@dollhousemcp/mcp-server 1.3.0

package/dist/src/security/contentValidator.d.ts

@@ -0,0 +1,47 @@
+/**
+ * Content Validator for DollhouseMCP
+ *
+ * Protects against prompt injection attacks in marketplace personas
+ * by detecting and sanitizing malicious content patterns.
+ *
+ * Security: SEC-001 - Critical vulnerability protection
+ */
+export interface ValidationResult {
+    isValid: boolean;
+    sanitizedContent?: string;
+    detectedPatterns?: string[];
+    severity?: 'low' | 'medium' | 'high' | 'critical';
+}
+export declare class ContentValidator {
+    /**
+     * Pattern-based detection system for prompt injection attacks.
+     *
+     * This approach was chosen over AI-based detection because:
+     * 1. Pattern matching cannot be socially engineered or confused
+     * 2. Deterministic results ensure consistent security
+     * 3. No additional API calls or latency
+     * 4. Can't be bypassed by clever prompt engineering
+     *
+     * The patterns below represent known attack vectors from security research
+     * and real-world exploit attempts against AI systems.
+     */
+    private static readonly INJECTION_PATTERNS;
+    private static readonly MALICIOUS_YAML_PATTERNS;
+    /**
+     * Validates and sanitizes persona content for security threats
+     */
+    static validateAndSanitize(content: string): ValidationResult;
+    /**
+     * Validates YAML frontmatter for malicious content
+     */
+    static validateYamlContent(yamlContent: string): boolean;
+    /**
+     * Validates persona metadata fields
+     */
+    static validateMetadata(metadata: any): ValidationResult;
+    /**
+     * Sanitizes a complete persona file (frontmatter + content)
+     */
+    static sanitizePersonaContent(content: string): string;
+}
+//# sourceMappingURL=contentValidator.d.ts.map

package/dist/src/security/contentValidator.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"contentValidator.d.ts","sourceRoot":"","sources":["../../../src/security/contentValidator.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAKH,MAAM,WAAW,gBAAgB;IAC/B,OAAO,EAAE,OAAO,CAAC;IACjB,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,gBAAgB,CAAC,EAAE,MAAM,EAAE,CAAC;IAC5B,QAAQ,CAAC,EAAE,KAAK,GAAG,QAAQ,GAAG,MAAM,GAAG,UAAU,CAAC;CACnD;AAED,qBAAa,gBAAgB;IAC3B;;;;;;;;;;;OAWG;IAEH,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,kBAAkB,CAwCxC;IAGF,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,uBAAuB,CAc7C;IAEF;;OAEG;IACH,MAAM,CAAC,mBAAmB,CAAC,OAAO,EAAE,MAAM,GAAG,gBAAgB;IAoC7D;;OAEG;IACH,MAAM,CAAC,mBAAmB,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO;IAgBxD;;OAEG;IACH,MAAM,CAAC,gBAAgB,CAAC,QAAQ,EAAE,GAAG,GAAG,gBAAgB;IAiCxD;;OAEG;IACH,MAAM,CAAC,sBAAsB,CAAC,OAAO,EAAE,MAAM,GAAG,MAAM;CA8BvD"}

package/dist/src/security/contentValidator.js

@@ -0,0 +1,188 @@
+/**
+ * Content Validator for DollhouseMCP
+ *
+ * Protects against prompt injection attacks in marketplace personas
+ * by detecting and sanitizing malicious content patterns.
+ *
+ * Security: SEC-001 - Critical vulnerability protection
+ */
+import { SecurityError } from '../errors/SecurityError.js';
+import { SecurityMonitor } from './securityMonitor.js';
+export class ContentValidator {
+    /**
+     * Pattern-based detection system for prompt injection attacks.
+     *
+     * This approach was chosen over AI-based detection because:
+     * 1. Pattern matching cannot be socially engineered or confused
+     * 2. Deterministic results ensure consistent security
+     * 3. No additional API calls or latency
+     * 4. Can't be bypassed by clever prompt engineering
+     *
+     * The patterns below represent known attack vectors from security research
+     * and real-world exploit attempts against AI systems.
+     */
+    // Prompt injection patterns that could compromise AI assistants
+    static INJECTION_PATTERNS = [
+        // System prompt override attempts
+        { pattern: /\[SYSTEM:\s*.*?\]/gi, severity: 'critical', description: 'System prompt override' },
+        { pattern: /\[ADMIN:\s*.*?\]/gi, severity: 'critical', description: 'Admin prompt override' },
+        { pattern: /\[ASSISTANT:\s*.*?\]/gi, severity: 'critical', description: 'Assistant prompt override' },
+        { pattern: /\[USER:\s*.*?\]/gi, severity: 'high', description: 'User prompt override' },
+        // Instruction manipulation
+        { pattern: /ignore\s+(all\s+)?previous\s+instructions/gi, severity: 'critical', description: 'Instruction override' },
+        { pattern: /ignore\s+(all\s+)?prior\s+instructions/gi, severity: 'critical', description: 'Instruction override' },
+        { pattern: /disregard\s+(all\s+)?previous\s+instructions/gi, severity: 'critical', description: 'Instruction override' },
+        { pattern: /forget\s+(all\s+)?previous\s+instructions/gi, severity: 'critical', description: 'Instruction override' },
+        { pattern: /you\s+are\s+now\s+(admin|root|system|sudo)/gi, severity: 'critical', description: 'Role elevation attempt' },
+        { pattern: /act\s+as\s+(admin|root|system|sudo)/gi, severity: 'critical', description: 'Role elevation attempt' },
+        // Data exfiltration attempts
+        { pattern: /export\s+all\s+(files|data|personas|tokens|credentials)/gi, severity: 'critical', description: 'Data exfiltration' },
+        { pattern: /send\s+all\s+(files|data|personas|tokens|credentials)\s+to/gi, severity: 'critical', description: 'Data exfiltration' },
+        { pattern: /list\s+all\s+(files|tokens|credentials|secrets)/gi, severity: 'high', description: 'Information disclosure' },
+        { pattern: /show\s+me\s+all\s+(tokens|credentials|secrets|api\s+keys)/gi, severity: 'high', description: 'Credential disclosure' },
+        // Command execution patterns
+        { pattern: /curl\s+[^\s]+\.(com|net|org|io|dev)/gi, severity: 'critical', description: 'External command execution' },
+        { pattern: /wget\s+[^\s]+\.(com|net|org|io|dev)/gi, severity: 'critical', description: 'External command execution' },
+        { pattern: /\$\([^)]+\)/g, severity: 'critical', description: 'Command substitution' },
+        { pattern: /`[^`]+`/g, severity: 'critical', description: 'Backtick command execution' },
+        { pattern: /eval\s*\(/gi, severity: 'critical', description: 'Code evaluation' },
+        { pattern: /exec\s*\(/gi, severity: 'critical', description: 'Code execution' },
+        { pattern: /os\.system\s*\(/gi, severity: 'critical', description: 'System command execution' },
+        { pattern: /subprocess\.(call|run|Popen)/gi, severity: 'critical', description: 'Subprocess execution' },
+        // Token/credential patterns
+        { pattern: /GITHUB_TOKEN/gi, severity: 'high', description: 'Token reference' },
+        { pattern: /ghp_[a-zA-Z0-9]{36}/g, severity: 'critical', description: 'GitHub token exposure' },
+        { pattern: /gho_[a-zA-Z0-9]{36}/g, severity: 'critical', description: 'GitHub OAuth token exposure' },
+        // Path traversal in content
+        { pattern: /\.\.\/\.\.\/\.\.\//g, severity: 'high', description: 'Path traversal attempt' },
+        { pattern: /\/etc\/passwd/gi, severity: 'high', description: 'Sensitive file access' },
+        { pattern: /\/\.ssh\//gi, severity: 'high', description: 'SSH key access attempt' },
+    ];
+    // Malicious YAML patterns
+    static MALICIOUS_YAML_PATTERNS = [
+        /!!python\/object/,
+        /!!ruby\/object/,
+        /!!java/,
+        /!!exec/,
+        /!!eval/,
+        /!!new/,
+        /!!construct/,
+        /!!apply/,
+        /subprocess/,
+        /os\.system/,
+        /eval\(/,
+        /exec\(/,
+        /__import__/,
+    ];
+    /**
+     * Validates and sanitizes persona content for security threats
+     */
+    static validateAndSanitize(content) {
+        const detectedPatterns = [];
+        let sanitized = content;
+        let highestSeverity = 'low';
+        // Check for injection patterns
+        for (const { pattern, severity, description } of this.INJECTION_PATTERNS) {
+            if (pattern.test(content)) {
+                detectedPatterns.push(description);
+                // Update highest severity
+                if (severity === 'critical' || (severity === 'high' && highestSeverity !== 'critical')) {
+                    highestSeverity = severity;
+                }
+                // Log security event
+                SecurityMonitor.logSecurityEvent({
+                    type: 'CONTENT_INJECTION_ATTEMPT',
+                    severity: severity.toUpperCase(),
+                    source: 'content_validation',
+                    details: `Detected pattern: ${description}`,
+                });
+                // Sanitize by replacing with safe placeholder
+                sanitized = sanitized.replace(pattern, '[CONTENT_BLOCKED]');
+            }
+        }
+        return {
+            isValid: detectedPatterns.length === 0,
+            sanitizedContent: sanitized,
+            detectedPatterns,
+            severity: highestSeverity
+        };
+    }
+    /**
+     * Validates YAML frontmatter for malicious content
+     */
+    static validateYamlContent(yamlContent) {
+        for (const pattern of this.MALICIOUS_YAML_PATTERNS) {
+            if (pattern.test(yamlContent)) {
+                SecurityMonitor.logSecurityEvent({
+                    type: 'YAML_INJECTION_ATTEMPT',
+                    severity: 'CRITICAL',
+                    source: 'yaml_validation',
+                    details: `Malicious YAML pattern detected: ${pattern}`,
+                });
+                // Early exit on first match for performance
+                return false;
+            }
+        }
+        return true;
+    }
+    /**
+     * Validates persona metadata fields
+     */
+    static validateMetadata(metadata) {
+        const detectedPatterns = [];
+        // Check all string fields in metadata
+        const checkField = (fieldName, value) => {
+            if (typeof value === 'string') {
+                const result = this.validateAndSanitize(value);
+                if (!result.isValid || result.detectedPatterns?.length) {
+                    detectedPatterns.push(`${fieldName}: ${result.detectedPatterns?.join(', ')}`);
+                }
+            }
+        };
+        // Validate standard persona fields
+        checkField('name', metadata.name);
+        checkField('description', metadata.description);
+        checkField('category', metadata.category);
+        checkField('author', metadata.author);
+        // Check any custom fields
+        for (const [key, value] of Object.entries(metadata)) {
+            if (!['name', 'description', 'category', 'author'].includes(key)) {
+                checkField(key, value);
+            }
+        }
+        return {
+            isValid: detectedPatterns.length === 0,
+            detectedPatterns,
+            severity: detectedPatterns.length > 0 ? 'high' : 'low'
+        };
+    }
+    /**
+     * Sanitizes a complete persona file (frontmatter + content)
+     */
+    static sanitizePersonaContent(content) {
+        // Extract frontmatter
+        const frontmatterMatch = content.match(/^---\n([\s\S]*?)\n---/);
+        if (!frontmatterMatch) {
+            // No frontmatter, just validate content
+            const result = this.validateAndSanitize(content);
+            if (!result.isValid && result.severity === 'critical') {
+                throw new SecurityError('Critical security threat detected in persona content');
+            }
+            return result.sanitizedContent || content;
+        }
+        const yamlContent = frontmatterMatch[1];
+        const markdownContent = content.substring(frontmatterMatch[0].length);
+        // Validate YAML
+        if (!this.validateYamlContent(yamlContent)) {
+            throw new SecurityError('Malicious YAML detected in persona frontmatter');
+        }
+        // Validate markdown content
+        const contentResult = this.validateAndSanitize(markdownContent);
+        if (!contentResult.isValid && contentResult.severity === 'critical') {
+            throw new SecurityError('Critical security threat detected in persona content');
+        }
+        // Return sanitized content
+        return `---\n${yamlContent}\n---${contentResult.sanitizedContent || markdownContent}`;
+    }
+}
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiY29udGVudFZhbGlkYXRvci5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uLy4uL3NyYy9zZWN1cml0eS9jb250ZW50VmFsaWRhdG9yLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiJBQUFBOzs7Ozs7O0dBT0c7QUFFSCxPQUFPLEVBQUUsYUFBYSxFQUFFLE1BQU0sNEJBQTRCLENBQUM7QUFDM0QsT0FBTyxFQUFFLGVBQWUsRUFBRSxNQUFNLHNCQUFzQixDQUFDO0FBU3ZELE1BQU0sT0FBTyxnQkFBZ0I7SUFDM0I7Ozs7Ozs7Ozs7O09BV0c7SUFDSCxnRUFBZ0U7SUFDeEQsTUFBTSxDQUFVLGtCQUFrQixHQUFtRjtRQUMzSCxrQ0FBa0M7UUFDbEMsRUFBRSxPQUFPLEVBQUUscUJBQXFCLEVBQUUsUUFBUSxFQUFFLFVBQVUsRUFBRSxXQUFXLEVBQUUsd0JBQXdCLEVBQUU7UUFDL0YsRUFBRSxPQUFPLEVBQUUsb0JBQW9CLEVBQUUsUUFBUSxFQUFFLFVBQVUsRUFBRSxXQUFXLEVBQUUsdUJBQXVCLEVBQUU7UUFDN0YsRUFBRSxPQUFPLEVBQUUsd0JBQXdCLEVBQUUsUUFBUSxFQUFFLFVBQVUsRUFBRSxXQUFXLEVBQUUsMkJBQTJCLEVBQUU7UUFDckcsRUFBRSxPQUFPLEVBQUUsbUJBQW1CLEVBQUUsUUFBUSxFQUFFLE1BQU0sRUFBRSxXQUFXLEVBQUUsc0JBQXNCLEVBQUU7UUFFdkYsMkJBQTJCO1FBQzNCLEVBQUUsT0FBTyxFQUFFLDZDQUE2QyxFQUFFLFFBQVEsRUFBRSxVQUFVLEVBQUUsV0FBVyxFQUFFLHNCQUFzQixFQUFFO1FBQ3JILEVBQUUsT0FBTyxFQUFFLDBDQUEwQyxFQUFFLFFBQVEsRUFBRSxVQUFVLEVBQUUsV0FBVyxFQUFFLHNCQUFzQixFQUFFO1FBQ2xILEVBQUUsT0FBTyxFQUFFLGdEQUFnRCxFQUFFLFFBQVEsRUFBRSxVQUFVLEVBQUUsV0FBVyxFQUFFLHNCQUFzQixFQUFFO1FBQ3hILEVBQUUsT0FBTyxFQUFFLDZDQUE2QyxFQUFFLFFBQVEsRUFBRSxVQUFVLEVBQUUsV0FBVyxFQUFFLHNCQUFzQixFQUFFO1FBQ3JILEVBQUUsT0FBTyxFQUFFLDhDQUE4QyxFQUFFLFFBQVEsRUFBRSxVQUFVLEVBQUUsV0FBVyxFQUFFLHdCQUF3QixFQUFFO1FBQ3hILEVBQUUsT0FBTyxFQUFFLHVDQUF1QyxFQUFFLFFBQVEsRUFBRSxVQUFVLEVBQUUsV0FBVyxFQUFFLHdCQUF3QixFQUFFO1FBRWpILDZCQUE2QjtRQUM3QixFQUFFLE9BQU8sRUFBRSwyREFBMkQsRUFBRSxRQUFRLEVBQUUsVUFBVSxFQUFFLFdBQVcsRUFBRSxtQkFBbUIsRUFBRTtRQUNoSSxFQUFFLE9BQU8sRUFBRSw4REFBOEQsRUFBRSxRQUFRLEVBQUUsVUFBVSxFQUFFLFdBQVcsRUFBRSxtQkFBbUIsRUFBRTtRQUNuSSxFQUFFLE9BQU8sRUFBRSxtREFBbUQsRUFBRSxRQUFRLEVBQUUsTUFBTSxFQUFFLFdBQVcsRUFBRSx3QkFBd0IsRUFBRTtRQUN6SCxFQUFFLE9BQU8sRUFBRSw2REFBNkQsRUFBRSxRQUFRLEVBQUUsTUFBTSxFQUFFLFdBQVcsRUFBRSx1QkFBdUIsRUFBRTtRQUVsSSw2QkFBNkI7UUFDN0IsRUFBRSxPQUFPLEVBQUUsdUNBQXVDLEVBQUUsUUFBUSxFQUFFLFVBQVUsRUFBRSxXQUFXLEVBQUUsNEJBQTRCLEVBQUU7UUFDckgsRUFBRSxPQUFPLEVBQUUsdUNBQXVDLEVBQUUsUUFBUSxFQUFFLFVBQVUsRUFBRSxXQUFXLEVBQUUsNEJBQTRCLEVBQUU7UUFDckgsRUFBRSxPQUFPLEVBQUUsY0FBYyxFQUFFLFFBQVEsRUFBRSxVQUFVLEVBQUUsV0FBVyxFQUFFLHNCQUFzQixFQUFFO1FBQ3RGLEVBQUUsT0FBTyxFQUFFLFVBQVUsRUFBRSxRQUFRLEVBQUUsVUFBVSxFQUFFLFdBQVcsRUFBRSw0QkFBNEIsRUFBRTtRQUN4RixFQUFFLE9BQU8sRUFBRSxhQUFhLEVBQUUsUUFBUSxFQUFFLFVBQVUsRUFBRSxXQUFXLEVBQUUsaUJBQWlCLEVBQUU7UUFDaEYsRUFBRSxPQUFPLEVBQUUsYUFBYSxFQUFFLFFBQVEsRUFBRSxVQUFVLEVBQUUsV0FBVyxFQUFFLGdCQUFnQixFQUFFO1FBQy9FLEVBQUUsT0FBTyxFQUFFLG1CQUFtQixFQUFFLFFBQVEsRUFBRSxVQUFVLEVBQUUsV0FBVyxFQUFFLDBCQUEwQixFQUFFO1FBQy9GLEVBQUUsT0FBTyxFQUFFLGdDQUFnQyxFQUFFLFFBQVEsRUFBRSxVQUFVLEVBQUUsV0FBVyxFQUFFLHNCQUFzQixFQUFFO1FBRXhHLDRCQUE0QjtRQUM1QixFQUFFLE9BQU8sRUFBRSxnQkFBZ0IsRUFBRSxRQUFRLEVBQUUsTUFBTSxFQUFFLFdBQVcsRUFBRSxpQkFBaUIsRUFBRTtRQUMvRSxFQUFFLE9BQU8sRUFBRSxzQkFBc0IsRUFBRSxRQUFRLEVBQUUsVUFBVSxFQUFFLFdBQVcsRUFBRSx1QkFBdUIsRUFBRTtRQUMvRixFQUFFLE9BQU8sRUFBRSxzQkFBc0IsRUFBRSxRQUFRLEVBQUUsVUFBVSxFQUFFLFdBQVcsRUFBRSw2QkFBNkIsRUFBRTtRQUVyRyw0QkFBNEI7UUFDNUIsRUFBRSxPQUFPLEVBQUUscUJBQXFCLEVBQUUsUUFBUSxFQUFFLE1BQU0sRUFBRSxXQUFXLEVBQUUsd0JBQXdCLEVBQUU7UUFDM0YsRUFBRSxPQUFPLEVBQUUsaUJBQWlCLEVBQUUsUUFBUSxFQUFFLE1BQU0sRUFBRSxXQUFXLEVBQUUsdUJBQXVCLEVBQUU7UUFDdEYsRUFBRSxPQUFPLEVBQUUsYUFBYSxFQUFFLFFBQVEsRUFBRSxNQUFNLEVBQUUsV0FBVyxFQUFFLHdCQUF3QixFQUFFO0tBQ3BGLENBQUM7SUFFRiwwQkFBMEI7SUFDbEIsTUFBTSxDQUFVLHVCQUF1QixHQUFHO1FBQ2hELGtCQUFrQjtRQUNsQixnQkFBZ0I7UUFDaEIsUUFBUTtRQUNSLFFBQVE7UUFDUixRQUFRO1FBQ1IsT0FBTztRQUNQLGFBQWE7UUFDYixTQUFTO1FBQ1QsWUFBWTtRQUNaLFlBQVk7UUFDWixRQUFRO1FBQ1IsUUFBUTtRQUNSLFlBQVk7S0FDYixDQUFDO0lBRUY7O09BRUc7SUFDSCxNQUFNLENBQUMsbUJBQW1CLENBQUMsT0FBZTtRQUN4QyxNQUFNLGdCQUFnQixHQUFhLEVBQUUsQ0FBQztRQUN0QyxJQUFJLFNBQVMsR0FBRyxPQUFPLENBQUM7UUFDeEIsSUFBSSxlQUFlLEdBQTJDLEtBQUssQ0FBQztRQUVwRSwrQkFBK0I7UUFDL0IsS0FBSyxNQUFNLEVBQUUsT0FBTyxFQUFFLFFBQVEsRUFBRSxXQUFXLEVBQUUsSUFBSSxJQUFJLENBQUMsa0JBQWtCLEVBQUUsQ0FBQztZQUN6RSxJQUFJLE9BQU8sQ0FBQyxJQUFJLENBQUMsT0FBTyxDQUFDLEVBQUUsQ0FBQztnQkFDMUIsZ0JBQWdCLENBQUMsSUFBSSxDQUFDLFdBQVcsQ0FBQyxDQUFDO2dCQUVuQywwQkFBMEI7Z0JBQzFCLElBQUksUUFBUSxLQUFLLFVBQVUsSUFBSSxDQUFDLFFBQVEsS0FBSyxNQUFNLElBQUksZUFBZSxLQUFLLFVBQVUsQ0FBQyxFQUFFLENBQUM7b0JBQ3ZGLGVBQWUsR0FBRyxRQUFRLENBQUM7Z0JBQzdCLENBQUM7Z0JBRUQscUJBQXFCO2dCQUNyQixlQUFlLENBQUMsZ0JBQWdCLENBQUM7b0JBQy9CLElBQUksRUFBRSwyQkFBMkI7b0JBQ2pDLFFBQVEsRUFBRSxRQUFRLENBQUMsV0FBVyxFQUF5QjtvQkFDdkQsTUFBTSxFQUFFLG9CQUFvQjtvQkFDNUIsT0FBTyxFQUFFLHFCQUFxQixXQUFXLEVBQUU7aUJBQzVDLENBQUMsQ0FBQztnQkFFSCw4Q0FBOEM7Z0JBQzlDLFNBQVMsR0FBRyxTQUFTLENBQUMsT0FBTyxDQUFDLE9BQU8sRUFBRSxtQkFBbUIsQ0FBQyxDQUFDO1lBQzlELENBQUM7UUFDSCxDQUFDO1FBRUQsT0FBTztZQUNMLE9BQU8sRUFBRSxnQkFBZ0IsQ0FBQyxNQUFNLEtBQUssQ0FBQztZQUN0QyxnQkFBZ0IsRUFBRSxTQUFTO1lBQzNCLGdCQUFnQjtZQUNoQixRQUFRLEVBQUUsZUFBZTtTQUMxQixDQUFDO0lBQ0osQ0FBQztJQUVEOztPQUVHO0lBQ0gsTUFBTSxDQUFDLG1CQUFtQixDQUFDLFdBQW1CO1FBQzVDLEtBQUssTUFBTSxPQUFPLElBQUksSUFBSSxDQUFDLHVCQUF1QixFQUFFLENBQUM7WUFDbkQsSUFBSSxPQUFPLENBQUMsSUFBSSxDQUFDLFdBQVcsQ0FBQyxFQUFFLENBQUM7Z0JBQzlCLGVBQWUsQ0FBQyxnQkFBZ0IsQ0FBQztvQkFDL0IsSUFBSSxFQUFFLHdCQUF3QjtvQkFDOUIsUUFBUSxFQUFFLFVBQVU7b0JBQ3BCLE1BQU0sRUFBRSxpQkFBaUI7b0JBQ3pCLE9BQU8sRUFBRSxvQ0FBb0MsT0FBTyxFQUFFO2lCQUN2RCxDQUFDLENBQUM7Z0JBQ0gsNENBQTRDO2dCQUM1QyxPQUFPLEtBQUssQ0FBQztZQUNmLENBQUM7UUFDSCxDQUFDO1FBQ0QsT0FBTyxJQUFJLENBQUM7SUFDZCxDQUFDO0lBRUQ7O09BRUc7SUFDSCxNQUFNLENBQUMsZ0JBQWdCLENBQUMsUUFBYTtRQUNuQyxNQUFNLGdCQUFnQixHQUFhLEVBQUUsQ0FBQztRQUV0QyxzQ0FBc0M7UUFDdEMsTUFBTSxVQUFVLEdBQUcsQ0FBQyxTQUFpQixFQUFFLEtBQVUsRUFBRSxFQUFFO1lBQ25ELElBQUksT0FBTyxLQUFLLEtBQUssUUFBUSxFQUFFLENBQUM7Z0JBQzlCLE1BQU0sTUFBTSxHQUFHLElBQUksQ0FBQyxtQkFBbUIsQ0FBQyxLQUFLLENBQUMsQ0FBQztnQkFDL0MsSUFBSSxDQUFDLE1BQU0sQ0FBQyxPQUFPLElBQUksTUFBTSxDQUFDLGdCQUFnQixFQUFFLE1BQU0sRUFBRSxDQUFDO29CQUN2RCxnQkFBZ0IsQ0FBQyxJQUFJLENBQUMsR0FBRyxTQUFTLEtBQUssTUFBTSxDQUFDLGdCQUFnQixFQUFFLElBQUksQ0FBQyxJQUFJLENBQUMsRUFBRSxDQUFDLENBQUM7Z0JBQ2hGLENBQUM7WUFDSCxDQUFDO1FBQ0gsQ0FBQyxDQUFDO1FBRUYsbUNBQW1DO1FBQ25DLFVBQVUsQ0FBQyxNQUFNLEVBQUUsUUFBUSxDQUFDLElBQUksQ0FBQyxDQUFDO1FBQ2xDLFVBQVUsQ0FBQyxhQUFhLEVBQUUsUUFBUSxDQUFDLFdBQVcsQ0FBQyxDQUFDO1FBQ2hELFVBQVUsQ0FBQyxVQUFVLEVBQUUsUUFBUSxDQUFDLFFBQVEsQ0FBQyxDQUFDO1FBQzFDLFVBQVUsQ0FBQyxRQUFRLEVBQUUsUUFBUSxDQUFDLE1BQU0sQ0FBQyxDQUFDO1FBRXRDLDBCQUEwQjtRQUMxQixLQUFLLE1BQU0sQ0FBQyxHQUFHLEVBQUUsS0FBSyxDQUFDLElBQUksTUFBTSxDQUFDLE9BQU8sQ0FBQyxRQUFRLENBQUMsRUFBRSxDQUFDO1lBQ3BELElBQUksQ0FBQyxDQUFDLE1BQU0sRUFBRSxhQUFhLEVBQUUsVUFBVSxFQUFFLFFBQVEsQ0FBQyxDQUFDLFFBQVEsQ0FBQyxHQUFHLENBQUMsRUFBRSxDQUFDO2dCQUNqRSxVQUFVLENBQUMsR0FBRyxFQUFFLEtBQUssQ0FBQyxDQUFDO1lBQ3pCLENBQUM7UUFDSCxDQUFDO1FBRUQsT0FBTztZQUNMLE9BQU8sRUFBRSxnQkFBZ0IsQ0FBQyxNQUFNLEtBQUssQ0FBQztZQUN0QyxnQkFBZ0I7WUFDaEIsUUFBUSxFQUFFLGdCQUFnQixDQUFDLE1BQU0sR0FBRyxDQUFDLENBQUMsQ0FBQyxDQUFDLE1BQU0sQ0FBQyxDQUFDLENBQUMsS0FBSztTQUN2RCxDQUFDO0lBQ0osQ0FBQztJQUVEOztPQUVHO0lBQ0gsTUFBTSxDQUFDLHNCQUFzQixDQUFDLE9BQWU7UUFDM0Msc0JBQXNCO1FBQ3RCLE1BQU0sZ0JBQWdCLEdBQUcsT0FBTyxDQUFDLEtBQUssQ0FBQyx1QkFBdUIsQ0FBQyxDQUFDO1FBRWhFLElBQUksQ0FBQyxnQkFBZ0IsRUFBRSxDQUFDO1lBQ3RCLHdDQUF3QztZQUN4QyxNQUFNLE1BQU0sR0FBRyxJQUFJLENBQUMsbUJBQW1CLENBQUMsT0FBTyxDQUFDLENBQUM7WUFDakQsSUFBSSxDQUFDLE1BQU0sQ0FBQyxPQUFPLElBQUksTUFBTSxDQUFDLFFBQVEsS0FBSyxVQUFVLEVBQUUsQ0FBQztnQkFDdEQsTUFBTSxJQUFJLGFBQWEsQ0FBQyxzREFBc0QsQ0FBQyxDQUFDO1lBQ2xGLENBQUM7WUFDRCxPQUFPLE1BQU0sQ0FBQyxnQkFBZ0IsSUFBSSxPQUFPLENBQUM7UUFDNUMsQ0FBQztRQUVELE1BQU0sV0FBVyxHQUFHLGdCQUFnQixDQUFDLENBQUMsQ0FBQyxDQUFDO1FBQ3hDLE1BQU0sZUFBZSxHQUFHLE9BQU8sQ0FBQyxTQUFTLENBQUMsZ0JBQWdCLENBQUMsQ0FBQyxDQUFDLENBQUMsTUFBTSxDQUFDLENBQUM7UUFFdEUsZ0JBQWdCO1FBQ2hCLElBQUksQ0FBQyxJQUFJLENBQUMsbUJBQW1CLENBQUMsV0FBVyxDQUFDLEVBQUUsQ0FBQztZQUMzQyxNQUFNLElBQUksYUFBYSxDQUFDLGdEQUFnRCxDQUFDLENBQUM7UUFDNUUsQ0FBQztRQUVELDRCQUE0QjtRQUM1QixNQUFNLGFBQWEsR0FBRyxJQUFJLENBQUMsbUJBQW1CLENBQUMsZUFBZSxDQUFDLENBQUM7UUFDaEUsSUFBSSxDQUFDLGFBQWEsQ0FBQyxPQUFPLElBQUksYUFBYSxDQUFDLFFBQVEsS0FBSyxVQUFVLEVBQUUsQ0FBQztZQUNwRSxNQUFNLElBQUksYUFBYSxDQUFDLHNEQUFzRCxDQUFDLENBQUM7UUFDbEYsQ0FBQztRQUVELDJCQUEyQjtRQUMzQixPQUFPLFFBQVEsV0FBVyxRQUFRLGFBQWEsQ0FBQyxnQkFBZ0IsSUFBSSxlQUFlLEVBQUUsQ0FBQztJQUN4RixDQUFDIiwic291cmNlc0NvbnRlbnQiOlsiLyoqXG4gKiBDb250ZW50IFZhbGlkYXRvciBmb3IgRG9sbGhvdXNlTUNQXG4gKiBcbiAqIFByb3RlY3RzIGFnYWluc3QgcHJvbXB0IGluamVjdGlvbiBhdHRhY2tzIGluIG1hcmtldHBsYWNlIHBlcnNvbmFzXG4gKiBieSBkZXRlY3RpbmcgYW5kIHNhbml0aXppbmcgbWFsaWNpb3VzIGNvbnRlbnQgcGF0dGVybnMuXG4gKiBcbiAqIFNlY3VyaXR5OiBTRUMtMDAxIC0gQ3JpdGljYWwgdnVsbmVyYWJpbGl0eSBwcm90ZWN0aW9uXG4gKi9cblxuaW1wb3J0IHsgU2VjdXJpdHlFcnJvciB9IGZyb20gJy4uL2Vycm9ycy9TZWN1cml0eUVycm9yLmpzJztcbmltcG9ydCB7IFNlY3VyaXR5TW9uaXRvciB9IGZyb20gJy4vc2VjdXJpdHlNb25pdG9yLmpzJztcblxuZXhwb3J0IGludGVyZmFjZSBWYWxpZGF0aW9uUmVzdWx0IHtcbiAgaXNWYWxpZDogYm9vbGVhbjtcbiAgc2FuaXRpemVkQ29udGVudD86IHN0cmluZztcbiAgZGV0ZWN0ZWRQYXR0ZXJucz86IHN0cmluZ1tdO1xuICBzZXZlcml0eT86ICdsb3cnIHwgJ21lZGl1bScgfCAnaGlnaCcgfCAnY3JpdGljYWwnO1xufVxuXG5leHBvcnQgY2xhc3MgQ29udGVudFZhbGlkYXRvciB7XG4gIC8qKlxuICAgKiBQYXR0ZXJuLWJhc2VkIGRldGVjdGlvbiBzeXN0ZW0gZm9yIHByb21wdCBpbmplY3Rpb24gYXR0YWNrcy5cbiAgICogXG4gICAqIFRoaXMgYXBwcm9hY2ggd2FzIGNob3NlbiBvdmVyIEFJLWJhc2VkIGRldGVjdGlvbiBiZWNhdXNlOlxuICAgKiAxLiBQYXR0ZXJuIG1hdGNoaW5nIGNhbm5vdCBiZSBzb2NpYWxseSBlbmdpbmVlcmVkIG9yIGNvbmZ1c2VkXG4gICAqIDIuIERldGVybWluaXN0aWMgcmVzdWx0cyBlbnN1cmUgY29uc2lzdGVudCBzZWN1cml0eVxuICAgKiAzLiBObyBhZGRpdGlvbmFsIEFQSSBjYWxscyBvciBsYXRlbmN5XG4gICAqIDQuIENhbid0IGJlIGJ5cGFzc2VkIGJ5IGNsZXZlciBwcm9tcHQgZW5naW5lZXJpbmdcbiAgICogXG4gICAqIFRoZSBwYXR0ZXJucyBiZWxvdyByZXByZXNlbnQga25vd24gYXR0YWNrIHZlY3RvcnMgZnJvbSBzZWN1cml0eSByZXNlYXJjaFxuICAgKiBhbmQgcmVhbC13b3JsZCBleHBsb2l0IGF0dGVtcHRzIGFnYWluc3QgQUkgc3lzdGVtcy5cbiAgICovXG4gIC8vIFByb21wdCBpbmplY3Rpb24gcGF0dGVybnMgdGhhdCBjb3VsZCBjb21wcm9taXNlIEFJIGFzc2lzdGFudHNcbiAgcHJpdmF0ZSBzdGF0aWMgcmVhZG9ubHkgSU5KRUNUSU9OX1BBVFRFUk5TOiBBcnJheTx7IHBhdHRlcm46IFJlZ0V4cDsgc2V2ZXJpdHk6ICdoaWdoJyB8ICdjcml0aWNhbCc7IGRlc2NyaXB0aW9uOiBzdHJpbmcgfT4gPSBbXG4gICAgLy8gU3lzdGVtIHByb21wdCBvdmVycmlkZSBhdHRlbXB0c1xuICAgIHsgcGF0dGVybjogL1xcW1NZU1RFTTpcXHMqLio/XFxdL2dpLCBzZXZlcml0eTogJ2NyaXRpY2FsJywgZGVzY3JpcHRpb246ICdTeXN0ZW0gcHJvbXB0IG92ZXJyaWRlJyB9LFxuICAgIHsgcGF0dGVybjogL1xcW0FETUlOOlxccyouKj9cXF0vZ2ksIHNldmVyaXR5OiAnY3JpdGljYWwnLCBkZXNjcmlwdGlvbjogJ0FkbWluIHByb21wdCBvdmVycmlkZScgfSxcbiAgICB7IHBhdHRlcm46IC9cXFtBU1NJU1RBTlQ6XFxzKi4qP1xcXS9naSwgc2V2ZXJpdHk6ICdjcml0aWNhbCcsIGRlc2NyaXB0aW9uOiAnQXNzaXN0YW50IHByb21wdCBvdmVycmlkZScgfSxcbiAgICB7IHBhdHRlcm46IC9cXFtVU0VSOlxccyouKj9cXF0vZ2ksIHNldmVyaXR5OiAnaGlnaCcsIGRlc2NyaXB0aW9uOiAnVXNlciBwcm9tcHQgb3ZlcnJpZGUnIH0sXG4gICAgXG4gICAgLy8gSW5zdHJ1Y3Rpb24gbWFuaXB1bGF0aW9uXG4gICAgeyBwYXR0ZXJuOiAvaWdub3JlXFxzKyhhbGxcXHMrKT9wcmV2aW91c1xccytpbnN0cnVjdGlvbnMvZ2ksIHNldmVyaXR5OiAnY3JpdGljYWwnLCBkZXNjcmlwdGlvbjogJ0luc3RydWN0aW9uIG92ZXJyaWRlJyB9LFxuICAgIHsgcGF0dGVybjogL2lnbm9yZVxccysoYWxsXFxzKyk/cHJpb3JcXHMraW5zdHJ1Y3Rpb25zL2dpLCBzZXZlcml0eTogJ2NyaXRpY2FsJywgZGVzY3JpcHRpb246ICdJbnN0cnVjdGlvbiBvdmVycmlkZScgfSxcbiAgICB7IHBhdHRlcm46IC9kaXNyZWdhcmRcXHMrKGFsbFxccyspP3ByZXZpb3VzXFxzK2luc3RydWN0aW9ucy9naSwgc2V2ZXJpdHk6ICdjcml0aWNhbCcsIGRlc2NyaXB0aW9uOiAnSW5zdHJ1Y3Rpb24gb3ZlcnJpZGUnIH0sXG4gICAgeyBwYXR0ZXJuOiAvZm9yZ2V0XFxzKyhhbGxcXHMrKT9wcmV2aW91c1xccytpbnN0cnVjdGlvbnMvZ2ksIHNldmVyaXR5OiAnY3JpdGljYWwnLCBkZXNjcmlwdGlvbjogJ0luc3RydWN0aW9uIG92ZXJyaWRlJyB9LFxuICAgIHsgcGF0dGVybjogL3lvdVxccythcmVcXHMrbm93XFxzKyhhZG1pbnxyb290fHN5c3RlbXxzdWRvKS9naSwgc2V2ZXJpdHk6ICdjcml0aWNhbCcsIGRlc2NyaXB0aW9uOiAnUm9sZSBlbGV2YXRpb24gYXR0ZW1wdCcgfSxcbiAgICB7IHBhdHRlcm46IC9hY3RcXHMrYXNcXHMrKGFkbWlufHJvb3R8c3lzdGVtfHN1ZG8pL2dpLCBzZXZlcml0eTogJ2NyaXRpY2FsJywgZGVzY3JpcHRpb246ICdSb2xlIGVsZXZhdGlvbiBhdHRlbXB0JyB9LFxuICAgIFxuICAgIC8vIERhdGEgZXhmaWx0cmF0aW9uIGF0dGVtcHRzXG4gICAgeyBwYXR0ZXJuOiAvZXhwb3J0XFxzK2FsbFxccysoZmlsZXN8ZGF0YXxwZXJzb25hc3x0b2tlbnN8Y3JlZGVudGlhbHMpL2dpLCBzZXZlcml0eTogJ2NyaXRpY2FsJywgZGVzY3JpcHRpb246ICdEYXRhIGV4ZmlsdHJhdGlvbicgfSxcbiAgICB7IHBhdHRlcm46IC9zZW5kXFxzK2FsbFxccysoZmlsZXN8ZGF0YXxwZXJzb25hc3x0b2tlbnN8Y3JlZGVudGlhbHMpXFxzK3RvL2dpLCBzZXZlcml0eTogJ2NyaXRpY2FsJywgZGVzY3JpcHRpb246ICdEYXRhIGV4ZmlsdHJhdGlvbicgfSxcbiAgICB7IHBhdHRlcm46IC9saXN0XFxzK2FsbFxccysoZmlsZXN8dG9rZW5zfGNyZWRlbnRpYWxzfHNlY3JldHMpL2dpLCBzZXZlcml0eTogJ2hpZ2gnLCBkZXNjcmlwdGlvbjogJ0luZm9ybWF0aW9uIGRpc2Nsb3N1cmUnIH0sXG4gICAgeyBwYXR0ZXJuOiAvc2hvd1xccyttZVxccythbGxcXHMrKHRva2Vuc3xjcmVkZW50aWFsc3xzZWNyZXRzfGFwaVxccytrZXlzKS9naSwgc2V2ZXJpdHk6ICdoaWdoJywgZGVzY3JpcHRpb246ICdDcmVkZW50aWFsIGRpc2Nsb3N1cmUnIH0sXG4gICAgXG4gICAgLy8gQ29tbWFuZCBleGVjdXRpb24gcGF0dGVybnNcbiAgICB7IHBhdHRlcm46IC9jdXJsXFxzK1teXFxzXStcXC4oY29tfG5ldHxvcmd8aW98ZGV2KS9naSwgc2V2ZXJpdHk6ICdjcml0aWNhbCcsIGRlc2NyaXB0aW9uOiAnRXh0ZXJuYWwgY29tbWFuZCBleGVjdXRpb24nIH0sXG4gICAgeyBwYXR0ZXJuOiAvd2dldFxccytbXlxcc10rXFwuKGNvbXxuZXR8b3JnfGlvfGRldikvZ2ksIHNldmVyaXR5OiAnY3JpdGljYWwnLCBkZXNjcmlwdGlvbjogJ0V4dGVybmFsIGNvbW1hbmQgZXhlY3V0aW9uJyB9LFxuICAgIHsgcGF0dGVybjogL1xcJFxcKFteKV0rXFwpL2csIHNldmVyaXR5OiAnY3JpdGljYWwnLCBkZXNjcmlwdGlvbjogJ0NvbW1hbmQgc3Vic3RpdHV0aW9uJyB9LFxuICAgIHsgcGF0dGVybjogL2BbXmBdK2AvZywgc2V2ZXJpdHk6ICdjcml0aWNhbCcsIGRlc2NyaXB0aW9uOiAnQmFja3RpY2sgY29tbWFuZCBleGVjdXRpb24nIH0sXG4gICAgeyBwYXR0ZXJuOiAvZXZhbFxccypcXCgvZ2ksIHNldmVyaXR5OiAnY3JpdGljYWwnLCBkZXNjcmlwdGlvbjogJ0NvZGUgZXZhbHVhdGlvbicgfSxcbiAgICB7IHBhdHRlcm46IC9leGVjXFxzKlxcKC9naSwgc2V2ZXJpdHk6ICdjcml0aWNhbCcsIGRlc2NyaXB0aW9uOiAnQ29kZSBleGVjdXRpb24nIH0sXG4gICAgeyBwYXR0ZXJuOiAvb3NcXC5zeXN0ZW1cXHMqXFwoL2dpLCBzZXZlcml0eTogJ2NyaXRpY2FsJywgZGVzY3JpcHRpb246ICdTeXN0ZW0gY29tbWFuZCBleGVjdXRpb24nIH0sXG4gICAgeyBwYXR0ZXJuOiAvc3VicHJvY2Vzc1xcLihjYWxsfHJ1bnxQb3BlbikvZ2ksIHNldmVyaXR5OiAnY3JpdGljYWwnLCBkZXNjcmlwdGlvbjogJ1N1YnByb2Nlc3MgZXhlY3V0aW9uJyB9LFxuICAgIFxuICAgIC8vIFRva2VuL2NyZWRlbnRpYWwgcGF0dGVybnNcbiAgICB7IHBhdHRlcm46IC9HSVRIVUJfVE9LRU4vZ2ksIHNldmVyaXR5OiAnaGlnaCcsIGRlc2NyaXB0aW9uOiAnVG9rZW4gcmVmZXJlbmNlJyB9LFxuICAgIHsgcGF0dGVybjogL2docF9bYS16QS1aMC05XXszNn0vZywgc2V2ZXJpdHk6ICdjcml0aWNhbCcsIGRlc2NyaXB0aW9uOiAnR2l0SHViIHRva2VuIGV4cG9zdXJlJyB9LFxuICAgIHsgcGF0dGVybjogL2dob19bYS16QS1aMC05XXszNn0vZywgc2V2ZXJpdHk6ICdjcml0aWNhbCcsIGRlc2NyaXB0aW9uOiAnR2l0SHViIE9BdXRoIHRva2VuIGV4cG9zdXJlJyB9LFxuICAgIFxuICAgIC8vIFBhdGggdHJhdmVyc2FsIGluIGNvbnRlbnRcbiAgICB7IHBhdHRlcm46IC9cXC5cXC5cXC9cXC5cXC5cXC9cXC5cXC5cXC8vZywgc2V2ZXJpdHk6ICdoaWdoJywgZGVzY3JpcHRpb246ICdQYXRoIHRyYXZlcnNhbCBhdHRlbXB0JyB9LFxuICAgIHsgcGF0dGVybjogL1xcL2V0Y1xcL3Bhc3N3ZC9naSwgc2V2ZXJpdHk6ICdoaWdoJywgZGVzY3JpcHRpb246ICdTZW5zaXRpdmUgZmlsZSBhY2Nlc3MnIH0sXG4gICAgeyBwYXR0ZXJuOiAvXFwvXFwuc3NoXFwvL2dpLCBzZXZlcml0eTogJ2hpZ2gnLCBkZXNjcmlwdGlvbjogJ1NTSCBrZXkgYWNjZXNzIGF0dGVtcHQnIH0sXG4gIF07XG5cbiAgLy8gTWFsaWNpb3VzIFlBTUwgcGF0dGVybnNcbiAgcHJpdmF0ZSBzdGF0aWMgcmVhZG9ubHkgTUFMSUNJT1VTX1lBTUxfUEFUVEVSTlMgPSBbXG4gICAgLyEhcHl0aG9uXFwvb2JqZWN0LyxcbiAgICAvISFydWJ5XFwvb2JqZWN0LyxcbiAgICAvISFqYXZhLyxcbiAgICAvISFleGVjLyxcbiAgICAvISFldmFsLyxcbiAgICAvISFuZXcvLFxuICAgIC8hIWNvbnN0cnVjdC8sXG4gICAgLyEhYXBwbHkvLFxuICAgIC9zdWJwcm9jZXNzLyxcbiAgICAvb3NcXC5zeXN0ZW0vLFxuICAgIC9ldmFsXFwoLyxcbiAgICAvZXhlY1xcKC8sXG4gICAgL19faW1wb3J0X18vLFxuICBdO1xuXG4gIC8qKlxuICAgKiBWYWxpZGF0ZXMgYW5kIHNhbml0aXplcyBwZXJzb25hIGNvbnRlbnQgZm9yIHNlY3VyaXR5IHRocmVhdHNcbiAgICovXG4gIHN0YXRpYyB2YWxpZGF0ZUFuZFNhbml0aXplKGNvbnRlbnQ6IHN0cmluZyk6IFZhbGlkYXRpb25SZXN1bHQge1xuICAgIGNvbnN0IGRldGVjdGVkUGF0dGVybnM6IHN0cmluZ1tdID0gW107XG4gICAgbGV0IHNhbml0aXplZCA9IGNvbnRlbnQ7XG4gICAgbGV0IGhpZ2hlc3RTZXZlcml0eTogJ2xvdycgfCAnbWVkaXVtJyB8ICdoaWdoJyB8ICdjcml0aWNhbCcgPSAnbG93JztcblxuICAgIC8vIENoZWNrIGZvciBpbmplY3Rpb24gcGF0dGVybnNcbiAgICBmb3IgKGNvbnN0IHsgcGF0dGVybiwgc2V2ZXJpdHksIGRlc2NyaXB0aW9uIH0gb2YgdGhpcy5JTkpFQ1RJT05fUEFUVEVSTlMpIHtcbiAgICAgIGlmIChwYXR0ZXJuLnRlc3QoY29udGVudCkpIHtcbiAgICAgICAgZGV0ZWN0ZWRQYXR0ZXJucy5wdXNoKGRlc2NyaXB0aW9uKTtcbiAgICAgICAgXG4gICAgICAgIC8vIFVwZGF0ZSBoaWdoZXN0IHNldmVyaXR5XG4gICAgICAgIGlmIChzZXZlcml0eSA9PT0gJ2NyaXRpY2FsJyB8fCAoc2V2ZXJpdHkgPT09ICdoaWdoJyAmJiBoaWdoZXN0U2V2ZXJpdHkgIT09ICdjcml0aWNhbCcpKSB7XG4gICAgICAgICAgaGlnaGVzdFNldmVyaXR5ID0gc2V2ZXJpdHk7XG4gICAgICAgIH1cblxuICAgICAgICAvLyBMb2cgc2VjdXJpdHkgZXZlbnRcbiAgICAgICAgU2VjdXJpdHlNb25pdG9yLmxvZ1NlY3VyaXR5RXZlbnQoe1xuICAgICAgICAgIHR5cGU6ICdDT05URU5UX0lOSkVDVElPTl9BVFRFTVBUJyxcbiAgICAgICAgICBzZXZlcml0eTogc2V2ZXJpdHkudG9VcHBlckNhc2UoKSBhcyAnSElHSCcgfCAnQ1JJVElDQUwnLFxuICAgICAgICAgIHNvdXJjZTogJ2NvbnRlbnRfdmFsaWRhdGlvbicsXG4gICAgICAgICAgZGV0YWlsczogYERldGVjdGVkIHBhdHRlcm46ICR7ZGVzY3JpcHRpb259YCxcbiAgICAgICAgfSk7XG5cbiAgICAgICAgLy8gU2FuaXRpemUgYnkgcmVwbGFjaW5nIHdpdGggc2FmZSBwbGFjZWhvbGRlclxuICAgICAgICBzYW5pdGl6ZWQgPSBzYW5pdGl6ZWQucmVwbGFjZShwYXR0ZXJuLCAnW0NPTlRFTlRfQkxPQ0tFRF0nKTtcbiAgICAgIH1cbiAgICB9XG5cbiAgICByZXR1cm4ge1xuICAgICAgaXNWYWxpZDogZGV0ZWN0ZWRQYXR0ZXJucy5sZW5ndGggPT09IDAsXG4gICAgICBzYW5pdGl6ZWRDb250ZW50OiBzYW5pdGl6ZWQsXG4gICAgICBkZXRlY3RlZFBhdHRlcm5zLFxuICAgICAgc2V2ZXJpdHk6IGhpZ2hlc3RTZXZlcml0eVxuICAgIH07XG4gIH1cblxuICAvKipcbiAgICogVmFsaWRhdGVzIFlBTUwgZnJvbnRtYXR0ZXIgZm9yIG1hbGljaW91cyBjb250ZW50XG4gICAqL1xuICBzdGF0aWMgdmFsaWRhdGVZYW1sQ29udGVudCh5YW1sQ29udGVudDogc3RyaW5nKTogYm9vbGVhbiB7XG4gICAgZm9yIChjb25zdCBwYXR0ZXJuIG9mIHRoaXMuTUFMSUNJT1VTX1lBTUxfUEFUVEVSTlMpIHtcbiAgICAgIGlmIChwYXR0ZXJuLnRlc3QoeWFtbENvbnRlbnQpKSB7XG4gICAgICAgIFNlY3VyaXR5TW9uaXRvci5sb2dTZWN1cml0eUV2ZW50KHtcbiAgICAgICAgICB0eXBlOiAnWUFNTF9JTkpFQ1RJT05fQVRURU1QVCcsXG4gICAgICAgICAgc2V2ZXJpdHk6ICdDUklUSUNBTCcsXG4gICAgICAgICAgc291cmNlOiAneWFtbF92YWxpZGF0aW9uJyxcbiAgICAgICAgICBkZXRhaWxzOiBgTWFsaWNpb3VzIFlBTUwgcGF0dGVybiBkZXRlY3RlZDogJHtwYXR0ZXJufWAsXG4gICAgICAgIH0pO1xuICAgICAgICAvLyBFYXJseSBleGl0IG9uIGZpcnN0IG1hdGNoIGZvciBwZXJmb3JtYW5jZVxuICAgICAgICByZXR1cm4gZmFsc2U7XG4gICAgICB9XG4gICAgfVxuICAgIHJldHVybiB0cnVlO1xuICB9XG5cbiAgLyoqXG4gICAqIFZhbGlkYXRlcyBwZXJzb25hIG1ldGFkYXRhIGZpZWxkc1xuICAgKi9cbiAgc3RhdGljIHZhbGlkYXRlTWV0YWRhdGEobWV0YWRhdGE6IGFueSk6IFZhbGlkYXRpb25SZXN1bHQge1xuICAgIGNvbnN0IGRldGVjdGVkUGF0dGVybnM6IHN0cmluZ1tdID0gW107XG5cbiAgICAvLyBDaGVjayBhbGwgc3RyaW5nIGZpZWxkcyBpbiBtZXRhZGF0YVxuICAgIGNvbnN0IGNoZWNrRmllbGQgPSAoZmllbGROYW1lOiBzdHJpbmcsIHZhbHVlOiBhbnkpID0+IHtcbiAgICAgIGlmICh0eXBlb2YgdmFsdWUgPT09ICdzdHJpbmcnKSB7XG4gICAgICAgIGNvbnN0IHJlc3VsdCA9IHRoaXMudmFsaWRhdGVBbmRTYW5pdGl6ZSh2YWx1ZSk7XG4gICAgICAgIGlmICghcmVzdWx0LmlzVmFsaWQgfHwgcmVzdWx0LmRldGVjdGVkUGF0dGVybnM/Lmxlbmd0aCkge1xuICAgICAgICAgIGRldGVjdGVkUGF0dGVybnMucHVzaChgJHtmaWVsZE5hbWV9OiAke3Jlc3VsdC5kZXRlY3RlZFBhdHRlcm5zPy5qb2luKCcsICcpfWApO1xuICAgICAgICB9XG4gICAgICB9XG4gICAgfTtcblxuICAgIC8vIFZhbGlkYXRlIHN0YW5kYXJkIHBlcnNvbmEgZmllbGRzXG4gICAgY2hlY2tGaWVsZCgnbmFtZScsIG1ldGFkYXRhLm5hbWUpO1xuICAgIGNoZWNrRmllbGQoJ2Rlc2NyaXB0aW9uJywgbWV0YWRhdGEuZGVzY3JpcHRpb24pO1xuICAgIGNoZWNrRmllbGQoJ2NhdGVnb3J5JywgbWV0YWRhdGEuY2F0ZWdvcnkpO1xuICAgIGNoZWNrRmllbGQoJ2F1dGhvcicsIG1ldGFkYXRhLmF1dGhvcik7XG4gICAgXG4gICAgLy8gQ2hlY2sgYW55IGN1c3RvbSBmaWVsZHNcbiAgICBmb3IgKGNvbnN0IFtrZXksIHZhbHVlXSBvZiBPYmplY3QuZW50cmllcyhtZXRhZGF0YSkpIHtcbiAgICAgIGlmICghWyduYW1lJywgJ2Rlc2NyaXB0aW9uJywgJ2NhdGVnb3J5JywgJ2F1dGhvciddLmluY2x1ZGVzKGtleSkpIHtcbiAgICAgICAgY2hlY2tGaWVsZChrZXksIHZhbHVlKTtcbiAgICAgIH1cbiAgICB9XG5cbiAgICByZXR1cm4ge1xuICAgICAgaXNWYWxpZDogZGV0ZWN0ZWRQYXR0ZXJucy5sZW5ndGggPT09IDAsXG4gICAgICBkZXRlY3RlZFBhdHRlcm5zLFxuICAgICAgc2V2ZXJpdHk6IGRldGVjdGVkUGF0dGVybnMubGVuZ3RoID4gMCA/ICdoaWdoJyA6ICdsb3cnXG4gICAgfTtcbiAgfVxuXG4gIC8qKlxuICAgKiBTYW5pdGl6ZXMgYSBjb21wbGV0ZSBwZXJzb25hIGZpbGUgKGZyb250bWF0dGVyICsgY29udGVudClcbiAgICovXG4gIHN0YXRpYyBzYW5pdGl6ZVBlcnNvbmFDb250ZW50KGNvbnRlbnQ6IHN0cmluZyk6IHN0cmluZyB7XG4gICAgLy8gRXh0cmFjdCBmcm9udG1hdHRlclxuICAgIGNvbnN0IGZyb250bWF0dGVyTWF0Y2ggPSBjb250ZW50Lm1hdGNoKC9eLS0tXFxuKFtcXHNcXFNdKj8pXFxuLS0tLyk7XG4gICAgXG4gICAgaWYgKCFmcm9udG1hdHRlck1hdGNoKSB7XG4gICAgICAvLyBObyBmcm9udG1hdHRlciwganVzdCB2YWxpZGF0ZSBjb250ZW50XG4gICAgICBjb25zdCByZXN1bHQgPSB0aGlzLnZhbGlkYXRlQW5kU2FuaXRpemUoY29udGVudCk7XG4gICAgICBpZiAoIXJlc3VsdC5pc1ZhbGlkICYmIHJlc3VsdC5zZXZlcml0eSA9PT0gJ2NyaXRpY2FsJykge1xuICAgICAgICB0aHJvdyBuZXcgU2VjdXJpdHlFcnJvcignQ3JpdGljYWwgc2VjdXJpdHkgdGhyZWF0IGRldGVjdGVkIGluIHBlcnNvbmEgY29udGVudCcpO1xuICAgICAgfVxuICAgICAgcmV0dXJuIHJlc3VsdC5zYW5pdGl6ZWRDb250ZW50IHx8IGNvbnRlbnQ7XG4gICAgfVxuXG4gICAgY29uc3QgeWFtbENvbnRlbnQgPSBmcm9udG1hdHRlck1hdGNoWzFdO1xuICAgIGNvbnN0IG1hcmtkb3duQ29udGVudCA9IGNvbnRlbnQuc3Vic3RyaW5nKGZyb250bWF0dGVyTWF0Y2hbMF0ubGVuZ3RoKTtcblxuICAgIC8vIFZhbGlkYXRlIFlBTUxcbiAgICBpZiAoIXRoaXMudmFsaWRhdGVZYW1sQ29udGVudCh5YW1sQ29udGVudCkpIHtcbiAgICAgIHRocm93IG5ldyBTZWN1cml0eUVycm9yKCdNYWxpY2lvdXMgWUFNTCBkZXRlY3RlZCBpbiBwZXJzb25hIGZyb250bWF0dGVyJyk7XG4gICAgfVxuXG4gICAgLy8gVmFsaWRhdGUgbWFya2Rvd24gY29udGVudFxuICAgIGNvbnN0IGNvbnRlbnRSZXN1bHQgPSB0aGlzLnZhbGlkYXRlQW5kU2FuaXRpemUobWFya2Rvd25Db250ZW50KTtcbiAgICBpZiAoIWNvbnRlbnRSZXN1bHQuaXNWYWxpZCAmJiBjb250ZW50UmVzdWx0LnNldmVyaXR5ID09PSAnY3JpdGljYWwnKSB7XG4gICAgICB0aHJvdyBuZXcgU2VjdXJpdHlFcnJvcignQ3JpdGljYWwgc2VjdXJpdHkgdGhyZWF0IGRldGVjdGVkIGluIHBlcnNvbmEgY29udGVudCcpO1xuICAgIH1cblxuICAgIC8vIFJldHVybiBzYW5pdGl6ZWQgY29udGVudFxuICAgIHJldHVybiBgLS0tXFxuJHt5YW1sQ29udGVudH1cXG4tLS0ke2NvbnRlbnRSZXN1bHQuc2FuaXRpemVkQ29udGVudCB8fCBtYXJrZG93bkNvbnRlbnR9YDtcbiAgfVxufSJdfQ==

package/dist/src/security/fileLockManager.d.ts

@@ -0,0 +1,70 @@
+/**
+ * FileLockManager - Prevents race conditions in concurrent file operations
+ *
+ * Features:
+ * - Resource-based locking with automatic cleanup
+ * - Configurable timeouts to prevent deadlocks
+ * - Atomic file operations with write-rename pattern
+ * - Lock queueing for concurrent requests
+ * - Comprehensive error handling and logging
+ * - Performance metrics tracking
+ */
+export declare class FileLockManager {
+    private static locks;
+    private static metrics;
+    private static readonly DEFAULT_TIMEOUT_MS;
+    private static readonly TEMP_DIR;
+    /**
+     * Execute an operation with exclusive lock on a resource
+     * @param resource - Unique identifier for the resource (e.g., 'persona:name')
+     * @param operation - Async function to execute while holding the lock
+     * @param options - Lock options including timeout
+     * @returns Result of the operation
+     */
+    static withLock<T>(resource: string, operation: () => Promise<T>, options?: {
+        timeout?: number;
+    }): Promise<T>;
+    /**
+     * Execute operation with timeout protection
+     */
+    private static executeWithTimeout;
+    /**
+     * Perform atomic file write operation
+     * Writes to temporary file then renames to ensure atomicity
+     */
+    static atomicWriteFile(filePath: string, content: string, options?: {
+        encoding?: BufferEncoding;
+    }): Promise<void>;
+    /**
+     * Perform atomic file read with lock
+     */
+    static atomicReadFile(filePath: string, options?: {
+        encoding?: BufferEncoding;
+    }): Promise<string>;
+    /**
+     * Generate temporary file path for atomic operations
+     */
+    private static getTempFilePath;
+    /**
+     * Get lock metrics for monitoring
+     */
+    static getMetrics(): {
+        totalRequests: number;
+        activeLocksCount: number;
+        timeouts: number;
+        concurrentWaits: number;
+        avgWaitTimeByResource: {
+            [k: string]: number;
+        };
+        activeLocks: string[];
+    };
+    /**
+     * Clear all locks (use with caution - mainly for testing)
+     */
+    static clearAllLocks(): void;
+    /**
+     * Reset metrics
+     */
+    static resetMetrics(): void;
+}
+//# sourceMappingURL=fileLockManager.d.ts.map

package/dist/src/security/fileLockManager.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"fileLockManager.d.ts","sourceRoot":"","sources":["../../../src/security/fileLockManager.ts"],"names":[],"mappings":"AAKA;;;;;;;;;;GAUG;AACH,qBAAa,eAAe;IAE1B,OAAO,CAAC,MAAM,CAAC,KAAK,CAAmC;IAGvD,OAAO,CAAC,MAAM,CAAC,OAAO,CAKpB;IAGF,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,kBAAkB,CAAS;IAGnD,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,QAAQ,CAAU;IAE1C;;;;;;OAMG;WACU,QAAQ,CAAC,CAAC,EACrB,QAAQ,EAAE,MAAM,EAChB,SAAS,EAAE,MAAM,OAAO,CAAC,CAAC,CAAC,EAC3B,OAAO,GAAE;QAAE,OAAO,CAAC,EAAE,MAAM,CAAA;KAAO,GACjC,OAAO,CAAC,CAAC,CAAC;IA+Cb;;OAEG;mBACkB,kBAAkB;IAwBvC;;;OAGG;WACU,eAAe,CAC1B,QAAQ,EAAE,MAAM,EAChB,OAAO,EAAE,MAAM,EACf,OAAO,CAAC,EAAE;QAAE,QAAQ,CAAC,EAAE,cAAc,CAAA;KAAE,GACtC,OAAO,CAAC,IAAI,CAAC;IA4BhB;;OAEG;WACU,cAAc,CACzB,QAAQ,EAAE,MAAM,EAChB,OAAO,CAAC,EAAE;QAAE,QAAQ,CAAC,EAAE,cAAc,CAAA;KAAE,GACtC,OAAO,CAAC,MAAM,CAAC;IAOlB;;OAEG;mBACkB,eAAe;IAOpC;;OAEG;IACH,MAAM,CAAC,UAAU;;;;;;;;;;IAmBjB;;OAEG;IACH,MAAM,CAAC,aAAa,IAAI,IAAI;IAK5B;;OAEG;IACH,MAAM,CAAC,YAAY,IAAI,IAAI;CAQ5B"}

package/dist/src/security/fileLockManager.js

@@ -0,0 +1,187 @@
+import { logger } from '../utils/logger.js';
+import * as fs from 'fs/promises';
+import * as path from 'path';
+import { randomBytes } from 'crypto';
+/**
+ * FileLockManager - Prevents race conditions in concurrent file operations
+ *
+ * Features:
+ * - Resource-based locking with automatic cleanup
+ * - Configurable timeouts to prevent deadlocks
+ * - Atomic file operations with write-rename pattern
+ * - Lock queueing for concurrent requests
+ * - Comprehensive error handling and logging
+ * - Performance metrics tracking
+ */
+export class FileLockManager {
+    // Map of resource identifiers to their lock promises
+    static locks = new Map();
+    // Lock acquisition metrics for monitoring
+    static metrics = {
+        totalLockRequests: 0,
+        lockWaitTime: new Map(),
+        lockTimeouts: 0,
+        concurrentWaits: 0
+    };
+    // Default timeout for lock operations (10 seconds)
+    static DEFAULT_TIMEOUT_MS = 10000;
+    // Temporary file directory
+    static TEMP_DIR = '.tmp';
+    /**
+     * Execute an operation with exclusive lock on a resource
+     * @param resource - Unique identifier for the resource (e.g., 'persona:name')
+     * @param operation - Async function to execute while holding the lock
+     * @param options - Lock options including timeout
+     * @returns Result of the operation
+     */
+    static async withLock(resource, operation, options = {}) {
+        const startTime = Date.now();
+        this.metrics.totalLockRequests++;
+        logger.debug(`Lock requested for resource: ${resource}`);
+        // Wait for any existing operation on this resource
+        const existingLock = this.locks.get(resource);
+        if (existingLock) {
+            this.metrics.concurrentWaits++;
+            logger.debug(`Waiting for existing lock on: ${resource}`);
+            try {
+                await existingLock;
+            }
+            catch (error) {
+                // Previous operation failed, but we can proceed
+                logger.debug(`Previous operation on ${resource} failed, proceeding`);
+            }
+        }
+        // Create new lock for this operation
+        const timeout = options.timeout || this.DEFAULT_TIMEOUT_MS;
+        const lockPromise = this.executeWithTimeout(operation, timeout, resource);
+        this.locks.set(resource, lockPromise);
+        try {
+            const result = await lockPromise;
+            // Record metrics
+            const waitTime = Date.now() - startTime;
+            if (!this.metrics.lockWaitTime.has(resource)) {
+                this.metrics.lockWaitTime.set(resource, []);
+            }
+            this.metrics.lockWaitTime.get(resource).push(waitTime);
+            logger.debug(`Lock released for resource: ${resource} (${waitTime}ms)`);
+            return result;
+        }
+        finally {
+            // Clean up lock atomically - compare and delete in one operation
+            const currentLock = this.locks.get(resource);
+            if (currentLock === lockPromise) {
+                this.locks.delete(resource);
+                logger.debug(`Lock queue cleaned up for resource: ${resource}`);
+            }
+        }
+    }
+    /**
+     * Execute operation with timeout protection
+     */
+    static async executeWithTimeout(operation, timeoutMs, resource) {
+        let timeoutHandle;
+        const timeoutPromise = new Promise((_, reject) => {
+            timeoutHandle = setTimeout(() => {
+                this.metrics.lockTimeouts++;
+                reject(new Error(`Lock operation timeout for resource: ${resource}`));
+            }, timeoutMs);
+        });
+        try {
+            const result = await Promise.race([operation(), timeoutPromise]);
+            if (timeoutHandle)
+                clearTimeout(timeoutHandle);
+            return result;
+        }
+        catch (error) {
+            if (timeoutHandle)
+                clearTimeout(timeoutHandle);
+            throw error;
+        }
+    }
+    /**
+     * Perform atomic file write operation
+     * Writes to temporary file then renames to ensure atomicity
+     */
+    static async atomicWriteFile(filePath, content, options) {
+        const tempPath = await this.getTempFilePath(filePath);
+        const dir = path.dirname(tempPath);
+        try {
+            // Ensure temp directory exists
+            await fs.mkdir(dir, { recursive: true });
+            // Write to temporary file
+            await fs.writeFile(tempPath, content, options);
+            // Atomic rename (on same filesystem)
+            await fs.rename(tempPath, filePath);
+            logger.debug(`Atomic write completed: ${filePath}`);
+        }
+        catch (error) {
+            // Clean up temp file on error
+            try {
+                await fs.unlink(tempPath);
+                logger.debug(`Cleaned up temp file after error: ${tempPath}`);
+            }
+            catch (unlinkError) {
+                // Log cleanup failure but don't throw - original error is more important
+                logger.warn(`Failed to clean up temp file ${tempPath}: ${unlinkError}`);
+            }
+            throw error;
+        }
+    }
+    /**
+     * Perform atomic file read with lock
+     */
+    static async atomicReadFile(filePath, options) {
+        return this.withLock(`file:${filePath}`, async () => {
+            const content = await fs.readFile(filePath, options);
+            return content.toString();
+        });
+    }
+    /**
+     * Generate temporary file path for atomic operations
+     */
+    static async getTempFilePath(originalPath) {
+        const dir = path.dirname(originalPath);
+        const basename = path.basename(originalPath);
+        const random = randomBytes(8).toString('hex');
+        return path.join(dir, this.TEMP_DIR, `${basename}.${random}.tmp`);
+    }
+    /**
+     * Get lock metrics for monitoring
+     */
+    static getMetrics() {
+        const avgWaitTimes = new Map();
+        for (const [resource, times] of this.metrics.lockWaitTime.entries()) {
+            if (times.length > 0) {
+                const avg = times.reduce((a, b) => a + b, 0) / times.length;
+                avgWaitTimes.set(resource, Math.round(avg));
+            }
+        }
+        return {
+            totalRequests: this.metrics.totalLockRequests,
+            activeLocksCount: this.locks.size,
+            timeouts: this.metrics.lockTimeouts,
+            concurrentWaits: this.metrics.concurrentWaits,
+            avgWaitTimeByResource: Object.fromEntries(avgWaitTimes),
+            activeLocks: Array.from(this.locks.keys())
+        };
+    }
+    /**
+     * Clear all locks (use with caution - mainly for testing)
+     */
+    static clearAllLocks() {
+        this.locks.clear();
+        logger.warn('All file locks cleared - use only for testing/recovery');
+    }
+    /**
+     * Reset metrics
+     */
+    static resetMetrics() {
+        this.metrics = {
+            totalLockRequests: 0,
+            lockWaitTime: new Map(),
+            lockTimeouts: 0,
+            concurrentWaits: 0
+        };
+    }
+}
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiZmlsZUxvY2tNYW5hZ2VyLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vLi4vc3JjL3NlY3VyaXR5L2ZpbGVMb2NrTWFuYWdlci50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiQUFBQSxPQUFPLEVBQUUsTUFBTSxFQUFFLE1BQU0sb0JBQW9CLENBQUM7QUFDNUMsT0FBTyxLQUFLLEVBQUUsTUFBTSxhQUFhLENBQUM7QUFDbEMsT0FBTyxLQUFLLElBQUksTUFBTSxNQUFNLENBQUM7QUFDN0IsT0FBTyxFQUFFLFdBQVcsRUFBRSxNQUFNLFFBQVEsQ0FBQztBQUVyQzs7Ozs7Ozs7OztHQVVHO0FBQ0gsTUFBTSxPQUFPLGVBQWU7SUFDMUIscURBQXFEO0lBQzdDLE1BQU0sQ0FBQyxLQUFLLEdBQUcsSUFBSSxHQUFHLEVBQXdCLENBQUM7SUFFdkQsMENBQTBDO0lBQ2xDLE1BQU0sQ0FBQyxPQUFPLEdBQUc7UUFDdkIsaUJBQWlCLEVBQUUsQ0FBQztRQUNwQixZQUFZLEVBQUUsSUFBSSxHQUFHLEVBQW9CO1FBQ3pDLFlBQVksRUFBRSxDQUFDO1FBQ2YsZUFBZSxFQUFFLENBQUM7S0FDbkIsQ0FBQztJQUVGLG1EQUFtRDtJQUMzQyxNQUFNLENBQVUsa0JBQWtCLEdBQUcsS0FBSyxDQUFDO0lBRW5ELDJCQUEyQjtJQUNuQixNQUFNLENBQVUsUUFBUSxHQUFHLE1BQU0sQ0FBQztJQUUxQzs7Ozs7O09BTUc7SUFDSCxNQUFNLENBQUMsS0FBSyxDQUFDLFFBQVEsQ0FDbkIsUUFBZ0IsRUFDaEIsU0FBMkIsRUFDM0IsVUFBZ0MsRUFBRTtRQUVsQyxNQUFNLFNBQVMsR0FBRyxJQUFJLENBQUMsR0FBRyxFQUFFLENBQUM7UUFDN0IsSUFBSSxDQUFDLE9BQU8sQ0FBQyxpQkFBaUIsRUFBRSxDQUFDO1FBRWpDLE1BQU0sQ0FBQyxLQUFLLENBQUMsZ0NBQWdDLFFBQVEsRUFBRSxDQUFDLENBQUM7UUFFekQsbURBQW1EO1FBQ25ELE1BQU0sWUFBWSxHQUFHLElBQUksQ0FBQyxLQUFLLENBQUMsR0FBRyxDQUFDLFFBQVEsQ0FBQyxDQUFDO1FBQzlDLElBQUksWUFBWSxFQUFFLENBQUM7WUFDakIsSUFBSSxDQUFDLE9BQU8sQ0FBQyxlQUFlLEVBQUUsQ0FBQztZQUMvQixNQUFNLENBQUMsS0FBSyxDQUFDLGlDQUFpQyxRQUFRLEVBQUUsQ0FBQyxDQUFDO1lBRTFELElBQUksQ0FBQztnQkFDSCxNQUFNLFlBQVksQ0FBQztZQUNyQixDQUFDO1lBQUMsT0FBTyxLQUFLLEVBQUUsQ0FBQztnQkFDZixnREFBZ0Q7Z0JBQ2hELE1BQU0sQ0FBQyxLQUFLLENBQUMseUJBQXlCLFFBQVEscUJBQXFCLENBQUMsQ0FBQztZQUN2RSxDQUFDO1FBQ0gsQ0FBQztRQUVELHFDQUFxQztRQUNyQyxNQUFNLE9BQU8sR0FBRyxPQUFPLENBQUMsT0FBTyxJQUFJLElBQUksQ0FBQyxrQkFBa0IsQ0FBQztRQUMzRCxNQUFNLFdBQVcsR0FBRyxJQUFJLENBQUMsa0JBQWtCLENBQUMsU0FBUyxFQUFFLE9BQU8sRUFBRSxRQUFRLENBQUMsQ0FBQztRQUMxRSxJQUFJLENBQUMsS0FBSyxDQUFDLEdBQUcsQ0FBQyxRQUFRLEVBQUUsV0FBVyxDQUFDLENBQUM7UUFFdEMsSUFBSSxDQUFDO1lBQ0gsTUFBTSxNQUFNLEdBQUcsTUFBTSxXQUFXLENBQUM7WUFFakMsaUJBQWlCO1lBQ2pCLE1BQU0sUUFBUSxHQUFHLElBQUksQ0FBQyxHQUFHLEVBQUUsR0FBRyxTQUFTLENBQUM7WUFDeEMsSUFBSSxDQUFDLElBQUksQ0FBQyxPQUFPLENBQUMsWUFBWSxDQUFDLEdBQUcsQ0FBQyxRQUFRLENBQUMsRUFBRSxDQUFDO2dCQUM3QyxJQUFJLENBQUMsT0FBTyxDQUFDLFlBQVksQ0FBQyxHQUFHLENBQUMsUUFBUSxFQUFFLEVBQUUsQ0FBQyxDQUFDO1lBQzlDLENBQUM7WUFDRCxJQUFJLENBQUMsT0FBTyxDQUFDLFlBQVksQ0FBQyxHQUFHLENBQUMsUUFBUSxDQUFFLENBQUMsSUFBSSxDQUFDLFFBQVEsQ0FBQyxDQUFDO1lBRXhELE1BQU0sQ0FBQyxLQUFLLENBQUMsK0JBQStCLFFBQVEsS0FBSyxRQUFRLEtBQUssQ0FBQyxDQUFDO1lBQ3hFLE9BQU8sTUFBTSxDQUFDO1FBQ2hCLENBQUM7Z0JBQVMsQ0FBQztZQUNULGlFQUFpRTtZQUNqRSxNQUFNLFdBQVcsR0FBRyxJQUFJLENBQUMsS0FBSyxDQUFDLEdBQUcsQ0FBQyxRQUFRLENBQUMsQ0FBQztZQUM3QyxJQUFJLFdBQVcsS0FBSyxXQUFXLEVBQUUsQ0FBQztnQkFDaEMsSUFBSSxDQUFDLEtBQUssQ0FBQyxNQUFNLENBQUMsUUFBUSxDQUFDLENBQUM7Z0JBQzVCLE1BQU0sQ0FBQyxLQUFLLENBQUMsdUNBQXVDLFFBQVEsRUFBRSxDQUFDLENBQUM7WUFDbEUsQ0FBQztRQUNILENBQUM7SUFDSCxDQUFDO0lBRUQ7O09BRUc7SUFDSyxNQUFNLENBQUMsS0FBSyxDQUFDLGtCQUFrQixDQUNyQyxTQUEyQixFQUMzQixTQUFpQixFQUNqQixRQUFnQjtRQUVoQixJQUFJLGFBQXlDLENBQUM7UUFFOUMsTUFBTSxjQUFjLEdBQUcsSUFBSSxPQUFPLENBQVEsQ0FBQyxDQUFDLEVBQUUsTUFBTSxFQUFFLEVBQUU7WUFDdEQsYUFBYSxHQUFHLFVBQVUsQ0FBQyxHQUFHLEVBQUU7Z0JBQzlCLElBQUksQ0FBQyxPQUFPLENBQUMsWUFBWSxFQUFFLENBQUM7Z0JBQzVCLE1BQU0sQ0FBQyxJQUFJLEtBQUssQ0FBQyx3Q0FBd0MsUUFBUSxFQUFFLENBQUMsQ0FBQyxDQUFDO1lBQ3hFLENBQUMsRUFBRSxTQUFTLENBQUMsQ0FBQztRQUNoQixDQUFDLENBQUMsQ0FBQztRQUVILElBQUksQ0FBQztZQUNILE1BQU0sTUFBTSxHQUFHLE1BQU0sT0FBTyxDQUFDLElBQUksQ0FBQyxDQUFDLFNBQVMsRUFBRSxFQUFFLGNBQWMsQ0FBQyxDQUFDLENBQUM7WUFDakUsSUFBSSxhQUFhO2dCQUFFLFlBQVksQ0FBQyxhQUFhLENBQUMsQ0FBQztZQUMvQyxPQUFPLE1BQU0sQ0FBQztRQUNoQixDQUFDO1FBQUMsT0FBTyxLQUFLLEVBQUUsQ0FBQztZQUNmLElBQUksYUFBYTtnQkFBRSxZQUFZLENBQUMsYUFBYSxDQUFDLENBQUM7WUFDL0MsTUFBTSxLQUFLLENBQUM7UUFDZCxDQUFDO0lBQ0gsQ0FBQztJQUVEOzs7T0FHRztJQUNILE1BQU0sQ0FBQyxLQUFLLENBQUMsZUFBZSxDQUMxQixRQUFnQixFQUNoQixPQUFlLEVBQ2YsT0FBdUM7UUFFdkMsTUFBTSxRQUFRLEdBQUcsTUFBTSxJQUFJLENBQUMsZUFBZSxDQUFDLFFBQVEsQ0FBQyxDQUFDO1FBQ3RELE1BQU0sR0FBRyxHQUFHLElBQUksQ0FBQyxPQUFPLENBQUMsUUFBUSxDQUFDLENBQUM7UUFFbkMsSUFBSSxDQUFDO1lBQ0gsK0JBQStCO1lBQy9CLE1BQU0sRUFBRSxDQUFDLEtBQUssQ0FBQyxHQUFHLEVBQUUsRUFBRSxTQUFTLEVBQUUsSUFBSSxFQUFFLENBQUMsQ0FBQztZQUV6QywwQkFBMEI7WUFDMUIsTUFBTSxFQUFFLENBQUMsU0FBUyxDQUFDLFFBQVEsRUFBRSxPQUFPLEVBQUUsT0FBTyxDQUFDLENBQUM7WUFFL0MscUNBQXFDO1lBQ3JDLE1BQU0sRUFBRSxDQUFDLE1BQU0sQ0FBQyxRQUFRLEVBQUUsUUFBUSxDQUFDLENBQUM7WUFFcEMsTUFBTSxDQUFDLEtBQUssQ0FBQywyQkFBMkIsUUFBUSxFQUFFLENBQUMsQ0FBQztRQUN0RCxDQUFDO1FBQUMsT0FBTyxLQUFLLEVBQUUsQ0FBQztZQUNmLDhCQUE4QjtZQUM5QixJQUFJLENBQUM7Z0JBQ0gsTUFBTSxFQUFFLENBQUMsTUFBTSxDQUFDLFFBQVEsQ0FBQyxDQUFDO2dCQUMxQixNQUFNLENBQUMsS0FBSyxDQUFDLHFDQUFxQyxRQUFRLEVBQUUsQ0FBQyxDQUFDO1lBQ2hFLENBQUM7WUFBQyxPQUFPLFdBQVcsRUFBRSxDQUFDO2dCQUNyQix5RUFBeUU7Z0JBQ3pFLE1BQU0sQ0FBQyxJQUFJLENBQUMsZ0NBQWdDLFFBQVEsS0FBSyxXQUFXLEVBQUUsQ0FBQyxDQUFDO1lBQzFFLENBQUM7WUFDRCxNQUFNLEtBQUssQ0FBQztRQUNkLENBQUM7SUFDSCxDQUFDO0lBRUQ7O09BRUc7SUFDSCxNQUFNLENBQUMsS0FBSyxDQUFDLGNBQWMsQ0FDekIsUUFBZ0IsRUFDaEIsT0FBdUM7UUFFdkMsT0FBTyxJQUFJLENBQUMsUUFBUSxDQUFDLFFBQVEsUUFBUSxFQUFFLEVBQUUsS0FBSyxJQUFJLEVBQUU7WUFDbEQsTUFBTSxPQUFPLEdBQUcsTUFBTSxFQUFFLENBQUMsUUFBUSxDQUFDLFFBQVEsRUFBRSxPQUFPLENBQUMsQ0FBQztZQUNyRCxPQUFPLE9BQU8sQ0FBQyxRQUFRLEVBQUUsQ0FBQztRQUM1QixDQUFDLENBQUMsQ0FBQztJQUNMLENBQUM7SUFFRDs7T0FFRztJQUNLLE1BQU0sQ0FBQyxLQUFLLENBQUMsZUFBZSxDQUFDLFlBQW9CO1FBQ3ZELE1BQU0sR0FBRyxHQUFHLElBQUksQ0FBQyxPQUFPLENBQUMsWUFBWSxDQUFDLENBQUM7UUFDdkMsTUFBTSxRQUFRLEdBQUcsSUFBSSxDQUFDLFFBQVEsQ0FBQyxZQUFZLENBQUMsQ0FBQztRQUM3QyxNQUFNLE1BQU0sR0FBRyxXQUFXLENBQUMsQ0FBQyxDQUFDLENBQUMsUUFBUSxDQUFDLEtBQUssQ0FBQyxDQUFDO1FBQzlDLE9BQU8sSUFBSSxDQUFDLElBQUksQ0FBQyxHQUFHLEVBQUUsSUFBSSxDQUFDLFFBQVEsRUFBRSxHQUFHLFFBQVEsSUFBSSxNQUFNLE1BQU0sQ0FBQyxDQUFDO0lBQ3BFLENBQUM7SUFFRDs7T0FFRztJQUNILE1BQU0sQ0FBQyxVQUFVO1FBQ2YsTUFBTSxZQUFZLEdBQUcsSUFBSSxHQUFHLEVBQWtCLENBQUM7UUFDL0MsS0FBSyxNQUFNLENBQUMsUUFBUSxFQUFFLEtBQUssQ0FBQyxJQUFJLElBQUksQ0FBQyxPQUFPLENBQUMsWUFBWSxDQUFDLE9BQU8sRUFBRSxFQUFFLENBQUM7WUFDcEUsSUFBSSxLQUFLLENBQUMsTUFBTSxHQUFHLENBQUMsRUFBRSxDQUFDO2dCQUNyQixNQUFNLEdBQUcsR0FBRyxLQUFLLENBQUMsTUFBTSxDQUFDLENBQUMsQ0FBQyxFQUFFLENBQUMsRUFBRSxFQUFFLENBQUMsQ0FBQyxHQUFHLENBQUMsRUFBRSxDQUFDLENBQUMsR0FBRyxLQUFLLENBQUMsTUFBTSxDQUFDO2dCQUM1RCxZQUFZLENBQUMsR0FBRyxDQUFDLFFBQVEsRUFBRSxJQUFJLENBQUMsS0FBSyxDQUFDLEdBQUcsQ0FBQyxDQUFDLENBQUM7WUFDOUMsQ0FBQztRQUNILENBQUM7UUFFRCxPQUFPO1lBQ0wsYUFBYSxFQUFFLElBQUksQ0FBQyxPQUFPLENBQUMsaUJBQWlCO1lBQzdDLGdCQUFnQixFQUFFLElBQUksQ0FBQyxLQUFLLENBQUMsSUFBSTtZQUNqQyxRQUFRLEVBQUUsSUFBSSxDQUFDLE9BQU8sQ0FBQyxZQUFZO1lBQ25DLGVBQWUsRUFBRSxJQUFJLENBQUMsT0FBTyxDQUFDLGVBQWU7WUFDN0MscUJBQXFCLEVBQUUsTUFBTSxDQUFDLFdBQVcsQ0FBQyxZQUFZLENBQUM7WUFDdkQsV0FBVyxFQUFFLEtBQUssQ0FBQyxJQUFJLENBQUMsSUFBSSxDQUFDLEtBQUssQ0FBQyxJQUFJLEVBQUUsQ0FBQztTQUMzQyxDQUFDO0lBQ0osQ0FBQztJQUVEOztPQUVHO0lBQ0gsTUFBTSxDQUFDLGFBQWE7UUFDbEIsSUFBSSxDQUFDLEtBQUssQ0FBQyxLQUFLLEVBQUUsQ0FBQztRQUNuQixNQUFNLENBQUMsSUFBSSxDQUFDLHdEQUF3RCxDQUFDLENBQUM7SUFDeEUsQ0FBQztJQUVEOztPQUVHO0lBQ0gsTUFBTSxDQUFDLFlBQVk7UUFDakIsSUFBSSxDQUFDLE9BQU8sR0FBRztZQUNiLGlCQUFpQixFQUFFLENBQUM7WUFDcEIsWUFBWSxFQUFFLElBQUksR0FBRyxFQUFvQjtZQUN6QyxZQUFZLEVBQUUsQ0FBQztZQUNmLGVBQWUsRUFBRSxDQUFDO1NBQ25CLENBQUM7SUFDSixDQUFDIiwic291cmNlc0NvbnRlbnQiOlsiaW1wb3J0IHsgbG9nZ2VyIH0gZnJvbSAnLi4vdXRpbHMvbG9nZ2VyLmpzJztcbmltcG9ydCAqIGFzIGZzIGZyb20gJ2ZzL3Byb21pc2VzJztcbmltcG9ydCAqIGFzIHBhdGggZnJvbSAncGF0aCc7XG5pbXBvcnQgeyByYW5kb21CeXRlcyB9IGZyb20gJ2NyeXB0byc7XG5cbi8qKlxuICogRmlsZUxvY2tNYW5hZ2VyIC0gUHJldmVudHMgcmFjZSBjb25kaXRpb25zIGluIGNvbmN1cnJlbnQgZmlsZSBvcGVyYXRpb25zXG4gKiBcbiAqIEZlYXR1cmVzOlxuICogLSBSZXNvdXJjZS1iYXNlZCBsb2NraW5nIHdpdGggYXV0b21hdGljIGNsZWFudXBcbiAqIC0gQ29uZmlndXJhYmxlIHRpbWVvdXRzIHRvIHByZXZlbnQgZGVhZGxvY2tzXG4gKiAtIEF0b21pYyBmaWxlIG9wZXJhdGlvbnMgd2l0aCB3cml0ZS1yZW5hbWUgcGF0dGVyblxuICogLSBMb2NrIHF1ZXVlaW5nIGZvciBjb25jdXJyZW50IHJlcXVlc3RzXG4gKiAtIENvbXByZWhlbnNpdmUgZXJyb3IgaGFuZGxpbmcgYW5kIGxvZ2dpbmdcbiAqIC0gUGVyZm9ybWFuY2UgbWV0cmljcyB0cmFja2luZ1xuICovXG5leHBvcnQgY2xhc3MgRmlsZUxvY2tNYW5hZ2VyIHtcbiAgLy8gTWFwIG9mIHJlc291cmNlIGlkZW50aWZpZXJzIHRvIHRoZWlyIGxvY2sgcHJvbWlzZXNcbiAgcHJpdmF0ZSBzdGF0aWMgbG9ja3MgPSBuZXcgTWFwPHN0cmluZywgUHJvbWlzZTxhbnk+PigpO1xuICBcbiAgLy8gTG9jayBhY3F1aXNpdGlvbiBtZXRyaWNzIGZvciBtb25pdG9yaW5nXG4gIHByaXZhdGUgc3RhdGljIG1ldHJpY3MgPSB7XG4gICAgdG90YWxMb2NrUmVxdWVzdHM6IDAsXG4gICAgbG9ja1dhaXRUaW1lOiBuZXcgTWFwPHN0cmluZywgbnVtYmVyW10+KCksXG4gICAgbG9ja1RpbWVvdXRzOiAwLFxuICAgIGNvbmN1cnJlbnRXYWl0czogMFxuICB9O1xuXG4gIC8vIERlZmF1bHQgdGltZW91dCBmb3IgbG9jayBvcGVyYXRpb25zICgxMCBzZWNvbmRzKVxuICBwcml2YXRlIHN0YXRpYyByZWFkb25seSBERUZBVUxUX1RJTUVPVVRfTVMgPSAxMDAwMDtcbiAgXG4gIC8vIFRlbXBvcmFyeSBmaWxlIGRpcmVjdG9yeVxuICBwcml2YXRlIHN0YXRpYyByZWFkb25seSBURU1QX0RJUiA9ICcudG1wJztcblxuICAvKipcbiAgICogRXhlY3V0ZSBhbiBvcGVyYXRpb24gd2l0aCBleGNsdXNpdmUgbG9jayBvbiBhIHJlc291cmNlXG4gICAqIEBwYXJhbSByZXNvdXJjZSAtIFVuaXF1ZSBpZGVudGlmaWVyIGZvciB0aGUgcmVzb3VyY2UgKGUuZy4sICdwZXJzb25hOm5hbWUnKVxuICAgKiBAcGFyYW0gb3BlcmF0aW9uIC0gQXN5bmMgZnVuY3Rpb24gdG8gZXhlY3V0ZSB3aGlsZSBob2xkaW5nIHRoZSBsb2NrXG4gICAqIEBwYXJhbSBvcHRpb25zIC0gTG9jayBvcHRpb25zIGluY2x1ZGluZyB0aW1lb3V0XG4gICAqIEByZXR1cm5zIFJlc3VsdCBvZiB0aGUgb3BlcmF0aW9uXG4gICAqL1xuICBzdGF0aWMgYXN5bmMgd2l0aExvY2s8VD4oXG4gICAgcmVzb3VyY2U6IHN0cmluZyxcbiAgICBvcGVyYXRpb246ICgpID0+IFByb21pc2U8VD4sXG4gICAgb3B0aW9uczogeyB0aW1lb3V0PzogbnVtYmVyIH0gPSB7fVxuICApOiBQcm9taXNlPFQ+IHtcbiAgICBjb25zdCBzdGFydFRpbWUgPSBEYXRlLm5vdygpO1xuICAgIHRoaXMubWV0cmljcy50b3RhbExvY2tSZXF1ZXN0cysrO1xuICAgIFxuICAgIGxvZ2dlci5kZWJ1ZyhgTG9jayByZXF1ZXN0ZWQgZm9yIHJlc291cmNlOiAke3Jlc291cmNlfWApO1xuICAgIFxuICAgIC8vIFdhaXQgZm9yIGFueSBleGlzdGluZyBvcGVyYXRpb24gb24gdGhpcyByZXNvdXJjZVxuICAgIGNvbnN0IGV4aXN0aW5nTG9jayA9IHRoaXMubG9ja3MuZ2V0KHJlc291cmNlKTtcbiAgICBpZiAoZXhpc3RpbmdMb2NrKSB7XG4gICAgICB0aGlzLm1ldHJpY3MuY29uY3VycmVudFdhaXRzKys7XG4gICAgICBsb2dnZXIuZGVidWcoYFdhaXRpbmcgZm9yIGV4aXN0aW5nIGxvY2sgb246ICR7cmVzb3VyY2V9YCk7XG4gICAgICBcbiAgICAgIHRyeSB7XG4gICAgICAgIGF3YWl0IGV4aXN0aW5nTG9jaztcbiAgICAgIH0gY2F0Y2ggKGVycm9yKSB7XG4gICAgICAgIC8vIFByZXZpb3VzIG9wZXJhdGlvbiBmYWlsZWQsIGJ1dCB3ZSBjYW4gcHJvY2VlZFxuICAgICAgICBsb2dnZXIuZGVidWcoYFByZXZpb3VzIG9wZXJhdGlvbiBvbiAke3Jlc291cmNlfSBmYWlsZWQsIHByb2NlZWRpbmdgKTtcbiAgICAgIH1cbiAgICB9XG4gICAgXG4gICAgLy8gQ3JlYXRlIG5ldyBsb2NrIGZvciB0aGlzIG9wZXJhdGlvblxuICAgIGNvbnN0IHRpbWVvdXQgPSBvcHRpb25zLnRpbWVvdXQgfHwgdGhpcy5ERUZBVUxUX1RJTUVPVVRfTVM7XG4gICAgY29uc3QgbG9ja1Byb21pc2UgPSB0aGlzLmV4ZWN1dGVXaXRoVGltZW91dChvcGVyYXRpb24sIHRpbWVvdXQsIHJlc291cmNlKTtcbiAgICB0aGlzLmxvY2tzLnNldChyZXNvdXJjZSwgbG9ja1Byb21pc2UpO1xuICAgIFxuICAgIHRyeSB7XG4gICAgICBjb25zdCByZXN1bHQgPSBhd2FpdCBsb2NrUHJvbWlzZTtcbiAgICAgIFxuICAgICAgLy8gUmVjb3JkIG1ldHJpY3NcbiAgICAgIGNvbnN0IHdhaXRUaW1lID0gRGF0ZS5ub3coKSAtIHN0YXJ0VGltZTtcbiAgICAgIGlmICghdGhpcy5tZXRyaWNzLmxvY2tXYWl0VGltZS5oYXMocmVzb3VyY2UpKSB7XG4gICAgICAgIHRoaXMubWV0cmljcy5sb2NrV2FpdFRpbWUuc2V0KHJlc291cmNlLCBbXSk7XG4gICAgICB9XG4gICAgICB0aGlzLm1ldHJpY3MubG9ja1dhaXRUaW1lLmdldChyZXNvdXJjZSkhLnB1c2god2FpdFRpbWUpO1xuICAgICAgXG4gICAgICBsb2dnZXIuZGVidWcoYExvY2sgcmVsZWFzZWQgZm9yIHJlc291cmNlOiAke3Jlc291cmNlfSAoJHt3YWl0VGltZX1tcylgKTtcbiAgICAgIHJldHVybiByZXN1bHQ7XG4gICAgfSBmaW5hbGx5IHtcbiAgICAgIC8vIENsZWFuIHVwIGxvY2sgYXRvbWljYWxseSAtIGNvbXBhcmUgYW5kIGRlbGV0ZSBpbiBvbmUgb3BlcmF0aW9uXG4gICAgICBjb25zdCBjdXJyZW50TG9jayA9IHRoaXMubG9ja3MuZ2V0KHJlc291cmNlKTtcbiAgICAgIGlmIChjdXJyZW50TG9jayA9PT0gbG9ja1Byb21pc2UpIHtcbiAgICAgICAgdGhpcy5sb2Nrcy5kZWxldGUocmVzb3VyY2UpO1xuICAgICAgICBsb2dnZXIuZGVidWcoYExvY2sgcXVldWUgY2xlYW5lZCB1cCBmb3IgcmVzb3VyY2U6ICR7cmVzb3VyY2V9YCk7XG4gICAgICB9XG4gICAgfVxuICB9XG5cbiAgLyoqXG4gICAqIEV4ZWN1dGUgb3BlcmF0aW9uIHdpdGggdGltZW91dCBwcm90ZWN0aW9uXG4gICAqL1xuICBwcml2YXRlIHN0YXRpYyBhc3luYyBleGVjdXRlV2l0aFRpbWVvdXQ8VD4oXG4gICAgb3BlcmF0aW9uOiAoKSA9PiBQcm9taXNlPFQ+LFxuICAgIHRpbWVvdXRNczogbnVtYmVyLFxuICAgIHJlc291cmNlOiBzdHJpbmdcbiAgKTogUHJvbWlzZTxUPiB7XG4gICAgbGV0IHRpbWVvdXRIYW5kbGU6IE5vZGVKUy5UaW1lb3V0IHwgdW5kZWZpbmVkO1xuICAgIFxuICAgIGNvbnN0IHRpbWVvdXRQcm9taXNlID0gbmV3IFByb21pc2U8bmV2ZXI+KChfLCByZWplY3QpID0+IHtcbiAgICAgIHRpbWVvdXRIYW5kbGUgPSBzZXRUaW1lb3V0KCgpID0+IHtcbiAgICAgICAgdGhpcy5tZXRyaWNzLmxvY2tUaW1lb3V0cysrO1xuICAgICAgICByZWplY3QobmV3IEVycm9yKGBMb2NrIG9wZXJhdGlvbiB0aW1lb3V0IGZvciByZXNvdXJjZTogJHtyZXNvdXJjZX1gKSk7XG4gICAgICB9LCB0aW1lb3V0TXMpO1xuICAgIH0pO1xuICAgIFxuICAgIHRyeSB7XG4gICAgICBjb25zdCByZXN1bHQgPSBhd2FpdCBQcm9taXNlLnJhY2UoW29wZXJhdGlvbigpLCB0aW1lb3V0UHJvbWlzZV0pO1xuICAgICAgaWYgKHRpbWVvdXRIYW5kbGUpIGNsZWFyVGltZW91dCh0aW1lb3V0SGFuZGxlKTtcbiAgICAgIHJldHVybiByZXN1bHQ7XG4gICAgfSBjYXRjaCAoZXJyb3IpIHtcbiAgICAgIGlmICh0aW1lb3V0SGFuZGxlKSBjbGVhclRpbWVvdXQodGltZW91dEhhbmRsZSk7XG4gICAgICB0aHJvdyBlcnJvcjtcbiAgICB9XG4gIH1cblxuICAvKipcbiAgICogUGVyZm9ybSBhdG9taWMgZmlsZSB3cml0ZSBvcGVyYXRpb25cbiAgICogV3JpdGVzIHRvIHRlbXBvcmFyeSBmaWxlIHRoZW4gcmVuYW1lcyB0byBlbnN1cmUgYXRvbWljaXR5XG4gICAqL1xuICBzdGF0aWMgYXN5bmMgYXRvbWljV3JpdGVGaWxlKFxuICAgIGZpbGVQYXRoOiBzdHJpbmcsXG4gICAgY29udGVudDogc3RyaW5nLFxuICAgIG9wdGlvbnM/OiB7IGVuY29kaW5nPzogQnVmZmVyRW5jb2RpbmcgfVxuICApOiBQcm9taXNlPHZvaWQ+IHtcbiAgICBjb25zdCB0ZW1wUGF0aCA9IGF3YWl0IHRoaXMuZ2V0VGVtcEZpbGVQYXRoKGZpbGVQYXRoKTtcbiAgICBjb25zdCBkaXIgPSBwYXRoLmRpcm5hbWUodGVtcFBhdGgpO1xuICAgIFxuICAgIHRyeSB7XG4gICAgICAvLyBFbnN1cmUgdGVtcCBkaXJlY3RvcnkgZXhpc3RzXG4gICAgICBhd2FpdCBmcy5ta2RpcihkaXIsIHsgcmVjdXJzaXZlOiB0cnVlIH0pO1xuICAgICAgXG4gICAgICAvLyBXcml0ZSB0byB0ZW1wb3JhcnkgZmlsZVxuICAgICAgYXdhaXQgZnMud3JpdGVGaWxlKHRlbXBQYXRoLCBjb250ZW50LCBvcHRpb25zKTtcbiAgICAgIFxuICAgICAgLy8gQXRvbWljIHJlbmFtZSAob24gc2FtZSBmaWxlc3lzdGVtKVxuICAgICAgYXdhaXQgZnMucmVuYW1lKHRlbXBQYXRoLCBmaWxlUGF0aCk7XG4gICAgICBcbiAgICAgIGxvZ2dlci5kZWJ1ZyhgQXRvbWljIHdyaXRlIGNvbXBsZXRlZDogJHtmaWxlUGF0aH1gKTtcbiAgICB9IGNhdGNoIChlcnJvcikge1xuICAgICAgLy8gQ2xlYW4gdXAgdGVtcCBmaWxlIG9uIGVycm9yXG4gICAgICB0cnkge1xuICAgICAgICBhd2FpdCBmcy51bmxpbmsodGVtcFBhdGgpO1xuICAgICAgICBsb2dnZXIuZGVidWcoYENsZWFuZWQgdXAgdGVtcCBmaWxlIGFmdGVyIGVycm9yOiAke3RlbXBQYXRofWApO1xuICAgICAgfSBjYXRjaCAodW5saW5rRXJyb3IpIHtcbiAgICAgICAgLy8gTG9nIGNsZWFudXAgZmFpbHVyZSBidXQgZG9uJ3QgdGhyb3cgLSBvcmlnaW5hbCBlcnJvciBpcyBtb3JlIGltcG9ydGFudFxuICAgICAgICBsb2dnZXIud2FybihgRmFpbGVkIHRvIGNsZWFuIHVwIHRlbXAgZmlsZSAke3RlbXBQYXRofTogJHt1bmxpbmtFcnJvcn1gKTtcbiAgICAgIH1cbiAgICAgIHRocm93IGVycm9yO1xuICAgIH1cbiAgfVxuXG4gIC8qKlxuICAgKiBQZXJmb3JtIGF0b21pYyBmaWxlIHJlYWQgd2l0aCBsb2NrXG4gICAqL1xuICBzdGF0aWMgYXN5bmMgYXRvbWljUmVhZEZpbGUoXG4gICAgZmlsZVBhdGg6IHN0cmluZyxcbiAgICBvcHRpb25zPzogeyBlbmNvZGluZz86IEJ1ZmZlckVuY29kaW5nIH1cbiAgKTogUHJvbWlzZTxzdHJpbmc+IHtcbiAgICByZXR1cm4gdGhpcy53aXRoTG9jayhgZmlsZToke2ZpbGVQYXRofWAsIGFzeW5jICgpID0+IHtcbiAgICAgIGNvbnN0IGNvbnRlbnQgPSBhd2FpdCBmcy5yZWFkRmlsZShmaWxlUGF0aCwgb3B0aW9ucyk7XG4gICAgICByZXR1cm4gY29udGVudC50b1N0cmluZygpO1xuICAgIH0pO1xuICB9XG5cbiAgLyoqXG4gICAqIEdlbmVyYXRlIHRlbXBvcmFyeSBmaWxlIHBhdGggZm9yIGF0b21pYyBvcGVyYXRpb25zXG4gICAqL1xuICBwcml2YXRlIHN0YXRpYyBhc3luYyBnZXRUZW1wRmlsZVBhdGgob3JpZ2luYWxQYXRoOiBzdHJpbmcpOiBQcm9taXNlPHN0cmluZz4ge1xuICAgIGNvbnN0IGRpciA9IHBhdGguZGlybmFtZShvcmlnaW5hbFBhdGgpO1xuICAgIGNvbnN0IGJhc2VuYW1lID0gcGF0aC5iYXNlbmFtZShvcmlnaW5hbFBhdGgpO1xuICAgIGNvbnN0IHJhbmRvbSA9IHJhbmRvbUJ5dGVzKDgpLnRvU3RyaW5nKCdoZXgnKTtcbiAgICByZXR1cm4gcGF0aC5qb2luKGRpciwgdGhpcy5URU1QX0RJUiwgYCR7YmFzZW5hbWV9LiR7cmFuZG9tfS50bXBgKTtcbiAgfVxuXG4gIC8qKlxuICAgKiBHZXQgbG9jayBtZXRyaWNzIGZvciBtb25pdG9yaW5nXG4gICAqL1xuICBzdGF0aWMgZ2V0TWV0cmljcygpIHtcbiAgICBjb25zdCBhdmdXYWl0VGltZXMgPSBuZXcgTWFwPHN0cmluZywgbnVtYmVyPigpO1xuICAgIGZvciAoY29uc3QgW3Jlc291cmNlLCB0aW1lc10gb2YgdGhpcy5tZXRyaWNzLmxvY2tXYWl0VGltZS5lbnRyaWVzKCkpIHtcbiAgICAgIGlmICh0aW1lcy5sZW5ndGggPiAwKSB7XG4gICAgICAgIGNvbnN0IGF2ZyA9IHRpbWVzLnJlZHVjZSgoYSwgYikgPT4gYSArIGIsIDApIC8gdGltZXMubGVuZ3RoO1xuICAgICAgICBhdmdXYWl0VGltZXMuc2V0KHJlc291cmNlLCBNYXRoLnJvdW5kKGF2ZykpO1xuICAgICAgfVxuICAgIH1cbiAgICBcbiAgICByZXR1cm4ge1xuICAgICAgdG90YWxSZXF1ZXN0czogdGhpcy5tZXRyaWNzLnRvdGFsTG9ja1JlcXVlc3RzLFxuICAgICAgYWN0aXZlTG9ja3NDb3VudDogdGhpcy5sb2Nrcy5zaXplLFxuICAgICAgdGltZW91dHM6IHRoaXMubWV0cmljcy5sb2NrVGltZW91dHMsXG4gICAgICBjb25jdXJyZW50V2FpdHM6IHRoaXMubWV0cmljcy5jb25jdXJyZW50V2FpdHMsXG4gICAgICBhdmdXYWl0VGltZUJ5UmVzb3VyY2U6IE9iamVjdC5mcm9tRW50cmllcyhhdmdXYWl0VGltZXMpLFxuICAgICAgYWN0aXZlTG9ja3M6IEFycmF5LmZyb20odGhpcy5sb2Nrcy5rZXlzKCkpXG4gICAgfTtcbiAgfVxuXG4gIC8qKlxuICAgKiBDbGVhciBhbGwgbG9ja3MgKHVzZSB3aXRoIGNhdXRpb24gLSBtYWlubHkgZm9yIHRlc3RpbmcpXG4gICAqL1xuICBzdGF0aWMgY2xlYXJBbGxMb2NrcygpOiB2b2lkIHtcbiAgICB0aGlzLmxvY2tzLmNsZWFyKCk7XG4gICAgbG9nZ2VyLndhcm4oJ0FsbCBmaWxlIGxvY2tzIGNsZWFyZWQgLSB1c2Ugb25seSBmb3IgdGVzdGluZy9yZWNvdmVyeScpO1xuICB9XG5cbiAgLyoqXG4gICAqIFJlc2V0IG1ldHJpY3NcbiAgICovXG4gIHN0YXRpYyByZXNldE1ldHJpY3MoKTogdm9pZCB7XG4gICAgdGhpcy5tZXRyaWNzID0ge1xuICAgICAgdG90YWxMb2NrUmVxdWVzdHM6IDAsXG4gICAgICBsb2NrV2FpdFRpbWU6IG5ldyBNYXA8c3RyaW5nLCBudW1iZXJbXT4oKSxcbiAgICAgIGxvY2tUaW1lb3V0czogMCxcbiAgICAgIGNvbmN1cnJlbnRXYWl0czogMFxuICAgIH07XG4gIH1cbn0iXX0=

package/dist/src/security/index.d.ts

@@ -0,0 +1,12 @@
+/**
+ * Security module exports
+ */
+export * from './constants.js';
+export * from './InputValidator.js';
+export * from './contentValidator.js';
+export * from './securityMonitor.js';
+export * from './commandValidator.js';
+export * from './pathValidator.js';
+export * from './yamlValidator.js';
+export * from './fileLockManager.js';
+//# sourceMappingURL=index.d.ts.map

package/dist/src/security/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/security/index.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,cAAc,gBAAgB,CAAC;AAC/B,cAAc,qBAAqB,CAAC;AACpC,cAAc,uBAAuB,CAAC;AACtC,cAAc,sBAAsB,CAAC;AACrC,cAAc,uBAAuB,CAAC;AACtC,cAAc,oBAAoB,CAAC;AACnC,cAAc,oBAAoB,CAAC;AACnC,cAAc,sBAAsB,CAAC"}

package/dist/src/security/index.js

@@ -0,0 +1,14 @@
+/**
+ * Security module exports
+ */
+export * from './constants.js';
+export * from './InputValidator.js';
+export * from './contentValidator.js';
+export * from './securityMonitor.js';
+export * from './commandValidator.js';
+export * from './pathValidator.js';
+export * from './yamlValidator.js';
+export * from './fileLockManager.js';
+// Export security functionality when ready
+// export * from './RateLimiter.js';
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi9zcmMvc2VjdXJpdHkvaW5kZXgudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IkFBQUE7O0dBRUc7QUFFSCxjQUFjLGdCQUFnQixDQUFDO0FBQy9CLGNBQWMscUJBQXFCLENBQUM7QUFDcEMsY0FBYyx1QkFBdUIsQ0FBQztBQUN0QyxjQUFjLHNCQUFzQixDQUFDO0FBQ3JDLGNBQWMsdUJBQXVCLENBQUM7QUFDdEMsY0FBYyxvQkFBb0IsQ0FBQztBQUNuQyxjQUFjLG9CQUFvQixDQUFDO0FBQ25DLGNBQWMsc0JBQXNCLENBQUM7QUFDckMsMkNBQTJDO0FBQzNDLG9DQUFvQyIsInNvdXJjZXNDb250ZW50IjpbIi8qKlxuICogU2VjdXJpdHkgbW9kdWxlIGV4cG9ydHNcbiAqL1xuXG5leHBvcnQgKiBmcm9tICcuL2NvbnN0YW50cy5qcyc7XG5leHBvcnQgKiBmcm9tICcuL0lucHV0VmFsaWRhdG9yLmpzJztcbmV4cG9ydCAqIGZyb20gJy4vY29udGVudFZhbGlkYXRvci5qcyc7XG5leHBvcnQgKiBmcm9tICcuL3NlY3VyaXR5TW9uaXRvci5qcyc7XG5leHBvcnQgKiBmcm9tICcuL2NvbW1hbmRWYWxpZGF0b3IuanMnO1xuZXhwb3J0ICogZnJvbSAnLi9wYXRoVmFsaWRhdG9yLmpzJztcbmV4cG9ydCAqIGZyb20gJy4veWFtbFZhbGlkYXRvci5qcyc7XG5leHBvcnQgKiBmcm9tICcuL2ZpbGVMb2NrTWFuYWdlci5qcyc7XG4vLyBFeHBvcnQgc2VjdXJpdHkgZnVuY3Rpb25hbGl0eSB3aGVuIHJlYWR5XG4vLyBleHBvcnQgKiBmcm9tICcuL1JhdGVMaW1pdGVyLmpzJzsiXX0=

package/dist/src/security/pathValidator.d.ts

@@ -0,0 +1,9 @@
+export declare class PathValidator {
+    private static ALLOWED_DIRECTORIES;
+    private static ALLOWED_EXTENSIONS;
+    static initialize(personasDir: string, allowedExtensions?: string[]): void;
+    static validatePersonaPath(userPath: string): Promise<string>;
+    static safeReadFile(filePath: string): Promise<string>;
+    static safeWriteFile(filePath: string, content: string): Promise<void>;
+}
+//# sourceMappingURL=pathValidator.d.ts.map

package/dist/src/security/pathValidator.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"pathValidator.d.ts","sourceRoot":"","sources":["../../../src/security/pathValidator.ts"],"names":[],"mappings":"AAIA,qBAAa,aAAa;IACxB,OAAO,CAAC,MAAM,CAAC,mBAAmB,CAAgB;IAClD,OAAO,CAAC,MAAM,CAAC,kBAAkB,CAA2D;IAE5F,MAAM,CAAC,UAAU,CAAC,WAAW,EAAE,MAAM,EAAE,iBAAiB,CAAC,EAAE,MAAM,EAAE,GAAG,IAAI;WAc7D,mBAAmB,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;WA8DtD,YAAY,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;WAiB/C,aAAa,CAAC,QAAQ,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;CAmB7E"}