@indicated/vibeguard 1.0.0

package/.claude/settings.local.json

@@ -0,0 +1,5 @@
+{
+  "enabledMcpjsonServers": [
+    "vibeguard"
+  ]
+}

package/.github/workflows/ci.yml

@@ -0,0 +1,65 @@
+name: CI
+
+on:
+  push:
+    branches: [main]
+  pull_request:
+    branches: [main]
+
+jobs:
+  test:
+    name: Test (Node ${{ matrix.node-version }})
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        node-version: [18, 20, 22]
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Setup Node.js ${{ matrix.node-version }}
+        uses: actions/setup-node@v4
+        with:
+          node-version: ${{ matrix.node-version }}
+          cache: 'npm'
+
+      - name: Install dependencies
+        run: npm ci
+
+      - name: Build
+        run: npm run build
+
+      - name: Run tests
+        run: npm test
+
+      - name: Run tests with coverage
+        if: matrix.node-version == 20
+        run: npm run test:coverage
+
+      - name: Upload coverage report
+        if: matrix.node-version == 20
+        uses: actions/upload-artifact@v4
+        with:
+          name: coverage-report
+          path: coverage/
+          retention-days: 7
+
+  lint:
+    name: Lint & Type Check
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: 20
+          cache: 'npm'
+
+      - name: Install dependencies
+        run: npm ci
+
+      - name: Type check
+        run: npm run build

package/.github/workflows/release.yml

@@ -0,0 +1,85 @@
+name: Release
+
+on:
+  push:
+    tags:
+      - 'v*'
+
+jobs:
+  test:
+    name: Test before release
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: 20
+          cache: 'npm'
+
+      - name: Install dependencies
+        run: npm ci
+
+      - name: Build
+        run: npm run build
+
+      - name: Run tests
+        run: npm test
+
+  publish:
+    name: Publish to npm
+    needs: test
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      id-token: write
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: 20
+          cache: 'npm'
+          registry-url: 'https://registry.npmjs.org'
+
+      - name: Install dependencies
+        run: npm ci
+
+      - name: Build
+        run: npm run build
+
+      - name: Publish to npm
+        run: npm publish --provenance --access public
+        env:
+          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
+
+  github-release:
+    name: Create GitHub Release
+    needs: publish
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Create GitHub Release
+        uses: softprops/action-gh-release@v1
+        with:
+          generate_release_notes: true
+          body: |
+            ## Installation
+
+            ```bash
+            npm install -g vibeguard
+            ```
+
+            ## What's Changed
+
+            See the automatically generated release notes below.

package/PROGRESS.md

@@ -0,0 +1,192 @@
+# VibeGuard Development Progress
+
+## Overview
+
+VibeGuard is a local CLI security scanner for AI-generated code. This document tracks what has been implemented and what remains to be done.
+
+---
+
+## ✅ Completed
+
+### Phase 1: Core Scanner
+- [x] TypeScript project setup with npm package structure
+- [x] Project structure following the planned architecture
+- [x] JS/TS parser using @babel/parser for AST analysis
+- [x] Pattern-based scanning with regex
+- [x] Basic `scan` command with file/directory support
+- [x] Finding output with file, line number, and severity
+
+### Phase 2: Full Rule Set
+- [x] 45 security rules implemented across all severity levels:
+  - **Critical (8):** hardcoded-secret, sql-injection, eval-usage, command-injection, insecure-deserialization, django-debug-true, django-secret-key-exposed, django-raw-sql
+  - **High (21):** missing-auth-route, xss-innerhtml, secrets-localstorage, supabase-no-rls, firebase-no-rules, idor-vulnerability, path-traversal, ssrf-vulnerability, open-redirect, insecure-cookie, missing-csrf, nextjs-exposed-server-action, nextjs-api-route-no-auth, nextjs-dangerouslySetInnerHTML, nextjs-exposed-env, django-no-csrf-exempt, fastapi-no-auth-dependency, nestjs-no-auth-guard, react-href-javascript, react-url-state-injection, express-session-insecure
+  - **Medium (10):** permissive-cors, http-not-https, weak-password, hardcoded-ip, xxe-vulnerability, jwt-none-algorithm, django-allowed-hosts-all, fastapi-cors-all-origins, express-helmet-missing, express-body-parser-limit
+  - **Low (6):** verbose-errors, missing-rate-limit, console-log-sensitive, debug-mode-enabled, prototype-pollution, nestjs-exposed-internal-exception
+- [x] Python parser support (pattern-based)
+- [x] Severity levels (critical, high, medium, low)
+- [x] Letter grading system (A+ to F)
+
+### Phase 3: CLI Polish
+- [x] `vibeguard scan` - Main scan command
+  - [x] Directory scanning
+  - [x] File scanning
+  - [x] `--staged` flag for git staged files
+  - [x] `--json` output format
+  - [x] `--force` to ignore exit code
+  - [x] `--quiet` minimal output
+- [x] `vibeguard init` - Pre-commit hook setup
+  - [x] Git hook creation
+  - [x] Husky detection and integration
+  - [x] `.vibeguardrc.json` config file creation
+- [x] `vibeguard rules` - List security rules
+  - [x] `--severity` filter
+  - [x] `--language` filter
+  - [x] `--json` output
+- [x] `vibeguard login` / `vibeguard logout` - License key management
+- [x] Pretty terminal output with colors
+- [x] Config file support (`.vibeguardrc.json`)
+
+### Phase 4: License System (CLI Side)
+- [x] `login` command implemented
+- [x] `logout` command implemented
+- [x] License key storage in `~/.vibeguard/license.json`
+- [x] Offline mode fallback (works without server)
+- [x] API client stubs ready for server integration
+
+### Bonus: MCP Integration
+- [x] `vibeguard mcp` command to start MCP server
+- [x] `scan_code` tool - Scan files/directories
+- [x] `list_security_rules` tool - List available rules
+- [x] `check_code_snippet` tool - Validate code without saving
+- [x] Documentation for Claude Code integration
+
+---
+
+## 🔲 Not Yet Implemented
+
+### Server-Side (Required for SaaS)
+- [ ] License validation API (`POST /v1/license/validate`)
+- [ ] License activation API (`POST /v1/license/activate`)
+- [ ] Rules API (`GET /v1/rules`) for auto-updates
+- [ ] Usage metrics API (`POST /v1/metrics`)
+- [ ] Database for license keys and usage tracking
+- [ ] Payment integration (Stripe, etc.)
+
+### CLI Enhancements
+- [ ] `vibeguard update` - Manual rule update command
+- [ ] `vibeguard ignore` - Add inline ignore comments
+- [ ] `vibeguard fix` - Auto-fix certain issues (where safe)
+- [ ] Watch mode (`--watch`) for continuous scanning
+- [ ] SARIF output format for GitHub Advanced Security
+- [ ] GitLab CI/CD integration format
+
+### Additional Rules
+- [x] Command injection detection
+- [x] Path traversal detection
+- [x] Insecure deserialization
+- [x] Hardcoded IP addresses
+- [x] Missing CSRF protection
+- [x] Insecure cookie settings
+- [x] Open redirect vulnerabilities
+- [x] XXE (XML External Entity) detection
+- [x] SSRF (Server-Side Request Forgery) patterns
+- [x] JWT none algorithm vulnerability
+- [x] Console logging sensitive data
+- [x] Debug mode enabled
+- [x] Prototype pollution
+
+### Parser Improvements
+- [ ] Tree-sitter Python parser (currently regex-only)
+- [ ] Better AST-based SQL injection detection for JS
+- [x] Framework-specific rules (Next.js, Django, FastAPI, NestJS, Express, React)
+- [ ] JSX/TSX component-level analysis
+
+### Testing
+- [x] Unit tests for scanner (13 tests)
+- [x] Unit tests for rule matching (186 tests across all 45 rules)
+- [x] Rule definitions tests (47 tests)
+- [x] Test coverage reporting (Vitest + v8)
+- [x] CI/CD pipeline (GitHub Actions)
+  - [x] CI workflow: tests on Node 18, 20, 22
+  - [x] Release workflow: auto-publish to npm on tags
+- [ ] Integration tests for CLI commands
+
+### Documentation
+- [ ] API documentation for server endpoints
+- [ ] Contributing guide
+- [ ] Rule authoring guide
+- [ ] Examples for each vulnerability type
+
+### Distribution
+- [ ] Publish to npm
+- [ ] Homebrew formula
+- [ ] Binary releases (pkg)
+- [ ] Docker image
+
+---
+
+## 📁 Current Project Structure
+
+```
+vibeguard/
+├── src/
+│   ├── cli/
+│   │   ├── index.ts              # CLI entry point
+│   │   ├── config.ts             # Config file loading
+│   │   ├── output.ts             # Terminal formatting
+│   │   └── commands/
+│   │       ├── scan.ts           # scan command
+│   │       ├── init.ts           # init command
+│   │       ├── login.ts          # login/logout commands
+│   │       ├── rules.ts          # rules command
+│   │       └── mcp.ts            # mcp command
+│   ├── scanner/
+│   │   ├── index.ts              # Main scanner logic
+│   │   ├── parsers/
+│   │   │   ├── javascript.ts     # JS/TS AST + pattern scanning
+│   │   │   └── python.ts         # Python pattern scanning
+│   │   └── rules/
+│   │       ├── definitions.ts    # 14 security rules
+│   │       ├── loader.ts         # Rule loading (local + API)
+│   │       └── matcher.ts        # Pattern matching utilities
+│   ├── mcp/
+│   │   └── server.ts             # MCP server for AI assistants
+│   ├── api/
+│   │   ├── license.ts            # License management
+│   │   └── rules.ts              # Rules API client
+│   └── types.ts                  # TypeScript types
+├── dist/                         # Compiled JavaScript
+├── test-samples/                 # Test files with vulnerabilities
+├── package.json
+├── tsconfig.json
+├── README.md
+└── PROGRESS.md                   # This file
+```
+
+---
+
+## 🚀 Next Steps (Recommended Order)
+
+1. **Testing** - Add unit tests before making more changes
+2. **More Rules** - Expand rule coverage based on user feedback
+3. **npm Publish** - Get it in users' hands
+4. **Server API** - Build license/rules server for SaaS model
+5. **CI Integration** - SARIF output for GitHub/GitLab
+
+---
+
+## 📊 Stats
+
+| Metric | Count |
+|--------|-------|
+| Security Rules | 45 |
+| CLI Commands | 6 |
+| MCP Tools | 3 |
+| Supported Languages | 3 (JS, TS, Python) |
+| Frameworks | 6 (Next.js, Django, FastAPI, NestJS, Express, React) |
+| Unit Tests | 246 |
+| Lines of TypeScript | ~2,000 |
+
+---
+
+*Last updated: January 30, 2026*

package/README.md

@@ -0,0 +1,183 @@
+# VibeGuard
+
+Local CLI security scanner for AI-generated code. Your code never leaves your machine.
+
+## Installation
+
+```bash
+npm install -g vibeguard
+```
+
+## Quick Start
+
+```bash
+# Scan a directory
+vibeguard scan ./src
+
+# Scan specific files
+vibeguard scan ./api.js ./auth.ts
+
+# Set up pre-commit hook (blocks commits with critical/high issues)
+vibeguard init
+
+# View all security rules
+vibeguard rules
+```
+
+## Commands
+
+### `vibeguard scan [targets...]`
+
+Scan files or directories for security vulnerabilities.
+
+```bash
+vibeguard scan ./src            # Scan directory
+vibeguard scan --staged         # Scan git staged files only
+vibeguard scan --json           # Output as JSON
+vibeguard scan --force          # Don't exit with error on issues
+vibeguard scan --quiet          # Minimal output
+```
+
+### `vibeguard init`
+
+Set up a pre-commit hook to automatically scan code before commits.
+
+```bash
+vibeguard init          # Creates hook and config
+vibeguard init --force  # Overwrite existing hooks
+```
+
+This creates:
+- A git pre-commit hook that runs `vibeguard scan --staged`
+- A `.vibeguardrc.json` config file
+
+### `vibeguard rules`
+
+List all available security rules.
+
+```bash
+vibeguard rules                      # List all rules
+vibeguard rules --severity critical  # Filter by severity
+vibeguard rules --language python    # Filter by language
+vibeguard rules --json               # Output as JSON
+```
+
+### `vibeguard login`
+
+Authenticate with your license key (for premium features).
+
+```bash
+vibeguard login
+vibeguard login --key YOUR_KEY --email you@example.com
+```
+
+### `vibeguard logout`
+
+Remove stored license key.
+
+### `vibeguard mcp`
+
+Start VibeGuard as an MCP server for AI assistant integration.
+
+## AI Assistant Integration (MCP)
+
+VibeGuard can run as an MCP (Model Context Protocol) server, allowing AI coding assistants like Claude Code to directly scan your code for vulnerabilities.
+
+### Setup for Claude Code
+
+1. Install VibeGuard globally:
+   ```bash
+   npm install -g vibeguard
+   ```
+
+2. Add to your Claude Code MCP settings (`~/.claude/settings.json`):
+   ```json
+   {
+     "mcpServers": {
+       "vibeguard": {
+         "command": "vibeguard",
+         "args": ["mcp"]
+       }
+     }
+   }
+   ```
+
+3. Restart Claude Code. The AI will now have access to these tools:
+
+| Tool | Description |
+|------|-------------|
+| `scan_code` | Scan files/directories for security vulnerabilities |
+| `list_security_rules` | List all available security rules |
+| `check_code_snippet` | Check a code snippet without writing to disk |
+
+### How it works
+
+Once configured, you can ask Claude Code things like:
+- "Scan my src folder for security issues"
+- "Check this code for vulnerabilities before I save it"
+- "What security rules does VibeGuard check for?"
+
+The AI will automatically use VibeGuard to scan your code and report any issues.
+
+## Configuration
+
+Create a `.vibeguardrc.json` in your project root:
+
+```json
+{
+  "exclude": [
+    "node_modules",
+    "dist",
+    "build",
+    "*.test.js"
+  ],
+  "rules": {
+    "disabled": ["missing-rate-limit"]
+  }
+}
+```
+
+## Supported Languages
+
+- JavaScript (.js, .jsx, .mjs, .cjs)
+- TypeScript (.ts, .tsx)
+- Python (.py)
+
+## Security Rules
+
+### Critical
+- **hardcoded-secret**: Detects hardcoded API keys, tokens, and passwords
+- **sql-injection**: Detects SQL injection vulnerabilities
+- **eval-usage**: Detects dangerous eval() usage
+
+### High
+- **missing-auth-route**: API routes without authentication
+- **xss-innerhtml**: XSS via innerHTML/dangerouslySetInnerHTML
+- **secrets-localstorage**: Sensitive data in localStorage/sessionStorage
+- **supabase-no-rls**: Supabase queries without RLS
+- **firebase-no-rules**: Firebase without security rules
+- **idor-vulnerability**: Potential IDOR vulnerabilities
+
+### Medium
+- **permissive-cors**: Overly permissive CORS configuration
+- **http-not-https**: HTTP instead of HTTPS
+- **weak-password**: Weak password requirements
+
+### Low
+- **verbose-errors**: Detailed errors exposed to clients
+- **missing-rate-limit**: Missing rate limiting on sensitive endpoints
+
+## Exit Codes
+
+- `0`: No critical/high issues found
+- `1`: Critical or high severity issues found (blocks commit)
+
+Use `--force` to always exit with 0, or `git commit --no-verify` to skip the hook.
+
+## Privacy
+
+VibeGuard runs entirely on your machine. Your code is never sent to any server. Only license validation requires network access.
+
+## License
+
+Commercial SaaS - License key required for full features.

package/dist/api/license.d.ts

@@ -0,0 +1,13 @@
+export declare function getLicenseKey(): string | null;
+export declare function saveLicenseKey(key: string, email?: string): void;
+export declare function clearLicenseKey(): void;
+export declare function validateLicense(key: string): Promise<{
+    valid: boolean;
+    message?: string;
+    tier?: string;
+}>;
+export declare function activateLicense(email: string, key: string): Promise<{
+    success: boolean;
+    message: string;
+}>;
+//# sourceMappingURL=license.d.ts.map

package/dist/api/license.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"license.d.ts","sourceRoot":"","sources":["../../src/api/license.ts"],"names":[],"mappings":"AAcA,wBAAgB,aAAa,IAAI,MAAM,GAAG,IAAI,CAU7C;AAED,wBAAgB,cAAc,CAAC,GAAG,EAAE,MAAM,EAAE,KAAK,CAAC,EAAE,MAAM,GAAG,IAAI,CAOhE;AAED,wBAAgB,eAAe,IAAI,IAAI,CAItC;AAED,wBAAsB,eAAe,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;IAC1D,KAAK,EAAE,OAAO,CAAC;IACf,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,IAAI,CAAC,EAAE,MAAM,CAAC;CACf,CAAC,CAoCD;AAED,wBAAsB,eAAe,CACnC,KAAK,EAAE,MAAM,EACb,GAAG,EAAE,MAAM,GACV,OAAO,CAAC;IAAE,OAAO,EAAE,OAAO,CAAC;IAAC,OAAO,EAAE,MAAM,CAAA;CAAE,CAAC,CAiChD"}

package/dist/api/license.js

@@ -0,0 +1,138 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.getLicenseKey = getLicenseKey;
+exports.saveLicenseKey = saveLicenseKey;
+exports.clearLicenseKey = clearLicenseKey;
+exports.validateLicense = validateLicense;
+exports.activateLicense = activateLicense;
+const fs = __importStar(require("fs"));
+const path = __importStar(require("path"));
+const os = __importStar(require("os"));
+const CONFIG_DIR = path.join(os.homedir(), '.vibeguard');
+const LICENSE_FILE = path.join(CONFIG_DIR, 'license.json');
+const API_BASE_URL = process.env.VIBEGUARD_API_URL || 'https://api.vibeguard.dev';
+function getLicenseKey() {
+    try {
+        if (fs.existsSync(LICENSE_FILE)) {
+            const data = JSON.parse(fs.readFileSync(LICENSE_FILE, 'utf-8'));
+            return data.key || null;
+        }
+    }
+    catch {
+        // Ignore errors
+    }
+    return null;
+}
+function saveLicenseKey(key, email) {
+    if (!fs.existsSync(CONFIG_DIR)) {
+        fs.mkdirSync(CONFIG_DIR, { recursive: true });
+    }
+    const data = { key, email };
+    fs.writeFileSync(LICENSE_FILE, JSON.stringify(data, null, 2));
+}
+function clearLicenseKey() {
+    if (fs.existsSync(LICENSE_FILE)) {
+        fs.unlinkSync(LICENSE_FILE);
+    }
+}
+async function validateLicense(key) {
+    // For offline/development mode, accept any key
+    if (process.env.VIBEGUARD_OFFLINE === 'true') {
+        return { valid: true, tier: 'offline' };
+    }
+    try {
+        const response = await fetch(`${API_BASE_URL}/v1/license/validate`, {
+            method: 'POST',
+            headers: {
+                'Content-Type': 'application/json',
+            },
+            body: JSON.stringify({ key }),
+        });
+        if (response.ok) {
+            const data = (await response.json());
+            return {
+                valid: true,
+                tier: data.tier || 'standard',
+            };
+        }
+        const error = (await response.json().catch(() => ({})));
+        return {
+            valid: false,
+            message: error.message || 'Invalid license key',
+        };
+    }
+    catch {
+        // If API is unreachable, allow offline mode
+        return {
+            valid: true,
+            message: 'Running in offline mode',
+            tier: 'offline',
+        };
+    }
+}
+async function activateLicense(email, key) {
+    if (process.env.VIBEGUARD_OFFLINE === 'true') {
+        saveLicenseKey(key, email);
+        return { success: true, message: 'License activated in offline mode' };
+    }
+    try {
+        const response = await fetch(`${API_BASE_URL}/v1/license/activate`, {
+            method: 'POST',
+            headers: {
+                'Content-Type': 'application/json',
+            },
+            body: JSON.stringify({ email, key }),
+        });
+        if (response.ok) {
+            saveLicenseKey(key, email);
+            return { success: true, message: 'License activated successfully' };
+        }
+        const error = (await response.json().catch(() => ({})));
+        return {
+            success: false,
+            message: error.message || 'Failed to activate license',
+        };
+    }
+    catch {
+        // Allow offline activation
+        saveLicenseKey(key, email);
+        return {
+            success: true,
+            message: 'License saved locally (offline mode)',
+        };
+    }
+}
+//# sourceMappingURL=license.js.map

package/dist/api/license.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"license.js","sourceRoot":"","sources":["../../src/api/license.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAcA,sCAUC;AAED,wCAOC;AAED,0CAIC;AAED,0CAwCC;AAED,0CAoCC;AAvHD,uCAAyB;AACzB,2CAA6B;AAC7B,uCAAyB;AAEzB,MAAM,UAAU,GAAG,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,EAAE,YAAY,CAAC,CAAC;AACzD,MAAM,YAAY,GAAG,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,cAAc,CAAC,CAAC;AAC3D,MAAM,YAAY,GAAG,OAAO,CAAC,GAAG,CAAC,iBAAiB,IAAI,2BAA2B,CAAC;AAQlF,SAAgB,aAAa;IAC3B,IAAI,CAAC;QACH,IAAI,EAAE,CAAC,UAAU,CAAC,YAAY,CAAC,EAAE,CAAC;YAChC,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,YAAY,CAAC,YAAY,EAAE,OAAO,CAAC,CAAC,CAAC;YAChE,OAAO,IAAI,CAAC,GAAG,IAAI,IAAI,CAAC;QAC1B,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,gBAAgB;IAClB,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,SAAgB,cAAc,CAAC,GAAW,EAAE,KAAc;IACxD,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;QAC/B,EAAE,CAAC,SAAS,CAAC,UAAU,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IAChD,CAAC;IAED,MAAM,IAAI,GAAgB,EAAE,GAAG,EAAE,KAAK,EAAE,CAAC;IACzC,EAAE,CAAC,aAAa,CAAC,YAAY,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;AAChE,CAAC;AAED,SAAgB,eAAe;IAC7B,IAAI,EAAE,CAAC,UAAU,CAAC,YAAY,CAAC,EAAE,CAAC;QAChC,EAAE,CAAC,UAAU,CAAC,YAAY,CAAC,CAAC;IAC9B,CAAC;AACH,CAAC;AAEM,KAAK,UAAU,eAAe,CAAC,GAAW;IAK/C,+CAA+C;IAC/C,IAAI,OAAO,CAAC,GAAG,CAAC,iBAAiB,KAAK,MAAM,EAAE,CAAC;QAC7C,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,IAAI,EAAE,SAAS,EAAE,CAAC;IAC1C,CAAC;IAED,IAAI,CAAC;QACH,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,YAAY,sBAAsB,EAAE;YAClE,MAAM,EAAE,MAAM;YACd,OAAO,EAAE;gBACP,cAAc,EAAE,kBAAkB;aACnC;YACD,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,GAAG,EAAE,CAAC;SAC9B,CAAC,CAAC;QAEH,IAAI,QAAQ,CAAC,EAAE,EAAE,CAAC;YAChB,MAAM,IAAI,GAAG,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAsB,CAAC;YAC1D,OAAO;gBACL,KAAK,EAAE,IAAI;gBACX,IAAI,EAAE,IAAI,CAAC,IAAI,IAAI,UAAU;aAC9B,CAAC;QACJ,CAAC;QAED,MAAM,KAAK,GAAG,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,CAAC,EAAE,CAAC,CAAC,CAAyB,CAAC;QAChF,OAAO;YACL,KAAK,EAAE,KAAK;YACZ,OAAO,EAAE,KAAK,CAAC,OAAO,IAAI,qBAAqB;SAChD,CAAC;IACJ,CAAC;IAAC,MAAM,CAAC;QACP,4CAA4C;QAC5C,OAAO;YACL,KAAK,EAAE,IAAI;YACX,OAAO,EAAE,yBAAyB;YAClC,IAAI,EAAE,SAAS;SAChB,CAAC;IACJ,CAAC;AACH,CAAC;AAEM,KAAK,UAAU,eAAe,CACnC,KAAa,EACb,GAAW;IAEX,IAAI,OAAO,CAAC,GAAG,CAAC,iBAAiB,KAAK,MAAM,EAAE,CAAC;QAC7C,cAAc,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;QAC3B,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,mCAAmC,EAAE,CAAC;IACzE,CAAC;IAED,IAAI,CAAC;QACH,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,YAAY,sBAAsB,EAAE;YAClE,MAAM,EAAE,MAAM;YACd,OAAO,EAAE;gBACP,cAAc,EAAE,kBAAkB;aACnC;YACD,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,GAAG,EAAE,CAAC;SACrC,CAAC,CAAC;QAEH,IAAI,QAAQ,CAAC,EAAE,EAAE,CAAC;YAChB,cAAc,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;YAC3B,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,gCAAgC,EAAE,CAAC;QACtE,CAAC;QAED,MAAM,KAAK,GAAG,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,CAAC,EAAE,CAAC,CAAC,CAAyB,CAAC;QAChF,OAAO;YACL,OAAO,EAAE,KAAK;YACd,OAAO,EAAE,KAAK,CAAC,OAAO,IAAI,4BAA4B;SACvD,CAAC;IACJ,CAAC;IAAC,MAAM,CAAC;QACP,2BAA2B;QAC3B,cAAc,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;QAC3B,OAAO;YACL,OAAO,EAAE,IAAI;YACb,OAAO,EAAE,sCAAsC;SAChD,CAAC;IACJ,CAAC;AACH,CAAC"}