@utilarium/cardigantime 0.0.24-dev.0

package/dist/read.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"read.js","sources":["../src/read.ts"],"sourcesContent":["import * as yaml from 'js-yaml';\nimport * as path from 'node:path';\nimport { z, ZodObject } from 'zod';\nimport { Args, ConfigSchema, Options } from './types';\nimport * as Storage from './util/storage';\nimport { loadHierarchicalConfig, DiscoveredConfigDir } from './util/hierarchical';\n\n/**\n * Removes undefined values from an object to create a clean configuration.\n * This is used to merge configuration sources while avoiding undefined pollution.\n * \n * @param obj - The object to clean\n * @returns A new object with undefined values filtered out\n */\nfunction clean(obj: any) {\n    return Object.fromEntries(\n        Object.entries(obj).filter(([_, v]) => v !== undefined)\n    );\n}\n\n/**\n * Resolves relative paths in configuration values relative to the configuration file's directory.\n * \n * @param config - The configuration object to process\n * @param configDir - The directory containing the configuration file\n * @param pathFields - Array of field names (using dot notation) that contain paths to be resolved\n * @param resolvePathArray - Array of field names whose array elements should all be resolved as paths\n * @returns The configuration object with resolved paths\n */\nfunction resolveConfigPaths(\n    config: any,\n    configDir: string,\n    pathFields: string[] = [],\n    resolvePathArray: string[] = []\n): any {\n    if (!config || typeof config !== 'object' || pathFields.length === 0) {\n        return config;\n    }\n\n    const resolvedConfig = { ...config };\n\n    for (const fieldPath of pathFields) {\n        const value = getNestedValue(resolvedConfig, fieldPath);\n        if (value !== undefined) {\n            const shouldResolveArrayElements = resolvePathArray.includes(fieldPath);\n            const resolvedValue = resolvePathValue(value, configDir, shouldResolveArrayElements);\n            setNestedValue(resolvedConfig, fieldPath, resolvedValue);\n        }\n    }\n\n    return resolvedConfig;\n}\n\n/**\n * Gets a nested value from an object using dot notation.\n */\nfunction getNestedValue(obj: any, path: string): any {\n    return path.split('.').reduce((current, key) => current?.[key], obj);\n}\n\n/**\n * Checks if a key is unsafe for prototype pollution prevention.\n */\nfunction isUnsafeKey(key: string): boolean {\n    return key === '__proto__' || key === 'constructor' || key === 'prototype';\n}\n\n/**\n * Sets a nested value in an object using dot notation.\n * Prevents prototype pollution by rejecting dangerous property names.\n */\nfunction setNestedValue(obj: any, path: string, value: any): void {\n    const keys = path.split('.');\n    const lastKey = keys.pop()!;\n\n    // Prevent prototype pollution via special property names\n    if (isUnsafeKey(lastKey) || keys.some(isUnsafeKey)) {\n        return;\n    }\n\n    const target = keys.reduce((current, key) => {\n        // Skip if this is an unsafe key (already checked above, but defensive)\n        if (isUnsafeKey(key)) {\n            return current;\n        }\n        if (!(key in current)) {\n            current[key] = {};\n        }\n        return current[key];\n    }, obj);\n    target[lastKey] = value;\n}\n\n/**\n * Resolves a path value (string or array of strings) relative to the config directory.\n */\nfunction resolvePathValue(value: any, configDir: string, resolveArrayElements: boolean): any {\n    if (typeof value === 'string') {\n        return resolveSinglePath(value, configDir);\n    }\n\n    if (Array.isArray(value) && resolveArrayElements) {\n        return value.map(item =>\n            typeof item === 'string' ? resolveSinglePath(item, configDir) : item\n        );\n    }\n\n    return value;\n}\n\n/**\n * Resolves a single path string relative to the config directory if it's a relative path.\n */\nfunction resolveSinglePath(pathStr: string, configDir: string): string {\n    if (!pathStr || path.isAbsolute(pathStr)) {\n        return pathStr;\n    }\n\n    return path.resolve(configDir, pathStr);\n}\n\n/**\n * Validates and secures a user-provided path to prevent path traversal attacks.\n * \n * Security checks include:\n * - Path traversal prevention (blocks '..')\n * - Absolute path detection\n * - Path separator validation\n * \n * @param userPath - The user-provided path component\n * @param basePath - The base directory to join the path with\n * @returns The safely joined and normalized path\n * @throws {Error} When path traversal or absolute paths are detected\n */\nfunction validatePath(userPath: string, basePath: string): string {\n    if (!userPath || !basePath) {\n        throw new Error('Invalid path parameters');\n    }\n\n    const normalized = path.normalize(userPath);\n\n    // Prevent path traversal attacks\n    if (normalized.includes('..') || path.isAbsolute(normalized)) {\n        throw new Error('Invalid path: path traversal detected');\n    }\n\n    // Ensure the path doesn't start with a path separator\n    if (normalized.startsWith('/') || normalized.startsWith('\\\\')) {\n        throw new Error('Invalid path: absolute path detected');\n    }\n\n    return path.join(basePath, normalized);\n}\n\n/**\n * Validates a configuration directory path for security and basic formatting.\n * \n * Performs validation to prevent:\n * - Null byte injection attacks\n * - Extremely long paths that could cause DoS\n * - Empty or invalid directory specifications\n * \n * @param configDir - The configuration directory path to validate\n * @returns The normalized configuration directory path\n * @throws {Error} When the directory path is invalid or potentially dangerous\n */\nfunction validateConfigDirectory(configDir: string): string {\n    if (!configDir) {\n        throw new Error('Configuration directory is required');\n    }\n\n    // Check for null bytes which could be used for path injection\n    if (configDir.includes('\\0')) {\n        throw new Error('Invalid path: null byte detected');\n    }\n\n    const normalized = path.normalize(configDir);\n\n    // Basic validation - could be expanded based on requirements\n    if (normalized.length > 1000) {\n        throw new Error('Configuration directory path too long');\n    }\n\n    return normalized;\n}\n\n/**\n * Reads configuration from files and merges it with CLI arguments.\n * \n * This function implements the core configuration loading logic:\n * 1. Validates and resolves the configuration directory path\n * 2. Attempts to read the YAML configuration file\n * 3. Safely parses the YAML content with security protections\n * 4. Merges file configuration with runtime arguments\n * 5. Returns a typed configuration object\n * \n * The function handles missing files gracefully and provides detailed\n * logging for troubleshooting configuration issues.\n * \n * @template T - The Zod schema shape type for configuration validation\n * @param args - Parsed command-line arguments containing potential config overrides\n * @param options - Cardigantime options with defaults, schema, and logger\n * @returns Promise resolving to the merged and typed configuration object\n * @throws {Error} When configuration directory is invalid or required files cannot be read\n * \n * @example\n * ```typescript\n * const config = await read(cliArgs, {\n *   defaults: { configDirectory: './config', configFile: 'app.yaml' },\n *   configShape: MySchema.shape,\n *   logger: console,\n *   features: ['config']\n * });\n * // config is fully typed based on your schema\n * ```\n */\nexport const read = async <T extends z.ZodRawShape>(args: Args, options: Options<T>): Promise<z.infer<ZodObject<T & typeof ConfigSchema.shape>>> => {\n    const logger = options.logger;\n\n    const rawConfigDir = args.configDirectory || options.defaults?.configDirectory;\n    if (!rawConfigDir) {\n        throw new Error('Configuration directory must be specified');\n    }\n\n    const resolvedConfigDir = validateConfigDirectory(rawConfigDir);\n    logger.verbose('Resolved config directory');\n\n    let rawFileConfig: object = {};\n    let discoveredConfigDirs: string[] = [];\n    let resolvedConfigDirs: string[] = [];\n\n    // Check if hierarchical configuration discovery is enabled\n    // Use optional chaining for safety although options.features is defaulted\n    if (options.features && options.features.includes('hierarchical')) {\n        logger.verbose('Hierarchical configuration discovery enabled');\n\n        try {\n            // Extract the config directory name from the path for hierarchical discovery\n            const configDirName = path.basename(resolvedConfigDir);\n            const startingDir = path.dirname(resolvedConfigDir);\n\n            logger.debug(`Using hierarchical discovery: configDirName=${configDirName}, startingDir=${startingDir}`);\n\n            const hierarchicalResult = await loadHierarchicalConfig({\n                configDirName,\n                configFileName: options.defaults.configFile,\n                startingDir,\n                encoding: options.defaults.encoding,\n                logger,\n                pathFields: options.defaults.pathResolution?.pathFields,\n                resolvePathArray: options.defaults.pathResolution?.resolvePathArray,\n                fieldOverlaps: options.defaults.fieldOverlaps\n            });\n\n            rawFileConfig = hierarchicalResult.config;\n            discoveredConfigDirs = hierarchicalResult.discoveredDirs.map(dir => dir.path);\n            resolvedConfigDirs = hierarchicalResult.resolvedConfigDirs.map(dir => dir.path);\n\n            if (hierarchicalResult.discoveredDirs.length > 0) {\n                logger.verbose(`Hierarchical discovery found ${hierarchicalResult.discoveredDirs.length} configuration directories`);\n                hierarchicalResult.discoveredDirs.forEach(dir => {\n                    logger.debug(`  Level ${dir.level}: ${dir.path}`);\n                });\n            } else {\n                logger.verbose('No configuration directories found in hierarchy');\n            }\n\n            if (hierarchicalResult.resolvedConfigDirs.length > 0) {\n                logger.verbose(`Found ${hierarchicalResult.resolvedConfigDirs.length} directories with actual configuration files`);\n                hierarchicalResult.resolvedConfigDirs.forEach(dir => {\n                    logger.debug(`  Config dir level ${dir.level}: ${dir.path}`);\n                });\n            }\n\n            if (hierarchicalResult.errors.length > 0) {\n                hierarchicalResult.errors.forEach(error => logger.warn(`Hierarchical config warning: ${error}`));\n            }\n\n        } catch (error: any) {\n            logger.error('Hierarchical configuration loading failed: ' + (error.message || 'Unknown error'));\n            // Fall back to single directory mode\n            logger.verbose('Falling back to single directory configuration loading');\n            rawFileConfig = await loadSingleDirectoryConfig(resolvedConfigDir, options, logger);\n\n            // Include the directory in both arrays (discovered but check if it had config)\n            discoveredConfigDirs = [resolvedConfigDir];\n            if (rawFileConfig && Object.keys(rawFileConfig).length > 0) {\n                resolvedConfigDirs = [resolvedConfigDir];\n            } else {\n                resolvedConfigDirs = [];\n            }\n        }\n    } else {\n        // Use traditional single directory configuration loading\n        logger.verbose('Using single directory configuration loading');\n        rawFileConfig = await loadSingleDirectoryConfig(resolvedConfigDir, options, logger);\n\n        // Include the directory in discovered, and in resolved only if it had config\n        discoveredConfigDirs = [resolvedConfigDir];\n        if (rawFileConfig && Object.keys(rawFileConfig).length > 0) {\n            resolvedConfigDirs = [resolvedConfigDir];\n        } else {\n            resolvedConfigDirs = [];\n        }\n    }\n\n    // Apply path resolution if configured\n    let processedConfig = rawFileConfig;\n    if (options.defaults.pathResolution?.pathFields) {\n        processedConfig = resolveConfigPaths(\n            rawFileConfig,\n            resolvedConfigDir,\n            options.defaults.pathResolution.pathFields,\n            options.defaults.pathResolution.resolvePathArray || []\n        );\n    }\n\n    const config: z.infer<ZodObject<T & typeof ConfigSchema.shape>> = clean({\n        ...processedConfig,\n        ...{\n            configDirectory: resolvedConfigDir,\n            discoveredConfigDirs,\n            resolvedConfigDirs,\n        }\n    }) as z.infer<ZodObject<T & typeof ConfigSchema.shape>>;\n\n    return config;\n}\n\n/**\n * Tries to find a config file with alternative extensions (.yaml or .yml).\n * \n * @param storage Storage instance to use for file operations\n * @param configDir The directory containing the config file\n * @param configFileName The base config file name (may have .yaml or .yml extension)\n * @param logger Logger for debugging\n * @returns Promise resolving to the found config file path or null if not found\n */\nasync function findConfigFileWithExtension(\n    storage: any,\n    configDir: string,\n    configFileName: string,\n    logger: any\n): Promise<string | null> {\n    // Validate the config file name to prevent path traversal\n    const configFilePath = validatePath(configFileName, configDir);\n    \n    // First try the exact filename as specified\n    const exists = await storage.exists(configFilePath);\n    if (exists) {\n        const isReadable = await storage.isFileReadable(configFilePath);\n        if (isReadable) {\n            return configFilePath;\n        }\n    }\n    \n    // If the exact filename doesn't exist or isn't readable, try alternative extensions\n    // Only do this if the filename has a .yaml or .yml extension\n    const ext = path.extname(configFileName);\n    if (ext === '.yaml' || ext === '.yml') {\n        const baseName = path.basename(configFileName, ext);\n        const alternativeExt = ext === '.yaml' ? '.yml' : '.yaml';\n        const alternativeFileName = baseName + alternativeExt;\n        const alternativePath = validatePath(alternativeFileName, configDir);\n        \n        logger.debug(`Config file not found at ${configFilePath}, trying alternative: ${alternativePath}`);\n        \n        const altExists = await storage.exists(alternativePath);\n        if (altExists) {\n            const altIsReadable = await storage.isFileReadable(alternativePath);\n            if (altIsReadable) {\n                logger.debug(`Found config file with alternative extension: ${alternativePath}`);\n                return alternativePath;\n            }\n        }\n    }\n    \n    return null;\n}\n\n/**\n * Loads configuration from a single directory (traditional mode).\n * \n * @param resolvedConfigDir - The resolved configuration directory path\n * @param options - Cardigantime options\n * @param logger - Logger instance\n * @returns Promise resolving to the configuration object\n */\nasync function loadSingleDirectoryConfig<T extends z.ZodRawShape>(\n    resolvedConfigDir: string,\n    options: Options<T>,\n    logger: any\n): Promise<object> {\n    const storage = Storage.create({ log: logger.debug });\n    logger.verbose('Attempting to load config file for cardigantime');\n\n    let rawFileConfig: object = {};\n\n    try {\n        // Try to find the config file with alternative extensions\n        const configFilePath = await findConfigFileWithExtension(\n            storage,\n            resolvedConfigDir,\n            options.defaults.configFile,\n            logger\n        );\n        \n        if (!configFilePath) {\n            logger.verbose('Configuration file not found. Using empty configuration.');\n            return rawFileConfig;\n        }\n\n        const yamlContent = await storage.readFile(configFilePath, options.defaults.encoding);\n\n        // SECURITY FIX: Use safer parsing options to prevent code execution vulnerabilities\n        const parsedYaml = yaml.load(yamlContent);\n\n        if (parsedYaml !== null && typeof parsedYaml === 'object') {\n            rawFileConfig = parsedYaml;\n            logger.verbose('Loaded configuration file successfully');\n        } else if (parsedYaml !== null) {\n            logger.warn('Ignoring invalid configuration format. Expected an object, got ' + typeof parsedYaml);\n        }\n    } catch (error: any) {\n        // Re-throw security-related errors (path validation failures)\n        if (error.message && /Invalid path|path traversal|absolute path/i.test(error.message)) {\n            throw error;\n        }\n        \n        if (error.code === 'ENOENT' || /not found|no such file/i.test(error.message)) {\n            logger.verbose('Configuration file not found. Using empty configuration.');\n        } else {\n            // SECURITY FIX: Don't expose internal paths or detailed error information\n            logger.error('Failed to load or parse configuration file: ' + (error.message || 'Unknown error'));\n        }\n    }\n\n    return rawFileConfig;\n}\n\n/**\n * Represents a configuration value with its source information.\n */\ninterface ConfigSourceInfo {\n    /** The configuration value */\n    value: any;\n    /** Path to the configuration file that provided this value */\n    sourcePath: string;\n    /** Hierarchical level (0 = closest/highest precedence) */\n    level: number;\n    /** Short description of the source for display */\n    sourceLabel: string;\n}\n\n/**\n * Tracks configuration values to their sources during hierarchical loading.\n */\ninterface ConfigSourceTracker {\n    [key: string]: ConfigSourceInfo;\n}\n\n/**\n * Recursively tracks the source of configuration values from hierarchical loading.\n * \n * @param config - The configuration object to track\n * @param sourcePath - Path to the configuration file\n * @param level - Hierarchical level\n * @param prefix - Current object path prefix for nested values\n * @param tracker - The tracker object to populate\n */\nfunction trackConfigSources(\n    config: any,\n    sourcePath: string,\n    level: number,\n    prefix: string = '',\n    tracker: ConfigSourceTracker = {}\n): ConfigSourceTracker {\n    if (!config || typeof config !== 'object' || Array.isArray(config)) {\n        // For primitives and arrays, track the entire value\n        tracker[prefix] = {\n            value: config,\n            sourcePath,\n            level,\n            sourceLabel: `Level ${level}: ${path.basename(path.dirname(sourcePath))}`\n        };\n        return tracker;\n    }\n\n    // For objects, recursively track each property\n    for (const [key, value] of Object.entries(config)) {\n        const fieldPath = prefix ? `${prefix}.${key}` : key;\n        trackConfigSources(value, sourcePath, level, fieldPath, tracker);\n    }\n\n    return tracker;\n}\n\n/**\n * Merges multiple configuration source trackers with proper precedence.\n * Lower level numbers have higher precedence.\n * \n * @param trackers - Array of trackers from different config sources\n * @returns Merged tracker with proper precedence\n */\nfunction mergeConfigTrackers(trackers: ConfigSourceTracker[]): ConfigSourceTracker {\n    const merged: ConfigSourceTracker = {};\n\n    for (const tracker of trackers) {\n        for (const [key, info] of Object.entries(tracker)) {\n            // Only update if we don't have this key yet, or if this source has higher precedence (lower level)\n            if (!merged[key] || info.level < merged[key].level) {\n                merged[key] = info;\n            }\n        }\n    }\n\n    return merged;\n}\n\n/**\n * Formats a configuration value for display, handling different types appropriately.\n * \n * @param value - The configuration value to format\n * @returns Formatted string representation\n */\nfunction formatConfigValue(value: any): string {\n    if (value === null) return 'null';\n    if (value === undefined) return 'undefined';\n    if (typeof value === 'string') return `\"${value}\"`;\n    if (typeof value === 'boolean') return value.toString();\n    if (typeof value === 'number') return value.toString();\n    if (Array.isArray(value)) {\n        if (value.length === 0) return '[]';\n        if (value.length <= 3) {\n            return `[${value.map(formatConfigValue).join(', ')}]`;\n        }\n        return `[${value.slice(0, 2).map(formatConfigValue).join(', ')}, ... (${value.length} items)]`;\n    }\n    if (typeof value === 'object') {\n        const keys = Object.keys(value);\n        if (keys.length === 0) return '{}';\n        if (keys.length <= 2) {\n            return `{${keys.slice(0, 2).join(', ')}}`;\n        }\n        return `{${keys.slice(0, 2).join(', ')}, ... (${keys.length} keys)}`;\n    }\n    return String(value);\n}\n\n/**\n * Displays configuration with source tracking in a git blame-like format.\n * \n * @param config - The resolved configuration object\n * @param tracker - Configuration source tracker\n * @param discoveredDirs - Array of discovered configuration directories\n * @param logger - Logger instance for output\n */\nfunction displayConfigWithSources(\n    config: any,\n    tracker: ConfigSourceTracker,\n    discoveredDirs: DiscoveredConfigDir[],\n    logger: any\n): void {\n    logger.info('\\n' + '='.repeat(80));\n    logger.info('CONFIGURATION SOURCE ANALYSIS');\n    logger.info('='.repeat(80));\n\n    // Display discovered configuration hierarchy\n    logger.info('\\nDISCOVERED CONFIGURATION HIERARCHY:');\n    if (discoveredDirs.length === 0) {\n        logger.info('  No configuration directories found in hierarchy');\n    } else {\n        discoveredDirs\n            .sort((a, b) => a.level - b.level) // Sort by precedence (lower level = higher precedence)\n            .forEach(dir => {\n                const precedence = dir.level === 0 ? '(highest precedence)' :\n                    dir.level === Math.max(...discoveredDirs.map(d => d.level)) ? '(lowest precedence)' :\n                        '';\n                logger.info(`  Level ${dir.level}: ${dir.path} ${precedence}`);\n            });\n    }\n\n    // Display resolved configuration with sources\n    logger.info('\\nRESOLVED CONFIGURATION WITH SOURCES:');\n    logger.info('Format: [Source] key: value\\n');\n\n    const sortedKeys = Object.keys(tracker).sort();\n    const maxKeyLength = Math.max(...sortedKeys.map(k => k.length), 20);\n    const maxSourceLength = Math.max(...Object.values(tracker).map(info => info.sourceLabel.length), 25);\n\n    for (const key of sortedKeys) {\n        const info = tracker[key];\n        const paddedKey = key.padEnd(maxKeyLength);\n        const paddedSource = info.sourceLabel.padEnd(maxSourceLength);\n        const formattedValue = formatConfigValue(info.value);\n\n        logger.info(`[${paddedSource}] ${paddedKey}: ${formattedValue}`);\n    }\n\n    // Display summary\n    logger.info('\\n' + '-'.repeat(80));\n    logger.info('SUMMARY:');\n    logger.info(`  Total configuration keys: ${Object.keys(tracker).length}`);\n    logger.info(`  Configuration sources: ${discoveredDirs.length}`);\n\n    // Count values by source\n    const sourceCount: { [source: string]: number } = {};\n    for (const info of Object.values(tracker)) {\n        sourceCount[info.sourceLabel] = (sourceCount[info.sourceLabel] || 0) + 1;\n    }\n\n    logger.info('  Values by source:');\n    for (const [source, count] of Object.entries(sourceCount)) {\n        logger.info(`    ${source}: ${count} value(s)`);\n    }\n\n    logger.info('='.repeat(80));\n}\n\n/**\n * Checks and displays the resolved configuration with detailed source tracking.\n * \n * This function provides a git blame-like view of configuration resolution,\n * showing which file and hierarchical level contributed each configuration value.\n * \n * @template T - The Zod schema shape type for configuration validation\n * @param args - Parsed command-line arguments\n * @param options - Cardigantime options with defaults, schema, and logger\n * @returns Promise that resolves when the configuration check is complete\n * \n * @example\n * ```typescript\n * await checkConfig(cliArgs, {\n *   defaults: { configDirectory: './config', configFile: 'app.yaml' },\n *   configShape: MySchema.shape,\n *   logger: console,\n *   features: ['config', 'hierarchical']\n * });\n * // Outputs detailed configuration source analysis\n * ```\n */\nexport const checkConfig = async <T extends z.ZodRawShape>(\n    args: Args,\n    options: Options<T>\n): Promise<void> => {\n    const logger = options.logger;\n\n    logger.info('Starting configuration check...');\n\n    const rawConfigDir = args.configDirectory || options.defaults?.configDirectory;\n    if (!rawConfigDir) {\n        throw new Error('Configuration directory must be specified');\n    }\n\n    const resolvedConfigDir = validateConfigDirectory(rawConfigDir);\n    logger.verbose(`Resolved config directory: ${resolvedConfigDir}`);\n\n    let rawFileConfig: object = {};\n    let discoveredDirs: DiscoveredConfigDir[] = [];\n    let resolvedConfigDirs: DiscoveredConfigDir[] = [];\n    let tracker: ConfigSourceTracker = {};\n\n    // Check if hierarchical configuration discovery is enabled\n    // Use optional chaining for safety although options.features is defaulted\n    if (options.features && options.features.includes('hierarchical')) {\n        logger.verbose('Using hierarchical configuration discovery for source tracking');\n\n        try {\n            // Extract the config directory name from the path for hierarchical discovery\n            const configDirName = path.basename(resolvedConfigDir);\n            const startingDir = path.dirname(resolvedConfigDir);\n\n            logger.debug(`Using hierarchical discovery: configDirName=${configDirName}, startingDir=${startingDir}`);\n\n            const hierarchicalResult = await loadHierarchicalConfig({\n                configDirName,\n                configFileName: options.defaults.configFile,\n                startingDir,\n                encoding: options.defaults.encoding,\n                logger,\n                pathFields: options.defaults.pathResolution?.pathFields,\n                resolvePathArray: options.defaults.pathResolution?.resolvePathArray,\n                fieldOverlaps: options.defaults.fieldOverlaps\n            });\n\n            rawFileConfig = hierarchicalResult.config;\n            discoveredDirs = hierarchicalResult.discoveredDirs;\n            resolvedConfigDirs = hierarchicalResult.resolvedConfigDirs;\n\n            // Build detailed source tracking by re-loading each config individually\n            const trackers: ConfigSourceTracker[] = [];\n\n            // Sort by level (highest level first = lowest precedence first) to match merge order\n            const sortedDirs = [...resolvedConfigDirs].sort((a, b) => b.level - a.level);\n\n            for (const dir of sortedDirs) {\n                const storage = Storage.create({ log: logger.debug });\n                const configFilePath = path.join(dir.path, options.defaults.configFile);\n\n                try {\n                    const exists = await storage.exists(configFilePath);\n                    if (!exists) continue;\n\n                    const isReadable = await storage.isFileReadable(configFilePath);\n                    if (!isReadable) continue;\n\n                    const yamlContent = await storage.readFile(configFilePath, options.defaults.encoding);\n                    const parsedYaml = yaml.load(yamlContent);\n\n                    if (parsedYaml !== null && typeof parsedYaml === 'object') {\n                        const levelTracker = trackConfigSources(parsedYaml, configFilePath, dir.level);\n                        trackers.push(levelTracker);\n                    }\n                } catch (error: any) {\n                    logger.debug(`Error loading config for source tracking from ${configFilePath}: ${error.message}`);\n                }\n            }\n\n            // Merge trackers with proper precedence\n            tracker = mergeConfigTrackers(trackers);\n\n            if (hierarchicalResult.errors.length > 0) {\n                logger.warn('Configuration loading warnings:');\n                hierarchicalResult.errors.forEach(error => logger.warn(`  ${error}`));\n            }\n\n        } catch (error: any) {\n            logger.error('Hierarchical configuration loading failed: ' + (error.message || 'Unknown error'));\n            logger.verbose('Falling back to single directory configuration loading');\n\n            // Fall back to single directory mode for source tracking\n            rawFileConfig = await loadSingleDirectoryConfig(resolvedConfigDir, options, logger);\n            const configFilePath = path.join(resolvedConfigDir, options.defaults.configFile);\n            tracker = trackConfigSources(rawFileConfig, configFilePath, 0);\n\n            // Include the directory in discovered, and in resolved only if it had config\n            discoveredDirs = [{\n                path: resolvedConfigDir,\n                level: 0\n            }];\n            if (rawFileConfig && Object.keys(rawFileConfig).length > 0) {\n                resolvedConfigDirs = [{\n                    path: resolvedConfigDir,\n                    level: 0\n                }];\n            } else {\n                resolvedConfigDirs = [];\n            }\n        }\n    } else {\n        // Use traditional single directory configuration loading\n        logger.verbose('Using single directory configuration loading for source tracking');\n        rawFileConfig = await loadSingleDirectoryConfig(resolvedConfigDir, options, logger);\n        const configFilePath = path.join(resolvedConfigDir, options.defaults.configFile);\n        tracker = trackConfigSources(rawFileConfig, configFilePath, 0);\n\n        // Include the directory in discovered, and in resolved only if it had config\n        discoveredDirs = [{\n            path: resolvedConfigDir,\n            level: 0\n        }];\n        if (rawFileConfig && Object.keys(rawFileConfig).length > 0) {\n            resolvedConfigDirs = [{\n                path: resolvedConfigDir,\n                level: 0\n            }];\n        } else {\n            resolvedConfigDirs = [];\n        }\n    }\n\n    // Apply path resolution if configured (this doesn't change source tracking)\n    let processedConfig = rawFileConfig;\n    if (options.defaults.pathResolution?.pathFields) {\n        processedConfig = resolveConfigPaths(\n            rawFileConfig,\n            resolvedConfigDir,\n            options.defaults.pathResolution.pathFields,\n            options.defaults.pathResolution.resolvePathArray || []\n        );\n    }\n\n    // Build final configuration including built-in values\n    const finalConfig = clean({\n        ...processedConfig,\n        configDirectory: resolvedConfigDir,\n        discoveredConfigDirs: discoveredDirs.map(dir => dir.path),\n        resolvedConfigDirs: resolvedConfigDirs.map(dir => dir.path),\n    });\n\n    // Add built-in configuration to tracker\n    tracker['configDirectory'] = {\n        value: resolvedConfigDir,\n        sourcePath: 'built-in',\n        level: -1,\n        sourceLabel: 'Built-in (runtime)'\n    };\n\n    tracker['discoveredConfigDirs'] = {\n        value: discoveredDirs.map(dir => dir.path),\n        sourcePath: 'built-in',\n        level: -1,\n        sourceLabel: 'Built-in (runtime)'\n    };\n\n    tracker['resolvedConfigDirs'] = {\n        value: resolvedConfigDirs.map(dir => dir.path),\n        sourcePath: 'built-in',\n        level: -1,\n        sourceLabel: 'Built-in (runtime)'\n    };\n\n    // Display the configuration with source information\n    displayConfigWithSources(finalConfig, tracker, discoveredDirs, logger);\n};"],"names":["clean","obj","Object","fromEntries","entries","filter","_","v","undefined","resolveConfigPaths","config","configDir","pathFields","resolvePathArray","length","resolvedConfig","fieldPath","value","getNestedValue","shouldResolveArrayElements","includes","resolvedValue","resolvePathValue","setNestedValue","path","split","reduce","current","key","isUnsafeKey","keys","lastKey","pop","some","target","resolveArrayElements","resolveSinglePath","Array","isArray","map","item","pathStr","isAbsolute","resolve","validatePath","userPath","basePath","Error","normalized","normalize","startsWith","join","validateConfigDirectory","read","args","options","logger","rawConfigDir","configDirectory","defaults","resolvedConfigDir","verbose","rawFileConfig","discoveredConfigDirs","resolvedConfigDirs","features","configDirName","basename","startingDir","dirname","debug","hierarchicalResult","loadHierarchicalConfig","configFileName","configFile","encoding","pathResolution","fieldOverlaps","discoveredDirs","dir","forEach","level","errors","error","warn","message","loadSingleDirectoryConfig","processedConfig","findConfigFileWithExtension","storage","configFilePath","exists","isReadable","isFileReadable","ext","extname","baseName","alternativeExt","alternativeFileName","alternativePath","altExists","altIsReadable","Storage","log","yamlContent","readFile","parsedYaml","yaml","load","test","code","trackConfigSources","sourcePath","prefix","tracker","sourceLabel","mergeConfigTrackers","trackers","merged","info","formatConfigValue","toString","slice","String","displayConfigWithSources","repeat","sort","a","b","precedence","Math","max","d","sortedKeys","maxKeyLength","k","maxSourceLength","values","paddedKey","padEnd","paddedSource","formattedValue","sourceCount","source","count","checkConfig","sortedDirs","levelTracker","push","finalConfig"],"mappings":";;;;;AAOA;;;;;;IAOA,SAASA,MAAMC,GAAQ,EAAA;AACnB,IAAA,OAAOC,MAAAA,CAAOC,WAAW,CACrBD,MAAAA,CAAOE,OAAO,CAACH,GAAAA,CAAAA,CAAKI,MAAM,CAAC,CAAC,CAACC,CAAAA,EAAGC,CAAAA,CAAE,GAAKA,CAAAA,KAAMC,SAAAA,CAAAA,CAAAA;AAErD;AAEA;;;;;;;;IASA,SAASC,kBAAAA,CACLC,MAAW,EACXC,SAAiB,EACjBC,UAAAA,GAAuB,EAAE,EACzBC,gBAAAA,GAA6B,EAAE,EAAA;IAE/B,IAAI,CAACH,UAAU,OAAOA,MAAAA,KAAW,YAAYE,UAAAA,CAAWE,MAAM,KAAK,CAAA,EAAG;QAClE,OAAOJ,MAAAA;AACX,IAAA;AAEA,IAAA,MAAMK,cAAAA,GAAiB;AAAE,QAAA,GAAGL;AAAO,KAAA;IAEnC,KAAK,MAAMM,aAAaJ,UAAAA,CAAY;QAChC,MAAMK,KAAAA,GAAQC,eAAeH,cAAAA,EAAgBC,SAAAA,CAAAA;AAC7C,QAAA,IAAIC,UAAUT,SAAAA,EAAW;YACrB,MAAMW,0BAAAA,GAA6BN,gBAAAA,CAAiBO,QAAQ,CAACJ,SAAAA,CAAAA;YAC7D,MAAMK,aAAAA,GAAgBC,gBAAAA,CAAiBL,KAAAA,EAAON,SAAAA,EAAWQ,0BAAAA,CAAAA;AACzDI,YAAAA,cAAAA,CAAeR,gBAAgBC,SAAAA,EAAWK,aAAAA,CAAAA;AAC9C,QAAA;AACJ,IAAA;IAEA,OAAON,cAAAA;AACX;AAEA;;AAEC,IACD,SAASG,cAAAA,CAAejB,GAAQ,EAAEuB,IAAY,EAAA;AAC1C,IAAA,OAAOA,IAAAA,CAAKC,KAAK,CAAC,GAAA,CAAA,CAAKC,MAAM,CAAC,CAACC,OAAAA,EAASC,GAAAA,GAAQD,OAAAA,KAAAA,IAAAA,IAAAA,OAAAA,KAAAA,MAAAA,GAAAA,MAAAA,GAAAA,OAAS,CAACC,IAAI,EAAE3B,GAAAA,CAAAA;AACpE;AAEA;;IAGA,SAAS4B,YAAYD,GAAW,EAAA;AAC5B,IAAA,OAAOA,GAAAA,KAAQ,WAAA,IAAeA,GAAAA,KAAQ,aAAA,IAAiBA,GAAAA,KAAQ,WAAA;AACnE;AAEA;;;AAGC,IACD,SAASL,cAAAA,CAAetB,GAAQ,EAAEuB,IAAY,EAAEP,KAAU,EAAA;IACtD,MAAMa,IAAAA,GAAON,IAAAA,CAAKC,KAAK,CAAC,GAAA,CAAA;IACxB,MAAMM,OAAAA,GAAUD,KAAKE,GAAG,EAAA;;AAGxB,IAAA,IAAIH,WAAAA,CAAYE,OAAAA,CAAAA,IAAYD,IAAAA,CAAKG,IAAI,CAACJ,WAAAA,CAAAA,EAAc;AAChD,QAAA;AACJ,IAAA;AAEA,IAAA,MAAMK,MAAAA,GAASJ,IAAAA,CAAKJ,MAAM,CAAC,CAACC,OAAAA,EAASC,GAAAA,GAAAA;;AAEjC,QAAA,IAAIC,YAAYD,GAAAA,CAAAA,EAAM;YAClB,OAAOD,OAAAA;AACX,QAAA;AACA,QAAA,IAAI,EAAEC,GAAAA,IAAOD,OAAM,CAAA,EAAI;YACnBA,OAAO,CAACC,GAAAA,CAAI,GAAG,EAAC;AACpB,QAAA;QACA,OAAOD,OAAO,CAACC,GAAAA,CAAI;IACvB,CAAA,EAAG3B,GAAAA,CAAAA;IACHiC,MAAM,CAACH,QAAQ,GAAGd,KAAAA;AACtB;AAEA;;AAEC,IACD,SAASK,gBAAAA,CAAiBL,KAAU,EAAEN,SAAiB,EAAEwB,oBAA6B,EAAA;IAClF,IAAI,OAAOlB,UAAU,QAAA,EAAU;AAC3B,QAAA,OAAOmB,kBAAkBnB,KAAAA,EAAON,SAAAA,CAAAA;AACpC,IAAA;AAEA,IAAA,IAAI0B,KAAAA,CAAMC,OAAO,CAACrB,KAAAA,CAAAA,IAAUkB,oBAAAA,EAAsB;QAC9C,OAAOlB,KAAAA,CAAMsB,GAAG,CAACC,CAAAA,IAAAA,GACb,OAAOA,IAAAA,KAAS,QAAA,GAAWJ,iBAAAA,CAAkBI,IAAAA,EAAM7B,SAAAA,CAAAA,GAAa6B,IAAAA,CAAAA;AAExE,IAAA;IAEA,OAAOvB,KAAAA;AACX;AAEA;;AAEC,IACD,SAASmB,iBAAAA,CAAkBK,OAAe,EAAE9B,SAAiB,EAAA;AACzD,IAAA,IAAI,CAAC8B,OAAAA,IAAWjB,IAAAA,CAAKkB,UAAU,CAACD,OAAAA,CAAAA,EAAU;QACtC,OAAOA,OAAAA;AACX,IAAA;IAEA,OAAOjB,IAAAA,CAAKmB,OAAO,CAAChC,SAAAA,EAAW8B,OAAAA,CAAAA;AACnC;AAEA;;;;;;;;;;;;AAYC,IACD,SAASG,YAAAA,CAAaC,QAAgB,EAAEC,QAAgB,EAAA;IACpD,IAAI,CAACD,QAAAA,IAAY,CAACC,QAAAA,EAAU;AACxB,QAAA,MAAM,IAAIC,KAAAA,CAAM,yBAAA,CAAA;AACpB,IAAA;IAEA,MAAMC,UAAAA,GAAaxB,IAAAA,CAAKyB,SAAS,CAACJ,QAAAA,CAAAA;;AAGlC,IAAA,IAAIG,WAAW5B,QAAQ,CAAC,SAASI,IAAAA,CAAKkB,UAAU,CAACM,UAAAA,CAAAA,EAAa;AAC1D,QAAA,MAAM,IAAID,KAAAA,CAAM,uCAAA,CAAA;AACpB,IAAA;;AAGA,IAAA,IAAIC,WAAWE,UAAU,CAAC,QAAQF,UAAAA,CAAWE,UAAU,CAAC,IAAA,CAAA,EAAO;AAC3D,QAAA,MAAM,IAAIH,KAAAA,CAAM,sCAAA,CAAA;AACpB,IAAA;IAEA,OAAOvB,IAAAA,CAAK2B,IAAI,CAACL,QAAAA,EAAUE,UAAAA,CAAAA;AAC/B;AAEA;;;;;;;;;;;IAYA,SAASI,wBAAwBzC,SAAiB,EAAA;AAC9C,IAAA,IAAI,CAACA,SAAAA,EAAW;AACZ,QAAA,MAAM,IAAIoC,KAAAA,CAAM,qCAAA,CAAA;AACpB,IAAA;;IAGA,IAAIpC,SAAAA,CAAUS,QAAQ,CAAC,IAAA,CAAA,EAAO;AAC1B,QAAA,MAAM,IAAI2B,KAAAA,CAAM,kCAAA,CAAA;AACpB,IAAA;IAEA,MAAMC,UAAAA,GAAaxB,IAAAA,CAAKyB,SAAS,CAACtC,SAAAA,CAAAA;;IAGlC,IAAIqC,UAAAA,CAAWlC,MAAM,GAAG,IAAA,EAAM;AAC1B,QAAA,MAAM,IAAIiC,KAAAA,CAAM,uCAAA,CAAA;AACpB,IAAA;IAEA,OAAOC,UAAAA;AACX;AAEA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AA6BC,IACM,MAAMK,IAAAA,GAAO,OAAgCC,IAAAA,EAAYC,OAAAA,GAAAA;QAGfA,iBAAAA,EAyFzCA,gCAAAA;IA3FJ,MAAMC,MAAAA,GAASD,QAAQC,MAAM;IAE7B,MAAMC,YAAAA,GAAeH,IAAAA,CAAKI,eAAe,KAAA,CAAIH,iBAAAA,GAAAA,QAAQI,QAAQ,MAAA,IAAA,IAAhBJ,iBAAAA,KAAAA,MAAAA,GAAAA,MAAAA,GAAAA,iBAAAA,CAAkBG,eAAe,CAAA;AAC9E,IAAA,IAAI,CAACD,YAAAA,EAAc;AACf,QAAA,MAAM,IAAIV,KAAAA,CAAM,2CAAA,CAAA;AACpB,IAAA;AAEA,IAAA,MAAMa,oBAAoBR,uBAAAA,CAAwBK,YAAAA,CAAAA;AAClDD,IAAAA,MAAAA,CAAOK,OAAO,CAAC,2BAAA,CAAA;AAEf,IAAA,IAAIC,gBAAwB,EAAC;AAC7B,IAAA,IAAIC,uBAAiC,EAAE;AACvC,IAAA,IAAIC,qBAA+B,EAAE;;;IAIrC,IAAIT,OAAAA,CAAQU,QAAQ,IAAIV,OAAAA,CAAQU,QAAQ,CAAC7C,QAAQ,CAAC,cAAA,CAAA,EAAiB;AAC/DoC,QAAAA,MAAAA,CAAOK,OAAO,CAAC,8CAAA,CAAA;QAEf,IAAI;gBAagBN,iCAAAA,EACMA,iCAAAA;;YAZtB,MAAMW,aAAAA,GAAgB1C,IAAAA,CAAK2C,QAAQ,CAACP,iBAAAA,CAAAA;YACpC,MAAMQ,WAAAA,GAAc5C,IAAAA,CAAK6C,OAAO,CAACT,iBAAAA,CAAAA;YAEjCJ,MAAAA,CAAOc,KAAK,CAAC,CAAC,4CAA4C,EAAEJ,aAAAA,CAAc,cAAc,EAAEE,WAAAA,CAAAA,CAAa,CAAA;YAEvG,MAAMG,kBAAAA,GAAqB,MAAMC,sBAAAA,CAAuB;AACpDN,gBAAAA,aAAAA;gBACAO,cAAAA,EAAgBlB,OAAAA,CAAQI,QAAQ,CAACe,UAAU;AAC3CN,gBAAAA,WAAAA;gBACAO,QAAAA,EAAUpB,OAAAA,CAAQI,QAAQ,CAACgB,QAAQ;AACnCnB,gBAAAA,MAAAA;gBACA5C,UAAU,EAAA,CAAE2C,oCAAAA,OAAAA,CAAQI,QAAQ,CAACiB,cAAc,MAAA,IAAA,IAA/BrB,iCAAAA,KAAAA,KAAAA,CAAAA,GAAAA,KAAAA,CAAAA,GAAAA,iCAAAA,CAAiC3C,UAAU;gBACvDC,gBAAgB,EAAA,CAAE0C,oCAAAA,OAAAA,CAAQI,QAAQ,CAACiB,cAAc,MAAA,IAAA,IAA/BrB,iCAAAA,KAAAA,KAAAA,CAAAA,GAAAA,KAAAA,CAAAA,GAAAA,iCAAAA,CAAiC1C,gBAAgB;gBACnEgE,aAAAA,EAAetB,OAAAA,CAAQI,QAAQ,CAACkB;AACpC,aAAA,CAAA;AAEAf,YAAAA,aAAAA,GAAgBS,mBAAmB7D,MAAM;YACzCqD,oBAAAA,GAAuBQ,kBAAAA,CAAmBO,cAAc,CAACvC,GAAG,CAACwC,CAAAA,GAAAA,GAAOA,IAAIvD,IAAI,CAAA;YAC5EwC,kBAAAA,GAAqBO,kBAAAA,CAAmBP,kBAAkB,CAACzB,GAAG,CAACwC,CAAAA,GAAAA,GAAOA,IAAIvD,IAAI,CAAA;AAE9E,YAAA,IAAI+C,kBAAAA,CAAmBO,cAAc,CAAChE,MAAM,GAAG,CAAA,EAAG;gBAC9C0C,MAAAA,CAAOK,OAAO,CAAC,CAAC,6BAA6B,EAAEU,kBAAAA,CAAmBO,cAAc,CAAChE,MAAM,CAAC,0BAA0B,CAAC,CAAA;AACnHyD,gBAAAA,kBAAAA,CAAmBO,cAAc,CAACE,OAAO,CAACD,CAAAA,GAAAA,GAAAA;AACtCvB,oBAAAA,MAAAA,CAAOc,KAAK,CAAC,CAAC,QAAQ,EAAES,GAAAA,CAAIE,KAAK,CAAC,EAAE,EAAEF,GAAAA,CAAIvD,IAAI,CAAA,CAAE,CAAA;AACpD,gBAAA,CAAA,CAAA;YACJ,CAAA,MAAO;AACHgC,gBAAAA,MAAAA,CAAOK,OAAO,CAAC,iDAAA,CAAA;AACnB,YAAA;AAEA,YAAA,IAAIU,kBAAAA,CAAmBP,kBAAkB,CAAClD,MAAM,GAAG,CAAA,EAAG;gBAClD0C,MAAAA,CAAOK,OAAO,CAAC,CAAC,MAAM,EAAEU,kBAAAA,CAAmBP,kBAAkB,CAAClD,MAAM,CAAC,4CAA4C,CAAC,CAAA;AAClHyD,gBAAAA,kBAAAA,CAAmBP,kBAAkB,CAACgB,OAAO,CAACD,CAAAA,GAAAA,GAAAA;AAC1CvB,oBAAAA,MAAAA,CAAOc,KAAK,CAAC,CAAC,mBAAmB,EAAES,GAAAA,CAAIE,KAAK,CAAC,EAAE,EAAEF,GAAAA,CAAIvD,IAAI,CAAA,CAAE,CAAA;AAC/D,gBAAA,CAAA,CAAA;AACJ,YAAA;AAEA,YAAA,IAAI+C,kBAAAA,CAAmBW,MAAM,CAACpE,MAAM,GAAG,CAAA,EAAG;AACtCyD,gBAAAA,kBAAAA,CAAmBW,MAAM,CAACF,OAAO,CAACG,CAAAA,KAAAA,GAAS3B,MAAAA,CAAO4B,IAAI,CAAC,CAAC,6BAA6B,EAAED,KAAAA,CAAAA,CAAO,CAAA,CAAA;AAClG,YAAA;AAEJ,QAAA,CAAA,CAAE,OAAOA,KAAAA,EAAY;AACjB3B,YAAAA,MAAAA,CAAO2B,KAAK,CAAC,6CAAA,IAAiDA,KAAAA,CAAME,OAAO,IAAI,eAAc,CAAA,CAAA;;AAE7F7B,YAAAA,MAAAA,CAAOK,OAAO,CAAC,wDAAA,CAAA;YACfC,aAAAA,GAAgB,MAAMwB,yBAAAA,CAA0B1B,iBAAAA,EAAmBL,OAAAA,EAASC,MAAAA,CAAAA;;YAG5EO,oBAAAA,GAAuB;AAACH,gBAAAA;AAAkB,aAAA;AAC1C,YAAA,IAAIE,iBAAiB5D,MAAAA,CAAO4B,IAAI,CAACgC,aAAAA,CAAAA,CAAehD,MAAM,GAAG,CAAA,EAAG;gBACxDkD,kBAAAA,GAAqB;AAACJ,oBAAAA;AAAkB,iBAAA;YAC5C,CAAA,MAAO;AACHI,gBAAAA,kBAAAA,GAAqB,EAAE;AAC3B,YAAA;AACJ,QAAA;IACJ,CAAA,MAAO;;AAEHR,QAAAA,MAAAA,CAAOK,OAAO,CAAC,8CAAA,CAAA;QACfC,aAAAA,GAAgB,MAAMwB,yBAAAA,CAA0B1B,iBAAAA,EAAmBL,OAAAA,EAASC,MAAAA,CAAAA;;QAG5EO,oBAAAA,GAAuB;AAACH,YAAAA;AAAkB,SAAA;AAC1C,QAAA,IAAIE,iBAAiB5D,MAAAA,CAAO4B,IAAI,CAACgC,aAAAA,CAAAA,CAAehD,MAAM,GAAG,CAAA,EAAG;YACxDkD,kBAAAA,GAAqB;AAACJ,gBAAAA;AAAkB,aAAA;QAC5C,CAAA,MAAO;AACHI,YAAAA,kBAAAA,GAAqB,EAAE;AAC3B,QAAA;AACJ,IAAA;;AAGA,IAAA,IAAIuB,eAAAA,GAAkBzB,aAAAA;IACtB,IAAA,CAAIP,gCAAAA,GAAAA,QAAQI,QAAQ,CAACiB,cAAc,MAAA,IAAA,IAA/BrB,gCAAAA,KAAAA,MAAAA,GAAAA,MAAAA,GAAAA,gCAAAA,CAAiC3C,UAAU,EAAE;AAC7C2E,QAAAA,eAAAA,GAAkB9E,mBACdqD,aAAAA,EACAF,iBAAAA,EACAL,OAAAA,CAAQI,QAAQ,CAACiB,cAAc,CAAChE,UAAU,EAC1C2C,QAAQI,QAAQ,CAACiB,cAAc,CAAC/D,gBAAgB,IAAI,EAAE,CAAA;AAE9D,IAAA;AAEA,IAAA,MAAMH,SAA4DV,KAAAA,CAAM;AACpE,QAAA,GAAGuF,eAAe;QAClB,GAAG;YACC7B,eAAAA,EAAiBE,iBAAAA;AACjBG,YAAAA,oBAAAA;AACAC,YAAAA;;AAER,KAAA,CAAA;IAEA,OAAOtD,MAAAA;AACX;AAEA;;;;;;;;IASA,eAAe8E,4BACXC,OAAY,EACZ9E,SAAiB,EACjB8D,cAAsB,EACtBjB,MAAW,EAAA;;IAGX,MAAMkC,cAAAA,GAAiB9C,aAAa6B,cAAAA,EAAgB9D,SAAAA,CAAAA;;AAGpD,IAAA,MAAMgF,MAAAA,GAAS,MAAMF,OAAAA,CAAQE,MAAM,CAACD,cAAAA,CAAAA;AACpC,IAAA,IAAIC,MAAAA,EAAQ;AACR,QAAA,MAAMC,UAAAA,GAAa,MAAMH,OAAAA,CAAQI,cAAc,CAACH,cAAAA,CAAAA;AAChD,QAAA,IAAIE,UAAAA,EAAY;YACZ,OAAOF,cAAAA;AACX,QAAA;AACJ,IAAA;;;IAIA,MAAMI,GAAAA,GAAMtE,IAAAA,CAAKuE,OAAO,CAACtB,cAAAA,CAAAA;IACzB,IAAIqB,GAAAA,KAAQ,OAAA,IAAWA,GAAAA,KAAQ,MAAA,EAAQ;AACnC,QAAA,MAAME,QAAAA,GAAWxE,IAAAA,CAAK2C,QAAQ,CAACM,cAAAA,EAAgBqB,GAAAA,CAAAA;QAC/C,MAAMG,cAAAA,GAAiBH,GAAAA,KAAQ,OAAA,GAAU,MAAA,GAAS,OAAA;AAClD,QAAA,MAAMI,sBAAsBF,QAAAA,GAAWC,cAAAA;QACvC,MAAME,eAAAA,GAAkBvD,aAAasD,mBAAAA,EAAqBvF,SAAAA,CAAAA;QAE1D6C,MAAAA,CAAOc,KAAK,CAAC,CAAC,yBAAyB,EAAEoB,cAAAA,CAAe,sBAAsB,EAAES,eAAAA,CAAAA,CAAiB,CAAA;AAEjG,QAAA,MAAMC,SAAAA,GAAY,MAAMX,OAAAA,CAAQE,MAAM,CAACQ,eAAAA,CAAAA;AACvC,QAAA,IAAIC,SAAAA,EAAW;AACX,YAAA,MAAMC,aAAAA,GAAgB,MAAMZ,OAAAA,CAAQI,cAAc,CAACM,eAAAA,CAAAA;AACnD,YAAA,IAAIE,aAAAA,EAAe;AACf7C,gBAAAA,MAAAA,CAAOc,KAAK,CAAC,CAAC,8CAA8C,EAAE6B,eAAAA,CAAAA,CAAiB,CAAA;gBAC/E,OAAOA,eAAAA;AACX,YAAA;AACJ,QAAA;AACJ,IAAA;IAEA,OAAO,IAAA;AACX;AAEA;;;;;;;AAOC,IACD,eAAeb,yBAAAA,CACX1B,iBAAyB,EACzBL,OAAmB,EACnBC,MAAW,EAAA;IAEX,MAAMiC,OAAAA,GAAUa,MAAc,CAAC;AAAEC,QAAAA,GAAAA,EAAK/C,OAAOc;AAAM,KAAA,CAAA;AACnDd,IAAAA,MAAAA,CAAOK,OAAO,CAAC,iDAAA,CAAA;AAEf,IAAA,IAAIC,gBAAwB,EAAC;IAE7B,IAAI;;QAEA,MAAM4B,cAAAA,GAAiB,MAAMF,2BAAAA,CACzBC,OAAAA,EACA7B,mBACAL,OAAAA,CAAQI,QAAQ,CAACe,UAAU,EAC3BlB,MAAAA,CAAAA;AAGJ,QAAA,IAAI,CAACkC,cAAAA,EAAgB;AACjBlC,YAAAA,MAAAA,CAAOK,OAAO,CAAC,0DAAA,CAAA;YACf,OAAOC,aAAAA;AACX,QAAA;QAEA,MAAM0C,WAAAA,GAAc,MAAMf,OAAAA,CAAQgB,QAAQ,CAACf,cAAAA,EAAgBnC,OAAAA,CAAQI,QAAQ,CAACgB,QAAQ,CAAA;;QAGpF,MAAM+B,UAAAA,GAAaC,IAAAA,CAAKC,IAAI,CAACJ,WAAAA,CAAAA;AAE7B,QAAA,IAAIE,UAAAA,KAAe,IAAA,IAAQ,OAAOA,UAAAA,KAAe,QAAA,EAAU;YACvD5C,aAAAA,GAAgB4C,UAAAA;AAChBlD,YAAAA,MAAAA,CAAOK,OAAO,CAAC,wCAAA,CAAA;QACnB,CAAA,MAAO,IAAI6C,eAAe,IAAA,EAAM;YAC5BlD,MAAAA,CAAO4B,IAAI,CAAC,iEAAA,GAAoE,OAAOsB,UAAAA,CAAAA;AAC3F,QAAA;AACJ,IAAA,CAAA,CAAE,OAAOvB,KAAAA,EAAY;;QAEjB,IAAIA,KAAAA,CAAME,OAAO,IAAI,4CAAA,CAA6CwB,IAAI,CAAC1B,KAAAA,CAAME,OAAO,CAAA,EAAG;YACnF,MAAMF,KAAAA;AACV,QAAA;QAEA,IAAIA,KAAAA,CAAM2B,IAAI,KAAK,QAAA,IAAY,0BAA0BD,IAAI,CAAC1B,KAAAA,CAAME,OAAO,CAAA,EAAG;AAC1E7B,YAAAA,MAAAA,CAAOK,OAAO,CAAC,0DAAA,CAAA;QACnB,CAAA,MAAO;;AAEHL,YAAAA,MAAAA,CAAO2B,KAAK,CAAC,8CAAA,IAAkDA,KAAAA,CAAME,OAAO,IAAI,eAAc,CAAA,CAAA;AAClG,QAAA;AACJ,IAAA;IAEA,OAAOvB,aAAAA;AACX;AAuBA;;;;;;;;AAQC,IACD,SAASiD,kBAAAA,CACLrG,MAAW,EACXsG,UAAkB,EAClB/B,KAAa,EACbgC,MAAAA,GAAiB,EAAE,EACnBC,OAAAA,GAA+B,EAAE,EAAA;IAEjC,IAAI,CAACxG,UAAU,OAAOA,MAAAA,KAAW,YAAY2B,KAAAA,CAAMC,OAAO,CAAC5B,MAAAA,CAAAA,EAAS;;QAEhEwG,OAAO,CAACD,OAAO,GAAG;YACdhG,KAAAA,EAAOP,MAAAA;AACPsG,YAAAA,UAAAA;AACA/B,YAAAA,KAAAA;AACAkC,YAAAA,WAAAA,EAAa,CAAC,MAAM,EAAElC,KAAAA,CAAM,EAAE,EAAEzD,IAAAA,CAAK2C,QAAQ,CAAC3C,IAAAA,CAAK6C,OAAO,CAAC2C,UAAAA,CAAAA,CAAAA,CAAAA;AAC/D,SAAA;QACA,OAAOE,OAAAA;AACX,IAAA;;IAGA,KAAK,MAAM,CAACtF,GAAAA,EAAKX,KAAAA,CAAM,IAAIf,MAAAA,CAAOE,OAAO,CAACM,MAAAA,CAAAA,CAAS;AAC/C,QAAA,MAAMM,YAAYiG,MAAAA,GAAS,CAAA,EAAGA,OAAO,CAAC,EAAErF,KAAK,GAAGA,GAAAA;QAChDmF,kBAAAA,CAAmB9F,KAAAA,EAAO+F,UAAAA,EAAY/B,KAAAA,EAAOjE,SAAAA,EAAWkG,OAAAA,CAAAA;AAC5D,IAAA;IAEA,OAAOA,OAAAA;AACX;AAEA;;;;;;IAOA,SAASE,oBAAoBC,QAA+B,EAAA;AACxD,IAAA,MAAMC,SAA8B,EAAC;IAErC,KAAK,MAAMJ,WAAWG,QAAAA,CAAU;QAC5B,KAAK,MAAM,CAACzF,GAAAA,EAAK2F,IAAAA,CAAK,IAAIrH,MAAAA,CAAOE,OAAO,CAAC8G,OAAAA,CAAAA,CAAU;;AAE/C,YAAA,IAAI,CAACI,MAAM,CAAC1F,GAAAA,CAAI,IAAI2F,IAAAA,CAAKtC,KAAK,GAAGqC,MAAM,CAAC1F,GAAAA,CAAI,CAACqD,KAAK,EAAE;gBAChDqC,MAAM,CAAC1F,IAAI,GAAG2F,IAAAA;AAClB,YAAA;AACJ,QAAA;AACJ,IAAA;IAEA,OAAOD,MAAAA;AACX;AAEA;;;;;IAMA,SAASE,kBAAkBvG,KAAU,EAAA;IACjC,IAAIA,KAAAA,KAAU,MAAM,OAAO,MAAA;IAC3B,IAAIA,KAAAA,KAAUT,WAAW,OAAO,WAAA;IAChC,IAAI,OAAOS,UAAU,QAAA,EAAU,OAAO,CAAC,CAAC,EAAEA,KAAAA,CAAM,CAAC,CAAC;AAClD,IAAA,IAAI,OAAOA,KAAAA,KAAU,SAAA,EAAW,OAAOA,MAAMwG,QAAQ,EAAA;AACrD,IAAA,IAAI,OAAOxG,KAAAA,KAAU,QAAA,EAAU,OAAOA,MAAMwG,QAAQ,EAAA;IACpD,IAAIpF,KAAAA,CAAMC,OAAO,CAACrB,KAAAA,CAAAA,EAAQ;AACtB,QAAA,IAAIA,KAAAA,CAAMH,MAAM,KAAK,CAAA,EAAG,OAAO,IAAA;QAC/B,IAAIG,KAAAA,CAAMH,MAAM,IAAI,CAAA,EAAG;YACnB,OAAO,CAAC,CAAC,EAAEG,KAAAA,CAAMsB,GAAG,CAACiF,iBAAAA,CAAAA,CAAmBrE,IAAI,CAAC,IAAA,CAAA,CAAM,CAAC,CAAC;AACzD,QAAA;QACA,OAAO,CAAC,CAAC,EAAElC,KAAAA,CAAMyG,KAAK,CAAC,CAAA,EAAG,GAAGnF,GAAG,CAACiF,mBAAmBrE,IAAI,CAAC,MAAM,OAAO,EAAElC,MAAMH,MAAM,CAAC,QAAQ,CAAC;AAClG,IAAA;IACA,IAAI,OAAOG,UAAU,QAAA,EAAU;QAC3B,MAAMa,IAAAA,GAAO5B,MAAAA,CAAO4B,IAAI,CAACb,KAAAA,CAAAA;AACzB,QAAA,IAAIa,IAAAA,CAAKhB,MAAM,KAAK,CAAA,EAAG,OAAO,IAAA;QAC9B,IAAIgB,IAAAA,CAAKhB,MAAM,IAAI,CAAA,EAAG;AAClB,YAAA,OAAO,CAAC,CAAC,EAAEgB,IAAAA,CAAK4F,KAAK,CAAC,CAAA,EAAG,CAAA,CAAA,CAAGvE,IAAI,CAAC,IAAA,CAAA,CAAM,CAAC,CAAC;AAC7C,QAAA;AACA,QAAA,OAAO,CAAC,CAAC,EAAErB,IAAAA,CAAK4F,KAAK,CAAC,CAAA,EAAG,CAAA,CAAA,CAAGvE,IAAI,CAAC,MAAM,OAAO,EAAErB,KAAKhB,MAAM,CAAC,OAAO,CAAC;AACxE,IAAA;AACA,IAAA,OAAO6G,MAAAA,CAAO1G,KAAAA,CAAAA;AAClB;AAEA;;;;;;;IAQA,SAAS2G,yBACLlH,MAAW,EACXwG,OAA4B,EAC5BpC,cAAqC,EACrCtB,MAAW,EAAA;AAEXA,IAAAA,MAAAA,CAAO+D,IAAI,CAAC,IAAA,GAAO,GAAA,CAAIM,MAAM,CAAC,EAAA,CAAA,CAAA;AAC9BrE,IAAAA,MAAAA,CAAO+D,IAAI,CAAC,+BAAA,CAAA;AACZ/D,IAAAA,MAAAA,CAAO+D,IAAI,CAAC,GAAA,CAAIM,MAAM,CAAC,EAAA,CAAA,CAAA;;AAGvBrE,IAAAA,MAAAA,CAAO+D,IAAI,CAAC,uCAAA,CAAA;IACZ,IAAIzC,cAAAA,CAAehE,MAAM,KAAK,CAAA,EAAG;AAC7B0C,QAAAA,MAAAA,CAAO+D,IAAI,CAAC,mDAAA,CAAA;IAChB,CAAA,MAAO;QACHzC,cAAAA,CACKgD,IAAI,CAAC,CAACC,CAAAA,EAAGC,CAAAA,GAAMD,CAAAA,CAAE9C,KAAK,GAAG+C,CAAAA,CAAE/C,KAAK,CAAA;AAChCD,SAAAA,OAAO,CAACD,CAAAA,GAAAA,GAAAA;YACL,MAAMkD,UAAAA,GAAalD,IAAIE,KAAK,KAAK,IAAI,sBAAA,GACjCF,GAAAA,CAAIE,KAAK,KAAKiD,IAAAA,CAAKC,GAAG,CAAA,GAAIrD,cAAAA,CAAevC,GAAG,CAAC6F,CAAAA,IAAKA,CAAAA,CAAEnD,KAAK,KAAK,qBAAA,GAC1D,EAAA;AACRzB,YAAAA,MAAAA,CAAO+D,IAAI,CAAC,CAAC,QAAQ,EAAExC,GAAAA,CAAIE,KAAK,CAAC,EAAE,EAAEF,GAAAA,CAAIvD,IAAI,CAAC,CAAC,EAAEyG,UAAAA,CAAAA,CAAY,CAAA;AACjE,QAAA,CAAA,CAAA;AACR,IAAA;;AAGAzE,IAAAA,MAAAA,CAAO+D,IAAI,CAAC,wCAAA,CAAA;AACZ/D,IAAAA,MAAAA,CAAO+D,IAAI,CAAC,+BAAA,CAAA;AAEZ,IAAA,MAAMc,UAAAA,GAAanI,MAAAA,CAAO4B,IAAI,CAACoF,SAASY,IAAI,EAAA;IAC5C,MAAMQ,YAAAA,GAAeJ,IAAAA,CAAKC,GAAG,CAAA,GAAIE,UAAAA,CAAW9F,GAAG,CAACgG,CAAAA,CAAAA,GAAKA,CAAAA,CAAEzH,MAAM,CAAA,EAAG,EAAA,CAAA;AAChE,IAAA,MAAM0H,kBAAkBN,IAAAA,CAAKC,GAAG,CAAA,GAAIjI,MAAAA,CAAOuI,MAAM,CAACvB,OAAAA,CAAAA,CAAS3E,GAAG,CAACgF,CAAAA,IAAAA,GAAQA,IAAAA,CAAKJ,WAAW,CAACrG,MAAM,CAAA,EAAG,EAAA,CAAA;IAEjG,KAAK,MAAMc,OAAOyG,UAAAA,CAAY;QAC1B,MAAMd,IAAAA,GAAOL,OAAO,CAACtF,GAAAA,CAAI;QACzB,MAAM8G,SAAAA,GAAY9G,GAAAA,CAAI+G,MAAM,CAACL,YAAAA,CAAAA;AAC7B,QAAA,MAAMM,YAAAA,GAAerB,IAAAA,CAAKJ,WAAW,CAACwB,MAAM,CAACH,eAAAA,CAAAA;QAC7C,MAAMK,cAAAA,GAAiBrB,iBAAAA,CAAkBD,IAAAA,CAAKtG,KAAK,CAAA;QAEnDuC,MAAAA,CAAO+D,IAAI,CAAC,CAAC,CAAC,EAAEqB,YAAAA,CAAa,EAAE,EAAEF,SAAAA,CAAU,EAAE,EAAEG,cAAAA,CAAAA,CAAgB,CAAA;AACnE,IAAA;;AAGArF,IAAAA,MAAAA,CAAO+D,IAAI,CAAC,IAAA,GAAO,GAAA,CAAIM,MAAM,CAAC,EAAA,CAAA,CAAA;AAC9BrE,IAAAA,MAAAA,CAAO+D,IAAI,CAAC,UAAA,CAAA;IACZ/D,MAAAA,CAAO+D,IAAI,CAAC,CAAC,4BAA4B,EAAErH,OAAO4B,IAAI,CAACoF,OAAAA,CAAAA,CAASpG,MAAM,CAAA,CAAE,CAAA;AACxE0C,IAAAA,MAAAA,CAAO+D,IAAI,CAAC,CAAC,yBAAyB,EAAEzC,cAAAA,CAAehE,MAAM,CAAA,CAAE,CAAA;;AAG/D,IAAA,MAAMgI,cAA4C,EAAC;AACnD,IAAA,KAAK,MAAMvB,IAAAA,IAAQrH,MAAAA,CAAOuI,MAAM,CAACvB,OAAAA,CAAAA,CAAU;AACvC4B,QAAAA,WAAW,CAACvB,IAAAA,CAAKJ,WAAW,CAAC,GAAG,CAAC2B,WAAW,CAACvB,IAAAA,CAAKJ,WAAW,CAAC,IAAI,CAAA,IAAK,CAAA;AAC3E,IAAA;AAEA3D,IAAAA,MAAAA,CAAO+D,IAAI,CAAC,qBAAA,CAAA;IACZ,KAAK,MAAM,CAACwB,MAAAA,EAAQC,KAAAA,CAAM,IAAI9I,MAAAA,CAAOE,OAAO,CAAC0I,WAAAA,CAAAA,CAAc;QACvDtF,MAAAA,CAAO+D,IAAI,CAAC,CAAC,IAAI,EAAEwB,OAAO,EAAE,EAAEC,KAAAA,CAAM,SAAS,CAAC,CAAA;AAClD,IAAA;AAEAxF,IAAAA,MAAAA,CAAO+D,IAAI,CAAC,GAAA,CAAIM,MAAM,CAAC,EAAA,CAAA,CAAA;AAC3B;AAEA;;;;;;;;;;;;;;;;;;;;;AAqBC,IACM,MAAMoB,WAAAA,GAAc,OACvB3F,IAAAA,EACAC,OAAAA,GAAAA;QAM6CA,iBAAAA,EA4HzCA,gCAAAA;IAhIJ,MAAMC,MAAAA,GAASD,QAAQC,MAAM;AAE7BA,IAAAA,MAAAA,CAAO+D,IAAI,CAAC,iCAAA,CAAA;IAEZ,MAAM9D,YAAAA,GAAeH,IAAAA,CAAKI,eAAe,KAAA,CAAIH,iBAAAA,GAAAA,QAAQI,QAAQ,MAAA,IAAA,IAAhBJ,iBAAAA,KAAAA,MAAAA,GAAAA,MAAAA,GAAAA,iBAAAA,CAAkBG,eAAe,CAAA;AAC9E,IAAA,IAAI,CAACD,YAAAA,EAAc;AACf,QAAA,MAAM,IAAIV,KAAAA,CAAM,2CAAA,CAAA;AACpB,IAAA;AAEA,IAAA,MAAMa,oBAAoBR,uBAAAA,CAAwBK,YAAAA,CAAAA;AAClDD,IAAAA,MAAAA,CAAOK,OAAO,CAAC,CAAC,2BAA2B,EAAED,iBAAAA,CAAAA,CAAmB,CAAA;AAEhE,IAAA,IAAIE,gBAAwB,EAAC;AAC7B,IAAA,IAAIgB,iBAAwC,EAAE;AAC9C,IAAA,IAAId,qBAA4C,EAAE;AAClD,IAAA,IAAIkD,UAA+B,EAAC;;;IAIpC,IAAI3D,OAAAA,CAAQU,QAAQ,IAAIV,OAAAA,CAAQU,QAAQ,CAAC7C,QAAQ,CAAC,cAAA,CAAA,EAAiB;AAC/DoC,QAAAA,MAAAA,CAAOK,OAAO,CAAC,gEAAA,CAAA;QAEf,IAAI;gBAagBN,iCAAAA,EACMA,iCAAAA;;YAZtB,MAAMW,aAAAA,GAAgB1C,IAAAA,CAAK2C,QAAQ,CAACP,iBAAAA,CAAAA;YACpC,MAAMQ,WAAAA,GAAc5C,IAAAA,CAAK6C,OAAO,CAACT,iBAAAA,CAAAA;YAEjCJ,MAAAA,CAAOc,KAAK,CAAC,CAAC,4CAA4C,EAAEJ,aAAAA,CAAc,cAAc,EAAEE,WAAAA,CAAAA,CAAa,CAAA;YAEvG,MAAMG,kBAAAA,GAAqB,MAAMC,sBAAAA,CAAuB;AACpDN,gBAAAA,aAAAA;gBACAO,cAAAA,EAAgBlB,OAAAA,CAAQI,QAAQ,CAACe,UAAU;AAC3CN,gBAAAA,WAAAA;gBACAO,QAAAA,EAAUpB,OAAAA,CAAQI,QAAQ,CAACgB,QAAQ;AACnCnB,gBAAAA,MAAAA;gBACA5C,UAAU,EAAA,CAAE2C,oCAAAA,OAAAA,CAAQI,QAAQ,CAACiB,cAAc,MAAA,IAAA,IAA/BrB,iCAAAA,KAAAA,KAAAA,CAAAA,GAAAA,KAAAA,CAAAA,GAAAA,iCAAAA,CAAiC3C,UAAU;gBACvDC,gBAAgB,EAAA,CAAE0C,oCAAAA,OAAAA,CAAQI,QAAQ,CAACiB,cAAc,MAAA,IAAA,IAA/BrB,iCAAAA,KAAAA,KAAAA,CAAAA,GAAAA,KAAAA,CAAAA,GAAAA,iCAAAA,CAAiC1C,gBAAgB;gBACnEgE,aAAAA,EAAetB,OAAAA,CAAQI,QAAQ,CAACkB;AACpC,aAAA,CAAA;AAEAf,YAAAA,aAAAA,GAAgBS,mBAAmB7D,MAAM;AACzCoE,YAAAA,cAAAA,GAAiBP,mBAAmBO,cAAc;AAClDd,YAAAA,kBAAAA,GAAqBO,mBAAmBP,kBAAkB;;AAG1D,YAAA,MAAMqD,WAAkC,EAAE;;AAG1C,YAAA,MAAM6B,UAAAA,GAAa;AAAIlF,gBAAAA,GAAAA;aAAmB,CAAC8D,IAAI,CAAC,CAACC,CAAAA,EAAGC,IAAMA,CAAAA,CAAE/C,KAAK,GAAG8C,CAAAA,CAAE9C,KAAK,CAAA;YAE3E,KAAK,MAAMF,OAAOmE,UAAAA,CAAY;gBAC1B,MAAMzD,OAAAA,GAAUa,MAAc,CAAC;AAAEC,oBAAAA,GAAAA,EAAK/C,OAAOc;AAAM,iBAAA,CAAA;gBACnD,MAAMoB,cAAAA,GAAiBlE,IAAAA,CAAK2B,IAAI,CAAC4B,GAAAA,CAAIvD,IAAI,EAAE+B,OAAAA,CAAQI,QAAQ,CAACe,UAAU,CAAA;gBAEtE,IAAI;AACA,oBAAA,MAAMiB,MAAAA,GAAS,MAAMF,OAAAA,CAAQE,MAAM,CAACD,cAAAA,CAAAA;AACpC,oBAAA,IAAI,CAACC,MAAAA,EAAQ;AAEb,oBAAA,MAAMC,UAAAA,GAAa,MAAMH,OAAAA,CAAQI,cAAc,CAACH,cAAAA,CAAAA;AAChD,oBAAA,IAAI,CAACE,UAAAA,EAAY;oBAEjB,MAAMY,WAAAA,GAAc,MAAMf,OAAAA,CAAQgB,QAAQ,CAACf,cAAAA,EAAgBnC,OAAAA,CAAQI,QAAQ,CAACgB,QAAQ,CAAA;oBACpF,MAAM+B,UAAAA,GAAaC,IAAAA,CAAKC,IAAI,CAACJ,WAAAA,CAAAA;AAE7B,oBAAA,IAAIE,UAAAA,KAAe,IAAA,IAAQ,OAAOA,UAAAA,KAAe,QAAA,EAAU;AACvD,wBAAA,MAAMyC,YAAAA,GAAepC,kBAAAA,CAAmBL,UAAAA,EAAYhB,cAAAA,EAAgBX,IAAIE,KAAK,CAAA;AAC7EoC,wBAAAA,QAAAA,CAAS+B,IAAI,CAACD,YAAAA,CAAAA;AAClB,oBAAA;AACJ,gBAAA,CAAA,CAAE,OAAOhE,KAAAA,EAAY;oBACjB3B,MAAAA,CAAOc,KAAK,CAAC,CAAC,8CAA8C,EAAEoB,eAAe,EAAE,EAAEP,KAAAA,CAAME,OAAO,CAAA,CAAE,CAAA;AACpG,gBAAA;AACJ,YAAA;;AAGA6B,YAAAA,OAAAA,GAAUE,mBAAAA,CAAoBC,QAAAA,CAAAA;AAE9B,YAAA,IAAI9C,kBAAAA,CAAmBW,MAAM,CAACpE,MAAM,GAAG,CAAA,EAAG;AACtC0C,gBAAAA,MAAAA,CAAO4B,IAAI,CAAC,iCAAA,CAAA;AACZb,gBAAAA,kBAAAA,CAAmBW,MAAM,CAACF,OAAO,CAACG,CAAAA,KAAAA,GAAS3B,MAAAA,CAAO4B,IAAI,CAAC,CAAC,EAAE,EAAED,KAAAA,CAAAA,CAAO,CAAA,CAAA;AACvE,YAAA;AAEJ,QAAA,CAAA,CAAE,OAAOA,KAAAA,EAAY;AACjB3B,YAAAA,MAAAA,CAAO2B,KAAK,CAAC,6CAAA,IAAiDA,KAAAA,CAAME,OAAO,IAAI,eAAc,CAAA,CAAA;AAC7F7B,YAAAA,MAAAA,CAAOK,OAAO,CAAC,wDAAA,CAAA;;YAGfC,aAAAA,GAAgB,MAAMwB,yBAAAA,CAA0B1B,iBAAAA,EAAmBL,OAAAA,EAASC,MAAAA,CAAAA;YAC5E,MAAMkC,cAAAA,GAAiBlE,KAAK2B,IAAI,CAACS,mBAAmBL,OAAAA,CAAQI,QAAQ,CAACe,UAAU,CAAA;YAC/EwC,OAAAA,GAAUH,kBAAAA,CAAmBjD,eAAe4B,cAAAA,EAAgB,CAAA,CAAA;;YAG5DZ,cAAAA,GAAiB;AAAC,gBAAA;oBACdtD,IAAAA,EAAMoC,iBAAAA;oBACNqB,KAAAA,EAAO;AACX;AAAE,aAAA;AACF,YAAA,IAAInB,iBAAiB5D,MAAAA,CAAO4B,IAAI,CAACgC,aAAAA,CAAAA,CAAehD,MAAM,GAAG,CAAA,EAAG;gBACxDkD,kBAAAA,GAAqB;AAAC,oBAAA;wBAClBxC,IAAAA,EAAMoC,iBAAAA;wBACNqB,KAAAA,EAAO;AACX;AAAE,iBAAA;YACN,CAAA,MAAO;AACHjB,gBAAAA,kBAAAA,GAAqB,EAAE;AAC3B,YAAA;AACJ,QAAA;IACJ,CAAA,MAAO;;AAEHR,QAAAA,MAAAA,CAAOK,OAAO,CAAC,kEAAA,CAAA;QACfC,aAAAA,GAAgB,MAAMwB,yBAAAA,CAA0B1B,iBAAAA,EAAmBL,OAAAA,EAASC,MAAAA,CAAAA;QAC5E,MAAMkC,cAAAA,GAAiBlE,KAAK2B,IAAI,CAACS,mBAAmBL,OAAAA,CAAQI,QAAQ,CAACe,UAAU,CAAA;QAC/EwC,OAAAA,GAAUH,kBAAAA,CAAmBjD,eAAe4B,cAAAA,EAAgB,CAAA,CAAA;;QAG5DZ,cAAAA,GAAiB;AAAC,YAAA;gBACdtD,IAAAA,EAAMoC,iBAAAA;gBACNqB,KAAAA,EAAO;AACX;AAAE,SAAA;AACF,QAAA,IAAInB,iBAAiB5D,MAAAA,CAAO4B,IAAI,CAACgC,aAAAA,CAAAA,CAAehD,MAAM,GAAG,CAAA,EAAG;YACxDkD,kBAAAA,GAAqB;AAAC,gBAAA;oBAClBxC,IAAAA,EAAMoC,iBAAAA;oBACNqB,KAAAA,EAAO;AACX;AAAE,aAAA;QACN,CAAA,MAAO;AACHjB,YAAAA,kBAAAA,GAAqB,EAAE;AAC3B,QAAA;AACJ,IAAA;;AAGA,IAAA,IAAIuB,eAAAA,GAAkBzB,aAAAA;IACtB,IAAA,CAAIP,gCAAAA,GAAAA,QAAQI,QAAQ,CAACiB,cAAc,MAAA,IAAA,IAA/BrB,gCAAAA,KAAAA,MAAAA,GAAAA,MAAAA,GAAAA,gCAAAA,CAAiC3C,UAAU,EAAE;AAC7C2E,QAAAA,eAAAA,GAAkB9E,mBACdqD,aAAAA,EACAF,iBAAAA,EACAL,OAAAA,CAAQI,QAAQ,CAACiB,cAAc,CAAChE,UAAU,EAC1C2C,QAAQI,QAAQ,CAACiB,cAAc,CAAC/D,gBAAgB,IAAI,EAAE,CAAA;AAE9D,IAAA;;AAGA,IAAA,MAAMwI,cAAcrJ,KAAAA,CAAM;AACtB,QAAA,GAAGuF,eAAe;QAClB7B,eAAAA,EAAiBE,iBAAAA;AACjBG,QAAAA,oBAAAA,EAAsBe,eAAevC,GAAG,CAACwC,CAAAA,GAAAA,GAAOA,IAAIvD,IAAI,CAAA;AACxDwC,QAAAA,kBAAAA,EAAoBA,mBAAmBzB,GAAG,CAACwC,CAAAA,GAAAA,GAAOA,IAAIvD,IAAI;AAC9D,KAAA,CAAA;;IAGA0F,OAAO,CAAC,kBAAkB,GAAG;QACzBjG,KAAAA,EAAO2C,iBAAAA;QACPoD,UAAAA,EAAY,UAAA;AACZ/B,QAAAA,KAAAA,EAAO,EAAC;QACRkC,WAAAA,EAAa;AACjB,KAAA;IAEAD,OAAO,CAAC,uBAAuB,GAAG;AAC9BjG,QAAAA,KAAAA,EAAO6D,eAAevC,GAAG,CAACwC,CAAAA,GAAAA,GAAOA,IAAIvD,IAAI,CAAA;QACzCwF,UAAAA,EAAY,UAAA;AACZ/B,QAAAA,KAAAA,EAAO,EAAC;QACRkC,WAAAA,EAAa;AACjB,KAAA;IAEAD,OAAO,CAAC,qBAAqB,GAAG;AAC5BjG,QAAAA,KAAAA,EAAO+C,mBAAmBzB,GAAG,CAACwC,CAAAA,GAAAA,GAAOA,IAAIvD,IAAI,CAAA;QAC7CwF,UAAAA,EAAY,UAAA;AACZ/B,QAAAA,KAAAA,EAAO,EAAC;QACRkC,WAAAA,EAAa;AACjB,KAAA;;IAGAS,wBAAAA,CAAyByB,WAAAA,EAAanC,SAASpC,cAAAA,EAAgBtB,MAAAA,CAAAA;AACnE;;;;"}

package/dist/security/audit-logger.d.ts

@@ -0,0 +1,135 @@
+import { Logger } from '../types';
+import { SecurityValidationError, SecurityErrorCode, SecurityProfile } from './types';
+/**
+ * Security event types for audit logging.
+ */
+export type SecurityEventType = 'VALIDATION_STARTED' | 'VALIDATION_PASSED' | 'VALIDATION_FAILED' | 'PATH_BLOCKED' | 'NUMERIC_REJECTED' | 'STRING_REJECTED' | 'PROFILE_CHANGED' | 'CONFIG_LOADED' | 'SUSPICIOUS_PATTERN';
+/**
+ * Security event severity levels.
+ */
+export type SecuritySeverity = 'info' | 'warning' | 'error' | 'critical';
+/**
+ * Security audit event.
+ */
+export interface SecurityAuditEvent {
+    /** Event type */
+    type: SecurityEventType;
+    /** Event severity */
+    severity: SecuritySeverity;
+    /** ISO timestamp */
+    timestamp: string;
+    /** Source of the event (cli, config, etc.) */
+    source: string;
+    /** Human-readable message */
+    message: string;
+    /** Structured event details */
+    details: Record<string, unknown>;
+    /** Associated error code if applicable */
+    errorCode?: SecurityErrorCode;
+    /** Request/session ID for correlation */
+    correlationId?: string;
+}
+/**
+ * Audit logger configuration.
+ */
+export interface AuditLoggerConfig {
+    /** Whether audit logging is enabled */
+    enabled: boolean;
+    /** Minimum severity level to log */
+    minSeverity: SecuritySeverity;
+    /** Whether to include sensitive details (sanitized in production) */
+    includeSensitiveDetails: boolean;
+    /** Custom correlation ID generator */
+    correlationIdGenerator?: () => string;
+}
+/**
+ * SecurityAuditLogger provides structured security event logging.
+ */
+export declare class SecurityAuditLogger {
+    private config;
+    private logger?;
+    private correlationId?;
+    private eventBuffer;
+    private maxBufferSize;
+    constructor(logger?: Logger, config?: Partial<AuditLoggerConfig>);
+    /**
+   * Set correlation ID for event grouping.
+   */
+    setCorrelationId(id: string): this;
+    /**
+   * Generate a new correlation ID.
+   */
+    generateCorrelationId(): string;
+    /**
+   * Log validation started.
+   */
+    validationStarted(source: string, fieldCount: number): void;
+    /**
+   * Log validation passed.
+   */
+    validationPassed(source: string, warningCount?: number): void;
+    /**
+   * Log validation failed.
+   */
+    validationFailed(source: string, errors: SecurityValidationError[]): void;
+    /**
+   * Log path blocked.
+   */
+    pathBlocked(path: string, reason: string, source: string, errorCode?: SecurityErrorCode): void;
+    /**
+   * Log numeric value rejected.
+   */
+    numericRejected(field: string, _value: number, reason: string, source: string): void;
+    /**
+   * Log string value rejected.
+   */
+    stringRejected(field: string, reason: string, source: string, errorCode?: SecurityErrorCode): void;
+    /**
+   * Log profile change.
+   */
+    profileChanged(oldProfile: SecurityProfile, newProfile: SecurityProfile): void;
+    /**
+   * Log config loaded.
+   */
+    configLoaded(filePath: string, fieldCount: number): void;
+    /**
+   * Log suspicious pattern detected.
+   */
+    suspiciousPattern(field: string, pattern: string, source: string): void;
+    /**
+   * Get buffered events (for testing/export).
+   */
+    getBufferedEvents(): SecurityAuditEvent[];
+    /**
+   * Clear event buffer.
+   */
+    clearBuffer(): void;
+    /**
+   * Core event logging.
+   */
+    private logEvent;
+    /**
+   * Format event for logging.
+   */
+    private formatLogMessage;
+    /**
+   * Sanitize path for logging (remove sensitive parts).
+   */
+    private sanitizePath;
+    /**
+   * Sanitize errors for logging.
+   */
+    private sanitizeErrors;
+}
+/**
+ * Create an audit logger.
+ */
+export declare function createAuditLogger(logger?: Logger, config?: Partial<AuditLoggerConfig>): SecurityAuditLogger;
+/**
+ * Get the global audit logger.
+ */
+export declare function getAuditLogger(): SecurityAuditLogger;
+/**
+ * Configure the global audit logger.
+ */
+export declare function configureAuditLogger(logger?: Logger, config?: Partial<AuditLoggerConfig>): void;

package/dist/security/cli-validator.d.ts

@@ -0,0 +1,73 @@
+import { z } from 'zod';
+import { SecurityValidationConfig, SecurityValidationResult } from './types';
+/**
+ * Metadata about a CLI option for security validation.
+ */
+export interface CLIOptionSecurityMeta {
+    /** Option name (e.g., '--config-directory') */
+    name: string;
+    /** Type of validation to apply */
+    type: 'path' | 'number' | 'string' | 'enum' | 'boolean';
+    /** Whether this is a path that needs security validation */
+    isPath?: boolean;
+    /** Numeric bounds if type is 'number' */
+    bounds?: {
+        min: number;
+        max: number;
+        integer?: boolean;
+    };
+    /** Pattern if type is 'string' */
+    pattern?: RegExp;
+    /** Allowed values if type is 'enum' */
+    allowedValues?: string[];
+    /** Whether the option is required */
+    required?: boolean;
+}
+/**
+ * CLIValidator provides security validation for Commander.js options.
+ */
+export declare class CLIValidator {
+    private pathGuard;
+    private numericGuard;
+    private stringGuard;
+    private config;
+    private optionMeta;
+    constructor(config?: Partial<SecurityValidationConfig>);
+    /**
+   * Register security metadata for a CLI option.
+   */
+    registerOption(meta: CLIOptionSecurityMeta): this;
+    /**
+   * Register multiple options at once.
+   */
+    registerOptions(metas: CLIOptionSecurityMeta[]): this;
+    /**
+   * Extract security metadata from a Zod schema.
+   * Looks for special markers in the schema to determine validation requirements.
+   */
+    registerFromSchema<T extends z.ZodRawShape>(schema: z.ZodObject<T>, optionMapping?: Record<string, string>): this;
+    /**
+   * Validate all CLI arguments against registered security metadata.
+   */
+    validateArgs(args: Record<string, unknown>): SecurityValidationResult;
+    /**
+   * Validate a single value against its security metadata.
+   */
+    private validateValue;
+    /**
+   * Extract validation metadata from a Zod field schema.
+   */
+    private extractMetaFromZod;
+    /**
+   * Convert camelCase to kebab-case.
+   */
+    private camelToKebab;
+    /**
+   * Convert option name (--config-directory) to arg key (configDirectory).
+   */
+    private optionNameToArgKey;
+}
+/**
+ * Create a CLI validator with the given configuration.
+ */
+export declare function createCLIValidator(config?: Partial<SecurityValidationConfig>): CLIValidator;

package/dist/security/config-validator.d.ts

@@ -0,0 +1,95 @@
+import { z } from 'zod';
+import { SecurityValidationConfig, SecurityValidationResult } from './types';
+/**
+ * Field-level security metadata for config validation.
+ */
+export interface ConfigFieldSecurityMeta {
+    /** Field path in dot notation (e.g., 'api.timeout') */
+    fieldPath: string;
+    /** Type of validation to apply */
+    type: 'path' | 'number' | 'string' | 'enum' | 'array' | 'object';
+    /** Whether this field contains a path */
+    isPath?: boolean;
+    /** Numeric bounds if type is 'number' */
+    bounds?: {
+        min: number;
+        max: number;
+        integer?: boolean;
+    };
+    /** Pattern if type is 'string' */
+    pattern?: RegExp;
+    /** Allowed values if type is 'enum' */
+    allowedValues?: string[];
+    /** Array element validation (recursive) */
+    arrayElementMeta?: Omit<ConfigFieldSecurityMeta, 'fieldPath'>;
+}
+/**
+ * Context about where a config value came from.
+ */
+export interface ConfigValueSource {
+    /** Which config file the value came from */
+    file: string;
+    /** Line number in the file (if available) */
+    line?: number;
+    /** Hierarchical level (0 = most specific) */
+    level: number;
+}
+/**
+ * ConfigValidator provides security validation for configuration file values.
+ */
+export declare class ConfigValidator {
+    private pathGuard;
+    private numericGuard;
+    private stringGuard;
+    private config;
+    private fieldMeta;
+    constructor(config?: Partial<SecurityValidationConfig>);
+    /**
+   * Register security metadata for a config field.
+   */
+    registerField(meta: ConfigFieldSecurityMeta): this;
+    /**
+   * Register multiple fields at once.
+   */
+    registerFields(metas: ConfigFieldSecurityMeta[]): this;
+    /**
+   * Extract security metadata from a Zod schema.
+   */
+    registerFromSchema<T extends z.ZodRawShape>(schema: z.ZodObject<T>): this;
+    /**
+   * Validate a configuration object with source tracking.
+   */
+    validateConfig(config: Record<string, unknown>, sources?: Map<string, ConfigValueSource>): SecurityValidationResult;
+    /**
+   * Validate a single config file's content before merging.
+   */
+    validateSingleFile(content: Record<string, unknown>, filePath: string, level?: number): SecurityValidationResult;
+    /**
+   * Recursively validate an object and its nested values.
+   */
+    private validateObject;
+    /**
+   * Validate a single value against its security metadata.
+   */
+    private validateValue;
+    /**
+   * Check for fields not covered by security metadata.
+   */
+    private checkUnregisteredFields;
+    /**
+   * Walk a Zod schema to extract field metadata.
+   */
+    private walkSchema;
+    /**
+   * Extract field metadata from a Zod schema.
+   */
+    private extractMetaFromZod;
+    /**
+   * Walk an object and call a callback for each field path.
+   */
+    private walkObject;
+}
+/**
+ * Create a config validator with the given configuration.
+ */
+export declare function createConfigValidator(config?: Partial<SecurityValidationConfig>): ConfigValidator;

package/dist/security/defaults.d.ts

@@ -0,0 +1,17 @@
+import { SecurityValidationConfig } from './types';
+/**
+ * Development profile - permissive, warnings instead of errors.
+ */
+export declare const DEVELOPMENT_SECURITY_CONFIG: SecurityValidationConfig;
+/**
+ * Production profile - strict validation, fail on any violation.
+ */
+export declare const PRODUCTION_SECURITY_CONFIG: SecurityValidationConfig;
+/**
+ * Get security configuration for a profile.
+ */
+export declare function getSecurityConfig(profile: 'development' | 'production'): SecurityValidationConfig;
+/**
+ * Merge user config with defaults for a profile.
+ */
+export declare function mergeSecurityConfig(userConfig: Partial<SecurityValidationConfig>, profile?: 'development' | 'production'): SecurityValidationConfig;

package/dist/security/index.d.ts

@@ -0,0 +1,14 @@
+export * from './types';
+export * from './defaults';
+export * from './zod-secure-path';
+export * from './zod-secure-number';
+export * from './zod-secure-string';
+export * from './zod-secure-enum';
+export * from './path-guard';
+export * from './numeric-guard';
+export * from './string-guard';
+export * from './cli-validator';
+export * from './config-validator';
+export * from './security-validator';
+export * from './profiles';
+export * from './audit-logger';

package/dist/security/numeric-guard.d.ts

@@ -0,0 +1,111 @@
+import { NumericSecurityOptions } from './types';
+/**
+ * Common numeric ranges for security-sensitive options.
+ */
+export declare const SAFE_RANGES: {
+    /** Port numbers: 1-65535 */
+    readonly port: {
+        readonly min: 1;
+        readonly max: 65535;
+    };
+    /** Timeout in ms: 0 to 5 minutes */
+    readonly timeout: {
+        readonly min: 0;
+        readonly max: 300000;
+    };
+    /** Retry count: 0-10 */
+    readonly retries: {
+        readonly min: 0;
+        readonly max: 10;
+    };
+    /** Percentage: 0-100 */
+    readonly percentage: {
+        readonly min: 0;
+        readonly max: 100;
+    };
+    /** Concurrency: 1-100 */
+    readonly concurrency: {
+        readonly min: 1;
+        readonly max: 100;
+    };
+    /** Temperature (AI): 0-2 */
+    readonly temperature: {
+        readonly min: 0;
+        readonly max: 2;
+    };
+    /** Max tokens: 1 to 1M */
+    readonly maxTokens: {
+        readonly min: 1;
+        readonly max: 1000000;
+    };
+    /** File size in bytes: 0 to 100MB */
+    readonly fileSize: {
+        readonly min: 0;
+        readonly max: number;
+    };
+    /** Line count: 0 to 1M */
+    readonly lineCount: {
+        readonly min: 0;
+        readonly max: 1000000;
+    };
+};
+/**
+ * NumericGuard provides secure numeric validation with bounds checking.
+ */
+export declare class NumericGuard {
+    private options;
+    constructor(options?: Partial<NumericSecurityOptions>);
+    /**
+   * Validate a numeric value against bounds and edge cases.
+   *
+   * @param value - The value to validate (can be string for CLI parsing)
+   * @param bounds - Min/max bounds for the value
+   * @param fieldName - Field name for error messages
+   * @returns The validated number
+   * @throws Error if validation fails
+   */
+    validate(value: unknown, bounds: {
+        min: number;
+        max: number;
+        integer?: boolean;
+    }, fieldName?: string): number;
+    /**
+   * Validate using a predefined safe range.
+   */
+    validateRange(value: unknown, rangeName: keyof typeof SAFE_RANGES, fieldName?: string): number;
+    /**
+   * Validate with optional default value.
+   */
+    validateWithDefault(value: unknown, bounds: {
+        min: number;
+        max: number;
+        integer?: boolean;
+    }, defaultValue: number, fieldName?: string): number;
+    /**
+   * Parse and validate a CLI numeric argument.
+   */
+    parseCliArg(value: string | undefined, bounds: {
+        min: number;
+        max: number;
+        integer?: boolean;
+        default?: number;
+    }, fieldName: string): number;
+    /**
+   * Validate multiple numeric fields at once.
+   */
+    validateMany(values: Record<string, unknown>, schemas: Record<string, {
+        min: number;
+        max: number;
+        integer?: boolean;
+        optional?: boolean;
+    }>): Record<string, number>;
+    private createError;
+}
+/**
+ * Get the default NumericGuard instance.
+ */
+export declare function getNumericGuard(): NumericGuard;
+/**
+ * Create a new NumericGuard with custom options.
+ */
+export declare function createNumericGuard(options: Partial<NumericSecurityOptions>): NumericGuard;

package/dist/security/path-guard.d.ts

@@ -0,0 +1,53 @@
+import { PathSecurityOptions, SecurityValidationError } from './types';
+/**
+ * PathGuard provides comprehensive path security validation.
+ */
+export declare class PathGuard {
+    private options;
+    private resolvedBaseDirs;
+    constructor(options?: Partial<PathSecurityOptions>);
+    /**
+   * Validate a path for security issues.
+   *
+   * @param inputPath - The path to validate
+   * @param operation - The intended operation (for error messages)
+   * @returns The validated and normalized path
+   * @throws Error if validation fails
+   */
+    validate(inputPath: string, operation?: string): string;
+    /**
+   * Validate a path or throw with security error details.
+   */
+    validateOrThrow(inputPath: string, operation?: string): string;
+    /**
+   * Validate a path and return result without throwing.
+   */
+    validateSafe(inputPath: string): {
+        valid: boolean;
+        path?: string;
+        errors: SecurityValidationError[];
+    };
+    private checkDangerousChars;
+    private checkPathLength;
+    private checkTraversalPatterns;
+    private checkAbsolutePath;
+    private checkTraversalAfterNormalize;
+    private checkHiddenFiles;
+    private checkExtension;
+    private checkBaseDirConstraints;
+    private checkSymlinks;
+    private sanitizeForError;
+    private createError;
+}
+/**
+ * Get the default PathGuard instance.
+ */
+export declare function getPathGuard(): PathGuard;
+/**
+ * Create a new PathGuard with custom options.
+ */
+export declare function createPathGuard(options: Partial<PathSecurityOptions>): PathGuard;
+/**
+ * Configure the default PathGuard instance.
+ */
+export declare function configurePathGuard(options: Partial<PathSecurityOptions>): void;