kastell 2.2.0 → 2.2.1

package/dist/core/deploy.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"deploy.d.ts","sourceRoot":"","sources":["../../src/core/deploy.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,sBAAsB,CAAC;AAE1D,OAAO,KAAK,EAAY,aAAa,EAAE,MAAM,mBAAmB,CAAC;AA0BjE,6CAA6C;AAC7C,UAAU,UAAU;IAClB,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,EAAE,MAAM,CAAC;IACjB,UAAU,EAAE,MAAM,CAAC;IACnB,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AAED,wBAAsB,sBAAsB,CAAC,QAAQ,EAAE,aAAa,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC,CA2BvF;AAgYD,wBAAsB,YAAY,CAChC,cAAc,EAAE,MAAM,EACtB,iBAAiB,EAAE,aAAa,EAChC,MAAM,EAAE,MAAM,EACd,UAAU,EAAE,MAAM,EAClB,UAAU,EAAE,MAAM,EAClB,SAAS,CAAC,EAAE,OAAO,EACnB,MAAM,CAAC,EAAE,OAAO,EAChB,IAAI,CAAC,EAAE,MAAM,GACZ,OAAO,CAAC,aAAa,CAAC,UAAU,CAAC,CAAC,CAsCpC"}
+{"version":3,"file":"deploy.d.ts","sourceRoot":"","sources":["../../src/core/deploy.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,sBAAsB,CAAC;AAE1D,OAAO,KAAK,EAAY,aAAa,EAAE,MAAM,mBAAmB,CAAC;AA0BjE,6CAA6C;AAC7C,UAAU,UAAU;IAClB,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,EAAE,MAAM,CAAC;IACjB,UAAU,EAAE,MAAM,CAAC;IACnB,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AAED,wBAAsB,sBAAsB,CAAC,QAAQ,EAAE,aAAa,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC,CA2BvF;AAmYD,wBAAsB,YAAY,CAChC,cAAc,EAAE,MAAM,EACtB,iBAAiB,EAAE,aAAa,EAChC,MAAM,EAAE,MAAM,EACd,UAAU,EAAE,MAAM,EAClB,UAAU,EAAE,MAAM,EAClB,SAAS,CAAC,EAAE,OAAO,EACnB,MAAM,CAAC,EAAE,OAAO,EAChB,IAAI,CAAC,EAAE,MAAM,GACZ,OAAO,CAAC,aAAa,CAAC,UAAU,CAAC,CAAC,CAsCpC"}

package/dist/core/deploy.js

@@ -1,7 +1,7 @@
 import { isServerMode } from "../types/index.js";
 import { getBareCloudInit } from "../utils/cloudInit.js";
 import { getAdapter } from "../adapters/factory.js";
-import { logger, createSpinner } from "../utils/logger.js";
+import { logger, debugLog, createSpinner } from "../utils/logger.js";
 import { getErrorMessage, mapProviderError } from "../utils/errorMapper.js";
 import { openBrowser } from "../utils/openBrowser.js";
 import { assertValidIp, removeStaleHostKey, sshExec } from "../utils/ssh.js";
@@ -168,8 +168,9 @@ async function waitForReady(providerWithToken, server, providerChoice, platform)
                     currentIp = details.ip;
                     break;
                 }
-                catch {
+                catch (error) {
                     // Invalid IP format from API — skip and retry
+                    debugLog?.("invalid IP format from provider API", { cause: error });
                 }
             }
             refreshAttempts++;
@@ -209,8 +210,9 @@ async function barePostSetup(serverId, serverName, serverIp, fullSetup) {
                 sshReady = true;
                 break;
             }
-            catch {
+            catch (error) {
                 cloudInitSpinner.text = `Waiting for server to accept SSH... (attempt ${attempt}/60)`;
+                debugLog?.("SSH not ready during cloud-init", { cause: error });
                 await new Promise((r) => setTimeout(r, POLL_DELAY_MS));
             }
         }
@@ -226,8 +228,9 @@ async function barePostSetup(serverId, serverName, serverIp, fullSetup) {
                     cloudInitSpinner.warn("Cloud-init may not have finished — continuing anyway");
                 }
             }
-            catch {
+            catch (error) {
                 cloudInitSpinner.warn("Could not check cloud-init status — continuing anyway");
+                debugLog?.("cloud-init status check failed", { cause: error });
             }
         }
         else {

package/dist/core/deploy.js.map

@@ -1 +1 @@
-{"version":3,"file":"deploy.js","sourceRoot":"","sources":["../../src/core/deploy.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,YAAY,EAAE,MAAM,mBAAmB,CAAC;AAEjD,OAAO,EAAE,gBAAgB,EAAE,MAAM,uBAAuB,CAAC;AACzD,OAAO,EAAE,UAAU,EAAE,MAAM,wBAAwB,CAAC;AACpD,OAAO,EAAE,MAAM,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAC;AAC3D,OAAO,EAAE,eAAe,EAAE,gBAAgB,EAAE,MAAM,yBAAyB,CAAC;AAC5E,OAAO,EAAE,WAAW,EAAE,MAAM,yBAAyB,CAAC;AACtD,OAAO,EAAE,aAAa,EAAE,kBAAkB,EAAE,OAAO,EAAE,MAAM,iBAAiB,CAAC;AAC7E,OAAO,EAAE,GAAG,EAAE,MAAM,wBAAwB,CAAC;AAC7C,OAAO,EAAE,eAAe,EAAE,cAAc,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAC;AACpF,OAAO,EAAE,UAAU,EAAE,MAAM,oBAAoB,CAAC;AAChD,OAAO,EAAE,cAAc,EAAE,MAAM,yBAAyB,CAAC;AACzD,OAAO,EACL,WAAW,EACX,mBAAmB,EACnB,iBAAiB,EACjB,mBAAmB,GACpB,MAAM,qBAAqB,CAAC;AAC7B,OAAO,EAAE,aAAa,EAAE,MAAM,eAAe,CAAC;AAC9C,OAAO,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAC1C,OAAO,EAAE,OAAO,EAAE,gBAAgB,EAAE,YAAY,EAAE,YAAY,EAAE,oBAAoB,EAAE,aAAa,EAAE,MAAM,iBAAiB,CAAC;AAE7H,iEAAiE;AACjE,SAAS,iBAAiB,CAAC,EAAU;IACnC,OAAO,EAAE,KAAK,SAAS,IAAI,EAAE,KAAK,SAAS,IAAI,EAAE,KAAK,EAAE,CAAC;AAC3D,CAAC;AAUD,MAAM,CAAC,KAAK,UAAU,sBAAsB,CAAC,QAAuB;IAClE,IAAI,SAAS,GAAG,eAAe,EAAE,CAAC;IAClC,IAAI,CAAC,SAAS,EAAE,CAAC;QACf,MAAM,CAAC,IAAI,CAAC,qCAAqC,CAAC,CAAC;QACnD,SAAS,GAAG,cAAc,EAAE,CAAC;QAC7B,IAAI,SAAS,EAAE,CAAC;YACd,MAAM,CAAC,OAAO,CAAC,uCAAuC,CAAC,CAAC;QAC1D,CAAC;aAAM,CAAC;YACN,MAAM,CAAC,OAAO,CAAC,4DAA4D,CAAC,CAAC;YAC7E,MAAM,CAAC,IAAI,CAAC,wDAAwD,CAAC,CAAC;YACtE,MAAM,CAAC,OAAO,CAAC,kEAAkE,CAAC,CAAC;YACnF,OAAO,EAAE,CAAC;QACZ,CAAC;IACH,CAAC;IAED,MAAM,OAAO,GAAG,aAAa,CAAC,kCAAkC,CAAC,CAAC;IAClE,OAAO,CAAC,KAAK,EAAE,CAAC;IAChB,IAAI,CAAC;QACH,MAAM,KAAK,GAAG,MAAM,QAAQ,CAAC,YAAY,CAAC,aAAa,EAAE,EAAE,SAAS,CAAC,CAAC;QACtE,OAAO,CAAC,OAAO,CAAC,iDAAiD,CAAC,CAAC;QACnE,OAAO,CAAC,KAAK,CAAC,CAAC;IACjB,CAAC;IAAC,OAAO,KAAc,EAAE,CAAC;QACxB,OAAO,CAAC,IAAI,CAAC,uDAAuD,CAAC,CAAC;QACtE,MAAM,CAAC,OAAO,CAAC,eAAe,CAAC,KAAK,CAAC,CAAC,CAAC;QACvC,MAAM,CAAC,OAAO,CAAC,kEAAkE,CAAC,CAAC;QACnF,OAAO,EAAE,CAAC;IACZ,CAAC;AACH,CAAC;AAED,wEAAwE;AAExE,KAAK,UAAU,qBAAqB,CAClC,iBAAgC,EAChC,UAAkB,EAClB,MAAc,EACd,UAAkB,EAClB,SAAiB,EACjB,SAAmB,EACnB,IAAa;IAEb,IAAI,WAAW,GAAG,UAAU,CAAC;IAC7B,IAAI,aAAa,GAAG,MAAM,CAAC;IAC3B,IAAI,WAAW,GAAG,UAAU,CAAC;IAC7B,IAAI,MAA8D,CAAC;IACnE,IAAI,OAAO,GAAG,CAAC,CAAC;IAChB,MAAM,UAAU,GAAG,CAAC,CAAC;IACrB,MAAM,WAAW,GAAa,EAAE,CAAC;IACjC,MAAM,eAAe,GAAa,EAAE,CAAC;IAErC,OAAO,CAAC,MAAM,IAAI,OAAO,IAAI,UAAU,EAAE,CAAC;QACxC,MAAM,aAAa,GAAG,aAAa,CAAC,wBAAwB,CAAC,CAAC;QAC9D,aAAa,CAAC,KAAK,EAAE,CAAC;QAEtB,IAAI,CAAC;YACH,MAAM,GAAG,MAAM,iBAAiB,CAAC,YAAY,CAAC;gBAC5C,IAAI,EAAE,WAAW;gBACjB,MAAM,EAAE,aAAa;gBACrB,IAAI,EAAE,WAAW;gBACjB,SAAS;gBACT,SAAS;aACV,CAAC,CAAC;YACH,aAAa,CAAC,OAAO,CAAC,uBAAuB,MAAM,CAAC,EAAE,GAAG,CAAC,CAAC;QAC7D,CAAC;QAAC,OAAO,WAAoB,EAAE,CAAC;YAC9B,aAAa,CAAC,IAAI,CAAC,wBAAwB,CAAC,CAAC;YAC7C,MAAM,QAAQ,GAAG,eAAe,CAAC,WAAW,CAAC,CAAC;YAE9C,IAAI,QAAQ,CAAC,QAAQ,CAAC,SAAS,CAAC,IAAI,QAAQ,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;gBAC9D,MAAM,CAAC,OAAO,CAAC,gBAAgB,WAAW,qBAAqB,CAAC,CAAC;gBACjE,MAAM,CAAC,IAAI,CAAC,iCAAiC,CAAC,CAAC;gBAC/C,IAAI,OAAO,GAAG,WAAW,CAAC;gBAC1B,OAAO,OAAO,KAAK,WAAW,EAAE,CAAC;oBAC/B,OAAO,GAAG,MAAM,mBAAmB,CAAC,IAAI,CAAC,CAAC;gBAC5C,CAAC;gBACD,WAAW,GAAG,OAAO,CAAC;gBACtB,OAAO,EAAE,CAAC;YACZ,CAAC;iBAAM,IAAI,QAAQ,CAAC,QAAQ,CAAC,mBAAmB,CAAC,EAAE,CAAC;gBAClD,eAAe,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;gBACpC,MAAM,CAAC,OAAO,CAAC,aAAa,aAAa,yCAAyC,CAAC,CAAC;gBACpF,MAAM,CAAC,IAAI,CAAC,mDAAmD,CAAC,CAAC;gBACjE,IAAI,UAAU,GAAG,KAAK,CAAC;gBACvB,OAAO,CAAC,UAAU,EAAE,CAAC;oBACnB,IAAI,SAAS,GAAG,WAAW,CAAC;oBAC5B,OAAO,SAAS,KAAK,WAAW,EAAE,CAAC;wBACjC,SAAS,GAAG,MAAM,iBAAiB,CAAC,iBAAiB,EAAE,eAAe,CAAC,CAAC;oBAC1E,CAAC;oBACD,aAAa,GAAG,SAAS,CAAC;oBAC1B,MAAM,OAAO,GAAG,MAAM,mBAAmB,CAAC,iBAAiB,EAAE,aAAa,EAAE,EAAE,EAAE,YAAY,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC;oBACvH,IAAI,OAAO,KAAK,WAAW;wBAAE,SAAS;oBACtC,WAAW,GAAG,OAAO,CAAC;oBACtB,UAAU,GAAG,IAAI,CAAC;gBACpB,CAAC;gBACD,OAAO,EAAE,CAAC;YACZ,CAAC;iBAAM,IACL,QAAQ,CAAC,QAAQ,CAAC,aAAa,CAAC;gBAChC,QAAQ,CAAC,QAAQ,CAAC,eAAe,CAAC;gBAClC,QAAQ,CAAC,QAAQ,CAAC,UAAU,CAAC;gBAC7B,QAAQ,CAAC,QAAQ,CAAC,aAAa,CAAC,EAChC,CAAC;gBACD,IAAI,OAAO,GAAG,UAAU,EAAE,CAAC;oBACzB,WAAW,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;oBAC9B,MAAM,CAAC,OAAO,CAAC,gBAAgB,WAAW,qCAAqC,CAAC,CAAC;oBACjF,MAAM,CAAC,IAAI,CAAC,wCAAwC,CAAC,CAAC;oBACtD,IAAI,OAAO,GAAG,WAAW,CAAC;oBAC1B,OAAO,OAAO,KAAK,WAAW,EAAE,CAAC;wBAC/B,OAAO,GAAG,MAAM,mBAAmB,CAAC,iBAAiB,EAAE,aAAa,EAAE,WAAW,EAAE,YAAY,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC;oBAC5H,CAAC;oBACD,WAAW,GAAG,OAAO,CAAC;oBACtB,OAAO,EAAE,CAAC;gBACZ,CAAC;qBAAM,CAAC;oBACN,MAAM,WAAW,CAAC;gBACpB,CAAC;YACH,CAAC;iBAAM,CAAC;gBACN,MAAM,WAAW,CAAC;YACpB,CAAC;QACH,CAAC;IACH,CAAC;IAED,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,MAAM,CAAC,KAAK,CAAC,iDAAiD,CAAC,CAAC;QAChE,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,iDAAiD,EAAE,CAAC;IACtF,CAAC;IAED,OAAO;QACL,OAAO,EAAE,IAAI;QACb,IAAI,EAAE,EAAE,EAAE,EAAE,MAAM,CAAC,EAAE,EAAE,EAAE,EAAE,MAAM,CAAC,EAAE,EAAE,IAAI,EAAE,WAAW,EAAE,MAAM,EAAE,aAAa,EAAE,IAAI,EAAE,WAAW,EAAE;KACpG,CAAC;AACJ,CAAC;AAED,wEAAwE;AAExE,KAAK,UAAU,YAAY,CACzB,iBAAgC,EAChC,MAAkC,EAClC,cAAsB,EACtB,QAA8B;IAE9B,gCAAgC;IAChC,MAAM,aAAa,GAAG,aAAa,CAAC,+BAA+B,CAAC,CAAC;IACrE,aAAa,CAAC,KAAK,EAAE,CAAC;IAEtB,IAAI,MAAM,GAAG,MAAM,iBAAiB,CAAC,eAAe,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;IAChE,IAAI,QAAQ,GAAG,CAAC,CAAC;IACjB,MAAM,WAAW,GAAG,EAAE,CAAC;IAEvB,OAAO,MAAM,KAAK,SAAS,IAAI,QAAQ,GAAG,WAAW,EAAE,CAAC;QACtD,MAAM,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,UAAU,CAAC,OAAO,EAAE,oBAAoB,CAAC,CAAC,CAAC;QAC1E,MAAM,GAAG,MAAM,iBAAiB,CAAC,eAAe,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;QAC5D,QAAQ,EAAE,CAAC;IACb,CAAC;IAED,IAAI,MAAM,KAAK,SAAS,EAAE,CAAC;QACzB,aAAa,CAAC,IAAI,CAAC,wBAAwB,CAAC,CAAC;QAC7C,MAAM,CAAC,KAAK,CAAC,4CAA4C,CAAC,CAAC;QAC3D,OAAO,EAAE,EAAE,EAAE,MAAM,CAAC,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,CAAC;IACzC,CAAC;IAED,aAAa,CAAC,OAAO,CAAC,mBAAmB,CAAC,CAAC;IAE3C,IAAI,SAAS,GAAG,MAAM,CAAC,EAAE,CAAC;IAE1B,gFAAgF;IAChF,IAAI,CAAC,iBAAiB,CAAC,SAAS,CAAC,EAAE,CAAC;QAClC,MAAM,QAAQ,GAAG,OAAO,CAAC,cAAc,CAAC,IAAI,EAAE,QAAQ,EAAE,EAAE,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;QAC7E,MAAM,SAAS,GAAG,aAAa,CAAC,sCAAsC,CAAC,CAAC;QACxE,SAAS,CAAC,KAAK,EAAE,CAAC;QAClB,IAAI,eAAe,GAAG,CAAC,CAAC;QACxB,OAAO,eAAe,GAAG,QAAQ,CAAC,QAAQ,EAAE,CAAC;YAC3C,MAAM,OAAO,GAAG,MAAM,iBAAiB,CAAC,gBAAgB,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;YACpE,IAAI,OAAO,CAAC,EAAE,IAAI,iBAAiB,CAAC,OAAO,CAAC,EAAE,CAAC,EAAE,CAAC;gBAChD,IAAI,CAAC;oBACH,aAAa,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC;oBAC1B,SAAS,GAAG,OAAO,CAAC,EAAE,CAAC;oBACvB,MAAM;gBACR,CAAC;gBAAC,MAAM,CAAC;oBACP,8CAA8C;gBAChD,CAAC;YACH,CAAC;YACD,eAAe,EAAE,CAAC;YAClB,MAAM,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,UAAU,CAAC,OAAO,EAAE,QAAQ,CAAC,QAAQ,CAAC,CAAC,CAAC;QACzE,CAAC;QACD,IAAI,CAAC,iBAAiB,CAAC,SAAS,CAAC,EAAE,CAAC;YAClC,SAAS,CAAC,IAAI,CAAC,oCAAoC,CAAC,CAAC;YACrD,MAAM,CAAC,OAAO,CAAC,qDAAqD,CAAC,CAAC;YACtE,MAAM,CAAC,IAAI,CAAC,uCAAuC,MAAM,CAAC,EAAE,EAAE,CAAC,CAAC;QAClE,CAAC;aAAM,CAAC;YACN,SAAS,CAAC,OAAO,CAAC,wBAAwB,SAAS,EAAE,CAAC,CAAC;QACzD,CAAC;IACH,CAAC;IAED,gFAAgF;IAChF,MAAM,MAAM,GAAG,CAAC,QAAQ,CAAC;IACzB,MAAM,UAAU,GAAG,SAAS,KAAK,SAAS,IAAI,SAAS,KAAK,SAAS,IAAI,SAAS,KAAK,EAAE,CAAC;IAC1F,MAAM,OAAO,GAAG,gBAAgB,CAAC,cAAc,CAAC,IAAI,KAAK,CAAC;IAC1D,MAAM,YAAY,GAAG,QAAQ,KAAK,SAAS,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,YAAY,CAAC;IAC1E,MAAM,KAAK,GAAG,CAAC,MAAM,IAAI,UAAU,CAAC,CAAC,CAAC,MAAM,cAAc,CAAC,SAAS,EAAE,OAAO,EAAE,aAAa,EAAE,EAAE,EAAE,YAAY,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC;IAExH,OAAO,EAAE,EAAE,EAAE,SAAS,EAAE,KAAK,EAAE,CAAC;AAClC,CAAC;AAED,wEAAwE;AAExE,KAAK,UAAU,aAAa,CAC1B,QAAgB,EAChB,UAAkB,EAClB,QAAgB,EAChB,SAAmB;IAEnB,MAAM,UAAU,GAAG,iBAAiB,CAAC,QAAQ,CAAC,CAAC;IAE/C,8CAA8C;IAC9C,IAAI,UAAU,EAAE,CAAC;QACf,wEAAwE;QACxE,kBAAkB,CAAC,QAAQ,CAAC,CAAC;QAE7B,MAAM,gBAAgB,GAAG,aAAa,CAAC,qCAAqC,CAAC,CAAC;QAC9E,gBAAgB,CAAC,KAAK,EAAE,CAAC;QAEzB,2FAA2F;QAC3F,IAAI,QAAQ,GAAG,KAAK,CAAC;QACrB,KAAK,IAAI,OAAO,GAAG,CAAC,EAAE,OAAO,IAAI,EAAE,EAAE,OAAO,EAAE,EAAE,CAAC;YAC/C,IAAI,CAAC;gBACH,MAAM,OAAO,CAAC,QAAQ,EAAE,GAAG,CAAC,SAAS,CAAC,CAAC,CAAC;gBACxC,QAAQ,GAAG,IAAI,CAAC;gBAChB,MAAM;YACR,CAAC;YAAC,MAAM,CAAC;gBACP,gBAAgB,CAAC,IAAI,GAAG,gDAAgD,OAAO,MAAM,CAAC;gBACtF,MAAM,IAAI,OAAO,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,UAAU,CAAC,CAAC,EAAE,aAAa,CAAC,CAAC,CAAC;YACzD,CAAC;QACH,CAAC;QAED,IAAI,QAAQ,EAAE,CAAC;YACb,wCAAwC;YACxC,gBAAgB,CAAC,IAAI,GAAG,iDAAiD,CAAC;YAC1E,IAAI,CAAC;gBACH,MAAM,QAAQ,GAAG,MAAM,OAAO,CAAC,QAAQ,EAAE,GAAG,CAAC,0BAA0B,CAAC,CAAC,CAAC;gBAC1E,IAAI,QAAQ,CAAC,IAAI,KAAK,CAAC,EAAE,CAAC;oBACxB,gBAAgB,CAAC,OAAO,CAAC,sBAAsB,CAAC,CAAC;gBACnD,CAAC;qBAAM,CAAC;oBACN,gBAAgB,CAAC,IAAI,CAAC,sDAAsD,CAAC,CAAC;gBAChF,CAAC;YACH,CAAC;YAAC,MAAM,CAAC;gBACP,gBAAgB,CAAC,IAAI,CAAC,uDAAuD,CAAC,CAAC;YACjF,CAAC;QACH,CAAC;aAAM,CAAC;YACN,gBAAgB,CAAC,IAAI,CAAC,mDAAmD,CAAC,CAAC;QAC7E,CAAC;IACH,CAAC;IAED,wCAAwC;IACxC,IAAI,SAAS,IAAI,UAAU,EAAE,CAAC;QAC5B,MAAM,CAAC,KAAK,CAAC,6CAA6C,CAAC,CAAC;QAC5D,IAAI,CAAC;YACH,MAAM,aAAa,CAAC,QAAQ,EAAE,UAAU,EAAE,KAAK,EAAE,IAAI,CAAC,CAAC;QACzD,CAAC;QAAC,OAAO,KAAc,EAAE,CAAC;YACxB,MAAM,CAAC,OAAO,CAAC,0BAA0B,eAAe,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;QACrE,CAAC;QACD,IAAI,CAAC;YACH,MAAM,WAAW,CAAC,QAAQ,EAAE,UAAU,EAAE,SAAS,EAAE,KAAK,EAAE,IAAI,CAAC,CAAC;QAClE,CAAC;QAAC,OAAO,KAAc,EAAE,CAAC;YACxB,MAAM,CAAC,OAAO,CAAC,0BAA0B,eAAe,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;QACrE,CAAC;IACH,CAAC;SAAM,IAAI,SAAS,IAAI,CAAC,UAAU,EAAE,CAAC;QACpC,MAAM,CAAC,OAAO,CAAC,+CAA+C,CAAC,CAAC;IAClE,CAAC;IAED,wBAAwB;IACxB,MAAM,CAAC,KAAK,CAAC,oBAAoB,CAAC,CAAC;IACnC,OAAO,CAAC,GAAG,EAAE,CAAC;IACd,MAAM,CAAC,OAAO,CAAC,oBAAoB,CAAC,CAAC;IACrC,MAAM,CAAC,IAAI,CAAC,iBAAiB,QAAQ,EAAE,CAAC,CAAC;IACzC,MAAM,CAAC,IAAI,CAAC,OAAO,QAAQ,EAAE,CAAC,CAAC;IAC/B,MAAM,CAAC,IAAI,CAAC,oCAAoC,CAAC,CAAC;IAClD,OAAO,CAAC,GAAG,EAAE,CAAC;IACd,IAAI,CAAC,SAAS,EAAE,CAAC;QACf,MAAM,CAAC,IAAI,CAAC,uBAAuB,CAAC,CAAC;QACrC,MAAM,CAAC,IAAI,CAAC,+BAA+B,UAAU,EAAE,CAAC,CAAC;QACzD,MAAM,CAAC,IAAI,CAAC,6BAA6B,UAAU,EAAE,CAAC,CAAC;QACvD,OAAO,CAAC,GAAG,EAAE,CAAC;IAChB,CAAC;IACD,MAAM,CAAC,IAAI,CAAC,wEAAwE,CAAC,CAAC;IACtF,OAAO,CAAC,GAAG,EAAE,CAAC;IACd,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,EAAE,QAAQ,EAAE,QAAQ,EAAE,UAAU,EAAE,EAAE,CAAC;AACrE,CAAC;AAED,KAAK,UAAU,iBAAiB,CAC9B,QAAgB,EAChB,UAAkB,EAClB,QAAgB,EAChB,QAAkB,EAClB,KAAc,EACd,SAAmB,EACnB,MAAgB;IAEhB,MAAM,UAAU,GAAG,iBAAiB,CAAC,QAAQ,CAAC,CAAC;IAC/C,MAAM,YAAY,GAAG,QAAQ,KAAK,SAAS,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,YAAY,CAAC;IAC1E,MAAM,YAAY,GAAG,QAAQ,KAAK,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC;IAEpE,sDAAsD;IACtD,IAAI,SAAS,IAAI,KAAK,EAAE,CAAC;QACvB,4DAA4D;QAC5D,kBAAkB,CAAC,QAAQ,CAAC,CAAC;QAE7B,MAAM,CAAC,KAAK,CAAC,6CAA6C,CAAC,CAAC;QAC5D,IAAI,CAAC;YACH,MAAM,aAAa,CAAC,QAAQ,EAAE,UAAU,EAAE,KAAK,CAAC,CAAC;QACnD,CAAC;QAAC,OAAO,KAAc,EAAE,CAAC;YACxB,MAAM,CAAC,OAAO,CAAC,0BAA0B,eAAe,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;QACrE,CAAC;QACD,IAAI,CAAC;YACH,MAAM,WAAW,CAAC,QAAQ,EAAE,UAAU,EAAE,SAAS,EAAE,KAAK,EAAE,IAAI,CAAC,CAAC;QAClE,CAAC;QAAC,OAAO,KAAc,EAAE,CAAC;YACxB,MAAM,CAAC,OAAO,CAAC,0BAA0B,eAAe,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;QACrE,CAAC;IACH,CAAC;SAAM,IAAI,SAAS,IAAI,CAAC,KAAK,EAAE,CAAC;QAC/B,MAAM,CAAC,OAAO,CAAC,wBAAwB,YAAY,oBAAoB,CAAC,CAAC;QACzE,MAAM,CAAC,IAAI,CAAC,oEAAoE,CAAC,CAAC;IACpF,CAAC;IAED,kBAAkB;IAClB,MAAM,CAAC,KAAK,CAAC,wBAAwB,CAAC,CAAC;IACvC,OAAO,CAAC,GAAG,EAAE,CAAC;IACd,MAAM,CAAC,OAAO,CAAC,cAAc,QAAQ,EAAE,CAAC,CAAC;IACzC,MAAM,CAAC,OAAO,CAAC,UAAU,YAAY,YAAY,QAAQ,IAAI,YAAY,EAAE,CAAC,CAAC;IAC7E,OAAO,CAAC,GAAG,EAAE,CAAC;IACd,IAAI,KAAK,EAAE,CAAC;QACV,MAAM,CAAC,IAAI,CAAC,GAAG,YAAY,+CAA+C,CAAC,CAAC;QAC5E,IAAI,CAAC,MAAM,IAAI,UAAU,EAAE,CAAC;YAC1B,WAAW,CAAC,UAAU,QAAQ,IAAI,YAAY,EAAE,CAAC,CAAC;QACpD,CAAC;IACH,CAAC;SAAM,CAAC;QACN,MAAM,CAAC,OAAO,CAAC,GAAG,YAAY,sDAAsD,CAAC,CAAC;QACtF,MAAM,CAAC,IAAI,CAAC,mDAAmD,QAAQ,EAAE,CAAC,CAAC;IAC7E,CAAC;IAED,yBAAyB;IACzB,OAAO,CAAC,GAAG,EAAE,CAAC;IACd,MAAM,CAAC,KAAK,CAAC,cAAc,CAAC,CAAC;IAC7B,IAAI,CAAC,SAAS,EAAE,CAAC;QACf,MAAM,CAAC,IAAI,CAAC,0BAA0B,CAAC,CAAC;QACxC,MAAM,CAAC,IAAI,CAAC,+BAA+B,UAAU,EAAE,CAAC,CAAC;QACzD,MAAM,CAAC,IAAI,CAAC,6BAA6B,UAAU,EAAE,CAAC,CAAC;QACvD,OAAO,CAAC,GAAG,EAAE,CAAC;QACd,MAAM,CAAC,IAAI,CAAC,6BAA6B,CAAC,CAAC;QAC3C,MAAM,CAAC,IAAI,CAAC,2BAA2B,UAAU,uBAAuB,CAAC,CAAC;QAC1E,OAAO,CAAC,GAAG,EAAE,CAAC;QACd,MAAM,CAAC,IAAI,CAAC,gCAAgC,CAAC,CAAC;QAC9C,MAAM,CAAC,IAAI,CAAC,uBAAuB,UAAU,EAAE,CAAC,CAAC;QACjD,OAAO,CAAC,GAAG,EAAE,CAAC;QACd,MAAM,CAAC,IAAI,CAAC,8CAA8C,CAAC,CAAC;QAC5D,MAAM,CAAC,IAAI,CAAC,gCAAgC,CAAC,CAAC;IAChD,CAAC;SAAM,CAAC;QACN,MAAM,CAAC,IAAI,CAAC,6BAA6B,CAAC,CAAC;QAC3C,MAAM,CAAC,IAAI,CAAC,2BAA2B,UAAU,uBAAuB,CAAC,CAAC;QAC1E,OAAO,CAAC,GAAG,EAAE,CAAC;QACd,MAAM,CAAC,IAAI,CAAC,gCAAgC,CAAC,CAAC;QAC9C,MAAM,CAAC,IAAI,CAAC,uBAAuB,UAAU,EAAE,CAAC,CAAC;IACnD,CAAC;IACD,OAAO,CAAC,GAAG,EAAE,CAAC;IACd,MAAM,CAAC,IAAI,CAAC,mCAAmC,CAAC,CAAC;IACjD,MAAM,CAAC,IAAI,CAAC,qBAAqB,CAAC,CAAC;IACnC,OAAO,CAAC,GAAG,EAAE,CAAC;IACd,MAAM,CAAC,IAAI,CAAC,wEAAwE,CAAC,CAAC;IACtF,OAAO,CAAC,GAAG,EAAE,CAAC;IACd,MAAM,CAAC,IAAI,CAAC,+CAA+C,CAAC,CAAC;IAC7D,OAAO,CAAC,GAAG,CACT,qFAAqF,CACtF,CAAC;IACF,OAAO,CAAC,GAAG,EAAE,CAAC;IAEd,OAAO;QACL,OAAO,EAAE,IAAI;QACb,IAAI,EAAE,EAAE,QAAQ,EAAE,QAAQ,EAAE,UAAU,EAAE,QAAQ,EAAE;KACnD,CAAC;AACJ,CAAC;AAED,KAAK,UAAU,SAAS,CACtB,cAAsB,EACtB,QAAgB,EAChB,UAAkB,EAClB,QAAgB,EAChB,MAAc,EACd,UAAkB,EAClB,QAA8B,EAC9B,KAAc,EACd,SAAmB,EACnB,MAAgB;IAEhB,MAAM,MAAM,GAAG,CAAC,QAAQ,CAAC;IAEzB,sDAAsD;IACtD,MAAM,UAAU,CAAC;QACf,EAAE,EAAE,QAAQ;QACZ,IAAI,EAAE,UAAU;QAChB,QAAQ,EAAE,cAAc;QACxB,EAAE,EAAE,QAAQ;QACZ,MAAM;QACN,IAAI,EAAE,UAAU;QAChB,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;QACnC,GAAG,CAAC,MAAM;YACR,CAAC,CAAC,EAAE,IAAI,EAAE,MAAe,EAAE;YAC3B,CAAC,CAAC,EAAE,IAAI,EAAE,SAAkB,EAAE,QAAQ,EAAE,CAAC;KAC5C,CAAC,CAAC;IAEH,IAAI,MAAM,EAAE,CAAC;QACX,OAAO,aAAa,CAAC,QAAQ,EAAE,UAAU,EAAE,QAAQ,EAAE,SAAS,CAAC,CAAC;IAClE,CAAC;IACD,OAAO,iBAAiB,CAAC,QAAQ,EAAE,UAAU,EAAE,QAAQ,EAAE,QAAS,EAAE,KAAK,EAAE,SAAS,EAAE,MAAM,CAAC,CAAC;AAChG,CAAC;AAED,wEAAwE;AAExE,MAAM,CAAC,KAAK,UAAU,YAAY,CAChC,cAAsB,EACtB,iBAAgC,EAChC,MAAc,EACd,UAAkB,EAClB,UAAkB,EAClB,SAAmB,EACnB,MAAgB,EAChB,IAAa;IAEb,IAAI,CAAC;QACH,wCAAwC;QACxC,MAAM,SAAS,GAAG,MAAM,sBAAsB,CAAC,iBAAiB,CAAC,CAAC;QAClE,MAAM,MAAM,GAAG,IAAI,KAAK,MAAM,CAAC;QAC/B,MAAM,QAAQ,GAAyB,MAAM,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,IAAI,KAAK,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC;QACzG,MAAM,SAAS,GAAG,QAAQ;YACxB,CAAC,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,YAAY,CAAC,UAAU,CAAC;YAC/C,CAAC,CAAC,gBAAgB,CAAC,UAAU,CAAC,CAAC;QAEjC,oCAAoC;QACpC,MAAM,YAAY,GAAG,MAAM,qBAAqB,CAC9C,iBAAiB,EAAE,UAAU,EAAE,MAAM,EAAE,UAAU,EAAE,SAAS,EAAE,SAAS,EAAE,IAAI,CAC9E,CAAC;QACF,IAAI,CAAC,YAAY,CAAC,OAAO,IAAI,CAAC,YAAY,CAAC,IAAI,EAAE,CAAC;YAChD,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,YAAY,CAAC,KAAK,IAAI,wBAAwB,EAAE,CAAC;QACnF,CAAC;QAED,MAAM,EAAE,EAAE,EAAE,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,WAAW,EAAE,IAAI,EAAE,SAAS,EAAE,GAAG,YAAY,CAAC,IAAI,CAAC;QAEjF,0BAA0B;QAC1B,MAAM,WAAW,GAAG,MAAM,YAAY,CACpC,iBAAiB,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,cAAc,EAAE,QAAQ,CACxD,CAAC;QAEF,mDAAmD;QACnD,OAAO,MAAM,SAAS,CACpB,cAAc,EAAE,EAAE,EAAE,IAAI,EAAE,WAAW,CAAC,EAAE,EAAE,WAAW,EAAE,SAAS,EAChE,QAAQ,EAAE,WAAW,CAAC,KAAK,EAAE,SAAS,EAAE,MAAM,CAC/C,CAAC;IACJ,CAAC;IAAC,OAAO,KAAc,EAAE,CAAC;QACxB,MAAM,CAAC,KAAK,CAAC,sBAAsB,eAAe,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;QAC7D,MAAM,IAAI,GAAG,gBAAgB,CAAC,KAAK,EAAE,cAAc,CAAC,CAAC;QACrD,IAAI,IAAI,EAAE,CAAC;YACT,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACpB,CAAC;QACD,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,sBAAsB,eAAe,CAAC,KAAK,CAAC,EAAE,EAAE,IAAI,EAAE,IAAI,IAAI,SAAS,EAAE,CAAC;IAC5G,CAAC;AACH,CAAC"}
+{"version":3,"file":"deploy.js","sourceRoot":"","sources":["../../src/core/deploy.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,YAAY,EAAE,MAAM,mBAAmB,CAAC;AAEjD,OAAO,EAAE,gBAAgB,EAAE,MAAM,uBAAuB,CAAC;AACzD,OAAO,EAAE,UAAU,EAAE,MAAM,wBAAwB,CAAC;AACpD,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAC;AACrE,OAAO,EAAE,eAAe,EAAE,gBAAgB,EAAE,MAAM,yBAAyB,CAAC;AAC5E,OAAO,EAAE,WAAW,EAAE,MAAM,yBAAyB,CAAC;AACtD,OAAO,EAAE,aAAa,EAAE,kBAAkB,EAAE,OAAO,EAAE,MAAM,iBAAiB,CAAC;AAC7E,OAAO,EAAE,GAAG,EAAE,MAAM,wBAAwB,CAAC;AAC7C,OAAO,EAAE,eAAe,EAAE,cAAc,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAC;AACpF,OAAO,EAAE,UAAU,EAAE,MAAM,oBAAoB,CAAC;AAChD,OAAO,EAAE,cAAc,EAAE,MAAM,yBAAyB,CAAC;AACzD,OAAO,EACL,WAAW,EACX,mBAAmB,EACnB,iBAAiB,EACjB,mBAAmB,GACpB,MAAM,qBAAqB,CAAC;AAC7B,OAAO,EAAE,aAAa,EAAE,MAAM,eAAe,CAAC;AAC9C,OAAO,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAC1C,OAAO,EAAE,OAAO,EAAE,gBAAgB,EAAE,YAAY,EAAE,YAAY,EAAE,oBAAoB,EAAE,aAAa,EAAE,MAAM,iBAAiB,CAAC;AAE7H,iEAAiE;AACjE,SAAS,iBAAiB,CAAC,EAAU;IACnC,OAAO,EAAE,KAAK,SAAS,IAAI,EAAE,KAAK,SAAS,IAAI,EAAE,KAAK,EAAE,CAAC;AAC3D,CAAC;AAUD,MAAM,CAAC,KAAK,UAAU,sBAAsB,CAAC,QAAuB;IAClE,IAAI,SAAS,GAAG,eAAe,EAAE,CAAC;IAClC,IAAI,CAAC,SAAS,EAAE,CAAC;QACf,MAAM,CAAC,IAAI,CAAC,qCAAqC,CAAC,CAAC;QACnD,SAAS,GAAG,cAAc,EAAE,CAAC;QAC7B,IAAI,SAAS,EAAE,CAAC;YACd,MAAM,CAAC,OAAO,CAAC,uCAAuC,CAAC,CAAC;QAC1D,CAAC;aAAM,CAAC;YACN,MAAM,CAAC,OAAO,CAAC,4DAA4D,CAAC,CAAC;YAC7E,MAAM,CAAC,IAAI,CAAC,wDAAwD,CAAC,CAAC;YACtE,MAAM,CAAC,OAAO,CAAC,kEAAkE,CAAC,CAAC;YACnF,OAAO,EAAE,CAAC;QACZ,CAAC;IACH,CAAC;IAED,MAAM,OAAO,GAAG,aAAa,CAAC,kCAAkC,CAAC,CAAC;IAClE,OAAO,CAAC,KAAK,EAAE,CAAC;IAChB,IAAI,CAAC;QACH,MAAM,KAAK,GAAG,MAAM,QAAQ,CAAC,YAAY,CAAC,aAAa,EAAE,EAAE,SAAS,CAAC,CAAC;QACtE,OAAO,CAAC,OAAO,CAAC,iDAAiD,CAAC,CAAC;QACnE,OAAO,CAAC,KAAK,CAAC,CAAC;IACjB,CAAC;IAAC,OAAO,KAAc,EAAE,CAAC;QACxB,OAAO,CAAC,IAAI,CAAC,uDAAuD,CAAC,CAAC;QACtE,MAAM,CAAC,OAAO,CAAC,eAAe,CAAC,KAAK,CAAC,CAAC,CAAC;QACvC,MAAM,CAAC,OAAO,CAAC,kEAAkE,CAAC,CAAC;QACnF,OAAO,EAAE,CAAC;IACZ,CAAC;AACH,CAAC;AAED,wEAAwE;AAExE,KAAK,UAAU,qBAAqB,CAClC,iBAAgC,EAChC,UAAkB,EAClB,MAAc,EACd,UAAkB,EAClB,SAAiB,EACjB,SAAmB,EACnB,IAAa;IAEb,IAAI,WAAW,GAAG,UAAU,CAAC;IAC7B,IAAI,aAAa,GAAG,MAAM,CAAC;IAC3B,IAAI,WAAW,GAAG,UAAU,CAAC;IAC7B,IAAI,MAA8D,CAAC;IACnE,IAAI,OAAO,GAAG,CAAC,CAAC;IAChB,MAAM,UAAU,GAAG,CAAC,CAAC;IACrB,MAAM,WAAW,GAAa,EAAE,CAAC;IACjC,MAAM,eAAe,GAAa,EAAE,CAAC;IAErC,OAAO,CAAC,MAAM,IAAI,OAAO,IAAI,UAAU,EAAE,CAAC;QACxC,MAAM,aAAa,GAAG,aAAa,CAAC,wBAAwB,CAAC,CAAC;QAC9D,aAAa,CAAC,KAAK,EAAE,CAAC;QAEtB,IAAI,CAAC;YACH,MAAM,GAAG,MAAM,iBAAiB,CAAC,YAAY,CAAC;gBAC5C,IAAI,EAAE,WAAW;gBACjB,MAAM,EAAE,aAAa;gBACrB,IAAI,EAAE,WAAW;gBACjB,SAAS;gBACT,SAAS;aACV,CAAC,CAAC;YACH,aAAa,CAAC,OAAO,CAAC,uBAAuB,MAAM,CAAC,EAAE,GAAG,CAAC,CAAC;QAC7D,CAAC;QAAC,OAAO,WAAoB,EAAE,CAAC;YAC9B,aAAa,CAAC,IAAI,CAAC,wBAAwB,CAAC,CAAC;YAC7C,MAAM,QAAQ,GAAG,eAAe,CAAC,WAAW,CAAC,CAAC;YAE9C,IAAI,QAAQ,CAAC,QAAQ,CAAC,SAAS,CAAC,IAAI,QAAQ,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;gBAC9D,MAAM,CAAC,OAAO,CAAC,gBAAgB,WAAW,qBAAqB,CAAC,CAAC;gBACjE,MAAM,CAAC,IAAI,CAAC,iCAAiC,CAAC,CAAC;gBAC/C,IAAI,OAAO,GAAG,WAAW,CAAC;gBAC1B,OAAO,OAAO,KAAK,WAAW,EAAE,CAAC;oBAC/B,OAAO,GAAG,MAAM,mBAAmB,CAAC,IAAI,CAAC,CAAC;gBAC5C,CAAC;gBACD,WAAW,GAAG,OAAO,CAAC;gBACtB,OAAO,EAAE,CAAC;YACZ,CAAC;iBAAM,IAAI,QAAQ,CAAC,QAAQ,CAAC,mBAAmB,CAAC,EAAE,CAAC;gBAClD,eAAe,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;gBACpC,MAAM,CAAC,OAAO,CAAC,aAAa,aAAa,yCAAyC,CAAC,CAAC;gBACpF,MAAM,CAAC,IAAI,CAAC,mDAAmD,CAAC,CAAC;gBACjE,IAAI,UAAU,GAAG,KAAK,CAAC;gBACvB,OAAO,CAAC,UAAU,EAAE,CAAC;oBACnB,IAAI,SAAS,GAAG,WAAW,CAAC;oBAC5B,OAAO,SAAS,KAAK,WAAW,EAAE,CAAC;wBACjC,SAAS,GAAG,MAAM,iBAAiB,CAAC,iBAAiB,EAAE,eAAe,CAAC,CAAC;oBAC1E,CAAC;oBACD,aAAa,GAAG,SAAS,CAAC;oBAC1B,MAAM,OAAO,GAAG,MAAM,mBAAmB,CAAC,iBAAiB,EAAE,aAAa,EAAE,EAAE,EAAE,YAAY,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC;oBACvH,IAAI,OAAO,KAAK,WAAW;wBAAE,SAAS;oBACtC,WAAW,GAAG,OAAO,CAAC;oBACtB,UAAU,GAAG,IAAI,CAAC;gBACpB,CAAC;gBACD,OAAO,EAAE,CAAC;YACZ,CAAC;iBAAM,IACL,QAAQ,CAAC,QAAQ,CAAC,aAAa,CAAC;gBAChC,QAAQ,CAAC,QAAQ,CAAC,eAAe,CAAC;gBAClC,QAAQ,CAAC,QAAQ,CAAC,UAAU,CAAC;gBAC7B,QAAQ,CAAC,QAAQ,CAAC,aAAa,CAAC,EAChC,CAAC;gBACD,IAAI,OAAO,GAAG,UAAU,EAAE,CAAC;oBACzB,WAAW,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;oBAC9B,MAAM,CAAC,OAAO,CAAC,gBAAgB,WAAW,qCAAqC,CAAC,CAAC;oBACjF,MAAM,CAAC,IAAI,CAAC,wCAAwC,CAAC,CAAC;oBACtD,IAAI,OAAO,GAAG,WAAW,CAAC;oBAC1B,OAAO,OAAO,KAAK,WAAW,EAAE,CAAC;wBAC/B,OAAO,GAAG,MAAM,mBAAmB,CAAC,iBAAiB,EAAE,aAAa,EAAE,WAAW,EAAE,YAAY,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC;oBAC5H,CAAC;oBACD,WAAW,GAAG,OAAO,CAAC;oBACtB,OAAO,EAAE,CAAC;gBACZ,CAAC;qBAAM,CAAC;oBACN,MAAM,WAAW,CAAC;gBACpB,CAAC;YACH,CAAC;iBAAM,CAAC;gBACN,MAAM,WAAW,CAAC;YACpB,CAAC;QACH,CAAC;IACH,CAAC;IAED,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,MAAM,CAAC,KAAK,CAAC,iDAAiD,CAAC,CAAC;QAChE,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,iDAAiD,EAAE,CAAC;IACtF,CAAC;IAED,OAAO;QACL,OAAO,EAAE,IAAI;QACb,IAAI,EAAE,EAAE,EAAE,EAAE,MAAM,CAAC,EAAE,EAAE,EAAE,EAAE,MAAM,CAAC,EAAE,EAAE,IAAI,EAAE,WAAW,EAAE,MAAM,EAAE,aAAa,EAAE,IAAI,EAAE,WAAW,EAAE;KACpG,CAAC;AACJ,CAAC;AAED,wEAAwE;AAExE,KAAK,UAAU,YAAY,CACzB,iBAAgC,EAChC,MAAkC,EAClC,cAAsB,EACtB,QAA8B;IAE9B,gCAAgC;IAChC,MAAM,aAAa,GAAG,aAAa,CAAC,+BAA+B,CAAC,CAAC;IACrE,aAAa,CAAC,KAAK,EAAE,CAAC;IAEtB,IAAI,MAAM,GAAG,MAAM,iBAAiB,CAAC,eAAe,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;IAChE,IAAI,QAAQ,GAAG,CAAC,CAAC;IACjB,MAAM,WAAW,GAAG,EAAE,CAAC;IAEvB,OAAO,MAAM,KAAK,SAAS,IAAI,QAAQ,GAAG,WAAW,EAAE,CAAC;QACtD,MAAM,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,UAAU,CAAC,OAAO,EAAE,oBAAoB,CAAC,CAAC,CAAC;QAC1E,MAAM,GAAG,MAAM,iBAAiB,CAAC,eAAe,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;QAC5D,QAAQ,EAAE,CAAC;IACb,CAAC;IAED,IAAI,MAAM,KAAK,SAAS,EAAE,CAAC;QACzB,aAAa,CAAC,IAAI,CAAC,wBAAwB,CAAC,CAAC;QAC7C,MAAM,CAAC,KAAK,CAAC,4CAA4C,CAAC,CAAC;QAC3D,OAAO,EAAE,EAAE,EAAE,MAAM,CAAC,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,CAAC;IACzC,CAAC;IAED,aAAa,CAAC,OAAO,CAAC,mBAAmB,CAAC,CAAC;IAE3C,IAAI,SAAS,GAAG,MAAM,CAAC,EAAE,CAAC;IAE1B,gFAAgF;IAChF,IAAI,CAAC,iBAAiB,CAAC,SAAS,CAAC,EAAE,CAAC;QAClC,MAAM,QAAQ,GAAG,OAAO,CAAC,cAAc,CAAC,IAAI,EAAE,QAAQ,EAAE,EAAE,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;QAC7E,MAAM,SAAS,GAAG,aAAa,CAAC,sCAAsC,CAAC,CAAC;QACxE,SAAS,CAAC,KAAK,EAAE,CAAC;QAClB,IAAI,eAAe,GAAG,CAAC,CAAC;QACxB,OAAO,eAAe,GAAG,QAAQ,CAAC,QAAQ,EAAE,CAAC;YAC3C,MAAM,OAAO,GAAG,MAAM,iBAAiB,CAAC,gBAAgB,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;YACpE,IAAI,OAAO,CAAC,EAAE,IAAI,iBAAiB,CAAC,OAAO,CAAC,EAAE,CAAC,EAAE,CAAC;gBAChD,IAAI,CAAC;oBACH,aAAa,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC;oBAC1B,SAAS,GAAG,OAAO,CAAC,EAAE,CAAC;oBACvB,MAAM;gBACR,CAAC;gBAAC,OAAO,KAAK,EAAE,CAAC;oBACf,8CAA8C;oBAC9C,QAAQ,EAAE,CAAC,qCAAqC,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,CAAC,CAAC;gBACtE,CAAC;YACH,CAAC;YACD,eAAe,EAAE,CAAC;YAClB,MAAM,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,UAAU,CAAC,OAAO,EAAE,QAAQ,CAAC,QAAQ,CAAC,CAAC,CAAC;QACzE,CAAC;QACD,IAAI,CAAC,iBAAiB,CAAC,SAAS,CAAC,EAAE,CAAC;YAClC,SAAS,CAAC,IAAI,CAAC,oCAAoC,CAAC,CAAC;YACrD,MAAM,CAAC,OAAO,CAAC,qDAAqD,CAAC,CAAC;YACtE,MAAM,CAAC,IAAI,CAAC,uCAAuC,MAAM,CAAC,EAAE,EAAE,CAAC,CAAC;QAClE,CAAC;aAAM,CAAC;YACN,SAAS,CAAC,OAAO,CAAC,wBAAwB,SAAS,EAAE,CAAC,CAAC;QACzD,CAAC;IACH,CAAC;IAED,gFAAgF;IAChF,MAAM,MAAM,GAAG,CAAC,QAAQ,CAAC;IACzB,MAAM,UAAU,GAAG,SAAS,KAAK,SAAS,IAAI,SAAS,KAAK,SAAS,IAAI,SAAS,KAAK,EAAE,CAAC;IAC1F,MAAM,OAAO,GAAG,gBAAgB,CAAC,cAAc,CAAC,IAAI,KAAK,CAAC;IAC1D,MAAM,YAAY,GAAG,QAAQ,KAAK,SAAS,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,YAAY,CAAC;IAC1E,MAAM,KAAK,GAAG,CAAC,MAAM,IAAI,UAAU,CAAC,CAAC,CAAC,MAAM,cAAc,CAAC,SAAS,EAAE,OAAO,EAAE,aAAa,EAAE,EAAE,EAAE,YAAY,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC;IAExH,OAAO,EAAE,EAAE,EAAE,SAAS,EAAE,KAAK,EAAE,CAAC;AAClC,CAAC;AAED,wEAAwE;AAExE,KAAK,UAAU,aAAa,CAC1B,QAAgB,EAChB,UAAkB,EAClB,QAAgB,EAChB,SAAmB;IAEnB,MAAM,UAAU,GAAG,iBAAiB,CAAC,QAAQ,CAAC,CAAC;IAE/C,8CAA8C;IAC9C,IAAI,UAAU,EAAE,CAAC;QACf,wEAAwE;QACxE,kBAAkB,CAAC,QAAQ,CAAC,CAAC;QAE7B,MAAM,gBAAgB,GAAG,aAAa,CAAC,qCAAqC,CAAC,CAAC;QAC9E,gBAAgB,CAAC,KAAK,EAAE,CAAC;QAEzB,2FAA2F;QAC3F,IAAI,QAAQ,GAAG,KAAK,CAAC;QACrB,KAAK,IAAI,OAAO,GAAG,CAAC,EAAE,OAAO,IAAI,EAAE,EAAE,OAAO,EAAE,EAAE,CAAC;YAC/C,IAAI,CAAC;gBACH,MAAM,OAAO,CAAC,QAAQ,EAAE,GAAG,CAAC,SAAS,CAAC,CAAC,CAAC;gBACxC,QAAQ,GAAG,IAAI,CAAC;gBAChB,MAAM;YACR,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,gBAAgB,CAAC,IAAI,GAAG,gDAAgD,OAAO,MAAM,CAAC;gBACtF,QAAQ,EAAE,CAAC,iCAAiC,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,CAAC,CAAC;gBAChE,MAAM,IAAI,OAAO,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,UAAU,CAAC,CAAC,EAAE,aAAa,CAAC,CAAC,CAAC;YACzD,CAAC;QACH,CAAC;QAED,IAAI,QAAQ,EAAE,CAAC;YACb,wCAAwC;YACxC,gBAAgB,CAAC,IAAI,GAAG,iDAAiD,CAAC;YAC1E,IAAI,CAAC;gBACH,MAAM,QAAQ,GAAG,MAAM,OAAO,CAAC,QAAQ,EAAE,GAAG,CAAC,0BAA0B,CAAC,CAAC,CAAC;gBAC1E,IAAI,QAAQ,CAAC,IAAI,KAAK,CAAC,EAAE,CAAC;oBACxB,gBAAgB,CAAC,OAAO,CAAC,sBAAsB,CAAC,CAAC;gBACnD,CAAC;qBAAM,CAAC;oBACN,gBAAgB,CAAC,IAAI,CAAC,sDAAsD,CAAC,CAAC;gBAChF,CAAC;YACH,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,gBAAgB,CAAC,IAAI,CAAC,uDAAuD,CAAC,CAAC;gBAC/E,QAAQ,EAAE,CAAC,gCAAgC,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,CAAC,CAAC;YACjE,CAAC;QACH,CAAC;aAAM,CAAC;YACN,gBAAgB,CAAC,IAAI,CAAC,mDAAmD,CAAC,CAAC;QAC7E,CAAC;IACH,CAAC;IAED,wCAAwC;IACxC,IAAI,SAAS,IAAI,UAAU,EAAE,CAAC;QAC5B,MAAM,CAAC,KAAK,CAAC,6CAA6C,CAAC,CAAC;QAC5D,IAAI,CAAC;YACH,MAAM,aAAa,CAAC,QAAQ,EAAE,UAAU,EAAE,KAAK,EAAE,IAAI,CAAC,CAAC;QACzD,CAAC;QAAC,OAAO,KAAc,EAAE,CAAC;YACxB,MAAM,CAAC,OAAO,CAAC,0BAA0B,eAAe,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;QACrE,CAAC;QACD,IAAI,CAAC;YACH,MAAM,WAAW,CAAC,QAAQ,EAAE,UAAU,EAAE,SAAS,EAAE,KAAK,EAAE,IAAI,CAAC,CAAC;QAClE,CAAC;QAAC,OAAO,KAAc,EAAE,CAAC;YACxB,MAAM,CAAC,OAAO,CAAC,0BAA0B,eAAe,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;QACrE,CAAC;IACH,CAAC;SAAM,IAAI,SAAS,IAAI,CAAC,UAAU,EAAE,CAAC;QACpC,MAAM,CAAC,OAAO,CAAC,+CAA+C,CAAC,CAAC;IAClE,CAAC;IAED,wBAAwB;IACxB,MAAM,CAAC,KAAK,CAAC,oBAAoB,CAAC,CAAC;IACnC,OAAO,CAAC,GAAG,EAAE,CAAC;IACd,MAAM,CAAC,OAAO,CAAC,oBAAoB,CAAC,CAAC;IACrC,MAAM,CAAC,IAAI,CAAC,iBAAiB,QAAQ,EAAE,CAAC,CAAC;IACzC,MAAM,CAAC,IAAI,CAAC,OAAO,QAAQ,EAAE,CAAC,CAAC;IAC/B,MAAM,CAAC,IAAI,CAAC,oCAAoC,CAAC,CAAC;IAClD,OAAO,CAAC,GAAG,EAAE,CAAC;IACd,IAAI,CAAC,SAAS,EAAE,CAAC;QACf,MAAM,CAAC,IAAI,CAAC,uBAAuB,CAAC,CAAC;QACrC,MAAM,CAAC,IAAI,CAAC,+BAA+B,UAAU,EAAE,CAAC,CAAC;QACzD,MAAM,CAAC,IAAI,CAAC,6BAA6B,UAAU,EAAE,CAAC,CAAC;QACvD,OAAO,CAAC,GAAG,EAAE,CAAC;IAChB,CAAC;IACD,MAAM,CAAC,IAAI,CAAC,wEAAwE,CAAC,CAAC;IACtF,OAAO,CAAC,GAAG,EAAE,CAAC;IACd,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,EAAE,QAAQ,EAAE,QAAQ,EAAE,UAAU,EAAE,EAAE,CAAC;AACrE,CAAC;AAED,KAAK,UAAU,iBAAiB,CAC9B,QAAgB,EAChB,UAAkB,EAClB,QAAgB,EAChB,QAAkB,EAClB,KAAc,EACd,SAAmB,EACnB,MAAgB;IAEhB,MAAM,UAAU,GAAG,iBAAiB,CAAC,QAAQ,CAAC,CAAC;IAC/C,MAAM,YAAY,GAAG,QAAQ,KAAK,SAAS,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,YAAY,CAAC;IAC1E,MAAM,YAAY,GAAG,QAAQ,KAAK,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC;IAEpE,sDAAsD;IACtD,IAAI,SAAS,IAAI,KAAK,EAAE,CAAC;QACvB,4DAA4D;QAC5D,kBAAkB,CAAC,QAAQ,CAAC,CAAC;QAE7B,MAAM,CAAC,KAAK,CAAC,6CAA6C,CAAC,CAAC;QAC5D,IAAI,CAAC;YACH,MAAM,aAAa,CAAC,QAAQ,EAAE,UAAU,EAAE,KAAK,CAAC,CAAC;QACnD,CAAC;QAAC,OAAO,KAAc,EAAE,CAAC;YACxB,MAAM,CAAC,OAAO,CAAC,0BAA0B,eAAe,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;QACrE,CAAC;QACD,IAAI,CAAC;YACH,MAAM,WAAW,CAAC,QAAQ,EAAE,UAAU,EAAE,SAAS,EAAE,KAAK,EAAE,IAAI,CAAC,CAAC;QAClE,CAAC;QAAC,OAAO,KAAc,EAAE,CAAC;YACxB,MAAM,CAAC,OAAO,CAAC,0BAA0B,eAAe,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;QACrE,CAAC;IACH,CAAC;SAAM,IAAI,SAAS,IAAI,CAAC,KAAK,EAAE,CAAC;QAC/B,MAAM,CAAC,OAAO,CAAC,wBAAwB,YAAY,oBAAoB,CAAC,CAAC;QACzE,MAAM,CAAC,IAAI,CAAC,oEAAoE,CAAC,CAAC;IACpF,CAAC;IAED,kBAAkB;IAClB,MAAM,CAAC,KAAK,CAAC,wBAAwB,CAAC,CAAC;IACvC,OAAO,CAAC,GAAG,EAAE,CAAC;IACd,MAAM,CAAC,OAAO,CAAC,cAAc,QAAQ,EAAE,CAAC,CAAC;IACzC,MAAM,CAAC,OAAO,CAAC,UAAU,YAAY,YAAY,QAAQ,IAAI,YAAY,EAAE,CAAC,CAAC;IAC7E,OAAO,CAAC,GAAG,EAAE,CAAC;IACd,IAAI,KAAK,EAAE,CAAC;QACV,MAAM,CAAC,IAAI,CAAC,GAAG,YAAY,+CAA+C,CAAC,CAAC;QAC5E,IAAI,CAAC,MAAM,IAAI,UAAU,EAAE,CAAC;YAC1B,WAAW,CAAC,UAAU,QAAQ,IAAI,YAAY,EAAE,CAAC,CAAC;QACpD,CAAC;IACH,CAAC;SAAM,CAAC;QACN,MAAM,CAAC,OAAO,CAAC,GAAG,YAAY,sDAAsD,CAAC,CAAC;QACtF,MAAM,CAAC,IAAI,CAAC,mDAAmD,QAAQ,EAAE,CAAC,CAAC;IAC7E,CAAC;IAED,yBAAyB;IACzB,OAAO,CAAC,GAAG,EAAE,CAAC;IACd,MAAM,CAAC,KAAK,CAAC,cAAc,CAAC,CAAC;IAC7B,IAAI,CAAC,SAAS,EAAE,CAAC;QACf,MAAM,CAAC,IAAI,CAAC,0BAA0B,CAAC,CAAC;QACxC,MAAM,CAAC,IAAI,CAAC,+BAA+B,UAAU,EAAE,CAAC,CAAC;QACzD,MAAM,CAAC,IAAI,CAAC,6BAA6B,UAAU,EAAE,CAAC,CAAC;QACvD,OAAO,CAAC,GAAG,EAAE,CAAC;QACd,MAAM,CAAC,IAAI,CAAC,6BAA6B,CAAC,CAAC;QAC3C,MAAM,CAAC,IAAI,CAAC,2BAA2B,UAAU,uBAAuB,CAAC,CAAC;QAC1E,OAAO,CAAC,GAAG,EAAE,CAAC;QACd,MAAM,CAAC,IAAI,CAAC,gCAAgC,CAAC,CAAC;QAC9C,MAAM,CAAC,IAAI,CAAC,uBAAuB,UAAU,EAAE,CAAC,CAAC;QACjD,OAAO,CAAC,GAAG,EAAE,CAAC;QACd,MAAM,CAAC,IAAI,CAAC,8CAA8C,CAAC,CAAC;QAC5D,MAAM,CAAC,IAAI,CAAC,gCAAgC,CAAC,CAAC;IAChD,CAAC;SAAM,CAAC;QACN,MAAM,CAAC,IAAI,CAAC,6BAA6B,CAAC,CAAC;QAC3C,MAAM,CAAC,IAAI,CAAC,2BAA2B,UAAU,uBAAuB,CAAC,CAAC;QAC1E,OAAO,CAAC,GAAG,EAAE,CAAC;QACd,MAAM,CAAC,IAAI,CAAC,gCAAgC,CAAC,CAAC;QAC9C,MAAM,CAAC,IAAI,CAAC,uBAAuB,UAAU,EAAE,CAAC,CAAC;IACnD,CAAC;IACD,OAAO,CAAC,GAAG,EAAE,CAAC;IACd,MAAM,CAAC,IAAI,CAAC,mCAAmC,CAAC,CAAC;IACjD,MAAM,CAAC,IAAI,CAAC,qBAAqB,CAAC,CAAC;IACnC,OAAO,CAAC,GAAG,EAAE,CAAC;IACd,MAAM,CAAC,IAAI,CAAC,wEAAwE,CAAC,CAAC;IACtF,OAAO,CAAC,GAAG,EAAE,CAAC;IACd,MAAM,CAAC,IAAI,CAAC,+CAA+C,CAAC,CAAC;IAC7D,OAAO,CAAC,GAAG,CACT,qFAAqF,CACtF,CAAC;IACF,OAAO,CAAC,GAAG,EAAE,CAAC;IAEd,OAAO;QACL,OAAO,EAAE,IAAI;QACb,IAAI,EAAE,EAAE,QAAQ,EAAE,QAAQ,EAAE,UAAU,EAAE,QAAQ,EAAE;KACnD,CAAC;AACJ,CAAC;AAED,KAAK,UAAU,SAAS,CACtB,cAAsB,EACtB,QAAgB,EAChB,UAAkB,EAClB,QAAgB,EAChB,MAAc,EACd,UAAkB,EAClB,QAA8B,EAC9B,KAAc,EACd,SAAmB,EACnB,MAAgB;IAEhB,MAAM,MAAM,GAAG,CAAC,QAAQ,CAAC;IAEzB,sDAAsD;IACtD,MAAM,UAAU,CAAC;QACf,EAAE,EAAE,QAAQ;QACZ,IAAI,EAAE,UAAU;QAChB,QAAQ,EAAE,cAAc;QACxB,EAAE,EAAE,QAAQ;QACZ,MAAM;QACN,IAAI,EAAE,UAAU;QAChB,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;QACnC,GAAG,CAAC,MAAM;YACR,CAAC,CAAC,EAAE,IAAI,EAAE,MAAe,EAAE;YAC3B,CAAC,CAAC,EAAE,IAAI,EAAE,SAAkB,EAAE,QAAQ,EAAE,CAAC;KAC5C,CAAC,CAAC;IAEH,IAAI,MAAM,EAAE,CAAC;QACX,OAAO,aAAa,CAAC,QAAQ,EAAE,UAAU,EAAE,QAAQ,EAAE,SAAS,CAAC,CAAC;IAClE,CAAC;IACD,OAAO,iBAAiB,CAAC,QAAQ,EAAE,UAAU,EAAE,QAAQ,EAAE,QAAS,EAAE,KAAK,EAAE,SAAS,EAAE,MAAM,CAAC,CAAC;AAChG,CAAC;AAED,wEAAwE;AAExE,MAAM,CAAC,KAAK,UAAU,YAAY,CAChC,cAAsB,EACtB,iBAAgC,EAChC,MAAc,EACd,UAAkB,EAClB,UAAkB,EAClB,SAAmB,EACnB,MAAgB,EAChB,IAAa;IAEb,IAAI,CAAC;QACH,wCAAwC;QACxC,MAAM,SAAS,GAAG,MAAM,sBAAsB,CAAC,iBAAiB,CAAC,CAAC;QAClE,MAAM,MAAM,GAAG,IAAI,KAAK,MAAM,CAAC;QAC/B,MAAM,QAAQ,GAAyB,MAAM,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,IAAI,KAAK,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC;QACzG,MAAM,SAAS,GAAG,QAAQ;YACxB,CAAC,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,YAAY,CAAC,UAAU,CAAC;YAC/C,CAAC,CAAC,gBAAgB,CAAC,UAAU,CAAC,CAAC;QAEjC,oCAAoC;QACpC,MAAM,YAAY,GAAG,MAAM,qBAAqB,CAC9C,iBAAiB,EAAE,UAAU,EAAE,MAAM,EAAE,UAAU,EAAE,SAAS,EAAE,SAAS,EAAE,IAAI,CAC9E,CAAC;QACF,IAAI,CAAC,YAAY,CAAC,OAAO,IAAI,CAAC,YAAY,CAAC,IAAI,EAAE,CAAC;YAChD,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,YAAY,CAAC,KAAK,IAAI,wBAAwB,EAAE,CAAC;QACnF,CAAC;QAED,MAAM,EAAE,EAAE,EAAE,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,WAAW,EAAE,IAAI,EAAE,SAAS,EAAE,GAAG,YAAY,CAAC,IAAI,CAAC;QAEjF,0BAA0B;QAC1B,MAAM,WAAW,GAAG,MAAM,YAAY,CACpC,iBAAiB,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,cAAc,EAAE,QAAQ,CACxD,CAAC;QAEF,mDAAmD;QACnD,OAAO,MAAM,SAAS,CACpB,cAAc,EAAE,EAAE,EAAE,IAAI,EAAE,WAAW,CAAC,EAAE,EAAE,WAAW,EAAE,SAAS,EAChE,QAAQ,EAAE,WAAW,CAAC,KAAK,EAAE,SAAS,EAAE,MAAM,CAC/C,CAAC;IACJ,CAAC;IAAC,OAAO,KAAc,EAAE,CAAC;QACxB,MAAM,CAAC,KAAK,CAAC,sBAAsB,eAAe,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;QAC7D,MAAM,IAAI,GAAG,gBAAgB,CAAC,KAAK,EAAE,cAAc,CAAC,CAAC;QACrD,IAAI,IAAI,EAAE,CAAC;YACT,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACpB,CAAC;QACD,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,sBAAsB,eAAe,CAAC,KAAK,CAAC,EAAE,EAAE,IAAI,EAAE,IAAI,IAAI,SAAS,EAAE,CAAC;IAC5G,CAAC;AACH,CAAC"}

package/dist/core/lock/auth.d.ts

@@ -0,0 +1,7 @@
+import { type SshCommand } from "../../utils/sshCommand.js";
+export declare function buildAccountLockCommand(): SshCommand;
+export declare function buildPwqualityCommand(): SshCommand;
+export declare function buildLoginDefsCommand(): SshCommand;
+export declare function buildFaillockCommand(): SshCommand;
+export declare function buildSudoHardeningCommand(): SshCommand;
+//# sourceMappingURL=auth.d.ts.map

package/dist/core/lock/auth.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth.d.ts","sourceRoot":"","sources":["../../../src/core/lock/auth.ts"],"names":[],"mappings":"AAAA,OAAO,EAAO,KAAK,UAAU,EAAE,MAAM,2BAA2B,CAAC;AAEjE,wBAAgB,uBAAuB,IAAI,UAAU,CAUpD;AAED,wBAAgB,qBAAqB,IAAI,UAAU,CAiBlD;AAED,wBAAgB,qBAAqB,IAAI,UAAU,CAalD;AAED,wBAAgB,oBAAoB,IAAI,UAAU,CAiBjD;AAED,wBAAgB,yBAAyB,IAAI,UAAU,CAUtD"}

package/dist/core/lock/auth.js

@@ -0,0 +1,59 @@
+import { raw } from "../../utils/sshCommand.js";
+export function buildAccountLockCommand() {
+    return raw([
+        "for user in $(awk -F: '($3 >= 1000 && $3 < 65534 && ($7 == \"/bin/bash\" || $7 == \"/bin/sh\")) {print $1}' /etc/passwd); do",
+        "  if ! who | grep -q \"^$user \"; then",
+        "    passwd -l $user 2>/dev/null || true",
+        "  fi",
+        "done",
+    ].join(" "));
+}
+export function buildPwqualityCommand() {
+    const conf = [
+        "minlen = 14",
+        "dcredit = -1",
+        "ucredit = -1",
+        "lcredit = -1",
+        "ocredit = -1",
+        "maxrepeat = 3",
+    ].join("\\n");
+    return raw([
+        "apt-cache show libpam-pwquality >/dev/null 2>&1 || { echo 'WARN: libpam-pwquality not available, skipping'; exit 0; }",
+        "DEBIAN_FRONTEND=noninteractive apt-get install -y libpam-pwquality",
+        `printf '${conf}\\n' > /etc/security/pwquality.conf`,
+    ].join(" && "));
+}
+export function buildLoginDefsCommand() {
+    const entries = [
+        ["PASS_MIN_DAYS", "1", "/etc/login.defs"],
+        ["PASS_WARN_AGE", "7", "/etc/login.defs"],
+        ["ENCRYPT_METHOD", "SHA512", "/etc/login.defs"],
+        ["UMASK", "027", "/etc/login.defs"],
+    ];
+    const lines = entries.map(([key, val, file]) => `grep -qE '^${key}' ${file} && sed -i 's/^${key}.*/${key} ${val}/' ${file} || echo '${key} ${val}' >> ${file}`);
+    const useradd = `grep -qE '^INACTIVE' /etc/default/useradd && sed -i 's/^INACTIVE.*/INACTIVE=30/' /etc/default/useradd || echo 'INACTIVE=30' >> /etc/default/useradd`;
+    return raw([...lines, useradd].join(" && "));
+}
+export function buildFaillockCommand() {
+    const directives = [
+        ["deny", "5"],
+        ["unlock_time", "900"],
+        ["fail_interval", "900"],
+    ];
+    const lines = directives.map(([key, val]) => `grep -qE '^${key}' /etc/security/faillock.conf 2>/dev/null && sed -i 's/^${key}.*/${key} = ${val}/' /etc/security/faillock.conf || echo '${key} = ${val}' >> /etc/security/faillock.conf`);
+    return raw([
+        "mkdir -p /etc/security",
+        ...lines,
+        "pam-auth-update --enable faillock 2>/dev/null || true",
+    ].join(" && "));
+}
+export function buildSudoHardeningCommand() {
+    return raw([
+        "mkdir -p /etc/sudoers.d",
+        `grep -qr 'log_output\\|syslog' /etc/sudoers /etc/sudoers.d/ 2>/dev/null || echo 'Defaults log_output' > /etc/sudoers.d/kastell-logging`,
+        "chmod 440 /etc/sudoers.d/kastell-logging 2>/dev/null || true",
+        `grep -qr 'requiretty' /etc/sudoers /etc/sudoers.d/ 2>/dev/null || echo 'Defaults requiretty' > /etc/sudoers.d/kastell-requiretty`,
+        "chmod 440 /etc/sudoers.d/kastell-requiretty 2>/dev/null || true",
+    ].join(" && "));
+}
+//# sourceMappingURL=auth.js.map

package/dist/core/lock/auth.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth.js","sourceRoot":"","sources":["../../../src/core/lock/auth.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,GAAG,EAAmB,MAAM,2BAA2B,CAAC;AAEjE,MAAM,UAAU,uBAAuB;IACrC,OAAO,GAAG,CACR;QACE,8HAA8H;QAC9H,wCAAwC;QACxC,yCAAyC;QACzC,MAAM;QACN,MAAM;KACP,CAAC,IAAI,CAAC,GAAG,CAAC,CACZ,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,qBAAqB;IACnC,MAAM,IAAI,GAAG;QACX,aAAa;QACb,cAAc;QACd,cAAc;QACd,cAAc;QACd,cAAc;QACd,eAAe;KAChB,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IAEd,OAAO,GAAG,CACR;QACE,uHAAuH;QACvH,oEAAoE;QACpE,WAAW,IAAI,qCAAqC;KACrD,CAAC,IAAI,CAAC,MAAM,CAAC,CACf,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,qBAAqB;IACnC,MAAM,OAAO,GAA+B;QAC1C,CAAC,eAAe,EAAE,GAAG,EAAE,iBAAiB,CAAC;QACzC,CAAC,eAAe,EAAE,GAAG,EAAE,iBAAiB,CAAC;QACzC,CAAC,gBAAgB,EAAE,QAAQ,EAAE,iBAAiB,CAAC;QAC/C,CAAC,OAAO,EAAE,KAAK,EAAE,iBAAiB,CAAC;KACpC,CAAC;IACF,MAAM,KAAK,GAAG,OAAO,CAAC,GAAG,CACvB,CAAC,CAAC,GAAG,EAAE,GAAG,EAAE,IAAI,CAAC,EAAE,EAAE,CACnB,cAAc,GAAG,KAAK,IAAI,kBAAkB,GAAG,MAAM,GAAG,IAAI,GAAG,MAAM,IAAI,aAAa,GAAG,IAAI,GAAG,QAAQ,IAAI,EAAE,CACjH,CAAC;IACF,MAAM,OAAO,GAAG,qJAAqJ,CAAC;IACtK,OAAO,GAAG,CAAC,CAAC,GAAG,KAAK,EAAE,OAAO,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC;AAC/C,CAAC;AAED,MAAM,UAAU,oBAAoB;IAClC,MAAM,UAAU,GAAuB;QACrC,CAAC,MAAM,EAAE,GAAG,CAAC;QACb,CAAC,aAAa,EAAE,KAAK,CAAC;QACtB,CAAC,eAAe,EAAE,KAAK,CAAC;KACzB,CAAC;IACF,MAAM,KAAK,GAAG,UAAU,CAAC,GAAG,CAC1B,CAAC,CAAC,GAAG,EAAE,GAAG,CAAC,EAAE,EAAE,CACb,cAAc,GAAG,2DAA2D,GAAG,MAAM,GAAG,MAAM,GAAG,2CAA2C,GAAG,MAAM,GAAG,kCAAkC,CAC7L,CAAC;IACF,OAAO,GAAG,CACR;QACE,wBAAwB;QACxB,GAAG,KAAK;QACR,uDAAuD;KACxD,CAAC,IAAI,CAAC,MAAM,CAAC,CACf,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,yBAAyB;IACvC,OAAO,GAAG,CACR;QACE,yBAAyB;QACzB,wIAAwI;QACxI,8DAA8D;QAC9D,kIAAkI;QAClI,iEAAiE;KAClE,CAAC,IAAI,CAAC,MAAM,CAAC,CACf,CAAC;AACJ,CAAC"}

package/dist/core/lock/docker.d.ts

@@ -0,0 +1,4 @@
+import { type SshCommand } from "../../utils/sshCommand.js";
+import type { Platform } from "../../types/index.js";
+export declare function buildDockerHardeningCommand(platform: Platform | undefined): SshCommand;
+//# sourceMappingURL=docker.d.ts.map

package/dist/core/lock/docker.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"docker.d.ts","sourceRoot":"","sources":["../../../src/core/lock/docker.ts"],"names":[],"mappings":"AAAA,OAAO,EAAO,KAAK,UAAU,EAAE,MAAM,2BAA2B,CAAC;AACjE,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,sBAAsB,CAAC;AAErD,wBAAgB,2BAA2B,CAAC,QAAQ,EAAE,QAAQ,GAAG,SAAS,GAAG,UAAU,CAgCtF"}

package/dist/core/lock/docker.js

@@ -0,0 +1,28 @@
+import { raw } from "../../utils/sshCommand.js";
+export function buildDockerHardeningCommand(platform) {
+    const isCoolify = platform === "coolify";
+    const isDokploy = platform === "dokploy";
+    const settings = {
+        "log-driver": "json-file",
+        "log-opts": { "max-size": "10m", "max-file": "3" },
+        "no-new-privileges": true,
+    };
+    if (!isDokploy) {
+        settings["live-restore"] = true;
+    }
+    if (!isCoolify && !isDokploy) {
+        settings["icc"] = false;
+    }
+    const hardeningJson = JSON.stringify(settings);
+    return raw([
+        "command -v jq >/dev/null 2>&1 || { echo 'WARN: jq not found, skipping Docker hardening'; exit 0; }",
+        "command -v docker >/dev/null 2>&1 || { echo 'WARN: Docker not installed, skipping Docker hardening'; exit 0; }",
+        "mkdir -p /etc/docker && ([ -f /etc/docker/daemon.json ] || echo '{}' > /etc/docker/daemon.json)",
+        "cp /etc/docker/daemon.json /etc/docker/daemon.json.bak-docker",
+        `printf '%s' '${hardeningJson}' | jq -s '.[0] * .[1]' /etc/docker/daemon.json - > /tmp/daemon-kastell.json`,
+        "jq -e . /tmp/daemon-kastell.json >/dev/null 2>&1 || { cp /etc/docker/daemon.json.bak-docker /etc/docker/daemon.json && echo 'daemon.json merge failed: rolled back' >&2 && exit 1; }",
+        "mv /tmp/daemon-kastell.json /etc/docker/daemon.json",
+        "systemctl reload docker 2>/dev/null || systemctl restart docker",
+    ].join(" && "));
+}
+//# sourceMappingURL=docker.js.map

package/dist/core/lock/docker.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"docker.js","sourceRoot":"","sources":["../../../src/core/lock/docker.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,GAAG,EAAmB,MAAM,2BAA2B,CAAC;AAGjE,MAAM,UAAU,2BAA2B,CAAC,QAA8B;IACxE,MAAM,SAAS,GAAG,QAAQ,KAAK,SAAS,CAAC;IACzC,MAAM,SAAS,GAAG,QAAQ,KAAK,SAAS,CAAC;IAEzC,MAAM,QAAQ,GAA4B;QACxC,YAAY,EAAE,WAAW;QACzB,UAAU,EAAE,EAAE,UAAU,EAAE,KAAK,EAAE,UAAU,EAAE,GAAG,EAAE;QAClD,mBAAmB,EAAE,IAAI;KAC1B,CAAC;IAEF,IAAI,CAAC,SAAS,EAAE,CAAC;QACf,QAAQ,CAAC,cAAc,CAAC,GAAG,IAAI,CAAC;IAClC,CAAC;IAED,IAAI,CAAC,SAAS,IAAI,CAAC,SAAS,EAAE,CAAC;QAC7B,QAAQ,CAAC,KAAK,CAAC,GAAG,KAAK,CAAC;IAC1B,CAAC;IAED,MAAM,aAAa,GAAG,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC;IAE/C,OAAO,GAAG,CACR;QACE,oGAAoG;QACpG,gHAAgH;QAChH,iGAAiG;QACjG,+DAA+D;QAC/D,gBAAgB,aAAa,8EAA8E;QAC3G,sLAAsL;QACtL,qDAAqD;QACrD,iEAAiE;KAClE,CAAC,IAAI,CAAC,MAAM,CAAC,CACf,CAAC;AACJ,CAAC"}

package/dist/core/lock/index.d.ts

@@ -0,0 +1,11 @@
+export type { LockOptions, LockStepResult, LockResult } from "./types.js";
+export { buildLoginBannersCommand, buildSshCipherCommand, buildSshFineTuningCommand } from "./ssh.js";
+export { buildSysctlHardeningCommand, buildCloudMetaBlockCommand, buildDnsSecurityCommand, buildDnsRollbackCommand } from "./network.js";
+export { buildUnattendedUpgradesCommand, buildResourceLimitsCommand, buildServiceDisableCommand, buildAptValidationCommand, buildLogRetentionCommand, buildCronAccessCommand, buildBackupPermissionsCommand } from "./system.js";
+export { buildAccountLockCommand, buildPwqualityCommand, buildLoginDefsCommand, buildFaillockCommand, buildSudoHardeningCommand } from "./auth.js";
+export { buildAuditdCommand, buildAideInitCommand } from "./monitoring.js";
+export { buildDockerHardeningCommand } from "./docker.js";
+import type { Platform } from "../../types/index.js";
+import type { LockOptions, LockResult } from "./types.js";
+export declare function applyLock(ip: string, name: string, platform: Platform | undefined, options: LockOptions): Promise<LockResult>;
+//# sourceMappingURL=index.d.ts.map

package/dist/core/lock/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/core/lock/index.ts"],"names":[],"mappings":"AAAA,YAAY,EAAE,WAAW,EAAE,cAAc,EAAE,UAAU,EAAE,MAAM,YAAY,CAAC;AAE1E,OAAO,EAAE,wBAAwB,EAAE,qBAAqB,EAAE,yBAAyB,EAAE,MAAM,UAAU,CAAC;AACtG,OAAO,EAAE,2BAA2B,EAAE,0BAA0B,EAAE,uBAAuB,EAAE,uBAAuB,EAAE,MAAM,cAAc,CAAC;AACzI,OAAO,EAAE,8BAA8B,EAAE,0BAA0B,EAAE,0BAA0B,EAAE,yBAAyB,EAAE,wBAAwB,EAAE,sBAAsB,EAAE,6BAA6B,EAAE,MAAM,aAAa,CAAC;AACjO,OAAO,EAAE,uBAAuB,EAAE,qBAAqB,EAAE,qBAAqB,EAAE,oBAAoB,EAAE,yBAAyB,EAAE,MAAM,WAAW,CAAC;AACnJ,OAAO,EAAE,kBAAkB,EAAE,oBAAoB,EAAE,MAAM,iBAAiB,CAAC;AAC3E,OAAO,EAAE,2BAA2B,EAAE,MAAM,aAAa,CAAC;AAO1D,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,sBAAsB,CAAC;AAUrD,OAAO,KAAK,EAAE,WAAW,EAAkB,UAAU,EAAE,MAAM,YAAY,CAAC;AAe1E,wBAAsB,SAAS,CAC7B,EAAE,EAAE,MAAM,EACV,IAAI,EAAE,MAAM,EACZ,QAAQ,EAAE,QAAQ,GAAG,SAAS,EAC9B,OAAO,EAAE,WAAW,GACnB,OAAO,CAAC,UAAU,CAAC,CAoOrB"}

package/dist/core/lock/index.js

@@ -0,0 +1,247 @@
+export { buildLoginBannersCommand, buildSshCipherCommand, buildSshFineTuningCommand } from "./ssh.js";
+export { buildSysctlHardeningCommand, buildCloudMetaBlockCommand, buildDnsSecurityCommand, buildDnsRollbackCommand } from "./network.js";
+export { buildUnattendedUpgradesCommand, buildResourceLimitsCommand, buildServiceDisableCommand, buildAptValidationCommand, buildLogRetentionCommand, buildCronAccessCommand, buildBackupPermissionsCommand } from "./system.js";
+export { buildAccountLockCommand, buildPwqualityCommand, buildLoginDefsCommand, buildFaillockCommand, buildSudoHardeningCommand } from "./auth.js";
+export { buildAuditdCommand, buildAideInitCommand } from "./monitoring.js";
+export { buildDockerHardeningCommand } from "./docker.js";
+import { sshExec, assertValidIp } from "../../utils/ssh.js";
+import { buildHardeningCommand, buildFail2banCommand, buildKeyCheckCommand } from "../secure.js";
+import { buildFirewallSetupCommand } from "../firewall.js";
+import { runAudit } from "../audit/index.js";
+import { LOCK_FIREWALL_TIMEOUT_MS, LOCK_UPGRADES_TIMEOUT_MS, LOCK_PACKAGES_TIMEOUT_MS } from "../../constants.js";
+import { getErrorMessage } from "../../utils/errorMapper.js";
+import { buildLoginBannersCommand, buildSshCipherCommand, buildSshFineTuningCommand } from "./ssh.js";
+import { buildSysctlHardeningCommand, buildCloudMetaBlockCommand, buildDnsSecurityCommand, buildDnsRollbackCommand } from "./network.js";
+import { buildUnattendedUpgradesCommand, buildResourceLimitsCommand, buildServiceDisableCommand, buildAptValidationCommand, buildLogRetentionCommand, buildCronAccessCommand, buildBackupPermissionsCommand } from "./system.js";
+import { buildAccountLockCommand, buildPwqualityCommand, buildLoginDefsCommand, buildFaillockCommand, buildSudoHardeningCommand } from "./auth.js";
+import { buildAuditdCommand, buildAideInitCommand } from "./monitoring.js";
+import { buildDockerHardeningCommand } from "./docker.js";
+async function runLockStep(ip, command, opts) {
+    try {
+        await sshExec(ip, command, opts);
+        return { ok: true };
+    }
+    catch (err) {
+        return { ok: false, error: getErrorMessage(err) };
+    }
+}
+export async function applyLock(ip, name, platform, options) {
+    assertValidIp(ip);
+    const steps = {
+        sshHardening: false,
+        fail2ban: false,
+        banners: false,
+        accountLock: false,
+        sshCipher: false,
+        ufw: false,
+        cloudMeta: false,
+        dns: false,
+        sysctl: false,
+        unattendedUpgrades: false,
+        aptValidation: false,
+        resourceLimits: false,
+        serviceDisable: false,
+        backupPermissions: false,
+        pwquality: false,
+        dockerHardening: false,
+        auditd: false,
+        logRetention: false,
+        aide: false,
+        cronAccess: false,
+        sshFineTuning: false,
+        loginDefs: false,
+        faillock: false,
+        sudoHardening: false,
+    };
+    const stepErrors = {};
+    // Dry run: preview only, no SSH
+    if (options.dryRun) {
+        return {
+            success: true,
+            steps,
+        };
+    }
+    const auditPlatform = platform ?? "bare";
+    // Pre-audit (non-fatal)
+    let scoreBefore;
+    try {
+        const preAudit = await runAudit(ip, name, auditPlatform);
+        if (preAudit.success && preAudit.data) {
+            scoreBefore = preAudit.data.overallScore;
+        }
+    }
+    catch {
+        // Non-fatal — continue without score
+    }
+    // Step 0: SSH key check — abort if no keys
+    try {
+        const keyResult = await sshExec(ip, buildKeyCheckCommand());
+        const keyCount = parseInt(keyResult.stdout.trim(), 10);
+        if (isNaN(keyCount) || keyCount === 0) {
+            return {
+                success: false,
+                steps,
+                error: "No SSH keys found in /root/.ssh/authorized_keys. Cannot disable password authentication without SSH keys — this would permanently lock you out.",
+                hint: `Add an SSH key first: ssh-copy-id root@${ip}`,
+            };
+        }
+    }
+    catch (err) {
+        return {
+            success: false,
+            steps,
+            error: `SSH key check failed: ${getErrorMessage(err)}`,
+        };
+    }
+    // ── Group 1: SSH & Auth ──────────────────────────────────────────────────
+    // Step 1: SSH hardening (critical — determines overall success)
+    const sshResult = await runLockStep(ip, buildHardeningCommand());
+    steps.sshHardening = sshResult.ok;
+    if (!sshResult.ok)
+        stepErrors.sshHardening = sshResult.error;
+    // Step 2: fail2ban
+    const fail2banResult = await runLockStep(ip, buildFail2banCommand());
+    steps.fail2ban = fail2banResult.ok;
+    if (!fail2banResult.ok)
+        stepErrors.fail2ban = fail2banResult.error;
+    // Step 3: Login banners
+    const bannersResult = await runLockStep(ip, buildLoginBannersCommand());
+    steps.banners = bannersResult.ok;
+    if (!bannersResult.ok)
+        stepErrors.banners = bannersResult.error;
+    // Step 4: Account locking
+    const accountLockResult = await runLockStep(ip, buildAccountLockCommand());
+    steps.accountLock = accountLockResult.ok;
+    if (!accountLockResult.ok)
+        stepErrors.accountLock = accountLockResult.error;
+    // Step 5: SSH cipher hardening — with sshd -t rollback
+    const sshCipherResult = await runLockStep(ip, buildSshCipherCommand());
+    steps.sshCipher = sshCipherResult.ok;
+    if (!sshCipherResult.ok)
+        stepErrors.sshCipher = sshCipherResult.error;
+    // ── Group 2: Firewall & Network ──────────────────────────────────────────
+    // Step 6: UFW firewall, 60s timeout for apt
+    const ufwResult = await runLockStep(ip, buildFirewallSetupCommand(platform), { timeoutMs: LOCK_FIREWALL_TIMEOUT_MS });
+    steps.ufw = ufwResult.ok;
+    if (!ufwResult.ok)
+        stepErrors.ufw = ufwResult.error;
+    // Step 7: Cloud metadata — conditional on UFW
+    if (steps.ufw) {
+        const cloudMetaResult = await runLockStep(ip, buildCloudMetaBlockCommand());
+        steps.cloudMeta = cloudMetaResult.ok;
+        if (!cloudMetaResult.ok)
+            stepErrors.cloudMeta = cloudMetaResult.error;
+    }
+    else {
+        stepErrors.cloudMeta = "UFW required";
+    }
+    // Step 8: DNS security — with rollback on failure
+    const dnsResult = await runLockStep(ip, buildDnsSecurityCommand(), { timeoutMs: 15_000 });
+    steps.dns = dnsResult.ok;
+    if (!dnsResult.ok) {
+        stepErrors.dns = dnsResult.error;
+        await runLockStep(ip, buildDnsRollbackCommand());
+    }
+    // ── Group 3: System ──────────────────────────────────────────────────────
+    // Step 9: sysctl hardening
+    const sysctlResult = await runLockStep(ip, buildSysctlHardeningCommand());
+    steps.sysctl = sysctlResult.ok;
+    if (!sysctlResult.ok)
+        stepErrors.sysctl = sysctlResult.error;
+    // Step 10: unattended-upgrades, 120s timeout for apt
+    const upgradesResult = await runLockStep(ip, buildUnattendedUpgradesCommand(), { timeoutMs: LOCK_UPGRADES_TIMEOUT_MS });
+    steps.unattendedUpgrades = upgradesResult.ok;
+    if (!upgradesResult.ok)
+        stepErrors.unattendedUpgrades = upgradesResult.error;
+    // Step 11: APT validation
+    const aptResult = await runLockStep(ip, buildAptValidationCommand());
+    steps.aptValidation = aptResult.ok;
+    if (!aptResult.ok)
+        stepErrors.aptValidation = aptResult.error;
+    // Step 12: Resource limits
+    const limitsResult = await runLockStep(ip, buildResourceLimitsCommand());
+    steps.resourceLimits = limitsResult.ok;
+    if (!limitsResult.ok)
+        stepErrors.resourceLimits = limitsResult.error;
+    // Step 13: Service disabling
+    const serviceResult = await runLockStep(ip, buildServiceDisableCommand());
+    steps.serviceDisable = serviceResult.ok;
+    if (!serviceResult.ok)
+        stepErrors.serviceDisable = serviceResult.error;
+    // Step 14: Backup permissions
+    const backupResult = await runLockStep(ip, buildBackupPermissionsCommand(), { timeoutMs: LOCK_PACKAGES_TIMEOUT_MS });
+    steps.backupPermissions = backupResult.ok;
+    if (!backupResult.ok)
+        stepErrors.backupPermissions = backupResult.error;
+    // Step 15: Password quality policy
+    const pwqualityResult = await runLockStep(ip, buildPwqualityCommand(), { timeoutMs: LOCK_PACKAGES_TIMEOUT_MS });
+    steps.pwquality = pwqualityResult.ok;
+    if (!pwqualityResult.ok)
+        stepErrors.pwquality = pwqualityResult.error;
+    // Step 16: Docker runtime hardening
+    const dockerResult = await runLockStep(ip, buildDockerHardeningCommand(platform), { timeoutMs: LOCK_PACKAGES_TIMEOUT_MS });
+    steps.dockerHardening = dockerResult.ok;
+    if (!dockerResult.ok)
+        stepErrors.dockerHardening = dockerResult.error;
+    // ── Group 4: Monitoring ──────────────────────────────────────────────────
+    // Step 17: auditd
+    const auditdResult = await runLockStep(ip, buildAuditdCommand(), { timeoutMs: LOCK_PACKAGES_TIMEOUT_MS });
+    steps.auditd = auditdResult.ok;
+    if (!auditdResult.ok)
+        stepErrors.auditd = auditdResult.error;
+    // Step 18: Log retention
+    const logResult = await runLockStep(ip, buildLogRetentionCommand());
+    steps.logRetention = logResult.ok;
+    if (!logResult.ok)
+        stepErrors.logRetention = logResult.error;
+    // Step 19: AIDE (fire-and-forget)
+    const aideResult = await runLockStep(ip, buildAideInitCommand(), { timeoutMs: LOCK_PACKAGES_TIMEOUT_MS });
+    steps.aide = aideResult.ok;
+    if (!aideResult.ok)
+        stepErrors.aide = aideResult.error;
+    // Step 20: Cron access control
+    const cronAccessResult = await runLockStep(ip, buildCronAccessCommand());
+    steps.cronAccess = cronAccessResult.ok;
+    if (!cronAccessResult.ok)
+        stepErrors.cronAccess = cronAccessResult.error;
+    // ── Group 5: Score Boost (P87) ─────────────────────────────────────────────
+    // Step 21: SSH fine-tuning — with sshd -t rollback
+    const sshFineTuneResult = await runLockStep(ip, buildSshFineTuningCommand());
+    steps.sshFineTuning = sshFineTuneResult.ok;
+    if (!sshFineTuneResult.ok)
+        stepErrors.sshFineTuning = sshFineTuneResult.error;
+    // Step 22: Login definitions
+    const loginDefsResult = await runLockStep(ip, buildLoginDefsCommand());
+    steps.loginDefs = loginDefsResult.ok;
+    if (!loginDefsResult.ok)
+        stepErrors.loginDefs = loginDefsResult.error;
+    // Step 23: Faillock
+    const faillockResult = await runLockStep(ip, buildFaillockCommand());
+    steps.faillock = faillockResult.ok;
+    if (!faillockResult.ok)
+        stepErrors.faillock = faillockResult.error;
+    // Step 24: Sudo hardening
+    const sudoHardeningResult = await runLockStep(ip, buildSudoHardeningCommand());
+    steps.sudoHardening = sudoHardeningResult.ok;
+    if (!sudoHardeningResult.ok)
+        stepErrors.sudoHardening = sudoHardeningResult.error;
+    // Post-audit (non-fatal)
+    let scoreAfter;
+    try {
+        const postAudit = await runAudit(ip, name, auditPlatform);
+        if (postAudit.success && postAudit.data) {
+            scoreAfter = postAudit.data.overallScore;
+        }
+    }
+    catch {
+        // Non-fatal
+    }
+    return {
+        success: steps.sshHardening,
+        steps,
+        ...(Object.keys(stepErrors).length > 0 && { stepErrors }),
+        scoreBefore,
+        scoreAfter,
+    };
+}
+//# sourceMappingURL=index.js.map

package/dist/core/lock/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/core/lock/index.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,wBAAwB,EAAE,qBAAqB,EAAE,yBAAyB,EAAE,MAAM,UAAU,CAAC;AACtG,OAAO,EAAE,2BAA2B,EAAE,0BAA0B,EAAE,uBAAuB,EAAE,uBAAuB,EAAE,MAAM,cAAc,CAAC;AACzI,OAAO,EAAE,8BAA8B,EAAE,0BAA0B,EAAE,0BAA0B,EAAE,yBAAyB,EAAE,wBAAwB,EAAE,sBAAsB,EAAE,6BAA6B,EAAE,MAAM,aAAa,CAAC;AACjO,OAAO,EAAE,uBAAuB,EAAE,qBAAqB,EAAE,qBAAqB,EAAE,oBAAoB,EAAE,yBAAyB,EAAE,MAAM,WAAW,CAAC;AACnJ,OAAO,EAAE,kBAAkB,EAAE,oBAAoB,EAAE,MAAM,iBAAiB,CAAC;AAC3E,OAAO,EAAE,2BAA2B,EAAE,MAAM,aAAa,CAAC;AAE1D,OAAO,EAAE,OAAO,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAC;AAC5D,OAAO,EAAE,qBAAqB,EAAE,oBAAoB,EAAE,oBAAoB,EAAE,MAAM,cAAc,CAAC;AACjG,OAAO,EAAE,yBAAyB,EAAE,MAAM,gBAAgB,CAAC;AAC3D,OAAO,EAAE,QAAQ,EAAE,MAAM,mBAAmB,CAAC;AAG7C,OAAO,EAAE,wBAAwB,EAAE,wBAAwB,EAAE,wBAAwB,EAAE,MAAM,oBAAoB,CAAC;AAClH,OAAO,EAAE,eAAe,EAAE,MAAM,4BAA4B,CAAC;AAE7D,OAAO,EAAE,wBAAwB,EAAE,qBAAqB,EAAE,yBAAyB,EAAE,MAAM,UAAU,CAAC;AACtG,OAAO,EAAE,2BAA2B,EAAE,0BAA0B,EAAE,uBAAuB,EAAE,uBAAuB,EAAE,MAAM,cAAc,CAAC;AACzI,OAAO,EAAE,8BAA8B,EAAE,0BAA0B,EAAE,0BAA0B,EAAE,yBAAyB,EAAE,wBAAwB,EAAE,sBAAsB,EAAE,6BAA6B,EAAE,MAAM,aAAa,CAAC;AACjO,OAAO,EAAE,uBAAuB,EAAE,qBAAqB,EAAE,qBAAqB,EAAE,oBAAoB,EAAE,yBAAyB,EAAE,MAAM,WAAW,CAAC;AACnJ,OAAO,EAAE,kBAAkB,EAAE,oBAAoB,EAAE,MAAM,iBAAiB,CAAC;AAC3E,OAAO,EAAE,2BAA2B,EAAE,MAAM,aAAa,CAAC;AAG1D,KAAK,UAAU,WAAW,CACxB,EAAU,EACV,OAAmB,EACnB,IAA6B;IAE7B,IAAI,CAAC;QACH,MAAM,OAAO,CAAC,EAAE,EAAE,OAAO,EAAE,IAAI,CAAC,CAAC;QACjC,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,CAAC;IACtB,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,eAAe,CAAC,GAAG,CAAC,EAAE,CAAC;IACpD,CAAC;AACH,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,SAAS,CAC7B,EAAU,EACV,IAAY,EACZ,QAA8B,EAC9B,OAAoB;IAEpB,aAAa,CAAC,EAAE,CAAC,CAAC;IAElB,MAAM,KAAK,GAAmB;QAC5B,YAAY,EAAE,KAAK;QACnB,QAAQ,EAAE,KAAK;QACf,OAAO,EAAE,KAAK;QACd,WAAW,EAAE,KAAK;QAClB,SAAS,EAAE,KAAK;QAChB,GAAG,EAAE,KAAK;QACV,SAAS,EAAE,KAAK;QAChB,GAAG,EAAE,KAAK;QACV,MAAM,EAAE,KAAK;QACb,kBAAkB,EAAE,KAAK;QACzB,aAAa,EAAE,KAAK;QACpB,cAAc,EAAE,KAAK;QACrB,cAAc,EAAE,KAAK;QACrB,iBAAiB,EAAE,KAAK;QACxB,SAAS,EAAE,KAAK;QAChB,eAAe,EAAE,KAAK;QACtB,MAAM,EAAE,KAAK;QACb,YAAY,EAAE,KAAK;QACnB,IAAI,EAAE,KAAK;QACX,UAAU,EAAE,KAAK;QACjB,aAAa,EAAE,KAAK;QACpB,SAAS,EAAE,KAAK;QAChB,QAAQ,EAAE,KAAK;QACf,aAAa,EAAE,KAAK;KACrB,CAAC;IAEF,MAAM,UAAU,GAAkD,EAAE,CAAC;IAErE,gCAAgC;IAChC,IAAI,OAAO,CAAC,MAAM,EAAE,CAAC;QACnB,OAAO;YACL,OAAO,EAAE,IAAI;YACb,KAAK;SACN,CAAC;IACJ,CAAC;IAED,MAAM,aAAa,GAAG,QAAQ,IAAI,MAAM,CAAC;IAEzC,wBAAwB;IACxB,IAAI,WAA+B,CAAC;IACpC,IAAI,CAAC;QACH,MAAM,QAAQ,GAAG,MAAM,QAAQ,CAAC,EAAE,EAAE,IAAI,EAAE,aAAa,CAAC,CAAC;QACzD,IAAI,QAAQ,CAAC,OAAO,IAAI,QAAQ,CAAC,IAAI,EAAE,CAAC;YACtC,WAAW,GAAG,QAAQ,CAAC,IAAI,CAAC,YAAY,CAAC;QAC3C,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,qCAAqC;IACvC,CAAC;IAED,2CAA2C;IAC3C,IAAI,CAAC;QACH,MAAM,SAAS,GAAG,MAAM,OAAO,CAAC,EAAE,EAAE,oBAAoB,EAAE,CAAC,CAAC;QAC5D,MAAM,QAAQ,GAAG,QAAQ,CAAC,SAAS,CAAC,MAAM,CAAC,IAAI,EAAE,EAAE,EAAE,CAAC,CAAC;QACvD,IAAI,KAAK,CAAC,QAAQ,CAAC,IAAI,QAAQ,KAAK,CAAC,EAAE,CAAC;YACtC,OAAO;gBACL,OAAO,EAAE,KAAK;gBACd,KAAK;gBACL,KAAK,EAAE,iJAAiJ;gBACxJ,IAAI,EAAE,0CAA0C,EAAE,EAAE;aACrD,CAAC;QACJ,CAAC;IACH,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,OAAO;YACL,OAAO,EAAE,KAAK;YACd,KAAK;YACL,KAAK,EAAE,yBAAyB,eAAe,CAAC,GAAG,CAAC,EAAE;SACvD,CAAC;IACJ,CAAC;IAED,4EAA4E;IAE5E,gEAAgE;IAChE,MAAM,SAAS,GAAG,MAAM,WAAW,CAAC,EAAE,EAAE,qBAAqB,EAAE,CAAC,CAAC;IACjE,KAAK,CAAC,YAAY,GAAG,SAAS,CAAC,EAAE,CAAC;IAClC,IAAI,CAAC,SAAS,CAAC,EAAE;QAAE,UAAU,CAAC,YAAY,GAAG,SAAS,CAAC,KAAM,CAAC;IAE9D,mBAAmB;IACnB,MAAM,cAAc,GAAG,MAAM,WAAW,CAAC,EAAE,EAAE,oBAAoB,EAAE,CAAC,CAAC;IACrE,KAAK,CAAC,QAAQ,GAAG,cAAc,CAAC,EAAE,CAAC;IACnC,IAAI,CAAC,cAAc,CAAC,EAAE;QAAE,UAAU,CAAC,QAAQ,GAAG,cAAc,CAAC,KAAM,CAAC;IAEpE,wBAAwB;IACxB,MAAM,aAAa,GAAG,MAAM,WAAW,CAAC,EAAE,EAAE,wBAAwB,EAAE,CAAC,CAAC;IACxE,KAAK,CAAC,OAAO,GAAG,aAAa,CAAC,EAAE,CAAC;IACjC,IAAI,CAAC,aAAa,CAAC,EAAE;QAAE,UAAU,CAAC,OAAO,GAAG,aAAa,CAAC,KAAM,CAAC;IAEjE,0BAA0B;IAC1B,MAAM,iBAAiB,GAAG,MAAM,WAAW,CAAC,EAAE,EAAE,uBAAuB,EAAE,CAAC,CAAC;IAC3E,KAAK,CAAC,WAAW,GAAG,iBAAiB,CAAC,EAAE,CAAC;IACzC,IAAI,CAAC,iBAAiB,CAAC,EAAE;QAAE,UAAU,CAAC,WAAW,GAAG,iBAAiB,CAAC,KAAM,CAAC;IAE7E,uDAAuD;IACvD,MAAM,eAAe,GAAG,MAAM,WAAW,CAAC,EAAE,EAAE,qBAAqB,EAAE,CAAC,CAAC;IACvE,KAAK,CAAC,SAAS,GAAG,eAAe,CAAC,EAAE,CAAC;IACrC,IAAI,CAAC,eAAe,CAAC,EAAE;QAAE,UAAU,CAAC,SAAS,GAAG,eAAe,CAAC,KAAM,CAAC;IAEvE,4EAA4E;IAE5E,4CAA4C;IAC5C,MAAM,SAAS,GAAG,MAAM,WAAW,CAAC,EAAE,EAAE,yBAAyB,CAAC,QAAQ,CAAC,EAAE,EAAE,SAAS,EAAE,wBAAwB,EAAE,CAAC,CAAC;IACtH,KAAK,CAAC,GAAG,GAAG,SAAS,CAAC,EAAE,CAAC;IACzB,IAAI,CAAC,SAAS,CAAC,EAAE;QAAE,UAAU,CAAC,GAAG,GAAG,SAAS,CAAC,KAAM,CAAC;IAErD,8CAA8C;IAC9C,IAAI,KAAK,CAAC,GAAG,EAAE,CAAC;QACd,MAAM,eAAe,GAAG,MAAM,WAAW,CAAC,EAAE,EAAE,0BAA0B,EAAE,CAAC,CAAC;QAC5E,KAAK,CAAC,SAAS,GAAG,eAAe,CAAC,EAAE,CAAC;QACrC,IAAI,CAAC,eAAe,CAAC,EAAE;YAAE,UAAU,CAAC,SAAS,GAAG,eAAe,CAAC,KAAM,CAAC;IACzE,CAAC;SAAM,CAAC;QACN,UAAU,CAAC,SAAS,GAAG,cAAc,CAAC;IACxC,CAAC;IAED,kDAAkD;IAClD,MAAM,SAAS,GAAG,MAAM,WAAW,CAAC,EAAE,EAAE,uBAAuB,EAAE,EAAE,EAAE,SAAS,EAAE,MAAM,EAAE,CAAC,CAAC;IAC1F,KAAK,CAAC,GAAG,GAAG,SAAS,CAAC,EAAE,CAAC;IACzB,IAAI,CAAC,SAAS,CAAC,EAAE,EAAE,CAAC;QAClB,UAAU,CAAC,GAAG,GAAG,SAAS,CAAC,KAAM,CAAC;QAClC,MAAM,WAAW,CAAC,EAAE,EAAE,uBAAuB,EAAE,CAAC,CAAC;IACnD,CAAC;IAED,4EAA4E;IAE5E,2BAA2B;IAC3B,MAAM,YAAY,GAAG,MAAM,WAAW,CAAC,EAAE,EAAE,2BAA2B,EAAE,CAAC,CAAC;IAC1E,KAAK,CAAC,MAAM,GAAG,YAAY,CAAC,EAAE,CAAC;IAC/B,IAAI,CAAC,YAAY,CAAC,EAAE;QAAE,UAAU,CAAC,MAAM,GAAG,YAAY,CAAC,KAAM,CAAC;IAE9D,qDAAqD;IACrD,MAAM,cAAc,GAAG,MAAM,WAAW,CAAC,EAAE,EAAE,8BAA8B,EAAE,EAAE,EAAE,SAAS,EAAE,wBAAwB,EAAE,CAAC,CAAC;IACxH,KAAK,CAAC,kBAAkB,GAAG,cAAc,CAAC,EAAE,CAAC;IAC7C,IAAI,CAAC,cAAc,CAAC,EAAE;QAAE,UAAU,CAAC,kBAAkB,GAAG,cAAc,CAAC,KAAM,CAAC;IAE9E,0BAA0B;IAC1B,MAAM,SAAS,GAAG,MAAM,WAAW,CAAC,EAAE,EAAE,yBAAyB,EAAE,CAAC,CAAC;IACrE,KAAK,CAAC,aAAa,GAAG,SAAS,CAAC,EAAE,CAAC;IACnC,IAAI,CAAC,SAAS,CAAC,EAAE;QAAE,UAAU,CAAC,aAAa,GAAG,SAAS,CAAC,KAAM,CAAC;IAE/D,2BAA2B;IAC3B,MAAM,YAAY,GAAG,MAAM,WAAW,CAAC,EAAE,EAAE,0BAA0B,EAAE,CAAC,CAAC;IACzE,KAAK,CAAC,cAAc,GAAG,YAAY,CAAC,EAAE,CAAC;IACvC,IAAI,CAAC,YAAY,CAAC,EAAE;QAAE,UAAU,CAAC,cAAc,GAAG,YAAY,CAAC,KAAM,CAAC;IAEtE,6BAA6B;IAC7B,MAAM,aAAa,GAAG,MAAM,WAAW,CAAC,EAAE,EAAE,0BAA0B,EAAE,CAAC,CAAC;IAC1E,KAAK,CAAC,cAAc,GAAG,aAAa,CAAC,EAAE,CAAC;IACxC,IAAI,CAAC,aAAa,CAAC,EAAE;QAAE,UAAU,CAAC,cAAc,GAAG,aAAa,CAAC,KAAM,CAAC;IAExE,8BAA8B;IAC9B,MAAM,YAAY,GAAG,MAAM,WAAW,CAAC,EAAE,EAAE,6BAA6B,EAAE,EAAE,EAAE,SAAS,EAAE,wBAAwB,EAAE,CAAC,CAAC;IACrH,KAAK,CAAC,iBAAiB,GAAG,YAAY,CAAC,EAAE,CAAC;IAC1C,IAAI,CAAC,YAAY,CAAC,EAAE;QAAE,UAAU,CAAC,iBAAiB,GAAG,YAAY,CAAC,KAAM,CAAC;IAEzE,mCAAmC;IACnC,MAAM,eAAe,GAAG,MAAM,WAAW,CAAC,EAAE,EAAE,qBAAqB,EAAE,EAAE,EAAE,SAAS,EAAE,wBAAwB,EAAE,CAAC,CAAC;IAChH,KAAK,CAAC,SAAS,GAAG,eAAe,CAAC,EAAE,CAAC;IACrC,IAAI,CAAC,eAAe,CAAC,EAAE;QAAE,UAAU,CAAC,SAAS,GAAG,eAAe,CAAC,KAAM,CAAC;IAEvE,oCAAoC;IACpC,MAAM,YAAY,GAAG,MAAM,WAAW,CAAC,EAAE,EAAE,2BAA2B,CAAC,QAAQ,CAAC,EAAE,EAAE,SAAS,EAAE,wBAAwB,EAAE,CAAC,CAAC;IAC3H,KAAK,CAAC,eAAe,GAAG,YAAY,CAAC,EAAE,CAAC;IACxC,IAAI,CAAC,YAAY,CAAC,EAAE;QAAE,UAAU,CAAC,eAAe,GAAG,YAAY,CAAC,KAAM,CAAC;IAEvE,4EAA4E;IAE5E,kBAAkB;IAClB,MAAM,YAAY,GAAG,MAAM,WAAW,CAAC,EAAE,EAAE,kBAAkB,EAAE,EAAE,EAAE,SAAS,EAAE,wBAAwB,EAAE,CAAC,CAAC;IAC1G,KAAK,CAAC,MAAM,GAAG,YAAY,CAAC,EAAE,CAAC;IAC/B,IAAI,CAAC,YAAY,CAAC,EAAE;QAAE,UAAU,CAAC,MAAM,GAAG,YAAY,CAAC,KAAM,CAAC;IAE9D,yBAAyB;IACzB,MAAM,SAAS,GAAG,MAAM,WAAW,CAAC,EAAE,EAAE,wBAAwB,EAAE,CAAC,CAAC;IACpE,KAAK,CAAC,YAAY,GAAG,SAAS,CAAC,EAAE,CAAC;IAClC,IAAI,CAAC,SAAS,CAAC,EAAE;QAAE,UAAU,CAAC,YAAY,GAAG,SAAS,CAAC,KAAM,CAAC;IAE9D,kCAAkC;IAClC,MAAM,UAAU,GAAG,MAAM,WAAW,CAAC,EAAE,EAAE,oBAAoB,EAAE,EAAE,EAAE,SAAS,EAAE,wBAAwB,EAAE,CAAC,CAAC;IAC1G,KAAK,CAAC,IAAI,GAAG,UAAU,CAAC,EAAE,CAAC;IAC3B,IAAI,CAAC,UAAU,CAAC,EAAE;QAAE,UAAU,CAAC,IAAI,GAAG,UAAU,CAAC,KAAM,CAAC;IAExD,+BAA+B;IAC/B,MAAM,gBAAgB,GAAG,MAAM,WAAW,CAAC,EAAE,EAAE,sBAAsB,EAAE,CAAC,CAAC;IACzE,KAAK,CAAC,UAAU,GAAG,gBAAgB,CAAC,EAAE,CAAC;IACvC,IAAI,CAAC,gBAAgB,CAAC,EAAE;QAAE,UAAU,CAAC,UAAU,GAAG,gBAAgB,CAAC,KAAM,CAAC;IAE1E,8EAA8E;IAE9E,mDAAmD;IACnD,MAAM,iBAAiB,GAAG,MAAM,WAAW,CAAC,EAAE,EAAE,yBAAyB,EAAE,CAAC,CAAC;IAC7E,KAAK,CAAC,aAAa,GAAG,iBAAiB,CAAC,EAAE,CAAC;IAC3C,IAAI,CAAC,iBAAiB,CAAC,EAAE;QAAE,UAAU,CAAC,aAAa,GAAG,iBAAiB,CAAC,KAAM,CAAC;IAE/E,6BAA6B;IAC7B,MAAM,eAAe,GAAG,MAAM,WAAW,CAAC,EAAE,EAAE,qBAAqB,EAAE,CAAC,CAAC;IACvE,KAAK,CAAC,SAAS,GAAG,eAAe,CAAC,EAAE,CAAC;IACrC,IAAI,CAAC,eAAe,CAAC,EAAE;QAAE,UAAU,CAAC,SAAS,GAAG,eAAe,CAAC,KAAM,CAAC;IAEvE,oBAAoB;IACpB,MAAM,cAAc,GAAG,MAAM,WAAW,CAAC,EAAE,EAAE,oBAAoB,EAAE,CAAC,CAAC;IACrE,KAAK,CAAC,QAAQ,GAAG,cAAc,CAAC,EAAE,CAAC;IACnC,IAAI,CAAC,cAAc,CAAC,EAAE;QAAE,UAAU,CAAC,QAAQ,GAAG,cAAc,CAAC,KAAM,CAAC;IAEpE,0BAA0B;IAC1B,MAAM,mBAAmB,GAAG,MAAM,WAAW,CAAC,EAAE,EAAE,yBAAyB,EAAE,CAAC,CAAC;IAC/E,KAAK,CAAC,aAAa,GAAG,mBAAmB,CAAC,EAAE,CAAC;IAC7C,IAAI,CAAC,mBAAmB,CAAC,EAAE;QAAE,UAAU,CAAC,aAAa,GAAG,mBAAmB,CAAC,KAAM,CAAC;IAEnF,yBAAyB;IACzB,IAAI,UAA8B,CAAC;IACnC,IAAI,CAAC;QACH,MAAM,SAAS,GAAG,MAAM,QAAQ,CAAC,EAAE,EAAE,IAAI,EAAE,aAAa,CAAC,CAAC;QAC1D,IAAI,SAAS,CAAC,OAAO,IAAI,SAAS,CAAC,IAAI,EAAE,CAAC;YACxC,UAAU,GAAG,SAAS,CAAC,IAAI,CAAC,YAAY,CAAC;QAC3C,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,YAAY;IACd,CAAC;IAED,OAAO;QACL,OAAO,EAAE,KAAK,CAAC,YAAY;QAC3B,KAAK;QACL,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,UAAU,EAAE,CAAC;QACzD,WAAW;QACX,UAAU;KACX,CAAC;AACJ,CAAC"}

package/dist/core/lock/monitoring.d.ts

@@ -0,0 +1,4 @@
+import { type SshCommand } from "../../utils/sshCommand.js";
+export declare function buildAuditdCommand(): SshCommand;
+export declare function buildAideInitCommand(): SshCommand;
+//# sourceMappingURL=monitoring.d.ts.map

package/dist/core/lock/monitoring.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"monitoring.d.ts","sourceRoot":"","sources":["../../../src/core/lock/monitoring.ts"],"names":[],"mappings":"AAAA,OAAO,EAAO,KAAK,UAAU,EAAE,MAAM,2BAA2B,CAAC;AAEjE,wBAAgB,kBAAkB,IAAI,UAAU,CA8C/C;AAED,wBAAgB,oBAAoB,IAAI,UAAU,CAWjD"}

package/dist/core/lock/monitoring.js

@@ -0,0 +1,55 @@
+import { raw } from "../../utils/sshCommand.js";
+export function buildAuditdCommand() {
+    // Deep rules go in 50-kastell-deep.rules (sorts BEFORE 99-kastell.rules -e 2 immutability)
+    const deepRules = [
+        "# Identity — file integrity",
+        "-w /etc/passwd -p wa -k identity",
+        "-w /etc/shadow -p wa -k identity",
+        "-w /etc/group -p wa -k identity",
+        "-w /etc/gshadow -p wa -k identity",
+        "# Privilege escalation",
+        "-w /etc/sudoers -p wa -k privilege",
+        "-w /etc/sudoers.d/ -p wa -k privilege",
+        "-a always,exit -F arch=b64 -S setuid -S setgid -S setreuid -S setregid -k privilege",
+        "# Time change",
+        "-a always,exit -F arch=b64 -S adjtimex -S settimeofday -S clock_settime -k time-change",
+        "-w /etc/localtime -p wa -k time-change",
+        "# Login and session",
+        "-w /var/log/lastlog -p wa -k logins",
+        "-w /var/run/faillock/ -p wa -k logins",
+        "-w /var/run/utmp -p wa -k session",
+        "-w /var/log/wtmp -p wa -k session",
+        "-w /var/log/btmp -p wa -k session",
+        "# Network changes",
+        "-a always,exit -F arch=b64 -S sethostname -S setdomainname -k network-change",
+        "-w /etc/hostname -p wa -k network-change",
+        "-w /etc/hosts -p wa -k network-change",
+        "-w /etc/sysconfig/network -p wa -k network-change",
+        "# Kernel modules",
+        "-a always,exit -F arch=b64 -S init_module -S delete_module -S finit_module -k kernel-module",
+        "-w /sbin/insmod -p x -k kernel-module",
+        "-w /sbin/modprobe -p x -k kernel-module",
+        "-w /sbin/rmmod -p x -k kernel-module",
+    ].join("\\n");
+    // Immutability directive in 99 — sorts AFTER 50
+    const immutableRule = "-e 2";
+    return raw([
+        "DEBIAN_FRONTEND=noninteractive apt-get install -y auditd audispd-plugins",
+        "systemctl enable auditd && systemctl start auditd",
+        `printf '${deepRules}\\n' > /etc/audit/rules.d/50-kastell-deep.rules`,
+        `printf '${immutableRule}\\n' > /etc/audit/rules.d/99-kastell.rules`,
+        "augenrules --load 2>/dev/null || true",
+        "service auditd restart 2>/dev/null || systemctl restart auditd 2>/dev/null || true",
+    ].join(" && "));
+}
+export function buildAideInitCommand() {
+    const cronScript = "#!/bin/bash\\n/usr/sbin/aide --check 2>/dev/null || true";
+    return raw([
+        "DEBIAN_FRONTEND=noninteractive apt-get install -y aide",
+        "rm -f /etc/cron.d/kastell-aide",
+        `printf '${cronScript}\\n' > /etc/cron.daily/aide-check`,
+        "chmod 755 /etc/cron.daily/aide-check",
+        "nohup aide --init > /var/log/aide-init.log 2>&1 &",
+    ].join(" && "));
+}
+//# sourceMappingURL=monitoring.js.map

package/dist/core/lock/monitoring.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"monitoring.js","sourceRoot":"","sources":["../../../src/core/lock/monitoring.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,GAAG,EAAmB,MAAM,2BAA2B,CAAC;AAEjE,MAAM,UAAU,kBAAkB;IAChC,2FAA2F;IAC3F,MAAM,SAAS,GAAG;QAChB,6BAA6B;QAC7B,kCAAkC;QAClC,kCAAkC;QAClC,iCAAiC;QACjC,mCAAmC;QACnC,wBAAwB;QACxB,oCAAoC;QACpC,uCAAuC;QACvC,qFAAqF;QACrF,eAAe;QACf,wFAAwF;QACxF,wCAAwC;QACxC,qBAAqB;QACrB,qCAAqC;QACrC,uCAAuC;QACvC,mCAAmC;QACnC,mCAAmC;QACnC,mCAAmC;QACnC,mBAAmB;QACnB,8EAA8E;QAC9E,0CAA0C;QAC1C,uCAAuC;QACvC,mDAAmD;QACnD,kBAAkB;QAClB,6FAA6F;QAC7F,uCAAuC;QACvC,yCAAyC;QACzC,sCAAsC;KACvC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IAEd,gDAAgD;IAChD,MAAM,aAAa,GAAG,MAAM,CAAC;IAE7B,OAAO,GAAG,CACR;QACE,0EAA0E;QAC1E,mDAAmD;QACnD,WAAW,SAAS,iDAAiD;QACrE,WAAW,aAAa,4CAA4C;QACpE,uCAAuC;QACvC,oFAAoF;KACrF,CAAC,IAAI,CAAC,MAAM,CAAC,CACf,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,oBAAoB;IAClC,MAAM,UAAU,GAAG,0DAA0D,CAAC;IAC9E,OAAO,GAAG,CACR;QACE,wDAAwD;QACxD,gCAAgC;QAChC,WAAW,UAAU,mCAAmC;QACxD,sCAAsC;QACtC,mDAAmD;KACpD,CAAC,IAAI,CAAC,MAAM,CAAC,CACf,CAAC;AACJ,CAAC"}

package/dist/core/lock/network.d.ts

@@ -0,0 +1,6 @@
+import { type SshCommand } from "../../utils/sshCommand.js";
+export declare function buildSysctlHardeningCommand(): SshCommand;
+export declare function buildCloudMetaBlockCommand(): SshCommand;
+export declare function buildDnsSecurityCommand(): SshCommand;
+export declare function buildDnsRollbackCommand(): SshCommand;
+//# sourceMappingURL=network.d.ts.map

package/dist/core/lock/network.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"network.d.ts","sourceRoot":"","sources":["../../../src/core/lock/network.ts"],"names":[],"mappings":"AAAA,OAAO,EAAO,KAAK,UAAU,EAAE,MAAM,2BAA2B,CAAC;AAEjE,wBAAgB,2BAA2B,IAAI,UAAU,CAqCxD;AAED,wBAAgB,0BAA0B,IAAI,UAAU,CAOvD;AAED,wBAAgB,uBAAuB,IAAI,UAAU,CAYpD;AAED,wBAAgB,uBAAuB,IAAI,UAAU,CAOpD"}