@nxuss/lemma 0.1.1 → 0.2.0

package/dist/esm/security/AuthManager.d.ts

@@ -0,0 +1,73 @@
+/**
+ * Authentication Manager
+ * Handles API key generation, validation, and agent authentication
+ */
+export interface ApiKey {
+    key: string;
+    agentId: string;
+    name: string;
+    createdAt: number;
+    expiresAt?: number;
+    permissions: string[];
+    rateLimit?: {
+        requestsPerMinute: number;
+        requestsPerHour: number;
+    };
+}
+export interface AuthConfig {
+    enabled: boolean;
+    requireApiKey: boolean;
+    allowedOrigins?: string[];
+    defaultRateLimit?: {
+        requestsPerMinute: number;
+        requestsPerHour: number;
+    };
+}
+export declare class AuthManager {
+    private apiKeys;
+    private config;
+    constructor(config: AuthConfig);
+    /**
+     * Generate a new API key for an agent
+     */
+    generateApiKey(agentId: string, name: string, options?: {
+        expiresIn?: number;
+        permissions?: string[];
+        rateLimit?: {
+            requestsPerMinute: number;
+            requestsPerHour: number;
+        };
+    }): string;
+    /**
+     * Validate an API key
+     */
+    validateApiKey(key: string): {
+        valid: boolean;
+        apiKey?: ApiKey;
+        reason?: string;
+    };
+    /**
+     * Revoke an API key
+     */
+    revokeApiKey(key: string): boolean;
+    /**
+     * List all API keys for an agent
+     */
+    listApiKeys(agentId?: string): ApiKey[];
+    /**
+     * Check if agent has permission
+     */
+    hasPermission(apiKey: ApiKey, permission: string): boolean;
+    /**
+     * Validate origin (CORS)
+     */
+    validateOrigin(origin: string): boolean;
+    /**
+     * Get rate limit for API key
+     */
+    getRateLimit(apiKey: ApiKey): {
+        requestsPerMinute: number;
+        requestsPerHour: number;
+    };
+}
+//# sourceMappingURL=AuthManager.d.ts.map

package/dist/esm/security/AuthManager.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"AuthManager.d.ts","sourceRoot":"","sources":["../../../src/security/AuthManager.ts"],"names":[],"mappings":"AAEA;;;GAGG;AAEH,MAAM,WAAW,MAAM;IACrB,GAAG,EAAE,MAAM,CAAC;IACZ,OAAO,EAAE,MAAM,CAAC;IAChB,IAAI,EAAE,MAAM,CAAC;IACb,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,WAAW,EAAE,MAAM,EAAE,CAAC;IACtB,SAAS,CAAC,EAAE;QACV,iBAAiB,EAAE,MAAM,CAAC;QAC1B,eAAe,EAAE,MAAM,CAAC;KACzB,CAAC;CACH;AAED,MAAM,WAAW,UAAU;IACzB,OAAO,EAAE,OAAO,CAAC;IACjB,aAAa,EAAE,OAAO,CAAC;IACvB,cAAc,CAAC,EAAE,MAAM,EAAE,CAAC;IAC1B,gBAAgB,CAAC,EAAE;QACjB,iBAAiB,EAAE,MAAM,CAAC;QAC1B,eAAe,EAAE,MAAM,CAAC;KACzB,CAAC;CACH;AAED,qBAAa,WAAW;IACtB,OAAO,CAAC,OAAO,CAAkC;IACjD,OAAO,CAAC,MAAM,CAAa;gBAEf,MAAM,EAAE,UAAU;IAI9B;;OAEG;IACH,cAAc,CACZ,OAAO,EAAE,MAAM,EACf,IAAI,EAAE,MAAM,EACZ,OAAO,CAAC,EAAE;QACR,SAAS,CAAC,EAAE,MAAM,CAAC;QACnB,WAAW,CAAC,EAAE,MAAM,EAAE,CAAC;QACvB,SAAS,CAAC,EAAE;YAAE,iBAAiB,EAAE,MAAM,CAAC;YAAC,eAAe,EAAE,MAAM,CAAA;SAAE,CAAC;KACpE,GACA,MAAM;IAqBT;;OAEG;IACH,cAAc,CAAC,GAAG,EAAE,MAAM,GAAG;QAC3B,KAAK,EAAE,OAAO,CAAC;QACf,MAAM,CAAC,EAAE,MAAM,CAAC;QAChB,MAAM,CAAC,EAAE,MAAM,CAAC;KACjB;IAuBD;;OAEG;IACH,YAAY,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO;IAIlC;;OAEG;IACH,WAAW,CAAC,OAAO,CAAC,EAAE,MAAM,GAAG,MAAM,EAAE;IAUvC;;OAEG;IACH,aAAa,CAAC,MAAM,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,GAAG,OAAO;IAQ1D;;OAEG;IACH,cAAc,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO;IAYvC;;OAEG;IACH,YAAY,CAAC,MAAM,EAAE,MAAM,GAAG;QAC5B,iBAAiB,EAAE,MAAM,CAAC;QAC1B,eAAe,EAAE,MAAM,CAAC;KACzB;CASF"}

package/dist/esm/security/AuthManager.js

@@ -0,0 +1,95 @@
+import crypto from 'crypto';
+export class AuthManager {
+    constructor(config) {
+        this.apiKeys = new Map();
+        this.config = config;
+    }
+    /**
+     * Generate a new API key for an agent
+     */
+    generateApiKey(agentId, name, options) {
+        // Generate secure random key
+        const key = `lma_${crypto.randomBytes(32).toString('hex')}`;
+        const apiKey = {
+            key,
+            agentId,
+            name,
+            createdAt: Date.now(),
+            expiresAt: options?.expiresIn
+                ? Date.now() + options.expiresIn
+                : undefined,
+            permissions: options?.permissions || ['*'],
+            rateLimit: options?.rateLimit || this.config.defaultRateLimit,
+        };
+        this.apiKeys.set(key, apiKey);
+        return key;
+    }
+    /**
+     * Validate an API key
+     */
+    validateApiKey(key) {
+        if (!this.config.enabled || !this.config.requireApiKey) {
+            return { valid: true };
+        }
+        if (!key) {
+            return { valid: false, reason: 'API key required' };
+        }
+        const apiKey = this.apiKeys.get(key);
+        if (!apiKey) {
+            return { valid: false, reason: 'Invalid API key' };
+        }
+        // Check expiration
+        if (apiKey.expiresAt && Date.now() > apiKey.expiresAt) {
+            return { valid: false, reason: 'API key expired' };
+        }
+        return { valid: true, apiKey };
+    }
+    /**
+     * Revoke an API key
+     */
+    revokeApiKey(key) {
+        return this.apiKeys.delete(key);
+    }
+    /**
+     * List all API keys for an agent
+     */
+    listApiKeys(agentId) {
+        const keys = Array.from(this.apiKeys.values());
+        if (agentId) {
+            return keys.filter((k) => k.agentId === agentId);
+        }
+        return keys;
+    }
+    /**
+     * Check if agent has permission
+     */
+    hasPermission(apiKey, permission) {
+        if (apiKey.permissions.includes('*')) {
+            return true;
+        }
+        return apiKey.permissions.includes(permission);
+    }
+    /**
+     * Validate origin (CORS)
+     */
+    validateOrigin(origin) {
+        if (!this.config.allowedOrigins || this.config.allowedOrigins.length === 0) {
+            return true; // Allow all if not configured
+        }
+        if (this.config.allowedOrigins.includes('*')) {
+            return true;
+        }
+        return this.config.allowedOrigins.includes(origin);
+    }
+    /**
+     * Get rate limit for API key
+     */
+    getRateLimit(apiKey) {
+        return (apiKey.rateLimit ||
+            this.config.defaultRateLimit || {
+            requestsPerMinute: 60,
+            requestsPerHour: 1000,
+        });
+    }
+}
+//# sourceMappingURL=AuthManager.js.map

package/dist/esm/security/AuthManager.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"AuthManager.js","sourceRoot":"","sources":["../../../src/security/AuthManager.ts"],"names":[],"mappings":"AAAA,OAAO,MAAM,MAAM,QAAQ,CAAC;AA8B5B,MAAM,OAAO,WAAW;IAItB,YAAY,MAAkB;QAHtB,YAAO,GAAwB,IAAI,GAAG,EAAE,CAAC;QAI/C,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;IACvB,CAAC;IAED;;OAEG;IACH,cAAc,CACZ,OAAe,EACf,IAAY,EACZ,OAIC;QAED,6BAA6B;QAC7B,MAAM,GAAG,GAAG,OAAO,MAAM,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;QAE5D,MAAM,MAAM,GAAW;YACrB,GAAG;YACH,OAAO;YACP,IAAI;YACJ,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;YACrB,SAAS,EAAE,OAAO,EAAE,SAAS;gBAC3B,CAAC,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,OAAO,CAAC,SAAS;gBAChC,CAAC,CAAC,SAAS;YACb,WAAW,EAAE,OAAO,EAAE,WAAW,IAAI,CAAC,GAAG,CAAC;YAC1C,SAAS,EAAE,OAAO,EAAE,SAAS,IAAI,IAAI,CAAC,MAAM,CAAC,gBAAgB;SAC9D,CAAC;QAEF,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC;QAE9B,OAAO,GAAG,CAAC;IACb,CAAC;IAED;;OAEG;IACH,cAAc,CAAC,GAAW;QAKxB,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,aAAa,EAAE,CAAC;YACvD,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC;QACzB,CAAC;QAED,IAAI,CAAC,GAAG,EAAE,CAAC;YACT,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,kBAAkB,EAAE,CAAC;QACtD,CAAC;QAED,MAAM,MAAM,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QAErC,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,iBAAiB,EAAE,CAAC;QACrD,CAAC;QAED,mBAAmB;QACnB,IAAI,MAAM,CAAC,SAAS,IAAI,IAAI,CAAC,GAAG,EAAE,GAAG,MAAM,CAAC,SAAS,EAAE,CAAC;YACtD,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,iBAAiB,EAAE,CAAC;QACrD,CAAC;QAED,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC;IACjC,CAAC;IAED;;OAEG;IACH,YAAY,CAAC,GAAW;QACtB,OAAO,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;IAClC,CAAC;IAED;;OAEG;IACH,WAAW,CAAC,OAAgB;QAC1B,MAAM,IAAI,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC;QAE/C,IAAI,OAAO,EAAE,CAAC;YACZ,OAAO,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,KAAK,OAAO,CAAC,CAAC;QACnD,CAAC;QAED,OAAO,IAAI,CAAC;IACd,CAAC;IAED;;OAEG;IACH,aAAa,CAAC,MAAc,EAAE,UAAkB;QAC9C,IAAI,MAAM,CAAC,WAAW,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;YACrC,OAAO,IAAI,CAAC;QACd,CAAC;QAED,OAAO,MAAM,CAAC,WAAW,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC;IACjD,CAAC;IAED;;OAEG;IACH,cAAc,CAAC,MAAc;QAC3B,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,cAAc,IAAI,IAAI,CAAC,MAAM,CAAC,cAAc,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC3E,OAAO,IAAI,CAAC,CAAC,8BAA8B;QAC7C,CAAC;QAED,IAAI,IAAI,CAAC,MAAM,CAAC,cAAc,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;YAC7C,OAAO,IAAI,CAAC;QACd,CAAC;QAED,OAAO,IAAI,CAAC,MAAM,CAAC,cAAc,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;IACrD,CAAC;IAED;;OAEG;IACH,YAAY,CAAC,MAAc;QAIzB,OAAO,CACL,MAAM,CAAC,SAAS;YAChB,IAAI,CAAC,MAAM,CAAC,gBAAgB,IAAI;YAC9B,iBAAiB,EAAE,EAAE;YACrB,eAAe,EAAE,IAAI;SACtB,CACF,CAAC;IACJ,CAAC;CACF"}

package/dist/esm/security/MessageSanitizer.d.ts

@@ -0,0 +1,51 @@
+/**
+ * Message Sanitizer
+ * Validates and sanitizes incoming messages to prevent injection attacks
+ */
+export interface SanitizationResult {
+    valid: boolean;
+    sanitized?: any;
+    errors?: string[];
+}
+export declare class MessageSanitizer {
+    private maxStringLength;
+    private maxArrayLength;
+    private maxObjectDepth;
+    constructor(options?: {
+        maxStringLength?: number;
+        maxArrayLength?: number;
+        maxObjectDepth?: number;
+    });
+    /**
+     * Sanitize a message
+     */
+    sanitize(message: any): SanitizationResult;
+    /**
+     * Sanitize a value recursively
+     */
+    private sanitizeValue;
+    /**
+     * Sanitize a string
+     */
+    private sanitizeString;
+    /**
+     * Sanitize an array
+     */
+    private sanitizeArray;
+    /**
+     * Sanitize an object
+     */
+    private sanitizeObject;
+    /**
+     * Validate message structure
+     */
+    validateMessageStructure(message: any): {
+        valid: boolean;
+        errors?: string[];
+    };
+    /**
+     * Sanitize and validate a message
+     */
+    sanitizeAndValidate(message: any): SanitizationResult;
+}
+//# sourceMappingURL=MessageSanitizer.d.ts.map

package/dist/esm/security/MessageSanitizer.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"MessageSanitizer.d.ts","sourceRoot":"","sources":["../../../src/security/MessageSanitizer.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,MAAM,WAAW,kBAAkB;IACjC,KAAK,EAAE,OAAO,CAAC;IACf,SAAS,CAAC,EAAE,GAAG,CAAC;IAChB,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC;CACnB;AAED,qBAAa,gBAAgB;IAC3B,OAAO,CAAC,eAAe,CAAS;IAChC,OAAO,CAAC,cAAc,CAAS;IAC/B,OAAO,CAAC,cAAc,CAAS;gBAEnB,OAAO,CAAC,EAAE;QACpB,eAAe,CAAC,EAAE,MAAM,CAAC;QACzB,cAAc,CAAC,EAAE,MAAM,CAAC;QACxB,cAAc,CAAC,EAAE,MAAM,CAAC;KACzB;IAMD;;OAEG;IACH,QAAQ,CAAC,OAAO,EAAE,GAAG,GAAG,kBAAkB;IAmB1C;;OAEG;IACH,OAAO,CAAC,aAAa;IA8CrB;;OAEG;IACH,OAAO,CAAC,cAAc;IAkBtB;;OAEG;IACH,OAAO,CAAC,aAAa;IAUrB;;OAEG;IACH,OAAO,CAAC,cAAc;IAoBtB;;OAEG;IACH,wBAAwB,CAAC,OAAO,EAAE,GAAG,GAAG;QACtC,KAAK,EAAE,OAAO,CAAC;QACf,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC;KACnB;IAmDD;;OAEG;IACH,mBAAmB,CAAC,OAAO,EAAE,GAAG,GAAG,kBAAkB;CAatD"}

package/dist/esm/security/MessageSanitizer.js

@@ -0,0 +1,178 @@
+/**
+ * Message Sanitizer
+ * Validates and sanitizes incoming messages to prevent injection attacks
+ */
+export class MessageSanitizer {
+    constructor(options) {
+        this.maxStringLength = options?.maxStringLength || 10000;
+        this.maxArrayLength = options?.maxArrayLength || 1000;
+        this.maxObjectDepth = options?.maxObjectDepth || 10;
+    }
+    /**
+     * Sanitize a message
+     */
+    sanitize(message) {
+        const errors = [];
+        try {
+            const sanitized = this.sanitizeValue(message, 0, errors);
+            if (errors.length > 0) {
+                return { valid: false, errors };
+            }
+            return { valid: true, sanitized };
+        }
+        catch (error) {
+            return {
+                valid: false,
+                errors: [`Sanitization error: ${error.message}`],
+            };
+        }
+    }
+    /**
+     * Sanitize a value recursively
+     */
+    sanitizeValue(value, depth, errors) {
+        // Check depth
+        if (depth > this.maxObjectDepth) {
+            errors.push(`Maximum object depth (${this.maxObjectDepth}) exceeded`);
+            return null;
+        }
+        // Handle null/undefined
+        if (value === null || value === undefined) {
+            return value;
+        }
+        // Handle strings
+        if (typeof value === 'string') {
+            return this.sanitizeString(value, errors);
+        }
+        // Handle numbers
+        if (typeof value === 'number') {
+            if (!Number.isFinite(value)) {
+                errors.push('Invalid number (NaN or Infinity)');
+                return 0;
+            }
+            return value;
+        }
+        // Handle booleans
+        if (typeof value === 'boolean') {
+            return value;
+        }
+        // Handle arrays
+        if (Array.isArray(value)) {
+            return this.sanitizeArray(value, depth, errors);
+        }
+        // Handle objects
+        if (typeof value === 'object') {
+            return this.sanitizeObject(value, depth, errors);
+        }
+        // Reject functions, symbols, etc.
+        errors.push(`Invalid type: ${typeof value}`);
+        return null;
+    }
+    /**
+     * Sanitize a string
+     */
+    sanitizeString(str, errors) {
+        // Check length
+        if (str.length > this.maxStringLength) {
+            errors.push(`String too long (${str.length} > ${this.maxStringLength})`);
+            return str.substring(0, this.maxStringLength);
+        }
+        // Remove null bytes
+        str = str.replace(/\0/g, '');
+        // Remove control characters (except newline, tab, carriage return)
+        str = str.replace(/[\x00-\x08\x0B-\x0C\x0E-\x1F\x7F]/g, '');
+        return str;
+    }
+    /**
+     * Sanitize an array
+     */
+    sanitizeArray(arr, depth, errors) {
+        // Check length
+        if (arr.length > this.maxArrayLength) {
+            errors.push(`Array too long (${arr.length} > ${this.maxArrayLength})`);
+            arr = arr.slice(0, this.maxArrayLength);
+        }
+        return arr.map((item) => this.sanitizeValue(item, depth + 1, errors));
+    }
+    /**
+     * Sanitize an object
+     */
+    sanitizeObject(obj, depth, errors) {
+        const sanitized = {};
+        for (const key in obj) {
+            if (obj.hasOwnProperty(key)) {
+                // Sanitize key
+                const sanitizedKey = this.sanitizeString(key, errors);
+                // Sanitize value
+                sanitized[sanitizedKey] = this.sanitizeValue(obj[key], depth + 1, errors);
+            }
+        }
+        return sanitized;
+    }
+    /**
+     * Validate message structure
+     */
+    validateMessageStructure(message) {
+        const errors = [];
+        // Check if message is an object
+        if (typeof message !== 'object' || message === null) {
+            errors.push('Message must be an object');
+            return { valid: false, errors };
+        }
+        // Check required fields
+        if (!message.type) {
+            errors.push('Message must have a "type" field');
+        }
+        // Accept either "id" or "messageId" (protocol uses messageId)
+        if (!message.id && !message.messageId) {
+            errors.push('Message must have an "id" field');
+        }
+        if (!message.timestamp) {
+            errors.push('Message must have a "timestamp" field');
+        }
+        // Validate timestamp — accept both Unix ms (number) and ISO 8601 (string)
+        if (message.timestamp) {
+            const now = Date.now();
+            let ts;
+            if (typeof message.timestamp === 'number') {
+                ts = message.timestamp;
+            }
+            else if (typeof message.timestamp === 'string') {
+                ts = new Date(message.timestamp).getTime();
+            }
+            else {
+                ts = NaN;
+            }
+            if (isNaN(ts)) {
+                errors.push('Message timestamp is invalid');
+            }
+            else {
+                const diff = Math.abs(now - ts);
+                // Allow 5 minutes clock skew
+                if (diff > 5 * 60 * 1000) {
+                    errors.push('Message timestamp too far from current time');
+                }
+            }
+        }
+        return {
+            valid: errors.length === 0,
+            errors: errors.length > 0 ? errors : undefined,
+        };
+    }
+    /**
+     * Sanitize and validate a message
+     */
+    sanitizeAndValidate(message) {
+        // First validate structure
+        const structureValidation = this.validateMessageStructure(message);
+        if (!structureValidation.valid) {
+            return {
+                valid: false,
+                errors: structureValidation.errors,
+            };
+        }
+        // Then sanitize
+        return this.sanitize(message);
+    }
+}
+//# sourceMappingURL=MessageSanitizer.js.map

package/dist/esm/security/MessageSanitizer.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"MessageSanitizer.js","sourceRoot":"","sources":["../../../src/security/MessageSanitizer.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAQH,MAAM,OAAO,gBAAgB;IAK3B,YAAY,OAIX;QACC,IAAI,CAAC,eAAe,GAAG,OAAO,EAAE,eAAe,IAAI,KAAK,CAAC;QACzD,IAAI,CAAC,cAAc,GAAG,OAAO,EAAE,cAAc,IAAI,IAAI,CAAC;QACtD,IAAI,CAAC,cAAc,GAAG,OAAO,EAAE,cAAc,IAAI,EAAE,CAAC;IACtD,CAAC;IAED;;OAEG;IACH,QAAQ,CAAC,OAAY;QACnB,MAAM,MAAM,GAAa,EAAE,CAAC;QAE5B,IAAI,CAAC;YACH,MAAM,SAAS,GAAG,IAAI,CAAC,aAAa,CAAC,OAAO,EAAE,CAAC,EAAE,MAAM,CAAC,CAAC;YAEzD,IAAI,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBACtB,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,CAAC;YAClC,CAAC;YAED,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,SAAS,EAAE,CAAC;QACpC,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,OAAO;gBACL,KAAK,EAAE,KAAK;gBACZ,MAAM,EAAE,CAAC,uBAAwB,KAAe,CAAC,OAAO,EAAE,CAAC;aAC5D,CAAC;QACJ,CAAC;IACH,CAAC;IAED;;OAEG;IACK,aAAa,CAAC,KAAU,EAAE,KAAa,EAAE,MAAgB;QAC/D,cAAc;QACd,IAAI,KAAK,GAAG,IAAI,CAAC,cAAc,EAAE,CAAC;YAChC,MAAM,CAAC,IAAI,CAAC,yBAAyB,IAAI,CAAC,cAAc,YAAY,CAAC,CAAC;YACtE,OAAO,IAAI,CAAC;QACd,CAAC;QAED,wBAAwB;QACxB,IAAI,KAAK,KAAK,IAAI,IAAI,KAAK,KAAK,SAAS,EAAE,CAAC;YAC1C,OAAO,KAAK,CAAC;QACf,CAAC;QAED,iBAAiB;QACjB,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YAC9B,OAAO,IAAI,CAAC,cAAc,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC;QAC5C,CAAC;QAED,iBAAiB;QACjB,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YAC9B,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;gBAC5B,MAAM,CAAC,IAAI,CAAC,kCAAkC,CAAC,CAAC;gBAChD,OAAO,CAAC,CAAC;YACX,CAAC;YACD,OAAO,KAAK,CAAC;QACf,CAAC;QAED,kBAAkB;QAClB,IAAI,OAAO,KAAK,KAAK,SAAS,EAAE,CAAC;YAC/B,OAAO,KAAK,CAAC;QACf,CAAC;QAED,gBAAgB;QAChB,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;YACzB,OAAO,IAAI,CAAC,aAAa,CAAC,KAAK,EAAE,KAAK,EAAE,MAAM,CAAC,CAAC;QAClD,CAAC;QAED,iBAAiB;QACjB,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YAC9B,OAAO,IAAI,CAAC,cAAc,CAAC,KAAK,EAAE,KAAK,EAAE,MAAM,CAAC,CAAC;QACnD,CAAC;QAED,kCAAkC;QAClC,MAAM,CAAC,IAAI,CAAC,iBAAiB,OAAO,KAAK,EAAE,CAAC,CAAC;QAC7C,OAAO,IAAI,CAAC;IACd,CAAC;IAED;;OAEG;IACK,cAAc,CAAC,GAAW,EAAE,MAAgB;QAClD,eAAe;QACf,IAAI,GAAG,CAAC,MAAM,GAAG,IAAI,CAAC,eAAe,EAAE,CAAC;YACtC,MAAM,CAAC,IAAI,CACT,oBAAoB,GAAG,CAAC,MAAM,MAAM,IAAI,CAAC,eAAe,GAAG,CAC5D,CAAC;YACF,OAAO,GAAG,CAAC,SAAS,CAAC,CAAC,EAAE,IAAI,CAAC,eAAe,CAAC,CAAC;QAChD,CAAC;QAED,oBAAoB;QACpB,GAAG,GAAG,GAAG,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;QAE7B,mEAAmE;QACnE,GAAG,GAAG,GAAG,CAAC,OAAO,CAAC,oCAAoC,EAAE,EAAE,CAAC,CAAC;QAE5D,OAAO,GAAG,CAAC;IACb,CAAC;IAED;;OAEG;IACK,aAAa,CAAC,GAAU,EAAE,KAAa,EAAE,MAAgB;QAC/D,eAAe;QACf,IAAI,GAAG,CAAC,MAAM,GAAG,IAAI,CAAC,cAAc,EAAE,CAAC;YACrC,MAAM,CAAC,IAAI,CAAC,mBAAmB,GAAG,CAAC,MAAM,MAAM,IAAI,CAAC,cAAc,GAAG,CAAC,CAAC;YACvE,GAAG,GAAG,GAAG,CAAC,KAAK,CAAC,CAAC,EAAE,IAAI,CAAC,cAAc,CAAC,CAAC;QAC1C,CAAC;QAED,OAAO,GAAG,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,aAAa,CAAC,IAAI,EAAE,KAAK,GAAG,CAAC,EAAE,MAAM,CAAC,CAAC,CAAC;IACxE,CAAC;IAED;;OAEG;IACK,cAAc,CAAC,GAAQ,EAAE,KAAa,EAAE,MAAgB;QAC9D,MAAM,SAAS,GAAQ,EAAE,CAAC;QAE1B,KAAK,MAAM,GAAG,IAAI,GAAG,EAAE,CAAC;YACtB,IAAI,GAAG,CAAC,cAAc,CAAC,GAAG,CAAC,EAAE,CAAC;gBAC5B,eAAe;gBACf,MAAM,YAAY,GAAG,IAAI,CAAC,cAAc,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC;gBAEtD,iBAAiB;gBACjB,SAAS,CAAC,YAAY,CAAC,GAAG,IAAI,CAAC,aAAa,CAC1C,GAAG,CAAC,GAAG,CAAC,EACR,KAAK,GAAG,CAAC,EACT,MAAM,CACP,CAAC;YACJ,CAAC;QACH,CAAC;QAED,OAAO,SAAS,CAAC;IACnB,CAAC;IAED;;OAEG;IACH,wBAAwB,CAAC,OAAY;QAInC,MAAM,MAAM,GAAa,EAAE,CAAC;QAE5B,gCAAgC;QAChC,IAAI,OAAO,OAAO,KAAK,QAAQ,IAAI,OAAO,KAAK,IAAI,EAAE,CAAC;YACpD,MAAM,CAAC,IAAI,CAAC,2BAA2B,CAAC,CAAC;YACzC,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,CAAC;QAClC,CAAC;QAED,wBAAwB;QACxB,IAAI,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC;YAClB,MAAM,CAAC,IAAI,CAAC,kCAAkC,CAAC,CAAC;QAClD,CAAC;QAED,8DAA8D;QAC9D,IAAI,CAAC,OAAO,CAAC,EAAE,IAAI,CAAC,OAAO,CAAC,SAAS,EAAE,CAAC;YACtC,MAAM,CAAC,IAAI,CAAC,iCAAiC,CAAC,CAAC;QACjD,CAAC;QAED,IAAI,CAAC,OAAO,CAAC,SAAS,EAAE,CAAC;YACvB,MAAM,CAAC,IAAI,CAAC,uCAAuC,CAAC,CAAC;QACvD,CAAC;QAED,0EAA0E;QAC1E,IAAI,OAAO,CAAC,SAAS,EAAE,CAAC;YACtB,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;YACvB,IAAI,EAAU,CAAC;YACf,IAAI,OAAO,OAAO,CAAC,SAAS,KAAK,QAAQ,EAAE,CAAC;gBAC1C,EAAE,GAAG,OAAO,CAAC,SAAS,CAAC;YACzB,CAAC;iBAAM,IAAI,OAAO,OAAO,CAAC,SAAS,KAAK,QAAQ,EAAE,CAAC;gBACjD,EAAE,GAAG,IAAI,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC,OAAO,EAAE,CAAC;YAC7C,CAAC;iBAAM,CAAC;gBACN,EAAE,GAAG,GAAG,CAAC;YACX,CAAC;YACD,IAAI,KAAK,CAAC,EAAE,CAAC,EAAE,CAAC;gBACd,MAAM,CAAC,IAAI,CAAC,8BAA8B,CAAC,CAAC;YAC9C,CAAC;iBAAM,CAAC;gBACN,MAAM,IAAI,GAAG,IAAI,CAAC,GAAG,CAAC,GAAG,GAAG,EAAE,CAAC,CAAC;gBAChC,6BAA6B;gBAC7B,IAAI,IAAI,GAAG,CAAC,GAAG,EAAE,GAAG,IAAI,EAAE,CAAC;oBACzB,MAAM,CAAC,IAAI,CAAC,6CAA6C,CAAC,CAAC;gBAC7D,CAAC;YACH,CAAC;QACH,CAAC;QAED,OAAO;YACL,KAAK,EAAE,MAAM,CAAC,MAAM,KAAK,CAAC;YAC1B,MAAM,EAAE,MAAM,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS;SAC/C,CAAC;IACJ,CAAC;IAED;;OAEG;IACH,mBAAmB,CAAC,OAAY;QAC9B,2BAA2B;QAC3B,MAAM,mBAAmB,GAAG,IAAI,CAAC,wBAAwB,CAAC,OAAO,CAAC,CAAC;QACnE,IAAI,CAAC,mBAAmB,CAAC,KAAK,EAAE,CAAC;YAC/B,OAAO;gBACL,KAAK,EAAE,KAAK;gBACZ,MAAM,EAAE,mBAAmB,CAAC,MAAM;aACnC,CAAC;QACJ,CAAC;QAED,gBAAgB;QAChB,OAAO,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;IAChC,CAAC;CACF"}

package/dist/esm/security/RateLimiter.d.ts

@@ -0,0 +1,46 @@
+/**
+ * Rate Limiter
+ * Prevents abuse by limiting requests per agent
+ */
+export interface RateLimitConfig {
+    requestsPerMinute: number;
+    requestsPerHour: number;
+    blockDuration?: number;
+}
+export declare class RateLimiter {
+    private limits;
+    private cleanupInterval;
+    constructor();
+    /**
+     * Check if request is allowed
+     */
+    checkLimit(identifier: string, config: RateLimitConfig): {
+        allowed: boolean;
+        remaining: {
+            perMinute: number;
+            perHour: number;
+        };
+        resetAt?: number;
+    };
+    /**
+     * Reset limits for an identifier
+     */
+    reset(identifier: string): void;
+    /**
+     * Get current usage for an identifier
+     */
+    getUsage(identifier: string): {
+        minuteRequests: number;
+        hourRequests: number;
+        blockedUntil?: number;
+    };
+    /**
+     * Cleanup old entries
+     */
+    private cleanup;
+    /**
+     * Destroy rate limiter
+     */
+    destroy(): void;
+}
+//# sourceMappingURL=RateLimiter.d.ts.map

package/dist/esm/security/RateLimiter.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"RateLimiter.d.ts","sourceRoot":"","sources":["../../../src/security/RateLimiter.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,MAAM,WAAW,eAAe;IAC9B,iBAAiB,EAAE,MAAM,CAAC;IAC1B,eAAe,EAAE,MAAM,CAAC;IACxB,aAAa,CAAC,EAAE,MAAM,CAAC;CACxB;AAQD,qBAAa,WAAW;IACtB,OAAO,CAAC,MAAM,CAA0C;IACxD,OAAO,CAAC,eAAe,CAAiB;;IASxC;;OAEG;IACH,UAAU,CACR,UAAU,EAAE,MAAM,EAClB,MAAM,EAAE,eAAe,GACtB;QACD,OAAO,EAAE,OAAO,CAAC;QACjB,SAAS,EAAE;YACT,SAAS,EAAE,MAAM,CAAC;YAClB,OAAO,EAAE,MAAM,CAAC;SACjB,CAAC;QACF,OAAO,CAAC,EAAE,MAAM,CAAC;KAClB;IA6ED;;OAEG;IACH,KAAK,CAAC,UAAU,EAAE,MAAM,GAAG,IAAI;IAI/B;;OAEG;IACH,QAAQ,CAAC,UAAU,EAAE,MAAM,GAAG;QAC5B,cAAc,EAAE,MAAM,CAAC;QACvB,YAAY,EAAE,MAAM,CAAC;QACrB,YAAY,CAAC,EAAE,MAAM,CAAC;KACvB;IAuBD;;OAEG;IACH,OAAO,CAAC,OAAO;IAgBf;;OAEG;IACH,OAAO,IAAI,IAAI;CAIhB"}

package/dist/esm/security/RateLimiter.js

@@ -0,0 +1,129 @@
+/**
+ * Rate Limiter
+ * Prevents abuse by limiting requests per agent
+ */
+export class RateLimiter {
+    constructor() {
+        this.limits = new Map();
+        // Cleanup old entries every 5 minutes
+        this.cleanupInterval = setInterval(() => {
+            this.cleanup();
+        }, 5 * 60 * 1000);
+    }
+    /**
+     * Check if request is allowed
+     */
+    checkLimit(identifier, config) {
+        const now = Date.now();
+        let entry = this.limits.get(identifier);
+        if (!entry) {
+            entry = {
+                minuteRequests: [],
+                hourRequests: [],
+            };
+            this.limits.set(identifier, entry);
+        }
+        // Check if blocked
+        if (entry.blockedUntil && now < entry.blockedUntil) {
+            return {
+                allowed: false,
+                remaining: { perMinute: 0, perHour: 0 },
+                resetAt: entry.blockedUntil,
+            };
+        }
+        // Clean old requests
+        const oneMinuteAgo = now - 60 * 1000;
+        const oneHourAgo = now - 60 * 60 * 1000;
+        entry.minuteRequests = entry.minuteRequests.filter((t) => t > oneMinuteAgo);
+        entry.hourRequests = entry.hourRequests.filter((t) => t > oneHourAgo);
+        // Check limits
+        const minuteCount = entry.minuteRequests.length;
+        const hourCount = entry.hourRequests.length;
+        if (minuteCount >= config.requestsPerMinute) {
+            // Block if configured
+            if (config.blockDuration) {
+                entry.blockedUntil = now + config.blockDuration;
+            }
+            return {
+                allowed: false,
+                remaining: {
+                    perMinute: 0,
+                    perHour: Math.max(0, config.requestsPerHour - hourCount),
+                },
+                resetAt: entry.minuteRequests[0] + 60 * 1000,
+            };
+        }
+        if (hourCount >= config.requestsPerHour) {
+            // Block if configured
+            if (config.blockDuration) {
+                entry.blockedUntil = now + config.blockDuration;
+            }
+            return {
+                allowed: false,
+                remaining: {
+                    perMinute: Math.max(0, config.requestsPerMinute - minuteCount),
+                    perHour: 0,
+                },
+                resetAt: entry.hourRequests[0] + 60 * 60 * 1000,
+            };
+        }
+        // Record request
+        entry.minuteRequests.push(now);
+        entry.hourRequests.push(now);
+        return {
+            allowed: true,
+            remaining: {
+                perMinute: config.requestsPerMinute - minuteCount - 1,
+                perHour: config.requestsPerHour - hourCount - 1,
+            },
+        };
+    }
+    /**
+     * Reset limits for an identifier
+     */
+    reset(identifier) {
+        this.limits.delete(identifier);
+    }
+    /**
+     * Get current usage for an identifier
+     */
+    getUsage(identifier) {
+        const entry = this.limits.get(identifier);
+        if (!entry) {
+            return { minuteRequests: 0, hourRequests: 0 };
+        }
+        const now = Date.now();
+        const oneMinuteAgo = now - 60 * 1000;
+        const oneHourAgo = now - 60 * 60 * 1000;
+        const minuteRequests = entry.minuteRequests.filter((t) => t > oneMinuteAgo).length;
+        const hourRequests = entry.hourRequests.filter((t) => t > oneHourAgo).length;
+        return {
+            minuteRequests,
+            hourRequests,
+            blockedUntil: entry.blockedUntil,
+        };
+    }
+    /**
+     * Cleanup old entries
+     */
+    cleanup() {
+        const now = Date.now();
+        const oneHourAgo = now - 60 * 60 * 1000;
+        for (const [identifier, entry] of this.limits.entries()) {
+            // Remove if no recent requests and not blocked
+            if (entry.hourRequests.length === 0 ||
+                (entry.hourRequests[entry.hourRequests.length - 1] < oneHourAgo &&
+                    (!entry.blockedUntil || now > entry.blockedUntil))) {
+                this.limits.delete(identifier);
+            }
+        }
+    }
+    /**
+     * Destroy rate limiter
+     */
+    destroy() {
+        clearInterval(this.cleanupInterval);
+        this.limits.clear();
+    }
+}
+//# sourceMappingURL=RateLimiter.js.map

package/dist/esm/security/RateLimiter.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"RateLimiter.js","sourceRoot":"","sources":["../../../src/security/RateLimiter.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAcH,MAAM,OAAO,WAAW;IAItB;QAHQ,WAAM,GAAgC,IAAI,GAAG,EAAE,CAAC;QAItD,sCAAsC;QACtC,IAAI,CAAC,eAAe,GAAG,WAAW,CAAC,GAAG,EAAE;YACtC,IAAI,CAAC,OAAO,EAAE,CAAC;QACjB,CAAC,EAAE,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;IACpB,CAAC;IAED;;OAEG;IACH,UAAU,CACR,UAAkB,EAClB,MAAuB;QASvB,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QACvB,IAAI,KAAK,GAAG,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;QAExC,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,KAAK,GAAG;gBACN,cAAc,EAAE,EAAE;gBAClB,YAAY,EAAE,EAAE;aACjB,CAAC;YACF,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,UAAU,EAAE,KAAK,CAAC,CAAC;QACrC,CAAC;QAED,mBAAmB;QACnB,IAAI,KAAK,CAAC,YAAY,IAAI,GAAG,GAAG,KAAK,CAAC,YAAY,EAAE,CAAC;YACnD,OAAO;gBACL,OAAO,EAAE,KAAK;gBACd,SAAS,EAAE,EAAE,SAAS,EAAE,CAAC,EAAE,OAAO,EAAE,CAAC,EAAE;gBACvC,OAAO,EAAE,KAAK,CAAC,YAAY;aAC5B,CAAC;QACJ,CAAC;QAED,qBAAqB;QACrB,MAAM,YAAY,GAAG,GAAG,GAAG,EAAE,GAAG,IAAI,CAAC;QACrC,MAAM,UAAU,GAAG,GAAG,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC;QAExC,KAAK,CAAC,cAAc,GAAG,KAAK,CAAC,cAAc,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,GAAG,YAAY,CAAC,CAAC;QAC5E,KAAK,CAAC,YAAY,GAAG,KAAK,CAAC,YAAY,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,GAAG,UAAU,CAAC,CAAC;QAEtE,eAAe;QACf,MAAM,WAAW,GAAG,KAAK,CAAC,cAAc,CAAC,MAAM,CAAC;QAChD,MAAM,SAAS,GAAG,KAAK,CAAC,YAAY,CAAC,MAAM,CAAC;QAE5C,IAAI,WAAW,IAAI,MAAM,CAAC,iBAAiB,EAAE,CAAC;YAC5C,sBAAsB;YACtB,IAAI,MAAM,CAAC,aAAa,EAAE,CAAC;gBACzB,KAAK,CAAC,YAAY,GAAG,GAAG,GAAG,MAAM,CAAC,aAAa,CAAC;YAClD,CAAC;YAED,OAAO;gBACL,OAAO,EAAE,KAAK;gBACd,SAAS,EAAE;oBACT,SAAS,EAAE,CAAC;oBACZ,OAAO,EAAE,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,MAAM,CAAC,eAAe,GAAG,SAAS,CAAC;iBACzD;gBACD,OAAO,EAAE,KAAK,CAAC,cAAc,CAAC,CAAC,CAAC,GAAG,EAAE,GAAG,IAAI;aAC7C,CAAC;QACJ,CAAC;QAED,IAAI,SAAS,IAAI,MAAM,CAAC,eAAe,EAAE,CAAC;YACxC,sBAAsB;YACtB,IAAI,MAAM,CAAC,aAAa,EAAE,CAAC;gBACzB,KAAK,CAAC,YAAY,GAAG,GAAG,GAAG,MAAM,CAAC,aAAa,CAAC;YAClD,CAAC;YAED,OAAO;gBACL,OAAO,EAAE,KAAK;gBACd,SAAS,EAAE;oBACT,SAAS,EAAE,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,MAAM,CAAC,iBAAiB,GAAG,WAAW,CAAC;oBAC9D,OAAO,EAAE,CAAC;iBACX;gBACD,OAAO,EAAE,KAAK,CAAC,YAAY,CAAC,CAAC,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI;aAChD,CAAC;QACJ,CAAC;QAED,iBAAiB;QACjB,KAAK,CAAC,cAAc,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAC/B,KAAK,CAAC,YAAY,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAE7B,OAAO;YACL,OAAO,EAAE,IAAI;YACb,SAAS,EAAE;gBACT,SAAS,EAAE,MAAM,CAAC,iBAAiB,GAAG,WAAW,GAAG,CAAC;gBACrD,OAAO,EAAE,MAAM,CAAC,eAAe,GAAG,SAAS,GAAG,CAAC;aAChD;SACF,CAAC;IACJ,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,UAAkB;QACtB,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC;IACjC,CAAC;IAED;;OAEG;IACH,QAAQ,CAAC,UAAkB;QAKzB,MAAM,KAAK,GAAG,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;QAE1C,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,OAAO,EAAE,cAAc,EAAE,CAAC,EAAE,YAAY,EAAE,CAAC,EAAE,CAAC;QAChD,CAAC;QAED,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QACvB,MAAM,YAAY,GAAG,GAAG,GAAG,EAAE,GAAG,IAAI,CAAC;QACrC,MAAM,UAAU,GAAG,GAAG,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC;QAExC,MAAM,cAAc,GAAG,KAAK,CAAC,cAAc,CAAC,MAAM,CAChD,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,GAAG,YAAY,CACxB,CAAC,MAAM,CAAC;QACT,MAAM,YAAY,GAAG,KAAK,CAAC,YAAY,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,GAAG,UAAU,CAAC,CAAC,MAAM,CAAC;QAE7E,OAAO;YACL,cAAc;YACd,YAAY;YACZ,YAAY,EAAE,KAAK,CAAC,YAAY;SACjC,CAAC;IACJ,CAAC;IAED;;OAEG;IACK,OAAO;QACb,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QACvB,MAAM,UAAU,GAAG,GAAG,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC;QAExC,KAAK,MAAM,CAAC,UAAU,EAAE,KAAK,CAAC,IAAI,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,EAAE,CAAC;YACxD,+CAA+C;YAC/C,IACE,KAAK,CAAC,YAAY,CAAC,MAAM,KAAK,CAAC;gBAC/B,CAAC,KAAK,CAAC,YAAY,CAAC,KAAK,CAAC,YAAY,CAAC,MAAM,GAAG,CAAC,CAAC,GAAG,UAAU;oBAC7D,CAAC,CAAC,KAAK,CAAC,YAAY,IAAI,GAAG,GAAG,KAAK,CAAC,YAAY,CAAC,CAAC,EACpD,CAAC;gBACD,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC;YACjC,CAAC;QACH,CAAC;IACH,CAAC;IAED;;OAEG;IACH,OAAO;QACL,aAAa,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;QACpC,IAAI,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC;IACtB,CAAC;CACF"}