opencode-varlock 0.0.6 → 0.0.8
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +2 -1
- package/assets/permissions.json +9 -0
- package/dist/config.d.ts +6 -1
- package/dist/config.d.ts.map +1 -1
- package/dist/config.js +14 -3
- package/dist/config.js.map +1 -1
- package/dist/guard.d.ts.map +1 -1
- package/dist/guard.js +25 -3
- package/dist/guard.js.map +1 -1
- package/dist/plugin.d.ts.map +1 -1
- package/dist/plugin.js +25 -4
- package/dist/plugin.js.map +1 -1
- package/package.json +1 -1
package/README.md
CHANGED
|
@@ -316,7 +316,7 @@ These permission rules complement the EnvGuard hook — the rules handle fast-pa
|
|
|
316
316
|
|
|
317
317
|
### Why three layers?
|
|
318
318
|
|
|
319
|
-
**Permissions alone aren't enough.** An agent can try `python3 -c "print(open('.env').read())"`
|
|
319
|
+
**Permissions alone aren't enough.** An agent can try `python3 -c "print(open('.env').read())"` or `python -c "import os; print(os.getenv('API_KEY'))"` - the obvious glob rules won't catch every runtime exfiltration path.
|
|
320
320
|
|
|
321
321
|
**Prompt instructions alone aren't enough.** Telling an agent "never read .env" is a soft boundary the model can reason past.
|
|
322
322
|
|
|
@@ -329,6 +329,7 @@ These permission rules complement the EnvGuard hook — the rules handle fast-pa
|
|
|
329
329
|
✓ Writes code: const db = new Client(process.env.DATABASE_URL)
|
|
330
330
|
✗ cat .env → Blocked: deny pattern
|
|
331
331
|
✗ echo $API_KEY → Blocked: deny pattern
|
|
332
|
+
✗ python -c "os.getenv" → Blocked: runtime env read
|
|
332
333
|
✗ python -c "open..." → Blocked: sensitive file
|
|
333
334
|
✗ jq . secrets/app.json → Blocked: matches glob "secrets/**"
|
|
334
335
|
```
|
package/assets/permissions.json
CHANGED
|
@@ -19,6 +19,9 @@
|
|
|
19
19
|
"tail *.env*": "deny",
|
|
20
20
|
"grep * .env*": "deny",
|
|
21
21
|
"echo $*": "deny",
|
|
22
|
+
"python*getenv*": "deny",
|
|
23
|
+
"python*os.environ*": "deny",
|
|
24
|
+
"node*process.env*": "deny",
|
|
22
25
|
"printenv*": "deny",
|
|
23
26
|
"env": "deny",
|
|
24
27
|
"export -p": "deny",
|
|
@@ -65,6 +68,9 @@
|
|
|
65
68
|
"tail *.env*": "deny",
|
|
66
69
|
"grep * .env*": "deny",
|
|
67
70
|
"echo $*": "deny",
|
|
71
|
+
"python*getenv*": "deny",
|
|
72
|
+
"python*os.environ*": "deny",
|
|
73
|
+
"node*process.env*": "deny",
|
|
68
74
|
"printenv*": "deny",
|
|
69
75
|
"env": "deny",
|
|
70
76
|
"env *": "deny",
|
|
@@ -142,6 +148,9 @@
|
|
|
142
148
|
"cat *.env*": "deny",
|
|
143
149
|
"printenv*": "deny",
|
|
144
150
|
"echo $*": "deny",
|
|
151
|
+
"python*getenv*": "deny",
|
|
152
|
+
"python*os.environ*": "deny",
|
|
153
|
+
"node*process.env*": "deny",
|
|
145
154
|
"env": "deny",
|
|
146
155
|
"docker *": "allow",
|
|
147
156
|
"npm *": "allow",
|
package/dist/config.d.ts
CHANGED
|
@@ -7,6 +7,11 @@
|
|
|
7
7
|
* 3. .opencode/varlock.config.json
|
|
8
8
|
* 4. Programmatic options passed to createVarlockPlugin()
|
|
9
9
|
*/
|
|
10
|
+
export type ConfigLogger = (input: {
|
|
11
|
+
level: "debug" | "info" | "warn" | "error";
|
|
12
|
+
message: string;
|
|
13
|
+
extra?: Record<string, unknown>;
|
|
14
|
+
}) => void | Promise<void>;
|
|
10
15
|
export type GuardConfig = {
|
|
11
16
|
enabled: boolean;
|
|
12
17
|
sensitivePatterns: string[];
|
|
@@ -31,7 +36,7 @@ export type PluginConfig = {
|
|
|
31
36
|
varlock: VarlockConfig;
|
|
32
37
|
};
|
|
33
38
|
export declare const DEFAULT_CONFIG: PluginConfig;
|
|
34
|
-
export declare function loadConfig(cwd: string, overrides?: DeepPartial<PluginConfig
|
|
39
|
+
export declare function loadConfig(cwd: string, overrides?: DeepPartial<PluginConfig>, logger?: ConfigLogger): PluginConfig;
|
|
35
40
|
type DeepPartial<T> = {
|
|
36
41
|
[K in keyof T]?: T[K] extends object ? DeepPartial<T[K]> : T[K];
|
|
37
42
|
};
|
package/dist/config.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../src/config.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAKH,MAAM,MAAM,WAAW,GAAG;IACxB,OAAO,EAAE,OAAO,CAAA;IAChB,iBAAiB,EAAE,MAAM,EAAE,CAAA;IAC3B,cAAc,EAAE,MAAM,EAAE,CAAA;IACxB,gBAAgB,EAAE,MAAM,EAAE,CAAA;IAC1B,gBAAgB,EAAE,MAAM,EAAE,CAAA;IAC1B,iBAAiB,EAAE,MAAM,EAAE,CAAA;CAC5B,CAAA;AAED,MAAM,MAAM,SAAS,GAAG;IACtB,OAAO,EAAE,OAAO,CAAA;IAChB,WAAW,EAAE,MAAM,CAAA;CACpB,CAAA;AAED,MAAM,MAAM,aAAa,GAAG;IAC1B,OAAO,EAAE,OAAO,CAAA;IAChB,UAAU,EAAE,OAAO,CAAA;IACnB,OAAO,EAAE,MAAM,CAAA;IACf,SAAS,EAAE,MAAM,CAAA;CAClB,CAAA;AAED,MAAM,MAAM,YAAY,GAAG;IACzB,KAAK,EAAE,WAAW,CAAA;IAClB,GAAG,EAAE,SAAS,CAAA;IACd,OAAO,EAAE,aAAa,CAAA;CACvB,CAAA;AAED,eAAO,MAAM,cAAc,EAAE,YAqC5B,CAAA;AAOD,wBAAgB,UAAU,CACxB,GAAG,EAAE,MAAM,EACX,SAAS,GAAE,WAAW,CAAC,YAAY,CAAM,
|
|
1
|
+
{"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../src/config.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAKH,MAAM,MAAM,YAAY,GAAG,CAAC,KAAK,EAAE;IACjC,KAAK,EAAE,OAAO,GAAG,MAAM,GAAG,MAAM,GAAG,OAAO,CAAA;IAC1C,OAAO,EAAE,MAAM,CAAA;IACf,KAAK,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAA;CAChC,KAAK,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAAA;AAE1B,MAAM,MAAM,WAAW,GAAG;IACxB,OAAO,EAAE,OAAO,CAAA;IAChB,iBAAiB,EAAE,MAAM,EAAE,CAAA;IAC3B,cAAc,EAAE,MAAM,EAAE,CAAA;IACxB,gBAAgB,EAAE,MAAM,EAAE,CAAA;IAC1B,gBAAgB,EAAE,MAAM,EAAE,CAAA;IAC1B,iBAAiB,EAAE,MAAM,EAAE,CAAA;CAC5B,CAAA;AAED,MAAM,MAAM,SAAS,GAAG;IACtB,OAAO,EAAE,OAAO,CAAA;IAChB,WAAW,EAAE,MAAM,CAAA;CACpB,CAAA;AAED,MAAM,MAAM,aAAa,GAAG;IAC1B,OAAO,EAAE,OAAO,CAAA;IAChB,UAAU,EAAE,OAAO,CAAA;IACnB,OAAO,EAAE,MAAM,CAAA;IACf,SAAS,EAAE,MAAM,CAAA;CAClB,CAAA;AAED,MAAM,MAAM,YAAY,GAAG;IACzB,KAAK,EAAE,WAAW,CAAA;IAClB,GAAG,EAAE,SAAS,CAAA;IACd,OAAO,EAAE,aAAa,CAAA;CACvB,CAAA;AAED,eAAO,MAAM,cAAc,EAAE,YAqC5B,CAAA;AAOD,wBAAgB,UAAU,CACxB,GAAG,EAAE,MAAM,EACX,SAAS,GAAE,WAAW,CAAC,YAAY,CAAM,EACzC,MAAM,CAAC,EAAE,YAAY,GACpB,YAAY,CAyCd;AAED,KAAK,WAAW,CAAC,CAAC,IAAI;KACnB,CAAC,IAAI,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,SAAS,MAAM,GAAG,WAAW,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;CAChE,CAAA;AAED,wBAAgB,SAAS,CAAC,CAAC,SAAS,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,EACrD,MAAM,EAAE,CAAC,EACT,MAAM,EAAE,WAAW,CAAC,CAAC,CAAC,GACrB,CAAC,CAyBH;AAED,YAAY,EAAE,WAAW,EAAE,CAAA"}
|
package/dist/config.js
CHANGED
|
@@ -51,7 +51,7 @@ const CONFIG_FILENAMES = [
|
|
|
51
51
|
"varlock.config.json",
|
|
52
52
|
".opencode/varlock.config.json",
|
|
53
53
|
];
|
|
54
|
-
export function loadConfig(cwd, overrides = {}) {
|
|
54
|
+
export function loadConfig(cwd, overrides = {}, logger) {
|
|
55
55
|
let merged = structuredClone(DEFAULT_CONFIG);
|
|
56
56
|
for (const filename of CONFIG_FILENAMES) {
|
|
57
57
|
const filepath = resolve(cwd, filename);
|
|
@@ -62,10 +62,21 @@ export function loadConfig(cwd, overrides = {}) {
|
|
|
62
62
|
delete parsed.$schema;
|
|
63
63
|
delete parsed.$comment;
|
|
64
64
|
merged = deepMerge(merged, parsed);
|
|
65
|
-
|
|
65
|
+
logger?.({
|
|
66
|
+
level: "info",
|
|
67
|
+
message: "loaded config",
|
|
68
|
+
extra: { filepath },
|
|
69
|
+
});
|
|
66
70
|
}
|
|
67
71
|
catch (err) {
|
|
68
|
-
|
|
72
|
+
logger?.({
|
|
73
|
+
level: "warn",
|
|
74
|
+
message: "failed to parse config",
|
|
75
|
+
extra: {
|
|
76
|
+
filepath,
|
|
77
|
+
error: err instanceof Error ? err.message : String(err),
|
|
78
|
+
},
|
|
79
|
+
});
|
|
69
80
|
}
|
|
70
81
|
}
|
|
71
82
|
}
|
package/dist/config.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"config.js","sourceRoot":"","sources":["../src/config.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,EAAE,UAAU,EAAE,YAAY,EAAE,MAAM,IAAI,CAAA;AAC7C,OAAO,EAAE,UAAU,EAAE,OAAO,EAAE,MAAM,MAAM,CAAA;
|
|
1
|
+
{"version":3,"file":"config.js","sourceRoot":"","sources":["../src/config.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,EAAE,UAAU,EAAE,YAAY,EAAE,MAAM,IAAI,CAAA;AAC7C,OAAO,EAAE,UAAU,EAAE,OAAO,EAAE,MAAM,MAAM,CAAA;AAmC1C,MAAM,CAAC,MAAM,cAAc,GAAiB;IAC1C,KAAK,EAAE;QACL,OAAO,EAAE,IAAI;QACb,iBAAiB,EAAE;YACjB,MAAM;YACN,SAAS;YACT,MAAM;YACN,MAAM;YACN,aAAa;YACb,SAAS;SACV;QACD,cAAc,EAAE;YACd,SAAS;YACT,WAAW;YACX,eAAe;YACf,oBAAoB;YACpB,UAAU;YACV,UAAU;YACV,gBAAgB;YAChB,kBAAkB;YAClB,YAAY;YACZ,YAAY;SACb;QACD,gBAAgB,EAAE,EAAE;QACpB,gBAAgB,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC;QAClD,iBAAiB,EAAE,CAAC,OAAO,EAAE,MAAM,CAAC;KACrC;IACD,GAAG,EAAE;QACH,OAAO,EAAE,IAAI;QACb,WAAW,EAAE,GAAG;KACjB;IACD,OAAO,EAAE;QACP,OAAO,EAAE,KAAK;QACd,UAAU,EAAE,IAAI;QAChB,OAAO,EAAE,SAAS;QAClB,SAAS,EAAE,KAAK;KACjB;CACF,CAAA;AAED,MAAM,gBAAgB,GAAG;IACvB,qBAAqB;IACrB,+BAA+B;CAChC,CAAA;AAED,MAAM,UAAU,UAAU,CACxB,GAAW,EACX,YAAuC,EAAE,EACzC,MAAqB;IAErB,IAAI,MAAM,GAAG,eAAe,CAAC,cAAc,CAAC,CAAA;IAE5C,KAAK,MAAM,QAAQ,IAAI,gBAAgB,EAAE,CAAC;QACxC,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAA;QACvC,IAAI,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;YACzB,IAAI,CAAC;gBACH,MAAM,GAAG,GAAG,YAAY,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAA;gBAC3C,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;gBAE9B,OAAO,MAAM,CAAC,OAAO,CAAA;gBACrB,OAAO,MAAM,CAAC,QAAQ,CAAA;gBAEtB,MAAM,GAAG,SAAS,CAAC,MAAM,EAAE,MAAM,CAAC,CAAA;gBAClC,MAAM,EAAE,CAAC;oBACP,KAAK,EAAE,MAAM;oBACb,OAAO,EAAE,eAAe;oBACxB,KAAK,EAAE,EAAE,QAAQ,EAAE;iBACpB,CAAC,CAAA;YACJ,CAAC;YAAC,OAAO,GAAQ,EAAE,CAAC;gBAClB,MAAM,EAAE,CAAC;oBACP,KAAK,EAAE,MAAM;oBACb,OAAO,EAAE,wBAAwB;oBACjC,KAAK,EAAE;wBACL,QAAQ;wBACR,KAAK,EAAE,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC;qBACxD;iBACF,CAAC,CAAA;YACJ,CAAC;QACH,CAAC;IACH,CAAC;IAED,MAAM,GAAG,SAAS,CAAC,MAAM,EAAE,SAAgB,CAAC,CAAA;IAE5C,IAAI,MAAM,CAAC,GAAG,CAAC,WAAW,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,GAAG,CAAC,WAAW,CAAC,EAAE,CAAC;QAClE,MAAM,CAAC,GAAG,CAAC,WAAW,GAAG,OAAO,CAAC,GAAG,EAAE,MAAM,CAAC,GAAG,CAAC,WAAW,CAAC,CAAA;IAC/D,CAAC;SAAM,IAAI,MAAM,CAAC,GAAG,CAAC,WAAW,EAAE,CAAC;QAClC,MAAM,CAAC,GAAG,CAAC,WAAW,GAAG,OAAO,CAAC,MAAM,CAAC,GAAG,CAAC,WAAW,CAAC,CAAA;IAC1D,CAAC;IAED,OAAO,MAAM,CAAA;AACf,CAAC;AAMD,MAAM,UAAU,SAAS,CACvB,MAAS,EACT,MAAsB;IAEtB,MAAM,MAAM,GAAG,EAAE,GAAG,MAAM,EAAE,CAAA;IAE5B,KAAK,MAAM,GAAG,IAAI,MAAM,CAAC,IAAI,CAAC,MAAM,CAAmB,EAAE,CAAC;QACxD,MAAM,MAAM,GAAG,MAAM,CAAC,GAAG,CAAC,CAAA;QAC1B,IAAI,MAAM,KAAK,SAAS,IAAI,MAAM,KAAK,IAAI;YAAE,SAAQ;QAErD,IAAI,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC;YAC1B,CAAC;YAAC,MAAc,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,MAAM,CAAC,CAAA;QACrC,CAAC;aAAM,IACL,OAAO,MAAM,KAAK,QAAQ;YAC1B,CAAC,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC;YACtB,OAAO,MAAM,CAAC,GAAG,CAAC,KAAK,QAAQ;YAC/B,CAAC,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,EAC3B,CAAC;YACD,CAAC;YAAC,MAAc,CAAC,GAAG,CAAC,GAAG,SAAS,CAC/B,MAAM,CAAC,GAAG,CAAwB,EAClC,MAA6B,CAC9B,CAAA;QACH,CAAC;aAAM,CAAC;YACN,CAAC;YAAC,MAAc,CAAC,GAAG,CAAC,GAAG,MAAM,CAAA;QAChC,CAAC;IACH,CAAC;IAED,OAAO,MAAM,CAAA;AACf,CAAC"}
|
package/dist/guard.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"guard.d.ts","sourceRoot":"","sources":["../src/guard.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,aAAa,CAAA;AAE9C,YAAY,EAAE,WAAW,EAAE,MAAM,aAAa,CAAA;
|
|
1
|
+
{"version":3,"file":"guard.d.ts","sourceRoot":"","sources":["../src/guard.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,aAAa,CAAA;AAE9C,YAAY,EAAE,WAAW,EAAE,MAAM,aAAa,CAAA;AA0C9C,KAAK,SAAS,GAAG;IAAE,IAAI,EAAE,MAAM,CAAA;CAAE,CAAA;AACjC,KAAK,UAAU,GAAG;IAAE,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAA;CAAE,CAAA;AAe/C,wBAAgB,cAAc,CAC5B,MAAM,EAAE,WAAW,GAClB,CAAC,KAAK,EAAE,SAAS,EAAE,MAAM,EAAE,UAAU,KAAK,OAAO,CAAC,IAAI,CAAC,CAwFzD;AAsBD,wBAAgB,WAAW,CAAC,IAAI,EAAE,MAAM,GAAG,MAAM,CAuChD"}
|
package/dist/guard.js
CHANGED
|
@@ -23,6 +23,10 @@ const BUILTIN_BASH_DENY = [
|
|
|
23
23
|
"declare -x",
|
|
24
24
|
"process.env",
|
|
25
25
|
"os.environ",
|
|
26
|
+
"os.getenv(",
|
|
27
|
+
"getenv(",
|
|
28
|
+
"system.getenv(",
|
|
29
|
+
"deno.env.get(",
|
|
26
30
|
"dotenv",
|
|
27
31
|
"source .env",
|
|
28
32
|
". .env",
|
|
@@ -37,6 +41,17 @@ const BUILTIN_BASH_DENY = [
|
|
|
37
41
|
"curl.*env",
|
|
38
42
|
"wget.*env",
|
|
39
43
|
];
|
|
44
|
+
const ENV_VALUE_READ_PATTERNS = [
|
|
45
|
+
/\bpython\d*\b[\s\S]*\bos\.getenv\s*\(/i,
|
|
46
|
+
/\bpython\d*\b[\s\S]*\bos\.environ(?:\s*\[|\s*\.get\s*\()/i,
|
|
47
|
+
/\bnode\b[\s\S]*\bprocess\.env(?:\.[a-zA-Z_][a-zA-Z0-9_]*|\s*\[)/i,
|
|
48
|
+
/\bbun\b[\s\S]*\bprocess\.env(?:\.[a-zA-Z_][a-zA-Z0-9_]*|\s*\[)/i,
|
|
49
|
+
/\bdeno\b[\s\S]*\bDeno\.env\.get\s*\(/i,
|
|
50
|
+
/\bruby\b[\s\S]*\bENV(?:\s*\[|\.fetch\s*\()/i,
|
|
51
|
+
/\bphp\b[\s\S]*\bgetenv\s*\(/i,
|
|
52
|
+
/\bjava\b[\s\S]*\bSystem\.getenv\s*\(/i,
|
|
53
|
+
/\bperl\b[\s\S]*\bENV\s*\{/i,
|
|
54
|
+
];
|
|
40
55
|
export function createEnvGuard(config) {
|
|
41
56
|
const { sensitivePatterns, sensitiveGlobs, bashDenyPatterns, blockedReadTools, blockedWriteTools, } = config;
|
|
42
57
|
const bashDeny = [...BUILTIN_BASH_DENY, ...bashDenyPatterns];
|
|
@@ -61,7 +76,14 @@ export function createEnvGuard(config) {
|
|
|
61
76
|
}
|
|
62
77
|
}
|
|
63
78
|
if (input.tool === "bash") {
|
|
64
|
-
const
|
|
79
|
+
const rawCommand = String(args.command ?? "");
|
|
80
|
+
const cmd = rawCommand.toLowerCase();
|
|
81
|
+
for (const pattern of ENV_VALUE_READ_PATTERNS) {
|
|
82
|
+
if (pattern.test(rawCommand)) {
|
|
83
|
+
throw new Error(`[varlock] Blocked: bash command appears to read environment variable values at runtime. ` +
|
|
84
|
+
`Use the load_env or load_secrets tool instead.`);
|
|
85
|
+
}
|
|
86
|
+
}
|
|
65
87
|
for (const pattern of bashDeny) {
|
|
66
88
|
if (cmd.includes(pattern.toLowerCase())) {
|
|
67
89
|
throw new Error(`[varlock] Blocked: bash command matches deny pattern "${pattern}". ` +
|
|
@@ -70,13 +92,13 @@ export function createEnvGuard(config) {
|
|
|
70
92
|
}
|
|
71
93
|
for (const sp of sensitivePatterns) {
|
|
72
94
|
const fileAccessRe = new RegExp(`(cat|less|more|head|tail|bat|vim?|nano|code|type|get-content|select-string)\\s+\\S*${escapeRegex(sp)}`, "i");
|
|
73
|
-
if (fileAccessRe.test(
|
|
95
|
+
if (fileAccessRe.test(rawCommand)) {
|
|
74
96
|
throw new Error(`[varlock] Blocked: bash command appears to read a sensitive file (*${sp}*). ` +
|
|
75
97
|
`Use the load_env or load_secrets tool instead.`);
|
|
76
98
|
}
|
|
77
99
|
}
|
|
78
100
|
if (compiledGlobs.length > 0) {
|
|
79
|
-
const tokens = extractPathTokens(
|
|
101
|
+
const tokens = extractPathTokens(rawCommand);
|
|
80
102
|
for (const token of tokens) {
|
|
81
103
|
for (const { source, regex } of compiledGlobs) {
|
|
82
104
|
if (regex.test(token)) {
|
package/dist/guard.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"guard.js","sourceRoot":"","sources":["../src/guard.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAMH,MAAM,iBAAiB,GAAG;IACxB,UAAU;IACV,WAAW;IACX,WAAW;IACX,WAAW;IACX,WAAW;IACX,UAAU;IACV,WAAW;IACX,UAAU;IACV,SAAS;IACT,WAAW;IACX,UAAU;IACV,QAAQ;IACR,SAAS;IACT,eAAe;IACf,OAAO;IACP,OAAO;IACP,WAAW;IACX,YAAY;IACZ,aAAa;IACb,YAAY;IACZ,QAAQ;IACR,aAAa;IACb,QAAQ;IACR,QAAQ;IACR,WAAW;IACX,SAAS;IACT,SAAS;IACT,UAAU;IACV,mBAAmB;IACnB,sBAAsB;IACtB,sBAAsB;IACtB,WAAW;IACX,WAAW;CACZ,CAAA;AAMD,MAAM,UAAU,cAAc,CAC5B,MAAmB;IAEnB,MAAM,EACJ,iBAAiB,EACjB,cAAc,EACd,gBAAgB,EAChB,gBAAgB,EAChB,iBAAiB,GAClB,GAAG,MAAM,CAAA;IAEV,MAAM,QAAQ,GAAG,CAAC,GAAG,iBAAiB,EAAE,GAAG,gBAAgB,CAAC,CAAA;IAC5D,MAAM,aAAa,GAAG,cAAc,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;QAC/C,MAAM,EAAE,CAAC;QACT,KAAK,EAAE,WAAW,CAAC,CAAC,CAAC;KACtB,CAAC,CAAC,CAAA;IAEH,OAAO,KAAK,EAAE,KAAgB,EAAE,MAAkB,EAAE,EAAE;QACpD,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,CAAA;QAExB,IAAI,gBAAgB,CAAC,QAAQ,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC;YAC1C,MAAM,MAAM,GAAG,IAAI,CAAC,QAAQ,IAAI,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,OAAO,IAAI,IAAI,CAAC,IAAI,IAAI,EAAE,CAAA;YAC5E,IAAI,MAAM,IAAI,WAAW,CAAC,MAAM,EAAE,iBAAiB,EAAE,aAAa,CAAC,EAAE,CAAC;gBACpE,MAAM,IAAI,KAAK,CACb,4CAA4C,MAAM,KAAK;oBACrD,gDAAgD,CACnD,CAAA;YACH,CAAC;QACH,CAAC;QAED,IAAI,iBAAiB,CAAC,QAAQ,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC;YAC3C,MAAM,MAAM,GAAG,IAAI,CAAC,QAAQ,IAAI,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,IAAI,IAAI,EAAE,CAAA;YAC5D,IAAI,MAAM,IAAI,WAAW,CAAC,MAAM,EAAE,iBAAiB,EAAE,aAAa,CAAC,EAAE,CAAC;gBACpE,MAAM,IAAI,KAAK,CACb,uCAAuC,MAAM,KAAK;oBAChD,qDAAqD,CACxD,CAAA;YACH,CAAC;QACH,CAAC;QAED,IAAI,KAAK,CAAC,IAAI,KAAK,MAAM,EAAE,CAAC;YAC1B,MAAM,
|
|
1
|
+
{"version":3,"file":"guard.js","sourceRoot":"","sources":["../src/guard.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAMH,MAAM,iBAAiB,GAAG;IACxB,UAAU;IACV,WAAW;IACX,WAAW;IACX,WAAW;IACX,WAAW;IACX,UAAU;IACV,WAAW;IACX,UAAU;IACV,SAAS;IACT,WAAW;IACX,UAAU;IACV,QAAQ;IACR,SAAS;IACT,eAAe;IACf,OAAO;IACP,OAAO;IACP,WAAW;IACX,YAAY;IACZ,aAAa;IACb,YAAY;IACZ,YAAY;IACZ,SAAS;IACT,gBAAgB;IAChB,eAAe;IACf,QAAQ;IACR,aAAa;IACb,QAAQ;IACR,QAAQ;IACR,WAAW;IACX,SAAS;IACT,SAAS;IACT,UAAU;IACV,mBAAmB;IACnB,sBAAsB;IACtB,sBAAsB;IACtB,WAAW;IACX,WAAW;CACZ,CAAA;AAMD,MAAM,uBAAuB,GAAG;IAC9B,wCAAwC;IACxC,2DAA2D;IAC3D,kEAAkE;IAClE,iEAAiE;IACjE,uCAAuC;IACvC,6CAA6C;IAC7C,8BAA8B;IAC9B,uCAAuC;IACvC,4BAA4B;CAC7B,CAAA;AAED,MAAM,UAAU,cAAc,CAC5B,MAAmB;IAEnB,MAAM,EACJ,iBAAiB,EACjB,cAAc,EACd,gBAAgB,EAChB,gBAAgB,EAChB,iBAAiB,GAClB,GAAG,MAAM,CAAA;IAEV,MAAM,QAAQ,GAAG,CAAC,GAAG,iBAAiB,EAAE,GAAG,gBAAgB,CAAC,CAAA;IAC5D,MAAM,aAAa,GAAG,cAAc,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;QAC/C,MAAM,EAAE,CAAC;QACT,KAAK,EAAE,WAAW,CAAC,CAAC,CAAC;KACtB,CAAC,CAAC,CAAA;IAEH,OAAO,KAAK,EAAE,KAAgB,EAAE,MAAkB,EAAE,EAAE;QACpD,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,CAAA;QAExB,IAAI,gBAAgB,CAAC,QAAQ,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC;YAC1C,MAAM,MAAM,GAAG,IAAI,CAAC,QAAQ,IAAI,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,OAAO,IAAI,IAAI,CAAC,IAAI,IAAI,EAAE,CAAA;YAC5E,IAAI,MAAM,IAAI,WAAW,CAAC,MAAM,EAAE,iBAAiB,EAAE,aAAa,CAAC,EAAE,CAAC;gBACpE,MAAM,IAAI,KAAK,CACb,4CAA4C,MAAM,KAAK;oBACrD,gDAAgD,CACnD,CAAA;YACH,CAAC;QACH,CAAC;QAED,IAAI,iBAAiB,CAAC,QAAQ,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC;YAC3C,MAAM,MAAM,GAAG,IAAI,CAAC,QAAQ,IAAI,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,IAAI,IAAI,EAAE,CAAA;YAC5D,IAAI,MAAM,IAAI,WAAW,CAAC,MAAM,EAAE,iBAAiB,EAAE,aAAa,CAAC,EAAE,CAAC;gBACpE,MAAM,IAAI,KAAK,CACb,uCAAuC,MAAM,KAAK;oBAChD,qDAAqD,CACxD,CAAA;YACH,CAAC;QACH,CAAC;QAED,IAAI,KAAK,CAAC,IAAI,KAAK,MAAM,EAAE,CAAC;YAC1B,MAAM,UAAU,GAAG,MAAM,CAAC,IAAI,CAAC,OAAO,IAAI,EAAE,CAAC,CAAA;YAC7C,MAAM,GAAG,GAAG,UAAU,CAAC,WAAW,EAAE,CAAA;YAEpC,KAAK,MAAM,OAAO,IAAI,uBAAuB,EAAE,CAAC;gBAC9C,IAAI,OAAO,CAAC,IAAI,CAAC,UAAU,CAAC,EAAE,CAAC;oBAC7B,MAAM,IAAI,KAAK,CACb,0FAA0F;wBACxF,gDAAgD,CACnD,CAAA;gBACH,CAAC;YACH,CAAC;YAED,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;gBAC/B,IAAI,GAAG,CAAC,QAAQ,CAAC,OAAO,CAAC,WAAW,EAAE,CAAC,EAAE,CAAC;oBACxC,MAAM,IAAI,KAAK,CACb,yDAAyD,OAAO,KAAK;wBACnE,0DAA0D,CAC7D,CAAA;gBACH,CAAC;YACH,CAAC;YAED,KAAK,MAAM,EAAE,IAAI,iBAAiB,EAAE,CAAC;gBACnC,MAAM,YAAY,GAAG,IAAI,MAAM,CAC7B,sFAAsF,WAAW,CAAC,EAAE,CAAC,EAAE,EACvG,GAAG,CACJ,CAAA;gBACD,IAAI,YAAY,CAAC,IAAI,CAAC,UAAU,CAAC,EAAE,CAAC;oBAClC,MAAM,IAAI,KAAK,CACb,sEAAsE,EAAE,MAAM;wBAC5E,gDAAgD,CACnD,CAAA;gBACH,CAAC;YACH,CAAC;YAED,IAAI,aAAa,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBAC7B,MAAM,MAAM,GAAG,iBAAiB,CAAC,UAAU,CAAC,CAAA;gBAC5C,KAAK,MAAM,KAAK,IAAI,MAAM,EAAE,CAAC;oBAC3B,KAAK,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,IAAI,aAAa,EAAE,CAAC;wBAC9C,IAAI,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;4BACtB,MAAM,IAAI,KAAK,CACb,+CAA+C,KAAK,yBAAyB,MAAM,KAAK;gCACtF,gDAAgD,CACnD,CAAA;wBACH,CAAC;oBACH,CAAC;gBACH,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC,CAAA;AACH,CAAC;AAED,SAAS,WAAW,CAClB,IAAY,EACZ,QAAkB,EAClB,KAAqB;IAErB,MAAM,KAAK,GAAG,IAAI,CAAC,WAAW,EAAE,CAAA;IAEhC,IAAI,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC,EAAE,CAAC;QAC1D,OAAO,IAAI,CAAA;IACb,CAAC;IAED,KAAK,MAAM,EAAE,KAAK,EAAE,IAAI,KAAK,EAAE,CAAC;QAC9B,IAAI,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;YAC1C,OAAO,IAAI,CAAA;QACb,CAAC;IACH,CAAC;IAED,OAAO,KAAK,CAAA;AACd,CAAC;AAED,MAAM,UAAU,WAAW,CAAC,IAAY;IACtC,IAAI,MAAM,GAAG,EAAE,CAAA;IACf,IAAI,CAAC,GAAG,CAAC,CAAA;IAET,OAAO,CAAC,GAAG,IAAI,CAAC,MAAM,EAAE,CAAC;QACvB,MAAM,EAAE,GAAG,IAAI,CAAC,CAAC,CAAC,CAAA;QAElB,IAAI,EAAE,KAAK,GAAG,EAAE,CAAC;YACf,IAAI,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,KAAK,GAAG,EAAE,CAAC;gBACxB,IAAI,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,KAAK,GAAG,EAAE,CAAC;oBACxB,MAAM,IAAI,UAAU,CAAA;oBACpB,CAAC,IAAI,CAAC,CAAA;gBACR,CAAC;qBAAM,CAAC;oBACN,MAAM,IAAI,IAAI,CAAA;oBACd,CAAC,IAAI,CAAC,CAAA;gBACR,CAAC;YACH,CAAC;iBAAM,CAAC;gBACN,MAAM,IAAI,OAAO,CAAA;gBACjB,CAAC,EAAE,CAAA;YACL,CAAC;QACH,CAAC;aAAM,IAAI,EAAE,KAAK,GAAG,EAAE,CAAC;YACtB,MAAM,IAAI,MAAM,CAAA;YAChB,CAAC,EAAE,CAAA;QACL,CAAC;aAAM,IAAI,EAAE,KAAK,GAAG,EAAE,CAAC;YACtB,MAAM,IAAI,KAAK,CAAA;YACf,CAAC,EAAE,CAAA;QACL,CAAC;aAAM,IAAI,EAAE,KAAK,GAAG,IAAI,EAAE,KAAK,IAAI,EAAE,CAAC;YACrC,MAAM,IAAI,SAAS,CAAA;YACnB,CAAC,EAAE,CAAA;QACL,CAAC;aAAM,IAAI,YAAY,CAAC,QAAQ,CAAC,EAAE,CAAC,EAAE,CAAC;YACrC,MAAM,IAAI,IAAI,GAAG,EAAE,CAAA;YACnB,CAAC,EAAE,CAAA;QACL,CAAC;aAAM,CAAC;YACN,MAAM,IAAI,EAAE,CAAA;YACZ,CAAC,EAAE,CAAA;QACL,CAAC;IACH,CAAC;IAED,OAAO,IAAI,MAAM,CAAC,IAAI,MAAM,GAAG,EAAE,GAAG,CAAC,CAAA;AACvC,CAAC;AAED,SAAS,iBAAiB,CAAC,GAAW;IACpC,MAAM,OAAO,GAAG,4DAA4D,CAAA;IAC5E,MAAM,MAAM,GAAa,EAAE,CAAA;IAC3B,IAAI,KAA6B,CAAA;IAEjC,OAAO,CAAC,KAAK,GAAG,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;QAC5C,MAAM,KAAK,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAA;QAC7B,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;YAC/C,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAA;QACpB,CAAC;IACH,CAAC;IAED,OAAO,MAAM,CAAA;AACf,CAAC;AAED,SAAS,WAAW,CAAC,CAAS;IAC5B,OAAO,CAAC,CAAC,OAAO,CAAC,qBAAqB,EAAE,MAAM,CAAC,CAAA;AACjD,CAAC"}
|
package/dist/plugin.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"plugin.d.ts","sourceRoot":"","sources":["../src/plugin.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,MAAM,EAAQ,MAAM,qBAAqB,CAAA;AACvD,OAAO,EAAc,KAAK,YAAY,EAAE,KAAK,WAAW,
|
|
1
|
+
{"version":3,"file":"plugin.d.ts","sourceRoot":"","sources":["../src/plugin.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,MAAM,EAAQ,MAAM,qBAAqB,CAAA;AACvD,OAAO,EAAc,KAAK,YAAY,EAAE,KAAK,WAAW,EAAqB,MAAM,aAAa,CAAA;AAQhG,eAAO,MAAM,aAAa,EAAE,MAE3B,CAAA;AAED,wBAAgB,mBAAmB,CACjC,SAAS,GAAE,WAAW,CAAC,YAAY,CAAM,GACxC,MAAM,CA4ER;AAED,eAAe,aAAa,CAAA"}
|
package/dist/plugin.js
CHANGED
|
@@ -6,16 +6,30 @@ export const VarlockPlugin = async (ctx) => {
|
|
|
6
6
|
return createVarlockPlugin()(ctx);
|
|
7
7
|
};
|
|
8
8
|
export function createVarlockPlugin(overrides = {}) {
|
|
9
|
-
return async ({ $, project, directory }) => {
|
|
9
|
+
return async ({ $, client, project, directory }) => {
|
|
10
10
|
const cwd = directory ?? process.cwd();
|
|
11
|
-
const
|
|
11
|
+
const log = async ({ level, message, extra }) => {
|
|
12
|
+
await client.app.log({
|
|
13
|
+
body: {
|
|
14
|
+
service: "opencode-varlock",
|
|
15
|
+
level,
|
|
16
|
+
message,
|
|
17
|
+
extra,
|
|
18
|
+
},
|
|
19
|
+
});
|
|
20
|
+
};
|
|
21
|
+
const config = loadConfig(cwd, overrides, log);
|
|
12
22
|
let varlockAvailable = config.varlock.enabled;
|
|
13
23
|
if (!varlockAvailable && config.varlock.autoDetect) {
|
|
14
24
|
try {
|
|
15
25
|
const result = await $ `which ${config.varlock.command}`.quiet();
|
|
16
26
|
varlockAvailable = result.exitCode === 0;
|
|
17
27
|
if (varlockAvailable) {
|
|
18
|
-
|
|
28
|
+
await log({
|
|
29
|
+
level: "info",
|
|
30
|
+
message: "auto-detected varlock cli",
|
|
31
|
+
extra: { command: config.varlock.command },
|
|
32
|
+
});
|
|
19
33
|
}
|
|
20
34
|
}
|
|
21
35
|
catch {
|
|
@@ -42,7 +56,14 @@ export function createVarlockPlugin(overrides = {}) {
|
|
|
42
56
|
const guardStatus = config.guard.enabled
|
|
43
57
|
? `${config.guard.sensitivePatterns.length} patterns, ${config.guard.sensitiveGlobs.length} globs`
|
|
44
58
|
: "disabled";
|
|
45
|
-
|
|
59
|
+
await log({
|
|
60
|
+
level: "info",
|
|
61
|
+
message: "session created",
|
|
62
|
+
extra: {
|
|
63
|
+
sources: sources.join(", ") || "none",
|
|
64
|
+
guard: guardStatus,
|
|
65
|
+
},
|
|
66
|
+
});
|
|
46
67
|
}
|
|
47
68
|
},
|
|
48
69
|
};
|
package/dist/plugin.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"plugin.js","sourceRoot":"","sources":["../src/plugin.ts"],"names":[],"mappings":"AAAA,OAAO,EAAe,IAAI,EAAE,MAAM,qBAAqB,CAAA;AACvD,OAAO,EAAE,UAAU,
|
|
1
|
+
{"version":3,"file":"plugin.js","sourceRoot":"","sources":["../src/plugin.ts"],"names":[],"mappings":"AAAA,OAAO,EAAe,IAAI,EAAE,MAAM,qBAAqB,CAAA;AACvD,OAAO,EAAE,UAAU,EAA0D,MAAM,aAAa,CAAA;AAChG,OAAO,EAAE,cAAc,EAAE,MAAM,YAAY,CAAA;AAC3C,OAAO,EACL,iBAAiB,EACjB,qBAAqB,EACrB,sBAAsB,GACvB,MAAM,YAAY,CAAA;AAEnB,MAAM,CAAC,MAAM,aAAa,GAAW,KAAK,EAAE,GAAG,EAAE,EAAE;IACjD,OAAO,mBAAmB,EAAE,CAAC,GAAG,CAAC,CAAA;AACnC,CAAC,CAAA;AAED,MAAM,UAAU,mBAAmB,CACjC,YAAuC,EAAE;IAEzC,OAAO,KAAK,EAAE,EAAE,CAAC,EAAE,MAAM,EAAE,OAAO,EAAE,SAAS,EAAE,EAAE,EAAE;QACjD,MAAM,GAAG,GAAG,SAAS,IAAI,OAAO,CAAC,GAAG,EAAE,CAAA;QAEtC,MAAM,GAAG,GAAiB,KAAK,EAAE,EAAE,KAAK,EAAE,OAAO,EAAE,KAAK,EAAE,EAAE,EAAE;YAC5D,MAAM,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC;gBACnB,IAAI,EAAE;oBACJ,OAAO,EAAE,kBAAkB;oBAC3B,KAAK;oBACL,OAAO;oBACP,KAAK;iBACN;aACF,CAAC,CAAA;QACJ,CAAC,CAAA;QAED,MAAM,MAAM,GAAG,UAAU,CAAC,GAAG,EAAE,SAAS,EAAE,GAAG,CAAC,CAAA;QAE9C,IAAI,gBAAgB,GAAG,MAAM,CAAC,OAAO,CAAC,OAAO,CAAA;QAC7C,IAAI,CAAC,gBAAgB,IAAI,MAAM,CAAC,OAAO,CAAC,UAAU,EAAE,CAAC;YACnD,IAAI,CAAC;gBACH,MAAM,MAAM,GAAG,MAAM,CAAC,CAAA,SAAS,MAAM,CAAC,OAAO,CAAC,OAAO,EAAE,CAAC,KAAK,EAAE,CAAA;gBAC/D,gBAAgB,GAAG,MAAM,CAAC,QAAQ,KAAK,CAAC,CAAA;gBACxC,IAAI,gBAAgB,EAAE,CAAC;oBACrB,MAAM,GAAG,CAAC;wBACR,KAAK,EAAE,MAAM;wBACb,OAAO,EAAE,2BAA2B;wBACpC,KAAK,EAAE,EAAE,OAAO,EAAE,MAAM,CAAC,OAAO,CAAC,OAAO,EAAE;qBAC3C,CAAC,CAAA;gBACJ,CAAC;YACH,CAAC;YAAC,MAAM,CAAC;gBACP,gBAAgB,GAAG,KAAK,CAAA;YAC1B,CAAC;QACH,CAAC;QAED,MAAM,KAAK,GAA4C,EAAE,CAAA;QAEzD,IAAI,MAAM,CAAC,GAAG,CAAC,OAAO,EAAE,CAAC;YACvB,KAAK,CAAC,QAAQ,GAAG,iBAAiB,CAAC,MAAM,CAAC,GAAG,CAAC,CAAA;QAChD,CAAC;QAED,IAAI,gBAAgB,EAAE,CAAC;YACrB,KAAK,CAAC,YAAY,GAAG,qBAAqB,CAAC,CAAC,EAAE,MAAM,CAAC,OAAO,CAAC,CAAA;YAC7D,KAAK,CAAC,aAAa,GAAG,sBAAsB,CAAC,CAAC,EAAE,MAAM,CAAC,OAAO,CAAC,CAAA;QACjE,CAAC;QAED,MAAM,UAAU,GAAwB;YACtC,IAAI,EAAE,KAAK;YAEX,KAAK,EAAE,KAAK,EAAE,EAAE,KAAK,EAA+B,EAAE,EAAE;gBACtD,IAAI,KAAK,CAAC,IAAI,KAAK,iBAAiB,EAAE,CAAC;oBACrC,MAAM,OAAO,GAAa,EAAE,CAAA;oBAC5B,IAAI,MAAM,CAAC,GAAG,CAAC,OAAO;wBAAE,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,CAAA;oBAC5C,IAAI,gBAAgB;wBAAE,OAAO,CAAC,IAAI,CAAC,YAAY,MAAM,CAAC,OAAO,CAAC,OAAO,GAAG,CAAC,CAAA;oBAEzE,MAAM,WAAW,GAAG,MAAM,CAAC,KAAK,CAAC,OAAO;wBACtC,CAAC,CAAC,GAAG,MAAM,CAAC,KAAK,CAAC,iBAAiB,CAAC,MAAM,cAAc,MAAM,CAAC,KAAK,CAAC,cAAc,CAAC,MAAM,QAAQ;wBAClG,CAAC,CAAC,UAAU,CAAA;oBAEd,MAAM,GAAG,CAAC;wBACR,KAAK,EAAE,MAAM;wBACb,OAAO,EAAE,iBAAiB;wBAC1B,KAAK,EAAE;4BACL,OAAO,EAAE,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,MAAM;4BACrC,KAAK,EAAE,WAAW;yBACnB;qBACF,CAAC,CAAA;gBACJ,CAAC;YACH,CAAC;SACF,CAAA;QAED,IAAI,MAAM,CAAC,KAAK,CAAC,OAAO,EAAE,CAAC;YACzB,UAAU,CAAC,qBAAqB,CAAC,GAAG,cAAc,CAAC,MAAM,CAAC,KAAK,CAAC,CAAA;QAClE,CAAC;QAED,OAAO,UAAU,CAAA;IACnB,CAAC,CAAA;AACH,CAAC;AAED,eAAe,aAAa,CAAA"}
|