@vaultcompass/vault-guard-core 1.0.0

package/dist/scanners/pre-commit-hook.js

@@ -0,0 +1,389 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.PreCommitHook = void 0;
+const fs_1 = __importDefault(require("fs"));
+const path_1 = __importDefault(require("path"));
+const child_process_1 = require("child_process");
+const errors_1 = require("../errors");
+/**
+ * Shell hook body for **native** Git hooks (`core.hooksPath` or `.git/hooks`).
+ * Scans **staged files only** — fast and matches what will actually be committed.
+ */
+const NATIVE_HOOK_SCRIPT = `#!/bin/sh
+# vault-guard pre-commit (installed by @vaultcompass/vault-guard)
+set -e
+
+# Re-attach stdin for GUI git clients.
+if [ -t 0 ]; then :; else exec </dev/tty 2>/dev/null || true; fi
+
+if ! command -v vault-guard >/dev/null 2>&1; then
+  echo "❌ vault-guard: command not found (install: npm i -g @vaultcompass/vault-guard)"
+  exit 1
+fi
+
+echo "🔍 vault-guard: scanning staged files..."
+if vault-guard scan --staged; then
+  echo "✅ vault-guard: no secrets in staged files"
+  exit 0
+fi
+
+echo ""
+echo "❌ COMMIT BLOCKED: secrets detected in staged files"
+echo "💡 Fix or unstage, then retry. Emergency bypass (discouraged): git commit --no-verify"
+exit 1
+`;
+/** Husky-friendly hook (sources \`_/husky.sh\` when present). */
+const HUSKY_HOOK_SCRIPT = `#!/usr/bin/env sh
+if [ -f "$(dirname "$0")/_/husky.sh" ]; then
+  . "$(dirname "$0")/_/husky.sh"
+fi
+
+if ! command -v vault-guard >/dev/null 2>&1; then
+  echo "❌ vault-guard: command not found (install: npm i -g @vaultcompass/vault-guard)"
+  exit 1
+fi
+
+echo "🔍 vault-guard: scanning staged files..."
+vault-guard scan --staged || {
+  echo ""
+  echo "❌ COMMIT BLOCKED: secrets detected in staged files"
+  echo "💡 git commit --no-verify to bypass (discouraged)"
+  exit 1
+}
+echo "✅ vault-guard: no secrets in staged files"
+`;
+const LEFTHOOK_LOCAL = `# Merged by Lefthook with lefthook.yml — added by vault-guard install-hook
+pre-commit:
+  commands:
+    vault-guard:
+      run: vault-guard scan --staged
+`;
+const PRE_COMMIT_CONFIG = `# See https://pre-commit.com
+repos:
+  - repo: local
+    hooks:
+      - id: vault-guard
+        name: Vault Guard (staged files)
+        entry: vault-guard scan --staged
+        language: system
+        pass_filenames: false
+`;
+class PreCommitHook {
+    /**
+     * Resolve the directory where Git expects the \`pre-commit\` executable.
+     * Honors \`core.hooksPath\` (local then global). Relative paths are resolved
+     * against the **.git** directory, per Git documentation.
+     */
+    getEffectiveHooksDir(cwd) {
+        const gitDirAbs = this.resolveGitDir(cwd);
+        if (!gitDirAbs) {
+            return { hooksDir: path_1.default.join(cwd, '.git', 'hooks'), viaHooksPath: false };
+        }
+        let hooksPath = '';
+        try {
+            hooksPath = (0, child_process_1.execSync)('git config --get core.hooksPath', {
+                cwd,
+                encoding: 'utf-8',
+                stdio: ['ignore', 'pipe', 'pipe'],
+            }).trim();
+        }
+        catch {
+            hooksPath = '';
+        }
+        if (!hooksPath) {
+            return { hooksDir: path_1.default.join(gitDirAbs, 'hooks'), viaHooksPath: false };
+        }
+        const hooksDir = path_1.default.isAbsolute(hooksPath)
+            ? hooksPath
+            : path_1.default.join(gitDirAbs, hooksPath);
+        return { hooksDir, viaHooksPath: true };
+    }
+    /**
+     * Absolute path to the \`pre-commit\` hook file for the given manager.
+     */
+    getPreCommitHookPath(cwd, manager = 'native') {
+        if (manager === 'husky') {
+            return path_1.default.join(cwd, '.husky', 'pre-commit');
+        }
+        return path_1.default.join(this.getEffectiveHooksDir(cwd).hooksDir, 'pre-commit');
+    }
+    install(options = {}) {
+        const cwd = options.cwd ?? process.cwd();
+        const manager = options.manager ?? 'native';
+        if (!fs_1.default.existsSync(path_1.default.join(cwd, '.git'))) {
+            return { success: false, message: 'Not a git repository' };
+        }
+        switch (manager) {
+            case 'native':
+                return this.installNative(cwd);
+            case 'husky':
+                return this.installHusky(cwd);
+            case 'lefthook':
+                return this.installLefthook(cwd);
+            case 'precommit':
+                return this.installPreCommitFramework(cwd);
+            default:
+                return { success: false, message: `Unknown hook manager: ${String(manager)}` };
+        }
+    }
+    uninstall(options = {}) {
+        const cwd = options.cwd ?? process.cwd();
+        const manager = options.manager ?? 'native';
+        if (!fs_1.default.existsSync(path_1.default.join(cwd, '.git'))) {
+            return { success: false, message: 'Not a git repository' };
+        }
+        switch (manager) {
+            case 'native':
+                return this.uninstallNative(cwd);
+            case 'husky':
+                return this.uninstallHusky(cwd);
+            case 'lefthook':
+                return this.uninstallLefthook(cwd);
+            case 'precommit':
+                return this.uninstallPreCommitFramework(cwd);
+            default:
+                return { success: false, message: `Unknown hook manager: ${String(manager)}` };
+        }
+    }
+    isInstalled(options = {}) {
+        const cwd = options.cwd ?? process.cwd();
+        const manager = options.manager ?? 'native';
+        const hookPath = this.getPreCommitHookPath(cwd, manager);
+        if (!fs_1.default.existsSync(hookPath))
+            return false;
+        const content = fs_1.default.readFileSync(hookPath, 'utf-8');
+        return content.includes('vault-guard') && content.includes('scan --staged');
+    }
+    // -------------------------------------------------------------------------
+    // native (Git hooks / core.hooksPath)
+    // -------------------------------------------------------------------------
+    installNative(cwd) {
+        const { hooksDir, viaHooksPath } = this.getEffectiveHooksDir(cwd);
+        const hookPath = path_1.default.join(hooksDir, 'pre-commit');
+        try {
+            if (!fs_1.default.existsSync(hooksDir)) {
+                fs_1.default.mkdirSync(hooksDir, { recursive: true });
+            }
+            if (fs_1.default.existsSync(hookPath)) {
+                const existing = fs_1.default.readFileSync(hookPath, 'utf-8');
+                if (existing.includes('vault-guard') && existing.includes('scan --staged')) {
+                    return {
+                        success: true,
+                        message: 'Hook already installed',
+                        hookPath,
+                    };
+                }
+            }
+            fs_1.default.writeFileSync(hookPath, NATIVE_HOOK_SCRIPT, { mode: 0o755 });
+            const hint = viaHooksPath
+                ? `Installed to hooksPath: ${hooksDir}`
+                : 'Installed to .git/hooks/pre-commit';
+            return { success: true, message: `Pre-commit hook installed (${hint})`, hookPath };
+        }
+        catch (error) {
+            const hookError = new errors_1.HookError(`Failed to install hook: ${error}`, 'install');
+            return { success: false, message: hookError.message };
+        }
+    }
+    uninstallNative(cwd) {
+        const hookPath = this.getPreCommitHookPath(cwd, 'native');
+        if (!fs_1.default.existsSync(hookPath)) {
+            return { success: true, message: 'No hook to remove' };
+        }
+        const content = fs_1.default.readFileSync(hookPath, 'utf-8');
+        if (!content.includes('vault-guard')) {
+            return { success: true, message: 'No vault-guard hook to remove' };
+        }
+        try {
+            fs_1.default.unlinkSync(hookPath);
+            return { success: true, message: 'Pre-commit hook removed' };
+        }
+        catch (error) {
+            const hookError = new errors_1.HookError(`Failed to remove hook: ${error}`, 'uninstall');
+            return { success: false, message: hookError.message };
+        }
+    }
+    // -------------------------------------------------------------------------
+    // Husky — .husky/pre-commit
+    // -------------------------------------------------------------------------
+    installHusky(cwd) {
+        const huskyDir = path_1.default.join(cwd, '.husky');
+        const hookPath = path_1.default.join(huskyDir, 'pre-commit');
+        try {
+            if (!fs_1.default.existsSync(huskyDir)) {
+                fs_1.default.mkdirSync(huskyDir, { recursive: true });
+            }
+            if (fs_1.default.existsSync(hookPath)) {
+                const existing = fs_1.default.readFileSync(hookPath, 'utf-8');
+                if (existing.includes('vault-guard') && existing.includes('scan --staged')) {
+                    return { success: true, message: 'Husky hook already contains vault-guard', hookPath };
+                }
+                if (existing.includes('# --- vault-guard ---')) {
+                    return { success: true, message: 'Husky hook already contains vault-guard block', hookPath };
+                }
+                fs_1.default.appendFileSync(hookPath, `\n# --- vault-guard ---\nvault-guard scan --staged || {\n  echo "❌ vault-guard blocked commit"\n  exit 1\n}\n`, { encoding: 'utf-8' });
+                return { success: true, message: 'Appended vault-guard to existing .husky/pre-commit', hookPath };
+            }
+            fs_1.default.writeFileSync(hookPath, HUSKY_HOOK_SCRIPT, { mode: 0o755 });
+            return {
+                success: true,
+                message: 'Created .husky/pre-commit (run `npx husky init` first if _/husky.sh is missing)',
+                hookPath,
+            };
+        }
+        catch (error) {
+            const hookError = new errors_1.HookError(`Failed to install Husky hook: ${error}`, 'install');
+            return { success: false, message: hookError.message };
+        }
+    }
+    uninstallHusky(cwd) {
+        const hookPath = path_1.default.join(cwd, '.husky', 'pre-commit');
+        if (!fs_1.default.existsSync(hookPath)) {
+            return { success: true, message: 'No .husky/pre-commit to remove' };
+        }
+        let content = fs_1.default.readFileSync(hookPath, 'utf-8');
+        if (!content.includes('vault-guard')) {
+            return { success: true, message: 'No vault-guard stanza in .husky/pre-commit' };
+        }
+        // Remove appended block if present.
+        content = content.replace(/\n# --- vault-guard ---[\s\S]*$/m, '');
+        // If entire file is only our husky template, delete file.
+        if (!content.includes('vault-guard')) {
+            if (content.trim().length === 0) {
+                fs_1.default.unlinkSync(hookPath);
+                return { success: true, message: 'Removed .husky/pre-commit' };
+            }
+            fs_1.default.writeFileSync(hookPath, content, { mode: 0o755 });
+            return { success: true, message: 'Removed vault-guard stanza from .husky/pre-commit' };
+        }
+        fs_1.default.writeFileSync(hookPath, content, { mode: 0o755 });
+        return { success: true, message: 'Updated .husky/pre-commit (review manually if needed)' };
+    }
+    // -------------------------------------------------------------------------
+    // Lefthook — lefthook-local.yml (merged with lefthook.yml)
+    // -------------------------------------------------------------------------
+    installLefthook(cwd) {
+        const localPath = path_1.default.join(cwd, 'lefthook-local.yml');
+        try {
+            if (fs_1.default.existsSync(localPath)) {
+                const existing = fs_1.default.readFileSync(localPath, 'utf-8');
+                if (existing.includes('vault-guard scan --staged')) {
+                    return { success: true, message: 'lefthook-local.yml already configures vault-guard', hookPath: localPath };
+                }
+                return {
+                    success: false,
+                    message: 'lefthook-local.yml already exists. Add under pre-commit.commands:\n' +
+                        '  vault-guard:\n    run: vault-guard scan --staged\n',
+                };
+            }
+            fs_1.default.writeFileSync(localPath, LEFTHOOK_LOCAL, 'utf-8');
+            return {
+                success: true,
+                message: 'Wrote lefthook-local.yml (merged by Lefthook with lefthook.yml). Run: lefthook install',
+                hookPath: localPath,
+            };
+        }
+        catch (error) {
+            const hookError = new errors_1.HookError(`Failed to write lefthook-local.yml: ${error}`, 'install');
+            return { success: false, message: hookError.message };
+        }
+    }
+    uninstallLefthook(cwd) {
+        const localPath = path_1.default.join(cwd, 'lefthook-local.yml');
+        if (!fs_1.default.existsSync(localPath)) {
+            return { success: true, message: 'No lefthook-local.yml' };
+        }
+        const content = fs_1.default.readFileSync(localPath, 'utf-8');
+        if (!content.includes('vault-guard')) {
+            return { success: true, message: 'lefthook-local.yml does not reference vault-guard' };
+        }
+        // Only remove the file if it is exactly what we wrote (avoid deleting user merges).
+        if (content.replace(/\r\n/g, '\n').trim() !== LEFTHOOK_LOCAL.replace(/\r\n/g, '\n').trim()) {
+            return {
+                success: true,
+                message: 'lefthook-local.yml was edited — remove the vault-guard stanza manually',
+            };
+        }
+        try {
+            fs_1.default.unlinkSync(localPath);
+            return { success: true, message: 'Removed lefthook-local.yml (vault-guard stub)' };
+        }
+        catch (error) {
+            const hookError = new errors_1.HookError(`Failed to remove lefthook-local.yml: ${error}`, 'uninstall');
+            return { success: false, message: hookError.message };
+        }
+    }
+    // -------------------------------------------------------------------------
+    // pre-commit.com framework
+    // -------------------------------------------------------------------------
+    installPreCommitFramework(cwd) {
+        const cfg = path_1.default.join(cwd, '.pre-commit-config.yaml');
+        if (fs_1.default.existsSync(cfg)) {
+            const existing = fs_1.default.readFileSync(cfg, 'utf-8');
+            if (existing.includes('vault-guard') && existing.includes('scan --staged')) {
+                return { success: true, message: '.pre-commit-config.yaml already includes vault-guard', hookPath: cfg };
+            }
+            return {
+                success: false,
+                message: '.pre-commit-config.yaml already exists. Merge manually:\n\n' +
+                    PRE_COMMIT_CONFIG +
+                    '\n(under your existing `repos:` list as an additional item, or combine with `repo: local`)',
+            };
+        }
+        try {
+            fs_1.default.writeFileSync(cfg, PRE_COMMIT_CONFIG, 'utf-8');
+            return {
+                success: true,
+                message: 'Created .pre-commit-config.yaml — run: pre-commit install',
+                hookPath: cfg,
+            };
+        }
+        catch (error) {
+            const hookError = new errors_1.HookError(`Failed to write .pre-commit-config.yaml: ${error}`, 'install');
+            return { success: false, message: hookError.message };
+        }
+    }
+    uninstallPreCommitFramework(cwd) {
+        const cfg = path_1.default.join(cwd, '.pre-commit-config.yaml');
+        if (!fs_1.default.existsSync(cfg)) {
+            return { success: true, message: 'No .pre-commit-config.yaml' };
+        }
+        const content = fs_1.default.readFileSync(cfg, 'utf-8');
+        if (!content.includes('vault-guard')) {
+            return { success: true, message: '.pre-commit-config.yaml does not reference vault-guard' };
+        }
+        // Only delete if we created the minimal file (only our hook).
+        if (content.includes('id: vault-guard') && content.split('\n').length < 25) {
+            try {
+                fs_1.default.unlinkSync(cfg);
+                return { success: true, message: 'Removed .pre-commit-config.yaml (vault-guard-only stub)' };
+            }
+            catch (error) {
+                const hookError = new errors_1.HookError(`Failed to remove config: ${error}`, 'uninstall');
+                return { success: false, message: hookError.message };
+            }
+        }
+        return {
+            success: true,
+            message: 'Edit .pre-commit-config.yaml manually to remove the vault-guard hook entry',
+        };
+    }
+    resolveGitDir(cwd) {
+        try {
+            const rel = (0, child_process_1.execSync)('git rev-parse --git-dir', {
+                cwd,
+                encoding: 'utf-8',
+                stdio: ['ignore', 'pipe', 'pipe'],
+            }).trim();
+            return path_1.default.resolve(cwd, rel);
+        }
+        catch {
+            return null;
+        }
+    }
+}
+exports.PreCommitHook = PreCommitHook;
+//# sourceMappingURL=pre-commit-hook.js.map

package/dist/scanners/pre-commit-hook.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"pre-commit-hook.js","sourceRoot":"","sources":["../../src/scanners/pre-commit-hook.ts"],"names":[],"mappings":";;;;;;AAAA,4CAAoB;AACpB,gDAAwB;AACxB,iDAAyC;AACzC,sCAAsC;AAUtC;;;GAGG;AACH,MAAM,kBAAkB,GAAG;;;;;;;;;;;;;;;;;;;;;;CAsB1B,CAAC;AAEF,iEAAiE;AACjE,MAAM,iBAAiB,GAAG;;;;;;;;;;;;;;;;;;CAkBzB,CAAC;AAEF,MAAM,cAAc,GAAG;;;;;CAKtB,CAAC;AAEF,MAAM,iBAAiB,GAAG;;;;;;;;;CASzB,CAAC;AAEF,MAAa,aAAa;IACxB;;;;OAIG;IACH,oBAAoB,CAAC,GAAW;QAC9B,MAAM,SAAS,GAAG,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,CAAC;QAC1C,IAAI,CAAC,SAAS,EAAE,CAAC;YACf,OAAO,EAAE,QAAQ,EAAE,cAAI,CAAC,IAAI,CAAC,GAAG,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,YAAY,EAAE,KAAK,EAAE,CAAC;QAC5E,CAAC;QAED,IAAI,SAAS,GAAG,EAAE,CAAC;QACnB,IAAI,CAAC;YACH,SAAS,GAAG,IAAA,wBAAQ,EAAC,iCAAiC,EAAE;gBACtD,GAAG;gBACH,QAAQ,EAAE,OAAO;gBACjB,KAAK,EAAE,CAAC,QAAQ,EAAE,MAAM,EAAE,MAAM,CAAC;aAClC,CAAC,CAAC,IAAI,EAAE,CAAC;QACZ,CAAC;QAAC,MAAM,CAAC;YACP,SAAS,GAAG,EAAE,CAAC;QACjB,CAAC;QAED,IAAI,CAAC,SAAS,EAAE,CAAC;YACf,OAAO,EAAE,QAAQ,EAAE,cAAI,CAAC,IAAI,CAAC,SAAS,EAAE,OAAO,CAAC,EAAE,YAAY,EAAE,KAAK,EAAE,CAAC;QAC1E,CAAC;QAED,MAAM,QAAQ,GAAG,cAAI,CAAC,UAAU,CAAC,SAAS,CAAC;YACzC,CAAC,CAAC,SAAS;YACX,CAAC,CAAC,cAAI,CAAC,IAAI,CAAC,SAAS,EAAE,SAAS,CAAC,CAAC;QAEpC,OAAO,EAAE,QAAQ,EAAE,YAAY,EAAE,IAAI,EAAE,CAAC;IAC1C,CAAC;IAED;;OAEG;IACH,oBAAoB,CAAC,GAAW,EAAE,UAAuB,QAAQ;QAC/D,IAAI,OAAO,KAAK,OAAO,EAAE,CAAC;YACxB,OAAO,cAAI,CAAC,IAAI,CAAC,GAAG,EAAE,QAAQ,EAAE,YAAY,CAAC,CAAC;QAChD,CAAC;QACD,OAAO,cAAI,CAAC,IAAI,CAAC,IAAI,CAAC,oBAAoB,CAAC,GAAG,CAAC,CAAC,QAAQ,EAAE,YAAY,CAAC,CAAC;IAC1E,CAAC;IAED,OAAO,CAAC,UAA8B,EAAE;QACtC,MAAM,GAAG,GAAG,OAAO,CAAC,GAAG,IAAI,OAAO,CAAC,GAAG,EAAE,CAAC;QACzC,MAAM,OAAO,GAAG,OAAO,CAAC,OAAO,IAAI,QAAQ,CAAC;QAE5C,IAAI,CAAC,YAAE,CAAC,UAAU,CAAC,cAAI,CAAC,IAAI,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC,EAAE,CAAC;YAC3C,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,OAAO,EAAE,sBAAsB,EAAE,CAAC;QAC7D,CAAC;QAED,QAAQ,OAAO,EAAE,CAAC;YAChB,KAAK,QAAQ;gBACX,OAAO,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,CAAC;YACjC,KAAK,OAAO;gBACV,OAAO,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,CAAC;YAChC,KAAK,UAAU;gBACb,OAAO,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,CAAC;YACnC,KAAK,WAAW;gBACd,OAAO,IAAI,CAAC,yBAAyB,CAAC,GAAG,CAAC,CAAC;YAC7C;gBACE,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,OAAO,EAAE,yBAAyB,MAAM,CAAC,OAAO,CAAC,EAAE,EAAE,CAAC;QACnF,CAAC;IACH,CAAC;IAED,SAAS,CAAC,UAA8B,EAAE;QACxC,MAAM,GAAG,GAAG,OAAO,CAAC,GAAG,IAAI,OAAO,CAAC,GAAG,EAAE,CAAC;QACzC,MAAM,OAAO,GAAG,OAAO,CAAC,OAAO,IAAI,QAAQ,CAAC;QAE5C,IAAI,CAAC,YAAE,CAAC,UAAU,CAAC,cAAI,CAAC,IAAI,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC,EAAE,CAAC;YAC3C,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,OAAO,EAAE,sBAAsB,EAAE,CAAC;QAC7D,CAAC;QAED,QAAQ,OAAO,EAAE,CAAC;YAChB,KAAK,QAAQ;gBACX,OAAO,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,CAAC;YACnC,KAAK,OAAO;gBACV,OAAO,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,CAAC;YAClC,KAAK,UAAU;gBACb,OAAO,IAAI,CAAC,iBAAiB,CAAC,GAAG,CAAC,CAAC;YACrC,KAAK,WAAW;gBACd,OAAO,IAAI,CAAC,2BAA2B,CAAC,GAAG,CAAC,CAAC;YAC/C;gBACE,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,OAAO,EAAE,yBAAyB,MAAM,CAAC,OAAO,CAAC,EAAE,EAAE,CAAC;QACnF,CAAC;IACH,CAAC;IAED,WAAW,CAAC,UAA8B,EAAE;QAC1C,MAAM,GAAG,GAAG,OAAO,CAAC,GAAG,IAAI,OAAO,CAAC,GAAG,EAAE,CAAC;QACzC,MAAM,OAAO,GAAG,OAAO,CAAC,OAAO,IAAI,QAAQ,CAAC;QAC5C,MAAM,QAAQ,GAAG,IAAI,CAAC,oBAAoB,CAAC,GAAG,EAAE,OAAO,CAAC,CAAC;QAEzD,IAAI,CAAC,YAAE,CAAC,UAAU,CAAC,QAAQ,CAAC;YAAE,OAAO,KAAK,CAAC;QAC3C,MAAM,OAAO,GAAG,YAAE,CAAC,YAAY,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;QACnD,OAAO,OAAO,CAAC,QAAQ,CAAC,aAAa,CAAC,IAAI,OAAO,CAAC,QAAQ,CAAC,eAAe,CAAC,CAAC;IAC9E,CAAC;IAED,4EAA4E;IAC5E,sCAAsC;IACtC,4EAA4E;IAEpE,aAAa,CAAC,GAAW;QAC/B,MAAM,EAAE,QAAQ,EAAE,YAAY,EAAE,GAAG,IAAI,CAAC,oBAAoB,CAAC,GAAG,CAAC,CAAC;QAClE,MAAM,QAAQ,GAAG,cAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,YAAY,CAAC,CAAC;QAEnD,IAAI,CAAC;YACH,IAAI,CAAC,YAAE,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;gBAC7B,YAAE,CAAC,SAAS,CAAC,QAAQ,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;YAC9C,CAAC;YAED,IAAI,YAAE,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;gBAC5B,MAAM,QAAQ,GAAG,YAAE,CAAC,YAAY,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;gBACpD,IAAI,QAAQ,CAAC,QAAQ,CAAC,aAAa,CAAC,IAAI,QAAQ,CAAC,QAAQ,CAAC,eAAe,CAAC,EAAE,CAAC;oBAC3E,OAAO;wBACL,OAAO,EAAE,IAAI;wBACb,OAAO,EAAE,wBAAwB;wBACjC,QAAQ;qBACT,CAAC;gBACJ,CAAC;YACH,CAAC;YAED,YAAE,CAAC,aAAa,CAAC,QAAQ,EAAE,kBAAkB,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;YAEhE,MAAM,IAAI,GAAG,YAAY;gBACvB,CAAC,CAAC,2BAA2B,QAAQ,EAAE;gBACvC,CAAC,CAAC,oCAAoC,CAAC;YAEzC,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,8BAA8B,IAAI,GAAG,EAAE,QAAQ,EAAE,CAAC;QACrF,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,SAAS,GAAG,IAAI,kBAAS,CAAC,2BAA2B,KAAK,EAAE,EAAE,SAAS,CAAC,CAAC;YAC/E,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,OAAO,EAAE,SAAS,CAAC,OAAO,EAAE,CAAC;QACxD,CAAC;IACH,CAAC;IAEO,eAAe,CAAC,GAAW;QACjC,MAAM,QAAQ,GAAG,IAAI,CAAC,oBAAoB,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAC;QAE1D,IAAI,CAAC,YAAE,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;YAC7B,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,mBAAmB,EAAE,CAAC;QACzD,CAAC;QAED,MAAM,OAAO,GAAG,YAAE,CAAC,YAAY,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;QACnD,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,aAAa,CAAC,EAAE,CAAC;YACrC,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,+BAA+B,EAAE,CAAC;QACrE,CAAC;QAED,IAAI,CAAC;YACH,YAAE,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC;YACxB,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,yBAAyB,EAAE,CAAC;QAC/D,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,SAAS,GAAG,IAAI,kBAAS,CAAC,0BAA0B,KAAK,EAAE,EAAE,WAAW,CAAC,CAAC;YAChF,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,OAAO,EAAE,SAAS,CAAC,OAAO,EAAE,CAAC;QACxD,CAAC;IACH,CAAC;IAED,4EAA4E;IAC5E,4BAA4B;IAC5B,4EAA4E;IAEpE,YAAY,CAAC,GAAW;QAC9B,MAAM,QAAQ,GAAG,cAAI,CAAC,IAAI,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAC;QAC1C,MAAM,QAAQ,GAAG,cAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,YAAY,CAAC,CAAC;QAEnD,IAAI,CAAC;YACH,IAAI,CAAC,YAAE,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;gBAC7B,YAAE,CAAC,SAAS,CAAC,QAAQ,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;YAC9C,CAAC;YAED,IAAI,YAAE,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;gBAC5B,MAAM,QAAQ,GAAG,YAAE,CAAC,YAAY,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;gBACpD,IAAI,QAAQ,CAAC,QAAQ,CAAC,aAAa,CAAC,IAAI,QAAQ,CAAC,QAAQ,CAAC,eAAe,CAAC,EAAE,CAAC;oBAC3E,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,yCAAyC,EAAE,QAAQ,EAAE,CAAC;gBACzF,CAAC;gBACD,IAAI,QAAQ,CAAC,QAAQ,CAAC,uBAAuB,CAAC,EAAE,CAAC;oBAC/C,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,+CAA+C,EAAE,QAAQ,EAAE,CAAC;gBAC/F,CAAC;gBACD,YAAE,CAAC,cAAc,CACf,QAAQ,EACR,+GAA+G,EAC/G,EAAE,QAAQ,EAAE,OAAO,EAAE,CACtB,CAAC;gBACF,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,oDAAoD,EAAE,QAAQ,EAAE,CAAC;YACpG,CAAC;YAED,YAAE,CAAC,aAAa,CAAC,QAAQ,EAAE,iBAAiB,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;YAC/D,OAAO;gBACL,OAAO,EAAE,IAAI;gBACb,OAAO,EAAE,iFAAiF;gBAC1F,QAAQ;aACT,CAAC;QACJ,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,SAAS,GAAG,IAAI,kBAAS,CAAC,iCAAiC,KAAK,EAAE,EAAE,SAAS,CAAC,CAAC;YACrF,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,OAAO,EAAE,SAAS,CAAC,OAAO,EAAE,CAAC;QACxD,CAAC;IACH,CAAC;IAEO,cAAc,CAAC,GAAW;QAChC,MAAM,QAAQ,GAAG,cAAI,CAAC,IAAI,CAAC,GAAG,EAAE,QAAQ,EAAE,YAAY,CAAC,CAAC;QACxD,IAAI,CAAC,YAAE,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;YAC7B,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,gCAAgC,EAAE,CAAC;QACtE,CAAC;QACD,IAAI,OAAO,GAAG,YAAE,CAAC,YAAY,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;QACjD,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,aAAa,CAAC,EAAE,CAAC;YACrC,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,4CAA4C,EAAE,CAAC;QAClF,CAAC;QACD,oCAAoC;QACpC,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC,kCAAkC,EAAE,EAAE,CAAC,CAAC;QAClE,0DAA0D;QAC1D,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,aAAa,CAAC,EAAE,CAAC;YACrC,IAAI,OAAO,CAAC,IAAI,EAAE,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;gBAChC,YAAE,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC;gBACxB,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,2BAA2B,EAAE,CAAC;YACjE,CAAC;YACD,YAAE,CAAC,aAAa,CAAC,QAAQ,EAAE,OAAO,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;YACrD,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,mDAAmD,EAAE,CAAC;QACzF,CAAC;QACD,YAAE,CAAC,aAAa,CAAC,QAAQ,EAAE,OAAO,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;QACrD,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,uDAAuD,EAAE,CAAC;IAC7F,CAAC;IAED,4EAA4E;IAC5E,2DAA2D;IAC3D,4EAA4E;IAEpE,eAAe,CAAC,GAAW;QACjC,MAAM,SAAS,GAAG,cAAI,CAAC,IAAI,CAAC,GAAG,EAAE,oBAAoB,CAAC,CAAC;QACvD,IAAI,CAAC;YACH,IAAI,YAAE,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;gBAC7B,MAAM,QAAQ,GAAG,YAAE,CAAC,YAAY,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC;gBACrD,IAAI,QAAQ,CAAC,QAAQ,CAAC,2BAA2B,CAAC,EAAE,CAAC;oBACnD,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,mDAAmD,EAAE,QAAQ,EAAE,SAAS,EAAE,CAAC;gBAC9G,CAAC;gBACD,OAAO;oBACL,OAAO,EAAE,KAAK;oBACd,OAAO,EACL,qEAAqE;wBACrE,sDAAsD;iBACzD,CAAC;YACJ,CAAC;YACD,YAAE,CAAC,aAAa,CAAC,SAAS,EAAE,cAAc,EAAE,OAAO,CAAC,CAAC;YACrD,OAAO;gBACL,OAAO,EAAE,IAAI;gBACb,OAAO,EAAE,wFAAwF;gBACjG,QAAQ,EAAE,SAAS;aACpB,CAAC;QACJ,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,SAAS,GAAG,IAAI,kBAAS,CAAC,uCAAuC,KAAK,EAAE,EAAE,SAAS,CAAC,CAAC;YAC3F,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,OAAO,EAAE,SAAS,CAAC,OAAO,EAAE,CAAC;QACxD,CAAC;IACH,CAAC;IAEO,iBAAiB,CAAC,GAAW;QACnC,MAAM,SAAS,GAAG,cAAI,CAAC,IAAI,CAAC,GAAG,EAAE,oBAAoB,CAAC,CAAC;QACvD,IAAI,CAAC,YAAE,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;YAC9B,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,uBAAuB,EAAE,CAAC;QAC7D,CAAC;QACD,MAAM,OAAO,GAAG,YAAE,CAAC,YAAY,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC;QACpD,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,aAAa,CAAC,EAAE,CAAC;YACrC,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,mDAAmD,EAAE,CAAC;QACzF,CAAC;QACD,oFAAoF;QACpF,IAAI,OAAO,CAAC,OAAO,CAAC,OAAO,EAAE,IAAI,CAAC,CAAC,IAAI,EAAE,KAAK,cAAc,CAAC,OAAO,CAAC,OAAO,EAAE,IAAI,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC;YAC3F,OAAO;gBACL,OAAO,EAAE,IAAI;gBACb,OAAO,EAAE,wEAAwE;aAClF,CAAC;QACJ,CAAC;QACD,IAAI,CAAC;YACH,YAAE,CAAC,UAAU,CAAC,SAAS,CAAC,CAAC;YACzB,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,+CAA+C,EAAE,CAAC;QACrF,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,SAAS,GAAG,IAAI,kBAAS,CAAC,wCAAwC,KAAK,EAAE,EAAE,WAAW,CAAC,CAAC;YAC9F,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,OAAO,EAAE,SAAS,CAAC,OAAO,EAAE,CAAC;QACxD,CAAC;IACH,CAAC;IAED,4EAA4E;IAC5E,2BAA2B;IAC3B,4EAA4E;IAEpE,yBAAyB,CAAC,GAAW;QAC3C,MAAM,GAAG,GAAG,cAAI,CAAC,IAAI,CAAC,GAAG,EAAE,yBAAyB,CAAC,CAAC;QACtD,IAAI,YAAE,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;YACvB,MAAM,QAAQ,GAAG,YAAE,CAAC,YAAY,CAAC,GAAG,EAAE,OAAO,CAAC,CAAC;YAC/C,IAAI,QAAQ,CAAC,QAAQ,CAAC,aAAa,CAAC,IAAI,QAAQ,CAAC,QAAQ,CAAC,eAAe,CAAC,EAAE,CAAC;gBAC3E,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,sDAAsD,EAAE,QAAQ,EAAE,GAAG,EAAE,CAAC;YAC3G,CAAC;YACD,OAAO;gBACL,OAAO,EAAE,KAAK;gBACd,OAAO,EACL,6DAA6D;oBAC7D,iBAAiB;oBACjB,4FAA4F;aAC/F,CAAC;QACJ,CAAC;QACD,IAAI,CAAC;YACH,YAAE,CAAC,aAAa,CAAC,GAAG,EAAE,iBAAiB,EAAE,OAAO,CAAC,CAAC;YAClD,OAAO;gBACL,OAAO,EAAE,IAAI;gBACb,OAAO,EAAE,2DAA2D;gBACpE,QAAQ,EAAE,GAAG;aACd,CAAC;QACJ,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,SAAS,GAAG,IAAI,kBAAS,CAAC,4CAA4C,KAAK,EAAE,EAAE,SAAS,CAAC,CAAC;YAChG,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,OAAO,EAAE,SAAS,CAAC,OAAO,EAAE,CAAC;QACxD,CAAC;IACH,CAAC;IAEO,2BAA2B,CAAC,GAAW;QAC7C,MAAM,GAAG,GAAG,cAAI,CAAC,IAAI,CAAC,GAAG,EAAE,yBAAyB,CAAC,CAAC;QACtD,IAAI,CAAC,YAAE,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;YACxB,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,4BAA4B,EAAE,CAAC;QAClE,CAAC;QACD,MAAM,OAAO,GAAG,YAAE,CAAC,YAAY,CAAC,GAAG,EAAE,OAAO,CAAC,CAAC;QAC9C,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,aAAa,CAAC,EAAE,CAAC;YACrC,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,wDAAwD,EAAE,CAAC;QAC9F,CAAC;QACD,8DAA8D;QAC9D,IAAI,OAAO,CAAC,QAAQ,CAAC,iBAAiB,CAAC,IAAI,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,MAAM,GAAG,EAAE,EAAE,CAAC;YAC3E,IAAI,CAAC;gBACH,YAAE,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC;gBACnB,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,yDAAyD,EAAE,CAAC;YAC/F,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,MAAM,SAAS,GAAG,IAAI,kBAAS,CAAC,4BAA4B,KAAK,EAAE,EAAE,WAAW,CAAC,CAAC;gBAClF,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,OAAO,EAAE,SAAS,CAAC,OAAO,EAAE,CAAC;YACxD,CAAC;QACH,CAAC;QACD,OAAO;YACL,OAAO,EAAE,IAAI;YACb,OAAO,EAAE,4EAA4E;SACtF,CAAC;IACJ,CAAC;IAEO,aAAa,CAAC,GAAW;QAC/B,IAAI,CAAC;YACH,MAAM,GAAG,GAAG,IAAA,wBAAQ,EAAC,yBAAyB,EAAE;gBAC9C,GAAG;gBACH,QAAQ,EAAE,OAAO;gBACjB,KAAK,EAAE,CAAC,QAAQ,EAAE,MAAM,EAAE,MAAM,CAAC;aAClC,CAAC,CAAC,IAAI,EAAE,CAAC;YACV,OAAO,cAAI,CAAC,OAAO,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;QAChC,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;CACF;AA1VD,sCA0VC"}

package/dist/scanners/secret-scanner.d.ts

@@ -0,0 +1,99 @@
+import { SecretMatch } from '../types';
+import { VaultGuardConfig } from '../config';
+/**
+ * Read-only metadata for built-in patterns (docs / codegen). Exposes
+ * `RegExp#source` and flags only — not live `RegExp` instances.
+ */
+export interface BuiltinPatternDocEntry {
+    id: string;
+    severity: SecretMatch['severity'];
+    minEntropy?: number;
+    regexSource: string;
+    regexFlags: string;
+}
+/** Stable insertion order of {@link BUILTIN_PATTERNS}. */
+export declare function getBuiltinPatternDocEntries(): BuiltinPatternDocEntry[];
+export declare class SecretScanner {
+    private readonly patterns;
+    private readonly entropyThreshold;
+    constructor(config?: VaultGuardConfig);
+    /**
+     * Rejected `extra_patterns` from the most recent constructor call.
+     *
+     * Callers should surface these to the user (stderr today, structured
+     * `diagnostics[]` channel post Phase 2.2). A non-empty list means the
+     * user's `.vault-guard.json` declared rules that are not active.
+     */
+    readonly extraPatternRejections: Array<{
+        id: string;
+        reason: string;
+        detail: string;
+    }>;
+    /** Number of built-in + extra patterns active after config (severity "off" removes rules). */
+    getActivePatternCount(): number;
+    /**
+     * Scan a file and return deduplicated, ignore-directive-filtered matches.
+     */
+    scan(filePath: string): SecretMatch[];
+    /**
+     * Scan arbitrary UTF-8 text (editor buffer, pasted snippet, MCP payload).
+     * Line numbers and byte offsets are relative to this string.
+     *
+     * Each call uses fresh `RegExp` instances so overlapping `scanContent` work
+     * (e.g. after an `await` in a concurrent worker pool) cannot corrupt
+     * `lastIndex` on shared patterns.
+     */
+    scanContent(content: string): SecretMatch[];
+    /**
+     * Merge matches produced from chunked reads (e.g. line-by-line streaming)
+     * using the same overlap / severity rules as a full-file scan.
+     */
+    mergeChunkedMatches(matches: SecretMatch[]): SecretMatch[];
+    /**
+     * Build an index of line-start byte offsets for O(log n) line lookup.
+     * Index position 0 = start of line 1.
+     */
+    private buildLineIndex;
+    /** Binary-search the line index to return a 1-based line number. */
+    private lineFromIndex;
+    /**
+     * Parse inline ignore directives from file content.
+     *
+     * Supported forms (case-insensitive):
+     *   `// vault-guard: ignore-line`        — ignores that line
+     *   `// vault-guard: ignore-next-line`   — ignores the following line
+     *   `# vault-guard: ignore-line`         — same, for shell/Python/YAML
+     *   `# vault-guard: ignore-next-line`
+     *
+     * Returns a Set of 1-based line numbers to ignore.
+     */
+    private parseIgnoreDirectives;
+    /**
+     * Deduplicate matches by overlapping byte ranges.
+     *
+     * When two matches cover the same (or overlapping) bytes in the file the
+     * more-specific (higher-severity or shorter) match is kept.  This prevents
+     * the same secret from being reported multiple times when several patterns
+     * overlap.
+     */
+    private deduplicateMatches;
+    /**
+     * Redact a matched secret to a low-information identifier.
+     *
+     * Format: `<prefix>…(<length>c)` — e.g. `sk-a…(37c)`.
+     *
+     * Why not show more characters?
+     *   - 4-char prefix is enough to identify vendor (sk-a, sk_l, ghp_, AKIA, …)
+     *     without leaking meaningful entropy of the underlying secret.
+     *   - The exact location is already in `line` / `column`, so users don't
+     *     need a longer fragment to find the match in source.
+     *   - Output of this tool is routinely pasted into PRs, Slack, terminals,
+     *     SARIF uploads, and GitHub Code Scanning — the surface area for
+     *     leakage is large, so we keep the redaction conservative.
+     *
+     * For values shorter than 6 chars (rare; broad patterns enforce ≥20)
+     * we redact entirely to `*…(<length>c)`.
+     */
+    private maskValue;
+}
+//# sourceMappingURL=secret-scanner.d.ts.map

package/dist/scanners/secret-scanner.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"secret-scanner.d.ts","sourceRoot":"","sources":["../../src/scanners/secret-scanner.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,WAAW,EAAE,MAAM,UAAU,CAAC;AACvC,OAAO,EAAE,gBAAgB,EAAE,MAAM,WAAW,CAAC;AAoI7C;;;GAGG;AACH,MAAM,WAAW,sBAAsB;IACrC,EAAE,EAAE,MAAM,CAAC;IACX,QAAQ,EAAE,WAAW,CAAC,UAAU,CAAC,CAAC;IAClC,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,WAAW,EAAE,MAAM,CAAC;IACpB,UAAU,EAAE,MAAM,CAAC;CACpB;AAED,0DAA0D;AAC1D,wBAAgB,2BAA2B,IAAI,sBAAsB,EAAE,CAQtE;AAgBD,qBAAa,aAAa;IACxB,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAA4B;IACrD,OAAO,CAAC,QAAQ,CAAC,gBAAgB,CAAS;gBAE9B,MAAM,CAAC,EAAE,gBAAgB;IA4ErC;;;;;;OAMG;IACH,QAAQ,CAAC,sBAAsB,EAAE,KAAK,CAAC;QACrC,EAAE,EAAE,MAAM,CAAC;QACX,MAAM,EAAE,MAAM,CAAC;QACf,MAAM,EAAE,MAAM,CAAC;KAChB,CAAC,CAAM;IAER,8FAA8F;IAC9F,qBAAqB,IAAI,MAAM;IAI/B;;OAEG;IACH,IAAI,CAAC,QAAQ,EAAE,MAAM,GAAG,WAAW,EAAE;IASrC;;;;;;;OAOG;IACH,WAAW,CAAC,OAAO,EAAE,MAAM,GAAG,WAAW,EAAE;IAkF3C;;;OAGG;IACH,mBAAmB,CAAC,OAAO,EAAE,WAAW,EAAE,GAAG,WAAW,EAAE;IAQ1D;;;OAGG;IACH,OAAO,CAAC,cAAc;IAQtB,oEAAoE;IACpE,OAAO,CAAC,aAAa;IAWrB;;;;;;;;;;OAUG;IACH,OAAO,CAAC,qBAAqB;IAsB7B;;;;;;;OAOG;IACH,OAAO,CAAC,kBAAkB;IA4C1B;;;;;;;;;;;;;;;;OAgBG;IACH,OAAO,CAAC,SAAS;CAQlB"}