runspec-node 0.32.0 → 0.33.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/become.d.ts +36 -0
- package/dist/become.d.ts.map +1 -0
- package/dist/become.js +103 -0
- package/dist/become.js.map +1 -0
- package/dist/errors.d.ts +3 -0
- package/dist/errors.d.ts.map +1 -1
- package/dist/errors.js +13 -1
- package/dist/errors.js.map +1 -1
- package/dist/index.d.ts +1 -1
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +2 -1
- package/dist/index.js.map +1 -1
- package/dist/loader.js +3 -0
- package/dist/loader.js.map +1 -1
- package/dist/models.d.ts +9 -0
- package/dist/models.d.ts.map +1 -1
- package/dist/parser.d.ts +2 -0
- package/dist/parser.d.ts.map +1 -1
- package/dist/parser.js +26 -2
- package/dist/parser.js.map +1 -1
- package/package.json +1 -1
- package/src/become.ts +101 -0
- package/src/errors.ts +10 -0
- package/src/index.ts +1 -1
- package/src/loader.ts +3 -0
- package/src/models.ts +9 -0
- package/src/parser.ts +29 -3
- package/tests/test_run_as_enforce.test.ts +170 -0
package/dist/become.d.ts
ADDED
|
@@ -0,0 +1,36 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* become.ts — run_as resolution and the enforce_run_as identity check.
|
|
3
|
+
*
|
|
4
|
+
* Mirrors the Python `runspec.become` module for the SPEC "Remote Execution"
|
|
5
|
+
* semantics. Node does not build escalation commands (no `runspec serve`
|
|
6
|
+
* sudo wrapping), so only the pieces the `enforce_run_as` gate needs are
|
|
7
|
+
* ported: resolving a `run_as` spec to a concrete username for a host, and
|
|
8
|
+
* comparing the resolved user to the current process's effective user.
|
|
9
|
+
*
|
|
10
|
+
* See spec/SPEC.md → "Remote Execution".
|
|
11
|
+
*/
|
|
12
|
+
/**
|
|
13
|
+
* Resolve a `run_as` spec to a concrete username for `hostname`.
|
|
14
|
+
*
|
|
15
|
+
* Forms (see SPEC): simple string, `$ENV_VAR`, or a table with `hosts` (exact
|
|
16
|
+
* match) / `patterns` (full-match regex, first wins, insertion order) /
|
|
17
|
+
* `default`. Returns `''` for "no privilege escalation".
|
|
18
|
+
*/
|
|
19
|
+
export declare function resolveRunAs(spec: unknown, hostname: string): string;
|
|
20
|
+
/**
|
|
21
|
+
* Check that the current process is running as `runAsUser`.
|
|
22
|
+
*
|
|
23
|
+
* Returns `null` when the identity matches *or* the check cannot be performed —
|
|
24
|
+
* an empty target (no escalation intended, so no identity to assert) or a
|
|
25
|
+
* platform with no POSIX uid model (Windows, where `process.geteuid` is
|
|
26
|
+
* undefined). Returns a human-readable detail string describing the mismatch
|
|
27
|
+
* otherwise.
|
|
28
|
+
*
|
|
29
|
+
* The target is resolved to a uid (a numeric string is taken as a uid directly,
|
|
30
|
+
* otherwise it is looked up with `id`) and compared to the effective uid, so
|
|
31
|
+
* account aliases that share a uid are treated as equal. An executor escalates
|
|
32
|
+
* *before* the process starts, so under one the effective user already matches
|
|
33
|
+
* and this passes silently; it only fires on the direct/import path.
|
|
34
|
+
*/
|
|
35
|
+
export declare function verifyRunAsIdentity(runAsUser: string): string | null;
|
|
36
|
+
//# sourceMappingURL=become.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"become.d.ts","sourceRoot":"","sources":["../src/become.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAIH;;;;;;GAMG;AACH,wBAAgB,YAAY,CAAC,IAAI,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,GAAG,MAAM,CA4BpE;AAED;;;;;;;;;;;;;;GAcG;AACH,wBAAgB,mBAAmB,CAAC,SAAS,EAAE,MAAM,GAAG,MAAM,GAAG,IAAI,CAkCpE"}
|
package/dist/become.js
ADDED
|
@@ -0,0 +1,103 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
/**
|
|
3
|
+
* become.ts — run_as resolution and the enforce_run_as identity check.
|
|
4
|
+
*
|
|
5
|
+
* Mirrors the Python `runspec.become` module for the SPEC "Remote Execution"
|
|
6
|
+
* semantics. Node does not build escalation commands (no `runspec serve`
|
|
7
|
+
* sudo wrapping), so only the pieces the `enforce_run_as` gate needs are
|
|
8
|
+
* ported: resolving a `run_as` spec to a concrete username for a host, and
|
|
9
|
+
* comparing the resolved user to the current process's effective user.
|
|
10
|
+
*
|
|
11
|
+
* See spec/SPEC.md → "Remote Execution".
|
|
12
|
+
*/
|
|
13
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
14
|
+
exports.resolveRunAs = resolveRunAs;
|
|
15
|
+
exports.verifyRunAsIdentity = verifyRunAsIdentity;
|
|
16
|
+
const child_process_1 = require("child_process");
|
|
17
|
+
/**
|
|
18
|
+
* Resolve a `run_as` spec to a concrete username for `hostname`.
|
|
19
|
+
*
|
|
20
|
+
* Forms (see SPEC): simple string, `$ENV_VAR`, or a table with `hosts` (exact
|
|
21
|
+
* match) / `patterns` (full-match regex, first wins, insertion order) /
|
|
22
|
+
* `default`. Returns `''` for "no privilege escalation".
|
|
23
|
+
*/
|
|
24
|
+
function resolveRunAs(spec, hostname) {
|
|
25
|
+
if (spec === null || spec === undefined)
|
|
26
|
+
return '';
|
|
27
|
+
if (typeof spec === 'string') {
|
|
28
|
+
if (spec.startsWith('$'))
|
|
29
|
+
return process.env[spec.slice(1)] ?? '';
|
|
30
|
+
return spec;
|
|
31
|
+
}
|
|
32
|
+
if (typeof spec === 'object') {
|
|
33
|
+
const s = spec;
|
|
34
|
+
const hosts = s['hosts'] ?? {};
|
|
35
|
+
if (hostname in hosts)
|
|
36
|
+
return String(hosts[hostname]);
|
|
37
|
+
const patterns = s['patterns'] ?? {};
|
|
38
|
+
for (const [pattern, user] of Object.entries(patterns)) {
|
|
39
|
+
try {
|
|
40
|
+
// Anchor both ends for re.fullmatch() semantics.
|
|
41
|
+
if (new RegExp(`^(?:${pattern})$`).test(hostname))
|
|
42
|
+
return String(user);
|
|
43
|
+
}
|
|
44
|
+
catch {
|
|
45
|
+
// Invalid regex — skip it (serve validates patterns up front).
|
|
46
|
+
}
|
|
47
|
+
}
|
|
48
|
+
return String(s['default'] ?? '');
|
|
49
|
+
}
|
|
50
|
+
return '';
|
|
51
|
+
}
|
|
52
|
+
/**
|
|
53
|
+
* Check that the current process is running as `runAsUser`.
|
|
54
|
+
*
|
|
55
|
+
* Returns `null` when the identity matches *or* the check cannot be performed —
|
|
56
|
+
* an empty target (no escalation intended, so no identity to assert) or a
|
|
57
|
+
* platform with no POSIX uid model (Windows, where `process.geteuid` is
|
|
58
|
+
* undefined). Returns a human-readable detail string describing the mismatch
|
|
59
|
+
* otherwise.
|
|
60
|
+
*
|
|
61
|
+
* The target is resolved to a uid (a numeric string is taken as a uid directly,
|
|
62
|
+
* otherwise it is looked up with `id`) and compared to the effective uid, so
|
|
63
|
+
* account aliases that share a uid are treated as equal. An executor escalates
|
|
64
|
+
* *before* the process starts, so under one the effective user already matches
|
|
65
|
+
* and this passes silently; it only fires on the direct/import path.
|
|
66
|
+
*/
|
|
67
|
+
function verifyRunAsIdentity(runAsUser) {
|
|
68
|
+
if (!runAsUser)
|
|
69
|
+
return null;
|
|
70
|
+
const geteuid = process.geteuid;
|
|
71
|
+
if (!geteuid)
|
|
72
|
+
return null; // no POSIX uid model (Windows) — nothing to compare
|
|
73
|
+
const currentUid = geteuid.call(process);
|
|
74
|
+
let targetUid;
|
|
75
|
+
try {
|
|
76
|
+
if (/^\d+$/.test(runAsUser)) {
|
|
77
|
+
targetUid = parseInt(runAsUser, 10);
|
|
78
|
+
// Confirm the uid maps to a real account; throws if it does not.
|
|
79
|
+
(0, child_process_1.execFileSync)('id', ['-un', String(targetUid)], { stdio: ['ignore', 'ignore', 'ignore'] });
|
|
80
|
+
}
|
|
81
|
+
else {
|
|
82
|
+
const out = (0, child_process_1.execFileSync)('id', ['-u', runAsUser], { stdio: ['ignore', 'pipe', 'ignore'] });
|
|
83
|
+
targetUid = parseInt(out.toString().trim(), 10);
|
|
84
|
+
}
|
|
85
|
+
}
|
|
86
|
+
catch {
|
|
87
|
+
return `run_as user '${runAsUser}' does not exist on this host`;
|
|
88
|
+
}
|
|
89
|
+
if (currentUid === targetUid)
|
|
90
|
+
return null;
|
|
91
|
+
let currentName = String(currentUid);
|
|
92
|
+
try {
|
|
93
|
+
currentName =
|
|
94
|
+
(0, child_process_1.execFileSync)('id', ['-un', String(currentUid)], { stdio: ['ignore', 'pipe', 'ignore'] })
|
|
95
|
+
.toString()
|
|
96
|
+
.trim() || String(currentUid);
|
|
97
|
+
}
|
|
98
|
+
catch {
|
|
99
|
+
// Keep the numeric uid as the name.
|
|
100
|
+
}
|
|
101
|
+
return `the current process runs as '${currentName}' (uid ${currentUid}), not '${runAsUser}' (uid ${targetUid})`;
|
|
102
|
+
}
|
|
103
|
+
//# sourceMappingURL=become.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"become.js","sourceRoot":"","sources":["../src/become.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;GAUG;;AAWH,oCA4BC;AAiBD,kDAkCC;AAxFD,iDAA6C;AAE7C;;;;;;GAMG;AACH,SAAgB,YAAY,CAAC,IAAa,EAAE,QAAgB;IAC1D,IAAI,IAAI,KAAK,IAAI,IAAI,IAAI,KAAK,SAAS;QAAE,OAAO,EAAE,CAAC;IAEnD,IAAI,OAAO,IAAI,KAAK,QAAQ,EAAE,CAAC;QAC7B,IAAI,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC;YAAE,OAAO,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;QAClE,OAAO,IAAI,CAAC;IACd,CAAC;IAED,IAAI,OAAO,IAAI,KAAK,QAAQ,EAAE,CAAC;QAC7B,MAAM,CAAC,GAAG,IAA+B,CAAC;QAE1C,MAAM,KAAK,GAAI,CAAC,CAAC,OAAO,CAA6B,IAAI,EAAE,CAAC;QAC5D,IAAI,QAAQ,IAAI,KAAK;YAAE,OAAO,MAAM,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC,CAAC;QAEtD,MAAM,QAAQ,GAAI,CAAC,CAAC,UAAU,CAA6B,IAAI,EAAE,CAAC;QAClE,KAAK,MAAM,CAAC,OAAO,EAAE,IAAI,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE,CAAC;YACvD,IAAI,CAAC;gBACH,iDAAiD;gBACjD,IAAI,IAAI,MAAM,CAAC,OAAO,OAAO,IAAI,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC;oBAAE,OAAO,MAAM,CAAC,IAAI,CAAC,CAAC;YACzE,CAAC;YAAC,MAAM,CAAC;gBACP,+DAA+D;YACjE,CAAC;QACH,CAAC;QAED,OAAO,MAAM,CAAC,CAAC,CAAC,SAAS,CAAC,IAAI,EAAE,CAAC,CAAC;IACpC,CAAC;IAED,OAAO,EAAE,CAAC;AACZ,CAAC;AAED;;;;;;;;;;;;;;GAcG;AACH,SAAgB,mBAAmB,CAAC,SAAiB;IACnD,IAAI,CAAC,SAAS;QAAE,OAAO,IAAI,CAAC;IAE5B,MAAM,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC;IAChC,IAAI,CAAC,OAAO;QAAE,OAAO,IAAI,CAAC,CAAC,oDAAoD;IAC/E,MAAM,UAAU,GAAG,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IAEzC,IAAI,SAAiB,CAAC;IACtB,IAAI,CAAC;QACH,IAAI,OAAO,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,CAAC;YAC5B,SAAS,GAAG,QAAQ,CAAC,SAAS,EAAE,EAAE,CAAC,CAAC;YACpC,iEAAiE;YACjE,IAAA,4BAAY,EAAC,IAAI,EAAE,CAAC,KAAK,EAAE,MAAM,CAAC,SAAS,CAAC,CAAC,EAAE,EAAE,KAAK,EAAE,CAAC,QAAQ,EAAE,QAAQ,EAAE,QAAQ,CAAC,EAAE,CAAC,CAAC;QAC5F,CAAC;aAAM,CAAC;YACN,MAAM,GAAG,GAAG,IAAA,4BAAY,EAAC,IAAI,EAAE,CAAC,IAAI,EAAE,SAAS,CAAC,EAAE,EAAE,KAAK,EAAE,CAAC,QAAQ,EAAE,MAAM,EAAE,QAAQ,CAAC,EAAE,CAAC,CAAC;YAC3F,SAAS,GAAG,QAAQ,CAAC,GAAG,CAAC,QAAQ,EAAE,CAAC,IAAI,EAAE,EAAE,EAAE,CAAC,CAAC;QAClD,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,gBAAgB,SAAS,+BAA+B,CAAC;IAClE,CAAC;IAED,IAAI,UAAU,KAAK,SAAS;QAAE,OAAO,IAAI,CAAC;IAE1C,IAAI,WAAW,GAAG,MAAM,CAAC,UAAU,CAAC,CAAC;IACrC,IAAI,CAAC;QACH,WAAW;YACT,IAAA,4BAAY,EAAC,IAAI,EAAE,CAAC,KAAK,EAAE,MAAM,CAAC,UAAU,CAAC,CAAC,EAAE,EAAE,KAAK,EAAE,CAAC,QAAQ,EAAE,MAAM,EAAE,QAAQ,CAAC,EAAE,CAAC;iBACrF,QAAQ,EAAE;iBACV,IAAI,EAAE,IAAI,MAAM,CAAC,UAAU,CAAC,CAAC;IACpC,CAAC;IAAC,MAAM,CAAC;QACP,oCAAoC;IACtC,CAAC;IAED,OAAO,gCAAgC,WAAW,UAAU,UAAU,WAAW,SAAS,UAAU,SAAS,GAAG,CAAC;AACnH,CAAC"}
|
package/dist/errors.d.ts
CHANGED
|
@@ -13,6 +13,8 @@ export declare class GroupViolation extends RunSpecError {
|
|
|
13
13
|
}
|
|
14
14
|
export declare class AutonomyViolation extends RunSpecError {
|
|
15
15
|
}
|
|
16
|
+
export declare class RunAsMismatch extends RunSpecError {
|
|
17
|
+
}
|
|
16
18
|
export declare function formatMissingRequired(name: string, spec: Record<string, unknown>): string;
|
|
17
19
|
export declare function formatInvalidChoice(value: string, options: string[], name: string): string;
|
|
18
20
|
export declare function formatOutOfRange(value: number, range: [number, number], name: string): string;
|
|
@@ -26,5 +28,6 @@ export declare function formatGroupExclusive(groupName: string, provided: string
|
|
|
26
28
|
export declare function formatGroupInclusive(groupName: string, missing: string[]): string;
|
|
27
29
|
export declare function formatGroupAtLeastOne(groupName: string, args: string[]): string;
|
|
28
30
|
export declare function formatGroupExactlyOne(groupName: string, args: string[], provided: string[]): string;
|
|
31
|
+
export declare function formatRunAsMismatch(runnableName: string, detail: string): string;
|
|
29
32
|
export declare function formatDeprecated(name: string, message: string): string;
|
|
30
33
|
//# sourceMappingURL=errors.d.ts.map
|
package/dist/errors.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"errors.d.ts","sourceRoot":"","sources":["../src/errors.ts"],"names":[],"mappings":"AAAA,qBAAa,YAAa,SAAQ,KAAK;gBACzB,OAAO,EAAE,MAAM;CAI5B;AAED,qBAAa,kBAAmB,SAAQ,YAAY;CAAG;AACvD,qBAAa,aAAc,SAAQ,YAAY;CAAG;AAClD,qBAAa,UAAW,SAAQ,YAAY;CAAG;AAC/C,qBAAa,UAAW,SAAQ,YAAY;CAAG;AAC/C,qBAAa,cAAe,SAAQ,YAAY;CAAG;AACnD,qBAAa,iBAAkB,SAAQ,YAAY;CAAG;
|
|
1
|
+
{"version":3,"file":"errors.d.ts","sourceRoot":"","sources":["../src/errors.ts"],"names":[],"mappings":"AAAA,qBAAa,YAAa,SAAQ,KAAK;gBACzB,OAAO,EAAE,MAAM;CAI5B;AAED,qBAAa,kBAAmB,SAAQ,YAAY;CAAG;AACvD,qBAAa,aAAc,SAAQ,YAAY;CAAG;AAClD,qBAAa,UAAW,SAAQ,YAAY;CAAG;AAC/C,qBAAa,UAAW,SAAQ,YAAY;CAAG;AAC/C,qBAAa,cAAe,SAAQ,YAAY;CAAG;AACnD,qBAAa,iBAAkB,SAAQ,YAAY;CAAG;AACtD,qBAAa,aAAc,SAAQ,YAAY;CAAG;AAElD,wBAAgB,qBAAqB,CAAC,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,MAAM,CAQzF;AAED,wBAAgB,mBAAmB,CAAC,KAAK,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,EAAE,IAAI,EAAE,MAAM,GAAG,MAAM,CAS1F;AAED,wBAAgB,gBAAgB,CAAC,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC,MAAM,EAAE,MAAM,CAAC,EAAE,IAAI,EAAE,MAAM,GAAG,MAAM,CAM7F;AAED,wBAAgB,oBAAoB,CAAC,KAAK,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,GAAG,MAAM,CAMzF;AAED,wBAAgB,cAAc,CAAC,KAAK,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,GAAG,MAAM,CAMrF;AAED,wBAAgB,aAAa,CAAC,KAAK,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,GAAG,MAAM,CAMpF;AAED,wBAAgB,kBAAkB,CAChC,IAAI,EAAE,MAAM,EACZ,KAAK,EAAE,MAAM,EACb,QAAQ,EAAE,KAAK,CAAC,CAAC,MAAM,EAAE,OAAO,EAAE,MAAM,CAAC,CAAC,GACzC,MAAM,CAUR;AAED,wBAAgB,oBAAoB,CAAC,YAAY,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,EAAE,GAAG,MAAM,CAM9F;AAED,wBAAgB,gBAAgB,CAAC,IAAI,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,EAAE,GAAG,MAAM,CAQ1E;AAED,wBAAgB,oBAAoB,CAAC,SAAS,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,GAAG,MAAM,CAMlF;AAED,wBAAgB,oBAAoB,CAAC,SAAS,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,GAAG,MAAM,CAMjF;AAED,wBAAgB,qBAAqB,CAAC,SAAS,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,GAAG,MAAM,CAK/E;AAED,wBAAgB,qBAAqB,CAAC,SAAS,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,EAAE,QAAQ,EAAE,MAAM,EAAE,GAAG,MAAM,CAYnG;AAED,wBAAgB,mBAAmB,CAAC,YAAY,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,GAAG,MAAM,CAOhF;AAED,wBAAgB,gBAAgB,CAAC,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,GAAG,MAAM,CAEtE"}
|
package/dist/errors.js
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
-
exports.AutonomyViolation = exports.GroupViolation = exports.UnknownArg = exports.OutOfRange = exports.InvalidChoice = exports.MissingRequiredArg = exports.RunSpecError = void 0;
|
|
3
|
+
exports.RunAsMismatch = exports.AutonomyViolation = exports.GroupViolation = exports.UnknownArg = exports.OutOfRange = exports.InvalidChoice = exports.MissingRequiredArg = exports.RunSpecError = void 0;
|
|
4
4
|
exports.formatMissingRequired = formatMissingRequired;
|
|
5
5
|
exports.formatInvalidChoice = formatInvalidChoice;
|
|
6
6
|
exports.formatOutOfRange = formatOutOfRange;
|
|
@@ -14,6 +14,7 @@ exports.formatGroupExclusive = formatGroupExclusive;
|
|
|
14
14
|
exports.formatGroupInclusive = formatGroupInclusive;
|
|
15
15
|
exports.formatGroupAtLeastOne = formatGroupAtLeastOne;
|
|
16
16
|
exports.formatGroupExactlyOne = formatGroupExactlyOne;
|
|
17
|
+
exports.formatRunAsMismatch = formatRunAsMismatch;
|
|
17
18
|
exports.formatDeprecated = formatDeprecated;
|
|
18
19
|
class RunSpecError extends Error {
|
|
19
20
|
constructor(message) {
|
|
@@ -40,6 +41,9 @@ exports.GroupViolation = GroupViolation;
|
|
|
40
41
|
class AutonomyViolation extends RunSpecError {
|
|
41
42
|
}
|
|
42
43
|
exports.AutonomyViolation = AutonomyViolation;
|
|
44
|
+
class RunAsMismatch extends RunSpecError {
|
|
45
|
+
}
|
|
46
|
+
exports.RunAsMismatch = RunAsMismatch;
|
|
43
47
|
function formatMissingRequired(name, spec) {
|
|
44
48
|
const lines = [
|
|
45
49
|
`✗ Missing required argument: --${name}`,
|
|
@@ -151,6 +155,14 @@ function formatGroupExactlyOne(groupName, args, provided) {
|
|
|
151
155
|
` Provide exactly one of: ${args.map((a) => `--${a}`).join(', ')}`,
|
|
152
156
|
].join('\n');
|
|
153
157
|
}
|
|
158
|
+
function formatRunAsMismatch(runnableName, detail) {
|
|
159
|
+
return [
|
|
160
|
+
`✗ Refusing to run '${runnableName}': ${detail}.`,
|
|
161
|
+
` This runnable declares a run_as user it must execute as.`,
|
|
162
|
+
' Re-run under the intended account (e.g. `sudo -u <user> ...`, `runspec serve`,',
|
|
163
|
+
' or `runspec jump`), or relax the check with enforce_run_as = "warn" (or "off").',
|
|
164
|
+
].join('\n');
|
|
165
|
+
}
|
|
154
166
|
function formatDeprecated(name, message) {
|
|
155
167
|
return `⚠ --${name} is deprecated: ${message}`;
|
|
156
168
|
}
|
package/dist/errors.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"errors.js","sourceRoot":"","sources":["../src/errors.ts"],"names":[],"mappings":";;;
|
|
1
|
+
{"version":3,"file":"errors.js","sourceRoot":"","sources":["../src/errors.ts"],"names":[],"mappings":";;;AAeA,sDAQC;AAED,kDASC;AAED,4CAMC;AAED,oDAMC;AAED,wCAMC;AAED,sCAMC;AAED,gDAcC;AAED,oDAMC;AAED,4CAQC;AAED,oDAMC;AAED,oDAMC;AAED,sDAKC;AAED,sDAYC;AAED,kDAOC;AAED,4CAEC;AAtJD,MAAa,YAAa,SAAQ,KAAK;IACrC,YAAY,OAAe;QACzB,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,IAAI,GAAG,cAAc,CAAC;IAC7B,CAAC;CACF;AALD,oCAKC;AAED,MAAa,kBAAmB,SAAQ,YAAY;CAAG;AAAvD,gDAAuD;AACvD,MAAa,aAAc,SAAQ,YAAY;CAAG;AAAlD,sCAAkD;AAClD,MAAa,UAAW,SAAQ,YAAY;CAAG;AAA/C,gCAA+C;AAC/C,MAAa,UAAW,SAAQ,YAAY;CAAG;AAA/C,gCAA+C;AAC/C,MAAa,cAAe,SAAQ,YAAY;CAAG;AAAnD,wCAAmD;AACnD,MAAa,iBAAkB,SAAQ,YAAY;CAAG;AAAtD,8CAAsD;AACtD,MAAa,aAAc,SAAQ,YAAY;CAAG;AAAlD,sCAAkD;AAElD,SAAgB,qBAAqB,CAAC,IAAY,EAAE,IAA6B;IAC/E,MAAM,KAAK,GAAG;QACZ,mCAAmC,IAAI,EAAE;QACzC,YAAY,IAAI,CAAC,MAAM,CAAC,IAAI,KAAK,EAAE;KACpC,CAAC;IACF,IAAI,IAAI,CAAC,aAAa,CAAC;QAAE,KAAK,CAAC,IAAI,CAAC,mBAAmB,IAAI,CAAC,aAAa,CAAC,EAAE,CAAC,CAAC;IAC9E,IAAI,IAAI,CAAC,KAAK,CAAC;QAAE,KAAK,CAAC,IAAI,CAAC,oCAAoC,IAAI,CAAC,KAAK,CAAC,oBAAoB,CAAC,CAAC;IACjG,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC1B,CAAC;AAED,SAAgB,mBAAmB,CAAC,KAAa,EAAE,OAAiB,EAAE,IAAY;IAChF,MAAM,KAAK,GAAG;QACZ,0BAA0B,IAAI,KAAK,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,EAAE;QAC1D,uBAAuB,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE;QAC3C,WAAW,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,EAAE;KACnC,CAAC;IACF,MAAM,CAAC,GAAG,OAAO,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC;IAClC,IAAI,CAAC;QAAE,KAAK,CAAC,IAAI,CAAC,sBAAsB,CAAC,GAAG,CAAC,CAAC;IAC9C,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC1B,CAAC;AAED,SAAgB,gBAAgB,CAAC,KAAa,EAAE,KAAuB,EAAE,IAAY;IACnF,OAAO;QACL,+BAA+B,IAAI,KAAK,KAAK,EAAE;QAC/C,wBAAwB,KAAK,CAAC,CAAC,CAAC,QAAQ,KAAK,CAAC,CAAC,CAAC,EAAE;QAClD,WAAW,KAAK,EAAE;KACnB,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AACf,CAAC;AAED,SAAgB,oBAAoB,CAAC,KAAa,EAAE,OAAe,EAAE,IAAY;IAC/E,OAAO;QACL,0BAA0B,IAAI,KAAK,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,EAAE;QAC1D,yCAAyC,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,EAAE;QAClE,WAAW,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,EAAE;KACnC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AACf,CAAC;AAED,SAAgB,cAAc,CAAC,KAAa,EAAE,SAAiB,EAAE,IAAY;IAC3E,OAAO;QACL,4BAA4B,IAAI,KAAK,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,EAAE;QAC5D,yBAAyB,SAAS,aAAa,SAAS,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,GAAG,EAAE;QAC3E,WAAW,KAAK,CAAC,MAAM,EAAE;KAC1B,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AACf,CAAC;AAED,SAAgB,aAAa,CAAC,KAAa,EAAE,SAAiB,EAAE,IAAY;IAC1E,OAAO;QACL,2BAA2B,IAAI,KAAK,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,EAAE;QAC3D,wBAAwB,SAAS,aAAa,SAAS,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,GAAG,EAAE;QAC1E,WAAW,KAAK,CAAC,MAAM,EAAE;KAC1B,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AACf,CAAC;AAED,SAAgB,kBAAkB,CAChC,IAAY,EACZ,KAAa,EACb,QAA0C;IAE1C,MAAM,MAAM,GAAG,KAAK,IAAI,KAAK,QAAQ,CAAC,MAAM,OAAO,KAAK,6BAA6B,CAAC;IACtF,MAAM,MAAM,GAAG,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,KAAK,EAAE,KAAK,EAAE,MAAM,CAAC,EAAE,EAAE;QACrD,MAAM,MAAM,GAAG,MAAM;aAClB,KAAK,CAAC,IAAI,CAAC;aACX,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,OAAO,GAAG,IAAI,CAAC;aAC7B,IAAI,CAAC,IAAI,CAAC,CAAC;QACd,OAAO,aAAa,KAAK,KAAK,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,OAAO,MAAM,EAAE,CAAC;IACrE,CAAC,CAAC,CAAC;IACH,OAAO,MAAM,GAAG,MAAM,GAAG,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;AAC/C,CAAC;AAED,SAAgB,oBAAoB,CAAC,YAAoB,EAAE,iBAA2B;IACpF,OAAO;QACL,OAAO,YAAY,uBAAuB;QAC1C,0BAA0B,iBAAiB,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE;QACxD,aAAa,YAAY,iCAAiC;KAC3D,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AACf,CAAC;AAED,SAAgB,gBAAgB,CAAC,IAAY,EAAE,SAAmB;IAChE,MAAM,KAAK,GAAG;QACZ,0BAA0B,IAAI,EAAE;QAChC,uBAAuB,CAAC,GAAG,SAAS,CAAC,CAAC,IAAI,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE;KAC/E,CAAC;IACF,MAAM,CAAC,GAAG,OAAO,CAAC,IAAI,EAAE,SAAS,CAAC,CAAC;IACnC,IAAI,CAAC;QAAE,KAAK,CAAC,IAAI,CAAC,wBAAwB,CAAC,GAAG,CAAC,CAAC;IAChD,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC1B,CAAC;AAED,SAAgB,oBAAoB,CAAC,SAAiB,EAAE,QAAkB;IACxE,OAAO;QACL,sCAAsC,SAAS,GAAG;QAClD,QAAQ,QAAQ,CAAC,CAAC,CAAC,UAAU,QAAQ,CAAC,CAAC,CAAC,0BAA0B;QAClE,4BAA4B;KAC7B,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AACf,CAAC;AAED,SAAgB,oBAAoB,CAAC,SAAiB,EAAE,OAAiB;IACvE,OAAO;QACL,iCAAiC,SAAS,GAAG;QAC7C,qDAAqD;QACrD,oBAAoB,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE;KACjE,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AACf,CAAC;AAED,SAAgB,qBAAqB,CAAC,SAAiB,EAAE,IAAc;IACrE,OAAO;QACL,aAAa,SAAS,kCAAkC;QACxD,+BAA+B,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE;KACtE,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AACf,CAAC;AAED,SAAgB,qBAAqB,CAAC,SAAiB,EAAE,IAAc,EAAE,QAAkB;IACzF,IAAI,CAAC,QAAQ,CAAC,MAAM,EAAE,CAAC;QACrB,OAAO;YACL,aAAa,SAAS,iCAAiC;YACvD,8BAA8B,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE;SACrE,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACf,CAAC;IACD,OAAO;QACL,aAAa,SAAS,iCAAiC;QACvD,UAAU,QAAQ,CAAC,MAAM,KAAK,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE;QACxE,8BAA8B,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE;KACrE,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AACf,CAAC;AAED,SAAgB,mBAAmB,CAAC,YAAoB,EAAE,MAAc;IACtE,OAAO;QACL,uBAAuB,YAAY,MAAM,MAAM,GAAG;QAClD,6DAA6D;QAC7D,mFAAmF;QACnF,oFAAoF;KACrF,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AACf,CAAC;AAED,SAAgB,gBAAgB,CAAC,IAAY,EAAE,OAAe;IAC5D,OAAO,QAAQ,IAAI,mBAAmB,OAAO,EAAE,CAAC;AAClD,CAAC;AAED,SAAS,OAAO,CAAC,KAAa,EAAE,UAAoB;IAClD,IAAI,IAAwB,CAAC;IAC7B,IAAI,SAAS,GAAG,CAAC,CAAC;IAClB,KAAK,MAAM,CAAC,IAAI,UAAU,EAAE,CAAC;QAC3B,MAAM,KAAK,GAAG,cAAc,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC;QACvC,IAAI,KAAK,GAAG,SAAS,IAAI,KAAK,IAAI,GAAG,EAAE,CAAC;YACtC,SAAS,GAAG,KAAK,CAAC;YAClB,IAAI,GAAG,CAAC,CAAC;QACX,CAAC;IACH,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,SAAS,cAAc,CAAC,CAAS,EAAE,CAAS;IAC1C,IAAI,CAAC,KAAK,CAAC;QAAE,OAAO,CAAC,CAAC;IACtB,IAAI,CAAC,CAAC,MAAM,GAAG,CAAC,IAAI,CAAC,CAAC,MAAM,GAAG,CAAC;QAAE,OAAO,CAAC,CAAC;IAC3C,MAAM,OAAO,GAAG,IAAI,GAAG,EAAkB,CAAC;IAC1C,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC;QACtC,MAAM,EAAE,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;QAC7B,OAAO,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;IAC9C,CAAC;IACD,IAAI,SAAS,GAAG,CAAC,CAAC;IAClB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC;QACtC,MAAM,EAAE,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;QAC7B,MAAM,KAAK,GAAG,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC;QACnC,IAAI,KAAK,GAAG,CAAC,EAAE,CAAC;YACd,OAAO,CAAC,GAAG,CAAC,EAAE,EAAE,KAAK,GAAG,CAAC,CAAC,CAAC;YAC3B,SAAS,EAAE,CAAC;QACd,CAAC;IACH,CAAC;IACD,OAAO,CAAC,CAAC,GAAG,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;AACrD,CAAC"}
|
package/dist/index.d.ts
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
export { parse, loadSpec } from './parser';
|
|
2
2
|
export { registerType, listTypes } from './types';
|
|
3
3
|
export { tsTypeOf } from './inference';
|
|
4
|
-
export { RunSpecError, MissingRequiredArg, InvalidChoice, OutOfRange, UnknownArg, GroupViolation, AutonomyViolation } from './errors';
|
|
4
|
+
export { RunSpecError, MissingRequiredArg, InvalidChoice, OutOfRange, UnknownArg, GroupViolation, AutonomyViolation, RunAsMismatch } from './errors';
|
|
5
5
|
export { findConfig } from './finder';
|
|
6
6
|
export { loadRaw } from './loader';
|
|
7
7
|
export { getLogger } from './logging_setup';
|
package/dist/index.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,EAAE,QAAQ,EAAE,MAAM,UAAU,CAAC;AAC3C,OAAO,EAAE,YAAY,EAAE,SAAS,EAAE,MAAM,SAAS,CAAC;AAClD,OAAO,EAAE,QAAQ,EAAE,MAAM,aAAa,CAAC;AACvC,OAAO,EAAE,YAAY,EAAE,kBAAkB,EAAE,aAAa,EAAE,UAAU,EAAE,UAAU,EAAE,cAAc,EAAE,iBAAiB,EAAE,MAAM,UAAU,CAAC;
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,EAAE,QAAQ,EAAE,MAAM,UAAU,CAAC;AAC3C,OAAO,EAAE,YAAY,EAAE,SAAS,EAAE,MAAM,SAAS,CAAC;AAClD,OAAO,EAAE,QAAQ,EAAE,MAAM,aAAa,CAAC;AACvC,OAAO,EAAE,YAAY,EAAE,kBAAkB,EAAE,aAAa,EAAE,UAAU,EAAE,UAAU,EAAE,cAAc,EAAE,iBAAiB,EAAE,aAAa,EAAE,MAAM,UAAU,CAAC;AACrJ,OAAO,EAAE,UAAU,EAAE,MAAM,UAAU,CAAC;AACtC,OAAO,EAAE,OAAO,EAAE,MAAM,UAAU,CAAC;AACnC,OAAO,EAAE,SAAS,EAAE,MAAM,iBAAiB,CAAC;AAC5C,YAAY,EAAE,UAAU,EAAE,UAAU,EAAE,OAAO,EAAE,SAAS,EAAE,OAAO,EAAE,SAAS,EAAE,aAAa,EAAE,MAAM,UAAU,CAAC"}
|
package/dist/index.js
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
-
exports.getLogger = exports.loadRaw = exports.findConfig = exports.AutonomyViolation = exports.GroupViolation = exports.UnknownArg = exports.OutOfRange = exports.InvalidChoice = exports.MissingRequiredArg = exports.RunSpecError = exports.tsTypeOf = exports.listTypes = exports.registerType = exports.loadSpec = exports.parse = void 0;
|
|
3
|
+
exports.getLogger = exports.loadRaw = exports.findConfig = exports.RunAsMismatch = exports.AutonomyViolation = exports.GroupViolation = exports.UnknownArg = exports.OutOfRange = exports.InvalidChoice = exports.MissingRequiredArg = exports.RunSpecError = exports.tsTypeOf = exports.listTypes = exports.registerType = exports.loadSpec = exports.parse = void 0;
|
|
4
4
|
var parser_1 = require("./parser");
|
|
5
5
|
Object.defineProperty(exports, "parse", { enumerable: true, get: function () { return parser_1.parse; } });
|
|
6
6
|
Object.defineProperty(exports, "loadSpec", { enumerable: true, get: function () { return parser_1.loadSpec; } });
|
|
@@ -17,6 +17,7 @@ Object.defineProperty(exports, "OutOfRange", { enumerable: true, get: function (
|
|
|
17
17
|
Object.defineProperty(exports, "UnknownArg", { enumerable: true, get: function () { return errors_1.UnknownArg; } });
|
|
18
18
|
Object.defineProperty(exports, "GroupViolation", { enumerable: true, get: function () { return errors_1.GroupViolation; } });
|
|
19
19
|
Object.defineProperty(exports, "AutonomyViolation", { enumerable: true, get: function () { return errors_1.AutonomyViolation; } });
|
|
20
|
+
Object.defineProperty(exports, "RunAsMismatch", { enumerable: true, get: function () { return errors_1.RunAsMismatch; } });
|
|
20
21
|
var finder_1 = require("./finder");
|
|
21
22
|
Object.defineProperty(exports, "findConfig", { enumerable: true, get: function () { return finder_1.findConfig; } });
|
|
22
23
|
var loader_1 = require("./loader");
|
package/dist/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";;;AAAA,mCAA2C;AAAlC,+FAAA,KAAK,OAAA;AAAE,kGAAA,QAAQ,OAAA;AACxB,iCAAkD;AAAzC,qGAAA,YAAY,OAAA;AAAE,kGAAA,SAAS,OAAA;AAChC,yCAAuC;AAA9B,qGAAA,QAAQ,OAAA;AACjB,
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";;;AAAA,mCAA2C;AAAlC,+FAAA,KAAK,OAAA;AAAE,kGAAA,QAAQ,OAAA;AACxB,iCAAkD;AAAzC,qGAAA,YAAY,OAAA;AAAE,kGAAA,SAAS,OAAA;AAChC,yCAAuC;AAA9B,qGAAA,QAAQ,OAAA;AACjB,mCAAqJ;AAA5I,sGAAA,YAAY,OAAA;AAAE,4GAAA,kBAAkB,OAAA;AAAE,uGAAA,aAAa,OAAA;AAAE,oGAAA,UAAU,OAAA;AAAE,oGAAA,UAAU,OAAA;AAAE,wGAAA,cAAc,OAAA;AAAE,2GAAA,iBAAiB,OAAA;AAAE,uGAAA,aAAa,OAAA;AAClI,mCAAsC;AAA7B,oGAAA,UAAU,OAAA;AACnB,mCAAmC;AAA1B,iGAAA,OAAO,OAAA;AAChB,iDAA4C;AAAnC,0GAAA,SAAS,OAAA"}
|
package/dist/loader.js
CHANGED
|
@@ -53,6 +53,7 @@ function loadRaw(configPath) {
|
|
|
53
53
|
function normaliseConfig(raw) {
|
|
54
54
|
return {
|
|
55
55
|
autonomyDefault: raw['autonomy-default'] ?? 'confirm',
|
|
56
|
+
enforceRunAs: raw['enforce_run_as'] ?? 'error',
|
|
56
57
|
lang: raw['lang'],
|
|
57
58
|
version: String(raw['version'] ?? '1'),
|
|
58
59
|
logging: normaliseLogging(raw['logging']),
|
|
@@ -97,6 +98,8 @@ function normaliseScript(name, raw) {
|
|
|
97
98
|
autonomyReason: raw['autonomy-reason'],
|
|
98
99
|
output: raw['output'],
|
|
99
100
|
discoverable: raw['discoverable'],
|
|
101
|
+
runAs: raw['run_as'],
|
|
102
|
+
enforceRunAs: raw['enforce_run_as'],
|
|
100
103
|
requireCommand: raw['require-command'] ?? false,
|
|
101
104
|
args: normaliseArgs((raw['args'] ?? {})),
|
|
102
105
|
groups: normaliseGroups((raw['groups'] ?? {})),
|
package/dist/loader.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"loader.js","sourceRoot":"","sources":["../src/loader.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAIA,0BAeC;AAnBD,uCAAyB;AACzB,yCAA+C;AAG/C,SAAgB,OAAO,CAAC,UAAkB;IACxC,MAAM,OAAO,GAAG,EAAE,CAAC,YAAY,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC;IACrD,MAAM,GAAG,GAAG,IAAA,iBAAS,EAAC,OAAO,CAA4B,CAAC;IAE1D,MAAM,YAAY,GAA4C,EAAE,CAAC;IACjE,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC;QAC/C,IAAI,GAAG,KAAK,QAAQ,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,KAAK,IAAI,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;YAC7F,YAAY,CAAC,GAAG,CAAC,GAAG,KAAgC,CAAC;QACvD,CAAC;IACH,CAAC;IAED,OAAO;QACL,MAAM,EAAE,eAAe,CAAC,CAAC,GAAG,CAAC,QAAQ,CAAC,IAAI,EAAE,CAA4B,CAAC;QACzE,SAAS,EAAE,kBAAkB,CAAC,YAAY,CAAC;KAC5C,CAAC;AACJ,CAAC;AAED,SAAS,eAAe,CAAC,GAA4B;IACnD,OAAO;QACL,eAAe,EAAG,GAAG,CAAC,kBAAkB,CAAwB,IAAI,SAAS;QAC7E,IAAI,EAAE,GAAG,CAAC,MAAM,CAAuB;QACvC,OAAO,EAAE,MAAM,CAAC,GAAG,CAAC,SAAS,CAAC,IAAI,GAAG,CAAC;QACtC,OAAO,EAAE,gBAAgB,CAAC,GAAG,CAAC,SAAS,CAAwC,CAAC;KACjF,CAAC;AACJ,CAAC;AAED,SAAS,gBAAgB,CAAC,GAAwC;IAChE,wEAAwE;IACxE,2EAA2E;IAC3E,qEAAqE;IACrE,0EAA0E;IAC1E,+BAA+B;IAC/B,EAAE;IACF,6EAA6E;IAC7E,+EAA+E;IAC/E,gFAAgF;IAChF,+EAA+E;IAC/E,4EAA4E;IAC5E,gFAAgF;IAChF,6EAA6E;IAC7E,IAAI,GAAG,KAAK,SAAS;QAAE,OAAO,SAAS,CAAC;IACxC,2EAA2E;IAC3E,4EAA4E;IAC5E,yDAAyD;IACzD,MAAM,KAAK,GAAG,MAAM,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,QAAQ,CAAC,CAAC;IAC/C,OAAO;QACL,MAAM,EAAE,MAAM,CAAC,GAAG,CAAC,QAAQ,CAAC,IAAI,UAAU,CAAC;QAC3C,IAAI,EAAE,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;QAC9B,OAAO,EAAE,GAAG,CAAC,SAAS,CAAC,KAAK,SAAS,CAAC,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI;QACtE,cAAc,EAAE,GAAG,CAAC,iBAAiB,CAAC,KAAK,SAAS,CAAC,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,iBAAiB,CAAC,CAAC,CAAC,CAAC,CAAC,KAAK;QAC9F,KAAK,EAAE,KAAK,KAAK,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,QAAQ;KAClD,CAAC;AACJ,CAAC;AAED,SAAS,kBAAkB,CAAC,GAA4C;IACtE,OAAO,MAAM,CAAC,WAAW,CAAC,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,EAAE,IAAI,CAAC,EAAE,EAAE,CAAC,CAAC,IAAI,EAAE,eAAe,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC;AAC5G,CAAC;AAED,SAAS,eAAe,CAAC,IAAY,EAAE,GAA4B;IACjE,OAAO;QACL,IAAI;QACJ,WAAW,EAAE,GAAG,CAAC,aAAa,CAAuB;QACrD,QAAQ,EAAE,GAAG,CAAC,UAAU,CAAuB;QAC/C,cAAc,EAAE,GAAG,CAAC,iBAAiB,CAAuB;QAC5D,MAAM,EAAE,GAAG,CAAC,QAAQ,CAAuB;QAC3C,YAAY,EAAE,GAAG,CAAC,cAAc,CAAmC;QACnE,cAAc,EAAG,GAAG,CAAC,iBAAiB,CAAyB,IAAI,KAAK;QACxE,IAAI,EAAE,aAAa,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,IAAI,EAAE,CAA4B,CAAC;QACnE,MAAM,EAAE,eAAe,CAAC,CAAC,GAAG,CAAC,QAAQ,CAAC,IAAI,EAAE,CAA4B,CAAC;QACzE,QAAQ,EAAE,iBAAiB,CAAC,CAAC,GAAG,CAAC,UAAU,CAAC,IAAI,EAAE,CAA4C,CAAC;KAChG,CAAC;AACJ,CAAC;AAED,SAAS,aAAa,CAAC,GAA4B;IACjD,OAAO,MAAM,CAAC,WAAW,CACvB,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,EAAE,KAAK,CAAC,EAAE,EAAE;QACxC,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,KAAK,IAAI,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;YACzE,OAAO,CAAC,IAAI,EAAE,YAAY,CAAC,IAAI,EAAE,KAAgC,CAAC,CAAC,CAAC;QACtE,CAAC;QACD,OAAO,CAAC,IAAI,EAAE,YAAY,CAAC,IAAI,EAAE,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC,CAAC,CAAC;IACxD,CAAC,CAAC,CACH,CAAC;AACJ,CAAC;AAED,SAAS,YAAY,CAAC,IAAY,EAAE,GAA4B;IAC9D,OAAO;QACL,IAAI;QACJ,IAAI,EAAG,GAAG,CAAC,MAAM,CAAwB,IAAI,SAAS;QACtD,QAAQ,EAAE,GAAG,CAAC,UAAU,CAAwB;QAChD,OAAO,EAAE,GAAG,CAAC,SAAS,CAAC;QACvB,WAAW,EAAE,GAAG,CAAC,aAAa,CAAuB;QACrD,OAAO,EAAE,GAAG,CAAC,SAAS,CAAyB;QAC/C,KAAK,EAAE,GAAG,CAAC,OAAO,CAAiC;QACnD,OAAO,EAAE,GAAG,CAAC,SAAS,CAAuB;QAC7C,SAAS,EAAE,GAAG,CAAC,YAAY,CAAuB;QAClD,SAAS,EAAE,GAAG,CAAC,YAAY,CAAuB;QAClD,QAAQ,EAAG,GAAG,CAAC,UAAU,CAAyB,IAAI,KAAK;QAC3D,SAAS,EAAE,GAAG,CAAC,WAAW,CAAuB;QACjD,KAAK,EAAE,GAAG,CAAC,OAAO,CAAuB;QACzC,QAAQ,EAAE,GAAG,CAAC,UAAU,CAAuB;QAC/C,GAAG,EAAE,YAAY,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;QAC7B,UAAU,EAAE,GAAG,CAAC,YAAY,CAAuB;QACnD,QAAQ,EAAE,GAAG,CAAC,UAAU,CAAuB;QAC/C,YAAY,EAAE,GAAG,CAAC,cAAc,CAAmC;QACnE,EAAE,EAAE,GAAG,CAAC,IAAI,CAAuB;QACnC,IAAI,EAAE,GAAG,CAAC,MAAM,CAAuB;QACvC,IAAI,EAAE,GAAG,CAAC,MAAM,CAAwC;KACzD,CAAC;AACJ,CAAC;AAED,SAAS,eAAe,CAAC,GAA4B;IACnD,OAAO,MAAM,CAAC,WAAW,CACvB,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,EAAE,IAAI,CAAC,EAAE,EAAE;QACvC,MAAM,CAAC,GAAG,IAA+B,CAAC;QAC1C,OAAO;YACL,IAAI;YACJ;gBACE,IAAI;gBACJ,IAAI,EAAG,CAAC,CAAC,MAAM,CAAc,IAAI,EAAE;gBACnC,SAAS,EAAG,CAAC,CAAC,WAAW,CAAyB,IAAI,KAAK;gBAC3D,SAAS,EAAG,CAAC,CAAC,WAAW,CAAyB,IAAI,KAAK;gBAC3D,UAAU,EAAG,CAAC,CAAC,cAAc,CAAyB,IAAI,KAAK;gBAC/D,UAAU,EAAG,CAAC,CAAC,aAAa,CAAyB,IAAI,KAAK;gBAC9D,SAAS,EAAE,CAAC,CAAC,IAAI,CAAuB;gBACxC,QAAQ,EAAG,CAAC,CAAC,UAAU,CAA0B,IAAI,EAAE;aACpC;SACtB,CAAC;IACJ,CAAC,CAAC,CACH,CAAC;AACJ,CAAC;AAED,SAAS,YAAY,CAAC,GAAY;IAChC,IAAI,GAAG,KAAK,IAAI,IAAI,GAAG,KAAK,SAAS;QAAE,OAAO,SAAS,CAAC;IACxD,IAAI,OAAO,GAAG,KAAK,QAAQ;QAAE,OAAO,CAAC,GAAG,CAAC,CAAC;IAC1C,IAAI,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC;QAAE,OAAO,GAAG,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;IAC/C,OAAO,SAAS,CAAC;AACnB,CAAC;AAED,SAAS,iBAAiB,CAAC,GAA4C;IACrE,OAAO,MAAM,CAAC,WAAW,CAAC,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,EAAE,IAAI,CAAC,EAAE,EAAE,CAAC,CAAC,IAAI,EAAE,eAAe,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC;AAC5G,CAAC"}
|
|
1
|
+
{"version":3,"file":"loader.js","sourceRoot":"","sources":["../src/loader.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAIA,0BAeC;AAnBD,uCAAyB;AACzB,yCAA+C;AAG/C,SAAgB,OAAO,CAAC,UAAkB;IACxC,MAAM,OAAO,GAAG,EAAE,CAAC,YAAY,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC;IACrD,MAAM,GAAG,GAAG,IAAA,iBAAS,EAAC,OAAO,CAA4B,CAAC;IAE1D,MAAM,YAAY,GAA4C,EAAE,CAAC;IACjE,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC;QAC/C,IAAI,GAAG,KAAK,QAAQ,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,KAAK,IAAI,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;YAC7F,YAAY,CAAC,GAAG,CAAC,GAAG,KAAgC,CAAC;QACvD,CAAC;IACH,CAAC;IAED,OAAO;QACL,MAAM,EAAE,eAAe,CAAC,CAAC,GAAG,CAAC,QAAQ,CAAC,IAAI,EAAE,CAA4B,CAAC;QACzE,SAAS,EAAE,kBAAkB,CAAC,YAAY,CAAC;KAC5C,CAAC;AACJ,CAAC;AAED,SAAS,eAAe,CAAC,GAA4B;IACnD,OAAO;QACL,eAAe,EAAG,GAAG,CAAC,kBAAkB,CAAwB,IAAI,SAAS;QAC7E,YAAY,EAAG,GAAG,CAAC,gBAAgB,CAAwB,IAAI,OAAO;QACtE,IAAI,EAAE,GAAG,CAAC,MAAM,CAAuB;QACvC,OAAO,EAAE,MAAM,CAAC,GAAG,CAAC,SAAS,CAAC,IAAI,GAAG,CAAC;QACtC,OAAO,EAAE,gBAAgB,CAAC,GAAG,CAAC,SAAS,CAAwC,CAAC;KACjF,CAAC;AACJ,CAAC;AAED,SAAS,gBAAgB,CAAC,GAAwC;IAChE,wEAAwE;IACxE,2EAA2E;IAC3E,qEAAqE;IACrE,0EAA0E;IAC1E,+BAA+B;IAC/B,EAAE;IACF,6EAA6E;IAC7E,+EAA+E;IAC/E,gFAAgF;IAChF,+EAA+E;IAC/E,4EAA4E;IAC5E,gFAAgF;IAChF,6EAA6E;IAC7E,IAAI,GAAG,KAAK,SAAS;QAAE,OAAO,SAAS,CAAC;IACxC,2EAA2E;IAC3E,4EAA4E;IAC5E,yDAAyD;IACzD,MAAM,KAAK,GAAG,MAAM,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,QAAQ,CAAC,CAAC;IAC/C,OAAO;QACL,MAAM,EAAE,MAAM,CAAC,GAAG,CAAC,QAAQ,CAAC,IAAI,UAAU,CAAC;QAC3C,IAAI,EAAE,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;QAC9B,OAAO,EAAE,GAAG,CAAC,SAAS,CAAC,KAAK,SAAS,CAAC,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI;QACtE,cAAc,EAAE,GAAG,CAAC,iBAAiB,CAAC,KAAK,SAAS,CAAC,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,iBAAiB,CAAC,CAAC,CAAC,CAAC,CAAC,KAAK;QAC9F,KAAK,EAAE,KAAK,KAAK,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,QAAQ;KAClD,CAAC;AACJ,CAAC;AAED,SAAS,kBAAkB,CAAC,GAA4C;IACtE,OAAO,MAAM,CAAC,WAAW,CAAC,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,EAAE,IAAI,CAAC,EAAE,EAAE,CAAC,CAAC,IAAI,EAAE,eAAe,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC;AAC5G,CAAC;AAED,SAAS,eAAe,CAAC,IAAY,EAAE,GAA4B;IACjE,OAAO;QACL,IAAI;QACJ,WAAW,EAAE,GAAG,CAAC,aAAa,CAAuB;QACrD,QAAQ,EAAE,GAAG,CAAC,UAAU,CAAuB;QAC/C,cAAc,EAAE,GAAG,CAAC,iBAAiB,CAAuB;QAC5D,MAAM,EAAE,GAAG,CAAC,QAAQ,CAAuB;QAC3C,YAAY,EAAE,GAAG,CAAC,cAAc,CAAmC;QACnE,KAAK,EAAE,GAAG,CAAC,QAAQ,CAAC;QACpB,YAAY,EAAE,GAAG,CAAC,gBAAgB,CAAuB;QACzD,cAAc,EAAG,GAAG,CAAC,iBAAiB,CAAyB,IAAI,KAAK;QACxE,IAAI,EAAE,aAAa,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,IAAI,EAAE,CAA4B,CAAC;QACnE,MAAM,EAAE,eAAe,CAAC,CAAC,GAAG,CAAC,QAAQ,CAAC,IAAI,EAAE,CAA4B,CAAC;QACzE,QAAQ,EAAE,iBAAiB,CAAC,CAAC,GAAG,CAAC,UAAU,CAAC,IAAI,EAAE,CAA4C,CAAC;KAChG,CAAC;AACJ,CAAC;AAED,SAAS,aAAa,CAAC,GAA4B;IACjD,OAAO,MAAM,CAAC,WAAW,CACvB,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,EAAE,KAAK,CAAC,EAAE,EAAE;QACxC,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,KAAK,IAAI,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;YACzE,OAAO,CAAC,IAAI,EAAE,YAAY,CAAC,IAAI,EAAE,KAAgC,CAAC,CAAC,CAAC;QACtE,CAAC;QACD,OAAO,CAAC,IAAI,EAAE,YAAY,CAAC,IAAI,EAAE,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC,CAAC,CAAC;IACxD,CAAC,CAAC,CACH,CAAC;AACJ,CAAC;AAED,SAAS,YAAY,CAAC,IAAY,EAAE,GAA4B;IAC9D,OAAO;QACL,IAAI;QACJ,IAAI,EAAG,GAAG,CAAC,MAAM,CAAwB,IAAI,SAAS;QACtD,QAAQ,EAAE,GAAG,CAAC,UAAU,CAAwB;QAChD,OAAO,EAAE,GAAG,CAAC,SAAS,CAAC;QACvB,WAAW,EAAE,GAAG,CAAC,aAAa,CAAuB;QACrD,OAAO,EAAE,GAAG,CAAC,SAAS,CAAyB;QAC/C,KAAK,EAAE,GAAG,CAAC,OAAO,CAAiC;QACnD,OAAO,EAAE,GAAG,CAAC,SAAS,CAAuB;QAC7C,SAAS,EAAE,GAAG,CAAC,YAAY,CAAuB;QAClD,SAAS,EAAE,GAAG,CAAC,YAAY,CAAuB;QAClD,QAAQ,EAAG,GAAG,CAAC,UAAU,CAAyB,IAAI,KAAK;QAC3D,SAAS,EAAE,GAAG,CAAC,WAAW,CAAuB;QACjD,KAAK,EAAE,GAAG,CAAC,OAAO,CAAuB;QACzC,QAAQ,EAAE,GAAG,CAAC,UAAU,CAAuB;QAC/C,GAAG,EAAE,YAAY,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;QAC7B,UAAU,EAAE,GAAG,CAAC,YAAY,CAAuB;QACnD,QAAQ,EAAE,GAAG,CAAC,UAAU,CAAuB;QAC/C,YAAY,EAAE,GAAG,CAAC,cAAc,CAAmC;QACnE,EAAE,EAAE,GAAG,CAAC,IAAI,CAAuB;QACnC,IAAI,EAAE,GAAG,CAAC,MAAM,CAAuB;QACvC,IAAI,EAAE,GAAG,CAAC,MAAM,CAAwC;KACzD,CAAC;AACJ,CAAC;AAED,SAAS,eAAe,CAAC,GAA4B;IACnD,OAAO,MAAM,CAAC,WAAW,CACvB,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,EAAE,IAAI,CAAC,EAAE,EAAE;QACvC,MAAM,CAAC,GAAG,IAA+B,CAAC;QAC1C,OAAO;YACL,IAAI;YACJ;gBACE,IAAI;gBACJ,IAAI,EAAG,CAAC,CAAC,MAAM,CAAc,IAAI,EAAE;gBACnC,SAAS,EAAG,CAAC,CAAC,WAAW,CAAyB,IAAI,KAAK;gBAC3D,SAAS,EAAG,CAAC,CAAC,WAAW,CAAyB,IAAI,KAAK;gBAC3D,UAAU,EAAG,CAAC,CAAC,cAAc,CAAyB,IAAI,KAAK;gBAC/D,UAAU,EAAG,CAAC,CAAC,aAAa,CAAyB,IAAI,KAAK;gBAC9D,SAAS,EAAE,CAAC,CAAC,IAAI,CAAuB;gBACxC,QAAQ,EAAG,CAAC,CAAC,UAAU,CAA0B,IAAI,EAAE;aACpC;SACtB,CAAC;IACJ,CAAC,CAAC,CACH,CAAC;AACJ,CAAC;AAED,SAAS,YAAY,CAAC,GAAY;IAChC,IAAI,GAAG,KAAK,IAAI,IAAI,GAAG,KAAK,SAAS;QAAE,OAAO,SAAS,CAAC;IACxD,IAAI,OAAO,GAAG,KAAK,QAAQ;QAAE,OAAO,CAAC,GAAG,CAAC,CAAC;IAC1C,IAAI,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC;QAAE,OAAO,GAAG,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;IAC/C,OAAO,SAAS,CAAC;AACnB,CAAC;AAED,SAAS,iBAAiB,CAAC,GAA4C;IACrE,OAAO,MAAM,CAAC,WAAW,CAAC,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,EAAE,IAAI,CAAC,EAAE,EAAE,CAAC,CAAC,IAAI,EAAE,eAAe,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC;AAC5G,CAAC"}
|
package/dist/models.d.ts
CHANGED
|
@@ -14,6 +14,8 @@ export interface LoggingConfig {
|
|
|
14
14
|
}
|
|
15
15
|
export interface RawConfig {
|
|
16
16
|
autonomyDefault: string;
|
|
17
|
+
/** Default enforce_run_as for runnables that don't declare one. */
|
|
18
|
+
enforceRunAs: string;
|
|
17
19
|
lang?: string;
|
|
18
20
|
version: string;
|
|
19
21
|
logging?: LoggingConfig;
|
|
@@ -59,6 +61,13 @@ export interface ScriptSpec {
|
|
|
59
61
|
output?: string;
|
|
60
62
|
serve?: boolean | string[];
|
|
61
63
|
discoverable?: boolean | string[];
|
|
64
|
+
/** The OS user the runnable must run as. String, $ENV ref, or a per-host /
|
|
65
|
+
* pattern table. Consumed by an executor for escalation; on the direct path
|
|
66
|
+
* it is the identity asserted by `enforceRunAs`. */
|
|
67
|
+
runAs?: unknown;
|
|
68
|
+
/** Reaction when the process is not running as the resolved `runAs` user on
|
|
69
|
+
* the direct/import path: 'error' (default), 'warn', or 'off'. */
|
|
70
|
+
enforceRunAs?: string;
|
|
62
71
|
requireCommand?: boolean;
|
|
63
72
|
args: Record<string, ArgSpec>;
|
|
64
73
|
groups: Record<string, GroupSpec>;
|
package/dist/models.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"models.d.ts","sourceRoot":"","sources":["../src/models.ts"],"names":[],"mappings":"AAAA,MAAM,WAAW,aAAa;IAC5B,MAAM,EAAE,MAAM,CAAC;IACf,IAAI,EAAE,MAAM,CAAC;IACb;+EAC2E;IAC3E,OAAO,EAAE,OAAO,CAAC;IACjB;;kFAE8E;IAC9E,cAAc,CAAC,EAAE,OAAO,CAAC;IACzB;2EACuE;IACvE,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED,MAAM,WAAW,SAAS;IACxB,eAAe,EAAE,MAAM,CAAC;IACxB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,OAAO,EAAE,MAAM,CAAC;IAChB,OAAO,CAAC,EAAE,aAAa,CAAC;CACzB;AAED,MAAM,WAAW,OAAO;IACtB,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,QAAQ,CAAC,EAAE,OAAO,CAAC;IACnB,OAAO,CAAC,EAAE,OAAO,CAAC;IAClB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,OAAO,CAAC,EAAE,MAAM,EAAE,CAAC;IACnB,KAAK,CAAC,EAAE,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACzB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,QAAQ,CAAC,EAAE,OAAO,CAAC;IACnB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,GAAG,CAAC,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC;IACxB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAIlB,YAAY,CAAC,EAAE,OAAO,GAAG,MAAM,EAAE,CAAC;IAClC,EAAE,CAAC,EAAE,MAAM,CAAC;IACZ,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,IAAI,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CAChC;AAED,MAAM,WAAW,SAAS;IACxB,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,EAAE,CAAC;IACf,SAAS,CAAC,EAAE,OAAO,CAAC;IACpB,SAAS,CAAC,EAAE,OAAO,CAAC;IACpB,UAAU,CAAC,EAAE,OAAO,CAAC;IACrB,UAAU,CAAC,EAAE,OAAO,CAAC;IACrB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,QAAQ,CAAC,EAAE,MAAM,EAAE,CAAC;CACrB;AAED,MAAM,WAAW,UAAU;IACzB,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,KAAK,CAAC,EAAE,OAAO,GAAG,MAAM,EAAE,CAAC;IAC3B,YAAY,CAAC,EAAE,OAAO,GAAG,MAAM,EAAE,CAAC;IAClC,cAAc,CAAC,EAAE,OAAO,CAAC;IACzB,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAC9B,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC;IAClC,QAAQ,EAAE,MAAM,CAAC,MAAM,EAAE,UAAU,CAAC,CAAC;CACtC;AAED,MAAM,WAAW,OAAO;IACtB,MAAM,EAAE,SAAS,CAAC;IAClB,SAAS,EAAE,MAAM,CAAC,MAAM,EAAE,UAAU,CAAC,CAAC;CACvC;AAED,MAAM,WAAW,UAAU;IACzB,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;IACvB,QAAQ,CAAC,iBAAiB,EAAE,OAAO,CAAC;IACpC,QAAQ,CAAC,kBAAkB,EAAE,MAAM,CAAC;IACpC,QAAQ,CAAC,wBAAwB,EAAE,MAAM,EAAE,CAAC;IAC5C,QAAQ,CAAC,oBAAoB,EAAE,MAAM,CAAC;IACtC,QAAQ,CAAC,kBAAkB,EAAE,MAAM,CAAC;IACpC,QAAQ,CAAC,gBAAgB,EAAE,UAAU,CAAC;IACtC,QAAQ,CAAC,eAAe,EAAE,MAAM,GAAG,SAAS,CAAC;IAC7C,QAAQ,CAAC,oBAAoB,EAAE,MAAM,EAAE,CAAC;IACxC,QAAQ,CAAC,cAAc,EAAE,MAAM,CAAC;CACjC"}
|
|
1
|
+
{"version":3,"file":"models.d.ts","sourceRoot":"","sources":["../src/models.ts"],"names":[],"mappings":"AAAA,MAAM,WAAW,aAAa;IAC5B,MAAM,EAAE,MAAM,CAAC;IACf,IAAI,EAAE,MAAM,CAAC;IACb;+EAC2E;IAC3E,OAAO,EAAE,OAAO,CAAC;IACjB;;kFAE8E;IAC9E,cAAc,CAAC,EAAE,OAAO,CAAC;IACzB;2EACuE;IACvE,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED,MAAM,WAAW,SAAS;IACxB,eAAe,EAAE,MAAM,CAAC;IACxB,mEAAmE;IACnE,YAAY,EAAE,MAAM,CAAC;IACrB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,OAAO,EAAE,MAAM,CAAC;IAChB,OAAO,CAAC,EAAE,aAAa,CAAC;CACzB;AAED,MAAM,WAAW,OAAO;IACtB,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,QAAQ,CAAC,EAAE,OAAO,CAAC;IACnB,OAAO,CAAC,EAAE,OAAO,CAAC;IAClB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,OAAO,CAAC,EAAE,MAAM,EAAE,CAAC;IACnB,KAAK,CAAC,EAAE,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACzB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,QAAQ,CAAC,EAAE,OAAO,CAAC;IACnB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,GAAG,CAAC,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC;IACxB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAIlB,YAAY,CAAC,EAAE,OAAO,GAAG,MAAM,EAAE,CAAC;IAClC,EAAE,CAAC,EAAE,MAAM,CAAC;IACZ,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,IAAI,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CAChC;AAED,MAAM,WAAW,SAAS;IACxB,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,EAAE,CAAC;IACf,SAAS,CAAC,EAAE,OAAO,CAAC;IACpB,SAAS,CAAC,EAAE,OAAO,CAAC;IACpB,UAAU,CAAC,EAAE,OAAO,CAAC;IACrB,UAAU,CAAC,EAAE,OAAO,CAAC;IACrB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,QAAQ,CAAC,EAAE,MAAM,EAAE,CAAC;CACrB;AAED,MAAM,WAAW,UAAU;IACzB,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,KAAK,CAAC,EAAE,OAAO,GAAG,MAAM,EAAE,CAAC;IAC3B,YAAY,CAAC,EAAE,OAAO,GAAG,MAAM,EAAE,CAAC;IAClC;;yDAEqD;IACrD,KAAK,CAAC,EAAE,OAAO,CAAC;IAChB;uEACmE;IACnE,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,cAAc,CAAC,EAAE,OAAO,CAAC;IACzB,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAC9B,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC;IAClC,QAAQ,EAAE,MAAM,CAAC,MAAM,EAAE,UAAU,CAAC,CAAC;CACtC;AAED,MAAM,WAAW,OAAO;IACtB,MAAM,EAAE,SAAS,CAAC;IAClB,SAAS,EAAE,MAAM,CAAC,MAAM,EAAE,UAAU,CAAC,CAAC;CACvC;AAED,MAAM,WAAW,UAAU;IACzB,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;IACvB,QAAQ,CAAC,iBAAiB,EAAE,OAAO,CAAC;IACpC,QAAQ,CAAC,kBAAkB,EAAE,MAAM,CAAC;IACpC,QAAQ,CAAC,wBAAwB,EAAE,MAAM,EAAE,CAAC;IAC5C,QAAQ,CAAC,oBAAoB,EAAE,MAAM,CAAC;IACtC,QAAQ,CAAC,kBAAkB,EAAE,MAAM,CAAC;IACpC,QAAQ,CAAC,gBAAgB,EAAE,UAAU,CAAC;IACtC,QAAQ,CAAC,eAAe,EAAE,MAAM,GAAG,SAAS,CAAC;IAC7C,QAAQ,CAAC,oBAAoB,EAAE,MAAM,EAAE,CAAC;IACxC,QAAQ,CAAC,cAAc,EAAE,MAAM,CAAC;CACjC"}
|
package/dist/parser.d.ts
CHANGED
|
@@ -8,6 +8,8 @@ export interface ParseOptions {
|
|
|
8
8
|
_enforceRequiredCommand?: boolean;
|
|
9
9
|
/** Internal: prompt for missing required password args. loadSpec sets false. */
|
|
10
10
|
_promptSecrets?: boolean;
|
|
11
|
+
/** Internal: verify the run_as identity (enforce_run_as). loadSpec sets false. */
|
|
12
|
+
_checkRunAs?: boolean;
|
|
11
13
|
}
|
|
12
14
|
export declare function parse(opts?: ParseOptions): ParsedArgs;
|
|
13
15
|
export declare function loadSpec(opts?: ParseOptions): ParsedArgs;
|
package/dist/parser.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"parser.d.ts","sourceRoot":"","sources":["../src/parser.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"parser.d.ts","sourceRoot":"","sources":["../src/parser.ts"],"names":[],"mappings":"AAYA,OAAO,KAAK,EAAE,UAAU,EAAE,UAAU,EAAW,MAAM,UAAU,CAAC;AAEhE,MAAM,WAAW,YAAY;IAC3B,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,IAAI,CAAC,EAAE,MAAM,EAAE,CAAC;IAChB,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,mFAAmF;IACnF,uBAAuB,CAAC,EAAE,OAAO,CAAC;IAClC,gFAAgF;IAChF,cAAc,CAAC,EAAE,OAAO,CAAC;IACzB,kFAAkF;IAClF,WAAW,CAAC,EAAE,OAAO,CAAC;CACvB;AAED,wBAAgB,KAAK,CAAC,IAAI,GAAE,YAAiB,GAAG,UAAU,CAiKzD;AAED,wBAAgB,QAAQ,CAAC,IAAI,GAAE,YAAiB,GAAG,UAAU,CAK5D;AAwOD,wBAAgB,SAAS,CAAC,IAAI,EAAE,MAAM,EAAE,MAAM,EAAE,UAAU,EAAE,WAAW,GAAE,MAAM,EAAO,GAAG,IAAI,CAwE5F"}
|
package/dist/parser.js
CHANGED
|
@@ -37,6 +37,7 @@ exports.parse = parse;
|
|
|
37
37
|
exports.loadSpec = loadSpec;
|
|
38
38
|
exports.printHelp = printHelp;
|
|
39
39
|
const path = __importStar(require("path"));
|
|
40
|
+
const os = __importStar(require("os"));
|
|
40
41
|
const fs = __importStar(require("fs"));
|
|
41
42
|
const child_process_1 = require("child_process");
|
|
42
43
|
const finder_1 = require("./finder");
|
|
@@ -44,10 +45,11 @@ const loader_1 = require("./loader");
|
|
|
44
45
|
const inference_1 = require("./inference");
|
|
45
46
|
const types_1 = require("./types");
|
|
46
47
|
const validator_1 = require("./validator");
|
|
48
|
+
const become_1 = require("./become");
|
|
47
49
|
const errors_1 = require("./errors");
|
|
48
50
|
const logging_setup_1 = require("./logging_setup");
|
|
49
51
|
function parse(opts = {}) {
|
|
50
|
-
const { scriptName, argv: argvOverride, cwd, configPath: configPathOverride, _enforceRequiredCommand = true, _promptSecrets = true } = opts;
|
|
52
|
+
const { scriptName, argv: argvOverride, cwd, configPath: configPathOverride, _enforceRequiredCommand = true, _promptSecrets = true, _checkRunAs = true } = opts;
|
|
51
53
|
const { configPath } = configPathOverride ? { configPath: configPathOverride } : (0, finder_1.findConfig)(cwd);
|
|
52
54
|
const raw = (0, loader_1.loadRaw)(configPath);
|
|
53
55
|
const config = raw.config;
|
|
@@ -109,6 +111,26 @@ function parse(opts = {}) {
|
|
|
109
111
|
printHelp(name, activeScript, commandPath);
|
|
110
112
|
process.exit(0);
|
|
111
113
|
}
|
|
114
|
+
// Verify run_as identity on the direct/import execution path. run_as is
|
|
115
|
+
// consumed by an executor (sudo escalation) *before* the process starts, so
|
|
116
|
+
// under one the effective user already matches and this passes silently; on
|
|
117
|
+
// the direct path nothing escalates, so this catches running as the wrong
|
|
118
|
+
// user. run_as/enforce_run_as are runnable-level, so they are read from the
|
|
119
|
+
// root spec (not the merged subcommand leaf). Runs after --help so
|
|
120
|
+
// `<name> --help` is always readable; skipped by loadSpec (introspection).
|
|
121
|
+
if (_checkRunAs) {
|
|
122
|
+
const rootSpec = raw.runnables[name];
|
|
123
|
+
const detail = (0, become_1.verifyRunAsIdentity)((0, become_1.resolveRunAs)(rootSpec.runAs, os.hostname()));
|
|
124
|
+
if (detail) {
|
|
125
|
+
const level = rootSpec.enforceRunAs ?? config.enforceRunAs ?? 'error';
|
|
126
|
+
if (level === 'warn') {
|
|
127
|
+
process.stderr.write(`⚠ ${name}: ${detail}. (enforce_run_as = "warn" — continuing)\n`);
|
|
128
|
+
}
|
|
129
|
+
else if (level !== 'off') {
|
|
130
|
+
throw new errors_1.RunAsMismatch((0, errors_1.formatRunAsMismatch)(name, detail));
|
|
131
|
+
}
|
|
132
|
+
}
|
|
133
|
+
}
|
|
112
134
|
// Enforce require-command on the resolved leaf: if the deepest matched node
|
|
113
135
|
// still requires a command and has commands, none was chosen at that level.
|
|
114
136
|
// Checking the leaf (not commandPath.length) enforces at every nesting depth.
|
|
@@ -167,7 +189,9 @@ function parse(opts = {}) {
|
|
|
167
189
|
}
|
|
168
190
|
function loadSpec(opts = {}) {
|
|
169
191
|
// Secret prompting is disabled — introspection must never block on a prompt.
|
|
170
|
-
|
|
192
|
+
// The run_as identity check is likewise skipped: emitting schemas and listing
|
|
193
|
+
// runnables must never depend on who is running them.
|
|
194
|
+
return parse({ ...opts, argv: [], _enforceRequiredCommand: false, _promptSecrets: false, _checkRunAs: false });
|
|
171
195
|
}
|
|
172
196
|
function inferFromArgv() {
|
|
173
197
|
const argv1 = process.argv[1] ?? '';
|
package/dist/parser.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"parser.js","sourceRoot":"","sources":["../src/parser.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAuBA,sBA6IC;AAED,4BAGC;AAwOD,8BAwEC;AAzdD,2CAA6B;AAC7B,uCAAyB;AACzB,iDAAyC;AACzC,qCAAsC;AACtC,qCAAmC;AACnC,2CAA6D;AAC7D,mCAAiC;AACjC,2CAA0E;AAC1E,qCAA8D;AAC9D,mDAAyE;AAczE,SAAgB,KAAK,CAAC,OAAqB,EAAE;IAC3C,MAAM,EAAE,UAAU,EAAE,IAAI,EAAE,YAAY,EAAE,GAAG,EAAE,UAAU,EAAE,kBAAkB,EAAE,uBAAuB,GAAG,IAAI,EAAE,cAAc,GAAG,IAAI,EAAE,GAAG,IAAI,CAAC;IAE5I,MAAM,EAAE,UAAU,EAAE,GAAG,kBAAkB,CAAC,CAAC,CAAC,EAAE,UAAU,EAAE,kBAAkB,EAAE,CAAC,CAAC,CAAC,IAAA,mBAAU,EAAC,GAAG,CAAC,CAAC;IACjG,MAAM,GAAG,GAAG,IAAA,gBAAO,EAAC,UAAU,CAAC,CAAC;IAChC,MAAM,MAAM,GAAG,GAAG,CAAC,MAAM,CAAC;IAE1B,sEAAsE;IACtE,2EAA2E;IAC3E,6EAA6E;IAC7E,yEAAyE;IACzE,wEAAwE;IACxE,2EAA2E;IAC3E,yEAAyE;IACzE,0EAA0E;IAC1E,yDAAyD;IACzD,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;QACnB,MAAM,SAAS,GAAG,YAAY,IAAI,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;QACxD,IAAA,oCAAoB,EAAC,SAAS,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC,CAAC;IACtD,CAAC;IAED,MAAM,IAAI,GAAG,UAAU,IAAI,aAAa,EAAE,CAAC;IAC3C,IAAI,CAAC,IAAI;QAAE,MAAM,IAAI,qBAAY,CAAC,+DAA+D,CAAC,CAAC;IACnG,IAAI,IAAI,KAAK,QAAQ;QAAE,MAAM,IAAI,qBAAY,CAAC,sEAAsE,CAAC,CAAC;IAEtH,IAAI,CAAC,CAAC,IAAI,IAAI,GAAG,CAAC,SAAS,CAAC,EAAE,CAAC;QAC7B,MAAM,SAAS,GAAG,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,QAAQ,CAAC;QACpE,MAAM,IAAI,qBAAY,CAAC,gBAAgB,IAAI,+BAA+B,SAAS,gBAAgB,UAAU,EAAE,CAAC,CAAC;IACnH,CAAC;IAED,IAAI,SAAS,GAAG,IAAA,uBAAW,EAAC,GAAG,CAAC,SAAS,CAAC,IAAI,CAAC,EAAE,MAAM,CAAC,eAAe,CAAC,CAAC;IAEzE,6DAA6D;IAC7D,4EAA4E;IAC5E,sEAAsE;IACtE,IAAI,MAAM,CAAC,OAAO,IAAI,CAAC,CAAC,OAAO,IAAI,SAAS,CAAC,IAAI,CAAC,EAAE,CAAC;QACnD,SAAS,GAAG;YACV,GAAG,SAAS;YACZ,IAAI,EAAE;gBACJ,GAAG,SAAS,CAAC,IAAI;gBACjB,OAAO,EAAE;oBACP,IAAI,EAAE,OAAO;oBACb,IAAI,EAAE,MAAM;oBACZ,OAAO,EAAE,KAAK;oBACd,QAAQ,EAAE,KAAK;oBACf,WAAW,EAAE,8CAA8C;oBAC3D,QAAQ,EAAE,KAAK;iBAChB;aACF;SACF,CAAC;IACJ,CAAC;IAED,IAAI,IAAI,GAAG,YAAY,IAAI,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;IACjD,IAAI,YAAY,GAAG,SAAS,CAAC;IAC7B,IAAI,WAAW,GAAa,EAAE,CAAC;IAE/B,8EAA8E;IAC9E,OAAO,IAAI,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACvB,MAAM,IAAI,GAAG,YAAY,CAAC,QAAQ,IAAI,EAAE,CAAC;QACzC,IAAI,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,MAAM,KAAK,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC;YAAE,MAAM;QAChE,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC;QAC1B,YAAY,GAAG,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC;QAC7B,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;IACvB,CAAC;IAED,IAAI,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;QACnD,SAAS,CAAC,IAAI,EAAE,YAAY,EAAE,WAAW,CAAC,CAAC;QAC3C,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IAED,4EAA4E;IAC5E,4EAA4E;IAC5E,8EAA8E;IAC9E,2EAA2E;IAC3E,sDAAsD;IACtD,IACE,uBAAuB;QACvB,YAAY,CAAC,cAAc;QAC3B,MAAM,CAAC,IAAI,CAAC,YAAY,CAAC,QAAQ,IAAI,EAAE,CAAC,CAAC,MAAM,GAAG,CAAC,EACnD,CAAC;QACD,MAAM,IAAI,qBAAY,CACpB,IAAA,6BAAoB,EAAC,CAAC,IAAI,EAAE,GAAG,WAAW,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,MAAM,CAAC,IAAI,CAAC,YAAY,CAAC,QAAQ,CAAC,CAAC,CAC3F,CAAC;IACJ,CAAC;IAED,IAAI,YAAY,GAAG,SAAS,CAAC,IAAI,EAAE,YAAY,CAAC,IAAI,IAAI,EAAE,CAAC,CAAC;IAC5D,YAAY,GAAG,QAAQ,CAAC,YAAY,EAAE,YAAY,CAAC,IAAI,IAAI,EAAE,EAAE,IAAI,CAAC,CAAC;IACrE,YAAY,GAAG,aAAa,CAAC,YAAY,EAAE,YAAY,CAAC,IAAI,IAAI,EAAE,CAAC,CAAC;IAEpE,+EAA+E;IAC/E,+EAA+E;IAC/E,+EAA+E;IAC/E,kDAAkD;IAClD,MAAM,UAAU,GAAG,CAAC,GAAG,EAAE,MAAM,EAAE,KAAK,CAAC,CAAC,QAAQ,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC,IAAI,EAAE,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC;IACrG,IAAI,cAAc,EAAE,CAAC;QACnB,YAAY,GAAG,eAAe,CAAC,YAAY,EAAE,YAAY,CAAC,IAAI,IAAI,EAAE,EAAE,UAAU,CAAC,CAAC;IACpF,CAAC;IAED,IAAA,yBAAa,EAAC,IAAA,wBAAY,EAAC,YAAY,EAAE,YAAY,CAAC,IAAI,IAAI,EAAE,CAAC,CAAC,CAAC;IACnE,IAAA,yBAAa,EAAC,IAAA,0BAAc,EAAC,YAAY,EAAE,YAAY,CAAC,MAAM,IAAI,EAAE,CAAC,CAAC,CAAC;IAEvE,MAAM,aAAa,GAAG,YAAY,CAAC,YAAY,EAAE,YAAY,CAAC,IAAI,IAAI,EAAE,CAAC,CAAC;IAE1E,MAAM,QAAQ,GAAG,IAAA,6BAAiB,EAChC,YAAY,CAAC,QAAQ,IAAI,MAAM,CAAC,eAAe,EAC/C,YAAY,EACZ,YAAY,CAAC,IAAI,IAAI,EAAE,CACxB,CAAC;IAEF,MAAM,KAAK,GAAG,CAAC,GAAG,EAAE,MAAM,EAAE,KAAK,CAAC,CAAC,QAAQ,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC,IAAI,EAAE,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC;IAEhG,MAAM,KAAK,GAAG,MAAM,CAAC,OAAO;QAC1B,CAAC,CAAC,OAAO,CAAC,aAAa,CAAC,OAAO,CAAC,IAAI,KAAK,CAAC;QAC1C,CAAC,CAAC,KAAK,CAAC;IAEV,IAAI,CAAC;QACH,IAAA,gCAAgB,EAAC;YACf,MAAM,EAAE,MAAM,CAAC,OAAO;YACtB,YAAY,EAAE,IAAI;YAClB,UAAU;YACV,KAAK;YACL,QAAQ;YACR,KAAK;YACL,WAAW;SACZ,CAAC,CAAC;IACL,CAAC;IAAC,OAAO,CAAC,EAAE,CAAC;QACX,MAAM,IAAI,qBAAY,CAAE,CAAW,CAAC,OAAO,CAAC,CAAC;IAC/C,CAAC;IAED,OAAO;QACL,GAAG,aAAa;QAChB,iBAAiB,EAAE,KAAK;QACxB,kBAAkB,EAAE,IAAI;QACxB,wBAAwB,EAAE,WAAW;QACrC,oBAAoB,EAAE,QAAQ;QAC9B,kBAAkB,EAAE,UAAU;QAC9B,gBAAgB,EAAE,YAAY;QAC9B,IAAI,eAAe,KAAK,OAAO,WAAW,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,WAAW,CAAC,WAAW,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC;QAC1G,IAAI,oBAAoB,KAAK,OAAO,WAAW,CAAC,CAAC,CAAC;QAClD,IAAI,cAAc,KAAK,OAAO,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC;KAC5C,CAAC;AAClB,CAAC;AAED,SAAgB,QAAQ,CAAC,OAAqB,EAAE;IAC9C,6EAA6E;IAC7E,OAAO,KAAK,CAAC,EAAE,GAAG,IAAI,EAAE,IAAI,EAAE,EAAE,EAAE,uBAAuB,EAAE,KAAK,EAAE,cAAc,EAAE,KAAK,EAAE,CAAC,CAAC;AAC7F,CAAC;AAED,SAAS,aAAa;IACpB,MAAM,KAAK,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;IACpC,OAAO,IAAI,CAAC,QAAQ,CAAC,KAAK,EAAE,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,IAAI,SAAS,CAAC;AAChE,CAAC;AAED,SAAS,SAAS,CAAC,IAAc,EAAE,QAAiC;IAClE,MAAM,OAAO,GAA2B,EAAE,CAAC;IAC3C,MAAM,QAAQ,GAA2B,EAAE,CAAC;IAE5C,KAAK,MAAM,CAAC,IAAI,EAAE,IAAI,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE,CAAC;QACpD,MAAM,IAAI,GAAG,IAAI,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;QACrC,OAAO,CAAC,KAAK,IAAI,EAAE,CAAC,GAAG,IAAI,CAAC;QAC5B,OAAO,CAAC,KAAK,IAAI,EAAE,CAAC,GAAG,IAAI,CAAC;QAC5B,IAAI,IAAI,CAAC,KAAK;YAAE,QAAQ,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,IAAI,CAAC;IAC9C,CAAC;IAED,6FAA6F;IAC7F,MAAM,cAAc,GAAG,MAAM,CAAC,OAAO,CAAC,QAAQ,CAAC;SAC5C,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,SAAS,CAAC;SAC3C,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,QAAQ,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,QAAQ,IAAI,CAAC,CAAC,CAAC;SAC7D,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC,CAAC;IAC5C,MAAM,WAAW,GAAG,MAAM,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,MAAM,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;IAEzG,MAAM,MAAM,GAA4B,EAAE,CAAC;IAC3C,KAAK,MAAM,IAAI,IAAI,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC;QACzC,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC,GAAG,SAAS,CAAC;IAC9C,CAAC;IAED,IAAI,eAAe,GAAG,CAAC,CAAC;IACxB,IAAI,CAAC,GAAG,CAAC,CAAC;IACV,OAAO,CAAC,GAAG,IAAI,CAAC,MAAM,EAAE,CAAC;QACvB,MAAM,KAAK,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC;QAEtB,sDAAsD;QACtD,IAAI,KAAK,KAAK,IAAI,EAAE,CAAC;YACnB,IAAI,WAAW,KAAK,SAAS;gBAAE,MAAM,CAAC,WAAW,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;YACvE,MAAM;QACR,CAAC;QAED,IAAI,KAAK,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,KAAK,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;YAClD,MAAM,KAAK,GAAG,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;YACjC,MAAM,GAAG,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC;YAClC,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,KAAK,GAAG,CAAC,CAAC,CAAC;YACrC,MAAM,IAAI,GAAG,OAAO,CAAC,GAAG,CAAC,CAAC;YAC1B,IAAI,IAAI,EAAE,CAAC;gBACT,MAAM,UAAU,GAAG,IAAI,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;gBAC3C,MAAM,IAAI,GAAG,QAAQ,CAAC,UAAU,CAAC,IAAI,QAAQ,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;gBAC1D,IAAK,IAAgB,CAAC,IAAI,KAAK,UAAU;oBAAE,mBAAmB,CAAC,IAAI,CAAC,CAAC;gBACrE,MAAM,CAAC,IAAI,CAAC,GAAG,WAAW,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,IAAI,CAAC,CAAC;YACxD,CAAC;YACD,CAAC,EAAE,CAAC;YACJ,SAAS;QACX,CAAC;QAED,MAAM,IAAI,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,QAAQ,CAAC,KAAK,CAAC,CAAC;QAC/C,IAAI,IAAI,EAAE,CAAC;YACT,MAAM,UAAU,GAAG,IAAI,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;YAC3C,MAAM,IAAI,GAAG,QAAQ,CAAC,UAAU,CAAC,IAAI,QAAQ,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;YAC1D,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,IAAI,KAAK,CAAC;YAEnC,IAAI,OAAO,KAAK,UAAU;gBAAE,mBAAmB,CAAC,IAAI,CAAC,CAAC;YAEtD,IAAI,OAAO,KAAK,MAAM,EAAE,CAAC;gBACvB,MAAM,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC;gBACpB,CAAC,EAAE,CAAC;YACN,CAAC;iBAAM,IAAI,CAAC,GAAG,CAAC,GAAG,IAAI,CAAC,MAAM,IAAI,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;gBAC/D,MAAM,GAAG,GAAG,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;gBACxB,MAAM,SAAS,GAAG,IAAI,CAAC,SAAS,CAAC;gBACjC,MAAM,MAAM,GAAsB,SAAS,CAAC,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC;gBACzE,MAAM,CAAC,IAAI,CAAC,GAAG,WAAW,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,IAAI,CAAC,CAAC;gBACvD,CAAC,IAAI,CAAC,CAAC;YACT,CAAC;iBAAM,CAAC;gBACN,MAAM,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC;gBACpB,CAAC,EAAE,CAAC;YACN,CAAC;YACD,SAAS;QACX,CAAC;QAED,6DAA6D;QAC7D,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,eAAe,GAAG,cAAc,CAAC,MAAM,EAAE,CAAC;YACtE,MAAM,CAAC,cAAc,CAAC,eAAe,CAAC,CAAC,GAAG,KAAK,CAAC;YAChD,eAAe,EAAE,CAAC;QACpB,CAAC;QAED,CAAC,EAAE,CAAC;IACN,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,SAAS,WAAW,CAAC,OAAgB,EAAE,KAAc,EAAE,IAAa;IAClE,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;QAClB,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC;YAAE,OAAO,CAAC,GAAG,CAAE,OAAqB,IAAI,EAAE,CAAC,EAAE,GAAG,KAAK,CAAC,CAAC;QAC/E,OAAO,CAAC,GAAG,CAAE,OAAqB,IAAI,EAAE,CAAC,EAAE,KAAK,CAAC,CAAC;IACpD,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,iFAAiF;AACjF,6EAA6E;AAC7E,kFAAkF;AAClF,sDAAsD;AACtD,SAAS,mBAAmB,CAAC,IAAY;IACvC,MAAM,IAAI,GAAG,IAAI,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;IACrC,MAAM,OAAO,GAAG,0BAA0B,IAAI,CAAC,WAAW,EAAE,EAAE,CAAC;IAC/D,MAAM,IAAI,qBAAY,CACpB,QAAQ,IAAI,4DAA4D;QACtE,kCAAkC,OAAO,wBAAwB;QACjE,qDAAqD,CACxD,CAAC;AACJ,CAAC;AAED,gFAAgF;AAChF,+EAA+E;AAC/E,iFAAiF;AACjF,6BAA6B;AAC7B,SAAS,eAAe,CACtB,MAA+B,EAC/B,QAAiC,EACjC,KAAc;IAEd,IAAI,KAAK,IAAI,OAAO,CAAC,QAAQ,KAAK,OAAO,IAAI,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC,KAAK,IAAI,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC;QAC5F,OAAO,MAAM,CAAC;IAChB,CAAC;IACD,MAAM,MAAM,GAAG,EAAE,GAAG,MAAM,EAAE,CAAC;IAC7B,KAAK,MAAM,CAAC,IAAI,EAAE,IAAI,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE,CAAC;QACpD,IAAI,IAAI,CAAC,IAAI,KAAK,UAAU;YAAE,SAAS;QACvC,MAAM,IAAI,GAAG,IAAI,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;QACrC,IAAI,MAAM,CAAC,IAAI,CAAC,KAAK,SAAS,IAAI,MAAM,CAAC,IAAI,CAAC,KAAK,IAAI;YAAE,SAAS;QAClE,IAAI,CAAC,IAAI,CAAC,QAAQ;YAAE,SAAS;QAC7B,MAAM,KAAK,GAAG,cAAc,CAAC,GAAG,IAAI,IAAI,CAAC,CAAC;QAC1C,IAAI,KAAK;YAAE,MAAM,CAAC,IAAI,CAAC,GAAG,KAAK,CAAC;IAClC,CAAC;IACD,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,4EAA4E;AAC5E,4EAA4E;AAC5E,SAAS,cAAc,CAAC,MAAc;IACpC,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;IAC7B,IAAI,CAAC;QACH,IAAI,CAAC;YACH,IAAA,wBAAQ,EAAC,YAAY,EAAE,EAAE,KAAK,EAAE,SAAS,EAAE,CAAC,CAAC;QAC/C,CAAC;QAAC,MAAM,CAAC;YACP,kDAAkD;QACpD,CAAC;QACD,MAAM,KAAK,GAAa,EAAE,CAAC;QAC3B,MAAM,GAAG,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;QAC5B,SAAS,CAAC;YACR,IAAI,CAAS,CAAC;YACd,IAAI,CAAC;gBACH,CAAC,GAAG,EAAE,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,CAAC,EAAE,IAAI,CAAC,CAAC;YACtC,CAAC;YAAC,OAAO,CAAC,EAAE,CAAC;gBACX,IAAK,CAA2B,CAAC,IAAI,KAAK,QAAQ;oBAAE,SAAS;gBAC7D,MAAM;YACR,CAAC;YACD,IAAI,CAAC,KAAK,CAAC;gBAAE,MAAM;YACnB,MAAM,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC,CAAC;YACjB,IAAI,CAAC,KAAK,IAAI;gBAAE,MAAM,CAAC,KAAK;YAC5B,IAAI,CAAC,KAAK,IAAI;gBAAE,SAAS,CAAC,KAAK;YAC/B,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAChB,CAAC;QACD,OAAO,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;IAC7C,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,CAAC;IACZ,CAAC;YAAS,CAAC;QACT,IAAI,CAAC;YACH,IAAA,wBAAQ,EAAC,WAAW,EAAE,EAAE,KAAK,EAAE,SAAS,EAAE,CAAC,CAAC;QAC9C,CAAC;QAAC,MAAM,CAAC;YACP,YAAY;QACd,CAAC;QACD,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAC7B,CAAC;AACH,CAAC;AAED,SAAS,QAAQ,CAAC,MAA+B,EAAE,QAAiC,EAAE,YAAoB;IACxG,MAAM,cAAc,GAAG,YAAY,CAAC,WAAW,EAAE,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;IACrE,MAAM,MAAM,GAAG,EAAE,GAAG,MAAM,EAAE,CAAC;IAC7B,KAAK,MAAM,CAAC,IAAI,EAAE,IAAI,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE,CAAC;QACpD,MAAM,IAAI,GAAG,IAAI,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;QACrC,IAAI,MAAM,CAAC,IAAI,CAAC,KAAK,IAAI,IAAI,MAAM,CAAC,IAAI,CAAC,KAAK,SAAS;YAAE,SAAS;QAClE,sDAAsD;QACtD,MAAM,OAAO,GAAG,WAAW,cAAc,OAAO,GAAG,IAAI,CAAC,WAAW,EAAE,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;QACzF,MAAM,OAAO,GAAG,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;QACrC,IAAI,OAAO,KAAK,SAAS,EAAE,CAAC;YAC1B,MAAM,CAAC,IAAI,CAAC,GAAG,OAAO,CAAC;YACvB,SAAS;QACX,CAAC;QACD,sCAAsC;QACtC,MAAM,OAAO,GAAG,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;QAClF,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE,CAAC;YAC5B,MAAM,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;YAClC,IAAI,MAAM,KAAK,SAAS,EAAE,CAAC;gBACzB,MAAM,CAAC,IAAI,CAAC,GAAG,MAAM,CAAC;gBACtB,MAAM;YACR,CAAC;QACH,CAAC;IACH,CAAC;IACD,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,SAAS,aAAa,CAAC,MAA+B,EAAE,QAAiC;IACvF,MAAM,MAAM,GAAG,EAAE,GAAG,MAAM,EAAE,CAAC;IAC7B,KAAK,MAAM,CAAC,IAAI,EAAE,IAAI,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE,CAAC;QACpD,MAAM,IAAI,GAAG,IAAI,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;QACrC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,KAAK,IAAI,IAAI,MAAM,CAAC,IAAI,CAAC,KAAK,SAAS,CAAC,IAAI,IAAI,CAAC,OAAO,KAAK,SAAS,IAAI,IAAI,CAAC,OAAO,KAAK,IAAI,EAAE,CAAC;YACjH,MAAM,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC,OAAO,CAAC;QAC9B,CAAC;IACH,CAAC;IACD,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,SAAS,YAAY,CAAC,MAA+B,EAAE,QAAiC;IACtF,MAAM,MAAM,GAA4B,EAAE,CAAC;IAC3C,KAAK,MAAM,CAAC,IAAI,EAAE,IAAI,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE,CAAC;QACpD,MAAM,IAAI,GAAG,IAAI,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;QACrC,MAAM,KAAK,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC;QAC3B,IAAI,KAAK,KAAK,IAAI,IAAI,KAAK,KAAK,SAAS,EAAE,CAAC;YAC1C,MAAM,CAAC,IAAI,CAAC,GAAG,SAAS,CAAC;YACzB,SAAS;QACX,CAAC;QACD,IAAI,CAAC;YACH,MAAM,CAAC,IAAI,CAAC,GAAG,IAAA,cAAM,EAAC,KAAK,EAAE,IAAI,CAAC,CAAC;QACrC,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,MAAM,IAAI,qBAAY,CAAC,MAAO,CAAW,CAAC,OAAO,EAAE,CAAC,CAAC;QACvD,CAAC;IACH,CAAC;IACD,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,SAAgB,SAAS,CAAC,IAAY,EAAE,MAAkB,EAAE,cAAwB,EAAE;IACpF,MAAM,QAAQ,GAAG,CAAC,IAAI,EAAE,GAAG,WAAW,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IAClD,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,IAAI,EAAE,CAAC;IAC/B,MAAM,QAAQ,GAAG,MAAM,CAAC,QAAQ,IAAI,EAAE,CAAC;IAEvC,mFAAmF;IACnF,MAAM,OAAO,GAAG,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;IACrC,MAAM,cAAc,GAAG,OAAO;SAC3B,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,SAAS,CAAC;SAC3C,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,QAAQ,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,QAAQ,IAAI,CAAC,CAAC,CAAC,CAAC;IACjE,MAAM,QAAQ,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,MAAM,CAAC,CAAC;IAC9D,MAAM,QAAQ,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,SAAS,IAAI,CAAC,CAAC,IAAI,KAAK,MAAM,CAAC,CAAC;IAE1F,qEAAqE;IACrE,MAAM,QAAQ,GAAG,CAAC,IAAyB,EAAU,EAAE,CACrD,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC,IAAI,IAAI,KAAK,GAAG,CAAC;IAE3E,4EAA4E;IAC5E,4DAA4D;IAC5D,MAAM,UAAU,GAAa,CAAC,QAAQ,CAAC,CAAC;IACxC,KAAK,MAAM,CAAC,OAAO,EAAE,IAAI,CAAC,IAAI,QAAQ,EAAE,CAAC;QACvC,MAAM,IAAI,GAAG,KAAK,OAAO,EAAE,CAAC;QAC5B,IAAI,IAAI,CAAC,IAAI,KAAK,MAAM;YAAE,UAAU,CAAC,IAAI,CAAC,IAAI,IAAI,GAAG,CAAC,CAAC;aAClD,IAAI,IAAI,CAAC,QAAQ;YAAE,UAAU,CAAC,IAAI,CAAC,GAAG,IAAI,IAAI,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;;YAChE,UAAU,CAAC,IAAI,CAAC,IAAI,IAAI,IAAI,QAAQ,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IACtD,CAAC;IACD,KAAK,MAAM,CAAC,OAAO,EAAE,IAAI,CAAC,IAAI,cAAc,EAAE,CAAC;QAC7C,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,OAAO,GAAG,CAAC,CAAC,CAAC,KAAK,OAAO,IAAI,CAAC,CAAC;IACrE,CAAC;IACD,IAAI,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,MAAM,GAAG,CAAC;QAAE,UAAU,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;IACnE,KAAK,MAAM,CAAC,OAAO,CAAC,IAAI,QAAQ,EAAE,CAAC;QACjC,UAAU,CAAC,IAAI,CAAC,QAAQ,OAAO,OAAO,CAAC,CAAC;IAC1C,CAAC;IAED,OAAO,CAAC,GAAG,CAAC,UAAU,UAAU,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAC9C,IAAI,MAAM,CAAC,WAAW;QAAE,OAAO,CAAC,GAAG,CAAC,KAAK,MAAM,CAAC,WAAW,EAAE,CAAC,CAAC;IAE/D,mBAAmB;IACnB,IAAI,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACrC,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,cAAc,CAAC,CAAC,CAAC,wBAAwB,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC;QAC9E,MAAM,MAAM,GAAG,IAAI,CAAC,GAAG,CAAC,GAAG,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,GAAG,CAAC,CAAC;QAC3E,KAAK,MAAM,CAAC,OAAO,EAAE,OAAO,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE,CAAC;YAC1D,MAAM,IAAI,GAAG,OAAO,CAAC,WAAW,IAAI,EAAE,CAAC;YACvC,OAAO,CAAC,GAAG,CAAC,KAAK,OAAO,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,IAAI,EAAE,CAAC,CAAC;QACrD,CAAC;IACH,CAAC;IAED,IAAI,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACjC,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC;QAC5B,KAAK,MAAM,CAAC,OAAO,EAAE,IAAI,CAAC,IAAI,OAAO,EAAE,CAAC;YACtC,MAAM,IAAI,GAAG,OAAO,OAAO,EAAE,CAAC;YAC9B,MAAM,KAAK,GAAa,EAAE,CAAC;YAC3B,IAAI,IAAI,CAAC,IAAI,KAAK,MAAM;gBAAE,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;;gBACxC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,IAAI,KAAK,CAAC,CAAC;YACpC,IAAI,IAAI,CAAC,QAAQ;gBAAE,KAAK,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;iBACrC,IAAI,IAAI,CAAC,OAAO,KAAK,SAAS,IAAI,IAAI,CAAC,OAAO,KAAK,IAAI;gBAAE,KAAK,CAAC,IAAI,CAAC,YAAY,IAAI,CAAC,OAAO,EAAE,CAAC,CAAC;YACrG,IAAI,IAAI,CAAC,OAAO;gBAAE,KAAK,CAAC,IAAI,CAAC,WAAW,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;YACnE,MAAM,IAAI,GAAG,IAAI,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC;YACrC,IAAI,IAAI,CAAC,WAAW;gBAAE,OAAO,CAAC,GAAG,CAAC,GAAG,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC,IAAI,IAAI,CAAC,WAAW,KAAK,IAAI,EAAE,CAAC,CAAC;;gBAChF,OAAO,CAAC,GAAG,CAAC,GAAG,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC,IAAI,IAAI,EAAE,CAAC,CAAC;QACjD,CAAC;IACH,CAAC;IAED,IAAI,MAAM,CAAC,QAAQ,EAAE,CAAC;QACpB,OAAO,CAAC,GAAG,CAAC,eAAe,MAAM,CAAC,QAAQ,EAAE,CAAC,CAAC;QAC9C,IAAI,MAAM,CAAC,cAAc;YAAE,OAAO,CAAC,GAAG,CAAC,KAAK,MAAM,CAAC,cAAc,EAAE,CAAC,CAAC;IACvE,CAAC;IAED,IAAI,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACrC,OAAO,CAAC,GAAG,CAAC,UAAU,QAAQ,mDAAmD,CAAC,CAAC;IACrF,CAAC;IACD,OAAO,CAAC,GAAG,CAAC,8CAA8C,CAAC,CAAC;AAC9D,CAAC"}
|
|
1
|
+
{"version":3,"file":"parser.js","sourceRoot":"","sources":["../src/parser.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AA2BA,sBAiKC;AAED,4BAKC;AAwOD,8BAwEC;AAnfD,2CAA6B;AAC7B,uCAAyB;AACzB,uCAAyB;AACzB,iDAAyC;AACzC,qCAAsC;AACtC,qCAAmC;AACnC,2CAA6D;AAC7D,mCAAiC;AACjC,2CAA0E;AAC1E,qCAA6D;AAC7D,qCAAkG;AAClG,mDAAyE;AAgBzE,SAAgB,KAAK,CAAC,OAAqB,EAAE;IAC3C,MAAM,EAAE,UAAU,EAAE,IAAI,EAAE,YAAY,EAAE,GAAG,EAAE,UAAU,EAAE,kBAAkB,EAAE,uBAAuB,GAAG,IAAI,EAAE,cAAc,GAAG,IAAI,EAAE,WAAW,GAAG,IAAI,EAAE,GAAG,IAAI,CAAC;IAEhK,MAAM,EAAE,UAAU,EAAE,GAAG,kBAAkB,CAAC,CAAC,CAAC,EAAE,UAAU,EAAE,kBAAkB,EAAE,CAAC,CAAC,CAAC,IAAA,mBAAU,EAAC,GAAG,CAAC,CAAC;IACjG,MAAM,GAAG,GAAG,IAAA,gBAAO,EAAC,UAAU,CAAC,CAAC;IAChC,MAAM,MAAM,GAAG,GAAG,CAAC,MAAM,CAAC;IAE1B,sEAAsE;IACtE,2EAA2E;IAC3E,6EAA6E;IAC7E,yEAAyE;IACzE,wEAAwE;IACxE,2EAA2E;IAC3E,yEAAyE;IACzE,0EAA0E;IAC1E,yDAAyD;IACzD,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;QACnB,MAAM,SAAS,GAAG,YAAY,IAAI,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;QACxD,IAAA,oCAAoB,EAAC,SAAS,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC,CAAC;IACtD,CAAC;IAED,MAAM,IAAI,GAAG,UAAU,IAAI,aAAa,EAAE,CAAC;IAC3C,IAAI,CAAC,IAAI;QAAE,MAAM,IAAI,qBAAY,CAAC,+DAA+D,CAAC,CAAC;IACnG,IAAI,IAAI,KAAK,QAAQ;QAAE,MAAM,IAAI,qBAAY,CAAC,sEAAsE,CAAC,CAAC;IAEtH,IAAI,CAAC,CAAC,IAAI,IAAI,GAAG,CAAC,SAAS,CAAC,EAAE,CAAC;QAC7B,MAAM,SAAS,GAAG,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,QAAQ,CAAC;QACpE,MAAM,IAAI,qBAAY,CAAC,gBAAgB,IAAI,+BAA+B,SAAS,gBAAgB,UAAU,EAAE,CAAC,CAAC;IACnH,CAAC;IAED,IAAI,SAAS,GAAG,IAAA,uBAAW,EAAC,GAAG,CAAC,SAAS,CAAC,IAAI,CAAC,EAAE,MAAM,CAAC,eAAe,CAAC,CAAC;IAEzE,6DAA6D;IAC7D,4EAA4E;IAC5E,sEAAsE;IACtE,IAAI,MAAM,CAAC,OAAO,IAAI,CAAC,CAAC,OAAO,IAAI,SAAS,CAAC,IAAI,CAAC,EAAE,CAAC;QACnD,SAAS,GAAG;YACV,GAAG,SAAS;YACZ,IAAI,EAAE;gBACJ,GAAG,SAAS,CAAC,IAAI;gBACjB,OAAO,EAAE;oBACP,IAAI,EAAE,OAAO;oBACb,IAAI,EAAE,MAAM;oBACZ,OAAO,EAAE,KAAK;oBACd,QAAQ,EAAE,KAAK;oBACf,WAAW,EAAE,8CAA8C;oBAC3D,QAAQ,EAAE,KAAK;iBAChB;aACF;SACF,CAAC;IACJ,CAAC;IAED,IAAI,IAAI,GAAG,YAAY,IAAI,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;IACjD,IAAI,YAAY,GAAG,SAAS,CAAC;IAC7B,IAAI,WAAW,GAAa,EAAE,CAAC;IAE/B,8EAA8E;IAC9E,OAAO,IAAI,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACvB,MAAM,IAAI,GAAG,YAAY,CAAC,QAAQ,IAAI,EAAE,CAAC;QACzC,IAAI,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,MAAM,KAAK,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC;YAAE,MAAM;QAChE,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC;QAC1B,YAAY,GAAG,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC;QAC7B,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;IACvB,CAAC;IAED,IAAI,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;QACnD,SAAS,CAAC,IAAI,EAAE,YAAY,EAAE,WAAW,CAAC,CAAC;QAC3C,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IAED,wEAAwE;IACxE,4EAA4E;IAC5E,4EAA4E;IAC5E,0EAA0E;IAC1E,4EAA4E;IAC5E,mEAAmE;IACnE,2EAA2E;IAC3E,IAAI,WAAW,EAAE,CAAC;QAChB,MAAM,QAAQ,GAAG,GAAG,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;QACrC,MAAM,MAAM,GAAG,IAAA,4BAAmB,EAAC,IAAA,qBAAY,EAAC,QAAQ,CAAC,KAAK,EAAE,EAAE,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC;QAChF,IAAI,MAAM,EAAE,CAAC;YACX,MAAM,KAAK,GAAG,QAAQ,CAAC,YAAY,IAAI,MAAM,CAAC,YAAY,IAAI,OAAO,CAAC;YACtE,IAAI,KAAK,KAAK,MAAM,EAAE,CAAC;gBACrB,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,MAAM,IAAI,KAAK,MAAM,4CAA4C,CAAC,CAAC;YAC1F,CAAC;iBAAM,IAAI,KAAK,KAAK,KAAK,EAAE,CAAC;gBAC3B,MAAM,IAAI,sBAAa,CAAC,IAAA,4BAAmB,EAAC,IAAI,EAAE,MAAM,CAAC,CAAC,CAAC;YAC7D,CAAC;QACH,CAAC;IACH,CAAC;IAED,4EAA4E;IAC5E,4EAA4E;IAC5E,8EAA8E;IAC9E,2EAA2E;IAC3E,sDAAsD;IACtD,IACE,uBAAuB;QACvB,YAAY,CAAC,cAAc;QAC3B,MAAM,CAAC,IAAI,CAAC,YAAY,CAAC,QAAQ,IAAI,EAAE,CAAC,CAAC,MAAM,GAAG,CAAC,EACnD,CAAC;QACD,MAAM,IAAI,qBAAY,CACpB,IAAA,6BAAoB,EAAC,CAAC,IAAI,EAAE,GAAG,WAAW,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,MAAM,CAAC,IAAI,CAAC,YAAY,CAAC,QAAQ,CAAC,CAAC,CAC3F,CAAC;IACJ,CAAC;IAED,IAAI,YAAY,GAAG,SAAS,CAAC,IAAI,EAAE,YAAY,CAAC,IAAI,IAAI,EAAE,CAAC,CAAC;IAC5D,YAAY,GAAG,QAAQ,CAAC,YAAY,EAAE,YAAY,CAAC,IAAI,IAAI,EAAE,EAAE,IAAI,CAAC,CAAC;IACrE,YAAY,GAAG,aAAa,CAAC,YAAY,EAAE,YAAY,CAAC,IAAI,IAAI,EAAE,CAAC,CAAC;IAEpE,+EAA+E;IAC/E,+EAA+E;IAC/E,+EAA+E;IAC/E,kDAAkD;IAClD,MAAM,UAAU,GAAG,CAAC,GAAG,EAAE,MAAM,EAAE,KAAK,CAAC,CAAC,QAAQ,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC,IAAI,EAAE,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC;IACrG,IAAI,cAAc,EAAE,CAAC;QACnB,YAAY,GAAG,eAAe,CAAC,YAAY,EAAE,YAAY,CAAC,IAAI,IAAI,EAAE,EAAE,UAAU,CAAC,CAAC;IACpF,CAAC;IAED,IAAA,yBAAa,EAAC,IAAA,wBAAY,EAAC,YAAY,EAAE,YAAY,CAAC,IAAI,IAAI,EAAE,CAAC,CAAC,CAAC;IACnE,IAAA,yBAAa,EAAC,IAAA,0BAAc,EAAC,YAAY,EAAE,YAAY,CAAC,MAAM,IAAI,EAAE,CAAC,CAAC,CAAC;IAEvE,MAAM,aAAa,GAAG,YAAY,CAAC,YAAY,EAAE,YAAY,CAAC,IAAI,IAAI,EAAE,CAAC,CAAC;IAE1E,MAAM,QAAQ,GAAG,IAAA,6BAAiB,EAChC,YAAY,CAAC,QAAQ,IAAI,MAAM,CAAC,eAAe,EAC/C,YAAY,EACZ,YAAY,CAAC,IAAI,IAAI,EAAE,CACxB,CAAC;IAEF,MAAM,KAAK,GAAG,CAAC,GAAG,EAAE,MAAM,EAAE,KAAK,CAAC,CAAC,QAAQ,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC,IAAI,EAAE,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC;IAEhG,MAAM,KAAK,GAAG,MAAM,CAAC,OAAO;QAC1B,CAAC,CAAC,OAAO,CAAC,aAAa,CAAC,OAAO,CAAC,IAAI,KAAK,CAAC;QAC1C,CAAC,CAAC,KAAK,CAAC;IAEV,IAAI,CAAC;QACH,IAAA,gCAAgB,EAAC;YACf,MAAM,EAAE,MAAM,CAAC,OAAO;YACtB,YAAY,EAAE,IAAI;YAClB,UAAU;YACV,KAAK;YACL,QAAQ;YACR,KAAK;YACL,WAAW;SACZ,CAAC,CAAC;IACL,CAAC;IAAC,OAAO,CAAC,EAAE,CAAC;QACX,MAAM,IAAI,qBAAY,CAAE,CAAW,CAAC,OAAO,CAAC,CAAC;IAC/C,CAAC;IAED,OAAO;QACL,GAAG,aAAa;QAChB,iBAAiB,EAAE,KAAK;QACxB,kBAAkB,EAAE,IAAI;QACxB,wBAAwB,EAAE,WAAW;QACrC,oBAAoB,EAAE,QAAQ;QAC9B,kBAAkB,EAAE,UAAU;QAC9B,gBAAgB,EAAE,YAAY;QAC9B,IAAI,eAAe,KAAK,OAAO,WAAW,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,WAAW,CAAC,WAAW,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC;QAC1G,IAAI,oBAAoB,KAAK,OAAO,WAAW,CAAC,CAAC,CAAC;QAClD,IAAI,cAAc,KAAK,OAAO,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC;KAC5C,CAAC;AAClB,CAAC;AAED,SAAgB,QAAQ,CAAC,OAAqB,EAAE;IAC9C,6EAA6E;IAC7E,8EAA8E;IAC9E,sDAAsD;IACtD,OAAO,KAAK,CAAC,EAAE,GAAG,IAAI,EAAE,IAAI,EAAE,EAAE,EAAE,uBAAuB,EAAE,KAAK,EAAE,cAAc,EAAE,KAAK,EAAE,WAAW,EAAE,KAAK,EAAE,CAAC,CAAC;AACjH,CAAC;AAED,SAAS,aAAa;IACpB,MAAM,KAAK,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;IACpC,OAAO,IAAI,CAAC,QAAQ,CAAC,KAAK,EAAE,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,IAAI,SAAS,CAAC;AAChE,CAAC;AAED,SAAS,SAAS,CAAC,IAAc,EAAE,QAAiC;IAClE,MAAM,OAAO,GAA2B,EAAE,CAAC;IAC3C,MAAM,QAAQ,GAA2B,EAAE,CAAC;IAE5C,KAAK,MAAM,CAAC,IAAI,EAAE,IAAI,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE,CAAC;QACpD,MAAM,IAAI,GAAG,IAAI,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;QACrC,OAAO,CAAC,KAAK,IAAI,EAAE,CAAC,GAAG,IAAI,CAAC;QAC5B,OAAO,CAAC,KAAK,IAAI,EAAE,CAAC,GAAG,IAAI,CAAC;QAC5B,IAAI,IAAI,CAAC,KAAK;YAAE,QAAQ,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,IAAI,CAAC;IAC9C,CAAC;IAED,6FAA6F;IAC7F,MAAM,cAAc,GAAG,MAAM,CAAC,OAAO,CAAC,QAAQ,CAAC;SAC5C,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,SAAS,CAAC;SAC3C,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,QAAQ,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,QAAQ,IAAI,CAAC,CAAC,CAAC;SAC7D,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC,CAAC;IAC5C,MAAM,WAAW,GAAG,MAAM,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,MAAM,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;IAEzG,MAAM,MAAM,GAA4B,EAAE,CAAC;IAC3C,KAAK,MAAM,IAAI,IAAI,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC;QACzC,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC,GAAG,SAAS,CAAC;IAC9C,CAAC;IAED,IAAI,eAAe,GAAG,CAAC,CAAC;IACxB,IAAI,CAAC,GAAG,CAAC,CAAC;IACV,OAAO,CAAC,GAAG,IAAI,CAAC,MAAM,EAAE,CAAC;QACvB,MAAM,KAAK,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC;QAEtB,sDAAsD;QACtD,IAAI,KAAK,KAAK,IAAI,EAAE,CAAC;YACnB,IAAI,WAAW,KAAK,SAAS;gBAAE,MAAM,CAAC,WAAW,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;YACvE,MAAM;QACR,CAAC;QAED,IAAI,KAAK,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,KAAK,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;YAClD,MAAM,KAAK,GAAG,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;YACjC,MAAM,GAAG,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC;YAClC,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,KAAK,GAAG,CAAC,CAAC,CAAC;YACrC,MAAM,IAAI,GAAG,OAAO,CAAC,GAAG,CAAC,CAAC;YAC1B,IAAI,IAAI,EAAE,CAAC;gBACT,MAAM,UAAU,GAAG,IAAI,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;gBAC3C,MAAM,IAAI,GAAG,QAAQ,CAAC,UAAU,CAAC,IAAI,QAAQ,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;gBAC1D,IAAK,IAAgB,CAAC,IAAI,KAAK,UAAU;oBAAE,mBAAmB,CAAC,IAAI,CAAC,CAAC;gBACrE,MAAM,CAAC,IAAI,CAAC,GAAG,WAAW,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,IAAI,CAAC,CAAC;YACxD,CAAC;YACD,CAAC,EAAE,CAAC;YACJ,SAAS;QACX,CAAC;QAED,MAAM,IAAI,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,QAAQ,CAAC,KAAK,CAAC,CAAC;QAC/C,IAAI,IAAI,EAAE,CAAC;YACT,MAAM,UAAU,GAAG,IAAI,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;YAC3C,MAAM,IAAI,GAAG,QAAQ,CAAC,UAAU,CAAC,IAAI,QAAQ,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;YAC1D,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,IAAI,KAAK,CAAC;YAEnC,IAAI,OAAO,KAAK,UAAU;gBAAE,mBAAmB,CAAC,IAAI,CAAC,CAAC;YAEtD,IAAI,OAAO,KAAK,MAAM,EAAE,CAAC;gBACvB,MAAM,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC;gBACpB,CAAC,EAAE,CAAC;YACN,CAAC;iBAAM,IAAI,CAAC,GAAG,CAAC,GAAG,IAAI,CAAC,MAAM,IAAI,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;gBAC/D,MAAM,GAAG,GAAG,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;gBACxB,MAAM,SAAS,GAAG,IAAI,CAAC,SAAS,CAAC;gBACjC,MAAM,MAAM,GAAsB,SAAS,CAAC,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC;gBACzE,MAAM,CAAC,IAAI,CAAC,GAAG,WAAW,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,IAAI,CAAC,CAAC;gBACvD,CAAC,IAAI,CAAC,CAAC;YACT,CAAC;iBAAM,CAAC;gBACN,MAAM,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC;gBACpB,CAAC,EAAE,CAAC;YACN,CAAC;YACD,SAAS;QACX,CAAC;QAED,6DAA6D;QAC7D,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,eAAe,GAAG,cAAc,CAAC,MAAM,EAAE,CAAC;YACtE,MAAM,CAAC,cAAc,CAAC,eAAe,CAAC,CAAC,GAAG,KAAK,CAAC;YAChD,eAAe,EAAE,CAAC;QACpB,CAAC;QAED,CAAC,EAAE,CAAC;IACN,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,SAAS,WAAW,CAAC,OAAgB,EAAE,KAAc,EAAE,IAAa;IAClE,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;QAClB,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC;YAAE,OAAO,CAAC,GAAG,CAAE,OAAqB,IAAI,EAAE,CAAC,EAAE,GAAG,KAAK,CAAC,CAAC;QAC/E,OAAO,CAAC,GAAG,CAAE,OAAqB,IAAI,EAAE,CAAC,EAAE,KAAK,CAAC,CAAC;IACpD,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,iFAAiF;AACjF,6EAA6E;AAC7E,kFAAkF;AAClF,sDAAsD;AACtD,SAAS,mBAAmB,CAAC,IAAY;IACvC,MAAM,IAAI,GAAG,IAAI,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;IACrC,MAAM,OAAO,GAAG,0BAA0B,IAAI,CAAC,WAAW,EAAE,EAAE,CAAC;IAC/D,MAAM,IAAI,qBAAY,CACpB,QAAQ,IAAI,4DAA4D;QACtE,kCAAkC,OAAO,wBAAwB;QACjE,qDAAqD,CACxD,CAAC;AACJ,CAAC;AAED,gFAAgF;AAChF,+EAA+E;AAC/E,iFAAiF;AACjF,6BAA6B;AAC7B,SAAS,eAAe,CACtB,MAA+B,EAC/B,QAAiC,EACjC,KAAc;IAEd,IAAI,KAAK,IAAI,OAAO,CAAC,QAAQ,KAAK,OAAO,IAAI,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC,KAAK,IAAI,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC;QAC5F,OAAO,MAAM,CAAC;IAChB,CAAC;IACD,MAAM,MAAM,GAAG,EAAE,GAAG,MAAM,EAAE,CAAC;IAC7B,KAAK,MAAM,CAAC,IAAI,EAAE,IAAI,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE,CAAC;QACpD,IAAI,IAAI,CAAC,IAAI,KAAK,UAAU;YAAE,SAAS;QACvC,MAAM,IAAI,GAAG,IAAI,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;QACrC,IAAI,MAAM,CAAC,IAAI,CAAC,KAAK,SAAS,IAAI,MAAM,CAAC,IAAI,CAAC,KAAK,IAAI;YAAE,SAAS;QAClE,IAAI,CAAC,IAAI,CAAC,QAAQ;YAAE,SAAS;QAC7B,MAAM,KAAK,GAAG,cAAc,CAAC,GAAG,IAAI,IAAI,CAAC,CAAC;QAC1C,IAAI,KAAK;YAAE,MAAM,CAAC,IAAI,CAAC,GAAG,KAAK,CAAC;IAClC,CAAC;IACD,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,4EAA4E;AAC5E,4EAA4E;AAC5E,SAAS,cAAc,CAAC,MAAc;IACpC,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;IAC7B,IAAI,CAAC;QACH,IAAI,CAAC;YACH,IAAA,wBAAQ,EAAC,YAAY,EAAE,EAAE,KAAK,EAAE,SAAS,EAAE,CAAC,CAAC;QAC/C,CAAC;QAAC,MAAM,CAAC;YACP,kDAAkD;QACpD,CAAC;QACD,MAAM,KAAK,GAAa,EAAE,CAAC;QAC3B,MAAM,GAAG,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;QAC5B,SAAS,CAAC;YACR,IAAI,CAAS,CAAC;YACd,IAAI,CAAC;gBACH,CAAC,GAAG,EAAE,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,CAAC,EAAE,IAAI,CAAC,CAAC;YACtC,CAAC;YAAC,OAAO,CAAC,EAAE,CAAC;gBACX,IAAK,CAA2B,CAAC,IAAI,KAAK,QAAQ;oBAAE,SAAS;gBAC7D,MAAM;YACR,CAAC;YACD,IAAI,CAAC,KAAK,CAAC;gBAAE,MAAM;YACnB,MAAM,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC,CAAC;YACjB,IAAI,CAAC,KAAK,IAAI;gBAAE,MAAM,CAAC,KAAK;YAC5B,IAAI,CAAC,KAAK,IAAI;gBAAE,SAAS,CAAC,KAAK;YAC/B,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAChB,CAAC;QACD,OAAO,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;IAC7C,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,CAAC;IACZ,CAAC;YAAS,CAAC;QACT,IAAI,CAAC;YACH,IAAA,wBAAQ,EAAC,WAAW,EAAE,EAAE,KAAK,EAAE,SAAS,EAAE,CAAC,CAAC;QAC9C,CAAC;QAAC,MAAM,CAAC;YACP,YAAY;QACd,CAAC;QACD,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAC7B,CAAC;AACH,CAAC;AAED,SAAS,QAAQ,CAAC,MAA+B,EAAE,QAAiC,EAAE,YAAoB;IACxG,MAAM,cAAc,GAAG,YAAY,CAAC,WAAW,EAAE,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;IACrE,MAAM,MAAM,GAAG,EAAE,GAAG,MAAM,EAAE,CAAC;IAC7B,KAAK,MAAM,CAAC,IAAI,EAAE,IAAI,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE,CAAC;QACpD,MAAM,IAAI,GAAG,IAAI,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;QACrC,IAAI,MAAM,CAAC,IAAI,CAAC,KAAK,IAAI,IAAI,MAAM,CAAC,IAAI,CAAC,KAAK,SAAS;YAAE,SAAS;QAClE,sDAAsD;QACtD,MAAM,OAAO,GAAG,WAAW,cAAc,OAAO,GAAG,IAAI,CAAC,WAAW,EAAE,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;QACzF,MAAM,OAAO,GAAG,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;QACrC,IAAI,OAAO,KAAK,SAAS,EAAE,CAAC;YAC1B,MAAM,CAAC,IAAI,CAAC,GAAG,OAAO,CAAC;YACvB,SAAS;QACX,CAAC;QACD,sCAAsC;QACtC,MAAM,OAAO,GAAG,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;QAClF,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE,CAAC;YAC5B,MAAM,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;YAClC,IAAI,MAAM,KAAK,SAAS,EAAE,CAAC;gBACzB,MAAM,CAAC,IAAI,CAAC,GAAG,MAAM,CAAC;gBACtB,MAAM;YACR,CAAC;QACH,CAAC;IACH,CAAC;IACD,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,SAAS,aAAa,CAAC,MAA+B,EAAE,QAAiC;IACvF,MAAM,MAAM,GAAG,EAAE,GAAG,MAAM,EAAE,CAAC;IAC7B,KAAK,MAAM,CAAC,IAAI,EAAE,IAAI,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE,CAAC;QACpD,MAAM,IAAI,GAAG,IAAI,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;QACrC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,KAAK,IAAI,IAAI,MAAM,CAAC,IAAI,CAAC,KAAK,SAAS,CAAC,IAAI,IAAI,CAAC,OAAO,KAAK,SAAS,IAAI,IAAI,CAAC,OAAO,KAAK,IAAI,EAAE,CAAC;YACjH,MAAM,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC,OAAO,CAAC;QAC9B,CAAC;IACH,CAAC;IACD,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,SAAS,YAAY,CAAC,MAA+B,EAAE,QAAiC;IACtF,MAAM,MAAM,GAA4B,EAAE,CAAC;IAC3C,KAAK,MAAM,CAAC,IAAI,EAAE,IAAI,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE,CAAC;QACpD,MAAM,IAAI,GAAG,IAAI,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;QACrC,MAAM,KAAK,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC;QAC3B,IAAI,KAAK,KAAK,IAAI,IAAI,KAAK,KAAK,SAAS,EAAE,CAAC;YAC1C,MAAM,CAAC,IAAI,CAAC,GAAG,SAAS,CAAC;YACzB,SAAS;QACX,CAAC;QACD,IAAI,CAAC;YACH,MAAM,CAAC,IAAI,CAAC,GAAG,IAAA,cAAM,EAAC,KAAK,EAAE,IAAI,CAAC,CAAC;QACrC,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,MAAM,IAAI,qBAAY,CAAC,MAAO,CAAW,CAAC,OAAO,EAAE,CAAC,CAAC;QACvD,CAAC;IACH,CAAC;IACD,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,SAAgB,SAAS,CAAC,IAAY,EAAE,MAAkB,EAAE,cAAwB,EAAE;IACpF,MAAM,QAAQ,GAAG,CAAC,IAAI,EAAE,GAAG,WAAW,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IAClD,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,IAAI,EAAE,CAAC;IAC/B,MAAM,QAAQ,GAAG,MAAM,CAAC,QAAQ,IAAI,EAAE,CAAC;IAEvC,mFAAmF;IACnF,MAAM,OAAO,GAAG,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;IACrC,MAAM,cAAc,GAAG,OAAO;SAC3B,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,SAAS,CAAC;SAC3C,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,QAAQ,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,QAAQ,IAAI,CAAC,CAAC,CAAC,CAAC;IACjE,MAAM,QAAQ,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,MAAM,CAAC,CAAC;IAC9D,MAAM,QAAQ,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,SAAS,IAAI,CAAC,CAAC,IAAI,KAAK,MAAM,CAAC,CAAC;IAE1F,qEAAqE;IACrE,MAAM,QAAQ,GAAG,CAAC,IAAyB,EAAU,EAAE,CACrD,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC,IAAI,IAAI,KAAK,GAAG,CAAC;IAE3E,4EAA4E;IAC5E,4DAA4D;IAC5D,MAAM,UAAU,GAAa,CAAC,QAAQ,CAAC,CAAC;IACxC,KAAK,MAAM,CAAC,OAAO,EAAE,IAAI,CAAC,IAAI,QAAQ,EAAE,CAAC;QACvC,MAAM,IAAI,GAAG,KAAK,OAAO,EAAE,CAAC;QAC5B,IAAI,IAAI,CAAC,IAAI,KAAK,MAAM;YAAE,UAAU,CAAC,IAAI,CAAC,IAAI,IAAI,GAAG,CAAC,CAAC;aAClD,IAAI,IAAI,CAAC,QAAQ;YAAE,UAAU,CAAC,IAAI,CAAC,GAAG,IAAI,IAAI,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;;YAChE,UAAU,CAAC,IAAI,CAAC,IAAI,IAAI,IAAI,QAAQ,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IACtD,CAAC;IACD,KAAK,MAAM,CAAC,OAAO,EAAE,IAAI,CAAC,IAAI,cAAc,EAAE,CAAC;QAC7C,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,OAAO,GAAG,CAAC,CAAC,CAAC,KAAK,OAAO,IAAI,CAAC,CAAC;IACrE,CAAC;IACD,IAAI,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,MAAM,GAAG,CAAC;QAAE,UAAU,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;IACnE,KAAK,MAAM,CAAC,OAAO,CAAC,IAAI,QAAQ,EAAE,CAAC;QACjC,UAAU,CAAC,IAAI,CAAC,QAAQ,OAAO,OAAO,CAAC,CAAC;IAC1C,CAAC;IAED,OAAO,CAAC,GAAG,CAAC,UAAU,UAAU,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAC9C,IAAI,MAAM,CAAC,WAAW;QAAE,OAAO,CAAC,GAAG,CAAC,KAAK,MAAM,CAAC,WAAW,EAAE,CAAC,CAAC;IAE/D,mBAAmB;IACnB,IAAI,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACrC,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,cAAc,CAAC,CAAC,CAAC,wBAAwB,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC;QAC9E,MAAM,MAAM,GAAG,IAAI,CAAC,GAAG,CAAC,GAAG,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,GAAG,CAAC,CAAC;QAC3E,KAAK,MAAM,CAAC,OAAO,EAAE,OAAO,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE,CAAC;YAC1D,MAAM,IAAI,GAAG,OAAO,CAAC,WAAW,IAAI,EAAE,CAAC;YACvC,OAAO,CAAC,GAAG,CAAC,KAAK,OAAO,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,IAAI,EAAE,CAAC,CAAC;QACrD,CAAC;IACH,CAAC;IAED,IAAI,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACjC,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC;QAC5B,KAAK,MAAM,CAAC,OAAO,EAAE,IAAI,CAAC,IAAI,OAAO,EAAE,CAAC;YACtC,MAAM,IAAI,GAAG,OAAO,OAAO,EAAE,CAAC;YAC9B,MAAM,KAAK,GAAa,EAAE,CAAC;YAC3B,IAAI,IAAI,CAAC,IAAI,KAAK,MAAM;gBAAE,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;;gBACxC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,IAAI,KAAK,CAAC,CAAC;YACpC,IAAI,IAAI,CAAC,QAAQ;gBAAE,KAAK,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;iBACrC,IAAI,IAAI,CAAC,OAAO,KAAK,SAAS,IAAI,IAAI,CAAC,OAAO,KAAK,IAAI;gBAAE,KAAK,CAAC,IAAI,CAAC,YAAY,IAAI,CAAC,OAAO,EAAE,CAAC,CAAC;YACrG,IAAI,IAAI,CAAC,OAAO;gBAAE,KAAK,CAAC,IAAI,CAAC,WAAW,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;YACnE,MAAM,IAAI,GAAG,IAAI,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC;YACrC,IAAI,IAAI,CAAC,WAAW;gBAAE,OAAO,CAAC,GAAG,CAAC,GAAG,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC,IAAI,IAAI,CAAC,WAAW,KAAK,IAAI,EAAE,CAAC,CAAC;;gBAChF,OAAO,CAAC,GAAG,CAAC,GAAG,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC,IAAI,IAAI,EAAE,CAAC,CAAC;QACjD,CAAC;IACH,CAAC;IAED,IAAI,MAAM,CAAC,QAAQ,EAAE,CAAC;QACpB,OAAO,CAAC,GAAG,CAAC,eAAe,MAAM,CAAC,QAAQ,EAAE,CAAC,CAAC;QAC9C,IAAI,MAAM,CAAC,cAAc;YAAE,OAAO,CAAC,GAAG,CAAC,KAAK,MAAM,CAAC,cAAc,EAAE,CAAC,CAAC;IACvE,CAAC;IAED,IAAI,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACrC,OAAO,CAAC,GAAG,CAAC,UAAU,QAAQ,mDAAmD,CAAC,CAAC;IACrF,CAAC;IACD,OAAO,CAAC,GAAG,CAAC,8CAA8C,CAAC,CAAC;AAC9D,CAAC"}
|
package/package.json
CHANGED
package/src/become.ts
ADDED
|
@@ -0,0 +1,101 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* become.ts — run_as resolution and the enforce_run_as identity check.
|
|
3
|
+
*
|
|
4
|
+
* Mirrors the Python `runspec.become` module for the SPEC "Remote Execution"
|
|
5
|
+
* semantics. Node does not build escalation commands (no `runspec serve`
|
|
6
|
+
* sudo wrapping), so only the pieces the `enforce_run_as` gate needs are
|
|
7
|
+
* ported: resolving a `run_as` spec to a concrete username for a host, and
|
|
8
|
+
* comparing the resolved user to the current process's effective user.
|
|
9
|
+
*
|
|
10
|
+
* See spec/SPEC.md → "Remote Execution".
|
|
11
|
+
*/
|
|
12
|
+
|
|
13
|
+
import { execFileSync } from 'child_process';
|
|
14
|
+
|
|
15
|
+
/**
|
|
16
|
+
* Resolve a `run_as` spec to a concrete username for `hostname`.
|
|
17
|
+
*
|
|
18
|
+
* Forms (see SPEC): simple string, `$ENV_VAR`, or a table with `hosts` (exact
|
|
19
|
+
* match) / `patterns` (full-match regex, first wins, insertion order) /
|
|
20
|
+
* `default`. Returns `''` for "no privilege escalation".
|
|
21
|
+
*/
|
|
22
|
+
export function resolveRunAs(spec: unknown, hostname: string): string {
|
|
23
|
+
if (spec === null || spec === undefined) return '';
|
|
24
|
+
|
|
25
|
+
if (typeof spec === 'string') {
|
|
26
|
+
if (spec.startsWith('$')) return process.env[spec.slice(1)] ?? '';
|
|
27
|
+
return spec;
|
|
28
|
+
}
|
|
29
|
+
|
|
30
|
+
if (typeof spec === 'object') {
|
|
31
|
+
const s = spec as Record<string, unknown>;
|
|
32
|
+
|
|
33
|
+
const hosts = (s['hosts'] as Record<string, unknown>) ?? {};
|
|
34
|
+
if (hostname in hosts) return String(hosts[hostname]);
|
|
35
|
+
|
|
36
|
+
const patterns = (s['patterns'] as Record<string, unknown>) ?? {};
|
|
37
|
+
for (const [pattern, user] of Object.entries(patterns)) {
|
|
38
|
+
try {
|
|
39
|
+
// Anchor both ends for re.fullmatch() semantics.
|
|
40
|
+
if (new RegExp(`^(?:${pattern})$`).test(hostname)) return String(user);
|
|
41
|
+
} catch {
|
|
42
|
+
// Invalid regex — skip it (serve validates patterns up front).
|
|
43
|
+
}
|
|
44
|
+
}
|
|
45
|
+
|
|
46
|
+
return String(s['default'] ?? '');
|
|
47
|
+
}
|
|
48
|
+
|
|
49
|
+
return '';
|
|
50
|
+
}
|
|
51
|
+
|
|
52
|
+
/**
|
|
53
|
+
* Check that the current process is running as `runAsUser`.
|
|
54
|
+
*
|
|
55
|
+
* Returns `null` when the identity matches *or* the check cannot be performed —
|
|
56
|
+
* an empty target (no escalation intended, so no identity to assert) or a
|
|
57
|
+
* platform with no POSIX uid model (Windows, where `process.geteuid` is
|
|
58
|
+
* undefined). Returns a human-readable detail string describing the mismatch
|
|
59
|
+
* otherwise.
|
|
60
|
+
*
|
|
61
|
+
* The target is resolved to a uid (a numeric string is taken as a uid directly,
|
|
62
|
+
* otherwise it is looked up with `id`) and compared to the effective uid, so
|
|
63
|
+
* account aliases that share a uid are treated as equal. An executor escalates
|
|
64
|
+
* *before* the process starts, so under one the effective user already matches
|
|
65
|
+
* and this passes silently; it only fires on the direct/import path.
|
|
66
|
+
*/
|
|
67
|
+
export function verifyRunAsIdentity(runAsUser: string): string | null {
|
|
68
|
+
if (!runAsUser) return null;
|
|
69
|
+
|
|
70
|
+
const geteuid = process.geteuid;
|
|
71
|
+
if (!geteuid) return null; // no POSIX uid model (Windows) — nothing to compare
|
|
72
|
+
const currentUid = geteuid.call(process);
|
|
73
|
+
|
|
74
|
+
let targetUid: number;
|
|
75
|
+
try {
|
|
76
|
+
if (/^\d+$/.test(runAsUser)) {
|
|
77
|
+
targetUid = parseInt(runAsUser, 10);
|
|
78
|
+
// Confirm the uid maps to a real account; throws if it does not.
|
|
79
|
+
execFileSync('id', ['-un', String(targetUid)], { stdio: ['ignore', 'ignore', 'ignore'] });
|
|
80
|
+
} else {
|
|
81
|
+
const out = execFileSync('id', ['-u', runAsUser], { stdio: ['ignore', 'pipe', 'ignore'] });
|
|
82
|
+
targetUid = parseInt(out.toString().trim(), 10);
|
|
83
|
+
}
|
|
84
|
+
} catch {
|
|
85
|
+
return `run_as user '${runAsUser}' does not exist on this host`;
|
|
86
|
+
}
|
|
87
|
+
|
|
88
|
+
if (currentUid === targetUid) return null;
|
|
89
|
+
|
|
90
|
+
let currentName = String(currentUid);
|
|
91
|
+
try {
|
|
92
|
+
currentName =
|
|
93
|
+
execFileSync('id', ['-un', String(currentUid)], { stdio: ['ignore', 'pipe', 'ignore'] })
|
|
94
|
+
.toString()
|
|
95
|
+
.trim() || String(currentUid);
|
|
96
|
+
} catch {
|
|
97
|
+
// Keep the numeric uid as the name.
|
|
98
|
+
}
|
|
99
|
+
|
|
100
|
+
return `the current process runs as '${currentName}' (uid ${currentUid}), not '${runAsUser}' (uid ${targetUid})`;
|
|
101
|
+
}
|
package/src/errors.ts
CHANGED
|
@@ -11,6 +11,7 @@ export class OutOfRange extends RunSpecError {}
|
|
|
11
11
|
export class UnknownArg extends RunSpecError {}
|
|
12
12
|
export class GroupViolation extends RunSpecError {}
|
|
13
13
|
export class AutonomyViolation extends RunSpecError {}
|
|
14
|
+
export class RunAsMismatch extends RunSpecError {}
|
|
14
15
|
|
|
15
16
|
export function formatMissingRequired(name: string, spec: Record<string, unknown>): string {
|
|
16
17
|
const lines = [
|
|
@@ -136,6 +137,15 @@ export function formatGroupExactlyOne(groupName: string, args: string[], provide
|
|
|
136
137
|
].join('\n');
|
|
137
138
|
}
|
|
138
139
|
|
|
140
|
+
export function formatRunAsMismatch(runnableName: string, detail: string): string {
|
|
141
|
+
return [
|
|
142
|
+
`✗ Refusing to run '${runnableName}': ${detail}.`,
|
|
143
|
+
` This runnable declares a run_as user it must execute as.`,
|
|
144
|
+
' Re-run under the intended account (e.g. `sudo -u <user> ...`, `runspec serve`,',
|
|
145
|
+
' or `runspec jump`), or relax the check with enforce_run_as = "warn" (or "off").',
|
|
146
|
+
].join('\n');
|
|
147
|
+
}
|
|
148
|
+
|
|
139
149
|
export function formatDeprecated(name: string, message: string): string {
|
|
140
150
|
return `⚠ --${name} is deprecated: ${message}`;
|
|
141
151
|
}
|
package/src/index.ts
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
export { parse, loadSpec } from './parser';
|
|
2
2
|
export { registerType, listTypes } from './types';
|
|
3
3
|
export { tsTypeOf } from './inference';
|
|
4
|
-
export { RunSpecError, MissingRequiredArg, InvalidChoice, OutOfRange, UnknownArg, GroupViolation, AutonomyViolation } from './errors';
|
|
4
|
+
export { RunSpecError, MissingRequiredArg, InvalidChoice, OutOfRange, UnknownArg, GroupViolation, AutonomyViolation, RunAsMismatch } from './errors';
|
|
5
5
|
export { findConfig } from './finder';
|
|
6
6
|
export { loadRaw } from './loader';
|
|
7
7
|
export { getLogger } from './logging_setup';
|
package/src/loader.ts
CHANGED
|
@@ -22,6 +22,7 @@ export function loadRaw(configPath: string): RawSpec {
|
|
|
22
22
|
function normaliseConfig(raw: Record<string, unknown>): RawConfig {
|
|
23
23
|
return {
|
|
24
24
|
autonomyDefault: (raw['autonomy-default'] as string | undefined) ?? 'confirm',
|
|
25
|
+
enforceRunAs: (raw['enforce_run_as'] as string | undefined) ?? 'error',
|
|
25
26
|
lang: raw['lang'] as string | undefined,
|
|
26
27
|
version: String(raw['version'] ?? '1'),
|
|
27
28
|
logging: normaliseLogging(raw['logging'] as Record<string, unknown> | undefined),
|
|
@@ -68,6 +69,8 @@ function normaliseScript(name: string, raw: Record<string, unknown>): ScriptSpec
|
|
|
68
69
|
autonomyReason: raw['autonomy-reason'] as string | undefined,
|
|
69
70
|
output: raw['output'] as string | undefined,
|
|
70
71
|
discoverable: raw['discoverable'] as boolean | string[] | undefined,
|
|
72
|
+
runAs: raw['run_as'],
|
|
73
|
+
enforceRunAs: raw['enforce_run_as'] as string | undefined,
|
|
71
74
|
requireCommand: (raw['require-command'] as boolean | undefined) ?? false,
|
|
72
75
|
args: normaliseArgs((raw['args'] ?? {}) as Record<string, unknown>),
|
|
73
76
|
groups: normaliseGroups((raw['groups'] ?? {}) as Record<string, unknown>),
|
package/src/models.ts
CHANGED
|
@@ -15,6 +15,8 @@ export interface LoggingConfig {
|
|
|
15
15
|
|
|
16
16
|
export interface RawConfig {
|
|
17
17
|
autonomyDefault: string;
|
|
18
|
+
/** Default enforce_run_as for runnables that don't declare one. */
|
|
19
|
+
enforceRunAs: string;
|
|
18
20
|
lang?: string;
|
|
19
21
|
version: string;
|
|
20
22
|
logging?: LoggingConfig;
|
|
@@ -66,6 +68,13 @@ export interface ScriptSpec {
|
|
|
66
68
|
output?: string;
|
|
67
69
|
serve?: boolean | string[];
|
|
68
70
|
discoverable?: boolean | string[];
|
|
71
|
+
/** The OS user the runnable must run as. String, $ENV ref, or a per-host /
|
|
72
|
+
* pattern table. Consumed by an executor for escalation; on the direct path
|
|
73
|
+
* it is the identity asserted by `enforceRunAs`. */
|
|
74
|
+
runAs?: unknown;
|
|
75
|
+
/** Reaction when the process is not running as the resolved `runAs` user on
|
|
76
|
+
* the direct/import path: 'error' (default), 'warn', or 'off'. */
|
|
77
|
+
enforceRunAs?: string;
|
|
69
78
|
requireCommand?: boolean;
|
|
70
79
|
args: Record<string, ArgSpec>;
|
|
71
80
|
groups: Record<string, GroupSpec>;
|
package/src/parser.ts
CHANGED
|
@@ -1,4 +1,5 @@
|
|
|
1
1
|
import * as path from 'path';
|
|
2
|
+
import * as os from 'os';
|
|
2
3
|
import * as fs from 'fs';
|
|
3
4
|
import { execSync } from 'child_process';
|
|
4
5
|
import { findConfig } from './finder';
|
|
@@ -6,7 +7,8 @@ import { loadRaw } from './loader';
|
|
|
6
7
|
import { inferScript, effectiveAutonomy } from './inference';
|
|
7
8
|
import { coerce } from './types';
|
|
8
9
|
import { validateArgs, validateGroups, raiseIfErrors } from './validator';
|
|
9
|
-
import {
|
|
10
|
+
import { resolveRunAs, verifyRunAsIdentity } from './become';
|
|
11
|
+
import { RunSpecError, RunAsMismatch, formatMissingCommand, formatRunAsMismatch } from './errors';
|
|
10
12
|
import { configureLogging, installExceptionHook } from './logging_setup';
|
|
11
13
|
import type { ParsedArgs, ScriptSpec, ArgSpec } from './models';
|
|
12
14
|
|
|
@@ -19,10 +21,12 @@ export interface ParseOptions {
|
|
|
19
21
|
_enforceRequiredCommand?: boolean;
|
|
20
22
|
/** Internal: prompt for missing required password args. loadSpec sets false. */
|
|
21
23
|
_promptSecrets?: boolean;
|
|
24
|
+
/** Internal: verify the run_as identity (enforce_run_as). loadSpec sets false. */
|
|
25
|
+
_checkRunAs?: boolean;
|
|
22
26
|
}
|
|
23
27
|
|
|
24
28
|
export function parse(opts: ParseOptions = {}): ParsedArgs {
|
|
25
|
-
const { scriptName, argv: argvOverride, cwd, configPath: configPathOverride, _enforceRequiredCommand = true, _promptSecrets = true } = opts;
|
|
29
|
+
const { scriptName, argv: argvOverride, cwd, configPath: configPathOverride, _enforceRequiredCommand = true, _promptSecrets = true, _checkRunAs = true } = opts;
|
|
26
30
|
|
|
27
31
|
const { configPath } = configPathOverride ? { configPath: configPathOverride } : findConfig(cwd);
|
|
28
32
|
const raw = loadRaw(configPath);
|
|
@@ -91,6 +95,26 @@ export function parse(opts: ParseOptions = {}): ParsedArgs {
|
|
|
91
95
|
process.exit(0);
|
|
92
96
|
}
|
|
93
97
|
|
|
98
|
+
// Verify run_as identity on the direct/import execution path. run_as is
|
|
99
|
+
// consumed by an executor (sudo escalation) *before* the process starts, so
|
|
100
|
+
// under one the effective user already matches and this passes silently; on
|
|
101
|
+
// the direct path nothing escalates, so this catches running as the wrong
|
|
102
|
+
// user. run_as/enforce_run_as are runnable-level, so they are read from the
|
|
103
|
+
// root spec (not the merged subcommand leaf). Runs after --help so
|
|
104
|
+
// `<name> --help` is always readable; skipped by loadSpec (introspection).
|
|
105
|
+
if (_checkRunAs) {
|
|
106
|
+
const rootSpec = raw.runnables[name];
|
|
107
|
+
const detail = verifyRunAsIdentity(resolveRunAs(rootSpec.runAs, os.hostname()));
|
|
108
|
+
if (detail) {
|
|
109
|
+
const level = rootSpec.enforceRunAs ?? config.enforceRunAs ?? 'error';
|
|
110
|
+
if (level === 'warn') {
|
|
111
|
+
process.stderr.write(`⚠ ${name}: ${detail}. (enforce_run_as = "warn" — continuing)\n`);
|
|
112
|
+
} else if (level !== 'off') {
|
|
113
|
+
throw new RunAsMismatch(formatRunAsMismatch(name, detail));
|
|
114
|
+
}
|
|
115
|
+
}
|
|
116
|
+
}
|
|
117
|
+
|
|
94
118
|
// Enforce require-command on the resolved leaf: if the deepest matched node
|
|
95
119
|
// still requires a command and has commands, none was chosen at that level.
|
|
96
120
|
// Checking the leaf (not commandPath.length) enforces at every nesting depth.
|
|
@@ -166,7 +190,9 @@ export function parse(opts: ParseOptions = {}): ParsedArgs {
|
|
|
166
190
|
|
|
167
191
|
export function loadSpec(opts: ParseOptions = {}): ParsedArgs {
|
|
168
192
|
// Secret prompting is disabled — introspection must never block on a prompt.
|
|
169
|
-
|
|
193
|
+
// The run_as identity check is likewise skipped: emitting schemas and listing
|
|
194
|
+
// runnables must never depend on who is running them.
|
|
195
|
+
return parse({ ...opts, argv: [], _enforceRequiredCommand: false, _promptSecrets: false, _checkRunAs: false });
|
|
170
196
|
}
|
|
171
197
|
|
|
172
198
|
function inferFromArgv(): string {
|
|
@@ -0,0 +1,170 @@
|
|
|
1
|
+
import * as fs from 'fs';
|
|
2
|
+
import * as os from 'os';
|
|
3
|
+
import * as path from 'path';
|
|
4
|
+
import { parse, loadSpec } from '../src/parser';
|
|
5
|
+
import { resolveRunAs, verifyRunAsIdentity } from '../src/become';
|
|
6
|
+
|
|
7
|
+
function makeTmpConfig(toml: string): string {
|
|
8
|
+
const dir = fs.mkdtempSync(path.join(os.tmpdir(), 'runspec-run-as-test-'));
|
|
9
|
+
const configPath = path.join(dir, 'runspec.toml');
|
|
10
|
+
fs.writeFileSync(configPath, toml);
|
|
11
|
+
return configPath;
|
|
12
|
+
}
|
|
13
|
+
|
|
14
|
+
// POSIX-only: the uid comparison needs process.geteuid + `id`.
|
|
15
|
+
const posixIt = process.geteuid ? test : test.skip;
|
|
16
|
+
|
|
17
|
+
// ── resolveRunAs ──────────────────────────────────────────────────────────────
|
|
18
|
+
|
|
19
|
+
describe('resolveRunAs', () => {
|
|
20
|
+
test('null/undefined/empty → no escalation', () => {
|
|
21
|
+
expect(resolveRunAs(undefined, 'host1')).toBe('');
|
|
22
|
+
expect(resolveRunAs(null, 'host1')).toBe('');
|
|
23
|
+
expect(resolveRunAs('', 'host1')).toBe('');
|
|
24
|
+
});
|
|
25
|
+
|
|
26
|
+
test('simple string', () => {
|
|
27
|
+
expect(resolveRunAs('oracle', 'anything')).toBe('oracle');
|
|
28
|
+
});
|
|
29
|
+
|
|
30
|
+
test('$ENV reference', () => {
|
|
31
|
+
process.env['ORACLE_RUN_AS'] = 'orasvc';
|
|
32
|
+
expect(resolveRunAs('$ORACLE_RUN_AS', 'h')).toBe('orasvc');
|
|
33
|
+
delete process.env['ORACLE_RUN_AS'];
|
|
34
|
+
expect(resolveRunAs('$ORACLE_RUN_AS', 'h')).toBe('');
|
|
35
|
+
});
|
|
36
|
+
|
|
37
|
+
test('per-host exact match, then default', () => {
|
|
38
|
+
const spec = { default: 'oracle', hosts: { 'box-01': 'dba', 'box-02': '' } };
|
|
39
|
+
expect(resolveRunAs(spec, 'box-01')).toBe('dba');
|
|
40
|
+
expect(resolveRunAs(spec, 'box-02')).toBe(''); // explicit no-escalation
|
|
41
|
+
expect(resolveRunAs(spec, 'other')).toBe('oracle');
|
|
42
|
+
});
|
|
43
|
+
|
|
44
|
+
test('patterns, full-match, first wins', () => {
|
|
45
|
+
const spec = { default: 'oracle', patterns: { '[lg]pexp[0-9]*': 'orasvc', 'prod[0-9]*': 'produser' } };
|
|
46
|
+
expect(resolveRunAs(spec, 'lpexp01')).toBe('orasvc');
|
|
47
|
+
expect(resolveRunAs(spec, 'prod7')).toBe('produser');
|
|
48
|
+
expect(resolveRunAs(spec, 'lpexp')).toBe('orasvc');
|
|
49
|
+
expect(resolveRunAs(spec, 'xlpexp01')).toBe('oracle'); // not a full match
|
|
50
|
+
});
|
|
51
|
+
});
|
|
52
|
+
|
|
53
|
+
// ── verifyRunAsIdentity ───────────────────────────────────────────────────────
|
|
54
|
+
|
|
55
|
+
describe('verifyRunAsIdentity', () => {
|
|
56
|
+
test('empty target is a no-op', () => {
|
|
57
|
+
expect(verifyRunAsIdentity('')).toBeNull();
|
|
58
|
+
});
|
|
59
|
+
|
|
60
|
+
posixIt('current uid (by number) matches', () => {
|
|
61
|
+
expect(verifyRunAsIdentity(String(process.geteuid!()))).toBeNull();
|
|
62
|
+
});
|
|
63
|
+
|
|
64
|
+
posixIt('nonexistent user is reported', () => {
|
|
65
|
+
const detail = verifyRunAsIdentity('nope-user-xyz');
|
|
66
|
+
expect(detail).toContain('does not exist');
|
|
67
|
+
});
|
|
68
|
+
|
|
69
|
+
posixIt('uid mismatch is reported', () => {
|
|
70
|
+
const realUid = process.geteuid!();
|
|
71
|
+
const spy = jest.spyOn(process, 'geteuid').mockReturnValue(999999);
|
|
72
|
+
try {
|
|
73
|
+
const detail = verifyRunAsIdentity(String(realUid));
|
|
74
|
+
expect(detail).toContain('999999');
|
|
75
|
+
expect(detail).toContain(`uid ${realUid}`);
|
|
76
|
+
} finally {
|
|
77
|
+
spy.mockRestore();
|
|
78
|
+
}
|
|
79
|
+
});
|
|
80
|
+
|
|
81
|
+
test('no POSIX uid model (Windows) is a no-op', () => {
|
|
82
|
+
const orig = process.geteuid;
|
|
83
|
+
(process as { geteuid?: () => number }).geteuid = undefined;
|
|
84
|
+
try {
|
|
85
|
+
expect(verifyRunAsIdentity('root')).toBeNull();
|
|
86
|
+
} finally {
|
|
87
|
+
(process as { geteuid?: () => number }).geteuid = orig;
|
|
88
|
+
}
|
|
89
|
+
});
|
|
90
|
+
});
|
|
91
|
+
|
|
92
|
+
// ── enforce_run_as wired into the parser ──────────────────────────────────────
|
|
93
|
+
|
|
94
|
+
function body(opts: { enforce?: string; configEnforce?: string } = {}): string {
|
|
95
|
+
return [
|
|
96
|
+
'[config]',
|
|
97
|
+
opts.configEnforce ?? '',
|
|
98
|
+
'',
|
|
99
|
+
'[tool]',
|
|
100
|
+
'description = "x"',
|
|
101
|
+
'run_as = "nope-user-xyz"',
|
|
102
|
+
opts.enforce ?? '',
|
|
103
|
+
'',
|
|
104
|
+
].join('\n');
|
|
105
|
+
}
|
|
106
|
+
|
|
107
|
+
function doParse(opts: { enforce?: string; configEnforce?: string } = {}) {
|
|
108
|
+
return parse({ scriptName: 'tool', argv: [], configPath: makeTmpConfig(body(opts)) });
|
|
109
|
+
}
|
|
110
|
+
|
|
111
|
+
describe('enforce_run_as gate', () => {
|
|
112
|
+
posixIt('error is the default', () => {
|
|
113
|
+
expect(() => doParse()).toThrow(/Refusing to run 'tool'/);
|
|
114
|
+
});
|
|
115
|
+
|
|
116
|
+
posixIt('explicit error throws', () => {
|
|
117
|
+
expect(() => doParse({ enforce: 'enforce_run_as = "error"' })).toThrow(/Refusing to run/);
|
|
118
|
+
});
|
|
119
|
+
|
|
120
|
+
posixIt('warn continues and writes stderr', () => {
|
|
121
|
+
const spy = jest.spyOn(process.stderr, 'write').mockImplementation(() => true);
|
|
122
|
+
try {
|
|
123
|
+
const args = doParse({ enforce: 'enforce_run_as = "warn"' });
|
|
124
|
+
expect(args.__runspec_script__).toBe('tool');
|
|
125
|
+
const written = spy.mock.calls.map((c) => String(c[0])).join('');
|
|
126
|
+
expect(written).toContain('⚠');
|
|
127
|
+
expect(written).toContain('nope-user-xyz');
|
|
128
|
+
} finally {
|
|
129
|
+
spy.mockRestore();
|
|
130
|
+
}
|
|
131
|
+
});
|
|
132
|
+
|
|
133
|
+
posixIt('off is silent', () => {
|
|
134
|
+
const spy = jest.spyOn(process.stderr, 'write').mockImplementation(() => true);
|
|
135
|
+
try {
|
|
136
|
+
const args = doParse({ enforce: 'enforce_run_as = "off"' });
|
|
137
|
+
expect(args.__runspec_script__).toBe('tool');
|
|
138
|
+
expect(spy.mock.calls.length).toBe(0);
|
|
139
|
+
} finally {
|
|
140
|
+
spy.mockRestore();
|
|
141
|
+
}
|
|
142
|
+
});
|
|
143
|
+
|
|
144
|
+
posixIt('config default applies when runnable omits enforce_run_as', () => {
|
|
145
|
+
const spy = jest.spyOn(process.stderr, 'write').mockImplementation(() => true);
|
|
146
|
+
try {
|
|
147
|
+
doParse({ configEnforce: 'enforce_run_as = "warn"' });
|
|
148
|
+
const written = spy.mock.calls.map((c) => String(c[0])).join('');
|
|
149
|
+
expect(written).toContain('⚠');
|
|
150
|
+
} finally {
|
|
151
|
+
spy.mockRestore();
|
|
152
|
+
}
|
|
153
|
+
});
|
|
154
|
+
|
|
155
|
+
posixIt('runnable value overrides a permissive config default', () => {
|
|
156
|
+
expect(() =>
|
|
157
|
+
doParse({ enforce: 'enforce_run_as = "error"', configEnforce: 'enforce_run_as = "off"' }),
|
|
158
|
+
).toThrow(/Refusing to run/);
|
|
159
|
+
});
|
|
160
|
+
|
|
161
|
+
test('no run_as means no check', () => {
|
|
162
|
+
const args = parse({ scriptName: 'tool', argv: [], configPath: makeTmpConfig('[tool]\ndescription = "x"\n') });
|
|
163
|
+
expect(args.__runspec_script__).toBe('tool');
|
|
164
|
+
});
|
|
165
|
+
|
|
166
|
+
posixIt('loadSpec skips the check', () => {
|
|
167
|
+
const args = loadSpec({ scriptName: 'tool', configPath: makeTmpConfig(body({ enforce: 'enforce_run_as = "error"' })) });
|
|
168
|
+
expect(args.__runspec_script__).toBe('tool');
|
|
169
|
+
});
|
|
170
|
+
});
|