@dollhousemcp/mcp-server 1.3.0

package/dist/test/src/security/securityMonitor.js

@@ -0,0 +1,108 @@
+/**
+ * Security Monitor for DollhouseMCP
+ *
+ * Centralized security event logging and monitoring system
+ * for tracking and alerting on security-related events.
+ */
+import { logger } from '../utils/logger.js';
+export class SecurityMonitor {
+    static eventCount = 0;
+    static events = [];
+    static MAX_EVENTS = 1000; // Keep last 1000 events in memory
+    /**
+     * Logs a security event
+     */
+    static logSecurityEvent(event) {
+        const logEntry = {
+            ...event,
+            timestamp: new Date().toISOString(),
+            id: `SEC-${Date.now()}-${++this.eventCount}`,
+        };
+        // Store in memory (circular buffer)
+        this.events.push(logEntry);
+        if (this.events.length > this.MAX_EVENTS) {
+            this.events.shift();
+        }
+        // In MCP servers, we cannot write to stderr/stdout as it breaks the JSON-RPC protocol
+        // Security events are stored in memory and can be retrieved via API
+        // Only send critical alerts via the proper channel
+        if (event.severity === 'CRITICAL') {
+            this.sendSecurityAlert(logEntry);
+        }
+    }
+    /**
+     * Sends security alerts for critical events
+     */
+    static sendSecurityAlert(event) {
+        // In a production environment, this would integrate with:
+        // - Slack webhooks
+        // - Email alerts
+        // - PagerDuty
+        // - Security Information and Event Management (SIEM) systems
+        // Log critical security alerts with structured data
+        // DO NOT use console.error in MCP servers as it breaks the JSON-RPC protocol
+        logger.error('🚨 CRITICAL SECURITY ALERT 🚨', {
+            type: event.type,
+            details: event.details,
+            timestamp: event.timestamp,
+            id: event.id
+        });
+        // If in production mode with proper config, send actual alerts
+        if (process.env.DOLLHOUSE_SECURITY_ALERTS === 'true') {
+            // TODO: Implement actual alert mechanisms
+        }
+    }
+    /**
+     * Gets recent security events for analysis
+     */
+    static getRecentEvents(count = 100) {
+        return this.events.slice(-count);
+    }
+    /**
+     * Gets events by severity
+     */
+    static getEventsBySeverity(severity) {
+        return this.events.filter(event => event.severity === severity);
+    }
+    /**
+     * Gets events by type
+     */
+    static getEventsByType(type) {
+        return this.events.filter(event => event.type === type);
+    }
+    /**
+     * Generates a security report
+     */
+    static generateSecurityReport() {
+        const eventsBySeverity = {
+            CRITICAL: 0,
+            HIGH: 0,
+            MEDIUM: 0,
+            LOW: 0,
+        };
+        const eventsByType = {};
+        for (const event of this.events) {
+            eventsBySeverity[event.severity]++;
+            eventsByType[event.type] = (eventsByType[event.type] || 0) + 1;
+        }
+        return {
+            totalEvents: this.events.length,
+            eventsBySeverity,
+            eventsByType,
+            recentCriticalEvents: this.getEventsBySeverity('CRITICAL').slice(-10),
+        };
+    }
+    /**
+     * Clears old events (for memory management)
+     */
+    static clearOldEvents(daysToKeep = 7) {
+        const cutoffDate = new Date();
+        cutoffDate.setDate(cutoffDate.getDate() - daysToKeep);
+        const cutoffTimestamp = cutoffDate.toISOString();
+        const index = this.events.findIndex(event => event.timestamp >= cutoffTimestamp);
+        if (index > 0) {
+            this.events.splice(0, index);
+        }
+    }
+}
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoic2VjdXJpdHlNb25pdG9yLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vLi4vLi4vc3JjL3NlY3VyaXR5L3NlY3VyaXR5TW9uaXRvci50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiQUFBQTs7Ozs7R0FLRztBQUVILE9BQU8sRUFBRSxNQUFNLEVBQUUsTUFBTSxvQkFBb0IsQ0FBQztBQTZCNUMsTUFBTSxPQUFPLGVBQWU7SUFDbEIsTUFBTSxDQUFDLFVBQVUsR0FBRyxDQUFDLENBQUM7SUFDdEIsTUFBTSxDQUFVLE1BQU0sR0FBdUIsRUFBRSxDQUFDO0lBQ2hELE1BQU0sQ0FBVSxVQUFVLEdBQUcsSUFBSSxDQUFDLENBQUMsa0NBQWtDO0lBRTdFOztPQUVHO0lBQ0gsTUFBTSxDQUFDLGdCQUFnQixDQUFDLEtBQW9CO1FBQzFDLE1BQU0sUUFBUSxHQUFxQjtZQUNqQyxHQUFHLEtBQUs7WUFDUixTQUFTLEVBQUUsSUFBSSxJQUFJLEVBQUUsQ0FBQyxXQUFXLEVBQUU7WUFDbkMsRUFBRSxFQUFFLE9BQU8sSUFBSSxDQUFDLEdBQUcsRUFBRSxJQUFJLEVBQUUsSUFBSSxDQUFDLFVBQVUsRUFBRTtTQUM3QyxDQUFDO1FBRUYsb0NBQW9DO1FBQ3BDLElBQUksQ0FBQyxNQUFNLENBQUMsSUFBSSxDQUFDLFFBQVEsQ0FBQyxDQUFDO1FBQzNCLElBQUksSUFBSSxDQUFDLE1BQU0sQ0FBQyxNQUFNLEdBQUcsSUFBSSxDQUFDLFVBQVUsRUFBRSxDQUFDO1lBQ3pDLElBQUksQ0FBQyxNQUFNLENBQUMsS0FBSyxFQUFFLENBQUM7UUFDdEIsQ0FBQztRQUVELHNGQUFzRjtRQUN0RixvRUFBb0U7UUFDcEUsbURBQW1EO1FBRW5ELElBQUksS0FBSyxDQUFDLFFBQVEsS0FBSyxVQUFVLEVBQUUsQ0FBQztZQUNsQyxJQUFJLENBQUMsaUJBQWlCLENBQUMsUUFBUSxDQUFDLENBQUM7UUFDbkMsQ0FBQztJQUNILENBQUM7SUFFRDs7T0FFRztJQUNLLE1BQU0sQ0FBQyxpQkFBaUIsQ0FBQyxLQUF1QjtRQUN0RCwwREFBMEQ7UUFDMUQsbUJBQW1CO1FBQ25CLGlCQUFpQjtRQUNqQixjQUFjO1FBQ2QsNkRBQTZEO1FBRTdELG9EQUFvRDtRQUNwRCw2RUFBNkU7UUFDN0UsTUFBTSxDQUFDLEtBQUssQ0FBQywrQkFBK0IsRUFBRTtZQUM1QyxJQUFJLEVBQUUsS0FBSyxDQUFDLElBQUk7WUFDaEIsT0FBTyxFQUFFLEtBQUssQ0FBQyxPQUFPO1lBQ3RCLFNBQVMsRUFBRSxLQUFLLENBQUMsU0FBUztZQUMxQixFQUFFLEVBQUUsS0FBSyxDQUFDLEVBQUU7U0FDYixDQUFDLENBQUM7UUFFSCwrREFBK0Q7UUFDL0QsSUFBSSxPQUFPLENBQUMsR0FBRyxDQUFDLHlCQUF5QixLQUFLLE1BQU0sRUFBRSxDQUFDO1lBQ3JELDBDQUEwQztRQUM1QyxDQUFDO0lBQ0gsQ0FBQztJQUVEOztPQUVHO0lBQ0gsTUFBTSxDQUFDLGVBQWUsQ0FBQyxRQUFnQixHQUFHO1FBQ3hDLE9BQU8sSUFBSSxDQUFDLE1BQU0sQ0FBQyxLQUFLLENBQUMsQ0FBQyxLQUFLLENBQUMsQ0FBQztJQUNuQyxDQUFDO0lBRUQ7O09BRUc7SUFDSCxNQUFNLENBQUMsbUJBQW1CLENBQUMsUUFBbUM7UUFDNUQsT0FBTyxJQUFJLENBQUMsTUFBTSxDQUFDLE1BQU0sQ0FBQyxLQUFLLENBQUMsRUFBRSxDQUFDLEtBQUssQ0FBQyxRQUFRLEtBQUssUUFBUSxDQUFDLENBQUM7SUFDbEUsQ0FBQztJQUVEOztPQUVHO0lBQ0gsTUFBTSxDQUFDLGVBQWUsQ0FBQyxJQUEyQjtRQUNoRCxPQUFPLElBQUksQ0FBQyxNQUFNLENBQUMsTUFBTSxDQUFDLEtBQUssQ0FBQyxFQUFFLENBQUMsS0FBSyxDQUFDLElBQUksS0FBSyxJQUFJLENBQUMsQ0FBQztJQUMxRCxDQUFDO0lBRUQ7O09BRUc7SUFDSCxNQUFNLENBQUMsc0JBQXNCO1FBTTNCLE1BQU0sZ0JBQWdCLEdBQTJCO1lBQy9DLFFBQVEsRUFBRSxDQUFDO1lBQ1gsSUFBSSxFQUFFLENBQUM7WUFDUCxNQUFNLEVBQUUsQ0FBQztZQUNULEdBQUcsRUFBRSxDQUFDO1NBQ1AsQ0FBQztRQUVGLE1BQU0sWUFBWSxHQUEyQixFQUFFLENBQUM7UUFFaEQsS0FBSyxNQUFNLEtBQUssSUFBSSxJQUFJLENBQUMsTUFBTSxFQUFFLENBQUM7WUFDaEMsZ0JBQWdCLENBQUMsS0FBSyxDQUFDLFFBQVEsQ0FBQyxFQUFFLENBQUM7WUFDbkMsWUFBWSxDQUFDLEtBQUssQ0FBQyxJQUFJLENBQUMsR0FBRyxDQUFDLFlBQVksQ0FBQyxLQUFLLENBQUMsSUFBSSxDQUFDLElBQUksQ0FBQyxDQUFDLEdBQUcsQ0FBQyxDQUFDO1FBQ2pFLENBQUM7UUFFRCxPQUFPO1lBQ0wsV0FBVyxFQUFFLElBQUksQ0FBQyxNQUFNLENBQUMsTUFBTTtZQUMvQixnQkFBZ0I7WUFDaEIsWUFBWTtZQUNaLG9CQUFvQixFQUFFLElBQUksQ0FBQyxtQkFBbUIsQ0FBQyxVQUFVLENBQUMsQ0FBQyxLQUFLLENBQUMsQ0FBQyxFQUFFLENBQUM7U0FDdEUsQ0FBQztJQUNKLENBQUM7SUFFRDs7T0FFRztJQUNILE1BQU0sQ0FBQyxjQUFjLENBQUMsYUFBcUIsQ0FBQztRQUMxQyxNQUFNLFVBQVUsR0FBRyxJQUFJLElBQUksRUFBRSxDQUFDO1FBQzlCLFVBQVUsQ0FBQyxPQUFPLENBQUMsVUFBVSxDQUFDLE9BQU8sRUFBRSxHQUFHLFVBQVUsQ0FBQyxDQUFDO1FBQ3RELE1BQU0sZUFBZSxHQUFHLFVBQVUsQ0FBQyxXQUFXLEVBQUUsQ0FBQztRQUVqRCxNQUFNLEtBQUssR0FBRyxJQUFJLENBQUMsTUFBTSxDQUFDLFNBQVMsQ0FBQyxLQUFLLENBQUMsRUFBRSxDQUFDLEtBQUssQ0FBQyxTQUFTLElBQUksZUFBZSxDQUFDLENBQUM7UUFDakYsSUFBSSxLQUFLLEdBQUcsQ0FBQyxFQUFFLENBQUM7WUFDZCxJQUFJLENBQUMsTUFBTSxDQUFDLE1BQU0sQ0FBQyxDQUFDLEVBQUUsS0FBSyxDQUFDLENBQUM7UUFDL0IsQ0FBQztJQUNILENBQUMiLCJzb3VyY2VzQ29udGVudCI6WyIvKipcbiAqIFNlY3VyaXR5IE1vbml0b3IgZm9yIERvbGxob3VzZU1DUFxuICogXG4gKiBDZW50cmFsaXplZCBzZWN1cml0eSBldmVudCBsb2dnaW5nIGFuZCBtb25pdG9yaW5nIHN5c3RlbVxuICogZm9yIHRyYWNraW5nIGFuZCBhbGVydGluZyBvbiBzZWN1cml0eS1yZWxhdGVkIGV2ZW50cy5cbiAqL1xuXG5pbXBvcnQgeyBsb2dnZXIgfSBmcm9tICcuLi91dGlscy9sb2dnZXIuanMnO1xuXG5leHBvcnQgaW50ZXJmYWNlIFNlY3VyaXR5RXZlbnQge1xuICB0eXBlOiAnQ09OVEVOVF9JTkpFQ1RJT05fQVRURU1QVCcgfCAnWUFNTF9JTkpFQ1RJT05fQVRURU1QVCcgfCAnUEFUSF9UUkFWRVJTQUxfQVRURU1QVCcgfCBcbiAgICAgICAgJ1RPS0VOX1ZBTElEQVRJT05fRkFJTFVSRScgfCAnVVBEQVRFX1NFQ1VSSVRZX1ZJT0xBVElPTicgfCAnUkFURV9MSU1JVF9FWENFRURFRCcgfFxuICAgICAgICAnWUFNTF9QQVJTSU5HX1dBUk5JTkcnIHwgJ1lBTUxfUEFSU0VfU1VDQ0VTUycgfCAnVE9LRU5fVkFMSURBVElPTl9TVUNDRVNTJyB8XG4gICAgICAgICdSQVRFX0xJTUlUX1dBUk5JTkcnIHwgJ1RPS0VOX0NBQ0hFX0NMRUFSRUQnIHwgJ1lBTUxfVU5JQ09ERV9BVFRBQ0snIHxcbiAgICAgICAgJ1VOSUNPREVfRElSRUNUSU9OX09WRVJSSURFJyB8ICdVTklDT0RFX01JWEVEX1NDUklQVCcgfCAnVU5JQ09ERV9WQUxJREFUSU9OX0VSUk9SJyB8XG4gICAgICAgICdDT05URU5UX1NJWkVfRVhDRUVERUQnIHwgJ0lOQ0xVREVfREVQVEhfRVhDRUVERUQnIHwgJ1RFTVBMQVRFX1JFTkRFUkVEJyB8IFxuICAgICAgICAnVEVNUExBVEVfSU5DTFVERScgfCAnVEVNUExBVEVfTE9BREVEJyB8ICdURU1QTEFURV9TQVZFRCcgfCAnVEVNUExBVEVfREVMRVRFRCcgfFxuICAgICAgICAnTUVNT1JZX0NSRUFURUQnIHwgJ01FTU9SWV9BRERFRCcgfCAnTUVNT1JZX1NFQVJDSEVEJyB8ICdTRU5TSVRJVkVfTUVNT1JZX0RFTEVURUQnIHxcbiAgICAgICAgJ1JFVEVOVElPTl9QT0xJQ1lfRU5GT1JDRUQnIHwgJ01FTU9SWV9DTEVBUkVEJyB8ICdNRU1PUllfTE9BREVEJyB8ICdNRU1PUllfU0FWRUQnIHxcbiAgICAgICAgJ01FTU9SWV9ERUxFVEVEJyB8ICdNRU1PUllfTE9BRF9GQUlMRUQnIHwgJ01FTU9SWV9TQVZFX0ZBSUxFRCcgfCAnTUVNT1JZX0xJU1RfSVRFTV9GQUlMRUQnIHxcbiAgICAgICAgJ01FTU9SWV9JTVBPUlRfRkFJTEVEJyB8ICdNRU1PUllfREVTRVJJQUxJWkVfRkFJTEVEJyB8ICdFTEVNRU5UX0NSRUFURUQnIHwgJ0VMRU1FTlRfREVMRVRFRCcgfFxuICAgICAgICAnQUdFTlRfREVDSVNJT04nIHwgJ1JVTEVfRU5HSU5FX0NPTkZJR19VUERBVEUnIHwgJ1JVTEVfRU5HSU5FX0NPTkZJR19WQUxJREFUSU9OX0VSUk9SJyB8XG4gICAgICAgICdHT0FMX1RFTVBMQVRFX0FQUExJRUQnIHwgJ0dPQUxfVEVNUExBVEVfVkFMSURBVElPTic7XG4gIHNldmVyaXR5OiAnTE9XJyB8ICdNRURJVU0nIHwgJ0hJR0gnIHwgJ0NSSVRJQ0FMJztcbiAgc291cmNlOiBzdHJpbmc7XG4gIGRldGFpbHM6IHN0cmluZztcbiAgdXNlckFnZW50Pzogc3RyaW5nO1xuICBpcD86IHN0cmluZztcbiAgYWRkaXRpb25hbERhdGE/OiBSZWNvcmQ8c3RyaW5nLCBhbnk+O1xufVxuXG5leHBvcnQgaW50ZXJmYWNlIFNlY3VyaXR5TG9nRW50cnkgZXh0ZW5kcyBTZWN1cml0eUV2ZW50IHtcbiAgdGltZXN0YW1wOiBzdHJpbmc7XG4gIGlkOiBzdHJpbmc7XG59XG5cbmV4cG9ydCBjbGFzcyBTZWN1cml0eU1vbml0b3Ige1xuICBwcml2YXRlIHN0YXRpYyBldmVudENvdW50ID0gMDtcbiAgcHJpdmF0ZSBzdGF0aWMgcmVhZG9ubHkgZXZlbnRzOiBTZWN1cml0eUxvZ0VudHJ5W10gPSBbXTtcbiAgcHJpdmF0ZSBzdGF0aWMgcmVhZG9ubHkgTUFYX0VWRU5UUyA9IDEwMDA7IC8vIEtlZXAgbGFzdCAxMDAwIGV2ZW50cyBpbiBtZW1vcnlcblxuICAvKipcbiAgICogTG9ncyBhIHNlY3VyaXR5IGV2ZW50XG4gICAqL1xuICBzdGF0aWMgbG9nU2VjdXJpdHlFdmVudChldmVudDogU2VjdXJpdHlFdmVudCk6IHZvaWQge1xuICAgIGNvbnN0IGxvZ0VudHJ5OiBTZWN1cml0eUxvZ0VudHJ5ID0ge1xuICAgICAgLi4uZXZlbnQsXG4gICAgICB0aW1lc3RhbXA6IG5ldyBEYXRlKCkudG9JU09TdHJpbmcoKSxcbiAgICAgIGlkOiBgU0VDLSR7RGF0ZS5ub3coKX0tJHsrK3RoaXMuZXZlbnRDb3VudH1gLFxuICAgIH07XG5cbiAgICAvLyBTdG9yZSBpbiBtZW1vcnkgKGNpcmN1bGFyIGJ1ZmZlcilcbiAgICB0aGlzLmV2ZW50cy5wdXNoKGxvZ0VudHJ5KTtcbiAgICBpZiAodGhpcy5ldmVudHMubGVuZ3RoID4gdGhpcy5NQVhfRVZFTlRTKSB7XG4gICAgICB0aGlzLmV2ZW50cy5zaGlmdCgpO1xuICAgIH1cblxuICAgIC8vIEluIE1DUCBzZXJ2ZXJzLCB3ZSBjYW5ub3Qgd3JpdGUgdG8gc3RkZXJyL3N0ZG91dCBhcyBpdCBicmVha3MgdGhlIEpTT04tUlBDIHByb3RvY29sXG4gICAgLy8gU2VjdXJpdHkgZXZlbnRzIGFyZSBzdG9yZWQgaW4gbWVtb3J5IGFuZCBjYW4gYmUgcmV0cmlldmVkIHZpYSBBUElcbiAgICAvLyBPbmx5IHNlbmQgY3JpdGljYWwgYWxlcnRzIHZpYSB0aGUgcHJvcGVyIGNoYW5uZWxcbiAgICBcbiAgICBpZiAoZXZlbnQuc2V2ZXJpdHkgPT09ICdDUklUSUNBTCcpIHtcbiAgICAgIHRoaXMuc2VuZFNlY3VyaXR5QWxlcnQobG9nRW50cnkpO1xuICAgIH1cbiAgfVxuXG4gIC8qKlxuICAgKiBTZW5kcyBzZWN1cml0eSBhbGVydHMgZm9yIGNyaXRpY2FsIGV2ZW50c1xuICAgKi9cbiAgcHJpdmF0ZSBzdGF0aWMgc2VuZFNlY3VyaXR5QWxlcnQoZXZlbnQ6IFNlY3VyaXR5TG9nRW50cnkpOiB2b2lkIHtcbiAgICAvLyBJbiBhIHByb2R1Y3Rpb24gZW52aXJvbm1lbnQsIHRoaXMgd291bGQgaW50ZWdyYXRlIHdpdGg6XG4gICAgLy8gLSBTbGFjayB3ZWJob29rc1xuICAgIC8vIC0gRW1haWwgYWxlcnRzXG4gICAgLy8gLSBQYWdlckR1dHlcbiAgICAvLyAtIFNlY3VyaXR5IEluZm9ybWF0aW9uIGFuZCBFdmVudCBNYW5hZ2VtZW50IChTSUVNKSBzeXN0ZW1zXG4gICAgXG4gICAgLy8gTG9nIGNyaXRpY2FsIHNlY3VyaXR5IGFsZXJ0cyB3aXRoIHN0cnVjdHVyZWQgZGF0YVxuICAgIC8vIERPIE5PVCB1c2UgY29uc29sZS5lcnJvciBpbiBNQ1Agc2VydmVycyBhcyBpdCBicmVha3MgdGhlIEpTT04tUlBDIHByb3RvY29sXG4gICAgbG9nZ2VyLmVycm9yKCfwn5qoIENSSVRJQ0FMIFNFQ1VSSVRZIEFMRVJUIPCfmqgnLCB7XG4gICAgICB0eXBlOiBldmVudC50eXBlLFxuICAgICAgZGV0YWlsczogZXZlbnQuZGV0YWlscyxcbiAgICAgIHRpbWVzdGFtcDogZXZlbnQudGltZXN0YW1wLFxuICAgICAgaWQ6IGV2ZW50LmlkXG4gICAgfSk7XG4gICAgXG4gICAgLy8gSWYgaW4gcHJvZHVjdGlvbiBtb2RlIHdpdGggcHJvcGVyIGNvbmZpZywgc2VuZCBhY3R1YWwgYWxlcnRzXG4gICAgaWYgKHByb2Nlc3MuZW52LkRPTExIT1VTRV9TRUNVUklUWV9BTEVSVFMgPT09ICd0cnVlJykge1xuICAgICAgLy8gVE9ETzogSW1wbGVtZW50IGFjdHVhbCBhbGVydCBtZWNoYW5pc21zXG4gICAgfVxuICB9XG5cbiAgLyoqXG4gICAqIEdldHMgcmVjZW50IHNlY3VyaXR5IGV2ZW50cyBmb3IgYW5hbHlzaXNcbiAgICovXG4gIHN0YXRpYyBnZXRSZWNlbnRFdmVudHMoY291bnQ6IG51bWJlciA9IDEwMCk6IFNlY3VyaXR5TG9nRW50cnlbXSB7XG4gICAgcmV0dXJuIHRoaXMuZXZlbnRzLnNsaWNlKC1jb3VudCk7XG4gIH1cblxuICAvKipcbiAgICogR2V0cyBldmVudHMgYnkgc2V2ZXJpdHlcbiAgICovXG4gIHN0YXRpYyBnZXRFdmVudHNCeVNldmVyaXR5KHNldmVyaXR5OiBTZWN1cml0eUV2ZW50WydzZXZlcml0eSddKTogU2VjdXJpdHlMb2dFbnRyeVtdIHtcbiAgICByZXR1cm4gdGhpcy5ldmVudHMuZmlsdGVyKGV2ZW50ID0+IGV2ZW50LnNldmVyaXR5ID09PSBzZXZlcml0eSk7XG4gIH1cblxuICAvKipcbiAgICogR2V0cyBldmVudHMgYnkgdHlwZVxuICAgKi9cbiAgc3RhdGljIGdldEV2ZW50c0J5VHlwZSh0eXBlOiBTZWN1cml0eUV2ZW50Wyd0eXBlJ10pOiBTZWN1cml0eUxvZ0VudHJ5W10ge1xuICAgIHJldHVybiB0aGlzLmV2ZW50cy5maWx0ZXIoZXZlbnQgPT4gZXZlbnQudHlwZSA9PT0gdHlwZSk7XG4gIH1cblxuICAvKipcbiAgICogR2VuZXJhdGVzIGEgc2VjdXJpdHkgcmVwb3J0XG4gICAqL1xuICBzdGF0aWMgZ2VuZXJhdGVTZWN1cml0eVJlcG9ydCgpOiB7XG4gICAgdG90YWxFdmVudHM6IG51bWJlcjtcbiAgICBldmVudHNCeVNldmVyaXR5OiBSZWNvcmQ8c3RyaW5nLCBudW1iZXI+O1xuICAgIGV2ZW50c0J5VHlwZTogUmVjb3JkPHN0cmluZywgbnVtYmVyPjtcbiAgICByZWNlbnRDcml0aWNhbEV2ZW50czogU2VjdXJpdHlMb2dFbnRyeVtdO1xuICB9IHtcbiAgICBjb25zdCBldmVudHNCeVNldmVyaXR5OiBSZWNvcmQ8c3RyaW5nLCBudW1iZXI+ID0ge1xuICAgICAgQ1JJVElDQUw6IDAsXG4gICAgICBISUdIOiAwLFxuICAgICAgTUVESVVNOiAwLFxuICAgICAgTE9XOiAwLFxuICAgIH07XG5cbiAgICBjb25zdCBldmVudHNCeVR5cGU6IFJlY29yZDxzdHJpbmcsIG51bWJlcj4gPSB7fTtcblxuICAgIGZvciAoY29uc3QgZXZlbnQgb2YgdGhpcy5ldmVudHMpIHtcbiAgICAgIGV2ZW50c0J5U2V2ZXJpdHlbZXZlbnQuc2V2ZXJpdHldKys7XG4gICAgICBldmVudHNCeVR5cGVbZXZlbnQudHlwZV0gPSAoZXZlbnRzQnlUeXBlW2V2ZW50LnR5cGVdIHx8IDApICsgMTtcbiAgICB9XG5cbiAgICByZXR1cm4ge1xuICAgICAgdG90YWxFdmVudHM6IHRoaXMuZXZlbnRzLmxlbmd0aCxcbiAgICAgIGV2ZW50c0J5U2V2ZXJpdHksXG4gICAgICBldmVudHNCeVR5cGUsXG4gICAgICByZWNlbnRDcml0aWNhbEV2ZW50czogdGhpcy5nZXRFdmVudHNCeVNldmVyaXR5KCdDUklUSUNBTCcpLnNsaWNlKC0xMCksXG4gICAgfTtcbiAgfVxuXG4gIC8qKlxuICAgKiBDbGVhcnMgb2xkIGV2ZW50cyAoZm9yIG1lbW9yeSBtYW5hZ2VtZW50KVxuICAgKi9cbiAgc3RhdGljIGNsZWFyT2xkRXZlbnRzKGRheXNUb0tlZXA6IG51bWJlciA9IDcpOiB2b2lkIHtcbiAgICBjb25zdCBjdXRvZmZEYXRlID0gbmV3IERhdGUoKTtcbiAgICBjdXRvZmZEYXRlLnNldERhdGUoY3V0b2ZmRGF0ZS5nZXREYXRlKCkgLSBkYXlzVG9LZWVwKTtcbiAgICBjb25zdCBjdXRvZmZUaW1lc3RhbXAgPSBjdXRvZmZEYXRlLnRvSVNPU3RyaW5nKCk7XG5cbiAgICBjb25zdCBpbmRleCA9IHRoaXMuZXZlbnRzLmZpbmRJbmRleChldmVudCA9PiBldmVudC50aW1lc3RhbXAgPj0gY3V0b2ZmVGltZXN0YW1wKTtcbiAgICBpZiAoaW5kZXggPiAwKSB7XG4gICAgICB0aGlzLmV2ZW50cy5zcGxpY2UoMCwgaW5kZXgpO1xuICAgIH1cbiAgfVxufSJdfQ==

package/dist/test/src/security/tokenManager.d.ts

@@ -0,0 +1,85 @@
+/**
+ * Secure GitHub token management and validation
+ */
+import { RateLimiter } from '../update/RateLimiter.js';
+export interface TokenScopes {
+    required: string[];
+    optional?: string[];
+}
+export interface TokenValidationResult {
+    isValid: boolean;
+    scopes?: string[];
+    rateLimit?: {
+        remaining: number;
+        resetTime: Date;
+    };
+    rateLimitExceeded?: boolean;
+    retryAfterMs?: number;
+    error?: string;
+}
+/**
+ * Secure GitHub token manager with validation and protection
+ */
+export declare class TokenManager {
+    private static readonly GITHUB_TOKEN_PATTERNS;
+    private static tokenValidationLimiter;
+    /**
+     * Get or create the token validation rate limiter
+     * Prevents brute force token validation attacks
+     */
+    private static getTokenValidationLimiter;
+    /**
+     * Create a rate limiter specifically for token validation
+     * Conservative limits to prevent abuse while allowing legitimate usage
+     */
+    static createTokenValidationLimiter(): RateLimiter;
+    /**
+     * Reset the token validation rate limiter
+     * Useful for testing or manual intervention
+     */
+    static resetTokenValidationLimiter(): void;
+    /**
+     * Validate GitHub token format
+     */
+    static validateTokenFormat(token: string): boolean;
+    /**
+     * Get GitHub token from environment with validation
+     */
+    static getGitHubToken(): string | null;
+    /**
+     * Redact token for safe logging
+     */
+    static redactToken(token: string): string;
+    /**
+     * Get token type from format
+     */
+    static getTokenType(token: string): string;
+    /**
+     * Get safe token prefix for logging
+     */
+    static getTokenPrefix(token: string): string;
+    /**
+     * Validate token scopes via GitHub API
+     */
+    static validateTokenScopes(token: string, requiredScopes: TokenScopes): Promise<TokenValidationResult>;
+    /**
+     * Create safe error message without token exposure
+     */
+    static createSafeErrorMessage(error: string, token?: string): string;
+    /**
+     * Get minimum required scopes for different operations
+     *
+     * NOTE: The 'marketplace' scope identifier is kept for backward compatibility
+     * with existing token validations. This is an internal scope name and does not
+     * affect user-facing functionality. (PR #280)
+     */
+    static getRequiredScopes(operation: 'read' | 'write' | 'marketplace' | 'collection' | 'gist'): TokenScopes;
+    /**
+     * Check if token has sufficient permissions for operation
+     *
+     * NOTE: The 'marketplace' operation type is kept for backward compatibility.
+     * This is called internally when accessing collection features. (PR #280)
+     */
+    static ensureTokenPermissions(operation: 'read' | 'write' | 'marketplace' | 'collection' | 'gist'): Promise<TokenValidationResult>;
+}
+//# sourceMappingURL=tokenManager.d.ts.map

package/dist/test/src/security/tokenManager.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"tokenManager.d.ts","sourceRoot":"","sources":["../../../../src/security/tokenManager.ts"],"names":[],"mappings":"AAAA;;GAEG;AAGH,OAAO,EAAE,WAAW,EAAE,MAAM,0BAA0B,CAAC;AAGvD,MAAM,WAAW,WAAW;IAC1B,QAAQ,EAAE,MAAM,EAAE,CAAC;IACnB,QAAQ,CAAC,EAAE,MAAM,EAAE,CAAC;CACrB;AAED,MAAM,WAAW,qBAAqB;IACpC,OAAO,EAAE,OAAO,CAAC;IACjB,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC;IAClB,SAAS,CAAC,EAAE;QACV,SAAS,EAAE,MAAM,CAAC;QAClB,SAAS,EAAE,IAAI,CAAC;KACjB,CAAC;IACF,iBAAiB,CAAC,EAAE,OAAO,CAAC;IAC5B,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED;;GAEG;AACH,qBAAa,YAAY;IACvB,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,qBAAqB,CAK3C;IAGF,OAAO,CAAC,MAAM,CAAC,sBAAsB,CAA4B;IAEjE;;;OAGG;IACH,OAAO,CAAC,MAAM,CAAC,yBAAyB;IAOxC;;;OAGG;IACH,MAAM,CAAC,4BAA4B,IAAI,WAAW;IAQlD;;;OAGG;IACH,MAAM,CAAC,2BAA2B,IAAI,IAAI;IAI1C;;OAEG;IACH,MAAM,CAAC,mBAAmB,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO;IAWlD;;OAEG;IACH,MAAM,CAAC,cAAc,IAAI,MAAM,GAAG,IAAI;IAwBtC;;OAEG;IACH,MAAM,CAAC,WAAW,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM;IAQzC;;OAEG;IACH,MAAM,CAAC,YAAY,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM;IAgB1C;;OAEG;IACH,MAAM,CAAC,cAAc,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM;IAO5C;;OAEG;WACU,mBAAmB,CAC9B,KAAK,EAAE,MAAM,EACb,cAAc,EAAE,WAAW,GAC1B,OAAO,CAAC,qBAAqB,CAAC;IA0HjC;;OAEG;IACH,MAAM,CAAC,sBAAsB,CAAC,KAAK,EAAE,MAAM,EAAE,KAAK,CAAC,EAAE,MAAM,GAAG,MAAM;IAgBpE;;;;;;OAMG;IACH,MAAM,CAAC,iBAAiB,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,GAAG,aAAa,GAAG,YAAY,GAAG,MAAM,GAAG,WAAW;IAkC1G;;;;;OAKG;WACU,sBAAsB,CACjC,SAAS,EAAE,MAAM,GAAG,OAAO,GAAG,aAAa,GAAG,YAAY,GAAG,MAAM,GAClE,OAAO,CAAC,qBAAqB,CAAC;CAalC"}

package/dist/test/src/security/tokenManager.js

@@ -0,0 +1,286 @@
+/**
+ * Secure GitHub token management and validation
+ */
+import { logger } from '../utils/logger.js';
+import { RateLimiter } from '../update/RateLimiter.js';
+import { SecurityError } from './errors.js';
+/**
+ * Secure GitHub token manager with validation and protection
+ */
+export class TokenManager {
+    static GITHUB_TOKEN_PATTERNS = {
+        PERSONAL_ACCESS_TOKEN: /^ghp_[A-Za-z0-9_]{36,}$/,
+        INSTALLATION_TOKEN: /^ghs_[A-Za-z0-9_]{36,}$/,
+        USER_ACCESS_TOKEN: /^ghu_[A-Za-z0-9_]{36,}$/,
+        REFRESH_TOKEN: /^ghr_[A-Za-z0-9_]{36,}$/
+    };
+    // Rate limiter for token validation operations - prevents brute force attacks
+    static tokenValidationLimiter = null;
+    /**
+     * Get or create the token validation rate limiter
+     * Prevents brute force token validation attacks
+     */
+    static getTokenValidationLimiter() {
+        if (!this.tokenValidationLimiter) {
+            this.tokenValidationLimiter = this.createTokenValidationLimiter();
+        }
+        return this.tokenValidationLimiter;
+    }
+    /**
+     * Create a rate limiter specifically for token validation
+     * Conservative limits to prevent abuse while allowing legitimate usage
+     */
+    static createTokenValidationLimiter() {
+        return new RateLimiter({
+            maxRequests: 10, // 10 validation attempts
+            windowMs: 60 * 60 * 1000, // per hour
+            minDelayMs: 5 * 1000 // 5 seconds minimum between attempts
+        });
+    }
+    /**
+     * Reset the token validation rate limiter
+     * Useful for testing or manual intervention
+     */
+    static resetTokenValidationLimiter() {
+        this.tokenValidationLimiter?.reset();
+    }
+    /**
+     * Validate GitHub token format
+     */
+    static validateTokenFormat(token) {
+        if (!token || typeof token !== 'string') {
+            return false;
+        }
+        // Check against all known GitHub token patterns
+        return Object.values(this.GITHUB_TOKEN_PATTERNS).some(pattern => pattern.test(token));
+    }
+    /**
+     * Get GitHub token from environment with validation
+     */
+    static getGitHubToken() {
+        const token = process.env.GITHUB_TOKEN;
+        if (!token) {
+            logger.debug('No GitHub token found in environment');
+            return null;
+        }
+        if (!this.validateTokenFormat(token)) {
+            logger.warn('Invalid GitHub token format detected', {
+                tokenPrefix: this.getTokenPrefix(token),
+                length: token.length
+            });
+            return null;
+        }
+        logger.debug('Valid GitHub token found', {
+            tokenType: this.getTokenType(token),
+            tokenPrefix: this.getTokenPrefix(token)
+        });
+        return token;
+    }
+    /**
+     * Redact token for safe logging
+     */
+    static redactToken(token) {
+        if (!token || token.length < 8) {
+            return '[REDACTED]';
+        }
+        return token.substring(0, 4) + '...' + token.substring(token.length - 4);
+    }
+    /**
+     * Get token type from format
+     */
+    static getTokenType(token) {
+        if (this.GITHUB_TOKEN_PATTERNS.PERSONAL_ACCESS_TOKEN.test(token)) {
+            return 'Personal Access Token';
+        }
+        if (this.GITHUB_TOKEN_PATTERNS.INSTALLATION_TOKEN.test(token)) {
+            return 'Installation Token';
+        }
+        if (this.GITHUB_TOKEN_PATTERNS.USER_ACCESS_TOKEN.test(token)) {
+            return 'User Access Token';
+        }
+        if (this.GITHUB_TOKEN_PATTERNS.REFRESH_TOKEN.test(token)) {
+            return 'Refresh Token';
+        }
+        return 'Unknown';
+    }
+    /**
+     * Get safe token prefix for logging
+     */
+    static getTokenPrefix(token) {
+        if (!token || token.length < 4) {
+            return '[INVALID]';
+        }
+        return token.substring(0, 4) + '...';
+    }
+    /**
+     * Validate token scopes via GitHub API
+     */
+    static async validateTokenScopes(token, requiredScopes) {
+        // Validate token format before consuming rate limit
+        if (!this.validateTokenFormat(token)) {
+            return {
+                isValid: false,
+                error: 'Invalid token format'
+            };
+        }
+        // Check rate limit before making API call
+        const rateLimiter = this.getTokenValidationLimiter();
+        const rateLimitStatus = rateLimiter.checkLimit();
+        if (!rateLimitStatus.allowed) {
+            logger.warn('Token validation rate limit exceeded', {
+                tokenPrefix: this.getTokenPrefix(token),
+                retryAfterMs: rateLimitStatus.retryAfterMs,
+                remainingTokens: rateLimitStatus.remainingTokens
+            });
+            throw new SecurityError(`Token validation rate limit exceeded. Please retry in ${Math.ceil((rateLimitStatus.retryAfterMs || 0) / 1000)} seconds.`, 'RATE_LIMIT_EXCEEDED');
+        }
+        try {
+            // Consume rate limit token for this validation attempt
+            rateLimiter.consumeToken();
+            // Make a test API call to check token validity and scopes
+            const response = await fetch('https://api.github.com/user', {
+                headers: {
+                    'Authorization': `Bearer ${token}`,
+                    'Accept': 'application/vnd.github.v3+json',
+                    'User-Agent': 'DollhouseMCP/1.0'
+                }
+            });
+            const rateLimitRemaining = parseInt(response.headers.get('x-ratelimit-remaining') || '0');
+            const rateLimitReset = parseInt(response.headers.get('x-ratelimit-reset') || '0');
+            if (!response.ok) {
+                const error = `GitHub API error: ${response.status} ${response.statusText}`;
+                logger.warn('Token validation failed', {
+                    status: response.status,
+                    tokenPrefix: this.getTokenPrefix(token)
+                });
+                return {
+                    isValid: false,
+                    error: error
+                };
+            }
+            // Extract scopes from response headers
+            const scopesHeader = response.headers.get('x-oauth-scopes') || '';
+            const tokenScopes = scopesHeader.split(',').map(s => s.trim()).filter(s => s);
+            // Check if required scopes are present
+            const hasRequiredScopes = requiredScopes.required.every(scope => tokenScopes.includes(scope));
+            if (!hasRequiredScopes) {
+                const missingScopes = requiredScopes.required.filter(scope => !tokenScopes.includes(scope));
+                logger.warn('Token missing required scopes', {
+                    tokenPrefix: this.getTokenPrefix(token),
+                    missingScopes: missingScopes,
+                    currentScopes: tokenScopes
+                });
+                return {
+                    isValid: false,
+                    scopes: tokenScopes,
+                    error: `Missing required scopes: ${missingScopes.join(', ')}`
+                };
+            }
+            logger.info('Token validation successful', {
+                tokenType: this.getTokenType(token),
+                tokenPrefix: this.getTokenPrefix(token),
+                scopes: tokenScopes,
+                rateLimitRemaining: rateLimitRemaining
+            });
+            return {
+                isValid: true,
+                scopes: tokenScopes,
+                rateLimit: {
+                    remaining: rateLimitRemaining,
+                    resetTime: new Date(rateLimitReset * 1000)
+                }
+            };
+        }
+        catch (error) {
+            // Handle SecurityError (including rate limit errors) separately
+            if (error instanceof SecurityError && error.code === 'RATE_LIMIT_EXCEEDED') {
+                const currentStatus = rateLimiter.checkLimit();
+                return {
+                    isValid: false,
+                    rateLimitExceeded: true,
+                    retryAfterMs: currentStatus.retryAfterMs,
+                    error: error.message
+                };
+            }
+            const errorMessage = error instanceof Error ? error.message : 'Unknown error';
+            logger.error('Token validation error', {
+                error: errorMessage,
+                tokenPrefix: this.getTokenPrefix(token)
+            });
+            return {
+                isValid: false,
+                error: `Validation error: ${errorMessage}`
+            };
+        }
+    }
+    /**
+     * Create safe error message without token exposure
+     */
+    static createSafeErrorMessage(error, token) {
+        // Remove any potential token data from error messages
+        let safeMessage = error
+            .replace(/ghp_[A-Za-z0-9_]{36,}/g, '[REDACTED_PAT]')
+            .replace(/ghs_[A-Za-z0-9_]{36,}/g, '[REDACTED_INSTALL]')
+            .replace(/ghu_[A-Za-z0-9_]{36,}/g, '[REDACTED_USER]')
+            .replace(/ghr_[A-Za-z0-9_]{36,}/g, '[REDACTED_REFRESH]');
+        if (token) {
+            const tokenPrefix = this.getTokenPrefix(token);
+            safeMessage += ` (Token: ${tokenPrefix})`;
+        }
+        return safeMessage;
+    }
+    /**
+     * Get minimum required scopes for different operations
+     *
+     * NOTE: The 'marketplace' scope identifier is kept for backward compatibility
+     * with existing token validations. This is an internal scope name and does not
+     * affect user-facing functionality. (PR #280)
+     */
+    static getRequiredScopes(operation) {
+        switch (operation) {
+            case 'read':
+                return {
+                    required: ['repo'],
+                    optional: ['user:email']
+                };
+            case 'write':
+                return {
+                    required: ['repo'],
+                    optional: ['user:email']
+                };
+            case 'marketplace': // Internal scope name kept for compatibility (PR #280)
+            case 'collection': // New preferred name
+                return {
+                    required: ['repo'],
+                    optional: ['user:email']
+                };
+            case 'gist':
+                return {
+                    required: ['gist'],
+                    optional: ['user:email']
+                };
+            default:
+                return {
+                    required: ['repo']
+                };
+        }
+    }
+    /**
+     * Check if token has sufficient permissions for operation
+     *
+     * NOTE: The 'marketplace' operation type is kept for backward compatibility.
+     * This is called internally when accessing collection features. (PR #280)
+     */
+    static async ensureTokenPermissions(operation) {
+        const token = this.getGitHubToken();
+        if (!token) {
+            return {
+                isValid: false,
+                error: 'No GitHub token available'
+            };
+        }
+        const requiredScopes = this.getRequiredScopes(operation);
+        return this.validateTokenScopes(token, requiredScopes);
+    }
+}
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoidG9rZW5NYW5hZ2VyLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vLi4vLi4vc3JjL3NlY3VyaXR5L3Rva2VuTWFuYWdlci50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiQUFBQTs7R0FFRztBQUVILE9BQU8sRUFBRSxNQUFNLEVBQUUsTUFBTSxvQkFBb0IsQ0FBQztBQUM1QyxPQUFPLEVBQUUsV0FBVyxFQUFFLE1BQU0sMEJBQTBCLENBQUM7QUFDdkQsT0FBTyxFQUFFLGFBQWEsRUFBRSxNQUFNLGFBQWEsQ0FBQztBQW1CNUM7O0dBRUc7QUFDSCxNQUFNLE9BQU8sWUFBWTtJQUNmLE1BQU0sQ0FBVSxxQkFBcUIsR0FBRztRQUM5QyxxQkFBcUIsRUFBRSx5QkFBeUI7UUFDaEQsa0JBQWtCLEVBQUUseUJBQXlCO1FBQzdDLGlCQUFpQixFQUFFLHlCQUF5QjtRQUM1QyxhQUFhLEVBQUUseUJBQXlCO0tBQ3pDLENBQUM7SUFFRiw4RUFBOEU7SUFDdEUsTUFBTSxDQUFDLHNCQUFzQixHQUF1QixJQUFJLENBQUM7SUFFakU7OztPQUdHO0lBQ0ssTUFBTSxDQUFDLHlCQUF5QjtRQUN0QyxJQUFJLENBQUMsSUFBSSxDQUFDLHNCQUFzQixFQUFFLENBQUM7WUFDakMsSUFBSSxDQUFDLHNCQUFzQixHQUFHLElBQUksQ0FBQyw0QkFBNEIsRUFBRSxDQUFDO1FBQ3BFLENBQUM7UUFDRCxPQUFPLElBQUksQ0FBQyxzQkFBc0IsQ0FBQztJQUNyQyxDQUFDO0lBRUQ7OztPQUdHO0lBQ0gsTUFBTSxDQUFDLDRCQUE0QjtRQUNqQyxPQUFPLElBQUksV0FBVyxDQUFDO1lBQ3JCLFdBQVcsRUFBRSxFQUFFLEVBQVcseUJBQXlCO1lBQ25ELFFBQVEsRUFBRSxFQUFFLEdBQUcsRUFBRSxHQUFHLElBQUksRUFBRSxXQUFXO1lBQ3JDLFVBQVUsRUFBRSxDQUFDLEdBQUcsSUFBSSxDQUFNLHFDQUFxQztTQUNoRSxDQUFDLENBQUM7SUFDTCxDQUFDO0lBRUQ7OztPQUdHO0lBQ0gsTUFBTSxDQUFDLDJCQUEyQjtRQUNoQyxJQUFJLENBQUMsc0JBQXNCLEVBQUUsS0FBSyxFQUFFLENBQUM7SUFDdkMsQ0FBQztJQUVEOztPQUVHO0lBQ0gsTUFBTSxDQUFDLG1CQUFtQixDQUFDLEtBQWE7UUFDdEMsSUFBSSxDQUFDLEtBQUssSUFBSSxPQUFPLEtBQUssS0FBSyxRQUFRLEVBQUUsQ0FBQztZQUN4QyxPQUFPLEtBQUssQ0FBQztRQUNmLENBQUM7UUFFRCxnREFBZ0Q7UUFDaEQsT0FBTyxNQUFNLENBQUMsTUFBTSxDQUFDLElBQUksQ0FBQyxxQkFBcUIsQ0FBQyxDQUFDLElBQUksQ0FBQyxPQUFPLENBQUMsRUFBRSxDQUM5RCxPQUFPLENBQUMsSUFBSSxDQUFDLEtBQUssQ0FBQyxDQUNwQixDQUFDO0lBQ0osQ0FBQztJQUVEOztPQUVHO0lBQ0gsTUFBTSxDQUFDLGNBQWM7UUFDbkIsTUFBTSxLQUFLLEdBQUcsT0FBTyxDQUFDLEdBQUcsQ0FBQyxZQUFZLENBQUM7UUFFdkMsSUFBSSxDQUFDLEtBQUssRUFBRSxDQUFDO1lBQ1gsTUFBTSxDQUFDLEtBQUssQ0FBQyxzQ0FBc0MsQ0FBQyxDQUFDO1lBQ3JELE9BQU8sSUFBSSxDQUFDO1FBQ2QsQ0FBQztRQUVELElBQUksQ0FBQyxJQUFJLENBQUMsbUJBQW1CLENBQUMsS0FBSyxDQUFDLEVBQUUsQ0FBQztZQUNyQyxNQUFNLENBQUMsSUFBSSxDQUFDLHNDQUFzQyxFQUFFO2dCQUNsRCxXQUFXLEVBQUUsSUFBSSxDQUFDLGNBQWMsQ0FBQyxLQUFLLENBQUM7Z0JBQ3ZDLE1BQU0sRUFBRSxLQUFLLENBQUMsTUFBTTthQUNyQixDQUFDLENBQUM7WUFDSCxPQUFPLElBQUksQ0FBQztRQUNkLENBQUM7UUFFRCxNQUFNLENBQUMsS0FBSyxDQUFDLDBCQUEwQixFQUFFO1lBQ3ZDLFNBQVMsRUFBRSxJQUFJLENBQUMsWUFBWSxDQUFDLEtBQUssQ0FBQztZQUNuQyxXQUFXLEVBQUUsSUFBSSxDQUFDLGNBQWMsQ0FBQyxLQUFLLENBQUM7U0FDeEMsQ0FBQyxDQUFDO1FBRUgsT0FBTyxLQUFLLENBQUM7SUFDZixDQUFDO0lBRUQ7O09BRUc7SUFDSCxNQUFNLENBQUMsV0FBVyxDQUFDLEtBQWE7UUFDOUIsSUFBSSxDQUFDLEtBQUssSUFBSSxLQUFLLENBQUMsTUFBTSxHQUFHLENBQUMsRUFBRSxDQUFDO1lBQy9CLE9BQU8sWUFBWSxDQUFDO1FBQ3RCLENBQUM7UUFFRCxPQUFPLEtBQUssQ0FBQyxTQUFTLENBQUMsQ0FBQyxFQUFFLENBQUMsQ0FBQyxHQUFHLEtBQUssR0FBRyxLQUFLLENBQUMsU0FBUyxDQUFDLEtBQUssQ0FBQyxNQUFNLEdBQUcsQ0FBQyxDQUFDLENBQUM7SUFDM0UsQ0FBQztJQUVEOztPQUVHO0lBQ0gsTUFBTSxDQUFDLFlBQVksQ0FBQyxLQUFhO1FBQy9CLElBQUksSUFBSSxDQUFDLHFCQUFxQixDQUFDLHFCQUFxQixDQUFDLElBQUksQ0FBQyxLQUFLLENBQUMsRUFBRSxDQUFDO1lBQ2pFLE9BQU8sdUJBQXVCLENBQUM7UUFDakMsQ0FBQztRQUNELElBQUksSUFBSSxDQUFDLHFCQUFxQixDQUFDLGtCQUFrQixDQUFDLElBQUksQ0FBQyxLQUFLLENBQUMsRUFBRSxDQUFDO1lBQzlELE9BQU8sb0JBQW9CLENBQUM7UUFDOUIsQ0FBQztRQUNELElBQUksSUFBSSxDQUFDLHFCQUFxQixDQUFDLGlCQUFpQixDQUFDLElBQUksQ0FBQyxLQUFLLENBQUMsRUFBRSxDQUFDO1lBQzdELE9BQU8sbUJBQW1CLENBQUM7UUFDN0IsQ0FBQztRQUNELElBQUksSUFBSSxDQUFDLHFCQUFxQixDQUFDLGFBQWEsQ0FBQyxJQUFJLENBQUMsS0FBSyxDQUFDLEVBQUUsQ0FBQztZQUN6RCxPQUFPLGVBQWUsQ0FBQztRQUN6QixDQUFDO1FBQ0QsT0FBTyxTQUFTLENBQUM7SUFDbkIsQ0FBQztJQUVEOztPQUVHO0lBQ0gsTUFBTSxDQUFDLGNBQWMsQ0FBQyxLQUFhO1FBQ2pDLElBQUksQ0FBQyxLQUFLLElBQUksS0FBSyxDQUFDLE1BQU0sR0FBRyxDQUFDLEVBQUUsQ0FBQztZQUMvQixPQUFPLFdBQVcsQ0FBQztRQUNyQixDQUFDO1FBQ0QsT0FBTyxLQUFLLENBQUMsU0FBUyxDQUFDLENBQUMsRUFBRSxDQUFDLENBQUMsR0FBRyxLQUFLLENBQUM7SUFDdkMsQ0FBQztJQUVEOztPQUVHO0lBQ0gsTUFBTSxDQUFDLEtBQUssQ0FBQyxtQkFBbUIsQ0FDOUIsS0FBYSxFQUNiLGNBQTJCO1FBRTNCLG9EQUFvRDtRQUNwRCxJQUFJLENBQUMsSUFBSSxDQUFDLG1CQUFtQixDQUFDLEtBQUssQ0FBQyxFQUFFLENBQUM7WUFDckMsT0FBTztnQkFDTCxPQUFPLEVBQUUsS0FBSztnQkFDZCxLQUFLLEVBQUUsc0JBQXNCO2FBQzlCLENBQUM7UUFDSixDQUFDO1FBRUQsMENBQTBDO1FBQzFDLE1BQU0sV0FBVyxHQUFHLElBQUksQ0FBQyx5QkFBeUIsRUFBRSxDQUFDO1FBQ3JELE1BQU0sZUFBZSxHQUFHLFdBQVcsQ0FBQyxVQUFVLEVBQUUsQ0FBQztRQUVqRCxJQUFJLENBQUMsZUFBZSxDQUFDLE9BQU8sRUFBRSxDQUFDO1lBQzdCLE1BQU0sQ0FBQyxJQUFJLENBQUMsc0NBQXNDLEVBQUU7Z0JBQ2xELFdBQVcsRUFBRSxJQUFJLENBQUMsY0FBYyxDQUFDLEtBQUssQ0FBQztnQkFDdkMsWUFBWSxFQUFFLGVBQWUsQ0FBQyxZQUFZO2dCQUMxQyxlQUFlLEVBQUUsZUFBZSxDQUFDLGVBQWU7YUFDakQsQ0FBQyxDQUFDO1lBRUgsTUFBTSxJQUFJLGFBQWEsQ0FDckIseURBQXlELElBQUksQ0FBQyxJQUFJLENBQUMsQ0FBQyxlQUFlLENBQUMsWUFBWSxJQUFJLENBQUMsQ0FBQyxHQUFHLElBQUksQ0FBQyxXQUFXLEVBQ3pILHFCQUFxQixDQUN0QixDQUFDO1FBQ0osQ0FBQztRQUVELElBQUksQ0FBQztZQUNILHVEQUF1RDtZQUN2RCxXQUFXLENBQUMsWUFBWSxFQUFFLENBQUM7WUFDM0IsMERBQTBEO1lBQzFELE1BQU0sUUFBUSxHQUFHLE1BQU0sS0FBSyxDQUFDLDZCQUE2QixFQUFFO2dCQUMxRCxPQUFPLEVBQUU7b0JBQ1AsZUFBZSxFQUFFLFVBQVUsS0FBSyxFQUFFO29CQUNsQyxRQUFRLEVBQUUsZ0NBQWdDO29CQUMxQyxZQUFZLEVBQUUsa0JBQWtCO2lCQUNqQzthQUNGLENBQUMsQ0FBQztZQUVILE1BQU0sa0JBQWtCLEdBQUcsUUFBUSxDQUFDLFFBQVEsQ0FBQyxPQUFPLENBQUMsR0FBRyxDQUFDLHVCQUF1QixDQUFDLElBQUksR0FBRyxDQUFDLENBQUM7WUFDMUYsTUFBTSxjQUFjLEdBQUcsUUFBUSxDQUFDLFFBQVEsQ0FBQyxPQUFPLENBQUMsR0FBRyxDQUFDLG1CQUFtQixDQUFDLElBQUksR0FBRyxDQUFDLENBQUM7WUFFbEYsSUFBSSxDQUFDLFFBQVEsQ0FBQyxFQUFFLEVBQUUsQ0FBQztnQkFDakIsTUFBTSxLQUFLLEdBQUcscUJBQXFCLFFBQVEsQ0FBQyxNQUFNLElBQUksUUFBUSxDQUFDLFVBQVUsRUFBRSxDQUFDO2dCQUM1RSxNQUFNLENBQUMsSUFBSSxDQUFDLHlCQUF5QixFQUFFO29CQUNyQyxNQUFNLEVBQUUsUUFBUSxDQUFDLE1BQU07b0JBQ3ZCLFdBQVcsRUFBRSxJQUFJLENBQUMsY0FBYyxDQUFDLEtBQUssQ0FBQztpQkFDeEMsQ0FBQyxDQUFDO2dCQUVILE9BQU87b0JBQ0wsT0FBTyxFQUFFLEtBQUs7b0JBQ2QsS0FBSyxFQUFFLEtBQUs7aUJBQ2IsQ0FBQztZQUNKLENBQUM7WUFFRCx1Q0FBdUM7WUFDdkMsTUFBTSxZQUFZLEdBQUcsUUFBUSxDQUFDLE9BQU8sQ0FBQyxHQUFHLENBQUMsZ0JBQWdCLENBQUMsSUFBSSxFQUFFLENBQUM7WUFDbEUsTUFBTSxXQUFXLEdBQUcsWUFBWSxDQUFDLEtBQUssQ0FBQyxHQUFHLENBQUMsQ0FBQyxHQUFHLENBQUMsQ0FBQyxDQUFDLEVBQUUsQ0FBQyxDQUFDLENBQUMsSUFBSSxFQUFFLENBQUMsQ0FBQyxNQUFNLENBQUMsQ0FBQyxDQUFDLEVBQUUsQ0FBQyxDQUFDLENBQUMsQ0FBQztZQUU5RSx1Q0FBdUM7WUFDdkMsTUFBTSxpQkFBaUIsR0FBRyxjQUFjLENBQUMsUUFBUSxDQUFDLEtBQUssQ0FBQyxLQUFLLENBQUMsRUFBRSxDQUM5RCxXQUFXLENBQUMsUUFBUSxDQUFDLEtBQUssQ0FBQyxDQUM1QixDQUFDO1lBRUYsSUFBSSxDQUFDLGlCQUFpQixFQUFFLENBQUM7Z0JBQ3ZCLE1BQU0sYUFBYSxHQUFHLGNBQWMsQ0FBQyxRQUFRLENBQUMsTUFBTSxDQUFDLEtBQUssQ0FBQyxFQUFFLENBQzNELENBQUMsV0FBVyxDQUFDLFFBQVEsQ0FBQyxLQUFLLENBQUMsQ0FDN0IsQ0FBQztnQkFFRixNQUFNLENBQUMsSUFBSSxDQUFDLCtCQUErQixFQUFFO29CQUMzQyxXQUFXLEVBQUUsSUFBSSxDQUFDLGNBQWMsQ0FBQyxLQUFLLENBQUM7b0JBQ3ZDLGFBQWEsRUFBRSxhQUFhO29CQUM1QixhQUFhLEVBQUUsV0FBVztpQkFDM0IsQ0FBQyxDQUFDO2dCQUVILE9BQU87b0JBQ0wsT0FBTyxFQUFFLEtBQUs7b0JBQ2QsTUFBTSxFQUFFLFdBQVc7b0JBQ25CLEtBQUssRUFBRSw0QkFBNEIsYUFBYSxDQUFDLElBQUksQ0FBQyxJQUFJLENBQUMsRUFBRTtpQkFDOUQsQ0FBQztZQUNKLENBQUM7WUFFRCxNQUFNLENBQUMsSUFBSSxDQUFDLDZCQUE2QixFQUFFO2dCQUN6QyxTQUFTLEVBQUUsSUFBSSxDQUFDLFlBQVksQ0FBQyxLQUFLLENBQUM7Z0JBQ25DLFdBQVcsRUFBRSxJQUFJLENBQUMsY0FBYyxDQUFDLEtBQUssQ0FBQztnQkFDdkMsTUFBTSxFQUFFLFdBQVc7Z0JBQ25CLGtCQUFrQixFQUFFLGtCQUFrQjthQUN2QyxDQUFDLENBQUM7WUFFSCxPQUFPO2dCQUNMLE9BQU8sRUFBRSxJQUFJO2dCQUNiLE1BQU0sRUFBRSxXQUFXO2dCQUNuQixTQUFTLEVBQUU7b0JBQ1QsU0FBUyxFQUFFLGtCQUFrQjtvQkFDN0IsU0FBUyxFQUFFLElBQUksSUFBSSxDQUFDLGNBQWMsR0FBRyxJQUFJLENBQUM7aUJBQzNDO2FBQ0YsQ0FBQztRQUVKLENBQUM7UUFBQyxPQUFPLEtBQUssRUFBRSxDQUFDO1lBQ2YsZ0VBQWdFO1lBQ2hFLElBQUksS0FBSyxZQUFZLGFBQWEsSUFBSSxLQUFLLENBQUMsSUFBSSxLQUFLLHFCQUFxQixFQUFFLENBQUM7Z0JBQzNFLE1BQU0sYUFBYSxHQUFHLFdBQVcsQ0FBQyxVQUFVLEVBQUUsQ0FBQztnQkFDL0MsT0FBTztvQkFDTCxPQUFPLEVBQUUsS0FBSztvQkFDZCxpQkFBaUIsRUFBRSxJQUFJO29CQUN2QixZQUFZLEVBQUUsYUFBYSxDQUFDLFlBQVk7b0JBQ3hDLEtBQUssRUFBRSxLQUFLLENBQUMsT0FBTztpQkFDckIsQ0FBQztZQUNKLENBQUM7WUFFRCxNQUFNLFlBQVksR0FBRyxLQUFLLFlBQVksS0FBSyxDQUFDLENBQUMsQ0FBQyxLQUFLLENBQUMsT0FBTyxDQUFDLENBQUMsQ0FBQyxlQUFlLENBQUM7WUFDOUUsTUFBTSxDQUFDLEtBQUssQ0FBQyx3QkFBd0IsRUFBRTtnQkFDckMsS0FBSyxFQUFFLFlBQVk7Z0JBQ25CLFdBQVcsRUFBRSxJQUFJLENBQUMsY0FBYyxDQUFDLEtBQUssQ0FBQzthQUN4QyxDQUFDLENBQUM7WUFFSCxPQUFPO2dCQUNMLE9BQU8sRUFBRSxLQUFLO2dCQUNkLEtBQUssRUFBRSxxQkFBcUIsWUFBWSxFQUFFO2FBQzNDLENBQUM7UUFDSixDQUFDO0lBQ0gsQ0FBQztJQUVEOztPQUVHO0lBQ0gsTUFBTSxDQUFDLHNCQUFzQixDQUFDLEtBQWEsRUFBRSxLQUFjO1FBQ3pELHNEQUFzRDtRQUN0RCxJQUFJLFdBQVcsR0FBRyxLQUFLO2FBQ3BCLE9BQU8sQ0FBQyx3QkFBd0IsRUFBRSxnQkFBZ0IsQ0FBQzthQUNuRCxPQUFPLENBQUMsd0JBQXdCLEVBQUUsb0JBQW9CLENBQUM7YUFDdkQsT0FBTyxDQUFDLHdCQUF3QixFQUFFLGlCQUFpQixDQUFDO2FBQ3BELE9BQU8sQ0FBQyx3QkFBd0IsRUFBRSxvQkFBb0IsQ0FBQyxDQUFDO1FBRTNELElBQUksS0FBSyxFQUFFLENBQUM7WUFDVixNQUFNLFdBQVcsR0FBRyxJQUFJLENBQUMsY0FBYyxDQUFDLEtBQUssQ0FBQyxDQUFDO1lBQy9DLFdBQVcsSUFBSSxZQUFZLFdBQVcsR0FBRyxDQUFDO1FBQzVDLENBQUM7UUFFRCxPQUFPLFdBQVcsQ0FBQztJQUNyQixDQUFDO0lBRUQ7Ozs7OztPQU1HO0lBQ0gsTUFBTSxDQUFDLGlCQUFpQixDQUFDLFNBQW1FO1FBQzFGLFFBQVEsU0FBUyxFQUFFLENBQUM7WUFDbEIsS0FBSyxNQUFNO2dCQUNULE9BQU87b0JBQ0wsUUFBUSxFQUFFLENBQUMsTUFBTSxDQUFDO29CQUNsQixRQUFRLEVBQUUsQ0FBQyxZQUFZLENBQUM7aUJBQ3pCLENBQUM7WUFFSixLQUFLLE9BQU87Z0JBQ1YsT0FBTztvQkFDTCxRQUFRLEVBQUUsQ0FBQyxNQUFNLENBQUM7b0JBQ2xCLFFBQVEsRUFBRSxDQUFDLFlBQVksQ0FBQztpQkFDekIsQ0FBQztZQUVKLEtBQUssYUFBYSxDQUFDLENBQUMsdURBQXVEO1lBQzNFLEtBQUssWUFBWSxFQUFFLHFCQUFxQjtnQkFDdEMsT0FBTztvQkFDTCxRQUFRLEVBQUUsQ0FBQyxNQUFNLENBQUM7b0JBQ2xCLFFBQVEsRUFBRSxDQUFDLFlBQVksQ0FBQztpQkFDekIsQ0FBQztZQUVKLEtBQUssTUFBTTtnQkFDVCxPQUFPO29CQUNMLFFBQVEsRUFBRSxDQUFDLE1BQU0sQ0FBQztvQkFDbEIsUUFBUSxFQUFFLENBQUMsWUFBWSxDQUFDO2lCQUN6QixDQUFDO1lBRUo7Z0JBQ0UsT0FBTztvQkFDTCxRQUFRLEVBQUUsQ0FBQyxNQUFNLENBQUM7aUJBQ25CLENBQUM7UUFDTixDQUFDO0lBQ0gsQ0FBQztJQUVEOzs7OztPQUtHO0lBQ0gsTUFBTSxDQUFDLEtBQUssQ0FBQyxzQkFBc0IsQ0FDakMsU0FBbUU7UUFFbkUsTUFBTSxLQUFLLEdBQUcsSUFBSSxDQUFDLGNBQWMsRUFBRSxDQUFDO1FBRXBDLElBQUksQ0FBQyxLQUFLLEVBQUUsQ0FBQztZQUNYLE9BQU87Z0JBQ0wsT0FBTyxFQUFFLEtBQUs7Z0JBQ2QsS0FBSyxFQUFFLDJCQUEyQjthQUNuQyxDQUFDO1FBQ0osQ0FBQztRQUVELE1BQU0sY0FBYyxHQUFHLElBQUksQ0FBQyxpQkFBaUIsQ0FBQyxTQUFTLENBQUMsQ0FBQztRQUN6RCxPQUFPLElBQUksQ0FBQyxtQkFBbUIsQ0FBQyxLQUFLLEVBQUUsY0FBYyxDQUFDLENBQUM7SUFDekQsQ0FBQyIsInNvdXJjZXNDb250ZW50IjpbIi8qKlxuICogU2VjdXJlIEdpdEh1YiB0b2tlbiBtYW5hZ2VtZW50IGFuZCB2YWxpZGF0aW9uXG4gKi9cblxuaW1wb3J0IHsgbG9nZ2VyIH0gZnJvbSAnLi4vdXRpbHMvbG9nZ2VyLmpzJztcbmltcG9ydCB7IFJhdGVMaW1pdGVyIH0gZnJvbSAnLi4vdXBkYXRlL1JhdGVMaW1pdGVyLmpzJztcbmltcG9ydCB7IFNlY3VyaXR5RXJyb3IgfSBmcm9tICcuL2Vycm9ycy5qcyc7XG5cbmV4cG9ydCBpbnRlcmZhY2UgVG9rZW5TY29wZXMge1xuICByZXF1aXJlZDogc3RyaW5nW107XG4gIG9wdGlvbmFsPzogc3RyaW5nW107XG59XG5cbmV4cG9ydCBpbnRlcmZhY2UgVG9rZW5WYWxpZGF0aW9uUmVzdWx0IHtcbiAgaXNWYWxpZDogYm9vbGVhbjtcbiAgc2NvcGVzPzogc3RyaW5nW107XG4gIHJhdGVMaW1pdD86IHtcbiAgICByZW1haW5pbmc6IG51bWJlcjtcbiAgICByZXNldFRpbWU6IERhdGU7XG4gIH07XG4gIHJhdGVMaW1pdEV4Y2VlZGVkPzogYm9vbGVhbjtcbiAgcmV0cnlBZnRlck1zPzogbnVtYmVyO1xuICBlcnJvcj86IHN0cmluZztcbn1cblxuLyoqXG4gKiBTZWN1cmUgR2l0SHViIHRva2VuIG1hbmFnZXIgd2l0aCB2YWxpZGF0aW9uIGFuZCBwcm90ZWN0aW9uXG4gKi9cbmV4cG9ydCBjbGFzcyBUb2tlbk1hbmFnZXIge1xuICBwcml2YXRlIHN0YXRpYyByZWFkb25seSBHSVRIVUJfVE9LRU5fUEFUVEVSTlMgPSB7XG4gICAgUEVSU09OQUxfQUNDRVNTX1RPS0VOOiAvXmdocF9bQS1aYS16MC05X117MzYsfSQvLFxuICAgIElOU1RBTExBVElPTl9UT0tFTjogL15naHNfW0EtWmEtejAtOV9dezM2LH0kLyxcbiAgICBVU0VSX0FDQ0VTU19UT0tFTjogL15naHVfW0EtWmEtejAtOV9dezM2LH0kLyxcbiAgICBSRUZSRVNIX1RPS0VOOiAvXmdocl9bQS1aYS16MC05X117MzYsfSQvXG4gIH07XG5cbiAgLy8gUmF0ZSBsaW1pdGVyIGZvciB0b2tlbiB2YWxpZGF0aW9uIG9wZXJhdGlvbnMgLSBwcmV2ZW50cyBicnV0ZSBmb3JjZSBhdHRhY2tzXG4gIHByaXZhdGUgc3RhdGljIHRva2VuVmFsaWRhdGlvbkxpbWl0ZXI6IFJhdGVMaW1pdGVyIHwgbnVsbCA9IG51bGw7XG5cbiAgLyoqXG4gICAqIEdldCBvciBjcmVhdGUgdGhlIHRva2VuIHZhbGlkYXRpb24gcmF0ZSBsaW1pdGVyXG4gICAqIFByZXZlbnRzIGJydXRlIGZvcmNlIHRva2VuIHZhbGlkYXRpb24gYXR0YWNrc1xuICAgKi9cbiAgcHJpdmF0ZSBzdGF0aWMgZ2V0VG9rZW5WYWxpZGF0aW9uTGltaXRlcigpOiBSYXRlTGltaXRlciB7XG4gICAgaWYgKCF0aGlzLnRva2VuVmFsaWRhdGlvbkxpbWl0ZXIpIHtcbiAgICAgIHRoaXMudG9rZW5WYWxpZGF0aW9uTGltaXRlciA9IHRoaXMuY3JlYXRlVG9rZW5WYWxpZGF0aW9uTGltaXRlcigpO1xuICAgIH1cbiAgICByZXR1cm4gdGhpcy50b2tlblZhbGlkYXRpb25MaW1pdGVyO1xuICB9XG5cbiAgLyoqXG4gICAqIENyZWF0ZSBhIHJhdGUgbGltaXRlciBzcGVjaWZpY2FsbHkgZm9yIHRva2VuIHZhbGlkYXRpb25cbiAgICogQ29uc2VydmF0aXZlIGxpbWl0cyB0byBwcmV2ZW50IGFidXNlIHdoaWxlIGFsbG93aW5nIGxlZ2l0aW1hdGUgdXNhZ2VcbiAgICovXG4gIHN0YXRpYyBjcmVhdGVUb2tlblZhbGlkYXRpb25MaW1pdGVyKCk6IFJhdGVMaW1pdGVyIHtcbiAgICByZXR1cm4gbmV3IFJhdGVMaW1pdGVyKHtcbiAgICAgIG1heFJlcXVlc3RzOiAxMCwgICAgICAgICAgLy8gMTAgdmFsaWRhdGlvbiBhdHRlbXB0c1xuICAgICAgd2luZG93TXM6IDYwICogNjAgKiAxMDAwLCAvLyBwZXIgaG91clxuICAgICAgbWluRGVsYXlNczogNSAqIDEwMDAgICAgICAvLyA1IHNlY29uZHMgbWluaW11bSBiZXR3ZWVuIGF0dGVtcHRzXG4gICAgfSk7XG4gIH1cblxuICAvKipcbiAgICogUmVzZXQgdGhlIHRva2VuIHZhbGlkYXRpb24gcmF0ZSBsaW1pdGVyXG4gICAqIFVzZWZ1bCBmb3IgdGVzdGluZyBvciBtYW51YWwgaW50ZXJ2ZW50aW9uXG4gICAqL1xuICBzdGF0aWMgcmVzZXRUb2tlblZhbGlkYXRpb25MaW1pdGVyKCk6IHZvaWQge1xuICAgIHRoaXMudG9rZW5WYWxpZGF0aW9uTGltaXRlcj8ucmVzZXQoKTtcbiAgfVxuXG4gIC8qKlxuICAgKiBWYWxpZGF0ZSBHaXRIdWIgdG9rZW4gZm9ybWF0XG4gICAqL1xuICBzdGF0aWMgdmFsaWRhdGVUb2tlbkZvcm1hdCh0b2tlbjogc3RyaW5nKTogYm9vbGVhbiB7XG4gICAgaWYgKCF0b2tlbiB8fCB0eXBlb2YgdG9rZW4gIT09ICdzdHJpbmcnKSB7XG4gICAgICByZXR1cm4gZmFsc2U7XG4gICAgfVxuXG4gICAgLy8gQ2hlY2sgYWdhaW5zdCBhbGwga25vd24gR2l0SHViIHRva2VuIHBhdHRlcm5zXG4gICAgcmV0dXJuIE9iamVjdC52YWx1ZXModGhpcy5HSVRIVUJfVE9LRU5fUEFUVEVSTlMpLnNvbWUocGF0dGVybiA9PiBcbiAgICAgIHBhdHRlcm4udGVzdCh0b2tlbilcbiAgICApO1xuICB9XG5cbiAgLyoqXG4gICAqIEdldCBHaXRIdWIgdG9rZW4gZnJvbSBlbnZpcm9ubWVudCB3aXRoIHZhbGlkYXRpb25cbiAgICovXG4gIHN0YXRpYyBnZXRHaXRIdWJUb2tlbigpOiBzdHJpbmcgfCBudWxsIHtcbiAgICBjb25zdCB0b2tlbiA9IHByb2Nlc3MuZW52LkdJVEhVQl9UT0tFTjtcbiAgICBcbiAgICBpZiAoIXRva2VuKSB7XG4gICAgICBsb2dnZXIuZGVidWcoJ05vIEdpdEh1YiB0b2tlbiBmb3VuZCBpbiBlbnZpcm9ubWVudCcpO1xuICAgICAgcmV0dXJuIG51bGw7XG4gICAgfVxuXG4gICAgaWYgKCF0aGlzLnZhbGlkYXRlVG9rZW5Gb3JtYXQodG9rZW4pKSB7XG4gICAgICBsb2dnZXIud2FybignSW52YWxpZCBHaXRIdWIgdG9rZW4gZm9ybWF0IGRldGVjdGVkJywge1xuICAgICAgICB0b2tlblByZWZpeDogdGhpcy5nZXRUb2tlblByZWZpeCh0b2tlbiksXG4gICAgICAgIGxlbmd0aDogdG9rZW4ubGVuZ3RoXG4gICAgICB9KTtcbiAgICAgIHJldHVybiBudWxsO1xuICAgIH1cblxuICAgIGxvZ2dlci5kZWJ1ZygnVmFsaWQgR2l0SHViIHRva2VuIGZvdW5kJywge1xuICAgICAgdG9rZW5UeXBlOiB0aGlzLmdldFRva2VuVHlwZSh0b2tlbiksXG4gICAgICB0b2tlblByZWZpeDogdGhpcy5nZXRUb2tlblByZWZpeCh0b2tlbilcbiAgICB9KTtcblxuICAgIHJldHVybiB0b2tlbjtcbiAgfVxuXG4gIC8qKlxuICAgKiBSZWRhY3QgdG9rZW4gZm9yIHNhZmUgbG9nZ2luZ1xuICAgKi9cbiAgc3RhdGljIHJlZGFjdFRva2VuKHRva2VuOiBzdHJpbmcpOiBzdHJpbmcge1xuICAgIGlmICghdG9rZW4gfHwgdG9rZW4ubGVuZ3RoIDwgOCkge1xuICAgICAgcmV0dXJuICdbUkVEQUNURURdJztcbiAgICB9XG4gICAgXG4gICAgcmV0dXJuIHRva2VuLnN1YnN0cmluZygwLCA0KSArICcuLi4nICsgdG9rZW4uc3Vic3RyaW5nKHRva2VuLmxlbmd0aCAtIDQpO1xuICB9XG5cbiAgLyoqXG4gICAqIEdldCB0b2tlbiB0eXBlIGZyb20gZm9ybWF0XG4gICAqL1xuICBzdGF0aWMgZ2V0VG9rZW5UeXBlKHRva2VuOiBzdHJpbmcpOiBzdHJpbmcge1xuICAgIGlmICh0aGlzLkdJVEhVQl9UT0tFTl9QQVRURVJOUy5QRVJTT05BTF9BQ0NFU1NfVE9LRU4udGVzdCh0b2tlbikpIHtcbiAgICAgIHJldHVybiAnUGVyc29uYWwgQWNjZXNzIFRva2VuJztcbiAgICB9XG4gICAgaWYgKHRoaXMuR0lUSFVCX1RPS0VOX1BBVFRFUk5TLklOU1RBTExBVElPTl9UT0tFTi50ZXN0KHRva2VuKSkge1xuICAgICAgcmV0dXJuICdJbnN0YWxsYXRpb24gVG9rZW4nO1xuICAgIH1cbiAgICBpZiAodGhpcy5HSVRIVUJfVE9LRU5fUEFUVEVSTlMuVVNFUl9BQ0NFU1NfVE9LRU4udGVzdCh0b2tlbikpIHtcbiAgICAgIHJldHVybiAnVXNlciBBY2Nlc3MgVG9rZW4nO1xuICAgIH1cbiAgICBpZiAodGhpcy5HSVRIVUJfVE9LRU5fUEFUVEVSTlMuUkVGUkVTSF9UT0tFTi50ZXN0KHRva2VuKSkge1xuICAgICAgcmV0dXJuICdSZWZyZXNoIFRva2VuJztcbiAgICB9XG4gICAgcmV0dXJuICdVbmtub3duJztcbiAgfVxuXG4gIC8qKlxuICAgKiBHZXQgc2FmZSB0b2tlbiBwcmVmaXggZm9yIGxvZ2dpbmdcbiAgICovXG4gIHN0YXRpYyBnZXRUb2tlblByZWZpeCh0b2tlbjogc3RyaW5nKTogc3RyaW5nIHtcbiAgICBpZiAoIXRva2VuIHx8IHRva2VuLmxlbmd0aCA8IDQpIHtcbiAgICAgIHJldHVybiAnW0lOVkFMSURdJztcbiAgICB9XG4gICAgcmV0dXJuIHRva2VuLnN1YnN0cmluZygwLCA0KSArICcuLi4nO1xuICB9XG5cbiAgLyoqXG4gICAqIFZhbGlkYXRlIHRva2VuIHNjb3BlcyB2aWEgR2l0SHViIEFQSVxuICAgKi9cbiAgc3RhdGljIGFzeW5jIHZhbGlkYXRlVG9rZW5TY29wZXMoXG4gICAgdG9rZW46IHN0cmluZywgXG4gICAgcmVxdWlyZWRTY29wZXM6IFRva2VuU2NvcGVzXG4gICk6IFByb21pc2U8VG9rZW5WYWxpZGF0aW9uUmVzdWx0PiB7XG4gICAgLy8gVmFsaWRhdGUgdG9rZW4gZm9ybWF0IGJlZm9yZSBjb25zdW1pbmcgcmF0ZSBsaW1pdFxuICAgIGlmICghdGhpcy52YWxpZGF0ZVRva2VuRm9ybWF0KHRva2VuKSkge1xuICAgICAgcmV0dXJuIHtcbiAgICAgICAgaXNWYWxpZDogZmFsc2UsXG4gICAgICAgIGVycm9yOiAnSW52YWxpZCB0b2tlbiBmb3JtYXQnXG4gICAgICB9O1xuICAgIH1cblxuICAgIC8vIENoZWNrIHJhdGUgbGltaXQgYmVmb3JlIG1ha2luZyBBUEkgY2FsbFxuICAgIGNvbnN0IHJhdGVMaW1pdGVyID0gdGhpcy5nZXRUb2tlblZhbGlkYXRpb25MaW1pdGVyKCk7XG4gICAgY29uc3QgcmF0ZUxpbWl0U3RhdHVzID0gcmF0ZUxpbWl0ZXIuY2hlY2tMaW1pdCgpO1xuXG4gICAgaWYgKCFyYXRlTGltaXRTdGF0dXMuYWxsb3dlZCkge1xuICAgICAgbG9nZ2VyLndhcm4oJ1Rva2VuIHZhbGlkYXRpb24gcmF0ZSBsaW1pdCBleGNlZWRlZCcsIHtcbiAgICAgICAgdG9rZW5QcmVmaXg6IHRoaXMuZ2V0VG9rZW5QcmVmaXgodG9rZW4pLFxuICAgICAgICByZXRyeUFmdGVyTXM6IHJhdGVMaW1pdFN0YXR1cy5yZXRyeUFmdGVyTXMsXG4gICAgICAgIHJlbWFpbmluZ1Rva2VuczogcmF0ZUxpbWl0U3RhdHVzLnJlbWFpbmluZ1Rva2Vuc1xuICAgICAgfSk7XG5cbiAgICAgIHRocm93IG5ldyBTZWN1cml0eUVycm9yKFxuICAgICAgICBgVG9rZW4gdmFsaWRhdGlvbiByYXRlIGxpbWl0IGV4Y2VlZGVkLiBQbGVhc2UgcmV0cnkgaW4gJHtNYXRoLmNlaWwoKHJhdGVMaW1pdFN0YXR1cy5yZXRyeUFmdGVyTXMgfHwgMCkgLyAxMDAwKX0gc2Vjb25kcy5gLFxuICAgICAgICAnUkFURV9MSU1JVF9FWENFRURFRCdcbiAgICAgICk7XG4gICAgfVxuXG4gICAgdHJ5IHtcbiAgICAgIC8vIENvbnN1bWUgcmF0ZSBsaW1pdCB0b2tlbiBmb3IgdGhpcyB2YWxpZGF0aW9uIGF0dGVtcHRcbiAgICAgIHJhdGVMaW1pdGVyLmNvbnN1bWVUb2tlbigpO1xuICAgICAgLy8gTWFrZSBhIHRlc3QgQVBJIGNhbGwgdG8gY2hlY2sgdG9rZW4gdmFsaWRpdHkgYW5kIHNjb3Blc1xuICAgICAgY29uc3QgcmVzcG9uc2UgPSBhd2FpdCBmZXRjaCgnaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS91c2VyJywge1xuICAgICAgICBoZWFkZXJzOiB7XG4gICAgICAgICAgJ0F1dGhvcml6YXRpb24nOiBgQmVhcmVyICR7dG9rZW59YCxcbiAgICAgICAgICAnQWNjZXB0JzogJ2FwcGxpY2F0aW9uL3ZuZC5naXRodWIudjMranNvbicsXG4gICAgICAgICAgJ1VzZXItQWdlbnQnOiAnRG9sbGhvdXNlTUNQLzEuMCdcbiAgICAgICAgfVxuICAgICAgfSk7XG5cbiAgICAgIGNvbnN0IHJhdGVMaW1pdFJlbWFpbmluZyA9IHBhcnNlSW50KHJlc3BvbnNlLmhlYWRlcnMuZ2V0KCd4LXJhdGVsaW1pdC1yZW1haW5pbmcnKSB8fCAnMCcpO1xuICAgICAgY29uc3QgcmF0ZUxpbWl0UmVzZXQgPSBwYXJzZUludChyZXNwb25zZS5oZWFkZXJzLmdldCgneC1yYXRlbGltaXQtcmVzZXQnKSB8fCAnMCcpO1xuXG4gICAgICBpZiAoIXJlc3BvbnNlLm9rKSB7XG4gICAgICAgIGNvbnN0IGVycm9yID0gYEdpdEh1YiBBUEkgZXJyb3I6ICR7cmVzcG9uc2Uuc3RhdHVzfSAke3Jlc3BvbnNlLnN0YXR1c1RleHR9YDtcbiAgICAgICAgbG9nZ2VyLndhcm4oJ1Rva2VuIHZhbGlkYXRpb24gZmFpbGVkJywge1xuICAgICAgICAgIHN0YXR1czogcmVzcG9uc2Uuc3RhdHVzLFxuICAgICAgICAgIHRva2VuUHJlZml4OiB0aGlzLmdldFRva2VuUHJlZml4KHRva2VuKVxuICAgICAgICB9KTtcbiAgICAgICAgXG4gICAgICAgIHJldHVybiB7XG4gICAgICAgICAgaXNWYWxpZDogZmFsc2UsXG4gICAgICAgICAgZXJyb3I6IGVycm9yXG4gICAgICAgIH07XG4gICAgICB9XG5cbiAgICAgIC8vIEV4dHJhY3Qgc2NvcGVzIGZyb20gcmVzcG9uc2UgaGVhZGVyc1xuICAgICAgY29uc3Qgc2NvcGVzSGVhZGVyID0gcmVzcG9uc2UuaGVhZGVycy5nZXQoJ3gtb2F1dGgtc2NvcGVzJykgfHwgJyc7XG4gICAgICBjb25zdCB0b2tlblNjb3BlcyA9IHNjb3Blc0hlYWRlci5zcGxpdCgnLCcpLm1hcChzID0+IHMudHJpbSgpKS5maWx0ZXIocyA9PiBzKTtcblxuICAgICAgLy8gQ2hlY2sgaWYgcmVxdWlyZWQgc2NvcGVzIGFyZSBwcmVzZW50XG4gICAgICBjb25zdCBoYXNSZXF1aXJlZFNjb3BlcyA9IHJlcXVpcmVkU2NvcGVzLnJlcXVpcmVkLmV2ZXJ5KHNjb3BlID0+IFxuICAgICAgICB0b2tlblNjb3Blcy5pbmNsdWRlcyhzY29wZSlcbiAgICAgICk7XG5cbiAgICAgIGlmICghaGFzUmVxdWlyZWRTY29wZXMpIHtcbiAgICAgICAgY29uc3QgbWlzc2luZ1Njb3BlcyA9IHJlcXVpcmVkU2NvcGVzLnJlcXVpcmVkLmZpbHRlcihzY29wZSA9PiBcbiAgICAgICAgICAhdG9rZW5TY29wZXMuaW5jbHVkZXMoc2NvcGUpXG4gICAgICAgICk7XG4gICAgICAgIFxuICAgICAgICBsb2dnZXIud2FybignVG9rZW4gbWlzc2luZyByZXF1aXJlZCBzY29wZXMnLCB7XG4gICAgICAgICAgdG9rZW5QcmVmaXg6IHRoaXMuZ2V0VG9rZW5QcmVmaXgodG9rZW4pLFxuICAgICAgICAgIG1pc3NpbmdTY29wZXM6IG1pc3NpbmdTY29wZXMsXG4gICAgICAgICAgY3VycmVudFNjb3BlczogdG9rZW5TY29wZXNcbiAgICAgICAgfSk7XG5cbiAgICAgICAgcmV0dXJuIHtcbiAgICAgICAgICBpc1ZhbGlkOiBmYWxzZSxcbiAgICAgICAgICBzY29wZXM6IHRva2VuU2NvcGVzLFxuICAgICAgICAgIGVycm9yOiBgTWlzc2luZyByZXF1aXJlZCBzY29wZXM6ICR7bWlzc2luZ1Njb3Blcy5qb2luKCcsICcpfWBcbiAgICAgICAgfTtcbiAgICAgIH1cblxuICAgICAgbG9nZ2VyLmluZm8oJ1Rva2VuIHZhbGlkYXRpb24gc3VjY2Vzc2Z1bCcsIHtcbiAgICAgICAgdG9rZW5UeXBlOiB0aGlzLmdldFRva2VuVHlwZSh0b2tlbiksXG4gICAgICAgIHRva2VuUHJlZml4OiB0aGlzLmdldFRva2VuUHJlZml4KHRva2VuKSxcbiAgICAgICAgc2NvcGVzOiB0b2tlblNjb3BlcyxcbiAgICAgICAgcmF0ZUxpbWl0UmVtYWluaW5nOiByYXRlTGltaXRSZW1haW5pbmdcbiAgICAgIH0pO1xuXG4gICAgICByZXR1cm4ge1xuICAgICAgICBpc1ZhbGlkOiB0cnVlLFxuICAgICAgICBzY29wZXM6IHRva2VuU2NvcGVzLFxuICAgICAgICByYXRlTGltaXQ6IHtcbiAgICAgICAgICByZW1haW5pbmc6IHJhdGVMaW1pdFJlbWFpbmluZyxcbiAgICAgICAgICByZXNldFRpbWU6IG5ldyBEYXRlKHJhdGVMaW1pdFJlc2V0ICogMTAwMClcbiAgICAgICAgfVxuICAgICAgfTtcblxuICAgIH0gY2F0Y2ggKGVycm9yKSB7XG4gICAgICAvLyBIYW5kbGUgU2VjdXJpdHlFcnJvciAoaW5jbHVkaW5nIHJhdGUgbGltaXQgZXJyb3JzKSBzZXBhcmF0ZWx5XG4gICAgICBpZiAoZXJyb3IgaW5zdGFuY2VvZiBTZWN1cml0eUVycm9yICYmIGVycm9yLmNvZGUgPT09ICdSQVRFX0xJTUlUX0VYQ0VFREVEJykge1xuICAgICAgICBjb25zdCBjdXJyZW50U3RhdHVzID0gcmF0ZUxpbWl0ZXIuY2hlY2tMaW1pdCgpO1xuICAgICAgICByZXR1cm4ge1xuICAgICAgICAgIGlzVmFsaWQ6IGZhbHNlLFxuICAgICAgICAgIHJhdGVMaW1pdEV4Y2VlZGVkOiB0cnVlLFxuICAgICAgICAgIHJldHJ5QWZ0ZXJNczogY3VycmVudFN0YXR1cy5yZXRyeUFmdGVyTXMsXG4gICAgICAgICAgZXJyb3I6IGVycm9yLm1lc3NhZ2VcbiAgICAgICAgfTtcbiAgICAgIH1cblxuICAgICAgY29uc3QgZXJyb3JNZXNzYWdlID0gZXJyb3IgaW5zdGFuY2VvZiBFcnJvciA/IGVycm9yLm1lc3NhZ2UgOiAnVW5rbm93biBlcnJvcic7XG4gICAgICBsb2dnZXIuZXJyb3IoJ1Rva2VuIHZhbGlkYXRpb24gZXJyb3InLCB7XG4gICAgICAgIGVycm9yOiBlcnJvck1lc3NhZ2UsXG4gICAgICAgIHRva2VuUHJlZml4OiB0aGlzLmdldFRva2VuUHJlZml4KHRva2VuKVxuICAgICAgfSk7XG5cbiAgICAgIHJldHVybiB7XG4gICAgICAgIGlzVmFsaWQ6IGZhbHNlLFxuICAgICAgICBlcnJvcjogYFZhbGlkYXRpb24gZXJyb3I6ICR7ZXJyb3JNZXNzYWdlfWBcbiAgICAgIH07XG4gICAgfVxuICB9XG5cbiAgLyoqXG4gICAqIENyZWF0ZSBzYWZlIGVycm9yIG1lc3NhZ2Ugd2l0aG91dCB0b2tlbiBleHBvc3VyZVxuICAgKi9cbiAgc3RhdGljIGNyZWF0ZVNhZmVFcnJvck1lc3NhZ2UoZXJyb3I6IHN0cmluZywgdG9rZW4/OiBzdHJpbmcpOiBzdHJpbmcge1xuICAgIC8vIFJlbW92ZSBhbnkgcG90ZW50aWFsIHRva2VuIGRhdGEgZnJvbSBlcnJvciBtZXNzYWdlc1xuICAgIGxldCBzYWZlTWVzc2FnZSA9IGVycm9yXG4gICAgICAucmVwbGFjZSgvZ2hwX1tBLVphLXowLTlfXXszNix9L2csICdbUkVEQUNURURfUEFUXScpXG4gICAgICAucmVwbGFjZSgvZ2hzX1tBLVphLXowLTlfXXszNix9L2csICdbUkVEQUNURURfSU5TVEFMTF0nKVxuICAgICAgLnJlcGxhY2UoL2dodV9bQS1aYS16MC05X117MzYsfS9nLCAnW1JFREFDVEVEX1VTRVJdJylcbiAgICAgIC5yZXBsYWNlKC9naHJfW0EtWmEtejAtOV9dezM2LH0vZywgJ1tSRURBQ1RFRF9SRUZSRVNIXScpO1xuXG4gICAgaWYgKHRva2VuKSB7XG4gICAgICBjb25zdCB0b2tlblByZWZpeCA9IHRoaXMuZ2V0VG9rZW5QcmVmaXgodG9rZW4pO1xuICAgICAgc2FmZU1lc3NhZ2UgKz0gYCAoVG9rZW46ICR7dG9rZW5QcmVmaXh9KWA7XG4gICAgfVxuXG4gICAgcmV0dXJuIHNhZmVNZXNzYWdlO1xuICB9XG5cbiAgLyoqXG4gICAqIEdldCBtaW5pbXVtIHJlcXVpcmVkIHNjb3BlcyBmb3IgZGlmZmVyZW50IG9wZXJhdGlvbnNcbiAgICogXG4gICAqIE5PVEU6IFRoZSAnbWFya2V0cGxhY2UnIHNjb3BlIGlkZW50aWZpZXIgaXMga2VwdCBmb3IgYmFja3dhcmQgY29tcGF0aWJpbGl0eVxuICAgKiB3aXRoIGV4aXN0aW5nIHRva2VuIHZhbGlkYXRpb25zLiBUaGlzIGlzIGFuIGludGVybmFsIHNjb3BlIG5hbWUgYW5kIGRvZXMgbm90XG4gICAqIGFmZmVjdCB1c2VyLWZhY2luZyBmdW5jdGlvbmFsaXR5LiAoUFIgIzI4MClcbiAgICovXG4gIHN0YXRpYyBnZXRSZXF1aXJlZFNjb3BlcyhvcGVyYXRpb246ICdyZWFkJyB8ICd3cml0ZScgfCAnbWFya2V0cGxhY2UnIHwgJ2NvbGxlY3Rpb24nIHwgJ2dpc3QnKTogVG9rZW5TY29wZXMge1xuICAgIHN3aXRjaCAob3BlcmF0aW9uKSB7XG4gICAgICBjYXNlICdyZWFkJzpcbiAgICAgICAgcmV0dXJuIHtcbiAgICAgICAgICByZXF1aXJlZDogWydyZXBvJ10sXG4gICAgICAgICAgb3B0aW9uYWw6IFsndXNlcjplbWFpbCddXG4gICAgICAgIH07XG4gICAgICBcbiAgICAgIGNhc2UgJ3dyaXRlJzpcbiAgICAgICAgcmV0dXJuIHtcbiAgICAgICAgICByZXF1aXJlZDogWydyZXBvJ10sXG4gICAgICAgICAgb3B0aW9uYWw6IFsndXNlcjplbWFpbCddXG4gICAgICAgIH07XG4gICAgICBcbiAgICAgIGNhc2UgJ21hcmtldHBsYWNlJzogLy8gSW50ZXJuYWwgc2NvcGUgbmFtZSBrZXB0IGZvciBjb21wYXRpYmlsaXR5IChQUiAjMjgwKVxuICAgICAgY2FzZSAnY29sbGVjdGlvbic6IC8vIE5ldyBwcmVmZXJyZWQgbmFtZVxuICAgICAgICByZXR1cm4ge1xuICAgICAgICAgIHJlcXVpcmVkOiBbJ3JlcG8nXSxcbiAgICAgICAgICBvcHRpb25hbDogWyd1c2VyOmVtYWlsJ11cbiAgICAgICAgfTtcbiAgICAgIFxuICAgICAgY2FzZSAnZ2lzdCc6XG4gICAgICAgIHJldHVybiB7XG4gICAgICAgICAgcmVxdWlyZWQ6IFsnZ2lzdCddLFxuICAgICAgICAgIG9wdGlvbmFsOiBbJ3VzZXI6ZW1haWwnXVxuICAgICAgICB9O1xuICAgICAgXG4gICAgICBkZWZhdWx0OlxuICAgICAgICByZXR1cm4ge1xuICAgICAgICAgIHJlcXVpcmVkOiBbJ3JlcG8nXVxuICAgICAgICB9O1xuICAgIH1cbiAgfVxuXG4gIC8qKlxuICAgKiBDaGVjayBpZiB0b2tlbiBoYXMgc3VmZmljaWVudCBwZXJtaXNzaW9ucyBmb3Igb3BlcmF0aW9uXG4gICAqIFxuICAgKiBOT1RFOiBUaGUgJ21hcmtldHBsYWNlJyBvcGVyYXRpb24gdHlwZSBpcyBrZXB0IGZvciBiYWNrd2FyZCBjb21wYXRpYmlsaXR5LlxuICAgKiBUaGlzIGlzIGNhbGxlZCBpbnRlcm5hbGx5IHdoZW4gYWNjZXNzaW5nIGNvbGxlY3Rpb24gZmVhdHVyZXMuIChQUiAjMjgwKVxuICAgKi9cbiAgc3RhdGljIGFzeW5jIGVuc3VyZVRva2VuUGVybWlzc2lvbnMoXG4gICAgb3BlcmF0aW9uOiAncmVhZCcgfCAnd3JpdGUnIHwgJ21hcmtldHBsYWNlJyB8ICdjb2xsZWN0aW9uJyB8ICdnaXN0J1xuICApOiBQcm9taXNlPFRva2VuVmFsaWRhdGlvblJlc3VsdD4ge1xuICAgIGNvbnN0IHRva2VuID0gdGhpcy5nZXRHaXRIdWJUb2tlbigpO1xuICAgIFxuICAgIGlmICghdG9rZW4pIHtcbiAgICAgIHJldHVybiB7XG4gICAgICAgIGlzVmFsaWQ6IGZhbHNlLFxuICAgICAgICBlcnJvcjogJ05vIEdpdEh1YiB0b2tlbiBhdmFpbGFibGUnXG4gICAgICB9O1xuICAgIH1cblxuICAgIGNvbnN0IHJlcXVpcmVkU2NvcGVzID0gdGhpcy5nZXRSZXF1aXJlZFNjb3BlcyhvcGVyYXRpb24pO1xuICAgIHJldHVybiB0aGlzLnZhbGlkYXRlVG9rZW5TY29wZXModG9rZW4sIHJlcXVpcmVkU2NvcGVzKTtcbiAgfVxufSJdfQ==

package/dist/test/src/security/validators/unicodeValidator.d.ts

@@ -0,0 +1,97 @@
+/**
+ * Unicode Validator for DollhouseMCP
+ *
+ * Prevents Unicode-based bypass attacks including:
+ * - Homograph attacks (visually similar characters)
+ * - Direction override attacks (RLO/LRO)
+ * - Mixed script attacks
+ * - Zero-width character injection
+ * - Unicode normalization bypasses
+ *
+ * Security: SEC-001 - Unicode attack prevention
+ */
+export interface UnicodeValidationResult {
+    isValid: boolean;
+    normalizedContent: string;
+    detectedIssues?: string[];
+    severity?: 'low' | 'medium' | 'high' | 'critical';
+}
+export declare class UnicodeValidator {
+    /**
+     * Unicode attack patterns and confusable characters
+     */
+    /**
+     * Direction override characters that can hide or reverse text display
+     * @see https://unicode.org/reports/tr9/#Directional_Formatting_Characters
+     * U+202A-U+202E: Left/Right embedding and override marks (LRE, RLE, PDF, LRO, RLO)
+     * U+2066-U+2069: Isolate formatting characters (LRI, RLI, FSI, PDI)
+     */
+    private static readonly DIRECTION_OVERRIDE_CHARS;
+    /**
+     * Zero-width and invisible formatting characters often used to hide payloads
+     * U+200B-U+200F: Zero-width spaces and directional marks
+     * U+2028-U+202F: Line/paragraph separators and formatting characters
+     * U+FEFF: Zero-width no-break space (Byte Order Mark)
+     */
+    private static readonly ZERO_WIDTH_CHARS;
+    /**
+     * Non-printable control characters that should not appear in normal text
+     * U+0000-U+0008, U+000B-U+000C, U+000E-U+001F: C0 control codes (except TAB, LF, CR)
+     * U+007F-U+009F: Delete and C1 control codes
+     * U+FFFE-U+FFFF: Non-characters that should never appear in valid text
+     */
+    private static readonly NON_PRINTABLE_CHARS;
+    /**
+     * Common homograph/confusable character mappings
+     * Maps visually similar Unicode characters to their ASCII equivalents
+     */
+    private static readonly CONFUSABLE_MAPPINGS;
+    /**
+     * Script mixing detection patterns
+     * Detects suspicious mixing of different Unicode scripts
+     */
+    private static readonly SCRIPT_PATTERNS;
+    /**
+     * Normalize Unicode content to prevent bypass attacks
+     */
+    static normalize(content: string): UnicodeValidationResult;
+    /**
+     * Detect suspicious Unicode patterns that might indicate attacks
+     */
+    private static detectSuspiciousPatterns;
+    /**
+     * Replace confusable Unicode characters with ASCII equivalents
+     */
+    private static replaceConfusables;
+    /**
+     * Detect suspicious mixing of different Unicode scripts
+     */
+    private static detectMixedScripts;
+    /**
+     * Escalate severity level (higher severity takes precedence)
+     */
+    private static escalateSeverity;
+    /**
+     * Escape special regex characters for safe replacement
+     */
+    private static escapeRegex;
+    /**
+     * Check if content contains potentially dangerous Unicode patterns
+     */
+    static containsDangerousUnicode(content: string): boolean;
+    /**
+     * Check if content has excessive Unicode escape sequences
+     * Prevents null pointer exception by safely checking match results
+     */
+    private static hasExcessiveUnicodeEscapes;
+    /**
+     * Safely check for malformed surrogate pairs without ReDoS vulnerability
+     * Uses character-by-character validation instead of complex regex
+     */
+    private static hasMalformedSurrogates;
+    /**
+     * Get safe preview of Unicode content for logging
+     */
+    static getSafePreview(content: string, maxLength?: number): string;
+}
+//# sourceMappingURL=unicodeValidator.d.ts.map

package/dist/test/src/security/validators/unicodeValidator.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"unicodeValidator.d.ts","sourceRoot":"","sources":["../../../../../src/security/validators/unicodeValidator.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAKH,MAAM,WAAW,uBAAuB;IACtC,OAAO,EAAE,OAAO,CAAC;IACjB,iBAAiB,EAAE,MAAM,CAAC;IAC1B,cAAc,CAAC,EAAE,MAAM,EAAE,CAAC;IAC1B,QAAQ,CAAC,EAAE,KAAK,GAAG,QAAQ,GAAG,MAAM,GAAG,UAAU,CAAC;CACnD;AAED,qBAAa,gBAAgB;IAC3B;;OAEG;IAEH;;;;;OAKG;IACH,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,wBAAwB,CAAmC;IAEnF;;;;;OAKG;IACH,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,gBAAgB,CAAyC;IAEjF;;;;;OAKG;IACH,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,mBAAmB,CAAwE;IAEnH;;;OAGG;IACH,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,mBAAmB,CA2BxC;IAEH;;;OAGG;IACH,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,eAAe,CAOrC;IAEF;;OAEG;IACH,MAAM,CAAC,SAAS,CAAC,OAAO,EAAE,MAAM,GAAG,uBAAuB;IAiG1D;;OAEG;IACH,OAAO,CAAC,MAAM,CAAC,wBAAwB;IA2CvC;;OAEG;IACH,OAAO,CAAC,MAAM,CAAC,kBAAkB;IAcjC;;OAEG;IACH,OAAO,CAAC,MAAM,CAAC,kBAAkB;IAoBjC;;OAEG;IACH,OAAO,CAAC,MAAM,CAAC,gBAAgB;IAW/B;;OAEG;IACH,OAAO,CAAC,MAAM,CAAC,WAAW;IAI1B;;OAEG;IACH,MAAM,CAAC,wBAAwB,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO;IAQzD;;;OAGG;IACH,OAAO,CAAC,MAAM,CAAC,0BAA0B;IAKzC;;;OAGG;IACH,OAAO,CAAC,MAAM,CAAC,sBAAsB;IAwBrC;;OAEG;IACH,MAAM,CAAC,cAAc,CAAC,OAAO,EAAE,MAAM,EAAE,SAAS,GAAE,MAAY,GAAG,MAAM;CAWxE"}