npm - sandstream-kit - Versions diffs - 1.0.0 - Mend

sandstream-kit 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (519) hide show

package/LICENSE +21 -0
package/README.md +617 -0
package/dist/adapters/api-key-adapter.d.ts +35 -0
package/dist/adapters/api-key-adapter.js +46 -0
package/dist/adapters/api-key-adapter.js.map +1 -0
package/dist/adapters/clerk-auth.d.ts +6 -0
package/dist/adapters/clerk-auth.js +20 -0
package/dist/adapters/clerk-auth.js.map +1 -0
package/dist/adapters/cloudflare-r2.d.ts +6 -0
package/dist/adapters/cloudflare-r2.js +136 -0
package/dist/adapters/cloudflare-r2.js.map +1 -0
package/dist/adapters/expo-eas.d.ts +6 -0
package/dist/adapters/expo-eas.js +129 -0
package/dist/adapters/expo-eas.js.map +1 -0
package/dist/adapters/flagsmith-flags.d.ts +5 -0
package/dist/adapters/flagsmith-flags.js +20 -0
package/dist/adapters/flagsmith-flags.js.map +1 -0
package/dist/adapters/flyio-hosting.d.ts +2 -0
package/dist/adapters/flyio-hosting.js +143 -0
package/dist/adapters/flyio-hosting.js.map +1 -0
package/dist/adapters/index.d.ts +6 -0
package/dist/adapters/index.js +48 -0
package/dist/adapters/index.js.map +1 -0
package/dist/adapters/inngest-background.d.ts +5 -0
package/dist/adapters/inngest-background.js +19 -0
package/dist/adapters/inngest-background.js.map +1 -0
package/dist/adapters/liveblocks-realtime.d.ts +11 -0
package/dist/adapters/liveblocks-realtime.js +62 -0
package/dist/adapters/liveblocks-realtime.js.map +1 -0
package/dist/adapters/loops-email.d.ts +6 -0
package/dist/adapters/loops-email.js +18 -0
package/dist/adapters/loops-email.js.map +1 -0
package/dist/adapters/neon-db.d.ts +10 -0
package/dist/adapters/neon-db.js +94 -0
package/dist/adapters/neon-db.js.map +1 -0
package/dist/adapters/planetscale-db.d.ts +11 -0
package/dist/adapters/planetscale-db.js +134 -0
package/dist/adapters/planetscale-db.js.map +1 -0
package/dist/adapters/posthog-analytics.d.ts +6 -0
package/dist/adapters/posthog-analytics.js +22 -0
package/dist/adapters/posthog-analytics.js.map +1 -0
package/dist/adapters/railway-hosting.d.ts +2 -0
package/dist/adapters/railway-hosting.js +136 -0
package/dist/adapters/railway-hosting.js.map +1 -0
package/dist/adapters/resend-email.d.ts +35 -0
package/dist/adapters/resend-email.js +109 -0
package/dist/adapters/resend-email.js.map +1 -0
package/dist/adapters/searxng-instance.d.ts +6 -0
package/dist/adapters/searxng-instance.js +240 -0
package/dist/adapters/searxng-instance.js.map +1 -0
package/dist/adapters/sentry-monitoring.d.ts +7 -0
package/dist/adapters/sentry-monitoring.js +27 -0
package/dist/adapters/sentry-monitoring.js.map +1 -0
package/dist/adapters/stripe-payments.d.ts +6 -0
package/dist/adapters/stripe-payments.js +134 -0
package/dist/adapters/stripe-payments.js.map +1 -0
package/dist/adapters/supabase-db.d.ts +6 -0
package/dist/adapters/supabase-db.js +130 -0
package/dist/adapters/supabase-db.js.map +1 -0
package/dist/adapters/tinybird-analytics.d.ts +5 -0
package/dist/adapters/tinybird-analytics.js +20 -0
package/dist/adapters/tinybird-analytics.js.map +1 -0
package/dist/adapters/trigger-background.d.ts +6 -0
package/dist/adapters/trigger-background.js +20 -0
package/dist/adapters/trigger-background.js.map +1 -0
package/dist/adapters/types.d.ts +7 -0
package/dist/adapters/types.js +2 -0
package/dist/adapters/types.js.map +1 -0
package/dist/adapters/upstash-redis.d.ts +6 -0
package/dist/adapters/upstash-redis.js +88 -0
package/dist/adapters/upstash-redis.js.map +1 -0
package/dist/adapters/vercel-hosting.d.ts +6 -0
package/dist/adapters/vercel-hosting.js +112 -0
package/dist/adapters/vercel-hosting.js.map +1 -0
package/dist/agent-adapter-model.d.ts +108 -0
package/dist/agent-adapter-model.js +6 -0
package/dist/agent-adapter-model.js.map +1 -0
package/dist/agent-adapter-service.d.ts +67 -0
package/dist/agent-adapter-service.js +299 -0
package/dist/agent-adapter-service.js.map +1 -0
package/dist/agent-config.d.ts +56 -0
package/dist/agent-config.js +129 -0
package/dist/agent-config.js.map +1 -0
package/dist/agent-governance-model.d.ts +128 -0
package/dist/agent-governance-model.js +6 -0
package/dist/agent-governance-model.js.map +1 -0
package/dist/agent-governance-service.d.ts +101 -0
package/dist/agent-governance-service.js +319 -0
package/dist/agent-governance-service.js.map +1 -0
package/dist/alert-rules-engine.d.ts +102 -0
package/dist/alert-rules-engine.js +210 -0
package/dist/alert-rules-engine.js.map +1 -0
package/dist/analytics-service.d.ts +126 -0
package/dist/analytics-service.js +318 -0
package/dist/analytics-service.js.map +1 -0
package/dist/analyze.d.ts +19 -0
package/dist/analyze.js +311 -0
package/dist/analyze.js.map +1 -0
package/dist/apm-instrumentor.d.ts +119 -0
package/dist/apm-instrumentor.js +225 -0
package/dist/apm-instrumentor.js.map +1 -0
package/dist/approval-model.d.ts +82 -0
package/dist/approval-model.js +6 -0
package/dist/approval-model.js.map +1 -0
package/dist/approval-service.d.ts +39 -0
package/dist/approval-service.js +236 -0
package/dist/approval-service.js.map +1 -0
package/dist/approval.d.ts +22 -0
package/dist/approval.js +148 -0
package/dist/approval.js.map +1 -0
package/dist/audit-logging-model.d.ts +157 -0
package/dist/audit-logging-model.js +6 -0
package/dist/audit-logging-model.js.map +1 -0
package/dist/audit-logging-service.d.ts +89 -0
package/dist/audit-logging-service.js +367 -0
package/dist/audit-logging-service.js.map +1 -0
package/dist/audit-secrets.d.ts +42 -0
package/dist/audit-secrets.js +126 -0
package/dist/audit-secrets.js.map +1 -0
package/dist/audit.d.ts +43 -0
package/dist/audit.js +286 -0
package/dist/audit.js.map +1 -0
package/dist/author-dashboard.d.ts +84 -0
package/dist/author-dashboard.js +204 -0
package/dist/author-dashboard.js.map +1 -0
package/dist/author-notifications.d.ts +130 -0
package/dist/author-notifications.js +261 -0
package/dist/author-notifications.js.map +1 -0
package/dist/author-verification.d.ts +79 -0
package/dist/author-verification.js +257 -0
package/dist/author-verification.js.map +1 -0
package/dist/autonomous-setup-model.d.ts +117 -0
package/dist/autonomous-setup-model.js +6 -0
package/dist/autonomous-setup-model.js.map +1 -0
package/dist/autonomous-setup-service.d.ts +74 -0
package/dist/autonomous-setup-service.js +325 -0
package/dist/autonomous-setup-service.js.map +1 -0
package/dist/badge-system.d.ts +70 -0
package/dist/badge-system.js +210 -0
package/dist/badge-system.js.map +1 -0
package/dist/baseline.d.ts +34 -0
package/dist/baseline.js +78 -0
package/dist/baseline.js.map +1 -0
package/dist/beta-program-service.d.ts +112 -0
package/dist/beta-program-service.js +240 -0
package/dist/beta-program-service.js.map +1 -0
package/dist/budget.d.ts +34 -0
package/dist/budget.js +159 -0
package/dist/budget.js.map +1 -0
package/dist/bumblebee.d.ts +143 -0
package/dist/bumblebee.js +384 -0
package/dist/bumblebee.js.map +1 -0
package/dist/cache-manager.d.ts +97 -0
package/dist/cache-manager.js +244 -0
package/dist/cache-manager.js.map +1 -0
package/dist/cdn-adapter.d.ts +64 -0
package/dist/cdn-adapter.js +263 -0
package/dist/cdn-adapter.js.map +1 -0
package/dist/certification-workflow-model.d.ts +95 -0
package/dist/certification-workflow-model.js +6 -0
package/dist/certification-workflow-model.js.map +1 -0
package/dist/certification-workflow-service.d.ts +72 -0
package/dist/certification-workflow-service.js +305 -0
package/dist/certification-workflow-service.js.map +1 -0
package/dist/check-design.d.ts +38 -0
package/dist/check-design.js +256 -0
package/dist/check-design.js.map +1 -0
package/dist/check-gitignore.d.ts +39 -0
package/dist/check-gitignore.js +156 -0
package/dist/check-gitignore.js.map +1 -0
package/dist/check-hooks.d.ts +15 -0
package/dist/check-hooks.js +72 -0
package/dist/check-hooks.js.map +1 -0
package/dist/check-lock.d.ts +16 -0
package/dist/check-lock.js +94 -0
package/dist/check-lock.js.map +1 -0
package/dist/check-secrets.d.ts +11 -0
package/dist/check-secrets.js +320 -0
package/dist/check-secrets.js.map +1 -0
package/dist/check-security.d.ts +13 -0
package/dist/check-security.js +887 -0
package/dist/check-security.js.map +1 -0
package/dist/check-services.d.ts +10 -0
package/dist/check-services.js +44 -0
package/dist/check-services.js.map +1 -0
package/dist/check-skills.d.ts +8 -0
package/dist/check-skills.js +26 -0
package/dist/check-skills.js.map +1 -0
package/dist/check-tests.d.ts +43 -0
package/dist/check-tests.js +175 -0
package/dist/check-tests.js.map +1 -0
package/dist/check-tools.d.ts +8 -0
package/dist/check-tools.js +42 -0
package/dist/check-tools.js.map +1 -0
package/dist/check-web-search.d.ts +12 -0
package/dist/check-web-search.js +168 -0
package/dist/check-web-search.js.map +1 -0
package/dist/ci-cd-publisher.d.ts +162 -0
package/dist/ci-cd-publisher.js +319 -0
package/dist/ci-cd-publisher.js.map +1 -0
package/dist/cli.d.ts +2 -0
package/dist/cli.js +4074 -0
package/dist/cli.js.map +1 -0
package/dist/clone.d.ts +25 -0
package/dist/clone.js +73 -0
package/dist/clone.js.map +1 -0
package/dist/completions.d.ts +8 -0
package/dist/completions.js +250 -0
package/dist/completions.js.map +1 -0
package/dist/compression-manager.d.ts +107 -0
package/dist/compression-manager.js +250 -0
package/dist/compression-manager.js.map +1 -0
package/dist/config.d.ts +233 -0
package/dist/config.js +255 -0
package/dist/config.js.map +1 -0
package/dist/context.d.ts +38 -0
package/dist/context.js +86 -0
package/dist/context.js.map +1 -0
package/dist/cost-monitor.d.ts +72 -0
package/dist/cost-monitor.js +218 -0
package/dist/cost-monitor.js.map +1 -0
package/dist/create-plugin.d.ts +22 -0
package/dist/create-plugin.js +266 -0
package/dist/create-plugin.js.map +1 -0
package/dist/database.d.ts +123 -0
package/dist/database.js +354 -0
package/dist/database.js.map +1 -0
package/dist/datadog-adapter.d.ts +60 -0
package/dist/datadog-adapter.js +245 -0
package/dist/datadog-adapter.js.map +1 -0
package/dist/doctor.d.ts +15 -0
package/dist/doctor.js +131 -0
package/dist/doctor.js.map +1 -0
package/dist/documentation-generator.d.ts +226 -0
package/dist/documentation-generator.js +348 -0
package/dist/documentation-generator.js.map +1 -0
package/dist/elevation-scopes.d.ts +40 -0
package/dist/elevation-scopes.js +110 -0
package/dist/elevation-scopes.js.map +1 -0
package/dist/elevation.d.ts +102 -0
package/dist/elevation.js +449 -0
package/dist/elevation.js.map +1 -0
package/dist/env-diff.d.ts +27 -0
package/dist/env-diff.js +104 -0
package/dist/env-diff.js.map +1 -0
package/dist/env-inspect.d.ts +28 -0
package/dist/env-inspect.js +81 -0
package/dist/env-inspect.js.map +1 -0
package/dist/env-switch.d.ts +37 -0
package/dist/env-switch.js +102 -0
package/dist/env-switch.js.map +1 -0
package/dist/environment.d.ts +27 -0
package/dist/environment.js +148 -0
package/dist/environment.js.map +1 -0
package/dist/error-tracker.d.ts +92 -0
package/dist/error-tracker.js +206 -0
package/dist/error-tracker.js.map +1 -0
package/dist/escalate.d.ts +11 -0
package/dist/escalate.js +73 -0
package/dist/escalate.js.map +1 -0
package/dist/event-stream.d.ts +81 -0
package/dist/event-stream.js +161 -0
package/dist/event-stream.js.map +1 -0
package/dist/fix.d.ts +42 -0
package/dist/fix.js +419 -0
package/dist/fix.js.map +1 -0
package/dist/governance-middleware.d.ts +22 -0
package/dist/governance-middleware.js +173 -0
package/dist/governance-middleware.js.map +1 -0
package/dist/governance.d.ts +44 -0
package/dist/governance.js +236 -0
package/dist/governance.js.map +1 -0
package/dist/hooks.d.ts +25 -0
package/dist/hooks.js +281 -0
package/dist/hooks.js.map +1 -0
package/dist/id-generator.d.ts +43 -0
package/dist/id-generator.js +47 -0
package/dist/id-generator.js.map +1 -0
package/dist/image-optimizer.d.ts +92 -0
package/dist/image-optimizer.js +202 -0
package/dist/image-optimizer.js.map +1 -0
package/dist/install.d.ts +15 -0
package/dist/install.js +59 -0
package/dist/install.js.map +1 -0
package/dist/lock.d.ts +82 -0
package/dist/lock.js +264 -0
package/dist/lock.js.map +1 -0
package/dist/login.d.ts +23 -0
package/dist/login.js +132 -0
package/dist/login.js.map +1 -0
package/dist/mcp-kit-tools-model.d.ts +195 -0
package/dist/mcp-kit-tools-model.js +6 -0
package/dist/mcp-kit-tools-model.js.map +1 -0
package/dist/mcp-kit-tools-service.d.ts +127 -0
package/dist/mcp-kit-tools-service.js +943 -0
package/dist/mcp-kit-tools-service.js.map +1 -0
package/dist/mcp-orchestrator.d.ts +70 -0
package/dist/mcp-orchestrator.js +175 -0
package/dist/mcp-orchestrator.js.map +1 -0
package/dist/mcp-server.d.ts +3 -0
package/dist/mcp-server.js +722 -0
package/dist/mcp-server.js.map +1 -0
package/dist/middleware/rate-limiter.d.ts +74 -0
package/dist/middleware/rate-limiter.js +342 -0
package/dist/middleware/rate-limiter.js.map +1 -0
package/dist/migration-runner.d.ts +66 -0
package/dist/migration-runner.js +192 -0
package/dist/migration-runner.js.map +1 -0
package/dist/migrations.d.ts +25 -0
package/dist/migrations.js +530 -0
package/dist/migrations.js.map +1 -0
package/dist/moderation-system.d.ts +153 -0
package/dist/moderation-system.js +338 -0
package/dist/moderation-system.js.map +1 -0
package/dist/multi-agent-workflow-model.d.ts +125 -0
package/dist/multi-agent-workflow-model.js +6 -0
package/dist/multi-agent-workflow-model.js.map +1 -0
package/dist/multi-agent-workflow-service.d.ts +102 -0
package/dist/multi-agent-workflow-service.js +452 -0
package/dist/multi-agent-workflow-service.js.map +1 -0
package/dist/onepassword.d.ts +75 -0
package/dist/onepassword.js +140 -0
package/dist/onepassword.js.map +1 -0
package/dist/open.d.ts +30 -0
package/dist/open.js +166 -0
package/dist/open.js.map +1 -0
package/dist/output.d.ts +32 -0
package/dist/output.js +295 -0
package/dist/output.js.map +1 -0
package/dist/partner-service.d.ts +101 -0
package/dist/partner-service.js +191 -0
package/dist/partner-service.js.map +1 -0
package/dist/payout-service.d.ts +136 -0
package/dist/payout-service.js +293 -0
package/dist/payout-service.js.map +1 -0
package/dist/pkg.d.ts +30 -0
package/dist/pkg.js +162 -0
package/dist/pkg.js.map +1 -0
package/dist/plugin-loader.d.ts +16 -0
package/dist/plugin-loader.js +124 -0
package/dist/plugin-loader.js.map +1 -0
package/dist/plugin-registry-model.d.ts +133 -0
package/dist/plugin-registry-model.js +6 -0
package/dist/plugin-registry-model.js.map +1 -0
package/dist/plugin-registry-service.d.ts +109 -0
package/dist/plugin-registry-service.js +361 -0
package/dist/plugin-registry-service.js.map +1 -0
package/dist/plugin-registry.d.ts +58 -0
package/dist/plugin-registry.js +108 -0
package/dist/plugin-registry.js.map +1 -0
package/dist/plugin-updates.d.ts +135 -0
package/dist/plugin-updates.js +326 -0
package/dist/plugin-updates.js.map +1 -0
package/dist/plugins-cli.d.ts +7 -0
package/dist/plugins-cli.js +157 -0
package/dist/plugins-cli.js.map +1 -0
package/dist/plugins.d.ts +88 -0
package/dist/plugins.js +251 -0
package/dist/plugins.js.map +1 -0
package/dist/policy.d.ts +66 -0
package/dist/policy.js +160 -0
package/dist/policy.js.map +1 -0
package/dist/post-pull-audit.d.ts +39 -0
package/dist/post-pull-audit.js +151 -0
package/dist/post-pull-audit.js.map +1 -0
package/dist/provision.d.ts +17 -0
package/dist/provision.js +147 -0
package/dist/provision.js.map +1 -0
package/dist/query-optimizer.d.ts +102 -0
package/dist/query-optimizer.js +199 -0
package/dist/query-optimizer.js.map +1 -0
package/dist/read-only-mode.d.ts +46 -0
package/dist/read-only-mode.js +71 -0
package/dist/read-only-mode.js.map +1 -0
package/dist/redis-adapter.d.ts +71 -0
package/dist/redis-adapter.js +278 -0
package/dist/redis-adapter.js.map +1 -0
package/dist/resilience-tests.d.ts +120 -0
package/dist/resilience-tests.js +293 -0
package/dist/resilience-tests.js.map +1 -0
package/dist/revocation.d.ts +22 -0
package/dist/revocation.js +100 -0
package/dist/revocation.js.map +1 -0
package/dist/run.d.ts +21 -0
package/dist/run.js +80 -0
package/dist/run.js.map +1 -0
package/dist/scan-build.d.ts +18 -0
package/dist/scan-build.js +100 -0
package/dist/scan-build.js.map +1 -0
package/dist/scan-plaintext.d.ts +24 -0
package/dist/scan-plaintext.js +147 -0
package/dist/scan-plaintext.js.map +1 -0
package/dist/scan-staged.d.ts +15 -0
package/dist/scan-staged.js +70 -0
package/dist/scan-staged.js.map +1 -0
package/dist/scan-transcripts.d.ts +23 -0
package/dist/scan-transcripts.js +93 -0
package/dist/scan-transcripts.js.map +1 -0
package/dist/secret-backends.d.ts +50 -0
package/dist/secret-backends.js +510 -0
package/dist/secret-backends.js.map +1 -0
package/dist/secret-expiration.d.ts +46 -0
package/dist/secret-expiration.js +172 -0
package/dist/secret-expiration.js.map +1 -0
package/dist/secrets-migrate.d.ts +75 -0
package/dist/secrets-migrate.js +185 -0
package/dist/secrets-migrate.js.map +1 -0
package/dist/secrets-model.d.ts +77 -0
package/dist/secrets-model.js +6 -0
package/dist/secrets-model.js.map +1 -0
package/dist/secrets-onecli.d.ts +65 -0
package/dist/secrets-onecli.js +113 -0
package/dist/secrets-onecli.js.map +1 -0
package/dist/secrets-propagate.d.ts +48 -0
package/dist/secrets-propagate.js +201 -0
package/dist/secrets-propagate.js.map +1 -0
package/dist/secrets-pull.d.ts +34 -0
package/dist/secrets-pull.js +118 -0
package/dist/secrets-pull.js.map +1 -0
package/dist/secrets-purge-history.d.ts +53 -0
package/dist/secrets-purge-history.js +144 -0
package/dist/secrets-purge-history.js.map +1 -0
package/dist/secrets-rotate-cli.d.ts +54 -0
package/dist/secrets-rotate-cli.js +438 -0
package/dist/secrets-rotate-cli.js.map +1 -0
package/dist/secrets-rotate.d.ts +38 -0
package/dist/secrets-rotate.js +65 -0
package/dist/secrets-rotate.js.map +1 -0
package/dist/secrets-service.d.ts +73 -0
package/dist/secrets-service.js +283 -0
package/dist/secrets-service.js.map +1 -0
package/dist/secrets-set.d.ts +25 -0
package/dist/secrets-set.js +33 -0
package/dist/secrets-set.js.map +1 -0
package/dist/secrets-sync.d.ts +21 -0
package/dist/secrets-sync.js +215 -0
package/dist/secrets-sync.js.map +1 -0
package/dist/secrets-validate.d.ts +41 -0
package/dist/secrets-validate.js +126 -0
package/dist/secrets-validate.js.map +1 -0
package/dist/secrets-vault-migrate.d.ts +71 -0
package/dist/secrets-vault-migrate.js +258 -0
package/dist/secrets-vault-migrate.js.map +1 -0
package/dist/secrets.d.ts +16 -0
package/dist/secrets.js +72 -0
package/dist/secrets.js.map +1 -0
package/dist/security-hardening.d.ts +150 -0
package/dist/security-hardening.js +275 -0
package/dist/security-hardening.js.map +1 -0
package/dist/security-policy.d.ts +89 -0
package/dist/security-policy.js +174 -0
package/dist/security-policy.js.map +1 -0
package/dist/security-prescan.d.ts +117 -0
package/dist/security-prescan.js +566 -0
package/dist/security-prescan.js.map +1 -0
package/dist/sentry-adapter.d.ts +49 -0
package/dist/sentry-adapter.js +227 -0
package/dist/sentry-adapter.js.map +1 -0
package/dist/service-adapter.d.ts +94 -0
package/dist/service-adapter.js +162 -0
package/dist/service-adapter.js.map +1 -0
package/dist/skills.d.ts +13 -0
package/dist/skills.js +17 -0
package/dist/skills.js.map +1 -0
package/dist/sla-monitor.d.ts +107 -0
package/dist/sla-monitor.js +233 -0
package/dist/sla-monitor.js.map +1 -0
package/dist/stack-detector.d.ts +12 -0
package/dist/stack-detector.js +251 -0
package/dist/stack-detector.js.map +1 -0
package/dist/team-model.d.ts +58 -0
package/dist/team-model.js +83 -0
package/dist/team-model.js.map +1 -0
package/dist/team-service.d.ts +54 -0
package/dist/team-service.js +206 -0
package/dist/team-service.js.map +1 -0
package/dist/toml-generator.d.ts +8 -0
package/dist/toml-generator.js +223 -0
package/dist/toml-generator.js.map +1 -0
package/dist/triage-sandbox.d.ts +34 -0
package/dist/triage-sandbox.js +167 -0
package/dist/triage-sandbox.js.map +1 -0
package/dist/triage.d.ts +30 -0
package/dist/triage.js +79 -0
package/dist/triage.js.map +1 -0
package/dist/update-check.d.ts +13 -0
package/dist/update-check.js +91 -0
package/dist/update-check.js.map +1 -0
package/dist/utils/colors.d.ts +14 -0
package/dist/utils/colors.js +15 -0
package/dist/utils/colors.js.map +1 -0
package/dist/utils/didYouMean.d.ts +15 -0
package/dist/utils/didYouMean.js +47 -0
package/dist/utils/didYouMean.js.map +1 -0
package/dist/utils/exec.d.ts +21 -0
package/dist/utils/exec.js +23 -0
package/dist/utils/exec.js.map +1 -0
package/dist/utils/execFileNoThrow.d.ts +14 -0
package/dist/utils/execFileNoThrow.js +29 -0
package/dist/utils/execFileNoThrow.js.map +1 -0
package/dist/utils/flags.d.ts +19 -0
package/dist/utils/flags.js +36 -0
package/dist/utils/flags.js.map +1 -0
package/dist/utils/parseCommand.d.ts +16 -0
package/dist/utils/parseCommand.js +13 -0
package/dist/utils/parseCommand.js.map +1 -0
package/dist/utils/prompt.d.ts +13 -0
package/dist/utils/prompt.js +35 -0
package/dist/utils/prompt.js.map +1 -0
package/dist/utils/promptSelect.d.ts +19 -0
package/dist/utils/promptSelect.js +89 -0
package/dist/utils/promptSelect.js.map +1 -0
package/dist/utils/redactSecrets.d.ts +24 -0
package/dist/utils/redactSecrets.js +134 -0
package/dist/utils/redactSecrets.js.map +1 -0
package/dist/validation/dynamic-schema.d.ts +29 -0
package/dist/validation/dynamic-schema.js +76 -0
package/dist/validation/dynamic-schema.js.map +1 -0
package/package.json +52 -0

package/dist/security-hardening.js ADDED Viewed

@@ -0,0 +1,275 @@
+import { IdGenerators } from "./id-generator.js";
+// ─── SecurityHardeningEngine ──────────────────────────────────────────────────
+export class SecurityHardeningEngine {
+    vulnerabilities = new Map();
+    auditLog = [];
+    rateLimiters = new Map();
+    securityPolicies = new Map();
+    checksResults = new Map();
+    // ─── Vulnerability Management ────────────────────────────────────────────
+    /**
+     * Register a known vulnerability.
+     */
+    registerVulnerability(vuln) {
+        this.vulnerabilities.set(vuln.id, vuln);
+    }
+    /**
+     * Scan dependencies for known vulnerabilities.
+     */
+    scanDependencies(pluginId, dependencies) {
+        const found = [];
+        for (const dep of dependencies) {
+            for (const vuln of this.vulnerabilities.values()) {
+                if (vuln.affectedPackage === dep.name &&
+                    this.versionMatches(dep.version, vuln.affectedVersion)) {
+                    found.push(vuln);
+                }
+            }
+        }
+        return found;
+    }
+    versionMatches(current, affected) {
+        // Simple version matching: affected "*" matches all, or exact match
+        if (affected === "*")
+            return true;
+        return current === affected;
+    }
+    /**
+     * Get vulnerability by ID.
+     */
+    getVulnerability(vulnId) {
+        return this.vulnerabilities.get(vulnId) || null;
+    }
+    /**
+     * Get all vulnerabilities.
+     */
+    getAllVulnerabilities() {
+        return [...this.vulnerabilities.values()];
+    }
+    // ─── Security Checks ──────────────────────────────────────────────────────
+    /**
+     * Run a security check.
+     */
+    runSecurityCheck(type, pluginId, data) {
+        let result;
+        switch (type) {
+            case "dependency_scan":
+                result = this.checkDependencyScan(pluginId, data);
+                break;
+            case "permission_check":
+                result = this.checkPermissions(pluginId, data);
+                break;
+            case "encryption":
+                result = this.checkEncryption(pluginId, data);
+                break;
+            case "auth_check":
+                result = this.checkAuthentication(pluginId, data);
+                break;
+            default:
+                result = {
+                    type,
+                    passed: true,
+                    message: "Check skipped",
+                    details: {},
+                    severity: "info",
+                    timestamp: new Date().toISOString(),
+                };
+        }
+        // Store result
+        const results = this.checksResults.get(pluginId) || [];
+        results.push(result);
+        this.checksResults.set(pluginId, results);
+        return result;
+    }
+    checkDependencyScan(pluginId, data) {
+        const deps = data.dependencies || [];
+        const vulns = this.scanDependencies(pluginId, deps);
+        return {
+            type: "dependency_scan",
+            passed: vulns.length === 0,
+            message: vulns.length === 0 ? "No vulnerabilities found" : `${vulns.length} vulnerabilities found`,
+            details: { vulnerabilities: vulns },
+            severity: vulns.length > 0 ? "high" : "info",
+            timestamp: new Date().toISOString(),
+        };
+    }
+    checkPermissions(pluginId, data) {
+        const permissions = data.permissions || [];
+        const dangerous = ["root", "admin", "system"];
+        const hasDangerous = permissions.some((p) => dangerous.includes(p));
+        return {
+            type: "permission_check",
+            passed: !hasDangerous,
+            message: hasDangerous ? "Dangerous permissions detected" : "Safe permission levels",
+            details: { permissions, hasDangerous },
+            severity: hasDangerous ? "critical" : "info",
+            timestamp: new Date().toISOString(),
+        };
+    }
+    checkEncryption(pluginId, data) {
+        const usesEncryption = data.usesEncryption === true;
+        const algorithm = data.algorithm || "unknown";
+        return {
+            type: "encryption",
+            passed: usesEncryption && ["AES-256", "TLS", "HTTPS"].includes(algorithm),
+            message: usesEncryption ? "Encryption enabled" : "Encryption not found",
+            details: { usesEncryption, algorithm },
+            severity: usesEncryption ? "info" : "medium",
+            timestamp: new Date().toISOString(),
+        };
+    }
+    checkAuthentication(pluginId, data) {
+        const hasAuth = data.hasAuthentication === true;
+        const authMethod = data.authMethod || "none";
+        return {
+            type: "auth_check",
+            passed: hasAuth && ["oauth", "jwt", "apikey"].includes(authMethod),
+            message: hasAuth ? "Authentication configured" : "No authentication found",
+            details: { hasAuth, authMethod },
+            severity: hasAuth ? "info" : "high",
+            timestamp: new Date().toISOString(),
+        };
+    }
+    // ─── Audit Logging ────────────────────────────────────────────────────────
+    /**
+     * Log a security audit event.
+     */
+    logAuditEvent(action, actor, resource, status, details = {}, ipAddress) {
+        const id = IdGenerators.audit();
+        const entry = {
+            id,
+            action,
+            actor,
+            resource,
+            status,
+            details,
+            timestamp: new Date().toISOString(),
+            ipAddress,
+        };
+        this.auditLog.push(entry);
+        return entry;
+    }
+    /**
+     * Get audit log entries.
+     */
+    getAuditLog(limit = 100, offset = 0) {
+        return this.auditLog.slice(offset, offset + limit);
+    }
+    /**
+     * Get audit log entries for actor.
+     */
+    getAuditLogForActor(actor) {
+        return this.auditLog.filter((e) => e.actor === actor);
+    }
+    /**
+     * Get failed audit events.
+     */
+    getFailedAuditEvents() {
+        return this.auditLog.filter((e) => e.status === "failure");
+    }
+    // ─── Rate Limiting ────────────────────────────────────────────────────────
+    /**
+     * Configure rate limiting for an endpoint.
+     */
+    configureRateLimit(endpoint, config) {
+        const limiters = this.rateLimiters.get(endpoint) || new Map();
+        // Store config (simplified - in real implementation would use the config)
+        this.rateLimiters.set(endpoint, limiters);
+    }
+    /**
+     * Check if a request is rate limited.
+     */
+    checkRateLimit(endpoint, key) {
+        const limiters = this.rateLimiters.get(endpoint) || new Map();
+        const status = limiters.get(key) || {
+            requestCount: 0,
+            resetTime: new Date(Date.now() + 60000), // 1 minute window
+            remaining: 100,
+        };
+        status.requestCount++;
+        status.remaining = Math.max(0, 100 - status.requestCount);
+        limiters.set(key, status);
+        this.rateLimiters.set(endpoint, limiters);
+        return status;
+    }
+    /**
+     * Reset rate limit for a key.
+     */
+    resetRateLimit(endpoint, key) {
+        const limiters = this.rateLimiters.get(endpoint);
+        limiters?.delete(key);
+    }
+    // ─── Security Policies ────────────────────────────────────────────────────
+    /**
+     * Create a security policy.
+     */
+    createPolicy(name, description, rules) {
+        const id = IdGenerators.policy();
+        const policy = {
+            id,
+            name,
+            description,
+            rules: rules.map((rule) => ({
+                rule,
+                enabled: true,
+                severity: "high",
+            })),
+            createdAt: new Date().toISOString(),
+            updatedAt: new Date().toISOString(),
+        };
+        this.securityPolicies.set(id, policy);
+        return policy;
+    }
+    /**
+     * Get security policy.
+     */
+    getPolicy(policyId) {
+        return this.securityPolicies.get(policyId) || null;
+    }
+    /**
+     * Get all policies.
+     */
+    getAllPolicies() {
+        return [...this.securityPolicies.values()];
+    }
+    // ─── Security Report Generation ───────────────────────────────────────────
+    /**
+     * Generate security report for a plugin.
+     */
+    generateSecurityReport(pluginId) {
+        const vulns = this.scanDependencies(pluginId, []);
+        const checks = this.checksResults.get(pluginId) || [];
+        // Calculate score: 100 - (vulnerabilities * 10 + failed_checks * 5)
+        let score = 100;
+        score -= vulns.length * 10;
+        score -= checks.filter((c) => !c.passed).length * 5;
+        score = Math.max(0, Math.min(100, score));
+        const status = score >= 80 ? "pass" : score >= 60 ? "warning" : "fail";
+        return {
+            pluginId,
+            timestamp: new Date().toISOString(),
+            vulnerabilities: vulns,
+            checks,
+            score,
+            status,
+        };
+    }
+    /**
+     * Get security score for plugin.
+     */
+    getSecurityScore(pluginId) {
+        const report = this.generateSecurityReport(pluginId);
+        return report.score;
+    }
+    // ─── Cache helpers ────────────────────────────────────────────────────────
+    getVulnerabilitiesCache() {
+        return this.vulnerabilities;
+    }
+    getAuditLogCache() {
+        return this.auditLog;
+    }
+    getPoliciesCache() {
+        return this.securityPolicies;
+    }
+}
+//# sourceMappingURL=security-hardening.js.map

package/dist/security-hardening.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"security-hardening.js","sourceRoot":"","sources":["../src/security-hardening.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,MAAM,mBAAmB,CAAC;AAiFjD,iFAAiF;AAEjF,MAAM,OAAO,uBAAuB;IAC1B,eAAe,GAA+B,IAAI,GAAG,EAAE,CAAC;IACxD,QAAQ,GAAyB,EAAE,CAAC;IACpC,YAAY,GAA8C,IAAI,GAAG,EAAE,CAAC;IACpE,gBAAgB,GAAgC,IAAI,GAAG,EAAE,CAAC;IAC1D,aAAa,GAAuC,IAAI,GAAG,EAAE,CAAC;IAEtE,4EAA4E;IAE5E;;OAEG;IACH,qBAAqB,CAAC,IAAmB;QACvC,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,EAAE,IAAI,CAAC,CAAC;IAC1C,CAAC;IAED;;OAEG;IACH,gBAAgB,CACd,QAAgB,EAChB,YAAsD;QAEtD,MAAM,KAAK,GAAoB,EAAE,CAAC;QAElC,KAAK,MAAM,GAAG,IAAI,YAAY,EAAE,CAAC;YAC/B,KAAK,MAAM,IAAI,IAAI,IAAI,CAAC,eAAe,CAAC,MAAM,EAAE,EAAE,CAAC;gBACjD,IACE,IAAI,CAAC,eAAe,KAAK,GAAG,CAAC,IAAI;oBACjC,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,OAAO,EAAE,IAAI,CAAC,eAAe,CAAC,EACtD,CAAC;oBACD,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;gBACnB,CAAC;YACH,CAAC;QACH,CAAC;QAED,OAAO,KAAK,CAAC;IACf,CAAC;IAEO,cAAc,CAAC,OAAe,EAAE,QAAgB;QACtD,oEAAoE;QACpE,IAAI,QAAQ,KAAK,GAAG;YAAE,OAAO,IAAI,CAAC;QAClC,OAAO,OAAO,KAAK,QAAQ,CAAC;IAC9B,CAAC;IAED;;OAEG;IACH,gBAAgB,CAAC,MAAc;QAC7B,OAAO,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,MAAM,CAAC,IAAI,IAAI,CAAC;IAClD,CAAC;IAED;;OAEG;IACH,qBAAqB;QACnB,OAAO,CAAC,GAAG,IAAI,CAAC,eAAe,CAAC,MAAM,EAAE,CAAC,CAAC;IAC5C,CAAC;IAED,6EAA6E;IAE7E;;OAEG;IACH,gBAAgB,CACd,IAAuB,EACvB,QAAgB,EAChB,IAA6B;QAE7B,IAAI,MAA2B,CAAC;QAEhC,QAAQ,IAAI,EAAE,CAAC;YACb,KAAK,iBAAiB;gBACpB,MAAM,GAAG,IAAI,CAAC,mBAAmB,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAC;gBAClD,MAAM;YACR,KAAK,kBAAkB;gBACrB,MAAM,GAAG,IAAI,CAAC,gBAAgB,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAC;gBAC/C,MAAM;YACR,KAAK,YAAY;gBACf,MAAM,GAAG,IAAI,CAAC,eAAe,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAC;gBAC9C,MAAM;YACR,KAAK,YAAY;gBACf,MAAM,GAAG,IAAI,CAAC,mBAAmB,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAC;gBAClD,MAAM;YACR;gBACE,MAAM,GAAG;oBACP,IAAI;oBACJ,MAAM,EAAE,IAAI;oBACZ,OAAO,EAAE,eAAe;oBACxB,OAAO,EAAE,EAAE;oBACX,QAAQ,EAAE,MAAM;oBAChB,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;iBACpC,CAAC;QACN,CAAC;QAED,eAAe;QACf,MAAM,OAAO,GAAG,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,QAAQ,CAAC,IAAI,EAAE,CAAC;QACvD,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QACrB,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;QAE1C,OAAO,MAAM,CAAC;IAChB,CAAC;IAEO,mBAAmB,CACzB,QAAgB,EAChB,IAA6B;QAE7B,MAAM,IAAI,GAAG,IAAI,CAAC,YAAwD,IAAI,EAAE,CAAC;QACjF,MAAM,KAAK,GAAG,IAAI,CAAC,gBAAgB,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAC;QAEpD,OAAO;YACL,IAAI,EAAE,iBAAiB;YACvB,MAAM,EAAE,KAAK,CAAC,MAAM,KAAK,CAAC;YAC1B,OAAO,EAAE,KAAK,CAAC,MAAM,KAAK,CAAC,CAAC,CAAC,CAAC,0BAA0B,CAAC,CAAC,CAAC,GAAG,KAAK,CAAC,MAAM,wBAAwB;YAClG,OAAO,EAAE,EAAE,eAAe,EAAE,KAAK,EAAE;YACnC,QAAQ,EAAE,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM;YAC5C,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;SACpC,CAAC;IACJ,CAAC;IAEO,gBAAgB,CAAC,QAAgB,EAAE,IAA6B;QACtE,MAAM,WAAW,GAAG,IAAI,CAAC,WAAuB,IAAI,EAAE,CAAC;QACvD,MAAM,SAAS,GAAG,CAAC,MAAM,EAAE,OAAO,EAAE,QAAQ,CAAC,CAAC;QAC9C,MAAM,YAAY,GAAG,WAAW,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC;QAEpE,OAAO;YACL,IAAI,EAAE,kBAAkB;YACxB,MAAM,EAAE,CAAC,YAAY;YACrB,OAAO,EAAE,YAAY,CAAC,CAAC,CAAC,gCAAgC,CAAC,CAAC,CAAC,wBAAwB;YACnF,OAAO,EAAE,EAAE,WAAW,EAAE,YAAY,EAAE;YACtC,QAAQ,EAAE,YAAY,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,MAAM;YAC5C,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;SACpC,CAAC;IACJ,CAAC;IAEO,eAAe,CAAC,QAAgB,EAAE,IAA6B;QACrE,MAAM,cAAc,GAAG,IAAI,CAAC,cAAc,KAAK,IAAI,CAAC;QACpD,MAAM,SAAS,GAAG,IAAI,CAAC,SAAmB,IAAI,SAAS,CAAC;QAExD,OAAO;YACL,IAAI,EAAE,YAAY;YAClB,MAAM,EAAE,cAAc,IAAI,CAAC,SAAS,EAAE,KAAK,EAAE,OAAO,CAAC,CAAC,QAAQ,CAAC,SAAS,CAAC;YACzE,OAAO,EAAE,cAAc,CAAC,CAAC,CAAC,oBAAoB,CAAC,CAAC,CAAC,sBAAsB;YACvE,OAAO,EAAE,EAAE,cAAc,EAAE,SAAS,EAAE;YACtC,QAAQ,EAAE,cAAc,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,QAAQ;YAC5C,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;SACpC,CAAC;IACJ,CAAC;IAEO,mBAAmB,CAAC,QAAgB,EAAE,IAA6B;QACzE,MAAM,OAAO,GAAG,IAAI,CAAC,iBAAiB,KAAK,IAAI,CAAC;QAChD,MAAM,UAAU,GAAG,IAAI,CAAC,UAAoB,IAAI,MAAM,CAAC;QAEvD,OAAO;YACL,IAAI,EAAE,YAAY;YAClB,MAAM,EAAE,OAAO,IAAI,CAAC,OAAO,EAAE,KAAK,EAAE,QAAQ,CAAC,CAAC,QAAQ,CAAC,UAAU,CAAC;YAClE,OAAO,EAAE,OAAO,CAAC,CAAC,CAAC,2BAA2B,CAAC,CAAC,CAAC,yBAAyB;YAC1E,OAAO,EAAE,EAAE,OAAO,EAAE,UAAU,EAAE;YAChC,QAAQ,EAAE,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM;YACnC,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;SACpC,CAAC;IACJ,CAAC;IAED,6EAA6E;IAE7E;;OAEG;IACH,aAAa,CACX,MAAc,EACd,KAAa,EACb,QAAgB,EAChB,MAA6B,EAC7B,UAAmC,EAAE,EACrC,SAAkB;QAElB,MAAM,EAAE,GAAG,YAAY,CAAC,KAAK,EAAE,CAAC;QAChC,MAAM,KAAK,GAAuB;YAChC,EAAE;YACF,MAAM;YACN,KAAK;YACL,QAAQ;YACR,MAAM;YACN,OAAO;YACP,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YACnC,SAAS;SACV,CAAC;QAEF,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAC1B,OAAO,KAAK,CAAC;IACf,CAAC;IAED;;OAEG;IACH,WAAW,CAAC,KAAK,GAAG,GAAG,EAAE,MAAM,GAAG,CAAC;QACjC,OAAO,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC,MAAM,EAAE,MAAM,GAAG,KAAK,CAAC,CAAC;IACrD,CAAC;IAED;;OAEG;IACH,mBAAmB,CAAC,KAAa;QAC/B,OAAO,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,KAAK,KAAK,CAAC,CAAC;IACxD,CAAC;IAED;;OAEG;IACH,oBAAoB;QAClB,OAAO,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,KAAK,SAAS,CAAC,CAAC;IAC7D,CAAC;IAED,6EAA6E;IAE7E;;OAEG;IACH,kBAAkB,CAAC,QAAgB,EAAE,MAAuB;QAC1D,MAAM,QAAQ,GAAG,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,QAAQ,CAAC,IAAI,IAAI,GAAG,EAAE,CAAC;QAC9D,0EAA0E;QAC1E,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;IAC5C,CAAC;IAED;;OAEG;IACH,cAAc,CAAC,QAAgB,EAAE,GAAW;QAC1C,MAAM,QAAQ,GAAG,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,QAAQ,CAAC,IAAI,IAAI,GAAG,EAAE,CAAC;QAC9D,MAAM,MAAM,GAAG,QAAQ,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI;YAClC,YAAY,EAAE,CAAC;YACf,SAAS,EAAE,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK,CAAC,EAAE,kBAAkB;YAC3D,SAAS,EAAE,GAAG;SACf,CAAC;QAEF,MAAM,CAAC,YAAY,EAAE,CAAC;QACtB,MAAM,CAAC,SAAS,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,GAAG,GAAG,MAAM,CAAC,YAAY,CAAC,CAAC;QAE1D,QAAQ,CAAC,GAAG,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC;QAC1B,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;QAE1C,OAAO,MAAM,CAAC;IAChB,CAAC;IAED;;OAEG;IACH,cAAc,CAAC,QAAgB,EAAE,GAAW;QAC1C,MAAM,QAAQ,GAAG,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;QACjD,QAAQ,EAAE,MAAM,CAAC,GAAG,CAAC,CAAC;IACxB,CAAC;IAED,6EAA6E;IAE7E;;OAEG;IACH,YAAY,CAAC,IAAY,EAAE,WAAmB,EAAE,KAAe;QAC7D,MAAM,EAAE,GAAG,YAAY,CAAC,MAAM,EAAE,CAAC;QACjC,MAAM,MAAM,GAAmB;YAC7B,EAAE;YACF,IAAI;YACJ,WAAW;YACX,KAAK,EAAE,KAAK,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;gBAC1B,IAAI;gBACJ,OAAO,EAAE,IAAI;gBACb,QAAQ,EAAE,MAAM;aACjB,CAAC,CAAC;YACH,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YACnC,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;SACpC,CAAC;QAEF,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,EAAE,EAAE,MAAM,CAAC,CAAC;QACtC,OAAO,MAAM,CAAC;IAChB,CAAC;IAED;;OAEG;IACH,SAAS,CAAC,QAAgB;QACxB,OAAO,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,QAAQ,CAAC,IAAI,IAAI,CAAC;IACrD,CAAC;IAED;;OAEG;IACH,cAAc;QACZ,OAAO,CAAC,GAAG,IAAI,CAAC,gBAAgB,CAAC,MAAM,EAAE,CAAC,CAAC;IAC7C,CAAC;IAED,6EAA6E;IAE7E;;OAEG;IACH,sBAAsB,CAAC,QAAgB;QACrC,MAAM,KAAK,GAAG,IAAI,CAAC,gBAAgB,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAC;QAClD,MAAM,MAAM,GAAG,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,QAAQ,CAAC,IAAI,EAAE,CAAC;QAEtD,oEAAoE;QACpE,IAAI,KAAK,GAAG,GAAG,CAAC;QAChB,KAAK,IAAI,KAAK,CAAC,MAAM,GAAG,EAAE,CAAC;QAC3B,KAAK,IAAI,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC;QACpD,KAAK,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC,CAAC;QAE1C,MAAM,MAAM,GAAG,KAAK,IAAI,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,MAAM,CAAC;QAEvE,OAAO;YACL,QAAQ;YACR,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YACnC,eAAe,EAAE,KAAK;YACtB,MAAM;YACN,KAAK;YACL,MAAM;SACP,CAAC;IACJ,CAAC;IAED;;OAEG;IACH,gBAAgB,CAAC,QAAgB;QAC/B,MAAM,MAAM,GAAG,IAAI,CAAC,sBAAsB,CAAC,QAAQ,CAAC,CAAC;QACrD,OAAO,MAAM,CAAC,KAAK,CAAC;IACtB,CAAC;IAED,6EAA6E;IAE7E,uBAAuB;QACrB,OAAO,IAAI,CAAC,eAAe,CAAC;IAC9B,CAAC;IAED,gBAAgB;QACd,OAAO,IAAI,CAAC,QAAQ,CAAC;IACvB,CAAC;IAED,gBAAgB;QACd,OAAO,IAAI,CAAC,gBAAgB,CAAC;IAC/B,CAAC;CACF"}

package/dist/security-policy.d.ts ADDED Viewed

@@ -0,0 +1,89 @@
+export interface AllowlistEntry {
+    name: string;
+    /** semver range allowed for this package, e.g. ">=14.0.0 <15" or "*" */
+    range: string;
+    reason?: string;
+}
+export interface SecretPolicyEntry {
+    /** Maximum allowed time-to-live for credentials issued from this key, in hours. */
+    max_ttl_hours?: number;
+    /** Required permission scope. Free-form string so providers map to their own
+     * vocabulary (Stripe "restricted-readonly", AWS "ReadOnlyAccess", GCP IAM
+     * role names, etc.). When set, `policy check` reports any key whose vault
+     * config doesn't pin a scope. */
+    scope?: string;
+    /** Soft cap on monthly spend in USD. Enforcement is provider-side
+     * (Stripe spend-limits, OpenAI usage-limits); kit only records the
+     * intended limit so it can be re-verified manually or by future S5 work. */
+    spend_cap_usd?: number;
+    /** When true, only `*_restricted` / least-privilege key variants are
+     * accepted (Stripe restricted keys, AWS IAM roles vs root credentials). */
+    require_restricted?: boolean;
+    /** Free-text reason — survives in audit logs when violations are reported. */
+    description?: string;
+}
+export interface Allowlist {
+    policy: {
+        /** Block runtime dependencies that aren't on the allowlist */
+        enforce_runtime: boolean;
+        /** Block devDependencies that aren't on the allowlist */
+        enforce_dev: boolean;
+        /** Allow `*` ranges (treat as wildcard accept). Default false. */
+        allow_wildcards: boolean;
+        /** Require every key in `[secrets.keys]` to have a `secrets` entry below. */
+        enforce_secrets?: boolean;
+        /** Default cap when a key has no spend_cap_usd of its own (USD). */
+        default_spend_cap_usd?: number;
+    };
+    packages: AllowlistEntry[];
+    /** Per-key policy. Keyed by the env-var name from `[secrets.keys]`. */
+    secrets?: Record<string, SecretPolicyEntry>;
+}
+export declare function readAllowlist(cwd?: string): Promise<Allowlist | null>;
+export declare function writeAllowlist(list: Allowlist, cwd?: string): Promise<void>;
+/**
+ * Bootstraps `.kit-allowlist.json` from the current package.json. Every
+ * existing dependency is allowed at its currently-recorded range. The user
+ * iterates from there: tightening, removing, or annotating.
+ */
+export declare function initAllowlist(cwd?: string): Promise<Allowlist>;
+export interface PolicyViolation {
+    name: string;
+    range: string;
+    reason: "not-on-allowlist" | "wildcard-blocked";
+    kind: "runtime" | "dev";
+}
+export interface SecretPolicyViolation {
+    key: string;
+    reason: "no-policy-entry" | "no-spend-cap" | "no-scope" | "ttl-too-long";
+    detail: string;
+}
+/**
+ * Reports packages in package.json that are missing from the allowlist
+ * (or that use a wildcard `*` range when policy.allow_wildcards is false).
+ * Does not check version-range *satisfaction* — that's npm's job; this is
+ * just a presence-and-shape gate suitable for CI.
+ */
+export declare function checkAllowlist(cwd?: string): Promise<{
+    list: Allowlist | null;
+    violations: PolicyViolation[];
+}>;
+/**
+ * Audits the secrets section of an allowlist against the keys actually
+ * referenced in `[secrets.keys]` of the user's `.kit.toml`. Returns one
+ * violation per gap.
+ *
+ * Strictness depends on policy.enforce_secrets:
+ *   true  → every secrets.keys entry must have a matching policy entry.
+ *   false → only secrets that DO have a partial policy are validated, so
+ *           teams can opt-in gradually without instant-fail.
+ */
+export declare function checkSecretPolicy(list: Allowlist, configKeys: string[], paidServices?: Set<string>): SecretPolicyViolation[];
+/**
+ * Adds a package to the allowlist with the version range from package.json.
+ * Returns true if the package was added, false if it was already there.
+ */
+export declare function addToAllowlist(pkgName: string, cwd?: string): Promise<{
+    added: boolean;
+    entry: AllowlistEntry | null;
+}>;

package/dist/security-policy.js ADDED Viewed

@@ -0,0 +1,174 @@
+import { readFile, writeFile, access } from "node:fs/promises";
+import { resolve } from "node:path";
+const ALLOWLIST_FILE = ".kit-allowlist.json";
+const DEFAULT_POLICY = {
+    enforce_runtime: true,
+    enforce_dev: false,
+    allow_wildcards: false,
+};
+export async function readAllowlist(cwd = process.cwd()) {
+    const path = resolve(cwd, ALLOWLIST_FILE);
+    try {
+        await access(path);
+        const text = await readFile(path, "utf-8");
+        return JSON.parse(text);
+    }
+    catch {
+        return null;
+    }
+}
+export async function writeAllowlist(list, cwd = process.cwd()) {
+    const path = resolve(cwd, ALLOWLIST_FILE);
+    await writeFile(path, JSON.stringify(list, null, 2) + "\n", "utf-8");
+}
+async function readPackageJson(cwd) {
+    try {
+        const text = await readFile(resolve(cwd, "package.json"), "utf-8");
+        return JSON.parse(text);
+    }
+    catch {
+        return null;
+    }
+}
+/**
+ * Bootstraps `.kit-allowlist.json` from the current package.json. Every
+ * existing dependency is allowed at its currently-recorded range. The user
+ * iterates from there: tightening, removing, or annotating.
+ */
+export async function initAllowlist(cwd = process.cwd()) {
+    const pkg = await readPackageJson(cwd);
+    const packages = [];
+    if (pkg) {
+        for (const [name, range] of Object.entries(pkg.dependencies ?? {})) {
+            packages.push({ name, range, reason: "runtime" });
+        }
+        for (const [name, range] of Object.entries(pkg.devDependencies ?? {})) {
+            packages.push({ name, range, reason: "dev" });
+        }
+    }
+    const list = {
+        policy: DEFAULT_POLICY,
+        packages,
+    };
+    await writeAllowlist(list, cwd);
+    return list;
+}
+/**
+ * Reports packages in package.json that are missing from the allowlist
+ * (or that use a wildcard `*` range when policy.allow_wildcards is false).
+ * Does not check version-range *satisfaction* — that's npm's job; this is
+ * just a presence-and-shape gate suitable for CI.
+ */
+export async function checkAllowlist(cwd = process.cwd()) {
+    const list = await readAllowlist(cwd);
+    if (!list)
+        return { list: null, violations: [] };
+    const pkg = await readPackageJson(cwd);
+    if (!pkg)
+        return { list, violations: [] };
+    const allowed = new Map(list.packages.map((p) => [p.name, p]));
+    const violations = [];
+    const check = (deps, kind, enforce) => {
+        if (!enforce || !deps)
+            return;
+        for (const [name, range] of Object.entries(deps)) {
+            const entry = allowed.get(name);
+            if (!entry) {
+                violations.push({ name, range, reason: "not-on-allowlist", kind });
+                continue;
+            }
+            if (!list.policy.allow_wildcards &&
+                (entry.range === "*" || range === "*")) {
+                violations.push({ name, range, reason: "wildcard-blocked", kind });
+            }
+        }
+    };
+    check(pkg.dependencies, "runtime", list.policy.enforce_runtime);
+    check(pkg.devDependencies, "dev", list.policy.enforce_dev);
+    return { list, violations };
+}
+/**
+ * Audits the secrets section of an allowlist against the keys actually
+ * referenced in `[secrets.keys]` of the user's `.kit.toml`. Returns one
+ * violation per gap.
+ *
+ * Strictness depends on policy.enforce_secrets:
+ *   true  → every secrets.keys entry must have a matching policy entry.
+ *   false → only secrets that DO have a partial policy are validated, so
+ *           teams can opt-in gradually without instant-fail.
+ */
+export function checkSecretPolicy(list, configKeys, paidServices = new Set([
+    "STRIPE",
+    "OPENAI",
+    "ANTHROPIC",
+    "RESEND",
+    "VERCEL",
+])) {
+    const violations = [];
+    const policyBlock = list.secrets ?? {};
+    const enforce = list.policy.enforce_secrets ?? false;
+    const defaultCap = list.policy.default_spend_cap_usd;
+    for (const key of configKeys) {
+        const entry = policyBlock[key];
+        if (!entry) {
+            if (enforce) {
+                violations.push({
+                    key,
+                    reason: "no-policy-entry",
+                    detail: "Key is in [secrets.keys] but missing from allowlist.secrets",
+                });
+            }
+            continue;
+        }
+        // Heuristic: is this key paid? Look at the prefix before the first `_`.
+        const prefix = key.split("_")[0]?.toUpperCase() ?? "";
+        const isPaid = paidServices.has(prefix);
+        if (isPaid && entry.spend_cap_usd === undefined && defaultCap === undefined) {
+            violations.push({
+                key,
+                reason: "no-spend-cap",
+                detail: `${prefix} keys must declare spend_cap_usd (or set policy.default_spend_cap_usd)`,
+            });
+        }
+        if (entry.scope === undefined && entry.require_restricted !== true) {
+            violations.push({
+                key,
+                reason: "no-scope",
+                detail: "Set scope (e.g. 'read', 'ReadOnlyAccess') or require_restricted=true",
+            });
+        }
+        if (entry.max_ttl_hours !== undefined && entry.max_ttl_hours > 768) {
+            // 768 hours = 32 days = HashiCorp Vault's default TTL ceiling; longer
+            // than this is essentially "never expires" and undermines the policy.
+            violations.push({
+                key,
+                reason: "ttl-too-long",
+                detail: `max_ttl_hours=${entry.max_ttl_hours} > 768 (32d). Use rotation instead.`,
+            });
+        }
+    }
+    return violations;
+}
+/**
+ * Adds a package to the allowlist with the version range from package.json.
+ * Returns true if the package was added, false if it was already there.
+ */
+export async function addToAllowlist(pkgName, cwd = process.cwd()) {
+    let list = await readAllowlist(cwd);
+    if (!list) {
+        list = { policy: DEFAULT_POLICY, packages: [] };
+    }
+    if (list.packages.find((p) => p.name === pkgName)) {
+        return { added: false, entry: list.packages.find((p) => p.name === pkgName) };
+    }
+    const pkg = await readPackageJson(cwd);
+    if (!pkg)
+        return { added: false, entry: null };
+    const range = pkg.dependencies?.[pkgName] ?? pkg.devDependencies?.[pkgName] ?? "*";
+    const kind = pkg.dependencies?.[pkgName] ? "runtime" : "dev";
+    const entry = { name: pkgName, range, reason: kind };
+    list.packages.push(entry);
+    await writeAllowlist(list, cwd);
+    return { added: true, entry };
+}
+//# sourceMappingURL=security-policy.js.map

package/dist/security-policy.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"security-policy.js","sourceRoot":"","sources":["../src/security-policy.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,SAAS,EAAE,MAAM,EAAE,MAAM,kBAAkB,CAAC;AAC/D,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AA8CpC,MAAM,cAAc,GAAG,qBAAqB,CAAC;AAE7C,MAAM,cAAc,GAAwB;IAC1C,eAAe,EAAE,IAAI;IACrB,WAAW,EAAE,KAAK;IAClB,eAAe,EAAE,KAAK;CACvB,CAAC;AAQF,MAAM,CAAC,KAAK,UAAU,aAAa,CAAC,MAAc,OAAO,CAAC,GAAG,EAAE;IAC7D,MAAM,IAAI,GAAG,OAAO,CAAC,GAAG,EAAE,cAAc,CAAC,CAAC;IAC1C,IAAI,CAAC;QACH,MAAM,MAAM,CAAC,IAAI,CAAC,CAAC;QACnB,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;QAC3C,OAAO,IAAI,CAAC,KAAK,CAAC,IAAI,CAAc,CAAC;IACvC,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,cAAc,CAClC,IAAe,EACf,MAAc,OAAO,CAAC,GAAG,EAAE;IAE3B,MAAM,IAAI,GAAG,OAAO,CAAC,GAAG,EAAE,cAAc,CAAC,CAAC;IAC1C,MAAM,SAAS,CAAC,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC,GAAG,IAAI,EAAE,OAAO,CAAC,CAAC;AACvE,CAAC;AAED,KAAK,UAAU,eAAe,CAAC,GAAW;IACxC,IAAI,CAAC;QACH,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,OAAO,CAAC,GAAG,EAAE,cAAc,CAAC,EAAE,OAAO,CAAC,CAAC;QACnE,OAAO,IAAI,CAAC,KAAK,CAAC,IAAI,CAAgB,CAAC;IACzC,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED;;;;GAIG;AACH,MAAM,CAAC,KAAK,UAAU,aAAa,CAAC,MAAc,OAAO,CAAC,GAAG,EAAE;IAC7D,MAAM,GAAG,GAAG,MAAM,eAAe,CAAC,GAAG,CAAC,CAAC;IACvC,MAAM,QAAQ,GAAqB,EAAE,CAAC;IAEtC,IAAI,GAAG,EAAE,CAAC;QACR,KAAK,MAAM,CAAC,IAAI,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,YAAY,IAAI,EAAE,CAAC,EAAE,CAAC;YACnE,QAAQ,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,KAAK,EAAE,MAAM,EAAE,SAAS,EAAE,CAAC,CAAC;QACpD,CAAC;QACD,KAAK,MAAM,CAAC,IAAI,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,eAAe,IAAI,EAAE,CAAC,EAAE,CAAC;YACtE,QAAQ,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC,CAAC;QAChD,CAAC;IACH,CAAC;IAED,MAAM,IAAI,GAAc;QACtB,MAAM,EAAE,cAAc;QACtB,QAAQ;KACT,CAAC;IACF,MAAM,cAAc,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;IAChC,OAAO,IAAI,CAAC;AACd,CAAC;AAmBD;;;;;GAKG;AACH,MAAM,CAAC,KAAK,UAAU,cAAc,CAClC,MAAc,OAAO,CAAC,GAAG,EAAE;IAE3B,MAAM,IAAI,GAAG,MAAM,aAAa,CAAC,GAAG,CAAC,CAAC;IACtC,IAAI,CAAC,IAAI;QAAE,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,UAAU,EAAE,EAAE,EAAE,CAAC;IAEjD,MAAM,GAAG,GAAG,MAAM,eAAe,CAAC,GAAG,CAAC,CAAC;IACvC,IAAI,CAAC,GAAG;QAAE,OAAO,EAAE,IAAI,EAAE,UAAU,EAAE,EAAE,EAAE,CAAC;IAE1C,MAAM,OAAO,GAAG,IAAI,GAAG,CAAC,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC;IAC/D,MAAM,UAAU,GAAsB,EAAE,CAAC;IAEzC,MAAM,KAAK,GAAG,CACZ,IAAwC,EACxC,IAAuB,EACvB,OAAgB,EACV,EAAE;QACR,IAAI,CAAC,OAAO,IAAI,CAAC,IAAI;YAAE,OAAO;QAC9B,KAAK,MAAM,CAAC,IAAI,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC;YACjD,MAAM,KAAK,GAAG,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;YAChC,IAAI,CAAC,KAAK,EAAE,CAAC;gBACX,UAAU,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,KAAK,EAAE,MAAM,EAAE,kBAAkB,EAAE,IAAI,EAAE,CAAC,CAAC;gBACnE,SAAS;YACX,CAAC;YACD,IACE,CAAC,IAAI,CAAC,MAAM,CAAC,eAAe;gBAC5B,CAAC,KAAK,CAAC,KAAK,KAAK,GAAG,IAAI,KAAK,KAAK,GAAG,CAAC,EACtC,CAAC;gBACD,UAAU,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,KAAK,EAAE,MAAM,EAAE,kBAAkB,EAAE,IAAI,EAAE,CAAC,CAAC;YACrE,CAAC;QACH,CAAC;IACH,CAAC,CAAC;IAEF,KAAK,CAAC,GAAG,CAAC,YAAY,EAAE,SAAS,EAAE,IAAI,CAAC,MAAM,CAAC,eAAe,CAAC,CAAC;IAChE,KAAK,CAAC,GAAG,CAAC,eAAe,EAAE,KAAK,EAAE,IAAI,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC;IAE3D,OAAO,EAAE,IAAI,EAAE,UAAU,EAAE,CAAC;AAC9B,CAAC;AAED;;;;;;;;;GASG;AACH,MAAM,UAAU,iBAAiB,CAC/B,IAAe,EACf,UAAoB,EACpB,eAA4B,IAAI,GAAG,CAAC;IAClC,QAAQ;IACR,QAAQ;IACR,WAAW;IACX,QAAQ;IACR,QAAQ;CACT,CAAC;IAEF,MAAM,UAAU,GAA4B,EAAE,CAAC;IAC/C,MAAM,WAAW,GAAG,IAAI,CAAC,OAAO,IAAI,EAAE,CAAC;IACvC,MAAM,OAAO,GAAG,IAAI,CAAC,MAAM,CAAC,eAAe,IAAI,KAAK,CAAC;IACrD,MAAM,UAAU,GAAG,IAAI,CAAC,MAAM,CAAC,qBAAqB,CAAC;IAErD,KAAK,MAAM,GAAG,IAAI,UAAU,EAAE,CAAC;QAC7B,MAAM,KAAK,GAAG,WAAW,CAAC,GAAG,CAAC,CAAC;QAE/B,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,IAAI,OAAO,EAAE,CAAC;gBACZ,UAAU,CAAC,IAAI,CAAC;oBACd,GAAG;oBACH,MAAM,EAAE,iBAAiB;oBACzB,MAAM,EAAE,6DAA6D;iBACtE,CAAC,CAAC;YACL,CAAC;YACD,SAAS;QACX,CAAC;QAED,wEAAwE;QACxE,MAAM,MAAM,GAAG,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,WAAW,EAAE,IAAI,EAAE,CAAC;QACtD,MAAM,MAAM,GAAG,YAAY,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;QAExC,IAAI,MAAM,IAAI,KAAK,CAAC,aAAa,KAAK,SAAS,IAAI,UAAU,KAAK,SAAS,EAAE,CAAC;YAC5E,UAAU,CAAC,IAAI,CAAC;gBACd,GAAG;gBACH,MAAM,EAAE,cAAc;gBACtB,MAAM,EAAE,GAAG,MAAM,wEAAwE;aAC1F,CAAC,CAAC;QACL,CAAC;QAED,IAAI,KAAK,CAAC,KAAK,KAAK,SAAS,IAAI,KAAK,CAAC,kBAAkB,KAAK,IAAI,EAAE,CAAC;YACnE,UAAU,CAAC,IAAI,CAAC;gBACd,GAAG;gBACH,MAAM,EAAE,UAAU;gBAClB,MAAM,EAAE,sEAAsE;aAC/E,CAAC,CAAC;QACL,CAAC;QAED,IAAI,KAAK,CAAC,aAAa,KAAK,SAAS,IAAI,KAAK,CAAC,aAAa,GAAG,GAAG,EAAE,CAAC;YACnE,sEAAsE;YACtE,sEAAsE;YACtE,UAAU,CAAC,IAAI,CAAC;gBACd,GAAG;gBACH,MAAM,EAAE,cAAc;gBACtB,MAAM,EAAE,iBAAiB,KAAK,CAAC,aAAa,qCAAqC;aAClF,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,OAAO,UAAU,CAAC;AACpB,CAAC;AAED;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,cAAc,CAClC,OAAe,EACf,MAAc,OAAO,CAAC,GAAG,EAAE;IAE3B,IAAI,IAAI,GAAG,MAAM,aAAa,CAAC,GAAG,CAAC,CAAC;IACpC,IAAI,CAAC,IAAI,EAAE,CAAC;QACV,IAAI,GAAG,EAAE,MAAM,EAAE,cAAc,EAAE,QAAQ,EAAE,EAAE,EAAE,CAAC;IAClD,CAAC;IACD,IAAI,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,OAAO,CAAC,EAAE,CAAC;QAClD,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,OAAO,CAAE,EAAE,CAAC;IACjF,CAAC;IACD,MAAM,GAAG,GAAG,MAAM,eAAe,CAAC,GAAG,CAAC,CAAC;IACvC,IAAI,CAAC,GAAG;QAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC;IAC/C,MAAM,KAAK,GACT,GAAG,CAAC,YAAY,EAAE,CAAC,OAAO,CAAC,IAAI,GAAG,CAAC,eAAe,EAAE,CAAC,OAAO,CAAC,IAAI,GAAG,CAAC;IACvE,MAAM,IAAI,GAAG,GAAG,CAAC,YAAY,EAAE,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,KAAK,CAAC;IAC7D,MAAM,KAAK,GAAmB,EAAE,IAAI,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC;IACrE,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IAC1B,MAAM,cAAc,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;IAChC,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC;AAChC,CAAC"}