claude-remote-guard 1.0.0

package/dist/lib/messenger/whatsapp.js

@@ -0,0 +1,103 @@
+import { maskSensitiveInfo, truncateCommand, getSeverityEmoji } from './base.js';
+function buildWhatsAppMessage(message) {
+    const emoji = getSeverityEmoji(message.severity);
+    const maskedCommand = maskSensitiveInfo(message.command);
+    const truncatedCommand = truncateCommand(maskedCommand, 300);
+    const lines = [
+        `${emoji} Claude Guard: Approval Required`,
+        '',
+        `Reason: ${message.reason}`,
+        `Severity: ${message.severity.toUpperCase()}`,
+        '',
+        `Command:`,
+        truncatedCommand,
+        '',
+        `Working Directory: ${message.cwd}`,
+        '',
+        `---`,
+        `To approve, reply: APPROVE ${message.requestId}`,
+        `To reject, reply: REJECT ${message.requestId}`,
+    ];
+    return lines.join('\n');
+}
+export class WhatsAppMessenger {
+    type = 'whatsapp';
+    config;
+    constructor(config) {
+        this.config = config;
+    }
+    validateConfig() {
+        return (typeof this.config.accountSid === 'string' &&
+            this.config.accountSid.length > 0 &&
+            typeof this.config.authToken === 'string' &&
+            this.config.authToken.length > 0 &&
+            typeof this.config.fromNumber === 'string' &&
+            this.config.fromNumber.startsWith('whatsapp:') &&
+            typeof this.config.toNumber === 'string' &&
+            this.config.toNumber.startsWith('whatsapp:'));
+    }
+    async sendNotification(message) {
+        try {
+            const body = buildWhatsAppMessage(message);
+            const url = `https://api.twilio.com/2010-04-01/Accounts/${this.config.accountSid}/Messages.json`;
+            const auth = Buffer.from(`${this.config.accountSid}:${this.config.authToken}`).toString('base64');
+            const formData = new URLSearchParams();
+            formData.append('From', this.config.fromNumber);
+            formData.append('To', this.config.toNumber);
+            formData.append('Body', body);
+            const response = await fetch(url, {
+                method: 'POST',
+                headers: {
+                    'Authorization': `Basic ${auth}`,
+                    'Content-Type': 'application/x-www-form-urlencoded',
+                },
+                body: formData.toString(),
+            });
+            const result = await response.json();
+            if (!response.ok) {
+                return { ok: false, error: `Twilio API error: ${result.message || 'Unknown error'}` };
+            }
+            return { ok: true };
+        }
+        catch (error) {
+            const errorMessage = error instanceof Error ? error.message : 'Unknown error';
+            return { ok: false, error: errorMessage };
+        }
+    }
+    async sendTestNotification() {
+        try {
+            const body = [
+                '✅ Claude Guard Test Notification',
+                '',
+                'This is a test notification from Claude Guard.',
+                'If you see this message, your WhatsApp integration is working correctly!',
+                '',
+                `Sent at: ${new Date().toISOString()}`,
+            ].join('\n');
+            const url = `https://api.twilio.com/2010-04-01/Accounts/${this.config.accountSid}/Messages.json`;
+            const auth = Buffer.from(`${this.config.accountSid}:${this.config.authToken}`).toString('base64');
+            const formData = new URLSearchParams();
+            formData.append('From', this.config.fromNumber);
+            formData.append('To', this.config.toNumber);
+            formData.append('Body', body);
+            const response = await fetch(url, {
+                method: 'POST',
+                headers: {
+                    'Authorization': `Basic ${auth}`,
+                    'Content-Type': 'application/x-www-form-urlencoded',
+                },
+                body: formData.toString(),
+            });
+            const result = await response.json();
+            if (!response.ok) {
+                return { ok: false, error: `Twilio API error: ${result.message || 'Unknown error'}` };
+            }
+            return { ok: true };
+        }
+        catch (error) {
+            const errorMessage = error instanceof Error ? error.message : 'Unknown error';
+            return { ok: false, error: errorMessage };
+        }
+    }
+}
+//# sourceMappingURL=whatsapp.js.map

package/dist/lib/messenger/whatsapp.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"whatsapp.js","sourceRoot":"","sources":["../../../src/lib/messenger/whatsapp.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,iBAAiB,EAAE,eAAe,EAAE,gBAAgB,EAAE,MAAM,WAAW,CAAC;AASjF,SAAS,oBAAoB,CAAC,OAAyB;IACrD,MAAM,KAAK,GAAG,gBAAgB,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;IACjD,MAAM,aAAa,GAAG,iBAAiB,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;IACzD,MAAM,gBAAgB,GAAG,eAAe,CAAC,aAAa,EAAE,GAAG,CAAC,CAAC;IAE7D,MAAM,KAAK,GAAG;QACZ,GAAG,KAAK,kCAAkC;QAC1C,EAAE;QACF,WAAW,OAAO,CAAC,MAAM,EAAE;QAC3B,aAAa,OAAO,CAAC,QAAQ,CAAC,WAAW,EAAE,EAAE;QAC7C,EAAE;QACF,UAAU;QACV,gBAAgB;QAChB,EAAE;QACF,sBAAsB,OAAO,CAAC,GAAG,EAAE;QACnC,EAAE;QACF,KAAK;QACL,8BAA8B,OAAO,CAAC,SAAS,EAAE;QACjD,4BAA4B,OAAO,CAAC,SAAS,EAAE;KAChD,CAAC;IAEF,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC1B,CAAC;AAED,MAAM,OAAO,iBAAiB;IACnB,IAAI,GAAG,UAAmB,CAAC;IAC5B,MAAM,CAAiB;IAE/B,YAAY,MAAsB;QAChC,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;IACvB,CAAC;IAED,cAAc;QACZ,OAAO,CACL,OAAO,IAAI,CAAC,MAAM,CAAC,UAAU,KAAK,QAAQ;YAC1C,IAAI,CAAC,MAAM,CAAC,UAAU,CAAC,MAAM,GAAG,CAAC;YACjC,OAAO,IAAI,CAAC,MAAM,CAAC,SAAS,KAAK,QAAQ;YACzC,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,MAAM,GAAG,CAAC;YAChC,OAAO,IAAI,CAAC,MAAM,CAAC,UAAU,KAAK,QAAQ;YAC1C,IAAI,CAAC,MAAM,CAAC,UAAU,CAAC,UAAU,CAAC,WAAW,CAAC;YAC9C,OAAO,IAAI,CAAC,MAAM,CAAC,QAAQ,KAAK,QAAQ;YACxC,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,UAAU,CAAC,WAAW,CAAC,CAC7C,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,gBAAgB,CAAC,OAAyB;QAC9C,IAAI,CAAC;YACH,MAAM,IAAI,GAAG,oBAAoB,CAAC,OAAO,CAAC,CAAC;YAE3C,MAAM,GAAG,GAAG,8CAA8C,IAAI,CAAC,MAAM,CAAC,UAAU,gBAAgB,CAAC;YACjG,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC,MAAM,CAAC,UAAU,IAAI,IAAI,CAAC,MAAM,CAAC,SAAS,EAAE,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;YAElG,MAAM,QAAQ,GAAG,IAAI,eAAe,EAAE,CAAC;YACvC,QAAQ,CAAC,MAAM,CAAC,MAAM,EAAE,IAAI,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC;YAChD,QAAQ,CAAC,MAAM,CAAC,IAAI,EAAE,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;YAC5C,QAAQ,CAAC,MAAM,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;YAE9B,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,EAAE;gBAChC,MAAM,EAAE,MAAM;gBACd,OAAO,EAAE;oBACP,eAAe,EAAE,SAAS,IAAI,EAAE;oBAChC,cAAc,EAAE,mCAAmC;iBACpD;gBACD,IAAI,EAAE,QAAQ,CAAC,QAAQ,EAAE;aAC1B,CAAC,CAAC;YAEH,MAAM,MAAM,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAuD,CAAC;YAE1F,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;gBACjB,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,qBAAqB,MAAM,CAAC,OAAO,IAAI,eAAe,EAAE,EAAE,CAAC;YACxF,CAAC;YAED,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,CAAC;QACtB,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,YAAY,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe,CAAC;YAC9E,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,YAAY,EAAE,CAAC;QAC5C,CAAC;IACH,CAAC;IAED,KAAK,CAAC,oBAAoB;QACxB,IAAI,CAAC;YACH,MAAM,IAAI,GAAG;gBACX,kCAAkC;gBAClC,EAAE;gBACF,gDAAgD;gBAChD,0EAA0E;gBAC1E,EAAE;gBACF,YAAY,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,EAAE;aACvC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAEb,MAAM,GAAG,GAAG,8CAA8C,IAAI,CAAC,MAAM,CAAC,UAAU,gBAAgB,CAAC;YACjG,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC,MAAM,CAAC,UAAU,IAAI,IAAI,CAAC,MAAM,CAAC,SAAS,EAAE,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;YAElG,MAAM,QAAQ,GAAG,IAAI,eAAe,EAAE,CAAC;YACvC,QAAQ,CAAC,MAAM,CAAC,MAAM,EAAE,IAAI,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC;YAChD,QAAQ,CAAC,MAAM,CAAC,IAAI,EAAE,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;YAC5C,QAAQ,CAAC,MAAM,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;YAE9B,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,EAAE;gBAChC,MAAM,EAAE,MAAM;gBACd,OAAO,EAAE;oBACP,eAAe,EAAE,SAAS,IAAI,EAAE;oBAChC,cAAc,EAAE,mCAAmC;iBACpD;gBACD,IAAI,EAAE,QAAQ,CAAC,QAAQ,EAAE;aAC1B,CAAC,CAAC;YAEH,MAAM,MAAM,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAuD,CAAC;YAE1F,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;gBACjB,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,qBAAqB,MAAM,CAAC,OAAO,IAAI,eAAe,EAAE,EAAE,CAAC;YACxF,CAAC;YAED,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,CAAC;QACtB,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,YAAY,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe,CAAC;YAC9E,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,YAAY,EAAE,CAAC;QAC5C,CAAC;IACH,CAAC;CACF"}

package/dist/lib/rules.d.ts

@@ -0,0 +1,17 @@
+export type Severity = 'low' | 'medium' | 'high' | 'critical';
+export interface RuleResult {
+    isDangerous: boolean;
+    severity: Severity;
+    reason: string;
+    matchedPattern?: string;
+}
+interface DangerPattern {
+    pattern: RegExp;
+    severity: Severity;
+    reason: string;
+}
+export declare function analyzeCommand(command: string, customPatterns?: DangerPattern[], whitelist?: string[]): RuleResult;
+export declare function getSeverityColor(severity: Severity): string;
+export declare function getSeverityEmoji(severity: Severity): string;
+export {};
+//# sourceMappingURL=rules.d.ts.map

package/dist/lib/rules.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"rules.d.ts","sourceRoot":"","sources":["../../src/lib/rules.ts"],"names":[],"mappings":"AAAA,MAAM,MAAM,QAAQ,GAAG,KAAK,GAAG,QAAQ,GAAG,MAAM,GAAG,UAAU,CAAC;AAE9D,MAAM,WAAW,UAAU;IACzB,WAAW,EAAE,OAAO,CAAC;IACrB,QAAQ,EAAE,QAAQ,CAAC;IACnB,MAAM,EAAE,MAAM,CAAC;IACf,cAAc,CAAC,EAAE,MAAM,CAAC;CACzB;AAED,UAAU,aAAa;IACrB,OAAO,EAAE,MAAM,CAAC;IAChB,QAAQ,EAAE,QAAQ,CAAC;IACnB,MAAM,EAAE,MAAM,CAAC;CAChB;AAgFD,wBAAgB,cAAc,CAC5B,OAAO,EAAE,MAAM,EACf,cAAc,CAAC,EAAE,aAAa,EAAE,EAChC,SAAS,CAAC,EAAE,MAAM,EAAE,GACnB,UAAU,CAmDZ;AAED,wBAAgB,gBAAgB,CAAC,QAAQ,EAAE,QAAQ,GAAG,MAAM,CAO3D;AAED,wBAAgB,gBAAgB,CAAC,QAAQ,EAAE,QAAQ,GAAG,MAAM,CAO3D"}

package/dist/lib/rules.js

@@ -0,0 +1,138 @@
+const DANGER_PATTERNS = [
+    // Critical - Immediate system damage or remote code execution
+    { pattern: /\bcurl\s+.*\|\s*(ba)?sh\b/i, severity: 'critical', reason: 'Remote script execution via curl pipe' },
+    { pattern: /\bwget\s+.*\|\s*(ba)?sh\b/i, severity: 'critical', reason: 'Remote script execution via wget pipe' },
+    { pattern: /\bbase64\s+(-d|--decode).*\|\s*(ba)?sh\b/i, severity: 'critical', reason: 'Encoded script execution' },
+    { pattern: /\bgit\s+push\s+.*--force\b/i, severity: 'critical', reason: 'Force push can overwrite remote history' },
+    { pattern: /\bgit\s+push\s+-f\b/i, severity: 'critical', reason: 'Force push can overwrite remote history' },
+    { pattern: /\brm\s+-rf\s+\/(\s|$|\*)/i, severity: 'critical', reason: 'Recursive force delete from root directory' },
+    { pattern: /\brm\s+-rf\s+\/\*/i, severity: 'critical', reason: 'Recursive force delete of root contents' },
+    { pattern: /\brm\s+-rf\s+~\//i, severity: 'critical', reason: 'Recursive force delete from home directory' },
+    { pattern: /:\(\)\s*\{\s*:\s*\|\s*:\s*&\s*\}\s*;\s*:/i, severity: 'critical', reason: 'Fork bomb detected' },
+    { pattern: />\s*\/dev\/[sh]d[a-z]/i, severity: 'critical', reason: 'Direct disk device write' },
+    { pattern: /\bdd\s+.*of=\/dev\/[sh]d[a-z]/i, severity: 'critical', reason: 'Direct disk device write via dd' },
+    // High - Significant risk of data loss or security breach
+    { pattern: /\brm\s+(-[a-zA-Z]*r|-[a-zA-Z]*f)/i, severity: 'high', reason: 'Recursive or force file deletion' },
+    { pattern: /\bgit\s+reset\s+--hard\b/i, severity: 'high', reason: 'Hard reset discards all uncommitted changes' },
+    { pattern: /\bgit\s+clean\s+-[a-zA-Z]*f/i, severity: 'high', reason: 'Force clean removes untracked files' },
+    { pattern: /\bgit\s+checkout\s+\.\s*$/i, severity: 'high', reason: 'Discards all unstaged changes' },
+    { pattern: /\bgit\s+restore\s+\.\s*$/i, severity: 'high', reason: 'Discards all unstaged changes' },
+    { pattern: /\bgit\s+branch\s+-D\b/i, severity: 'high', reason: 'Force delete branch' },
+    { pattern: /\bnpm\s+publish\b/i, severity: 'high', reason: 'Publishing package to npm registry' },
+    { pattern: /\byarn\s+publish\b/i, severity: 'high', reason: 'Publishing package to npm registry' },
+    { pattern: /\bsudo\b/i, severity: 'high', reason: 'Elevated privileges command' },
+    { pattern: /\bchmod\s+777\b/i, severity: 'high', reason: 'Setting world-writable permissions' },
+    { pattern: /\bchown\b/i, severity: 'high', reason: 'Changing file ownership' },
+    { pattern: /\bmkfs\b/i, severity: 'high', reason: 'Filesystem formatting command' },
+    { pattern: /\bdd\s+if=/i, severity: 'high', reason: 'Low-level disk write command' },
+    { pattern: /\bhistory\s+-c\b/i, severity: 'high', reason: 'Clearing shell history' },
+    { pattern: /\bshred\b/i, severity: 'high', reason: 'Secure file deletion' },
+    { pattern: /\b(export|set)\s+.*=.*&&.*\b(curl|wget|bash)\b/i, severity: 'high', reason: 'Environment manipulation with network/script execution' },
+    // Medium - Needs attention but less immediate risk
+    { pattern: /\bgit\s+push\b/i, severity: 'medium', reason: 'Pushing changes to remote repository' },
+    { pattern: /\bgit\s+merge\b/i, severity: 'medium', reason: 'Merging branches' },
+    { pattern: /\bgit\s+rebase\b/i, severity: 'medium', reason: 'Rebasing commits' },
+    { pattern: /\bnpm\s+install\s+-g\b/i, severity: 'medium', reason: 'Installing global npm package' },
+    { pattern: /\bpip\s+install\b/i, severity: 'medium', reason: 'Installing Python package' },
+    { pattern: /\bbrew\s+install\b/i, severity: 'medium', reason: 'Installing Homebrew package' },
+    { pattern: /\bapt(-get)?\s+install\b/i, severity: 'medium', reason: 'Installing system package' },
+    { pattern: /\bmv\s+.*\s+(\/usr|\/etc|\/bin|\/sbin|\/var|\/opt|~\/)/i, severity: 'medium', reason: 'Moving files to system directory' },
+    { pattern: /\bdocker\s+run\b/i, severity: 'medium', reason: 'Running Docker container' },
+    { pattern: /\bkubectl\s+delete\b/i, severity: 'medium', reason: 'Deleting Kubernetes resources' },
+    { pattern: /\benv\b\s*$/i, severity: 'medium', reason: 'Displaying environment variables (potential credential exposure)' },
+    { pattern: /\bprintenv\b/i, severity: 'medium', reason: 'Displaying environment variables (potential credential exposure)' },
+    // Low - Generally safe but worth noting
+    { pattern: /\bkubectl\s+apply\b/i, severity: 'low', reason: 'Applying Kubernetes configuration' },
+    { pattern: /\bdocker\s+build\b/i, severity: 'low', reason: 'Building Docker image' },
+];
+const SAFE_PATTERNS = [
+    /^\s*git\s+status\s*$/i,
+    /^\s*git\s+log\b/i,
+    /^\s*git\s+diff\b/i,
+    /^\s*git\s+show\b/i,
+    /^\s*git\s+branch\s*$/i,
+    /^\s*git\s+branch\s+-[av]+\s*$/i,
+    /^\s*ls\b/i,
+    /^\s*cat\b/i,
+    /^\s*head\b/i,
+    /^\s*tail\b/i,
+    /^\s*echo\b/i,
+    /^\s*pwd\s*$/i,
+    /^\s*whoami\s*$/i,
+    /^\s*which\b/i,
+    /^\s*file\b/i,
+    /^\s*wc\b/i,
+    /^\s*grep\b/i,
+    /^\s*find\b/i,
+    /^\s*npm\s+list\b/i,
+    /^\s*npm\s+outdated\b/i,
+    /^\s*npm\s+view\b/i,
+    /^\s*node\s+-[ve]+\s*$/i,
+    /^\s*python\s+--version\s*$/i,
+    /^\s*python3?\s+-c\s+['"]print/i,
+];
+export function analyzeCommand(command, customPatterns, whitelist) {
+    const trimmedCommand = command.trim();
+    // Check safe patterns first
+    for (const pattern of SAFE_PATTERNS) {
+        if (pattern.test(trimmedCommand)) {
+            return { isDangerous: false, severity: 'low', reason: 'Safe command' };
+        }
+    }
+    // Check user whitelist
+    if (whitelist) {
+        for (const pattern of whitelist) {
+            try {
+                const regex = new RegExp(pattern, 'i');
+                if (regex.test(trimmedCommand)) {
+                    return { isDangerous: false, severity: 'low', reason: 'Whitelisted command' };
+                }
+            }
+            catch {
+                // Invalid regex, skip
+            }
+        }
+    }
+    // Check custom patterns first (higher priority)
+    if (customPatterns) {
+        for (const dp of customPatterns) {
+            if (dp.pattern.test(trimmedCommand)) {
+                return {
+                    isDangerous: true,
+                    severity: dp.severity,
+                    reason: dp.reason,
+                    matchedPattern: dp.pattern.source,
+                };
+            }
+        }
+    }
+    // Check default danger patterns
+    for (const dp of DANGER_PATTERNS) {
+        if (dp.pattern.test(trimmedCommand)) {
+            return {
+                isDangerous: true,
+                severity: dp.severity,
+                reason: dp.reason,
+                matchedPattern: dp.pattern.source,
+            };
+        }
+    }
+    return { isDangerous: false, severity: 'low', reason: 'No dangerous patterns detected' };
+}
+export function getSeverityColor(severity) {
+    switch (severity) {
+        case 'critical': return '#dc2626';
+        case 'high': return '#ea580c';
+        case 'medium': return '#ca8a04';
+        case 'low': return '#16a34a';
+    }
+}
+export function getSeverityEmoji(severity) {
+    switch (severity) {
+        case 'critical': return '\u{1F6A8}';
+        case 'high': return '\u26A0\uFE0F';
+        case 'medium': return '\u{1F7E1}';
+        case 'low': return '\u{1F7E2}';
+    }
+}
+//# sourceMappingURL=rules.js.map

package/dist/lib/rules.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"rules.js","sourceRoot":"","sources":["../../src/lib/rules.ts"],"names":[],"mappings":"AAeA,MAAM,eAAe,GAAoB;IACvC,8DAA8D;IAC9D,EAAE,OAAO,EAAE,4BAA4B,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,uCAAuC,EAAE;IAChH,EAAE,OAAO,EAAE,4BAA4B,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,uCAAuC,EAAE;IAChH,EAAE,OAAO,EAAE,2CAA2C,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,0BAA0B,EAAE;IAClH,EAAE,OAAO,EAAE,6BAA6B,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,yCAAyC,EAAE;IACnH,EAAE,OAAO,EAAE,sBAAsB,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,yCAAyC,EAAE;IAC5G,EAAE,OAAO,EAAE,2BAA2B,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,4CAA4C,EAAE;IACpH,EAAE,OAAO,EAAE,oBAAoB,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,yCAAyC,EAAE;IAC1G,EAAE,OAAO,EAAE,mBAAmB,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,4CAA4C,EAAE;IAC5G,EAAE,OAAO,EAAE,2CAA2C,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,oBAAoB,EAAE;IAC5G,EAAE,OAAO,EAAE,wBAAwB,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,0BAA0B,EAAE;IAC/F,EAAE,OAAO,EAAE,gCAAgC,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,iCAAiC,EAAE;IAE9G,0DAA0D;IAC1D,EAAE,OAAO,EAAE,mCAAmC,EAAE,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,kCAAkC,EAAE;IAC9G,EAAE,OAAO,EAAE,2BAA2B,EAAE,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,6CAA6C,EAAE;IACjH,EAAE,OAAO,EAAE,8BAA8B,EAAE,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,qCAAqC,EAAE;IAC5G,EAAE,OAAO,EAAE,4BAA4B,EAAE,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,+BAA+B,EAAE;IACpG,EAAE,OAAO,EAAE,2BAA2B,EAAE,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,+BAA+B,EAAE;IACnG,EAAE,OAAO,EAAE,wBAAwB,EAAE,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,qBAAqB,EAAE;IACtF,EAAE,OAAO,EAAE,oBAAoB,EAAE,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,oCAAoC,EAAE;IACjG,EAAE,OAAO,EAAE,qBAAqB,EAAE,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,oCAAoC,EAAE;IAClG,EAAE,OAAO,EAAE,WAAW,EAAE,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,6BAA6B,EAAE;IACjF,EAAE,OAAO,EAAE,kBAAkB,EAAE,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,oCAAoC,EAAE;IAC/F,EAAE,OAAO,EAAE,YAAY,EAAE,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,yBAAyB,EAAE;IAC9E,EAAE,OAAO,EAAE,WAAW,EAAE,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,+BAA+B,EAAE;IACnF,EAAE,OAAO,EAAE,aAAa,EAAE,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,8BAA8B,EAAE;IACpF,EAAE,OAAO,EAAE,mBAAmB,EAAE,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,wBAAwB,EAAE;IACpF,EAAE,OAAO,EAAE,YAAY,EAAE,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,sBAAsB,EAAE;IAC3E,EAAE,OAAO,EAAE,iDAAiD,EAAE,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,wDAAwD,EAAE;IAElJ,mDAAmD;IACnD,EAAE,OAAO,EAAE,iBAAiB,EAAE,QAAQ,EAAE,QAAQ,EAAE,MAAM,EAAE,sCAAsC,EAAE;IAClG,EAAE,OAAO,EAAE,kBAAkB,EAAE,QAAQ,EAAE,QAAQ,EAAE,MAAM,EAAE,kBAAkB,EAAE;IAC/E,EAAE,OAAO,EAAE,mBAAmB,EAAE,QAAQ,EAAE,QAAQ,EAAE,MAAM,EAAE,kBAAkB,EAAE;IAChF,EAAE,OAAO,EAAE,yBAAyB,EAAE,QAAQ,EAAE,QAAQ,EAAE,MAAM,EAAE,+BAA+B,EAAE;IACnG,EAAE,OAAO,EAAE,oBAAoB,EAAE,QAAQ,EAAE,QAAQ,EAAE,MAAM,EAAE,2BAA2B,EAAE;IAC1F,EAAE,OAAO,EAAE,qBAAqB,EAAE,QAAQ,EAAE,QAAQ,EAAE,MAAM,EAAE,6BAA6B,EAAE;IAC7F,EAAE,OAAO,EAAE,2BAA2B,EAAE,QAAQ,EAAE,QAAQ,EAAE,MAAM,EAAE,2BAA2B,EAAE;IACjG,EAAE,OAAO,EAAE,yDAAyD,EAAE,QAAQ,EAAE,QAAQ,EAAE,MAAM,EAAE,kCAAkC,EAAE;IACtI,EAAE,OAAO,EAAE,mBAAmB,EAAE,QAAQ,EAAE,QAAQ,EAAE,MAAM,EAAE,0BAA0B,EAAE;IACxF,EAAE,OAAO,EAAE,uBAAuB,EAAE,QAAQ,EAAE,QAAQ,EAAE,MAAM,EAAE,+BAA+B,EAAE;IACjG,EAAE,OAAO,EAAE,cAAc,EAAE,QAAQ,EAAE,QAAQ,EAAE,MAAM,EAAE,kEAAkE,EAAE;IAC3H,EAAE,OAAO,EAAE,eAAe,EAAE,QAAQ,EAAE,QAAQ,EAAE,MAAM,EAAE,kEAAkE,EAAE;IAE5H,wCAAwC;IACxC,EAAE,OAAO,EAAE,sBAAsB,EAAE,QAAQ,EAAE,KAAK,EAAE,MAAM,EAAE,mCAAmC,EAAE;IACjG,EAAE,OAAO,EAAE,qBAAqB,EAAE,QAAQ,EAAE,KAAK,EAAE,MAAM,EAAE,uBAAuB,EAAE;CACrF,CAAC;AAEF,MAAM,aAAa,GAAa;IAC9B,uBAAuB;IACvB,kBAAkB;IAClB,mBAAmB;IACnB,mBAAmB;IACnB,uBAAuB;IACvB,gCAAgC;IAChC,WAAW;IACX,YAAY;IACZ,aAAa;IACb,aAAa;IACb,aAAa;IACb,cAAc;IACd,iBAAiB;IACjB,cAAc;IACd,aAAa;IACb,WAAW;IACX,aAAa;IACb,aAAa;IACb,mBAAmB;IACnB,uBAAuB;IACvB,mBAAmB;IACnB,wBAAwB;IACxB,6BAA6B;IAC7B,gCAAgC;CACjC,CAAC;AAEF,MAAM,UAAU,cAAc,CAC5B,OAAe,EACf,cAAgC,EAChC,SAAoB;IAEpB,MAAM,cAAc,GAAG,OAAO,CAAC,IAAI,EAAE,CAAC;IAEtC,4BAA4B;IAC5B,KAAK,MAAM,OAAO,IAAI,aAAa,EAAE,CAAC;QACpC,IAAI,OAAO,CAAC,IAAI,CAAC,cAAc,CAAC,EAAE,CAAC;YACjC,OAAO,EAAE,WAAW,EAAE,KAAK,EAAE,QAAQ,EAAE,KAAK,EAAE,MAAM,EAAE,cAAc,EAAE,CAAC;QACzE,CAAC;IACH,CAAC;IAED,uBAAuB;IACvB,IAAI,SAAS,EAAE,CAAC;QACd,KAAK,MAAM,OAAO,IAAI,SAAS,EAAE,CAAC;YAChC,IAAI,CAAC;gBACH,MAAM,KAAK,GAAG,IAAI,MAAM,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC;gBACvC,IAAI,KAAK,CAAC,IAAI,CAAC,cAAc,CAAC,EAAE,CAAC;oBAC/B,OAAO,EAAE,WAAW,EAAE,KAAK,EAAE,QAAQ,EAAE,KAAK,EAAE,MAAM,EAAE,qBAAqB,EAAE,CAAC;gBAChF,CAAC;YACH,CAAC;YAAC,MAAM,CAAC;gBACP,sBAAsB;YACxB,CAAC;QACH,CAAC;IACH,CAAC;IAED,gDAAgD;IAChD,IAAI,cAAc,EAAE,CAAC;QACnB,KAAK,MAAM,EAAE,IAAI,cAAc,EAAE,CAAC;YAChC,IAAI,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,cAAc,CAAC,EAAE,CAAC;gBACpC,OAAO;oBACL,WAAW,EAAE,IAAI;oBACjB,QAAQ,EAAE,EAAE,CAAC,QAAQ;oBACrB,MAAM,EAAE,EAAE,CAAC,MAAM;oBACjB,cAAc,EAAE,EAAE,CAAC,OAAO,CAAC,MAAM;iBAClC,CAAC;YACJ,CAAC;QACH,CAAC;IACH,CAAC;IAED,gCAAgC;IAChC,KAAK,MAAM,EAAE,IAAI,eAAe,EAAE,CAAC;QACjC,IAAI,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,cAAc,CAAC,EAAE,CAAC;YACpC,OAAO;gBACL,WAAW,EAAE,IAAI;gBACjB,QAAQ,EAAE,EAAE,CAAC,QAAQ;gBACrB,MAAM,EAAE,EAAE,CAAC,MAAM;gBACjB,cAAc,EAAE,EAAE,CAAC,OAAO,CAAC,MAAM;aAClC,CAAC;QACJ,CAAC;IACH,CAAC;IAED,OAAO,EAAE,WAAW,EAAE,KAAK,EAAE,QAAQ,EAAE,KAAK,EAAE,MAAM,EAAE,gCAAgC,EAAE,CAAC;AAC3F,CAAC;AAED,MAAM,UAAU,gBAAgB,CAAC,QAAkB;IACjD,QAAQ,QAAQ,EAAE,CAAC;QACjB,KAAK,UAAU,CAAC,CAAC,OAAO,SAAS,CAAC;QAClC,KAAK,MAAM,CAAC,CAAC,OAAO,SAAS,CAAC;QAC9B,KAAK,QAAQ,CAAC,CAAC,OAAO,SAAS,CAAC;QAChC,KAAK,KAAK,CAAC,CAAC,OAAO,SAAS,CAAC;IAC/B,CAAC;AACH,CAAC;AAED,MAAM,UAAU,gBAAgB,CAAC,QAAkB;IACjD,QAAQ,QAAQ,EAAE,CAAC;QACjB,KAAK,UAAU,CAAC,CAAC,OAAO,WAAW,CAAC;QACpC,KAAK,MAAM,CAAC,CAAC,OAAO,cAAc,CAAC;QACnC,KAAK,QAAQ,CAAC,CAAC,OAAO,WAAW,CAAC;QAClC,KAAK,KAAK,CAAC,CAAC,OAAO,WAAW,CAAC;IACjC,CAAC;AACH,CAAC"}

package/dist/lib/rules.test.d.ts

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=rules.test.d.ts.map

package/dist/lib/rules.test.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"rules.test.d.ts","sourceRoot":"","sources":["../../src/lib/rules.test.ts"],"names":[],"mappings":""}

package/dist/lib/rules.test.js

@@ -0,0 +1,144 @@
+import { describe, it, expect } from 'vitest';
+import { analyzeCommand } from './rules.js';
+describe('analyzeCommand', () => {
+    describe('critical commands', () => {
+        it('should detect curl pipe to bash', () => {
+            const result = analyzeCommand('curl https://example.com/script.sh | bash');
+            expect(result.isDangerous).toBe(true);
+            expect(result.severity).toBe('critical');
+        });
+        it('should detect wget pipe to sh', () => {
+            const result = analyzeCommand('wget -O - https://example.com/install.sh | sh');
+            expect(result.isDangerous).toBe(true);
+            expect(result.severity).toBe('critical');
+        });
+        it('should detect git push --force', () => {
+            const result = analyzeCommand('git push origin main --force');
+            expect(result.isDangerous).toBe(true);
+            expect(result.severity).toBe('critical');
+        });
+        it('should detect git push -f', () => {
+            const result = analyzeCommand('git push -f origin main');
+            expect(result.isDangerous).toBe(true);
+            expect(result.severity).toBe('critical');
+        });
+        it('should detect rm -rf /', () => {
+            const result = analyzeCommand('rm -rf /');
+            expect(result.isDangerous).toBe(true);
+            expect(result.severity).toBe('critical');
+        });
+        it('should detect rm -rf ~/', () => {
+            const result = analyzeCommand('rm -rf ~/');
+            expect(result.isDangerous).toBe(true);
+            expect(result.severity).toBe('critical');
+        });
+    });
+    describe('high severity commands', () => {
+        it('should detect rm -rf', () => {
+            const result = analyzeCommand('rm -rf ./node_modules');
+            expect(result.isDangerous).toBe(true);
+            expect(result.severity).toBe('high');
+        });
+        it('should detect git reset --hard', () => {
+            const result = analyzeCommand('git reset --hard HEAD~1');
+            expect(result.isDangerous).toBe(true);
+            expect(result.severity).toBe('high');
+        });
+        it('should detect git clean -f', () => {
+            const result = analyzeCommand('git clean -fd');
+            expect(result.isDangerous).toBe(true);
+            expect(result.severity).toBe('high');
+        });
+        it('should detect npm publish', () => {
+            const result = analyzeCommand('npm publish');
+            expect(result.isDangerous).toBe(true);
+            expect(result.severity).toBe('high');
+        });
+        it('should detect sudo commands', () => {
+            const result = analyzeCommand('sudo apt-get update');
+            expect(result.isDangerous).toBe(true);
+            expect(result.severity).toBe('high');
+        });
+        it('should detect chmod 777', () => {
+            const result = analyzeCommand('chmod 777 script.sh');
+            expect(result.isDangerous).toBe(true);
+            expect(result.severity).toBe('high');
+        });
+    });
+    describe('medium severity commands', () => {
+        it('should detect git push', () => {
+            const result = analyzeCommand('git push origin main');
+            expect(result.isDangerous).toBe(true);
+            expect(result.severity).toBe('medium');
+        });
+        it('should detect git merge', () => {
+            const result = analyzeCommand('git merge feature-branch');
+            expect(result.isDangerous).toBe(true);
+            expect(result.severity).toBe('medium');
+        });
+        it('should detect npm install -g', () => {
+            const result = analyzeCommand('npm install -g typescript');
+            expect(result.isDangerous).toBe(true);
+            expect(result.severity).toBe('medium');
+        });
+        it('should detect pip install', () => {
+            const result = analyzeCommand('pip install requests');
+            expect(result.isDangerous).toBe(true);
+            expect(result.severity).toBe('medium');
+        });
+    });
+    describe('safe commands', () => {
+        it('should allow git status', () => {
+            const result = analyzeCommand('git status');
+            expect(result.isDangerous).toBe(false);
+        });
+        it('should allow git log', () => {
+            const result = analyzeCommand('git log --oneline');
+            expect(result.isDangerous).toBe(false);
+        });
+        it('should allow git diff', () => {
+            const result = analyzeCommand('git diff HEAD~1');
+            expect(result.isDangerous).toBe(false);
+        });
+        it('should allow ls', () => {
+            const result = analyzeCommand('ls -la');
+            expect(result.isDangerous).toBe(false);
+        });
+        it('should allow cat', () => {
+            const result = analyzeCommand('cat package.json');
+            expect(result.isDangerous).toBe(false);
+        });
+        it('should allow pwd', () => {
+            const result = analyzeCommand('pwd');
+            expect(result.isDangerous).toBe(false);
+        });
+        it('should allow echo', () => {
+            const result = analyzeCommand('echo "hello"');
+            expect(result.isDangerous).toBe(false);
+        });
+    });
+    describe('custom patterns', () => {
+        it('should detect custom dangerous patterns', () => {
+            const customPatterns = [
+                {
+                    pattern: /\bmy-dangerous-cmd\b/i,
+                    severity: 'critical',
+                    reason: 'Custom dangerous command',
+                },
+            ];
+            const result = analyzeCommand('my-dangerous-cmd --flag', customPatterns);
+            expect(result.isDangerous).toBe(true);
+            expect(result.severity).toBe('critical');
+            expect(result.reason).toBe('Custom dangerous command');
+        });
+    });
+    describe('whitelist', () => {
+        it('should allow whitelisted commands', () => {
+            const whitelist = ['npm\\s+run\\s+deploy'];
+            const result = analyzeCommand('npm run deploy', undefined, whitelist);
+            expect(result.isDangerous).toBe(false);
+            expect(result.reason).toBe('Whitelisted command');
+        });
+    });
+});
+//# sourceMappingURL=rules.test.js.map

package/dist/lib/rules.test.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"rules.test.js","sourceRoot":"","sources":["../../src/lib/rules.test.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,MAAM,EAAE,MAAM,QAAQ,CAAC;AAC9C,OAAO,EAAE,cAAc,EAAiB,MAAM,YAAY,CAAC;AAE3D,QAAQ,CAAC,gBAAgB,EAAE,GAAG,EAAE;IAC9B,QAAQ,CAAC,mBAAmB,EAAE,GAAG,EAAE;QACjC,EAAE,CAAC,iCAAiC,EAAE,GAAG,EAAE;YACzC,MAAM,MAAM,GAAG,cAAc,CAAC,2CAA2C,CAAC,CAAC;YAC3E,MAAM,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACtC,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;QAC3C,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,+BAA+B,EAAE,GAAG,EAAE;YACvC,MAAM,MAAM,GAAG,cAAc,CAAC,+CAA+C,CAAC,CAAC;YAC/E,MAAM,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACtC,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;QAC3C,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,gCAAgC,EAAE,GAAG,EAAE;YACxC,MAAM,MAAM,GAAG,cAAc,CAAC,8BAA8B,CAAC,CAAC;YAC9D,MAAM,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACtC,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;QAC3C,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,2BAA2B,EAAE,GAAG,EAAE;YACnC,MAAM,MAAM,GAAG,cAAc,CAAC,yBAAyB,CAAC,CAAC;YACzD,MAAM,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACtC,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;QAC3C,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,wBAAwB,EAAE,GAAG,EAAE;YAChC,MAAM,MAAM,GAAG,cAAc,CAAC,UAAU,CAAC,CAAC;YAC1C,MAAM,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACtC,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;QAC3C,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,yBAAyB,EAAE,GAAG,EAAE;YACjC,MAAM,MAAM,GAAG,cAAc,CAAC,WAAW,CAAC,CAAC;YAC3C,MAAM,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACtC,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;QAC3C,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,wBAAwB,EAAE,GAAG,EAAE;QACtC,EAAE,CAAC,sBAAsB,EAAE,GAAG,EAAE;YAC9B,MAAM,MAAM,GAAG,cAAc,CAAC,uBAAuB,CAAC,CAAC;YACvD,MAAM,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACtC,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QACvC,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,gCAAgC,EAAE,GAAG,EAAE;YACxC,MAAM,MAAM,GAAG,cAAc,CAAC,yBAAyB,CAAC,CAAC;YACzD,MAAM,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACtC,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QACvC,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,4BAA4B,EAAE,GAAG,EAAE;YACpC,MAAM,MAAM,GAAG,cAAc,CAAC,eAAe,CAAC,CAAC;YAC/C,MAAM,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACtC,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QACvC,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,2BAA2B,EAAE,GAAG,EAAE;YACnC,MAAM,MAAM,GAAG,cAAc,CAAC,aAAa,CAAC,CAAC;YAC7C,MAAM,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACtC,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QACvC,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,6BAA6B,EAAE,GAAG,EAAE;YACrC,MAAM,MAAM,GAAG,cAAc,CAAC,qBAAqB,CAAC,CAAC;YACrD,MAAM,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACtC,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QACvC,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,yBAAyB,EAAE,GAAG,EAAE;YACjC,MAAM,MAAM,GAAG,cAAc,CAAC,qBAAqB,CAAC,CAAC;YACrD,MAAM,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACtC,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QACvC,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,0BAA0B,EAAE,GAAG,EAAE;QACxC,EAAE,CAAC,wBAAwB,EAAE,GAAG,EAAE;YAChC,MAAM,MAAM,GAAG,cAAc,CAAC,sBAAsB,CAAC,CAAC;YACtD,MAAM,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACtC,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QACzC,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,yBAAyB,EAAE,GAAG,EAAE;YACjC,MAAM,MAAM,GAAG,cAAc,CAAC,0BAA0B,CAAC,CAAC;YAC1D,MAAM,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACtC,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QACzC,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,8BAA8B,EAAE,GAAG,EAAE;YACtC,MAAM,MAAM,GAAG,cAAc,CAAC,2BAA2B,CAAC,CAAC;YAC3D,MAAM,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACtC,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QACzC,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,2BAA2B,EAAE,GAAG,EAAE;YACnC,MAAM,MAAM,GAAG,cAAc,CAAC,sBAAsB,CAAC,CAAC;YACtD,MAAM,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACtC,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QACzC,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,eAAe,EAAE,GAAG,EAAE;QAC7B,EAAE,CAAC,yBAAyB,EAAE,GAAG,EAAE;YACjC,MAAM,MAAM,GAAG,cAAc,CAAC,YAAY,CAAC,CAAC;YAC5C,MAAM,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACzC,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,sBAAsB,EAAE,GAAG,EAAE;YAC9B,MAAM,MAAM,GAAG,cAAc,CAAC,mBAAmB,CAAC,CAAC;YACnD,MAAM,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACzC,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,uBAAuB,EAAE,GAAG,EAAE;YAC/B,MAAM,MAAM,GAAG,cAAc,CAAC,iBAAiB,CAAC,CAAC;YACjD,MAAM,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACzC,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,iBAAiB,EAAE,GAAG,EAAE;YACzB,MAAM,MAAM,GAAG,cAAc,CAAC,QAAQ,CAAC,CAAC;YACxC,MAAM,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACzC,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,kBAAkB,EAAE,GAAG,EAAE;YAC1B,MAAM,MAAM,GAAG,cAAc,CAAC,kBAAkB,CAAC,CAAC;YAClD,MAAM,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACzC,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,kBAAkB,EAAE,GAAG,EAAE;YAC1B,MAAM,MAAM,GAAG,cAAc,CAAC,KAAK,CAAC,CAAC;YACrC,MAAM,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACzC,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,mBAAmB,EAAE,GAAG,EAAE;YAC3B,MAAM,MAAM,GAAG,cAAc,CAAC,cAAc,CAAC,CAAC;YAC9C,MAAM,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACzC,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,iBAAiB,EAAE,GAAG,EAAE;QAC/B,EAAE,CAAC,yCAAyC,EAAE,GAAG,EAAE;YACjD,MAAM,cAAc,GAAG;gBACrB;oBACE,OAAO,EAAE,uBAAuB;oBAChC,QAAQ,EAAE,UAAsB;oBAChC,MAAM,EAAE,0BAA0B;iBACnC;aACF,CAAC;YAEF,MAAM,MAAM,GAAG,cAAc,CAAC,yBAAyB,EAAE,cAAc,CAAC,CAAC;YACzE,MAAM,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACtC,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;YACzC,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,0BAA0B,CAAC,CAAC;QACzD,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,WAAW,EAAE,GAAG,EAAE;QACzB,EAAE,CAAC,mCAAmC,EAAE,GAAG,EAAE;YAC3C,MAAM,SAAS,GAAG,CAAC,sBAAsB,CAAC,CAAC;YAE3C,MAAM,MAAM,GAAG,cAAc,CAAC,gBAAgB,EAAE,SAAS,EAAE,SAAS,CAAC,CAAC;YACtE,MAAM,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;YACvC,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,qBAAqB,CAAC,CAAC;QACpD,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}

package/dist/lib/setup-instructions.d.ts

@@ -0,0 +1,3 @@
+export declare const SETUP_SQL = "-- Create approval_requests table\nCREATE TABLE IF NOT EXISTS approval_requests (\n  id UUID PRIMARY KEY,\n  command TEXT NOT NULL,\n  danger_reason TEXT NOT NULL,\n  severity TEXT NOT NULL CHECK (severity IN ('low', 'medium', 'high', 'critical')),\n  cwd TEXT NOT NULL,\n  status TEXT NOT NULL DEFAULT 'pending' CHECK (status IN ('pending', 'approved', 'rejected', 'timeout')),\n  created_at TIMESTAMPTZ NOT NULL DEFAULT NOW(),\n  resolved_at TIMESTAMPTZ,\n  resolved_by TEXT,\n  machine_id TEXT\n);\n\n-- Enable Row Level Security (CRITICAL)\nALTER TABLE approval_requests ENABLE ROW LEVEL SECURITY;\n\n-- Allow INSERT for CLI (anon can create pending requests)\nCREATE POLICY \"anon_insert\" ON approval_requests\n  FOR INSERT WITH CHECK (status = 'pending');\n\n-- Allow SELECT for realtime subscription\nCREATE POLICY \"anon_select\" ON approval_requests\n  FOR SELECT USING (status = 'pending');\n\n-- Only service_role can UPDATE (Edge Function)\nCREATE POLICY \"service_role_update\" ON approval_requests\n  FOR UPDATE USING (auth.role() = 'service_role');\n\n-- Allow DELETE for cleanup\nCREATE POLICY \"anon_delete\" ON approval_requests\n  FOR DELETE USING (created_at < NOW() - INTERVAL '24 hours');\n\n-- Enable realtime\nALTER PUBLICATION supabase_realtime ADD TABLE approval_requests;\n\n-- Grant permissions\nGRANT SELECT, INSERT, DELETE ON approval_requests TO anon;\nGRANT ALL ON approval_requests TO service_role;";
+export declare function printSupabaseSetupInstructions(): void;
+//# sourceMappingURL=setup-instructions.d.ts.map

package/dist/lib/setup-instructions.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"setup-instructions.d.ts","sourceRoot":"","sources":["../../src/lib/setup-instructions.ts"],"names":[],"mappings":"AAEA,eAAO,MAAM,SAAS,65CAsC0B,CAAC;AAEjD,wBAAgB,8BAA8B,IAAI,IAAI,CAgBrD"}

package/dist/lib/setup-instructions.js

@@ -0,0 +1,55 @@
+import chalk from 'chalk';
+export const SETUP_SQL = `-- Create approval_requests table
+CREATE TABLE IF NOT EXISTS approval_requests (
+  id UUID PRIMARY KEY,
+  command TEXT NOT NULL,
+  danger_reason TEXT NOT NULL,
+  severity TEXT NOT NULL CHECK (severity IN ('low', 'medium', 'high', 'critical')),
+  cwd TEXT NOT NULL,
+  status TEXT NOT NULL DEFAULT 'pending' CHECK (status IN ('pending', 'approved', 'rejected', 'timeout')),
+  created_at TIMESTAMPTZ NOT NULL DEFAULT NOW(),
+  resolved_at TIMESTAMPTZ,
+  resolved_by TEXT,
+  machine_id TEXT
+);
+
+-- Enable Row Level Security (CRITICAL)
+ALTER TABLE approval_requests ENABLE ROW LEVEL SECURITY;
+
+-- Allow INSERT for CLI (anon can create pending requests)
+CREATE POLICY "anon_insert" ON approval_requests
+  FOR INSERT WITH CHECK (status = 'pending');
+
+-- Allow SELECT for realtime subscription
+CREATE POLICY "anon_select" ON approval_requests
+  FOR SELECT USING (status = 'pending');
+
+-- Only service_role can UPDATE (Edge Function)
+CREATE POLICY "service_role_update" ON approval_requests
+  FOR UPDATE USING (auth.role() = 'service_role');
+
+-- Allow DELETE for cleanup
+CREATE POLICY "anon_delete" ON approval_requests
+  FOR DELETE USING (created_at < NOW() - INTERVAL '24 hours');
+
+-- Enable realtime
+ALTER PUBLICATION supabase_realtime ADD TABLE approval_requests;
+
+-- Grant permissions
+GRANT SELECT, INSERT, DELETE ON approval_requests TO anon;
+GRANT ALL ON approval_requests TO service_role;`;
+export function printSupabaseSetupInstructions() {
+    const border = '━'.repeat(60);
+    console.log(chalk.cyan(`\n${border}`));
+    console.log(chalk.blue.bold('📋 Supabase Database Setup Required'));
+    console.log('');
+    console.log(chalk.white('Run the following SQL in your Supabase SQL Editor:'));
+    console.log(chalk.gray('(Dashboard → SQL Editor → New query)'));
+    console.log(chalk.cyan(`${border}`));
+    console.log(chalk.yellow(SETUP_SQL));
+    console.log(chalk.cyan(border));
+    console.log('');
+    console.log(chalk.gray('Full SQL with RLS policies: supabase/migrations/001_create_approval_requests.sql'));
+    console.log('');
+}
+//# sourceMappingURL=setup-instructions.js.map

package/dist/lib/setup-instructions.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"setup-instructions.js","sourceRoot":"","sources":["../../src/lib/setup-instructions.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,MAAM,OAAO,CAAC;AAE1B,MAAM,CAAC,MAAM,SAAS,GAAG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;gDAsCuB,CAAC;AAEjD,MAAM,UAAU,8BAA8B;IAC5C,MAAM,MAAM,GAAG,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;IAE9B,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,KAAK,MAAM,EAAE,CAAC,CAAC,CAAC;IACvC,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,qCAAqC,CAAC,CAAC,CAAC;IACpE,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAChB,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,KAAK,CAAC,oDAAoD,CAAC,CAAC,CAAC;IAC/E,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,sCAAsC,CAAC,CAAC,CAAC;IAChE,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,MAAM,EAAE,CAAC,CAAC,CAAC;IACrC,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,CAAC;IACrC,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC;IAChC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAChB,OAAO,CAAC,GAAG,CACT,KAAK,CAAC,IAAI,CAAC,kFAAkF,CAAC,CAC/F,CAAC;IACF,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;AAClB,CAAC"}

package/dist/lib/slack.d.ts

@@ -0,0 +1,18 @@
+/**
+ * @deprecated This file is maintained for backward compatibility.
+ * Use the messenger module instead:
+ * import { SlackMessenger, MessengerFactory } from './messenger/index.js';
+ */
+import { type SlackConfig as NewSlackConfig } from './messenger/slack.js';
+import type { MessengerMessage, MessengerResult } from './messenger/types.js';
+export type SlackMessage = MessengerMessage;
+export type SlackConfig = NewSlackConfig;
+/**
+ * @deprecated Use SlackMessenger.sendNotification() instead
+ */
+export declare function sendSlackNotification(webhookUrl: string, message: SlackMessage): Promise<MessengerResult>;
+/**
+ * @deprecated Use SlackMessenger.sendTestNotification() instead
+ */
+export declare function sendTestNotification(webhookUrl: string): Promise<MessengerResult>;
+//# sourceMappingURL=slack.d.ts.map

package/dist/lib/slack.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"slack.d.ts","sourceRoot":"","sources":["../../src/lib/slack.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAkB,KAAK,WAAW,IAAI,cAAc,EAAE,MAAM,sBAAsB,CAAC;AAC1F,OAAO,KAAK,EAAE,gBAAgB,EAAE,eAAe,EAAE,MAAM,sBAAsB,CAAC;AAG9E,MAAM,MAAM,YAAY,GAAG,gBAAgB,CAAC;AAC5C,MAAM,MAAM,WAAW,GAAG,cAAc,CAAC;AAEzC;;GAEG;AACH,wBAAsB,qBAAqB,CACzC,UAAU,EAAE,MAAM,EAClB,OAAO,EAAE,YAAY,GACpB,OAAO,CAAC,eAAe,CAAC,CAG1B;AAED;;GAEG;AACH,wBAAsB,oBAAoB,CACxC,UAAU,EAAE,MAAM,GACjB,OAAO,CAAC,eAAe,CAAC,CAG1B"}

package/dist/lib/slack.js

@@ -0,0 +1,21 @@
+/**
+ * @deprecated This file is maintained for backward compatibility.
+ * Use the messenger module instead:
+ * import { SlackMessenger, MessengerFactory } from './messenger/index.js';
+ */
+import { SlackMessenger } from './messenger/slack.js';
+/**
+ * @deprecated Use SlackMessenger.sendNotification() instead
+ */
+export async function sendSlackNotification(webhookUrl, message) {
+    const messenger = new SlackMessenger({ webhookUrl });
+    return messenger.sendNotification(message);
+}
+/**
+ * @deprecated Use SlackMessenger.sendTestNotification() instead
+ */
+export async function sendTestNotification(webhookUrl) {
+    const messenger = new SlackMessenger({ webhookUrl });
+    return messenger.sendTestNotification();
+}
+//# sourceMappingURL=slack.js.map

package/dist/lib/slack.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"slack.js","sourceRoot":"","sources":["../../src/lib/slack.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,cAAc,EAAsC,MAAM,sBAAsB,CAAC;AAO1F;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,qBAAqB,CACzC,UAAkB,EAClB,OAAqB;IAErB,MAAM,SAAS,GAAG,IAAI,cAAc,CAAC,EAAE,UAAU,EAAE,CAAC,CAAC;IACrD,OAAO,SAAS,CAAC,gBAAgB,CAAC,OAAO,CAAC,CAAC;AAC7C,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,oBAAoB,CACxC,UAAkB;IAElB,MAAM,SAAS,GAAG,IAAI,cAAc,CAAC,EAAE,UAAU,EAAE,CAAC,CAAC;IACrD,OAAO,SAAS,CAAC,oBAAoB,EAAE,CAAC;AAC1C,CAAC"}

package/dist/lib/supabase.d.ts

@@ -0,0 +1,33 @@
+import { SupabaseClient } from '@supabase/supabase-js';
+import type { Config } from './config.js';
+import type { Severity } from './rules.js';
+export type ApprovalStatus = 'pending' | 'approved' | 'rejected' | 'timeout';
+export interface ApprovalRequest {
+    id: string;
+    command: string;
+    danger_reason: string;
+    severity: Severity;
+    cwd: string;
+    status: ApprovalStatus;
+    created_at: string;
+    resolved_at?: string;
+    resolved_by?: string;
+}
+export declare function initializeSupabase(config: Config): SupabaseClient;
+export declare function getSupabaseClient(): SupabaseClient;
+export declare function createRequest(requestId: string, request: {
+    command: string;
+    dangerReason: string;
+    severity: Severity;
+    cwd: string;
+}): Promise<void>;
+export declare function updateRequestStatus(requestId: string, status: ApprovalStatus, resolvedBy?: string): Promise<void>;
+export declare function getRequest(requestId: string): Promise<ApprovalRequest | null>;
+export declare function listenForApproval(requestId: string, timeoutMs: number, onResolved: (status: ApprovalStatus) => void): () => void;
+export declare function cleanupOldRequests(maxAgeMs?: number): Promise<number>;
+export declare function testConnection(config: Config): Promise<{
+    ok: boolean;
+    error?: string;
+}>;
+export declare function shutdownSupabase(): Promise<void>;
+//# sourceMappingURL=supabase.d.ts.map

package/dist/lib/supabase.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"supabase.d.ts","sourceRoot":"","sources":["../../src/lib/supabase.ts"],"names":[],"mappings":"AAAA,OAAO,EAAgB,cAAc,EAAmB,MAAM,uBAAuB,CAAC;AACtF,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,aAAa,CAAC;AAC1C,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,YAAY,CAAC;AAmB3C,MAAM,MAAM,cAAc,GAAG,SAAS,GAAG,UAAU,GAAG,UAAU,GAAG,SAAS,CAAC;AAE7E,MAAM,WAAW,eAAe;IAC9B,EAAE,EAAE,MAAM,CAAC;IACX,OAAO,EAAE,MAAM,CAAC;IAChB,aAAa,EAAE,MAAM,CAAC;IACtB,QAAQ,EAAE,QAAQ,CAAC;IACnB,GAAG,EAAE,MAAM,CAAC;IACZ,MAAM,EAAE,cAAc,CAAC;IACvB,UAAU,EAAE,MAAM,CAAC;IACnB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB;AAID,wBAAgB,kBAAkB,CAAC,MAAM,EAAE,MAAM,GAAG,cAAc,CAOjE;AAED,wBAAgB,iBAAiB,IAAI,cAAc,CAKlD;AAED,wBAAsB,aAAa,CACjC,SAAS,EAAE,MAAM,EACjB,OAAO,EAAE;IAAE,OAAO,EAAE,MAAM,CAAC;IAAC,YAAY,EAAE,MAAM,CAAC;IAAC,QAAQ,EAAE,QAAQ,CAAC;IAAC,GAAG,EAAE,MAAM,CAAA;CAAE,GAClF,OAAO,CAAC,IAAI,CAAC,CAkBf;AAED,wBAAsB,mBAAmB,CACvC,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,cAAc,EACtB,UAAU,CAAC,EAAE,MAAM,GAClB,OAAO,CAAC,IAAI,CAAC,CAiBf;AAED,wBAAsB,UAAU,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,eAAe,GAAG,IAAI,CAAC,CAiBnF;AAED,wBAAgB,iBAAiB,CAC/B,SAAS,EAAE,MAAM,EACjB,SAAS,EAAE,MAAM,EACjB,UAAU,EAAE,CAAC,MAAM,EAAE,cAAc,KAAK,IAAI,GAC3C,MAAM,IAAI,CAqEZ;AAED,wBAAsB,kBAAkB,CAAC,QAAQ,GAAE,MAA4B,GAAG,OAAO,CAAC,MAAM,CAAC,CAehG;AAED,wBAAsB,cAAc,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC;IAAE,EAAE,EAAE,OAAO,CAAC;IAAC,KAAK,CAAC,EAAE,MAAM,CAAA;CAAE,CAAC,CAgB7F;AAED,wBAAsB,gBAAgB,IAAI,OAAO,CAAC,IAAI,CAAC,CAKtD"}