daycare-cli 2026.2.27 → 2026.2.28
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/config/configResolve.d.ts.map +1 -1
- package/dist/config/configResolve.js +15 -1
- package/dist/config/configResolve.js.map +1 -1
- package/dist/config/configResolve.spec.js +47 -0
- package/dist/config/configResolve.spec.js.map +1 -1
- package/dist/config/configSettingsParse.d.ts.map +1 -1
- package/dist/config/configSettingsParse.js +10 -0
- package/dist/config/configSettingsParse.js.map +1 -1
- package/dist/config/configSettingsParse.spec.js +32 -0
- package/dist/config/configSettingsParse.spec.js.map +1 -1
- package/dist/config/configTypes.d.ts +2 -1
- package/dist/config/configTypes.d.ts.map +1 -1
- package/dist/engine/agents/agent.d.ts.map +1 -1
- package/dist/engine/agents/agent.js +12 -1
- package/dist/engine/agents/agent.js.map +1 -1
- package/dist/engine/agents/agentSystem.spec.js +1 -1
- package/dist/engine/agents/ops/agentSystemPromptContext.d.ts +1 -1
- package/dist/engine/agents/ops/agentSystemPromptContext.d.ts.map +1 -1
- package/dist/engine/agents/ops/agentSystemPromptSectionEnvironment.d.ts.map +1 -1
- package/dist/engine/agents/ops/agentSystemPromptSectionEnvironment.js +12 -1
- package/dist/engine/agents/ops/agentSystemPromptSectionEnvironment.js.map +1 -1
- package/dist/engine/agents/ops/agentSystemPromptSectionMemory.d.ts.map +1 -1
- package/dist/engine/agents/ops/agentSystemPromptSectionMemory.js +0 -4
- package/dist/engine/agents/ops/agentSystemPromptSectionMemory.js.map +1 -1
- package/dist/engine/agents/ops/agentSystemPromptSectionPermissions.d.ts +2 -2
- package/dist/engine/agents/ops/agentSystemPromptSectionPermissions.d.ts.map +1 -1
- package/dist/engine/agents/ops/agentSystemPromptSectionPermissions.js +12 -30
- package/dist/engine/agents/ops/agentSystemPromptSectionPermissions.js.map +1 -1
- package/dist/engine/friends/nametagGenerate.d.ts +6 -0
- package/dist/engine/friends/nametagGenerate.d.ts.map +1 -0
- package/dist/engine/friends/nametagGenerate.js +9 -0
- package/dist/engine/friends/nametagGenerate.js.map +1 -0
- package/dist/engine/friends/nametagGenerate.spec.d.ts +2 -0
- package/dist/engine/friends/nametagGenerate.spec.d.ts.map +1 -0
- package/dist/engine/friends/nametagGenerate.spec.js +18 -0
- package/dist/engine/friends/nametagGenerate.spec.js.map +1 -0
- package/dist/engine/modules/rlm/rlmPromptSkills.spec.js +9 -9
- package/dist/engine/modules/rlm/rlmPromptSkills.spec.js.map +1 -1
- package/dist/engine/modules/tools/friendAddToolBuild.d.ts +2 -2
- package/dist/engine/modules/tools/friendAddToolBuild.d.ts.map +1 -1
- package/dist/engine/modules/tools/friendAddToolBuild.js +30 -33
- package/dist/engine/modules/tools/friendAddToolBuild.js.map +1 -1
- package/dist/engine/modules/tools/friendAddToolBuild.spec.js +19 -19
- package/dist/engine/modules/tools/friendRemoveToolBuild.d.ts +2 -2
- package/dist/engine/modules/tools/friendRemoveToolBuild.d.ts.map +1 -1
- package/dist/engine/modules/tools/friendRemoveToolBuild.js +32 -35
- package/dist/engine/modules/tools/friendRemoveToolBuild.js.map +1 -1
- package/dist/engine/modules/tools/friendRemoveToolBuild.spec.js +22 -22
- package/dist/engine/modules/tools/friendSendToolBuild.d.ts +1 -1
- package/dist/engine/modules/tools/friendSendToolBuild.d.ts.map +1 -1
- package/dist/engine/modules/tools/friendSendToolBuild.js +17 -20
- package/dist/engine/modules/tools/friendSendToolBuild.js.map +1 -1
- package/dist/engine/modules/tools/friendSendToolBuild.spec.js +14 -14
- package/dist/engine/modules/tools/friendShareSubuserToolBuild.d.ts +1 -1
- package/dist/engine/modules/tools/friendShareSubuserToolBuild.d.ts.map +1 -1
- package/dist/engine/modules/tools/friendShareSubuserToolBuild.js +20 -26
- package/dist/engine/modules/tools/friendShareSubuserToolBuild.js.map +1 -1
- package/dist/engine/modules/tools/friendShareSubuserToolBuild.spec.js +18 -18
- package/dist/engine/modules/tools/friendUnshareSubuserToolBuild.d.ts.map +1 -1
- package/dist/engine/modules/tools/friendUnshareSubuserToolBuild.js +16 -19
- package/dist/engine/modules/tools/friendUnshareSubuserToolBuild.js.map +1 -1
- package/dist/engine/modules/tools/friendUnshareSubuserToolBuild.spec.js +12 -12
- package/dist/engine/modules/tools/topologyToolBuild.js +5 -5
- package/dist/engine/modules/tools/topologyToolBuild.js.map +1 -1
- package/dist/engine/modules/tools/topologyToolBuild.spec.js +8 -8
- package/dist/plugins/dashboard/site/404.html +1 -1
- package/dist/plugins/dashboard/site/agent.html +1 -1
- package/dist/plugins/dashboard/site/agent.txt +1 -1
- package/dist/plugins/dashboard/site/agents.html +1 -1
- package/dist/plugins/dashboard/site/agents.txt +1 -1
- package/dist/plugins/dashboard/site/automations.html +1 -1
- package/dist/plugins/dashboard/site/automations.txt +1 -1
- package/dist/plugins/dashboard/site/connectors.html +1 -1
- package/dist/plugins/dashboard/site/connectors.txt +1 -1
- package/dist/plugins/dashboard/site/index.html +1 -1
- package/dist/plugins/dashboard/site/index.txt +1 -1
- package/dist/plugins/dashboard/site/memory.html +1 -1
- package/dist/plugins/dashboard/site/memory.txt +1 -1
- package/dist/plugins/dashboard/site/processes.html +1 -1
- package/dist/plugins/dashboard/site/processes.txt +1 -1
- package/dist/plugins/dashboard/site/providers.html +1 -1
- package/dist/plugins/dashboard/site/providers.txt +1 -1
- package/dist/plugins/dashboard/site/signals.html +1 -1
- package/dist/plugins/dashboard/site/signals.txt +1 -1
- package/dist/plugins/dashboard/site/telemetry.html +1 -1
- package/dist/plugins/dashboard/site/telemetry.txt +1 -1
- package/dist/plugins/dashboard/site/tools.html +1 -1
- package/dist/plugins/dashboard/site/tools.txt +1 -1
- package/dist/prompts/SYSTEM_ENVIRONMENT.md +6 -0
- package/dist/prompts/SYSTEM_MEMORY.md +4 -4
- package/dist/prompts/SYSTEM_PERMISSIONS.md +3 -19
- package/dist/sandbox/docker/dockerContainerEnsure.d.ts +8 -0
- package/dist/sandbox/docker/dockerContainerEnsure.d.ts.map +1 -0
- package/dist/sandbox/docker/dockerContainerEnsure.js +56 -0
- package/dist/sandbox/docker/dockerContainerEnsure.js.map +1 -0
- package/dist/sandbox/docker/dockerContainerEnsure.spec.d.ts +2 -0
- package/dist/sandbox/docker/dockerContainerEnsure.spec.d.ts.map +1 -0
- package/dist/sandbox/docker/dockerContainerEnsure.spec.js +66 -0
- package/dist/sandbox/docker/dockerContainerEnsure.spec.js.map +1 -0
- package/dist/sandbox/docker/dockerContainerExec.d.ts +8 -0
- package/dist/sandbox/docker/dockerContainerExec.d.ts.map +1 -0
- package/dist/sandbox/docker/dockerContainerExec.js +109 -0
- package/dist/sandbox/docker/dockerContainerExec.js.map +1 -0
- package/dist/sandbox/docker/dockerContainerExec.spec.d.ts +2 -0
- package/dist/sandbox/docker/dockerContainerExec.spec.d.ts.map +1 -0
- package/dist/sandbox/docker/dockerContainerExec.spec.js +75 -0
- package/dist/sandbox/docker/dockerContainerExec.spec.js.map +1 -0
- package/dist/sandbox/docker/dockerContainerNameBuild.d.ts +6 -0
- package/dist/sandbox/docker/dockerContainerNameBuild.d.ts.map +1 -0
- package/dist/sandbox/docker/dockerContainerNameBuild.js +15 -0
- package/dist/sandbox/docker/dockerContainerNameBuild.js.map +1 -0
- package/dist/sandbox/docker/dockerContainerNameBuild.spec.d.ts +2 -0
- package/dist/sandbox/docker/dockerContainerNameBuild.spec.d.ts.map +1 -0
- package/dist/sandbox/docker/dockerContainerNameBuild.spec.js +17 -0
- package/dist/sandbox/docker/dockerContainerNameBuild.spec.js.map +1 -0
- package/dist/sandbox/docker/dockerContainers.d.ts +13 -0
- package/dist/sandbox/docker/dockerContainers.d.ts.map +1 -0
- package/dist/sandbox/docker/dockerContainers.js +42 -0
- package/dist/sandbox/docker/dockerContainers.js.map +1 -0
- package/dist/sandbox/docker/dockerContainersShared.d.ts +3 -0
- package/dist/sandbox/docker/dockerContainersShared.d.ts.map +1 -0
- package/dist/sandbox/docker/dockerContainersShared.js +3 -0
- package/dist/sandbox/docker/dockerContainersShared.js.map +1 -0
- package/dist/sandbox/docker/dockerRunInSandbox.d.ts +19 -0
- package/dist/sandbox/docker/dockerRunInSandbox.d.ts.map +1 -0
- package/dist/sandbox/docker/dockerRunInSandbox.integration.spec.d.ts +2 -0
- package/dist/sandbox/docker/dockerRunInSandbox.integration.spec.d.ts.map +1 -0
- package/dist/sandbox/docker/dockerRunInSandbox.integration.spec.js +143 -0
- package/dist/sandbox/docker/dockerRunInSandbox.integration.spec.js.map +1 -0
- package/dist/sandbox/docker/dockerRunInSandbox.js +117 -0
- package/dist/sandbox/docker/dockerRunInSandbox.js.map +1 -0
- package/dist/sandbox/docker/dockerRunInSandbox.spec.d.ts +2 -0
- package/dist/sandbox/docker/dockerRunInSandbox.spec.d.ts.map +1 -0
- package/dist/sandbox/docker/dockerRunInSandbox.spec.js +127 -0
- package/dist/sandbox/docker/dockerRunInSandbox.spec.js.map +1 -0
- package/dist/sandbox/docker/dockerTypes.d.ts +23 -0
- package/dist/sandbox/docker/dockerTypes.d.ts.map +1 -0
- package/dist/sandbox/docker/dockerTypes.js +2 -0
- package/dist/sandbox/docker/dockerTypes.js.map +1 -0
- package/dist/sandbox/sandbox.d.ts +3 -1
- package/dist/sandbox/sandbox.d.ts.map +1 -1
- package/dist/sandbox/sandbox.js +42 -9
- package/dist/sandbox/sandbox.js.map +1 -1
- package/dist/sandbox/sandboxCanRead.d.ts.map +1 -1
- package/dist/sandbox/sandboxCanRead.js +8 -4
- package/dist/sandbox/sandboxCanRead.js.map +1 -1
- package/dist/sandbox/sandboxCanRead.spec.js +6 -4
- package/dist/sandbox/sandboxCanRead.spec.js.map +1 -1
- package/dist/sandbox/sandboxCanWrite.d.ts.map +1 -1
- package/dist/sandbox/sandboxCanWrite.js +25 -0
- package/dist/sandbox/sandboxCanWrite.js.map +1 -1
- package/dist/sandbox/sandboxCanWrite.spec.js +6 -1
- package/dist/sandbox/sandboxCanWrite.spec.js.map +1 -1
- package/dist/sandbox/sandboxDocker.spec.d.ts +2 -0
- package/dist/sandbox/sandboxDocker.spec.d.ts.map +1 -0
- package/dist/sandbox/sandboxDocker.spec.js +121 -0
- package/dist/sandbox/sandboxDocker.spec.js.map +1 -0
- package/dist/sandbox/sandboxPathContainerToHost.d.ts +6 -0
- package/dist/sandbox/sandboxPathContainerToHost.d.ts.map +1 -0
- package/dist/sandbox/sandboxPathContainerToHost.js +24 -0
- package/dist/sandbox/sandboxPathContainerToHost.js.map +1 -0
- package/dist/sandbox/sandboxPathContainerToHost.spec.d.ts +2 -0
- package/dist/sandbox/sandboxPathContainerToHost.spec.d.ts.map +1 -0
- package/dist/sandbox/sandboxPathContainerToHost.spec.js +25 -0
- package/dist/sandbox/sandboxPathContainerToHost.spec.js.map +1 -0
- package/dist/sandbox/sandboxPathHostToContainer.d.ts +6 -0
- package/dist/sandbox/sandboxPathHostToContainer.d.ts.map +1 -0
- package/dist/sandbox/sandboxPathHostToContainer.js +23 -0
- package/dist/sandbox/sandboxPathHostToContainer.js.map +1 -0
- package/dist/sandbox/sandboxPathHostToContainer.spec.d.ts +2 -0
- package/dist/sandbox/sandboxPathHostToContainer.spec.d.ts.map +1 -0
- package/dist/sandbox/sandboxPathHostToContainer.spec.js +32 -0
- package/dist/sandbox/sandboxPathHostToContainer.spec.js.map +1 -0
- package/dist/sandbox/sandboxReadBoundaryDenyPathsBuild.d.ts +11 -0
- package/dist/sandbox/sandboxReadBoundaryDenyPathsBuild.d.ts.map +1 -0
- package/dist/sandbox/sandboxReadBoundaryDenyPathsBuild.js +20 -0
- package/dist/sandbox/sandboxReadBoundaryDenyPathsBuild.js.map +1 -0
- package/dist/sandbox/sandboxReadBoundaryDenyPathsBuild.spec.d.ts +2 -0
- package/dist/sandbox/sandboxReadBoundaryDenyPathsBuild.spec.d.ts.map +1 -0
- package/dist/sandbox/sandboxReadBoundaryDenyPathsBuild.spec.js +20 -0
- package/dist/sandbox/sandboxReadBoundaryDenyPathsBuild.spec.js.map +1 -0
- package/dist/sandbox/sandboxTypes.d.ts +9 -0
- package/dist/sandbox/sandboxTypes.d.ts.map +1 -1
- package/dist/settings.d.ts +17 -1
- package/dist/settings.d.ts.map +1 -1
- package/dist/settings.js.map +1 -1
- package/dist/skills/daycare-friendship/SKILL.md +295 -0
- package/dist/skills/skills/daycare-friendship/SKILL.md +295 -0
- package/dist/storage/agentsRepository.spec.js +1 -1
- package/dist/storage/connectionsRepository.spec.js +19 -19
- package/dist/storage/databaseTypes.d.ts +3 -3
- package/dist/storage/databaseTypes.d.ts.map +1 -1
- package/dist/storage/migrations/20260225_require_usertag.d.ts +7 -0
- package/dist/storage/migrations/20260225_require_usertag.d.ts.map +1 -0
- package/dist/storage/migrations/20260225_require_usertag.js +60 -0
- package/dist/storage/migrations/20260225_require_usertag.js.map +1 -0
- package/dist/storage/migrations/20260225_require_usertag.spec.d.ts +2 -0
- package/dist/storage/migrations/20260225_require_usertag.spec.d.ts.map +1 -0
- package/dist/storage/migrations/20260225_require_usertag.spec.js +70 -0
- package/dist/storage/migrations/20260225_require_usertag.spec.js.map +1 -0
- package/dist/storage/migrations/20260226_rename_usertag_to_nametag.d.ts +7 -0
- package/dist/storage/migrations/20260226_rename_usertag_to_nametag.d.ts.map +1 -0
- package/dist/storage/migrations/20260226_rename_usertag_to_nametag.js +47 -0
- package/dist/storage/migrations/20260226_rename_usertag_to_nametag.js.map +1 -0
- package/dist/storage/migrations/20260226_rename_usertag_to_nametag.spec.d.ts +2 -0
- package/dist/storage/migrations/20260226_rename_usertag_to_nametag.spec.d.ts.map +1 -0
- package/dist/storage/migrations/20260226_rename_usertag_to_nametag.spec.js +59 -0
- package/dist/storage/migrations/20260226_rename_usertag_to_nametag.spec.js.map +1 -0
- package/dist/storage/migrations/_migrations.d.ts.map +1 -1
- package/dist/storage/migrations/_migrations.js +5 -1
- package/dist/storage/migrations/_migrations.js.map +1 -1
- package/dist/storage/storage.d.ts +1 -1
- package/dist/storage/storage.js +15 -15
- package/dist/storage/storage.js.map +1 -1
- package/dist/storage/storage.spec.js +1 -1
- package/dist/storage/storage.spec.js.map +1 -1
- package/dist/storage/usersRepository.d.ts +2 -2
- package/dist/storage/usersRepository.d.ts.map +1 -1
- package/dist/storage/usersRepository.js +40 -21
- package/dist/storage/usersRepository.js.map +1 -1
- package/dist/storage/usersRepository.spec.js +8 -8
- package/package.json +6 -3
- package/dist/engine/friends/usertagGenerate.d.ts +0 -6
- package/dist/engine/friends/usertagGenerate.d.ts.map +0 -1
- package/dist/engine/friends/usertagGenerate.js +0 -311
- package/dist/engine/friends/usertagGenerate.js.map +0 -1
- package/dist/engine/friends/usertagGenerate.spec.d.ts +0 -2
- package/dist/engine/friends/usertagGenerate.spec.d.ts.map +0 -1
- package/dist/engine/friends/usertagGenerate.spec.js +0 -13
- package/dist/engine/friends/usertagGenerate.spec.js.map +0 -1
- /package/dist/plugins/dashboard/site/_next/static/{Hr0soHgJ1L7WevXil6GIk → fEfvfa55gmpjx9cT66rjx}/_buildManifest.js +0 -0
- /package/dist/plugins/dashboard/site/_next/static/{Hr0soHgJ1L7WevXil6GIk → fEfvfa55gmpjx9cT66rjx}/_ssgManifest.js +0 -0
|
@@ -0,0 +1,117 @@
|
|
|
1
|
+
import { promises as fs } from "node:fs";
|
|
2
|
+
import path from "node:path";
|
|
3
|
+
import { getLogger } from "../../log.js";
|
|
4
|
+
import { shellQuote } from "../../util/shellQuote.js";
|
|
5
|
+
import { sandboxHomeRedefine } from "../sandboxHomeRedefine.js";
|
|
6
|
+
import { sandboxPathHostToContainer } from "../sandboxPathHostToContainer.js";
|
|
7
|
+
import { dockerContainersShared } from "./dockerContainersShared.js";
|
|
8
|
+
const logger = getLogger("sandbox.docker");
|
|
9
|
+
const DEFAULT_TIMEOUT_MS = 30_000;
|
|
10
|
+
const DEFAULT_MAX_BUFFER_BYTES = 1_000_000;
|
|
11
|
+
/**
|
|
12
|
+
* Runs sandbox-runtime inside a per-user Docker container.
|
|
13
|
+
* Expects: docker image is local and options.home is mounted to /home/<userId>.
|
|
14
|
+
*/
|
|
15
|
+
export async function dockerRunInSandbox(command, config, options) {
|
|
16
|
+
const hostHomeDir = path.resolve(options.home);
|
|
17
|
+
const dockerConfig = {
|
|
18
|
+
...options.docker,
|
|
19
|
+
hostHomeDir
|
|
20
|
+
};
|
|
21
|
+
const runtimeConfig = runtimeConfigPathRewrite(config, hostHomeDir, options.docker.userId);
|
|
22
|
+
const settingsHostPath = path.join(hostHomeDir, ".tmp", `daycare-srt-${process.pid}-${Date.now()}-${Math.random().toString(36).slice(2)}.json`);
|
|
23
|
+
const { env } = await sandboxHomeRedefine({
|
|
24
|
+
env: options.env ?? process.env,
|
|
25
|
+
home: hostHomeDir
|
|
26
|
+
});
|
|
27
|
+
const containerEnv = envPathRewrite(env, hostHomeDir, options.docker.userId);
|
|
28
|
+
const containerCwd = options.cwd
|
|
29
|
+
? sandboxPathHostToContainer(hostHomeDir, options.docker.userId, options.cwd)
|
|
30
|
+
: undefined;
|
|
31
|
+
const settingsContainerPath = sandboxPathHostToContainer(hostHomeDir, options.docker.userId, settingsHostPath);
|
|
32
|
+
await fs.mkdir(path.dirname(settingsHostPath), { recursive: true });
|
|
33
|
+
await fs.writeFile(settingsHostPath, JSON.stringify(runtimeConfig), "utf8");
|
|
34
|
+
try {
|
|
35
|
+
logger.debug(`exec: resolving sandbox-runtime CLI path in container`);
|
|
36
|
+
const cliResolveResult = await dockerContainersShared.exec(dockerConfig, {
|
|
37
|
+
command: [
|
|
38
|
+
"bash",
|
|
39
|
+
"-lc",
|
|
40
|
+
"node -p \"require.resolve('@anthropic-ai/sandbox-runtime/dist/cli.js')\""
|
|
41
|
+
],
|
|
42
|
+
cwd: containerCwd,
|
|
43
|
+
env: containerEnv,
|
|
44
|
+
timeoutMs: options.timeoutMs ?? DEFAULT_TIMEOUT_MS,
|
|
45
|
+
maxBufferBytes: options.maxBufferBytes ?? DEFAULT_MAX_BUFFER_BYTES
|
|
46
|
+
});
|
|
47
|
+
const srtCliPath = cliPathResolveFromResult(cliResolveResult);
|
|
48
|
+
logger.debug(`exec: resolved CLI path=${srtCliPath} cwd=${containerCwd} command=${JSON.stringify(command)}`);
|
|
49
|
+
const result = await dockerContainersShared.exec(dockerConfig, {
|
|
50
|
+
command: ["bash", "-lc", `node ${srtCliPath} --settings ${settingsContainerPath} -c ${shellQuote(command)}`],
|
|
51
|
+
cwd: containerCwd,
|
|
52
|
+
env: containerEnv,
|
|
53
|
+
timeoutMs: options.timeoutMs ?? DEFAULT_TIMEOUT_MS,
|
|
54
|
+
maxBufferBytes: options.maxBufferBytes ?? DEFAULT_MAX_BUFFER_BYTES
|
|
55
|
+
});
|
|
56
|
+
logger.debug(`exec: completed exitCode=${result.exitCode}`);
|
|
57
|
+
if (result.exitCode !== 0) {
|
|
58
|
+
logger.warn(`exec: non-zero exit exitCode=${result.exitCode}` +
|
|
59
|
+
(result.stderr ? ` stderr=${result.stderr.slice(0, 500)}` : ""));
|
|
60
|
+
throw dockerExecErrorBuild(result);
|
|
61
|
+
}
|
|
62
|
+
return {
|
|
63
|
+
stdout: result.stdout,
|
|
64
|
+
stderr: result.stderr
|
|
65
|
+
};
|
|
66
|
+
}
|
|
67
|
+
finally {
|
|
68
|
+
await fs.rm(settingsHostPath, { force: true });
|
|
69
|
+
}
|
|
70
|
+
}
|
|
71
|
+
function runtimeConfigPathRewrite(config, hostHomeDir, userId) {
|
|
72
|
+
if (!config.filesystem) {
|
|
73
|
+
return config;
|
|
74
|
+
}
|
|
75
|
+
return {
|
|
76
|
+
...config,
|
|
77
|
+
filesystem: {
|
|
78
|
+
...config.filesystem,
|
|
79
|
+
allowWrite: config.filesystem.allowWrite.map((entry) => sandboxPathHostToContainer(hostHomeDir, userId, entry)),
|
|
80
|
+
denyRead: config.filesystem.denyRead.map((entry) => sandboxPathHostToContainer(hostHomeDir, userId, entry)),
|
|
81
|
+
denyWrite: config.filesystem.denyWrite.map((entry) => sandboxPathHostToContainer(hostHomeDir, userId, entry))
|
|
82
|
+
}
|
|
83
|
+
};
|
|
84
|
+
}
|
|
85
|
+
function envPathRewrite(env, hostHomeDir, userId) {
|
|
86
|
+
const rewritten = {};
|
|
87
|
+
for (const [key, value] of Object.entries(env)) {
|
|
88
|
+
if (value === undefined) {
|
|
89
|
+
continue;
|
|
90
|
+
}
|
|
91
|
+
rewritten[key] = sandboxPathHostToContainer(hostHomeDir, userId, value);
|
|
92
|
+
}
|
|
93
|
+
return rewritten;
|
|
94
|
+
}
|
|
95
|
+
function cliPathResolveFromResult(result) {
|
|
96
|
+
if (result.exitCode !== 0) {
|
|
97
|
+
throw dockerExecErrorBuild(result);
|
|
98
|
+
}
|
|
99
|
+
const lines = result.stdout
|
|
100
|
+
.split(/\r?\n/)
|
|
101
|
+
.map((line) => line.trim())
|
|
102
|
+
.filter((line) => line.length > 0);
|
|
103
|
+
const cliPath = lines.at(-1);
|
|
104
|
+
if (!cliPath) {
|
|
105
|
+
throw new Error("Failed to resolve sandbox-runtime CLI path inside Docker container.");
|
|
106
|
+
}
|
|
107
|
+
return cliPath;
|
|
108
|
+
}
|
|
109
|
+
function dockerExecErrorBuild(result) {
|
|
110
|
+
const error = new Error(`docker exec failed with code ${result.exitCode ?? "unknown"}`);
|
|
111
|
+
error.stdout = result.stdout;
|
|
112
|
+
error.stderr = result.stderr;
|
|
113
|
+
error.code = result.exitCode;
|
|
114
|
+
error.signal = null;
|
|
115
|
+
return error;
|
|
116
|
+
}
|
|
117
|
+
//# sourceMappingURL=dockerRunInSandbox.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"dockerRunInSandbox.js","sourceRoot":"","sources":["../../../sources/sandbox/docker/dockerRunInSandbox.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,IAAI,EAAE,EAAE,MAAM,SAAS,CAAC;AACzC,OAAO,IAAI,MAAM,WAAW,CAAC;AAI7B,OAAO,EAAE,SAAS,EAAE,MAAM,cAAc,CAAC;AACzC,OAAO,EAAE,UAAU,EAAE,MAAM,0BAA0B,CAAC;AACtD,OAAO,EAAE,mBAAmB,EAAE,MAAM,2BAA2B,CAAC;AAChE,OAAO,EAAE,0BAA0B,EAAE,MAAM,kCAAkC,CAAC;AAC9E,OAAO,EAAE,sBAAsB,EAAE,MAAM,6BAA6B,CAAC;AAGrE,MAAM,MAAM,GAAG,SAAS,CAAC,gBAAgB,CAAC,CAAC;AAC3C,MAAM,kBAAkB,GAAG,MAAM,CAAC;AAClC,MAAM,wBAAwB,GAAG,SAAS,CAAC;AAW3C;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,kBAAkB,CACpC,OAAe,EACf,MAA4B,EAC5B,OAAkC;IAElC,MAAM,WAAW,GAAG,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;IAC/C,MAAM,YAAY,GAA0B;QACxC,GAAG,OAAO,CAAC,MAAM;QACjB,WAAW;KACd,CAAC;IAEF,MAAM,aAAa,GAAG,wBAAwB,CAAC,MAAM,EAAE,WAAW,EAAE,OAAO,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;IAC3F,MAAM,gBAAgB,GAAG,IAAI,CAAC,IAAI,CAC9B,WAAW,EACX,MAAM,EACN,eAAe,OAAO,CAAC,GAAG,IAAI,IAAI,CAAC,GAAG,EAAE,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,OAAO,CACzF,CAAC;IACF,MAAM,EAAE,GAAG,EAAE,GAAG,MAAM,mBAAmB,CAAC;QACtC,GAAG,EAAE,OAAO,CAAC,GAAG,IAAI,OAAO,CAAC,GAAG;QAC/B,IAAI,EAAE,WAAW;KACpB,CAAC,CAAC;IACH,MAAM,YAAY,GAAG,cAAc,CAAC,GAAG,EAAE,WAAW,EAAE,OAAO,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;IAC7E,MAAM,YAAY,GAAG,OAAO,CAAC,GAAG;QAC5B,CAAC,CAAC,0BAA0B,CAAC,WAAW,EAAE,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,CAAC;QAC7E,CAAC,CAAC,SAAS,CAAC;IAChB,MAAM,qBAAqB,GAAG,0BAA0B,CAAC,WAAW,EAAE,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,gBAAgB,CAAC,CAAC;IAE/G,MAAM,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,gBAAgB,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IACpE,MAAM,EAAE,CAAC,SAAS,CAAC,gBAAgB,EAAE,IAAI,CAAC,SAAS,CAAC,aAAa,CAAC,EAAE,MAAM,CAAC,CAAC;IAE5E,IAAI,CAAC;QACD,MAAM,CAAC,KAAK,CAAC,uDAAuD,CAAC,CAAC;QACtE,MAAM,gBAAgB,GAAG,MAAM,sBAAsB,CAAC,IAAI,CAAC,YAAY,EAAE;YACrE,OAAO,EAAE;gBACL,MAAM;gBACN,KAAK;gBACL,0EAA0E;aAC7E;YACD,GAAG,EAAE,YAAY;YACjB,GAAG,EAAE,YAAY;YACjB,SAAS,EAAE,OAAO,CAAC,SAAS,IAAI,kBAAkB;YAClD,cAAc,EAAE,OAAO,CAAC,cAAc,IAAI,wBAAwB;SACrE,CAAC,CAAC;QAEH,MAAM,UAAU,GAAG,wBAAwB,CAAC,gBAAgB,CAAC,CAAC;QAC9D,MAAM,CAAC,KAAK,CAAC,2BAA2B,UAAU,QAAQ,YAAY,YAAY,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC;QAE7G,MAAM,MAAM,GAAG,MAAM,sBAAsB,CAAC,IAAI,CAAC,YAAY,EAAE;YAC3D,OAAO,EAAE,CAAC,MAAM,EAAE,KAAK,EAAE,QAAQ,UAAU,eAAe,qBAAqB,OAAO,UAAU,CAAC,OAAO,CAAC,EAAE,CAAC;YAC5G,GAAG,EAAE,YAAY;YACjB,GAAG,EAAE,YAAY;YACjB,SAAS,EAAE,OAAO,CAAC,SAAS,IAAI,kBAAkB;YAClD,cAAc,EAAE,OAAO,CAAC,cAAc,IAAI,wBAAwB;SACrE,CAAC,CAAC;QAEH,MAAM,CAAC,KAAK,CAAC,4BAA4B,MAAM,CAAC,QAAQ,EAAE,CAAC,CAAC;QAC5D,IAAI,MAAM,CAAC,QAAQ,KAAK,CAAC,EAAE,CAAC;YACxB,MAAM,CAAC,IAAI,CACP,gCAAgC,MAAM,CAAC,QAAQ,EAAE;gBAC7C,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,WAAW,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,CACtE,CAAC;YACF,MAAM,oBAAoB,CAAC,MAAM,CAAC,CAAC;QACvC,CAAC;QAED,OAAO;YACH,MAAM,EAAE,MAAM,CAAC,MAAM;YACrB,MAAM,EAAE,MAAM,CAAC,MAAM;SACxB,CAAC;IACN,CAAC;YAAS,CAAC;QACP,MAAM,EAAE,CAAC,EAAE,CAAC,gBAAgB,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;IACnD,CAAC;AACL,CAAC;AAED,SAAS,wBAAwB,CAC7B,MAA4B,EAC5B,WAAmB,EACnB,MAAc;IAEd,IAAI,CAAC,MAAM,CAAC,UAAU,EAAE,CAAC;QACrB,OAAO,MAAM,CAAC;IAClB,CAAC;IAED,OAAO;QACH,GAAG,MAAM;QACT,UAAU,EAAE;YACR,GAAG,MAAM,CAAC,UAAU;YACpB,UAAU,EAAE,MAAM,CAAC,UAAU,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE,CACnD,0BAA0B,CAAC,WAAW,EAAE,MAAM,EAAE,KAAK,CAAC,CACzD;YACD,QAAQ,EAAE,MAAM,CAAC,UAAU,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,0BAA0B,CAAC,WAAW,EAAE,MAAM,EAAE,KAAK,CAAC,CAAC;YAC3G,SAAS,EAAE,MAAM,CAAC,UAAU,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE,CACjD,0BAA0B,CAAC,WAAW,EAAE,MAAM,EAAE,KAAK,CAAC,CACzD;SACJ;KACJ,CAAC;AACN,CAAC;AAED,SAAS,cAAc,CAAC,GAAsB,EAAE,WAAmB,EAAE,MAAc;IAC/E,MAAM,SAAS,GAAsB,EAAE,CAAC;IAExC,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC;QAC7C,IAAI,KAAK,KAAK,SAAS,EAAE,CAAC;YACtB,SAAS;QACb,CAAC;QACD,SAAS,CAAC,GAAG,CAAC,GAAG,0BAA0B,CAAC,WAAW,EAAE,MAAM,EAAE,KAAK,CAAC,CAAC;IAC5E,CAAC;IAED,OAAO,SAAS,CAAC;AACrB,CAAC;AAED,SAAS,wBAAwB,CAAC,MAAiC;IAC/D,IAAI,MAAM,CAAC,QAAQ,KAAK,CAAC,EAAE,CAAC;QACxB,MAAM,oBAAoB,CAAC,MAAM,CAAC,CAAC;IACvC,CAAC;IAED,MAAM,KAAK,GAAG,MAAM,CAAC,MAAM;SACtB,KAAK,CAAC,OAAO,CAAC;SACd,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;SAC1B,MAAM,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;IAEvC,MAAM,OAAO,GAAG,KAAK,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC;IAC7B,IAAI,CAAC,OAAO,EAAE,CAAC;QACX,MAAM,IAAI,KAAK,CAAC,qEAAqE,CAAC,CAAC;IAC3F,CAAC;IAED,OAAO,OAAO,CAAC;AACnB,CAAC;AAED,SAAS,oBAAoB,CAAC,MAAiC;IAM3D,MAAM,KAAK,GAAG,IAAI,KAAK,CAAC,gCAAgC,MAAM,CAAC,QAAQ,IAAI,SAAS,EAAE,CAKrF,CAAC;IACF,KAAK,CAAC,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC;IAC7B,KAAK,CAAC,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC;IAC7B,KAAK,CAAC,IAAI,GAAG,MAAM,CAAC,QAAQ,CAAC;IAC7B,KAAK,CAAC,MAAM,GAAG,IAAI,CAAC;IACpB,OAAO,KAAK,CAAC;AACjB,CAAC"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"dockerRunInSandbox.spec.d.ts","sourceRoot":"","sources":["../../../sources/sandbox/docker/dockerRunInSandbox.spec.ts"],"names":[],"mappings":""}
|
|
@@ -0,0 +1,127 @@
|
|
|
1
|
+
import { promises as fs } from "node:fs";
|
|
2
|
+
import os from "node:os";
|
|
3
|
+
import path from "node:path";
|
|
4
|
+
import { describe, expect, it, vi } from "vitest";
|
|
5
|
+
import { sandboxPathContainerToHost } from "../sandboxPathContainerToHost.js";
|
|
6
|
+
import { dockerContainersShared } from "./dockerContainersShared.js";
|
|
7
|
+
import { dockerRunInSandbox } from "./dockerRunInSandbox.js";
|
|
8
|
+
describe("dockerRunInSandbox", () => {
|
|
9
|
+
it("rewrites sandbox config paths and runs srt in container", async () => {
|
|
10
|
+
const workspace = await fs.mkdtemp(path.join(os.tmpdir(), "daycare-docker-run-"));
|
|
11
|
+
const homeDir = path.join(workspace, "home");
|
|
12
|
+
await fs.mkdir(path.join(homeDir, "desktop", "project"), { recursive: true });
|
|
13
|
+
const userId = "u123";
|
|
14
|
+
const dockerExecSpy = vi.spyOn(dockerContainersShared, "exec");
|
|
15
|
+
let capturedRuntimeConfig = null;
|
|
16
|
+
let capturedSettingsHostPath = null;
|
|
17
|
+
let capturedEnv;
|
|
18
|
+
let capturedCwd;
|
|
19
|
+
dockerExecSpy
|
|
20
|
+
.mockResolvedValueOnce({
|
|
21
|
+
stdout: "/app/node_modules/@anthropic-ai/sandbox-runtime/dist/cli.js\n",
|
|
22
|
+
stderr: "",
|
|
23
|
+
exitCode: 0
|
|
24
|
+
})
|
|
25
|
+
.mockImplementationOnce(async (_dockerConfig, args) => {
|
|
26
|
+
// Command is wrapped as: ["bash", "-lc", "node <cli> --settings <path> -c <cmd>"]
|
|
27
|
+
const bashCmd = args.command[2] ?? "";
|
|
28
|
+
const settingsMatch = bashCmd.match(/--settings\s+(\S+)/);
|
|
29
|
+
const settingsContainerPath = settingsMatch?.[1];
|
|
30
|
+
if (!settingsContainerPath) {
|
|
31
|
+
throw new Error("Expected --settings path in bash command string.");
|
|
32
|
+
}
|
|
33
|
+
capturedSettingsHostPath = sandboxPathContainerToHost(homeDir, userId, settingsContainerPath);
|
|
34
|
+
const rawConfig = await fs.readFile(capturedSettingsHostPath, "utf8");
|
|
35
|
+
capturedRuntimeConfig = JSON.parse(rawConfig);
|
|
36
|
+
capturedEnv = args.env;
|
|
37
|
+
capturedCwd = args.cwd;
|
|
38
|
+
return {
|
|
39
|
+
stdout: "done",
|
|
40
|
+
stderr: "",
|
|
41
|
+
exitCode: 0
|
|
42
|
+
};
|
|
43
|
+
});
|
|
44
|
+
const result = await dockerRunInSandbox("echo ok", {
|
|
45
|
+
filesystem: {
|
|
46
|
+
allowWrite: [homeDir, path.join(homeDir, "desktop")],
|
|
47
|
+
denyRead: [path.join(homeDir, ".ssh")],
|
|
48
|
+
denyWrite: [path.join(homeDir, ".aws")]
|
|
49
|
+
},
|
|
50
|
+
network: {
|
|
51
|
+
allowedDomains: ["example.com"],
|
|
52
|
+
deniedDomains: []
|
|
53
|
+
}
|
|
54
|
+
}, {
|
|
55
|
+
cwd: path.join(homeDir, "desktop", "project"),
|
|
56
|
+
home: homeDir,
|
|
57
|
+
docker: {
|
|
58
|
+
image: "daycare-sandbox",
|
|
59
|
+
tag: "latest",
|
|
60
|
+
userId
|
|
61
|
+
}
|
|
62
|
+
});
|
|
63
|
+
expect(result).toEqual({
|
|
64
|
+
stdout: "done",
|
|
65
|
+
stderr: ""
|
|
66
|
+
});
|
|
67
|
+
expect(capturedRuntimeConfig).toEqual({
|
|
68
|
+
filesystem: {
|
|
69
|
+
allowWrite: ["/home", "/home/desktop"],
|
|
70
|
+
denyRead: ["/home/.ssh"],
|
|
71
|
+
denyWrite: ["/home/.aws"]
|
|
72
|
+
},
|
|
73
|
+
network: {
|
|
74
|
+
allowedDomains: ["example.com"],
|
|
75
|
+
deniedDomains: []
|
|
76
|
+
}
|
|
77
|
+
});
|
|
78
|
+
expect(capturedEnv?.HOME).toBe("/home");
|
|
79
|
+
expect(capturedEnv?.TMPDIR).toBe("/home/.tmp");
|
|
80
|
+
expect(capturedCwd).toBe("/home/desktop/project");
|
|
81
|
+
await expect(fs.access(capturedSettingsHostPath ?? "")).rejects.toThrow();
|
|
82
|
+
dockerExecSpy.mockRestore();
|
|
83
|
+
await fs.rm(workspace, { recursive: true, force: true });
|
|
84
|
+
});
|
|
85
|
+
it("throws exec-like error when container command fails", async () => {
|
|
86
|
+
const workspace = await fs.mkdtemp(path.join(os.tmpdir(), "daycare-docker-run-fail-"));
|
|
87
|
+
const homeDir = path.join(workspace, "home");
|
|
88
|
+
await fs.mkdir(homeDir, { recursive: true });
|
|
89
|
+
const dockerExecSpy = vi.spyOn(dockerContainersShared, "exec");
|
|
90
|
+
dockerExecSpy
|
|
91
|
+
.mockResolvedValueOnce({
|
|
92
|
+
stdout: "/app/node_modules/@anthropic-ai/sandbox-runtime/dist/cli.js\n",
|
|
93
|
+
stderr: "",
|
|
94
|
+
exitCode: 0
|
|
95
|
+
})
|
|
96
|
+
.mockResolvedValueOnce({
|
|
97
|
+
stdout: "partial",
|
|
98
|
+
stderr: "failed",
|
|
99
|
+
exitCode: 17
|
|
100
|
+
});
|
|
101
|
+
await expect(dockerRunInSandbox("bad", {
|
|
102
|
+
filesystem: {
|
|
103
|
+
allowWrite: [homeDir],
|
|
104
|
+
denyRead: [],
|
|
105
|
+
denyWrite: []
|
|
106
|
+
},
|
|
107
|
+
network: {
|
|
108
|
+
allowedDomains: ["example.com"],
|
|
109
|
+
deniedDomains: []
|
|
110
|
+
}
|
|
111
|
+
}, {
|
|
112
|
+
home: homeDir,
|
|
113
|
+
docker: {
|
|
114
|
+
image: "daycare-sandbox",
|
|
115
|
+
tag: "latest",
|
|
116
|
+
userId: "u123"
|
|
117
|
+
}
|
|
118
|
+
})).rejects.toMatchObject({
|
|
119
|
+
code: 17,
|
|
120
|
+
stdout: "partial",
|
|
121
|
+
stderr: "failed"
|
|
122
|
+
});
|
|
123
|
+
dockerExecSpy.mockRestore();
|
|
124
|
+
await fs.rm(workspace, { recursive: true, force: true });
|
|
125
|
+
});
|
|
126
|
+
});
|
|
127
|
+
//# sourceMappingURL=dockerRunInSandbox.spec.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"dockerRunInSandbox.spec.js","sourceRoot":"","sources":["../../../sources/sandbox/docker/dockerRunInSandbox.spec.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,IAAI,EAAE,EAAE,MAAM,SAAS,CAAC;AACzC,OAAO,EAAE,MAAM,SAAS,CAAC;AACzB,OAAO,IAAI,MAAM,WAAW,CAAC;AAE7B,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAE,EAAE,EAAE,EAAE,EAAE,MAAM,QAAQ,CAAC;AAElD,OAAO,EAAE,0BAA0B,EAAE,MAAM,kCAAkC,CAAC;AAC9E,OAAO,EAAE,sBAAsB,EAAE,MAAM,6BAA6B,CAAC;AACrE,OAAO,EAAE,kBAAkB,EAAE,MAAM,yBAAyB,CAAC;AAE7D,QAAQ,CAAC,oBAAoB,EAAE,GAAG,EAAE;IAChC,EAAE,CAAC,yDAAyD,EAAE,KAAK,IAAI,EAAE;QACrE,MAAM,SAAS,GAAG,MAAM,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,MAAM,EAAE,EAAE,qBAAqB,CAAC,CAAC,CAAC;QAClF,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,MAAM,CAAC,CAAC;QAC7C,MAAM,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,SAAS,EAAE,SAAS,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QAE9E,MAAM,MAAM,GAAG,MAAM,CAAC;QACtB,MAAM,aAAa,GAAG,EAAE,CAAC,KAAK,CAAC,sBAAsB,EAAE,MAAM,CAAC,CAAC;QAC/D,IAAI,qBAAqB,GAAmC,IAAI,CAAC;QACjE,IAAI,wBAAwB,GAAkB,IAAI,CAAC;QACnD,IAAI,WAA0C,CAAC;QAC/C,IAAI,WAA+B,CAAC;QAEpC,aAAa;aACR,qBAAqB,CAAC;YACnB,MAAM,EAAE,+DAA+D;YACvE,MAAM,EAAE,EAAE;YACV,QAAQ,EAAE,CAAC;SACd,CAAC;aACD,sBAAsB,CAAC,KAAK,EAAE,aAAa,EAAE,IAAI,EAAE,EAAE;YAClD,kFAAkF;YAClF,MAAM,OAAO,GAAG,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;YACtC,MAAM,aAAa,GAAG,OAAO,CAAC,KAAK,CAAC,oBAAoB,CAAC,CAAC;YAC1D,MAAM,qBAAqB,GAAG,aAAa,EAAE,CAAC,CAAC,CAAC,CAAC;YACjD,IAAI,CAAC,qBAAqB,EAAE,CAAC;gBACzB,MAAM,IAAI,KAAK,CAAC,kDAAkD,CAAC,CAAC;YACxE,CAAC;YACD,wBAAwB,GAAG,0BAA0B,CAAC,OAAO,EAAE,MAAM,EAAE,qBAAqB,CAAC,CAAC;YAC9F,MAAM,SAAS,GAAG,MAAM,EAAE,CAAC,QAAQ,CAAC,wBAAwB,EAAE,MAAM,CAAC,CAAC;YACtE,qBAAqB,GAAG,IAAI,CAAC,KAAK,CAAC,SAAS,CAA4B,CAAC;YACzE,WAAW,GAAG,IAAI,CAAC,GAAG,CAAC;YACvB,WAAW,GAAG,IAAI,CAAC,GAAG,CAAC;YAEvB,OAAO;gBACH,MAAM,EAAE,MAAM;gBACd,MAAM,EAAE,EAAE;gBACV,QAAQ,EAAE,CAAC;aACd,CAAC;QACN,CAAC,CAAC,CAAC;QAEP,MAAM,MAAM,GAAG,MAAM,kBAAkB,CACnC,SAAS,EACT;YACI,UAAU,EAAE;gBACR,UAAU,EAAE,CAAC,OAAO,EAAE,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,SAAS,CAAC,CAAC;gBACpD,QAAQ,EAAE,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;gBACtC,SAAS,EAAE,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;aAC1C;YACD,OAAO,EAAE;gBACL,cAAc,EAAE,CAAC,aAAa,CAAC;gBAC/B,aAAa,EAAE,EAAE;aACpB;SACJ,EACD;YACI,GAAG,EAAE,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,SAAS,EAAE,SAAS,CAAC;YAC7C,IAAI,EAAE,OAAO;YACb,MAAM,EAAE;gBACJ,KAAK,EAAE,iBAAiB;gBACxB,GAAG,EAAE,QAAQ;gBACb,MAAM;aACT;SACJ,CACJ,CAAC;QAEF,MAAM,CAAC,MAAM,CAAC,CAAC,OAAO,CAAC;YACnB,MAAM,EAAE,MAAM;YACd,MAAM,EAAE,EAAE;SACb,CAAC,CAAC;QACH,MAAM,CAAC,qBAAqB,CAAC,CAAC,OAAO,CAAC;YAClC,UAAU,EAAE;gBACR,UAAU,EAAE,CAAC,OAAO,EAAE,eAAe,CAAC;gBACtC,QAAQ,EAAE,CAAC,YAAY,CAAC;gBACxB,SAAS,EAAE,CAAC,YAAY,CAAC;aAC5B;YACD,OAAO,EAAE;gBACL,cAAc,EAAE,CAAC,aAAa,CAAC;gBAC/B,aAAa,EAAE,EAAE;aACpB;SACJ,CAAC,CAAC;QACH,MAAM,CAAC,WAAW,EAAE,IAAI,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QACxC,MAAM,CAAC,WAAW,EAAE,MAAM,CAAC,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;QAC/C,MAAM,CAAC,WAAW,CAAC,CAAC,IAAI,CAAC,uBAAuB,CAAC,CAAC;QAClD,MAAM,MAAM,CAAC,EAAE,CAAC,MAAM,CAAC,wBAAwB,IAAI,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,OAAO,EAAE,CAAC;QAC1E,aAAa,CAAC,WAAW,EAAE,CAAC;QAC5B,MAAM,EAAE,CAAC,EAAE,CAAC,SAAS,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;IAC7D,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,qDAAqD,EAAE,KAAK,IAAI,EAAE;QACjE,MAAM,SAAS,GAAG,MAAM,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,MAAM,EAAE,EAAE,0BAA0B,CAAC,CAAC,CAAC;QACvF,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,MAAM,CAAC,CAAC;QAC7C,MAAM,EAAE,CAAC,KAAK,CAAC,OAAO,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QAE7C,MAAM,aAAa,GAAG,EAAE,CAAC,KAAK,CAAC,sBAAsB,EAAE,MAAM,CAAC,CAAC;QAC/D,aAAa;aACR,qBAAqB,CAAC;YACnB,MAAM,EAAE,+DAA+D;YACvE,MAAM,EAAE,EAAE;YACV,QAAQ,EAAE,CAAC;SACd,CAAC;aACD,qBAAqB,CAAC;YACnB,MAAM,EAAE,SAAS;YACjB,MAAM,EAAE,QAAQ;YAChB,QAAQ,EAAE,EAAE;SACf,CAAC,CAAC;QAEP,MAAM,MAAM,CACR,kBAAkB,CACd,KAAK,EACL;YACI,UAAU,EAAE;gBACR,UAAU,EAAE,CAAC,OAAO,CAAC;gBACrB,QAAQ,EAAE,EAAE;gBACZ,SAAS,EAAE,EAAE;aAChB;YACD,OAAO,EAAE;gBACL,cAAc,EAAE,CAAC,aAAa,CAAC;gBAC/B,aAAa,EAAE,EAAE;aACpB;SACJ,EACD;YACI,IAAI,EAAE,OAAO;YACb,MAAM,EAAE;gBACJ,KAAK,EAAE,iBAAiB;gBACxB,GAAG,EAAE,QAAQ;gBACb,MAAM,EAAE,MAAM;aACjB;SACJ,CACJ,CACJ,CAAC,OAAO,CAAC,aAAa,CAAC;YACpB,IAAI,EAAE,EAAE;YACR,MAAM,EAAE,SAAS;YACjB,MAAM,EAAE,QAAQ;SACnB,CAAC,CAAC;QAEH,aAAa,CAAC,WAAW,EAAE,CAAC;QAC5B,MAAM,EAAE,CAAC,EAAE,CAAC,SAAS,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;IAC7D,CAAC,CAAC,CAAC;AACP,CAAC,CAAC,CAAC"}
|
|
@@ -0,0 +1,23 @@
|
|
|
1
|
+
import type Docker from "dockerode";
|
|
2
|
+
export type DockerContainerConfig = {
|
|
3
|
+
image: string;
|
|
4
|
+
tag: string;
|
|
5
|
+
socketPath?: string;
|
|
6
|
+
runtime?: string;
|
|
7
|
+
userId: string;
|
|
8
|
+
hostHomeDir: string;
|
|
9
|
+
};
|
|
10
|
+
export type DockerContainerExecArgs = {
|
|
11
|
+
command: string[];
|
|
12
|
+
cwd?: string;
|
|
13
|
+
env?: NodeJS.ProcessEnv;
|
|
14
|
+
timeoutMs?: number;
|
|
15
|
+
maxBufferBytes?: number;
|
|
16
|
+
};
|
|
17
|
+
export type DockerContainerExecResult = {
|
|
18
|
+
stdout: string;
|
|
19
|
+
stderr: string;
|
|
20
|
+
exitCode: number | null;
|
|
21
|
+
};
|
|
22
|
+
export type DockerContainer = Docker.Container;
|
|
23
|
+
//# sourceMappingURL=dockerTypes.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"dockerTypes.d.ts","sourceRoot":"","sources":["../../../sources/sandbox/docker/dockerTypes.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,MAAM,MAAM,WAAW,CAAC;AAEpC,MAAM,MAAM,qBAAqB,GAAG;IAChC,KAAK,EAAE,MAAM,CAAC;IACd,GAAG,EAAE,MAAM,CAAC;IACZ,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,MAAM,EAAE,MAAM,CAAC;IACf,WAAW,EAAE,MAAM,CAAC;CACvB,CAAC;AAEF,MAAM,MAAM,uBAAuB,GAAG;IAClC,OAAO,EAAE,MAAM,EAAE,CAAC;IAClB,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,GAAG,CAAC,EAAE,MAAM,CAAC,UAAU,CAAC;IACxB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,cAAc,CAAC,EAAE,MAAM,CAAC;CAC3B,CAAC;AAEF,MAAM,MAAM,yBAAyB,GAAG;IACpC,MAAM,EAAE,MAAM,CAAC;IACf,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAC;CAC3B,CAAC;AAEF,MAAM,MAAM,eAAe,GAAG,MAAM,CAAC,SAAS,CAAC"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"dockerTypes.js","sourceRoot":"","sources":["../../../sources/sandbox/docker/dockerTypes.ts"],"names":[],"mappings":""}
|
|
@@ -1,9 +1,10 @@
|
|
|
1
1
|
import type { SessionPermissions } from "@/types";
|
|
2
|
-
import type { SandboxConfig, SandboxExecArgs, SandboxExecResult, SandboxReadArgs, SandboxReadResult, SandboxWriteArgs, SandboxWriteResult } from "./sandboxTypes.js";
|
|
2
|
+
import type { SandboxConfig, SandboxDockerConfig, SandboxExecArgs, SandboxExecResult, SandboxReadArgs, SandboxReadResult, SandboxWriteArgs, SandboxWriteResult } from "./sandboxTypes.js";
|
|
3
3
|
export declare class Sandbox {
|
|
4
4
|
readonly homeDir: string;
|
|
5
5
|
readonly workingDir: string;
|
|
6
6
|
readonly permissions: SessionPermissions;
|
|
7
|
+
readonly docker: SandboxDockerConfig | undefined;
|
|
7
8
|
constructor(config: SandboxConfig);
|
|
8
9
|
/**
|
|
9
10
|
* Read from the host filesystem with sandbox read checks.
|
|
@@ -22,5 +23,6 @@ export declare class Sandbox {
|
|
|
22
23
|
exec(args: SandboxExecArgs): Promise<SandboxExecResult>;
|
|
23
24
|
private permissionsEffectiveResolve;
|
|
24
25
|
private readInputPathResolve;
|
|
26
|
+
private pathContainerToHost;
|
|
25
27
|
}
|
|
26
28
|
//# sourceMappingURL=sandbox.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"sandbox.d.ts","sourceRoot":"","sources":["../../sources/sandbox/sandbox.ts"],"names":[],"mappings":"AAIA,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,SAAS,CAAC;
|
|
1
|
+
{"version":3,"file":"sandbox.d.ts","sourceRoot":"","sources":["../../sources/sandbox/sandbox.ts"],"names":[],"mappings":"AAIA,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,SAAS,CAAC;AAelD,OAAO,KAAK,EACR,aAAa,EACb,mBAAmB,EACnB,eAAe,EACf,iBAAiB,EACjB,eAAe,EACf,iBAAiB,EACjB,gBAAgB,EAChB,kBAAkB,EACrB,MAAM,mBAAmB,CAAC;AAkB3B,qBAAa,OAAO;IAChB,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;IACzB,QAAQ,CAAC,UAAU,EAAE,MAAM,CAAC;IAC5B,QAAQ,CAAC,WAAW,EAAE,kBAAkB,CAAC;IACzC,QAAQ,CAAC,MAAM,EAAE,mBAAmB,GAAG,SAAS,CAAC;gBAErC,MAAM,EAAE,aAAa;IAOjC;;;OAGG;IACG,IAAI,CAAC,IAAI,EAAE,eAAe,GAAG,OAAO,CAAC,iBAAiB,CAAC;IA8F7D;;;OAGG;IACG,KAAK,CAAC,IAAI,EAAE,gBAAgB,GAAG,OAAO,CAAC,kBAAkB,CAAC;IAiChE;;;OAGG;IACG,IAAI,CAAC,IAAI,EAAE,eAAe,GAAG,OAAO,CAAC,iBAAiB,CAAC;IA+E7D,OAAO,CAAC,2BAA2B;YAarB,oBAAoB;IA0BlC,OAAO,CAAC,mBAAmB;CAM9B"}
|
package/dist/sandbox/sandbox.js
CHANGED
|
@@ -1,7 +1,10 @@
|
|
|
1
1
|
import { promises as fs } from "node:fs";
|
|
2
2
|
import path from "node:path";
|
|
3
3
|
import { resolveWorkspacePath } from "../engine/permissions.js";
|
|
4
|
+
import { getLogger } from "../log.js";
|
|
4
5
|
import { envNormalize } from "../util/envNormalize.js";
|
|
6
|
+
const logger = getLogger("sandbox");
|
|
7
|
+
import { dockerRunInSandbox } from "./docker/dockerRunInSandbox.js";
|
|
5
8
|
import { isWithinSecure, openSecure } from "./pathResolveSecure.js";
|
|
6
9
|
import { runInSandbox } from "./runtime.js";
|
|
7
10
|
import { sandboxAllowedDomainsResolve } from "./sandboxAllowedDomainsResolve.js";
|
|
@@ -9,6 +12,7 @@ import { sandboxAllowedDomainsValidate } from "./sandboxAllowedDomainsValidate.j
|
|
|
9
12
|
import { sandboxCanRead } from "./sandboxCanRead.js";
|
|
10
13
|
import { sandboxCanWrite } from "./sandboxCanWrite.js";
|
|
11
14
|
import { sandboxFilesystemPolicyBuild } from "./sandboxFilesystemPolicyBuild.js";
|
|
15
|
+
import { sandboxPathContainerToHost } from "./sandboxPathContainerToHost.js";
|
|
12
16
|
const READ_MAX_LINES = 2000;
|
|
13
17
|
const READ_MAX_BYTES = 50 * 1024;
|
|
14
18
|
const DEFAULT_EXEC_TIMEOUT = 30_000;
|
|
@@ -19,10 +23,12 @@ export class Sandbox {
|
|
|
19
23
|
homeDir;
|
|
20
24
|
workingDir;
|
|
21
25
|
permissions;
|
|
26
|
+
docker;
|
|
22
27
|
constructor(config) {
|
|
23
28
|
this.homeDir = path.resolve(config.homeDir);
|
|
24
29
|
this.workingDir = path.resolve(config.permissions.workingDir);
|
|
25
30
|
this.permissions = config.permissions;
|
|
31
|
+
this.docker = config.docker;
|
|
26
32
|
}
|
|
27
33
|
/**
|
|
28
34
|
* Read from the host filesystem with sandbox read checks.
|
|
@@ -119,9 +125,10 @@ export class Sandbox {
|
|
|
119
125
|
*/
|
|
120
126
|
async write(args) {
|
|
121
127
|
const permissions = this.permissionsEffectiveResolve();
|
|
122
|
-
|
|
123
|
-
|
|
124
|
-
|
|
128
|
+
const targetPath = this.pathContainerToHost(args.path);
|
|
129
|
+
sandboxPathAbsoluteEnsure(targetPath);
|
|
130
|
+
await pathRejectIfSymlink(targetPath, "Cannot write to symbolic link.");
|
|
131
|
+
const resolvedPath = await sandboxCanWrite(permissions, targetPath);
|
|
125
132
|
await fs.mkdir(path.dirname(resolvedPath), { recursive: true });
|
|
126
133
|
try {
|
|
127
134
|
const stats = await fs.lstat(resolvedPath);
|
|
@@ -166,21 +173,36 @@ export class Sandbox {
|
|
|
166
173
|
workingDir: permissions.workingDir,
|
|
167
174
|
homeDir: this.homeDir
|
|
168
175
|
});
|
|
176
|
+
const useDocker = this.docker?.enabled === true;
|
|
177
|
+
logger.debug(`exec: command=${JSON.stringify(args.command)} cwd=${cwd} docker=${useDocker}`);
|
|
169
178
|
try {
|
|
170
|
-
const
|
|
179
|
+
const runtimeConfig = {
|
|
171
180
|
filesystem,
|
|
172
181
|
network: {
|
|
173
182
|
allowedDomains,
|
|
174
183
|
deniedDomains: []
|
|
175
184
|
},
|
|
176
185
|
enableWeakerNestedSandbox: true
|
|
177
|
-
}
|
|
186
|
+
};
|
|
187
|
+
const runtimeOptions = {
|
|
178
188
|
cwd,
|
|
179
189
|
env,
|
|
180
190
|
home: this.homeDir,
|
|
181
191
|
timeoutMs: args.timeoutMs ?? DEFAULT_EXEC_TIMEOUT,
|
|
182
192
|
maxBufferBytes: MAX_EXEC_BUFFER
|
|
183
|
-
}
|
|
193
|
+
};
|
|
194
|
+
const result = useDocker
|
|
195
|
+
? await dockerRunInSandbox(args.command, runtimeConfig, {
|
|
196
|
+
...runtimeOptions,
|
|
197
|
+
docker: {
|
|
198
|
+
image: this.docker.image,
|
|
199
|
+
tag: this.docker.tag,
|
|
200
|
+
socketPath: this.docker.socketPath,
|
|
201
|
+
runtime: this.docker.runtime,
|
|
202
|
+
userId: this.docker.userId
|
|
203
|
+
}
|
|
204
|
+
})
|
|
205
|
+
: await runInSandbox(args.command, runtimeConfig, runtimeOptions);
|
|
184
206
|
return {
|
|
185
207
|
stdout: sandboxText(result.stdout),
|
|
186
208
|
stderr: sandboxText(result.stderr),
|
|
@@ -192,10 +214,14 @@ export class Sandbox {
|
|
|
192
214
|
}
|
|
193
215
|
catch (error) {
|
|
194
216
|
const execError = error;
|
|
217
|
+
const exitCode = typeof execError.code === "number" ? execError.code : null;
|
|
218
|
+
const stderr = sandboxText(execError.stderr);
|
|
219
|
+
logger.warn(`exec: failed exitCode=${exitCode} signal=${execError.signal ?? "none"} error=${execError.message}` +
|
|
220
|
+
(stderr ? ` stderr=${stderr.slice(0, 500)}` : ""));
|
|
195
221
|
return {
|
|
196
222
|
stdout: sandboxText(execError.stdout),
|
|
197
|
-
stderr
|
|
198
|
-
exitCode
|
|
223
|
+
stderr,
|
|
224
|
+
exitCode,
|
|
199
225
|
signal: typeof execError.signal === "string" ? execError.signal : null,
|
|
200
226
|
failed: true,
|
|
201
227
|
cwd
|
|
@@ -214,7 +240,8 @@ export class Sandbox {
|
|
|
214
240
|
}
|
|
215
241
|
async readInputPathResolve(rawPath) {
|
|
216
242
|
const normalized = sandboxReadPathNormalize(rawPath, this.homeDir);
|
|
217
|
-
const
|
|
243
|
+
const rewritten = this.pathContainerToHost(normalized);
|
|
244
|
+
const resolved = path.isAbsolute(rewritten) ? rewritten : path.resolve(this.workingDir, rewritten);
|
|
218
245
|
if (await pathExists(resolved)) {
|
|
219
246
|
return resolved;
|
|
220
247
|
}
|
|
@@ -236,6 +263,12 @@ export class Sandbox {
|
|
|
236
263
|
}
|
|
237
264
|
return resolved;
|
|
238
265
|
}
|
|
266
|
+
pathContainerToHost(targetPath) {
|
|
267
|
+
if (!this.docker?.enabled) {
|
|
268
|
+
return targetPath;
|
|
269
|
+
}
|
|
270
|
+
return sandboxPathContainerToHost(this.homeDir, this.docker.userId, targetPath);
|
|
271
|
+
}
|
|
239
272
|
}
|
|
240
273
|
function sandboxReadPathNormalize(rawPath, homeDir) {
|
|
241
274
|
const withoutAtPrefix = rawPath.startsWith("@") ? rawPath.slice(1) : rawPath;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"sandbox.js","sourceRoot":"","sources":["../../sources/sandbox/sandbox.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,QAAQ,IAAI,EAAE,EAAE,MAAM,SAAS,CAAC;AACzC,OAAO,IAAI,MAAM,WAAW,CAAC;AAG7B,OAAO,EAAE,oBAAoB,EAAE,MAAM,0BAA0B,CAAC;AAChE,OAAO,EAAE,YAAY,EAAE,MAAM,yBAAyB,CAAC;AACvD,OAAO,EAAE,cAAc,EAAE,UAAU,EAAE,MAAM,wBAAwB,CAAC;AACpE,OAAO,EAAE,YAAY,EAAE,MAAM,cAAc,CAAC;AAC5C,OAAO,EAAE,4BAA4B,EAAE,MAAM,mCAAmC,CAAC;AACjF,OAAO,EAAE,6BAA6B,EAAE,MAAM,oCAAoC,CAAC;AACnF,OAAO,EAAE,cAAc,EAAE,MAAM,qBAAqB,CAAC;AACrD,OAAO,EAAE,eAAe,EAAE,MAAM,sBAAsB,CAAC;AACvD,OAAO,EAAE,4BAA4B,EAAE,MAAM,mCAAmC,CAAC;AAWjF,MAAM,cAAc,GAAG,IAAI,CAAC;AAC5B,MAAM,cAAc,GAAG,EAAE,GAAG,IAAI,CAAC;AACjC,MAAM,oBAAoB,GAAG,MAAM,CAAC;AACpC,MAAM,eAAe,GAAG,SAAS,CAAC;AAClC,MAAM,cAAc,GAAG,0CAA0C,CAAC;AAClE,MAAM,qBAAqB,GAAG,QAAQ,CAAC;AAWvC,MAAM,OAAO,OAAO;IACP,OAAO,CAAS;IAChB,UAAU,CAAS;IACnB,WAAW,CAAqB;IAEzC,YAAY,MAAqB;QAC7B,IAAI,CAAC,OAAO,GAAG,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;QAC5C,IAAI,CAAC,UAAU,GAAG,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,WAAW,CAAC,UAAU,CAAC,CAAC;QAC9D,IAAI,CAAC,WAAW,GAAG,MAAM,CAAC,WAAW,CAAC;IAC1C,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,IAAI,CAAC,IAAqB;QAC5B,MAAM,WAAW,GAAG,IAAI,CAAC,2BAA2B,EAAE,CAAC;QACvD,MAAM,UAAU,GAAG,MAAM,IAAI,CAAC,oBAAoB,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC9D,MAAM,mBAAmB,CAAC,UAAU,EAAE,qCAAqC,CAAC,CAAC;QAC7E,MAAM,YAAY,GAAG,MAAM,cAAc,CAAC,WAAW,EAAE,UAAU,CAAC,CAAC;QAEnE,MAAM,KAAK,GAAG,MAAM,EAAE,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC;QAC3C,IAAI,KAAK,CAAC,cAAc,EAAE,EAAE,CAAC;YACzB,MAAM,IAAI,KAAK,CAAC,qCAAqC,CAAC,CAAC;QAC3D,CAAC;QACD,IAAI,CAAC,KAAK,CAAC,MAAM,EAAE,EAAE,CAAC;YAClB,MAAM,IAAI,KAAK,CAAC,qBAAqB,CAAC,CAAC;QAC3C,CAAC;QAED,MAAM,WAAW,GAAG,kBAAkB,CAAC,IAAI,CAAC,UAAU,EAAE,YAAY,CAAC,CAAC;QACtE,IAAI,IAAI,CAAC,MAAM,KAAK,IAAI,EAAE,CAAC;YACvB,MAAM,aAAa,GAAG,MAAM,oBAAoB,CAAC,YAAY,CAAC,CAAC;YAC/D,OAAO;gBACH,IAAI,EAAE,QAAQ;gBACd,OAAO,EAAE,aAAa;gBACtB,KAAK,EAAE,KAAK,CAAC,IAAI;gBACjB,YAAY;gBACZ,WAAW;aACd,CAAC;QACN,CAAC;QAED,MAAM,QAAQ,GAAG,MAAM,oCAAoC,CAAC,YAAY,CAAC,CAAC;QAC1E,IAAI,QAAQ,EAAE,CAAC;YACX,MAAM,YAAY,GAAG,MAAM,oBAAoB,CAAC,YAAY,CAAC,CAAC;YAC9D,OAAO;gBACH,IAAI,EAAE,OAAO;gBACb,OAAO,EAAE,YAAY;gBACrB,KAAK,EAAE,KAAK,CAAC,IAAI;gBACjB,QAAQ;gBACR,YAAY;gBACZ,WAAW;aACd,CAAC;QACN,CAAC;QAED,MAAM,WAAW,GAAG,MAAM,kBAAkB,CAAC,YAAY,CAAC,CAAC;QAC3D,MAAM,QAAQ,GAAG,WAAW,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QACzC,MAAM,cAAc,GAAG,QAAQ,CAAC,MAAM,CAAC;QACvC,MAAM,SAAS,GAAG,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,IAAI,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;QACjE,IAAI,SAAS,IAAI,QAAQ,CAAC,MAAM,EAAE,CAAC;YAC/B,MAAM,IAAI,KAAK,CAAC,UAAU,IAAI,CAAC,MAAM,2BAA2B,QAAQ,CAAC,MAAM,eAAe,CAAC,CAAC;QACpG,CAAC;QAED,IAAI,eAAe,GAAG,QAAQ,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC3D,IAAI,gBAAoC,CAAC;QACzC,IAAI,IAAI,CAAC,KAAK,KAAK,SAAS,EAAE,CAAC;YAC3B,MAAM,OAAO,GAAG,IAAI,CAAC,GAAG,CAAC,SAAS,GAAG,IAAI,CAAC,KAAK,EAAE,QAAQ,CAAC,MAAM,CAAC,CAAC;YAClE,eAAe,GAAG,QAAQ,CAAC,KAAK,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAChE,gBAAgB,GAAG,OAAO,GAAG,SAAS,CAAC;QAC3C,CAAC;QAED,IAAI,IAAI,CAAC,GAAG,KAAK,IAAI,EAAE,CAAC;YACpB,OAAO;gBACH,IAAI,EAAE,MAAM;gBACZ,OAAO,EAAE,eAAe;gBACxB,KAAK,EAAE,KAAK,CAAC,IAAI;gBACjB,UAAU,EAAE,cAAc;gBAC1B,WAAW,EAAE,eAAe,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,MAAM;gBAC/C,SAAS,EAAE,KAAK;gBAChB,WAAW,EAAE,IAAI;gBACjB,YAAY;gBACZ,WAAW;aACd,CAAC;QACN,CAAC;QAED,MAAM,gBAAgB,GAAG,SAAS,GAAG,CAAC,CAAC;QACvC,MAAM,UAAU,GAAG,YAAY,CAAC,eAAe,CAAC,CAAC;QACjD,MAAM,UAAU,GAAG,sBAAsB,CAAC;YACtC,UAAU;YACV,QAAQ;YACR,aAAa,EAAE,IAAI,CAAC,IAAI;YACxB,cAAc;YACd,SAAS;YACT,gBAAgB;YAChB,gBAAgB;SACnB,CAAC,CAAC;QAEH,OAAO;YACH,IAAI,EAAE,MAAM;YACZ,OAAO,EAAE,UAAU;YACnB,KAAK,EAAE,KAAK,CAAC,IAAI;YACjB,UAAU,EAAE,cAAc;YAC1B,WAAW,EAAE,UAAU,CAAC,WAAW;YACnC,SAAS,EAAE,UAAU,CAAC,SAAS;YAC/B,WAAW,EAAE,UAAU,CAAC,WAAW;YACnC,YAAY;YACZ,WAAW;SACd,CAAC;IACN,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,KAAK,CAAC,IAAsB;QAC9B,MAAM,WAAW,GAAG,IAAI,CAAC,2BAA2B,EAAE,CAAC;QACvD,yBAAyB,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACrC,MAAM,mBAAmB,CAAC,IAAI,CAAC,IAAI,EAAE,gCAAgC,CAAC,CAAC;QACvE,MAAM,YAAY,GAAG,MAAM,eAAe,CAAC,WAAW,EAAE,IAAI,CAAC,IAAI,CAAC,CAAC;QACnE,MAAM,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,YAAY,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QAEhE,IAAI,CAAC;YACD,MAAM,KAAK,GAAG,MAAM,EAAE,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC;YAC3C,IAAI,KAAK,CAAC,cAAc,EAAE,EAAE,CAAC;gBACzB,MAAM,IAAI,KAAK,CAAC,gCAAgC,CAAC,CAAC;YACtD,CAAC;QACL,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACb,IAAK,KAA+B,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;gBACrD,MAAM,KAAK,CAAC;YAChB,CAAC;QACL,CAAC;QAED,MAAM,MAAM,GAAG,MAAM,EAAE,CAAC,IAAI,CAAC,YAAY,EAAE,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC;QACpE,IAAI,CAAC;YACD,MAAM,MAAM,CAAC,SAAS,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QACzC,CAAC;gBAAS,CAAC;YACP,MAAM,MAAM,CAAC,KAAK,EAAE,CAAC;QACzB,CAAC;QAED,OAAO;YACH,KAAK,EAAE,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC,CAAC,MAAM,CAAC,UAAU,CAAC,IAAI,CAAC,OAAO,EAAE,MAAM,CAAC;YACxG,YAAY;YACZ,WAAW,EAAE,eAAe,CAAC,IAAI,CAAC,OAAO,EAAE,YAAY,CAAC;SAC3D,CAAC;IACN,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,IAAI,CAAC,IAAqB;QAC5B,MAAM,WAAW,GAAG,IAAI,CAAC,2BAA2B,EAAE,CAAC;QACvD,MAAM,GAAG,GAAG,qBAAqB,CAAC,IAAI,CAAC,UAAU,EAAE,IAAI,CAAC,GAAG,CAAC,CAAC;QAC7D,MAAM,cAAc,GAAG,4BAA4B,CAAC,IAAI,CAAC,cAAc,EAAE,IAAI,CAAC,eAAe,CAAC,CAAC;QAC/F,MAAM,YAAY,GAAG,6BAA6B,CAAC,cAAc,CAAC,CAAC;QACnE,IAAI,YAAY,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC1B,MAAM,IAAI,KAAK,CAAC,YAAY,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;QAC5C,CAAC;QACD,MAAM,YAAY,GAAG,YAAY,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAC5C,MAAM,GAAG,GAAG,YAAY,CAAC,CAAC,CAAC,EAAE,GAAG,OAAO,CAAC,GAAG,EAAE,GAAG,YAAY,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC;QAC7E,MAAM,UAAU,GAAG,4BAA4B,CAAC;YAC5C,SAAS,EAAE,WAAW,CAAC,SAAS;YAChC,UAAU,EAAE,WAAW,CAAC,UAAU;YAClC,OAAO,EAAE,IAAI,CAAC,OAAO;SACxB,CAAC,CAAC;QAEH,IAAI,CAAC;YACD,MAAM,MAAM,GAAG,MAAM,YAAY,CAC7B,IAAI,CAAC,OAAO,EACZ;gBACI,UAAU;gBACV,OAAO,EAAE;oBACL,cAAc;oBACd,aAAa,EAAE,EAAE;iBACpB;gBACD,yBAAyB,EAAE,IAAI;aAClC,EACD;gBACI,GAAG;gBACH,GAAG;gBACH,IAAI,EAAE,IAAI,CAAC,OAAO;gBAClB,SAAS,EAAE,IAAI,CAAC,SAAS,IAAI,oBAAoB;gBACjD,cAAc,EAAE,eAAe;aAClC,CACJ,CAAC;YACF,OAAO;gBACH,MAAM,EAAE,WAAW,CAAC,MAAM,CAAC,MAAM,CAAC;gBAClC,MAAM,EAAE,WAAW,CAAC,MAAM,CAAC,MAAM,CAAC;gBAClC,QAAQ,EAAE,CAAC;gBACX,MAAM,EAAE,IAAI;gBACZ,MAAM,EAAE,KAAK;gBACb,GAAG;aACN,CAAC;QACN,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACb,MAAM,SAAS,GAAG,KAKjB,CAAC;YACF,OAAO;gBACH,MAAM,EAAE,WAAW,CAAC,SAAS,CAAC,MAAM,CAAC;gBACrC,MAAM,EAAE,WAAW,CAAC,SAAS,CAAC,MAAM,CAAC;gBACrC,QAAQ,EAAE,OAAO,SAAS,CAAC,IAAI,KAAK,QAAQ,CAAC,CAAC,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI;gBACpE,MAAM,EAAE,OAAO,SAAS,CAAC,MAAM,KAAK,QAAQ,CAAC,CAAC,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI;gBACtE,MAAM,EAAE,IAAI;gBACZ,GAAG;aACN,CAAC;QACN,CAAC;IACL,CAAC;IAEO,2BAA2B;QAC/B,MAAM,QAAQ,GAAG,IAAI,CAAC,WAAW,CAAC,QAAQ;YACtC,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;YAC/D,CAAC,CAAC,SAAS,CAAC;QAChB,OAAO;YACH,UAAU,EAAE,IAAI,CAAC,UAAU;YAC3B,SAAS,EAAE,KAAK,CAAC,IAAI,CACjB,IAAI,GAAG,CAAC,CAAC,GAAG,IAAI,CAAC,WAAW,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,IAAI,CAAC,OAAO,CAAC,CAAC,CAC7F;YACD,GAAG,CAAC,QAAQ,CAAC,CAAC,CAAC,EAAE,QAAQ,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;SACpC,CAAC;IACN,CAAC;IAEO,KAAK,CAAC,oBAAoB,CAAC,OAAe;QAC9C,MAAM,UAAU,GAAG,wBAAwB,CAAC,OAAO,EAAE,IAAI,CAAC,OAAO,CAAC,CAAC;QACnE,MAAM,QAAQ,GAAG,IAAI,CAAC,UAAU,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,UAAU,EAAE,UAAU,CAAC,CAAC;QACtG,IAAI,MAAM,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;YAC7B,OAAO,QAAQ,CAAC;QACpB,CAAC;QACD,MAAM,WAAW,GAAG,2BAA2B,CAAC,QAAQ,CAAC,CAAC;QAC1D,IAAI,WAAW,KAAK,QAAQ,IAAI,CAAC,MAAM,UAAU,CAAC,WAAW,CAAC,CAAC,EAAE,CAAC;YAC9D,OAAO,WAAW,CAAC;QACvB,CAAC;QACD,MAAM,UAAU,GAAG,QAAQ,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC;QAC7C,IAAI,UAAU,KAAK,QAAQ,IAAI,CAAC,MAAM,UAAU,CAAC,UAAU,CAAC,CAAC,EAAE,CAAC;YAC5D,OAAO,UAAU,CAAC;QACtB,CAAC;QACD,MAAM,YAAY,GAAG,QAAQ,CAAC,OAAO,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC;QACtD,IAAI,YAAY,KAAK,QAAQ,IAAI,CAAC,MAAM,UAAU,CAAC,YAAY,CAAC,CAAC,EAAE,CAAC;YAChE,OAAO,YAAY,CAAC;QACxB,CAAC;QACD,MAAM,eAAe,GAAG,UAAU,CAAC,OAAO,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC;QAC3D,IAAI,eAAe,KAAK,QAAQ,IAAI,CAAC,MAAM,UAAU,CAAC,eAAe,CAAC,CAAC,EAAE,CAAC;YACtE,OAAO,eAAe,CAAC;QAC3B,CAAC;QACD,OAAO,QAAQ,CAAC;IACpB,CAAC;CACJ;AAED,SAAS,wBAAwB,CAAC,OAAe,EAAE,OAAe;IAC9D,MAAM,eAAe,GAAG,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC;IAC7E,MAAM,UAAU,GAAG,eAAe,CAAC,OAAO,CAAC,cAAc,EAAE,GAAG,CAAC,CAAC;IAChE,IAAI,UAAU,KAAK,GAAG,EAAE,CAAC;QACrB,OAAO,OAAO,CAAC;IACnB,CAAC;IACD,IAAI,UAAU,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC;QAC9B,OAAO,OAAO,GAAG,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;IACzC,CAAC;IACD,OAAO,UAAU,CAAC;AACtB,CAAC;AAED,SAAS,2BAA2B,CAAC,MAAc;IAC/C,OAAO,MAAM,CAAC,OAAO,CAAC,aAAa,EAAE,GAAG,qBAAqB,KAAK,CAAC,CAAC;AACxE,CAAC;AAED,SAAS,sBAAsB,CAAC,KAQ/B;IACG,MAAM,EAAE,UAAU,EAAE,QAAQ,EAAE,aAAa,EAAE,cAAc,EAAE,SAAS,EAAE,gBAAgB,EAAE,gBAAgB,EAAE,GACxG,KAAK,CAAC;IACV,IAAI,UAAU,CAAC,qBAAqB,EAAE,CAAC;QACnC,MAAM,aAAa,GAAG,iBAAiB,CAAC,MAAM,CAAC,UAAU,CAAC,QAAQ,CAAC,SAAS,CAAC,IAAI,EAAE,EAAE,MAAM,CAAC,CAAC,CAAC;QAC9F,OAAO,SAAS,gBAAgB,OAAO,aAAa,aAAa,iBAAiB,CAAC,cAAc,CAAC,6BAA6B,gBAAgB,MAAM,aAAa,cAAc,cAAc,GAAG,CAAC;IACtM,CAAC;IACD,IAAI,UAAU,CAAC,SAAS,EAAE,CAAC;QACvB,MAAM,cAAc,GAAG,gBAAgB,GAAG,UAAU,CAAC,WAAW,GAAG,CAAC,CAAC;QACrE,MAAM,UAAU,GAAG,cAAc,GAAG,CAAC,CAAC;QACtC,IAAI,UAAU,CAAC,WAAW,KAAK,OAAO,EAAE,CAAC;YACrC,OAAO,GAAG,UAAU,CAAC,OAAO,sBAAsB,gBAAgB,IAAI,cAAc,OAAO,cAAc,gBAAgB,UAAU,gBAAgB,CAAC;QACxJ,CAAC;QACD,OAAO,GAAG,UAAU,CAAC,OAAO,sBAAsB,gBAAgB,IAAI,cAAc,OAAO,cAAc,KAAK,iBAAiB,CAAC,cAAc,CAAC,uBAAuB,UAAU,gBAAgB,CAAC;IACrM,CAAC;IACD,IAAI,gBAAgB,KAAK,SAAS,IAAI,SAAS,GAAG,gBAAgB,GAAG,QAAQ,CAAC,MAAM,EAAE,CAAC;QACnF,MAAM,SAAS,GAAG,QAAQ,CAAC,MAAM,GAAG,CAAC,SAAS,GAAG,gBAAgB,CAAC,CAAC;QACnE,MAAM,UAAU,GAAG,SAAS,GAAG,gBAAgB,GAAG,CAAC,CAAC;QACpD,OAAO,GAAG,UAAU,CAAC,OAAO,QAAQ,SAAS,mCAAmC,UAAU,gBAAgB,CAAC;IAC/G,CAAC;IACD,OAAO,UAAU,CAAC,OAAO,CAAC;AAC9B,CAAC;AAED,SAAS,yBAAyB,CAAC,MAAc;IAC7C,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,EAAE,CAAC;QAC3B,MAAM,IAAI,KAAK,CAAC,wBAAwB,CAAC,CAAC;IAC9C,CAAC;AACL,CAAC;AAED,KAAK,UAAU,mBAAmB,CAAC,MAAc,EAAE,OAAe;IAC9D,IAAI,CAAC;QACD,MAAM,KAAK,GAAG,MAAM,EAAE,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;QACrC,IAAI,KAAK,CAAC,cAAc,EAAE,EAAE,CAAC;YACzB,MAAM,IAAI,KAAK,CAAC,OAAO,CAAC,CAAC;QAC7B,CAAC;IACL,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACb,IAAK,KAA+B,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;YACrD,MAAM,KAAK,CAAC;QAChB,CAAC;IACL,CAAC;AACL,CAAC;AAED,SAAS,kBAAkB,CAAC,UAAkB,EAAE,MAAc;IAC1D,IAAI,cAAc,CAAC,UAAU,EAAE,MAAM,CAAC,EAAE,CAAC;QACrC,OAAO,IAAI,CAAC,QAAQ,CAAC,UAAU,EAAE,MAAM,CAAC,IAAI,GAAG,CAAC;IACpD,CAAC;IACD,OAAO,MAAM,CAAC;AAClB,CAAC;AAED,SAAS,eAAe,CAAC,OAAe,EAAE,MAAc;IACpD,MAAM,YAAY,GAAG,sBAAsB,CAAC,OAAO,CAAC,CAAC;IACrD,MAAM,cAAc,GAAG,sBAAsB,CAAC,MAAM,CAAC,CAAC;IACtD,KAAK,MAAM,WAAW,IAAI,YAAY,EAAE,CAAC;QACrC,KAAK,MAAM,aAAa,IAAI,cAAc,EAAE,CAAC;YACzC,IAAI,CAAC,cAAc,CAAC,WAAW,EAAE,aAAa,CAAC,EAAE,CAAC;gBAC9C,SAAS;YACb,CAAC;YACD,MAAM,QAAQ,GAAG,IAAI,CAAC,QAAQ,CAAC,WAAW,EAAE,aAAa,CAAC,CAAC;YAC3D,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;gBACxB,OAAO,GAAG,CAAC;YACf,CAAC;YACD,OAAO,KAAK,QAAQ,EAAE,CAAC;QAC3B,CAAC;IACL,CAAC;IACD,OAAO,MAAM,CAAC;AAClB,CAAC;AAED,SAAS,sBAAsB,CAAC,MAAc;IAC1C,MAAM,QAAQ,GAAG,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;IACtC,IAAI,QAAQ,CAAC,UAAU,CAAC,WAAW,CAAC,EAAE,CAAC;QACnC,OAAO,CAAC,QAAQ,EAAE,QAAQ,CAAC,KAAK,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC,CAAC;IACzD,CAAC;IACD,OAAO,CAAC,QAAQ,EAAE,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,QAAQ,CAAC,CAAC,CAAC;AACvD,CAAC;AAED,SAAS,qBAAqB,CAAC,UAAkB,EAAE,YAAqB;IACpE,IAAI,CAAC,YAAY,EAAE,CAAC;QAChB,OAAO,UAAU,CAAC;IACtB,CAAC;IACD,MAAM,SAAS,GAAG,IAAI,CAAC,UAAU,CAAC,YAAY,CAAC;QAC3C,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,YAAY,CAAC;QAC5B,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,UAAU,EAAE,YAAY,CAAC,CAAC;IAC7C,OAAO,oBAAoB,CAAC,UAAU,EAAE,SAAS,CAAC,CAAC;AACvD,CAAC;AAED,SAAS,WAAW,CAAC,KAAkC;IACnD,IAAI,CAAC,KAAK,EAAE,CAAC;QACT,OAAO,EAAE,CAAC;IACd,CAAC;IACD,OAAO,OAAO,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;AACtE,CAAC;AAED,KAAK,UAAU,UAAU,CAAC,MAAc;IACpC,IAAI,CAAC;QACD,MAAM,EAAE,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;QACxB,OAAO,IAAI,CAAC;IAChB,CAAC;IAAC,MAAM,CAAC;QACL,OAAO,KAAK,CAAC;IACjB,CAAC;AACL,CAAC;AAED,KAAK,UAAU,kBAAkB,CAAC,YAAoB;IAClD,MAAM,MAAM,GAAG,MAAM,UAAU,CAAC,YAAY,EAAE,GAAG,CAAC,CAAC;IACnD,IAAI,CAAC;QACD,OAAO,MAAM,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;IACzC,CAAC;YAAS,CAAC;QACP,MAAM,MAAM,CAAC,KAAK,EAAE,CAAC;IACzB,CAAC;AACL,CAAC;AAED,KAAK,UAAU,oBAAoB,CAAC,YAAoB;IACpD,MAAM,MAAM,GAAG,MAAM,UAAU,CAAC,YAAY,EAAE,GAAG,CAAC,CAAC;IACnD,IAAI,CAAC;QACD,OAAO,MAAM,MAAM,CAAC,QAAQ,EAAE,CAAC;IACnC,CAAC;YAAS,CAAC;QACP,MAAM,MAAM,CAAC,KAAK,EAAE,CAAC;IACzB,CAAC;AACL,CAAC;AAED,KAAK,UAAU,oCAAoC,CAAC,YAAoB;IACpE,MAAM,MAAM,GAAG,MAAM,UAAU,CAAC,YAAY,EAAE,GAAG,CAAC,CAAC;IACnD,IAAI,CAAC;QACD,MAAM,MAAM,GAAG,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;QAChC,MAAM,EAAE,SAAS,EAAE,GAAG,MAAM,MAAM,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC;QACrE,IAAI,SAAS,KAAK,CAAC,EAAE,CAAC;YAClB,OAAO,IAAI,CAAC;QAChB,CAAC;QACD,OAAO,sCAAsC,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,EAAE,SAAS,CAAC,CAAC,CAAC;IACjF,CAAC;YAAS,CAAC;QACP,MAAM,MAAM,CAAC,KAAK,EAAE,CAAC;IACzB,CAAC;AACL,CAAC;AAED,SAAS,sCAAsC,CAAC,MAAc;IAC1D,IAAI,MAAM,CAAC,MAAM,IAAI,CAAC,IAAI,MAAM,CAAC,CAAC,CAAC,KAAK,IAAI,IAAI,MAAM,CAAC,CAAC,CAAC,KAAK,IAAI,IAAI,MAAM,CAAC,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;QACvF,OAAO,YAAY,CAAC;IACxB,CAAC;IACD,IACI,MAAM,CAAC,MAAM,IAAI,CAAC;QAClB,MAAM,CAAC,CAAC,CAAC,KAAK,IAAI;QAClB,MAAM,CAAC,CAAC,CAAC,KAAK,IAAI;QAClB,MAAM,CAAC,CAAC,CAAC,KAAK,IAAI;QAClB,MAAM,CAAC,CAAC,CAAC,KAAK,IAAI;QAClB,MAAM,CAAC,CAAC,CAAC,KAAK,IAAI;QAClB,MAAM,CAAC,CAAC,CAAC,KAAK,IAAI;QAClB,MAAM,CAAC,CAAC,CAAC,KAAK,IAAI;QAClB,MAAM,CAAC,CAAC,CAAC,KAAK,IAAI,EACpB,CAAC;QACC,OAAO,WAAW,CAAC;IACvB,CAAC;IACD,IAAI,MAAM,CAAC,MAAM,IAAI,CAAC,EAAE,CAAC;QACrB,MAAM,SAAS,GAAG,MAAM,CAAC,QAAQ,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;QAC1D,IAAI,SAAS,KAAK,QAAQ,IAAI,SAAS,KAAK,QAAQ,EAAE,CAAC;YACnD,OAAO,WAAW,CAAC;QACvB,CAAC;IACL,CAAC;IACD,IACI,MAAM,CAAC,MAAM,IAAI,EAAE;QACnB,MAAM,CAAC,QAAQ,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,KAAK,MAAM;QAClD,MAAM,CAAC,QAAQ,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,KAAK,MAAM,EACrD,CAAC;QACC,OAAO,YAAY,CAAC;IACxB,CAAC;IACD,OAAO,IAAI,CAAC;AAChB,CAAC;AAED,SAAS,iBAAiB,CAAC,KAAa;IACpC,IAAI,KAAK,GAAG,IAAI,EAAE,CAAC;QACf,OAAO,GAAG,KAAK,GAAG,CAAC;IACvB,CAAC;IACD,IAAI,KAAK,GAAG,IAAI,GAAG,IAAI,EAAE,CAAC;QACtB,OAAO,GAAG,CAAC,KAAK,GAAG,IAAI,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC;IAC5C,CAAC;IACD,OAAO,GAAG,CAAC,KAAK,GAAG,CAAC,IAAI,GAAG,IAAI,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC;AACrD,CAAC;AAED,SAAS,YAAY,CAAC,OAAe;IACjC,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAClC,MAAM,UAAU,GAAG,KAAK,CAAC,MAAM,CAAC;IAChC,MAAM,UAAU,GAAG,MAAM,CAAC,UAAU,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;IACtD,IAAI,UAAU,IAAI,cAAc,IAAI,UAAU,IAAI,cAAc,EAAE,CAAC;QAC/D,OAAO;YACH,OAAO;YACP,SAAS,EAAE,KAAK;YAChB,WAAW,EAAE,IAAI;YACjB,UAAU;YACV,WAAW,EAAE,UAAU;YACvB,qBAAqB,EAAE,KAAK;SAC/B,CAAC;IACN,CAAC;IACD,MAAM,cAAc,GAAG,MAAM,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,EAAE,EAAE,MAAM,CAAC,CAAC;IACjE,IAAI,cAAc,GAAG,cAAc,EAAE,CAAC;QAClC,OAAO;YACH,OAAO,EAAE,EAAE;YACX,SAAS,EAAE,IAAI;YACf,WAAW,EAAE,OAAO;YACpB,UAAU;YACV,WAAW,EAAE,CAAC;YACd,qBAAqB,EAAE,IAAI;SAC9B,CAAC;IACN,CAAC;IAED,MAAM,WAAW,GAAa,EAAE,CAAC;IACjC,IAAI,WAAW,GAAG,CAAC,CAAC;IACpB,IAAI,WAAW,GAAsB,OAAO,CAAC;IAC7C,KAAK,IAAI,KAAK,GAAG,CAAC,EAAE,KAAK,GAAG,KAAK,CAAC,MAAM,IAAI,KAAK,GAAG,cAAc,EAAE,KAAK,IAAI,CAAC,EAAE,CAAC;QAC7E,MAAM,IAAI,GAAG,KAAK,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC;QAChC,MAAM,SAAS,GAAG,MAAM,CAAC,UAAU,CAAC,IAAI,EAAE,MAAM,CAAC,GAAG,CAAC,KAAK,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;QACxE,IAAI,WAAW,GAAG,SAAS,GAAG,cAAc,EAAE,CAAC;YAC3C,WAAW,GAAG,OAAO,CAAC;YACtB,MAAM;QACV,CAAC;QACD,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACvB,WAAW,IAAI,SAAS,CAAC;IAC7B,CAAC;IACD,IAAI,WAAW,CAAC,MAAM,IAAI,cAAc,IAAI,WAAW,IAAI,cAAc,EAAE,CAAC;QACxE,WAAW,GAAG,OAAO,CAAC;IAC1B,CAAC;IACD,OAAO;QACH,OAAO,EAAE,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC;QAC/B,SAAS,EAAE,IAAI;QACf,WAAW;QACX,UAAU;QACV,WAAW,EAAE,WAAW,CAAC,MAAM;QAC/B,qBAAqB,EAAE,KAAK;KAC/B,CAAC;AACN,CAAC"}
|
|
1
|
+
{"version":3,"file":"sandbox.js","sourceRoot":"","sources":["../../sources/sandbox/sandbox.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,QAAQ,IAAI,EAAE,EAAE,MAAM,SAAS,CAAC;AACzC,OAAO,IAAI,MAAM,WAAW,CAAC;AAG7B,OAAO,EAAE,oBAAoB,EAAE,MAAM,0BAA0B,CAAC;AAChE,OAAO,EAAE,SAAS,EAAE,MAAM,WAAW,CAAC;AACtC,OAAO,EAAE,YAAY,EAAE,MAAM,yBAAyB,CAAC;AAEvD,MAAM,MAAM,GAAG,SAAS,CAAC,SAAS,CAAC,CAAC;AACpC,OAAO,EAAE,kBAAkB,EAAE,MAAM,gCAAgC,CAAC;AACpE,OAAO,EAAE,cAAc,EAAE,UAAU,EAAE,MAAM,wBAAwB,CAAC;AACpE,OAAO,EAAE,YAAY,EAAE,MAAM,cAAc,CAAC;AAC5C,OAAO,EAAE,4BAA4B,EAAE,MAAM,mCAAmC,CAAC;AACjF,OAAO,EAAE,6BAA6B,EAAE,MAAM,oCAAoC,CAAC;AACnF,OAAO,EAAE,cAAc,EAAE,MAAM,qBAAqB,CAAC;AACrD,OAAO,EAAE,eAAe,EAAE,MAAM,sBAAsB,CAAC;AACvD,OAAO,EAAE,4BAA4B,EAAE,MAAM,mCAAmC,CAAC;AACjF,OAAO,EAAE,0BAA0B,EAAE,MAAM,iCAAiC,CAAC;AAY7E,MAAM,cAAc,GAAG,IAAI,CAAC;AAC5B,MAAM,cAAc,GAAG,EAAE,GAAG,IAAI,CAAC;AACjC,MAAM,oBAAoB,GAAG,MAAM,CAAC;AACpC,MAAM,eAAe,GAAG,SAAS,CAAC;AAClC,MAAM,cAAc,GAAG,0CAA0C,CAAC;AAClE,MAAM,qBAAqB,GAAG,QAAQ,CAAC;AAWvC,MAAM,OAAO,OAAO;IACP,OAAO,CAAS;IAChB,UAAU,CAAS;IACnB,WAAW,CAAqB;IAChC,MAAM,CAAkC;IAEjD,YAAY,MAAqB;QAC7B,IAAI,CAAC,OAAO,GAAG,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;QAC5C,IAAI,CAAC,UAAU,GAAG,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,WAAW,CAAC,UAAU,CAAC,CAAC;QAC9D,IAAI,CAAC,WAAW,GAAG,MAAM,CAAC,WAAW,CAAC;QACtC,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC;IAChC,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,IAAI,CAAC,IAAqB;QAC5B,MAAM,WAAW,GAAG,IAAI,CAAC,2BAA2B,EAAE,CAAC;QACvD,MAAM,UAAU,GAAG,MAAM,IAAI,CAAC,oBAAoB,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC9D,MAAM,mBAAmB,CAAC,UAAU,EAAE,qCAAqC,CAAC,CAAC;QAC7E,MAAM,YAAY,GAAG,MAAM,cAAc,CAAC,WAAW,EAAE,UAAU,CAAC,CAAC;QAEnE,MAAM,KAAK,GAAG,MAAM,EAAE,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC;QAC3C,IAAI,KAAK,CAAC,cAAc,EAAE,EAAE,CAAC;YACzB,MAAM,IAAI,KAAK,CAAC,qCAAqC,CAAC,CAAC;QAC3D,CAAC;QACD,IAAI,CAAC,KAAK,CAAC,MAAM,EAAE,EAAE,CAAC;YAClB,MAAM,IAAI,KAAK,CAAC,qBAAqB,CAAC,CAAC;QAC3C,CAAC;QAED,MAAM,WAAW,GAAG,kBAAkB,CAAC,IAAI,CAAC,UAAU,EAAE,YAAY,CAAC,CAAC;QACtE,IAAI,IAAI,CAAC,MAAM,KAAK,IAAI,EAAE,CAAC;YACvB,MAAM,aAAa,GAAG,MAAM,oBAAoB,CAAC,YAAY,CAAC,CAAC;YAC/D,OAAO;gBACH,IAAI,EAAE,QAAQ;gBACd,OAAO,EAAE,aAAa;gBACtB,KAAK,EAAE,KAAK,CAAC,IAAI;gBACjB,YAAY;gBACZ,WAAW;aACd,CAAC;QACN,CAAC;QAED,MAAM,QAAQ,GAAG,MAAM,oCAAoC,CAAC,YAAY,CAAC,CAAC;QAC1E,IAAI,QAAQ,EAAE,CAAC;YACX,MAAM,YAAY,GAAG,MAAM,oBAAoB,CAAC,YAAY,CAAC,CAAC;YAC9D,OAAO;gBACH,IAAI,EAAE,OAAO;gBACb,OAAO,EAAE,YAAY;gBACrB,KAAK,EAAE,KAAK,CAAC,IAAI;gBACjB,QAAQ;gBACR,YAAY;gBACZ,WAAW;aACd,CAAC;QACN,CAAC;QAED,MAAM,WAAW,GAAG,MAAM,kBAAkB,CAAC,YAAY,CAAC,CAAC;QAC3D,MAAM,QAAQ,GAAG,WAAW,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QACzC,MAAM,cAAc,GAAG,QAAQ,CAAC,MAAM,CAAC;QACvC,MAAM,SAAS,GAAG,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,IAAI,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;QACjE,IAAI,SAAS,IAAI,QAAQ,CAAC,MAAM,EAAE,CAAC;YAC/B,MAAM,IAAI,KAAK,CAAC,UAAU,IAAI,CAAC,MAAM,2BAA2B,QAAQ,CAAC,MAAM,eAAe,CAAC,CAAC;QACpG,CAAC;QAED,IAAI,eAAe,GAAG,QAAQ,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC3D,IAAI,gBAAoC,CAAC;QACzC,IAAI,IAAI,CAAC,KAAK,KAAK,SAAS,EAAE,CAAC;YAC3B,MAAM,OAAO,GAAG,IAAI,CAAC,GAAG,CAAC,SAAS,GAAG,IAAI,CAAC,KAAK,EAAE,QAAQ,CAAC,MAAM,CAAC,CAAC;YAClE,eAAe,GAAG,QAAQ,CAAC,KAAK,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAChE,gBAAgB,GAAG,OAAO,GAAG,SAAS,CAAC;QAC3C,CAAC;QAED,IAAI,IAAI,CAAC,GAAG,KAAK,IAAI,EAAE,CAAC;YACpB,OAAO;gBACH,IAAI,EAAE,MAAM;gBACZ,OAAO,EAAE,eAAe;gBACxB,KAAK,EAAE,KAAK,CAAC,IAAI;gBACjB,UAAU,EAAE,cAAc;gBAC1B,WAAW,EAAE,eAAe,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,MAAM;gBAC/C,SAAS,EAAE,KAAK;gBAChB,WAAW,EAAE,IAAI;gBACjB,YAAY;gBACZ,WAAW;aACd,CAAC;QACN,CAAC;QAED,MAAM,gBAAgB,GAAG,SAAS,GAAG,CAAC,CAAC;QACvC,MAAM,UAAU,GAAG,YAAY,CAAC,eAAe,CAAC,CAAC;QACjD,MAAM,UAAU,GAAG,sBAAsB,CAAC;YACtC,UAAU;YACV,QAAQ;YACR,aAAa,EAAE,IAAI,CAAC,IAAI;YACxB,cAAc;YACd,SAAS;YACT,gBAAgB;YAChB,gBAAgB;SACnB,CAAC,CAAC;QAEH,OAAO;YACH,IAAI,EAAE,MAAM;YACZ,OAAO,EAAE,UAAU;YACnB,KAAK,EAAE,KAAK,CAAC,IAAI;YACjB,UAAU,EAAE,cAAc;YAC1B,WAAW,EAAE,UAAU,CAAC,WAAW;YACnC,SAAS,EAAE,UAAU,CAAC,SAAS;YAC/B,WAAW,EAAE,UAAU,CAAC,WAAW;YACnC,YAAY;YACZ,WAAW;SACd,CAAC;IACN,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,KAAK,CAAC,IAAsB;QAC9B,MAAM,WAAW,GAAG,IAAI,CAAC,2BAA2B,EAAE,CAAC;QACvD,MAAM,UAAU,GAAG,IAAI,CAAC,mBAAmB,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACvD,yBAAyB,CAAC,UAAU,CAAC,CAAC;QACtC,MAAM,mBAAmB,CAAC,UAAU,EAAE,gCAAgC,CAAC,CAAC;QACxE,MAAM,YAAY,GAAG,MAAM,eAAe,CAAC,WAAW,EAAE,UAAU,CAAC,CAAC;QACpE,MAAM,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,YAAY,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QAEhE,IAAI,CAAC;YACD,MAAM,KAAK,GAAG,MAAM,EAAE,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC;YAC3C,IAAI,KAAK,CAAC,cAAc,EAAE,EAAE,CAAC;gBACzB,MAAM,IAAI,KAAK,CAAC,gCAAgC,CAAC,CAAC;YACtD,CAAC;QACL,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACb,IAAK,KAA+B,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;gBACrD,MAAM,KAAK,CAAC;YAChB,CAAC;QACL,CAAC;QAED,MAAM,MAAM,GAAG,MAAM,EAAE,CAAC,IAAI,CAAC,YAAY,EAAE,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC;QACpE,IAAI,CAAC;YACD,MAAM,MAAM,CAAC,SAAS,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QACzC,CAAC;gBAAS,CAAC;YACP,MAAM,MAAM,CAAC,KAAK,EAAE,CAAC;QACzB,CAAC;QAED,OAAO;YACH,KAAK,EAAE,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC,CAAC,MAAM,CAAC,UAAU,CAAC,IAAI,CAAC,OAAO,EAAE,MAAM,CAAC;YACxG,YAAY;YACZ,WAAW,EAAE,eAAe,CAAC,IAAI,CAAC,OAAO,EAAE,YAAY,CAAC;SAC3D,CAAC;IACN,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,IAAI,CAAC,IAAqB;QAC5B,MAAM,WAAW,GAAG,IAAI,CAAC,2BAA2B,EAAE,CAAC;QACvD,MAAM,GAAG,GAAG,qBAAqB,CAAC,IAAI,CAAC,UAAU,EAAE,IAAI,CAAC,GAAG,CAAC,CAAC;QAC7D,MAAM,cAAc,GAAG,4BAA4B,CAAC,IAAI,CAAC,cAAc,EAAE,IAAI,CAAC,eAAe,CAAC,CAAC;QAC/F,MAAM,YAAY,GAAG,6BAA6B,CAAC,cAAc,CAAC,CAAC;QACnE,IAAI,YAAY,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC1B,MAAM,IAAI,KAAK,CAAC,YAAY,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;QAC5C,CAAC;QACD,MAAM,YAAY,GAAG,YAAY,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAC5C,MAAM,GAAG,GAAG,YAAY,CAAC,CAAC,CAAC,EAAE,GAAG,OAAO,CAAC,GAAG,EAAE,GAAG,YAAY,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC;QAC7E,MAAM,UAAU,GAAG,4BAA4B,CAAC;YAC5C,SAAS,EAAE,WAAW,CAAC,SAAS;YAChC,UAAU,EAAE,WAAW,CAAC,UAAU;YAClC,OAAO,EAAE,IAAI,CAAC,OAAO;SACxB,CAAC,CAAC;QAEH,MAAM,SAAS,GAAG,IAAI,CAAC,MAAM,EAAE,OAAO,KAAK,IAAI,CAAC;QAChD,MAAM,CAAC,KAAK,CAAC,iBAAiB,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,OAAO,CAAC,QAAQ,GAAG,WAAW,SAAS,EAAE,CAAC,CAAC;QAE7F,IAAI,CAAC;YACD,MAAM,aAAa,GAAG;gBAClB,UAAU;gBACV,OAAO,EAAE;oBACL,cAAc;oBACd,aAAa,EAAE,EAAE;iBACpB;gBACD,yBAAyB,EAAE,IAAI;aAClC,CAAC;YACF,MAAM,cAAc,GAAG;gBACnB,GAAG;gBACH,GAAG;gBACH,IAAI,EAAE,IAAI,CAAC,OAAO;gBAClB,SAAS,EAAE,IAAI,CAAC,SAAS,IAAI,oBAAoB;gBACjD,cAAc,EAAE,eAAe;aAClC,CAAC;YACF,MAAM,MAAM,GAAG,SAAS;gBACpB,CAAC,CAAC,MAAM,kBAAkB,CAAC,IAAI,CAAC,OAAO,EAAE,aAAa,EAAE;oBAClD,GAAG,cAAc;oBACjB,MAAM,EAAE;wBACJ,KAAK,EAAE,IAAI,CAAC,MAAO,CAAC,KAAK;wBACzB,GAAG,EAAE,IAAI,CAAC,MAAO,CAAC,GAAG;wBACrB,UAAU,EAAE,IAAI,CAAC,MAAO,CAAC,UAAU;wBACnC,OAAO,EAAE,IAAI,CAAC,MAAO,CAAC,OAAO;wBAC7B,MAAM,EAAE,IAAI,CAAC,MAAO,CAAC,MAAM;qBAC9B;iBACJ,CAAC;gBACJ,CAAC,CAAC,MAAM,YAAY,CAAC,IAAI,CAAC,OAAO,EAAE,aAAa,EAAE,cAAc,CAAC,CAAC;YACtE,OAAO;gBACH,MAAM,EAAE,WAAW,CAAC,MAAM,CAAC,MAAM,CAAC;gBAClC,MAAM,EAAE,WAAW,CAAC,MAAM,CAAC,MAAM,CAAC;gBAClC,QAAQ,EAAE,CAAC;gBACX,MAAM,EAAE,IAAI;gBACZ,MAAM,EAAE,KAAK;gBACb,GAAG;aACN,CAAC;QACN,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACb,MAAM,SAAS,GAAG,KAKjB,CAAC;YACF,MAAM,QAAQ,GAAG,OAAO,SAAS,CAAC,IAAI,KAAK,QAAQ,CAAC,CAAC,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC;YAC5E,MAAM,MAAM,GAAG,WAAW,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;YAC7C,MAAM,CAAC,IAAI,CACP,yBAAyB,QAAQ,WAAW,SAAS,CAAC,MAAM,IAAI,MAAM,UAAU,SAAS,CAAC,OAAO,EAAE;gBAC/F,CAAC,MAAM,CAAC,CAAC,CAAC,WAAW,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,CACxD,CAAC;YACF,OAAO;gBACH,MAAM,EAAE,WAAW,CAAC,SAAS,CAAC,MAAM,CAAC;gBACrC,MAAM;gBACN,QAAQ;gBACR,MAAM,EAAE,OAAO,SAAS,CAAC,MAAM,KAAK,QAAQ,CAAC,CAAC,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI;gBACtE,MAAM,EAAE,IAAI;gBACZ,GAAG;aACN,CAAC;QACN,CAAC;IACL,CAAC;IAEO,2BAA2B;QAC/B,MAAM,QAAQ,GAAG,IAAI,CAAC,WAAW,CAAC,QAAQ;YACtC,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;YAC/D,CAAC,CAAC,SAAS,CAAC;QAChB,OAAO;YACH,UAAU,EAAE,IAAI,CAAC,UAAU;YAC3B,SAAS,EAAE,KAAK,CAAC,IAAI,CACjB,IAAI,GAAG,CAAC,CAAC,GAAG,IAAI,CAAC,WAAW,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,IAAI,CAAC,OAAO,CAAC,CAAC,CAC7F;YACD,GAAG,CAAC,QAAQ,CAAC,CAAC,CAAC,EAAE,QAAQ,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;SACpC,CAAC;IACN,CAAC;IAEO,KAAK,CAAC,oBAAoB,CAAC,OAAe;QAC9C,MAAM,UAAU,GAAG,wBAAwB,CAAC,OAAO,EAAE,IAAI,CAAC,OAAO,CAAC,CAAC;QACnE,MAAM,SAAS,GAAG,IAAI,CAAC,mBAAmB,CAAC,UAAU,CAAC,CAAC;QACvD,MAAM,QAAQ,GAAG,IAAI,CAAC,UAAU,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,UAAU,EAAE,SAAS,CAAC,CAAC;QACnG,IAAI,MAAM,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;YAC7B,OAAO,QAAQ,CAAC;QACpB,CAAC;QACD,MAAM,WAAW,GAAG,2BAA2B,CAAC,QAAQ,CAAC,CAAC;QAC1D,IAAI,WAAW,KAAK,QAAQ,IAAI,CAAC,MAAM,UAAU,CAAC,WAAW,CAAC,CAAC,EAAE,CAAC;YAC9D,OAAO,WAAW,CAAC;QACvB,CAAC;QACD,MAAM,UAAU,GAAG,QAAQ,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC;QAC7C,IAAI,UAAU,KAAK,QAAQ,IAAI,CAAC,MAAM,UAAU,CAAC,UAAU,CAAC,CAAC,EAAE,CAAC;YAC5D,OAAO,UAAU,CAAC;QACtB,CAAC;QACD,MAAM,YAAY,GAAG,QAAQ,CAAC,OAAO,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC;QACtD,IAAI,YAAY,KAAK,QAAQ,IAAI,CAAC,MAAM,UAAU,CAAC,YAAY,CAAC,CAAC,EAAE,CAAC;YAChE,OAAO,YAAY,CAAC;QACxB,CAAC;QACD,MAAM,eAAe,GAAG,UAAU,CAAC,OAAO,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC;QAC3D,IAAI,eAAe,KAAK,QAAQ,IAAI,CAAC,MAAM,UAAU,CAAC,eAAe,CAAC,CAAC,EAAE,CAAC;YACtE,OAAO,eAAe,CAAC;QAC3B,CAAC;QACD,OAAO,QAAQ,CAAC;IACpB,CAAC;IAEO,mBAAmB,CAAC,UAAkB;QAC1C,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,OAAO,EAAE,CAAC;YACxB,OAAO,UAAU,CAAC;QACtB,CAAC;QACD,OAAO,0BAA0B,CAAC,IAAI,CAAC,OAAO,EAAE,IAAI,CAAC,MAAM,CAAC,MAAM,EAAE,UAAU,CAAC,CAAC;IACpF,CAAC;CACJ;AAED,SAAS,wBAAwB,CAAC,OAAe,EAAE,OAAe;IAC9D,MAAM,eAAe,GAAG,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC;IAC7E,MAAM,UAAU,GAAG,eAAe,CAAC,OAAO,CAAC,cAAc,EAAE,GAAG,CAAC,CAAC;IAChE,IAAI,UAAU,KAAK,GAAG,EAAE,CAAC;QACrB,OAAO,OAAO,CAAC;IACnB,CAAC;IACD,IAAI,UAAU,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC;QAC9B,OAAO,OAAO,GAAG,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;IACzC,CAAC;IACD,OAAO,UAAU,CAAC;AACtB,CAAC;AAED,SAAS,2BAA2B,CAAC,MAAc;IAC/C,OAAO,MAAM,CAAC,OAAO,CAAC,aAAa,EAAE,GAAG,qBAAqB,KAAK,CAAC,CAAC;AACxE,CAAC;AAED,SAAS,sBAAsB,CAAC,KAQ/B;IACG,MAAM,EAAE,UAAU,EAAE,QAAQ,EAAE,aAAa,EAAE,cAAc,EAAE,SAAS,EAAE,gBAAgB,EAAE,gBAAgB,EAAE,GACxG,KAAK,CAAC;IACV,IAAI,UAAU,CAAC,qBAAqB,EAAE,CAAC;QACnC,MAAM,aAAa,GAAG,iBAAiB,CAAC,MAAM,CAAC,UAAU,CAAC,QAAQ,CAAC,SAAS,CAAC,IAAI,EAAE,EAAE,MAAM,CAAC,CAAC,CAAC;QAC9F,OAAO,SAAS,gBAAgB,OAAO,aAAa,aAAa,iBAAiB,CAAC,cAAc,CAAC,6BAA6B,gBAAgB,MAAM,aAAa,cAAc,cAAc,GAAG,CAAC;IACtM,CAAC;IACD,IAAI,UAAU,CAAC,SAAS,EAAE,CAAC;QACvB,MAAM,cAAc,GAAG,gBAAgB,GAAG,UAAU,CAAC,WAAW,GAAG,CAAC,CAAC;QACrE,MAAM,UAAU,GAAG,cAAc,GAAG,CAAC,CAAC;QACtC,IAAI,UAAU,CAAC,WAAW,KAAK,OAAO,EAAE,CAAC;YACrC,OAAO,GAAG,UAAU,CAAC,OAAO,sBAAsB,gBAAgB,IAAI,cAAc,OAAO,cAAc,gBAAgB,UAAU,gBAAgB,CAAC;QACxJ,CAAC;QACD,OAAO,GAAG,UAAU,CAAC,OAAO,sBAAsB,gBAAgB,IAAI,cAAc,OAAO,cAAc,KAAK,iBAAiB,CAAC,cAAc,CAAC,uBAAuB,UAAU,gBAAgB,CAAC;IACrM,CAAC;IACD,IAAI,gBAAgB,KAAK,SAAS,IAAI,SAAS,GAAG,gBAAgB,GAAG,QAAQ,CAAC,MAAM,EAAE,CAAC;QACnF,MAAM,SAAS,GAAG,QAAQ,CAAC,MAAM,GAAG,CAAC,SAAS,GAAG,gBAAgB,CAAC,CAAC;QACnE,MAAM,UAAU,GAAG,SAAS,GAAG,gBAAgB,GAAG,CAAC,CAAC;QACpD,OAAO,GAAG,UAAU,CAAC,OAAO,QAAQ,SAAS,mCAAmC,UAAU,gBAAgB,CAAC;IAC/G,CAAC;IACD,OAAO,UAAU,CAAC,OAAO,CAAC;AAC9B,CAAC;AAED,SAAS,yBAAyB,CAAC,MAAc;IAC7C,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,EAAE,CAAC;QAC3B,MAAM,IAAI,KAAK,CAAC,wBAAwB,CAAC,CAAC;IAC9C,CAAC;AACL,CAAC;AAED,KAAK,UAAU,mBAAmB,CAAC,MAAc,EAAE,OAAe;IAC9D,IAAI,CAAC;QACD,MAAM,KAAK,GAAG,MAAM,EAAE,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;QACrC,IAAI,KAAK,CAAC,cAAc,EAAE,EAAE,CAAC;YACzB,MAAM,IAAI,KAAK,CAAC,OAAO,CAAC,CAAC;QAC7B,CAAC;IACL,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACb,IAAK,KAA+B,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;YACrD,MAAM,KAAK,CAAC;QAChB,CAAC;IACL,CAAC;AACL,CAAC;AAED,SAAS,kBAAkB,CAAC,UAAkB,EAAE,MAAc;IAC1D,IAAI,cAAc,CAAC,UAAU,EAAE,MAAM,CAAC,EAAE,CAAC;QACrC,OAAO,IAAI,CAAC,QAAQ,CAAC,UAAU,EAAE,MAAM,CAAC,IAAI,GAAG,CAAC;IACpD,CAAC;IACD,OAAO,MAAM,CAAC;AAClB,CAAC;AAED,SAAS,eAAe,CAAC,OAAe,EAAE,MAAc;IACpD,MAAM,YAAY,GAAG,sBAAsB,CAAC,OAAO,CAAC,CAAC;IACrD,MAAM,cAAc,GAAG,sBAAsB,CAAC,MAAM,CAAC,CAAC;IACtD,KAAK,MAAM,WAAW,IAAI,YAAY,EAAE,CAAC;QACrC,KAAK,MAAM,aAAa,IAAI,cAAc,EAAE,CAAC;YACzC,IAAI,CAAC,cAAc,CAAC,WAAW,EAAE,aAAa,CAAC,EAAE,CAAC;gBAC9C,SAAS;YACb,CAAC;YACD,MAAM,QAAQ,GAAG,IAAI,CAAC,QAAQ,CAAC,WAAW,EAAE,aAAa,CAAC,CAAC;YAC3D,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;gBACxB,OAAO,GAAG,CAAC;YACf,CAAC;YACD,OAAO,KAAK,QAAQ,EAAE,CAAC;QAC3B,CAAC;IACL,CAAC;IACD,OAAO,MAAM,CAAC;AAClB,CAAC;AAED,SAAS,sBAAsB,CAAC,MAAc;IAC1C,MAAM,QAAQ,GAAG,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;IACtC,IAAI,QAAQ,CAAC,UAAU,CAAC,WAAW,CAAC,EAAE,CAAC;QACnC,OAAO,CAAC,QAAQ,EAAE,QAAQ,CAAC,KAAK,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC,CAAC;IACzD,CAAC;IACD,OAAO,CAAC,QAAQ,EAAE,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,QAAQ,CAAC,CAAC,CAAC;AACvD,CAAC;AAED,SAAS,qBAAqB,CAAC,UAAkB,EAAE,YAAqB;IACpE,IAAI,CAAC,YAAY,EAAE,CAAC;QAChB,OAAO,UAAU,CAAC;IACtB,CAAC;IACD,MAAM,SAAS,GAAG,IAAI,CAAC,UAAU,CAAC,YAAY,CAAC;QAC3C,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,YAAY,CAAC;QAC5B,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,UAAU,EAAE,YAAY,CAAC,CAAC;IAC7C,OAAO,oBAAoB,CAAC,UAAU,EAAE,SAAS,CAAC,CAAC;AACvD,CAAC;AAED,SAAS,WAAW,CAAC,KAAkC;IACnD,IAAI,CAAC,KAAK,EAAE,CAAC;QACT,OAAO,EAAE,CAAC;IACd,CAAC;IACD,OAAO,OAAO,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;AACtE,CAAC;AAED,KAAK,UAAU,UAAU,CAAC,MAAc;IACpC,IAAI,CAAC;QACD,MAAM,EAAE,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;QACxB,OAAO,IAAI,CAAC;IAChB,CAAC;IAAC,MAAM,CAAC;QACL,OAAO,KAAK,CAAC;IACjB,CAAC;AACL,CAAC;AAED,KAAK,UAAU,kBAAkB,CAAC,YAAoB;IAClD,MAAM,MAAM,GAAG,MAAM,UAAU,CAAC,YAAY,EAAE,GAAG,CAAC,CAAC;IACnD,IAAI,CAAC;QACD,OAAO,MAAM,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;IACzC,CAAC;YAAS,CAAC;QACP,MAAM,MAAM,CAAC,KAAK,EAAE,CAAC;IACzB,CAAC;AACL,CAAC;AAED,KAAK,UAAU,oBAAoB,CAAC,YAAoB;IACpD,MAAM,MAAM,GAAG,MAAM,UAAU,CAAC,YAAY,EAAE,GAAG,CAAC,CAAC;IACnD,IAAI,CAAC;QACD,OAAO,MAAM,MAAM,CAAC,QAAQ,EAAE,CAAC;IACnC,CAAC;YAAS,CAAC;QACP,MAAM,MAAM,CAAC,KAAK,EAAE,CAAC;IACzB,CAAC;AACL,CAAC;AAED,KAAK,UAAU,oCAAoC,CAAC,YAAoB;IACpE,MAAM,MAAM,GAAG,MAAM,UAAU,CAAC,YAAY,EAAE,GAAG,CAAC,CAAC;IACnD,IAAI,CAAC;QACD,MAAM,MAAM,GAAG,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;QAChC,MAAM,EAAE,SAAS,EAAE,GAAG,MAAM,MAAM,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC;QACrE,IAAI,SAAS,KAAK,CAAC,EAAE,CAAC;YAClB,OAAO,IAAI,CAAC;QAChB,CAAC;QACD,OAAO,sCAAsC,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,EAAE,SAAS,CAAC,CAAC,CAAC;IACjF,CAAC;YAAS,CAAC;QACP,MAAM,MAAM,CAAC,KAAK,EAAE,CAAC;IACzB,CAAC;AACL,CAAC;AAED,SAAS,sCAAsC,CAAC,MAAc;IAC1D,IAAI,MAAM,CAAC,MAAM,IAAI,CAAC,IAAI,MAAM,CAAC,CAAC,CAAC,KAAK,IAAI,IAAI,MAAM,CAAC,CAAC,CAAC,KAAK,IAAI,IAAI,MAAM,CAAC,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;QACvF,OAAO,YAAY,CAAC;IACxB,CAAC;IACD,IACI,MAAM,CAAC,MAAM,IAAI,CAAC;QAClB,MAAM,CAAC,CAAC,CAAC,KAAK,IAAI;QAClB,MAAM,CAAC,CAAC,CAAC,KAAK,IAAI;QAClB,MAAM,CAAC,CAAC,CAAC,KAAK,IAAI;QAClB,MAAM,CAAC,CAAC,CAAC,KAAK,IAAI;QAClB,MAAM,CAAC,CAAC,CAAC,KAAK,IAAI;QAClB,MAAM,CAAC,CAAC,CAAC,KAAK,IAAI;QAClB,MAAM,CAAC,CAAC,CAAC,KAAK,IAAI;QAClB,MAAM,CAAC,CAAC,CAAC,KAAK,IAAI,EACpB,CAAC;QACC,OAAO,WAAW,CAAC;IACvB,CAAC;IACD,IAAI,MAAM,CAAC,MAAM,IAAI,CAAC,EAAE,CAAC;QACrB,MAAM,SAAS,GAAG,MAAM,CAAC,QAAQ,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;QAC1D,IAAI,SAAS,KAAK,QAAQ,IAAI,SAAS,KAAK,QAAQ,EAAE,CAAC;YACnD,OAAO,WAAW,CAAC;QACvB,CAAC;IACL,CAAC;IACD,IACI,MAAM,CAAC,MAAM,IAAI,EAAE;QACnB,MAAM,CAAC,QAAQ,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,KAAK,MAAM;QAClD,MAAM,CAAC,QAAQ,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,KAAK,MAAM,EACrD,CAAC;QACC,OAAO,YAAY,CAAC;IACxB,CAAC;IACD,OAAO,IAAI,CAAC;AAChB,CAAC;AAED,SAAS,iBAAiB,CAAC,KAAa;IACpC,IAAI,KAAK,GAAG,IAAI,EAAE,CAAC;QACf,OAAO,GAAG,KAAK,GAAG,CAAC;IACvB,CAAC;IACD,IAAI,KAAK,GAAG,IAAI,GAAG,IAAI,EAAE,CAAC;QACtB,OAAO,GAAG,CAAC,KAAK,GAAG,IAAI,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC;IAC5C,CAAC;IACD,OAAO,GAAG,CAAC,KAAK,GAAG,CAAC,IAAI,GAAG,IAAI,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC;AACrD,CAAC;AAED,SAAS,YAAY,CAAC,OAAe;IACjC,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAClC,MAAM,UAAU,GAAG,KAAK,CAAC,MAAM,CAAC;IAChC,MAAM,UAAU,GAAG,MAAM,CAAC,UAAU,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;IACtD,IAAI,UAAU,IAAI,cAAc,IAAI,UAAU,IAAI,cAAc,EAAE,CAAC;QAC/D,OAAO;YACH,OAAO;YACP,SAAS,EAAE,KAAK;YAChB,WAAW,EAAE,IAAI;YACjB,UAAU;YACV,WAAW,EAAE,UAAU;YACvB,qBAAqB,EAAE,KAAK;SAC/B,CAAC;IACN,CAAC;IACD,MAAM,cAAc,GAAG,MAAM,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,EAAE,EAAE,MAAM,CAAC,CAAC;IACjE,IAAI,cAAc,GAAG,cAAc,EAAE,CAAC;QAClC,OAAO;YACH,OAAO,EAAE,EAAE;YACX,SAAS,EAAE,IAAI;YACf,WAAW,EAAE,OAAO;YACpB,UAAU;YACV,WAAW,EAAE,CAAC;YACd,qBAAqB,EAAE,IAAI;SAC9B,CAAC;IACN,CAAC;IAED,MAAM,WAAW,GAAa,EAAE,CAAC;IACjC,IAAI,WAAW,GAAG,CAAC,CAAC;IACpB,IAAI,WAAW,GAAsB,OAAO,CAAC;IAC7C,KAAK,IAAI,KAAK,GAAG,CAAC,EAAE,KAAK,GAAG,KAAK,CAAC,MAAM,IAAI,KAAK,GAAG,cAAc,EAAE,KAAK,IAAI,CAAC,EAAE,CAAC;QAC7E,MAAM,IAAI,GAAG,KAAK,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC;QAChC,MAAM,SAAS,GAAG,MAAM,CAAC,UAAU,CAAC,IAAI,EAAE,MAAM,CAAC,GAAG,CAAC,KAAK,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;QACxE,IAAI,WAAW,GAAG,SAAS,GAAG,cAAc,EAAE,CAAC;YAC3C,WAAW,GAAG,OAAO,CAAC;YACtB,MAAM;QACV,CAAC;QACD,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACvB,WAAW,IAAI,SAAS,CAAC;IAC7B,CAAC;IACD,IAAI,WAAW,CAAC,MAAM,IAAI,cAAc,IAAI,WAAW,IAAI,cAAc,EAAE,CAAC;QACxE,WAAW,GAAG,OAAO,CAAC;IAC1B,CAAC;IACD,OAAO;QACH,OAAO,EAAE,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC;QAC/B,SAAS,EAAE,IAAI;QACf,WAAW;QACX,UAAU;QACV,WAAW,EAAE,WAAW,CAAC,MAAM;QAC/B,qBAAqB,EAAE,KAAK;KAC/B,CAAC;AACN,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"sandboxCanRead.d.ts","sourceRoot":"","sources":["../../sources/sandbox/sandboxCanRead.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,SAAS,CAAC;
|
|
1
|
+
{"version":3,"file":"sandboxCanRead.d.ts","sourceRoot":"","sources":["../../sources/sandbox/sandboxCanRead.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,SAAS,CAAC;AAOlD;;;GAGG;AACH,wBAAsB,cAAc,CAAC,WAAW,EAAE,kBAAkB,EAAE,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAyBrG"}
|
|
@@ -3,28 +3,32 @@ import path from "node:path";
|
|
|
3
3
|
import { isWithinSecure, pathResolveSecure } from "./pathResolveSecure.js";
|
|
4
4
|
import { sandboxAppsAccessCheck } from "./sandboxAppsAccessCheck.js";
|
|
5
5
|
import { sandboxPathDenyCheck } from "./sandboxPathDenyCheck.js";
|
|
6
|
-
import {
|
|
6
|
+
import { sandboxReadBoundaryDenyPathsBuild } from "./sandboxReadBoundaryDenyPathsBuild.js";
|
|
7
|
+
import { sandboxSensitiveDenyPathsBuild } from "./sandboxSensitiveDenyPathsBuild.js";
|
|
7
8
|
/**
|
|
8
9
|
* Resolves a read target against the current read allowlist.
|
|
9
10
|
* Expects: target is an absolute path.
|
|
10
11
|
*/
|
|
11
12
|
export async function sandboxCanRead(permissions, target) {
|
|
12
|
-
// Read uses a broad allowlist, then applies hard deny-lists
|
|
13
|
+
// Read uses a broad allowlist, then applies hard deny-lists.
|
|
13
14
|
const allowedDirs = [path.parse(target).root];
|
|
14
15
|
const result = await pathResolveSecure(allowedDirs, target);
|
|
15
16
|
const access = sandboxAppsAccessCheck(permissions, result.realPath);
|
|
16
17
|
if (!access.allowed) {
|
|
17
18
|
throw new Error(access.reason ?? "Read access denied.");
|
|
18
19
|
}
|
|
19
|
-
if (sandboxPathDenyCheck(result.realPath,
|
|
20
|
+
if (sandboxPathDenyCheck(result.realPath, sandboxSensitiveDenyPathsBuild())) {
|
|
20
21
|
throw new Error("Read access denied for denied paths.");
|
|
21
22
|
}
|
|
22
|
-
const explicitlyAllowedDirs = [permissions.workingDir, ...
|
|
23
|
+
const explicitlyAllowedDirs = [permissions.workingDir, ...(permissions.readDirs ?? [])];
|
|
23
24
|
for (const allowedDir of explicitlyAllowedDirs) {
|
|
24
25
|
if (isWithinSecure(await existingPathResolve(allowedDir), result.realPath)) {
|
|
25
26
|
return result.realPath;
|
|
26
27
|
}
|
|
27
28
|
}
|
|
29
|
+
if (sandboxPathDenyCheck(result.realPath, sandboxReadBoundaryDenyPathsBuild())) {
|
|
30
|
+
throw new Error("Read access denied for denied paths.");
|
|
31
|
+
}
|
|
28
32
|
return result.realPath;
|
|
29
33
|
}
|
|
30
34
|
async function existingPathResolve(target) {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"sandboxCanRead.js","sourceRoot":"","sources":["../../sources/sandbox/sandboxCanRead.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,IAAI,EAAE,EAAE,MAAM,SAAS,CAAC;AACzC,OAAO,IAAI,MAAM,WAAW,CAAC;AAG7B,OAAO,EAAE,cAAc,EAAE,iBAAiB,EAAE,MAAM,wBAAwB,CAAC;AAC3E,OAAO,EAAE,sBAAsB,EAAE,MAAM,6BAA6B,CAAC;AACrE,OAAO,EAAE,oBAAoB,EAAE,MAAM,2BAA2B,CAAC;AACjE,OAAO,EAAE,
|
|
1
|
+
{"version":3,"file":"sandboxCanRead.js","sourceRoot":"","sources":["../../sources/sandbox/sandboxCanRead.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,IAAI,EAAE,EAAE,MAAM,SAAS,CAAC;AACzC,OAAO,IAAI,MAAM,WAAW,CAAC;AAG7B,OAAO,EAAE,cAAc,EAAE,iBAAiB,EAAE,MAAM,wBAAwB,CAAC;AAC3E,OAAO,EAAE,sBAAsB,EAAE,MAAM,6BAA6B,CAAC;AACrE,OAAO,EAAE,oBAAoB,EAAE,MAAM,2BAA2B,CAAC;AACjE,OAAO,EAAE,iCAAiC,EAAE,MAAM,wCAAwC,CAAC;AAC3F,OAAO,EAAE,8BAA8B,EAAE,MAAM,qCAAqC,CAAC;AAErF;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,cAAc,CAAC,WAA+B,EAAE,MAAc;IAChF,6DAA6D;IAC7D,MAAM,WAAW,GAAG,CAAC,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,CAAC;IAC9C,MAAM,MAAM,GAAG,MAAM,iBAAiB,CAAC,WAAW,EAAE,MAAM,CAAC,CAAC;IAC5D,MAAM,MAAM,GAAG,sBAAsB,CAAC,WAAW,EAAE,MAAM,CAAC,QAAQ,CAAC,CAAC;IACpE,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;QAClB,MAAM,IAAI,KAAK,CAAC,MAAM,CAAC,MAAM,IAAI,qBAAqB,CAAC,CAAC;IAC5D,CAAC;IAED,IAAI,oBAAoB,CAAC,MAAM,CAAC,QAAQ,EAAE,8BAA8B,EAAE,CAAC,EAAE,CAAC;QAC1E,MAAM,IAAI,KAAK,CAAC,sCAAsC,CAAC,CAAC;IAC5D,CAAC;IAED,MAAM,qBAAqB,GAAG,CAAC,WAAW,CAAC,UAAU,EAAE,GAAG,CAAC,WAAW,CAAC,QAAQ,IAAI,EAAE,CAAC,CAAC,CAAC;IACxF,KAAK,MAAM,UAAU,IAAI,qBAAqB,EAAE,CAAC;QAC7C,IAAI,cAAc,CAAC,MAAM,mBAAmB,CAAC,UAAU,CAAC,EAAE,MAAM,CAAC,QAAQ,CAAC,EAAE,CAAC;YACzE,OAAO,MAAM,CAAC,QAAQ,CAAC;QAC3B,CAAC;IACL,CAAC;IAED,IAAI,oBAAoB,CAAC,MAAM,CAAC,QAAQ,EAAE,iCAAiC,EAAE,CAAC,EAAE,CAAC;QAC7E,MAAM,IAAI,KAAK,CAAC,sCAAsC,CAAC,CAAC;IAC5D,CAAC;IAED,OAAO,MAAM,CAAC,QAAQ,CAAC;AAC3B,CAAC;AAED,KAAK,UAAU,mBAAmB,CAAC,MAAc;IAC7C,IAAI,CAAC;QACD,OAAO,MAAM,EAAE,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;IACrC,CAAC;IAAC,MAAM,CAAC;QACL,OAAO,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;IAChC,CAAC;AACL,CAAC"}
|
|
@@ -57,17 +57,19 @@ describe("sandboxCanRead", () => {
|
|
|
57
57
|
const permissions = buildPermissions(workingDir, []);
|
|
58
58
|
await expect(sandboxCanRead(permissions, homeRandomFile)).rejects.toThrow("Read access denied for denied paths.");
|
|
59
59
|
});
|
|
60
|
-
it("
|
|
60
|
+
it("allows reading files in workingDir when workingDir is inside OS home", async () => {
|
|
61
61
|
const permissions = buildPermissions(path.join(homeDir, "workspace"), []);
|
|
62
|
-
await
|
|
62
|
+
const result = await sandboxCanRead(permissions, homeWorkspaceFile);
|
|
63
|
+
expect(result).toBe(await fs.realpath(homeWorkspaceFile));
|
|
63
64
|
});
|
|
64
65
|
it("denies reading files in explicitly granted writeDirs inside OS home", async () => {
|
|
65
66
|
const permissions = buildPermissions(workingDir, [path.join(homeDir, "allowed")]);
|
|
66
67
|
await expect(sandboxCanRead(permissions, homeWriteDirFile)).rejects.toThrow("Read access denied for denied paths.");
|
|
67
68
|
});
|
|
68
|
-
it("
|
|
69
|
+
it("allows reading files in explicitly granted readDirs inside OS home", async () => {
|
|
69
70
|
const permissions = buildPermissions(workingDir, [], [path.join(homeDir, ".daycare", "skills")]);
|
|
70
|
-
await
|
|
71
|
+
const result = await sandboxCanRead(permissions, homeReadDirFile);
|
|
72
|
+
expect(result).toBe(await fs.realpath(homeReadDirFile));
|
|
71
73
|
});
|
|
72
74
|
it("allows reading system paths outside home", async () => {
|
|
73
75
|
const permissions = buildPermissions(workingDir, []);
|