opena2a-cli 0.5.4 → 0.5.6
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +35 -16
- package/dist/adapters/registry.d.ts.map +1 -1
- package/dist/adapters/registry.js +1 -0
- package/dist/adapters/registry.js.map +1 -1
- package/dist/commands/benchmark.js +1 -1
- package/dist/commands/demo.d.ts +21 -0
- package/dist/commands/demo.d.ts.map +1 -0
- package/dist/commands/demo.js +683 -0
- package/dist/commands/demo.js.map +1 -0
- package/dist/commands/detect.d.ts +58 -0
- package/dist/commands/detect.d.ts.map +1 -0
- package/dist/commands/detect.js +335 -0
- package/dist/commands/detect.js.map +1 -0
- package/dist/commands/gcp-sm-migration.d.ts +17 -0
- package/dist/commands/gcp-sm-migration.d.ts.map +1 -0
- package/dist/commands/gcp-sm-migration.js +295 -0
- package/dist/commands/gcp-sm-migration.js.map +1 -0
- package/dist/commands/identity.js +3 -1
- package/dist/commands/identity.js.map +1 -1
- package/dist/commands/init.d.ts.map +1 -1
- package/dist/commands/init.js +21 -10
- package/dist/commands/init.js.map +1 -1
- package/dist/commands/mcp-audit.d.ts +50 -0
- package/dist/commands/mcp-audit.d.ts.map +1 -0
- package/dist/commands/mcp-audit.js +501 -0
- package/dist/commands/mcp-audit.js.map +1 -0
- package/dist/commands/protect.d.ts.map +1 -1
- package/dist/commands/protect.js +10 -1
- package/dist/commands/protect.js.map +1 -1
- package/dist/commands/runtime.d.ts.map +1 -1
- package/dist/commands/runtime.js +106 -23
- package/dist/commands/runtime.js.map +1 -1
- package/dist/commands/self-register.js +1 -1
- package/dist/commands/self-register.js.map +1 -1
- package/dist/commands/soul.js +3 -3
- package/dist/commands/soul.js.map +1 -1
- package/dist/guided/wizard.js +2 -2
- package/dist/guided/wizard.js.map +1 -1
- package/dist/index.js +74 -6
- package/dist/index.js.map +1 -1
- package/dist/natural/llm-fallback.js +1 -1
- package/dist/report/interactive-html.js +1 -1
- package/dist/report/review-html.js +2 -2
- package/dist/router.d.ts.map +1 -1
- package/dist/router.js +43 -4
- package/dist/router.js.map +1 -1
- package/dist/semantic/command-index.json +3 -3
- package/dist/shield/init.d.ts.map +1 -1
- package/dist/shield/init.js +16 -1
- package/dist/shield/init.js.map +1 -1
- package/dist/shield/status.d.ts.map +1 -1
- package/dist/shield/status.js +22 -1
- package/dist/shield/status.js.map +1 -1
- package/dist/util/footer.d.ts +17 -0
- package/dist/util/footer.d.ts.map +1 -0
- package/dist/util/footer.js +25 -0
- package/dist/util/footer.js.map +1 -0
- package/package.json +1 -1
|
@@ -0,0 +1,50 @@
|
|
|
1
|
+
interface McpCommandOptions {
|
|
2
|
+
subcommand: string;
|
|
3
|
+
server?: string;
|
|
4
|
+
targetDir: string;
|
|
5
|
+
ci?: boolean;
|
|
6
|
+
format?: string;
|
|
7
|
+
verbose?: boolean;
|
|
8
|
+
}
|
|
9
|
+
interface McpServerEntry {
|
|
10
|
+
name: string;
|
|
11
|
+
transport: 'stdio' | 'sse';
|
|
12
|
+
command?: string;
|
|
13
|
+
args?: string[];
|
|
14
|
+
url?: string;
|
|
15
|
+
env?: Record<string, string>;
|
|
16
|
+
capabilities?: string[];
|
|
17
|
+
pinnedVersion: boolean;
|
|
18
|
+
sourceFile: string;
|
|
19
|
+
sourceLabel: string;
|
|
20
|
+
}
|
|
21
|
+
/**
|
|
22
|
+
* MCP server identity audit, sign, and verify.
|
|
23
|
+
*/
|
|
24
|
+
export declare function mcpCommand(options: McpCommandOptions): Promise<number>;
|
|
25
|
+
interface ConfigSource {
|
|
26
|
+
filePath: string;
|
|
27
|
+
label: string;
|
|
28
|
+
}
|
|
29
|
+
declare function getConfigSources(targetDir: string): ConfigSource[];
|
|
30
|
+
declare function parseConfigFile(filePath: string, label: string): McpServerEntry[];
|
|
31
|
+
declare function extractCapabilities(config: any): string[];
|
|
32
|
+
declare function detectPinnedVersion(command?: string, args?: string[]): boolean;
|
|
33
|
+
declare function getIdentityDir(targetDir: string): string;
|
|
34
|
+
declare function getIdentityPath(targetDir: string, serverName: string): string;
|
|
35
|
+
declare function computeConfigHash(entry: McpServerEntry): string;
|
|
36
|
+
declare function fetchTrustScore(serverName: string): Promise<number | null>;
|
|
37
|
+
declare function findServer(targetDir: string, serverName: string): McpServerEntry | null;
|
|
38
|
+
export declare const _internals: {
|
|
39
|
+
parseConfigFile: typeof parseConfigFile;
|
|
40
|
+
getConfigSources: typeof getConfigSources;
|
|
41
|
+
computeConfigHash: typeof computeConfigHash;
|
|
42
|
+
findServer: typeof findServer;
|
|
43
|
+
getIdentityPath: typeof getIdentityPath;
|
|
44
|
+
getIdentityDir: typeof getIdentityDir;
|
|
45
|
+
extractCapabilities: typeof extractCapabilities;
|
|
46
|
+
detectPinnedVersion: typeof detectPinnedVersion;
|
|
47
|
+
fetchTrustScore: typeof fetchTrustScore;
|
|
48
|
+
};
|
|
49
|
+
export {};
|
|
50
|
+
//# sourceMappingURL=mcp-audit.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"mcp-audit.d.ts","sourceRoot":"","sources":["../../src/commands/mcp-audit.ts"],"names":[],"mappings":"AAMA,UAAU,iBAAiB;IACzB,UAAU,EAAE,MAAM,CAAC;IACnB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,SAAS,EAAE,MAAM,CAAC;IAClB,EAAE,CAAC,EAAE,OAAO,CAAC;IACb,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,OAAO,CAAC,EAAE,OAAO,CAAC;CACnB;AAED,UAAU,cAAc;IACtB,IAAI,EAAE,MAAM,CAAC;IACb,SAAS,EAAE,OAAO,GAAG,KAAK,CAAC;IAC3B,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,IAAI,CAAC,EAAE,MAAM,EAAE,CAAC;IAChB,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,GAAG,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAC7B,YAAY,CAAC,EAAE,MAAM,EAAE,CAAC;IACxB,aAAa,EAAE,OAAO,CAAC;IACvB,UAAU,EAAE,MAAM,CAAC;IACnB,WAAW,EAAE,MAAM,CAAC;CACrB;AAWD;;GAEG;AACH,wBAAsB,UAAU,CAAC,OAAO,EAAE,iBAAiB,GAAG,OAAO,CAAC,MAAM,CAAC,CAgB5E;AAID,UAAU,YAAY;IACpB,QAAQ,EAAE,MAAM,CAAC;IACjB,KAAK,EAAE,MAAM,CAAC;CACf;AAED,iBAAS,gBAAgB,CAAC,SAAS,EAAE,MAAM,GAAG,YAAY,EAAE,CAS3D;AAED,iBAAS,eAAe,CAAC,QAAQ,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,cAAc,EAAE,CAqC1E;AAED,iBAAS,mBAAmB,CAAC,MAAM,EAAE,GAAG,GAAG,MAAM,EAAE,CAMlD;AAED,iBAAS,mBAAmB,CAAC,OAAO,CAAC,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,MAAM,EAAE,GAAG,OAAO,CAOvE;AAED,iBAAS,cAAc,CAAC,SAAS,EAAE,MAAM,GAAG,MAAM,CAEjD;AAED,iBAAS,eAAe,CAAC,SAAS,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,GAAG,MAAM,CAEtE;AAED,iBAAS,iBAAiB,CAAC,KAAK,EAAE,cAAc,GAAG,MAAM,CAKxD;AAID,iBAAe,eAAe,CAAC,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAezE;AA4WD,iBAAS,UAAU,CAAC,SAAS,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,GAAG,cAAc,GAAG,IAAI,CAQhF;AAcD,eAAO,MAAM,UAAU;;;;;;;;;;CAUtB,CAAC"}
|
|
@@ -0,0 +1,501 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
|
|
3
|
+
if (k2 === undefined) k2 = k;
|
|
4
|
+
var desc = Object.getOwnPropertyDescriptor(m, k);
|
|
5
|
+
if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
|
|
6
|
+
desc = { enumerable: true, get: function() { return m[k]; } };
|
|
7
|
+
}
|
|
8
|
+
Object.defineProperty(o, k2, desc);
|
|
9
|
+
}) : (function(o, m, k, k2) {
|
|
10
|
+
if (k2 === undefined) k2 = k;
|
|
11
|
+
o[k2] = m[k];
|
|
12
|
+
}));
|
|
13
|
+
var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
|
|
14
|
+
Object.defineProperty(o, "default", { enumerable: true, value: v });
|
|
15
|
+
}) : function(o, v) {
|
|
16
|
+
o["default"] = v;
|
|
17
|
+
});
|
|
18
|
+
var __importStar = (this && this.__importStar) || (function () {
|
|
19
|
+
var ownKeys = function(o) {
|
|
20
|
+
ownKeys = Object.getOwnPropertyNames || function (o) {
|
|
21
|
+
var ar = [];
|
|
22
|
+
for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
|
|
23
|
+
return ar;
|
|
24
|
+
};
|
|
25
|
+
return ownKeys(o);
|
|
26
|
+
};
|
|
27
|
+
return function (mod) {
|
|
28
|
+
if (mod && mod.__esModule) return mod;
|
|
29
|
+
var result = {};
|
|
30
|
+
if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
|
|
31
|
+
__setModuleDefault(result, mod);
|
|
32
|
+
return result;
|
|
33
|
+
};
|
|
34
|
+
})();
|
|
35
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
36
|
+
exports._internals = void 0;
|
|
37
|
+
exports.mcpCommand = mcpCommand;
|
|
38
|
+
const fs = __importStar(require("node:fs"));
|
|
39
|
+
const path = __importStar(require("node:path"));
|
|
40
|
+
const os = __importStar(require("node:os"));
|
|
41
|
+
const crypto = __importStar(require("node:crypto"));
|
|
42
|
+
const colors_js_1 = require("../util/colors.js");
|
|
43
|
+
/**
|
|
44
|
+
* MCP server identity audit, sign, and verify.
|
|
45
|
+
*/
|
|
46
|
+
async function mcpCommand(options) {
|
|
47
|
+
switch (options.subcommand) {
|
|
48
|
+
case 'audit':
|
|
49
|
+
return handleAudit(options);
|
|
50
|
+
case 'sign':
|
|
51
|
+
return handleSign(options);
|
|
52
|
+
case 'verify':
|
|
53
|
+
return handleVerify(options);
|
|
54
|
+
default:
|
|
55
|
+
process.stderr.write(`Unknown mcp subcommand: ${options.subcommand}\n`);
|
|
56
|
+
process.stderr.write('\nUsage: opena2a mcp <audit|sign|verify>\n\n');
|
|
57
|
+
process.stderr.write(' audit Audit MCP server configurations\n');
|
|
58
|
+
process.stderr.write(' sign <server> Sign an MCP server with AIM identity\n');
|
|
59
|
+
process.stderr.write(' verify <server> Verify server signature and trust score\n');
|
|
60
|
+
return 1;
|
|
61
|
+
}
|
|
62
|
+
}
|
|
63
|
+
function getConfigSources(targetDir) {
|
|
64
|
+
const home = os.homedir();
|
|
65
|
+
return [
|
|
66
|
+
{ filePath: path.join(home, '.claude', 'mcp_servers.json'), label: 'Claude Code' },
|
|
67
|
+
{ filePath: path.join(home, '.cursor', 'mcp.json'), label: 'Cursor' },
|
|
68
|
+
{ filePath: path.join(home, '.config', 'windsurf', 'mcp.json'), label: 'Windsurf' },
|
|
69
|
+
{ filePath: path.join(targetDir, 'mcp.json'), label: 'project-local' },
|
|
70
|
+
{ filePath: path.join(targetDir, '.mcp.json'), label: 'project-local' },
|
|
71
|
+
];
|
|
72
|
+
}
|
|
73
|
+
function parseConfigFile(filePath, label) {
|
|
74
|
+
try {
|
|
75
|
+
const raw = fs.readFileSync(filePath, 'utf-8');
|
|
76
|
+
const parsed = JSON.parse(raw);
|
|
77
|
+
const servers = parsed.mcpServers ?? parsed;
|
|
78
|
+
if (typeof servers !== 'object' || servers === null)
|
|
79
|
+
return [];
|
|
80
|
+
const entries = [];
|
|
81
|
+
for (const [name, config] of Object.entries(servers)) {
|
|
82
|
+
if (typeof config !== 'object' || config === null)
|
|
83
|
+
continue;
|
|
84
|
+
const hasUrl = typeof config.url === 'string';
|
|
85
|
+
const hasCommand = typeof config.command === 'string';
|
|
86
|
+
if (!hasUrl && !hasCommand)
|
|
87
|
+
continue;
|
|
88
|
+
const transport = hasUrl ? 'sse' : 'stdio';
|
|
89
|
+
const args = Array.isArray(config.args) ? config.args.map(String) : undefined;
|
|
90
|
+
const capabilities = extractCapabilities(config);
|
|
91
|
+
const pinnedVersion = detectPinnedVersion(config.command, args);
|
|
92
|
+
entries.push({
|
|
93
|
+
name,
|
|
94
|
+
transport,
|
|
95
|
+
command: config.command,
|
|
96
|
+
args,
|
|
97
|
+
url: config.url,
|
|
98
|
+
env: config.env,
|
|
99
|
+
capabilities,
|
|
100
|
+
pinnedVersion,
|
|
101
|
+
sourceFile: filePath,
|
|
102
|
+
sourceLabel: label,
|
|
103
|
+
});
|
|
104
|
+
}
|
|
105
|
+
return entries;
|
|
106
|
+
}
|
|
107
|
+
catch {
|
|
108
|
+
return [];
|
|
109
|
+
}
|
|
110
|
+
}
|
|
111
|
+
function extractCapabilities(config) {
|
|
112
|
+
const caps = [];
|
|
113
|
+
if (config.tools)
|
|
114
|
+
caps.push('tools');
|
|
115
|
+
if (config.resources)
|
|
116
|
+
caps.push('resources');
|
|
117
|
+
if (config.prompts)
|
|
118
|
+
caps.push('prompts');
|
|
119
|
+
return caps;
|
|
120
|
+
}
|
|
121
|
+
function detectPinnedVersion(command, args) {
|
|
122
|
+
if (!args)
|
|
123
|
+
return false;
|
|
124
|
+
// Look for version specifiers like @1.2.3 in package names
|
|
125
|
+
for (const arg of args) {
|
|
126
|
+
if (arg.match(/@\d+\.\d+/))
|
|
127
|
+
return true;
|
|
128
|
+
}
|
|
129
|
+
return false;
|
|
130
|
+
}
|
|
131
|
+
function getIdentityDir(targetDir) {
|
|
132
|
+
return path.join(targetDir, '.opena2a', 'mcp-identities');
|
|
133
|
+
}
|
|
134
|
+
function getIdentityPath(targetDir, serverName) {
|
|
135
|
+
return path.join(getIdentityDir(targetDir), `${serverName}.json`);
|
|
136
|
+
}
|
|
137
|
+
function computeConfigHash(entry) {
|
|
138
|
+
const data = entry.transport === 'stdio'
|
|
139
|
+
? JSON.stringify({ command: entry.command, args: entry.args })
|
|
140
|
+
: JSON.stringify({ url: entry.url });
|
|
141
|
+
return crypto.createHash('sha256').update(data).digest('hex');
|
|
142
|
+
}
|
|
143
|
+
// ── Registry trust score ──────────────────────────────────────────────
|
|
144
|
+
async function fetchTrustScore(serverName) {
|
|
145
|
+
try {
|
|
146
|
+
const controller = new AbortController();
|
|
147
|
+
const timeout = setTimeout(() => controller.abort(), 5000);
|
|
148
|
+
const resp = await fetch(`https://registry.opena2a.org/api/v1/packages/${encodeURIComponent(serverName)}`, { signal: controller.signal });
|
|
149
|
+
clearTimeout(timeout);
|
|
150
|
+
if (!resp.ok)
|
|
151
|
+
return null;
|
|
152
|
+
const data = await resp.json();
|
|
153
|
+
return typeof data.trustScore === 'number' ? data.trustScore : null;
|
|
154
|
+
}
|
|
155
|
+
catch {
|
|
156
|
+
return null;
|
|
157
|
+
}
|
|
158
|
+
}
|
|
159
|
+
// ── Subcommand: audit ─────────────────────────────────────────────────
|
|
160
|
+
async function handleAudit(options) {
|
|
161
|
+
const sources = getConfigSources(options.targetDir);
|
|
162
|
+
const isJson = options.format === 'json';
|
|
163
|
+
// Collect all servers grouped by source
|
|
164
|
+
const grouped = [];
|
|
165
|
+
for (const source of sources) {
|
|
166
|
+
const servers = parseConfigFile(source.filePath, source.label);
|
|
167
|
+
if (servers.length > 0) {
|
|
168
|
+
grouped.push({ source, servers });
|
|
169
|
+
}
|
|
170
|
+
}
|
|
171
|
+
const allServers = grouped.flatMap(g => g.servers);
|
|
172
|
+
// Check identity status for each server
|
|
173
|
+
const identityDir = getIdentityDir(options.targetDir);
|
|
174
|
+
const identityStatus = new Map();
|
|
175
|
+
for (const server of allServers) {
|
|
176
|
+
const idPath = getIdentityPath(options.targetDir, server.name);
|
|
177
|
+
const signed = fs.existsSync(idPath);
|
|
178
|
+
let verified = false;
|
|
179
|
+
if (signed) {
|
|
180
|
+
try {
|
|
181
|
+
const identity = JSON.parse(fs.readFileSync(idPath, 'utf-8'));
|
|
182
|
+
const currentHash = computeConfigHash(server);
|
|
183
|
+
verified = identity.configHash === currentHash;
|
|
184
|
+
}
|
|
185
|
+
catch {
|
|
186
|
+
verified = false;
|
|
187
|
+
}
|
|
188
|
+
}
|
|
189
|
+
identityStatus.set(server.name, { signed, verified });
|
|
190
|
+
}
|
|
191
|
+
// Fetch trust scores (best-effort, parallel)
|
|
192
|
+
const trustScores = new Map();
|
|
193
|
+
if (!options.ci) {
|
|
194
|
+
const promises = allServers.map(async (s) => {
|
|
195
|
+
const score = await fetchTrustScore(s.name);
|
|
196
|
+
trustScores.set(s.name, score);
|
|
197
|
+
});
|
|
198
|
+
await Promise.all(promises);
|
|
199
|
+
}
|
|
200
|
+
// Count summary
|
|
201
|
+
const total = allServers.length;
|
|
202
|
+
const signedCount = [...identityStatus.values()].filter(s => s.signed).length;
|
|
203
|
+
const verifiedCount = [...identityStatus.values()].filter(s => s.verified).length;
|
|
204
|
+
const trustCount = [...trustScores.values()].filter(s => s !== null).length;
|
|
205
|
+
if (isJson) {
|
|
206
|
+
const result = {
|
|
207
|
+
servers: allServers.map(s => ({
|
|
208
|
+
name: s.name,
|
|
209
|
+
transport: s.transport,
|
|
210
|
+
command: s.transport === 'stdio' ? [s.command, ...(s.args ?? [])].join(' ') : undefined,
|
|
211
|
+
url: s.url,
|
|
212
|
+
sourceFile: s.sourceFile,
|
|
213
|
+
sourceLabel: s.sourceLabel,
|
|
214
|
+
pinnedVersion: s.pinnedVersion,
|
|
215
|
+
capabilities: s.capabilities,
|
|
216
|
+
signed: identityStatus.get(s.name)?.signed ?? false,
|
|
217
|
+
verified: identityStatus.get(s.name)?.verified ?? false,
|
|
218
|
+
trustScore: trustScores.get(s.name) ?? null,
|
|
219
|
+
})),
|
|
220
|
+
summary: { total, signed: signedCount, verified: verifiedCount, trustScores: trustCount },
|
|
221
|
+
};
|
|
222
|
+
process.stdout.write(JSON.stringify(result, null, 2) + '\n');
|
|
223
|
+
return 0;
|
|
224
|
+
}
|
|
225
|
+
// Text output
|
|
226
|
+
if (total === 0) {
|
|
227
|
+
process.stdout.write((0, colors_js_1.bold)('MCP Server Audit') + '\n');
|
|
228
|
+
process.stdout.write((0, colors_js_1.gray)('='.repeat(50)) + '\n\n');
|
|
229
|
+
process.stdout.write((0, colors_js_1.dim)('No MCP server configurations found.') + '\n');
|
|
230
|
+
process.stdout.write((0, colors_js_1.dim)('Checked locations:') + '\n');
|
|
231
|
+
for (const source of sources) {
|
|
232
|
+
process.stdout.write((0, colors_js_1.dim)(` ${source.filePath}`) + '\n');
|
|
233
|
+
}
|
|
234
|
+
return 0;
|
|
235
|
+
}
|
|
236
|
+
process.stdout.write((0, colors_js_1.bold)('MCP Server Audit') + '\n');
|
|
237
|
+
process.stdout.write((0, colors_js_1.gray)('='.repeat(50)) + '\n\n');
|
|
238
|
+
for (const group of grouped) {
|
|
239
|
+
const shortPath = group.source.filePath.replace(os.homedir(), '~');
|
|
240
|
+
process.stdout.write((0, colors_js_1.bold)(`Source: ${shortPath}`) + (0, colors_js_1.dim)(` (${group.source.label})`) + '\n');
|
|
241
|
+
for (const server of group.servers) {
|
|
242
|
+
const status = identityStatus.get(server.name);
|
|
243
|
+
const signLabel = status?.signed ? (0, colors_js_1.green)('signed') : (0, colors_js_1.yellow)('not signed');
|
|
244
|
+
const trustScore = trustScores.get(server.name);
|
|
245
|
+
const trustLabel = trustScore !== null && trustScore !== undefined
|
|
246
|
+
? (0, colors_js_1.cyan)(`trust: ${trustScore}`)
|
|
247
|
+
: (0, colors_js_1.dim)('no trust score');
|
|
248
|
+
const commandStr = server.transport === 'stdio'
|
|
249
|
+
? [server.command, ...(server.args ?? [])].filter(a => a !== '-y').join(' ')
|
|
250
|
+
: server.url ?? '';
|
|
251
|
+
const nameCol = server.name.padEnd(20);
|
|
252
|
+
const transportCol = server.transport.padEnd(8);
|
|
253
|
+
process.stdout.write(` ${nameCol} ${(0, colors_js_1.dim)(transportCol)} ${(0, colors_js_1.dim)(commandStr.substring(0, 45).padEnd(45))} ${signLabel} ${trustLabel}\n`);
|
|
254
|
+
if (options.verbose) {
|
|
255
|
+
if (server.pinnedVersion) {
|
|
256
|
+
process.stdout.write((0, colors_js_1.dim)(` version pinned`) + '\n');
|
|
257
|
+
}
|
|
258
|
+
if (server.capabilities && server.capabilities.length > 0) {
|
|
259
|
+
process.stdout.write((0, colors_js_1.dim)(` capabilities: ${server.capabilities.join(', ')}`) + '\n');
|
|
260
|
+
}
|
|
261
|
+
if (server.env) {
|
|
262
|
+
const envKeys = Object.keys(server.env);
|
|
263
|
+
process.stdout.write((0, colors_js_1.dim)(` env vars: ${envKeys.join(', ')}`) + '\n');
|
|
264
|
+
}
|
|
265
|
+
if (status?.signed) {
|
|
266
|
+
process.stdout.write((0, colors_js_1.dim)(` identity: .opena2a/mcp-identities/${server.name}.json`) + '\n');
|
|
267
|
+
}
|
|
268
|
+
const fullCmd = server.transport === 'stdio'
|
|
269
|
+
? [server.command, ...(server.args ?? [])].join(' ')
|
|
270
|
+
: server.url ?? '';
|
|
271
|
+
if (fullCmd.length > 45) {
|
|
272
|
+
process.stdout.write((0, colors_js_1.dim)(` full command: ${fullCmd}`) + '\n');
|
|
273
|
+
}
|
|
274
|
+
}
|
|
275
|
+
}
|
|
276
|
+
process.stdout.write('\n');
|
|
277
|
+
}
|
|
278
|
+
process.stdout.write((0, colors_js_1.bold)('Summary') + '\n');
|
|
279
|
+
process.stdout.write(` Servers found: ${total}\n`);
|
|
280
|
+
process.stdout.write(` Signed: ${signedCount} / ${total}\n`);
|
|
281
|
+
process.stdout.write(` Verified: ${verifiedCount} / ${total}\n`);
|
|
282
|
+
process.stdout.write(` Trust scores: ${trustCount} / ${total}\n`);
|
|
283
|
+
process.stdout.write('\n');
|
|
284
|
+
process.stdout.write((0, colors_js_1.bold)('Next Steps') + '\n');
|
|
285
|
+
process.stdout.write(` ${(0, colors_js_1.cyan)('opena2a mcp sign <name>')} Sign an MCP server with AIM identity\n`);
|
|
286
|
+
process.stdout.write(` ${(0, colors_js_1.cyan)('opena2a mcp verify <name>')} Verify server signature and trust score\n`);
|
|
287
|
+
return 0;
|
|
288
|
+
}
|
|
289
|
+
// ── Subcommand: sign ──────────────────────────────────────────────────
|
|
290
|
+
async function handleSign(options) {
|
|
291
|
+
const serverName = options.server;
|
|
292
|
+
if (!serverName) {
|
|
293
|
+
process.stderr.write('Missing required argument: <server-name>\n');
|
|
294
|
+
process.stderr.write('Usage: opena2a mcp sign <server-name>\n');
|
|
295
|
+
return 1;
|
|
296
|
+
}
|
|
297
|
+
// Find the server in configs
|
|
298
|
+
const server = findServer(options.targetDir, serverName);
|
|
299
|
+
if (!server) {
|
|
300
|
+
process.stderr.write(`MCP server "${serverName}" not found in any configuration file.\n`);
|
|
301
|
+
process.stderr.write('Run "opena2a mcp audit" to see available servers.\n');
|
|
302
|
+
return 1;
|
|
303
|
+
}
|
|
304
|
+
// Load aim-core
|
|
305
|
+
const aimCore = await loadAimCore();
|
|
306
|
+
if (!aimCore)
|
|
307
|
+
return 1;
|
|
308
|
+
const isJson = options.format === 'json';
|
|
309
|
+
try {
|
|
310
|
+
// Generate Ed25519 keypair
|
|
311
|
+
const { publicKey, privateKey } = crypto.generateKeyPairSync('ed25519');
|
|
312
|
+
const pubKeyDer = publicKey.export({ type: 'spki', format: 'der' });
|
|
313
|
+
const privKeyDer = privateKey.export({ type: 'pkcs8', format: 'der' });
|
|
314
|
+
const pubKeyHex = pubKeyDer.toString('hex');
|
|
315
|
+
const privKeyHex = privKeyDer.toString('hex');
|
|
316
|
+
// Compute config hash
|
|
317
|
+
const configHash = computeConfigHash(server);
|
|
318
|
+
// Sign the config hash
|
|
319
|
+
const signature = crypto.sign(null, Buffer.from(configHash), privateKey).toString('hex');
|
|
320
|
+
// Compute fingerprint
|
|
321
|
+
const fingerprint = crypto.createHash('sha256').update(pubKeyDer).digest('hex').substring(0, 16);
|
|
322
|
+
// Store identity
|
|
323
|
+
const identityDir = getIdentityDir(options.targetDir);
|
|
324
|
+
fs.mkdirSync(identityDir, { recursive: true });
|
|
325
|
+
const identity = {
|
|
326
|
+
serverName,
|
|
327
|
+
publicKey: pubKeyHex,
|
|
328
|
+
privateKey: privKeyHex,
|
|
329
|
+
configHash,
|
|
330
|
+
signature,
|
|
331
|
+
createdAt: new Date().toISOString(),
|
|
332
|
+
};
|
|
333
|
+
const idPath = getIdentityPath(options.targetDir, serverName);
|
|
334
|
+
fs.writeFileSync(idPath, JSON.stringify(identity, null, 2));
|
|
335
|
+
if (isJson) {
|
|
336
|
+
process.stdout.write(JSON.stringify({
|
|
337
|
+
status: 'signed',
|
|
338
|
+
serverName,
|
|
339
|
+
fingerprint,
|
|
340
|
+
configHash,
|
|
341
|
+
identityFile: idPath,
|
|
342
|
+
}, null, 2) + '\n');
|
|
343
|
+
return 0;
|
|
344
|
+
}
|
|
345
|
+
process.stdout.write((0, colors_js_1.green)('MCP server signed successfully') + '\n\n');
|
|
346
|
+
process.stdout.write(` Server: ${(0, colors_js_1.bold)(serverName)}\n`);
|
|
347
|
+
process.stdout.write(` Transport: ${server.transport}\n`);
|
|
348
|
+
process.stdout.write(` Fingerprint: ${(0, colors_js_1.cyan)(fingerprint)}\n`);
|
|
349
|
+
process.stdout.write(` Config hash: ${(0, colors_js_1.dim)(configHash.substring(0, 32) + '...')}\n`);
|
|
350
|
+
process.stdout.write(` Stored in: ${(0, colors_js_1.dim)(idPath)}\n`);
|
|
351
|
+
return 0;
|
|
352
|
+
}
|
|
353
|
+
catch (err) {
|
|
354
|
+
process.stderr.write(`Failed to sign server: ${err instanceof Error ? err.message : String(err)}\n`);
|
|
355
|
+
return 1;
|
|
356
|
+
}
|
|
357
|
+
}
|
|
358
|
+
// ── Subcommand: verify ────────────────────────────────────────────────
|
|
359
|
+
async function handleVerify(options) {
|
|
360
|
+
const serverName = options.server;
|
|
361
|
+
if (!serverName) {
|
|
362
|
+
process.stderr.write('Missing required argument: <server-name>\n');
|
|
363
|
+
process.stderr.write('Usage: opena2a mcp verify <server-name>\n');
|
|
364
|
+
return 1;
|
|
365
|
+
}
|
|
366
|
+
const isJson = options.format === 'json';
|
|
367
|
+
// Check identity file exists
|
|
368
|
+
const idPath = getIdentityPath(options.targetDir, serverName);
|
|
369
|
+
if (!fs.existsSync(idPath)) {
|
|
370
|
+
if (isJson) {
|
|
371
|
+
process.stdout.write(JSON.stringify({
|
|
372
|
+
status: 'not_signed',
|
|
373
|
+
serverName,
|
|
374
|
+
message: 'No identity file found. Run "opena2a mcp sign" first.',
|
|
375
|
+
}, null, 2) + '\n');
|
|
376
|
+
return 1;
|
|
377
|
+
}
|
|
378
|
+
process.stderr.write(`No identity found for MCP server "${serverName}".\n`);
|
|
379
|
+
process.stderr.write(`Run "opena2a mcp sign ${serverName}" to create one.\n`);
|
|
380
|
+
return 1;
|
|
381
|
+
}
|
|
382
|
+
// Load identity
|
|
383
|
+
let identity;
|
|
384
|
+
try {
|
|
385
|
+
identity = JSON.parse(fs.readFileSync(idPath, 'utf-8'));
|
|
386
|
+
}
|
|
387
|
+
catch {
|
|
388
|
+
process.stderr.write(`Failed to read identity file: ${idPath}\n`);
|
|
389
|
+
return 1;
|
|
390
|
+
}
|
|
391
|
+
// Find server in configs
|
|
392
|
+
const server = findServer(options.targetDir, serverName);
|
|
393
|
+
// Verify signature
|
|
394
|
+
let signatureValid = false;
|
|
395
|
+
let configMatch = false;
|
|
396
|
+
try {
|
|
397
|
+
const pubKeyObj = crypto.createPublicKey({
|
|
398
|
+
key: Buffer.from(identity.publicKey, 'hex'),
|
|
399
|
+
type: 'spki',
|
|
400
|
+
format: 'der',
|
|
401
|
+
});
|
|
402
|
+
signatureValid = crypto.verify(null, Buffer.from(identity.configHash), pubKeyObj, Buffer.from(identity.signature, 'hex'));
|
|
403
|
+
}
|
|
404
|
+
catch {
|
|
405
|
+
signatureValid = false;
|
|
406
|
+
}
|
|
407
|
+
if (server) {
|
|
408
|
+
const currentHash = computeConfigHash(server);
|
|
409
|
+
configMatch = currentHash === identity.configHash;
|
|
410
|
+
}
|
|
411
|
+
// Fetch trust score
|
|
412
|
+
const trustScore = await fetchTrustScore(serverName);
|
|
413
|
+
// Compute fingerprint
|
|
414
|
+
let fingerprint = '';
|
|
415
|
+
try {
|
|
416
|
+
const pubKeyDer = Buffer.from(identity.publicKey, 'hex');
|
|
417
|
+
fingerprint = crypto.createHash('sha256').update(pubKeyDer).digest('hex').substring(0, 16);
|
|
418
|
+
}
|
|
419
|
+
catch {
|
|
420
|
+
fingerprint = 'unknown';
|
|
421
|
+
}
|
|
422
|
+
const passed = signatureValid && configMatch;
|
|
423
|
+
if (isJson) {
|
|
424
|
+
process.stdout.write(JSON.stringify({
|
|
425
|
+
status: passed ? 'verified' : 'failed',
|
|
426
|
+
serverName,
|
|
427
|
+
signatureValid,
|
|
428
|
+
configMatch,
|
|
429
|
+
configFound: server !== null,
|
|
430
|
+
fingerprint,
|
|
431
|
+
trustScore,
|
|
432
|
+
createdAt: identity.createdAt,
|
|
433
|
+
}, null, 2) + '\n');
|
|
434
|
+
return passed ? 0 : 1;
|
|
435
|
+
}
|
|
436
|
+
process.stdout.write((0, colors_js_1.bold)('MCP Server Verification') + '\n');
|
|
437
|
+
process.stdout.write((0, colors_js_1.gray)('='.repeat(50)) + '\n\n');
|
|
438
|
+
process.stdout.write(` Server: ${(0, colors_js_1.bold)(serverName)}\n`);
|
|
439
|
+
process.stdout.write(` Fingerprint: ${(0, colors_js_1.cyan)(fingerprint)}\n`);
|
|
440
|
+
process.stdout.write(` Created: ${(0, colors_js_1.dim)(identity.createdAt)}\n\n`);
|
|
441
|
+
process.stdout.write(` Signature: ${signatureValid ? (0, colors_js_1.green)('valid') : (0, colors_js_1.red)('invalid')}\n`);
|
|
442
|
+
process.stdout.write(` Config match: ${configMatch ? (0, colors_js_1.green)('current config matches signed config') : (server ? (0, colors_js_1.red)('config has changed since signing') : (0, colors_js_1.yellow)('server not found in current configs'))}\n`);
|
|
443
|
+
if (trustScore !== null) {
|
|
444
|
+
process.stdout.write(` Trust score: ${(0, colors_js_1.cyan)(String(trustScore))}\n`);
|
|
445
|
+
}
|
|
446
|
+
else {
|
|
447
|
+
process.stdout.write(` Trust score: ${(0, colors_js_1.dim)('not available')}\n`);
|
|
448
|
+
}
|
|
449
|
+
process.stdout.write('\n');
|
|
450
|
+
if (passed) {
|
|
451
|
+
process.stdout.write((0, colors_js_1.green)('PASS') + ' -- server identity verified\n');
|
|
452
|
+
}
|
|
453
|
+
else {
|
|
454
|
+
process.stdout.write((0, colors_js_1.red)('FAIL') + ' -- verification failed\n');
|
|
455
|
+
if (!signatureValid) {
|
|
456
|
+
process.stdout.write((0, colors_js_1.dim)(' The cryptographic signature could not be verified.') + '\n');
|
|
457
|
+
}
|
|
458
|
+
if (!configMatch && server) {
|
|
459
|
+
process.stdout.write((0, colors_js_1.dim)(' The server configuration has changed since it was signed.') + '\n');
|
|
460
|
+
process.stdout.write((0, colors_js_1.dim)(' Run "opena2a mcp sign ' + serverName + '" to re-sign.') + '\n');
|
|
461
|
+
}
|
|
462
|
+
if (!server) {
|
|
463
|
+
process.stdout.write((0, colors_js_1.dim)(' The server was not found in any configuration file.') + '\n');
|
|
464
|
+
}
|
|
465
|
+
}
|
|
466
|
+
return passed ? 0 : 1;
|
|
467
|
+
}
|
|
468
|
+
// ── Helpers ───────────────────────────────────────────────────────────
|
|
469
|
+
function findServer(targetDir, serverName) {
|
|
470
|
+
const sources = getConfigSources(targetDir);
|
|
471
|
+
for (const source of sources) {
|
|
472
|
+
const servers = parseConfigFile(source.filePath, source.label);
|
|
473
|
+
const found = servers.find(s => s.name === serverName);
|
|
474
|
+
if (found)
|
|
475
|
+
return found;
|
|
476
|
+
}
|
|
477
|
+
return null;
|
|
478
|
+
}
|
|
479
|
+
async function loadAimCore() {
|
|
480
|
+
try {
|
|
481
|
+
return await import('@opena2a/aim-core');
|
|
482
|
+
}
|
|
483
|
+
catch {
|
|
484
|
+
process.stderr.write('aim-core is not available.\n');
|
|
485
|
+
process.stderr.write('Install: npm install @opena2a/aim-core\n');
|
|
486
|
+
return null;
|
|
487
|
+
}
|
|
488
|
+
}
|
|
489
|
+
// ── Exports for testing ───────────────────────────────────────────────
|
|
490
|
+
exports._internals = {
|
|
491
|
+
parseConfigFile,
|
|
492
|
+
getConfigSources,
|
|
493
|
+
computeConfigHash,
|
|
494
|
+
findServer,
|
|
495
|
+
getIdentityPath,
|
|
496
|
+
getIdentityDir,
|
|
497
|
+
extractCapabilities,
|
|
498
|
+
detectPinnedVersion,
|
|
499
|
+
fetchTrustScore,
|
|
500
|
+
};
|
|
501
|
+
//# sourceMappingURL=mcp-audit.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"mcp-audit.js","sourceRoot":"","sources":["../../src/commands/mcp-audit.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAwCA,gCAgBC;AAxDD,4CAA8B;AAC9B,gDAAkC;AAClC,4CAA8B;AAC9B,oDAAsC;AACtC,iDAA8E;AAiC9E;;GAEG;AACI,KAAK,UAAU,UAAU,CAAC,OAA0B;IACzD,QAAQ,OAAO,CAAC,UAAU,EAAE,CAAC;QAC3B,KAAK,OAAO;YACV,OAAO,WAAW,CAAC,OAAO,CAAC,CAAC;QAC9B,KAAK,MAAM;YACT,OAAO,UAAU,CAAC,OAAO,CAAC,CAAC;QAC7B,KAAK,QAAQ;YACX,OAAO,YAAY,CAAC,OAAO,CAAC,CAAC;QAC/B;YACE,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,2BAA2B,OAAO,CAAC,UAAU,IAAI,CAAC,CAAC;YACxE,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,8CAA8C,CAAC,CAAC;YACrE,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,yDAAyD,CAAC,CAAC;YAChF,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,8DAA8D,CAAC,CAAC;YACrF,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,iEAAiE,CAAC,CAAC;YACxF,OAAO,CAAC,CAAC;IACb,CAAC;AACH,CAAC;AASD,SAAS,gBAAgB,CAAC,SAAiB;IACzC,MAAM,IAAI,GAAG,EAAE,CAAC,OAAO,EAAE,CAAC;IAC1B,OAAO;QACL,EAAE,QAAQ,EAAE,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,SAAS,EAAE,kBAAkB,CAAC,EAAE,KAAK,EAAE,aAAa,EAAE;QAClF,EAAE,QAAQ,EAAE,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,SAAS,EAAE,UAAU,CAAC,EAAE,KAAK,EAAE,QAAQ,EAAE;QACrE,EAAE,QAAQ,EAAE,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,SAAS,EAAE,UAAU,EAAE,UAAU,CAAC,EAAE,KAAK,EAAE,UAAU,EAAE;QACnF,EAAE,QAAQ,EAAE,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,UAAU,CAAC,EAAE,KAAK,EAAE,eAAe,EAAE;QACtE,EAAE,QAAQ,EAAE,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,WAAW,CAAC,EAAE,KAAK,EAAE,eAAe,EAAE;KACxE,CAAC;AACJ,CAAC;AAED,SAAS,eAAe,CAAC,QAAgB,EAAE,KAAa;IACtD,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,EAAE,CAAC,YAAY,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;QAC/C,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QAC/B,MAAM,OAAO,GAAwB,MAAM,CAAC,UAAU,IAAI,MAAM,CAAC;QACjE,IAAI,OAAO,OAAO,KAAK,QAAQ,IAAI,OAAO,KAAK,IAAI;YAAE,OAAO,EAAE,CAAC;QAE/D,MAAM,OAAO,GAAqB,EAAE,CAAC;QACrC,KAAK,MAAM,CAAC,IAAI,EAAE,MAAM,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC;YACrD,IAAI,OAAO,MAAM,KAAK,QAAQ,IAAI,MAAM,KAAK,IAAI;gBAAE,SAAS;YAE5D,MAAM,MAAM,GAAG,OAAO,MAAM,CAAC,GAAG,KAAK,QAAQ,CAAC;YAC9C,MAAM,UAAU,GAAG,OAAO,MAAM,CAAC,OAAO,KAAK,QAAQ,CAAC;YACtD,IAAI,CAAC,MAAM,IAAI,CAAC,UAAU;gBAAE,SAAS;YAErC,MAAM,SAAS,GAAoB,MAAM,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,OAAO,CAAC;YAC5D,MAAM,IAAI,GAAG,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;YAC9E,MAAM,YAAY,GAAG,mBAAmB,CAAC,MAAM,CAAC,CAAC;YACjD,MAAM,aAAa,GAAG,mBAAmB,CAAC,MAAM,CAAC,OAAO,EAAE,IAAI,CAAC,CAAC;YAEhE,OAAO,CAAC,IAAI,CAAC;gBACX,IAAI;gBACJ,SAAS;gBACT,OAAO,EAAE,MAAM,CAAC,OAAO;gBACvB,IAAI;gBACJ,GAAG,EAAE,MAAM,CAAC,GAAG;gBACf,GAAG,EAAE,MAAM,CAAC,GAAG;gBACf,YAAY;gBACZ,aAAa;gBACb,UAAU,EAAE,QAAQ;gBACpB,WAAW,EAAE,KAAK;aACnB,CAAC,CAAC;QACL,CAAC;QACD,OAAO,OAAO,CAAC;IACjB,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,CAAC;IACZ,CAAC;AACH,CAAC;AAED,SAAS,mBAAmB,CAAC,MAAW;IACtC,MAAM,IAAI,GAAa,EAAE,CAAC;IAC1B,IAAI,MAAM,CAAC,KAAK;QAAE,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IACrC,IAAI,MAAM,CAAC,SAAS;QAAE,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;IAC7C,IAAI,MAAM,CAAC,OAAO;QAAE,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;IACzC,OAAO,IAAI,CAAC;AACd,CAAC;AAED,SAAS,mBAAmB,CAAC,OAAgB,EAAE,IAAe;IAC5D,IAAI,CAAC,IAAI;QAAE,OAAO,KAAK,CAAC;IACxB,2DAA2D;IAC3D,KAAK,MAAM,GAAG,IAAI,IAAI,EAAE,CAAC;QACvB,IAAI,GAAG,CAAC,KAAK,CAAC,WAAW,CAAC;YAAE,OAAO,IAAI,CAAC;IAC1C,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,SAAS,cAAc,CAAC,SAAiB;IACvC,OAAO,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,UAAU,EAAE,gBAAgB,CAAC,CAAC;AAC5D,CAAC;AAED,SAAS,eAAe,CAAC,SAAiB,EAAE,UAAkB;IAC5D,OAAO,IAAI,CAAC,IAAI,CAAC,cAAc,CAAC,SAAS,CAAC,EAAE,GAAG,UAAU,OAAO,CAAC,CAAC;AACpE,CAAC;AAED,SAAS,iBAAiB,CAAC,KAAqB;IAC9C,MAAM,IAAI,GAAG,KAAK,CAAC,SAAS,KAAK,OAAO;QACtC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,OAAO,EAAE,KAAK,CAAC,OAAO,EAAE,IAAI,EAAE,KAAK,CAAC,IAAI,EAAE,CAAC;QAC9D,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,GAAG,EAAE,KAAK,CAAC,GAAG,EAAE,CAAC,CAAC;IACvC,OAAO,MAAM,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;AAChE,CAAC;AAED,yEAAyE;AAEzE,KAAK,UAAU,eAAe,CAAC,UAAkB;IAC/C,IAAI,CAAC;QACH,MAAM,UAAU,GAAG,IAAI,eAAe,EAAE,CAAC;QACzC,MAAM,OAAO,GAAG,UAAU,CAAC,GAAG,EAAE,CAAC,UAAU,CAAC,KAAK,EAAE,EAAE,IAAI,CAAC,CAAC;QAC3D,MAAM,IAAI,GAAG,MAAM,KAAK,CACtB,gDAAgD,kBAAkB,CAAC,UAAU,CAAC,EAAE,EAChF,EAAE,MAAM,EAAE,UAAU,CAAC,MAAM,EAAE,CAC9B,CAAC;QACF,YAAY,CAAC,OAAO,CAAC,CAAC;QACtB,IAAI,CAAC,IAAI,CAAC,EAAE;YAAE,OAAO,IAAI,CAAC;QAC1B,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,IAAI,EAAS,CAAC;QACtC,OAAO,OAAO,IAAI,CAAC,UAAU,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,IAAI,CAAC;IACtE,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,yEAAyE;AAEzE,KAAK,UAAU,WAAW,CAAC,OAA0B;IACnD,MAAM,OAAO,GAAG,gBAAgB,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;IACpD,MAAM,MAAM,GAAG,OAAO,CAAC,MAAM,KAAK,MAAM,CAAC;IAEzC,wCAAwC;IACxC,MAAM,OAAO,GAA0D,EAAE,CAAC;IAC1E,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE,CAAC;QAC7B,MAAM,OAAO,GAAG,eAAe,CAAC,MAAM,CAAC,QAAQ,EAAE,MAAM,CAAC,KAAK,CAAC,CAAC;QAC/D,IAAI,OAAO,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACvB,OAAO,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,OAAO,EAAE,CAAC,CAAC;QACpC,CAAC;IACH,CAAC;IAED,MAAM,UAAU,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC;IAEnD,wCAAwC;IACxC,MAAM,WAAW,GAAG,cAAc,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;IACtD,MAAM,cAAc,GAAwD,IAAI,GAAG,EAAE,CAAC;IACtF,KAAK,MAAM,MAAM,IAAI,UAAU,EAAE,CAAC;QAChC,MAAM,MAAM,GAAG,eAAe,CAAC,OAAO,CAAC,SAAS,EAAE,MAAM,CAAC,IAAI,CAAC,CAAC;QAC/D,MAAM,MAAM,GAAG,EAAE,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC;QACrC,IAAI,QAAQ,GAAG,KAAK,CAAC;QACrB,IAAI,MAAM,EAAE,CAAC;YACX,IAAI,CAAC;gBACH,MAAM,QAAQ,GAAgB,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,YAAY,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,CAAC;gBAC3E,MAAM,WAAW,GAAG,iBAAiB,CAAC,MAAM,CAAC,CAAC;gBAC9C,QAAQ,GAAG,QAAQ,CAAC,UAAU,KAAK,WAAW,CAAC;YACjD,CAAC;YAAC,MAAM,CAAC;gBACP,QAAQ,GAAG,KAAK,CAAC;YACnB,CAAC;QACH,CAAC;QACD,cAAc,CAAC,GAAG,CAAC,MAAM,CAAC,IAAI,EAAE,EAAE,MAAM,EAAE,QAAQ,EAAE,CAAC,CAAC;IACxD,CAAC;IAED,6CAA6C;IAC7C,MAAM,WAAW,GAA+B,IAAI,GAAG,EAAE,CAAC;IAC1D,IAAI,CAAC,OAAO,CAAC,EAAE,EAAE,CAAC;QAChB,MAAM,QAAQ,GAAG,UAAU,CAAC,GAAG,CAAC,KAAK,EAAE,CAAC,EAAE,EAAE;YAC1C,MAAM,KAAK,GAAG,MAAM,eAAe,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;YAC5C,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;QACjC,CAAC,CAAC,CAAC;QACH,MAAM,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;IAC9B,CAAC;IAED,gBAAgB;IAChB,MAAM,KAAK,GAAG,UAAU,CAAC,MAAM,CAAC;IAChC,MAAM,WAAW,GAAG,CAAC,GAAG,cAAc,CAAC,MAAM,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,MAAM,CAAC;IAC9E,MAAM,aAAa,GAAG,CAAC,GAAG,cAAc,CAAC,MAAM,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC;IAClF,MAAM,UAAU,GAAG,CAAC,GAAG,WAAW,CAAC,MAAM,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,KAAK,IAAI,CAAC,CAAC,MAAM,CAAC;IAE5E,IAAI,MAAM,EAAE,CAAC;QACX,MAAM,MAAM,GAAG;YACb,OAAO,EAAE,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;gBAC5B,IAAI,EAAE,CAAC,CAAC,IAAI;gBACZ,SAAS,EAAE,CAAC,CAAC,SAAS;gBACtB,OAAO,EAAE,CAAC,CAAC,SAAS,KAAK,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC,CAAC,IAAI,IAAI,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,SAAS;gBACvF,GAAG,EAAE,CAAC,CAAC,GAAG;gBACV,UAAU,EAAE,CAAC,CAAC,UAAU;gBACxB,WAAW,EAAE,CAAC,CAAC,WAAW;gBAC1B,aAAa,EAAE,CAAC,CAAC,aAAa;gBAC9B,YAAY,EAAE,CAAC,CAAC,YAAY;gBAC5B,MAAM,EAAE,cAAc,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,EAAE,MAAM,IAAI,KAAK;gBACnD,QAAQ,EAAE,cAAc,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,EAAE,QAAQ,IAAI,KAAK;gBACvD,UAAU,EAAE,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,IAAI;aAC5C,CAAC,CAAC;YACH,OAAO,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,WAAW,EAAE,QAAQ,EAAE,aAAa,EAAE,WAAW,EAAE,UAAU,EAAE;SAC1F,CAAC;QACF,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,GAAG,IAAI,CAAC,CAAC;QAC7D,OAAO,CAAC,CAAC;IACX,CAAC;IAED,cAAc;IACd,IAAI,KAAK,KAAK,CAAC,EAAE,CAAC;QAChB,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAA,gBAAI,EAAC,kBAAkB,CAAC,GAAG,IAAI,CAAC,CAAC;QACtD,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAA,gBAAI,EAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,GAAG,MAAM,CAAC,CAAC;QACpD,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAA,eAAG,EAAC,qCAAqC,CAAC,GAAG,IAAI,CAAC,CAAC;QACxE,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAA,eAAG,EAAC,oBAAoB,CAAC,GAAG,IAAI,CAAC,CAAC;QACvD,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE,CAAC;YAC7B,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAA,eAAG,EAAC,KAAK,MAAM,CAAC,QAAQ,EAAE,CAAC,GAAG,IAAI,CAAC,CAAC;QAC3D,CAAC;QACD,OAAO,CAAC,CAAC;IACX,CAAC;IAED,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAA,gBAAI,EAAC,kBAAkB,CAAC,GAAG,IAAI,CAAC,CAAC;IACtD,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAA,gBAAI,EAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,GAAG,MAAM,CAAC,CAAC;IAEpD,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE,CAAC;QAC5B,MAAM,SAAS,GAAG,KAAK,CAAC,MAAM,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC,OAAO,EAAE,EAAE,GAAG,CAAC,CAAC;QACnE,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAA,gBAAI,EAAC,WAAW,SAAS,EAAE,CAAC,GAAG,IAAA,eAAG,EAAC,KAAK,KAAK,CAAC,MAAM,CAAC,KAAK,GAAG,CAAC,GAAG,IAAI,CAAC,CAAC;QAE5F,KAAK,MAAM,MAAM,IAAI,KAAK,CAAC,OAAO,EAAE,CAAC;YACnC,MAAM,MAAM,GAAG,cAAc,CAAC,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;YAC/C,MAAM,SAAS,GAAG,MAAM,EAAE,MAAM,CAAC,CAAC,CAAC,IAAA,iBAAK,EAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,IAAA,kBAAM,EAAC,YAAY,CAAC,CAAC;YAC1E,MAAM,UAAU,GAAG,WAAW,CAAC,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;YAChD,MAAM,UAAU,GAAG,UAAU,KAAK,IAAI,IAAI,UAAU,KAAK,SAAS;gBAChE,CAAC,CAAC,IAAA,gBAAI,EAAC,UAAU,UAAU,EAAE,CAAC;gBAC9B,CAAC,CAAC,IAAA,eAAG,EAAC,gBAAgB,CAAC,CAAC;YAE1B,MAAM,UAAU,GAAG,MAAM,CAAC,SAAS,KAAK,OAAO;gBAC7C,CAAC,CAAC,CAAC,MAAM,CAAC,OAAO,EAAE,GAAG,CAAC,MAAM,CAAC,IAAI,IAAI,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,KAAK,IAAI,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC;gBAC5E,CAAC,CAAC,MAAM,CAAC,GAAG,IAAI,EAAE,CAAC;YAErB,MAAM,OAAO,GAAG,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;YACvC,MAAM,YAAY,GAAG,MAAM,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;YAEhD,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,KAAK,OAAO,IAAI,IAAA,eAAG,EAAC,YAAY,CAAC,IAAI,IAAA,eAAG,EAAC,UAAU,CAAC,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,KAAK,SAAS,KAAK,UAAU,IAAI,CAAC,CAAC;YAExI,IAAI,OAAO,CAAC,OAAO,EAAE,CAAC;gBACpB,IAAI,MAAM,CAAC,aAAa,EAAE,CAAC;oBACzB,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAA,eAAG,EAAC,qCAAqC,CAAC,GAAG,IAAI,CAAC,CAAC;gBAC1E,CAAC;gBACD,IAAI,MAAM,CAAC,YAAY,IAAI,MAAM,CAAC,YAAY,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;oBAC1D,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAA,eAAG,EAAC,sCAAsC,MAAM,CAAC,YAAY,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,GAAG,IAAI,CAAC,CAAC;gBAC3G,CAAC;gBACD,IAAI,MAAM,CAAC,GAAG,EAAE,CAAC;oBACf,MAAM,OAAO,GAAG,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;oBACxC,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAA,eAAG,EAAC,kCAAkC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,GAAG,IAAI,CAAC,CAAC;gBAC3F,CAAC;gBACD,IAAI,MAAM,EAAE,MAAM,EAAE,CAAC;oBACnB,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAA,eAAG,EAAC,0DAA0D,MAAM,CAAC,IAAI,OAAO,CAAC,GAAG,IAAI,CAAC,CAAC;gBACjH,CAAC;gBACD,MAAM,OAAO,GAAG,MAAM,CAAC,SAAS,KAAK,OAAO;oBAC1C,CAAC,CAAC,CAAC,MAAM,CAAC,OAAO,EAAE,GAAG,CAAC,MAAM,CAAC,IAAI,IAAI,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC;oBACpD,CAAC,CAAC,MAAM,CAAC,GAAG,IAAI,EAAE,CAAC;gBACrB,IAAI,OAAO,CAAC,MAAM,GAAG,EAAE,EAAE,CAAC;oBACxB,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAA,eAAG,EAAC,sCAAsC,OAAO,EAAE,CAAC,GAAG,IAAI,CAAC,CAAC;gBACpF,CAAC;YACH,CAAC;QACH,CAAC;QACD,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAC7B,CAAC;IAED,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAA,gBAAI,EAAC,SAAS,CAAC,GAAG,IAAI,CAAC,CAAC;IAC7C,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,wBAAwB,KAAK,IAAI,CAAC,CAAC;IACxD,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,wBAAwB,WAAW,MAAM,KAAK,IAAI,CAAC,CAAC;IACzE,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,wBAAwB,aAAa,MAAM,KAAK,IAAI,CAAC,CAAC;IAC3E,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,wBAAwB,UAAU,MAAM,KAAK,IAAI,CAAC,CAAC;IACxE,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAE3B,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAA,gBAAI,EAAC,YAAY,CAAC,GAAG,IAAI,CAAC,CAAC;IAChD,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,KAAK,IAAA,gBAAI,EAAC,yBAAyB,CAAC,+CAA+C,CAAC,CAAC;IAC1G,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,KAAK,IAAA,gBAAI,EAAC,2BAA2B,CAAC,gDAAgD,CAAC,CAAC;IAE7G,OAAO,CAAC,CAAC;AACX,CAAC;AAED,yEAAyE;AAEzE,KAAK,UAAU,UAAU,CAAC,OAA0B;IAClD,MAAM,UAAU,GAAG,OAAO,CAAC,MAAM,CAAC;IAClC,IAAI,CAAC,UAAU,EAAE,CAAC;QAChB,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,4CAA4C,CAAC,CAAC;QACnE,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,yCAAyC,CAAC,CAAC;QAChE,OAAO,CAAC,CAAC;IACX,CAAC;IAED,6BAA6B;IAC7B,MAAM,MAAM,GAAG,UAAU,CAAC,OAAO,CAAC,SAAS,EAAE,UAAU,CAAC,CAAC;IACzD,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,eAAe,UAAU,0CAA0C,CAAC,CAAC;QAC1F,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,qDAAqD,CAAC,CAAC;QAC5E,OAAO,CAAC,CAAC;IACX,CAAC;IAED,gBAAgB;IAChB,MAAM,OAAO,GAAG,MAAM,WAAW,EAAE,CAAC;IACpC,IAAI,CAAC,OAAO;QAAE,OAAO,CAAC,CAAC;IAEvB,MAAM,MAAM,GAAG,OAAO,CAAC,MAAM,KAAK,MAAM,CAAC;IAEzC,IAAI,CAAC;QACH,2BAA2B;QAC3B,MAAM,EAAE,SAAS,EAAE,UAAU,EAAE,GAAG,MAAM,CAAC,mBAAmB,CAAC,SAAS,CAAC,CAAC;QACxE,MAAM,SAAS,GAAG,SAAS,CAAC,MAAM,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC,CAAC;QACpE,MAAM,UAAU,GAAG,UAAU,CAAC,MAAM,CAAC,EAAE,IAAI,EAAE,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC,CAAC;QACvE,MAAM,SAAS,GAAG,SAAS,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;QAC5C,MAAM,UAAU,GAAG,UAAU,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;QAE9C,sBAAsB;QACtB,MAAM,UAAU,GAAG,iBAAiB,CAAC,MAAM,CAAC,CAAC;QAE7C,uBAAuB;QACvB,MAAM,SAAS,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,EAAE,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,EAAE,UAAU,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;QAEzF,sBAAsB;QACtB,MAAM,WAAW,GAAG,MAAM,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;QAEjG,iBAAiB;QACjB,MAAM,WAAW,GAAG,cAAc,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;QACtD,EAAE,CAAC,SAAS,CAAC,WAAW,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QAE/C,MAAM,QAAQ,GAAgB;YAC5B,UAAU;YACV,SAAS,EAAE,SAAS;YACpB,UAAU,EAAE,UAAU;YACtB,UAAU;YACV,SAAS;YACT,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;SACpC,CAAC;QAEF,MAAM,MAAM,GAAG,eAAe,CAAC,OAAO,CAAC,SAAS,EAAE,UAAU,CAAC,CAAC;QAC9D,EAAE,CAAC,aAAa,CAAC,MAAM,EAAE,IAAI,CAAC,SAAS,CAAC,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;QAE5D,IAAI,MAAM,EAAE,CAAC;YACX,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC;gBAClC,MAAM,EAAE,QAAQ;gBAChB,UAAU;gBACV,WAAW;gBACX,UAAU;gBACV,YAAY,EAAE,MAAM;aACrB,EAAE,IAAI,EAAE,CAAC,CAAC,GAAG,IAAI,CAAC,CAAC;YACpB,OAAO,CAAC,CAAC;QACX,CAAC;QAED,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAA,iBAAK,EAAC,gCAAgC,CAAC,GAAG,MAAM,CAAC,CAAC;QACvE,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,mBAAmB,IAAA,gBAAI,EAAC,UAAU,CAAC,IAAI,CAAC,CAAC;QAC9D,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,mBAAmB,MAAM,CAAC,SAAS,IAAI,CAAC,CAAC;QAC9D,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,mBAAmB,IAAA,gBAAI,EAAC,WAAW,CAAC,IAAI,CAAC,CAAC;QAC/D,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,mBAAmB,IAAA,eAAG,EAAC,UAAU,CAAC,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,KAAK,CAAC,IAAI,CAAC,CAAC;QACtF,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,mBAAmB,IAAA,eAAG,EAAC,MAAM,CAAC,IAAI,CAAC,CAAC;QACzD,OAAO,CAAC,CAAC;IACX,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,0BAA0B,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;QACrG,OAAO,CAAC,CAAC;IACX,CAAC;AACH,CAAC;AAED,yEAAyE;AAEzE,KAAK,UAAU,YAAY,CAAC,OAA0B;IACpD,MAAM,UAAU,GAAG,OAAO,CAAC,MAAM,CAAC;IAClC,IAAI,CAAC,UAAU,EAAE,CAAC;QAChB,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,4CAA4C,CAAC,CAAC;QACnE,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,2CAA2C,CAAC,CAAC;QAClE,OAAO,CAAC,CAAC;IACX,CAAC;IAED,MAAM,MAAM,GAAG,OAAO,CAAC,MAAM,KAAK,MAAM,CAAC;IAEzC,6BAA6B;IAC7B,MAAM,MAAM,GAAG,eAAe,CAAC,OAAO,CAAC,SAAS,EAAE,UAAU,CAAC,CAAC;IAC9D,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,MAAM,CAAC,EAAE,CAAC;QAC3B,IAAI,MAAM,EAAE,CAAC;YACX,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC;gBAClC,MAAM,EAAE,YAAY;gBACpB,UAAU;gBACV,OAAO,EAAE,uDAAuD;aACjE,EAAE,IAAI,EAAE,CAAC,CAAC,GAAG,IAAI,CAAC,CAAC;YACpB,OAAO,CAAC,CAAC;QACX,CAAC;QACD,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,qCAAqC,UAAU,MAAM,CAAC,CAAC;QAC5E,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,yBAAyB,UAAU,oBAAoB,CAAC,CAAC;QAC9E,OAAO,CAAC,CAAC;IACX,CAAC;IAED,gBAAgB;IAChB,IAAI,QAAqB,CAAC;IAC1B,IAAI,CAAC;QACH,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,YAAY,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,CAAC;IAC1D,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,iCAAiC,MAAM,IAAI,CAAC,CAAC;QAClE,OAAO,CAAC,CAAC;IACX,CAAC;IAED,yBAAyB;IACzB,MAAM,MAAM,GAAG,UAAU,CAAC,OAAO,CAAC,SAAS,EAAE,UAAU,CAAC,CAAC;IAEzD,mBAAmB;IACnB,IAAI,cAAc,GAAG,KAAK,CAAC;IAC3B,IAAI,WAAW,GAAG,KAAK,CAAC;IAExB,IAAI,CAAC;QACH,MAAM,SAAS,GAAG,MAAM,CAAC,eAAe,CAAC;YACvC,GAAG,EAAE,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,SAAS,EAAE,KAAK,CAAC;YAC3C,IAAI,EAAE,MAAM;YACZ,MAAM,EAAE,KAAK;SACd,CAAC,CAAC;QAEH,cAAc,GAAG,MAAM,CAAC,MAAM,CAC5B,IAAI,EACJ,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,EAChC,SAAS,EACT,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,SAAS,EAAE,KAAK,CAAC,CACvC,CAAC;IACJ,CAAC;IAAC,MAAM,CAAC;QACP,cAAc,GAAG,KAAK,CAAC;IACzB,CAAC;IAED,IAAI,MAAM,EAAE,CAAC;QACX,MAAM,WAAW,GAAG,iBAAiB,CAAC,MAAM,CAAC,CAAC;QAC9C,WAAW,GAAG,WAAW,KAAK,QAAQ,CAAC,UAAU,CAAC;IACpD,CAAC;IAED,oBAAoB;IACpB,MAAM,UAAU,GAAG,MAAM,eAAe,CAAC,UAAU,CAAC,CAAC;IAErD,sBAAsB;IACtB,IAAI,WAAW,GAAG,EAAE,CAAC;IACrB,IAAI,CAAC;QACH,MAAM,SAAS,GAAG,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,SAAS,EAAE,KAAK,CAAC,CAAC;QACzD,WAAW,GAAG,MAAM,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;IAC7F,CAAC;IAAC,MAAM,CAAC;QACP,WAAW,GAAG,SAAS,CAAC;IAC1B,CAAC;IAED,MAAM,MAAM,GAAG,cAAc,IAAI,WAAW,CAAC;IAE7C,IAAI,MAAM,EAAE,CAAC;QACX,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC;YAClC,MAAM,EAAE,MAAM,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,QAAQ;YACtC,UAAU;YACV,cAAc;YACd,WAAW;YACX,WAAW,EAAE,MAAM,KAAK,IAAI;YAC5B,WAAW;YACX,UAAU;YACV,SAAS,EAAE,QAAQ,CAAC,SAAS;SAC9B,EAAE,IAAI,EAAE,CAAC,CAAC,GAAG,IAAI,CAAC,CAAC;QACpB,OAAO,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IACxB,CAAC;IAED,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAA,gBAAI,EAAC,yBAAyB,CAAC,GAAG,IAAI,CAAC,CAAC;IAC7D,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAA,gBAAI,EAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,GAAG,MAAM,CAAC,CAAC;IAEpD,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,sBAAsB,IAAA,gBAAI,EAAC,UAAU,CAAC,IAAI,CAAC,CAAC;IACjE,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,sBAAsB,IAAA,gBAAI,EAAC,WAAW,CAAC,IAAI,CAAC,CAAC;IAClE,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,sBAAsB,IAAA,eAAG,EAAC,QAAQ,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;IAE1E,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,sBAAsB,cAAc,CAAC,CAAC,CAAC,IAAA,iBAAK,EAAC,OAAO,CAAC,CAAC,CAAC,CAAC,IAAA,eAAG,EAAC,SAAS,CAAC,IAAI,CAAC,CAAC;IACjG,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,sBAAsB,WAAW,CAAC,CAAC,CAAC,IAAA,iBAAK,EAAC,sCAAsC,CAAC,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,IAAA,eAAG,EAAC,kCAAkC,CAAC,CAAC,CAAC,CAAC,IAAA,kBAAM,EAAC,qCAAqC,CAAC,CAAC,IAAI,CAAC,CAAC;IAEjN,IAAI,UAAU,KAAK,IAAI,EAAE,CAAC;QACxB,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,sBAAsB,IAAA,gBAAI,EAAC,MAAM,CAAC,UAAU,CAAC,CAAC,IAAI,CAAC,CAAC;IAC3E,CAAC;SAAM,CAAC;QACN,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,sBAAsB,IAAA,eAAG,EAAC,eAAe,CAAC,IAAI,CAAC,CAAC;IACvE,CAAC;IAED,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAE3B,IAAI,MAAM,EAAE,CAAC;QACX,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAA,iBAAK,EAAC,MAAM,CAAC,GAAG,gCAAgC,CAAC,CAAC;IACzE,CAAC;SAAM,CAAC;QACN,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAA,eAAG,EAAC,MAAM,CAAC,GAAG,2BAA2B,CAAC,CAAC;QAChE,IAAI,CAAC,cAAc,EAAE,CAAC;YACpB,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAA,eAAG,EAAC,sDAAsD,CAAC,GAAG,IAAI,CAAC,CAAC;QAC3F,CAAC;QACD,IAAI,CAAC,WAAW,IAAI,MAAM,EAAE,CAAC;YAC3B,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAA,eAAG,EAAC,6DAA6D,CAAC,GAAG,IAAI,CAAC,CAAC;YAChG,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAA,eAAG,EAAC,0BAA0B,GAAG,UAAU,GAAG,eAAe,CAAC,GAAG,IAAI,CAAC,CAAC;QAC9F,CAAC;QACD,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAA,eAAG,EAAC,uDAAuD,CAAC,GAAG,IAAI,CAAC,CAAC;QAC5F,CAAC;IACH,CAAC;IAED,OAAO,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;AACxB,CAAC;AAED,yEAAyE;AAEzE,SAAS,UAAU,CAAC,SAAiB,EAAE,UAAkB;IACvD,MAAM,OAAO,GAAG,gBAAgB,CAAC,SAAS,CAAC,CAAC;IAC5C,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE,CAAC;QAC7B,MAAM,OAAO,GAAG,eAAe,CAAC,MAAM,CAAC,QAAQ,EAAE,MAAM,CAAC,KAAK,CAAC,CAAC;QAC/D,MAAM,KAAK,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,UAAU,CAAC,CAAC;QACvD,IAAI,KAAK;YAAE,OAAO,KAAK,CAAC;IAC1B,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,KAAK,UAAU,WAAW;IACxB,IAAI,CAAC;QACH,OAAO,MAAM,MAAM,CAAC,mBAAmB,CAAC,CAAC;IAC3C,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,8BAA8B,CAAC,CAAC;QACrD,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,0CAA0C,CAAC,CAAC;QACjE,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,yEAAyE;AAE5D,QAAA,UAAU,GAAG;IACxB,eAAe;IACf,gBAAgB;IAChB,iBAAiB;IACjB,UAAU;IACV,eAAe;IACf,cAAc;IACd,mBAAmB;IACnB,mBAAmB;IACnB,eAAe;CAChB,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"protect.d.ts","sourceRoot":"","sources":["../../src/commands/protect.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AA6DH,MAAM,WAAW,cAAc;IAC7B,2CAA2C;IAC3C,SAAS,EAAE,MAAM,CAAC;IAClB,0DAA0D;IAC1D,MAAM,CAAC,EAAE,OAAO,CAAC;IACjB,qBAAqB;IACrB,OAAO,CAAC,EAAE,OAAO,CAAC;IAClB,uCAAuC;IACvC,EAAE,CAAC,EAAE,OAAO,CAAC;IACb,oBAAoB;IACpB,MAAM,CAAC,EAAE,MAAM,GAAG,MAAM,CAAC;IACzB,gCAAgC;IAChC,UAAU,CAAC,EAAE,OAAO,CAAC;IACrB,iEAAiE;IACjE,YAAY,CAAC,EAAE,OAAO,CAAC;IACvB,4CAA4C;IAC5C,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,gCAAgC;IAChC,QAAQ,CAAC,EAAE,OAAO,CAAC;IACnB,6DAA6D;IAC7D,OAAO,CAAC,EAAE,OAAO,CAAC;CACnB;AAuBD;;GAEG;AACH,wBAAsB,OAAO,CAAC,OAAO,EAAE,cAAc,GAAG,OAAO,CAAC,MAAM,CAAC,
|
|
1
|
+
{"version":3,"file":"protect.d.ts","sourceRoot":"","sources":["../../src/commands/protect.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AA6DH,MAAM,WAAW,cAAc;IAC7B,2CAA2C;IAC3C,SAAS,EAAE,MAAM,CAAC;IAClB,0DAA0D;IAC1D,MAAM,CAAC,EAAE,OAAO,CAAC;IACjB,qBAAqB;IACrB,OAAO,CAAC,EAAE,OAAO,CAAC;IAClB,uCAAuC;IACvC,EAAE,CAAC,EAAE,OAAO,CAAC;IACb,oBAAoB;IACpB,MAAM,CAAC,EAAE,MAAM,GAAG,MAAM,CAAC;IACzB,gCAAgC;IAChC,UAAU,CAAC,EAAE,OAAO,CAAC;IACrB,iEAAiE;IACjE,YAAY,CAAC,EAAE,OAAO,CAAC;IACvB,4CAA4C;IAC5C,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,gCAAgC;IAChC,QAAQ,CAAC,EAAE,OAAO,CAAC;IACnB,6DAA6D;IAC7D,OAAO,CAAC,EAAE,OAAO,CAAC;CACnB;AAuBD;;GAEG;AACH,wBAAsB,OAAO,CAAC,OAAO,EAAE,cAAc,GAAG,OAAO,CAAC,MAAM,CAAC,CA0etE"}
|
package/dist/commands/protect.js
CHANGED
|
@@ -444,7 +444,7 @@ async function protect(options) {
|
|
|
444
444
|
catch {
|
|
445
445
|
// secretless not available -- assume local
|
|
446
446
|
}
|
|
447
|
-
if (currentBackend === '1password' || currentBackend === 'vault') {
|
|
447
|
+
if (currentBackend === '1password' || currentBackend === 'vault' || currentBackend === 'gcp-sm') {
|
|
448
448
|
// Already on a team vault -- skip the upgrade offer silently
|
|
449
449
|
}
|
|
450
450
|
else {
|
|
@@ -470,6 +470,11 @@ async function protect(options) {
|
|
|
470
470
|
value: 'vault',
|
|
471
471
|
description: 'Best for enterprises. Requires a running Vault server. Setup: brew install vault',
|
|
472
472
|
},
|
|
473
|
+
{
|
|
474
|
+
name: 'GCP Secret Manager Cloud-native, IAM-integrated, auto-versioned',
|
|
475
|
+
value: 'gcp-sm',
|
|
476
|
+
description: 'Best for GCP users. Requires gcloud CLI or service account key.',
|
|
477
|
+
},
|
|
473
478
|
{
|
|
474
479
|
name: 'Keep local vault File-based, works offline, no setup required',
|
|
475
480
|
value: 'local',
|
|
@@ -498,6 +503,10 @@ async function protect(options) {
|
|
|
498
503
|
const { offerVaultMigration } = await import('./vault-migration.js');
|
|
499
504
|
await offerVaultMigration({ credentialCount: report.migrated, ci: options.ci });
|
|
500
505
|
}
|
|
506
|
+
else if (backendChoice === 'gcp-sm') {
|
|
507
|
+
const { offerGCPSMMigration } = await import('./gcp-sm-migration.js');
|
|
508
|
+
await offerGCPSMMigration({ credentialCount: report.migrated, ci: options.ci });
|
|
509
|
+
}
|
|
501
510
|
}
|
|
502
511
|
}
|
|
503
512
|
catch {
|