiKey: service.auth.apiKey,
|
|
93
|
+
apiSecret: service.auth.apiSecret,
|
|
94
|
+
passphrase: service.auth.passphrase,
|
|
95
|
+
};
|
|
96
|
+
}
|
|
97
|
+
const envInjections = (0, exec_js_1.buildExecEnv)(cap.env || {}, credential, extraCredentials);
|
|
98
|
+
const scrubValues = [credential, extraCredentials?.apiKey, extraCredentials?.apiSecret, extraCredentials?.passphrase]
|
|
99
|
+
.filter((v) => Boolean(v));
|
|
100
|
+
const grantId = (0, crypto_1.randomUUID)();
|
|
101
|
+
grantCache.set(grantId, { startedAt: Date.now(), capabilityId: cap.name });
|
|
102
|
+
const effectiveTimeoutMs = Math.min(req.timeoutMs || cap.timeout || 30000, cap.timeout || 30000);
|
|
103
|
+
return {
|
|
104
|
+
grantId,
|
|
105
|
+
grantExpiresAt: new Date(Date.now() + 60_000).toISOString(),
|
|
106
|
+
effectiveTimeoutMs,
|
|
107
|
+
envInjections,
|
|
108
|
+
scrubValues,
|
|
109
|
+
constraints: {
|
|
110
|
+
cwd: cap.workDir,
|
|
111
|
+
policyHash: (0, exec_js_1.hashPolicyFingerprint)(cap),
|
|
112
|
+
executable: req.command[0],
|
|
113
|
+
command: req.command,
|
|
114
|
+
},
|
|
115
|
+
};
|
|
116
|
+
},
|
|
117
|
+
completeExec: async (req) => {
|
|
118
|
+
const grant = grantCache.get(req.grantId);
|
|
119
|
+
grantCache.delete(req.grantId);
|
|
120
|
+
auditLogger.log({
|
|
121
|
+
service: grant?.capabilityId || 'unknown',
|
|
122
|
+
method: 'EXEC_COMPLETE',
|
|
123
|
+
path: req.grantId,
|
|
124
|
+
headers: {},
|
|
125
|
+
body: undefined,
|
|
126
|
+
}, {
|
|
127
|
+
statusCode: req.exitCode === 0 ? 200 : 500,
|
|
128
|
+
headers: {},
|
|
129
|
+
body: JSON.stringify({
|
|
130
|
+
durationMs: req.durationMs,
|
|
131
|
+
stdoutBytes: req.stdoutBytes,
|
|
132
|
+
stderrBytes: req.stderrBytes,
|
|
133
|
+
scrubbedStdoutHits: req.scrubbedStdoutHits,
|
|
134
|
+
scrubbedStderrHits: req.scrubbedStderrHits,
|
|
135
|
+
}),
|
|
136
|
+
}, req.durationMs);
|
|
137
|
+
},
|
|
138
|
+
};
|
|
139
|
+
}
|
|
140
|
+
async function authorityAuthorizeExec(authorityUrl, runnerKey, request) {
|
|
141
|
+
const res = await fetch(`${authorityUrl.replace(/\/$/, '')}/v1/exec/authorize`, {
|
|
142
|
+
method: 'POST',
|
|
143
|
+
headers: {
|
|
144
|
+
'content-type': 'application/json',
|
|
145
|
+
'x-janee-runner-key': runnerKey,
|
|
146
|
+
'x-janee-request-id': request.requestId || (0, crypto_1.randomUUID)(),
|
|
147
|
+
},
|
|
148
|
+
body: JSON.stringify(request),
|
|
149
|
+
});
|
|
150
|
+
if (!res.ok) {
|
|
151
|
+
const body = await res.text();
|
|
152
|
+
throw new Error(`Authority authorize failed (${res.status}): ${body}`);
|
|
153
|
+
}
|
|
154
|
+
return res.json();
|
|
155
|
+
}
|
|
156
|
+
async function authorityCompleteExec(authorityUrl, runnerKey, request) {
|
|
157
|
+
const res = await fetch(`${authorityUrl.replace(/\/$/, '')}/v1/exec/complete`, {
|
|
158
|
+
method: 'POST',
|
|
159
|
+
headers: {
|
|
160
|
+
'content-type': 'application/json',
|
|
161
|
+
'x-janee-runner-key': runnerKey,
|
|
162
|
+
},
|
|
163
|
+
body: JSON.stringify(request),
|
|
164
|
+
});
|
|
165
|
+
if (!res.ok) {
|
|
166
|
+
const body = await res.text();
|
|
167
|
+
throw new Error(`Authority completion failed (${res.status}): ${body}`);
|
|
168
|
+
}
|
|
169
|
+
}
|
|
170
|
+
//# sourceMappingURL=authority.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"authority.js","sourceRoot":"","sources":["../../src/core/authority.ts"],"names":[],"mappings":";;;;;AAmDA,gDAoDC;AAMD,kDAgFC;AAED,wDAqBC;AAED,sDAkBC;AAxOD,sDAA8B;AAC9B,mCAAqD;AACrD,uCAAiF;AAiDjF,SAAgB,kBAAkB,CAAC,MAAc,EAAE,KAAyB;IAC1E,MAAM,GAAG,GAAG,IAAA,iBAAO,GAAE,CAAC;IACtB,GAAG,CAAC,GAAG,CAAC,iBAAO,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,OAAO,EAAE,CAAC,CAAC,CAAC;IAE1C,GAAG,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,GAAG,EAAE,IAAI,EAAE,EAAE;QACzB,IAAI,GAAG,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;YAC9B,IAAI,EAAE,CAAC;YACP,OAAO;QACT,CAAC;QAED,MAAM,QAAQ,GAAG,GAAG,CAAC,MAAM,CAAC,oBAAoB,CAAC,CAAC;QAClD,IAAI,CAAC,QAAQ,IAAI,QAAQ,CAAC,MAAM,KAAK,MAAM,CAAC,MAAM;YAC9C,CAAC,IAAA,wBAAe,EAAC,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,EAAE,CAAC;YACjE,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,6BAA6B,EAAE,CAAC,CAAC;YAC/D,OAAO;QACT,CAAC;QACD,IAAI,EAAE,CAAC;IACT,CAAC,CAAC,CAAC;IAEH,GAAG,CAAC,GAAG,CAAC,YAAY,EAAE,CAAC,IAAI,EAAE,GAAG,EAAE,EAAE;QAClC,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE,WAAW,EAAE,CAAC,CAAC;IACxD,CAAC,CAAC,CAAC;IAEH,GAAG,CAAC,IAAI,CAAC,oBAAoB,EAAE,KAAK,EAAE,GAAG,EAAE,GAAG,EAAE,EAAE;QAChD,IAAI,CAAC;YACH,MAAM,IAAI,GAAG,GAAG,CAAC,IAA4B,CAAC;YAC9C,IAAI,CAAC,IAAI,EAAE,MAAM,EAAE,QAAQ,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,IAAI,EAAE,OAAO,CAAC,IAAI,IAAI,CAAC,OAAO,CAAC,MAAM,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,YAAY,EAAE,CAAC;gBAChH,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,2BAA2B,EAAE,CAAC,CAAC;gBAC7D,OAAO;YACT,CAAC;YACD,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,aAAa,CAAC,IAAI,CAAC,CAAC;YACjD,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QACjC,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,sBAAsB,EAAE,CAAC,CAAC;QACnG,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,GAAG,CAAC,IAAI,CAAC,mBAAmB,EAAE,KAAK,EAAE,GAAG,EAAE,GAAG,EAAE,EAAE;QAC/C,IAAI,CAAC;YACH,MAAM,IAAI,GAAG,GAAG,CAAC,IAA2B,CAAC;YAC7C,IAAI,CAAC,IAAI,EAAE,OAAO,EAAE,CAAC;gBACnB,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,qBAAqB,EAAE,CAAC,CAAC;gBACvD,OAAO;YACT,CAAC;YACD,MAAM,KAAK,CAAC,YAAY,CAAC,IAAI,CAAC,CAAC;YAC/B,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC;QACrC,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,mBAAmB,EAAE,CAAC,CAAC;QAChG,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,OAAO,GAAG,CAAC;AACb,CAAC;AAED;;;GAGG;AACH,SAAgB,mBAAmB,CACjC,MAAsO,EACtO,WAAqE;IAErE,MAAM,UAAU,GAAG,IAAI,GAAG,EAAuD,CAAC;IAElF,OAAO;QACL,aAAa,EAAE,KAAK,EAAE,GAAyB,EAAkC,EAAE;YACjF,MAAM,GAAG,GAAG,MAAM,CAAC,YAAY,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,GAAG,CAAC,YAAY,CAAC,CAAC;YACzE,IAAI,CAAC,GAAG;gBAAE,MAAM,IAAI,KAAK,CAAC,uBAAuB,GAAG,CAAC,YAAY,EAAE,CAAC,CAAC;YACrE,IAAI,GAAG,CAAC,IAAI,KAAK,MAAM;gBAAE,MAAM,IAAI,KAAK,CAAC,6BAA6B,CAAC,CAAC;YAExE,IAAI,GAAG,CAAC,aAAa,IAAI,GAAG,CAAC,aAAa,CAAC,MAAM,GAAG,CAAC,IAAI,GAAG,CAAC,OAAO,IAAI,CAAC,GAAG,CAAC,aAAa,CAAC,QAAQ,CAAC,GAAG,CAAC,OAAO,CAAC,EAAE,CAAC;gBACjH,MAAM,IAAI,KAAK,CAAC,SAAS,GAAG,CAAC,OAAO,kCAAkC,GAAG,CAAC,IAAI,EAAE,CAAC,CAAC;YACpF,CAAC;YAED,MAAM,QAAQ,GAAG,IAAA,yBAAe,EAAC,GAAG,CAAC,OAAO,EAAE,GAAG,CAAC,aAAa,IAAI,EAAE,CAAC,CAAC;YACvE,IAAI,CAAC,QAAQ,CAAC,OAAO,EAAE,CAAC;gBACtB,MAAM,IAAI,KAAK,CAAC,QAAQ,CAAC,MAAM,IAAI,0BAA0B,CAAC,CAAC;YACjE,CAAC;YAED,MAAM,OAAO,GAAG,MAAM,CAAC,QAAQ,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;YAC7C,IAAI,CAAC,OAAO;gBAAE,MAAM,IAAI,KAAK,CAAC,sBAAsB,GAAG,CAAC,OAAO,EAAE,CAAC,CAAC;YAEnE,IAAI,UAAU,GAAG,EAAE,CAAC;YACpB,IAAI,gBAA0F,CAAC;YAC/F,IAAI,OAAO,CAAC,IAAI,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;gBACnC,UAAU,GAAG,OAAO,CAAC,IAAI,CAAC,GAAG,IAAI,EAAE,CAAC;YACtC,CAAC;iBAAM,IAAI,OAAO,CAAC,IAAI,CAAC,IAAI,KAAK,WAAW,IAAI,OAAO,CAAC,IAAI,CAAC,IAAI,KAAK,YAAY,IAAI,OAAO,CAAC,IAAI,CAAC,IAAI,KAAK,UAAU,EAAE,CAAC;gBACvH,gBAAgB,GAAG;oBACjB,MAAM,EAAE,OAAO,CAAC,IAAI,CAAC,MAAM;oBAC3B,SAAS,EAAE,OAAO,CAAC,IAAI,CAAC,SAAS;oBACjC,UAAU,EAAE,OAAO,CAAC,IAAI,CAAC,UAAU;iBACpC,CAAC;YACJ,CAAC;YAED,MAAM,aAAa,GAAG,IAAA,sBAAY,EAAC,GAAG,CAAC,GAAG,IAAI,EAAE,EAAE,UAAU,EAAE,gBAAgB,CAAC,CAAC;YAChF,MAAM,WAAW,GAAG,CAAC,UAAU,EAAE,gBAAgB,EAAE,MAAM,EAAE,gBAAgB,EAAE,SAAS,EAAE,gBAAgB,EAAE,UAAU,CAAC;iBAClH,MAAM,CAAC,CAAC,CAAC,EAAe,EAAE,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC;YAE1C,MAAM,OAAO,GAAG,IAAA,mBAAU,GAAE,CAAC;YAC7B,UAAU,CAAC,GAAG,CAAC,OAAO,EAAE,EAAE,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE,EAAE,YAAY,EAAE,GAAG,CAAC,IAAI,EAAE,CAAC,CAAC;YAC3E,MAAM,kBAAkB,GAAG,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,SAAS,IAAI,GAAG,CAAC,OAAO,IAAI,KAAK,EAAE,GAAG,CAAC,OAAO,IAAI,KAAK,CAAC,CAAC;YAEjG,OAAO;gBACL,OAAO;gBACP,cAAc,EAAE,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,MAAM,CAAC,CAAC,WAAW,EAAE;gBAC3D,kBAAkB;gBAClB,aAAa;gBACb,WAAW;gBACX,WAAW,EAAE;oBACX,GAAG,EAAE,GAAG,CAAC,OAAO;oBAChB,UAAU,EAAE,IAAA,+BAAqB,EAAC,GAAG,CAAC;oBACtC,UAAU,EAAE,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC;oBAC1B,OAAO,EAAE,GAAG,CAAC,OAAO;iBACrB;aACF,CAAC;QACJ,CAAC;QACD,YAAY,EAAE,KAAK,EAAE,GAAG,EAAE,EAAE;YAC1B,MAAM,KAAK,GAAG,UAAU,CAAC,GAAG,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;YAC1C,UAAU,CAAC,MAAM,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;YAC/B,WAAW,CAAC,GAAG,CAAC;gBACd,OAAO,EAAE,KAAK,EAAE,YAAY,IAAI,SAAS;gBACzC,MAAM,EAAE,eAAe;gBACvB,IAAI,EAAE,GAAG,CAAC,OAAO;gBACjB,OAAO,EAAE,EAAE;gBACX,IAAI,EAAE,SAAS;aAChB,EAAE;gBACD,UAAU,EAAE,GAAG,CAAC,QAAQ,KAAK,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG;gBAC1C,OAAO,EAAE,EAAE;gBACX,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;oBACnB,UAAU,EAAE,GAAG,CAAC,UAAU;oBAC1B,WAAW,EAAE,GAAG,CAAC,WAAW;oBAC5B,WAAW,EAAE,GAAG,CAAC,WAAW;oBAC5B,kBAAkB,EAAE,GAAG,CAAC,kBAAkB;oBAC1C,kBAAkB,EAAE,GAAG,CAAC,kBAAkB;iBAC3C,CAAC;aACH,EAAE,GAAG,CAAC,UAAU,CAAC,CAAC;QACrB,CAAC;KACF,CAAC;AACJ,CAAC;AAEM,KAAK,UAAU,sBAAsB,CAC1C,YAAoB,EACpB,SAAiB,EACjB,OAA6B;IAE7B,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,GAAG,YAAY,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,oBAAoB,EAAE;QAC9E,MAAM,EAAE,MAAM;QACd,OAAO,EAAE;YACP,cAAc,EAAE,kBAAkB;YAClC,oBAAoB,EAAE,SAAS;YAC/B,oBAAoB,EAAE,OAAO,CAAC,SAAS,IAAI,IAAA,mBAAU,GAAE;SACxD;QACD,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC;KAC9B,CAAC,CAAC;IAEH,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC;QACZ,MAAM,IAAI,GAAG,MAAM,GAAG,CAAC,IAAI,EAAE,CAAC;QAC9B,MAAM,IAAI,KAAK,CAAC,+BAA+B,GAAG,CAAC,MAAM,MAAM,IAAI,EAAE,CAAC,CAAC;IACzE,CAAC;IAED,OAAO,GAAG,CAAC,IAAI,EAAoC,CAAC;AACtD,CAAC;AAEM,KAAK,UAAU,qBAAqB,CACzC,YAAoB,EACpB,SAAiB,EACjB,OAA4B;IAE5B,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,GAAG,YAAY,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,mBAAmB,EAAE;QAC7E,MAAM,EAAE,MAAM;QACd,OAAO,EAAE;YACP,cAAc,EAAE,kBAAkB;YAClC,oBAAoB,EAAE,SAAS;SAChC;QACD,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC;KAC9B,CAAC,CAAC;IAEH,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC;QACZ,MAAM,IAAI,GAAG,MAAM,GAAG,CAAC,IAAI,EAAE,CAAC;QAC9B,MAAM,IAAI,KAAK,CAAC,gCAAgC,GAAG,CAAC,MAAM,MAAM,IAAI,EAAE,CAAC,CAAC;IAC1E,CAAC;AACH,CAAC"}
|
package/dist/core/exec.d.ts
CHANGED
|
@@ -1,9 +1,8 @@
|
|
|
1
1
|
/**
|
|
2
|
-
*
|
|
2
|
+
* CLI Execution for Janee
|
|
3
3
|
*
|
|
4
|
-
*
|
|
5
|
-
*
|
|
6
|
-
* Janee's core security property is preserved: agent never sees the key.
|
|
4
|
+
* Runs commands with credentials injected as env vars, then scrubs
|
|
5
|
+
* those values from the output so the agent never sees raw secrets.
|
|
7
6
|
*/
|
|
8
7
|
export interface ExecCapability {
|
|
9
8
|
service: string;
|
|
@@ -26,6 +25,8 @@ export interface ExecResult {
|
|
|
26
25
|
stderr: string;
|
|
27
26
|
exitCode: number;
|
|
28
27
|
executionTimeMs: number;
|
|
28
|
+
scrubbedStdoutHits?: number;
|
|
29
|
+
scrubbedStderrHits?: number;
|
|
29
30
|
}
|
|
30
31
|
export interface ExecAuditEvent {
|
|
31
32
|
id: string;
|
|
@@ -42,35 +43,32 @@ export interface ExecAuditEvent {
|
|
|
42
43
|
denyReason?: string;
|
|
43
44
|
reason?: string;
|
|
44
45
|
}
|
|
45
|
-
/**
|
|
46
|
-
* Validate that a command is allowed by the capability's whitelist
|
|
47
|
-
*/
|
|
48
46
|
export declare function validateCommand(command: string[], allowCommands: string[]): {
|
|
49
47
|
allowed: boolean;
|
|
50
48
|
reason?: string;
|
|
51
49
|
};
|
|
52
|
-
/**
|
|
53
|
-
* Build environment variables for command execution.
|
|
54
|
-
* Replaces {{credential}} placeholders with the actual secret.
|
|
55
|
-
* Replaces {{apiKey}} and {{apiSecret}} for HMAC-style auth.
|
|
56
|
-
*/
|
|
57
50
|
export declare function buildExecEnv(envTemplate: Record<string, string>, credential: string, extraCredentials?: {
|
|
58
51
|
apiKey?: string;
|
|
59
52
|
apiSecret?: string;
|
|
60
53
|
passphrase?: string;
|
|
61
54
|
}): Record<string, string>;
|
|
62
|
-
/**
|
|
63
|
-
* Scrub credential values from output strings.
|
|
64
|
-
* Prevents accidental credential leakage in stdout/stderr.
|
|
65
|
-
*/
|
|
66
55
|
export declare function scrubCredentials(output: string, credential: string, extraCredentials?: {
|
|
67
56
|
apiKey?: string;
|
|
68
57
|
apiSecret?: string;
|
|
69
58
|
passphrase?: string;
|
|
70
59
|
}): string;
|
|
60
|
+
export declare function hashPolicyFingerprint(capability: {
|
|
61
|
+
name: string;
|
|
62
|
+
mode?: string;
|
|
63
|
+
allowCommands?: string[];
|
|
64
|
+
workDir?: string;
|
|
65
|
+
timeout?: number;
|
|
66
|
+
env?: Record<string, string>;
|
|
67
|
+
}): string;
|
|
71
68
|
/**
|
|
72
|
-
*
|
|
73
|
-
*
|
|
69
|
+
* Run a command with credentials injected as env vars.
|
|
70
|
+
* Inherits the caller's environment — the only additions are the
|
|
71
|
+
* credential env vars. Output is scrubbed before returning.
|
|
74
72
|
*/
|
|
75
73
|
export declare function executeCommand(command: string[], injectedEnv: Record<string, string>, options: {
|
|
76
74
|
workDir?: string;
|
package/dist/core/exec.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"exec.d.ts","sourceRoot":"","sources":["../../src/core/exec.ts"],"names":[],"mappings":"AAAA
|
|
1
|
+
{"version":3,"file":"exec.d.ts","sourceRoot":"","sources":["../../src/core/exec.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAMH,MAAM,WAAW,cAAc;IAC7B,OAAO,EAAE,MAAM,CAAC;IAChB,IAAI,EAAE,MAAM,CAAC;IACb,aAAa,EAAE,MAAM,EAAE,CAAC;IACxB,GAAG,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAC5B,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,GAAG,EAAE,MAAM,CAAC;IACZ,WAAW,CAAC,EAAE,OAAO,CAAC;IACtB,cAAc,CAAC,EAAE,OAAO,CAAC;IACzB,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB;AAED,MAAM,WAAW,WAAW;IAC1B,UAAU,EAAE,MAAM,CAAC;IACnB,OAAO,EAAE,MAAM,EAAE,CAAC;IAClB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED,MAAM,WAAW,UAAU;IACzB,MAAM,EAAE,MAAM,CAAC;IACf,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,EAAE,MAAM,CAAC;IACjB,eAAe,EAAE,MAAM,CAAC;IACxB,kBAAkB,CAAC,EAAE,MAAM,CAAC;IAC5B,kBAAkB,CAAC,EAAE,MAAM,CAAC;CAC7B;AAOD,MAAM,WAAW,cAAc;IAC7B,EAAE,EAAE,MAAM,CAAC;IACX,SAAS,EAAE,MAAM,CAAC;IAClB,IAAI,EAAE,eAAe,CAAC;IACtB,OAAO,EAAE,MAAM,CAAC;IAChB,UAAU,EAAE,MAAM,CAAC;IACnB,OAAO,EAAE,MAAM,EAAE,CAAC;IAClB,QAAQ,EAAE,MAAM,CAAC;IACjB,eAAe,EAAE,MAAM,CAAC;IACxB,MAAM,EAAE,MAAM,CAAC;IACf,MAAM,EAAE,MAAM,CAAC;IACf,MAAM,CAAC,EAAE,OAAO,CAAC;IACjB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAED,wBAAgB,eAAe,CAC7B,OAAO,EAAE,MAAM,EAAE,EACjB,aAAa,EAAE,MAAM,EAAE,GACtB;IAAE,OAAO,EAAE,OAAO,CAAC;IAAC,MAAM,CAAC,EAAE,MAAM,CAAA;CAAE,CAcvC;AAED,wBAAgB,YAAY,CAC1B,WAAW,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,EACnC,UAAU,EAAE,MAAM,EAClB,gBAAgB,CAAC,EAAE;IAAE,MAAM,CAAC,EAAE,MAAM,CAAC;IAAC,SAAS,CAAC,EAAE,MAAM,CAAC;IAAC,UAAU,CAAC,EAAE,MAAM,CAAA;CAAE,GAC9E,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAmBxB;AAED,wBAAgB,gBAAgB,CAC9B,MAAM,EAAE,MAAM,EACd,UAAU,EAAE,MAAM,EAClB,gBAAgB,CAAC,EAAE;IAAE,MAAM,CAAC,EAAE,MAAM,CAAC;IAAC,SAAS,CAAC,EAAE,MAAM,CAAC;IAAC,UAAU,CAAC,EAAE,MAAM,CAAA;CAAE,GAC9E,MAAM,CAiBR;AAED,wBAAgB,qBAAqB,CAAC,UAAU,EAAE;IAChD,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,aAAa,CAAC,EAAE,MAAM,EAAE,CAAC;IACzB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,GAAG,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;CAC9B,GAAG,MAAM,CAeT;AAED;;;;GAIG;AACH,wBAAsB,cAAc,CAClC,OAAO,EAAE,MAAM,EAAE,EACjB,WAAW,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,EACnC,OAAO,EAAE;IACP,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,UAAU,EAAE,MAAM,CAAC;IACnB,gBAAgB,CAAC,EAAE;QAAE,MAAM,CAAC,EAAE,MAAM,CAAC;QAAC,SAAS,CAAC,EAAE,MAAM,CAAC;QAAC,UAAU,CAAC,EAAE,MAAM,CAAA;KAAE,CAAC;CACjF,GACA,OAAO,CAAC,UAAU,CAAC,CA4DrB"}
|
package/dist/core/exec.js
CHANGED
|
@@ -1,10 +1,9 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
/**
|
|
3
|
-
*
|
|
3
|
+
* CLI Execution for Janee
|
|
4
4
|
*
|
|
5
|
-
*
|
|
6
|
-
*
|
|
7
|
-
* Janee's core security property is preserved: agent never sees the key.
|
|
5
|
+
* Runs commands with credentials injected as env vars, then scrubs
|
|
6
|
+
* those values from the output so the agent never sees raw secrets.
|
|
8
7
|
*/
|
|
9
8
|
var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
10
9
|
return (mod && mod.__esModule) ? mod : { "default": mod };
|
|
@@ -13,12 +12,15 @@ Object.defineProperty(exports, "__esModule", { value: true });
|
|
|
13
12
|
exports.validateCommand = validateCommand;
|
|
14
13
|
exports.buildExecEnv = buildExecEnv;
|
|
15
14
|
exports.scrubCredentials = scrubCredentials;
|
|
15
|
+
exports.hashPolicyFingerprint = hashPolicyFingerprint;
|
|
16
16
|
exports.executeCommand = executeCommand;
|
|
17
17
|
const child_process_1 = require("child_process");
|
|
18
18
|
const path_1 = __importDefault(require("path"));
|
|
19
|
-
|
|
20
|
-
|
|
21
|
-
|
|
19
|
+
function countOccurrences(output, needle) {
|
|
20
|
+
if (!needle || needle.length < 8)
|
|
21
|
+
return 0;
|
|
22
|
+
return output.split(needle).length - 1;
|
|
23
|
+
}
|
|
22
24
|
function validateCommand(command, allowCommands) {
|
|
23
25
|
if (!command || command.length === 0) {
|
|
24
26
|
return { allowed: false, reason: 'Empty command' };
|
|
@@ -30,23 +32,8 @@ function validateCommand(command, allowCommands) {
|
|
|
30
32
|
reason: `Command '${executable}' not allowed by capability. Allowed: ${allowCommands.join(', ')}`
|
|
31
33
|
};
|
|
32
34
|
}
|
|
33
|
-
// Check for shell injection patterns in arguments
|
|
34
|
-
const shellMetachars = /[;&|`$(){}\\<>]/;
|
|
35
|
-
for (let i = 1; i < command.length; i++) {
|
|
36
|
-
if (shellMetachars.test(command[i])) {
|
|
37
|
-
return {
|
|
38
|
-
allowed: false,
|
|
39
|
-
reason: `Argument ${i} contains shell metacharacters. Use structured arguments instead of shell syntax.`
|
|
40
|
-
};
|
|
41
|
-
}
|
|
42
|
-
}
|
|
43
35
|
return { allowed: true };
|
|
44
36
|
}
|
|
45
|
-
/**
|
|
46
|
-
* Build environment variables for command execution.
|
|
47
|
-
* Replaces {{credential}} placeholders with the actual secret.
|
|
48
|
-
* Replaces {{apiKey}} and {{apiSecret}} for HMAC-style auth.
|
|
49
|
-
*/
|
|
50
37
|
function buildExecEnv(envTemplate, credential, extraCredentials) {
|
|
51
38
|
const env = {};
|
|
52
39
|
for (const [key, value] of Object.entries(envTemplate)) {
|
|
@@ -65,13 +52,8 @@ function buildExecEnv(envTemplate, credential, extraCredentials) {
|
|
|
65
52
|
}
|
|
66
53
|
return env;
|
|
67
54
|
}
|
|
68
|
-
/**
|
|
69
|
-
* Scrub credential values from output strings.
|
|
70
|
-
* Prevents accidental credential leakage in stdout/stderr.
|
|
71
|
-
*/
|
|
72
55
|
function scrubCredentials(output, credential, extraCredentials) {
|
|
73
56
|
let scrubbed = output;
|
|
74
|
-
// Only scrub if credential is long enough to be meaningful
|
|
75
57
|
if (credential && credential.length >= 8) {
|
|
76
58
|
scrubbed = scrubbed.replaceAll(credential, '[REDACTED]');
|
|
77
59
|
}
|
|
@@ -86,62 +68,73 @@ function scrubCredentials(output, credential, extraCredentials) {
|
|
|
86
68
|
}
|
|
87
69
|
return scrubbed;
|
|
88
70
|
}
|
|
71
|
+
function hashPolicyFingerprint(capability) {
|
|
72
|
+
const serialized = JSON.stringify({
|
|
73
|
+
name: capability.name,
|
|
74
|
+
mode: capability.mode,
|
|
75
|
+
allowCommands: capability.allowCommands || [],
|
|
76
|
+
workDir: capability.workDir || '',
|
|
77
|
+
timeout: capability.timeout || 30000,
|
|
78
|
+
envKeys: Object.keys(capability.env || {}).sort(),
|
|
79
|
+
});
|
|
80
|
+
let hash = 0;
|
|
81
|
+
for (let i = 0; i < serialized.length; i++) {
|
|
82
|
+
hash = (hash * 31 + serialized.charCodeAt(i)) >>> 0;
|
|
83
|
+
}
|
|
84
|
+
return `policy-${hash.toString(16)}`;
|
|
85
|
+
}
|
|
89
86
|
/**
|
|
90
|
-
*
|
|
91
|
-
*
|
|
87
|
+
* Run a command with credentials injected as env vars.
|
|
88
|
+
* Inherits the caller's environment — the only additions are the
|
|
89
|
+
* credential env vars. Output is scrubbed before returning.
|
|
92
90
|
*/
|
|
93
91
|
async function executeCommand(command, injectedEnv, options) {
|
|
94
92
|
const timeout = options.timeout || 30000;
|
|
95
93
|
const startTime = Date.now();
|
|
96
|
-
return new Promise((resolve
|
|
94
|
+
return new Promise((resolve) => {
|
|
97
95
|
const proc = (0, child_process_1.spawn)(command[0], command.slice(1), {
|
|
98
|
-
env: {
|
|
99
|
-
|
|
100
|
-
...injectedEnv, // Override with injected credentials
|
|
101
|
-
// Safety: prevent credential exfil via common env vars
|
|
102
|
-
HISTFILE: '/dev/null',
|
|
103
|
-
LESSHISTFILE: '/dev/null',
|
|
104
|
-
},
|
|
105
|
-
cwd: options.workDir || '/tmp/janee-exec',
|
|
96
|
+
env: { ...process.env, ...injectedEnv },
|
|
97
|
+
cwd: options.workDir || process.cwd(),
|
|
106
98
|
stdio: ['pipe', 'pipe', 'pipe'],
|
|
107
|
-
timeout,
|
|
108
|
-
// Don't use shell — prevents injection
|
|
109
|
-
shell: false,
|
|
110
99
|
});
|
|
111
100
|
let stdout = '';
|
|
112
101
|
let stderr = '';
|
|
113
|
-
proc.stdout.on('data', (data) => {
|
|
114
|
-
|
|
115
|
-
});
|
|
116
|
-
proc.stderr.on('data', (data) => {
|
|
117
|
-
stderr += data.toString();
|
|
118
|
-
});
|
|
102
|
+
proc.stdout.on('data', (data) => { stdout += data.toString(); });
|
|
103
|
+
proc.stderr.on('data', (data) => { stderr += data.toString(); });
|
|
119
104
|
if (options.stdin) {
|
|
120
105
|
proc.stdin.write(options.stdin);
|
|
121
|
-
proc.stdin.end();
|
|
122
|
-
}
|
|
123
|
-
else {
|
|
124
|
-
proc.stdin.end();
|
|
125
106
|
}
|
|
107
|
+
proc.stdin.end();
|
|
108
|
+
const timeoutId = setTimeout(() => {
|
|
109
|
+
proc.kill('SIGKILL');
|
|
110
|
+
}, timeout);
|
|
126
111
|
proc.on('close', (code) => {
|
|
112
|
+
clearTimeout(timeoutId);
|
|
127
113
|
const executionTimeMs = Date.now() - startTime;
|
|
128
|
-
|
|
129
|
-
|
|
130
|
-
|
|
114
|
+
const secrets = [
|
|
115
|
+
options.credential,
|
|
116
|
+
options.extraCredentials?.apiKey,
|
|
117
|
+
options.extraCredentials?.apiSecret,
|
|
118
|
+
options.extraCredentials?.passphrase,
|
|
119
|
+
].filter((v) => Boolean(v));
|
|
120
|
+
const scrubbedStdoutHits = secrets.reduce((sum, s) => sum + countOccurrences(stdout, s), 0);
|
|
121
|
+
const scrubbedStderrHits = secrets.reduce((sum, s) => sum + countOccurrences(stderr, s), 0);
|
|
131
122
|
resolve({
|
|
132
|
-
stdout:
|
|
133
|
-
stderr:
|
|
123
|
+
stdout: scrubCredentials(stdout, options.credential, options.extraCredentials),
|
|
124
|
+
stderr: scrubCredentials(stderr, options.credential, options.extraCredentials),
|
|
134
125
|
exitCode: code ?? 1,
|
|
135
126
|
executionTimeMs,
|
|
127
|
+
scrubbedStdoutHits,
|
|
128
|
+
scrubbedStderrHits,
|
|
136
129
|
});
|
|
137
130
|
});
|
|
138
131
|
proc.on('error', (error) => {
|
|
139
|
-
|
|
132
|
+
clearTimeout(timeoutId);
|
|
140
133
|
resolve({
|
|
141
134
|
stdout: '',
|
|
142
135
|
stderr: `Failed to execute command: ${error.message}`,
|
|
143
136
|
exitCode: 127,
|
|
144
|
-
executionTimeMs,
|
|
137
|
+
executionTimeMs: Date.now() - startTime,
|
|
145
138
|
});
|
|
146
139
|
});
|
|
147
140
|
});
|
package/dist/core/exec.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"exec.js","sourceRoot":"","sources":["../../src/core/exec.ts"],"names":[],"mappings":";AAAA
|
|
1
|
+
{"version":3,"file":"exec.js","sourceRoot":"","sources":["../../src/core/exec.ts"],"names":[],"mappings":";AAAA;;;;;GAKG;;;;;AAsDH,0CAiBC;AAED,oCAuBC;AAED,4CAqBC;AAED,sDAsBC;AAOD,wCAsEC;AA1ND,iDAAsC;AACtC,gDAAwB;AA8BxB,SAAS,gBAAgB,CAAC,MAAc,EAAE,MAAc;IACtD,IAAI,CAAC,MAAM,IAAI,MAAM,CAAC,MAAM,GAAG,CAAC;QAAE,OAAO,CAAC,CAAC;IAC3C,OAAO,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC;AACzC,CAAC;AAkBD,SAAgB,eAAe,CAC7B,OAAiB,EACjB,aAAuB;IAEvB,IAAI,CAAC,OAAO,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACrC,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,eAAe,EAAE,CAAC;IACrD,CAAC;IAED,MAAM,UAAU,GAAG,cAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC;IAC7C,IAAI,CAAC,aAAa,CAAC,QAAQ,CAAC,UAAU,CAAC,EAAE,CAAC;QACxC,OAAO;YACL,OAAO,EAAE,KAAK;YACd,MAAM,EAAE,YAAY,UAAU,yCAAyC,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE;SAClG,CAAC;IACJ,CAAC;IAED,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;AAC3B,CAAC;AAED,SAAgB,YAAY,CAC1B,WAAmC,EACnC,UAAkB,EAClB,gBAA+E;IAE/E,MAAM,GAAG,GAA2B,EAAE,CAAC;IAEvC,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,WAAW,CAAC,EAAE,CAAC;QACvD,IAAI,QAAQ,GAAG,KAAK,CAAC;QACrB,QAAQ,GAAG,QAAQ,CAAC,OAAO,CAAC,iBAAiB,EAAE,UAAU,CAAC,CAAC;QAC3D,IAAI,gBAAgB,EAAE,MAAM,EAAE,CAAC;YAC7B,QAAQ,GAAG,QAAQ,CAAC,OAAO,CAAC,aAAa,EAAE,gBAAgB,CAAC,MAAM,CAAC,CAAC;QACtE,CAAC;QACD,IAAI,gBAAgB,EAAE,SAAS,EAAE,CAAC;YAChC,QAAQ,GAAG,QAAQ,CAAC,OAAO,CAAC,gBAAgB,EAAE,gBAAgB,CAAC,SAAS,CAAC,CAAC;QAC5E,CAAC;QACD,IAAI,gBAAgB,EAAE,UAAU,EAAE,CAAC;YACjC,QAAQ,GAAG,QAAQ,CAAC,OAAO,CAAC,iBAAiB,EAAE,gBAAgB,CAAC,UAAU,CAAC,CAAC;QAC9E,CAAC;QACD,GAAG,CAAC,GAAG,CAAC,GAAG,QAAQ,CAAC;IACtB,CAAC;IAED,OAAO,GAAG,CAAC;AACb,CAAC;AAED,SAAgB,gBAAgB,CAC9B,MAAc,EACd,UAAkB,EAClB,gBAA+E;IAE/E,IAAI,QAAQ,GAAG,MAAM,CAAC;IAEtB,IAAI,UAAU,IAAI,UAAU,CAAC,MAAM,IAAI,CAAC,EAAE,CAAC;QACzC,QAAQ,GAAG,QAAQ,CAAC,UAAU,CAAC,UAAU,EAAE,YAAY,CAAC,CAAC;IAC3D,CAAC;IACD,IAAI,gBAAgB,EAAE,MAAM,IAAI,gBAAgB,CAAC,MAAM,CAAC,MAAM,IAAI,CAAC,EAAE,CAAC;QACpE,QAAQ,GAAG,QAAQ,CAAC,UAAU,CAAC,gBAAgB,CAAC,MAAM,EAAE,YAAY,CAAC,CAAC;IACxE,CAAC;IACD,IAAI,gBAAgB,EAAE,SAAS,IAAI,gBAAgB,CAAC,SAAS,CAAC,MAAM,IAAI,CAAC,EAAE,CAAC;QAC1E,QAAQ,GAAG,QAAQ,CAAC,UAAU,CAAC,gBAAgB,CAAC,SAAS,EAAE,YAAY,CAAC,CAAC;IAC3E,CAAC;IACD,IAAI,gBAAgB,EAAE,UAAU,IAAI,gBAAgB,CAAC,UAAU,CAAC,MAAM,IAAI,CAAC,EAAE,CAAC;QAC5E,QAAQ,GAAG,QAAQ,CAAC,UAAU,CAAC,gBAAgB,CAAC,UAAU,EAAE,YAAY,CAAC,CAAC;IAC5E,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,SAAgB,qBAAqB,CAAC,UAOrC;IACC,MAAM,UAAU,GAAG,IAAI,CAAC,SAAS,CAAC;QAChC,IAAI,EAAE,UAAU,CAAC,IAAI;QACrB,IAAI,EAAE,UAAU,CAAC,IAAI;QACrB,aAAa,EAAE,UAAU,CAAC,aAAa,IAAI,EAAE;QAC7C,OAAO,EAAE,UAAU,CAAC,OAAO,IAAI,EAAE;QACjC,OAAO,EAAE,UAAU,CAAC,OAAO,IAAI,KAAK;QACpC,OAAO,EAAE,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,GAAG,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE;KAClD,CAAC,CAAC;IAEH,IAAI,IAAI,GAAG,CAAC,CAAC;IACb,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,UAAU,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QAC3C,IAAI,GAAG,CAAC,IAAI,GAAG,EAAE,GAAG,UAAU,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC;IACtD,CAAC;IACD,OAAO,UAAU,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC,EAAE,CAAC;AACvC,CAAC;AAED;;;;GAIG;AACI,KAAK,UAAU,cAAc,CAClC,OAAiB,EACjB,WAAmC,EACnC,OAMC;IAED,MAAM,OAAO,GAAG,OAAO,CAAC,OAAO,IAAI,KAAK,CAAC;IACzC,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IAE7B,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE;QAC7B,MAAM,IAAI,GAAG,IAAA,qBAAK,EAAC,OAAO,CAAC,CAAC,CAAC,EAAE,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE;YAC/C,GAAG,EAAE,EAAE,GAAG,OAAO,CAAC,GAAG,EAAE,GAAG,WAAW,EAAE;YACvC,GAAG,EAAE,OAAO,CAAC,OAAO,IAAI,OAAO,CAAC,GAAG,EAAE;YACrC,KAAK,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC;SAChC,CAAC,CAAC;QAEH,IAAI,MAAM,GAAG,EAAE,CAAC;QAChB,IAAI,MAAM,GAAG,EAAE,CAAC;QAEhB,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,EAAE,GAAG,MAAM,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC;QACjE,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,EAAE,GAAG,MAAM,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC;QAEjE,IAAI,OAAO,CAAC,KAAK,EAAE,CAAC;YAClB,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;QAClC,CAAC;QACD,IAAI,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC;QAEjB,MAAM,SAAS,GAAG,UAAU,CAAC,GAAG,EAAE;YAChC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;QACvB,CAAC,EAAE,OAAO,CAAC,CAAC;QAEZ,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,IAAI,EAAE,EAAE;YACxB,YAAY,CAAC,SAAS,CAAC,CAAC;YACxB,MAAM,eAAe,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS,CAAC;YAE/C,MAAM,OAAO,GAAG;gBACd,OAAO,CAAC,UAAU;gBAClB,OAAO,CAAC,gBAAgB,EAAE,MAAM;gBAChC,OAAO,CAAC,gBAAgB,EAAE,SAAS;gBACnC,OAAO,CAAC,gBAAgB,EAAE,UAAU;aACrC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAe,EAAE,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC;YAEzC,MAAM,kBAAkB,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,CAAC,EAAE,EAAE,CAAC,GAAG,GAAG,gBAAgB,CAAC,MAAM,EAAE,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;YAC5F,MAAM,kBAAkB,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,CAAC,EAAE,EAAE,CAAC,GAAG,GAAG,gBAAgB,CAAC,MAAM,EAAE,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;YAE5F,OAAO,CAAC;gBACN,MAAM,EAAE,gBAAgB,CAAC,MAAM,EAAE,OAAO,CAAC,UAAU,EAAE,OAAO,CAAC,gBAAgB,CAAC;gBAC9E,MAAM,EAAE,gBAAgB,CAAC,MAAM,EAAE,OAAO,CAAC,UAAU,EAAE,OAAO,CAAC,gBAAgB,CAAC;gBAC9E,QAAQ,EAAE,IAAI,IAAI,CAAC;gBACnB,eAAe;gBACf,kBAAkB;gBAClB,kBAAkB;aACnB,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;QAEH,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,KAAK,EAAE,EAAE;YACzB,YAAY,CAAC,SAAS,CAAC,CAAC;YACxB,OAAO,CAAC;gBACN,MAAM,EAAE,EAAE;gBACV,MAAM,EAAE,8BAA8B,KAAK,CAAC,OAAO,EAAE;gBACrD,QAAQ,EAAE,GAAG;gBACb,eAAe,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS;aACxC,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;AACL,CAAC"}
|
|
@@ -70,6 +70,15 @@ export interface MCPServerOptions {
|
|
|
70
70
|
onReloadConfig?: () => ReloadResult;
|
|
71
71
|
/** Persist ownership changes to config storage (called after grant/revoke) */
|
|
72
72
|
onPersistOwnership?: (serviceName: string, ownership: CredentialOwnership) => void;
|
|
73
|
+
/**
|
|
74
|
+
* Runner proxy: when set, tool calls (except janee_exec) are forwarded
|
|
75
|
+
* to the Authority via this callback instead of handled locally.
|
|
76
|
+
* janee_exec is always handled locally by onExecCommand.
|
|
77
|
+
*/
|
|
78
|
+
onForwardToolCall?: (toolName: string, args: Record<string, unknown>) => Promise<unknown>;
|
|
79
|
+
/** When true, janee_exec is hidden from the tool list. Used in authority/HTTP mode
|
|
80
|
+
* where exec would run in the wrong context. */
|
|
81
|
+
hideExecTool?: boolean;
|
|
73
82
|
}
|
|
74
83
|
export interface MCPServerResult {
|
|
75
84
|
server: Server;
|
|
@@ -107,5 +116,7 @@ export declare function startMCPServer(serverOptions: MCPServerOptions): Promise
|
|
|
107
116
|
export declare function startMCPServerHTTP(serverOptions: MCPServerOptions, httpOptions: {
|
|
108
117
|
host: string;
|
|
109
118
|
port: number;
|
|
119
|
+
runnerKey?: string;
|
|
120
|
+
authorityHooks?: import('./authority.js').AuthorityExecHooks;
|
|
110
121
|
}): Promise<void>;
|
|
111
122
|
//# sourceMappingURL=mcp-server.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"mcp-server.d.ts","sourceRoot":"","sources":["../../src/core/mcp-server.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,EAAE,MAAM,EAAE,MAAM,2CAA2C,CAAC;AASnE,OAAO,EAAE,cAAc,EAAE,MAAM,eAAe,CAAC;AAC/C,OAAO,EAAc,KAAK,EAAE,MAAM,YAAY,CAAC;AAC/C,OAAO,EAAE,WAAW,EAAE,MAAM,YAAY,CAAC;AAGzC,OAAO,EAAE,GAAG,EAAE,MAAM,KAAK,CAAC;AAE1B,OAAO,EAAmE,UAAU,EAAE,MAAM,WAAW,CAAC;AAExG,OAAO,EAAwC,mBAAmB,EAAE,MAAM,kBAAkB,CAAC;AAkC7F,MAAM,WAAW,UAAU;IACzB,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;IAChB,GAAG,EAAE,MAAM,CAAC;IACZ,WAAW,CAAC,EAAE,OAAO,CAAC;IACtB,cAAc,CAAC,EAAE,OAAO,CAAC;IACzB,KAAK,CAAC,EAAE,KAAK,CAAC;IACd,aAAa,CAAC,EAAE,MAAM,EAAE,CAAC;IAEzB,IAAI,CAAC,EAAE,OAAO,GAAG,MAAM,CAAC;IACxB,aAAa,CAAC,EAAE,MAAM,EAAE,CAAC;IACzB,GAAG,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAC7B,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB;AAED,MAAM,WAAW,aAAa;IAC5B,OAAO,EAAE,MAAM,CAAC;IAChB,IAAI,EAAE;QACJ,IAAI,EAAE,QAAQ,GAAG,WAAW,GAAG,YAAY,GAAG,UAAU,GAAG,SAAS,GAAG,iBAAiB,GAAG,YAAY,CAAC;QACxG,GAAG,CAAC,EAAE,MAAM,CAAC;QACb,MAAM,CAAC,EAAE,MAAM,CAAC;QAChB,SAAS,CAAC,EAAE,MAAM,CAAC;QACnB,UAAU,CAAC,EAAE,MAAM,CAAC;QACpB,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QACjC,WAAW,CAAC,EAAE,MAAM,CAAC;QACrB,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC;QAClB,KAAK,CAAC,EAAE,MAAM,CAAC;QACf,UAAU,CAAC,EAAE,MAAM,CAAC;QACpB,cAAc,CAAC,EAAE,MAAM,CAAC;KACzB,CAAC;IACF,oEAAoE;IACpE,SAAS,CAAC,EAAE,mBAAmB,CAAC;CACjC;AAED,MAAM,WAAW,UAAU;IACzB,OAAO,EAAE,MAAM,CAAC;IAChB,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,EAAE,MAAM,CAAC;IACf,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAChC,IAAI,CAAC,EAAE,MAAM,CAAC;CACf;AAED,MAAM,WAAW,WAAW;IAC1B,UAAU,EAAE,MAAM,CAAC;IACnB,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC,CAAC;IAC3C,IAAI,EAAE,MAAM,CAAC;CACd;AAED,MAAM,WAAW,YAAY;IAC3B,YAAY,EAAE,UAAU,EAAE,CAAC;IAC3B,QAAQ,EAAE,GAAG,CAAC,MAAM,EAAE,aAAa,CAAC,CAAC;CACtC;AAED,MAAM,WAAW,gBAAgB;IAC/B,YAAY,EAAE,UAAU,EAAE,CAAC;IAC3B,QAAQ,EAAE,GAAG,CAAC,MAAM,EAAE,aAAa,CAAC,CAAC;IACrC,gFAAgF;IAChF,cAAc,EAAE,cAAc,CAAC;IAC/B,WAAW,EAAE,WAAW,CAAC;IACzB,gIAAgI;IAChI,aAAa,CAAC,EAAE,MAAM,GAAG,YAAY,CAAC;IACtC,SAAS,EAAE,CAAC,OAAO,EAAE,GAAG,EAAE,OAAO,EAAE,UAAU,KAAK,OAAO,CAAC,WAAW,CAAC,CAAC;IACvE,aAAa,CAAC,EAAE,CAAC,OAAO,EAAE,GAAG,EAAE,UAAU,EAAE,UAAU,EAAE,OAAO,EAAE,MAAM,EAAE,EAAE,KAAK,CAAC,EAAE,MAAM,KAAK,OAAO,CAAC,UAAU,CAAC,CAAC;IACjH,cAAc,CAAC,EAAE,MAAM,YAAY,CAAC;IACpC,8EAA8E;IAC9E,kBAAkB,CAAC,EAAE,CAAC,WAAW,EAAE,MAAM,EAAE,SAAS,EAAE,mBAAmB,KAAK,IAAI,CAAC;
|
|
1
|
+
{"version":3,"file":"mcp-server.d.ts","sourceRoot":"","sources":["../../src/core/mcp-server.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,EAAE,MAAM,EAAE,MAAM,2CAA2C,CAAC;AASnE,OAAO,EAAE,cAAc,EAAE,MAAM,eAAe,CAAC;AAC/C,OAAO,EAAc,KAAK,EAAE,MAAM,YAAY,CAAC;AAC/C,OAAO,EAAE,WAAW,EAAE,MAAM,YAAY,CAAC;AAGzC,OAAO,EAAE,GAAG,EAAE,MAAM,KAAK,CAAC;AAE1B,OAAO,EAAmE,UAAU,EAAE,MAAM,WAAW,CAAC;AAExG,OAAO,EAAwC,mBAAmB,EAAE,MAAM,kBAAkB,CAAC;AAkC7F,MAAM,WAAW,UAAU;IACzB,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;IAChB,GAAG,EAAE,MAAM,CAAC;IACZ,WAAW,CAAC,EAAE,OAAO,CAAC;IACtB,cAAc,CAAC,EAAE,OAAO,CAAC;IACzB,KAAK,CAAC,EAAE,KAAK,CAAC;IACd,aAAa,CAAC,EAAE,MAAM,EAAE,CAAC;IAEzB,IAAI,CAAC,EAAE,OAAO,GAAG,MAAM,CAAC;IACxB,aAAa,CAAC,EAAE,MAAM,EAAE,CAAC;IACzB,GAAG,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAC7B,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB;AAED,MAAM,WAAW,aAAa;IAC5B,OAAO,EAAE,MAAM,CAAC;IAChB,IAAI,EAAE;QACJ,IAAI,EAAE,QAAQ,GAAG,WAAW,GAAG,YAAY,GAAG,UAAU,GAAG,SAAS,GAAG,iBAAiB,GAAG,YAAY,CAAC;QACxG,GAAG,CAAC,EAAE,MAAM,CAAC;QACb,MAAM,CAAC,EAAE,MAAM,CAAC;QAChB,SAAS,CAAC,EAAE,MAAM,CAAC;QACnB,UAAU,CAAC,EAAE,MAAM,CAAC;QACpB,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QACjC,WAAW,CAAC,EAAE,MAAM,CAAC;QACrB,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC;QAClB,KAAK,CAAC,EAAE,MAAM,CAAC;QACf,UAAU,CAAC,EAAE,MAAM,CAAC;QACpB,cAAc,CAAC,EAAE,MAAM,CAAC;KACzB,CAAC;IACF,oEAAoE;IACpE,SAAS,CAAC,EAAE,mBAAmB,CAAC;CACjC;AAED,MAAM,WAAW,UAAU;IACzB,OAAO,EAAE,MAAM,CAAC;IAChB,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,EAAE,MAAM,CAAC;IACf,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAChC,IAAI,CAAC,EAAE,MAAM,CAAC;CACf;AAED,MAAM,WAAW,WAAW;IAC1B,UAAU,EAAE,MAAM,CAAC;IACnB,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC,CAAC;IAC3C,IAAI,EAAE,MAAM,CAAC;CACd;AAED,MAAM,WAAW,YAAY;IAC3B,YAAY,EAAE,UAAU,EAAE,CAAC;IAC3B,QAAQ,EAAE,GAAG,CAAC,MAAM,EAAE,aAAa,CAAC,CAAC;CACtC;AAED,MAAM,WAAW,gBAAgB;IAC/B,YAAY,EAAE,UAAU,EAAE,CAAC;IAC3B,QAAQ,EAAE,GAAG,CAAC,MAAM,EAAE,aAAa,CAAC,CAAC;IACrC,gFAAgF;IAChF,cAAc,EAAE,cAAc,CAAC;IAC/B,WAAW,EAAE,WAAW,CAAC;IACzB,gIAAgI;IAChI,aAAa,CAAC,EAAE,MAAM,GAAG,YAAY,CAAC;IACtC,SAAS,EAAE,CAAC,OAAO,EAAE,GAAG,EAAE,OAAO,EAAE,UAAU,KAAK,OAAO,CAAC,WAAW,CAAC,CAAC;IACvE,aAAa,CAAC,EAAE,CAAC,OAAO,EAAE,GAAG,EAAE,UAAU,EAAE,UAAU,EAAE,OAAO,EAAE,MAAM,EAAE,EAAE,KAAK,CAAC,EAAE,MAAM,KAAK,OAAO,CAAC,UAAU,CAAC,CAAC;IACjH,cAAc,CAAC,EAAE,MAAM,YAAY,CAAC;IACpC,8EAA8E;IAC9E,kBAAkB,CAAC,EAAE,CAAC,WAAW,EAAE,MAAM,EAAE,SAAS,EAAE,mBAAmB,KAAK,IAAI,CAAC;IACnF;;;;OAIG;IACH,iBAAiB,CAAC,EAAE,CAAC,QAAQ,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,KAAK,OAAO,CAAC,OAAO,CAAC,CAAC;IAC1F;oDACgD;IAChD,YAAY,CAAC,EAAE,OAAO,CAAC;CACxB;AAsBD,MAAM,WAAW,eAAe;IAC9B,MAAM,EAAE,MAAM,CAAC;IACf,6EAA6E;IAC7E,cAAc,EAAE,GAAG,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;CACrC;AAED;;GAEG;AACH,wBAAgB,eAAe,CAAC,OAAO,EAAE,gBAAgB,GAAG,eAAe,CAuiB1E;AAED;;GAEG;AACH,wBAAgB,cAAc,CAC5B,SAAS,EAAE,GAAG,EACd,OAAO,EAAE,UAAU,GAClB,OAAO,CAAC,WAAW,CAAC,CAyCtB;AAED;;;;GAIG;AACH,wBAAgB,iBAAiB,CAC/B,SAAS,EAAE;IAAE,SAAS,CAAC,EAAE,CAAC,GAAG,IAAI,EAAE,GAAG,EAAE,KAAK,GAAG,CAAA;CAAE,EAClD,cAAc,EAAE,GAAG,CAAC,MAAM,EAAE,MAAM,CAAC,GAClC,IAAI,CASN;AAED;;GAEG;AACH,wBAAsB,cAAc,CAAC,aAAa,EAAE,gBAAgB,GAAG,OAAO,CAAC,IAAI,CAAC,CAOnF;AAED;;;;;;;GAOG;AACH,wBAAsB,kBAAkB,CACtC,aAAa,EAAE,gBAAgB,EAC/B,WAAW,EAAE;IAAE,IAAI,EAAE,MAAM,CAAC;IAAC,IAAI,EAAE,MAAM,CAAC;IAAC,SAAS,CAAC,EAAE,MAAM,CAAC;IAAC,cAAc,CAAC,EAAE,OAAO,gBAAgB,EAAE,kBAAkB,CAAA;CAAE,GAC5H,OAAO,CAAC,IAAI,CAAC,CA0Hf"}
|