opena2a-cli 0.1.0

package/dist/commands/init.d.ts

@@ -0,0 +1,14 @@
+/**
+ * opena2a init -- Initialize security posture assessment for a project.
+ *
+ * Detects project type, scans for credentials, checks hygiene,
+ * calculates trust score, and generates prioritized next steps.
+ */
+export interface InitOptions {
+    targetDir?: string;
+    ci?: boolean;
+    format?: 'text' | 'json';
+    verbose?: boolean;
+}
+export declare function init(options: InitOptions): Promise<number>;
+//# sourceMappingURL=init.d.ts.map

package/dist/commands/init.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"init.d.ts","sourceRoot":"","sources":["../../src/commands/init.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAYH,MAAM,WAAW,WAAW;IAC1B,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,EAAE,CAAC,EAAE,OAAO,CAAC;IACb,MAAM,CAAC,EAAE,MAAM,GAAG,MAAM,CAAC;IACzB,OAAO,CAAC,EAAE,OAAO,CAAC;CACnB;AA8BD,wBAAsB,IAAI,CAAC,OAAO,EAAE,WAAW,GAAG,OAAO,CAAC,MAAM,CAAC,CAuGhE"}

package/dist/commands/init.js

@@ -0,0 +1,356 @@
+"use strict";
+/**
+ * opena2a init -- Initialize security posture assessment for a project.
+ *
+ * Detects project type, scans for credentials, checks hygiene,
+ * calculates trust score, and generates prioritized next steps.
+ */
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.init = init;
+const fs = __importStar(require("node:fs"));
+const path = __importStar(require("node:path"));
+const colors_js_1 = require("../util/colors.js");
+const detect_js_1 = require("../util/detect.js");
+const credential_patterns_js_1 = require("../util/credential-patterns.js");
+const advisories_js_1 = require("../util/advisories.js");
+const version_js_1 = require("../util/version.js");
+// --- Core ---
+async function init(options) {
+    const targetDir = path.resolve(options.targetDir ?? process.cwd());
+    if (!fs.existsSync(targetDir)) {
+        process.stderr.write((0, colors_js_1.red)(`Directory not found: ${targetDir}\n`));
+        return 1;
+    }
+    // 1. Detect project type
+    const project = (0, detect_js_1.detectProject)(targetDir);
+    // 2. Quick credential scan
+    const credentialMatches = (0, credential_patterns_js_1.quickCredentialScan)(targetDir);
+    const credsBySeverity = {};
+    for (const m of credentialMatches) {
+        credsBySeverity[m.severity] = (credsBySeverity[m.severity] || 0) + 1;
+    }
+    // 3. Security hygiene checks
+    const checks = runHygieneChecks(targetDir, project, credentialMatches.length);
+    // 4. Check advisories (non-blocking)
+    let advisoryCheck = { advisories: [], matchedPackages: [], total: 0, fromCache: false };
+    try {
+        advisoryCheck = await (0, advisories_js_1.checkAdvisories)(targetDir);
+    }
+    catch {
+        // Advisory check is best-effort, don't fail init
+    }
+    // 5. Calculate trust score
+    const { score, grade } = calculateTrustScore(credsBySeverity, checks, targetDir);
+    // 6. Generate next steps
+    const nextSteps = generateNextSteps(credentialMatches.length, credsBySeverity, checks);
+    // 7. Build report
+    const report = {
+        projectName: project.name,
+        projectVersion: project.version,
+        projectType: formatProjectType(project),
+        directory: targetDir,
+        credentialFindings: credentialMatches.length,
+        credentialsBySeverity: credsBySeverity,
+        hygieneChecks: checks,
+        trustScore: score,
+        grade,
+        nextSteps,
+        advisories: {
+            count: advisoryCheck.advisories.length,
+            matchedPackages: advisoryCheck.matchedPackages,
+        },
+    };
+    // 8. Output
+    if (options.format === 'json') {
+        process.stdout.write(JSON.stringify(report, null, 2) + '\n');
+    }
+    else {
+        printReport(report, options.verbose);
+        // Verbose: show individual credential findings
+        if (options.verbose && credentialMatches.length > 0) {
+            process.stdout.write((0, colors_js_1.bold)('  Credential Details') + '\n');
+            process.stdout.write((0, colors_js_1.gray)('  ' + '-'.repeat(47)) + '\n');
+            for (const m of credentialMatches) {
+                const sev = m.severity === 'critical' ? (0, colors_js_1.red)('[CRITICAL]')
+                    : m.severity === 'high' ? (0, colors_js_1.yellow)('[HIGH]')
+                        : (0, colors_js_1.cyan)('[MEDIUM]');
+                const relPath = path.relative(targetDir, m.filePath);
+                process.stdout.write(`  ${sev} ${(0, colors_js_1.bold)(m.findingId)}: ${m.title}\n`);
+                process.stdout.write(`  ${(0, colors_js_1.dim)('  File:')} ${relPath}:${m.line}\n`);
+                if (m.explanation) {
+                    process.stdout.write(`  ${(0, colors_js_1.dim)('  Why:')} ${m.explanation}\n`);
+                }
+                process.stdout.write('\n');
+            }
+        }
+        // Drift detection callout (always shown when drift findings exist)
+        const driftFindings = credentialMatches.filter(m => m.findingId.startsWith('DRIFT'));
+        if (driftFindings.length > 0) {
+            process.stdout.write((0, colors_js_1.yellow)((0, colors_js_1.bold)('  Scope Drift Detected')) + '\n');
+            process.stdout.write((0, colors_js_1.gray)('  ' + '-'.repeat(47)) + '\n');
+            for (const d of driftFindings) {
+                const relPath = path.relative(targetDir, d.filePath);
+                const driftType = d.findingId === 'DRIFT-001' ? 'Google Maps key may access Gemini AI' : 'AWS key may access Bedrock AI';
+                process.stdout.write(`  ${(0, colors_js_1.yellow)(d.findingId)} ${driftType}\n`);
+                process.stdout.write(`  ${(0, colors_js_1.dim)('  ' + relPath + ':' + d.line)}\n`);
+            }
+            process.stdout.write('\n');
+            process.stdout.write((0, colors_js_1.dim)('  Scope drift: keys provisioned for one service silently') + '\n');
+            process.stdout.write((0, colors_js_1.dim)('  gain access to AI services, expanding attack surface.') + '\n');
+            process.stdout.write((0, colors_js_1.dim)('  Run: opena2a protect') + '\n');
+            process.stdout.write('\n');
+        }
+        // Show advisory warnings after main report
+        if (advisoryCheck.advisories.length > 0) {
+            (0, advisories_js_1.printAdvisoryWarnings)(advisoryCheck);
+        }
+    }
+    const hasCritical = nextSteps.some(s => s.severity === 'critical');
+    return hasCritical ? 1 : 0;
+}
+// --- Hygiene checks ---
+function runHygieneChecks(dir, project, credCount) {
+    const checks = [];
+    // Credential scan result
+    if (credCount === 0) {
+        checks.push({ label: 'Credential scan', status: 'pass', detail: 'no findings' });
+    }
+    else {
+        checks.push({
+            label: 'Credential scan',
+            status: 'fail',
+            detail: `${credCount} finding${credCount === 1 ? '' : 's'}`,
+        });
+    }
+    // .gitignore
+    const gitignorePath = path.join(dir, '.gitignore');
+    if (fs.existsSync(gitignorePath)) {
+        checks.push({ label: '.gitignore', status: 'pass', detail: 'present' });
+        // .env protection
+        const gitignoreContent = fs.readFileSync(gitignorePath, 'utf-8');
+        if (gitignoreContent.includes('.env')) {
+            checks.push({ label: '.env protection', status: 'pass', detail: 'in .gitignore' });
+        }
+        else {
+            checks.push({ label: '.env protection', status: 'warn', detail: 'NOT in .gitignore' });
+        }
+    }
+    else {
+        checks.push({ label: '.gitignore', status: 'warn', detail: 'missing' });
+        checks.push({ label: '.env protection', status: 'warn', detail: 'no .gitignore' });
+    }
+    // Lock file
+    const lockFiles = [
+        { file: 'package-lock.json', label: 'package-lock.json' },
+        { file: 'yarn.lock', label: 'yarn.lock' },
+        { file: 'pnpm-lock.yaml', label: 'pnpm-lock.yaml' },
+        { file: 'bun.lockb', label: 'bun.lockb' },
+        { file: 'go.sum', label: 'go.sum' },
+        { file: 'poetry.lock', label: 'poetry.lock' },
+        { file: 'Pipfile.lock', label: 'Pipfile.lock' },
+    ];
+    const foundLock = lockFiles.find(lf => fs.existsSync(path.join(dir, lf.file)));
+    if (foundLock) {
+        checks.push({ label: 'Lock file', status: 'pass', detail: foundLock.label });
+    }
+    else {
+        checks.push({ label: 'Lock file', status: 'warn', detail: 'none found' });
+    }
+    // Security config
+    const securityConfigs = ['.opena2a.yaml', '.opena2a.json', '.opena2a/guard/signatures.json'];
+    const foundConfig = securityConfigs.find(sc => fs.existsSync(path.join(dir, sc)));
+    if (foundConfig) {
+        checks.push({ label: 'Security config', status: 'pass', detail: foundConfig });
+    }
+    else {
+        checks.push({ label: 'Security config', status: 'info', detail: 'none' });
+    }
+    // MCP config
+    if (project.hasMcp) {
+        checks.push({ label: 'MCP config', status: 'info', detail: 'found' });
+    }
+    return checks;
+}
+// --- Trust score ---
+function calculateTrustScore(credsBySeverity, checks, dir) {
+    let score = 100;
+    // Credential penalties
+    score -= (credsBySeverity['critical'] || 0) * 25;
+    score -= (credsBySeverity['high'] || 0) * 15;
+    score -= (credsBySeverity['medium'] || 0) * 8;
+    score -= (credsBySeverity['low'] || 0) * 3;
+    // Hygiene penalties
+    const gitignoreCheck = checks.find(c => c.label === '.gitignore');
+    if (gitignoreCheck?.status !== 'pass')
+        score -= 15;
+    const envCheck = checks.find(c => c.label === '.env protection');
+    if (envCheck?.status === 'warn')
+        score -= 10;
+    const lockCheck = checks.find(c => c.label === 'Lock file');
+    if (lockCheck?.status !== 'pass')
+        score -= 5;
+    // Bonus for security config
+    const secConfig = checks.find(c => c.label === 'Security config');
+    if (secConfig?.status === 'pass')
+        score += 5;
+    score = Math.max(0, Math.min(100, score));
+    let grade;
+    if (score >= 90)
+        grade = 'A';
+    else if (score >= 80)
+        grade = 'B';
+    else if (score >= 70)
+        grade = 'C';
+    else if (score >= 60)
+        grade = 'D';
+    else
+        grade = 'F';
+    return { score, grade };
+}
+// --- Next steps ---
+function generateNextSteps(credCount, credsBySeverity, checks) {
+    const steps = [];
+    // Credentials -> protect
+    if (credCount > 0) {
+        steps.push({
+            severity: 'critical',
+            description: `Migrate ${credCount} hardcoded credential${credCount === 1 ? '' : 's'}`,
+            command: 'opena2a protect',
+        });
+    }
+    // .env protection
+    const envCheck = checks.find(c => c.label === '.env protection');
+    if (envCheck?.status === 'warn') {
+        steps.push({
+            severity: 'high',
+            description: 'Add .env to .gitignore',
+            command: "echo '.env' >> .gitignore",
+        });
+    }
+    // No .gitignore
+    const gitignoreCheck = checks.find(c => c.label === '.gitignore');
+    if (gitignoreCheck?.status !== 'pass') {
+        steps.push({
+            severity: 'high',
+            description: 'Create .gitignore',
+            command: 'npx gitignore node',
+        });
+    }
+    // Sign config files
+    steps.push({
+        severity: 'medium',
+        description: 'Sign config files for integrity',
+        command: 'opena2a guard sign',
+    });
+    // Runtime protection
+    steps.push({
+        severity: 'low',
+        description: 'Start runtime protection',
+        command: 'opena2a runtime start',
+    });
+    return steps;
+}
+// --- Output ---
+function formatProjectType(project) {
+    const parts = [];
+    switch (project.type) {
+        case 'node':
+            parts.push('Node.js');
+            break;
+        case 'go':
+            parts.push('Go');
+            break;
+        case 'python':
+            parts.push('Python');
+            break;
+        default: parts.push('Unknown');
+    }
+    if (project.hasMcp)
+        parts.push('+ MCP server');
+    return parts.join(' ');
+}
+function printReport(report, _verbose) {
+    const VERSION = (0, version_js_1.getVersion)();
+    process.stdout.write('\n');
+    process.stdout.write((0, colors_js_1.bold)('  OpenA2A Security Initialization') + (0, colors_js_1.dim)(`  v${VERSION}`) + '\n\n');
+    // Project info
+    const projectDisplay = report.projectName
+        ? `${report.projectName}${report.projectVersion ? ' v' + report.projectVersion : ''}`
+        : path.basename(report.directory);
+    process.stdout.write(`  ${(0, colors_js_1.dim)('Project')}      ${projectDisplay}\n`);
+    process.stdout.write(`  ${(0, colors_js_1.dim)('Type')}         ${report.projectType}\n`);
+    process.stdout.write(`  ${(0, colors_js_1.dim)('Directory')}    ${report.directory}\n`);
+    process.stdout.write('\n');
+    // Security posture
+    process.stdout.write((0, colors_js_1.bold)('  Security Posture') + '\n');
+    process.stdout.write((0, colors_js_1.gray)('  ' + '-'.repeat(47)) + '\n');
+    for (const check of report.hygieneChecks) {
+        const statusDisplay = check.status === 'pass' ? (0, colors_js_1.green)(check.detail)
+            : check.status === 'fail' ? (0, colors_js_1.red)(check.detail)
+                : check.status === 'warn' ? (0, colors_js_1.yellow)(check.detail)
+                    : (0, colors_js_1.dim)(check.detail);
+        process.stdout.write(`  ${(0, colors_js_1.dim)(check.label.padEnd(20))} ${statusDisplay}\n`);
+    }
+    process.stdout.write((0, colors_js_1.gray)('  ' + '-'.repeat(47)) + '\n');
+    // Trust score
+    const scoreColor = report.trustScore >= 80 ? colors_js_1.green
+        : report.trustScore >= 60 ? colors_js_1.yellow
+            : colors_js_1.red;
+    process.stdout.write(`  ${(0, colors_js_1.dim)('Trust Score')}      ${scoreColor(`${report.trustScore} / 100`)}  ${(0, colors_js_1.dim)('[Grade:')} ${scoreColor(report.grade)}${(0, colors_js_1.dim)(']')}\n`);
+    process.stdout.write('\n');
+    // Next steps
+    if (report.nextSteps.length > 0) {
+        process.stdout.write((0, colors_js_1.bold)('  Next Steps') + '\n');
+        process.stdout.write((0, colors_js_1.gray)('  ' + '-'.repeat(47)) + '\n');
+        for (const step of report.nextSteps) {
+            const severityTag = step.severity === 'critical' ? (0, colors_js_1.red)(`[CRITICAL]`)
+                : step.severity === 'high' ? (0, colors_js_1.yellow)(`[HIGH]`)
+                    : step.severity === 'medium' ? (0, colors_js_1.cyan)(`[MEDIUM]`)
+                        : (0, colors_js_1.dim)(`[LOW]`);
+            process.stdout.write(`  ${severityTag.padEnd(22)} ${step.description}\n`);
+            process.stdout.write(`  ${' '.repeat(12)} ${(0, colors_js_1.dim)(step.command)}\n\n`);
+        }
+        process.stdout.write((0, colors_js_1.gray)('  ' + '-'.repeat(47)) + '\n');
+    }
+    process.stdout.write('\n');
+    // Quick start hints for new users
+    process.stdout.write((0, colors_js_1.dim)('  Tip: Try these commands to explore further:') + '\n');
+    process.stdout.write((0, colors_js_1.dim)('    opena2a ~<query>     Search commands (e.g. opena2a ~drift)') + '\n');
+    process.stdout.write((0, colors_js_1.dim)('    opena2a ?             Get smart recommendations') + '\n');
+    process.stdout.write((0, colors_js_1.dim)('    opena2a --help        See all available commands') + '\n');
+    process.stdout.write('\n');
+}
+//# sourceMappingURL=init.js.map

package/dist/commands/init.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"init.js","sourceRoot":"","sources":["../../src/commands/init.ts"],"names":[],"mappings":";AAAA;;;;;GAKG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AA+CH,oBAuGC;AApJD,4CAA8B;AAC9B,gDAAkC;AAClC,iDAA8E;AAC9E,iDAAkD;AAClD,2EAAqE;AACrE,yDAAmG;AACnG,mDAAgD;AAqChD,eAAe;AAER,KAAK,UAAU,IAAI,CAAC,OAAoB;IAC7C,MAAM,SAAS,GAAG,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,SAAS,IAAI,OAAO,CAAC,GAAG,EAAE,CAAC,CAAC;IAEnE,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;QAC9B,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAA,eAAG,EAAC,wBAAwB,SAAS,IAAI,CAAC,CAAC,CAAC;QACjE,OAAO,CAAC,CAAC;IACX,CAAC;IAED,yBAAyB;IACzB,MAAM,OAAO,GAAG,IAAA,yBAAa,EAAC,SAAS,CAAC,CAAC;IAEzC,2BAA2B;IAC3B,MAAM,iBAAiB,GAAG,IAAA,4CAAmB,EAAC,SAAS,CAAC,CAAC;IACzD,MAAM,eAAe,GAA2B,EAAE,CAAC;IACnD,KAAK,MAAM,CAAC,IAAI,iBAAiB,EAAE,CAAC;QAClC,eAAe,CAAC,CAAC,CAAC,QAAQ,CAAC,GAAG,CAAC,eAAe,CAAC,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC;IACvE,CAAC;IAED,6BAA6B;IAC7B,MAAM,MAAM,GAAG,gBAAgB,CAAC,SAAS,EAAE,OAAO,EAAE,iBAAiB,CAAC,MAAM,CAAC,CAAC;IAE9E,qCAAqC;IACrC,IAAI,aAAa,GAAkB,EAAE,UAAU,EAAE,EAAE,EAAE,eAAe,EAAE,EAAE,EAAE,KAAK,EAAE,CAAC,EAAE,SAAS,EAAE,KAAK,EAAE,CAAC;IACvG,IAAI,CAAC;QACH,aAAa,GAAG,MAAM,IAAA,+BAAe,EAAC,SAAS,CAAC,CAAC;IACnD,CAAC;IAAC,MAAM,CAAC;QACP,iDAAiD;IACnD,CAAC;IAED,2BAA2B;IAC3B,MAAM,EAAE,KAAK,EAAE,KAAK,EAAE,GAAG,mBAAmB,CAAC,eAAe,EAAE,MAAM,EAAE,SAAS,CAAC,CAAC;IAEjF,yBAAyB;IACzB,MAAM,SAAS,GAAG,iBAAiB,CAAC,iBAAiB,CAAC,MAAM,EAAE,eAAe,EAAE,MAAM,CAAC,CAAC;IAEvF,kBAAkB;IAClB,MAAM,MAAM,GAAe;QACzB,WAAW,EAAE,OAAO,CAAC,IAAI;QACzB,cAAc,EAAE,OAAO,CAAC,OAAO;QAC/B,WAAW,EAAE,iBAAiB,CAAC,OAAO,CAAC;QACvC,SAAS,EAAE,SAAS;QACpB,kBAAkB,EAAE,iBAAiB,CAAC,MAAM;QAC5C,qBAAqB,EAAE,eAAe;QACtC,aAAa,EAAE,MAAM;QACrB,UAAU,EAAE,KAAK;QACjB,KAAK;QACL,SAAS;QACT,UAAU,EAAE;YACV,KAAK,EAAE,aAAa,CAAC,UAAU,CAAC,MAAM;YACtC,eAAe,EAAE,aAAa,CAAC,eAAe;SAC/C;KACF,CAAC;IAEF,YAAY;IACZ,IAAI,OAAO,CAAC,MAAM,KAAK,MAAM,EAAE,CAAC;QAC9B,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,GAAG,IAAI,CAAC,CAAC;IAC/D,CAAC;SAAM,CAAC;QACN,WAAW,CAAC,MAAM,EAAE,OAAO,CAAC,OAAO,CAAC,CAAC;QAErC,+CAA+C;QAC/C,IAAI,OAAO,CAAC,OAAO,IAAI,iBAAiB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACpD,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAA,gBAAI,EAAC,sBAAsB,CAAC,GAAG,IAAI,CAAC,CAAC;YAC1D,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAA,gBAAI,EAAC,IAAI,GAAG,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,GAAG,IAAI,CAAC,CAAC;YACzD,KAAK,MAAM,CAAC,IAAI,iBAAiB,EAAE,CAAC;gBAClC,MAAM,GAAG,GAAG,CAAC,CAAC,QAAQ,KAAK,UAAU,CAAC,CAAC,CAAC,IAAA,eAAG,EAAC,YAAY,CAAC;oBACvD,CAAC,CAAC,CAAC,CAAC,QAAQ,KAAK,MAAM,CAAC,CAAC,CAAC,IAAA,kBAAM,EAAC,QAAQ,CAAC;wBAC1C,CAAC,CAAC,IAAA,gBAAI,EAAC,UAAU,CAAC,CAAC;gBACrB,MAAM,OAAO,GAAG,IAAI,CAAC,QAAQ,CAAC,SAAS,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC;gBACrD,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,KAAK,GAAG,IAAI,IAAA,gBAAI,EAAC,CAAC,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC,KAAK,IAAI,CAAC,CAAC;gBACpE,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,KAAK,IAAA,eAAG,EAAC,SAAS,CAAC,IAAI,OAAO,IAAI,CAAC,CAAC,IAAI,IAAI,CAAC,CAAC;gBACnE,IAAI,CAAC,CAAC,WAAW,EAAE,CAAC;oBAClB,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,KAAK,IAAA,eAAG,EAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,WAAW,IAAI,CAAC,CAAC;gBAChE,CAAC;gBACD,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;YAC7B,CAAC;QACH,CAAC;QAED,mEAAmE;QACnE,MAAM,aAAa,GAAG,iBAAiB,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,SAAS,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC,CAAC;QACrF,IAAI,aAAa,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC7B,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAA,kBAAM,EAAC,IAAA,gBAAI,EAAC,wBAAwB,CAAC,CAAC,GAAG,IAAI,CAAC,CAAC;YACpE,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAA,gBAAI,EAAC,IAAI,GAAG,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,GAAG,IAAI,CAAC,CAAC;YACzD,KAAK,MAAM,CAAC,IAAI,aAAa,EAAE,CAAC;gBAC9B,MAAM,OAAO,GAAG,IAAI,CAAC,QAAQ,CAAC,SAAS,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC;gBACrD,MAAM,SAAS,GAAG,CAAC,CAAC,SAAS,KAAK,WAAW,CAAC,CAAC,CAAC,sCAAsC,CAAC,CAAC,CAAC,+BAA+B,CAAC;gBACzH,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,KAAK,IAAA,kBAAM,EAAC,CAAC,CAAC,SAAS,CAAC,IAAI,SAAS,IAAI,CAAC,CAAC;gBAChE,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,KAAK,IAAA,eAAG,EAAC,IAAI,GAAG,OAAO,GAAG,GAAG,GAAG,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACpE,CAAC;YACD,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;YAC3B,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAA,eAAG,EAAC,0DAA0D,CAAC,GAAG,IAAI,CAAC,CAAC;YAC7F,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAA,eAAG,EAAC,yDAAyD,CAAC,GAAG,IAAI,CAAC,CAAC;YAC5F,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAA,eAAG,EAAC,wBAAwB,CAAC,GAAG,IAAI,CAAC,CAAC;YAC3D,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QAC7B,CAAC;QAED,2CAA2C;QAC3C,IAAI,aAAa,CAAC,UAAU,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACxC,IAAA,qCAAqB,EAAC,aAAa,CAAC,CAAC;QACvC,CAAC;IACH,CAAC;IAED,MAAM,WAAW,GAAG,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,UAAU,CAAC,CAAC;IACnE,OAAO,WAAW,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;AAC7B,CAAC;AAED,yBAAyB;AAEzB,SAAS,gBAAgB,CACvB,GAAW,EACX,OAAyC,EACzC,SAAiB;IAEjB,MAAM,MAAM,GAAmB,EAAE,CAAC;IAElC,yBAAyB;IACzB,IAAI,SAAS,KAAK,CAAC,EAAE,CAAC;QACpB,MAAM,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,iBAAiB,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,aAAa,EAAE,CAAC,CAAC;IACnF,CAAC;SAAM,CAAC;QACN,MAAM,CAAC,IAAI,CAAC;YACV,KAAK,EAAE,iBAAiB;YACxB,MAAM,EAAE,MAAM;YACd,MAAM,EAAE,GAAG,SAAS,WAAW,SAAS,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,GAAG,EAAE;SAC5D,CAAC,CAAC;IACL,CAAC;IAED,aAAa;IACb,MAAM,aAAa,GAAG,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,YAAY,CAAC,CAAC;IACnD,IAAI,EAAE,CAAC,UAAU,CAAC,aAAa,CAAC,EAAE,CAAC;QACjC,MAAM,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,YAAY,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,SAAS,EAAE,CAAC,CAAC;QAExE,kBAAkB;QAClB,MAAM,gBAAgB,GAAG,EAAE,CAAC,YAAY,CAAC,aAAa,EAAE,OAAO,CAAC,CAAC;QACjE,IAAI,gBAAgB,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;YACtC,MAAM,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,iBAAiB,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,eAAe,EAAE,CAAC,CAAC;QACrF,CAAC;aAAM,CAAC;YACN,MAAM,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,iBAAiB,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,mBAAmB,EAAE,CAAC,CAAC;QACzF,CAAC;IACH,CAAC;SAAM,CAAC;QACN,MAAM,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,YAAY,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,SAAS,EAAE,CAAC,CAAC;QACxE,MAAM,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,iBAAiB,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,eAAe,EAAE,CAAC,CAAC;IACrF,CAAC;IAED,YAAY;IACZ,MAAM,SAAS,GAAG;QAChB,EAAE,IAAI,EAAE,mBAAmB,EAAE,KAAK,EAAE,mBAAmB,EAAE;QACzD,EAAE,IAAI,EAAE,WAAW,EAAE,KAAK,EAAE,WAAW,EAAE;QACzC,EAAE,IAAI,EAAE,gBAAgB,EAAE,KAAK,EAAE,gBAAgB,EAAE;QACnD,EAAE,IAAI,EAAE,WAAW,EAAE,KAAK,EAAE,WAAW,EAAE;QACzC,EAAE,IAAI,EAAE,QAAQ,EAAE,KAAK,EAAE,QAAQ,EAAE;QACnC,EAAE,IAAI,EAAE,aAAa,EAAE,KAAK,EAAE,aAAa,EAAE;QAC7C,EAAE,IAAI,EAAE,cAAc,EAAE,KAAK,EAAE,cAAc,EAAE;KAChD,CAAC;IACF,MAAM,SAAS,GAAG,SAAS,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,EAAE,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAC/E,IAAI,SAAS,EAAE,CAAC;QACd,MAAM,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,WAAW,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,SAAS,CAAC,KAAK,EAAE,CAAC,CAAC;IAC/E,CAAC;SAAM,CAAC;QACN,MAAM,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,WAAW,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,YAAY,EAAE,CAAC,CAAC;IAC5E,CAAC;IAED,kBAAkB;IAClB,MAAM,eAAe,GAAG,CAAC,eAAe,EAAE,eAAe,EAAE,gCAAgC,CAAC,CAAC;IAC7F,MAAM,WAAW,GAAG,eAAe,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC;IAClF,IAAI,WAAW,EAAE,CAAC;QAChB,MAAM,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,iBAAiB,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,WAAW,EAAE,CAAC,CAAC;IACjF,CAAC;SAAM,CAAC;QACN,MAAM,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,iBAAiB,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,CAAC,CAAC;IAC5E,CAAC;IAED,aAAa;IACb,IAAI,OAAO,CAAC,MAAM,EAAE,CAAC;QACnB,MAAM,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,YAAY,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,CAAC,CAAC;IACxE,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,sBAAsB;AAEtB,SAAS,mBAAmB,CAC1B,eAAuC,EACvC,MAAsB,EACtB,GAAW;IAEX,IAAI,KAAK,GAAG,GAAG,CAAC;IAEhB,uBAAuB;IACvB,KAAK,IAAI,CAAC,eAAe,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC,GAAG,EAAE,CAAC;IACjD,KAAK,IAAI,CAAC,eAAe,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,GAAG,EAAE,CAAC;IAC7C,KAAK,IAAI,CAAC,eAAe,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC;IAC9C,KAAK,IAAI,CAAC,eAAe,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC;IAE3C,oBAAoB;IACpB,MAAM,cAAc,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,KAAK,KAAK,YAAY,CAAC,CAAC;IAClE,IAAI,cAAc,EAAE,MAAM,KAAK,MAAM;QAAE,KAAK,IAAI,EAAE,CAAC;IAEnD,MAAM,QAAQ,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,KAAK,KAAK,iBAAiB,CAAC,CAAC;IACjE,IAAI,QAAQ,EAAE,MAAM,KAAK,MAAM;QAAE,KAAK,IAAI,EAAE,CAAC;IAE7C,MAAM,SAAS,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,KAAK,KAAK,WAAW,CAAC,CAAC;IAC5D,IAAI,SAAS,EAAE,MAAM,KAAK,MAAM;QAAE,KAAK,IAAI,CAAC,CAAC;IAE7C,4BAA4B;IAC5B,MAAM,SAAS,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,KAAK,KAAK,iBAAiB,CAAC,CAAC;IAClE,IAAI,SAAS,EAAE,MAAM,KAAK,MAAM;QAAE,KAAK,IAAI,CAAC,CAAC;IAE7C,KAAK,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC,CAAC;IAE1C,IAAI,KAAa,CAAC;IAClB,IAAI,KAAK,IAAI,EAAE;QAAE,KAAK,GAAG,GAAG,CAAC;SACxB,IAAI,KAAK,IAAI,EAAE;QAAE,KAAK,GAAG,GAAG,CAAC;SAC7B,IAAI,KAAK,IAAI,EAAE;QAAE,KAAK,GAAG,GAAG,CAAC;SAC7B,IAAI,KAAK,IAAI,EAAE;QAAE,KAAK,GAAG,GAAG,CAAC;;QAC7B,KAAK,GAAG,GAAG,CAAC;IAEjB,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,CAAC;AAC1B,CAAC;AAED,qBAAqB;AAErB,SAAS,iBAAiB,CACxB,SAAiB,EACjB,eAAuC,EACvC,MAAsB;IAEtB,MAAM,KAAK,GAAe,EAAE,CAAC;IAE7B,yBAAyB;IACzB,IAAI,SAAS,GAAG,CAAC,EAAE,CAAC;QAClB,KAAK,CAAC,IAAI,CAAC;YACT,QAAQ,EAAE,UAAU;YACpB,WAAW,EAAE,WAAW,SAAS,wBAAwB,SAAS,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,GAAG,EAAE;YACrF,OAAO,EAAE,iBAAiB;SAC3B,CAAC,CAAC;IACL,CAAC;IAED,kBAAkB;IAClB,MAAM,QAAQ,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,KAAK,KAAK,iBAAiB,CAAC,CAAC;IACjE,IAAI,QAAQ,EAAE,MAAM,KAAK,MAAM,EAAE,CAAC;QAChC,KAAK,CAAC,IAAI,CAAC;YACT,QAAQ,EAAE,MAAM;YAChB,WAAW,EAAE,wBAAwB;YACrC,OAAO,EAAE,2BAA2B;SACrC,CAAC,CAAC;IACL,CAAC;IAED,gBAAgB;IAChB,MAAM,cAAc,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,KAAK,KAAK,YAAY,CAAC,CAAC;IAClE,IAAI,cAAc,EAAE,MAAM,KAAK,MAAM,EAAE,CAAC;QACtC,KAAK,CAAC,IAAI,CAAC;YACT,QAAQ,EAAE,MAAM;YAChB,WAAW,EAAE,mBAAmB;YAChC,OAAO,EAAE,oBAAoB;SAC9B,CAAC,CAAC;IACL,CAAC;IAED,oBAAoB;IACpB,KAAK,CAAC,IAAI,CAAC;QACT,QAAQ,EAAE,QAAQ;QAClB,WAAW,EAAE,iCAAiC;QAC9C,OAAO,EAAE,oBAAoB;KAC9B,CAAC,CAAC;IAEH,qBAAqB;IACrB,KAAK,CAAC,IAAI,CAAC;QACT,QAAQ,EAAE,KAAK;QACf,WAAW,EAAE,0BAA0B;QACvC,OAAO,EAAE,uBAAuB;KACjC,CAAC,CAAC;IAEH,OAAO,KAAK,CAAC;AACf,CAAC;AAED,iBAAiB;AAEjB,SAAS,iBAAiB,CAAC,OAAyC;IAClE,MAAM,KAAK,GAAa,EAAE,CAAC;IAC3B,QAAQ,OAAO,CAAC,IAAI,EAAE,CAAC;QACrB,KAAK,MAAM;YAAE,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;YAAC,MAAM;QAC1C,KAAK,IAAI;YAAE,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAAC,MAAM;QACnC,KAAK,QAAQ;YAAE,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;YAAC,MAAM;QAC3C,OAAO,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;IACjC,CAAC;IACD,IAAI,OAAO,CAAC,MAAM;QAAE,KAAK,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;IAC/C,OAAO,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AACzB,CAAC;AAED,SAAS,WAAW,CAAC,MAAkB,EAAE,QAAkB;IACzD,MAAM,OAAO,GAAG,IAAA,uBAAU,GAAE,CAAC;IAE7B,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAC3B,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAA,gBAAI,EAAC,mCAAmC,CAAC,GAAG,IAAA,eAAG,EAAC,MAAM,OAAO,EAAE,CAAC,GAAG,MAAM,CAAC,CAAC;IAEhG,eAAe;IACf,MAAM,cAAc,GAAG,MAAM,CAAC,WAAW;QACvC,CAAC,CAAC,GAAG,MAAM,CAAC,WAAW,GAAG,MAAM,CAAC,cAAc,CAAC,CAAC,CAAC,IAAI,GAAG,MAAM,CAAC,cAAc,CAAC,CAAC,CAAC,EAAE,EAAE;QACrF,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;IAEpC,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,KAAK,IAAA,eAAG,EAAC,SAAS,CAAC,SAAS,cAAc,IAAI,CAAC,CAAC;IACrE,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,KAAK,IAAA,eAAG,EAAC,MAAM,CAAC,YAAY,MAAM,CAAC,WAAW,IAAI,CAAC,CAAC;IACzE,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,KAAK,IAAA,eAAG,EAAC,WAAW,CAAC,OAAO,MAAM,CAAC,SAAS,IAAI,CAAC,CAAC;IACvE,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAE3B,mBAAmB;IACnB,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAA,gBAAI,EAAC,oBAAoB,CAAC,GAAG,IAAI,CAAC,CAAC;IACxD,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAA,gBAAI,EAAC,IAAI,GAAG,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,GAAG,IAAI,CAAC,CAAC;IAEzD,KAAK,MAAM,KAAK,IAAI,MAAM,CAAC,aAAa,EAAE,CAAC;QACzC,MAAM,aAAa,GAAG,KAAK,CAAC,MAAM,KAAK,MAAM,CAAC,CAAC,CAAC,IAAA,iBAAK,EAAC,KAAK,CAAC,MAAM,CAAC;YACjE,CAAC,CAAC,KAAK,CAAC,MAAM,KAAK,MAAM,CAAC,CAAC,CAAC,IAAA,eAAG,EAAC,KAAK,CAAC,MAAM,CAAC;gBAC7C,CAAC,CAAC,KAAK,CAAC,MAAM,KAAK,MAAM,CAAC,CAAC,CAAC,IAAA,kBAAM,EAAC,KAAK,CAAC,MAAM,CAAC;oBAChD,CAAC,CAAC,IAAA,eAAG,EAAC,KAAK,CAAC,MAAM,CAAC,CAAC;QAEtB,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,KAAK,IAAA,eAAG,EAAC,KAAK,CAAC,KAAK,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,IAAI,aAAa,IAAI,CAAC,CAAC;IAC9E,CAAC;IAED,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAA,gBAAI,EAAC,IAAI,GAAG,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,GAAG,IAAI,CAAC,CAAC;IAEzD,cAAc;IACd,MAAM,UAAU,GAAG,MAAM,CAAC,UAAU,IAAI,EAAE,CAAC,CAAC,CAAC,iBAAK;QAChD,CAAC,CAAC,MAAM,CAAC,UAAU,IAAI,EAAE,CAAC,CAAC,CAAC,kBAAM;YAClC,CAAC,CAAC,eAAG,CAAC;IAER,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,KAAK,IAAA,eAAG,EAAC,aAAa,CAAC,SAAS,UAAU,CAAC,GAAG,MAAM,CAAC,UAAU,QAAQ,CAAC,KAAK,IAAA,eAAG,EAAC,SAAS,CAAC,IAAI,UAAU,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,IAAA,eAAG,EAAC,GAAG,CAAC,IAAI,CAAC,CAAC;IAC7J,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAE3B,aAAa;IACb,IAAI,MAAM,CAAC,SAAS,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAChC,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAA,gBAAI,EAAC,cAAc,CAAC,GAAG,IAAI,CAAC,CAAC;QAClD,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAA,gBAAI,EAAC,IAAI,GAAG,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,GAAG,IAAI,CAAC,CAAC;QAEzD,KAAK,MAAM,IAAI,IAAI,MAAM,CAAC,SAAS,EAAE,CAAC;YACpC,MAAM,WAAW,GAAG,IAAI,CAAC,QAAQ,KAAK,UAAU,CAAC,CAAC,CAAC,IAAA,eAAG,EAAC,YAAY,CAAC;gBAClE,CAAC,CAAC,IAAI,CAAC,QAAQ,KAAK,MAAM,CAAC,CAAC,CAAC,IAAA,kBAAM,EAAC,QAAQ,CAAC;oBAC7C,CAAC,CAAC,IAAI,CAAC,QAAQ,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAA,gBAAI,EAAC,UAAU,CAAC;wBAC/C,CAAC,CAAC,IAAA,eAAG,EAAC,OAAO,CAAC,CAAC;YAEjB,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,KAAK,WAAW,CAAC,MAAM,CAAC,EAAE,CAAC,IAAI,IAAI,CAAC,WAAW,IAAI,CAAC,CAAC;YAC1E,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,KAAK,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,IAAI,IAAA,eAAG,EAAC,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QACvE,CAAC;QAED,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAA,gBAAI,EAAC,IAAI,GAAG,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,GAAG,IAAI,CAAC,CAAC;IAC3D,CAAC;IAED,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAE3B,kCAAkC;IAClC,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAA,eAAG,EAAC,+CAA+C,CAAC,GAAG,IAAI,CAAC,CAAC;IAClF,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAA,eAAG,EAAC,gEAAgE,CAAC,GAAG,IAAI,CAAC,CAAC;IACnG,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAA,eAAG,EAAC,qDAAqD,CAAC,GAAG,IAAI,CAAC,CAAC;IACxF,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAA,eAAG,EAAC,sDAAsD,CAAC,GAAG,IAAI,CAAC,CAAC;IACzF,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;AAC7B,CAAC"}

package/dist/commands/onepassword-migration.d.ts

@@ -0,0 +1,23 @@
+/**
+ * Guided 1Password migration flow.
+ *
+ * Called from protect.ts after successful credential migration to local vault.
+ * Walks users through migrating secrets to 1Password for team sharing
+ * and audit trails. Uses the offerAction pattern for transparency.
+ *
+ * Secretless already has full 1Password backend, migration infrastructure,
+ * and CLI backend switching. This module provides the guided UX layer.
+ */
+interface MigrationContext {
+    /** Number of credentials in local vault */
+    credentialCount: number;
+    /** Whether to skip interactive prompts */
+    ci?: boolean;
+}
+/**
+ * Offer to migrate local vault credentials to 1Password.
+ * Returns true if migration was performed successfully.
+ */
+export declare function offer1PasswordMigration(ctx: MigrationContext): Promise<boolean>;
+export {};
+//# sourceMappingURL=onepassword-migration.d.ts.map

package/dist/commands/onepassword-migration.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"onepassword-migration.d.ts","sourceRoot":"","sources":["../../src/commands/onepassword-migration.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAKH,UAAU,gBAAgB;IACxB,2CAA2C;IAC3C,eAAe,EAAE,MAAM,CAAC;IACxB,0CAA0C;IAC1C,EAAE,CAAC,EAAE,OAAO,CAAC;CACd;AAED;;;GAGG;AACH,wBAAsB,uBAAuB,CAAC,GAAG,EAAE,gBAAgB,GAAG,OAAO,CAAC,OAAO,CAAC,CAkKrF"}

package/dist/commands/onepassword-migration.js

@@ -0,0 +1,179 @@
+"use strict";
+/**
+ * Guided 1Password migration flow.
+ *
+ * Called from protect.ts after successful credential migration to local vault.
+ * Walks users through migrating secrets to 1Password for team sharing
+ * and audit trails. Uses the offerAction pattern for transparency.
+ *
+ * Secretless already has full 1Password backend, migration infrastructure,
+ * and CLI backend switching. This module provides the guided UX layer.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.offer1PasswordMigration = offer1PasswordMigration;
+const colors_js_1 = require("../util/colors.js");
+const spinner_js_1 = require("../util/spinner.js");
+/**
+ * Offer to migrate local vault credentials to 1Password.
+ * Returns true if migration was performed successfully.
+ */
+async function offer1PasswordMigration(ctx) {
+    // CI or non-TTY: skip silently
+    if (ctx.ci || !process.stdin.isTTY) {
+        return false;
+    }
+    // Check if user previously declined permanently
+    let rememberedChoice;
+    try {
+        const shared = await import('@opena2a/shared');
+        const mod = 'default' in shared ? shared.default : shared;
+        rememberedChoice = mod.getRememberedChoice('1password-skip');
+    }
+    catch {
+        // shared not available
+    }
+    if (rememberedChoice === true) {
+        // User said "don't ask again"
+        return false;
+    }
+    // Step 1: Offer
+    process.stdout.write('\n' + (0, colors_js_1.bold)('1Password Integration') + '\n\n');
+    process.stdout.write(`Your ${ctx.credentialCount} credential(s) are in the local encrypted vault.\n` +
+        'Migrate to 1Password for team sharing and audit trails?\n\n');
+    let userChoice;
+    try {
+        const { select } = await import('@inquirer/prompts');
+        userChoice = await select({
+            message: 'Migrate to 1Password?',
+            choices: [
+                { name: 'Yes, set up 1Password', value: 'yes' },
+                { name: 'No, keep local vault', value: 'no' },
+                { name: 'No, and do not ask again', value: 'never' },
+            ],
+        });
+    }
+    catch {
+        return false;
+    }
+    if (userChoice === 'never') {
+        try {
+            const shared = await import('@opena2a/shared');
+            const mod = 'default' in shared ? shared.default : shared;
+            mod.setRememberedChoice('1password-skip', true);
+        }
+        catch {
+            // ignore
+        }
+        process.stdout.write((0, colors_js_1.dim)('Noted. Enable later: opena2a protect --1password') + '\n');
+        return false;
+    }
+    if (userChoice === 'no') {
+        return false;
+    }
+    // Step 2: Prerequisites
+    process.stdout.write('\n' + (0, colors_js_1.bold)('Prerequisites') + '\n\n');
+    process.stdout.write('Before migrating, you need:\n\n');
+    process.stdout.write('  1. ' + (0, colors_js_1.bold)('1Password desktop app') + '\n');
+    process.stdout.write('     Download: ' + (0, colors_js_1.cyan)('https://1password.com/downloads') + '\n\n');
+    process.stdout.write('  2. ' + (0, colors_js_1.bold)('Developer settings enabled') + '\n');
+    process.stdout.write('     1Password > Settings > Developer > "Integrate with 1Password CLI"\n\n');
+    process.stdout.write('  3. ' + (0, colors_js_1.bold)('1Password CLI') + '\n');
+    process.stdout.write('     Install: ' + (0, colors_js_1.cyan)('brew install 1password-cli') + '\n\n');
+    let ready = false;
+    try {
+        const { confirm } = await import('@inquirer/prompts');
+        ready = await confirm({ message: 'Ready?', default: true });
+    }
+    catch {
+        return false;
+    }
+    if (!ready) {
+        process.stdout.write((0, colors_js_1.dim)('Run this flow again after setup: opena2a protect .') + '\n');
+        return false;
+    }
+    // Step 3: Verify 1Password CLI
+    const spinner = new spinner_js_1.Spinner('Checking 1Password CLI...');
+    spinner.start();
+    const opAvailable = await check1PasswordCli();
+    spinner.stop();
+    if (!opAvailable) {
+        process.stdout.write((0, colors_js_1.red)('1Password CLI not found or not authenticated.') + '\n');
+        process.stdout.write((0, colors_js_1.dim)('Install: brew install 1password-cli') + '\n');
+        process.stdout.write((0, colors_js_1.dim)('Then: op signin') + '\n');
+        return false;
+    }
+    process.stdout.write((0, colors_js_1.green)('1Password CLI verified.') + '\n\n');
+    // Step 4: Show plan
+    process.stdout.write((0, colors_js_1.cyan)('What will happen:') + '\n');
+    process.stdout.write(`  1. Create a "Secretless" vault in 1Password (if needed)\n`);
+    process.stdout.write(`  2. Copy ${ctx.credentialCount} secret(s) from local vault to 1Password\n`);
+    process.stdout.write(`  3. Set 1Password as the default Secretless backend\n\n`);
+    process.stdout.write((0, colors_js_1.dim)('If anything goes wrong:') + '\n');
+    process.stdout.write(`  - Your local vault is preserved (not deleted)\n`);
+    process.stdout.write(`  - Run: ${(0, colors_js_1.cyan)('secretless-ai backend set local')} to revert\n\n`);
+    let proceed = false;
+    try {
+        const { confirm } = await import('@inquirer/prompts');
+        proceed = await confirm({ message: 'Proceed with migration?', default: true });
+    }
+    catch {
+        return false;
+    }
+    if (!proceed) {
+        return false;
+    }
+    // Step 5: Execute migration
+    spinner.update('Migrating secrets to 1Password...');
+    spinner.start();
+    try {
+        const secretless = await Function('return import("secretless-ai")')();
+        const mod = 'default' in secretless ? secretless.default : secretless;
+        // Attempt migration
+        if (mod.migrateSecrets) {
+            const result = await mod.migrateSecrets('local', '1password', {
+                deleteFromSource: false,
+            });
+            spinner.stop();
+            const migrated = result?.migrated ?? 0;
+            const failed = result?.failed ?? 0;
+            if (failed > 0) {
+                process.stdout.write((0, colors_js_1.yellow)(`Migrated ${migrated}, failed ${failed} secret(s).`) + '\n');
+            }
+            else {
+                process.stdout.write((0, colors_js_1.green)(`Successfully migrated ${migrated} secret(s) to 1Password.`) + '\n');
+            }
+        }
+        else {
+            spinner.stop();
+            process.stdout.write((0, colors_js_1.yellow)('Migration API not available in this version of secretless-ai.') + '\n');
+            process.stdout.write((0, colors_js_1.dim)('Update: npm install -g secretless-ai@latest') + '\n');
+            return false;
+        }
+        // Step 6: Set default backend
+        if (mod.setBackend) {
+            await mod.setBackend('1password');
+            process.stdout.write((0, colors_js_1.green)('Default backend set to 1Password.') + '\n');
+        }
+        return true;
+    }
+    catch (err) {
+        spinner.stop();
+        process.stderr.write((0, colors_js_1.red)('Migration failed: ') + (err instanceof Error ? err.message : String(err)) + '\n');
+        process.stdout.write((0, colors_js_1.dim)('Your local vault is unchanged. Run: secretless-ai backend set local') + '\n');
+        return false;
+    }
+}
+/**
+ * Check if 1Password CLI is installed and authenticated.
+ */
+async function check1PasswordCli() {
+    try {
+        const { execSync } = await import('node:child_process');
+        execSync('op account get', { stdio: 'pipe', timeout: 5000 });
+        return true;
+    }
+    catch {
+        return false;
+    }
+}
+//# sourceMappingURL=onepassword-migration.js.map

package/dist/commands/onepassword-migration.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"onepassword-migration.js","sourceRoot":"","sources":["../../src/commands/onepassword-migration.ts"],"names":[],"mappings":";AAAA;;;;;;;;;GASG;;AAgBH,0DAkKC;AAhLD,iDAA8E;AAC9E,mDAA6C;AAS7C;;;GAGG;AACI,KAAK,UAAU,uBAAuB,CAAC,GAAqB;IACjE,+BAA+B;IAC/B,IAAI,GAAG,CAAC,EAAE,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,KAAK,EAAE,CAAC;QACnC,OAAO,KAAK,CAAC;IACf,CAAC;IAED,gDAAgD;IAChD,IAAI,gBAAqC,CAAC;IAC1C,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,iBAAiB,CAAC,CAAC;QAC/C,MAAM,GAAG,GAAG,SAAS,IAAI,MAAM,CAAC,CAAC,CAAE,MAAc,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC;QACnE,gBAAgB,GAAG,GAAG,CAAC,mBAAmB,CAAC,gBAAgB,CAAC,CAAC;IAC/D,CAAC;IAAC,MAAM,CAAC;QACP,uBAAuB;IACzB,CAAC;IAED,IAAI,gBAAgB,KAAK,IAAI,EAAE,CAAC;QAC9B,8BAA8B;QAC9B,OAAO,KAAK,CAAC;IACf,CAAC;IAED,gBAAgB;IAChB,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,GAAG,IAAA,gBAAI,EAAC,uBAAuB,CAAC,GAAG,MAAM,CAAC,CAAC;IACpE,OAAO,CAAC,MAAM,CAAC,KAAK,CAClB,QAAQ,GAAG,CAAC,eAAe,oDAAoD;QAC/E,6DAA6D,CAC9D,CAAC;IAEF,IAAI,UAAkB,CAAC;IACvB,IAAI,CAAC;QACH,MAAM,EAAE,MAAM,EAAE,GAAG,MAAM,MAAM,CAAC,mBAAmB,CAAC,CAAC;QACrD,UAAU,GAAG,MAAM,MAAM,CAAC;YACxB,OAAO,EAAE,uBAAuB;YAChC,OAAO,EAAE;gBACP,EAAE,IAAI,EAAE,uBAAuB,EAAE,KAAK,EAAE,KAAK,EAAE;gBAC/C,EAAE,IAAI,EAAE,sBAAsB,EAAE,KAAK,EAAE,IAAI,EAAE;gBAC7C,EAAE,IAAI,EAAE,0BAA0B,EAAE,KAAK,EAAE,OAAO,EAAE;aACrD;SACF,CAAC,CAAC;IACL,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;IAED,IAAI,UAAU,KAAK,OAAO,EAAE,CAAC;QAC3B,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,iBAAiB,CAAC,CAAC;YAC/C,MAAM,GAAG,GAAG,SAAS,IAAI,MAAM,CAAC,CAAC,CAAE,MAAc,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC;YACnE,GAAG,CAAC,mBAAmB,CAAC,gBAAgB,EAAE,IAAI,CAAC,CAAC;QAClD,CAAC;QAAC,MAAM,CAAC;YACP,SAAS;QACX,CAAC;QACD,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAA,eAAG,EAAC,kDAAkD,CAAC,GAAG,IAAI,CAAC,CAAC;QACrF,OAAO,KAAK,CAAC;IACf,CAAC;IAED,IAAI,UAAU,KAAK,IAAI,EAAE,CAAC;QACxB,OAAO,KAAK,CAAC;IACf,CAAC;IAED,wBAAwB;IACxB,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,GAAG,IAAA,gBAAI,EAAC,eAAe,CAAC,GAAG,MAAM,CAAC,CAAC;IAC5D,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,iCAAiC,CAAC,CAAC;IACxD,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,OAAO,GAAG,IAAA,gBAAI,EAAC,uBAAuB,CAAC,GAAG,IAAI,CAAC,CAAC;IACrE,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,iBAAiB,GAAG,IAAA,gBAAI,EAAC,iCAAiC,CAAC,GAAG,MAAM,CAAC,CAAC;IAC3F,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,OAAO,GAAG,IAAA,gBAAI,EAAC,4BAA4B,CAAC,GAAG,IAAI,CAAC,CAAC;IAC1E,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,4EAA4E,CAAC,CAAC;IACnG,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,OAAO,GAAG,IAAA,gBAAI,EAAC,eAAe,CAAC,GAAG,IAAI,CAAC,CAAC;IAC7D,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,gBAAgB,GAAG,IAAA,gBAAI,EAAC,4BAA4B,CAAC,GAAG,MAAM,CAAC,CAAC;IAErF,IAAI,KAAK,GAAG,KAAK,CAAC;IAClB,IAAI,CAAC;QACH,MAAM,EAAE,OAAO,EAAE,GAAG,MAAM,MAAM,CAAC,mBAAmB,CAAC,CAAC;QACtD,KAAK,GAAG,MAAM,OAAO,CAAC,EAAE,OAAO,EAAE,QAAQ,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC;IAC9D,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;IAED,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAA,eAAG,EAAC,oDAAoD,CAAC,GAAG,IAAI,CAAC,CAAC;QACvF,OAAO,KAAK,CAAC;IACf,CAAC;IAED,+BAA+B;IAC/B,MAAM,OAAO,GAAG,IAAI,oBAAO,CAAC,2BAA2B,CAAC,CAAC;IACzD,OAAO,CAAC,KAAK,EAAE,CAAC;IAEhB,MAAM,WAAW,GAAG,MAAM,iBAAiB,EAAE,CAAC;IAC9C,OAAO,CAAC,IAAI,EAAE,CAAC;IAEf,IAAI,CAAC,WAAW,EAAE,CAAC;QACjB,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAA,eAAG,EAAC,+CAA+C,CAAC,GAAG,IAAI,CAAC,CAAC;QAClF,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAA,eAAG,EAAC,qCAAqC,CAAC,GAAG,IAAI,CAAC,CAAC;QACxE,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAA,eAAG,EAAC,iBAAiB,CAAC,GAAG,IAAI,CAAC,CAAC;QACpD,OAAO,KAAK,CAAC;IACf,CAAC;IAED,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAA,iBAAK,EAAC,yBAAyB,CAAC,GAAG,MAAM,CAAC,CAAC;IAEhE,oBAAoB;IACpB,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAA,gBAAI,EAAC,mBAAmB,CAAC,GAAG,IAAI,CAAC,CAAC;IACvD,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,6DAA6D,CAAC,CAAC;IACpF,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,aAAa,GAAG,CAAC,eAAe,4CAA4C,CAAC,CAAC;IACnG,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,0DAA0D,CAAC,CAAC;IACjF,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAA,eAAG,EAAC,yBAAyB,CAAC,GAAG,IAAI,CAAC,CAAC;IAC5D,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,mDAAmD,CAAC,CAAC;IAC1E,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,YAAY,IAAA,gBAAI,EAAC,iCAAiC,CAAC,gBAAgB,CAAC,CAAC;IAE1F,IAAI,OAAO,GAAG,KAAK,CAAC;IACpB,IAAI,CAAC;QACH,MAAM,EAAE,OAAO,EAAE,GAAG,MAAM,MAAM,CAAC,mBAAmB,CAAC,CAAC;QACtD,OAAO,GAAG,MAAM,OAAO,CAAC,EAAE,OAAO,EAAE,yBAAyB,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC;IACjF,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;IAED,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,OAAO,KAAK,CAAC;IACf,CAAC;IAED,4BAA4B;IAC5B,OAAO,CAAC,MAAM,CAAC,mCAAmC,CAAC,CAAC;IACpD,OAAO,CAAC,KAAK,EAAE,CAAC;IAEhB,IAAI,CAAC;QACH,MAAM,UAAU,GAAG,MAAO,QAAQ,CAAC,gCAAgC,CAAC,EAAmB,CAAC;QACxF,MAAM,GAAG,GAAG,SAAS,IAAI,UAAU,CAAC,CAAC,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC,CAAC,UAAU,CAAC;QAEtE,oBAAoB;QACpB,IAAI,GAAG,CAAC,cAAc,EAAE,CAAC;YACvB,MAAM,MAAM,GAAG,MAAM,GAAG,CAAC,cAAc,CAAC,OAAO,EAAE,WAAW,EAAE;gBAC5D,gBAAgB,EAAE,KAAK;aACxB,CAAC,CAAC;YACH,OAAO,CAAC,IAAI,EAAE,CAAC;YAEf,MAAM,QAAQ,GAAG,MAAM,EAAE,QAAQ,IAAI,CAAC,CAAC;YACvC,MAAM,MAAM,GAAG,MAAM,EAAE,MAAM,IAAI,CAAC,CAAC;YAEnC,IAAI,MAAM,GAAG,CAAC,EAAE,CAAC;gBACf,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAA,kBAAM,EAAC,YAAY,QAAQ,YAAY,MAAM,aAAa,CAAC,GAAG,IAAI,CAAC,CAAC;YAC3F,CAAC;iBAAM,CAAC;gBACN,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAA,iBAAK,EAAC,yBAAyB,QAAQ,0BAA0B,CAAC,GAAG,IAAI,CAAC,CAAC;YAClG,CAAC;QACH,CAAC;aAAM,CAAC;YACN,OAAO,CAAC,IAAI,EAAE,CAAC;YACf,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAA,kBAAM,EAAC,+DAA+D,CAAC,GAAG,IAAI,CAAC,CAAC;YACrG,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAA,eAAG,EAAC,6CAA6C,CAAC,GAAG,IAAI,CAAC,CAAC;YAChF,OAAO,KAAK,CAAC;QACf,CAAC;QAED,8BAA8B;QAC9B,IAAI,GAAG,CAAC,UAAU,EAAE,CAAC;YACnB,MAAM,GAAG,CAAC,UAAU,CAAC,WAAW,CAAC,CAAC;YAClC,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAA,iBAAK,EAAC,mCAAmC,CAAC,GAAG,IAAI,CAAC,CAAC;QAC1E,CAAC;QAED,OAAO,IAAI,CAAC;IACd,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,OAAO,CAAC,IAAI,EAAE,CAAC;QACf,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAA,eAAG,EAAC,oBAAoB,CAAC,GAAG,CAAC,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,GAAG,IAAI,CAAC,CAAC;QAC5G,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAA,eAAG,EAAC,qEAAqE,CAAC,GAAG,IAAI,CAAC,CAAC;QACxG,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED;;GAEG;AACH,KAAK,UAAU,iBAAiB;IAC9B,IAAI,CAAC;QACH,MAAM,EAAE,QAAQ,EAAE,GAAG,MAAM,MAAM,CAAC,oBAAoB,CAAC,CAAC;QACxD,QAAQ,CAAC,gBAAgB,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC;QAC7D,OAAO,IAAI,CAAC;IACd,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC"}

package/dist/commands/protect.d.ts

@@ -0,0 +1,34 @@
+/**
+ * opena2a protect — Detect credentials and migrate to Secretless vault.
+ *
+ * Flow:
+ * 1. Run HMA CRED + DRIFT checks on the target directory
+ * 2. For each detected credential with a raw value:
+ *    a. Store in Secretless SecretStore
+ *    b. Replace in source file with environment variable reference
+ *    c. Register broker policy (default: deny-all, must be explicitly allowed)
+ *    d. Add to .env.example
+ * 3. Re-run scan to verify clean
+ * 4. Output migration report
+ */
+export interface ProtectOptions {
+    /** Target directory to scan and protect */
+    targetDir: string;
+    /** Dry run mode (show what would change, don't modify) */
+    dryRun?: boolean;
+    /** Verbose output */
+    verbose?: boolean;
+    /** CI mode (no interactive prompts) */
+    ci?: boolean;
+    /** Output format */
+    format?: 'text' | 'json';
+    /** Skip verification re-scan */
+    skipVerify?: boolean;
+    /** Path to write interactive HTML report */
+    report?: string;
+}
+/**
+ * Main protect command. Scans for credentials, migrates to vault, verifies clean.
+ */
+export declare function protect(options: ProtectOptions): Promise<number>;
+//# sourceMappingURL=protect.d.ts.map