termify-agent 1.0.33 → 1.0.35

package/dist/network/wireguard-backend.d.ts

@@ -0,0 +1,60 @@
+/**
+ * WireGuard backend abstraction layer.
+ *
+ * Defines the platform-agnostic interface that concrete implementations
+ * (Linux kernel, wireguard-go on macOS, etc.) must satisfy. No runtime
+ * dependencies - this module is pure types.
+ */
+export interface WgSelfConfig {
+    interfaceName: string;
+    virtualIp: string;
+    listenPort: number;
+    privateKeyPath: string;
+    /** Base64-encoded private key for UAPI mode (avoids needing `wg` CLI). */
+    privateKeyBase64?: string;
+}
+export interface WgPeerConfig {
+    agentId: string;
+    publicKey: string;
+    allowedIps: string;
+    endpoint?: string;
+    persistentKeepalive: number;
+}
+export interface WgPeerHealth {
+    publicKey: string;
+    endpoint?: string;
+    allowedIps: string;
+    latestHandshake?: Date;
+    transferRx: number;
+    transferTx: number;
+}
+export interface WgHealthSnapshot {
+    interfaceUp: boolean;
+    publicKey: string;
+    listenPort: number;
+    peers: WgPeerHealth[];
+}
+export interface WgAvailabilityResult {
+    available: boolean;
+    reason?: string;
+    version?: string;
+}
+export interface WireGuardBackend {
+    /** Check if WG binary/tools are available on this platform. */
+    isAvailable(): Promise<WgAvailabilityResult>;
+    /** Create or ensure the WG interface is up with the given config. */
+    ensureInterface(config: WgSelfConfig): Promise<void>;
+    /** Set (replace) all peers on the interface. */
+    setPeers(interfaceName: string, peers: WgPeerConfig[]): Promise<void>;
+    /** Add a single peer to the interface. */
+    addPeer(interfaceName: string, peer: WgPeerConfig): Promise<void>;
+    /** Remove a single peer by its public key. */
+    removePeer(interfaceName: string, publicKey: string): Promise<void>;
+    /** Update the endpoint of an existing peer (for NAT traversal hot-update). */
+    updatePeerEndpoint(interfaceName: string, publicKey: string, endpoint: string): Promise<void>;
+    /** Get a health/stats snapshot for the interface. */
+    getHealth(interfaceName: string): Promise<WgHealthSnapshot>;
+    /** Tear down (destroy) the interface. */
+    teardown(interfaceName: string): Promise<void>;
+}
+//# sourceMappingURL=wireguard-backend.d.ts.map

package/dist/network/wireguard-backend.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"wireguard-backend.d.ts","sourceRoot":"","sources":["../../src/network/wireguard-backend.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAMH,MAAM,WAAW,YAAY;IAC3B,aAAa,EAAE,MAAM,CAAC;IACtB,SAAS,EAAE,MAAM,CAAC;IAClB,UAAU,EAAE,MAAM,CAAC;IACnB,cAAc,EAAE,MAAM,CAAC;IACvB,0EAA0E;IAC1E,gBAAgB,CAAC,EAAE,MAAM,CAAC;CAC3B;AAMD,MAAM,WAAW,YAAY;IAC3B,OAAO,EAAE,MAAM,CAAC;IAChB,SAAS,EAAE,MAAM,CAAC;IAClB,UAAU,EAAE,MAAM,CAAC;IACnB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,mBAAmB,EAAE,MAAM,CAAC;CAC7B;AAMD,MAAM,WAAW,YAAY;IAC3B,SAAS,EAAE,MAAM,CAAC;IAClB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,UAAU,EAAE,MAAM,CAAC;IACnB,eAAe,CAAC,EAAE,IAAI,CAAC;IACvB,UAAU,EAAE,MAAM,CAAC;IACnB,UAAU,EAAE,MAAM,CAAC;CACpB;AAED,MAAM,WAAW,gBAAgB;IAC/B,WAAW,EAAE,OAAO,CAAC;IACrB,SAAS,EAAE,MAAM,CAAC;IAClB,UAAU,EAAE,MAAM,CAAC;IACnB,KAAK,EAAE,YAAY,EAAE,CAAC;CACvB;AAMD,MAAM,WAAW,oBAAoB;IACnC,SAAS,EAAE,OAAO,CAAC;IACnB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB;AAMD,MAAM,WAAW,gBAAgB;IAC/B,+DAA+D;IAC/D,WAAW,IAAI,OAAO,CAAC,oBAAoB,CAAC,CAAC;IAE7C,qEAAqE;IACrE,eAAe,CAAC,MAAM,EAAE,YAAY,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAErD,gDAAgD;IAChD,QAAQ,CAAC,aAAa,EAAE,MAAM,EAAE,KAAK,EAAE,YAAY,EAAE,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAEtE,0CAA0C;IAC1C,OAAO,CAAC,aAAa,EAAE,MAAM,EAAE,IAAI,EAAE,YAAY,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAElE,8CAA8C;IAC9C,UAAU,CAAC,aAAa,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAEpE,8EAA8E;IAC9E,kBAAkB,CAAC,aAAa,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAE9F,qDAAqD;IACrD,SAAS,CAAC,aAAa,EAAE,MAAM,GAAG,OAAO,CAAC,gBAAgB,CAAC,CAAC;IAE5D,yCAAyC;IACzC,QAAQ,CAAC,aAAa,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;CAChD"}

package/dist/network/wireguard-backend.js

@@ -0,0 +1,9 @@
+/**
+ * WireGuard backend abstraction layer.
+ *
+ * Defines the platform-agnostic interface that concrete implementations
+ * (Linux kernel, wireguard-go on macOS, etc.) must satisfy. No runtime
+ * dependencies - this module is pure types.
+ */
+export {};
+//# sourceMappingURL=wireguard-backend.js.map

package/dist/network/wireguard-backend.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"wireguard-backend.js","sourceRoot":"","sources":["../../src/network/wireguard-backend.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG"}

package/dist/network/wireguard-installer.d.ts

@@ -0,0 +1,24 @@
+/**
+ * WireGuard detection and auto-installation.
+ *
+ * Detects the OS, locates WireGuard binaries, and - when running with
+ * sufficient privileges - can attempt automatic installation on
+ * Debian/Ubuntu Linux. macOS users are pointed at Homebrew.
+ *
+ * All child processes use `execFile` (never `exec`) to prevent shell
+ * injection.
+ */
+export type WgAvailability = 'available' | 'missing_binary' | 'missing_privilege' | 'unsupported_os';
+export type WgBackendKind = 'kernel' | 'wireguard-go' | 'windows-service' | 'none';
+export interface WgInstallResult {
+    available: boolean;
+    availability: WgAvailability;
+    backend: WgBackendKind;
+    version?: string;
+    binaryPath?: string;
+    /** True when using bundled wireguard-go from ~/.termify/ */
+    bundled?: boolean;
+}
+export declare function detectWireGuard(): Promise<WgInstallResult>;
+export declare function installWireGuard(): Promise<WgInstallResult>;
+//# sourceMappingURL=wireguard-installer.d.ts.map

package/dist/network/wireguard-installer.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"wireguard-installer.d.ts","sourceRoot":"","sources":["../../src/network/wireguard-installer.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAcH,MAAM,MAAM,cAAc,GACtB,WAAW,GACX,gBAAgB,GAChB,mBAAmB,GACnB,gBAAgB,CAAC;AAErB,MAAM,MAAM,aAAa,GAAG,QAAQ,GAAG,cAAc,GAAG,iBAAiB,GAAG,MAAM,CAAC;AAEnF,MAAM,WAAW,eAAe;IAC9B,SAAS,EAAE,OAAO,CAAC;IACnB,YAAY,EAAE,cAAc,CAAC;IAC7B,OAAO,EAAE,aAAa,CAAC;IACvB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,4DAA4D;IAC5D,OAAO,CAAC,EAAE,OAAO,CAAC;CACnB;AAsGD,wBAAsB,eAAe,IAAI,OAAO,CAAC,eAAe,CAAC,CAmKhE;AAMD,wBAAsB,gBAAgB,IAAI,OAAO,CAAC,eAAe,CAAC,CAuGjE"}

package/dist/network/wireguard-installer.js

@@ -0,0 +1,362 @@
+/**
+ * WireGuard detection and auto-installation.
+ *
+ * Detects the OS, locates WireGuard binaries, and - when running with
+ * sufficient privileges - can attempt automatic installation on
+ * Debian/Ubuntu Linux. macOS users are pointed at Homebrew.
+ *
+ * All child processes use `execFile` (never `exec`) to prevent shell
+ * injection.
+ */
+import { execFile as execFileCb } from 'node:child_process';
+import { promisify } from 'node:util';
+import { platform as osPlatform, homedir } from 'node:os';
+import { join } from 'node:path';
+import { logger } from '../utils/logger.js';
+const execFile = promisify(execFileCb);
+// ---------------------------------------------------------------------------
+// Helpers
+// ---------------------------------------------------------------------------
+async function which(binary) {
+    try {
+        // Use 'where' on Windows, 'which' on Unix
+        const cmd = osPlatform() === 'win32' ? 'where' : 'which';
+        const { stdout } = await execFile(cmd, [binary]);
+        // 'where' on Windows may return multiple lines; take the first
+        const path = stdout.trim().split('\n')[0]?.trim();
+        return path || null;
+    }
+    catch {
+        return null;
+    }
+}
+/**
+ * Locate wg.exe on Windows. Checks the standard install path first,
+ * then falls back to PATH.
+ */
+async function findWgWindows() {
+    const standardPath = 'C:\\Program Files\\WireGuard\\wg.exe';
+    try {
+        const { access, constants } = await import('node:fs/promises');
+        await access(standardPath, constants.X_OK);
+        return standardPath;
+    }
+    catch {
+        // Not at standard location, try PATH
+        return which('wg');
+    }
+}
+async function getWgVersion(binaryPath) {
+    try {
+        const { stdout } = await execFile(binaryPath, ['--version']);
+        return stdout.trim() || null;
+    }
+    catch {
+        // Some versions of wg don't support --version; fall back gracefully
+        return null;
+    }
+}
+async function isRoot() {
+    if (osPlatform() === 'win32')
+        return false;
+    try {
+        const { stdout } = await execFile('id', ['-u']);
+        return stdout.trim() === '0';
+    }
+    catch {
+        return false;
+    }
+}
+async function hasNetAdmin() {
+    if (osPlatform() !== 'linux')
+        return false;
+    try {
+        // capsh is part of libcap2-bin
+        const { stdout } = await execFile('capsh', ['--print']);
+        return stdout.includes('cap_net_admin');
+    }
+    catch {
+        // If capsh is unavailable, fall back to root check
+        return isRoot();
+    }
+}
+async function detectDistroFamilyAsync() {
+    if (osPlatform() !== 'linux')
+        return 'unknown';
+    try {
+        const fs = await import('node:fs/promises');
+        const osRelease = await fs.readFile('/etc/os-release', 'utf-8');
+        if (/ID_LIKE=.*debian/i.test(osRelease) || /^ID=debian$/m.test(osRelease) || /^ID=ubuntu$/m.test(osRelease)) {
+            return 'debian';
+        }
+        if (/ID_LIKE=.*rhel/i.test(osRelease) || /^ID=fedora$/m.test(osRelease) || /^ID=centos$/m.test(osRelease)) {
+            return 'redhat';
+        }
+        return 'unknown';
+    }
+    catch {
+        return 'unknown';
+    }
+}
+// ---------------------------------------------------------------------------
+// Detection
+// ---------------------------------------------------------------------------
+/**
+ * Check if bundled wireguard-go exists at ~/.termify/wireguard-go
+ */
+async function findBundledWireguardGo() {
+    const bundledPath = join(homedir(), '.termify', 'wireguard-go');
+    try {
+        const { access, constants } = await import('node:fs/promises');
+        await access(bundledPath, constants.X_OK);
+        return bundledPath;
+    }
+    catch {
+        return null;
+    }
+}
+export async function detectWireGuard() {
+    const plat = osPlatform();
+    if (plat !== 'linux' && plat !== 'darwin' && plat !== 'win32') {
+        logger.debug('[WG Installer] Unsupported OS: ' + plat);
+        return {
+            available: false,
+            availability: 'unsupported_os',
+            backend: 'none',
+        };
+    }
+    // ---- Windows ----
+    if (plat === 'win32') {
+        const wgPath = await findWgWindows();
+        if (!wgPath) {
+            logger.debug('[WG Installer] wg.exe not found on Windows');
+            return {
+                available: false,
+                availability: 'missing_binary',
+                backend: 'windows-service',
+            };
+        }
+        const version = await getWgVersion(wgPath);
+        logger.debug('[WG Installer] WireGuard available on Windows: ' + wgPath + (version ? ' (' + version + ')' : ''));
+        return {
+            available: true,
+            availability: 'available',
+            backend: 'windows-service',
+            version: version ?? undefined,
+            binaryPath: wgPath,
+        };
+    }
+    // Look for the wg binary (system install)
+    const wgPath = await which('wg');
+    // ---- macOS: bundled wireguard-go is sufficient (UAPI replaces wg CLI) ----
+    if (plat === 'darwin') {
+        // Check privilege first (required regardless of how WG is available)
+        const root = await isRoot();
+        if (wgPath) {
+            // System wg + wireguard-go available
+            const version = await getWgVersion(wgPath);
+            if (!root) {
+                logger.debug('[WG Installer] wg found on macOS but not running as root');
+                return {
+                    available: false,
+                    availability: 'missing_privilege',
+                    backend: 'wireguard-go',
+                    version: version ?? undefined,
+                    binaryPath: wgPath,
+                };
+            }
+            logger.debug('[WG Installer] WireGuard available (system): ' + wgPath);
+            return {
+                available: true,
+                availability: 'available',
+                backend: 'wireguard-go',
+                version: version ?? undefined,
+                binaryPath: wgPath,
+            };
+        }
+        // No system wg — check for bundled wireguard-go
+        const bundledPath = await findBundledWireguardGo();
+        const systemWgGoPath = await which('wireguard-go');
+        const wgGoPath = bundledPath || systemWgGoPath;
+        if (wgGoPath) {
+            if (!root) {
+                logger.debug('[WG Installer] wireguard-go found but not running as root');
+                return {
+                    available: false,
+                    availability: 'missing_privilege',
+                    backend: 'wireguard-go',
+                    binaryPath: wgGoPath,
+                    bundled: !!bundledPath,
+                };
+            }
+            // On macOS with UAPI, wireguard-go alone is enough (no wg CLI needed)
+            logger.debug('[WG Installer] WireGuard available via ' + (bundledPath ? 'bundled' : 'system') + ' wireguard-go: ' + wgGoPath);
+            return {
+                available: true,
+                availability: 'available',
+                backend: 'wireguard-go',
+                binaryPath: wgGoPath,
+                bundled: !!bundledPath,
+            };
+        }
+        logger.debug('[WG Installer] No WireGuard binary found on macOS');
+        return {
+            available: false,
+            availability: 'missing_binary',
+            backend: 'none',
+        };
+    }
+    // ---- Linux ----
+    // On Linux, prefer kernel module + wg CLI (auto-installed)
+    if (wgPath) {
+        const version = await getWgVersion(wgPath);
+        const root = await isRoot();
+        const netAdmin = await hasNetAdmin();
+        if (!root && !netAdmin) {
+            logger.debug('[WG Installer] wg found but missing NET_ADMIN capability');
+            return {
+                available: false,
+                availability: 'missing_privilege',
+                backend: 'kernel',
+                version: version ?? undefined,
+                binaryPath: wgPath,
+            };
+        }
+        logger.debug('[WG Installer] WireGuard available (kernel): ' + wgPath + (version ? ' (' + version + ')' : ''));
+        return {
+            available: true,
+            availability: 'available',
+            backend: 'kernel',
+            version: version ?? undefined,
+            binaryPath: wgPath,
+        };
+    }
+    // Linux fallback: check for bundled wireguard-go
+    const bundledPath = await findBundledWireguardGo();
+    if (bundledPath) {
+        const root = await isRoot();
+        const netAdmin = await hasNetAdmin();
+        if (!root && !netAdmin) {
+            logger.debug('[WG Installer] Bundled wireguard-go found but missing privileges');
+            return {
+                available: false,
+                availability: 'missing_privilege',
+                backend: 'wireguard-go',
+                binaryPath: bundledPath,
+                bundled: true,
+            };
+        }
+        logger.debug('[WG Installer] WireGuard available via bundled wireguard-go: ' + bundledPath);
+        return {
+            available: true,
+            availability: 'available',
+            backend: 'wireguard-go',
+            binaryPath: bundledPath,
+            bundled: true,
+        };
+    }
+    logger.debug('[WG Installer] wg binary not found in PATH');
+    return {
+        available: false,
+        availability: 'missing_binary',
+        backend: 'none',
+    };
+}
+// ---------------------------------------------------------------------------
+// Installation
+// ---------------------------------------------------------------------------
+export async function installWireGuard() {
+    const plat = osPlatform();
+    if (plat !== 'linux' && plat !== 'darwin' && plat !== 'win32') {
+        return {
+            available: false,
+            availability: 'unsupported_os',
+            backend: 'none',
+        };
+    }
+    // ---- Windows ----
+    if (plat === 'win32') {
+        // Auto-install on Windows is too risky (requires MSI/admin). Suggest manual install.
+        logger.warn('[WG Installer] WireGuard not found on Windows. Install from https://www.wireguard.com/install/');
+        return {
+            available: false,
+            availability: 'missing_binary',
+            backend: 'windows-service',
+        };
+    }
+    // Pre-check: already installed?
+    const existing = await detectWireGuard();
+    if (existing.available) {
+        return existing;
+    }
+    // ---- macOS ----
+    if (plat === 'darwin') {
+        logger.warn('[WG Installer] WireGuard not found on macOS. Install via: brew install wireguard-tools');
+        return {
+            available: false,
+            availability: 'missing_binary',
+            backend: 'none',
+        };
+    }
+    // ---- Linux ----
+    const root = await isRoot();
+    if (!root) {
+        logger.warn('[WG Installer] Cannot auto-install WireGuard without root privileges');
+        return {
+            available: false,
+            availability: 'missing_privilege',
+            backend: 'none',
+        };
+    }
+    const distro = await detectDistroFamilyAsync();
+    if (distro === 'debian') {
+        logger.info('[WG Installer] Attempting apt-get install wireguard-tools...');
+        try {
+            await execFile('apt-get', ['update', '-qq'], { timeout: 60_000 });
+            await execFile('apt-get', ['install', '-y', '-qq', 'wireguard-tools'], {
+                timeout: 120_000,
+            });
+            logger.info('[WG Installer] wireguard-tools installed successfully');
+        }
+        catch (err) {
+            const message = err instanceof Error ? err.message : String(err);
+            logger.error('[WG Installer] apt-get install failed: ' + message);
+            return {
+                available: false,
+                availability: 'missing_binary',
+                backend: 'none',
+            };
+        }
+    }
+    else if (distro === 'redhat') {
+        logger.info('[WG Installer] Attempting dnf/yum install wireguard-tools...');
+        try {
+            // Try dnf first, fall back to yum
+            const pkgManager = (await which('dnf')) ? 'dnf' : 'yum';
+            await execFile(pkgManager, ['install', '-y', 'wireguard-tools'], {
+                timeout: 120_000,
+            });
+            logger.info('[WG Installer] wireguard-tools installed successfully');
+        }
+        catch (err) {
+            const message = err instanceof Error ? err.message : String(err);
+            logger.error('[WG Installer] dnf/yum install failed: ' + message);
+            return {
+                available: false,
+                availability: 'missing_binary',
+                backend: 'none',
+            };
+        }
+    }
+    else {
+        logger.warn('[WG Installer] Unsupported Linux distro for auto-install. Install wireguard-tools manually.');
+        return {
+            available: false,
+            availability: 'missing_binary',
+            backend: 'none',
+        };
+    }
+    // Re-detect after installation
+    return detectWireGuard();
+}
+//# sourceMappingURL=wireguard-installer.js.map

package/dist/network/wireguard-installer.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"wireguard-installer.js","sourceRoot":"","sources":["../../src/network/wireguard-installer.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,OAAO,EAAE,QAAQ,IAAI,UAAU,EAAE,MAAM,oBAAoB,CAAC;AAC5D,OAAO,EAAE,SAAS,EAAE,MAAM,WAAW,CAAC;AACtC,OAAO,EAAE,QAAQ,IAAI,UAAU,EAAE,OAAO,EAAE,MAAM,SAAS,CAAC;AAC1D,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AACjC,OAAO,EAAE,MAAM,EAAE,MAAM,oBAAoB,CAAC;AAE5C,MAAM,QAAQ,GAAG,SAAS,CAAC,UAAU,CAAC,CAAC;AAwBvC,8EAA8E;AAC9E,UAAU;AACV,8EAA8E;AAE9E,KAAK,UAAU,KAAK,CAAC,MAAc;IACjC,IAAI,CAAC;QACH,0CAA0C;QAC1C,MAAM,GAAG,GAAG,UAAU,EAAE,KAAK,OAAO,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,OAAO,CAAC;QACzD,MAAM,EAAE,MAAM,EAAE,GAAG,MAAM,QAAQ,CAAC,GAAG,EAAE,CAAC,MAAM,CAAC,CAAC,CAAC;QACjD,+DAA+D;QAC/D,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,CAAC;QAClD,OAAO,IAAI,IAAI,IAAI,CAAC;IACtB,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED;;;GAGG;AACH,KAAK,UAAU,aAAa;IAC1B,MAAM,YAAY,GAAG,sCAAsC,CAAC;IAC5D,IAAI,CAAC;QACH,MAAM,EAAE,MAAM,EAAE,SAAS,EAAE,GAAG,MAAM,MAAM,CAAC,kBAAkB,CAAC,CAAC;QAC/D,MAAM,MAAM,CAAC,YAAY,EAAE,SAAS,CAAC,IAAI,CAAC,CAAC;QAC3C,OAAO,YAAY,CAAC;IACtB,CAAC;IAAC,MAAM,CAAC;QACP,qCAAqC;QACrC,OAAO,KAAK,CAAC,IAAI,CAAC,CAAC;IACrB,CAAC;AACH,CAAC;AAED,KAAK,UAAU,YAAY,CAAC,UAAkB;IAC5C,IAAI,CAAC;QACH,MAAM,EAAE,MAAM,EAAE,GAAG,MAAM,QAAQ,CAAC,UAAU,EAAE,CAAC,WAAW,CAAC,CAAC,CAAC;QAC7D,OAAO,MAAM,CAAC,IAAI,EAAE,IAAI,IAAI,CAAC;IAC/B,CAAC;IAAC,MAAM,CAAC;QACP,oEAAoE;QACpE,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,KAAK,UAAU,MAAM;IACnB,IAAI,UAAU,EAAE,KAAK,OAAO;QAAE,OAAO,KAAK,CAAC;IAC3C,IAAI,CAAC;QACH,MAAM,EAAE,MAAM,EAAE,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC,IAAI,CAAC,CAAC,CAAC;QAChD,OAAO,MAAM,CAAC,IAAI,EAAE,KAAK,GAAG,CAAC;IAC/B,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED,KAAK,UAAU,WAAW;IACxB,IAAI,UAAU,EAAE,KAAK,OAAO;QAAE,OAAO,KAAK,CAAC;IAC3C,IAAI,CAAC;QACH,+BAA+B;QAC/B,MAAM,EAAE,MAAM,EAAE,GAAG,MAAM,QAAQ,CAAC,OAAO,EAAE,CAAC,SAAS,CAAC,CAAC,CAAC;QACxD,OAAO,MAAM,CAAC,QAAQ,CAAC,eAAe,CAAC,CAAC;IAC1C,CAAC;IAAC,MAAM,CAAC;QACP,mDAAmD;QACnD,OAAO,MAAM,EAAE,CAAC;IAClB,CAAC;AACH,CAAC;AAED,KAAK,UAAU,uBAAuB;IACpC,IAAI,UAAU,EAAE,KAAK,OAAO;QAAE,OAAO,SAAS,CAAC;IAC/C,IAAI,CAAC;QACH,MAAM,EAAE,GAAG,MAAM,MAAM,CAAC,kBAAkB,CAAC,CAAC;QAC5C,MAAM,SAAS,GAAG,MAAM,EAAE,CAAC,QAAQ,CAAC,iBAAiB,EAAE,OAAO,CAAC,CAAC;QAChE,IAAI,mBAAmB,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,cAAc,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,cAAc,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,CAAC;YAC5G,OAAO,QAAQ,CAAC;QAClB,CAAC;QACD,IAAI,iBAAiB,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,cAAc,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,cAAc,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,CAAC;YAC1G,OAAO,QAAQ,CAAC;QAClB,CAAC;QACD,OAAO,SAAS,CAAC;IACnB,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,SAAS,CAAC;IACnB,CAAC;AACH,CAAC;AAED,8EAA8E;AAC9E,YAAY;AACZ,8EAA8E;AAE9E;;GAEG;AACH,KAAK,UAAU,sBAAsB;IACnC,MAAM,WAAW,GAAG,IAAI,CAAC,OAAO,EAAE,EAAE,UAAU,EAAE,cAAc,CAAC,CAAC;IAChE,IAAI,CAAC;QACH,MAAM,EAAE,MAAM,EAAE,SAAS,EAAE,GAAG,MAAM,MAAM,CAAC,kBAAkB,CAAC,CAAC;QAC/D,MAAM,MAAM,CAAC,WAAW,EAAE,SAAS,CAAC,IAAI,CAAC,CAAC;QAC1C,OAAO,WAAW,CAAC;IACrB,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,eAAe;IACnC,MAAM,IAAI,GAAG,UAAU,EAAE,CAAC;IAE1B,IAAI,IAAI,KAAK,OAAO,IAAI,IAAI,KAAK,QAAQ,IAAI,IAAI,KAAK,OAAO,EAAE,CAAC;QAC9D,MAAM,CAAC,KAAK,CAAC,iCAAiC,GAAG,IAAI,CAAC,CAAC;QACvD,OAAO;YACL,SAAS,EAAE,KAAK;YAChB,YAAY,EAAE,gBAAgB;YAC9B,OAAO,EAAE,MAAM;SAChB,CAAC;IACJ,CAAC;IAED,oBAAoB;IACpB,IAAI,IAAI,KAAK,OAAO,EAAE,CAAC;QACrB,MAAM,MAAM,GAAG,MAAM,aAAa,EAAE,CAAC;QACrC,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,MAAM,CAAC,KAAK,CAAC,4CAA4C,CAAC,CAAC;YAC3D,OAAO;gBACL,SAAS,EAAE,KAAK;gBAChB,YAAY,EAAE,gBAAgB;gBAC9B,OAAO,EAAE,iBAAiB;aAC3B,CAAC;QACJ,CAAC;QACD,MAAM,OAAO,GAAG,MAAM,YAAY,CAAC,MAAM,CAAC,CAAC;QAC3C,MAAM,CAAC,KAAK,CAAC,iDAAiD,GAAG,MAAM,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,GAAG,OAAO,GAAG,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;QACjH,OAAO;YACL,SAAS,EAAE,IAAI;YACf,YAAY,EAAE,WAAW;YACzB,OAAO,EAAE,iBAAiB;YAC1B,OAAO,EAAE,OAAO,IAAI,SAAS;YAC7B,UAAU,EAAE,MAAM;SACnB,CAAC;IACJ,CAAC;IAED,0CAA0C;IAC1C,MAAM,MAAM,GAAG,MAAM,KAAK,CAAC,IAAI,CAAC,CAAC;IAEjC,6EAA6E;IAC7E,IAAI,IAAI,KAAK,QAAQ,EAAE,CAAC;QACtB,qEAAqE;QACrE,MAAM,IAAI,GAAG,MAAM,MAAM,EAAE,CAAC;QAE5B,IAAI,MAAM,EAAE,CAAC;YACX,qCAAqC;YACrC,MAAM,OAAO,GAAG,MAAM,YAAY,CAAC,MAAM,CAAC,CAAC;YAC3C,IAAI,CAAC,IAAI,EAAE,CAAC;gBACV,MAAM,CAAC,KAAK,CAAC,0DAA0D,CAAC,CAAC;gBACzE,OAAO;oBACL,SAAS,EAAE,KAAK;oBAChB,YAAY,EAAE,mBAAmB;oBACjC,OAAO,EAAE,cAAc;oBACvB,OAAO,EAAE,OAAO,IAAI,SAAS;oBAC7B,UAAU,EAAE,MAAM;iBACnB,CAAC;YACJ,CAAC;YACD,MAAM,CAAC,KAAK,CAAC,+CAA+C,GAAG,MAAM,CAAC,CAAC;YACvE,OAAO;gBACL,SAAS,EAAE,IAAI;gBACf,YAAY,EAAE,WAAW;gBACzB,OAAO,EAAE,cAAc;gBACvB,OAAO,EAAE,OAAO,IAAI,SAAS;gBAC7B,UAAU,EAAE,MAAM;aACnB,CAAC;QACJ,CAAC;QAED,gDAAgD;QAChD,MAAM,WAAW,GAAG,MAAM,sBAAsB,EAAE,CAAC;QACnD,MAAM,cAAc,GAAG,MAAM,KAAK,CAAC,cAAc,CAAC,CAAC;QACnD,MAAM,QAAQ,GAAG,WAAW,IAAI,cAAc,CAAC;QAE/C,IAAI,QAAQ,EAAE,CAAC;YACb,IAAI,CAAC,IAAI,EAAE,CAAC;gBACV,MAAM,CAAC,KAAK,CAAC,2DAA2D,CAAC,CAAC;gBAC1E,OAAO;oBACL,SAAS,EAAE,KAAK;oBAChB,YAAY,EAAE,mBAAmB;oBACjC,OAAO,EAAE,cAAc;oBACvB,UAAU,EAAE,QAAQ;oBACpB,OAAO,EAAE,CAAC,CAAC,WAAW;iBACvB,CAAC;YACJ,CAAC;YAED,sEAAsE;YACtE,MAAM,CAAC,KAAK,CAAC,yCAAyC,GAAG,CAAC,WAAW,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,QAAQ,CAAC,GAAG,iBAAiB,GAAG,QAAQ,CAAC,CAAC;YAC9H,OAAO;gBACL,SAAS,EAAE,IAAI;gBACf,YAAY,EAAE,WAAW;gBACzB,OAAO,EAAE,cAAc;gBACvB,UAAU,EAAE,QAAQ;gBACpB,OAAO,EAAE,CAAC,CAAC,WAAW;aACvB,CAAC;QACJ,CAAC;QAED,MAAM,CAAC,KAAK,CAAC,mDAAmD,CAAC,CAAC;QAClE,OAAO;YACL,SAAS,EAAE,KAAK;YAChB,YAAY,EAAE,gBAAgB;YAC9B,OAAO,EAAE,MAAM;SAChB,CAAC;IACJ,CAAC;IAED,kBAAkB;IAElB,2DAA2D;IAC3D,IAAI,MAAM,EAAE,CAAC;QACX,MAAM,OAAO,GAAG,MAAM,YAAY,CAAC,MAAM,CAAC,CAAC;QAC3C,MAAM,IAAI,GAAG,MAAM,MAAM,EAAE,CAAC;QAC5B,MAAM,QAAQ,GAAG,MAAM,WAAW,EAAE,CAAC;QAErC,IAAI,CAAC,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;YACvB,MAAM,CAAC,KAAK,CAAC,0DAA0D,CAAC,CAAC;YACzE,OAAO;gBACL,SAAS,EAAE,KAAK;gBAChB,YAAY,EAAE,mBAAmB;gBACjC,OAAO,EAAE,QAAQ;gBACjB,OAAO,EAAE,OAAO,IAAI,SAAS;gBAC7B,UAAU,EAAE,MAAM;aACnB,CAAC;QACJ,CAAC;QAED,MAAM,CAAC,KAAK,CAAC,+CAA+C,GAAG,MAAM,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,GAAG,OAAO,GAAG,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;QAC/G,OAAO;YACL,SAAS,EAAE,IAAI;YACf,YAAY,EAAE,WAAW;YACzB,OAAO,EAAE,QAAQ;YACjB,OAAO,EAAE,OAAO,IAAI,SAAS;YAC7B,UAAU,EAAE,MAAM;SACnB,CAAC;IACJ,CAAC;IAED,iDAAiD;IACjD,MAAM,WAAW,GAAG,MAAM,sBAAsB,EAAE,CAAC;IACnD,IAAI,WAAW,EAAE,CAAC;QAChB,MAAM,IAAI,GAAG,MAAM,MAAM,EAAE,CAAC;QAC5B,MAAM,QAAQ,GAAG,MAAM,WAAW,EAAE,CAAC;QAErC,IAAI,CAAC,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;YACvB,MAAM,CAAC,KAAK,CAAC,kEAAkE,CAAC,CAAC;YACjF,OAAO;gBACL,SAAS,EAAE,KAAK;gBAChB,YAAY,EAAE,mBAAmB;gBACjC,OAAO,EAAE,cAAc;gBACvB,UAAU,EAAE,WAAW;gBACvB,OAAO,EAAE,IAAI;aACd,CAAC;QACJ,CAAC;QAED,MAAM,CAAC,KAAK,CAAC,+DAA+D,GAAG,WAAW,CAAC,CAAC;QAC5F,OAAO;YACL,SAAS,EAAE,IAAI;YACf,YAAY,EAAE,WAAW;YACzB,OAAO,EAAE,cAAc;YACvB,UAAU,EAAE,WAAW;YACvB,OAAO,EAAE,IAAI;SACd,CAAC;IACJ,CAAC;IAED,MAAM,CAAC,KAAK,CAAC,4CAA4C,CAAC,CAAC;IAC3D,OAAO;QACL,SAAS,EAAE,KAAK;QAChB,YAAY,EAAE,gBAAgB;QAC9B,OAAO,EAAE,MAAM;KAChB,CAAC;AACJ,CAAC;AAED,8EAA8E;AAC9E,eAAe;AACf,8EAA8E;AAE9E,MAAM,CAAC,KAAK,UAAU,gBAAgB;IACpC,MAAM,IAAI,GAAG,UAAU,EAAE,CAAC;IAE1B,IAAI,IAAI,KAAK,OAAO,IAAI,IAAI,KAAK,QAAQ,IAAI,IAAI,KAAK,OAAO,EAAE,CAAC;QAC9D,OAAO;YACL,SAAS,EAAE,KAAK;YAChB,YAAY,EAAE,gBAAgB;YAC9B,OAAO,EAAE,MAAM;SAChB,CAAC;IACJ,CAAC;IAED,oBAAoB;IACpB,IAAI,IAAI,KAAK,OAAO,EAAE,CAAC;QACrB,qFAAqF;QACrF,MAAM,CAAC,IAAI,CACT,gGAAgG,CACjG,CAAC;QACF,OAAO;YACL,SAAS,EAAE,KAAK;YAChB,YAAY,EAAE,gBAAgB;YAC9B,OAAO,EAAE,iBAAiB;SAC3B,CAAC;IACJ,CAAC;IAED,gCAAgC;IAChC,MAAM,QAAQ,GAAG,MAAM,eAAe,EAAE,CAAC;IACzC,IAAI,QAAQ,CAAC,SAAS,EAAE,CAAC;QACvB,OAAO,QAAQ,CAAC;IAClB,CAAC;IAED,kBAAkB;IAClB,IAAI,IAAI,KAAK,QAAQ,EAAE,CAAC;QACtB,MAAM,CAAC,IAAI,CACT,wFAAwF,CACzF,CAAC;QACF,OAAO;YACL,SAAS,EAAE,KAAK;YAChB,YAAY,EAAE,gBAAgB;YAC9B,OAAO,EAAE,MAAM;SAChB,CAAC;IACJ,CAAC;IAED,kBAAkB;IAClB,MAAM,IAAI,GAAG,MAAM,MAAM,EAAE,CAAC;IAC5B,IAAI,CAAC,IAAI,EAAE,CAAC;QACV,MAAM,CAAC,IAAI,CAAC,sEAAsE,CAAC,CAAC;QACpF,OAAO;YACL,SAAS,EAAE,KAAK;YAChB,YAAY,EAAE,mBAAmB;YACjC,OAAO,EAAE,MAAM;SAChB,CAAC;IACJ,CAAC;IAED,MAAM,MAAM,GAAG,MAAM,uBAAuB,EAAE,CAAC;IAE/C,IAAI,MAAM,KAAK,QAAQ,EAAE,CAAC;QACxB,MAAM,CAAC,IAAI,CAAC,8DAA8D,CAAC,CAAC;QAC5E,IAAI,CAAC;YACH,MAAM,QAAQ,CAAC,SAAS,EAAE,CAAC,QAAQ,EAAE,KAAK,CAAC,EAAE,EAAE,OAAO,EAAE,MAAM,EAAE,CAAC,CAAC;YAClE,MAAM,QAAQ,CAAC,SAAS,EAAE,CAAC,SAAS,EAAE,IAAI,EAAE,KAAK,EAAE,iBAAiB,CAAC,EAAE;gBACrE,OAAO,EAAE,OAAO;aACjB,CAAC,CAAC;YACH,MAAM,CAAC,IAAI,CAAC,uDAAuD,CAAC,CAAC;QACvE,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,OAAO,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;YACjE,MAAM,CAAC,KAAK,CAAC,yCAAyC,GAAG,OAAO,CAAC,CAAC;YAClE,OAAO;gBACL,SAAS,EAAE,KAAK;gBAChB,YAAY,EAAE,gBAAgB;gBAC9B,OAAO,EAAE,MAAM;aAChB,CAAC;QACJ,CAAC;IACH,CAAC;SAAM,IAAI,MAAM,KAAK,QAAQ,EAAE,CAAC;QAC/B,MAAM,CAAC,IAAI,CAAC,8DAA8D,CAAC,CAAC;QAC5E,IAAI,CAAC;YACH,kCAAkC;YAClC,MAAM,UAAU,GAAG,CAAC,MAAM,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC;YACxD,MAAM,QAAQ,CAAC,UAAU,EAAE,CAAC,SAAS,EAAE,IAAI,EAAE,iBAAiB,CAAC,EAAE;gBAC/D,OAAO,EAAE,OAAO;aACjB,CAAC,CAAC;YACH,MAAM,CAAC,IAAI,CAAC,uDAAuD,CAAC,CAAC;QACvE,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,OAAO,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;YACjE,MAAM,CAAC,KAAK,CAAC,yCAAyC,GAAG,OAAO,CAAC,CAAC;YAClE,OAAO;gBACL,SAAS,EAAE,KAAK;gBAChB,YAAY,EAAE,gBAAgB;gBAC9B,OAAO,EAAE,MAAM;aAChB,CAAC;QACJ,CAAC;IACH,CAAC;SAAM,CAAC;QACN,MAAM,CAAC,IAAI,CACT,6FAA6F,CAC9F,CAAC;QACF,OAAO;YACL,SAAS,EAAE,KAAK;YAChB,YAAY,EAAE,gBAAgB;YAC9B,OAAO,EAAE,MAAM;SAChB,CAAC;IACJ,CAAC;IAED,+BAA+B;IAC/B,OAAO,eAAe,EAAE,CAAC;AAC3B,CAAC"}

package/dist/network/wireguard-manager.d.ts

@@ -0,0 +1,92 @@
+/**
+ * High-level WireGuard orchestrator for the Termify agent.
+ *
+ * Combines:
+ *   - wireguard-installer  (detection / auto-install)
+ *   - wireguard-state-store (persistent keypair)
+ *   - WireGuardBackend      (platform-specific interface management)
+ *
+ * Emits events:
+ *   - 'ready'           after interface is up
+ *   - 'peer:added'      { peer }
+ *   - 'peer:removed'    { publicKey }
+ *   - 'health'          WgHealthSnapshot
+ *   - 'error'           Error
+ *   - 'shutdown'        when torn down
+ */
+import { EventEmitter } from 'node:events';
+import { type WgInstallResult, type WgAvailability, type WgBackendKind } from './wireguard-installer.js';
+import type { WgPeerConfig, WgHealthSnapshot } from './wireguard-backend.js';
+export interface WgManagerStatus {
+    available: boolean;
+    availability: WgAvailability;
+    backend: WgBackendKind;
+    version?: string;
+    interfaceName?: string;
+    publicKey?: string;
+    listenPort?: number;
+    connectedPeers: number;
+}
+export declare class WireGuardManager extends EventEmitter {
+    private backend;
+    private stateStore;
+    private identity;
+    private installResult;
+    private interfaceName;
+    private connectedPeers;
+    constructor(configDir?: string);
+    /**
+     * Detect and optionally install WireGuard.
+     * Does NOT throw on failure - returns the detection result.
+     */
+    ensureInstalled(): Promise<WgInstallResult>;
+    /**
+     * Set up the WireGuard interface with the agent's virtual IP.
+     */
+    ensureInterface(virtualIp: string): Promise<void>;
+    /**
+     * Replace all peers (called when server sends full peer list).
+     */
+    setPeers(peers: WgPeerConfig[]): Promise<void>;
+    /**
+     * Add a single peer.
+     */
+    addPeer(peer: WgPeerConfig): Promise<void>;
+    /**
+     * Remove a peer by public key.
+     */
+    removePeer(publicKey: string): Promise<void>;
+    /**
+     * Update the endpoint of an existing peer (for NAT traversal hot-update).
+     */
+    updatePeerEndpoint(publicKey: string, endpoint: string): Promise<void>;
+    /**
+     * Rotate the WireGuard keypair. Generates a new key, updates the interface.
+     * Returns the new public key.
+     */
+    rotateKey(): Promise<{
+        publicKey: string;
+    }>;
+    /**
+     * Update a peer's public key (for key rotation).
+     * Removes the old peer and adds with new key, preserving other settings.
+     */
+    updatePeerKey(oldPublicKey: string, newPublicKey: string, allowedIps: string, endpoint?: string): Promise<void>;
+    /**
+     * Get current manager status for reporting to the server.
+     */
+    getStatus(): WgManagerStatus;
+    /**
+     * Get health snapshot from the running interface.
+     */
+    getHealth(): Promise<WgHealthSnapshot | null>;
+    /**
+     * Check if a specific peer has had a recent handshake (within 3 minutes).
+     */
+    isPeerHealthy(publicKey: string): Promise<boolean>;
+    /**
+     * Tear down the interface and clean up.
+     */
+    shutdown(): Promise<void>;
+}
+//# sourceMappingURL=wireguard-manager.d.ts.map

package/dist/network/wireguard-manager.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"wireguard-manager.d.ts","sourceRoot":"","sources":["../../src/network/wireguard-manager.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;AAEH,OAAO,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAM3C,OAAO,EAGL,KAAK,eAAe,EACpB,KAAK,cAAc,EACnB,KAAK,aAAa,EACnB,MAAM,0BAA0B,CAAC;AAUlC,OAAO,KAAK,EAGV,YAAY,EACZ,gBAAgB,EAEjB,MAAM,wBAAwB,CAAC;AAQhC,MAAM,WAAW,eAAe;IAC9B,SAAS,EAAE,OAAO,CAAC;IACnB,YAAY,EAAE,cAAc,CAAC;IAC7B,OAAO,EAAE,aAAa,CAAC;IACvB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,cAAc,EAAE,MAAM,CAAC;CACxB;AAuWD,qBAAa,gBAAiB,SAAQ,YAAY;IAChD,OAAO,CAAC,OAAO,CAAiC;IAChD,OAAO,CAAC,UAAU,CAAsB;IACxC,OAAO,CAAC,QAAQ,CAA2B;IAC3C,OAAO,CAAC,aAAa,CAAgC;IACrD,OAAO,CAAC,aAAa,CAAuB;IAC5C,OAAO,CAAC,cAAc,CAAK;gBAEf,SAAS,CAAC,EAAE,MAAM;IAS9B;;;OAGG;IACG,eAAe,IAAI,OAAO,CAAC,eAAe,CAAC;IAuCjD;;OAEG;IACG,eAAe,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IA6BvD;;OAEG;IACG,QAAQ,CAAC,KAAK,EAAE,YAAY,EAAE,GAAG,OAAO,CAAC,IAAI,CAAC;IAUpD;;OAEG;IACG,OAAO,CAAC,IAAI,EAAE,YAAY,GAAG,OAAO,CAAC,IAAI,CAAC;IAWhD;;OAEG;IACG,UAAU,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAWlD;;OAEG;IACG,kBAAkB,CAAC,SAAS,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAQ5E;;;OAGG;IACG,SAAS,IAAI,OAAO,CAAC;QAAE,SAAS,EAAE,MAAM,CAAA;KAAE,CAAC;IAyBjD;;;OAGG;IACG,aAAa,CAAC,YAAY,EAAE,MAAM,EAAE,YAAY,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAoBrH;;OAEG;IACH,SAAS,IAAI,eAAe;IAa5B;;OAEG;IACG,SAAS,IAAI,OAAO,CAAC,gBAAgB,GAAG,IAAI,CAAC;IAgBnD;;OAEG;IACG,aAAa,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IAWxD;;OAEG;IACG,QAAQ,IAAI,OAAO,CAAC,IAAI,CAAC;CAiBhC"}