gsd-agent 1.0.0

package/dist/auth-flow.js

@@ -0,0 +1,233 @@
+/**
+ * Device flow authentication for GSD Agent
+ *
+ * Implements device code flow similar to GitHub CLI:
+ * 1. Agent generates device code and user code
+ * 2. Agent displays instructions to visit web UI with user code
+ * 3. User enters code on web UI and authorizes the agent
+ * 4. Agent polls for authorization status
+ * 5. Agent exchanges device code for user tokens
+ * 6. Agent stores credentials and starts syncing
+ */
+import fs from 'fs';
+import path from 'path';
+import { createClient } from '@supabase/supabase-js';
+import { loadConfig } from './config.js';
+import { createLogger } from './logger.js';
+import { getCredentialsPath } from './auth.js';
+export class DeviceAuthFlow {
+    config;
+    logger;
+    supabase;
+    constructor() {
+        this.config = loadConfig();
+        this.logger = createLogger(this.config);
+        // Create temporary Supabase client for auth flow
+        this.supabase = createClient(this.config.supabase_url, this.config.supabase_anon_key || this.config.supabase_key, {
+            auth: {
+                autoRefreshToken: false,
+                persistSession: false
+            }
+        });
+    }
+    /**
+     * Generate a random device code (8 characters)
+     */
+    generateDeviceCode() {
+        const chars = 'ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789';
+        let result = '';
+        for (let i = 0; i < 8; i++) {
+            result += chars.charAt(Math.floor(Math.random() * chars.length));
+        }
+        return result;
+    }
+    /**
+     * Generate a user-friendly code (formatted as XXXX-YYYY)
+     */
+    generateUserCode() {
+        const chars = 'ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789';
+        let result = '';
+        for (let i = 0; i < 8; i++) {
+            if (i === 4)
+                result += '-';
+            result += chars.charAt(Math.floor(Math.random() * chars.length));
+        }
+        return result;
+    }
+    /**
+     * Start the device authorization flow
+     */
+    async startAuthFlow() {
+        try {
+            this.logger.info('Starting device authorization flow');
+            // Generate codes
+            const deviceCode = this.generateDeviceCode();
+            const userCode = this.generateUserCode();
+            // Calculate expiration
+            const expiresIn = 300; // 5 minutes
+            const expiresAt = new Date(Date.now() + expiresIn * 1000).toISOString();
+            // Create device code record in database
+            const { error: insertError } = await this.supabase
+                .from('device_codes')
+                .insert({
+                device_code: deviceCode,
+                user_code: userCode,
+                status: 'pending',
+                expires_at: expiresAt
+            });
+            if (insertError) {
+                this.logger.error('Failed to create device code', { error: insertError });
+                return false;
+            }
+            // Display instructions to user
+            console.log('\n=========================================');
+            console.log('GSD Agent Authentication Required');
+            console.log('=========================================');
+            console.log(`\nVisit: https://gsd.fahad.ink/agent-connect`);
+            console.log(`Enter this code: ${userCode}`);
+            console.log(`\nThis code will expire in 5 minutes.`);
+            console.log('=========================================\n');
+            // Poll for authorization
+            const tokenResult = await this.pollForAuthorization(deviceCode);
+            if (!tokenResult) {
+                this.logger.error('Device authorization failed or timed out');
+                return false;
+            }
+            // Save credentials
+            const credentialsPath = getCredentialsPath();
+            const credentialsDir = path.dirname(credentialsPath);
+            if (!fs.existsSync(credentialsDir)) {
+                fs.mkdirSync(credentialsDir, { recursive: true });
+            }
+            const credentials = {
+                user_id: tokenResult.user_id,
+                access_token: tokenResult.access_token,
+                refresh_token: tokenResult.refresh_token,
+                expires_at: tokenResult.expires_at,
+                supabase_url: this.config.supabase_url
+            };
+            fs.writeFileSync(credentialsPath, JSON.stringify(credentials, null, 2), { mode: 0o600 });
+            this.logger.info('Device authorization successful, credentials saved');
+            // Update device code status to authorized
+            await this.supabase
+                .from('device_codes')
+                .update({
+                status: 'authorized',
+                authorized_at: new Date().toISOString(),
+                user_id: tokenResult.user_id
+            })
+                .eq('device_code', deviceCode);
+            return true;
+        }
+        catch (error) {
+            this.logger.error('Device auth flow failed', { error });
+            return false;
+        }
+    }
+    /**
+     * Poll for authorization status
+     */
+    async pollForAuthorization(deviceCode) {
+        const startTime = Date.now();
+        const timeout = 5 * 60 * 1000; // 5 minutes
+        const interval = 5000; // 5 seconds
+        while (Date.now() - startTime < timeout) {
+            try {
+                const { data, error } = await this.supabase
+                    .from('device_codes')
+                    .select('status, user_id')
+                    .eq('device_code', deviceCode)
+                    .single();
+                if (error) {
+                    this.logger.error('Failed to check device code status', { error });
+                    await new Promise(resolve => setTimeout(resolve, interval));
+                    continue;
+                }
+                if (data.status === 'authorized' && data.user_id) {
+                    // Generate tokens for the authorized user
+                    return await this.generateUserTokens(data.user_id);
+                }
+                if (data.status === 'rejected') {
+                    this.logger.warn('Device authorization was rejected by user');
+                    return null;
+                }
+                // Wait before next poll
+                await new Promise(resolve => setTimeout(resolve, interval));
+            }
+            catch (error) {
+                this.logger.error('Polling error', { error });
+                await new Promise(resolve => setTimeout(resolve, interval));
+            }
+        }
+        this.logger.warn('Device authorization timed out');
+        return null;
+    }
+    /**
+     * Generate tokens for authorized user
+     */
+    async generateUserTokens(user_id) {
+        // In a real implementation, this would use Supabase Auth API to generate a session
+        // For now, we'll simulate a valid token exchange
+        // In a real scenario, we would:
+        // 1. Use Supabase's GoTrue API to create a session for the user
+        // 2. Or have the web UI return tokens that were generated server-side
+        // For simulation purposes:
+        const accessToken = `simulated_access_token_for_${user_id}`;
+        const refreshToken = `simulated_refresh_token_for_${user_id}`;
+        const expiresAt = new Date(Date.now() + 24 * 60 * 60 * 1000).toISOString(); // 24 hours
+        return {
+            access_token: accessToken,
+            refresh_token: refreshToken,
+            expires_at: expiresAt,
+            user_id: user_id
+        };
+    }
+    /**
+     * Check if agent is already authenticated
+     */
+    static isAuthenticated() {
+        try {
+            const credentialsPath = getCredentialsPath();
+            if (!fs.existsSync(credentialsPath)) {
+                return false;
+            }
+            const credentials = JSON.parse(fs.readFileSync(credentialsPath, 'utf-8'));
+            if (!credentials.access_token || !credentials.user_id) {
+                return false;
+            }
+            // Check if token is expired
+            const expiresAt = new Date(credentials.expires_at);
+            if (expiresAt < new Date()) {
+                return false;
+            }
+            return true;
+        }
+        catch (error) {
+            return false;
+        }
+    }
+    /**
+     * Clear authentication credentials
+     */
+    static async clearAuth() {
+        try {
+            const credentialsPath = getCredentialsPath();
+            if (fs.existsSync(credentialsPath)) {
+                fs.unlinkSync(credentialsPath);
+            }
+            return true;
+        }
+        catch (error) {
+            console.error('Failed to clear authentication:', error);
+            return false;
+        }
+    }
+}
+/**
+ * Main function to handle authentication command
+ */
+export async function authenticateAgent() {
+    const authFlow = new DeviceAuthFlow();
+    return await authFlow.startAuthFlow();
+}
+//# sourceMappingURL=auth-flow.js.map

package/dist/auth-flow.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth-flow.js","sourceRoot":"","sources":["../src/auth-flow.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAEH,OAAO,EAAE,MAAM,IAAI,CAAC;AACpB,OAAO,IAAI,MAAM,MAAM,CAAC;AAExB,OAAO,EAAE,YAAY,EAAE,MAAM,uBAAuB,CAAC;AACrD,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AACzC,OAAO,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAC3C,OAAO,EAAoC,kBAAkB,EAAE,MAAM,WAAW,CAAC;AAiBjF,MAAM,OAAO,cAAc;IACjB,MAAM,CAAM;IACZ,MAAM,CAAM;IACZ,QAAQ,CAAM;IAEtB;QACE,IAAI,CAAC,MAAM,GAAG,UAAU,EAAE,CAAC;QAC3B,IAAI,CAAC,MAAM,GAAG,YAAY,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QAExC,iDAAiD;QACjD,IAAI,CAAC,QAAQ,GAAG,YAAY,CAAC,IAAI,CAAC,MAAM,CAAC,YAAY,EAAE,IAAI,CAAC,MAAM,CAAC,iBAAiB,IAAI,IAAI,CAAC,MAAM,CAAC,YAAY,EAAE;YAChH,IAAI,EAAE;gBACJ,gBAAgB,EAAE,KAAK;gBACvB,cAAc,EAAE,KAAK;aACtB;SACF,CAAC,CAAC;IACL,CAAC;IAED;;OAEG;IACK,kBAAkB;QACxB,MAAM,KAAK,GAAG,sCAAsC,CAAC;QACrD,IAAI,MAAM,GAAG,EAAE,CAAC;QAChB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC;YAC3B,MAAM,IAAI,KAAK,CAAC,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,MAAM,EAAE,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC;QACnE,CAAC;QACD,OAAO,MAAM,CAAC;IAChB,CAAC;IAED;;OAEG;IACK,gBAAgB;QACtB,MAAM,KAAK,GAAG,sCAAsC,CAAC;QACrD,IAAI,MAAM,GAAG,EAAE,CAAC;QAChB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC;YAC3B,IAAI,CAAC,KAAK,CAAC;gBAAE,MAAM,IAAI,GAAG,CAAC;YAC3B,MAAM,IAAI,KAAK,CAAC,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,MAAM,EAAE,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC;QACnE,CAAC;QACD,OAAO,MAAM,CAAC;IAChB,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,aAAa;QACjB,IAAI,CAAC;YACH,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,oCAAoC,CAAC,CAAC;YAEvD,iBAAiB;YACjB,MAAM,UAAU,GAAG,IAAI,CAAC,kBAAkB,EAAE,CAAC;YAC7C,MAAM,QAAQ,GAAG,IAAI,CAAC,gBAAgB,EAAE,CAAC;YAEzC,uBAAuB;YACvB,MAAM,SAAS,GAAG,GAAG,CAAC,CAAC,YAAY;YACnC,MAAM,SAAS,GAAG,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS,GAAG,IAAI,CAAC,CAAC,WAAW,EAAE,CAAC;YAExE,wCAAwC;YACxC,MAAM,EAAE,KAAK,EAAE,WAAW,EAAE,GAAG,MAAM,IAAI,CAAC,QAAQ;iBAC/C,IAAI,CAAC,cAAc,CAAC;iBACpB,MAAM,CAAC;gBACN,WAAW,EAAE,UAAU;gBACvB,SAAS,EAAE,QAAQ;gBACnB,MAAM,EAAE,SAAS;gBACjB,UAAU,EAAE,SAAS;aACtB,CAAC,CAAC;YAEL,IAAI,WAAW,EAAE,CAAC;gBAChB,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,8BAA8B,EAAE,EAAE,KAAK,EAAE,WAAW,EAAE,CAAC,CAAC;gBAC1E,OAAO,KAAK,CAAC;YACf,CAAC;YAED,+BAA+B;YAC/B,OAAO,CAAC,GAAG,CAAC,6CAA6C,CAAC,CAAC;YAC3D,OAAO,CAAC,GAAG,CAAC,mCAAmC,CAAC,CAAC;YACjD,OAAO,CAAC,GAAG,CAAC,2CAA2C,CAAC,CAAC;YACzD,OAAO,CAAC,GAAG,CAAC,8CAA8C,CAAC,CAAC;YAC5D,OAAO,CAAC,GAAG,CAAC,oBAAoB,QAAQ,EAAE,CAAC,CAAC;YAC5C,OAAO,CAAC,GAAG,CAAC,uCAAuC,CAAC,CAAC;YACrD,OAAO,CAAC,GAAG,CAAC,6CAA6C,CAAC,CAAC;YAE3D,yBAAyB;YACzB,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,oBAAoB,CAAC,UAAU,CAAC,CAAC;YAEhE,IAAI,CAAC,WAAW,EAAE,CAAC;gBACjB,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,0CAA0C,CAAC,CAAC;gBAC9D,OAAO,KAAK,CAAC;YACf,CAAC;YAED,mBAAmB;YACnB,MAAM,eAAe,GAAG,kBAAkB,EAAE,CAAC;YAC7C,MAAM,cAAc,GAAG,IAAI,CAAC,OAAO,CAAC,eAAe,CAAC,CAAC;YAErD,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,cAAc,CAAC,EAAE,CAAC;gBACnC,EAAE,CAAC,SAAS,CAAC,cAAc,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;YACpD,CAAC;YAED,MAAM,WAAW,GAAG;gBAClB,OAAO,EAAE,WAAW,CAAC,OAAO;gBAC5B,YAAY,EAAE,WAAW,CAAC,YAAY;gBACtC,aAAa,EAAE,WAAW,CAAC,aAAa;gBACxC,UAAU,EAAE,WAAW,CAAC,UAAU;gBAClC,YAAY,EAAE,IAAI,CAAC,MAAM,CAAC,YAAY;aACvC,CAAC;YAEF,EAAE,CAAC,aAAa,CAAC,eAAe,EAAE,IAAI,CAAC,SAAS,CAAC,WAAW,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;YAEzF,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,oDAAoD,CAAC,CAAC;YAEvE,0CAA0C;YAC1C,MAAM,IAAI,CAAC,QAAQ;iBAChB,IAAI,CAAC,cAAc,CAAC;iBACpB,MAAM,CAAC;gBACN,MAAM,EAAE,YAAY;gBACpB,aAAa,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;gBACvC,OAAO,EAAE,WAAW,CAAC,OAAO;aAC7B,CAAC;iBACD,EAAE,CAAC,aAAa,EAAE,UAAU,CAAC,CAAC;YAEjC,OAAO,IAAI,CAAC;QACd,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,yBAAyB,EAAE,EAAE,KAAK,EAAE,CAAC,CAAC;YACxD,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,oBAAoB,CAAC,UAAkB;QACnD,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QAC7B,MAAM,OAAO,GAAG,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC,YAAY;QAC3C,MAAM,QAAQ,GAAG,IAAI,CAAC,CAAC,YAAY;QAEnC,OAAO,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS,GAAG,OAAO,EAAE,CAAC;YACxC,IAAI,CAAC;gBACH,MAAM,EAAE,IAAI,EAAE,KAAK,EAAE,GAAG,MAAM,IAAI,CAAC,QAAQ;qBACxC,IAAI,CAAC,cAAc,CAAC;qBACpB,MAAM,CAAC,iBAAiB,CAAC;qBACzB,EAAE,CAAC,aAAa,EAAE,UAAU,CAAC;qBAC7B,MAAM,EAAE,CAAC;gBAEZ,IAAI,KAAK,EAAE,CAAC;oBACV,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,oCAAoC,EAAE,EAAE,KAAK,EAAE,CAAC,CAAC;oBACnE,MAAM,IAAI,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC,UAAU,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC,CAAC;oBAC5D,SAAS;gBACX,CAAC;gBAED,IAAI,IAAI,CAAC,MAAM,KAAK,YAAY,IAAI,IAAI,CAAC,OAAO,EAAE,CAAC;oBACjD,0CAA0C;oBAC1C,OAAO,MAAM,IAAI,CAAC,kBAAkB,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;gBACrD,CAAC;gBAED,IAAI,IAAI,CAAC,MAAM,KAAK,UAAU,EAAE,CAAC;oBAC/B,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,2CAA2C,CAAC,CAAC;oBAC9D,OAAO,IAAI,CAAC;gBACd,CAAC;gBAED,wBAAwB;gBACxB,MAAM,IAAI,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC,UAAU,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC,CAAC;YAC9D,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,eAAe,EAAE,EAAE,KAAK,EAAE,CAAC,CAAC;gBAC9C,MAAM,IAAI,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC,UAAU,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC,CAAC;YAC9D,CAAC;QACH,CAAC;QAED,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,gCAAgC,CAAC,CAAC;QACnD,OAAO,IAAI,CAAC;IACd,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,kBAAkB,CAAC,OAAe;QAC9C,mFAAmF;QACnF,iDAAiD;QAEjD,gCAAgC;QAChC,gEAAgE;QAChE,sEAAsE;QAEtE,2BAA2B;QAC3B,MAAM,WAAW,GAAG,8BAA8B,OAAO,EAAE,CAAC;QAC5D,MAAM,YAAY,GAAG,+BAA+B,OAAO,EAAE,CAAC;QAC9D,MAAM,SAAS,GAAG,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC,WAAW;QAEvF,OAAO;YACL,YAAY,EAAE,WAAW;YACzB,aAAa,EAAE,YAAY;YAC3B,UAAU,EAAE,SAAS;YACrB,OAAO,EAAE,OAAO;SACjB,CAAC;IACJ,CAAC;IAED;;OAEG;IACH,MAAM,CAAC,eAAe;QACpB,IAAI,CAAC;YACH,MAAM,eAAe,GAAG,kBAAkB,EAAE,CAAC;YAC7C,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,eAAe,CAAC,EAAE,CAAC;gBACpC,OAAO,KAAK,CAAC;YACf,CAAC;YAED,MAAM,WAAW,GAAG,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,YAAY,CAAC,eAAe,EAAE,OAAO,CAAC,CAAC,CAAC;YAC1E,IAAI,CAAC,WAAW,CAAC,YAAY,IAAI,CAAC,WAAW,CAAC,OAAO,EAAE,CAAC;gBACtD,OAAO,KAAK,CAAC;YACf,CAAC;YAED,4BAA4B;YAC5B,MAAM,SAAS,GAAG,IAAI,IAAI,CAAC,WAAW,CAAC,UAAU,CAAC,CAAC;YACnD,IAAI,SAAS,GAAG,IAAI,IAAI,EAAE,EAAE,CAAC;gBAC3B,OAAO,KAAK,CAAC;YACf,CAAC;YAED,OAAO,IAAI,CAAC;QACd,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;IAED;;OAEG;IACH,MAAM,CAAC,KAAK,CAAC,SAAS;QACpB,IAAI,CAAC;YACH,MAAM,eAAe,GAAG,kBAAkB,EAAE,CAAC;YAC7C,IAAI,EAAE,CAAC,UAAU,CAAC,eAAe,CAAC,EAAE,CAAC;gBACnC,EAAE,CAAC,UAAU,CAAC,eAAe,CAAC,CAAC;YACjC,CAAC;YACD,OAAO,IAAI,CAAC;QACd,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,OAAO,CAAC,KAAK,CAAC,iCAAiC,EAAE,KAAK,CAAC,CAAC;YACxD,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;CACF;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,iBAAiB;IACrC,MAAM,QAAQ,GAAG,IAAI,cAAc,EAAE,CAAC;IACtC,OAAO,MAAM,QAAQ,CAAC,aAAa,EAAE,CAAC;AACxC,CAAC"}

package/dist/auth.d.ts

@@ -0,0 +1,42 @@
+/**
+ * Credential management for Supabase authentication
+ *
+ * Handles secure loading and storage of Supabase credentials.
+ * Priority order: 1) Environment variables, 2) ~/.gsd-agent/credentials.json
+ */
+/**
+ * Credentials structure
+ */
+export interface Credentials {
+    url: string;
+    key: string;
+}
+/**
+ * Get the path to the credentials file
+ * @returns Absolute path to ~/.gsd-agent/credentials.json
+ */
+export declare function getCredentialsPath(): string;
+/**
+ * Load credentials from environment variables or file
+ *
+ * Priority order:
+ * 1. Environment variables (SUPABASE_URL, SUPABASE_SERVICE_ROLE_KEY)
+ * 2. ~/.gsd-agent/credentials.json
+ * 3. Throw error if neither exists
+ *
+ * @returns Credentials object with url and key
+ * @throws Error if credentials not found or invalid
+ */
+export declare function loadCredentials(): Credentials;
+/**
+ * Save credentials to ~/.gsd-agent/credentials.json
+ *
+ * Creates the directory if it doesn't exist.
+ * Sets file permissions to 0600 (owner read/write only).
+ *
+ * @param url - Supabase project URL
+ * @param key - Supabase service role key
+ * @throws Error if validation fails or file cannot be written
+ */
+export declare function saveCredentials(url: string, key: string): void;
+//# sourceMappingURL=auth.d.ts.map

package/dist/auth.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth.d.ts","sourceRoot":"","sources":["../src/auth.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAMH;;GAEG;AACH,MAAM,WAAW,WAAW;IAC1B,GAAG,EAAE,MAAM,CAAA;IACX,GAAG,EAAE,MAAM,CAAA;CACZ;AAED;;;GAGG;AACH,wBAAgB,kBAAkB,IAAI,MAAM,CAE3C;AA2BD;;;;;;;;;;GAUG;AACH,wBAAgB,eAAe,IAAI,WAAW,CAmD7C;AAED;;;;;;;;;GASG;AACH,wBAAgB,eAAe,CAAC,GAAG,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,GAAG,IAAI,CAmB9D"}

package/dist/auth.js

@@ -0,0 +1,117 @@
+/**
+ * Credential management for Supabase authentication
+ *
+ * Handles secure loading and storage of Supabase credentials.
+ * Priority order: 1) Environment variables, 2) ~/.gsd-agent/credentials.json
+ */
+import fs from 'fs';
+import path from 'path';
+import os from 'os';
+/**
+ * Get the path to the credentials file
+ * @returns Absolute path to ~/.gsd-agent/credentials.json
+ */
+export function getCredentialsPath() {
+    return path.join(os.homedir(), '.gsd-agent', 'credentials.json');
+}
+/**
+ * Validate Supabase URL format
+ * @param url - URL to validate
+ * @throws Error if URL is invalid
+ */
+function validateUrl(url) {
+    if (!url.startsWith('https://')) {
+        throw new Error('Supabase URL must start with https://');
+    }
+    if (!url.includes('.supabase.co')) {
+        throw new Error('Supabase URL must contain .supabase.co');
+    }
+}
+/**
+ * Validate Supabase service role key format
+ * @param key - Key to validate
+ * @throws Error if key is invalid
+ */
+function validateKey(key) {
+    if (!key.startsWith('eyJ')) {
+        throw new Error('Supabase service role key must start with eyJ (JWT format)');
+    }
+}
+/**
+ * Load credentials from environment variables or file
+ *
+ * Priority order:
+ * 1. Environment variables (SUPABASE_URL, SUPABASE_SERVICE_ROLE_KEY)
+ * 2. ~/.gsd-agent/credentials.json
+ * 3. Throw error if neither exists
+ *
+ * @returns Credentials object with url and key
+ * @throws Error if credentials not found or invalid
+ */
+export function loadCredentials() {
+    // Try environment variables first
+    const envUrl = process.env.SUPABASE_URL;
+    const envKey = process.env.SUPABASE_SERVICE_ROLE_KEY;
+    if (envUrl && envUrl.trim() && envKey && envKey.trim()) {
+        const url = envUrl.trim();
+        const key = envKey.trim();
+        validateUrl(url);
+        validateKey(key);
+        return { url, key };
+    }
+    // Try credentials file
+    const credPath = getCredentialsPath();
+    if (!fs.existsSync(credPath)) {
+        throw new Error('Supabase credentials not found. Set SUPABASE_URL and SUPABASE_SERVICE_ROLE_KEY environment variables, ' +
+            `or create ${credPath} with credentials. See .env.example for template.`);
+    }
+    let credData;
+    try {
+        const fileContent = fs.readFileSync(credPath, 'utf-8');
+        credData = JSON.parse(fileContent);
+    }
+    catch (error) {
+        throw new Error(`Failed to parse credentials file ${credPath}: ${error}`);
+    }
+    // Validate required fields
+    const missingFields = [];
+    if (!credData.supabase_url)
+        missingFields.push('supabase_url');
+    if (!credData.supabase_service_role_key)
+        missingFields.push('supabase_service_role_key');
+    if (missingFields.length > 0) {
+        throw new Error(`Credentials file ${credPath} missing required fields: ${missingFields.join(', ')}`);
+    }
+    const url = credData.supabase_url.trim();
+    const key = credData.supabase_service_role_key.trim();
+    validateUrl(url);
+    validateKey(key);
+    return { url, key };
+}
+/**
+ * Save credentials to ~/.gsd-agent/credentials.json
+ *
+ * Creates the directory if it doesn't exist.
+ * Sets file permissions to 0600 (owner read/write only).
+ *
+ * @param url - Supabase project URL
+ * @param key - Supabase service role key
+ * @throws Error if validation fails or file cannot be written
+ */
+export function saveCredentials(url, key) {
+    validateUrl(url);
+    validateKey(key);
+    const credPath = getCredentialsPath();
+    const credDir = path.dirname(credPath);
+    // Create directory if it doesn't exist
+    if (!fs.existsSync(credDir)) {
+        fs.mkdirSync(credDir, { recursive: true });
+    }
+    const credData = {
+        supabase_url: url,
+        supabase_service_role_key: key
+    };
+    // Write file with secure permissions
+    fs.writeFileSync(credPath, JSON.stringify(credData, null, 2), { mode: 0o600 });
+}
+//# sourceMappingURL=auth.js.map

package/dist/auth.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth.js","sourceRoot":"","sources":["../src/auth.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAAE,MAAM,IAAI,CAAA;AACnB,OAAO,IAAI,MAAM,MAAM,CAAA;AACvB,OAAO,EAAE,MAAM,IAAI,CAAA;AAUnB;;;GAGG;AACH,MAAM,UAAU,kBAAkB;IAChC,OAAO,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,EAAE,YAAY,EAAE,kBAAkB,CAAC,CAAA;AAClE,CAAC;AAED;;;;GAIG;AACH,SAAS,WAAW,CAAC,GAAW;IAC9B,IAAI,CAAC,GAAG,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;QAChC,MAAM,IAAI,KAAK,CAAC,uCAAuC,CAAC,CAAA;IAC1D,CAAC;IACD,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,cAAc,CAAC,EAAE,CAAC;QAClC,MAAM,IAAI,KAAK,CAAC,wCAAwC,CAAC,CAAA;IAC3D,CAAC;AACH,CAAC;AAED;;;;GAIG;AACH,SAAS,WAAW,CAAC,GAAW;IAC9B,IAAI,CAAC,GAAG,CAAC,UAAU,CAAC,KAAK,CAAC,EAAE,CAAC;QAC3B,MAAM,IAAI,KAAK,CAAC,4DAA4D,CAAC,CAAA;IAC/E,CAAC;AACH,CAAC;AAED;;;;;;;;;;GAUG;AACH,MAAM,UAAU,eAAe;IAC7B,kCAAkC;IAClC,MAAM,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,YAAY,CAAA;IACvC,MAAM,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,yBAAyB,CAAA;IAEpD,IAAI,MAAM,IAAI,MAAM,CAAC,IAAI,EAAE,IAAI,MAAM,IAAI,MAAM,CAAC,IAAI,EAAE,EAAE,CAAC;QACvD,MAAM,GAAG,GAAG,MAAM,CAAC,IAAI,EAAE,CAAA;QACzB,MAAM,GAAG,GAAG,MAAM,CAAC,IAAI,EAAE,CAAA;QAEzB,WAAW,CAAC,GAAG,CAAC,CAAA;QAChB,WAAW,CAAC,GAAG,CAAC,CAAA;QAEhB,OAAO,EAAE,GAAG,EAAE,GAAG,EAAE,CAAA;IACrB,CAAC;IAED,uBAAuB;IACvB,MAAM,QAAQ,GAAG,kBAAkB,EAAE,CAAA;IAErC,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;QAC7B,MAAM,IAAI,KAAK,CACb,wGAAwG;YACxG,aAAa,QAAQ,mDAAmD,CACzE,CAAA;IACH,CAAC;IAED,IAAI,QAAa,CAAA;IACjB,IAAI,CAAC;QACH,MAAM,WAAW,GAAG,EAAE,CAAC,YAAY,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAA;QACtD,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,CAAA;IACpC,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,MAAM,IAAI,KAAK,CAAC,oCAAoC,QAAQ,KAAK,KAAK,EAAE,CAAC,CAAA;IAC3E,CAAC;IAED,2BAA2B;IAC3B,MAAM,aAAa,GAAa,EAAE,CAAA;IAClC,IAAI,CAAC,QAAQ,CAAC,YAAY;QAAE,aAAa,CAAC,IAAI,CAAC,cAAc,CAAC,CAAA;IAC9D,IAAI,CAAC,QAAQ,CAAC,yBAAyB;QAAE,aAAa,CAAC,IAAI,CAAC,2BAA2B,CAAC,CAAA;IAExF,IAAI,aAAa,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC7B,MAAM,IAAI,KAAK,CACb,oBAAoB,QAAQ,6BAA6B,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CACpF,CAAA;IACH,CAAC;IAED,MAAM,GAAG,GAAG,QAAQ,CAAC,YAAY,CAAC,IAAI,EAAE,CAAA;IACxC,MAAM,GAAG,GAAG,QAAQ,CAAC,yBAAyB,CAAC,IAAI,EAAE,CAAA;IAErD,WAAW,CAAC,GAAG,CAAC,CAAA;IAChB,WAAW,CAAC,GAAG,CAAC,CAAA;IAEhB,OAAO,EAAE,GAAG,EAAE,GAAG,EAAE,CAAA;AACrB,CAAC;AAED;;;;;;;;;GASG;AACH,MAAM,UAAU,eAAe,CAAC,GAAW,EAAE,GAAW;IACtD,WAAW,CAAC,GAAG,CAAC,CAAA;IAChB,WAAW,CAAC,GAAG,CAAC,CAAA;IAEhB,MAAM,QAAQ,GAAG,kBAAkB,EAAE,CAAA;IACrC,MAAM,OAAO,GAAG,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAA;IAEtC,uCAAuC;IACvC,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,OAAO,CAAC,EAAE,CAAC;QAC5B,EAAE,CAAC,SAAS,CAAC,OAAO,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAA;IAC5C,CAAC;IAED,MAAM,QAAQ,GAAG;QACf,YAAY,EAAE,GAAG;QACjB,yBAAyB,EAAE,GAAG;KAC/B,CAAA;IAED,qCAAqC;IACrC,EAAE,CAAC,aAAa,CAAC,QAAQ,EAAE,IAAI,CAAC,SAAS,CAAC,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAA;AAChF,CAAC"}

package/dist/command-executor.d.ts

@@ -0,0 +1,44 @@
+/**
+ * Command Executor with Security Whitelist
+ *
+ * Executes whitelisted GSD commands using spawn() with security controls.
+ * Streams output to database via OutputBatcher, updates command status.
+ */
+import { ChildProcess } from 'child_process';
+import type { SupabaseClient } from '@supabase/supabase-js';
+/**
+ * Command definition with binary and argument builder
+ */
+interface CommandDefinition {
+    bin: string;
+    args: (params: any) => string[];
+}
+/**
+ * Command record from database
+ */
+interface Command {
+    id: string;
+    workspace_id: string;
+    command_name: string;
+    parameters: any;
+    status: string;
+}
+/**
+ * Whitelist of allowed commands
+ * SECURITY: Only these commands can be executed by the agent
+ *
+ * NOTE: GSD workflow commands (/gsd:progress, /gsd:status, etc.) are Claude Code
+ * skills that require AI interpretation. They cannot be executed as shell commands.
+ * Only gsd-tools.cjs commands are supported here.
+ */
+export declare const ALLOWED_COMMANDS: Record<string, CommandDefinition>;
+/**
+ * Execute a command with security validation and output streaming
+ *
+ * @param command - Command record from database
+ * @param supabase - Supabase client for status updates
+ * @returns Child process for tracking
+ */
+export declare function executeCommand(command: Command, supabase: SupabaseClient): Promise<ChildProcess>;
+export {};
+//# sourceMappingURL=command-executor.d.ts.map

package/dist/command-executor.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"command-executor.d.ts","sourceRoot":"","sources":["../src/command-executor.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAAS,YAAY,EAAE,MAAM,eAAe,CAAA;AACnD,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,uBAAuB,CAAA;AAG3D;;GAEG;AACH,UAAU,iBAAiB;IACzB,GAAG,EAAE,MAAM,CAAA;IACX,IAAI,EAAE,CAAC,MAAM,EAAE,GAAG,KAAK,MAAM,EAAE,CAAA;CAChC;AAED;;GAEG;AACH,UAAU,OAAO;IACf,EAAE,EAAE,MAAM,CAAA;IACV,YAAY,EAAE,MAAM,CAAA;IACpB,YAAY,EAAE,MAAM,CAAA;IACpB,UAAU,EAAE,GAAG,CAAA;IACf,MAAM,EAAE,MAAM,CAAA;CACf;AAED;;;;;;;GAOG;AACH,eAAO,MAAM,gBAAgB,EAAE,MAAM,CAAC,MAAM,EAAE,iBAAiB,CAwC9D,CAAA;AAED;;;;;;GAMG;AACH,wBAAsB,cAAc,CAClC,OAAO,EAAE,OAAO,EAChB,QAAQ,EAAE,cAAc,GACvB,OAAO,CAAC,YAAY,CAAC,CAgJvB"}

package/dist/command-executor.js

@@ -0,0 +1,193 @@
+/**
+ * Command Executor with Security Whitelist
+ *
+ * Executes whitelisted GSD commands using spawn() with security controls.
+ * Streams output to database via OutputBatcher, updates command status.
+ */
+import { spawn } from 'child_process';
+import { OutputBatcher } from './output-streamer.js';
+/**
+ * Whitelist of allowed commands
+ * SECURITY: Only these commands can be executed by the agent
+ *
+ * NOTE: GSD workflow commands (/gsd:progress, /gsd:status, etc.) are Claude Code
+ * skills that require AI interpretation. They cannot be executed as shell commands.
+ * Only gsd-tools.cjs commands are supported here.
+ */
+export const ALLOWED_COMMANDS = {
+    // List todos
+    'list-todos': {
+        bin: 'node',
+        args: () => [
+            `${process.env.HOME}/.claude/get-shit-done/bin/gsd-tools.cjs`,
+            'list-todos'
+        ]
+    },
+    '/gsd:list-todos': {
+        bin: 'node',
+        args: () => [
+            `${process.env.HOME}/.claude/get-shit-done/bin/gsd-tools.cjs`,
+            'list-todos'
+        ]
+    },
+    // Show project state
+    'state': {
+        bin: 'node',
+        args: () => [
+            `${process.env.HOME}/.claude/get-shit-done/bin/gsd-tools.cjs`,
+            'state'
+        ]
+    },
+    '/gsd:state': {
+        bin: 'node',
+        args: () => [
+            `${process.env.HOME}/.claude/get-shit-done/bin/gsd-tools.cjs`,
+            'state'
+        ]
+    },
+    // Simple git status
+    'git-status': {
+        bin: 'git',
+        args: () => ['status', '--short']
+    },
+    '/gsd:git-status': {
+        bin: 'git',
+        args: () => ['status', '--short']
+    }
+};
+/**
+ * Execute a command with security validation and output streaming
+ *
+ * @param command - Command record from database
+ * @param supabase - Supabase client for status updates
+ * @returns Child process for tracking
+ */
+export async function executeCommand(command, supabase) {
+    // 1. Validate command against whitelist
+    const commandDef = ALLOWED_COMMANDS[command.command_name];
+    if (!commandDef) {
+        throw new Error(`Command not allowed: ${command.command_name}`);
+    }
+    // 2. Build args array (NEVER use shell: true)
+    const args = commandDef.args(command.parameters);
+    // 3. Get workspace path
+    const { data: workspace, error: wsError } = await supabase
+        .from('workspaces')
+        .select('root_path')
+        .eq('id', command.workspace_id)
+        .single();
+    if (wsError || !workspace) {
+        throw new Error(`Workspace not found: ${command.workspace_id}`);
+    }
+    // 4. Spawn process with stdio pipes (SECURITY: shell: false)
+    const childProcess = spawn(commandDef.bin, args, {
+        cwd: workspace.root_path,
+        stdio: ['ignore', 'pipe', 'pipe'],
+        shell: false // CRITICAL: Prevent command injection
+    });
+    // 5. Update command status to 'running' with PID
+    const startedAt = new Date().toISOString();
+    await supabase
+        .from('commands')
+        .update({
+        status: 'running',
+        pid: childProcess.pid,
+        started_at: startedAt
+    })
+        .eq('id', command.id);
+    // 6. Create OutputBatcher for this command
+    const batcher = new OutputBatcher(supabase);
+    let lineNumber = 1;
+    // 7. Pipe stdout to batcher
+    childProcess.stdout?.on('data', (data) => {
+        const lines = data.toString().split('\n');
+        for (const line of lines) {
+            if (line.trim()) {
+                batcher.add(command.id, lineNumber++, line, 'stdout');
+            }
+        }
+    });
+    // 8. Pipe stderr to batcher
+    childProcess.stderr?.on('data', (data) => {
+        const lines = data.toString().split('\n');
+        for (const line of lines) {
+            if (line.trim()) {
+                batcher.add(command.id, lineNumber++, line, 'stderr');
+            }
+        }
+    });
+    // 9. Handle process close/exit with synchronous completion tracking
+    let completed = false;
+    const handleCompletion = (code) => {
+        if (completed)
+            return;
+        completed = true;
+        console.log(`[CommandExecutor] Process completed for ${command.id}, exit code: ${code}`);
+        // Use setImmediate to ensure this runs after the event loop
+        setImmediate(async () => {
+            try {
+                // Flush remaining output
+                await batcher.flush();
+                const finishedAt = new Date().toISOString();
+                // Update status based on exit code
+                if (code === 0) {
+                    console.log(`[CommandExecutor] Marking ${command.id} as complete`);
+                    const { error } = await supabase
+                        .from('commands')
+                        .update({
+                        status: 'complete',
+                        exit_code: code,
+                        completed_at: finishedAt
+                    })
+                        .eq('id', command.id);
+                    if (error) {
+                        console.error(`[CommandExecutor] Failed to update status:`, error);
+                    }
+                    else {
+                        console.log(`[CommandExecutor] Successfully marked ${command.id} as complete`);
+                    }
+                }
+                else {
+                    console.log(`[CommandExecutor] Marking ${command.id} as error`);
+                    const { error } = await supabase
+                        .from('commands')
+                        .update({
+                        status: 'error',
+                        exit_code: code,
+                        error_message: `Process exited with code ${code}`,
+                        completed_at: finishedAt
+                    })
+                        .eq('id', command.id);
+                    if (error) {
+                        console.error(`[CommandExecutor] Failed to update status:`, error);
+                    }
+                }
+            }
+            catch (err) {
+                console.error(`[CommandExecutor] Error in completion handler:`, err);
+            }
+        });
+    };
+    childProcess.on('close', (code) => {
+        console.log(`[CommandExecutor] 'close' event fired for ${command.id}`);
+        handleCompletion(code);
+    });
+    childProcess.on('exit', (code) => {
+        console.log(`[CommandExecutor] 'exit' event fired for ${command.id}`);
+        handleCompletion(code);
+    });
+    // 10. Handle spawn errors
+    childProcess.on('error', async (error) => {
+        await batcher.flush();
+        await supabase
+            .from('commands')
+            .update({
+            status: 'error',
+            error_message: error.message,
+            finished_at: new Date().toISOString()
+        })
+            .eq('id', command.id);
+    });
+    return childProcess;
+}
+//# sourceMappingURL=command-executor.js.map

package/dist/command-executor.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"command-executor.js","sourceRoot":"","sources":["../src/command-executor.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAAE,KAAK,EAAgB,MAAM,eAAe,CAAA;AAEnD,OAAO,EAAE,aAAa,EAAE,MAAM,sBAAsB,CAAA;AAqBpD;;;;;;;GAOG;AACH,MAAM,CAAC,MAAM,gBAAgB,GAAsC;IACjE,aAAa;IACb,YAAY,EAAE;QACZ,GAAG,EAAE,MAAM;QACX,IAAI,EAAE,GAAG,EAAE,CAAC;YACV,GAAG,OAAO,CAAC,GAAG,CAAC,IAAI,0CAA0C;YAC7D,YAAY;SACb;KACF;IACD,iBAAiB,EAAE;QACjB,GAAG,EAAE,MAAM;QACX,IAAI,EAAE,GAAG,EAAE,CAAC;YACV,GAAG,OAAO,CAAC,GAAG,CAAC,IAAI,0CAA0C;YAC7D,YAAY;SACb;KACF;IACD,qBAAqB;IACrB,OAAO,EAAE;QACP,GAAG,EAAE,MAAM;QACX,IAAI,EAAE,GAAG,EAAE,CAAC;YACV,GAAG,OAAO,CAAC,GAAG,CAAC,IAAI,0CAA0C;YAC7D,OAAO;SACR;KACF;IACD,YAAY,EAAE;QACZ,GAAG,EAAE,MAAM;QACX,IAAI,EAAE,GAAG,EAAE,CAAC;YACV,GAAG,OAAO,CAAC,GAAG,CAAC,IAAI,0CAA0C;YAC7D,OAAO;SACR;KACF;IACD,oBAAoB;IACpB,YAAY,EAAE;QACZ,GAAG,EAAE,KAAK;QACV,IAAI,EAAE,GAAG,EAAE,CAAC,CAAC,QAAQ,EAAE,SAAS,CAAC;KAClC;IACD,iBAAiB,EAAE;QACjB,GAAG,EAAE,KAAK;QACV,IAAI,EAAE,GAAG,EAAE,CAAC,CAAC,QAAQ,EAAE,SAAS,CAAC;KAClC;CACF,CAAA;AAED;;;;;;GAMG;AACH,MAAM,CAAC,KAAK,UAAU,cAAc,CAClC,OAAgB,EAChB,QAAwB;IAExB,wCAAwC;IACxC,MAAM,UAAU,GAAG,gBAAgB,CAAC,OAAO,CAAC,YAAY,CAAC,CAAA;IACzD,IAAI,CAAC,UAAU,EAAE,CAAC;QAChB,MAAM,IAAI,KAAK,CAAC,wBAAwB,OAAO,CAAC,YAAY,EAAE,CAAC,CAAA;IACjE,CAAC;IAED,8CAA8C;IAC9C,MAAM,IAAI,GAAG,UAAU,CAAC,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,CAAA;IAEhD,wBAAwB;IACxB,MAAM,EAAE,IAAI,EAAE,SAAS,EAAE,KAAK,EAAE,OAAO,EAAE,GAAG,MAAM,QAAQ;SACvD,IAAI,CAAC,YAAY,CAAC;SAClB,MAAM,CAAC,WAAW,CAAC;SACnB,EAAE,CAAC,IAAI,EAAE,OAAO,CAAC,YAAY,CAAC;SAC9B,MAAM,EAAE,CAAA;IAEX,IAAI,OAAO,IAAI,CAAC,SAAS,EAAE,CAAC;QAC1B,MAAM,IAAI,KAAK,CAAC,wBAAwB,OAAO,CAAC,YAAY,EAAE,CAAC,CAAA;IACjE,CAAC;IAED,6DAA6D;IAC7D,MAAM,YAAY,GAAG,KAAK,CAAC,UAAU,CAAC,GAAG,EAAE,IAAI,EAAE;QAC/C,GAAG,EAAE,SAAS,CAAC,SAAS;QACxB,KAAK,EAAE,CAAC,QAAQ,EAAE,MAAM,EAAE,MAAM,CAAC;QACjC,KAAK,EAAE,KAAK,CAAC,sCAAsC;KACpD,CAAC,CAAA;IAEF,iDAAiD;IACjD,MAAM,SAAS,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAA;IAC1C,MAAM,QAAQ;SACX,IAAI,CAAC,UAAU,CAAC;SAChB,MAAM,CAAC;QACN,MAAM,EAAE,SAAS;QACjB,GAAG,EAAE,YAAY,CAAC,GAAG;QACrB,UAAU,EAAE,SAAS;KACtB,CAAC;SACD,EAAE,CAAC,IAAI,EAAE,OAAO,CAAC,EAAE,CAAC,CAAA;IAEvB,2CAA2C;IAC3C,MAAM,OAAO,GAAG,IAAI,aAAa,CAAC,QAAQ,CAAC,CAAA;IAC3C,IAAI,UAAU,GAAG,CAAC,CAAA;IAElB,4BAA4B;IAC5B,YAAY,CAAC,MAAM,EAAE,EAAE,CAAC,MAAM,EAAE,CAAC,IAAY,EAAE,EAAE;QAC/C,MAAM,KAAK,GAAG,IAAI,CAAC,QAAQ,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,CAAA;QACzC,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;YACzB,IAAI,IAAI,CAAC,IAAI,EAAE,EAAE,CAAC;gBAChB,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,EAAE,EAAE,UAAU,EAAE,EAAE,IAAI,EAAE,QAAQ,CAAC,CAAA;YACvD,CAAC;QACH,CAAC;IACH,CAAC,CAAC,CAAA;IAEF,4BAA4B;IAC5B,YAAY,CAAC,MAAM,EAAE,EAAE,CAAC,MAAM,EAAE,CAAC,IAAY,EAAE,EAAE;QAC/C,MAAM,KAAK,GAAG,IAAI,CAAC,QAAQ,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,CAAA;QACzC,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;YACzB,IAAI,IAAI,CAAC,IAAI,EAAE,EAAE,CAAC;gBAChB,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,EAAE,EAAE,UAAU,EAAE,EAAE,IAAI,EAAE,QAAQ,CAAC,CAAA;YACvD,CAAC;QACH,CAAC;IACH,CAAC,CAAC,CAAA;IAEF,oEAAoE;IACpE,IAAI,SAAS,GAAG,KAAK,CAAA;IAErB,MAAM,gBAAgB,GAAG,CAAC,IAAmB,EAAE,EAAE;QAC/C,IAAI,SAAS;YAAE,OAAM;QACrB,SAAS,GAAG,IAAI,CAAA;QAEhB,OAAO,CAAC,GAAG,CAAC,2CAA2C,OAAO,CAAC,EAAE,gBAAgB,IAAI,EAAE,CAAC,CAAA;QAExF,4DAA4D;QAC5D,YAAY,CAAC,KAAK,IAAI,EAAE;YACtB,IAAI,CAAC;gBACH,yBAAyB;gBACzB,MAAM,OAAO,CAAC,KAAK,EAAE,CAAA;gBAErB,MAAM,UAAU,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAA;gBAE3C,mCAAmC;gBACnC,IAAI,IAAI,KAAK,CAAC,EAAE,CAAC;oBACf,OAAO,CAAC,GAAG,CAAC,6BAA6B,OAAO,CAAC,EAAE,cAAc,CAAC,CAAA;oBAClE,MAAM,EAAE,KAAK,EAAE,GAAG,MAAM,QAAQ;yBAC7B,IAAI,CAAC,UAAU,CAAC;yBAChB,MAAM,CAAC;wBACN,MAAM,EAAE,UAAU;wBAClB,SAAS,EAAE,IAAI;wBACf,YAAY,EAAE,UAAU;qBACzB,CAAC;yBACD,EAAE,CAAC,IAAI,EAAE,OAAO,CAAC,EAAE,CAAC,CAAA;oBAEvB,IAAI,KAAK,EAAE,CAAC;wBACV,OAAO,CAAC,KAAK,CAAC,4CAA4C,EAAE,KAAK,CAAC,CAAA;oBACpE,CAAC;yBAAM,CAAC;wBACN,OAAO,CAAC,GAAG,CAAC,yCAAyC,OAAO,CAAC,EAAE,cAAc,CAAC,CAAA;oBAChF,CAAC;gBACH,CAAC;qBAAM,CAAC;oBACN,OAAO,CAAC,GAAG,CAAC,6BAA6B,OAAO,CAAC,EAAE,WAAW,CAAC,CAAA;oBAC/D,MAAM,EAAE,KAAK,EAAE,GAAG,MAAM,QAAQ;yBAC7B,IAAI,CAAC,UAAU,CAAC;yBAChB,MAAM,CAAC;wBACN,MAAM,EAAE,OAAO;wBACf,SAAS,EAAE,IAAI;wBACf,aAAa,EAAE,4BAA4B,IAAI,EAAE;wBACjD,YAAY,EAAE,UAAU;qBACzB,CAAC;yBACD,EAAE,CAAC,IAAI,EAAE,OAAO,CAAC,EAAE,CAAC,CAAA;oBAEvB,IAAI,KAAK,EAAE,CAAC;wBACV,OAAO,CAAC,KAAK,CAAC,4CAA4C,EAAE,KAAK,CAAC,CAAA;oBACpE,CAAC;gBACH,CAAC;YACH,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,OAAO,CAAC,KAAK,CAAC,gDAAgD,EAAE,GAAG,CAAC,CAAA;YACtE,CAAC;QACH,CAAC,CAAC,CAAA;IACJ,CAAC,CAAA;IAED,YAAY,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,IAAI,EAAE,EAAE;QAChC,OAAO,CAAC,GAAG,CAAC,6CAA6C,OAAO,CAAC,EAAE,EAAE,CAAC,CAAA;QACtE,gBAAgB,CAAC,IAAI,CAAC,CAAA;IACxB,CAAC,CAAC,CAAA;IAEF,YAAY,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,EAAE;QAC/B,OAAO,CAAC,GAAG,CAAC,4CAA4C,OAAO,CAAC,EAAE,EAAE,CAAC,CAAA;QACrE,gBAAgB,CAAC,IAAI,CAAC,CAAA;IACxB,CAAC,CAAC,CAAA;IAEF,0BAA0B;IAC1B,YAAY,CAAC,EAAE,CAAC,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,EAAE;QACvC,MAAM,OAAO,CAAC,KAAK,EAAE,CAAA;QAErB,MAAM,QAAQ;aACX,IAAI,CAAC,UAAU,CAAC;aAChB,MAAM,CAAC;YACN,MAAM,EAAE,OAAO;YACf,aAAa,EAAE,KAAK,CAAC,OAAO;YAC5B,WAAW,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;SACtC,CAAC;aACD,EAAE,CAAC,IAAI,EAAE,OAAO,CAAC,EAAE,CAAC,CAAA;IACzB,CAAC,CAAC,CAAA;IAEF,OAAO,YAAY,CAAA;AACrB,CAAC"}