@aisy/core 0.1.0

package/dist/safety/index.js

@@ -0,0 +1,464 @@
+import { createHash, randomUUID } from 'node:crypto';
+export { makeGrantStore } from './grants.js';
+// ---------------------------------------------------------------------------
+// Normalization + HARD_DENY rule set (ADR-0009)
+// Tested against the normalized tool name + serialized args — obfuscated
+// variants (alias paths, URL-encoding, path traversal) are normalized first.
+// ---------------------------------------------------------------------------
+function normalizeHaystack(call) {
+    let s = `${call.tool} ${JSON.stringify(call.args)}`.toLowerCase();
+    try {
+        s = decodeURIComponent(s);
+    }
+    catch {
+        /* malformed escapes stay as-is — patterns still match the raw form */
+    }
+    return s;
+}
+const HARD_DENY = [
+    { id: 'FS_DESTRUCTION_RM_RF', pattern: /\brm\s+-[a-z]*(?:rf|fr)\b/ },
+    { id: 'INFRA_DESTRUCTION_TF', pattern: /terraform\s+destroy/ },
+    { id: 'HISTORY_REWRITE_FORCE_PUSH', pattern: /git\s+push(?:\s+\S+)*\s+(?:--force|-f)\b/ },
+    { id: 'DB_DROP_TABLE', pattern: /\bdrop\s+table\b/ },
+    { id: 'DB_TRUNCATE', pattern: /\btruncate\s+table\b/ },
+    { id: 'MONEY_OP', pattern: /stripe\.|createcharge|\btransfer\s+funds\b|\bpayout\b/ },
+    { id: 'SECRET_FILE_READ', pattern: /etc\/shadow|etc\/passwd|id_rsa\b|\.aws\/credentials/ },
+];
+/** DELETE without WHERE — checked on every string arg (any key), fail-closed. */
+function isUnboundedDelete(call) {
+    for (const v of Object.values(call.args)) {
+        if (typeof v !== 'string')
+            continue;
+        const s = v.toLowerCase();
+        if (/\bdelete\s+from\b/.test(s) && !/\bwhere\b/.test(s))
+            return true;
+    }
+    return false;
+}
+/** Outbound / side-effecting drop set disabled under narrowing (ADR-0027). */
+function isOutboundOrSideEffecting(call) {
+    if (/^(telegram\.|http\.|mcp:write)/.test(call.tool))
+        return true;
+    if (call.tool === 'bash') {
+        const cmd = String(call.args['cmd'] ?? '');
+        return /git\s+push|curl|wget|\bssh\b|\bscp\b|\bnc\b/.test(cmd);
+    }
+    return false;
+}
+/** High-risk in degraded (no-gVisor) mode: network-capable shell commands. */
+function isHighRiskShell(call) {
+    if (call.tool !== 'bash')
+        return false;
+    return /curl|wget|\bssh\b|\bnc\b/.test(String(call.args['cmd'] ?? ''));
+}
+function tierOf(call) {
+    if (/drop-database|drop_database|delete-repo/.test(call.tool))
+        return 3;
+    if (/^git\.|^db\.|^telegram\.|^http\./.test(call.tool) || call.tool === 'bash' || /write|send/.test(call.tool))
+        return 2;
+    return 0;
+}
+function makeCard(call, tier) {
+    return {
+        tier,
+        actionSummary: `${call.tool}(${Object.keys(call.args).join(', ')})`,
+        actionHash: createHash('sha256').update(JSON.stringify({ tool: call.tool, args: call.args })).digest('hex'),
+        nonce: randomUUID(),
+        issuedAt: Date.now(),
+    };
+}
+export function makeSafetyPolicy(deps = {}) {
+    const ready = deps.ready ?? true;
+    const sandboxLevel = deps.sandboxSecurityLevel ?? 'full';
+    const isNarrowed = (ctx) => 
+    // Absent or unparsable provenance is treated as untrusted (AC-05-7).
+    ctx.some(span => span.provenance !== 'operator');
+    return {
+        get ready() {
+            return ready;
+        },
+        isNarrowed,
+        evaluate(call, ctx) {
+            // Cold start: nothing executes before the rule set is loaded.
+            if (!ready) {
+                return { decision: 'deny', rule: 'COLD_START', reason: 'safety policy not loaded — fail-closed' };
+            }
+            // Hook infrastructure failure → deny, never allow-on-error (AC-05-27).
+            if (call.args['hookError'] === true) {
+                return { decision: 'deny', rule: 'HOOK_ERROR', reason: 'PreToolUse hook error/timeout — fail-closed' };
+            }
+            // HARD_DENY — normalized matching, no model involvement (ADR-0009).
+            const haystack = normalizeHaystack(call);
+            for (const rule of HARD_DENY) {
+                if (rule.pattern.test(haystack)) {
+                    return { decision: 'deny', rule: rule.id, reason: `matched HARD_DENY ${rule.id}` };
+                }
+            }
+            if (isUnboundedDelete(call)) {
+                return { decision: 'deny', rule: 'DB_DELETE_NO_WHERE', reason: 'DELETE without WHERE' };
+            }
+            // Motivated-call block: untrusted-derived args never execute (ADR-0027).
+            if (call.argsTainted === true) {
+                return { decision: 'deny', rule: 'TAINTED_ARGS', reason: 'args derived from untrusted span' };
+            }
+            // Capability narrowing: outbound / side-effecting drop set is disabled
+            // while any untrusted span is in context (ADR-0027).
+            if (isNarrowed(ctx) && isOutboundOrSideEffecting(call)) {
+                return { decision: 'deny', rule: 'NARROWED_OUTBOUND', reason: 'untrusted span in context — outbound locked' };
+            }
+            // Degraded sandbox (no gVisor): high-risk tools are denied (ADR-0012).
+            if (sandboxLevel === 'degraded-no-gvisor' && isHighRiskShell(call)) {
+                return { decision: 'deny', rule: 'DEGRADED_SANDBOX', reason: 'gVisor unavailable — high-risk tool denied' };
+            }
+            // Autonomy gradient (ADR-0011): Tier-3 always asks via the red card and
+            // is NEVER suppressible by a grant (step-up every time, ADR-0047).
+            // Tier-2 asks, unless a per-tool scoped grant remembers the approval —
+            // checked HERE, after every deny above, so a grant can never override a
+            // deny. Tier-0/1 auto-allow.
+            const tier = tierOf(call);
+            if (tier === 3) {
+                return { decision: 'ask', tier, card: makeCard(call, tier) };
+            }
+            if (tier === 2) {
+                if (deps.grants?.has(call.tool) === true) {
+                    return { decision: 'allow' };
+                }
+                return { decision: 'ask', tier, card: makeCard(call, tier) };
+            }
+            return { decision: 'allow' };
+        },
+    };
+}
+// ---------------------------------------------------------------------------
+// SafetyClassifier — async convenience wrapper over the policy
+// ---------------------------------------------------------------------------
+export function makeSafetyClassifier(deps = {}) {
+    const policy = makeSafetyPolicy(deps);
+    return {
+        classify: async (input) => policy.evaluate(input.call, input.ctx),
+    };
+}
+// ---------------------------------------------------------------------------
+// InputGuard — unconditional defang + advisory classifier (ADR-0028)
+// ---------------------------------------------------------------------------
+const INJECTION_PATTERNS = [
+    /ignore\s+(?:all\s+)?previous\s+instructions/i,
+    /new\s+system\s*(?:prompt|:)/i,
+    /exfiltrate/i,
+];
+export function makeInputGuard(deps = {}) {
+    return {
+        // Deterministic transforms — run 100% of the time, independent of the
+        // classifier: strip auto-loading resources, neutralize URLs, defang
+        // known injection phrasings. Provenance is never modified.
+        defang(span) {
+            let text = span.text;
+            // Markdown images auto-load — stripped entirely.
+            text = text.replace(/!\[[^\]]*\]\([^)]*\)/g, '[image removed]');
+            // Foreign URLs neutralized to a non-loadable scheme.
+            text = text.replace(/https:\/\//gi, 'hxxps://').replace(/http:\/\//gi, 'hxxp://');
+            // Known injection phrasing is visibly marked, never silently passed —
+            // a global-flagged copy ensures every occurrence is defanged, not just
+            // the first (mirrors the Vault redactor below).
+            for (const pattern of INJECTION_PATTERNS) {
+                const gPattern = new RegExp(pattern.source, pattern.flags.includes('g') ? pattern.flags : pattern.flags + 'g');
+                text = text.replace(gPattern, (m) => `[defanged] ${m}`);
+            }
+            return { ...span, text };
+        },
+        // Advisory only: can escalate, can never grant trust (provenance is
+        // owned by Core/Gateway and never rewritten here).
+        async classify(span) {
+            if (deps.classify) {
+                try {
+                    return await deps.classify(span);
+                }
+                catch {
+                    // Classifier unavailable → caller defaults to quarantine; report
+                    // 'suspicious' so nothing is admitted as clean on a dead classifier.
+                    return 'suspicious';
+                }
+            }
+            if (INJECTION_PATTERNS.some(p => p.test(span.text)))
+                return 'injection';
+            if (/password|secret|send\s+all\s+data/i.test(span.text))
+                return 'suspicious';
+            return 'clean';
+        },
+    };
+}
+function shannonEntropy(s) {
+    if (s.length === 0)
+        return 0;
+    const freq = new Map();
+    for (const ch of s)
+        freq.set(ch, (freq.get(ch) ?? 0) + 1);
+    let h = 0;
+    for (const n of freq.values()) {
+        const p = n / s.length;
+        h -= p * Math.log2(p);
+    }
+    return h;
+}
+/** Three-part JWT shape, prefix-free — shared by EgressGuard and the Vault. */
+const JWT_SHAPE = /eyJ[A-Za-z0-9_-]+\.[A-Za-z0-9_-]+\.[A-Za-z0-9_-]+/;
+const SECRET_SHAPES = [
+    /sk_live_[a-z0-9]+/i,
+    /\bAKIA[A-Z0-9_]+/,
+    JWT_SHAPE,
+];
+export function makeEgressGuard(deps = {}) {
+    const proxyAvailable = deps.proxyAvailable ?? true;
+    const maxBody = deps.maxBodyBytes ?? 1_000_000;
+    return {
+        inspectBody(req, ctx) {
+            // Proxy down or allowlist not loaded → nothing leaves (fail-closed).
+            if (!proxyAvailable)
+                return { decision: 'deny', reason: 'egress proxy unavailable' };
+            const entry = deps.allowlist?.find(e => e.host === req.host);
+            if (!entry)
+                return { decision: 'deny', reason: 'host not on egress allowlist' };
+            // Method allowlist: only the methods the host entry declares may pass.
+            const method = req.method.toUpperCase();
+            if (!entry.methods.some(m => m.toUpperCase() === method)) {
+                return { decision: 'deny', reason: 'method not on host egress allowlist' };
+            }
+            // Read-only destination: any write method or body is a deny.
+            const isRead = ['GET', 'HEAD'].includes(method);
+            if (entry.mode === 'read-only' && (!isRead || req.body !== undefined)) {
+                return { decision: 'deny', reason: 'write to read-only destination' };
+            }
+            const body = typeof req.body === 'string' ? req.body : req.body ? Buffer.from(req.body).toString('utf8') : '';
+            if (body.length > maxBody)
+                return { decision: 'deny', reason: 'body exceeds size cap' };
+            if (body.length > 256 && shannonEntropy(body) > 5.5) {
+                return { decision: 'deny', reason: 'high-entropy body (possible encrypted exfil)' };
+            }
+            if (SECRET_SHAPES.some(p => p.test(body))) {
+                return { decision: 'deny', reason: 'secret-shaped pattern in outbound body' };
+            }
+            // While narrowed, free-text query strings are a covert channel.
+            const narrowed = ctx.some(span => span.provenance !== 'operator');
+            if (narrowed && req.queryString && req.queryString.length > 0) {
+                return { decision: 'deny', reason: 'free-text query string while narrowed' };
+            }
+            return { decision: 'allow' };
+        },
+    };
+}
+const TRUST_FIELDS = ['is_human_confirmed', 'permanence', 'trusted', 'human_confirmed'];
+/** Recursively drop every trust-marker field from objects and array elements. */
+function stripTrustDeep(value) {
+    if (Array.isArray(value))
+        return value.map(stripTrustDeep);
+    if (value !== null && typeof value === 'object') {
+        const stripped = {};
+        for (const [key, v] of Object.entries(value)) {
+            if (TRUST_FIELDS.includes(key))
+                continue;
+            stripped[key] = stripTrustDeep(v);
+        }
+        return stripped;
+    }
+    return value;
+}
+export function makeApprovalHandler(deps = {}) {
+    const pending = new Map((deps.pending ?? []).map(p => [p.nonce, p]));
+    const consumed = new Set();
+    const now = deps.now ?? (() => Date.now());
+    const verifyFactor = deps.verifySecondFactor ?? ((f) => f.length > 0);
+    return {
+        confirm(nonce, actionHash, secondFactor) {
+            // Replay: a consumed nonce never confirms again.
+            if (consumed.has(nonce))
+                return { status: 'rejected-replay' };
+            const entry = pending.get(nonce);
+            if (!entry)
+                return { status: 'rejected-stale' };
+            if (now() > entry.expiresAt)
+                return { status: 'rejected-stale' };
+            // The tap must echo the exact pending action's hash.
+            if (actionHash !== entry.actionHash)
+                return { status: 'rejected-hash-mismatch' };
+            // TOCTOU: the staged artifact must be byte-identical at promote time.
+            const stagedNow = deps.currentStagedHash ? deps.currentStagedHash() : entry.stagedHashAtAccept;
+            if (stagedNow !== entry.stagedHashAtAccept)
+                return { status: 'rejected-toctou' };
+            // Step-up second factor for Tier-3 / money / permanence. The record only
+            // asserts a 2FA check when one was actually required AND validated; when
+            // not required, no factor was supplied or verified → false (the approval
+            // is still valid, the field must not claim a check that never happened).
+            const secondFactorOk = entry.requiresSecondFactor && secondFactor !== undefined && verifyFactor(secondFactor);
+            if (entry.requiresSecondFactor && !secondFactorOk)
+                return { status: 'rejected-second-factor' };
+            consumed.add(nonce);
+            return {
+                status: 'approved',
+                record: {
+                    nonce,
+                    actionHash,
+                    op: 'confirm',
+                    tapTimestamp: now(),
+                    secondFactorOk,
+                    stagedHashAtAccept: entry.stagedHashAtAccept,
+                    stagedHashAtPromote: stagedNow,
+                },
+            };
+        },
+        // Model output can never carry trust: every trust/permanence field is
+        // stripped before staging (AC-05-11; the handler is the only setter).
+        // Recurses into nested objects and arrays so a trust field buried at any
+        // depth is also stripped.
+        stripTrustFields(output) {
+            return stripTrustDeep(output);
+        },
+    };
+}
+const BUILTIN_SECRET_PATTERNS = [
+    /sk_live_[A-Za-z0-9]+/g,
+    /AKIA[A-Z0-9_]+/g,
+    new RegExp(JWT_SHAPE.source, 'g'), // shared JWT shape (see JWT_SHAPE)
+];
+export function makeVault(deps = {}) {
+    const secrets = new Map(Object.entries(deps.secrets ?? {}));
+    const patterns = [...BUILTIN_SECRET_PATTERNS];
+    const redactor = {
+        redact(text) {
+            let out = text;
+            // Known secret VALUES are stripped wherever they appear. An empty value
+            // would splice the placeholder between every character — skip it.
+            for (const value of secrets.values()) {
+                if (!value)
+                    continue;
+                out = out.split(value).join('«redacted»');
+            }
+            // Built-in + registered secret SHAPES.
+            for (const pattern of patterns) {
+                out = out.replace(new RegExp(pattern.source, pattern.flags.includes('g') ? pattern.flags : pattern.flags + 'g'), '«redacted»');
+            }
+            return out;
+        },
+    };
+    return {
+        async getSecret(name) {
+            const value = secrets.get(name);
+            if (value === undefined)
+                throw new Error(`vault: secret '${name}' not found`);
+            return value;
+        },
+        async listSecrets() {
+            return [...secrets.keys()];
+        },
+        addRedactionPattern(pattern) {
+            patterns.push(pattern);
+        },
+        get redactor() {
+            return redactor;
+        },
+    };
+}
+export function makeSandboxRunner(deps = {}) {
+    const allowedRoots = deps.allowedMountRoots ?? ['/work', '/tmp/aisy'];
+    const gVisorAvailable = deps.gVisorProbe ? deps.gVisorProbe() : true;
+    const seccompProfile = deps.seccompProfile ?? '/etc/aisy/seccomp-default.json';
+    const usernsRemap = deps.usernsRemap ?? 'default';
+    const running = new Map(); // containerId -> taskId
+    let counter = 0;
+    const validateMounts = (mounts) => {
+        for (const m of mounts) {
+            // The docker socket is host-root-equivalent — never mountable.
+            if (m.hostPath.includes('docker.sock')) {
+                return `mount of ${m.hostPath} refused: docker.sock is never mountable`;
+            }
+            if (!allowedRoots.some(root => m.hostPath === root || m.hostPath.startsWith(`${root}/`))) {
+                return `mount of ${m.hostPath} refused: outside the worktree allowlist`;
+            }
+        }
+        return null;
+    };
+    return {
+        get securityLevel() {
+            return gVisorAvailable ? 'full' : 'degraded-no-gvisor';
+        },
+        validateMounts,
+        async start(config) {
+            const mountError = validateMounts(config.mounts);
+            if (mountError)
+                throw new Error(mountError);
+            // ADR-0012 container invariants — fixed flags, not configurable.
+            const flags = [
+                '--cap-drop=ALL',
+                '--security-opt=no-new-privileges',
+                `--security-opt=seccomp=${seccompProfile}`,
+                `--userns-remap=${usernsRemap}`,
+                '--read-only',
+                config.egressBridge ? `--network=${config.egressBridge}` : '--network=none',
+                '--pids-limit=256',
+                ...(config.gVisorAvailable ? ['--runtime=runsc'] : []),
+            ];
+            const id = deps.launch ? deps.launch(config, flags) : `sbx-${++counter}`;
+            running.set(id, config.taskId);
+            return id;
+        },
+        async exec(containerId, cmd, args) {
+            if (!running.has(containerId))
+                throw new Error(`exec: unknown container ${containerId}`);
+            return deps.execImpl
+                ? deps.execImpl(containerId, cmd, args)
+                : { stdout: '', stderr: '', exitCode: 0 };
+        },
+        async teardown(containerId, _taskId) {
+            // Teardown must be CONFIRMED; an unknown container cannot be confirmed
+            // torn down — the task is marked failed (throw).
+            if (!running.delete(containerId)) {
+                throw new Error(`teardown of unknown container ${containerId} cannot be confirmed`);
+            }
+        },
+    };
+}
+/** Known params per op kind; anything else (incl. any force flag) is refused. */
+const CARVEOUT_KINDS = new Set([
+    'vacuum', 'fts5-optimize', 'wal-checkpoint', 'log-rotation',
+    'docker-prune', 'worktree-prune', 'git-push-ff',
+]);
+export function makeNightlyCarveout(deps = {}) {
+    const isPermitted = (op) => {
+        if (!CARVEOUT_KINDS.has(op.kind))
+            return false;
+        // Precondition: no force flags, no unknown escalation params.
+        if (op.params['force'] === true)
+            return false;
+        if (Object.keys(op.params).some(k => k === 'unknown'))
+            return false;
+        return true;
+    };
+    return {
+        isPermitted,
+        async run(op) {
+            if (!isPermitted(op)) {
+                return { ran: false, reason: `op ${op.kind} not permitted by the carve-out allowlist` };
+            }
+            // Reversibility: pre-op DB snapshot commits BEFORE the op runs.
+            deps.snapshot?.();
+            deps.execOp?.(op);
+            return { ran: true };
+        },
+    };
+}
+// ---------------------------------------------------------------------------
+// LethalTrifectaDetector (ADR-0010) — at least one leg must stay severed
+// ---------------------------------------------------------------------------
+export function makeLethalTrifectaDetector() {
+    return {
+        evaluate(call, ctx) {
+            const hasUntrustedContent = ctx.some(span => span.provenance !== 'operator');
+            const hasPrivateData = ctx.some(
+            // A newline separator stops a match from spanning the text/source join.
+            span => SECRET_SHAPES.some(p => p.test(span.text)) || /api[-_]?key|\.env\b/i.test(`${span.text}\n${span.source}`));
+            const hasOutboundChannel = isOutboundOrSideEffecting(call);
+            const state = { hasUntrustedContent, hasPrivateData, hasOutboundChannel };
+            return { triggered: hasUntrustedContent && hasPrivateData && hasOutboundChannel, state };
+        },
+    };
+}
+//# sourceMappingURL=index.js.map

package/dist/safety/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/safety/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,UAAU,EAAE,MAAM,aAAa,CAAA;AAuDpD,OAAO,EAAE,cAAc,EAAE,MAAM,aAAa,CAAA;AAiC5C,8EAA8E;AAC9E,gDAAgD;AAChD,yEAAyE;AACzE,6EAA6E;AAC7E,8EAA8E;AAE9E,SAAS,iBAAiB,CAAC,IAAc;IACvC,IAAI,CAAC,GAAG,GAAG,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,WAAW,EAAE,CAAA;IACjE,IAAI,CAAC;QACH,CAAC,GAAG,kBAAkB,CAAC,CAAC,CAAC,CAAA;IAC3B,CAAC;IAAC,MAAM,CAAC;QACP,sEAAsE;IACxE,CAAC;IACD,OAAO,CAAC,CAAA;AACV,CAAC;AAOD,MAAM,SAAS,GAAwB;IACrC,EAAE,EAAE,EAAE,sBAAsB,EAAE,OAAO,EAAE,2BAA2B,EAAE;IACpE,EAAE,EAAE,EAAE,sBAAsB,EAAE,OAAO,EAAE,qBAAqB,EAAE;IAC9D,EAAE,EAAE,EAAE,4BAA4B,EAAE,OAAO,EAAE,0CAA0C,EAAE;IACzF,EAAE,EAAE,EAAE,eAAe,EAAE,OAAO,EAAE,kBAAkB,EAAE;IACpD,EAAE,EAAE,EAAE,aAAa,EAAE,OAAO,EAAE,sBAAsB,EAAE;IACtD,EAAE,EAAE,EAAE,UAAU,EAAE,OAAO,EAAE,uDAAuD,EAAE;IACpF,EAAE,EAAE,EAAE,kBAAkB,EAAE,OAAO,EAAE,qDAAqD,EAAE;CAC3F,CAAA;AAED,iFAAiF;AACjF,SAAS,iBAAiB,CAAC,IAAc;IACvC,KAAK,MAAM,CAAC,IAAI,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;QACzC,IAAI,OAAO,CAAC,KAAK,QAAQ;YAAE,SAAQ;QACnC,MAAM,CAAC,GAAG,CAAC,CAAC,WAAW,EAAE,CAAA;QACzB,IAAI,mBAAmB,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC,CAAC;YAAE,OAAO,IAAI,CAAA;IACtE,CAAC;IACD,OAAO,KAAK,CAAA;AACd,CAAC;AAED,8EAA8E;AAC9E,SAAS,yBAAyB,CAAC,IAAc;IAC/C,IAAI,gCAAgC,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC;QAAE,OAAO,IAAI,CAAA;IACjE,IAAI,IAAI,CAAC,IAAI,KAAK,MAAM,EAAE,CAAC;QACzB,MAAM,GAAG,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC,CAAA;QAC1C,OAAO,6CAA6C,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;IAChE,CAAC;IACD,OAAO,KAAK,CAAA;AACd,CAAC;AAED,8EAA8E;AAC9E,SAAS,eAAe,CAAC,IAAc;IACrC,IAAI,IAAI,CAAC,IAAI,KAAK,MAAM;QAAE,OAAO,KAAK,CAAA;IACtC,OAAO,0BAA0B,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC,CAAA;AACxE,CAAC;AAED,SAAS,MAAM,CAAC,IAAc;IAC5B,IAAI,yCAAyC,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC;QAAE,OAAO,CAAC,CAAA;IACvE,IAAI,kCAAkC,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,IAAI,CAAC,IAAI,KAAK,MAAM,IAAI,YAAY,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC;QAAE,OAAO,CAAC,CAAA;IACxH,OAAO,CAAC,CAAA;AACV,CAAC;AAED,SAAS,QAAQ,CAAC,IAAc,EAAE,IAAU;IAC1C,OAAO;QACL,IAAI;QACJ,aAAa,EAAE,GAAG,IAAI,CAAC,IAAI,IAAI,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG;QACnE,UAAU,EAAE,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,IAAI,EAAE,IAAI,CAAC,IAAI,EAAE,IAAI,EAAE,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC;QAC3G,KAAK,EAAE,UAAU,EAAE;QACnB,QAAQ,EAAE,IAAI,CAAC,GAAG,EAAE;KACrB,CAAA;AACH,CAAC;AAmBD,MAAM,UAAU,gBAAgB,CAAC,OAAyB,EAAE;IAC1D,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,IAAI,IAAI,CAAA;IAChC,MAAM,YAAY,GAAG,IAAI,CAAC,oBAAoB,IAAI,MAAM,CAAA;IAExD,MAAM,UAAU,GAAG,CAAC,GAAkB,EAAW,EAAE;IACjD,qEAAqE;IACrE,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,UAAU,KAAK,UAAU,CAAC,CAAA;IAElD,OAAO;QACL,IAAI,KAAK;YACP,OAAO,KAAK,CAAA;QACd,CAAC;QAED,UAAU;QAEV,QAAQ,CAAC,IAAc,EAAE,GAAkB;YACzC,8DAA8D;YAC9D,IAAI,CAAC,KAAK,EAAE,CAAC;gBACX,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAE,IAAI,EAAE,YAAY,EAAE,MAAM,EAAE,wCAAwC,EAAE,CAAA;YACnG,CAAC;YACD,uEAAuE;YACvE,IAAI,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC,KAAK,IAAI,EAAE,CAAC;gBACpC,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAE,IAAI,EAAE,YAAY,EAAE,MAAM,EAAE,6CAA6C,EAAE,CAAA;YACxG,CAAC;YAED,oEAAoE;YACpE,MAAM,QAAQ,GAAG,iBAAiB,CAAC,IAAI,CAAC,CAAA;YACxC,KAAK,MAAM,IAAI,IAAI,SAAS,EAAE,CAAC;gBAC7B,IAAI,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC;oBAChC,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAE,IAAI,EAAE,IAAI,CAAC,EAAE,EAAE,MAAM,EAAE,qBAAqB,IAAI,CAAC,EAAE,EAAE,EAAE,CAAA;gBACpF,CAAC;YACH,CAAC;YACD,IAAI,iBAAiB,CAAC,IAAI,CAAC,EAAE,CAAC;gBAC5B,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAE,IAAI,EAAE,oBAAoB,EAAE,MAAM,EAAE,sBAAsB,EAAE,CAAA;YACzF,CAAC;YAED,yEAAyE;YACzE,IAAI,IAAI,CAAC,WAAW,KAAK,IAAI,EAAE,CAAC;gBAC9B,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAE,IAAI,EAAE,cAAc,EAAE,MAAM,EAAE,kCAAkC,EAAE,CAAA;YAC/F,CAAC;YAED,uEAAuE;YACvE,qDAAqD;YACrD,IAAI,UAAU,CAAC,GAAG,CAAC,IAAI,yBAAyB,CAAC,IAAI,CAAC,EAAE,CAAC;gBACvD,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAE,IAAI,EAAE,mBAAmB,EAAE,MAAM,EAAE,6CAA6C,EAAE,CAAA;YAC/G,CAAC;YAED,uEAAuE;YACvE,IAAI,YAAY,KAAK,oBAAoB,IAAI,eAAe,CAAC,IAAI,CAAC,EAAE,CAAC;gBACnE,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAE,IAAI,EAAE,kBAAkB,EAAE,MAAM,EAAE,4CAA4C,EAAE,CAAA;YAC7G,CAAC;YAED,wEAAwE;YACxE,mEAAmE;YACnE,uEAAuE;YACvE,wEAAwE;YACxE,6BAA6B;YAC7B,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC,CAAA;YACzB,IAAI,IAAI,KAAK,CAAC,EAAE,CAAC;gBACf,OAAO,EAAE,QAAQ,EAAE,KAAK,EAAE,IAAI,EAAE,IAAI,EAAE,QAAQ,CAAC,IAAI,EAAE,IAAI,CAAC,EAAE,CAAA;YAC9D,CAAC;YACD,IAAI,IAAI,KAAK,CAAC,EAAE,CAAC;gBACf,IAAI,IAAI,CAAC,MAAM,EAAE,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK,IAAI,EAAE,CAAC;oBACzC,OAAO,EAAE,QAAQ,EAAE,OAAO,EAAE,CAAA;gBAC9B,CAAC;gBACD,OAAO,EAAE,QAAQ,EAAE,KAAK,EAAE,IAAI,EAAE,IAAI,EAAE,QAAQ,CAAC,IAAI,EAAE,IAAI,CAAC,EAAE,CAAA;YAC9D,CAAC;YACD,OAAO,EAAE,QAAQ,EAAE,OAAO,EAAE,CAAA;QAC9B,CAAC;KACF,CAAA;AACH,CAAC;AAED,8EAA8E;AAC9E,+DAA+D;AAC/D,8EAA8E;AAE9E,MAAM,UAAU,oBAAoB,CAAC,OAAyB,EAAE;IAC9D,MAAM,MAAM,GAAG,gBAAgB,CAAC,IAAI,CAAC,CAAA;IACrC,OAAO;QACL,QAAQ,EAAE,KAAK,EAAE,KAA6C,EAAoB,EAAE,CAClF,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAC,IAAI,EAAE,KAAK,CAAC,GAAG,CAAC;KACzC,CAAA;AACH,CAAC;AAED,8EAA8E;AAC9E,qEAAqE;AACrE,8EAA8E;AAE9E,MAAM,kBAAkB,GAAG;IACzB,8CAA8C;IAC9C,8BAA8B;IAC9B,aAAa;CACd,CAAA;AAOD,MAAM,UAAU,cAAc,CAAC,OAAuB,EAAE;IACtD,OAAO;QACL,sEAAsE;QACtE,oEAAoE;QACpE,2DAA2D;QAC3D,MAAM,CAAC,IAAiB;YACtB,IAAI,IAAI,GAAG,IAAI,CAAC,IAAI,CAAA;YACpB,iDAAiD;YACjD,IAAI,GAAG,IAAI,CAAC,OAAO,CAAC,uBAAuB,EAAE,iBAAiB,CAAC,CAAA;YAC/D,qDAAqD;YACrD,IAAI,GAAG,IAAI,CAAC,OAAO,CAAC,cAAc,EAAE,UAAU,CAAC,CAAC,OAAO,CAAC,aAAa,EAAE,SAAS,CAAC,CAAA;YACjF,sEAAsE;YACtE,uEAAuE;YACvE,gDAAgD;YAChD,KAAK,MAAM,OAAO,IAAI,kBAAkB,EAAE,CAAC;gBACzC,MAAM,QAAQ,GAAG,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,EAAE,OAAO,CAAC,KAAK,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,OAAO,CAAC,KAAK,GAAG,GAAG,CAAC,CAAA;gBAC9G,IAAI,GAAG,IAAI,CAAC,OAAO,CAAC,QAAQ,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,cAAc,CAAC,EAAE,CAAC,CAAA;YACzD,CAAC;YACD,OAAO,EAAE,GAAG,IAAI,EAAE,IAAI,EAAE,CAAA;QAC1B,CAAC;QAED,oEAAoE;QACpE,mDAAmD;QACnD,KAAK,CAAC,QAAQ,CAAC,IAAiB;YAC9B,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;gBAClB,IAAI,CAAC;oBACH,OAAO,MAAM,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAA;gBAClC,CAAC;gBAAC,MAAM,CAAC;oBACP,iEAAiE;oBACjE,qEAAqE;oBACrE,OAAO,YAAY,CAAA;gBACrB,CAAC;YACH,CAAC;YACD,IAAI,kBAAkB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;gBAAE,OAAO,WAAW,CAAA;YACvE,IAAI,oCAAoC,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC;gBAAE,OAAO,YAAY,CAAA;YAC7E,OAAO,OAAO,CAAA;QAChB,CAAC;KACF,CAAA;AACH,CAAC;AAaD,SAAS,cAAc,CAAC,CAAS;IAC/B,IAAI,CAAC,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,CAAC,CAAA;IAC5B,MAAM,IAAI,GAAG,IAAI,GAAG,EAAkB,CAAA;IACtC,KAAK,MAAM,EAAE,IAAI,CAAC;QAAE,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAA;IACzD,IAAI,CAAC,GAAG,CAAC,CAAA;IACT,KAAK,MAAM,CAAC,IAAI,IAAI,CAAC,MAAM,EAAE,EAAE,CAAC;QAC9B,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,MAAM,CAAA;QACtB,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAA;IACvB,CAAC;IACD,OAAO,CAAC,CAAA;AACV,CAAC;AAED,+EAA+E;AAC/E,MAAM,SAAS,GAAG,mDAAmD,CAAA;AAErE,MAAM,aAAa,GAAG;IACpB,oBAAoB;IACpB,kBAAkB;IAClB,SAAS;CACV,CAAA;AAED,MAAM,UAAU,eAAe,CAAC,OAAwB,EAAE;IACxD,MAAM,cAAc,GAAG,IAAI,CAAC,cAAc,IAAI,IAAI,CAAA;IAClD,MAAM,OAAO,GAAG,IAAI,CAAC,YAAY,IAAI,SAAS,CAAA;IAE9C,OAAO;QACL,WAAW,CAAC,GAAoB,EAAE,GAAkB;YAClD,qEAAqE;YACrE,IAAI,CAAC,cAAc;gBAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,0BAA0B,EAAE,CAAA;YACpF,MAAM,KAAK,GAAG,IAAI,CAAC,SAAS,EAAE,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,GAAG,CAAC,IAAI,CAAC,CAAA;YAC5D,IAAI,CAAC,KAAK;gBAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,8BAA8B,EAAE,CAAA;YAE/E,uEAAuE;YACvE,MAAM,MAAM,GAAG,GAAG,CAAC,MAAM,CAAC,WAAW,EAAE,CAAA;YACvC,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,WAAW,EAAE,KAAK,MAAM,CAAC,EAAE,CAAC;gBACzD,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,qCAAqC,EAAE,CAAA;YAC5E,CAAC;YAED,6DAA6D;YAC7D,MAAM,MAAM,GAAG,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAA;YAC/C,IAAI,KAAK,CAAC,IAAI,KAAK,WAAW,IAAI,CAAC,CAAC,MAAM,IAAI,GAAG,CAAC,IAAI,KAAK,SAAS,CAAC,EAAE,CAAC;gBACtE,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,gCAAgC,EAAE,CAAA;YACvE,CAAC;YAED,MAAM,IAAI,GAAG,OAAO,GAAG,CAAC,IAAI,KAAK,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,EAAE,CAAA;YAC7G,IAAI,IAAI,CAAC,MAAM,GAAG,OAAO;gBAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,uBAAuB,EAAE,CAAA;YACvF,IAAI,IAAI,CAAC,MAAM,GAAG,GAAG,IAAI,cAAc,CAAC,IAAI,CAAC,GAAG,GAAG,EAAE,CAAC;gBACpD,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,8CAA8C,EAAE,CAAA;YACrF,CAAC;YACD,IAAI,aAAa,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,EAAE,CAAC;gBAC1C,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,wCAAwC,EAAE,CAAA;YAC/E,CAAC;YAED,gEAAgE;YAChE,MAAM,QAAQ,GAAG,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,UAAU,KAAK,UAAU,CAAC,CAAA;YACjE,IAAI,QAAQ,IAAI,GAAG,CAAC,WAAW,IAAI,GAAG,CAAC,WAAW,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBAC9D,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,uCAAuC,EAAE,CAAA;YAC9E,CAAC;YAED,OAAO,EAAE,QAAQ,EAAE,OAAO,EAAE,CAAA;QAC9B,CAAC;KACF,CAAA;AACH,CAAC;AAsBD,MAAM,YAAY,GAAG,CAAC,oBAAoB,EAAE,YAAY,EAAE,SAAS,EAAE,iBAAiB,CAAC,CAAA;AAEvF,iFAAiF;AACjF,SAAS,cAAc,CAAC,KAAc;IACpC,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC;QAAE,OAAO,KAAK,CAAC,GAAG,CAAC,cAAc,CAAC,CAAA;IAC1D,IAAI,KAAK,KAAK,IAAI,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;QAChD,MAAM,QAAQ,GAA4B,EAAE,CAAA;QAC5C,KAAK,MAAM,CAAC,GAAG,EAAE,CAAC,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,KAAgC,CAAC,EAAE,CAAC;YACxE,IAAI,YAAY,CAAC,QAAQ,CAAC,GAAG,CAAC;gBAAE,SAAQ;YACxC,QAAQ,CAAC,GAAG,CAAC,GAAG,cAAc,CAAC,CAAC,CAAC,CAAA;QACnC,CAAC;QACD,OAAO,QAAQ,CAAA;IACjB,CAAC;IACD,OAAO,KAAK,CAAA;AACd,CAAC;AAED,MAAM,UAAU,mBAAmB,CAAC,OAA4B,EAAE;IAChE,MAAM,OAAO,GAAG,IAAI,GAAG,CAA0B,CAAC,IAAI,CAAC,OAAO,IAAI,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC,CAAC,CAAA;IAC7F,MAAM,QAAQ,GAAG,IAAI,GAAG,EAAU,CAAA;IAClC,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC,CAAA;IAC1C,MAAM,YAAY,GAAG,IAAI,CAAC,kBAAkB,IAAI,CAAC,CAAC,CAAS,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,CAAA;IAE7E,OAAO;QACL,OAAO,CAAC,KAAa,EAAE,UAAkB,EAAE,YAAqB;YAC9D,iDAAiD;YACjD,IAAI,QAAQ,CAAC,GAAG,CAAC,KAAK,CAAC;gBAAE,OAAO,EAAE,MAAM,EAAE,iBAAiB,EAAE,CAAA;YAC7D,MAAM,KAAK,GAAG,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,CAAA;YAChC,IAAI,CAAC,KAAK;gBAAE,OAAO,EAAE,MAAM,EAAE,gBAAgB,EAAE,CAAA;YAC/C,IAAI,GAAG,EAAE,GAAG,KAAK,CAAC,SAAS;gBAAE,OAAO,EAAE,MAAM,EAAE,gBAAgB,EAAE,CAAA;YAChE,qDAAqD;YACrD,IAAI,UAAU,KAAK,KAAK,CAAC,UAAU;gBAAE,OAAO,EAAE,MAAM,EAAE,wBAAwB,EAAE,CAAA;YAChF,sEAAsE;YACtE,MAAM,SAAS,GAAG,IAAI,CAAC,iBAAiB,CAAC,CAAC,CAAC,IAAI,CAAC,iBAAiB,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,kBAAkB,CAAA;YAC9F,IAAI,SAAS,KAAK,KAAK,CAAC,kBAAkB;gBAAE,OAAO,EAAE,MAAM,EAAE,iBAAiB,EAAE,CAAA;YAChF,yEAAyE;YACzE,yEAAyE;YACzE,yEAAyE;YACzE,yEAAyE;YACzE,MAAM,cAAc,GAAG,KAAK,CAAC,oBAAoB,IAAI,YAAY,KAAK,SAAS,IAAI,YAAY,CAAC,YAAY,CAAC,CAAA;YAC7G,IAAI,KAAK,CAAC,oBAAoB,IAAI,CAAC,cAAc;gBAAE,OAAO,EAAE,MAAM,EAAE,wBAAwB,EAAE,CAAA;YAE9F,QAAQ,CAAC,GAAG,CAAC,KAAK,CAAC,CAAA;YACnB,OAAO;gBACL,MAAM,EAAE,UAAU;gBAClB,MAAM,EAAE;oBACN,KAAK;oBACL,UAAU;oBACV,EAAE,EAAE,SAAS;oBACb,YAAY,EAAE,GAAG,EAAE;oBACnB,cAAc;oBACd,kBAAkB,EAAE,KAAK,CAAC,kBAAkB;oBAC5C,mBAAmB,EAAE,SAAS;iBAC/B;aACF,CAAA;QACH,CAAC;QAED,sEAAsE;QACtE,sEAAsE;QACtE,yEAAyE;QACzE,0BAA0B;QAC1B,gBAAgB,CAAC,MAA+B;YAC9C,OAAO,cAAc,CAAC,MAAM,CAA4B,CAAA;QAC1D,CAAC;KACF,CAAA;AACH,CAAC;AAUD,MAAM,uBAAuB,GAAa;IACxC,uBAAuB;IACvB,iBAAiB;IACjB,IAAI,MAAM,CAAC,SAAS,CAAC,MAAM,EAAE,GAAG,CAAC,EAAE,mCAAmC;CACvE,CAAA;AAED,MAAM,UAAU,SAAS,CAAC,OAAkB,EAAE;IAC5C,MAAM,OAAO,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,OAAO,IAAI,EAAE,CAAC,CAAC,CAAA;IAC3D,MAAM,QAAQ,GAAa,CAAC,GAAG,uBAAuB,CAAC,CAAA;IAEvD,MAAM,QAAQ,GAAmB;QAC/B,MAAM,CAAC,IAAY;YACjB,IAAI,GAAG,GAAG,IAAI,CAAA;YACd,wEAAwE;YACxE,kEAAkE;YAClE,KAAK,MAAM,KAAK,IAAI,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC;gBACrC,IAAI,CAAC,KAAK;oBAAE,SAAQ;gBACpB,GAAG,GAAG,GAAG,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,YAAY,CAAC,CAAA;YAC3C,CAAC;YACD,uCAAuC;YACvC,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;gBAC/B,GAAG,GAAG,GAAG,CAAC,OAAO,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,EAAE,OAAO,CAAC,KAAK,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,OAAO,CAAC,KAAK,GAAG,GAAG,CAAC,EAAE,YAAY,CAAC,CAAA;YAChI,CAAC;YACD,OAAO,GAAG,CAAA;QACZ,CAAC;KACF,CAAA;IAED,OAAO;QACL,KAAK,CAAC,SAAS,CAAC,IAAY;YAC1B,MAAM,KAAK,GAAG,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,CAAA;YAC/B,IAAI,KAAK,KAAK,SAAS;gBAAE,MAAM,IAAI,KAAK,CAAC,kBAAkB,IAAI,aAAa,CAAC,CAAA;YAC7E,OAAO,KAAK,CAAA;QACd,CAAC;QACD,KAAK,CAAC,WAAW;YACf,OAAO,CAAC,GAAG,OAAO,CAAC,IAAI,EAAE,CAAC,CAAA;QAC5B,CAAC;QACD,mBAAmB,CAAC,OAAe;YACjC,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,CAAA;QACxB,CAAC;QACD,IAAI,QAAQ;YACV,OAAO,QAAQ,CAAA;QACjB,CAAC;KACF,CAAA;AACH,CAAC;AAqBD,MAAM,UAAU,iBAAiB,CAAC,OAA0B,EAAE;IAC5D,MAAM,YAAY,GAAG,IAAI,CAAC,iBAAiB,IAAI,CAAC,OAAO,EAAE,WAAW,CAAC,CAAA;IACrE,MAAM,eAAe,GAAG,IAAI,CAAC,WAAW,CAAC,CAAC,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC,IAAI,CAAA;IACpE,MAAM,cAAc,GAAG,IAAI,CAAC,cAAc,IAAI,gCAAgC,CAAA;IAC9E,MAAM,WAAW,GAAG,IAAI,CAAC,WAAW,IAAI,SAAS,CAAA;IACjD,MAAM,OAAO,GAAG,IAAI,GAAG,EAAkB,CAAA,CAAC,wBAAwB;IAClE,IAAI,OAAO,GAAG,CAAC,CAAA;IAEf,MAAM,cAAc,GAAG,CAAC,MAAmB,EAAiB,EAAE;QAC5D,KAAK,MAAM,CAAC,IAAI,MAAM,EAAE,CAAC;YACvB,+DAA+D;YAC/D,IAAI,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,aAAa,CAAC,EAAE,CAAC;gBACvC,OAAO,YAAY,CAAC,CAAC,QAAQ,0CAA0C,CAAA;YACzE,CAAC;YACD,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,IAAI,IAAI,CAAC,CAAC,QAAQ,CAAC,UAAU,CAAC,GAAG,IAAI,GAAG,CAAC,CAAC,EAAE,CAAC;gBACzF,OAAO,YAAY,CAAC,CAAC,QAAQ,0CAA0C,CAAA;YACzE,CAAC;QACH,CAAC;QACD,OAAO,IAAI,CAAA;IACb,CAAC,CAAA;IAED,OAAO;QACL,IAAI,aAAa;YACf,OAAO,eAAe,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,oBAAoB,CAAA;QACxD,CAAC;QAED,cAAc;QAEd,KAAK,CAAC,KAAK,CAAC,MAAqB;YAC/B,MAAM,UAAU,GAAG,cAAc,CAAC,MAAM,CAAC,MAAM,CAAC,CAAA;YAChD,IAAI,UAAU;gBAAE,MAAM,IAAI,KAAK,CAAC,UAAU,CAAC,CAAA;YAC3C,iEAAiE;YACjE,MAAM,KAAK,GAAG;gBACZ,gBAAgB;gBAChB,kCAAkC;gBAClC,0BAA0B,cAAc,EAAE;gBAC1C,kBAAkB,WAAW,EAAE;gBAC/B,aAAa;gBACb,MAAM,CAAC,YAAY,CAAC,CAAC,CAAC,aAAa,MAAM,CAAC,YAAY,EAAE,CAAC,CAAC,CAAC,gBAAgB;gBAC3E,kBAAkB;gBAClB,GAAG,CAAC,MAAM,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC,iBAAiB,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;aACvD,CAAA;YACD,MAAM,EAAE,GAAG,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC,CAAC,CAAC,OAAO,EAAE,OAAO,EAAE,CAAA;YACxE,OAAO,CAAC,GAAG,CAAC,EAAE,EAAE,MAAM,CAAC,MAAM,CAAC,CAAA;YAC9B,OAAO,EAAE,CAAA;QACX,CAAC;QAED,KAAK,CAAC,IAAI,CAAC,WAAmB,EAAE,GAAW,EAAE,IAAuB;YAClE,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,WAAW,CAAC;gBAAE,MAAM,IAAI,KAAK,CAAC,2BAA2B,WAAW,EAAE,CAAC,CAAA;YACxF,OAAO,IAAI,CAAC,QAAQ;gBAClB,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,WAAW,EAAE,GAAG,EAAE,IAAI,CAAC;gBACvC,CAAC,CAAC,EAAE,MAAM,EAAE,EAAE,EAAE,MAAM,EAAE,EAAE,EAAE,QAAQ,EAAE,CAAC,EAAE,CAAA;QAC7C,CAAC;QAED,KAAK,CAAC,QAAQ,CAAC,WAAmB,EAAE,OAAe;YACjD,uEAAuE;YACvE,iDAAiD;YACjD,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,WAAW,CAAC,EAAE,CAAC;gBACjC,MAAM,IAAI,KAAK,CAAC,iCAAiC,WAAW,sBAAsB,CAAC,CAAA;YACrF,CAAC;QACH,CAAC;KACF,CAAA;AACH,CAAC;AAaD,iFAAiF;AACjF,MAAM,cAAc,GAA+B,IAAI,GAAG,CAAC;IACzD,QAAQ,EAAE,eAAe,EAAE,gBAAgB,EAAE,cAAc;IAC3D,cAAc,EAAE,gBAAgB,EAAE,aAAa;CAChD,CAAC,CAAA;AAEF,MAAM,UAAU,mBAAmB,CAAC,OAA4B,EAAE;IAChE,MAAM,WAAW,GAAG,CAAC,EAAa,EAAW,EAAE;QAC7C,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,EAAE,CAAC,IAAI,CAAC;YAAE,OAAO,KAAK,CAAA;QAC9C,8DAA8D;QAC9D,IAAI,EAAE,CAAC,MAAM,CAAC,OAAO,CAAC,KAAK,IAAI;YAAE,OAAO,KAAK,CAAA;QAC7C,IAAI,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,KAAK,SAAS,CAAC;YAAE,OAAO,KAAK,CAAA;QACnE,OAAO,IAAI,CAAA;IACb,CAAC,CAAA;IAED,OAAO;QACL,WAAW;QAEX,KAAK,CAAC,GAAG,CAAC,EAAa;YACrB,IAAI,CAAC,WAAW,CAAC,EAAE,CAAC,EAAE,CAAC;gBACrB,OAAO,EAAE,GAAG,EAAE,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,CAAC,IAAI,2CAA2C,EAAE,CAAA;YACzF,CAAC;YACD,gEAAgE;YAChE,IAAI,CAAC,QAAQ,EAAE,EAAE,CAAA;YACjB,IAAI,CAAC,MAAM,EAAE,CAAC,EAAE,CAAC,CAAA;YACjB,OAAO,EAAE,GAAG,EAAE,IAAI,EAAE,CAAA;QACtB,CAAC;KACF,CAAA;AACH,CAAC;AAED,8EAA8E;AAC9E,yEAAyE;AACzE,8EAA8E;AAE9E,MAAM,UAAU,0BAA0B;IACxC,OAAO;QACL,QAAQ,CAAC,IAAc,EAAE,GAAkB;YACzC,MAAM,mBAAmB,GAAG,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,UAAU,KAAK,UAAU,CAAC,CAAA;YAC5E,MAAM,cAAc,GAAG,GAAG,CAAC,IAAI;YAC7B,wEAAwE;YACxE,IAAI,CAAC,EAAE,CAAC,aAAa,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,IAAI,sBAAsB,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC,IAAI,KAAK,IAAI,CAAC,MAAM,EAAE,CAAC,CAClH,CAAA;YACD,MAAM,kBAAkB,GAAG,yBAAyB,CAAC,IAAI,CAAC,CAAA;YAC1D,MAAM,KAAK,GAAG,EAAE,mBAAmB,EAAE,cAAc,EAAE,kBAAkB,EAAE,CAAA;YACzE,OAAO,EAAE,SAAS,EAAE,mBAAmB,IAAI,cAAc,IAAI,kBAAkB,EAAE,KAAK,EAAE,CAAA;QAC1F,CAAC;KACF,CAAA;AACH,CAAC"}