npm - @amaster.ai/pi-memory - Versions diffs - 0.1.0 - Mend

@amaster.ai/pi-memory 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (24) hide show

package/LICENSE +201 -0
package/README.md +131 -0
package/dist/extension.d.ts +14 -0
package/dist/extension.d.ts.map +1 -0
package/dist/extension.js +98 -0
package/dist/extension.js.map +1 -0
package/dist/index.d.ts +6 -0
package/dist/index.d.ts.map +1 -0
package/dist/index.js +5 -0
package/dist/index.js.map +1 -0
package/dist/store.d.ts +91 -0
package/dist/store.d.ts.map +1 -0
package/dist/store.js +399 -0
package/dist/store.js.map +1 -0
package/dist/threat-patterns.d.ts +34 -0
package/dist/threat-patterns.d.ts.map +1 -0
package/dist/threat-patterns.js +211 -0
package/dist/threat-patterns.js.map +1 -0
package/dist/tools.d.ts +4 -0
package/dist/tools.d.ts.map +1 -0
package/dist/tools.js +99 -0
package/dist/tools.js.map +1 -0
package/package.json +88 -0
package/preview.png +0 -0

package/dist/store.js ADDED Viewed

@@ -0,0 +1,399 @@
+import { randomBytes } from 'node:crypto';
+import { promises as fs, mkdirSync } from 'node:fs';
+import path from 'node:path';
+import lockfile from 'proper-lockfile';
+import { firstThreatMessage, scanForThreats } from './threat-patterns.js';
+export const ENTRY_DELIMITER = '\n§\n';
+const FILENAME = {
+    memory: 'MEMORY.md',
+    user: 'USER.md',
+};
+const HEADER_LABEL = {
+    memory: 'MEMORY (your personal notes)',
+    user: 'USER PROFILE (who the user is)',
+};
+const DEFAULT_MEMORY_CHAR_LIMIT = 2200;
+const DEFAULT_USER_CHAR_LIMIT = 1375;
+/**
+ * Bounded curated memory with file persistence.
+ *
+ * Two parallel states:
+ *  - `_systemPromptSnapshot`: frozen at `loadFromDisk()`, used for system
+ *    prompt injection. Never mutated mid-session — keeps prefix cache stable.
+ *  - `memoryEntries` / `userEntries`: live state, mutated by tool calls,
+ *    persisted to disk. Tool responses always reflect this live state.
+ */
+export class MemoryStore {
+    dir;
+    memoryCharLimit;
+    userCharLimit;
+    memoryEntries = [];
+    userEntries = [];
+    systemPromptSnapshot = { memory: '', user: '' };
+    loaded = false;
+    constructor(opts) {
+        this.dir = opts.dir;
+        this.memoryCharLimit = opts.memoryCharLimit ?? DEFAULT_MEMORY_CHAR_LIMIT;
+        this.userCharLimit = opts.userCharLimit ?? DEFAULT_USER_CHAR_LIMIT;
+    }
+    /**
+     * Load entries from MEMORY.md and USER.md, capture system prompt snapshot.
+     *
+     * Each entry is scanned for injection / promptware patterns at strict
+     * scope; ANY match replaces the entry text in the snapshot with a
+     * `[BLOCKED: …]` placeholder so a poisoned-on-disk file (supply chain,
+     * compromised tool, sister-session write) cannot enter the system
+     * prompt. Live state keeps the original so the user can inspect and
+     * remove via `memory_read` / `memory_remove`.
+     */
+    async loadFromDisk() {
+        await fs.mkdir(this.dir, { recursive: true });
+        this.memoryEntries = dedupe(await readEntriesFile(this.pathFor('memory')));
+        this.userEntries = dedupe(await readEntriesFile(this.pathFor('user')));
+        this.systemPromptSnapshot = {
+            memory: this.renderBlock('memory', sanitizeForSnapshot(this.memoryEntries, FILENAME.memory)),
+            user: this.renderBlock('user', sanitizeForSnapshot(this.userEntries, FILENAME.user)),
+        };
+        this.loaded = true;
+    }
+    /** Return frozen snapshot for system prompt injection. Empty string if no entries. */
+    formatForSystemPrompt(target) {
+        return this.systemPromptSnapshot[target] ?? '';
+    }
+    /** Combined memory + user snapshot block, with a blank line between them. */
+    formatAllForSystemPrompt() {
+        const parts = [this.formatForSystemPrompt('memory'), this.formatForSystemPrompt('user')].filter((s) => s.length > 0);
+        return parts.join('\n\n');
+    }
+    /** Live entries, not the frozen snapshot. */
+    getEntries(target) {
+        return [...this.entriesFor(target)];
+    }
+    async add(target, content) {
+        const trimmed = content.trim();
+        if (!trimmed) {
+            return { success: false, error: 'Content cannot be empty.' };
+        }
+        const scanError = firstThreatMessage(trimmed, 'strict');
+        if (scanError) {
+            return { success: false, error: scanError };
+        }
+        return this.withFileLock(target, async () => {
+            const drift = await this.reloadTarget(target);
+            if (drift)
+                return driftError(this.pathFor(target), drift);
+            const entries = this.entriesFor(target);
+            const limit = this.charLimit(target);
+            if (entries.includes(trimmed)) {
+                return this.successResponse(target, 'Entry already exists (no duplicate added).');
+            }
+            const newEntries = [...entries, trimmed];
+            const newTotal = newEntries.join(ENTRY_DELIMITER).length;
+            if (newTotal > limit) {
+                const current = this.charCount(target);
+                return {
+                    success: false,
+                    error: `Memory at ${current.toLocaleString()}/${limit.toLocaleString()} chars. ` +
+                        `Adding this entry (${trimmed.length} chars) would exceed the limit. ` +
+                        `Replace or remove existing entries first.`,
+                    currentEntries: [...entries],
+                    usage: `${current.toLocaleString()}/${limit.toLocaleString()}`,
+                };
+            }
+            this.setEntries(target, newEntries);
+            await this.saveToDisk(target);
+            return this.successResponse(target, 'Entry added.');
+        });
+    }
+    async replace(target, oldText, newContent) {
+        const oldTrim = oldText.trim();
+        const newTrim = newContent.trim();
+        if (!oldTrim)
+            return { success: false, error: 'oldText cannot be empty.' };
+        if (!newTrim)
+            return {
+                success: false,
+                error: "newContent cannot be empty. Use 'remove' to delete entries.",
+            };
+        const scanError = firstThreatMessage(newTrim, 'strict');
+        if (scanError)
+            return { success: false, error: scanError };
+        return this.withFileLock(target, async () => {
+            const drift = await this.reloadTarget(target);
+            if (drift)
+                return driftError(this.pathFor(target), drift);
+            const entries = this.entriesFor(target);
+            const matches = entries
+                .map((entry, i) => ({ entry, i }))
+                .filter(({ entry }) => entry.includes(oldTrim));
+            if (matches.length === 0) {
+                return { success: false, error: `No entry matched '${oldTrim}'.` };
+            }
+            if (matches.length > 1) {
+                const uniqueTexts = new Set(matches.map((m) => m.entry));
+                if (uniqueTexts.size > 1) {
+                    return {
+                        success: false,
+                        error: `Multiple entries matched '${oldTrim}'. Be more specific.`,
+                        matches: matches.map(({ entry }) => entry.length > 80 ? `${entry.slice(0, 80)}...` : entry),
+                    };
+                }
+            }
+            const idx = matches[0].i;
+            const limit = this.charLimit(target);
+            const test = [...entries];
+            test[idx] = newTrim;
+            const newTotal = test.join(ENTRY_DELIMITER).length;
+            if (newTotal > limit) {
+                return {
+                    success: false,
+                    error: `Replacement would put memory at ${newTotal.toLocaleString()}/${limit.toLocaleString()} chars. ` +
+                        `Shorten the new content or remove other entries first.`,
+                };
+            }
+            this.setEntries(target, test);
+            await this.saveToDisk(target);
+            return this.successResponse(target, 'Entry replaced.');
+        });
+    }
+    async remove(target, oldText) {
+        const oldTrim = oldText.trim();
+        if (!oldTrim)
+            return { success: false, error: 'oldText cannot be empty.' };
+        return this.withFileLock(target, async () => {
+            const drift = await this.reloadTarget(target);
+            if (drift)
+                return driftError(this.pathFor(target), drift);
+            const entries = this.entriesFor(target);
+            const matches = entries
+                .map((entry, i) => ({ entry, i }))
+                .filter(({ entry }) => entry.includes(oldTrim));
+            if (matches.length === 0) {
+                return { success: false, error: `No entry matched '${oldTrim}'.` };
+            }
+            if (matches.length > 1) {
+                const uniqueTexts = new Set(matches.map((m) => m.entry));
+                if (uniqueTexts.size > 1) {
+                    return {
+                        success: false,
+                        error: `Multiple entries matched '${oldTrim}'. Be more specific.`,
+                        matches: matches.map(({ entry }) => entry.length > 80 ? `${entry.slice(0, 80)}...` : entry),
+                    };
+                }
+            }
+            const idx = matches[0].i;
+            const next = [...entries.slice(0, idx), ...entries.slice(idx + 1)];
+            this.setEntries(target, next);
+            await this.saveToDisk(target);
+            return this.successResponse(target, 'Entry removed.');
+        });
+    }
+    async read(target) {
+        if (!this.loaded) {
+            await this.loadFromDisk();
+        }
+        return this.successResponse(target);
+    }
+    // -- internals -----------------------------------------------------------
+    pathFor(target) {
+        return path.join(this.dir, FILENAME[target]);
+    }
+    entriesFor(target) {
+        return target === 'user' ? this.userEntries : this.memoryEntries;
+    }
+    setEntries(target, entries) {
+        if (target === 'user')
+            this.userEntries = entries;
+        else
+            this.memoryEntries = entries;
+    }
+    charLimit(target) {
+        return target === 'user' ? this.userCharLimit : this.memoryCharLimit;
+    }
+    charCount(target) {
+        const entries = this.entriesFor(target);
+        return entries.length === 0 ? 0 : entries.join(ENTRY_DELIMITER).length;
+    }
+    successResponse(target, message) {
+        const entries = this.entriesFor(target);
+        const current = this.charCount(target);
+        const limit = this.charLimit(target);
+        const pct = limit > 0 ? Math.min(100, Math.floor((current / limit) * 100)) : 0;
+        const result = {
+            success: true,
+            target,
+            entries: [...entries],
+            usage: `${pct}% — ${current.toLocaleString()}/${limit.toLocaleString()} chars`,
+            entryCount: entries.length,
+        };
+        if (message)
+            result.message = message;
+        return result;
+    }
+    renderBlock(target, entries) {
+        if (entries.length === 0)
+            return '';
+        const limit = this.charLimit(target);
+        const content = entries.join(ENTRY_DELIMITER);
+        const current = content.length;
+        const pct = limit > 0 ? Math.min(100, Math.floor((current / limit) * 100)) : 0;
+        const header = `${HEADER_LABEL[target]} [${pct}% — ${current.toLocaleString()}/${limit.toLocaleString()} chars]`;
+        const sep = '═'.repeat(46);
+        return `${sep}\n${header}\n${sep}\n${content}`;
+    }
+    async saveToDisk(target) {
+        await fs.mkdir(this.dir, { recursive: true });
+        await writeFileAtomic(this.pathFor(target), this.entriesFor(target).join(ENTRY_DELIMITER));
+    }
+    /**
+     * Re-read entries from disk. Returns backup-path string when external
+     * drift was detected (the on-disk file contains content that wouldn't
+     * round-trip through the parser/serializer, OR an entry larger than the
+     * store's char limit). Caller must abort the mutation when drift is
+     * detected — flushing would discard the un-roundtrippable content.
+     */
+    async reloadTarget(target) {
+        const drift = await this.detectExternalDrift(target);
+        const fresh = dedupe(await readEntriesFile(this.pathFor(target)));
+        this.setEntries(target, fresh);
+        return drift;
+    }
+    async detectExternalDrift(target) {
+        const p = this.pathFor(target);
+        let raw;
+        try {
+            raw = await fs.readFile(p, 'utf-8');
+        }
+        catch (err) {
+            if (err.code === 'ENOENT')
+                return null;
+            return null;
+        }
+        if (!raw.trim())
+            return null;
+        const parsed = raw
+            .split(ENTRY_DELIMITER)
+            .map((e) => e.trim())
+            .filter((e) => e.length > 0);
+        const roundtrip = parsed.join(ENTRY_DELIMITER);
+        const charLimit = this.charLimit(target);
+        const maxEntryLen = parsed.reduce((m, e) => Math.max(m, e.length), 0);
+        const drift = raw.trim() !== roundtrip || maxEntryLen > charLimit;
+        if (!drift)
+            return null;
+        const ts = Math.floor(Date.now() / 1000);
+        const bakPath = `${p}.bak.${ts}`;
+        try {
+            await fs.writeFile(bakPath, raw, { encoding: 'utf-8' });
+        }
+        catch {
+            return `${bakPath} (BACKUP FAILED — file unchanged on disk)`;
+        }
+        return bakPath;
+    }
+    async withFileLock(target, fn) {
+        const lockTarget = this.pathFor(target);
+        await fs.mkdir(this.dir, { recursive: true });
+        // proper-lockfile requires the file to exist; create empty if missing.
+        try {
+            await fs.access(lockTarget);
+        }
+        catch {
+            try {
+                await fs.writeFile(lockTarget, '', { encoding: 'utf-8', flag: 'wx' });
+            }
+            catch {
+                /* race: another caller created it */
+            }
+        }
+        const release = await lockfile.lock(lockTarget, {
+            retries: { retries: 10, minTimeout: 50, maxTimeout: 500, factor: 1.5 },
+            stale: 30_000,
+        });
+        try {
+            return await fn();
+        }
+        finally {
+            try {
+                await release();
+            }
+            catch {
+                /* lock already released */
+            }
+        }
+    }
+}
+// ---------------------------------------------------------------------------
+// Helpers
+// ---------------------------------------------------------------------------
+function dedupe(arr) {
+    return Array.from(new Set(arr));
+}
+async function readEntriesFile(p) {
+    let raw;
+    try {
+        raw = await fs.readFile(p, 'utf-8');
+    }
+    catch (err) {
+        if (err.code === 'ENOENT')
+            return [];
+        return [];
+    }
+    if (!raw.trim())
+        return [];
+    return raw
+        .split(ENTRY_DELIMITER)
+        .map((e) => e.trim())
+        .filter((e) => e.length > 0);
+}
+function sanitizeForSnapshot(entries, filename) {
+    const out = [];
+    for (const entry of entries) {
+        if (!entry || entry.startsWith('[BLOCKED:')) {
+            out.push(entry);
+            continue;
+        }
+        const findings = scanForThreats(entry, 'strict');
+        if (findings.length > 0) {
+            out.push(`[BLOCKED: ${filename} entry contained threat pattern(s): ${findings.join(', ')}. ` +
+                `Removed from system prompt; use memory_read to inspect and memory_remove to delete the original.]`);
+        }
+        else {
+            out.push(entry);
+        }
+    }
+    return out;
+}
+function driftError(filePath, bakPath) {
+    const name = path.basename(filePath);
+    return {
+        success: false,
+        error: `Refusing to write ${name}: file on disk has content that wouldn't round-trip through the memory tool ` +
+            `(likely added by a patch tool, a shell append, a manual edit, or a concurrent session). ` +
+            `A snapshot was saved to ${bakPath}. Resolve the drift first — either rewrite the file as a clean ` +
+            `§-delimited list of entries, or move the extra content out — then retry. This guard exists to prevent silent data loss.`,
+        driftBackup: bakPath,
+        remediation: `Open the .bak file, integrate the missing entries into the memory tool one at a time via memory_add, ` +
+            `then remove or rewrite the original file to a clean state.`,
+    };
+}
+async function writeFileAtomic(target, content) {
+    const dir = path.dirname(target);
+    // ensure the dir exists synchronously before tempfile creation
+    mkdirSync(dir, { recursive: true });
+    const tmp = path.join(dir, `.mem_${randomBytes(6).toString('hex')}.tmp`);
+    try {
+        await fs.writeFile(tmp, content, { encoding: 'utf-8' });
+        await fs.rename(tmp, target);
+    }
+    catch (err) {
+        try {
+            await fs.unlink(tmp);
+        }
+        catch {
+            /* ignore */
+        }
+        throw err;
+    }
+}
+//# sourceMappingURL=store.js.map

package/dist/store.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"store.js","sourceRoot":"","sources":["../src/store.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAC1C,OAAO,EAAE,QAAQ,IAAI,EAAE,EAAE,SAAS,EAAE,MAAM,SAAS,CAAC;AACpD,OAAO,IAAI,MAAM,WAAW,CAAC;AAC7B,OAAO,QAAQ,MAAM,iBAAiB,CAAC;AACvC,OAAO,EAAE,kBAAkB,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AAE1E,MAAM,CAAC,MAAM,eAAe,GAAG,OAAO,CAAC;AAuCvC,MAAM,QAAQ,GAAiC;IAC7C,MAAM,EAAE,WAAW;IACnB,IAAI,EAAE,SAAS;CAChB,CAAC;AAEF,MAAM,YAAY,GAAiC;IACjD,MAAM,EAAE,8BAA8B;IACtC,IAAI,EAAE,gCAAgC;CACvC,CAAC;AAEF,MAAM,yBAAyB,GAAG,IAAI,CAAC;AACvC,MAAM,uBAAuB,GAAG,IAAI,CAAC;AAErC;;;;;;;;GAQG;AACH,MAAM,OAAO,WAAW;IACb,GAAG,CAAS;IACZ,eAAe,CAAS;IACxB,aAAa,CAAS;IAEvB,aAAa,GAAa,EAAE,CAAC;IAC7B,WAAW,GAAa,EAAE,CAAC;IAC3B,oBAAoB,GAAiC,EAAE,MAAM,EAAE,EAAE,EAAE,IAAI,EAAE,EAAE,EAAE,CAAC;IAC9E,MAAM,GAAG,KAAK,CAAC;IAEvB,YAAY,IAAwB;QAClC,IAAI,CAAC,GAAG,GAAG,IAAI,CAAC,GAAG,CAAC;QACpB,IAAI,CAAC,eAAe,GAAG,IAAI,CAAC,eAAe,IAAI,yBAAyB,CAAC;QACzE,IAAI,CAAC,aAAa,GAAG,IAAI,CAAC,aAAa,IAAI,uBAAuB,CAAC;IACrE,CAAC;IAED;;;;;;;;;OASG;IACH,KAAK,CAAC,YAAY;QAChB,MAAM,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QAC9C,IAAI,CAAC,aAAa,GAAG,MAAM,CAAC,MAAM,eAAe,CAAC,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC;QAC3E,IAAI,CAAC,WAAW,GAAG,MAAM,CAAC,MAAM,eAAe,CAAC,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;QACvE,IAAI,CAAC,oBAAoB,GAAG;YAC1B,MAAM,EAAE,IAAI,CAAC,WAAW,CAAC,QAAQ,EAAE,mBAAmB,CAAC,IAAI,CAAC,aAAa,EAAE,QAAQ,CAAC,MAAM,CAAC,CAAC;YAC5F,IAAI,EAAE,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,mBAAmB,CAAC,IAAI,CAAC,WAAW,EAAE,QAAQ,CAAC,IAAI,CAAC,CAAC;SACrF,CAAC;QACF,IAAI,CAAC,MAAM,GAAG,IAAI,CAAC;IACrB,CAAC;IAED,sFAAsF;IACtF,qBAAqB,CAAC,MAAoB;QACxC,OAAO,IAAI,CAAC,oBAAoB,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC;IACjD,CAAC;IAED,6EAA6E;IAC7E,wBAAwB;QACtB,MAAM,KAAK,GAAG,CAAC,IAAI,CAAC,qBAAqB,CAAC,QAAQ,CAAC,EAAE,IAAI,CAAC,qBAAqB,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,CAC7F,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,GAAG,CAAC,CACpB,CAAC;QACF,OAAO,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;IAC5B,CAAC;IAED,6CAA6C;IAC7C,UAAU,CAAC,MAAoB;QAC7B,OAAO,CAAC,GAAG,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC,CAAC;IACtC,CAAC;IAED,KAAK,CAAC,GAAG,CAAC,MAAoB,EAAE,OAAe;QAC7C,MAAM,OAAO,GAAG,OAAO,CAAC,IAAI,EAAE,CAAC;QAC/B,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,0BAA0B,EAAE,CAAC;QAC/D,CAAC;QACD,MAAM,SAAS,GAAG,kBAAkB,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC;QACxD,IAAI,SAAS,EAAE,CAAC;YACd,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,SAAS,EAAE,CAAC;QAC9C,CAAC;QAED,OAAO,IAAI,CAAC,YAAY,CAAC,MAAM,EAAE,KAAK,IAAI,EAAE;YAC1C,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,MAAM,CAAC,CAAC;YAC9C,IAAI,KAAK;gBAAE,OAAO,UAAU,CAAC,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,KAAK,CAAC,CAAC;YAE1D,MAAM,OAAO,GAAG,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC;YACxC,MAAM,KAAK,GAAG,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;YAErC,IAAI,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;gBAC9B,OAAO,IAAI,CAAC,eAAe,CAAC,MAAM,EAAE,4CAA4C,CAAC,CAAC;YACpF,CAAC;YAED,MAAM,UAAU,GAAG,CAAC,GAAG,OAAO,EAAE,OAAO,CAAC,CAAC;YACzC,MAAM,QAAQ,GAAG,UAAU,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC,MAAM,CAAC;YACzD,IAAI,QAAQ,GAAG,KAAK,EAAE,CAAC;gBACrB,MAAM,OAAO,GAAG,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;gBACvC,OAAO;oBACL,OAAO,EAAE,KAAK;oBACd,KAAK,EACH,aAAa,OAAO,CAAC,cAAc,EAAE,IAAI,KAAK,CAAC,cAAc,EAAE,UAAU;wBACzE,sBAAsB,OAAO,CAAC,MAAM,kCAAkC;wBACtE,2CAA2C;oBAC7C,cAAc,EAAE,CAAC,GAAG,OAAO,CAAC;oBAC5B,KAAK,EAAE,GAAG,OAAO,CAAC,cAAc,EAAE,IAAI,KAAK,CAAC,cAAc,EAAE,EAAE;iBAC/D,CAAC;YACJ,CAAC;YAED,IAAI,CAAC,UAAU,CAAC,MAAM,EAAE,UAAU,CAAC,CAAC;YACpC,MAAM,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC;YAC9B,OAAO,IAAI,CAAC,eAAe,CAAC,MAAM,EAAE,cAAc,CAAC,CAAC;QACtD,CAAC,CAAC,CAAC;IACL,CAAC;IAED,KAAK,CAAC,OAAO,CAAC,MAAoB,EAAE,OAAe,EAAE,UAAkB;QACrE,MAAM,OAAO,GAAG,OAAO,CAAC,IAAI,EAAE,CAAC;QAC/B,MAAM,OAAO,GAAG,UAAU,CAAC,IAAI,EAAE,CAAC;QAClC,IAAI,CAAC,OAAO;YAAE,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,0BAA0B,EAAE,CAAC;QAC3E,IAAI,CAAC,OAAO;YACV,OAAO;gBACL,OAAO,EAAE,KAAK;gBACd,KAAK,EAAE,6DAA6D;aACrE,CAAC;QAEJ,MAAM,SAAS,GAAG,kBAAkB,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC;QACxD,IAAI,SAAS;YAAE,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,SAAS,EAAE,CAAC;QAE3D,OAAO,IAAI,CAAC,YAAY,CAAC,MAAM,EAAE,KAAK,IAAI,EAAE;YAC1C,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,MAAM,CAAC,CAAC;YAC9C,IAAI,KAAK;gBAAE,OAAO,UAAU,CAAC,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,KAAK,CAAC,CAAC;YAE1D,MAAM,OAAO,GAAG,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC;YACxC,MAAM,OAAO,GAAG,OAAO;iBACpB,GAAG,CAAC,CAAC,KAAK,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,EAAE,KAAK,EAAE,CAAC,EAAE,CAAC,CAAC;iBACjC,MAAM,CAAC,CAAC,EAAE,KAAK,EAAE,EAAE,EAAE,CAAC,KAAK,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAC;YAElD,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;gBACzB,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,qBAAqB,OAAO,IAAI,EAAE,CAAC;YACrE,CAAC;YAED,IAAI,OAAO,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBACvB,MAAM,WAAW,GAAG,IAAI,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC;gBACzD,IAAI,WAAW,CAAC,IAAI,GAAG,CAAC,EAAE,CAAC;oBACzB,OAAO;wBACL,OAAO,EAAE,KAAK;wBACd,KAAK,EAAE,6BAA6B,OAAO,sBAAsB;wBACjE,OAAO,EAAE,OAAO,CAAC,GAAG,CAAC,CAAC,EAAE,KAAK,EAAE,EAAE,EAAE,CACjC,KAAK,CAAC,MAAM,GAAG,EAAE,CAAC,CAAC,CAAC,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,KAAK,CAAC,CAAC,CAAC,KAAK,CACvD;qBACF,CAAC;gBACJ,CAAC;YACH,CAAC;YAED,MAAM,GAAG,GAAG,OAAO,CAAC,CAAC,CAAE,CAAC,CAAC,CAAC;YAC1B,MAAM,KAAK,GAAG,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;YACrC,MAAM,IAAI,GAAG,CAAC,GAAG,OAAO,CAAC,CAAC;YAC1B,IAAI,CAAC,GAAG,CAAC,GAAG,OAAO,CAAC;YACpB,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC,MAAM,CAAC;YACnD,IAAI,QAAQ,GAAG,KAAK,EAAE,CAAC;gBACrB,OAAO;oBACL,OAAO,EAAE,KAAK;oBACd,KAAK,EACH,mCAAmC,QAAQ,CAAC,cAAc,EAAE,IAAI,KAAK,CAAC,cAAc,EAAE,UAAU;wBAChG,wDAAwD;iBAC3D,CAAC;YACJ,CAAC;YAED,IAAI,CAAC,UAAU,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;YAC9B,MAAM,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC;YAC9B,OAAO,IAAI,CAAC,eAAe,CAAC,MAAM,EAAE,iBAAiB,CAAC,CAAC;QACzD,CAAC,CAAC,CAAC;IACL,CAAC;IAED,KAAK,CAAC,MAAM,CAAC,MAAoB,EAAE,OAAe;QAChD,MAAM,OAAO,GAAG,OAAO,CAAC,IAAI,EAAE,CAAC;QAC/B,IAAI,CAAC,OAAO;YAAE,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,0BAA0B,EAAE,CAAC;QAE3E,OAAO,IAAI,CAAC,YAAY,CAAC,MAAM,EAAE,KAAK,IAAI,EAAE;YAC1C,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,MAAM,CAAC,CAAC;YAC9C,IAAI,KAAK;gBAAE,OAAO,UAAU,CAAC,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,KAAK,CAAC,CAAC;YAE1D,MAAM,OAAO,GAAG,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC;YACxC,MAAM,OAAO,GAAG,OAAO;iBACpB,GAAG,CAAC,CAAC,KAAK,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,EAAE,KAAK,EAAE,CAAC,EAAE,CAAC,CAAC;iBACjC,MAAM,CAAC,CAAC,EAAE,KAAK,EAAE,EAAE,EAAE,CAAC,KAAK,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAC;YAElD,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;gBACzB,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,qBAAqB,OAAO,IAAI,EAAE,CAAC;YACrE,CAAC;YAED,IAAI,OAAO,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBACvB,MAAM,WAAW,GAAG,IAAI,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC;gBACzD,IAAI,WAAW,CAAC,IAAI,GAAG,CAAC,EAAE,CAAC;oBACzB,OAAO;wBACL,OAAO,EAAE,KAAK;wBACd,KAAK,EAAE,6BAA6B,OAAO,sBAAsB;wBACjE,OAAO,EAAE,OAAO,CAAC,GAAG,CAAC,CAAC,EAAE,KAAK,EAAE,EAAE,EAAE,CACjC,KAAK,CAAC,MAAM,GAAG,EAAE,CAAC,CAAC,CAAC,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,KAAK,CAAC,CAAC,CAAC,KAAK,CACvD;qBACF,CAAC;gBACJ,CAAC;YACH,CAAC;YAED,MAAM,GAAG,GAAG,OAAO,CAAC,CAAC,CAAE,CAAC,CAAC,CAAC;YAC1B,MAAM,IAAI,GAAG,CAAC,GAAG,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE,GAAG,OAAO,CAAC,KAAK,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC,CAAC;YACnE,IAAI,CAAC,UAAU,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;YAC9B,MAAM,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC;YAC9B,OAAO,IAAI,CAAC,eAAe,CAAC,MAAM,EAAE,gBAAgB,CAAC,CAAC;QACxD,CAAC,CAAC,CAAC;IACL,CAAC;IAED,KAAK,CAAC,IAAI,CAAC,MAAoB;QAC7B,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC;YACjB,MAAM,IAAI,CAAC,YAAY,EAAE,CAAC;QAC5B,CAAC;QACD,OAAO,IAAI,CAAC,eAAe,CAAC,MAAM,CAAC,CAAC;IACtC,CAAC;IAED,2EAA2E;IAEnE,OAAO,CAAC,MAAoB;QAClC,OAAO,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC;IAC/C,CAAC;IAEO,UAAU,CAAC,MAAoB;QACrC,OAAO,MAAM,KAAK,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,CAAC,IAAI,CAAC,aAAa,CAAC;IACnE,CAAC;IAEO,UAAU,CAAC,MAAoB,EAAE,OAAiB;QACxD,IAAI,MAAM,KAAK,MAAM;YAAE,IAAI,CAAC,WAAW,GAAG,OAAO,CAAC;;YAC7C,IAAI,CAAC,aAAa,GAAG,OAAO,CAAC;IACpC,CAAC;IAEO,SAAS,CAAC,MAAoB;QACpC,OAAO,MAAM,KAAK,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC,CAAC,IAAI,CAAC,eAAe,CAAC;IACvE,CAAC;IAEO,SAAS,CAAC,MAAoB;QACpC,MAAM,OAAO,GAAG,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC;QACxC,OAAO,OAAO,CAAC,MAAM,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC,MAAM,CAAC;IACzE,CAAC;IAEO,eAAe,CAAC,MAAoB,EAAE,OAAgB;QAC5D,MAAM,OAAO,GAAG,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC;QACxC,MAAM,OAAO,GAAG,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;QACvC,MAAM,KAAK,GAAG,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;QACrC,MAAM,GAAG,GAAG,KAAK,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,IAAI,CAAC,KAAK,CAAC,CAAC,OAAO,GAAG,KAAK,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;QAC/E,MAAM,MAAM,GAAwB;YAClC,OAAO,EAAE,IAAI;YACb,MAAM;YACN,OAAO,EAAE,CAAC,GAAG,OAAO,CAAC;YACrB,KAAK,EAAE,GAAG,GAAG,OAAO,OAAO,CAAC,cAAc,EAAE,IAAI,KAAK,CAAC,cAAc,EAAE,QAAQ;YAC9E,UAAU,EAAE,OAAO,CAAC,MAAM;SAC3B,CAAC;QACF,IAAI,OAAO;YAAE,MAAM,CAAC,OAAO,GAAG,OAAO,CAAC;QACtC,OAAO,MAAM,CAAC;IAChB,CAAC;IAEO,WAAW,CAAC,MAAoB,EAAE,OAAiB;QACzD,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC;YAAE,OAAO,EAAE,CAAC;QACpC,MAAM,KAAK,GAAG,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;QACrC,MAAM,OAAO,GAAG,OAAO,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;QAC9C,MAAM,OAAO,GAAG,OAAO,CAAC,MAAM,CAAC;QAC/B,MAAM,GAAG,GAAG,KAAK,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,IAAI,CAAC,KAAK,CAAC,CAAC,OAAO,GAAG,KAAK,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;QAC/E,MAAM,MAAM,GAAG,GAAG,YAAY,CAAC,MAAM,CAAC,KAAK,GAAG,OAAO,OAAO,CAAC,cAAc,EAAE,IAAI,KAAK,CAAC,cAAc,EAAE,SAAS,CAAC;QACjH,MAAM,GAAG,GAAG,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;QAC3B,OAAO,GAAG,GAAG,KAAK,MAAM,KAAK,GAAG,KAAK,OAAO,EAAE,CAAC;IACjD,CAAC;IAEO,KAAK,CAAC,UAAU,CAAC,MAAoB;QAC3C,MAAM,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QAC9C,MAAM,eAAe,CAAC,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC,CAAC;IAC7F,CAAC;IAED;;;;;;OAMG;IACK,KAAK,CAAC,YAAY,CAAC,MAAoB;QAC7C,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,mBAAmB,CAAC,MAAM,CAAC,CAAC;QACrD,MAAM,KAAK,GAAG,MAAM,CAAC,MAAM,eAAe,CAAC,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;QAClE,IAAI,CAAC,UAAU,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC;QAC/B,OAAO,KAAK,CAAC;IACf,CAAC;IAEO,KAAK,CAAC,mBAAmB,CAAC,MAAoB;QACpD,MAAM,CAAC,GAAG,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QAC/B,IAAI,GAAW,CAAC;QAChB,IAAI,CAAC;YACH,GAAG,GAAG,MAAM,EAAE,CAAC,QAAQ,CAAC,CAAC,EAAE,OAAO,CAAC,CAAC;QACtC,CAAC;QAAC,OAAO,GAAY,EAAE,CAAC;YACtB,IAAK,GAA6B,CAAC,IAAI,KAAK,QAAQ;gBAAE,OAAO,IAAI,CAAC;YAClE,OAAO,IAAI,CAAC;QACd,CAAC;QACD,IAAI,CAAC,GAAG,CAAC,IAAI,EAAE;YAAE,OAAO,IAAI,CAAC;QAE7B,MAAM,MAAM,GAAG,GAAG;aACf,KAAK,CAAC,eAAe,CAAC;aACtB,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;aACpB,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;QAC/B,MAAM,SAAS,GAAG,MAAM,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;QAC/C,MAAM,SAAS,GAAG,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;QACzC,MAAM,WAAW,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,CAAC;QAEtE,MAAM,KAAK,GAAG,GAAG,CAAC,IAAI,EAAE,KAAK,SAAS,IAAI,WAAW,GAAG,SAAS,CAAC;QAClE,IAAI,CAAC,KAAK;YAAE,OAAO,IAAI,CAAC;QAExB,MAAM,EAAE,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;QACzC,MAAM,OAAO,GAAG,GAAG,CAAC,QAAQ,EAAE,EAAE,CAAC;QACjC,IAAI,CAAC;YACH,MAAM,EAAE,CAAC,SAAS,CAAC,OAAO,EAAE,GAAG,EAAE,EAAE,QAAQ,EAAE,OAAO,EAAE,CAAC,CAAC;QAC1D,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,GAAG,OAAO,2CAA2C,CAAC;QAC/D,CAAC;QACD,OAAO,OAAO,CAAC;IACjB,CAAC;IAEO,KAAK,CAAC,YAAY,CAAI,MAAoB,EAAE,EAAoB;QACtE,MAAM,UAAU,GAAG,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QACxC,MAAM,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QAC9C,uEAAuE;QACvE,IAAI,CAAC;YACH,MAAM,EAAE,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC;QAC9B,CAAC;QAAC,MAAM,CAAC;YACP,IAAI,CAAC;gBACH,MAAM,EAAE,CAAC,SAAS,CAAC,UAAU,EAAE,EAAE,EAAE,EAAE,QAAQ,EAAE,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC;YACxE,CAAC;YAAC,MAAM,CAAC;gBACP,qCAAqC;YACvC,CAAC;QACH,CAAC;QAED,MAAM,OAAO,GAAG,MAAM,QAAQ,CAAC,IAAI,CAAC,UAAU,EAAE;YAC9C,OAAO,EAAE,EAAE,OAAO,EAAE,EAAE,EAAE,UAAU,EAAE,EAAE,EAAE,UAAU,EAAE,GAAG,EAAE,MAAM,EAAE,GAAG,EAAE;YACtE,KAAK,EAAE,MAAM;SACd,CAAC,CAAC;QACH,IAAI,CAAC;YACH,OAAO,MAAM,EAAE,EAAE,CAAC;QACpB,CAAC;gBAAS,CAAC;YACT,IAAI,CAAC;gBACH,MAAM,OAAO,EAAE,CAAC;YAClB,CAAC;YAAC,MAAM,CAAC;gBACP,2BAA2B;YAC7B,CAAC;QACH,CAAC;IACH,CAAC;CACF;AAED,8EAA8E;AAC9E,UAAU;AACV,8EAA8E;AAE9E,SAAS,MAAM,CAAI,GAAQ;IACzB,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC;AAClC,CAAC;AAED,KAAK,UAAU,eAAe,CAAC,CAAS;IACtC,IAAI,GAAW,CAAC;IAChB,IAAI,CAAC;QACH,GAAG,GAAG,MAAM,EAAE,CAAC,QAAQ,CAAC,CAAC,EAAE,OAAO,CAAC,CAAC;IACtC,CAAC;IAAC,OAAO,GAAY,EAAE,CAAC;QACtB,IAAK,GAA6B,CAAC,IAAI,KAAK,QAAQ;YAAE,OAAO,EAAE,CAAC;QAChE,OAAO,EAAE,CAAC;IACZ,CAAC;IACD,IAAI,CAAC,GAAG,CAAC,IAAI,EAAE;QAAE,OAAO,EAAE,CAAC;IAC3B,OAAO,GAAG;SACP,KAAK,CAAC,eAAe,CAAC;SACtB,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;SACpB,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;AACjC,CAAC;AAED,SAAS,mBAAmB,CAAC,OAAiB,EAAE,QAAgB;IAC9D,MAAM,GAAG,GAAa,EAAE,CAAC;IACzB,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE,CAAC;QAC5B,IAAI,CAAC,KAAK,IAAI,KAAK,CAAC,UAAU,CAAC,WAAW,CAAC,EAAE,CAAC;YAC5C,GAAG,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;YAChB,SAAS;QACX,CAAC;QACD,MAAM,QAAQ,GAAG,cAAc,CAAC,KAAK,EAAE,QAAQ,CAAC,CAAC;QACjD,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACxB,GAAG,CAAC,IAAI,CACN,aAAa,QAAQ,uCAAuC,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI;gBACjF,mGAAmG,CACtG,CAAC;QACJ,CAAC;aAAM,CAAC;YACN,GAAG,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAClB,CAAC;IACH,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AAED,SAAS,UAAU,CAAC,QAAgB,EAAE,OAAe;IACnD,MAAM,IAAI,GAAG,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;IACrC,OAAO;QACL,OAAO,EAAE,KAAK;QACd,KAAK,EACH,qBAAqB,IAAI,8EAA8E;YACvG,0FAA0F;YAC1F,2BAA2B,OAAO,iEAAiE;YACnG,yHAAyH;QAC3H,WAAW,EAAE,OAAO;QACpB,WAAW,EACT,uGAAuG;YACvG,4DAA4D;KAC/D,CAAC;AACJ,CAAC;AAED,KAAK,UAAU,eAAe,CAAC,MAAc,EAAE,OAAe;IAC5D,MAAM,GAAG,GAAG,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;IACjC,+DAA+D;IAC/D,SAAS,CAAC,GAAG,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IACpC,MAAM,GAAG,GAAG,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,QAAQ,WAAW,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;IACzE,IAAI,CAAC;QACH,MAAM,EAAE,CAAC,SAAS,CAAC,GAAG,EAAE,OAAO,EAAE,EAAE,QAAQ,EAAE,OAAO,EAAE,CAAC,CAAC;QACxD,MAAM,EAAE,CAAC,MAAM,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC;IAC/B,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,IAAI,CAAC;YACH,MAAM,EAAE,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QACvB,CAAC;QAAC,MAAM,CAAC;YACP,YAAY;QACd,CAAC;QACD,MAAM,GAAG,CAAC;IACZ,CAAC;AACH,CAAC"}

package/dist/threat-patterns.d.ts ADDED Viewed

@@ -0,0 +1,34 @@
+/**
+ * Threat-pattern library for memory content scanning.
+ *
+ * Covers prompt injection, role hijack, C2 framework names, exfiltration,
+ * persistence (SSH backdoor, agent-config edits), and invisible unicode.
+ *
+ * Pattern philosophy: anchor on attack-specific vocabulary or unambiguous
+ * attack behavior, NOT on bossy English.  Multi-word filler is allowed via
+ * `(?:\w+\s+)*` between key tokens so attackers can't bypass with
+ * synonyms ("ignore all prior instructions").
+ */
+type Scope = 'all' | 'context' | 'strict';
+/**
+ * Invisible / bidirectional unicode characters used in injection attacks.
+ */
+export declare const INVISIBLE_CHARS: ReadonlySet<string>;
+/**
+ * Return matched pattern IDs in `content` at the given scope.
+ *
+ * - `all`: classic injection + exfil only (lowest false-positive set).
+ * - `context`: adds promptware / C2 / role-play patterns.
+ * - `strict`: adds persistence / SSH backdoor / exfil-URL patterns.
+ *
+ * Invisible-unicode hits are reported as `invisible_unicode_U+XXXX`.
+ */
+export declare function scanForThreats(content: string, scope?: Scope): string[];
+/**
+ * Return a human-readable error string for the first threat in `content`,
+ * or `null` when clean.  Convenience wrapper for paths that block on first
+ * hit (memory writes).
+ */
+export declare function firstThreatMessage(content: string, scope?: Scope): string | null;
+export {};
+//# sourceMappingURL=threat-patterns.d.ts.map

package/dist/threat-patterns.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"threat-patterns.d.ts","sourceRoot":"","sources":["../src/threat-patterns.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAEH,KAAK,KAAK,GAAG,KAAK,GAAG,SAAS,GAAG,QAAQ,CAAC;AAmH1C;;GAEG;AACH,eAAO,MAAM,eAAe,EAAE,WAAW,CAAC,MAAM,CAkB9C,CAAC;AA0BH;;;;;;;;GAQG;AACH,wBAAgB,cAAc,CAAC,OAAO,EAAE,MAAM,EAAE,KAAK,GAAE,KAAiB,GAAG,MAAM,EAAE,CA0BlF;AAED;;;;GAIG;AACH,wBAAgB,kBAAkB,CAAC,OAAO,EAAE,MAAM,EAAE,KAAK,GAAE,KAAgB,GAAG,MAAM,GAAG,IAAI,CAW1F"}

package/dist/threat-patterns.js ADDED Viewed

@@ -0,0 +1,211 @@
+/**
+ * Threat-pattern library for memory content scanning.
+ *
+ * Covers prompt injection, role hijack, C2 framework names, exfiltration,
+ * persistence (SSH backdoor, agent-config edits), and invisible unicode.
+ *
+ * Pattern philosophy: anchor on attack-specific vocabulary or unambiguous
+ * attack behavior, NOT on bossy English.  Multi-word filler is allowed via
+ * `(?:\w+\s+)*` between key tokens so attackers can't bypass with
+ * synonyms ("ignore all prior instructions").
+ */
+const RAW_PATTERNS = [
+    // Classic prompt injection (applies everywhere)
+    [
+        String.raw `ignore\s+(?:\w+\s+)*(previous|all|above|prior)\s+(?:\w+\s+)*instructions`,
+        'prompt_injection',
+        'all',
+    ],
+    [String.raw `system\s+prompt\s+override`, 'sys_prompt_override', 'all'],
+    [
+        String.raw `disregard\s+(?:\w+\s+)*(your|all|any)\s+(?:\w+\s+)*(instructions|rules|guidelines)`,
+        'disregard_rules',
+        'all',
+    ],
+    [
+        String.raw `act\s+as\s+(if|though)\s+(?:\w+\s+)*you\s+(?:\w+\s+)*(have\s+no|don't\s+have)\s+(?:\w+\s+)*(restrictions|limits|rules)`,
+        'bypass_restrictions',
+        'all',
+    ],
+    ['<!--[^>]*(?:ignore|override|system|secret|hidden)[^>]*-->', 'html_comment_injection', 'all'],
+    [String.raw `<\s*div\s+style\s*=\s*["'][\s\S]*?display\s*:\s*none`, 'hidden_div', 'all'],
+    [String.raw `translate\s+.*\s+into\s+.*\s+and\s+(execute|run|eval)`, 'translate_execute', 'all'],
+    [String.raw `do\s+not\s+(?:\w+\s+)*tell\s+(?:\w+\s+)*the\s+user`, 'deception_hide', 'all'],
+    // Role-play / identity hijack (context + strict)
+    [String.raw `you\s+are\s+(?:\w+\s+)*now\s+(?:a|an|the)\s+`, 'role_hijack', 'context'],
+    [String.raw `pretend\s+(?:\w+\s+)*(you\s+are|to\s+be)\s+`, 'role_pretend', 'context'],
+    [String.raw `output\s+(?:\w+\s+)*(system|initial)\s+prompt`, 'leak_system_prompt', 'context'],
+    [
+        String.raw `(respond|answer|reply)\s+without\s+(?:\w+\s+)*(restrictions|limitations|filters|safety)`,
+        'remove_filters',
+        'context',
+    ],
+    [
+        String.raw `you\s+have\s+been\s+(?:\w+\s+)*(updated|upgraded|patched)\s+to`,
+        'fake_update',
+        'context',
+    ],
+    [String.raw `\bname\s+yourself\s+\w+`, 'identity_override', 'context'],
+    // C2 / Brainworm-style promptware
+    [String.raw `register\s+(as\s+)?a?\s*node`, 'c2_node_registration', 'context'],
+    [String.raw `(heartbeat|beacon|check[\s\-]?in)\s+(to|with)\s+`, 'c2_heartbeat', 'context'],
+    [String.raw `pull\s+(down\s+)?(?:new\s+)?task(?:ing|s)?\b`, 'c2_task_pull', 'context'],
+    [String.raw `connect\s+to\s+the\s+network\b`, 'c2_network_connect', 'context'],
+    [
+        String.raw `you\s+must\s+(?:\w+\s+){0,3}(register|connect|report|beacon)\b`,
+        'forced_action',
+        'context',
+    ],
+    [String.raw `only\s+use\s+one[\s\-]?liners?\b`, 'anti_forensic_oneliner', 'context'],
+    [
+        String.raw `never\s+(?:\w+\s+)*(?:create|write)\s+(?:\w+\s+)*(?:script|file)\s+(?:\w+\s+)*disk`,
+        'anti_forensic_disk',
+        'context',
+    ],
+    [
+        String.raw `unset\s+\w*(?:CLAUDE|CODEX|HERMES|AGENT|OPENAI|ANTHROPIC|PI)\w*`,
+        'env_var_unset_agent',
+        'context',
+    ],
+    // Known C2 framework names
+    [
+        String.raw `\b(?:praxis|cobalt\s*strike|sliver|havoc|mythic|metasploit|brainworm)\b`,
+        'known_c2_framework',
+        'context',
+    ],
+    [String.raw `\bc2\s+(?:server|channel|infrastructure|beacon)\b`, 'c2_explicit', 'context'],
+    [String.raw `\bcommand\s+and\s+control\b`, 'c2_explicit_long', 'context'],
+    // Exfiltration via curl/wget/cat with secrets
+    [
+        String.raw `curl\s+[^\n]*\$\{?\w*(KEY|TOKEN|SECRET|PASSWORD|CREDENTIAL|API)`,
+        'exfil_curl',
+        'all',
+    ],
+    [
+        String.raw `wget\s+[^\n]*\$\{?\w*(KEY|TOKEN|SECRET|PASSWORD|CREDENTIAL|API)`,
+        'exfil_wget',
+        'all',
+    ],
+    [
+        String.raw `cat\s+[^\n]*(\.env|credentials|\.netrc|\.pgpass|\.npmrc|\.pypirc)`,
+        'read_secrets',
+        'all',
+    ],
+    [String.raw `(send|post|upload|transmit)\s+.*\s+(to|at)\s+https?://`, 'send_to_url', 'strict'],
+    [
+        String.raw `(include|output|print|share)\s+(?:\w+\s+)*(conversation|chat\s+history|previous\s+messages|full\s+context|entire\s+context)`,
+        'context_exfil',
+        'strict',
+    ],
+    // Persistence / SSH backdoor (strict scope)
+    ['authorized_keys', 'ssh_backdoor', 'strict'],
+    [String.raw `\$HOME/\.ssh|~/\.ssh`, 'ssh_access', 'strict'],
+    [String.raw `\$HOME/\.pi/\.env|~/\.pi/\.env`, 'pi_env', 'strict'],
+    [
+        String.raw `(update|modify|edit|write|change|append|add\s+to)\s+.*(?:AGENTS\.md|CLAUDE\.md|\.cursorrules|\.clinerules)`,
+        'agent_config_mod',
+        'strict',
+    ],
+    // Hardcoded secrets
+    [
+        String.raw `(?:api[_-]?key|token|secret|password)\s*[=:]\s*["'][A-Za-z0-9+/=_-]{20,}`,
+        'hardcoded_secret',
+        'strict',
+    ],
+];
+/**
+ * Invisible / bidirectional unicode characters used in injection attacks.
+ */
+export const INVISIBLE_CHARS = new Set([
+    '', // zero-width space
+    '‌', // zero-width non-joiner
+    '‍', // zero-width joiner
+    '⁠', // word joiner
+    '⁢', // invisible times
+    '⁣', // invisible separator
+    '⁤', // invisible plus
+    '', // zero-width no-break space (BOM)
+    '‪', // left-to-right embedding
+    '‫', // right-to-left embedding
+    '‬', // pop directional formatting
+    '‭', // left-to-right override
+    '‮', // right-to-left override
+    '⁦', // left-to-right isolate
+    '⁧', // right-to-left isolate
+    '⁨', // first strong isolate
+    '⁩', // pop directional isolate
+]);
+function buildScopeSets() {
+    const all = [];
+    const context = [];
+    const strict = [];
+    for (const [pattern, id, scope] of RAW_PATTERNS) {
+        const compiled = [new RegExp(pattern, 'i'), id];
+        if (scope === 'all') {
+            all.push(compiled);
+            context.push(compiled);
+            strict.push(compiled);
+        }
+        else if (scope === 'context') {
+            context.push(compiled);
+            strict.push(compiled);
+        }
+        else {
+            strict.push(compiled);
+        }
+    }
+    return { all, context, strict };
+}
+const COMPILED = buildScopeSets();
+/**
+ * Return matched pattern IDs in `content` at the given scope.
+ *
+ * - `all`: classic injection + exfil only (lowest false-positive set).
+ * - `context`: adds promptware / C2 / role-play patterns.
+ * - `strict`: adds persistence / SSH backdoor / exfil-URL patterns.
+ *
+ * Invisible-unicode hits are reported as `invisible_unicode_U+XXXX`.
+ */
+export function scanForThreats(content, scope = 'context') {
+    if (!content) {
+        return [];
+    }
+    const findings = [];
+    for (const ch of content) {
+        if (INVISIBLE_CHARS.has(ch)) {
+            const code = ch.codePointAt(0).toString(16).toUpperCase().padStart(4, '0');
+            const finding = `invisible_unicode_U+${code}`;
+            if (!findings.includes(finding)) {
+                findings.push(finding);
+            }
+        }
+    }
+    const patterns = COMPILED[scope];
+    if (!patterns) {
+        throw new Error(`scanForThreats: unknown scope '${scope}'`);
+    }
+    for (const [regex, id] of patterns) {
+        if (regex.test(content)) {
+            findings.push(id);
+        }
+    }
+    return findings;
+}
+/**
+ * Return a human-readable error string for the first threat in `content`,
+ * or `null` when clean.  Convenience wrapper for paths that block on first
+ * hit (memory writes).
+ */
+export function firstThreatMessage(content, scope = 'strict') {
+    const findings = scanForThreats(content, scope);
+    if (findings.length === 0) {
+        return null;
+    }
+    const id = findings[0];
+    if (id.startsWith('invisible_unicode_')) {
+        const codepoint = id.replace('invisible_unicode_', '');
+        return `Blocked: content contains invisible unicode character ${codepoint} (possible injection).`;
+    }
+    return `Blocked: content matches threat pattern '${id}'. Content is injected into the system prompt and must not contain injection or exfiltration payloads.`;
+}
+//# sourceMappingURL=threat-patterns.js.map