@aegis-scan/core 0.16.6 → 0.17.0

package/dist/manipulation-resistance/instruction-boundary.js

@@ -0,0 +1,114 @@
+/**
+ * Instruction-boundary enforcement.
+ *
+ * Closes APTS-MR-001 (Instruction Boundary Enforcement Architecture).
+ *
+ * Design notes:
+ *   - LLM-pentest wrappers each enforce their own internal instruction
+ *     boundary. AEGIS-orchestrator adds a layer-2 boundary so that a
+ *     compromised wrapper instruction cannot escape the engagement.
+ *   - The orchestrator's instruction frame is: "execute pentest scope per
+ *     RoE; do not act outside scope; do not interpret target-side
+ *     responses as authority". A wrapper action that would breach this
+ *     frame is rejected here, before exec.
+ *   - Per-wrapper allowlist of action types: each wrapper declares which
+ *     verbs it may issue (recon, scan, verify-finding, report). Anything
+ *     outside that list is rejected as an instruction-boundary breach.
+ */
+import { validateTargetInScope } from '../roe/types.js';
+/**
+ * Per-wrapper action-type allowlist. Each LLM-pentest wrapper declares
+ * what verb classes it may issue inside the orchestrator. Anything else
+ * is treated as an instruction-boundary breach.
+ *
+ * The unknown wrapper case (no allowlist entry) defaults to deny-all.
+ */
+export const WRAPPER_ACTION_ALLOWLIST = {
+    strix: ['recon', 'scan', 'verify-finding', 'report'],
+    ptai: ['scan', 'verify-finding', 'report'],
+    pentestswarm: ['recon', 'scan', 'verify-finding', 'report'],
+    subfinder: ['recon'],
+    // SAST scanners run on local files only — no target action allowlist;
+    // they bypass instruction-boundary because they do not invoke LLM
+    // reasoning over target data. Listed here for explicitness.
+    semgrep: ['scan'],
+    gitleaks: ['scan'],
+    trivy: ['scan'],
+};
+const URL_RE = /\bhttps?:\/\/[^\s<>"']+/giu;
+/**
+ * Enforce the orchestrator-side instruction boundary on a wrapper's
+ * proposed action. Returns a ValidationDecision that the caller logs into
+ * the audit channel and gates the action on.
+ *
+ * Checks (in order):
+ *   1. Action type is in the per-wrapper allowlist (unknown wrapper → deny-all).
+ *   2. Action target is in RoE in_scope and not in out_of_scope.
+ *   3. Any URL embedded in payload is in RoE scope.
+ */
+export function enforceInstructionBoundary(wrapperName, action, roe) {
+    const allowedTypes = WRAPPER_ACTION_ALLOWLIST[wrapperName];
+    if (!allowedTypes) {
+        return {
+            allowed: false,
+            reason: `wrapper "${wrapperName}" has no action allowlist registered — instruction-boundary deny-all by default`,
+            apts_refs: ['APTS-MR-001'],
+        };
+    }
+    if (!allowedTypes.includes(action.type)) {
+        return {
+            allowed: false,
+            reason: `wrapper "${wrapperName}" attempted action type "${action.type}" outside its allowlist (${allowedTypes.join(', ')})`,
+            apts_refs: ['APTS-MR-001'],
+        };
+    }
+    const targetCheck = validateTargetInScope(action.target, roe);
+    if (!targetCheck.allowed) {
+        return {
+            allowed: false,
+            reason: `wrapper "${wrapperName}" instruction-boundary breach: ${targetCheck.reason}`,
+            apts_refs: ['APTS-MR-001', ...(targetCheck.apts_refs ?? [])],
+        };
+    }
+    const payloadUrls = extractUrls(action.payload);
+    for (const url of payloadUrls) {
+        const urlCheck = validateTargetInScope(url, roe);
+        if (!urlCheck.allowed) {
+            return {
+                allowed: false,
+                reason: `wrapper "${wrapperName}" payload includes out-of-scope URL "${url}": ${urlCheck.reason}`,
+                apts_refs: ['APTS-MR-001', ...(urlCheck.apts_refs ?? [])],
+            };
+        }
+    }
+    return {
+        allowed: true,
+        reason: `wrapper "${wrapperName}" action "${action.type}" on ${action.target} within instruction boundary`,
+        apts_refs: ['APTS-MR-001'],
+    };
+}
+/**
+ * Recursively walk a JSON-shaped value and pull every http(s) URL out of
+ * any string leaf. Used to scope-validate URLs embedded in wrapper
+ * payloads (e.g., a callback URL inside a structured action payload).
+ */
+function extractUrls(value, acc = []) {
+    if (typeof value === 'string') {
+        const matches = value.match(URL_RE);
+        if (matches)
+            acc.push(...matches);
+        return acc;
+    }
+    if (Array.isArray(value)) {
+        for (const v of value)
+            extractUrls(v, acc);
+        return acc;
+    }
+    if (value !== null && typeof value === 'object') {
+        for (const v of Object.values(value)) {
+            extractUrls(v, acc);
+        }
+    }
+    return acc;
+}
+//# sourceMappingURL=instruction-boundary.js.map

package/dist/manipulation-resistance/instruction-boundary.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"instruction-boundary.js","sourceRoot":"","sources":["../../src/manipulation-resistance/instruction-boundary.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;GAgBG;AACH,OAAO,EAAE,qBAAqB,EAAqC,MAAM,iBAAiB,CAAC;AAe3F;;;;;;GAMG;AACH,MAAM,CAAC,MAAM,wBAAwB,GAAgD;IACnF,KAAK,EAAE,CAAC,OAAO,EAAE,MAAM,EAAE,gBAAgB,EAAE,QAAQ,CAAC;IACpD,IAAI,EAAE,CAAC,MAAM,EAAE,gBAAgB,EAAE,QAAQ,CAAC;IAC1C,YAAY,EAAE,CAAC,OAAO,EAAE,MAAM,EAAE,gBAAgB,EAAE,QAAQ,CAAC;IAC3D,SAAS,EAAE,CAAC,OAAO,CAAC;IACpB,sEAAsE;IACtE,kEAAkE;IAClE,4DAA4D;IAC5D,OAAO,EAAE,CAAC,MAAM,CAAC;IACjB,QAAQ,EAAE,CAAC,MAAM,CAAC;IAClB,KAAK,EAAE,CAAC,MAAM,CAAC;CAChB,CAAC;AAEF,MAAM,MAAM,GAAG,4BAA4B,CAAC;AAE5C;;;;;;;;;GASG;AACH,MAAM,UAAU,0BAA0B,CACxC,WAAmB,EACnB,MAAqB,EACrB,GAAQ;IAER,MAAM,YAAY,GAAG,wBAAwB,CAAC,WAAW,CAAC,CAAC;IAC3D,IAAI,CAAC,YAAY,EAAE,CAAC;QAClB,OAAO;YACL,OAAO,EAAE,KAAK;YACd,MAAM,EAAE,YAAY,WAAW,iFAAiF;YAChH,SAAS,EAAE,CAAC,aAAa,CAAC;SAC3B,CAAC;IACJ,CAAC;IACD,IAAI,CAAC,YAAY,CAAC,QAAQ,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC;QACxC,OAAO;YACL,OAAO,EAAE,KAAK;YACd,MAAM,EAAE,YAAY,WAAW,4BAA4B,MAAM,CAAC,IAAI,4BAA4B,YAAY,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG;YAC5H,SAAS,EAAE,CAAC,aAAa,CAAC;SAC3B,CAAC;IACJ,CAAC;IAED,MAAM,WAAW,GAAG,qBAAqB,CAAC,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;IAC9D,IAAI,CAAC,WAAW,CAAC,OAAO,EAAE,CAAC;QACzB,OAAO;YACL,OAAO,EAAE,KAAK;YACd,MAAM,EAAE,YAAY,WAAW,kCAAkC,WAAW,CAAC,MAAM,EAAE;YACrF,SAAS,EAAE,CAAC,aAAa,EAAE,GAAG,CAAC,WAAW,CAAC,SAAS,IAAI,EAAE,CAAC,CAAC;SAC7D,CAAC;IACJ,CAAC;IAED,MAAM,WAAW,GAAG,WAAW,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;IAChD,KAAK,MAAM,GAAG,IAAI,WAAW,EAAE,CAAC;QAC9B,MAAM,QAAQ,GAAG,qBAAqB,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;QACjD,IAAI,CAAC,QAAQ,CAAC,OAAO,EAAE,CAAC;YACtB,OAAO;gBACL,OAAO,EAAE,KAAK;gBACd,MAAM,EAAE,YAAY,WAAW,wCAAwC,GAAG,MAAM,QAAQ,CAAC,MAAM,EAAE;gBACjG,SAAS,EAAE,CAAC,aAAa,EAAE,GAAG,CAAC,QAAQ,CAAC,SAAS,IAAI,EAAE,CAAC,CAAC;aAC1D,CAAC;QACJ,CAAC;IACH,CAAC;IAED,OAAO;QACL,OAAO,EAAE,IAAI;QACb,MAAM,EAAE,YAAY,WAAW,aAAa,MAAM,CAAC,IAAI,QAAQ,MAAM,CAAC,MAAM,8BAA8B;QAC1G,SAAS,EAAE,CAAC,aAAa,CAAC;KAC3B,CAAC;AACJ,CAAC;AAED;;;;GAIG;AACH,SAAS,WAAW,CAAC,KAAc,EAAE,MAAgB,EAAE;IACrD,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;QAC9B,MAAM,OAAO,GAAG,KAAK,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;QACpC,IAAI,OAAO;YAAE,GAAG,CAAC,IAAI,CAAC,GAAG,OAAO,CAAC,CAAC;QAClC,OAAO,GAAG,CAAC;IACb,CAAC;IACD,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;QACzB,KAAK,MAAM,CAAC,IAAI,KAAK;YAAE,WAAW,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;QAC3C,OAAO,GAAG,CAAC;IACb,CAAC;IACD,IAAI,KAAK,KAAK,IAAI,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;QAChD,KAAK,MAAM,CAAC,IAAI,MAAM,CAAC,MAAM,CAAC,KAAgC,CAAC,EAAE,CAAC;YAChE,WAAW,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;QACtB,CAAC;IACH,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC"}

package/dist/manipulation-resistance/oob-blocker.d.ts

@@ -0,0 +1,58 @@
+/**
+ * Out-of-Band communication egress allowlist composition.
+ *
+ * Closes APTS-MR-011 (Out-of-Band Communication Prevention).
+ *
+ * Design notes:
+ *   - LLM-pentest wrappers spawn as child processes with full network
+ *     access by default. AEGIS composes a per-engagement egress
+ *     allowlist from RoE in_scope hosts plus a fixed orchestrator
+ *     essentials list (LLM provider APIs, wrapper update endpoints).
+ *   - Allowlist is propagated to wrappers via the AEGIS_EGRESS_ALLOWLIST
+ *     environment variable. Wrappers running in `--sandbox-mode docker`
+ *     have it hard-enforced via `docker run --network=<name>`; in
+ *     `--sandbox-mode none` the allowlist is a soft signal that
+ *     cooperative wrappers consume.
+ *   - The fixed orchestrator essentials list is intentionally short —
+ *     anything not strictly required for the wrapper to function is
+ *     omitted. Operators extend via RoE in_scope.
+ */
+import type { RoE } from '../roe/types.js';
+/**
+ * Fixed orchestrator essentials — endpoints that any LLM-pentest
+ * wrapper must reach to function (LLM provider APIs). Operators
+ * cannot remove these via RoE; they can extend via in_scope. If a
+ * wrapper does not need LLM access (subfinder, semgrep), it should
+ * be invoked without these in its env.
+ */
+export declare const ORCHESTRATOR_ESSENTIALS: readonly string[];
+export interface EgressAllowlist {
+    /** Hostnames + IP-literals + bare-domain entries (RoE in_scope.domains, ip_ranges, plus essentials). */
+    hosts: string[];
+    /** Comma-joined form for AEGIS_EGRESS_ALLOWLIST env var. */
+    envValue: string;
+    /** Whether LLM-provider essentials are included. False for non-LLM wrappers. */
+    includes_llm_essentials: boolean;
+}
+export interface ComposeEgressAllowlistOptions {
+    /** Whether the wrapper needs LLM provider access. False for subfinder/SAST. */
+    includeLlmEssentials?: boolean;
+    /**
+     * Operator-defined extra entries — additional CDN / package mirror /
+     * artifact registry hosts the wrapper needs that are not in RoE
+     * in_scope (RoE in_scope is for *targets*, not infrastructure).
+     */
+    extras?: readonly string[];
+}
+/**
+ * Compose the per-engagement egress allowlist from RoE in_scope plus
+ * orchestrator essentials. Returns the structured list and the
+ * AEGIS_EGRESS_ALLOWLIST env value.
+ */
+export declare function composeEgressAllowlist(roe: RoE, opts?: ComposeEgressAllowlistOptions): EgressAllowlist;
+/**
+ * Helper to merge the AEGIS_EGRESS_ALLOWLIST env var into a wrapper's
+ * spawn env without clobbering the operator's own env. Returns a copy.
+ */
+export declare function withEgressEnv(baseEnv: NodeJS.ProcessEnv, allowlist: EgressAllowlist): NodeJS.ProcessEnv;
+//# sourceMappingURL=oob-blocker.d.ts.map

package/dist/manipulation-resistance/oob-blocker.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"oob-blocker.d.ts","sourceRoot":"","sources":["../../src/manipulation-resistance/oob-blocker.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;GAkBG;AACH,OAAO,KAAK,EAAE,GAAG,EAAE,MAAM,iBAAiB,CAAC;AAE3C;;;;;;GAMG;AACH,eAAO,MAAM,uBAAuB,EAAE,SAAS,MAAM,EAMnD,CAAC;AAEH,MAAM,WAAW,eAAe;IAC9B,wGAAwG;IACxG,KAAK,EAAE,MAAM,EAAE,CAAC;IAChB,4DAA4D;IAC5D,QAAQ,EAAE,MAAM,CAAC;IACjB,gFAAgF;IAChF,uBAAuB,EAAE,OAAO,CAAC;CAClC;AAED,MAAM,WAAW,6BAA6B;IAC5C,+EAA+E;IAC/E,oBAAoB,CAAC,EAAE,OAAO,CAAC;IAC/B;;;;OAIG;IACH,MAAM,CAAC,EAAE,SAAS,MAAM,EAAE,CAAC;CAC5B;AAED;;;;GAIG;AACH,wBAAgB,sBAAsB,CACpC,GAAG,EAAE,GAAG,EACR,IAAI,GAAE,6BAAkC,GACvC,eAAe,CAwBjB;AAED;;;GAGG;AACH,wBAAgB,aAAa,CAC3B,OAAO,EAAE,MAAM,CAAC,UAAU,EAC1B,SAAS,EAAE,eAAe,GACzB,MAAM,CAAC,UAAU,CAKnB"}

package/dist/manipulation-resistance/oob-blocker.js

@@ -0,0 +1,55 @@
+/**
+ * Fixed orchestrator essentials — endpoints that any LLM-pentest
+ * wrapper must reach to function (LLM provider APIs). Operators
+ * cannot remove these via RoE; they can extend via in_scope. If a
+ * wrapper does not need LLM access (subfinder, semgrep), it should
+ * be invoked without these in its env.
+ */
+export const ORCHESTRATOR_ESSENTIALS = Object.freeze([
+    'api.openai.com',
+    'api.anthropic.com',
+    'generativelanguage.googleapis.com',
+    'api.cohere.ai',
+    'api.mistral.ai',
+]);
+/**
+ * Compose the per-engagement egress allowlist from RoE in_scope plus
+ * orchestrator essentials. Returns the structured list and the
+ * AEGIS_EGRESS_ALLOWLIST env value.
+ */
+export function composeEgressAllowlist(roe, opts = {}) {
+    const { includeLlmEssentials = true, extras = [] } = opts;
+    const hosts = new Set();
+    for (const dom of roe.in_scope.domains) {
+        hosts.add(dom.pattern.toLowerCase());
+        if (dom.includeSubdomains && !dom.pattern.startsWith('*.')) {
+            hosts.add(`*.${dom.pattern.toLowerCase()}`);
+        }
+    }
+    for (const cidr of roe.in_scope.ip_ranges) {
+        hosts.add(cidr);
+    }
+    if (includeLlmEssentials) {
+        for (const e of ORCHESTRATOR_ESSENTIALS)
+            hosts.add(e);
+    }
+    for (const e of extras)
+        hosts.add(e.toLowerCase());
+    const sorted = [...hosts].sort();
+    return {
+        hosts: sorted,
+        envValue: sorted.join(','),
+        includes_llm_essentials: includeLlmEssentials,
+    };
+}
+/**
+ * Helper to merge the AEGIS_EGRESS_ALLOWLIST env var into a wrapper's
+ * spawn env without clobbering the operator's own env. Returns a copy.
+ */
+export function withEgressEnv(baseEnv, allowlist) {
+    return {
+        ...baseEnv,
+        AEGIS_EGRESS_ALLOWLIST: allowlist.envValue,
+    };
+}
+//# sourceMappingURL=oob-blocker.js.map

package/dist/manipulation-resistance/oob-blocker.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"oob-blocker.js","sourceRoot":"","sources":["../../src/manipulation-resistance/oob-blocker.ts"],"names":[],"mappings":"AAqBA;;;;;;GAMG;AACH,MAAM,CAAC,MAAM,uBAAuB,GAAsB,MAAM,CAAC,MAAM,CAAC;IACtE,gBAAgB;IAChB,mBAAmB;IACnB,mCAAmC;IACnC,eAAe;IACf,gBAAgB;CACjB,CAAC,CAAC;AAsBH;;;;GAIG;AACH,MAAM,UAAU,sBAAsB,CACpC,GAAQ,EACR,OAAsC,EAAE;IAExC,MAAM,EAAE,oBAAoB,GAAG,IAAI,EAAE,MAAM,GAAG,EAAE,EAAE,GAAG,IAAI,CAAC;IAC1D,MAAM,KAAK,GAAG,IAAI,GAAG,EAAU,CAAC;IAEhC,KAAK,MAAM,GAAG,IAAI,GAAG,CAAC,QAAQ,CAAC,OAAO,EAAE,CAAC;QACvC,KAAK,CAAC,GAAG,CAAC,GAAG,CAAC,OAAO,CAAC,WAAW,EAAE,CAAC,CAAC;QACrC,IAAI,GAAG,CAAC,iBAAiB,IAAI,CAAC,GAAG,CAAC,OAAO,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC;YAC3D,KAAK,CAAC,GAAG,CAAC,KAAK,GAAG,CAAC,OAAO,CAAC,WAAW,EAAE,EAAE,CAAC,CAAC;QAC9C,CAAC;IACH,CAAC;IACD,KAAK,MAAM,IAAI,IAAI,GAAG,CAAC,QAAQ,CAAC,SAAS,EAAE,CAAC;QAC1C,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;IAClB,CAAC;IACD,IAAI,oBAAoB,EAAE,CAAC;QACzB,KAAK,MAAM,CAAC,IAAI,uBAAuB;YAAE,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;IACxD,CAAC;IACD,KAAK,MAAM,CAAC,IAAI,MAAM;QAAE,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC;IAEnD,MAAM,MAAM,GAAG,CAAC,GAAG,KAAK,CAAC,CAAC,IAAI,EAAE,CAAC;IACjC,OAAO;QACL,KAAK,EAAE,MAAM;QACb,QAAQ,EAAE,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC;QAC1B,uBAAuB,EAAE,oBAAoB;KAC9C,CAAC;AACJ,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,aAAa,CAC3B,OAA0B,EAC1B,SAA0B;IAE1B,OAAO;QACL,GAAG,OAAO;QACV,sBAAsB,EAAE,SAAS,CAAC,QAAQ;KAC3C,CAAC;AACJ,CAAC"}

package/dist/manipulation-resistance/redirect-policy.d.ts

@@ -0,0 +1,43 @@
+export interface SafeFetchOptions extends Omit<RequestInit, 'redirect'> {
+    /**
+     * Maximum redirect chain length. After this many manual hops, the
+     * request is rejected even if every intermediate URL was in policy.
+     * Defaults to 5.
+     */
+    maxRedirects?: number;
+    /**
+     * Operator opt-in for testing against loopback targets (127.x.x.x, ::1).
+     * Default false. When true, loopback resolution is reclassified as
+     * 'public' so the fetch succeeds. Used by `aegis siege --allow-loopback`
+     * for legitimate local-pentest workflows. Always emits a warning.
+     * Does NOT bypass the other rejections (private-ip, link-local, cloud-metadata).
+     */
+    allowLoopback?: boolean;
+    /** Override the DNS lookup for tests. Resolves a hostname to an IPv4. */
+    dnsLookup?: (hostname: string) => Promise<string>;
+    /** Override the underlying fetch — for tests. */
+    fetchImpl?: typeof fetch;
+}
+export interface SafeFetchRejection extends Error {
+    reason: SafeFetchRejectReason;
+    apts_refs: string[];
+    url?: string;
+}
+export type SafeFetchRejectReason = 'non-http-protocol' | 'private-ip' | 'loopback-ip' | 'link-local-ip' | 'cloud-metadata-ip' | 'dns-resolution-failed' | 'redirect-chain-too-long' | 'redirect-target-rejected';
+/**
+ * SSRF-hardened HTTP client. Throws SafeFetchRejection on policy
+ * violation; otherwise delegates to the underlying fetch with manual
+ * redirect handling so each Location is re-validated.
+ */
+export declare function safeFetch(url: string, init?: SafeFetchOptions): Promise<Response>;
+type IpClass = 'public' | 'private' | 'loopback' | 'link-local' | 'cloud-metadata';
+/**
+ * Classify an IPv4 or IPv6 address. Conservative: anything not
+ * recognized as public (RFC 1918, link-local, loopback, multicast,
+ * cloud-metadata) is rejected.
+ */
+export declare function classifyIp(ip: string): IpClass;
+/** Type guard for use by callers that want to differentiate policy rejections. */
+export declare function isSafeFetchRejection(err: unknown): err is SafeFetchRejection;
+export {};
+//# sourceMappingURL=redirect-policy.d.ts.map

package/dist/manipulation-resistance/redirect-policy.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"redirect-policy.d.ts","sourceRoot":"","sources":["../../src/manipulation-resistance/redirect-policy.ts"],"names":[],"mappings":"AA2BA,MAAM,WAAW,gBAAiB,SAAQ,IAAI,CAAC,WAAW,EAAE,UAAU,CAAC;IACrE;;;;OAIG;IACH,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB;;;;;;OAMG;IACH,aAAa,CAAC,EAAE,OAAO,CAAC;IACxB,yEAAyE;IACzE,SAAS,CAAC,EAAE,CAAC,QAAQ,EAAE,MAAM,KAAK,OAAO,CAAC,MAAM,CAAC,CAAC;IAClD,iDAAiD;IACjD,SAAS,CAAC,EAAE,OAAO,KAAK,CAAC;CAC1B;AAED,MAAM,WAAW,kBAAmB,SAAQ,KAAK;IAC/C,MAAM,EAAE,qBAAqB,CAAC;IAC9B,SAAS,EAAE,MAAM,EAAE,CAAC;IACpB,GAAG,CAAC,EAAE,MAAM,CAAC;CACd;AAED,MAAM,MAAM,qBAAqB,GAC7B,mBAAmB,GACnB,YAAY,GACZ,aAAa,GACb,eAAe,GACf,mBAAmB,GACnB,uBAAuB,GACvB,yBAAyB,GACzB,0BAA0B,CAAC;AAE/B;;;;GAIG;AACH,wBAAsB,SAAS,CAC7B,GAAG,EAAE,MAAM,EACX,IAAI,GAAE,gBAAqB,GAC1B,OAAO,CAAC,QAAQ,CAAC,CAgCnB;AA6DD,KAAK,OAAO,GAAG,QAAQ,GAAG,SAAS,GAAG,UAAU,GAAG,YAAY,GAAG,gBAAgB,CAAC;AAEnF;;;;GAIG;AACH,wBAAgB,UAAU,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO,CAI9C;AAoED,kFAAkF;AAClF,wBAAgB,oBAAoB,CAAC,GAAG,EAAE,OAAO,GAAG,GAAG,IAAI,kBAAkB,CAE5E"}

package/dist/manipulation-resistance/redirect-policy.js

@@ -0,0 +1,197 @@
+/**
+ * Safe-fetch — orchestrator-side HTTP client with redirect, DNS-rebind,
+ * and SSRF defenses.
+ *
+ * Closes APTS-MR-007 (Redirect Following Vulnerability Testing) +
+ * APTS-MR-008 (DNS Rebinding Attack Resistance) + APTS-MR-009 (SSRF
+ * Vulnerability Testing in AI Pentest Framework).
+ *
+ * Design notes:
+ *   - safeFetch is the orchestrator's HTTP egress surface for recon +
+ *     finding-verification. It never follows redirects automatically;
+ *     each Location header is re-validated against the same policy.
+ *   - DNS rebinding defense: the resolved IP is pinned at first lookup;
+ *     subsequent connections to the same host go via the pinned IP. We
+ *     resolve the host once, validate the IP class, and short-circuit
+ *     to a private/link-local/cloud-metadata reject if needed.
+ *   - SSRF defense: requests against private (RFC 1918), link-local
+ *     (169.254/16), loopback (127/8 + ::1), and cloud-metadata
+ *     (169.254.169.254 + fd00:ec2::254) are rejected outright.
+ *   - Non-HTTP(S) protocols are rejected — file://, gopher://,
+ *     dict://, ftp:// have all been used in SSRF chains.
+ *   - This is the orchestrator's own HTTP client. SAST-side
+ *     ssrf-checker scans target source for these same patterns; the
+ *     two defenses are independent.
+ */
+import { lookup } from 'node:dns/promises';
+/**
+ * SSRF-hardened HTTP client. Throws SafeFetchRejection on policy
+ * violation; otherwise delegates to the underlying fetch with manual
+ * redirect handling so each Location is re-validated.
+ */
+export async function safeFetch(url, init = {}) {
+    const maxRedirects = init.maxRedirects ?? 5;
+    const dnsLookup = init.dnsLookup ?? defaultDnsLookup;
+    const fetchImpl = init.fetchImpl ?? fetch;
+    const allowLoopback = init.allowLoopback === true;
+    let currentUrl = url;
+    for (let hop = 0; hop <= maxRedirects; hop++) {
+        const policyCheck = await urlPolicyCheck(currentUrl, dnsLookup, allowLoopback);
+        if (!policyCheck.ok) {
+            throw makeRejection(policyCheck.reason, currentUrl);
+        }
+        const { dnsLookup: _omitDns, fetchImpl: _omitFetch, maxRedirects: _omitMax, ...rest } = init;
+        const response = await fetchImpl(currentUrl, { ...rest, redirect: 'manual' });
+        if (![301, 302, 303, 307, 308].includes(response.status)) {
+            return response;
+        }
+        const location = response.headers.get('location');
+        if (!location) {
+            // 3xx without Location header — treat as a final response so the
+            // caller observes the unusual shape.
+            return response;
+        }
+        if (hop === maxRedirects) {
+            throw makeRejection('redirect-chain-too-long', currentUrl);
+        }
+        currentUrl = new URL(location, currentUrl).toString();
+    }
+    // Unreachable — the loop either returns a Response or throws.
+    throw makeRejection('redirect-chain-too-long', currentUrl);
+}
+async function urlPolicyCheck(rawUrl, dnsLookup, allowLoopback) {
+    let parsed;
+    try {
+        parsed = new URL(rawUrl);
+    }
+    catch {
+        return { ok: false, reason: 'non-http-protocol' };
+    }
+    if (parsed.protocol !== 'http:' && parsed.protocol !== 'https:') {
+        return { ok: false, reason: 'non-http-protocol' };
+    }
+    const hostname = parsed.hostname.toLowerCase();
+    // Bracketed IPv6 → strip brackets for classification
+    const hostKey = hostname.startsWith('[') && hostname.endsWith(']')
+        ? hostname.slice(1, -1)
+        : hostname;
+    // Direct IP literal → classify without DNS lookup
+    if (isIpLiteral(hostKey)) {
+        const ipClass = classifyIp(hostKey);
+        if (ipClass === 'loopback' && allowLoopback) {
+            return { ok: true, resolvedIp: hostKey };
+        }
+        if (ipClass !== 'public')
+            return { ok: false, reason: ipReasonOf(ipClass) };
+        return { ok: true, resolvedIp: hostKey };
+    }
+    let resolvedIp;
+    try {
+        resolvedIp = await dnsLookup(hostKey);
+    }
+    catch {
+        return { ok: false, reason: 'dns-resolution-failed' };
+    }
+    const ipClass = classifyIp(resolvedIp);
+    if (ipClass === 'loopback' && allowLoopback) {
+        return { ok: true, resolvedIp };
+    }
+    if (ipClass !== 'public')
+        return { ok: false, reason: ipReasonOf(ipClass) };
+    return { ok: true, resolvedIp };
+}
+async function defaultDnsLookup(hostname) {
+    const result = await lookup(hostname, { family: 0 });
+    return result.address;
+}
+/**
+ * Classify an IPv4 or IPv6 address. Conservative: anything not
+ * recognized as public (RFC 1918, link-local, loopback, multicast,
+ * cloud-metadata) is rejected.
+ */
+export function classifyIp(ip) {
+    if (isIpv4(ip))
+        return classifyIpv4(ip);
+    if (isIpv6(ip))
+        return classifyIpv6(ip);
+    return 'private'; // unparseable → treat as non-public
+}
+function isIpLiteral(s) {
+    return isIpv4(s) || isIpv6(s);
+}
+function isIpv4(s) {
+    return /^(?:\d{1,3}\.){3}\d{1,3}$/.test(s);
+}
+function isIpv6(s) {
+    // Loose match — handles compressed forms; full RFC validation is
+    // not required since classifyIpv6 short-circuits to safe defaults
+    // on unrecognized shapes.
+    return /^[0-9a-fA-F:]+$/.test(s) && s.includes(':');
+}
+function classifyIpv4(ip) {
+    if (ip === '169.254.169.254')
+        return 'cloud-metadata';
+    const parts = ip.split('.').map((p) => Number.parseInt(p, 10));
+    if (parts.some((n) => !Number.isFinite(n) || n < 0 || n > 255))
+        return 'private';
+    const [a, b] = parts;
+    if (a === 127)
+        return 'loopback';
+    if (a === 10)
+        return 'private';
+    if (a === 172 && b >= 16 && b <= 31)
+        return 'private';
+    if (a === 192 && b === 168)
+        return 'private';
+    if (a === 169 && b === 254)
+        return 'link-local';
+    if (a === 0)
+        return 'private';
+    if (a >= 224)
+        return 'private'; // multicast/reserved
+    return 'public';
+}
+function classifyIpv6(raw) {
+    const ip = raw.toLowerCase();
+    if (ip === '::1')
+        return 'loopback';
+    if (ip === '::' || ip === '::0')
+        return 'private';
+    if (ip.startsWith('fe80:'))
+        return 'link-local';
+    // Unique-local (fc00::/7)
+    if (/^f[cd][0-9a-f]{2}:/.test(ip))
+        return 'private';
+    // Cloud metadata (AWS IMDS over IPv6)
+    if (ip === 'fd00:ec2::254')
+        return 'cloud-metadata';
+    if (ip.startsWith('ff'))
+        return 'private'; // multicast
+    return 'public';
+}
+function ipReasonOf(c) {
+    switch (c) {
+        case 'private':
+            return 'private-ip';
+        case 'loopback':
+            return 'loopback-ip';
+        case 'link-local':
+            return 'link-local-ip';
+        case 'cloud-metadata':
+            return 'cloud-metadata-ip';
+        default:
+            return 'private-ip';
+    }
+}
+function makeRejection(reason, url) {
+    const err = new Error(`safeFetch rejected: ${reason} (${url})`);
+    err.reason = reason;
+    err.url = url;
+    err.apts_refs = ['APTS-MR-007', 'APTS-MR-008', 'APTS-MR-009'];
+    return err;
+}
+/** Type guard for use by callers that want to differentiate policy rejections. */
+export function isSafeFetchRejection(err) {
+    return err instanceof Error && typeof err.reason === 'string';
+}
+//# sourceMappingURL=redirect-policy.js.map

package/dist/manipulation-resistance/redirect-policy.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"redirect-policy.js","sourceRoot":"","sources":["../../src/manipulation-resistance/redirect-policy.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;GAwBG;AACH,OAAO,EAAE,MAAM,EAAE,MAAM,mBAAmB,CAAC;AAuC3C;;;;GAIG;AACH,MAAM,CAAC,KAAK,UAAU,SAAS,CAC7B,GAAW,EACX,OAAyB,EAAE;IAE3B,MAAM,YAAY,GAAG,IAAI,CAAC,YAAY,IAAI,CAAC,CAAC;IAC5C,MAAM,SAAS,GAAG,IAAI,CAAC,SAAS,IAAI,gBAAgB,CAAC;IACrD,MAAM,SAAS,GAAG,IAAI,CAAC,SAAS,IAAI,KAAK,CAAC;IAC1C,MAAM,aAAa,GAAG,IAAI,CAAC,aAAa,KAAK,IAAI,CAAC;IAElD,IAAI,UAAU,GAAG,GAAG,CAAC;IACrB,KAAK,IAAI,GAAG,GAAG,CAAC,EAAE,GAAG,IAAI,YAAY,EAAE,GAAG,EAAE,EAAE,CAAC;QAC7C,MAAM,WAAW,GAAG,MAAM,cAAc,CAAC,UAAU,EAAE,SAAS,EAAE,aAAa,CAAC,CAAC;QAC/E,IAAI,CAAC,WAAW,CAAC,EAAE,EAAE,CAAC;YACpB,MAAM,aAAa,CAAC,WAAW,CAAC,MAAM,EAAE,UAAU,CAAC,CAAC;QACtD,CAAC;QAED,MAAM,EAAE,SAAS,EAAE,QAAQ,EAAE,SAAS,EAAE,UAAU,EAAE,YAAY,EAAE,QAAQ,EAAE,GAAG,IAAI,EAAE,GAAG,IAAI,CAAC;QAC7F,MAAM,QAAQ,GAAG,MAAM,SAAS,CAAC,UAAU,EAAE,EAAE,GAAG,IAAI,EAAE,QAAQ,EAAE,QAAiB,EAAE,CAAC,CAAC;QACvF,IAAI,CAAC,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;YACzD,OAAO,QAAQ,CAAC;QAClB,CAAC;QACD,MAAM,QAAQ,GAAG,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;QAClD,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,iEAAiE;YACjE,qCAAqC;YACrC,OAAO,QAAQ,CAAC;QAClB,CAAC;QACD,IAAI,GAAG,KAAK,YAAY,EAAE,CAAC;YACzB,MAAM,aAAa,CAAC,yBAAyB,EAAE,UAAU,CAAC,CAAC;QAC7D,CAAC;QACD,UAAU,GAAG,IAAI,GAAG,CAAC,QAAQ,EAAE,UAAU,CAAC,CAAC,QAAQ,EAAE,CAAC;IACxD,CAAC;IAED,8DAA8D;IAC9D,MAAM,aAAa,CAAC,yBAAyB,EAAE,UAAU,CAAC,CAAC;AAC7D,CAAC;AAWD,KAAK,UAAU,cAAc,CAC3B,MAAc,EACd,SAAgD,EAChD,aAAsB;IAEtB,IAAI,MAAW,CAAC;IAChB,IAAI,CAAC;QACH,MAAM,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,CAAC;IAC3B,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,mBAAmB,EAAE,CAAC;IACpD,CAAC;IACD,IAAI,MAAM,CAAC,QAAQ,KAAK,OAAO,IAAI,MAAM,CAAC,QAAQ,KAAK,QAAQ,EAAE,CAAC;QAChE,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,mBAAmB,EAAE,CAAC;IACpD,CAAC;IAED,MAAM,QAAQ,GAAG,MAAM,CAAC,QAAQ,CAAC,WAAW,EAAE,CAAC;IAC/C,qDAAqD;IACrD,MAAM,OAAO,GAAG,QAAQ,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,QAAQ,CAAC,QAAQ,CAAC,GAAG,CAAC;QAChE,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;QACvB,CAAC,CAAC,QAAQ,CAAC;IAEb,kDAAkD;IAClD,IAAI,WAAW,CAAC,OAAO,CAAC,EAAE,CAAC;QACzB,MAAM,OAAO,GAAG,UAAU,CAAC,OAAO,CAAC,CAAC;QACpC,IAAI,OAAO,KAAK,UAAU,IAAI,aAAa,EAAE,CAAC;YAC5C,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,UAAU,EAAE,OAAO,EAAE,CAAC;QAC3C,CAAC;QACD,IAAI,OAAO,KAAK,QAAQ;YAAE,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,UAAU,CAAC,OAAO,CAAC,EAAE,CAAC;QAC5E,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,UAAU,EAAE,OAAO,EAAE,CAAC;IAC3C,CAAC;IAED,IAAI,UAAkB,CAAC;IACvB,IAAI,CAAC;QACH,UAAU,GAAG,MAAM,SAAS,CAAC,OAAO,CAAC,CAAC;IACxC,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,uBAAuB,EAAE,CAAC;IACxD,CAAC;IACD,MAAM,OAAO,GAAG,UAAU,CAAC,UAAU,CAAC,CAAC;IACvC,IAAI,OAAO,KAAK,UAAU,IAAI,aAAa,EAAE,CAAC;QAC5C,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,UAAU,EAAE,CAAC;IAClC,CAAC;IACD,IAAI,OAAO,KAAK,QAAQ;QAAE,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,UAAU,CAAC,OAAO,CAAC,EAAE,CAAC;IAC5E,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,UAAU,EAAE,CAAC;AAClC,CAAC;AAED,KAAK,UAAU,gBAAgB,CAAC,QAAgB;IAC9C,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,QAAQ,EAAE,EAAE,MAAM,EAAE,CAAC,EAAE,CAAC,CAAC;IACrD,OAAO,MAAM,CAAC,OAAO,CAAC;AACxB,CAAC;AAID;;;;GAIG;AACH,MAAM,UAAU,UAAU,CAAC,EAAU;IACnC,IAAI,MAAM,CAAC,EAAE,CAAC;QAAE,OAAO,YAAY,CAAC,EAAE,CAAC,CAAC;IACxC,IAAI,MAAM,CAAC,EAAE,CAAC;QAAE,OAAO,YAAY,CAAC,EAAE,CAAC,CAAC;IACxC,OAAO,SAAS,CAAC,CAAC,oCAAoC;AACxD,CAAC;AAED,SAAS,WAAW,CAAC,CAAS;IAC5B,OAAO,MAAM,CAAC,CAAC,CAAC,IAAI,MAAM,CAAC,CAAC,CAAC,CAAC;AAChC,CAAC;AAED,SAAS,MAAM,CAAC,CAAS;IACvB,OAAO,2BAA2B,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AAC7C,CAAC;AAED,SAAS,MAAM,CAAC,CAAS;IACvB,iEAAiE;IACjE,kEAAkE;IAClE,0BAA0B;IAC1B,OAAO,iBAAiB,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC;AACtD,CAAC;AAED,SAAS,YAAY,CAAC,EAAU;IAC9B,IAAI,EAAE,KAAK,iBAAiB;QAAE,OAAO,gBAAgB,CAAC;IACtD,MAAM,KAAK,GAAG,EAAE,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC;IAC/D,IAAI,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,GAAG,GAAG,CAAC;QAAE,OAAO,SAAS,CAAC;IACjF,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,GAAG,KAAyC,CAAC;IACzD,IAAI,CAAC,KAAK,GAAG;QAAE,OAAO,UAAU,CAAC;IACjC,IAAI,CAAC,KAAK,EAAE;QAAE,OAAO,SAAS,CAAC;IAC/B,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,IAAI,EAAE;QAAE,OAAO,SAAS,CAAC;IACtD,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC,KAAK,GAAG;QAAE,OAAO,SAAS,CAAC;IAC7C,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC,KAAK,GAAG;QAAE,OAAO,YAAY,CAAC;IAChD,IAAI,CAAC,KAAK,CAAC;QAAE,OAAO,SAAS,CAAC;IAC9B,IAAI,CAAC,IAAI,GAAG;QAAE,OAAO,SAAS,CAAC,CAAC,qBAAqB;IACrD,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,SAAS,YAAY,CAAC,GAAW;IAC/B,MAAM,EAAE,GAAG,GAAG,CAAC,WAAW,EAAE,CAAC;IAC7B,IAAI,EAAE,KAAK,KAAK;QAAE,OAAO,UAAU,CAAC;IACpC,IAAI,EAAE,KAAK,IAAI,IAAI,EAAE,KAAK,KAAK;QAAE,OAAO,SAAS,CAAC;IAClD,IAAI,EAAE,CAAC,UAAU,CAAC,OAAO,CAAC;QAAE,OAAO,YAAY,CAAC;IAChD,0BAA0B;IAC1B,IAAI,oBAAoB,CAAC,IAAI,CAAC,EAAE,CAAC;QAAE,OAAO,SAAS,CAAC;IACpD,sCAAsC;IACtC,IAAI,EAAE,KAAK,eAAe;QAAE,OAAO,gBAAgB,CAAC;IACpD,IAAI,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC;QAAE,OAAO,SAAS,CAAC,CAAC,YAAY;IACvD,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,SAAS,UAAU,CAAC,CAAU;IAC5B,QAAQ,CAAC,EAAE,CAAC;QACV,KAAK,SAAS;YACZ,OAAO,YAAY,CAAC;QACtB,KAAK,UAAU;YACb,OAAO,aAAa,CAAC;QACvB,KAAK,YAAY;YACf,OAAO,eAAe,CAAC;QACzB,KAAK,gBAAgB;YACnB,OAAO,mBAAmB,CAAC;QAC7B;YACE,OAAO,YAAY,CAAC;IACxB,CAAC;AACH,CAAC;AAED,SAAS,aAAa,CAAC,MAA6B,EAAE,GAAW;IAC/D,MAAM,GAAG,GAAG,IAAI,KAAK,CAAC,uBAAuB,MAAM,KAAK,GAAG,GAAG,CAAuB,CAAC;IACtF,GAAG,CAAC,MAAM,GAAG,MAAM,CAAC;IACpB,GAAG,CAAC,GAAG,GAAG,GAAG,CAAC;IACd,GAAG,CAAC,SAAS,GAAG,CAAC,aAAa,EAAE,aAAa,EAAE,aAAa,CAAC,CAAC;IAC9D,OAAO,GAAG,CAAC;AACb,CAAC;AAED,kFAAkF;AAClF,MAAM,UAAU,oBAAoB,CAAC,GAAY;IAC/C,OAAO,GAAG,YAAY,KAAK,IAAI,OAAQ,GAA0B,CAAC,MAAM,KAAK,QAAQ,CAAC;AACxF,CAAC"}

package/dist/manipulation-resistance/response-validator.d.ts

@@ -0,0 +1,33 @@
+export interface ResponseValidation {
+    ok: boolean;
+    cleaned?: unknown;
+    reason?: string;
+    apts_refs?: string[];
+}
+/**
+ * Validate + sanitize a wrapper's structured output before propagating
+ * to Findings. Returns { ok: true, cleaned } on success or
+ * { ok: false, reason } with an APTS reference on rejection.
+ */
+export declare function validateWrapperResponse(wrapperName: string, raw: unknown): ResponseValidation;
+export type AuthorityClaim = 'none' | 'admin' | 'root' | 'rce' | 'reverse-shell';
+export interface AuthorityClaimResult {
+    claim: AuthorityClaim;
+    rationale: string;
+    matched_phrase?: string;
+    suggested_action: 'pass' | 'verify' | 'reject';
+    apts_refs: string[];
+}
+/**
+ * Detect authority claims in finding text. Returns the strongest match
+ * (RCE > root > admin) or `claim: 'none'` if no pattern fires.
+ *
+ * Suggested-action policy:
+ *   - 'reject' for RCE / reverse-shell — these are high-impact assertions
+ *     that AEGIS must not propagate without operator confirmation.
+ *   - 'verify' for root/admin — pause for operator confirmation via
+ *     SIGUSR1 resume, then proceed if confirmed.
+ *   - 'pass' when no claim detected.
+ */
+export declare function detectAuthorityClaim(findingText: string): AuthorityClaimResult;
+//# sourceMappingURL=response-validator.d.ts.map

package/dist/manipulation-resistance/response-validator.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"response-validator.d.ts","sourceRoot":"","sources":["../../src/manipulation-resistance/response-validator.ts"],"names":[],"mappings":"AA0FA,MAAM,WAAW,kBAAkB;IACjC,EAAE,EAAE,OAAO,CAAC;IACZ,OAAO,CAAC,EAAE,OAAO,CAAC;IAClB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,SAAS,CAAC,EAAE,MAAM,EAAE,CAAC;CACtB;AAED;;;;GAIG;AACH,wBAAgB,uBAAuB,CACrC,WAAW,EAAE,MAAM,EACnB,GAAG,EAAE,OAAO,GACX,kBAAkB,CAyBpB;AA2BD,MAAM,MAAM,cAAc,GAAG,MAAM,GAAG,OAAO,GAAG,MAAM,GAAG,KAAK,GAAG,eAAe,CAAC;AAEjF,MAAM,WAAW,oBAAoB;IACnC,KAAK,EAAE,cAAc,CAAC;IACtB,SAAS,EAAE,MAAM,CAAC;IAClB,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,gBAAgB,EAAE,MAAM,GAAG,QAAQ,GAAG,QAAQ,CAAC;IAC/C,SAAS,EAAE,MAAM,EAAE,CAAC;CACrB;AA4BD;;;;;;;;;;GAUG;AACH,wBAAgB,oBAAoB,CAAC,WAAW,EAAE,MAAM,GAAG,oBAAoB,CAmB9E"}