@agent-trust/gateway 1.0.0

package/README.md

@@ -0,0 +1,101 @@
+# @agent-trust/gateway
+
+Express middleware that lets trusted AI agents interact with your website. Part of the [AgentTrust](https://github.com/mmsadek96/agentgateway) ecosystem.
+
+## Install
+
+```bash
+npm install @agent-trust/gateway
+```
+
+## Quick Start
+
+```typescript
+import express from 'express';
+import { createGateway } from '@agent-trust/gateway';
+
+const app = express();
+app.use(express.json());
+
+const gateway = createGateway({
+  stationUrl: 'https://agentgateway-6f041c655eb3.herokuapp.com',
+  gatewayId: 'my-store',
+  stationApiKey: 'YOUR_API_KEY',
+  actions: {
+    'search_products': {
+      description: 'Search the product catalog',
+      minScore: 30,
+      parameters: {
+        query: { type: 'string', required: true, description: 'Search query' }
+      },
+      handler: async (params) => {
+        return await db.products.search(params.query);
+      }
+    },
+    'place_order': {
+      description: 'Place an order',
+      minScore: 70,  // Higher trust required
+      parameters: {
+        productId: { type: 'string', required: true },
+        quantity: { type: 'number', required: true }
+      },
+      handler: async (params, agent) => {
+        return await db.orders.create({ ...params, agentId: agent.agentId });
+      }
+    }
+  },
+  behavior: {
+    maxActionsPerMinute: 30,
+    onSuspiciousActivity: (event) => {
+      console.warn('Suspicious agent:', event.flag, event.description);
+    }
+  }
+});
+
+app.use('/agent-gateway', gateway.router());
+app.listen(3000);
+```
+
+## Features
+
+- **Certificate verification** — validates RS256 JWT certificates from the AgentTrust Station
+- **Score-based access** — different actions require different reputation levels
+- **Real-time behavioral tracking** — detects and blocks suspicious agents mid-session
+- **Auto-reporting** — reports agent behavior back to Station automatically
+- **Discovery endpoints** — agents can discover available actions programmatically
+
+## Behavioral Tracking
+
+The gateway monitors agent behavior in real-time and detects:
+
+| Detection | What it catches |
+|-----------|----------------|
+| `rapid_fire` | Too many requests per minute |
+| `high_failure_rate` | Probing / brute force |
+| `action_enumeration` | Scanning endpoints |
+| `repeated_action` | Automation (same action on loop) |
+| `scope_violation` | Accessing above trust level |
+| `burst_detected` | Sudden activity after idle |
+
+Agents get a behavioral score (0-100) that degrades with violations. Drop below threshold = blocked mid-session.
+
+## API
+
+### Routes (mounted on your chosen path)
+
+| Method | Path | Description |
+|--------|------|-------------|
+| `GET` | `/.well-known/agent-gateway` | Discovery manifest |
+| `GET` | `/actions` | List available actions |
+| `POST` | `/actions/:name` | Execute an action (cert required) |
+| `GET` | `/behavior/sessions` | Monitor active sessions |
+
+## Links
+
+- [Full documentation](https://github.com/mmsadek96/agentgateway)
+- [Live Station](https://agentgateway-6f041c655eb3.herokuapp.com/)
+- [API docs](https://agentgateway-6f041c655eb3.herokuapp.com/docs)
+
+## License
+
+MIT

package/dist/action-registry.d.ts

@@ -0,0 +1,29 @@
+import { ActionDefinition, ActionResult, AgentContext, PublicActionInfo } from './types';
+/**
+ * Manages action definitions and handles execution.
+ * Validates parameters, checks score thresholds, and runs handler functions.
+ */
+export declare class ActionRegistry {
+    private actions;
+    constructor(actions: Record<string, ActionDefinition>);
+    /** Get an action definition by name */
+    getAction(name: string): ActionDefinition | undefined;
+    /** Get all action names */
+    getActionNames(): string[];
+    /**
+     * Get the public discovery payload (schemas without handler functions).
+     * This is safe to expose to external agents.
+     */
+    getDiscoveryPayload(): Record<string, PublicActionInfo>;
+    /**
+     * Validate parameters against an action's schema.
+     * Returns an array of error messages (empty if valid).
+     */
+    validateParams(actionName: string, params: Record<string, unknown>): string[];
+    /**
+     * Execute an action.
+     * Checks score threshold, validates params, then calls the handler.
+     */
+    execute(actionName: string, params: Record<string, unknown>, agentContext: AgentContext): Promise<ActionResult>;
+}
+//# sourceMappingURL=action-registry.d.ts.map

package/dist/action-registry.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"action-registry.d.ts","sourceRoot":"","sources":["../src/action-registry.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,gBAAgB,EAChB,YAAY,EACZ,YAAY,EACZ,gBAAgB,EACjB,MAAM,SAAS,CAAC;AAEjB;;;GAGG;AACH,qBAAa,cAAc;IACzB,OAAO,CAAC,OAAO,CAAgC;gBAEnC,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,gBAAgB,CAAC;IAIrD,uCAAuC;IACvC,SAAS,CAAC,IAAI,EAAE,MAAM,GAAG,gBAAgB,GAAG,SAAS;IAIrD,2BAA2B;IAC3B,cAAc,IAAI,MAAM,EAAE;IAI1B;;;OAGG;IACH,mBAAmB,IAAI,MAAM,CAAC,MAAM,EAAE,gBAAgB,CAAC;IAcvD;;;OAGG;IACH,cAAc,CAAC,UAAU,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,MAAM,EAAE;IAuC7E;;;OAGG;IACG,OAAO,CACX,UAAU,EAAE,MAAM,EAClB,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAC/B,YAAY,EAAE,YAAY,GACzB,OAAO,CAAC,YAAY,CAAC;CAoCzB"}

package/dist/action-registry.js

@@ -0,0 +1,108 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ActionRegistry = void 0;
+/**
+ * Manages action definitions and handles execution.
+ * Validates parameters, checks score thresholds, and runs handler functions.
+ */
+class ActionRegistry {
+    constructor(actions) {
+        this.actions = new Map(Object.entries(actions));
+    }
+    /** Get an action definition by name */
+    getAction(name) {
+        return this.actions.get(name);
+    }
+    /** Get all action names */
+    getActionNames() {
+        return Array.from(this.actions.keys());
+    }
+    /**
+     * Get the public discovery payload (schemas without handler functions).
+     * This is safe to expose to external agents.
+     */
+    getDiscoveryPayload() {
+        const payload = {};
+        for (const [name, def] of this.actions) {
+            payload[name] = {
+                description: def.description,
+                minScore: def.minScore,
+                parameters: def.parameters
+            };
+        }
+        return payload;
+    }
+    /**
+     * Validate parameters against an action's schema.
+     * Returns an array of error messages (empty if valid).
+     */
+    validateParams(actionName, params) {
+        const action = this.actions.get(actionName);
+        if (!action) {
+            return [`Action "${actionName}" not found`];
+        }
+        const errors = [];
+        // Check required parameters
+        for (const [paramName, paramDef] of Object.entries(action.parameters)) {
+            const value = params[paramName];
+            if (paramDef.required && (value === undefined || value === null)) {
+                errors.push(`Parameter "${paramName}" is required`);
+                continue;
+            }
+            if (value !== undefined && value !== null) {
+                // Type checking
+                const actualType = Array.isArray(value) ? 'array' : typeof value;
+                if (actualType !== paramDef.type) {
+                    errors.push(`Parameter "${paramName}" must be of type ${paramDef.type}, got ${actualType}`);
+                }
+            }
+        }
+        // Check for unknown parameters
+        const knownParams = new Set(Object.keys(action.parameters));
+        for (const paramName of Object.keys(params)) {
+            if (!knownParams.has(paramName)) {
+                errors.push(`Unknown parameter "${paramName}"`);
+            }
+        }
+        return errors;
+    }
+    /**
+     * Execute an action.
+     * Checks score threshold, validates params, then calls the handler.
+     */
+    async execute(actionName, params, agentContext) {
+        const action = this.actions.get(actionName);
+        if (!action) {
+            return {
+                success: false,
+                error: `Action "${actionName}" not found`
+            };
+        }
+        // Check minimum score
+        if (agentContext.score < action.minScore) {
+            return {
+                success: false,
+                error: `Insufficient reputation score: ${agentContext.score} < ${action.minScore} required`
+            };
+        }
+        // Validate parameters
+        const validationErrors = this.validateParams(actionName, params);
+        if (validationErrors.length > 0) {
+            return {
+                success: false,
+                error: `Parameter validation failed: ${validationErrors.join(', ')}`
+            };
+        }
+        // Execute the handler
+        try {
+            const data = await action.handler(params, agentContext);
+            return { success: true, data };
+        }
+        catch (error) {
+            const message = error instanceof Error ? error.message : 'Action execution failed';
+            return { success: false, error: message };
+        }
+    }
+}
+exports.ActionRegistry = ActionRegistry;
+//# sourceMappingURL=action-registry.js.map

package/dist/action-registry.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"action-registry.js","sourceRoot":"","sources":["../src/action-registry.ts"],"names":[],"mappings":";;;AAOA;;;GAGG;AACH,MAAa,cAAc;IAGzB,YAAY,OAAyC;QACnD,IAAI,CAAC,OAAO,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC;IAClD,CAAC;IAED,uCAAuC;IACvC,SAAS,CAAC,IAAY;QACpB,OAAO,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;IAChC,CAAC;IAED,2BAA2B;IAC3B,cAAc;QACZ,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC,CAAC;IACzC,CAAC;IAED;;;OAGG;IACH,mBAAmB;QACjB,MAAM,OAAO,GAAqC,EAAE,CAAC;QAErD,KAAK,MAAM,CAAC,IAAI,EAAE,GAAG,CAAC,IAAI,IAAI,CAAC,OAAO,EAAE,CAAC;YACvC,OAAO,CAAC,IAAI,CAAC,GAAG;gBACd,WAAW,EAAE,GAAG,CAAC,WAAW;gBAC5B,QAAQ,EAAE,GAAG,CAAC,QAAQ;gBACtB,UAAU,EAAE,GAAG,CAAC,UAAU;aAC3B,CAAC;QACJ,CAAC;QAED,OAAO,OAAO,CAAC;IACjB,CAAC;IAED;;;OAGG;IACH,cAAc,CAAC,UAAkB,EAAE,MAA+B;QAChE,MAAM,MAAM,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;QAC5C,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,OAAO,CAAC,WAAW,UAAU,aAAa,CAAC,CAAC;QAC9C,CAAC;QAED,MAAM,MAAM,GAAa,EAAE,CAAC;QAE5B,4BAA4B;QAC5B,KAAK,MAAM,CAAC,SAAS,EAAE,QAAQ,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,UAAU,CAAC,EAAE,CAAC;YACtE,MAAM,KAAK,GAAG,MAAM,CAAC,SAAS,CAAC,CAAC;YAEhC,IAAI,QAAQ,CAAC,QAAQ,IAAI,CAAC,KAAK,KAAK,SAAS,IAAI,KAAK,KAAK,IAAI,CAAC,EAAE,CAAC;gBACjE,MAAM,CAAC,IAAI,CAAC,cAAc,SAAS,eAAe,CAAC,CAAC;gBACpD,SAAS;YACX,CAAC;YAED,IAAI,KAAK,KAAK,SAAS,IAAI,KAAK,KAAK,IAAI,EAAE,CAAC;gBAC1C,gBAAgB;gBAChB,MAAM,UAAU,GAAG,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,OAAO,KAAK,CAAC;gBACjE,IAAI,UAAU,KAAK,QAAQ,CAAC,IAAI,EAAE,CAAC;oBACjC,MAAM,CAAC,IAAI,CACT,cAAc,SAAS,qBAAqB,QAAQ,CAAC,IAAI,SAAS,UAAU,EAAE,CAC/E,CAAC;gBACJ,CAAC;YACH,CAAC;QACH,CAAC;QAED,+BAA+B;QAC/B,MAAM,WAAW,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,CAAC;QAC5D,KAAK,MAAM,SAAS,IAAI,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC;YAC5C,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,SAAS,CAAC,EAAE,CAAC;gBAChC,MAAM,CAAC,IAAI,CAAC,sBAAsB,SAAS,GAAG,CAAC,CAAC;YAClD,CAAC;QACH,CAAC;QAED,OAAO,MAAM,CAAC;IAChB,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,OAAO,CACX,UAAkB,EAClB,MAA+B,EAC/B,YAA0B;QAE1B,MAAM,MAAM,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;QAE5C,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,OAAO;gBACL,OAAO,EAAE,KAAK;gBACd,KAAK,EAAE,WAAW,UAAU,aAAa;aAC1C,CAAC;QACJ,CAAC;QAED,sBAAsB;QACtB,IAAI,YAAY,CAAC,KAAK,GAAG,MAAM,CAAC,QAAQ,EAAE,CAAC;YACzC,OAAO;gBACL,OAAO,EAAE,KAAK;gBACd,KAAK,EAAE,kCAAkC,YAAY,CAAC,KAAK,MAAM,MAAM,CAAC,QAAQ,WAAW;aAC5F,CAAC;QACJ,CAAC;QAED,sBAAsB;QACtB,MAAM,gBAAgB,GAAG,IAAI,CAAC,cAAc,CAAC,UAAU,EAAE,MAAM,CAAC,CAAC;QACjE,IAAI,gBAAgB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAChC,OAAO;gBACL,OAAO,EAAE,KAAK;gBACd,KAAK,EAAE,gCAAgC,gBAAgB,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE;aACrE,CAAC;QACJ,CAAC;QAED,sBAAsB;QACtB,IAAI,CAAC;YACH,MAAM,IAAI,GAAG,MAAM,MAAM,CAAC,OAAO,CAAC,MAAM,EAAE,YAAY,CAAC,CAAC;YACxD,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC;QACjC,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,OAAO,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,yBAAyB,CAAC;YACnF,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,OAAO,EAAE,CAAC;QAC5C,CAAC;IACH,CAAC;CACF;AA1HD,wCA0HC"}

package/dist/behavior-tracker.d.ts

@@ -0,0 +1,78 @@
+import { BehaviorConfig, BehaviorFlag, SessionStats } from './types';
+/**
+ * BehaviorTracker — real-time behavioral analysis of agent sessions.
+ *
+ * Tracks what agents do within a gateway and detects suspicious patterns:
+ * - Rapid-fire requests (rate abuse)
+ * - High failure rates (probing/brute force)
+ * - Action enumeration (scanning available endpoints)
+ * - Repeated identical actions (automation)
+ * - Scope violations (trying actions above their trust level)
+ * - Burst patterns (sudden activity after idle)
+ *
+ * Each agent gets a behavioral score (0-100) that starts at 100 and
+ * decreases with each violation. If the score drops below the block
+ * threshold, the agent is blocked mid-session.
+ */
+export declare class BehaviorTracker {
+    private sessions;
+    private config;
+    private cleanupInterval;
+    constructor(config?: BehaviorConfig);
+    /**
+     * Record an action and analyze behavior.
+     * Returns the current behavioral score and any new flags.
+     */
+    recordAction(agentId: string, externalId: string, actionName: string, params: Record<string, unknown>, success: boolean, scoreMet: boolean): {
+        behaviorScore: number;
+        flags: BehaviorFlag[];
+        blocked: boolean;
+    };
+    /**
+     * Check if an agent is currently blocked.
+     */
+    isBlocked(agentId: string): boolean;
+    /**
+     * Get the current behavioral score for an agent.
+     */
+    getScore(agentId: string): number;
+    /**
+     * Get session stats for an agent.
+     */
+    getStats(agentId: string): SessionStats | null;
+    /**
+     * Manually block an agent.
+     */
+    blockAgent(agentId: string): void;
+    /**
+     * Clear an agent's session (reset).
+     */
+    clearSession(agentId: string): void;
+    /**
+     * Get all active sessions (for monitoring/dashboard).
+     */
+    getActiveSessions(): Array<{
+        agentId: string;
+        externalId: string;
+        stats: SessionStats;
+    }>;
+    /**
+     * Destroy the tracker and stop cleanup interval.
+     */
+    destroy(): void;
+    /** Check 1: Too many actions per minute */
+    private checkRapidFire;
+    /** Check 2: Too many failures */
+    private checkHighFailureRate;
+    /** Check 3: Trying many different action types (scanning) */
+    private checkActionEnumeration;
+    /** Check 4: Same action with same params repeated (automation) */
+    private checkRepeatedActions;
+    /** Check 6: Sudden burst of activity after being idle */
+    private checkBurstPattern;
+    private hashParams;
+    private getSessionStats;
+    private getDescription;
+    private cleanupSessions;
+}
+//# sourceMappingURL=behavior-tracker.d.ts.map

package/dist/behavior-tracker.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"behavior-tracker.d.ts","sourceRoot":"","sources":["../src/behavior-tracker.ts"],"names":[],"mappings":"AACA,OAAO,EACL,cAAc,EAEd,YAAY,EAGZ,YAAY,EACb,MAAM,SAAS,CAAC;AAEjB;;;;;;;;;;;;;;GAcG;AACH,qBAAa,eAAe;IAC1B,OAAO,CAAC,QAAQ,CAAwC;IACxD,OAAO,CAAC,MAAM,CAEZ;IACF,OAAO,CAAC,eAAe,CAAiC;gBAE5C,MAAM,GAAE,cAAmB;IAiBvC;;;OAGG;IACH,YAAY,CACV,OAAO,EAAE,MAAM,EACf,UAAU,EAAE,MAAM,EAClB,UAAU,EAAE,MAAM,EAClB,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAC/B,OAAO,EAAE,OAAO,EAChB,QAAQ,EAAE,OAAO,GAChB;QAAE,aAAa,EAAE,MAAM,CAAC;QAAC,KAAK,EAAE,YAAY,EAAE,CAAC;QAAC,OAAO,EAAE,OAAO,CAAA;KAAE;IAuHrE;;OAEG;IACH,SAAS,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO;IAKnC;;OAEG;IACH,QAAQ,CAAC,OAAO,EAAE,MAAM,GAAG,MAAM;IAKjC;;OAEG;IACH,QAAQ,CAAC,OAAO,EAAE,MAAM,GAAG,YAAY,GAAG,IAAI;IAM9C;;OAEG;IACH,UAAU,CAAC,OAAO,EAAE,MAAM,GAAG,IAAI;IAQjC;;OAEG;IACH,YAAY,CAAC,OAAO,EAAE,MAAM,GAAG,IAAI;IAInC;;OAEG;IACH,iBAAiB,IAAI,KAAK,CAAC;QAAE,OAAO,EAAE,MAAM,CAAC;QAAC,UAAU,EAAE,MAAM,CAAC;QAAC,KAAK,EAAE,YAAY,CAAA;KAAE,CAAC;IAYxF;;OAEG;IACH,OAAO,IAAI,IAAI;IAOf,2CAA2C;IAC3C,OAAO,CAAC,cAAc;IAMtB,iCAAiC;IACjC,OAAO,CAAC,oBAAoB;IAK5B,6DAA6D;IAC7D,OAAO,CAAC,sBAAsB;IAO9B,kEAAkE;IAClE,OAAO,CAAC,oBAAoB;IAoB5B,yDAAyD;IACzD,OAAO,CAAC,iBAAiB;IAqBzB,OAAO,CAAC,UAAU;IAKlB,OAAO,CAAC,eAAe;IAiBvB,OAAO,CAAC,cAAc;IAatB,OAAO,CAAC,eAAe;CAQxB"}

package/dist/behavior-tracker.js

@@ -0,0 +1,300 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.BehaviorTracker = void 0;
+const crypto_1 = __importDefault(require("crypto"));
+/**
+ * BehaviorTracker — real-time behavioral analysis of agent sessions.
+ *
+ * Tracks what agents do within a gateway and detects suspicious patterns:
+ * - Rapid-fire requests (rate abuse)
+ * - High failure rates (probing/brute force)
+ * - Action enumeration (scanning available endpoints)
+ * - Repeated identical actions (automation)
+ * - Scope violations (trying actions above their trust level)
+ * - Burst patterns (sudden activity after idle)
+ *
+ * Each agent gets a behavioral score (0-100) that starts at 100 and
+ * decreases with each violation. If the score drops below the block
+ * threshold, the agent is blocked mid-session.
+ */
+class BehaviorTracker {
+    constructor(config = {}) {
+        this.sessions = new Map();
+        this.config = {
+            enabled: config.enabled ?? true,
+            sessionTimeout: config.sessionTimeout ?? 300000, // 5 minutes
+            maxActionsPerMinute: config.maxActionsPerMinute ?? 30,
+            maxFailuresBeforeFlag: config.maxFailuresBeforeFlag ?? 5,
+            maxUniqueActionsPerMinute: config.maxUniqueActionsPerMinute ?? 10,
+            maxRepeatedActionsPerMinute: config.maxRepeatedActionsPerMinute ?? 10,
+            violationPenalty: config.violationPenalty ?? 10,
+            blockThreshold: config.blockThreshold ?? 20,
+            onSuspiciousActivity: config.onSuspiciousActivity,
+        };
+        // Clean up expired sessions every 60 seconds
+        this.cleanupInterval = setInterval(() => this.cleanupSessions(), 60000);
+    }
+    /**
+     * Record an action and analyze behavior.
+     * Returns the current behavioral score and any new flags.
+     */
+    recordAction(agentId, externalId, actionName, params, success, scoreMet) {
+        if (!this.config.enabled) {
+            return { behaviorScore: 100, flags: [], blocked: false };
+        }
+        const now = Date.now();
+        let session = this.sessions.get(agentId);
+        // Create new session if none exists or previous one expired
+        if (!session || (now - session.lastActivityAt) > this.config.sessionTimeout) {
+            session = {
+                agentId,
+                externalId,
+                startedAt: now,
+                lastActivityAt: now,
+                behaviorScore: 100,
+                actions: [],
+                flags: new Set(),
+                blocked: false
+            };
+            this.sessions.set(agentId, session);
+        }
+        // Record the action
+        const action = {
+            actionName,
+            paramsHash: this.hashParams(actionName, params),
+            success,
+            scopeViolation: !scoreMet,
+            timestamp: now
+        };
+        session.actions.push(action);
+        session.lastActivityAt = now;
+        // If already blocked, don't re-analyze
+        if (session.blocked) {
+            return { behaviorScore: session.behaviorScore, flags: Array.from(session.flags), blocked: true };
+        }
+        // ─── Run all behavioral checks ───
+        const newFlags = [];
+        // Check 1: Rapid-fire detection
+        if (this.checkRapidFire(session, now)) {
+            newFlags.push('rapid_fire');
+        }
+        // Check 2: High failure rate
+        if (this.checkHighFailureRate(session)) {
+            newFlags.push('high_failure_rate');
+        }
+        // Check 3: Action enumeration
+        if (this.checkActionEnumeration(session, now)) {
+            newFlags.push('action_enumeration');
+        }
+        // Check 4: Repeated identical actions
+        if (this.checkRepeatedActions(session, now)) {
+            newFlags.push('repeated_action');
+        }
+        // Check 5: Scope violation
+        if (!scoreMet) {
+            newFlags.push('scope_violation');
+        }
+        // Check 6: Burst detection (activity after idle)
+        if (this.checkBurstPattern(session, now)) {
+            newFlags.push('burst_detected');
+        }
+        // Apply penalties for NEW flags only
+        for (const flag of newFlags) {
+            if (!session.flags.has(flag)) {
+                session.flags.add(flag);
+                session.behaviorScore = Math.max(0, session.behaviorScore - this.config.violationPenalty);
+                // Emit event
+                if (this.config.onSuspiciousActivity) {
+                    const event = {
+                        agentId,
+                        externalId,
+                        flag,
+                        description: this.getDescription(flag),
+                        behaviorScore: session.behaviorScore,
+                        sessionStats: this.getSessionStats(session),
+                        timestamp: new Date().toISOString()
+                    };
+                    this.config.onSuspiciousActivity(event);
+                }
+            }
+        }
+        // For repeated violations of the SAME type, apply reduced penalties
+        for (const flag of newFlags) {
+            if (session.flags.has(flag) && flag !== 'scope_violation') {
+                // Escalating penalty: each repeat costs more
+                session.behaviorScore = Math.max(0, session.behaviorScore - Math.floor(this.config.violationPenalty / 2));
+            }
+        }
+        // Scope violations always cost (they're deliberate)
+        if (!scoreMet && session.flags.has('scope_violation')) {
+            session.behaviorScore = Math.max(0, session.behaviorScore - this.config.violationPenalty);
+        }
+        // Check if agent should be blocked
+        if (session.behaviorScore <= this.config.blockThreshold) {
+            session.blocked = true;
+        }
+        return {
+            behaviorScore: session.behaviorScore,
+            flags: newFlags,
+            blocked: session.blocked
+        };
+    }
+    /**
+     * Check if an agent is currently blocked.
+     */
+    isBlocked(agentId) {
+        const session = this.sessions.get(agentId);
+        return session?.blocked ?? false;
+    }
+    /**
+     * Get the current behavioral score for an agent.
+     */
+    getScore(agentId) {
+        const session = this.sessions.get(agentId);
+        return session?.behaviorScore ?? 100;
+    }
+    /**
+     * Get session stats for an agent.
+     */
+    getStats(agentId) {
+        const session = this.sessions.get(agentId);
+        if (!session)
+            return null;
+        return this.getSessionStats(session);
+    }
+    /**
+     * Manually block an agent.
+     */
+    blockAgent(agentId) {
+        const session = this.sessions.get(agentId);
+        if (session) {
+            session.blocked = true;
+            session.behaviorScore = 0;
+        }
+    }
+    /**
+     * Clear an agent's session (reset).
+     */
+    clearSession(agentId) {
+        this.sessions.delete(agentId);
+    }
+    /**
+     * Get all active sessions (for monitoring/dashboard).
+     */
+    getActiveSessions() {
+        const result = [];
+        for (const session of this.sessions.values()) {
+            result.push({
+                agentId: session.agentId,
+                externalId: session.externalId,
+                stats: this.getSessionStats(session)
+            });
+        }
+        return result;
+    }
+    /**
+     * Destroy the tracker and stop cleanup interval.
+     */
+    destroy() {
+        clearInterval(this.cleanupInterval);
+        this.sessions.clear();
+    }
+    // ─── Behavioral Checks ───
+    /** Check 1: Too many actions per minute */
+    checkRapidFire(session, now) {
+        const oneMinuteAgo = now - 60000;
+        const recentActions = session.actions.filter(a => a.timestamp > oneMinuteAgo);
+        return recentActions.length > this.config.maxActionsPerMinute;
+    }
+    /** Check 2: Too many failures */
+    checkHighFailureRate(session) {
+        const failures = session.actions.filter(a => !a.success).length;
+        return failures >= this.config.maxFailuresBeforeFlag;
+    }
+    /** Check 3: Trying many different action types (scanning) */
+    checkActionEnumeration(session, now) {
+        const oneMinuteAgo = now - 60000;
+        const recentActions = session.actions.filter(a => a.timestamp > oneMinuteAgo);
+        const uniqueActions = new Set(recentActions.map(a => a.actionName));
+        return uniqueActions.size > this.config.maxUniqueActionsPerMinute;
+    }
+    /** Check 4: Same action with same params repeated (automation) */
+    checkRepeatedActions(session, now) {
+        const oneMinuteAgo = now - 60000;
+        const recentActions = session.actions.filter(a => a.timestamp > oneMinuteAgo);
+        // Count identical action+params combos
+        const counts = new Map();
+        for (const action of recentActions) {
+            const key = action.paramsHash;
+            counts.set(key, (counts.get(key) || 0) + 1);
+        }
+        // Check if any combo exceeds threshold
+        for (const count of counts.values()) {
+            if (count > this.config.maxRepeatedActionsPerMinute) {
+                return true;
+            }
+        }
+        return false;
+    }
+    /** Check 6: Sudden burst of activity after being idle */
+    checkBurstPattern(session, now) {
+        if (session.actions.length < 5)
+            return false; // Need enough data
+        const actions = session.actions;
+        const lastFive = actions.slice(-5);
+        const fiveActionsAgo = actions.length >= 6 ? actions[actions.length - 6] : null;
+        if (!fiveActionsAgo)
+            return false;
+        // Gap between 6th-last and 5th-last action
+        const gap = lastFive[0].timestamp - fiveActionsAgo.timestamp;
+        // Time span of last 5 actions
+        const recentSpan = lastFive[lastFive.length - 1].timestamp - lastFive[0].timestamp;
+        // If there was a long idle period (>30s) followed by 5 rapid actions (<5s)
+        return gap > 30000 && recentSpan < 5000;
+    }
+    // ─── Helpers ───
+    hashParams(actionName, params) {
+        const key = `${actionName}:${JSON.stringify(params, Object.keys(params).sort())}`;
+        return crypto_1.default.createHash('md5').update(key).digest('hex').substring(0, 12);
+    }
+    getSessionStats(session) {
+        const now = Date.now();
+        const oneMinuteAgo = now - 60000;
+        const recentActions = session.actions.filter(a => a.timestamp > oneMinuteAgo);
+        return {
+            totalActions: session.actions.length,
+            successfulActions: session.actions.filter(a => a.success).length,
+            failedActions: session.actions.filter(a => !a.success).length,
+            actionsLastMinute: recentActions.length,
+            uniqueActionsLastMinute: new Set(recentActions.map(a => a.actionName)).size,
+            sessionDuration: now - session.startedAt,
+            scopeViolations: session.actions.filter(a => a.scopeViolation).length,
+            flagsTriggered: Array.from(session.flags)
+        };
+    }
+    getDescription(flag) {
+        const descriptions = {
+            'rapid_fire': `Agent exceeded ${this.config.maxActionsPerMinute} actions per minute`,
+            'high_failure_rate': `Agent has ${this.config.maxFailuresBeforeFlag}+ failed actions (possible probing)`,
+            'action_enumeration': `Agent tried ${this.config.maxUniqueActionsPerMinute}+ unique actions in one minute (scanning)`,
+            'repeated_action': `Agent repeated the same action ${this.config.maxRepeatedActionsPerMinute}+ times per minute (automation)`,
+            'scope_violation': 'Agent attempted an action above their trust level',
+            'session_anomaly': 'Unusual session pattern detected',
+            'burst_detected': 'Sudden burst of activity after idle period'
+        };
+        return descriptions[flag];
+    }
+    cleanupSessions() {
+        const now = Date.now();
+        for (const [agentId, session] of this.sessions) {
+            if ((now - session.lastActivityAt) > this.config.sessionTimeout) {
+                this.sessions.delete(agentId);
+            }
+        }
+    }
+}
+exports.BehaviorTracker = BehaviorTracker;
+//# sourceMappingURL=behavior-tracker.js.map

package/dist/behavior-tracker.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"behavior-tracker.js","sourceRoot":"","sources":["../src/behavior-tracker.ts"],"names":[],"mappings":";;;;;;AAAA,oDAA4B;AAU5B;;;;;;;;;;;;;;GAcG;AACH,MAAa,eAAe;IAO1B,YAAY,SAAyB,EAAE;QAN/B,aAAQ,GAA8B,IAAI,GAAG,EAAE,CAAC;QAOtD,IAAI,CAAC,MAAM,GAAG;YACZ,OAAO,EAAE,MAAM,CAAC,OAAO,IAAI,IAAI;YAC/B,cAAc,EAAE,MAAM,CAAC,cAAc,IAAI,MAAO,EAAS,YAAY;YACrE,mBAAmB,EAAE,MAAM,CAAC,mBAAmB,IAAI,EAAE;YACrD,qBAAqB,EAAE,MAAM,CAAC,qBAAqB,IAAI,CAAC;YACxD,yBAAyB,EAAE,MAAM,CAAC,yBAAyB,IAAI,EAAE;YACjE,2BAA2B,EAAE,MAAM,CAAC,2BAA2B,IAAI,EAAE;YACrE,gBAAgB,EAAE,MAAM,CAAC,gBAAgB,IAAI,EAAE;YAC/C,cAAc,EAAE,MAAM,CAAC,cAAc,IAAI,EAAE;YAC3C,oBAAoB,EAAE,MAAM,CAAC,oBAAoB;SAClD,CAAC;QAEF,6CAA6C;QAC7C,IAAI,CAAC,eAAe,GAAG,WAAW,CAAC,GAAG,EAAE,CAAC,IAAI,CAAC,eAAe,EAAE,EAAE,KAAM,CAAC,CAAC;IAC3E,CAAC;IAED;;;OAGG;IACH,YAAY,CACV,OAAe,EACf,UAAkB,EAClB,UAAkB,EAClB,MAA+B,EAC/B,OAAgB,EAChB,QAAiB;QAEjB,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;YACzB,OAAO,EAAE,aAAa,EAAE,GAAG,EAAE,KAAK,EAAE,EAAE,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC;QAC3D,CAAC;QAED,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QACvB,IAAI,OAAO,GAAG,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;QAEzC,4DAA4D;QAC5D,IAAI,CAAC,OAAO,IAAI,CAAC,GAAG,GAAG,OAAO,CAAC,cAAc,CAAC,GAAG,IAAI,CAAC,MAAM,CAAC,cAAc,EAAE,CAAC;YAC5E,OAAO,GAAG;gBACR,OAAO;gBACP,UAAU;gBACV,SAAS,EAAE,GAAG;gBACd,cAAc,EAAE,GAAG;gBACnB,aAAa,EAAE,GAAG;gBAClB,OAAO,EAAE,EAAE;gBACX,KAAK,EAAE,IAAI,GAAG,EAAE;gBAChB,OAAO,EAAE,KAAK;aACf,CAAC;YACF,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;QACtC,CAAC;QAED,oBAAoB;QACpB,MAAM,MAAM,GAAkB;YAC5B,UAAU;YACV,UAAU,EAAE,IAAI,CAAC,UAAU,CAAC,UAAU,EAAE,MAAM,CAAC;YAC/C,OAAO;YACP,cAAc,EAAE,CAAC,QAAQ;YACzB,SAAS,EAAE,GAAG;SACf,CAAC;QACF,OAAO,CAAC,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QAC7B,OAAO,CAAC,cAAc,GAAG,GAAG,CAAC;QAE7B,uCAAuC;QACvC,IAAI,OAAO,CAAC,OAAO,EAAE,CAAC;YACpB,OAAO,EAAE,aAAa,EAAE,OAAO,CAAC,aAAa,EAAE,KAAK,EAAE,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;QACnG,CAAC;QAED,oCAAoC;QACpC,MAAM,QAAQ,GAAmB,EAAE,CAAC;QAEpC,gCAAgC;QAChC,IAAI,IAAI,CAAC,cAAc,CAAC,OAAO,EAAE,GAAG,CAAC,EAAE,CAAC;YACtC,QAAQ,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;QAC9B,CAAC;QAED,6BAA6B;QAC7B,IAAI,IAAI,CAAC,oBAAoB,CAAC,OAAO,CAAC,EAAE,CAAC;YACvC,QAAQ,CAAC,IAAI,CAAC,mBAAmB,CAAC,CAAC;QACrC,CAAC;QAED,8BAA8B;QAC9B,IAAI,IAAI,CAAC,sBAAsB,CAAC,OAAO,EAAE,GAAG,CAAC,EAAE,CAAC;YAC9C,QAAQ,CAAC,IAAI,CAAC,oBAAoB,CAAC,CAAC;QACtC,CAAC;QAED,sCAAsC;QACtC,IAAI,IAAI,CAAC,oBAAoB,CAAC,OAAO,EAAE,GAAG,CAAC,EAAE,CAAC;YAC5C,QAAQ,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAC;QACnC,CAAC;QAED,2BAA2B;QAC3B,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,QAAQ,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAC;QACnC,CAAC;QAED,iDAAiD;QACjD,IAAI,IAAI,CAAC,iBAAiB,CAAC,OAAO,EAAE,GAAG,CAAC,EAAE,CAAC;YACzC,QAAQ,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC;QAClC,CAAC;QAED,qCAAqC;QACrC,KAAK,MAAM,IAAI,IAAI,QAAQ,EAAE,CAAC;YAC5B,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC;gBAC7B,OAAO,CAAC,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;gBACxB,OAAO,CAAC,aAAa,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,OAAO,CAAC,aAAa,GAAG,IAAI,CAAC,MAAM,CAAC,gBAAgB,CAAC,CAAC;gBAE1F,aAAa;gBACb,IAAI,IAAI,CAAC,MAAM,CAAC,oBAAoB,EAAE,CAAC;oBACrC,MAAM,KAAK,GAAkB;wBAC3B,OAAO;wBACP,UAAU;wBACV,IAAI;wBACJ,WAAW,EAAE,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC;wBACtC,aAAa,EAAE,OAAO,CAAC,aAAa;wBACpC,YAAY,EAAE,IAAI,CAAC,eAAe,CAAC,OAAO,CAAC;wBAC3C,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;qBACpC,CAAC;oBACF,IAAI,CAAC,MAAM,CAAC,oBAAoB,CAAC,KAAK,CAAC,CAAC;gBAC1C,CAAC;YACH,CAAC;QACH,CAAC;QAED,oEAAoE;QACpE,KAAK,MAAM,IAAI,IAAI,QAAQ,EAAE,CAAC;YAC5B,IAAI,OAAO,CAAC,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,IAAI,KAAK,iBAAiB,EAAE,CAAC;gBAC1D,6CAA6C;gBAC7C,OAAO,CAAC,aAAa,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,OAAO,CAAC,aAAa,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,gBAAgB,GAAG,CAAC,CAAC,CAAC,CAAC;YAC5G,CAAC;QACH,CAAC;QAED,oDAAoD;QACpD,IAAI,CAAC,QAAQ,IAAI,OAAO,CAAC,KAAK,CAAC,GAAG,CAAC,iBAAiB,CAAC,EAAE,CAAC;YACtD,OAAO,CAAC,aAAa,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,OAAO,CAAC,aAAa,GAAG,IAAI,CAAC,MAAM,CAAC,gBAAgB,CAAC,CAAC;QAC5F,CAAC;QAED,mCAAmC;QACnC,IAAI,OAAO,CAAC,aAAa,IAAI,IAAI,CAAC,MAAM,CAAC,cAAc,EAAE,CAAC;YACxD,OAAO,CAAC,OAAO,GAAG,IAAI,CAAC;QACzB,CAAC;QAED,OAAO;YACL,aAAa,EAAE,OAAO,CAAC,aAAa;YACpC,KAAK,EAAE,QAAQ;YACf,OAAO,EAAE,OAAO,CAAC,OAAO;SACzB,CAAC;IACJ,CAAC;IAED;;OAEG;IACH,SAAS,CAAC,OAAe;QACvB,MAAM,OAAO,GAAG,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;QAC3C,OAAO,OAAO,EAAE,OAAO,IAAI,KAAK,CAAC;IACnC,CAAC;IAED;;OAEG;IACH,QAAQ,CAAC,OAAe;QACtB,MAAM,OAAO,GAAG,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;QAC3C,OAAO,OAAO,EAAE,aAAa,IAAI,GAAG,CAAC;IACvC,CAAC;IAED;;OAEG;IACH,QAAQ,CAAC,OAAe;QACtB,MAAM,OAAO,GAAG,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;QAC3C,IAAI,CAAC,OAAO;YAAE,OAAO,IAAI,CAAC;QAC1B,OAAO,IAAI,CAAC,eAAe,CAAC,OAAO,CAAC,CAAC;IACvC,CAAC;IAED;;OAEG;IACH,UAAU,CAAC,OAAe;QACxB,MAAM,OAAO,GAAG,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;QAC3C,IAAI,OAAO,EAAE,CAAC;YACZ,OAAO,CAAC,OAAO,GAAG,IAAI,CAAC;YACvB,OAAO,CAAC,aAAa,GAAG,CAAC,CAAC;QAC5B,CAAC;IACH,CAAC;IAED;;OAEG;IACH,YAAY,CAAC,OAAe;QAC1B,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;IAChC,CAAC;IAED;;OAEG;IACH,iBAAiB;QACf,MAAM,MAAM,GAAwE,EAAE,CAAC;QACvF,KAAK,MAAM,OAAO,IAAI,IAAI,CAAC,QAAQ,CAAC,MAAM,EAAE,EAAE,CAAC;YAC7C,MAAM,CAAC,IAAI,CAAC;gBACV,OAAO,EAAE,OAAO,CAAC,OAAO;gBACxB,UAAU,EAAE,OAAO,CAAC,UAAU;gBAC9B,KAAK,EAAE,IAAI,CAAC,eAAe,CAAC,OAAO,CAAC;aACrC,CAAC,CAAC;QACL,CAAC;QACD,OAAO,MAAM,CAAC;IAChB,CAAC;IAED;;OAEG;IACH,OAAO;QACL,aAAa,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;QACpC,IAAI,CAAC,QAAQ,CAAC,KAAK,EAAE,CAAC;IACxB,CAAC;IAED,4BAA4B;IAE5B,2CAA2C;IACnC,cAAc,CAAC,OAAqB,EAAE,GAAW;QACvD,MAAM,YAAY,GAAG,GAAG,GAAG,KAAM,CAAC;QAClC,MAAM,aAAa,GAAG,OAAO,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,SAAS,GAAG,YAAY,CAAC,CAAC;QAC9E,OAAO,aAAa,CAAC,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC,mBAAmB,CAAC;IAChE,CAAC;IAED,iCAAiC;IACzB,oBAAoB,CAAC,OAAqB;QAChD,MAAM,QAAQ,GAAG,OAAO,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,MAAM,CAAC;QAChE,OAAO,QAAQ,IAAI,IAAI,CAAC,MAAM,CAAC,qBAAqB,CAAC;IACvD,CAAC;IAED,6DAA6D;IACrD,sBAAsB,CAAC,OAAqB,EAAE,GAAW;QAC/D,MAAM,YAAY,GAAG,GAAG,GAAG,KAAM,CAAC;QAClC,MAAM,aAAa,GAAG,OAAO,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,SAAS,GAAG,YAAY,CAAC,CAAC;QAC9E,MAAM,aAAa,GAAG,IAAI,GAAG,CAAC,aAAa,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC;QACpE,OAAO,aAAa,CAAC,IAAI,GAAG,IAAI,CAAC,MAAM,CAAC,yBAAyB,CAAC;IACpE,CAAC;IAED,kEAAkE;IAC1D,oBAAoB,CAAC,OAAqB,EAAE,GAAW;QAC7D,MAAM,YAAY,GAAG,GAAG,GAAG,KAAM,CAAC;QAClC,MAAM,aAAa,GAAG,OAAO,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,SAAS,GAAG,YAAY,CAAC,CAAC;QAE9E,uCAAuC;QACvC,MAAM,MAAM,GAAG,IAAI,GAAG,EAAkB,CAAC;QACzC,KAAK,MAAM,MAAM,IAAI,aAAa,EAAE,CAAC;YACnC,MAAM,GAAG,GAAG,MAAM,CAAC,UAAU,CAAC;YAC9B,MAAM,CAAC,GAAG,CAAC,GAAG,EAAE,CAAC,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;QAC9C,CAAC;QAED,uCAAuC;QACvC,KAAK,MAAM,KAAK,IAAI,MAAM,CAAC,MAAM,EAAE,EAAE,CAAC;YACpC,IAAI,KAAK,GAAG,IAAI,CAAC,MAAM,CAAC,2BAA2B,EAAE,CAAC;gBACpD,OAAO,IAAI,CAAC;YACd,CAAC;QACH,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC;IAED,yDAAyD;IACjD,iBAAiB,CAAC,OAAqB,EAAE,GAAW;QAC1D,IAAI,OAAO,CAAC,OAAO,CAAC,MAAM,GAAG,CAAC;YAAE,OAAO,KAAK,CAAC,CAAC,mBAAmB;QAEjE,MAAM,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC;QAChC,MAAM,QAAQ,GAAG,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;QACnC,MAAM,cAAc,GAAG,OAAO,CAAC,MAAM,IAAI,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;QAEhF,IAAI,CAAC,cAAc;YAAE,OAAO,KAAK,CAAC;QAElC,2CAA2C;QAC3C,MAAM,GAAG,GAAG,QAAQ,CAAC,CAAC,CAAC,CAAC,SAAS,GAAG,cAAc,CAAC,SAAS,CAAC;QAE7D,8BAA8B;QAC9B,MAAM,UAAU,GAAG,QAAQ,CAAC,QAAQ,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,SAAS,GAAG,QAAQ,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;QAEnF,2EAA2E;QAC3E,OAAO,GAAG,GAAG,KAAM,IAAI,UAAU,GAAG,IAAK,CAAC;IAC5C,CAAC;IAED,kBAAkB;IAEV,UAAU,CAAC,UAAkB,EAAE,MAA+B;QACpE,MAAM,GAAG,GAAG,GAAG,UAAU,IAAI,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,IAAI,EAAE,CAAC,EAAE,CAAC;QAClF,OAAO,gBAAM,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;IAC7E,CAAC;IAEO,eAAe,CAAC,OAAqB;QAC3C,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QACvB,MAAM,YAAY,GAAG,GAAG,GAAG,KAAM,CAAC;QAClC,MAAM,aAAa,GAAG,OAAO,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,SAAS,GAAG,YAAY,CAAC,CAAC;QAE9E,OAAO;YACL,YAAY,EAAE,OAAO,CAAC,OAAO,CAAC,MAAM;YACpC,iBAAiB,EAAE,OAAO,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,MAAM;YAChE,aAAa,EAAE,OAAO,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,MAAM;YAC7D,iBAAiB,EAAE,aAAa,CAAC,MAAM;YACvC,uBAAuB,EAAE,IAAI,GAAG,CAAC,aAAa,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,IAAI;YAC3E,eAAe,EAAE,GAAG,GAAG,OAAO,CAAC,SAAS;YACxC,eAAe,EAAE,OAAO,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,cAAc,CAAC,CAAC,MAAM;YACrE,cAAc,EAAE,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC;SAC1C,CAAC;IACJ,CAAC;IAEO,cAAc,CAAC,IAAkB;QACvC,MAAM,YAAY,GAAiC;YACjD,YAAY,EAAE,kBAAkB,IAAI,CAAC,MAAM,CAAC,mBAAmB,qBAAqB;YACpF,mBAAmB,EAAE,aAAa,IAAI,CAAC,MAAM,CAAC,qBAAqB,qCAAqC;YACxG,oBAAoB,EAAE,eAAe,IAAI,CAAC,MAAM,CAAC,yBAAyB,2CAA2C;YACrH,iBAAiB,EAAE,kCAAkC,IAAI,CAAC,MAAM,CAAC,2BAA2B,iCAAiC;YAC7H,iBAAiB,EAAE,mDAAmD;YACtE,iBAAiB,EAAE,kCAAkC;YACrD,gBAAgB,EAAE,4CAA4C;SAC/D,CAAC;QACF,OAAO,YAAY,CAAC,IAAI,CAAC,CAAC;IAC5B,CAAC;IAEO,eAAe;QACrB,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QACvB,KAAK,MAAM,CAAC,OAAO,EAAE,OAAO,CAAC,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;YAC/C,IAAI,CAAC,GAAG,GAAG,OAAO,CAAC,cAAc,CAAC,GAAG,IAAI,CAAC,MAAM,CAAC,cAAc,EAAE,CAAC;gBAChE,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;YAChC,CAAC;QACH,CAAC;IACH,CAAC;CACF;AAzUD,0CAyUC"}