@kairoaisec/cli 0.1.0

package/dist/lib/patterns.js

@@ -0,0 +1,187 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.VULNERABILITY_PATTERNS = void 0;
+/**
+ * Comprehensive vulnerability patterns ported from lib/scan-utils.ts
+ * These patterns detect common smart contract security issues
+ * Exactly 16 patterns from the main app scanner
+ */
+exports.VULNERABILITY_PATTERNS = [
+    {
+        id: 'reentrancy',
+        pattern: /\.call\{value:\s*[^}]+\}\s*\([^)]*\)/g,
+        severity: 'CRITICAL',
+        title: 'Potential Reentrancy Vulnerability',
+        description: 'External call with value transfer detected. Ensure state changes happen before external calls.',
+        recommendation: 'Apply the Checks-Effects-Interactions pattern. Use ReentrancyGuard modifier.',
+        category: 'Security',
+        cwe: 'CWE-841',
+        confidenceBase: 0.85,
+    },
+    {
+        id: 'unchecked-call',
+        pattern: /\.call\{[^}]*\}\s*\([^)]*\)\s*;(?!\s*(require|if|assert|\(bool))/g,
+        severity: 'HIGH',
+        title: 'Unchecked External Call',
+        description: 'Return value of external call is not checked. Failed calls will not revert.',
+        recommendation: 'Always check return value of .call(). Use require(success) or handle failure explicitly.',
+        category: 'Security',
+        cwe: 'CWE-252',
+        confidenceBase: 0.9,
+    },
+    {
+        id: 'tx-origin',
+        pattern: /tx\.origin/g,
+        severity: 'HIGH',
+        title: 'tx.origin Authentication',
+        description: 'Using tx.origin for authentication is vulnerable to phishing attacks.',
+        recommendation: 'Use msg.sender instead of tx.origin for authentication checks.',
+        category: 'Access Control',
+        cwe: 'CWE-284',
+        confidenceBase: 0.95,
+    },
+    {
+        id: 'selfdestruct',
+        pattern: /selfdestruct\s*\(/g,
+        severity: 'CRITICAL',
+        title: 'Selfdestruct Usage',
+        description: 'selfdestruct can permanently destroy the contract and send funds to an address.',
+        recommendation: 'Add proper access control to selfdestruct calls. Consider if selfdestruct is necessary.',
+        category: 'Access Control',
+        cwe: 'CWE-284',
+        confidenceBase: 0.9,
+    },
+    {
+        id: 'delegatecall',
+        pattern: /\.delegatecall\s*\(/g,
+        severity: 'HIGH',
+        title: 'Delegatecall Usage',
+        description: 'delegatecall executes code in the context of the calling contract.',
+        recommendation: 'Only delegatecall to trusted, audited contracts. Avoid user-supplied addresses.',
+        category: 'Security',
+        cwe: 'CWE-829',
+        confidenceBase: 0.8,
+    },
+    {
+        id: 'timestamp-dependency',
+        pattern: /block\.timestamp|block\.number/g,
+        severity: 'MEDIUM',
+        title: 'Block Timestamp/Number Dependency',
+        description: 'Block values can be manipulated by miners within a certain range.',
+        recommendation: 'Avoid using block values for randomness or critical time windows.',
+        category: 'Security',
+        cwe: 'CWE-330',
+        confidenceBase: 0.7,
+    },
+    {
+        id: 'integer-overflow',
+        pattern: /(?<!\+\+|\-\-)\s*(\+|\-|\*)\s*(?!\+|\-)(?!.*SafeMath)/g,
+        severity: 'MEDIUM',
+        title: 'Potential Integer Overflow/Underflow',
+        description: 'Arithmetic operation without SafeMath (for Solidity < 0.8.0).',
+        recommendation: 'Use Solidity 0.8+ or SafeMath library for arithmetic operations.',
+        category: 'Security',
+        cwe: 'CWE-190',
+        confidenceBase: 0.6,
+    },
+    {
+        id: 'floating-pragma',
+        pattern: /pragma\s+solidity\s*\^/g,
+        severity: 'LOW',
+        title: 'Floating Pragma',
+        description: 'Contract may be compiled with different compiler versions.',
+        recommendation: 'Lock pragma to specific version (e.g., pragma solidity 0.8.20).',
+        category: 'Best Practices',
+        cwe: 'CWE-1103',
+        confidenceBase: 0.95,
+    },
+    {
+        id: 'public-burn',
+        pattern: /function\s+burn\s*\([^)]*\)\s*(external|public)/g,
+        severity: 'MEDIUM',
+        title: 'Public Burn Function',
+        description: 'Publicly accessible burn function could be exploited without proper authorization.',
+        recommendation: 'Ensure burn functions have proper authorization checks.',
+        category: 'Token Security',
+        cwe: 'CWE-284',
+        confidenceBase: 0.7,
+    },
+    {
+        id: 'msg-value-loop',
+        pattern: /for\s*\([^)]*\)\s*\{[^}]*msg\.value/g,
+        severity: 'HIGH',
+        title: 'msg.value in Loop',
+        description: 'Using msg.value inside a loop can lead to unexpected behavior.',
+        recommendation: 'Calculate total expected value before loop and validate once.',
+        category: 'Security',
+        cwe: 'CWE-670',
+        confidenceBase: 0.88,
+    },
+    {
+        id: 'gas-griefing',
+        pattern: /\.call\{[^}]*\}\s*\([^)]*\)\s*;/g,
+        severity: 'HIGH',
+        title: 'Potential Gas Griefing Vulnerability',
+        description: 'External call may consume excessive gas if recipient is malicious contract with expensive fallback.',
+        recommendation: 'Set explicit gas limit for external calls: .call{gas: 50000, value: amount}("")',
+        category: 'Security',
+        cwe: 'CWE-400',
+        confidenceBase: 0.75,
+    },
+    {
+        id: 'unbounded-loop-external',
+        pattern: /for\s*\([^)]*\)\s*\{[^}]*(\.call|\.send|\.transfer)/g,
+        severity: 'CRITICAL',
+        title: 'Unbounded Loop with External Calls',
+        description: 'External calls in unbounded loops can cause out-of-gas errors, blocking contract functionality.',
+        recommendation: 'Use pull-over-push pattern or limit loop iterations.',
+        category: 'Security',
+        cwe: 'CWE-400',
+        confidenceBase: 0.9,
+    },
+    {
+        id: 'return-bomb',
+        pattern: /\(bool\s+\w+,\s*bytes\s+memory\s+\w+\)\s*=\s*\w+\.call/g,
+        severity: 'MEDIUM',
+        title: 'Potential Return Data Bomb',
+        description: 'Unbounded return data from external call can consume excessive memory gas.',
+        recommendation: 'Ignore return data if not needed: (bool success, ) = target.call(...)',
+        category: 'Security',
+        cwe: 'CWE-400',
+        confidenceBase: 0.7,
+    },
+    {
+        id: 'signature-no-nonce',
+        pattern: /ecrecover|ECDSA\.recover/g,
+        severity: 'CRITICAL',
+        title: 'Signature Verification Without Nonce',
+        description: 'Signature can be replayed multiple times without nonce tracking.',
+        recommendation: 'Include and track nonce in signed message. Mark nonces as used after verification.',
+        category: 'Access Control',
+        cwe: 'CWE-294',
+        confidenceBase: 0.6,
+    },
+    {
+        id: 'signature-no-chainid',
+        pattern: /ecrecover|ECDSA\.recover/g,
+        severity: 'HIGH',
+        title: 'Signature Missing Chain ID',
+        description: 'Signature valid on one chain can be replayed on another chain.',
+        recommendation: 'Include block.chainid in signed message hash (EIP-712 domain separator).',
+        category: 'Access Control',
+        cwe: 'CWE-294',
+        confidenceBase: 0.65,
+    },
+    {
+        id: 'signature-no-deadline',
+        pattern: /ecrecover|ECDSA\.recover/g,
+        severity: 'MEDIUM',
+        title: 'Signature Without Expiration',
+        description: 'Signatures without deadline can be held and replayed indefinitely.',
+        recommendation: 'Include deadline timestamp in signed message and validate before processing.',
+        category: 'Access Control',
+        cwe: 'CWE-613',
+        confidenceBase: 0.7,
+    },
+];
+//# sourceMappingURL=patterns.js.map

package/dist/lib/patterns.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"patterns.js","sourceRoot":"","sources":["../../src/lib/patterns.ts"],"names":[],"mappings":";;;AAYA;;;;GAIG;AACU,QAAA,sBAAsB,GAA2B;IAC5D;QACE,EAAE,EAAE,YAAY;QAChB,OAAO,EAAE,uCAAuC;QAChD,QAAQ,EAAE,UAAU;QACpB,KAAK,EAAE,oCAAoC;QAC3C,WAAW,EACT,gGAAgG;QAClG,cAAc,EAAE,8EAA8E;QAC9F,QAAQ,EAAE,UAAU;QACpB,GAAG,EAAE,SAAS;QACd,cAAc,EAAE,IAAI;KACrB;IACD;QACE,EAAE,EAAE,gBAAgB;QACpB,OAAO,EAAE,mEAAmE;QAC5E,QAAQ,EAAE,MAAM;QAChB,KAAK,EAAE,yBAAyB;QAChC,WAAW,EAAE,6EAA6E;QAC1F,cAAc,EACZ,0FAA0F;QAC5F,QAAQ,EAAE,UAAU;QACpB,GAAG,EAAE,SAAS;QACd,cAAc,EAAE,GAAG;KACpB;IACD;QACE,EAAE,EAAE,WAAW;QACf,OAAO,EAAE,aAAa;QACtB,QAAQ,EAAE,MAAM;QAChB,KAAK,EAAE,0BAA0B;QACjC,WAAW,EAAE,uEAAuE;QACpF,cAAc,EAAE,gEAAgE;QAChF,QAAQ,EAAE,gBAAgB;QAC1B,GAAG,EAAE,SAAS;QACd,cAAc,EAAE,IAAI;KACrB;IACD;QACE,EAAE,EAAE,cAAc;QAClB,OAAO,EAAE,oBAAoB;QAC7B,QAAQ,EAAE,UAAU;QACpB,KAAK,EAAE,oBAAoB;QAC3B,WAAW,EAAE,iFAAiF;QAC9F,cAAc,EACZ,yFAAyF;QAC3F,QAAQ,EAAE,gBAAgB;QAC1B,GAAG,EAAE,SAAS;QACd,cAAc,EAAE,GAAG;KACpB;IACD;QACE,EAAE,EAAE,cAAc;QAClB,OAAO,EAAE,sBAAsB;QAC/B,QAAQ,EAAE,MAAM;QAChB,KAAK,EAAE,oBAAoB;QAC3B,WAAW,EAAE,oEAAoE;QACjF,cAAc,EACZ,iFAAiF;QACnF,QAAQ,EAAE,UAAU;QACpB,GAAG,EAAE,SAAS;QACd,cAAc,EAAE,GAAG;KACpB;IACD;QACE,EAAE,EAAE,sBAAsB;QAC1B,OAAO,EAAE,iCAAiC;QAC1C,QAAQ,EAAE,QAAQ;QAClB,KAAK,EAAE,mCAAmC;QAC1C,WAAW,EAAE,mEAAmE;QAChF,cAAc,EAAE,mEAAmE;QACnF,QAAQ,EAAE,UAAU;QACpB,GAAG,EAAE,SAAS;QACd,cAAc,EAAE,GAAG;KACpB;IACD;QACE,EAAE,EAAE,kBAAkB;QACtB,OAAO,EAAE,wDAAwD;QACjE,QAAQ,EAAE,QAAQ;QAClB,KAAK,EAAE,sCAAsC;QAC7C,WAAW,EAAE,+DAA+D;QAC5E,cAAc,EAAE,kEAAkE;QAClF,QAAQ,EAAE,UAAU;QACpB,GAAG,EAAE,SAAS;QACd,cAAc,EAAE,GAAG;KACpB;IACD;QACE,EAAE,EAAE,iBAAiB;QACrB,OAAO,EAAE,yBAAyB;QAClC,QAAQ,EAAE,KAAK;QACf,KAAK,EAAE,iBAAiB;QACxB,WAAW,EAAE,4DAA4D;QACzE,cAAc,EAAE,iEAAiE;QACjF,QAAQ,EAAE,gBAAgB;QAC1B,GAAG,EAAE,UAAU;QACf,cAAc,EAAE,IAAI;KACrB;IACD;QACE,EAAE,EAAE,aAAa;QACjB,OAAO,EAAE,kDAAkD;QAC3D,QAAQ,EAAE,QAAQ;QAClB,KAAK,EAAE,sBAAsB;QAC7B,WAAW,EACT,oFAAoF;QACtF,cAAc,EAAE,yDAAyD;QACzE,QAAQ,EAAE,gBAAgB;QAC1B,GAAG,EAAE,SAAS;QACd,cAAc,EAAE,GAAG;KACpB;IACD;QACE,EAAE,EAAE,gBAAgB;QACpB,OAAO,EAAE,sCAAsC;QAC/C,QAAQ,EAAE,MAAM;QAChB,KAAK,EAAE,mBAAmB;QAC1B,WAAW,EAAE,gEAAgE;QAC7E,cAAc,EAAE,+DAA+D;QAC/E,QAAQ,EAAE,UAAU;QACpB,GAAG,EAAE,SAAS;QACd,cAAc,EAAE,IAAI;KACrB;IACD;QACE,EAAE,EAAE,cAAc;QAClB,OAAO,EAAE,kCAAkC;QAC3C,QAAQ,EAAE,MAAM;QAChB,KAAK,EAAE,sCAAsC;QAC7C,WAAW,EACT,qGAAqG;QACvG,cAAc,EACZ,iFAAiF;QACnF,QAAQ,EAAE,UAAU;QACpB,GAAG,EAAE,SAAS;QACd,cAAc,EAAE,IAAI;KACrB;IACD;QACE,EAAE,EAAE,yBAAyB;QAC7B,OAAO,EAAE,sDAAsD;QAC/D,QAAQ,EAAE,UAAU;QACpB,KAAK,EAAE,oCAAoC;QAC3C,WAAW,EACT,iGAAiG;QACnG,cAAc,EAAE,sDAAsD;QACtE,QAAQ,EAAE,UAAU;QACpB,GAAG,EAAE,SAAS;QACd,cAAc,EAAE,GAAG;KACpB;IACD;QACE,EAAE,EAAE,aAAa;QACjB,OAAO,EAAE,yDAAyD;QAClE,QAAQ,EAAE,QAAQ;QAClB,KAAK,EAAE,4BAA4B;QACnC,WAAW,EAAE,4EAA4E;QACzF,cAAc,EAAE,uEAAuE;QACvF,QAAQ,EAAE,UAAU;QACpB,GAAG,EAAE,SAAS;QACd,cAAc,EAAE,GAAG;KACpB;IACD;QACE,EAAE,EAAE,oBAAoB;QACxB,OAAO,EAAE,2BAA2B;QACpC,QAAQ,EAAE,UAAU;QACpB,KAAK,EAAE,sCAAsC;QAC7C,WAAW,EAAE,kEAAkE;QAC/E,cAAc,EACZ,oFAAoF;QACtF,QAAQ,EAAE,gBAAgB;QAC1B,GAAG,EAAE,SAAS;QACd,cAAc,EAAE,GAAG;KACpB;IACD;QACE,EAAE,EAAE,sBAAsB;QAC1B,OAAO,EAAE,2BAA2B;QACpC,QAAQ,EAAE,MAAM;QAChB,KAAK,EAAE,4BAA4B;QACnC,WAAW,EAAE,gEAAgE;QAC7E,cAAc,EAAE,0EAA0E;QAC1F,QAAQ,EAAE,gBAAgB;QAC1B,GAAG,EAAE,SAAS;QACd,cAAc,EAAE,IAAI;KACrB;IACD;QACE,EAAE,EAAE,uBAAuB;QAC3B,OAAO,EAAE,2BAA2B;QACpC,QAAQ,EAAE,QAAQ;QAClB,KAAK,EAAE,8BAA8B;QACrC,WAAW,EAAE,oEAAoE;QACjF,cAAc,EAAE,8EAA8E;QAC9F,QAAQ,EAAE,gBAAgB;QAC1B,GAAG,EAAE,SAAS;QACd,cAAc,EAAE,GAAG;KACpB;CACF,CAAC"}

package/dist/lib/sarif.d.ts

@@ -0,0 +1,61 @@
+import type { Finding } from './scanner.js';
+interface SarifReport {
+    version: '2.1.0';
+    $schema: string;
+    runs: SarifRun[];
+}
+interface SarifRun {
+    tool: {
+        driver: {
+            name: string;
+            version: string;
+            informationUri: string;
+            rules: SarifRule[];
+        };
+    };
+    results: SarifResult[];
+}
+interface SarifRule {
+    id: string;
+    name: string;
+    shortDescription: {
+        text: string;
+    };
+    fullDescription: {
+        text: string;
+    };
+    help: {
+        text: string;
+        markdown: string;
+    };
+    properties: {
+        tags: string[];
+        precision: string;
+        'security-severity': string;
+    };
+}
+interface SarifResult {
+    ruleId: string;
+    level: 'error' | 'warning' | 'note';
+    message: {
+        text: string;
+    };
+    locations: Array<{
+        physicalLocation: {
+            artifactLocation: {
+                uri: string;
+            };
+            region: {
+                startLine: number;
+                endLine: number;
+                snippet: {
+                    text: string;
+                };
+            };
+        };
+    }>;
+}
+export declare function generateSarifReport(findings: Finding[], projectRoot: string): SarifReport;
+export declare function writeSarifReport(report: SarifReport, outputPath: string): void;
+export {};
+//# sourceMappingURL=sarif.d.ts.map

package/dist/lib/sarif.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"sarif.d.ts","sourceRoot":"","sources":["../../src/lib/sarif.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,cAAc,CAAC;AAE5C,UAAU,WAAW;IACnB,OAAO,EAAE,OAAO,CAAC;IACjB,OAAO,EAAE,MAAM,CAAC;IAChB,IAAI,EAAE,QAAQ,EAAE,CAAC;CAClB;AAED,UAAU,QAAQ;IAChB,IAAI,EAAE;QACJ,MAAM,EAAE;YACN,IAAI,EAAE,MAAM,CAAC;YACb,OAAO,EAAE,MAAM,CAAC;YAChB,cAAc,EAAE,MAAM,CAAC;YACvB,KAAK,EAAE,SAAS,EAAE,CAAC;SACpB,CAAC;KACH,CAAC;IACF,OAAO,EAAE,WAAW,EAAE,CAAC;CACxB;AAED,UAAU,SAAS;IACjB,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,CAAC;IACb,gBAAgB,EAAE;QAChB,IAAI,EAAE,MAAM,CAAC;KACd,CAAC;IACF,eAAe,EAAE;QACf,IAAI,EAAE,MAAM,CAAC;KACd,CAAC;IACF,IAAI,EAAE;QACJ,IAAI,EAAE,MAAM,CAAC;QACb,QAAQ,EAAE,MAAM,CAAC;KAClB,CAAC;IACF,UAAU,EAAE;QACV,IAAI,EAAE,MAAM,EAAE,CAAC;QACf,SAAS,EAAE,MAAM,CAAC;QAClB,mBAAmB,EAAE,MAAM,CAAC;KAC7B,CAAC;CACH;AAED,UAAU,WAAW;IACnB,MAAM,EAAE,MAAM,CAAC;IACf,KAAK,EAAE,OAAO,GAAG,SAAS,GAAG,MAAM,CAAC;IACpC,OAAO,EAAE;QACP,IAAI,EAAE,MAAM,CAAC;KACd,CAAC;IACF,SAAS,EAAE,KAAK,CAAC;QACf,gBAAgB,EAAE;YAChB,gBAAgB,EAAE;gBAChB,GAAG,EAAE,MAAM,CAAC;aACb,CAAC;YACF,MAAM,EAAE;gBACN,SAAS,EAAE,MAAM,CAAC;gBAClB,OAAO,EAAE,MAAM,CAAC;gBAChB,OAAO,EAAE;oBACP,IAAI,EAAE,MAAM,CAAC;iBACd,CAAC;aACH,CAAC;SACH,CAAC;KACH,CAAC,CAAC;CACJ;AAED,wBAAgB,mBAAmB,CAAC,QAAQ,EAAE,OAAO,EAAE,EAAE,WAAW,EAAE,MAAM,GAAG,WAAW,CAyFzF;AAgDD,wBAAgB,gBAAgB,CAAC,MAAM,EAAE,WAAW,EAAE,UAAU,EAAE,MAAM,GAAG,IAAI,CAG9E"}

package/dist/lib/sarif.js

@@ -0,0 +1,169 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.generateSarifReport = generateSarifReport;
+exports.writeSarifReport = writeSarifReport;
+const fs = __importStar(require("fs"));
+const path = __importStar(require("path"));
+function generateSarifReport(findings, projectRoot) {
+    // Group findings by pattern_id to create rules
+    const ruleMap = new Map();
+    for (const finding of findings) {
+        const ruleId = finding.pattern_id;
+        if (!ruleMap.has(ruleId)) {
+            ruleMap.set(ruleId, []);
+        }
+        ruleMap.get(ruleId).push(finding);
+    }
+    // Create SARIF rules from unique patterns
+    const rules = Array.from(ruleMap.entries()).map(([ruleId, findings]) => {
+        const firstFinding = findings[0];
+        return {
+            id: ruleId,
+            name: firstFinding.title,
+            shortDescription: {
+                text: firstFinding.title,
+            },
+            fullDescription: {
+                text: firstFinding.description,
+            },
+            help: {
+                text: firstFinding.recommendation,
+                markdown: `## ${firstFinding.title}\n\n${firstFinding.description}${firstFinding.recommendation
+                    ? `\n\n### Recommendation\n\n${firstFinding.recommendation}`
+                    : ''}${firstFinding.cwe ? `\n\n### CWE\n\n${firstFinding.cwe}` : ''}`,
+            },
+            properties: {
+                tags: ['security', 'solidity', firstFinding.category.toLowerCase()],
+                precision: firstFinding.confidence * 100 >= 80
+                    ? 'high'
+                    : firstFinding.confidence * 100 >= 60
+                        ? 'medium'
+                        : 'low',
+                'security-severity': getSeverityScore(firstFinding.severity),
+            },
+        };
+    });
+    // Create SARIF results from findings
+    const results = findings.map((finding) => ({
+        ruleId: finding.pattern_id,
+        level: getSarifLevel(finding.severity),
+        message: {
+            text: finding.description,
+        },
+        locations: [
+            {
+                physicalLocation: {
+                    artifactLocation: {
+                        uri: path.relative(projectRoot, finding.file_path),
+                    },
+                    region: {
+                        startLine: finding.line_start,
+                        endLine: finding.line_end,
+                        snippet: {
+                            text: finding.code_snippet ||
+                                getCodeSnippet(finding.file_path, finding.line_start, finding.line_end),
+                        },
+                    },
+                },
+            },
+        ],
+    }));
+    return {
+        version: '2.1.0',
+        $schema: 'https://raw.githubusercontent.com/oasis-tcs/sarif-spec/master/Schemata/sarif-schema-2.1.0.json',
+        runs: [
+            {
+                tool: {
+                    driver: {
+                        name: 'Kairo Security Scanner',
+                        version: '1.0.0',
+                        informationUri: 'https://kairoaisec.com',
+                        rules,
+                    },
+                },
+                results,
+            },
+        ],
+    };
+}
+function getSarifLevel(severity) {
+    switch (severity.toUpperCase()) {
+        case 'CRITICAL':
+        case 'HIGH':
+            return 'error';
+        case 'MEDIUM':
+            return 'warning';
+        case 'LOW':
+        case 'INFO':
+        default:
+            return 'note';
+    }
+}
+function getSeverityScore(severity) {
+    switch (severity.toUpperCase()) {
+        case 'CRITICAL':
+            return '9.0';
+        case 'HIGH':
+            return '7.0';
+        case 'MEDIUM':
+            return '4.0';
+        case 'LOW':
+            return '2.0';
+        case 'INFO':
+        default:
+            return '0.0';
+    }
+}
+function getCodeSnippet(filePath, lineStart, lineEnd) {
+    try {
+        if (!lineStart)
+            return '';
+        const fileContent = fs.readFileSync(filePath, 'utf-8');
+        const lines = fileContent.split('\n');
+        const start = Math.max(0, lineStart - 1);
+        const end = Math.min(lines.length, lineEnd || lineStart);
+        return lines.slice(start, end).join('\n');
+    }
+    catch (error) {
+        // If we can't read the file, return empty snippet
+        return '';
+    }
+}
+function writeSarifReport(report, outputPath) {
+    const json = JSON.stringify(report, null, 2);
+    fs.writeFileSync(outputPath, json, 'utf-8');
+}
+//# sourceMappingURL=sarif.js.map

package/dist/lib/sarif.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"sarif.js","sourceRoot":"","sources":["../../src/lib/sarif.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAgEA,kDAyFC;AAgDD,4CAGC;AA5MD,uCAAyB;AACzB,2CAA6B;AA+D7B,SAAgB,mBAAmB,CAAC,QAAmB,EAAE,WAAmB;IAC1E,+CAA+C;IAC/C,MAAM,OAAO,GAAG,IAAI,GAAG,EAAqB,CAAC;IAC7C,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;QAC/B,MAAM,MAAM,GAAG,OAAO,CAAC,UAAU,CAAC;QAClC,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC;YACzB,OAAO,CAAC,GAAG,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;QAC1B,CAAC;QACD,OAAO,CAAC,GAAG,CAAC,MAAM,CAAE,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IACrC,CAAC;IAED,0CAA0C;IAC1C,MAAM,KAAK,GAAgB,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,OAAO,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,MAAM,EAAE,QAAQ,CAAC,EAAE,EAAE;QAClF,MAAM,YAAY,GAAG,QAAQ,CAAC,CAAC,CAAC,CAAC;QACjC,OAAO;YACL,EAAE,EAAE,MAAM;YACV,IAAI,EAAE,YAAY,CAAC,KAAK;YACxB,gBAAgB,EAAE;gBAChB,IAAI,EAAE,YAAY,CAAC,KAAK;aACzB;YACD,eAAe,EAAE;gBACf,IAAI,EAAE,YAAY,CAAC,WAAW;aAC/B;YACD,IAAI,EAAE;gBACJ,IAAI,EAAE,YAAY,CAAC,cAAc;gBACjC,QAAQ,EAAE,MAAM,YAAY,CAAC,KAAK,OAAO,YAAY,CAAC,WAAW,GAC/D,YAAY,CAAC,cAAc;oBACzB,CAAC,CAAC,6BAA6B,YAAY,CAAC,cAAc,EAAE;oBAC5D,CAAC,CAAC,EACN,GAAG,YAAY,CAAC,GAAG,CAAC,CAAC,CAAC,kBAAkB,YAAY,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC,EAAE,EAAE;aAClE;YACD,UAAU,EAAE;gBACV,IAAI,EAAE,CAAC,UAAU,EAAE,UAAU,EAAE,YAAY,CAAC,QAAQ,CAAC,WAAW,EAAE,CAAC;gBACnE,SAAS,EACP,YAAY,CAAC,UAAU,GAAG,GAAG,IAAI,EAAE;oBACjC,CAAC,CAAC,MAAM;oBACR,CAAC,CAAC,YAAY,CAAC,UAAU,GAAG,GAAG,IAAI,EAAE;wBACnC,CAAC,CAAC,QAAQ;wBACV,CAAC,CAAC,KAAK;gBACb,mBAAmB,EAAE,gBAAgB,CAAC,YAAY,CAAC,QAAQ,CAAC;aAC7D;SACF,CAAC;IACJ,CAAC,CAAC,CAAC;IAEH,qCAAqC;IACrC,MAAM,OAAO,GAAkB,QAAQ,CAAC,GAAG,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC;QACxD,MAAM,EAAE,OAAO,CAAC,UAAU;QAC1B,KAAK,EAAE,aAAa,CAAC,OAAO,CAAC,QAAQ,CAAC;QACtC,OAAO,EAAE;YACP,IAAI,EAAE,OAAO,CAAC,WAAW;SAC1B;QACD,SAAS,EAAE;YACT;gBACE,gBAAgB,EAAE;oBAChB,gBAAgB,EAAE;wBAChB,GAAG,EAAE,IAAI,CAAC,QAAQ,CAAC,WAAW,EAAE,OAAO,CAAC,SAAS,CAAC;qBACnD;oBACD,MAAM,EAAE;wBACN,SAAS,EAAE,OAAO,CAAC,UAAU;wBAC7B,OAAO,EAAE,OAAO,CAAC,QAAQ;wBACzB,OAAO,EAAE;4BACP,IAAI,EACF,OAAO,CAAC,YAAY;gCACpB,cAAc,CAAC,OAAO,CAAC,SAAS,EAAE,OAAO,CAAC,UAAU,EAAE,OAAO,CAAC,QAAQ,CAAC;yBAC1E;qBACF;iBACF;aACF;SACF;KACF,CAAC,CAAC,CAAC;IAEJ,OAAO;QACL,OAAO,EAAE,OAAO;QAChB,OAAO,EACL,gGAAgG;QAClG,IAAI,EAAE;YACJ;gBACE,IAAI,EAAE;oBACJ,MAAM,EAAE;wBACN,IAAI,EAAE,wBAAwB;wBAC9B,OAAO,EAAE,OAAO;wBAChB,cAAc,EAAE,wBAAwB;wBACxC,KAAK;qBACN;iBACF;gBACD,OAAO;aACR;SACF;KACF,CAAC;AACJ,CAAC;AAED,SAAS,aAAa,CAAC,QAAgB;IACrC,QAAQ,QAAQ,CAAC,WAAW,EAAE,EAAE,CAAC;QAC/B,KAAK,UAAU,CAAC;QAChB,KAAK,MAAM;YACT,OAAO,OAAO,CAAC;QACjB,KAAK,QAAQ;YACX,OAAO,SAAS,CAAC;QACnB,KAAK,KAAK,CAAC;QACX,KAAK,MAAM,CAAC;QACZ;YACE,OAAO,MAAM,CAAC;IAClB,CAAC;AACH,CAAC;AAED,SAAS,gBAAgB,CAAC,QAAgB;IACxC,QAAQ,QAAQ,CAAC,WAAW,EAAE,EAAE,CAAC;QAC/B,KAAK,UAAU;YACb,OAAO,KAAK,CAAC;QACf,KAAK,MAAM;YACT,OAAO,KAAK,CAAC;QACf,KAAK,QAAQ;YACX,OAAO,KAAK,CAAC;QACf,KAAK,KAAK;YACR,OAAO,KAAK,CAAC;QACf,KAAK,MAAM,CAAC;QACZ;YACE,OAAO,KAAK,CAAC;IACjB,CAAC;AACH,CAAC;AAED,SAAS,cAAc,CAAC,QAAgB,EAAE,SAAkB,EAAE,OAAgB;IAC5E,IAAI,CAAC;QACH,IAAI,CAAC,SAAS;YAAE,OAAO,EAAE,CAAC;QAE1B,MAAM,WAAW,GAAG,EAAE,CAAC,YAAY,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;QACvD,MAAM,KAAK,GAAG,WAAW,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QACtC,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,SAAS,GAAG,CAAC,CAAC,CAAC;QACzC,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,EAAE,OAAO,IAAI,SAAS,CAAC,CAAC;QAEzD,OAAO,KAAK,CAAC,KAAK,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAC5C,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,kDAAkD;QAClD,OAAO,EAAE,CAAC;IACZ,CAAC;AACH,CAAC;AAED,SAAgB,gBAAgB,CAAC,MAAmB,EAAE,UAAkB;IACtE,MAAM,IAAI,GAAG,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC;IAC7C,EAAE,CAAC,aAAa,CAAC,UAAU,EAAE,IAAI,EAAE,OAAO,CAAC,CAAC;AAC9C,CAAC"}

package/dist/lib/scanner.d.ts

@@ -0,0 +1,43 @@
+export interface Finding {
+    id: string;
+    severity: 'CRITICAL' | 'HIGH' | 'MEDIUM' | 'LOW';
+    title: string;
+    description: string;
+    file_path: string;
+    line_start: number;
+    line_end: number;
+    code_snippet: string;
+    recommendation: string;
+    confidence: number;
+    cwe?: string;
+    pattern_id: string;
+    category: string;
+    fingerprint: string;
+}
+/**
+ * Scan a single file for vulnerability patterns
+ */
+export declare function scanFile(filePath: string): Promise<Finding[]>;
+/**
+ * Scan file content for vulnerability patterns with context-aware detection
+ */
+export declare function scanFileContent(content: string, filePath: string): Finding[];
+/**
+ * Aggregate findings by severity
+ */
+export declare function aggregateFindings(findings: Finding[]): {
+    CRITICAL: number;
+    HIGH: number;
+    MEDIUM: number;
+    LOW: number;
+    total: number;
+};
+/**
+ * Sort findings by severity and confidence
+ */
+export declare function sortFindings(findings: Finding[]): Finding[];
+/**
+ * Filter findings by severity level
+ */
+export declare function filterBySeverity(findings: Finding[], minSeverity: 'CRITICAL' | 'HIGH' | 'MEDIUM' | 'LOW'): Finding[];
+//# sourceMappingURL=scanner.d.ts.map

package/dist/lib/scanner.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"scanner.d.ts","sourceRoot":"","sources":["../../src/lib/scanner.ts"],"names":[],"mappings":"AAIA,MAAM,WAAW,OAAO;IACtB,EAAE,EAAE,MAAM,CAAC;IACX,QAAQ,EAAE,UAAU,GAAG,MAAM,GAAG,QAAQ,GAAG,KAAK,CAAC;IACjD,KAAK,EAAE,MAAM,CAAC;IACd,WAAW,EAAE,MAAM,CAAC;IACpB,SAAS,EAAE,MAAM,CAAC;IAClB,UAAU,EAAE,MAAM,CAAC;IACnB,QAAQ,EAAE,MAAM,CAAC;IACjB,YAAY,EAAE,MAAM,CAAC;IACrB,cAAc,EAAE,MAAM,CAAC;IACvB,UAAU,EAAE,MAAM,CAAC;IACnB,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,UAAU,EAAE,MAAM,CAAC;IACnB,QAAQ,EAAE,MAAM,CAAC;IACjB,WAAW,EAAE,MAAM,CAAC;CACrB;AAED;;GAEG;AACH,wBAAsB,QAAQ,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,EAAE,CAAC,CAQnE;AAED;;GAEG;AACH,wBAAgB,eAAe,CAAC,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,OAAO,EAAE,CAmG5E;AAsBD;;GAEG;AACH,wBAAgB,iBAAiB,CAAC,QAAQ,EAAE,OAAO,EAAE,GAAG;IACtD,QAAQ,EAAE,MAAM,CAAC;IACjB,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,EAAE,MAAM,CAAC;IACf,GAAG,EAAE,MAAM,CAAC;IACZ,KAAK,EAAE,MAAM,CAAC;CACf,CAcA;AAED;;GAEG;AACH,wBAAgB,YAAY,CAAC,QAAQ,EAAE,OAAO,EAAE,GAAG,OAAO,EAAE,CAU3D;AAED;;GAEG;AACH,wBAAgB,gBAAgB,CAC9B,QAAQ,EAAE,OAAO,EAAE,EACnB,WAAW,EAAE,UAAU,GAAG,MAAM,GAAG,QAAQ,GAAG,KAAK,GAClD,OAAO,EAAE,CAKX"}

package/dist/lib/scanner.js

@@ -0,0 +1,163 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.scanFile = scanFile;
+exports.scanFileContent = scanFileContent;
+exports.aggregateFindings = aggregateFindings;
+exports.sortFindings = sortFindings;
+exports.filterBySeverity = filterBySeverity;
+const promises_1 = require("fs/promises");
+const crypto_1 = require("crypto");
+const patterns_js_1 = require("./patterns.js");
+/**
+ * Scan a single file for vulnerability patterns
+ */
+async function scanFile(filePath) {
+    try {
+        const content = await (0, promises_1.readFile)(filePath, 'utf8');
+        return scanFileContent(content, filePath);
+    }
+    catch (error) {
+        console.error(`Error reading file ${filePath}:`, error);
+        return [];
+    }
+}
+/**
+ * Scan file content for vulnerability patterns with context-aware detection
+ */
+function scanFileContent(content, filePath) {
+    const findings = [];
+    const lines = content.split('\n');
+    for (const pattern of patterns_js_1.VULNERABILITY_PATTERNS) {
+        const regex = new RegExp(pattern.pattern.source, pattern.pattern.flags);
+        let match;
+        while ((match = regex.exec(content)) !== null) {
+            const beforeMatch = content.substring(0, match.index);
+            const lineNumber = beforeMatch.split('\n').length;
+            // Check if match is in a comment
+            const line = lines[lineNumber - 1] || '';
+            const isComment = /^\s*(\/\/|\/\*|\*)/.test(line.trim());
+            // Adjust confidence based on context
+            let confidence = pattern.confidenceBase;
+            if (isComment) {
+                confidence *= 0.2; // Reduce confidence for commented code
+            }
+            // Skip low confidence matches
+            if (confidence < 0.3)
+                continue;
+            // Get code snippet for context (3 lines before and after)
+            const snippetStart = Math.max(0, lineNumber - 2);
+            const snippetEnd = Math.min(lines.length, lineNumber + 2);
+            const codeSnippet = lines.slice(snippetStart, snippetEnd).join('\n');
+            // Generate fingerprint for deduplication
+            const fingerprint = generateFindingFingerprint(filePath, pattern.id, lineNumber, codeSnippet);
+            findings.push({
+                id: (0, crypto_1.randomUUID)(),
+                severity: pattern.severity,
+                title: pattern.title,
+                description: pattern.description,
+                file_path: filePath,
+                line_start: lineNumber,
+                line_end: lineNumber,
+                code_snippet: codeSnippet,
+                recommendation: pattern.recommendation,
+                confidence: Math.round(confidence * 100) / 100,
+                cwe: pattern.cwe,
+                pattern_id: pattern.id,
+                category: pattern.category,
+                fingerprint,
+            });
+        }
+    }
+    // Context-aware detection for signature patterns
+    const signatureFindings = findings.filter((f) => f.pattern_id.startsWith('signature-'));
+    for (const finding of signatureFindings) {
+        // Check if nonce/chainId/deadline is used within 20 lines
+        const startLine = Math.max(0, finding.line_start - 10);
+        const endLine = Math.min(lines.length, finding.line_start + 10);
+        const context = lines.slice(startLine, endLine).join('\n');
+        if (finding.pattern_id === 'signature-no-nonce' && /nonce|usedNonces|_nonces/.test(context)) {
+            finding.confidence *= 0.3; // Likely false positive
+        }
+        if (finding.pattern_id === 'signature-no-chainid' &&
+            /chainId|block\.chainid|domainSeparator/.test(context)) {
+            finding.confidence *= 0.3;
+        }
+        if (finding.pattern_id === 'signature-no-deadline' && /deadline|expiry|validUntil/.test(context)) {
+            finding.confidence *= 0.3;
+        }
+    }
+    // Context-aware detection for gas griefing patterns
+    const gasFindings = findings.filter((f) => f.pattern_id === 'gas-griefing');
+    for (const finding of gasFindings) {
+        const startLine = Math.max(0, finding.line_start - 5);
+        const endLine = Math.min(lines.length, finding.line_start + 5);
+        const context = lines.slice(startLine, endLine).join('\n');
+        // Reduce confidence if gas limit is already set
+        if (/\.call\{[^}]*gas:\s*\d+/.test(context)) {
+            finding.confidence *= 0.3;
+        }
+    }
+    // Filter out low confidence findings after context analysis
+    const filteredFindings = findings.filter(f => f.confidence >= 0.3);
+    // Deduplicate findings by fingerprint
+    const seen = new Set();
+    const uniqueFindings = filteredFindings.filter((f) => {
+        if (seen.has(f.fingerprint))
+            return false;
+        seen.add(f.fingerprint);
+        return true;
+    });
+    return uniqueFindings;
+}
+/**
+ * Generate a unique fingerprint for a finding to enable deduplication
+ */
+function generateFindingFingerprint(filePath, patternId, lineNumber, codeSnippet) {
+    // Create a simple hash of the key components
+    const content = `${filePath}:${patternId}:${lineNumber}:${codeSnippet.trim()}`;
+    let hash = 0;
+    for (let i = 0; i < content.length; i++) {
+        const char = content.charCodeAt(i);
+        hash = ((hash << 5) - hash) + char;
+        hash = hash & hash; // Convert to 32bit integer
+    }
+    return Math.abs(hash).toString(36);
+}
+/**
+ * Aggregate findings by severity
+ */
+function aggregateFindings(findings) {
+    const counts = {
+        CRITICAL: 0,
+        HIGH: 0,
+        MEDIUM: 0,
+        LOW: 0,
+        total: findings.length,
+    };
+    for (const finding of findings) {
+        counts[finding.severity]++;
+    }
+    return counts;
+}
+/**
+ * Sort findings by severity and confidence
+ */
+function sortFindings(findings) {
+    const severityOrder = { CRITICAL: 0, HIGH: 1, MEDIUM: 2, LOW: 3 };
+    return findings.sort((a, b) => {
+        const severityDiff = severityOrder[a.severity] - severityOrder[b.severity];
+        if (severityDiff !== 0)
+            return severityDiff;
+        // If same severity, sort by confidence (higher first)
+        return b.confidence - a.confidence;
+    });
+}
+/**
+ * Filter findings by severity level
+ */
+function filterBySeverity(findings, minSeverity) {
+    const severityOrder = { CRITICAL: 0, HIGH: 1, MEDIUM: 2, LOW: 3 };
+    const minLevel = severityOrder[minSeverity];
+    return findings.filter(finding => severityOrder[finding.severity] <= minLevel);
+}
+//# sourceMappingURL=scanner.js.map

package/dist/lib/scanner.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"scanner.js","sourceRoot":"","sources":["../../src/lib/scanner.ts"],"names":[],"mappings":";;AAwBA,4BAQC;AAKD,0CAmGC;AAyBD,8CAoBC;AAKD,oCAUC;AAKD,4CAQC;AAjND,0CAAuC;AACvC,mCAAoC;AACpC,+CAA6E;AAmB7E;;GAEG;AACI,KAAK,UAAU,QAAQ,CAAC,QAAgB;IAC7C,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,MAAM,IAAA,mBAAQ,EAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;QACjD,OAAO,eAAe,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC;IAC5C,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO,CAAC,KAAK,CAAC,sBAAsB,QAAQ,GAAG,EAAE,KAAK,CAAC,CAAC;QACxD,OAAO,EAAE,CAAC;IACZ,CAAC;AACH,CAAC;AAED;;GAEG;AACH,SAAgB,eAAe,CAAC,OAAe,EAAE,QAAgB;IAC/D,MAAM,QAAQ,GAAc,EAAE,CAAC;IAC/B,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAElC,KAAK,MAAM,OAAO,IAAI,oCAAsB,EAAE,CAAC;QAC7C,MAAM,KAAK,GAAG,IAAI,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,MAAM,EAAE,OAAO,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;QACxE,IAAI,KAAK,CAAC;QAEV,OAAO,CAAC,KAAK,GAAG,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;YAC9C,MAAM,WAAW,GAAG,OAAO,CAAC,SAAS,CAAC,CAAC,EAAE,KAAK,CAAC,KAAK,CAAC,CAAC;YACtD,MAAM,UAAU,GAAG,WAAW,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC;YAElD,iCAAiC;YACjC,MAAM,IAAI,GAAG,KAAK,CAAC,UAAU,GAAG,CAAC,CAAC,IAAI,EAAE,CAAC;YACzC,MAAM,SAAS,GAAG,oBAAoB,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC;YAEzD,qCAAqC;YACrC,IAAI,UAAU,GAAG,OAAO,CAAC,cAAc,CAAC;YACxC,IAAI,SAAS,EAAE,CAAC;gBACd,UAAU,IAAI,GAAG,CAAC,CAAC,uCAAuC;YAC5D,CAAC;YAED,8BAA8B;YAC9B,IAAI,UAAU,GAAG,GAAG;gBAAE,SAAS;YAE/B,0DAA0D;YAC1D,MAAM,YAAY,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,UAAU,GAAG,CAAC,CAAC,CAAC;YACjD,MAAM,UAAU,GAAG,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,EAAE,UAAU,GAAG,CAAC,CAAC,CAAC;YAC1D,MAAM,WAAW,GAAG,KAAK,CAAC,KAAK,CAAC,YAAY,EAAE,UAAU,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAErE,yCAAyC;YACzC,MAAM,WAAW,GAAG,0BAA0B,CAAC,QAAQ,EAAE,OAAO,CAAC,EAAE,EAAE,UAAU,EAAE,WAAW,CAAC,CAAC;YAE9F,QAAQ,CAAC,IAAI,CAAC;gBACZ,EAAE,EAAE,IAAA,mBAAU,GAAE;gBAChB,QAAQ,EAAE,OAAO,CAAC,QAAQ;gBAC1B,KAAK,EAAE,OAAO,CAAC,KAAK;gBACpB,WAAW,EAAE,OAAO,CAAC,WAAW;gBAChC,SAAS,EAAE,QAAQ;gBACnB,UAAU,EAAE,UAAU;gBACtB,QAAQ,EAAE,UAAU;gBACpB,YAAY,EAAE,WAAW;gBACzB,cAAc,EAAE,OAAO,CAAC,cAAc;gBACtC,UAAU,EAAE,IAAI,CAAC,KAAK,CAAC,UAAU,GAAG,GAAG,CAAC,GAAG,GAAG;gBAC9C,GAAG,EAAE,OAAO,CAAC,GAAG;gBAChB,UAAU,EAAE,OAAO,CAAC,EAAE;gBACtB,QAAQ,EAAE,OAAO,CAAC,QAAQ;gBAC1B,WAAW;aACZ,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,iDAAiD;IACjD,MAAM,iBAAiB,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,UAAU,CAAC,UAAU,CAAC,YAAY,CAAC,CAAC,CAAC;IACxF,KAAK,MAAM,OAAO,IAAI,iBAAiB,EAAE,CAAC;QACxC,0DAA0D;QAC1D,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,OAAO,CAAC,UAAU,GAAG,EAAE,CAAC,CAAC;QACvD,MAAM,OAAO,GAAG,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,EAAE,OAAO,CAAC,UAAU,GAAG,EAAE,CAAC,CAAC;QAChE,MAAM,OAAO,GAAG,KAAK,CAAC,KAAK,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAE3D,IAAI,OAAO,CAAC,UAAU,KAAK,oBAAoB,IAAI,0BAA0B,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;YAC5F,OAAO,CAAC,UAAU,IAAI,GAAG,CAAC,CAAC,wBAAwB;QACrD,CAAC;QACD,IACE,OAAO,CAAC,UAAU,KAAK,sBAAsB;YAC7C,wCAAwC,CAAC,IAAI,CAAC,OAAO,CAAC,EACtD,CAAC;YACD,OAAO,CAAC,UAAU,IAAI,GAAG,CAAC;QAC5B,CAAC;QACD,IAAI,OAAO,CAAC,UAAU,KAAK,uBAAuB,IAAI,4BAA4B,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;YACjG,OAAO,CAAC,UAAU,IAAI,GAAG,CAAC;QAC5B,CAAC;IACH,CAAC;IAED,oDAAoD;IACpD,MAAM,WAAW,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,UAAU,KAAK,cAAc,CAAC,CAAC;IAC5E,KAAK,MAAM,OAAO,IAAI,WAAW,EAAE,CAAC;QAClC,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,OAAO,CAAC,UAAU,GAAG,CAAC,CAAC,CAAC;QACtD,MAAM,OAAO,GAAG,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,EAAE,OAAO,CAAC,UAAU,GAAG,CAAC,CAAC,CAAC;QAC/D,MAAM,OAAO,GAAG,KAAK,CAAC,KAAK,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAE3D,gDAAgD;QAChD,IAAI,yBAAyB,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;YAC5C,OAAO,CAAC,UAAU,IAAI,GAAG,CAAC;QAC5B,CAAC;IACH,CAAC;IAED,4DAA4D;IAC5D,MAAM,gBAAgB,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,UAAU,IAAI,GAAG,CAAC,CAAC;IAEnE,sCAAsC;IACtC,MAAM,IAAI,GAAG,IAAI,GAAG,EAAU,CAAC;IAC/B,MAAM,cAAc,GAAG,gBAAgB,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE;QACnD,IAAI,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,WAAW,CAAC;YAAE,OAAO,KAAK,CAAC;QAC1C,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC;QACxB,OAAO,IAAI,CAAC;IACd,CAAC,CAAC,CAAC;IAEH,OAAO,cAAc,CAAC;AACxB,CAAC;AAED;;GAEG;AACH,SAAS,0BAA0B,CACjC,QAAgB,EAChB,SAAiB,EACjB,UAAkB,EAClB,WAAmB;IAEnB,6CAA6C;IAC7C,MAAM,OAAO,GAAG,GAAG,QAAQ,IAAI,SAAS,IAAI,UAAU,IAAI,WAAW,CAAC,IAAI,EAAE,EAAE,CAAC;IAC/E,IAAI,IAAI,GAAG,CAAC,CAAC;IACb,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACxC,MAAM,IAAI,GAAG,OAAO,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC;QACnC,IAAI,GAAG,CAAC,CAAC,IAAI,IAAI,CAAC,CAAC,GAAG,IAAI,CAAC,GAAG,IAAI,CAAC;QACnC,IAAI,GAAG,IAAI,GAAG,IAAI,CAAC,CAAC,2BAA2B;IACjD,CAAC;IACD,OAAO,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC;AACrC,CAAC;AAED;;GAEG;AACH,SAAgB,iBAAiB,CAAC,QAAmB;IAOnD,MAAM,MAAM,GAAG;QACb,QAAQ,EAAE,CAAC;QACX,IAAI,EAAE,CAAC;QACP,MAAM,EAAE,CAAC;QACT,GAAG,EAAE,CAAC;QACN,KAAK,EAAE,QAAQ,CAAC,MAAM;KACvB,CAAC;IAEF,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;QAC/B,MAAM,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE,CAAC;IAC7B,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;GAEG;AACH,SAAgB,YAAY,CAAC,QAAmB;IAC9C,MAAM,aAAa,GAAG,EAAE,QAAQ,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,CAAC;IAElE,OAAO,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE;QAC5B,MAAM,YAAY,GAAG,aAAa,CAAC,CAAC,CAAC,QAAQ,CAAC,GAAG,aAAa,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC;QAC3E,IAAI,YAAY,KAAK,CAAC;YAAE,OAAO,YAAY,CAAC;QAE5C,sDAAsD;QACtD,OAAO,CAAC,CAAC,UAAU,GAAG,CAAC,CAAC,UAAU,CAAC;IACrC,CAAC,CAAC,CAAC;AACL,CAAC;AAED;;GAEG;AACH,SAAgB,gBAAgB,CAC9B,QAAmB,EACnB,WAAmD;IAEnD,MAAM,aAAa,GAAG,EAAE,QAAQ,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,CAAC;IAClE,MAAM,QAAQ,GAAG,aAAa,CAAC,WAAW,CAAC,CAAC;IAE5C,OAAO,QAAQ,CAAC,MAAM,CAAC,OAAO,CAAC,EAAE,CAAC,aAAa,CAAC,OAAO,CAAC,QAAQ,CAAC,IAAI,QAAQ,CAAC,CAAC;AACjF,CAAC"}