oh-my-claude-sisyphus 3.2.5 → 3.3.1

package/dist/tools/python-repl/paths.js

@@ -0,0 +1,213 @@
+/**
+ * Path utilities for Python REPL tool
+ *
+ * Provides secure path resolution for session directories, sockets, and metadata.
+ * Uses OS-appropriate runtime directories outside the project root.
+ */
+import * as fs from "fs";
+import * as path from "path";
+import * as os from "os";
+import * as crypto from "crypto";
+// =============================================================================
+// CONSTANTS
+// =============================================================================
+/**
+ * Maximum length for Unix socket paths (Linux: 108, macOS: 104).
+ * We use a conservative value that works on both platforms.
+ */
+const MAX_SOCKET_PATH_LENGTH = 100;
+/**
+ * Length of the short session ID hash used for socket paths.
+ * 12 hex chars = 6 bytes = 281 trillion possible values, negligible collision risk.
+ */
+const SHORT_SESSION_ID_LENGTH = 12;
+/**
+ * Windows reserved device names that cannot be used as file names.
+ * These names cause issues on Windows regardless of file extension.
+ * Applied unconditionally (portable-safe) to prevent cross-platform issues.
+ */
+const WINDOWS_RESERVED_NAMES = new Set([
+    // Standard reserved device names
+    'CON', 'PRN', 'AUX', 'NUL',
+    'COM1', 'COM2', 'COM3', 'COM4', 'COM5', 'COM6', 'COM7', 'COM8', 'COM9',
+    'LPT1', 'LPT2', 'LPT3', 'LPT4', 'LPT5', 'LPT6', 'LPT7', 'LPT8', 'LPT9',
+]);
+// =============================================================================
+// RUNTIME DIRECTORY RESOLUTION
+// =============================================================================
+/**
+ * Validate XDG_RUNTIME_DIR security properties.
+ * On multi-user systems, XDG_RUNTIME_DIR can be poisoned if not validated.
+ * @param dir - XDG_RUNTIME_DIR path to validate
+ * @returns true if the directory is secure (exists, not symlink, owned by uid, mode 0700)
+ */
+function isSecureRuntimeDir(dir) {
+    // Must be absolute path (prevents XDG_RUNTIME_DIR="." exploits)
+    if (!path.isAbsolute(dir))
+        return false;
+    try {
+        const stat = fs.lstatSync(dir);
+        if (!stat.isDirectory() || stat.isSymbolicLink())
+            return false;
+        if (stat.uid !== process.getuid?.())
+            return false;
+        if ((stat.mode & 0o777) !== 0o700)
+            return false;
+        return true;
+    }
+    catch {
+        return false;
+    }
+}
+/**
+ * Get the path to the runtime directory.
+ * Contains ephemeral session data like locks and sockets.
+ * Uses OS-appropriate temp directories.
+ *
+ * Priority:
+ * 1. XDG_RUNTIME_DIR/omc (Linux standard, usually /run/user/{uid})
+ * 2. Platform-specific user cache directory
+ * 3. os.tmpdir() fallback
+ *
+ * @returns Path to runtime directory
+ *
+ * @example
+ * getRuntimeDir();
+ * // Linux with XDG: '/run/user/1000/omc'
+ * // macOS: '~/Library/Caches/omc/runtime'
+ * // Fallback: '/tmp/omc/runtime'
+ */
+export function getRuntimeDir() {
+    // Priority 1: XDG_RUNTIME_DIR (Linux standard, usually /run/user/{uid})
+    const xdgRuntime = process.env.XDG_RUNTIME_DIR;
+    if (xdgRuntime && isSecureRuntimeDir(xdgRuntime)) {
+        return path.join(xdgRuntime, "omc");
+    }
+    // Priority 2: Platform-specific user cache directory
+    const platform = process.platform;
+    if (platform === "darwin") {
+        return path.join(os.homedir(), "Library", "Caches", "omc", "runtime");
+    }
+    else if (platform === "linux") {
+        // Linux fallback - use /tmp (XDG validation failed)
+        return path.join("/tmp", "omc", "runtime");
+    }
+    // Priority 3: Final fallback to os.tmpdir() for any other platform
+    return path.join(os.tmpdir(), "omc", "runtime");
+}
+// =============================================================================
+// SESSION PATH UTILITIES
+// =============================================================================
+/**
+ * Shorten a session ID to fit within Unix socket path constraints.
+ * Uses SHA256 hash truncated to 12 hex chars (48 bits).
+ *
+ * Unix sockets have path length limits (UNIX_PATH_MAX):
+ * - Linux: 108 bytes
+ * - macOS: 104 bytes
+ *
+ * SECURITY: Always hashes the input, even for short IDs.
+ * This prevents path traversal attacks via malicious short IDs like ".." or "../x".
+ *
+ * @param sessionId - Original session identifier (can be any length)
+ * @returns Short identifier (12 hex chars) suitable for socket paths
+ */
+export function shortenSessionId(sessionId) {
+    // SECURITY: Always hash - do not return raw input even for short IDs
+    // This prevents traversal attacks like "../.." which is only 5 chars
+    return crypto
+        .createHash("sha256")
+        .update(sessionId)
+        .digest("hex")
+        .slice(0, SHORT_SESSION_ID_LENGTH);
+}
+/**
+ * Get the path to a specific session's runtime directory.
+ * Uses shortened session ID to ensure socket paths stay within limits.
+ *
+ * @param sessionId - Unique identifier for the session
+ * @returns Path to runtime/{shortId}/ in OS temp directory
+ */
+export function getSessionDir(sessionId) {
+    const shortId = shortenSessionId(sessionId);
+    return path.join(getRuntimeDir(), shortId);
+}
+/**
+ * Get the path to a session's bridge socket.
+ * Path is kept short to respect Unix socket path limits (~108 bytes).
+ *
+ * @param sessionId - Unique identifier for the session
+ * @returns Path to bridge.sock in session's runtime directory
+ */
+export function getBridgeSocketPath(sessionId) {
+    return path.join(getSessionDir(sessionId), "bridge.sock");
+}
+/**
+ * Get the path to a session's bridge metadata file.
+ *
+ * @param sessionId - Unique identifier for the session
+ * @returns Path to bridge_meta.json in session's runtime directory
+ */
+export function getBridgeMetaPath(sessionId) {
+    return path.join(getSessionDir(sessionId), "bridge_meta.json");
+}
+/**
+ * Get the path to a session's lock file.
+ *
+ * @param sessionId - Unique identifier for the session
+ * @returns Path to session.lock in session's runtime directory
+ */
+export function getSessionLockPath(sessionId) {
+    return path.join(getSessionDir(sessionId), "session.lock");
+}
+// =============================================================================
+// PATH VALIDATION
+// =============================================================================
+/**
+ * Validates that a path segment is safe to use in file paths.
+ * Prevents directory traversal and path injection attacks.
+ *
+ * @param segment - The path segment to validate (e.g., session ID, file name)
+ * @param name - Name of the parameter for error messages (e.g., "sessionId", "filename")
+ * @throws Error if segment is invalid
+ *
+ * @example
+ * validatePathSegment("my-session-123", "sessionId"); // OK
+ * validatePathSegment("../evil", "sessionId"); // throws Error
+ */
+export function validatePathSegment(segment, name) {
+    if (!segment || typeof segment !== "string") {
+        throw new Error(`${name} is required and must be a string`);
+    }
+    if (segment.trim().length === 0) {
+        throw new Error(`Invalid ${name}: cannot be empty or whitespace`);
+    }
+    // Normalize Unicode to prevent bypass via alternative representations
+    const normalized = segment.normalize("NFC");
+    // Prevent path traversal attacks
+    // Block both ".." (parent directory) and path separators
+    if (normalized.includes("..") || normalized.includes("/") || normalized.includes("\\")) {
+        throw new Error(`Invalid ${name}: contains path traversal characters`);
+    }
+    // Prevent null bytes
+    if (normalized.includes("\0")) {
+        throw new Error(`Invalid ${name}: contains null byte`);
+    }
+    // Limit byte length (filesystems typically limit to 255 bytes, not chars)
+    if (Buffer.byteLength(normalized, "utf8") > 255) {
+        throw new Error(`Invalid ${name}: exceeds maximum length of 255 bytes`);
+    }
+    // Reject Windows reserved device names (portable-safe)
+    // Handle COM1.txt, NUL.txt etc (anything starting with reserved name + optional extension)
+    // Trim trailing spaces/dots from baseName to prevent bypass via "CON .txt" or "NUL..txt"
+    const upperSegment = normalized.toUpperCase();
+    const baseName = upperSegment.split('.')[0].replace(/[ .]+$/, "");
+    if (WINDOWS_RESERVED_NAMES.has(baseName)) {
+        throw new Error(`${name} contains Windows reserved name: ${segment}`);
+    }
+    // Reject trailing dots or spaces (Windows path confusion)
+    if (normalized.endsWith('.') || normalized.endsWith(' ')) {
+        throw new Error(`${name} has trailing dot or space: ${segment}`);
+    }
+}
+//# sourceMappingURL=paths.js.map

package/dist/tools/python-repl/paths.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"paths.js","sourceRoot":"","sources":["../../../src/tools/python-repl/paths.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,KAAK,EAAE,MAAM,IAAI,CAAC;AACzB,OAAO,KAAK,IAAI,MAAM,MAAM,CAAC;AAC7B,OAAO,KAAK,EAAE,MAAM,IAAI,CAAC;AACzB,OAAO,KAAK,MAAM,MAAM,QAAQ,CAAC;AAEjC,gFAAgF;AAChF,YAAY;AACZ,gFAAgF;AAEhF;;;GAGG;AACH,MAAM,sBAAsB,GAAG,GAAG,CAAC;AAEnC;;;GAGG;AACH,MAAM,uBAAuB,GAAG,EAAE,CAAC;AAEnC;;;;GAIG;AACH,MAAM,sBAAsB,GAAG,IAAI,GAAG,CAAC;IACrC,iCAAiC;IACjC,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK;IAC1B,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM;IACtE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM;CACvE,CAAC,CAAC;AAEH,gFAAgF;AAChF,+BAA+B;AAC/B,gFAAgF;AAEhF;;;;;GAKG;AACH,SAAS,kBAAkB,CAAC,GAAW;IACrC,gEAAgE;IAChE,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC;QAAE,OAAO,KAAK,CAAC;IACxC,IAAI,CAAC;QACH,MAAM,IAAI,GAAG,EAAE,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;QAC/B,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,IAAI,IAAI,CAAC,cAAc,EAAE;YAAE,OAAO,KAAK,CAAC;QAC/D,IAAI,IAAI,CAAC,GAAG,KAAK,OAAO,CAAC,MAAM,EAAE,EAAE;YAAE,OAAO,KAAK,CAAC;QAClD,IAAI,CAAC,IAAI,CAAC,IAAI,GAAG,KAAK,CAAC,KAAK,KAAK;YAAE,OAAO,KAAK,CAAC;QAChD,OAAO,IAAI,CAAC;IACd,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED;;;;;;;;;;;;;;;;;GAiBG;AACH,MAAM,UAAU,aAAa;IAC3B,wEAAwE;IACxE,MAAM,UAAU,GAAG,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC;IAC/C,IAAI,UAAU,IAAI,kBAAkB,CAAC,UAAU,CAAC,EAAE,CAAC;QACjD,OAAO,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,KAAK,CAAC,CAAC;IACtC,CAAC;IAED,qDAAqD;IACrD,MAAM,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC;IAClC,IAAI,QAAQ,KAAK,QAAQ,EAAE,CAAC;QAC1B,OAAO,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,EAAE,SAAS,EAAE,QAAQ,EAAE,KAAK,EAAE,SAAS,CAAC,CAAC;IACxE,CAAC;SAAM,IAAI,QAAQ,KAAK,OAAO,EAAE,CAAC;QAChC,oDAAoD;QACpD,OAAO,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,KAAK,EAAE,SAAS,CAAC,CAAC;IAC7C,CAAC;IAED,mEAAmE;IACnE,OAAO,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,MAAM,EAAE,EAAE,KAAK,EAAE,SAAS,CAAC,CAAC;AAClD,CAAC;AAED,gFAAgF;AAChF,yBAAyB;AACzB,gFAAgF;AAEhF;;;;;;;;;;;;;GAaG;AACH,MAAM,UAAU,gBAAgB,CAAC,SAAiB;IAChD,qEAAqE;IACrE,qEAAqE;IACrE,OAAO,MAAM;SACV,UAAU,CAAC,QAAQ,CAAC;SACpB,MAAM,CAAC,SAAS,CAAC;SACjB,MAAM,CAAC,KAAK,CAAC;SACb,KAAK,CAAC,CAAC,EAAE,uBAAuB,CAAC,CAAC;AACvC,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,aAAa,CAAC,SAAiB;IAC7C,MAAM,OAAO,GAAG,gBAAgB,CAAC,SAAS,CAAC,CAAC;IAC5C,OAAO,IAAI,CAAC,IAAI,CAAC,aAAa,EAAE,EAAE,OAAO,CAAC,CAAC;AAC7C,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,mBAAmB,CAAC,SAAiB;IACnD,OAAO,IAAI,CAAC,IAAI,CAAC,aAAa,CAAC,SAAS,CAAC,EAAE,aAAa,CAAC,CAAC;AAC5D,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,iBAAiB,CAAC,SAAiB;IACjD,OAAO,IAAI,CAAC,IAAI,CAAC,aAAa,CAAC,SAAS,CAAC,EAAE,kBAAkB,CAAC,CAAC;AACjE,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,kBAAkB,CAAC,SAAiB;IAClD,OAAO,IAAI,CAAC,IAAI,CAAC,aAAa,CAAC,SAAS,CAAC,EAAE,cAAc,CAAC,CAAC;AAC7D,CAAC;AAED,gFAAgF;AAChF,kBAAkB;AAClB,gFAAgF;AAEhF;;;;;;;;;;;GAWG;AACH,MAAM,UAAU,mBAAmB,CAAC,OAAe,EAAE,IAAY;IAC/D,IAAI,CAAC,OAAO,IAAI,OAAO,OAAO,KAAK,QAAQ,EAAE,CAAC;QAC5C,MAAM,IAAI,KAAK,CAAC,GAAG,IAAI,mCAAmC,CAAC,CAAC;IAC9D,CAAC;IAED,IAAI,OAAO,CAAC,IAAI,EAAE,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAChC,MAAM,IAAI,KAAK,CAAC,WAAW,IAAI,iCAAiC,CAAC,CAAC;IACpE,CAAC;IAED,sEAAsE;IACtE,MAAM,UAAU,GAAG,OAAO,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC;IAE5C,iCAAiC;IACjC,yDAAyD;IACzD,IAAI,UAAU,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,UAAU,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,UAAU,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;QACvF,MAAM,IAAI,KAAK,CAAC,WAAW,IAAI,sCAAsC,CAAC,CAAC;IACzE,CAAC;IAED,qBAAqB;IACrB,IAAI,UAAU,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;QAC9B,MAAM,IAAI,KAAK,CAAC,WAAW,IAAI,sBAAsB,CAAC,CAAC;IACzD,CAAC;IAED,0EAA0E;IAC1E,IAAI,MAAM,CAAC,UAAU,CAAC,UAAU,EAAE,MAAM,CAAC,GAAG,GAAG,EAAE,CAAC;QAChD,MAAM,IAAI,KAAK,CAAC,WAAW,IAAI,uCAAuC,CAAC,CAAC;IAC1E,CAAC;IAED,uDAAuD;IACvD,2FAA2F;IAC3F,yFAAyF;IACzF,MAAM,YAAY,GAAG,UAAU,CAAC,WAAW,EAAE,CAAC;IAC9C,MAAM,QAAQ,GAAG,YAAY,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAC;IAClE,IAAI,sBAAsB,CAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC;QACzC,MAAM,IAAI,KAAK,CAAC,GAAG,IAAI,oCAAoC,OAAO,EAAE,CAAC,CAAC;IACxE,CAAC;IAED,0DAA0D;IAC1D,IAAI,UAAU,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,UAAU,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;QACzD,MAAM,IAAI,KAAK,CAAC,GAAG,IAAI,+BAA+B,OAAO,EAAE,CAAC,CAAC;IACnE,CAAC;AACH,CAAC"}

package/dist/tools/python-repl/session-lock.d.ts

@@ -0,0 +1,111 @@
+/**
+ * Session Lock - Cross-platform file-based session locking
+ *
+ * Provides single-writer enforcement per session with:
+ * - PID-reuse safety via process start time verification
+ * - Cross-platform support (Linux, macOS)
+ * - Stale lock detection and safe breaking
+ * - Request queuing with timeout
+ */
+import { LockInfo } from './types.js';
+export declare class LockTimeoutError extends Error {
+    readonly lockPath: string;
+    readonly timeout: number;
+    readonly lastHolder?: LockInfo | undefined;
+    constructor(lockPath: string, timeout: number, lastHolder?: LockInfo | undefined);
+}
+export declare class LockError extends Error {
+    constructor(message: string);
+}
+export interface LockResult {
+    acquired: boolean;
+    reason?: 'success' | 'held_by_other' | 'stale_broken' | 'error';
+    holder?: LockInfo;
+}
+/**
+ * Get the start time of the current process.
+ * Used when creating lock files to enable PID reuse detection.
+ */
+export declare function getCurrentProcessStartTime(): Promise<number | undefined>;
+/**
+ * Check if a process is alive with PID-reuse detection via start time comparison.
+ *
+ * @param pid - Process ID to check
+ * @param recordedStartTime - Start time recorded when lock was acquired
+ * @returns true if process is alive AND start time matches (or wasn't recorded)
+ */
+export declare function isProcessAlive(pid: number, recordedStartTime?: number): Promise<boolean>;
+/**
+ * SessionLock manages a single lock file for session coordination.
+ *
+ * @example
+ * const lock = new SessionLock('my-session-id');
+ * try {
+ *   await lock.acquire();
+ *   // ... do work ...
+ * } finally {
+ *   await lock.release();
+ * }
+ */
+export declare class SessionLock {
+    private lockPath;
+    private lockId;
+    private held;
+    private lockInfo;
+    constructor(sessionId: string);
+    /**
+     * Acquire lock with timeout (default 30s).
+     * Blocks until lock is acquired or timeout is reached.
+     *
+     * @param timeout - Maximum time to wait in milliseconds
+     * @throws LockTimeoutError if lock cannot be acquired within timeout
+     */
+    acquire(timeout?: number): Promise<void>;
+    /**
+     * Try to acquire lock (non-blocking).
+     * Returns immediately with result indicating success or failure.
+     */
+    tryAcquire(): Promise<LockResult>;
+    /**
+     * Release held lock.
+     * Safe to call multiple times - subsequent calls are no-ops.
+     */
+    release(): Promise<void>;
+    /**
+     * Force break a stale lock.
+     * USE WITH CAUTION: This will break the lock regardless of who holds it.
+     * Should only be used for recovery from known stale states.
+     */
+    forceBreak(): Promise<void>;
+    /**
+     * Check if lock is held by us.
+     */
+    isHeld(): boolean;
+    /**
+     * Get the lock file path.
+     */
+    getLockPath(): string;
+    /**
+     * Get current lock info (if held).
+     */
+    getLockInfo(): LockInfo | null;
+}
+/**
+ * Execute a function while holding a lock, releasing automatically on completion.
+ *
+ * @example
+ * await withLock('session-id', async () => {
+ *   // ... critical section ...
+ * });
+ */
+export declare function withLock<T>(sessionId: string, fn: () => Promise<T>, timeout?: number): Promise<T>;
+/**
+ * Get the current status of a session lock.
+ */
+export declare function getLockStatus(sessionId: string): Promise<{
+    locked: boolean;
+    lockInfo: LockInfo | null;
+    canBreak: boolean;
+    ownedByUs: boolean;
+}>;
+//# sourceMappingURL=session-lock.d.ts.map

package/dist/tools/python-repl/session-lock.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"session-lock.d.ts","sourceRoot":"","sources":["../../../src/tools/python-repl/session-lock.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AASH,OAAO,EAAE,QAAQ,EAAE,MAAM,YAAY,CAAC;AAmBtC,qBAAa,gBAAiB,SAAQ,KAAK;aAEvB,QAAQ,EAAE,MAAM;aAChB,OAAO,EAAE,MAAM;aACf,UAAU,CAAC,EAAE,QAAQ;gBAFrB,QAAQ,EAAE,MAAM,EAChB,OAAO,EAAE,MAAM,EACf,UAAU,CAAC,EAAE,QAAQ,YAAA;CAWxC;AAED,qBAAa,SAAU,SAAQ,KAAK;gBACtB,OAAO,EAAE,MAAM;CAI5B;AAMD,MAAM,WAAW,UAAU;IACzB,QAAQ,EAAE,OAAO,CAAC;IAClB,MAAM,CAAC,EAAE,SAAS,GAAG,eAAe,GAAG,cAAc,GAAG,OAAO,CAAC;IAChE,MAAM,CAAC,EAAE,QAAQ,CAAC;CACnB;AAmED;;;GAGG;AACH,wBAAsB,0BAA0B,IAAI,OAAO,CAAC,MAAM,GAAG,SAAS,CAAC,CAW9E;AAMD;;;;;;GAMG;AACH,wBAAsB,cAAc,CAAC,GAAG,EAAE,MAAM,EAAE,iBAAiB,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CA0C9F;AA4HD;;;;;;;;;;;GAWG;AACH,qBAAa,WAAW;IACtB,OAAO,CAAC,QAAQ,CAAS;IACzB,OAAO,CAAC,MAAM,CAAS;IACvB,OAAO,CAAC,IAAI,CAAkB;IAC9B,OAAO,CAAC,QAAQ,CAAyB;gBAE7B,SAAS,EAAE,MAAM;IAK7B;;;;;;OAMG;IACG,OAAO,CAAC,OAAO,GAAE,MAAmC,GAAG,OAAO,CAAC,IAAI,CAAC;IAyB1E;;;OAGG;IACG,UAAU,IAAI,OAAO,CAAC,UAAU,CAAC;IA2EvC;;;OAGG;IACG,OAAO,IAAI,OAAO,CAAC,IAAI,CAAC;IAoB9B;;;;OAIG;IACG,UAAU,IAAI,OAAO,CAAC,IAAI,CAAC;IAYjC;;OAEG;IACH,MAAM,IAAI,OAAO;IAIjB;;OAEG;IACH,WAAW,IAAI,MAAM;IAIrB;;OAEG;IACH,WAAW,IAAI,QAAQ,GAAG,IAAI;CAG/B;AAUD;;;;;;;GAOG;AACH,wBAAsB,QAAQ,CAAC,CAAC,EAC9B,SAAS,EAAE,MAAM,EACjB,EAAE,EAAE,MAAM,OAAO,CAAC,CAAC,CAAC,EACpB,OAAO,GAAE,MAAmC,GAC3C,OAAO,CAAC,CAAC,CAAC,CAQZ;AAED;;GAEG;AACH,wBAAsB,aAAa,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC;IAC9D,MAAM,EAAE,OAAO,CAAC;IAChB,QAAQ,EAAE,QAAQ,GAAG,IAAI,CAAC;IAC1B,QAAQ,EAAE,OAAO,CAAC;IAClB,SAAS,EAAE,OAAO,CAAC;CACpB,CAAC,CAsBD"}