@nahisaho/musubix-security 1.8.0 → 1.8.5
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +27 -0
- package/dist/analyzers/ai/index.d.ts +6 -0
- package/dist/analyzers/ai/index.d.ts.map +1 -0
- package/dist/analyzers/ai/index.js +6 -0
- package/dist/analyzers/ai/index.js.map +1 -0
- package/dist/analyzers/ai/prompt-injection-detector.d.ts +152 -0
- package/dist/analyzers/ai/prompt-injection-detector.d.ts.map +1 -0
- package/dist/analyzers/ai/prompt-injection-detector.js +468 -0
- package/dist/analyzers/ai/prompt-injection-detector.js.map +1 -0
- package/dist/analyzers/api/api-security-analyzer.d.ts +263 -0
- package/dist/analyzers/api/api-security-analyzer.d.ts.map +1 -0
- package/dist/analyzers/api/api-security-analyzer.js +581 -0
- package/dist/analyzers/api/api-security-analyzer.js.map +1 -0
- package/dist/analyzers/compliance/compliance-checker.d.ts +201 -0
- package/dist/analyzers/compliance/compliance-checker.d.ts.map +1 -0
- package/dist/analyzers/compliance/compliance-checker.js +772 -0
- package/dist/analyzers/compliance/compliance-checker.js.map +1 -0
- package/dist/analyzers/container/image-scanner.d.ts +163 -0
- package/dist/analyzers/container/image-scanner.d.ts.map +1 -0
- package/dist/analyzers/container/image-scanner.js +459 -0
- package/dist/analyzers/container/image-scanner.js.map +1 -0
- package/dist/analyzers/container/index.d.ts +6 -0
- package/dist/analyzers/container/index.d.ts.map +1 -0
- package/dist/analyzers/container/index.js +6 -0
- package/dist/analyzers/container/index.js.map +1 -0
- package/dist/analyzers/dashboard/security-dashboard.d.ts +286 -0
- package/dist/analyzers/dashboard/security-dashboard.d.ts.map +1 -0
- package/dist/analyzers/dashboard/security-dashboard.js +796 -0
- package/dist/analyzers/dashboard/security-dashboard.js.map +1 -0
- package/dist/analyzers/iac/iac-checker.d.ts +124 -0
- package/dist/analyzers/iac/iac-checker.d.ts.map +1 -0
- package/dist/analyzers/iac/iac-checker.js +755 -0
- package/dist/analyzers/iac/iac-checker.js.map +1 -0
- package/dist/analyzers/iac/index.d.ts +6 -0
- package/dist/analyzers/iac/index.d.ts.map +1 -0
- package/dist/analyzers/iac/index.js +6 -0
- package/dist/analyzers/iac/index.js.map +1 -0
- package/dist/analyzers/index.d.ts +9 -0
- package/dist/analyzers/index.d.ts.map +1 -0
- package/dist/analyzers/index.js +13 -0
- package/dist/analyzers/index.js.map +1 -0
- package/dist/analyzers/monitor/realtime-monitor.d.ts +216 -0
- package/dist/analyzers/monitor/realtime-monitor.d.ts.map +1 -0
- package/dist/analyzers/monitor/realtime-monitor.js +601 -0
- package/dist/analyzers/monitor/realtime-monitor.js.map +1 -0
- package/dist/analyzers/sast/index.d.ts +7 -0
- package/dist/analyzers/sast/index.d.ts.map +1 -0
- package/dist/analyzers/sast/index.js +7 -0
- package/dist/analyzers/sast/index.js.map +1 -0
- package/dist/analyzers/sast/interprocedural-analyzer.d.ts +276 -0
- package/dist/analyzers/sast/interprocedural-analyzer.d.ts.map +1 -0
- package/dist/analyzers/sast/interprocedural-analyzer.js +635 -0
- package/dist/analyzers/sast/interprocedural-analyzer.js.map +1 -0
- package/dist/analyzers/sast/zero-day-detector.d.ts +183 -0
- package/dist/analyzers/sast/zero-day-detector.d.ts.map +1 -0
- package/dist/analyzers/sast/zero-day-detector.js +593 -0
- package/dist/analyzers/sast/zero-day-detector.js.map +1 -0
- package/dist/analyzers/sca/dependency-scanner.d.ts +275 -0
- package/dist/analyzers/sca/dependency-scanner.d.ts.map +1 -0
- package/dist/analyzers/sca/dependency-scanner.js +642 -0
- package/dist/analyzers/sca/dependency-scanner.js.map +1 -0
- package/dist/core/index.d.ts +8 -0
- package/dist/core/index.d.ts.map +1 -0
- package/dist/core/index.js +10 -0
- package/dist/core/index.js.map +1 -0
- package/dist/core/pipeline-manager.d.ts +105 -0
- package/dist/core/pipeline-manager.d.ts.map +1 -0
- package/dist/core/pipeline-manager.js +449 -0
- package/dist/core/pipeline-manager.js.map +1 -0
- package/dist/core/result-aggregator.d.ts +96 -0
- package/dist/core/result-aggregator.d.ts.map +1 -0
- package/dist/core/result-aggregator.js +462 -0
- package/dist/core/result-aggregator.js.map +1 -0
- package/dist/index.d.ts +15 -0
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +68 -0
- package/dist/index.js.map +1 -1
- package/dist/integrations/ci-integration.d.ts +227 -0
- package/dist/integrations/ci-integration.d.ts.map +1 -0
- package/dist/integrations/ci-integration.js +472 -0
- package/dist/integrations/ci-integration.js.map +1 -0
- package/dist/integrations/git-hooks.d.ts +155 -0
- package/dist/integrations/git-hooks.d.ts.map +1 -0
- package/dist/integrations/git-hooks.js +425 -0
- package/dist/integrations/git-hooks.js.map +1 -0
- package/dist/integrations/index.d.ts +9 -0
- package/dist/integrations/index.d.ts.map +1 -0
- package/dist/integrations/index.js +9 -0
- package/dist/integrations/index.js.map +1 -0
- package/dist/integrations/report-aggregator.d.ts +250 -0
- package/dist/integrations/report-aggregator.d.ts.map +1 -0
- package/dist/integrations/report-aggregator.js +488 -0
- package/dist/integrations/report-aggregator.js.map +1 -0
- package/dist/integrations/vscode-integration.d.ts +245 -0
- package/dist/integrations/vscode-integration.d.ts.map +1 -0
- package/dist/integrations/vscode-integration.js +449 -0
- package/dist/integrations/vscode-integration.js.map +1 -0
- package/dist/intelligence/attack-pattern-matcher.d.ts +217 -0
- package/dist/intelligence/attack-pattern-matcher.d.ts.map +1 -0
- package/dist/intelligence/attack-pattern-matcher.js +887 -0
- package/dist/intelligence/attack-pattern-matcher.js.map +1 -0
- package/dist/intelligence/index.d.ts +12 -0
- package/dist/intelligence/index.d.ts.map +1 -0
- package/dist/intelligence/index.js +18 -0
- package/dist/intelligence/index.js.map +1 -0
- package/dist/intelligence/neuro-symbolic-core.d.ts +88 -0
- package/dist/intelligence/neuro-symbolic-core.d.ts.map +1 -0
- package/dist/intelligence/neuro-symbolic-core.js +403 -0
- package/dist/intelligence/neuro-symbolic-core.js.map +1 -0
- package/dist/intelligence/predictive-analyzer.d.ts +317 -0
- package/dist/intelligence/predictive-analyzer.d.ts.map +1 -0
- package/dist/intelligence/predictive-analyzer.js +714 -0
- package/dist/intelligence/predictive-analyzer.js.map +1 -0
- package/dist/intelligence/risk-scorer.d.ts +333 -0
- package/dist/intelligence/risk-scorer.d.ts.map +1 -0
- package/dist/intelligence/risk-scorer.js +824 -0
- package/dist/intelligence/risk-scorer.js.map +1 -0
- package/dist/intelligence/security-analytics.d.ts +349 -0
- package/dist/intelligence/security-analytics.d.ts.map +1 -0
- package/dist/intelligence/security-analytics.js +813 -0
- package/dist/intelligence/security-analytics.js.map +1 -0
- package/dist/intelligence/threat-intelligence.d.ts +288 -0
- package/dist/intelligence/threat-intelligence.d.ts.map +1 -0
- package/dist/intelligence/threat-intelligence.js +639 -0
- package/dist/intelligence/threat-intelligence.js.map +1 -0
- package/dist/policy/index.d.ts +6 -0
- package/dist/policy/index.d.ts.map +1 -0
- package/dist/policy/index.js +6 -0
- package/dist/policy/index.js.map +1 -0
- package/dist/policy/policy-engine.d.ts +254 -0
- package/dist/policy/policy-engine.d.ts.map +1 -0
- package/dist/policy/policy-engine.js +651 -0
- package/dist/policy/policy-engine.js.map +1 -0
- package/dist/remediation/auto-fixer.d.ts +179 -0
- package/dist/remediation/auto-fixer.d.ts.map +1 -0
- package/dist/remediation/auto-fixer.js +540 -0
- package/dist/remediation/auto-fixer.js.map +1 -0
- package/dist/remediation/fix-validator.d.ts +195 -0
- package/dist/remediation/fix-validator.d.ts.map +1 -0
- package/dist/remediation/fix-validator.js +462 -0
- package/dist/remediation/fix-validator.js.map +1 -0
- package/dist/remediation/index.d.ts +10 -0
- package/dist/remediation/index.d.ts.map +1 -0
- package/dist/remediation/index.js +15 -0
- package/dist/remediation/index.js.map +1 -0
- package/dist/remediation/patch-generator.d.ts +203 -0
- package/dist/remediation/patch-generator.d.ts.map +1 -0
- package/dist/remediation/patch-generator.js +533 -0
- package/dist/remediation/patch-generator.js.map +1 -0
- package/dist/remediation/remediation-planner.d.ts +262 -0
- package/dist/remediation/remediation-planner.d.ts.map +1 -0
- package/dist/remediation/remediation-planner.js +531 -0
- package/dist/remediation/remediation-planner.js.map +1 -0
- package/dist/remediation/secure-code-transformer.d.ts +222 -0
- package/dist/remediation/secure-code-transformer.d.ts.map +1 -0
- package/dist/remediation/secure-code-transformer.js +625 -0
- package/dist/remediation/secure-code-transformer.js.map +1 -0
- package/dist/types/fix.d.ts +3 -1
- package/dist/types/fix.d.ts.map +1 -1
- package/dist/types/index.d.ts +6 -0
- package/dist/types/index.d.ts.map +1 -1
- package/dist/types/index.js +1 -0
- package/dist/types/index.js.map +1 -1
- package/dist/types/interprocedural.d.ts +203 -0
- package/dist/types/interprocedural.d.ts.map +1 -0
- package/dist/types/interprocedural.js +7 -0
- package/dist/types/interprocedural.js.map +1 -0
- package/dist/types/neuro-symbolic.d.ts +179 -0
- package/dist/types/neuro-symbolic.d.ts.map +1 -0
- package/dist/types/neuro-symbolic.js +7 -0
- package/dist/types/neuro-symbolic.js.map +1 -0
- package/dist/types/pipeline.d.ts +173 -0
- package/dist/types/pipeline.d.ts.map +1 -0
- package/dist/types/pipeline.js +7 -0
- package/dist/types/pipeline.js.map +1 -0
- package/dist/types/result.d.ts +134 -0
- package/dist/types/result.d.ts.map +1 -0
- package/dist/types/result.js +25 -0
- package/dist/types/result.js.map +1 -0
- package/dist/types/vulnerability.d.ts +2 -2
- package/dist/types/vulnerability.d.ts.map +1 -1
- package/dist/types/zero-day.d.ts +146 -0
- package/dist/types/zero-day.d.ts.map +1 -0
- package/dist/types/zero-day.js +7 -0
- package/dist/types/zero-day.js.map +1 -0
- package/package.json +2 -2
|
@@ -0,0 +1,651 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* @fileoverview Security Policy Engine
|
|
3
|
+
* @module @nahisaho/musubix-security/policy/policy-engine
|
|
4
|
+
*
|
|
5
|
+
* Provides customizable security policy definition, evaluation,
|
|
6
|
+
* and enforcement capabilities.
|
|
7
|
+
*/
|
|
8
|
+
// ============================================================================
|
|
9
|
+
// Built-in Policies
|
|
10
|
+
// ============================================================================
|
|
11
|
+
/**
|
|
12
|
+
* Default security policy
|
|
13
|
+
*/
|
|
14
|
+
const DEFAULT_POLICY = {
|
|
15
|
+
name: 'default',
|
|
16
|
+
version: '1.0.0',
|
|
17
|
+
description: 'Default security policy - blocks critical and high severity issues',
|
|
18
|
+
rules: [
|
|
19
|
+
{
|
|
20
|
+
id: 'block-critical',
|
|
21
|
+
name: 'Block Critical Vulnerabilities',
|
|
22
|
+
description: 'Fail on any critical severity vulnerability',
|
|
23
|
+
conditions: [
|
|
24
|
+
{ target: 'count.critical', operator: 'greater_than', value: 0 },
|
|
25
|
+
],
|
|
26
|
+
action: 'fail',
|
|
27
|
+
priority: 100,
|
|
28
|
+
enabled: true,
|
|
29
|
+
},
|
|
30
|
+
{
|
|
31
|
+
id: 'block-high',
|
|
32
|
+
name: 'Block High Vulnerabilities',
|
|
33
|
+
description: 'Fail on any high severity vulnerability',
|
|
34
|
+
conditions: [
|
|
35
|
+
{ target: 'count.high', operator: 'greater_than', value: 0 },
|
|
36
|
+
],
|
|
37
|
+
action: 'fail',
|
|
38
|
+
priority: 90,
|
|
39
|
+
enabled: true,
|
|
40
|
+
},
|
|
41
|
+
{
|
|
42
|
+
id: 'warn-medium',
|
|
43
|
+
name: 'Warn on Medium Vulnerabilities',
|
|
44
|
+
conditions: [
|
|
45
|
+
{ target: 'count.medium', operator: 'greater_than', value: 0 },
|
|
46
|
+
],
|
|
47
|
+
action: 'warn',
|
|
48
|
+
priority: 50,
|
|
49
|
+
enabled: true,
|
|
50
|
+
},
|
|
51
|
+
],
|
|
52
|
+
settings: {
|
|
53
|
+
defaultAction: 'info',
|
|
54
|
+
stopOnFirstMatch: false,
|
|
55
|
+
},
|
|
56
|
+
};
|
|
57
|
+
/**
|
|
58
|
+
* Strict security policy
|
|
59
|
+
*/
|
|
60
|
+
const STRICT_POLICY = {
|
|
61
|
+
name: 'strict',
|
|
62
|
+
version: '1.0.0',
|
|
63
|
+
description: 'Strict security policy - blocks all vulnerabilities',
|
|
64
|
+
extends: ['default'],
|
|
65
|
+
rules: [
|
|
66
|
+
{
|
|
67
|
+
id: 'block-all',
|
|
68
|
+
name: 'Block All Vulnerabilities',
|
|
69
|
+
conditions: [
|
|
70
|
+
{ target: 'count.total', operator: 'greater_than', value: 0 },
|
|
71
|
+
],
|
|
72
|
+
action: 'fail',
|
|
73
|
+
priority: 100,
|
|
74
|
+
enabled: true,
|
|
75
|
+
},
|
|
76
|
+
{
|
|
77
|
+
id: 'require-high-score',
|
|
78
|
+
name: 'Require High Security Score',
|
|
79
|
+
conditions: [
|
|
80
|
+
{ target: 'score', operator: 'less_than', value: 90 },
|
|
81
|
+
],
|
|
82
|
+
action: 'fail',
|
|
83
|
+
priority: 80,
|
|
84
|
+
enabled: true,
|
|
85
|
+
},
|
|
86
|
+
],
|
|
87
|
+
settings: {
|
|
88
|
+
defaultAction: 'fail',
|
|
89
|
+
strictMode: true,
|
|
90
|
+
},
|
|
91
|
+
};
|
|
92
|
+
/**
|
|
93
|
+
* Minimal security policy
|
|
94
|
+
*/
|
|
95
|
+
const MINIMAL_POLICY = {
|
|
96
|
+
name: 'minimal',
|
|
97
|
+
version: '1.0.0',
|
|
98
|
+
description: 'Minimal security policy - only blocks critical issues',
|
|
99
|
+
rules: [
|
|
100
|
+
{
|
|
101
|
+
id: 'block-critical-only',
|
|
102
|
+
name: 'Block Critical Only',
|
|
103
|
+
conditions: [
|
|
104
|
+
{ target: 'count.critical', operator: 'greater_than', value: 0 },
|
|
105
|
+
],
|
|
106
|
+
action: 'fail',
|
|
107
|
+
priority: 100,
|
|
108
|
+
enabled: true,
|
|
109
|
+
},
|
|
110
|
+
],
|
|
111
|
+
settings: {
|
|
112
|
+
defaultAction: 'info',
|
|
113
|
+
},
|
|
114
|
+
};
|
|
115
|
+
/**
|
|
116
|
+
* Enterprise security policy
|
|
117
|
+
*/
|
|
118
|
+
const ENTERPRISE_POLICY = {
|
|
119
|
+
name: 'enterprise',
|
|
120
|
+
version: '1.0.0',
|
|
121
|
+
description: 'Enterprise security policy with compliance requirements',
|
|
122
|
+
extends: ['default'],
|
|
123
|
+
rules: [
|
|
124
|
+
{
|
|
125
|
+
id: 'owasp-top10-fail',
|
|
126
|
+
name: 'Fail on OWASP Top 10',
|
|
127
|
+
conditions: [
|
|
128
|
+
{ target: 'owasp', operator: 'matches', value: '^A[0-9]{2}' },
|
|
129
|
+
],
|
|
130
|
+
action: 'fail',
|
|
131
|
+
priority: 95,
|
|
132
|
+
enabled: true,
|
|
133
|
+
},
|
|
134
|
+
{
|
|
135
|
+
id: 'require-review-medium',
|
|
136
|
+
name: 'Require Review for Medium Issues',
|
|
137
|
+
conditions: [
|
|
138
|
+
{ target: 'count.medium', operator: 'greater_than', value: 5 },
|
|
139
|
+
],
|
|
140
|
+
action: 'require_review',
|
|
141
|
+
priority: 60,
|
|
142
|
+
enabled: true,
|
|
143
|
+
},
|
|
144
|
+
{
|
|
145
|
+
id: 'block-low-score',
|
|
146
|
+
name: 'Block Low Security Score',
|
|
147
|
+
conditions: [
|
|
148
|
+
{ target: 'score', operator: 'less_than', value: 70 },
|
|
149
|
+
],
|
|
150
|
+
action: 'fail',
|
|
151
|
+
priority: 70,
|
|
152
|
+
enabled: true,
|
|
153
|
+
},
|
|
154
|
+
],
|
|
155
|
+
settings: {
|
|
156
|
+
defaultAction: 'warn',
|
|
157
|
+
requiredCompliance: ['OWASP-ASVS-L1', 'PCI-DSS'],
|
|
158
|
+
},
|
|
159
|
+
};
|
|
160
|
+
const BUILT_IN_POLICIES = {
|
|
161
|
+
default: DEFAULT_POLICY,
|
|
162
|
+
strict: STRICT_POLICY,
|
|
163
|
+
minimal: MINIMAL_POLICY,
|
|
164
|
+
enterprise: ENTERPRISE_POLICY,
|
|
165
|
+
};
|
|
166
|
+
// ============================================================================
|
|
167
|
+
// Policy Engine Class
|
|
168
|
+
// ============================================================================
|
|
169
|
+
/**
|
|
170
|
+
* Security Policy Engine
|
|
171
|
+
*
|
|
172
|
+
* @example
|
|
173
|
+
* ```typescript
|
|
174
|
+
* const engine = createPolicyEngine({
|
|
175
|
+
* builtInPolicies: ['default'],
|
|
176
|
+
* });
|
|
177
|
+
*
|
|
178
|
+
* const result = engine.evaluate('default', scanResult);
|
|
179
|
+
* if (!result.passed) {
|
|
180
|
+
* console.log('Policy violations:', result.matchedRules);
|
|
181
|
+
* }
|
|
182
|
+
* ```
|
|
183
|
+
*/
|
|
184
|
+
export class PolicyEngine {
|
|
185
|
+
policies = new Map();
|
|
186
|
+
options;
|
|
187
|
+
constructor(options = {}) {
|
|
188
|
+
this.options = {
|
|
189
|
+
builtInPolicies: options.builtInPolicies ?? ['default'],
|
|
190
|
+
customPolicies: options.customPolicies ?? [],
|
|
191
|
+
enableCache: options.enableCache ?? true,
|
|
192
|
+
};
|
|
193
|
+
// Load built-in policies
|
|
194
|
+
for (const name of this.options.builtInPolicies) {
|
|
195
|
+
const policy = BUILT_IN_POLICIES[name];
|
|
196
|
+
if (policy) {
|
|
197
|
+
this.policies.set(name, policy);
|
|
198
|
+
}
|
|
199
|
+
}
|
|
200
|
+
// Load custom policies
|
|
201
|
+
for (const policy of this.options.customPolicies) {
|
|
202
|
+
this.policies.set(policy.name, policy);
|
|
203
|
+
}
|
|
204
|
+
}
|
|
205
|
+
/**
|
|
206
|
+
* Evaluate scan result against a policy
|
|
207
|
+
*/
|
|
208
|
+
evaluate(policyName, scanResult) {
|
|
209
|
+
const startTime = Date.now();
|
|
210
|
+
const policy = this.getPolicy(policyName);
|
|
211
|
+
if (!policy) {
|
|
212
|
+
throw new Error(`Policy not found: ${policyName}`);
|
|
213
|
+
}
|
|
214
|
+
// Get resolved policy (with extends)
|
|
215
|
+
const resolvedPolicy = this.resolvePolicy(policy);
|
|
216
|
+
// Sort rules by priority
|
|
217
|
+
const sortedRules = [...resolvedPolicy.rules]
|
|
218
|
+
.filter(r => r.enabled !== false)
|
|
219
|
+
.sort((a, b) => (b.priority ?? 0) - (a.priority ?? 0));
|
|
220
|
+
const matchedRules = [];
|
|
221
|
+
const settings = resolvedPolicy.settings ?? {};
|
|
222
|
+
// Evaluate each rule
|
|
223
|
+
for (const rule of sortedRules) {
|
|
224
|
+
const match = this.evaluateRule(rule, scanResult);
|
|
225
|
+
if (match) {
|
|
226
|
+
matchedRules.push(match);
|
|
227
|
+
if (settings.stopOnFirstMatch) {
|
|
228
|
+
break;
|
|
229
|
+
}
|
|
230
|
+
}
|
|
231
|
+
}
|
|
232
|
+
// Calculate summary
|
|
233
|
+
const summary = this.calculateSummary(matchedRules);
|
|
234
|
+
// Determine final action
|
|
235
|
+
const action = this.determineFinalAction(matchedRules, settings);
|
|
236
|
+
const passed = action !== 'fail';
|
|
237
|
+
// Generate recommendations
|
|
238
|
+
const recommendations = this.generateRecommendations(matchedRules, scanResult);
|
|
239
|
+
return {
|
|
240
|
+
policyName: policy.name,
|
|
241
|
+
policyVersion: policy.version,
|
|
242
|
+
passed,
|
|
243
|
+
action,
|
|
244
|
+
matchedRules,
|
|
245
|
+
evaluatedRules: sortedRules.length,
|
|
246
|
+
evaluationTime: Date.now() - startTime,
|
|
247
|
+
summary,
|
|
248
|
+
recommendations,
|
|
249
|
+
};
|
|
250
|
+
}
|
|
251
|
+
/**
|
|
252
|
+
* Validate a policy definition
|
|
253
|
+
*/
|
|
254
|
+
validatePolicy(policy) {
|
|
255
|
+
const errors = [];
|
|
256
|
+
const warnings = [];
|
|
257
|
+
// Check required fields
|
|
258
|
+
if (!policy.name) {
|
|
259
|
+
errors.push({ code: 'MISSING_NAME', message: 'Policy name is required' });
|
|
260
|
+
}
|
|
261
|
+
if (!policy.version) {
|
|
262
|
+
errors.push({ code: 'MISSING_VERSION', message: 'Policy version is required' });
|
|
263
|
+
}
|
|
264
|
+
if (!policy.rules || policy.rules.length === 0) {
|
|
265
|
+
warnings.push({ code: 'NO_RULES', message: 'Policy has no rules defined' });
|
|
266
|
+
}
|
|
267
|
+
// Validate rules
|
|
268
|
+
for (let i = 0; i < (policy.rules?.length ?? 0); i++) {
|
|
269
|
+
const rule = policy.rules[i];
|
|
270
|
+
const path = `rules[${i}]`;
|
|
271
|
+
if (!rule.id) {
|
|
272
|
+
errors.push({ code: 'MISSING_RULE_ID', message: 'Rule ID is required', path });
|
|
273
|
+
}
|
|
274
|
+
if (!rule.name) {
|
|
275
|
+
errors.push({ code: 'MISSING_RULE_NAME', message: 'Rule name is required', path });
|
|
276
|
+
}
|
|
277
|
+
if (!rule.conditions || rule.conditions.length === 0) {
|
|
278
|
+
errors.push({ code: 'NO_CONDITIONS', message: 'Rule must have at least one condition', path });
|
|
279
|
+
}
|
|
280
|
+
if (!rule.action) {
|
|
281
|
+
errors.push({ code: 'MISSING_ACTION', message: 'Rule action is required', path });
|
|
282
|
+
}
|
|
283
|
+
// Validate conditions
|
|
284
|
+
for (let j = 0; j < (rule.conditions?.length ?? 0); j++) {
|
|
285
|
+
const condition = rule.conditions[j];
|
|
286
|
+
const condPath = `${path}.conditions[${j}]`;
|
|
287
|
+
if (!this.isValidTarget(condition.target)) {
|
|
288
|
+
errors.push({
|
|
289
|
+
code: 'INVALID_TARGET',
|
|
290
|
+
message: `Invalid target: ${condition.target}`,
|
|
291
|
+
path: condPath
|
|
292
|
+
});
|
|
293
|
+
}
|
|
294
|
+
if (!this.isValidOperator(condition.operator)) {
|
|
295
|
+
errors.push({
|
|
296
|
+
code: 'INVALID_OPERATOR',
|
|
297
|
+
message: `Invalid operator: ${condition.operator}`,
|
|
298
|
+
path: condPath
|
|
299
|
+
});
|
|
300
|
+
}
|
|
301
|
+
}
|
|
302
|
+
// Check for duplicate IDs
|
|
303
|
+
const duplicates = policy.rules.filter(r => r.id === rule.id);
|
|
304
|
+
if (duplicates.length > 1) {
|
|
305
|
+
warnings.push({
|
|
306
|
+
code: 'DUPLICATE_ID',
|
|
307
|
+
message: `Duplicate rule ID: ${rule.id}`,
|
|
308
|
+
path
|
|
309
|
+
});
|
|
310
|
+
}
|
|
311
|
+
}
|
|
312
|
+
// Validate extends
|
|
313
|
+
if (policy.extends) {
|
|
314
|
+
for (const extendedPolicy of policy.extends) {
|
|
315
|
+
if (!this.policies.has(extendedPolicy) && !BUILT_IN_POLICIES[extendedPolicy]) {
|
|
316
|
+
errors.push({
|
|
317
|
+
code: 'UNKNOWN_EXTENDS',
|
|
318
|
+
message: `Unknown policy to extend: ${extendedPolicy}`
|
|
319
|
+
});
|
|
320
|
+
}
|
|
321
|
+
}
|
|
322
|
+
}
|
|
323
|
+
return {
|
|
324
|
+
valid: errors.length === 0,
|
|
325
|
+
errors,
|
|
326
|
+
warnings,
|
|
327
|
+
};
|
|
328
|
+
}
|
|
329
|
+
/**
|
|
330
|
+
* Register a custom policy
|
|
331
|
+
*/
|
|
332
|
+
registerPolicy(policy) {
|
|
333
|
+
const validation = this.validatePolicy(policy);
|
|
334
|
+
if (!validation.valid) {
|
|
335
|
+
throw new Error(`Invalid policy: ${validation.errors.map(e => e.message).join(', ')}`);
|
|
336
|
+
}
|
|
337
|
+
this.policies.set(policy.name, policy);
|
|
338
|
+
}
|
|
339
|
+
/**
|
|
340
|
+
* Get a policy by name
|
|
341
|
+
*/
|
|
342
|
+
getPolicy(name) {
|
|
343
|
+
return this.policies.get(name);
|
|
344
|
+
}
|
|
345
|
+
/**
|
|
346
|
+
* List all available policies
|
|
347
|
+
*/
|
|
348
|
+
listPolicies() {
|
|
349
|
+
return Array.from(this.policies.keys());
|
|
350
|
+
}
|
|
351
|
+
/**
|
|
352
|
+
* Get built-in policy by name
|
|
353
|
+
*/
|
|
354
|
+
getBuiltInPolicy(name) {
|
|
355
|
+
return BUILT_IN_POLICIES[name];
|
|
356
|
+
}
|
|
357
|
+
/**
|
|
358
|
+
* Create policy from YAML string
|
|
359
|
+
*/
|
|
360
|
+
parsePolicy(yamlContent) {
|
|
361
|
+
// Simple YAML-like parsing (for demonstration)
|
|
362
|
+
// In production, use a proper YAML parser
|
|
363
|
+
const lines = yamlContent.split('\n');
|
|
364
|
+
const policy = { rules: [] };
|
|
365
|
+
for (const line of lines) {
|
|
366
|
+
const trimmed = line.trim();
|
|
367
|
+
if (trimmed.startsWith('name:')) {
|
|
368
|
+
policy.name = trimmed.substring(5).trim();
|
|
369
|
+
}
|
|
370
|
+
else if (trimmed.startsWith('version:')) {
|
|
371
|
+
policy.version = trimmed.substring(8).trim();
|
|
372
|
+
}
|
|
373
|
+
else if (trimmed.startsWith('description:')) {
|
|
374
|
+
policy.description = trimmed.substring(12).trim();
|
|
375
|
+
}
|
|
376
|
+
}
|
|
377
|
+
return policy;
|
|
378
|
+
}
|
|
379
|
+
/**
|
|
380
|
+
* Export policy to YAML
|
|
381
|
+
*/
|
|
382
|
+
exportPolicy(policyName) {
|
|
383
|
+
const policy = this.getPolicy(policyName);
|
|
384
|
+
if (!policy) {
|
|
385
|
+
throw new Error(`Policy not found: ${policyName}`);
|
|
386
|
+
}
|
|
387
|
+
const lines = [];
|
|
388
|
+
lines.push(`name: ${policy.name}`);
|
|
389
|
+
lines.push(`version: ${policy.version}`);
|
|
390
|
+
if (policy.description) {
|
|
391
|
+
lines.push(`description: ${policy.description}`);
|
|
392
|
+
}
|
|
393
|
+
if (policy.extends && policy.extends.length > 0) {
|
|
394
|
+
lines.push(`extends:`);
|
|
395
|
+
for (const ext of policy.extends) {
|
|
396
|
+
lines.push(` - ${ext}`);
|
|
397
|
+
}
|
|
398
|
+
}
|
|
399
|
+
lines.push('rules:');
|
|
400
|
+
for (const rule of policy.rules) {
|
|
401
|
+
lines.push(` - id: ${rule.id}`);
|
|
402
|
+
lines.push(` name: ${rule.name}`);
|
|
403
|
+
lines.push(` action: ${rule.action}`);
|
|
404
|
+
if (rule.priority !== undefined) {
|
|
405
|
+
lines.push(` priority: ${rule.priority}`);
|
|
406
|
+
}
|
|
407
|
+
lines.push(' conditions:');
|
|
408
|
+
for (const cond of rule.conditions) {
|
|
409
|
+
lines.push(` - target: ${cond.target}`);
|
|
410
|
+
lines.push(` operator: ${cond.operator}`);
|
|
411
|
+
lines.push(` value: ${cond.value}`);
|
|
412
|
+
}
|
|
413
|
+
}
|
|
414
|
+
return lines.join('\n');
|
|
415
|
+
}
|
|
416
|
+
// ============================================================================
|
|
417
|
+
// Private Methods
|
|
418
|
+
// ============================================================================
|
|
419
|
+
resolvePolicy(policy) {
|
|
420
|
+
if (!policy.extends || policy.extends.length === 0) {
|
|
421
|
+
return policy;
|
|
422
|
+
}
|
|
423
|
+
// Collect rules from extended policies
|
|
424
|
+
const allRules = [];
|
|
425
|
+
const seenIds = new Set();
|
|
426
|
+
// First, add rules from extended policies
|
|
427
|
+
for (const extendedName of policy.extends) {
|
|
428
|
+
const extended = this.policies.get(extendedName) ?? BUILT_IN_POLICIES[extendedName];
|
|
429
|
+
if (extended) {
|
|
430
|
+
const resolved = this.resolvePolicy(extended);
|
|
431
|
+
for (const rule of resolved.rules) {
|
|
432
|
+
if (!seenIds.has(rule.id)) {
|
|
433
|
+
allRules.push(rule);
|
|
434
|
+
seenIds.add(rule.id);
|
|
435
|
+
}
|
|
436
|
+
}
|
|
437
|
+
}
|
|
438
|
+
}
|
|
439
|
+
// Then, add/override with current policy's rules
|
|
440
|
+
for (const rule of policy.rules) {
|
|
441
|
+
const existingIndex = allRules.findIndex(r => r.id === rule.id);
|
|
442
|
+
if (existingIndex >= 0) {
|
|
443
|
+
allRules[existingIndex] = rule;
|
|
444
|
+
}
|
|
445
|
+
else {
|
|
446
|
+
allRules.push(rule);
|
|
447
|
+
}
|
|
448
|
+
}
|
|
449
|
+
return {
|
|
450
|
+
...policy,
|
|
451
|
+
rules: allRules,
|
|
452
|
+
};
|
|
453
|
+
}
|
|
454
|
+
evaluateRule(rule, scanResult) {
|
|
455
|
+
const matchedConditions = [];
|
|
456
|
+
const triggeredBy = [];
|
|
457
|
+
for (const condition of rule.conditions) {
|
|
458
|
+
const { matches, vulnerabilities } = this.evaluateCondition(condition, scanResult);
|
|
459
|
+
if (!matches) {
|
|
460
|
+
return null; // All conditions must match (AND logic)
|
|
461
|
+
}
|
|
462
|
+
matchedConditions.push(condition);
|
|
463
|
+
triggeredBy.push(...vulnerabilities);
|
|
464
|
+
}
|
|
465
|
+
return {
|
|
466
|
+
rule,
|
|
467
|
+
triggeredBy: [...new Set(triggeredBy)], // Deduplicate
|
|
468
|
+
matchedConditions,
|
|
469
|
+
action: rule.action,
|
|
470
|
+
};
|
|
471
|
+
}
|
|
472
|
+
evaluateCondition(condition, scanResult) {
|
|
473
|
+
const { target, operator, value } = condition;
|
|
474
|
+
// Handle count-based targets
|
|
475
|
+
if (target.startsWith('count.')) {
|
|
476
|
+
const countTarget = target.substring(6);
|
|
477
|
+
let count;
|
|
478
|
+
if (countTarget === 'total') {
|
|
479
|
+
const s = scanResult.summary;
|
|
480
|
+
count = s.critical + s.high + s.medium + s.low + s.info;
|
|
481
|
+
}
|
|
482
|
+
else {
|
|
483
|
+
count = scanResult.summary[countTarget];
|
|
484
|
+
}
|
|
485
|
+
return {
|
|
486
|
+
matches: this.compareValues(count, operator, value),
|
|
487
|
+
vulnerabilities: [],
|
|
488
|
+
};
|
|
489
|
+
}
|
|
490
|
+
// Handle score target
|
|
491
|
+
if (target === 'score') {
|
|
492
|
+
const s = scanResult.summary;
|
|
493
|
+
const penalty = s.critical * 25 + s.high * 10 + s.medium * 5 + s.low * 2 + s.info * 0.5;
|
|
494
|
+
const score = Math.max(0, Math.min(100, 100 - penalty));
|
|
495
|
+
return {
|
|
496
|
+
matches: this.compareValues(score, operator, value),
|
|
497
|
+
vulnerabilities: [],
|
|
498
|
+
};
|
|
499
|
+
}
|
|
500
|
+
// Handle vulnerability-level targets
|
|
501
|
+
const matchingVulns = [];
|
|
502
|
+
for (const vuln of scanResult.vulnerabilities) {
|
|
503
|
+
let fieldValue;
|
|
504
|
+
switch (target) {
|
|
505
|
+
case 'severity':
|
|
506
|
+
fieldValue = vuln.severity;
|
|
507
|
+
break;
|
|
508
|
+
case 'rule':
|
|
509
|
+
fieldValue = vuln.ruleId;
|
|
510
|
+
break;
|
|
511
|
+
case 'owasp':
|
|
512
|
+
fieldValue = vuln.owasp?.join(', ');
|
|
513
|
+
break;
|
|
514
|
+
case 'cwe':
|
|
515
|
+
fieldValue = vuln.cwes?.join(', ');
|
|
516
|
+
break;
|
|
517
|
+
case 'file':
|
|
518
|
+
fieldValue = vuln.location.file;
|
|
519
|
+
break;
|
|
520
|
+
case 'message':
|
|
521
|
+
fieldValue = vuln.description;
|
|
522
|
+
break;
|
|
523
|
+
}
|
|
524
|
+
if (fieldValue && this.compareStringValues(fieldValue, operator, value)) {
|
|
525
|
+
matchingVulns.push(vuln);
|
|
526
|
+
}
|
|
527
|
+
}
|
|
528
|
+
return {
|
|
529
|
+
matches: matchingVulns.length > 0,
|
|
530
|
+
vulnerabilities: matchingVulns,
|
|
531
|
+
};
|
|
532
|
+
}
|
|
533
|
+
compareValues(actual, operator, expected) {
|
|
534
|
+
switch (operator) {
|
|
535
|
+
case 'equals':
|
|
536
|
+
return actual === expected;
|
|
537
|
+
case 'not_equals':
|
|
538
|
+
return actual !== expected;
|
|
539
|
+
case 'greater_than':
|
|
540
|
+
return actual > expected;
|
|
541
|
+
case 'less_than':
|
|
542
|
+
return actual < expected;
|
|
543
|
+
case 'greater_than_or_equals':
|
|
544
|
+
return actual >= expected;
|
|
545
|
+
case 'less_than_or_equals':
|
|
546
|
+
return actual <= expected;
|
|
547
|
+
default:
|
|
548
|
+
return false;
|
|
549
|
+
}
|
|
550
|
+
}
|
|
551
|
+
compareStringValues(actual, operator, expected) {
|
|
552
|
+
const expectedStr = String(expected);
|
|
553
|
+
switch (operator) {
|
|
554
|
+
case 'equals':
|
|
555
|
+
return actual === expectedStr;
|
|
556
|
+
case 'not_equals':
|
|
557
|
+
return actual !== expectedStr;
|
|
558
|
+
case 'contains':
|
|
559
|
+
return actual.includes(expectedStr);
|
|
560
|
+
case 'not_contains':
|
|
561
|
+
return !actual.includes(expectedStr);
|
|
562
|
+
case 'matches':
|
|
563
|
+
return new RegExp(expectedStr).test(actual);
|
|
564
|
+
case 'exists':
|
|
565
|
+
return actual !== undefined && actual !== '';
|
|
566
|
+
case 'not_exists':
|
|
567
|
+
return actual === undefined || actual === '';
|
|
568
|
+
default:
|
|
569
|
+
return false;
|
|
570
|
+
}
|
|
571
|
+
}
|
|
572
|
+
calculateSummary(matchedRules) {
|
|
573
|
+
const byAction = {
|
|
574
|
+
fail: 0,
|
|
575
|
+
warn: 0,
|
|
576
|
+
info: 0,
|
|
577
|
+
ignore: 0,
|
|
578
|
+
require_review: 0,
|
|
579
|
+
};
|
|
580
|
+
for (const match of matchedRules) {
|
|
581
|
+
byAction[match.action]++;
|
|
582
|
+
}
|
|
583
|
+
return {
|
|
584
|
+
byAction,
|
|
585
|
+
failures: byAction.fail,
|
|
586
|
+
warnings: byAction.warn,
|
|
587
|
+
reviewsRequired: byAction.require_review,
|
|
588
|
+
};
|
|
589
|
+
}
|
|
590
|
+
determineFinalAction(matchedRules, settings) {
|
|
591
|
+
// Priority: fail > require_review > warn > info > ignore
|
|
592
|
+
const actionPriority = ['fail', 'require_review', 'warn', 'info', 'ignore'];
|
|
593
|
+
for (const action of actionPriority) {
|
|
594
|
+
if (matchedRules.some(m => m.action === action)) {
|
|
595
|
+
return action;
|
|
596
|
+
}
|
|
597
|
+
}
|
|
598
|
+
return settings.defaultAction ?? 'info';
|
|
599
|
+
}
|
|
600
|
+
generateRecommendations(matchedRules, scanResult) {
|
|
601
|
+
const recommendations = [];
|
|
602
|
+
const failRules = matchedRules.filter(m => m.action === 'fail');
|
|
603
|
+
if (failRules.length > 0) {
|
|
604
|
+
recommendations.push(`Address ${failRules.length} policy violation(s) before proceeding`);
|
|
605
|
+
const criticalCount = scanResult.summary.critical;
|
|
606
|
+
if (criticalCount > 0) {
|
|
607
|
+
recommendations.push(`Fix ${criticalCount} critical vulnerability(s) immediately`);
|
|
608
|
+
}
|
|
609
|
+
}
|
|
610
|
+
const reviewRules = matchedRules.filter(m => m.action === 'require_review');
|
|
611
|
+
if (reviewRules.length > 0) {
|
|
612
|
+
recommendations.push(`${reviewRules.length} issue(s) require security team review`);
|
|
613
|
+
}
|
|
614
|
+
if (scanResult.summary.high > 5) {
|
|
615
|
+
recommendations.push('Consider enabling stricter security controls');
|
|
616
|
+
}
|
|
617
|
+
return recommendations;
|
|
618
|
+
}
|
|
619
|
+
isValidTarget(target) {
|
|
620
|
+
const validTargets = [
|
|
621
|
+
'severity', 'rule', 'owasp', 'cwe', 'file', 'message',
|
|
622
|
+
'count.critical', 'count.high', 'count.medium', 'count.low', 'count.total',
|
|
623
|
+
'score',
|
|
624
|
+
];
|
|
625
|
+
return validTargets.includes(target);
|
|
626
|
+
}
|
|
627
|
+
isValidOperator(operator) {
|
|
628
|
+
const validOperators = [
|
|
629
|
+
'equals', 'not_equals', 'greater_than', 'less_than',
|
|
630
|
+
'greater_than_or_equals', 'less_than_or_equals',
|
|
631
|
+
'contains', 'not_contains', 'matches', 'exists', 'not_exists',
|
|
632
|
+
];
|
|
633
|
+
return validOperators.includes(operator);
|
|
634
|
+
}
|
|
635
|
+
}
|
|
636
|
+
// ============================================================================
|
|
637
|
+
// Factory Functions
|
|
638
|
+
// ============================================================================
|
|
639
|
+
/**
|
|
640
|
+
* Create a policy engine
|
|
641
|
+
*/
|
|
642
|
+
export function createPolicyEngine(options) {
|
|
643
|
+
return new PolicyEngine(options);
|
|
644
|
+
}
|
|
645
|
+
/**
|
|
646
|
+
* Get a built-in policy
|
|
647
|
+
*/
|
|
648
|
+
export function getBuiltInPolicy(name) {
|
|
649
|
+
return BUILT_IN_POLICIES[name];
|
|
650
|
+
}
|
|
651
|
+
//# sourceMappingURL=policy-engine.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"policy-engine.js","sourceRoot":"","sources":["../../src/policy/policy-engine.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AA4NH,+EAA+E;AAC/E,oBAAoB;AACpB,+EAA+E;AAE/E;;GAEG;AACH,MAAM,cAAc,GAAmB;IACrC,IAAI,EAAE,SAAS;IACf,OAAO,EAAE,OAAO;IAChB,WAAW,EAAE,oEAAoE;IACjF,KAAK,EAAE;QACL;YACE,EAAE,EAAE,gBAAgB;YACpB,IAAI,EAAE,gCAAgC;YACtC,WAAW,EAAE,6CAA6C;YAC1D,UAAU,EAAE;gBACV,EAAE,MAAM,EAAE,gBAAgB,EAAE,QAAQ,EAAE,cAAc,EAAE,KAAK,EAAE,CAAC,EAAE;aACjE;YACD,MAAM,EAAE,MAAM;YACd,QAAQ,EAAE,GAAG;YACb,OAAO,EAAE,IAAI;SACd;QACD;YACE,EAAE,EAAE,YAAY;YAChB,IAAI,EAAE,4BAA4B;YAClC,WAAW,EAAE,yCAAyC;YACtD,UAAU,EAAE;gBACV,EAAE,MAAM,EAAE,YAAY,EAAE,QAAQ,EAAE,cAAc,EAAE,KAAK,EAAE,CAAC,EAAE;aAC7D;YACD,MAAM,EAAE,MAAM;YACd,QAAQ,EAAE,EAAE;YACZ,OAAO,EAAE,IAAI;SACd;QACD;YACE,EAAE,EAAE,aAAa;YACjB,IAAI,EAAE,gCAAgC;YACtC,UAAU,EAAE;gBACV,EAAE,MAAM,EAAE,cAAc,EAAE,QAAQ,EAAE,cAAc,EAAE,KAAK,EAAE,CAAC,EAAE;aAC/D;YACD,MAAM,EAAE,MAAM;YACd,QAAQ,EAAE,EAAE;YACZ,OAAO,EAAE,IAAI;SACd;KACF;IACD,QAAQ,EAAE;QACR,aAAa,EAAE,MAAM;QACrB,gBAAgB,EAAE,KAAK;KACxB;CACF,CAAC;AAEF;;GAEG;AACH,MAAM,aAAa,GAAmB;IACpC,IAAI,EAAE,QAAQ;IACd,OAAO,EAAE,OAAO;IAChB,WAAW,EAAE,qDAAqD;IAClE,OAAO,EAAE,CAAC,SAAS,CAAC;IACpB,KAAK,EAAE;QACL;YACE,EAAE,EAAE,WAAW;YACf,IAAI,EAAE,2BAA2B;YACjC,UAAU,EAAE;gBACV,EAAE,MAAM,EAAE,aAAa,EAAE,QAAQ,EAAE,cAAc,EAAE,KAAK,EAAE,CAAC,EAAE;aAC9D;YACD,MAAM,EAAE,MAAM;YACd,QAAQ,EAAE,GAAG;YACb,OAAO,EAAE,IAAI;SACd;QACD;YACE,EAAE,EAAE,oBAAoB;YACxB,IAAI,EAAE,6BAA6B;YACnC,UAAU,EAAE;gBACV,EAAE,MAAM,EAAE,OAAO,EAAE,QAAQ,EAAE,WAAW,EAAE,KAAK,EAAE,EAAE,EAAE;aACtD;YACD,MAAM,EAAE,MAAM;YACd,QAAQ,EAAE,EAAE;YACZ,OAAO,EAAE,IAAI;SACd;KACF;IACD,QAAQ,EAAE;QACR,aAAa,EAAE,MAAM;QACrB,UAAU,EAAE,IAAI;KACjB;CACF,CAAC;AAEF;;GAEG;AACH,MAAM,cAAc,GAAmB;IACrC,IAAI,EAAE,SAAS;IACf,OAAO,EAAE,OAAO;IAChB,WAAW,EAAE,uDAAuD;IACpE,KAAK,EAAE;QACL;YACE,EAAE,EAAE,qBAAqB;YACzB,IAAI,EAAE,qBAAqB;YAC3B,UAAU,EAAE;gBACV,EAAE,MAAM,EAAE,gBAAgB,EAAE,QAAQ,EAAE,cAAc,EAAE,KAAK,EAAE,CAAC,EAAE;aACjE;YACD,MAAM,EAAE,MAAM;YACd,QAAQ,EAAE,GAAG;YACb,OAAO,EAAE,IAAI;SACd;KACF;IACD,QAAQ,EAAE;QACR,aAAa,EAAE,MAAM;KACtB;CACF,CAAC;AAEF;;GAEG;AACH,MAAM,iBAAiB,GAAmB;IACxC,IAAI,EAAE,YAAY;IAClB,OAAO,EAAE,OAAO;IAChB,WAAW,EAAE,yDAAyD;IACtE,OAAO,EAAE,CAAC,SAAS,CAAC;IACpB,KAAK,EAAE;QACL;YACE,EAAE,EAAE,kBAAkB;YACtB,IAAI,EAAE,sBAAsB;YAC5B,UAAU,EAAE;gBACV,EAAE,MAAM,EAAE,OAAO,EAAE,QAAQ,EAAE,SAAS,EAAE,KAAK,EAAE,YAAY,EAAE;aAC9D;YACD,MAAM,EAAE,MAAM;YACd,QAAQ,EAAE,EAAE;YACZ,OAAO,EAAE,IAAI;SACd;QACD;YACE,EAAE,EAAE,uBAAuB;YAC3B,IAAI,EAAE,kCAAkC;YACxC,UAAU,EAAE;gBACV,EAAE,MAAM,EAAE,cAAc,EAAE,QAAQ,EAAE,cAAc,EAAE,KAAK,EAAE,CAAC,EAAE;aAC/D;YACD,MAAM,EAAE,gBAAgB;YACxB,QAAQ,EAAE,EAAE;YACZ,OAAO,EAAE,IAAI;SACd;QACD;YACE,EAAE,EAAE,iBAAiB;YACrB,IAAI,EAAE,0BAA0B;YAChC,UAAU,EAAE;gBACV,EAAE,MAAM,EAAE,OAAO,EAAE,QAAQ,EAAE,WAAW,EAAE,KAAK,EAAE,EAAE,EAAE;aACtD;YACD,MAAM,EAAE,MAAM;YACd,QAAQ,EAAE,EAAE;YACZ,OAAO,EAAE,IAAI;SACd;KACF;IACD,QAAQ,EAAE;QACR,aAAa,EAAE,MAAM;QACrB,kBAAkB,EAAE,CAAC,eAAe,EAAE,SAAS,CAAC;KACjD;CACF,CAAC;AAEF,MAAM,iBAAiB,GAAmC;IACxD,OAAO,EAAE,cAAc;IACvB,MAAM,EAAE,aAAa;IACrB,OAAO,EAAE,cAAc;IACvB,UAAU,EAAE,iBAAiB;CAC9B,CAAC;AAEF,+EAA+E;AAC/E,sBAAsB;AACtB,+EAA+E;AAE/E;;;;;;;;;;;;;;GAcG;AACH,MAAM,OAAO,YAAY;IACf,QAAQ,GAAgC,IAAI,GAAG,EAAE,CAAC;IAClD,OAAO,CAAgC;IAE/C,YAAY,UAA+B,EAAE;QAC3C,IAAI,CAAC,OAAO,GAAG;YACb,eAAe,EAAE,OAAO,CAAC,eAAe,IAAI,CAAC,SAAS,CAAC;YACvD,cAAc,EAAE,OAAO,CAAC,cAAc,IAAI,EAAE;YAC5C,WAAW,EAAE,OAAO,CAAC,WAAW,IAAI,IAAI;SACzC,CAAC;QAEF,yBAAyB;QACzB,KAAK,MAAM,IAAI,IAAI,IAAI,CAAC,OAAO,CAAC,eAAe,EAAE,CAAC;YAChD,MAAM,MAAM,GAAG,iBAAiB,CAAC,IAAI,CAAC,CAAC;YACvC,IAAI,MAAM,EAAE,CAAC;gBACX,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC;YAClC,CAAC;QACH,CAAC;QAED,uBAAuB;QACvB,KAAK,MAAM,MAAM,IAAI,IAAI,CAAC,OAAO,CAAC,cAAc,EAAE,CAAC;YACjD,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,MAAM,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC;QACzC,CAAC;IACH,CAAC;IAED;;OAEG;IACH,QAAQ,CAAC,UAAkB,EAAE,UAAsB;QACjD,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QAE7B,MAAM,MAAM,GAAG,IAAI,CAAC,SAAS,CAAC,UAAU,CAAC,CAAC;QAC1C,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,MAAM,IAAI,KAAK,CAAC,qBAAqB,UAAU,EAAE,CAAC,CAAC;QACrD,CAAC;QAED,qCAAqC;QACrC,MAAM,cAAc,GAAG,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC;QAElD,yBAAyB;QACzB,MAAM,WAAW,GAAG,CAAC,GAAG,cAAc,CAAC,KAAK,CAAC;aAC1C,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,OAAO,KAAK,KAAK,CAAC;aAChC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,QAAQ,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,QAAQ,IAAI,CAAC,CAAC,CAAC,CAAC;QAEzD,MAAM,YAAY,GAAsB,EAAE,CAAC;QAC3C,MAAM,QAAQ,GAAG,cAAc,CAAC,QAAQ,IAAI,EAAE,CAAC;QAE/C,qBAAqB;QACrB,KAAK,MAAM,IAAI,IAAI,WAAW,EAAE,CAAC;YAC/B,MAAM,KAAK,GAAG,IAAI,CAAC,YAAY,CAAC,IAAI,EAAE,UAAU,CAAC,CAAC;YAElD,IAAI,KAAK,EAAE,CAAC;gBACV,YAAY,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;gBAEzB,IAAI,QAAQ,CAAC,gBAAgB,EAAE,CAAC;oBAC9B,MAAM;gBACR,CAAC;YACH,CAAC;QACH,CAAC;QAED,oBAAoB;QACpB,MAAM,OAAO,GAAG,IAAI,CAAC,gBAAgB,CAAC,YAAY,CAAC,CAAC;QAEpD,yBAAyB;QACzB,MAAM,MAAM,GAAG,IAAI,CAAC,oBAAoB,CAAC,YAAY,EAAE,QAAQ,CAAC,CAAC;QACjE,MAAM,MAAM,GAAG,MAAM,KAAK,MAAM,CAAC;QAEjC,2BAA2B;QAC3B,MAAM,eAAe,GAAG,IAAI,CAAC,uBAAuB,CAAC,YAAY,EAAE,UAAU,CAAC,CAAC;QAE/E,OAAO;YACL,UAAU,EAAE,MAAM,CAAC,IAAI;YACvB,aAAa,EAAE,MAAM,CAAC,OAAO;YAC7B,MAAM;YACN,MAAM;YACN,YAAY;YACZ,cAAc,EAAE,WAAW,CAAC,MAAM;YAClC,cAAc,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS;YACtC,OAAO;YACP,eAAe;SAChB,CAAC;IACJ,CAAC;IAED;;OAEG;IACH,cAAc,CAAC,MAAsB;QACnC,MAAM,MAAM,GAA4B,EAAE,CAAC;QAC3C,MAAM,QAAQ,GAA8B,EAAE,CAAC;QAE/C,wBAAwB;QACxB,IAAI,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC;YACjB,MAAM,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,cAAc,EAAE,OAAO,EAAE,yBAAyB,EAAE,CAAC,CAAC;QAC5E,CAAC;QACD,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;YACpB,MAAM,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,iBAAiB,EAAE,OAAO,EAAE,4BAA4B,EAAE,CAAC,CAAC;QAClF,CAAC;QACD,IAAI,CAAC,MAAM,CAAC,KAAK,IAAI,MAAM,CAAC,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC/C,QAAQ,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,UAAU,EAAE,OAAO,EAAE,6BAA6B,EAAE,CAAC,CAAC;QAC9E,CAAC;QAED,iBAAiB;QACjB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,MAAM,CAAC,KAAK,EAAE,MAAM,IAAI,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC;YACrD,MAAM,IAAI,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;YAC7B,MAAM,IAAI,GAAG,SAAS,CAAC,GAAG,CAAC;YAE3B,IAAI,CAAC,IAAI,CAAC,EAAE,EAAE,CAAC;gBACb,MAAM,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,iBAAiB,EAAE,OAAO,EAAE,qBAAqB,EAAE,IAAI,EAAE,CAAC,CAAC;YACjF,CAAC;YACD,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;gBACf,MAAM,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,mBAAmB,EAAE,OAAO,EAAE,uBAAuB,EAAE,IAAI,EAAE,CAAC,CAAC;YACrF,CAAC;YACD,IAAI,CAAC,IAAI,CAAC,UAAU,IAAI,IAAI,CAAC,UAAU,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;gBACrD,MAAM,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,eAAe,EAAE,OAAO,EAAE,uCAAuC,EAAE,IAAI,EAAE,CAAC,CAAC;YACjG,CAAC;YACD,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC;gBACjB,MAAM,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,gBAAgB,EAAE,OAAO,EAAE,yBAAyB,EAAE,IAAI,EAAE,CAAC,CAAC;YACpF,CAAC;YAED,sBAAsB;YACtB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,IAAI,CAAC,UAAU,EAAE,MAAM,IAAI,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC;gBACxD,MAAM,SAAS,GAAG,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC;gBACrC,MAAM,QAAQ,GAAG,GAAG,IAAI,eAAe,CAAC,GAAG,CAAC;gBAE5C,IAAI,CAAC,IAAI,CAAC,aAAa,CAAC,SAAS,CAAC,MAAM,CAAC,EAAE,CAAC;oBAC1C,MAAM,CAAC,IAAI,CAAC;wBACV,IAAI,EAAE,gBAAgB;wBACtB,OAAO,EAAE,mBAAmB,SAAS,CAAC,MAAM,EAAE;wBAC9C,IAAI,EAAE,QAAQ;qBACf,CAAC,CAAC;gBACL,CAAC;gBACD,IAAI,CAAC,IAAI,CAAC,eAAe,CAAC,SAAS,CAAC,QAAQ,CAAC,EAAE,CAAC;oBAC9C,MAAM,CAAC,IAAI,CAAC;wBACV,IAAI,EAAE,kBAAkB;wBACxB,OAAO,EAAE,qBAAqB,SAAS,CAAC,QAAQ,EAAE;wBAClD,IAAI,EAAE,QAAQ;qBACf,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;YAED,0BAA0B;YAC1B,MAAM,UAAU,GAAG,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,IAAI,CAAC,EAAE,CAAC,CAAC;YAC9D,IAAI,UAAU,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBAC1B,QAAQ,CAAC,IAAI,CAAC;oBACZ,IAAI,EAAE,cAAc;oBACpB,OAAO,EAAE,sBAAsB,IAAI,CAAC,EAAE,EAAE;oBACxC,IAAI;iBACL,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,mBAAmB;QACnB,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;YACnB,KAAK,MAAM,cAAc,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;gBAC5C,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,cAAc,CAAC,IAAI,CAAC,iBAAiB,CAAC,cAAc,CAAC,EAAE,CAAC;oBAC7E,MAAM,CAAC,IAAI,CAAC;wBACV,IAAI,EAAE,iBAAiB;wBACvB,OAAO,EAAE,6BAA6B,cAAc,EAAE;qBACvD,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;QACH,CAAC;QAED,OAAO;YACL,KAAK,EAAE,MAAM,CAAC,MAAM,KAAK,CAAC;YAC1B,MAAM;YACN,QAAQ;SACT,CAAC;IACJ,CAAC;IAED;;OAEG;IACH,cAAc,CAAC,MAAsB;QACnC,MAAM,UAAU,GAAG,IAAI,CAAC,cAAc,CAAC,MAAM,CAAC,CAAC;QAC/C,IAAI,CAAC,UAAU,CAAC,KAAK,EAAE,CAAC;YACtB,MAAM,IAAI,KAAK,CAAC,mBAAmB,UAAU,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACzF,CAAC;QACD,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,MAAM,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC;IACzC,CAAC;IAED;;OAEG;IACH,SAAS,CAAC,IAAY;QACpB,OAAO,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;IACjC,CAAC;IAED;;OAEG;IACH,YAAY;QACV,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,EAAE,CAAC,CAAC;IAC1C,CAAC;IAED;;OAEG;IACH,gBAAgB,CAAC,IAAY;QAC3B,OAAO,iBAAiB,CAAC,IAAI,CAAC,CAAC;IACjC,CAAC;IAED;;OAEG;IACH,WAAW,CAAC,WAAmB;QAC7B,+CAA+C;QAC/C,0CAA0C;QAC1C,MAAM,KAAK,GAAG,WAAW,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QACtC,MAAM,MAAM,GAA4B,EAAE,KAAK,EAAE,EAAE,EAAE,CAAC;QAEtD,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;YACzB,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;YAC5B,IAAI,OAAO,CAAC,UAAU,CAAC,OAAO,CAAC,EAAE,CAAC;gBAChC,MAAM,CAAC,IAAI,GAAG,OAAO,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;YAC5C,CAAC;iBAAM,IAAI,OAAO,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;gBAC1C,MAAM,CAAC,OAAO,GAAG,OAAO,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;YAC/C,CAAC;iBAAM,IAAI,OAAO,CAAC,UAAU,CAAC,cAAc,CAAC,EAAE,CAAC;gBAC9C,MAAM,CAAC,WAAW,GAAG,OAAO,CAAC,SAAS,CAAC,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;YACpD,CAAC;QACH,CAAC;QAED,OAAO,MAAwB,CAAC;IAClC,CAAC;IAED;;OAEG;IACH,YAAY,CAAC,UAAkB;QAC7B,MAAM,MAAM,GAAG,IAAI,CAAC,SAAS,CAAC,UAAU,CAAC,CAAC;QAC1C,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,MAAM,IAAI,KAAK,CAAC,qBAAqB,UAAU,EAAE,CAAC,CAAC;QACrD,CAAC;QAED,MAAM,KAAK,GAAa,EAAE,CAAC;QAC3B,KAAK,CAAC,IAAI,CAAC,SAAS,MAAM,CAAC,IAAI,EAAE,CAAC,CAAC;QACnC,KAAK,CAAC,IAAI,CAAC,YAAY,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC;QACzC,IAAI,MAAM,CAAC,WAAW,EAAE,CAAC;YACvB,KAAK,CAAC,IAAI,CAAC,gBAAgB,MAAM,CAAC,WAAW,EAAE,CAAC,CAAC;QACnD,CAAC;QACD,IAAI,MAAM,CAAC,OAAO,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAChD,KAAK,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;YACvB,KAAK,MAAM,GAAG,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;gBACjC,KAAK,CAAC,IAAI,CAAC,OAAO,GAAG,EAAE,CAAC,CAAC;YAC3B,CAAC;QACH,CAAC;QACD,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QACrB,KAAK,MAAM,IAAI,IAAI,MAAM,CAAC,KAAK,EAAE,CAAC;YAChC,KAAK,CAAC,IAAI,CAAC,WAAW,IAAI,CAAC,EAAE,EAAE,CAAC,CAAC;YACjC,KAAK,CAAC,IAAI,CAAC,aAAa,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC;YACrC,KAAK,CAAC,IAAI,CAAC,eAAe,IAAI,CAAC,MAAM,EAAE,CAAC,CAAC;YACzC,IAAI,IAAI,CAAC,QAAQ,KAAK,SAAS,EAAE,CAAC;gBAChC,KAAK,CAAC,IAAI,CAAC,iBAAiB,IAAI,CAAC,QAAQ,EAAE,CAAC,CAAC;YAC/C,CAAC;YACD,KAAK,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAC;YAC9B,KAAK,MAAM,IAAI,IAAI,IAAI,CAAC,UAAU,EAAE,CAAC;gBACnC,KAAK,CAAC,IAAI,CAAC,mBAAmB,IAAI,CAAC,MAAM,EAAE,CAAC,CAAC;gBAC7C,KAAK,CAAC,IAAI,CAAC,qBAAqB,IAAI,CAAC,QAAQ,EAAE,CAAC,CAAC;gBACjD,KAAK,CAAC,IAAI,CAAC,kBAAkB,IAAI,CAAC,KAAK,EAAE,CAAC,CAAC;YAC7C,CAAC;QACH,CAAC;QAED,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAC1B,CAAC;IAED,+EAA+E;IAC/E,kBAAkB;IAClB,+EAA+E;IAEvE,aAAa,CAAC,MAAsB;QAC1C,IAAI,CAAC,MAAM,CAAC,OAAO,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACnD,OAAO,MAAM,CAAC;QAChB,CAAC;QAED,uCAAuC;QACvC,MAAM,QAAQ,GAAiB,EAAE,CAAC;QAClC,MAAM,OAAO,GAAG,IAAI,GAAG,EAAU,CAAC;QAElC,0CAA0C;QAC1C,KAAK,MAAM,YAAY,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;YAC1C,MAAM,QAAQ,GAAG,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,YAAY,CAAC,IAAI,iBAAiB,CAAC,YAAY,CAAC,CAAC;YACpF,IAAI,QAAQ,EAAE,CAAC;gBACb,MAAM,QAAQ,GAAG,IAAI,CAAC,aAAa,CAAC,QAAQ,CAAC,CAAC;gBAC9C,KAAK,MAAM,IAAI,IAAI,QAAQ,CAAC,KAAK,EAAE,CAAC;oBAClC,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,CAAC;wBAC1B,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;wBACpB,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;oBACvB,CAAC;gBACH,CAAC;YACH,CAAC;QACH,CAAC;QAED,iDAAiD;QACjD,KAAK,MAAM,IAAI,IAAI,MAAM,CAAC,KAAK,EAAE,CAAC;YAChC,MAAM,aAAa,GAAG,QAAQ,CAAC,SAAS,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,IAAI,CAAC,EAAE,CAAC,CAAC;YAChE,IAAI,aAAa,IAAI,CAAC,EAAE,CAAC;gBACvB,QAAQ,CAAC,aAAa,CAAC,GAAG,IAAI,CAAC;YACjC,CAAC;iBAAM,CAAC;gBACN,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACtB,CAAC;QACH,CAAC;QAED,OAAO;YACL,GAAG,MAAM;YACT,KAAK,EAAE,QAAQ;SAChB,CAAC;IACJ,CAAC;IAEO,YAAY,CAAC,IAAgB,EAAE,UAAsB;QAC3D,MAAM,iBAAiB,GAAsB,EAAE,CAAC;QAChD,MAAM,WAAW,GAAoB,EAAE,CAAC;QAExC,KAAK,MAAM,SAAS,IAAI,IAAI,CAAC,UAAU,EAAE,CAAC;YACxC,MAAM,EAAE,OAAO,EAAE,eAAe,EAAE,GAAG,IAAI,CAAC,iBAAiB,CAAC,SAAS,EAAE,UAAU,CAAC,CAAC;YAEnF,IAAI,CAAC,OAAO,EAAE,CAAC;gBACb,OAAO,IAAI,CAAC,CAAC,wCAAwC;YACvD,CAAC;YAED,iBAAiB,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;YAClC,WAAW,CAAC,IAAI,CAAC,GAAG,eAAe,CAAC,CAAC;QACvC,CAAC;QAED,OAAO;YACL,IAAI;YACJ,WAAW,EAAE,CAAC,GAAG,IAAI,GAAG,CAAC,WAAW,CAAC,CAAC,EAAE,cAAc;YACtD,iBAAiB;YACjB,MAAM,EAAE,IAAI,CAAC,MAAM;SACpB,CAAC;IACJ,CAAC;IAEO,iBAAiB,CACvB,SAA0B,EAC1B,UAAsB;QAEtB,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE,KAAK,EAAE,GAAG,SAAS,CAAC;QAE9C,6BAA6B;QAC7B,IAAI,MAAM,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;YAChC,MAAM,WAAW,GAAG,MAAM,CAAC,SAAS,CAAC,CAAC,CAAuB,CAAC;YAC9D,IAAI,KAAa,CAAC;YAElB,IAAI,WAAW,KAAK,OAAO,EAAE,CAAC;gBAC5B,MAAM,CAAC,GAAG,UAAU,CAAC,OAAO,CAAC;gBAC7B,KAAK,GAAG,CAAC,CAAC,QAAQ,GAAG,CAAC,CAAC,IAAI,GAAG,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,GAAG,GAAG,CAAC,CAAC,IAAI,CAAC;YAC1D,CAAC;iBAAM,CAAC;gBACN,KAAK,GAAG,UAAU,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC;YAC1C,CAAC;YAED,OAAO;gBACL,OAAO,EAAE,IAAI,CAAC,aAAa,CAAC,KAAK,EAAE,QAAQ,EAAE,KAAe,CAAC;gBAC7D,eAAe,EAAE,EAAE;aACpB,CAAC;QACJ,CAAC;QAED,sBAAsB;QACtB,IAAI,MAAM,KAAK,OAAO,EAAE,CAAC;YACvB,MAAM,CAAC,GAAG,UAAU,CAAC,OAAO,CAAC;YAC7B,MAAM,OAAO,GAAG,CAAC,CAAC,QAAQ,GAAG,EAAE,GAAG,CAAC,CAAC,IAAI,GAAG,EAAE,GAAG,CAAC,CAAC,MAAM,GAAG,CAAC,GAAG,CAAC,CAAC,GAAG,GAAG,CAAC,GAAG,CAAC,CAAC,IAAI,GAAG,GAAG,CAAC;YACxF,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,GAAG,GAAG,OAAO,CAAC,CAAC,CAAC;YAExD,OAAO;gBACL,OAAO,EAAE,IAAI,CAAC,aAAa,CAAC,KAAK,EAAE,QAAQ,EAAE,KAAe,CAAC;gBAC7D,eAAe,EAAE,EAAE;aACpB,CAAC;QACJ,CAAC;QAED,qCAAqC;QACrC,MAAM,aAAa,GAAoB,EAAE,CAAC;QAE1C,KAAK,MAAM,IAAI,IAAI,UAAU,CAAC,eAAe,EAAE,CAAC;YAC9C,IAAI,UAA8B,CAAC;YAEnC,QAAQ,MAAM,EAAE,CAAC;gBACf,KAAK,UAAU;oBACb,UAAU,GAAG,IAAI,CAAC,QAAQ,CAAC;oBAC3B,MAAM;gBACR,KAAK,MAAM;oBACT,UAAU,GAAG,IAAI,CAAC,MAAM,CAAC;oBACzB,MAAM;gBACR,KAAK,OAAO;oBACV,UAAU,GAAG,IAAI,CAAC,KAAK,EAAE,IAAI,CAAC,IAAI,CAAC,CAAC;oBACpC,MAAM;gBACR,KAAK,KAAK;oBACR,UAAU,GAAG,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,IAAI,CAAC,CAAC;oBACnC,MAAM;gBACR,KAAK,MAAM;oBACT,UAAU,GAAG,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC;oBAChC,MAAM;gBACR,KAAK,SAAS;oBACZ,UAAU,GAAG,IAAI,CAAC,WAAW,CAAC;oBAC9B,MAAM;YACV,CAAC;YAED,IAAI,UAAU,IAAI,IAAI,CAAC,mBAAmB,CAAC,UAAU,EAAE,QAAQ,EAAE,KAAK,CAAC,EAAE,CAAC;gBACxE,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAC3B,CAAC;QACH,CAAC;QAED,OAAO;YACL,OAAO,EAAE,aAAa,CAAC,MAAM,GAAG,CAAC;YACjC,eAAe,EAAE,aAAa;SAC/B,CAAC;IACJ,CAAC;IAEO,aAAa,CAAC,MAAc,EAAE,QAAwB,EAAE,QAAgB;QAC9E,QAAQ,QAAQ,EAAE,CAAC;YACjB,KAAK,QAAQ;gBACX,OAAO,MAAM,KAAK,QAAQ,CAAC;YAC7B,KAAK,YAAY;gBACf,OAAO,MAAM,KAAK,QAAQ,CAAC;YAC7B,KAAK,cAAc;gBACjB,OAAO,MAAM,GAAG,QAAQ,CAAC;YAC3B,KAAK,WAAW;gBACd,OAAO,MAAM,GAAG,QAAQ,CAAC;YAC3B,KAAK,wBAAwB;gBAC3B,OAAO,MAAM,IAAI,QAAQ,CAAC;YAC5B,KAAK,qBAAqB;gBACxB,OAAO,MAAM,IAAI,QAAQ,CAAC;YAC5B;gBACE,OAAO,KAAK,CAAC;QACjB,CAAC;IACH,CAAC;IAEO,mBAAmB,CACzB,MAAc,EACd,QAAwB,EACxB,QAAoC;QAEpC,MAAM,WAAW,GAAG,MAAM,CAAC,QAAQ,CAAC,CAAC;QAErC,QAAQ,QAAQ,EAAE,CAAC;YACjB,KAAK,QAAQ;gBACX,OAAO,MAAM,KAAK,WAAW,CAAC;YAChC,KAAK,YAAY;gBACf,OAAO,MAAM,KAAK,WAAW,CAAC;YAChC,KAAK,UAAU;gBACb,OAAO,MAAM,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;YACtC,KAAK,cAAc;gBACjB,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;YACvC,KAAK,SAAS;gBACZ,OAAO,IAAI,MAAM,CAAC,WAAW,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;YAC9C,KAAK,QAAQ;gBACX,OAAO,MAAM,KAAK,SAAS,IAAI,MAAM,KAAK,EAAE,CAAC;YAC/C,KAAK,YAAY;gBACf,OAAO,MAAM,KAAK,SAAS,IAAI,MAAM,KAAK,EAAE,CAAC;YAC/C;gBACE,OAAO,KAAK,CAAC;QACjB,CAAC;IACH,CAAC;IAEO,gBAAgB,CAAC,YAA+B;QACtD,MAAM,QAAQ,GAAiC;YAC7C,IAAI,EAAE,CAAC;YACP,IAAI,EAAE,CAAC;YACP,IAAI,EAAE,CAAC;YACP,MAAM,EAAE,CAAC;YACT,cAAc,EAAE,CAAC;SAClB,CAAC;QAEF,KAAK,MAAM,KAAK,IAAI,YAAY,EAAE,CAAC;YACjC,QAAQ,CAAC,KAAK,CAAC,MAAM,CAAC,EAAE,CAAC;QAC3B,CAAC;QAED,OAAO;YACL,QAAQ;YACR,QAAQ,EAAE,QAAQ,CAAC,IAAI;YACvB,QAAQ,EAAE,QAAQ,CAAC,IAAI;YACvB,eAAe,EAAE,QAAQ,CAAC,cAAc;SACzC,CAAC;IACJ,CAAC;IAEO,oBAAoB,CAC1B,YAA+B,EAC/B,QAAwB;QAExB,yDAAyD;QACzD,MAAM,cAAc,GAAmB,CAAC,MAAM,EAAE,gBAAgB,EAAE,MAAM,EAAE,MAAM,EAAE,QAAQ,CAAC,CAAC;QAE5F,KAAK,MAAM,MAAM,IAAI,cAAc,EAAE,CAAC;YACpC,IAAI,YAAY,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,MAAM,KAAK,MAAM,CAAC,EAAE,CAAC;gBAChD,OAAO,MAAM,CAAC;YAChB,CAAC;QACH,CAAC;QAED,OAAO,QAAQ,CAAC,aAAa,IAAI,MAAM,CAAC;IAC1C,CAAC;IAEO,uBAAuB,CAC7B,YAA+B,EAC/B,UAAsB;QAEtB,MAAM,eAAe,GAAa,EAAE,CAAC;QAErC,MAAM,SAAS,GAAG,YAAY,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,MAAM,KAAK,MAAM,CAAC,CAAC;QAChE,IAAI,SAAS,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACzB,eAAe,CAAC,IAAI,CAAC,WAAW,SAAS,CAAC,MAAM,wCAAwC,CAAC,CAAC;YAE1F,MAAM,aAAa,GAAG,UAAU,CAAC,OAAO,CAAC,QAAQ,CAAC;YAClD,IAAI,aAAa,GAAG,CAAC,EAAE,CAAC;gBACtB,eAAe,CAAC,IAAI,CAAC,OAAO,aAAa,wCAAwC,CAAC,CAAC;YACrF,CAAC;QACH,CAAC;QAED,MAAM,WAAW,GAAG,YAAY,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,MAAM,KAAK,gBAAgB,CAAC,CAAC;QAC5E,IAAI,WAAW,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC3B,eAAe,CAAC,IAAI,CAAC,GAAG,WAAW,CAAC,MAAM,wCAAwC,CAAC,CAAC;QACtF,CAAC;QAED,IAAI,UAAU,CAAC,OAAO,CAAC,IAAI,GAAG,CAAC,EAAE,CAAC;YAChC,eAAe,CAAC,IAAI,CAAC,8CAA8C,CAAC,CAAC;QACvE,CAAC;QAED,OAAO,eAAe,CAAC;IACzB,CAAC;IAEO,aAAa,CAAC,MAAoB;QACxC,MAAM,YAAY,GAAmB;YACnC,UAAU,EAAE,MAAM,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,SAAS;YACrD,gBAAgB,EAAE,YAAY,EAAE,cAAc,EAAE,WAAW,EAAE,aAAa;YAC1E,OAAO;SACR,CAAC;QACF,OAAO,YAAY,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;IACvC,CAAC;IAEO,eAAe,CAAC,QAAwB;QAC9C,MAAM,cAAc,GAAqB;YACvC,QAAQ,EAAE,YAAY,EAAE,cAAc,EAAE,WAAW;YACnD,wBAAwB,EAAE,qBAAqB;YAC/C,UAAU,EAAE,cAAc,EAAE,SAAS,EAAE,QAAQ,EAAE,YAAY;SAC9D,CAAC;QACF,OAAO,cAAc,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;IAC3C,CAAC;CACF;AAED,+EAA+E;AAC/E,oBAAoB;AACpB,+EAA+E;AAE/E;;GAEG;AACH,MAAM,UAAU,kBAAkB,CAAC,OAA6B;IAC9D,OAAO,IAAI,YAAY,CAAC,OAAO,CAAC,CAAC;AACnC,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,gBAAgB,CAAC,IAAqD;IACpF,OAAO,iBAAiB,CAAC,IAAI,CAAC,CAAC;AACjC,CAAC"}
|