agim-cli 1.2.65 → 1.2.67

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (172) hide show
  1. package/CHANGELOG.md +113 -0
  2. package/dist/cli.js +78 -0
  3. package/dist/cli.js.map +1 -1
  4. package/dist/core/llm/exec-dispatcher.d.ts.map +1 -1
  5. package/dist/core/llm/exec-dispatcher.js +96 -1
  6. package/dist/core/llm/exec-dispatcher.js.map +1 -1
  7. package/dist/core/llm/web-dispatcher.d.ts +5 -0
  8. package/dist/core/llm/web-dispatcher.d.ts.map +1 -1
  9. package/dist/core/llm/web-dispatcher.js +116 -18
  10. package/dist/core/llm/web-dispatcher.js.map +1 -1
  11. package/dist/core/sender-allowlist.d.ts +15 -0
  12. package/dist/core/sender-allowlist.d.ts.map +1 -0
  13. package/dist/core/sender-allowlist.js +125 -0
  14. package/dist/core/sender-allowlist.js.map +1 -0
  15. package/dist/web/public/assets/{a2a-DNxqMtla.js → a2a-pV7pUaE_.js} +2 -2
  16. package/dist/web/public/assets/{a2a-DNxqMtla.js.map → a2a-pV7pUaE_.js.map} +1 -1
  17. package/dist/web/public/assets/{activity-C5_-rLe6.js → activity-BtEeVbL4.js} +2 -2
  18. package/dist/web/public/assets/{activity-C5_-rLe6.js.map → activity-BtEeVbL4.js.map} +1 -1
  19. package/dist/web/public/assets/{admins-DSOax_hH.js → admins-Cb6gyuWs.js} +2 -2
  20. package/dist/web/public/assets/{admins-DSOax_hH.js.map → admins-Cb6gyuWs.js.map} +1 -1
  21. package/dist/web/public/assets/{agents-T687l0rN.js → agents-Bua9ZDtI.js} +2 -2
  22. package/dist/web/public/assets/{agents-T687l0rN.js.map → agents-Bua9ZDtI.js.map} +1 -1
  23. package/dist/web/public/assets/{approvals-CWorM8Vw.js → approvals-DgxxWp1m.js} +2 -2
  24. package/dist/web/public/assets/{approvals-CWorM8Vw.js.map → approvals-DgxxWp1m.js.map} +1 -1
  25. package/dist/web/public/assets/{asks-PiqKpXZ1.js → asks-iON_EhzS.js} +2 -2
  26. package/dist/web/public/assets/{asks-PiqKpXZ1.js.map → asks-iON_EhzS.js.map} +1 -1
  27. package/dist/web/public/assets/{audit-C2Ox35e1.js → audit-D1sPdKlD.js} +2 -2
  28. package/dist/web/public/assets/{audit-C2Ox35e1.js.map → audit-D1sPdKlD.js.map} +1 -1
  29. package/dist/web/public/assets/{bell-Cj5Dt_yv.js → bell-B5ZjxlmU.js} +2 -2
  30. package/dist/web/public/assets/{bell-Cj5Dt_yv.js.map → bell-B5ZjxlmU.js.map} +1 -1
  31. package/dist/web/public/assets/{bgjobs-DxEVHpLB.js → bgjobs-DdnrqmC2.js} +2 -2
  32. package/dist/web/public/assets/{bgjobs-DxEVHpLB.js.map → bgjobs-DdnrqmC2.js.map} +1 -1
  33. package/dist/web/public/assets/{brain-LvSyYmLT.js → brain-Bh8Xm53Q.js} +2 -2
  34. package/dist/web/public/assets/{brain-LvSyYmLT.js.map → brain-Bh8Xm53Q.js.map} +1 -1
  35. package/dist/web/public/assets/{briefcase-CJMKdAPu.js → briefcase-Tn3JuAZM.js} +2 -2
  36. package/dist/web/public/assets/{briefcase-CJMKdAPu.js.map → briefcase-Tn3JuAZM.js.map} +1 -1
  37. package/dist/web/public/assets/{chevron-right-BUOV_Xg8.js → chevron-right-Bu2Wni-B.js} +2 -2
  38. package/dist/web/public/assets/{chevron-right-BUOV_Xg8.js.map → chevron-right-Bu2Wni-B.js.map} +1 -1
  39. package/dist/web/public/assets/{circle-check-BYLlUkXj.js → circle-check-Bx222bW4.js} +2 -2
  40. package/dist/web/public/assets/{circle-check-BYLlUkXj.js.map → circle-check-Bx222bW4.js.map} +1 -1
  41. package/dist/web/public/assets/{circle-check-big-KNa00WXm.js → circle-check-big-BAGOp63h.js} +2 -2
  42. package/dist/web/public/assets/{circle-check-big-KNa00WXm.js.map → circle-check-big-BAGOp63h.js.map} +1 -1
  43. package/dist/web/public/assets/{circle-x-CGLLbBL-.js → circle-x-DYSUbjfb.js} +2 -2
  44. package/dist/web/public/assets/{circle-x-CGLLbBL-.js.map → circle-x-DYSUbjfb.js.map} +1 -1
  45. package/dist/web/public/assets/{confirm-dialog-CLfYzx-a.js → confirm-dialog-BkTngEE8.js} +2 -2
  46. package/dist/web/public/assets/{confirm-dialog-CLfYzx-a.js.map → confirm-dialog-BkTngEE8.js.map} +1 -1
  47. package/dist/web/public/assets/{data-table-ZySeRfEP.js → data-table-BlqccxTF.js} +2 -2
  48. package/dist/web/public/assets/{data-table-ZySeRfEP.js.map → data-table-BlqccxTF.js.map} +1 -1
  49. package/dist/web/public/assets/{dialog-DS0Dk6GL.js → dialog-CMUp72oB.js} +2 -2
  50. package/dist/web/public/assets/{dialog-DS0Dk6GL.js.map → dialog-CMUp72oB.js.map} +1 -1
  51. package/dist/web/public/assets/{download-1aUlz7_D.js → download-CB0cOUn8.js} +2 -2
  52. package/dist/web/public/assets/{download-1aUlz7_D.js.map → download-CB0cOUn8.js.map} +1 -1
  53. package/dist/web/public/assets/{email-BkAvhVxU.js → email-BCqfN_b2.js} +2 -2
  54. package/dist/web/public/assets/{email-BkAvhVxU.js.map → email-BCqfN_b2.js.map} +1 -1
  55. package/dist/web/public/assets/{empty-state-BclIaHPD.js → empty-state-DTC7UMRJ.js} +2 -2
  56. package/dist/web/public/assets/{empty-state-BclIaHPD.js.map → empty-state-DTC7UMRJ.js.map} +1 -1
  57. package/dist/web/public/assets/{external-link-Ckz2th0a.js → external-link-D7kkHOqE.js} +2 -2
  58. package/dist/web/public/assets/{external-link-Ckz2th0a.js.map → external-link-D7kkHOqE.js.map} +1 -1
  59. package/dist/web/public/assets/{eye-DGRzJ5lb.js → eye-KM8X6N9N.js} +2 -2
  60. package/dist/web/public/assets/{eye-DGRzJ5lb.js.map → eye-KM8X6N9N.js.map} +1 -1
  61. package/dist/web/public/assets/{facts-CUY-brWq.js → facts-mHIefs9t.js} +2 -2
  62. package/dist/web/public/assets/{facts-CUY-brWq.js.map → facts-mHIefs9t.js.map} +1 -1
  63. package/dist/web/public/assets/{goals-5uN3gp8c.js → goals-DkW2jRda.js} +2 -2
  64. package/dist/web/public/assets/{goals-5uN3gp8c.js.map → goals-DkW2jRda.js.map} +1 -1
  65. package/dist/web/public/assets/{health-bp5Qgneq.js → health-DqSq0_p8.js} +2 -2
  66. package/dist/web/public/assets/{health-bp5Qgneq.js.map → health-DqSq0_p8.js.map} +1 -1
  67. package/dist/web/public/assets/{heart-pulse-BnB8Mahi.js → heart-pulse-Dw9UThda.js} +2 -2
  68. package/dist/web/public/assets/{heart-pulse-BnB8Mahi.js.map → heart-pulse-Dw9UThda.js.map} +1 -1
  69. package/dist/web/public/assets/{heartbeat-ClNB_aaM.js → heartbeat-4Jqvt3ZG.js} +2 -2
  70. package/dist/web/public/assets/{heartbeat-ClNB_aaM.js.map → heartbeat-4Jqvt3ZG.js.map} +1 -1
  71. package/dist/web/public/assets/{hot-CXFYYRzt.js → hot-DwVVYe_Q.js} +2 -2
  72. package/dist/web/public/assets/{hot-CXFYYRzt.js.map → hot-DwVVYe_Q.js.map} +1 -1
  73. package/dist/web/public/assets/{index-B_MJTcDz.js → index-Dm4bHM0M.js} +12 -12
  74. package/dist/web/public/assets/index-Dm4bHM0M.js.map +1 -0
  75. package/dist/web/public/assets/{installed-BRhOTT0w.js → installed-CRBbM3d1.js} +2 -2
  76. package/dist/web/public/assets/{installed-BRhOTT0w.js.map → installed-CRBbM3d1.js.map} +1 -1
  77. package/dist/web/public/assets/{jobs-SGgiVMdm.js → jobs-DvVu0NEB.js} +2 -2
  78. package/dist/web/public/assets/{jobs-SGgiVMdm.js.map → jobs-DvVu0NEB.js.map} +1 -1
  79. package/dist/web/public/assets/layout-C0Dmdrm6.js +2 -0
  80. package/dist/web/public/assets/layout-C0Dmdrm6.js.map +1 -0
  81. package/dist/web/public/assets/{layout-CxIivtIC.js → layout-CGvFOz3S.js} +2 -2
  82. package/dist/web/public/assets/{layout-CxIivtIC.js.map → layout-CGvFOz3S.js.map} +1 -1
  83. package/dist/web/public/assets/{layout-C0BXTGdU.js → layout-Cq4zcQuI.js} +2 -2
  84. package/dist/web/public/assets/{layout-C0BXTGdU.js.map → layout-Cq4zcQuI.js.map} +1 -1
  85. package/dist/web/public/assets/{layout-CNhFryQ_.js → layout-DCrcKMGj.js} +2 -2
  86. package/dist/web/public/assets/{layout-CNhFryQ_.js.map → layout-DCrcKMGj.js.map} +1 -1
  87. package/dist/web/public/assets/{layout-BMehqBaD.js → layout-N_ipr3nA.js} +2 -2
  88. package/dist/web/public/assets/{layout-BMehqBaD.js.map → layout-N_ipr3nA.js.map} +1 -1
  89. package/dist/web/public/assets/{llm-BuvGS_vU.js → llm-DKruaUsd.js} +2 -2
  90. package/dist/web/public/assets/{llm-BuvGS_vU.js.map → llm-DKruaUsd.js.map} +1 -1
  91. package/dist/web/public/assets/{loader-circle-CWYFBw93.js → loader-circle-C8YCUz70.js} +2 -2
  92. package/dist/web/public/assets/{loader-circle-CWYFBw93.js.map → loader-circle-C8YCUz70.js.map} +1 -1
  93. package/dist/web/public/assets/{map-pin-CHW2BahT.js → map-pin-wZRlA_mV.js} +2 -2
  94. package/dist/web/public/assets/{map-pin-CHW2BahT.js.map → map-pin-wZRlA_mV.js.map} +1 -1
  95. package/dist/web/public/assets/{mcp-Bs02bxka.js → mcp-DJN2vM4F.js} +2 -2
  96. package/dist/web/public/assets/{mcp-Bs02bxka.js.map → mcp-DJN2vM4F.js.map} +1 -1
  97. package/dist/web/public/assets/{memos-DHGW-Qni.js → memos-zpcFJvTm.js} +2 -2
  98. package/dist/web/public/assets/{memos-DHGW-Qni.js.map → memos-zpcFJvTm.js.map} +1 -1
  99. package/dist/web/public/assets/{messengers-DrKKVSEA.js → messengers-ClgibwCS.js} +2 -2
  100. package/dist/web/public/assets/{messengers-DrKKVSEA.js.map → messengers-ClgibwCS.js.map} +1 -1
  101. package/dist/web/public/assets/{native-agent-D2cbs5yG.js → native-agent-7mZcks5Q.js} +2 -2
  102. package/dist/web/public/assets/{native-agent-D2cbs5yG.js.map → native-agent-7mZcks5Q.js.map} +1 -1
  103. package/dist/web/public/assets/{network-BlGBHSOz.js → network-BN_4AVjH.js} +2 -2
  104. package/dist/web/public/assets/{network-BlGBHSOz.js.map → network-BN_4AVjH.js.map} +1 -1
  105. package/dist/web/public/assets/{outbox-BNiVF52F.js → outbox-CqO2DN9r.js} +2 -2
  106. package/dist/web/public/assets/{outbox-BNiVF52F.js.map → outbox-CqO2DN9r.js.map} +1 -1
  107. package/dist/web/public/assets/{pagination-B5Cwu4pq.js → pagination-BN5IlfM7.js} +2 -2
  108. package/dist/web/public/assets/{pagination-B5Cwu4pq.js.map → pagination-BN5IlfM7.js.map} +1 -1
  109. package/dist/web/public/assets/{persona-D7TRqgsy.js → persona-CwiBUs53.js} +2 -2
  110. package/dist/web/public/assets/{persona-D7TRqgsy.js.map → persona-CwiBUs53.js.map} +1 -1
  111. package/dist/web/public/assets/{play-CmTdWGab.js → play-DH5aMHyg.js} +2 -2
  112. package/dist/web/public/assets/{play-CmTdWGab.js.map → play-DH5aMHyg.js.map} +1 -1
  113. package/dist/web/public/assets/{plus-BYmkO51v.js → plus-m81LzTGp.js} +2 -2
  114. package/dist/web/public/assets/{plus-BYmkO51v.js.map → plus-m81LzTGp.js.map} +1 -1
  115. package/dist/web/public/assets/{policy-CrFIBtzs.js → policy-C4LWbsG1.js} +2 -2
  116. package/dist/web/public/assets/{policy-CrFIBtzs.js.map → policy-C4LWbsG1.js.map} +1 -1
  117. package/dist/web/public/assets/{refresh-ccw-DgHgDBFU.js → refresh-ccw-BVkrjmyW.js} +2 -2
  118. package/dist/web/public/assets/{refresh-ccw-DgHgDBFU.js.map → refresh-ccw-BVkrjmyW.js.map} +1 -1
  119. package/dist/web/public/assets/{reminders-Dh2VXBAt.js → reminders-BSQoGyVb.js} +2 -2
  120. package/dist/web/public/assets/{reminders-Dh2VXBAt.js.map → reminders-BSQoGyVb.js.map} +1 -1
  121. package/dist/web/public/assets/{save-BTdbl1sB.js → save-CODsafFB.js} +2 -2
  122. package/dist/web/public/assets/{save-BTdbl1sB.js.map → save-CODsafFB.js.map} +1 -1
  123. package/dist/web/public/assets/{schedules-C98Syrst.js → schedules-BBH1Ipyd.js} +2 -2
  124. package/dist/web/public/assets/{schedules-C98Syrst.js.map → schedules-BBH1Ipyd.js.map} +1 -1
  125. package/dist/web/public/assets/{search-CgUr_Tjy.js → search-QcBNzBQ7.js} +2 -2
  126. package/dist/web/public/assets/{search-CgUr_Tjy.js.map → search-QcBNzBQ7.js.map} +1 -1
  127. package/dist/web/public/assets/security-Cv5Tjnb3.js +7 -0
  128. package/dist/web/public/assets/security-Cv5Tjnb3.js.map +1 -0
  129. package/dist/web/public/assets/{service-Dlw--ni7.js → service-Dg3fHa1F.js} +2 -2
  130. package/dist/web/public/assets/{service-Dlw--ni7.js.map → service-Dg3fHa1F.js.map} +1 -1
  131. package/dist/web/public/assets/{status-badge-rlmqIgUK.js → status-badge-COrk0PaU.js} +2 -2
  132. package/dist/web/public/assets/{status-badge-rlmqIgUK.js.map → status-badge-COrk0PaU.js.map} +1 -1
  133. package/dist/web/public/assets/{subtasks-BHJXEg1-.js → subtasks-BoKtrF6e.js} +2 -2
  134. package/dist/web/public/assets/{subtasks-BHJXEg1-.js.map → subtasks-BoKtrF6e.js.map} +1 -1
  135. package/dist/web/public/assets/{table-CyYHo50D.js → table-CO5iRHXX.js} +2 -2
  136. package/dist/web/public/assets/{table-CyYHo50D.js.map → table-CO5iRHXX.js.map} +1 -1
  137. package/dist/web/public/assets/{topn-CQjlFpTX.js → topn-CZpEJB9u.js} +2 -2
  138. package/dist/web/public/assets/{topn-CQjlFpTX.js.map → topn-CZpEJB9u.js.map} +1 -1
  139. package/dist/web/public/assets/{trash-2-C7RhXr5v.js → trash-2-Cb97xDdm.js} +2 -2
  140. package/dist/web/public/assets/{trash-2-C7RhXr5v.js.map → trash-2-Cb97xDdm.js.map} +1 -1
  141. package/dist/web/public/assets/{use-background-tasks-Xk52LztT.js → use-background-tasks-CJmddApa.js} +2 -2
  142. package/dist/web/public/assets/{use-background-tasks-Xk52LztT.js.map → use-background-tasks-CJmddApa.js.map} +1 -1
  143. package/dist/web/public/assets/{use-llm-admin-xgIdH9Kw.js → use-llm-admin-DszocDJN.js} +2 -2
  144. package/dist/web/public/assets/{use-llm-admin-xgIdH9Kw.js.map → use-llm-admin-DszocDJN.js.map} +1 -1
  145. package/dist/web/public/assets/{use-memory-DtZHF20y.js → use-memory-fcO8b_OU.js} +2 -2
  146. package/dist/web/public/assets/{use-memory-DtZHF20y.js.map → use-memory-fcO8b_OU.js.map} +1 -1
  147. package/dist/web/public/assets/{use-observability-nUGyBvW4.js → use-observability-C9g0QTLd.js} +2 -2
  148. package/dist/web/public/assets/{use-observability-nUGyBvW4.js.map → use-observability-C9g0QTLd.js.map} +1 -1
  149. package/dist/web/public/assets/{use-settings-BjibxUyB.js → use-settings-Dvc5WX17.js} +2 -2
  150. package/dist/web/public/assets/{use-settings-BjibxUyB.js.map → use-settings-Dvc5WX17.js.map} +1 -1
  151. package/dist/web/public/assets/{use-workspace-DzyMsk0c.js → use-workspace-DoenH-EZ.js} +2 -2
  152. package/dist/web/public/assets/{use-workspace-DzyMsk0c.js.map → use-workspace-DoenH-EZ.js.map} +1 -1
  153. package/dist/web/public/assets/{useQuery-DI6dxASQ.js → useQuery-CwP843k0.js} +2 -2
  154. package/dist/web/public/assets/{useQuery-DI6dxASQ.js.map → useQuery-CwP843k0.js.map} +1 -1
  155. package/dist/web/public/assets/{vector-Bu_EzONh.js → vector-tNx8IrnY.js} +2 -2
  156. package/dist/web/public/assets/{vector-Bu_EzONh.js.map → vector-tNx8IrnY.js.map} +1 -1
  157. package/dist/web/public/assets/{viewer-DbJxZOmC.js → viewer-_tE5G30K.js} +2 -2
  158. package/dist/web/public/assets/{viewer-DbJxZOmC.js.map → viewer-_tE5G30K.js.map} +1 -1
  159. package/dist/web/public/assets/{workspace-DAYMQHog.js → workspace-15Jilg2h.js} +2 -2
  160. package/dist/web/public/assets/{workspace-DAYMQHog.js.map → workspace-15Jilg2h.js.map} +1 -1
  161. package/dist/web/public/assets/{workspaces-DGRs1EZm.js → workspaces-nyFTRkZH.js} +2 -2
  162. package/dist/web/public/assets/{workspaces-DGRs1EZm.js.map → workspaces-nyFTRkZH.js.map} +1 -1
  163. package/dist/web/public/assets/{x-DEBwh51E.js → x-C7i8kvqL.js} +2 -2
  164. package/dist/web/public/assets/{x-DEBwh51E.js.map → x-C7i8kvqL.js.map} +1 -1
  165. package/dist/web/public/index.html +1 -1
  166. package/dist/web/server.d.ts.map +1 -1
  167. package/dist/web/server.js +78 -0
  168. package/dist/web/server.js.map +1 -1
  169. package/package.json +1 -1
  170. package/dist/web/public/assets/index-B_MJTcDz.js.map +0 -1
  171. package/dist/web/public/assets/layout-Czg1K2be.js +0 -2
  172. package/dist/web/public/assets/layout-Czg1K2be.js.map +0 -1
package/dist/core/llm/exec-dispatcher.js CHANGED
@@ -31,7 +31,10 @@
31
31
  // IMHUB_EXEC_MAX_OUTPUT default 32_768 bytes per stream
32
32
  import { spawn } from 'node:child_process';
33
33
  import { existsSync } from 'node:fs';
34
+ import { homedir } from 'node:os';
35
+ import { dirname } from 'node:path';
34
36
  import { logger as rootLogger } from '../logger.js';
37
+ import { checkUrlSafety } from './web-dispatcher.js';
35
38
  const log = rootLogger.child({ component: 'exec-dispatcher' });
36
39
  const DEFAULT_TIMEOUT_MS = 60_000;
37
40
  const HARD_TIMEOUT_CAP_MS = 600_000;
@@ -81,6 +84,34 @@ async function runExec(args, ctx, signal) {
81
84
  const command = typeof args.command === 'string' ? args.command : '';
82
85
  if (!command.trim())
83
86
  return { text: 'command required', isError: true, source: 'exec' };
87
+ // v1.2.66 — pre-flight: dangerous shell pattern denylist. These are
88
+ // hard-blocked regardless of approval card / autoAllow — destructive
89
+ // and unrecoverable. Operators with a legitimate need run them
90
+ // directly on the host, not via the agent.
91
+ const danger = checkDangerousCommand(command);
92
+ if (danger) {
93
+ log.warn({ event: 'exec.refused.dangerous_pattern', reason: danger, commandPreview: command.slice(0, 120) });
94
+ return {
95
+ text: `native_exec refused: command matches a dangerous-pattern denylist (${danger}). If you legitimately need to run this, do it directly on the host — not via the agent. To override, the operator must edit src/core/llm/exec-dispatcher.ts:DANGEROUS_PATTERNS.`,
96
+ isError: true,
97
+ source: 'exec',
98
+ };
99
+ }
100
+ // v1.2.66 — defense-in-depth: scan the command for embedded internal
101
+ // URLs (e.g. `curl http://169.254.169.254/...`, `wget http://10.0.0.1/`).
102
+ // Without this, a model that's been instructed "don't fetch internal
103
+ // hosts" can bypass the web-tool SSRF block by piping through exec.
104
+ // Honours IMHUB_NATIVE_WEB_SSRF_WHITELIST (shared with web tools).
105
+ const internalUrlReason = scanCommandForInternalUrl(command);
106
+ if (internalUrlReason) {
107
+ log.warn({ event: 'exec.refused.internal_url', reason: internalUrlReason, commandPreview: command.slice(0, 120) });
108
+ return {
109
+ text: `native_exec refused: command contains a URL targeting a private/internal address (${internalUrlReason}). ` +
110
+ `If this is intentional, set IMHUB_NATIVE_WEB_SSRF_WHITELIST or IMHUB_NATIVE_WEB_ALLOW_PRIVATE=1.`,
111
+ isError: true,
112
+ source: 'exec',
113
+ };
114
+ }
84
115
  const timeoutMs = clampTimeout(args.timeout_ms);
85
116
  const cwd = typeof args.cwd === 'string' && args.cwd.length > 0 ? args.cwd : ctx.cwd;
86
117
  const sandboxMode = (process.env.IMHUB_EXEC_SANDBOX || '').toLowerCase();
@@ -99,9 +130,61 @@ async function runExec(args, ctx, signal) {
99
130
  });
100
131
  return await runChild(bin, argv, { cwd, timeoutMs, signal });
101
132
  }
133
+ const DANGEROUS_PATTERNS = [
134
+ // rm -rf with paths that touch root / home root / ~. Allow narrow
135
+ // forms like `rm -rf ./build` and `rm -rf subdir/`.
136
+ { regex: /(?:^|[;&|`(])\s*rm\s+(?:-[a-zA-Z]*[rfRF][a-zA-Z]*\s+)+(?:\/(?:\s|$|\*)|~\/?(?:\s|$)|\.\.\/+|\/\*)/, reason: 'rm -rf against root / home / .. — destructive' },
137
+ // Filesystem formatting / partition tools.
138
+ { regex: /\b(mkfs(?:\.\w+)?|mke2fs|mkdosfs|mkntfs|wipefs|fdisk|parted|sfdisk|cfdisk|gdisk)\b/, reason: 'filesystem format / partition tool' },
139
+ // Raw block-device writes.
140
+ { regex: /\bdd\s+[^|;]*\bof=\/dev\/(sd[a-z][0-9]*|nvme[0-9]+n[0-9]+(p[0-9]+)?|mmcblk[0-9]+|vd[a-z][0-9]*|hd[a-z][0-9]*|loop[0-9]+)/, reason: 'dd to raw block device' },
141
+ // Classic fork bomb (and minor variants).
142
+ { regex: /:\s*\(\s*\)\s*\{[^}]*\|\s*:\s*&?\s*\}\s*;\s*:/, reason: 'fork bomb' },
143
+ // Recursive chmod 777 / chown - root.
144
+ { regex: /\b(chmod|chown)\s+-R\s+[^\s]*\s+\/(?:\s|$)/, reason: 'recursive chmod/chown on /' },
145
+ // Permanent kernel writes.
146
+ { regex: /\becho\s+.*>\s*\/proc\/sys\/kernel\/(panic|sysrq)/, reason: 'writing to /proc/sys/kernel/panic|sysrq' },
147
+ // shutdown / reboot / halt commands.
148
+ { regex: /\b(shutdown|reboot|halt|poweroff)\b(?!\s+--?(help|version))/, reason: 'shutdown / reboot / halt' },
149
+ // Disable swap on /. (Rare; precaution.)
150
+ { regex: /\bswapoff\s+-a\b/, reason: 'swapoff -a' },
151
+ // Make a setuid root binary.
152
+ { regex: /\bchmod\s+(?:[ug]\+s|4[0-7]{3})\b/, reason: 'setuid / setgid bit change' },
153
+ // > /etc/passwd or > /etc/shadow.
154
+ { regex: />\s*\/etc\/(passwd|shadow|sudoers)\b/, reason: 'writing to /etc/passwd|shadow|sudoers' },
155
+ ];
156
+ function checkDangerousCommand(cmd) {
157
+ for (const p of DANGEROUS_PATTERNS) {
158
+ if (p.regex.test(cmd))
159
+ return p.reason;
160
+ }
161
+ return null;
162
+ }
163
+ function scanCommandForInternalUrl(cmd) {
164
+ // Pull plausible URL tokens out of the command and feed each through
165
+ // the web-dispatcher's checkUrlSafety. Stops at first private hit.
166
+ const urlRe = /https?:\/\/[^\s"'`;|<>]+/gi;
167
+ for (const match of cmd.matchAll(urlRe)) {
168
+ const url = match[0];
169
+ const safe = checkUrlSafety(url);
170
+ if (!safe.ok)
171
+ return `${url} — ${safe.reason ?? 'private'}`;
172
+ }
173
+ return null;
174
+ }
102
175
  function buildBwrapInvocation(command, cwd, netOff) {
176
+ // v1.2.66 — tmpfs-mask the agim state dir + the cwd's parent before
177
+ // binding cwd back. Without this, even though sensitive-paths.ts
178
+ // blocks tool-arg paths to ~/.agim/, an exec'd shell command can
179
+ // still `cat ~/.agim/env` because the FS is exposed transparently.
180
+ // Mirrors nanobot's `--tmpfs <ws.parent>` pattern, adapted for
181
+ // agim's path layout (`~/.agim` is a sibling of
182
+ // `~/.agim-workspaces`, not a parent).
183
+ const home = homedir();
184
+ const cwdParent = dirname(cwd);
103
185
  const argv = [
104
186
  '--die-with-parent',
187
+ '--new-session',
105
188
  '--ro-bind', '/usr', '/usr',
106
189
  '--ro-bind-try', '/lib', '/lib',
107
190
  '--ro-bind-try', '/lib64', '/lib64',
@@ -113,12 +196,24 @@ function buildBwrapInvocation(command, cwd, netOff) {
113
196
  '--proc', '/proc',
114
197
  '--dev', '/dev',
115
198
  '--tmpfs', '/tmp',
199
+ // Mask the agim per-user state dir (~/.agim/) — primary target.
200
+ // ~/.im-hub legacy path covered for older installs.
201
+ '--tmpfs', `${home}/.agim`,
202
+ '--tmpfs', `${home}/.im-hub`,
203
+ // Mask the parent of the workspace cwd so the agent can't list
204
+ // sibling threads' workspaces. cwdParent is typically
205
+ // ~/.agim-workspaces/native/, and other threads live there.
206
+ '--tmpfs', cwdParent,
207
+ // Re-mount the actual cwd over the masked parent so the agent
208
+ // still has its workspace. `--dir` recreates the path inside the
209
+ // sandbox; `--bind` brings the host content back.
210
+ '--dir', cwd,
116
211
  '--bind', cwd, cwd,
117
212
  '--chdir', cwd,
118
213
  ];
119
214
  if (netOff)
120
215
  argv.push('--unshare-net');
121
- argv.push('/bin/sh', '-c', command);
216
+ argv.push('--', '/bin/sh', '-c', command);
122
217
  return { bin: '/usr/bin/bwrap', argv };
123
218
  }
124
219
  function runChild(bin, argv, opts) {
package/dist/core/llm/exec-dispatcher.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"exec-dispatcher.js","sourceRoot":"","sources":["../../../src/core/llm/exec-dispatcher.ts"],"names":[],"mappings":"AAAA,qEAAqE;AACrE,EAAE;AACF,uEAAuE;AACvE,uEAAuE;AACvE,wDAAwD;AACxD,EAAE;AACF,WAAW;AACX,iEAAiE;AACjE,gDAAgD;AAChD,qDAAqD;AACrD,qDAAqD;AACrD,yDAAyD;AACzD,6EAA6E;AAC7E,8CAA8C;AAC9C,4CAA4C;AAC5C,6EAA6E;AAC7E,8CAA8C;AAC9C,yEAAyE;AACzE,iEAAiE;AACjE,mDAAmD;AACnD,sEAAsE;AACtE,qEAAqE;AACrE,sEAAsE;AACtE,sEAAsE;AACtE,0DAA0D;AAC1D,4DAA4D;AAC5D,gEAAgE;AAChE,EAAE;AACF,mBAAmB;AACnB,8DAA8D;AAC9D,6DAA6D;AAE7D,OAAO,EAAE,KAAK,EAAE,MAAM,oBAAoB,CAAA;AAC1C,OAAO,EAAE,UAAU,EAAE,MAAM,SAAS,CAAA;AACpC,OAAO,EAAE,MAAM,IAAI,UAAU,EAAE,MAAM,cAAc,CAAA;AAInD,MAAM,GAAG,GAAG,UAAU,CAAC,KAAK,CAAC,EAAE,SAAS,EAAE,iBAAiB,EAAE,CAAC,CAAA;AAE9D,MAAM,kBAAkB,GAAG,MAAM,CAAA;AACjC,MAAM,mBAAmB,GAAG,OAAO,CAAA;AACnC,MAAM,kBAAkB,GAAG,EAAE,GAAG,IAAI,CAAA;AAEpC,MAAM,eAAe,GAAG,CAAC,aAAa,CAAU,CAAA;AAChD,MAAM,UAAU,cAAc,CAAC,IAAY;IACzC,OAAQ,eAAqC,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAA;AAC9D,CAAC;AAED,MAAM,UAAU,YAAY;IAC1B,OAAO;QACL;YACE,IAAI,EAAE,aAAa;YACnB,WAAW,EACT,0FAA0F;gBAC1F,sFAAsF;gBACtF,2FAA2F;gBAC3F,sFAAsF;gBACtF,6CAA6C;YAC/C,UAAU,EAAE;gBACV,IAAI,EAAE,QAAQ;gBACd,UAAU,EAAE;oBACV,OAAO,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,gDAAgD,EAAE;oBAC1F,UAAU,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,qDAAqD,EAAE;oBAClG,GAAG,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,gDAAgD,EAAE;iBACvF;gBACD,QAAQ,EAAE,CAAC,SAAS,CAAC;gBACrB,oBAAoB,EAAE,KAAK;aAC5B;SACF;KACF,CAAA;AACH,CAAC;AAMD,MAAM,UAAU,mBAAmB,CAAC,GAAgB;IAClD,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,EAA6B,EAAE;QACvD,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YAC/B,OAAO,EAAE,IAAI,EAAE,gBAAgB,IAAI,CAAC,IAAI,EAAE,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,SAAS,EAAE,CAAA;QAChF,CAAC;QACD,IAAI,CAAC;YACH,OAAO,MAAM,OAAO,CAAC,IAAI,CAAC,SAAS,EAAE,GAAG,EAAE,MAAM,CAAC,CAAA;QACnD,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,GAAG,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAA;YAC5D,GAAG,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,iBAAiB,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC,CAAA;YAChD,OAAO,EAAE,IAAI,EAAE,uBAAuB,GAAG,EAAE,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,MAAM,EAAE,CAAA;QAC9E,CAAC;IACH,CAAC,CAAA;AACH,CAAC;AAED,KAAK,UAAU,OAAO,CAAC,IAA6B,EAAE,GAAgB,EAAE,MAAmB;IACzF,MAAM,OAAO,GAAG,OAAO,IAAI,CAAC,OAAO,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,CAAA;IACpE,IAAI,CAAC,OAAO,CAAC,IAAI,EAAE;QAAE,OAAO,EAAE,IAAI,EAAE,kBAAkB,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,MAAM,EAAE,CAAA;IACvF,MAAM,SAAS,GAAG,YAAY,CAAC,IAAI,CAAC,UAAU,CAAC,CAAA;IAC/C,MAAM,GAAG,GAAG,OAAO,IAAI,CAAC,GAAG,KAAK,QAAQ,IAAI,IAAI,CAAC,GAAG,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,CAAA;IAEpF,MAAM,WAAW,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,kBAAkB,IAAI,EAAE,CAAC,CAAC,WAAW,EAAE,CAAA;IACxE,MAAM,UAAU,GAAG,WAAW,KAAK,OAAO,IAAI,UAAU,CAAC,gBAAgB,CAAC,CAAA;IAC1E,MAAM,aAAa,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,sBAAsB,IAAI,EAAE,CAAC,CAAC,WAAW,EAAE,KAAK,KAAK,CAAA;IAExF,MAAM,EAAE,GAAG,EAAE,IAAI,EAAE,GAAG,UAAU;QAC9B,CAAC,CAAC,oBAAoB,CAAC,OAAO,EAAE,GAAG,EAAE,aAAa,CAAC;QACnD,CAAC,CAAC,EAAE,GAAG,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,IAAI,EAAE,OAAO,CAAC,EAAE,CAAA;IAE7C,GAAG,CAAC,IAAI,CAAC;QACP,KAAK,EAAE,YAAY;QACnB,GAAG;QACH,GAAG;QACH,OAAO,EAAE,UAAU,CAAC,CAAC,CAAC,QAAQ,aAAa,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM;QACvE,SAAS;QACT,cAAc,EAAE,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC;KACtC,CAAC,CAAA;IAEF,OAAO,MAAM,QAAQ,CAAC,GAAG,EAAE,IAAI,EAAE,EAAE,GAAG,EAAE,SAAS,EAAE,MAAM,EAAE,CAAC,CAAA;AAC9D,CAAC;AAED,SAAS,oBAAoB,CAAC,OAAe,EAAE,GAAW,EAAE,MAAe;IACzE,MAAM,IAAI,GAAa;QACrB,mBAAmB;QACnB,WAAW,EAAE,MAAM,EAAE,MAAM;QAC3B,eAAe,EAAE,MAAM,EAAE,MAAM;QAC/B,eAAe,EAAE,QAAQ,EAAE,QAAQ;QACnC,eAAe,EAAE,MAAM,EAAE,MAAM;QAC/B,eAAe,EAAE,OAAO,EAAE,OAAO;QACjC,eAAe,EAAE,kBAAkB,EAAE,kBAAkB;QACvD,eAAe,EAAE,UAAU,EAAE,UAAU;QACvC,eAAe,EAAE,sBAAsB,EAAE,sBAAsB;QAC/D,QAAQ,EAAE,OAAO;QACjB,OAAO,EAAE,MAAM;QACf,SAAS,EAAE,MAAM;QACjB,QAAQ,EAAE,GAAG,EAAE,GAAG;QAClB,SAAS,EAAE,GAAG;KACf,CAAA;IACD,IAAI,MAAM;QAAE,IAAI,CAAC,IAAI,CAAC,eAAe,CAAC,CAAA;IACtC,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,IAAI,EAAE,OAAO,CAAC,CAAA;IACnC,OAAO,EAAE,GAAG,EAAE,gBAAgB,EAAE,IAAI,EAAE,CAAA;AACxC,CAAC;AAID,SAAS,QAAQ,CAAC,GAAW,EAAE,IAAc,EAAE,IAAa;IAC1D,OAAO,IAAI,OAAO,CAAmB,CAAC,OAAO,EAAE,EAAE;QAC/C,MAAM,SAAS,GAAG,WAAW,CAAC,OAAO,CAAC,GAAG,CAAC,qBAAqB,EAAE,kBAAkB,EAAE,IAAI,EAAE,IAAI,GAAG,IAAI,CAAC,CAAA;QACvG,IAAI,MAAM,GAAG,EAAE,CAAA;QACf,IAAI,MAAM,GAAG,EAAE,CAAA;QACf,IAAI,eAAe,GAAG,KAAK,CAAA;QAC3B,IAAI,eAAe,GAAG,KAAK,CAAA;QAC3B,IAAI,QAAQ,GAAG,KAAK,CAAA;QAEpB,MAAM,KAAK,GAAG,KAAK,CAAC,GAAG,EAAE,IAAI,EAAE,EAAE,GAAG,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,EAAE,OAAO,CAAC,GAAG,EAAE,MAAM,EAAE,IAAI,CAAC,MAAM,EAAE,CAAC,CAAA;QACxF,MAAM,KAAK,GAAG,UAAU,CAAC,GAAG,EAAE;YAC5B,QAAQ,GAAG,IAAI,CAAA;YACf,IAAI,CAAC;gBAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,CAAA;YAAC,CAAC;YAAC,MAAM,CAAC,CAAC,YAAY,CAAC,CAAC;YACpD,iEAAiE;YACjE,0CAA0C;YAC1C,UAAU,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC;gBAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,CAAA;YAAC,CAAC;YAAC,MAAM,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC,KAAK,EAAE,CAAA;QAC3F,CAAC,EAAE,IAAI,CAAC,SAAS,CAAC,CAAA;QAClB,KAAK,CAAC,KAAK,EAAE,CAAA;QAEb,KAAK,CAAC,MAAM,EAAE,WAAW,CAAC,OAAO,CAAC,CAAA;QAClC,KAAK,CAAC,MAAM,EAAE,WAAW,CAAC,OAAO,CAAC,CAAA;QAClC,KAAK,CAAC,MAAM,EAAE,EAAE,CAAC,MAAM,EAAE,CAAC,KAAa,EAAE,EAAE;YACzC,IAAI,MAAM,CAAC,MAAM,IAAI,SAAS,EAAE,CAAC;gBAAC,eAAe,GAAG,IAAI,CAAC;gBAAC,OAAM;YAAC,CAAC;YAClE,MAAM,IAAI,GAAG,SAAS,GAAG,MAAM,CAAC,MAAM,CAAA;YACtC,MAAM,IAAI,KAAK,CAAC,MAAM,GAAG,IAAI,CAAC,CAAC,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,IAAI,CAAC,CAAC,CAAC,CAAC,KAAK,CAAA;YAC5D,IAAI,KAAK,CAAC,MAAM,GAAG,IAAI;gBAAE,eAAe,GAAG,IAAI,CAAA;QACjD,CAAC,CAAC,CAAA;QACF,KAAK,CAAC,MAAM,EAAE,EAAE,CAAC,MAAM,EAAE,CAAC,KAAa,EAAE,EAAE;YACzC,IAAI,MAAM,CAAC,MAAM,IAAI,SAAS,EAAE,CAAC;gBAAC,eAAe,GAAG,IAAI,CAAC;gBAAC,OAAM;YAAC,CAAC;YAClE,MAAM,IAAI,GAAG,SAAS,GAAG,MAAM,CAAC,MAAM,CAAA;YACtC,MAAM,IAAI,KAAK,CAAC,MAAM,GAAG,IAAI,CAAC,CAAC,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,IAAI,CAAC,CAAC,CAAC,CAAC,KAAK,CAAA;YAC5D,IAAI,KAAK,CAAC,MAAM,GAAG,IAAI;gBAAE,eAAe,GAAG,IAAI,CAAA;QACjD,CAAC,CAAC,CAAA;QACF,KAAK,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,IAAI,EAAE,UAAU,EAAE,EAAE;YACrC,YAAY,CAAC,KAAK,CAAC,CAAA;YACnB,MAAM,QAAQ,GAAG,IAAI,IAAI,CAAC,CAAC,CAAA;YAC3B,MAAM,OAAO,GAAG;gBACd,SAAS,EAAE,QAAQ;gBACnB,MAAM,EAAE,UAAU,IAAI,IAAI;gBAC1B,SAAS,EAAE,QAAQ;gBACnB,MAAM;gBACN,MAAM;gBACN,gBAAgB,EAAE,eAAe;gBACjC,gBAAgB,EAAE,eAAe;aAClC,CAAA;YACD,gEAAgE;YAChE,+DAA+D;YAC/D,gCAAgC;YAChC,MAAM,OAAO,GAAG,QAAQ,IAAI,CAAC,QAAQ,KAAK,CAAC,IAAI,QAAQ,KAAK,IAAI,CAAC,CAAA;YACjE,MAAM,OAAO,GAAG,QAAQ;gBACtB,CAAC,CAAC,2BAA2B,IAAI,CAAC,SAAS,6BAA6B;gBACxE,CAAC,CAAC,EAAE,CAAA;YACN,OAAO,CAAC;gBACN,IAAI,EAAE,OAAO,GAAG,IAAI,CAAC,SAAS,CAAC,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC;gBAChD,OAAO;gBACP,MAAM,EAAE,MAAM;aACf,CAAC,CAAA;QACJ,CAAC,CAAC,CAAA;QACF,KAAK,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,GAAG,EAAE,EAAE;YACxB,YAAY,CAAC,KAAK,CAAC,CAAA;YACnB,OAAO,CAAC;gBACN,IAAI,EAAE,iBAAiB,GAAG,CAAC,OAAO,EAAE;gBACpC,OAAO,EAAE,IAAI;gBACb,MAAM,EAAE,MAAM;aACf,CAAC,CAAA;QACJ,CAAC,CAAC,CAAA;IACJ,CAAC,CAAC,CAAA;AACJ,CAAC;AAED,SAAS,YAAY,CAAC,GAAY;IAChC,MAAM,OAAO,GAAG,OAAO,GAAG,KAAK,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAA;IAC3D,IAAI,MAAM,CAAC,QAAQ,CAAC,OAAO,CAAC,IAAI,OAAO,GAAG,CAAC,EAAE,CAAC;QAC5C,OAAO,IAAI,CAAC,GAAG,CAAC,mBAAmB,EAAE,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAA;IAC3D,CAAC;IACD,MAAM,GAAG,GAAG,OAAO,CAAC,GAAG,CAAC,qBAAqB,CAAA;IAC7C,IAAI,GAAG,EAAE,CAAC;QACR,MAAM,CAAC,GAAG,MAAM,CAAC,GAAG,CAAC,CAAA;QACrB,IAAI,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC;YAAE,OAAO,IAAI,CAAC,GAAG,CAAC,mBAAmB,EAAE,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAA;IACtF,CAAC;IACD,OAAO,kBAAkB,CAAA;AAC3B,CAAC;AAED,SAAS,WAAW,CAAC,KAAc,EAAE,IAAY,EAAE,GAAW,EAAE,GAAW;IACzE,MAAM,CAAC,GAAG,OAAO,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAA;IAC3D,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC;QAAE,OAAO,IAAI,CAAA;IACpC,OAAO,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAA;AACpD,CAAC"}
1
+ {"version":3,"file":"exec-dispatcher.js","sourceRoot":"","sources":["../../../src/core/llm/exec-dispatcher.ts"],"names":[],"mappings":"AAAA,qEAAqE;AACrE,EAAE;AACF,uEAAuE;AACvE,uEAAuE;AACvE,wDAAwD;AACxD,EAAE;AACF,WAAW;AACX,iEAAiE;AACjE,gDAAgD;AAChD,qDAAqD;AACrD,qDAAqD;AACrD,yDAAyD;AACzD,6EAA6E;AAC7E,8CAA8C;AAC9C,4CAA4C;AAC5C,6EAA6E;AAC7E,8CAA8C;AAC9C,yEAAyE;AACzE,iEAAiE;AACjE,mDAAmD;AACnD,sEAAsE;AACtE,qEAAqE;AACrE,sEAAsE;AACtE,sEAAsE;AACtE,0DAA0D;AAC1D,4DAA4D;AAC5D,gEAAgE;AAChE,EAAE;AACF,mBAAmB;AACnB,8DAA8D;AAC9D,6DAA6D;AAE7D,OAAO,EAAE,KAAK,EAAE,MAAM,oBAAoB,CAAA;AAC1C,OAAO,EAAE,UAAU,EAAE,MAAM,SAAS,CAAA;AACpC,OAAO,EAAE,OAAO,EAAE,MAAM,SAAS,CAAA;AACjC,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAA;AACnC,OAAO,EAAE,MAAM,IAAI,UAAU,EAAE,MAAM,cAAc,CAAA;AAGnD,OAAO,EAAE,cAAc,EAAE,MAAM,qBAAqB,CAAA;AAEpD,MAAM,GAAG,GAAG,UAAU,CAAC,KAAK,CAAC,EAAE,SAAS,EAAE,iBAAiB,EAAE,CAAC,CAAA;AAE9D,MAAM,kBAAkB,GAAG,MAAM,CAAA;AACjC,MAAM,mBAAmB,GAAG,OAAO,CAAA;AACnC,MAAM,kBAAkB,GAAG,EAAE,GAAG,IAAI,CAAA;AAEpC,MAAM,eAAe,GAAG,CAAC,aAAa,CAAU,CAAA;AAChD,MAAM,UAAU,cAAc,CAAC,IAAY;IACzC,OAAQ,eAAqC,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAA;AAC9D,CAAC;AAED,MAAM,UAAU,YAAY;IAC1B,OAAO;QACL;YACE,IAAI,EAAE,aAAa;YACnB,WAAW,EACT,0FAA0F;gBAC1F,sFAAsF;gBACtF,2FAA2F;gBAC3F,sFAAsF;gBACtF,6CAA6C;YAC/C,UAAU,EAAE;gBACV,IAAI,EAAE,QAAQ;gBACd,UAAU,EAAE;oBACV,OAAO,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,gDAAgD,EAAE;oBAC1F,UAAU,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,qDAAqD,EAAE;oBAClG,GAAG,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,gDAAgD,EAAE;iBACvF;gBACD,QAAQ,EAAE,CAAC,SAAS,CAAC;gBACrB,oBAAoB,EAAE,KAAK;aAC5B;SACF;KACF,CAAA;AACH,CAAC;AAMD,MAAM,UAAU,mBAAmB,CAAC,GAAgB;IAClD,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,EAA6B,EAAE;QACvD,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YAC/B,OAAO,EAAE,IAAI,EAAE,gBAAgB,IAAI,CAAC,IAAI,EAAE,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,SAAS,EAAE,CAAA;QAChF,CAAC;QACD,IAAI,CAAC;YACH,OAAO,MAAM,OAAO,CAAC,IAAI,CAAC,SAAS,EAAE,GAAG,EAAE,MAAM,CAAC,CAAA;QACnD,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,GAAG,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAA;YAC5D,GAAG,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,iBAAiB,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC,CAAA;YAChD,OAAO,EAAE,IAAI,EAAE,uBAAuB,GAAG,EAAE,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,MAAM,EAAE,CAAA;QAC9E,CAAC;IACH,CAAC,CAAA;AACH,CAAC;AAED,KAAK,UAAU,OAAO,CAAC,IAA6B,EAAE,GAAgB,EAAE,MAAmB;IACzF,MAAM,OAAO,GAAG,OAAO,IAAI,CAAC,OAAO,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,CAAA;IACpE,IAAI,CAAC,OAAO,CAAC,IAAI,EAAE;QAAE,OAAO,EAAE,IAAI,EAAE,kBAAkB,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,MAAM,EAAE,CAAA;IAEvF,oEAAoE;IACpE,qEAAqE;IACrE,+DAA+D;IAC/D,2CAA2C;IAC3C,MAAM,MAAM,GAAG,qBAAqB,CAAC,OAAO,CAAC,CAAA;IAC7C,IAAI,MAAM,EAAE,CAAC;QACX,GAAG,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,gCAAgC,EAAE,MAAM,EAAE,MAAM,EAAE,cAAc,EAAE,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE,CAAC,CAAA;QAC5G,OAAO;YACL,IAAI,EAAE,sEAAsE,MAAM,kLAAkL;YACpQ,OAAO,EAAE,IAAI;YACb,MAAM,EAAE,MAAM;SACf,CAAA;IACH,CAAC;IAED,qEAAqE;IACrE,0EAA0E;IAC1E,qEAAqE;IACrE,oEAAoE;IACpE,mEAAmE;IACnE,MAAM,iBAAiB,GAAG,yBAAyB,CAAC,OAAO,CAAC,CAAA;IAC5D,IAAI,iBAAiB,EAAE,CAAC;QACtB,GAAG,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,2BAA2B,EAAE,MAAM,EAAE,iBAAiB,EAAE,cAAc,EAAE,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE,CAAC,CAAA;QAClH,OAAO;YACL,IAAI,EAAE,qFAAqF,iBAAiB,KAAK;gBAC/G,kGAAkG;YACpG,OAAO,EAAE,IAAI;YACb,MAAM,EAAE,MAAM;SACf,CAAA;IACH,CAAC;IAED,MAAM,SAAS,GAAG,YAAY,CAAC,IAAI,CAAC,UAAU,CAAC,CAAA;IAC/C,MAAM,GAAG,GAAG,OAAO,IAAI,CAAC,GAAG,KAAK,QAAQ,IAAI,IAAI,CAAC,GAAG,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,CAAA;IAEpF,MAAM,WAAW,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,kBAAkB,IAAI,EAAE,CAAC,CAAC,WAAW,EAAE,CAAA;IACxE,MAAM,UAAU,GAAG,WAAW,KAAK,OAAO,IAAI,UAAU,CAAC,gBAAgB,CAAC,CAAA;IAC1E,MAAM,aAAa,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,sBAAsB,IAAI,EAAE,CAAC,CAAC,WAAW,EAAE,KAAK,KAAK,CAAA;IAExF,MAAM,EAAE,GAAG,EAAE,IAAI,EAAE,GAAG,UAAU;QAC9B,CAAC,CAAC,oBAAoB,CAAC,OAAO,EAAE,GAAG,EAAE,aAAa,CAAC;QACnD,CAAC,CAAC,EAAE,GAAG,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,IAAI,EAAE,OAAO,CAAC,EAAE,CAAA;IAE7C,GAAG,CAAC,IAAI,CAAC;QACP,KAAK,EAAE,YAAY;QACnB,GAAG;QACH,GAAG;QACH,OAAO,EAAE,UAAU,CAAC,CAAC,CAAC,QAAQ,aAAa,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM;QACvE,SAAS;QACT,cAAc,EAAE,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC;KACtC,CAAC,CAAA;IAEF,OAAO,MAAM,QAAQ,CAAC,GAAG,EAAE,IAAI,EAAE,EAAE,GAAG,EAAE,SAAS,EAAE,MAAM,EAAE,CAAC,CAAA;AAC9D,CAAC;AAQD,MAAM,kBAAkB,GAAoB;IAC1C,kEAAkE;IAClE,oDAAoD;IACpD,EAAE,KAAK,EAAE,mGAAmG,EAAE,MAAM,EAAE,+CAA+C,EAAE;IACvK,2CAA2C;IAC3C,EAAE,KAAK,EAAE,oFAAoF,EAAE,MAAM,EAAE,oCAAoC,EAAE;IAC7I,2BAA2B;IAC3B,EAAE,KAAK,EAAE,0HAA0H,EAAE,MAAM,EAAE,wBAAwB,EAAE;IACvK,0CAA0C;IAC1C,EAAE,KAAK,EAAE,+CAA+C,EAAE,MAAM,EAAE,WAAW,EAAE;IAC/E,sCAAsC;IACtC,EAAE,KAAK,EAAE,4CAA4C,EAAE,MAAM,EAAE,4BAA4B,EAAE;IAC7F,2BAA2B;IAC3B,EAAE,KAAK,EAAE,mDAAmD,EAAE,MAAM,EAAE,yCAAyC,EAAE;IACjH,qCAAqC;IACrC,EAAE,KAAK,EAAE,6DAA6D,EAAE,MAAM,EAAE,0BAA0B,EAAE;IAC5G,yCAAyC;IACzC,EAAE,KAAK,EAAE,kBAAkB,EAAE,MAAM,EAAE,YAAY,EAAE;IACnD,6BAA6B;IAC7B,EAAE,KAAK,EAAE,mCAAmC,EAAE,MAAM,EAAE,4BAA4B,EAAE;IACpF,kCAAkC;IAClC,EAAE,KAAK,EAAE,sCAAsC,EAAE,MAAM,EAAE,uCAAuC,EAAE;CACnG,CAAA;AAED,SAAS,qBAAqB,CAAC,GAAW;IACxC,KAAK,MAAM,CAAC,IAAI,kBAAkB,EAAE,CAAC;QACnC,IAAI,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC;YAAE,OAAO,CAAC,CAAC,MAAM,CAAA;IACxC,CAAC;IACD,OAAO,IAAI,CAAA;AACb,CAAC;AAED,SAAS,yBAAyB,CAAC,GAAW;IAC5C,qEAAqE;IACrE,mEAAmE;IACnE,MAAM,KAAK,GAAG,4BAA4B,CAAA;IAC1C,KAAK,MAAM,KAAK,IAAI,GAAG,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;QACxC,MAAM,GAAG,GAAG,KAAK,CAAC,CAAC,CAAC,CAAA;QACpB,MAAM,IAAI,GAAG,cAAc,CAAC,GAAG,CAAC,CAAA;QAChC,IAAI,CAAC,IAAI,CAAC,EAAE;YAAE,OAAO,GAAG,GAAG,MAAM,IAAI,CAAC,MAAM,IAAI,SAAS,EAAE,CAAA;IAC7D,CAAC;IACD,OAAO,IAAI,CAAA;AACb,CAAC;AAED,SAAS,oBAAoB,CAAC,OAAe,EAAE,GAAW,EAAE,MAAe;IACzE,oEAAoE;IACpE,iEAAiE;IACjE,iEAAiE;IACjE,mEAAmE;IACnE,+DAA+D;IAC/D,gDAAgD;IAChD,uCAAuC;IACvC,MAAM,IAAI,GAAG,OAAO,EAAE,CAAA;IACtB,MAAM,SAAS,GAAG,OAAO,CAAC,GAAG,CAAC,CAAA;IAC9B,MAAM,IAAI,GAAa;QACrB,mBAAmB;QACnB,eAAe;QACf,WAAW,EAAE,MAAM,EAAE,MAAM;QAC3B,eAAe,EAAE,MAAM,EAAE,MAAM;QAC/B,eAAe,EAAE,QAAQ,EAAE,QAAQ;QACnC,eAAe,EAAE,MAAM,EAAE,MAAM;QAC/B,eAAe,EAAE,OAAO,EAAE,OAAO;QACjC,eAAe,EAAE,kBAAkB,EAAE,kBAAkB;QACvD,eAAe,EAAE,UAAU,EAAE,UAAU;QACvC,eAAe,EAAE,sBAAsB,EAAE,sBAAsB;QAC/D,QAAQ,EAAE,OAAO;QACjB,OAAO,EAAE,MAAM;QACf,SAAS,EAAE,MAAM;QACjB,gEAAgE;QAChE,oDAAoD;QACpD,SAAS,EAAE,GAAG,IAAI,QAAQ;QAC1B,SAAS,EAAE,GAAG,IAAI,UAAU;QAC5B,+DAA+D;QAC/D,sDAAsD;QACtD,4DAA4D;QAC5D,SAAS,EAAE,SAAS;QACpB,8DAA8D;QAC9D,iEAAiE;QACjE,kDAAkD;QAClD,OAAO,EAAE,GAAG;QACZ,QAAQ,EAAE,GAAG,EAAE,GAAG;QAClB,SAAS,EAAE,GAAG;KACf,CAAA;IACD,IAAI,MAAM;QAAE,IAAI,CAAC,IAAI,CAAC,eAAe,CAAC,CAAA;IACtC,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,SAAS,EAAE,IAAI,EAAE,OAAO,CAAC,CAAA;IACzC,OAAO,EAAE,GAAG,EAAE,gBAAgB,EAAE,IAAI,EAAE,CAAA;AACxC,CAAC;AAID,SAAS,QAAQ,CAAC,GAAW,EAAE,IAAc,EAAE,IAAa;IAC1D,OAAO,IAAI,OAAO,CAAmB,CAAC,OAAO,EAAE,EAAE;QAC/C,MAAM,SAAS,GAAG,WAAW,CAAC,OAAO,CAAC,GAAG,CAAC,qBAAqB,EAAE,kBAAkB,EAAE,IAAI,EAAE,IAAI,GAAG,IAAI,CAAC,CAAA;QACvG,IAAI,MAAM,GAAG,EAAE,CAAA;QACf,IAAI,MAAM,GAAG,EAAE,CAAA;QACf,IAAI,eAAe,GAAG,KAAK,CAAA;QAC3B,IAAI,eAAe,GAAG,KAAK,CAAA;QAC3B,IAAI,QAAQ,GAAG,KAAK,CAAA;QAEpB,MAAM,KAAK,GAAG,KAAK,CAAC,GAAG,EAAE,IAAI,EAAE,EAAE,GAAG,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,EAAE,OAAO,CAAC,GAAG,EAAE,MAAM,EAAE,IAAI,CAAC,MAAM,EAAE,CAAC,CAAA;QACxF,MAAM,KAAK,GAAG,UAAU,CAAC,GAAG,EAAE;YAC5B,QAAQ,GAAG,IAAI,CAAA;YACf,IAAI,CAAC;gBAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,CAAA;YAAC,CAAC;YAAC,MAAM,CAAC,CAAC,YAAY,CAAC,CAAC;YACpD,iEAAiE;YACjE,0CAA0C;YAC1C,UAAU,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC;gBAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,CAAA;YAAC,CAAC;YAAC,MAAM,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC,KAAK,EAAE,CAAA;QAC3F,CAAC,EAAE,IAAI,CAAC,SAAS,CAAC,CAAA;QAClB,KAAK,CAAC,KAAK,EAAE,CAAA;QAEb,KAAK,CAAC,MAAM,EAAE,WAAW,CAAC,OAAO,CAAC,CAAA;QAClC,KAAK,CAAC,MAAM,EAAE,WAAW,CAAC,OAAO,CAAC,CAAA;QAClC,KAAK,CAAC,MAAM,EAAE,EAAE,CAAC,MAAM,EAAE,CAAC,KAAa,EAAE,EAAE;YACzC,IAAI,MAAM,CAAC,MAAM,IAAI,SAAS,EAAE,CAAC;gBAAC,eAAe,GAAG,IAAI,CAAC;gBAAC,OAAM;YAAC,CAAC;YAClE,MAAM,IAAI,GAAG,SAAS,GAAG,MAAM,CAAC,MAAM,CAAA;YACtC,MAAM,IAAI,KAAK,CAAC,MAAM,GAAG,IAAI,CAAC,CAAC,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,IAAI,CAAC,CAAC,CAAC,CAAC,KAAK,CAAA;YAC5D,IAAI,KAAK,CAAC,MAAM,GAAG,IAAI;gBAAE,eAAe,GAAG,IAAI,CAAA;QACjD,CAAC,CAAC,CAAA;QACF,KAAK,CAAC,MAAM,EAAE,EAAE,CAAC,MAAM,EAAE,CAAC,KAAa,EAAE,EAAE;YACzC,IAAI,MAAM,CAAC,MAAM,IAAI,SAAS,EAAE,CAAC;gBAAC,eAAe,GAAG,IAAI,CAAC;gBAAC,OAAM;YAAC,CAAC;YAClE,MAAM,IAAI,GAAG,SAAS,GAAG,MAAM,CAAC,MAAM,CAAA;YACtC,MAAM,IAAI,KAAK,CAAC,MAAM,GAAG,IAAI,CAAC,CAAC,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,IAAI,CAAC,CAAC,CAAC,CAAC,KAAK,CAAA;YAC5D,IAAI,KAAK,CAAC,MAAM,GAAG,IAAI;gBAAE,eAAe,GAAG,IAAI,CAAA;QACjD,CAAC,CAAC,CAAA;QACF,KAAK,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,IAAI,EAAE,UAAU,EAAE,EAAE;YACrC,YAAY,CAAC,KAAK,CAAC,CAAA;YACnB,MAAM,QAAQ,GAAG,IAAI,IAAI,CAAC,CAAC,CAAA;YAC3B,MAAM,OAAO,GAAG;gBACd,SAAS,EAAE,QAAQ;gBACnB,MAAM,EAAE,UAAU,IAAI,IAAI;gBAC1B,SAAS,EAAE,QAAQ;gBACnB,MAAM;gBACN,MAAM;gBACN,gBAAgB,EAAE,eAAe;gBACjC,gBAAgB,EAAE,eAAe;aAClC,CAAA;YACD,gEAAgE;YAChE,+DAA+D;YAC/D,gCAAgC;YAChC,MAAM,OAAO,GAAG,QAAQ,IAAI,CAAC,QAAQ,KAAK,CAAC,IAAI,QAAQ,KAAK,IAAI,CAAC,CAAA;YACjE,MAAM,OAAO,GAAG,QAAQ;gBACtB,CAAC,CAAC,2BAA2B,IAAI,CAAC,SAAS,6BAA6B;gBACxE,CAAC,CAAC,EAAE,CAAA;YACN,OAAO,CAAC;gBACN,IAAI,EAAE,OAAO,GAAG,IAAI,CAAC,SAAS,CAAC,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC;gBAChD,OAAO;gBACP,MAAM,EAAE,MAAM;aACf,CAAC,CAAA;QACJ,CAAC,CAAC,CAAA;QACF,KAAK,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,GAAG,EAAE,EAAE;YACxB,YAAY,CAAC,KAAK,CAAC,CAAA;YACnB,OAAO,CAAC;gBACN,IAAI,EAAE,iBAAiB,GAAG,CAAC,OAAO,EAAE;gBACpC,OAAO,EAAE,IAAI;gBACb,MAAM,EAAE,MAAM;aACf,CAAC,CAAA;QACJ,CAAC,CAAC,CAAA;IACJ,CAAC,CAAC,CAAA;AACJ,CAAC;AAED,SAAS,YAAY,CAAC,GAAY;IAChC,MAAM,OAAO,GAAG,OAAO,GAAG,KAAK,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAA;IAC3D,IAAI,MAAM,CAAC,QAAQ,CAAC,OAAO,CAAC,IAAI,OAAO,GAAG,CAAC,EAAE,CAAC;QAC5C,OAAO,IAAI,CAAC,GAAG,CAAC,mBAAmB,EAAE,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAA;IAC3D,CAAC;IACD,MAAM,GAAG,GAAG,OAAO,CAAC,GAAG,CAAC,qBAAqB,CAAA;IAC7C,IAAI,GAAG,EAAE,CAAC;QACR,MAAM,CAAC,GAAG,MAAM,CAAC,GAAG,CAAC,CAAA;QACrB,IAAI,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC;YAAE,OAAO,IAAI,CAAC,GAAG,CAAC,mBAAmB,EAAE,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAA;IACtF,CAAC;IACD,OAAO,kBAAkB,CAAA;AAC3B,CAAC;AAED,SAAS,WAAW,CAAC,KAAc,EAAE,IAAY,EAAE,GAAW,EAAE,GAAW;IACzE,MAAM,CAAC,GAAG,OAAO,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAA;IAC3D,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC;QAAE,OAAO,IAAI,CAAA;IACpC,OAAO,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAA;AACpD,CAAC"}
package/dist/core/llm/web-dispatcher.d.ts CHANGED
@@ -23,5 +23,10 @@ interface SafetyResult {
23
23
  reason?: string;
24
24
  }
25
25
  export declare function checkUrlSafety(raw: string): SafetyResult;
26
+ interface Cidr4 {
27
+ network: number;
28
+ mask: number;
29
+ }
30
+ export declare function parseSsrfWhitelist(raw: string | undefined): Cidr4[];
26
31
  export {};
27
32
  //# sourceMappingURL=web-dispatcher.d.ts.map
package/dist/core/llm/web-dispatcher.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"web-dispatcher.d.ts","sourceRoot":"","sources":["../../../src/core/llm/web-dispatcher.ts"],"names":[],"mappings":"AAmBA,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,oBAAoB,CAAA;AACjD,OAAO,KAAK,EAAoB,cAAc,EAAE,MAAM,sBAAsB,CAAA;AAY5E,wBAAgB,aAAa,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAEnD;AAED,wBAAgB,WAAW,IAAI,OAAO,EAAE,CA0DvC;AAED,wBAAgB,kBAAkB,IAAI,cAAc,CAcnD;AA8DD,UAAU,SAAS;IACjB,KAAK,EAAE,MAAM,CAAA;IACb,GAAG,EAAE,MAAM,CAAA;IACX,OAAO,EAAE,MAAM,CAAA;CAChB;AA2CD;;;;sBAIsB;AACtB,wBAAgB,YAAY,CAAC,IAAI,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,GAAG,SAAS,EAAE,CAgBnE;AA6CD;;4BAE4B;AAC5B,wBAAgB,kBAAkB,CAAC,IAAI,EAAE,OAAO,EAAE,GAAG,EAAE,MAAM,GAAG,SAAS,EAAE,CAwB1E;AAID,UAAU,YAAY;IAAG,EAAE,EAAE,OAAO,CAAC;IAAC,MAAM,CAAC,EAAE,MAAM,CAAA;CAAE;AAEvD,wBAAgB,cAAc,CAAC,GAAG,EAAE,MAAM,GAAG,YAAY,CAoCxD"}
1
+ {"version":3,"file":"web-dispatcher.d.ts","sourceRoot":"","sources":["../../../src/core/llm/web-dispatcher.ts"],"names":[],"mappings":"AAmBA,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,oBAAoB,CAAA;AACjD,OAAO,KAAK,EAAoB,cAAc,EAAE,MAAM,sBAAsB,CAAA;AAY5E,wBAAgB,aAAa,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAEnD;AAED,wBAAgB,WAAW,IAAI,OAAO,EAAE,CA0DvC;AAED,wBAAgB,kBAAkB,IAAI,cAAc,CAcnD;AAgHD,UAAU,SAAS;IACjB,KAAK,EAAE,MAAM,CAAA;IACb,GAAG,EAAE,MAAM,CAAA;IACX,OAAO,EAAE,MAAM,CAAA;CAChB;AA2CD;;;;sBAIsB;AACtB,wBAAgB,YAAY,CAAC,IAAI,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,GAAG,SAAS,EAAE,CAgBnE;AA6CD;;4BAE4B;AAC5B,wBAAgB,kBAAkB,CAAC,IAAI,EAAE,OAAO,EAAE,GAAG,EAAE,MAAM,GAAG,SAAS,EAAE,CAwB1E;AAID,UAAU,YAAY;IAAG,EAAE,EAAE,OAAO,CAAC;IAAC,MAAM,CAAC,EAAE,MAAM,CAAA;CAAE;AAEvD,wBAAgB,cAAc,CAAC,GAAG,EAAE,MAAM,GAAG,YAAY,CAwDxD;AAKD,UAAU,KAAK;IAAG,OAAO,EAAE,MAAM,CAAC;IAAC,IAAI,EAAE,MAAM,CAAA;CAAE;AAEjD,wBAAgB,kBAAkB,CAAC,GAAG,EAAE,MAAM,GAAG,SAAS,GAAG,KAAK,EAAE,CAiBnE"}
package/dist/core/llm/web-dispatcher.js CHANGED
@@ -117,33 +117,29 @@ async function runWebFetch(args, signal) {
117
117
  const safe = checkUrlSafety(url);
118
118
  if (!safe.ok)
119
119
  return { text: `web_fetch refused: ${safe.reason}`, isError: true, source: 'web' };
120
- const target = format === 'reader'
120
+ const initialTarget = format === 'reader'
121
121
  ? `${JINA_READER_BASE}${url}`
122
122
  : url;
123
123
  try {
124
- const res = await fetch(target, {
125
- method: 'GET',
126
- redirect: 'follow',
127
- signal,
128
- headers: {
129
- 'User-Agent': 'agim-native/1.2.61 (+https://github.com/benking007/agim)',
130
- 'Accept': format === 'reader' ? 'text/plain' : '*/*',
131
- },
132
- });
124
+ const res = await fetchWithSafeRedirects(initialTarget, signal, format);
133
125
  if (!res.ok) {
126
+ return { text: res.error, isError: true, source: 'web' };
127
+ }
128
+ if (!res.response.ok) {
134
129
  return {
135
- text: JSON.stringify({ url, format, status: res.status, statusText: res.statusText, body: '' }, null, 2),
130
+ text: JSON.stringify({ url: res.finalUrl, format, status: res.response.status, statusText: res.response.statusText, body: '' }, null, 2),
136
131
  isError: true,
137
132
  source: 'web',
138
133
  };
139
134
  }
140
- const body = await readCapped(res, DEFAULT_FETCH_MAX_BYTES);
135
+ const body = await readCapped(res.response, DEFAULT_FETCH_MAX_BYTES);
141
136
  return {
142
137
  text: JSON.stringify({
143
- url,
138
+ url: res.finalUrl,
144
139
  format,
145
- status: res.status,
146
- contentType: res.headers.get('content-type') ?? null,
140
+ status: res.response.status,
141
+ contentType: res.response.headers.get('content-type') ?? null,
142
+ redirected_via: res.redirectChain.length > 0 ? res.redirectChain : undefined,
147
143
  bytes: body.text.length,
148
144
  truncated: body.truncated,
149
145
  body: body.text,
@@ -156,6 +152,59 @@ async function runWebFetch(args, signal) {
156
152
  return { text: `web_fetch failed: ${errMsg(err)}`, isError: true, source: 'web' };
157
153
  }
158
154
  }
155
+ /**
156
+ * v1.2.66 — SSRF-safe fetch with manual redirect handling.
157
+ *
158
+ * Default `fetch({redirect:'follow'})` follows 3xx Location transparently,
159
+ * including to private IPs. That defeats the initial checkUrlSafety()
160
+ * since the final fetch target wasn't validated. Mirror nanobot's
161
+ * `validate_resolved_url`: redirect:'manual', loop ≤ 5 times, validate
162
+ * each Location with checkUrlSafety before following.
163
+ */
164
+ const MAX_REDIRECTS = 5;
165
+ async function fetchWithSafeRedirects(initialUrl, signal, format) {
166
+ let currentUrl = initialUrl;
167
+ const chain = [];
168
+ for (let hop = 0; hop <= MAX_REDIRECTS; hop++) {
169
+ const res = await fetch(currentUrl, {
170
+ method: 'GET',
171
+ redirect: 'manual',
172
+ signal,
173
+ headers: {
174
+ 'User-Agent': 'agim-native/1.2.66 (+https://github.com/benking007/agim)',
175
+ 'Accept': format === 'reader' ? 'text/plain' : '*/*',
176
+ },
177
+ });
178
+ // 3xx with Location → validate + follow.
179
+ if (res.status >= 300 && res.status < 400) {
180
+ const location = res.headers.get('location');
181
+ if (!location) {
182
+ return { ok: true, response: res, finalUrl: currentUrl, redirectChain: chain };
183
+ }
184
+ let nextUrl;
185
+ try {
186
+ nextUrl = new URL(location, currentUrl).toString();
187
+ }
188
+ catch {
189
+ return { ok: false, error: `web_fetch refused: invalid redirect Location "${location}"` };
190
+ }
191
+ const safe = checkUrlSafety(nextUrl);
192
+ if (!safe.ok) {
193
+ return { ok: false, error: `web_fetch refused: redirect target rejected — ${safe.reason}` };
194
+ }
195
+ // discard the redirect body (we don't need it)
196
+ try {
197
+ await res.body?.cancel();
198
+ }
199
+ catch { /* ignore */ }
200
+ chain.push(currentUrl);
201
+ currentUrl = nextUrl;
202
+ continue;
203
+ }
204
+ return { ok: true, response: res, finalUrl: currentUrl, redirectChain: chain };
205
+ }
206
+ return { ok: false, error: `web_fetch refused: too many redirects (>${MAX_REDIRECTS})` };
207
+ }
159
208
  async function runWebSearch(args, signal) {
160
209
  const query = typeof args.query === 'string' ? args.query.trim() : '';
161
210
  if (!query)
@@ -312,14 +361,26 @@ export function checkUrlSafety(raw) {
312
361
  }
313
362
  if (process.env.IMHUB_NATIVE_WEB_ALLOW_PRIVATE === '1')
314
363
  return { ok: true };
364
+ // v1.2.66 — CIDR whitelist. Operator-set ranges escape the
365
+ // private-IP block. Use case: Tailscale (100.64.0.0/10), internal
366
+ // VPN subnets, OpenAI-compat services on internal docker networks.
367
+ // Format: `IMHUB_NATIVE_WEB_SSRF_WHITELIST=10.20.0.0/16,100.64.0.0/10`.
368
+ // Parsed once per call (cheap; called per fetch); cache could be
369
+ // added but the list is small and changes are rare.
370
+ const whitelist = parseSsrfWhitelist(process.env.IMHUB_NATIVE_WEB_SSRF_WHITELIST);
315
371
  const host = u.hostname.toLowerCase();
316
372
  if (host === 'localhost' || host === '::1' || host.endsWith('.localhost')) {
317
- return { ok: false, reason: 'localhost is private (set IMHUB_NATIVE_WEB_ALLOW_PRIVATE=1 to allow)' };
373
+ return { ok: false, reason: 'localhost is private (set IMHUB_NATIVE_WEB_ALLOW_PRIVATE=1 or whitelist via IMHUB_NATIVE_WEB_SSRF_WHITELIST)' };
318
374
  }
319
375
  // IPv4 numeric check
320
376
  const v4 = /^(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})$/.exec(host);
321
377
  if (v4) {
322
- const [a, b] = [Number(v4[1]), Number(v4[2])];
378
+ const octets = [Number(v4[1]), Number(v4[2]), Number(v4[3]), Number(v4[4])];
379
+ if (whitelist.length > 0 && octets.every((o) => Number.isFinite(o) && o >= 0 && o <= 255)
380
+ && ipInAnyCidr4(octets, whitelist)) {
381
+ return { ok: true };
382
+ }
383
+ const [a, b] = [octets[0], octets[1]];
323
384
  if (a === 10)
324
385
  return { ok: false, reason: 'RFC1918 10.0.0.0/8 private' };
325
386
  if (a === 172 && b >= 16 && b <= 31)
@@ -329,7 +390,13 @@ export function checkUrlSafety(raw) {
329
390
  if (a === 127)
330
391
  return { ok: false, reason: '127.0.0.0/8 loopback' };
331
392
  if (a === 169 && b === 254)
332
- return { ok: false, reason: '169.254.0.0/16 link-local' };
393
+ return { ok: false, reason: '169.254.0.0/16 link-local (covers AWS/Azure IMDS 169.254.169.254)' };
394
+ // v1.2.66 — Carrier-grade NAT (RFC 6598). Cloud providers + some
395
+ // ISPs use this for internal-only hosts. Not "private" in the
396
+ // RFC1918 sense but routinely used as such; nanobot blocks it.
397
+ if (a === 100 && b >= 64 && b <= 127) {
398
+ return { ok: false, reason: '100.64.0.0/10 carrier-grade NAT (whitelist via IMHUB_NATIVE_WEB_SSRF_WHITELIST=100.64.0.0/10 if intentional, e.g. Tailscale)' };
399
+ }
333
400
  if (a === 0)
334
401
  return { ok: false, reason: '0.0.0.0/8 invalid' };
335
402
  }
@@ -349,6 +416,37 @@ export function checkUrlSafety(raw) {
349
416
  }
350
417
  return { ok: true };
351
418
  }
419
+ export function parseSsrfWhitelist(raw) {
420
+ if (!raw)
421
+ return [];
422
+ const out = [];
423
+ for (const part of raw.split(',')) {
424
+ const trimmed = part.trim();
425
+ if (!trimmed)
426
+ continue;
427
+ const m = /^(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})\/(\d{1,2})$/.exec(trimmed);
428
+ if (!m)
429
+ continue;
430
+ const octets = [Number(m[1]), Number(m[2]), Number(m[3]), Number(m[4])];
431
+ if (octets.some((o) => o < 0 || o > 255))
432
+ continue;
433
+ const prefix = Number(m[5]);
434
+ if (prefix < 0 || prefix > 32)
435
+ continue;
436
+ const networkInt = ((octets[0] << 24) | (octets[1] << 16) | (octets[2] << 8) | octets[3]) >>> 0;
437
+ const mask = prefix === 0 ? 0 : (0xffffffff << (32 - prefix)) >>> 0;
438
+ out.push({ network: (networkInt & mask) >>> 0, mask });
439
+ }
440
+ return out;
441
+ }
442
+ function ipInAnyCidr4(octets, cidrs) {
443
+ const ip = ((octets[0] << 24) | (octets[1] << 16) | (octets[2] << 8) | octets[3]) >>> 0;
444
+ for (const c of cidrs) {
445
+ if (((ip & c.mask) >>> 0) === c.network)
446
+ return true;
447
+ }
448
+ return false;
449
+ }
352
450
  // ─── helpers ─────────────────────────────────────────────────────────
353
451
  function ok(payload) {
354
452
  return { text: JSON.stringify(payload, null, 2), isError: false, source: 'web' };
package/dist/core/llm/web-dispatcher.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"web-dispatcher.js","sourceRoot":"","sources":["../../../src/core/llm/web-dispatcher.ts"],"names":[],"mappings":"AAAA,uEAAuE;AACvE,EAAE;AACF,qBAAqB;AACrB,+EAA+E;AAC/E,+EAA+E;AAC/E,EAAE;AACF,aAAa;AACb,8EAA8E;AAC9E,sEAAsE;AACtE,uCAAuC;AACvC,kEAAkE;AAClE,EAAE;AACF,oCAAoC;AACpC,gEAAgE;AAChE,4EAA4E;AAC5E,EAAE;AACF,yEAAyE;AAEzE,OAAO,EAAE,MAAM,IAAI,UAAU,EAAE,MAAM,cAAc,CAAA;AAInD,MAAM,GAAG,GAAG,UAAU,CAAC,KAAK,CAAC,EAAE,SAAS,EAAE,gBAAgB,EAAE,CAAC,CAAA;AAE7D,MAAM,kBAAkB,GAAG,MAAM,CAAA;AACjC,MAAM,uBAAuB,GAAG,GAAG,GAAG,IAAI,CAAA,CAAE,uBAAuB;AACnE,MAAM,sBAAsB,GAAG,CAAC,CAAA;AAChC,MAAM,cAAc,GAAG,iCAAiC,CAAA;AACxD,MAAM,eAAe,GAAG,0BAA0B,CAAA,CAAE,wBAAwB;AAC5E,MAAM,gBAAgB,GAAG,oBAAoB,CAAA;AAE7C,MAAM,cAAc,GAAG,CAAC,kBAAkB,EAAE,mBAAmB,CAAU,CAAA;AACzE,MAAM,UAAU,aAAa,CAAC,IAAY;IACxC,OAAQ,cAAoC,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAA;AAC7D,CAAC;AAED,MAAM,UAAU,WAAW;IACzB,OAAO;QACL;YACE,IAAI,EAAE,kBAAkB;YACxB,WAAW,EACT,4FAA4F;gBAC5F,wFAAwF;gBACxF,kCAAkC;gBAClC,MAAM;gBACN,wFAAwF;gBACxF,wEAAwE;gBACxE,MAAM;gBACN,qFAAqF;gBACrF,oFAAoF;gBACpF,iFAAiF;YACnF,UAAU,EAAE;gBACV,IAAI,EAAE,QAAQ;gBACd,UAAU,EAAE;oBACV,GAAG,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,uBAAuB,EAAE;oBAC7D,MAAM,EAAE;wBACN,IAAI,EAAE,QAAQ;wBACd,IAAI,EAAE,CAAC,QAAQ,EAAE,KAAK,CAAC;wBACvB,WAAW,EAAE,qEAAqE;qBACnF;iBACF;gBACD,QAAQ,EAAE,CAAC,KAAK,CAAC;gBACjB,oBAAoB,EAAE,KAAK;aAC5B;SACF;QACD;YACE,IAAI,EAAE,mBAAmB;YACzB,WAAW,EACT,qFAAqF;gBACrF,qFAAqF;gBACrF,uFAAuF;gBACvF,qBAAqB;gBACrB,MAAM;gBACN,uEAAuE;gBACvE,wCAAwC;gBACxC,MAAM;gBACN,2EAA2E;gBAC3E,kDAAkD;gBAClD,MAAM;gBACN,+EAA+E;gBAC/E,qFAAqF;gBACrF,MAAM;gBACN,mFAAmF;YACrF,UAAU,EAAE;gBACV,IAAI,EAAE,QAAQ;gBACd,UAAU,EAAE;oBACV,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,eAAe,EAAE;oBACvD,CAAC,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,uCAAuC,EAAE;iBAC5E;gBACD,QAAQ,EAAE,CAAC,OAAO,CAAC;gBACnB,oBAAoB,EAAE,KAAK;aAC5B;SACF;KACF,CAAA;AACH,CAAC;AAED,MAAM,UAAU,kBAAkB;IAChC,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,EAA6B,EAAE;QACvD,IAAI,CAAC,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YAC9B,OAAO,EAAE,IAAI,EAAE,gBAAgB,IAAI,CAAC,IAAI,EAAE,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,SAAS,EAAE,CAAA;QAChF,CAAC;QACD,MAAM,SAAS,GAAG,gBAAgB,EAAE,CAAA;QACpC,IAAI,CAAC;YACH,OAAO,MAAM,WAAW,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,SAAS,EAAE,MAAM,CAAC,EAAE,SAAS,EAAE,IAAI,CAAC,IAAI,CAAC,CAAA;QAC3F,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,GAAG,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAA;YAC5D,GAAG,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,gBAAgB,EAAE,IAAI,EAAE,IAAI,CAAC,IAAI,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC,CAAA;YAChE,OAAO,EAAE,IAAI,EAAE,GAAG,IAAI,CAAC,IAAI,YAAY,GAAG,EAAE,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,KAAK,EAAE,CAAA;QAC9E,CAAC;IACH,CAAC,CAAA;AACH,CAAC;AAED,KAAK,UAAU,MAAM,CAAC,IAAY,EAAE,IAA6B,EAAE,MAAmB;IACpF,QAAQ,IAAI,EAAE,CAAC;QACb,KAAK,kBAAkB,CAAC,CAAC,OAAO,WAAW,CAAC,IAAI,EAAE,MAAM,CAAC,CAAA;QACzD,KAAK,mBAAmB,CAAC,CAAC,OAAO,YAAY,CAAC,IAAI,EAAE,MAAM,CAAC,CAAA;QAC3D;YACE,OAAO,EAAE,IAAI,EAAE,qBAAqB,IAAI,EAAE,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,KAAK,EAAE,CAAA;IAC9E,CAAC;AACH,CAAC;AAED,wEAAwE;AAExE,KAAK,UAAU,WAAW,CAAC,IAA6B,EAAE,MAAmB;IAC3E,MAAM,GAAG,GAAG,OAAO,IAAI,CAAC,GAAG,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAA;IACxD,IAAI,CAAC,GAAG;QAAE,OAAO,EAAE,IAAI,EAAE,cAAc,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,KAAK,EAAE,CAAA;IACvE,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,KAAK,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,QAAQ,CAAA;IAEvD,MAAM,IAAI,GAAG,cAAc,CAAC,GAAG,CAAC,CAAA;IAChC,IAAI,CAAC,IAAI,CAAC,EAAE;QAAE,OAAO,EAAE,IAAI,EAAE,sBAAsB,IAAI,CAAC,MAAM,EAAE,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,KAAK,EAAE,CAAA;IAEhG,MAAM,MAAM,GAAG,MAAM,KAAK,QAAQ;QAChC,CAAC,CAAC,GAAG,gBAAgB,GAAG,GAAG,EAAE;QAC7B,CAAC,CAAC,GAAG,CAAA;IACP,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,MAAM,EAAE;YAC9B,MAAM,EAAE,KAAK;YACb,QAAQ,EAAE,QAAQ;YAClB,MAAM;YACN,OAAO,EAAE;gBACP,YAAY,EAAE,0DAA0D;gBACxE,QAAQ,EAAE,MAAM,KAAK,QAAQ,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,KAAK;aACrD;SACF,CAAC,CAAA;QACF,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC;YACZ,OAAO;gBACL,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,GAAG,EAAE,MAAM,EAAE,MAAM,EAAE,GAAG,CAAC,MAAM,EAAE,UAAU,EAAE,GAAG,CAAC,UAAU,EAAE,IAAI,EAAE,EAAE,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC;gBACxG,OAAO,EAAE,IAAI;gBACb,MAAM,EAAE,KAAK;aACd,CAAA;QACH,CAAC;QACD,MAAM,IAAI,GAAG,MAAM,UAAU,CAAC,GAAG,EAAE,uBAAuB,CAAC,CAAA;QAC3D,OAAO;YACL,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;gBACnB,GAAG;gBACH,MAAM;gBACN,MAAM,EAAE,GAAG,CAAC,MAAM;gBAClB,WAAW,EAAE,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC,IAAI,IAAI;gBACpD,KAAK,EAAE,IAAI,CAAC,IAAI,CAAC,MAAM;gBACvB,SAAS,EAAE,IAAI,CAAC,SAAS;gBACzB,IAAI,EAAE,IAAI,CAAC,IAAI;aAChB,EAAE,IAAI,EAAE,CAAC,CAAC;YACX,OAAO,EAAE,KAAK;YACd,MAAM,EAAE,KAAK;SACd,CAAA;IACH,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,OAAO,EAAE,IAAI,EAAE,qBAAqB,MAAM,CAAC,GAAG,CAAC,EAAE,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,KAAK,EAAE,CAAA;IACnF,CAAC;AACH,CAAC;AAUD,KAAK,UAAU,YAAY,CAAC,IAA6B,EAAE,MAAmB;IAC5E,MAAM,KAAK,GAAG,OAAO,IAAI,CAAC,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,CAAA;IACrE,IAAI,CAAC,KAAK;QAAE,OAAO,EAAE,IAAI,EAAE,gBAAgB,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,KAAK,EAAE,CAAA;IAC3E,MAAM,CAAC,GAAG,WAAW,CAAC,IAAI,CAAC,CAAC,EAAE,sBAAsB,EAAE,CAAC,EAAE,EAAE,CAAC,CAAA;IAC5D,uBAAuB;IACvB,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,MAAM,gBAAgB,CAAC,KAAK,EAAE,CAAC,EAAE,MAAM,CAAC,CAAA;QACpD,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACnB,OAAO,EAAE,CAAC,EAAE,KAAK,EAAE,OAAO,EAAE,YAAY,EAAE,KAAK,EAAE,GAAG,CAAC,MAAM,EAAE,OAAO,EAAE,GAAG,EAAE,CAAC,CAAA;QAC9E,CAAC;QACD,GAAG,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,sBAAsB,EAAE,KAAK,EAAE,EAAE,uDAAuD,CAAC,CAAA;IAC7G,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,GAAG,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,uBAAuB,EAAE,GAAG,EAAE,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,CAAA;IAChE,CAAC;IACD,sBAAsB;IACtB,IAAI,CAAC;QACH,MAAM,IAAI,GAAG,MAAM,YAAY,CAAC,KAAK,EAAE,CAAC,EAAE,MAAM,CAAC,CAAA;QACjD,IAAI,IAAI,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACpB,OAAO,EAAE,CAAC,EAAE,KAAK,EAAE,OAAO,EAAE,QAAQ,EAAE,KAAK,EAAE,IAAI,CAAC,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC,CAAA;QAC5E,CAAC;QACD,OAAO,GAAG,CAAC,4DAA4D,CAAC,CAAA;IAC1E,CAAC;IAAC,OAAO,IAAI,EAAE,CAAC;QACd,OAAO,GAAG,CAAC,sDAAsD,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC,CAAA;IAClF,CAAC;AACH,CAAC;AAED,KAAK,UAAU,gBAAgB,CAAC,KAAa,EAAE,CAAS,EAAE,MAAmB;IAC3E,MAAM,GAAG,GAAG,cAAc,GAAG,kBAAkB,CAAC,KAAK,CAAC,CAAA;IACtD,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,GAAG,EAAE;QAC3B,MAAM,EAAE,KAAK;QACb,QAAQ,EAAE,QAAQ;QAClB,MAAM;QACN,OAAO,EAAE;YACP,YAAY,EAAE,oDAAoD;SACnE;KACF,CAAC,CAAA;IACF,IAAI,CAAC,GAAG,CAAC,EAAE;QAAE,MAAM,IAAI,KAAK,CAAC,YAAY,GAAG,CAAC,MAAM,EAAE,CAAC,CAAA;IACtD,MAAM,IAAI,GAAG,MAAM,GAAG,CAAC,IAAI,EAAE,CAAA;IAC7B,OAAO,YAAY,CAAC,IAAI,EAAE,CAAC,CAAC,CAAA;AAC9B,CAAC;AAED;;;;sBAIsB;AACtB,MAAM,UAAU,YAAY,CAAC,IAAY,EAAE,GAAW;IACpD,MAAM,GAAG,GAAgB,EAAE,CAAA;IAC3B,MAAM,OAAO,GAAG,8DAA8D,CAAA;IAC9E,KAAK,IAAI,CAAC,GAAG,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,KAAK,IAAI,EAAE,CAAC,GAAG,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;QACpE,IAAI,GAAG,CAAC,MAAM,IAAI,GAAG;YAAE,MAAK;QAC5B,MAAM,KAAK,GAAG,CAAC,CAAC,CAAC,CAAC,CAAA;QAClB,MAAM,MAAM,GAAG,kEAAkE,CAAC,IAAI,CAAC,KAAK,CAAC,CAAA;QAC7F,IAAI,CAAC,MAAM;YAAE,SAAQ;QACrB,MAAM,OAAO,GAAG,MAAM,CAAC,CAAC,CAAC,CAAA;QACzB,MAAM,GAAG,GAAG,iBAAiB,CAAC,OAAO,CAAC,CAAA;QACtC,MAAM,KAAK,GAAG,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAA;QACzC,MAAM,MAAM,GAAG,qDAAqD,CAAC,IAAI,CAAC,KAAK,CAAC,CAAA;QAChF,MAAM,OAAO,GAAG,MAAM,CAAC,CAAC,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,CAAA;QACzD,IAAI,GAAG,IAAI,KAAK;YAAE,GAAG,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,GAAG,EAAE,OAAO,EAAE,CAAC,CAAA;IACrD,CAAC;IACD,OAAO,GAAG,CAAA;AACZ,CAAC;AAED,SAAS,iBAAiB,CAAC,IAAY;IACrC,kFAAkF;IAClF,sCAAsC;IACtC,IAAI,CAAC;QACH,MAAM,CAAC,GAAG,IAAI,GAAG,CAAC,IAAI,EAAE,wBAAwB,CAAC,CAAA;QACjD,MAAM,KAAK,GAAG,CAAC,CAAC,YAAY,CAAC,GAAG,CAAC,MAAM,CAAC,CAAA;QACxC,IAAI,KAAK;YAAE,OAAO,kBAAkB,CAAC,KAAK,CAAC,CAAA;QAC3C,OAAO,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS,IAAI,EAAE,CAAA;IACzD,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAA;IACb,CAAC;AACH,CAAC;AAED,SAAS,SAAS,CAAC,CAAS;IAC1B,OAAO,CAAC;SACL,OAAO,CAAC,UAAU,EAAE,EAAE,CAAC;SACvB,OAAO,CAAC,QAAQ,EAAE,GAAG,CAAC;SACtB,OAAO,CAAC,OAAO,EAAE,GAAG,CAAC;SACrB,OAAO,CAAC,OAAO,EAAE,GAAG,CAAC;SACrB,OAAO,CAAC,SAAS,EAAE,GAAG,CAAC;SACvB,OAAO,CAAC,QAAQ,EAAE,GAAG,CAAC;SACtB,OAAO,CAAC,SAAS,EAAE,GAAG,CAAC,CAAA;AAC5B,CAAC;AAED,KAAK,UAAU,YAAY,CAAC,KAAa,EAAE,CAAS,EAAE,MAAmB;IACvE,MAAM,GAAG,GAAG,OAAO,CAAC,GAAG,CAAC,cAAc,CAAA;IACtC,IAAI,CAAC,GAAG;QAAE,MAAM,IAAI,KAAK,CAAC,gDAAgD,CAAC,CAAA;IAC3E,MAAM,GAAG,GAAG,GAAG,eAAe,SAAS,CAAA;IACvC,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,GAAG,EAAE;QAC3B,MAAM,EAAE,MAAM;QACd,MAAM;QACN,OAAO,EAAE;YACP,cAAc,EAAE,kBAAkB;YAClC,eAAe,EAAE,UAAU,GAAG,EAAE;YAChC,YAAY,EAAE,oBAAoB;SACnC;QACD,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,EAAE,CAAC;KAC5C,CAAC,CAAA;IACF,IAAI,CAAC,GAAG,CAAC,EAAE;QAAE,MAAM,IAAI,KAAK,CAAC,eAAe,GAAG,CAAC,MAAM,EAAE,CAAC,CAAA;IACzD,MAAM,IAAI,GAAG,MAAM,GAAG,CAAC,IAAI,EAAa,CAAA;IACxC,OAAO,kBAAkB,CAAC,IAAI,EAAE,CAAC,CAAC,CAAA;AACpC,CAAC;AAED;;4BAE4B;AAC5B,MAAM,UAAU,kBAAkB,CAAC,IAAa,EAAE,GAAW;IAC3D,IAAI,CAAC,IAAI,IAAI,OAAO,IAAI,KAAK,QAAQ;QAAE,OAAO,EAAE,CAAA;IAChD,MAAM,CAAC,GAAG,IAA+B,CAAA;IACzC,qDAAqD;IACrD,MAAM,UAAU,GACd,CAAC,KAAK,CAAC,OAAO,CAAE,CAAC,CAAC,IAAgC,EAAE,IAAI,CAAC,IAAK,CAAC,CAAC,IAAgC,CAAC,IAAiB,CAAC;QACnH,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,OAAO,CAAC,IAAK,CAAC,CAAC,OAAqB,CAAC;QACtD,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,KAAK,CAAC,IAAK,CAAC,CAAC,KAAmB,CAAC;QAClD,EAAE,CAAA;IACJ,MAAM,GAAG,GAAgB,EAAE,CAAA;IAC3B,KAAK,MAAM,IAAI,IAAI,UAAU,EAAE,CAAC;QAC9B,IAAI,GAAG,CAAC,MAAM,IAAI,GAAG;YAAE,MAAK;QAC5B,IAAI,CAAC,IAAI,IAAI,OAAO,IAAI,KAAK,QAAQ;YAAE,SAAQ;QAC/C,MAAM,EAAE,GAAG,IAA+B,CAAA;QAC1C,MAAM,KAAK,GAAG,OAAO,EAAE,CAAC,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,EAAE,CAAC,KAAK;YACnD,CAAC,CAAC,OAAO,EAAE,CAAC,IAAI,KAAK,QAAQ,CAAC,CAAC,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAA;QAC9C,MAAM,GAAG,GAAG,OAAO,EAAE,CAAC,GAAG,KAAK,QAAQ,CAAC,CAAC,CAAC,EAAE,CAAC,GAAG;YAC7C,CAAC,CAAC,OAAO,EAAE,CAAC,IAAI,KAAK,QAAQ,CAAC,CAAC,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAA;QAC9C,MAAM,OAAO,GAAG,OAAO,EAAE,CAAC,OAAO,KAAK,QAAQ,CAAC,CAAC,CAAC,EAAE,CAAC,OAAO;YACzD,CAAC,CAAC,OAAO,EAAE,CAAC,OAAO,KAAK,QAAQ,CAAC,CAAC,CAAC,EAAE,CAAC,OAAO;gBAC7C,CAAC,CAAC,OAAO,EAAE,CAAC,OAAO,KAAK,QAAQ,CAAC,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,CAAA;QACpD,IAAI,KAAK,IAAI,GAAG;YAAE,GAAG,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,GAAG,EAAE,OAAO,EAAE,CAAC,CAAA;IACrD,CAAC;IACD,OAAO,GAAG,CAAA;AACZ,CAAC;AAMD,MAAM,UAAU,cAAc,CAAC,GAAW;IACxC,IAAI,CAAM,CAAA;IACV,IAAI,CAAC;QAAC,CAAC,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,CAAA;IAAC,CAAC;IAAC,MAAM,CAAC;QAAC,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,gBAAgB,GAAG,EAAE,EAAE,CAAA;IAAC,CAAC;IACtF,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC,CAAC,QAAQ,CAAC,EAAE,CAAC;QAClC,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,aAAa,CAAC,CAAC,QAAQ,iCAAiC,EAAE,CAAA;IACxF,CAAC;IACD,IAAI,OAAO,CAAC,GAAG,CAAC,8BAA8B,KAAK,GAAG;QAAE,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,CAAA;IAC3E,MAAM,IAAI,GAAG,CAAC,CAAC,QAAQ,CAAC,WAAW,EAAE,CAAA;IACrC,IAAI,IAAI,KAAK,WAAW,IAAI,IAAI,KAAK,KAAK,IAAI,IAAI,CAAC,QAAQ,CAAC,YAAY,CAAC,EAAE,CAAC;QAC1E,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,sEAAsE,EAAE,CAAA;IACtG,CAAC;IACD,qBAAqB;IACrB,MAAM,EAAE,GAAG,8CAA8C,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;IACpE,IAAI,EAAE,EAAE,CAAC;QACP,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,EAAE,MAAM,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAA;QAC7C,IAAI,CAAC,KAAK,EAAE;YAAE,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,4BAA4B,EAAE,CAAA;QACxE,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,IAAI,EAAE;YAAE,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,+BAA+B,EAAE,CAAA;QAClG,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC,KAAK,GAAG;YAAE,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,gCAAgC,EAAE,CAAA;QAC1F,IAAI,CAAC,KAAK,GAAG;YAAE,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,sBAAsB,EAAE,CAAA;QACnE,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC,KAAK,GAAG;YAAE,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,2BAA2B,EAAE,CAAA;QACrF,IAAI,CAAC,KAAK,CAAC;YAAE,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,mBAAmB,EAAE,CAAA;IAChE,CAAC;IACD,qEAAqE;IACrE,4DAA4D;IAC5D,0DAA0D;IAC1D,MAAM,EAAE,GAAG,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAA;IAChF,IAAI,EAAE,KAAK,KAAK;QAAE,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,mBAAmB,EAAE,CAAA;IACnE,IAAI,EAAE,CAAC,UAAU,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;QACtD,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,2BAA2B,EAAE,CAAA;IAC3D,CAAC;IACD,IAAI,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC;QAC/C,IAAI,qBAAqB,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,CAAC;YACnC,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,mBAAmB,EAAE,CAAA;QACnD,CAAC;IACH,CAAC;IACD,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,CAAA;AACrB,CAAC;AAED,wEAAwE;AAExE,SAAS,EAAE,CAAC,OAAgB;IAC1B,OAAO,EAAE,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,CAAA;AAClF,CAAC;AAED,SAAS,GAAG,CAAC,GAAW;IACtB,OAAO,EAAE,IAAI,EAAE,GAAG,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,KAAK,EAAE,CAAA;AACpD,CAAC;AAED,KAAK,UAAU,UAAU,CAAC,GAAa,EAAE,GAAW;IAClD,MAAM,MAAM,GAAG,GAAG,CAAC,IAAI,EAAE,SAAS,EAAE,CAAA;IACpC,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,MAAM,CAAC,GAAG,MAAM,GAAG,CAAC,IAAI,EAAE,CAAA;QAC1B,OAAO,CAAC,CAAC,MAAM,GAAG,GAAG;YACnB,CAAC,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE,SAAS,EAAE,IAAI,EAAE;YAC5C,CAAC,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,SAAS,EAAE,KAAK,EAAE,CAAA;IACnC,CAAC;IACD,MAAM,OAAO,GAAG,IAAI,WAAW,CAAC,OAAO,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,CAAC,CAAA;IAC1D,IAAI,GAAG,GAAG,EAAE,CAAA;IACZ,IAAI,SAAS,GAAG,KAAK,CAAA;IACrB,OAAO,GAAG,CAAC,MAAM,GAAG,GAAG,EAAE,CAAC;QACxB,MAAM,EAAE,KAAK,EAAE,IAAI,EAAE,GAAG,MAAM,MAAM,CAAC,IAAI,EAAE,CAAA;QAC3C,IAAI,IAAI;YAAE,MAAK;QACf,GAAG,IAAI,OAAO,CAAC,MAAM,CAAC,KAAK,EAAE,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC,CAAA;QAC9C,IAAI,GAAG,CAAC,MAAM,IAAI,GAAG,EAAE,CAAC;YACtB,GAAG,GAAG,GAAG,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,CAAA;YACvB,SAAS,GAAG,IAAI,CAAA;YAChB,IAAI,CAAC;gBAAC,MAAM,MAAM,CAAC,MAAM,EAAE,CAAA;YAAC,CAAC;YAAC,MAAM,CAAC,CAAC,YAAY,CAAC,CAAC;YACpD,MAAK;QACP,CAAC;IACH,CAAC;IACD,GAAG,IAAI,OAAO,CAAC,MAAM,EAAE,CAAA;IACvB,OAAO,EAAE,IAAI,EAAE,GAAG,EAAE,SAAS,EAAE,CAAA;AACjC,CAAC;AAED,SAAS,gBAAgB;IACvB,MAAM,GAAG,GAAG,OAAO,CAAC,GAAG,CAAC,2BAA2B,CAAA;IACnD,IAAI,GAAG,EAAE,CAAC;QACR,MAAM,CAAC,GAAG,MAAM,CAAC,GAAG,CAAC,CAAA;QACrB,IAAI,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,OAAO;YAAE,OAAO,CAAC,CAAA;IAC3D,CAAC;IACD,OAAO,kBAAkB,CAAA;AAC3B,CAAC;AAED,KAAK,UAAU,WAAW,CAAI,CAAa,EAAE,EAAU,EAAE,GAAW;IAClE,IAAI,KAAiC,CAAA;IACrC,MAAM,OAAO,GAAG,IAAI,OAAO,CAAQ,CAAC,CAAC,EAAE,MAAM,EAAE,EAAE;QAC/C,KAAK,GAAG,UAAU,CAAC,GAAG,EAAE,CAAC,MAAM,CAAC,IAAI,KAAK,CAAC,GAAG,GAAG,oBAAoB,EAAE,IAAI,CAAC,CAAC,EAAE,EAAE,CAAC,CAAA;IACnF,CAAC,CAAC,CAAA;IACF,IAAI,CAAC;QACH,OAAO,MAAM,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,OAAO,CAAC,CAAC,CAAA;IACzC,CAAC;YAAS,CAAC;QACT,IAAI,KAAK;YAAE,YAAY,CAAC,KAAK,CAAC,CAAA;IAChC,CAAC;AACH,CAAC;AAED,SAAS,WAAW,CAAC,KAAc,EAAE,IAAY,EAAE,GAAW,EAAE,GAAW;IACzE,MAAM,CAAC,GAAG,OAAO,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAA;IAC3D,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC;QAAE,OAAO,IAAI,CAAA;IACpC,OAAO,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAA;AACpD,CAAC;AAED,SAAS,MAAM,CAAC,CAAU;IACxB,OAAO,CAAC,YAAY,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAA;AACnD,CAAC"}
1
+ {"version":3,"file":"web-dispatcher.js","sourceRoot":"","sources":["../../../src/core/llm/web-dispatcher.ts"],"names":[],"mappings":"AAAA,uEAAuE;AACvE,EAAE;AACF,qBAAqB;AACrB,+EAA+E;AAC/E,+EAA+E;AAC/E,EAAE;AACF,aAAa;AACb,8EAA8E;AAC9E,sEAAsE;AACtE,uCAAuC;AACvC,kEAAkE;AAClE,EAAE;AACF,oCAAoC;AACpC,gEAAgE;AAChE,4EAA4E;AAC5E,EAAE;AACF,yEAAyE;AAEzE,OAAO,EAAE,MAAM,IAAI,UAAU,EAAE,MAAM,cAAc,CAAA;AAInD,MAAM,GAAG,GAAG,UAAU,CAAC,KAAK,CAAC,EAAE,SAAS,EAAE,gBAAgB,EAAE,CAAC,CAAA;AAE7D,MAAM,kBAAkB,GAAG,MAAM,CAAA;AACjC,MAAM,uBAAuB,GAAG,GAAG,GAAG,IAAI,CAAA,CAAE,uBAAuB;AACnE,MAAM,sBAAsB,GAAG,CAAC,CAAA;AAChC,MAAM,cAAc,GAAG,iCAAiC,CAAA;AACxD,MAAM,eAAe,GAAG,0BAA0B,CAAA,CAAE,wBAAwB;AAC5E,MAAM,gBAAgB,GAAG,oBAAoB,CAAA;AAE7C,MAAM,cAAc,GAAG,CAAC,kBAAkB,EAAE,mBAAmB,CAAU,CAAA;AACzE,MAAM,UAAU,aAAa,CAAC,IAAY;IACxC,OAAQ,cAAoC,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAA;AAC7D,CAAC;AAED,MAAM,UAAU,WAAW;IACzB,OAAO;QACL;YACE,IAAI,EAAE,kBAAkB;YACxB,WAAW,EACT,4FAA4F;gBAC5F,wFAAwF;gBACxF,kCAAkC;gBAClC,MAAM;gBACN,wFAAwF;gBACxF,wEAAwE;gBACxE,MAAM;gBACN,qFAAqF;gBACrF,oFAAoF;gBACpF,iFAAiF;YACnF,UAAU,EAAE;gBACV,IAAI,EAAE,QAAQ;gBACd,UAAU,EAAE;oBACV,GAAG,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,uBAAuB,EAAE;oBAC7D,MAAM,EAAE;wBACN,IAAI,EAAE,QAAQ;wBACd,IAAI,EAAE,CAAC,QAAQ,EAAE,KAAK,CAAC;wBACvB,WAAW,EAAE,qEAAqE;qBACnF;iBACF;gBACD,QAAQ,EAAE,CAAC,KAAK,CAAC;gBACjB,oBAAoB,EAAE,KAAK;aAC5B;SACF;QACD;YACE,IAAI,EAAE,mBAAmB;YACzB,WAAW,EACT,qFAAqF;gBACrF,qFAAqF;gBACrF,uFAAuF;gBACvF,qBAAqB;gBACrB,MAAM;gBACN,uEAAuE;gBACvE,wCAAwC;gBACxC,MAAM;gBACN,2EAA2E;gBAC3E,kDAAkD;gBAClD,MAAM;gBACN,+EAA+E;gBAC/E,qFAAqF;gBACrF,MAAM;gBACN,mFAAmF;YACrF,UAAU,EAAE;gBACV,IAAI,EAAE,QAAQ;gBACd,UAAU,EAAE;oBACV,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,eAAe,EAAE;oBACvD,CAAC,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,uCAAuC,EAAE;iBAC5E;gBACD,QAAQ,EAAE,CAAC,OAAO,CAAC;gBACnB,oBAAoB,EAAE,KAAK;aAC5B;SACF;KACF,CAAA;AACH,CAAC;AAED,MAAM,UAAU,kBAAkB;IAChC,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,EAA6B,EAAE;QACvD,IAAI,CAAC,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YAC9B,OAAO,EAAE,IAAI,EAAE,gBAAgB,IAAI,CAAC,IAAI,EAAE,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,SAAS,EAAE,CAAA;QAChF,CAAC;QACD,MAAM,SAAS,GAAG,gBAAgB,EAAE,CAAA;QACpC,IAAI,CAAC;YACH,OAAO,MAAM,WAAW,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,SAAS,EAAE,MAAM,CAAC,EAAE,SAAS,EAAE,IAAI,CAAC,IAAI,CAAC,CAAA;QAC3F,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,GAAG,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAA;YAC5D,GAAG,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,gBAAgB,EAAE,IAAI,EAAE,IAAI,CAAC,IAAI,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC,CAAA;YAChE,OAAO,EAAE,IAAI,EAAE,GAAG,IAAI,CAAC,IAAI,YAAY,GAAG,EAAE,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,KAAK,EAAE,CAAA;QAC9E,CAAC;IACH,CAAC,CAAA;AACH,CAAC;AAED,KAAK,UAAU,MAAM,CAAC,IAAY,EAAE,IAA6B,EAAE,MAAmB;IACpF,QAAQ,IAAI,EAAE,CAAC;QACb,KAAK,kBAAkB,CAAC,CAAC,OAAO,WAAW,CAAC,IAAI,EAAE,MAAM,CAAC,CAAA;QACzD,KAAK,mBAAmB,CAAC,CAAC,OAAO,YAAY,CAAC,IAAI,EAAE,MAAM,CAAC,CAAA;QAC3D;YACE,OAAO,EAAE,IAAI,EAAE,qBAAqB,IAAI,EAAE,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,KAAK,EAAE,CAAA;IAC9E,CAAC;AACH,CAAC;AAED,wEAAwE;AAExE,KAAK,UAAU,WAAW,CAAC,IAA6B,EAAE,MAAmB;IAC3E,MAAM,GAAG,GAAG,OAAO,IAAI,CAAC,GAAG,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAA;IACxD,IAAI,CAAC,GAAG;QAAE,OAAO,EAAE,IAAI,EAAE,cAAc,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,KAAK,EAAE,CAAA;IACvE,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,KAAK,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,QAAQ,CAAA;IAEvD,MAAM,IAAI,GAAG,cAAc,CAAC,GAAG,CAAC,CAAA;IAChC,IAAI,CAAC,IAAI,CAAC,EAAE;QAAE,OAAO,EAAE,IAAI,EAAE,sBAAsB,IAAI,CAAC,MAAM,EAAE,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,KAAK,EAAE,CAAA;IAEhG,MAAM,aAAa,GAAG,MAAM,KAAK,QAAQ;QACvC,CAAC,CAAC,GAAG,gBAAgB,GAAG,GAAG,EAAE;QAC7B,CAAC,CAAC,GAAG,CAAA;IACP,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,MAAM,sBAAsB,CAAC,aAAa,EAAE,MAAM,EAAE,MAAM,CAAC,CAAA;QACvE,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC;YACZ,OAAO,EAAE,IAAI,EAAE,GAAG,CAAC,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,KAAK,EAAE,CAAA;QAC1D,CAAC;QACD,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;YACrB,OAAO;gBACL,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,GAAG,EAAE,GAAG,CAAC,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,GAAG,CAAC,QAAQ,CAAC,MAAM,EAAE,UAAU,EAAE,GAAG,CAAC,QAAQ,CAAC,UAAU,EAAE,IAAI,EAAE,EAAE,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC;gBACxI,OAAO,EAAE,IAAI;gBACb,MAAM,EAAE,KAAK;aACd,CAAA;QACH,CAAC;QACD,MAAM,IAAI,GAAG,MAAM,UAAU,CAAC,GAAG,CAAC,QAAQ,EAAE,uBAAuB,CAAC,CAAA;QACpE,OAAO;YACL,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;gBACnB,GAAG,EAAE,GAAG,CAAC,QAAQ;gBACjB,MAAM;gBACN,MAAM,EAAE,GAAG,CAAC,QAAQ,CAAC,MAAM;gBAC3B,WAAW,EAAE,GAAG,CAAC,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC,IAAI,IAAI;gBAC7D,cAAc,EAAE,GAAG,CAAC,aAAa,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,aAAa,CAAC,CAAC,CAAC,SAAS;gBAC5E,KAAK,EAAE,IAAI,CAAC,IAAI,CAAC,MAAM;gBACvB,SAAS,EAAE,IAAI,CAAC,SAAS;gBACzB,IAAI,EAAE,IAAI,CAAC,IAAI;aAChB,EAAE,IAAI,EAAE,CAAC,CAAC;YACX,OAAO,EAAE,KAAK;YACd,MAAM,EAAE,KAAK;SACd,CAAA;IACH,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,OAAO,EAAE,IAAI,EAAE,qBAAqB,MAAM,CAAC,GAAG,CAAC,EAAE,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,KAAK,EAAE,CAAA;IACnF,CAAC;AACH,CAAC;AAED;;;;;;;;GAQG;AACH,MAAM,aAAa,GAAG,CAAC,CAAA;AACvB,KAAK,UAAU,sBAAsB,CACnC,UAAkB,EAClB,MAAmB,EACnB,MAAwB;IAExB,IAAI,UAAU,GAAG,UAAU,CAAA;IAC3B,MAAM,KAAK,GAAa,EAAE,CAAA;IAC1B,KAAK,IAAI,GAAG,GAAG,CAAC,EAAE,GAAG,IAAI,aAAa,EAAE,GAAG,EAAE,EAAE,CAAC;QAC9C,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,UAAU,EAAE;YAClC,MAAM,EAAE,KAAK;YACb,QAAQ,EAAE,QAAQ;YAClB,MAAM;YACN,OAAO,EAAE;gBACP,YAAY,EAAE,0DAA0D;gBACxE,QAAQ,EAAE,MAAM,KAAK,QAAQ,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,KAAK;aACrD;SACF,CAAC,CAAA;QACF,yCAAyC;QACzC,IAAI,GAAG,CAAC,MAAM,IAAI,GAAG,IAAI,GAAG,CAAC,MAAM,GAAG,GAAG,EAAE,CAAC;YAC1C,MAAM,QAAQ,GAAG,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,CAAA;YAC5C,IAAI,CAAC,QAAQ,EAAE,CAAC;gBACd,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,GAAG,EAAE,QAAQ,EAAE,UAAU,EAAE,aAAa,EAAE,KAAK,EAAE,CAAA;YAChF,CAAC;YACD,IAAI,OAAe,CAAA;YACnB,IAAI,CAAC;gBACH,OAAO,GAAG,IAAI,GAAG,CAAC,QAAQ,EAAE,UAAU,CAAC,CAAC,QAAQ,EAAE,CAAA;YACpD,CAAC;YAAC,MAAM,CAAC;gBACP,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,iDAAiD,QAAQ,GAAG,EAAE,CAAA;YAC3F,CAAC;YACD,MAAM,IAAI,GAAG,cAAc,CAAC,OAAO,CAAC,CAAA;YACpC,IAAI,CAAC,IAAI,CAAC,EAAE,EAAE,CAAC;gBACb,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,iDAAiD,IAAI,CAAC,MAAM,EAAE,EAAE,CAAA;YAC7F,CAAC;YACD,+CAA+C;YAC/C,IAAI,CAAC;gBAAC,MAAM,GAAG,CAAC,IAAI,EAAE,MAAM,EAAE,CAAA;YAAC,CAAC;YAAC,MAAM,CAAC,CAAC,YAAY,CAAC,CAAC;YACvD,KAAK,CAAC,IAAI,CAAC,UAAU,CAAC,CAAA;YACtB,UAAU,GAAG,OAAO,CAAA;YACpB,SAAQ;QACV,CAAC;QACD,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,GAAG,EAAE,QAAQ,EAAE,UAAU,EAAE,aAAa,EAAE,KAAK,EAAE,CAAA;IAChF,CAAC;IACD,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,2CAA2C,aAAa,GAAG,EAAE,CAAA;AAC1F,CAAC;AAUD,KAAK,UAAU,YAAY,CAAC,IAA6B,EAAE,MAAmB;IAC5E,MAAM,KAAK,GAAG,OAAO,IAAI,CAAC,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,CAAA;IACrE,IAAI,CAAC,KAAK;QAAE,OAAO,EAAE,IAAI,EAAE,gBAAgB,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,KAAK,EAAE,CAAA;IAC3E,MAAM,CAAC,GAAG,WAAW,CAAC,IAAI,CAAC,CAAC,EAAE,sBAAsB,EAAE,CAAC,EAAE,EAAE,CAAC,CAAA;IAC5D,uBAAuB;IACvB,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,MAAM,gBAAgB,CAAC,KAAK,EAAE,CAAC,EAAE,MAAM,CAAC,CAAA;QACpD,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACnB,OAAO,EAAE,CAAC,EAAE,KAAK,EAAE,OAAO,EAAE,YAAY,EAAE,KAAK,EAAE,GAAG,CAAC,MAAM,EAAE,OAAO,EAAE,GAAG,EAAE,CAAC,CAAA;QAC9E,CAAC;QACD,GAAG,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,sBAAsB,EAAE,KAAK,EAAE,EAAE,uDAAuD,CAAC,CAAA;IAC7G,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,GAAG,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,uBAAuB,EAAE,GAAG,EAAE,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,CAAA;IAChE,CAAC;IACD,sBAAsB;IACtB,IAAI,CAAC;QACH,MAAM,IAAI,GAAG,MAAM,YAAY,CAAC,KAAK,EAAE,CAAC,EAAE,MAAM,CAAC,CAAA;QACjD,IAAI,IAAI,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACpB,OAAO,EAAE,CAAC,EAAE,KAAK,EAAE,OAAO,EAAE,QAAQ,EAAE,KAAK,EAAE,IAAI,CAAC,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC,CAAA;QAC5E,CAAC;QACD,OAAO,GAAG,CAAC,4DAA4D,CAAC,CAAA;IAC1E,CAAC;IAAC,OAAO,IAAI,EAAE,CAAC;QACd,OAAO,GAAG,CAAC,sDAAsD,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC,CAAA;IAClF,CAAC;AACH,CAAC;AAED,KAAK,UAAU,gBAAgB,CAAC,KAAa,EAAE,CAAS,EAAE,MAAmB;IAC3E,MAAM,GAAG,GAAG,cAAc,GAAG,kBAAkB,CAAC,KAAK,CAAC,CAAA;IACtD,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,GAAG,EAAE;QAC3B,MAAM,EAAE,KAAK;QACb,QAAQ,EAAE,QAAQ;QAClB,MAAM;QACN,OAAO,EAAE;YACP,YAAY,EAAE,oDAAoD;SACnE;KACF,CAAC,CAAA;IACF,IAAI,CAAC,GAAG,CAAC,EAAE;QAAE,MAAM,IAAI,KAAK,CAAC,YAAY,GAAG,CAAC,MAAM,EAAE,CAAC,CAAA;IACtD,MAAM,IAAI,GAAG,MAAM,GAAG,CAAC,IAAI,EAAE,CAAA;IAC7B,OAAO,YAAY,CAAC,IAAI,EAAE,CAAC,CAAC,CAAA;AAC9B,CAAC;AAED;;;;sBAIsB;AACtB,MAAM,UAAU,YAAY,CAAC,IAAY,EAAE,GAAW;IACpD,MAAM,GAAG,GAAgB,EAAE,CAAA;IAC3B,MAAM,OAAO,GAAG,8DAA8D,CAAA;IAC9E,KAAK,IAAI,CAAC,GAAG,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,KAAK,IAAI,EAAE,CAAC,GAAG,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;QACpE,IAAI,GAAG,CAAC,MAAM,IAAI,GAAG;YAAE,MAAK;QAC5B,MAAM,KAAK,GAAG,CAAC,CAAC,CAAC,CAAC,CAAA;QAClB,MAAM,MAAM,GAAG,kEAAkE,CAAC,IAAI,CAAC,KAAK,CAAC,CAAA;QAC7F,IAAI,CAAC,MAAM;YAAE,SAAQ;QACrB,MAAM,OAAO,GAAG,MAAM,CAAC,CAAC,CAAC,CAAA;QACzB,MAAM,GAAG,GAAG,iBAAiB,CAAC,OAAO,CAAC,CAAA;QACtC,MAAM,KAAK,GAAG,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAA;QACzC,MAAM,MAAM,GAAG,qDAAqD,CAAC,IAAI,CAAC,KAAK,CAAC,CAAA;QAChF,MAAM,OAAO,GAAG,MAAM,CAAC,CAAC,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,CAAA;QACzD,IAAI,GAAG,IAAI,KAAK;YAAE,GAAG,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,GAAG,EAAE,OAAO,EAAE,CAAC,CAAA;IACrD,CAAC;IACD,OAAO,GAAG,CAAA;AACZ,CAAC;AAED,SAAS,iBAAiB,CAAC,IAAY;IACrC,kFAAkF;IAClF,sCAAsC;IACtC,IAAI,CAAC;QACH,MAAM,CAAC,GAAG,IAAI,GAAG,CAAC,IAAI,EAAE,wBAAwB,CAAC,CAAA;QACjD,MAAM,KAAK,GAAG,CAAC,CAAC,YAAY,CAAC,GAAG,CAAC,MAAM,CAAC,CAAA;QACxC,IAAI,KAAK;YAAE,OAAO,kBAAkB,CAAC,KAAK,CAAC,CAAA;QAC3C,OAAO,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS,IAAI,EAAE,CAAA;IACzD,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAA;IACb,CAAC;AACH,CAAC;AAED,SAAS,SAAS,CAAC,CAAS;IAC1B,OAAO,CAAC;SACL,OAAO,CAAC,UAAU,EAAE,EAAE,CAAC;SACvB,OAAO,CAAC,QAAQ,EAAE,GAAG,CAAC;SACtB,OAAO,CAAC,OAAO,EAAE,GAAG,CAAC;SACrB,OAAO,CAAC,OAAO,EAAE,GAAG,CAAC;SACrB,OAAO,CAAC,SAAS,EAAE,GAAG,CAAC;SACvB,OAAO,CAAC,QAAQ,EAAE,GAAG,CAAC;SACtB,OAAO,CAAC,SAAS,EAAE,GAAG,CAAC,CAAA;AAC5B,CAAC;AAED,KAAK,UAAU,YAAY,CAAC,KAAa,EAAE,CAAS,EAAE,MAAmB;IACvE,MAAM,GAAG,GAAG,OAAO,CAAC,GAAG,CAAC,cAAc,CAAA;IACtC,IAAI,CAAC,GAAG;QAAE,MAAM,IAAI,KAAK,CAAC,gDAAgD,CAAC,CAAA;IAC3E,MAAM,GAAG,GAAG,GAAG,eAAe,SAAS,CAAA;IACvC,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,GAAG,EAAE;QAC3B,MAAM,EAAE,MAAM;QACd,MAAM;QACN,OAAO,EAAE;YACP,cAAc,EAAE,kBAAkB;YAClC,eAAe,EAAE,UAAU,GAAG,EAAE;YAChC,YAAY,EAAE,oBAAoB;SACnC;QACD,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,EAAE,CAAC;KAC5C,CAAC,CAAA;IACF,IAAI,CAAC,GAAG,CAAC,EAAE;QAAE,MAAM,IAAI,KAAK,CAAC,eAAe,GAAG,CAAC,MAAM,EAAE,CAAC,CAAA;IACzD,MAAM,IAAI,GAAG,MAAM,GAAG,CAAC,IAAI,EAAa,CAAA;IACxC,OAAO,kBAAkB,CAAC,IAAI,EAAE,CAAC,CAAC,CAAA;AACpC,CAAC;AAED;;4BAE4B;AAC5B,MAAM,UAAU,kBAAkB,CAAC,IAAa,EAAE,GAAW;IAC3D,IAAI,CAAC,IAAI,IAAI,OAAO,IAAI,KAAK,QAAQ;QAAE,OAAO,EAAE,CAAA;IAChD,MAAM,CAAC,GAAG,IAA+B,CAAA;IACzC,qDAAqD;IACrD,MAAM,UAAU,GACd,CAAC,KAAK,CAAC,OAAO,CAAE,CAAC,CAAC,IAAgC,EAAE,IAAI,CAAC,IAAK,CAAC,CAAC,IAAgC,CAAC,IAAiB,CAAC;QACnH,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,OAAO,CAAC,IAAK,CAAC,CAAC,OAAqB,CAAC;QACtD,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,KAAK,CAAC,IAAK,CAAC,CAAC,KAAmB,CAAC;QAClD,EAAE,CAAA;IACJ,MAAM,GAAG,GAAgB,EAAE,CAAA;IAC3B,KAAK,MAAM,IAAI,IAAI,UAAU,EAAE,CAAC;QAC9B,IAAI,GAAG,CAAC,MAAM,IAAI,GAAG;YAAE,MAAK;QAC5B,IAAI,CAAC,IAAI,IAAI,OAAO,IAAI,KAAK,QAAQ;YAAE,SAAQ;QAC/C,MAAM,EAAE,GAAG,IAA+B,CAAA;QAC1C,MAAM,KAAK,GAAG,OAAO,EAAE,CAAC,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,EAAE,CAAC,KAAK;YACnD,CAAC,CAAC,OAAO,EAAE,CAAC,IAAI,KAAK,QAAQ,CAAC,CAAC,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAA;QAC9C,MAAM,GAAG,GAAG,OAAO,EAAE,CAAC,GAAG,KAAK,QAAQ,CAAC,CAAC,CAAC,EAAE,CAAC,GAAG;YAC7C,CAAC,CAAC,OAAO,EAAE,CAAC,IAAI,KAAK,QAAQ,CAAC,CAAC,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAA;QAC9C,MAAM,OAAO,GAAG,OAAO,EAAE,CAAC,OAAO,KAAK,QAAQ,CAAC,CAAC,CAAC,EAAE,CAAC,OAAO;YACzD,CAAC,CAAC,OAAO,EAAE,CAAC,OAAO,KAAK,QAAQ,CAAC,CAAC,CAAC,EAAE,CAAC,OAAO;gBAC7C,CAAC,CAAC,OAAO,EAAE,CAAC,OAAO,KAAK,QAAQ,CAAC,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,CAAA;QACpD,IAAI,KAAK,IAAI,GAAG;YAAE,GAAG,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,GAAG,EAAE,OAAO,EAAE,CAAC,CAAA;IACrD,CAAC;IACD,OAAO,GAAG,CAAA;AACZ,CAAC;AAMD,MAAM,UAAU,cAAc,CAAC,GAAW;IACxC,IAAI,CAAM,CAAA;IACV,IAAI,CAAC;QAAC,CAAC,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,CAAA;IAAC,CAAC;IAAC,MAAM,CAAC;QAAC,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,gBAAgB,GAAG,EAAE,EAAE,CAAA;IAAC,CAAC;IACtF,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC,CAAC,QAAQ,CAAC,EAAE,CAAC;QAClC,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,aAAa,CAAC,CAAC,QAAQ,iCAAiC,EAAE,CAAA;IACxF,CAAC;IACD,IAAI,OAAO,CAAC,GAAG,CAAC,8BAA8B,KAAK,GAAG;QAAE,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,CAAA;IAE3E,2DAA2D;IAC3D,kEAAkE;IAClE,mEAAmE;IACnE,wEAAwE;IACxE,iEAAiE;IACjE,oDAAoD;IACpD,MAAM,SAAS,GAAG,kBAAkB,CAAC,OAAO,CAAC,GAAG,CAAC,+BAA+B,CAAC,CAAA;IAEjF,MAAM,IAAI,GAAG,CAAC,CAAC,QAAQ,CAAC,WAAW,EAAE,CAAA;IACrC,IAAI,IAAI,KAAK,WAAW,IAAI,IAAI,KAAK,KAAK,IAAI,IAAI,CAAC,QAAQ,CAAC,YAAY,CAAC,EAAE,CAAC;QAC1E,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,8GAA8G,EAAE,CAAA;IAC9I,CAAC;IACD,qBAAqB;IACrB,MAAM,EAAE,GAAG,8CAA8C,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;IACpE,IAAI,EAAE,EAAE,CAAC;QACP,MAAM,MAAM,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,EAAE,MAAM,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,EAAE,MAAM,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,EAAE,MAAM,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAA;QAC3E,IAAI,SAAS,CAAC,MAAM,GAAG,CAAC,IAAI,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,GAAG,CAAC;eAClF,YAAY,CAAC,MAAM,EAAE,SAAS,CAAC,EAAE,CAAC;YACvC,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,CAAA;QACrB,CAAC;QACD,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,MAAM,CAAC,CAAC,CAAC,CAAC,CAAA;QACrC,IAAI,CAAC,KAAK,EAAE;YAAE,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,4BAA4B,EAAE,CAAA;QACxE,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,IAAI,EAAE;YAAE,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,+BAA+B,EAAE,CAAA;QAClG,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC,KAAK,GAAG;YAAE,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,gCAAgC,EAAE,CAAA;QAC1F,IAAI,CAAC,KAAK,GAAG;YAAE,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,sBAAsB,EAAE,CAAA;QACnE,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC,KAAK,GAAG;YAAE,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,mEAAmE,EAAE,CAAA;QAC7H,iEAAiE;QACjE,8DAA8D;QAC9D,+DAA+D;QAC/D,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,IAAI,GAAG,EAAE,CAAC;YACrC,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,8HAA8H,EAAE,CAAA;QAC9J,CAAC;QACD,IAAI,CAAC,KAAK,CAAC;YAAE,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,mBAAmB,EAAE,CAAA;IAChE,CAAC;IACD,qEAAqE;IACrE,4DAA4D;IAC5D,0DAA0D;IAC1D,MAAM,EAAE,GAAG,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAA;IAChF,IAAI,EAAE,KAAK,KAAK;QAAE,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,mBAAmB,EAAE,CAAA;IACnE,IAAI,EAAE,CAAC,UAAU,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;QACtD,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,2BAA2B,EAAE,CAAA;IAC3D,CAAC;IACD,IAAI,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC;QAC/C,IAAI,qBAAqB,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,CAAC;YACnC,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,mBAAmB,EAAE,CAAA;QACnD,CAAC;IACH,CAAC;IACD,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,CAAA;AACrB,CAAC;AAOD,MAAM,UAAU,kBAAkB,CAAC,GAAuB;IACxD,IAAI,CAAC,GAAG;QAAE,OAAO,EAAE,CAAA;IACnB,MAAM,GAAG,GAAY,EAAE,CAAA;IACvB,KAAK,MAAM,IAAI,IAAI,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,EAAE,CAAC;QAClC,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,EAAE,CAAA;QAC3B,IAAI,CAAC,OAAO;YAAE,SAAQ;QACtB,MAAM,CAAC,GAAG,yDAAyD,CAAC,IAAI,CAAC,OAAO,CAAC,CAAA;QACjF,IAAI,CAAC,CAAC;YAAE,SAAQ;QAChB,MAAM,MAAM,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAA;QACvE,IAAI,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,GAAG,CAAC,IAAI,CAAC,GAAG,GAAG,CAAC;YAAE,SAAQ;QAClD,MAAM,MAAM,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAA;QAC3B,IAAI,MAAM,GAAG,CAAC,IAAI,MAAM,GAAG,EAAE;YAAE,SAAQ;QACvC,MAAM,UAAU,GAAG,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAA;QAC/F,MAAM,IAAI,GAAG,MAAM,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,UAAU,IAAI,CAAC,EAAE,GAAG,MAAM,CAAC,CAAC,KAAK,CAAC,CAAA;QACnE,GAAG,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,CAAC,UAAU,GAAG,IAAI,CAAC,KAAK,CAAC,EAAE,IAAI,EAAE,CAAC,CAAA;IACxD,CAAC;IACD,OAAO,GAAG,CAAA;AACZ,CAAC;AAED,SAAS,YAAY,CAAC,MAAgB,EAAE,KAAc;IACpD,MAAM,EAAE,GAAG,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAA;IACvF,KAAK,MAAM,CAAC,IAAI,KAAK,EAAE,CAAC;QACtB,IAAI,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,CAAC,OAAO;YAAE,OAAO,IAAI,CAAA;IACtD,CAAC;IACD,OAAO,KAAK,CAAA;AACd,CAAC;AAED,wEAAwE;AAExE,SAAS,EAAE,CAAC,OAAgB;IAC1B,OAAO,EAAE,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,CAAA;AAClF,CAAC;AAED,SAAS,GAAG,CAAC,GAAW;IACtB,OAAO,EAAE,IAAI,EAAE,GAAG,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,KAAK,EAAE,CAAA;AACpD,CAAC;AAED,KAAK,UAAU,UAAU,CAAC,GAAa,EAAE,GAAW;IAClD,MAAM,MAAM,GAAG,GAAG,CAAC,IAAI,EAAE,SAAS,EAAE,CAAA;IACpC,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,MAAM,CAAC,GAAG,MAAM,GAAG,CAAC,IAAI,EAAE,CAAA;QAC1B,OAAO,CAAC,CAAC,MAAM,GAAG,GAAG;YACnB,CAAC,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE,SAAS,EAAE,IAAI,EAAE;YAC5C,CAAC,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,SAAS,EAAE,KAAK,EAAE,CAAA;IACnC,CAAC;IACD,MAAM,OAAO,GAAG,IAAI,WAAW,CAAC,OAAO,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,CAAC,CAAA;IAC1D,IAAI,GAAG,GAAG,EAAE,CAAA;IACZ,IAAI,SAAS,GAAG,KAAK,CAAA;IACrB,OAAO,GAAG,CAAC,MAAM,GAAG,GAAG,EAAE,CAAC;QACxB,MAAM,EAAE,KAAK,EAAE,IAAI,EAAE,GAAG,MAAM,MAAM,CAAC,IAAI,EAAE,CAAA;QAC3C,IAAI,IAAI;YAAE,MAAK;QACf,GAAG,IAAI,OAAO,CAAC,MAAM,CAAC,KAAK,EAAE,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC,CAAA;QAC9C,IAAI,GAAG,CAAC,MAAM,IAAI,GAAG,EAAE,CAAC;YACtB,GAAG,GAAG,GAAG,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,CAAA;YACvB,SAAS,GAAG,IAAI,CAAA;YAChB,IAAI,CAAC;gBAAC,MAAM,MAAM,CAAC,MAAM,EAAE,CAAA;YAAC,CAAC;YAAC,MAAM,CAAC,CAAC,YAAY,CAAC,CAAC;YACpD,MAAK;QACP,CAAC;IACH,CAAC;IACD,GAAG,IAAI,OAAO,CAAC,MAAM,EAAE,CAAA;IACvB,OAAO,EAAE,IAAI,EAAE,GAAG,EAAE,SAAS,EAAE,CAAA;AACjC,CAAC;AAED,SAAS,gBAAgB;IACvB,MAAM,GAAG,GAAG,OAAO,CAAC,GAAG,CAAC,2BAA2B,CAAA;IACnD,IAAI,GAAG,EAAE,CAAC;QACR,MAAM,CAAC,GAAG,MAAM,CAAC,GAAG,CAAC,CAAA;QACrB,IAAI,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,OAAO;YAAE,OAAO,CAAC,CAAA;IAC3D,CAAC;IACD,OAAO,kBAAkB,CAAA;AAC3B,CAAC;AAED,KAAK,UAAU,WAAW,CAAI,CAAa,EAAE,EAAU,EAAE,GAAW;IAClE,IAAI,KAAiC,CAAA;IACrC,MAAM,OAAO,GAAG,IAAI,OAAO,CAAQ,CAAC,CAAC,EAAE,MAAM,EAAE,EAAE;QAC/C,KAAK,GAAG,UAAU,CAAC,GAAG,EAAE,CAAC,MAAM,CAAC,IAAI,KAAK,CAAC,GAAG,GAAG,oBAAoB,EAAE,IAAI,CAAC,CAAC,EAAE,EAAE,CAAC,CAAA;IACnF,CAAC,CAAC,CAAA;IACF,IAAI,CAAC;QACH,OAAO,MAAM,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,OAAO,CAAC,CAAC,CAAA;IACzC,CAAC;YAAS,CAAC;QACT,IAAI,KAAK;YAAE,YAAY,CAAC,KAAK,CAAC,CAAA;IAChC,CAAC;AACH,CAAC;AAED,SAAS,WAAW,CAAC,KAAc,EAAE,IAAY,EAAE,GAAW,EAAE,GAAW;IACzE,MAAM,CAAC,GAAG,OAAO,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAA;IAC3D,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC;QAAE,OAAO,IAAI,CAAA;IACpC,OAAO,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAA;AACpD,CAAC;AAED,SAAS,MAAM,CAAC,CAAU;IACxB,OAAO,CAAC,YAAY,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAA;AACnD,CAAC"}
package/dist/core/sender-allowlist.d.ts ADDED
@@ -0,0 +1,15 @@
1
+ /** Returns `true` iff the env var is set to something non-empty (and
2
+ * not just whitespace). When false, all senders are allowed. */
3
+ export declare function isSenderAllowlistConfigured(): boolean;
4
+ /** Returns `true` iff (platform, userId) is allowed to use the bot.
5
+ * When allowlist is unconfigured: returns `true` (open access).
6
+ * When `*` is in the list: returns `true` for any caller.
7
+ * Otherwise: requires exact (platform, userId) match. */
8
+ export declare function isSenderAllowed(platform: string, userId: string | undefined): boolean;
9
+ /** Localized refusal message for IM users. Terse — the bot shouldn't
10
+ * reveal who IS on the allowlist. */
11
+ export declare function senderDenialMessage(platform: string, userId: string | undefined): string;
12
+ export declare function logStartupResolution(): void;
13
+ /** Test-only reset. */
14
+ export declare function _resetCache(): void;
15
+ //# sourceMappingURL=sender-allowlist.d.ts.map
package/dist/core/sender-allowlist.d.ts.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"sender-allowlist.d.ts","sourceRoot":"","sources":["../../src/core/sender-allowlist.ts"],"names":[],"mappings":"AAoEA;iEACiE;AACjE,wBAAgB,2BAA2B,IAAI,OAAO,CAGrD;AAED;;;0DAG0D;AAC1D,wBAAgB,eAAe,CAAC,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,GAAG,SAAS,GAAG,OAAO,CAQrF;AAED;sCACsC;AACtC,wBAAgB,mBAAmB,CAAC,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,GAAG,SAAS,GAAG,MAAM,CAMxF;AAMD,wBAAgB,oBAAoB,IAAI,IAAI,CAsB3C;AAED,uBAAuB;AACvB,wBAAgB,WAAW,IAAI,IAAI,CAKlC"}
package/dist/core/sender-allowlist.js ADDED
@@ -0,0 +1,125 @@
1
+ // sender-allowlist — controls WHO can reach the agent (v1.2.66, P1 #7).
2
+ //
3
+ // Distinct from `admin-allowlist.ts`:
4
+ // - admin-allowlist: who can run /restart, /stop, web mutating endpoints
5
+ // - sender-allowlist: who can SEND ANY MESSAGE to the bot at all
6
+ //
7
+ // Source: IMHUB_ALLOWED_USERS env, comma-separated `platform:userId` pairs.
8
+ // Same syntax as IMHUB_ADMIN_USERS:
9
+ // IMHUB_ALLOWED_USERS=telegram:8754479311,wechat-ilink:wxid_abc
10
+ //
11
+ // **Default policy when env is UNSET: OPEN** (no filtering).
12
+ // Rationale: agim is also used by hobbyists / personal bots where the
13
+ // IM credentials are themselves the security boundary. Forcing a
14
+ // list-or-deny on first run would break every existing deployment.
15
+ // Instead, when sender-allowlist is empty, the boot path emits a single
16
+ // OPEN_IM_ACCESS warning + a hint about how to lock down.
17
+ //
18
+ // Set `IMHUB_ALLOWED_USERS=*` to explicitly mark "everyone allowed"
19
+ // (suppresses the boot warning while preserving open behaviour).
20
+ //
21
+ // Platform matching is case-insensitive (telegram == Telegram). userId is
22
+ // case-sensitive (most IMs use case-sensitive ids).
23
+ import { logger as rootLogger } from './logger.js';
24
+ const log = rootLogger.child({ component: 'sender-allowlist' });
25
+ let cachedEntries = null;
26
+ let cachedRaw = '';
27
+ let cachedWildcard = false;
28
+ function parse(raw) {
29
+ const entries = [];
30
+ let wildcard = false;
31
+ for (const pair of raw.split(',')) {
32
+ const trimmed = pair.trim();
33
+ if (!trimmed)
34
+ continue;
35
+ if (trimmed === '*') {
36
+ wildcard = true;
37
+ continue;
38
+ }
39
+ const idx = trimmed.indexOf(':');
40
+ if (idx <= 0 || idx === trimmed.length - 1) {
41
+ log.warn({ event: 'sender.allowlist.malformed', entry: trimmed }, 'IMHUB_ALLOWED_USERS entry must be platform:userId or "*" — skipping');
42
+ continue;
43
+ }
44
+ entries.push({
45
+ platform: trimmed.slice(0, idx).toLowerCase(),
46
+ userId: trimmed.slice(idx + 1),
47
+ });
48
+ }
49
+ return { entries, wildcard };
50
+ }
51
+ function load() {
52
+ const raw = process.env.IMHUB_ALLOWED_USERS ?? '';
53
+ if (raw !== cachedRaw) {
54
+ cachedRaw = raw;
55
+ const r = parse(raw);
56
+ cachedEntries = r.entries;
57
+ cachedWildcard = r.wildcard;
58
+ }
59
+ return { entries: cachedEntries ?? [], wildcard: cachedWildcard };
60
+ }
61
+ /** Returns `true` iff the env var is set to something non-empty (and
62
+ * not just whitespace). When false, all senders are allowed. */
63
+ export function isSenderAllowlistConfigured() {
64
+ const { entries, wildcard } = load();
65
+ return wildcard || entries.length > 0;
66
+ }
67
+ /** Returns `true` iff (platform, userId) is allowed to use the bot.
68
+ * When allowlist is unconfigured: returns `true` (open access).
69
+ * When `*` is in the list: returns `true` for any caller.
70
+ * Otherwise: requires exact (platform, userId) match. */
71
+ export function isSenderAllowed(platform, userId) {
72
+ const { entries, wildcard } = load();
73
+ // Unconfigured → open. The boot-time warning is the operator's nudge.
74
+ if (!wildcard && entries.length === 0)
75
+ return true;
76
+ if (wildcard)
77
+ return true;
78
+ if (!userId)
79
+ return false;
80
+ const p = platform.toLowerCase();
81
+ return entries.some((e) => e.platform === p && e.userId === userId);
82
+ }
83
+ /** Localized refusal message for IM users. Terse — the bot shouldn't
84
+ * reveal who IS on the allowlist. */
85
+ export function senderDenialMessage(platform, userId) {
86
+ return ('🛑 This bot is access-controlled and your account is not on the allowlist.\n' +
87
+ ' If you believe this is wrong, contact the bot operator.\n' +
88
+ ` (Your id: ${platform.toLowerCase()}:${userId ?? '<unknown>'})`);
89
+ }
90
+ /** Startup log — one-shot. Called from cli.ts after the bus is up.
91
+ * Emits a clear warning when sender allowlist is empty (OPEN_IM_ACCESS),
92
+ * and a normal info line when configured. */
93
+ let loggedOnce = false;
94
+ export function logStartupResolution() {
95
+ if (loggedOnce)
96
+ return;
97
+ loggedOnce = true;
98
+ const { entries, wildcard } = load();
99
+ if (wildcard) {
100
+ log.info({
101
+ event: 'sender.allowlist.loaded',
102
+ mode: 'wildcard',
103
+ }, 'sender allowlist: IMHUB_ALLOWED_USERS=* (open access, explicit)');
104
+ return;
105
+ }
106
+ if (entries.length === 0) {
107
+ log.warn({
108
+ event: 'sender.allowlist.OPEN_IM_ACCESS',
109
+ hint: 'set IMHUB_ALLOWED_USERS=platform:userId,... to restrict; set =* to suppress this warning',
110
+ }, '⚠ OPEN_IM_ACCESS: anyone who can reach the IM bot can use it (no sender allowlist configured)');
111
+ return;
112
+ }
113
+ log.info({
114
+ event: 'sender.allowlist.loaded',
115
+ count: entries.length,
116
+ }, `sender allowlist: ${entries.length} entr${entries.length === 1 ? 'y' : 'ies'}`);
117
+ }
118
+ /** Test-only reset. */
119
+ export function _resetCache() {
120
+ cachedEntries = null;
121
+ cachedRaw = '';
122
+ cachedWildcard = false;
123
+ loggedOnce = false;
124
+ }
125
+ //# sourceMappingURL=sender-allowlist.js.map
package/dist/core/sender-allowlist.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"sender-allowlist.js","sourceRoot":"","sources":["../../src/core/sender-allowlist.ts"],"names":[],"mappings":"AAAA,wEAAwE;AACxE,EAAE;AACF,sCAAsC;AACtC,4EAA4E;AAC5E,mEAAmE;AACnE,EAAE;AACF,4EAA4E;AAC5E,oCAAoC;AACpC,kEAAkE;AAClE,EAAE;AACF,6DAA6D;AAC7D,sEAAsE;AACtE,iEAAiE;AACjE,mEAAmE;AACnE,wEAAwE;AACxE,0DAA0D;AAC1D,EAAE;AACF,oEAAoE;AACpE,iEAAiE;AACjE,EAAE;AACF,0EAA0E;AAC1E,oDAAoD;AAEpD,OAAO,EAAE,MAAM,IAAI,UAAU,EAAE,MAAM,aAAa,CAAA;AAElD,MAAM,GAAG,GAAG,UAAU,CAAC,KAAK,CAAC,EAAE,SAAS,EAAE,kBAAkB,EAAE,CAAC,CAAA;AAO/D,IAAI,aAAa,GAAmB,IAAI,CAAA;AACxC,IAAI,SAAS,GAAG,EAAE,CAAA;AAClB,IAAI,cAAc,GAAG,KAAK,CAAA;AAE1B,SAAS,KAAK,CAAC,GAAW;IACxB,MAAM,OAAO,GAAY,EAAE,CAAA;IAC3B,IAAI,QAAQ,GAAG,KAAK,CAAA;IACpB,KAAK,MAAM,IAAI,IAAI,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,EAAE,CAAC;QAClC,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,EAAE,CAAA;QAC3B,IAAI,CAAC,OAAO;YAAE,SAAQ;QACtB,IAAI,OAAO,KAAK,GAAG,EAAE,CAAC;YAAC,QAAQ,GAAG,IAAI,CAAC;YAAC,SAAQ;QAAC,CAAC;QAClD,MAAM,GAAG,GAAG,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,CAAA;QAChC,IAAI,GAAG,IAAI,CAAC,IAAI,GAAG,KAAK,OAAO,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC3C,GAAG,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,4BAA4B,EAAE,KAAK,EAAE,OAAO,EAAE,EAC9D,qEAAqE,CAAC,CAAA;YACxE,SAAQ;QACV,CAAC;QACD,OAAO,CAAC,IAAI,CAAC;YACX,QAAQ,EAAE,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,WAAW,EAAE;YAC7C,MAAM,EAAE,OAAO,CAAC,KAAK,CAAC,GAAG,GAAG,CAAC,CAAC;SAC/B,CAAC,CAAA;IACJ,CAAC;IACD,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,CAAA;AAC9B,CAAC;AAED,SAAS,IAAI;IACX,MAAM,GAAG,GAAG,OAAO,CAAC,GAAG,CAAC,mBAAmB,IAAI,EAAE,CAAA;IACjD,IAAI,GAAG,KAAK,SAAS,EAAE,CAAC;QACtB,SAAS,GAAG,GAAG,CAAA;QACf,MAAM,CAAC,GAAG,KAAK,CAAC,GAAG,CAAC,CAAA;QACpB,aAAa,GAAG,CAAC,CAAC,OAAO,CAAA;QACzB,cAAc,GAAG,CAAC,CAAC,QAAQ,CAAA;IAC7B,CAAC;IACD,OAAO,EAAE,OAAO,EAAE,aAAa,IAAI,EAAE,EAAE,QAAQ,EAAE,cAAc,EAAE,CAAA;AACnE,CAAC;AAED;iEACiE;AACjE,MAAM,UAAU,2BAA2B;IACzC,MAAM,EAAE,OAAO,EAAE,QAAQ,EAAE,GAAG,IAAI,EAAE,CAAA;IACpC,OAAO,QAAQ,IAAI,OAAO,CAAC,MAAM,GAAG,CAAC,CAAA;AACvC,CAAC;AAED;;;0DAG0D;AAC1D,MAAM,UAAU,eAAe,CAAC,QAAgB,EAAE,MAA0B;IAC1E,MAAM,EAAE,OAAO,EAAE,QAAQ,EAAE,GAAG,IAAI,EAAE,CAAA;IACpC,sEAAsE;IACtE,IAAI,CAAC,QAAQ,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,IAAI,CAAA;IAClD,IAAI,QAAQ;QAAE,OAAO,IAAI,CAAA;IACzB,IAAI,CAAC,MAAM;QAAE,OAAO,KAAK,CAAA;IACzB,MAAM,CAAC,GAAG,QAAQ,CAAC,WAAW,EAAE,CAAA;IAChC,OAAO,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,CAAC,IAAI,CAAC,CAAC,MAAM,KAAK,MAAM,CAAC,CAAA;AACrE,CAAC;AAED;sCACsC;AACtC,MAAM,UAAU,mBAAmB,CAAC,QAAgB,EAAE,MAA0B;IAC9E,OAAO,CACL,8EAA8E;QAC9E,8DAA8D;QAC9D,gBAAgB,QAAQ,CAAC,WAAW,EAAE,IAAI,MAAM,IAAI,WAAW,GAAG,CACnE,CAAA;AACH,CAAC;AAED;;8CAE8C;AAC9C,IAAI,UAAU,GAAG,KAAK,CAAA;AACtB,MAAM,UAAU,oBAAoB;IAClC,IAAI,UAAU;QAAE,OAAM;IACtB,UAAU,GAAG,IAAI,CAAA;IACjB,MAAM,EAAE,OAAO,EAAE,QAAQ,EAAE,GAAG,IAAI,EAAE,CAAA;IACpC,IAAI,QAAQ,EAAE,CAAC;QACb,GAAG,CAAC,IAAI,CAAC;YACP,KAAK,EAAE,yBAAyB;YAChC,IAAI,EAAE,UAAU;SACjB,EAAE,iEAAiE,CAAC,CAAA;QACrE,OAAM;IACR,CAAC;IACD,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACzB,GAAG,CAAC,IAAI,CAAC;YACP,KAAK,EAAE,iCAAiC;YACxC,IAAI,EAAE,0FAA0F;SACjG,EAAE,+FAA+F,CAAC,CAAA;QACnG,OAAM;IACR,CAAC;IACD,GAAG,CAAC,IAAI,CAAC;QACP,KAAK,EAAE,yBAAyB;QAChC,KAAK,EAAE,OAAO,CAAC,MAAM;KACtB,EAAE,qBAAqB,OAAO,CAAC,MAAM,QAAQ,OAAO,CAAC,MAAM,KAAK,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,KAAK,EAAE,CAAC,CAAA;AACrF,CAAC;AAED,uBAAuB;AACvB,MAAM,UAAU,WAAW;IACzB,aAAa,GAAG,IAAI,CAAA;IACpB,SAAS,GAAG,EAAE,CAAA;IACd,cAAc,GAAG,KAAK,CAAA;IACtB,UAAU,GAAG,KAAK,CAAA;AACpB,CAAC"}