@dollhousemcp/mcp-server 1.3.0

package/dist/security/regexValidator.js

@@ -0,0 +1,214 @@
+/**
+ * RegexValidator - Provides protection against ReDoS attacks
+ *
+ * This module implements safe regex execution by:
+ * 1. Pre-validating content length based on pattern complexity
+ * 2. Analyzing patterns for known ReDoS vulnerabilities
+ * 3. Limiting execution based on calculated risk
+ */
+import { SecurityError } from './errors.js';
+import { SecurityMonitor } from './securityMonitor.js';
+export class RegexValidator {
+    // Default limits based on pattern complexity
+    static COMPLEXITY_LIMITS = {
+        low: 100000, // 100KB for simple patterns
+        medium: 10000, // 10KB for moderate patterns
+        high: 1000 // 1KB for complex patterns
+    };
+    /**
+     * Validates content against a pattern with ReDoS protection
+     *
+     * Protection strategy:
+     * 1. Analyze pattern complexity
+     * 2. Enforce content length limits based on complexity
+     * 3. Reject known dangerous patterns
+     * 4. Execute regex only if safe
+     */
+    static validate(content, pattern, options = {}) {
+        const { maxLength, rejectDangerousPatterns = true, logEvents = true } = options;
+        // Analyze pattern for ReDoS risks
+        const analysis = this.analyzePattern(pattern);
+        // Reject dangerous patterns if configured
+        if (rejectDangerousPatterns && !analysis.safe) {
+            if (logEvents) {
+                SecurityMonitor.logSecurityEvent({
+                    type: 'UPDATE_SECURITY_VIOLATION',
+                    severity: 'HIGH',
+                    source: 'RegexValidator',
+                    details: 'Dangerous regex pattern rejected',
+                    additionalData: {
+                        pattern: pattern.source,
+                        risks: analysis.risks
+                    }
+                });
+            }
+            throw new SecurityError(`Pattern rejected due to ReDoS risk: ${analysis.risks.join(', ')}`);
+        }
+        // Determine effective max length
+        const effectiveMaxLength = maxLength ?? analysis.maxSafeLength;
+        // Check content length
+        if (content.length > effectiveMaxLength) {
+            throw new SecurityError(`Content too large for validation: ${content.length} bytes (max: ${effectiveMaxLength} for ${analysis.complexity} complexity pattern)`);
+        }
+        // Create a copy of the regex to avoid modifying the original
+        const safeCopy = new RegExp(pattern.source, pattern.flags);
+        try {
+            // Track execution time for monitoring
+            const startTime = performance.now();
+            const result = safeCopy.test(content);
+            const elapsed = performance.now() - startTime;
+            // Log slow patterns
+            if (elapsed > 50 && logEvents) {
+                SecurityMonitor.logSecurityEvent({
+                    type: 'RATE_LIMIT_WARNING',
+                    severity: 'MEDIUM',
+                    source: 'RegexValidator',
+                    details: `Slow regex execution: ${elapsed.toFixed(2)}ms`,
+                    additionalData: {
+                        pattern: pattern.source,
+                        contentLength: content.length,
+                        elapsed
+                    }
+                });
+            }
+            return result;
+        }
+        catch (error) {
+            // Handle any regex errors
+            if (logEvents) {
+                SecurityMonitor.logSecurityEvent({
+                    type: 'UPDATE_SECURITY_VIOLATION',
+                    severity: 'HIGH',
+                    source: 'RegexValidator',
+                    details: 'Regex execution error',
+                    additionalData: {
+                        error: error instanceof Error ? error.message : 'Unknown error'
+                    }
+                });
+            }
+            return false;
+        }
+    }
+    /**
+     * Validates multiple patterns with shared risk assessment
+     */
+    static validateAny(content, patterns, options = {}) {
+        for (const pattern of patterns) {
+            if (this.validate(content, pattern, options)) {
+                return true;
+            }
+        }
+        return false;
+    }
+    /**
+     * Validates all patterns must match
+     */
+    static validateAll(content, patterns, options = {}) {
+        for (const pattern of patterns) {
+            if (!this.validate(content, pattern, options)) {
+                return false;
+            }
+        }
+        return true;
+    }
+    /**
+     * Analyzes a regex pattern for potential ReDoS vulnerabilities
+     *
+     * Detects patterns known to cause exponential backtracking:
+     * - Nested quantifiers: (a+)+, (a*)*
+     * - Alternation with overlap: (a|a)*
+     * - Quantified groups with alternation: (a|b)+
+     * - Catastrophic patterns: (.+)+$
+     */
+    static analyzePattern(pattern) {
+        const source = pattern.source;
+        const risks = [];
+        // Nested quantifiers - extremely dangerous
+        if (/\([^)]+[+*]\)[+*]/.test(source) ||
+            /\([^)]+\{[^}]+\}\)[+*]/.test(source) ||
+            /\(\w+[+*]\)[+*]/.test(source)) {
+            risks.push('Nested quantifiers detected');
+        }
+        // Alternation with repetition
+        if (/\([^)]*\|[^)]*\)[+*]/.test(source)) {
+            risks.push('Quantified alternation detected');
+        }
+        // Alternation with overlap (e.g., (a|a)*)
+        const alternationMatch = source.match(/\(([^|)]+)\|([^)]+)\)/g);
+        if (alternationMatch) {
+            for (const match of alternationMatch) {
+                const parts = match.slice(1, -1).split('|');
+                if (parts.some((part, i) => parts.slice(i + 1).includes(part))) {
+                    risks.push('Overlapping alternation detected');
+                    break;
+                }
+            }
+        }
+        // Catastrophic backtracking patterns
+        // Check for patterns like (.+)+, (.*)+, etc. that can cause exponential backtracking
+        if (/\([^)]*\.\+[^)]*\)\+/.test(source) || /\([^)]*\.\*[^)]*\)\+/.test(source) || /\([^)]*\\w\+[^)]*\)\+/.test(source)) {
+            risks.push('Potential catastrophic backtracking');
+        }
+        // Unbounded lookahead/lookbehind with quantifiers
+        if (/\(\?[=!<].*[+*]/.test(source)) {
+            risks.push('Unbounded lookahead/lookbehind');
+        }
+        // Polynomial patterns (multiple quantifiers in sequence)
+        const quantifierCount = (source.match(/[+*?]|\{\d*,?\d*\}/g) || []).length;
+        if (quantifierCount > 3) {
+            risks.push('Multiple quantifiers detected');
+        }
+        // Determine complexity and safe content length
+        let complexity;
+        let maxSafeLength;
+        if (risks.length === 0) {
+            if (quantifierCount === 0) {
+                complexity = 'low';
+                maxSafeLength = this.COMPLEXITY_LIMITS.low;
+            }
+            else if (quantifierCount <= 3) {
+                complexity = 'medium';
+                maxSafeLength = this.COMPLEXITY_LIMITS.medium;
+            }
+            else {
+                complexity = 'high';
+                maxSafeLength = this.COMPLEXITY_LIMITS.high;
+            }
+        }
+        else if (risks.length === 1) {
+            complexity = 'high';
+            maxSafeLength = this.COMPLEXITY_LIMITS.high;
+        }
+        else {
+            complexity = 'high';
+            maxSafeLength = this.COMPLEXITY_LIMITS.high;
+        }
+        return {
+            safe: risks.length === 0,
+            risks,
+            complexity,
+            maxSafeLength
+        };
+    }
+    /**
+     * Creates a regex pattern with safety analysis
+     */
+    static createSafePattern(pattern, flags) {
+        const regex = new RegExp(pattern, flags);
+        const analysis = this.analyzePattern(regex);
+        if (!analysis.safe) {
+            SecurityMonitor.logSecurityEvent({
+                type: 'UPDATE_SECURITY_VIOLATION',
+                severity: 'MEDIUM',
+                source: 'RegexValidator',
+                details: 'Potentially dangerous regex pattern created',
+                additionalData: {
+                    pattern,
+                    risks: analysis.risks
+                }
+            });
+        }
+        return regex;
+    }
+}
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoicmVnZXhWYWxpZGF0b3IuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi9zcmMvc2VjdXJpdHkvcmVnZXhWYWxpZGF0b3IudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IkFBQUE7Ozs7Ozs7R0FPRztBQUVILE9BQU8sRUFBRSxhQUFhLEVBQUUsTUFBTSxhQUFhLENBQUM7QUFDNUMsT0FBTyxFQUFFLGVBQWUsRUFBRSxNQUFNLHNCQUFzQixDQUFDO0FBa0J2RCxNQUFNLE9BQU8sY0FBYztJQUN6Qiw2Q0FBNkM7SUFDckMsTUFBTSxDQUFVLGlCQUFpQixHQUFHO1FBQzFDLEdBQUcsRUFBRSxNQUFNLEVBQUssNEJBQTRCO1FBQzVDLE1BQU0sRUFBRSxLQUFLLEVBQUcsNkJBQTZCO1FBQzdDLElBQUksRUFBRSxJQUFJLENBQU0sMkJBQTJCO0tBQzVDLENBQUM7SUFFRjs7Ozs7Ozs7T0FRRztJQUNILE1BQU0sQ0FBQyxRQUFRLENBQ2IsT0FBZSxFQUNmLE9BQWUsRUFDZixVQUFrQyxFQUFFO1FBRXBDLE1BQU0sRUFDSixTQUFTLEVBQ1QsdUJBQXVCLEdBQUcsSUFBSSxFQUM5QixTQUFTLEdBQUcsSUFBSSxFQUNqQixHQUFHLE9BQU8sQ0FBQztRQUVaLGtDQUFrQztRQUNsQyxNQUFNLFFBQVEsR0FBRyxJQUFJLENBQUMsY0FBYyxDQUFDLE9BQU8sQ0FBQyxDQUFDO1FBRTlDLDBDQUEwQztRQUMxQyxJQUFJLHVCQUF1QixJQUFJLENBQUMsUUFBUSxDQUFDLElBQUksRUFBRSxDQUFDO1lBQzlDLElBQUksU0FBUyxFQUFFLENBQUM7Z0JBQ2QsZUFBZSxDQUFDLGdCQUFnQixDQUFDO29CQUMvQixJQUFJLEVBQUUsMkJBQTJCO29CQUNqQyxRQUFRLEVBQUUsTUFBTTtvQkFDaEIsTUFBTSxFQUFFLGdCQUFnQjtvQkFDeEIsT0FBTyxFQUFFLGtDQUFrQztvQkFDM0MsY0FBYyxFQUFFO3dCQUNkLE9BQU8sRUFBRSxPQUFPLENBQUMsTUFBTTt3QkFDdkIsS0FBSyxFQUFFLFFBQVEsQ0FBQyxLQUFLO3FCQUN0QjtpQkFDRixDQUFDLENBQUM7WUFDTCxDQUFDO1lBQ0QsTUFBTSxJQUFJLGFBQWEsQ0FDckIsdUNBQXVDLFFBQVEsQ0FBQyxLQUFLLENBQUMsSUFBSSxDQUFDLElBQUksQ0FBQyxFQUFFLENBQ25FLENBQUM7UUFDSixDQUFDO1FBRUQsaUNBQWlDO1FBQ2pDLE1BQU0sa0JBQWtCLEdBQUcsU0FBUyxJQUFJLFFBQVEsQ0FBQyxhQUFhLENBQUM7UUFFL0QsdUJBQXVCO1FBQ3ZCLElBQUksT0FBTyxDQUFDLE1BQU0sR0FBRyxrQkFBa0IsRUFBRSxDQUFDO1lBQ3hDLE1BQU0sSUFBSSxhQUFhLENBQ3JCLHFDQUFxQyxPQUFPLENBQUMsTUFBTSxnQkFBZ0Isa0JBQWtCLFFBQVEsUUFBUSxDQUFDLFVBQVUsc0JBQXNCLENBQ3ZJLENBQUM7UUFDSixDQUFDO1FBRUQsNkRBQTZEO1FBQzdELE1BQU0sUUFBUSxHQUFHLElBQUksTUFBTSxDQUFDLE9BQU8sQ0FBQyxNQUFNLEVBQUUsT0FBTyxDQUFDLEtBQUssQ0FBQyxDQUFDO1FBRTNELElBQUksQ0FBQztZQUNILHNDQUFzQztZQUN0QyxNQUFNLFNBQVMsR0FBRyxXQUFXLENBQUMsR0FBRyxFQUFFLENBQUM7WUFDcEMsTUFBTSxNQUFNLEdBQUcsUUFBUSxDQUFDLElBQUksQ0FBQyxPQUFPLENBQUMsQ0FBQztZQUN0QyxNQUFNLE9BQU8sR0FBRyxXQUFXLENBQUMsR0FBRyxFQUFFLEdBQUcsU0FBUyxDQUFDO1lBRTlDLG9CQUFvQjtZQUNwQixJQUFJLE9BQU8sR0FBRyxFQUFFLElBQUksU0FBUyxFQUFFLENBQUM7Z0JBQzlCLGVBQWUsQ0FBQyxnQkFBZ0IsQ0FBQztvQkFDL0IsSUFBSSxFQUFFLG9CQUFvQjtvQkFDMUIsUUFBUSxFQUFFLFFBQVE7b0JBQ2xCLE1BQU0sRUFBRSxnQkFBZ0I7b0JBQ3hCLE9BQU8sRUFBRSx5QkFBeUIsT0FBTyxDQUFDLE9BQU8sQ0FBQyxDQUFDLENBQUMsSUFBSTtvQkFDeEQsY0FBYyxFQUFFO3dCQUNkLE9BQU8sRUFBRSxPQUFPLENBQUMsTUFBTTt3QkFDdkIsYUFBYSxFQUFFLE9BQU8sQ0FBQyxNQUFNO3dCQUM3QixPQUFPO3FCQUNSO2lCQUNGLENBQUMsQ0FBQztZQUNMLENBQUM7WUFFRCxPQUFPLE1BQU0sQ0FBQztRQUNoQixDQUFDO1FBQUMsT0FBTyxLQUFLLEVBQUUsQ0FBQztZQUNmLDBCQUEwQjtZQUMxQixJQUFJLFNBQVMsRUFBRSxDQUFDO2dCQUNkLGVBQWUsQ0FBQyxnQkFBZ0IsQ0FBQztvQkFDL0IsSUFBSSxFQUFFLDJCQUEyQjtvQkFDakMsUUFBUSxFQUFFLE1BQU07b0JBQ2hCLE1BQU0sRUFBRSxnQkFBZ0I7b0JBQ3hCLE9BQU8sRUFBRSx1QkFBdUI7b0JBQ2hDLGNBQWMsRUFBRTt3QkFDZCxLQUFLLEVBQUUsS0FBSyxZQUFZLEtBQUssQ0FBQyxDQUFDLENBQUMsS0FBSyxDQUFDLE9BQU8sQ0FBQyxDQUFDLENBQUMsZUFBZTtxQkFDaEU7aUJBQ0YsQ0FBQyxDQUFDO1lBQ0wsQ0FBQztZQUNELE9BQU8sS0FBSyxDQUFDO1FBQ2YsQ0FBQztJQUNILENBQUM7SUFFRDs7T0FFRztJQUNILE1BQU0sQ0FBQyxXQUFXLENBQ2hCLE9BQWUsRUFDZixRQUFrQixFQUNsQixVQUFrQyxFQUFFO1FBRXBDLEtBQUssTUFBTSxPQUFPLElBQUksUUFBUSxFQUFFLENBQUM7WUFDL0IsSUFBSSxJQUFJLENBQUMsUUFBUSxDQUFDLE9BQU8sRUFBRSxPQUFPLEVBQUUsT0FBTyxDQUFDLEVBQUUsQ0FBQztnQkFDN0MsT0FBTyxJQUFJLENBQUM7WUFDZCxDQUFDO1FBQ0gsQ0FBQztRQUNELE9BQU8sS0FBSyxDQUFDO0lBQ2YsQ0FBQztJQUVEOztPQUVHO0lBQ0gsTUFBTSxDQUFDLFdBQVcsQ0FDaEIsT0FBZSxFQUNmLFFBQWtCLEVBQ2xCLFVBQWtDLEVBQUU7UUFFcEMsS0FBSyxNQUFNLE9BQU8sSUFBSSxRQUFRLEVBQUUsQ0FBQztZQUMvQixJQUFJLENBQUMsSUFBSSxDQUFDLFFBQVEsQ0FBQyxPQUFPLEVBQUUsT0FBTyxFQUFFLE9BQU8sQ0FBQyxFQUFFLENBQUM7Z0JBQzlDLE9BQU8sS0FBSyxDQUFDO1lBQ2YsQ0FBQztRQUNILENBQUM7UUFDRCxPQUFPLElBQUksQ0FBQztJQUNkLENBQUM7SUFFRDs7Ozs7Ozs7T0FRRztJQUNILE1BQU0sQ0FBQyxjQUFjLENBQUMsT0FBZTtRQUNuQyxNQUFNLE1BQU0sR0FBRyxPQUFPLENBQUMsTUFBTSxDQUFDO1FBQzlCLE1BQU0sS0FBSyxHQUFhLEVBQUUsQ0FBQztRQUUzQiwyQ0FBMkM7UUFDM0MsSUFBSSxtQkFBbUIsQ0FBQyxJQUFJLENBQUMsTUFBTSxDQUFDO1lBQ2hDLHdCQUF3QixDQUFDLElBQUksQ0FBQyxNQUFNLENBQUM7WUFDckMsaUJBQWlCLENBQUMsSUFBSSxDQUFDLE1BQU0sQ0FBQyxFQUFFLENBQUM7WUFDbkMsS0FBSyxDQUFDLElBQUksQ0FBQyw2QkFBNkIsQ0FBQyxDQUFDO1FBQzVDLENBQUM7UUFFRCw4QkFBOEI7UUFDOUIsSUFBSSxzQkFBc0IsQ0FBQyxJQUFJLENBQUMsTUFBTSxDQUFDLEVBQUUsQ0FBQztZQUN4QyxLQUFLLENBQUMsSUFBSSxDQUFDLGlDQUFpQyxDQUFDLENBQUM7UUFDaEQsQ0FBQztRQUVELDBDQUEwQztRQUMxQyxNQUFNLGdCQUFnQixHQUFHLE1BQU0sQ0FBQyxLQUFLLENBQUMsd0JBQXdCLENBQUMsQ0FBQztRQUNoRSxJQUFJLGdCQUFnQixFQUFFLENBQUM7WUFDckIsS0FBSyxNQUFNLEtBQUssSUFBSSxnQkFBZ0IsRUFBRSxDQUFDO2dCQUNyQyxNQUFNLEtBQUssR0FBRyxLQUFLLENBQUMsS0FBSyxDQUFDLENBQUMsRUFBRSxDQUFDLENBQUMsQ0FBQyxDQUFDLEtBQUssQ0FBQyxHQUFHLENBQUMsQ0FBQztnQkFDNUMsSUFBSSxLQUFLLENBQUMsSUFBSSxDQUFDLENBQUMsSUFBSSxFQUFFLENBQUMsRUFBRSxFQUFFLENBQUMsS0FBSyxDQUFDLEtBQUssQ0FBQyxDQUFDLEdBQUcsQ0FBQyxDQUFDLENBQUMsUUFBUSxDQUFDLElBQUksQ0FBQyxDQUFDLEVBQUUsQ0FBQztvQkFDL0QsS0FBSyxDQUFDLElBQUksQ0FBQyxrQ0FBa0MsQ0FBQyxDQUFDO29CQUMvQyxNQUFNO2dCQUNSLENBQUM7WUFDSCxDQUFDO1FBQ0gsQ0FBQztRQUVELHFDQUFxQztRQUNyQyxxRkFBcUY7UUFDckYsSUFBSSxzQkFBc0IsQ0FBQyxJQUFJLENBQUMsTUFBTSxDQUFDLElBQUksc0JBQXNCLENBQUMsSUFBSSxDQUFDLE1BQU0sQ0FBQyxJQUFJLHVCQUF1QixDQUFDLElBQUksQ0FBQyxNQUFNLENBQUMsRUFBRSxDQUFDO1lBQ3ZILEtBQUssQ0FBQyxJQUFJLENBQUMscUNBQXFDLENBQUMsQ0FBQztRQUNwRCxDQUFDO1FBRUQsa0RBQWtEO1FBQ2xELElBQUksaUJBQWlCLENBQUMsSUFBSSxDQUFDLE1BQU0sQ0FBQyxFQUFFLENBQUM7WUFDbkMsS0FBSyxDQUFDLElBQUksQ0FBQyxnQ0FBZ0MsQ0FBQyxDQUFDO1FBQy9DLENBQUM7UUFFRCx5REFBeUQ7UUFDekQsTUFBTSxlQUFlLEdBQUcsQ0FBQyxNQUFNLENBQUMsS0FBSyxDQUFDLHFCQUFxQixDQUFDLElBQUksRUFBRSxDQUFDLENBQUMsTUFBTSxDQUFDO1FBQzNFLElBQUksZUFBZSxHQUFHLENBQUMsRUFBRSxDQUFDO1lBQ3hCLEtBQUssQ0FBQyxJQUFJLENBQUMsK0JBQStCLENBQUMsQ0FBQztRQUM5QyxDQUFDO1FBRUQsK0NBQStDO1FBQy9DLElBQUksVUFBcUMsQ0FBQztRQUMxQyxJQUFJLGFBQXFCLENBQUM7UUFFMUIsSUFBSSxLQUFLLENBQUMsTUFBTSxLQUFLLENBQUMsRUFBRSxDQUFDO1lBQ3ZCLElBQUksZUFBZSxLQUFLLENBQUMsRUFBRSxDQUFDO2dCQUMxQixVQUFVLEdBQUcsS0FBSyxDQUFDO2dCQUNuQixhQUFhLEdBQUcsSUFBSSxDQUFDLGlCQUFpQixDQUFDLEdBQUcsQ0FBQztZQUM3QyxDQUFDO2lCQUFNLElBQUksZUFBZSxJQUFJLENBQUMsRUFBRSxDQUFDO2dCQUNoQyxVQUFVLEdBQUcsUUFBUSxDQUFDO2dCQUN0QixhQUFhLEdBQUcsSUFBSSxDQUFDLGlCQUFpQixDQUFDLE1BQU0sQ0FBQztZQUNoRCxDQUFDO2lCQUFNLENBQUM7Z0JBQ04sVUFBVSxHQUFHLE1BQU0sQ0FBQztnQkFDcEIsYUFBYSxHQUFHLElBQUksQ0FBQyxpQkFBaUIsQ0FBQyxJQUFJLENBQUM7WUFDOUMsQ0FBQztRQUNILENBQUM7YUFBTSxJQUFJLEtBQUssQ0FBQyxNQUFNLEtBQUssQ0FBQyxFQUFFLENBQUM7WUFDOUIsVUFBVSxHQUFHLE1BQU0sQ0FBQztZQUNwQixhQUFhLEdBQUcsSUFBSSxDQUFDLGlCQUFpQixDQUFDLElBQUksQ0FBQztRQUM5QyxDQUFDO2FBQU0sQ0FBQztZQUNOLFVBQVUsR0FBRyxNQUFNLENBQUM7WUFDcEIsYUFBYSxHQUFHLElBQUksQ0FBQyxpQkFBaUIsQ0FBQyxJQUFJLENBQUM7UUFDOUMsQ0FBQztRQUVELE9BQU87WUFDTCxJQUFJLEVBQUUsS0FBSyxDQUFDLE1BQU0sS0FBSyxDQUFDO1lBQ3hCLEtBQUs7WUFDTCxVQUFVO1lBQ1YsYUFBYTtTQUNkLENBQUM7SUFDSixDQUFDO0lBRUQ7O09BRUc7SUFDSCxNQUFNLENBQUMsaUJBQWlCLENBQUMsT0FBZSxFQUFFLEtBQWM7UUFDdEQsTUFBTSxLQUFLLEdBQUcsSUFBSSxNQUFNLENBQUMsT0FBTyxFQUFFLEtBQUssQ0FBQyxDQUFDO1FBQ3pDLE1BQU0sUUFBUSxHQUFHLElBQUksQ0FBQyxjQUFjLENBQUMsS0FBSyxDQUFDLENBQUM7UUFFNUMsSUFBSSxDQUFDLFFBQVEsQ0FBQyxJQUFJLEVBQUUsQ0FBQztZQUNuQixlQUFlLENBQUMsZ0JBQWdCLENBQUM7Z0JBQy9CLElBQUksRUFBRSwyQkFBMkI7Z0JBQ2pDLFFBQVEsRUFBRSxRQUFRO2dCQUNsQixNQUFNLEVBQUUsZ0JBQWdCO2dCQUN4QixPQUFPLEVBQUUsNkNBQTZDO2dCQUN0RCxjQUFjLEVBQUU7b0JBQ2QsT0FBTztvQkFDUCxLQUFLLEVBQUUsUUFBUSxDQUFDLEtBQUs7aUJBQ3RCO2FBQ0YsQ0FBQyxDQUFDO1FBQ0wsQ0FBQztRQUVELE9BQU8sS0FBSyxDQUFDO0lBQ2YsQ0FBQyIsInNvdXJjZXNDb250ZW50IjpbIi8qKlxuICogUmVnZXhWYWxpZGF0b3IgLSBQcm92aWRlcyBwcm90ZWN0aW9uIGFnYWluc3QgUmVEb1MgYXR0YWNrc1xuICogXG4gKiBUaGlzIG1vZHVsZSBpbXBsZW1lbnRzIHNhZmUgcmVnZXggZXhlY3V0aW9uIGJ5OlxuICogMS4gUHJlLXZhbGlkYXRpbmcgY29udGVudCBsZW5ndGggYmFzZWQgb24gcGF0dGVybiBjb21wbGV4aXR5XG4gKiAyLiBBbmFseXppbmcgcGF0dGVybnMgZm9yIGtub3duIFJlRG9TIHZ1bG5lcmFiaWxpdGllc1xuICogMy4gTGltaXRpbmcgZXhlY3V0aW9uIGJhc2VkIG9uIGNhbGN1bGF0ZWQgcmlza1xuICovXG5cbmltcG9ydCB7IFNlY3VyaXR5RXJyb3IgfSBmcm9tICcuL2Vycm9ycy5qcyc7XG5pbXBvcnQgeyBTZWN1cml0eU1vbml0b3IgfSBmcm9tICcuL3NlY3VyaXR5TW9uaXRvci5qcyc7XG5cbmV4cG9ydCBpbnRlcmZhY2UgUmVnZXhWYWxpZGF0aW9uT3B0aW9ucyB7XG4gIC8qKiBNYXhpbXVtIGNvbnRlbnQgbGVuZ3RoIGFsbG93ZWQgKi9cbiAgbWF4TGVuZ3RoPzogbnVtYmVyO1xuICAvKiogUmVqZWN0IHBhdHRlcm5zIHdpdGggaGlnaCBSZURvUyByaXNrICovXG4gIHJlamVjdERhbmdlcm91c1BhdHRlcm5zPzogYm9vbGVhbjtcbiAgLyoqIExvZyBzZWN1cml0eSBldmVudHMgKi9cbiAgbG9nRXZlbnRzPzogYm9vbGVhbjtcbn1cblxuaW50ZXJmYWNlIFBhdHRlcm5BbmFseXNpcyB7XG4gIHNhZmU6IGJvb2xlYW47XG4gIHJpc2tzOiBzdHJpbmdbXTtcbiAgY29tcGxleGl0eTogJ2xvdycgfCAnbWVkaXVtJyB8ICdoaWdoJztcbiAgbWF4U2FmZUxlbmd0aDogbnVtYmVyO1xufVxuXG5leHBvcnQgY2xhc3MgUmVnZXhWYWxpZGF0b3Ige1xuICAvLyBEZWZhdWx0IGxpbWl0cyBiYXNlZCBvbiBwYXR0ZXJuIGNvbXBsZXhpdHlcbiAgcHJpdmF0ZSBzdGF0aWMgcmVhZG9ubHkgQ09NUExFWElUWV9MSU1JVFMgPSB7XG4gICAgbG93OiAxMDAwMDAsICAgIC8vIDEwMEtCIGZvciBzaW1wbGUgcGF0dGVybnNcbiAgICBtZWRpdW06IDEwMDAwLCAgLy8gMTBLQiBmb3IgbW9kZXJhdGUgcGF0dGVybnNcbiAgICBoaWdoOiAxMDAwICAgICAgLy8gMUtCIGZvciBjb21wbGV4IHBhdHRlcm5zXG4gIH07XG5cbiAgLyoqXG4gICAqIFZhbGlkYXRlcyBjb250ZW50IGFnYWluc3QgYSBwYXR0ZXJuIHdpdGggUmVEb1MgcHJvdGVjdGlvblxuICAgKiBcbiAgICogUHJvdGVjdGlvbiBzdHJhdGVneTpcbiAgICogMS4gQW5hbHl6ZSBwYXR0ZXJuIGNvbXBsZXhpdHlcbiAgICogMi4gRW5mb3JjZSBjb250ZW50IGxlbmd0aCBsaW1pdHMgYmFzZWQgb24gY29tcGxleGl0eVxuICAgKiAzLiBSZWplY3Qga25vd24gZGFuZ2Vyb3VzIHBhdHRlcm5zXG4gICAqIDQuIEV4ZWN1dGUgcmVnZXggb25seSBpZiBzYWZlXG4gICAqL1xuICBzdGF0aWMgdmFsaWRhdGUoXG4gICAgY29udGVudDogc3RyaW5nLFxuICAgIHBhdHRlcm46IFJlZ0V4cCxcbiAgICBvcHRpb25zOiBSZWdleFZhbGlkYXRpb25PcHRpb25zID0ge31cbiAgKTogYm9vbGVhbiB7XG4gICAgY29uc3Qge1xuICAgICAgbWF4TGVuZ3RoLFxuICAgICAgcmVqZWN0RGFuZ2Vyb3VzUGF0dGVybnMgPSB0cnVlLFxuICAgICAgbG9nRXZlbnRzID0gdHJ1ZVxuICAgIH0gPSBvcHRpb25zO1xuXG4gICAgLy8gQW5hbHl6ZSBwYXR0ZXJuIGZvciBSZURvUyByaXNrc1xuICAgIGNvbnN0IGFuYWx5c2lzID0gdGhpcy5hbmFseXplUGF0dGVybihwYXR0ZXJuKTtcbiAgICBcbiAgICAvLyBSZWplY3QgZGFuZ2Vyb3VzIHBhdHRlcm5zIGlmIGNvbmZpZ3VyZWRcbiAgICBpZiAocmVqZWN0RGFuZ2Vyb3VzUGF0dGVybnMgJiYgIWFuYWx5c2lzLnNhZmUpIHtcbiAgICAgIGlmIChsb2dFdmVudHMpIHtcbiAgICAgICAgU2VjdXJpdHlNb25pdG9yLmxvZ1NlY3VyaXR5RXZlbnQoe1xuICAgICAgICAgIHR5cGU6ICdVUERBVEVfU0VDVVJJVFlfVklPTEFUSU9OJyxcbiAgICAgICAgICBzZXZlcml0eTogJ0hJR0gnLFxuICAgICAgICAgIHNvdXJjZTogJ1JlZ2V4VmFsaWRhdG9yJyxcbiAgICAgICAgICBkZXRhaWxzOiAnRGFuZ2Vyb3VzIHJlZ2V4IHBhdHRlcm4gcmVqZWN0ZWQnLFxuICAgICAgICAgIGFkZGl0aW9uYWxEYXRhOiB7XG4gICAgICAgICAgICBwYXR0ZXJuOiBwYXR0ZXJuLnNvdXJjZSxcbiAgICAgICAgICAgIHJpc2tzOiBhbmFseXNpcy5yaXNrc1xuICAgICAgICAgIH1cbiAgICAgICAgfSk7XG4gICAgICB9XG4gICAgICB0aHJvdyBuZXcgU2VjdXJpdHlFcnJvcihcbiAgICAgICAgYFBhdHRlcm4gcmVqZWN0ZWQgZHVlIHRvIFJlRG9TIHJpc2s6ICR7YW5hbHlzaXMucmlza3Muam9pbignLCAnKX1gXG4gICAgICApO1xuICAgIH1cblxuICAgIC8vIERldGVybWluZSBlZmZlY3RpdmUgbWF4IGxlbmd0aFxuICAgIGNvbnN0IGVmZmVjdGl2ZU1heExlbmd0aCA9IG1heExlbmd0aCA/PyBhbmFseXNpcy5tYXhTYWZlTGVuZ3RoO1xuICAgIFxuICAgIC8vIENoZWNrIGNvbnRlbnQgbGVuZ3RoXG4gICAgaWYgKGNvbnRlbnQubGVuZ3RoID4gZWZmZWN0aXZlTWF4TGVuZ3RoKSB7XG4gICAgICB0aHJvdyBuZXcgU2VjdXJpdHlFcnJvcihcbiAgICAgICAgYENvbnRlbnQgdG9vIGxhcmdlIGZvciB2YWxpZGF0aW9uOiAke2NvbnRlbnQubGVuZ3RofSBieXRlcyAobWF4OiAke2VmZmVjdGl2ZU1heExlbmd0aH0gZm9yICR7YW5hbHlzaXMuY29tcGxleGl0eX0gY29tcGxleGl0eSBwYXR0ZXJuKWBcbiAgICAgICk7XG4gICAgfVxuXG4gICAgLy8gQ3JlYXRlIGEgY29weSBvZiB0aGUgcmVnZXggdG8gYXZvaWQgbW9kaWZ5aW5nIHRoZSBvcmlnaW5hbFxuICAgIGNvbnN0IHNhZmVDb3B5ID0gbmV3IFJlZ0V4cChwYXR0ZXJuLnNvdXJjZSwgcGF0dGVybi5mbGFncyk7XG4gICAgXG4gICAgdHJ5IHtcbiAgICAgIC8vIFRyYWNrIGV4ZWN1dGlvbiB0aW1lIGZvciBtb25pdG9yaW5nXG4gICAgICBjb25zdCBzdGFydFRpbWUgPSBwZXJmb3JtYW5jZS5ub3coKTtcbiAgICAgIGNvbnN0IHJlc3VsdCA9IHNhZmVDb3B5LnRlc3QoY29udGVudCk7XG4gICAgICBjb25zdCBlbGFwc2VkID0gcGVyZm9ybWFuY2Uubm93KCkgLSBzdGFydFRpbWU7XG5cbiAgICAgIC8vIExvZyBzbG93IHBhdHRlcm5zXG4gICAgICBpZiAoZWxhcHNlZCA+IDUwICYmIGxvZ0V2ZW50cykge1xuICAgICAgICBTZWN1cml0eU1vbml0b3IubG9nU2VjdXJpdHlFdmVudCh7XG4gICAgICAgICAgdHlwZTogJ1JBVEVfTElNSVRfV0FSTklORycsXG4gICAgICAgICAgc2V2ZXJpdHk6ICdNRURJVU0nLFxuICAgICAgICAgIHNvdXJjZTogJ1JlZ2V4VmFsaWRhdG9yJyxcbiAgICAgICAgICBkZXRhaWxzOiBgU2xvdyByZWdleCBleGVjdXRpb246ICR7ZWxhcHNlZC50b0ZpeGVkKDIpfW1zYCxcbiAgICAgICAgICBhZGRpdGlvbmFsRGF0YToge1xuICAgICAgICAgICAgcGF0dGVybjogcGF0dGVybi5zb3VyY2UsXG4gICAgICAgICAgICBjb250ZW50TGVuZ3RoOiBjb250ZW50Lmxlbmd0aCxcbiAgICAgICAgICAgIGVsYXBzZWRcbiAgICAgICAgICB9XG4gICAgICAgIH0pO1xuICAgICAgfVxuXG4gICAgICByZXR1cm4gcmVzdWx0O1xuICAgIH0gY2F0Y2ggKGVycm9yKSB7XG4gICAgICAvLyBIYW5kbGUgYW55IHJlZ2V4IGVycm9yc1xuICAgICAgaWYgKGxvZ0V2ZW50cykge1xuICAgICAgICBTZWN1cml0eU1vbml0b3IubG9nU2VjdXJpdHlFdmVudCh7XG4gICAgICAgICAgdHlwZTogJ1VQREFURV9TRUNVUklUWV9WSU9MQVRJT04nLFxuICAgICAgICAgIHNldmVyaXR5OiAnSElHSCcsXG4gICAgICAgICAgc291cmNlOiAnUmVnZXhWYWxpZGF0b3InLFxuICAgICAgICAgIGRldGFpbHM6ICdSZWdleCBleGVjdXRpb24gZXJyb3InLFxuICAgICAgICAgIGFkZGl0aW9uYWxEYXRhOiB7XG4gICAgICAgICAgICBlcnJvcjogZXJyb3IgaW5zdGFuY2VvZiBFcnJvciA/IGVycm9yLm1lc3NhZ2UgOiAnVW5rbm93biBlcnJvcidcbiAgICAgICAgICB9XG4gICAgICAgIH0pO1xuICAgICAgfVxuICAgICAgcmV0dXJuIGZhbHNlO1xuICAgIH1cbiAgfVxuXG4gIC8qKlxuICAgKiBWYWxpZGF0ZXMgbXVsdGlwbGUgcGF0dGVybnMgd2l0aCBzaGFyZWQgcmlzayBhc3Nlc3NtZW50XG4gICAqL1xuICBzdGF0aWMgdmFsaWRhdGVBbnkoXG4gICAgY29udGVudDogc3RyaW5nLFxuICAgIHBhdHRlcm5zOiBSZWdFeHBbXSxcbiAgICBvcHRpb25zOiBSZWdleFZhbGlkYXRpb25PcHRpb25zID0ge31cbiAgKTogYm9vbGVhbiB7XG4gICAgZm9yIChjb25zdCBwYXR0ZXJuIG9mIHBhdHRlcm5zKSB7XG4gICAgICBpZiAodGhpcy52YWxpZGF0ZShjb250ZW50LCBwYXR0ZXJuLCBvcHRpb25zKSkge1xuICAgICAgICByZXR1cm4gdHJ1ZTtcbiAgICAgIH1cbiAgICB9XG4gICAgcmV0dXJuIGZhbHNlO1xuICB9XG5cbiAgLyoqXG4gICAqIFZhbGlkYXRlcyBhbGwgcGF0dGVybnMgbXVzdCBtYXRjaFxuICAgKi9cbiAgc3RhdGljIHZhbGlkYXRlQWxsKFxuICAgIGNvbnRlbnQ6IHN0cmluZyxcbiAgICBwYXR0ZXJuczogUmVnRXhwW10sXG4gICAgb3B0aW9uczogUmVnZXhWYWxpZGF0aW9uT3B0aW9ucyA9IHt9XG4gICk6IGJvb2xlYW4ge1xuICAgIGZvciAoY29uc3QgcGF0dGVybiBvZiBwYXR0ZXJucykge1xuICAgICAgaWYgKCF0aGlzLnZhbGlkYXRlKGNvbnRlbnQsIHBhdHRlcm4sIG9wdGlvbnMpKSB7XG4gICAgICAgIHJldHVybiBmYWxzZTtcbiAgICAgIH1cbiAgICB9XG4gICAgcmV0dXJuIHRydWU7XG4gIH1cblxuICAvKipcbiAgICogQW5hbHl6ZXMgYSByZWdleCBwYXR0ZXJuIGZvciBwb3RlbnRpYWwgUmVEb1MgdnVsbmVyYWJpbGl0aWVzXG4gICAqIFxuICAgKiBEZXRlY3RzIHBhdHRlcm5zIGtub3duIHRvIGNhdXNlIGV4cG9uZW50aWFsIGJhY2t0cmFja2luZzpcbiAgICogLSBOZXN0ZWQgcXVhbnRpZmllcnM6IChhKykrLCAoYSopKlxuICAgKiAtIEFsdGVybmF0aW9uIHdpdGggb3ZlcmxhcDogKGF8YSkqXG4gICAqIC0gUXVhbnRpZmllZCBncm91cHMgd2l0aCBhbHRlcm5hdGlvbjogKGF8YikrXG4gICAqIC0gQ2F0YXN0cm9waGljIHBhdHRlcm5zOiAoLispKyRcbiAgICovXG4gIHN0YXRpYyBhbmFseXplUGF0dGVybihwYXR0ZXJuOiBSZWdFeHApOiBQYXR0ZXJuQW5hbHlzaXMge1xuICAgIGNvbnN0IHNvdXJjZSA9IHBhdHRlcm4uc291cmNlO1xuICAgIGNvbnN0IHJpc2tzOiBzdHJpbmdbXSA9IFtdO1xuICAgIFxuICAgIC8vIE5lc3RlZCBxdWFudGlmaWVycyAtIGV4dHJlbWVseSBkYW5nZXJvdXNcbiAgICBpZiAoL1xcKFteKV0rWysqXVxcKVsrKl0vLnRlc3Qoc291cmNlKSB8fCBcbiAgICAgICAgL1xcKFteKV0rXFx7W159XStcXH1cXClbKypdLy50ZXN0KHNvdXJjZSkgfHxcbiAgICAgICAgL1xcKFxcdytbKypdXFwpWysqXS8udGVzdChzb3VyY2UpKSB7XG4gICAgICByaXNrcy5wdXNoKCdOZXN0ZWQgcXVhbnRpZmllcnMgZGV0ZWN0ZWQnKTtcbiAgICB9XG5cbiAgICAvLyBBbHRlcm5hdGlvbiB3aXRoIHJlcGV0aXRpb25cbiAgICBpZiAoL1xcKFteKV0qXFx8W14pXSpcXClbKypdLy50ZXN0KHNvdXJjZSkpIHtcbiAgICAgIHJpc2tzLnB1c2goJ1F1YW50aWZpZWQgYWx0ZXJuYXRpb24gZGV0ZWN0ZWQnKTtcbiAgICB9XG5cbiAgICAvLyBBbHRlcm5hdGlvbiB3aXRoIG92ZXJsYXAgKGUuZy4sIChhfGEpKilcbiAgICBjb25zdCBhbHRlcm5hdGlvbk1hdGNoID0gc291cmNlLm1hdGNoKC9cXCgoW158KV0rKVxcfChbXildKylcXCkvZyk7XG4gICAgaWYgKGFsdGVybmF0aW9uTWF0Y2gpIHtcbiAgICAgIGZvciAoY29uc3QgbWF0Y2ggb2YgYWx0ZXJuYXRpb25NYXRjaCkge1xuICAgICAgICBjb25zdCBwYXJ0cyA9IG1hdGNoLnNsaWNlKDEsIC0xKS5zcGxpdCgnfCcpO1xuICAgICAgICBpZiAocGFydHMuc29tZSgocGFydCwgaSkgPT4gcGFydHMuc2xpY2UoaSArIDEpLmluY2x1ZGVzKHBhcnQpKSkge1xuICAgICAgICAgIHJpc2tzLnB1c2goJ092ZXJsYXBwaW5nIGFsdGVybmF0aW9uIGRldGVjdGVkJyk7XG4gICAgICAgICAgYnJlYWs7XG4gICAgICAgIH1cbiAgICAgIH1cbiAgICB9XG5cbiAgICAvLyBDYXRhc3Ryb3BoaWMgYmFja3RyYWNraW5nIHBhdHRlcm5zXG4gICAgLy8gQ2hlY2sgZm9yIHBhdHRlcm5zIGxpa2UgKC4rKSssICguKikrLCBldGMuIHRoYXQgY2FuIGNhdXNlIGV4cG9uZW50aWFsIGJhY2t0cmFja2luZ1xuICAgIGlmICgvXFwoW14pXSpcXC5cXCtbXildKlxcKVxcKy8udGVzdChzb3VyY2UpIHx8IC9cXChbXildKlxcLlxcKlteKV0qXFwpXFwrLy50ZXN0KHNvdXJjZSkgfHwgL1xcKFteKV0qXFxcXHdcXCtbXildKlxcKVxcKy8udGVzdChzb3VyY2UpKSB7XG4gICAgICByaXNrcy5wdXNoKCdQb3RlbnRpYWwgY2F0YXN0cm9waGljIGJhY2t0cmFja2luZycpO1xuICAgIH1cblxuICAgIC8vIFVuYm91bmRlZCBsb29rYWhlYWQvbG9va2JlaGluZCB3aXRoIHF1YW50aWZpZXJzXG4gICAgaWYgKC9cXChcXD9bPSE8XS4qWysqXS8udGVzdChzb3VyY2UpKSB7XG4gICAgICByaXNrcy5wdXNoKCdVbmJvdW5kZWQgbG9va2FoZWFkL2xvb2tiZWhpbmQnKTtcbiAgICB9XG5cbiAgICAvLyBQb2x5bm9taWFsIHBhdHRlcm5zIChtdWx0aXBsZSBxdWFudGlmaWVycyBpbiBzZXF1ZW5jZSlcbiAgICBjb25zdCBxdWFudGlmaWVyQ291bnQgPSAoc291cmNlLm1hdGNoKC9bKyo/XXxcXHtcXGQqLD9cXGQqXFx9L2cpIHx8IFtdKS5sZW5ndGg7XG4gICAgaWYgKHF1YW50aWZpZXJDb3VudCA+IDMpIHtcbiAgICAgIHJpc2tzLnB1c2goJ011bHRpcGxlIHF1YW50aWZpZXJzIGRldGVjdGVkJyk7XG4gICAgfVxuXG4gICAgLy8gRGV0ZXJtaW5lIGNvbXBsZXhpdHkgYW5kIHNhZmUgY29udGVudCBsZW5ndGhcbiAgICBsZXQgY29tcGxleGl0eTogJ2xvdycgfCAnbWVkaXVtJyB8ICdoaWdoJztcbiAgICBsZXQgbWF4U2FmZUxlbmd0aDogbnVtYmVyO1xuICAgIFxuICAgIGlmIChyaXNrcy5sZW5ndGggPT09IDApIHtcbiAgICAgIGlmIChxdWFudGlmaWVyQ291bnQgPT09IDApIHtcbiAgICAgICAgY29tcGxleGl0eSA9ICdsb3cnO1xuICAgICAgICBtYXhTYWZlTGVuZ3RoID0gdGhpcy5DT01QTEVYSVRZX0xJTUlUUy5sb3c7XG4gICAgICB9IGVsc2UgaWYgKHF1YW50aWZpZXJDb3VudCA8PSAzKSB7XG4gICAgICAgIGNvbXBsZXhpdHkgPSAnbWVkaXVtJztcbiAgICAgICAgbWF4U2FmZUxlbmd0aCA9IHRoaXMuQ09NUExFWElUWV9MSU1JVFMubWVkaXVtO1xuICAgICAgfSBlbHNlIHtcbiAgICAgICAgY29tcGxleGl0eSA9ICdoaWdoJztcbiAgICAgICAgbWF4U2FmZUxlbmd0aCA9IHRoaXMuQ09NUExFWElUWV9MSU1JVFMuaGlnaDtcbiAgICAgIH1cbiAgICB9IGVsc2UgaWYgKHJpc2tzLmxlbmd0aCA9PT0gMSkge1xuICAgICAgY29tcGxleGl0eSA9ICdoaWdoJztcbiAgICAgIG1heFNhZmVMZW5ndGggPSB0aGlzLkNPTVBMRVhJVFlfTElNSVRTLmhpZ2g7XG4gICAgfSBlbHNlIHtcbiAgICAgIGNvbXBsZXhpdHkgPSAnaGlnaCc7XG4gICAgICBtYXhTYWZlTGVuZ3RoID0gdGhpcy5DT01QTEVYSVRZX0xJTUlUUy5oaWdoO1xuICAgIH1cblxuICAgIHJldHVybiB7XG4gICAgICBzYWZlOiByaXNrcy5sZW5ndGggPT09IDAsXG4gICAgICByaXNrcyxcbiAgICAgIGNvbXBsZXhpdHksXG4gICAgICBtYXhTYWZlTGVuZ3RoXG4gICAgfTtcbiAgfVxuXG4gIC8qKlxuICAgKiBDcmVhdGVzIGEgcmVnZXggcGF0dGVybiB3aXRoIHNhZmV0eSBhbmFseXNpc1xuICAgKi9cbiAgc3RhdGljIGNyZWF0ZVNhZmVQYXR0ZXJuKHBhdHRlcm46IHN0cmluZywgZmxhZ3M/OiBzdHJpbmcpOiBSZWdFeHAge1xuICAgIGNvbnN0IHJlZ2V4ID0gbmV3IFJlZ0V4cChwYXR0ZXJuLCBmbGFncyk7XG4gICAgY29uc3QgYW5hbHlzaXMgPSB0aGlzLmFuYWx5emVQYXR0ZXJuKHJlZ2V4KTtcbiAgICBcbiAgICBpZiAoIWFuYWx5c2lzLnNhZmUpIHtcbiAgICAgIFNlY3VyaXR5TW9uaXRvci5sb2dTZWN1cml0eUV2ZW50KHtcbiAgICAgICAgdHlwZTogJ1VQREFURV9TRUNVUklUWV9WSU9MQVRJT04nLFxuICAgICAgICBzZXZlcml0eTogJ01FRElVTScsXG4gICAgICAgIHNvdXJjZTogJ1JlZ2V4VmFsaWRhdG9yJyxcbiAgICAgICAgZGV0YWlsczogJ1BvdGVudGlhbGx5IGRhbmdlcm91cyByZWdleCBwYXR0ZXJuIGNyZWF0ZWQnLFxuICAgICAgICBhZGRpdGlvbmFsRGF0YToge1xuICAgICAgICAgIHBhdHRlcm4sXG4gICAgICAgICAgcmlza3M6IGFuYWx5c2lzLnJpc2tzXG4gICAgICAgIH1cbiAgICAgIH0pO1xuICAgIH1cbiAgICBcbiAgICByZXR1cm4gcmVnZXg7XG4gIH1cbn0iXX0=

package/dist/security/secureYamlParser.d.ts

@@ -0,0 +1,46 @@
+/**
+ * Secure YAML Parser for DollhouseMCP
+ *
+ * Provides safe YAML parsing that prevents deserialization attacks
+ * by using a restricted schema and pre-validation.
+ *
+ * Security: SEC-003 - YAML parsing vulnerability protection
+ */
+import matter from 'gray-matter';
+export interface SecureParseOptions {
+    maxYamlSize?: number;
+    maxContentSize?: number;
+    allowedKeys?: string[];
+    validateContent?: boolean;
+}
+export interface ParsedContent {
+    data: Record<string, any>;
+    content: string;
+    excerpt?: string;
+}
+export declare class SecureYamlParser {
+    private static readonly DEFAULT_OPTIONS;
+    private static readonly SAFE_SCHEMA;
+    private static readonly FIELD_VALIDATORS;
+    /**
+     * Securely parse content with YAML frontmatter
+     */
+    static parse(input: string, options?: SecureParseOptions): ParsedContent;
+    /**
+     * Create a secure gray-matter compatible parser
+     */
+    static createSecureMatterParser(): {
+        parse: (input: string) => {
+            data: Record<string, any>;
+            content: string;
+            excerpt: string | undefined;
+            orig: string;
+        };
+        stringify: (content: string, data: any) => string;
+    };
+    /**
+     * Safe wrapper for gray-matter with security validations
+     */
+    static safeMatter(input: string, options?: matter.GrayMatterOption<string, any>): matter.GrayMatterFile<string>;
+}
+//# sourceMappingURL=secureYamlParser.d.ts.map

package/dist/security/secureYamlParser.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"secureYamlParser.d.ts","sourceRoot":"","sources":["../../src/security/secureYamlParser.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAGH,OAAO,MAAM,MAAM,aAAa,CAAC;AAKjC,MAAM,WAAW,kBAAkB;IACjC,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,WAAW,CAAC,EAAE,MAAM,EAAE,CAAC;IACvB,eAAe,CAAC,EAAE,OAAO,CAAC;CAC3B;AAED,MAAM,WAAW,aAAa;IAC5B,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;IAC1B,OAAO,EAAE,MAAM,CAAC;IAChB,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB;AAED,qBAAa,gBAAgB;IAC3B,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,eAAe,CAIrC;IAGF,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,WAAW,CAAwB;IAG3D,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,gBAAgB,CAatC;IAEF;;OAEG;IACH,MAAM,CAAC,KAAK,CAAC,KAAK,EAAE,MAAM,EAAE,OAAO,GAAE,kBAAuB,GAAG,aAAa;IA8G5E;;OAEG;IACH,MAAM,CAAC,wBAAwB;uBAEZ,MAAM;;;;;;6BASA,MAAM,QAAQ,GAAG;;IAoB1C;;OAEG;IACH,MAAM,CAAC,UAAU,CAAC,KAAK,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,MAAM,CAAC,gBAAgB,CAAC,MAAM,EAAE,GAAG,CAAC,GAAG,MAAM,CAAC,cAAc,CAAC,MAAM,CAAC;CAgChH"}

package/dist/security/secureYamlParser.js

@@ -0,0 +1,203 @@
+/**
+ * Secure YAML Parser for DollhouseMCP
+ *
+ * Provides safe YAML parsing that prevents deserialization attacks
+ * by using a restricted schema and pre-validation.
+ *
+ * Security: SEC-003 - YAML parsing vulnerability protection
+ */
+import * as yaml from 'js-yaml';
+import matter from 'gray-matter';
+import { SecurityError } from '../errors/SecurityError.js';
+import { ContentValidator } from './contentValidator.js';
+import { SecurityMonitor } from './securityMonitor.js';
+export class SecureYamlParser {
+    static DEFAULT_OPTIONS = {
+        maxYamlSize: 64 * 1024, // 64KB for YAML
+        maxContentSize: 1024 * 1024, // 1MB for content
+        validateContent: true
+    };
+    // Allowed YAML types - using FAILSAFE_SCHEMA as base
+    static SAFE_SCHEMA = yaml.FAILSAFE_SCHEMA;
+    // Additional validation for specific persona fields
+    static FIELD_VALIDATORS = {
+        name: (v) => typeof v === 'string' && v.length <= 100,
+        description: (v) => typeof v === 'string' && v.length <= 500,
+        author: (v) => typeof v === 'string' && v.length <= 100,
+        version: (v) => typeof v === 'string' && /^\d+\.\d+(\.\d+)?(-[a-zA-Z0-9.-]+)?$/.test(v),
+        category: (v) => typeof v === 'string' && v.length <= 50,
+        age_rating: (v) => ['all', '13+', '18+'].includes(v),
+        price: (v) => typeof v === 'string' && (v === 'free' || /^\$\d+\.\d{2}$/.test(v)),
+        ai_generated: (v) => typeof v === 'boolean' || v === 'true' || v === 'false',
+        generation_method: (v) => ['human', 'ChatGPT', 'Claude', 'hybrid'].includes(v),
+        created_date: (v) => typeof v === 'string' && !isNaN(Date.parse(v)),
+        triggers: (v) => Array.isArray(v) && v.every(t => typeof t === 'string' && t.length <= 50),
+        content_flags: (v) => Array.isArray(v) && v.every(f => typeof f === 'string' && f.length <= 50)
+    };
+    /**
+     * Securely parse content with YAML frontmatter
+     */
+    static parse(input, options = {}) {
+        const opts = { ...this.DEFAULT_OPTIONS, ...options };
+        // 1. Size validation
+        if (input.length > (opts.maxContentSize || this.DEFAULT_OPTIONS.maxContentSize)) {
+            throw new SecurityError('Content exceeds maximum allowed size', 'medium');
+        }
+        // 2. Extract frontmatter boundaries
+        const frontmatterMatch = input.match(/^---\n([\s\S]*?)\n---/);
+        if (!frontmatterMatch) {
+            // No frontmatter, return empty data
+            return {
+                data: {},
+                content: input
+            };
+        }
+        const yamlContent = frontmatterMatch[1];
+        const markdownContent = input.substring(frontmatterMatch[0].length);
+        // 3. Validate YAML size
+        if (yamlContent.length > (opts.maxYamlSize || this.DEFAULT_OPTIONS.maxYamlSize)) {
+            throw new SecurityError('YAML frontmatter exceeds maximum allowed size', 'medium');
+        }
+        // 4. Pre-parse security validation
+        if (!ContentValidator.validateYamlContent(yamlContent)) {
+            SecurityMonitor.logSecurityEvent({
+                type: 'YAML_INJECTION_ATTEMPT',
+                severity: 'CRITICAL',
+                source: 'secure_yaml_parser',
+                details: 'Malicious YAML pattern detected during parsing'
+            });
+            throw new SecurityError('Malicious YAML content detected', 'critical');
+        }
+        // 5. Parse with safe schema
+        let data;
+        try {
+            data = yaml.load(yamlContent, {
+                schema: this.SAFE_SCHEMA,
+                json: false, // Don't allow JSON-specific types
+                onWarning: (warning) => {
+                    SecurityMonitor.logSecurityEvent({
+                        type: 'YAML_PARSING_WARNING',
+                        severity: 'LOW',
+                        source: 'secure_yaml_parser',
+                        details: `YAML warning: ${warning.message}`
+                    });
+                }
+            });
+        }
+        catch (error) {
+            throw new SecurityError(`YAML parsing failed: ${error instanceof Error ? error.message : 'Unknown error'}`, 'high');
+        }
+        // 6. Ensure data is an object
+        if (typeof data !== 'object' || data === null || Array.isArray(data)) {
+            throw new SecurityError('YAML must contain an object at root level', 'medium');
+        }
+        // 7. Validate allowed keys if specified
+        if (opts.allowedKeys) {
+            const invalidKeys = Object.keys(data).filter(key => !opts.allowedKeys.includes(key));
+            if (invalidKeys.length > 0) {
+                throw new SecurityError(`Invalid YAML keys detected: ${invalidKeys.join(', ')}`, 'medium');
+            }
+        }
+        // 8. Validate field types and content
+        for (const [key, value] of Object.entries(data)) {
+            // Check field-specific validators
+            if (this.FIELD_VALIDATORS[key] && !this.FIELD_VALIDATORS[key](value)) {
+                throw new SecurityError(`Invalid value for field '${key}'`, 'medium');
+            }
+            // Validate string fields for injection patterns
+            if (typeof value === 'string' && opts.validateContent) {
+                const validation = ContentValidator.validateAndSanitize(value);
+                if (!validation.isValid && validation.severity === 'critical') {
+                    throw new SecurityError(`Security threat detected in field '${key}'`, 'critical');
+                }
+                // Replace with sanitized content
+                data[key] = validation.sanitizedContent;
+            }
+        }
+        // 9. Validate markdown content if requested
+        let finalContent = markdownContent;
+        if (opts.validateContent) {
+            const contentValidation = ContentValidator.validateAndSanitize(markdownContent);
+            if (!contentValidation.isValid && contentValidation.severity === 'critical') {
+                throw new SecurityError('Security threat detected in content', 'critical');
+            }
+            finalContent = contentValidation.sanitizedContent || markdownContent;
+        }
+        SecurityMonitor.logSecurityEvent({
+            type: 'YAML_PARSE_SUCCESS',
+            severity: 'LOW',
+            source: 'secure_yaml_parser',
+            details: `Successfully parsed YAML with ${Object.keys(data).length} fields`
+        });
+        return {
+            data,
+            content: finalContent
+        };
+    }
+    /**
+     * Create a secure gray-matter compatible parser
+     */
+    static createSecureMatterParser() {
+        return {
+            parse: (input) => {
+                const result = this.parse(input);
+                return {
+                    data: result.data,
+                    content: result.content,
+                    excerpt: result.excerpt,
+                    orig: input
+                };
+            },
+            stringify: (content, data) => {
+                // Validate data before stringifying
+                const validation = ContentValidator.validateMetadata(data);
+                if (!validation.isValid) {
+                    throw new SecurityError('Cannot stringify content with security threats', 'high');
+                }
+                // Use safe YAML dump
+                const yamlStr = yaml.dump(data, {
+                    schema: this.SAFE_SCHEMA,
+                    skipInvalid: true,
+                    noRefs: true,
+                    noCompatMode: true
+                });
+                return `---\n${yamlStr}---\n${content}`;
+            }
+        };
+    }
+    /**
+     * Safe wrapper for gray-matter with security validations
+     */
+    static safeMatter(input, options) {
+        // First, use our secure parser
+        const secureParsed = this.parse(input);
+        // Then use gray-matter with custom engines
+        return matter(input, {
+            ...options,
+            engines: {
+                yaml: {
+                    parse: (str) => {
+                        // Use our secure YAML parsing
+                        const parsed = yaml.load(str, {
+                            schema: this.SAFE_SCHEMA,
+                            json: false
+                        });
+                        // Ensure it's an object
+                        if (typeof parsed !== 'object' || parsed === null) {
+                            return {};
+                        }
+                        return parsed;
+                    },
+                    stringify: (obj) => {
+                        return yaml.dump(obj, {
+                            schema: this.SAFE_SCHEMA,
+                            skipInvalid: true,
+                            noRefs: true
+                        });
+                    }
+                }
+            }
+        });
+    }
+}
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoic2VjdXJlWWFtbFBhcnNlci5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uL3NyYy9zZWN1cml0eS9zZWN1cmVZYW1sUGFyc2VyLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiJBQUFBOzs7Ozs7O0dBT0c7QUFFSCxPQUFPLEtBQUssSUFBSSxNQUFNLFNBQVMsQ0FBQztBQUNoQyxPQUFPLE1BQU0sTUFBTSxhQUFhLENBQUM7QUFDakMsT0FBTyxFQUFFLGFBQWEsRUFBRSxNQUFNLDRCQUE0QixDQUFDO0FBQzNELE9BQU8sRUFBRSxnQkFBZ0IsRUFBRSxNQUFNLHVCQUF1QixDQUFDO0FBQ3pELE9BQU8sRUFBRSxlQUFlLEVBQUUsTUFBTSxzQkFBc0IsQ0FBQztBQWV2RCxNQUFNLE9BQU8sZ0JBQWdCO0lBQ25CLE1BQU0sQ0FBVSxlQUFlLEdBQXVCO1FBQzVELFdBQVcsRUFBRSxFQUFFLEdBQUcsSUFBSSxFQUFPLGdCQUFnQjtRQUM3QyxjQUFjLEVBQUUsSUFBSSxHQUFHLElBQUksRUFBRyxrQkFBa0I7UUFDaEQsZUFBZSxFQUFFLElBQUk7S0FDdEIsQ0FBQztJQUVGLHFEQUFxRDtJQUM3QyxNQUFNLENBQVUsV0FBVyxHQUFHLElBQUksQ0FBQyxlQUFlLENBQUM7SUFFM0Qsb0RBQW9EO0lBQzVDLE1BQU0sQ0FBVSxnQkFBZ0IsR0FBNEM7UUFDbEYsSUFBSSxFQUFFLENBQUMsQ0FBQyxFQUFFLEVBQUUsQ0FBQyxPQUFPLENBQUMsS0FBSyxRQUFRLElBQUksQ0FBQyxDQUFDLE1BQU0sSUFBSSxHQUFHO1FBQ3JELFdBQVcsRUFBRSxDQUFDLENBQUMsRUFBRSxFQUFFLENBQUMsT0FBTyxDQUFDLEtBQUssUUFBUSxJQUFJLENBQUMsQ0FBQyxNQUFNLElBQUksR0FBRztRQUM1RCxNQUFNLEVBQUUsQ0FBQyxDQUFDLEVBQUUsRUFBRSxDQUFDLE9BQU8sQ0FBQyxLQUFLLFFBQVEsSUFBSSxDQUFDLENBQUMsTUFBTSxJQUFJLEdBQUc7UUFDdkQsT0FBTyxFQUFFLENBQUMsQ0FBQyxFQUFFLEVBQUUsQ0FBQyxPQUFPLENBQUMsS0FBSyxRQUFRLElBQUksc0NBQXNDLENBQUMsSUFBSSxDQUFDLENBQUMsQ0FBQztRQUN2RixRQUFRLEVBQUUsQ0FBQyxDQUFDLEVBQUUsRUFBRSxDQUFDLE9BQU8sQ0FBQyxLQUFLLFFBQVEsSUFBSSxDQUFDLENBQUMsTUFBTSxJQUFJLEVBQUU7UUFDeEQsVUFBVSxFQUFFLENBQUMsQ0FBQyxFQUFFLEVBQUUsQ0FBQyxDQUFDLEtBQUssRUFBRSxLQUFLLEVBQUUsS0FBSyxDQUFDLENBQUMsUUFBUSxDQUFDLENBQUMsQ0FBQztRQUNwRCxLQUFLLEVBQUUsQ0FBQyxDQUFDLEVBQUUsRUFBRSxDQUFDLE9BQU8sQ0FBQyxLQUFLLFFBQVEsSUFBSSxDQUFDLENBQUMsS0FBSyxNQUFNLElBQUksZ0JBQWdCLENBQUMsSUFBSSxDQUFDLENBQUMsQ0FBQyxDQUFDO1FBQ2pGLFlBQVksRUFBRSxDQUFDLENBQUMsRUFBRSxFQUFFLENBQUMsT0FBTyxDQUFDLEtBQUssU0FBUyxJQUFJLENBQUMsS0FBSyxNQUFNLElBQUksQ0FBQyxLQUFLLE9BQU87UUFDNUUsaUJBQWlCLEVBQUUsQ0FBQyxDQUFDLEVBQUUsRUFBRSxDQUFDLENBQUMsT0FBTyxFQUFFLFNBQVMsRUFBRSxRQUFRLEVBQUUsUUFBUSxDQUFDLENBQUMsUUFBUSxDQUFDLENBQUMsQ0FBQztRQUM5RSxZQUFZLEVBQUUsQ0FBQyxDQUFDLEVBQUUsRUFBRSxDQUFDLE9BQU8sQ0FBQyxLQUFLLFFBQVEsSUFBSSxDQUFDLEtBQUssQ0FBQyxJQUFJLENBQUMsS0FBSyxDQUFDLENBQUMsQ0FBQyxDQUFDO1FBQ25FLFFBQVEsRUFBRSxDQUFDLENBQUMsRUFBRSxFQUFFLENBQUMsS0FBSyxDQUFDLE9BQU8sQ0FBQyxDQUFDLENBQUMsSUFBSSxDQUFDLENBQUMsS0FBSyxDQUFDLENBQUMsQ0FBQyxFQUFFLENBQUMsT0FBTyxDQUFDLEtBQUssUUFBUSxJQUFJLENBQUMsQ0FBQyxNQUFNLElBQUksRUFBRSxDQUFDO1FBQzFGLGFBQWEsRUFBRSxDQUFDLENBQUMsRUFBRSxFQUFFLENBQUMsS0FBSyxDQUFDLE9BQU8sQ0FBQyxDQUFDLENBQUMsSUFBSSxDQUFDLENBQUMsS0FBSyxDQUFDLENBQUMsQ0FBQyxFQUFFLENBQUMsT0FBTyxDQUFDLEtBQUssUUFBUSxJQUFJLENBQUMsQ0FBQyxNQUFNLElBQUksRUFBRSxDQUFDO0tBQ2hHLENBQUM7SUFFRjs7T0FFRztJQUNILE1BQU0sQ0FBQyxLQUFLLENBQUMsS0FBYSxFQUFFLFVBQThCLEVBQUU7UUFDMUQsTUFBTSxJQUFJLEdBQUcsRUFBRSxHQUFHLElBQUksQ0FBQyxlQUFlLEVBQUUsR0FBRyxPQUFPLEVBQUUsQ0FBQztRQUVyRCxxQkFBcUI7UUFDckIsSUFBSSxLQUFLLENBQUMsTUFBTSxHQUFHLENBQUMsSUFBSSxDQUFDLGNBQWMsSUFBSSxJQUFJLENBQUMsZUFBZSxDQUFDLGNBQWUsQ0FBQyxFQUFFLENBQUM7WUFDakYsTUFBTSxJQUFJLGFBQWEsQ0FBQyxzQ0FBc0MsRUFBRSxRQUFRLENBQUMsQ0FBQztRQUM1RSxDQUFDO1FBRUQsb0NBQW9DO1FBQ3BDLE1BQU0sZ0JBQWdCLEdBQUcsS0FBSyxDQUFDLEtBQUssQ0FBQyx1QkFBdUIsQ0FBQyxDQUFDO1FBQzlELElBQUksQ0FBQyxnQkFBZ0IsRUFBRSxDQUFDO1lBQ3RCLG9DQUFvQztZQUNwQyxPQUFPO2dCQUNMLElBQUksRUFBRSxFQUFFO2dCQUNSLE9BQU8sRUFBRSxLQUFLO2FBQ2YsQ0FBQztRQUNKLENBQUM7UUFFRCxNQUFNLFdBQVcsR0FBRyxnQkFBZ0IsQ0FBQyxDQUFDLENBQUMsQ0FBQztRQUN4QyxNQUFNLGVBQWUsR0FBRyxLQUFLLENBQUMsU0FBUyxDQUFDLGdCQUFnQixDQUFDLENBQUMsQ0FBQyxDQUFDLE1BQU0sQ0FBQyxDQUFDO1FBRXBFLHdCQUF3QjtRQUN4QixJQUFJLFdBQVcsQ0FBQyxNQUFNLEdBQUcsQ0FBQyxJQUFJLENBQUMsV0FBVyxJQUFJLElBQUksQ0FBQyxlQUFlLENBQUMsV0FBWSxDQUFDLEVBQUUsQ0FBQztZQUNqRixNQUFNLElBQUksYUFBYSxDQUFDLCtDQUErQyxFQUFFLFFBQVEsQ0FBQyxDQUFDO1FBQ3JGLENBQUM7UUFFRCxtQ0FBbUM7UUFDbkMsSUFBSSxDQUFDLGdCQUFnQixDQUFDLG1CQUFtQixDQUFDLFdBQVcsQ0FBQyxFQUFFLENBQUM7WUFDdkQsZUFBZSxDQUFDLGdCQUFnQixDQUFDO2dCQUMvQixJQUFJLEVBQUUsd0JBQXdCO2dCQUM5QixRQUFRLEVBQUUsVUFBVTtnQkFDcEIsTUFBTSxFQUFFLG9CQUFvQjtnQkFDNUIsT0FBTyxFQUFFLGdEQUFnRDthQUMxRCxDQUFDLENBQUM7WUFDSCxNQUFNLElBQUksYUFBYSxDQUFDLGlDQUFpQyxFQUFFLFVBQVUsQ0FBQyxDQUFDO1FBQ3pFLENBQUM7UUFFRCw0QkFBNEI7UUFDNUIsSUFBSSxJQUFTLENBQUM7UUFDZCxJQUFJLENBQUM7WUFDSCxJQUFJLEdBQUcsSUFBSSxDQUFDLElBQUksQ0FBQyxXQUFXLEVBQUU7Z0JBQzVCLE1BQU0sRUFBRSxJQUFJLENBQUMsV0FBVztnQkFDeEIsSUFBSSxFQUFFLEtBQUssRUFBRyxrQ0FBa0M7Z0JBQ2hELFNBQVMsRUFBRSxDQUFDLE9BQU8sRUFBRSxFQUFFO29CQUNyQixlQUFlLENBQUMsZ0JBQWdCLENBQUM7d0JBQy9CLElBQUksRUFBRSxzQkFBc0I7d0JBQzVCLFFBQVEsRUFBRSxLQUFLO3dCQUNmLE1BQU0sRUFBRSxvQkFBb0I7d0JBQzVCLE9BQU8sRUFBRSxpQkFBaUIsT0FBTyxDQUFDLE9BQU8sRUFBRTtxQkFDNUMsQ0FBQyxDQUFDO2dCQUNMLENBQUM7YUFDRixDQUFDLENBQUM7UUFDTCxDQUFDO1FBQUMsT0FBTyxLQUFLLEVBQUUsQ0FBQztZQUNmLE1BQU0sSUFBSSxhQUFhLENBQUMsd0JBQXdCLEtBQUssWUFBWSxLQUFLLENBQUMsQ0FBQyxDQUFDLEtBQUssQ0FBQyxPQUFPLENBQUMsQ0FBQyxDQUFDLGVBQWUsRUFBRSxFQUFFLE1BQU0sQ0FBQyxDQUFDO1FBQ3RILENBQUM7UUFFRCw4QkFBOEI7UUFDOUIsSUFBSSxPQUFPLElBQUksS0FBSyxRQUFRLElBQUksSUFBSSxLQUFLLElBQUksSUFBSSxLQUFLLENBQUMsT0FBTyxDQUFDLElBQUksQ0FBQyxFQUFFLENBQUM7WUFDckUsTUFBTSxJQUFJLGFBQWEsQ0FBQywyQ0FBMkMsRUFBRSxRQUFRLENBQUMsQ0FBQztRQUNqRixDQUFDO1FBRUQsd0NBQXdDO1FBQ3hDLElBQUksSUFBSSxDQUFDLFdBQVcsRUFBRSxDQUFDO1lBQ3JCLE1BQU0sV0FBVyxHQUFHLE1BQU0sQ0FBQyxJQUFJLENBQUMsSUFBSSxDQUFDLENBQUMsTUFBTSxDQUFDLEdBQUcsQ0FBQyxFQUFFLENBQUMsQ0FBQyxJQUFJLENBQUMsV0FBWSxDQUFDLFFBQVEsQ0FBQyxHQUFHLENBQUMsQ0FBQyxDQUFDO1lBQ3RGLElBQUksV0FBVyxDQUFDLE1BQU0sR0FBRyxDQUFDLEVBQUUsQ0FBQztnQkFDM0IsTUFBTSxJQUFJLGFBQWEsQ0FBQywrQkFBK0IsV0FBVyxDQUFDLElBQUksQ0FBQyxJQUFJLENBQUMsRUFBRSxFQUFFLFFBQVEsQ0FBQyxDQUFDO1lBQzdGLENBQUM7UUFDSCxDQUFDO1FBRUQsc0NBQXNDO1FBQ3RDLEtBQUssTUFBTSxDQUFDLEdBQUcsRUFBRSxLQUFLLENBQUMsSUFBSSxNQUFNLENBQUMsT0FBTyxDQUFDLElBQUksQ0FBQyxFQUFFLENBQUM7WUFDaEQsa0NBQWtDO1lBQ2xDLElBQUksSUFBSSxDQUFDLGdCQUFnQixDQUFDLEdBQUcsQ0FBQyxJQUFJLENBQUMsSUFBSSxDQUFDLGdCQUFnQixDQUFDLEdBQUcsQ0FBQyxDQUFDLEtBQUssQ0FBQyxFQUFFLENBQUM7Z0JBQ3JFLE1BQU0sSUFBSSxhQUFhLENBQUMsNEJBQTRCLEdBQUcsR0FBRyxFQUFFLFFBQVEsQ0FBQyxDQUFDO1lBQ3hFLENBQUM7WUFFRCxnREFBZ0Q7WUFDaEQsSUFBSSxPQUFPLEtBQUssS0FBSyxRQUFRLElBQUksSUFBSSxDQUFDLGVBQWUsRUFBRSxDQUFDO2dCQUN0RCxNQUFNLFVBQVUsR0FBRyxnQkFBZ0IsQ0FBQyxtQkFBbUIsQ0FBQyxLQUFLLENBQUMsQ0FBQztnQkFDL0QsSUFBSSxDQUFDLFVBQVUsQ0FBQyxPQUFPLElBQUksVUFBVSxDQUFDLFFBQVEsS0FBSyxVQUFVLEVBQUUsQ0FBQztvQkFDOUQsTUFBTSxJQUFJLGFBQWEsQ0FBQyxzQ0FBc0MsR0FBRyxHQUFHLEVBQUUsVUFBVSxDQUFDLENBQUM7Z0JBQ3BGLENBQUM7Z0JBQ0QsaUNBQWlDO2dCQUNqQyxJQUFJLENBQUMsR0FBRyxDQUFDLEdBQUcsVUFBVSxDQUFDLGdCQUFnQixDQUFDO1lBQzFDLENBQUM7UUFDSCxDQUFDO1FBRUQsNENBQTRDO1FBQzVDLElBQUksWUFBWSxHQUFHLGVBQWUsQ0FBQztRQUNuQyxJQUFJLElBQUksQ0FBQyxlQUFlLEVBQUUsQ0FBQztZQUN6QixNQUFNLGlCQUFpQixHQUFHLGdCQUFnQixDQUFDLG1CQUFtQixDQUFDLGVBQWUsQ0FBQyxDQUFDO1lBQ2hGLElBQUksQ0FBQyxpQkFBaUIsQ0FBQyxPQUFPLElBQUksaUJBQWlCLENBQUMsUUFBUSxLQUFLLFVBQVUsRUFBRSxDQUFDO2dCQUM1RSxNQUFNLElBQUksYUFBYSxDQUFDLHFDQUFxQyxFQUFFLFVBQVUsQ0FBQyxDQUFDO1lBQzdFLENBQUM7WUFDRCxZQUFZLEdBQUcsaUJBQWlCLENBQUMsZ0JBQWdCLElBQUksZUFBZSxDQUFDO1FBQ3ZFLENBQUM7UUFFRCxlQUFlLENBQUMsZ0JBQWdCLENBQUM7WUFDL0IsSUFBSSxFQUFFLG9CQUFvQjtZQUMxQixRQUFRLEVBQUUsS0FBSztZQUNmLE1BQU0sRUFBRSxvQkFBb0I7WUFDNUIsT0FBTyxFQUFFLGlDQUFpQyxNQUFNLENBQUMsSUFBSSxDQUFDLElBQUksQ0FBQyxDQUFDLE1BQU0sU0FBUztTQUM1RSxDQUFDLENBQUM7UUFFSCxPQUFPO1lBQ0wsSUFBSTtZQUNKLE9BQU8sRUFBRSxZQUFZO1NBQ3RCLENBQUM7SUFDSixDQUFDO0lBRUQ7O09BRUc7SUFDSCxNQUFNLENBQUMsd0JBQXdCO1FBQzdCLE9BQU87WUFDTCxLQUFLLEVBQUUsQ0FBQyxLQUFhLEVBQUUsRUFBRTtnQkFDdkIsTUFBTSxNQUFNLEdBQUcsSUFBSSxDQUFDLEtBQUssQ0FBQyxLQUFLLENBQUMsQ0FBQztnQkFDakMsT0FBTztvQkFDTCxJQUFJLEVBQUUsTUFBTSxDQUFDLElBQUk7b0JBQ2pCLE9BQU8sRUFBRSxNQUFNLENBQUMsT0FBTztvQkFDdkIsT0FBTyxFQUFFLE1BQU0sQ0FBQyxPQUFPO29CQUN2QixJQUFJLEVBQUUsS0FBSztpQkFDWixDQUFDO1lBQ0osQ0FBQztZQUNELFNBQVMsRUFBRSxDQUFDLE9BQWUsRUFBRSxJQUFTLEVBQUUsRUFBRTtnQkFDeEMsb0NBQW9DO2dCQUNwQyxNQUFNLFVBQVUsR0FBRyxnQkFBZ0IsQ0FBQyxnQkFBZ0IsQ0FBQyxJQUFJLENBQUMsQ0FBQztnQkFDM0QsSUFBSSxDQUFDLFVBQVUsQ0FBQyxPQUFPLEVBQUUsQ0FBQztvQkFDeEIsTUFBTSxJQUFJLGFBQWEsQ0FBQyxnREFBZ0QsRUFBRSxNQUFNLENBQUMsQ0FBQztnQkFDcEYsQ0FBQztnQkFFRCxxQkFBcUI7Z0JBQ3JCLE1BQU0sT0FBTyxHQUFHLElBQUksQ0FBQyxJQUFJLENBQUMsSUFBSSxFQUFFO29CQUM5QixNQUFNLEVBQUUsSUFBSSxDQUFDLFdBQVc7b0JBQ3hCLFdBQVcsRUFBRSxJQUFJO29CQUNqQixNQUFNLEVBQUUsSUFBSTtvQkFDWixZQUFZLEVBQUUsSUFBSTtpQkFDbkIsQ0FBQyxDQUFDO2dCQUVILE9BQU8sUUFBUSxPQUFPLFFBQVEsT0FBTyxFQUFFLENBQUM7WUFDMUMsQ0FBQztTQUNGLENBQUM7SUFDSixDQUFDO0lBRUQ7O09BRUc7SUFDSCxNQUFNLENBQUMsVUFBVSxDQUFDLEtBQWEsRUFBRSxPQUE4QztRQUM3RSwrQkFBK0I7UUFDL0IsTUFBTSxZQUFZLEdBQUcsSUFBSSxDQUFDLEtBQUssQ0FBQyxLQUFLLENBQUMsQ0FBQztRQUV2QywyQ0FBMkM7UUFDM0MsT0FBTyxNQUFNLENBQUMsS0FBSyxFQUFFO1lBQ25CLEdBQUcsT0FBTztZQUNWLE9BQU8sRUFBRTtnQkFDUCxJQUFJLEVBQUU7b0JBQ0osS0FBSyxFQUFFLENBQUMsR0FBVyxFQUFFLEVBQUU7d0JBQ3JCLDhCQUE4Qjt3QkFDOUIsTUFBTSxNQUFNLEdBQUcsSUFBSSxDQUFDLElBQUksQ0FBQyxHQUFHLEVBQUU7NEJBQzVCLE1BQU0sRUFBRSxJQUFJLENBQUMsV0FBVzs0QkFDeEIsSUFBSSxFQUFFLEtBQUs7eUJBQ1osQ0FBQyxDQUFDO3dCQUNILHdCQUF3Qjt3QkFDeEIsSUFBSSxPQUFPLE1BQU0sS0FBSyxRQUFRLElBQUksTUFBTSxLQUFLLElBQUksRUFBRSxDQUFDOzRCQUNsRCxPQUFPLEVBQUUsQ0FBQzt3QkFDWixDQUFDO3dCQUNELE9BQU8sTUFBZ0IsQ0FBQztvQkFDMUIsQ0FBQztvQkFDRCxTQUFTLEVBQUUsQ0FBQyxHQUFRLEVBQUUsRUFBRTt3QkFDdEIsT0FBTyxJQUFJLENBQUMsSUFBSSxDQUFDLEdBQUcsRUFBRTs0QkFDcEIsTUFBTSxFQUFFLElBQUksQ0FBQyxXQUFXOzRCQUN4QixXQUFXLEVBQUUsSUFBSTs0QkFDakIsTUFBTSxFQUFFLElBQUk7eUJBQ2IsQ0FBQyxDQUFDO29CQUNMLENBQUM7aUJBQ0Y7YUFDRjtTQUNGLENBQUMsQ0FBQztJQUNMLENBQUMiLCJzb3VyY2VzQ29udGVudCI6WyIvKipcbiAqIFNlY3VyZSBZQU1MIFBhcnNlciBmb3IgRG9sbGhvdXNlTUNQXG4gKiBcbiAqIFByb3ZpZGVzIHNhZmUgWUFNTCBwYXJzaW5nIHRoYXQgcHJldmVudHMgZGVzZXJpYWxpemF0aW9uIGF0dGFja3NcbiAqIGJ5IHVzaW5nIGEgcmVzdHJpY3RlZCBzY2hlbWEgYW5kIHByZS12YWxpZGF0aW9uLlxuICogXG4gKiBTZWN1cml0eTogU0VDLTAwMyAtIFlBTUwgcGFyc2luZyB2dWxuZXJhYmlsaXR5IHByb3RlY3Rpb25cbiAqL1xuXG5pbXBvcnQgKiBhcyB5YW1sIGZyb20gJ2pzLXlhbWwnO1xuaW1wb3J0IG1hdHRlciBmcm9tICdncmF5LW1hdHRlcic7XG5pbXBvcnQgeyBTZWN1cml0eUVycm9yIH0gZnJvbSAnLi4vZXJyb3JzL1NlY3VyaXR5RXJyb3IuanMnO1xuaW1wb3J0IHsgQ29udGVudFZhbGlkYXRvciB9IGZyb20gJy4vY29udGVudFZhbGlkYXRvci5qcyc7XG5pbXBvcnQgeyBTZWN1cml0eU1vbml0b3IgfSBmcm9tICcuL3NlY3VyaXR5TW9uaXRvci5qcyc7XG5cbmV4cG9ydCBpbnRlcmZhY2UgU2VjdXJlUGFyc2VPcHRpb25zIHtcbiAgbWF4WWFtbFNpemU/OiBudW1iZXI7XG4gIG1heENvbnRlbnRTaXplPzogbnVtYmVyO1xuICBhbGxvd2VkS2V5cz86IHN0cmluZ1tdO1xuICB2YWxpZGF0ZUNvbnRlbnQ/OiBib29sZWFuO1xufVxuXG5leHBvcnQgaW50ZXJmYWNlIFBhcnNlZENvbnRlbnQge1xuICBkYXRhOiBSZWNvcmQ8c3RyaW5nLCBhbnk+O1xuICBjb250ZW50OiBzdHJpbmc7XG4gIGV4Y2VycHQ/OiBzdHJpbmc7XG59XG5cbmV4cG9ydCBjbGFzcyBTZWN1cmVZYW1sUGFyc2VyIHtcbiAgcHJpdmF0ZSBzdGF0aWMgcmVhZG9ubHkgREVGQVVMVF9PUFRJT05TOiBTZWN1cmVQYXJzZU9wdGlvbnMgPSB7XG4gICAgbWF4WWFtbFNpemU6IDY0ICogMTAyNCwgICAgICAvLyA2NEtCIGZvciBZQU1MXG4gICAgbWF4Q29udGVudFNpemU6IDEwMjQgKiAxMDI0LCAgLy8gMU1CIGZvciBjb250ZW50XG4gICAgdmFsaWRhdGVDb250ZW50OiB0cnVlXG4gIH07XG5cbiAgLy8gQWxsb3dlZCBZQU1MIHR5cGVzIC0gdXNpbmcgRkFJTFNBRkVfU0NIRU1BIGFzIGJhc2VcbiAgcHJpdmF0ZSBzdGF0aWMgcmVhZG9ubHkgU0FGRV9TQ0hFTUEgPSB5YW1sLkZBSUxTQUZFX1NDSEVNQTtcblxuICAvLyBBZGRpdGlvbmFsIHZhbGlkYXRpb24gZm9yIHNwZWNpZmljIHBlcnNvbmEgZmllbGRzXG4gIHByaXZhdGUgc3RhdGljIHJlYWRvbmx5IEZJRUxEX1ZBTElEQVRPUlM6IFJlY29yZDxzdHJpbmcsICh2YWx1ZTogYW55KSA9PiBib29sZWFuPiA9IHtcbiAgICBuYW1lOiAodikgPT4gdHlwZW9mIHYgPT09ICdzdHJpbmcnICYmIHYubGVuZ3RoIDw9IDEwMCxcbiAgICBkZXNjcmlwdGlvbjogKHYpID0+IHR5cGVvZiB2ID09PSAnc3RyaW5nJyAmJiB2Lmxlbmd0aCA8PSA1MDAsXG4gICAgYXV0aG9yOiAodikgPT4gdHlwZW9mIHYgPT09ICdzdHJpbmcnICYmIHYubGVuZ3RoIDw9IDEwMCxcbiAgICB2ZXJzaW9uOiAodikgPT4gdHlwZW9mIHYgPT09ICdzdHJpbmcnICYmIC9eXFxkK1xcLlxcZCsoXFwuXFxkKyk/KC1bYS16QS1aMC05Li1dKyk/JC8udGVzdCh2KSxcbiAgICBjYXRlZ29yeTogKHYpID0+IHR5cGVvZiB2ID09PSAnc3RyaW5nJyAmJiB2Lmxlbmd0aCA8PSA1MCxcbiAgICBhZ2VfcmF0aW5nOiAodikgPT4gWydhbGwnLCAnMTMrJywgJzE4KyddLmluY2x1ZGVzKHYpLFxuICAgIHByaWNlOiAodikgPT4gdHlwZW9mIHYgPT09ICdzdHJpbmcnICYmICh2ID09PSAnZnJlZScgfHwgL15cXCRcXGQrXFwuXFxkezJ9JC8udGVzdCh2KSksXG4gICAgYWlfZ2VuZXJhdGVkOiAodikgPT4gdHlwZW9mIHYgPT09ICdib29sZWFuJyB8fCB2ID09PSAndHJ1ZScgfHwgdiA9PT0gJ2ZhbHNlJyxcbiAgICBnZW5lcmF0aW9uX21ldGhvZDogKHYpID0+IFsnaHVtYW4nLCAnQ2hhdEdQVCcsICdDbGF1ZGUnLCAnaHlicmlkJ10uaW5jbHVkZXModiksXG4gICAgY3JlYXRlZF9kYXRlOiAodikgPT4gdHlwZW9mIHYgPT09ICdzdHJpbmcnICYmICFpc05hTihEYXRlLnBhcnNlKHYpKSxcbiAgICB0cmlnZ2VyczogKHYpID0+IEFycmF5LmlzQXJyYXkodikgJiYgdi5ldmVyeSh0ID0+IHR5cGVvZiB0ID09PSAnc3RyaW5nJyAmJiB0Lmxlbmd0aCA8PSA1MCksXG4gICAgY29udGVudF9mbGFnczogKHYpID0+IEFycmF5LmlzQXJyYXkodikgJiYgdi5ldmVyeShmID0+IHR5cGVvZiBmID09PSAnc3RyaW5nJyAmJiBmLmxlbmd0aCA8PSA1MClcbiAgfTtcblxuICAvKipcbiAgICogU2VjdXJlbHkgcGFyc2UgY29udGVudCB3aXRoIFlBTUwgZnJvbnRtYXR0ZXJcbiAgICovXG4gIHN0YXRpYyBwYXJzZShpbnB1dDogc3RyaW5nLCBvcHRpb25zOiBTZWN1cmVQYXJzZU9wdGlvbnMgPSB7fSk6IFBhcnNlZENvbnRlbnQge1xuICAgIGNvbnN0IG9wdHMgPSB7IC4uLnRoaXMuREVGQVVMVF9PUFRJT05TLCAuLi5vcHRpb25zIH07XG5cbiAgICAvLyAxLiBTaXplIHZhbGlkYXRpb25cbiAgICBpZiAoaW5wdXQubGVuZ3RoID4gKG9wdHMubWF4Q29udGVudFNpemUgfHwgdGhpcy5ERUZBVUxUX09QVElPTlMubWF4Q29udGVudFNpemUhKSkge1xuICAgICAgdGhyb3cgbmV3IFNlY3VyaXR5RXJyb3IoJ0NvbnRlbnQgZXhjZWVkcyBtYXhpbXVtIGFsbG93ZWQgc2l6ZScsICdtZWRpdW0nKTtcbiAgICB9XG5cbiAgICAvLyAyLiBFeHRyYWN0IGZyb250bWF0dGVyIGJvdW5kYXJpZXNcbiAgICBjb25zdCBmcm9udG1hdHRlck1hdGNoID0gaW5wdXQubWF0Y2goL14tLS1cXG4oW1xcc1xcU10qPylcXG4tLS0vKTtcbiAgICBpZiAoIWZyb250bWF0dGVyTWF0Y2gpIHtcbiAgICAgIC8vIE5vIGZyb250bWF0dGVyLCByZXR1cm4gZW1wdHkgZGF0YVxuICAgICAgcmV0dXJuIHtcbiAgICAgICAgZGF0YToge30sXG4gICAgICAgIGNvbnRlbnQ6IGlucHV0XG4gICAgICB9O1xuICAgIH1cblxuICAgIGNvbnN0IHlhbWxDb250ZW50ID0gZnJvbnRtYXR0ZXJNYXRjaFsxXTtcbiAgICBjb25zdCBtYXJrZG93bkNvbnRlbnQgPSBpbnB1dC5zdWJzdHJpbmcoZnJvbnRtYXR0ZXJNYXRjaFswXS5sZW5ndGgpO1xuXG4gICAgLy8gMy4gVmFsaWRhdGUgWUFNTCBzaXplXG4gICAgaWYgKHlhbWxDb250ZW50Lmxlbmd0aCA+IChvcHRzLm1heFlhbWxTaXplIHx8IHRoaXMuREVGQVVMVF9PUFRJT05TLm1heFlhbWxTaXplISkpIHtcbiAgICAgIHRocm93IG5ldyBTZWN1cml0eUVycm9yKCdZQU1MIGZyb250bWF0dGVyIGV4Y2VlZHMgbWF4aW11bSBhbGxvd2VkIHNpemUnLCAnbWVkaXVtJyk7XG4gICAgfVxuXG4gICAgLy8gNC4gUHJlLXBhcnNlIHNlY3VyaXR5IHZhbGlkYXRpb25cbiAgICBpZiAoIUNvbnRlbnRWYWxpZGF0b3IudmFsaWRhdGVZYW1sQ29udGVudCh5YW1sQ29udGVudCkpIHtcbiAgICAgIFNlY3VyaXR5TW9uaXRvci5sb2dTZWN1cml0eUV2ZW50KHtcbiAgICAgICAgdHlwZTogJ1lBTUxfSU5KRUNUSU9OX0FUVEVNUFQnLFxuICAgICAgICBzZXZlcml0eTogJ0NSSVRJQ0FMJyxcbiAgICAgICAgc291cmNlOiAnc2VjdXJlX3lhbWxfcGFyc2VyJyxcbiAgICAgICAgZGV0YWlsczogJ01hbGljaW91cyBZQU1MIHBhdHRlcm4gZGV0ZWN0ZWQgZHVyaW5nIHBhcnNpbmcnXG4gICAgICB9KTtcbiAgICAgIHRocm93IG5ldyBTZWN1cml0eUVycm9yKCdNYWxpY2lvdXMgWUFNTCBjb250ZW50IGRldGVjdGVkJywgJ2NyaXRpY2FsJyk7XG4gICAgfVxuXG4gICAgLy8gNS4gUGFyc2Ugd2l0aCBzYWZlIHNjaGVtYVxuICAgIGxldCBkYXRhOiBhbnk7XG4gICAgdHJ5IHtcbiAgICAgIGRhdGEgPSB5YW1sLmxvYWQoeWFtbENvbnRlbnQsIHtcbiAgICAgICAgc2NoZW1hOiB0aGlzLlNBRkVfU0NIRU1BLFxuICAgICAgICBqc29uOiBmYWxzZSwgIC8vIERvbid0IGFsbG93IEpTT04tc3BlY2lmaWMgdHlwZXNcbiAgICAgICAgb25XYXJuaW5nOiAod2FybmluZykgPT4ge1xuICAgICAgICAgIFNlY3VyaXR5TW9uaXRvci5sb2dTZWN1cml0eUV2ZW50KHtcbiAgICAgICAgICAgIHR5cGU6ICdZQU1MX1BBUlNJTkdfV0FSTklORycsXG4gICAgICAgICAgICBzZXZlcml0eTogJ0xPVycsXG4gICAgICAgICAgICBzb3VyY2U6ICdzZWN1cmVfeWFtbF9wYXJzZXInLFxuICAgICAgICAgICAgZGV0YWlsczogYFlBTUwgd2FybmluZzogJHt3YXJuaW5nLm1lc3NhZ2V9YFxuICAgICAgICAgIH0pO1xuICAgICAgICB9XG4gICAgICB9KTtcbiAgICB9IGNhdGNoIChlcnJvcikge1xuICAgICAgdGhyb3cgbmV3IFNlY3VyaXR5RXJyb3IoYFlBTUwgcGFyc2luZyBmYWlsZWQ6ICR7ZXJyb3IgaW5zdGFuY2VvZiBFcnJvciA/IGVycm9yLm1lc3NhZ2UgOiAnVW5rbm93biBlcnJvcid9YCwgJ2hpZ2gnKTtcbiAgICB9XG5cbiAgICAvLyA2LiBFbnN1cmUgZGF0YSBpcyBhbiBvYmplY3RcbiAgICBpZiAodHlwZW9mIGRhdGEgIT09ICdvYmplY3QnIHx8IGRhdGEgPT09IG51bGwgfHwgQXJyYXkuaXNBcnJheShkYXRhKSkge1xuICAgICAgdGhyb3cgbmV3IFNlY3VyaXR5RXJyb3IoJ1lBTUwgbXVzdCBjb250YWluIGFuIG9iamVjdCBhdCByb290IGxldmVsJywgJ21lZGl1bScpO1xuICAgIH1cblxuICAgIC8vIDcuIFZhbGlkYXRlIGFsbG93ZWQga2V5cyBpZiBzcGVjaWZpZWRcbiAgICBpZiAob3B0cy5hbGxvd2VkS2V5cykge1xuICAgICAgY29uc3QgaW52YWxpZEtleXMgPSBPYmplY3Qua2V5cyhkYXRhKS5maWx0ZXIoa2V5ID0+ICFvcHRzLmFsbG93ZWRLZXlzIS5pbmNsdWRlcyhrZXkpKTtcbiAgICAgIGlmIChpbnZhbGlkS2V5cy5sZW5ndGggPiAwKSB7XG4gICAgICAgIHRocm93IG5ldyBTZWN1cml0eUVycm9yKGBJbnZhbGlkIFlBTUwga2V5cyBkZXRlY3RlZDogJHtpbnZhbGlkS2V5cy5qb2luKCcsICcpfWAsICdtZWRpdW0nKTtcbiAgICAgIH1cbiAgICB9XG5cbiAgICAvLyA4LiBWYWxpZGF0ZSBmaWVsZCB0eXBlcyBhbmQgY29udGVudFxuICAgIGZvciAoY29uc3QgW2tleSwgdmFsdWVdIG9mIE9iamVjdC5lbnRyaWVzKGRhdGEpKSB7XG4gICAgICAvLyBDaGVjayBmaWVsZC1zcGVjaWZpYyB2YWxpZGF0b3JzXG4gICAgICBpZiAodGhpcy5GSUVMRF9WQUxJREFUT1JTW2tleV0gJiYgIXRoaXMuRklFTERfVkFMSURBVE9SU1trZXldKHZhbHVlKSkge1xuICAgICAgICB0aHJvdyBuZXcgU2VjdXJpdHlFcnJvcihgSW52YWxpZCB2YWx1ZSBmb3IgZmllbGQgJyR7a2V5fSdgLCAnbWVkaXVtJyk7XG4gICAgICB9XG5cbiAgICAgIC8vIFZhbGlkYXRlIHN0cmluZyBmaWVsZHMgZm9yIGluamVjdGlvbiBwYXR0ZXJuc1xuICAgICAgaWYgKHR5cGVvZiB2YWx1ZSA9PT0gJ3N0cmluZycgJiYgb3B0cy52YWxpZGF0ZUNvbnRlbnQpIHtcbiAgICAgICAgY29uc3QgdmFsaWRhdGlvbiA9IENvbnRlbnRWYWxpZGF0b3IudmFsaWRhdGVBbmRTYW5pdGl6ZSh2YWx1ZSk7XG4gICAgICAgIGlmICghdmFsaWRhdGlvbi5pc1ZhbGlkICYmIHZhbGlkYXRpb24uc2V2ZXJpdHkgPT09ICdjcml0aWNhbCcpIHtcbiAgICAgICAgICB0aHJvdyBuZXcgU2VjdXJpdHlFcnJvcihgU2VjdXJpdHkgdGhyZWF0IGRldGVjdGVkIGluIGZpZWxkICcke2tleX0nYCwgJ2NyaXRpY2FsJyk7XG4gICAgICAgIH1cbiAgICAgICAgLy8gUmVwbGFjZSB3aXRoIHNhbml0aXplZCBjb250ZW50XG4gICAgICAgIGRhdGFba2V5XSA9IHZhbGlkYXRpb24uc2FuaXRpemVkQ29udGVudDtcbiAgICAgIH1cbiAgICB9XG5cbiAgICAvLyA5LiBWYWxpZGF0ZSBtYXJrZG93biBjb250ZW50IGlmIHJlcXVlc3RlZFxuICAgIGxldCBmaW5hbENvbnRlbnQgPSBtYXJrZG93bkNvbnRlbnQ7XG4gICAgaWYgKG9wdHMudmFsaWRhdGVDb250ZW50KSB7XG4gICAgICBjb25zdCBjb250ZW50VmFsaWRhdGlvbiA9IENvbnRlbnRWYWxpZGF0b3IudmFsaWRhdGVBbmRTYW5pdGl6ZShtYXJrZG93bkNvbnRlbnQpO1xuICAgICAgaWYgKCFjb250ZW50VmFsaWRhdGlvbi5pc1ZhbGlkICYmIGNvbnRlbnRWYWxpZGF0aW9uLnNldmVyaXR5ID09PSAnY3JpdGljYWwnKSB7XG4gICAgICAgIHRocm93IG5ldyBTZWN1cml0eUVycm9yKCdTZWN1cml0eSB0aHJlYXQgZGV0ZWN0ZWQgaW4gY29udGVudCcsICdjcml0aWNhbCcpO1xuICAgICAgfVxuICAgICAgZmluYWxDb250ZW50ID0gY29udGVudFZhbGlkYXRpb24uc2FuaXRpemVkQ29udGVudCB8fCBtYXJrZG93bkNvbnRlbnQ7XG4gICAgfVxuXG4gICAgU2VjdXJpdHlNb25pdG9yLmxvZ1NlY3VyaXR5RXZlbnQoe1xuICAgICAgdHlwZTogJ1lBTUxfUEFSU0VfU1VDQ0VTUycsXG4gICAgICBzZXZlcml0eTogJ0xPVycsXG4gICAgICBzb3VyY2U6ICdzZWN1cmVfeWFtbF9wYXJzZXInLFxuICAgICAgZGV0YWlsczogYFN1Y2Nlc3NmdWxseSBwYXJzZWQgWUFNTCB3aXRoICR7T2JqZWN0LmtleXMoZGF0YSkubGVuZ3RofSBmaWVsZHNgXG4gICAgfSk7XG5cbiAgICByZXR1cm4ge1xuICAgICAgZGF0YSxcbiAgICAgIGNvbnRlbnQ6IGZpbmFsQ29udGVudFxuICAgIH07XG4gIH1cblxuICAvKipcbiAgICogQ3JlYXRlIGEgc2VjdXJlIGdyYXktbWF0dGVyIGNvbXBhdGlibGUgcGFyc2VyXG4gICAqL1xuICBzdGF0aWMgY3JlYXRlU2VjdXJlTWF0dGVyUGFyc2VyKCkge1xuICAgIHJldHVybiB7XG4gICAgICBwYXJzZTogKGlucHV0OiBzdHJpbmcpID0+IHtcbiAgICAgICAgY29uc3QgcmVzdWx0ID0gdGhpcy5wYXJzZShpbnB1dCk7XG4gICAgICAgIHJldHVybiB7XG4gICAgICAgICAgZGF0YTogcmVzdWx0LmRhdGEsXG4gICAgICAgICAgY29udGVudDogcmVzdWx0LmNvbnRlbnQsXG4gICAgICAgICAgZXhjZXJwdDogcmVzdWx0LmV4Y2VycHQsXG4gICAgICAgICAgb3JpZzogaW5wdXRcbiAgICAgICAgfTtcbiAgICAgIH0sXG4gICAgICBzdHJpbmdpZnk6IChjb250ZW50OiBzdHJpbmcsIGRhdGE6IGFueSkgPT4ge1xuICAgICAgICAvLyBWYWxpZGF0ZSBkYXRhIGJlZm9yZSBzdHJpbmdpZnlpbmdcbiAgICAgICAgY29uc3QgdmFsaWRhdGlvbiA9IENvbnRlbnRWYWxpZGF0b3IudmFsaWRhdGVNZXRhZGF0YShkYXRhKTtcbiAgICAgICAgaWYgKCF2YWxpZGF0aW9uLmlzVmFsaWQpIHtcbiAgICAgICAgICB0aHJvdyBuZXcgU2VjdXJpdHlFcnJvcignQ2Fubm90IHN0cmluZ2lmeSBjb250ZW50IHdpdGggc2VjdXJpdHkgdGhyZWF0cycsICdoaWdoJyk7XG4gICAgICAgIH1cblxuICAgICAgICAvLyBVc2Ugc2FmZSBZQU1MIGR1bXBcbiAgICAgICAgY29uc3QgeWFtbFN0ciA9IHlhbWwuZHVtcChkYXRhLCB7XG4gICAgICAgICAgc2NoZW1hOiB0aGlzLlNBRkVfU0NIRU1BLFxuICAgICAgICAgIHNraXBJbnZhbGlkOiB0cnVlLFxuICAgICAgICAgIG5vUmVmczogdHJ1ZSxcbiAgICAgICAgICBub0NvbXBhdE1vZGU6IHRydWVcbiAgICAgICAgfSk7XG5cbiAgICAgICAgcmV0dXJuIGAtLS1cXG4ke3lhbWxTdHJ9LS0tXFxuJHtjb250ZW50fWA7XG4gICAgICB9XG4gICAgfTtcbiAgfVxuXG4gIC8qKlxuICAgKiBTYWZlIHdyYXBwZXIgZm9yIGdyYXktbWF0dGVyIHdpdGggc2VjdXJpdHkgdmFsaWRhdGlvbnNcbiAgICovXG4gIHN0YXRpYyBzYWZlTWF0dGVyKGlucHV0OiBzdHJpbmcsIG9wdGlvbnM/OiBtYXR0ZXIuR3JheU1hdHRlck9wdGlvbjxzdHJpbmcsIGFueT4pOiBtYXR0ZXIuR3JheU1hdHRlckZpbGU8c3RyaW5nPiB7XG4gICAgLy8gRmlyc3QsIHVzZSBvdXIgc2VjdXJlIHBhcnNlclxuICAgIGNvbnN0IHNlY3VyZVBhcnNlZCA9IHRoaXMucGFyc2UoaW5wdXQpO1xuXG4gICAgLy8gVGhlbiB1c2UgZ3JheS1tYXR0ZXIgd2l0aCBjdXN0b20gZW5naW5lc1xuICAgIHJldHVybiBtYXR0ZXIoaW5wdXQsIHtcbiAgICAgIC4uLm9wdGlvbnMsXG4gICAgICBlbmdpbmVzOiB7XG4gICAgICAgIHlhbWw6IHtcbiAgICAgICAgICBwYXJzZTogKHN0cjogc3RyaW5nKSA9PiB7XG4gICAgICAgICAgICAvLyBVc2Ugb3VyIHNlY3VyZSBZQU1MIHBhcnNpbmdcbiAgICAgICAgICAgIGNvbnN0IHBhcnNlZCA9IHlhbWwubG9hZChzdHIsIHtcbiAgICAgICAgICAgICAgc2NoZW1hOiB0aGlzLlNBRkVfU0NIRU1BLFxuICAgICAgICAgICAgICBqc29uOiBmYWxzZVxuICAgICAgICAgICAgfSk7XG4gICAgICAgICAgICAvLyBFbnN1cmUgaXQncyBhbiBvYmplY3RcbiAgICAgICAgICAgIGlmICh0eXBlb2YgcGFyc2VkICE9PSAnb2JqZWN0JyB8fCBwYXJzZWQgPT09IG51bGwpIHtcbiAgICAgICAgICAgICAgcmV0dXJuIHt9O1xuICAgICAgICAgICAgfVxuICAgICAgICAgICAgcmV0dXJuIHBhcnNlZCBhcyBvYmplY3Q7XG4gICAgICAgICAgfSxcbiAgICAgICAgICBzdHJpbmdpZnk6IChvYmo6IGFueSkgPT4ge1xuICAgICAgICAgICAgcmV0dXJuIHlhbWwuZHVtcChvYmosIHtcbiAgICAgICAgICAgICAgc2NoZW1hOiB0aGlzLlNBRkVfU0NIRU1BLFxuICAgICAgICAgICAgICBza2lwSW52YWxpZDogdHJ1ZSxcbiAgICAgICAgICAgICAgbm9SZWZzOiB0cnVlXG4gICAgICAgICAgICB9KTtcbiAgICAgICAgICB9XG4gICAgICAgIH1cbiAgICAgIH1cbiAgICB9KTtcbiAgfVxufSJdfQ==

package/dist/security/securityMonitor.d.ts

@@ -0,0 +1,58 @@
+/**
+ * Security Monitor for DollhouseMCP
+ *
+ * Centralized security event logging and monitoring system
+ * for tracking and alerting on security-related events.
+ */
+export interface SecurityEvent {
+    type: 'CONTENT_INJECTION_ATTEMPT' | 'YAML_INJECTION_ATTEMPT' | 'PATH_TRAVERSAL_ATTEMPT' | 'TOKEN_VALIDATION_FAILURE' | 'UPDATE_SECURITY_VIOLATION' | 'RATE_LIMIT_EXCEEDED' | 'YAML_PARSING_WARNING' | 'YAML_PARSE_SUCCESS' | 'TOKEN_VALIDATION_SUCCESS' | 'RATE_LIMIT_WARNING' | 'TOKEN_CACHE_CLEARED' | 'YAML_UNICODE_ATTACK' | 'UNICODE_DIRECTION_OVERRIDE' | 'UNICODE_MIXED_SCRIPT' | 'UNICODE_VALIDATION_ERROR' | 'CONTENT_SIZE_EXCEEDED' | 'INCLUDE_DEPTH_EXCEEDED' | 'TEMPLATE_RENDERED' | 'TEMPLATE_INCLUDE' | 'TEMPLATE_LOADED' | 'TEMPLATE_SAVED' | 'TEMPLATE_DELETED' | 'MEMORY_CREATED' | 'MEMORY_ADDED' | 'MEMORY_SEARCHED' | 'SENSITIVE_MEMORY_DELETED' | 'RETENTION_POLICY_ENFORCED' | 'MEMORY_CLEARED' | 'MEMORY_LOADED' | 'MEMORY_SAVED' | 'MEMORY_DELETED' | 'MEMORY_LOAD_FAILED' | 'MEMORY_SAVE_FAILED' | 'MEMORY_LIST_ITEM_FAILED' | 'MEMORY_IMPORT_FAILED' | 'MEMORY_DESERIALIZE_FAILED' | 'ELEMENT_CREATED' | 'ELEMENT_DELETED' | 'AGENT_DECISION' | 'RULE_ENGINE_CONFIG_UPDATE' | 'RULE_ENGINE_CONFIG_VALIDATION_ERROR' | 'GOAL_TEMPLATE_APPLIED' | 'GOAL_TEMPLATE_VALIDATION' | 'ENSEMBLE_CIRCULAR_DEPENDENCY' | 'ENSEMBLE_RESOURCE_LIMIT_EXCEEDED' | 'ENSEMBLE_ACTIVATION_TIMEOUT' | 'ENSEMBLE_SUSPICIOUS_CONDITION' | 'ENSEMBLE_NESTED_DEPTH_EXCEEDED' | 'ENSEMBLE_CONTEXT_SIZE_EXCEEDED' | 'ENSEMBLE_SAVED' | 'ENSEMBLE_IMPORTED' | 'ENSEMBLE_DELETED';
+    severity: 'LOW' | 'MEDIUM' | 'HIGH' | 'CRITICAL';
+    source: string;
+    details: string;
+    userAgent?: string;
+    ip?: string;
+    additionalData?: Record<string, any>;
+}
+export interface SecurityLogEntry extends SecurityEvent {
+    timestamp: string;
+    id: string;
+}
+export declare class SecurityMonitor {
+    private static eventCount;
+    private static readonly events;
+    private static readonly MAX_EVENTS;
+    /**
+     * Logs a security event
+     */
+    static logSecurityEvent(event: SecurityEvent): void;
+    /**
+     * Sends security alerts for critical events
+     */
+    private static sendSecurityAlert;
+    /**
+     * Gets recent security events for analysis
+     */
+    static getRecentEvents(count?: number): SecurityLogEntry[];
+    /**
+     * Gets events by severity
+     */
+    static getEventsBySeverity(severity: SecurityEvent['severity']): SecurityLogEntry[];
+    /**
+     * Gets events by type
+     */
+    static getEventsByType(type: SecurityEvent['type']): SecurityLogEntry[];
+    /**
+     * Generates a security report
+     */
+    static generateSecurityReport(): {
+        totalEvents: number;
+        eventsBySeverity: Record<string, number>;
+        eventsByType: Record<string, number>;
+        recentCriticalEvents: SecurityLogEntry[];
+    };
+    /**
+     * Clears old events (for memory management)
+     */
+    static clearOldEvents(daysToKeep?: number): void;
+}
+//# sourceMappingURL=securityMonitor.d.ts.map

package/dist/security/securityMonitor.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"securityMonitor.d.ts","sourceRoot":"","sources":["../../src/security/securityMonitor.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAIH,MAAM,WAAW,aAAa;IAC5B,IAAI,EAAE,2BAA2B,GAAG,wBAAwB,GAAG,wBAAwB,GACjF,0BAA0B,GAAG,2BAA2B,GAAG,qBAAqB,GAChF,sBAAsB,GAAG,oBAAoB,GAAG,0BAA0B,GAC1E,oBAAoB,GAAG,qBAAqB,GAAG,qBAAqB,GACpE,4BAA4B,GAAG,sBAAsB,GAAG,0BAA0B,GAClF,uBAAuB,GAAG,wBAAwB,GAAG,mBAAmB,GACxE,kBAAkB,GAAG,iBAAiB,GAAG,gBAAgB,GAAG,kBAAkB,GAC9E,gBAAgB,GAAG,cAAc,GAAG,iBAAiB,GAAG,0BAA0B,GAClF,2BAA2B,GAAG,gBAAgB,GAAG,eAAe,GAAG,cAAc,GACjF,gBAAgB,GAAG,oBAAoB,GAAG,oBAAoB,GAAG,yBAAyB,GAC1F,sBAAsB,GAAG,2BAA2B,GAAG,iBAAiB,GAAG,iBAAiB,GAC5F,gBAAgB,GAAG,2BAA2B,GAAG,qCAAqC,GACtF,uBAAuB,GAAG,0BAA0B,GACpD,8BAA8B,GAAG,kCAAkC,GACnE,6BAA6B,GAAG,+BAA+B,GAC/D,gCAAgC,GAAG,gCAAgC,GACnE,gBAAgB,GAAG,mBAAmB,GAAG,kBAAkB,CAAC;IAClE,QAAQ,EAAE,KAAK,GAAG,QAAQ,GAAG,MAAM,GAAG,UAAU,CAAC;IACjD,MAAM,EAAE,MAAM,CAAC;IACf,OAAO,EAAE,MAAM,CAAC;IAChB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,EAAE,CAAC,EAAE,MAAM,CAAC;IACZ,cAAc,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;CACtC;AAED,MAAM,WAAW,gBAAiB,SAAQ,aAAa;IACrD,SAAS,EAAE,MAAM,CAAC;IAClB,EAAE,EAAE,MAAM,CAAC;CACZ;AAED,qBAAa,eAAe;IAC1B,OAAO,CAAC,MAAM,CAAC,UAAU,CAAK;IAC9B,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,MAAM,CAA0B;IACxD,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,UAAU,CAAQ;IAE1C;;OAEG;IACH,MAAM,CAAC,gBAAgB,CAAC,KAAK,EAAE,aAAa,GAAG,IAAI;IAsBnD;;OAEG;IACH,OAAO,CAAC,MAAM,CAAC,iBAAiB;IAsBhC;;OAEG;IACH,MAAM,CAAC,eAAe,CAAC,KAAK,GAAE,MAAY,GAAG,gBAAgB,EAAE;IAI/D;;OAEG;IACH,MAAM,CAAC,mBAAmB,CAAC,QAAQ,EAAE,aAAa,CAAC,UAAU,CAAC,GAAG,gBAAgB,EAAE;IAInF;;OAEG;IACH,MAAM,CAAC,eAAe,CAAC,IAAI,EAAE,aAAa,CAAC,MAAM,CAAC,GAAG,gBAAgB,EAAE;IAIvE;;OAEG;IACH,MAAM,CAAC,sBAAsB,IAAI;QAC/B,WAAW,EAAE,MAAM,CAAC;QACpB,gBAAgB,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QACzC,YAAY,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QACrC,oBAAoB,EAAE,gBAAgB,EAAE,CAAC;KAC1C;IAuBD;;OAEG;IACH,MAAM,CAAC,cAAc,CAAC,UAAU,GAAE,MAAU,GAAG,IAAI;CAUpD"}