@vyuhlabs/dxkit 2.9.0 → 2.9.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (63) hide show
  1. package/CHANGELOG.md +91 -0
  2. package/README.md +3 -2
  3. package/dist/allowlist/cli.d.ts +38 -1
  4. package/dist/allowlist/cli.d.ts.map +1 -1
  5. package/dist/allowlist/cli.js +190 -3
  6. package/dist/allowlist/cli.js.map +1 -1
  7. package/dist/allowlist/file.d.ts +18 -0
  8. package/dist/allowlist/file.d.ts.map +1 -1
  9. package/dist/allowlist/file.js +10 -1
  10. package/dist/allowlist/file.js.map +1 -1
  11. package/dist/analyzers/security/aggregator.d.ts +6 -0
  12. package/dist/analyzers/security/aggregator.d.ts.map +1 -1
  13. package/dist/analyzers/security/aggregator.js +41 -0
  14. package/dist/analyzers/security/aggregator.js.map +1 -1
  15. package/dist/analyzers/security/gather.d.ts.map +1 -1
  16. package/dist/analyzers/security/gather.js +8 -1
  17. package/dist/analyzers/security/gather.js.map +1 -1
  18. package/dist/analyzers/tools/fingerprint.d.ts.map +1 -1
  19. package/dist/analyzers/tools/fingerprint.js +10 -1
  20. package/dist/analyzers/tools/fingerprint.js.map +1 -1
  21. package/dist/baseline/check-renderers.d.ts +12 -0
  22. package/dist/baseline/check-renderers.d.ts.map +1 -1
  23. package/dist/baseline/check-renderers.js +60 -4
  24. package/dist/baseline/check-renderers.js.map +1 -1
  25. package/dist/baseline/check.d.ts +42 -0
  26. package/dist/baseline/check.d.ts.map +1 -1
  27. package/dist/baseline/check.js +83 -2
  28. package/dist/baseline/check.js.map +1 -1
  29. package/dist/baseline/producers/security.d.ts.map +1 -1
  30. package/dist/baseline/producers/security.js +9 -0
  31. package/dist/baseline/producers/security.js.map +1 -1
  32. package/dist/baseline/types.d.ts +7 -0
  33. package/dist/baseline/types.d.ts.map +1 -1
  34. package/dist/cli.d.ts.map +1 -1
  35. package/dist/cli.js +23 -4
  36. package/dist/cli.js.map +1 -1
  37. package/dist/doctor.d.ts.map +1 -1
  38. package/dist/doctor.js +55 -0
  39. package/dist/doctor.js.map +1 -1
  40. package/dist/generator.d.ts.map +1 -1
  41. package/dist/generator.js +7 -1
  42. package/dist/generator.js.map +1 -1
  43. package/dist/ingest/env-file.d.ts +40 -0
  44. package/dist/ingest/env-file.d.ts.map +1 -0
  45. package/dist/ingest/env-file.js +163 -0
  46. package/dist/ingest/env-file.js.map +1 -0
  47. package/dist/ingest/sarif.d.ts.map +1 -1
  48. package/dist/ingest/sarif.js +22 -0
  49. package/dist/ingest/sarif.js.map +1 -1
  50. package/dist/ingest/snyk-policy.d.ts +60 -0
  51. package/dist/ingest/snyk-policy.d.ts.map +1 -0
  52. package/dist/ingest/snyk-policy.js +104 -0
  53. package/dist/ingest/snyk-policy.js.map +1 -0
  54. package/dist/ingest-cli.d.ts +4 -0
  55. package/dist/ingest-cli.d.ts.map +1 -1
  56. package/dist/ingest-cli.js +23 -4
  57. package/dist/ingest-cli.js.map +1 -1
  58. package/package.json +1 -1
  59. package/templates/.claude/skills/dxkit-action/SKILL.md +5 -3
  60. package/templates/.claude/skills/dxkit-allowlist/SKILL.md +107 -0
  61. package/templates/.claude/skills/dxkit-config/SKILL.md +4 -4
  62. package/templates/.claude/skills/dxkit-fix/SKILL.md +1 -1
  63. package/templates/.claude/skills/dxkit-ingest/SKILL.md +2 -0
package/CHANGELOG.md CHANGED
@@ -7,6 +7,97 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
7
7
 
8
8
  ## [Unreleased]
9
9
 
10
+ ## [2.9.2] - 2026-06-09
11
+
12
+ ### Allowlist lifecycle + Snyk credential ergonomics
13
+
14
+ A follow-up to 2.9.1 closing the self-service gaps the first customer
15
+ walkthrough surfaced: managing the allowlist after a re-baseline without
16
+ hand-editing JSON, propagating suppressions back to Snyk, and reading Snyk
17
+ credentials from a local `.env`.
18
+
19
+ - **`vyuh-dxkit allowlist remove <fingerprint>`.** Delete a single file-level
20
+ entry from the CLI. `prune` still removes only expired entries; `remove`
21
+ handles a stale-but-unexpired one (e.g. a confirmed-gone finding) — no more
22
+ hand-editing `.dxkit/allowlist.json`.
23
+ - **Orphaned-entry audit.** `vyuh-dxkit allowlist audit --against-baseline`
24
+ cross-checks every entry against the committed baseline and flags those whose
25
+ fingerprint matches no current finding. Orphans are flagged for review, never
26
+ auto-removed — re-baselining can churn fingerprints and an orphan may still
27
+ suppress an intermittently-detected finding. The matcher counts both a
28
+ finding's own fingerprint and any cross-tool fingerprints it absorbed, so an
29
+ entry keyed on a collapsed contributor isn't falsely flagged.
30
+ - **`vyuh-dxkit allowlist export --snyk`.** The outbound half of the Snyk
31
+ ignore sync (2.9.1 did the inbound SARIF-suppressions direction). Writes a
32
+ `.snyk` policy ignoring every Snyk Code finding the team has allowlisted in
33
+ dxkit, keyed on the Snyk rule id + path with the entry's reason + expiry, so
34
+ the suppression propagates to Snyk's own gate. Round-trip stable with the
35
+ inbound reader; only Snyk-originated, active entries export.
36
+ - **Opt-in `.env` loading for Snyk credentials.** `ingest --from-snyk` now
37
+ reads `SNYK_*` keys from a local `.env` as a fallback — and ONLY those keys,
38
+ never the rest of the file. A real exported env / CI secret always wins, so CI
39
+ behavior is unchanged. `--no-env-file` opts out; `--env-file <path>` overrides
40
+ the location. dxkit warns if the file looks committed to git.
41
+ - **New `dxkit-allowlist` skill** covering the full suppression lifecycle
42
+ (review, audit, remove, prune, the re-baseline → re-point flow, and Snyk
43
+ export), deferring the fix-vs-suppress decision back to `dxkit-action`.
44
+ - **Baseline refreshes steer to CI.** The skills and docs now warn against an
45
+ ad-hoc local `baseline create --force` — it bakes the dev machine's scanner
46
+ versions into the committed baseline, producing spurious tooling-drift
47
+ warnings and phantom "resolved" findings on the next PR — and route refreshes
48
+ through the bundled refresh workflow instead. The first local capture stays
49
+ fine.
50
+
51
+ ## [2.9.1] - 2026-06-08
52
+
53
+ ### Cross-tool dedup + allowlist suppression + ignore sync
54
+
55
+ A follow-up to 2.9's ingestion: when two engines flag the same weakness, count
56
+ it once; make the allowlist actually suppress; and keep ignores in sync across
57
+ the tools dxkit ingests from.
58
+
59
+ - **Cross-tool dedup.** Two engines that flag one weakness at one site under
60
+ different rule names no longer double-count. The aggregator collapses them via
61
+ a canonical-rule map and a CWE-at-the-same-location bridge (only ever across
62
+ different tools), keeping the higher severity and recording every contributing
63
+ tool.
64
+ - **The allowlist now suppresses findings from the guardrail verdict.**
65
+ Previously it was audit-only (category / reason / expiry + a PR-comment delta)
66
+ while the baseline was the sole suppressor — a reviewed-and-accepted finding
67
+ that landed outside the baseline still blocked. An active, unexpired allowlist
68
+ entry now waives a matching finding from the verdict; expired entries stop
69
+ suppressing, so the finding re-blocks the moment its window lapses. Suppressed
70
+ findings surface in their own report section (console / JSON / markdown) —
71
+ visible for review, never silently dropped, never counted as a live
72
+ regression.
73
+ - **Robust matching across dedup.** A suppression keyed on a contributing
74
+ fingerprint still matches the merged finding, so dedup nondeterminism between
75
+ runs (which engine is present, line wobble) can't silently orphan an
76
+ acceptance.
77
+ - **Allowlist expiry surfaced.** `vyuh-dxkit doctor` flags expired allowlist
78
+ entries (their findings re-block) and entries expiring within the audit
79
+ window. The allowlist docs gain a verdict-behavior + expiry-lifecycle section.
80
+ - **Ignore sync across tools.**
81
+ - dxkit honors a SARIF result's own `suppressions`: a finding dismissed
82
+ upstream (Snyk Code, CodeQL, Semgrep Pro) no longer re-surfaces here.
83
+ - Ingested findings pass through the same `.dxkit-ignore` path exclusions as
84
+ native findings — an external engine that scans vendored / generated /
85
+ fixture code no longer leaks findings dxkit would never raise itself.
86
+
87
+ ### Upgrading from 2.9.0 — re-baseline + re-point the allowlist
88
+
89
+ Cross-tool dedup changes the fingerprints of merged findings, so a baseline or
90
+ allowlist captured on 2.9.0 partially goes stale:
91
+
92
+ 1. **Re-baseline:** `vyuh-dxkit baseline create --force`. (On a real polyglot
93
+ repo, most findings keep their fingerprint; only the cross-tool merges
94
+ change.)
95
+ 2. **Re-point the allowlist:** run `vyuh-dxkit allowlist audit` to find entries
96
+ that no longer match a finding, then re-add them against the fresh
97
+ fingerprints from the guardrail output (`vyuh-dxkit allowlist prune` clears
98
+ the stale ones). Robust matching prevents _future_ run-to-run orphaning but
99
+ cannot bridge this one-time fingerprint change, so the re-point is manual.
100
+
10
101
  ## [2.9.0] - 2026-06-08
11
102
 
12
103
  ### Deep SAST — engine-agnostic interprocedural findings (2.9)
package/README.md CHANGED
@@ -182,7 +182,7 @@ Orphaned annotations become their own findings. The TypeScript `@ts-expect-error
182
182
 
183
183
  ### AI-agent integration
184
184
 
185
- dxkit ships twelve Claude Code skills under `.claude/skills/dxkit-*`. They wrap the CLI in conversational flows:
185
+ dxkit ships a suite of Claude Code skills under `.claude/skills/dxkit-*`. They wrap the CLI in conversational flows:
186
186
 
187
187
  | Skill | What it does |
188
188
  | --------------------------------------------------------------------------------------------------------- | ----------------------------------------------------------------------- |
@@ -191,6 +191,7 @@ dxkit ships twelve Claude Code skills under `.claude/skills/dxkit-*`. They wrap
191
191
  | `dxkit-action` | Reads a report, prioritizes findings, plans and runs fixes, re-verifies |
192
192
  | `dxkit-ingest` | Brings external SAST findings (Snyk Code, CodeQL, SARIF) into dxkit |
193
193
  | `dxkit-fix` | Repairs a broken install from doctor output |
194
+ | `dxkit-allowlist` | Manages the suppression lifecycle: audit, remove, prune, export to Snyk |
194
195
  | `dxkit-feature`, `dxkit-docs`, `dxkit-hooks`, `dxkit-config`, `dxkit-learn`, `dxkit-update`, `dxkit-init` | Focused flows |
195
196
 
196
197
  `AGENTS.md` (the open standard read by Codex, Cursor, Aider, and others) also ships in every install. The skill flows are Claude Code-specific today; the AGENTS.md context is portable.
@@ -250,7 +251,7 @@ npx vyuh-dxkit setup-prebuild # Codespaces prebuild
250
251
  À la carte if you only want specific pieces:
251
252
 
252
253
  ```bash
253
- npx vyuh-dxkit init --with-dxkit-agents # just the twelve Claude skills + AGENTS.md
254
+ npx vyuh-dxkit init --with-dxkit-agents # just the dxkit-* Claude skills + AGENTS.md
254
255
  npx vyuh-dxkit init --with-hooks # just the pre-push hook
255
256
  npx vyuh-dxkit init --with-precommit-hook # add pre-commit (slow on large repos)
256
257
  npx vyuh-dxkit init --with-devcontainer # just the per-stack devcontainer
@@ -35,7 +35,7 @@
35
35
  import { DEFAULT_EXPIRY_DAYS } from './categories';
36
36
  import { ALLOWLIST_FILENAME, type AllowlistMode } from './file';
37
37
  /** Subcommands recognized under `vyuh-dxkit allowlist`. */
38
- export declare const ALLOWLIST_SUBCOMMANDS: readonly ["add", "list", "show", "audit", "prune"];
38
+ export declare const ALLOWLIST_SUBCOMMANDS: readonly ["add", "list", "show", "audit", "prune", "remove", "export"];
39
39
  export type AllowlistSubcommand = (typeof ALLOWLIST_SUBCOMMANDS)[number];
40
40
  export interface AllowlistAddOpts {
41
41
  /** Positional target. `<file>:<line>` for inline form; absent or a
@@ -65,6 +65,27 @@ export interface AllowlistAuditOpts {
65
65
  readonly json?: boolean;
66
66
  /** Soon-to-expire horizon in days (default 14). */
67
67
  readonly soonToExpireDays?: number;
68
+ /** Cross-check fingerprints against the committed baseline so the
69
+ * audit can flag orphaned entries (suppress nothing in the current
70
+ * finding set). Off by default — keeps `audit` a pure read of the
71
+ * allowlist file unless the user opts in. */
72
+ readonly againstBaseline?: boolean;
73
+ /** Named baseline to diff against (default `main`). */
74
+ readonly baselineName?: string;
75
+ }
76
+ export interface AllowlistRemoveOpts {
77
+ readonly fingerprint?: string;
78
+ readonly json?: boolean;
79
+ }
80
+ export interface AllowlistExportOpts {
81
+ /** Target format. Only `--snyk` is supported today. */
82
+ readonly snyk?: boolean;
83
+ /** Output path (default `.snyk` in cwd). */
84
+ readonly out?: string;
85
+ readonly json?: boolean;
86
+ /** ISO datetime stamped as each ignore's `created`. Defaults to now;
87
+ * injectable for deterministic tests. */
88
+ readonly now?: string;
68
89
  }
69
90
  export interface AllowlistPruneOpts {
70
91
  readonly json?: boolean;
@@ -90,6 +111,22 @@ export declare function runAllowlistList(cwd: string, opts: AllowlistListOpts):
90
111
  export declare function runAllowlistShow(cwd: string, opts: AllowlistShowOpts): Promise<void>;
91
112
  export declare function runAllowlistAudit(cwd: string, opts: AllowlistAuditOpts): Promise<void>;
92
113
  export declare function runAllowlistPrune(cwd: string, opts: AllowlistPruneOpts): Promise<void>;
114
+ export declare function runAllowlistRemove(cwd: string, opts: AllowlistRemoveOpts): Promise<void>;
115
+ /**
116
+ * `allowlist export --snyk` — emit a `.snyk` policy file that ignores
117
+ * every Snyk-originated finding the team has allowlisted in dxkit, so
118
+ * the suppression propagates to Snyk's own gate (the OUTBOUND half of
119
+ * the sync; 2.9.1 did the inbound SARIF-suppressions direction).
120
+ *
121
+ * Each ingested Snyk finding's canonical fingerprint is recomputed via
122
+ * the shared helpers (Rule 9 — no parallel hash). A finding whose
123
+ * fingerprint matches an ACTIVE allowlist entry becomes a `.snyk`
124
+ * ignore keyed on the Snyk-native rule id + path, carrying the entry's
125
+ * reason + expiry. Expired entries are skipped (they no longer
126
+ * suppress). Only `snyk-code` findings export — native semgrep /
127
+ * gitleaks findings have no Snyk equivalent.
128
+ */
129
+ export declare function runAllowlistExport(cwd: string, opts: AllowlistExportOpts): Promise<void>;
93
130
  export { DEFAULT_EXPIRY_DAYS };
94
131
  export { ALLOWLIST_FILENAME };
95
132
  //# sourceMappingURL=cli.d.ts.map
@@ -1 +1 @@
1
- {"version":3,"file":"cli.d.ts","sourceRoot":"","sources":["../../src/allowlist/cli.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAiCG;AASH,OAAO,EAEL,mBAAmB,EAMpB,MAAM,cAAc,CAAC;AACtB,OAAO,EACL,kBAAkB,EAalB,KAAK,aAAa,EAEnB,MAAM,QAAQ,CAAC;AAGhB,2DAA2D;AAC3D,eAAO,MAAM,qBAAqB,oDAAqD,CAAC;AACxF,MAAM,MAAM,mBAAmB,GAAG,CAAC,OAAO,qBAAqB,CAAC,CAAC,MAAM,CAAC,CAAC;AAEzE,MAAM,WAAW,gBAAgB;IAC/B;;uBAEmB;IACnB,QAAQ,CAAC,MAAM,CAAC,EAAE,MAAM,CAAC;IACzB,QAAQ,CAAC,QAAQ,CAAC,EAAE,MAAM,CAAC;IAC3B,QAAQ,CAAC,MAAM,CAAC,EAAE,MAAM,CAAC;IACzB,QAAQ,CAAC,IAAI,CAAC,EAAE,MAAM,CAAC;IACvB,QAAQ,CAAC,WAAW,CAAC,EAAE,MAAM,CAAC;IAC9B,QAAQ,CAAC,OAAO,CAAC,EAAE,MAAM,CAAC;IAC1B,QAAQ,CAAC,oBAAoB,CAAC,EAAE,MAAM,CAAC;IACvC,QAAQ,CAAC,OAAO,CAAC,EAAE,MAAM,CAAC;IAC1B;;4CAEwC;IACxC,QAAQ,CAAC,IAAI,CAAC,EAAE,aAAa,CAAC;CAC/B;AAED,MAAM,WAAW,iBAAiB;IAChC,QAAQ,CAAC,WAAW,CAAC,EAAE,MAAM,CAAC;IAC9B,QAAQ,CAAC,IAAI,CAAC,EAAE,OAAO,CAAC;CACzB;AAED,MAAM,WAAW,iBAAiB;IAChC,QAAQ,CAAC,IAAI,CAAC,EAAE,OAAO,CAAC;CACzB;AAED,MAAM,WAAW,kBAAkB;IACjC,QAAQ,CAAC,IAAI,CAAC,EAAE,OAAO,CAAC;IACxB,mDAAmD;IACnD,QAAQ,CAAC,gBAAgB,CAAC,EAAE,MAAM,CAAC;CACpC;AAED,MAAM,WAAW,kBAAkB;IACjC,QAAQ,CAAC,IAAI,CAAC,EAAE,OAAO,CAAC;IACxB,qDAAqD;IACrD,QAAQ,CAAC,MAAM,CAAC,EAAE,OAAO,CAAC;IAC1B;;2CAEuC;IACvC,QAAQ,CAAC,GAAG,CAAC,EAAE,OAAO,CAAC;CACxB;AAED;;;;;GAKG;AACH,wBAAsB,YAAY,CAChC,GAAG,EAAE,MAAM,EACX,UAAU,EAAE,MAAM,GAAG,SAAS,EAC9B,IAAI,EAAE;IACJ,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACjC,GACA,OAAO,CAAC,IAAI,CAAC,CA4Cf;AAID,wBAAsB,eAAe,CAAC,GAAG,EAAE,MAAM,EAAE,IAAI,EAAE,gBAAgB,GAAG,OAAO,CAAC,IAAI,CAAC,CAqBxF;AAyHD,wBAAsB,gBAAgB,CAAC,GAAG,EAAE,MAAM,EAAE,IAAI,EAAE,iBAAiB,GAAG,OAAO,CAAC,IAAI,CAAC,CAuB1F;AAID,wBAAsB,gBAAgB,CAAC,GAAG,EAAE,MAAM,EAAE,IAAI,EAAE,iBAAiB,GAAG,OAAO,CAAC,IAAI,CAAC,CA8B1F;AAID,wBAAsB,iBAAiB,CAAC,GAAG,EAAE,MAAM,EAAE,IAAI,EAAE,kBAAkB,GAAG,OAAO,CAAC,IAAI,CAAC,CAsE5F;AAID,wBAAsB,iBAAiB,CAAC,GAAG,EAAE,MAAM,EAAE,IAAI,EAAE,kBAAkB,GAAG,OAAO,CAAC,IAAI,CAAC,CAmC5F;AAuGD,OAAO,EAAE,mBAAmB,EAAE,CAAC;AAG/B,OAAO,EAAE,kBAAkB,EAAE,CAAC"}
1
+ {"version":3,"file":"cli.d.ts","sourceRoot":"","sources":["../../src/allowlist/cli.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAiCG;AAkBH,OAAO,EAEL,mBAAmB,EAMpB,MAAM,cAAc,CAAC;AACtB,OAAO,EACL,kBAAkB,EAelB,KAAK,aAAa,EAEnB,MAAM,QAAQ,CAAC;AAGhB,2DAA2D;AAC3D,eAAO,MAAM,qBAAqB,wEAQxB,CAAC;AACX,MAAM,MAAM,mBAAmB,GAAG,CAAC,OAAO,qBAAqB,CAAC,CAAC,MAAM,CAAC,CAAC;AAEzE,MAAM,WAAW,gBAAgB;IAC/B;;uBAEmB;IACnB,QAAQ,CAAC,MAAM,CAAC,EAAE,MAAM,CAAC;IACzB,QAAQ,CAAC,QAAQ,CAAC,EAAE,MAAM,CAAC;IAC3B,QAAQ,CAAC,MAAM,CAAC,EAAE,MAAM,CAAC;IACzB,QAAQ,CAAC,IAAI,CAAC,EAAE,MAAM,CAAC;IACvB,QAAQ,CAAC,WAAW,CAAC,EAAE,MAAM,CAAC;IAC9B,QAAQ,CAAC,OAAO,CAAC,EAAE,MAAM,CAAC;IAC1B,QAAQ,CAAC,oBAAoB,CAAC,EAAE,MAAM,CAAC;IACvC,QAAQ,CAAC,OAAO,CAAC,EAAE,MAAM,CAAC;IAC1B;;4CAEwC;IACxC,QAAQ,CAAC,IAAI,CAAC,EAAE,aAAa,CAAC;CAC/B;AAED,MAAM,WAAW,iBAAiB;IAChC,QAAQ,CAAC,WAAW,CAAC,EAAE,MAAM,CAAC;IAC9B,QAAQ,CAAC,IAAI,CAAC,EAAE,OAAO,CAAC;CACzB;AAED,MAAM,WAAW,iBAAiB;IAChC,QAAQ,CAAC,IAAI,CAAC,EAAE,OAAO,CAAC;CACzB;AAED,MAAM,WAAW,kBAAkB;IACjC,QAAQ,CAAC,IAAI,CAAC,EAAE,OAAO,CAAC;IACxB,mDAAmD;IACnD,QAAQ,CAAC,gBAAgB,CAAC,EAAE,MAAM,CAAC;IACnC;;;kDAG8C;IAC9C,QAAQ,CAAC,eAAe,CAAC,EAAE,OAAO,CAAC;IACnC,uDAAuD;IACvD,QAAQ,CAAC,YAAY,CAAC,EAAE,MAAM,CAAC;CAChC;AAED,MAAM,WAAW,mBAAmB;IAClC,QAAQ,CAAC,WAAW,CAAC,EAAE,MAAM,CAAC;IAC9B,QAAQ,CAAC,IAAI,CAAC,EAAE,OAAO,CAAC;CACzB;AAED,MAAM,WAAW,mBAAmB;IAClC,uDAAuD;IACvD,QAAQ,CAAC,IAAI,CAAC,EAAE,OAAO,CAAC;IACxB,4CAA4C;IAC5C,QAAQ,CAAC,GAAG,CAAC,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,IAAI,CAAC,EAAE,OAAO,CAAC;IACxB;8CAC0C;IAC1C,QAAQ,CAAC,GAAG,CAAC,EAAE,MAAM,CAAC;CACvB;AAED,MAAM,WAAW,kBAAkB;IACjC,QAAQ,CAAC,IAAI,CAAC,EAAE,OAAO,CAAC;IACxB,qDAAqD;IACrD,QAAQ,CAAC,MAAM,CAAC,EAAE,OAAO,CAAC;IAC1B;;2CAEuC;IACvC,QAAQ,CAAC,GAAG,CAAC,EAAE,OAAO,CAAC;CACxB;AAED;;;;;GAKG;AACH,wBAAsB,YAAY,CAChC,GAAG,EAAE,MAAM,EACX,UAAU,EAAE,MAAM,GAAG,SAAS,EAC9B,IAAI,EAAE;IACJ,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACjC,GACA,OAAO,CAAC,IAAI,CAAC,CAyDf;AAID,wBAAsB,eAAe,CAAC,GAAG,EAAE,MAAM,EAAE,IAAI,EAAE,gBAAgB,GAAG,OAAO,CAAC,IAAI,CAAC,CAqBxF;AAyHD,wBAAsB,gBAAgB,CAAC,GAAG,EAAE,MAAM,EAAE,IAAI,EAAE,iBAAiB,GAAG,OAAO,CAAC,IAAI,CAAC,CAuB1F;AAID,wBAAsB,gBAAgB,CAAC,GAAG,EAAE,MAAM,EAAE,IAAI,EAAE,iBAAiB,GAAG,OAAO,CAAC,IAAI,CAAC,CA8B1F;AAID,wBAAsB,iBAAiB,CAAC,GAAG,EAAE,MAAM,EAAE,IAAI,EAAE,kBAAkB,GAAG,OAAO,CAAC,IAAI,CAAC,CAuG5F;AAID,wBAAsB,iBAAiB,CAAC,GAAG,EAAE,MAAM,EAAE,IAAI,EAAE,kBAAkB,GAAG,OAAO,CAAC,IAAI,CAAC,CAmC5F;AAID,wBAAsB,kBAAkB,CAAC,GAAG,EAAE,MAAM,EAAE,IAAI,EAAE,mBAAmB,GAAG,OAAO,CAAC,IAAI,CAAC,CA4B9F;AAID;;;;;;;;;;;;;GAaG;AACH,wBAAsB,kBAAkB,CAAC,GAAG,EAAE,MAAM,EAAE,IAAI,EAAE,mBAAmB,GAAG,OAAO,CAAC,IAAI,CAAC,CA6E9F;AAoID,OAAO,EAAE,mBAAmB,EAAE,CAAC;AAG/B,OAAO,EAAE,kBAAkB,EAAE,CAAC"}
@@ -74,9 +74,16 @@ exports.runAllowlistList = runAllowlistList;
74
74
  exports.runAllowlistShow = runAllowlistShow;
75
75
  exports.runAllowlistAudit = runAllowlistAudit;
76
76
  exports.runAllowlistPrune = runAllowlistPrune;
77
+ exports.runAllowlistRemove = runAllowlistRemove;
78
+ exports.runAllowlistExport = runAllowlistExport;
79
+ const fs = __importStar(require("fs"));
77
80
  const path = __importStar(require("path"));
78
81
  const child_process_1 = require("child_process");
79
82
  const logger = __importStar(require("../logger"));
83
+ const baseline_file_1 = require("../baseline/baseline-file");
84
+ const fingerprint_1 = require("../analyzers/tools/fingerprint");
85
+ const snapshot_1 = require("../ingest/snapshot");
86
+ const snyk_policy_1 = require("../ingest/snyk-policy");
80
87
  const languages_1 = require("../languages");
81
88
  const categories_1 = require("./categories");
82
89
  Object.defineProperty(exports, "DEFAULT_EXPIRY_DAYS", { enumerable: true, get: function () { return categories_1.DEFAULT_EXPIRY_DAYS; } });
@@ -84,7 +91,15 @@ const file_1 = require("./file");
84
91
  Object.defineProperty(exports, "ALLOWLIST_FILENAME", { enumerable: true, get: function () { return file_1.ALLOWLIST_FILENAME; } });
85
92
  const inline_1 = require("./inline");
86
93
  /** Subcommands recognized under `vyuh-dxkit allowlist`. */
87
- exports.ALLOWLIST_SUBCOMMANDS = ['add', 'list', 'show', 'audit', 'prune'];
94
+ exports.ALLOWLIST_SUBCOMMANDS = [
95
+ 'add',
96
+ 'list',
97
+ 'show',
98
+ 'audit',
99
+ 'prune',
100
+ 'remove',
101
+ 'export',
102
+ ];
88
103
  /**
89
104
  * Dispatch entry point called from `src/cli.ts`. Validates the
90
105
  * subcommand name + routes to the per-subcommand handler. Unknown
@@ -123,6 +138,8 @@ async function runAllowlist(cwd, subcommand, args) {
123
138
  return runAllowlistAudit(cwd, {
124
139
  json: !!args.values.json,
125
140
  soonToExpireDays: Number.isFinite(horizon) ? horizon : undefined,
141
+ againstBaseline: !!args.values['against-baseline'],
142
+ baselineName: args.values['baseline-name'],
126
143
  });
127
144
  }
128
145
  case 'prune':
@@ -131,6 +148,17 @@ async function runAllowlist(cwd, subcommand, args) {
131
148
  dryRun: !!args.values['dry-run'],
132
149
  yes: !!args.values.yes,
133
150
  });
151
+ case 'remove':
152
+ return runAllowlistRemove(cwd, {
153
+ fingerprint: args.positionalAfter,
154
+ json: !!args.values.json,
155
+ });
156
+ case 'export':
157
+ return runAllowlistExport(cwd, {
158
+ snyk: !!args.values.snyk,
159
+ out: args.values.out,
160
+ json: !!args.values.json,
161
+ });
134
162
  }
135
163
  }
136
164
  // ─── add ──────────────────────────────────────────────────────────────────
@@ -300,7 +328,23 @@ async function runAllowlistAudit(cwd, opts) {
300
328
  logger.info(`No allowlist file at ${(0, file_1.pathForAllowlist)(cwd)} — nothing to audit.`);
301
329
  return;
302
330
  }
303
- const report = (0, file_1.auditAllowlist)(file, { soonToExpireDays: opts.soonToExpireDays });
331
+ // Orphan detection is opt-in: only when `--against-baseline` is set
332
+ // do we read the committed baseline and build the current-finding
333
+ // fingerprint set. Without it, audit stays a pure read of the file.
334
+ let currentFingerprints;
335
+ if (opts.againstBaseline) {
336
+ currentFingerprints = baselineFingerprintSet(cwd, opts.baselineName);
337
+ if (!currentFingerprints) {
338
+ logger.warn(`--against-baseline requested but no baseline found at ` +
339
+ `${(0, baseline_file_1.pathForBaseline)(cwd, opts.baselineName ?? baseline_file_1.DEFAULT_BASELINE_NAME)} — ` +
340
+ `skipping orphan detection. Refresh the baseline in CI first ` +
341
+ `(see the dxkit-baseline-refresh workflow).`);
342
+ }
343
+ }
344
+ const report = (0, file_1.auditAllowlist)(file, {
345
+ soonToExpireDays: opts.soonToExpireDays,
346
+ ...(currentFingerprints ? { currentFingerprints } : {}),
347
+ });
304
348
  if (opts.json) {
305
349
  process.stdout.write(JSON.stringify(report, null, 2) + '\n');
306
350
  return;
@@ -311,7 +355,8 @@ async function runAllowlistAudit(cwd, opts) {
311
355
  `(mode=${file.mode}); soon-to-expire window=${horizon} days`);
312
356
  if (report.expired.length === 0 &&
313
357
  report.soonToExpire.length === 0 &&
314
- report.missingRationale.length === 0) {
358
+ report.missingRationale.length === 0 &&
359
+ (report.orphaned?.length ?? 0) === 0) {
315
360
  logger.success(`No issues found.`);
316
361
  return;
317
362
  }
@@ -335,6 +380,16 @@ async function runAllowlistAudit(cwd, opts) {
335
380
  logger.info(` ${e.fingerprint} ${e.kind}/${e.category}`);
336
381
  }
337
382
  }
383
+ if (report.orphaned && report.orphaned.length > 0) {
384
+ logger.warn(`Orphaned (${report.orphaned.length}) — fingerprint matches no current finding. ` +
385
+ `REVIEW, don't bulk-remove: re-baselining can churn fingerprints, and an ` +
386
+ `orphan may still suppress an intermittently-detected finding. Confirm the ` +
387
+ `finding is truly gone, then \`vyuh-dxkit allowlist remove <fingerprint>\`:`);
388
+ for (const e of report.orphaned) {
389
+ const reasonPreview = e.reason ? ` — ${truncate(e.reason, 50)}` : '';
390
+ logger.info(` ${e.fingerprint} ${e.kind}/${e.category}${reasonPreview}`);
391
+ }
392
+ }
338
393
  }
339
394
  // ─── prune ────────────────────────────────────────────────────────────────
340
395
  async function runAllowlistPrune(cwd, opts) {
@@ -367,10 +422,142 @@ async function runAllowlistPrune(cwd, opts) {
367
422
  (0, file_1.saveAllowlist)(cwd, kept);
368
423
  logger.success(`Pruned ${removed.length} expired entries.`);
369
424
  }
425
+ // ─── remove ─────────────────────────────────────────────────────────────────
426
+ async function runAllowlistRemove(cwd, opts) {
427
+ const fp = opts.fingerprint?.trim();
428
+ if (!fp) {
429
+ logger.fail(`Usage: vyuh-dxkit allowlist remove <fingerprint>`);
430
+ process.exit(1);
431
+ }
432
+ const file = (0, file_1.loadAllowlist)(cwd);
433
+ if (!file) {
434
+ logger.fail(`No allowlist file at ${(0, file_1.pathForAllowlist)(cwd)} — nothing to remove.`);
435
+ process.exit(1);
436
+ }
437
+ const entry = (0, file_1.findEntry)(file, fp);
438
+ if (!entry) {
439
+ logger.fail(`No allowlist entry for fingerprint ${fp}. ` +
440
+ `Run \`vyuh-dxkit allowlist list\` to see current entries.`);
441
+ process.exit(1);
442
+ }
443
+ const updated = (0, file_1.removeEntry)(file, fp);
444
+ (0, file_1.saveAllowlist)(cwd, updated);
445
+ if (opts.json) {
446
+ process.stdout.write(JSON.stringify({ removed: entry }, null, 2) + '\n');
447
+ return;
448
+ }
449
+ logger.success(`Removed allowlist entry ${fp} (kind=${entry.kind}, category=${entry.category}).`);
450
+ }
451
+ // ─── export ─────────────────────────────────────────────────────────────────
452
+ /**
453
+ * `allowlist export --snyk` — emit a `.snyk` policy file that ignores
454
+ * every Snyk-originated finding the team has allowlisted in dxkit, so
455
+ * the suppression propagates to Snyk's own gate (the OUTBOUND half of
456
+ * the sync; 2.9.1 did the inbound SARIF-suppressions direction).
457
+ *
458
+ * Each ingested Snyk finding's canonical fingerprint is recomputed via
459
+ * the shared helpers (Rule 9 — no parallel hash). A finding whose
460
+ * fingerprint matches an ACTIVE allowlist entry becomes a `.snyk`
461
+ * ignore keyed on the Snyk-native rule id + path, carrying the entry's
462
+ * reason + expiry. Expired entries are skipped (they no longer
463
+ * suppress). Only `snyk-code` findings export — native semgrep /
464
+ * gitleaks findings have no Snyk equivalent.
465
+ */
466
+ async function runAllowlistExport(cwd, opts) {
467
+ if (!opts.snyk) {
468
+ logger.fail(`allowlist export currently supports only --snyk. Usage: allowlist export --snyk`);
469
+ process.exit(1);
470
+ }
471
+ const file = (0, file_1.loadAllowlist)(cwd);
472
+ if (!file || file.entries.length === 0) {
473
+ logger.info(`No allowlist entries — nothing to export.`);
474
+ return;
475
+ }
476
+ const snapshots = (0, snapshot_1.readAllSnapshots)(cwd).filter((f) => f.engine === 'snyk-code');
477
+ if (snapshots.length === 0) {
478
+ logger.info(`No Snyk Code findings have been ingested yet. ` +
479
+ `Run \`vyuh-dxkit ingest --from-snyk\` first.`);
480
+ return;
481
+ }
482
+ // Recompute each Snyk finding's canonical fingerprint and match it to
483
+ // an active allowlist entry. Dedup (rule, path) so several findings on
484
+ // the same rule+path collapse to one ignore directive.
485
+ const created = opts.now ?? new Date().toISOString();
486
+ const ignores = [];
487
+ const seenRulePath = new Set();
488
+ let skippedExpired = 0;
489
+ for (const f of snapshots) {
490
+ const fingerprint = (0, fingerprint_1.computeCodeFingerprint)((0, fingerprint_1.canonicalRuleFor)(f.engine, f.rule), f.file, f.line);
491
+ const entry = (0, file_1.findEntry)(file, fingerprint);
492
+ if (!entry)
493
+ continue;
494
+ if (!(0, file_1.isEntryActive)(entry)) {
495
+ skippedExpired++;
496
+ continue;
497
+ }
498
+ const key = `${f.rule}\0${f.file}`;
499
+ if (seenRulePath.has(key))
500
+ continue;
501
+ seenRulePath.add(key);
502
+ ignores.push({
503
+ ruleId: f.rule,
504
+ path: f.file,
505
+ reason: entry.reason,
506
+ expires: (0, snyk_policy_1.expiryToSnykDatetime)(entry.expiresAt),
507
+ created,
508
+ });
509
+ }
510
+ const outPath = path.resolve(cwd, opts.out ?? '.snyk');
511
+ const policy = (0, snyk_policy_1.buildSnykPolicy)(ignores);
512
+ fs.writeFileSync(outPath, policy, 'utf8');
513
+ if (opts.json) {
514
+ process.stdout.write(JSON.stringify({ out: outPath, ignores: ignores.length, skippedExpired }, null, 2) + '\n');
515
+ return;
516
+ }
517
+ if (ignores.length === 0) {
518
+ logger.info(`No Snyk-originated findings are allowlisted — wrote an empty policy to ${outPath}.` +
519
+ (skippedExpired > 0
520
+ ? ` (${skippedExpired} expired entr${skippedExpired === 1 ? 'y' : 'ies'} skipped.)`
521
+ : ''));
522
+ return;
523
+ }
524
+ logger.success(`Wrote ${ignores.length} Snyk ignore${ignores.length === 1 ? '' : 's'} to ${outPath}` +
525
+ (skippedExpired > 0 ? ` (${skippedExpired} expired skipped)` : '') +
526
+ '.');
527
+ logger.dim(' Note: Snyk Code (SAST) honors .snyk ignores only with the "consistent ignores" ' +
528
+ 'feature enabled for your org; SCA/dependency ignores are standard.');
529
+ }
370
530
  // ─── Internals ────────────────────────────────────────────────────────────
371
531
  function isAllowlistSubcommand(value) {
372
532
  return exports.ALLOWLIST_SUBCOMMANDS.includes(value);
373
533
  }
534
+ /**
535
+ * Build the set of fingerprints present in the committed baseline —
536
+ * the union of every entry's `id` plus its `absorbedFingerprints`.
537
+ * The absorbed set matters: cross-tool dedup collapses several
538
+ * findings into one representative, and an allowlist entry keyed on a
539
+ * collapsed contributor still suppresses the merged finding (CLAUDE.md
540
+ * Rule 9 robust matching). Including absorbed fingerprints here keeps
541
+ * such entries OUT of the orphaned bucket.
542
+ *
543
+ * Returns `undefined` when no baseline exists on disk (the caller
544
+ * renders a steer-to-CI notice rather than reporting false orphans).
545
+ */
546
+ function baselineFingerprintSet(cwd, name) {
547
+ const baselinePath = (0, baseline_file_1.pathForBaseline)(cwd, name ?? baseline_file_1.DEFAULT_BASELINE_NAME);
548
+ if (!fs.existsSync(baselinePath))
549
+ return undefined;
550
+ const baseline = (0, baseline_file_1.readBaselineFile)(baselinePath);
551
+ const set = new Set();
552
+ for (const entry of baseline.findings) {
553
+ set.add(entry.id);
554
+ if ('absorbedFingerprints' in entry && entry.absorbedFingerprints) {
555
+ for (const fp of entry.absorbedFingerprints)
556
+ set.add(fp);
557
+ }
558
+ }
559
+ return set;
560
+ }
374
561
  function parseCategory(raw) {
375
562
  if (!raw) {
376
563
  logger.fail(`--category is required. One of: ${categories_1.ALL_CATEGORIES.join(', ')}.`);
@@ -1 +1 @@
1
- {"version":3,"file":"cli.js","sourceRoot":"","sources":["../../src/allowlist/cli.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAiCG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AA0FH,oCAmDC;AAID,0CAqBC;AAyHD,4CAuBC;AAID,4CA8BC;AAID,8CAsEC;AAID,8CAmCC;AAvcD,2CAA6B;AAC7B,iDAAyC;AACzC,kDAAoC;AACpC,4CAAyC;AAIzC,6CAQsB;AA+hBb,oGAriBP,gCAAmB,OAqiBO;AA9hB5B,iCAgBgB;AAihBP,mGAhiBP,yBAAkB,OAgiBO;AAhhB3B,qCAA4C;AAE5C,2DAA2D;AAC9C,QAAA,qBAAqB,GAAG,CAAC,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,OAAO,CAAU,CAAC;AA8CxF;;;;;GAKG;AACI,KAAK,UAAU,YAAY,CAChC,GAAW,EACX,UAA8B,EAC9B,IAGC;IAED,IAAI,CAAC,UAAU,IAAI,CAAC,qBAAqB,CAAC,UAAU,CAAC,EAAE,CAAC;QACtD,MAAM,CAAC,IAAI,CACT,iCAAiC,IAAI,CAAC,SAAS,CAAC,UAAU,IAAI,QAAQ,CAAC,IAAI;YACzE,oBAAoB,6BAAqB,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAC1D,CAAC;QACF,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IAED,QAAQ,UAAU,EAAE,CAAC;QACnB,KAAK,KAAK;YACR,OAAO,eAAe,CAAC,GAAG,EAAE;gBAC1B,MAAM,EAAE,IAAI,CAAC,eAAe;gBAC5B,QAAQ,EAAE,IAAI,CAAC,MAAM,CAAC,QAA8B;gBACpD,MAAM,EAAE,IAAI,CAAC,MAAM,CAAC,MAA4B;gBAChD,IAAI,EAAE,IAAI,CAAC,MAAM,CAAC,IAA0B;gBAC5C,WAAW,EAAE,IAAI,CAAC,MAAM,CAAC,WAAiC;gBAC1D,OAAO,EAAE,IAAI,CAAC,MAAM,CAAC,OAA6B;gBAClD,oBAAoB,EAAE,IAAI,CAAC,MAAM,CAAC,uBAAuB,CAAuB;gBAChF,OAAO,EAAE,IAAI,CAAC,MAAM,CAAC,UAAU,CAAuB;gBACtD,IAAI,EAAE,IAAI,CAAC,MAAM,CAAC,IAAiC;aACpD,CAAC,CAAC;QACL,KAAK,MAAM;YACT,OAAO,gBAAgB,CAAC,GAAG,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC,CAAC;QAC7D,KAAK,MAAM;YACT,OAAO,gBAAgB,CAAC,GAAG,EAAE;gBAC3B,WAAW,EAAE,IAAI,CAAC,eAAe;gBACjC,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI;aACzB,CAAC,CAAC;QACL,KAAK,OAAO,CAAC,CAAC,CAAC;YACb,MAAM,UAAU,GAAG,IAAI,CAAC,MAAM,CAAC,WAAW,CAAuB,CAAC;YAClE,MAAM,OAAO,GAAG,UAAU,CAAC,CAAC,CAAC,QAAQ,CAAC,UAAU,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;YAClE,OAAO,iBAAiB,CAAC,GAAG,EAAE;gBAC5B,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI;gBACxB,gBAAgB,EAAE,MAAM,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,SAAS;aACjE,CAAC,CAAC;QACL,CAAC;QACD,KAAK,OAAO;YACV,OAAO,iBAAiB,CAAC,GAAG,EAAE;gBAC5B,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI;gBACxB,MAAM,EAAE,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC;gBAChC,GAAG,EAAE,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,GAAG;aACvB,CAAC,CAAC;IACP,CAAC;AACH,CAAC;AAED,6EAA6E;AAEtE,KAAK,UAAU,eAAe,CAAC,GAAW,EAAE,IAAsB;IACvE,gEAAgE;IAChE,0BAA0B;IAC1B,MAAM,QAAQ,GAAG,aAAa,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;IAC9C,MAAM,MAAM,GAAG,CAAC,IAAI,CAAC,MAAM,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;IAC1C,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,MAAM,CAAC,IAAI,CAAC,mDAAmD,CAAC,CAAC;QACjE,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IAED,sEAAsE;IACtE,4BAA4B;IAC5B,oEAAoE;IACpE,sDAAsD;IACtD,MAAM,YAAY,GAAG,iBAAiB,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;IACpD,IAAI,YAAY,EAAE,CAAC;QACjB,OAAO,YAAY,CAAC,EAAE,GAAG,EAAE,MAAM,EAAE,YAAY,EAAE,QAAQ,EAAE,MAAM,EAAE,CAAC,CAAC;IACvE,CAAC;IAED,kBAAkB;IAClB,OAAO,eAAe,CAAC,EAAE,GAAG,EAAE,IAAI,EAAE,QAAQ,EAAE,MAAM,EAAE,CAAC,CAAC;AAC1D,CAAC;AAOD,SAAS,iBAAiB,CAAC,MAA0B;IACnD,IAAI,CAAC,MAAM;QAAE,OAAO,IAAI,CAAC;IACzB,MAAM,CAAC,GAAG,MAAM,CAAC,KAAK,CAAC,cAAc,CAAC,CAAC;IACvC,IAAI,CAAC,CAAC;QAAE,OAAO,IAAI,CAAC;IACpB,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,EAAE,CAAC;AAClD,CAAC;AAED,KAAK,UAAU,YAAY,CAAC,IAK3B;IACC,MAAM,EAAE,GAAG,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,GAAG,IAAI,CAAC;IAC/C,IAAI,CAAC,yCAA4B,CAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC;QAChD,MAAM,CAAC,IAAI,CACT,YAAY,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,kBAAkB;YACpD,qDAAqD;YACrD,iCAAiC,CAAC,GAAG,yCAA4B,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CACnF,CAAC;QACF,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IAED,MAAM,OAAO,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,MAAM,CAAC,IAAI,CAAC,CAAC;IAC/C,MAAM,IAAI,GAAG,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;IACxC,IAAI,CAAC,IAAI,IAAI,CAAC,IAAI,CAAC,aAAa,EAAE,CAAC;QACjC,MAAM,CAAC,IAAI,CACT,iDAAiD,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI;YAC9E,qEAAqE,CACxE,CAAC;QACF,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IAED,MAAM,MAAM,GAAG,IAAA,yBAAgB,EAAC,OAAO,EAAE,MAAM,CAAC,IAAI,EAAE,EAAE,QAAQ,EAAE,MAAM,EAAE,EAAE,IAAI,CAAC,CAAC;IAClF,MAAM,CAAC,IAAI,CACT,YAAY,MAAM,CAAC,QAAQ,4BAA4B,MAAM,CAAC,IAAI,IAAI,MAAM,CAAC,cAAc,GAAG;QAC5F,aAAa,QAAQ,GAAG,CAC3B,CAAC;AACJ,CAAC;AAED,KAAK,UAAU,eAAe,CAAC,IAK9B;IACC,MAAM,EAAE,GAAG,EAAE,IAAI,EAAE,QAAQ,EAAE,MAAM,EAAE,GAAG,IAAI,CAAC;IAC7C,MAAM,WAAW,GAAG,IAAI,CAAC,WAAW,EAAE,IAAI,EAAE,CAAC;IAC7C,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,EAAE,IAAI,EAAE,CAAC;IAClC,IAAI,CAAC,WAAW,IAAI,CAAC,OAAO,EAAE,CAAC;QAC7B,MAAM,CAAC,IAAI,CACT,+EAA+E;YAC7E,wFAAwF,CAC3F,CAAC;QACF,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IACD,MAAM,IAAI,GAAG,OAAuB,CAAC;IACrC,IAAI,CAAC,IAAA,mCAAsB,EAAC,IAAI,EAAE,QAAQ,CAAC,EAAE,CAAC;QAC5C,MAAM,CAAC,IAAI,CACT,YAAY,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,2BAA2B,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,EAAE,CACtF,CAAC;QACF,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IAED,MAAM,SAAS,GAAG,gBAAgB,CAAC,IAAI,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC;IAC3D,MAAM,OAAO,GAAG,IAAI,CAAC,OAAO,EAAE,IAAI,EAAE,IAAI,mBAAmB,CAAC,GAAG,CAAC,CAAC;IACjE,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,MAAM,CAAC,IAAI,CAAC,6EAA6E,CAAC,CAAC;QAC3F,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IACD,MAAM,OAAO,GAAG,QAAQ,EAAE,CAAC;IAC3B,MAAM,oBAAoB,GAAG,gBAAgB,CAAC,IAAI,CAAC,oBAAoB,CAAC,CAAC;IAEzE,MAAM,KAAK,GAAmB;QAC5B,WAAW;QACX,IAAI;QACJ,QAAQ;QACR,MAAM;QACN,OAAO;QACP,OAAO;QACP,GAAG,CAAC,SAAS,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,SAAS,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QACjD,GAAG,CAAC,oBAAoB,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,oBAAoB,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;KACxE,CAAC;IAEF,+EAA+E;IAC/E,MAAM,IAAI,GAAG,WAAW,CAAC,GAAG,EAAE,IAAI,CAAC,IAAI,CAAC,CAAC;IACzC,MAAM,gBAAgB,GAAG,IAAA,6BAAsB,EAAC,KAAK,EAAE,IAAI,CAAC,CAAC;IAC7D,IAAI,gBAAgB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAChC,MAAM,CAAC,IAAI,CAAC,oCAAoC,CAAC,CAAC;QAClD,KAAK,MAAM,CAAC,IAAI,gBAAgB,EAAE,CAAC;YACjC,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,KAAK,KAAK,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC;QAC9C,CAAC;QACD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IAED,MAAM,QAAQ,GAAG,IAAA,oBAAa,EAAC,GAAG,CAAC,IAAI,IAAA,yBAAkB,EAAC,IAAI,CAAC,CAAC;IAChE,IAAI,IAAA,gBAAS,EAAC,QAAQ,EAAE,WAAW,CAAC,EAAE,CAAC;QACrC,MAAM,CAAC,IAAI,CACT,oDAAoD,WAAW,IAAI;YACjE,mCAAmC,WAAW,iCAAiC,CAClF,CAAC;QACF,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IAED,MAAM,OAAO,GAAkB,EAAE,GAAG,IAAA,eAAQ,EAAC,QAAQ,EAAE,KAAK,CAAC,EAAE,IAAI,EAAE,CAAC;IACtE,IAAA,oBAAa,EAAC,GAAG,EAAE,OAAO,CAAC,CAAC;IAC5B,MAAM,CAAC,IAAI,CACT,yCAAyC,WAAW,UAAU,IAAI,cAAc,QAAQ,GAAG;QACzF,CAAC,SAAS,CAAC,CAAC,CAAC,aAAa,SAAS,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,CAC9C,CAAC;AACJ,CAAC;AAED,6EAA6E;AAEtE,KAAK,UAAU,gBAAgB,CAAC,GAAW,EAAE,IAAuB;IACzE,MAAM,IAAI,GAAG,IAAA,oBAAa,EAAC,GAAG,CAAC,CAAC;IAChC,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC;QACd,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,IAAI,IAAA,yBAAkB,EAAC,MAAM,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC,GAAG,IAAI,CAAC,CAAC;QACzF,OAAO;IACT,CAAC;IAED,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACvC,MAAM,CAAC,IAAI,CAAC,uEAAuE,CAAC,CAAC;QACrF,OAAO;IACT,CAAC;IACD,MAAM,CAAC,IAAI,CACT,GAAG,IAAI,CAAC,OAAO,CAAC,MAAM,kBAAkB,IAAI,CAAC,OAAO,CAAC,MAAM,KAAK,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,KAAK,GAAG;QAChF,SAAS,IAAI,CAAC,IAAI,YAAY,IAAI,CAAC,aAAa,IAAI,CACvD,CAAC;IACF,KAAK,MAAM,KAAK,IAAI,IAAI,CAAC,OAAO,EAAE,CAAC;QACjC,MAAM,OAAO,GAAG,KAAK,CAAC,SAAS,CAAC,CAAC,CAAC,cAAc,KAAK,CAAC,SAAS,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QACvE,MAAM,aAAa,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,QAAQ,CAAC,KAAK,CAAC,MAAM,EAAE,EAAE,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QAC7E,MAAM,CAAC,IAAI,CACT,KAAK,KAAK,CAAC,WAAW,KAAK,KAAK,CAAC,IAAI,IAAI,KAAK,CAAC,QAAQ,EAAE;YACvD,YAAY,KAAK,CAAC,OAAO,GAAG,OAAO,IAAI,aAAa,EAAE,CACzD,CAAC;IACJ,CAAC;AACH,CAAC;AAED,6EAA6E;AAEtE,KAAK,UAAU,gBAAgB,CAAC,GAAW,EAAE,IAAuB;IACzE,MAAM,EAAE,GAAG,IAAI,CAAC,WAAW,EAAE,IAAI,EAAE,CAAC;IACpC,IAAI,CAAC,EAAE,EAAE,CAAC;QACR,MAAM,CAAC,IAAI,CAAC,gDAAgD,CAAC,CAAC;QAC9D,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IACD,MAAM,IAAI,GAAG,IAAA,oBAAa,EAAC,GAAG,CAAC,CAAC;IAChC,IAAI,CAAC,IAAI,EAAE,CAAC;QACV,MAAM,CAAC,IAAI,CAAC,wBAAwB,IAAA,uBAAgB,EAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QAC7D,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IACD,MAAM,KAAK,GAAG,IAAA,gBAAS,EAAC,IAAI,EAAE,EAAE,CAAC,CAAC;IAClC,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,MAAM,CAAC,IAAI,CAAC,sCAAsC,EAAE,EAAE,CAAC,CAAC;QACxD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IACD,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC;QACd,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC,GAAG,IAAI,CAAC,CAAC;QAC5D,OAAO;IACT,CAAC;IACD,MAAM,CAAC,IAAI,CAAC,uBAAuB,KAAK,CAAC,WAAW,EAAE,CAAC,CAAC;IACxD,MAAM,CAAC,IAAI,CAAC,uBAAuB,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC;IACjD,MAAM,CAAC,IAAI,CAAC,uBAAuB,KAAK,CAAC,QAAQ,EAAE,CAAC,CAAC;IACrD,MAAM,CAAC,IAAI,CAAC,uBAAuB,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC;IACpD,IAAI,KAAK,CAAC,OAAO;QAAE,MAAM,CAAC,IAAI,CAAC,uBAAuB,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC;IACvE,IAAI,KAAK,CAAC,SAAS;QAAE,MAAM,CAAC,IAAI,CAAC,uBAAuB,KAAK,CAAC,SAAS,EAAE,CAAC,CAAC;IAC3E,IAAI,KAAK,CAAC,oBAAoB,EAAE,CAAC;QAC/B,MAAM,CAAC,IAAI,CAAC,uBAAuB,KAAK,CAAC,oBAAoB,EAAE,CAAC,CAAC;IACnE,CAAC;IACD,IAAI,KAAK,CAAC,MAAM;QAAE,MAAM,CAAC,IAAI,CAAC,uBAAuB,KAAK,CAAC,MAAM,EAAE,CAAC,CAAC;AACvE,CAAC;AAED,6EAA6E;AAEtE,KAAK,UAAU,iBAAiB,CAAC,GAAW,EAAE,IAAwB;IAC3E,MAAM,IAAI,GAAG,IAAA,oBAAa,EAAC,GAAG,CAAC,CAAC;IAChC,IAAI,CAAC,IAAI,EAAE,CAAC;QACV,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC;YACd,OAAO,CAAC,MAAM,CAAC,KAAK,CAClB,IAAI,CAAC,SAAS,CACZ,EAAE,OAAO,EAAE,EAAE,EAAE,YAAY,EAAE,EAAE,EAAE,gBAAgB,EAAE,EAAE,EAAwB,EAC7E,IAAI,EACJ,CAAC,CACF,GAAG,IAAI,CACT,CAAC;YACF,OAAO;QACT,CAAC;QACD,MAAM,CAAC,IAAI,CAAC,wBAAwB,IAAA,uBAAgB,EAAC,GAAG,CAAC,sBAAsB,CAAC,CAAC;QACjF,OAAO;IACT,CAAC;IAED,MAAM,MAAM,GAAG,IAAA,qBAAc,EAAC,IAAI,EAAE,EAAE,gBAAgB,EAAE,IAAI,CAAC,gBAAgB,EAAE,CAAC,CAAC;IAEjF,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC;QACd,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,GAAG,IAAI,CAAC,CAAC;QAC7D,OAAO;IACT,CAAC;IAED,MAAM,KAAK,GAAG,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC;IAClC,MAAM,OAAO,GAAG,IAAI,CAAC,gBAAgB,IAAI,EAAE,CAAC;IAC5C,MAAM,CAAC,IAAI,CACT,oBAAoB,KAAK,QAAQ,KAAK,KAAK,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,KAAK,GAAG;QAC3D,SAAS,IAAI,CAAC,IAAI,4BAA4B,OAAO,OAAO,CAC/D,CAAC;IAEF,IACE,MAAM,CAAC,OAAO,CAAC,MAAM,KAAK,CAAC;QAC3B,MAAM,CAAC,YAAY,CAAC,MAAM,KAAK,CAAC;QAChC,MAAM,CAAC,gBAAgB,CAAC,MAAM,KAAK,CAAC,EACpC,CAAC;QACD,MAAM,CAAC,OAAO,CAAC,kBAAkB,CAAC,CAAC;QACnC,OAAO;IACT,CAAC;IAED,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC9B,MAAM,CAAC,IAAI,CACT,YAAY,MAAM,CAAC,OAAO,CAAC,MAAM,mDAAmD,CACrF,CAAC;QACF,KAAK,MAAM,CAAC,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;YAC/B,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,WAAW,KAAK,CAAC,CAAC,IAAI,IAAI,CAAC,CAAC,QAAQ,aAAa,CAAC,CAAC,SAAS,EAAE,CAAC,CAAC;QACrF,CAAC;IACH,CAAC;IAED,IAAI,MAAM,CAAC,YAAY,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACnC,MAAM,CAAC,IAAI,CACT,mBAAmB,MAAM,CAAC,YAAY,CAAC,MAAM,YAAY,OAAO,4BAA4B,CAC7F,CAAC;QACF,KAAK,MAAM,EAAE,KAAK,EAAE,aAAa,EAAE,IAAI,MAAM,CAAC,YAAY,EAAE,CAAC;YAC3D,MAAM,CAAC,IAAI,CACT,KAAK,KAAK,CAAC,WAAW,KAAK,KAAK,CAAC,IAAI,IAAI,KAAK,CAAC,QAAQ,EAAE;gBACvD,aAAa,KAAK,CAAC,SAAS,QAAQ,aAAa,IAAI,CACxD,CAAC;QACJ,CAAC;IACH,CAAC;IAED,IAAI,MAAM,CAAC,gBAAgB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACvC,MAAM,CAAC,IAAI,CACT,sBAAsB,MAAM,CAAC,gBAAgB,CAAC,MAAM,MAAM;YACxD,sDAAsD,CACzD,CAAC;QACF,KAAK,MAAM,CAAC,IAAI,MAAM,CAAC,gBAAgB,EAAE,CAAC;YACxC,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,WAAW,KAAK,CAAC,CAAC,IAAI,IAAI,CAAC,CAAC,QAAQ,EAAE,CAAC,CAAC;QAC7D,CAAC;IACH,CAAC;AACH,CAAC;AAED,6EAA6E;AAEtE,KAAK,UAAU,iBAAiB,CAAC,GAAW,EAAE,IAAwB;IAC3E,MAAM,IAAI,GAAG,IAAA,oBAAa,EAAC,GAAG,CAAC,CAAC;IAChC,IAAI,CAAC,IAAI,EAAE,CAAC;QACV,MAAM,CAAC,IAAI,CAAC,wBAAwB,IAAA,uBAAgB,EAAC,GAAG,CAAC,sBAAsB,CAAC,CAAC;QACjF,OAAO;IACT,CAAC;IAED,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,GAAG,IAAA,mBAAY,EAAC,IAAI,CAAC,CAAC;IAE7C,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC;QACd,OAAO,CAAC,MAAM,CAAC,KAAK,CAClB,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,CAAC,CAAC,IAAI,CAAC,MAAM,EAAE,OAAO,EAAE,SAAS,EAAE,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC;YACzF,IAAI,CACP,CAAC;QACF,IAAI,CAAC,IAAI,CAAC,MAAM,IAAI,OAAO,CAAC,MAAM,GAAG,CAAC;YAAE,IAAA,oBAAa,EAAC,GAAG,EAAE,IAAI,CAAC,CAAC;QACjE,OAAO;IACT,CAAC;IAED,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACzB,MAAM,CAAC,IAAI,CAAC,0CAA0C,CAAC,CAAC;QACxD,OAAO;IACT,CAAC;IAED,MAAM,IAAI,GAAG,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,cAAc,CAAC,CAAC,CAAC,UAAU,CAAC;IACvD,MAAM,CAAC,IAAI,CAAC,GAAG,IAAI,IAAI,OAAO,CAAC,MAAM,gBAAgB,OAAO,CAAC,MAAM,KAAK,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,KAAK,GAAG,CAAC,CAAC;IAC5F,KAAK,MAAM,CAAC,IAAI,OAAO,EAAE,CAAC;QACxB,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,WAAW,KAAK,CAAC,CAAC,IAAI,IAAI,CAAC,CAAC,QAAQ,aAAa,CAAC,CAAC,SAAS,EAAE,CAAC,CAAC;IACrF,CAAC;IAED,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC;QAChB,MAAM,CAAC,IAAI,CAAC,kEAAkE,CAAC,CAAC;QAChF,OAAO;IACT,CAAC;IACD,IAAA,oBAAa,EAAC,GAAG,EAAE,IAAI,CAAC,CAAC;IACzB,MAAM,CAAC,OAAO,CAAC,UAAU,OAAO,CAAC,MAAM,mBAAmB,CAAC,CAAC;AAC9D,CAAC;AAED,6EAA6E;AAE7E,SAAS,qBAAqB,CAAC,KAAa;IAC1C,OAAQ,6BAA2C,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;AACtE,CAAC;AAED,SAAS,aAAa,CAAC,GAAuB;IAC5C,IAAI,CAAC,GAAG,EAAE,CAAC;QACT,MAAM,CAAC,IAAI,CAAC,mCAAmC,2BAAc,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAC7E,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IACD,IAAI,CAAE,2BAAoC,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;QACzD,MAAM,CAAC,IAAI,CACT,cAAc,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,4BAA4B;YAC3D,WAAW,2BAAc,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAC1C,CAAC;QACF,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IACD,OAAO,GAAwB,CAAC;AAClC,CAAC;AAED,MAAM,gBAAgB,GAA+B,CAAC,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE,KAAK,CAAC,CAAC;AAE3F,SAAS,gBAAgB,CAAC,GAAuB;IAC/C,IAAI,GAAG,KAAK,SAAS;QAAE,OAAO,SAAS,CAAC;IACxC,IAAI,CAAE,gBAAsC,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;QAC3D,MAAM,CAAC,IAAI,CACT,2BAA2B,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,4BAA4B;YACxE,WAAW,gBAAgB,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAC5C,CAAC;QACF,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IACD,OAAO,GAAsB,CAAC;AAChC,CAAC;AAED,SAAS,gBAAgB,CACvB,GAAuB,EACvB,QAA2B;IAE3B,IAAI,GAAG,KAAK,SAAS,EAAE,CAAC;QACtB,IAAI,CAAC,qBAAqB,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC;YACrC,MAAM,CAAC,IAAI,CAAC,8CAA8C,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;YACjF,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;QACD,OAAO,GAAG,CAAC;IACb,CAAC;IACD,IAAI,IAAA,2BAAc,EAAC,QAAQ,CAAC,EAAE,CAAC;QAC7B,4CAA4C;QAC5C,OAAO,IAAA,8BAAiB,EAAC,IAAI,IAAI,EAAE,CAAC,CAAC;IACvC,CAAC;IACD,OAAO,SAAS,CAAC;AACnB,CAAC;AAED,SAAS,WAAW,CAAC,GAAW,EAAE,QAAmC;IACnE,IAAI,QAAQ,KAAK,SAAS,EAAE,CAAC;QAC3B,IAAI,CAAE,gBAA+B,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC;YACzD,MAAM,CAAC,IAAI,CACT,UAAU,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,wBAAwB;gBACxD,WAAW,gBAAS,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CACrC,CAAC;YACF,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;QACD,OAAO,QAAQ,CAAC;IAClB,CAAC;IACD,MAAM,QAAQ,GAAG,IAAA,oBAAa,EAAC,GAAG,CAAC,CAAC;IACpC,OAAO,QAAQ,EAAE,IAAI,IAAI,MAAM,CAAC;AAClC,CAAC;AAED,SAAS,mBAAmB,CAAC,GAAW;IACtC,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,IAAA,wBAAQ,EAAC,6BAA6B,EAAE;YAClD,GAAG;YACH,KAAK,EAAE,CAAC,QAAQ,EAAE,MAAM,EAAE,QAAQ,CAAC;YACnC,QAAQ,EAAE,MAAM;SACjB,CAAC,CAAC,IAAI,EAAE,CAAC;QACV,OAAO,GAAG,IAAI,SAAS,CAAC;IAC1B,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,SAAS,CAAC;IACnB,CAAC;AACH,CAAC;AAED,SAAS,aAAa,CAAC,IAAY;IACjC,MAAM,GAAG,GAAG,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,WAAW,EAAE,CAAC;IAC7C,IAAI,CAAC,GAAG;QAAE,OAAO,SAAS,CAAC;IAC3B,KAAK,MAAM,IAAI,IAAI,qBAAS,EAAE,CAAC;QAC7B,IAAI,IAAI,CAAC,gBAAgB,CAAC,QAAQ,CAAC,GAAG,CAAC;YAAE,OAAO,IAAI,CAAC;IACvD,CAAC;IACD,OAAO,SAAS,CAAC;AACnB,CAAC;AAED,SAAS,QAAQ,CAAC,MAAY,IAAI,IAAI,EAAE;IACtC,OAAO,GAAG,CAAC,WAAW,EAAE,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;AACxC,CAAC;AAED,SAAS,QAAQ,CAAC,CAAS,EAAE,GAAW;IACtC,IAAI,CAAC,CAAC,MAAM,IAAI,GAAG;QAAE,OAAO,CAAC,CAAC;IAC9B,OAAO,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,GAAG,CAAC,CAAC,GAAG,GAAG,CAAC;AACnC,CAAC"}
1
+ {"version":3,"file":"cli.js","sourceRoot":"","sources":["../../src/allowlist/cli.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAiCG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAoIH,oCAgEC;AAID,0CAqBC;AAyHD,4CAuBC;AAID,4CA8BC;AAID,8CAuGC;AAID,8CAmCC;AAID,gDA4BC;AAkBD,gDA6EC;AA9pBD,uCAAyB;AACzB,2CAA6B;AAC7B,iDAAyC;AACzC,kDAAoC;AACpC,6DAImC;AACnC,gEAA0F;AAC1F,iDAAsD;AACtD,uDAA+F;AAC/F,4CAAyC;AAIzC,6CAQsB;AA0wBb,oGAhxBP,gCAAmB,OAgxBO;AAzwB5B,iCAkBgB;AA0vBP,mGA3wBP,yBAAkB,OA2wBO;AAzvB3B,qCAA4C;AAE5C,2DAA2D;AAC9C,QAAA,qBAAqB,GAAG;IACnC,KAAK;IACL,MAAM;IACN,MAAM;IACN,OAAO;IACP,OAAO;IACP,QAAQ;IACR,QAAQ;CACA,CAAC;AAqEX;;;;;GAKG;AACI,KAAK,UAAU,YAAY,CAChC,GAAW,EACX,UAA8B,EAC9B,IAGC;IAED,IAAI,CAAC,UAAU,IAAI,CAAC,qBAAqB,CAAC,UAAU,CAAC,EAAE,CAAC;QACtD,MAAM,CAAC,IAAI,CACT,iCAAiC,IAAI,CAAC,SAAS,CAAC,UAAU,IAAI,QAAQ,CAAC,IAAI;YACzE,oBAAoB,6BAAqB,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAC1D,CAAC;QACF,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IAED,QAAQ,UAAU,EAAE,CAAC;QACnB,KAAK,KAAK;YACR,OAAO,eAAe,CAAC,GAAG,EAAE;gBAC1B,MAAM,EAAE,IAAI,CAAC,eAAe;gBAC5B,QAAQ,EAAE,IAAI,CAAC,MAAM,CAAC,QAA8B;gBACpD,MAAM,EAAE,IAAI,CAAC,MAAM,CAAC,MAA4B;gBAChD,IAAI,EAAE,IAAI,CAAC,MAAM,CAAC,IAA0B;gBAC5C,WAAW,EAAE,IAAI,CAAC,MAAM,CAAC,WAAiC;gBAC1D,OAAO,EAAE,IAAI,CAAC,MAAM,CAAC,OAA6B;gBAClD,oBAAoB,EAAE,IAAI,CAAC,MAAM,CAAC,uBAAuB,CAAuB;gBAChF,OAAO,EAAE,IAAI,CAAC,MAAM,CAAC,UAAU,CAAuB;gBACtD,IAAI,EAAE,IAAI,CAAC,MAAM,CAAC,IAAiC;aACpD,CAAC,CAAC;QACL,KAAK,MAAM;YACT,OAAO,gBAAgB,CAAC,GAAG,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC,CAAC;QAC7D,KAAK,MAAM;YACT,OAAO,gBAAgB,CAAC,GAAG,EAAE;gBAC3B,WAAW,EAAE,IAAI,CAAC,eAAe;gBACjC,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI;aACzB,CAAC,CAAC;QACL,KAAK,OAAO,CAAC,CAAC,CAAC;YACb,MAAM,UAAU,GAAG,IAAI,CAAC,MAAM,CAAC,WAAW,CAAuB,CAAC;YAClE,MAAM,OAAO,GAAG,UAAU,CAAC,CAAC,CAAC,QAAQ,CAAC,UAAU,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;YAClE,OAAO,iBAAiB,CAAC,GAAG,EAAE;gBAC5B,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI;gBACxB,gBAAgB,EAAE,MAAM,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,SAAS;gBAChE,eAAe,EAAE,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,kBAAkB,CAAC;gBAClD,YAAY,EAAE,IAAI,CAAC,MAAM,CAAC,eAAe,CAAuB;aACjE,CAAC,CAAC;QACL,CAAC;QACD,KAAK,OAAO;YACV,OAAO,iBAAiB,CAAC,GAAG,EAAE;gBAC5B,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI;gBACxB,MAAM,EAAE,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC;gBAChC,GAAG,EAAE,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,GAAG;aACvB,CAAC,CAAC;QACL,KAAK,QAAQ;YACX,OAAO,kBAAkB,CAAC,GAAG,EAAE;gBAC7B,WAAW,EAAE,IAAI,CAAC,eAAe;gBACjC,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI;aACzB,CAAC,CAAC;QACL,KAAK,QAAQ;YACX,OAAO,kBAAkB,CAAC,GAAG,EAAE;gBAC7B,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI;gBACxB,GAAG,EAAE,IAAI,CAAC,MAAM,CAAC,GAAyB;gBAC1C,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI;aACzB,CAAC,CAAC;IACP,CAAC;AACH,CAAC;AAED,6EAA6E;AAEtE,KAAK,UAAU,eAAe,CAAC,GAAW,EAAE,IAAsB;IACvE,gEAAgE;IAChE,0BAA0B;IAC1B,MAAM,QAAQ,GAAG,aAAa,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;IAC9C,MAAM,MAAM,GAAG,CAAC,IAAI,CAAC,MAAM,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;IAC1C,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,MAAM,CAAC,IAAI,CAAC,mDAAmD,CAAC,CAAC;QACjE,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IAED,sEAAsE;IACtE,4BAA4B;IAC5B,oEAAoE;IACpE,sDAAsD;IACtD,MAAM,YAAY,GAAG,iBAAiB,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;IACpD,IAAI,YAAY,EAAE,CAAC;QACjB,OAAO,YAAY,CAAC,EAAE,GAAG,EAAE,MAAM,EAAE,YAAY,EAAE,QAAQ,EAAE,MAAM,EAAE,CAAC,CAAC;IACvE,CAAC;IAED,kBAAkB;IAClB,OAAO,eAAe,CAAC,EAAE,GAAG,EAAE,IAAI,EAAE,QAAQ,EAAE,MAAM,EAAE,CAAC,CAAC;AAC1D,CAAC;AAOD,SAAS,iBAAiB,CAAC,MAA0B;IACnD,IAAI,CAAC,MAAM;QAAE,OAAO,IAAI,CAAC;IACzB,MAAM,CAAC,GAAG,MAAM,CAAC,KAAK,CAAC,cAAc,CAAC,CAAC;IACvC,IAAI,CAAC,CAAC;QAAE,OAAO,IAAI,CAAC;IACpB,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,EAAE,CAAC;AAClD,CAAC;AAED,KAAK,UAAU,YAAY,CAAC,IAK3B;IACC,MAAM,EAAE,GAAG,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,GAAG,IAAI,CAAC;IAC/C,IAAI,CAAC,yCAA4B,CAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC;QAChD,MAAM,CAAC,IAAI,CACT,YAAY,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,kBAAkB;YACpD,qDAAqD;YACrD,iCAAiC,CAAC,GAAG,yCAA4B,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CACnF,CAAC;QACF,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IAED,MAAM,OAAO,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,MAAM,CAAC,IAAI,CAAC,CAAC;IAC/C,MAAM,IAAI,GAAG,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;IACxC,IAAI,CAAC,IAAI,IAAI,CAAC,IAAI,CAAC,aAAa,EAAE,CAAC;QACjC,MAAM,CAAC,IAAI,CACT,iDAAiD,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI;YAC9E,qEAAqE,CACxE,CAAC;QACF,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IAED,MAAM,MAAM,GAAG,IAAA,yBAAgB,EAAC,OAAO,EAAE,MAAM,CAAC,IAAI,EAAE,EAAE,QAAQ,EAAE,MAAM,EAAE,EAAE,IAAI,CAAC,CAAC;IAClF,MAAM,CAAC,IAAI,CACT,YAAY,MAAM,CAAC,QAAQ,4BAA4B,MAAM,CAAC,IAAI,IAAI,MAAM,CAAC,cAAc,GAAG;QAC5F,aAAa,QAAQ,GAAG,CAC3B,CAAC;AACJ,CAAC;AAED,KAAK,UAAU,eAAe,CAAC,IAK9B;IACC,MAAM,EAAE,GAAG,EAAE,IAAI,EAAE,QAAQ,EAAE,MAAM,EAAE,GAAG,IAAI,CAAC;IAC7C,MAAM,WAAW,GAAG,IAAI,CAAC,WAAW,EAAE,IAAI,EAAE,CAAC;IAC7C,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,EAAE,IAAI,EAAE,CAAC;IAClC,IAAI,CAAC,WAAW,IAAI,CAAC,OAAO,EAAE,CAAC;QAC7B,MAAM,CAAC,IAAI,CACT,+EAA+E;YAC7E,wFAAwF,CAC3F,CAAC;QACF,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IACD,MAAM,IAAI,GAAG,OAAuB,CAAC;IACrC,IAAI,CAAC,IAAA,mCAAsB,EAAC,IAAI,EAAE,QAAQ,CAAC,EAAE,CAAC;QAC5C,MAAM,CAAC,IAAI,CACT,YAAY,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,2BAA2B,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,EAAE,CACtF,CAAC;QACF,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IAED,MAAM,SAAS,GAAG,gBAAgB,CAAC,IAAI,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC;IAC3D,MAAM,OAAO,GAAG,IAAI,CAAC,OAAO,EAAE,IAAI,EAAE,IAAI,mBAAmB,CAAC,GAAG,CAAC,CAAC;IACjE,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,MAAM,CAAC,IAAI,CAAC,6EAA6E,CAAC,CAAC;QAC3F,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IACD,MAAM,OAAO,GAAG,QAAQ,EAAE,CAAC;IAC3B,MAAM,oBAAoB,GAAG,gBAAgB,CAAC,IAAI,CAAC,oBAAoB,CAAC,CAAC;IAEzE,MAAM,KAAK,GAAmB;QAC5B,WAAW;QACX,IAAI;QACJ,QAAQ;QACR,MAAM;QACN,OAAO;QACP,OAAO;QACP,GAAG,CAAC,SAAS,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,SAAS,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QACjD,GAAG,CAAC,oBAAoB,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,oBAAoB,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;KACxE,CAAC;IAEF,+EAA+E;IAC/E,MAAM,IAAI,GAAG,WAAW,CAAC,GAAG,EAAE,IAAI,CAAC,IAAI,CAAC,CAAC;IACzC,MAAM,gBAAgB,GAAG,IAAA,6BAAsB,EAAC,KAAK,EAAE,IAAI,CAAC,CAAC;IAC7D,IAAI,gBAAgB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAChC,MAAM,CAAC,IAAI,CAAC,oCAAoC,CAAC,CAAC;QAClD,KAAK,MAAM,CAAC,IAAI,gBAAgB,EAAE,CAAC;YACjC,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,KAAK,KAAK,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC;QAC9C,CAAC;QACD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IAED,MAAM,QAAQ,GAAG,IAAA,oBAAa,EAAC,GAAG,CAAC,IAAI,IAAA,yBAAkB,EAAC,IAAI,CAAC,CAAC;IAChE,IAAI,IAAA,gBAAS,EAAC,QAAQ,EAAE,WAAW,CAAC,EAAE,CAAC;QACrC,MAAM,CAAC,IAAI,CACT,oDAAoD,WAAW,IAAI;YACjE,mCAAmC,WAAW,iCAAiC,CAClF,CAAC;QACF,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IAED,MAAM,OAAO,GAAkB,EAAE,GAAG,IAAA,eAAQ,EAAC,QAAQ,EAAE,KAAK,CAAC,EAAE,IAAI,EAAE,CAAC;IACtE,IAAA,oBAAa,EAAC,GAAG,EAAE,OAAO,CAAC,CAAC;IAC5B,MAAM,CAAC,IAAI,CACT,yCAAyC,WAAW,UAAU,IAAI,cAAc,QAAQ,GAAG;QACzF,CAAC,SAAS,CAAC,CAAC,CAAC,aAAa,SAAS,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,CAC9C,CAAC;AACJ,CAAC;AAED,6EAA6E;AAEtE,KAAK,UAAU,gBAAgB,CAAC,GAAW,EAAE,IAAuB;IACzE,MAAM,IAAI,GAAG,IAAA,oBAAa,EAAC,GAAG,CAAC,CAAC;IAChC,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC;QACd,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,IAAI,IAAA,yBAAkB,EAAC,MAAM,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC,GAAG,IAAI,CAAC,CAAC;QACzF,OAAO;IACT,CAAC;IAED,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACvC,MAAM,CAAC,IAAI,CAAC,uEAAuE,CAAC,CAAC;QACrF,OAAO;IACT,CAAC;IACD,MAAM,CAAC,IAAI,CACT,GAAG,IAAI,CAAC,OAAO,CAAC,MAAM,kBAAkB,IAAI,CAAC,OAAO,CAAC,MAAM,KAAK,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,KAAK,GAAG;QAChF,SAAS,IAAI,CAAC,IAAI,YAAY,IAAI,CAAC,aAAa,IAAI,CACvD,CAAC;IACF,KAAK,MAAM,KAAK,IAAI,IAAI,CAAC,OAAO,EAAE,CAAC;QACjC,MAAM,OAAO,GAAG,KAAK,CAAC,SAAS,CAAC,CAAC,CAAC,cAAc,KAAK,CAAC,SAAS,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QACvE,MAAM,aAAa,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,QAAQ,CAAC,KAAK,CAAC,MAAM,EAAE,EAAE,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QAC7E,MAAM,CAAC,IAAI,CACT,KAAK,KAAK,CAAC,WAAW,KAAK,KAAK,CAAC,IAAI,IAAI,KAAK,CAAC,QAAQ,EAAE;YACvD,YAAY,KAAK,CAAC,OAAO,GAAG,OAAO,IAAI,aAAa,EAAE,CACzD,CAAC;IACJ,CAAC;AACH,CAAC;AAED,6EAA6E;AAEtE,KAAK,UAAU,gBAAgB,CAAC,GAAW,EAAE,IAAuB;IACzE,MAAM,EAAE,GAAG,IAAI,CAAC,WAAW,EAAE,IAAI,EAAE,CAAC;IACpC,IAAI,CAAC,EAAE,EAAE,CAAC;QACR,MAAM,CAAC,IAAI,CAAC,gDAAgD,CAAC,CAAC;QAC9D,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IACD,MAAM,IAAI,GAAG,IAAA,oBAAa,EAAC,GAAG,CAAC,CAAC;IAChC,IAAI,CAAC,IAAI,EAAE,CAAC;QACV,MAAM,CAAC,IAAI,CAAC,wBAAwB,IAAA,uBAAgB,EAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QAC7D,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IACD,MAAM,KAAK,GAAG,IAAA,gBAAS,EAAC,IAAI,EAAE,EAAE,CAAC,CAAC;IAClC,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,MAAM,CAAC,IAAI,CAAC,sCAAsC,EAAE,EAAE,CAAC,CAAC;QACxD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IACD,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC;QACd,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC,GAAG,IAAI,CAAC,CAAC;QAC5D,OAAO;IACT,CAAC;IACD,MAAM,CAAC,IAAI,CAAC,uBAAuB,KAAK,CAAC,WAAW,EAAE,CAAC,CAAC;IACxD,MAAM,CAAC,IAAI,CAAC,uBAAuB,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC;IACjD,MAAM,CAAC,IAAI,CAAC,uBAAuB,KAAK,CAAC,QAAQ,EAAE,CAAC,CAAC;IACrD,MAAM,CAAC,IAAI,CAAC,uBAAuB,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC;IACpD,IAAI,KAAK,CAAC,OAAO;QAAE,MAAM,CAAC,IAAI,CAAC,uBAAuB,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC;IACvE,IAAI,KAAK,CAAC,SAAS;QAAE,MAAM,CAAC,IAAI,CAAC,uBAAuB,KAAK,CAAC,SAAS,EAAE,CAAC,CAAC;IAC3E,IAAI,KAAK,CAAC,oBAAoB,EAAE,CAAC;QAC/B,MAAM,CAAC,IAAI,CAAC,uBAAuB,KAAK,CAAC,oBAAoB,EAAE,CAAC,CAAC;IACnE,CAAC;IACD,IAAI,KAAK,CAAC,MAAM;QAAE,MAAM,CAAC,IAAI,CAAC,uBAAuB,KAAK,CAAC,MAAM,EAAE,CAAC,CAAC;AACvE,CAAC;AAED,6EAA6E;AAEtE,KAAK,UAAU,iBAAiB,CAAC,GAAW,EAAE,IAAwB;IAC3E,MAAM,IAAI,GAAG,IAAA,oBAAa,EAAC,GAAG,CAAC,CAAC;IAChC,IAAI,CAAC,IAAI,EAAE,CAAC;QACV,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC;YACd,OAAO,CAAC,MAAM,CAAC,KAAK,CAClB,IAAI,CAAC,SAAS,CACZ,EAAE,OAAO,EAAE,EAAE,EAAE,YAAY,EAAE,EAAE,EAAE,gBAAgB,EAAE,EAAE,EAAwB,EAC7E,IAAI,EACJ,CAAC,CACF,GAAG,IAAI,CACT,CAAC;YACF,OAAO;QACT,CAAC;QACD,MAAM,CAAC,IAAI,CAAC,wBAAwB,IAAA,uBAAgB,EAAC,GAAG,CAAC,sBAAsB,CAAC,CAAC;QACjF,OAAO;IACT,CAAC;IAED,oEAAoE;IACpE,kEAAkE;IAClE,oEAAoE;IACpE,IAAI,mBAAoD,CAAC;IACzD,IAAI,IAAI,CAAC,eAAe,EAAE,CAAC;QACzB,mBAAmB,GAAG,sBAAsB,CAAC,GAAG,EAAE,IAAI,CAAC,YAAY,CAAC,CAAC;QACrE,IAAI,CAAC,mBAAmB,EAAE,CAAC;YACzB,MAAM,CAAC,IAAI,CACT,wDAAwD;gBACtD,GAAG,IAAA,+BAAe,EAAC,GAAG,EAAE,IAAI,CAAC,YAAY,IAAI,qCAAqB,CAAC,KAAK;gBACxE,8DAA8D;gBAC9D,4CAA4C,CAC/C,CAAC;QACJ,CAAC;IACH,CAAC;IAED,MAAM,MAAM,GAAG,IAAA,qBAAc,EAAC,IAAI,EAAE;QAClC,gBAAgB,EAAE,IAAI,CAAC,gBAAgB;QACvC,GAAG,CAAC,mBAAmB,CAAC,CAAC,CAAC,EAAE,mBAAmB,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;KACxD,CAAC,CAAC;IAEH,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC;QACd,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,GAAG,IAAI,CAAC,CAAC;QAC7D,OAAO;IACT,CAAC;IAED,MAAM,KAAK,GAAG,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC;IAClC,MAAM,OAAO,GAAG,IAAI,CAAC,gBAAgB,IAAI,EAAE,CAAC;IAC5C,MAAM,CAAC,IAAI,CACT,oBAAoB,KAAK,QAAQ,KAAK,KAAK,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,KAAK,GAAG;QAC3D,SAAS,IAAI,CAAC,IAAI,4BAA4B,OAAO,OAAO,CAC/D,CAAC;IAEF,IACE,MAAM,CAAC,OAAO,CAAC,MAAM,KAAK,CAAC;QAC3B,MAAM,CAAC,YAAY,CAAC,MAAM,KAAK,CAAC;QAChC,MAAM,CAAC,gBAAgB,CAAC,MAAM,KAAK,CAAC;QACpC,CAAC,MAAM,CAAC,QAAQ,EAAE,MAAM,IAAI,CAAC,CAAC,KAAK,CAAC,EACpC,CAAC;QACD,MAAM,CAAC,OAAO,CAAC,kBAAkB,CAAC,CAAC;QACnC,OAAO;IACT,CAAC;IAED,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC9B,MAAM,CAAC,IAAI,CACT,YAAY,MAAM,CAAC,OAAO,CAAC,MAAM,mDAAmD,CACrF,CAAC;QACF,KAAK,MAAM,CAAC,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;YAC/B,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,WAAW,KAAK,CAAC,CAAC,IAAI,IAAI,CAAC,CAAC,QAAQ,aAAa,CAAC,CAAC,SAAS,EAAE,CAAC,CAAC;QACrF,CAAC;IACH,CAAC;IAED,IAAI,MAAM,CAAC,YAAY,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACnC,MAAM,CAAC,IAAI,CACT,mBAAmB,MAAM,CAAC,YAAY,CAAC,MAAM,YAAY,OAAO,4BAA4B,CAC7F,CAAC;QACF,KAAK,MAAM,EAAE,KAAK,EAAE,aAAa,EAAE,IAAI,MAAM,CAAC,YAAY,EAAE,CAAC;YAC3D,MAAM,CAAC,IAAI,CACT,KAAK,KAAK,CAAC,WAAW,KAAK,KAAK,CAAC,IAAI,IAAI,KAAK,CAAC,QAAQ,EAAE;gBACvD,aAAa,KAAK,CAAC,SAAS,QAAQ,aAAa,IAAI,CACxD,CAAC;QACJ,CAAC;IACH,CAAC;IAED,IAAI,MAAM,CAAC,gBAAgB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACvC,MAAM,CAAC,IAAI,CACT,sBAAsB,MAAM,CAAC,gBAAgB,CAAC,MAAM,MAAM;YACxD,sDAAsD,CACzD,CAAC;QACF,KAAK,MAAM,CAAC,IAAI,MAAM,CAAC,gBAAgB,EAAE,CAAC;YACxC,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,WAAW,KAAK,CAAC,CAAC,IAAI,IAAI,CAAC,CAAC,QAAQ,EAAE,CAAC,CAAC;QAC7D,CAAC;IACH,CAAC;IAED,IAAI,MAAM,CAAC,QAAQ,IAAI,MAAM,CAAC,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAClD,MAAM,CAAC,IAAI,CACT,aAAa,MAAM,CAAC,QAAQ,CAAC,MAAM,8CAA8C;YAC/E,0EAA0E;YAC1E,4EAA4E;YAC5E,4EAA4E,CAC/E,CAAC;QACF,KAAK,MAAM,CAAC,IAAI,MAAM,CAAC,QAAQ,EAAE,CAAC;YAChC,MAAM,aAAa,GAAG,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,QAAQ,CAAC,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YACrE,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,WAAW,KAAK,CAAC,CAAC,IAAI,IAAI,CAAC,CAAC,QAAQ,GAAG,aAAa,EAAE,CAAC,CAAC;QAC7E,CAAC;IACH,CAAC;AACH,CAAC;AAED,6EAA6E;AAEtE,KAAK,UAAU,iBAAiB,CAAC,GAAW,EAAE,IAAwB;IAC3E,MAAM,IAAI,GAAG,IAAA,oBAAa,EAAC,GAAG,CAAC,CAAC;IAChC,IAAI,CAAC,IAAI,EAAE,CAAC;QACV,MAAM,CAAC,IAAI,CAAC,wBAAwB,IAAA,uBAAgB,EAAC,GAAG,CAAC,sBAAsB,CAAC,CAAC;QACjF,OAAO;IACT,CAAC;IAED,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,GAAG,IAAA,mBAAY,EAAC,IAAI,CAAC,CAAC;IAE7C,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC;QACd,OAAO,CAAC,MAAM,CAAC,KAAK,CAClB,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,CAAC,CAAC,IAAI,CAAC,MAAM,EAAE,OAAO,EAAE,SAAS,EAAE,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC;YACzF,IAAI,CACP,CAAC;QACF,IAAI,CAAC,IAAI,CAAC,MAAM,IAAI,OAAO,CAAC,MAAM,GAAG,CAAC;YAAE,IAAA,oBAAa,EAAC,GAAG,EAAE,IAAI,CAAC,CAAC;QACjE,OAAO;IACT,CAAC;IAED,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACzB,MAAM,CAAC,IAAI,CAAC,0CAA0C,CAAC,CAAC;QACxD,OAAO;IACT,CAAC;IAED,MAAM,IAAI,GAAG,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,cAAc,CAAC,CAAC,CAAC,UAAU,CAAC;IACvD,MAAM,CAAC,IAAI,CAAC,GAAG,IAAI,IAAI,OAAO,CAAC,MAAM,gBAAgB,OAAO,CAAC,MAAM,KAAK,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,KAAK,GAAG,CAAC,CAAC;IAC5F,KAAK,MAAM,CAAC,IAAI,OAAO,EAAE,CAAC;QACxB,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,WAAW,KAAK,CAAC,CAAC,IAAI,IAAI,CAAC,CAAC,QAAQ,aAAa,CAAC,CAAC,SAAS,EAAE,CAAC,CAAC;IACrF,CAAC;IAED,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC;QAChB,MAAM,CAAC,IAAI,CAAC,kEAAkE,CAAC,CAAC;QAChF,OAAO;IACT,CAAC;IACD,IAAA,oBAAa,EAAC,GAAG,EAAE,IAAI,CAAC,CAAC;IACzB,MAAM,CAAC,OAAO,CAAC,UAAU,OAAO,CAAC,MAAM,mBAAmB,CAAC,CAAC;AAC9D,CAAC;AAED,+EAA+E;AAExE,KAAK,UAAU,kBAAkB,CAAC,GAAW,EAAE,IAAyB;IAC7E,MAAM,EAAE,GAAG,IAAI,CAAC,WAAW,EAAE,IAAI,EAAE,CAAC;IACpC,IAAI,CAAC,EAAE,EAAE,CAAC;QACR,MAAM,CAAC,IAAI,CAAC,kDAAkD,CAAC,CAAC;QAChE,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IACD,MAAM,IAAI,GAAG,IAAA,oBAAa,EAAC,GAAG,CAAC,CAAC;IAChC,IAAI,CAAC,IAAI,EAAE,CAAC;QACV,MAAM,CAAC,IAAI,CAAC,wBAAwB,IAAA,uBAAgB,EAAC,GAAG,CAAC,uBAAuB,CAAC,CAAC;QAClF,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IACD,MAAM,KAAK,GAAG,IAAA,gBAAS,EAAC,IAAI,EAAE,EAAE,CAAC,CAAC;IAClC,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,MAAM,CAAC,IAAI,CACT,sCAAsC,EAAE,IAAI;YAC1C,2DAA2D,CAC9D,CAAC;QACF,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IAED,MAAM,OAAO,GAAG,IAAA,kBAAW,EAAC,IAAI,EAAE,EAAE,CAAC,CAAC;IACtC,IAAA,oBAAa,EAAC,GAAG,EAAE,OAAO,CAAC,CAAC;IAE5B,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC;QACd,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC,GAAG,IAAI,CAAC,CAAC;QACzE,OAAO;IACT,CAAC;IACD,MAAM,CAAC,OAAO,CAAC,2BAA2B,EAAE,UAAU,KAAK,CAAC,IAAI,cAAc,KAAK,CAAC,QAAQ,IAAI,CAAC,CAAC;AACpG,CAAC;AAED,+EAA+E;AAE/E;;;;;;;;;;;;;GAaG;AACI,KAAK,UAAU,kBAAkB,CAAC,GAAW,EAAE,IAAyB;IAC7E,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;QACf,MAAM,CAAC,IAAI,CAAC,iFAAiF,CAAC,CAAC;QAC/F,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IAED,MAAM,IAAI,GAAG,IAAA,oBAAa,EAAC,GAAG,CAAC,CAAC;IAChC,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACvC,MAAM,CAAC,IAAI,CAAC,2CAA2C,CAAC,CAAC;QACzD,OAAO;IACT,CAAC;IAED,MAAM,SAAS,GAAG,IAAA,2BAAgB,EAAC,GAAG,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,KAAK,WAAW,CAAC,CAAC;IAChF,IAAI,SAAS,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC3B,MAAM,CAAC,IAAI,CACT,gDAAgD;YAC9C,8CAA8C,CACjD,CAAC;QACF,OAAO;IACT,CAAC;IAED,sEAAsE;IACtE,uEAAuE;IACvE,uDAAuD;IACvD,MAAM,OAAO,GAAG,IAAI,CAAC,GAAG,IAAI,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;IACrD,MAAM,OAAO,GAAiB,EAAE,CAAC;IACjC,MAAM,YAAY,GAAG,IAAI,GAAG,EAAU,CAAC;IACvC,IAAI,cAAc,GAAG,CAAC,CAAC;IACvB,KAAK,MAAM,CAAC,IAAI,SAAS,EAAE,CAAC;QAC1B,MAAM,WAAW,GAAG,IAAA,oCAAsB,EAAC,IAAA,8BAAgB,EAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC;QAC/F,MAAM,KAAK,GAAG,IAAA,gBAAS,EAAC,IAAI,EAAE,WAAW,CAAC,CAAC;QAC3C,IAAI,CAAC,KAAK;YAAE,SAAS;QACrB,IAAI,CAAC,IAAA,oBAAa,EAAC,KAAK,CAAC,EAAE,CAAC;YAC1B,cAAc,EAAE,CAAC;YACjB,SAAS;QACX,CAAC;QACD,MAAM,GAAG,GAAG,GAAG,CAAC,CAAC,IAAI,KAAK,CAAC,CAAC,IAAI,EAAE,CAAC;QACnC,IAAI,YAAY,CAAC,GAAG,CAAC,GAAG,CAAC;YAAE,SAAS;QACpC,YAAY,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QACtB,OAAO,CAAC,IAAI,CAAC;YACX,MAAM,EAAE,CAAC,CAAC,IAAI;YACd,IAAI,EAAE,CAAC,CAAC,IAAI;YACZ,MAAM,EAAE,KAAK,CAAC,MAAM;YACpB,OAAO,EAAE,IAAA,kCAAoB,EAAC,KAAK,CAAC,SAAS,CAAC;YAC9C,OAAO;SACR,CAAC,CAAC;IACL,CAAC;IAED,MAAM,OAAO,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,IAAI,CAAC,GAAG,IAAI,OAAO,CAAC,CAAC;IACvD,MAAM,MAAM,GAAG,IAAA,6BAAe,EAAC,OAAO,CAAC,CAAC;IACxC,EAAE,CAAC,aAAa,CAAC,OAAO,EAAE,MAAM,EAAE,MAAM,CAAC,CAAC;IAE1C,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC;QACd,OAAO,CAAC,MAAM,CAAC,KAAK,CAClB,IAAI,CAAC,SAAS,CAAC,EAAE,GAAG,EAAE,OAAO,EAAE,OAAO,EAAE,OAAO,CAAC,MAAM,EAAE,cAAc,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC,GAAG,IAAI,CAC1F,CAAC;QACF,OAAO;IACT,CAAC;IAED,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACzB,MAAM,CAAC,IAAI,CACT,0EAA0E,OAAO,GAAG;YAClF,CAAC,cAAc,GAAG,CAAC;gBACjB,CAAC,CAAC,KAAK,cAAc,gBAAgB,cAAc,KAAK,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,KAAK,YAAY;gBACnF,CAAC,CAAC,EAAE,CAAC,CACV,CAAC;QACF,OAAO;IACT,CAAC;IACD,MAAM,CAAC,OAAO,CACZ,SAAS,OAAO,CAAC,MAAM,eAAe,OAAO,CAAC,MAAM,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,GAAG,OAAO,OAAO,EAAE;QACnF,CAAC,cAAc,GAAG,CAAC,CAAC,CAAC,CAAC,KAAK,cAAc,mBAAmB,CAAC,CAAC,CAAC,EAAE,CAAC;QAClE,GAAG,CACN,CAAC;IACF,MAAM,CAAC,GAAG,CACR,mFAAmF;QACjF,oEAAoE,CACvE,CAAC;AACJ,CAAC;AAED,6EAA6E;AAE7E,SAAS,qBAAqB,CAAC,KAAa;IAC1C,OAAQ,6BAA2C,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;AACtE,CAAC;AAED;;;;;;;;;;;GAWG;AACH,SAAS,sBAAsB,CAC7B,GAAW,EACX,IAAwB;IAExB,MAAM,YAAY,GAAG,IAAA,+BAAe,EAAC,GAAG,EAAE,IAAI,IAAI,qCAAqB,CAAC,CAAC;IACzE,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,YAAY,CAAC;QAAE,OAAO,SAAS,CAAC;IACnD,MAAM,QAAQ,GAAG,IAAA,gCAAgB,EAAC,YAAY,CAAC,CAAC;IAChD,MAAM,GAAG,GAAG,IAAI,GAAG,EAAU,CAAC;IAC9B,KAAK,MAAM,KAAK,IAAI,QAAQ,CAAC,QAAQ,EAAE,CAAC;QACtC,GAAG,CAAC,GAAG,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;QAClB,IAAI,sBAAsB,IAAI,KAAK,IAAI,KAAK,CAAC,oBAAoB,EAAE,CAAC;YAClE,KAAK,MAAM,EAAE,IAAI,KAAK,CAAC,oBAAoB;gBAAE,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QAC3D,CAAC;IACH,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AAED,SAAS,aAAa,CAAC,GAAuB;IAC5C,IAAI,CAAC,GAAG,EAAE,CAAC;QACT,MAAM,CAAC,IAAI,CAAC,mCAAmC,2BAAc,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAC7E,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IACD,IAAI,CAAE,2BAAoC,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;QACzD,MAAM,CAAC,IAAI,CACT,cAAc,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,4BAA4B;YAC3D,WAAW,2BAAc,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAC1C,CAAC;QACF,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IACD,OAAO,GAAwB,CAAC;AAClC,CAAC;AAED,MAAM,gBAAgB,GAA+B,CAAC,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE,KAAK,CAAC,CAAC;AAE3F,SAAS,gBAAgB,CAAC,GAAuB;IAC/C,IAAI,GAAG,KAAK,SAAS;QAAE,OAAO,SAAS,CAAC;IACxC,IAAI,CAAE,gBAAsC,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;QAC3D,MAAM,CAAC,IAAI,CACT,2BAA2B,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,4BAA4B;YACxE,WAAW,gBAAgB,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAC5C,CAAC;QACF,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IACD,OAAO,GAAsB,CAAC;AAChC,CAAC;AAED,SAAS,gBAAgB,CACvB,GAAuB,EACvB,QAA2B;IAE3B,IAAI,GAAG,KAAK,SAAS,EAAE,CAAC;QACtB,IAAI,CAAC,qBAAqB,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC;YACrC,MAAM,CAAC,IAAI,CAAC,8CAA8C,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;YACjF,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;QACD,OAAO,GAAG,CAAC;IACb,CAAC;IACD,IAAI,IAAA,2BAAc,EAAC,QAAQ,CAAC,EAAE,CAAC;QAC7B,4CAA4C;QAC5C,OAAO,IAAA,8BAAiB,EAAC,IAAI,IAAI,EAAE,CAAC,CAAC;IACvC,CAAC;IACD,OAAO,SAAS,CAAC;AACnB,CAAC;AAED,SAAS,WAAW,CAAC,GAAW,EAAE,QAAmC;IACnE,IAAI,QAAQ,KAAK,SAAS,EAAE,CAAC;QAC3B,IAAI,CAAE,gBAA+B,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC;YACzD,MAAM,CAAC,IAAI,CACT,UAAU,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,wBAAwB;gBACxD,WAAW,gBAAS,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CACrC,CAAC;YACF,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;QACD,OAAO,QAAQ,CAAC;IAClB,CAAC;IACD,MAAM,QAAQ,GAAG,IAAA,oBAAa,EAAC,GAAG,CAAC,CAAC;IACpC,OAAO,QAAQ,EAAE,IAAI,IAAI,MAAM,CAAC;AAClC,CAAC;AAED,SAAS,mBAAmB,CAAC,GAAW;IACtC,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,IAAA,wBAAQ,EAAC,6BAA6B,EAAE;YAClD,GAAG;YACH,KAAK,EAAE,CAAC,QAAQ,EAAE,MAAM,EAAE,QAAQ,CAAC;YACnC,QAAQ,EAAE,MAAM;SACjB,CAAC,CAAC,IAAI,EAAE,CAAC;QACV,OAAO,GAAG,IAAI,SAAS,CAAC;IAC1B,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,SAAS,CAAC;IACnB,CAAC;AACH,CAAC;AAED,SAAS,aAAa,CAAC,IAAY;IACjC,MAAM,GAAG,GAAG,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,WAAW,EAAE,CAAC;IAC7C,IAAI,CAAC,GAAG;QAAE,OAAO,SAAS,CAAC;IAC3B,KAAK,MAAM,IAAI,IAAI,qBAAS,EAAE,CAAC;QAC7B,IAAI,IAAI,CAAC,gBAAgB,CAAC,QAAQ,CAAC,GAAG,CAAC;YAAE,OAAO,IAAI,CAAC;IACvD,CAAC;IACD,OAAO,SAAS,CAAC;AACnB,CAAC;AAED,SAAS,QAAQ,CAAC,MAAY,IAAI,IAAI,EAAE;IACtC,OAAO,GAAG,CAAC,WAAW,EAAE,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;AACxC,CAAC;AAED,SAAS,QAAQ,CAAC,CAAS,EAAE,GAAW;IACtC,IAAI,CAAC,CAAC,MAAM,IAAI,GAAG;QAAE,OAAO,CAAC,CAAC;IAC9B,OAAO,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,GAAG,CAAC,CAAC,GAAG,GAAG,CAAC;AACnC,CAAC"}
@@ -212,17 +212,35 @@ export interface SoonToExpire {
212
212
  * reason. In full mode this should never happen (validator
213
213
  * rejects); in sanitized mode it may occur when the sidecar is
214
214
  * missing or stale.
215
+ * - `orphaned` — entries whose fingerprint matches no current
216
+ * finding. Only populated when the caller supplies the set of
217
+ * current finding fingerprints via `AuditOptions.currentFingerprints`
218
+ * (otherwise `undefined` — audit stays pure-over-file). An orphaned
219
+ * entry is NOT necessarily stale: re-baselining churns some
220
+ * fingerprints (semgrep nondeterminism, cross-tool dedup ordering),
221
+ * and an entry may suppress an intermittently-detected finding. So
222
+ * this bucket FLAGS for review — it never drives auto-removal.
215
223
  */
216
224
  export interface AuditReport {
217
225
  readonly expired: ReadonlyArray<AllowlistEntry>;
218
226
  readonly soonToExpire: ReadonlyArray<SoonToExpire>;
219
227
  readonly missingRationale: ReadonlyArray<AllowlistEntry>;
228
+ /** Entries whose fingerprint is absent from the supplied current-
229
+ * finding set. `undefined` when no set was supplied (the caller
230
+ * didn't ask for orphan detection). */
231
+ readonly orphaned?: ReadonlyArray<AllowlistEntry>;
220
232
  }
221
233
  export interface AuditOptions {
222
234
  readonly now?: Date;
223
235
  /** Window in days within which `expiresAt` is considered "soon."
224
236
  * Default 14 — chosen to match a typical sprint cadence. */
225
237
  readonly soonToExpireDays?: number;
238
+ /** Set of fingerprints present in the current finding set (the
239
+ * union of every baseline entry's `id` plus its
240
+ * `absorbedFingerprints`, so an entry keyed on a collapsed
241
+ * contributor isn't falsely flagged). When provided, entries whose
242
+ * fingerprint isn't in this set land in the `orphaned` bucket. */
243
+ readonly currentFingerprints?: ReadonlySet<string>;
226
244
  }
227
245
  export declare function auditAllowlist(file: AllowlistFile, options?: AuditOptions): AuditReport;
228
246
  /**
@@ -1 +1 @@
1
- {"version":3,"file":"file.d.ts","sourceRoot":"","sources":["../../src/allowlist/file.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA0CG;AAIH,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,uBAAuB,CAAC;AAC1D,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,mBAAmB,CAAC;AACzD,OAAO,EAIL,KAAK,iBAAiB,EACvB,MAAM,cAAc,CAAC;AAEtB,eAAO,MAAM,wBAAwB,EAAG,oBAA6B,CAAC;AACtE,MAAM,MAAM,sBAAsB,GAAG,OAAO,wBAAwB,CAAC;AAErE,eAAO,MAAM,gCAAgC,EAAG,4BAAqC,CAAC;AACtF,MAAM,MAAM,6BAA6B,GAAG,OAAO,gCAAgC,CAAC;AAEpF,eAAO,MAAM,aAAa,WAAW,CAAC;AACtC,eAAO,MAAM,kBAAkB,mBAAmB,CAAC;AACnD,eAAO,MAAM,0BAA0B,iCAAiC,CAAC;AAEzE;;;;;;GAMG;AACH,eAAO,MAAM,SAAS,gCAAiC,CAAC;AACxD,MAAM,MAAM,aAAa,GAAG,CAAC,OAAO,SAAS,CAAC,CAAC,MAAM,CAAC,CAAC;AAEvD;;;;;;;;GAQG;AACH,MAAM,WAAW,cAAc;IAC7B,qEAAqE;IACrE,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAC;IAC7B;4BACwB;IACxB,QAAQ,CAAC,IAAI,EAAE,YAAY,CAAC;IAC5B;kBACc;IACd,QAAQ,CAAC,QAAQ,EAAE,iBAAiB,CAAC;IACrC;qCACiC;IACjC,QAAQ,CAAC,MAAM,CAAC,EAAE,MAAM,CAAC;IACzB;;yBAEqB;IACrB,QAAQ,CAAC,OAAO,CAAC,EAAE,MAAM,CAAC;IAC1B,oDAAoD;IACpD,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;IACzB;;8BAE0B;IAC1B,QAAQ,CAAC,SAAS,CAAC,EAAE,MAAM,CAAC;IAC5B;;kEAE8D;IAC9D,QAAQ,CAAC,oBAAoB,CAAC,EAAE,eAAe,CAAC;CACjD;AAED,MAAM,WAAW,aAAa;IAC5B,QAAQ,CAAC,aAAa,EAAE,sBAAsB,CAAC;IAC/C,QAAQ,CAAC,IAAI,EAAE,aAAa,CAAC;IAC7B,QAAQ,CAAC,OAAO,EAAE,aAAa,CAAC,cAAc,CAAC,CAAC;CACjD;AAED;;;;;;GAMG;AACH,MAAM,WAAW,uBAAuB;IACtC,QAAQ,CAAC,aAAa,EAAE,6BAA6B,CAAC;IACtD,QAAQ,CAAC,OAAO,EAAE,QAAQ,CACxB,MAAM,CACc,MAAM,EACxB;QACE,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC;QACxB,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;KAC1B,CACF,CACF,CAAC;CACH;AAED,MAAM,WAAW,eAAe;IAC9B,QAAQ,CAAC,WAAW,CAAC,EAAE,MAAM,CAAC;IAC9B,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAC;IACvB,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;CAC1B;AAED,wBAAgB,gBAAgB,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,CAEpD;AAED,wBAAgB,uBAAuB,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,CAE3D;AAED;;;GAGG;AACH,wBAAgB,kBAAkB,CAAC,IAAI,GAAE,aAAsB,GAAG,aAAa,CAE9E;AAED;;;;;;;;;;;;;;GAcG;AACH,wBAAgB,aAAa,CAAC,GAAG,EAAE,MAAM,GAAG,aAAa,GAAG,IAAI,CAuC/D;AAED;;;GAGG;AACH,wBAAgB,oBAAoB,CAAC,GAAG,EAAE,MAAM,GAAG,uBAAuB,GAAG,IAAI,CA2BhF;AAED;;;;;;;;GAQG;AACH,wBAAgB,aAAa,CAAC,GAAG,EAAE,MAAM,EAAE,IAAI,EAAE,aAAa,GAAG,IAAI,CAkCpE;AAED,oCAAoC;AACpC,wBAAgB,SAAS,CAAC,IAAI,EAAE,aAAa,EAAE,WAAW,EAAE,MAAM,GAAG,cAAc,GAAG,SAAS,CAE9F;AAED;;;GAGG;AACH,wBAAgB,QAAQ,CAAC,IAAI,EAAE,aAAa,EAAE,KAAK,EAAE,cAAc,GAAG,aAAa,CAQlF;AAED;;;;GAIG;AACH,wBAAgB,WAAW,CAAC,IAAI,EAAE,aAAa,EAAE,WAAW,EAAE,MAAM,GAAG,aAAa,CAEnF;AAED;;;;;GAKG;AACH,wBAAgB,cAAc,CAAC,IAAI,EAAE,aAAa,EAAE,WAAW,EAAE,MAAM,GAAG,OAAO,CAEhF;AAED;;;;;GAKG;AACH,wBAAgB,aAAa,CAAC,KAAK,EAAE,cAAc,EAAE,GAAG,GAAE,IAAiB,GAAG,OAAO,CAIpF;AAED;;;GAGG;AACH,wBAAgB,eAAe,CAAC,KAAK,EAAE,cAAc,EAAE,GAAG,GAAE,IAAiB,GAAG,MAAM,GAAG,IAAI,CAM5F;AAED;8DAC8D;AAC9D,MAAM,WAAW,YAAY;IAC3B,QAAQ,CAAC,KAAK,EAAE,cAAc,CAAC;IAC/B,QAAQ,CAAC,aAAa,EAAE,MAAM,CAAC;CAChC;AAED;;;;;;;;;;;;;;;;GAgBG;AACH,MAAM,WAAW,WAAW;IAC1B,QAAQ,CAAC,OAAO,EAAE,aAAa,CAAC,cAAc,CAAC,CAAC;IAChD,QAAQ,CAAC,YAAY,EAAE,aAAa,CAAC,YAAY,CAAC,CAAC;IACnD,QAAQ,CAAC,gBAAgB,EAAE,aAAa,CAAC,cAAc,CAAC,CAAC;CAC1D;AAED,MAAM,WAAW,YAAY;IAC3B,QAAQ,CAAC,GAAG,CAAC,EAAE,IAAI,CAAC;IACpB;iEAC6D;IAC7D,QAAQ,CAAC,gBAAgB,CAAC,EAAE,MAAM,CAAC;CACpC;AAED,wBAAgB,cAAc,CAAC,IAAI,EAAE,aAAa,EAAE,OAAO,GAAE,YAAiB,GAAG,WAAW,CAuB3F;AAED;;;;GAIG;AACH,wBAAgB,YAAY,CAC1B,IAAI,EAAE,aAAa,EACnB,GAAG,GAAE,IAAiB,GACrB;IAAE,IAAI,EAAE,aAAa,CAAC;IAAC,OAAO,EAAE,aAAa,CAAC,cAAc,CAAC,CAAA;CAAE,CAWjE;AAED;;;;;GAKG;AACH,wBAAgB,qBAAqB,CAAC,IAAI,EAAE,aAAa,GAAG,aAAa,CAAC,eAAe,CAAC,CA4BzF;AAED;;;GAGG;AACH,wBAAgB,sBAAsB,CACpC,KAAK,EAAE,cAAc,EACrB,IAAI,EAAE,aAAa,GAClB,aAAa,CAAC,eAAe,CAAC,CA6EhC"}
1
+ {"version":3,"file":"file.d.ts","sourceRoot":"","sources":["../../src/allowlist/file.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA0CG;AAIH,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,uBAAuB,CAAC;AAC1D,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,mBAAmB,CAAC;AACzD,OAAO,EAIL,KAAK,iBAAiB,EACvB,MAAM,cAAc,CAAC;AAEtB,eAAO,MAAM,wBAAwB,EAAG,oBAA6B,CAAC;AACtE,MAAM,MAAM,sBAAsB,GAAG,OAAO,wBAAwB,CAAC;AAErE,eAAO,MAAM,gCAAgC,EAAG,4BAAqC,CAAC;AACtF,MAAM,MAAM,6BAA6B,GAAG,OAAO,gCAAgC,CAAC;AAEpF,eAAO,MAAM,aAAa,WAAW,CAAC;AACtC,eAAO,MAAM,kBAAkB,mBAAmB,CAAC;AACnD,eAAO,MAAM,0BAA0B,iCAAiC,CAAC;AAEzE;;;;;;GAMG;AACH,eAAO,MAAM,SAAS,gCAAiC,CAAC;AACxD,MAAM,MAAM,aAAa,GAAG,CAAC,OAAO,SAAS,CAAC,CAAC,MAAM,CAAC,CAAC;AAEvD;;;;;;;;GAQG;AACH,MAAM,WAAW,cAAc;IAC7B,qEAAqE;IACrE,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAC;IAC7B;4BACwB;IACxB,QAAQ,CAAC,IAAI,EAAE,YAAY,CAAC;IAC5B;kBACc;IACd,QAAQ,CAAC,QAAQ,EAAE,iBAAiB,CAAC;IACrC;qCACiC;IACjC,QAAQ,CAAC,MAAM,CAAC,EAAE,MAAM,CAAC;IACzB;;yBAEqB;IACrB,QAAQ,CAAC,OAAO,CAAC,EAAE,MAAM,CAAC;IAC1B,oDAAoD;IACpD,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;IACzB;;8BAE0B;IAC1B,QAAQ,CAAC,SAAS,CAAC,EAAE,MAAM,CAAC;IAC5B;;kEAE8D;IAC9D,QAAQ,CAAC,oBAAoB,CAAC,EAAE,eAAe,CAAC;CACjD;AAED,MAAM,WAAW,aAAa;IAC5B,QAAQ,CAAC,aAAa,EAAE,sBAAsB,CAAC;IAC/C,QAAQ,CAAC,IAAI,EAAE,aAAa,CAAC;IAC7B,QAAQ,CAAC,OAAO,EAAE,aAAa,CAAC,cAAc,CAAC,CAAC;CACjD;AAED;;;;;;GAMG;AACH,MAAM,WAAW,uBAAuB;IACtC,QAAQ,CAAC,aAAa,EAAE,6BAA6B,CAAC;IACtD,QAAQ,CAAC,OAAO,EAAE,QAAQ,CACxB,MAAM,CACc,MAAM,EACxB;QACE,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC;QACxB,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;KAC1B,CACF,CACF,CAAC;CACH;AAED,MAAM,WAAW,eAAe;IAC9B,QAAQ,CAAC,WAAW,CAAC,EAAE,MAAM,CAAC;IAC9B,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAC;IACvB,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;CAC1B;AAED,wBAAgB,gBAAgB,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,CAEpD;AAED,wBAAgB,uBAAuB,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,CAE3D;AAED;;;GAGG;AACH,wBAAgB,kBAAkB,CAAC,IAAI,GAAE,aAAsB,GAAG,aAAa,CAE9E;AAED;;;;;;;;;;;;;;GAcG;AACH,wBAAgB,aAAa,CAAC,GAAG,EAAE,MAAM,GAAG,aAAa,GAAG,IAAI,CAuC/D;AAED;;;GAGG;AACH,wBAAgB,oBAAoB,CAAC,GAAG,EAAE,MAAM,GAAG,uBAAuB,GAAG,IAAI,CA2BhF;AAED;;;;;;;;GAQG;AACH,wBAAgB,aAAa,CAAC,GAAG,EAAE,MAAM,EAAE,IAAI,EAAE,aAAa,GAAG,IAAI,CAkCpE;AAED,oCAAoC;AACpC,wBAAgB,SAAS,CAAC,IAAI,EAAE,aAAa,EAAE,WAAW,EAAE,MAAM,GAAG,cAAc,GAAG,SAAS,CAE9F;AAED;;;GAGG;AACH,wBAAgB,QAAQ,CAAC,IAAI,EAAE,aAAa,EAAE,KAAK,EAAE,cAAc,GAAG,aAAa,CAQlF;AAED;;;;GAIG;AACH,wBAAgB,WAAW,CAAC,IAAI,EAAE,aAAa,EAAE,WAAW,EAAE,MAAM,GAAG,aAAa,CAEnF;AAED;;;;;GAKG;AACH,wBAAgB,cAAc,CAAC,IAAI,EAAE,aAAa,EAAE,WAAW,EAAE,MAAM,GAAG,OAAO,CAEhF;AAED;;;;;GAKG;AACH,wBAAgB,aAAa,CAAC,KAAK,EAAE,cAAc,EAAE,GAAG,GAAE,IAAiB,GAAG,OAAO,CAIpF;AAED;;;GAGG;AACH,wBAAgB,eAAe,CAAC,KAAK,EAAE,cAAc,EAAE,GAAG,GAAE,IAAiB,GAAG,MAAM,GAAG,IAAI,CAM5F;AAED;8DAC8D;AAC9D,MAAM,WAAW,YAAY;IAC3B,QAAQ,CAAC,KAAK,EAAE,cAAc,CAAC;IAC/B,QAAQ,CAAC,aAAa,EAAE,MAAM,CAAC;CAChC;AAED;;;;;;;;;;;;;;;;;;;;;;;;GAwBG;AACH,MAAM,WAAW,WAAW;IAC1B,QAAQ,CAAC,OAAO,EAAE,aAAa,CAAC,cAAc,CAAC,CAAC;IAChD,QAAQ,CAAC,YAAY,EAAE,aAAa,CAAC,YAAY,CAAC,CAAC;IACnD,QAAQ,CAAC,gBAAgB,EAAE,aAAa,CAAC,cAAc,CAAC,CAAC;IACzD;;4CAEwC;IACxC,QAAQ,CAAC,QAAQ,CAAC,EAAE,aAAa,CAAC,cAAc,CAAC,CAAC;CACnD;AAED,MAAM,WAAW,YAAY;IAC3B,QAAQ,CAAC,GAAG,CAAC,EAAE,IAAI,CAAC;IACpB;iEAC6D;IAC7D,QAAQ,CAAC,gBAAgB,CAAC,EAAE,MAAM,CAAC;IACnC;;;;uEAImE;IACnE,QAAQ,CAAC,mBAAmB,CAAC,EAAE,WAAW,CAAC,MAAM,CAAC,CAAC;CACpD;AAED,wBAAgB,cAAc,CAAC,IAAI,EAAE,aAAa,EAAE,OAAO,GAAE,YAAiB,GAAG,WAAW,CAgC3F;AAED;;;;GAIG;AACH,wBAAgB,YAAY,CAC1B,IAAI,EAAE,aAAa,EACnB,GAAG,GAAE,IAAiB,GACrB;IAAE,IAAI,EAAE,aAAa,CAAC;IAAC,OAAO,EAAE,aAAa,CAAC,cAAc,CAAC,CAAA;CAAE,CAWjE;AAED;;;;;GAKG;AACH,wBAAgB,qBAAqB,CAAC,IAAI,EAAE,aAAa,GAAG,aAAa,CAAC,eAAe,CAAC,CA4BzF;AAED;;;GAGG;AACH,wBAAgB,sBAAsB,CACpC,KAAK,EAAE,cAAc,EACrB,IAAI,EAAE,aAAa,GAClB,aAAa,CAAC,eAAe,CAAC,CA6EhC"}
@@ -305,6 +305,7 @@ function auditAllowlist(file, options = {}) {
305
305
  const expired = [];
306
306
  const soonToExpire = [];
307
307
  const missingRationale = [];
308
+ const orphaned = [];
308
309
  for (const entry of file.entries) {
309
310
  const days = daysUntilExpiry(entry, now);
310
311
  if (days !== null && days < 0) {
@@ -320,8 +321,16 @@ function auditAllowlist(file, options = {}) {
320
321
  // "unavailable locally" notice.
321
322
  missingRationale.push(entry);
322
323
  }
324
+ if (options.currentFingerprints && !options.currentFingerprints.has(entry.fingerprint)) {
325
+ orphaned.push(entry);
326
+ }
323
327
  }
324
- return { expired, soonToExpire, missingRationale };
328
+ return {
329
+ expired,
330
+ soonToExpire,
331
+ missingRationale,
332
+ ...(options.currentFingerprints ? { orphaned } : {}),
333
+ };
325
334
  }
326
335
  /**
327
336
  * Remove expired entries from the file. Returns a new file (immutable)