trace-to-skill 0.1.67 → 0.1.68

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (16) hide show
  1. package/README.md +9 -3
  2. package/dist/src/cli.js +11 -0
  3. package/dist/src/cli.js.map +1 -1
  4. package/dist/src/index.d.ts +2 -0
  5. package/dist/src/index.js +1 -0
  6. package/dist/src/index.js.map +1 -1
  7. package/dist/src/sensitiveAudit.d.ts +25 -0
  8. package/dist/src/sensitiveAudit.js +197 -0
  9. package/dist/src/sensitiveAudit.js.map +1 -0
  10. package/docs/CODEX_ISSUE_MAP.md +3 -1
  11. package/docs/DISCOVERY.md +5 -1
  12. package/docs/OPENAI_OSS_BRIEF.md +2 -2
  13. package/docs/USE_CASES.md +21 -6
  14. package/llms.txt +4 -1
  15. package/package.json +9 -3
  16. package/schemas/sensitive-audit-result.schema.json +97 -0
package/README.md CHANGED
@@ -27,6 +27,7 @@ npx trace-to-skill scorecard-comment . --dry-run
27
27
  npx trace-to-skill guard-github-event "$GITHUB_EVENT_PATH"
28
28
  npx trace-to-skill guard-patch ./change.patch --root .
29
29
  npx trace-to-skill session-audit ~/.codex --format json
30
+ npx trace-to-skill sensitive-audit . --format json
30
31
  npx trace-to-skill config-audit ~/.codex --format json
31
32
  npx trace-to-skill plugin-audit ~/.codex --app /Applications/Codex.app --format json
32
33
  npx trace-to-skill diagnostics-bundle ~/.codex --output codex-diagnostics
@@ -55,6 +56,7 @@ Use it when you need to:
55
56
  - **Protect agent context:** run `trace-to-skill guard-github-event "$GITHUB_EVENT_PATH"` before feeding issue, PR, comment, discussion, check-run, or commit text into an agent.
56
57
  - **Prevent unsafe patch overwrites:** run `trace-to-skill guard-patch ./change.patch --root .` before applying generated patches so `*** Add File` cannot silently replace an existing file or symlink target.
57
58
  - **Audit local Codex session history:** run `trace-to-skill session-audit ~/.codex --format json` to summarize rollout JSONL sizes, huge lines, parse errors, state files, and short `session_index.jsonl` evidence without publishing private transcripts.
59
+ - **Preflight sensitive paths before agent runs:** run `trace-to-skill sensitive-audit . --format json` to find `.env`, private keys, package auth files, cloud credentials, local databases, signing files, and secret manifests by filename/path without reading file contents.
58
60
  - **Audit Codex config drift:** run `trace-to-skill config-audit ~/.codex --format json` to summarize legacy profile config, model pins, Speed/Fast service-tier persistence drift, sandbox/approval posture, Windows elevated sandbox mode, missing permission profiles, plugin cache drift, and MCP approval sprawl.
59
61
  - **Audit bundled plugin drift:** run `trace-to-skill plugin-audit ~/.codex --app /Applications/Codex.app --format json` to check Browser, Chrome, Computer Use, bundled marketplace, plugin cache, manifest, helper app, `CODEX_HOME`, and unsupported feature-flag drift without posting raw logs.
60
62
  - **Bundle Codex diagnostics safely:** run `trace-to-skill diagnostics-bundle ~/.codex --output codex-diagnostics` to create a metadata-only support folder with manifest, README, config, plugin, and session audit reports while excluding raw logs, SQLite state, raw config, and transcripts.
@@ -113,6 +115,7 @@ Open-source maintainers do not need more AI-generated noise. They need agents th
113
115
  - Which `config.toml` or `.codex-global-state.json` setting explains a sandbox, approval, plugin, model, Speed/Fast, or Preferences save regression?
114
116
  - Which bundled plugin/cache/marketplace/helper-app mismatch explains a Browser, Chrome, Computer Use, or MCP runtime failure?
115
117
  - Can I attach one safe diagnostics folder to OpenAI without posting raw `config.toml`, SQLite state, local logs, or transcripts?
118
+ - Which files in this repo should be excluded from agent context before Codex, Claude, Cursor, or Gemini reads the workspace?
116
119
  - Did Codex sandbox setup or workspace permissions block every tool call?
117
120
  - Did quota accounting, account switching, or reset timing contradict the runtime usage-limit error?
118
121
  - Did an MCP tool appear in `tools/list` but fail at Codex runtime because approval, namespace routing, or stdio lifecycle broke?
@@ -259,6 +262,7 @@ trace-to-skill demo subagent-lifecycle
259
262
  trace-to-skill demo patch-overwrite
260
263
  trace-to-skill guard-patch ./change.patch --root .
261
264
  trace-to-skill session-audit ~/.codex --format json
265
+ trace-to-skill sensitive-audit . --format json
262
266
  trace-to-skill config-audit ~/.codex --format json
263
267
  trace-to-skill plugin-audit ~/.codex --app /Applications/Codex.app --format json
264
268
  trace-to-skill diagnostics-bundle ~/.codex --output codex-diagnostics
@@ -291,6 +295,7 @@ Redact traces before sharing them:
291
295
  trace-to-skill redact ./runs --output redacted-runs
292
296
  trace-to-skill redact ./runs/failed-run.md > failed-run.redacted.md
293
297
  trace-to-skill redact ./runs --output redacted-runs --format json
298
+ trace-to-skill sensitive-audit . --output sensitive-paths.md
294
299
  ```
295
300
 
296
301
  This removes common API keys, GitHub/npm/Slack tokens, bearer tokens, email addresses, local home paths, and hidden Unicode controls while preserving enough context for maintainer review.
@@ -431,6 +436,7 @@ Stable machine-readable contracts are published with the npm package and release
431
436
  - [`schemas/agents-lint-result.schema.json`](schemas/agents-lint-result.schema.json) describes `trace-to-skill lint-agents --format json`.
432
437
  - [`schemas/doctor-result.schema.json`](schemas/doctor-result.schema.json) describes `trace-to-skill doctor --format json`.
433
438
  - [`schemas/redact-result.schema.json`](schemas/redact-result.schema.json) describes `trace-to-skill redact --format json`.
439
+ - [`schemas/sensitive-audit-result.schema.json`](schemas/sensitive-audit-result.schema.json) describes `trace-to-skill sensitive-audit --format json`.
434
440
  - [`schemas/scorecard-result.schema.json`](schemas/scorecard-result.schema.json) describes `trace-to-skill scorecard --format json`.
435
441
  - [`schemas/oss-brief-result.schema.json`](schemas/oss-brief-result.schema.json) describes `trace-to-skill oss-brief --format json`.
436
442
  - [`schemas/patch-guard-result.schema.json`](schemas/patch-guard-result.schema.json) describes `trace-to-skill guard-patch --format json`.
@@ -470,7 +476,7 @@ jobs:
470
476
  issues: write
471
477
  steps:
472
478
  - uses: actions/checkout@v5
473
- - uses: grnbtqdbyx-create/trace-to-skill@v0.1.67
479
+ - uses: grnbtqdbyx-create/trace-to-skill@v0.1.68
474
480
  with:
475
481
  mode: all
476
482
  doctor-threshold: "85"
@@ -519,7 +525,7 @@ Composite action usage:
519
525
 
520
526
  ```yaml
521
527
  - id: trace-to-skill
522
- uses: grnbtqdbyx-create/trace-to-skill@v0.1.67
528
+ uses: grnbtqdbyx-create/trace-to-skill@v0.1.68
523
529
  with:
524
530
  mode: all
525
531
  doctor-threshold: "85"
@@ -561,7 +567,7 @@ Action outputs:
561
567
 
562
568
  By default, generated reports are also appended to the GitHub Actions Job Summary. Set `job-summary: "false"` to disable that UI output.
563
569
 
564
- Tagged Action releases build and run the CLI from `$GITHUB_ACTION_PATH`, so a workflow pinned to a release tag such as `@v0.1.67` executes that release's checked-out source instead of pulling the default branch at runtime.
570
+ Tagged Action releases build and run the CLI from `$GITHUB_ACTION_PATH`, so a workflow pinned to a release tag such as `@v0.1.68` executes that release's checked-out source instead of pulling the default branch at runtime.
565
571
 
566
572
  ## Codex Skill
567
573
 
package/dist/src/cli.js CHANGED
@@ -18,6 +18,7 @@ import { redactTargets } from "./redact.js";
18
18
  import { renderAgentsRules, renderCodexIssueReport, renderComparison, renderDoctorMarkdown, renderDoctorPrComment, renderMarkdown, renderPrComment, renderSarif, renderSkill } from "./report.js";
19
19
  import { renderScorecardMarkdown, renderScorecardPrComment, runScorecard } from "./scorecard.js";
20
20
  import { auditCodexSessions, renderSessionAuditMarkdown } from "./sessionAudit.js";
21
+ import { auditSensitivePaths, renderSensitiveAuditMarkdown } from "./sensitiveAudit.js";
21
22
  import { buildUsageEvidence, renderUsageEvidenceMarkdown } from "./usageEvidence.js";
22
23
  async function main() {
23
24
  const parsed = parseArgs(process.argv.slice(2));
@@ -97,6 +98,14 @@ async function main() {
97
98
  process.stdout.write(`redacted ${result.files.length} file(s), ${replacementCount} replacement(s)\n`);
98
99
  return;
99
100
  }
101
+ if (parsed.command === "sensitive-audit") {
102
+ const result = await auditSensitivePaths(parsed.targets[0] ?? process.cwd());
103
+ const format = String(parsed.flags.format ?? "markdown");
104
+ const output = format === "json" ? `${JSON.stringify(result, null, 2)}\n` : renderSensitiveAuditMarkdown(result);
105
+ await writeOutput(output, parsed.flags.output);
106
+ process.exitCode = result.status === "fail" ? 1 : 0;
107
+ return;
108
+ }
100
109
  if (parsed.command === "benchmark") {
101
110
  const result = await runBenchmark();
102
111
  const format = String(parsed.flags.format ?? "markdown");
@@ -375,6 +384,7 @@ Usage:
375
384
  trace-to-skill suggest <trace-file-or-dir> [--target agents-md|skill] [--output AGENTS.generated.md]
376
385
  trace-to-skill lint-agents [repo-dir] [--format markdown|json] [--output report.md]
377
386
  trace-to-skill redact <trace-file-or-dir> [--output redacted-runs] [--format text|json]
387
+ trace-to-skill sensitive-audit [repo-dir] [--format markdown|json] [--output sensitive-paths.md]
378
388
  trace-to-skill eval <trace-file-or-dir> [--threshold 75] [--format text|json]
379
389
  trace-to-skill benchmark [--format markdown|json] [--output docs/BENCHMARK.md]
380
390
  trace-to-skill scorecard [repo-dir] [--threshold 85] [--format markdown|json] [--output docs/SCORECARD.md]
@@ -401,6 +411,7 @@ Examples:
401
411
  trace-to-skill suggest ./runs --target skill --output skills/verification-before-completion/SKILL.md
402
412
  trace-to-skill lint-agents .
403
413
  trace-to-skill redact ./runs --output redacted-runs
414
+ trace-to-skill sensitive-audit .
404
415
  trace-to-skill eval ./runs --threshold 80
405
416
  trace-to-skill benchmark
406
417
  trace-to-skill scorecard .
package/dist/src/cli.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"cli.js","sourceRoot":"","sources":["../../src/cli.ts"],"names":[],"mappings":";AACA,OAAO,EAAE,SAAS,EAAE,MAAM,kBAAkB,CAAC;AAC7C,OAAO,EAAE,UAAU,EAAE,wBAAwB,EAAE,MAAM,iBAAiB,CAAC;AACvE,OAAO,EAAE,cAAc,EAAE,MAAM,cAAc,CAAC;AAC9C,OAAO,EAAE,uBAAuB,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;AACvE,OAAO,EAAE,gBAAgB,EAAE,yBAAyB,EAAE,MAAM,kBAAkB,CAAC;AAC/E,OAAO,EAAE,iBAAiB,EAAE,kBAAkB,EAAE,sBAAsB,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AACnG,OAAO,EAAE,uBAAuB,EAAE,+BAA+B,EAAE,MAAM,wBAAwB,CAAC;AAClG,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AACzC,OAAO,EAAE,eAAe,EAAE,QAAQ,EAAE,MAAM,WAAW,CAAC;AACtD,OAAO,EAAE,yBAAyB,EAAE,MAAM,oBAAoB,CAAC;AAC/D,OAAO,EAAE,sBAAsB,EAAE,MAAM,aAAa,CAAC;AACrD,OAAO,EAAE,WAAW,EAAE,MAAM,WAAW,CAAC;AACxC,OAAO,EAAE,sBAAsB,EAAE,WAAW,EAAE,MAAM,eAAe,CAAC;AACpE,OAAO,EAAE,cAAc,EAAE,wBAAwB,EAAE,MAAM,iBAAiB,CAAC;AAC3E,OAAO,EAAE,iBAAiB,EAAE,yBAAyB,EAAE,MAAM,kBAAkB,CAAC;AAChF,OAAO,EAAE,aAAa,EAAE,MAAM,aAAa,CAAC;AAC5C,OAAO,EAAE,iBAAiB,EAAE,sBAAsB,EAAE,gBAAgB,EAAE,oBAAoB,EAAE,qBAAqB,EAAE,cAAc,EAAE,eAAe,EAAE,WAAW,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAClM,OAAO,EAAE,uBAAuB,EAAE,wBAAwB,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;AACjG,OAAO,EAAE,kBAAkB,EAAE,0BAA0B,EAAE,MAAM,mBAAmB,CAAC;AACnF,OAAO,EAAE,kBAAkB,EAAE,2BAA2B,EAAE,MAAM,oBAAoB,CAAC;AAQrF,KAAK,UAAU,IAAI;IACjB,MAAM,MAAM,GAAG,SAAS,CAAC,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;IAEhD,IAAI,MAAM,CAAC,KAAK,CAAC,IAAI,IAAI,MAAM,CAAC,OAAO,KAAK,MAAM,EAAE,CAAC;QACnD,SAAS,EAAE,CAAC;QACZ,OAAO;IACT,CAAC;IAED,IAAI,MAAM,CAAC,OAAO,KAAK,SAAS,EAAE,CAAC;QACjC,MAAM,MAAM,GAAG,MAAM,cAAc,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;QACpD,MAAM,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,MAAM,IAAI,UAAU,CAAC,CAAC;QACzD,MAAM,MAAM,GAAG,cAAc,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QAC9C,MAAM,WAAW,CAAC,MAAM,EAAE,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;QAC/C,OAAO;IACT,CAAC;IAED,IAAI,MAAM,CAAC,OAAO,KAAK,MAAM,EAAE,CAAC;QAC9B,MAAM,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,MAAM,IAAI,UAAU,CAAC,CAAC;QACzD,IAAI,MAAM,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC;YACtB,MAAM,SAAS,GAAG,iBAAiB,EAAE,CAAC;YACtC,MAAM,MAAM,GAAG,MAAM,KAAK,MAAM,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC,SAAS,CAAC,EAAE,SAAS,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,sBAAsB,CAAC,SAAS,CAAC,CAAC;YACrH,MAAM,WAAW,CAAC,MAAM,EAAE,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;YAC/C,OAAO;QACT,CAAC;QAED,MAAM,MAAM,GAAG,MAAM,OAAO,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC;QAChD,MAAM,MAAM,GAAG,MAAM,KAAK,MAAM,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,kBAAkB,CAAC,MAAM,CAAC,CAAC;QACvG,MAAM,WAAW,CAAC,MAAM,EAAE,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;QAC/C,OAAO;IACT,CAAC;IAED,IAAI,MAAM,CAAC,OAAO,KAAK,SAAS,EAAE,CAAC;QACjC,MAAM,MAAM,GAAG,MAAM,cAAc,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;QACpD,MAAM,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,MAAM,IAAI,WAAW,CAAC,CAAC;QAC1D,MAAM,MAAM,GAAG,MAAM,KAAK,OAAO,CAAC,CAAC,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,iBAAiB,CAAC,MAAM,CAAC,CAAC;QACpF,MAAM,WAAW,CAAC,MAAM,EAAE,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;QAC/C,OAAO;IACT,CAAC;IAED,IAAI,MAAM,CAAC,OAAO,KAAK,cAAc,EAAE,CAAC;QACtC,MAAM,MAAM,GAAG,MAAM,cAAc,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;QACpD,MAAM,WAAW,CAAC,sBAAsB,CAAC,MAAM,CAAC,EAAE,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;QACvE,OAAO;IACT,CAAC;IAED,IAAI,MAAM,CAAC,OAAO,KAAK,gBAAgB,EAAE,CAAC;QACxC,MAAM,MAAM,GAAG,MAAM,kBAAkB,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;QACxD,MAAM,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,MAAM,IAAI,UAAU,CAAC,CAAC;QACzD,MAAM,MAAM,GAAG,MAAM,KAAK,MAAM,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,2BAA2B,CAAC,MAAM,CAAC,CAAC;QAChH,MAAM,WAAW,CAAC,MAAM,EAAE,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;QAC/C,OAAO;IACT,CAAC;IAED,IAAI,MAAM,CAAC,OAAO,KAAK,aAAa,EAAE,CAAC;QACrC,MAAM,MAAM,GAAG,MAAM,UAAU,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,OAAO,CAAC,GAAG,EAAE,CAAC,CAAC;QACpE,MAAM,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,MAAM,IAAI,UAAU,CAAC,CAAC;QACzD,MAAM,MAAM,GAAG,MAAM,KAAK,MAAM,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,wBAAwB,CAAC,MAAM,CAAC,CAAC;QAC7G,MAAM,WAAW,CAAC,MAAM,EAAE,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;QAC/C,OAAO,CAAC,QAAQ,GAAG,MAAM,CAAC,MAAM,KAAK,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;QACpD,OAAO;IACT,CAAC;IAED,IAAI,MAAM,CAAC,OAAO,KAAK,MAAM,EAAE,CAAC;QAC9B,MAAM,SAAS,GAAG,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,SAAS,IAAI,EAAE,CAAC,CAAC;QACvD,MAAM,MAAM,GAAG,MAAM,cAAc,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;QACpD,MAAM,UAAU,GAAG,QAAQ,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC;QAC/C,MAAM,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,MAAM,IAAI,MAAM,CAAC,CAAC;QACrD,MAAM,MAAM,GAAG,MAAM,KAAK,MAAM,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC,SAAS,CAAC,UAAU,EAAE,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,GAAG,UAAU,CAAC,OAAO,IAAI,CAAC;QAC1G,MAAM,WAAW,CAAC,MAAM,EAAE,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;QAC/C,OAAO,CAAC,QAAQ,GAAG,UAAU,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;QAC7C,OAAO;IACT,CAAC;IAED,IAAI,MAAM,CAAC,OAAO,KAAK,QAAQ,EAAE,CAAC;QAChC,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,GAAG,MAAM,aAAa,CAAC,MAAM,CAAC,OAAO,EAAE,UAAU,CAAC,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC;QACjG,MAAM,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,MAAM,IAAI,MAAM,CAAC,CAAC;QACrD,IAAI,MAAM,KAAK,MAAM,EAAE,CAAC;YACtB,MAAM,WAAW,CAAC,GAAG,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,SAAS,CAAC,CAAC;YACrE,OAAO;QACT,CAAC;QAED,IAAI,OAAO,KAAK,SAAS,EAAE,CAAC;YAC1B,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;YAC9B,OAAO;QACT,CAAC;QAED,MAAM,gBAAgB,GAAG,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,KAAK,EAAE,EAAE,CAAC,GAAG,GAAG,KAAK,EAAE,CAAC,CAAC,CAAC;QAC7F,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,YAAY,MAAM,CAAC,KAAK,CAAC,MAAM,aAAa,gBAAgB,mBAAmB,CAAC,CAAC;QACtG,OAAO;IACT,CAAC;IAED,IAAI,MAAM,CAAC,OAAO,KAAK,WAAW,EAAE,CAAC;QACnC,MAAM,MAAM,GAAG,MAAM,YAAY,EAAE,CAAC;QACpC,MAAM,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,MAAM,IAAI,UAAU,CAAC,CAAC;QACzD,MAAM,MAAM,GAAG,MAAM,KAAK,MAAM,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,uBAAuB,CAAC,MAAM,CAAC,CAAC;QAC5G,MAAM,WAAW,CAAC,MAAM,EAAE,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;QAC/C,OAAO,CAAC,QAAQ,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;QACzC,OAAO;IACT,CAAC;IAED,IAAI,MAAM,CAAC,OAAO,KAAK,WAAW,EAAE,CAAC;QACnC,MAAM,SAAS,GAAG,UAAU,CAAC,MAAM,CAAC,KAAK,CAAC,SAAS,CAAC,IAAI,EAAE,CAAC;QAC3D,MAAM,MAAM,GAAG,MAAM,YAAY,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,OAAO,CAAC,GAAG,EAAE,EAAE,SAAS,CAAC,CAAC;QACjF,MAAM,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,MAAM,IAAI,UAAU,CAAC,CAAC;QACzD,MAAM,MAAM,GAAG,MAAM,KAAK,MAAM,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,uBAAuB,CAAC,MAAM,CAAC,CAAC;QAC5G,MAAM,WAAW,CAAC,MAAM,EAAE,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;QAC/C,OAAO,CAAC,QAAQ,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;QACzC,OAAO;IACT,CAAC;IAED,IAAI,MAAM,CAAC,OAAO,KAAK,mBAAmB,EAAE,CAAC;QAC3C,MAAM,SAAS,GAAG,UAAU,CAAC,MAAM,CAAC,KAAK,CAAC,SAAS,CAAC,IAAI,EAAE,CAAC;QAC3D,MAAM,MAAM,GAAG,MAAM,YAAY,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,OAAO,CAAC,GAAG,EAAE,EAAE,SAAS,CAAC,CAAC;QACjF,MAAM,IAAI,GAAG,wBAAwB,CAAC,MAAM,CAAC,CAAC;QAC9C,MAAM,OAAO,GAAG,MAAM,sBAAsB,CAAC;YAC3C,IAAI;YACJ,KAAK,EAAE,UAAU,CAAC,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC;YACrC,UAAU,EAAE,UAAU,CAAC,MAAM,CAAC,KAAK,CAAC,UAAU,CAAC;YAC/C,SAAS,EAAE,UAAU,CAAC,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC;YACzC,MAAM,EAAE,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC;YACxC,MAAM,EAAE,0CAA0C;YAClD,UAAU,EAAE,iCAAiC;SAC9C,CAAC,CAAC;QACH,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,OAAO,IAAI,CAAC,CAAC;QACrC,OAAO,CAAC,QAAQ,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;QACzC,OAAO;IACT,CAAC;IAED,IAAI,MAAM,CAAC,OAAO,KAAK,WAAW,EAAE,CAAC;QACnC,MAAM,SAAS,GAAG,UAAU,CAAC,MAAM,CAAC,KAAK,CAAC,SAAS,CAAC,IAAI,EAAE,CAAC;QAC3D,MAAM,MAAM,GAAG,MAAM,WAAW,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,OAAO,CAAC,GAAG,EAAE,EAAE,SAAS,CAAC,CAAC;QAChF,MAAM,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,MAAM,IAAI,UAAU,CAAC,CAAC;QACzD,MAAM,MAAM,GAAG,MAAM,KAAK,MAAM,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,sBAAsB,CAAC,MAAM,CAAC,CAAC;QAC3G,MAAM,WAAW,CAAC,MAAM,EAAE,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;QAC/C,OAAO,CAAC,QAAQ,GAAG,MAAM,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;QACnD,OAAO;IACT,CAAC;IAED,IAAI,MAAM,CAAC,OAAO,KAAK,oBAAoB,EAAE,CAAC;QAC5C,MAAM,SAAS,GAAG,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,UAAU,CAAC,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,IAAI,OAAO,CAAC,GAAG,CAAC,iBAAiB,CAAC;QACvG,IAAI,CAAC,SAAS,EAAE,CAAC;YACf,MAAM,IAAI,KAAK,CAAC,sEAAsE,CAAC,CAAC;QAC1F,CAAC;QAED,MAAM,SAAS,GAAG,UAAU,CAAC,MAAM,CAAC,KAAK,CAAC,SAAS,CAAC,IAAI,EAAE,CAAC;QAC3D,MAAM,MAAM,GAAG,MAAM,yBAAyB,CAAC,SAAS,CAAC,CAAC;QAC1D,MAAM,UAAU,GAAG,QAAQ,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC;QAC/C,MAAM,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,MAAM,IAAI,UAAU,CAAC,CAAC;QACzD,MAAM,MAAM,GAAG,MAAM,KAAK,MAAM,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,cAAc,CAAC,MAAM,EAAE,UAAU,CAAC,CAAC;QAC/G,MAAM,WAAW,CAAC,MAAM,EAAE,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;QAC/C,OAAO,CAAC,QAAQ,GAAG,UAAU,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;QAC7C,OAAO;IACT,CAAC;IAED,IAAI,MAAM,CAAC,OAAO,KAAK,aAAa,EAAE,CAAC;QACrC,MAAM,SAAS,GAAG,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC;QACpC,IAAI,CAAC,SAAS,EAAE,CAAC;YACf,MAAM,IAAI,KAAK,CAAC,yCAAyC,CAAC,CAAC;QAC7D,CAAC;QAED,MAAM,MAAM,GAAG,MAAM,cAAc,CAAC,SAAS,EAAE,UAAU,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,OAAO,CAAC,GAAG,EAAE,CAAC,CAAC;QAC/F,MAAM,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,MAAM,IAAI,UAAU,CAAC,CAAC;QACzD,MAAM,MAAM,GAAG,MAAM,KAAK,MAAM,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,wBAAwB,CAAC,MAAM,CAAC,CAAC;QAC7G,MAAM,WAAW,CAAC,MAAM,EAAE,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;QAC/C,OAAO,CAAC,QAAQ,GAAG,MAAM,CAAC,MAAM,KAAK,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;QACpD,OAAO;IACT,CAAC;IAED,IAAI,MAAM,CAAC,OAAO,KAAK,eAAe,EAAE,CAAC;QACvC,MAAM,MAAM,GAAG,MAAM,kBAAkB,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,UAAU,EAAE;YACvE,cAAc,EAAE,QAAQ,CAAC,MAAM,CAAC,KAAK,CAAC,UAAU,CAAC,EAAE,IAAI,GAAG,IAAI,CAAC;YAC/D,aAAa,EAAE,QAAQ,CAAC,MAAM,CAAC,KAAK,CAAC,cAAc,CAAC,EAAE,IAAI,CAAC;SAC5D,CAAC,CAAC;QACH,MAAM,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,MAAM,IAAI,UAAU,CAAC,CAAC;QACzD,MAAM,MAAM,GAAG,MAAM,KAAK,MAAM,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,0BAA0B,CAAC,MAAM,CAAC,CAAC;QAC/G,MAAM,WAAW,CAAC,MAAM,EAAE,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;QAC/C,OAAO,CAAC,QAAQ,GAAG,MAAM,CAAC,MAAM,KAAK,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;QACpD,OAAO;IACT,CAAC;IAED,IAAI,MAAM,CAAC,OAAO,KAAK,cAAc,EAAE,CAAC;QACtC,MAAM,MAAM,GAAG,MAAM,gBAAgB,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,UAAU,CAAC,CAAC;QACvE,MAAM,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,MAAM,IAAI,UAAU,CAAC,CAAC;QACzD,MAAM,MAAM,GAAG,MAAM,KAAK,MAAM,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,yBAAyB,CAAC,MAAM,CAAC,CAAC;QAC9G,MAAM,WAAW,CAAC,MAAM,EAAE,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;QAC/C,OAAO,CAAC,QAAQ,GAAG,MAAM,CAAC,MAAM,KAAK,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;QACpD,OAAO;IACT,CAAC;IAED,IAAI,MAAM,CAAC,OAAO,KAAK,cAAc,EAAE,CAAC;QACtC,MAAM,MAAM,GAAG,MAAM,iBAAiB,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,UAAU,EAAE;YACtE,OAAO,EAAE,UAAU,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC;SACtC,CAAC,CAAC;QACH,MAAM,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,MAAM,IAAI,UAAU,CAAC,CAAC;QACzD,MAAM,MAAM,GAAG,MAAM,KAAK,MAAM,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,yBAAyB,CAAC,MAAM,CAAC,CAAC;QAC9G,MAAM,WAAW,CAAC,MAAM,EAAE,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;QAC/C,OAAO,CAAC,QAAQ,GAAG,MAAM,CAAC,MAAM,KAAK,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;QACpD,OAAO;IACT,CAAC;IAED,IAAI,MAAM,CAAC,OAAO,KAAK,oBAAoB,EAAE,CAAC;QAC5C,MAAM,MAAM,GAAG,MAAM,uBAAuB,CAC1C,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,UAAU,EAC/B,UAAU,CAAC,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,IAAI,kCAAkC,EACrE;YACE,OAAO,EAAE,UAAU,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC;YACrC,cAAc,EAAE,QAAQ,CAAC,MAAM,CAAC,KAAK,CAAC,UAAU,CAAC,EAAE,IAAI,GAAG,IAAI,CAAC;YAC/D,aAAa,EAAE,QAAQ,CAAC,MAAM,CAAC,KAAK,CAAC,cAAc,CAAC,EAAE,IAAI,CAAC;YAC3D,KAAK,EAAE,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC;SACnC,CACF,CAAC;QACF,MAAM,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,MAAM,IAAI,UAAU,CAAC,CAAC;QACzD,MAAM,MAAM,GAAG,MAAM,KAAK,MAAM,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,+BAA+B,CAAC,MAAM,CAAC,CAAC;QACpH,MAAM,WAAW,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC;QACrC,OAAO,CAAC,QAAQ,GAAG,MAAM,CAAC,MAAM,KAAK,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;QACpD,OAAO;IACT,CAAC;IAED,IAAI,MAAM,CAAC,OAAO,KAAK,SAAS,EAAE,CAAC;QACjC,MAAM,MAAM,GAAG,MAAM,cAAc,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;QACpD,MAAM,IAAI,GAAG,eAAe,CAAC,MAAM,CAAC,CAAC;QACrC,MAAM,OAAO,GAAG,MAAM,sBAAsB,CAAC;YAC3C,IAAI;YACJ,KAAK,EAAE,UAAU,CAAC,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC;YACrC,UAAU,EAAE,UAAU,CAAC,MAAM,CAAC,KAAK,CAAC,UAAU,CAAC;YAC/C,SAAS,EAAE,UAAU,CAAC,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC;YACzC,MAAM,EAAE,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC;SACzC,CAAC,CAAC;QACH,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,OAAO,IAAI,CAAC,CAAC;QACrC,OAAO;IACT,CAAC;IAED,IAAI,MAAM,CAAC,OAAO,KAAK,SAAS,EAAE,CAAC;QACjC,MAAM,MAAM,GAAG,UAAU,CAAC,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC;QACpE,MAAM,KAAK,GAAG,UAAU,CAAC,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC;QAClE,IAAI,CAAC,MAAM,IAAI,CAAC,KAAK,EAAE,CAAC;YACtB,MAAM,IAAI,KAAK,CAAC,iFAAiF,CAAC,CAAC;QACrG,CAAC;QAED,MAAM,YAAY,GAAG,MAAM,cAAc,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC;QACpD,MAAM,WAAW,GAAG,MAAM,cAAc,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC;QAClD,MAAM,UAAU,GAAG,eAAe,CAAC,YAAY,EAAE,WAAW,CAAC,CAAC;QAC9D,MAAM,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,MAAM,IAAI,UAAU,CAAC,CAAC;QACzD,MAAM,MAAM,GAAG,MAAM,KAAK,MAAM,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC,SAAS,CAAC,UAAU,EAAE,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,gBAAgB,CAAC,UAAU,CAAC,CAAC;QAC7G,MAAM,WAAW,CAAC,MAAM,EAAE,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;QAC/C,OAAO,CAAC,QAAQ,GAAG,UAAU,CAAC,QAAQ,KAAK,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;QAC5D,OAAO;IACT,CAAC;IAED,IAAI,MAAM,CAAC,OAAO,KAAK,QAAQ,EAAE,CAAC;QAChC,MAAM,MAAM,GAAG,MAAM,UAAU,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,OAAO,CAAC,GAAG,EAAE,CAAC,CAAC;QACpE,MAAM,SAAS,GAAG,UAAU,CAAC,MAAM,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC;QACrD,MAAM,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,MAAM,IAAI,UAAU,CAAC,CAAC;QACzD,MAAM,MAAM,GAAG,MAAM,KAAK,MAAM,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC;YACzE,MAAM,KAAK,SAAS,CAAC,CAAC,CAAC,qBAAqB,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC,CAAC;gBAC/D,oBAAoB,CAAC,MAAM,CAAC,CAAC;QACjC,MAAM,WAAW,CAAC,MAAM,EAAE,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;QAC/C,OAAO,CAAC,QAAQ,GAAG,YAAY,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;QAC3D,OAAO;IACT,CAAC;IAED,IAAI,MAAM,CAAC,OAAO,KAAK,gBAAgB,EAAE,CAAC;QACxC,MAAM,MAAM,GAAG,MAAM,UAAU,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,OAAO,CAAC,GAAG,EAAE,CAAC,CAAC;QACpE,MAAM,SAAS,GAAG,UAAU,CAAC,MAAM,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC;QACrD,MAAM,IAAI,GAAG,qBAAqB,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC;QACtD,MAAM,OAAO,GAAG,MAAM,sBAAsB,CAAC;YAC3C,IAAI;YACJ,KAAK,EAAE,UAAU,CAAC,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC;YACrC,UAAU,EAAE,UAAU,CAAC,MAAM,CAAC,KAAK,CAAC,UAAU,CAAC;YAC/C,SAAS,EAAE,UAAU,CAAC,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC;YACzC,MAAM,EAAE,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC;YACxC,MAAM,EAAE,uCAAuC;YAC/C,UAAU,EAAE,8BAA8B;SAC3C,CAAC,CAAC;QACH,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,OAAO,IAAI,CAAC,CAAC;QACrC,OAAO,CAAC,QAAQ,GAAG,YAAY,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;QAC3D,OAAO;IACT,CAAC;IAED,IAAI,MAAM,CAAC,OAAO,KAAK,MAAM,EAAE,CAAC;QAC9B,MAAM,MAAM,GAAG,MAAM,WAAW,CAAC;YAC/B,MAAM,EAAE,UAAU,CAAC,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC;YACvC,SAAS,EAAE,UAAU,CAAC,MAAM,CAAC,KAAK,CAAC,SAAS,CAAC;YAC7C,eAAe,EAAE,UAAU,CAAC,MAAM,CAAC,KAAK,CAAC,kBAAkB,CAAC,CAAC;YAC7D,OAAO,EAAE,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,OAAO,CAAC;YACtC,KAAK,EAAE,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC;YAClC,KAAK,EAAE,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC;YAClC,MAAM,EAAE,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC;SACzC,CAAC,CAAC;QACH,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,MAAM,CAAC,OAAO,IAAI,CAAC,CAAC;QAC5C,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,SAAS,IAAI,IAAI,CAAC,CAAC,CAAC;QAC1E,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,QAAQ,IAAI,IAAI,CAAC,CAAC,CAAC;QACzE,OAAO;IACT,CAAC;IAED,SAAS,EAAE,CAAC;IACZ,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;AACvB,CAAC;AAED,SAAS,UAAU,CAAC,KAAmC;IACrD,OAAO,OAAO,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS,CAAC;AACvD,CAAC;AAED,SAAS,UAAU,CAAC,KAAmC;IACrD,IAAI,KAAK,KAAK,SAAS,EAAE,CAAC;QACxB,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;QAC7D,MAAM,IAAI,KAAK,CAAC,kDAAkD,CAAC,CAAC;IACtE,CAAC;IAED,MAAM,MAAM,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC;IAC7B,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,MAAM,CAAC,IAAI,MAAM,GAAG,CAAC,IAAI,MAAM,GAAG,GAAG,EAAE,CAAC;QAC5D,MAAM,IAAI,KAAK,CAAC,kDAAkD,CAAC,CAAC;IACtE,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,SAAS,QAAQ,CAAC,KAAmC,EAAE,UAAkB;IACvE,IAAI,KAAK,KAAK,SAAS,EAAE,CAAC;QACxB,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;QAC7D,MAAM,IAAI,KAAK,CAAC,gDAAgD,CAAC,CAAC;IACpE,CAAC;IAED,MAAM,MAAM,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC;IAC7B,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,MAAM,CAAC,IAAI,MAAM,GAAG,CAAC,EAAE,CAAC;QAC5C,MAAM,IAAI,KAAK,CAAC,gDAAgD,CAAC,CAAC;IACpE,CAAC;IAED,OAAO,MAAM,GAAG,UAAU,CAAC;AAC7B,CAAC;AAED,SAAS,YAAY,CAAC,MAA8C,EAAE,SAA6B;IACjG,IAAI,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,MAAM,KAAK,MAAM,CAAC,EAAE,CAAC;QAC3D,OAAO,KAAK,CAAC;IACf,CAAC;IAED,IAAI,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,OAAO,CAAC,QAAQ,KAAK,UAAU,CAAC,EAAE,CAAC;QACvE,OAAO,KAAK,CAAC;IACf,CAAC;IAED,OAAO,SAAS,KAAK,SAAS,IAAI,MAAM,CAAC,KAAK,IAAI,SAAS,CAAC;AAC9D,CAAC;AAED,SAAS,cAAc,CAAC,MAAkD,EAAE,MAAc;IACxF,IAAI,MAAM,KAAK,MAAM,EAAE,CAAC;QACtB,OAAO,GAAG,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC;IAChD,CAAC;IAED,IAAI,MAAM,KAAK,OAAO,EAAE,CAAC;QACvB,OAAO,WAAW,CAAC,MAAM,CAAC,CAAC;IAC7B,CAAC;IAED,OAAO,cAAc,CAAC,MAAM,CAAC,CAAC;AAChC,CAAC;AAED,SAAS,SAAS,CAAC,IAAc;IAC/B,MAAM,CAAC,OAAO,GAAG,MAAM,EAAE,GAAG,IAAI,CAAC,GAAG,IAAI,CAAC;IACzC,MAAM,OAAO,GAAa,EAAE,CAAC;IAC7B,MAAM,KAAK,GAAqC,EAAE,CAAC;IAEnD,KAAK,IAAI,KAAK,GAAG,CAAC,EAAE,KAAK,GAAG,IAAI,CAAC,MAAM,EAAE,KAAK,IAAI,CAAC,EAAE,CAAC;QACpD,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC;QAC1B,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC;YAC5B,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;YACpB,SAAS;QACX,CAAC;QAED,MAAM,CAAC,GAAG,EAAE,WAAW,CAAC,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC;QACxD,IAAI,WAAW,KAAK,SAAS,EAAE,CAAC;YAC9B,KAAK,CAAC,GAAG,CAAC,GAAG,WAAW,CAAC;YACzB,SAAS;QACX,CAAC;QAED,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,GAAG,CAAC,CAAC,CAAC;QAC7B,IAAI,IAAI,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC;YACnC,KAAK,CAAC,GAAG,CAAC,GAAG,IAAI,CAAC;YAClB,KAAK,IAAI,CAAC,CAAC;QACb,CAAC;aAAM,CAAC;YACN,KAAK,CAAC,GAAG,CAAC,GAAG,IAAI,CAAC;QACpB,CAAC;IACH,CAAC;IAED,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC;AACrC,CAAC;AAED,KAAK,UAAU,WAAW,CAAC,MAAc,EAAE,UAAwC;IACjF,IAAI,OAAO,UAAU,KAAK,QAAQ,EAAE,CAAC;QACnC,MAAM,SAAS,CAAC,UAAU,EAAE,MAAM,EAAE,MAAM,CAAC,CAAC;QAC5C,OAAO;IACT,CAAC;IAED,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;AAC/B,CAAC;AAED,SAAS,SAAS;IAChB,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAsDtB,CAAC,CAAC;AACH,CAAC;AAED,IAAI,EAAE,CAAC,KAAK,CAAC,CAAC,KAAc,EAAE,EAAE;IAC9B,MAAM,OAAO,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IACvE,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,mBAAmB,OAAO,IAAI,CAAC,CAAC;IACrD,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;AACvB,CAAC,CAAC,CAAC"}
1
+ {"version":3,"file":"cli.js","sourceRoot":"","sources":["../../src/cli.ts"],"names":[],"mappings":";AACA,OAAO,EAAE,SAAS,EAAE,MAAM,kBAAkB,CAAC;AAC7C,OAAO,EAAE,UAAU,EAAE,wBAAwB,EAAE,MAAM,iBAAiB,CAAC;AACvE,OAAO,EAAE,cAAc,EAAE,MAAM,cAAc,CAAC;AAC9C,OAAO,EAAE,uBAAuB,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;AACvE,OAAO,EAAE,gBAAgB,EAAE,yBAAyB,EAAE,MAAM,kBAAkB,CAAC;AAC/E,OAAO,EAAE,iBAAiB,EAAE,kBAAkB,EAAE,sBAAsB,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AACnG,OAAO,EAAE,uBAAuB,EAAE,+BAA+B,EAAE,MAAM,wBAAwB,CAAC;AAClG,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AACzC,OAAO,EAAE,eAAe,EAAE,QAAQ,EAAE,MAAM,WAAW,CAAC;AACtD,OAAO,EAAE,yBAAyB,EAAE,MAAM,oBAAoB,CAAC;AAC/D,OAAO,EAAE,sBAAsB,EAAE,MAAM,aAAa,CAAC;AACrD,OAAO,EAAE,WAAW,EAAE,MAAM,WAAW,CAAC;AACxC,OAAO,EAAE,sBAAsB,EAAE,WAAW,EAAE,MAAM,eAAe,CAAC;AACpE,OAAO,EAAE,cAAc,EAAE,wBAAwB,EAAE,MAAM,iBAAiB,CAAC;AAC3E,OAAO,EAAE,iBAAiB,EAAE,yBAAyB,EAAE,MAAM,kBAAkB,CAAC;AAChF,OAAO,EAAE,aAAa,EAAE,MAAM,aAAa,CAAC;AAC5C,OAAO,EAAE,iBAAiB,EAAE,sBAAsB,EAAE,gBAAgB,EAAE,oBAAoB,EAAE,qBAAqB,EAAE,cAAc,EAAE,eAAe,EAAE,WAAW,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAClM,OAAO,EAAE,uBAAuB,EAAE,wBAAwB,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;AACjG,OAAO,EAAE,kBAAkB,EAAE,0BAA0B,EAAE,MAAM,mBAAmB,CAAC;AACnF,OAAO,EAAE,mBAAmB,EAAE,4BAA4B,EAAE,MAAM,qBAAqB,CAAC;AACxF,OAAO,EAAE,kBAAkB,EAAE,2BAA2B,EAAE,MAAM,oBAAoB,CAAC;AAQrF,KAAK,UAAU,IAAI;IACjB,MAAM,MAAM,GAAG,SAAS,CAAC,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;IAEhD,IAAI,MAAM,CAAC,KAAK,CAAC,IAAI,IAAI,MAAM,CAAC,OAAO,KAAK,MAAM,EAAE,CAAC;QACnD,SAAS,EAAE,CAAC;QACZ,OAAO;IACT,CAAC;IAED,IAAI,MAAM,CAAC,OAAO,KAAK,SAAS,EAAE,CAAC;QACjC,MAAM,MAAM,GAAG,MAAM,cAAc,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;QACpD,MAAM,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,MAAM,IAAI,UAAU,CAAC,CAAC;QACzD,MAAM,MAAM,GAAG,cAAc,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QAC9C,MAAM,WAAW,CAAC,MAAM,EAAE,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;QAC/C,OAAO;IACT,CAAC;IAED,IAAI,MAAM,CAAC,OAAO,KAAK,MAAM,EAAE,CAAC;QAC9B,MAAM,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,MAAM,IAAI,UAAU,CAAC,CAAC;QACzD,IAAI,MAAM,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC;YACtB,MAAM,SAAS,GAAG,iBAAiB,EAAE,CAAC;YACtC,MAAM,MAAM,GAAG,MAAM,KAAK,MAAM,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC,SAAS,CAAC,EAAE,SAAS,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,sBAAsB,CAAC,SAAS,CAAC,CAAC;YACrH,MAAM,WAAW,CAAC,MAAM,EAAE,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;YAC/C,OAAO;QACT,CAAC;QAED,MAAM,MAAM,GAAG,MAAM,OAAO,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC;QAChD,MAAM,MAAM,GAAG,MAAM,KAAK,MAAM,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,kBAAkB,CAAC,MAAM,CAAC,CAAC;QACvG,MAAM,WAAW,CAAC,MAAM,EAAE,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;QAC/C,OAAO;IACT,CAAC;IAED,IAAI,MAAM,CAAC,OAAO,KAAK,SAAS,EAAE,CAAC;QACjC,MAAM,MAAM,GAAG,MAAM,cAAc,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;QACpD,MAAM,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,MAAM,IAAI,WAAW,CAAC,CAAC;QAC1D,MAAM,MAAM,GAAG,MAAM,KAAK,OAAO,CAAC,CAAC,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,iBAAiB,CAAC,MAAM,CAAC,CAAC;QACpF,MAAM,WAAW,CAAC,MAAM,EAAE,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;QAC/C,OAAO;IACT,CAAC;IAED,IAAI,MAAM,CAAC,OAAO,KAAK,cAAc,EAAE,CAAC;QACtC,MAAM,MAAM,GAAG,MAAM,cAAc,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;QACpD,MAAM,WAAW,CAAC,sBAAsB,CAAC,MAAM,CAAC,EAAE,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;QACvE,OAAO;IACT,CAAC;IAED,IAAI,MAAM,CAAC,OAAO,KAAK,gBAAgB,EAAE,CAAC;QACxC,MAAM,MAAM,GAAG,MAAM,kBAAkB,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;QACxD,MAAM,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,MAAM,IAAI,UAAU,CAAC,CAAC;QACzD,MAAM,MAAM,GAAG,MAAM,KAAK,MAAM,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,2BAA2B,CAAC,MAAM,CAAC,CAAC;QAChH,MAAM,WAAW,CAAC,MAAM,EAAE,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;QAC/C,OAAO;IACT,CAAC;IAED,IAAI,MAAM,CAAC,OAAO,KAAK,aAAa,EAAE,CAAC;QACrC,MAAM,MAAM,GAAG,MAAM,UAAU,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,OAAO,CAAC,GAAG,EAAE,CAAC,CAAC;QACpE,MAAM,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,MAAM,IAAI,UAAU,CAAC,CAAC;QACzD,MAAM,MAAM,GAAG,MAAM,KAAK,MAAM,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,wBAAwB,CAAC,MAAM,CAAC,CAAC;QAC7G,MAAM,WAAW,CAAC,MAAM,EAAE,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;QAC/C,OAAO,CAAC,QAAQ,GAAG,MAAM,CAAC,MAAM,KAAK,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;QACpD,OAAO;IACT,CAAC;IAED,IAAI,MAAM,CAAC,OAAO,KAAK,MAAM,EAAE,CAAC;QAC9B,MAAM,SAAS,GAAG,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,SAAS,IAAI,EAAE,CAAC,CAAC;QACvD,MAAM,MAAM,GAAG,MAAM,cAAc,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;QACpD,MAAM,UAAU,GAAG,QAAQ,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC;QAC/C,MAAM,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,MAAM,IAAI,MAAM,CAAC,CAAC;QACrD,MAAM,MAAM,GAAG,MAAM,KAAK,MAAM,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC,SAAS,CAAC,UAAU,EAAE,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,GAAG,UAAU,CAAC,OAAO,IAAI,CAAC;QAC1G,MAAM,WAAW,CAAC,MAAM,EAAE,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;QAC/C,OAAO,CAAC,QAAQ,GAAG,UAAU,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;QAC7C,OAAO;IACT,CAAC;IAED,IAAI,MAAM,CAAC,OAAO,KAAK,QAAQ,EAAE,CAAC;QAChC,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,GAAG,MAAM,aAAa,CAAC,MAAM,CAAC,OAAO,EAAE,UAAU,CAAC,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC;QACjG,MAAM,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,MAAM,IAAI,MAAM,CAAC,CAAC;QACrD,IAAI,MAAM,KAAK,MAAM,EAAE,CAAC;YACtB,MAAM,WAAW,CAAC,GAAG,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,SAAS,CAAC,CAAC;YACrE,OAAO;QACT,CAAC;QAED,IAAI,OAAO,KAAK,SAAS,EAAE,CAAC;YAC1B,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;YAC9B,OAAO;QACT,CAAC;QAED,MAAM,gBAAgB,GAAG,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,KAAK,EAAE,EAAE,CAAC,GAAG,GAAG,KAAK,EAAE,CAAC,CAAC,CAAC;QAC7F,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,YAAY,MAAM,CAAC,KAAK,CAAC,MAAM,aAAa,gBAAgB,mBAAmB,CAAC,CAAC;QACtG,OAAO;IACT,CAAC;IAED,IAAI,MAAM,CAAC,OAAO,KAAK,iBAAiB,EAAE,CAAC;QACzC,MAAM,MAAM,GAAG,MAAM,mBAAmB,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,OAAO,CAAC,GAAG,EAAE,CAAC,CAAC;QAC7E,MAAM,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,MAAM,IAAI,UAAU,CAAC,CAAC;QACzD,MAAM,MAAM,GAAG,MAAM,KAAK,MAAM,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,4BAA4B,CAAC,MAAM,CAAC,CAAC;QACjH,MAAM,WAAW,CAAC,MAAM,EAAE,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;QAC/C,OAAO,CAAC,QAAQ,GAAG,MAAM,CAAC,MAAM,KAAK,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;QACpD,OAAO;IACT,CAAC;IAED,IAAI,MAAM,CAAC,OAAO,KAAK,WAAW,EAAE,CAAC;QACnC,MAAM,MAAM,GAAG,MAAM,YAAY,EAAE,CAAC;QACpC,MAAM,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,MAAM,IAAI,UAAU,CAAC,CAAC;QACzD,MAAM,MAAM,GAAG,MAAM,KAAK,MAAM,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,uBAAuB,CAAC,MAAM,CAAC,CAAC;QAC5G,MAAM,WAAW,CAAC,MAAM,EAAE,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;QAC/C,OAAO,CAAC,QAAQ,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;QACzC,OAAO;IACT,CAAC;IAED,IAAI,MAAM,CAAC,OAAO,KAAK,WAAW,EAAE,CAAC;QACnC,MAAM,SAAS,GAAG,UAAU,CAAC,MAAM,CAAC,KAAK,CAAC,SAAS,CAAC,IAAI,EAAE,CAAC;QAC3D,MAAM,MAAM,GAAG,MAAM,YAAY,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,OAAO,CAAC,GAAG,EAAE,EAAE,SAAS,CAAC,CAAC;QACjF,MAAM,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,MAAM,IAAI,UAAU,CAAC,CAAC;QACzD,MAAM,MAAM,GAAG,MAAM,KAAK,MAAM,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,uBAAuB,CAAC,MAAM,CAAC,CAAC;QAC5G,MAAM,WAAW,CAAC,MAAM,EAAE,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;QAC/C,OAAO,CAAC,QAAQ,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;QACzC,OAAO;IACT,CAAC;IAED,IAAI,MAAM,CAAC,OAAO,KAAK,mBAAmB,EAAE,CAAC;QAC3C,MAAM,SAAS,GAAG,UAAU,CAAC,MAAM,CAAC,KAAK,CAAC,SAAS,CAAC,IAAI,EAAE,CAAC;QAC3D,MAAM,MAAM,GAAG,MAAM,YAAY,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,OAAO,CAAC,GAAG,EAAE,EAAE,SAAS,CAAC,CAAC;QACjF,MAAM,IAAI,GAAG,wBAAwB,CAAC,MAAM,CAAC,CAAC;QAC9C,MAAM,OAAO,GAAG,MAAM,sBAAsB,CAAC;YAC3C,IAAI;YACJ,KAAK,EAAE,UAAU,CAAC,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC;YACrC,UAAU,EAAE,UAAU,CAAC,MAAM,CAAC,KAAK,CAAC,UAAU,CAAC;YAC/C,SAAS,EAAE,UAAU,CAAC,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC;YACzC,MAAM,EAAE,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC;YACxC,MAAM,EAAE,0CAA0C;YAClD,UAAU,EAAE,iCAAiC;SAC9C,CAAC,CAAC;QACH,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,OAAO,IAAI,CAAC,CAAC;QACrC,OAAO,CAAC,QAAQ,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;QACzC,OAAO;IACT,CAAC;IAED,IAAI,MAAM,CAAC,OAAO,KAAK,WAAW,EAAE,CAAC;QACnC,MAAM,SAAS,GAAG,UAAU,CAAC,MAAM,CAAC,KAAK,CAAC,SAAS,CAAC,IAAI,EAAE,CAAC;QAC3D,MAAM,MAAM,GAAG,MAAM,WAAW,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,OAAO,CAAC,GAAG,EAAE,EAAE,SAAS,CAAC,CAAC;QAChF,MAAM,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,MAAM,IAAI,UAAU,CAAC,CAAC;QACzD,MAAM,MAAM,GAAG,MAAM,KAAK,MAAM,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,sBAAsB,CAAC,MAAM,CAAC,CAAC;QAC3G,MAAM,WAAW,CAAC,MAAM,EAAE,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;QAC/C,OAAO,CAAC,QAAQ,GAAG,MAAM,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;QACnD,OAAO;IACT,CAAC;IAED,IAAI,MAAM,CAAC,OAAO,KAAK,oBAAoB,EAAE,CAAC;QAC5C,MAAM,SAAS,GAAG,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,UAAU,CAAC,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,IAAI,OAAO,CAAC,GAAG,CAAC,iBAAiB,CAAC;QACvG,IAAI,CAAC,SAAS,EAAE,CAAC;YACf,MAAM,IAAI,KAAK,CAAC,sEAAsE,CAAC,CAAC;QAC1F,CAAC;QAED,MAAM,SAAS,GAAG,UAAU,CAAC,MAAM,CAAC,KAAK,CAAC,SAAS,CAAC,IAAI,EAAE,CAAC;QAC3D,MAAM,MAAM,GAAG,MAAM,yBAAyB,CAAC,SAAS,CAAC,CAAC;QAC1D,MAAM,UAAU,GAAG,QAAQ,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC;QAC/C,MAAM,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,MAAM,IAAI,UAAU,CAAC,CAAC;QACzD,MAAM,MAAM,GAAG,MAAM,KAAK,MAAM,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,cAAc,CAAC,MAAM,EAAE,UAAU,CAAC,CAAC;QAC/G,MAAM,WAAW,CAAC,MAAM,EAAE,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;QAC/C,OAAO,CAAC,QAAQ,GAAG,UAAU,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;QAC7C,OAAO;IACT,CAAC;IAED,IAAI,MAAM,CAAC,OAAO,KAAK,aAAa,EAAE,CAAC;QACrC,MAAM,SAAS,GAAG,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC;QACpC,IAAI,CAAC,SAAS,EAAE,CAAC;YACf,MAAM,IAAI,KAAK,CAAC,yCAAyC,CAAC,CAAC;QAC7D,CAAC;QAED,MAAM,MAAM,GAAG,MAAM,cAAc,CAAC,SAAS,EAAE,UAAU,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,OAAO,CAAC,GAAG,EAAE,CAAC,CAAC;QAC/F,MAAM,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,MAAM,IAAI,UAAU,CAAC,CAAC;QACzD,MAAM,MAAM,GAAG,MAAM,KAAK,MAAM,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,wBAAwB,CAAC,MAAM,CAAC,CAAC;QAC7G,MAAM,WAAW,CAAC,MAAM,EAAE,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;QAC/C,OAAO,CAAC,QAAQ,GAAG,MAAM,CAAC,MAAM,KAAK,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;QACpD,OAAO;IACT,CAAC;IAED,IAAI,MAAM,CAAC,OAAO,KAAK,eAAe,EAAE,CAAC;QACvC,MAAM,MAAM,GAAG,MAAM,kBAAkB,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,UAAU,EAAE;YACvE,cAAc,EAAE,QAAQ,CAAC,MAAM,CAAC,KAAK,CAAC,UAAU,CAAC,EAAE,IAAI,GAAG,IAAI,CAAC;YAC/D,aAAa,EAAE,QAAQ,CAAC,MAAM,CAAC,KAAK,CAAC,cAAc,CAAC,EAAE,IAAI,CAAC;SAC5D,CAAC,CAAC;QACH,MAAM,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,MAAM,IAAI,UAAU,CAAC,CAAC;QACzD,MAAM,MAAM,GAAG,MAAM,KAAK,MAAM,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,0BAA0B,CAAC,MAAM,CAAC,CAAC;QAC/G,MAAM,WAAW,CAAC,MAAM,EAAE,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;QAC/C,OAAO,CAAC,QAAQ,GAAG,MAAM,CAAC,MAAM,KAAK,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;QACpD,OAAO;IACT,CAAC;IAED,IAAI,MAAM,CAAC,OAAO,KAAK,cAAc,EAAE,CAAC;QACtC,MAAM,MAAM,GAAG,MAAM,gBAAgB,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,UAAU,CAAC,CAAC;QACvE,MAAM,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,MAAM,IAAI,UAAU,CAAC,CAAC;QACzD,MAAM,MAAM,GAAG,MAAM,KAAK,MAAM,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,yBAAyB,CAAC,MAAM,CAAC,CAAC;QAC9G,MAAM,WAAW,CAAC,MAAM,EAAE,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;QAC/C,OAAO,CAAC,QAAQ,GAAG,MAAM,CAAC,MAAM,KAAK,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;QACpD,OAAO;IACT,CAAC;IAED,IAAI,MAAM,CAAC,OAAO,KAAK,cAAc,EAAE,CAAC;QACtC,MAAM,MAAM,GAAG,MAAM,iBAAiB,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,UAAU,EAAE;YACtE,OAAO,EAAE,UAAU,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC;SACtC,CAAC,CAAC;QACH,MAAM,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,MAAM,IAAI,UAAU,CAAC,CAAC;QACzD,MAAM,MAAM,GAAG,MAAM,KAAK,MAAM,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,yBAAyB,CAAC,MAAM,CAAC,CAAC;QAC9G,MAAM,WAAW,CAAC,MAAM,EAAE,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;QAC/C,OAAO,CAAC,QAAQ,GAAG,MAAM,CAAC,MAAM,KAAK,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;QACpD,OAAO;IACT,CAAC;IAED,IAAI,MAAM,CAAC,OAAO,KAAK,oBAAoB,EAAE,CAAC;QAC5C,MAAM,MAAM,GAAG,MAAM,uBAAuB,CAC1C,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,UAAU,EAC/B,UAAU,CAAC,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,IAAI,kCAAkC,EACrE;YACE,OAAO,EAAE,UAAU,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC;YACrC,cAAc,EAAE,QAAQ,CAAC,MAAM,CAAC,KAAK,CAAC,UAAU,CAAC,EAAE,IAAI,GAAG,IAAI,CAAC;YAC/D,aAAa,EAAE,QAAQ,CAAC,MAAM,CAAC,KAAK,CAAC,cAAc,CAAC,EAAE,IAAI,CAAC;YAC3D,KAAK,EAAE,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC;SACnC,CACF,CAAC;QACF,MAAM,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,MAAM,IAAI,UAAU,CAAC,CAAC;QACzD,MAAM,MAAM,GAAG,MAAM,KAAK,MAAM,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,+BAA+B,CAAC,MAAM,CAAC,CAAC;QACpH,MAAM,WAAW,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC;QACrC,OAAO,CAAC,QAAQ,GAAG,MAAM,CAAC,MAAM,KAAK,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;QACpD,OAAO;IACT,CAAC;IAED,IAAI,MAAM,CAAC,OAAO,KAAK,SAAS,EAAE,CAAC;QACjC,MAAM,MAAM,GAAG,MAAM,cAAc,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;QACpD,MAAM,IAAI,GAAG,eAAe,CAAC,MAAM,CAAC,CAAC;QACrC,MAAM,OAAO,GAAG,MAAM,sBAAsB,CAAC;YAC3C,IAAI;YACJ,KAAK,EAAE,UAAU,CAAC,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC;YACrC,UAAU,EAAE,UAAU,CAAC,MAAM,CAAC,KAAK,CAAC,UAAU,CAAC;YAC/C,SAAS,EAAE,UAAU,CAAC,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC;YACzC,MAAM,EAAE,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC;SACzC,CAAC,CAAC;QACH,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,OAAO,IAAI,CAAC,CAAC;QACrC,OAAO;IACT,CAAC;IAED,IAAI,MAAM,CAAC,OAAO,KAAK,SAAS,EAAE,CAAC;QACjC,MAAM,MAAM,GAAG,UAAU,CAAC,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC;QACpE,MAAM,KAAK,GAAG,UAAU,CAAC,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC;QAClE,IAAI,CAAC,MAAM,IAAI,CAAC,KAAK,EAAE,CAAC;YACtB,MAAM,IAAI,KAAK,CAAC,iFAAiF,CAAC,CAAC;QACrG,CAAC;QAED,MAAM,YAAY,GAAG,MAAM,cAAc,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC;QACpD,MAAM,WAAW,GAAG,MAAM,cAAc,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC;QAClD,MAAM,UAAU,GAAG,eAAe,CAAC,YAAY,EAAE,WAAW,CAAC,CAAC;QAC9D,MAAM,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,MAAM,IAAI,UAAU,CAAC,CAAC;QACzD,MAAM,MAAM,GAAG,MAAM,KAAK,MAAM,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC,SAAS,CAAC,UAAU,EAAE,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,gBAAgB,CAAC,UAAU,CAAC,CAAC;QAC7G,MAAM,WAAW,CAAC,MAAM,EAAE,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;QAC/C,OAAO,CAAC,QAAQ,GAAG,UAAU,CAAC,QAAQ,KAAK,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;QAC5D,OAAO;IACT,CAAC;IAED,IAAI,MAAM,CAAC,OAAO,KAAK,QAAQ,EAAE,CAAC;QAChC,MAAM,MAAM,GAAG,MAAM,UAAU,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,OAAO,CAAC,GAAG,EAAE,CAAC,CAAC;QACpE,MAAM,SAAS,GAAG,UAAU,CAAC,MAAM,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC;QACrD,MAAM,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,MAAM,IAAI,UAAU,CAAC,CAAC;QACzD,MAAM,MAAM,GAAG,MAAM,KAAK,MAAM,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC;YACzE,MAAM,KAAK,SAAS,CAAC,CAAC,CAAC,qBAAqB,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC,CAAC;gBAC/D,oBAAoB,CAAC,MAAM,CAAC,CAAC;QACjC,MAAM,WAAW,CAAC,MAAM,EAAE,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;QAC/C,OAAO,CAAC,QAAQ,GAAG,YAAY,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;QAC3D,OAAO;IACT,CAAC;IAED,IAAI,MAAM,CAAC,OAAO,KAAK,gBAAgB,EAAE,CAAC;QACxC,MAAM,MAAM,GAAG,MAAM,UAAU,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,OAAO,CAAC,GAAG,EAAE,CAAC,CAAC;QACpE,MAAM,SAAS,GAAG,UAAU,CAAC,MAAM,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC;QACrD,MAAM,IAAI,GAAG,qBAAqB,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC;QACtD,MAAM,OAAO,GAAG,MAAM,sBAAsB,CAAC;YAC3C,IAAI;YACJ,KAAK,EAAE,UAAU,CAAC,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC;YACrC,UAAU,EAAE,UAAU,CAAC,MAAM,CAAC,KAAK,CAAC,UAAU,CAAC;YAC/C,SAAS,EAAE,UAAU,CAAC,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC;YACzC,MAAM,EAAE,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC;YACxC,MAAM,EAAE,uCAAuC;YAC/C,UAAU,EAAE,8BAA8B;SAC3C,CAAC,CAAC;QACH,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,OAAO,IAAI,CAAC,CAAC;QACrC,OAAO,CAAC,QAAQ,GAAG,YAAY,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;QAC3D,OAAO;IACT,CAAC;IAED,IAAI,MAAM,CAAC,OAAO,KAAK,MAAM,EAAE,CAAC;QAC9B,MAAM,MAAM,GAAG,MAAM,WAAW,CAAC;YAC/B,MAAM,EAAE,UAAU,CAAC,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC;YACvC,SAAS,EAAE,UAAU,CAAC,MAAM,CAAC,KAAK,CAAC,SAAS,CAAC;YAC7C,eAAe,EAAE,UAAU,CAAC,MAAM,CAAC,KAAK,CAAC,kBAAkB,CAAC,CAAC;YAC7D,OAAO,EAAE,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,OAAO,CAAC;YACtC,KAAK,EAAE,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC;YAClC,KAAK,EAAE,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC;YAClC,MAAM,EAAE,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC;SACzC,CAAC,CAAC;QACH,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,MAAM,CAAC,OAAO,IAAI,CAAC,CAAC;QAC5C,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,SAAS,IAAI,IAAI,CAAC,CAAC,CAAC;QAC1E,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,QAAQ,IAAI,IAAI,CAAC,CAAC,CAAC;QACzE,OAAO;IACT,CAAC;IAED,SAAS,EAAE,CAAC;IACZ,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;AACvB,CAAC;AAED,SAAS,UAAU,CAAC,KAAmC;IACrD,OAAO,OAAO,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS,CAAC;AACvD,CAAC;AAED,SAAS,UAAU,CAAC,KAAmC;IACrD,IAAI,KAAK,KAAK,SAAS,EAAE,CAAC;QACxB,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;QAC7D,MAAM,IAAI,KAAK,CAAC,kDAAkD,CAAC,CAAC;IACtE,CAAC;IAED,MAAM,MAAM,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC;IAC7B,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,MAAM,CAAC,IAAI,MAAM,GAAG,CAAC,IAAI,MAAM,GAAG,GAAG,EAAE,CAAC;QAC5D,MAAM,IAAI,KAAK,CAAC,kDAAkD,CAAC,CAAC;IACtE,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,SAAS,QAAQ,CAAC,KAAmC,EAAE,UAAkB;IACvE,IAAI,KAAK,KAAK,SAAS,EAAE,CAAC;QACxB,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;QAC7D,MAAM,IAAI,KAAK,CAAC,gDAAgD,CAAC,CAAC;IACpE,CAAC;IAED,MAAM,MAAM,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC;IAC7B,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,MAAM,CAAC,IAAI,MAAM,GAAG,CAAC,EAAE,CAAC;QAC5C,MAAM,IAAI,KAAK,CAAC,gDAAgD,CAAC,CAAC;IACpE,CAAC;IAED,OAAO,MAAM,GAAG,UAAU,CAAC;AAC7B,CAAC;AAED,SAAS,YAAY,CAAC,MAA8C,EAAE,SAA6B;IACjG,IAAI,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,MAAM,KAAK,MAAM,CAAC,EAAE,CAAC;QAC3D,OAAO,KAAK,CAAC;IACf,CAAC;IAED,IAAI,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,OAAO,CAAC,QAAQ,KAAK,UAAU,CAAC,EAAE,CAAC;QACvE,OAAO,KAAK,CAAC;IACf,CAAC;IAED,OAAO,SAAS,KAAK,SAAS,IAAI,MAAM,CAAC,KAAK,IAAI,SAAS,CAAC;AAC9D,CAAC;AAED,SAAS,cAAc,CAAC,MAAkD,EAAE,MAAc;IACxF,IAAI,MAAM,KAAK,MAAM,EAAE,CAAC;QACtB,OAAO,GAAG,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC;IAChD,CAAC;IAED,IAAI,MAAM,KAAK,OAAO,EAAE,CAAC;QACvB,OAAO,WAAW,CAAC,MAAM,CAAC,CAAC;IAC7B,CAAC;IAED,OAAO,cAAc,CAAC,MAAM,CAAC,CAAC;AAChC,CAAC;AAED,SAAS,SAAS,CAAC,IAAc;IAC/B,MAAM,CAAC,OAAO,GAAG,MAAM,EAAE,GAAG,IAAI,CAAC,GAAG,IAAI,CAAC;IACzC,MAAM,OAAO,GAAa,EAAE,CAAC;IAC7B,MAAM,KAAK,GAAqC,EAAE,CAAC;IAEnD,KAAK,IAAI,KAAK,GAAG,CAAC,EAAE,KAAK,GAAG,IAAI,CAAC,MAAM,EAAE,KAAK,IAAI,CAAC,EAAE,CAAC;QACpD,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC;QAC1B,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC;YAC5B,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;YACpB,SAAS;QACX,CAAC;QAED,MAAM,CAAC,GAAG,EAAE,WAAW,CAAC,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC;QACxD,IAAI,WAAW,KAAK,SAAS,EAAE,CAAC;YAC9B,KAAK,CAAC,GAAG,CAAC,GAAG,WAAW,CAAC;YACzB,SAAS;QACX,CAAC;QAED,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,GAAG,CAAC,CAAC,CAAC;QAC7B,IAAI,IAAI,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC;YACnC,KAAK,CAAC,GAAG,CAAC,GAAG,IAAI,CAAC;YAClB,KAAK,IAAI,CAAC,CAAC;QACb,CAAC;aAAM,CAAC;YACN,KAAK,CAAC,GAAG,CAAC,GAAG,IAAI,CAAC;QACpB,CAAC;IACH,CAAC;IAED,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC;AACrC,CAAC;AAED,KAAK,UAAU,WAAW,CAAC,MAAc,EAAE,UAAwC;IACjF,IAAI,OAAO,UAAU,KAAK,QAAQ,EAAE,CAAC;QACnC,MAAM,SAAS,CAAC,UAAU,EAAE,MAAM,EAAE,MAAM,CAAC,CAAC;QAC5C,OAAO;IACT,CAAC;IAED,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;AAC/B,CAAC;AAED,SAAS,SAAS;IAChB,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAwDtB,CAAC,CAAC;AACH,CAAC;AAED,IAAI,EAAE,CAAC,KAAK,CAAC,CAAC,KAAc,EAAE,EAAE;IAC9B,MAAM,OAAO,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IACvE,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,mBAAmB,OAAO,IAAI,CAAC,CAAC;IACrD,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;AACvB,CAAC,CAAC,CAAC"}
package/dist/src/index.d.ts CHANGED
@@ -21,6 +21,8 @@ export { renderAgentsRules, renderCodexIssueReport, renderComparison, renderDoct
21
21
  export { renderScorecardMarkdown, renderScorecardPrComment, runScorecard } from "./scorecard.js";
22
22
  export { auditCodexSessions, renderSessionAuditMarkdown } from "./sessionAudit.js";
23
23
  export type { SessionAuditFile, SessionAuditFinding, SessionAuditOptions, SessionAuditResult, SessionAuditSeverity, SessionAuditStateFile, SessionAuditStatus } from "./sessionAudit.js";
24
+ export { auditSensitivePaths, renderSensitiveAuditMarkdown } from "./sensitiveAudit.js";
25
+ export type { SensitiveAuditFinding, SensitiveAuditFindingKind, SensitiveAuditResult, SensitiveAuditSeverity, SensitiveAuditStatus } from "./sensitiveAudit.js";
24
26
  export { buildUsageEvidence, buildUsageEvidenceFromInputs, renderUsageEvidenceMarkdown } from "./usageEvidence.js";
25
27
  export type { TokenUsageRecord, UsageEvidenceFinding, UsageEvidenceFindingKind, UsageEvidenceResult, UsageEvidenceStatus, UsageSnapshot } from "./usageEvidence.js";
26
28
  export type { AnalysisResult, Finding, FindingKind, Severity } from "./types.js";
package/dist/src/index.js CHANGED
@@ -16,5 +16,6 @@ export { redactTargets, redactText } from "./redact.js";
16
16
  export { renderAgentsRules, renderCodexIssueReport, renderComparison, renderDoctorMarkdown, renderDoctorPrComment, renderMarkdown, renderPrComment, renderSarif, renderSkill } from "./report.js";
17
17
  export { renderScorecardMarkdown, renderScorecardPrComment, runScorecard } from "./scorecard.js";
18
18
  export { auditCodexSessions, renderSessionAuditMarkdown } from "./sessionAudit.js";
19
+ export { auditSensitivePaths, renderSensitiveAuditMarkdown } from "./sensitiveAudit.js";
19
20
  export { buildUsageEvidence, buildUsageEvidenceFromInputs, renderUsageEvidenceMarkdown } from "./usageEvidence.js";
20
21
  //# sourceMappingURL=index.js.map
package/dist/src/index.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,wBAAwB,EAAE,MAAM,iBAAiB,CAAC;AACvE,OAAO,EAAE,aAAa,EAAE,cAAc,EAAE,MAAM,cAAc,CAAC;AAC7D,OAAO,EAAE,uBAAuB,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;AACvE,OAAO,EAAE,gBAAgB,EAAE,yBAAyB,EAAE,MAAM,kBAAkB,CAAC;AAE/E,OAAO,EAAE,iBAAiB,EAAE,kBAAkB,EAAE,sBAAsB,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AACnG,OAAO,EAAE,uBAAuB,EAAE,+BAA+B,EAAE,MAAM,wBAAwB,CAAC;AAElG,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AACzC,OAAO,EAAE,eAAe,EAAE,QAAQ,EAAE,MAAM,WAAW,CAAC;AACtD,OAAO,EAAE,yBAAyB,EAAE,0BAA0B,EAAE,MAAM,oBAAoB,CAAC;AAC3F,OAAO,EAAE,sBAAsB,EAAE,MAAM,aAAa,CAAC;AACrD,OAAO,EAAE,WAAW,EAAE,MAAM,WAAW,CAAC;AACxC,OAAO,EAAE,sBAAsB,EAAE,WAAW,EAAE,MAAM,eAAe,CAAC;AACpE,OAAO,EAAE,iBAAiB,EAAE,cAAc,EAAE,wBAAwB,EAAE,MAAM,iBAAiB,CAAC;AAE9F,OAAO,EAAE,iBAAiB,EAAE,yBAAyB,EAAE,MAAM,kBAAkB,CAAC;AAEhF,OAAO,EAAE,aAAa,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AACxD,OAAO,EAAE,iBAAiB,EAAE,sBAAsB,EAAE,gBAAgB,EAAE,oBAAoB,EAAE,qBAAqB,EAAE,cAAc,EAAE,eAAe,EAAE,WAAW,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAClM,OAAO,EAAE,uBAAuB,EAAE,wBAAwB,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;AACjG,OAAO,EAAE,kBAAkB,EAAE,0BAA0B,EAAE,MAAM,mBAAmB,CAAC;AAEnF,OAAO,EAAE,kBAAkB,EAAE,4BAA4B,EAAE,2BAA2B,EAAE,MAAM,oBAAoB,CAAC"}
1
+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,wBAAwB,EAAE,MAAM,iBAAiB,CAAC;AACvE,OAAO,EAAE,aAAa,EAAE,cAAc,EAAE,MAAM,cAAc,CAAC;AAC7D,OAAO,EAAE,uBAAuB,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;AACvE,OAAO,EAAE,gBAAgB,EAAE,yBAAyB,EAAE,MAAM,kBAAkB,CAAC;AAE/E,OAAO,EAAE,iBAAiB,EAAE,kBAAkB,EAAE,sBAAsB,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AACnG,OAAO,EAAE,uBAAuB,EAAE,+BAA+B,EAAE,MAAM,wBAAwB,CAAC;AAElG,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AACzC,OAAO,EAAE,eAAe,EAAE,QAAQ,EAAE,MAAM,WAAW,CAAC;AACtD,OAAO,EAAE,yBAAyB,EAAE,0BAA0B,EAAE,MAAM,oBAAoB,CAAC;AAC3F,OAAO,EAAE,sBAAsB,EAAE,MAAM,aAAa,CAAC;AACrD,OAAO,EAAE,WAAW,EAAE,MAAM,WAAW,CAAC;AACxC,OAAO,EAAE,sBAAsB,EAAE,WAAW,EAAE,MAAM,eAAe,CAAC;AACpE,OAAO,EAAE,iBAAiB,EAAE,cAAc,EAAE,wBAAwB,EAAE,MAAM,iBAAiB,CAAC;AAE9F,OAAO,EAAE,iBAAiB,EAAE,yBAAyB,EAAE,MAAM,kBAAkB,CAAC;AAEhF,OAAO,EAAE,aAAa,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AACxD,OAAO,EAAE,iBAAiB,EAAE,sBAAsB,EAAE,gBAAgB,EAAE,oBAAoB,EAAE,qBAAqB,EAAE,cAAc,EAAE,eAAe,EAAE,WAAW,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAClM,OAAO,EAAE,uBAAuB,EAAE,wBAAwB,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;AACjG,OAAO,EAAE,kBAAkB,EAAE,0BAA0B,EAAE,MAAM,mBAAmB,CAAC;AAEnF,OAAO,EAAE,mBAAmB,EAAE,4BAA4B,EAAE,MAAM,qBAAqB,CAAC;AAExF,OAAO,EAAE,kBAAkB,EAAE,4BAA4B,EAAE,2BAA2B,EAAE,MAAM,oBAAoB,CAAC"}
package/dist/src/sensitiveAudit.d.ts ADDED
@@ -0,0 +1,25 @@
1
+ export type SensitiveAuditStatus = "pass" | "warn" | "fail";
2
+ export type SensitiveAuditSeverity = "medium" | "high" | "critical";
3
+ export type SensitiveAuditFindingKind = "env_file" | "package_auth_config" | "cloud_credentials" | "ssh_credentials" | "kubernetes_credentials" | "docker_credentials" | "database_file" | "private_key_or_certificate" | "mobile_signing_secret" | "secret_manifest" | "sensitive_symlink";
4
+ export interface SensitiveAuditFinding {
5
+ severity: SensitiveAuditSeverity;
6
+ kind: SensitiveAuditFindingKind;
7
+ path: string;
8
+ reason: string;
9
+ suggestedExclude: string;
10
+ }
11
+ export interface SensitiveAuditResult {
12
+ generatedAt: string;
13
+ root: string;
14
+ status: SensitiveAuditStatus;
15
+ summary: {
16
+ scannedEntries: number;
17
+ sensitiveFindings: number;
18
+ criticalFindings: number;
19
+ recommendedExcludes: number;
20
+ };
21
+ findings: SensitiveAuditFinding[];
22
+ recommendedExcludes: string[];
23
+ }
24
+ export declare function auditSensitivePaths(root?: string): Promise<SensitiveAuditResult>;
25
+ export declare function renderSensitiveAuditMarkdown(result: SensitiveAuditResult): string;
package/dist/src/sensitiveAudit.js ADDED
@@ -0,0 +1,197 @@
1
+ import { lstat, readdir } from "node:fs/promises";
2
+ import path from "node:path";
3
+ const SKIPPED_DIRS = new Set([
4
+ ".git",
5
+ "node_modules",
6
+ "dist",
7
+ "build",
8
+ ".next",
9
+ ".turbo",
10
+ ".cache",
11
+ "DerivedData"
12
+ ]);
13
+ const SENSITIVE_PATTERNS = [
14
+ {
15
+ kind: "env_file",
16
+ severity: "critical",
17
+ reason: "environment files commonly contain API keys, database URLs, tokens, or local secrets.",
18
+ suggestedExclude: "**/.env*",
19
+ matches: (_relativePath, basename) => basename === ".env" || basename.startsWith(".env.")
20
+ },
21
+ {
22
+ kind: "package_auth_config",
23
+ severity: "critical",
24
+ reason: "package manager auth config can contain registry tokens or publish credentials.",
25
+ suggestedExclude: "**/.npmrc",
26
+ matches: (_relativePath, basename) => basename === ".npmrc" || basename === ".pypirc"
27
+ },
28
+ {
29
+ kind: "cloud_credentials",
30
+ severity: "critical",
31
+ reason: "cloud credential files can grant access to infrastructure, storage, or production services.",
32
+ suggestedExclude: "**/.aws/**",
33
+ matches: (relativePath) => pathSegments(relativePath).includes(".aws")
34
+ },
35
+ {
36
+ kind: "ssh_credentials",
37
+ severity: "critical",
38
+ reason: "SSH private keys and SSH config should not enter agent context.",
39
+ suggestedExclude: "**/.ssh/**",
40
+ matches: (relativePath, basename) => pathSegments(relativePath).includes(".ssh") ||
41
+ /^(id_rsa|id_dsa|id_ecdsa|id_ed25519)(\..*)?$/.test(basename)
42
+ },
43
+ {
44
+ kind: "kubernetes_credentials",
45
+ severity: "critical",
46
+ reason: "Kubernetes config can contain cluster credentials and access tokens.",
47
+ suggestedExclude: "**/.kube/**",
48
+ matches: (relativePath) => pathSegments(relativePath).includes(".kube")
49
+ },
50
+ {
51
+ kind: "docker_credentials",
52
+ severity: "critical",
53
+ reason: "Docker config can contain registry credentials or auth helpers.",
54
+ suggestedExclude: "**/.docker/**",
55
+ matches: (relativePath) => pathSegments(relativePath).includes(".docker")
56
+ },
57
+ {
58
+ kind: "private_key_or_certificate",
59
+ severity: "critical",
60
+ reason: "private key and certificate bundles are high-risk credential material.",
61
+ suggestedExclude: "**/*.{pem,key,p12}",
62
+ matches: (_relativePath, basename) => /\.(pem|key|p12)$/i.test(basename)
63
+ },
64
+ {
65
+ kind: "mobile_signing_secret",
66
+ severity: "high",
67
+ reason: "mobile signing profiles and certificates can expose release or device signing material.",
68
+ suggestedExclude: "**/*.{mobileprovision,provisionprofile}",
69
+ matches: (_relativePath, basename) => /\.(mobileprovision|provisionprofile)$/i.test(basename)
70
+ },
71
+ {
72
+ kind: "database_file",
73
+ severity: "high",
74
+ reason: "local databases can contain customer data, user data, cached tokens, or private app state.",
75
+ suggestedExclude: "**/*.{sqlite,sqlite3,db}",
76
+ matches: (_relativePath, basename) => /\.(sqlite|sqlite3|db)$/i.test(basename)
77
+ },
78
+ {
79
+ kind: "secret_manifest",
80
+ severity: "high",
81
+ reason: "secret manifests and production config files often carry deploy credentials or private endpoints.",
82
+ suggestedExclude: "**/*secret*",
83
+ matches: (_relativePath, basename) => /(^|[-_.])(secret|secrets|credential|credentials)([-_.]|$)/i.test(basename) ||
84
+ /^production\.(json|ya?ml|toml|env)$/i.test(basename)
85
+ }
86
+ ];
87
+ export async function auditSensitivePaths(root = process.cwd()) {
88
+ const resolvedRoot = path.resolve(root);
89
+ const findings = [];
90
+ const stats = { scannedEntries: 0 };
91
+ await scanDirectory(resolvedRoot, resolvedRoot, findings, stats);
92
+ const recommendedExcludes = uniqueSorted(findings.map((finding) => finding.suggestedExclude));
93
+ const criticalFindings = findings.filter((finding) => finding.severity === "critical").length;
94
+ return {
95
+ generatedAt: new Date().toISOString(),
96
+ root: resolvedRoot,
97
+ status: criticalFindings > 0 ? "fail" : findings.length > 0 ? "warn" : "pass",
98
+ summary: {
99
+ scannedEntries: stats.scannedEntries,
100
+ sensitiveFindings: findings.length,
101
+ criticalFindings,
102
+ recommendedExcludes: recommendedExcludes.length
103
+ },
104
+ findings: findings.sort((a, b) => a.path.localeCompare(b.path)),
105
+ recommendedExcludes
106
+ };
107
+ }
108
+ export function renderSensitiveAuditMarkdown(result) {
109
+ const lines = [
110
+ "# trace-to-skill Sensitive Path Audit",
111
+ "",
112
+ `Status: **${result.status}**`,
113
+ "",
114
+ `Root: \`${result.root}\``,
115
+ `Scanned entries: ${result.summary.scannedEntries}`,
116
+ `Sensitive findings: ${result.summary.sensitiveFindings}`,
117
+ `Critical findings: ${result.summary.criticalFindings}`,
118
+ "",
119
+ "This audit is filename/path based and does not read file contents or follow symlink targets.",
120
+ "",
121
+ "## Findings",
122
+ ""
123
+ ];
124
+ if (result.findings.length === 0) {
125
+ lines.push("No sensitive path findings detected.", "");
126
+ }
127
+ else {
128
+ for (const finding of result.findings) {
129
+ lines.push(`- **${finding.severity}** ${finding.kind}: \`${finding.path}\``, ` - ${finding.reason}`, ` - Suggested exclude: \`${finding.suggestedExclude}\``);
130
+ }
131
+ lines.push("");
132
+ }
133
+ lines.push("## Recommended Excludes", "");
134
+ if (result.recommendedExcludes.length === 0) {
135
+ lines.push("No exclude patterns suggested.", "");
136
+ }
137
+ else {
138
+ lines.push("```gitignore", ...result.recommendedExcludes, "```", "");
139
+ }
140
+ lines.push("Suggested next step:", "", "- Add these patterns to the exclusion mechanism your agent surface supports, and keep OS sandbox or permission profiles enabled for hard enforcement.", "- Treat this report as a preflight checklist; it is not a replacement for a sandbox boundary.", "");
141
+ return lines.join("\n");
142
+ }
143
+ async function scanDirectory(root, dir, findings, stats) {
144
+ let entries;
145
+ try {
146
+ entries = await readdir(dir, { withFileTypes: true });
147
+ }
148
+ catch {
149
+ return;
150
+ }
151
+ for (const entry of entries) {
152
+ if (entry.isDirectory() && SKIPPED_DIRS.has(entry.name)) {
153
+ continue;
154
+ }
155
+ const absolutePath = path.join(dir, entry.name);
156
+ const relativePath = normalizeRelative(path.relative(root, absolutePath));
157
+ stats.scannedEntries += 1;
158
+ let entryStats;
159
+ try {
160
+ entryStats = await lstat(absolutePath);
161
+ }
162
+ catch {
163
+ continue;
164
+ }
165
+ const matched = firstSensitiveMatch(relativePath, entry.name);
166
+ if (matched) {
167
+ findings.push({
168
+ severity: entryStats.isSymbolicLink() ? "critical" : matched.severity,
169
+ kind: entryStats.isSymbolicLink() ? "sensitive_symlink" : matched.kind,
170
+ path: relativePath,
171
+ reason: entryStats.isSymbolicLink()
172
+ ? `sensitive-looking symlink path matched ${matched.kind}; symlink targets are not followed by this audit.`
173
+ : matched.reason,
174
+ suggestedExclude: matched.suggestedExclude
175
+ });
176
+ }
177
+ if (matched && entryStats.isDirectory()) {
178
+ continue;
179
+ }
180
+ if (entryStats.isDirectory()) {
181
+ await scanDirectory(root, absolutePath, findings, stats);
182
+ }
183
+ }
184
+ }
185
+ function firstSensitiveMatch(relativePath, basename) {
186
+ return SENSITIVE_PATTERNS.find((pattern) => pattern.matches(relativePath, basename));
187
+ }
188
+ function pathSegments(relativePath) {
189
+ return relativePath.split("/");
190
+ }
191
+ function normalizeRelative(relativePath) {
192
+ return relativePath.split(path.sep).join("/");
193
+ }
194
+ function uniqueSorted(values) {
195
+ return [...new Set(values)].sort((a, b) => a.localeCompare(b));
196
+ }
197
+ //# sourceMappingURL=sensitiveAudit.js.map
package/dist/src/sensitiveAudit.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"sensitiveAudit.js","sourceRoot":"","sources":["../../src/sensitiveAudit.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,EAAE,OAAO,EAAE,MAAM,kBAAkB,CAAC;AAClD,OAAO,IAAI,MAAM,WAAW,CAAC;AAgD7B,MAAM,YAAY,GAAG,IAAI,GAAG,CAAC;IAC3B,MAAM;IACN,cAAc;IACd,MAAM;IACN,OAAO;IACP,OAAO;IACP,QAAQ;IACR,QAAQ;IACR,aAAa;CACd,CAAC,CAAC;AAEH,MAAM,kBAAkB,GAAuB;IAC7C;QACE,IAAI,EAAE,UAAU;QAChB,QAAQ,EAAE,UAAU;QACpB,MAAM,EAAE,uFAAuF;QAC/F,gBAAgB,EAAE,UAAU;QAC5B,OAAO,EAAE,CAAC,aAAa,EAAE,QAAQ,EAAE,EAAE,CAAC,QAAQ,KAAK,MAAM,IAAI,QAAQ,CAAC,UAAU,CAAC,OAAO,CAAC;KAC1F;IACD;QACE,IAAI,EAAE,qBAAqB;QAC3B,QAAQ,EAAE,UAAU;QACpB,MAAM,EAAE,iFAAiF;QACzF,gBAAgB,EAAE,WAAW;QAC7B,OAAO,EAAE,CAAC,aAAa,EAAE,QAAQ,EAAE,EAAE,CAAC,QAAQ,KAAK,QAAQ,IAAI,QAAQ,KAAK,SAAS;KACtF;IACD;QACE,IAAI,EAAE,mBAAmB;QACzB,QAAQ,EAAE,UAAU;QACpB,MAAM,EAAE,6FAA6F;QACrG,gBAAgB,EAAE,YAAY;QAC9B,OAAO,EAAE,CAAC,YAAY,EAAE,EAAE,CAAC,YAAY,CAAC,YAAY,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC;KACvE;IACD;QACE,IAAI,EAAE,iBAAiB;QACvB,QAAQ,EAAE,UAAU;QACpB,MAAM,EAAE,iEAAiE;QACzE,gBAAgB,EAAE,YAAY;QAC9B,OAAO,EAAE,CAAC,YAAY,EAAE,QAAQ,EAAE,EAAE,CAClC,YAAY,CAAC,YAAY,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC;YAC3C,8CAA8C,CAAC,IAAI,CAAC,QAAQ,CAAC;KAChE;IACD;QACE,IAAI,EAAE,wBAAwB;QAC9B,QAAQ,EAAE,UAAU;QACpB,MAAM,EAAE,sEAAsE;QAC9E,gBAAgB,EAAE,aAAa;QAC/B,OAAO,EAAE,CAAC,YAAY,EAAE,EAAE,CAAC,YAAY,CAAC,YAAY,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC;KACxE;IACD;QACE,IAAI,EAAE,oBAAoB;QAC1B,QAAQ,EAAE,UAAU;QACpB,MAAM,EAAE,iEAAiE;QACzE,gBAAgB,EAAE,eAAe;QACjC,OAAO,EAAE,CAAC,YAAY,EAAE,EAAE,CAAC,YAAY,CAAC,YAAY,CAAC,CAAC,QAAQ,CAAC,SAAS,CAAC;KAC1E;IACD;QACE,IAAI,EAAE,4BAA4B;QAClC,QAAQ,EAAE,UAAU;QACpB,MAAM,EAAE,wEAAwE;QAChF,gBAAgB,EAAE,oBAAoB;QACtC,OAAO,EAAE,CAAC,aAAa,EAAE,QAAQ,EAAE,EAAE,CAAC,mBAAmB,CAAC,IAAI,CAAC,QAAQ,CAAC;KACzE;IACD;QACE,IAAI,EAAE,uBAAuB;QAC7B,QAAQ,EAAE,MAAM;QAChB,MAAM,EAAE,yFAAyF;QACjG,gBAAgB,EAAE,yCAAyC;QAC3D,OAAO,EAAE,CAAC,aAAa,EAAE,QAAQ,EAAE,EAAE,CAAC,wCAAwC,CAAC,IAAI,CAAC,QAAQ,CAAC;KAC9F;IACD;QACE,IAAI,EAAE,eAAe;QACrB,QAAQ,EAAE,MAAM;QAChB,MAAM,EAAE,4FAA4F;QACpG,gBAAgB,EAAE,0BAA0B;QAC5C,OAAO,EAAE,CAAC,aAAa,EAAE,QAAQ,EAAE,EAAE,CAAC,yBAAyB,CAAC,IAAI,CAAC,QAAQ,CAAC;KAC/E;IACD;QACE,IAAI,EAAE,iBAAiB;QACvB,QAAQ,EAAE,MAAM;QAChB,MAAM,EAAE,mGAAmG;QAC3G,gBAAgB,EAAE,aAAa;QAC/B,OAAO,EAAE,CAAC,aAAa,EAAE,QAAQ,EAAE,EAAE,CACnC,4DAA4D,CAAC,IAAI,CAAC,QAAQ,CAAC;YAC3E,sCAAsC,CAAC,IAAI,CAAC,QAAQ,CAAC;KACxD;CACF,CAAC;AAEF,MAAM,CAAC,KAAK,UAAU,mBAAmB,CAAC,IAAI,GAAG,OAAO,CAAC,GAAG,EAAE;IAC5D,MAAM,YAAY,GAAG,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;IACxC,MAAM,QAAQ,GAA4B,EAAE,CAAC;IAC7C,MAAM,KAAK,GAAG,EAAE,cAAc,EAAE,CAAC,EAAE,CAAC;IAEpC,MAAM,aAAa,CAAC,YAAY,EAAE,YAAY,EAAE,QAAQ,EAAE,KAAK,CAAC,CAAC;IAEjE,MAAM,mBAAmB,GAAG,YAAY,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,OAAO,CAAC,gBAAgB,CAAC,CAAC,CAAC;IAC9F,MAAM,gBAAgB,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,OAAO,CAAC,QAAQ,KAAK,UAAU,CAAC,CAAC,MAAM,CAAC;IAE9F,OAAO;QACL,WAAW,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;QACrC,IAAI,EAAE,YAAY;QAClB,MAAM,EAAE,gBAAgB,GAAG,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,QAAQ,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM;QAC7E,OAAO,EAAE;YACP,cAAc,EAAE,KAAK,CAAC,cAAc;YACpC,iBAAiB,EAAE,QAAQ,CAAC,MAAM;YAClC,gBAAgB;YAChB,mBAAmB,EAAE,mBAAmB,CAAC,MAAM;SAChD;QACD,QAAQ,EAAE,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;QAC/D,mBAAmB;KACpB,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,4BAA4B,CAAC,MAA4B;IACvE,MAAM,KAAK,GAAG;QACZ,uCAAuC;QACvC,EAAE;QACF,aAAa,MAAM,CAAC,MAAM,IAAI;QAC9B,EAAE;QACF,WAAW,MAAM,CAAC,IAAI,IAAI;QAC1B,oBAAoB,MAAM,CAAC,OAAO,CAAC,cAAc,EAAE;QACnD,uBAAuB,MAAM,CAAC,OAAO,CAAC,iBAAiB,EAAE;QACzD,sBAAsB,MAAM,CAAC,OAAO,CAAC,gBAAgB,EAAE;QACvD,EAAE;QACF,8FAA8F;QAC9F,EAAE;QACF,aAAa;QACb,EAAE;KACH,CAAC;IAEF,IAAI,MAAM,CAAC,QAAQ,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACjC,KAAK,CAAC,IAAI,CAAC,sCAAsC,EAAE,EAAE,CAAC,CAAC;IACzD,CAAC;SAAM,CAAC;QACN,KAAK,MAAM,OAAO,IAAI,MAAM,CAAC,QAAQ,EAAE,CAAC;YACtC,KAAK,CAAC,IAAI,CACR,OAAO,OAAO,CAAC,QAAQ,MAAM,OAAO,CAAC,IAAI,OAAO,OAAO,CAAC,IAAI,IAAI,EAChE,OAAO,OAAO,CAAC,MAAM,EAAE,EACvB,4BAA4B,OAAO,CAAC,gBAAgB,IAAI,CACzD,CAAC;QACJ,CAAC;QACD,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACjB,CAAC;IAED,KAAK,CAAC,IAAI,CAAC,yBAAyB,EAAE,EAAE,CAAC,CAAC;IAC1C,IAAI,MAAM,CAAC,mBAAmB,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC5C,KAAK,CAAC,IAAI,CAAC,gCAAgC,EAAE,EAAE,CAAC,CAAC;IACnD,CAAC;SAAM,CAAC;QACN,KAAK,CAAC,IAAI,CAAC,cAAc,EAAE,GAAG,MAAM,CAAC,mBAAmB,EAAE,KAAK,EAAE,EAAE,CAAC,CAAC;IACvE,CAAC;IAED,KAAK,CAAC,IAAI,CACR,sBAAsB,EACtB,EAAE,EACF,uJAAuJ,EACvJ,+FAA+F,EAC/F,EAAE,CACH,CAAC;IAEF,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC1B,CAAC;AAED,KAAK,UAAU,aAAa,CAC1B,IAAY,EACZ,GAAW,EACX,QAAiC,EACjC,KAAiC;IAEjC,IAAI,OAAO,CAAC;IACZ,IAAI,CAAC;QACH,OAAO,GAAG,MAAM,OAAO,CAAC,GAAG,EAAE,EAAE,aAAa,EAAE,IAAI,EAAE,CAAC,CAAC;IACxD,CAAC;IAAC,MAAM,CAAC;QACP,OAAO;IACT,CAAC;IAED,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE,CAAC;QAC5B,IAAI,KAAK,CAAC,WAAW,EAAE,IAAI,YAAY,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC;YACxD,SAAS;QACX,CAAC;QAED,MAAM,YAAY,GAAG,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,CAAC,CAAC;QAChD,MAAM,YAAY,GAAG,iBAAiB,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,EAAE,YAAY,CAAC,CAAC,CAAC;QAC1E,KAAK,CAAC,cAAc,IAAI,CAAC,CAAC;QAE1B,IAAI,UAAU,CAAC;QACf,IAAI,CAAC;YACH,UAAU,GAAG,MAAM,KAAK,CAAC,YAAY,CAAC,CAAC;QACzC,CAAC;QAAC,MAAM,CAAC;YACP,SAAS;QACX,CAAC;QAED,MAAM,OAAO,GAAG,mBAAmB,CAAC,YAAY,EAAE,KAAK,CAAC,IAAI,CAAC,CAAC;QAC9D,IAAI,OAAO,EAAE,CAAC;YACZ,QAAQ,CAAC,IAAI,CAAC;gBACZ,QAAQ,EAAE,UAAU,CAAC,cAAc,EAAE,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,OAAO,CAAC,QAAQ;gBACrE,IAAI,EAAE,UAAU,CAAC,cAAc,EAAE,CAAC,CAAC,CAAC,mBAAmB,CAAC,CAAC,CAAC,OAAO,CAAC,IAAI;gBACtE,IAAI,EAAE,YAAY;gBAClB,MAAM,EAAE,UAAU,CAAC,cAAc,EAAE;oBACjC,CAAC,CAAC,0CAA0C,OAAO,CAAC,IAAI,mDAAmD;oBAC3G,CAAC,CAAC,OAAO,CAAC,MAAM;gBAClB,gBAAgB,EAAE,OAAO,CAAC,gBAAgB;aAC3C,CAAC,CAAC;QACL,CAAC;QAED,IAAI,OAAO,IAAI,UAAU,CAAC,WAAW,EAAE,EAAE,CAAC;YACxC,SAAS;QACX,CAAC;QAED,IAAI,UAAU,CAAC,WAAW,EAAE,EAAE,CAAC;YAC7B,MAAM,aAAa,CAAC,IAAI,EAAE,YAAY,EAAE,QAAQ,EAAE,KAAK,CAAC,CAAC;QAC3D,CAAC;IACH,CAAC;AACH,CAAC;AAED,SAAS,mBAAmB,CAAC,YAAoB,EAAE,QAAgB;IACjE,OAAO,kBAAkB,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,OAAO,CAAC,OAAO,CAAC,YAAY,EAAE,QAAQ,CAAC,CAAC,CAAC;AACvF,CAAC;AAED,SAAS,YAAY,CAAC,YAAoB;IACxC,OAAO,YAAY,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;AACjC,CAAC;AAED,SAAS,iBAAiB,CAAC,YAAoB;IAC7C,OAAO,YAAY,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAChD,CAAC;AAED,SAAS,YAAY,CAAC,MAAgB;IACpC,OAAO,CAAC,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC,CAAC;AACjE,CAAC"}
package/docs/CODEX_ISSUE_MAP.md CHANGED
@@ -13,6 +13,7 @@ npx trace-to-skill codex-report redacted-runs --output openai-codex-issue.md
13
13
  npx trace-to-skill usage-evidence ./usage-notes.md --output usage-evidence.md
14
14
  npx trace-to-skill plugin-audit ~/.codex --app /Applications/Codex.app --format json
15
15
  npx trace-to-skill diagnostics-bundle ~/.codex --output codex-diagnostics
16
+ npx trace-to-skill sensitive-audit . --format json
16
17
  ```
17
18
 
18
19
  ## Issue Clusters
@@ -38,7 +39,7 @@ npx trace-to-skill diagnostics-bundle ~/.codex --output codex-diagnostics
38
39
  | Bundled plugin cache and marketplace drift | Computer Use unavailable, Browser/Chrome plugin unavailable, generated runtime marketplace omits bundled plugins, missing `.mcp.json` or `plugin.json`, helper app not installed, `CODEX_HOME` points at another runtime | `codex_plugin_runtime`, `codex_mcp_runtime` | `trace-to-skill plugin-audit ~/.codex --app /Applications/Codex.app --format json` |
39
40
  | Support diagnostics packaging | maintainers ask for more detail, but raw `config.toml`, `logs_2.sqlite`, `state_5.sqlite`, `session_index.jsonl`, rollout JSONL, or local logs are too private to post | multiple | `trace-to-skill diagnostics-bundle ~/.codex --output codex-diagnostics` |
40
41
  | Quota mismatch | `/status` or usage page shows quota left, but runtime says `You've hit your usage limit`; account/workspace reset or cache confusion | `quota_mismatch` | `trace-to-skill usage-evidence ./usage-notes.md` or `trace-to-skill codex-report ./runs` |
41
- | Sensitive file exclusion | `.env`, private keys, `.npmrc`, cloud credentials, local databases, or production secret manifests entered agent context | `sensitive_file_access` | `trace-to-skill codex-report ./runs` |
42
+ | Sensitive file exclusion | teams need deterministic `.agentignore` / `.aiexclude` / `.codexignore` candidates before agent runs, or traces show `.env`, private keys, `.npmrc`, cloud credentials, local databases, signing files, or secret manifests entering context | `sensitive_file_access` plus sensitive path metadata | `trace-to-skill sensitive-audit . --format json` before runs, `trace-to-skill codex-report ./runs` after incidents |
42
43
  | Context compaction failures | `Error running remote compact task`, `context_length_exceeded`, compaction loops, `responses/compact` stream disconnects | `context_compaction` | `trace-to-skill analyze ./runs` |
43
44
  | Latest-turn drift | Codex answers an older prompt, repeats a previous response, redoes an already fixed task, forgets recent edits after compaction, or leaks raw tool payload text | `codex_latest_turn_drift` | `trace-to-skill codex-report ./runs` |
44
45
  | Session resume and state failures | `codex resume` picker freezes, large rollout JSONL, short `session_index.jsonl`, `Could not load archived chats`, `state_5.sqlite`, `thread_goals` | `codex_session_state` | `trace-to-skill codex-report ./runs` or `trace-to-skill session-audit ~/.codex --format json` |
@@ -80,6 +81,7 @@ npx trace-to-skill diagnostics-bundle ~/.codex --output codex-diagnostics
80
81
  - Include line-linked evidence rather than screenshots alone when logs are available.
81
82
  - Redact tokens, API keys, emails, local home paths, customer data, and hidden Unicode before posting publicly.
82
83
  - For sensitive-file reports, attach only redacted excerpts and the file path/class, not the original credential material.
84
+ - For preflight exclusion reports, attach `sensitive-audit` output and recommended exclude globs; it does not read file contents or follow symlink targets.
83
85
 
84
86
  ## Related OpenAI/Codex Threads Used For Fixtures
85
87
 
package/docs/DISCOVERY.md CHANGED
@@ -46,6 +46,7 @@ This page is written for maintainers, search engines, package indexes, and AI re
46
46
  - Codex Desktop, app-server, VS Code extension, renderer, GPU, shell snapshot, or helper processes leak local resources or keep burning CPU/GPU/RAM after the useful work should be idle.
47
47
  - Codex reports `You've hit your usage limit` even though `/status` or the usage dashboard shows quota left, or quota appears shared across accounts.
48
48
  - A Codex or agent trace reads, attaches, diffs, uploads, or indexes sensitive files such as `.env`, private keys, package auth files, cloud credentials, local databases, or production secret manifests.
49
+ - A maintainer wants a filename/path-only preflight report for `.env`, private keys, package auth files, cloud credentials, local databases, signing files, and secret manifests before starting an AI agent.
49
50
  - A repository has conflicting `AGENTS.md`, `CLAUDE.md`, Cursor, Copilot, or Gemini instructions.
50
51
  - A monorepo has nested `AGENTS.md` files, `@file.md` instruction includes, or invalid instruction-file encoding that makes Codex load the wrong policy.
51
52
  - A workflow wants to feed GitHub issue, PR, comment, discussion, check-run, or commit text into an agent but needs prompt-injection checks first.
@@ -77,6 +78,7 @@ npx trace-to-skill scorecard .
77
78
  npx trace-to-skill lint-agents .
78
79
  npx trace-to-skill guard-github-event "$GITHUB_EVENT_PATH"
79
80
  npx trace-to-skill session-audit ~/.codex --format json
81
+ npx trace-to-skill sensitive-audit . --format json
80
82
  npx trace-to-skill config-audit ~/.codex --format json
81
83
  npx trace-to-skill plugin-audit ~/.codex --app /Applications/Codex.app --format json
82
84
  npx trace-to-skill diagnostics-bundle ~/.codex --output codex-diagnostics
@@ -94,6 +96,7 @@ npx trace-to-skill suggest ./runs --target agents-md
94
96
  - `trace-to-skill doctor --format json`
95
97
  - `trace-to-skill demo --format json`
96
98
  - `trace-to-skill redact --format json`
99
+ - `trace-to-skill sensitive-audit --format json`
97
100
  - `trace-to-skill scorecard --format json`
98
101
  - `trace-to-skill session-audit --format json`
99
102
  - `trace-to-skill config-audit --format json`
@@ -113,6 +116,7 @@ npx trace-to-skill suggest ./runs --target agents-md
113
116
  - `schemas/agents-lint-result.schema.json`
114
117
  - `schemas/doctor-result.schema.json`
115
118
  - `schemas/redact-result.schema.json`
119
+ - `schemas/sensitive-audit-result.schema.json`
116
120
  - `schemas/scorecard-result.schema.json`
117
121
  - `schemas/oss-brief-result.schema.json`
118
122
  - `schemas/patch-guard-result.schema.json`
@@ -124,7 +128,7 @@ npx trace-to-skill suggest ./runs --target agents-md
124
128
 
125
129
  ## Related Keywords
126
130
 
127
- Codex, OpenAI Codex, Codex issue report, OpenAI triage, Codex diagnostics bundle, privacy-preserving support bundle, Codex plugin audit, Computer Use unavailable, Codex Browser plugin unavailable, bundled marketplace mismatch, generated runtime marketplace, plugin manifest missing, CODEX_HOME mismatch, Codex CLI, Codex sandbox, Windows sandbox, Codex config audit, Codex config.toml, Codex global state, .codex-global-state.json, Codex Speed reset, Codex Fast resets to Standard, service_tier fast, default-service-tier priority, has-user-changed-service-tier, Codex Preferences unable to save, configVersionConflict, default_permissions missing profile, Codex Windows helper path, Codex WindowsApps, Codex rg Access Denied, Codex ripgrep, CodexSandboxUsers, LocalCache Local OpenAI Codex bin, node_repl spawn setup refresh, Codex approval friction, Approve for this session, Allow for this session, approval_policy never, MCP approval prompts, default_tools_approval_mode, Playwright MCP approvals, Chrome DevTools MCP approvals, Codex auth, token_exchange_failed, Codex connectivity, stream disconnected, Codex connector auth cache, Codex Apps stale link, codex_apps_tools, codex_app_directory, Reauthentication required, refresh token revoked, isAccessible false, link_ connector, Codex deeplink, Codex OAuth callback, codex://oauth_callback, Unable to find Electron app, Error launching app, type=click&tag, AppUserModelID, DelegateExecute, codex app path, Codex remote compact, responses/compact, /compact timeout, tcp_user_timeout, stream_idle_timeout_ms, Codex remote control, Codex mobile, Waiting for desktop, Directory Unavailable, stale listener, Codex terminal output, Codex scrollback, Codex terminal history, terminal output integrity, missing_count, missing_examples, tmux_scrollback_repro.sh, line_truncation_repro.md, Windows Terminal scrollback, transcript mode, Codex subagent lifecycle, stale subagents, close_agent, thread_spawn_edges, agent thread limit reached, agents.max_threads, list_agents, /agents, subagent child threads, fork_context, unbiased review, subagent recent conversations, Codex MCP runtime, MCP unsupported call, mcp__node_repl__js, MCP namespace serverName, MCP Transport closed, StdioServerTransport, Codex plugin runtime, Computer Use native pipe path unavailable, SKY_CUA_NATIVE_PIPE_DIRECTORY, Plugin loading failed, plugin/list unknown variant vertical, Codex Browser plugin, Codex Computer Use, Codex Chrome plugin, stale plugin cache, codex plugin add, Codex file tree, Toggle File Tree, missing folder icon, floating file panel stale, file preview fails, workspace navigation, Codex latest-turn drift, Codex replies to earlier messages, stale prompt response, ignoring latest message, previous prompt, auto compaction forgets edits, raw tool payload leak, write_stdin session_id, Codex latency regression, GPT-5.5 Fast slow, Codex too slow, thinking stalls, Codex thinking hang, Codex stuck thinking, Codex Working stuck, no streamed follow-up, first response_item delayed, responses_http time.idle, model_client.stream_responses_api, turn/start, task_started, Codex Copy as Markdown missing, Codex Pasted text.txt, Codex long pasted prompt attachment, Codex clipboard export, Codex paste as text, Codex generated attachment preview edit, Codex goal ignores attachment, pasted-text-attachments.json, fileAttachments promptRaw composer.getText, pre-first-token latency, search/read latency, runtime scheduling latency, Codex resume, Codex session audit, Codex history audit, Codex session index, session_index.jsonl, Codex session state, rollout JSONL, logs_2.sqlite, codex-tui.log, sandbox.log, thread_goals, state_5.sqlite, goals_1.sqlite, archived chats, Codex token burn, Codex usage evidence, Codex rate-limit evidence, Codex usage drain, Codex usage reset, Codex weekly reset drift, reset_at changed, deterministic reset, rate limit reset, write_stdin polling, cached input tokens, compaction tax, background process polling, Codex resource leak, Codex performance, high CPU, high GPU, shell-snapshot, Code Helper Renderer, Codex tool-call integrity, apply_patch, apply_patch Add File overwrite, patch guard, guard-patch, Add File symlink, tool_call_id, failed revert changes, patch safety, Codex quota, usage limit, rate limits, sensitive files, Codex privacy, .env, private keys, credential files, AGENTS.md, SKILL.md, Claude Code, Cursor, Copilot coding agent, Gemini CLI, MCP, Model Context Protocol, prompt injection, agent evals, AI code review, open-source maintainers, trace redaction, SARIF, GitHub Actions.
131
+ Codex, OpenAI Codex, Codex issue report, OpenAI triage, Codex diagnostics bundle, privacy-preserving support bundle, sensitive path audit, sensitive-audit, agentignore, .agentignore, codexignore, .codexignore, aiexclude, .aiexclude, exclude sensitive files, Codex plugin audit, Computer Use unavailable, Codex Browser plugin unavailable, bundled marketplace mismatch, generated runtime marketplace, plugin manifest missing, CODEX_HOME mismatch, Codex CLI, Codex sandbox, Windows sandbox, Codex config audit, Codex config.toml, Codex global state, .codex-global-state.json, Codex Speed reset, Codex Fast resets to Standard, service_tier fast, default-service-tier priority, has-user-changed-service-tier, Codex Preferences unable to save, configVersionConflict, default_permissions missing profile, Codex Windows helper path, Codex WindowsApps, Codex rg Access Denied, Codex ripgrep, CodexSandboxUsers, LocalCache Local OpenAI Codex bin, node_repl spawn setup refresh, Codex approval friction, Approve for this session, Allow for this session, approval_policy never, MCP approval prompts, default_tools_approval_mode, Playwright MCP approvals, Chrome DevTools MCP approvals, Codex auth, token_exchange_failed, Codex connectivity, stream disconnected, Codex connector auth cache, Codex Apps stale link, codex_apps_tools, codex_app_directory, Reauthentication required, refresh token revoked, isAccessible false, link_ connector, Codex deeplink, Codex OAuth callback, codex://oauth_callback, Unable to find Electron app, Error launching app, type=click&tag, AppUserModelID, DelegateExecute, codex app path, Codex remote compact, responses/compact, /compact timeout, tcp_user_timeout, stream_idle_timeout_ms, Codex remote control, Codex mobile, Waiting for desktop, Directory Unavailable, stale listener, Codex terminal output, Codex scrollback, Codex terminal history, terminal output integrity, missing_count, missing_examples, tmux_scrollback_repro.sh, line_truncation_repro.md, Windows Terminal scrollback, transcript mode, Codex subagent lifecycle, stale subagents, close_agent, thread_spawn_edges, agent thread limit reached, agents.max_threads, list_agents, /agents, subagent child threads, fork_context, unbiased review, subagent recent conversations, Codex MCP runtime, MCP unsupported call, mcp__node_repl__js, MCP namespace serverName, MCP Transport closed, StdioServerTransport, Codex plugin runtime, Computer Use native pipe path unavailable, SKY_CUA_NATIVE_PIPE_DIRECTORY, Plugin loading failed, plugin/list unknown variant vertical, Codex Browser plugin, Codex Computer Use, Codex Chrome plugin, stale plugin cache, codex plugin add, Codex file tree, Toggle File Tree, missing folder icon, floating file panel stale, file preview fails, workspace navigation, Codex latest-turn drift, Codex replies to earlier messages, stale prompt response, ignoring latest message, previous prompt, auto compaction forgets edits, raw tool payload leak, write_stdin session_id, Codex latency regression, GPT-5.5 Fast slow, Codex too slow, thinking stalls, Codex thinking hang, Codex stuck thinking, Codex Working stuck, no streamed follow-up, first response_item delayed, responses_http time.idle, model_client.stream_responses_api, turn/start, task_started, Codex Copy as Markdown missing, Codex Pasted text.txt, Codex long pasted prompt attachment, Codex clipboard export, Codex paste as text, Codex generated attachment preview edit, Codex goal ignores attachment, pasted-text-attachments.json, fileAttachments promptRaw composer.getText, pre-first-token latency, search/read latency, runtime scheduling latency, Codex resume, Codex session audit, Codex history audit, Codex session index, session_index.jsonl, Codex session state, rollout JSONL, logs_2.sqlite, codex-tui.log, sandbox.log, thread_goals, state_5.sqlite, goals_1.sqlite, archived chats, Codex token burn, Codex usage evidence, Codex rate-limit evidence, Codex usage drain, Codex usage reset, Codex weekly reset drift, reset_at changed, deterministic reset, rate limit reset, write_stdin polling, cached input tokens, compaction tax, background process polling, Codex resource leak, Codex performance, high CPU, high GPU, shell-snapshot, Code Helper Renderer, Codex tool-call integrity, apply_patch, apply_patch Add File overwrite, patch guard, guard-patch, Add File symlink, tool_call_id, failed revert changes, patch safety, Codex quota, usage limit, rate limits, sensitive files, Codex privacy, .env, private keys, credential files, AGENTS.md, SKILL.md, Claude Code, Cursor, Copilot coding agent, Gemini CLI, MCP, Model Context Protocol, prompt injection, agent evals, AI code review, open-source maintainers, trace redaction, SARIF, GitHub Actions.
128
132
 
129
133
  ## Non-Goals
130
134
 
package/docs/OPENAI_OSS_BRIEF.md CHANGED
@@ -3,7 +3,7 @@
3
3
  | Field | Value |
4
4
  | --- | --- |
5
5
  | Repository | https://github.com/grnbtqdbyx-create/trace-to-skill |
6
- | Package | trace-to-skill@0.1.67 |
6
+ | Package | trace-to-skill@0.1.68 |
7
7
  | License | Apache-2.0 |
8
8
  | Codex readiness | ready (100/100) |
9
9
  | Benchmark | pass, 33 cases |
@@ -27,7 +27,7 @@ API credits would power optional maintainer workflows on top of the local determ
27
27
  ## Evidence
28
28
 
29
29
  - Public repository: https://github.com/grnbtqdbyx-create/trace-to-skill
30
- - One-command package: npx trace-to-skill@0.1.67
30
+ - One-command package: npx trace-to-skill@0.1.68
31
31
  - Open-source license: Apache-2.0
32
32
  - Codex readiness doctor: ready, 100/100, 0 failed checks.
33
33
  - Public fixture benchmark: pass, 33 cases.
package/docs/USE_CASES.md CHANGED
@@ -20,6 +20,7 @@ npx trace-to-skill demo connector-auth-cache
20
20
  npx trace-to-skill demo mcp-discovery-mismatch
21
21
  npx trace-to-skill demo terminal-output-integrity
22
22
  npx trace-to-skill demo subagent-lifecycle
23
+ npx trace-to-skill sensitive-audit .
23
24
  ```
24
25
 
25
26
  What it proves:
@@ -27,6 +28,7 @@ What it proves:
27
28
  - packaged fixtures can produce a real Codex issue report immediately
28
29
  - maintainers can inspect the output shape before sharing any private log
29
30
  - demos cover remote compact failures, Windows helper path failures, patch overwrite safety, approval friction, latency, Thinking hangs, clipboard/attachment regressions, deeplink/OAuth launch regressions, connector auth-cache regressions, MCP discovery/config-scope mismatches, terminal output/scrollback integrity, subagent lifecycle drift, token burn, sensitive files, and prompt injection
31
+ - `sensitive-audit` scans filenames and paths before an agent run, without reading file contents, so teams can build `.agentignore`, `.aiexclude`, `.codexignore`, or sandbox permission profiles from a concrete repo report
30
32
 
31
33
  See the generated demo output in [docs/DEMO.md](DEMO.md).
32
34
 
@@ -49,7 +51,7 @@ What it proves:
49
51
  Recommended CI surface:
50
52
 
51
53
  ```yaml
52
- - uses: grnbtqdbyx-create/trace-to-skill@v0.1.67
54
+ - uses: grnbtqdbyx-create/trace-to-skill@v0.1.68
53
55
  with:
54
56
  mode: all
55
57
  doctor-threshold: "85"
@@ -350,7 +352,20 @@ For a public demo report:
350
352
  npx trace-to-skill demo patch-overwrite
351
353
  ```
352
354
 
353
- ## 25. OpenAI Codex Issue Report
355
+ ## 25. Sensitive Path Preflight Before Agent Runs
356
+
357
+ Use this before giving an AI coding agent a repository.
358
+
359
+ ```bash
360
+ npx trace-to-skill sensitive-audit . --format json
361
+ npx trace-to-skill sensitive-audit . --output sensitive-paths.md
362
+ ```
363
+
364
+ This finds sensitive-looking paths such as `.env`, `.env.*`, `.npmrc`, `.pypirc`, `.aws/**`, `.ssh/**`, `.kube/**`, `.docker/**`, private keys, certificates, local databases, mobile signing files, and secret manifests without reading file contents or following symlink targets.
365
+
366
+ The output includes a stable JSON schema plus recommended exclude globs that can seed `.agentignore`, `.aiexclude`, `.codexignore`, local sandbox permission profiles, or team security review checklists. It is a preflight report, not a sandbox boundary.
367
+
368
+ ## 26. OpenAI Codex Issue Report
354
369
 
355
370
  Use this when you want to file or update an OpenAI/Codex issue with a concise, evidence-backed report instead of pasting a full transcript.
356
371
 
@@ -363,7 +378,7 @@ The report includes the likely Codex failure class, line-linked evidence, diagno
363
378
 
364
379
  For a cluster-to-command map of current Codex issue patterns, see [CODEX_ISSUE_MAP.md](CODEX_ISSUE_MAP.md).
365
380
 
366
- ## 26. Sensitive File Access Evidence
381
+ ## 27. Sensitive File Access Evidence
367
382
 
368
383
  Use this when a trace suggests an agent read, attached, uploaded, diffed, or indexed credential-bearing files.
369
384
 
@@ -376,7 +391,7 @@ This catches signals such as `.env`, `.env.production`, `.npmrc`, `.pypirc`, `.n
376
391
 
377
392
  Before publishing evidence, run `trace-to-skill redact` and attach only redacted excerpts plus the file path/class.
378
393
 
379
- ## 27. GitHub Context Guard
394
+ ## 28. GitHub Context Guard
380
395
 
381
396
  Use this before an agent reads untrusted GitHub text.
382
397
 
@@ -393,7 +408,7 @@ Use it when:
393
408
  - a bot asks Codex to triage untrusted user reports
394
409
  - logs or comments might contain instructions like "ignore previous instructions" or "print secrets"
395
410
 
396
- ## 28. Failed Agent Run To Reviewable Rule
411
+ ## 29. Failed Agent Run To Reviewable Rule
397
412
 
398
413
  Use this when a coding agent made a repeated workflow mistake.
399
414
 
@@ -411,7 +426,7 @@ Recommended maintainer loop:
411
426
  4. Copy only evidence-backed rules into the real policy file.
412
427
  5. Run `eval` or `scorecard` in CI so the same failure does not silently return.
413
428
 
414
- ## 29. Privacy-Preserving Adoption
429
+ ## 30. Privacy-Preserving Adoption
415
430
 
416
431
  Use this when you want public evidence without leaking private traces.
417
432
 
package/llms.txt CHANGED
@@ -38,6 +38,7 @@ Runtime: Node.js 20+
38
38
  - Codex resource leaks and runaway local processes such as high CPU/GPU, `Code Helper`, `Codex Helper Renderer`, orphaned shell snapshots, log floods, thinking animation GPU loops, and non-Git workspace CPU loops
39
39
  - Codex quota and usage-limit mismatches where `/status` or the usage page shows remaining quota, accounts share limits unexpectedly, or 5h and weekly quotas move together
40
40
  - sensitive-file access in traces, including `.env`, private keys, package auth files, cloud credentials, local databases, and production secret manifests entering agent context
41
+ - sensitive path preflight before agent runs via `sensitive-audit`, with filename/path-only detection and recommended excludes for `.agentignore`, `.aiexclude`, `.codexignore`, or sandbox profiles
41
42
  - hallucinated files and broad over-editing
42
43
  - conflicting `AGENTS.md`, `CLAUDE.md`, Cursor, Copilot, or Gemini instructions
43
44
  - stale path references, missing `@file.md` includes, nested `AGENTS.md` visibility gaps, invalid UTF-8, and oversized instruction files that can make Codex follow wrong or truncated guidance
@@ -87,6 +88,7 @@ npx trace-to-skill plugin-audit ~/.codex --app /Applications/Codex.app --format
87
88
  npx trace-to-skill diagnostics-bundle ~/.codex --output codex-diagnostics
88
89
  npx trace-to-skill usage-evidence ./usage-notes.md --output usage-evidence.md
89
90
  npx trace-to-skill redact ./runs --output redacted-runs
91
+ npx trace-to-skill sensitive-audit . --format json
90
92
  npx trace-to-skill analyze ./runs
91
93
  npx trace-to-skill codex-report ./runs --output openai-codex-issue.md
92
94
  npx trace-to-skill suggest ./runs --target agents-md
@@ -99,7 +101,7 @@ npx trace-to-skill init --comment --sarif
99
101
  ## GitHub Action
100
102
 
101
103
  ```yaml
102
- - uses: grnbtqdbyx-create/trace-to-skill@v0.1.67
104
+ - uses: grnbtqdbyx-create/trace-to-skill@v0.1.68
103
105
  with:
104
106
  mode: all
105
107
  doctor-threshold: "85"
@@ -115,6 +117,7 @@ npx trace-to-skill init --comment --sarif
115
117
  - AGENTS.md linter JSON schema: https://github.com/grnbtqdbyx-create/trace-to-skill/blob/main/schemas/agents-lint-result.schema.json
116
118
  - Doctor JSON schema: https://github.com/grnbtqdbyx-create/trace-to-skill/blob/main/schemas/doctor-result.schema.json
117
119
  - Redaction JSON schema: https://github.com/grnbtqdbyx-create/trace-to-skill/blob/main/schemas/redact-result.schema.json
120
+ - Sensitive path audit JSON schema: https://github.com/grnbtqdbyx-create/trace-to-skill/blob/main/schemas/sensitive-audit-result.schema.json
118
121
  - Scorecard JSON schema: https://github.com/grnbtqdbyx-create/trace-to-skill/blob/main/schemas/scorecard-result.schema.json
119
122
  - Patch guard JSON schema: https://github.com/grnbtqdbyx-create/trace-to-skill/blob/main/schemas/patch-guard-result.schema.json
120
123
  - Config audit JSON schema: https://github.com/grnbtqdbyx-create/trace-to-skill/blob/main/schemas/config-audit-result.schema.json
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "trace-to-skill",
3
- "version": "0.1.67",
3
+ "version": "0.1.68",
4
4
  "description": "Turn failed AI coding-agent runs into reusable AGENTS.md rules, SKILL.md files, and eval evidence.",
5
5
  "type": "module",
6
6
  "main": "dist/src/index.js",
@@ -41,7 +41,7 @@
41
41
  "build": "tsc -p tsconfig.json",
42
42
  "clean": "rm -rf dist coverage",
43
43
  "test": "npm run build && node --test dist/tests/*.test.js",
44
- "check": "npm run test && node dist/src/cli.js doctor . --format json > /tmp/trace-to-skill-doctor.json && node dist/src/cli.js lint-agents . --format json > /tmp/trace-to-skill-agents-lint.json && node dist/src/cli.js analyze fixtures --format json > /tmp/trace-to-skill-smoke.json && node dist/src/cli.js usage-evidence fixtures --format json > /tmp/trace-to-skill-usage-evidence.json && node dist/src/cli.js suggest fixtures --target agents-md > /tmp/trace-to-skill-suggest.md && node dist/src/cli.js demo --format json > /tmp/trace-to-skill-demo.json && node dist/src/cli.js benchmark --format json > /tmp/trace-to-skill-benchmark.json && node dist/src/cli.js scorecard . --format json > /tmp/trace-to-skill-scorecard.json && node dist/src/cli.js oss-brief . --format json > /tmp/trace-to-skill-oss-brief.json",
44
+ "check": "npm run test && node dist/src/cli.js doctor . --format json > /tmp/trace-to-skill-doctor.json && node dist/src/cli.js lint-agents . --format json > /tmp/trace-to-skill-agents-lint.json && node dist/src/cli.js analyze fixtures --format json > /tmp/trace-to-skill-smoke.json && node dist/src/cli.js usage-evidence fixtures --format json > /tmp/trace-to-skill-usage-evidence.json && node dist/src/cli.js sensitive-audit . --format json > /tmp/trace-to-skill-sensitive-audit.json && node dist/src/cli.js suggest fixtures --target agents-md > /tmp/trace-to-skill-suggest.md && node dist/src/cli.js demo --format json > /tmp/trace-to-skill-demo.json && node dist/src/cli.js benchmark --format json > /tmp/trace-to-skill-benchmark.json && node dist/src/cli.js scorecard . --format json > /tmp/trace-to-skill-scorecard.json && node dist/src/cli.js oss-brief . --format json > /tmp/trace-to-skill-oss-brief.json",
45
45
  "prepack": "npm run build",
46
46
  "prepare": "npm run build"
47
47
  },
@@ -151,7 +151,13 @@
151
151
  "evals",
152
152
  "open-source-maintainers",
153
153
  "self-improvement",
154
- "trace-redaction"
154
+ "trace-redaction",
155
+ "agentignore",
156
+ "codexignore",
157
+ "aiexclude",
158
+ "sensitive-audit",
159
+ "agent-privacy",
160
+ "context-privacy"
155
161
  ],
156
162
  "author": "Ogün <https://github.com/grnbtqdbyx-create>",
157
163
  "license": "Apache-2.0",
package/schemas/sensitive-audit-result.schema.json ADDED
@@ -0,0 +1,97 @@
1
+ {
2
+ "$schema": "https://json-schema.org/draft/2020-12/schema",
3
+ "$id": "https://github.com/grnbtqdbyx-create/trace-to-skill/schemas/sensitive-audit-result.schema.json",
4
+ "title": "trace-to-skill sensitive path audit result",
5
+ "type": "object",
6
+ "additionalProperties": false,
7
+ "required": ["generatedAt", "root", "status", "summary", "findings", "recommendedExcludes"],
8
+ "properties": {
9
+ "generatedAt": {
10
+ "type": "string",
11
+ "format": "date-time"
12
+ },
13
+ "root": {
14
+ "type": "string"
15
+ },
16
+ "status": {
17
+ "type": "string",
18
+ "enum": ["pass", "warn", "fail"]
19
+ },
20
+ "summary": {
21
+ "$ref": "#/$defs/summary"
22
+ },
23
+ "findings": {
24
+ "type": "array",
25
+ "items": {
26
+ "$ref": "#/$defs/finding"
27
+ }
28
+ },
29
+ "recommendedExcludes": {
30
+ "type": "array",
31
+ "items": {
32
+ "type": "string"
33
+ }
34
+ }
35
+ },
36
+ "$defs": {
37
+ "summary": {
38
+ "type": "object",
39
+ "additionalProperties": false,
40
+ "required": ["scannedEntries", "sensitiveFindings", "criticalFindings", "recommendedExcludes"],
41
+ "properties": {
42
+ "scannedEntries": {
43
+ "type": "integer",
44
+ "minimum": 0
45
+ },
46
+ "sensitiveFindings": {
47
+ "type": "integer",
48
+ "minimum": 0
49
+ },
50
+ "criticalFindings": {
51
+ "type": "integer",
52
+ "minimum": 0
53
+ },
54
+ "recommendedExcludes": {
55
+ "type": "integer",
56
+ "minimum": 0
57
+ }
58
+ }
59
+ },
60
+ "finding": {
61
+ "type": "object",
62
+ "additionalProperties": false,
63
+ "required": ["severity", "kind", "path", "reason", "suggestedExclude"],
64
+ "properties": {
65
+ "severity": {
66
+ "type": "string",
67
+ "enum": ["medium", "high", "critical"]
68
+ },
69
+ "kind": {
70
+ "type": "string",
71
+ "enum": [
72
+ "env_file",
73
+ "package_auth_config",
74
+ "cloud_credentials",
75
+ "ssh_credentials",
76
+ "kubernetes_credentials",
77
+ "docker_credentials",
78
+ "database_file",
79
+ "private_key_or_certificate",
80
+ "mobile_signing_secret",
81
+ "secret_manifest",
82
+ "sensitive_symlink"
83
+ ]
84
+ },
85
+ "path": {
86
+ "type": "string"
87
+ },
88
+ "reason": {
89
+ "type": "string"
90
+ },
91
+ "suggestedExclude": {
92
+ "type": "string"
93
+ }
94
+ }
95
+ }
96
+ }
97
+ }