npm - @naeemo/capnp - Versions diffs - 0.9.0 → 0.9.1 - Mend

@naeemo/capnp 0.9.0 → 0.9.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (25) hide show

package/dist/{cli-DwbiXeKw.js → cli-DGBgLdGK.js} +5 -3
package/dist/{cli-DwbiXeKw.js.map → cli-DGBgLdGK.js.map} +1 -1
package/dist/{cli-DHKzE1UX.js → cli-DlZBZozW.js} +2 -2
package/dist/{cli-DHKzE1UX.js.map → cli-DlZBZozW.js.map} +1 -1
package/dist/cli-audit-j58Eyd5d.js +380 -0
package/dist/cli-audit-j58Eyd5d.js.map +1 -0
package/dist/cli-bench-bkR1vGK8.js +4528 -0
package/dist/cli-bench-bkR1vGK8.js.map +1 -0
package/dist/{cli-gen-BF0So0Ig.js → cli-gen-aCkffW1Z.js} +5 -3
package/dist/{cli-gen-BF0So0Ig.js.map → cli-gen-aCkffW1Z.js.map} +1 -1
package/dist/cli.js +26 -8
package/dist/cli.js.map +1 -1
package/dist/core-DstLMMvA.js +2 -0
package/dist/index.cjs +37 -2
package/dist/index.cjs.map +1 -1
package/dist/index.js +37 -2
package/dist/index.js.map +1 -1
package/dist/{message-reader-fw2PY8sU.js → message-reader-_TCBf61G.js} +40 -176
package/dist/message-reader-_TCBf61G.js.map +1 -0
package/dist/{schema-types-B6M2jsM7.js → schema-types-GVRD1pwE.js} +1 -1
package/dist/{schema-types-B6M2jsM7.js.map → schema-types-GVRD1pwE.js.map} +1 -1
package/dist/segment-yid_PYS5.js +176 -0
package/dist/segment-yid_PYS5.js.map +1 -0
package/package.json +2 -1
package/dist/message-reader-fw2PY8sU.js.map +0 -1

package/dist/cli-audit-j58Eyd5d.js ADDED Viewed

@@ -0,0 +1,380 @@
+#!/usr/bin/env node
+import { a as decodePointer, i as PointerTag, n as WORD_SIZE, r as ElementSize, t as Segment } from "./segment-yid_PYS5.js";
+import { readFileSync } from "node:fs";
+//#region src/cli-audit.ts
+/** 默认安全选项 */
+const DEFAULT_AUDIT_OPTIONS = {
+	maxSegments: 64,
+	maxTotalSize: 64 * 1024 * 1024,
+	strictMode: false
+};
+/**
+* Cap'n Proto 消息审计读取器
+* 用于安全审计消息文件
+*/
+var AuditReader = class {
+	segments;
+	options;
+	issues = [];
+	visitedPointers = /* @__PURE__ */ new Set();
+	pointersScanned = 0;
+	maxNestingDepth = 0;
+	constructor(buffer, options = {}) {
+		this.options = {
+			...DEFAULT_AUDIT_OPTIONS,
+			...options
+		};
+		const uint8Array = buffer instanceof ArrayBuffer ? new Uint8Array(buffer) : buffer;
+		this.segments = [];
+		if (uint8Array.byteLength < 8) {
+			this.addIssue("error", "invalid_header", "消息太小，无法包含有效的 Cap'n Proto 头部", "header", "消息至少需要8字节的头部");
+			return;
+		}
+		if (uint8Array.byteLength > this.options.maxTotalSize) {
+			this.addIssue("error", "size_exceeded", `消息大小(${uint8Array.byteLength}字节)超过最大限制(${this.options.maxTotalSize}字节)`, "header", "减小消息大小或增加 --max-size 限制");
+			if (this.options.strictMode) return;
+		}
+		const view = new DataView(uint8Array.buffer, uint8Array.byteOffset, uint8Array.byteLength);
+		const firstWordLow = view.getUint32(0, true);
+		const firstWordHigh = view.getUint32(4, true);
+		const segmentCount = (firstWordLow & 4294967295) + 1;
+		const firstSegmentSize = firstWordHigh;
+		if (segmentCount > this.options.maxSegments) {
+			this.addIssue("error", "segment_count_exceeded", `段数(${segmentCount})超过最大限制(${this.options.maxSegments})`, "header", "减少段数或增加 --max-segments 限制");
+			if (this.options.strictMode) return;
+		}
+		let offset = 8;
+		const segmentSizes = [firstSegmentSize];
+		for (let i = 1; i < segmentCount; i++) {
+			if (offset + 4 > uint8Array.byteLength) {
+				this.addIssue("error", "truncated_header", "段表在段大小信息之前结束", `header.segment[${i}]`, "消息文件可能已损坏");
+				return;
+			}
+			segmentSizes.push(view.getUint32(offset, true));
+			offset += 4;
+		}
+		offset = offset + 7 & -8;
+		if (offset > uint8Array.byteLength) {
+			this.addIssue("error", "truncated_header", "段表头部不完整", "header", "消息文件可能已损坏");
+			return;
+		}
+		let totalWords = 0;
+		for (let i = 0; i < segmentSizes.length; i++) {
+			const size = segmentSizes[i];
+			totalWords += size;
+			if (offset + size * WORD_SIZE > uint8Array.byteLength) {
+				this.addIssue("warning", "truncated_segment", `段${i}数据不足，声明大小:${size}字，实际可用:${Math.floor((uint8Array.byteLength - offset) / WORD_SIZE)}字`, `segment[${i}]`, "消息文件可能已损坏或被截断");
+				break;
+			}
+			const segmentBuffer = uint8Array.slice(offset, offset + size * WORD_SIZE);
+			this.segments.push(Segment.fromBuffer(segmentBuffer.buffer));
+			offset += size * WORD_SIZE;
+		}
+		if (totalWords > this.options.maxTotalSize / WORD_SIZE) this.addIssue("warning", "large_message", `消息总字数(${totalWords})较大，可能影响性能`, "message", "考虑分割大型消息");
+		this.scanAllPointers();
+	}
+	/**
+	* 添加审计问题
+	*/
+	addIssue(type, category, message, location, suggestion) {
+		this.issues.push({
+			type,
+			category,
+			message,
+			location,
+			suggestion
+		});
+	}
+	/**
+	* 获取段
+	*/
+	getSegment(index) {
+		return this.segments[index];
+	}
+	/**
+	* 扫描所有指针
+	*/
+	scanAllPointers() {
+		if (this.segments.length === 0) return;
+		for (let segIdx = 0; segIdx < this.segments.length; segIdx++) {
+			const segment = this.segments[segIdx];
+			const wordCount = segment.wordCount;
+			for (let wordIdx = 0; wordIdx < wordCount; wordIdx++) {
+				const ptrValue = segment.getWord(wordIdx);
+				if (ptrValue === 0n) continue;
+				this.scanPointer(segIdx, wordIdx, ptrValue, 0);
+			}
+		}
+	}
+	/**
+	* 扫描单个指针
+	*/
+	scanPointer(segmentIndex, wordOffset, ptrValue, depth) {
+		this.pointersScanned++;
+		this.maxNestingDepth = Math.max(this.maxNestingDepth, depth);
+		const ptrKey = `${segmentIndex}:${wordOffset}`;
+		if (this.visitedPointers.has(ptrKey)) {
+			this.addIssue("warning", "circular_reference", `检测到可能的循环引用 at segment[${segmentIndex}].word[${wordOffset}]`, `segment[${segmentIndex}].word[${wordOffset}]`, "检查消息结构是否存在循环");
+			return;
+		}
+		this.visitedPointers.add(ptrKey);
+		if (depth > 100) {
+			this.addIssue("error", "nesting_too_deep", "指针嵌套深度超过100，可能存在恶意构造的消息", `segment[${segmentIndex}].word[${wordOffset}]`, "检查消息是否被恶意构造");
+			return;
+		}
+		const ptr = decodePointer(ptrValue);
+		const segment = this.getSegment(segmentIndex);
+		if (!segment) return;
+		switch (ptr.tag) {
+			case PointerTag.STRUCT: {
+				const structPtr = ptr;
+				const targetOffset = wordOffset + 1 + structPtr.offset;
+				if (targetOffset < 0 || targetOffset + structPtr.dataWords + structPtr.pointerCount > segment.wordCount) this.addIssue("error", "out_of_bounds", `Struct指针目标超出段范围: offset=${structPtr.offset}, dataWords=${structPtr.dataWords}, pointerCount=${structPtr.pointerCount}`, `segment[${segmentIndex}].word[${wordOffset}]`, "消息可能已损坏或被篡改");
+				const pointerStart = targetOffset + structPtr.dataWords;
+				for (let i = 0; i < structPtr.pointerCount; i++) {
+					const ptrIdx = pointerStart + i;
+					if (ptrIdx < segment.wordCount) {
+						const nestedPtr = segment.getWord(ptrIdx);
+						if (nestedPtr !== 0n) this.scanPointer(segmentIndex, ptrIdx, nestedPtr, depth + 1);
+					}
+				}
+				break;
+			}
+			case PointerTag.LIST: {
+				const listPtr = ptr;
+				if (listPtr.elementSize === ElementSize.COMPOSITE) {
+					const tagOffset = wordOffset + 1 + listPtr.offset;
+					if (tagOffset >= 0 && tagOffset < segment.wordCount) {
+						const tagWord = segment.getWord(tagOffset);
+						const elementCount = Number(tagWord & BigInt(4294967295));
+						const dataWords = Number(tagWord >> BigInt(32) & BigInt(65535));
+						const pointerCount = Number(tagWord >> BigInt(48) & BigInt(65535));
+						if (elementCount > 1e6) this.addIssue("warning", "large_list", `复合列表元素数量异常: ${elementCount}`, `segment[${segmentIndex}].word[${wordOffset}]`, "检查列表大小是否合理");
+						const elementSize = dataWords + pointerCount;
+						const dataStart = tagOffset + 1;
+						for (let i = 0; i < elementCount; i++) for (let j = 0; j < pointerCount; j++) {
+							const ptrIdx = dataStart + i * elementSize + dataWords + j;
+							if (ptrIdx < segment.wordCount) {
+								const nestedPtr = segment.getWord(ptrIdx);
+								if (nestedPtr !== 0n) this.scanPointer(segmentIndex, ptrIdx, nestedPtr, depth + 1);
+							}
+						}
+					}
+				} else if (listPtr.elementSize === ElementSize.POINTER) {
+					const targetOffset = wordOffset + 1 + listPtr.offset;
+					for (let i = 0; i < listPtr.elementCount; i++) {
+						const ptrIdx = targetOffset + i;
+						if (ptrIdx < segment.wordCount) {
+							const nestedPtr = segment.getWord(ptrIdx);
+							if (nestedPtr !== 0n) this.scanPointer(segmentIndex, ptrIdx, nestedPtr, depth + 1);
+						}
+					}
+				}
+				break;
+			}
+			case PointerTag.FAR: {
+				const farPtr = ptr;
+				if (farPtr.targetSegment >= this.segments.length) this.addIssue("error", "invalid_far_pointer", `Far指针引用不存在的段: ${farPtr.targetSegment}`, `segment[${segmentIndex}].word[${wordOffset}]`, "消息可能已损坏");
+				else {
+					const targetSegment = this.getSegment(farPtr.targetSegment);
+					if (targetSegment && farPtr.targetOffset >= targetSegment.wordCount) this.addIssue("error", "invalid_far_pointer", `Far指针目标偏移超出范围: segment=${farPtr.targetSegment}, offset=${farPtr.targetOffset}`, `segment[${segmentIndex}].word[${wordOffset}]`, "消息可能已损坏");
+					if (farPtr.doubleFar) {
+						if (targetSegment && farPtr.targetOffset < targetSegment.wordCount) {
+							const landingPadPtr = targetSegment.getWord(farPtr.targetOffset);
+							if (landingPadPtr !== 0n) this.scanPointer(farPtr.targetSegment, farPtr.targetOffset, landingPadPtr, depth + 1);
+						}
+					}
+				}
+				break;
+			}
+			case PointerTag.OTHER:
+				this.addIssue("warning", "capability_in_message", "序列化消息中发现 Capability 或其他特殊指针", `segment[${segmentIndex}].word[${wordOffset}]`, "Capability 通常不应在序列化消息中");
+				break;
+		}
+	}
+	/**
+	* 生成审计报告
+	*/
+	generateReport(filePath, fileSize) {
+		const errors = this.issues.filter((i) => i.type === "error").length;
+		const warnings = this.issues.filter((i) => i.type === "warning").length;
+		const infos = this.issues.filter((i) => i.type === "info").length;
+		return {
+			filePath,
+			fileSize,
+			passed: errors === 0,
+			segmentCount: this.segments.length,
+			totalWords: this.segments.reduce((sum, s) => sum + s.wordCount, 0),
+			issues: this.issues,
+			summary: {
+				error: errors,
+				warning: warnings,
+				info: infos
+			},
+			pointersScanned: this.pointersScanned,
+			maxNestingDepth: this.maxNestingDepth
+		};
+	}
+};
+/**
+* 格式化审计报告为可读文本
+*/
+function formatAuditReport(report) {
+	const lines = [];
+	lines.push("=".repeat(60));
+	lines.push("CAP'N PROTO SECURITY AUDIT REPORT");
+	lines.push("=".repeat(60));
+	lines.push("");
+	lines.push("File Information:");
+	lines.push(`  Path: ${report.filePath}`);
+	lines.push(`  Size: ${report.fileSize.toLocaleString()} bytes`);
+	lines.push(`  Segments: ${report.segmentCount}`);
+	lines.push(`  Total Words: ${report.totalWords.toLocaleString()}`);
+	lines.push(`  Pointers Scanned: ${report.pointersScanned.toLocaleString()}`);
+	lines.push(`  Max Nesting Depth: ${report.maxNestingDepth}`);
+	lines.push("");
+	if (report.passed) lines.push("✅ AUDIT PASSED");
+	else lines.push("❌ AUDIT FAILED");
+	lines.push("");
+	lines.push("Summary:");
+	lines.push(`  Errors:   ${report.summary.error}`);
+	lines.push(`  Warnings: ${report.summary.warning}`);
+	lines.push(`  Info:     ${report.summary.info}`);
+	lines.push("");
+	if (report.issues.length > 0) {
+		lines.push("Issues:");
+		lines.push("-".repeat(60));
+		const errors = report.issues.filter((i) => i.type === "error");
+		const warnings = report.issues.filter((i) => i.type === "warning");
+		const infos = report.issues.filter((i) => i.type === "info");
+		if (errors.length > 0) {
+			lines.push("");
+			lines.push("❌ ERRORS:");
+			for (const issue of errors) {
+				lines.push(`  [${issue.category}] ${issue.message}`);
+				lines.push(`    Location: ${issue.location}`);
+				if (issue.suggestion) lines.push(`    💡 ${issue.suggestion}`);
+				lines.push("");
+			}
+		}
+		if (warnings.length > 0) {
+			lines.push("");
+			lines.push("⚠️  WARNINGS:");
+			for (const issue of warnings) {
+				lines.push(`  [${issue.category}] ${issue.message}`);
+				lines.push(`    Location: ${issue.location}`);
+				if (issue.suggestion) lines.push(`    💡 ${issue.suggestion}`);
+				lines.push("");
+			}
+		}
+		if (infos.length > 0) {
+			lines.push("");
+			lines.push("ℹ️  INFO:");
+			for (const issue of infos) {
+				lines.push(`  [${issue.category}] ${issue.message}`);
+				lines.push(`    Location: ${issue.location}`);
+				lines.push("");
+			}
+		}
+	} else lines.push("No issues found.");
+	lines.push("");
+	lines.push("=".repeat(60));
+	return lines.join("\n");
+}
+/**
+* 审计消息文件
+*/
+function auditMessageFile(filePath, options = {}) {
+	const buffer = readFileSync(filePath);
+	return new AuditReader(buffer, options).generateReport(filePath, buffer.byteLength);
+}
+const CLI_VERSION = "0.9.0";
+function printUsage() {
+	console.log(`
+Cap'n Proto Security Audit CLI v${CLI_VERSION}
+Usage: capnp audit <file> [options]
+Arguments:
+  file          Path to Cap'n Proto message binary file
+Options:
+  --strict              Strict mode, fail on warnings
+  --json                Output as JSON
+  -o, --output <file>   Write report to file
+  --max-segments <n>    Maximum allowed segments (default: 64)
+  --max-size <bytes>    Maximum message size in bytes (default: 64MB)
+  -h, --help            Show this help
+Examples:
+  capnp audit message.bin
+  capnp audit message.bin --strict
+  capnp audit message.bin --json -o report.json
+  capnp audit message.bin --max-segments 128 --max-size 134217728
+`);
+}
+function parseArgs(args) {
+	const options = {};
+	for (let i = 0; i < args.length; i++) {
+		const arg = args[i];
+		if (arg === "-h" || arg === "--help") {
+			printUsage();
+			process.exit(0);
+		}
+		if (arg === "--strict") options.strict = true;
+		else if (arg === "--json") options.json = true;
+		else if (arg === "-o" || arg === "--output") options.output = args[++i];
+		else if (arg === "--max-segments") {
+			const val = Number.parseInt(args[++i], 10);
+			if (Number.isNaN(val) || val <= 0) {
+				console.error("Error: --max-segments must be a positive integer");
+				process.exit(1);
+			}
+			options.maxSegments = val;
+		} else if (arg === "--max-size") {
+			const val = Number.parseInt(args[++i], 10);
+			if (Number.isNaN(val) || val <= 0) {
+				console.error("Error: --max-size must be a positive integer");
+				process.exit(1);
+			}
+			options.maxSize = val;
+		} else if (!arg.startsWith("-")) {
+			if (!options.file) options.file = arg;
+		}
+	}
+	return options;
+}
+async function run(args) {
+	const options = parseArgs(args);
+	if (!options.file) {
+		console.error("Error: File path is required");
+		printUsage();
+		process.exit(1);
+	}
+	try {
+		const auditOptions = {
+			strictMode: options.strict,
+			maxSegments: options.maxSegments,
+			maxTotalSize: options.maxSize
+		};
+		const report = auditMessageFile(options.file, auditOptions);
+		let output;
+		if (options.json) output = JSON.stringify(report, null, 2);
+		else output = formatAuditReport(report);
+		if (options.output) {
+			const { writeFileSync } = await import("node:fs");
+			writeFileSync(options.output, output, "utf-8");
+			console.log(`Report written to: ${options.output}`);
+		} else console.log(output);
+		const shouldFail = !report.passed || options.strict && report.summary.warning > 0;
+		process.exit(shouldFail ? 1 : 0);
+	} catch (err) {
+		console.error("Error:", err instanceof Error ? err.message : err);
+		process.exit(2);
+	}
+}
+//#endregion
+export { run };
+//# sourceMappingURL=cli-audit-j58Eyd5d.js.map

package/dist/cli-audit-j58Eyd5d.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"cli-audit-j58Eyd5d.js","names":[],"sources":["../src/cli-audit.ts"],"sourcesContent":["import { readFileSync } from 'node:fs';\nimport {\n ElementSize,\n type FarPointer,\n type ListPointer,\n PointerTag,\n type StructPointer,\n decodePointer,\n} from './core/pointer.js';\nimport { Segment, WORD_SIZE } from './core/segment.js';\n\n/**\n * 审计安全选项配置\n */\nexport interface AuditSecurityOptions {\n /** 最大段数限制（默认64） */\n maxSegments?: number;\n /** 消息总大小限制，单位字节（默认64MB） */\n maxTotalSize?: number;\n /** 严格模式，遇到异常立即抛出而非静默处理（默认false） */\n strictMode?: boolean;\n}\n\n/** 默认安全选项 */\nconst DEFAULT_AUDIT_OPTIONS: Required<AuditSecurityOptions> = {\n maxSegments: 64,\n maxTotalSize: 64 * 1024 * 1024, // 64MB\n strictMode: false,\n};\n\n/**\n * 审计问题类型\n */\nexport type AuditIssueType = 'error' | 'warning' | 'info';\n\n/**\n * 审计问题\n */\nexport interface AuditIssue {\n /** 问题类型 */\n type: AuditIssueType;\n /** 问题分类 */\n category: string;\n /** 问题描述 */\n message: string;\n /** 问题位置 */\n location: string;\n /** 修复建议 */\n suggestion?: string;\n}\n\n/**\n * 审计报告\n */\nexport interface AuditReport {\n /** 文件路径 */\n filePath: string;\n /** 文件大小 */\n fileSize: number;\n /** 是否通过审计 */\n passed: boolean;\n /** 段数 */\n segmentCount: number;\n /** 总字数 */\n totalWords: number;\n /** 问题列表 */\n issues: AuditIssue[];\n /** 摘要 */\n summary: {\n error: number;\n warning: number;\n info: number;\n };\n /** 扫描的指针数量 */\n pointersScanned: number;\n /** 最大嵌套深度 */\n maxNestingDepth: number;\n}\n\n/**\n * Cap'n Proto 消息审计读取器\n * 用于安全审计消息文件\n */\nexport class AuditReader {\n private segments: Segment[];\n private options: Required<AuditSecurityOptions>;\n private issues: AuditIssue[] = [];\n private visitedPointers = new Set<string>();\n private pointersScanned = 0;\n private maxNestingDepth = 0;\n\n constructor(buffer: ArrayBuffer | Uint8Array, options: AuditSecurityOptions = {}) {\n this.options = { ...DEFAULT_AUDIT_OPTIONS, ...options };\n const uint8Array = buffer instanceof ArrayBuffer ? new Uint8Array(buffer) : buffer;\n\n // 初始化空段数组\n this.segments = [];\n\n // 检查最小大小\n if (uint8Array.byteLength < 8) {\n this.addIssue(\n 'error',\n 'invalid_header',\n \"消息太小，无法包含有效的 Cap'n Proto 头部\",\n 'header',\n '消息至少需要8字节的头部'\n );\n return;\n }\n\n // 检查总大小限制\n if (uint8Array.byteLength > this.options.maxTotalSize) {\n this.addIssue(\n 'error',\n 'size_exceeded',\n `消息大小(${uint8Array.byteLength}字节)超过最大限制(${this.options.maxTotalSize}字节)`,\n 'header',\n '减小消息大小或增加 --max-size 限制'\n );\n if (this.options.strictMode) return;\n }\n\n // 解析消息头\n const view = new DataView(uint8Array.buffer, uint8Array.byteOffset, uint8Array.byteLength);\n const firstWordLow = view.getUint32(0, true);\n const firstWordHigh = view.getUint32(4, true);\n\n const segmentCount = (firstWordLow & 0xffffffff) + 1;\n const firstSegmentSize = firstWordHigh;\n\n // 检查段数限制\n if (segmentCount > this.options.maxSegments) {\n this.addIssue(\n 'error',\n 'segment_count_exceeded',\n `段数(${segmentCount})超过最大限制(${this.options.maxSegments})`,\n 'header',\n '减少段数或增加 --max-segments 限制'\n );\n if (this.options.strictMode) return;\n }\n\n let offset = 8;\n const segmentSizes: number[] = [firstSegmentSize];\n\n // 读取剩余段大小\n for (let i = 1; i < segmentCount; i++) {\n if (offset + 4 > uint8Array.byteLength) {\n this.addIssue(\n 'error',\n 'truncated_header',\n '段表在段大小信息之前结束',\n `header.segment[${i}]`,\n '消息文件可能已损坏'\n );\n return;\n }\n segmentSizes.push(view.getUint32(offset, true));\n offset += 4;\n }\n\n // 对齐到 8 字节\n offset = (offset + 7) & ~7;\n\n if (offset > uint8Array.byteLength) {\n this.addIssue('error', 'truncated_header', '段表头部不完整', 'header', '消息文件可能已损坏');\n return;\n }\n\n // 创建段\n let totalWords = 0;\n for (let i = 0; i < segmentSizes.length; i++) {\n const size = segmentSizes[i];\n totalWords += size;\n\n if (offset + size * WORD_SIZE > uint8Array.byteLength) {\n this.addIssue(\n 'warning',\n 'truncated_segment',\n `段${i}数据不足，声明大小:${size}字，实际可用:${Math.floor((uint8Array.byteLength - offset) / WORD_SIZE)}字`,\n `segment[${i}]`,\n '消息文件可能已损坏或被截断'\n );\n break;\n }\n const segmentBuffer = uint8Array.slice(offset, offset + size * WORD_SIZE);\n this.segments.push(Segment.fromBuffer(segmentBuffer.buffer));\n offset += size * WORD_SIZE;\n }\n\n if (totalWords > this.options.maxTotalSize / WORD_SIZE) {\n this.addIssue(\n 'warning',\n 'large_message',\n `消息总字数(${totalWords})较大，可能影响性能`,\n 'message',\n '考虑分割大型消息'\n );\n }\n\n // 扫描所有指针\n this.scanAllPointers();\n }\n\n /**\n * 添加审计问题\n */\n private addIssue(\n type: AuditIssueType,\n category: string,\n message: string,\n location: string,\n suggestion?: string\n ): void {\n this.issues.push({ type, category, message, location, suggestion });\n }\n\n /**\n * 获取段\n */\n private getSegment(index: number): Segment | undefined {\n return this.segments[index];\n }\n\n /**\n * 扫描所有指针\n */\n private scanAllPointers(): void {\n if (this.segments.length === 0) return;\n\n // 从根段开始扫描\n for (let segIdx = 0; segIdx < this.segments.length; segIdx++) {\n const segment = this.segments[segIdx];\n const wordCount = segment.wordCount;\n\n for (let wordIdx = 0; wordIdx < wordCount; wordIdx++) {\n const ptrValue = segment.getWord(wordIdx);\n if (ptrValue === 0n) continue; // 空指针\n\n this.scanPointer(segIdx, wordIdx, ptrValue, 0);\n }\n }\n }\n\n /**\n * 扫描单个指针\n */\n private scanPointer(\n segmentIndex: number,\n wordOffset: number,\n ptrValue: bigint,\n depth: number\n ): void {\n this.pointersScanned++;\n this.maxNestingDepth = Math.max(this.maxNestingDepth, depth);\n\n // 检查循环引用\n const ptrKey = `${segmentIndex}:${wordOffset}`;\n if (this.visitedPointers.has(ptrKey)) {\n this.addIssue(\n 'warning',\n 'circular_reference',\n `检测到可能的循环引用 at segment[${segmentIndex}].word[${wordOffset}]`,\n `segment[${segmentIndex}].word[${wordOffset}]`,\n '检查消息结构是否存在循环'\n );\n return;\n }\n this.visitedPointers.add(ptrKey);\n\n // 检查嵌套深度\n if (depth > 100) {\n this.addIssue(\n 'error',\n 'nesting_too_deep',\n '指针嵌套深度超过100，可能存在恶意构造的消息',\n `segment[${segmentIndex}].word[${wordOffset}]`,\n '检查消息是否被恶意构造'\n );\n return;\n }\n\n const ptr = decodePointer(ptrValue);\n const segment = this.getSegment(segmentIndex);\n if (!segment) return;\n\n switch (ptr.tag) {\n case PointerTag.STRUCT: {\n const structPtr = ptr as StructPointer;\n const targetOffset = wordOffset + 1 + structPtr.offset;\n\n // 检查目标范围\n if (\n targetOffset < 0 ||\n targetOffset + structPtr.dataWords + structPtr.pointerCount > segment.wordCount\n ) {\n this.addIssue(\n 'error',\n 'out_of_bounds',\n `Struct指针目标超出段范围: offset=${structPtr.offset}, dataWords=${structPtr.dataWords}, pointerCount=${structPtr.pointerCount}`,\n `segment[${segmentIndex}].word[${wordOffset}]`,\n '消息可能已损坏或被篡改'\n );\n }\n\n // 检查指针区域中的指针\n const pointerStart = targetOffset + structPtr.dataWords;\n for (let i = 0; i < structPtr.pointerCount; i++) {\n const ptrIdx = pointerStart + i;\n if (ptrIdx < segment.wordCount) {\n const nestedPtr = segment.getWord(ptrIdx);\n if (nestedPtr !== 0n) {\n this.scanPointer(segmentIndex, ptrIdx, nestedPtr, depth + 1);\n }\n }\n }\n break;\n }\n\n case PointerTag.LIST: {\n const listPtr = ptr as ListPointer;\n\n if (listPtr.elementSize === ElementSize.COMPOSITE) {\n // 需要读取tag word\n const tagOffset = wordOffset + 1 + listPtr.offset;\n if (tagOffset >= 0 && tagOffset < segment.wordCount) {\n const tagWord = segment.getWord(tagOffset);\n const elementCount = Number(tagWord & BigInt(0xffffffff));\n const dataWords = Number((tagWord >> BigInt(32)) & BigInt(0xffff));\n const pointerCount = Number((tagWord >> BigInt(48)) & BigInt(0xffff));\n\n if (elementCount > 1000000) {\n this.addIssue(\n 'warning',\n 'large_list',\n `复合列表元素数量异常: ${elementCount}`,\n `segment[${segmentIndex}].word[${wordOffset}]`,\n '检查列表大小是否合理'\n );\n }\n\n // 检查每个元素中的指针\n const elementSize = dataWords + pointerCount;\n const dataStart = tagOffset + 1;\n for (let i = 0; i < elementCount; i++) {\n for (let j = 0; j < pointerCount; j++) {\n const ptrIdx = dataStart + i * elementSize + dataWords + j;\n if (ptrIdx < segment.wordCount) {\n const nestedPtr = segment.getWord(ptrIdx);\n if (nestedPtr !== 0n) {\n this.scanPointer(segmentIndex, ptrIdx, nestedPtr, depth + 1);\n }\n }\n }\n }\n }\n } else if (listPtr.elementSize === ElementSize.POINTER) {\n // 指针列表\n const targetOffset = wordOffset + 1 + listPtr.offset;\n for (let i = 0; i < listPtr.elementCount; i++) {\n const ptrIdx = targetOffset + i;\n if (ptrIdx < segment.wordCount) {\n const nestedPtr = segment.getWord(ptrIdx);\n if (nestedPtr !== 0n) {\n this.scanPointer(segmentIndex, ptrIdx, nestedPtr, depth + 1);\n }\n }\n }\n }\n break;\n }\n\n case PointerTag.FAR: {\n const farPtr = ptr as FarPointer;\n\n if (farPtr.targetSegment >= this.segments.length) {\n this.addIssue(\n 'error',\n 'invalid_far_pointer',\n `Far指针引用不存在的段: ${farPtr.targetSegment}`,\n `segment[${segmentIndex}].word[${wordOffset}]`,\n '消息可能已损坏'\n );\n } else {\n const targetSegment = this.getSegment(farPtr.targetSegment);\n if (targetSegment && farPtr.targetOffset >= targetSegment.wordCount) {\n this.addIssue(\n 'error',\n 'invalid_far_pointer',\n `Far指针目标偏移超出范围: segment=${farPtr.targetSegment}, offset=${farPtr.targetOffset}`,\n `segment[${segmentIndex}].word[${wordOffset}]`,\n '消息可能已损坏'\n );\n }\n\n if (farPtr.doubleFar) {\n // 检查 double-far landing pad\n if (targetSegment && farPtr.targetOffset < targetSegment.wordCount) {\n const landingPadPtr = targetSegment.getWord(farPtr.targetOffset);\n if (landingPadPtr !== 0n) {\n this.scanPointer(\n farPtr.targetSegment,\n farPtr.targetOffset,\n landingPadPtr,\n depth + 1\n );\n }\n }\n }\n }\n break;\n }\n\n case PointerTag.OTHER:\n // Capability 指针或其他特殊类型在序列化消息中不应出现\n this.addIssue(\n 'warning',\n 'capability_in_message',\n '序列化消息中发现 Capability 或其他特殊指针',\n `segment[${segmentIndex}].word[${wordOffset}]`,\n 'Capability 通常不应在序列化消息中'\n );\n break;\n }\n }\n\n /**\n * 生成审计报告\n */\n generateReport(filePath: string, fileSize: number): AuditReport {\n const errors = this.issues.filter((i) => i.type === 'error').length;\n const warnings = this.issues.filter((i) => i.type === 'warning').length;\n const infos = this.issues.filter((i) => i.type === 'info').length;\n\n return {\n filePath,\n fileSize,\n passed: errors === 0,\n segmentCount: this.segments.length,\n totalWords: this.segments.reduce((sum, s) => sum + s.wordCount, 0),\n issues: this.issues,\n summary: {\n error: errors,\n warning: warnings,\n info: infos,\n },\n pointersScanned: this.pointersScanned,\n maxNestingDepth: this.maxNestingDepth,\n };\n }\n}\n\n/**\n * 格式化审计报告为可读文本\n */\nexport function formatAuditReport(report: AuditReport): string {\n const lines: string[] = [];\n\n lines.push('='.repeat(60));\n lines.push(\"CAP'N PROTO SECURITY AUDIT REPORT\");\n lines.push('='.repeat(60));\n lines.push('');\n\n // 文件信息\n lines.push('File Information:');\n lines.push(` Path: ${report.filePath}`);\n lines.push(` Size: ${report.fileSize.toLocaleString()} bytes`);\n lines.push(` Segments: ${report.segmentCount}`);\n lines.push(` Total Words: ${report.totalWords.toLocaleString()}`);\n lines.push(` Pointers Scanned: ${report.pointersScanned.toLocaleString()}`);\n lines.push(` Max Nesting Depth: ${report.maxNestingDepth}`);\n lines.push('');\n\n // 状态\n if (report.passed) {\n lines.push('✅ AUDIT PASSED');\n } else {\n lines.push('❌ AUDIT FAILED');\n }\n lines.push('');\n\n // 摘要\n lines.push('Summary:');\n lines.push(` Errors: ${report.summary.error}`);\n lines.push(` Warnings: ${report.summary.warning}`);\n lines.push(` Info: ${report.summary.info}`);\n lines.push('');\n\n // 问题详情\n if (report.issues.length > 0) {\n lines.push('Issues:');\n lines.push('-'.repeat(60));\n\n // 按类型分组\n const errors = report.issues.filter((i) => i.type === 'error');\n const warnings = report.issues.filter((i) => i.type === 'warning');\n const infos = report.issues.filter((i) => i.type === 'info');\n\n if (errors.length > 0) {\n lines.push('');\n lines.push('❌ ERRORS:');\n for (const issue of errors) {\n lines.push(` [${issue.category}] ${issue.message}`);\n lines.push(` Location: ${issue.location}`);\n if (issue.suggestion) {\n lines.push(` 💡 ${issue.suggestion}`);\n }\n lines.push('');\n }\n }\n\n if (warnings.length > 0) {\n lines.push('');\n lines.push('⚠️ WARNINGS:');\n for (const issue of warnings) {\n lines.push(` [${issue.category}] ${issue.message}`);\n lines.push(` Location: ${issue.location}`);\n if (issue.suggestion) {\n lines.push(` 💡 ${issue.suggestion}`);\n }\n lines.push('');\n }\n }\n\n if (infos.length > 0) {\n lines.push('');\n lines.push('ℹ️ INFO:');\n for (const issue of infos) {\n lines.push(` [${issue.category}] ${issue.message}`);\n lines.push(` Location: ${issue.location}`);\n lines.push('');\n }\n }\n } else {\n lines.push('No issues found.');\n }\n\n lines.push('');\n lines.push('='.repeat(60));\n\n return lines.join('\\n');\n}\n\n/**\n * 审计消息文件\n */\nexport function auditMessageFile(\n filePath: string,\n options: AuditSecurityOptions = {}\n): AuditReport {\n const buffer = readFileSync(filePath);\n const reader = new AuditReader(buffer, options);\n return reader.generateReport(filePath, buffer.byteLength);\n}\n\nconst CLI_VERSION = '0.9.0';\n\nfunction printUsage() {\n console.log(`\nCap'n Proto Security Audit CLI v${CLI_VERSION}\n\nUsage: capnp audit <file> [options]\n\nArguments:\n file Path to Cap'n Proto message binary file\n\nOptions:\n --strict Strict mode, fail on warnings\n --json Output as JSON\n -o, --output <file> Write report to file\n --max-segments <n> Maximum allowed segments (default: 64)\n --max-size <bytes> Maximum message size in bytes (default: 64MB)\n -h, --help Show this help\n\nExamples:\n capnp audit message.bin\n capnp audit message.bin --strict\n capnp audit message.bin --json -o report.json\n capnp audit message.bin --max-segments 128 --max-size 134217728\n`);\n}\n\nfunction parseArgs(args: string[]) {\n const options: {\n file?: string;\n strict?: boolean;\n json?: boolean;\n output?: string;\n maxSegments?: number;\n maxSize?: number;\n } = {};\n\n for (let i = 0; i < args.length; i++) {\n const arg = args[i];\n\n if (arg === '-h' || arg === '--help') {\n printUsage();\n process.exit(0);\n }\n\n if (arg === '--strict') {\n options.strict = true;\n } else if (arg === '--json') {\n options.json = true;\n } else if (arg === '-o' || arg === '--output') {\n options.output = args[++i];\n } else if (arg === '--max-segments') {\n const val = Number.parseInt(args[++i], 10);\n if (Number.isNaN(val) || val <= 0) {\n console.error('Error: --max-segments must be a positive integer');\n process.exit(1);\n }\n options.maxSegments = val;\n } else if (arg === '--max-size') {\n const val = Number.parseInt(args[++i], 10);\n if (Number.isNaN(val) || val <= 0) {\n console.error('Error: --max-size must be a positive integer');\n process.exit(1);\n }\n options.maxSize = val;\n } else if (!arg.startsWith('-')) {\n if (!options.file) {\n options.file = arg;\n }\n }\n }\n\n return options;\n}\n\nexport async function run(args: string[]): Promise<void> {\n const options = parseArgs(args);\n\n if (!options.file) {\n console.error('Error: File path is required');\n printUsage();\n process.exit(1);\n }\n\n try {\n const auditOptions: AuditSecurityOptions = {\n strictMode: options.strict,\n maxSegments: options.maxSegments,\n maxTotalSize: options.maxSize,\n };\n\n const report = auditMessageFile(options.file, auditOptions);\n\n let output: string;\n if (options.json) {\n output = JSON.stringify(report, null, 2);\n } else {\n output = formatAuditReport(report);\n }\n\n if (options.output) {\n const { writeFileSync } = await import('node:fs');\n writeFileSync(options.output, output, 'utf-8');\n console.log(`Report written to: ${options.output}`);\n } else {\n console.log(output);\n }\n\n // Exit with error code if audit failed or strict mode has warnings\n const shouldFail = !report.passed || (options.strict && report.summary.warning > 0);\n process.exit(shouldFail ? 1 : 0);\n } catch (err) {\n console.error('Error:', err instanceof Error ? err.message : err);\n process.exit(2);\n }\n}\n"],"mappings":";;;;;AAwBA,MAAM,wBAAwD;CAC5D,aAAa;CACb,cAAc,KAAK,OAAO;CAC1B,YAAY;CACb;;;;;AAuDD,IAAa,cAAb,MAAyB;CACvB,AAAQ;CACR,AAAQ;CACR,AAAQ,SAAuB,EAAE;CACjC,AAAQ,kCAAkB,IAAI,KAAa;CAC3C,AAAQ,kBAAkB;CAC1B,AAAQ,kBAAkB;CAE1B,YAAY,QAAkC,UAAgC,EAAE,EAAE;AAChF,OAAK,UAAU;GAAE,GAAG;GAAuB,GAAG;GAAS;EACvD,MAAM,aAAa,kBAAkB,cAAc,IAAI,WAAW,OAAO,GAAG;AAG5E,OAAK,WAAW,EAAE;AAGlB,MAAI,WAAW,aAAa,GAAG;AAC7B,QAAK,SACH,SACA,kBACA,+BACA,UACA,eACD;AACD;;AAIF,MAAI,WAAW,aAAa,KAAK,QAAQ,cAAc;AACrD,QAAK,SACH,SACA,iBACA,QAAQ,WAAW,WAAW,YAAY,KAAK,QAAQ,aAAa,MACpE,UACA,0BACD;AACD,OAAI,KAAK,QAAQ,WAAY;;EAI/B,MAAM,OAAO,IAAI,SAAS,WAAW,QAAQ,WAAW,YAAY,WAAW,WAAW;EAC1F,MAAM,eAAe,KAAK,UAAU,GAAG,KAAK;EAC5C,MAAM,gBAAgB,KAAK,UAAU,GAAG,KAAK;EAE7C,MAAM,gBAAgB,eAAe,cAAc;EACnD,MAAM,mBAAmB;AAGzB,MAAI,eAAe,KAAK,QAAQ,aAAa;AAC3C,QAAK,SACH,SACA,0BACA,MAAM,aAAa,UAAU,KAAK,QAAQ,YAAY,IACtD,UACA,4BACD;AACD,OAAI,KAAK,QAAQ,WAAY;;EAG/B,IAAI,SAAS;EACb,MAAM,eAAyB,CAAC,iBAAiB;AAGjD,OAAK,IAAI,IAAI,GAAG,IAAI,cAAc,KAAK;AACrC,OAAI,SAAS,IAAI,WAAW,YAAY;AACtC,SAAK,SACH,SACA,oBACA,gBACA,kBAAkB,EAAE,IACpB,YACD;AACD;;AAEF,gBAAa,KAAK,KAAK,UAAU,QAAQ,KAAK,CAAC;AAC/C,aAAU;;AAIZ,WAAU,SAAS,IAAK;AAExB,MAAI,SAAS,WAAW,YAAY;AAClC,QAAK,SAAS,SAAS,oBAAoB,WAAW,UAAU,YAAY;AAC5E;;EAIF,IAAI,aAAa;AACjB,OAAK,IAAI,IAAI,GAAG,IAAI,aAAa,QAAQ,KAAK;GAC5C,MAAM,OAAO,aAAa;AAC1B,iBAAc;AAEd,OAAI,SAAS,OAAO,YAAY,WAAW,YAAY;AACrD,SAAK,SACH,WACA,qBACA,IAAI,EAAE,YAAY,KAAK,SAAS,KAAK,OAAO,WAAW,aAAa,UAAU,UAAU,CAAC,IACzF,WAAW,EAAE,IACb,gBACD;AACD;;GAEF,MAAM,gBAAgB,WAAW,MAAM,QAAQ,SAAS,OAAO,UAAU;AACzE,QAAK,SAAS,KAAK,QAAQ,WAAW,cAAc,OAAO,CAAC;AAC5D,aAAU,OAAO;;AAGnB,MAAI,aAAa,KAAK,QAAQ,eAAe,UAC3C,MAAK,SACH,WACA,iBACA,SAAS,WAAW,aACpB,WACA,WACD;AAIH,OAAK,iBAAiB;;;;;CAMxB,AAAQ,SACN,MACA,UACA,SACA,UACA,YACM;AACN,OAAK,OAAO,KAAK;GAAE;GAAM;GAAU;GAAS;GAAU;GAAY,CAAC;;;;;CAMrE,AAAQ,WAAW,OAAoC;AACrD,SAAO,KAAK,SAAS;;;;;CAMvB,AAAQ,kBAAwB;AAC9B,MAAI,KAAK,SAAS,WAAW,EAAG;AAGhC,OAAK,IAAI,SAAS,GAAG,SAAS,KAAK,SAAS,QAAQ,UAAU;GAC5D,MAAM,UAAU,KAAK,SAAS;GAC9B,MAAM,YAAY,QAAQ;AAE1B,QAAK,IAAI,UAAU,GAAG,UAAU,WAAW,WAAW;IACpD,MAAM,WAAW,QAAQ,QAAQ,QAAQ;AACzC,QAAI,aAAa,GAAI;AAErB,SAAK,YAAY,QAAQ,SAAS,UAAU,EAAE;;;;;;;CAQpD,AAAQ,YACN,cACA,YACA,UACA,OACM;AACN,OAAK;AACL,OAAK,kBAAkB,KAAK,IAAI,KAAK,iBAAiB,MAAM;EAG5D,MAAM,SAAS,GAAG,aAAa,GAAG;AAClC,MAAI,KAAK,gBAAgB,IAAI,OAAO,EAAE;AACpC,QAAK,SACH,WACA,sBACA,yBAAyB,aAAa,SAAS,WAAW,IAC1D,WAAW,aAAa,SAAS,WAAW,IAC5C,eACD;AACD;;AAEF,OAAK,gBAAgB,IAAI,OAAO;AAGhC,MAAI,QAAQ,KAAK;AACf,QAAK,SACH,SACA,oBACA,2BACA,WAAW,aAAa,SAAS,WAAW,IAC5C,cACD;AACD;;EAGF,MAAM,MAAM,cAAc,SAAS;EACnC,MAAM,UAAU,KAAK,WAAW,aAAa;AAC7C,MAAI,CAAC,QAAS;AAEd,UAAQ,IAAI,KAAZ;GACE,KAAK,WAAW,QAAQ;IACtB,MAAM,YAAY;IAClB,MAAM,eAAe,aAAa,IAAI,UAAU;AAGhD,QACE,eAAe,KACf,eAAe,UAAU,YAAY,UAAU,eAAe,QAAQ,UAEtE,MAAK,SACH,SACA,iBACA,2BAA2B,UAAU,OAAO,cAAc,UAAU,UAAU,iBAAiB,UAAU,gBACzG,WAAW,aAAa,SAAS,WAAW,IAC5C,cACD;IAIH,MAAM,eAAe,eAAe,UAAU;AAC9C,SAAK,IAAI,IAAI,GAAG,IAAI,UAAU,cAAc,KAAK;KAC/C,MAAM,SAAS,eAAe;AAC9B,SAAI,SAAS,QAAQ,WAAW;MAC9B,MAAM,YAAY,QAAQ,QAAQ,OAAO;AACzC,UAAI,cAAc,GAChB,MAAK,YAAY,cAAc,QAAQ,WAAW,QAAQ,EAAE;;;AAIlE;;GAGF,KAAK,WAAW,MAAM;IACpB,MAAM,UAAU;AAEhB,QAAI,QAAQ,gBAAgB,YAAY,WAAW;KAEjD,MAAM,YAAY,aAAa,IAAI,QAAQ;AAC3C,SAAI,aAAa,KAAK,YAAY,QAAQ,WAAW;MACnD,MAAM,UAAU,QAAQ,QAAQ,UAAU;MAC1C,MAAM,eAAe,OAAO,UAAU,OAAO,WAAW,CAAC;MACzD,MAAM,YAAY,OAAQ,WAAW,OAAO,GAAG,GAAI,OAAO,MAAO,CAAC;MAClE,MAAM,eAAe,OAAQ,WAAW,OAAO,GAAG,GAAI,OAAO,MAAO,CAAC;AAErE,UAAI,eAAe,IACjB,MAAK,SACH,WACA,cACA,eAAe,gBACf,WAAW,aAAa,SAAS,WAAW,IAC5C,aACD;MAIH,MAAM,cAAc,YAAY;MAChC,MAAM,YAAY,YAAY;AAC9B,WAAK,IAAI,IAAI,GAAG,IAAI,cAAc,IAChC,MAAK,IAAI,IAAI,GAAG,IAAI,cAAc,KAAK;OACrC,MAAM,SAAS,YAAY,IAAI,cAAc,YAAY;AACzD,WAAI,SAAS,QAAQ,WAAW;QAC9B,MAAM,YAAY,QAAQ,QAAQ,OAAO;AACzC,YAAI,cAAc,GAChB,MAAK,YAAY,cAAc,QAAQ,WAAW,QAAQ,EAAE;;;;eAM7D,QAAQ,gBAAgB,YAAY,SAAS;KAEtD,MAAM,eAAe,aAAa,IAAI,QAAQ;AAC9C,UAAK,IAAI,IAAI,GAAG,IAAI,QAAQ,cAAc,KAAK;MAC7C,MAAM,SAAS,eAAe;AAC9B,UAAI,SAAS,QAAQ,WAAW;OAC9B,MAAM,YAAY,QAAQ,QAAQ,OAAO;AACzC,WAAI,cAAc,GAChB,MAAK,YAAY,cAAc,QAAQ,WAAW,QAAQ,EAAE;;;;AAKpE;;GAGF,KAAK,WAAW,KAAK;IACnB,MAAM,SAAS;AAEf,QAAI,OAAO,iBAAiB,KAAK,SAAS,OACxC,MAAK,SACH,SACA,uBACA,iBAAiB,OAAO,iBACxB,WAAW,aAAa,SAAS,WAAW,IAC5C,UACD;SACI;KACL,MAAM,gBAAgB,KAAK,WAAW,OAAO,cAAc;AAC3D,SAAI,iBAAiB,OAAO,gBAAgB,cAAc,UACxD,MAAK,SACH,SACA,uBACA,0BAA0B,OAAO,cAAc,WAAW,OAAO,gBACjE,WAAW,aAAa,SAAS,WAAW,IAC5C,UACD;AAGH,SAAI,OAAO,WAET;UAAI,iBAAiB,OAAO,eAAe,cAAc,WAAW;OAClE,MAAM,gBAAgB,cAAc,QAAQ,OAAO,aAAa;AAChE,WAAI,kBAAkB,GACpB,MAAK,YACH,OAAO,eACP,OAAO,cACP,eACA,QAAQ,EACT;;;;AAKT;;GAGF,KAAK,WAAW;AAEd,SAAK,SACH,WACA,yBACA,+BACA,WAAW,aAAa,SAAS,WAAW,IAC5C,yBACD;AACD;;;;;;CAON,eAAe,UAAkB,UAA+B;EAC9D,MAAM,SAAS,KAAK,OAAO,QAAQ,MAAM,EAAE,SAAS,QAAQ,CAAC;EAC7D,MAAM,WAAW,KAAK,OAAO,QAAQ,MAAM,EAAE,SAAS,UAAU,CAAC;EACjE,MAAM,QAAQ,KAAK,OAAO,QAAQ,MAAM,EAAE,SAAS,OAAO,CAAC;AAE3D,SAAO;GACL;GACA;GACA,QAAQ,WAAW;GACnB,cAAc,KAAK,SAAS;GAC5B,YAAY,KAAK,SAAS,QAAQ,KAAK,MAAM,MAAM,EAAE,WAAW,EAAE;GAClE,QAAQ,KAAK;GACb,SAAS;IACP,OAAO;IACP,SAAS;IACT,MAAM;IACP;GACD,iBAAiB,KAAK;GACtB,iBAAiB,KAAK;GACvB;;;;;;AAOL,SAAgB,kBAAkB,QAA6B;CAC7D,MAAM,QAAkB,EAAE;AAE1B,OAAM,KAAK,IAAI,OAAO,GAAG,CAAC;AAC1B,OAAM,KAAK,oCAAoC;AAC/C,OAAM,KAAK,IAAI,OAAO,GAAG,CAAC;AAC1B,OAAM,KAAK,GAAG;AAGd,OAAM,KAAK,oBAAoB;AAC/B,OAAM,KAAK,WAAW,OAAO,WAAW;AACxC,OAAM,KAAK,WAAW,OAAO,SAAS,gBAAgB,CAAC,QAAQ;AAC/D,OAAM,KAAK,eAAe,OAAO,eAAe;AAChD,OAAM,KAAK,kBAAkB,OAAO,WAAW,gBAAgB,GAAG;AAClE,OAAM,KAAK,uBAAuB,OAAO,gBAAgB,gBAAgB,GAAG;AAC5E,OAAM,KAAK,wBAAwB,OAAO,kBAAkB;AAC5D,OAAM,KAAK,GAAG;AAGd,KAAI,OAAO,OACT,OAAM,KAAK,iBAAiB;KAE5B,OAAM,KAAK,iBAAiB;AAE9B,OAAM,KAAK,GAAG;AAGd,OAAM,KAAK,WAAW;AACtB,OAAM,KAAK,eAAe,OAAO,QAAQ,QAAQ;AACjD,OAAM,KAAK,eAAe,OAAO,QAAQ,UAAU;AACnD,OAAM,KAAK,eAAe,OAAO,QAAQ,OAAO;AAChD,OAAM,KAAK,GAAG;AAGd,KAAI,OAAO,OAAO,SAAS,GAAG;AAC5B,QAAM,KAAK,UAAU;AACrB,QAAM,KAAK,IAAI,OAAO,GAAG,CAAC;EAG1B,MAAM,SAAS,OAAO,OAAO,QAAQ,MAAM,EAAE,SAAS,QAAQ;EAC9D,MAAM,WAAW,OAAO,OAAO,QAAQ,MAAM,EAAE,SAAS,UAAU;EAClE,MAAM,QAAQ,OAAO,OAAO,QAAQ,MAAM,EAAE,SAAS,OAAO;AAE5D,MAAI,OAAO,SAAS,GAAG;AACrB,SAAM,KAAK,GAAG;AACd,SAAM,KAAK,YAAY;AACvB,QAAK,MAAM,SAAS,QAAQ;AAC1B,UAAM,KAAK,MAAM,MAAM,SAAS,IAAI,MAAM,UAAU;AACpD,UAAM,KAAK,iBAAiB,MAAM,WAAW;AAC7C,QAAI,MAAM,WACR,OAAM,KAAK,UAAU,MAAM,aAAa;AAE1C,UAAM,KAAK,GAAG;;;AAIlB,MAAI,SAAS,SAAS,GAAG;AACvB,SAAM,KAAK,GAAG;AACd,SAAM,KAAK,gBAAgB;AAC3B,QAAK,MAAM,SAAS,UAAU;AAC5B,UAAM,KAAK,MAAM,MAAM,SAAS,IAAI,MAAM,UAAU;AACpD,UAAM,KAAK,iBAAiB,MAAM,WAAW;AAC7C,QAAI,MAAM,WACR,OAAM,KAAK,UAAU,MAAM,aAAa;AAE1C,UAAM,KAAK,GAAG;;;AAIlB,MAAI,MAAM,SAAS,GAAG;AACpB,SAAM,KAAK,GAAG;AACd,SAAM,KAAK,YAAY;AACvB,QAAK,MAAM,SAAS,OAAO;AACzB,UAAM,KAAK,MAAM,MAAM,SAAS,IAAI,MAAM,UAAU;AACpD,UAAM,KAAK,iBAAiB,MAAM,WAAW;AAC7C,UAAM,KAAK,GAAG;;;OAIlB,OAAM,KAAK,mBAAmB;AAGhC,OAAM,KAAK,GAAG;AACd,OAAM,KAAK,IAAI,OAAO,GAAG,CAAC;AAE1B,QAAO,MAAM,KAAK,KAAK;;;;;AAMzB,SAAgB,iBACd,UACA,UAAgC,EAAE,EACrB;CACb,MAAM,SAAS,aAAa,SAAS;AAErC,QADe,IAAI,YAAY,QAAQ,QAAQ,CACjC,eAAe,UAAU,OAAO,WAAW;;AAG3D,MAAM,cAAc;AAEpB,SAAS,aAAa;AACpB,SAAQ,IAAI;kCACoB,YAAY;;;;;;;;;;;;;;;;;;;;EAoB5C;;AAGF,SAAS,UAAU,MAAgB;CACjC,MAAM,UAOF,EAAE;AAEN,MAAK,IAAI,IAAI,GAAG,IAAI,KAAK,QAAQ,KAAK;EACpC,MAAM,MAAM,KAAK;AAEjB,MAAI,QAAQ,QAAQ,QAAQ,UAAU;AACpC,eAAY;AACZ,WAAQ,KAAK,EAAE;;AAGjB,MAAI,QAAQ,WACV,SAAQ,SAAS;WACR,QAAQ,SACjB,SAAQ,OAAO;WACN,QAAQ,QAAQ,QAAQ,WACjC,SAAQ,SAAS,KAAK,EAAE;WACf,QAAQ,kBAAkB;GACnC,MAAM,MAAM,OAAO,SAAS,KAAK,EAAE,IAAI,GAAG;AAC1C,OAAI,OAAO,MAAM,IAAI,IAAI,OAAO,GAAG;AACjC,YAAQ,MAAM,mDAAmD;AACjE,YAAQ,KAAK,EAAE;;AAEjB,WAAQ,cAAc;aACb,QAAQ,cAAc;GAC/B,MAAM,MAAM,OAAO,SAAS,KAAK,EAAE,IAAI,GAAG;AAC1C,OAAI,OAAO,MAAM,IAAI,IAAI,OAAO,GAAG;AACjC,YAAQ,MAAM,+CAA+C;AAC7D,YAAQ,KAAK,EAAE;;AAEjB,WAAQ,UAAU;aACT,CAAC,IAAI,WAAW,IAAI,EAC7B;OAAI,CAAC,QAAQ,KACX,SAAQ,OAAO;;;AAKrB,QAAO;;AAGT,eAAsB,IAAI,MAA+B;CACvD,MAAM,UAAU,UAAU,KAAK;AAE/B,KAAI,CAAC,QAAQ,MAAM;AACjB,UAAQ,MAAM,+BAA+B;AAC7C,cAAY;AACZ,UAAQ,KAAK,EAAE;;AAGjB,KAAI;EACF,MAAM,eAAqC;GACzC,YAAY,QAAQ;GACpB,aAAa,QAAQ;GACrB,cAAc,QAAQ;GACvB;EAED,MAAM,SAAS,iBAAiB,QAAQ,MAAM,aAAa;EAE3D,IAAI;AACJ,MAAI,QAAQ,KACV,UAAS,KAAK,UAAU,QAAQ,MAAM,EAAE;MAExC,UAAS,kBAAkB,OAAO;AAGpC,MAAI,QAAQ,QAAQ;GAClB,MAAM,EAAE,kBAAkB,MAAM,OAAO;AACvC,iBAAc,QAAQ,QAAQ,QAAQ,QAAQ;AAC9C,WAAQ,IAAI,sBAAsB,QAAQ,SAAS;QAEnD,SAAQ,IAAI,OAAO;EAIrB,MAAM,aAAa,CAAC,OAAO,UAAW,QAAQ,UAAU,OAAO,QAAQ,UAAU;AACjF,UAAQ,KAAK,aAAa,IAAI,EAAE;UACzB,KAAK;AACZ,UAAQ,MAAM,UAAU,eAAe,QAAQ,IAAI,UAAU,IAAI;AACjE,UAAQ,KAAK,EAAE"}