@gsep/core 0.8.0 → 1.0.0

package/dist/security/DataAccessTracker.js

@@ -0,0 +1,71 @@
+export class DataAccessTracker {
+    eventBus;
+    records = [];
+    maxRecords = 10_000;
+    constructor(eventBus) {
+        this.eventBus = eventBus;
+    }
+    record(access) {
+        const record = {
+            ...access,
+            timestamp: new Date(),
+        };
+        this.records.push(record);
+        if (this.records.length > this.maxRecords) {
+            this.records = this.records.slice(-this.maxRecords);
+        }
+        this.eventBus.emit({
+            type: 'security:audit-entry',
+            timestamp: record.timestamp,
+            layer: 7,
+            decision: 'info',
+            actor: { skillId: access.skillId },
+            resource: {
+                type: `data:${access.source}`,
+                id: access.category,
+                detail: `${access.itemCount} items${access.sentToCloud ? ` → ${access.cloudProvider ?? 'cloud'}` : ' (local only)'}`,
+            },
+            severity: access.sentToCloud ? 'warning' : 'info',
+        });
+    }
+    getReport(from, to) {
+        const start = from ?? new Date(0);
+        const end = to ?? new Date();
+        const filtered = this.records.filter(r => r.timestamp >= start && r.timestamp <= end);
+        const bySource = {};
+        const byCategory = {};
+        const bySkill = {};
+        let sentToCloud = 0;
+        for (const r of filtered) {
+            bySource[r.source] = (bySource[r.source] || 0) + 1;
+            byCategory[r.category] = (byCategory[r.category] || 0) + 1;
+            bySkill[r.skillId] = (bySkill[r.skillId] || 0) + 1;
+            if (r.sentToCloud)
+                sentToCloud++;
+        }
+        return {
+            period: { from: start, to: end },
+            totalAccesses: filtered.length,
+            sentToCloud,
+            bySource,
+            byCategory,
+            bySkill,
+            records: filtered,
+        };
+    }
+    getRecent(limit = 50) {
+        return this.records.slice(-limit);
+    }
+    getCount() {
+        return this.records.length;
+    }
+    wasAccessed(source, since) {
+        const start = since ?? new Date(0);
+        return this.records.some(r => r.source === source && r.timestamp >= start);
+    }
+    getCloudExposures(since) {
+        const start = since ?? new Date(0);
+        return this.records.filter(r => r.sentToCloud && r.timestamp >= start);
+    }
+}
+//# sourceMappingURL=DataAccessTracker.js.map

package/dist/security/DataAccessTracker.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"DataAccessTracker.js","sourceRoot":"","sources":["../../src/security/DataAccessTracker.ts"],"names":[],"mappings":"AAsFA,MAAM,OAAO,iBAAiB;IAClB,QAAQ,CAAmB;IAC3B,OAAO,GAAuB,EAAE,CAAC;IACjC,UAAU,GAAG,MAAM,CAAC;IAE5B,YAAY,QAA0B;QAClC,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;IAC7B,CAAC;IAKD,MAAM,CAAC,MAA2C;QAC9C,MAAM,MAAM,GAAqB;YAC7B,GAAG,MAAM;YACT,SAAS,EAAE,IAAI,IAAI,EAAE;SACxB,CAAC;QAEF,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QAE1B,IAAI,IAAI,CAAC,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,UAAU,EAAE,CAAC;YACxC,IAAI,CAAC,OAAO,GAAG,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;QACxD,CAAC;QAED,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC;YACf,IAAI,EAAE,sBAAsB;YAC5B,SAAS,EAAE,MAAM,CAAC,SAAS;YAC3B,KAAK,EAAE,CAAC;YACR,QAAQ,EAAE,MAAM;YAChB,KAAK,EAAE,EAAE,OAAO,EAAE,MAAM,CAAC,OAAO,EAAE;YAClC,QAAQ,EAAE;gBACN,IAAI,EAAE,QAAQ,MAAM,CAAC,MAAM,EAAE;gBAC7B,EAAE,EAAE,MAAM,CAAC,QAAQ;gBACnB,MAAM,EAAE,GAAG,MAAM,CAAC,SAAS,SAAS,MAAM,CAAC,WAAW,CAAC,CAAC,CAAC,MAAM,MAAM,CAAC,aAAa,IAAI,OAAO,EAAE,CAAC,CAAC,CAAC,eAAe,EAAE;aACvH;YACD,QAAQ,EAAE,MAAM,CAAC,WAAW,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,MAAM;SACpD,CAAC,CAAC;IACP,CAAC;IAKD,SAAS,CAAC,IAAW,EAAE,EAAS;QAC5B,MAAM,KAAK,GAAG,IAAI,IAAI,IAAI,IAAI,CAAC,CAAC,CAAC,CAAC;QAClC,MAAM,GAAG,GAAG,EAAE,IAAI,IAAI,IAAI,EAAE,CAAC;QAE7B,MAAM,QAAQ,GAAG,IAAI,CAAC,OAAO,CAAC,MAAM,CAChC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,SAAS,IAAI,KAAK,IAAI,CAAC,CAAC,SAAS,IAAI,GAAG,CAClD,CAAC;QAEF,MAAM,QAAQ,GAA2B,EAAE,CAAC;QAC5C,MAAM,UAAU,GAA2B,EAAE,CAAC;QAC9C,MAAM,OAAO,GAA2B,EAAE,CAAC;QAC3C,IAAI,WAAW,GAAG,CAAC,CAAC;QAEpB,KAAK,MAAM,CAAC,IAAI,QAAQ,EAAE,CAAC;YACvB,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC;YACnD,UAAU,CAAC,CAAC,CAAC,QAAQ,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC;YAC3D,OAAO,CAAC,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC;YACnD,IAAI,CAAC,CAAC,WAAW;gBAAE,WAAW,EAAE,CAAC;QACrC,CAAC;QAED,OAAO;YACH,MAAM,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,EAAE,EAAE,GAAG,EAAE;YAChC,aAAa,EAAE,QAAQ,CAAC,MAAM;YAC9B,WAAW;YACX,QAAQ;YACR,UAAU;YACV,OAAO;YACP,OAAO,EAAE,QAAQ;SACpB,CAAC;IACN,CAAC;IAKD,SAAS,CAAC,KAAK,GAAG,EAAE;QAChB,OAAO,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,CAAC;IACtC,CAAC;IAKD,QAAQ;QACJ,OAAO,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC;IAC/B,CAAC;IAKD,WAAW,CAAC,MAAkB,EAAE,KAAY;QACxC,MAAM,KAAK,GAAG,KAAK,IAAI,IAAI,IAAI,CAAC,CAAC,CAAC,CAAC;QACnC,OAAO,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,MAAM,KAAK,MAAM,IAAI,CAAC,CAAC,SAAS,IAAI,KAAK,CAAC,CAAC;IAC/E,CAAC;IAKD,iBAAiB,CAAC,KAAY;QAC1B,MAAM,KAAK,GAAG,KAAK,IAAI,IAAI,IAAI,CAAC,CAAC,CAAC,CAAC;QACnC,OAAO,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,WAAW,IAAI,CAAC,CAAC,SAAS,IAAI,KAAK,CAAC,CAAC;IAC3E,CAAC;CACJ"}

package/dist/security/DataClassifier.d.ts

@@ -0,0 +1,14 @@
+export type DataClassification = 'public' | 'internal' | 'confidential' | 'restricted';
+export interface ClassificationResult {
+    classification: DataClassification;
+    confidence: number;
+    reasons: string[];
+    categories: string[];
+}
+export declare class DataClassifier {
+    private stats;
+    classify(text: string): ClassificationResult;
+    isAtLeast(text: string, threshold: DataClassification): boolean;
+    getStats(): typeof this.stats;
+}
+//# sourceMappingURL=DataClassifier.d.ts.map

package/dist/security/DataClassifier.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"DataClassifier.d.ts","sourceRoot":"","sources":["../../src/security/DataClassifier.ts"],"names":[],"mappings":"AAaA,MAAM,MAAM,kBAAkB,GAAG,QAAQ,GAAG,UAAU,GAAG,cAAc,GAAG,YAAY,CAAC;AAEvF,MAAM,WAAW,oBAAoB;IACjC,cAAc,EAAE,kBAAkB,CAAC;IACnC,UAAU,EAAE,MAAM,CAAC;IACnB,OAAO,EAAE,MAAM,EAAE,CAAC;IAClB,UAAU,EAAE,MAAM,EAAE,CAAC;CACxB;AAqHD,qBAAa,cAAc;IACvB,OAAO,CAAC,KAAK,CAGX;IAKF,QAAQ,CAAC,IAAI,EAAE,MAAM,GAAG,oBAAoB;IAuD5C,SAAS,CAAC,IAAI,EAAE,MAAM,EAAE,SAAS,EAAE,kBAAkB,GAAG,OAAO;IAW/D,QAAQ,IAAI,OAAO,IAAI,CAAC,KAAK;CAGhC"}

package/dist/security/DataClassifier.js

@@ -0,0 +1,146 @@
+const RULES = [
+    {
+        classification: 'restricted',
+        category: 'credentials',
+        patterns: [
+            /\b(?:sk-[A-Za-z0-9]{20,}|sk-ant-|ghp_|AKIA[A-Z0-9]{16})/,
+            /(?:password|passwd|secret)\s*[:=]\s*\S+/i,
+            /-----BEGIN (?:RSA |EC |DSA )?PRIVATE KEY-----/,
+            /-----BEGIN CERTIFICATE-----/,
+        ],
+        weight: 1.0,
+    },
+    {
+        classification: 'restricted',
+        category: 'financial',
+        patterns: [
+            /\b(?:\d{4}[-\s]?){3}\d{1,4}\b/,
+            /\b[A-Z]{2}\d{2}\s?[A-Z0-9]{4}(?:\s?[A-Z0-9]{4}){2,7}/,
+            /\b(?:bank\s*account|routing\s*number|swift\s*code)\b/i,
+            /\b(?:social\s*security|SSN)\s*[:=]?\s*\d/i,
+        ],
+        weight: 1.0,
+    },
+    {
+        classification: 'restricted',
+        category: 'health',
+        patterns: [
+            /\b(?:diagnosis|prescription|patient\s*id|medical\s*record|health\s*insurance)\b/i,
+            /\b(?:ICD-\d{1,2}|CPT\s*code|NPI\s*number)\b/i,
+            /\b(?:blood\s*type|allergy|medication|dosage)\b/i,
+        ],
+        weight: 0.9,
+    },
+    {
+        classification: 'confidential',
+        category: 'personal-identity',
+        patterns: [
+            /\b\d{3}-\d{2}-\d{4}\b/,
+            /\b(?:passport\s*(?:number|no|#))\b/i,
+            /\b(?:driver'?s?\s*license|DL\s*#)\b/i,
+            /\b(?:date\s*of\s*birth|DOB)\s*[:=]?\s*\d/i,
+        ],
+        weight: 0.8,
+    },
+    {
+        classification: 'confidential',
+        category: 'contact-info',
+        patterns: [
+            /\b[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Za-z]{2,}\b/,
+            /\+\d{1,3}[-.\s]?\(?\d{2,4}\)?[-.\s]?\d{3,4}[-.\s]?\d{3,4}/,
+            /\b\d{1,5}\s+[A-Za-z]+\s+(?:St|Ave|Blvd|Dr|Rd|Ln|Way|Ct)\b/i,
+        ],
+        weight: 0.7,
+    },
+    {
+        classification: 'confidential',
+        category: 'legal',
+        patterns: [
+            /\b(?:attorney[- ]client|privileged|confidential\s*(?:and|&)\s*proprietary)\b/i,
+            /\b(?:NDA|non-disclosure|trade\s*secret|patent\s*pending)\b/i,
+            /\b(?:settlement|litigation|court\s*order|subpoena)\b/i,
+        ],
+        weight: 0.7,
+    },
+    {
+        classification: 'internal',
+        category: 'business',
+        patterns: [
+            /\b(?:revenue|profit|loss|budget|forecast|Q[1-4]\s*\d{4})\b/i,
+            /\b(?:employee\s*id|salary|compensation|performance\s*review)\b/i,
+            /\b(?:customer\s*list|vendor\s*contract|pricing\s*sheet)\b/i,
+            /\b(?:roadmap|strategy|competitive\s*analysis)\b/i,
+        ],
+        weight: 0.5,
+    },
+    {
+        classification: 'internal',
+        category: 'infrastructure',
+        patterns: [
+            /\b(?:192\.168\.\d+\.\d+|10\.\d+\.\d+\.\d+|172\.(?:1[6-9]|2\d|3[01])\.\d+\.\d+)/,
+            /\b(?:localhost|127\.0\.0\.1):\d{4,5}\b/,
+            /\b(?:database\s*(?:url|host|connection)|redis:|mongodb:)/i,
+            /\b(?:AWS_|AZURE_|GCP_|GOOGLE_CLOUD_)\w+/,
+        ],
+        weight: 0.4,
+    },
+];
+export class DataClassifier {
+    stats = {
+        totalClassified: 0,
+        byClassification: {},
+    };
+    classify(text) {
+        this.stats.totalClassified++;
+        let highestClassification = 'public';
+        let highestWeight = 0;
+        const reasons = [];
+        const categories = [];
+        const classOrder = {
+            public: 0,
+            internal: 1,
+            confidential: 2,
+            restricted: 3,
+        };
+        for (const rule of RULES) {
+            for (const pattern of rule.patterns) {
+                pattern.lastIndex = 0;
+                if (pattern.test(text)) {
+                    if (classOrder[rule.classification] > classOrder[highestClassification]) {
+                        highestClassification = rule.classification;
+                        highestWeight = rule.weight;
+                    }
+                    else if (classOrder[rule.classification] === classOrder[highestClassification] &&
+                        rule.weight > highestWeight) {
+                        highestWeight = rule.weight;
+                    }
+                    if (!categories.includes(rule.category)) {
+                        categories.push(rule.category);
+                        reasons.push(`${rule.category}: matches ${rule.classification} pattern`);
+                    }
+                    break;
+                }
+            }
+        }
+        const confidence = categories.length === 0 ? 1.0 : Math.min(highestWeight + categories.length * 0.1, 1.0);
+        this.stats.byClassification[highestClassification] =
+            (this.stats.byClassification[highestClassification] || 0) + 1;
+        return {
+            classification: highestClassification,
+            confidence,
+            reasons,
+            categories,
+        };
+    }
+    isAtLeast(text, threshold) {
+        const order = {
+            public: 0, internal: 1, confidential: 2, restricted: 3,
+        };
+        const result = this.classify(text);
+        return order[result.classification] >= order[threshold];
+    }
+    getStats() {
+        return { ...this.stats };
+    }
+}
+//# sourceMappingURL=DataClassifier.js.map

package/dist/security/DataClassifier.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"DataClassifier.js","sourceRoot":"","sources":["../../src/security/DataClassifier.ts"],"names":[],"mappings":"AA+BA,MAAM,KAAK,GAAyB;IAEhC;QACI,cAAc,EAAE,YAAY;QAC5B,QAAQ,EAAE,aAAa;QACvB,QAAQ,EAAE;YACN,yDAAyD;YACzD,0CAA0C;YAC1C,+CAA+C;YAC/C,6BAA6B;SAChC;QACD,MAAM,EAAE,GAAG;KACd;IACD;QACI,cAAc,EAAE,YAAY;QAC5B,QAAQ,EAAE,WAAW;QACrB,QAAQ,EAAE;YACN,+BAA+B;YAC/B,sDAAsD;YACtD,uDAAuD;YACvD,2CAA2C;SAC9C;QACD,MAAM,EAAE,GAAG;KACd;IACD;QACI,cAAc,EAAE,YAAY;QAC5B,QAAQ,EAAE,QAAQ;QAClB,QAAQ,EAAE;YACN,kFAAkF;YAClF,8CAA8C;YAC9C,iDAAiD;SACpD;QACD,MAAM,EAAE,GAAG;KACd;IAGD;QACI,cAAc,EAAE,cAAc;QAC9B,QAAQ,EAAE,mBAAmB;QAC7B,QAAQ,EAAE;YACN,uBAAuB;YACvB,qCAAqC;YACrC,sCAAsC;YACtC,2CAA2C;SAC9C;QACD,MAAM,EAAE,GAAG;KACd;IACD;QACI,cAAc,EAAE,cAAc;QAC9B,QAAQ,EAAE,cAAc;QACxB,QAAQ,EAAE;YACN,oDAAoD;YACpD,2DAA2D;YAC3D,4DAA4D;SAC/D;QACD,MAAM,EAAE,GAAG;KACd;IACD;QACI,cAAc,EAAE,cAAc;QAC9B,QAAQ,EAAE,OAAO;QACjB,QAAQ,EAAE;YACN,+EAA+E;YAC/E,6DAA6D;YAC7D,uDAAuD;SAC1D;QACD,MAAM,EAAE,GAAG;KACd;IAGD;QACI,cAAc,EAAE,UAAU;QAC1B,QAAQ,EAAE,UAAU;QACpB,QAAQ,EAAE;YACN,6DAA6D;YAC7D,iEAAiE;YACjE,4DAA4D;YAC5D,kDAAkD;SACrD;QACD,MAAM,EAAE,GAAG;KACd;IACD;QACI,cAAc,EAAE,UAAU;QAC1B,QAAQ,EAAE,gBAAgB;QAC1B,QAAQ,EAAE;YACN,gFAAgF;YAChF,wCAAwC;YACxC,2DAA2D;YAC3D,yCAAyC;SAC5C;QACD,MAAM,EAAE,GAAG;KACd;CACJ,CAAC;AAeF,MAAM,OAAO,cAAc;IACf,KAAK,GAAG;QACZ,eAAe,EAAE,CAAC;QAClB,gBAAgB,EAAE,EAAwC;KAC7D,CAAC;IAKF,QAAQ,CAAC,IAAY;QACjB,IAAI,CAAC,KAAK,CAAC,eAAe,EAAE,CAAC;QAE7B,IAAI,qBAAqB,GAAuB,QAAQ,CAAC;QACzD,IAAI,aAAa,GAAG,CAAC,CAAC;QACtB,MAAM,OAAO,GAAa,EAAE,CAAC;QAC7B,MAAM,UAAU,GAAa,EAAE,CAAC;QAEhC,MAAM,UAAU,GAAuC;YACnD,MAAM,EAAE,CAAC;YACT,QAAQ,EAAE,CAAC;YACX,YAAY,EAAE,CAAC;YACf,UAAU,EAAE,CAAC;SAChB,CAAC;QAEF,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;YACvB,KAAK,MAAM,OAAO,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;gBAElC,OAAO,CAAC,SAAS,GAAG,CAAC,CAAC;gBACtB,IAAI,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;oBACrB,IAAI,UAAU,CAAC,IAAI,CAAC,cAAc,CAAC,GAAG,UAAU,CAAC,qBAAqB,CAAC,EAAE,CAAC;wBACtE,qBAAqB,GAAG,IAAI,CAAC,cAAc,CAAC;wBAC5C,aAAa,GAAG,IAAI,CAAC,MAAM,CAAC;oBAChC,CAAC;yBAAM,IACH,UAAU,CAAC,IAAI,CAAC,cAAc,CAAC,KAAK,UAAU,CAAC,qBAAqB,CAAC;wBACrE,IAAI,CAAC,MAAM,GAAG,aAAa,EAC7B,CAAC;wBACC,aAAa,GAAG,IAAI,CAAC,MAAM,CAAC;oBAChC,CAAC;oBAED,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC;wBACtC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;wBAC/B,OAAO,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC,QAAQ,aAAa,IAAI,CAAC,cAAc,UAAU,CAAC,CAAC;oBAC7E,CAAC;oBACD,MAAM;gBACV,CAAC;YACL,CAAC;QACL,CAAC;QAED,MAAM,UAAU,GAAG,UAAU,CAAC,MAAM,KAAK,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,aAAa,GAAG,UAAU,CAAC,MAAM,GAAG,GAAG,EAAE,GAAG,CAAC,CAAC;QAE1G,IAAI,CAAC,KAAK,CAAC,gBAAgB,CAAC,qBAAqB,CAAC;YAC9C,CAAC,IAAI,CAAC,KAAK,CAAC,gBAAgB,CAAC,qBAAqB,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC;QAElE,OAAO;YACH,cAAc,EAAE,qBAAqB;YACrC,UAAU;YACV,OAAO;YACP,UAAU;SACb,CAAC;IACN,CAAC;IAKD,SAAS,CAAC,IAAY,EAAE,SAA6B;QACjD,MAAM,KAAK,GAAuC;YAC9C,MAAM,EAAE,CAAC,EAAE,QAAQ,EAAE,CAAC,EAAE,YAAY,EAAE,CAAC,EAAE,UAAU,EAAE,CAAC;SACzD,CAAC;QACF,MAAM,MAAM,GAAG,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;QACnC,OAAO,KAAK,CAAC,MAAM,CAAC,cAAc,CAAC,IAAI,KAAK,CAAC,SAAS,CAAC,CAAC;IAC5D,CAAC;IAKD,QAAQ;QACJ,OAAO,EAAE,GAAG,IAAI,CAAC,KAAK,EAAE,CAAC;IAC7B,CAAC;CACJ"}

package/dist/security/EncryptedConfigStore.d.ts

@@ -0,0 +1,21 @@
+export declare class EncryptedConfigStore {
+    private key;
+    private filePath;
+    private data;
+    private loaded;
+    constructor(encryptionKey: Buffer, storePath?: string);
+    load(): Promise<void>;
+    get(key: string): string | undefined;
+    set(key: string, value: string): Promise<void>;
+    delete(key: string): Promise<boolean>;
+    has(key: string): boolean;
+    keys(): string[];
+    size(): number;
+    import(entries: Record<string, string>): Promise<number>;
+    exportAll(): Record<string, string>;
+    private save;
+    private encrypt;
+    private decrypt;
+    private ensureLoaded;
+}
+//# sourceMappingURL=EncryptedConfigStore.d.ts.map

package/dist/security/EncryptedConfigStore.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"EncryptedConfigStore.d.ts","sourceRoot":"","sources":["../../src/security/EncryptedConfigStore.ts"],"names":[],"mappings":"AAuCA,qBAAa,oBAAoB;IAC7B,OAAO,CAAC,GAAG,CAAS;IACpB,OAAO,CAAC,QAAQ,CAAS;IACzB,OAAO,CAAC,IAAI,CAA0C;IACtD,OAAO,CAAC,MAAM,CAAS;gBAEX,aAAa,EAAE,MAAM,EAAE,SAAS,CAAC,EAAE,MAAM;IAW/C,IAAI,IAAI,OAAO,CAAC,IAAI,CAAC;IAkB3B,GAAG,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,GAAG,SAAS;IAQ9B,GAAG,CAAC,GAAG,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAS9C,MAAM,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IAW3C,GAAG,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO;IAQzB,IAAI,IAAI,MAAM,EAAE;IAQhB,IAAI,IAAI,MAAM;IAQR,MAAM,CAAC,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,GAAG,OAAO,CAAC,MAAM,CAAC;IAgB9D,SAAS,IAAI,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC;YAOrB,IAAI;IAUlB,OAAO,CAAC,OAAO;IAYf,OAAO,CAAC,OAAO;IAsBf,OAAO,CAAC,YAAY;CAKvB"}

package/dist/security/EncryptedConfigStore.js

@@ -0,0 +1,119 @@
+import { createCipheriv, createDecipheriv, randomBytes } from 'node:crypto';
+import { readFile, writeFile, rename, mkdir } from 'node:fs/promises';
+import { dirname, join } from 'node:path';
+import { homedir } from 'node:os';
+const ALGORITHM = 'aes-256-gcm';
+const IV_BYTES = 12;
+const AUTH_TAG_BYTES = 16;
+const STORE_DIR = join(homedir(), '.genome');
+const STORE_FILE = 'config.enc';
+export class EncryptedConfigStore {
+    key;
+    filePath;
+    data = { version: 1, entries: {} };
+    loaded = false;
+    constructor(encryptionKey, storePath) {
+        if (encryptionKey.length !== 32) {
+            throw new Error('[EncryptedConfigStore] Key must be 32 bytes (256 bits).');
+        }
+        this.key = encryptionKey;
+        this.filePath = storePath ?? join(STORE_DIR, STORE_FILE);
+    }
+    async load() {
+        try {
+            const raw = await readFile(this.filePath);
+            this.data = this.decrypt(raw);
+        }
+        catch (err) {
+            if (err.code === 'ENOENT') {
+                this.data = { version: 1, entries: {} };
+            }
+            else {
+                throw new Error(`[EncryptedConfigStore] Failed to load: ${err.message}`);
+            }
+        }
+        this.loaded = true;
+    }
+    get(key) {
+        this.ensureLoaded();
+        return this.data.entries[key];
+    }
+    async set(key, value) {
+        this.ensureLoaded();
+        this.data.entries[key] = value;
+        await this.save();
+    }
+    async delete(key) {
+        this.ensureLoaded();
+        if (!(key in this.data.entries))
+            return false;
+        delete this.data.entries[key];
+        await this.save();
+        return true;
+    }
+    has(key) {
+        this.ensureLoaded();
+        return key in this.data.entries;
+    }
+    keys() {
+        this.ensureLoaded();
+        return Object.keys(this.data.entries).sort();
+    }
+    size() {
+        this.ensureLoaded();
+        return Object.keys(this.data.entries).length;
+    }
+    async import(entries) {
+        this.ensureLoaded();
+        let count = 0;
+        for (const [key, value] of Object.entries(entries)) {
+            if (value !== undefined && value !== '') {
+                this.data.entries[key] = value;
+                count++;
+            }
+        }
+        await this.save();
+        return count;
+    }
+    exportAll() {
+        this.ensureLoaded();
+        return { ...this.data.entries };
+    }
+    async save() {
+        const encrypted = this.encrypt(this.data);
+        await mkdir(dirname(this.filePath), { recursive: true });
+        const tmpPath = `${this.filePath}.tmp.${Date.now()}`;
+        await writeFile(tmpPath, encrypted, { mode: 0o600 });
+        await rename(tmpPath, this.filePath);
+    }
+    encrypt(data) {
+        const iv = randomBytes(IV_BYTES);
+        const plaintext = Buffer.from(JSON.stringify(data), 'utf-8');
+        const cipher = createCipheriv(ALGORITHM, this.key, iv);
+        const encrypted = Buffer.concat([cipher.update(plaintext), cipher.final()]);
+        const authTag = cipher.getAuthTag();
+        return Buffer.concat([iv, authTag, encrypted]);
+    }
+    decrypt(raw) {
+        if (raw.length < IV_BYTES + AUTH_TAG_BYTES + 1) {
+            throw new Error('[EncryptedConfigStore] Corrupted file — too short.');
+        }
+        const iv = raw.subarray(0, IV_BYTES);
+        const authTag = raw.subarray(IV_BYTES, IV_BYTES + AUTH_TAG_BYTES);
+        const ciphertext = raw.subarray(IV_BYTES + AUTH_TAG_BYTES);
+        const decipher = createDecipheriv(ALGORITHM, this.key, iv);
+        decipher.setAuthTag(authTag);
+        const decrypted = Buffer.concat([decipher.update(ciphertext), decipher.final()]);
+        const parsed = JSON.parse(decrypted.toString('utf-8'));
+        if (parsed.version !== 1 || typeof parsed.entries !== 'object') {
+            throw new Error('[EncryptedConfigStore] Invalid store format.');
+        }
+        return parsed;
+    }
+    ensureLoaded() {
+        if (!this.loaded) {
+            throw new Error('[EncryptedConfigStore] Not loaded. Call load() first.');
+        }
+    }
+}
+//# sourceMappingURL=EncryptedConfigStore.js.map

package/dist/security/EncryptedConfigStore.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"EncryptedConfigStore.js","sourceRoot":"","sources":["../../src/security/EncryptedConfigStore.ts"],"names":[],"mappings":"AAYA,OAAO,EAAE,cAAc,EAAE,gBAAgB,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAC5E,OAAO,EAAE,QAAQ,EAAE,SAAS,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,kBAAkB,CAAC;AACtE,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AAC1C,OAAO,EAAE,OAAO,EAAE,MAAM,SAAS,CAAC;AAElC,MAAM,SAAS,GAAG,aAAa,CAAC;AAChC,MAAM,QAAQ,GAAG,EAAE,CAAC;AACpB,MAAM,cAAc,GAAG,EAAE,CAAC;AAC1B,MAAM,SAAS,GAAG,IAAI,CAAC,OAAO,EAAE,EAAE,SAAS,CAAC,CAAC;AAC7C,MAAM,UAAU,GAAG,YAAY,CAAC;AAkBhC,MAAM,OAAO,oBAAoB;IACrB,GAAG,CAAS;IACZ,QAAQ,CAAS;IACjB,IAAI,GAAc,EAAE,OAAO,EAAE,CAAC,EAAE,OAAO,EAAE,EAAE,EAAE,CAAC;IAC9C,MAAM,GAAG,KAAK,CAAC;IAEvB,YAAY,aAAqB,EAAE,SAAkB;QACjD,IAAI,aAAa,CAAC,MAAM,KAAK,EAAE,EAAE,CAAC;YAC9B,MAAM,IAAI,KAAK,CAAC,yDAAyD,CAAC,CAAC;QAC/E,CAAC;QACD,IAAI,CAAC,GAAG,GAAG,aAAa,CAAC;QACzB,IAAI,CAAC,QAAQ,GAAG,SAAS,IAAI,IAAI,CAAC,SAAS,EAAE,UAAU,CAAC,CAAC;IAC7D,CAAC;IAKD,KAAK,CAAC,IAAI;QACN,IAAI,CAAC;YACD,MAAM,GAAG,GAAG,MAAM,QAAQ,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;YAC1C,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;QAClC,CAAC;QAAC,OAAO,GAAY,EAAE,CAAC;YACpB,IAAK,GAA6B,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;gBAEnD,IAAI,CAAC,IAAI,GAAG,EAAE,OAAO,EAAE,CAAC,EAAE,OAAO,EAAE,EAAE,EAAE,CAAC;YAC5C,CAAC;iBAAM,CAAC;gBACJ,MAAM,IAAI,KAAK,CAAC,0CAA2C,GAAa,CAAC,OAAO,EAAE,CAAC,CAAC;YACxF,CAAC;QACL,CAAC;QACD,IAAI,CAAC,MAAM,GAAG,IAAI,CAAC;IACvB,CAAC;IAKD,GAAG,CAAC,GAAW;QACX,IAAI,CAAC,YAAY,EAAE,CAAC;QACpB,OAAO,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;IAClC,CAAC;IAKD,KAAK,CAAC,GAAG,CAAC,GAAW,EAAE,KAAa;QAChC,IAAI,CAAC,YAAY,EAAE,CAAC;QACpB,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC;QAC/B,MAAM,IAAI,CAAC,IAAI,EAAE,CAAC;IACtB,CAAC;IAKD,KAAK,CAAC,MAAM,CAAC,GAAW;QACpB,IAAI,CAAC,YAAY,EAAE,CAAC;QACpB,IAAI,CAAC,CAAC,GAAG,IAAI,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC;YAAE,OAAO,KAAK,CAAC;QAC9C,OAAO,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;QAC9B,MAAM,IAAI,CAAC,IAAI,EAAE,CAAC;QAClB,OAAO,IAAI,CAAC;IAChB,CAAC;IAKD,GAAG,CAAC,GAAW;QACX,IAAI,CAAC,YAAY,EAAE,CAAC;QACpB,OAAO,GAAG,IAAI,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC;IACpC,CAAC;IAKD,IAAI;QACA,IAAI,CAAC,YAAY,EAAE,CAAC;QACpB,OAAO,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,CAAC;IACjD,CAAC;IAKD,IAAI;QACA,IAAI,CAAC,YAAY,EAAE,CAAC;QACpB,OAAO,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,MAAM,CAAC;IACjD,CAAC;IAKD,KAAK,CAAC,MAAM,CAAC,OAA+B;QACxC,IAAI,CAAC,YAAY,EAAE,CAAC;QACpB,IAAI,KAAK,GAAG,CAAC,CAAC;QACd,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC;YACjD,IAAI,KAAK,KAAK,SAAS,IAAI,KAAK,KAAK,EAAE,EAAE,CAAC;gBACtC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC;gBAC/B,KAAK,EAAE,CAAC;YACZ,CAAC;QACL,CAAC;QACD,MAAM,IAAI,CAAC,IAAI,EAAE,CAAC;QAClB,OAAO,KAAK,CAAC;IACjB,CAAC;IAKD,SAAS;QACL,IAAI,CAAC,YAAY,EAAE,CAAC;QACpB,OAAO,EAAE,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,CAAC;IACpC,CAAC;IAIO,KAAK,CAAC,IAAI;QACd,MAAM,SAAS,GAAG,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAG1C,MAAM,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QACzD,MAAM,OAAO,GAAG,GAAG,IAAI,CAAC,QAAQ,QAAQ,IAAI,CAAC,GAAG,EAAE,EAAE,CAAC;QACrD,MAAM,SAAS,CAAC,OAAO,EAAE,SAAS,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;QACrD,MAAM,MAAM,CAAC,OAAO,EAAE,IAAI,CAAC,QAAQ,CAAC,CAAC;IACzC,CAAC;IAEO,OAAO,CAAC,IAAe;QAC3B,MAAM,EAAE,GAAG,WAAW,CAAC,QAAQ,CAAC,CAAC;QACjC,MAAM,SAAS,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,EAAE,OAAO,CAAC,CAAC;QAE7D,MAAM,MAAM,GAAG,cAAc,CAAC,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC;QACvD,MAAM,SAAS,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC,EAAE,MAAM,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC;QAC5E,MAAM,OAAO,GAAG,MAAM,CAAC,UAAU,EAAE,CAAC;QAGpC,OAAO,MAAM,CAAC,MAAM,CAAC,CAAC,EAAE,EAAE,OAAO,EAAE,SAAS,CAAC,CAAC,CAAC;IACnD,CAAC;IAEO,OAAO,CAAC,GAAW;QACvB,IAAI,GAAG,CAAC,MAAM,GAAG,QAAQ,GAAG,cAAc,GAAG,CAAC,EAAE,CAAC;YAC7C,MAAM,IAAI,KAAK,CAAC,oDAAoD,CAAC,CAAC;QAC1E,CAAC;QAED,MAAM,EAAE,GAAG,GAAG,CAAC,QAAQ,CAAC,CAAC,EAAE,QAAQ,CAAC,CAAC;QACrC,MAAM,OAAO,GAAG,GAAG,CAAC,QAAQ,CAAC,QAAQ,EAAE,QAAQ,GAAG,cAAc,CAAC,CAAC;QAClE,MAAM,UAAU,GAAG,GAAG,CAAC,QAAQ,CAAC,QAAQ,GAAG,cAAc,CAAC,CAAC;QAE3D,MAAM,QAAQ,GAAG,gBAAgB,CAAC,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC;QAC3D,QAAQ,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC;QAE7B,MAAM,SAAS,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,UAAU,CAAC,EAAE,QAAQ,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC;QACjF,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAC;QAEvD,IAAI,MAAM,CAAC,OAAO,KAAK,CAAC,IAAI,OAAO,MAAM,CAAC,OAAO,KAAK,QAAQ,EAAE,CAAC;YAC7D,MAAM,IAAI,KAAK,CAAC,8CAA8C,CAAC,CAAC;QACpE,CAAC;QAED,OAAO,MAAmB,CAAC;IAC/B,CAAC;IAEO,YAAY;QAChB,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC;YACf,MAAM,IAAI,KAAK,CAAC,uDAAuD,CAAC,CAAC;QAC7E,CAAC;IACL,CAAC;CACJ"}

package/dist/security/EnterprisePolicyEngine.d.ts

@@ -0,0 +1,90 @@
+import { SecurityEventBus } from './SecurityEventBus.js';
+export interface EnterprisePolicy {
+    version: string;
+    organization: string;
+    effectiveDate: string;
+    signature?: string;
+    globalSettings: {
+        securityLevel: 'paranoid' | 'secure' | 'standard';
+        mfaRequired: boolean;
+        sessionTimeoutMinutes: number;
+        maxConcurrentSessions: number;
+        auditRetentionDays: number;
+        encryptionRequired: boolean;
+    };
+    roles: Record<string, RolePolicy>;
+    compliance: {
+        gdpr: {
+            enabled: boolean;
+            dataRetentionDays: number;
+            consentRequired: boolean;
+        };
+        soc2: {
+            enabled: boolean;
+            accessReviewIntervalDays: number;
+        };
+        hipaa: {
+            enabled: boolean;
+            phiEncryptionRequired: boolean;
+            minimumNecessaryRule: boolean;
+        };
+    };
+    alerts: AlertRule[];
+}
+export interface RolePolicy {
+    inherits?: string;
+    skills: {
+        allowed: string[];
+        denied: string[];
+    };
+    execution: {
+        securityLevel: string;
+        maxCommandsPerHour: number;
+        requireApprovalFor: string[];
+    };
+    dataAccess: {
+        classifications: string[];
+        piiAccess: boolean;
+    };
+    network: {
+        allowedDomains: string[];
+        deniedDomains: string[];
+    };
+    filesystem: {
+        allowedPaths: string[];
+        deniedPaths: string[];
+    };
+}
+export interface AlertRule {
+    type: string;
+    threshold: number;
+    windowMinutes: number;
+    action: 'alert_admin' | 'lock_account' | 'disable_skill' | 'log_only';
+}
+export interface PolicyValidationResult {
+    valid: boolean;
+    errors: string[];
+    warnings: string[];
+}
+export declare class EnterprisePolicyEngine {
+    private eventBus;
+    private policy;
+    private alertCounters;
+    constructor(eventBus: SecurityEventBus, policy?: EnterprisePolicy);
+    loadFromFile(filePath: string): Promise<PolicyValidationResult>;
+    setPolicy(policy: EnterprisePolicy): PolicyValidationResult;
+    getPolicy(): EnterprisePolicy;
+    getRolePolicy(roleName: string): RolePolicy | null;
+    isSkillAllowed(roleName: string, skillName: string): boolean;
+    isDomainAllowed(roleName: string, domain: string): boolean;
+    isPathAllowed(roleName: string, path: string): boolean;
+    getGlobalSettings(): EnterprisePolicy['globalSettings'];
+    getCompliance(): EnterprisePolicy['compliance'];
+    validate(policy: EnterprisePolicy): PolicyValidationResult;
+    signPolicy(signingKey: string): string;
+    private mergeRolePolicies;
+    private matchDomain;
+    private matchPath;
+    private checkAlertRules;
+}
+//# sourceMappingURL=EnterprisePolicyEngine.d.ts.map

package/dist/security/EnterprisePolicyEngine.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"EnterprisePolicyEngine.d.ts","sourceRoot":"","sources":["../../src/security/EnterprisePolicyEngine.ts"],"names":[],"mappings":"AAcA,OAAO,EAAE,gBAAgB,EAAE,MAAM,uBAAuB,CAAC;AAKzD,MAAM,WAAW,gBAAgB;IAC7B,OAAO,EAAE,MAAM,CAAC;IAChB,YAAY,EAAE,MAAM,CAAC;IACrB,aAAa,EAAE,MAAM,CAAC;IACtB,SAAS,CAAC,EAAE,MAAM,CAAC;IAEnB,cAAc,EAAE;QACZ,aAAa,EAAE,UAAU,GAAG,QAAQ,GAAG,UAAU,CAAC;QAClD,WAAW,EAAE,OAAO,CAAC;QACrB,qBAAqB,EAAE,MAAM,CAAC;QAC9B,qBAAqB,EAAE,MAAM,CAAC;QAC9B,kBAAkB,EAAE,MAAM,CAAC;QAC3B,kBAAkB,EAAE,OAAO,CAAC;KAC/B,CAAC;IAEF,KAAK,EAAE,MAAM,CAAC,MAAM,EAAE,UAAU,CAAC,CAAC;IAElC,UAAU,EAAE;QACR,IAAI,EAAE;YAAE,OAAO,EAAE,OAAO,CAAC;YAAC,iBAAiB,EAAE,MAAM,CAAC;YAAC,eAAe,EAAE,OAAO,CAAA;SAAE,CAAC;QAChF,IAAI,EAAE;YAAE,OAAO,EAAE,OAAO,CAAC;YAAC,wBAAwB,EAAE,MAAM,CAAA;SAAE,CAAC;QAC7D,KAAK,EAAE;YAAE,OAAO,EAAE,OAAO,CAAC;YAAC,qBAAqB,EAAE,OAAO,CAAC;YAAC,oBAAoB,EAAE,OAAO,CAAA;SAAE,CAAC;KAC9F,CAAC;IAEF,MAAM,EAAE,SAAS,EAAE,CAAC;CACvB;AAED,MAAM,WAAW,UAAU;IACvB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,MAAM,EAAE;QAAE,OAAO,EAAE,MAAM,EAAE,CAAC;QAAC,MAAM,EAAE,MAAM,EAAE,CAAA;KAAE,CAAC;IAChD,SAAS,EAAE;QAAE,aAAa,EAAE,MAAM,CAAC;QAAC,kBAAkB,EAAE,MAAM,CAAC;QAAC,kBAAkB,EAAE,MAAM,EAAE,CAAA;KAAE,CAAC;IAC/F,UAAU,EAAE;QAAE,eAAe,EAAE,MAAM,EAAE,CAAC;QAAC,SAAS,EAAE,OAAO,CAAA;KAAE,CAAC;IAC9D,OAAO,EAAE;QAAE,cAAc,EAAE,MAAM,EAAE,CAAC;QAAC,aAAa,EAAE,MAAM,EAAE,CAAA;KAAE,CAAC;IAC/D,UAAU,EAAE;QAAE,YAAY,EAAE,MAAM,EAAE,CAAC;QAAC,WAAW,EAAE,MAAM,EAAE,CAAA;KAAE,CAAC;CACjE;AAED,MAAM,WAAW,SAAS;IACtB,IAAI,EAAE,MAAM,CAAC;IACb,SAAS,EAAE,MAAM,CAAC;IAClB,aAAa,EAAE,MAAM,CAAC;IACtB,MAAM,EAAE,aAAa,GAAG,cAAc,GAAG,eAAe,GAAG,UAAU,CAAC;CACzE;AAED,MAAM,WAAW,sBAAsB;IACnC,KAAK,EAAE,OAAO,CAAC;IACf,MAAM,EAAE,MAAM,EAAE,CAAC;IACjB,QAAQ,EAAE,MAAM,EAAE,CAAC;CACtB;AA+DD,qBAAa,sBAAsB;IAC/B,OAAO,CAAC,QAAQ,CAAmB;IACnC,OAAO,CAAC,MAAM,CAAmB;IACjC,OAAO,CAAC,aAAa,CAAkE;gBAE3E,QAAQ,EAAE,gBAAgB,EAAE,MAAM,CAAC,EAAE,gBAAgB;IAe3D,YAAY,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,sBAAsB,CAAC;IASrE,SAAS,CAAC,MAAM,EAAE,gBAAgB,GAAG,sBAAsB;IA4B3D,SAAS,IAAI,gBAAgB;IAO7B,aAAa,CAAC,QAAQ,EAAE,MAAM,GAAG,UAAU,GAAG,IAAI;IAkBlD,cAAc,CAAC,QAAQ,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,GAAG,OAAO;IAmB5D,eAAe,CAAC,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,GAAG,OAAO;IAiB1D,aAAa,CAAC,QAAQ,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,GAAG,OAAO;IAetD,iBAAiB,IAAI,gBAAgB,CAAC,gBAAgB,CAAC;IAOvD,aAAa,IAAI,gBAAgB,CAAC,YAAY,CAAC;IAO/C,QAAQ,CAAC,MAAM,EAAE,gBAAgB,GAAG,sBAAsB;IA+B1D,UAAU,CAAC,UAAU,EAAE,MAAM,GAAG,MAAM;IAYtC,OAAO,CAAC,iBAAiB;IAsBzB,OAAO,CAAC,WAAW;IAQnB,OAAO,CAAC,SAAS;IAWjB,OAAO,CAAC,eAAe;CAoC1B"}