@vyuhlabs/dxkit 2.9.1 → 2.9.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +77 -0
- package/README.md +14 -11
- package/dist/allowlist/cli.d.ts +38 -1
- package/dist/allowlist/cli.d.ts.map +1 -1
- package/dist/allowlist/cli.js +190 -3
- package/dist/allowlist/cli.js.map +1 -1
- package/dist/allowlist/file.d.ts +18 -0
- package/dist/allowlist/file.d.ts.map +1 -1
- package/dist/allowlist/file.js +10 -1
- package/dist/allowlist/file.js.map +1 -1
- package/dist/analyzers/tests/actions.d.ts +18 -1
- package/dist/analyzers/tests/actions.d.ts.map +1 -1
- package/dist/analyzers/tests/actions.js +37 -1
- package/dist/analyzers/tests/actions.js.map +1 -1
- package/dist/analyzers/tests/detailed.d.ts.map +1 -1
- package/dist/analyzers/tests/detailed.js +15 -3
- package/dist/analyzers/tests/detailed.js.map +1 -1
- package/dist/analyzers/tests/types.d.ts +10 -0
- package/dist/analyzers/tests/types.d.ts.map +1 -1
- package/dist/cli.d.ts.map +1 -1
- package/dist/cli.js +23 -4
- package/dist/cli.js.map +1 -1
- package/dist/generator.d.ts.map +1 -1
- package/dist/generator.js +19 -1
- package/dist/generator.js.map +1 -1
- package/dist/ingest/env-file.d.ts +40 -0
- package/dist/ingest/env-file.d.ts.map +1 -0
- package/dist/ingest/env-file.js +163 -0
- package/dist/ingest/env-file.js.map +1 -0
- package/dist/ingest/snyk-policy.d.ts +60 -0
- package/dist/ingest/snyk-policy.d.ts.map +1 -0
- package/dist/ingest/snyk-policy.js +104 -0
- package/dist/ingest/snyk-policy.js.map +1 -0
- package/dist/ingest-cli.d.ts +4 -0
- package/dist/ingest-cli.d.ts.map +1 -1
- package/dist/ingest-cli.js +23 -4
- package/dist/ingest-cli.js.map +1 -1
- package/package.json +1 -1
- package/templates/.claude/skills/dxkit-action/SKILL.md +45 -4
- package/templates/.claude/skills/dxkit-allowlist/SKILL.md +107 -0
- package/templates/.claude/skills/dxkit-config/SKILL.md +4 -4
- package/templates/.claude/skills/dxkit-docs/SKILL.md +2 -0
- package/templates/.claude/skills/dxkit-feature/SKILL.md +14 -3
- package/templates/.claude/skills/dxkit-fix/SKILL.md +1 -1
- package/templates/.claude/skills/dxkit-ingest/SKILL.md +2 -0
- package/templates/.claude/skills/dxkit-init/SKILL.md +1 -1
- package/templates/.claude/skills/dxkit-onboard/SKILL.md +2 -2
- package/templates/.claude/skills/dxkit-pr/SKILL.md +142 -0
- package/templates/.claude/skills/dxkit-reports/SKILL.md +1 -1
- package/templates/.claude/skills/dxkit-test/SKILL.md +130 -0
- package/templates/.claude/skills/dxkit-update/SKILL.md +4 -0
- package/templates/AGENTS.md.template +9 -3
- package/templates/CLAUDE.md.template +9 -3
package/CHANGELOG.md
CHANGED
|
@@ -7,6 +7,83 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
|
|
|
7
7
|
|
|
8
8
|
## [Unreleased]
|
|
9
9
|
|
|
10
|
+
## [2.9.3] - 2026-06-09
|
|
11
|
+
|
|
12
|
+
### Targetable fix loop + test generation
|
|
13
|
+
|
|
14
|
+
A workflow-depth release: make the fix loop targetable, add the test-writing
|
|
15
|
+
skill the suite was missing, and surface the riskiest test gaps first. Almost
|
|
16
|
+
entirely agent-skill + docs work; one contained, flag-gated analyzer change.
|
|
17
|
+
|
|
18
|
+
- **Scoped fixes.** `dxkit-action` can burn down one category at a time —
|
|
19
|
+
dependency/BOM vulnerabilities, security, code quality, tests, or docs. It
|
|
20
|
+
runs the report that partitions that dimension and works only that worklist,
|
|
21
|
+
with the usual severity → reachability → blast-radius prioritization applied
|
|
22
|
+
within the scope. Tests/docs scopes hand off to `dxkit-test` / `dxkit-docs`.
|
|
23
|
+
- **New `dxkit-test` skill** — the testing mirror of `dxkit-docs`. Reads the
|
|
24
|
+
test-gaps worklist, orients on real behavior via the code graph, and writes
|
|
25
|
+
meaningful tests that close the highest-risk gaps and move the Tests score
|
|
26
|
+
without coverage theater (real assertions, the repo's framework, the suite +
|
|
27
|
+
coverage run to prove it).
|
|
28
|
+
- **Test-gap blast-radius weighting.** With a code graph present
|
|
29
|
+
(`test-gaps --graph-context`), the untested-file worklist is ranked within
|
|
30
|
+
each risk tier by how many files depend on each one — the most-depended-on
|
|
31
|
+
gaps surface first instead of just the largest by line count. Ordering only;
|
|
32
|
+
the Tests score is unchanged (it derives from the tier counts). Files the
|
|
33
|
+
graph can't resolve fall back to line-count ranking and are never dropped.
|
|
34
|
+
- **New `dxkit-pr` skill** — opens a pull request with a title + body grounded
|
|
35
|
+
in the branch's real commits and diff (features, fixes, findings closed),
|
|
36
|
+
the dxkit signals a reviewer needs (guardrail verdict, allowlist activity,
|
|
37
|
+
score deltas), and a checklist tailored to the actual change. `dxkit-feature`
|
|
38
|
+
now offers to write tests for a newly built surface (on confirmation) and
|
|
39
|
+
hands off to `dxkit-test`.
|
|
40
|
+
- **Docs + roadmap refresh.** Every doc surface updated for the current skill
|
|
41
|
+
set; the roadmap records why deep-SAST (code-path) reachability is deferred —
|
|
42
|
+
it needs interprocedural taint analysis dxkit can't do natively (semgrep is
|
|
43
|
+
intraprocedural; the call graph is too sparse), so the realistic path is
|
|
44
|
+
surfacing an ingested engine's reachability rather than computing our own.
|
|
45
|
+
|
|
46
|
+
## [2.9.2] - 2026-06-09
|
|
47
|
+
|
|
48
|
+
### Allowlist lifecycle + Snyk credential ergonomics
|
|
49
|
+
|
|
50
|
+
A follow-up to 2.9.1 closing the self-service gaps the first customer
|
|
51
|
+
walkthrough surfaced: managing the allowlist after a re-baseline without
|
|
52
|
+
hand-editing JSON, propagating suppressions back to Snyk, and reading Snyk
|
|
53
|
+
credentials from a local `.env`.
|
|
54
|
+
|
|
55
|
+
- **`vyuh-dxkit allowlist remove <fingerprint>`.** Delete a single file-level
|
|
56
|
+
entry from the CLI. `prune` still removes only expired entries; `remove`
|
|
57
|
+
handles a stale-but-unexpired one (e.g. a confirmed-gone finding) — no more
|
|
58
|
+
hand-editing `.dxkit/allowlist.json`.
|
|
59
|
+
- **Orphaned-entry audit.** `vyuh-dxkit allowlist audit --against-baseline`
|
|
60
|
+
cross-checks every entry against the committed baseline and flags those whose
|
|
61
|
+
fingerprint matches no current finding. Orphans are flagged for review, never
|
|
62
|
+
auto-removed — re-baselining can churn fingerprints and an orphan may still
|
|
63
|
+
suppress an intermittently-detected finding. The matcher counts both a
|
|
64
|
+
finding's own fingerprint and any cross-tool fingerprints it absorbed, so an
|
|
65
|
+
entry keyed on a collapsed contributor isn't falsely flagged.
|
|
66
|
+
- **`vyuh-dxkit allowlist export --snyk`.** The outbound half of the Snyk
|
|
67
|
+
ignore sync (2.9.1 did the inbound SARIF-suppressions direction). Writes a
|
|
68
|
+
`.snyk` policy ignoring every Snyk Code finding the team has allowlisted in
|
|
69
|
+
dxkit, keyed on the Snyk rule id + path with the entry's reason + expiry, so
|
|
70
|
+
the suppression propagates to Snyk's own gate. Round-trip stable with the
|
|
71
|
+
inbound reader; only Snyk-originated, active entries export.
|
|
72
|
+
- **Opt-in `.env` loading for Snyk credentials.** `ingest --from-snyk` now
|
|
73
|
+
reads `SNYK_*` keys from a local `.env` as a fallback — and ONLY those keys,
|
|
74
|
+
never the rest of the file. A real exported env / CI secret always wins, so CI
|
|
75
|
+
behavior is unchanged. `--no-env-file` opts out; `--env-file <path>` overrides
|
|
76
|
+
the location. dxkit warns if the file looks committed to git.
|
|
77
|
+
- **New `dxkit-allowlist` skill** covering the full suppression lifecycle
|
|
78
|
+
(review, audit, remove, prune, the re-baseline → re-point flow, and Snyk
|
|
79
|
+
export), deferring the fix-vs-suppress decision back to `dxkit-action`.
|
|
80
|
+
- **Baseline refreshes steer to CI.** The skills and docs now warn against an
|
|
81
|
+
ad-hoc local `baseline create --force` — it bakes the dev machine's scanner
|
|
82
|
+
versions into the committed baseline, producing spurious tooling-drift
|
|
83
|
+
warnings and phantom "resolved" findings on the next PR — and route refreshes
|
|
84
|
+
through the bundled refresh workflow instead. The first local capture stays
|
|
85
|
+
fine.
|
|
86
|
+
|
|
10
87
|
## [2.9.1] - 2026-06-08
|
|
11
88
|
|
|
12
89
|
### Cross-tool dedup + allowlist suppression + ignore sync
|
package/README.md
CHANGED
|
@@ -182,16 +182,19 @@ Orphaned annotations become their own findings. The TypeScript `@ts-expect-error
|
|
|
182
182
|
|
|
183
183
|
### AI-agent integration
|
|
184
184
|
|
|
185
|
-
dxkit ships
|
|
186
|
-
|
|
187
|
-
| Skill | What it does
|
|
188
|
-
| --------------------------------------------------------------------------------------------------------- |
|
|
189
|
-
| `dxkit-onboard` | Walks a customer through the full first-install journey
|
|
190
|
-
| `dxkit-reports` | Runs analyzers and explains the output
|
|
191
|
-
| `dxkit-action` | Reads a report, prioritizes findings, plans and runs fixes, re-verifies
|
|
192
|
-
| `dxkit-ingest` | Brings external SAST findings (Snyk Code, CodeQL, SARIF) into dxkit
|
|
193
|
-
| `dxkit-fix` | Repairs a broken install from doctor output
|
|
194
|
-
| `dxkit-
|
|
185
|
+
dxkit ships a suite of Claude Code skills under `.claude/skills/dxkit-*`. They wrap the CLI in conversational flows:
|
|
186
|
+
|
|
187
|
+
| Skill | What it does |
|
|
188
|
+
| --------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------- |
|
|
189
|
+
| `dxkit-onboard` | Walks a customer through the full first-install journey |
|
|
190
|
+
| `dxkit-reports` | Runs analyzers and explains the output |
|
|
191
|
+
| `dxkit-action` | Reads a report, prioritizes findings, plans and runs fixes, re-verifies |
|
|
192
|
+
| `dxkit-ingest` | Brings external SAST findings (Snyk Code, CodeQL, SARIF) into dxkit |
|
|
193
|
+
| `dxkit-fix` | Repairs a broken install from doctor output |
|
|
194
|
+
| `dxkit-allowlist` | Manages the suppression lifecycle: audit, remove, prune, export to Snyk |
|
|
195
|
+
| `dxkit-test` | Writes the missing tests to close gaps + raise the Tests score |
|
|
196
|
+
| `dxkit-pr` | Opens a PR with a diff-grounded body + dxkit signals + reviewer checklist |
|
|
197
|
+
| `dxkit-feature`, `dxkit-docs`, `dxkit-hooks`, `dxkit-config`, `dxkit-learn`, `dxkit-update`, `dxkit-init` | Focused flows |
|
|
195
198
|
|
|
196
199
|
`AGENTS.md` (the open standard read by Codex, Cursor, Aider, and others) also ships in every install. The skill flows are Claude Code-specific today; the AGENTS.md context is portable.
|
|
197
200
|
|
|
@@ -250,7 +253,7 @@ npx vyuh-dxkit setup-prebuild # Codespaces prebuild
|
|
|
250
253
|
À la carte if you only want specific pieces:
|
|
251
254
|
|
|
252
255
|
```bash
|
|
253
|
-
npx vyuh-dxkit init --with-dxkit-agents # just the
|
|
256
|
+
npx vyuh-dxkit init --with-dxkit-agents # just the dxkit-* Claude skills + AGENTS.md
|
|
254
257
|
npx vyuh-dxkit init --with-hooks # just the pre-push hook
|
|
255
258
|
npx vyuh-dxkit init --with-precommit-hook # add pre-commit (slow on large repos)
|
|
256
259
|
npx vyuh-dxkit init --with-devcontainer # just the per-stack devcontainer
|
package/dist/allowlist/cli.d.ts
CHANGED
|
@@ -35,7 +35,7 @@
|
|
|
35
35
|
import { DEFAULT_EXPIRY_DAYS } from './categories';
|
|
36
36
|
import { ALLOWLIST_FILENAME, type AllowlistMode } from './file';
|
|
37
37
|
/** Subcommands recognized under `vyuh-dxkit allowlist`. */
|
|
38
|
-
export declare const ALLOWLIST_SUBCOMMANDS: readonly ["add", "list", "show", "audit", "prune"];
|
|
38
|
+
export declare const ALLOWLIST_SUBCOMMANDS: readonly ["add", "list", "show", "audit", "prune", "remove", "export"];
|
|
39
39
|
export type AllowlistSubcommand = (typeof ALLOWLIST_SUBCOMMANDS)[number];
|
|
40
40
|
export interface AllowlistAddOpts {
|
|
41
41
|
/** Positional target. `<file>:<line>` for inline form; absent or a
|
|
@@ -65,6 +65,27 @@ export interface AllowlistAuditOpts {
|
|
|
65
65
|
readonly json?: boolean;
|
|
66
66
|
/** Soon-to-expire horizon in days (default 14). */
|
|
67
67
|
readonly soonToExpireDays?: number;
|
|
68
|
+
/** Cross-check fingerprints against the committed baseline so the
|
|
69
|
+
* audit can flag orphaned entries (suppress nothing in the current
|
|
70
|
+
* finding set). Off by default — keeps `audit` a pure read of the
|
|
71
|
+
* allowlist file unless the user opts in. */
|
|
72
|
+
readonly againstBaseline?: boolean;
|
|
73
|
+
/** Named baseline to diff against (default `main`). */
|
|
74
|
+
readonly baselineName?: string;
|
|
75
|
+
}
|
|
76
|
+
export interface AllowlistRemoveOpts {
|
|
77
|
+
readonly fingerprint?: string;
|
|
78
|
+
readonly json?: boolean;
|
|
79
|
+
}
|
|
80
|
+
export interface AllowlistExportOpts {
|
|
81
|
+
/** Target format. Only `--snyk` is supported today. */
|
|
82
|
+
readonly snyk?: boolean;
|
|
83
|
+
/** Output path (default `.snyk` in cwd). */
|
|
84
|
+
readonly out?: string;
|
|
85
|
+
readonly json?: boolean;
|
|
86
|
+
/** ISO datetime stamped as each ignore's `created`. Defaults to now;
|
|
87
|
+
* injectable for deterministic tests. */
|
|
88
|
+
readonly now?: string;
|
|
68
89
|
}
|
|
69
90
|
export interface AllowlistPruneOpts {
|
|
70
91
|
readonly json?: boolean;
|
|
@@ -90,6 +111,22 @@ export declare function runAllowlistList(cwd: string, opts: AllowlistListOpts):
|
|
|
90
111
|
export declare function runAllowlistShow(cwd: string, opts: AllowlistShowOpts): Promise<void>;
|
|
91
112
|
export declare function runAllowlistAudit(cwd: string, opts: AllowlistAuditOpts): Promise<void>;
|
|
92
113
|
export declare function runAllowlistPrune(cwd: string, opts: AllowlistPruneOpts): Promise<void>;
|
|
114
|
+
export declare function runAllowlistRemove(cwd: string, opts: AllowlistRemoveOpts): Promise<void>;
|
|
115
|
+
/**
|
|
116
|
+
* `allowlist export --snyk` — emit a `.snyk` policy file that ignores
|
|
117
|
+
* every Snyk-originated finding the team has allowlisted in dxkit, so
|
|
118
|
+
* the suppression propagates to Snyk's own gate (the OUTBOUND half of
|
|
119
|
+
* the sync; 2.9.1 did the inbound SARIF-suppressions direction).
|
|
120
|
+
*
|
|
121
|
+
* Each ingested Snyk finding's canonical fingerprint is recomputed via
|
|
122
|
+
* the shared helpers (Rule 9 — no parallel hash). A finding whose
|
|
123
|
+
* fingerprint matches an ACTIVE allowlist entry becomes a `.snyk`
|
|
124
|
+
* ignore keyed on the Snyk-native rule id + path, carrying the entry's
|
|
125
|
+
* reason + expiry. Expired entries are skipped (they no longer
|
|
126
|
+
* suppress). Only `snyk-code` findings export — native semgrep /
|
|
127
|
+
* gitleaks findings have no Snyk equivalent.
|
|
128
|
+
*/
|
|
129
|
+
export declare function runAllowlistExport(cwd: string, opts: AllowlistExportOpts): Promise<void>;
|
|
93
130
|
export { DEFAULT_EXPIRY_DAYS };
|
|
94
131
|
export { ALLOWLIST_FILENAME };
|
|
95
132
|
//# sourceMappingURL=cli.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"cli.d.ts","sourceRoot":"","sources":["../../src/allowlist/cli.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAiCG;
|
|
1
|
+
{"version":3,"file":"cli.d.ts","sourceRoot":"","sources":["../../src/allowlist/cli.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAiCG;AAkBH,OAAO,EAEL,mBAAmB,EAMpB,MAAM,cAAc,CAAC;AACtB,OAAO,EACL,kBAAkB,EAelB,KAAK,aAAa,EAEnB,MAAM,QAAQ,CAAC;AAGhB,2DAA2D;AAC3D,eAAO,MAAM,qBAAqB,wEAQxB,CAAC;AACX,MAAM,MAAM,mBAAmB,GAAG,CAAC,OAAO,qBAAqB,CAAC,CAAC,MAAM,CAAC,CAAC;AAEzE,MAAM,WAAW,gBAAgB;IAC/B;;uBAEmB;IACnB,QAAQ,CAAC,MAAM,CAAC,EAAE,MAAM,CAAC;IACzB,QAAQ,CAAC,QAAQ,CAAC,EAAE,MAAM,CAAC;IAC3B,QAAQ,CAAC,MAAM,CAAC,EAAE,MAAM,CAAC;IACzB,QAAQ,CAAC,IAAI,CAAC,EAAE,MAAM,CAAC;IACvB,QAAQ,CAAC,WAAW,CAAC,EAAE,MAAM,CAAC;IAC9B,QAAQ,CAAC,OAAO,CAAC,EAAE,MAAM,CAAC;IAC1B,QAAQ,CAAC,oBAAoB,CAAC,EAAE,MAAM,CAAC;IACvC,QAAQ,CAAC,OAAO,CAAC,EAAE,MAAM,CAAC;IAC1B;;4CAEwC;IACxC,QAAQ,CAAC,IAAI,CAAC,EAAE,aAAa,CAAC;CAC/B;AAED,MAAM,WAAW,iBAAiB;IAChC,QAAQ,CAAC,WAAW,CAAC,EAAE,MAAM,CAAC;IAC9B,QAAQ,CAAC,IAAI,CAAC,EAAE,OAAO,CAAC;CACzB;AAED,MAAM,WAAW,iBAAiB;IAChC,QAAQ,CAAC,IAAI,CAAC,EAAE,OAAO,CAAC;CACzB;AAED,MAAM,WAAW,kBAAkB;IACjC,QAAQ,CAAC,IAAI,CAAC,EAAE,OAAO,CAAC;IACxB,mDAAmD;IACnD,QAAQ,CAAC,gBAAgB,CAAC,EAAE,MAAM,CAAC;IACnC;;;kDAG8C;IAC9C,QAAQ,CAAC,eAAe,CAAC,EAAE,OAAO,CAAC;IACnC,uDAAuD;IACvD,QAAQ,CAAC,YAAY,CAAC,EAAE,MAAM,CAAC;CAChC;AAED,MAAM,WAAW,mBAAmB;IAClC,QAAQ,CAAC,WAAW,CAAC,EAAE,MAAM,CAAC;IAC9B,QAAQ,CAAC,IAAI,CAAC,EAAE,OAAO,CAAC;CACzB;AAED,MAAM,WAAW,mBAAmB;IAClC,uDAAuD;IACvD,QAAQ,CAAC,IAAI,CAAC,EAAE,OAAO,CAAC;IACxB,4CAA4C;IAC5C,QAAQ,CAAC,GAAG,CAAC,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,IAAI,CAAC,EAAE,OAAO,CAAC;IACxB;8CAC0C;IAC1C,QAAQ,CAAC,GAAG,CAAC,EAAE,MAAM,CAAC;CACvB;AAED,MAAM,WAAW,kBAAkB;IACjC,QAAQ,CAAC,IAAI,CAAC,EAAE,OAAO,CAAC;IACxB,qDAAqD;IACrD,QAAQ,CAAC,MAAM,CAAC,EAAE,OAAO,CAAC;IAC1B;;2CAEuC;IACvC,QAAQ,CAAC,GAAG,CAAC,EAAE,OAAO,CAAC;CACxB;AAED;;;;;GAKG;AACH,wBAAsB,YAAY,CAChC,GAAG,EAAE,MAAM,EACX,UAAU,EAAE,MAAM,GAAG,SAAS,EAC9B,IAAI,EAAE;IACJ,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACjC,GACA,OAAO,CAAC,IAAI,CAAC,CAyDf;AAID,wBAAsB,eAAe,CAAC,GAAG,EAAE,MAAM,EAAE,IAAI,EAAE,gBAAgB,GAAG,OAAO,CAAC,IAAI,CAAC,CAqBxF;AAyHD,wBAAsB,gBAAgB,CAAC,GAAG,EAAE,MAAM,EAAE,IAAI,EAAE,iBAAiB,GAAG,OAAO,CAAC,IAAI,CAAC,CAuB1F;AAID,wBAAsB,gBAAgB,CAAC,GAAG,EAAE,MAAM,EAAE,IAAI,EAAE,iBAAiB,GAAG,OAAO,CAAC,IAAI,CAAC,CA8B1F;AAID,wBAAsB,iBAAiB,CAAC,GAAG,EAAE,MAAM,EAAE,IAAI,EAAE,kBAAkB,GAAG,OAAO,CAAC,IAAI,CAAC,CAuG5F;AAID,wBAAsB,iBAAiB,CAAC,GAAG,EAAE,MAAM,EAAE,IAAI,EAAE,kBAAkB,GAAG,OAAO,CAAC,IAAI,CAAC,CAmC5F;AAID,wBAAsB,kBAAkB,CAAC,GAAG,EAAE,MAAM,EAAE,IAAI,EAAE,mBAAmB,GAAG,OAAO,CAAC,IAAI,CAAC,CA4B9F;AAID;;;;;;;;;;;;;GAaG;AACH,wBAAsB,kBAAkB,CAAC,GAAG,EAAE,MAAM,EAAE,IAAI,EAAE,mBAAmB,GAAG,OAAO,CAAC,IAAI,CAAC,CA6E9F;AAoID,OAAO,EAAE,mBAAmB,EAAE,CAAC;AAG/B,OAAO,EAAE,kBAAkB,EAAE,CAAC"}
|
package/dist/allowlist/cli.js
CHANGED
|
@@ -74,9 +74,16 @@ exports.runAllowlistList = runAllowlistList;
|
|
|
74
74
|
exports.runAllowlistShow = runAllowlistShow;
|
|
75
75
|
exports.runAllowlistAudit = runAllowlistAudit;
|
|
76
76
|
exports.runAllowlistPrune = runAllowlistPrune;
|
|
77
|
+
exports.runAllowlistRemove = runAllowlistRemove;
|
|
78
|
+
exports.runAllowlistExport = runAllowlistExport;
|
|
79
|
+
const fs = __importStar(require("fs"));
|
|
77
80
|
const path = __importStar(require("path"));
|
|
78
81
|
const child_process_1 = require("child_process");
|
|
79
82
|
const logger = __importStar(require("../logger"));
|
|
83
|
+
const baseline_file_1 = require("../baseline/baseline-file");
|
|
84
|
+
const fingerprint_1 = require("../analyzers/tools/fingerprint");
|
|
85
|
+
const snapshot_1 = require("../ingest/snapshot");
|
|
86
|
+
const snyk_policy_1 = require("../ingest/snyk-policy");
|
|
80
87
|
const languages_1 = require("../languages");
|
|
81
88
|
const categories_1 = require("./categories");
|
|
82
89
|
Object.defineProperty(exports, "DEFAULT_EXPIRY_DAYS", { enumerable: true, get: function () { return categories_1.DEFAULT_EXPIRY_DAYS; } });
|
|
@@ -84,7 +91,15 @@ const file_1 = require("./file");
|
|
|
84
91
|
Object.defineProperty(exports, "ALLOWLIST_FILENAME", { enumerable: true, get: function () { return file_1.ALLOWLIST_FILENAME; } });
|
|
85
92
|
const inline_1 = require("./inline");
|
|
86
93
|
/** Subcommands recognized under `vyuh-dxkit allowlist`. */
|
|
87
|
-
exports.ALLOWLIST_SUBCOMMANDS = [
|
|
94
|
+
exports.ALLOWLIST_SUBCOMMANDS = [
|
|
95
|
+
'add',
|
|
96
|
+
'list',
|
|
97
|
+
'show',
|
|
98
|
+
'audit',
|
|
99
|
+
'prune',
|
|
100
|
+
'remove',
|
|
101
|
+
'export',
|
|
102
|
+
];
|
|
88
103
|
/**
|
|
89
104
|
* Dispatch entry point called from `src/cli.ts`. Validates the
|
|
90
105
|
* subcommand name + routes to the per-subcommand handler. Unknown
|
|
@@ -123,6 +138,8 @@ async function runAllowlist(cwd, subcommand, args) {
|
|
|
123
138
|
return runAllowlistAudit(cwd, {
|
|
124
139
|
json: !!args.values.json,
|
|
125
140
|
soonToExpireDays: Number.isFinite(horizon) ? horizon : undefined,
|
|
141
|
+
againstBaseline: !!args.values['against-baseline'],
|
|
142
|
+
baselineName: args.values['baseline-name'],
|
|
126
143
|
});
|
|
127
144
|
}
|
|
128
145
|
case 'prune':
|
|
@@ -131,6 +148,17 @@ async function runAllowlist(cwd, subcommand, args) {
|
|
|
131
148
|
dryRun: !!args.values['dry-run'],
|
|
132
149
|
yes: !!args.values.yes,
|
|
133
150
|
});
|
|
151
|
+
case 'remove':
|
|
152
|
+
return runAllowlistRemove(cwd, {
|
|
153
|
+
fingerprint: args.positionalAfter,
|
|
154
|
+
json: !!args.values.json,
|
|
155
|
+
});
|
|
156
|
+
case 'export':
|
|
157
|
+
return runAllowlistExport(cwd, {
|
|
158
|
+
snyk: !!args.values.snyk,
|
|
159
|
+
out: args.values.out,
|
|
160
|
+
json: !!args.values.json,
|
|
161
|
+
});
|
|
134
162
|
}
|
|
135
163
|
}
|
|
136
164
|
// ─── add ──────────────────────────────────────────────────────────────────
|
|
@@ -300,7 +328,23 @@ async function runAllowlistAudit(cwd, opts) {
|
|
|
300
328
|
logger.info(`No allowlist file at ${(0, file_1.pathForAllowlist)(cwd)} — nothing to audit.`);
|
|
301
329
|
return;
|
|
302
330
|
}
|
|
303
|
-
|
|
331
|
+
// Orphan detection is opt-in: only when `--against-baseline` is set
|
|
332
|
+
// do we read the committed baseline and build the current-finding
|
|
333
|
+
// fingerprint set. Without it, audit stays a pure read of the file.
|
|
334
|
+
let currentFingerprints;
|
|
335
|
+
if (opts.againstBaseline) {
|
|
336
|
+
currentFingerprints = baselineFingerprintSet(cwd, opts.baselineName);
|
|
337
|
+
if (!currentFingerprints) {
|
|
338
|
+
logger.warn(`--against-baseline requested but no baseline found at ` +
|
|
339
|
+
`${(0, baseline_file_1.pathForBaseline)(cwd, opts.baselineName ?? baseline_file_1.DEFAULT_BASELINE_NAME)} — ` +
|
|
340
|
+
`skipping orphan detection. Refresh the baseline in CI first ` +
|
|
341
|
+
`(see the dxkit-baseline-refresh workflow).`);
|
|
342
|
+
}
|
|
343
|
+
}
|
|
344
|
+
const report = (0, file_1.auditAllowlist)(file, {
|
|
345
|
+
soonToExpireDays: opts.soonToExpireDays,
|
|
346
|
+
...(currentFingerprints ? { currentFingerprints } : {}),
|
|
347
|
+
});
|
|
304
348
|
if (opts.json) {
|
|
305
349
|
process.stdout.write(JSON.stringify(report, null, 2) + '\n');
|
|
306
350
|
return;
|
|
@@ -311,7 +355,8 @@ async function runAllowlistAudit(cwd, opts) {
|
|
|
311
355
|
`(mode=${file.mode}); soon-to-expire window=${horizon} days`);
|
|
312
356
|
if (report.expired.length === 0 &&
|
|
313
357
|
report.soonToExpire.length === 0 &&
|
|
314
|
-
report.missingRationale.length === 0
|
|
358
|
+
report.missingRationale.length === 0 &&
|
|
359
|
+
(report.orphaned?.length ?? 0) === 0) {
|
|
315
360
|
logger.success(`No issues found.`);
|
|
316
361
|
return;
|
|
317
362
|
}
|
|
@@ -335,6 +380,16 @@ async function runAllowlistAudit(cwd, opts) {
|
|
|
335
380
|
logger.info(` ${e.fingerprint} ${e.kind}/${e.category}`);
|
|
336
381
|
}
|
|
337
382
|
}
|
|
383
|
+
if (report.orphaned && report.orphaned.length > 0) {
|
|
384
|
+
logger.warn(`Orphaned (${report.orphaned.length}) — fingerprint matches no current finding. ` +
|
|
385
|
+
`REVIEW, don't bulk-remove: re-baselining can churn fingerprints, and an ` +
|
|
386
|
+
`orphan may still suppress an intermittently-detected finding. Confirm the ` +
|
|
387
|
+
`finding is truly gone, then \`vyuh-dxkit allowlist remove <fingerprint>\`:`);
|
|
388
|
+
for (const e of report.orphaned) {
|
|
389
|
+
const reasonPreview = e.reason ? ` — ${truncate(e.reason, 50)}` : '';
|
|
390
|
+
logger.info(` ${e.fingerprint} ${e.kind}/${e.category}${reasonPreview}`);
|
|
391
|
+
}
|
|
392
|
+
}
|
|
338
393
|
}
|
|
339
394
|
// ─── prune ────────────────────────────────────────────────────────────────
|
|
340
395
|
async function runAllowlistPrune(cwd, opts) {
|
|
@@ -367,10 +422,142 @@ async function runAllowlistPrune(cwd, opts) {
|
|
|
367
422
|
(0, file_1.saveAllowlist)(cwd, kept);
|
|
368
423
|
logger.success(`Pruned ${removed.length} expired entries.`);
|
|
369
424
|
}
|
|
425
|
+
// ─── remove ─────────────────────────────────────────────────────────────────
|
|
426
|
+
async function runAllowlistRemove(cwd, opts) {
|
|
427
|
+
const fp = opts.fingerprint?.trim();
|
|
428
|
+
if (!fp) {
|
|
429
|
+
logger.fail(`Usage: vyuh-dxkit allowlist remove <fingerprint>`);
|
|
430
|
+
process.exit(1);
|
|
431
|
+
}
|
|
432
|
+
const file = (0, file_1.loadAllowlist)(cwd);
|
|
433
|
+
if (!file) {
|
|
434
|
+
logger.fail(`No allowlist file at ${(0, file_1.pathForAllowlist)(cwd)} — nothing to remove.`);
|
|
435
|
+
process.exit(1);
|
|
436
|
+
}
|
|
437
|
+
const entry = (0, file_1.findEntry)(file, fp);
|
|
438
|
+
if (!entry) {
|
|
439
|
+
logger.fail(`No allowlist entry for fingerprint ${fp}. ` +
|
|
440
|
+
`Run \`vyuh-dxkit allowlist list\` to see current entries.`);
|
|
441
|
+
process.exit(1);
|
|
442
|
+
}
|
|
443
|
+
const updated = (0, file_1.removeEntry)(file, fp);
|
|
444
|
+
(0, file_1.saveAllowlist)(cwd, updated);
|
|
445
|
+
if (opts.json) {
|
|
446
|
+
process.stdout.write(JSON.stringify({ removed: entry }, null, 2) + '\n');
|
|
447
|
+
return;
|
|
448
|
+
}
|
|
449
|
+
logger.success(`Removed allowlist entry ${fp} (kind=${entry.kind}, category=${entry.category}).`);
|
|
450
|
+
}
|
|
451
|
+
// ─── export ─────────────────────────────────────────────────────────────────
|
|
452
|
+
/**
|
|
453
|
+
* `allowlist export --snyk` — emit a `.snyk` policy file that ignores
|
|
454
|
+
* every Snyk-originated finding the team has allowlisted in dxkit, so
|
|
455
|
+
* the suppression propagates to Snyk's own gate (the OUTBOUND half of
|
|
456
|
+
* the sync; 2.9.1 did the inbound SARIF-suppressions direction).
|
|
457
|
+
*
|
|
458
|
+
* Each ingested Snyk finding's canonical fingerprint is recomputed via
|
|
459
|
+
* the shared helpers (Rule 9 — no parallel hash). A finding whose
|
|
460
|
+
* fingerprint matches an ACTIVE allowlist entry becomes a `.snyk`
|
|
461
|
+
* ignore keyed on the Snyk-native rule id + path, carrying the entry's
|
|
462
|
+
* reason + expiry. Expired entries are skipped (they no longer
|
|
463
|
+
* suppress). Only `snyk-code` findings export — native semgrep /
|
|
464
|
+
* gitleaks findings have no Snyk equivalent.
|
|
465
|
+
*/
|
|
466
|
+
async function runAllowlistExport(cwd, opts) {
|
|
467
|
+
if (!opts.snyk) {
|
|
468
|
+
logger.fail(`allowlist export currently supports only --snyk. Usage: allowlist export --snyk`);
|
|
469
|
+
process.exit(1);
|
|
470
|
+
}
|
|
471
|
+
const file = (0, file_1.loadAllowlist)(cwd);
|
|
472
|
+
if (!file || file.entries.length === 0) {
|
|
473
|
+
logger.info(`No allowlist entries — nothing to export.`);
|
|
474
|
+
return;
|
|
475
|
+
}
|
|
476
|
+
const snapshots = (0, snapshot_1.readAllSnapshots)(cwd).filter((f) => f.engine === 'snyk-code');
|
|
477
|
+
if (snapshots.length === 0) {
|
|
478
|
+
logger.info(`No Snyk Code findings have been ingested yet. ` +
|
|
479
|
+
`Run \`vyuh-dxkit ingest --from-snyk\` first.`);
|
|
480
|
+
return;
|
|
481
|
+
}
|
|
482
|
+
// Recompute each Snyk finding's canonical fingerprint and match it to
|
|
483
|
+
// an active allowlist entry. Dedup (rule, path) so several findings on
|
|
484
|
+
// the same rule+path collapse to one ignore directive.
|
|
485
|
+
const created = opts.now ?? new Date().toISOString();
|
|
486
|
+
const ignores = [];
|
|
487
|
+
const seenRulePath = new Set();
|
|
488
|
+
let skippedExpired = 0;
|
|
489
|
+
for (const f of snapshots) {
|
|
490
|
+
const fingerprint = (0, fingerprint_1.computeCodeFingerprint)((0, fingerprint_1.canonicalRuleFor)(f.engine, f.rule), f.file, f.line);
|
|
491
|
+
const entry = (0, file_1.findEntry)(file, fingerprint);
|
|
492
|
+
if (!entry)
|
|
493
|
+
continue;
|
|
494
|
+
if (!(0, file_1.isEntryActive)(entry)) {
|
|
495
|
+
skippedExpired++;
|
|
496
|
+
continue;
|
|
497
|
+
}
|
|
498
|
+
const key = `${f.rule}\0${f.file}`;
|
|
499
|
+
if (seenRulePath.has(key))
|
|
500
|
+
continue;
|
|
501
|
+
seenRulePath.add(key);
|
|
502
|
+
ignores.push({
|
|
503
|
+
ruleId: f.rule,
|
|
504
|
+
path: f.file,
|
|
505
|
+
reason: entry.reason,
|
|
506
|
+
expires: (0, snyk_policy_1.expiryToSnykDatetime)(entry.expiresAt),
|
|
507
|
+
created,
|
|
508
|
+
});
|
|
509
|
+
}
|
|
510
|
+
const outPath = path.resolve(cwd, opts.out ?? '.snyk');
|
|
511
|
+
const policy = (0, snyk_policy_1.buildSnykPolicy)(ignores);
|
|
512
|
+
fs.writeFileSync(outPath, policy, 'utf8');
|
|
513
|
+
if (opts.json) {
|
|
514
|
+
process.stdout.write(JSON.stringify({ out: outPath, ignores: ignores.length, skippedExpired }, null, 2) + '\n');
|
|
515
|
+
return;
|
|
516
|
+
}
|
|
517
|
+
if (ignores.length === 0) {
|
|
518
|
+
logger.info(`No Snyk-originated findings are allowlisted — wrote an empty policy to ${outPath}.` +
|
|
519
|
+
(skippedExpired > 0
|
|
520
|
+
? ` (${skippedExpired} expired entr${skippedExpired === 1 ? 'y' : 'ies'} skipped.)`
|
|
521
|
+
: ''));
|
|
522
|
+
return;
|
|
523
|
+
}
|
|
524
|
+
logger.success(`Wrote ${ignores.length} Snyk ignore${ignores.length === 1 ? '' : 's'} to ${outPath}` +
|
|
525
|
+
(skippedExpired > 0 ? ` (${skippedExpired} expired skipped)` : '') +
|
|
526
|
+
'.');
|
|
527
|
+
logger.dim(' Note: Snyk Code (SAST) honors .snyk ignores only with the "consistent ignores" ' +
|
|
528
|
+
'feature enabled for your org; SCA/dependency ignores are standard.');
|
|
529
|
+
}
|
|
370
530
|
// ─── Internals ────────────────────────────────────────────────────────────
|
|
371
531
|
function isAllowlistSubcommand(value) {
|
|
372
532
|
return exports.ALLOWLIST_SUBCOMMANDS.includes(value);
|
|
373
533
|
}
|
|
534
|
+
/**
|
|
535
|
+
* Build the set of fingerprints present in the committed baseline —
|
|
536
|
+
* the union of every entry's `id` plus its `absorbedFingerprints`.
|
|
537
|
+
* The absorbed set matters: cross-tool dedup collapses several
|
|
538
|
+
* findings into one representative, and an allowlist entry keyed on a
|
|
539
|
+
* collapsed contributor still suppresses the merged finding (CLAUDE.md
|
|
540
|
+
* Rule 9 robust matching). Including absorbed fingerprints here keeps
|
|
541
|
+
* such entries OUT of the orphaned bucket.
|
|
542
|
+
*
|
|
543
|
+
* Returns `undefined` when no baseline exists on disk (the caller
|
|
544
|
+
* renders a steer-to-CI notice rather than reporting false orphans).
|
|
545
|
+
*/
|
|
546
|
+
function baselineFingerprintSet(cwd, name) {
|
|
547
|
+
const baselinePath = (0, baseline_file_1.pathForBaseline)(cwd, name ?? baseline_file_1.DEFAULT_BASELINE_NAME);
|
|
548
|
+
if (!fs.existsSync(baselinePath))
|
|
549
|
+
return undefined;
|
|
550
|
+
const baseline = (0, baseline_file_1.readBaselineFile)(baselinePath);
|
|
551
|
+
const set = new Set();
|
|
552
|
+
for (const entry of baseline.findings) {
|
|
553
|
+
set.add(entry.id);
|
|
554
|
+
if ('absorbedFingerprints' in entry && entry.absorbedFingerprints) {
|
|
555
|
+
for (const fp of entry.absorbedFingerprints)
|
|
556
|
+
set.add(fp);
|
|
557
|
+
}
|
|
558
|
+
}
|
|
559
|
+
return set;
|
|
560
|
+
}
|
|
374
561
|
function parseCategory(raw) {
|
|
375
562
|
if (!raw) {
|
|
376
563
|
logger.fail(`--category is required. One of: ${categories_1.ALL_CATEGORIES.join(', ')}.`);
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"cli.js","sourceRoot":"","sources":["../../src/allowlist/cli.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAiCG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AA0FH,oCAmDC;AAID,0CAqBC;AAyHD,4CAuBC;AAID,4CA8BC;AAID,8CAsEC;AAID,8CAmCC;AAvcD,2CAA6B;AAC7B,iDAAyC;AACzC,kDAAoC;AACpC,4CAAyC;AAIzC,6CAQsB;AA+hBb,oGAriBP,gCAAmB,OAqiBO;AA9hB5B,iCAgBgB;AAihBP,mGAhiBP,yBAAkB,OAgiBO;AAhhB3B,qCAA4C;AAE5C,2DAA2D;AAC9C,QAAA,qBAAqB,GAAG,CAAC,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,OAAO,CAAU,CAAC;AA8CxF;;;;;GAKG;AACI,KAAK,UAAU,YAAY,CAChC,GAAW,EACX,UAA8B,EAC9B,IAGC;IAED,IAAI,CAAC,UAAU,IAAI,CAAC,qBAAqB,CAAC,UAAU,CAAC,EAAE,CAAC;QACtD,MAAM,CAAC,IAAI,CACT,iCAAiC,IAAI,CAAC,SAAS,CAAC,UAAU,IAAI,QAAQ,CAAC,IAAI;YACzE,oBAAoB,6BAAqB,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAC1D,CAAC;QACF,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IAED,QAAQ,UAAU,EAAE,CAAC;QACnB,KAAK,KAAK;YACR,OAAO,eAAe,CAAC,GAAG,EAAE;gBAC1B,MAAM,EAAE,IAAI,CAAC,eAAe;gBAC5B,QAAQ,EAAE,IAAI,CAAC,MAAM,CAAC,QAA8B;gBACpD,MAAM,EAAE,IAAI,CAAC,MAAM,CAAC,MAA4B;gBAChD,IAAI,EAAE,IAAI,CAAC,MAAM,CAAC,IAA0B;gBAC5C,WAAW,EAAE,IAAI,CAAC,MAAM,CAAC,WAAiC;gBAC1D,OAAO,EAAE,IAAI,CAAC,MAAM,CAAC,OAA6B;gBAClD,oBAAoB,EAAE,IAAI,CAAC,MAAM,CAAC,uBAAuB,CAAuB;gBAChF,OAAO,EAAE,IAAI,CAAC,MAAM,CAAC,UAAU,CAAuB;gBACtD,IAAI,EAAE,IAAI,CAAC,MAAM,CAAC,IAAiC;aACpD,CAAC,CAAC;QACL,KAAK,MAAM;YACT,OAAO,gBAAgB,CAAC,GAAG,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC,CAAC;QAC7D,KAAK,MAAM;YACT,OAAO,gBAAgB,CAAC,GAAG,EAAE;gBAC3B,WAAW,EAAE,IAAI,CAAC,eAAe;gBACjC,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI;aACzB,CAAC,CAAC;QACL,KAAK,OAAO,CAAC,CAAC,CAAC;YACb,MAAM,UAAU,GAAG,IAAI,CAAC,MAAM,CAAC,WAAW,CAAuB,CAAC;YAClE,MAAM,OAAO,GAAG,UAAU,CAAC,CAAC,CAAC,QAAQ,CAAC,UAAU,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;YAClE,OAAO,iBAAiB,CAAC,GAAG,EAAE;gBAC5B,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI;gBACxB,gBAAgB,EAAE,MAAM,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,SAAS;aACjE,CAAC,CAAC;QACL,CAAC;QACD,KAAK,OAAO;YACV,OAAO,iBAAiB,CAAC,GAAG,EAAE;gBAC5B,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI;gBACxB,MAAM,EAAE,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC;gBAChC,GAAG,EAAE,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,GAAG;aACvB,CAAC,CAAC;IACP,CAAC;AACH,CAAC;AAED,6EAA6E;AAEtE,KAAK,UAAU,eAAe,CAAC,GAAW,EAAE,IAAsB;IACvE,gEAAgE;IAChE,0BAA0B;IAC1B,MAAM,QAAQ,GAAG,aAAa,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;IAC9C,MAAM,MAAM,GAAG,CAAC,IAAI,CAAC,MAAM,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;IAC1C,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,MAAM,CAAC,IAAI,CAAC,mDAAmD,CAAC,CAAC;QACjE,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IAED,sEAAsE;IACtE,4BAA4B;IAC5B,oEAAoE;IACpE,sDAAsD;IACtD,MAAM,YAAY,GAAG,iBAAiB,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;IACpD,IAAI,YAAY,EAAE,CAAC;QACjB,OAAO,YAAY,CAAC,EAAE,GAAG,EAAE,MAAM,EAAE,YAAY,EAAE,QAAQ,EAAE,MAAM,EAAE,CAAC,CAAC;IACvE,CAAC;IAED,kBAAkB;IAClB,OAAO,eAAe,CAAC,EAAE,GAAG,EAAE,IAAI,EAAE,QAAQ,EAAE,MAAM,EAAE,CAAC,CAAC;AAC1D,CAAC;AAOD,SAAS,iBAAiB,CAAC,MAA0B;IACnD,IAAI,CAAC,MAAM;QAAE,OAAO,IAAI,CAAC;IACzB,MAAM,CAAC,GAAG,MAAM,CAAC,KAAK,CAAC,cAAc,CAAC,CAAC;IACvC,IAAI,CAAC,CAAC;QAAE,OAAO,IAAI,CAAC;IACpB,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,EAAE,CAAC;AAClD,CAAC;AAED,KAAK,UAAU,YAAY,CAAC,IAK3B;IACC,MAAM,EAAE,GAAG,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,GAAG,IAAI,CAAC;IAC/C,IAAI,CAAC,yCAA4B,CAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC;QAChD,MAAM,CAAC,IAAI,CACT,YAAY,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,kBAAkB;YACpD,qDAAqD;YACrD,iCAAiC,CAAC,GAAG,yCAA4B,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CACnF,CAAC;QACF,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IAED,MAAM,OAAO,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,MAAM,CAAC,IAAI,CAAC,CAAC;IAC/C,MAAM,IAAI,GAAG,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;IACxC,IAAI,CAAC,IAAI,IAAI,CAAC,IAAI,CAAC,aAAa,EAAE,CAAC;QACjC,MAAM,CAAC,IAAI,CACT,iDAAiD,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI;YAC9E,qEAAqE,CACxE,CAAC;QACF,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IAED,MAAM,MAAM,GAAG,IAAA,yBAAgB,EAAC,OAAO,EAAE,MAAM,CAAC,IAAI,EAAE,EAAE,QAAQ,EAAE,MAAM,EAAE,EAAE,IAAI,CAAC,CAAC;IAClF,MAAM,CAAC,IAAI,CACT,YAAY,MAAM,CAAC,QAAQ,4BAA4B,MAAM,CAAC,IAAI,IAAI,MAAM,CAAC,cAAc,GAAG;QAC5F,aAAa,QAAQ,GAAG,CAC3B,CAAC;AACJ,CAAC;AAED,KAAK,UAAU,eAAe,CAAC,IAK9B;IACC,MAAM,EAAE,GAAG,EAAE,IAAI,EAAE,QAAQ,EAAE,MAAM,EAAE,GAAG,IAAI,CAAC;IAC7C,MAAM,WAAW,GAAG,IAAI,CAAC,WAAW,EAAE,IAAI,EAAE,CAAC;IAC7C,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,EAAE,IAAI,EAAE,CAAC;IAClC,IAAI,CAAC,WAAW,IAAI,CAAC,OAAO,EAAE,CAAC;QAC7B,MAAM,CAAC,IAAI,CACT,+EAA+E;YAC7E,wFAAwF,CAC3F,CAAC;QACF,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IACD,MAAM,IAAI,GAAG,OAAuB,CAAC;IACrC,IAAI,CAAC,IAAA,mCAAsB,EAAC,IAAI,EAAE,QAAQ,CAAC,EAAE,CAAC;QAC5C,MAAM,CAAC,IAAI,CACT,YAAY,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,2BAA2B,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,EAAE,CACtF,CAAC;QACF,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IAED,MAAM,SAAS,GAAG,gBAAgB,CAAC,IAAI,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC;IAC3D,MAAM,OAAO,GAAG,IAAI,CAAC,OAAO,EAAE,IAAI,EAAE,IAAI,mBAAmB,CAAC,GAAG,CAAC,CAAC;IACjE,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,MAAM,CAAC,IAAI,CAAC,6EAA6E,CAAC,CAAC;QAC3F,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IACD,MAAM,OAAO,GAAG,QAAQ,EAAE,CAAC;IAC3B,MAAM,oBAAoB,GAAG,gBAAgB,CAAC,IAAI,CAAC,oBAAoB,CAAC,CAAC;IAEzE,MAAM,KAAK,GAAmB;QAC5B,WAAW;QACX,IAAI;QACJ,QAAQ;QACR,MAAM;QACN,OAAO;QACP,OAAO;QACP,GAAG,CAAC,SAAS,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,SAAS,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QACjD,GAAG,CAAC,oBAAoB,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,oBAAoB,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;KACxE,CAAC;IAEF,+EAA+E;IAC/E,MAAM,IAAI,GAAG,WAAW,CAAC,GAAG,EAAE,IAAI,CAAC,IAAI,CAAC,CAAC;IACzC,MAAM,gBAAgB,GAAG,IAAA,6BAAsB,EAAC,KAAK,EAAE,IAAI,CAAC,CAAC;IAC7D,IAAI,gBAAgB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAChC,MAAM,CAAC,IAAI,CAAC,oCAAoC,CAAC,CAAC;QAClD,KAAK,MAAM,CAAC,IAAI,gBAAgB,EAAE,CAAC;YACjC,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,KAAK,KAAK,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC;QAC9C,CAAC;QACD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IAED,MAAM,QAAQ,GAAG,IAAA,oBAAa,EAAC,GAAG,CAAC,IAAI,IAAA,yBAAkB,EAAC,IAAI,CAAC,CAAC;IAChE,IAAI,IAAA,gBAAS,EAAC,QAAQ,EAAE,WAAW,CAAC,EAAE,CAAC;QACrC,MAAM,CAAC,IAAI,CACT,oDAAoD,WAAW,IAAI;YACjE,mCAAmC,WAAW,iCAAiC,CAClF,CAAC;QACF,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IAED,MAAM,OAAO,GAAkB,EAAE,GAAG,IAAA,eAAQ,EAAC,QAAQ,EAAE,KAAK,CAAC,EAAE,IAAI,EAAE,CAAC;IACtE,IAAA,oBAAa,EAAC,GAAG,EAAE,OAAO,CAAC,CAAC;IAC5B,MAAM,CAAC,IAAI,CACT,yCAAyC,WAAW,UAAU,IAAI,cAAc,QAAQ,GAAG;QACzF,CAAC,SAAS,CAAC,CAAC,CAAC,aAAa,SAAS,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,CAC9C,CAAC;AACJ,CAAC;AAED,6EAA6E;AAEtE,KAAK,UAAU,gBAAgB,CAAC,GAAW,EAAE,IAAuB;IACzE,MAAM,IAAI,GAAG,IAAA,oBAAa,EAAC,GAAG,CAAC,CAAC;IAChC,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC;QACd,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,IAAI,IAAA,yBAAkB,EAAC,MAAM,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC,GAAG,IAAI,CAAC,CAAC;QACzF,OAAO;IACT,CAAC;IAED,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACvC,MAAM,CAAC,IAAI,CAAC,uEAAuE,CAAC,CAAC;QACrF,OAAO;IACT,CAAC;IACD,MAAM,CAAC,IAAI,CACT,GAAG,IAAI,CAAC,OAAO,CAAC,MAAM,kBAAkB,IAAI,CAAC,OAAO,CAAC,MAAM,KAAK,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,KAAK,GAAG;QAChF,SAAS,IAAI,CAAC,IAAI,YAAY,IAAI,CAAC,aAAa,IAAI,CACvD,CAAC;IACF,KAAK,MAAM,KAAK,IAAI,IAAI,CAAC,OAAO,EAAE,CAAC;QACjC,MAAM,OAAO,GAAG,KAAK,CAAC,SAAS,CAAC,CAAC,CAAC,cAAc,KAAK,CAAC,SAAS,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QACvE,MAAM,aAAa,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,QAAQ,CAAC,KAAK,CAAC,MAAM,EAAE,EAAE,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QAC7E,MAAM,CAAC,IAAI,CACT,KAAK,KAAK,CAAC,WAAW,KAAK,KAAK,CAAC,IAAI,IAAI,KAAK,CAAC,QAAQ,EAAE;YACvD,YAAY,KAAK,CAAC,OAAO,GAAG,OAAO,IAAI,aAAa,EAAE,CACzD,CAAC;IACJ,CAAC;AACH,CAAC;AAED,6EAA6E;AAEtE,KAAK,UAAU,gBAAgB,CAAC,GAAW,EAAE,IAAuB;IACzE,MAAM,EAAE,GAAG,IAAI,CAAC,WAAW,EAAE,IAAI,EAAE,CAAC;IACpC,IAAI,CAAC,EAAE,EAAE,CAAC;QACR,MAAM,CAAC,IAAI,CAAC,gDAAgD,CAAC,CAAC;QAC9D,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IACD,MAAM,IAAI,GAAG,IAAA,oBAAa,EAAC,GAAG,CAAC,CAAC;IAChC,IAAI,CAAC,IAAI,EAAE,CAAC;QACV,MAAM,CAAC,IAAI,CAAC,wBAAwB,IAAA,uBAAgB,EAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QAC7D,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IACD,MAAM,KAAK,GAAG,IAAA,gBAAS,EAAC,IAAI,EAAE,EAAE,CAAC,CAAC;IAClC,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,MAAM,CAAC,IAAI,CAAC,sCAAsC,EAAE,EAAE,CAAC,CAAC;QACxD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IACD,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC;QACd,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC,GAAG,IAAI,CAAC,CAAC;QAC5D,OAAO;IACT,CAAC;IACD,MAAM,CAAC,IAAI,CAAC,uBAAuB,KAAK,CAAC,WAAW,EAAE,CAAC,CAAC;IACxD,MAAM,CAAC,IAAI,CAAC,uBAAuB,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC;IACjD,MAAM,CAAC,IAAI,CAAC,uBAAuB,KAAK,CAAC,QAAQ,EAAE,CAAC,CAAC;IACrD,MAAM,CAAC,IAAI,CAAC,uBAAuB,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC;IACpD,IAAI,KAAK,CAAC,OAAO;QAAE,MAAM,CAAC,IAAI,CAAC,uBAAuB,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC;IACvE,IAAI,KAAK,CAAC,SAAS;QAAE,MAAM,CAAC,IAAI,CAAC,uBAAuB,KAAK,CAAC,SAAS,EAAE,CAAC,CAAC;IAC3E,IAAI,KAAK,CAAC,oBAAoB,EAAE,CAAC;QAC/B,MAAM,CAAC,IAAI,CAAC,uBAAuB,KAAK,CAAC,oBAAoB,EAAE,CAAC,CAAC;IACnE,CAAC;IACD,IAAI,KAAK,CAAC,MAAM;QAAE,MAAM,CAAC,IAAI,CAAC,uBAAuB,KAAK,CAAC,MAAM,EAAE,CAAC,CAAC;AACvE,CAAC;AAED,6EAA6E;AAEtE,KAAK,UAAU,iBAAiB,CAAC,GAAW,EAAE,IAAwB;IAC3E,MAAM,IAAI,GAAG,IAAA,oBAAa,EAAC,GAAG,CAAC,CAAC;IAChC,IAAI,CAAC,IAAI,EAAE,CAAC;QACV,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC;YACd,OAAO,CAAC,MAAM,CAAC,KAAK,CAClB,IAAI,CAAC,SAAS,CACZ,EAAE,OAAO,EAAE,EAAE,EAAE,YAAY,EAAE,EAAE,EAAE,gBAAgB,EAAE,EAAE,EAAwB,EAC7E,IAAI,EACJ,CAAC,CACF,GAAG,IAAI,CACT,CAAC;YACF,OAAO;QACT,CAAC;QACD,MAAM,CAAC,IAAI,CAAC,wBAAwB,IAAA,uBAAgB,EAAC,GAAG,CAAC,sBAAsB,CAAC,CAAC;QACjF,OAAO;IACT,CAAC;IAED,MAAM,MAAM,GAAG,IAAA,qBAAc,EAAC,IAAI,EAAE,EAAE,gBAAgB,EAAE,IAAI,CAAC,gBAAgB,EAAE,CAAC,CAAC;IAEjF,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC;QACd,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,GAAG,IAAI,CAAC,CAAC;QAC7D,OAAO;IACT,CAAC;IAED,MAAM,KAAK,GAAG,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC;IAClC,MAAM,OAAO,GAAG,IAAI,CAAC,gBAAgB,IAAI,EAAE,CAAC;IAC5C,MAAM,CAAC,IAAI,CACT,oBAAoB,KAAK,QAAQ,KAAK,KAAK,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,KAAK,GAAG;QAC3D,SAAS,IAAI,CAAC,IAAI,4BAA4B,OAAO,OAAO,CAC/D,CAAC;IAEF,IACE,MAAM,CAAC,OAAO,CAAC,MAAM,KAAK,CAAC;QAC3B,MAAM,CAAC,YAAY,CAAC,MAAM,KAAK,CAAC;QAChC,MAAM,CAAC,gBAAgB,CAAC,MAAM,KAAK,CAAC,EACpC,CAAC;QACD,MAAM,CAAC,OAAO,CAAC,kBAAkB,CAAC,CAAC;QACnC,OAAO;IACT,CAAC;IAED,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC9B,MAAM,CAAC,IAAI,CACT,YAAY,MAAM,CAAC,OAAO,CAAC,MAAM,mDAAmD,CACrF,CAAC;QACF,KAAK,MAAM,CAAC,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;YAC/B,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,WAAW,KAAK,CAAC,CAAC,IAAI,IAAI,CAAC,CAAC,QAAQ,aAAa,CAAC,CAAC,SAAS,EAAE,CAAC,CAAC;QACrF,CAAC;IACH,CAAC;IAED,IAAI,MAAM,CAAC,YAAY,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACnC,MAAM,CAAC,IAAI,CACT,mBAAmB,MAAM,CAAC,YAAY,CAAC,MAAM,YAAY,OAAO,4BAA4B,CAC7F,CAAC;QACF,KAAK,MAAM,EAAE,KAAK,EAAE,aAAa,EAAE,IAAI,MAAM,CAAC,YAAY,EAAE,CAAC;YAC3D,MAAM,CAAC,IAAI,CACT,KAAK,KAAK,CAAC,WAAW,KAAK,KAAK,CAAC,IAAI,IAAI,KAAK,CAAC,QAAQ,EAAE;gBACvD,aAAa,KAAK,CAAC,SAAS,QAAQ,aAAa,IAAI,CACxD,CAAC;QACJ,CAAC;IACH,CAAC;IAED,IAAI,MAAM,CAAC,gBAAgB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACvC,MAAM,CAAC,IAAI,CACT,sBAAsB,MAAM,CAAC,gBAAgB,CAAC,MAAM,MAAM;YACxD,sDAAsD,CACzD,CAAC;QACF,KAAK,MAAM,CAAC,IAAI,MAAM,CAAC,gBAAgB,EAAE,CAAC;YACxC,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,WAAW,KAAK,CAAC,CAAC,IAAI,IAAI,CAAC,CAAC,QAAQ,EAAE,CAAC,CAAC;QAC7D,CAAC;IACH,CAAC;AACH,CAAC;AAED,6EAA6E;AAEtE,KAAK,UAAU,iBAAiB,CAAC,GAAW,EAAE,IAAwB;IAC3E,MAAM,IAAI,GAAG,IAAA,oBAAa,EAAC,GAAG,CAAC,CAAC;IAChC,IAAI,CAAC,IAAI,EAAE,CAAC;QACV,MAAM,CAAC,IAAI,CAAC,wBAAwB,IAAA,uBAAgB,EAAC,GAAG,CAAC,sBAAsB,CAAC,CAAC;QACjF,OAAO;IACT,CAAC;IAED,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,GAAG,IAAA,mBAAY,EAAC,IAAI,CAAC,CAAC;IAE7C,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC;QACd,OAAO,CAAC,MAAM,CAAC,KAAK,CAClB,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,CAAC,CAAC,IAAI,CAAC,MAAM,EAAE,OAAO,EAAE,SAAS,EAAE,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC;YACzF,IAAI,CACP,CAAC;QACF,IAAI,CAAC,IAAI,CAAC,MAAM,IAAI,OAAO,CAAC,MAAM,GAAG,CAAC;YAAE,IAAA,oBAAa,EAAC,GAAG,EAAE,IAAI,CAAC,CAAC;QACjE,OAAO;IACT,CAAC;IAED,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACzB,MAAM,CAAC,IAAI,CAAC,0CAA0C,CAAC,CAAC;QACxD,OAAO;IACT,CAAC;IAED,MAAM,IAAI,GAAG,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,cAAc,CAAC,CAAC,CAAC,UAAU,CAAC;IACvD,MAAM,CAAC,IAAI,CAAC,GAAG,IAAI,IAAI,OAAO,CAAC,MAAM,gBAAgB,OAAO,CAAC,MAAM,KAAK,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,KAAK,GAAG,CAAC,CAAC;IAC5F,KAAK,MAAM,CAAC,IAAI,OAAO,EAAE,CAAC;QACxB,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,WAAW,KAAK,CAAC,CAAC,IAAI,IAAI,CAAC,CAAC,QAAQ,aAAa,CAAC,CAAC,SAAS,EAAE,CAAC,CAAC;IACrF,CAAC;IAED,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC;QAChB,MAAM,CAAC,IAAI,CAAC,kEAAkE,CAAC,CAAC;QAChF,OAAO;IACT,CAAC;IACD,IAAA,oBAAa,EAAC,GAAG,EAAE,IAAI,CAAC,CAAC;IACzB,MAAM,CAAC,OAAO,CAAC,UAAU,OAAO,CAAC,MAAM,mBAAmB,CAAC,CAAC;AAC9D,CAAC;AAED,6EAA6E;AAE7E,SAAS,qBAAqB,CAAC,KAAa;IAC1C,OAAQ,6BAA2C,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;AACtE,CAAC;AAED,SAAS,aAAa,CAAC,GAAuB;IAC5C,IAAI,CAAC,GAAG,EAAE,CAAC;QACT,MAAM,CAAC,IAAI,CAAC,mCAAmC,2BAAc,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAC7E,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IACD,IAAI,CAAE,2BAAoC,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;QACzD,MAAM,CAAC,IAAI,CACT,cAAc,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,4BAA4B;YAC3D,WAAW,2BAAc,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAC1C,CAAC;QACF,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IACD,OAAO,GAAwB,CAAC;AAClC,CAAC;AAED,MAAM,gBAAgB,GAA+B,CAAC,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE,KAAK,CAAC,CAAC;AAE3F,SAAS,gBAAgB,CAAC,GAAuB;IAC/C,IAAI,GAAG,KAAK,SAAS;QAAE,OAAO,SAAS,CAAC;IACxC,IAAI,CAAE,gBAAsC,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;QAC3D,MAAM,CAAC,IAAI,CACT,2BAA2B,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,4BAA4B;YACxE,WAAW,gBAAgB,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAC5C,CAAC;QACF,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IACD,OAAO,GAAsB,CAAC;AAChC,CAAC;AAED,SAAS,gBAAgB,CACvB,GAAuB,EACvB,QAA2B;IAE3B,IAAI,GAAG,KAAK,SAAS,EAAE,CAAC;QACtB,IAAI,CAAC,qBAAqB,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC;YACrC,MAAM,CAAC,IAAI,CAAC,8CAA8C,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;YACjF,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;QACD,OAAO,GAAG,CAAC;IACb,CAAC;IACD,IAAI,IAAA,2BAAc,EAAC,QAAQ,CAAC,EAAE,CAAC;QAC7B,4CAA4C;QAC5C,OAAO,IAAA,8BAAiB,EAAC,IAAI,IAAI,EAAE,CAAC,CAAC;IACvC,CAAC;IACD,OAAO,SAAS,CAAC;AACnB,CAAC;AAED,SAAS,WAAW,CAAC,GAAW,EAAE,QAAmC;IACnE,IAAI,QAAQ,KAAK,SAAS,EAAE,CAAC;QAC3B,IAAI,CAAE,gBAA+B,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC;YACzD,MAAM,CAAC,IAAI,CACT,UAAU,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,wBAAwB;gBACxD,WAAW,gBAAS,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CACrC,CAAC;YACF,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;QACD,OAAO,QAAQ,CAAC;IAClB,CAAC;IACD,MAAM,QAAQ,GAAG,IAAA,oBAAa,EAAC,GAAG,CAAC,CAAC;IACpC,OAAO,QAAQ,EAAE,IAAI,IAAI,MAAM,CAAC;AAClC,CAAC;AAED,SAAS,mBAAmB,CAAC,GAAW;IACtC,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,IAAA,wBAAQ,EAAC,6BAA6B,EAAE;YAClD,GAAG;YACH,KAAK,EAAE,CAAC,QAAQ,EAAE,MAAM,EAAE,QAAQ,CAAC;YACnC,QAAQ,EAAE,MAAM;SACjB,CAAC,CAAC,IAAI,EAAE,CAAC;QACV,OAAO,GAAG,IAAI,SAAS,CAAC;IAC1B,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,SAAS,CAAC;IACnB,CAAC;AACH,CAAC;AAED,SAAS,aAAa,CAAC,IAAY;IACjC,MAAM,GAAG,GAAG,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,WAAW,EAAE,CAAC;IAC7C,IAAI,CAAC,GAAG;QAAE,OAAO,SAAS,CAAC;IAC3B,KAAK,MAAM,IAAI,IAAI,qBAAS,EAAE,CAAC;QAC7B,IAAI,IAAI,CAAC,gBAAgB,CAAC,QAAQ,CAAC,GAAG,CAAC;YAAE,OAAO,IAAI,CAAC;IACvD,CAAC;IACD,OAAO,SAAS,CAAC;AACnB,CAAC;AAED,SAAS,QAAQ,CAAC,MAAY,IAAI,IAAI,EAAE;IACtC,OAAO,GAAG,CAAC,WAAW,EAAE,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;AACxC,CAAC;AAED,SAAS,QAAQ,CAAC,CAAS,EAAE,GAAW;IACtC,IAAI,CAAC,CAAC,MAAM,IAAI,GAAG;QAAE,OAAO,CAAC,CAAC;IAC9B,OAAO,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,GAAG,CAAC,CAAC,GAAG,GAAG,CAAC;AACnC,CAAC"}
|
|
1
|
+
{"version":3,"file":"cli.js","sourceRoot":"","sources":["../../src/allowlist/cli.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAiCG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAoIH,oCAgEC;AAID,0CAqBC;AAyHD,4CAuBC;AAID,4CA8BC;AAID,8CAuGC;AAID,8CAmCC;AAID,gDA4BC;AAkBD,gDA6EC;AA9pBD,uCAAyB;AACzB,2CAA6B;AAC7B,iDAAyC;AACzC,kDAAoC;AACpC,6DAImC;AACnC,gEAA0F;AAC1F,iDAAsD;AACtD,uDAA+F;AAC/F,4CAAyC;AAIzC,6CAQsB;AA0wBb,oGAhxBP,gCAAmB,OAgxBO;AAzwB5B,iCAkBgB;AA0vBP,mGA3wBP,yBAAkB,OA2wBO;AAzvB3B,qCAA4C;AAE5C,2DAA2D;AAC9C,QAAA,qBAAqB,GAAG;IACnC,KAAK;IACL,MAAM;IACN,MAAM;IACN,OAAO;IACP,OAAO;IACP,QAAQ;IACR,QAAQ;CACA,CAAC;AAqEX;;;;;GAKG;AACI,KAAK,UAAU,YAAY,CAChC,GAAW,EACX,UAA8B,EAC9B,IAGC;IAED,IAAI,CAAC,UAAU,IAAI,CAAC,qBAAqB,CAAC,UAAU,CAAC,EAAE,CAAC;QACtD,MAAM,CAAC,IAAI,CACT,iCAAiC,IAAI,CAAC,SAAS,CAAC,UAAU,IAAI,QAAQ,CAAC,IAAI;YACzE,oBAAoB,6BAAqB,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAC1D,CAAC;QACF,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IAED,QAAQ,UAAU,EAAE,CAAC;QACnB,KAAK,KAAK;YACR,OAAO,eAAe,CAAC,GAAG,EAAE;gBAC1B,MAAM,EAAE,IAAI,CAAC,eAAe;gBAC5B,QAAQ,EAAE,IAAI,CAAC,MAAM,CAAC,QAA8B;gBACpD,MAAM,EAAE,IAAI,CAAC,MAAM,CAAC,MAA4B;gBAChD,IAAI,EAAE,IAAI,CAAC,MAAM,CAAC,IAA0B;gBAC5C,WAAW,EAAE,IAAI,CAAC,MAAM,CAAC,WAAiC;gBAC1D,OAAO,EAAE,IAAI,CAAC,MAAM,CAAC,OAA6B;gBAClD,oBAAoB,EAAE,IAAI,CAAC,MAAM,CAAC,uBAAuB,CAAuB;gBAChF,OAAO,EAAE,IAAI,CAAC,MAAM,CAAC,UAAU,CAAuB;gBACtD,IAAI,EAAE,IAAI,CAAC,MAAM,CAAC,IAAiC;aACpD,CAAC,CAAC;QACL,KAAK,MAAM;YACT,OAAO,gBAAgB,CAAC,GAAG,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC,CAAC;QAC7D,KAAK,MAAM;YACT,OAAO,gBAAgB,CAAC,GAAG,EAAE;gBAC3B,WAAW,EAAE,IAAI,CAAC,eAAe;gBACjC,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI;aACzB,CAAC,CAAC;QACL,KAAK,OAAO,CAAC,CAAC,CAAC;YACb,MAAM,UAAU,GAAG,IAAI,CAAC,MAAM,CAAC,WAAW,CAAuB,CAAC;YAClE,MAAM,OAAO,GAAG,UAAU,CAAC,CAAC,CAAC,QAAQ,CAAC,UAAU,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;YAClE,OAAO,iBAAiB,CAAC,GAAG,EAAE;gBAC5B,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI;gBACxB,gBAAgB,EAAE,MAAM,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,SAAS;gBAChE,eAAe,EAAE,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,kBAAkB,CAAC;gBAClD,YAAY,EAAE,IAAI,CAAC,MAAM,CAAC,eAAe,CAAuB;aACjE,CAAC,CAAC;QACL,CAAC;QACD,KAAK,OAAO;YACV,OAAO,iBAAiB,CAAC,GAAG,EAAE;gBAC5B,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI;gBACxB,MAAM,EAAE,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC;gBAChC,GAAG,EAAE,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,GAAG;aACvB,CAAC,CAAC;QACL,KAAK,QAAQ;YACX,OAAO,kBAAkB,CAAC,GAAG,EAAE;gBAC7B,WAAW,EAAE,IAAI,CAAC,eAAe;gBACjC,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI;aACzB,CAAC,CAAC;QACL,KAAK,QAAQ;YACX,OAAO,kBAAkB,CAAC,GAAG,EAAE;gBAC7B,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI;gBACxB,GAAG,EAAE,IAAI,CAAC,MAAM,CAAC,GAAyB;gBAC1C,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI;aACzB,CAAC,CAAC;IACP,CAAC;AACH,CAAC;AAED,6EAA6E;AAEtE,KAAK,UAAU,eAAe,CAAC,GAAW,EAAE,IAAsB;IACvE,gEAAgE;IAChE,0BAA0B;IAC1B,MAAM,QAAQ,GAAG,aAAa,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;IAC9C,MAAM,MAAM,GAAG,CAAC,IAAI,CAAC,MAAM,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;IAC1C,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,MAAM,CAAC,IAAI,CAAC,mDAAmD,CAAC,CAAC;QACjE,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IAED,sEAAsE;IACtE,4BAA4B;IAC5B,oEAAoE;IACpE,sDAAsD;IACtD,MAAM,YAAY,GAAG,iBAAiB,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;IACpD,IAAI,YAAY,EAAE,CAAC;QACjB,OAAO,YAAY,CAAC,EAAE,GAAG,EAAE,MAAM,EAAE,YAAY,EAAE,QAAQ,EAAE,MAAM,EAAE,CAAC,CAAC;IACvE,CAAC;IAED,kBAAkB;IAClB,OAAO,eAAe,CAAC,EAAE,GAAG,EAAE,IAAI,EAAE,QAAQ,EAAE,MAAM,EAAE,CAAC,CAAC;AAC1D,CAAC;AAOD,SAAS,iBAAiB,CAAC,MAA0B;IACnD,IAAI,CAAC,MAAM;QAAE,OAAO,IAAI,CAAC;IACzB,MAAM,CAAC,GAAG,MAAM,CAAC,KAAK,CAAC,cAAc,CAAC,CAAC;IACvC,IAAI,CAAC,CAAC;QAAE,OAAO,IAAI,CAAC;IACpB,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,EAAE,CAAC;AAClD,CAAC;AAED,KAAK,UAAU,YAAY,CAAC,IAK3B;IACC,MAAM,EAAE,GAAG,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,GAAG,IAAI,CAAC;IAC/C,IAAI,CAAC,yCAA4B,CAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC;QAChD,MAAM,CAAC,IAAI,CACT,YAAY,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,kBAAkB;YACpD,qDAAqD;YACrD,iCAAiC,CAAC,GAAG,yCAA4B,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CACnF,CAAC;QACF,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IAED,MAAM,OAAO,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,MAAM,CAAC,IAAI,CAAC,CAAC;IAC/C,MAAM,IAAI,GAAG,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;IACxC,IAAI,CAAC,IAAI,IAAI,CAAC,IAAI,CAAC,aAAa,EAAE,CAAC;QACjC,MAAM,CAAC,IAAI,CACT,iDAAiD,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI;YAC9E,qEAAqE,CACxE,CAAC;QACF,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IAED,MAAM,MAAM,GAAG,IAAA,yBAAgB,EAAC,OAAO,EAAE,MAAM,CAAC,IAAI,EAAE,EAAE,QAAQ,EAAE,MAAM,EAAE,EAAE,IAAI,CAAC,CAAC;IAClF,MAAM,CAAC,IAAI,CACT,YAAY,MAAM,CAAC,QAAQ,4BAA4B,MAAM,CAAC,IAAI,IAAI,MAAM,CAAC,cAAc,GAAG;QAC5F,aAAa,QAAQ,GAAG,CAC3B,CAAC;AACJ,CAAC;AAED,KAAK,UAAU,eAAe,CAAC,IAK9B;IACC,MAAM,EAAE,GAAG,EAAE,IAAI,EAAE,QAAQ,EAAE,MAAM,EAAE,GAAG,IAAI,CAAC;IAC7C,MAAM,WAAW,GAAG,IAAI,CAAC,WAAW,EAAE,IAAI,EAAE,CAAC;IAC7C,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,EAAE,IAAI,EAAE,CAAC;IAClC,IAAI,CAAC,WAAW,IAAI,CAAC,OAAO,EAAE,CAAC;QAC7B,MAAM,CAAC,IAAI,CACT,+EAA+E;YAC7E,wFAAwF,CAC3F,CAAC;QACF,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IACD,MAAM,IAAI,GAAG,OAAuB,CAAC;IACrC,IAAI,CAAC,IAAA,mCAAsB,EAAC,IAAI,EAAE,QAAQ,CAAC,EAAE,CAAC;QAC5C,MAAM,CAAC,IAAI,CACT,YAAY,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,2BAA2B,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,EAAE,CACtF,CAAC;QACF,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IAED,MAAM,SAAS,GAAG,gBAAgB,CAAC,IAAI,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC;IAC3D,MAAM,OAAO,GAAG,IAAI,CAAC,OAAO,EAAE,IAAI,EAAE,IAAI,mBAAmB,CAAC,GAAG,CAAC,CAAC;IACjE,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,MAAM,CAAC,IAAI,CAAC,6EAA6E,CAAC,CAAC;QAC3F,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IACD,MAAM,OAAO,GAAG,QAAQ,EAAE,CAAC;IAC3B,MAAM,oBAAoB,GAAG,gBAAgB,CAAC,IAAI,CAAC,oBAAoB,CAAC,CAAC;IAEzE,MAAM,KAAK,GAAmB;QAC5B,WAAW;QACX,IAAI;QACJ,QAAQ;QACR,MAAM;QACN,OAAO;QACP,OAAO;QACP,GAAG,CAAC,SAAS,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,SAAS,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QACjD,GAAG,CAAC,oBAAoB,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,oBAAoB,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;KACxE,CAAC;IAEF,+EAA+E;IAC/E,MAAM,IAAI,GAAG,WAAW,CAAC,GAAG,EAAE,IAAI,CAAC,IAAI,CAAC,CAAC;IACzC,MAAM,gBAAgB,GAAG,IAAA,6BAAsB,EAAC,KAAK,EAAE,IAAI,CAAC,CAAC;IAC7D,IAAI,gBAAgB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAChC,MAAM,CAAC,IAAI,CAAC,oCAAoC,CAAC,CAAC;QAClD,KAAK,MAAM,CAAC,IAAI,gBAAgB,EAAE,CAAC;YACjC,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,KAAK,KAAK,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC;QAC9C,CAAC;QACD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IAED,MAAM,QAAQ,GAAG,IAAA,oBAAa,EAAC,GAAG,CAAC,IAAI,IAAA,yBAAkB,EAAC,IAAI,CAAC,CAAC;IAChE,IAAI,IAAA,gBAAS,EAAC,QAAQ,EAAE,WAAW,CAAC,EAAE,CAAC;QACrC,MAAM,CAAC,IAAI,CACT,oDAAoD,WAAW,IAAI;YACjE,mCAAmC,WAAW,iCAAiC,CAClF,CAAC;QACF,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IAED,MAAM,OAAO,GAAkB,EAAE,GAAG,IAAA,eAAQ,EAAC,QAAQ,EAAE,KAAK,CAAC,EAAE,IAAI,EAAE,CAAC;IACtE,IAAA,oBAAa,EAAC,GAAG,EAAE,OAAO,CAAC,CAAC;IAC5B,MAAM,CAAC,IAAI,CACT,yCAAyC,WAAW,UAAU,IAAI,cAAc,QAAQ,GAAG;QACzF,CAAC,SAAS,CAAC,CAAC,CAAC,aAAa,SAAS,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,CAC9C,CAAC;AACJ,CAAC;AAED,6EAA6E;AAEtE,KAAK,UAAU,gBAAgB,CAAC,GAAW,EAAE,IAAuB;IACzE,MAAM,IAAI,GAAG,IAAA,oBAAa,EAAC,GAAG,CAAC,CAAC;IAChC,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC;QACd,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,IAAI,IAAA,yBAAkB,EAAC,MAAM,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC,GAAG,IAAI,CAAC,CAAC;QACzF,OAAO;IACT,CAAC;IAED,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACvC,MAAM,CAAC,IAAI,CAAC,uEAAuE,CAAC,CAAC;QACrF,OAAO;IACT,CAAC;IACD,MAAM,CAAC,IAAI,CACT,GAAG,IAAI,CAAC,OAAO,CAAC,MAAM,kBAAkB,IAAI,CAAC,OAAO,CAAC,MAAM,KAAK,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,KAAK,GAAG;QAChF,SAAS,IAAI,CAAC,IAAI,YAAY,IAAI,CAAC,aAAa,IAAI,CACvD,CAAC;IACF,KAAK,MAAM,KAAK,IAAI,IAAI,CAAC,OAAO,EAAE,CAAC;QACjC,MAAM,OAAO,GAAG,KAAK,CAAC,SAAS,CAAC,CAAC,CAAC,cAAc,KAAK,CAAC,SAAS,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QACvE,MAAM,aAAa,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,QAAQ,CAAC,KAAK,CAAC,MAAM,EAAE,EAAE,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QAC7E,MAAM,CAAC,IAAI,CACT,KAAK,KAAK,CAAC,WAAW,KAAK,KAAK,CAAC,IAAI,IAAI,KAAK,CAAC,QAAQ,EAAE;YACvD,YAAY,KAAK,CAAC,OAAO,GAAG,OAAO,IAAI,aAAa,EAAE,CACzD,CAAC;IACJ,CAAC;AACH,CAAC;AAED,6EAA6E;AAEtE,KAAK,UAAU,gBAAgB,CAAC,GAAW,EAAE,IAAuB;IACzE,MAAM,EAAE,GAAG,IAAI,CAAC,WAAW,EAAE,IAAI,EAAE,CAAC;IACpC,IAAI,CAAC,EAAE,EAAE,CAAC;QACR,MAAM,CAAC,IAAI,CAAC,gDAAgD,CAAC,CAAC;QAC9D,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IACD,MAAM,IAAI,GAAG,IAAA,oBAAa,EAAC,GAAG,CAAC,CAAC;IAChC,IAAI,CAAC,IAAI,EAAE,CAAC;QACV,MAAM,CAAC,IAAI,CAAC,wBAAwB,IAAA,uBAAgB,EAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QAC7D,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IACD,MAAM,KAAK,GAAG,IAAA,gBAAS,EAAC,IAAI,EAAE,EAAE,CAAC,CAAC;IAClC,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,MAAM,CAAC,IAAI,CAAC,sCAAsC,EAAE,EAAE,CAAC,CAAC;QACxD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IACD,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC;QACd,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC,GAAG,IAAI,CAAC,CAAC;QAC5D,OAAO;IACT,CAAC;IACD,MAAM,CAAC,IAAI,CAAC,uBAAuB,KAAK,CAAC,WAAW,EAAE,CAAC,CAAC;IACxD,MAAM,CAAC,IAAI,CAAC,uBAAuB,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC;IACjD,MAAM,CAAC,IAAI,CAAC,uBAAuB,KAAK,CAAC,QAAQ,EAAE,CAAC,CAAC;IACrD,MAAM,CAAC,IAAI,CAAC,uBAAuB,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC;IACpD,IAAI,KAAK,CAAC,OAAO;QAAE,MAAM,CAAC,IAAI,CAAC,uBAAuB,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC;IACvE,IAAI,KAAK,CAAC,SAAS;QAAE,MAAM,CAAC,IAAI,CAAC,uBAAuB,KAAK,CAAC,SAAS,EAAE,CAAC,CAAC;IAC3E,IAAI,KAAK,CAAC,oBAAoB,EAAE,CAAC;QAC/B,MAAM,CAAC,IAAI,CAAC,uBAAuB,KAAK,CAAC,oBAAoB,EAAE,CAAC,CAAC;IACnE,CAAC;IACD,IAAI,KAAK,CAAC,MAAM;QAAE,MAAM,CAAC,IAAI,CAAC,uBAAuB,KAAK,CAAC,MAAM,EAAE,CAAC,CAAC;AACvE,CAAC;AAED,6EAA6E;AAEtE,KAAK,UAAU,iBAAiB,CAAC,GAAW,EAAE,IAAwB;IAC3E,MAAM,IAAI,GAAG,IAAA,oBAAa,EAAC,GAAG,CAAC,CAAC;IAChC,IAAI,CAAC,IAAI,EAAE,CAAC;QACV,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC;YACd,OAAO,CAAC,MAAM,CAAC,KAAK,CAClB,IAAI,CAAC,SAAS,CACZ,EAAE,OAAO,EAAE,EAAE,EAAE,YAAY,EAAE,EAAE,EAAE,gBAAgB,EAAE,EAAE,EAAwB,EAC7E,IAAI,EACJ,CAAC,CACF,GAAG,IAAI,CACT,CAAC;YACF,OAAO;QACT,CAAC;QACD,MAAM,CAAC,IAAI,CAAC,wBAAwB,IAAA,uBAAgB,EAAC,GAAG,CAAC,sBAAsB,CAAC,CAAC;QACjF,OAAO;IACT,CAAC;IAED,oEAAoE;IACpE,kEAAkE;IAClE,oEAAoE;IACpE,IAAI,mBAAoD,CAAC;IACzD,IAAI,IAAI,CAAC,eAAe,EAAE,CAAC;QACzB,mBAAmB,GAAG,sBAAsB,CAAC,GAAG,EAAE,IAAI,CAAC,YAAY,CAAC,CAAC;QACrE,IAAI,CAAC,mBAAmB,EAAE,CAAC;YACzB,MAAM,CAAC,IAAI,CACT,wDAAwD;gBACtD,GAAG,IAAA,+BAAe,EAAC,GAAG,EAAE,IAAI,CAAC,YAAY,IAAI,qCAAqB,CAAC,KAAK;gBACxE,8DAA8D;gBAC9D,4CAA4C,CAC/C,CAAC;QACJ,CAAC;IACH,CAAC;IAED,MAAM,MAAM,GAAG,IAAA,qBAAc,EAAC,IAAI,EAAE;QAClC,gBAAgB,EAAE,IAAI,CAAC,gBAAgB;QACvC,GAAG,CAAC,mBAAmB,CAAC,CAAC,CAAC,EAAE,mBAAmB,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;KACxD,CAAC,CAAC;IAEH,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC;QACd,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,GAAG,IAAI,CAAC,CAAC;QAC7D,OAAO;IACT,CAAC;IAED,MAAM,KAAK,GAAG,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC;IAClC,MAAM,OAAO,GAAG,IAAI,CAAC,gBAAgB,IAAI,EAAE,CAAC;IAC5C,MAAM,CAAC,IAAI,CACT,oBAAoB,KAAK,QAAQ,KAAK,KAAK,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,KAAK,GAAG;QAC3D,SAAS,IAAI,CAAC,IAAI,4BAA4B,OAAO,OAAO,CAC/D,CAAC;IAEF,IACE,MAAM,CAAC,OAAO,CAAC,MAAM,KAAK,CAAC;QAC3B,MAAM,CAAC,YAAY,CAAC,MAAM,KAAK,CAAC;QAChC,MAAM,CAAC,gBAAgB,CAAC,MAAM,KAAK,CAAC;QACpC,CAAC,MAAM,CAAC,QAAQ,EAAE,MAAM,IAAI,CAAC,CAAC,KAAK,CAAC,EACpC,CAAC;QACD,MAAM,CAAC,OAAO,CAAC,kBAAkB,CAAC,CAAC;QACnC,OAAO;IACT,CAAC;IAED,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC9B,MAAM,CAAC,IAAI,CACT,YAAY,MAAM,CAAC,OAAO,CAAC,MAAM,mDAAmD,CACrF,CAAC;QACF,KAAK,MAAM,CAAC,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;YAC/B,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,WAAW,KAAK,CAAC,CAAC,IAAI,IAAI,CAAC,CAAC,QAAQ,aAAa,CAAC,CAAC,SAAS,EAAE,CAAC,CAAC;QACrF,CAAC;IACH,CAAC;IAED,IAAI,MAAM,CAAC,YAAY,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACnC,MAAM,CAAC,IAAI,CACT,mBAAmB,MAAM,CAAC,YAAY,CAAC,MAAM,YAAY,OAAO,4BAA4B,CAC7F,CAAC;QACF,KAAK,MAAM,EAAE,KAAK,EAAE,aAAa,EAAE,IAAI,MAAM,CAAC,YAAY,EAAE,CAAC;YAC3D,MAAM,CAAC,IAAI,CACT,KAAK,KAAK,CAAC,WAAW,KAAK,KAAK,CAAC,IAAI,IAAI,KAAK,CAAC,QAAQ,EAAE;gBACvD,aAAa,KAAK,CAAC,SAAS,QAAQ,aAAa,IAAI,CACxD,CAAC;QACJ,CAAC;IACH,CAAC;IAED,IAAI,MAAM,CAAC,gBAAgB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACvC,MAAM,CAAC,IAAI,CACT,sBAAsB,MAAM,CAAC,gBAAgB,CAAC,MAAM,MAAM;YACxD,sDAAsD,CACzD,CAAC;QACF,KAAK,MAAM,CAAC,IAAI,MAAM,CAAC,gBAAgB,EAAE,CAAC;YACxC,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,WAAW,KAAK,CAAC,CAAC,IAAI,IAAI,CAAC,CAAC,QAAQ,EAAE,CAAC,CAAC;QAC7D,CAAC;IACH,CAAC;IAED,IAAI,MAAM,CAAC,QAAQ,IAAI,MAAM,CAAC,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAClD,MAAM,CAAC,IAAI,CACT,aAAa,MAAM,CAAC,QAAQ,CAAC,MAAM,8CAA8C;YAC/E,0EAA0E;YAC1E,4EAA4E;YAC5E,4EAA4E,CAC/E,CAAC;QACF,KAAK,MAAM,CAAC,IAAI,MAAM,CAAC,QAAQ,EAAE,CAAC;YAChC,MAAM,aAAa,GAAG,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,QAAQ,CAAC,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YACrE,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,WAAW,KAAK,CAAC,CAAC,IAAI,IAAI,CAAC,CAAC,QAAQ,GAAG,aAAa,EAAE,CAAC,CAAC;QAC7E,CAAC;IACH,CAAC;AACH,CAAC;AAED,6EAA6E;AAEtE,KAAK,UAAU,iBAAiB,CAAC,GAAW,EAAE,IAAwB;IAC3E,MAAM,IAAI,GAAG,IAAA,oBAAa,EAAC,GAAG,CAAC,CAAC;IAChC,IAAI,CAAC,IAAI,EAAE,CAAC;QACV,MAAM,CAAC,IAAI,CAAC,wBAAwB,IAAA,uBAAgB,EAAC,GAAG,CAAC,sBAAsB,CAAC,CAAC;QACjF,OAAO;IACT,CAAC;IAED,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,GAAG,IAAA,mBAAY,EAAC,IAAI,CAAC,CAAC;IAE7C,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC;QACd,OAAO,CAAC,MAAM,CAAC,KAAK,CAClB,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,CAAC,CAAC,IAAI,CAAC,MAAM,EAAE,OAAO,EAAE,SAAS,EAAE,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC;YACzF,IAAI,CACP,CAAC;QACF,IAAI,CAAC,IAAI,CAAC,MAAM,IAAI,OAAO,CAAC,MAAM,GAAG,CAAC;YAAE,IAAA,oBAAa,EAAC,GAAG,EAAE,IAAI,CAAC,CAAC;QACjE,OAAO;IACT,CAAC;IAED,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACzB,MAAM,CAAC,IAAI,CAAC,0CAA0C,CAAC,CAAC;QACxD,OAAO;IACT,CAAC;IAED,MAAM,IAAI,GAAG,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,cAAc,CAAC,CAAC,CAAC,UAAU,CAAC;IACvD,MAAM,CAAC,IAAI,CAAC,GAAG,IAAI,IAAI,OAAO,CAAC,MAAM,gBAAgB,OAAO,CAAC,MAAM,KAAK,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,KAAK,GAAG,CAAC,CAAC;IAC5F,KAAK,MAAM,CAAC,IAAI,OAAO,EAAE,CAAC;QACxB,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,WAAW,KAAK,CAAC,CAAC,IAAI,IAAI,CAAC,CAAC,QAAQ,aAAa,CAAC,CAAC,SAAS,EAAE,CAAC,CAAC;IACrF,CAAC;IAED,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC;QAChB,MAAM,CAAC,IAAI,CAAC,kEAAkE,CAAC,CAAC;QAChF,OAAO;IACT,CAAC;IACD,IAAA,oBAAa,EAAC,GAAG,EAAE,IAAI,CAAC,CAAC;IACzB,MAAM,CAAC,OAAO,CAAC,UAAU,OAAO,CAAC,MAAM,mBAAmB,CAAC,CAAC;AAC9D,CAAC;AAED,+EAA+E;AAExE,KAAK,UAAU,kBAAkB,CAAC,GAAW,EAAE,IAAyB;IAC7E,MAAM,EAAE,GAAG,IAAI,CAAC,WAAW,EAAE,IAAI,EAAE,CAAC;IACpC,IAAI,CAAC,EAAE,EAAE,CAAC;QACR,MAAM,CAAC,IAAI,CAAC,kDAAkD,CAAC,CAAC;QAChE,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IACD,MAAM,IAAI,GAAG,IAAA,oBAAa,EAAC,GAAG,CAAC,CAAC;IAChC,IAAI,CAAC,IAAI,EAAE,CAAC;QACV,MAAM,CAAC,IAAI,CAAC,wBAAwB,IAAA,uBAAgB,EAAC,GAAG,CAAC,uBAAuB,CAAC,CAAC;QAClF,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IACD,MAAM,KAAK,GAAG,IAAA,gBAAS,EAAC,IAAI,EAAE,EAAE,CAAC,CAAC;IAClC,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,MAAM,CAAC,IAAI,CACT,sCAAsC,EAAE,IAAI;YAC1C,2DAA2D,CAC9D,CAAC;QACF,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IAED,MAAM,OAAO,GAAG,IAAA,kBAAW,EAAC,IAAI,EAAE,EAAE,CAAC,CAAC;IACtC,IAAA,oBAAa,EAAC,GAAG,EAAE,OAAO,CAAC,CAAC;IAE5B,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC;QACd,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC,GAAG,IAAI,CAAC,CAAC;QACzE,OAAO;IACT,CAAC;IACD,MAAM,CAAC,OAAO,CAAC,2BAA2B,EAAE,UAAU,KAAK,CAAC,IAAI,cAAc,KAAK,CAAC,QAAQ,IAAI,CAAC,CAAC;AACpG,CAAC;AAED,+EAA+E;AAE/E;;;;;;;;;;;;;GAaG;AACI,KAAK,UAAU,kBAAkB,CAAC,GAAW,EAAE,IAAyB;IAC7E,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;QACf,MAAM,CAAC,IAAI,CAAC,iFAAiF,CAAC,CAAC;QAC/F,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IAED,MAAM,IAAI,GAAG,IAAA,oBAAa,EAAC,GAAG,CAAC,CAAC;IAChC,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACvC,MAAM,CAAC,IAAI,CAAC,2CAA2C,CAAC,CAAC;QACzD,OAAO;IACT,CAAC;IAED,MAAM,SAAS,GAAG,IAAA,2BAAgB,EAAC,GAAG,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,KAAK,WAAW,CAAC,CAAC;IAChF,IAAI,SAAS,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC3B,MAAM,CAAC,IAAI,CACT,gDAAgD;YAC9C,8CAA8C,CACjD,CAAC;QACF,OAAO;IACT,CAAC;IAED,sEAAsE;IACtE,uEAAuE;IACvE,uDAAuD;IACvD,MAAM,OAAO,GAAG,IAAI,CAAC,GAAG,IAAI,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;IACrD,MAAM,OAAO,GAAiB,EAAE,CAAC;IACjC,MAAM,YAAY,GAAG,IAAI,GAAG,EAAU,CAAC;IACvC,IAAI,cAAc,GAAG,CAAC,CAAC;IACvB,KAAK,MAAM,CAAC,IAAI,SAAS,EAAE,CAAC;QAC1B,MAAM,WAAW,GAAG,IAAA,oCAAsB,EAAC,IAAA,8BAAgB,EAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC;QAC/F,MAAM,KAAK,GAAG,IAAA,gBAAS,EAAC,IAAI,EAAE,WAAW,CAAC,CAAC;QAC3C,IAAI,CAAC,KAAK;YAAE,SAAS;QACrB,IAAI,CAAC,IAAA,oBAAa,EAAC,KAAK,CAAC,EAAE,CAAC;YAC1B,cAAc,EAAE,CAAC;YACjB,SAAS;QACX,CAAC;QACD,MAAM,GAAG,GAAG,GAAG,CAAC,CAAC,IAAI,KAAK,CAAC,CAAC,IAAI,EAAE,CAAC;QACnC,IAAI,YAAY,CAAC,GAAG,CAAC,GAAG,CAAC;YAAE,SAAS;QACpC,YAAY,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QACtB,OAAO,CAAC,IAAI,CAAC;YACX,MAAM,EAAE,CAAC,CAAC,IAAI;YACd,IAAI,EAAE,CAAC,CAAC,IAAI;YACZ,MAAM,EAAE,KAAK,CAAC,MAAM;YACpB,OAAO,EAAE,IAAA,kCAAoB,EAAC,KAAK,CAAC,SAAS,CAAC;YAC9C,OAAO;SACR,CAAC,CAAC;IACL,CAAC;IAED,MAAM,OAAO,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,IAAI,CAAC,GAAG,IAAI,OAAO,CAAC,CAAC;IACvD,MAAM,MAAM,GAAG,IAAA,6BAAe,EAAC,OAAO,CAAC,CAAC;IACxC,EAAE,CAAC,aAAa,CAAC,OAAO,EAAE,MAAM,EAAE,MAAM,CAAC,CAAC;IAE1C,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC;QACd,OAAO,CAAC,MAAM,CAAC,KAAK,CAClB,IAAI,CAAC,SAAS,CAAC,EAAE,GAAG,EAAE,OAAO,EAAE,OAAO,EAAE,OAAO,CAAC,MAAM,EAAE,cAAc,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC,GAAG,IAAI,CAC1F,CAAC;QACF,OAAO;IACT,CAAC;IAED,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACzB,MAAM,CAAC,IAAI,CACT,0EAA0E,OAAO,GAAG;YAClF,CAAC,cAAc,GAAG,CAAC;gBACjB,CAAC,CAAC,KAAK,cAAc,gBAAgB,cAAc,KAAK,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,KAAK,YAAY;gBACnF,CAAC,CAAC,EAAE,CAAC,CACV,CAAC;QACF,OAAO;IACT,CAAC;IACD,MAAM,CAAC,OAAO,CACZ,SAAS,OAAO,CAAC,MAAM,eAAe,OAAO,CAAC,MAAM,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,GAAG,OAAO,OAAO,EAAE;QACnF,CAAC,cAAc,GAAG,CAAC,CAAC,CAAC,CAAC,KAAK,cAAc,mBAAmB,CAAC,CAAC,CAAC,EAAE,CAAC;QAClE,GAAG,CACN,CAAC;IACF,MAAM,CAAC,GAAG,CACR,mFAAmF;QACjF,oEAAoE,CACvE,CAAC;AACJ,CAAC;AAED,6EAA6E;AAE7E,SAAS,qBAAqB,CAAC,KAAa;IAC1C,OAAQ,6BAA2C,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;AACtE,CAAC;AAED;;;;;;;;;;;GAWG;AACH,SAAS,sBAAsB,CAC7B,GAAW,EACX,IAAwB;IAExB,MAAM,YAAY,GAAG,IAAA,+BAAe,EAAC,GAAG,EAAE,IAAI,IAAI,qCAAqB,CAAC,CAAC;IACzE,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,YAAY,CAAC;QAAE,OAAO,SAAS,CAAC;IACnD,MAAM,QAAQ,GAAG,IAAA,gCAAgB,EAAC,YAAY,CAAC,CAAC;IAChD,MAAM,GAAG,GAAG,IAAI,GAAG,EAAU,CAAC;IAC9B,KAAK,MAAM,KAAK,IAAI,QAAQ,CAAC,QAAQ,EAAE,CAAC;QACtC,GAAG,CAAC,GAAG,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;QAClB,IAAI,sBAAsB,IAAI,KAAK,IAAI,KAAK,CAAC,oBAAoB,EAAE,CAAC;YAClE,KAAK,MAAM,EAAE,IAAI,KAAK,CAAC,oBAAoB;gBAAE,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QAC3D,CAAC;IACH,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AAED,SAAS,aAAa,CAAC,GAAuB;IAC5C,IAAI,CAAC,GAAG,EAAE,CAAC;QACT,MAAM,CAAC,IAAI,CAAC,mCAAmC,2BAAc,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAC7E,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IACD,IAAI,CAAE,2BAAoC,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;QACzD,MAAM,CAAC,IAAI,CACT,cAAc,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,4BAA4B;YAC3D,WAAW,2BAAc,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAC1C,CAAC;QACF,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IACD,OAAO,GAAwB,CAAC;AAClC,CAAC;AAED,MAAM,gBAAgB,GAA+B,CAAC,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE,KAAK,CAAC,CAAC;AAE3F,SAAS,gBAAgB,CAAC,GAAuB;IAC/C,IAAI,GAAG,KAAK,SAAS;QAAE,OAAO,SAAS,CAAC;IACxC,IAAI,CAAE,gBAAsC,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;QAC3D,MAAM,CAAC,IAAI,CACT,2BAA2B,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,4BAA4B;YACxE,WAAW,gBAAgB,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAC5C,CAAC;QACF,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IACD,OAAO,GAAsB,CAAC;AAChC,CAAC;AAED,SAAS,gBAAgB,CACvB,GAAuB,EACvB,QAA2B;IAE3B,IAAI,GAAG,KAAK,SAAS,EAAE,CAAC;QACtB,IAAI,CAAC,qBAAqB,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC;YACrC,MAAM,CAAC,IAAI,CAAC,8CAA8C,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;YACjF,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;QACD,OAAO,GAAG,CAAC;IACb,CAAC;IACD,IAAI,IAAA,2BAAc,EAAC,QAAQ,CAAC,EAAE,CAAC;QAC7B,4CAA4C;QAC5C,OAAO,IAAA,8BAAiB,EAAC,IAAI,IAAI,EAAE,CAAC,CAAC;IACvC,CAAC;IACD,OAAO,SAAS,CAAC;AACnB,CAAC;AAED,SAAS,WAAW,CAAC,GAAW,EAAE,QAAmC;IACnE,IAAI,QAAQ,KAAK,SAAS,EAAE,CAAC;QAC3B,IAAI,CAAE,gBAA+B,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC;YACzD,MAAM,CAAC,IAAI,CACT,UAAU,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,wBAAwB;gBACxD,WAAW,gBAAS,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CACrC,CAAC;YACF,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;QACD,OAAO,QAAQ,CAAC;IAClB,CAAC;IACD,MAAM,QAAQ,GAAG,IAAA,oBAAa,EAAC,GAAG,CAAC,CAAC;IACpC,OAAO,QAAQ,EAAE,IAAI,IAAI,MAAM,CAAC;AAClC,CAAC;AAED,SAAS,mBAAmB,CAAC,GAAW;IACtC,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,IAAA,wBAAQ,EAAC,6BAA6B,EAAE;YAClD,GAAG;YACH,KAAK,EAAE,CAAC,QAAQ,EAAE,MAAM,EAAE,QAAQ,CAAC;YACnC,QAAQ,EAAE,MAAM;SACjB,CAAC,CAAC,IAAI,EAAE,CAAC;QACV,OAAO,GAAG,IAAI,SAAS,CAAC;IAC1B,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,SAAS,CAAC;IACnB,CAAC;AACH,CAAC;AAED,SAAS,aAAa,CAAC,IAAY;IACjC,MAAM,GAAG,GAAG,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,WAAW,EAAE,CAAC;IAC7C,IAAI,CAAC,GAAG;QAAE,OAAO,SAAS,CAAC;IAC3B,KAAK,MAAM,IAAI,IAAI,qBAAS,EAAE,CAAC;QAC7B,IAAI,IAAI,CAAC,gBAAgB,CAAC,QAAQ,CAAC,GAAG,CAAC;YAAE,OAAO,IAAI,CAAC;IACvD,CAAC;IACD,OAAO,SAAS,CAAC;AACnB,CAAC;AAED,SAAS,QAAQ,CAAC,MAAY,IAAI,IAAI,EAAE;IACtC,OAAO,GAAG,CAAC,WAAW,EAAE,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;AACxC,CAAC;AAED,SAAS,QAAQ,CAAC,CAAS,EAAE,GAAW;IACtC,IAAI,CAAC,CAAC,MAAM,IAAI,GAAG;QAAE,OAAO,CAAC,CAAC;IAC9B,OAAO,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,GAAG,CAAC,CAAC,GAAG,GAAG,CAAC;AACnC,CAAC"}
|
package/dist/allowlist/file.d.ts
CHANGED
|
@@ -212,17 +212,35 @@ export interface SoonToExpire {
|
|
|
212
212
|
* reason. In full mode this should never happen (validator
|
|
213
213
|
* rejects); in sanitized mode it may occur when the sidecar is
|
|
214
214
|
* missing or stale.
|
|
215
|
+
* - `orphaned` — entries whose fingerprint matches no current
|
|
216
|
+
* finding. Only populated when the caller supplies the set of
|
|
217
|
+
* current finding fingerprints via `AuditOptions.currentFingerprints`
|
|
218
|
+
* (otherwise `undefined` — audit stays pure-over-file). An orphaned
|
|
219
|
+
* entry is NOT necessarily stale: re-baselining churns some
|
|
220
|
+
* fingerprints (semgrep nondeterminism, cross-tool dedup ordering),
|
|
221
|
+
* and an entry may suppress an intermittently-detected finding. So
|
|
222
|
+
* this bucket FLAGS for review — it never drives auto-removal.
|
|
215
223
|
*/
|
|
216
224
|
export interface AuditReport {
|
|
217
225
|
readonly expired: ReadonlyArray<AllowlistEntry>;
|
|
218
226
|
readonly soonToExpire: ReadonlyArray<SoonToExpire>;
|
|
219
227
|
readonly missingRationale: ReadonlyArray<AllowlistEntry>;
|
|
228
|
+
/** Entries whose fingerprint is absent from the supplied current-
|
|
229
|
+
* finding set. `undefined` when no set was supplied (the caller
|
|
230
|
+
* didn't ask for orphan detection). */
|
|
231
|
+
readonly orphaned?: ReadonlyArray<AllowlistEntry>;
|
|
220
232
|
}
|
|
221
233
|
export interface AuditOptions {
|
|
222
234
|
readonly now?: Date;
|
|
223
235
|
/** Window in days within which `expiresAt` is considered "soon."
|
|
224
236
|
* Default 14 — chosen to match a typical sprint cadence. */
|
|
225
237
|
readonly soonToExpireDays?: number;
|
|
238
|
+
/** Set of fingerprints present in the current finding set (the
|
|
239
|
+
* union of every baseline entry's `id` plus its
|
|
240
|
+
* `absorbedFingerprints`, so an entry keyed on a collapsed
|
|
241
|
+
* contributor isn't falsely flagged). When provided, entries whose
|
|
242
|
+
* fingerprint isn't in this set land in the `orphaned` bucket. */
|
|
243
|
+
readonly currentFingerprints?: ReadonlySet<string>;
|
|
226
244
|
}
|
|
227
245
|
export declare function auditAllowlist(file: AllowlistFile, options?: AuditOptions): AuditReport;
|
|
228
246
|
/**
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"file.d.ts","sourceRoot":"","sources":["../../src/allowlist/file.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA0CG;AAIH,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,uBAAuB,CAAC;AAC1D,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,mBAAmB,CAAC;AACzD,OAAO,EAIL,KAAK,iBAAiB,EACvB,MAAM,cAAc,CAAC;AAEtB,eAAO,MAAM,wBAAwB,EAAG,oBAA6B,CAAC;AACtE,MAAM,MAAM,sBAAsB,GAAG,OAAO,wBAAwB,CAAC;AAErE,eAAO,MAAM,gCAAgC,EAAG,4BAAqC,CAAC;AACtF,MAAM,MAAM,6BAA6B,GAAG,OAAO,gCAAgC,CAAC;AAEpF,eAAO,MAAM,aAAa,WAAW,CAAC;AACtC,eAAO,MAAM,kBAAkB,mBAAmB,CAAC;AACnD,eAAO,MAAM,0BAA0B,iCAAiC,CAAC;AAEzE;;;;;;GAMG;AACH,eAAO,MAAM,SAAS,gCAAiC,CAAC;AACxD,MAAM,MAAM,aAAa,GAAG,CAAC,OAAO,SAAS,CAAC,CAAC,MAAM,CAAC,CAAC;AAEvD;;;;;;;;GAQG;AACH,MAAM,WAAW,cAAc;IAC7B,qEAAqE;IACrE,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAC;IAC7B;4BACwB;IACxB,QAAQ,CAAC,IAAI,EAAE,YAAY,CAAC;IAC5B;kBACc;IACd,QAAQ,CAAC,QAAQ,EAAE,iBAAiB,CAAC;IACrC;qCACiC;IACjC,QAAQ,CAAC,MAAM,CAAC,EAAE,MAAM,CAAC;IACzB;;yBAEqB;IACrB,QAAQ,CAAC,OAAO,CAAC,EAAE,MAAM,CAAC;IAC1B,oDAAoD;IACpD,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;IACzB;;8BAE0B;IAC1B,QAAQ,CAAC,SAAS,CAAC,EAAE,MAAM,CAAC;IAC5B;;kEAE8D;IAC9D,QAAQ,CAAC,oBAAoB,CAAC,EAAE,eAAe,CAAC;CACjD;AAED,MAAM,WAAW,aAAa;IAC5B,QAAQ,CAAC,aAAa,EAAE,sBAAsB,CAAC;IAC/C,QAAQ,CAAC,IAAI,EAAE,aAAa,CAAC;IAC7B,QAAQ,CAAC,OAAO,EAAE,aAAa,CAAC,cAAc,CAAC,CAAC;CACjD;AAED;;;;;;GAMG;AACH,MAAM,WAAW,uBAAuB;IACtC,QAAQ,CAAC,aAAa,EAAE,6BAA6B,CAAC;IACtD,QAAQ,CAAC,OAAO,EAAE,QAAQ,CACxB,MAAM,CACc,MAAM,EACxB;QACE,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC;QACxB,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;KAC1B,CACF,CACF,CAAC;CACH;AAED,MAAM,WAAW,eAAe;IAC9B,QAAQ,CAAC,WAAW,CAAC,EAAE,MAAM,CAAC;IAC9B,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAC;IACvB,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;CAC1B;AAED,wBAAgB,gBAAgB,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,CAEpD;AAED,wBAAgB,uBAAuB,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,CAE3D;AAED;;;GAGG;AACH,wBAAgB,kBAAkB,CAAC,IAAI,GAAE,aAAsB,GAAG,aAAa,CAE9E;AAED;;;;;;;;;;;;;;GAcG;AACH,wBAAgB,aAAa,CAAC,GAAG,EAAE,MAAM,GAAG,aAAa,GAAG,IAAI,CAuC/D;AAED;;;GAGG;AACH,wBAAgB,oBAAoB,CAAC,GAAG,EAAE,MAAM,GAAG,uBAAuB,GAAG,IAAI,CA2BhF;AAED;;;;;;;;GAQG;AACH,wBAAgB,aAAa,CAAC,GAAG,EAAE,MAAM,EAAE,IAAI,EAAE,aAAa,GAAG,IAAI,CAkCpE;AAED,oCAAoC;AACpC,wBAAgB,SAAS,CAAC,IAAI,EAAE,aAAa,EAAE,WAAW,EAAE,MAAM,GAAG,cAAc,GAAG,SAAS,CAE9F;AAED;;;GAGG;AACH,wBAAgB,QAAQ,CAAC,IAAI,EAAE,aAAa,EAAE,KAAK,EAAE,cAAc,GAAG,aAAa,CAQlF;AAED;;;;GAIG;AACH,wBAAgB,WAAW,CAAC,IAAI,EAAE,aAAa,EAAE,WAAW,EAAE,MAAM,GAAG,aAAa,CAEnF;AAED;;;;;GAKG;AACH,wBAAgB,cAAc,CAAC,IAAI,EAAE,aAAa,EAAE,WAAW,EAAE,MAAM,GAAG,OAAO,CAEhF;AAED;;;;;GAKG;AACH,wBAAgB,aAAa,CAAC,KAAK,EAAE,cAAc,EAAE,GAAG,GAAE,IAAiB,GAAG,OAAO,CAIpF;AAED;;;GAGG;AACH,wBAAgB,eAAe,CAAC,KAAK,EAAE,cAAc,EAAE,GAAG,GAAE,IAAiB,GAAG,MAAM,GAAG,IAAI,CAM5F;AAED;8DAC8D;AAC9D,MAAM,WAAW,YAAY;IAC3B,QAAQ,CAAC,KAAK,EAAE,cAAc,CAAC;IAC/B,QAAQ,CAAC,aAAa,EAAE,MAAM,CAAC;CAChC;AAED
|
|
1
|
+
{"version":3,"file":"file.d.ts","sourceRoot":"","sources":["../../src/allowlist/file.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA0CG;AAIH,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,uBAAuB,CAAC;AAC1D,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,mBAAmB,CAAC;AACzD,OAAO,EAIL,KAAK,iBAAiB,EACvB,MAAM,cAAc,CAAC;AAEtB,eAAO,MAAM,wBAAwB,EAAG,oBAA6B,CAAC;AACtE,MAAM,MAAM,sBAAsB,GAAG,OAAO,wBAAwB,CAAC;AAErE,eAAO,MAAM,gCAAgC,EAAG,4BAAqC,CAAC;AACtF,MAAM,MAAM,6BAA6B,GAAG,OAAO,gCAAgC,CAAC;AAEpF,eAAO,MAAM,aAAa,WAAW,CAAC;AACtC,eAAO,MAAM,kBAAkB,mBAAmB,CAAC;AACnD,eAAO,MAAM,0BAA0B,iCAAiC,CAAC;AAEzE;;;;;;GAMG;AACH,eAAO,MAAM,SAAS,gCAAiC,CAAC;AACxD,MAAM,MAAM,aAAa,GAAG,CAAC,OAAO,SAAS,CAAC,CAAC,MAAM,CAAC,CAAC;AAEvD;;;;;;;;GAQG;AACH,MAAM,WAAW,cAAc;IAC7B,qEAAqE;IACrE,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAC;IAC7B;4BACwB;IACxB,QAAQ,CAAC,IAAI,EAAE,YAAY,CAAC;IAC5B;kBACc;IACd,QAAQ,CAAC,QAAQ,EAAE,iBAAiB,CAAC;IACrC;qCACiC;IACjC,QAAQ,CAAC,MAAM,CAAC,EAAE,MAAM,CAAC;IACzB;;yBAEqB;IACrB,QAAQ,CAAC,OAAO,CAAC,EAAE,MAAM,CAAC;IAC1B,oDAAoD;IACpD,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;IACzB;;8BAE0B;IAC1B,QAAQ,CAAC,SAAS,CAAC,EAAE,MAAM,CAAC;IAC5B;;kEAE8D;IAC9D,QAAQ,CAAC,oBAAoB,CAAC,EAAE,eAAe,CAAC;CACjD;AAED,MAAM,WAAW,aAAa;IAC5B,QAAQ,CAAC,aAAa,EAAE,sBAAsB,CAAC;IAC/C,QAAQ,CAAC,IAAI,EAAE,aAAa,CAAC;IAC7B,QAAQ,CAAC,OAAO,EAAE,aAAa,CAAC,cAAc,CAAC,CAAC;CACjD;AAED;;;;;;GAMG;AACH,MAAM,WAAW,uBAAuB;IACtC,QAAQ,CAAC,aAAa,EAAE,6BAA6B,CAAC;IACtD,QAAQ,CAAC,OAAO,EAAE,QAAQ,CACxB,MAAM,CACc,MAAM,EACxB;QACE,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC;QACxB,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;KAC1B,CACF,CACF,CAAC;CACH;AAED,MAAM,WAAW,eAAe;IAC9B,QAAQ,CAAC,WAAW,CAAC,EAAE,MAAM,CAAC;IAC9B,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAC;IACvB,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;CAC1B;AAED,wBAAgB,gBAAgB,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,CAEpD;AAED,wBAAgB,uBAAuB,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,CAE3D;AAED;;;GAGG;AACH,wBAAgB,kBAAkB,CAAC,IAAI,GAAE,aAAsB,GAAG,aAAa,CAE9E;AAED;;;;;;;;;;;;;;GAcG;AACH,wBAAgB,aAAa,CAAC,GAAG,EAAE,MAAM,GAAG,aAAa,GAAG,IAAI,CAuC/D;AAED;;;GAGG;AACH,wBAAgB,oBAAoB,CAAC,GAAG,EAAE,MAAM,GAAG,uBAAuB,GAAG,IAAI,CA2BhF;AAED;;;;;;;;GAQG;AACH,wBAAgB,aAAa,CAAC,GAAG,EAAE,MAAM,EAAE,IAAI,EAAE,aAAa,GAAG,IAAI,CAkCpE;AAED,oCAAoC;AACpC,wBAAgB,SAAS,CAAC,IAAI,EAAE,aAAa,EAAE,WAAW,EAAE,MAAM,GAAG,cAAc,GAAG,SAAS,CAE9F;AAED;;;GAGG;AACH,wBAAgB,QAAQ,CAAC,IAAI,EAAE,aAAa,EAAE,KAAK,EAAE,cAAc,GAAG,aAAa,CAQlF;AAED;;;;GAIG;AACH,wBAAgB,WAAW,CAAC,IAAI,EAAE,aAAa,EAAE,WAAW,EAAE,MAAM,GAAG,aAAa,CAEnF;AAED;;;;;GAKG;AACH,wBAAgB,cAAc,CAAC,IAAI,EAAE,aAAa,EAAE,WAAW,EAAE,MAAM,GAAG,OAAO,CAEhF;AAED;;;;;GAKG;AACH,wBAAgB,aAAa,CAAC,KAAK,EAAE,cAAc,EAAE,GAAG,GAAE,IAAiB,GAAG,OAAO,CAIpF;AAED;;;GAGG;AACH,wBAAgB,eAAe,CAAC,KAAK,EAAE,cAAc,EAAE,GAAG,GAAE,IAAiB,GAAG,MAAM,GAAG,IAAI,CAM5F;AAED;8DAC8D;AAC9D,MAAM,WAAW,YAAY;IAC3B,QAAQ,CAAC,KAAK,EAAE,cAAc,CAAC;IAC/B,QAAQ,CAAC,aAAa,EAAE,MAAM,CAAC;CAChC;AAED;;;;;;;;;;;;;;;;;;;;;;;;GAwBG;AACH,MAAM,WAAW,WAAW;IAC1B,QAAQ,CAAC,OAAO,EAAE,aAAa,CAAC,cAAc,CAAC,CAAC;IAChD,QAAQ,CAAC,YAAY,EAAE,aAAa,CAAC,YAAY,CAAC,CAAC;IACnD,QAAQ,CAAC,gBAAgB,EAAE,aAAa,CAAC,cAAc,CAAC,CAAC;IACzD;;4CAEwC;IACxC,QAAQ,CAAC,QAAQ,CAAC,EAAE,aAAa,CAAC,cAAc,CAAC,CAAC;CACnD;AAED,MAAM,WAAW,YAAY;IAC3B,QAAQ,CAAC,GAAG,CAAC,EAAE,IAAI,CAAC;IACpB;iEAC6D;IAC7D,QAAQ,CAAC,gBAAgB,CAAC,EAAE,MAAM,CAAC;IACnC;;;;uEAImE;IACnE,QAAQ,CAAC,mBAAmB,CAAC,EAAE,WAAW,CAAC,MAAM,CAAC,CAAC;CACpD;AAED,wBAAgB,cAAc,CAAC,IAAI,EAAE,aAAa,EAAE,OAAO,GAAE,YAAiB,GAAG,WAAW,CAgC3F;AAED;;;;GAIG;AACH,wBAAgB,YAAY,CAC1B,IAAI,EAAE,aAAa,EACnB,GAAG,GAAE,IAAiB,GACrB;IAAE,IAAI,EAAE,aAAa,CAAC;IAAC,OAAO,EAAE,aAAa,CAAC,cAAc,CAAC,CAAA;CAAE,CAWjE;AAED;;;;;GAKG;AACH,wBAAgB,qBAAqB,CAAC,IAAI,EAAE,aAAa,GAAG,aAAa,CAAC,eAAe,CAAC,CA4BzF;AAED;;;GAGG;AACH,wBAAgB,sBAAsB,CACpC,KAAK,EAAE,cAAc,EACrB,IAAI,EAAE,aAAa,GAClB,aAAa,CAAC,eAAe,CAAC,CA6EhC"}
|
package/dist/allowlist/file.js
CHANGED
|
@@ -305,6 +305,7 @@ function auditAllowlist(file, options = {}) {
|
|
|
305
305
|
const expired = [];
|
|
306
306
|
const soonToExpire = [];
|
|
307
307
|
const missingRationale = [];
|
|
308
|
+
const orphaned = [];
|
|
308
309
|
for (const entry of file.entries) {
|
|
309
310
|
const days = daysUntilExpiry(entry, now);
|
|
310
311
|
if (days !== null && days < 0) {
|
|
@@ -320,8 +321,16 @@ function auditAllowlist(file, options = {}) {
|
|
|
320
321
|
// "unavailable locally" notice.
|
|
321
322
|
missingRationale.push(entry);
|
|
322
323
|
}
|
|
324
|
+
if (options.currentFingerprints && !options.currentFingerprints.has(entry.fingerprint)) {
|
|
325
|
+
orphaned.push(entry);
|
|
326
|
+
}
|
|
323
327
|
}
|
|
324
|
-
return {
|
|
328
|
+
return {
|
|
329
|
+
expired,
|
|
330
|
+
soonToExpire,
|
|
331
|
+
missingRationale,
|
|
332
|
+
...(options.currentFingerprints ? { orphaned } : {}),
|
|
333
|
+
};
|
|
325
334
|
}
|
|
326
335
|
/**
|
|
327
336
|
* Remove expired entries from the file. Returns a new file (immutable)
|