@dcyfr/ai 2.1.3 → 3.0.0

package/dist/ai/src/plugins/anomaly/behavior-baseline.d.ts

@@ -0,0 +1,79 @@
+/**
+ * Behavior Baseline Profiler
+ *
+ * Maintains per-plugin rolling statistical baselines using Welford's online
+ * algorithm. Tracks mean and standard deviation for each behavioral metric
+ * without storing raw samples.
+ *
+ * @module plugins/anomaly/behavior-baseline
+ * @version 1.0.0
+ * @date 2026-02-28
+ * @license MIT
+ */
+import type { PluginBaseline, PluginMetricSample, BehaviorMetric } from './types.js';
+/**
+ * In-memory behavior baseline store.
+ *
+ * Uses Welford's online algorithm for numerically stable computation of
+ * rolling mean and standard deviation without retaining raw sample history.
+ *
+ * @example
+ * ```ts
+ * const baseline = new BehaviorBaseline();
+ * baseline.updateBaseline({ plugin_id: 'my-plugin', run_id: 'r1',
+ *   measured_at: new Date().toISOString(), filesystem_ops: 120,
+ *   network_requests: 5, cpu_percent: 30, memory_mb: 80 });
+ *
+ * const sigma = baseline.getStdDevsFromMean('my-plugin', 'filesystem_ops', 900);
+ * // returns null when < MIN_SAMPLES, or a numeric z-score otherwise
+ * ```
+ */
+export declare class BehaviorBaseline {
+    /**
+     * Minimum samples required before std-dev comparisons are meaningful.
+     * Below this threshold, `getStdDevsFromMean` returns null.
+     */
+    static readonly MIN_SAMPLES = 5;
+    /** plugin_id → metric → running stats */
+    private readonly store;
+    /**
+     * Incorporate a new sample into all four metric baselines for the plugin.
+     * Safe to call on the very first observation — initialises state automatically.
+     */
+    updateBaseline(sample: PluginMetricSample): void;
+    /**
+     * Retrieve the current baseline for a specific plugin + metric.
+     * Returns `null` if no observations have been made yet.
+     */
+    getBaseline(pluginId: string, metric: BehaviorMetric): PluginBaseline | null;
+    /**
+     * Calculate how many standard deviations `value` is from the baseline mean.
+     *
+     * Returns `null` when:
+     * - No baseline exists for this plugin + metric.
+     * - Sample count is below `MIN_SAMPLES` (baseline not yet reliable).
+     * - The standard deviation is 0 or effectively zero (constant metric) —
+     *   returns `null` to avoid false spikes on perfectly stable plugins.
+     */
+    getStdDevsFromMean(pluginId: string, metric: BehaviorMetric, value: number): number | null;
+    /**
+     * Return all baselines for a given plugin.
+     * Useful for serialisation or debugging.
+     */
+    getAllBaselines(pluginId: string): PluginBaseline[];
+    /**
+     * Reset all baselines for a plugin. Used when a plugin is re-certified or
+     * after a version bump that changes expected behaviour.
+     */
+    resetBaseline(pluginId: string): void;
+    private getOrCreatePluginMap;
+    /**
+     * Welford's online algorithm — single-pass update of mean and M2.
+     *
+     * @see https://en.wikipedia.org/wiki/Algorithms_for_calculating_variance#Welford's_online_algorithm
+     */
+    private welfordUpdate;
+    /** Population standard deviation derived from M2 accumulator. */
+    private deriveStdDev;
+}
+//# sourceMappingURL=behavior-baseline.d.ts.map

package/dist/ai/src/plugins/anomaly/behavior-baseline.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"behavior-baseline.d.ts","sourceRoot":"","sources":["../../../../../packages/ai/src/plugins/anomaly/behavior-baseline.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH,OAAO,KAAK,EACV,cAAc,EACd,kBAAkB,EAClB,cAAc,EACf,MAAM,YAAY,CAAC;AAqBpB;;;;;;;;;;;;;;;;GAgBG;AACH,qBAAa,gBAAgB;IAC3B;;;OAGG;IACH,MAAM,CAAC,QAAQ,CAAC,WAAW,KAAK;IAEhC,yCAAyC;IACzC,OAAO,CAAC,QAAQ,CAAC,KAAK,CAAqC;IAM3D;;;OAGG;IACH,cAAc,CAAC,MAAM,EAAE,kBAAkB,GAAG,IAAI;IAahD;;;OAGG;IACH,WAAW,CAAC,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,cAAc,GAAG,cAAc,GAAG,IAAI;IAc5E;;;;;;;;OAQG;IACH,kBAAkB,CAAC,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,cAAc,EAAE,KAAK,EAAE,MAAM,GAAG,MAAM,GAAG,IAAI;IAU1F;;;OAGG;IACH,eAAe,CAAC,QAAQ,EAAE,MAAM,GAAG,cAAc,EAAE;IAqBnD;;;OAGG;IACH,aAAa,CAAC,QAAQ,EAAE,MAAM,GAAG,IAAI;IAQrC,OAAO,CAAC,oBAAoB;IAQ5B;;;;OAIG;IACH,OAAO,CAAC,aAAa;IAerB,iEAAiE;IACjE,OAAO,CAAC,YAAY;CAIrB"}

package/dist/ai/src/plugins/anomaly/behavior-baseline.js

@@ -0,0 +1,161 @@
+/**
+ * Behavior Baseline Profiler
+ *
+ * Maintains per-plugin rolling statistical baselines using Welford's online
+ * algorithm. Tracks mean and standard deviation for each behavioral metric
+ * without storing raw samples.
+ *
+ * @module plugins/anomaly/behavior-baseline
+ * @version 1.0.0
+ * @date 2026-02-28
+ * @license MIT
+ */
+import { BEHAVIOR_METRICS } from './types.js';
+// ---------------------------------------------------------------------------
+// BehaviorBaseline
+// ---------------------------------------------------------------------------
+/**
+ * In-memory behavior baseline store.
+ *
+ * Uses Welford's online algorithm for numerically stable computation of
+ * rolling mean and standard deviation without retaining raw sample history.
+ *
+ * @example
+ * ```ts
+ * const baseline = new BehaviorBaseline();
+ * baseline.updateBaseline({ plugin_id: 'my-plugin', run_id: 'r1',
+ *   measured_at: new Date().toISOString(), filesystem_ops: 120,
+ *   network_requests: 5, cpu_percent: 30, memory_mb: 80 });
+ *
+ * const sigma = baseline.getStdDevsFromMean('my-plugin', 'filesystem_ops', 900);
+ * // returns null when < MIN_SAMPLES, or a numeric z-score otherwise
+ * ```
+ */
+export class BehaviorBaseline {
+    /**
+     * Minimum samples required before std-dev comparisons are meaningful.
+     * Below this threshold, `getStdDevsFromMean` returns null.
+     */
+    static MIN_SAMPLES = 5;
+    /** plugin_id → metric → running stats */
+    store = new Map();
+    // --------------------------------------------------------------------------
+    // Public API
+    // --------------------------------------------------------------------------
+    /**
+     * Incorporate a new sample into all four metric baselines for the plugin.
+     * Safe to call on the very first observation — initialises state automatically.
+     */
+    updateBaseline(sample) {
+        const pluginMap = this.getOrCreatePluginMap(sample.plugin_id);
+        const now = sample.measured_at;
+        for (const metric of BEHAVIOR_METRICS) {
+            const value = sample[metric];
+            const state = pluginMap.get(metric) ?? { mean: 0, m2: 0, sample_count: 0, last_updated: now };
+            pluginMap.set(metric, this.welfordUpdate(state, value, now));
+        }
+        this.store.set(sample.plugin_id, pluginMap);
+    }
+    /**
+     * Retrieve the current baseline for a specific plugin + metric.
+     * Returns `null` if no observations have been made yet.
+     */
+    getBaseline(pluginId, metric) {
+        const state = this.store.get(pluginId)?.get(metric);
+        if (!state || state.sample_count === 0)
+            return null;
+        return {
+            plugin_id: pluginId,
+            metric,
+            mean: state.mean,
+            std_dev: this.deriveStdDev(state),
+            sample_count: state.sample_count,
+            last_updated: state.last_updated,
+        };
+    }
+    /**
+     * Calculate how many standard deviations `value` is from the baseline mean.
+     *
+     * Returns `null` when:
+     * - No baseline exists for this plugin + metric.
+     * - Sample count is below `MIN_SAMPLES` (baseline not yet reliable).
+     * - The standard deviation is 0 or effectively zero (constant metric) —
+     *   returns `null` to avoid false spikes on perfectly stable plugins.
+     */
+    getStdDevsFromMean(pluginId, metric, value) {
+        const state = this.store.get(pluginId)?.get(metric);
+        if (!state || state.sample_count < BehaviorBaseline.MIN_SAMPLES)
+            return null;
+        const stdDev = this.deriveStdDev(state);
+        if (stdDev < 1e-10)
+            return null; // constant metric — no meaningful z-score
+        return (value - state.mean) / stdDev;
+    }
+    /**
+     * Return all baselines for a given plugin.
+     * Useful for serialisation or debugging.
+     */
+    getAllBaselines(pluginId) {
+        const pluginMap = this.store.get(pluginId);
+        if (!pluginMap)
+            return [];
+        const baselines = [];
+        for (const metric of BEHAVIOR_METRICS) {
+            const state = pluginMap.get(metric);
+            if (state && state.sample_count > 0) {
+                baselines.push({
+                    plugin_id: pluginId,
+                    metric,
+                    mean: state.mean,
+                    std_dev: this.deriveStdDev(state),
+                    sample_count: state.sample_count,
+                    last_updated: state.last_updated,
+                });
+            }
+        }
+        return baselines;
+    }
+    /**
+     * Reset all baselines for a plugin. Used when a plugin is re-certified or
+     * after a version bump that changes expected behaviour.
+     */
+    resetBaseline(pluginId) {
+        this.store.delete(pluginId);
+    }
+    // --------------------------------------------------------------------------
+    // Private helpers
+    // --------------------------------------------------------------------------
+    getOrCreatePluginMap(pluginId) {
+        const existing = this.store.get(pluginId);
+        if (existing)
+            return existing;
+        const map = new Map();
+        this.store.set(pluginId, map);
+        return map;
+    }
+    /**
+     * Welford's online algorithm — single-pass update of mean and M2.
+     *
+     * @see https://en.wikipedia.org/wiki/Algorithms_for_calculating_variance#Welford's_online_algorithm
+     */
+    welfordUpdate(state, newValue, now) {
+        const n = state.sample_count + 1;
+        const delta = newValue - state.mean;
+        const newMean = state.mean + delta / n;
+        const delta2 = newValue - newMean;
+        const newM2 = state.m2 + delta * delta2;
+        return {
+            mean: newMean,
+            m2: newM2,
+            sample_count: n,
+            last_updated: now,
+        };
+    }
+    /** Population standard deviation derived from M2 accumulator. */
+    deriveStdDev(state) {
+        if (state.sample_count < 2)
+            return 0;
+        return Math.sqrt(state.m2 / state.sample_count);
+    }
+}
+//# sourceMappingURL=behavior-baseline.js.map

package/dist/ai/src/plugins/anomaly/behavior-baseline.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"behavior-baseline.js","sourceRoot":"","sources":["../../../../../packages/ai/src/plugins/anomaly/behavior-baseline.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAOH,OAAO,EAAE,gBAAgB,EAAE,MAAM,YAAY,CAAC;AAgB9C,8EAA8E;AAC9E,mBAAmB;AACnB,8EAA8E;AAE9E;;;;;;;;;;;;;;;;GAgBG;AACH,MAAM,OAAO,gBAAgB;IAC3B;;;OAGG;IACH,MAAM,CAAU,WAAW,GAAG,CAAC,CAAC;IAEhC,yCAAyC;IACxB,KAAK,GAAG,IAAI,GAAG,EAA0B,CAAC;IAE3D,6EAA6E;IAC7E,aAAa;IACb,6EAA6E;IAE7E;;;OAGG;IACH,cAAc,CAAC,MAA0B;QACvC,MAAM,SAAS,GAAG,IAAI,CAAC,oBAAoB,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;QAC9D,MAAM,GAAG,GAAG,MAAM,CAAC,WAAW,CAAC;QAE/B,KAAK,MAAM,MAAM,IAAI,gBAAgB,EAAE,CAAC;YACtC,MAAM,KAAK,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC;YAC7B,MAAM,KAAK,GAAG,SAAS,CAAC,GAAG,CAAC,MAAM,CAAC,IAAI,EAAE,IAAI,EAAE,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,YAAY,EAAE,CAAC,EAAE,YAAY,EAAE,GAAG,EAAE,CAAC;YAC9F,SAAS,CAAC,GAAG,CAAC,MAAM,EAAE,IAAI,CAAC,aAAa,CAAC,KAAK,EAAE,KAAK,EAAE,GAAG,CAAC,CAAC,CAAC;QAC/D,CAAC;QAED,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,MAAM,CAAC,SAAS,EAAE,SAAS,CAAC,CAAC;IAC9C,CAAC;IAED;;;OAGG;IACH,WAAW,CAAC,QAAgB,EAAE,MAAsB;QAClD,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,GAAG,CAAC,MAAM,CAAC,CAAC;QACpD,IAAI,CAAC,KAAK,IAAI,KAAK,CAAC,YAAY,KAAK,CAAC;YAAE,OAAO,IAAI,CAAC;QAEpD,OAAO;YACL,SAAS,EAAE,QAAQ;YACnB,MAAM;YACN,IAAI,EAAE,KAAK,CAAC,IAAI;YAChB,OAAO,EAAE,IAAI,CAAC,YAAY,CAAC,KAAK,CAAC;YACjC,YAAY,EAAE,KAAK,CAAC,YAAY;YAChC,YAAY,EAAE,KAAK,CAAC,YAAY;SACjC,CAAC;IACJ,CAAC;IAED;;;;;;;;OAQG;IACH,kBAAkB,CAAC,QAAgB,EAAE,MAAsB,EAAE,KAAa;QACxE,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,GAAG,CAAC,MAAM,CAAC,CAAC;QACpD,IAAI,CAAC,KAAK,IAAI,KAAK,CAAC,YAAY,GAAG,gBAAgB,CAAC,WAAW;YAAE,OAAO,IAAI,CAAC;QAE7E,MAAM,MAAM,GAAG,IAAI,CAAC,YAAY,CAAC,KAAK,CAAC,CAAC;QACxC,IAAI,MAAM,GAAG,KAAK;YAAE,OAAO,IAAI,CAAC,CAAC,0CAA0C;QAE3E,OAAO,CAAC,KAAK,GAAG,KAAK,CAAC,IAAI,CAAC,GAAG,MAAM,CAAC;IACvC,CAAC;IAED;;;OAGG;IACH,eAAe,CAAC,QAAgB;QAC9B,MAAM,SAAS,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;QAC3C,IAAI,CAAC,SAAS;YAAE,OAAO,EAAE,CAAC;QAE1B,MAAM,SAAS,GAAqB,EAAE,CAAC;QACvC,KAAK,MAAM,MAAM,IAAI,gBAAgB,EAAE,CAAC;YACtC,MAAM,KAAK,GAAG,SAAS,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;YACpC,IAAI,KAAK,IAAI,KAAK,CAAC,YAAY,GAAG,CAAC,EAAE,CAAC;gBACpC,SAAS,CAAC,IAAI,CAAC;oBACb,SAAS,EAAE,QAAQ;oBACnB,MAAM;oBACN,IAAI,EAAE,KAAK,CAAC,IAAI;oBAChB,OAAO,EAAE,IAAI,CAAC,YAAY,CAAC,KAAK,CAAC;oBACjC,YAAY,EAAE,KAAK,CAAC,YAAY;oBAChC,YAAY,EAAE,KAAK,CAAC,YAAY;iBACjC,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QACD,OAAO,SAAS,CAAC;IACnB,CAAC;IAED;;;OAGG;IACH,aAAa,CAAC,QAAgB;QAC5B,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;IAC9B,CAAC;IAED,6EAA6E;IAC7E,kBAAkB;IAClB,6EAA6E;IAErE,oBAAoB,CAAC,QAAgB;QAC3C,MAAM,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;QAC1C,IAAI,QAAQ;YAAE,OAAO,QAAQ,CAAC;QAC9B,MAAM,GAAG,GAAmB,IAAI,GAAG,EAAE,CAAC;QACtC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,QAAQ,EAAE,GAAG,CAAC,CAAC;QAC9B,OAAO,GAAG,CAAC;IACb,CAAC;IAED;;;;OAIG;IACK,aAAa,CAAC,KAAoB,EAAE,QAAgB,EAAE,GAAW;QACvE,MAAM,CAAC,GAAG,KAAK,CAAC,YAAY,GAAG,CAAC,CAAC;QACjC,MAAM,KAAK,GAAG,QAAQ,GAAG,KAAK,CAAC,IAAI,CAAC;QACpC,MAAM,OAAO,GAAG,KAAK,CAAC,IAAI,GAAG,KAAK,GAAG,CAAC,CAAC;QACvC,MAAM,MAAM,GAAG,QAAQ,GAAG,OAAO,CAAC;QAClC,MAAM,KAAK,GAAG,KAAK,CAAC,EAAE,GAAG,KAAK,GAAG,MAAM,CAAC;QAExC,OAAO;YACL,IAAI,EAAE,OAAO;YACb,EAAE,EAAE,KAAK;YACT,YAAY,EAAE,CAAC;YACf,YAAY,EAAE,GAAG;SAClB,CAAC;IACJ,CAAC;IAED,iEAAiE;IACzD,YAAY,CAAC,KAAoB;QACvC,IAAI,KAAK,CAAC,YAAY,GAAG,CAAC;YAAE,OAAO,CAAC,CAAC;QACrC,OAAO,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,GAAG,KAAK,CAAC,YAAY,CAAC,CAAC;IAClD,CAAC"}

package/dist/ai/src/plugins/anomaly/index.d.ts

@@ -0,0 +1,15 @@
+/**
+ * Plugin Behavioral Anomaly Detection
+ *
+ * Exports the full anomaly detection pipeline for plugin behavioral monitoring.
+ *
+ * @module plugins/anomaly
+ */
+export { BehaviorBaseline } from './behavior-baseline.js';
+export { AnomalyDetector } from './anomaly-detector.js';
+export type { AnomalyDetectorConfig } from './anomaly-detector.js';
+export { AnomalyMonitor } from './anomaly-monitor.js';
+export type { AnomalyMonitorConfig, ResolveOptions, AnomalyStats, } from './anomaly-monitor.js';
+export { ANOMALY_SCHEMA_SQL, BEHAVIOR_METRICS } from './types.js';
+export type { PluginMetricSample, BehaviorMetric, PluginBaseline, AnomalyType, AnomalySeverity, DetectedAnomaly, ReviewStatus, AnomalyReviewItem, AnomalyMonitorResult, AnomalyAxiomPayload, AnomalyAxiomLogger, } from './types.js';
+//# sourceMappingURL=index.d.ts.map

package/dist/ai/src/plugins/anomaly/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../../packages/ai/src/plugins/anomaly/index.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,EAAE,gBAAgB,EAAE,MAAM,wBAAwB,CAAC;AAC1D,OAAO,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AACxD,YAAY,EAAE,qBAAqB,EAAE,MAAM,uBAAuB,CAAC;AACnE,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AACtD,YAAY,EACV,oBAAoB,EACpB,cAAc,EACd,YAAY,GACb,MAAM,sBAAsB,CAAC;AAC9B,OAAO,EAAE,kBAAkB,EAAE,gBAAgB,EAAE,MAAM,YAAY,CAAC;AAClE,YAAY,EACV,kBAAkB,EAClB,cAAc,EACd,cAAc,EACd,WAAW,EACX,eAAe,EACf,eAAe,EACf,YAAY,EACZ,iBAAiB,EACjB,oBAAoB,EACpB,mBAAmB,EACnB,kBAAkB,GACnB,MAAM,YAAY,CAAC"}

package/dist/ai/src/plugins/anomaly/index.js

@@ -0,0 +1,12 @@
+/**
+ * Plugin Behavioral Anomaly Detection
+ *
+ * Exports the full anomaly detection pipeline for plugin behavioral monitoring.
+ *
+ * @module plugins/anomaly
+ */
+export { BehaviorBaseline } from './behavior-baseline.js';
+export { AnomalyDetector } from './anomaly-detector.js';
+export { AnomalyMonitor } from './anomaly-monitor.js';
+export { ANOMALY_SCHEMA_SQL, BEHAVIOR_METRICS } from './types.js';
+//# sourceMappingURL=index.js.map

package/dist/ai/src/plugins/anomaly/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../../packages/ai/src/plugins/anomaly/index.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,EAAE,gBAAgB,EAAE,MAAM,wBAAwB,CAAC;AAC1D,OAAO,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AAExD,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AAMtD,OAAO,EAAE,kBAAkB,EAAE,gBAAgB,EAAE,MAAM,YAAY,CAAC"}

package/dist/ai/src/plugins/anomaly/types.d.ts

@@ -0,0 +1,150 @@
+/**
+ * Behavioral Anomaly Detection — Types
+ *
+ * All type definitions for the plugin behavioral anomaly detection system.
+ * Implements Phase 16 (Behavioral Anomaly Detection) of the Plugin Marketplace
+ * Security roadmap.
+ *
+ * @module plugins/anomaly/types
+ * @version 1.0.0
+ * @date 2026-02-28
+ * @license MIT
+ */
+/** Metrics captured from a single plugin execution run. */
+export interface PluginMetricSample {
+    /** Stable plugin identifier (e.g. "my-plugin@1.0.0"). */
+    plugin_id: string;
+    /** Unique UUID for this execution run. */
+    run_id: string;
+    /** ISO 8601 timestamp of when the sample was captured. */
+    measured_at: string;
+    /** Total filesystem system calls (reads + writes + stats). */
+    filesystem_ops: number;
+    /** Total outbound HTTP/HTTPS requests made during the run. */
+    network_requests: number;
+    /** Average CPU utilisation as a percentage (0–100). */
+    cpu_percent: number;
+    /** Peak resident set size in megabytes. */
+    memory_mb: number;
+}
+/** The four trackable behavioral metrics. */
+export type BehaviorMetric = 'filesystem_ops' | 'network_requests' | 'cpu_percent' | 'memory_mb';
+/** All trackable metric names. */
+export declare const BEHAVIOR_METRICS: readonly BehaviorMetric[];
+/**
+ * Rolling statistical baseline for a single plugin + metric pair.
+ * Updated via Welford's online algorithm to avoid storing raw samples.
+ */
+export interface PluginBaseline {
+    /** Stable plugin identifier. */
+    plugin_id: string;
+    /** The metric this baseline applies to. */
+    metric: BehaviorMetric;
+    /** Current rolling mean. */
+    mean: number;
+    /** Current rolling standard deviation (population). */
+    std_dev: number;
+    /** Number of samples incorporated so far. */
+    sample_count: number;
+    /** ISO 8601 timestamp of the most recent update. */
+    last_updated: string;
+}
+/** Category of anomalous behaviour detected. */
+export type AnomalyType = 'filesystem_spike' | 'network_spike' | 'cpu_spike' | 'memory_spike';
+/**
+ * Anomaly severity levels.
+ * - WARNING  → 2–3 standard deviations above mean (investigate)
+ * - CRITICAL → >3 standard deviations above mean (auto-suspend eligible)
+ */
+export type AnomalySeverity = 'WARNING' | 'CRITICAL';
+/** A point-in-time anomaly detected during plugin monitoring. */
+export interface DetectedAnomaly {
+    /** UUID for this anomaly event. */
+    id: string;
+    /** Plugin that produced the anomaly. */
+    plugin_id: string;
+    /** Run ID that triggered detection. */
+    run_id: string;
+    /** Category matching the affected metric. */
+    anomaly_type: AnomalyType;
+    /** Observed value that exceeded the baseline. */
+    metric_value: number;
+    /** Baseline mean at detection time. */
+    baseline_mean: number;
+    /** Baseline std deviation at detection time. */
+    baseline_std_dev: number;
+    /** How many std deviations the observed value is from the mean. */
+    std_devs_from_mean: number;
+    /** Severity classification. */
+    severity: AnomalySeverity;
+    /** ISO 8601 detection timestamp. */
+    detected_at: string;
+}
+/** Status of an anomaly in the human review queue. */
+export type ReviewStatus = 'PENDING_REVIEW' | 'RESOLVED' | 'FALSE_POSITIVE';
+/** An anomaly queued for human review. */
+export interface AnomalyReviewItem {
+    /** UUID matching DetectedAnomaly.id. */
+    anomaly_id: string;
+    /** Plugin under review. */
+    plugin_id: string;
+    /** Anomaly category. */
+    anomaly_type: AnomalyType;
+    /** Severity at time of detection. */
+    severity: AnomalySeverity;
+    /** Observed metric value. */
+    metric_value: number;
+    /** Standard deviations from mean. */
+    std_devs_from_mean: number;
+    /** ISO 8601 detection timestamp. */
+    detected_at: string;
+    /** Current review status. */
+    status: ReviewStatus;
+    /** Username / agent ID that reviewed this item. */
+    reviewed_by?: string;
+    /** ISO 8601 timestamp of resolution. */
+    resolved_at?: string;
+    /** Free-text notes from the reviewer. */
+    resolution_notes?: string;
+}
+/** Result returned after a full observe-detect-alert cycle. */
+export interface AnomalyMonitorResult {
+    /** Observed plugin ID. */
+    plugin_id: string;
+    /** Run ID being monitored. */
+    run_id: string;
+    /** All anomalies detected in this run. Empty array when clean. */
+    anomalies: DetectedAnomaly[];
+    /**
+     * True when auto-suspend was triggered.
+     * Callers should halt execution and await human review before restarting.
+     */
+    suspended: boolean;
+    /** Human-readable reason if `suspended` is true. */
+    suspension_reason?: string;
+}
+/** Payload sent to Axiom for each anomaly event. */
+export interface AnomalyAxiomPayload {
+    /** Event source identifier. */
+    _source: 'dcyfr-plugin-anomaly-monitor';
+    plugin_id: string;
+    run_id: string;
+    anomaly_id: string;
+    anomaly_type: AnomalyType;
+    severity: AnomalySeverity;
+    metric_value: number;
+    baseline_mean: number;
+    std_devs_from_mean: number;
+    auto_suspended: boolean;
+    detected_at: string;
+}
+/**
+ * Pluggable Axiom logger interface.
+ * Inject the real Axiom client in production; use a test double in tests.
+ */
+export interface AnomalyAxiomLogger {
+    logEvent(payload: AnomalyAxiomPayload): Promise<void>;
+}
+/** DDL for persisting baselines and anomaly records. */
+export declare const ANOMALY_SCHEMA_SQL = "\nCREATE TABLE IF NOT EXISTS plugin_baselines (\n  plugin_id    TEXT NOT NULL,\n  metric       TEXT NOT NULL,\n  mean         REAL NOT NULL DEFAULT 0,\n  std_dev      REAL NOT NULL DEFAULT 0,\n  sample_count INTEGER NOT NULL DEFAULT 0,\n  last_updated TEXT NOT NULL,\n  PRIMARY KEY (plugin_id, metric)\n);\n\nCREATE TABLE IF NOT EXISTS plugin_anomalies (\n  id                  TEXT PRIMARY KEY,\n  plugin_id           TEXT NOT NULL,\n  run_id              TEXT NOT NULL,\n  anomaly_type        TEXT NOT NULL,\n  metric_value        REAL NOT NULL,\n  baseline_mean       REAL NOT NULL,\n  baseline_std_dev    REAL NOT NULL,\n  std_devs_from_mean  REAL NOT NULL,\n  severity            TEXT NOT NULL,\n  detected_at         TEXT NOT NULL\n);\n\nCREATE TABLE IF NOT EXISTS anomaly_review_queue (\n  anomaly_id         TEXT PRIMARY KEY,\n  plugin_id          TEXT NOT NULL,\n  anomaly_type       TEXT NOT NULL,\n  severity           TEXT NOT NULL,\n  metric_value       REAL NOT NULL,\n  std_devs_from_mean REAL NOT NULL,\n  detected_at        TEXT NOT NULL,\n  status             TEXT NOT NULL DEFAULT 'PENDING_REVIEW',\n  reviewed_by        TEXT,\n  resolved_at        TEXT,\n  resolution_notes   TEXT\n);\n\nCREATE INDEX IF NOT EXISTS idx_anomalies_plugin\n  ON plugin_anomalies (plugin_id, detected_at);\n\nCREATE INDEX IF NOT EXISTS idx_review_queue_status\n  ON anomaly_review_queue (status, detected_at);\n";
+//# sourceMappingURL=types.d.ts.map

package/dist/ai/src/plugins/anomaly/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../../../../packages/ai/src/plugins/anomaly/types.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAMH,2DAA2D;AAC3D,MAAM,WAAW,kBAAkB;IACjC,yDAAyD;IACzD,SAAS,EAAE,MAAM,CAAC;IAClB,0CAA0C;IAC1C,MAAM,EAAE,MAAM,CAAC;IACf,0DAA0D;IAC1D,WAAW,EAAE,MAAM,CAAC;IACpB,8DAA8D;IAC9D,cAAc,EAAE,MAAM,CAAC;IACvB,8DAA8D;IAC9D,gBAAgB,EAAE,MAAM,CAAC;IACzB,uDAAuD;IACvD,WAAW,EAAE,MAAM,CAAC;IACpB,2CAA2C;IAC3C,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,6CAA6C;AAC7C,MAAM,MAAM,cAAc,GAAG,gBAAgB,GAAG,kBAAkB,GAAG,aAAa,GAAG,WAAW,CAAC;AAEjG,kCAAkC;AAClC,eAAO,MAAM,gBAAgB,EAAE,SAAS,cAAc,EAK5C,CAAC;AAMX;;;GAGG;AACH,MAAM,WAAW,cAAc;IAC7B,gCAAgC;IAChC,SAAS,EAAE,MAAM,CAAC;IAClB,2CAA2C;IAC3C,MAAM,EAAE,cAAc,CAAC;IACvB,4BAA4B;IAC5B,IAAI,EAAE,MAAM,CAAC;IACb,uDAAuD;IACvD,OAAO,EAAE,MAAM,CAAC;IAChB,6CAA6C;IAC7C,YAAY,EAAE,MAAM,CAAC;IACrB,oDAAoD;IACpD,YAAY,EAAE,MAAM,CAAC;CACtB;AAMD,gDAAgD;AAChD,MAAM,MAAM,WAAW,GACnB,kBAAkB,GAClB,eAAe,GACf,WAAW,GACX,cAAc,CAAC;AAEnB;;;;GAIG;AACH,MAAM,MAAM,eAAe,GAAG,SAAS,GAAG,UAAU,CAAC;AAErD,iEAAiE;AACjE,MAAM,WAAW,eAAe;IAC9B,mCAAmC;IACnC,EAAE,EAAE,MAAM,CAAC;IACX,wCAAwC;IACxC,SAAS,EAAE,MAAM,CAAC;IAClB,uCAAuC;IACvC,MAAM,EAAE,MAAM,CAAC;IACf,6CAA6C;IAC7C,YAAY,EAAE,WAAW,CAAC;IAC1B,iDAAiD;IACjD,YAAY,EAAE,MAAM,CAAC;IACrB,uCAAuC;IACvC,aAAa,EAAE,MAAM,CAAC;IACtB,gDAAgD;IAChD,gBAAgB,EAAE,MAAM,CAAC;IACzB,mEAAmE;IACnE,kBAAkB,EAAE,MAAM,CAAC;IAC3B,+BAA+B;IAC/B,QAAQ,EAAE,eAAe,CAAC;IAC1B,oCAAoC;IACpC,WAAW,EAAE,MAAM,CAAC;CACrB;AAMD,sDAAsD;AACtD,MAAM,MAAM,YAAY,GAAG,gBAAgB,GAAG,UAAU,GAAG,gBAAgB,CAAC;AAE5E,0CAA0C;AAC1C,MAAM,WAAW,iBAAiB;IAChC,wCAAwC;IACxC,UAAU,EAAE,MAAM,CAAC;IACnB,2BAA2B;IAC3B,SAAS,EAAE,MAAM,CAAC;IAClB,wBAAwB;IACxB,YAAY,EAAE,WAAW,CAAC;IAC1B,qCAAqC;IACrC,QAAQ,EAAE,eAAe,CAAC;IAC1B,6BAA6B;IAC7B,YAAY,EAAE,MAAM,CAAC;IACrB,qCAAqC;IACrC,kBAAkB,EAAE,MAAM,CAAC;IAC3B,oCAAoC;IACpC,WAAW,EAAE,MAAM,CAAC;IACpB,6BAA6B;IAC7B,MAAM,EAAE,YAAY,CAAC;IACrB,mDAAmD;IACnD,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,wCAAwC;IACxC,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,yCAAyC;IACzC,gBAAgB,CAAC,EAAE,MAAM,CAAC;CAC3B;AAMD,+DAA+D;AAC/D,MAAM,WAAW,oBAAoB;IACnC,0BAA0B;IAC1B,SAAS,EAAE,MAAM,CAAC;IAClB,8BAA8B;IAC9B,MAAM,EAAE,MAAM,CAAC;IACf,kEAAkE;IAClE,SAAS,EAAE,eAAe,EAAE,CAAC;IAC7B;;;OAGG;IACH,SAAS,EAAE,OAAO,CAAC;IACnB,oDAAoD;IACpD,iBAAiB,CAAC,EAAE,MAAM,CAAC;CAC5B;AAMD,oDAAoD;AACpD,MAAM,WAAW,mBAAmB;IAClC,+BAA+B;IAC/B,OAAO,EAAE,8BAA8B,CAAC;IACxC,SAAS,EAAE,MAAM,CAAC;IAClB,MAAM,EAAE,MAAM,CAAC;IACf,UAAU,EAAE,MAAM,CAAC;IACnB,YAAY,EAAE,WAAW,CAAC;IAC1B,QAAQ,EAAE,eAAe,CAAC;IAC1B,YAAY,EAAE,MAAM,CAAC;IACrB,aAAa,EAAE,MAAM,CAAC;IACtB,kBAAkB,EAAE,MAAM,CAAC;IAC3B,cAAc,EAAE,OAAO,CAAC;IACxB,WAAW,EAAE,MAAM,CAAC;CACrB;AAED;;;GAGG;AACH,MAAM,WAAW,kBAAkB;IACjC,QAAQ,CAAC,OAAO,EAAE,mBAAmB,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;CACvD;AAMD,wDAAwD;AACxD,eAAO,MAAM,kBAAkB,u4CA2C9B,CAAC"}

package/dist/ai/src/plugins/anomaly/types.js

@@ -0,0 +1,68 @@
+/**
+ * Behavioral Anomaly Detection — Types
+ *
+ * All type definitions for the plugin behavioral anomaly detection system.
+ * Implements Phase 16 (Behavioral Anomaly Detection) of the Plugin Marketplace
+ * Security roadmap.
+ *
+ * @module plugins/anomaly/types
+ * @version 1.0.0
+ * @date 2026-02-28
+ * @license MIT
+ */
+/** All trackable metric names. */
+export const BEHAVIOR_METRICS = [
+    'filesystem_ops',
+    'network_requests',
+    'cpu_percent',
+    'memory_mb',
+];
+// ---------------------------------------------------------------------------
+// SQL schema
+// ---------------------------------------------------------------------------
+/** DDL for persisting baselines and anomaly records. */
+export const ANOMALY_SCHEMA_SQL = /* sql */ `
+CREATE TABLE IF NOT EXISTS plugin_baselines (
+  plugin_id    TEXT NOT NULL,
+  metric       TEXT NOT NULL,
+  mean         REAL NOT NULL DEFAULT 0,
+  std_dev      REAL NOT NULL DEFAULT 0,
+  sample_count INTEGER NOT NULL DEFAULT 0,
+  last_updated TEXT NOT NULL,
+  PRIMARY KEY (plugin_id, metric)
+);
+
+CREATE TABLE IF NOT EXISTS plugin_anomalies (
+  id                  TEXT PRIMARY KEY,
+  plugin_id           TEXT NOT NULL,
+  run_id              TEXT NOT NULL,
+  anomaly_type        TEXT NOT NULL,
+  metric_value        REAL NOT NULL,
+  baseline_mean       REAL NOT NULL,
+  baseline_std_dev    REAL NOT NULL,
+  std_devs_from_mean  REAL NOT NULL,
+  severity            TEXT NOT NULL,
+  detected_at         TEXT NOT NULL
+);
+
+CREATE TABLE IF NOT EXISTS anomaly_review_queue (
+  anomaly_id         TEXT PRIMARY KEY,
+  plugin_id          TEXT NOT NULL,
+  anomaly_type       TEXT NOT NULL,
+  severity           TEXT NOT NULL,
+  metric_value       REAL NOT NULL,
+  std_devs_from_mean REAL NOT NULL,
+  detected_at        TEXT NOT NULL,
+  status             TEXT NOT NULL DEFAULT 'PENDING_REVIEW',
+  reviewed_by        TEXT,
+  resolved_at        TEXT,
+  resolution_notes   TEXT
+);
+
+CREATE INDEX IF NOT EXISTS idx_anomalies_plugin
+  ON plugin_anomalies (plugin_id, detected_at);
+
+CREATE INDEX IF NOT EXISTS idx_review_queue_status
+  ON anomaly_review_queue (status, detected_at);
+`;
+//# sourceMappingURL=types.js.map

package/dist/ai/src/plugins/anomaly/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../../../../../packages/ai/src/plugins/anomaly/types.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AA2BH,kCAAkC;AAClC,MAAM,CAAC,MAAM,gBAAgB,GAA8B;IACzD,gBAAgB;IAChB,kBAAkB;IAClB,aAAa;IACb,WAAW;CACH,CAAC;AAqJX,8EAA8E;AAC9E,aAAa;AACb,8EAA8E;AAE9E,wDAAwD;AACxD,MAAM,CAAC,MAAM,kBAAkB,GAAG,SAAS,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CA2C3C,CAAC"}

package/dist/ai/src/plugins/certification/certification-manager.d.ts

@@ -0,0 +1,102 @@
+/**
+ * Plugin Certification Manager
+ *
+ * Orchestrates the full certification lifecycle:
+ * - Accept audit request (Bronze is free and auto-approved)
+ * - Confirm payment for paid tiers (Silver / Gold)
+ * - Assign auditor and run checklist
+ * - Issue certification badge with expiration
+ * - Support marketplace listings query
+ * - Revoke or expire badges
+ *
+ * @module plugins/certification/certification-manager
+ */
+import { type AuditRequest, type CertificationBadge, type CertificationStatus, type CertificationTier, type PluginCertificationSummary } from './types.js';
+export interface CertificationManagerConfig {
+    /**
+     * Base URL used to build badge verification links.
+     * @default 'https://www.dcyfr.ai/plugins/certification'
+     */
+    verificationBaseUrl?: string;
+    /**
+     * Who issues the certificates — appears in the badge.
+     * @default 'DCYFR Security Team'
+     */
+    issuingAuthority?: string;
+    /**
+     * Compute the bundle hash for a plugin at certification time.
+     * Called with the plugin_id + version; defaults to a deterministic placeholder.
+     * In production, replace with actual bundle integrity hash (e.g. SHA-256 of the tarball).
+     */
+    computeBundleHash?: (pluginId: string, version: string) => Promise<string>;
+}
+export declare class CertificationError extends Error {
+    readonly code: string;
+    constructor(message: string, code: string);
+}
+/**
+ * Manages the full plugin certification lifecycle.
+ *
+ * State is kept in-memory for testing; production implementations should
+ * back this with a database (see CERTIFICATION_SCHEMA_SQL in types.ts).
+ */
+export declare class CertificationManager {
+    private readonly requests;
+    private readonly badges;
+    private readonly verificationBaseUrl;
+    private readonly issuingAuthority;
+    private readonly computeBundleHash;
+    constructor(config?: CertificationManagerConfig);
+    /**
+     * Submit a certification request for a plugin.
+     *
+     * Bronze: Immediately moves to `PAYMENT_RECEIVED` (free, no payment needed).
+     * Silver/Gold: Moves to `PENDING_PAYMENT`; caller must supply payment_reference_id
+     *              then call `confirmPayment()`.
+     */
+    submitAuditRequest(pluginId: string, version: string, tier: CertificationTier, submittedBy: string): AuditRequest;
+    /**
+     * Record payment confirmation.
+     * Moves request from `PENDING_PAYMENT` → `PAYMENT_RECEIVED`.
+     *
+     * @param requestId  The audit request ID.
+     * @param paymentRefId  Payment provider reference (e.g. Stripe PaymentIntent ID).
+     */
+    confirmPayment(requestId: string, paymentRefId: string): AuditRequest;
+    /**
+     * Assign an auditor and begin the audit.
+     * Moves request from `PAYMENT_RECEIVED` → `IN_AUDIT`.
+     */
+    startAudit(requestId: string, auditor: string): AuditRequest;
+    /**
+     * Record the result for a single audit checklist item.
+     */
+    recordChecklistResult(requestId: string, itemId: string, passed: boolean, evaluatedBy: string, notes?: string): AuditRequest;
+    /**
+     * Complete the audit.
+     * - If all required checklist items passed → issue badge and move to `CERTIFIED`.
+     * - If any required item failed → move to `FAILED`.
+     */
+    completeAudit(requestId: string, auditorNotes?: string): Promise<AuditRequest>;
+    private issueBadge;
+    /**
+     * Check whether a badge is currently valid (not expired, not revoked).
+     */
+    isBadgeValid(badgeId: string): boolean;
+    /**
+     * Revoke a certification badge by cancelling the associated request.
+     * Moves the request to `REVOKED`.
+     */
+    revokeCertification(requestId: string, reason: string): AuditRequest;
+    /**
+     * Returns the current certification summary for a plugin (for marketplace display).
+     * Returns the most recently certified, non-revoked request if one exists.
+     */
+    getPluginCertificationSummary(pluginId: string): PluginCertificationSummary;
+    getRequest(requestId: string): AuditRequest | null;
+    getRequestsByPlugin(pluginId: string): AuditRequest[];
+    getRequestsByStatus(status: CertificationStatus): AuditRequest[];
+    getBadge(badgeId: string): CertificationBadge | null;
+    private getRequestOrThrow;
+}
+//# sourceMappingURL=certification-manager.d.ts.map

package/dist/ai/src/plugins/certification/certification-manager.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"certification-manager.d.ts","sourceRoot":"","sources":["../../../../../packages/ai/src/plugins/certification/certification-manager.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAIH,OAAO,EAKL,KAAK,YAAY,EACjB,KAAK,kBAAkB,EACvB,KAAK,mBAAmB,EACxB,KAAK,iBAAiB,EACtB,KAAK,0BAA0B,EAChC,MAAM,YAAY,CAAC;AAMpB,MAAM,WAAW,0BAA0B;IACzC;;;OAGG;IACH,mBAAmB,CAAC,EAAE,MAAM,CAAC;IAC7B;;;OAGG;IACH,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B;;;;OAIG;IACH,iBAAiB,CAAC,EAAE,CAAC,QAAQ,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,KAAK,OAAO,CAAC,MAAM,CAAC,CAAC;CAC5E;AAMD,qBAAa,kBAAmB,SAAQ,KAAK;aAGzB,IAAI,EAAE,MAAM;gBAD5B,OAAO,EAAE,MAAM,EACC,IAAI,EAAE,MAAM;CAM/B;AAMD;;;;;GAKG;AACH,qBAAa,oBAAoB;IAC/B,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAmC;IAC5D,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAyC;IAEhE,OAAO,CAAC,QAAQ,CAAC,mBAAmB,CAAS;IAC7C,OAAO,CAAC,QAAQ,CAAC,gBAAgB,CAAS;IAC1C,OAAO,CAAC,QAAQ,CAAC,iBAAiB,CAAyD;gBAE/E,MAAM,GAAE,0BAA+B;IAcnD;;;;;;OAMG;IACH,kBAAkB,CAChB,QAAQ,EAAE,MAAM,EAChB,OAAO,EAAE,MAAM,EACf,IAAI,EAAE,iBAAiB,EACvB,WAAW,EAAE,MAAM,GAClB,YAAY;IA6Cf;;;;;;OAMG;IACH,cAAc,CAAC,SAAS,EAAE,MAAM,EAAE,YAAY,EAAE,MAAM,GAAG,YAAY;IAoBrE;;;OAGG;IACH,UAAU,CAAC,SAAS,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,GAAG,YAAY;IAoB5D;;OAEG;IACH,qBAAqB,CACnB,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,MAAM,EAAE,OAAO,EACf,WAAW,EAAE,MAAM,EACnB,KAAK,CAAC,EAAE,MAAM,GACb,YAAY;IA6Bf;;;;OAIG;IACG,aAAa,CAAC,SAAS,EAAE,MAAM,EAAE,YAAY,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,YAAY,CAAC;YAyCtE,UAAU;IA4BxB;;OAEG;IACH,YAAY,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO;IAMtC;;;OAGG;IACH,mBAAmB,CAAC,SAAS,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,GAAG,YAAY;IAyBpE;;;OAGG;IACH,6BAA6B,CAAC,QAAQ,EAAE,MAAM,GAAG,0BAA0B;IA6D3E,UAAU,CAAC,SAAS,EAAE,MAAM,GAAG,YAAY,GAAG,IAAI;IAIlD,mBAAmB,CAAC,QAAQ,EAAE,MAAM,GAAG,YAAY,EAAE;IAIrD,mBAAmB,CAAC,MAAM,EAAE,mBAAmB,GAAG,YAAY,EAAE;IAIhE,QAAQ,CAAC,OAAO,EAAE,MAAM,GAAG,kBAAkB,GAAG,IAAI;IAQpD,OAAO,CAAC,iBAAiB;CAU1B"}