@vybestack/llxprt-code-core 0.1.14 → 0.1.16-hotfix1

package/dist/src/utils/secure-browser-launcher.js

@@ -0,0 +1,164 @@
+/**
+ * @license
+ * Copyright 2025 Google LLC
+ * SPDX-License-Identifier: Apache-2.0
+ */
+import { execFile } from 'node:child_process';
+import { promisify } from 'node:util';
+import { platform } from 'node:os';
+import { URL } from 'node:url';
+const execFileAsync = promisify(execFile);
+/**
+ * Validates that a URL is safe to open in a browser.
+ * Only allows HTTP and HTTPS URLs to prevent command injection.
+ *
+ * @param url The URL to validate
+ * @throws Error if the URL is invalid or uses an unsafe protocol
+ */
+function validateUrl(url) {
+    let parsedUrl;
+    try {
+        parsedUrl = new URL(url);
+    }
+    catch (_error) {
+        throw new Error(`Invalid URL: ${url}`);
+    }
+    // Only allow HTTP and HTTPS protocols
+    if (parsedUrl.protocol !== 'http:' && parsedUrl.protocol !== 'https:') {
+        throw new Error(`Unsafe protocol: ${parsedUrl.protocol}. Only HTTP and HTTPS are allowed.`);
+    }
+    // Additional validation: ensure no newlines or control characters
+    // eslint-disable-next-line no-control-regex
+    if (/[\r\n\x00-\x1f]/.test(url)) {
+        throw new Error('URL contains invalid characters');
+    }
+}
+/**
+ * Opens a URL in the default browser using platform-specific commands.
+ * This implementation avoids shell injection vulnerabilities by:
+ * 1. Validating the URL to ensure it's HTTP/HTTPS only
+ * 2. Using execFile instead of exec to avoid shell interpretation
+ * 3. Passing the URL as an argument rather than constructing a command string
+ *
+ * @param url The URL to open
+ * @throws Error if the URL is invalid or if opening the browser fails
+ */
+export async function openBrowserSecurely(url) {
+    // Validate the URL first
+    validateUrl(url);
+    const platformName = platform();
+    let command;
+    let args;
+    switch (platformName) {
+        case 'darwin':
+            // macOS
+            command = 'open';
+            args = [url];
+            break;
+        case 'win32':
+            // Windows - use PowerShell with Start-Process
+            // This avoids the cmd.exe shell which is vulnerable to injection
+            command = 'powershell.exe';
+            args = [
+                '-NoProfile',
+                '-NonInteractive',
+                '-WindowStyle',
+                'Hidden',
+                '-Command',
+                `Start-Process '${url.replace(/'/g, "''")}'`,
+            ];
+            break;
+        case 'linux':
+        case 'freebsd':
+        case 'openbsd':
+            // Linux and BSD variants
+            // Try xdg-open first, fall back to other options
+            command = 'xdg-open';
+            args = [url];
+            break;
+        default:
+            throw new Error(`Unsupported platform: ${platformName}`);
+    }
+    const options = {
+        // Don't inherit parent's environment to avoid potential issues
+        env: {
+            ...process.env,
+            // Ensure we're not in a shell that might interpret special characters
+            SHELL: undefined,
+        },
+        // Detach the browser process so it doesn't block
+        detached: true,
+        stdio: 'ignore',
+    };
+    try {
+        await execFileAsync(command, args, options);
+    }
+    catch (error) {
+        // For Linux, try fallback commands if xdg-open fails
+        if ((platformName === 'linux' ||
+            platformName === 'freebsd' ||
+            platformName === 'openbsd') &&
+            command === 'xdg-open') {
+            const fallbackCommands = [
+                'gnome-open',
+                'kde-open',
+                'firefox',
+                'chromium',
+                'google-chrome',
+            ];
+            for (const fallbackCommand of fallbackCommands) {
+                try {
+                    await execFileAsync(fallbackCommand, [url], options);
+                    return; // Success!
+                }
+                catch {
+                    // Try next command
+                    continue;
+                }
+            }
+        }
+        // Re-throw the error if all attempts failed
+        throw new Error(`Failed to open browser: ${error instanceof Error ? error.message : 'Unknown error'}`);
+    }
+}
+/**
+ * Checks if the current environment should attempt to launch a browser.
+ * This is the same logic as in browser.ts for consistency.
+ *
+ * @returns True if the tool should attempt to launch a browser
+ */
+export function shouldLaunchBrowser() {
+    // A list of browser names that indicate we should not attempt to open a
+    // web browser for the user.
+    const browserBlocklist = ['www-browser'];
+    const browserEnv = process.env.BROWSER;
+    if (browserEnv && browserBlocklist.includes(browserEnv)) {
+        return false;
+    }
+    // Common environment variables used in CI/CD or other non-interactive shells.
+    if (process.env.CI || process.env.DEBIAN_FRONTEND === 'noninteractive') {
+        return false;
+    }
+    // The presence of SSH_CONNECTION indicates a remote session.
+    // We should not attempt to launch a browser unless a display is explicitly available
+    // (checked below for Linux).
+    const isSSH = !!process.env.SSH_CONNECTION;
+    // On Linux, the presence of a display server is a strong indicator of a GUI.
+    if (platform() === 'linux') {
+        // These are environment variables that can indicate a running compositor on Linux.
+        const displayVariables = ['DISPLAY', 'WAYLAND_DISPLAY', 'MIR_SOCKET'];
+        const hasDisplay = displayVariables.some((v) => !!process.env[v]);
+        if (!hasDisplay) {
+            return false;
+        }
+    }
+    // If in an SSH session on a non-Linux OS (e.g., macOS), don't launch browser.
+    // The Linux case is handled above (it's allowed if DISPLAY is set).
+    if (isSSH && platform() !== 'linux') {
+        return false;
+    }
+    // For non-Linux OSes, we generally assume a GUI is available
+    // unless other signals (like SSH) suggest otherwise.
+    return true;
+}
+//# sourceMappingURL=secure-browser-launcher.js.map

package/dist/src/utils/secure-browser-launcher.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"secure-browser-launcher.js","sourceRoot":"","sources":["../../../src/utils/secure-browser-launcher.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,QAAQ,EAAE,MAAM,oBAAoB,CAAC;AAC9C,OAAO,EAAE,SAAS,EAAE,MAAM,WAAW,CAAC;AACtC,OAAO,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAC;AACnC,OAAO,EAAE,GAAG,EAAE,MAAM,UAAU,CAAC;AAE/B,MAAM,aAAa,GAAG,SAAS,CAAC,QAAQ,CAAC,CAAC;AAE1C;;;;;;GAMG;AACH,SAAS,WAAW,CAAC,GAAW;IAC9B,IAAI,SAAc,CAAC;IAEnB,IAAI,CAAC;QACH,SAAS,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC;IAC3B,CAAC;IAAC,OAAO,MAAM,EAAE,CAAC;QAChB,MAAM,IAAI,KAAK,CAAC,gBAAgB,GAAG,EAAE,CAAC,CAAC;IACzC,CAAC;IAED,sCAAsC;IACtC,IAAI,SAAS,CAAC,QAAQ,KAAK,OAAO,IAAI,SAAS,CAAC,QAAQ,KAAK,QAAQ,EAAE,CAAC;QACtE,MAAM,IAAI,KAAK,CACb,oBAAoB,SAAS,CAAC,QAAQ,oCAAoC,CAC3E,CAAC;IACJ,CAAC;IAED,kEAAkE;IAClE,4CAA4C;IAC5C,IAAI,iBAAiB,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC;QAChC,MAAM,IAAI,KAAK,CAAC,iCAAiC,CAAC,CAAC;IACrD,CAAC;AACH,CAAC;AAED;;;;;;;;;GASG;AACH,MAAM,CAAC,KAAK,UAAU,mBAAmB,CAAC,GAAW;IACnD,yBAAyB;IACzB,WAAW,CAAC,GAAG,CAAC,CAAC;IAEjB,MAAM,YAAY,GAAG,QAAQ,EAAE,CAAC;IAChC,IAAI,OAAe,CAAC;IACpB,IAAI,IAAc,CAAC;IAEnB,QAAQ,YAAY,EAAE,CAAC;QACrB,KAAK,QAAQ;YACX,QAAQ;YACR,OAAO,GAAG,MAAM,CAAC;YACjB,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC;YACb,MAAM;QAER,KAAK,OAAO;YACV,8CAA8C;YAC9C,iEAAiE;YACjE,OAAO,GAAG,gBAAgB,CAAC;YAC3B,IAAI,GAAG;gBACL,YAAY;gBACZ,iBAAiB;gBACjB,cAAc;gBACd,QAAQ;gBACR,UAAU;gBACV,kBAAkB,GAAG,CAAC,OAAO,CAAC,IAAI,EAAE,IAAI,CAAC,GAAG;aAC7C,CAAC;YACF,MAAM;QAER,KAAK,OAAO,CAAC;QACb,KAAK,SAAS,CAAC;QACf,KAAK,SAAS;YACZ,yBAAyB;YACzB,iDAAiD;YACjD,OAAO,GAAG,UAAU,CAAC;YACrB,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC;YACb,MAAM;QAER;YACE,MAAM,IAAI,KAAK,CAAC,yBAAyB,YAAY,EAAE,CAAC,CAAC;IAC7D,CAAC;IAED,MAAM,OAAO,GAA4B;QACvC,+DAA+D;QAC/D,GAAG,EAAE;YACH,GAAG,OAAO,CAAC,GAAG;YACd,sEAAsE;YACtE,KAAK,EAAE,SAAS;SACjB;QACD,iDAAiD;QACjD,QAAQ,EAAE,IAAI;QACd,KAAK,EAAE,QAAQ;KAChB,CAAC;IAEF,IAAI,CAAC;QACH,MAAM,aAAa,CAAC,OAAO,EAAE,IAAI,EAAE,OAAO,CAAC,CAAC;IAC9C,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,qDAAqD;QACrD,IACE,CAAC,YAAY,KAAK,OAAO;YACvB,YAAY,KAAK,SAAS;YAC1B,YAAY,KAAK,SAAS,CAAC;YAC7B,OAAO,KAAK,UAAU,EACtB,CAAC;YACD,MAAM,gBAAgB,GAAG;gBACvB,YAAY;gBACZ,UAAU;gBACV,SAAS;gBACT,UAAU;gBACV,eAAe;aAChB,CAAC;YAEF,KAAK,MAAM,eAAe,IAAI,gBAAgB,EAAE,CAAC;gBAC/C,IAAI,CAAC;oBACH,MAAM,aAAa,CAAC,eAAe,EAAE,CAAC,GAAG,CAAC,EAAE,OAAO,CAAC,CAAC;oBACrD,OAAO,CAAC,WAAW;gBACrB,CAAC;gBAAC,MAAM,CAAC;oBACP,mBAAmB;oBACnB,SAAS;gBACX,CAAC;YACH,CAAC;QACH,CAAC;QAED,4CAA4C;QAC5C,MAAM,IAAI,KAAK,CACb,2BAA2B,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe,EAAE,CACtF,CAAC;IACJ,CAAC;AACH,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,mBAAmB;IACjC,wEAAwE;IACxE,4BAA4B;IAC5B,MAAM,gBAAgB,GAAG,CAAC,aAAa,CAAC,CAAC;IACzC,MAAM,UAAU,GAAG,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC;IACvC,IAAI,UAAU,IAAI,gBAAgB,CAAC,QAAQ,CAAC,UAAU,CAAC,EAAE,CAAC;QACxD,OAAO,KAAK,CAAC;IACf,CAAC;IAED,8EAA8E;IAC9E,IAAI,OAAO,CAAC,GAAG,CAAC,EAAE,IAAI,OAAO,CAAC,GAAG,CAAC,eAAe,KAAK,gBAAgB,EAAE,CAAC;QACvE,OAAO,KAAK,CAAC;IACf,CAAC;IAED,6DAA6D;IAC7D,qFAAqF;IACrF,6BAA6B;IAC7B,MAAM,KAAK,GAAG,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC;IAE3C,6EAA6E;IAC7E,IAAI,QAAQ,EAAE,KAAK,OAAO,EAAE,CAAC;QAC3B,mFAAmF;QACnF,MAAM,gBAAgB,GAAG,CAAC,SAAS,EAAE,iBAAiB,EAAE,YAAY,CAAC,CAAC;QACtE,MAAM,UAAU,GAAG,gBAAgB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;QAClE,IAAI,CAAC,UAAU,EAAE,CAAC;YAChB,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;IAED,8EAA8E;IAC9E,oEAAoE;IACpE,IAAI,KAAK,IAAI,QAAQ,EAAE,KAAK,OAAO,EAAE,CAAC;QACpC,OAAO,KAAK,CAAC;IACf,CAAC;IAED,6DAA6D;IAC7D,qDAAqD;IACrD,OAAO,IAAI,CAAC;AACd,CAAC"}

package/dist/src/utils/secure-browser-launcher.test.d.ts

@@ -0,0 +1,6 @@
+/**
+ * @license
+ * Copyright 2025 Google LLC
+ * SPDX-License-Identifier: Apache-2.0
+ */
+export {};

package/dist/src/utils/secure-browser-launcher.test.js

@@ -0,0 +1,149 @@
+/**
+ * @license
+ * Copyright 2025 Google LLC
+ * SPDX-License-Identifier: Apache-2.0
+ */
+import { describe, it, expect, beforeEach, afterEach, vi } from 'vitest';
+import { openBrowserSecurely } from './secure-browser-launcher.js';
+// Create mock function using vi.hoisted
+const mockExecFile = vi.hoisted(() => vi.fn());
+// Mock modules
+vi.mock('node:child_process');
+vi.mock('node:util', () => ({
+    promisify: () => mockExecFile,
+}));
+describe('secure-browser-launcher', () => {
+    let originalPlatform;
+    beforeEach(() => {
+        vi.clearAllMocks();
+        mockExecFile.mockResolvedValue({ stdout: '', stderr: '' });
+        originalPlatform = Object.getOwnPropertyDescriptor(process, 'platform');
+    });
+    afterEach(() => {
+        if (originalPlatform) {
+            Object.defineProperty(process, 'platform', originalPlatform);
+        }
+    });
+    function setPlatform(platform) {
+        Object.defineProperty(process, 'platform', {
+            value: platform,
+            configurable: true,
+        });
+    }
+    describe('URL validation', () => {
+        it('should allow valid HTTP URLs', async () => {
+            setPlatform('darwin');
+            await openBrowserSecurely('http://example.com');
+            expect(mockExecFile).toHaveBeenCalledWith('open', ['http://example.com'], expect.any(Object));
+        });
+        it('should allow valid HTTPS URLs', async () => {
+            setPlatform('darwin');
+            await openBrowserSecurely('https://example.com');
+            expect(mockExecFile).toHaveBeenCalledWith('open', ['https://example.com'], expect.any(Object));
+        });
+        it('should reject non-HTTP(S) protocols', async () => {
+            await expect(openBrowserSecurely('file:///etc/passwd')).rejects.toThrow('Unsafe protocol');
+            await expect(openBrowserSecurely('javascript:alert(1)')).rejects.toThrow('Unsafe protocol');
+            await expect(openBrowserSecurely('ftp://example.com')).rejects.toThrow('Unsafe protocol');
+        });
+        it('should reject invalid URLs', async () => {
+            await expect(openBrowserSecurely('not-a-url')).rejects.toThrow('Invalid URL');
+            await expect(openBrowserSecurely('')).rejects.toThrow('Invalid URL');
+        });
+        it('should reject URLs with control characters', async () => {
+            await expect(openBrowserSecurely('http://example.com\nmalicious-command')).rejects.toThrow('invalid characters');
+            await expect(openBrowserSecurely('http://example.com\rmalicious-command')).rejects.toThrow('invalid characters');
+            await expect(openBrowserSecurely('http://example.com\x00')).rejects.toThrow('invalid characters');
+        });
+    });
+    describe('Command injection prevention', () => {
+        it('should prevent PowerShell command injection on Windows', async () => {
+            setPlatform('win32');
+            // The POC from the vulnerability report
+            const maliciousUrl = "http://127.0.0.1:8080/?param=example#$(Invoke-Expression([System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String('Y2FsYy5leGU='))))";
+            await openBrowserSecurely(maliciousUrl);
+            // Verify that execFile was called (not exec) and the URL is passed safely
+            expect(mockExecFile).toHaveBeenCalledWith('powershell.exe', [
+                '-NoProfile',
+                '-NonInteractive',
+                '-WindowStyle',
+                'Hidden',
+                '-Command',
+                `Start-Process '${maliciousUrl.replace(/'/g, "''")}'`,
+            ], expect.any(Object));
+        });
+        it('should handle URLs with special shell characters safely', async () => {
+            setPlatform('darwin');
+            const urlsWithSpecialChars = [
+                'http://example.com/path?param=value&other=$value',
+                'http://example.com/path#fragment;command',
+                'http://example.com/$(whoami)',
+                'http://example.com/`command`',
+                'http://example.com/|pipe',
+                'http://example.com/>redirect',
+            ];
+            for (const url of urlsWithSpecialChars) {
+                await openBrowserSecurely(url);
+                // Verify the URL is passed as an argument, not interpreted by shell
+                expect(mockExecFile).toHaveBeenCalledWith('open', [url], expect.any(Object));
+            }
+        });
+        it('should properly escape single quotes in URLs on Windows', async () => {
+            setPlatform('win32');
+            const urlWithSingleQuotes = "http://example.com/path?name=O'Brien&test='value'";
+            await openBrowserSecurely(urlWithSingleQuotes);
+            // Verify that single quotes are escaped by doubling them
+            expect(mockExecFile).toHaveBeenCalledWith('powershell.exe', [
+                '-NoProfile',
+                '-NonInteractive',
+                '-WindowStyle',
+                'Hidden',
+                '-Command',
+                `Start-Process 'http://example.com/path?name=O''Brien&test=''value'''`,
+            ], expect.any(Object));
+        });
+    });
+    describe('Platform-specific behavior', () => {
+        it('should use correct command on macOS', async () => {
+            setPlatform('darwin');
+            await openBrowserSecurely('https://example.com');
+            expect(mockExecFile).toHaveBeenCalledWith('open', ['https://example.com'], expect.any(Object));
+        });
+        it('should use PowerShell on Windows', async () => {
+            setPlatform('win32');
+            await openBrowserSecurely('https://example.com');
+            expect(mockExecFile).toHaveBeenCalledWith('powershell.exe', expect.arrayContaining([
+                '-Command',
+                `Start-Process 'https://example.com'`,
+            ]), expect.any(Object));
+        });
+        it('should use xdg-open on Linux', async () => {
+            setPlatform('linux');
+            await openBrowserSecurely('https://example.com');
+            expect(mockExecFile).toHaveBeenCalledWith('xdg-open', ['https://example.com'], expect.any(Object));
+        });
+        it('should throw on unsupported platforms', async () => {
+            setPlatform('aix');
+            await expect(openBrowserSecurely('https://example.com')).rejects.toThrow('Unsupported platform');
+        });
+    });
+    describe('Error handling', () => {
+        it('should handle browser launch failures gracefully', async () => {
+            setPlatform('darwin');
+            mockExecFile.mockRejectedValueOnce(new Error('Command not found'));
+            await expect(openBrowserSecurely('https://example.com')).rejects.toThrow('Failed to open browser');
+        });
+        it('should try fallback browsers on Linux', async () => {
+            setPlatform('linux');
+            // First call to xdg-open fails
+            mockExecFile.mockRejectedValueOnce(new Error('Command not found'));
+            // Second call to gnome-open succeeds
+            mockExecFile.mockResolvedValueOnce({ stdout: '', stderr: '' });
+            await openBrowserSecurely('https://example.com');
+            expect(mockExecFile).toHaveBeenCalledTimes(2);
+            expect(mockExecFile).toHaveBeenNthCalledWith(1, 'xdg-open', ['https://example.com'], expect.any(Object));
+            expect(mockExecFile).toHaveBeenNthCalledWith(2, 'gnome-open', ['https://example.com'], expect.any(Object));
+        });
+    });
+});
+//# sourceMappingURL=secure-browser-launcher.test.js.map

package/dist/src/utils/secure-browser-launcher.test.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"secure-browser-launcher.test.js","sourceRoot":"","sources":["../../../src/utils/secure-browser-launcher.test.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,MAAM,EAAE,UAAU,EAAE,SAAS,EAAE,EAAE,EAAE,MAAM,QAAQ,CAAC;AACzE,OAAO,EAAE,mBAAmB,EAAE,MAAM,8BAA8B,CAAC;AAEnE,wCAAwC;AACxC,MAAM,YAAY,GAAG,EAAE,CAAC,OAAO,CAAC,GAAG,EAAE,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC;AAE/C,eAAe;AACf,EAAE,CAAC,IAAI,CAAC,oBAAoB,CAAC,CAAC;AAC9B,EAAE,CAAC,IAAI,CAAC,WAAW,EAAE,GAAG,EAAE,CAAC,CAAC;IAC1B,SAAS,EAAE,GAAG,EAAE,CAAC,YAAY;CAC9B,CAAC,CAAC,CAAC;AAEJ,QAAQ,CAAC,yBAAyB,EAAE,GAAG,EAAE;IACvC,IAAI,gBAAgD,CAAC;IAErD,UAAU,CAAC,GAAG,EAAE;QACd,EAAE,CAAC,aAAa,EAAE,CAAC;QACnB,YAAY,CAAC,iBAAiB,CAAC,EAAE,MAAM,EAAE,EAAE,EAAE,MAAM,EAAE,EAAE,EAAE,CAAC,CAAC;QAC3D,gBAAgB,GAAG,MAAM,CAAC,wBAAwB,CAAC,OAAO,EAAE,UAAU,CAAC,CAAC;IAC1E,CAAC,CAAC,CAAC;IAEH,SAAS,CAAC,GAAG,EAAE;QACb,IAAI,gBAAgB,EAAE,CAAC;YACrB,MAAM,CAAC,cAAc,CAAC,OAAO,EAAE,UAAU,EAAE,gBAAgB,CAAC,CAAC;QAC/D,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,SAAS,WAAW,CAAC,QAAgB;QACnC,MAAM,CAAC,cAAc,CAAC,OAAO,EAAE,UAAU,EAAE;YACzC,KAAK,EAAE,QAAQ;YACf,YAAY,EAAE,IAAI;SACnB,CAAC,CAAC;IACL,CAAC;IAED,QAAQ,CAAC,gBAAgB,EAAE,GAAG,EAAE;QAC9B,EAAE,CAAC,8BAA8B,EAAE,KAAK,IAAI,EAAE;YAC5C,WAAW,CAAC,QAAQ,CAAC,CAAC;YACtB,MAAM,mBAAmB,CAAC,oBAAoB,CAAC,CAAC;YAChD,MAAM,CAAC,YAAY,CAAC,CAAC,oBAAoB,CACvC,MAAM,EACN,CAAC,oBAAoB,CAAC,EACtB,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,CACnB,CAAC;QACJ,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,+BAA+B,EAAE,KAAK,IAAI,EAAE;YAC7C,WAAW,CAAC,QAAQ,CAAC,CAAC;YACtB,MAAM,mBAAmB,CAAC,qBAAqB,CAAC,CAAC;YACjD,MAAM,CAAC,YAAY,CAAC,CAAC,oBAAoB,CACvC,MAAM,EACN,CAAC,qBAAqB,CAAC,EACvB,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,CACnB,CAAC;QACJ,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,qCAAqC,EAAE,KAAK,IAAI,EAAE;YACnD,MAAM,MAAM,CAAC,mBAAmB,CAAC,oBAAoB,CAAC,CAAC,CAAC,OAAO,CAAC,OAAO,CACrE,iBAAiB,CAClB,CAAC;YACF,MAAM,MAAM,CAAC,mBAAmB,CAAC,qBAAqB,CAAC,CAAC,CAAC,OAAO,CAAC,OAAO,CACtE,iBAAiB,CAClB,CAAC;YACF,MAAM,MAAM,CAAC,mBAAmB,CAAC,mBAAmB,CAAC,CAAC,CAAC,OAAO,CAAC,OAAO,CACpE,iBAAiB,CAClB,CAAC;QACJ,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,4BAA4B,EAAE,KAAK,IAAI,EAAE;YAC1C,MAAM,MAAM,CAAC,mBAAmB,CAAC,WAAW,CAAC,CAAC,CAAC,OAAO,CAAC,OAAO,CAC5D,aAAa,CACd,CAAC;YACF,MAAM,MAAM,CAAC,mBAAmB,CAAC,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,aAAa,CAAC,CAAC;QACvE,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,4CAA4C,EAAE,KAAK,IAAI,EAAE;YAC1D,MAAM,MAAM,CACV,mBAAmB,CAAC,uCAAuC,CAAC,CAC7D,CAAC,OAAO,CAAC,OAAO,CAAC,oBAAoB,CAAC,CAAC;YACxC,MAAM,MAAM,CACV,mBAAmB,CAAC,uCAAuC,CAAC,CAC7D,CAAC,OAAO,CAAC,OAAO,CAAC,oBAAoB,CAAC,CAAC;YACxC,MAAM,MAAM,CACV,mBAAmB,CAAC,wBAAwB,CAAC,CAC9C,CAAC,OAAO,CAAC,OAAO,CAAC,oBAAoB,CAAC,CAAC;QAC1C,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,8BAA8B,EAAE,GAAG,EAAE;QAC5C,EAAE,CAAC,wDAAwD,EAAE,KAAK,IAAI,EAAE;YACtE,WAAW,CAAC,OAAO,CAAC,CAAC;YAErB,wCAAwC;YACxC,MAAM,YAAY,GAChB,uJAAuJ,CAAC;YAE1J,MAAM,mBAAmB,CAAC,YAAY,CAAC,CAAC;YAExC,0EAA0E;YAC1E,MAAM,CAAC,YAAY,CAAC,CAAC,oBAAoB,CACvC,gBAAgB,EAChB;gBACE,YAAY;gBACZ,iBAAiB;gBACjB,cAAc;gBACd,QAAQ;gBACR,UAAU;gBACV,kBAAkB,YAAY,CAAC,OAAO,CAAC,IAAI,EAAE,IAAI,CAAC,GAAG;aACtD,EACD,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,CACnB,CAAC;QACJ,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,yDAAyD,EAAE,KAAK,IAAI,EAAE;YACvE,WAAW,CAAC,QAAQ,CAAC,CAAC;YAEtB,MAAM,oBAAoB,GAAG;gBAC3B,kDAAkD;gBAClD,0CAA0C;gBAC1C,8BAA8B;gBAC9B,8BAA8B;gBAC9B,0BAA0B;gBAC1B,8BAA8B;aAC/B,CAAC;YAEF,KAAK,MAAM,GAAG,IAAI,oBAAoB,EAAE,CAAC;gBACvC,MAAM,mBAAmB,CAAC,GAAG,CAAC,CAAC;gBAC/B,oEAAoE;gBACpE,MAAM,CAAC,YAAY,CAAC,CAAC,oBAAoB,CACvC,MAAM,EACN,CAAC,GAAG,CAAC,EACL,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,CACnB,CAAC;YACJ,CAAC;QACH,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,yDAAyD,EAAE,KAAK,IAAI,EAAE;YACvE,WAAW,CAAC,OAAO,CAAC,CAAC;YAErB,MAAM,mBAAmB,GACvB,mDAAmD,CAAC;YACtD,MAAM,mBAAmB,CAAC,mBAAmB,CAAC,CAAC;YAE/C,yDAAyD;YACzD,MAAM,CAAC,YAAY,CAAC,CAAC,oBAAoB,CACvC,gBAAgB,EAChB;gBACE,YAAY;gBACZ,iBAAiB;gBACjB,cAAc;gBACd,QAAQ;gBACR,UAAU;gBACV,sEAAsE;aACvE,EACD,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,CACnB,CAAC;QACJ,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,4BAA4B,EAAE,GAAG,EAAE;QAC1C,EAAE,CAAC,qCAAqC,EAAE,KAAK,IAAI,EAAE;YACnD,WAAW,CAAC,QAAQ,CAAC,CAAC;YACtB,MAAM,mBAAmB,CAAC,qBAAqB,CAAC,CAAC;YACjD,MAAM,CAAC,YAAY,CAAC,CAAC,oBAAoB,CACvC,MAAM,EACN,CAAC,qBAAqB,CAAC,EACvB,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,CACnB,CAAC;QACJ,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,kCAAkC,EAAE,KAAK,IAAI,EAAE;YAChD,WAAW,CAAC,OAAO,CAAC,CAAC;YACrB,MAAM,mBAAmB,CAAC,qBAAqB,CAAC,CAAC;YACjD,MAAM,CAAC,YAAY,CAAC,CAAC,oBAAoB,CACvC,gBAAgB,EAChB,MAAM,CAAC,eAAe,CAAC;gBACrB,UAAU;gBACV,qCAAqC;aACtC,CAAC,EACF,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,CACnB,CAAC;QACJ,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,8BAA8B,EAAE,KAAK,IAAI,EAAE;YAC5C,WAAW,CAAC,OAAO,CAAC,CAAC;YACrB,MAAM,mBAAmB,CAAC,qBAAqB,CAAC,CAAC;YACjD,MAAM,CAAC,YAAY,CAAC,CAAC,oBAAoB,CACvC,UAAU,EACV,CAAC,qBAAqB,CAAC,EACvB,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,CACnB,CAAC;QACJ,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,uCAAuC,EAAE,KAAK,IAAI,EAAE;YACrD,WAAW,CAAC,KAAK,CAAC,CAAC;YACnB,MAAM,MAAM,CAAC,mBAAmB,CAAC,qBAAqB,CAAC,CAAC,CAAC,OAAO,CAAC,OAAO,CACtE,sBAAsB,CACvB,CAAC;QACJ,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,gBAAgB,EAAE,GAAG,EAAE;QAC9B,EAAE,CAAC,kDAAkD,EAAE,KAAK,IAAI,EAAE;YAChE,WAAW,CAAC,QAAQ,CAAC,CAAC;YACtB,YAAY,CAAC,qBAAqB,CAAC,IAAI,KAAK,CAAC,mBAAmB,CAAC,CAAC,CAAC;YAEnE,MAAM,MAAM,CAAC,mBAAmB,CAAC,qBAAqB,CAAC,CAAC,CAAC,OAAO,CAAC,OAAO,CACtE,wBAAwB,CACzB,CAAC;QACJ,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,uCAAuC,EAAE,KAAK,IAAI,EAAE;YACrD,WAAW,CAAC,OAAO,CAAC,CAAC;YAErB,+BAA+B;YAC/B,YAAY,CAAC,qBAAqB,CAAC,IAAI,KAAK,CAAC,mBAAmB,CAAC,CAAC,CAAC;YACnE,qCAAqC;YACrC,YAAY,CAAC,qBAAqB,CAAC,EAAE,MAAM,EAAE,EAAE,EAAE,MAAM,EAAE,EAAE,EAAE,CAAC,CAAC;YAE/D,MAAM,mBAAmB,CAAC,qBAAqB,CAAC,CAAC;YAEjD,MAAM,CAAC,YAAY,CAAC,CAAC,qBAAqB,CAAC,CAAC,CAAC,CAAC;YAC9C,MAAM,CAAC,YAAY,CAAC,CAAC,uBAAuB,CAC1C,CAAC,EACD,UAAU,EACV,CAAC,qBAAqB,CAAC,EACvB,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,CACnB,CAAC;YACF,MAAM,CAAC,YAAY,CAAC,CAAC,uBAAuB,CAC1C,CAAC,EACD,YAAY,EACZ,CAAC,qBAAqB,CAAC,EACvB,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,CACnB,CAAC;QACJ,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}

package/dist/src/utils/shell-utils.d.ts

@@ -31,12 +31,46 @@ export declare function stripShellWrapper(command: string): string;
  * @returns true if command substitution would be executed by bash
  */
 export declare function detectCommandSubstitution(command: string): boolean;
+/**
+ * Checks a shell command against security policies and allowlists.
+ *
+ * This function operates in one of two modes depending on the presence of
+ * the `sessionAllowlist` parameter:
+ *
+ * 1.  **"Default Deny" Mode (sessionAllowlist is provided):** This is the
+ *     strictest mode, used for user-defined scripts like custom commands.
+ *     A command is only permitted if it is found on the global `coreTools`
+ *     allowlist OR the provided `sessionAllowlist`. It must not be on the
+ *     global `excludeTools` blocklist.
+ *
+ * 2.  **"Default Allow" Mode (sessionAllowlist is NOT provided):** This mode
+ *     is used for direct tool invocations (e.g., by the model). If a strict
+ *     global `coreTools` allowlist exists, commands must be on it. Otherwise,
+ *     any command is permitted as long as it is not on the `excludeTools`
+ *     blocklist.
+ *
+ * @param command The shell command string to validate.
+ * @param config The application configuration.
+ * @param sessionAllowlist A session-level list of approved commands. Its
+ *   presence activates "Default Deny" mode.
+ * @returns An object detailing which commands are not allowed.
+ */
+export declare function checkCommandPermissions(command: string, config: Config, sessionAllowlist?: Set<string>): {
+    allAllowed: boolean;
+    disallowedCommands: string[];
+    blockReason?: string;
+    isHardDenial?: boolean;
+};
 /**
  * Determines whether a given shell command is allowed to execute based on
  * the tool's configuration including allowlists and blocklists.
- * @param command The shell command string to validate
- * @param config The application configuration
- * @returns An object with 'allowed' boolean and optional 'reason' string if not allowed
+ *
+ * This function operates in "default allow" mode. It is a wrapper around
+ * `checkCommandPermissions`.
+ *
+ * @param command The shell command string to validate.
+ * @param config The application configuration.
+ * @returns An object with 'allowed' boolean and optional 'reason' string if not allowed.
  */
 export declare function isCommandAllowed(command: string, config: Config): {
     allowed: boolean;

package/dist/src/utils/shell-utils.js

@@ -157,41 +157,47 @@ export function detectCommandSubstitution(command) {
     return false;
 }
 /**
- * Determines whether a given shell command is allowed to execute based on
- * the tool's configuration including allowlists and blocklists.
- * @param command The shell command string to validate
- * @param config The application configuration
- * @returns An object with 'allowed' boolean and optional 'reason' string if not allowed
+ * Checks a shell command against security policies and allowlists.
+ *
+ * This function operates in one of two modes depending on the presence of
+ * the `sessionAllowlist` parameter:
+ *
+ * 1.  **"Default Deny" Mode (sessionAllowlist is provided):** This is the
+ *     strictest mode, used for user-defined scripts like custom commands.
+ *     A command is only permitted if it is found on the global `coreTools`
+ *     allowlist OR the provided `sessionAllowlist`. It must not be on the
+ *     global `excludeTools` blocklist.
+ *
+ * 2.  **"Default Allow" Mode (sessionAllowlist is NOT provided):** This mode
+ *     is used for direct tool invocations (e.g., by the model). If a strict
+ *     global `coreTools` allowlist exists, commands must be on it. Otherwise,
+ *     any command is permitted as long as it is not on the `excludeTools`
+ *     blocklist.
+ *
+ * @param command The shell command string to validate.
+ * @param config The application configuration.
+ * @param sessionAllowlist A session-level list of approved commands. Its
+ *   presence activates "Default Deny" mode.
+ * @returns An object detailing which commands are not allowed.
  */
-export function isCommandAllowed(command, config) {
-    // 0. Disallow command substitution
-    // Parse the command to check for unquoted/unescaped command substitution
-    const hasCommandSubstitution = detectCommandSubstitution(command);
-    if (hasCommandSubstitution) {
+export function checkCommandPermissions(command, config, sessionAllowlist) {
+    // Disallow command substitution for security.
+    if (detectCommandSubstitution(command)) {
         return {
-            allowed: false,
-            reason: 'Command substitution using $(), <(), or >() is not allowed for security reasons',
+            allAllowed: false,
+            disallowedCommands: [command],
+            blockReason: 'Command substitution using $(), <(), or >() is not allowed for security reasons',
+            isHardDenial: true,
         };
     }
     const SHELL_TOOL_NAMES = ['run_shell_command', 'ShellTool'];
     const normalize = (cmd) => cmd.trim().replace(/\s+/g, ' ');
-    /**
-     * Checks if a command string starts with a given prefix, ensuring it's a
-     * whole word match (i.e., followed by a space or it's an exact match).
-     * e.g., `isPrefixedBy('npm install', 'npm')` -> true
-     * e.g., `isPrefixedBy('npm', 'npm')` -> true
-     * e.g., `isPrefixedBy('npminstall', 'npm')` -> false
-     */
     const isPrefixedBy = (cmd, prefix) => {
         if (!cmd.startsWith(prefix)) {
             return false;
         }
         return cmd.length === prefix.length || cmd[prefix.length] === ' ';
     };
-    /**
-     * Extracts and normalizes shell commands from a list of tool strings.
-     * e.g., 'ShellTool("ls -l")' becomes 'ls -l'
-     */
     const extractCommands = (tools) => tools.flatMap((tool) => {
         for (const toolName of SHELL_TOOL_NAMES) {
             if (tool.startsWith(`${toolName}(`) && tool.endsWith(')')) {
@@ -202,42 +208,99 @@ export function isCommandAllowed(command, config) {
     });
     const coreTools = config.getCoreTools() || [];
     const excludeTools = config.getExcludeTools() || [];
-    // 1. Check if the shell tool is globally disabled.
+    const commandsToValidate = splitCommands(command).map(normalize);
+    // 1. Blocklist Check (Highest Priority)
     if (SHELL_TOOL_NAMES.some((name) => excludeTools.includes(name))) {
         return {
-            allowed: false,
-            reason: 'Shell tool is globally disabled in configuration',
+            allAllowed: false,
+            disallowedCommands: commandsToValidate,
+            blockReason: 'Shell tool is globally disabled in configuration',
+            isHardDenial: true,
         };
     }
-    const blockedCommands = new Set(extractCommands(excludeTools));
-    const allowedCommands = new Set(extractCommands(coreTools));
-    const hasSpecificAllowedCommands = allowedCommands.size > 0;
-    const isWildcardAllowed = SHELL_TOOL_NAMES.some((name) => coreTools.includes(name));
-    const commandsToValidate = splitCommands(command).map(normalize);
-    const blockedCommandsArr = [...blockedCommands];
+    const blockedCommands = extractCommands(excludeTools);
     for (const cmd of commandsToValidate) {
-        // 2. Check if the command is on the blocklist.
-        const isBlocked = blockedCommandsArr.some((blocked) => isPrefixedBy(cmd, blocked));
-        if (isBlocked) {
+        if (blockedCommands.some((blocked) => isPrefixedBy(cmd, blocked))) {
+            return {
+                allAllowed: false,
+                disallowedCommands: [cmd],
+                blockReason: `Command '${cmd}' is blocked by configuration`,
+                isHardDenial: true,
+            };
+        }
+    }
+    const globallyAllowedCommands = extractCommands(coreTools);
+    const isWildcardAllowed = SHELL_TOOL_NAMES.some((name) => coreTools.includes(name));
+    // If there's a global wildcard, all commands are allowed at this point
+    // because they have already passed the blocklist check.
+    if (isWildcardAllowed) {
+        return { allAllowed: true, disallowedCommands: [] };
+    }
+    if (sessionAllowlist) {
+        // "DEFAULT DENY" MODE: A session allowlist is provided.
+        // All commands must be in either the session or global allowlist.
+        const disallowedCommands = [];
+        for (const cmd of commandsToValidate) {
+            const isSessionAllowed = [...sessionAllowlist].some((allowed) => isPrefixedBy(cmd, normalize(allowed)));
+            if (isSessionAllowed)
+                continue;
+            const isGloballyAllowed = globallyAllowedCommands.some((allowed) => isPrefixedBy(cmd, allowed));
+            if (isGloballyAllowed)
+                continue;
+            disallowedCommands.push(cmd);
+        }
+        if (disallowedCommands.length > 0) {
             return {
-                allowed: false,
-                reason: `Command '${cmd}' is blocked by configuration`,
+                allAllowed: false,
+                disallowedCommands,
+                blockReason: `Command(s) not on the global or session allowlist.`,
+                isHardDenial: false, // This is a soft denial; confirmation is possible.
             };
         }
-        // 3. If in strict allow-list mode, check if the command is permitted.
-        const isStrictAllowlist = hasSpecificAllowedCommands && !isWildcardAllowed;
-        const allowedCommandsArr = [...allowedCommands];
-        if (isStrictAllowlist) {
-            const isAllowed = allowedCommandsArr.some((allowed) => isPrefixedBy(cmd, allowed));
-            if (!isAllowed) {
+    }
+    else {
+        // "DEFAULT ALLOW" MODE: No session allowlist.
+        const hasSpecificAllowedCommands = globallyAllowedCommands.length > 0;
+        if (hasSpecificAllowedCommands) {
+            const disallowedCommands = [];
+            for (const cmd of commandsToValidate) {
+                const isGloballyAllowed = globallyAllowedCommands.some((allowed) => isPrefixedBy(cmd, allowed));
+                if (!isGloballyAllowed) {
+                    disallowedCommands.push(cmd);
+                }
+            }
+            if (disallowedCommands.length > 0) {
                 return {
-                    allowed: false,
-                    reason: `Command '${cmd}' is not in the allowed commands list`,
+                    allAllowed: false,
+                    disallowedCommands,
+                    blockReason: `Command(s) not in the allowed commands list.`,
+                    isHardDenial: false, // This is a soft denial.
                 };
             }
         }
+        // If no specific global allowlist exists, and it passed the blocklist,
+        // the command is allowed by default.
+    }
+    // If all checks for the current mode pass, the command is allowed.
+    return { allAllowed: true, disallowedCommands: [] };
+}
+/**
+ * Determines whether a given shell command is allowed to execute based on
+ * the tool's configuration including allowlists and blocklists.
+ *
+ * This function operates in "default allow" mode. It is a wrapper around
+ * `checkCommandPermissions`.
+ *
+ * @param command The shell command string to validate.
+ * @param config The application configuration.
+ * @returns An object with 'allowed' boolean and optional 'reason' string if not allowed.
+ */
+export function isCommandAllowed(command, config) {
+    // By not providing a sessionAllowlist, we invoke "default allow" behavior.
+    const { allAllowed, blockReason } = checkCommandPermissions(command, config);
+    if (allAllowed) {
+        return { allowed: true };
     }
-    // 4. If all checks pass, the command is allowed.
-    return { allowed: true };
+    return { allowed: false, reason: blockReason };
 }
 //# sourceMappingURL=shell-utils.js.map

package/dist/src/utils/shell-utils.js.map

@@ -1 +1 @@
-{"version":3,"file":"shell-utils.js","sourceRoot":"","sources":["../../../src/utils/shell-utils.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAIH;;;;;GAKG;AACH,MAAM,UAAU,aAAa,CAAC,OAAe;IAC3C,MAAM,QAAQ,GAAa,EAAE,CAAC;IAC9B,IAAI,cAAc,GAAG,EAAE,CAAC;IACxB,IAAI,cAAc,GAAG,KAAK,CAAC;IAC3B,IAAI,cAAc,GAAG,KAAK,CAAC;IAC3B,IAAI,CAAC,GAAG,CAAC,CAAC;IAEV,OAAO,CAAC,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC;QAC1B,MAAM,IAAI,GAAG,OAAO,CAAC,CAAC,CAAC,CAAC;QACxB,MAAM,QAAQ,GAAG,OAAO,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;QAEhC,IAAI,IAAI,KAAK,IAAI,IAAI,CAAC,GAAG,OAAO,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC5C,cAAc,IAAI,IAAI,GAAG,OAAO,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;YACxC,CAAC,IAAI,CAAC,CAAC;YACP,SAAS;QACX,CAAC;QAED,IAAI,IAAI,KAAK,GAAG,IAAI,CAAC,cAAc,EAAE,CAAC;YACpC,cAAc,GAAG,CAAC,cAAc,CAAC;QACnC,CAAC;aAAM,IAAI,IAAI,KAAK,GAAG,IAAI,CAAC,cAAc,EAAE,CAAC;YAC3C,cAAc,GAAG,CAAC,cAAc,CAAC;QACnC,CAAC;QAED,IAAI,CAAC,cAAc,IAAI,CAAC,cAAc,EAAE,CAAC;YACvC,IACE,CAAC,IAAI,KAAK,GAAG,IAAI,QAAQ,KAAK,GAAG,CAAC;gBAClC,CAAC,IAAI,KAAK,GAAG,IAAI,QAAQ,KAAK,GAAG,CAAC,EAClC,CAAC;gBACD,QAAQ,CAAC,IAAI,CAAC,cAAc,CAAC,IAAI,EAAE,CAAC,CAAC;gBACrC,cAAc,GAAG,EAAE,CAAC;gBACpB,CAAC,EAAE,CAAC,CAAC,0BAA0B;YACjC,CAAC;iBAAM,IAAI,IAAI,KAAK,GAAG,IAAI,IAAI,KAAK,GAAG,IAAI,IAAI,KAAK,GAAG,EAAE,CAAC;gBACxD,QAAQ,CAAC,IAAI,CAAC,cAAc,CAAC,IAAI,EAAE,CAAC,CAAC;gBACrC,cAAc,GAAG,EAAE,CAAC;YACtB,CAAC;iBAAM,CAAC;gBACN,cAAc,IAAI,IAAI,CAAC;YACzB,CAAC;QACH,CAAC;aAAM,CAAC;YACN,cAAc,IAAI,IAAI,CAAC;QACzB,CAAC;QACD,CAAC,EAAE,CAAC;IACN,CAAC;IAED,IAAI,cAAc,CAAC,IAAI,EAAE,EAAE,CAAC;QAC1B,QAAQ,CAAC,IAAI,CAAC,cAAc,CAAC,IAAI,EAAE,CAAC,CAAC;IACvC,CAAC;IAED,OAAO,QAAQ,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,+BAA+B;AAClE,CAAC;AAED;;;;;;;GAOG;AACH,MAAM,UAAU,cAAc,CAAC,OAAe;IAC5C,MAAM,cAAc,GAAG,OAAO,CAAC,IAAI,EAAE,CAAC;IACtC,IAAI,CAAC,cAAc,EAAE,CAAC;QACpB,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,gEAAgE;IAChE,qEAAqE;IACrE,yCAAyC;IACzC,MAAM,KAAK,GAAG,cAAc,CAAC,KAAK,CAAC,8BAA8B,CAAC,CAAC;IACnE,IAAI,KAAK,EAAE,CAAC;QACV,0DAA0D;QAC1D,kDAAkD;QAClD,0DAA0D;QAC1D,MAAM,WAAW,GAAG,KAAK,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,CAAC,CAAC,CAAC;QACrD,IAAI,WAAW,EAAE,CAAC;YAChB,uDAAuD;YACvD,OAAO,WAAW,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,GAAG,EAAE,CAAC;QAC1C,CAAC;IACH,CAAC;IAED,OAAO,SAAS,CAAC;AACnB,CAAC;AAED,MAAM,UAAU,eAAe,CAAC,OAAe;IAC7C,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,OAAO,EAAE,CAAC;IACZ,CAAC;IACD,OAAO,aAAa,CAAC,OAAO,CAAC;SAC1B,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,cAAc,CAAC,CAAC,CAAC,CAAC;SAC7B,MAAM,CAAC,CAAC,CAAC,EAAe,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;AACrC,CAAC;AAED,MAAM,UAAU,iBAAiB,CAAC,OAAe;IAC/C,MAAM,OAAO,GAAG,6CAA6C,CAAC;IAC9D,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;IACrC,IAAI,KAAK,EAAE,CAAC;QACV,IAAI,UAAU,GAAG,OAAO,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,IAAI,EAAE,CAAC;QAC3D,IACE,CAAC,UAAU,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,UAAU,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC;YACxD,CAAC,UAAU,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,UAAU,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,EACxD,CAAC;YACD,UAAU,GAAG,UAAU,CAAC,SAAS,CAAC,CAAC,EAAE,UAAU,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;QAC9D,CAAC;QACD,OAAO,UAAU,CAAC;IACpB,CAAC;IACD,OAAO,OAAO,CAAC,IAAI,EAAE,CAAC;AACxB,CAAC;AAED;;;;;;;GAOG;AACH,MAAM,UAAU,yBAAyB,CAAC,OAAe;IACvD,IAAI,cAAc,GAAG,KAAK,CAAC;IAC3B,IAAI,cAAc,GAAG,KAAK,CAAC;IAC3B,IAAI,WAAW,GAAG,KAAK,CAAC;IACxB,IAAI,CAAC,GAAG,CAAC,CAAC;IAEV,OAAO,CAAC,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC;QAC1B,MAAM,IAAI,GAAG,OAAO,CAAC,CAAC,CAAC,CAAC;QACxB,MAAM,QAAQ,GAAG,OAAO,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;QAEhC,qDAAqD;QACrD,IAAI,IAAI,KAAK,IAAI,IAAI,CAAC,cAAc,EAAE,CAAC;YACrC,CAAC,IAAI,CAAC,CAAC,CAAC,6BAA6B;YACrC,SAAS;QACX,CAAC;QAED,6BAA6B;QAC7B,IAAI,IAAI,KAAK,GAAG,IAAI,CAAC,cAAc,IAAI,CAAC,WAAW,EAAE,CAAC;YACpD,cAAc,GAAG,CAAC,cAAc,CAAC;QACnC,CAAC;aAAM,IAAI,IAAI,KAAK,GAAG,IAAI,CAAC,cAAc,IAAI,CAAC,WAAW,EAAE,CAAC;YAC3D,cAAc,GAAG,CAAC,cAAc,CAAC;QACnC,CAAC;aAAM,IAAI,IAAI,KAAK,GAAG,IAAI,CAAC,cAAc,EAAE,CAAC;YAC3C,oEAAoE;YACpE,WAAW,GAAG,CAAC,WAAW,CAAC;QAC7B,CAAC;QAED,iEAAiE;QACjE,IAAI,CAAC,cAAc,EAAE,CAAC;YACpB,oEAAoE;YACpE,IAAI,IAAI,KAAK,GAAG,IAAI,QAAQ,KAAK,GAAG,EAAE,CAAC;gBACrC,OAAO,IAAI,CAAC;YACd,CAAC;YAED,2EAA2E;YAC3E,IAAI,IAAI,KAAK,GAAG,IAAI,QAAQ,KAAK,GAAG,IAAI,CAAC,cAAc,IAAI,CAAC,WAAW,EAAE,CAAC;gBACxE,OAAO,IAAI,CAAC;YACd,CAAC;YAED,6DAA6D;YAC7D,iFAAiF;YACjF,IAAI,IAAI,KAAK,GAAG,IAAI,CAAC,WAAW,EAAE,CAAC;gBACjC,OAAO,IAAI,CAAC;YACd,CAAC;QACH,CAAC;QAED,CAAC,EAAE,CAAC;IACN,CAAC;IAED,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,gBAAgB,CAC9B,OAAe,EACf,MAAc;IAEd,mCAAmC;IACnC,yEAAyE;IACzE,MAAM,sBAAsB,GAAG,yBAAyB,CAAC,OAAO,CAAC,CAAC;IAClE,IAAI,sBAAsB,EAAE,CAAC;QAC3B,OAAO;YACL,OAAO,EAAE,KAAK;YACd,MAAM,EACJ,iFAAiF;SACpF,CAAC;IACJ,CAAC;IAED,MAAM,gBAAgB,GAAG,CAAC,mBAAmB,EAAE,WAAW,CAAC,CAAC;IAE5D,MAAM,SAAS,GAAG,CAAC,GAAW,EAAU,EAAE,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC,OAAO,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;IAE3E;;;;;;OAMG;IACH,MAAM,YAAY,GAAG,CAAC,GAAW,EAAE,MAAc,EAAW,EAAE;QAC5D,IAAI,CAAC,GAAG,CAAC,UAAU,CAAC,MAAM,CAAC,EAAE,CAAC;YAC5B,OAAO,KAAK,CAAC;QACf,CAAC;QACD,OAAO,GAAG,CAAC,MAAM,KAAK,MAAM,CAAC,MAAM,IAAI,GAAG,CAAC,MAAM,CAAC,MAAM,CAAC,KAAK,GAAG,CAAC;IACpE,CAAC,CAAC;IAEF;;;OAGG;IACH,MAAM,eAAe,GAAG,CAAC,KAAe,EAAY,EAAE,CACpD,KAAK,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,EAAE;QACrB,KAAK,MAAM,QAAQ,IAAI,gBAAgB,EAAE,CAAC;YACxC,IAAI,IAAI,CAAC,UAAU,CAAC,GAAG,QAAQ,GAAG,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;gBAC1D,OAAO,CAAC,SAAS,CAAC,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;YAC1D,CAAC;QACH,CAAC;QACD,OAAO,EAAE,CAAC;IACZ,CAAC,CAAC,CAAC;IAEL,MAAM,SAAS,GAAG,MAAM,CAAC,YAAY,EAAE,IAAI,EAAE,CAAC;IAC9C,MAAM,YAAY,GAAG,MAAM,CAAC,eAAe,EAAE,IAAI,EAAE,CAAC;IAEpD,mDAAmD;IACnD,IAAI,gBAAgB,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,YAAY,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,EAAE,CAAC;QACjE,OAAO;YACL,OAAO,EAAE,KAAK;YACd,MAAM,EAAE,kDAAkD;SAC3D,CAAC;IACJ,CAAC;IAED,MAAM,eAAe,GAAG,IAAI,GAAG,CAAC,eAAe,CAAC,YAAY,CAAC,CAAC,CAAC;IAC/D,MAAM,eAAe,GAAG,IAAI,GAAG,CAAC,eAAe,CAAC,SAAS,CAAC,CAAC,CAAC;IAE5D,MAAM,0BAA0B,GAAG,eAAe,CAAC,IAAI,GAAG,CAAC,CAAC;IAC5D,MAAM,iBAAiB,GAAG,gBAAgB,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,EAAE,CACvD,SAAS,CAAC,QAAQ,CAAC,IAAI,CAAC,CACzB,CAAC;IAEF,MAAM,kBAAkB,GAAG,aAAa,CAAC,OAAO,CAAC,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;IAEjE,MAAM,kBAAkB,GAAG,CAAC,GAAG,eAAe,CAAC,CAAC;IAEhD,KAAK,MAAM,GAAG,IAAI,kBAAkB,EAAE,CAAC;QACrC,+CAA+C;QAC/C,MAAM,SAAS,GAAG,kBAAkB,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,EAAE,CACpD,YAAY,CAAC,GAAG,EAAE,OAAO,CAAC,CAC3B,CAAC;QACF,IAAI,SAAS,EAAE,CAAC;YACd,OAAO;gBACL,OAAO,EAAE,KAAK;gBACd,MAAM,EAAE,YAAY,GAAG,+BAA+B;aACvD,CAAC;QACJ,CAAC;QAED,sEAAsE;QACtE,MAAM,iBAAiB,GAAG,0BAA0B,IAAI,CAAC,iBAAiB,CAAC;QAC3E,MAAM,kBAAkB,GAAG,CAAC,GAAG,eAAe,CAAC,CAAC;QAChD,IAAI,iBAAiB,EAAE,CAAC;YACtB,MAAM,SAAS,GAAG,kBAAkB,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,EAAE,CACpD,YAAY,CAAC,GAAG,EAAE,OAAO,CAAC,CAC3B,CAAC;YACF,IAAI,CAAC,SAAS,EAAE,CAAC;gBACf,OAAO;oBACL,OAAO,EAAE,KAAK;oBACd,MAAM,EAAE,YAAY,GAAG,uCAAuC;iBAC/D,CAAC;YACJ,CAAC;QACH,CAAC;IACH,CAAC;IAED,iDAAiD;IACjD,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;AAC3B,CAAC"}
+{"version":3,"file":"shell-utils.js","sourceRoot":"","sources":["../../../src/utils/shell-utils.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAIH;;;;;GAKG;AACH,MAAM,UAAU,aAAa,CAAC,OAAe;IAC3C,MAAM,QAAQ,GAAa,EAAE,CAAC;IAC9B,IAAI,cAAc,GAAG,EAAE,CAAC;IACxB,IAAI,cAAc,GAAG,KAAK,CAAC;IAC3B,IAAI,cAAc,GAAG,KAAK,CAAC;IAC3B,IAAI,CAAC,GAAG,CAAC,CAAC;IAEV,OAAO,CAAC,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC;QAC1B,MAAM,IAAI,GAAG,OAAO,CAAC,CAAC,CAAC,CAAC;QACxB,MAAM,QAAQ,GAAG,OAAO,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;QAEhC,IAAI,IAAI,KAAK,IAAI,IAAI,CAAC,GAAG,OAAO,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC5C,cAAc,IAAI,IAAI,GAAG,OAAO,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;YACxC,CAAC,IAAI,CAAC,CAAC;YACP,SAAS;QACX,CAAC;QAED,IAAI,IAAI,KAAK,GAAG,IAAI,CAAC,cAAc,EAAE,CAAC;YACpC,cAAc,GAAG,CAAC,cAAc,CAAC;QACnC,CAAC;aAAM,IAAI,IAAI,KAAK,GAAG,IAAI,CAAC,cAAc,EAAE,CAAC;YAC3C,cAAc,GAAG,CAAC,cAAc,CAAC;QACnC,CAAC;QAED,IAAI,CAAC,cAAc,IAAI,CAAC,cAAc,EAAE,CAAC;YACvC,IACE,CAAC,IAAI,KAAK,GAAG,IAAI,QAAQ,KAAK,GAAG,CAAC;gBAClC,CAAC,IAAI,KAAK,GAAG,IAAI,QAAQ,KAAK,GAAG,CAAC,EAClC,CAAC;gBACD,QAAQ,CAAC,IAAI,CAAC,cAAc,CAAC,IAAI,EAAE,CAAC,CAAC;gBACrC,cAAc,GAAG,EAAE,CAAC;gBACpB,CAAC,EAAE,CAAC,CAAC,0BAA0B;YACjC,CAAC;iBAAM,IAAI,IAAI,KAAK,GAAG,IAAI,IAAI,KAAK,GAAG,IAAI,IAAI,KAAK,GAAG,EAAE,CAAC;gBACxD,QAAQ,CAAC,IAAI,CAAC,cAAc,CAAC,IAAI,EAAE,CAAC,CAAC;gBACrC,cAAc,GAAG,EAAE,CAAC;YACtB,CAAC;iBAAM,CAAC;gBACN,cAAc,IAAI,IAAI,CAAC;YACzB,CAAC;QACH,CAAC;aAAM,CAAC;YACN,cAAc,IAAI,IAAI,CAAC;QACzB,CAAC;QACD,CAAC,EAAE,CAAC;IACN,CAAC;IAED,IAAI,cAAc,CAAC,IAAI,EAAE,EAAE,CAAC;QAC1B,QAAQ,CAAC,IAAI,CAAC,cAAc,CAAC,IAAI,EAAE,CAAC,CAAC;IACvC,CAAC;IAED,OAAO,QAAQ,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,+BAA+B;AAClE,CAAC;AAED;;;;;;;GAOG;AACH,MAAM,UAAU,cAAc,CAAC,OAAe;IAC5C,MAAM,cAAc,GAAG,OAAO,CAAC,IAAI,EAAE,CAAC;IACtC,IAAI,CAAC,cAAc,EAAE,CAAC;QACpB,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,gEAAgE;IAChE,qEAAqE;IACrE,yCAAyC;IACzC,MAAM,KAAK,GAAG,cAAc,CAAC,KAAK,CAAC,8BAA8B,CAAC,CAAC;IACnE,IAAI,KAAK,EAAE,CAAC;QACV,0DAA0D;QAC1D,kDAAkD;QAClD,0DAA0D;QAC1D,MAAM,WAAW,GAAG,KAAK,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,CAAC,CAAC,CAAC;QACrD,IAAI,WAAW,EAAE,CAAC;YAChB,uDAAuD;YACvD,OAAO,WAAW,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,GAAG,EAAE,CAAC;QAC1C,CAAC;IACH,CAAC;IAED,OAAO,SAAS,CAAC;AACnB,CAAC;AAED,MAAM,UAAU,eAAe,CAAC,OAAe;IAC7C,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,OAAO,EAAE,CAAC;IACZ,CAAC;IACD,OAAO,aAAa,CAAC,OAAO,CAAC;SAC1B,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,cAAc,CAAC,CAAC,CAAC,CAAC;SAC7B,MAAM,CAAC,CAAC,CAAC,EAAe,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;AACrC,CAAC;AAED,MAAM,UAAU,iBAAiB,CAAC,OAAe;IAC/C,MAAM,OAAO,GAAG,6CAA6C,CAAC;IAC9D,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;IACrC,IAAI,KAAK,EAAE,CAAC;QACV,IAAI,UAAU,GAAG,OAAO,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,IAAI,EAAE,CAAC;QAC3D,IACE,CAAC,UAAU,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,UAAU,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC;YACxD,CAAC,UAAU,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,UAAU,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,EACxD,CAAC;YACD,UAAU,GAAG,UAAU,CAAC,SAAS,CAAC,CAAC,EAAE,UAAU,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;QAC9D,CAAC;QACD,OAAO,UAAU,CAAC;IACpB,CAAC;IACD,OAAO,OAAO,CAAC,IAAI,EAAE,CAAC;AACxB,CAAC;AAED;;;;;;;GAOG;AACH,MAAM,UAAU,yBAAyB,CAAC,OAAe;IACvD,IAAI,cAAc,GAAG,KAAK,CAAC;IAC3B,IAAI,cAAc,GAAG,KAAK,CAAC;IAC3B,IAAI,WAAW,GAAG,KAAK,CAAC;IACxB,IAAI,CAAC,GAAG,CAAC,CAAC;IAEV,OAAO,CAAC,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC;QAC1B,MAAM,IAAI,GAAG,OAAO,CAAC,CAAC,CAAC,CAAC;QACxB,MAAM,QAAQ,GAAG,OAAO,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;QAEhC,qDAAqD;QACrD,IAAI,IAAI,KAAK,IAAI,IAAI,CAAC,cAAc,EAAE,CAAC;YACrC,CAAC,IAAI,CAAC,CAAC,CAAC,6BAA6B;YACrC,SAAS;QACX,CAAC;QAED,6BAA6B;QAC7B,IAAI,IAAI,KAAK,GAAG,IAAI,CAAC,cAAc,IAAI,CAAC,WAAW,EAAE,CAAC;YACpD,cAAc,GAAG,CAAC,cAAc,CAAC;QACnC,CAAC;aAAM,IAAI,IAAI,KAAK,GAAG,IAAI,CAAC,cAAc,IAAI,CAAC,WAAW,EAAE,CAAC;YAC3D,cAAc,GAAG,CAAC,cAAc,CAAC;QACnC,CAAC;aAAM,IAAI,IAAI,KAAK,GAAG,IAAI,CAAC,cAAc,EAAE,CAAC;YAC3C,oEAAoE;YACpE,WAAW,GAAG,CAAC,WAAW,CAAC;QAC7B,CAAC;QAED,iEAAiE;QACjE,IAAI,CAAC,cAAc,EAAE,CAAC;YACpB,oEAAoE;YACpE,IAAI,IAAI,KAAK,GAAG,IAAI,QAAQ,KAAK,GAAG,EAAE,CAAC;gBACrC,OAAO,IAAI,CAAC;YACd,CAAC;YAED,2EAA2E;YAC3E,IAAI,IAAI,KAAK,GAAG,IAAI,QAAQ,KAAK,GAAG,IAAI,CAAC,cAAc,IAAI,CAAC,WAAW,EAAE,CAAC;gBACxE,OAAO,IAAI,CAAC;YACd,CAAC;YAED,6DAA6D;YAC7D,iFAAiF;YACjF,IAAI,IAAI,KAAK,GAAG,IAAI,CAAC,WAAW,EAAE,CAAC;gBACjC,OAAO,IAAI,CAAC;YACd,CAAC;QACH,CAAC;QAED,CAAC,EAAE,CAAC;IACN,CAAC;IAED,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;;;;;;;;;;;;;;;;;;;;;;GAuBG;AACH,MAAM,UAAU,uBAAuB,CACrC,OAAe,EACf,MAAc,EACd,gBAA8B;IAO9B,8CAA8C;IAC9C,IAAI,yBAAyB,CAAC,OAAO,CAAC,EAAE,CAAC;QACvC,OAAO;YACL,UAAU,EAAE,KAAK;YACjB,kBAAkB,EAAE,CAAC,OAAO,CAAC;YAC7B,WAAW,EACT,iFAAiF;YACnF,YAAY,EAAE,IAAI;SACnB,CAAC;IACJ,CAAC;IAED,MAAM,gBAAgB,GAAG,CAAC,mBAAmB,EAAE,WAAW,CAAC,CAAC;IAC5D,MAAM,SAAS,GAAG,CAAC,GAAW,EAAU,EAAE,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC,OAAO,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;IAE3E,MAAM,YAAY,GAAG,CAAC,GAAW,EAAE,MAAc,EAAW,EAAE;QAC5D,IAAI,CAAC,GAAG,CAAC,UAAU,CAAC,MAAM,CAAC,EAAE,CAAC;YAC5B,OAAO,KAAK,CAAC;QACf,CAAC;QACD,OAAO,GAAG,CAAC,MAAM,KAAK,MAAM,CAAC,MAAM,IAAI,GAAG,CAAC,MAAM,CAAC,MAAM,CAAC,KAAK,GAAG,CAAC;IACpE,CAAC,CAAC;IAEF,MAAM,eAAe,GAAG,CAAC,KAAe,EAAY,EAAE,CACpD,KAAK,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,EAAE;QACrB,KAAK,MAAM,QAAQ,IAAI,gBAAgB,EAAE,CAAC;YACxC,IAAI,IAAI,CAAC,UAAU,CAAC,GAAG,QAAQ,GAAG,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;gBAC1D,OAAO,CAAC,SAAS,CAAC,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;YAC1D,CAAC;QACH,CAAC;QACD,OAAO,EAAE,CAAC;IACZ,CAAC,CAAC,CAAC;IAEL,MAAM,SAAS,GAAG,MAAM,CAAC,YAAY,EAAE,IAAI,EAAE,CAAC;IAC9C,MAAM,YAAY,GAAG,MAAM,CAAC,eAAe,EAAE,IAAI,EAAE,CAAC;IACpD,MAAM,kBAAkB,GAAG,aAAa,CAAC,OAAO,CAAC,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;IAEjE,wCAAwC;IACxC,IAAI,gBAAgB,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,YAAY,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,EAAE,CAAC;QACjE,OAAO;YACL,UAAU,EAAE,KAAK;YACjB,kBAAkB,EAAE,kBAAkB;YACtC,WAAW,EAAE,kDAAkD;YAC/D,YAAY,EAAE,IAAI;SACnB,CAAC;IACJ,CAAC;IACD,MAAM,eAAe,GAAG,eAAe,CAAC,YAAY,CAAC,CAAC;IACtD,KAAK,MAAM,GAAG,IAAI,kBAAkB,EAAE,CAAC;QACrC,IAAI,eAAe,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,YAAY,CAAC,GAAG,EAAE,OAAO,CAAC,CAAC,EAAE,CAAC;YAClE,OAAO;gBACL,UAAU,EAAE,KAAK;gBACjB,kBAAkB,EAAE,CAAC,GAAG,CAAC;gBACzB,WAAW,EAAE,YAAY,GAAG,+BAA+B;gBAC3D,YAAY,EAAE,IAAI;aACnB,CAAC;QACJ,CAAC;IACH,CAAC;IAED,MAAM,uBAAuB,GAAG,eAAe,CAAC,SAAS,CAAC,CAAC;IAC3D,MAAM,iBAAiB,GAAG,gBAAgB,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,EAAE,CACvD,SAAS,CAAC,QAAQ,CAAC,IAAI,CAAC,CACzB,CAAC;IAEF,uEAAuE;IACvE,wDAAwD;IACxD,IAAI,iBAAiB,EAAE,CAAC;QACtB,OAAO,EAAE,UAAU,EAAE,IAAI,EAAE,kBAAkB,EAAE,EAAE,EAAE,CAAC;IACtD,CAAC;IAED,IAAI,gBAAgB,EAAE,CAAC;QACrB,wDAAwD;QACxD,kEAAkE;QAClE,MAAM,kBAAkB,GAAa,EAAE,CAAC;QACxC,KAAK,MAAM,GAAG,IAAI,kBAAkB,EAAE,CAAC;YACrC,MAAM,gBAAgB,GAAG,CAAC,GAAG,gBAAgB,CAAC,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,EAAE,CAC9D,YAAY,CAAC,GAAG,EAAE,SAAS,CAAC,OAAO,CAAC,CAAC,CACtC,CAAC;YACF,IAAI,gBAAgB;gBAAE,SAAS;YAE/B,MAAM,iBAAiB,GAAG,uBAAuB,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,EAAE,CACjE,YAAY,CAAC,GAAG,EAAE,OAAO,CAAC,CAC3B,CAAC;YACF,IAAI,iBAAiB;gBAAE,SAAS;YAEhC,kBAAkB,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAC/B,CAAC;QAED,IAAI,kBAAkB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAClC,OAAO;gBACL,UAAU,EAAE,KAAK;gBACjB,kBAAkB;gBAClB,WAAW,EAAE,oDAAoD;gBACjE,YAAY,EAAE,KAAK,EAAE,mDAAmD;aACzE,CAAC;QACJ,CAAC;IACH,CAAC;SAAM,CAAC;QACN,8CAA8C;QAC9C,MAAM,0BAA0B,GAAG,uBAAuB,CAAC,MAAM,GAAG,CAAC,CAAC;QACtE,IAAI,0BAA0B,EAAE,CAAC;YAC/B,MAAM,kBAAkB,GAAa,EAAE,CAAC;YACxC,KAAK,MAAM,GAAG,IAAI,kBAAkB,EAAE,CAAC;gBACrC,MAAM,iBAAiB,GAAG,uBAAuB,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,EAAE,CACjE,YAAY,CAAC,GAAG,EAAE,OAAO,CAAC,CAC3B,CAAC;gBACF,IAAI,CAAC,iBAAiB,EAAE,CAAC;oBACvB,kBAAkB,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;gBAC/B,CAAC;YACH,CAAC;YACD,IAAI,kBAAkB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBAClC,OAAO;oBACL,UAAU,EAAE,KAAK;oBACjB,kBAAkB;oBAClB,WAAW,EAAE,8CAA8C;oBAC3D,YAAY,EAAE,KAAK,EAAE,yBAAyB;iBAC/C,CAAC;YACJ,CAAC;QACH,CAAC;QACD,uEAAuE;QACvE,qCAAqC;IACvC,CAAC;IAED,mEAAmE;IACnE,OAAO,EAAE,UAAU,EAAE,IAAI,EAAE,kBAAkB,EAAE,EAAE,EAAE,CAAC;AACtD,CAAC;AAED;;;;;;;;;;GAUG;AACH,MAAM,UAAU,gBAAgB,CAC9B,OAAe,EACf,MAAc;IAEd,2EAA2E;IAC3E,MAAM,EAAE,UAAU,EAAE,WAAW,EAAE,GAAG,uBAAuB,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;IAC7E,IAAI,UAAU,EAAE,CAAC;QACf,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;IAC3B,CAAC;IACD,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,WAAW,EAAE,CAAC;AACjD,CAAC"}