opensip-cli 0.1.7 → 0.1.9
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/bootstrap/admit-tool-package.d.ts +51 -11
- package/dist/bootstrap/admit-tool-package.d.ts.map +1 -1
- package/dist/bootstrap/admit-tool-package.js +46 -12
- package/dist/bootstrap/admit-tool-package.js.map +1 -1
- package/dist/bootstrap/baseline-seams.js +1 -1
- package/dist/bootstrap/baseline-seams.js.map +1 -1
- package/dist/bootstrap/bind-external-dispatch.d.ts +36 -0
- package/dist/bootstrap/bind-external-dispatch.d.ts.map +1 -0
- package/dist/bootstrap/bind-external-dispatch.js +81 -0
- package/dist/bootstrap/bind-external-dispatch.js.map +1 -0
- package/dist/bootstrap/build-command-registration-input.d.ts +13 -2
- package/dist/bootstrap/build-command-registration-input.d.ts.map +1 -1
- package/dist/bootstrap/build-command-registration-input.js +29 -2
- package/dist/bootstrap/build-command-registration-input.js.map +1 -1
- package/dist/bootstrap/build-per-run-scope.d.ts.map +1 -1
- package/dist/bootstrap/build-per-run-scope.js +27 -3
- package/dist/bootstrap/build-per-run-scope.js.map +1 -1
- package/dist/bootstrap/config-and-capabilities.d.ts +21 -6
- package/dist/bootstrap/config-and-capabilities.d.ts.map +1 -1
- package/dist/bootstrap/config-and-capabilities.js +79 -23
- package/dist/bootstrap/config-and-capabilities.js.map +1 -1
- package/dist/bootstrap/dispatch-external-tool-command.d.ts +67 -0
- package/dist/bootstrap/dispatch-external-tool-command.d.ts.map +1 -0
- package/dist/bootstrap/dispatch-external-tool-command.js +79 -0
- package/dist/bootstrap/dispatch-external-tool-command.js.map +1 -0
- package/dist/bootstrap/dispatch-external-tool-hook.d.ts +47 -0
- package/dist/bootstrap/dispatch-external-tool-hook.d.ts.map +1 -0
- package/dist/bootstrap/dispatch-external-tool-hook.js +49 -0
- package/dist/bootstrap/dispatch-external-tool-hook.js.map +1 -0
- package/dist/bootstrap/dispatch-fork-core.d.ts +48 -0
- package/dist/bootstrap/dispatch-fork-core.d.ts.map +1 -0
- package/dist/bootstrap/dispatch-fork-core.js +214 -0
- package/dist/bootstrap/dispatch-fork-core.js.map +1 -0
- package/dist/bootstrap/dispatch-host-rpc-handler.d.ts +27 -0
- package/dist/bootstrap/dispatch-host-rpc-handler.d.ts.map +1 -0
- package/dist/bootstrap/dispatch-host-rpc-handler.js +175 -0
- package/dist/bootstrap/dispatch-host-rpc-handler.js.map +1 -0
- package/dist/bootstrap/dispatch-replay-result.d.ts +51 -0
- package/dist/bootstrap/dispatch-replay-result.d.ts.map +1 -0
- package/dist/bootstrap/dispatch-replay-result.js +76 -0
- package/dist/bootstrap/dispatch-replay-result.js.map +1 -0
- package/dist/bootstrap/execute-post-bailout-bootstrap.d.ts.map +1 -1
- package/dist/bootstrap/execute-post-bailout-bootstrap.js +3 -1
- package/dist/bootstrap/execute-post-bailout-bootstrap.js.map +1 -1
- package/dist/bootstrap/index.d.ts +6 -0
- package/dist/bootstrap/index.d.ts.map +1 -1
- package/dist/bootstrap/index.js +14 -2
- package/dist/bootstrap/index.js.map +1 -1
- package/dist/bootstrap/owning-tool-init.d.ts +8 -2
- package/dist/bootstrap/owning-tool-init.d.ts.map +1 -1
- package/dist/bootstrap/owning-tool-init.js +11 -1
- package/dist/bootstrap/owning-tool-init.js.map +1 -1
- package/dist/bootstrap/pre-action-hook.d.ts.map +1 -1
- package/dist/bootstrap/pre-action-hook.js +5 -0
- package/dist/bootstrap/pre-action-hook.js.map +1 -1
- package/dist/bootstrap/register-authored-tools.d.ts +49 -0
- package/dist/bootstrap/register-authored-tools.d.ts.map +1 -0
- package/dist/bootstrap/register-authored-tools.js +132 -0
- package/dist/bootstrap/register-authored-tools.js.map +1 -0
- package/dist/bootstrap/register-tools-discovery.d.ts +4 -52
- package/dist/bootstrap/register-tools-discovery.d.ts.map +1 -1
- package/dist/bootstrap/register-tools-discovery.js +82 -117
- package/dist/bootstrap/register-tools-discovery.js.map +1 -1
- package/dist/bootstrap/register-tools-mount.d.ts.map +1 -1
- package/dist/bootstrap/register-tools-mount.js +20 -44
- package/dist/bootstrap/register-tools-mount.js.map +1 -1
- package/dist/bootstrap/register-tools.d.ts +2 -1
- package/dist/bootstrap/register-tools.d.ts.map +1 -1
- package/dist/bootstrap/register-tools.js +2 -1
- package/dist/bootstrap/register-tools.js.map +1 -1
- package/dist/bootstrap/run-plane.d.ts +11 -0
- package/dist/bootstrap/run-plane.d.ts.map +1 -1
- package/dist/bootstrap/run-plane.js.map +1 -1
- package/dist/bootstrap/scope-access.d.ts +15 -1
- package/dist/bootstrap/scope-access.d.ts.map +1 -1
- package/dist/bootstrap/scope-access.js +12 -1
- package/dist/bootstrap/scope-access.js.map +1 -1
- package/dist/bootstrap/skip-installed-plugins.d.ts +23 -0
- package/dist/bootstrap/skip-installed-plugins.d.ts.map +1 -0
- package/dist/bootstrap/skip-installed-plugins.js +30 -0
- package/dist/bootstrap/skip-installed-plugins.js.map +1 -0
- package/dist/bootstrap/synthesize-external-tool.d.ts +45 -0
- package/dist/bootstrap/synthesize-external-tool.d.ts.map +1 -0
- package/dist/bootstrap/synthesize-external-tool.js +112 -0
- package/dist/bootstrap/synthesize-external-tool.js.map +1 -0
- package/dist/bootstrap/tool-command-dispatch-types.d.ts +280 -0
- package/dist/bootstrap/tool-command-dispatch-types.d.ts.map +1 -0
- package/dist/bootstrap/tool-command-dispatch-types.js +34 -0
- package/dist/bootstrap/tool-command-dispatch-types.js.map +1 -0
- package/dist/bootstrap/tool-command-worker-config-pass.d.ts +24 -0
- package/dist/bootstrap/tool-command-worker-config-pass.d.ts.map +1 -0
- package/dist/bootstrap/tool-command-worker-config-pass.js +52 -0
- package/dist/bootstrap/tool-command-worker-config-pass.js.map +1 -0
- package/dist/bootstrap/tool-command-worker-context.d.ts +55 -0
- package/dist/bootstrap/tool-command-worker-context.d.ts.map +1 -0
- package/dist/bootstrap/tool-command-worker-context.js +163 -0
- package/dist/bootstrap/tool-command-worker-context.js.map +1 -0
- package/dist/bootstrap/tool-command-worker-entry.d.ts +66 -0
- package/dist/bootstrap/tool-command-worker-entry.d.ts.map +1 -0
- package/dist/bootstrap/tool-command-worker-entry.js +298 -0
- package/dist/bootstrap/tool-command-worker-entry.js.map +1 -0
- package/dist/bootstrap/tool-command-worker-rpc.d.ts +53 -0
- package/dist/bootstrap/tool-command-worker-rpc.d.ts.map +1 -0
- package/dist/bootstrap/tool-command-worker-rpc.js +78 -0
- package/dist/bootstrap/tool-command-worker-rpc.js.map +1 -0
- package/dist/bootstrap/tool-provenance.d.ts +85 -0
- package/dist/bootstrap/tool-provenance.d.ts.map +1 -0
- package/dist/bootstrap/tool-provenance.js +101 -0
- package/dist/bootstrap/tool-provenance.js.map +1 -0
- package/dist/bootstrap/tool-trust.d.ts +22 -2
- package/dist/bootstrap/tool-trust.d.ts.map +1 -1
- package/dist/bootstrap/tool-trust.js +25 -2
- package/dist/bootstrap/tool-trust.js.map +1 -1
- package/dist/cli-context.d.ts +17 -0
- package/dist/cli-context.d.ts.map +1 -1
- package/dist/cli-context.js +62 -1
- package/dist/cli-context.js.map +1 -1
- package/dist/commands/completion.d.ts.map +1 -1
- package/dist/commands/completion.js +3 -0
- package/dist/commands/completion.js.map +1 -1
- package/dist/commands/host-command-specs.d.ts +13 -15
- package/dist/commands/host-command-specs.d.ts.map +1 -1
- package/dist/commands/host-command-specs.js +27 -27
- package/dist/commands/host-command-specs.js.map +1 -1
- package/dist/commands/host-subcommand-groups.d.ts.map +1 -1
- package/dist/commands/host-subcommand-groups.js +63 -5
- package/dist/commands/host-subcommand-groups.js.map +1 -1
- package/dist/commands/internal-command-visibility.d.ts +13 -4
- package/dist/commands/internal-command-visibility.d.ts.map +1 -1
- package/dist/commands/internal-command-visibility.js +14 -5
- package/dist/commands/internal-command-visibility.js.map +1 -1
- package/dist/commands/mount-command-spec.d.ts.map +1 -1
- package/dist/commands/mount-command-spec.js +31 -0
- package/dist/commands/mount-command-spec.js.map +1 -1
- package/dist/commands/session-show.d.ts.map +1 -1
- package/dist/commands/session-show.js +4 -1
- package/dist/commands/session-show.js.map +1 -1
- package/dist/commands/tools/data-purge.js +2 -2
- package/dist/commands/tools/data-purge.js.map +1 -1
- package/dist/commands/tools/validate.js +1 -1
- package/dist/env/host-env-specs.d.ts.map +1 -1
- package/dist/env/host-env-specs.js +28 -0
- package/dist/env/host-env-specs.js.map +1 -1
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +15 -6
- package/dist/index.js.map +1 -1
- package/dist/report-compose.d.ts.map +1 -1
- package/dist/report-compose.js +85 -19
- package/dist/report-compose.js.map +1 -1
- package/dist/session-replay-registry.d.ts +33 -6
- package/dist/session-replay-registry.d.ts.map +1 -1
- package/dist/session-replay-registry.js +43 -6
- package/dist/session-replay-registry.js.map +1 -1
- package/dist/telemetry/command-label.d.ts +19 -0
- package/dist/telemetry/command-label.d.ts.map +1 -0
- package/dist/telemetry/command-label.js +26 -0
- package/dist/telemetry/command-label.js.map +1 -0
- package/dist/telemetry/profiling.d.ts +30 -0
- package/dist/telemetry/profiling.d.ts.map +1 -1
- package/dist/telemetry/profiling.js +16 -1
- package/dist/telemetry/profiling.js.map +1 -1
- package/dist/telemetry/sdk-init.d.ts +9 -0
- package/dist/telemetry/sdk-init.d.ts.map +1 -1
- package/dist/telemetry/sdk-init.js +32 -0
- package/dist/telemetry/sdk-init.js.map +1 -1
- package/dist/ui/views/tools-views.d.ts.map +1 -1
- package/dist/ui/views/tools-views.js +8 -0
- package/dist/ui/views/tools-views.js.map +1 -1
- package/package.json +32 -32
|
@@ -0,0 +1,53 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* tool-command-worker-rpc — the WORKER side of the ADR-0054 host-RPC upcall
|
|
3
|
+
* channel (increment M4-C).
|
|
4
|
+
*
|
|
5
|
+
* A host-RPC seam in the worker shim (`tool-command-worker-context.ts`) calls
|
|
6
|
+
* `hostRpc(request)`: it stamps a monotonic `rpcId`, posts the request to the
|
|
7
|
+
* parent over the transport's `progress` arm
|
|
8
|
+
* (`WorkerMessage<HostRpcRequest, ToolCommandResult>`), and BLOCKS on the
|
|
9
|
+
* matching {@link RpcReply} the parent posts back via `child.send`. The host
|
|
10
|
+
* performs the privileged effect through the real `ToolCliContext` and replies;
|
|
11
|
+
* a host-side fault crosses back as `{ ok: false, error }`, which this re-throws
|
|
12
|
+
* so the handler sees a normal thrown error (never a host crash, never a silent
|
|
13
|
+
* no-op).
|
|
14
|
+
*
|
|
15
|
+
* Replies are delivered on the worker's single `process.on('message')` listener,
|
|
16
|
+
* installed once and demultiplexed by `rpcId` into the pending-request map. The
|
|
17
|
+
* listener ignores anything that is not an `rpc-reply` (the channel is otherwise
|
|
18
|
+
* child → parent), so it never races the worker's own outbound posts.
|
|
19
|
+
*/
|
|
20
|
+
import type { HostRpcCall, HostRpcRequest } from './tool-command-dispatch-types.js';
|
|
21
|
+
import type { WorkerMessage } from '@opensip-cli/core';
|
|
22
|
+
/** The worker's outbound IPC type binding: requests stream on `progress`. */
|
|
23
|
+
type WorkerOutbound = WorkerMessage<HostRpcRequest, unknown>;
|
|
24
|
+
/**
|
|
25
|
+
* A worker RPC client: `call` issues one upcall and resolves with the host's
|
|
26
|
+
* reply value (or rejects with the host's structured error). `dispose` removes
|
|
27
|
+
* the reply listener (hygiene for the short-lived fork; the process exits on
|
|
28
|
+
* settle regardless).
|
|
29
|
+
*/
|
|
30
|
+
export interface WorkerRpcClient {
|
|
31
|
+
/**
|
|
32
|
+
* Issue one host-RPC upcall (sans `rpcId` — assigned here) and await the
|
|
33
|
+
* host's reply.
|
|
34
|
+
*
|
|
35
|
+
* @throws {Error} when the host reply is `{ ok: false }` (the host-side fault
|
|
36
|
+
* re-thrown into the handler), or when the worker is not forked with an IPC
|
|
37
|
+
* channel (no `process.send`, an integration-only misuse).
|
|
38
|
+
*/
|
|
39
|
+
readonly call: (request: HostRpcCall) => Promise<unknown>;
|
|
40
|
+
readonly dispose: () => void;
|
|
41
|
+
}
|
|
42
|
+
/**
|
|
43
|
+
* Create the worker's RPC client over the live IPC channel. Installs the single
|
|
44
|
+
* reply listener; `send` posts requests on the `progress` arm. The caller passes
|
|
45
|
+
* `process` so unit tests can supply a fake duplex.
|
|
46
|
+
*/
|
|
47
|
+
export declare function createWorkerRpcClient(channel: {
|
|
48
|
+
send?: (msg: WorkerOutbound) => unknown;
|
|
49
|
+
on: (event: 'message', listener: (msg: unknown) => void) => unknown;
|
|
50
|
+
off?: (event: 'message', listener: (msg: unknown) => void) => unknown;
|
|
51
|
+
}): WorkerRpcClient;
|
|
52
|
+
export {};
|
|
53
|
+
//# sourceMappingURL=tool-command-worker-rpc.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"tool-command-worker-rpc.d.ts","sourceRoot":"","sources":["../../src/bootstrap/tool-command-worker-rpc.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;GAkBG;AAEH,OAAO,KAAK,EAAE,WAAW,EAAE,cAAc,EAAY,MAAM,kCAAkC,CAAC;AAC9F,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,mBAAmB,CAAC;AAEvD,6EAA6E;AAC7E,KAAK,cAAc,GAAG,aAAa,CAAC,cAAc,EAAE,OAAO,CAAC,CAAC;AAE7D;;;;;GAKG;AACH,MAAM,WAAW,eAAe;IAC9B;;;;;;;OAOG;IACH,QAAQ,CAAC,IAAI,EAAE,CAAC,OAAO,EAAE,WAAW,KAAK,OAAO,CAAC,OAAO,CAAC,CAAC;IAC1D,QAAQ,CAAC,OAAO,EAAE,MAAM,IAAI,CAAC;CAC9B;AAyBD;;;;GAIG;AACH,wBAAgB,qBAAqB,CAAC,OAAO,EAAE;IAC7C,IAAI,CAAC,EAAE,CAAC,GAAG,EAAE,cAAc,KAAK,OAAO,CAAC;IACxC,EAAE,EAAE,CAAC,KAAK,EAAE,SAAS,EAAE,QAAQ,EAAE,CAAC,GAAG,EAAE,OAAO,KAAK,IAAI,KAAK,OAAO,CAAC;IACpE,GAAG,CAAC,EAAE,CAAC,KAAK,EAAE,SAAS,EAAE,QAAQ,EAAE,CAAC,GAAG,EAAE,OAAO,KAAK,IAAI,KAAK,OAAO,CAAC;CACvE,GAAG,eAAe,CAuClB"}
|
|
@@ -0,0 +1,78 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* tool-command-worker-rpc — the WORKER side of the ADR-0054 host-RPC upcall
|
|
3
|
+
* channel (increment M4-C).
|
|
4
|
+
*
|
|
5
|
+
* A host-RPC seam in the worker shim (`tool-command-worker-context.ts`) calls
|
|
6
|
+
* `hostRpc(request)`: it stamps a monotonic `rpcId`, posts the request to the
|
|
7
|
+
* parent over the transport's `progress` arm
|
|
8
|
+
* (`WorkerMessage<HostRpcRequest, ToolCommandResult>`), and BLOCKS on the
|
|
9
|
+
* matching {@link RpcReply} the parent posts back via `child.send`. The host
|
|
10
|
+
* performs the privileged effect through the real `ToolCliContext` and replies;
|
|
11
|
+
* a host-side fault crosses back as `{ ok: false, error }`, which this re-throws
|
|
12
|
+
* so the handler sees a normal thrown error (never a host crash, never a silent
|
|
13
|
+
* no-op).
|
|
14
|
+
*
|
|
15
|
+
* Replies are delivered on the worker's single `process.on('message')` listener,
|
|
16
|
+
* installed once and demultiplexed by `rpcId` into the pending-request map. The
|
|
17
|
+
* listener ignores anything that is not an `rpc-reply` (the channel is otherwise
|
|
18
|
+
* child → parent), so it never races the worker's own outbound posts.
|
|
19
|
+
*/
|
|
20
|
+
/** Reconstruct an Error from a host reply's structured error (preserving stack). */
|
|
21
|
+
function rpcError(detail) {
|
|
22
|
+
const err = new Error(detail.message);
|
|
23
|
+
if (detail.code !== undefined)
|
|
24
|
+
err.code = detail.code;
|
|
25
|
+
if (detail.stack !== undefined)
|
|
26
|
+
err.stack = detail.stack;
|
|
27
|
+
return err;
|
|
28
|
+
}
|
|
29
|
+
/** Narrow an arbitrary IPC message to a {@link RpcReply}. */
|
|
30
|
+
function isRpcReply(msg) {
|
|
31
|
+
return (typeof msg === 'object' &&
|
|
32
|
+
msg !== null &&
|
|
33
|
+
msg.kind === 'rpc-reply' &&
|
|
34
|
+
typeof msg.rpcId === 'number');
|
|
35
|
+
}
|
|
36
|
+
/**
|
|
37
|
+
* Create the worker's RPC client over the live IPC channel. Installs the single
|
|
38
|
+
* reply listener; `send` posts requests on the `progress` arm. The caller passes
|
|
39
|
+
* `process` so unit tests can supply a fake duplex.
|
|
40
|
+
*/
|
|
41
|
+
export function createWorkerRpcClient(channel) {
|
|
42
|
+
const pending = new Map();
|
|
43
|
+
let nextId = 1;
|
|
44
|
+
const onMessage = (msg) => {
|
|
45
|
+
if (!isRpcReply(msg))
|
|
46
|
+
return; // not a reply — the channel is otherwise outbound
|
|
47
|
+
const waiter = pending.get(msg.rpcId);
|
|
48
|
+
if (waiter === undefined)
|
|
49
|
+
return; // unknown/duplicate rpcId — defensively ignore
|
|
50
|
+
pending.delete(msg.rpcId);
|
|
51
|
+
if (msg.ok)
|
|
52
|
+
waiter.resolve(msg.value);
|
|
53
|
+
else
|
|
54
|
+
waiter.reject(rpcError(msg.error));
|
|
55
|
+
};
|
|
56
|
+
channel.on('message', onMessage);
|
|
57
|
+
return {
|
|
58
|
+
call: (request) => new Promise((resolve, reject) => {
|
|
59
|
+
if (channel.send === undefined) {
|
|
60
|
+
reject(new Error('tool command worker: no IPC channel to issue a host-RPC upcall ' +
|
|
61
|
+
`('${request.seam}') — the worker must be forked with an 'ipc' stdio channel.`));
|
|
62
|
+
return;
|
|
63
|
+
}
|
|
64
|
+
const rpcId = nextId++;
|
|
65
|
+
pending.set(rpcId, { resolve, reject });
|
|
66
|
+
const event = { ...request, rpcId };
|
|
67
|
+
// Call through `channel.send(...)` (not an extracted reference) so the
|
|
68
|
+
// method keeps its `this` binding — `process.send` reads `this.connected`
|
|
69
|
+
// internally and throws if invoked unbound.
|
|
70
|
+
channel.send({ kind: 'progress', event });
|
|
71
|
+
}),
|
|
72
|
+
dispose: () => {
|
|
73
|
+
channel.off?.('message', onMessage);
|
|
74
|
+
pending.clear();
|
|
75
|
+
},
|
|
76
|
+
};
|
|
77
|
+
}
|
|
78
|
+
//# sourceMappingURL=tool-command-worker-rpc.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"tool-command-worker-rpc.js","sourceRoot":"","sources":["../../src/bootstrap/tool-command-worker-rpc.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;GAkBG;AAgCH,oFAAoF;AACpF,SAAS,QAAQ,CAAC,MAA0D;IAC1E,MAAM,GAAG,GAAG,IAAI,KAAK,CAAC,MAAM,CAAC,OAAO,CAA8B,CAAC;IACnE,IAAI,MAAM,CAAC,IAAI,KAAK,SAAS;QAAE,GAAG,CAAC,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC;IACtD,IAAI,MAAM,CAAC,KAAK,KAAK,SAAS;QAAE,GAAG,CAAC,KAAK,GAAG,MAAM,CAAC,KAAK,CAAC;IACzD,OAAO,GAAG,CAAC;AACb,CAAC;AAED,6DAA6D;AAC7D,SAAS,UAAU,CAAC,GAAY;IAC9B,OAAO,CACL,OAAO,GAAG,KAAK,QAAQ;QACvB,GAAG,KAAK,IAAI;QACX,GAA0B,CAAC,IAAI,KAAK,WAAW;QAChD,OAAQ,GAA2B,CAAC,KAAK,KAAK,QAAQ,CACvD,CAAC;AACJ,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,qBAAqB,CAAC,OAIrC;IACC,MAAM,OAAO,GAAG,IAAI,GAAG,EAAuB,CAAC;IAC/C,IAAI,MAAM,GAAG,CAAC,CAAC;IAEf,MAAM,SAAS,GAAG,CAAC,GAAY,EAAQ,EAAE;QACvC,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC;YAAE,OAAO,CAAC,kDAAkD;QAChF,MAAM,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;QACtC,IAAI,MAAM,KAAK,SAAS;YAAE,OAAO,CAAC,+CAA+C;QACjF,OAAO,CAAC,MAAM,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;QAC1B,IAAI,GAAG,CAAC,EAAE;YAAE,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;;YACjC,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC;IAC1C,CAAC,CAAC;IACF,OAAO,CAAC,EAAE,CAAC,SAAS,EAAE,SAAS,CAAC,CAAC;IAEjC,OAAO;QACL,IAAI,EAAE,CAAC,OAAO,EAAE,EAAE,CAChB,IAAI,OAAO,CAAU,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;YACvC,IAAI,OAAO,CAAC,IAAI,KAAK,SAAS,EAAE,CAAC;gBAC/B,MAAM,CACJ,IAAI,KAAK,CACP,iEAAiE;oBAC/D,KAAK,OAAO,CAAC,IAAI,6DAA6D,CACjF,CACF,CAAC;gBACF,OAAO;YACT,CAAC;YACD,MAAM,KAAK,GAAG,MAAM,EAAE,CAAC;YACvB,OAAO,CAAC,GAAG,CAAC,KAAK,EAAE,EAAE,OAAO,EAAE,MAAM,EAAE,CAAC,CAAC;YACxC,MAAM,KAAK,GAAmB,EAAE,GAAG,OAAO,EAAE,KAAK,EAAE,CAAC;YACpD,uEAAuE;YACvE,0EAA0E;YAC1E,4CAA4C;YAC5C,OAAO,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,UAAU,EAAE,KAAK,EAAE,CAAC,CAAC;QAC5C,CAAC,CAAC;QACJ,OAAO,EAAE,GAAG,EAAE;YACZ,OAAO,CAAC,GAAG,EAAE,CAAC,SAAS,EAAE,SAAS,CAAC,CAAC;YACpC,OAAO,CAAC,KAAK,EAAE,CAAC;QAClB,CAAC;KACF,CAAC;AACJ,CAAC"}
|
|
@@ -0,0 +1,85 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* tool-provenance — the shared per-run provenance classifier + the host/worker
|
|
3
|
+
* hook-execution gate (ADR-0054 M4-F).
|
|
4
|
+
*
|
|
5
|
+
* Three sites resolve a tool's `ToolProvenance.source` from the per-run
|
|
6
|
+
* provenance array (recorded by the bootstrap, matched by stable id then human
|
|
7
|
+
* name): `bind-external-dispatch.ts` (dispatch gate), `config-and-capabilities.ts`
|
|
8
|
+
* (config two-pass fold + capability wiring), and now the lifecycle host loops
|
|
9
|
+
* (contributeScope / initialize / report / replay). This module is the ONE matcher
|
|
10
|
+
* so they never drift.
|
|
11
|
+
*
|
|
12
|
+
* It also owns the **host-vs-worker** gate that makes the M4-F lifecycle skip
|
|
13
|
+
* correct. M4-F stops the HOST from executing external-provenance lifecycle +
|
|
14
|
+
* capability hooks — but the dispatch WORKER re-runs the SAME bootstrap code
|
|
15
|
+
* (`build-per-run-scope` / `config-and-capabilities`) and MUST run the dispatched
|
|
16
|
+
* external tool's hooks there (the worker is the legitimate isolation boundary —
|
|
17
|
+
* that is the whole point: external runtime executes in the worker, not the host).
|
|
18
|
+
*
|
|
19
|
+
* So the skip is gated on "this process is the HOST, not a dispatch worker." The
|
|
20
|
+
* supervisor sets {@link IN_TOOL_WORKER_ENV} on the forked child's env; inside the
|
|
21
|
+
* worker {@link isExternalHookHostSkipActive} returns `false`, so the worker runs
|
|
22
|
+
* ALL its registered tools' hooks worker-local exactly as a normal in-process
|
|
23
|
+
* bootstrap would. In the host it returns `true`, so external hooks are skipped.
|
|
24
|
+
*/
|
|
25
|
+
import { type Tool, type ToolProvenance, type ToolSource } from '@opensip-cli/core';
|
|
26
|
+
/**
|
|
27
|
+
* Env flag the dispatch supervisor sets on the forked `__tool-command-worker`
|
|
28
|
+
* child so the worker can tell it is the isolation boundary (NOT the host). The
|
|
29
|
+
* worker bootstrap runs the SAME lifecycle loops as the host; this flag disables
|
|
30
|
+
* the M4-F external-hook host-skip inside the worker so the dispatched tool's
|
|
31
|
+
* hooks run there. A separate process + env channel (symmetric to OPENSIP_RUN_ID
|
|
32
|
+
* injection) keeps it deterministic and unit-testable.
|
|
33
|
+
*/
|
|
34
|
+
export declare const IN_TOOL_WORKER_ENV = "OPENSIP_CLI_IN_TOOL_WORKER";
|
|
35
|
+
/**
|
|
36
|
+
* Is the M4-F external-hook host-skip ACTIVE in this process? `true` in the host
|
|
37
|
+
* (skip external hooks), `false` inside a dispatch worker (run them — the worker
|
|
38
|
+
* is the isolation boundary). Reads the injected env (defaults to `process.env`)
|
|
39
|
+
* so tests can flip it deterministically without a fork.
|
|
40
|
+
*/
|
|
41
|
+
export declare function isExternalHookHostSkipActive(env?: NodeJS.ProcessEnv): boolean;
|
|
42
|
+
/**
|
|
43
|
+
* Must this process REFUSE to import external tool runtimes (ADR-0054 M4-G
|
|
44
|
+
* capstone)? `true` in the HOST — the host registers a manifest-derived synthetic
|
|
45
|
+
* Tool for external provenance and NEVER loads its runtime; `false` inside a
|
|
46
|
+
* dispatch worker (`OPENSIP_CLI_IN_TOOL_WORKER=1`) — the worker IS the isolation
|
|
47
|
+
* boundary, where the untrusted external runtime legitimately loads + runs.
|
|
48
|
+
*
|
|
49
|
+
* This is the same host-vs-worker hinge as the M4-F lifecycle gate (the worker
|
|
50
|
+
* re-runs the SAME bootstrap, so discovery must branch on which process it is),
|
|
51
|
+
* named for the capstone's discovery decision. Reads the injected env (defaults
|
|
52
|
+
* to `process.env`) so tests flip it deterministically without a fork.
|
|
53
|
+
*/
|
|
54
|
+
export declare function isHostRuntimeImportForbidden(env?: NodeJS.ProcessEnv): boolean;
|
|
55
|
+
/**
|
|
56
|
+
* Resolve a tool's provenance source from the per-run provenance array. Mirrors
|
|
57
|
+
* the dispatch/config matchers: prefer the stable-id match (UUID → `metadata.id`),
|
|
58
|
+
* fall back to the human key (`ToolProvenance.id` → `metadata.name`). A tool with
|
|
59
|
+
* NO recorded provenance is the trusted/unknown path → `'bundled'` semantics (its
|
|
60
|
+
* hooks run in-host, exactly as before M4-F).
|
|
61
|
+
*/
|
|
62
|
+
export declare function provenanceSourceFor(tool: Tool, provenance: readonly ToolProvenance[]): ToolSource;
|
|
63
|
+
/** Find the full provenance record for a tool (stable-id then human-name match). */
|
|
64
|
+
export declare function provenanceRecordFor(tool: Tool, provenance: readonly ToolProvenance[]): ToolProvenance | undefined;
|
|
65
|
+
/**
|
|
66
|
+
* Is this tool external-provenance (installed / project-local / user-global)? A
|
|
67
|
+
* tool with no recorded provenance is treated as bundled (trusted/unknown path).
|
|
68
|
+
*/
|
|
69
|
+
export declare function isExternalToolProvenance(tool: Tool, provenance: readonly ToolProvenance[]): boolean;
|
|
70
|
+
/**
|
|
71
|
+
* The M4-F gate: should this tool's lifecycle/capability hook run IN THE HOST
|
|
72
|
+
* process this invocation?
|
|
73
|
+
*
|
|
74
|
+
* - Bundled (or no provenance recorded) → `true` (trusted computing base; runs
|
|
75
|
+
* in-host exactly as before M4-F).
|
|
76
|
+
* - External, host-skip ACTIVE (we are the host) → `false` (the host never
|
|
77
|
+
* executes external runtime hooks; they run worker-side).
|
|
78
|
+
* - External, host-skip INACTIVE (we are inside a dispatch worker) → `true`
|
|
79
|
+
* (the worker IS the isolation boundary — run the dispatched tool's hooks
|
|
80
|
+
* worker-local).
|
|
81
|
+
*
|
|
82
|
+
* @param env Injected env (defaults to `process.env`) for the worker-flag read.
|
|
83
|
+
*/
|
|
84
|
+
export declare function shouldRunHookInHost(tool: Tool, provenance: readonly ToolProvenance[], env?: NodeJS.ProcessEnv): boolean;
|
|
85
|
+
//# sourceMappingURL=tool-provenance.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"tool-provenance.d.ts","sourceRoot":"","sources":["../../src/bootstrap/tool-provenance.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;GAuBG;AAEH,OAAO,EAAE,KAAK,IAAI,EAAE,KAAK,cAAc,EAAE,KAAK,UAAU,EAAE,MAAM,mBAAmB,CAAC;AAEpF;;;;;;;GAOG;AACH,eAAO,MAAM,kBAAkB,+BAA+B,CAAC;AAE/D;;;;;GAKG;AACH,wBAAgB,4BAA4B,CAAC,GAAG,GAAE,MAAM,CAAC,UAAwB,GAAG,OAAO,CAE1F;AAED;;;;;;;;;;;GAWG;AACH,wBAAgB,4BAA4B,CAAC,GAAG,GAAE,MAAM,CAAC,UAAwB,GAAG,OAAO,CAE1F;AAED;;;;;;GAMG;AACH,wBAAgB,mBAAmB,CAAC,IAAI,EAAE,IAAI,EAAE,UAAU,EAAE,SAAS,cAAc,EAAE,GAAG,UAAU,CAKjG;AAED,oFAAoF;AACpF,wBAAgB,mBAAmB,CACjC,IAAI,EAAE,IAAI,EACV,UAAU,EAAE,SAAS,cAAc,EAAE,GACpC,cAAc,GAAG,SAAS,CAK5B;AAED;;;GAGG;AACH,wBAAgB,wBAAwB,CACtC,IAAI,EAAE,IAAI,EACV,UAAU,EAAE,SAAS,cAAc,EAAE,GACpC,OAAO,CAET;AAED;;;;;;;;;;;;;GAaG;AACH,wBAAgB,mBAAmB,CACjC,IAAI,EAAE,IAAI,EACV,UAAU,EAAE,SAAS,cAAc,EAAE,EACrC,GAAG,GAAE,MAAM,CAAC,UAAwB,GACnC,OAAO,CAGT"}
|
|
@@ -0,0 +1,101 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* tool-provenance — the shared per-run provenance classifier + the host/worker
|
|
3
|
+
* hook-execution gate (ADR-0054 M4-F).
|
|
4
|
+
*
|
|
5
|
+
* Three sites resolve a tool's `ToolProvenance.source` from the per-run
|
|
6
|
+
* provenance array (recorded by the bootstrap, matched by stable id then human
|
|
7
|
+
* name): `bind-external-dispatch.ts` (dispatch gate), `config-and-capabilities.ts`
|
|
8
|
+
* (config two-pass fold + capability wiring), and now the lifecycle host loops
|
|
9
|
+
* (contributeScope / initialize / report / replay). This module is the ONE matcher
|
|
10
|
+
* so they never drift.
|
|
11
|
+
*
|
|
12
|
+
* It also owns the **host-vs-worker** gate that makes the M4-F lifecycle skip
|
|
13
|
+
* correct. M4-F stops the HOST from executing external-provenance lifecycle +
|
|
14
|
+
* capability hooks — but the dispatch WORKER re-runs the SAME bootstrap code
|
|
15
|
+
* (`build-per-run-scope` / `config-and-capabilities`) and MUST run the dispatched
|
|
16
|
+
* external tool's hooks there (the worker is the legitimate isolation boundary —
|
|
17
|
+
* that is the whole point: external runtime executes in the worker, not the host).
|
|
18
|
+
*
|
|
19
|
+
* So the skip is gated on "this process is the HOST, not a dispatch worker." The
|
|
20
|
+
* supervisor sets {@link IN_TOOL_WORKER_ENV} on the forked child's env; inside the
|
|
21
|
+
* worker {@link isExternalHookHostSkipActive} returns `false`, so the worker runs
|
|
22
|
+
* ALL its registered tools' hooks worker-local exactly as a normal in-process
|
|
23
|
+
* bootstrap would. In the host it returns `true`, so external hooks are skipped.
|
|
24
|
+
*/
|
|
25
|
+
/**
|
|
26
|
+
* Env flag the dispatch supervisor sets on the forked `__tool-command-worker`
|
|
27
|
+
* child so the worker can tell it is the isolation boundary (NOT the host). The
|
|
28
|
+
* worker bootstrap runs the SAME lifecycle loops as the host; this flag disables
|
|
29
|
+
* the M4-F external-hook host-skip inside the worker so the dispatched tool's
|
|
30
|
+
* hooks run there. A separate process + env channel (symmetric to OPENSIP_RUN_ID
|
|
31
|
+
* injection) keeps it deterministic and unit-testable.
|
|
32
|
+
*/
|
|
33
|
+
export const IN_TOOL_WORKER_ENV = 'OPENSIP_CLI_IN_TOOL_WORKER';
|
|
34
|
+
/**
|
|
35
|
+
* Is the M4-F external-hook host-skip ACTIVE in this process? `true` in the host
|
|
36
|
+
* (skip external hooks), `false` inside a dispatch worker (run them — the worker
|
|
37
|
+
* is the isolation boundary). Reads the injected env (defaults to `process.env`)
|
|
38
|
+
* so tests can flip it deterministically without a fork.
|
|
39
|
+
*/
|
|
40
|
+
export function isExternalHookHostSkipActive(env = process.env) {
|
|
41
|
+
return env[IN_TOOL_WORKER_ENV] !== '1';
|
|
42
|
+
}
|
|
43
|
+
/**
|
|
44
|
+
* Must this process REFUSE to import external tool runtimes (ADR-0054 M4-G
|
|
45
|
+
* capstone)? `true` in the HOST — the host registers a manifest-derived synthetic
|
|
46
|
+
* Tool for external provenance and NEVER loads its runtime; `false` inside a
|
|
47
|
+
* dispatch worker (`OPENSIP_CLI_IN_TOOL_WORKER=1`) — the worker IS the isolation
|
|
48
|
+
* boundary, where the untrusted external runtime legitimately loads + runs.
|
|
49
|
+
*
|
|
50
|
+
* This is the same host-vs-worker hinge as the M4-F lifecycle gate (the worker
|
|
51
|
+
* re-runs the SAME bootstrap, so discovery must branch on which process it is),
|
|
52
|
+
* named for the capstone's discovery decision. Reads the injected env (defaults
|
|
53
|
+
* to `process.env`) so tests flip it deterministically without a fork.
|
|
54
|
+
*/
|
|
55
|
+
export function isHostRuntimeImportForbidden(env = process.env) {
|
|
56
|
+
return isExternalHookHostSkipActive(env);
|
|
57
|
+
}
|
|
58
|
+
/**
|
|
59
|
+
* Resolve a tool's provenance source from the per-run provenance array. Mirrors
|
|
60
|
+
* the dispatch/config matchers: prefer the stable-id match (UUID → `metadata.id`),
|
|
61
|
+
* fall back to the human key (`ToolProvenance.id` → `metadata.name`). A tool with
|
|
62
|
+
* NO recorded provenance is the trusted/unknown path → `'bundled'` semantics (its
|
|
63
|
+
* hooks run in-host, exactly as before M4-F).
|
|
64
|
+
*/
|
|
65
|
+
export function provenanceSourceFor(tool, provenance) {
|
|
66
|
+
const recorded = provenance.find((p) => p.stableId !== undefined && p.stableId === tool.metadata.id) ??
|
|
67
|
+
provenance.find((p) => p.id === tool.metadata.name);
|
|
68
|
+
return recorded?.source ?? 'bundled';
|
|
69
|
+
}
|
|
70
|
+
/** Find the full provenance record for a tool (stable-id then human-name match). */
|
|
71
|
+
export function provenanceRecordFor(tool, provenance) {
|
|
72
|
+
return (provenance.find((p) => p.stableId !== undefined && p.stableId === tool.metadata.id) ??
|
|
73
|
+
provenance.find((p) => p.id === tool.metadata.name));
|
|
74
|
+
}
|
|
75
|
+
/**
|
|
76
|
+
* Is this tool external-provenance (installed / project-local / user-global)? A
|
|
77
|
+
* tool with no recorded provenance is treated as bundled (trusted/unknown path).
|
|
78
|
+
*/
|
|
79
|
+
export function isExternalToolProvenance(tool, provenance) {
|
|
80
|
+
return provenanceSourceFor(tool, provenance) !== 'bundled';
|
|
81
|
+
}
|
|
82
|
+
/**
|
|
83
|
+
* The M4-F gate: should this tool's lifecycle/capability hook run IN THE HOST
|
|
84
|
+
* process this invocation?
|
|
85
|
+
*
|
|
86
|
+
* - Bundled (or no provenance recorded) → `true` (trusted computing base; runs
|
|
87
|
+
* in-host exactly as before M4-F).
|
|
88
|
+
* - External, host-skip ACTIVE (we are the host) → `false` (the host never
|
|
89
|
+
* executes external runtime hooks; they run worker-side).
|
|
90
|
+
* - External, host-skip INACTIVE (we are inside a dispatch worker) → `true`
|
|
91
|
+
* (the worker IS the isolation boundary — run the dispatched tool's hooks
|
|
92
|
+
* worker-local).
|
|
93
|
+
*
|
|
94
|
+
* @param env Injected env (defaults to `process.env`) for the worker-flag read.
|
|
95
|
+
*/
|
|
96
|
+
export function shouldRunHookInHost(tool, provenance, env = process.env) {
|
|
97
|
+
if (!isExternalToolProvenance(tool, provenance))
|
|
98
|
+
return true;
|
|
99
|
+
return !isExternalHookHostSkipActive(env);
|
|
100
|
+
}
|
|
101
|
+
//# sourceMappingURL=tool-provenance.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"tool-provenance.js","sourceRoot":"","sources":["../../src/bootstrap/tool-provenance.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;GAuBG;AAIH;;;;;;;GAOG;AACH,MAAM,CAAC,MAAM,kBAAkB,GAAG,4BAA4B,CAAC;AAE/D;;;;;GAKG;AACH,MAAM,UAAU,4BAA4B,CAAC,MAAyB,OAAO,CAAC,GAAG;IAC/E,OAAO,GAAG,CAAC,kBAAkB,CAAC,KAAK,GAAG,CAAC;AACzC,CAAC;AAED;;;;;;;;;;;GAWG;AACH,MAAM,UAAU,4BAA4B,CAAC,MAAyB,OAAO,CAAC,GAAG;IAC/E,OAAO,4BAA4B,CAAC,GAAG,CAAC,CAAC;AAC3C,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,mBAAmB,CAAC,IAAU,EAAE,UAAqC;IACnF,MAAM,QAAQ,GACZ,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,SAAS,IAAI,CAAC,CAAC,QAAQ,KAAK,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC;QACnF,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;IACtD,OAAO,QAAQ,EAAE,MAAM,IAAI,SAAS,CAAC;AACvC,CAAC;AAED,oFAAoF;AACpF,MAAM,UAAU,mBAAmB,CACjC,IAAU,EACV,UAAqC;IAErC,OAAO,CACL,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,SAAS,IAAI,CAAC,CAAC,QAAQ,KAAK,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC;QACnF,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,CACpD,CAAC;AACJ,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,wBAAwB,CACtC,IAAU,EACV,UAAqC;IAErC,OAAO,mBAAmB,CAAC,IAAI,EAAE,UAAU,CAAC,KAAK,SAAS,CAAC;AAC7D,CAAC;AAED;;;;;;;;;;;;;GAaG;AACH,MAAM,UAAU,mBAAmB,CACjC,IAAU,EACV,UAAqC,EACrC,MAAyB,OAAO,CAAC,GAAG;IAEpC,IAAI,CAAC,wBAAwB,CAAC,IAAI,EAAE,UAAU,CAAC;QAAE,OAAO,IAAI,CAAC;IAC7D,OAAO,CAAC,4BAA4B,CAAC,GAAG,CAAC,CAAC;AAC5C,CAAC"}
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
/**
|
|
2
|
-
* tool-trust —
|
|
3
|
-
* launch, Phase 3 Task 3.2).
|
|
2
|
+
* tool-trust — executable-tool trust policies for project-local and installed
|
|
3
|
+
* npm tools (release launch, Phase 3 Task 3.2; audit remediation).
|
|
4
4
|
*
|
|
5
5
|
* A `project-local` tool is authored code under `<project>/opensip-cli/…`
|
|
6
6
|
* that changes with the repo (§5.2.1). Running it imports arbitrary code
|
|
@@ -25,6 +25,12 @@
|
|
|
25
25
|
* around a single call.
|
|
26
26
|
*/
|
|
27
27
|
export declare const PROJECT_TOOL_ALLOWLIST_ENV = "OPENSIP_CLI_ALLOW_PROJECT_TOOLS";
|
|
28
|
+
/**
|
|
29
|
+
* Environment variable carrying the installed-npm tool allowlist. Empty/unset
|
|
30
|
+
* ⇒ deny-by-default for ambient `node_modules` discovery (paired with
|
|
31
|
+
* {@link isInstalledToolTrusted}).
|
|
32
|
+
*/
|
|
33
|
+
export declare const INSTALLED_TOOL_ALLOWLIST_ENV = "OPENSIP_CLI_ALLOW_INSTALLED_TOOLS";
|
|
28
34
|
/**
|
|
29
35
|
* Decide whether a project-local executable tool with the given `id` is
|
|
30
36
|
* trusted to load, under the deny-by-default + allowlist-opt-in policy.
|
|
@@ -46,4 +52,18 @@ export declare const PROJECT_TOOL_ALLOWLIST_ENV = "OPENSIP_CLI_ALLOW_PROJECT_TOO
|
|
|
46
52
|
* @returns `true` iff the allowlist contains `id` or the wildcard `'*'`.
|
|
47
53
|
*/
|
|
48
54
|
export declare function isProjectLocalToolTrusted(id: string, env?: NodeJS.ProcessEnv): boolean;
|
|
55
|
+
/**
|
|
56
|
+
* Decide whether an installed npm tool with the given manifest `id` is trusted
|
|
57
|
+
* to `import()` into the host process, under deny-by-default + allowlist-opt-in.
|
|
58
|
+
*
|
|
59
|
+
* Read timing and env governance mirror {@link isProjectLocalToolTrusted}: the
|
|
60
|
+
* check runs at bootstrap before any `RunScope` exists, via the injected `env`
|
|
61
|
+
* param for testability.
|
|
62
|
+
*
|
|
63
|
+
* @param id The tool's stable id (from `package.json#opensipTools.id`).
|
|
64
|
+
* @param env The environment to read the allowlist from (defaults to
|
|
65
|
+
* `process.env`; injectable for tests).
|
|
66
|
+
* @returns `true` iff the allowlist contains `id` or the wildcard `'*'`.
|
|
67
|
+
*/
|
|
68
|
+
export declare function isInstalledToolTrusted(id: string, env?: NodeJS.ProcessEnv): boolean;
|
|
49
69
|
//# sourceMappingURL=tool-trust.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"tool-trust.d.ts","sourceRoot":"","sources":["../../src/bootstrap/tool-trust.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;GAoBG;AAEH;;;;GAIG;AACH,eAAO,MAAM,0BAA0B,oCAAoC,CAAC;
|
|
1
|
+
{"version":3,"file":"tool-trust.d.ts","sourceRoot":"","sources":["../../src/bootstrap/tool-trust.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;GAoBG;AAEH;;;;GAIG;AACH,eAAO,MAAM,0BAA0B,oCAAoC,CAAC;AAE5E;;;;GAIG;AACH,eAAO,MAAM,4BAA4B,sCAAsC,CAAC;AAiBhF;;;;;;;;;;;;;;;;;;;GAmBG;AACH,wBAAgB,yBAAyB,CACvC,EAAE,EAAE,MAAM,EACV,GAAG,GAAE,MAAM,CAAC,UAAwB,GACnC,OAAO,CAGT;AAED;;;;;;;;;;;;GAYG;AACH,wBAAgB,sBAAsB,CAAC,EAAE,EAAE,MAAM,EAAE,GAAG,GAAE,MAAM,CAAC,UAAwB,GAAG,OAAO,CAGhG"}
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
/**
|
|
2
|
-
* tool-trust —
|
|
3
|
-
* launch, Phase 3 Task 3.2).
|
|
2
|
+
* tool-trust — executable-tool trust policies for project-local and installed
|
|
3
|
+
* npm tools (release launch, Phase 3 Task 3.2; audit remediation).
|
|
4
4
|
*
|
|
5
5
|
* A `project-local` tool is authored code under `<project>/opensip-cli/…`
|
|
6
6
|
* that changes with the repo (§5.2.1). Running it imports arbitrary code
|
|
@@ -25,6 +25,12 @@
|
|
|
25
25
|
* around a single call.
|
|
26
26
|
*/
|
|
27
27
|
export const PROJECT_TOOL_ALLOWLIST_ENV = 'OPENSIP_CLI_ALLOW_PROJECT_TOOLS';
|
|
28
|
+
/**
|
|
29
|
+
* Environment variable carrying the installed-npm tool allowlist. Empty/unset
|
|
30
|
+
* ⇒ deny-by-default for ambient `node_modules` discovery (paired with
|
|
31
|
+
* {@link isInstalledToolTrusted}).
|
|
32
|
+
*/
|
|
33
|
+
export const INSTALLED_TOOL_ALLOWLIST_ENV = 'OPENSIP_CLI_ALLOW_INSTALLED_TOOLS';
|
|
28
34
|
/**
|
|
29
35
|
* Parse the allowlist env var into a set of permitted tool ids. Empty/
|
|
30
36
|
* unset ⇒ empty set (deny-by-default). The wildcard `'*'` admits all
|
|
@@ -62,4 +68,21 @@ export function isProjectLocalToolTrusted(id, env = process.env) {
|
|
|
62
68
|
const allow = parseAllowlist(env[PROJECT_TOOL_ALLOWLIST_ENV]);
|
|
63
69
|
return allow.has('*') || allow.has(id);
|
|
64
70
|
}
|
|
71
|
+
/**
|
|
72
|
+
* Decide whether an installed npm tool with the given manifest `id` is trusted
|
|
73
|
+
* to `import()` into the host process, under deny-by-default + allowlist-opt-in.
|
|
74
|
+
*
|
|
75
|
+
* Read timing and env governance mirror {@link isProjectLocalToolTrusted}: the
|
|
76
|
+
* check runs at bootstrap before any `RunScope` exists, via the injected `env`
|
|
77
|
+
* param for testability.
|
|
78
|
+
*
|
|
79
|
+
* @param id The tool's stable id (from `package.json#opensipTools.id`).
|
|
80
|
+
* @param env The environment to read the allowlist from (defaults to
|
|
81
|
+
* `process.env`; injectable for tests).
|
|
82
|
+
* @returns `true` iff the allowlist contains `id` or the wildcard `'*'`.
|
|
83
|
+
*/
|
|
84
|
+
export function isInstalledToolTrusted(id, env = process.env) {
|
|
85
|
+
const allow = parseAllowlist(env[INSTALLED_TOOL_ALLOWLIST_ENV]);
|
|
86
|
+
return allow.has('*') || allow.has(id);
|
|
87
|
+
}
|
|
65
88
|
//# sourceMappingURL=tool-trust.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"tool-trust.js","sourceRoot":"","sources":["../../src/bootstrap/tool-trust.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;GAoBG;AAEH;;;;GAIG;AACH,MAAM,CAAC,MAAM,0BAA0B,GAAG,iCAAiC,CAAC;AAE5E;;;;GAIG;AACH,SAAS,cAAc,CAAC,GAAuB;IAC7C,IAAI,CAAC,GAAG;QAAE,OAAO,IAAI,GAAG,EAAE,CAAC;IAC3B,OAAO,IAAI,GAAG,CACZ,GAAG;SACA,KAAK,CAAC,QAAQ,CAAC;SACf,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;SACpB,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,CAC/B,CAAC;AACJ,CAAC;AAED;;;;;;;;;;;;;;;;;;;GAmBG;AACH,MAAM,UAAU,yBAAyB,CACvC,EAAU,EACV,MAAyB,OAAO,CAAC,GAAG;IAEpC,MAAM,KAAK,GAAG,cAAc,CAAC,GAAG,CAAC,0BAA0B,CAAC,CAAC,CAAC;IAC9D,OAAO,KAAK,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,KAAK,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;AACzC,CAAC"}
|
|
1
|
+
{"version":3,"file":"tool-trust.js","sourceRoot":"","sources":["../../src/bootstrap/tool-trust.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;GAoBG;AAEH;;;;GAIG;AACH,MAAM,CAAC,MAAM,0BAA0B,GAAG,iCAAiC,CAAC;AAE5E;;;;GAIG;AACH,MAAM,CAAC,MAAM,4BAA4B,GAAG,mCAAmC,CAAC;AAEhF;;;;GAIG;AACH,SAAS,cAAc,CAAC,GAAuB;IAC7C,IAAI,CAAC,GAAG;QAAE,OAAO,IAAI,GAAG,EAAE,CAAC;IAC3B,OAAO,IAAI,GAAG,CACZ,GAAG;SACA,KAAK,CAAC,QAAQ,CAAC;SACf,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;SACpB,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,CAC/B,CAAC;AACJ,CAAC;AAED;;;;;;;;;;;;;;;;;;;GAmBG;AACH,MAAM,UAAU,yBAAyB,CACvC,EAAU,EACV,MAAyB,OAAO,CAAC,GAAG;IAEpC,MAAM,KAAK,GAAG,cAAc,CAAC,GAAG,CAAC,0BAA0B,CAAC,CAAC,CAAC;IAC9D,OAAO,KAAK,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,KAAK,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;AACzC,CAAC;AAED;;;;;;;;;;;;GAYG;AACH,MAAM,UAAU,sBAAsB,CAAC,EAAU,EAAE,MAAyB,OAAO,CAAC,GAAG;IACrF,MAAM,KAAK,GAAG,cAAc,CAAC,GAAG,CAAC,4BAA4B,CAAC,CAAC,CAAC;IAChE,OAAO,KAAK,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,KAAK,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;AACzC,CAAC"}
|
package/dist/cli-context.d.ts
CHANGED
|
@@ -35,4 +35,21 @@ export interface ToolCliContextHandle {
|
|
|
35
35
|
readonly getExitCode: () => number | undefined;
|
|
36
36
|
}
|
|
37
37
|
export declare function buildToolCliContext(opts: BuildToolCliContextOptions): ToolCliContextHandle;
|
|
38
|
+
/**
|
|
39
|
+
* Build the host {@link ToolCliContext} the ADR-0054 M4-F hook-worker supervisor
|
|
40
|
+
* serves host-RPC upcalls through, when running an EXTERNAL tool's
|
|
41
|
+
* `collectReportData` / `sessionReplay` out-of-process from a HOST command
|
|
42
|
+
* (`report` / `sessions show`) whose lean `CliCommandsContext` is not a full
|
|
43
|
+
* `ToolCliContext`.
|
|
44
|
+
*
|
|
45
|
+
* It wires the SAME datastore-backed host planes the real context uses (baseline
|
|
46
|
+
* / per-tool state / governance-audit-entitlements / egress + SARIF) against the
|
|
47
|
+
* current entered scope, so any privileged effect a hook legitimately upcalls is
|
|
48
|
+
* performed by the host through the real plane. The OUTPUT seams (render / emit*)
|
|
49
|
+
* and the live-view + report-open seams are NOT part of a data-gathering hook's
|
|
50
|
+
* contract; they throw loudly if a hook attempts them (fail loud, never a silent
|
|
51
|
+
* no-op) — the worker shim already denies the live-view seams, and a hook has no
|
|
52
|
+
* business rendering. This context is short-lived (one hook worker run).
|
|
53
|
+
*/
|
|
54
|
+
export declare function buildHostDispatchCtx(logger?: Logger): ToolCliContext;
|
|
38
55
|
//# sourceMappingURL=cli-context.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"cli-context.d.ts","sourceRoot":"","sources":["../src/cli-context.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;GAiBG;AAEH,OAAO,
|
|
1
|
+
{"version":3,"file":"cli-context.d.ts","sourceRoot":"","sources":["../src/cli-context.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;GAiBG;AAEH,OAAO,EAIL,KAAK,MAAM,EACX,KAAK,cAAc,EACpB,MAAM,mBAAmB,CAAC;AAI3B,OAAO,EAAiB,KAAK,gBAAgB,EAAE,MAAM,yBAAyB,CAAC;AAW/E,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,wBAAwB,CAAC;AAmB5D,OAAO,EACL,mBAAmB,EACnB,qBAAqB,EACrB,kBAAkB,GACnB,MAAM,6BAA6B,CAAC;AACrC,OAAO,EAAE,sBAAsB,EAAE,KAAK,gBAAgB,EAAE,MAAM,yBAAyB,CAAC;AAExF,MAAM,WAAW,0BAA0B;IACzC,QAAQ,CAAC,MAAM,EAAE,CAAC,MAAM,EAAE,aAAa,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;IAC1D,QAAQ,CAAC,SAAS,EAAE,gBAAgB,CAAC;IACrC,QAAQ,CAAC,eAAe,EAAE,CAAC,IAAI,EAAE;QAC/B,aAAa,EAAE,OAAO,CAAC;QACvB,UAAU,EAAE,OAAO,CAAC;KACrB,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;IACpB,QAAQ,CAAC,MAAM,CAAC,EAAE,MAAM,CAAC;CAC1B;AAED,MAAM,WAAW,oBAAoB;IACnC,QAAQ,CAAC,GAAG,EAAE,cAAc,CAAC;IAC7B,QAAQ,CAAC,WAAW,EAAE,MAAM,MAAM,GAAG,SAAS,CAAC;CAChD;AAED,wBAAgB,mBAAmB,CAAC,IAAI,EAAE,0BAA0B,GAAG,oBAAoB,CAgF1F;AAED;;;;;;;;;;;;;;;GAeG;AACH,wBAAgB,oBAAoB,CAAC,MAAM,CAAC,EAAE,MAAM,GAAG,cAAc,CA8BpE"}
|
package/dist/cli-context.js
CHANGED
|
@@ -16,7 +16,7 @@
|
|
|
16
16
|
* lands on `RunScope.datastore`; paths that never touch it never materialise
|
|
17
17
|
* `.runtime/datastore.sqlite`.
|
|
18
18
|
*/
|
|
19
|
-
import { logger as defaultLogger, } from '@opensip-cli/core';
|
|
19
|
+
import { createRunTimer, logger as defaultLogger, } from '@opensip-cli/core';
|
|
20
20
|
import { buildBaselineSeams } from './bootstrap/baseline-seams.js';
|
|
21
21
|
import { buildHostPlanes } from './bootstrap/host-planes.js';
|
|
22
22
|
import { createIoPlane } from './bootstrap/io-plane.js';
|
|
@@ -116,4 +116,65 @@ export function buildToolCliContext(opts) {
|
|
|
116
116
|
getExitCode: outputPlane.getExitCode,
|
|
117
117
|
};
|
|
118
118
|
}
|
|
119
|
+
/**
|
|
120
|
+
* Build the host {@link ToolCliContext} the ADR-0054 M4-F hook-worker supervisor
|
|
121
|
+
* serves host-RPC upcalls through, when running an EXTERNAL tool's
|
|
122
|
+
* `collectReportData` / `sessionReplay` out-of-process from a HOST command
|
|
123
|
+
* (`report` / `sessions show`) whose lean `CliCommandsContext` is not a full
|
|
124
|
+
* `ToolCliContext`.
|
|
125
|
+
*
|
|
126
|
+
* It wires the SAME datastore-backed host planes the real context uses (baseline
|
|
127
|
+
* / per-tool state / governance-audit-entitlements / egress + SARIF) against the
|
|
128
|
+
* current entered scope, so any privileged effect a hook legitimately upcalls is
|
|
129
|
+
* performed by the host through the real plane. The OUTPUT seams (render / emit*)
|
|
130
|
+
* and the live-view + report-open seams are NOT part of a data-gathering hook's
|
|
131
|
+
* contract; they throw loudly if a hook attempts them (fail loud, never a silent
|
|
132
|
+
* no-op) — the worker shim already denies the live-view seams, and a hook has no
|
|
133
|
+
* business rendering. This context is short-lived (one hook worker run).
|
|
134
|
+
*/
|
|
135
|
+
export function buildHostDispatchCtx(logger) {
|
|
136
|
+
const log = logger ?? defaultLogger;
|
|
137
|
+
const projectDatastore = createDatastoreResolver('project-seam', log);
|
|
138
|
+
const baselineSeams = buildBaselineSeams({ getDatastore: projectDatastore, logger: log });
|
|
139
|
+
const stateSeams = buildStateSeams({ getDatastore: projectDatastore });
|
|
140
|
+
const hostPlanes = buildHostPlanes({ getDatastore: projectDatastore, logger: log });
|
|
141
|
+
const outputPlane = createOutputPlane({ render: deniedHookSeam('render'), logger: log });
|
|
142
|
+
const ctx = {
|
|
143
|
+
get scope() {
|
|
144
|
+
return readScope();
|
|
145
|
+
},
|
|
146
|
+
render: deniedHookSeam('render'),
|
|
147
|
+
registerLiveView: deniedHookSeam('registerLiveView'),
|
|
148
|
+
renderLive: deniedHookSeam('renderLive'),
|
|
149
|
+
maybeOpenReport: deniedHookSeam('maybeOpenReport'),
|
|
150
|
+
logger: log,
|
|
151
|
+
setExitCode: outputPlane.setExitCode,
|
|
152
|
+
...outputPlane.emits,
|
|
153
|
+
// Display-only timing seam (host-owned-run-timing); a hook never records a run.
|
|
154
|
+
runSession: { timing: createRunTimer() },
|
|
155
|
+
deliverSignals: deniedHookSeam('deliverSignals'),
|
|
156
|
+
writeSarif: deniedHookSeam('writeSarif'),
|
|
157
|
+
saveBaseline: baselineSeams.saveBaseline,
|
|
158
|
+
compareBaseline: baselineSeams.compareBaseline,
|
|
159
|
+
exportBaselineSarif: baselineSeams.exportBaselineSarif,
|
|
160
|
+
exportBaselineFingerprints: baselineSeams.exportBaselineFingerprints,
|
|
161
|
+
toolState: stateSeams,
|
|
162
|
+
hostPlanes,
|
|
163
|
+
};
|
|
164
|
+
return ctx;
|
|
165
|
+
}
|
|
166
|
+
/**
|
|
167
|
+
* A seam stub for {@link buildHostDispatchCtx} that throws loudly when a
|
|
168
|
+
* data-gathering hook worker attempts an output / render / egress seam it has no
|
|
169
|
+
* business calling — fail loud, never a silent no-op (the worker shim already
|
|
170
|
+
* denies the live-view seams; this is the host-side counterpart).
|
|
171
|
+
*
|
|
172
|
+
* @throws {Error} always — that is the point.
|
|
173
|
+
*/
|
|
174
|
+
function deniedHookSeam(seam) {
|
|
175
|
+
// @fitness-ignore-next-line throws-documentation -- the throw is documented on the enclosing factory's @throws above; this is the one-line closure it returns.
|
|
176
|
+
return () => {
|
|
177
|
+
throw new Error(`host dispatch ctx: seam '${seam}' is not available to a data-gathering hook worker`);
|
|
178
|
+
};
|
|
179
|
+
}
|
|
119
180
|
//# sourceMappingURL=cli-context.js.map
|
package/dist/cli-context.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"cli-context.js","sourceRoot":"","sources":["../src/cli-context.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;GAiBG;AAEH,OAAO,
|
|
1
|
+
{"version":3,"file":"cli-context.js","sourceRoot":"","sources":["../src/cli-context.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;GAiBG;AAEH,OAAO,EACL,cAAc,EAEd,MAAM,IAAI,aAAa,GAGxB,MAAM,mBAAmB,CAAC;AAE3B,OAAO,EAAE,kBAAkB,EAAE,MAAM,+BAA+B,CAAC;AACnE,OAAO,EAAE,eAAe,EAAE,MAAM,4BAA4B,CAAC;AAC7D,OAAO,EAAE,aAAa,EAAyB,MAAM,yBAAyB,CAAC;AAC/E,OAAO,EAAE,iBAAiB,EAAE,MAAM,6BAA6B,CAAC;AAChE,OAAO,EACL,oBAAoB,EACpB,qBAAqB,EACrB,oBAAoB,GAErB,MAAM,0BAA0B,CAAC;AAClC,OAAO,EAAE,uBAAuB,EAAE,SAAS,EAAE,MAAM,6BAA6B,CAAC;AACjF,OAAO,EAAE,eAAe,EAAE,MAAM,4BAA4B,CAAC;AAI7D,8EAA8E;AAC9E,0CAA0C;AAC1C,EAAE;AACF,gFAAgF;AAChF,iFAAiF;AACjF,kFAAkF;AAClF,iFAAiF;AACjF,gFAAgF;AAChF,8EAA8E;AAC9E,qEAAqE;AACrE,wDAAwD;AACxD,8EAA8E;AAE9E,6EAA6E;AAC7E,4EAA4E;AAC5E,8EAA8E;AAC9E,6EAA6E;AAC7E,OAAO,EACL,mBAAmB,EACnB,qBAAqB,EACrB,kBAAkB,GACnB,MAAM,6BAA6B,CAAC;AACrC,OAAO,EAAE,sBAAsB,EAAyB,MAAM,yBAAyB,CAAC;AAiBxF,MAAM,UAAU,mBAAmB,CAAC,IAAgC;IAClE,MAAM,GAAG,GAAG,IAAI,CAAC,MAAM,IAAI,aAAa,CAAC;IAEzC,wEAAwE;IACxE,2EAA2E;IAC3E,6DAA6D;IAC7D,MAAM,WAAW,GAAG,iBAAiB,CAAC,EAAE,MAAM,EAAE,IAAI,CAAC,MAAM,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,CAAC;IAE5E,oEAAoE;IACpE,+DAA+D;IAC/D,mDAAmD;IACnD,gDAAgD;IAChD,sEAAsE;IACtE,MAAM,gBAAgB,GAAG,uBAAuB,CAAC,cAAc,EAAE,GAAG,CAAC,CAAC;IACtE,MAAM,aAAa,GAAG,kBAAkB,CAAC,EAAE,YAAY,EAAE,gBAAgB,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,CAAC;IAC1F,MAAM,UAAU,GAAG,eAAe,CAAC,EAAE,YAAY,EAAE,gBAAgB,EAAE,CAAC,CAAC;IACvE,MAAM,UAAU,GAAG,eAAe,CAAC,EAAE,YAAY,EAAE,gBAAgB,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,CAAC;IAEpF,8EAA8E;IAC9E,0EAA0E;IAC1E,2EAA2E;IAC3E,8EAA8E;IAC9E,MAAM,QAAQ,GAAG,qBAAqB,CAAC;QACrC,YAAY,EAAE,uBAAuB,CAAC,aAAa,EAAE,GAAG,CAAC;QACzD,MAAM,EAAE,GAAG;KACZ,CAAC,CAAC;IAEH,2EAA2E;IAC3E,6EAA6E;IAC7E,8EAA8E;IAC9E,+BAA+B;IAC/B,MAAM,UAAU,GAAG,oBAAoB,CAAC,QAAQ,CAAC,CAAC;IAClD,MAAM,cAAc,GAAG,oBAAoB,CAAC,QAAQ,CAAC,CAAC;IAEtD,8EAA8E;IAC9E,sEAAsE;IACtE,yEAAyE;IACzE,MAAM,OAAO,GAAG,aAAa,CAAC;QAC5B,WAAW,EAAE,WAAW,CAAC,WAAW;QACpC,MAAM,EAAE,GAAG;QACX,SAAS,EAAE,IAAI,CAAC,SAAS;QACzB,QAAQ;QACR,UAAU;KACX,CAAC,CAAC;IAEH,MAAM,GAAG,GAAoC;QAC3C,IAAI,KAAK;YACP,qEAAqE;YACrE,4EAA4E;YAC5E,wEAAwE;YACxE,6DAA6D;YAC7D,OAAO,SAAS,EAAE,CAAC;QACrB,CAAC;QACD,MAAM,EAAE,CAAC,MAAM,EAAE,EAAE,CAAC,IAAI,CAAC,MAAM,CAAC,MAAuB,CAAC;QACxD,gBAAgB,EAAE,OAAO,CAAC,QAAQ;QAClC,UAAU,EAAE,OAAO,CAAC,UAAU;QAC9B,eAAe,EAAE,IAAI,CAAC,eAAe;QACrC,MAAM,EAAE,GAAG;QACX,WAAW,EAAE,WAAW,CAAC,WAAW;QACpC,GAAG,WAAW,CAAC,KAAK,EAAE,gDAAgD;QACtE,cAAc,EAAE,OAAO,CAAC,cAAc;QACtC,UAAU,EAAE,OAAO,CAAC,UAAU;QAC9B,+EAA+E;QAC/E,YAAY,EAAE,aAAa,CAAC,YAAY;QACxC,eAAe,EAAE,aAAa,CAAC,eAAe;QAC9C,mBAAmB,EAAE,aAAa,CAAC,mBAAmB;QACtD,0BAA0B,EAAE,aAAa,CAAC,0BAA0B;QACpE,SAAS,EAAE,UAAU,EAAE,8CAA8C;QACrE,UAAU,EAAE,yCAAyC;QACrD,UAAU,EAAE,6DAA6D;QACzE,6EAA6E;QAC7E,2EAA2E;QAC3E,yEAAyE;QACzE,GAAG,cAAc;KAClB,CAAC;IAEF,OAAO;QACL,GAAG;QACH,WAAW,EAAE,WAAW,CAAC,WAAW;KACrC,CAAC;AACJ,CAAC;AAED;;;;;;;;;;;;;;;GAeG;AACH,MAAM,UAAU,oBAAoB,CAAC,MAAe;IAClD,MAAM,GAAG,GAAG,MAAM,IAAI,aAAa,CAAC;IACpC,MAAM,gBAAgB,GAAG,uBAAuB,CAAC,cAAc,EAAE,GAAG,CAAC,CAAC;IACtE,MAAM,aAAa,GAAG,kBAAkB,CAAC,EAAE,YAAY,EAAE,gBAAgB,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,CAAC;IAC1F,MAAM,UAAU,GAAG,eAAe,CAAC,EAAE,YAAY,EAAE,gBAAgB,EAAE,CAAC,CAAC;IACvE,MAAM,UAAU,GAAG,eAAe,CAAC,EAAE,YAAY,EAAE,gBAAgB,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,CAAC;IACpF,MAAM,WAAW,GAAG,iBAAiB,CAAC,EAAE,MAAM,EAAE,cAAc,CAAC,QAAQ,CAAC,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,CAAC;IACzF,MAAM,GAAG,GAAmB;QAC1B,IAAI,KAAK;YACP,OAAO,SAAS,EAAE,CAAC;QACrB,CAAC;QACD,MAAM,EAAE,cAAc,CAAC,QAAQ,CAAC;QAChC,gBAAgB,EAAE,cAAc,CAAC,kBAAkB,CAAC;QACpD,UAAU,EAAE,cAAc,CAAC,YAAY,CAAC;QACxC,eAAe,EAAE,cAAc,CAAC,iBAAiB,CAAC;QAClD,MAAM,EAAE,GAAG;QACX,WAAW,EAAE,WAAW,CAAC,WAAW;QACpC,GAAG,WAAW,CAAC,KAAK;QACpB,gFAAgF;QAChF,UAAU,EAAE,EAAE,MAAM,EAAE,cAAc,EAAE,EAAE;QACxC,cAAc,EAAE,cAAc,CAAC,gBAAgB,CAAC;QAChD,UAAU,EAAE,cAAc,CAAC,YAAY,CAAC;QACxC,YAAY,EAAE,aAAa,CAAC,YAAY;QACxC,eAAe,EAAE,aAAa,CAAC,eAAe;QAC9C,mBAAmB,EAAE,aAAa,CAAC,mBAAmB;QACtD,0BAA0B,EAAE,aAAa,CAAC,0BAA0B;QACpE,SAAS,EAAE,UAAU;QACrB,UAAU;KACX,CAAC;IACF,OAAO,GAAG,CAAC;AACb,CAAC;AAED;;;;;;;GAOG;AACH,SAAS,cAAc,CAAC,IAAY;IAClC,+JAA+J;IAC/J,OAAO,GAAG,EAAE;QACV,MAAM,IAAI,KAAK,CACb,4BAA4B,IAAI,oDAAoD,CACrF,CAAC;IACJ,CAAC,CAAC;AACJ,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"completion.d.ts","sourceRoot":"","sources":["../../src/commands/completion.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;GAsBG;AAEH,OAAO,EAAe,KAAK,aAAa,EAAE,MAAM,wBAAwB,CAAC;AAEzE,MAAM,MAAM,KAAK,GAAG,MAAM,GAAG,KAAK,GAAG,MAAM,CAAC;AAE5C;;;;;;;;;;;;;;;;GAgBG;AACH;;;;;;;;;;GAUG;AACH,eAAO,MAAM,iBAAiB,EAAE,WAAW,CAAC,MAAM,
|
|
1
|
+
{"version":3,"file":"completion.d.ts","sourceRoot":"","sources":["../../src/commands/completion.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;GAsBG;AAEH,OAAO,EAAe,KAAK,aAAa,EAAE,MAAM,wBAAwB,CAAC;AAEzE,MAAM,MAAM,KAAK,GAAG,MAAM,GAAG,KAAK,GAAG,MAAM,CAAC;AAE5C;;;;;;;;;;;;;;;;GAgBG;AACH;;;;;;;;;;GAUG;AACH,eAAO,MAAM,iBAAiB,EAAE,WAAW,CAAC,MAAM,CAShD,CAAC;AAEH;;;;;GAKG;AACH,MAAM,WAAW,mBAAmB;IAClC,oEAAoE;IACpE,QAAQ,CAAC,WAAW,EAAE,SAAS,MAAM,EAAE,CAAC;IACxC,qEAAqE;IACrE,QAAQ,CAAC,YAAY,EAAE,QAAQ,CAAC,MAAM,CAAC,MAAM,EAAE,SAAS,MAAM,EAAE,CAAC,CAAC,CAAC;IACnE;;;;OAIG;IACH,QAAQ,CAAC,gBAAgB,EAAE,QAAQ,CAAC,MAAM,CAAC,MAAM,EAAE,SAAS,MAAM,EAAE,CAAC,CAAC,CAAC;CACxE;AAED,4EAA4E;AAC5E,MAAM,WAAW,QAAQ;IACvB,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,OAAO,CAAC,EAAE,SAAS,MAAM,EAAE,CAAC;IACrC,QAAQ,CAAC,WAAW,EAAE,SAAS,aAAa,EAAE,CAAC;IAC/C,QAAQ,CAAC,OAAO,CAAC,EAAE,SAAS;QAAE,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAA;KAAE,EAAE,CAAC;IACxD;;;;;;OAMG;IACH,QAAQ,CAAC,MAAM,CAAC,EAAE,MAAM,CAAC;CAC1B;AAED,+EAA+E;AAC/E,MAAM,WAAW,SAAS;IACxB,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,MAAM,EAAE,SAAS;QAAE,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAA;KAAE,EAAE,CAAC;CACvD;AAED;;;;;GAKG;AACH,MAAM,WAAW,mBAAmB;IAClC,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;IAC1B,QAAQ,CAAC,MAAM,EAAE,SAAS;QAAE,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAA;KAAE,EAAE,CAAC;CACvD;AA0BD;;;;;GAKG;AACH,wBAAgB,eAAe,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,GAAG,SAAS,CAGjE;AAED;;;;GAIG;AACH,wBAAgB,aAAa,CAAC,IAAI,EAAE,QAAQ,GAAG,SAAS,MAAM,EAAE,CAQ/D;AAED;;;;;;;;;;;;;GAaG;AACH,wBAAgB,2BAA2B,CAAC,KAAK,EAAE;IACjD,QAAQ,CAAC,SAAS,EAAE,SAAS,QAAQ,EAAE,CAAC;IACxC,QAAQ,CAAC,SAAS,EAAE,SAAS,QAAQ,EAAE,CAAC;IACxC,QAAQ,CAAC,MAAM,EAAE,SAAS,SAAS,EAAE,CAAC;IACtC;;;;;OAKG;IACH,QAAQ,CAAC,gBAAgB,CAAC,EAAE,SAAS,mBAAmB,EAAE,CAAC;IAC3D,QAAQ,CAAC,gBAAgB,CAAC,EAAE,WAAW,CAAC,MAAM,CAAC,CAAC;CACjD,GAAG,mBAAmB,CAyDtB;AA4HD,wBAAgB,qBAAqB,CAAC,KAAK,EAAE,KAAK,EAAE,SAAS,EAAE,mBAAmB,GAAG,MAAM,CAY1F;AAED,wBAAgB,qBAAqB,CACnC,KAAK,EAAE,KAAK,EACZ,SAAS,EAAE,mBAAmB,EAC9B,KAAK,GAAE,CAAC,CAAC,EAAE,MAAM,KAAK,IAAqC,GAC1D,IAAI,CAEN"}
|
|
@@ -56,6 +56,9 @@ export const INTERNAL_COMMANDS = new Set([
|
|
|
56
56
|
'fit-run-worker',
|
|
57
57
|
'sim-run-worker',
|
|
58
58
|
'graph-run-worker',
|
|
59
|
+
// ADR-0054 M4-E: the host-owned dispatch worker subcommand (forked by the
|
|
60
|
+
// supervisor; never a public surface).
|
|
61
|
+
'__tool-command-worker',
|
|
59
62
|
]);
|
|
60
63
|
/** Long `--flag` form of each registry spec (short alias + arg placeholder
|
|
61
64
|
* stripped). Precomputed by mapping the registry entries, so completion's
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"completion.js","sourceRoot":"","sources":["../../src/commands/completion.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;GAsBG;AAEH,OAAO,EAAE,WAAW,EAAsB,MAAM,wBAAwB,CAAC;AAIzE;;;;;;;;;;;;;;;;GAgBG;AACH;;;;;;;;;;GAUG;AACH,MAAM,CAAC,MAAM,iBAAiB,GAAwB,IAAI,GAAG,CAAC;IAC5D,oBAAoB;IACpB,yBAAyB;IACzB,gBAAgB;IAChB,gBAAgB;IAChB,kBAAkB;
|
|
1
|
+
{"version":3,"file":"completion.js","sourceRoot":"","sources":["../../src/commands/completion.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;GAsBG;AAEH,OAAO,EAAE,WAAW,EAAsB,MAAM,wBAAwB,CAAC;AAIzE;;;;;;;;;;;;;;;;GAgBG;AACH;;;;;;;;;;GAUG;AACH,MAAM,CAAC,MAAM,iBAAiB,GAAwB,IAAI,GAAG,CAAC;IAC5D,oBAAoB;IACpB,yBAAyB;IACzB,gBAAgB;IAChB,gBAAgB;IAChB,kBAAkB;IAClB,0EAA0E;IAC1E,uCAAuC;IACvC,uBAAuB;CACxB,CAAC,CAAC;AAsDH;;;wEAGwE;AACxE,MAAM,UAAU,GAAG,MAAM,CAAC,WAAW,CACnC,MAAM,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,EAAE,IAAI,CAAC,EAAE,EAAE;IAC9C,MAAM,KAAK,GAAG,gBAAgB,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IAChD,OAAO,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;AAC9C,CAAC,CAAC,CAC8B,CAAC;AAEnC;;oEAEoE;AACpE,MAAM,YAAY,GAAsB;IACtC,UAAU,CAAC,GAAG;IACd,UAAU,CAAC,IAAI;IACf,UAAU,CAAC,OAAO;IAClB,UAAU,CAAC,KAAK;IAChB,UAAU,CAAC,KAAK;IAChB,QAAQ;IACR,WAAW;CACZ,CAAC;AAEF;;;;;GAKG;AACH,MAAM,UAAU,eAAe,CAAC,KAAa;IAC3C,MAAM,KAAK,GAAG,gBAAgB,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IAC3C,OAAO,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;AACtC,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,aAAa,CAAC,IAAc;IAC1C,4EAA4E;IAC5E,iEAAiE;IACjE,MAAM,MAAM,GAAG,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,CAAC;IAC1D,MAAM,IAAI,GAAG,CAAC,IAAI,CAAC,OAAO,IAAI,EAAE,CAAC;SAC9B,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,eAAe,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;SACnC,MAAM,CAAC,CAAC,CAAC,EAAe,EAAE,CAAC,CAAC,KAAK,SAAS,CAAC,CAAC;IAC/C,OAAO,CAAC,GAAG,IAAI,GAAG,CAAC,CAAC,GAAG,MAAM,EAAE,GAAG,IAAI,EAAE,QAAQ,CAAC,CAAC,CAAC,CAAC;AACtD,CAAC;AAED;;;;;;;;;;;;;GAaG;AACH,MAAM,UAAU,2BAA2B,CAAC,KAY3C;IACC,MAAM,gBAAgB,GAAG,KAAK,CAAC,gBAAgB,IAAI,iBAAiB,CAAC;IACrE,MAAM,YAAY,GAAsC,EAAE,CAAC;IAC3D,MAAM,WAAW,GAAa,EAAE,CAAC;IACjC,0EAA0E;IAC1E,wEAAwE;IACxE,qEAAqE;IACrE,MAAM,eAAe,GAA6B,EAAE,CAAC;IAErD,KAAK,MAAM,IAAI,IAAI,CAAC,GAAG,KAAK,CAAC,SAAS,EAAE,GAAG,KAAK,CAAC,SAAS,CAAC,EAAE,CAAC;QAC5D,IAAI,gBAAgB,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC;YAAE,SAAS;QAC9C,MAAM,KAAK,GAAG,aAAa,CAAC,IAAI,CAAC,CAAC;QAClC,4EAA4E;QAC5E,4EAA4E;QAC5E,8DAA8D;QAC9D,IAAI,IAAI,CAAC,MAAM,KAAK,SAAS,EAAE,CAAC;YAC9B,MAAM,MAAM,GAAG,CAAC,eAAe,CAAC,IAAI,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC,CAAC;YACrD,KAAK,MAAM,IAAI,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,GAAG,CAAC,IAAI,CAAC,OAAO,IAAI,EAAE,CAAC,CAAC,EAAE,CAAC;gBACxD,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;gBAClB,YAAY,CAAC,GAAG,IAAI,CAAC,MAAM,IAAI,IAAI,EAAE,CAAC,GAAG,KAAK,CAAC;YACjD,CAAC;YACD,SAAS;QACX,CAAC;QACD,KAAK,MAAM,IAAI,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,GAAG,CAAC,IAAI,CAAC,OAAO,IAAI,EAAE,CAAC,CAAC,EAAE,CAAC;YACxD,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACvB,YAAY,CAAC,IAAI,CAAC,GAAG,KAAK,CAAC;QAC7B,CAAC;IACH,CAAC;IAED,MAAM,gBAAgB,GAAsC,EAAE,CAAC;IAC/D,KAAK,MAAM,KAAK,IAAI,KAAK,CAAC,MAAM,EAAE,CAAC;QACjC,WAAW,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QAC7B,gBAAgB,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;IACjE,CAAC;IACD,uEAAuE;IACvE,8EAA8E;IAC9E,2EAA2E;IAC3E,KAAK,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,eAAe,CAAC,EAAE,CAAC;QAC/D,gBAAgB,CAAC,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC,gBAAgB,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC,EAAE,GAAG,MAAM,CAAC,CAAC;IAC9E,CAAC;IACD,4EAA4E;IAC5E,wEAAwE;IACxE,2EAA2E;IAC3E,mEAAmE;IACnE,KAAK,MAAM,KAAK,IAAI,KAAK,CAAC,gBAAgB,IAAI,EAAE,EAAE,CAAC;QACjD,gBAAgB,CAAC,KAAK,CAAC,QAAQ,CAAC,GAAG,CAAC,GAAG,CAAC,gBAAgB,CAAC,KAAK,CAAC,QAAQ,CAAC,IAAI,EAAE,CAAC,EAAE,QAAQ,CAAC,CAAC;QAC3F,gBAAgB,CAAC,GAAG,KAAK,CAAC,QAAQ,SAAS,CAAC,GAAG,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;IACjF,CAAC;IAED,2DAA2D;IAC3D,WAAW,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;IAEzB,OAAO;QACL,WAAW,EAAE,CAAC,GAAG,IAAI,GAAG,CAAC,WAAW,CAAC,CAAC,CAAC,IAAI,EAAE;QAC7C,YAAY;QACZ,gBAAgB;KACjB,CAAC;AACJ,CAAC;AAED,8EAA8E;AAC9E,OAAO;AACP,8EAA8E;AAE9E,SAAS,UAAU,CAAC,GAAwB;IAC1C,MAAM,IAAI,GAAG,GAAG,CAAC,WAAW,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IACvC,MAAM,cAAc,GAAG,YAAY,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IAC9C,MAAM,IAAI,GAAa,EAAE,CAAC;IAC1B,KAAK,MAAM,CAAC,IAAI,EAAE,QAAQ,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC,EAAE,CAAC;QACpE,0EAA0E;QAC1E,2EAA2E;QAC3E,2EAA2E;QAC3E,yEAAyE;QACzE,6EAA6E;QAC7E,MAAM,QAAQ,GAAG,GAAG,CAAC,YAAY,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;QAC9C,MAAM,OAAO,GAAG,CAAC,GAAG,IAAI,GAAG,CAAC,CAAC,GAAG,QAAQ,EAAE,GAAG,QAAQ,CAAC,CAAC,CAAC,CAAC;QACzD,IAAI,CAAC,IAAI,CAAC,OAAO,IAAI,8BAA8B,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,qBAAqB,CAAC,CAAC;IAC7F,CAAC;IACD,KAAK,MAAM,CAAC,IAAI,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,EAAE,CAAC;QAC7D,IAAI,IAAI,IAAI,GAAG,CAAC,gBAAgB;YAAE,SAAS;QAC3C,IAAI,CAAC,IAAI,CAAC,OAAO,IAAI,8BAA8B,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,qBAAqB,CAAC,CAAC;IAC3F,CAAC;IACD,IAAI,CAAC,IAAI,CAAC,mCAAmC,cAAc,qBAAqB,CAAC,CAAC;IAClF,OAAO;;;;;;;;;;;+BAWsB,IAAI;;;;;;EAMjC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC;;;;;;CAMhB,CAAC;AACF,CAAC;AAED,8EAA8E;AAC9E,MAAM;AACN,8EAA8E;AAE9E,SAAS,SAAS,CAAC,GAAwB;IACzC,MAAM,IAAI,GAAG,GAAG,CAAC,WAAW,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IACvC,MAAM,cAAc,GAAG,YAAY,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IAC9C,MAAM,IAAI,GAAa,EAAE,CAAC;IAC1B,KAAK,MAAM,CAAC,IAAI,EAAE,QAAQ,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC,EAAE,CAAC;QACpE,8EAA8E;QAC9E,MAAM,QAAQ,GAAG,GAAG,CAAC,YAAY,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;QAC9C,MAAM,OAAO,GAAG,CAAC,GAAG,IAAI,GAAG,CAAC,CAAC,GAAG,QAAQ,EAAE,GAAG,QAAQ,CAAC,CAAC,CAAC,CAAC;QACzD,IAAI,CAAC,IAAI,CAAC,OAAO,IAAI,cAAc,IAAI,gBAAgB,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;IACjF,CAAC;IACD,KAAK,MAAM,CAAC,IAAI,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,EAAE,CAAC;QAC7D,IAAI,IAAI,IAAI,GAAG,CAAC,gBAAgB;YAAE,SAAS;QAC3C,IAAI,CAAC,IAAI,CAAC,OAAO,IAAI,oBAAoB,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;IACjE,CAAC;IACD,IAAI,CAAC,IAAI,CAAC,yBAAyB,cAAc,KAAK,CAAC,CAAC;IACxD,OAAO;;;;;;iBAMQ,IAAI;;;;;;;;EAQnB,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC;;;;;CAKhB,CAAC;AACF,CAAC;AAED,8EAA8E;AAC9E,OAAO;AACP,8EAA8E;AAE9E,SAAS,UAAU,CAAC,GAAwB;IAC1C,MAAM,IAAI,GAAG,GAAG,CAAC,WAAW,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IACvC,MAAM,KAAK,GAAa;QACtB,+BAA+B;QAC/B,wDAAwD;QACxD,EAAE;QACF,yDAAyD,IAAI,2BAA2B;KACzF,CAAC;IACF,KAAK,MAAM,CAAC,IAAI,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,EAAE,CAAC;QAC7D,4EAA4E;QAC5E,6EAA6E;QAC7E,2EAA2E;QAC3E,uEAAuE;QACvE,2EAA2E;QAC3E,IAAI,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC;YAAE,SAAS,CAAC,+CAA+C;QACjF,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;YACzB,KAAK,CAAC,IAAI,CACR,uDAAuD,IAAI,SAAS,IAAI,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,GAAG,CAC/F,CAAC;QACJ,CAAC;IACH,CAAC;IACD,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC;AACjC,CAAC;AAED,8EAA8E;AAC9E,aAAa;AACb,8EAA8E;AAE9E,MAAM,UAAU,qBAAqB,CAAC,KAAY,EAAE,SAA8B;IAChF,QAAQ,KAAK,EAAE,CAAC;QACd,KAAK,MAAM,CAAC,CAAC,CAAC;YACZ,OAAO,UAAU,CAAC,SAAS,CAAC,CAAC;QAC/B,CAAC;QACD,KAAK,KAAK,CAAC,CAAC,CAAC;YACX,OAAO,SAAS,CAAC,SAAS,CAAC,CAAC;QAC9B,CAAC;QACD,KAAK,MAAM,CAAC,CAAC,CAAC;YACZ,OAAO,UAAU,CAAC,SAAS,CAAC,CAAC;QAC/B,CAAC;IACH,CAAC;AACH,CAAC;AAED,MAAM,UAAU,qBAAqB,CACnC,KAAY,EACZ,SAA8B,EAC9B,QAA6B,CAAC,CAAC,EAAE,EAAE,CAAC,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC;IAE3D,KAAK,CAAC,qBAAqB,CAAC,KAAK,EAAE,SAAS,CAAC,CAAC,CAAC;AACjD,CAAC"}
|