@true-and-useful/janee 0.14.0 → 0.16.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +82 -0
- package/dist/cli/cli-utils.d.ts +7 -0
- package/dist/cli/cli-utils.d.ts.map +1 -0
- package/dist/cli/cli-utils.js +55 -0
- package/dist/cli/cli-utils.js.map +1 -0
- package/dist/cli/commands/add.d.ts +4 -0
- package/dist/cli/commands/add.d.ts.map +1 -1
- package/dist/cli/commands/add.js +65 -147
- package/dist/cli/commands/add.js.map +1 -1
- package/dist/cli/commands/capability.d.ts +2 -3
- package/dist/cli/commands/capability.d.ts.map +1 -1
- package/dist/cli/commands/capability.js +30 -155
- package/dist/cli/commands/capability.js.map +1 -1
- package/dist/cli/commands/config.d.ts.map +1 -1
- package/dist/cli/commands/config.js +10 -34
- package/dist/cli/commands/config.js.map +1 -1
- package/dist/cli/commands/diagnose.d.ts.map +1 -1
- package/dist/cli/commands/diagnose.js +9 -21
- package/dist/cli/commands/diagnose.js.map +1 -1
- package/dist/cli/commands/list.d.ts.map +1 -1
- package/dist/cli/commands/list.js +3 -26
- package/dist/cli/commands/list.js.map +1 -1
- package/dist/cli/commands/logs.d.ts.map +1 -1
- package/dist/cli/commands/logs.js +2 -17
- package/dist/cli/commands/logs.js.map +1 -1
- package/dist/cli/commands/overview.d.ts +4 -0
- package/dist/cli/commands/overview.d.ts.map +1 -0
- package/dist/cli/commands/overview.js +115 -0
- package/dist/cli/commands/overview.js.map +1 -0
- package/dist/cli/commands/remove.d.ts.map +1 -1
- package/dist/cli/commands/remove.js +4 -35
- package/dist/cli/commands/remove.js.map +1 -1
- package/dist/cli/commands/revoke.d.ts.map +1 -1
- package/dist/cli/commands/revoke.js +3 -8
- package/dist/cli/commands/revoke.js.map +1 -1
- package/dist/cli/commands/serve-mcp.d.ts.map +1 -1
- package/dist/cli/commands/serve-mcp.js +24 -34
- package/dist/cli/commands/serve-mcp.js.map +1 -1
- package/dist/cli/commands/service-edit.d.ts +2 -0
- package/dist/cli/commands/service-edit.d.ts.map +1 -1
- package/dist/cli/commands/service-edit.js +36 -48
- package/dist/cli/commands/service-edit.js.map +1 -1
- package/dist/cli/commands/sessions.d.ts.map +1 -1
- package/dist/cli/commands/sessions.js +3 -18
- package/dist/cli/commands/sessions.js.map +1 -1
- package/dist/cli/commands/status.d.ts.map +1 -1
- package/dist/cli/commands/status.js +3 -18
- package/dist/cli/commands/status.js.map +1 -1
- package/dist/cli/commands/test.d.ts.map +1 -1
- package/dist/cli/commands/test.js +5 -41
- package/dist/cli/commands/test.js.map +1 -1
- package/dist/cli/commands/whoami.d.ts.map +1 -1
- package/dist/cli/commands/whoami.js +3 -17
- package/dist/cli/commands/whoami.js.map +1 -1
- package/dist/cli/config-yaml.d.ts +7 -1
- package/dist/cli/config-yaml.d.ts.map +1 -1
- package/dist/cli/config-yaml.js +19 -0
- package/dist/cli/config-yaml.js.map +1 -1
- package/dist/cli/index.js +16 -1
- package/dist/cli/index.js.map +1 -1
- package/dist/core/audit.d.ts +2 -12
- package/dist/core/audit.d.ts.map +1 -1
- package/dist/core/audit.js +1 -1
- package/dist/core/audit.js.map +1 -1
- package/dist/core/auth.d.ts.map +1 -1
- package/dist/core/auth.js +14 -0
- package/dist/core/auth.js.map +1 -1
- package/dist/core/authority.d.ts +6 -0
- package/dist/core/authority.d.ts.map +1 -1
- package/dist/core/authority.js +19 -13
- package/dist/core/authority.js.map +1 -1
- package/dist/core/directory.d.ts +1 -1
- package/dist/core/directory.d.ts.map +1 -1
- package/dist/core/directory.js +19 -0
- package/dist/core/directory.js.map +1 -1
- package/dist/core/exec.d.ts.map +1 -1
- package/dist/core/exec.js +12 -11
- package/dist/core/exec.js.map +1 -1
- package/dist/core/mcp-server.d.ts +10 -25
- package/dist/core/mcp-server.d.ts.map +1 -1
- package/dist/core/mcp-server.js +47 -578
- package/dist/core/mcp-server.js.map +1 -1
- package/dist/core/runner-proxy.d.ts.map +1 -1
- package/dist/core/runner-proxy.js +2 -1
- package/dist/core/runner-proxy.js.map +1 -1
- package/dist/core/sessions.d.ts +10 -0
- package/dist/core/sessions.d.ts.map +1 -1
- package/dist/core/sessions.js.map +1 -1
- package/dist/core/signing.d.ts +24 -0
- package/dist/core/signing.d.ts.map +1 -1
- package/dist/core/signing.js +85 -0
- package/dist/core/signing.js.map +1 -1
- package/dist/core/tool-handlers.d.ts +39 -0
- package/dist/core/tool-handlers.d.ts.map +1 -0
- package/dist/core/tool-handlers.js +378 -0
- package/dist/core/tool-handlers.js.map +1 -0
- package/dist/core/types.d.ts +28 -0
- package/dist/core/types.d.ts.map +1 -0
- package/dist/core/types.js +16 -0
- package/dist/core/types.js.map +1 -0
- package/package.json +1 -1
|
@@ -0,0 +1,378 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
|
|
3
|
+
if (k2 === undefined) k2 = k;
|
|
4
|
+
var desc = Object.getOwnPropertyDescriptor(m, k);
|
|
5
|
+
if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
|
|
6
|
+
desc = { enumerable: true, get: function() { return m[k]; } };
|
|
7
|
+
}
|
|
8
|
+
Object.defineProperty(o, k2, desc);
|
|
9
|
+
}) : (function(o, m, k, k2) {
|
|
10
|
+
if (k2 === undefined) k2 = k;
|
|
11
|
+
o[k2] = m[k];
|
|
12
|
+
}));
|
|
13
|
+
var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
|
|
14
|
+
Object.defineProperty(o, "default", { enumerable: true, value: v });
|
|
15
|
+
}) : function(o, v) {
|
|
16
|
+
o["default"] = v;
|
|
17
|
+
});
|
|
18
|
+
var __importStar = (this && this.__importStar) || (function () {
|
|
19
|
+
var ownKeys = function(o) {
|
|
20
|
+
ownKeys = Object.getOwnPropertyNames || function (o) {
|
|
21
|
+
var ar = [];
|
|
22
|
+
for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
|
|
23
|
+
return ar;
|
|
24
|
+
};
|
|
25
|
+
return ownKeys(o);
|
|
26
|
+
};
|
|
27
|
+
return function (mod) {
|
|
28
|
+
if (mod && mod.__esModule) return mod;
|
|
29
|
+
var result = {};
|
|
30
|
+
if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
|
|
31
|
+
__setModuleDefault(result, mod);
|
|
32
|
+
return result;
|
|
33
|
+
};
|
|
34
|
+
})();
|
|
35
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
36
|
+
exports.handleExecute = handleExecute;
|
|
37
|
+
exports.handleExec = handleExec;
|
|
38
|
+
exports.handleManageCredential = handleManageCredential;
|
|
39
|
+
exports.handleTestService = handleTestService;
|
|
40
|
+
exports.handleExplainAccess = handleExplainAccess;
|
|
41
|
+
exports.handleWhoami = handleWhoami;
|
|
42
|
+
const agent_scope_js_1 = require("./agent-scope.js");
|
|
43
|
+
const exec_js_1 = require("./exec.js");
|
|
44
|
+
const health_js_1 = require("./health.js");
|
|
45
|
+
const rules_js_1 = require("./rules.js");
|
|
46
|
+
const types_js_1 = require("./types.js");
|
|
47
|
+
function textResult(data) {
|
|
48
|
+
return { content: [{ type: 'text', text: JSON.stringify(data, null, 2) }] };
|
|
49
|
+
}
|
|
50
|
+
function parseTTL(ttl) {
|
|
51
|
+
const match = ttl.match(/^(\d+)(s|m|h|d)$/);
|
|
52
|
+
if (!match)
|
|
53
|
+
throw new Error(`Invalid TTL format: ${ttl}`);
|
|
54
|
+
const [, num, unit] = match;
|
|
55
|
+
const multipliers = { s: 1, m: 60, h: 3600, d: 86400 };
|
|
56
|
+
return parseInt(num) * multipliers[unit];
|
|
57
|
+
}
|
|
58
|
+
// ---------------------------------------------------------------------------
|
|
59
|
+
// execute
|
|
60
|
+
// ---------------------------------------------------------------------------
|
|
61
|
+
async function handleExecute(ctx, args, extra) {
|
|
62
|
+
const { capability, method, path, body, headers, reason } = args || {};
|
|
63
|
+
const capabilities = ctx.getCapabilities();
|
|
64
|
+
const services = ctx.getServices();
|
|
65
|
+
if (!capability)
|
|
66
|
+
throw new Error('Missing required argument: capability');
|
|
67
|
+
if (!method)
|
|
68
|
+
throw new Error('Missing required argument: method (GET, POST, PUT, DELETE, etc.)');
|
|
69
|
+
if (!path)
|
|
70
|
+
throw new Error('Missing required argument: path');
|
|
71
|
+
const cap = capabilities.find(c => c.name === capability);
|
|
72
|
+
if (!cap) {
|
|
73
|
+
throw new types_js_1.DenialError(`Unknown capability: ${capability}`, {
|
|
74
|
+
reasonCode: 'CAPABILITY_NOT_FOUND', capability,
|
|
75
|
+
nextStep: `Run 'janee cap list' to see available capabilities, or add one with 'janee cap add'.`
|
|
76
|
+
});
|
|
77
|
+
}
|
|
78
|
+
if (cap.mode === 'exec') {
|
|
79
|
+
throw new types_js_1.DenialError(`Capability "${capability}" is an exec-mode capability. Use the 'janee_exec' tool instead.`, { reasonCode: 'MODE_MISMATCH', capability, nextStep: `Use the 'janee_exec' tool for exec-mode capabilities.` });
|
|
80
|
+
}
|
|
81
|
+
if (cap.requiresReason && !reason) {
|
|
82
|
+
throw new types_js_1.DenialError(`Capability "${capability}" requires a reason`, {
|
|
83
|
+
reasonCode: 'REASON_REQUIRED', capability,
|
|
84
|
+
nextStep: `Include a 'reason' argument explaining why you need this access.`
|
|
85
|
+
});
|
|
86
|
+
}
|
|
87
|
+
const ruleCheck = (0, rules_js_1.checkRules)(cap.rules, method, path);
|
|
88
|
+
if (!ruleCheck.allowed) {
|
|
89
|
+
ctx.auditLogger.logDenied(cap.service, method, path, ruleCheck.reason || 'Request denied by policy', reason);
|
|
90
|
+
throw new types_js_1.DenialError(ruleCheck.reason || 'Request denied by policy', {
|
|
91
|
+
reasonCode: 'RULE_DENY', capability,
|
|
92
|
+
agentId: ctx.resolveAgent(extra, args),
|
|
93
|
+
evaluatedPolicy: `rules for ${method} ${path}`,
|
|
94
|
+
nextStep: `Check capability rules with 'janee cap list --json' — the path/method may be explicitly denied.`,
|
|
95
|
+
});
|
|
96
|
+
}
|
|
97
|
+
const executeAgentId = ctx.resolveAgent(extra, args);
|
|
98
|
+
const executeSvc = services.get(cap.service);
|
|
99
|
+
if (!ctx.canAccessCapability(executeAgentId, cap, executeSvc, ctx.defaultAccess)) {
|
|
100
|
+
const denialDetail = ctx.explainAccessDenial(executeAgentId, cap, executeSvc, ctx.defaultAccess);
|
|
101
|
+
ctx.auditLogger.logDenied(cap.service, method, path, 'Agent does not have access to this capability', reason);
|
|
102
|
+
throw new types_js_1.DenialError(`Access denied: capability "${capability}" is not accessible to this agent`, {
|
|
103
|
+
reasonCode: denialDetail?.reason || 'AGENT_NOT_ALLOWED',
|
|
104
|
+
capability, agentId: executeAgentId,
|
|
105
|
+
evaluatedPolicy: denialDetail?.detail,
|
|
106
|
+
nextStep: denialDetail?.reason === 'AGENT_NOT_ALLOWED'
|
|
107
|
+
? `Add this agent to allowedAgents: 'janee cap edit ${capability} --allowed-agents ${executeAgentId}'`
|
|
108
|
+
: denialDetail?.reason === 'DEFAULT_ACCESS_RESTRICTED'
|
|
109
|
+
? `Either add allowedAgents to the capability or change defaultAccess to 'open'.`
|
|
110
|
+
: `Check service ownership settings for the backing service.`,
|
|
111
|
+
});
|
|
112
|
+
}
|
|
113
|
+
const ttlSeconds = parseTTL(cap.ttl);
|
|
114
|
+
const session = ctx.sessionManager.createSession(cap.name, cap.service, ttlSeconds, { agentId: executeAgentId, reason });
|
|
115
|
+
const apiReq = { service: cap.service, path, method, headers: headers || {}, body };
|
|
116
|
+
const response = await ctx.onExecute(session, apiReq);
|
|
117
|
+
return textResult({ status: response.statusCode, body: response.body });
|
|
118
|
+
}
|
|
119
|
+
// ---------------------------------------------------------------------------
|
|
120
|
+
// janee_exec
|
|
121
|
+
// ---------------------------------------------------------------------------
|
|
122
|
+
async function handleExec(ctx, args, extra) {
|
|
123
|
+
if (!ctx.onExecCommand) {
|
|
124
|
+
throw new Error('CLI execution not supported in this configuration');
|
|
125
|
+
}
|
|
126
|
+
const { capability: execCapName, command: rawExecCommand, cwd: execCwd, stdin: execStdin, reason: execReason, } = args || {};
|
|
127
|
+
const capabilities = ctx.getCapabilities();
|
|
128
|
+
const services = ctx.getServices();
|
|
129
|
+
if (!execCapName)
|
|
130
|
+
throw new Error('Missing required argument: capability');
|
|
131
|
+
if (!rawExecCommand || (Array.isArray(rawExecCommand) && rawExecCommand.length === 0) || (typeof rawExecCommand === 'string' && rawExecCommand.trim() === '')) {
|
|
132
|
+
throw new Error('Missing required argument: command');
|
|
133
|
+
}
|
|
134
|
+
const execCommand = Array.isArray(rawExecCommand)
|
|
135
|
+
? rawExecCommand
|
|
136
|
+
: typeof rawExecCommand === 'string'
|
|
137
|
+
? rawExecCommand.trim().split(/\s+/)
|
|
138
|
+
: [];
|
|
139
|
+
let execCap;
|
|
140
|
+
let execSession;
|
|
141
|
+
if (ctx.onForwardToolCall) {
|
|
142
|
+
execCap = { name: execCapName, service: '', ttl: '1h', mode: 'exec', workDir: execCwd };
|
|
143
|
+
execSession = { agentId: ctx.resolveAgent(extra, args) };
|
|
144
|
+
}
|
|
145
|
+
else {
|
|
146
|
+
const foundCap = capabilities.find(c => c.name === execCapName);
|
|
147
|
+
if (!foundCap) {
|
|
148
|
+
throw new types_js_1.DenialError(`Unknown capability: ${execCapName}`, {
|
|
149
|
+
reasonCode: 'CAPABILITY_NOT_FOUND', capability: execCapName,
|
|
150
|
+
nextStep: `Run 'janee cap list' to see available capabilities, or add one with 'janee cap add'.`
|
|
151
|
+
});
|
|
152
|
+
}
|
|
153
|
+
execCap = execCwd ? { ...foundCap, workDir: execCwd } : foundCap;
|
|
154
|
+
if (execCap.mode !== 'exec') {
|
|
155
|
+
throw new types_js_1.DenialError(`Capability "${execCapName}" is not an exec-mode capability. Use the 'execute' tool for API proxy capabilities.`, { reasonCode: 'MODE_MISMATCH', capability: execCapName, nextStep: `Use the 'execute' tool for proxy-mode capabilities.` });
|
|
156
|
+
}
|
|
157
|
+
const execAgentId = ctx.resolveAgent(extra, args);
|
|
158
|
+
const execSvc = services.get(execCap.service);
|
|
159
|
+
if (!ctx.canAccessCapability(execAgentId, execCap, execSvc, ctx.defaultAccess)) {
|
|
160
|
+
const execDenialDetail = ctx.explainAccessDenial(execAgentId, execCap, execSvc, ctx.defaultAccess);
|
|
161
|
+
ctx.auditLogger.logDenied(execCap.service, 'EXEC', execCommand.join(' '), 'Agent does not have access to this capability', execReason);
|
|
162
|
+
throw new types_js_1.DenialError(`Access denied: capability "${execCapName}" is not accessible to this agent`, {
|
|
163
|
+
reasonCode: execDenialDetail?.reason || 'AGENT_NOT_ALLOWED',
|
|
164
|
+
capability: execCapName, agentId: execAgentId,
|
|
165
|
+
evaluatedPolicy: execDenialDetail?.detail,
|
|
166
|
+
nextStep: execDenialDetail?.reason === 'AGENT_NOT_ALLOWED'
|
|
167
|
+
? `Add this agent to allowedAgents: 'janee cap edit ${execCapName} --allowed-agents ${execAgentId}'`
|
|
168
|
+
: execDenialDetail?.reason === 'DEFAULT_ACCESS_RESTRICTED'
|
|
169
|
+
? `Either add allowedAgents to the capability or change defaultAccess to 'open'.`
|
|
170
|
+
: `Check service ownership settings for the backing service.`,
|
|
171
|
+
});
|
|
172
|
+
}
|
|
173
|
+
if (execCap.requiresReason && !execReason) {
|
|
174
|
+
throw new types_js_1.DenialError(`Capability "${execCapName}" requires a reason`, {
|
|
175
|
+
reasonCode: 'REASON_REQUIRED', capability: execCapName,
|
|
176
|
+
nextStep: `Include a 'reason' argument explaining why you need this access.`
|
|
177
|
+
});
|
|
178
|
+
}
|
|
179
|
+
const cmdValidation = (0, exec_js_1.validateCommand)(execCommand, execCap.allowCommands || []);
|
|
180
|
+
if (!cmdValidation.allowed) {
|
|
181
|
+
ctx.auditLogger.logDenied(execCap.service, 'EXEC', execCommand.join(' '), cmdValidation.reason || 'Command not allowed', execReason);
|
|
182
|
+
throw new types_js_1.DenialError(cmdValidation.reason || 'Command not allowed', {
|
|
183
|
+
reasonCode: 'COMMAND_NOT_ALLOWED', capability: execCapName, agentId: execAgentId,
|
|
184
|
+
evaluatedPolicy: `allowCommands: [${(execCap.allowCommands || []).join(', ')}]`,
|
|
185
|
+
nextStep: `Update allowed commands: 'janee cap edit ${execCapName} --allow-commands "new-pattern"'`,
|
|
186
|
+
});
|
|
187
|
+
}
|
|
188
|
+
const execTtlSeconds = parseTTL(execCap.ttl);
|
|
189
|
+
execSession = ctx.sessionManager.createSession(execCap.name, execCap.service, execTtlSeconds, { reason: execReason });
|
|
190
|
+
}
|
|
191
|
+
const execResult = await ctx.onExecCommand(execSession, execCap, execCommand, execStdin);
|
|
192
|
+
ctx.auditLogger.log({ service: execCap.service, path: execCommand.join(' '), method: 'EXEC', headers: { 'x-janee-reason': execReason || '' } }, { statusCode: execResult.exitCode === 0 ? 200 : 500, headers: {}, body: execResult.stdout }, execResult.executionTimeMs);
|
|
193
|
+
return textResult({
|
|
194
|
+
exitCode: execResult.exitCode, stdout: execResult.stdout,
|
|
195
|
+
stderr: execResult.stderr, executionTimeMs: execResult.executionTimeMs,
|
|
196
|
+
executionTarget: 'runner',
|
|
197
|
+
});
|
|
198
|
+
}
|
|
199
|
+
// ---------------------------------------------------------------------------
|
|
200
|
+
// manage_credential
|
|
201
|
+
// ---------------------------------------------------------------------------
|
|
202
|
+
async function handleManageCredential(ctx, args, extra) {
|
|
203
|
+
const { action: credAction, service: credService, targetAgentId: credTarget } = args || {};
|
|
204
|
+
const credAgentId = ctx.resolveAgent(extra, args);
|
|
205
|
+
const services = ctx.getServices();
|
|
206
|
+
if (!credService)
|
|
207
|
+
throw new Error('Missing required argument: service');
|
|
208
|
+
const svc = services.get(credService);
|
|
209
|
+
if (!svc)
|
|
210
|
+
throw new Error(`Unknown service: ${credService}`);
|
|
211
|
+
if (credAction === 'view') {
|
|
212
|
+
return textResult({
|
|
213
|
+
service: credService,
|
|
214
|
+
ownership: svc.ownership || { accessPolicy: 'all-agents', note: 'No ownership metadata (legacy credential)' },
|
|
215
|
+
yourAccess: (0, agent_scope_js_1.canAgentAccess)(credAgentId, svc.ownership),
|
|
216
|
+
});
|
|
217
|
+
}
|
|
218
|
+
if (!credAgentId)
|
|
219
|
+
throw new Error('agentId is required for grant/revoke actions');
|
|
220
|
+
if (!svc.ownership)
|
|
221
|
+
throw new Error('Cannot manage access for legacy credentials without ownership metadata. Re-add the service to enable scoping.');
|
|
222
|
+
if (svc.ownership.createdBy !== credAgentId)
|
|
223
|
+
throw new Error('Only the credential owner can grant or revoke access');
|
|
224
|
+
if (credAction === 'grant') {
|
|
225
|
+
if (!credTarget)
|
|
226
|
+
throw new Error('targetAgentId is required for grant action');
|
|
227
|
+
const { grantAccess } = await Promise.resolve().then(() => __importStar(require('./agent-scope.js')));
|
|
228
|
+
svc.ownership = grantAccess(svc.ownership, credTarget);
|
|
229
|
+
if (ctx.onPersistOwnership)
|
|
230
|
+
ctx.onPersistOwnership(credService, svc.ownership);
|
|
231
|
+
return textResult({ success: true, message: `Granted access to ${credTarget}`, ownership: svc.ownership, persisted: !!ctx.onPersistOwnership });
|
|
232
|
+
}
|
|
233
|
+
if (credAction === 'revoke') {
|
|
234
|
+
if (!credTarget)
|
|
235
|
+
throw new Error('targetAgentId is required for revoke action');
|
|
236
|
+
const { revokeAccess } = await Promise.resolve().then(() => __importStar(require('./agent-scope.js')));
|
|
237
|
+
svc.ownership = revokeAccess(svc.ownership, credTarget);
|
|
238
|
+
if (ctx.onPersistOwnership)
|
|
239
|
+
ctx.onPersistOwnership(credService, svc.ownership);
|
|
240
|
+
return textResult({ success: true, message: `Revoked access from ${credTarget}`, ownership: svc.ownership, persisted: !!ctx.onPersistOwnership });
|
|
241
|
+
}
|
|
242
|
+
throw new Error(`Unknown action: ${credAction}. Use 'view', 'grant', or 'revoke'.`);
|
|
243
|
+
}
|
|
244
|
+
// ---------------------------------------------------------------------------
|
|
245
|
+
// test_service
|
|
246
|
+
// ---------------------------------------------------------------------------
|
|
247
|
+
async function handleTestService(ctx, args) {
|
|
248
|
+
const { service: testSvcName, timeout: testTimeout } = (args || {});
|
|
249
|
+
const services = ctx.getServices();
|
|
250
|
+
const testOpts = testTimeout ? { timeout: testTimeout } : {};
|
|
251
|
+
let targets;
|
|
252
|
+
if (testSvcName) {
|
|
253
|
+
const svc = services.get(testSvcName);
|
|
254
|
+
if (!svc)
|
|
255
|
+
throw new Error(`Unknown service: ${testSvcName}. Use list_services to see available services.`);
|
|
256
|
+
targets = [[testSvcName, svc]];
|
|
257
|
+
}
|
|
258
|
+
else {
|
|
259
|
+
targets = Array.from(services.entries());
|
|
260
|
+
}
|
|
261
|
+
if (targets.length === 0)
|
|
262
|
+
throw new Error('No services configured');
|
|
263
|
+
const results = await Promise.all(targets.map(([name, config]) => (0, health_js_1.testServiceConnection)(name, config, testOpts)));
|
|
264
|
+
return textResult(results.length === 1 ? results[0] : results);
|
|
265
|
+
}
|
|
266
|
+
// ---------------------------------------------------------------------------
|
|
267
|
+
// explain_access
|
|
268
|
+
// ---------------------------------------------------------------------------
|
|
269
|
+
function handleExplainAccess(ctx, args, extra) {
|
|
270
|
+
const { agent: explainAgent, capability: explainCapName, method: explainMethod, path: explainPath } = args || {};
|
|
271
|
+
const targetAgentId = explainAgent || ctx.resolveAgent(extra, args);
|
|
272
|
+
const capabilities = ctx.getCapabilities();
|
|
273
|
+
const services = ctx.getServices();
|
|
274
|
+
const trace = [];
|
|
275
|
+
const explainCap = capabilities.find(c => c.name === explainCapName);
|
|
276
|
+
if (!explainCap) {
|
|
277
|
+
trace.push({ check: 'capability_exists', result: 'fail', detail: `Capability "${explainCapName}" not found` });
|
|
278
|
+
return textResult({
|
|
279
|
+
agent: targetAgentId ?? null, capability: explainCapName, allowed: false, trace,
|
|
280
|
+
nextStep: `Run 'janee cap list' to see available capabilities.`
|
|
281
|
+
});
|
|
282
|
+
}
|
|
283
|
+
trace.push({ check: 'capability_exists', result: 'pass', detail: `Capability "${explainCapName}" exists (service: ${explainCap.service})` });
|
|
284
|
+
if (explainMethod && explainCap.mode === 'exec') {
|
|
285
|
+
trace.push({ check: 'mode', result: 'fail', detail: `Capability is exec-mode but method/path were provided (use janee_exec)` });
|
|
286
|
+
}
|
|
287
|
+
else {
|
|
288
|
+
trace.push({ check: 'mode', result: 'pass', detail: `Capability mode: ${explainCap.mode || 'proxy'}` });
|
|
289
|
+
}
|
|
290
|
+
if (explainCap.allowedAgents && explainCap.allowedAgents.length > 0) {
|
|
291
|
+
if (!targetAgentId) {
|
|
292
|
+
trace.push({ check: 'allowed_agents', result: 'pass', detail: `No agent ID (admin/CLI) — bypasses allowedAgents` });
|
|
293
|
+
}
|
|
294
|
+
else if (explainCap.allowedAgents.includes(targetAgentId)) {
|
|
295
|
+
trace.push({ check: 'allowed_agents', result: 'pass', detail: `Agent "${targetAgentId}" is in allowedAgents [${explainCap.allowedAgents.join(', ')}]` });
|
|
296
|
+
}
|
|
297
|
+
else {
|
|
298
|
+
trace.push({ check: 'allowed_agents', result: 'fail', detail: `Agent "${targetAgentId}" is NOT in allowedAgents [${explainCap.allowedAgents.join(', ')}]` });
|
|
299
|
+
}
|
|
300
|
+
}
|
|
301
|
+
else {
|
|
302
|
+
trace.push({ check: 'allowed_agents', result: 'skip', detail: `No allowedAgents restriction on this capability` });
|
|
303
|
+
}
|
|
304
|
+
if (targetAgentId && (!explainCap.allowedAgents || explainCap.allowedAgents.length === 0)) {
|
|
305
|
+
const effectiveAccess = explainCap.access ?? ctx.defaultAccess;
|
|
306
|
+
const source = explainCap.access ? `capability access` : `global defaultAccess`;
|
|
307
|
+
if (effectiveAccess === 'restricted') {
|
|
308
|
+
trace.push({ check: 'default_access', result: 'fail', detail: `${source} is "restricted" and no allowedAgents list — agent blocked` });
|
|
309
|
+
}
|
|
310
|
+
else {
|
|
311
|
+
trace.push({ check: 'default_access', result: 'pass', detail: `${source} is "${effectiveAccess ?? 'open'}" — agent allowed` });
|
|
312
|
+
}
|
|
313
|
+
}
|
|
314
|
+
else {
|
|
315
|
+
trace.push({ check: 'default_access', result: 'skip', detail: targetAgentId ? `allowedAgents list takes precedence` : `No agent ID (admin/CLI)` });
|
|
316
|
+
}
|
|
317
|
+
const explainSvc = services.get(explainCap.service);
|
|
318
|
+
if (targetAgentId && explainSvc?.ownership) {
|
|
319
|
+
if ((0, agent_scope_js_1.canAgentAccess)(targetAgentId, explainSvc.ownership)) {
|
|
320
|
+
trace.push({ check: 'ownership', result: 'pass', detail: `Agent can access service (ownership: ${JSON.stringify(explainSvc.ownership)})` });
|
|
321
|
+
}
|
|
322
|
+
else {
|
|
323
|
+
trace.push({ check: 'ownership', result: 'fail', detail: `Agent cannot access service (ownership: ${JSON.stringify(explainSvc.ownership)})` });
|
|
324
|
+
}
|
|
325
|
+
}
|
|
326
|
+
else {
|
|
327
|
+
trace.push({ check: 'ownership', result: 'skip', detail: explainSvc?.ownership ? `No agent ID (admin/CLI)` : `No ownership restrictions on service` });
|
|
328
|
+
}
|
|
329
|
+
if (explainMethod && explainPath && explainCap.mode !== 'exec') {
|
|
330
|
+
const ruleResult = (0, rules_js_1.checkRules)(explainCap.rules, explainMethod, explainPath);
|
|
331
|
+
if (ruleResult.allowed) {
|
|
332
|
+
trace.push({ check: 'rules', result: 'pass', detail: `${explainMethod} ${explainPath} is allowed by rules` });
|
|
333
|
+
}
|
|
334
|
+
else {
|
|
335
|
+
trace.push({ check: 'rules', result: 'fail', detail: ruleResult.reason || `${explainMethod} ${explainPath} is denied by rules` });
|
|
336
|
+
}
|
|
337
|
+
}
|
|
338
|
+
else if (explainCap.mode === 'exec') {
|
|
339
|
+
trace.push({ check: 'rules', result: 'skip', detail: `Exec-mode capabilities use allowCommands, not path rules` });
|
|
340
|
+
}
|
|
341
|
+
else {
|
|
342
|
+
trace.push({ check: 'rules', result: 'skip', detail: `No method/path provided for rules evaluation` });
|
|
343
|
+
}
|
|
344
|
+
if (explainCap.mode === 'exec') {
|
|
345
|
+
trace.push({ check: 'allow_commands', result: 'skip', detail: `allowCommands: [${(explainCap.allowCommands || []).join(', ')}] — provide a specific command to validate` });
|
|
346
|
+
}
|
|
347
|
+
const hasFail = trace.some(t => t.result === 'fail');
|
|
348
|
+
const firstFail = trace.find(t => t.result === 'fail');
|
|
349
|
+
return textResult({
|
|
350
|
+
agent: targetAgentId ?? null, capability: explainCapName, allowed: !hasFail, trace,
|
|
351
|
+
...(hasFail && firstFail ? { nextStep: firstFail.detail } : {})
|
|
352
|
+
});
|
|
353
|
+
}
|
|
354
|
+
// ---------------------------------------------------------------------------
|
|
355
|
+
// whoami
|
|
356
|
+
// ---------------------------------------------------------------------------
|
|
357
|
+
function handleWhoami(ctx, args, extra) {
|
|
358
|
+
const whoamiAgentId = ctx.resolveAgent(extra, args);
|
|
359
|
+
const capabilities = ctx.getCapabilities();
|
|
360
|
+
const services = ctx.getServices();
|
|
361
|
+
const accessibleCaps = capabilities
|
|
362
|
+
.filter(cap => ctx.canAccessCapability(whoamiAgentId, cap, services.get(cap.service), ctx.defaultAccess))
|
|
363
|
+
.map(cap => cap.name);
|
|
364
|
+
const deniedCaps = capabilities
|
|
365
|
+
.filter(cap => !ctx.canAccessCapability(whoamiAgentId, cap, services.get(cap.service), ctx.defaultAccess))
|
|
366
|
+
.map(cap => cap.name);
|
|
367
|
+
return textResult({
|
|
368
|
+
agentId: whoamiAgentId ?? null,
|
|
369
|
+
identitySource: whoamiAgentId
|
|
370
|
+
? ((extra?.sessionId && ctx.clientSessions.has(extra.sessionId)) || ctx.clientSessions.has('__default__')
|
|
371
|
+
? 'transport (clientInfo.name)'
|
|
372
|
+
: 'client-asserted (untrusted)')
|
|
373
|
+
: 'none',
|
|
374
|
+
defaultAccessPolicy: ctx.defaultAccess ?? 'open',
|
|
375
|
+
capabilities: { accessible: accessibleCaps, denied: deniedCaps },
|
|
376
|
+
});
|
|
377
|
+
}
|
|
378
|
+
//# sourceMappingURL=tool-handlers.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"tool-handlers.js","sourceRoot":"","sources":["../../src/core/tool-handlers.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AA0DA,sCAyEC;AAKD,gCA2GC;AAKD,wDA2CC;AAKD,8CAwBC;AAKD,kDAwFC;AAKD,oCA2BC;AA7bD,qDAG0B;AAE1B,uCAGmB;AACnB,2CAGqB;AAKrB,yCAAwC;AAMxC,yCAAyC;AAoBzC,SAAS,UAAU,CAAC,IAAa;IAC/B,OAAO,EAAE,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC;AAC9E,CAAC;AAED,SAAS,QAAQ,CAAC,GAAW;IAC3B,MAAM,KAAK,GAAG,GAAG,CAAC,KAAK,CAAC,kBAAkB,CAAC,CAAC;IAC5C,IAAI,CAAC,KAAK;QAAE,MAAM,IAAI,KAAK,CAAC,uBAAuB,GAAG,EAAE,CAAC,CAAC;IAC1D,MAAM,CAAC,EAAE,GAAG,EAAE,IAAI,CAAC,GAAG,KAAK,CAAC;IAC5B,MAAM,WAAW,GAA2B,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,KAAK,EAAE,CAAC;IAC/E,OAAO,QAAQ,CAAC,GAAG,CAAC,GAAG,WAAW,CAAC,IAAI,CAAC,CAAC;AAC3C,CAAC;AAED,8EAA8E;AAC9E,UAAU;AACV,8EAA8E;AACvE,KAAK,UAAU,aAAa,CACjC,GAAuB,EACvB,IAAS,EACT,KAAU;IAEV,MAAM,EAAE,UAAU,EAAE,MAAM,EAAE,IAAI,EAAE,IAAI,EAAE,OAAO,EAAE,MAAM,EAAE,GAAG,IAAI,IAAI,EAAE,CAAC;IACvE,MAAM,YAAY,GAAG,GAAG,CAAC,eAAe,EAAE,CAAC;IAC3C,MAAM,QAAQ,GAAG,GAAG,CAAC,WAAW,EAAE,CAAC;IAEnC,IAAI,CAAC,UAAU;QAAE,MAAM,IAAI,KAAK,CAAC,uCAAuC,CAAC,CAAC;IAC1E,IAAI,CAAC,MAAM;QAAE,MAAM,IAAI,KAAK,CAAC,kEAAkE,CAAC,CAAC;IACjG,IAAI,CAAC,IAAI;QAAE,MAAM,IAAI,KAAK,CAAC,iCAAiC,CAAC,CAAC;IAE9D,MAAM,GAAG,GAAG,YAAY,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,UAAU,CAAC,CAAC;IAC1D,IAAI,CAAC,GAAG,EAAE,CAAC;QACT,MAAM,IAAI,sBAAW,CAAC,uBAAuB,UAAU,EAAE,EAAE;YACzD,UAAU,EAAE,sBAAsB,EAAE,UAAU;YAC9C,QAAQ,EAAE,sFAAsF;SACjG,CAAC,CAAC;IACL,CAAC;IAED,IAAI,GAAG,CAAC,IAAI,KAAK,MAAM,EAAE,CAAC;QACxB,MAAM,IAAI,sBAAW,CACnB,eAAe,UAAU,kEAAkE,EAC3F,EAAE,UAAU,EAAE,eAAe,EAAE,UAAU,EAAE,QAAQ,EAAE,uDAAuD,EAAE,CAC/G,CAAC;IACJ,CAAC;IAED,IAAI,GAAG,CAAC,cAAc,IAAI,CAAC,MAAM,EAAE,CAAC;QAClC,MAAM,IAAI,sBAAW,CAAC,eAAe,UAAU,qBAAqB,EAAE;YACpE,UAAU,EAAE,iBAAiB,EAAE,UAAU;YACzC,QAAQ,EAAE,kEAAkE;SAC7E,CAAC,CAAC;IACL,CAAC;IAED,MAAM,SAAS,GAAG,IAAA,qBAAU,EAAC,GAAG,CAAC,KAAK,EAAE,MAAM,EAAE,IAAI,CAAC,CAAC;IACtD,IAAI,CAAC,SAAS,CAAC,OAAO,EAAE,CAAC;QACvB,GAAG,CAAC,WAAW,CAAC,SAAS,CAAC,GAAG,CAAC,OAAO,EAAE,MAAM,EAAE,IAAI,EAAE,SAAS,CAAC,MAAM,IAAI,0BAA0B,EAAE,MAAM,CAAC,CAAC;QAC7G,MAAM,IAAI,sBAAW,CAAC,SAAS,CAAC,MAAM,IAAI,0BAA0B,EAAE;YACpE,UAAU,EAAE,WAAW,EAAE,UAAU;YACnC,OAAO,EAAE,GAAG,CAAC,YAAY,CAAC,KAAK,EAAE,IAAI,CAAC;YACtC,eAAe,EAAE,aAAa,MAAM,IAAI,IAAI,EAAE;YAC9C,QAAQ,EAAE,iGAAiG;SAC5G,CAAC,CAAC;IACL,CAAC;IAED,MAAM,cAAc,GAAG,GAAG,CAAC,YAAY,CAAC,KAAK,EAAE,IAAI,CAAC,CAAC;IACrD,MAAM,UAAU,GAAG,QAAQ,CAAC,GAAG,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;IAC7C,IAAI,CAAC,GAAG,CAAC,mBAAmB,CAAC,cAAc,EAAE,GAAG,EAAE,UAAU,EAAE,GAAG,CAAC,aAAa,CAAC,EAAE,CAAC;QACjF,MAAM,YAAY,GAAG,GAAG,CAAC,mBAAmB,CAAC,cAAc,EAAE,GAAG,EAAE,UAAU,EAAE,GAAG,CAAC,aAAa,CAAC,CAAC;QACjG,GAAG,CAAC,WAAW,CAAC,SAAS,CAAC,GAAG,CAAC,OAAO,EAAE,MAAM,EAAE,IAAI,EAAE,+CAA+C,EAAE,MAAM,CAAC,CAAC;QAC9G,MAAM,IAAI,sBAAW,CACnB,8BAA8B,UAAU,mCAAmC,EAC3E;YACE,UAAU,EAAE,YAAY,EAAE,MAAa,IAAI,mBAAmB;YAC9D,UAAU,EAAE,OAAO,EAAE,cAAc;YACnC,eAAe,EAAE,YAAY,EAAE,MAAM;YACrC,QAAQ,EAAE,YAAY,EAAE,MAAM,KAAK,mBAAmB;gBACpD,CAAC,CAAC,oDAAoD,UAAU,qBAAqB,cAAc,GAAG;gBACtG,CAAC,CAAC,YAAY,EAAE,MAAM,KAAK,2BAA2B;oBACpD,CAAC,CAAC,+EAA+E;oBACjF,CAAC,CAAC,2DAA2D;SAClE,CACF,CAAC;IACJ,CAAC;IAED,MAAM,UAAU,GAAG,QAAQ,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;IACrC,MAAM,OAAO,GAAG,GAAG,CAAC,cAAc,CAAC,aAAa,CAAC,GAAG,CAAC,IAAI,EAAE,GAAG,CAAC,OAAO,EAAE,UAAU,EAAE,EAAE,OAAO,EAAE,cAAc,EAAE,MAAM,EAAE,CAAC,CAAC;IAEzH,MAAM,MAAM,GAAe,EAAE,OAAO,EAAE,GAAG,CAAC,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,OAAO,IAAI,EAAE,EAAE,IAAI,EAAE,CAAC;IAChG,MAAM,QAAQ,GAAG,MAAM,GAAG,CAAC,SAAS,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;IAEtD,OAAO,UAAU,CAAC,EAAE,MAAM,EAAE,QAAQ,CAAC,UAAU,EAAE,IAAI,EAAE,QAAQ,CAAC,IAAI,EAAE,CAAC,CAAC;AAC1E,CAAC;AAED,8EAA8E;AAC9E,aAAa;AACb,8EAA8E;AACvE,KAAK,UAAU,UAAU,CAC9B,GAAuB,EACvB,IAAS,EACT,KAAU;IAEV,IAAI,CAAC,GAAG,CAAC,aAAa,EAAE,CAAC;QACvB,MAAM,IAAI,KAAK,CAAC,mDAAmD,CAAC,CAAC;IACvE,CAAC;IAED,MAAM,EACJ,UAAU,EAAE,WAAW,EACvB,OAAO,EAAE,cAAc,EACvB,GAAG,EAAE,OAAO,EACZ,KAAK,EAAE,SAAS,EAChB,MAAM,EAAE,UAAU,GACnB,GAAG,IAAI,IAAI,EAAE,CAAC;IACf,MAAM,YAAY,GAAG,GAAG,CAAC,eAAe,EAAE,CAAC;IAC3C,MAAM,QAAQ,GAAG,GAAG,CAAC,WAAW,EAAE,CAAC;IAEnC,IAAI,CAAC,WAAW;QAAE,MAAM,IAAI,KAAK,CAAC,uCAAuC,CAAC,CAAC;IAC3E,IAAI,CAAC,cAAc,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,cAAc,CAAC,IAAI,cAAc,CAAC,MAAM,KAAK,CAAC,CAAC,IAAI,CAAC,OAAO,cAAc,KAAK,QAAQ,IAAI,cAAc,CAAC,IAAI,EAAE,KAAK,EAAE,CAAC,EAAE,CAAC;QAC9J,MAAM,IAAI,KAAK,CAAC,oCAAoC,CAAC,CAAC;IACxD,CAAC;IAED,MAAM,WAAW,GAAa,KAAK,CAAC,OAAO,CAAC,cAAc,CAAC;QACzD,CAAC,CAAC,cAAc;QAChB,CAAC,CAAC,OAAO,cAAc,KAAK,QAAQ;YAClC,CAAC,CAAC,cAAc,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,KAAK,CAAC;YACpC,CAAC,CAAC,EAAE,CAAC;IAET,IAAI,OAAmB,CAAC;IACxB,IAAI,WAAgB,CAAC;IAErB,IAAI,GAAG,CAAC,iBAAiB,EAAE,CAAC;QAC1B,OAAO,GAAG,EAAE,IAAI,EAAE,WAAW,EAAE,OAAO,EAAE,EAAE,EAAE,GAAG,EAAE,IAAI,EAAE,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,OAAO,EAAgB,CAAC;QACtG,WAAW,GAAG,EAAE,OAAO,EAAE,GAAG,CAAC,YAAY,CAAC,KAAK,EAAE,IAAI,CAAC,EAAE,CAAC;IAC3D,CAAC;SAAM,CAAC;QACN,MAAM,QAAQ,GAAG,YAAY,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,WAAW,CAAC,CAAC;QAChE,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,MAAM,IAAI,sBAAW,CAAC,uBAAuB,WAAW,EAAE,EAAE;gBAC1D,UAAU,EAAE,sBAAsB,EAAE,UAAU,EAAE,WAAW;gBAC3D,QAAQ,EAAE,sFAAsF;aACjG,CAAC,CAAC;QACL,CAAC;QACD,OAAO,GAAG,OAAO,CAAC,CAAC,CAAC,EAAE,GAAG,QAAQ,EAAE,OAAO,EAAE,OAAO,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC;QAEjE,IAAI,OAAO,CAAC,IAAI,KAAK,MAAM,EAAE,CAAC;YAC5B,MAAM,IAAI,sBAAW,CACnB,eAAe,WAAW,sFAAsF,EAChH,EAAE,UAAU,EAAE,eAAe,EAAE,UAAU,EAAE,WAAW,EAAE,QAAQ,EAAE,qDAAqD,EAAE,CAC1H,CAAC;QACJ,CAAC;QAED,MAAM,WAAW,GAAG,GAAG,CAAC,YAAY,CAAC,KAAK,EAAE,IAAI,CAAC,CAAC;QAClD,MAAM,OAAO,GAAG,QAAQ,CAAC,GAAG,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;QAC9C,IAAI,CAAC,GAAG,CAAC,mBAAmB,CAAC,WAAW,EAAE,OAAO,EAAE,OAAO,EAAE,GAAG,CAAC,aAAa,CAAC,EAAE,CAAC;YAC/E,MAAM,gBAAgB,GAAG,GAAG,CAAC,mBAAmB,CAAC,WAAW,EAAE,OAAO,EAAE,OAAO,EAAE,GAAG,CAAC,aAAa,CAAC,CAAC;YACnG,GAAG,CAAC,WAAW,CAAC,SAAS,CAAC,OAAO,CAAC,OAAO,EAAE,MAAM,EAAE,WAAW,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,+CAA+C,EAAE,UAAU,CAAC,CAAC;YACvI,MAAM,IAAI,sBAAW,CACnB,8BAA8B,WAAW,mCAAmC,EAC5E;gBACE,UAAU,EAAE,gBAAgB,EAAE,MAAa,IAAI,mBAAmB;gBAClE,UAAU,EAAE,WAAW,EAAE,OAAO,EAAE,WAAW;gBAC7C,eAAe,EAAE,gBAAgB,EAAE,MAAM;gBACzC,QAAQ,EAAE,gBAAgB,EAAE,MAAM,KAAK,mBAAmB;oBACxD,CAAC,CAAC,oDAAoD,WAAW,qBAAqB,WAAW,GAAG;oBACpG,CAAC,CAAC,gBAAgB,EAAE,MAAM,KAAK,2BAA2B;wBACxD,CAAC,CAAC,+EAA+E;wBACjF,CAAC,CAAC,2DAA2D;aAClE,CACF,CAAC;QACJ,CAAC;QAED,IAAI,OAAO,CAAC,cAAc,IAAI,CAAC,UAAU,EAAE,CAAC;YAC1C,MAAM,IAAI,sBAAW,CAAC,eAAe,WAAW,qBAAqB,EAAE;gBACrE,UAAU,EAAE,iBAAiB,EAAE,UAAU,EAAE,WAAW;gBACtD,QAAQ,EAAE,kEAAkE;aAC7E,CAAC,CAAC;QACL,CAAC;QAED,MAAM,aAAa,GAAG,IAAA,yBAAe,EAAC,WAAW,EAAE,OAAO,CAAC,aAAa,IAAI,EAAE,CAAC,CAAC;QAChF,IAAI,CAAC,aAAa,CAAC,OAAO,EAAE,CAAC;YAC3B,GAAG,CAAC,WAAW,CAAC,SAAS,CAAC,OAAO,CAAC,OAAO,EAAE,MAAM,EAAE,WAAW,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,aAAa,CAAC,MAAM,IAAI,qBAAqB,EAAE,UAAU,CAAC,CAAC;YACrI,MAAM,IAAI,sBAAW,CAAC,aAAa,CAAC,MAAM,IAAI,qBAAqB,EAAE;gBACnE,UAAU,EAAE,qBAAqB,EAAE,UAAU,EAAE,WAAW,EAAE,OAAO,EAAE,WAAW;gBAChF,eAAe,EAAE,mBAAmB,CAAC,OAAO,CAAC,aAAa,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG;gBAC/E,QAAQ,EAAE,4CAA4C,WAAW,kCAAkC;aACpG,CAAC,CAAC;QACL,CAAC;QAED,MAAM,cAAc,GAAG,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;QAC7C,WAAW,GAAG,GAAG,CAAC,cAAc,CAAC,aAAa,CAAC,OAAO,CAAC,IAAI,EAAE,OAAO,CAAC,OAAO,EAAE,cAAc,EAAE,EAAE,MAAM,EAAE,UAAU,EAAE,CAAC,CAAC;IACxH,CAAC;IAED,MAAM,UAAU,GAAG,MAAM,GAAG,CAAC,aAAa,CAAC,WAAW,EAAE,OAAO,EAAE,WAAW,EAAE,SAAS,CAAC,CAAC;IAEzF,GAAG,CAAC,WAAW,CAAC,GAAG,CACjB,EAAE,OAAO,EAAE,OAAO,CAAC,OAAO,EAAE,IAAI,EAAE,WAAW,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,EAAE,gBAAgB,EAAE,UAAU,IAAI,EAAE,EAAE,EAAE,EAC1H,EAAE,UAAU,EAAE,UAAU,CAAC,QAAQ,KAAK,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,EAAE,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,UAAU,CAAC,MAAM,EAAE,EAC3F,UAAU,CAAC,eAAe,CAC3B,CAAC;IAEF,OAAO,UAAU,CAAC;QAChB,QAAQ,EAAE,UAAU,CAAC,QAAQ,EAAE,MAAM,EAAE,UAAU,CAAC,MAAM;QACxD,MAAM,EAAE,UAAU,CAAC,MAAM,EAAE,eAAe,EAAE,UAAU,CAAC,eAAe;QACtE,eAAe,EAAE,QAAQ;KAC1B,CAAC,CAAC;AACL,CAAC;AAED,8EAA8E;AAC9E,oBAAoB;AACpB,8EAA8E;AACvE,KAAK,UAAU,sBAAsB,CAC1C,GAAuB,EACvB,IAAS,EACT,KAAU;IAEV,MAAM,EAAE,MAAM,EAAE,UAAU,EAAE,OAAO,EAAE,WAAW,EAAE,aAAa,EAAE,UAAU,EAAE,GAAG,IAAI,IAAI,EAAE,CAAC;IAC3F,MAAM,WAAW,GAAG,GAAG,CAAC,YAAY,CAAC,KAAK,EAAE,IAAI,CAAC,CAAC;IAClD,MAAM,QAAQ,GAAG,GAAG,CAAC,WAAW,EAAE,CAAC;IAEnC,IAAI,CAAC,WAAW;QAAE,MAAM,IAAI,KAAK,CAAC,oCAAoC,CAAC,CAAC;IAExE,MAAM,GAAG,GAAG,QAAQ,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC;IACtC,IAAI,CAAC,GAAG;QAAE,MAAM,IAAI,KAAK,CAAC,oBAAoB,WAAW,EAAE,CAAC,CAAC;IAE7D,IAAI,UAAU,KAAK,MAAM,EAAE,CAAC;QAC1B,OAAO,UAAU,CAAC;YAChB,OAAO,EAAE,WAAW;YACpB,SAAS,EAAE,GAAG,CAAC,SAAS,IAAI,EAAE,YAAY,EAAE,YAAY,EAAE,IAAI,EAAE,2CAA2C,EAAE;YAC7G,UAAU,EAAE,IAAA,+BAAc,EAAC,WAAW,EAAE,GAAG,CAAC,SAAS,CAAC;SACvD,CAAC,CAAC;IACL,CAAC;IAED,IAAI,CAAC,WAAW;QAAE,MAAM,IAAI,KAAK,CAAC,8CAA8C,CAAC,CAAC;IAClF,IAAI,CAAC,GAAG,CAAC,SAAS;QAAE,MAAM,IAAI,KAAK,CAAC,+GAA+G,CAAC,CAAC;IACrJ,IAAI,GAAG,CAAC,SAAS,CAAC,SAAS,KAAK,WAAW;QAAE,MAAM,IAAI,KAAK,CAAC,sDAAsD,CAAC,CAAC;IAErH,IAAI,UAAU,KAAK,OAAO,EAAE,CAAC;QAC3B,IAAI,CAAC,UAAU;YAAE,MAAM,IAAI,KAAK,CAAC,4CAA4C,CAAC,CAAC;QAC/E,MAAM,EAAE,WAAW,EAAE,GAAG,wDAAa,kBAAkB,GAAC,CAAC;QACzD,GAAG,CAAC,SAAS,GAAG,WAAW,CAAC,GAAG,CAAC,SAAS,EAAE,UAAU,CAAC,CAAC;QACvD,IAAI,GAAG,CAAC,kBAAkB;YAAE,GAAG,CAAC,kBAAkB,CAAC,WAAW,EAAE,GAAG,CAAC,SAAS,CAAC,CAAC;QAC/E,OAAO,UAAU,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,qBAAqB,UAAU,EAAE,EAAE,SAAS,EAAE,GAAG,CAAC,SAAS,EAAE,SAAS,EAAE,CAAC,CAAC,GAAG,CAAC,kBAAkB,EAAE,CAAC,CAAC;IAClJ,CAAC;IAED,IAAI,UAAU,KAAK,QAAQ,EAAE,CAAC;QAC5B,IAAI,CAAC,UAAU;YAAE,MAAM,IAAI,KAAK,CAAC,6CAA6C,CAAC,CAAC;QAChF,MAAM,EAAE,YAAY,EAAE,GAAG,wDAAa,kBAAkB,GAAC,CAAC;QAC1D,GAAG,CAAC,SAAS,GAAG,YAAY,CAAC,GAAG,CAAC,SAAS,EAAE,UAAU,CAAC,CAAC;QACxD,IAAI,GAAG,CAAC,kBAAkB;YAAE,GAAG,CAAC,kBAAkB,CAAC,WAAW,EAAE,GAAG,CAAC,SAAS,CAAC,CAAC;QAC/E,OAAO,UAAU,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,uBAAuB,UAAU,EAAE,EAAE,SAAS,EAAE,GAAG,CAAC,SAAS,EAAE,SAAS,EAAE,CAAC,CAAC,GAAG,CAAC,kBAAkB,EAAE,CAAC,CAAC;IACpJ,CAAC;IAED,MAAM,IAAI,KAAK,CAAC,mBAAmB,UAAU,qCAAqC,CAAC,CAAC;AACtF,CAAC;AAED,8EAA8E;AAC9E,eAAe;AACf,8EAA8E;AACvE,KAAK,UAAU,iBAAiB,CACrC,GAAuB,EACvB,IAAS;IAET,MAAM,EAAE,OAAO,EAAE,WAAW,EAAE,OAAO,EAAE,WAAW,EAAE,GAAG,CAAC,IAAI,IAAI,EAAE,CAA2C,CAAC;IAC9G,MAAM,QAAQ,GAAG,GAAG,CAAC,WAAW,EAAE,CAAC;IACnC,MAAM,QAAQ,GAAG,WAAW,CAAC,CAAC,CAAC,EAAE,OAAO,EAAE,WAAW,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;IAE7D,IAAI,OAAkC,CAAC;IACvC,IAAI,WAAW,EAAE,CAAC;QAChB,MAAM,GAAG,GAAG,QAAQ,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC;QACtC,IAAI,CAAC,GAAG;YAAE,MAAM,IAAI,KAAK,CAAC,oBAAoB,WAAW,gDAAgD,CAAC,CAAC;QAC3G,OAAO,GAAG,CAAC,CAAC,WAAW,EAAE,GAAG,CAAC,CAAC,CAAC;IACjC,CAAC;SAAM,CAAC;QACN,OAAO,GAAG,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,OAAO,EAAE,CAAC,CAAC;IAC3C,CAAC;IAED,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC;QAAE,MAAM,IAAI,KAAK,CAAC,wBAAwB,CAAC,CAAC;IAEpE,MAAM,OAAO,GAAwB,MAAM,OAAO,CAAC,GAAG,CACpD,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,EAAE,MAAM,CAAC,EAAE,EAAE,CAAC,IAAA,iCAAqB,EAAC,IAAI,EAAE,MAAM,EAAE,QAAQ,CAAC,CAAC,CAC/E,CAAC;IAEF,OAAO,UAAU,CAAC,OAAO,CAAC,MAAM,KAAK,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC;AACjE,CAAC;AAED,8EAA8E;AAC9E,iBAAiB;AACjB,8EAA8E;AAC9E,SAAgB,mBAAmB,CACjC,GAAuB,EACvB,IAAS,EACT,KAAU;IAEV,MAAM,EAAE,KAAK,EAAE,YAAY,EAAE,UAAU,EAAE,cAAc,EAAE,MAAM,EAAE,aAAa,EAAE,IAAI,EAAE,WAAW,EAAE,GAAG,IAAI,IAAI,EAAE,CAAC;IACjH,MAAM,aAAa,GAAG,YAAY,IAAI,GAAG,CAAC,YAAY,CAAC,KAAK,EAAE,IAAI,CAAC,CAAC;IACpE,MAAM,YAAY,GAAG,GAAG,CAAC,eAAe,EAAE,CAAC;IAC3C,MAAM,QAAQ,GAAG,GAAG,CAAC,WAAW,EAAE,CAAC;IAGnC,MAAM,KAAK,GAAgB,EAAE,CAAC;IAE9B,MAAM,UAAU,GAAG,YAAY,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,cAAc,CAAC,CAAC;IACrE,IAAI,CAAC,UAAU,EAAE,CAAC;QAChB,KAAK,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,mBAAmB,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,eAAe,cAAc,aAAa,EAAE,CAAC,CAAC;QAC/G,OAAO,UAAU,CAAC;YAChB,KAAK,EAAE,aAAa,IAAI,IAAI,EAAE,UAAU,EAAE,cAAc,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK;YAC/E,QAAQ,EAAE,qDAAqD;SAChE,CAAC,CAAC;IACL,CAAC;IACD,KAAK,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,mBAAmB,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,eAAe,cAAc,sBAAsB,UAAU,CAAC,OAAO,GAAG,EAAE,CAAC,CAAC;IAE7I,IAAI,aAAa,IAAI,UAAU,CAAC,IAAI,KAAK,MAAM,EAAE,CAAC;QAChD,KAAK,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,wEAAwE,EAAE,CAAC,CAAC;IAClI,CAAC;SAAM,CAAC;QACN,KAAK,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,oBAAoB,UAAU,CAAC,IAAI,IAAI,OAAO,EAAE,EAAE,CAAC,CAAC;IAC1G,CAAC;IAED,IAAI,UAAU,CAAC,aAAa,IAAI,UAAU,CAAC,aAAa,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACpE,IAAI,CAAC,aAAa,EAAE,CAAC;YACnB,KAAK,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,gBAAgB,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,kDAAkD,EAAE,CAAC,CAAC;QACtH,CAAC;aAAM,IAAI,UAAU,CAAC,aAAa,CAAC,QAAQ,CAAC,aAAa,CAAC,EAAE,CAAC;YAC5D,KAAK,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,gBAAgB,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,UAAU,aAAa,0BAA0B,UAAU,CAAC,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC,CAAC;QAC3J,CAAC;aAAM,CAAC;YACN,KAAK,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,gBAAgB,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,UAAU,aAAa,8BAA8B,UAAU,CAAC,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC,CAAC;QAC/J,CAAC;IACH,CAAC;SAAM,CAAC;QACN,KAAK,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,gBAAgB,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,iDAAiD,EAAE,CAAC,CAAC;IACrH,CAAC;IAED,IAAI,aAAa,IAAI,CAAC,CAAC,UAAU,CAAC,aAAa,IAAI,UAAU,CAAC,aAAa,CAAC,MAAM,KAAK,CAAC,CAAC,EAAE,CAAC;QAC1F,MAAM,eAAe,GAAG,UAAU,CAAC,MAAM,IAAI,GAAG,CAAC,aAAa,CAAC;QAC/D,MAAM,MAAM,GAAG,UAAU,CAAC,MAAM,CAAC,CAAC,CAAC,mBAAmB,CAAC,CAAC,CAAC,sBAAsB,CAAC;QAChF,IAAI,eAAe,KAAK,YAAY,EAAE,CAAC;YACrC,KAAK,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,gBAAgB,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,GAAG,MAAM,4DAA4D,EAAE,CAAC,CAAC;QACzI,CAAC;aAAM,CAAC;YACN,KAAK,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,gBAAgB,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,GAAG,MAAM,QAAQ,eAAe,IAAI,MAAM,mBAAmB,EAAE,CAAC,CAAC;QACjI,CAAC;IACH,CAAC;SAAM,CAAC;QACN,KAAK,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,gBAAgB,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,aAAa,CAAC,CAAC,CAAC,qCAAqC,CAAC,CAAC,CAAC,yBAAyB,EAAE,CAAC,CAAC;IACrJ,CAAC;IAED,MAAM,UAAU,GAAG,QAAQ,CAAC,GAAG,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC;IACpD,IAAI,aAAa,IAAI,UAAU,EAAE,SAAS,EAAE,CAAC;QAC3C,IAAI,IAAA,+BAAc,EAAC,aAAa,EAAE,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;YACxD,KAAK,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,WAAW,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,wCAAwC,IAAI,CAAC,SAAS,CAAC,UAAU,CAAC,SAAS,CAAC,GAAG,EAAE,CAAC,CAAC;QAC9I,CAAC;aAAM,CAAC;YACN,KAAK,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,WAAW,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,2CAA2C,IAAI,CAAC,SAAS,CAAC,UAAU,CAAC,SAAS,CAAC,GAAG,EAAE,CAAC,CAAC;QACjJ,CAAC;IACH,CAAC;SAAM,CAAC;QACN,KAAK,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,WAAW,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,UAAU,EAAE,SAAS,CAAC,CAAC,CAAC,yBAAyB,CAAC,CAAC,CAAC,sCAAsC,EAAE,CAAC,CAAC;IACzJ,CAAC;IAED,IAAI,aAAa,IAAI,WAAW,IAAI,UAAU,CAAC,IAAI,KAAK,MAAM,EAAE,CAAC;QAC/D,MAAM,UAAU,GAAG,IAAA,qBAAU,EAAC,UAAU,CAAC,KAAK,EAAE,aAAa,EAAE,WAAW,CAAC,CAAC;QAC5E,IAAI,UAAU,CAAC,OAAO,EAAE,CAAC;YACvB,KAAK,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,GAAG,aAAa,IAAI,WAAW,sBAAsB,EAAE,CAAC,CAAC;QAChH,CAAC;aAAM,CAAC;YACN,KAAK,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,UAAU,CAAC,MAAM,IAAI,GAAG,aAAa,IAAI,WAAW,qBAAqB,EAAE,CAAC,CAAC;QACpI,CAAC;IACH,CAAC;SAAM,IAAI,UAAU,CAAC,IAAI,KAAK,MAAM,EAAE,CAAC;QACtC,KAAK,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,0DAA0D,EAAE,CAAC,CAAC;IACrH,CAAC;SAAM,CAAC;QACN,KAAK,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,8CAA8C,EAAE,CAAC,CAAC;IACzG,CAAC;IAED,IAAI,UAAU,CAAC,IAAI,KAAK,MAAM,EAAE,CAAC;QAC/B,KAAK,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,gBAAgB,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,mBAAmB,CAAC,UAAU,CAAC,aAAa,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,4CAA4C,EAAE,CAAC,CAAC;IAC9K,CAAC;IAED,MAAM,OAAO,GAAG,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,MAAM,KAAK,MAAM,CAAC,CAAC;IACrD,MAAM,SAAS,GAAG,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,MAAM,KAAK,MAAM,CAAC,CAAC;IAEvD,OAAO,UAAU,CAAC;QAChB,KAAK,EAAE,aAAa,IAAI,IAAI,EAAE,UAAU,EAAE,cAAc,EAAE,OAAO,EAAE,CAAC,OAAO,EAAE,KAAK;QAClF,GAAG,CAAC,OAAO,IAAI,SAAS,CAAC,CAAC,CAAC,EAAE,QAAQ,EAAE,SAAS,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;KAChE,CAAC,CAAC;AACL,CAAC;AAED,8EAA8E;AAC9E,SAAS;AACT,8EAA8E;AAC9E,SAAgB,YAAY,CAC1B,GAAuB,EACvB,IAAS,EACT,KAAU;IAEV,MAAM,aAAa,GAAG,GAAG,CAAC,YAAY,CAAC,KAAK,EAAE,IAAI,CAAC,CAAC;IACpD,MAAM,YAAY,GAAG,GAAG,CAAC,eAAe,EAAE,CAAC;IAC3C,MAAM,QAAQ,GAAG,GAAG,CAAC,WAAW,EAAE,CAAC;IAEnC,MAAM,cAAc,GAAG,YAAY;SAChC,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,mBAAmB,CAAC,aAAa,EAAE,GAAG,EAAE,QAAQ,CAAC,GAAG,CAAC,GAAG,CAAC,OAAO,CAAC,EAAE,GAAG,CAAC,aAAa,CAAC,CAAC;SACxG,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;IAExB,MAAM,UAAU,GAAG,YAAY;SAC5B,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,GAAG,CAAC,mBAAmB,CAAC,aAAa,EAAE,GAAG,EAAE,QAAQ,CAAC,GAAG,CAAC,GAAG,CAAC,OAAO,CAAC,EAAE,GAAG,CAAC,aAAa,CAAC,CAAC;SACzG,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;IAExB,OAAO,UAAU,CAAC;QAChB,OAAO,EAAE,aAAa,IAAI,IAAI;QAC9B,cAAc,EAAE,aAAa;YAC3B,CAAC,CAAC,CAAC,CAAC,KAAK,EAAE,SAAS,IAAI,GAAG,CAAC,cAAc,CAAC,GAAG,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC,IAAI,GAAG,CAAC,cAAc,CAAC,GAAG,CAAC,aAAa,CAAC;gBACvG,CAAC,CAAC,6BAA6B;gBAC/B,CAAC,CAAC,6BAA6B,CAAC;YAClC,CAAC,CAAC,MAAM;QACV,mBAAmB,EAAE,GAAG,CAAC,aAAa,IAAI,MAAM;QAChD,YAAY,EAAE,EAAE,UAAU,EAAE,cAAc,EAAE,MAAM,EAAE,UAAU,EAAE;KACjE,CAAC,CAAC;AACL,CAAC"}
|
|
@@ -0,0 +1,28 @@
|
|
|
1
|
+
export declare const DEFAULT_TIMEOUT_MS = 30000;
|
|
2
|
+
export declare const REDACTED = "[REDACTED]";
|
|
3
|
+
export declare const MIN_SCRUB_LENGTH = 8;
|
|
4
|
+
export interface APIRequest {
|
|
5
|
+
service: string;
|
|
6
|
+
path: string;
|
|
7
|
+
method: string;
|
|
8
|
+
headers: Record<string, string>;
|
|
9
|
+
body?: string;
|
|
10
|
+
}
|
|
11
|
+
export interface APIResponse {
|
|
12
|
+
statusCode: number;
|
|
13
|
+
headers: Record<string, string | string[]>;
|
|
14
|
+
body: string;
|
|
15
|
+
}
|
|
16
|
+
export type DenialReasonCode = 'CAPABILITY_NOT_FOUND' | 'AGENT_NOT_ALLOWED' | 'DEFAULT_ACCESS_RESTRICTED' | 'OWNERSHIP_DENIED' | 'RULE_DENY' | 'MODE_MISMATCH' | 'REASON_REQUIRED' | 'COMMAND_NOT_ALLOWED';
|
|
17
|
+
export interface DenialDetails {
|
|
18
|
+
reasonCode: DenialReasonCode;
|
|
19
|
+
capability?: string;
|
|
20
|
+
agentId?: string | null;
|
|
21
|
+
evaluatedPolicy?: string;
|
|
22
|
+
nextStep: string;
|
|
23
|
+
}
|
|
24
|
+
export declare class DenialError extends Error {
|
|
25
|
+
denial: DenialDetails;
|
|
26
|
+
constructor(message: string, denial: DenialDetails);
|
|
27
|
+
}
|
|
28
|
+
//# sourceMappingURL=types.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/core/types.ts"],"names":[],"mappings":"AAAA,eAAO,MAAM,kBAAkB,QAAS,CAAC;AACzC,eAAO,MAAM,QAAQ,eAAe,CAAC;AACrC,eAAO,MAAM,gBAAgB,IAAI,CAAC;AAElC,MAAM,WAAW,UAAU;IACzB,OAAO,EAAE,MAAM,CAAC;IAChB,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,EAAE,MAAM,CAAC;IACf,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAChC,IAAI,CAAC,EAAE,MAAM,CAAC;CACf;AAED,MAAM,WAAW,WAAW;IAC1B,UAAU,EAAE,MAAM,CAAC;IACnB,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC,CAAC;IAC3C,IAAI,EAAE,MAAM,CAAC;CACd;AAED,MAAM,MAAM,gBAAgB,GACxB,sBAAsB,GACtB,mBAAmB,GACnB,2BAA2B,GAC3B,kBAAkB,GAClB,WAAW,GACX,eAAe,GACf,iBAAiB,GACjB,qBAAqB,CAAC;AAE1B,MAAM,WAAW,aAAa;IAC5B,UAAU,EAAE,gBAAgB,CAAC;IAC7B,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,OAAO,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACxB,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,QAAQ,EAAE,MAAM,CAAC;CAClB;AAED,qBAAa,WAAY,SAAQ,KAAK;IACpC,MAAM,EAAE,aAAa,CAAC;gBACV,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,aAAa;CAKnD"}
|
|
@@ -0,0 +1,16 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.DenialError = exports.MIN_SCRUB_LENGTH = exports.REDACTED = exports.DEFAULT_TIMEOUT_MS = void 0;
|
|
4
|
+
exports.DEFAULT_TIMEOUT_MS = 30_000;
|
|
5
|
+
exports.REDACTED = '[REDACTED]';
|
|
6
|
+
exports.MIN_SCRUB_LENGTH = 8;
|
|
7
|
+
class DenialError extends Error {
|
|
8
|
+
denial;
|
|
9
|
+
constructor(message, denial) {
|
|
10
|
+
super(message);
|
|
11
|
+
this.name = 'DenialError';
|
|
12
|
+
this.denial = denial;
|
|
13
|
+
}
|
|
14
|
+
}
|
|
15
|
+
exports.DenialError = DenialError;
|
|
16
|
+
//# sourceMappingURL=types.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"types.js","sourceRoot":"","sources":["../../src/core/types.ts"],"names":[],"mappings":";;;AAAa,QAAA,kBAAkB,GAAG,MAAM,CAAC;AAC5B,QAAA,QAAQ,GAAG,YAAY,CAAC;AACxB,QAAA,gBAAgB,GAAG,CAAC,CAAC;AAkClC,MAAa,WAAY,SAAQ,KAAK;IACpC,MAAM,CAAgB;IACtB,YAAY,OAAe,EAAE,MAAqB;QAChD,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,IAAI,GAAG,aAAa,CAAC;QAC1B,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;IACvB,CAAC;CACF;AAPD,kCAOC"}
|
package/package.json
CHANGED