npm - instar - Versions diffs - 0.28.75 → 0.28.76 - Mend

instar 0.28.75 → 0.28.76

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (316) hide show

package/dist/cli.js +4 -0
package/dist/cli.js.map +1 -1
package/dist/commands/discovery.d.ts.map +1 -1
package/dist/commands/discovery.js +1 -0
package/dist/commands/discovery.js.map +1 -1
package/dist/commands/init.d.ts.map +1 -1
package/dist/commands/init.js +2 -0
package/dist/commands/init.js.map +1 -1
package/dist/commands/job.d.ts.map +1 -1
package/dist/commands/job.js +1 -0
package/dist/commands/job.js.map +1 -1
package/dist/commands/ledgerCleanup.d.ts.map +1 -1
package/dist/commands/ledgerCleanup.js +1 -0
package/dist/commands/ledgerCleanup.js.map +1 -1
package/dist/commands/listener.d.ts.map +1 -1
package/dist/commands/listener.js +6 -0
package/dist/commands/listener.js.map +1 -1
package/dist/commands/nuke.d.ts.map +1 -1
package/dist/commands/nuke.js +6 -0
package/dist/commands/nuke.js.map +1 -1
package/dist/commands/server.d.ts.map +1 -1
package/dist/commands/server.js +2 -0
package/dist/commands/server.js.map +1 -1
package/dist/commands/setup.d.ts.map +1 -1
package/dist/commands/setup.js +6 -0
package/dist/commands/setup.js.map +1 -1
package/dist/commands/slack-cli.d.ts.map +1 -1
package/dist/commands/slack-cli.js +4 -0
package/dist/commands/slack-cli.js.map +1 -1
package/dist/commands/whatsapp.d.ts.map +1 -1
package/dist/commands/whatsapp.js +1 -0
package/dist/commands/whatsapp.js.map +1 -1
package/dist/commands/worktree.d.ts.map +1 -1
package/dist/commands/worktree.js +1 -0
package/dist/commands/worktree.js.map +1 -1
package/dist/core/AgentConnector.d.ts.map +1 -1
package/dist/core/AgentConnector.js +3 -0
package/dist/core/AgentConnector.js.map +1 -1
package/dist/core/AgentRegistry.d.ts.map +1 -1
package/dist/core/AgentRegistry.js +2 -0
package/dist/core/AgentRegistry.js.map +1 -1
package/dist/core/AutoDispatcher.d.ts.map +1 -1
package/dist/core/AutoDispatcher.js +1 -0
package/dist/core/AutoDispatcher.js.map +1 -1
package/dist/core/AutoUpdater.d.ts.map +1 -1
package/dist/core/AutoUpdater.js +1 -0
package/dist/core/AutoUpdater.js.map +1 -1
package/dist/core/AutonomousEvolution.d.ts.map +1 -1
package/dist/core/AutonomousEvolution.js +1 -0
package/dist/core/AutonomousEvolution.js.map +1 -1
package/dist/core/BackupManager.d.ts.map +1 -1
package/dist/core/BackupManager.js +1 -0
package/dist/core/BackupManager.js.map +1 -1
package/dist/core/BranchManager.d.ts.map +1 -1
package/dist/core/BranchManager.js +1 -0
package/dist/core/BranchManager.js.map +1 -1
package/dist/core/CaffeinateManager.d.ts.map +1 -1
package/dist/core/CaffeinateManager.js +1 -0
package/dist/core/CaffeinateManager.js.map +1 -1
package/dist/core/DeferredDispatchTracker.d.ts.map +1 -1
package/dist/core/DeferredDispatchTracker.js +1 -0
package/dist/core/DeferredDispatchTracker.js.map +1 -1
package/dist/core/DispatchManager.d.ts.map +1 -1
package/dist/core/DispatchManager.js +2 -0
package/dist/core/DispatchManager.js.map +1 -1
package/dist/core/EvolutionManager.d.ts.map +1 -1
package/dist/core/EvolutionManager.js +1 -0
package/dist/core/EvolutionManager.js.map +1 -1
package/dist/core/ExecutionJournal.d.ts.map +1 -1
package/dist/core/ExecutionJournal.js +1 -0
package/dist/core/ExecutionJournal.js.map +1 -1
package/dist/core/FeedbackManager.d.ts.map +1 -1
package/dist/core/FeedbackManager.js +1 -0
package/dist/core/FeedbackManager.js.map +1 -1
package/dist/core/FileClassifier.d.ts.map +1 -1
package/dist/core/FileClassifier.js +4 -0
package/dist/core/FileClassifier.js.map +1 -1
package/dist/core/ForegroundRestartWatcher.d.ts.map +1 -1
package/dist/core/ForegroundRestartWatcher.js +2 -0
package/dist/core/ForegroundRestartWatcher.js.map +1 -1
package/dist/core/GitStateManager.d.ts.map +1 -1
package/dist/core/GitStateManager.js +1 -0
package/dist/core/GitStateManager.js.map +1 -1
package/dist/core/GitSync.d.ts.map +1 -1
package/dist/core/GitSync.js +3 -0
package/dist/core/GitSync.js.map +1 -1
package/dist/core/GlobalInstallCleanup.d.ts.map +1 -1
package/dist/core/GlobalInstallCleanup.js +2 -0
package/dist/core/GlobalInstallCleanup.js.map +1 -1
package/dist/core/GlobalSecretStore.d.ts.map +1 -1
package/dist/core/GlobalSecretStore.js +2 -0
package/dist/core/GlobalSecretStore.js.map +1 -1
package/dist/core/HandoffManager.d.ts.map +1 -1
package/dist/core/HandoffManager.js +2 -0
package/dist/core/HandoffManager.js.map +1 -1
package/dist/core/LedgerSessionRegistry.d.ts.map +1 -1
package/dist/core/LedgerSessionRegistry.js +1 -0
package/dist/core/LedgerSessionRegistry.js.map +1 -1
package/dist/core/MachineIdentity.d.ts.map +1 -1
package/dist/core/MachineIdentity.js +1 -0
package/dist/core/MachineIdentity.js.map +1 -1
package/dist/core/ParallelDevWiring.d.ts.map +1 -1
package/dist/core/ParallelDevWiring.js +1 -0
package/dist/core/ParallelDevWiring.js.map +1 -1
package/dist/core/PostUpdateMigrator.d.ts.map +1 -1
package/dist/core/PostUpdateMigrator.js +2 -0
package/dist/core/PostUpdateMigrator.js.map +1 -1
package/dist/core/ProjectMapper.d.ts.map +1 -1
package/dist/core/ProjectMapper.js +2 -0
package/dist/core/ProjectMapper.js.map +1 -1
package/dist/core/RelationshipManager.d.ts.map +1 -1
package/dist/core/RelationshipManager.js +2 -0
package/dist/core/RelationshipManager.js.map +1 -1
package/dist/core/SafeFsExecutor.d.ts +41 -0
package/dist/core/SafeFsExecutor.d.ts.map +1 -0
package/dist/core/SafeFsExecutor.js +146 -0
package/dist/core/SafeFsExecutor.js.map +1 -0
package/dist/core/SafeGitExecutor.d.ts +139 -0
package/dist/core/SafeGitExecutor.d.ts.map +1 -0
package/dist/core/SafeGitExecutor.js +631 -0
package/dist/core/SafeGitExecutor.js.map +1 -0
package/dist/core/ScopeVerifier.d.ts.map +1 -1
package/dist/core/ScopeVerifier.js +1 -0
package/dist/core/ScopeVerifier.js.map +1 -1
package/dist/core/SecretStore.d.ts.map +1 -1
package/dist/core/SecretStore.js +1 -0
package/dist/core/SecretStore.js.map +1 -1
package/dist/core/SharedStateLedger.d.ts.map +1 -1
package/dist/core/SharedStateLedger.js +1 -0
package/dist/core/SharedStateLedger.js.map +1 -1
package/dist/core/SoulManager.d.ts.map +1 -1
package/dist/core/SoulManager.js +2 -0
package/dist/core/SoulManager.js.map +1 -1
package/dist/core/StateManager.d.ts.map +1 -1
package/dist/core/StateManager.js +3 -0
package/dist/core/StateManager.js.map +1 -1
package/dist/core/SyncOrchestrator.d.ts.map +1 -1
package/dist/core/SyncOrchestrator.js +3 -0
package/dist/core/SyncOrchestrator.js.map +1 -1
package/dist/core/UpdateChecker.d.ts.map +1 -1
package/dist/core/UpdateChecker.js +2 -0
package/dist/core/UpdateChecker.js.map +1 -1
package/dist/core/UpgradeGuideProcessor.d.ts.map +1 -1
package/dist/core/UpgradeGuideProcessor.js +2 -0
package/dist/core/UpgradeGuideProcessor.js.map +1 -1
package/dist/core/WorktreeManager.d.ts.map +1 -1
package/dist/core/WorktreeManager.js +7 -0
package/dist/core/WorktreeManager.js.map +1 -1
package/dist/knowledge/KnowledgeManager.d.ts.map +1 -1
package/dist/knowledge/KnowledgeManager.js +1 -0
package/dist/knowledge/KnowledgeManager.js.map +1 -1
package/dist/lifeline/ServerSupervisor.d.ts.map +1 -1
package/dist/lifeline/ServerSupervisor.js +14 -0
package/dist/lifeline/ServerSupervisor.js.map +1 -1
package/dist/lifeline/TelegramLifeline.d.ts.map +1 -1
package/dist/lifeline/TelegramLifeline.js +1 -0
package/dist/lifeline/TelegramLifeline.js.map +1 -1
package/dist/lifeline/droppedMessages.d.ts.map +1 -1
package/dist/lifeline/droppedMessages.js +1 -0
package/dist/lifeline/droppedMessages.js.map +1 -1
package/dist/memory/EpisodicMemory.d.ts.map +1 -1
package/dist/memory/EpisodicMemory.js +1 -0
package/dist/memory/EpisodicMemory.js.map +1 -1
package/dist/memory/TopicMemory.d.ts.map +1 -1
package/dist/memory/TopicMemory.js +4 -0
package/dist/memory/TopicMemory.js.map +1 -1
package/dist/messaging/AgentTokenManager.d.ts.map +1 -1
package/dist/messaging/AgentTokenManager.js +1 -0
package/dist/messaging/AgentTokenManager.js.map +1 -1
package/dist/messaging/DropPickup.js +1 -0
package/dist/messaging/DropPickup.js.map +1 -1
package/dist/messaging/GitSyncTransport.d.ts.map +1 -1
package/dist/messaging/GitSyncTransport.js +3 -0
package/dist/messaging/GitSyncTransport.js.map +1 -1
package/dist/messaging/MessageStore.d.ts.map +1 -1
package/dist/messaging/MessageStore.js +2 -0
package/dist/messaging/MessageStore.js.map +1 -1
package/dist/messaging/TelegramAdapter.d.ts.map +1 -1
package/dist/messaging/TelegramAdapter.js +4 -0
package/dist/messaging/TelegramAdapter.js.map +1 -1
package/dist/messaging/backends/BaileysBackend.d.ts.map +1 -1
package/dist/messaging/backends/BaileysBackend.js +2 -0
package/dist/messaging/backends/BaileysBackend.js.map +1 -1
package/dist/messaging/shared/EncryptedAuthStore.d.ts.map +1 -1
package/dist/messaging/shared/EncryptedAuthStore.js +2 -0
package/dist/messaging/shared/EncryptedAuthStore.js.map +1 -1
package/dist/messaging/shared/MessageLogger.d.ts.map +1 -1
package/dist/messaging/shared/MessageLogger.js +1 -0
package/dist/messaging/shared/MessageLogger.js.map +1 -1
package/dist/messaging/shared/PrivacyConsent.d.ts.map +1 -1
package/dist/messaging/shared/PrivacyConsent.js +1 -0
package/dist/messaging/shared/PrivacyConsent.js.map +1 -1
package/dist/messaging/shared/SessionChannelRegistry.d.ts.map +1 -1
package/dist/messaging/shared/SessionChannelRegistry.js +1 -0
package/dist/messaging/shared/SessionChannelRegistry.js.map +1 -1
package/dist/moltbridge/ProfileCompiler.d.ts.map +1 -1
package/dist/moltbridge/ProfileCompiler.js +3 -0
package/dist/moltbridge/ProfileCompiler.js.map +1 -1
package/dist/monitoring/CommitmentTracker.d.ts.map +1 -1
package/dist/monitoring/CommitmentTracker.js +1 -0
package/dist/monitoring/CommitmentTracker.js.map +1 -1
package/dist/monitoring/CredentialProvider.d.ts.map +1 -1
package/dist/monitoring/CredentialProvider.js +1 -0
package/dist/monitoring/CredentialProvider.js.map +1 -1
package/dist/monitoring/HealthChecker.d.ts.map +1 -1
package/dist/monitoring/HealthChecker.js +1 -0
package/dist/monitoring/HealthChecker.js.map +1 -1
package/dist/monitoring/HookEventReceiver.d.ts.map +1 -1
package/dist/monitoring/HookEventReceiver.js +1 -0
package/dist/monitoring/HookEventReceiver.js.map +1 -1
package/dist/monitoring/InstructionsVerifier.d.ts.map +1 -1
package/dist/monitoring/InstructionsVerifier.js +1 -0
package/dist/monitoring/InstructionsVerifier.js.map +1 -1
package/dist/monitoring/PresenceProxy.d.ts.map +1 -1
package/dist/monitoring/PresenceProxy.js +4 -0
package/dist/monitoring/PresenceProxy.js.map +1 -1
package/dist/monitoring/QuotaTracker.d.ts.map +1 -1
package/dist/monitoring/QuotaTracker.js +1 -0
package/dist/monitoring/QuotaTracker.js.map +1 -1
package/dist/monitoring/SessionMigrator.d.ts.map +1 -1
package/dist/monitoring/SessionMigrator.js +1 -0
package/dist/monitoring/SessionMigrator.js.map +1 -1
package/dist/monitoring/SessionRecovery.d.ts.map +1 -1
package/dist/monitoring/SessionRecovery.js +1 -0
package/dist/monitoring/SessionRecovery.js.map +1 -1
package/dist/monitoring/TelemetryAuth.d.ts.map +1 -1
package/dist/monitoring/TelemetryAuth.js +2 -0
package/dist/monitoring/TelemetryAuth.js.map +1 -1
package/dist/monitoring/TriageOrchestrator.d.ts.map +1 -1
package/dist/monitoring/TriageOrchestrator.js +2 -0
package/dist/monitoring/TriageOrchestrator.js.map +1 -1
package/dist/monitoring/WorktreeReaper.d.ts.map +1 -1
package/dist/monitoring/WorktreeReaper.js +3 -0
package/dist/monitoring/WorktreeReaper.js.map +1 -1
package/dist/monitoring/probes/PlatformProbe.d.ts.map +1 -1
package/dist/monitoring/probes/PlatformProbe.js +2 -0
package/dist/monitoring/probes/PlatformProbe.js.map +1 -1
package/dist/paste/PasteManager.d.ts.map +1 -1
package/dist/paste/PasteManager.js +4 -0
package/dist/paste/PasteManager.js.map +1 -1
package/dist/publishing/PrivateViewer.d.ts.map +1 -1
package/dist/publishing/PrivateViewer.js +1 -0
package/dist/publishing/PrivateViewer.js.map +1 -1
package/dist/scheduler/JobScheduler.d.ts.map +1 -1
package/dist/scheduler/JobScheduler.js +1 -0
package/dist/scheduler/JobScheduler.js.map +1 -1
package/dist/server/routes.d.ts.map +1 -1
package/dist/server/routes.js +21 -9
package/dist/server/routes.js.map +1 -1
package/dist/threadline/AgentDiscovery.d.ts.map +1 -1
package/dist/threadline/AgentDiscovery.js +1 -0
package/dist/threadline/AgentDiscovery.js.map +1 -1
package/dist/threadline/AgentTrustManager.d.ts.map +1 -1
package/dist/threadline/AgentTrustManager.js +1 -0
package/dist/threadline/AgentTrustManager.js.map +1 -1
package/dist/threadline/CircuitBreaker.d.ts.map +1 -1
package/dist/threadline/CircuitBreaker.js +1 -0
package/dist/threadline/CircuitBreaker.js.map +1 -1
package/dist/threadline/ComputeMeter.d.ts.map +1 -1
package/dist/threadline/ComputeMeter.js +1 -0
package/dist/threadline/ComputeMeter.js.map +1 -1
package/dist/threadline/ContextThreadMap.d.ts.map +1 -1
package/dist/threadline/ContextThreadMap.js +1 -0
package/dist/threadline/ContextThreadMap.js.map +1 -1
package/dist/threadline/InvitationManager.d.ts.map +1 -1
package/dist/threadline/InvitationManager.js +1 -0
package/dist/threadline/InvitationManager.js.map +1 -1
package/dist/threadline/MCPAuth.d.ts.map +1 -1
package/dist/threadline/MCPAuth.js +1 -0
package/dist/threadline/MCPAuth.js.map +1 -1
package/dist/threadline/PipeSessionSpawner.d.ts.map +1 -1
package/dist/threadline/PipeSessionSpawner.js +2 -0
package/dist/threadline/PipeSessionSpawner.js.map +1 -1
package/dist/threadline/RateLimiter.d.ts.map +1 -1
package/dist/threadline/RateLimiter.js +1 -0
package/dist/threadline/RateLimiter.js.map +1 -1
package/dist/threadline/SessionLifecycle.d.ts.map +1 -1
package/dist/threadline/SessionLifecycle.js +1 -0
package/dist/threadline/SessionLifecycle.js.map +1 -1
package/dist/threadline/ThreadlineBootstrap.d.ts.map +1 -1
package/dist/threadline/ThreadlineBootstrap.js +1 -0
package/dist/threadline/ThreadlineBootstrap.js.map +1 -1
package/dist/threadline/WakeSocketServer.d.ts.map +1 -1
package/dist/threadline/WakeSocketServer.js +2 -0
package/dist/threadline/WakeSocketServer.js.map +1 -1
package/dist/threadline/listener-daemon.d.ts.map +1 -1
package/dist/threadline/listener-daemon.js +2 -0
package/dist/threadline/listener-daemon.js.map +1 -1
package/dist/users/UserManager.d.ts.map +1 -1
package/dist/users/UserManager.js +1 -0
package/dist/users/UserManager.js.map +1 -1
package/dist/users/UserOnboarding.d.ts.map +1 -1
package/dist/users/UserOnboarding.js +1 -0
package/dist/users/UserOnboarding.js.map +1 -1
package/dist/utils/jsonl-rotation.d.ts.map +1 -1
package/dist/utils/jsonl-rotation.js +1 -0
package/dist/utils/jsonl-rotation.js.map +1 -1
package/package.json +4 -2
package/scripts/add-migration-marker.js +121 -0
package/scripts/analyze-release.js +6 -0
package/scripts/check-contract-evidence.js +2 -0
package/scripts/destructive-command-shim.js +1 -0
package/scripts/fix-better-sqlite3.cjs +2 -0
package/scripts/generate-builtin-manifest.cjs +1 -0
package/scripts/instar-dev-precommit.js +2 -0
package/scripts/lint-no-direct-destructive.js +597 -0
package/scripts/migrate-incident-2026-04-17.mjs +1 -0
package/scripts/pre-push-gate.js +24 -0
package/scripts/test-bootstrap-relay.mjs +1 -0
package/scripts/worktree-commit-msg-hook.js +4 -0
package/scripts/worktree-precommit-gate.js +1 -0
package/src/data/builtin-manifest.json +98 -98
package/src/templates/scripts/git-sync-gate.sh +4 -0
package/upgrades/0.28.76.md +67 -0
package/upgrades/side-effects/comprehensive-destructive-tool-containment-foundation.md +74 -0
package/upgrades/side-effects/telegram-lifeline-version-missing-info.md +76 -0

package/dist/core/SafeGitExecutor.js ADDED Viewed

@@ -0,0 +1,631 @@
+// safe-git-allow: this file is the single funnel point for destructive git invocations.
+/**
+ * SafeGitExecutor — the single funnel for destructive git invocations.
+ *
+ * Background: PR #96 (DESTRUCTIVE-TOOL-TARGET-GUARDS-SPEC) added
+ * `assertNotInstarSourceTree` to the constructors of `GitSyncManager`,
+ * `BranchManager`, and `HandoffManager`. Five days later, Incident B recurred
+ * because test fixtures invoked `execFileSync('git', ['add', '-A'], { cwd })`
+ * directly — bypassing the manager constructors entirely.
+ *
+ * This module is the funnel layer described in
+ * `docs/specs/COMPREHENSIVE-DESTRUCTIVE-TOOL-CONTAINMENT-SPEC.md`. Every
+ * destructive git invocation in the codebase routes through one of three
+ * methods on this class, each of which calls `assertNotInstarSourceTree`
+ * BEFORE spawning git. Read-only verbs may go through `readSync`, which
+ * also runs the assertion (defense-in-depth against repo-local aliases).
+ *
+ * Constraints enforced:
+ *   - Every directory the subprocess could mutate is canonicalized via
+ *     `realpathSync` and passed through `assertNotInstarSourceTree`. This
+ *     covers `opts.cwd`, the `-C <dir>` target, and the path values in
+ *     `--git-dir=<path>`, `--work-tree=<path>`. Any one being the instar
+ *     source causes the call to throw before subprocess spawn.
+ *   - Caller-supplied env has the git-redirection denylist stripped:
+ *     GIT_DIR, GIT_WORK_TREE, GIT_INDEX_FILE, GIT_OBJECT_DIRECTORY,
+ *     GIT_COMMON_DIR, GIT_NAMESPACE, GIT_CONFIG*, GIT_CEILING_DIRECTORIES,
+ *     GIT_DISCOVERY_ACROSS_FILESYSTEM.
+ *   - GIT_CONFIG_GLOBAL=/dev/null + GIT_CONFIG_SYSTEM=/dev/null +
+ *     GIT_CONFIG_NOSYSTEM=1 are injected unconditionally. This disables
+ *     user-level and system-level git config (including aliases that could
+ *     rebind a "read-only" verb to a destructive command).
+ *   - A JSON line is appended to .instar/audit/destructive-ops.jsonl per
+ *     call (fail-soft on log write failure).
+ */
+import { execFileSync, spawn as nodeSpawn, } from 'node:child_process';
+import fs from 'node:fs';
+import path from 'node:path';
+import { fileURLToPath } from 'node:url';
+import { assertNotInstarSourceTree, SourceTreeGuardError, } from './SourceTreeGuard.js';
+// ── Verb classification ─────────────────────────────────────────────
+/**
+ * Verbs treated as destructive. Closed enumeration; additions are spec changes.
+ */
+export const DESTRUCTIVE_GIT_VERBS = new Set([
+    'add',
+    'am',
+    'apply',
+    'branch', // shape-checked: bare `branch <name>` is destructive
+    'checkout',
+    'cherry-pick',
+    'clean',
+    'clone',
+    'commit',
+    'fetch',
+    'gc',
+    'init',
+    'merge',
+    'mv',
+    'pull',
+    'push',
+    'rebase',
+    'reset',
+    'restore',
+    'revert',
+    'rm',
+    'stash',
+    'submodule',
+    'switch',
+    'tag',
+    'update-ref',
+    'worktree', // shape-checked: `worktree list` is read-only
+    'prune',
+    'notes',
+    'replace',
+    'filter-branch',
+    'remote', // shape-checked: `remote get-url` is read-only
+    'config', // shape-checked: `config --get` is read-only
+    'format-patch', // shape-checked: --inline is destructive
+]);
+/**
+ * Read-only verbs explicitly safe to call. Closed enumeration.
+ */
+export const READONLY_GIT_VERBS = new Set([
+    'status',
+    'log',
+    'diff',
+    'show',
+    'rev-parse',
+    'rev-list',
+    'ls-files',
+    'ls-tree',
+    'ls-remote',
+    'describe',
+    'name-rev',
+    'blame',
+    'cat-file',
+    'grep',
+    'shortlog',
+    'count-objects',
+    'fsck',
+    'var',
+    'version',
+    '--version',
+    'help',
+    'write-tree',
+    'interpret-trailers',
+    'check-ref-format',
+    'symbolic-ref',
+    'for-each-ref',
+    'merge-base',
+    'reflog', // read-only by default; reflog expire/delete is destructive (caller must use execSync)
+    'hash-object',
+    'config', // overlap with destructive set; readSync shape-check enforces --get only
+    'remote', // overlap; readSync shape-check enforces list/get-url only
+    'branch', // overlap; readSync shape-check enforces --list / -l / --show-current / -v
+    'worktree', // overlap; readSync shape-check enforces list only
+    'format-patch', // overlap; readSync shape-check rejects --inline
+    'stash', // shape-check: `stash list` / `stash show` allowed
+]);
+// ── Env denylist ────────────────────────────────────────────────────
+const GIT_ENV_DENYLIST = new Set([
+    'GIT_DIR',
+    'GIT_WORK_TREE',
+    'GIT_INDEX_FILE',
+    'GIT_OBJECT_DIRECTORY',
+    'GIT_COMMON_DIR',
+    'GIT_NAMESPACE',
+    'GIT_CONFIG',
+    'GIT_CONFIG_GLOBAL',
+    'GIT_CONFIG_SYSTEM',
+    'GIT_CONFIG_NOSYSTEM',
+    'GIT_CONFIG_PARAMETERS',
+    'GIT_CONFIG_COUNT',
+    'GIT_CEILING_DIRECTORIES',
+    'GIT_DISCOVERY_ACROSS_FILESYSTEM',
+]);
+function sanitizeEnv(callerEnv) {
+    // Start from a copy of process.env, then strip the denylist, then strip
+    // anything the caller supplied that's on the denylist or that matches
+    // GIT_CONFIG_KEY_* / GIT_CONFIG_VALUE_*.
+    const merged = { ...process.env, ...(callerEnv || {}) };
+    for (const k of Object.keys(merged)) {
+        if (GIT_ENV_DENYLIST.has(k)) {
+            delete merged[k];
+            continue;
+        }
+        if (/^GIT_CONFIG_(KEY|VALUE)_\d+$/.test(k)) {
+            delete merged[k];
+        }
+    }
+    // Inject unconditional config disables.
+    merged.GIT_CONFIG_GLOBAL = '/dev/null';
+    merged.GIT_CONFIG_SYSTEM = '/dev/null';
+    merged.GIT_CONFIG_NOSYSTEM = '1';
+    return merged;
+}
+// ── Pre-verb global flags (a closed set) ────────────────────────────
+const PRE_VERB_FLAGS_TAKING_VALUE = new Set([
+    '-C',
+    '-c',
+    '--git-dir',
+    '--work-tree',
+    '--namespace',
+]);
+const PRE_VERB_FLAGS_NO_VALUE = new Set([
+    '--bare',
+    '--no-pager',
+    '-P',
+    '--no-replace-objects',
+    '--literal-pathspecs',
+    '--glob-pathspecs',
+    '--noglob-pathspecs',
+    '--icase-pathspecs',
+    '--exec-path', // when used without `=` it's actually informational; allow
+    '-p',
+    '--paginate',
+    '--no-optional-locks',
+]);
+/**
+ * Walk the args array skipping leading pre-verb global flags. Return:
+ *   { verb, targets: [opts.cwd, -C target, --git-dir target, --work-tree target] }
+ *
+ * Targets are canonicalized via `realpathSync`. If realpath fails on an
+ * existing path the raw value is passed through; the assertion handles
+ * uncanonicalizable inputs in fail-closed fashion.
+ */
+function extractVerbAndTargets(args, cwd) {
+    const targets = [canonicalize(cwd)];
+    let i = 0;
+    while (i < args.length) {
+        const a = args[i];
+        if (a === undefined)
+            break;
+        if (a === '-C') {
+            const next = args[i + 1];
+            if (next === undefined) {
+                throw new Error(`SafeGitExecutor: \`-C\` flag missing value: ${args.join(' ')}`);
+            }
+            targets.push(canonicalize(next));
+            i += 2;
+            continue;
+        }
+        if (a === '-c') {
+            // -c key=value — skip pair, no target.
+            const next = args[i + 1];
+            if (next === undefined) {
+                throw new Error(`SafeGitExecutor: \`-c\` flag missing value: ${args.join(' ')}`);
+            }
+            i += 2;
+            continue;
+        }
+        if (a.startsWith('--git-dir=')) {
+            const value = a.slice('--git-dir='.length);
+            targets.push(canonicalize(value));
+            i += 1;
+            continue;
+        }
+        if (a === '--git-dir') {
+            const next = args[i + 1];
+            if (next === undefined) {
+                throw new Error(`SafeGitExecutor: \`--git-dir\` flag missing value: ${args.join(' ')}`);
+            }
+            targets.push(canonicalize(next));
+            i += 2;
+            continue;
+        }
+        if (a.startsWith('--work-tree=')) {
+            const value = a.slice('--work-tree='.length);
+            targets.push(canonicalize(value));
+            i += 1;
+            continue;
+        }
+        if (a === '--work-tree') {
+            const next = args[i + 1];
+            if (next === undefined) {
+                throw new Error(`SafeGitExecutor: \`--work-tree\` flag missing value: ${args.join(' ')}`);
+            }
+            targets.push(canonicalize(next));
+            i += 2;
+            continue;
+        }
+        if (a.startsWith('--namespace=')) {
+            i += 1;
+            continue;
+        }
+        if (a === '--namespace') {
+            const next = args[i + 1];
+            if (next === undefined) {
+                throw new Error(`SafeGitExecutor: \`--namespace\` flag missing value: ${args.join(' ')}`);
+            }
+            i += 2;
+            continue;
+        }
+        if (PRE_VERB_FLAGS_NO_VALUE.has(a)) {
+            i += 1;
+            continue;
+        }
+        // Not a recognized pre-verb flag — must be the verb.
+        if (a.startsWith('-')) {
+            // Unrecognized leading flag — fail loud (mirrors git's own conservative behavior).
+            throw new Error(`SafeGitExecutor: unrecognized pre-verb flag '${a}' in args ${JSON.stringify(args)}; ` +
+                `add it to PRE_VERB_FLAGS_NO_VALUE or PRE_VERB_FLAGS_TAKING_VALUE if it is a legitimate git global option.`);
+        }
+        return { verb: a, targets: dedupeTargets(targets) };
+    }
+    throw new Error(`SafeGitExecutor: no verb found in args ${JSON.stringify(args)}`);
+}
+function canonicalize(p) {
+    try {
+        return fs.realpathSync(path.resolve(p));
+    }
+    catch {
+        // realpath failed (path doesn't exist, EACCES, etc.) — return resolved
+        // absolute. The assertion handles non-existent inputs via its
+        // nearest-existing-ancestor walk.
+        try {
+            return path.resolve(p);
+        }
+        catch {
+            return p;
+        }
+    }
+}
+function dedupeTargets(targets) {
+    const seen = new Set();
+    const out = [];
+    for (const t of targets) {
+        if (!seen.has(t)) {
+            seen.add(t);
+            out.push(t);
+        }
+    }
+    return out;
+}
+// ── Shape checks for ambiguous verbs ────────────────────────────────
+/**
+ * Returns true if the args under a `branch` verb describe a read-only
+ * invocation (`branch --list`, `branch -l`, `branch --show-current`,
+ * `branch -v` (no name), bare `branch` (list mode)). Returns false for
+ * destructive shapes (`branch <name>`, `branch -d`, `branch -D`,
+ * `branch -m`, `branch -M`, `branch --set-upstream-to=`, etc.).
+ */
+function isReadOnlyBranchInvocation(verbArgs) {
+    // verbArgs is the slice AFTER the `branch` verb. If empty, that's `git branch` (list).
+    if (verbArgs.length === 0)
+        return true;
+    const destructiveFlags = new Set([
+        '-d',
+        '-D',
+        '--delete',
+        '-m',
+        '-M',
+        '--move',
+        '-c',
+        '-C',
+        '--copy',
+        '--unset-upstream',
+        '--edit-description',
+        '--track',
+        '--no-track',
+    ]);
+    for (const a of verbArgs) {
+        if (destructiveFlags.has(a))
+            return false;
+        if (a.startsWith('--set-upstream'))
+            return false;
+        if (!a.startsWith('-')) {
+            // Bare positional arg = branch name = create branch (destructive).
+            return false;
+        }
+    }
+    return true;
+}
+function isReadOnlyRemoteInvocation(verbArgs) {
+    if (verbArgs.length === 0)
+        return true; // `git remote` — list mode
+    const sub = verbArgs[0];
+    if (sub === '-v' || sub === '--verbose')
+        return true;
+    if (sub === 'show' || sub === 'get-url')
+        return true;
+    return false;
+}
+function isReadOnlyWorktreeInvocation(verbArgs) {
+    if (verbArgs.length === 0)
+        return false;
+    return verbArgs[0] === 'list';
+}
+function isReadOnlyConfigInvocation(verbArgs) {
+    // Read-only config: --get, --get-all, --get-regexp, --list, -l, --get-color,
+    // --get-colorbool. Destructive: bare set, --add, --unset, --replace-all,
+    // --rename-section, --remove-section.
+    for (const a of verbArgs) {
+        if (a === '--get' || a === '--get-all' || a === '--get-regexp')
+            return true;
+        if (a === '--list' || a === '-l')
+            return true;
+        if (a === '--get-color' || a === '--get-colorbool')
+            return true;
+        if (a === '--get-urlmatch')
+            return true;
+    }
+    return false;
+}
+function isReadOnlyFormatPatchInvocation(verbArgs) {
+    // format-patch is read-only by default. --inline rewrites in-tree files
+    // and is destructive; it forces the caller to use execSync.
+    for (const a of verbArgs) {
+        if (a === '--inline')
+            return false;
+    }
+    return true;
+}
+function isReadOnlyStashInvocation(verbArgs) {
+    if (verbArgs.length === 0)
+        return false;
+    const sub = verbArgs[0];
+    return sub === 'list' || sub === 'show';
+}
+function isReadOnlyReflogInvocation(verbArgs) {
+    if (verbArgs.length === 0)
+        return true;
+    const sub = verbArgs[0];
+    // Default subcommand is `show` (read-only). `expire`, `delete` mutate refs.
+    return sub === 'show' || sub === 'exists';
+}
+/**
+ * Ambiguous-verb shape check. Returns true if (verb, verbArgs) describes
+ * a read-only invocation. Returns false for unambiguously-destructive
+ * shapes. Returns null if the verb isn't ambiguous (caller uses verb-set
+ * membership).
+ */
+function isReadOnlyShape(verb, verbArgs) {
+    switch (verb) {
+        case 'branch':
+            return isReadOnlyBranchInvocation(verbArgs);
+        case 'remote':
+            return isReadOnlyRemoteInvocation(verbArgs);
+        case 'worktree':
+            return isReadOnlyWorktreeInvocation(verbArgs);
+        case 'config':
+            return isReadOnlyConfigInvocation(verbArgs);
+        case 'format-patch':
+            return isReadOnlyFormatPatchInvocation(verbArgs);
+        case 'stash':
+            return isReadOnlyStashInvocation(verbArgs);
+        case 'reflog':
+            return isReadOnlyReflogInvocation(verbArgs);
+        default:
+            return null;
+    }
+}
+/** Return the verbArgs (slice after the verb), accounting for pre-verb flags. */
+function sliceAfterVerb(args, verb) {
+    const idx = args.indexOf(verb);
+    if (idx < 0)
+        return [];
+    return args.slice(idx + 1);
+}
+/**
+ * Where to write audit lines. Override via env for tests.
+ *   INSTAR_AUDIT_LOG_DIR — directory for the JSONL file.
+ *   INSTAR_AUDIT_LOG_DISABLED=1 — skip audit logging entirely.
+ */
+function auditLogPath() {
+    if (process.env.INSTAR_AUDIT_LOG_DISABLED === '1')
+        return null;
+    const overrideDir = process.env.INSTAR_AUDIT_LOG_DIR;
+    if (overrideDir) {
+        return path.join(overrideDir, 'destructive-ops.jsonl');
+    }
+    // Default: <cwd>/.instar/audit/destructive-ops.jsonl
+    return path.join(process.cwd(), '.instar', 'audit', 'destructive-ops.jsonl');
+}
+export function appendAuditEntry(entry) {
+    const file = auditLogPath();
+    if (!file)
+        return;
+    try {
+        fs.mkdirSync(path.dirname(file), { recursive: true });
+        fs.appendFileSync(file, JSON.stringify(entry) + '\n');
+    }
+    catch (err) {
+        // Fail-soft: writing audit must never block the operation.
+        try {
+            process.stderr.write(`[SafeGitExecutor] audit log write failed: ${err.message}\n`);
+        }
+        catch {
+            // ignore
+        }
+    }
+}
+function captureCallerFrame() {
+    const e = new Error();
+    const stack = (e.stack || '').split('\n');
+    // Skip 0 (Error), 1 (this fn), 2 (caller in this file), pick 3.
+    const frame = stack[3] || stack[2] || '';
+    return frame.trim();
+}
+// ── Errors ─────────────────────────────────────────────────────────
+export class SafeGitExecutorError extends Error {
+    code = 'INSTAR_SAFE_GIT_EXECUTOR';
+    constructor(message) {
+        super(message);
+        this.name = 'SafeGitExecutorError';
+    }
+}
+// ── The funnel ──────────────────────────────────────────────────────
+export class SafeGitExecutor {
+    /**
+     * Synchronous destructive git execution.
+     *
+     * 1. Extract the verb and ALL target directories from args + opts.cwd.
+     * 2. Canonicalize each target and call assertNotInstarSourceTree on each.
+     * 3. Verify the verb is in DESTRUCTIVE_GIT_VERBS (or is an ambiguous verb
+     *    in destructive shape). Read-only verbs throw — callers must use readSync.
+     * 4. Strip env denylist; inject GIT_CONFIG_GLOBAL/SYSTEM=/dev/null.
+     * 5. Spawn git via execFileSync; return stdout.
+     *
+     * Throws SourceTreeGuardError if any target is the instar source tree.
+     * Throws SafeGitExecutorError on classification mismatch or arg errors.
+     */
+    static execSync(args, opts) {
+        const { verb, targets } = extractVerbAndTargets(args, opts.cwd);
+        // Run source-tree assertion against every target.
+        runSourceTreeChecks(targets, opts.operation, 'git', verb);
+        // Verb classification.
+        const verbArgs = sliceAfterVerb(args, verb);
+        const ambiguousReadOnly = isReadOnlyShape(verb, verbArgs);
+        if (ambiguousReadOnly === true) {
+            // The verb is ambiguous and the shape is read-only — caller used the
+            // wrong method. Fail loud rather than silently allow.
+            audit('git', opts.operation, verb, targets[0], 'denied', 'read-only-shape-via-execSync');
+            throw new SafeGitExecutorError(`SafeGitExecutor.execSync called with read-only shape '${verb} ${verbArgs.join(' ')}' — use SafeGitExecutor.readSync instead.`);
+        }
+        if (ambiguousReadOnly === null && !DESTRUCTIVE_GIT_VERBS.has(verb)) {
+            // Pure read-only verb routed through execSync.
+            audit('git', opts.operation, verb, targets[0], 'denied', 'readonly-verb-via-execSync');
+            throw new SafeGitExecutorError(`SafeGitExecutor.execSync called with read-only verb '${verb}' — use SafeGitExecutor.readSync instead.`);
+        }
+        const env = sanitizeEnv(opts.env);
+        let stdout;
+        try {
+            stdout = execFileSync('git', args, {
+                cwd: opts.cwd,
+                stdio: opts.stdio ?? 'pipe',
+                encoding: opts.encoding ?? 'utf-8',
+                timeout: opts.timeout ?? 30000,
+                env,
+                input: opts.input,
+                maxBuffer: opts.maxBuffer ?? 10 * 1024 * 1024,
+            });
+        }
+        catch (err) {
+            audit('git', opts.operation, verb, targets[0], 'denied', `subprocess-error: ${err.message}`);
+            throw err;
+        }
+        audit('git', opts.operation, verb, targets[0], 'allowed');
+        return stdout || '';
+    }
+    /**
+     * Async/streaming variant. Same guard semantics as execSync.
+     */
+    static spawn(args, opts) {
+        const { verb, targets } = extractVerbAndTargets(args, opts.cwd);
+        runSourceTreeChecks(targets, opts.operation, 'git', verb);
+        const verbArgs = sliceAfterVerb(args, verb);
+        const ambiguousReadOnly = isReadOnlyShape(verb, verbArgs);
+        if (ambiguousReadOnly === true) {
+            audit('git', opts.operation, verb, targets[0], 'denied', 'read-only-shape-via-spawn');
+            throw new SafeGitExecutorError(`SafeGitExecutor.spawn called with read-only shape '${verb}' — use SafeGitExecutor.readSync instead.`);
+        }
+        if (ambiguousReadOnly === null && !DESTRUCTIVE_GIT_VERBS.has(verb)) {
+            audit('git', opts.operation, verb, targets[0], 'denied', 'readonly-verb-via-spawn');
+            throw new SafeGitExecutorError(`SafeGitExecutor.spawn called with read-only verb '${verb}' — use SafeGitExecutor.readSync instead.`);
+        }
+        const env = sanitizeEnv(opts.env);
+        const spawnOpts = {
+            cwd: opts.cwd,
+            stdio: opts.stdio ?? 'pipe',
+            env,
+        };
+        audit('git', opts.operation, verb, targets[0], 'allowed');
+        return nodeSpawn('git', args, spawnOpts);
+    }
+    /**
+     * Read-only escape valve. Runs `git <args>` after verifying:
+     *   - Verb is in READONLY_GIT_VERBS (or is an ambiguous verb in read-only shape).
+     *   - assertNotInstarSourceTree passes against every target (defense-in-depth
+     *     against repo-local aliases that could rebind a "read-only" verb).
+     */
+    static readSync(args, opts) {
+        const { verb, targets } = extractVerbAndTargets(args, opts.cwd);
+        // Verb classification first, BEFORE source-tree check, so callers
+        // misusing this method get a clear "use execSync" error rather than
+        // a guard error first.
+        const verbArgs = sliceAfterVerb(args, verb);
+        const ambiguousReadOnly = isReadOnlyShape(verb, verbArgs);
+        if (ambiguousReadOnly === false) {
+            audit('git', opts.operation, verb, targets[0], 'denied', 'destructive-shape-via-readSync');
+            throw new SafeGitExecutorError(`SafeGitExecutor.readSync called with destructive shape '${verb} ${verbArgs.join(' ')}' — use SafeGitExecutor.execSync instead.`);
+        }
+        if (ambiguousReadOnly === null && !READONLY_GIT_VERBS.has(verb)) {
+            audit('git', opts.operation, verb, targets[0], 'denied', 'destructive-verb-via-readSync');
+            throw new SafeGitExecutorError(`SafeGitExecutor.readSync called with destructive verb '${verb}' — use SafeGitExecutor.execSync instead.`);
+        }
+        // Defense-in-depth: source-tree check on the read path too.
+        runSourceTreeChecks(targets, opts.operation, 'git', verb);
+        const env = sanitizeEnv(opts.env);
+        let stdout;
+        try {
+            stdout = execFileSync('git', args, {
+                cwd: opts.cwd,
+                stdio: opts.stdio ?? 'pipe',
+                encoding: opts.encoding ?? 'utf-8',
+                timeout: opts.timeout ?? 30000,
+                env,
+                input: opts.input,
+                maxBuffer: opts.maxBuffer ?? 10 * 1024 * 1024,
+            });
+        }
+        catch (err) {
+            audit('git', opts.operation, verb, targets[0], 'denied', `subprocess-error: ${err.message}`);
+            throw err;
+        }
+        audit('git', opts.operation, verb, targets[0], 'allowed');
+        return stdout || '';
+    }
+}
+function runSourceTreeChecks(targets, operation, executor, verb) {
+    for (const t of targets) {
+        try {
+            assertNotInstarSourceTree(t, operation);
+        }
+        catch (err) {
+            if (err instanceof SourceTreeGuardError) {
+                audit(executor, operation, verb, t, 'denied', err.message);
+            }
+            throw err;
+        }
+    }
+}
+function audit(executor, operation, verb, target, outcome, reason) {
+    const entry = {
+        timestamp: new Date().toISOString(),
+        executor,
+        operation,
+        target,
+        outcome,
+        caller: captureCallerFrame(),
+    };
+    if (verb !== undefined)
+        entry.verb = verb;
+    if (reason !== undefined)
+        entry.reason = reason;
+    appendAuditEntry(entry);
+}
+// ── Internal helpers exported for tests only ────────────────────────
+/** @internal — exposed for SafeGitExecutor.test.ts */
+export const _internal = {
+    extractVerbAndTargets,
+    isReadOnlyShape,
+    sanitizeEnv,
+    GIT_ENV_DENYLIST,
+};
+// Suppress unused-export warnings for the convenience re-exports. The
+// test suite imports these symbols.
+export { SourceTreeGuardError };
+// fileURLToPath import kept available for future use; no current consumers.
+void fileURLToPath;
+//# sourceMappingURL=SafeGitExecutor.js.map

package/dist/core/SafeGitExecutor.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"SafeGitExecutor.js","sourceRoot":"","sources":["../../src/core/SafeGitExecutor.ts"],"names":[],"mappings":"AAAA,wFAAwF;AACxF;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAgCG;AAEH,OAAO,EACL,YAAY,EACZ,KAAK,IAAI,SAAS,GAGnB,MAAM,oBAAoB,CAAC;AAC5B,OAAO,EAAE,MAAM,SAAS,CAAC;AACzB,OAAO,IAAI,MAAM,WAAW,CAAC;AAC7B,OAAO,EAAE,aAAa,EAAE,MAAM,UAAU,CAAC;AACzC,OAAO,EACL,yBAAyB,EACzB,oBAAoB,GACrB,MAAM,sBAAsB,CAAC;AAE9B,uEAAuE;AAEvE;;GAEG;AACH,MAAM,CAAC,MAAM,qBAAqB,GAAwB,IAAI,GAAG,CAAC;IAChE,KAAK;IACL,IAAI;IACJ,OAAO;IACP,QAAQ,EAAE,qDAAqD;IAC/D,UAAU;IACV,aAAa;IACb,OAAO;IACP,OAAO;IACP,QAAQ;IACR,OAAO;IACP,IAAI;IACJ,MAAM;IACN,OAAO;IACP,IAAI;IACJ,MAAM;IACN,MAAM;IACN,QAAQ;IACR,OAAO;IACP,SAAS;IACT,QAAQ;IACR,IAAI;IACJ,OAAO;IACP,WAAW;IACX,QAAQ;IACR,KAAK;IACL,YAAY;IACZ,UAAU,EAAE,8CAA8C;IAC1D,OAAO;IACP,OAAO;IACP,SAAS;IACT,eAAe;IACf,QAAQ,EAAE,+CAA+C;IACzD,QAAQ,EAAE,6CAA6C;IACvD,cAAc,EAAE,yCAAyC;CAC1D,CAAC,CAAC;AAEH;;GAEG;AACH,MAAM,CAAC,MAAM,kBAAkB,GAAwB,IAAI,GAAG,CAAC;IAC7D,QAAQ;IACR,KAAK;IACL,MAAM;IACN,MAAM;IACN,WAAW;IACX,UAAU;IACV,UAAU;IACV,SAAS;IACT,WAAW;IACX,UAAU;IACV,UAAU;IACV,OAAO;IACP,UAAU;IACV,MAAM;IACN,UAAU;IACV,eAAe;IACf,MAAM;IACN,KAAK;IACL,SAAS;IACT,WAAW;IACX,MAAM;IACN,YAAY;IACZ,oBAAoB;IACpB,kBAAkB;IAClB,cAAc;IACd,cAAc;IACd,YAAY;IACZ,QAAQ,EAAE,uFAAuF;IACjG,aAAa;IACb,QAAQ,EAAE,yEAAyE;IACnF,QAAQ,EAAE,2DAA2D;IACrE,QAAQ,EAAE,2EAA2E;IACrF,UAAU,EAAE,mDAAmD;IAC/D,cAAc,EAAE,iDAAiD;IACjE,OAAO,EAAE,mDAAmD;CAC7D,CAAC,CAAC;AAEH,uEAAuE;AAEvE,MAAM,gBAAgB,GAAwB,IAAI,GAAG,CAAC;IACpD,SAAS;IACT,eAAe;IACf,gBAAgB;IAChB,sBAAsB;IACtB,gBAAgB;IAChB,eAAe;IACf,YAAY;IACZ,mBAAmB;IACnB,mBAAmB;IACnB,qBAAqB;IACrB,uBAAuB;IACvB,kBAAkB;IAClB,yBAAyB;IACzB,iCAAiC;CAClC,CAAC,CAAC;AAEH,SAAS,WAAW,CAAC,SAA6B;IAChD,wEAAwE;IACxE,sEAAsE;IACtE,yCAAyC;IACzC,MAAM,MAAM,GAAsB,EAAE,GAAG,OAAO,CAAC,GAAG,EAAE,GAAG,CAAC,SAAS,IAAI,EAAE,CAAC,EAAE,CAAC;IAC3E,KAAK,MAAM,CAAC,IAAI,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC;QACpC,IAAI,gBAAgB,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC;YAC5B,OAAO,MAAM,CAAC,CAAC,CAAC,CAAC;YACjB,SAAS;QACX,CAAC;QACD,IAAI,8BAA8B,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC;YAC3C,OAAO,MAAM,CAAC,CAAC,CAAC,CAAC;QACnB,CAAC;IACH,CAAC;IACD,wCAAwC;IACxC,MAAM,CAAC,iBAAiB,GAAG,WAAW,CAAC;IACvC,MAAM,CAAC,iBAAiB,GAAG,WAAW,CAAC;IACvC,MAAM,CAAC,mBAAmB,GAAG,GAAG,CAAC;IACjC,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,uEAAuE;AAEvE,MAAM,2BAA2B,GAAwB,IAAI,GAAG,CAAC;IAC/D,IAAI;IACJ,IAAI;IACJ,WAAW;IACX,aAAa;IACb,aAAa;CACd,CAAC,CAAC;AAEH,MAAM,uBAAuB,GAAwB,IAAI,GAAG,CAAC;IAC3D,QAAQ;IACR,YAAY;IACZ,IAAI;IACJ,sBAAsB;IACtB,qBAAqB;IACrB,kBAAkB;IAClB,oBAAoB;IACpB,mBAAmB;IACnB,aAAa,EAAE,2DAA2D;IAC1E,IAAI;IACJ,YAAY;IACZ,qBAAqB;CACtB,CAAC,CAAC;AAaH;;;;;;;GAOG;AACH,SAAS,qBAAqB,CAC5B,IAAuB,EACvB,GAAW;IAEX,MAAM,OAAO,GAAa,CAAC,YAAY,CAAC,GAAG,CAAC,CAAC,CAAC;IAC9C,IAAI,CAAC,GAAG,CAAC,CAAC;IACV,OAAO,CAAC,GAAG,IAAI,CAAC,MAAM,EAAE,CAAC;QACvB,MAAM,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,IAAI,CAAC,KAAK,SAAS;YAAE,MAAM;QAE3B,IAAI,CAAC,KAAK,IAAI,EAAE,CAAC;YACf,MAAM,IAAI,GAAG,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;YACzB,IAAI,IAAI,KAAK,SAAS,EAAE,CAAC;gBACvB,MAAM,IAAI,KAAK,CAAC,+CAA+C,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;YACnF,CAAC;YACD,OAAO,CAAC,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,CAAC,CAAC;YACjC,CAAC,IAAI,CAAC,CAAC;YACP,SAAS;QACX,CAAC;QACD,IAAI,CAAC,KAAK,IAAI,EAAE,CAAC;YACf,uCAAuC;YACvC,MAAM,IAAI,GAAG,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;YACzB,IAAI,IAAI,KAAK,SAAS,EAAE,CAAC;gBACvB,MAAM,IAAI,KAAK,CAAC,+CAA+C,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;YACnF,CAAC;YACD,CAAC,IAAI,CAAC,CAAC;YACP,SAAS;QACX,CAAC;QACD,IAAI,CAAC,CAAC,UAAU,CAAC,YAAY,CAAC,EAAE,CAAC;YAC/B,MAAM,KAAK,GAAG,CAAC,CAAC,KAAK,CAAC,YAAY,CAAC,MAAM,CAAC,CAAC;YAC3C,OAAO,CAAC,IAAI,CAAC,YAAY,CAAC,KAAK,CAAC,CAAC,CAAC;YAClC,CAAC,IAAI,CAAC,CAAC;YACP,SAAS;QACX,CAAC;QACD,IAAI,CAAC,KAAK,WAAW,EAAE,CAAC;YACtB,MAAM,IAAI,GAAG,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;YACzB,IAAI,IAAI,KAAK,SAAS,EAAE,CAAC;gBACvB,MAAM,IAAI,KAAK,CAAC,sDAAsD,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;YAC1F,CAAC;YACD,OAAO,CAAC,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,CAAC,CAAC;YACjC,CAAC,IAAI,CAAC,CAAC;YACP,SAAS;QACX,CAAC;QACD,IAAI,CAAC,CAAC,UAAU,CAAC,cAAc,CAAC,EAAE,CAAC;YACjC,MAAM,KAAK,GAAG,CAAC,CAAC,KAAK,CAAC,cAAc,CAAC,MAAM,CAAC,CAAC;YAC7C,OAAO,CAAC,IAAI,CAAC,YAAY,CAAC,KAAK,CAAC,CAAC,CAAC;YAClC,CAAC,IAAI,CAAC,CAAC;YACP,SAAS;QACX,CAAC;QACD,IAAI,CAAC,KAAK,aAAa,EAAE,CAAC;YACxB,MAAM,IAAI,GAAG,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;YACzB,IAAI,IAAI,KAAK,SAAS,EAAE,CAAC;gBACvB,MAAM,IAAI,KAAK,CAAC,wDAAwD,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;YAC5F,CAAC;YACD,OAAO,CAAC,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,CAAC,CAAC;YACjC,CAAC,IAAI,CAAC,CAAC;YACP,SAAS;QACX,CAAC;QACD,IAAI,CAAC,CAAC,UAAU,CAAC,cAAc,CAAC,EAAE,CAAC;YACjC,CAAC,IAAI,CAAC,CAAC;YACP,SAAS;QACX,CAAC;QACD,IAAI,CAAC,KAAK,aAAa,EAAE,CAAC;YACxB,MAAM,IAAI,GAAG,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;YACzB,IAAI,IAAI,KAAK,SAAS,EAAE,CAAC;gBACvB,MAAM,IAAI,KAAK,CAAC,wDAAwD,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;YAC5F,CAAC;YACD,CAAC,IAAI,CAAC,CAAC;YACP,SAAS;QACX,CAAC;QACD,IAAI,uBAAuB,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC;YACnC,CAAC,IAAI,CAAC,CAAC;YACP,SAAS;QACX,CAAC;QACD,qDAAqD;QACrD,IAAI,CAAC,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;YACtB,mFAAmF;YACnF,MAAM,IAAI,KAAK,CACb,gDAAgD,CAAC,aAAa,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,IAAI;gBACpF,2GAA2G,CAC9G,CAAC;QACJ,CAAC;QACD,OAAO,EAAE,IAAI,EAAE,CAAC,EAAE,OAAO,EAAE,aAAa,CAAC,OAAO,CAAC,EAAE,CAAC;IACtD,CAAC;IACD,MAAM,IAAI,KAAK,CAAC,0CAA0C,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;AACpF,CAAC;AAED,SAAS,YAAY,CAAC,CAAS;IAC7B,IAAI,CAAC;QACH,OAAO,EAAE,CAAC,YAAY,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC;IAC1C,CAAC;IAAC,MAAM,CAAC;QACP,uEAAuE;QACvE,8DAA8D;QAC9D,kCAAkC;QAClC,IAAI,CAAC;YACH,OAAO,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC;QACzB,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,CAAC,CAAC;QACX,CAAC;IACH,CAAC;AACH,CAAC;AAED,SAAS,aAAa,CAAC,OAAiB;IACtC,MAAM,IAAI,GAAG,IAAI,GAAG,EAAU,CAAC;IAC/B,MAAM,GAAG,GAAa,EAAE,CAAC;IACzB,KAAK,MAAM,CAAC,IAAI,OAAO,EAAE,CAAC;QACxB,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC;YACjB,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;YACZ,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QACd,CAAC;IACH,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AAED,uEAAuE;AAEvE;;;;;;GAMG;AACH,SAAS,0BAA0B,CAAC,QAA2B;IAC7D,uFAAuF;IACvF,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,IAAI,CAAC;IACvC,MAAM,gBAAgB,GAAG,IAAI,GAAG,CAAC;QAC/B,IAAI;QACJ,IAAI;QACJ,UAAU;QACV,IAAI;QACJ,IAAI;QACJ,QAAQ;QACR,IAAI;QACJ,IAAI;QACJ,QAAQ;QACR,kBAAkB;QAClB,oBAAoB;QACpB,SAAS;QACT,YAAY;KACb,CAAC,CAAC;IACH,KAAK,MAAM,CAAC,IAAI,QAAQ,EAAE,CAAC;QACzB,IAAI,gBAAgB,CAAC,GAAG,CAAC,CAAC,CAAC;YAAE,OAAO,KAAK,CAAC;QAC1C,IAAI,CAAC,CAAC,UAAU,CAAC,gBAAgB,CAAC;YAAE,OAAO,KAAK,CAAC;QACjD,IAAI,CAAC,CAAC,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;YACvB,mEAAmE;YACnE,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,SAAS,0BAA0B,CAAC,QAA2B;IAC7D,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,IAAI,CAAC,CAAC,2BAA2B;IACnE,MAAM,GAAG,GAAG,QAAQ,CAAC,CAAC,CAAC,CAAC;IACxB,IAAI,GAAG,KAAK,IAAI,IAAI,GAAG,KAAK,WAAW;QAAE,OAAO,IAAI,CAAC;IACrD,IAAI,GAAG,KAAK,MAAM,IAAI,GAAG,KAAK,SAAS;QAAE,OAAO,IAAI,CAAC;IACrD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,SAAS,4BAA4B,CAAC,QAA2B;IAC/D,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,KAAK,CAAC;IACxC,OAAO,QAAQ,CAAC,CAAC,CAAC,KAAK,MAAM,CAAC;AAChC,CAAC;AAED,SAAS,0BAA0B,CAAC,QAA2B;IAC7D,6EAA6E;IAC7E,yEAAyE;IACzE,sCAAsC;IACtC,KAAK,MAAM,CAAC,IAAI,QAAQ,EAAE,CAAC;QACzB,IAAI,CAAC,KAAK,OAAO,IAAI,CAAC,KAAK,WAAW,IAAI,CAAC,KAAK,cAAc;YAAE,OAAO,IAAI,CAAC;QAC5E,IAAI,CAAC,KAAK,QAAQ,IAAI,CAAC,KAAK,IAAI;YAAE,OAAO,IAAI,CAAC;QAC9C,IAAI,CAAC,KAAK,aAAa,IAAI,CAAC,KAAK,iBAAiB;YAAE,OAAO,IAAI,CAAC;QAChE,IAAI,CAAC,KAAK,gBAAgB;YAAE,OAAO,IAAI,CAAC;IAC1C,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,SAAS,+BAA+B,CAAC,QAA2B;IAClE,wEAAwE;IACxE,4DAA4D;IAC5D,KAAK,MAAM,CAAC,IAAI,QAAQ,EAAE,CAAC;QACzB,IAAI,CAAC,KAAK,UAAU;YAAE,OAAO,KAAK,CAAC;IACrC,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,SAAS,yBAAyB,CAAC,QAA2B;IAC5D,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,KAAK,CAAC;IACxC,MAAM,GAAG,GAAG,QAAQ,CAAC,CAAC,CAAC,CAAC;IACxB,OAAO,GAAG,KAAK,MAAM,IAAI,GAAG,KAAK,MAAM,CAAC;AAC1C,CAAC;AAED,SAAS,0BAA0B,CAAC,QAA2B;IAC7D,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,IAAI,CAAC;IACvC,MAAM,GAAG,GAAG,QAAQ,CAAC,CAAC,CAAC,CAAC;IACxB,4EAA4E;IAC5E,OAAO,GAAG,KAAK,MAAM,IAAI,GAAG,KAAK,QAAQ,CAAC;AAC5C,CAAC;AAED;;;;;GAKG;AACH,SAAS,eAAe,CACtB,IAAY,EACZ,QAA2B;IAE3B,QAAQ,IAAI,EAAE,CAAC;QACb,KAAK,QAAQ;YACX,OAAO,0BAA0B,CAAC,QAAQ,CAAC,CAAC;QAC9C,KAAK,QAAQ;YACX,OAAO,0BAA0B,CAAC,QAAQ,CAAC,CAAC;QAC9C,KAAK,UAAU;YACb,OAAO,4BAA4B,CAAC,QAAQ,CAAC,CAAC;QAChD,KAAK,QAAQ;YACX,OAAO,0BAA0B,CAAC,QAAQ,CAAC,CAAC;QAC9C,KAAK,cAAc;YACjB,OAAO,+BAA+B,CAAC,QAAQ,CAAC,CAAC;QACnD,KAAK,OAAO;YACV,OAAO,yBAAyB,CAAC,QAAQ,CAAC,CAAC;QAC7C,KAAK,QAAQ;YACX,OAAO,0BAA0B,CAAC,QAAQ,CAAC,CAAC;QAC9C;YACE,OAAO,IAAI,CAAC;IAChB,CAAC;AACH,CAAC;AAED,iFAAiF;AACjF,SAAS,cAAc,CACrB,IAAuB,EACvB,IAAY;IAEZ,MAAM,GAAG,GAAG,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;IAC/B,IAAI,GAAG,GAAG,CAAC;QAAE,OAAO,EAAE,CAAC;IACvB,OAAO,IAAI,CAAC,KAAK,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC;AAC7B,CAAC;AAeD;;;;GAIG;AACH,SAAS,YAAY;IACnB,IAAI,OAAO,CAAC,GAAG,CAAC,yBAAyB,KAAK,GAAG;QAAE,OAAO,IAAI,CAAC;IAC/D,MAAM,WAAW,GAAG,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC;IACrD,IAAI,WAAW,EAAE,CAAC;QAChB,OAAO,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,uBAAuB,CAAC,CAAC;IACzD,CAAC;IACD,qDAAqD;IACrD,OAAO,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,SAAS,EAAE,OAAO,EAAE,uBAAuB,CAAC,CAAC;AAC/E,CAAC;AAED,MAAM,UAAU,gBAAgB,CAAC,KAAiB;IAChD,MAAM,IAAI,GAAG,YAAY,EAAE,CAAC;IAC5B,IAAI,CAAC,IAAI;QAAE,OAAO;IAClB,IAAI,CAAC;QACH,EAAE,CAAC,SAAS,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QACtD,EAAE,CAAC,cAAc,CAAC,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,GAAG,IAAI,CAAC,CAAC;IACxD,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,2DAA2D;QAC3D,IAAI,CAAC;YACH,OAAO,CAAC,MAAM,CAAC,KAAK,CAClB,6CAA8C,GAAa,CAAC,OAAO,IAAI,CACxE,CAAC;QACJ,CAAC;QAAC,MAAM,CAAC;YACP,SAAS;QACX,CAAC;IACH,CAAC;AACH,CAAC;AAED,SAAS,kBAAkB;IACzB,MAAM,CAAC,GAAG,IAAI,KAAK,EAAE,CAAC;IACtB,MAAM,KAAK,GAAG,CAAC,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAC1C,gEAAgE;IAChE,MAAM,KAAK,GAAG,KAAK,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;IACzC,OAAO,KAAK,CAAC,IAAI,EAAE,CAAC;AACtB,CAAC;AAuBD,sEAAsE;AAEtE,MAAM,OAAO,oBAAqB,SAAQ,KAAK;IACpC,IAAI,GAAG,0BAA0B,CAAC;IAC3C,YAAY,OAAe;QACzB,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,IAAI,GAAG,sBAAsB,CAAC;IACrC,CAAC;CACF;AAED,uEAAuE;AAEvE,MAAM,OAAO,eAAe;IAC1B;;;;;;;;;;;;OAYG;IACH,MAAM,CAAC,QAAQ,CAAC,IAAuB,EAAE,IAAoB;QAC3D,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,GAAG,qBAAqB,CAAC,IAAI,EAAE,IAAI,CAAC,GAAG,CAAC,CAAC;QAEhE,kDAAkD;QAClD,mBAAmB,CAAC,OAAO,EAAE,IAAI,CAAC,SAAS,EAAE,KAAK,EAAE,IAAI,CAAC,CAAC;QAE1D,uBAAuB;QACvB,MAAM,QAAQ,GAAG,cAAc,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;QAC5C,MAAM,iBAAiB,GAAG,eAAe,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC;QAC1D,IAAI,iBAAiB,KAAK,IAAI,EAAE,CAAC;YAC/B,qEAAqE;YACrE,sDAAsD;YACtD,KAAK,CAAC,KAAK,EAAE,IAAI,CAAC,SAAS,EAAE,IAAI,EAAE,OAAO,CAAC,CAAC,CAAC,EAAE,QAAQ,EAAE,8BAA8B,CAAC,CAAC;YACzF,MAAM,IAAI,oBAAoB,CAC5B,yDAAyD,IAAI,IAAI,QAAQ,CAAC,IAAI,CAAC,GAAG,CAAC,2CAA2C,CAC/H,CAAC;QACJ,CAAC;QACD,IAAI,iBAAiB,KAAK,IAAI,IAAI,CAAC,qBAAqB,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC;YACnE,+CAA+C;YAC/C,KAAK,CAAC,KAAK,EAAE,IAAI,CAAC,SAAS,EAAE,IAAI,EAAE,OAAO,CAAC,CAAC,CAAC,EAAE,QAAQ,EAAE,4BAA4B,CAAC,CAAC;YACvF,MAAM,IAAI,oBAAoB,CAC5B,wDAAwD,IAAI,2CAA2C,CACxG,CAAC;QACJ,CAAC;QAED,MAAM,GAAG,GAAG,WAAW,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAElC,IAAI,MAAc,CAAC;QACnB,IAAI,CAAC;YACH,MAAM,GAAG,YAAY,CAAC,KAAK,EAAE,IAAgB,EAAE;gBAC7C,GAAG,EAAE,IAAI,CAAC,GAAG;gBACb,KAAK,EAAE,IAAI,CAAC,KAAK,IAAI,MAAM;gBAC3B,QAAQ,EAAE,IAAI,CAAC,QAAQ,IAAI,OAAO;gBAClC,OAAO,EAAE,IAAI,CAAC,OAAO,IAAI,KAAK;gBAC9B,GAAG;gBACH,KAAK,EAAE,IAAI,CAAC,KAAK;gBACjB,SAAS,EAAE,IAAI,CAAC,SAAS,IAAI,EAAE,GAAG,IAAI,GAAG,IAAI;aAC9C,CAAW,CAAC;QACf,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,KAAK,CAAC,KAAK,EAAE,IAAI,CAAC,SAAS,EAAE,IAAI,EAAE,OAAO,CAAC,CAAC,CAAC,EAAE,QAAQ,EAAE,qBAAsB,GAAa,CAAC,OAAO,EAAE,CAAC,CAAC;YACxG,MAAM,GAAG,CAAC;QACZ,CAAC;QACD,KAAK,CAAC,KAAK,EAAE,IAAI,CAAC,SAAS,EAAE,IAAI,EAAE,OAAO,CAAC,CAAC,CAAC,EAAE,SAAS,CAAC,CAAC;QAC1D,OAAO,MAAM,IAAI,EAAE,CAAC;IACtB,CAAC;IAED;;OAEG;IACH,MAAM,CAAC,KAAK,CAAC,IAAuB,EAAE,IAAoB;QACxD,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,GAAG,qBAAqB,CAAC,IAAI,EAAE,IAAI,CAAC,GAAG,CAAC,CAAC;QAChE,mBAAmB,CAAC,OAAO,EAAE,IAAI,CAAC,SAAS,EAAE,KAAK,EAAE,IAAI,CAAC,CAAC;QAE1D,MAAM,QAAQ,GAAG,cAAc,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;QAC5C,MAAM,iBAAiB,GAAG,eAAe,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC;QAC1D,IAAI,iBAAiB,KAAK,IAAI,EAAE,CAAC;YAC/B,KAAK,CAAC,KAAK,EAAE,IAAI,CAAC,SAAS,EAAE,IAAI,EAAE,OAAO,CAAC,CAAC,CAAC,EAAE,QAAQ,EAAE,2BAA2B,CAAC,CAAC;YACtF,MAAM,IAAI,oBAAoB,CAC5B,sDAAsD,IAAI,2CAA2C,CACtG,CAAC;QACJ,CAAC;QACD,IAAI,iBAAiB,KAAK,IAAI,IAAI,CAAC,qBAAqB,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC;YACnE,KAAK,CAAC,KAAK,EAAE,IAAI,CAAC,SAAS,EAAE,IAAI,EAAE,OAAO,CAAC,CAAC,CAAC,EAAE,QAAQ,EAAE,yBAAyB,CAAC,CAAC;YACpF,MAAM,IAAI,oBAAoB,CAC5B,qDAAqD,IAAI,2CAA2C,CACrG,CAAC;QACJ,CAAC;QAED,MAAM,GAAG,GAAG,WAAW,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAClC,MAAM,SAAS,GAAiB;YAC9B,GAAG,EAAE,IAAI,CAAC,GAAG;YACb,KAAK,EAAE,IAAI,CAAC,KAAK,IAAI,MAAM;YAC3B,GAAG;SACJ,CAAC;QACF,KAAK,CAAC,KAAK,EAAE,IAAI,CAAC,SAAS,EAAE,IAAI,EAAE,OAAO,CAAC,CAAC,CAAC,EAAE,SAAS,CAAC,CAAC;QAC1D,OAAO,SAAS,CAAC,KAAK,EAAE,IAAgB,EAAE,SAAS,CAAC,CAAC;IACvD,CAAC;IAED;;;;;OAKG;IACH,MAAM,CAAC,QAAQ,CAAC,IAAuB,EAAE,IAAoB;QAC3D,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,GAAG,qBAAqB,CAAC,IAAI,EAAE,IAAI,CAAC,GAAG,CAAC,CAAC;QAEhE,kEAAkE;QAClE,oEAAoE;QACpE,uBAAuB;QACvB,MAAM,QAAQ,GAAG,cAAc,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;QAC5C,MAAM,iBAAiB,GAAG,eAAe,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC;QAC1D,IAAI,iBAAiB,KAAK,KAAK,EAAE,CAAC;YAChC,KAAK,CAAC,KAAK,EAAE,IAAI,CAAC,SAAS,EAAE,IAAI,EAAE,OAAO,CAAC,CAAC,CAAC,EAAE,QAAQ,EAAE,gCAAgC,CAAC,CAAC;YAC3F,MAAM,IAAI,oBAAoB,CAC5B,2DAA2D,IAAI,IAAI,QAAQ,CAAC,IAAI,CAAC,GAAG,CAAC,2CAA2C,CACjI,CAAC;QACJ,CAAC;QACD,IAAI,iBAAiB,KAAK,IAAI,IAAI,CAAC,kBAAkB,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC;YAChE,KAAK,CAAC,KAAK,EAAE,IAAI,CAAC,SAAS,EAAE,IAAI,EAAE,OAAO,CAAC,CAAC,CAAC,EAAE,QAAQ,EAAE,+BAA+B,CAAC,CAAC;YAC1F,MAAM,IAAI,oBAAoB,CAC5B,0DAA0D,IAAI,2CAA2C,CAC1G,CAAC;QACJ,CAAC;QAED,4DAA4D;QAC5D,mBAAmB,CAAC,OAAO,EAAE,IAAI,CAAC,SAAS,EAAE,KAAK,EAAE,IAAI,CAAC,CAAC;QAE1D,MAAM,GAAG,GAAG,WAAW,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAClC,IAAI,MAAc,CAAC;QACnB,IAAI,CAAC;YACH,MAAM,GAAG,YAAY,CAAC,KAAK,EAAE,IAAgB,EAAE;gBAC7C,GAAG,EAAE,IAAI,CAAC,GAAG;gBACb,KAAK,EAAE,IAAI,CAAC,KAAK,IAAI,MAAM;gBAC3B,QAAQ,EAAE,IAAI,CAAC,QAAQ,IAAI,OAAO;gBAClC,OAAO,EAAE,IAAI,CAAC,OAAO,IAAI,KAAK;gBAC9B,GAAG;gBACH,KAAK,EAAE,IAAI,CAAC,KAAK;gBACjB,SAAS,EAAE,IAAI,CAAC,SAAS,IAAI,EAAE,GAAG,IAAI,GAAG,IAAI;aAC9C,CAAW,CAAC;QACf,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,KAAK,CAAC,KAAK,EAAE,IAAI,CAAC,SAAS,EAAE,IAAI,EAAE,OAAO,CAAC,CAAC,CAAC,EAAE,QAAQ,EAAE,qBAAsB,GAAa,CAAC,OAAO,EAAE,CAAC,CAAC;YACxG,MAAM,GAAG,CAAC;QACZ,CAAC;QACD,KAAK,CAAC,KAAK,EAAE,IAAI,CAAC,SAAS,EAAE,IAAI,EAAE,OAAO,CAAC,CAAC,CAAC,EAAE,SAAS,CAAC,CAAC;QAC1D,OAAO,MAAM,IAAI,EAAE,CAAC;IACtB,CAAC;CACF;AAED,SAAS,mBAAmB,CAC1B,OAA0B,EAC1B,SAAiB,EACjB,QAAsB,EACtB,IAAwB;IAExB,KAAK,MAAM,CAAC,IAAI,OAAO,EAAE,CAAC;QACxB,IAAI,CAAC;YACH,yBAAyB,CAAC,CAAC,EAAE,SAAS,CAAC,CAAC;QAC1C,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,IAAI,GAAG,YAAY,oBAAoB,EAAE,CAAC;gBACxC,KAAK,CAAC,QAAQ,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,EAAE,QAAQ,EAAE,GAAG,CAAC,OAAO,CAAC,CAAC;YAC7D,CAAC;YACD,MAAM,GAAG,CAAC;QACZ,CAAC;IACH,CAAC;AACH,CAAC;AAED,SAAS,KAAK,CACZ,QAAsB,EACtB,SAAiB,EACjB,IAAwB,EACxB,MAAc,EACd,OAA6B,EAC7B,MAAe;IAEf,MAAM,KAAK,GAAe;QACxB,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;QACnC,QAAQ;QACR,SAAS;QACT,MAAM;QACN,OAAO;QACP,MAAM,EAAE,kBAAkB,EAAE;KAC7B,CAAC;IACF,IAAI,IAAI,KAAK,SAAS;QAAE,KAAK,CAAC,IAAI,GAAG,IAAI,CAAC;IAC1C,IAAI,MAAM,KAAK,SAAS;QAAE,KAAK,CAAC,MAAM,GAAG,MAAM,CAAC;IAChD,gBAAgB,CAAC,KAAK,CAAC,CAAC;AAC1B,CAAC;AAED,uEAAuE;AAEvE,sDAAsD;AACtD,MAAM,CAAC,MAAM,SAAS,GAAG;IACvB,qBAAqB;IACrB,eAAe;IACf,WAAW;IACX,gBAAgB;CACjB,CAAC;AAEF,sEAAsE;AACtE,oCAAoC;AACpC,OAAO,EAAE,oBAAoB,EAAE,CAAC;AAChC,4EAA4E;AAC5E,KAAK,aAAa,CAAC"}

package/dist/core/ScopeVerifier.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"ScopeVerifier.d.ts","sourceRoot":"","sources":["../../src/core/ScopeVerifier.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;GAmBG;AAMH,MAAM,WAAW,uBAAuB;IACtC,qDAAqD;IACrD,MAAM,EAAE,OAAO,CAAC;IAChB,+BAA+B;IAC/B,MAAM,EAAE,UAAU,EAAE,CAAC;IACrB,6BAA6B;IAC7B,OAAO,EAAE,MAAM,CAAC;IAChB,kDAAkD;IAClD,cAAc,EAAE,SAAS,GAAG,MAAM,GAAG,OAAO,CAAC;IAC7C,gBAAgB;IAChB,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,UAAU;IACzB,iBAAiB;IACjB,IAAI,EAAE,MAAM,CAAC;IACb,gCAAgC;IAChC,MAAM,EAAE,OAAO,CAAC;IAChB,wBAAwB;IACxB,QAAQ,EAAE,MAAM,CAAC;IACjB,qBAAqB;IACrB,MAAM,EAAE,MAAM,CAAC;IACf,uDAAuD;IACvD,QAAQ,EAAE,OAAO,GAAG,SAAS,GAAG,MAAM,CAAC;IACvC,6BAA6B;IAC7B,OAAO,EAAE,MAAM,CAAC;CACjB;AAED,MAAM,WAAW,mBAAmB;IAClC,6BAA6B;IAC7B,UAAU,EAAE,MAAM,CAAC;IACnB,6BAA6B;IAC7B,QAAQ,EAAE,MAAM,CAAC;IACjB,0CAA0C;IAC1C,WAAW,EAAE,MAAM,CAAC;IACpB,qCAAqC;IACrC,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B,6BAA6B;IAC7B,aAAa,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,mBAAmB,CAAC,CAAC;CACrD;AAED,MAAM,WAAW,mBAAmB;IAClC,kCAAkC;IAClC,WAAW,EAAE,MAAM,CAAC;IACpB,oCAAoC;IACpC,UAAU,EAAE,MAAM,CAAC;IACnB,8BAA8B;IAC9B,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,6BAA6B;IAC7B,iBAAiB,CAAC,EAAE,MAAM,EAAE,CAAC;IAC7B,kCAAkC;IAClC,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB;AAED,8CAA8C;AAC9C,MAAM,MAAM,cAAc,GACtB,QAAQ,GACR,UAAU,GACV,cAAc,GACd,6BAA6B,GAC7B,mBAAmB,CAAC;AAExB,qBAAa,aAAa;IACxB,OAAO,CAAC,MAAM,CAAsB;gBAExB,MAAM,EAAE,mBAAmB;IAIvC;;OAEG;IACH,KAAK,CAAC,MAAM,EAAE,cAAc,EAAE,OAAO,CAAC,EAAE;QACtC,SAAS,CAAC,EAAE,MAAM,CAAC;QACnB,UAAU,CAAC,EAAE,MAAM,CAAC;QACpB,OAAO,CAAC,EAAE,MAAM,CAAC;QACjB,WAAW,CAAC,EAAE,MAAM,CAAC;KACtB,GAAG,uBAAuB;IAgD3B;;;OAGG;IACH,wBAAwB,CAAC,MAAM,EAAE,cAAc,EAAE,OAAO,CAAC,EAAE;QACzD,SAAS,CAAC,EAAE,MAAM,CAAC;QACnB,UAAU,CAAC,EAAE,MAAM,CAAC;QACpB,OAAO,CAAC,EAAE,MAAM,CAAC;QACjB,SAAS,CAAC,EAAE,MAAM,CAAC;QACnB,WAAW,CAAC,EAAE,MAAM,CAAC;KACtB,GAAG,MAAM;IA+DV;;OAEG;IACH,eAAe,CAAC,OAAO,EAAE,MAAM,GAAG,mBAAmB,GAAG,IAAI;IAI5D;;OAEG;IACH,eAAe,CAAC,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,mBAAmB,GAAG,IAAI;IAQpE;;OAEG;IACH,iBAAiB,IAAI,MAAM,CAAC,MAAM,EAAE,mBAAmB,CAAC;IAcxD;;OAEG;IACH,OAAO,CAAC,iBAAiB;IAQzB,OAAO,CAAC,qBAAqB;IAuB7B,OAAO,CAAC,cAAc;IA8BtB,OAAO,CAAC,0BAA0B;IA+BlC,OAAO,CAAC,qBAAqB;IAiC7B,OAAO,CAAC,cAAc;IAiBtB,OAAO,CAAC,kBAAkB;IA2C1B,OAAO,CAAC,eAAe;~~IAavB~~,OAAO,CAAC,eAAe;IAQvB,OAAO,CAAC,aAAa;CAGtB"}
1	+ {"version":3,"file":"ScopeVerifier.d.ts","sourceRoot":"","sources":["../../src/core/ScopeVerifier.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;GAmBG;AAMH,MAAM,WAAW,uBAAuB;IACtC,qDAAqD;IACrD,MAAM,EAAE,OAAO,CAAC;IAChB,+BAA+B;IAC/B,MAAM,EAAE,UAAU,EAAE,CAAC;IACrB,6BAA6B;IAC7B,OAAO,EAAE,MAAM,CAAC;IAChB,kDAAkD;IAClD,cAAc,EAAE,SAAS,GAAG,MAAM,GAAG,OAAO,CAAC;IAC7C,gBAAgB;IAChB,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,UAAU;IACzB,iBAAiB;IACjB,IAAI,EAAE,MAAM,CAAC;IACb,gCAAgC;IAChC,MAAM,EAAE,OAAO,CAAC;IAChB,wBAAwB;IACxB,QAAQ,EAAE,MAAM,CAAC;IACjB,qBAAqB;IACrB,MAAM,EAAE,MAAM,CAAC;IACf,uDAAuD;IACvD,QAAQ,EAAE,OAAO,GAAG,SAAS,GAAG,MAAM,CAAC;IACvC,6BAA6B;IAC7B,OAAO,EAAE,MAAM,CAAC;CACjB;AAED,MAAM,WAAW,mBAAmB;IAClC,6BAA6B;IAC7B,UAAU,EAAE,MAAM,CAAC;IACnB,6BAA6B;IAC7B,QAAQ,EAAE,MAAM,CAAC;IACjB,0CAA0C;IAC1C,WAAW,EAAE,MAAM,CAAC;IACpB,qCAAqC;IACrC,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B,6BAA6B;IAC7B,aAAa,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,mBAAmB,CAAC,CAAC;CACrD;AAED,MAAM,WAAW,mBAAmB;IAClC,kCAAkC;IAClC,WAAW,EAAE,MAAM,CAAC;IACpB,oCAAoC;IACpC,UAAU,EAAE,MAAM,CAAC;IACnB,8BAA8B;IAC9B,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,6BAA6B;IAC7B,iBAAiB,CAAC,EAAE,MAAM,EAAE,CAAC;IAC7B,kCAAkC;IAClC,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB;AAED,8CAA8C;AAC9C,MAAM,MAAM,cAAc,GACtB,QAAQ,GACR,UAAU,GACV,cAAc,GACd,6BAA6B,GAC7B,mBAAmB,CAAC;AAExB,qBAAa,aAAa;IACxB,OAAO,CAAC,MAAM,CAAsB;gBAExB,MAAM,EAAE,mBAAmB;IAIvC;;OAEG;IACH,KAAK,CAAC,MAAM,EAAE,cAAc,EAAE,OAAO,CAAC,EAAE;QACtC,SAAS,CAAC,EAAE,MAAM,CAAC;QACnB,UAAU,CAAC,EAAE,MAAM,CAAC;QACpB,OAAO,CAAC,EAAE,MAAM,CAAC;QACjB,WAAW,CAAC,EAAE,MAAM,CAAC;KACtB,GAAG,uBAAuB;IAgD3B;;;OAGG;IACH,wBAAwB,CAAC,MAAM,EAAE,cAAc,EAAE,OAAO,CAAC,EAAE;QACzD,SAAS,CAAC,EAAE,MAAM,CAAC;QACnB,UAAU,CAAC,EAAE,MAAM,CAAC;QACpB,OAAO,CAAC,EAAE,MAAM,CAAC;QACjB,SAAS,CAAC,EAAE,MAAM,CAAC;QACnB,WAAW,CAAC,EAAE,MAAM,CAAC;KACtB,GAAG,MAAM;IA+DV;;OAEG;IACH,eAAe,CAAC,OAAO,EAAE,MAAM,GAAG,mBAAmB,GAAG,IAAI;IAI5D;;OAEG;IACH,eAAe,CAAC,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,mBAAmB,GAAG,IAAI;IAQpE;;OAEG;IACH,iBAAiB,IAAI,MAAM,CAAC,MAAM,EAAE,mBAAmB,CAAC;IAcxD;;OAEG;IACH,OAAO,CAAC,iBAAiB;IAQzB,OAAO,CAAC,qBAAqB;IAuB7B,OAAO,CAAC,cAAc;IA8BtB,OAAO,CAAC,0BAA0B;IA+BlC,OAAO,CAAC,qBAAqB;IAiC7B,OAAO,CAAC,cAAc;IAiBtB,OAAO,CAAC,kBAAkB;IA2C1B,OAAO,CAAC,eAAe;IAcvB,OAAO,CAAC,eAAe;IAQvB,OAAO,CAAC,aAAa;CAGtB"}