npm - termify-agent - Versions diffs - 1.0.33 → 1.0.34 - Mend

termify-agent 1.0.33 → 1.0.34

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (56) hide show

package/dist/agent.d.ts +13 -0
package/dist/agent.d.ts.map +1 -1
package/dist/agent.js +236 -0
package/dist/agent.js.map +1 -1
package/dist/config.d.ts +2 -0
package/dist/config.d.ts.map +1 -1
package/dist/config.js +5 -0
package/dist/config.js.map +1 -1
package/dist/index.js +184 -15
package/dist/index.js.map +1 -1
package/dist/network/backends/windows-wireguard-backend.d.ts +29 -0
package/dist/network/backends/windows-wireguard-backend.d.ts.map +1 -0
package/dist/network/backends/windows-wireguard-backend.js +190 -0
package/dist/network/backends/windows-wireguard-backend.js.map +1 -0
package/dist/network/key-rotation.d.ts +55 -0
package/dist/network/key-rotation.d.ts.map +1 -0
package/dist/network/key-rotation.js +105 -0
package/dist/network/key-rotation.js.map +1 -0
package/dist/network/nat-traversal.d.ts +27 -0
package/dist/network/nat-traversal.d.ts.map +1 -0
package/dist/network/nat-traversal.js +76 -0
package/dist/network/nat-traversal.js.map +1 -0
package/dist/network/uapi-client.d.ts +50 -0
package/dist/network/uapi-client.d.ts.map +1 -0
package/dist/network/uapi-client.js +260 -0
package/dist/network/uapi-client.js.map +1 -0
package/dist/network/wireguard-backend.d.ts +60 -0
package/dist/network/wireguard-backend.d.ts.map +1 -0
package/dist/network/wireguard-backend.js +9 -0
package/dist/network/wireguard-backend.js.map +1 -0
package/dist/network/wireguard-installer.d.ts +24 -0
package/dist/network/wireguard-installer.d.ts.map +1 -0
package/dist/network/wireguard-installer.js +362 -0
package/dist/network/wireguard-installer.js.map +1 -0
package/dist/network/wireguard-manager.d.ts +92 -0
package/dist/network/wireguard-manager.d.ts.map +1 -0
package/dist/network/wireguard-manager.js +575 -0
package/dist/network/wireguard-manager.js.map +1 -0
package/dist/network/wireguard-state-store.d.ts +55 -0
package/dist/network/wireguard-state-store.d.ts.map +1 -0
package/dist/network/wireguard-state-store.js +196 -0
package/dist/network/wireguard-state-store.js.map +1 -0
package/dist/ssh-manager.d.ts +5 -0
package/dist/ssh-manager.d.ts.map +1 -1
package/dist/ssh-manager.js +104 -0
package/dist/ssh-manager.js.map +1 -1
package/dist/tunnel-manager.d.ts +65 -0
package/dist/tunnel-manager.d.ts.map +1 -0
package/dist/tunnel-manager.js +267 -0
package/dist/tunnel-manager.js.map +1 -0
package/dist/ws-client.d.ts +145 -0
package/dist/ws-client.d.ts.map +1 -1
package/dist/ws-client.js +136 -1
package/dist/ws-client.js.map +1 -1
package/package.json +1 -1
package/scripts/postinstall.js +100 -35

package/dist/network/wireguard-manager.js ADDED Viewed

@@ -0,0 +1,575 @@
+/**
+ * High-level WireGuard orchestrator for the Termify agent.
+ *
+ * Combines:
+ *   - wireguard-installer  (detection / auto-install)
+ *   - wireguard-state-store (persistent keypair)
+ *   - WireGuardBackend      (platform-specific interface management)
+ *
+ * Emits events:
+ *   - 'ready'           after interface is up
+ *   - 'peer:added'      { peer }
+ *   - 'peer:removed'    { publicKey }
+ *   - 'health'          WgHealthSnapshot
+ *   - 'error'           Error
+ *   - 'shutdown'        when torn down
+ */
+import { EventEmitter } from 'node:events';
+import { execFile as execFileCb, spawn } from 'node:child_process';
+import { promisify } from 'node:util';
+import { platform as osPlatform, homedir } from 'node:os';
+import { join } from 'node:path';
+import { logger } from '../utils/logger.js';
+import { detectWireGuard, installWireGuard, } from './wireguard-installer.js';
+import { WireGuardStateStore } from './wireguard-state-store.js';
+import { WindowsWireGuardBackend } from './backends/windows-wireguard-backend.js';
+import { uapiSetInterface, uapiAddPeer, uapiRemovePeer, uapiUpdatePeerEndpoint, uapiGetStatus, } from './uapi-client.js';
+const execFile = promisify(execFileCb);
+// ---------------------------------------------------------------------------
+// Linux / macOS backend implementation
+// ---------------------------------------------------------------------------
+/**
+ * Concrete WireGuardBackend for Linux (kernel module) and macOS (wireguard-go).
+ *
+ * Supports two modes:
+ * - CLI mode: uses `wg` CLI tool (for Linux kernel module)
+ * - UAPI mode: talks directly to wireguard-go socket (no `wg` CLI needed)
+ *
+ * All commands use `execFile` with array args to avoid shell injection.
+ * Private keys are referenced by file path only - never passed as args.
+ */
+class UnixWireGuardBackend {
+    plat;
+    /** When true, use UAPI socket instead of `wg` CLI for configuration */
+    useUapi = false;
+    constructor() {
+        this.plat = osPlatform();
+    }
+    /** Enable UAPI mode (used when backend is wireguard-go) */
+    setUapiMode(enabled) {
+        this.useUapi = enabled;
+        if (enabled) {
+            logger.info('[WG Backend] UAPI mode enabled (no wg CLI needed)');
+        }
+    }
+    async isAvailable() {
+        const result = await detectWireGuard();
+        return {
+            available: result.available,
+            reason: result.available ? undefined : result.availability,
+            version: result.version,
+        };
+    }
+    async ensureInterface(config) {
+        const { interfaceName, virtualIp, listenPort, privateKeyPath, privateKeyBase64 } = config;
+        if (this.plat === 'darwin') {
+            await this.ensureInterfaceDarwin(interfaceName, virtualIp, listenPort, privateKeyPath, privateKeyBase64);
+        }
+        else {
+            await this.ensureInterfaceLinux(interfaceName, virtualIp, listenPort, privateKeyPath, privateKeyBase64);
+        }
+    }
+    // -- Linux ---------------------------------------------------------------
+    async ensureInterfaceLinux(iface, virtualIp, listenPort, privateKeyPath, privateKeyBase64) {
+        // Create interface if it doesn't exist
+        if (!(await this.interfaceExists(iface))) {
+            logger.debug('[WG Backend] Creating interface ' + iface);
+            await execFile('ip', ['link', 'add', 'dev', iface, 'type', 'wireguard']);
+        }
+        // Assign address (flush first to be idempotent)
+        const cidr = virtualIp.includes('/') ? virtualIp : virtualIp + '/32';
+        try {
+            await execFile('ip', ['addr', 'flush', 'dev', iface]);
+        }
+        catch {
+            // May fail if interface just created with no addresses
+        }
+        await execFile('ip', ['addr', 'add', cidr, 'dev', iface]);
+        // Configure WireGuard
+        if (this.useUapi && privateKeyBase64) {
+            await uapiSetInterface(iface, privateKeyBase64, listenPort);
+        }
+        else {
+            await execFile('wg', [
+                'set', iface,
+                'private-key', privateKeyPath,
+                'listen-port', String(listenPort),
+            ]);
+        }
+        // Bring interface up
+        await execFile('ip', ['link', 'set', iface, 'up']);
+        logger.info('[WG Backend] Interface ' + iface + ' up with ' + cidr);
+    }
+    // -- macOS ---------------------------------------------------------------
+    async ensureInterfaceDarwin(iface, virtualIp, listenPort, privateKeyPath, privateKeyBase64) {
+        // On macOS, wireguard-go creates a utun device.
+        // We start wireguard-go if the interface doesn't exist yet.
+        if (!(await this.interfaceExists(iface))) {
+            logger.debug('[WG Backend] Starting wireguard-go for ' + iface);
+            await this.startWireGuardGo(iface);
+            await this.waitForInterface(iface, 5_000);
+        }
+        // Configure WireGuard via UAPI (preferred) or CLI
+        if (this.useUapi && privateKeyBase64) {
+            await uapiSetInterface(iface, privateKeyBase64, listenPort);
+        }
+        else {
+            await execFile('wg', [
+                'set', iface,
+                'private-key', privateKeyPath,
+                'listen-port', String(listenPort),
+            ]);
+        }
+        // Assign IP address
+        const ip = virtualIp.replace(/\/\d+$/, ''); // strip CIDR if present
+        await execFile('ifconfig', [iface, 'inet', ip, ip, 'up']);
+        // Add route so traffic to the VPN subnet goes through our interface
+        try {
+            await execFile('route', ['add', '-net', ip + '/32', '-interface', iface]);
+        }
+        catch {
+            // Route may already exist
+        }
+        logger.info('[WG Backend] Interface ' + iface + ' up with ' + ip + ' (macOS)');
+    }
+    async startWireGuardGo(iface) {
+        // Search for bundled wireguard-go first, then fall back to PATH
+        const bundledPath = join(homedir(), '.termify', 'wireguard-go');
+        let binaryPath = 'wireguard-go';
+        try {
+            const { access, constants } = await import('node:fs/promises');
+            await access(bundledPath, constants.X_OK);
+            binaryPath = bundledPath;
+            logger.debug('[WG Backend] Using bundled wireguard-go: ' + bundledPath);
+        }
+        catch {
+            logger.debug('[WG Backend] Using system wireguard-go from PATH');
+        }
+        return new Promise((resolve, reject) => {
+            const proc = spawn(binaryPath, [iface], {
+                stdio: ['ignore', 'pipe', 'pipe'],
+                detached: true,
+            });
+            let stderr = '';
+            proc.stderr.on('data', (data) => {
+                stderr += data.toString();
+            });
+            // wireguard-go exits immediately after creating the interface
+            proc.on('close', (code) => {
+                if (code !== 0 && code !== null) {
+                    reject(new Error('wireguard-go failed (code=' + code + '): ' + stderr.trim()));
+                    return;
+                }
+                resolve();
+            });
+            proc.on('error', (err) => {
+                reject(err);
+            });
+            proc.unref();
+        });
+    }
+    // -- Shared ops ----------------------------------------------------------
+    async setPeers(interfaceName, peers) {
+        // Get existing peers and remove them first
+        const health = await this.getHealth(interfaceName);
+        for (const existing of health.peers) {
+            await this.removePeer(interfaceName, existing.publicKey);
+        }
+        // Add new peers
+        for (const peer of peers) {
+            await this.addPeer(interfaceName, peer);
+        }
+    }
+    async addPeer(interfaceName, peer) {
+        if (this.useUapi) {
+            await uapiAddPeer(interfaceName, peer.publicKey, peer.allowedIps, peer.persistentKeepalive, peer.endpoint);
+            return;
+        }
+        const args = [
+            'set', interfaceName,
+            'peer', peer.publicKey,
+            'allowed-ips', peer.allowedIps,
+            'persistent-keepalive', String(peer.persistentKeepalive),
+        ];
+        if (peer.endpoint) {
+            args.push('endpoint', peer.endpoint);
+        }
+        await execFile('wg', args);
+        logger.debug('[WG Backend] Added peer ' + peer.publicKey.slice(0, 8) + '...');
+    }
+    async removePeer(interfaceName, publicKey) {
+        if (this.useUapi) {
+            await uapiRemovePeer(interfaceName, publicKey);
+            return;
+        }
+        await execFile('wg', ['set', interfaceName, 'peer', publicKey, 'remove']);
+        logger.debug('[WG Backend] Removed peer ' + publicKey.slice(0, 8) + '...');
+    }
+    async updatePeerEndpoint(interfaceName, publicKey, endpoint) {
+        if (this.useUapi) {
+            await uapiUpdatePeerEndpoint(interfaceName, publicKey, endpoint);
+            return;
+        }
+        await execFile('wg', ['set', interfaceName, 'peer', publicKey, 'endpoint', endpoint]);
+        logger.debug('[WG Backend] Updated endpoint for peer ' + publicKey.slice(0, 8) + '...');
+    }
+    async getHealth(interfaceName) {
+        if (this.useUapi) {
+            try {
+                return await uapiGetStatus(interfaceName);
+            }
+            catch {
+                return { interfaceUp: false, publicKey: '', listenPort: 0, peers: [] };
+            }
+        }
+        // `wg show <iface> dump` outputs tab-separated values:
+        // Line 1: private-key  public-key  listen-port  fwmark
+        // Line 2+: public-key  preshared-key  endpoint  allowed-ips  latest-handshake  transfer-rx  transfer-tx  persistent-keepalive
+        let stdout;
+        try {
+            const result = await execFile('wg', ['show', interfaceName, 'dump']);
+            stdout = result.stdout;
+        }
+        catch {
+            return {
+                interfaceUp: false,
+                publicKey: '',
+                listenPort: 0,
+                peers: [],
+            };
+        }
+        const lines = stdout.trim().split('\n');
+        if (lines.length === 0) {
+            return { interfaceUp: false, publicKey: '', listenPort: 0, peers: [] };
+        }
+        // Parse interface line
+        const ifaceParts = lines[0].split('\t');
+        const publicKey = ifaceParts[1] ?? '';
+        const listenPort = parseInt(ifaceParts[2] ?? '0', 10);
+        // Parse peer lines
+        const peers = [];
+        for (let i = 1; i < lines.length; i++) {
+            const parts = lines[i].split('\t');
+            if (parts.length < 7)
+                continue;
+            const handshakeEpoch = parseInt(parts[4] ?? '0', 10);
+            peers.push({
+                publicKey: parts[0],
+                endpoint: parts[2] === '(none)' ? undefined : parts[2],
+                allowedIps: parts[3],
+                latestHandshake: handshakeEpoch > 0 ? new Date(handshakeEpoch * 1000) : undefined,
+                transferRx: parseInt(parts[5] ?? '0', 10),
+                transferTx: parseInt(parts[6] ?? '0', 10),
+            });
+        }
+        return {
+            interfaceUp: true,
+            publicKey,
+            listenPort,
+            peers,
+        };
+    }
+    async teardown(interfaceName) {
+        if (this.plat === 'darwin') {
+            // On macOS, deleting the utun socket file kills wireguard-go
+            try {
+                const { unlink } = await import('node:fs/promises');
+                await unlink('/var/run/wireguard/' + interfaceName + '.sock');
+            }
+            catch {
+                // Socket may not exist
+            }
+            // Also try ifconfig down
+            try {
+                await execFile('ifconfig', [interfaceName, 'down']);
+            }
+            catch {
+                // Interface may already be gone
+            }
+        }
+        else {
+            // Linux: ip link delete
+            try {
+                await execFile('ip', ['link', 'delete', 'dev', interfaceName]);
+            }
+            catch {
+                // Interface may not exist
+            }
+        }
+        logger.info('[WG Backend] Interface ' + interfaceName + ' torn down');
+    }
+    // -- Utility -------------------------------------------------------------
+    async interfaceExists(iface) {
+        if (this.plat === 'darwin') {
+            try {
+                await execFile('ifconfig', [iface]);
+                return true;
+            }
+            catch {
+                return false;
+            }
+        }
+        else {
+            try {
+                await execFile('ip', ['link', 'show', iface]);
+                return true;
+            }
+            catch {
+                return false;
+            }
+        }
+    }
+    async waitForInterface(iface, timeoutMs) {
+        const start = Date.now();
+        while (Date.now() - start < timeoutMs) {
+            if (await this.interfaceExists(iface))
+                return;
+            await new Promise((r) => setTimeout(r, 250));
+        }
+        throw new Error('Timeout waiting for interface ' + iface);
+    }
+}
+// ---------------------------------------------------------------------------
+// WireGuardManager - high-level orchestrator
+// ---------------------------------------------------------------------------
+export class WireGuardManager extends EventEmitter {
+    backend = null;
+    stateStore;
+    identity = null;
+    installResult = null;
+    interfaceName = null;
+    connectedPeers = 0;
+    constructor(configDir) {
+        super();
+        this.stateStore = new WireGuardStateStore(configDir);
+    }
+    // -----------------------------------------------------------------------
+    // Public API
+    // -----------------------------------------------------------------------
+    /**
+     * Detect and optionally install WireGuard.
+     * Does NOT throw on failure - returns the detection result.
+     */
+    async ensureInstalled() {
+        try {
+            let result = await detectWireGuard();
+            if (!result.available && result.availability === 'missing_binary') {
+                logger.info('[WG Manager] WireGuard not found, attempting install...');
+                result = await installWireGuard();
+            }
+            this.installResult = result;
+            if (result.available) {
+                if (osPlatform() === 'win32') {
+                    this.backend = new WindowsWireGuardBackend();
+                }
+                else {
+                    const unixBackend = new UnixWireGuardBackend();
+                    // Enable UAPI mode when using wireguard-go (eliminates `wg` CLI dependency)
+                    if (result.backend === 'wireguard-go') {
+                        unixBackend.setUapiMode(true);
+                    }
+                    this.backend = unixBackend;
+                }
+            }
+            return result;
+        }
+        catch (err) {
+            const message = err instanceof Error ? err.message : String(err);
+            logger.error('[WG Manager] Failed to detect/install WireGuard: ' + message);
+            this.emit('error', err);
+            this.installResult = {
+                available: false,
+                availability: 'missing_binary',
+                backend: 'none',
+            };
+            return this.installResult;
+        }
+    }
+    /**
+     * Set up the WireGuard interface with the agent's virtual IP.
+     */
+    async ensureInterface(virtualIp) {
+        if (!this.backend) {
+            throw new Error('WireGuard backend not initialized. Call ensureInstalled() first.');
+        }
+        try {
+            // Load or generate identity
+            this.identity = await this.stateStore.ensureIdentity();
+            this.interfaceName = this.identity.interfaceName;
+            const config = {
+                interfaceName: this.identity.interfaceName,
+                virtualIp,
+                listenPort: this.identity.listenPort,
+                privateKeyPath: this.stateStore.getPrivateKeyPath(),
+                privateKeyBase64: this.identity.privateKey,
+            };
+            await this.backend.ensureInterface(config);
+            this.emit('ready');
+            logger.info('[WG Manager] Interface ready: ' + this.identity.interfaceName);
+        }
+        catch (err) {
+            const message = err instanceof Error ? err.message : String(err);
+            logger.error('[WG Manager] Failed to set up interface: ' + message);
+            this.emit('error', err);
+            throw err;
+        }
+    }
+    /**
+     * Replace all peers (called when server sends full peer list).
+     */
+    async setPeers(peers) {
+        if (!this.backend || !this.interfaceName) {
+            throw new Error('WireGuard interface not initialized.');
+        }
+        await this.backend.setPeers(this.interfaceName, peers);
+        this.connectedPeers = peers.length;
+        logger.info('[WG Manager] Set ' + peers.length + ' peers');
+    }
+    /**
+     * Add a single peer.
+     */
+    async addPeer(peer) {
+        if (!this.backend || !this.interfaceName) {
+            throw new Error('WireGuard interface not initialized.');
+        }
+        await this.backend.addPeer(this.interfaceName, peer);
+        this.connectedPeers++;
+        this.emit('peer:added', peer);
+        logger.info('[WG Manager] Added peer ' + peer.agentId);
+    }
+    /**
+     * Remove a peer by public key.
+     */
+    async removePeer(publicKey) {
+        if (!this.backend || !this.interfaceName) {
+            throw new Error('WireGuard interface not initialized.');
+        }
+        await this.backend.removePeer(this.interfaceName, publicKey);
+        this.connectedPeers = Math.max(0, this.connectedPeers - 1);
+        this.emit('peer:removed', { publicKey });
+        logger.info('[WG Manager] Removed peer ' + publicKey.slice(0, 8) + '...');
+    }
+    /**
+     * Update the endpoint of an existing peer (for NAT traversal hot-update).
+     */
+    async updatePeerEndpoint(publicKey, endpoint) {
+        if (!this.backend || !this.interfaceName) {
+            throw new Error('WireGuard interface not initialized.');
+        }
+        await this.backend.updatePeerEndpoint(this.interfaceName, publicKey, endpoint);
+        logger.info('[WG Manager] Updated endpoint for peer ' + publicKey.slice(0, 8) + '...');
+    }
+    /**
+     * Rotate the WireGuard keypair. Generates a new key, updates the interface.
+     * Returns the new public key.
+     */
+    async rotateKey() {
+        if (!this.backend || !this.interfaceName) {
+            throw new Error('WireGuard interface not initialized.');
+        }
+        // Rotate keys in the state store
+        const newIdentity = await this.stateStore.rotateKeys();
+        this.identity = newIdentity;
+        // Update the interface with the new private key
+        if (this.installResult?.backend === 'wireguard-go') {
+            // UAPI mode: pass private key directly to wireguard-go socket
+            await uapiSetInterface(this.interfaceName, newIdentity.privateKey, newIdentity.listenPort);
+        }
+        else {
+            // CLI mode: reference private key file
+            await execFile('wg', [
+                'set', this.interfaceName,
+                'private-key', this.stateStore.getPrivateKeyPath(),
+            ]);
+        }
+        logger.info('[WG Manager] Key rotated, new pubkey: ' + newIdentity.publicKey.slice(0, 8) + '...');
+        return { publicKey: newIdentity.publicKey };
+    }
+    /**
+     * Update a peer's public key (for key rotation).
+     * Removes the old peer and adds with new key, preserving other settings.
+     */
+    async updatePeerKey(oldPublicKey, newPublicKey, allowedIps, endpoint) {
+        if (!this.backend || !this.interfaceName) {
+            throw new Error('WireGuard interface not initialized.');
+        }
+        // Remove old peer
+        await this.backend.removePeer(this.interfaceName, oldPublicKey);
+        // Add with new key
+        await this.backend.addPeer(this.interfaceName, {
+            agentId: '', // not needed for the wg command
+            publicKey: newPublicKey,
+            allowedIps,
+            endpoint,
+            persistentKeepalive: 25,
+        });
+        logger.info('[WG Manager] Updated peer key: ' + oldPublicKey.slice(0, 8) + '... -> ' + newPublicKey.slice(0, 8) + '...');
+    }
+    /**
+     * Get current manager status for reporting to the server.
+     */
+    getStatus() {
+        return {
+            available: this.installResult?.available ?? false,
+            availability: this.installResult?.availability ?? 'missing_binary',
+            backend: this.installResult?.backend ?? 'none',
+            version: this.installResult?.version,
+            interfaceName: this.interfaceName ?? undefined,
+            publicKey: this.identity?.publicKey,
+            listenPort: this.identity?.listenPort,
+            connectedPeers: this.connectedPeers,
+        };
+    }
+    /**
+     * Get health snapshot from the running interface.
+     */
+    async getHealth() {
+        if (!this.backend || !this.interfaceName) {
+            return null;
+        }
+        try {
+            const health = await this.backend.getHealth(this.interfaceName);
+            this.emit('health', health);
+            return health;
+        }
+        catch (err) {
+            const message = err instanceof Error ? err.message : String(err);
+            logger.error('[WG Manager] Health check failed: ' + message);
+            return null;
+        }
+    }
+    /**
+     * Check if a specific peer has had a recent handshake (within 3 minutes).
+     */
+    async isPeerHealthy(publicKey) {
+        const health = await this.getHealth();
+        if (!health)
+            return false;
+        const peer = health.peers.find((p) => p.publicKey === publicKey);
+        if (!peer || !peer.latestHandshake)
+            return false;
+        const threeMinutesAgo = Date.now() - 3 * 60 * 1000;
+        return peer.latestHandshake.getTime() > threeMinutesAgo;
+    }
+    /**
+     * Tear down the interface and clean up.
+     */
+    async shutdown() {
+        if (this.backend && this.interfaceName) {
+            try {
+                await this.backend.teardown(this.interfaceName);
+                logger.info('[WG Manager] Shutdown complete');
+            }
+            catch (err) {
+                const message = err instanceof Error ? err.message : String(err);
+                logger.error('[WG Manager] Shutdown error: ' + message);
+            }
+        }
+        this.backend = null;
+        this.identity = null;
+        this.interfaceName = null;
+        this.connectedPeers = 0;
+        this.emit('shutdown');
+    }
+}
+//# sourceMappingURL=wireguard-manager.js.map

package/dist/network/wireguard-manager.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"wireguard-manager.js","sourceRoot":"","sources":["../../src/network/wireguard-manager.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;AAEH,OAAO,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAC3C,OAAO,EAAE,QAAQ,IAAI,UAAU,EAAE,KAAK,EAAE,MAAM,oBAAoB,CAAC;AACnE,OAAO,EAAE,SAAS,EAAE,MAAM,WAAW,CAAC;AACtC,OAAO,EAAE,QAAQ,IAAI,UAAU,EAAE,OAAO,EAAE,MAAM,SAAS,CAAC;AAC1D,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AACjC,OAAO,EAAE,MAAM,EAAE,MAAM,oBAAoB,CAAC;AAC5C,OAAO,EACL,eAAe,EACf,gBAAgB,GAIjB,MAAM,0BAA0B,CAAC;AAClC,OAAO,EAAE,mBAAmB,EAAmB,MAAM,4BAA4B,CAAC;AAClF,OAAO,EAAE,uBAAuB,EAAE,MAAM,yCAAyC,CAAC;AAClF,OAAO,EACL,gBAAgB,EAChB,WAAW,EACX,cAAc,EACd,sBAAsB,EACtB,aAAa,GACd,MAAM,kBAAkB,CAAC;AAS1B,MAAM,QAAQ,GAAG,SAAS,CAAC,UAAU,CAAC,CAAC;AAiBvC,8EAA8E;AAC9E,uCAAuC;AACvC,8EAA8E;AAE9E;;;;;;;;;GASG;AACH,MAAM,oBAAoB;IACP,IAAI,CAAkB;IACvC,uEAAuE;IAC/D,OAAO,GAAY,KAAK,CAAC;IAEjC;QACE,IAAI,CAAC,IAAI,GAAG,UAAU,EAAE,CAAC;IAC3B,CAAC;IAED,2DAA2D;IAC3D,WAAW,CAAC,OAAgB;QAC1B,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC;QACvB,IAAI,OAAO,EAAE,CAAC;YACZ,MAAM,CAAC,IAAI,CAAC,mDAAmD,CAAC,CAAC;QACnE,CAAC;IACH,CAAC;IAED,KAAK,CAAC,WAAW;QACf,MAAM,MAAM,GAAG,MAAM,eAAe,EAAE,CAAC;QACvC,OAAO;YACL,SAAS,EAAE,MAAM,CAAC,SAAS;YAC3B,MAAM,EAAE,MAAM,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,MAAM,CAAC,YAAY;YAC1D,OAAO,EAAE,MAAM,CAAC,OAAO;SACxB,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,eAAe,CAAC,MAAoB;QACxC,MAAM,EAAE,aAAa,EAAE,SAAS,EAAE,UAAU,EAAE,cAAc,EAAE,gBAAgB,EAAE,GAAG,MAAM,CAAC;QAE1F,IAAI,IAAI,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;YAC3B,MAAM,IAAI,CAAC,qBAAqB,CAAC,aAAa,EAAE,SAAS,EAAE,UAAU,EAAE,cAAc,EAAE,gBAAgB,CAAC,CAAC;QAC3G,CAAC;aAAM,CAAC;YACN,MAAM,IAAI,CAAC,oBAAoB,CAAC,aAAa,EAAE,SAAS,EAAE,UAAU,EAAE,cAAc,EAAE,gBAAgB,CAAC,CAAC;QAC1G,CAAC;IACH,CAAC;IAED,2EAA2E;IAEnE,KAAK,CAAC,oBAAoB,CAChC,KAAa,EACb,SAAiB,EACjB,UAAkB,EAClB,cAAsB,EACtB,gBAAyB;QAEzB,uCAAuC;QACvC,IAAI,CAAC,CAAC,MAAM,IAAI,CAAC,eAAe,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC;YACzC,MAAM,CAAC,KAAK,CAAC,kCAAkC,GAAG,KAAK,CAAC,CAAC;YACzD,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC,MAAM,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,WAAW,CAAC,CAAC,CAAC;QAC3E,CAAC;QAED,gDAAgD;QAChD,MAAM,IAAI,GAAG,SAAS,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS,GAAG,KAAK,CAAC;QACrE,IAAI,CAAC;YACH,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC,MAAM,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,CAAC,CAAC,CAAC;QACxD,CAAC;QAAC,MAAM,CAAC;YACP,uDAAuD;QACzD,CAAC;QACD,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC,MAAM,EAAE,KAAK,EAAE,IAAI,EAAE,KAAK,EAAE,KAAK,CAAC,CAAC,CAAC;QAE1D,sBAAsB;QACtB,IAAI,IAAI,CAAC,OAAO,IAAI,gBAAgB,EAAE,CAAC;YACrC,MAAM,gBAAgB,CAAC,KAAK,EAAE,gBAAgB,EAAE,UAAU,CAAC,CAAC;QAC9D,CAAC;aAAM,CAAC;YACN,MAAM,QAAQ,CAAC,IAAI,EAAE;gBACnB,KAAK,EAAE,KAAK;gBACZ,aAAa,EAAE,cAAc;gBAC7B,aAAa,EAAE,MAAM,CAAC,UAAU,CAAC;aAClC,CAAC,CAAC;QACL,CAAC;QAED,qBAAqB;QACrB,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC,MAAM,EAAE,KAAK,EAAE,KAAK,EAAE,IAAI,CAAC,CAAC,CAAC;QAEnD,MAAM,CAAC,IAAI,CAAC,yBAAyB,GAAG,KAAK,GAAG,WAAW,GAAG,IAAI,CAAC,CAAC;IACtE,CAAC;IAED,2EAA2E;IAEnE,KAAK,CAAC,qBAAqB,CACjC,KAAa,EACb,SAAiB,EACjB,UAAkB,EAClB,cAAsB,EACtB,gBAAyB;QAEzB,gDAAgD;QAChD,4DAA4D;QAC5D,IAAI,CAAC,CAAC,MAAM,IAAI,CAAC,eAAe,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC;YACzC,MAAM,CAAC,KAAK,CAAC,yCAAyC,GAAG,KAAK,CAAC,CAAC;YAChE,MAAM,IAAI,CAAC,gBAAgB,CAAC,KAAK,CAAC,CAAC;YACnC,MAAM,IAAI,CAAC,gBAAgB,CAAC,KAAK,EAAE,KAAK,CAAC,CAAC;QAC5C,CAAC;QAED,kDAAkD;QAClD,IAAI,IAAI,CAAC,OAAO,IAAI,gBAAgB,EAAE,CAAC;YACrC,MAAM,gBAAgB,CAAC,KAAK,EAAE,gBAAgB,EAAE,UAAU,CAAC,CAAC;QAC9D,CAAC;aAAM,CAAC;YACN,MAAM,QAAQ,CAAC,IAAI,EAAE;gBACnB,KAAK,EAAE,KAAK;gBACZ,aAAa,EAAE,cAAc;gBAC7B,aAAa,EAAE,MAAM,CAAC,UAAU,CAAC;aAClC,CAAC,CAAC;QACL,CAAC;QAED,oBAAoB;QACpB,MAAM,EAAE,GAAG,SAAS,CAAC,OAAO,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAC,CAAC,wBAAwB;QACpE,MAAM,QAAQ,CAAC,UAAU,EAAE,CAAC,KAAK,EAAE,MAAM,EAAE,EAAE,EAAE,EAAE,EAAE,IAAI,CAAC,CAAC,CAAC;QAE1D,oEAAoE;QACpE,IAAI,CAAC;YACH,MAAM,QAAQ,CAAC,OAAO,EAAE,CAAC,KAAK,EAAE,MAAM,EAAE,EAAE,GAAG,KAAK,EAAE,YAAY,EAAE,KAAK,CAAC,CAAC,CAAC;QAC5E,CAAC;QAAC,MAAM,CAAC;YACP,0BAA0B;QAC5B,CAAC;QAED,MAAM,CAAC,IAAI,CAAC,yBAAyB,GAAG,KAAK,GAAG,WAAW,GAAG,EAAE,GAAG,UAAU,CAAC,CAAC;IACjF,CAAC;IAEO,KAAK,CAAC,gBAAgB,CAAC,KAAa;QAC1C,gEAAgE;QAChE,MAAM,WAAW,GAAG,IAAI,CAAC,OAAO,EAAE,EAAE,UAAU,EAAE,cAAc,CAAC,CAAC;QAChE,IAAI,UAAU,GAAG,cAAc,CAAC;QAEhC,IAAI,CAAC;YACH,MAAM,EAAE,MAAM,EAAE,SAAS,EAAE,GAAG,MAAM,MAAM,CAAC,kBAAkB,CAAC,CAAC;YAC/D,MAAM,MAAM,CAAC,WAAW,EAAE,SAAS,CAAC,IAAI,CAAC,CAAC;YAC1C,UAAU,GAAG,WAAW,CAAC;YACzB,MAAM,CAAC,KAAK,CAAC,2CAA2C,GAAG,WAAW,CAAC,CAAC;QAC1E,CAAC;QAAC,MAAM,CAAC;YACP,MAAM,CAAC,KAAK,CAAC,kDAAkD,CAAC,CAAC;QACnE,CAAC;QAED,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;YACrC,MAAM,IAAI,GAAG,KAAK,CAAC,UAAU,EAAE,CAAC,KAAK,CAAC,EAAE;gBACtC,KAAK,EAAE,CAAC,QAAQ,EAAE,MAAM,EAAE,MAAM,CAAC;gBACjC,QAAQ,EAAE,IAAI;aACf,CAAC,CAAC;YAEH,IAAI,MAAM,GAAG,EAAE,CAAC;YAChB,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,IAAY,EAAE,EAAE;gBACtC,MAAM,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;YAC5B,CAAC,CAAC,CAAC;YAEH,8DAA8D;YAC9D,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,IAAI,EAAE,EAAE;gBACxB,IAAI,IAAI,KAAK,CAAC,IAAI,IAAI,KAAK,IAAI,EAAE,CAAC;oBAChC,MAAM,CAAC,IAAI,KAAK,CAAC,4BAA4B,GAAG,IAAI,GAAG,KAAK,GAAG,MAAM,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC;oBAC/E,OAAO;gBACT,CAAC;gBACD,OAAO,EAAE,CAAC;YACZ,CAAC,CAAC,CAAC;YAEH,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,GAAG,EAAE,EAAE;gBACvB,MAAM,CAAC,GAAG,CAAC,CAAC;YACd,CAAC,CAAC,CAAC;YAEH,IAAI,CAAC,KAAK,EAAE,CAAC;QACf,CAAC,CAAC,CAAC;IACL,CAAC;IAED,2EAA2E;IAE3E,KAAK,CAAC,QAAQ,CAAC,aAAqB,EAAE,KAAqB;QACzD,2CAA2C;QAC3C,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC,aAAa,CAAC,CAAC;QACnD,KAAK,MAAM,QAAQ,IAAI,MAAM,CAAC,KAAK,EAAE,CAAC;YACpC,MAAM,IAAI,CAAC,UAAU,CAAC,aAAa,EAAE,QAAQ,CAAC,SAAS,CAAC,CAAC;QAC3D,CAAC;QAED,gBAAgB;QAChB,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;YACzB,MAAM,IAAI,CAAC,OAAO,CAAC,aAAa,EAAE,IAAI,CAAC,CAAC;QAC1C,CAAC;IACH,CAAC;IAED,KAAK,CAAC,OAAO,CAAC,aAAqB,EAAE,IAAkB;QACrD,IAAI,IAAI,CAAC,OAAO,EAAE,CAAC;YACjB,MAAM,WAAW,CACf,aAAa,EACb,IAAI,CAAC,SAAS,EACd,IAAI,CAAC,UAAU,EACf,IAAI,CAAC,mBAAmB,EACxB,IAAI,CAAC,QAAQ,CACd,CAAC;YACF,OAAO;QACT,CAAC;QAED,MAAM,IAAI,GAAa;YACrB,KAAK,EAAE,aAAa;YACpB,MAAM,EAAE,IAAI,CAAC,SAAS;YACtB,aAAa,EAAE,IAAI,CAAC,UAAU;YAC9B,sBAAsB,EAAE,MAAM,CAAC,IAAI,CAAC,mBAAmB,CAAC;SACzD,CAAC;QAEF,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;YAClB,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,IAAI,CAAC,QAAQ,CAAC,CAAC;QACvC,CAAC;QAED,MAAM,QAAQ,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;QAC3B,MAAM,CAAC,KAAK,CAAC,0BAA0B,GAAG,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,GAAG,KAAK,CAAC,CAAC;IAChF,CAAC;IAED,KAAK,CAAC,UAAU,CAAC,aAAqB,EAAE,SAAiB;QACvD,IAAI,IAAI,CAAC,OAAO,EAAE,CAAC;YACjB,MAAM,cAAc,CAAC,aAAa,EAAE,SAAS,CAAC,CAAC;YAC/C,OAAO;QACT,CAAC;QAED,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC,KAAK,EAAE,aAAa,EAAE,MAAM,EAAE,SAAS,EAAE,QAAQ,CAAC,CAAC,CAAC;QAC1E,MAAM,CAAC,KAAK,CAAC,4BAA4B,GAAG,SAAS,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,GAAG,KAAK,CAAC,CAAC;IAC7E,CAAC;IAED,KAAK,CAAC,kBAAkB,CAAC,aAAqB,EAAE,SAAiB,EAAE,QAAgB;QACjF,IAAI,IAAI,CAAC,OAAO,EAAE,CAAC;YACjB,MAAM,sBAAsB,CAAC,aAAa,EAAE,SAAS,EAAE,QAAQ,CAAC,CAAC;YACjE,OAAO;QACT,CAAC;QAED,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC,KAAK,EAAE,aAAa,EAAE,MAAM,EAAE,SAAS,EAAE,UAAU,EAAE,QAAQ,CAAC,CAAC,CAAC;QACtF,MAAM,CAAC,KAAK,CAAC,yCAAyC,GAAG,SAAS,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,GAAG,KAAK,CAAC,CAAC;IAC1F,CAAC;IAED,KAAK,CAAC,SAAS,CAAC,aAAqB;QACnC,IAAI,IAAI,CAAC,OAAO,EAAE,CAAC;YACjB,IAAI,CAAC;gBACH,OAAO,MAAM,aAAa,CAAC,aAAa,CAAC,CAAC;YAC5C,CAAC;YAAC,MAAM,CAAC;gBACP,OAAO,EAAE,WAAW,EAAE,KAAK,EAAE,SAAS,EAAE,EAAE,EAAE,UAAU,EAAE,CAAC,EAAE,KAAK,EAAE,EAAE,EAAE,CAAC;YACzE,CAAC;QACH,CAAC;QAED,uDAAuD;QACvD,uDAAuD;QACvD,8HAA8H;QAC9H,IAAI,MAAc,CAAC;QACnB,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC,MAAM,EAAE,aAAa,EAAE,MAAM,CAAC,CAAC,CAAC;YACrE,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC;QACzB,CAAC;QAAC,MAAM,CAAC;YACP,OAAO;gBACL,WAAW,EAAE,KAAK;gBAClB,SAAS,EAAE,EAAE;gBACb,UAAU,EAAE,CAAC;gBACb,KAAK,EAAE,EAAE;aACV,CAAC;QACJ,CAAC;QAED,MAAM,KAAK,GAAG,MAAM,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QACxC,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACvB,OAAO,EAAE,WAAW,EAAE,KAAK,EAAE,SAAS,EAAE,EAAE,EAAE,UAAU,EAAE,CAAC,EAAE,KAAK,EAAE,EAAE,EAAE,CAAC;QACzE,CAAC;QAED,uBAAuB;QACvB,MAAM,UAAU,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QACxC,MAAM,SAAS,GAAG,UAAU,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;QACtC,MAAM,UAAU,GAAG,QAAQ,CAAC,UAAU,CAAC,CAAC,CAAC,IAAI,GAAG,EAAE,EAAE,CAAC,CAAC;QAEtD,mBAAmB;QACnB,MAAM,KAAK,GAAmB,EAAE,CAAC;QACjC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YACtC,MAAM,KAAK,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;YACnC,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC;gBAAE,SAAS;YAE/B,MAAM,cAAc,GAAG,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,GAAG,EAAE,EAAE,CAAC,CAAC;YACrD,KAAK,CAAC,IAAI,CAAC;gBACT,SAAS,EAAE,KAAK,CAAC,CAAC,CAAC;gBACnB,QAAQ,EAAE,KAAK,CAAC,CAAC,CAAC,KAAK,QAAQ,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC;gBACtD,UAAU,EAAE,KAAK,CAAC,CAAC,CAAC;gBACpB,eAAe,EAAE,cAAc,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC,cAAc,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC,SAAS;gBACjF,UAAU,EAAE,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,GAAG,EAAE,EAAE,CAAC;gBACzC,UAAU,EAAE,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,GAAG,EAAE,EAAE,CAAC;aAC1C,CAAC,CAAC;QACL,CAAC;QAED,OAAO;YACL,WAAW,EAAE,IAAI;YACjB,SAAS;YACT,UAAU;YACV,KAAK;SACN,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,QAAQ,CAAC,aAAqB;QAClC,IAAI,IAAI,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;YAC3B,6DAA6D;YAC7D,IAAI,CAAC;gBACH,MAAM,EAAE,MAAM,EAAE,GAAG,MAAM,MAAM,CAAC,kBAAkB,CAAC,CAAC;gBACpD,MAAM,MAAM,CAAC,qBAAqB,GAAG,aAAa,GAAG,OAAO,CAAC,CAAC;YAChE,CAAC;YAAC,MAAM,CAAC;gBACP,uBAAuB;YACzB,CAAC;YACD,yBAAyB;YACzB,IAAI,CAAC;gBACH,MAAM,QAAQ,CAAC,UAAU,EAAE,CAAC,aAAa,EAAE,MAAM,CAAC,CAAC,CAAC;YACtD,CAAC;YAAC,MAAM,CAAC;gBACP,gCAAgC;YAClC,CAAC;QACH,CAAC;aAAM,CAAC;YACN,wBAAwB;YACxB,IAAI,CAAC;gBACH,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC,MAAM,EAAE,QAAQ,EAAE,KAAK,EAAE,aAAa,CAAC,CAAC,CAAC;YACjE,CAAC;YAAC,MAAM,CAAC;gBACP,0BAA0B;YAC5B,CAAC;QACH,CAAC;QACD,MAAM,CAAC,IAAI,CAAC,yBAAyB,GAAG,aAAa,GAAG,YAAY,CAAC,CAAC;IACxE,CAAC;IAED,2EAA2E;IAEnE,KAAK,CAAC,eAAe,CAAC,KAAa;QACzC,IAAI,IAAI,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;YAC3B,IAAI,CAAC;gBACH,MAAM,QAAQ,CAAC,UAAU,EAAE,CAAC,KAAK,CAAC,CAAC,CAAC;gBACpC,OAAO,IAAI,CAAC;YACd,CAAC;YAAC,MAAM,CAAC;gBACP,OAAO,KAAK,CAAC;YACf,CAAC;QACH,CAAC;aAAM,CAAC;YACN,IAAI,CAAC;gBACH,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,KAAK,CAAC,CAAC,CAAC;gBAC9C,OAAO,IAAI,CAAC;YACd,CAAC;YAAC,MAAM,CAAC;gBACP,OAAO,KAAK,CAAC;YACf,CAAC;QACH,CAAC;IACH,CAAC;IAEO,KAAK,CAAC,gBAAgB,CAAC,KAAa,EAAE,SAAiB;QAC7D,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QACzB,OAAO,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK,GAAG,SAAS,EAAE,CAAC;YACtC,IAAI,MAAM,IAAI,CAAC,eAAe,CAAC,KAAK,CAAC;gBAAE,OAAO;YAC9C,MAAM,IAAI,OAAO,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,UAAU,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC;QAC/C,CAAC;QACD,MAAM,IAAI,KAAK,CAAC,gCAAgC,GAAG,KAAK,CAAC,CAAC;IAC5D,CAAC;CACF;AAED,8EAA8E;AAC9E,6CAA6C;AAC7C,8EAA8E;AAE9E,MAAM,OAAO,gBAAiB,SAAQ,YAAY;IACxC,OAAO,GAA4B,IAAI,CAAC;IACxC,UAAU,CAAsB;IAChC,QAAQ,GAAsB,IAAI,CAAC;IACnC,aAAa,GAA2B,IAAI,CAAC;IAC7C,aAAa,GAAkB,IAAI,CAAC;IACpC,cAAc,GAAG,CAAC,CAAC;IAE3B,YAAY,SAAkB;QAC5B,KAAK,EAAE,CAAC;QACR,IAAI,CAAC,UAAU,GAAG,IAAI,mBAAmB,CAAC,SAAS,CAAC,CAAC;IACvD,CAAC;IAED,0EAA0E;IAC1E,aAAa;IACb,0EAA0E;IAE1E;;;OAGG;IACH,KAAK,CAAC,eAAe;QACnB,IAAI,CAAC;YACH,IAAI,MAAM,GAAG,MAAM,eAAe,EAAE,CAAC;YAErC,IAAI,CAAC,MAAM,CAAC,SAAS,IAAI,MAAM,CAAC,YAAY,KAAK,gBAAgB,EAAE,CAAC;gBAClE,MAAM,CAAC,IAAI,CAAC,yDAAyD,CAAC,CAAC;gBACvE,MAAM,GAAG,MAAM,gBAAgB,EAAE,CAAC;YACpC,CAAC;YAED,IAAI,CAAC,aAAa,GAAG,MAAM,CAAC;YAE5B,IAAI,MAAM,CAAC,SAAS,EAAE,CAAC;gBACrB,IAAI,UAAU,EAAE,KAAK,OAAO,EAAE,CAAC;oBAC7B,IAAI,CAAC,OAAO,GAAG,IAAI,uBAAuB,EAAE,CAAC;gBAC/C,CAAC;qBAAM,CAAC;oBACN,MAAM,WAAW,GAAG,IAAI,oBAAoB,EAAE,CAAC;oBAC/C,4EAA4E;oBAC5E,IAAI,MAAM,CAAC,OAAO,KAAK,cAAc,EAAE,CAAC;wBACtC,WAAW,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC;oBAChC,CAAC;oBACD,IAAI,CAAC,OAAO,GAAG,WAAW,CAAC;gBAC7B,CAAC;YACH,CAAC;YAED,OAAO,MAAM,CAAC;QAChB,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,OAAO,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;YACjE,MAAM,CAAC,KAAK,CAAC,mDAAmD,GAAG,OAAO,CAAC,CAAC;YAC5E,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC;YAExB,IAAI,CAAC,aAAa,GAAG;gBACnB,SAAS,EAAE,KAAK;gBAChB,YAAY,EAAE,gBAAgB;gBAC9B,OAAO,EAAE,MAAM;aAChB,CAAC;YACF,OAAO,IAAI,CAAC,aAAa,CAAC;QAC5B,CAAC;IACH,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,eAAe,CAAC,SAAiB;QACrC,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,CAAC;YAClB,MAAM,IAAI,KAAK,CAAC,kEAAkE,CAAC,CAAC;QACtF,CAAC;QAED,IAAI,CAAC;YACH,4BAA4B;YAC5B,IAAI,CAAC,QAAQ,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,cAAc,EAAE,CAAC;YACvD,IAAI,CAAC,aAAa,GAAG,IAAI,CAAC,QAAQ,CAAC,aAAa,CAAC;YAEjD,MAAM,MAAM,GAAiB;gBAC3B,aAAa,EAAE,IAAI,CAAC,QAAQ,CAAC,aAAa;gBAC1C,SAAS;gBACT,UAAU,EAAE,IAAI,CAAC,QAAQ,CAAC,UAAU;gBACpC,cAAc,EAAE,IAAI,CAAC,UAAU,CAAC,iBAAiB,EAAE;gBACnD,gBAAgB,EAAE,IAAI,CAAC,QAAQ,CAAC,UAAU;aAC3C,CAAC;YAEF,MAAM,IAAI,CAAC,OAAO,CAAC,eAAe,CAAC,MAAM,CAAC,CAAC;YAC3C,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;YACnB,MAAM,CAAC,IAAI,CAAC,gCAAgC,GAAG,IAAI,CAAC,QAAQ,CAAC,aAAa,CAAC,CAAC;QAC9E,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,OAAO,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;YACjE,MAAM,CAAC,KAAK,CAAC,2CAA2C,GAAG,OAAO,CAAC,CAAC;YACpE,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC;YACxB,MAAM,GAAG,CAAC;QACZ,CAAC;IACH,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,QAAQ,CAAC,KAAqB;QAClC,IAAI,CAAC,IAAI,CAAC,OAAO,IAAI,CAAC,IAAI,CAAC,aAAa,EAAE,CAAC;YACzC,MAAM,IAAI,KAAK,CAAC,sCAAsC,CAAC,CAAC;QAC1D,CAAC;QAED,MAAM,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAC,aAAa,EAAE,KAAK,CAAC,CAAC;QACvD,IAAI,CAAC,cAAc,GAAG,KAAK,CAAC,MAAM,CAAC;QACnC,MAAM,CAAC,IAAI,CAAC,mBAAmB,GAAG,KAAK,CAAC,MAAM,GAAG,QAAQ,CAAC,CAAC;IAC7D,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,OAAO,CAAC,IAAkB;QAC9B,IAAI,CAAC,IAAI,CAAC,OAAO,IAAI,CAAC,IAAI,CAAC,aAAa,EAAE,CAAC;YACzC,MAAM,IAAI,KAAK,CAAC,sCAAsC,CAAC,CAAC;QAC1D,CAAC;QAED,MAAM,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,IAAI,CAAC,aAAa,EAAE,IAAI,CAAC,CAAC;QACrD,IAAI,CAAC,cAAc,EAAE,CAAC;QACtB,IAAI,CAAC,IAAI,CAAC,YAAY,EAAE,IAAI,CAAC,CAAC;QAC9B,MAAM,CAAC,IAAI,CAAC,0BAA0B,GAAG,IAAI,CAAC,OAAO,CAAC,CAAC;IACzD,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,UAAU,CAAC,SAAiB;QAChC,IAAI,CAAC,IAAI,CAAC,OAAO,IAAI,CAAC,IAAI,CAAC,aAAa,EAAE,CAAC;YACzC,MAAM,IAAI,KAAK,CAAC,sCAAsC,CAAC,CAAC;QAC1D,CAAC;QAED,MAAM,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,IAAI,CAAC,aAAa,EAAE,SAAS,CAAC,CAAC;QAC7D,IAAI,CAAC,cAAc,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,IAAI,CAAC,cAAc,GAAG,CAAC,CAAC,CAAC;QAC3D,IAAI,CAAC,IAAI,CAAC,cAAc,EAAE,EAAE,SAAS,EAAE,CAAC,CAAC;QACzC,MAAM,CAAC,IAAI,CAAC,4BAA4B,GAAG,SAAS,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,GAAG,KAAK,CAAC,CAAC;IAC5E,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,kBAAkB,CAAC,SAAiB,EAAE,QAAgB;QAC1D,IAAI,CAAC,IAAI,CAAC,OAAO,IAAI,CAAC,IAAI,CAAC,aAAa,EAAE,CAAC;YACzC,MAAM,IAAI,KAAK,CAAC,sCAAsC,CAAC,CAAC;QAC1D,CAAC;QACD,MAAM,IAAI,CAAC,OAAO,CAAC,kBAAkB,CAAC,IAAI,CAAC,aAAa,EAAE,SAAS,EAAE,QAAQ,CAAC,CAAC;QAC/E,MAAM,CAAC,IAAI,CAAC,yCAAyC,GAAG,SAAS,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,GAAG,KAAK,CAAC,CAAC;IACzF,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,SAAS;QACb,IAAI,CAAC,IAAI,CAAC,OAAO,IAAI,CAAC,IAAI,CAAC,aAAa,EAAE,CAAC;YACzC,MAAM,IAAI,KAAK,CAAC,sCAAsC,CAAC,CAAC;QAC1D,CAAC;QAED,iCAAiC;QACjC,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,UAAU,EAAE,CAAC;QACvD,IAAI,CAAC,QAAQ,GAAG,WAAW,CAAC;QAE5B,gDAAgD;QAChD,IAAI,IAAI,CAAC,aAAa,EAAE,OAAO,KAAK,cAAc,EAAE,CAAC;YACnD,8DAA8D;YAC9D,MAAM,gBAAgB,CAAC,IAAI,CAAC,aAAa,EAAE,WAAW,CAAC,UAAU,EAAE,WAAW,CAAC,UAAU,CAAC,CAAC;QAC7F,CAAC;aAAM,CAAC;YACN,uCAAuC;YACvC,MAAM,QAAQ,CAAC,IAAI,EAAE;gBACnB,KAAK,EAAE,IAAI,CAAC,aAAa;gBACzB,aAAa,EAAE,IAAI,CAAC,UAAU,CAAC,iBAAiB,EAAE;aACnD,CAAC,CAAC;QACL,CAAC;QAED,MAAM,CAAC,IAAI,CAAC,wCAAwC,GAAG,WAAW,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,GAAG,KAAK,CAAC,CAAC;QAClG,OAAO,EAAE,SAAS,EAAE,WAAW,CAAC,SAAS,EAAE,CAAC;IAC9C,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,aAAa,CAAC,YAAoB,EAAE,YAAoB,EAAE,UAAkB,EAAE,QAAiB;QACnG,IAAI,CAAC,IAAI,CAAC,OAAO,IAAI,CAAC,IAAI,CAAC,aAAa,EAAE,CAAC;YACzC,MAAM,IAAI,KAAK,CAAC,sCAAsC,CAAC,CAAC;QAC1D,CAAC;QAED,kBAAkB;QAClB,MAAM,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,IAAI,CAAC,aAAa,EAAE,YAAY,CAAC,CAAC;QAEhE,mBAAmB;QACnB,MAAM,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,IAAI,CAAC,aAAa,EAAE;YAC7C,OAAO,EAAE,EAAE,EAAE,gCAAgC;YAC7C,SAAS,EAAE,YAAY;YACvB,UAAU;YACV,QAAQ;YACR,mBAAmB,EAAE,EAAE;SACxB,CAAC,CAAC;QAEH,MAAM,CAAC,IAAI,CAAC,iCAAiC,GAAG,YAAY,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,GAAG,SAAS,GAAG,YAAY,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,GAAG,KAAK,CAAC,CAAC;IAC3H,CAAC;IAED;;OAEG;IACH,SAAS;QACP,OAAO;YACL,SAAS,EAAE,IAAI,CAAC,aAAa,EAAE,SAAS,IAAI,KAAK;YACjD,YAAY,EAAE,IAAI,CAAC,aAAa,EAAE,YAAY,IAAI,gBAAgB;YAClE,OAAO,EAAE,IAAI,CAAC,aAAa,EAAE,OAAO,IAAI,MAAM;YAC9C,OAAO,EAAE,IAAI,CAAC,aAAa,EAAE,OAAO;YACpC,aAAa,EAAE,IAAI,CAAC,aAAa,IAAI,SAAS;YAC9C,SAAS,EAAE,IAAI,CAAC,QAAQ,EAAE,SAAS;YACnC,UAAU,EAAE,IAAI,CAAC,QAAQ,EAAE,UAAU;YACrC,cAAc,EAAE,IAAI,CAAC,cAAc;SACpC,CAAC;IACJ,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,SAAS;QACb,IAAI,CAAC,IAAI,CAAC,OAAO,IAAI,CAAC,IAAI,CAAC,aAAa,EAAE,CAAC;YACzC,OAAO,IAAI,CAAC;QACd,CAAC;QAED,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;YAChE,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;YAC5B,OAAO,MAAM,CAAC;QAChB,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,OAAO,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;YACjE,MAAM,CAAC,KAAK,CAAC,oCAAoC,GAAG,OAAO,CAAC,CAAC;YAC7D,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,aAAa,CAAC,SAAiB;QACnC,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,SAAS,EAAE,CAAC;QACtC,IAAI,CAAC,MAAM;YAAE,OAAO,KAAK,CAAC;QAE1B,MAAM,IAAI,GAAG,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,SAAS,KAAK,SAAS,CAAC,CAAC;QACjE,IAAI,CAAC,IAAI,IAAI,CAAC,IAAI,CAAC,eAAe;YAAE,OAAO,KAAK,CAAC;QAEjD,MAAM,eAAe,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC;QACnD,OAAO,IAAI,CAAC,eAAe,CAAC,OAAO,EAAE,GAAG,eAAe,CAAC;IAC1D,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,QAAQ;QACZ,IAAI,IAAI,CAAC,OAAO,IAAI,IAAI,CAAC,aAAa,EAAE,CAAC;YACvC,IAAI,CAAC;gBACH,MAAM,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;gBAChD,MAAM,CAAC,IAAI,CAAC,gCAAgC,CAAC,CAAC;YAChD,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,MAAM,OAAO,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;gBACjE,MAAM,CAAC,KAAK,CAAC,+BAA+B,GAAG,OAAO,CAAC,CAAC;YAC1D,CAAC;QACH,CAAC;QAED,IAAI,CAAC,OAAO,GAAG,IAAI,CAAC;QACpB,IAAI,CAAC,QAAQ,GAAG,IAAI,CAAC;QACrB,IAAI,CAAC,aAAa,GAAG,IAAI,CAAC;QAC1B,IAAI,CAAC,cAAc,GAAG,CAAC,CAAC;QACxB,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;IACxB,CAAC;CACF"}

package/dist/network/wireguard-state-store.d.ts ADDED Viewed

@@ -0,0 +1,55 @@
+/**
+ * Persistent WireGuard identity store.
+ *
+ * Keeps the agent's WG keypair, interface name, and listen port in
+ * ~/.termify/wireguard.json so the identity survives restarts.
+ *
+ * Private key material is NEVER logged. Both the JSON state file and
+ * the standalone private key file are created with 0600 permissions.
+ */
+export interface WgIdentity {
+    privateKey: string;
+    publicKey: string;
+    interfaceName: string;
+    listenPort: number;
+    createdAt: string;
+    keyVersion: number;
+}
+/**
+ * Generate a WireGuard-compatible X25519 keypair using Node.js built-in crypto.
+ * Returns base64-encoded 32-byte keys, identical format to `wg genkey`/`wg pubkey`.
+ */
+export declare function generateWgKeypair(): {
+    privateKey: string;
+    publicKey: string;
+};
+export declare class WireGuardStateStore {
+    private configDir;
+    constructor(configDir?: string);
+    /**
+     * Load existing identity or generate a new keypair and persist it.
+     */
+    ensureIdentity(): Promise<WgIdentity>;
+    /**
+     * Read the persisted identity, or null if none exists.
+     */
+    getIdentity(): Promise<WgIdentity | null>;
+    /**
+     * Persist the identity to disk with restrictive permissions.
+     */
+    saveIdentity(identity: WgIdentity): Promise<void>;
+    /**
+     * Returns the path to the standalone private key file expected by `wg set`.
+     */
+    getPrivateKeyPath(): string;
+    /**
+     * Generate a new keypair, replacing the existing one.
+     * Preserves interfaceName and listenPort, increments keyVersion.
+     * Returns the new identity.
+     */
+    rotateKeys(): Promise<WgIdentity>;
+    private ensureConfigDir;
+    private writePrivateKeyFile;
+    private generateIdentity;
+}
+//# sourceMappingURL=wireguard-state-store.d.ts.map

package/dist/network/wireguard-state-store.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"wireguard-state-store.d.ts","sourceRoot":"","sources":["../../src/network/wireguard-state-store.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAqBH,MAAM,WAAW,UAAU;IACzB,UAAU,EAAE,MAAM,CAAC;IACnB,SAAS,EAAE,MAAM,CAAC;IAClB,aAAa,EAAE,MAAM,CAAC;IACtB,UAAU,EAAE,MAAM,CAAC;IACnB,SAAS,EAAE,MAAM,CAAC;IAClB,UAAU,EAAE,MAAM,CAAC;CACpB;AAeD;;;GAGG;AACH,wBAAgB,iBAAiB,IAAI;IAAE,UAAU,EAAE,MAAM,CAAC;IAAC,SAAS,EAAE,MAAM,CAAA;CAAE,CAY7E;AAMD,qBAAa,mBAAmB;IAC9B,OAAO,CAAC,SAAS,CAAS;gBAEd,SAAS,CAAC,EAAE,MAAM;IAkB9B;;OAEG;IACG,cAAc,IAAI,OAAO,CAAC,UAAU,CAAC;IAgB3C;;OAEG;IACG,WAAW,IAAI,OAAO,CAAC,UAAU,GAAG,IAAI,CAAC;IAiB/C;;OAEG;IACG,YAAY,CAAC,QAAQ,EAAE,UAAU,GAAG,OAAO,CAAC,IAAI,CAAC;IAmBvD;;OAEG;IACH,iBAAiB,IAAI,MAAM;IAI3B;;;;OAIG;IACG,UAAU,IAAI,OAAO,CAAC,UAAU,CAAC;YAiCzB,eAAe;YAYf,mBAAmB;YAenB,gBAAgB;CAY/B"}