opena2a-cli 0.1.2 → 0.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +225 -1
- package/dist/commands/guard-hooks.d.ts +27 -0
- package/dist/commands/guard-hooks.d.ts.map +1 -0
- package/dist/commands/guard-hooks.js +207 -0
- package/dist/commands/guard-hooks.js.map +1 -0
- package/dist/commands/guard-policy.d.ts +54 -0
- package/dist/commands/guard-policy.d.ts.map +1 -0
- package/dist/commands/guard-policy.js +251 -0
- package/dist/commands/guard-policy.js.map +1 -0
- package/dist/commands/guard-signing.d.ts +52 -0
- package/dist/commands/guard-signing.d.ts.map +1 -0
- package/dist/commands/guard-signing.js +185 -0
- package/dist/commands/guard-signing.js.map +1 -0
- package/dist/commands/guard-snapshots.d.ts +54 -0
- package/dist/commands/guard-snapshots.d.ts.map +1 -0
- package/dist/commands/guard-snapshots.js +346 -0
- package/dist/commands/guard-snapshots.js.map +1 -0
- package/dist/commands/guard.d.ts +60 -4
- package/dist/commands/guard.d.ts.map +1 -1
- package/dist/commands/guard.js +475 -95
- package/dist/commands/guard.js.map +1 -1
- package/dist/commands/init.js +3 -4
- package/dist/commands/init.js.map +1 -1
- package/dist/commands/shield.d.ts +3 -0
- package/dist/commands/shield.d.ts.map +1 -1
- package/dist/commands/shield.js +458 -30
- package/dist/commands/shield.js.map +1 -1
- package/dist/index.js +15 -6
- package/dist/index.js.map +1 -1
- package/dist/router.d.ts.map +1 -1
- package/dist/router.js +1 -0
- package/dist/router.js.map +1 -1
- package/dist/shield/arp-bridge.d.ts +62 -0
- package/dist/shield/arp-bridge.d.ts.map +1 -0
- package/dist/shield/arp-bridge.js +198 -0
- package/dist/shield/arp-bridge.js.map +1 -0
- package/dist/shield/baselines.d.ts +58 -0
- package/dist/shield/baselines.d.ts.map +1 -0
- package/dist/shield/baselines.js +371 -0
- package/dist/shield/baselines.js.map +1 -0
- package/dist/shield/findings.d.ts +52 -0
- package/dist/shield/findings.d.ts.map +1 -0
- package/dist/shield/findings.js +336 -0
- package/dist/shield/findings.js.map +1 -0
- package/dist/shield/integrity.d.ts.map +1 -1
- package/dist/shield/integrity.js +6 -2
- package/dist/shield/integrity.js.map +1 -1
- package/dist/shield/report-html.d.ts +29 -0
- package/dist/shield/report-html.d.ts.map +1 -0
- package/dist/shield/report-html.js +596 -0
- package/dist/shield/report-html.js.map +1 -0
- package/dist/shield/sarif.d.ts +65 -0
- package/dist/shield/sarif.d.ts.map +1 -0
- package/dist/shield/sarif.js +108 -0
- package/dist/shield/sarif.js.map +1 -0
- package/dist/shield/status.d.ts.map +1 -1
- package/dist/shield/status.js +6 -6
- package/dist/shield/status.js.map +1 -1
- package/dist/shield/types.d.ts +19 -1
- package/dist/shield/types.d.ts.map +1 -1
- package/dist/shield/types.js +2 -1
- package/dist/shield/types.js.map +1 -1
- package/package.json +1 -1
|
@@ -0,0 +1,346 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
/**
|
|
3
|
+
* ConfigGuard Snapshots -- timestamped snapshots of signature state for rollback.
|
|
4
|
+
*
|
|
5
|
+
* Stores snapshots in .opena2a/guard/snapshots/ as ISO-timestamped JSON files.
|
|
6
|
+
* Supports create, list, restore, and automatic pruning at 20 snapshots.
|
|
7
|
+
*/
|
|
8
|
+
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
|
|
9
|
+
if (k2 === undefined) k2 = k;
|
|
10
|
+
var desc = Object.getOwnPropertyDescriptor(m, k);
|
|
11
|
+
if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
|
|
12
|
+
desc = { enumerable: true, get: function() { return m[k]; } };
|
|
13
|
+
}
|
|
14
|
+
Object.defineProperty(o, k2, desc);
|
|
15
|
+
}) : (function(o, m, k, k2) {
|
|
16
|
+
if (k2 === undefined) k2 = k;
|
|
17
|
+
o[k2] = m[k];
|
|
18
|
+
}));
|
|
19
|
+
var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
|
|
20
|
+
Object.defineProperty(o, "default", { enumerable: true, value: v });
|
|
21
|
+
}) : function(o, v) {
|
|
22
|
+
o["default"] = v;
|
|
23
|
+
});
|
|
24
|
+
var __importStar = (this && this.__importStar) || (function () {
|
|
25
|
+
var ownKeys = function(o) {
|
|
26
|
+
ownKeys = Object.getOwnPropertyNames || function (o) {
|
|
27
|
+
var ar = [];
|
|
28
|
+
for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
|
|
29
|
+
return ar;
|
|
30
|
+
};
|
|
31
|
+
return ownKeys(o);
|
|
32
|
+
};
|
|
33
|
+
return function (mod) {
|
|
34
|
+
if (mod && mod.__esModule) return mod;
|
|
35
|
+
var result = {};
|
|
36
|
+
if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
|
|
37
|
+
__setModuleDefault(result, mod);
|
|
38
|
+
return result;
|
|
39
|
+
};
|
|
40
|
+
})();
|
|
41
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
42
|
+
exports._internals = void 0;
|
|
43
|
+
exports.guardResign = guardResign;
|
|
44
|
+
exports.guardSnapshot = guardSnapshot;
|
|
45
|
+
const fs = __importStar(require("node:fs"));
|
|
46
|
+
const path = __importStar(require("node:path"));
|
|
47
|
+
// --- Constants ---
|
|
48
|
+
const STORE_DIR = '.opena2a/guard';
|
|
49
|
+
const STORE_FILE = 'signatures.json';
|
|
50
|
+
const SNAPSHOTS_DIR = '.opena2a/guard/snapshots';
|
|
51
|
+
const MAX_SNAPSHOTS = 20;
|
|
52
|
+
// --- Core ---
|
|
53
|
+
function createSnapshot(targetDir) {
|
|
54
|
+
const storePath = path.join(targetDir, STORE_DIR, STORE_FILE);
|
|
55
|
+
if (!fs.existsSync(storePath)) {
|
|
56
|
+
throw new Error('No signature store found. Run: opena2a guard sign');
|
|
57
|
+
}
|
|
58
|
+
const storeContent = fs.readFileSync(storePath, 'utf-8');
|
|
59
|
+
const store = JSON.parse(storeContent);
|
|
60
|
+
const now = new Date();
|
|
61
|
+
const id = now.toISOString().replace(/:/g, '-').replace(/\.\d+Z$/, 'Z');
|
|
62
|
+
const snapshotsDir = path.join(targetDir, SNAPSHOTS_DIR);
|
|
63
|
+
fs.mkdirSync(snapshotsDir, { recursive: true });
|
|
64
|
+
const snapshotPath = path.join(snapshotsDir, `${id}.json`);
|
|
65
|
+
fs.writeFileSync(snapshotPath, storeContent, 'utf-8');
|
|
66
|
+
pruneSnapshots(snapshotsDir);
|
|
67
|
+
return {
|
|
68
|
+
id,
|
|
69
|
+
path: snapshotPath,
|
|
70
|
+
fileCount: store.signatures?.length ?? 0,
|
|
71
|
+
};
|
|
72
|
+
}
|
|
73
|
+
function listSnapshots(targetDir) {
|
|
74
|
+
const snapshotsDir = path.join(targetDir, SNAPSHOTS_DIR);
|
|
75
|
+
if (!fs.existsSync(snapshotsDir))
|
|
76
|
+
return [];
|
|
77
|
+
const entries = fs.readdirSync(snapshotsDir).filter(f => f.endsWith('.json'));
|
|
78
|
+
const snapshots = [];
|
|
79
|
+
for (const entry of entries) {
|
|
80
|
+
const fullPath = path.join(snapshotsDir, entry);
|
|
81
|
+
try {
|
|
82
|
+
const content = fs.readFileSync(fullPath, 'utf-8');
|
|
83
|
+
const store = JSON.parse(content);
|
|
84
|
+
const id = entry.replace(/\.json$/, '');
|
|
85
|
+
// Reconstruct ISO date from ID: 2026-03-03T01-12-55Z -> 2026-03-03T01:12:55.000Z
|
|
86
|
+
const createdAt = id.replace(/-(?=\d{2}-\d{2}Z)/g, ':').replace(/-(?=\d{2}Z)/g, ':').replace(/Z$/, '.000Z');
|
|
87
|
+
snapshots.push({
|
|
88
|
+
id,
|
|
89
|
+
createdAt,
|
|
90
|
+
fileCount: store.signatures?.length ?? 0,
|
|
91
|
+
path: fullPath,
|
|
92
|
+
});
|
|
93
|
+
}
|
|
94
|
+
catch {
|
|
95
|
+
// Skip corrupt snapshot files
|
|
96
|
+
}
|
|
97
|
+
}
|
|
98
|
+
// Sort newest first
|
|
99
|
+
snapshots.sort((a, b) => b.createdAt.localeCompare(a.createdAt));
|
|
100
|
+
return snapshots;
|
|
101
|
+
}
|
|
102
|
+
function restoreSnapshot(targetDir, snapshotId) {
|
|
103
|
+
const snapshotsDir = path.join(targetDir, SNAPSHOTS_DIR);
|
|
104
|
+
const snapshotPath = path.join(snapshotsDir, `${snapshotId}.json`);
|
|
105
|
+
if (!fs.existsSync(snapshotPath)) {
|
|
106
|
+
throw new Error(`Snapshot not found: ${snapshotId}`);
|
|
107
|
+
}
|
|
108
|
+
const storePath = path.join(targetDir, STORE_DIR, STORE_FILE);
|
|
109
|
+
// Track previous snapshot ID if there is an existing store
|
|
110
|
+
let previousId = null;
|
|
111
|
+
if (fs.existsSync(storePath)) {
|
|
112
|
+
try {
|
|
113
|
+
// Create a safety snapshot of current state before restoring
|
|
114
|
+
const safetyResult = createSnapshot(targetDir);
|
|
115
|
+
previousId = safetyResult.id;
|
|
116
|
+
}
|
|
117
|
+
catch {
|
|
118
|
+
// No current store to snapshot -- that is fine
|
|
119
|
+
}
|
|
120
|
+
}
|
|
121
|
+
const snapshotContent = fs.readFileSync(snapshotPath, 'utf-8');
|
|
122
|
+
const store = JSON.parse(snapshotContent);
|
|
123
|
+
fs.mkdirSync(path.join(targetDir, STORE_DIR), { recursive: true });
|
|
124
|
+
fs.writeFileSync(storePath, snapshotContent, 'utf-8');
|
|
125
|
+
return {
|
|
126
|
+
restored: true,
|
|
127
|
+
fileCount: store.signatures?.length ?? 0,
|
|
128
|
+
previousId,
|
|
129
|
+
};
|
|
130
|
+
}
|
|
131
|
+
// --- Pruning ---
|
|
132
|
+
function pruneSnapshots(snapshotsDir) {
|
|
133
|
+
const entries = fs.readdirSync(snapshotsDir)
|
|
134
|
+
.filter(f => f.endsWith('.json'))
|
|
135
|
+
.sort();
|
|
136
|
+
if (entries.length <= MAX_SNAPSHOTS)
|
|
137
|
+
return;
|
|
138
|
+
const toRemove = entries.slice(0, entries.length - MAX_SNAPSHOTS);
|
|
139
|
+
for (const entry of toRemove) {
|
|
140
|
+
try {
|
|
141
|
+
fs.unlinkSync(path.join(snapshotsDir, entry));
|
|
142
|
+
}
|
|
143
|
+
catch {
|
|
144
|
+
// Best-effort pruning
|
|
145
|
+
}
|
|
146
|
+
}
|
|
147
|
+
}
|
|
148
|
+
async function guardResign(targetDir, options) {
|
|
149
|
+
const isJson = options.format === 'json';
|
|
150
|
+
const isCi = options.ci ?? false;
|
|
151
|
+
// Load store
|
|
152
|
+
const storePath = path.join(targetDir, STORE_DIR, STORE_FILE);
|
|
153
|
+
if (!fs.existsSync(storePath)) {
|
|
154
|
+
if (isJson) {
|
|
155
|
+
process.stdout.write(JSON.stringify({ error: 'No signature store found. Run: opena2a guard sign' }, null, 2) + '\n');
|
|
156
|
+
}
|
|
157
|
+
else {
|
|
158
|
+
process.stderr.write('No signature store found. Run: opena2a guard sign\n');
|
|
159
|
+
}
|
|
160
|
+
return 1;
|
|
161
|
+
}
|
|
162
|
+
const store = JSON.parse(fs.readFileSync(storePath, 'utf-8'));
|
|
163
|
+
const { createHash } = await import('node:crypto');
|
|
164
|
+
const os = await import('node:os');
|
|
165
|
+
const tampered = [];
|
|
166
|
+
for (let i = 0; i < store.signatures.length; i++) {
|
|
167
|
+
const sig = store.signatures[i];
|
|
168
|
+
const fullPath = path.join(targetDir, sig.filePath);
|
|
169
|
+
if (!fs.existsSync(fullPath))
|
|
170
|
+
continue;
|
|
171
|
+
const content = fs.readFileSync(fullPath);
|
|
172
|
+
const currentHash = 'sha256:' + createHash('sha256').update(content).digest('hex');
|
|
173
|
+
if (currentHash !== sig.hash) {
|
|
174
|
+
tampered.push({ filePath: sig.filePath, sizeChange: content.length - sig.fileSize, sigIndex: i });
|
|
175
|
+
}
|
|
176
|
+
}
|
|
177
|
+
if (tampered.length === 0) {
|
|
178
|
+
if (isJson) {
|
|
179
|
+
process.stdout.write(JSON.stringify({ resigned: 0, files: [] }, null, 2) + '\n');
|
|
180
|
+
}
|
|
181
|
+
else {
|
|
182
|
+
process.stdout.write('All signed files are up to date. Nothing to re-sign.\n');
|
|
183
|
+
}
|
|
184
|
+
return 0;
|
|
185
|
+
}
|
|
186
|
+
// Show changes
|
|
187
|
+
if (!isJson) {
|
|
188
|
+
process.stdout.write(`Found ${tampered.length} modified file${tampered.length === 1 ? '' : 's'}:\n`);
|
|
189
|
+
for (const entry of tampered) {
|
|
190
|
+
const sign = entry.sizeChange > 0 ? '+' : '';
|
|
191
|
+
const sizeInfo = entry.sizeChange !== 0 ? ` (${sign}${entry.sizeChange}b)` : '';
|
|
192
|
+
process.stdout.write(` CHANGED ${entry.filePath}${sizeInfo}\n`);
|
|
193
|
+
}
|
|
194
|
+
}
|
|
195
|
+
// Confirm in interactive mode
|
|
196
|
+
if (!isCi && !isJson) {
|
|
197
|
+
const confirmed = await confirmAction();
|
|
198
|
+
if (!confirmed) {
|
|
199
|
+
process.stdout.write('Re-sign cancelled.\n');
|
|
200
|
+
return 1;
|
|
201
|
+
}
|
|
202
|
+
}
|
|
203
|
+
// Create safety snapshot before re-signing
|
|
204
|
+
try {
|
|
205
|
+
const snapshot = createSnapshot(targetDir);
|
|
206
|
+
if (!isJson) {
|
|
207
|
+
process.stdout.write(`Safety snapshot created: ${snapshot.id}\n`);
|
|
208
|
+
}
|
|
209
|
+
}
|
|
210
|
+
catch {
|
|
211
|
+
// Snapshot creation failed -- proceed anyway
|
|
212
|
+
}
|
|
213
|
+
// Re-sign only the changed files
|
|
214
|
+
const now = new Date().toISOString();
|
|
215
|
+
const signedBy = os.userInfo().username + '@opena2a-cli';
|
|
216
|
+
for (const entry of tampered) {
|
|
217
|
+
const fullPath = path.join(targetDir, entry.filePath);
|
|
218
|
+
const content = fs.readFileSync(fullPath);
|
|
219
|
+
const hash = 'sha256:' + createHash('sha256').update(content).digest('hex');
|
|
220
|
+
const stat = fs.statSync(fullPath);
|
|
221
|
+
store.signatures[entry.sigIndex].hash = hash;
|
|
222
|
+
store.signatures[entry.sigIndex].signedAt = now;
|
|
223
|
+
store.signatures[entry.sigIndex].signedBy = signedBy;
|
|
224
|
+
store.signatures[entry.sigIndex].fileSize = stat.size;
|
|
225
|
+
}
|
|
226
|
+
store.updatedAt = now;
|
|
227
|
+
// Write updated store
|
|
228
|
+
fs.mkdirSync(path.join(targetDir, STORE_DIR), { recursive: true });
|
|
229
|
+
fs.writeFileSync(storePath, JSON.stringify(store, null, 2) + '\n', 'utf-8');
|
|
230
|
+
// Emit shield event
|
|
231
|
+
try {
|
|
232
|
+
const { writeEvent } = await import('../shield/events.js');
|
|
233
|
+
writeEvent({
|
|
234
|
+
source: 'configguard', category: 'config.resigned', severity: 'info',
|
|
235
|
+
agent: null, sessionId: null, action: 'guard.resign', target: targetDir,
|
|
236
|
+
outcome: 'allowed', detail: { fileCount: tampered.length, files: tampered.map(t => t.filePath) },
|
|
237
|
+
orgId: null, managed: false, agentId: null,
|
|
238
|
+
});
|
|
239
|
+
}
|
|
240
|
+
catch { /* Shield module not available */ }
|
|
241
|
+
if (isJson) {
|
|
242
|
+
process.stdout.write(JSON.stringify({ resigned: tampered.length, files: tampered.map(t => t.filePath) }, null, 2) + '\n');
|
|
243
|
+
}
|
|
244
|
+
else {
|
|
245
|
+
process.stdout.write(`Re-signed ${tampered.length} file${tampered.length === 1 ? '' : 's'}.\n`);
|
|
246
|
+
}
|
|
247
|
+
return 0;
|
|
248
|
+
}
|
|
249
|
+
function confirmAction() {
|
|
250
|
+
return new Promise((resolve) => {
|
|
251
|
+
process.stdout.write('\nConfirm re-sign? [y/N] ');
|
|
252
|
+
const { createInterface } = require('node:readline');
|
|
253
|
+
const rl = createInterface({ input: process.stdin, output: process.stdout, terminal: false });
|
|
254
|
+
rl.once('line', (answer) => {
|
|
255
|
+
rl.close();
|
|
256
|
+
resolve(answer.trim().toLowerCase() === 'y' || answer.trim().toLowerCase() === 'yes');
|
|
257
|
+
});
|
|
258
|
+
rl.once('close', () => resolve(false));
|
|
259
|
+
});
|
|
260
|
+
}
|
|
261
|
+
async function guardSnapshot(targetDir, options) {
|
|
262
|
+
const isJson = options.format === 'json';
|
|
263
|
+
const action = options.args?.[0] ?? 'list';
|
|
264
|
+
if (action === 'create') {
|
|
265
|
+
try {
|
|
266
|
+
const result = createSnapshot(targetDir);
|
|
267
|
+
if (isJson) {
|
|
268
|
+
process.stdout.write(JSON.stringify(result, null, 2) + '\n');
|
|
269
|
+
}
|
|
270
|
+
else {
|
|
271
|
+
process.stdout.write(`Snapshot created: ${result.id} (${result.fileCount} files)\n`);
|
|
272
|
+
}
|
|
273
|
+
return 0;
|
|
274
|
+
}
|
|
275
|
+
catch (err) {
|
|
276
|
+
const msg = err instanceof Error ? err.message : String(err);
|
|
277
|
+
if (isJson) {
|
|
278
|
+
process.stdout.write(JSON.stringify({ error: msg }, null, 2) + '\n');
|
|
279
|
+
}
|
|
280
|
+
else {
|
|
281
|
+
process.stderr.write(`Error: ${msg}\n`);
|
|
282
|
+
}
|
|
283
|
+
return 1;
|
|
284
|
+
}
|
|
285
|
+
}
|
|
286
|
+
if (action === 'list') {
|
|
287
|
+
const snapshots = listSnapshots(targetDir);
|
|
288
|
+
if (isJson) {
|
|
289
|
+
process.stdout.write(JSON.stringify({ snapshots }, null, 2) + '\n');
|
|
290
|
+
}
|
|
291
|
+
else if (snapshots.length === 0) {
|
|
292
|
+
process.stdout.write('No snapshots found.\n');
|
|
293
|
+
}
|
|
294
|
+
else {
|
|
295
|
+
for (const s of snapshots) {
|
|
296
|
+
process.stdout.write(` ${s.id} (${s.fileCount} files)\n`);
|
|
297
|
+
}
|
|
298
|
+
process.stdout.write(`Total: ${snapshots.length} snapshot${snapshots.length === 1 ? '' : 's'}\n`);
|
|
299
|
+
}
|
|
300
|
+
return 0;
|
|
301
|
+
}
|
|
302
|
+
if (action === 'restore') {
|
|
303
|
+
const id = options.args?.[1];
|
|
304
|
+
if (!id) {
|
|
305
|
+
if (isJson) {
|
|
306
|
+
process.stdout.write(JSON.stringify({ error: 'Snapshot ID required. Usage: opena2a guard snapshot restore <id>' }, null, 2) + '\n');
|
|
307
|
+
}
|
|
308
|
+
else {
|
|
309
|
+
process.stderr.write('Snapshot ID required. Usage: opena2a guard snapshot restore <id>\n');
|
|
310
|
+
}
|
|
311
|
+
return 1;
|
|
312
|
+
}
|
|
313
|
+
try {
|
|
314
|
+
const result = restoreSnapshot(targetDir, id);
|
|
315
|
+
if (isJson) {
|
|
316
|
+
process.stdout.write(JSON.stringify(result, null, 2) + '\n');
|
|
317
|
+
}
|
|
318
|
+
else {
|
|
319
|
+
process.stdout.write(`Restored snapshot: ${id} (${result.fileCount} files)\n`);
|
|
320
|
+
if (result.previousId) {
|
|
321
|
+
process.stdout.write(`Previous state saved as: ${result.previousId}\n`);
|
|
322
|
+
}
|
|
323
|
+
}
|
|
324
|
+
return 0;
|
|
325
|
+
}
|
|
326
|
+
catch (err) {
|
|
327
|
+
const msg = err instanceof Error ? err.message : String(err);
|
|
328
|
+
if (isJson) {
|
|
329
|
+
process.stdout.write(JSON.stringify({ error: msg }, null, 2) + '\n');
|
|
330
|
+
}
|
|
331
|
+
else {
|
|
332
|
+
process.stderr.write(`Error: ${msg}\n`);
|
|
333
|
+
}
|
|
334
|
+
return 1;
|
|
335
|
+
}
|
|
336
|
+
}
|
|
337
|
+
process.stderr.write(`Unknown snapshot action: ${action}\nUsage: opena2a guard snapshot <create|list|restore> [id]\n`);
|
|
338
|
+
return 1;
|
|
339
|
+
}
|
|
340
|
+
// --- Testable internals ---
|
|
341
|
+
exports._internals = {
|
|
342
|
+
createSnapshot, listSnapshots, restoreSnapshot, pruneSnapshots,
|
|
343
|
+
guardResign, guardSnapshot, confirmAction,
|
|
344
|
+
STORE_DIR, STORE_FILE, SNAPSHOTS_DIR, MAX_SNAPSHOTS,
|
|
345
|
+
};
|
|
346
|
+
//# sourceMappingURL=guard-snapshots.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"guard-snapshots.js","sourceRoot":"","sources":["../../src/commands/guard-snapshots.ts"],"names":[],"mappings":";AAAA;;;;;GAKG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AA0JH,kCAmGC;AAqBD,sCAsDC;AAtUD,4CAA8B;AAC9B,gDAAkC;AAuBlC,oBAAoB;AAEpB,MAAM,SAAS,GAAG,gBAAgB,CAAC;AACnC,MAAM,UAAU,GAAG,iBAAiB,CAAC;AACrC,MAAM,aAAa,GAAG,0BAA0B,CAAC;AACjD,MAAM,aAAa,GAAG,EAAE,CAAC;AAEzB,eAAe;AAEf,SAAS,cAAc,CAAC,SAAiB;IACvC,MAAM,SAAS,GAAG,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,SAAS,EAAE,UAAU,CAAC,CAAC;IAC9D,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;QAC9B,MAAM,IAAI,KAAK,CAAC,mDAAmD,CAAC,CAAC;IACvE,CAAC;IAED,MAAM,YAAY,GAAG,EAAE,CAAC,YAAY,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC;IACzD,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC;IAEvC,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC;IACvB,MAAM,EAAE,GAAG,GAAG,CAAC,WAAW,EAAE,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,SAAS,EAAE,GAAG,CAAC,CAAC;IACxE,MAAM,YAAY,GAAG,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,aAAa,CAAC,CAAC;IACzD,EAAE,CAAC,SAAS,CAAC,YAAY,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IAEhD,MAAM,YAAY,GAAG,IAAI,CAAC,IAAI,CAAC,YAAY,EAAE,GAAG,EAAE,OAAO,CAAC,CAAC;IAC3D,EAAE,CAAC,aAAa,CAAC,YAAY,EAAE,YAAY,EAAE,OAAO,CAAC,CAAC;IAEtD,cAAc,CAAC,YAAY,CAAC,CAAC;IAE7B,OAAO;QACL,EAAE;QACF,IAAI,EAAE,YAAY;QAClB,SAAS,EAAE,KAAK,CAAC,UAAU,EAAE,MAAM,IAAI,CAAC;KACzC,CAAC;AACJ,CAAC;AAED,SAAS,aAAa,CAAC,SAAiB;IACtC,MAAM,YAAY,GAAG,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,aAAa,CAAC,CAAC;IACzD,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,YAAY,CAAC;QAAE,OAAO,EAAE,CAAC;IAE5C,MAAM,OAAO,GAAG,EAAE,CAAC,WAAW,CAAC,YAAY,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAC;IAC9E,MAAM,SAAS,GAAmB,EAAE,CAAC;IAErC,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE,CAAC;QAC5B,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,YAAY,EAAE,KAAK,CAAC,CAAC;QAChD,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,EAAE,CAAC,YAAY,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;YACnD,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;YAClC,MAAM,EAAE,GAAG,KAAK,CAAC,OAAO,CAAC,SAAS,EAAE,EAAE,CAAC,CAAC;YACxC,iFAAiF;YACjF,MAAM,SAAS,GAAG,EAAE,CAAC,OAAO,CAAC,oBAAoB,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,cAAc,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;YAC5G,SAAS,CAAC,IAAI,CAAC;gBACb,EAAE;gBACF,SAAS;gBACT,SAAS,EAAE,KAAK,CAAC,UAAU,EAAE,MAAM,IAAI,CAAC;gBACxC,IAAI,EAAE,QAAQ;aACf,CAAC,CAAC;QACL,CAAC;QAAC,MAAM,CAAC;YACP,8BAA8B;QAChC,CAAC;IACH,CAAC;IAED,oBAAoB;IACpB,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,SAAS,CAAC,aAAa,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC;IACjE,OAAO,SAAS,CAAC;AACnB,CAAC;AAED,SAAS,eAAe,CAAC,SAAiB,EAAE,UAAkB;IAC5D,MAAM,YAAY,GAAG,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,aAAa,CAAC,CAAC;IACzD,MAAM,YAAY,GAAG,IAAI,CAAC,IAAI,CAAC,YAAY,EAAE,GAAG,UAAU,OAAO,CAAC,CAAC;IAEnE,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,YAAY,CAAC,EAAE,CAAC;QACjC,MAAM,IAAI,KAAK,CAAC,uBAAuB,UAAU,EAAE,CAAC,CAAC;IACvD,CAAC;IAED,MAAM,SAAS,GAAG,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,SAAS,EAAE,UAAU,CAAC,CAAC;IAE9D,2DAA2D;IAC3D,IAAI,UAAU,GAAkB,IAAI,CAAC;IACrC,IAAI,EAAE,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;QAC7B,IAAI,CAAC;YACH,6DAA6D;YAC7D,MAAM,YAAY,GAAG,cAAc,CAAC,SAAS,CAAC,CAAC;YAC/C,UAAU,GAAG,YAAY,CAAC,EAAE,CAAC;QAC/B,CAAC;QAAC,MAAM,CAAC;YACP,+CAA+C;QACjD,CAAC;IACH,CAAC;IAED,MAAM,eAAe,GAAG,EAAE,CAAC,YAAY,CAAC,YAAY,EAAE,OAAO,CAAC,CAAC;IAC/D,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,eAAe,CAAC,CAAC;IAE1C,EAAE,CAAC,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,SAAS,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IACnE,EAAE,CAAC,aAAa,CAAC,SAAS,EAAE,eAAe,EAAE,OAAO,CAAC,CAAC;IAEtD,OAAO;QACL,QAAQ,EAAE,IAAI;QACd,SAAS,EAAE,KAAK,CAAC,UAAU,EAAE,MAAM,IAAI,CAAC;QACxC,UAAU;KACX,CAAC;AACJ,CAAC;AAED,kBAAkB;AAElB,SAAS,cAAc,CAAC,YAAoB;IAC1C,MAAM,OAAO,GAAG,EAAE,CAAC,WAAW,CAAC,YAAY,CAAC;SACzC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;SAChC,IAAI,EAAE,CAAC;IAEV,IAAI,OAAO,CAAC,MAAM,IAAI,aAAa;QAAE,OAAO;IAE5C,MAAM,QAAQ,GAAG,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,OAAO,CAAC,MAAM,GAAG,aAAa,CAAC,CAAC;IAClE,KAAK,MAAM,KAAK,IAAI,QAAQ,EAAE,CAAC;QAC7B,IAAI,CAAC;YACH,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,YAAY,EAAE,KAAK,CAAC,CAAC,CAAC;QAChD,CAAC;QAAC,MAAM,CAAC;YACP,sBAAsB;QACxB,CAAC;IACH,CAAC;AACH,CAAC;AAUM,KAAK,UAAU,WAAW,CAAC,SAAiB,EAAE,OAAsB;IACzE,MAAM,MAAM,GAAG,OAAO,CAAC,MAAM,KAAK,MAAM,CAAC;IACzC,MAAM,IAAI,GAAG,OAAO,CAAC,EAAE,IAAI,KAAK,CAAC;IAEjC,aAAa;IACb,MAAM,SAAS,GAAG,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,SAAS,EAAE,UAAU,CAAC,CAAC;IAC9D,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;QAC9B,IAAI,MAAM,EAAE,CAAC;YAAC,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,mDAAmD,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC,GAAG,IAAI,CAAC,CAAC;QAAC,CAAC;aAChI,CAAC;YAAC,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,qDAAqD,CAAC,CAAC;QAAC,CAAC;QACrF,OAAO,CAAC,CAAC;IACX,CAAC;IAED,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,YAAY,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC,CAAC;IAC9D,MAAM,EAAE,UAAU,EAAE,GAAG,MAAM,MAAM,CAAC,aAAa,CAAC,CAAC;IACnD,MAAM,EAAE,GAAG,MAAM,MAAM,CAAC,SAAS,CAAC,CAAC;IAInC,MAAM,QAAQ,GAAoB,EAAE,CAAC;IACrC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,UAAU,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACjD,MAAM,GAAG,GAAG,KAAK,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC;QAChC,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,GAAG,CAAC,QAAQ,CAAC,CAAC;QACpD,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,QAAQ,CAAC;YAAE,SAAS;QACvC,MAAM,OAAO,GAAG,EAAE,CAAC,YAAY,CAAC,QAAQ,CAAC,CAAC;QAC1C,MAAM,WAAW,GAAG,SAAS,GAAG,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QACnF,IAAI,WAAW,KAAK,GAAG,CAAC,IAAI,EAAE,CAAC;YAC7B,QAAQ,CAAC,IAAI,CAAC,EAAE,QAAQ,EAAE,GAAG,CAAC,QAAQ,EAAE,UAAU,EAAE,OAAO,CAAC,MAAM,GAAG,GAAG,CAAC,QAAQ,EAAE,QAAQ,EAAE,CAAC,EAAE,CAAC,CAAC;QACpG,CAAC;IACH,CAAC;IAED,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC1B,IAAI,MAAM,EAAE,CAAC;YAAC,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,QAAQ,EAAE,CAAC,EAAE,KAAK,EAAE,EAAE,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC,GAAG,IAAI,CAAC,CAAC;QAAC,CAAC;aAC5F,CAAC;YAAC,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,wDAAwD,CAAC,CAAC;QAAC,CAAC;QACxF,OAAO,CAAC,CAAC;IACX,CAAC;IAED,eAAe;IACf,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,SAAS,QAAQ,CAAC,MAAM,iBAAiB,QAAQ,CAAC,MAAM,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,GAAG,KAAK,CAAC,CAAC;QACrG,KAAK,MAAM,KAAK,IAAI,QAAQ,EAAE,CAAC;YAC7B,MAAM,IAAI,GAAG,KAAK,CAAC,UAAU,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC;YAC7C,MAAM,QAAQ,GAAG,KAAK,CAAC,UAAU,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,IAAI,GAAG,KAAK,CAAC,UAAU,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC;YAChF,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,aAAa,KAAK,CAAC,QAAQ,GAAG,QAAQ,IAAI,CAAC,CAAC;QACnE,CAAC;IACH,CAAC;IAED,8BAA8B;IAC9B,IAAI,CAAC,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC;QACrB,MAAM,SAAS,GAAG,MAAM,aAAa,EAAE,CAAC;QACxC,IAAI,CAAC,SAAS,EAAE,CAAC;YACf,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,sBAAsB,CAAC,CAAC;YAC7C,OAAO,CAAC,CAAC;QACX,CAAC;IACH,CAAC;IAED,2CAA2C;IAC3C,IAAI,CAAC;QACH,MAAM,QAAQ,GAAG,cAAc,CAAC,SAAS,CAAC,CAAC;QAC3C,IAAI,CAAC,MAAM,EAAE,CAAC;YAAC,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,4BAA4B,QAAQ,CAAC,EAAE,IAAI,CAAC,CAAC;QAAC,CAAC;IACrF,CAAC;IAAC,MAAM,CAAC;QACP,6CAA6C;IAC/C,CAAC;IAED,iCAAiC;IACjC,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;IACrC,MAAM,QAAQ,GAAG,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,GAAG,cAAc,CAAC;IACzD,KAAK,MAAM,KAAK,IAAI,QAAQ,EAAE,CAAC;QAC7B,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,KAAK,CAAC,QAAQ,CAAC,CAAC;QACtD,MAAM,OAAO,GAAG,EAAE,CAAC,YAAY,CAAC,QAAQ,CAAC,CAAC;QAC1C,MAAM,IAAI,GAAG,SAAS,GAAG,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QAC5E,MAAM,IAAI,GAAG,EAAE,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;QACnC,KAAK,CAAC,UAAU,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC,IAAI,GAAG,IAAI,CAAC;QAC7C,KAAK,CAAC,UAAU,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC,QAAQ,GAAG,GAAG,CAAC;QAChD,KAAK,CAAC,UAAU,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC,QAAQ,GAAG,QAAQ,CAAC;QACrD,KAAK,CAAC,UAAU,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC;IACxD,CAAC;IACD,KAAK,CAAC,SAAS,GAAG,GAAG,CAAC;IAEtB,sBAAsB;IACtB,EAAE,CAAC,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,SAAS,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IACnE,EAAE,CAAC,aAAa,CAAC,SAAS,EAAE,IAAI,CAAC,SAAS,CAAC,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC,GAAG,IAAI,EAAE,OAAO,CAAC,CAAC;IAE5E,oBAAoB;IACpB,IAAI,CAAC;QACH,MAAM,EAAE,UAAU,EAAE,GAAG,MAAM,MAAM,CAAC,qBAAqB,CAAC,CAAC;QAC3D,UAAU,CAAC;YACT,MAAM,EAAE,aAAa,EAAE,QAAQ,EAAE,iBAAiB,EAAE,QAAQ,EAAE,MAAM;YACpE,KAAK,EAAE,IAAI,EAAE,SAAS,EAAE,IAAI,EAAE,MAAM,EAAE,cAAc,EAAE,MAAM,EAAE,SAAS;YACvE,OAAO,EAAE,SAAS,EAAE,MAAM,EAAE,EAAE,SAAS,EAAE,QAAQ,CAAC,MAAM,EAAE,KAAK,EAAE,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,EAAE;YAChG,KAAK,EAAE,IAAI,EAAE,OAAO,EAAE,KAAK,EAAE,OAAO,EAAE,IAAI;SAC3C,CAAC,CAAC;IACL,CAAC;IAAC,MAAM,CAAC,CAAC,iCAAiC,CAAC,CAAC;IAE7C,IAAI,MAAM,EAAE,CAAC;QACX,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,QAAQ,EAAE,QAAQ,CAAC,MAAM,EAAE,KAAK,EAAE,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC,GAAG,IAAI,CAAC,CAAC;IAC5H,CAAC;SAAM,CAAC;QACN,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,aAAa,QAAQ,CAAC,MAAM,QAAQ,QAAQ,CAAC,MAAM,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,GAAG,KAAK,CAAC,CAAC;IAClG,CAAC;IACD,OAAO,CAAC,CAAC;AACX,CAAC;AAED,SAAS,aAAa;IACpB,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE;QAC7B,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,2BAA2B,CAAC,CAAC;QAClD,MAAM,EAAE,eAAe,EAAE,GAAG,OAAO,CAAC,eAAe,CAAmC,CAAC;QACvF,MAAM,EAAE,GAAG,eAAe,CAAC,EAAE,KAAK,EAAE,OAAO,CAAC,KAAK,EAAE,MAAM,EAAE,OAAO,CAAC,MAAM,EAAE,QAAQ,EAAE,KAAK,EAAE,CAAC,CAAC;QAC9F,EAAE,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC,MAAc,EAAE,EAAE;YACjC,EAAE,CAAC,KAAK,EAAE,CAAC;YACX,OAAO,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE,KAAK,GAAG,IAAI,MAAM,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE,KAAK,KAAK,CAAC,CAAC;QACxF,CAAC,CAAC,CAAC;QACH,EAAE,CAAC,IAAI,CAAC,OAAO,EAAE,GAAG,EAAE,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC;IACzC,CAAC,CAAC,CAAC;AACL,CAAC;AAQM,KAAK,UAAU,aAAa,CAAC,SAAiB,EAAE,OAAwB;IAC7E,MAAM,MAAM,GAAG,OAAO,CAAC,MAAM,KAAK,MAAM,CAAC;IACzC,MAAM,MAAM,GAAG,OAAO,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,IAAI,MAAM,CAAC;IAE3C,IAAI,MAAM,KAAK,QAAQ,EAAE,CAAC;QACxB,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,cAAc,CAAC,SAAS,CAAC,CAAC;YACzC,IAAI,MAAM,EAAE,CAAC;gBAAC,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,GAAG,IAAI,CAAC,CAAC;YAAC,CAAC;iBACxE,CAAC;gBAAC,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,qBAAqB,MAAM,CAAC,EAAE,KAAK,MAAM,CAAC,SAAS,WAAW,CAAC,CAAC;YAAC,CAAC;YAC9F,OAAO,CAAC,CAAC;QACX,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,GAAG,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;YAC7D,IAAI,MAAM,EAAE,CAAC;gBAAC,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,GAAG,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC,GAAG,IAAI,CAAC,CAAC;YAAC,CAAC;iBAChF,CAAC;gBAAC,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,UAAU,GAAG,IAAI,CAAC,CAAC;YAAC,CAAC;YACjD,OAAO,CAAC,CAAC;QACX,CAAC;IACH,CAAC;IAED,IAAI,MAAM,KAAK,MAAM,EAAE,CAAC;QACtB,MAAM,SAAS,GAAG,aAAa,CAAC,SAAS,CAAC,CAAC;QAC3C,IAAI,MAAM,EAAE,CAAC;YAAC,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,SAAS,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC,GAAG,IAAI,CAAC,CAAC;QAAC,CAAC;aAC/E,IAAI,SAAS,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAAC,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,uBAAuB,CAAC,CAAC;QAAC,CAAC;aAC9E,CAAC;YACJ,KAAK,MAAM,CAAC,IAAI,SAAS,EAAE,CAAC;gBAAC,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,MAAM,CAAC,CAAC,SAAS,WAAW,CAAC,CAAC;YAAC,CAAC;YAC3F,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,UAAU,SAAS,CAAC,MAAM,YAAY,SAAS,CAAC,MAAM,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC,CAAC;QACpG,CAAC;QACD,OAAO,CAAC,CAAC;IACX,CAAC;IAED,IAAI,MAAM,KAAK,SAAS,EAAE,CAAC;QACzB,MAAM,EAAE,GAAG,OAAO,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;QAC7B,IAAI,CAAC,EAAE,EAAE,CAAC;YACR,IAAI,MAAM,EAAE,CAAC;gBAAC,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,kEAAkE,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC,GAAG,IAAI,CAAC,CAAC;YAAC,CAAC;iBAC/I,CAAC;gBAAC,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,oEAAoE,CAAC,CAAC;YAAC,CAAC;YACpG,OAAO,CAAC,CAAC;QACX,CAAC;QACD,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,eAAe,CAAC,SAAS,EAAE,EAAE,CAAC,CAAC;YAC9C,IAAI,MAAM,EAAE,CAAC;gBAAC,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,GAAG,IAAI,CAAC,CAAC;YAAC,CAAC;iBACxE,CAAC;gBACJ,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,sBAAsB,EAAE,KAAK,MAAM,CAAC,SAAS,WAAW,CAAC,CAAC;gBAC/E,IAAI,MAAM,CAAC,UAAU,EAAE,CAAC;oBAAC,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,4BAA4B,MAAM,CAAC,UAAU,IAAI,CAAC,CAAC;gBAAC,CAAC;YACrG,CAAC;YACD,OAAO,CAAC,CAAC;QACX,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,GAAG,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;YAC7D,IAAI,MAAM,EAAE,CAAC;gBAAC,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,GAAG,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC,GAAG,IAAI,CAAC,CAAC;YAAC,CAAC;iBAChF,CAAC;gBAAC,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,UAAU,GAAG,IAAI,CAAC,CAAC;YAAC,CAAC;YACjD,OAAO,CAAC,CAAC;QACX,CAAC;IACH,CAAC;IAED,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,4BAA4B,MAAM,8DAA8D,CAAC,CAAC;IACvH,OAAO,CAAC,CAAC;AACX,CAAC;AAED,6BAA6B;AAEhB,QAAA,UAAU,GAAG;IACxB,cAAc,EAAE,aAAa,EAAE,eAAe,EAAE,cAAc;IAC9D,WAAW,EAAE,aAAa,EAAE,aAAa;IACzC,SAAS,EAAE,UAAU,EAAE,aAAa,EAAE,aAAa;CACpD,CAAC"}
|
package/dist/commands/guard.d.ts
CHANGED
|
@@ -2,17 +2,27 @@
|
|
|
2
2
|
* opena2a guard -- ConfigGuard: config file integrity signing and verification.
|
|
3
3
|
*
|
|
4
4
|
* Subcommands:
|
|
5
|
-
* - sign:
|
|
6
|
-
* - verify:
|
|
7
|
-
* - status:
|
|
5
|
+
* - sign: Hash all detected config files, store in signatures.json
|
|
6
|
+
* - verify: Check all signed files for tampering (hash mismatch)
|
|
7
|
+
* - status: Summary of signed, unsigned, and tampered files
|
|
8
|
+
* - watch: Monitor signed files for changes in real-time
|
|
9
|
+
* - diff: Show detailed changes between current files and signed baseline
|
|
10
|
+
* - policy: Manage guard policy (signing requirements, heartbeat disable)
|
|
11
|
+
* - hook: Install/uninstall git pre-commit hook for automatic verification
|
|
12
|
+
* - resign: Re-sign modified files after confirming changes are intentional
|
|
13
|
+
* - snapshot: Create, list, or restore timestamped signature snapshots
|
|
8
14
|
*/
|
|
9
15
|
export interface GuardOptions {
|
|
10
|
-
subcommand: 'sign' | 'verify' | 'status';
|
|
16
|
+
subcommand: 'sign' | 'verify' | 'status' | 'watch' | 'diff' | 'policy' | 'hook' | 'resign' | 'snapshot';
|
|
11
17
|
files?: string[];
|
|
12
18
|
targetDir?: string;
|
|
13
19
|
ci?: boolean;
|
|
14
20
|
format?: 'text' | 'json';
|
|
15
21
|
verbose?: boolean;
|
|
22
|
+
enforce?: boolean;
|
|
23
|
+
skills?: boolean;
|
|
24
|
+
heartbeats?: boolean;
|
|
25
|
+
args?: string[];
|
|
16
26
|
}
|
|
17
27
|
interface ConfigSignature {
|
|
18
28
|
filePath: string;
|
|
@@ -26,13 +36,59 @@ interface SignatureStore {
|
|
|
26
36
|
signatures: ConfigSignature[];
|
|
27
37
|
updatedAt: string;
|
|
28
38
|
}
|
|
39
|
+
export interface GuardResult {
|
|
40
|
+
filePath: string;
|
|
41
|
+
status: 'pass' | 'tampered' | 'unsigned' | 'missing';
|
|
42
|
+
currentHash?: string;
|
|
43
|
+
expectedHash?: string;
|
|
44
|
+
diff?: FileDiff;
|
|
45
|
+
}
|
|
46
|
+
interface FileDiff {
|
|
47
|
+
type: 'json' | 'text';
|
|
48
|
+
sizeChange: number;
|
|
49
|
+
added?: string[];
|
|
50
|
+
removed?: string[];
|
|
51
|
+
modified?: string[];
|
|
52
|
+
}
|
|
53
|
+
export interface GuardReport {
|
|
54
|
+
subcommand: string;
|
|
55
|
+
directory: string;
|
|
56
|
+
results: GuardResult[];
|
|
57
|
+
passed: number;
|
|
58
|
+
tampered: number;
|
|
59
|
+
unsigned: number;
|
|
60
|
+
missing: number;
|
|
61
|
+
totalSigned: number;
|
|
62
|
+
}
|
|
63
|
+
export interface ConfigIntegritySummary {
|
|
64
|
+
filesMonitored: number;
|
|
65
|
+
tamperedFiles: string[];
|
|
66
|
+
signatureStatus: 'valid' | 'tampered' | 'unsigned';
|
|
67
|
+
}
|
|
68
|
+
declare function emitEvent(category: string, action: string, target: string, severity: 'info' | 'low' | 'medium' | 'high' | 'critical', outcome: 'allowed' | 'blocked' | 'monitored', detail: Record<string, unknown>): Promise<void>;
|
|
29
69
|
export declare function guard(options: GuardOptions): Promise<number>;
|
|
70
|
+
export declare function verifyConfigIntegrity(targetDir?: string): ConfigIntegritySummary;
|
|
71
|
+
declare function computeFileDiff(fullPath: string, sig: ConfigSignature, currentContent: Buffer): FileDiff;
|
|
72
|
+
declare function diffJsonKeys(original: Record<string, unknown>, current: Record<string, unknown>): {
|
|
73
|
+
added: string[];
|
|
74
|
+
removed: string[];
|
|
75
|
+
modified: string[];
|
|
76
|
+
};
|
|
77
|
+
declare function flattenKeys(obj: unknown, prefix?: string): string[];
|
|
30
78
|
declare function resolveFiles(targetDir: string, customFiles?: string[]): string[];
|
|
31
79
|
declare function loadStore(targetDir: string): SignatureStore | null;
|
|
32
80
|
export declare const _internals: {
|
|
33
81
|
resolveFiles: typeof resolveFiles;
|
|
34
82
|
loadStore: typeof loadStore;
|
|
83
|
+
computeFileDiff: typeof computeFileDiff;
|
|
84
|
+
diffJsonKeys: typeof diffJsonKeys;
|
|
85
|
+
flattenKeys: typeof flattenKeys;
|
|
86
|
+
emitEvent: typeof emitEvent;
|
|
87
|
+
verifyConfigIntegrity: typeof verifyConfigIntegrity;
|
|
35
88
|
GUARD_FILES: string[];
|
|
89
|
+
STORE_DIR: string;
|
|
90
|
+
STORE_FILE: string;
|
|
91
|
+
EXIT_QUARANTINE: number;
|
|
36
92
|
};
|
|
37
93
|
export {};
|
|
38
94
|
//# sourceMappingURL=guard.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"guard.d.ts","sourceRoot":"","sources":["../../src/commands/guard.ts"],"names":[],"mappings":"AAAA
|
|
1
|
+
{"version":3,"file":"guard.d.ts","sourceRoot":"","sources":["../../src/commands/guard.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AAWH,MAAM,WAAW,YAAY;IAC3B,UAAU,EAAE,MAAM,GAAG,QAAQ,GAAG,QAAQ,GAAG,OAAO,GAAG,MAAM,GAAG,QAAQ,GAAG,MAAM,GAAG,QAAQ,GAAG,UAAU,CAAC;IACxG,KAAK,CAAC,EAAE,MAAM,EAAE,CAAC;IACjB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,EAAE,CAAC,EAAE,OAAO,CAAC;IACb,MAAM,CAAC,EAAE,MAAM,GAAG,MAAM,CAAC;IACzB,OAAO,CAAC,EAAE,OAAO,CAAC;IAClB,OAAO,CAAC,EAAE,OAAO,CAAC;IAClB,MAAM,CAAC,EAAE,OAAO,CAAC;IACjB,UAAU,CAAC,EAAE,OAAO,CAAC;IACrB,IAAI,CAAC,EAAE,MAAM,EAAE,CAAC;CACjB;AAED,UAAU,eAAe;IACvB,QAAQ,EAAE,MAAM,CAAC;IACjB,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,EAAE,MAAM,CAAC;CAClB;AAED,UAAU,cAAc;IACtB,OAAO,EAAE,CAAC,CAAC;IACX,UAAU,EAAE,eAAe,EAAE,CAAC;IAC9B,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,WAAW;IAC1B,QAAQ,EAAE,MAAM,CAAC;IACjB,MAAM,EAAE,MAAM,GAAG,UAAU,GAAG,UAAU,GAAG,SAAS,CAAC;IACrD,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,IAAI,CAAC,EAAE,QAAQ,CAAC;CACjB;AAED,UAAU,QAAQ;IAChB,IAAI,EAAE,MAAM,GAAG,MAAM,CAAC;IACtB,UAAU,EAAE,MAAM,CAAC;IACnB,KAAK,CAAC,EAAE,MAAM,EAAE,CAAC;IACjB,OAAO,CAAC,EAAE,MAAM,EAAE,CAAC;IACnB,QAAQ,CAAC,EAAE,MAAM,EAAE,CAAC;CACrB;AAED,MAAM,WAAW,WAAW;IAC1B,UAAU,EAAE,MAAM,CAAC;IACnB,SAAS,EAAE,MAAM,CAAC;IAClB,OAAO,EAAE,WAAW,EAAE,CAAC;IACvB,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,EAAE,MAAM,CAAC;IACjB,OAAO,EAAE,MAAM,CAAC;IAChB,WAAW,EAAE,MAAM,CAAC;CACrB;AAED,MAAM,WAAW,sBAAsB;IACrC,cAAc,EAAE,MAAM,CAAC;IACvB,aAAa,EAAE,MAAM,EAAE,CAAC;IACxB,eAAe,EAAE,OAAO,GAAG,UAAU,GAAG,UAAU,CAAC;CACpD;AAqBD,iBAAe,SAAS,CACtB,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAChD,QAAQ,EAAE,MAAM,GAAG,KAAK,GAAG,QAAQ,GAAG,MAAM,GAAG,UAAU,EACzD,OAAO,EAAE,SAAS,GAAG,SAAS,GAAG,WAAW,EAC5C,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAC9B,OAAO,CAAC,IAAI,CAAC,CAWf;AAID,wBAAsB,KAAK,CAAC,OAAO,EAAE,YAAY,GAAG,OAAO,CAAC,MAAM,CAAC,CAoClE;AAkXD,wBAAgB,qBAAqB,CAAC,SAAS,CAAC,EAAE,MAAM,GAAG,sBAAsB,CAchF;AAID,iBAAS,eAAe,CAAC,QAAQ,EAAE,MAAM,EAAE,GAAG,EAAE,eAAe,EAAE,cAAc,EAAE,MAAM,GAAG,QAAQ,CAMjG;AAED,iBAAS,YAAY,CAAC,QAAQ,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAAE,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG;IAAE,KAAK,EAAE,MAAM,EAAE,CAAC;IAAC,OAAO,EAAE,MAAM,EAAE,CAAC;IAAC,QAAQ,EAAE,MAAM,EAAE,CAAA;CAAE,CAOrJ;AAED,iBAAS,WAAW,CAAC,GAAG,EAAE,OAAO,EAAE,MAAM,SAAK,GAAG,MAAM,EAAE,CASxD;AAID,iBAAS,YAAY,CAAC,SAAS,EAAE,MAAM,EAAE,WAAW,CAAC,EAAE,MAAM,EAAE,GAAG,MAAM,EAAE,CAGzE;AAED,iBAAS,SAAS,CAAC,SAAS,EAAE,MAAM,GAAG,cAAc,GAAG,IAAI,CAI3D;AAsCD,eAAO,MAAM,UAAU;;;;;;;;;;;;CAGtB,CAAC"}
|