@oculum/scanner 1.0.9 → 1.0.11

package/dist/layer2/ai-execution-sinks.js

@@ -43,21 +43,19 @@ function hasLLMResponseContext(lineContent, surroundingContext) {
 function isUITemplateSuggestion(lineContent, surroundingContext) {
     const fullContext = lineContent + '\n' + surroundingContext;
     // UI suggestion object patterns (command palette, autocomplete suggestions)
+    // Note: Be careful not to match variable declarations like `const completion =`
     const uiSuggestionPatterns = [
-        // Object property patterns for suggestion items
-        /(?:id|key|label|title|name|description|completion|display|text|value|placeholder):\s*`[^`]*\$\{/i,
-        // Common suggestion UI patterns
-        /suggestions?\s*[=:]/i,
-        /completions?\s*[=:]/i,
+        // Object property patterns for suggestion items (key: value in objects)
+        /(?:id|key|label|title|name|description|display|text|value|placeholder):\s*`[^`]*\$\{/i,
+        // Common suggestion UI patterns (arrays or objects, not variable declarations)
+        /(?:set)?suggestions\s*[=:]\s*\[/i, // suggestions: [...] or setSuggestions([])
         /autocomplete/i,
         /command\s*palette/i,
         /fuzzy\s*search/i,
         /search\s*result/i,
-        // UI component context patterns
-        /\.map\s*\(\s*\(?(?:item|result|suggestion|node|entry)/i,
-        /\.filter\s*\(/i,
         // React/UI state patterns
-        /useState|setItems|setResults|setSuggestions/i,
+        /useState.*suggestions|setSuggestions/i,
+        /setItems|setResults/i,
         // Template ID generation for UI
         /id:\s*`[a-z]+-\$\{/i, // id: `delete-${...}`, id: `edit-${...}`
     ];
@@ -75,6 +73,12 @@ function isUITemplateSuggestion(lineContent, surroundingContext) {
         /exec\s*\(/i,
         /spawn\s*\(/i,
         /eval\s*\(/i,
+        /fetch\s*\(/i,
+        /axios\./i,
+        /\.redirect\s*\(/i,
+        /\.setHeader\s*\(/i,
+        /\.cookie\s*\(/i,
+        /location\./i,
     ];
     // Check if context matches UI pattern but NOT execution pattern
     const matchesUIPattern = uiSuggestionPatterns.some(p => p.test(fullContext));
@@ -149,7 +153,7 @@ function hasOutputValidation(content, lineNumber) {
         /validate/i,
         /sanitize/i,
         /escape/i,
-        /filter/i,
+        /\.filter\s*\([^)]*(?:allowed|safe|valid)/i, // .filter(x => allowed.includes(x))
         /parse.*catch/i,
         /schema\./i,
         /\.parse\s*\(/i,
@@ -157,9 +161,19 @@ function hasOutputValidation(content, lineNumber) {
         /whitelist/i,
         /blocklist/i,
         /blacklist/i,
+        /allowed(?:Columns|Tables|Hosts|Domains|Extensions|Types|Args|Paths)/i, // Allowlist variable names
         /JSON\.parse.*catch/i,
         /DOMPurify/i,
         /xss/i,
+        /encodeURIComponent/i,
+        /\.replace\s*\(\s*\/\[.*\]\/[gi]*/i, // Regex sanitization like .replace(/[^a-z0-9]/gi, '')
+        /textContent\s*=/i, // Using textContent (safe) instead of innerHTML
+        /ReactMarkdown/i, // React Markdown sanitizes by default
+        /ast\.literal_eval/i, // Python safe eval
+        /yaml\.(?:safe_load|SafeLoader)/i, // Safe YAML parsing
+        /\.startsWith\s*\(\s*['"]\/['"]?\)/i, // Relative URL check
+        /new\s+URL\s*\(.*\).*origin/i, // URL origin check
+        /path\.resolve.*startsWith/i, // Path validation
     ];
     return validationPatterns.some(p => p.test(context));
 }
@@ -278,12 +292,28 @@ const EXECUTION_SINK_PATTERNS = [
     // ========== Template/DOM Sinks ==========
     {
         name: 'LLM output to innerHTML',
-        pattern: /\.innerHTML\s*=\s*(?:response|result|output|completion|message|content)(?:\.|\.data\.|\.text|\.content)?/gi,
+        pattern: /\.innerHTML\s*=\s*(?:response|result|output|completion|message|content|generated)(?:\.|\.data\.|\.text|\.content)?/gi,
         sinkType: 'template_render',
         baseSeverity: 'high',
         description: 'LLM output assigned to innerHTML. If the model outputs malicious HTML/JS, it will execute (XSS).',
         suggestedFix: 'Use textContent for plain text. Sanitize HTML with DOMPurify before rendering. Use React/Vue which auto-escape by default.',
     },
+    {
+        name: 'LLM output to outerHTML',
+        pattern: /\.outerHTML\s*=\s*(?:response|result|output|completion|message|content|generated)(?:\.|\.data\.|\.text|\.content)?/gi,
+        sinkType: 'template_render',
+        baseSeverity: 'high',
+        description: 'LLM output assigned to outerHTML. This replaces the entire element and allows XSS.',
+        suggestedFix: 'Use textContent for plain text. Sanitize HTML with DOMPurify before rendering.',
+    },
+    {
+        name: 'LLM output to insertAdjacentHTML',
+        pattern: /\.insertAdjacentHTML\s*\([^,]+,\s*(?:response|result|output|completion|message|content|generated)/gi,
+        sinkType: 'template_render',
+        baseSeverity: 'high',
+        description: 'LLM output passed to insertAdjacentHTML. This allows XSS via injected HTML/JS.',
+        suggestedFix: 'Use insertAdjacentText for plain text. Sanitize HTML with DOMPurify: el.insertAdjacentHTML("beforeend", DOMPurify.sanitize(content))',
+    },
     {
         name: 'LLM output to dangerouslySetInnerHTML',
         pattern: /dangerouslySetInnerHTML\s*=\s*\{\s*\{\s*__html:\s*(?:response|result|output|completion|message|content)/gi,
@@ -350,8 +380,369 @@ const EXECUTION_SINK_PATTERNS = [
         description: 'AI output used in module path resolution. Could leak information about file system or enable module confusion attacks.',
         suggestedFix: 'Validate module name against allowlist before resolution.',
     },
+    // ========== Phase 2: Network/SSRF Sinks ==========
+    {
+        name: 'LLM output in fetch URL',
+        pattern: /fetch\s*\(\s*(?:response|result|output|completion|aiUrl|generatedUrl|urlFromAi)(?:\.choices\[0\]\.message\.content|\.content|\.text)?/gi,
+        sinkType: 'code_execution', // SSRF is code-level risk
+        baseSeverity: 'critical',
+        description: 'AI-generated URL passed to fetch(). Attackers can manipulate the model to make requests to internal services (SSRF), exfiltrate data, or access localhost services.',
+        suggestedFix: 'Validate URL against allowlist: const allowed = ["api.example.com"]; if (!allowed.includes(new URL(url).host)) throw. Block private IP ranges.',
+    },
+    {
+        name: 'LLM output in axios request',
+        pattern: /axios\.(?:get|post|put|delete|patch|request)\s*\(\s*(?:response|result|output|completion|aiUrl|generatedUrl)(?:\.choices\[0\]\.message\.content|\.content|\.text)?/gi,
+        sinkType: 'code_execution',
+        baseSeverity: 'critical',
+        description: 'AI-generated URL passed to axios. This enables SSRF attacks where the model is manipulated to make requests to internal services.',
+        suggestedFix: 'Validate URL host against allowlist. Use axios interceptors to block private IPs and internal hosts.',
+    },
+    {
+        name: 'LLM output in axios config',
+        pattern: /axios\s*\(\s*\{[^}]*url:\s*(?:response|result|output|completion|aiUrl|generatedUrl)/gi,
+        sinkType: 'code_execution',
+        baseSeverity: 'critical',
+        description: 'AI-generated URL passed to axios via config object. SSRF risk.',
+        suggestedFix: 'Validate URL host against allowlist before passing to axios.',
+    },
+    {
+        name: 'LLM output in HTTP client',
+        pattern: /(?:got|request|superagent|ky|undici\.fetch)\s*\(\s*(?:response|result|output|completion|aiUrl)(?:\.choices\[0\]\.message\.content|\.content|\.text)?/gi,
+        sinkType: 'code_execution',
+        baseSeverity: 'critical',
+        description: 'AI-generated URL passed to HTTP client. Server-Side Request Forgery (SSRF) risk.',
+        suggestedFix: 'Validate URLs against allowlist of permitted hosts. Block internal IP ranges (10.x, 172.16-31.x, 192.168.x, 127.x, localhost).',
+    },
+    // ========== Phase 2: Redirect Sinks ==========
+    {
+        name: 'LLM output in server redirect',
+        pattern: /(?:res|response)\.redirect\s*\(\s*(?:response|result|output|completion|aiUrl|generatedUrl)(?:\.choices\[0\]\.message\.content|\.content|\.text)?/gi,
+        sinkType: 'template_render', // Open redirect is similar to XSS
+        baseSeverity: 'high',
+        description: 'AI-generated URL used in HTTP redirect. Attackers can craft prompts to redirect users to phishing sites or malicious pages.',
+        suggestedFix: 'Validate redirect URL against allowlist. Only allow redirects to same-origin or known safe domains. Use relative URLs where possible.',
+    },
+    {
+        name: 'LLM output in client redirect assignment',
+        pattern: /(?:window\.)?location\.href\s*=\s*(?:response|result|output|completion|aiUrl|generatedUrl)(?:\.choices\[0\]\.message\.content|\.content|\.text)?/gi,
+        sinkType: 'template_render',
+        baseSeverity: 'high',
+        description: 'AI-generated URL assigned to location.href. Enables open redirect attacks.',
+        suggestedFix: 'Validate URL before assignment. Prefer relative URLs or validate against allowlist: if (!url.startsWith("/") && !allowedHosts.includes(new URL(url).host)) throw',
+    },
+    {
+        name: 'LLM output in location.assign',
+        pattern: /location\.assign\s*\(\s*(?:response|result|output|completion|aiUrl|generatedUrl)(?:\.choices\[0\]\.message\.content|\.content|\.text)?/gi,
+        sinkType: 'template_render',
+        baseSeverity: 'high',
+        description: 'AI-generated URL passed to location.assign(). Enables open redirect attacks.',
+        suggestedFix: 'Validate URL before assignment. Only allow same-origin or allowlisted domains.',
+    },
+    {
+        name: 'LLM output in location.replace',
+        pattern: /location\.replace\s*\(\s*(?:response|result|output|completion|aiUrl|generatedUrl)(?:\.choices\[0\]\.message\.content|\.content|\.text)?/gi,
+        sinkType: 'template_render',
+        baseSeverity: 'high',
+        description: 'AI-generated URL passed to location.replace(). Enables open redirect attacks.',
+        suggestedFix: 'Validate URL before assignment. Only allow same-origin or allowlisted domains.',
+    },
+    {
+        name: 'LLM output in Next.js redirect',
+        pattern: /redirect\s*\(\s*(?:response|result|output|completion|aiUrl|generatedUrl)(?:\.choices\[0\]\.message\.content|\.content|\.text)?/gi,
+        sinkType: 'template_render',
+        baseSeverity: 'high',
+        description: 'AI-generated URL passed to Next.js redirect(). Enables open redirect attacks.',
+        suggestedFix: 'Validate URL before redirect. Only allow relative URLs or allowlisted domains.',
+    },
+    {
+        name: 'LLM output in meta refresh',
+        pattern: /<meta[^>]*http-equiv\s*=\s*['"`]refresh['"`][^>]*content\s*=\s*['"`][^'"]*url\s*=\s*(?:\$\{|<%=).*(?:response|output|completion)/gi,
+        sinkType: 'template_render',
+        baseSeverity: 'high',
+        description: 'AI-generated URL in meta refresh tag. Open redirect vulnerability.',
+        suggestedFix: 'Avoid meta refresh with dynamic URLs. Use server-side redirects with URL validation instead.',
+    },
+    // ========== Phase 2: Header Injection Sinks ==========
+    {
+        name: 'LLM output in response header',
+        pattern: /(?:res|response)\.(?:setHeader|set|header)\s*\(\s*['"][^'"]+['"]\s*,\s*(?:response|result|output|completion|aiValue)(?:\.choices\[0\]\.message\.content|\.content|\.text)?/gi,
+        sinkType: 'template_render',
+        baseSeverity: 'high',
+        description: 'AI-generated value used in HTTP response header. Enables header injection attacks (CRLF injection, cache poisoning).',
+        suggestedFix: 'Sanitize header values: remove CR/LF characters. Validate against expected format. Never use AI output directly in security-sensitive headers (Set-Cookie, Authorization).',
+    },
+    {
+        name: 'LLM output in cookie',
+        pattern: /(?:res|response)\.(?:cookie|setCookie)\s*\(\s*['"][^'"]+['"]\s*,\s*(?:response|result|output|completion)(?:\.choices\[0\]\.message\.content|\.content|\.text)?/gi,
+        sinkType: 'template_render',
+        baseSeverity: 'high',
+        description: 'AI-generated value set as cookie. Could enable session fixation or cookie injection attacks.',
+        suggestedFix: 'Never use AI output for cookie values. Generate tokens server-side with crypto.randomBytes(). Validate any user-facing values.',
+    },
+    {
+        name: 'LLM output in res.type',
+        pattern: /(?:res|response)\.type\s*\(\s*(?:response|result|output|completion)(?:\.choices\[0\]\.message\.content|\.content|\.text)?/gi,
+        sinkType: 'template_render',
+        baseSeverity: 'high',
+        description: 'AI-generated value used to set Content-Type. Could enable MIME confusion attacks.',
+        suggestedFix: 'Use allowlist for content types: const allowed = ["json", "html", "text"]; if (!allowed.includes(type)) throw',
+    },
+    // ========== Phase 3: Additional Code Execution Sinks ==========
+    {
+        name: 'LLM output to setTimeout/setInterval string',
+        pattern: /(?:setTimeout|setInterval)\s*\(\s*(?:response|result|output|completion)(?:\.choices\[0\]\.message\.content|\.content|\.text)?/gi,
+        sinkType: 'code_execution',
+        baseSeverity: 'high',
+        description: 'AI-generated string passed to setTimeout/setInterval. When passed a string, these functions act like eval().',
+        suggestedFix: 'Never pass strings to setTimeout/setInterval. Use arrow functions: setTimeout(() => doSomething(), 1000)',
+    },
+    {
+        name: 'LLM output to globalThis.eval',
+        pattern: /(?:globalThis|window)\[?['"]?eval['"]?\]?\s*\(\s*(?:response|result|output|completion)(?:\.choices\[0\]\.message\.content|\.content|\.text)?/gi,
+        sinkType: 'code_execution',
+        baseSeverity: 'critical',
+        description: 'AI-generated code passed to eval via globalThis/window. This is indirect eval() that enables arbitrary code execution.',
+        suggestedFix: 'Never eval() LLM output. Use structured output and validation.',
+    },
+    {
+        name: 'LLM output to execa',
+        pattern: /execa\s*\(\s*(?:response|result|output|completion)(?:\.choices\[0\]\.message\.content|\.content|\.text)?/gi,
+        sinkType: 'shell_command',
+        baseSeverity: 'critical',
+        description: 'AI-generated command passed to execa. This enables command injection attacks.',
+        suggestedFix: 'Never pass LLM output directly to shell. Use allowlists for permitted commands.',
+    },
+    // ========== Phase 3: Python-Specific Sinks ==========
+    {
+        name: 'LLM output to Python eval',
+        pattern: /eval\s*\(\s*(?:response|result|output|completion|code)(?:\[['"]?choices['"]?\]\[0\]\[['"]?message['"]?\]\[['"]?content['"]?\]|\.content|\.text)?/gi,
+        sinkType: 'code_execution',
+        baseSeverity: 'critical',
+        description: 'AI-generated code passed to Python eval(). Enables arbitrary code execution.',
+        suggestedFix: 'Never eval() LLM output. Use ast.literal_eval() for safe literal evaluation, or JSON parsing with schema validation.',
+    },
+    {
+        name: 'LLM output to Python exec',
+        pattern: /exec\s*\(\s*(?:response|result|output|completion)(?:\[['"]?choices['"]?\]\[0\]\[['"]?message['"]?\]\[['"]?content['"]?\]|\.content|\.text)?/gi,
+        sinkType: 'code_execution',
+        baseSeverity: 'critical',
+        description: 'AI-generated code passed to Python exec(). Enables arbitrary code execution.',
+        suggestedFix: 'Never exec() LLM output. Use structured output and validation instead.',
+    },
+    {
+        name: 'LLM output to pickle.loads',
+        pattern: /pickle\.loads?\s*\(\s*(?:response|result|output|completion|serialized)(?:\.encode\(\)|\.content|\.text)?/gi,
+        sinkType: 'code_execution',
+        baseSeverity: 'critical',
+        description: 'AI-generated data passed to pickle.loads(). Pickle deserialization can execute arbitrary code.',
+        suggestedFix: 'Never unpickle untrusted data. Use JSON or other safe serialization formats.',
+    },
+    {
+        name: 'LLM output to subprocess with shell=True',
+        pattern: /subprocess\.(?:run|call|Popen)\s*\(\s*(?:response|result|output|completion|ai_command|generated_cmd)(?:\.content|\.text)?[^)]*shell\s*=\s*True/gi,
+        sinkType: 'shell_command',
+        baseSeverity: 'critical',
+        description: 'AI-generated command passed to subprocess with shell=True. Enables command injection.',
+        suggestedFix: 'Never use shell=True with user/AI input. Use subprocess.run(["cmd", "arg1", "arg2"]) without shell.',
+    },
+    {
+        name: 'LLM output to os.system',
+        pattern: /os\.system\s*\(\s*(?:response|result|output|completion|generated_cmd|ai_command)(?:\.content|\.text)?/gi,
+        sinkType: 'shell_command',
+        baseSeverity: 'critical',
+        description: 'AI-generated command passed to os.system(). Enables command injection.',
+        suggestedFix: 'Use subprocess.run() with list arguments instead of os.system(). Never pass AI output to shell.',
+    },
+    {
+        name: 'Python SQL f-string injection',
+        pattern: /cursor\.execute\s*\(\s*f["'].*\{.*(?:response|result|output|completion)/gi,
+        sinkType: 'sql_builder',
+        baseSeverity: 'critical',
+        description: 'AI-generated value interpolated into SQL query via f-string. Enables SQL injection.',
+        suggestedFix: 'Use parameterized queries: cursor.execute("SELECT * FROM users WHERE id = ?", [user_id])',
+    },
 ];
 // ============================================================================
+// Phase 2: URL/Network Validation Detection
+// ============================================================================
+/**
+ * Check if URL validation is present (returns 'strong', 'weak', or 'none')
+ * Strong validation = skip finding entirely
+ * Weak validation = downgrade severity
+ */
+function getURLValidationLevel(content, lineNumber) {
+    const lines = content.split('\n');
+    const contextStart = Math.max(0, lineNumber - 15);
+    const contextEnd = Math.min(lines.length, lineNumber + 5);
+    const context = lines.slice(contextStart, contextEnd).join('\n');
+    // Strong validation - skip entirely
+    const strongValidationPatterns = [
+        /allowedHosts\.includes\s*\(\s*(?:new\s+URL)?/i, // Explicit allowlist check
+        /safeDomains\.includes\s*\(/i, // Safe domain allowlist
+        /allowedDomains\.includes\s*\(/i, // Allowed domain check
+        /if\s*\(\s*allowedHosts/i, // Conditional on allowlist
+        /if\s*\(\s*safeDomains/i, // Conditional on safe domains
+        /url\.origin\s*===\s*(?:window\.)?(?:location\.)?origin/i, // Same-origin check
+        /\.origin\s*===\s*origin/i, // Same-origin check
+        /\.startsWith\s*\(\s*['"]\/['"]?\s*\)\s*&&\s*!\s*\w+\.startsWith\s*\(\s*['"]\/\//i, // Relative URL with protocol-relative check
+        /if\s*\(\s*\w+\.startsWith\s*\(\s*['"]\/['"]?\s*\)\s*&&\s*!/i, // Relative URL validation
+        /blockedHosts\.includes\s*\(/i, // Block list check
+        /privateIpPatterns\.some\s*\(/i, // Private IP blocking
+    ];
+    if (strongValidationPatterns.some(p => p.test(context))) {
+        return 'strong';
+    }
+    // Weak validation - downgrade severity
+    const weakValidationPatterns = [
+        /isValidUrl|validateUrl|isAllowedUrl/i,
+        /new\s+URL\s*\(.*\).*(?:host|hostname|origin)/i,
+        /allowedUrls|allowedHosts|allowedDomains|safeDomains/i,
+        /url\.startsWith\s*\(\s*['"`](?:https?:\/\/|\/[^\/])/i,
+        /sanitizeUrl|encodeURIComponent/i,
+        /blockedHosts|blockedDomains|privateIp/i,
+        /\.includes\s*\(\s*(?:new\s+URL\s*\()?.*\.host/i,
+    ];
+    if (weakValidationPatterns.some(p => p.test(context))) {
+        return 'weak';
+    }
+    return 'none';
+}
+/**
+ * Legacy function for backward compatibility
+ */
+function hasURLValidation(content, lineNumber) {
+    return getURLValidationLevel(content, lineNumber) !== 'none';
+}
+/**
+ * Check if DOM content is sanitized (e.g., DOMPurify)
+ */
+function isDOMSanitized(lineContent, surroundingContext) {
+    const fullContext = lineContent + '\n' + surroundingContext;
+    const sanitizationPatterns = [
+        /DOMPurify\.sanitize\s*\(/i,
+        /sanitizeHtml\s*\(/i,
+        /xss\s*\(/i,
+        /escapeHtml\s*\(/i,
+        /textContent\s*=/i, // textContent is safe
+        /innerText\s*=/i, // innerText is safe
+        /ReactMarkdown/i, // ReactMarkdown sanitizes by default
+        /<ReactMarkdown>/i, // JSX ReactMarkdown
+    ];
+    return sanitizationPatterns.some(p => p.test(fullContext));
+}
+/**
+ * Check if file path is properly validated
+ */
+function isPathValidated(content, lineNumber) {
+    const lines = content.split('\n');
+    const contextStart = Math.max(0, lineNumber - 15);
+    const contextEnd = Math.min(lines.length, lineNumber + 5);
+    const context = lines.slice(contextStart, contextEnd).join('\n');
+    const pathValidationPatterns = [
+        /path\.resolve\s*\([^)]*\).*startsWith/i, // Resolved path + startsWith check
+        /resolved\.startsWith\s*\(/i, // Common pattern: resolved.startsWith(baseDir)
+        /!.*startsWith.*throw/i, // Validation with throw on failure
+        /if\s*\(\s*!?\s*resolved\.startsWith/i, // Conditional path check
+        /allowedExtensions\.includes\s*\(/i, // Extension allowlist
+        /allowedPaths/i, // Path allowlist
+        /SAFE_BASE_DIR/i, // Common safe directory constant
+        /baseDir|safeDir|allowedDir/i, // Directory restriction variables
+        /path\.basename\s*\(/i, // Only using basename (no traversal)
+        /\.replace\s*\(/i, // Generic replace (likely sanitization)
+    ];
+    return pathValidationPatterns.some(p => p.test(context));
+}
+/**
+ * Check if header value is sanitized
+ */
+function isHeaderSanitized(content, lineNumber) {
+    const lines = content.split('\n');
+    const contextStart = Math.max(0, lineNumber - 15);
+    const contextEnd = Math.min(lines.length, lineNumber + 5);
+    const context = lines.slice(contextStart, contextEnd).join('\n');
+    const headerSanitizationPatterns = [
+        /\.replace\s*\(\s*\/\[\\r\\n\]/i, // CRLF removal
+        /\.replace\s*\(\s*\/\[\\\\r\\\\n\]/i, // CRLF removal (escaped)
+        /allowedTypes\.includes\s*\(/i, // Content-type allowlist
+        /allowed(?:Headers|Types|Values)\.includes\s*\(/i, // Generic allowlist
+        /if\s*\(\s*allowed\w*\.includes\s*\(/i, // Conditional allowlist
+        /crypto\.random/i, // Server-generated value (not AI)
+        /randomUUID/i, // UUID generation
+        /safeValue|sanitized/i, // Variable indicating sanitization
+    ];
+    return headerSanitizationPatterns.some(p => p.test(context));
+}
+/**
+ * Check for Python-specific safe patterns
+ */
+function isPythonSafe(lineContent, surroundingContext) {
+    const fullContext = lineContent + '\n' + surroundingContext;
+    const pythonSafePatterns = [
+        /ast\.literal_eval\s*\(/i, // Safe literal evaluation
+        /yaml\.(?:safe_load|SafeLoader)/i, // Safe YAML
+        /yaml\.load\s*\([^)]*Loader\s*=\s*yaml\.SafeLoader/i, // Explicit SafeLoader
+        /cursor\.execute\s*\([^,]+,\s*\[/i, // Parameterized query with list
+        /\?\s*,\s*\[/i, // SQL placeholder with params
+        /%s.*,\s*\[/i, // Python %s placeholder with list
+        /subprocess\.run\s*\(\s*\[/i, // subprocess with list (no shell)
+        /shell\s*=\s*False/i, // Explicit shell=False
+    ];
+    return pythonSafePatterns.some(p => p.test(fullContext));
+}
+/**
+ * Check if SQL is using parameterized queries or ORM
+ */
+function isSQLParameterized(lineContent, surroundingContext) {
+    const fullContext = lineContent + '\n' + surroundingContext;
+    const parameterizedPatterns = [
+        /allowedColumns\.filter\s*\(/i, // Column allowlist
+        /safeColumns/i, // Safe column variable
+        /allowedColumns\.includes\s*\(/i, // Column allowlist check
+        /\.filter\s*\(\s*\w+\s*=>\s*allowed\w*\.includes/i, // Filter with allowlist
+        /schema\.parse\s*\(/i, // Zod schema validation
+        /z\.enum\s*\(\s*\[/i, // Zod enum (allowlist)
+        /prisma\.\w+\.(?:findMany|findUnique|create|update)/i, // Prisma ORM methods (not raw)
+        /\$\{.*\}.*WHERE.*=\s*\$\d/i, // Dynamic column but parameterized value
+    ];
+    return parameterizedPatterns.some(p => p.test(fullContext));
+}
+/**
+ * Check if shell execution uses allowlist
+ */
+function isShellAllowlisted(content, lineNumber) {
+    const lines = content.split('\n');
+    const contextStart = Math.max(0, lineNumber - 15);
+    const contextEnd = Math.min(lines.length, lineNumber + 5);
+    const context = lines.slice(contextStart, contextEnd).join('\n');
+    const shellAllowlistPatterns = [
+        /allowedArgs\.includes\s*\(/i, // Argument allowlist
+        /if\s*\(\s*allowedArgs\.includes/i, // Conditional on allowlist
+        /allowedCommands\.includes\s*\(/i, // Command allowlist
+        /execFile\s*\(\s*['"][^'"]+['"]/i, // execFile with hardcoded command (safe)
+        /\.replace\s*\(\s*\/\[^a-z0-9\]/gi, // Strict sanitization
+        /sanitized\s*=/i, // Sanitization variable
+    ];
+    return shellAllowlistPatterns.some(p => p.test(context));
+}
+/**
+ * Check if dynamic import uses allowlist
+ */
+function isImportAllowlisted(content, lineNumber) {
+    const lines = content.split('\n');
+    const contextStart = Math.max(0, lineNumber - 15);
+    const contextEnd = Math.min(lines.length, lineNumber + 5);
+    const context = lines.slice(contextStart, contextEnd).join('\n');
+    const importAllowlistPatterns = [
+        /ALLOWED_PLUGINS\s*[=:]/i, // Plugin allowlist
+        /importMap\s*[=:]/i, // Import map object
+        /allowedModules/i, // Module allowlist
+        /if\s*\(\s*\w+\s+in\s+importMap\)/i, // Key in import map
+        /if\s*\(\s*loader\)/i, // Loader function check (from allowlist)
+        /\[aiModule\]\s*$/i, // Array access into known object (allowlist lookup)
+    ];
+    return importAllowlistPatterns.some(p => p.test(context));
+}
+// ============================================================================
 // Main Detection Function
 // ============================================================================
 /**
@@ -453,8 +844,64 @@ function detectAIExecutionSinks(content, filePath) {
             // Check for sandboxing and validation
             const isSandboxed = isSandboxedExecution(content, lineNumber);
             const hasValidation = hasOutputValidation(content, lineNumber);
+            // ===== SINK-SPECIFIC VALIDATION CHECKS =====
+            // Phase 2: Check for URL validation on network/redirect sinks (SSRF, Open Redirect)
+            const isNetworkSink = pattern.name.includes('fetch') || pattern.name.includes('axios') ||
+                pattern.name.includes('HTTP') || pattern.name.includes('redirect') ||
+                pattern.name.includes('location') || pattern.name.includes('got');
+            if (isNetworkSink) {
+                const urlValidLevel = getURLValidationLevel(content, lineNumber);
+                if (urlValidLevel === 'strong') {
+                    continue; // Skip - strong URL validation present
+                }
+            }
+            // Phase 3: Check for DOM sanitization on template_render sinks
+            const hasDOMSanitization = pattern.sinkType === 'template_render'
+                ? isDOMSanitized(lineContent, surroundingContext)
+                : false;
+            // Skip DOM findings if sanitized
+            if (hasDOMSanitization && pattern.sinkType === 'template_render') {
+                continue;
+            }
+            // Check for header sanitization
+            const isHeaderSink = pattern.name.includes('header') || pattern.name.includes('cookie') ||
+                pattern.name.includes('res.type');
+            if (isHeaderSink && isHeaderSanitized(content, lineNumber)) {
+                continue; // Skip - header value is sanitized
+            }
+            // Check for path validation on file system sinks
+            const isFileSink = pattern.name.includes('file path') || pattern.name.includes('fs operation') ||
+                pattern.name.includes('path.join');
+            if (isFileSink && isPathValidated(content, lineNumber)) {
+                continue; // Skip - path is validated
+            }
+            // Check for SQL parameterization
+            const isSQLSink = pattern.sinkType === 'sql_builder';
+            if (isSQLSink && isSQLParameterized(lineContent, surroundingContext)) {
+                continue; // Skip - SQL is parameterized or uses allowlist
+            }
+            // Check for shell allowlist
+            const isShellSink = pattern.sinkType === 'shell_command';
+            if (isShellSink && isShellAllowlisted(content, lineNumber)) {
+                continue; // Skip - shell command uses allowlist
+            }
+            // Check for import allowlist
+            const isImportSink = pattern.name.includes('import') || pattern.name.includes('require');
+            if (isImportSink && isImportAllowlisted(content, lineNumber)) {
+                continue; // Skip - import uses allowlist
+            }
+            // Check for Python-specific safe patterns
+            const isPythonSink = pattern.name.includes('Python') || pattern.name.includes('pickle') ||
+                pattern.name.includes('subprocess') || pattern.name.includes('os.system');
+            if (isPythonSink && isPythonSafe(lineContent, surroundingContext)) {
+                continue; // Skip - Python code uses safe patterns
+            }
+            // Check URL validation level for severity adjustment
+            const hasURLValid = isNetworkSink ? getURLValidationLevel(content, lineNumber) !== 'none' : false;
+            // Combine validation checks (URL validation counts as validation for network sinks)
+            const effectiveValidation = hasValidation || hasURLValid;
             // Calculate final severity
-            const severity = calculateSeverity(pattern.baseSeverity, pattern.sinkType, isSandboxed, hasValidation, isTestFile, isExample, isLibrary);
+            const severity = calculateSeverity(pattern.baseSeverity, pattern.sinkType, isSandboxed, effectiveValidation, isTestFile, isExample, isLibrary);
             // Build description with context
             let description = pattern.description;
             if (isSandboxed) {
@@ -463,6 +910,9 @@ function detectAIExecutionSinks(content, filePath) {
             if (hasValidation) {
                 description += ' (Some validation detected nearby.)';
             }
+            if (hasURLValid && !hasValidation) {
+                description += ' (URL validation detected nearby.)';
+            }
             if (isTestFile) {
                 description += ' (In test file.)';
             }

package/dist/layer2/ai-execution-sinks.js.map

@@ -1 +1 @@
-{"version":3,"file":"ai-execution-sinks.js","sourceRoot":"","sources":["../../src/layer2/ai-execution-sinks.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;GAWG;;AA0cH,wDA8GC;AArjBD,8DAMiC;AACjC,2DAAsD;AAEtD,+EAA+E;AAC/E,gCAAgC;AAChC,+EAA+E;AAE/E;;GAEG;AACH,SAAS,qBAAqB,CAAC,WAAmB,EAAE,kBAA0B;IAC5E,MAAM,mBAAmB,GAAG;QAC1B,mCAAmC,EAAM,kBAAkB;QAC3D,uBAAuB,EAAmB,qBAAqB;QAC/D,mBAAmB,EAAwB,qBAAqB;QAChE,kBAAkB,EAAyB,eAAe;QAC1D,qDAAqD,EAAE,WAAW;QAClE,sBAAsB,EAAqB,uBAAuB;KACnE,CAAA;IAED,MAAM,WAAW,GAAG,WAAW,GAAG,IAAI,GAAG,kBAAkB,CAAA;IAC3D,OAAO,mBAAmB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,CAAA;AAC3D,CAAC;AAED,+EAA+E;AAC/E,sEAAsE;AACtE,+EAA+E;AAE/E;;;GAGG;AACH,SAAS,sBAAsB,CAAC,WAAmB,EAAE,kBAA0B;IAC7E,MAAM,WAAW,GAAG,WAAW,GAAG,IAAI,GAAG,kBAAkB,CAAA;IAE3D,4EAA4E;IAC5E,MAAM,oBAAoB,GAAG;QAC3B,gDAAgD;QAChD,kGAAkG;QAClG,gCAAgC;QAChC,sBAAsB;QACtB,sBAAsB;QACtB,eAAe;QACf,oBAAoB;QACpB,iBAAiB;QACjB,kBAAkB;QAClB,gCAAgC;QAChC,wDAAwD;QACxD,gBAAgB;QAChB,0BAA0B;QAC1B,8CAA8C;QAC9C,gCAAgC;QAChC,qBAAqB,EAAG,yCAAyC;KAClE,CAAA;IAED,yDAAyD;IACzD,MAAM,uBAAuB,GAAG;QAC9B,eAAe;QACf,iBAAiB;QACjB,aAAa;QACb,eAAe;QACf,WAAW;QACX,aAAa;QACb,SAAS;QACT,cAAc;QACd,gBAAgB;QAChB,YAAY;QACZ,aAAa;QACb,YAAY;KACb,CAAA;IAED,gEAAgE;IAChE,MAAM,gBAAgB,GAAG,oBAAoB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,CAAA;IAC5E,MAAM,uBAAuB,GAAG,uBAAuB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,CAAA;IAEtF,OAAO,gBAAgB,IAAI,CAAC,uBAAuB,CAAA;AACrD,CAAC;AAED;;;GAGG;AACH,SAAS,sBAAsB,CAAC,WAAmB,EAAE,kBAA0B;IAC7E,MAAM,WAAW,GAAG,WAAW,GAAG,IAAI,GAAG,kBAAkB,CAAA;IAE3D,4EAA4E;IAC5E,MAAM,eAAe,GAAG;QACtB,oCAAoC;QACpC,gFAAgF;QAChF,sBAAsB;QACtB,uEAAuE;QACvE,kBAAkB;QAClB,sDAAsD;QACtD,0BAA0B;QAC1B,iDAAiD;QACjD,qDAAqD;KACtD,CAAA;IAED,qDAAqD;IACrD,MAAM,iBAAiB,GAAG;QACxB,uEAAuE;QACvE,2DAA2D;QAC3D,iBAAiB;QACjB,uBAAuB;KACxB,CAAA;IAED,MAAM,SAAS,GAAG,eAAe,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,CAAA;IAChE,MAAM,WAAW,GAAG,iBAAiB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,CAAA;IAEpE,OAAO,SAAS,IAAI,CAAC,WAAW,CAAA;AAClC,CAAC;AAED,+EAA+E;AAC/E,mCAAmC;AACnC,+EAA+E;AAE/E;;GAEG;AACH,SAAS,oBAAoB,CAAC,OAAe,EAAE,UAAkB;IAC/D,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAA;IACjC,MAAM,YAAY,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,UAAU,GAAG,EAAE,CAAC,CAAA;IACjD,MAAM,UAAU,GAAG,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,EAAE,UAAU,GAAG,EAAE,CAAC,CAAA;IAC1D,MAAM,OAAO,GAAG,KAAK,CAAC,KAAK,CAAC,YAAY,EAAE,UAAU,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;IAEhE,MAAM,eAAe,GAAG;QACtB,MAAM;QACN,cAAc;QACd,WAAW;QACX,YAAY;QACZ,UAAU;QACV,+BAA+B;QAC/B,4BAA4B;QAC5B,iBAAiB;QACjB,iBAAiB;QACjB,UAAU;QACV,YAAY;QACZ,kBAAkB;KACnB,CAAA;IAED,OAAO,eAAe,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAA;AACnD,CAAC;AAED;;GAEG;AACH,SAAS,mBAAmB,CAAC,OAAe,EAAE,UAAkB;IAC9D,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAA;IACjC,MAAM,YAAY,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,UAAU,GAAG,EAAE,CAAC,CAAA;IACjD,MAAM,UAAU,GAAG,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,EAAE,UAAU,GAAG,CAAC,CAAC,CAAA;IACzD,MAAM,OAAO,GAAG,KAAK,CAAC,KAAK,CAAC,YAAY,EAAE,UAAU,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;IAEhE,MAAM,kBAAkB,GAAG;QACzB,WAAW;QACX,WAAW;QACX,SAAS;QACT,SAAS;QACT,eAAe;QACf,WAAW;QACX,eAAe;QACf,YAAY;QACZ,YAAY;QACZ,YAAY;QACZ,YAAY;QACZ,qBAAqB;QACrB,YAAY;QACZ,MAAM;KACP,CAAA;IAED,OAAO,kBAAkB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAA;AACtD,CAAC;AAED;;GAEG;AACH,SAAS,aAAa,CAAC,WAAmB,EAAE,kBAA0B;IACpE,MAAM,eAAe,GAAG;QACtB,iCAAiC;QACjC,kBAAkB;QAClB,gBAAgB;QAChB,aAAa;QACb,oBAAoB;QACpB,aAAa;QACb,mBAAmB;QACnB,cAAc;QACd,cAAc;QACd,sBAAsB;KACvB,CAAA;IAED,MAAM,WAAW,GAAG,WAAW,GAAG,IAAI,GAAG,kBAAkB,CAAA;IAC3D,OAAO,eAAe,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,CAAA;AACvD,CAAC;AAiBD,MAAM,uBAAuB,GAA2B;IACtD,6CAA6C;IAC7C;QACE,IAAI,EAAE,sBAAsB;QAC5B,OAAO,EAAE,4HAA4H;QACrI,QAAQ,EAAE,gBAAgB;QAC1B,YAAY,EAAE,UAAU;QACxB,WAAW,EAAE,iIAAiI;QAC9I,YAAY,EAAE,6KAA6K;KAC5L;IACD;QACE,IAAI,EAAE,oCAAoC;QAC1C,OAAO,EAAE,kGAAkG;QAC3G,QAAQ,EAAE,gBAAgB;QAC1B,YAAY,EAAE,UAAU;QACxB,WAAW,EAAE,8EAA8E;QAC3F,YAAY,EAAE,8FAA8F;KAC7G;IACD;QACE,IAAI,EAAE,+BAA+B;QACrC,OAAO,EAAE,wGAAwG;QACjH,QAAQ,EAAE,gBAAgB;QAC1B,YAAY,EAAE,MAAM;QACpB,WAAW,EAAE,sGAAsG;QACnH,YAAY,EAAE,0HAA0H;KACzI;IACD,oCAAoC;IACpC;QACE,IAAI,EAAE,gCAAgC;QACtC,OAAO,EAAE,0FAA0F;QACnG,QAAQ,EAAE,gBAAgB;QAC1B,YAAY,EAAE,UAAU;QACxB,WAAW,EAAE,kDAAkD;QAC/D,YAAY,EAAE,2FAA2F;KAC1G;IAED,4CAA4C;IAC5C;QACE,IAAI,EAAE,sBAAsB;QAC5B,OAAO,EAAE,yGAAyG;QAClH,QAAQ,EAAE,eAAe;QACzB,YAAY,EAAE,UAAU;QACxB,WAAW,EAAE,6GAA6G;QAC1H,YAAY,EAAE,8JAA8J;KAC7K;IACD;QACE,IAAI,EAAE,uBAAuB;QAC7B,OAAO,EAAE,6FAA6F;QACtG,QAAQ,EAAE,eAAe;QACzB,YAAY,EAAE,UAAU;QACxB,WAAW,EAAE,8DAA8D;QAC3E,YAAY,EAAE,2GAA2G;KAC1H;IACD;QACE,IAAI,EAAE,8BAA8B;QACpC,OAAO,EAAE,0HAA0H;QACnI,QAAQ,EAAE,eAAe;QACzB,YAAY,EAAE,UAAU;QACxB,WAAW,EAAE,2DAA2D;QACxE,YAAY,EAAE,2GAA2G;KAC1H;IACD;QACE,IAAI,EAAE,8BAA8B;QACpC,OAAO,EAAE,oFAAoF;QAC7F,QAAQ,EAAE,eAAe;QACzB,YAAY,EAAE,UAAU;QACxB,WAAW,EAAE,sDAAsD;QACnE,YAAY,EAAE,8EAA8E;KAC7F;IAED,0CAA0C;IAC1C;QACE,IAAI,EAAE,uBAAuB;QAC7B,OAAO,EAAE,6GAA6G;QACtH,QAAQ,EAAE,aAAa;QACvB,YAAY,EAAE,UAAU;QACxB,WAAW,EAAE,6FAA6F;QAC1G,YAAY,EAAE,sIAAsI;KACrJ;IACD;QACE,IAAI,EAAE,4BAA4B;QAClC,OAAO,EAAE,4FAA4F;QACrG,QAAQ,EAAE,aAAa;QACvB,YAAY,EAAE,UAAU;QACxB,WAAW,EAAE,kDAAkD;QAC/D,YAAY,EAAE,4HAA4H;KAC3I;IACD;QACE,IAAI,EAAE,qBAAqB;QAC3B,OAAO,EAAE,4EAA4E;QACrF,QAAQ,EAAE,aAAa;QACvB,YAAY,EAAE,UAAU;QACxB,WAAW,EAAE,wCAAwC;QACrD,YAAY,EAAE,2FAA2F;KAC1G;IAED,2CAA2C;IAC3C;QACE,IAAI,EAAE,yBAAyB;QAC/B,OAAO,EAAE,4GAA4G;QACrH,QAAQ,EAAE,iBAAiB;QAC3B,YAAY,EAAE,MAAM;QACpB,WAAW,EAAE,kGAAkG;QAC/G,YAAY,EAAE,4HAA4H;KAC3I;IACD;QACE,IAAI,EAAE,uCAAuC;QAC7C,OAAO,EAAE,2GAA2G;QACpH,QAAQ,EAAE,iBAAiB;QAC3B,YAAY,EAAE,MAAM;QACpB,WAAW,EAAE,wEAAwE;QACrF,YAAY,EAAE,4FAA4F;KAC3G;IACD;QACE,IAAI,EAAE,8BAA8B;QACpC,OAAO,EAAE,gFAAgF;QACzF,QAAQ,EAAE,iBAAiB;QAC3B,YAAY,EAAE,MAAM;QACpB,WAAW,EAAE,iEAAiE;QAC9E,YAAY,EAAE,mGAAmG;KAClH;IAED,8CAA8C;IAC9C;QACE,IAAI,EAAE,yBAAyB;QAC/B,OAAO,EAAE,6LAA6L;QACtM,QAAQ,EAAE,gBAAgB,EAAE,oCAAoC;QAChE,YAAY,EAAE,UAAU;QACxB,WAAW,EAAE,uHAAuH;QACpI,YAAY,EAAE,wLAAwL;KACvM;IACD;QACE,IAAI,EAAE,4BAA4B;QAClC,OAAO,EAAE,8HAA8H;QACvI,QAAQ,EAAE,gBAAgB;QAC1B,YAAY,EAAE,UAAU;QACxB,WAAW,EAAE,kGAAkG;QAC/G,YAAY,EAAE,uHAAuH;KACtI;IACD;QACE,IAAI,EAAE,yBAAyB;QAC/B,OAAO,EAAE,4HAA4H;QACrI,QAAQ,EAAE,gBAAgB;QAC1B,YAAY,EAAE,MAAM;QACpB,WAAW,EAAE,qFAAqF;QAClG,YAAY,EAAE,8JAA8J;KAC7K;IAED,iDAAiD;IACjD;QACE,IAAI,EAAE,8BAA8B;QACpC,OAAO,EAAE,2FAA2F;QACpG,QAAQ,EAAE,gBAAgB;QAC1B,YAAY,EAAE,UAAU;QACxB,WAAW,EAAE,+FAA+F;QAC5G,YAAY,EAAE,0KAA0K;KACzL;IACD;QACE,IAAI,EAAE,yBAAyB;QAC/B,OAAO,EAAE,4FAA4F;QACrG,QAAQ,EAAE,gBAAgB;QAC1B,YAAY,EAAE,UAAU;QACxB,WAAW,EAAE,yFAAyF;QACtG,YAAY,EAAE,+GAA+G;KAC9H;IACD;QACE,IAAI,EAAE,iCAAiC;QACvC,OAAO,EAAE,sGAAsG;QAC/G,QAAQ,EAAE,gBAAgB;QAC1B,YAAY,EAAE,MAAM;QACpB,WAAW,EAAE,wHAAwH;QACrI,YAAY,EAAE,2DAA2D;KAC1E;CACF,CAAA;AAED,+EAA+E;AAC/E,0BAA0B;AAC1B,+EAA+E;AAE/E;;GAEG;AACH,SAAS,qBAAqB,CAAC,OAAe,EAAE,SAAiB,EAAE,aAAqB,EAAE;IACxF,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAA;IACjC,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,SAAS,GAAG,UAAU,CAAC,CAAA;IACjD,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,EAAE,SAAS,GAAG,UAAU,CAAC,CAAA;IAC1D,OAAO,KAAK,CAAC,KAAK,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;AAC3C,CAAC;AAED;;GAEG;AACH,SAAS,iBAAiB,CACxB,YAAmC,EACnC,QAAkB,EAClB,WAAoB,EACpB,aAAsB,EACtB,UAAmB,EACnB,YAAqB,KAAK,EAC1B,YAAqB,KAAK;IAE1B,IAAI,QAAQ,GAAG,YAAY,CAAA;IAE3B,uCAAuC;IACvC,IAAI,UAAU,EAAE,CAAC;QACf,OAAO,MAAM,CAAA;IACf,CAAC;IAED,oDAAoD;IACpD,IAAI,SAAS,EAAE,CAAC;QACd,OAAO,MAAM,CAAA;IACf,CAAC;IAED,4DAA4D;IAC5D,IAAI,SAAS,EAAE,CAAC;QACd,OAAO,MAAM,CAAA;IACf,CAAC;IAED,0DAA0D;IAC1D,IAAI,WAAW,EAAE,CAAC;QAChB,IAAI,QAAQ,KAAK,gBAAgB,EAAE,CAAC;YAClC,QAAQ,GAAG,aAAa,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,QAAQ,CAAA;QAC7C,CAAC;aAAM,CAAC;YACN,yCAAyC;YACzC,QAAQ,GAAG,aAAa,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAA;QAC9C,CAAC;IACH,CAAC;SAAM,IAAI,aAAa,EAAE,CAAC;QACzB,oDAAoD;QACpD,IAAI,YAAY,KAAK,UAAU,EAAE,CAAC;YAChC,QAAQ,GAAG,MAAM,CAAA;QACnB,CAAC;aAAM,IAAI,YAAY,KAAK,MAAM,EAAE,CAAC;YACnC,QAAQ,GAAG,QAAQ,CAAA;QACrB,CAAC;IACH,CAAC;IAED,OAAO,QAAQ,CAAA;AACjB,CAAC;AAED;;GAEG;AACH,SAAgB,sBAAsB,CACpC,OAAe,EACf,QAAgB;IAEhB,MAAM,eAAe,GAAoB,EAAE,CAAA;IAE3C,4BAA4B;IAC5B,IAAI,IAAA,wCAAsB,EAAC,QAAQ,CAAC;QAAE,OAAO,eAAe,CAAA;IAE5D,0DAA0D;IAC1D,gEAAgE;IAChE,MAAM,SAAS,GAAG,IAAA,oCAAgB,EAAC,QAAQ,EAAE,OAAO,CAAC,CAAA;IACrD,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAA;IACjC,MAAM,UAAU,GAAG,IAAA,kCAAgB,EAAC,QAAQ,CAAC,CAAA;IAC7C,MAAM,SAAS,GAAG,IAAA,oCAAkB,EAAC,QAAQ,CAAC,CAAA;IAC9C,MAAM,SAAS,GAAG,IAAA,+BAAa,EAAC,QAAQ,CAAC,CAAA;IAEzC,KAAK,MAAM,OAAO,IAAI,uBAAuB,EAAE,CAAC;QAC9C,MAAM,KAAK,GAAG,IAAI,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,MAAM,EAAE,OAAO,CAAC,OAAO,CAAC,KAAK,CAAC,CAAA;QACvE,IAAI,KAAK,CAAA;QAET,OAAO,CAAC,KAAK,GAAG,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;YAC9C,MAAM,UAAU,GAAG,OAAO,CAAC,SAAS,CAAC,CAAC,EAAE,KAAK,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,MAAM,CAAA;YACvE,MAAM,WAAW,GAAG,KAAK,CAAC,UAAU,GAAG,CAAC,CAAC,EAAE,IAAI,EAAE,IAAI,EAAE,CAAA;YAEvD,gBAAgB;YAChB,IAAI,IAAA,2BAAS,EAAC,WAAW,CAAC;gBAAE,SAAQ;YAEpC,MAAM,kBAAkB,GAAG,qBAAqB,CAAC,OAAO,EAAE,UAAU,GAAG,CAAC,CAAC,CAAA;YAEzE,8CAA8C;YAC9C,MAAM,aAAa,GAAG,SAAS,IAAI,qBAAqB,CAAC,WAAW,EAAE,kBAAkB,CAAC,CAAA;YAEzF,qCAAqC;YAErC,8EAA8E;YAC9E,iDAAiD;YACjD,IAAI,sBAAsB,CAAC,WAAW,EAAE,kBAAkB,CAAC,EAAE,CAAC;gBAC5D,SAAQ;YACV,CAAC;YAED,gEAAgE;YAChE,8DAA8D;YAC9D,IAAI,sBAAsB,CAAC,WAAW,EAAE,kBAAkB,CAAC,EAAE,CAAC;gBAC5D,SAAQ;YACV,CAAC;YAED,6CAA6C;YAC7C,IAAI,CAAC,aAAa,EAAE,CAAC;gBACnB,sDAAsD;gBACtD,MAAM,SAAS,GAAG,KAAK,CAAC,CAAC,CAAC,CAAA;gBAC1B,MAAM,aAAa,GAAG,SAAS,CAAC,KAAK,CAAC,8EAA8E,CAAC,CAAA;gBACrH,IAAI,CAAC,aAAa;oBAAE,SAAQ;gBAE5B,6CAA6C;gBAC7C,IAAI,aAAa,CAAC,WAAW,EAAE,kBAAkB,CAAC;oBAAE,SAAQ;YAC9D,CAAC;YAED,sCAAsC;YACtC,MAAM,WAAW,GAAG,oBAAoB,CAAC,OAAO,EAAE,UAAU,CAAC,CAAA;YAC7D,MAAM,aAAa,GAAG,mBAAmB,CAAC,OAAO,EAAE,UAAU,CAAC,CAAA;YAE9D,2BAA2B;YAC3B,MAAM,QAAQ,GAAG,iBAAiB,CAChC,OAAO,CAAC,YAAY,EACpB,OAAO,CAAC,QAAQ,EAChB,WAAW,EACX,aAAa,EACb,UAAU,EACV,SAAS,EACT,SAAS,CACV,CAAA;YAED,iCAAiC;YACjC,IAAI,WAAW,GAAG,OAAO,CAAC,WAAW,CAAA;YACrC,IAAI,WAAW,EAAE,CAAC;gBAChB,WAAW,IAAI,gDAAgD,CAAA;YACjE,CAAC;YACD,IAAI,aAAa,EAAE,CAAC;gBAClB,WAAW,IAAI,qCAAqC,CAAA;YACtD,CAAC;YACD,IAAI,UAAU,EAAE,CAAC;gBACf,WAAW,IAAI,kBAAkB,CAAA;YACnC,CAAC;iBAAM,IAAI,SAAS,EAAE,CAAC;gBACrB,WAAW,IAAI,+CAA+C,CAAA;YAChE,CAAC;iBAAM,IAAI,SAAS,EAAE,CAAC;gBACrB,WAAW,IAAI,+CAA+C,CAAA;YAChE,CAAC;YAED,mDAAmD;YACnD,IAAI,QAAQ,KAAK,MAAM,IAAI,CAAC,SAAS;gBAAE,SAAQ;YAE/C,eAAe,CAAC,IAAI,CAAC;gBACnB,EAAE,EAAE,WAAW,QAAQ,IAAI,UAAU,IAAI,OAAO,CAAC,QAAQ,EAAE;gBAC3D,QAAQ;gBACR,UAAU;gBACV,WAAW;gBACX,QAAQ;gBACR,QAAQ,EAAE,qBAAqB;gBAC/B,KAAK,EAAE,OAAO,CAAC,IAAI;gBACnB,WAAW;gBACX,YAAY,EAAE,OAAO,CAAC,YAAY;gBAClC,UAAU,EAAE,aAAa,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,QAAQ;gBAC7C,KAAK,EAAE,CAAC;gBACR,oBAAoB,EAAE,QAAQ,KAAK,MAAM,IAAI,QAAQ,KAAK,KAAK;aAChE,CAAC,CAAA;QACJ,CAAC;IACH,CAAC;IAED,OAAO,eAAe,CAAA;AACxB,CAAC"}
+{"version":3,"file":"ai-execution-sinks.js","sourceRoot":"","sources":["../../src/layer2/ai-execution-sinks.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;GAWG;;AAm3BH,wDAqLC;AAriCD,8DAMiC;AACjC,2DAAsD;AAEtD,+EAA+E;AAC/E,gCAAgC;AAChC,+EAA+E;AAE/E;;GAEG;AACH,SAAS,qBAAqB,CAAC,WAAmB,EAAE,kBAA0B;IAC5E,MAAM,mBAAmB,GAAG;QAC1B,mCAAmC,EAAM,kBAAkB;QAC3D,uBAAuB,EAAmB,qBAAqB;QAC/D,mBAAmB,EAAwB,qBAAqB;QAChE,kBAAkB,EAAyB,eAAe;QAC1D,qDAAqD,EAAE,WAAW;QAClE,sBAAsB,EAAqB,uBAAuB;KACnE,CAAA;IAED,MAAM,WAAW,GAAG,WAAW,GAAG,IAAI,GAAG,kBAAkB,CAAA;IAC3D,OAAO,mBAAmB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,CAAA;AAC3D,CAAC;AAED,+EAA+E;AAC/E,sEAAsE;AACtE,+EAA+E;AAE/E;;;GAGG;AACH,SAAS,sBAAsB,CAAC,WAAmB,EAAE,kBAA0B;IAC7E,MAAM,WAAW,GAAG,WAAW,GAAG,IAAI,GAAG,kBAAkB,CAAA;IAE3D,4EAA4E;IAC5E,gFAAgF;IAChF,MAAM,oBAAoB,GAAG;QAC3B,wEAAwE;QACxE,uFAAuF;QACvF,+EAA+E;QAC/E,kCAAkC,EAAG,2CAA2C;QAChF,eAAe;QACf,oBAAoB;QACpB,iBAAiB;QACjB,kBAAkB;QAClB,0BAA0B;QAC1B,uCAAuC;QACvC,sBAAsB;QACtB,gCAAgC;QAChC,qBAAqB,EAAG,yCAAyC;KAClE,CAAA;IAED,yDAAyD;IACzD,MAAM,uBAAuB,GAAG;QAC9B,eAAe;QACf,iBAAiB;QACjB,aAAa;QACb,eAAe;QACf,WAAW;QACX,aAAa;QACb,SAAS;QACT,cAAc;QACd,gBAAgB;QAChB,YAAY;QACZ,aAAa;QACb,YAAY;QACZ,aAAa;QACb,UAAU;QACV,kBAAkB;QAClB,mBAAmB;QACnB,gBAAgB;QAChB,aAAa;KACd,CAAA;IAED,gEAAgE;IAChE,MAAM,gBAAgB,GAAG,oBAAoB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,CAAA;IAC5E,MAAM,uBAAuB,GAAG,uBAAuB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,CAAA;IAEtF,OAAO,gBAAgB,IAAI,CAAC,uBAAuB,CAAA;AACrD,CAAC;AAED;;;GAGG;AACH,SAAS,sBAAsB,CAAC,WAAmB,EAAE,kBAA0B;IAC7E,MAAM,WAAW,GAAG,WAAW,GAAG,IAAI,GAAG,kBAAkB,CAAA;IAE3D,4EAA4E;IAC5E,MAAM,eAAe,GAAG;QACtB,oCAAoC;QACpC,gFAAgF;QAChF,sBAAsB;QACtB,uEAAuE;QACvE,kBAAkB;QAClB,sDAAsD;QACtD,0BAA0B;QAC1B,iDAAiD;QACjD,qDAAqD;KACtD,CAAA;IAED,qDAAqD;IACrD,MAAM,iBAAiB,GAAG;QACxB,uEAAuE;QACvE,2DAA2D;QAC3D,iBAAiB;QACjB,uBAAuB;KACxB,CAAA;IAED,MAAM,SAAS,GAAG,eAAe,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,CAAA;IAChE,MAAM,WAAW,GAAG,iBAAiB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,CAAA;IAEpE,OAAO,SAAS,IAAI,CAAC,WAAW,CAAA;AAClC,CAAC;AAED,+EAA+E;AAC/E,mCAAmC;AACnC,+EAA+E;AAE/E;;GAEG;AACH,SAAS,oBAAoB,CAAC,OAAe,EAAE,UAAkB;IAC/D,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAA;IACjC,MAAM,YAAY,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,UAAU,GAAG,EAAE,CAAC,CAAA;IACjD,MAAM,UAAU,GAAG,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,EAAE,UAAU,GAAG,EAAE,CAAC,CAAA;IAC1D,MAAM,OAAO,GAAG,KAAK,CAAC,KAAK,CAAC,YAAY,EAAE,UAAU,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;IAEhE,MAAM,eAAe,GAAG;QACtB,MAAM;QACN,cAAc;QACd,WAAW;QACX,YAAY;QACZ,UAAU;QACV,+BAA+B;QAC/B,4BAA4B;QAC5B,iBAAiB;QACjB,iBAAiB;QACjB,UAAU;QACV,YAAY;QACZ,kBAAkB;KACnB,CAAA;IAED,OAAO,eAAe,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAA;AACnD,CAAC;AAED;;GAEG;AACH,SAAS,mBAAmB,CAAC,OAAe,EAAE,UAAkB;IAC9D,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAA;IACjC,MAAM,YAAY,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,UAAU,GAAG,EAAE,CAAC,CAAA;IACjD,MAAM,UAAU,GAAG,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,EAAE,UAAU,GAAG,CAAC,CAAC,CAAA;IACzD,MAAM,OAAO,GAAG,KAAK,CAAC,KAAK,CAAC,YAAY,EAAE,UAAU,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;IAEhE,MAAM,kBAAkB,GAAG;QACzB,WAAW;QACX,WAAW;QACX,SAAS;QACT,2CAA2C,EAAG,oCAAoC;QAClF,eAAe;QACf,WAAW;QACX,eAAe;QACf,YAAY;QACZ,YAAY;QACZ,YAAY;QACZ,YAAY;QACZ,sEAAsE,EAAG,2BAA2B;QACpG,qBAAqB;QACrB,YAAY;QACZ,MAAM;QACN,qBAAqB;QACrB,mCAAmC,EAAG,sDAAsD;QAC5F,kBAAkB,EAAG,gDAAgD;QACrE,gBAAgB,EAAG,sCAAsC;QACzD,oBAAoB,EAAG,mBAAmB;QAC1C,iCAAiC,EAAG,oBAAoB;QACxD,oCAAoC,EAAG,qBAAqB;QAC5D,6BAA6B,EAAG,mBAAmB;QACnD,4BAA4B,EAAG,kBAAkB;KAClD,CAAA;IAED,OAAO,kBAAkB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAA;AACtD,CAAC;AAED;;GAEG;AACH,SAAS,aAAa,CAAC,WAAmB,EAAE,kBAA0B;IACpE,MAAM,eAAe,GAAG;QACtB,iCAAiC;QACjC,kBAAkB;QAClB,gBAAgB;QAChB,aAAa;QACb,oBAAoB;QACpB,aAAa;QACb,mBAAmB;QACnB,cAAc;QACd,cAAc;QACd,sBAAsB;KACvB,CAAA;IAED,MAAM,WAAW,GAAG,WAAW,GAAG,IAAI,GAAG,kBAAkB,CAAA;IAC3D,OAAO,eAAe,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,CAAA;AACvD,CAAC;AAiBD,MAAM,uBAAuB,GAA2B;IACtD,6CAA6C;IAC7C;QACE,IAAI,EAAE,sBAAsB;QAC5B,OAAO,EAAE,4HAA4H;QACrI,QAAQ,EAAE,gBAAgB;QAC1B,YAAY,EAAE,UAAU;QACxB,WAAW,EAAE,iIAAiI;QAC9I,YAAY,EAAE,6KAA6K;KAC5L;IACD;QACE,IAAI,EAAE,oCAAoC;QAC1C,OAAO,EAAE,kGAAkG;QAC3G,QAAQ,EAAE,gBAAgB;QAC1B,YAAY,EAAE,UAAU;QACxB,WAAW,EAAE,8EAA8E;QAC3F,YAAY,EAAE,8FAA8F;KAC7G;IACD;QACE,IAAI,EAAE,+BAA+B;QACrC,OAAO,EAAE,wGAAwG;QACjH,QAAQ,EAAE,gBAAgB;QAC1B,YAAY,EAAE,MAAM;QACpB,WAAW,EAAE,sGAAsG;QACnH,YAAY,EAAE,0HAA0H;KACzI;IACD,oCAAoC;IACpC;QACE,IAAI,EAAE,gCAAgC;QACtC,OAAO,EAAE,0FAA0F;QACnG,QAAQ,EAAE,gBAAgB;QAC1B,YAAY,EAAE,UAAU;QACxB,WAAW,EAAE,kDAAkD;QAC/D,YAAY,EAAE,2FAA2F;KAC1G;IAED,4CAA4C;IAC5C;QACE,IAAI,EAAE,sBAAsB;QAC5B,OAAO,EAAE,yGAAyG;QAClH,QAAQ,EAAE,eAAe;QACzB,YAAY,EAAE,UAAU;QACxB,WAAW,EAAE,6GAA6G;QAC1H,YAAY,EAAE,8JAA8J;KAC7K;IACD;QACE,IAAI,EAAE,uBAAuB;QAC7B,OAAO,EAAE,6FAA6F;QACtG,QAAQ,EAAE,eAAe;QACzB,YAAY,EAAE,UAAU;QACxB,WAAW,EAAE,8DAA8D;QAC3E,YAAY,EAAE,2GAA2G;KAC1H;IACD;QACE,IAAI,EAAE,8BAA8B;QACpC,OAAO,EAAE,0HAA0H;QACnI,QAAQ,EAAE,eAAe;QACzB,YAAY,EAAE,UAAU;QACxB,WAAW,EAAE,2DAA2D;QACxE,YAAY,EAAE,2GAA2G;KAC1H;IACD;QACE,IAAI,EAAE,8BAA8B;QACpC,OAAO,EAAE,oFAAoF;QAC7F,QAAQ,EAAE,eAAe;QACzB,YAAY,EAAE,UAAU;QACxB,WAAW,EAAE,sDAAsD;QACnE,YAAY,EAAE,8EAA8E;KAC7F;IAED,0CAA0C;IAC1C;QACE,IAAI,EAAE,uBAAuB;QAC7B,OAAO,EAAE,6GAA6G;QACtH,QAAQ,EAAE,aAAa;QACvB,YAAY,EAAE,UAAU;QACxB,WAAW,EAAE,6FAA6F;QAC1G,YAAY,EAAE,sIAAsI;KACrJ;IACD;QACE,IAAI,EAAE,4BAA4B;QAClC,OAAO,EAAE,4FAA4F;QACrG,QAAQ,EAAE,aAAa;QACvB,YAAY,EAAE,UAAU;QACxB,WAAW,EAAE,kDAAkD;QAC/D,YAAY,EAAE,4HAA4H;KAC3I;IACD;QACE,IAAI,EAAE,qBAAqB;QAC3B,OAAO,EAAE,4EAA4E;QACrF,QAAQ,EAAE,aAAa;QACvB,YAAY,EAAE,UAAU;QACxB,WAAW,EAAE,wCAAwC;QACrD,YAAY,EAAE,2FAA2F;KAC1G;IAED,2CAA2C;IAC3C;QACE,IAAI,EAAE,yBAAyB;QAC/B,OAAO,EAAE,sHAAsH;QAC/H,QAAQ,EAAE,iBAAiB;QAC3B,YAAY,EAAE,MAAM;QACpB,WAAW,EAAE,kGAAkG;QAC/G,YAAY,EAAE,4HAA4H;KAC3I;IACD;QACE,IAAI,EAAE,yBAAyB;QAC/B,OAAO,EAAE,sHAAsH;QAC/H,QAAQ,EAAE,iBAAiB;QAC3B,YAAY,EAAE,MAAM;QACpB,WAAW,EAAE,oFAAoF;QACjG,YAAY,EAAE,gFAAgF;KAC/F;IACD;QACE,IAAI,EAAE,kCAAkC;QACxC,OAAO,EAAE,qGAAqG;QAC9G,QAAQ,EAAE,iBAAiB;QAC3B,YAAY,EAAE,MAAM;QACpB,WAAW,EAAE,gFAAgF;QAC7F,YAAY,EAAE,sIAAsI;KACrJ;IACD;QACE,IAAI,EAAE,uCAAuC;QAC7C,OAAO,EAAE,2GAA2G;QACpH,QAAQ,EAAE,iBAAiB;QAC3B,YAAY,EAAE,MAAM;QACpB,WAAW,EAAE,wEAAwE;QACrF,YAAY,EAAE,4FAA4F;KAC3G;IACD;QACE,IAAI,EAAE,8BAA8B;QACpC,OAAO,EAAE,gFAAgF;QACzF,QAAQ,EAAE,iBAAiB;QAC3B,YAAY,EAAE,MAAM;QACpB,WAAW,EAAE,iEAAiE;QAC9E,YAAY,EAAE,mGAAmG;KAClH;IAED,8CAA8C;IAC9C;QACE,IAAI,EAAE,yBAAyB;QAC/B,OAAO,EAAE,6LAA6L;QACtM,QAAQ,EAAE,gBAAgB,EAAE,oCAAoC;QAChE,YAAY,EAAE,UAAU;QACxB,WAAW,EAAE,uHAAuH;QACpI,YAAY,EAAE,wLAAwL;KACvM;IACD;QACE,IAAI,EAAE,4BAA4B;QAClC,OAAO,EAAE,8HAA8H;QACvI,QAAQ,EAAE,gBAAgB;QAC1B,YAAY,EAAE,UAAU;QACxB,WAAW,EAAE,kGAAkG;QAC/G,YAAY,EAAE,uHAAuH;KACtI;IACD;QACE,IAAI,EAAE,yBAAyB;QAC/B,OAAO,EAAE,4HAA4H;QACrI,QAAQ,EAAE,gBAAgB;QAC1B,YAAY,EAAE,MAAM;QACpB,WAAW,EAAE,qFAAqF;QAClG,YAAY,EAAE,8JAA8J;KAC7K;IAED,iDAAiD;IACjD;QACE,IAAI,EAAE,8BAA8B;QACpC,OAAO,EAAE,2FAA2F;QACpG,QAAQ,EAAE,gBAAgB;QAC1B,YAAY,EAAE,UAAU;QACxB,WAAW,EAAE,+FAA+F;QAC5G,YAAY,EAAE,0KAA0K;KACzL;IACD;QACE,IAAI,EAAE,yBAAyB;QAC/B,OAAO,EAAE,4FAA4F;QACrG,QAAQ,EAAE,gBAAgB;QAC1B,YAAY,EAAE,UAAU;QACxB,WAAW,EAAE,yFAAyF;QACtG,YAAY,EAAE,+GAA+G;KAC9H;IACD;QACE,IAAI,EAAE,iCAAiC;QACvC,OAAO,EAAE,sGAAsG;QAC/G,QAAQ,EAAE,gBAAgB;QAC1B,YAAY,EAAE,MAAM;QACpB,WAAW,EAAE,wHAAwH;QACrI,YAAY,EAAE,2DAA2D;KAC1E;IAED,oDAAoD;IACpD;QACE,IAAI,EAAE,yBAAyB;QAC/B,OAAO,EAAE,yIAAyI;QAClJ,QAAQ,EAAE,gBAAgB,EAAE,0BAA0B;QACtD,YAAY,EAAE,UAAU;QACxB,WAAW,EAAE,qKAAqK;QAClL,YAAY,EAAE,gJAAgJ;KAC/J;IACD;QACE,IAAI,EAAE,6BAA6B;QACnC,OAAO,EAAE,sKAAsK;QAC/K,QAAQ,EAAE,gBAAgB;QAC1B,YAAY,EAAE,UAAU;QACxB,WAAW,EAAE,mIAAmI;QAChJ,YAAY,EAAE,sGAAsG;KACrH;IACD;QACE,IAAI,EAAE,4BAA4B;QAClC,OAAO,EAAE,uFAAuF;QAChG,QAAQ,EAAE,gBAAgB;QAC1B,YAAY,EAAE,UAAU;QACxB,WAAW,EAAE,gEAAgE;QAC7E,YAAY,EAAE,8DAA8D;KAC7E;IACD;QACE,IAAI,EAAE,2BAA2B;QACjC,OAAO,EAAE,wJAAwJ;QACjK,QAAQ,EAAE,gBAAgB;QAC1B,YAAY,EAAE,UAAU;QACxB,WAAW,EAAE,kFAAkF;QAC/F,YAAY,EAAE,gIAAgI;KAC/I;IAED,gDAAgD;IAChD;QACE,IAAI,EAAE,+BAA+B;QACrC,OAAO,EAAE,oJAAoJ;QAC7J,QAAQ,EAAE,iBAAiB,EAAE,kCAAkC;QAC/D,YAAY,EAAE,MAAM;QACpB,WAAW,EAAE,6HAA6H;QAC1I,YAAY,EAAE,uIAAuI;KACtJ;IACD;QACE,IAAI,EAAE,0CAA0C;QAChD,OAAO,EAAE,oJAAoJ;QAC7J,QAAQ,EAAE,iBAAiB;QAC3B,YAAY,EAAE,MAAM;QACpB,WAAW,EAAE,4EAA4E;QACzF,YAAY,EAAE,kKAAkK;KACjL;IACD;QACE,IAAI,EAAE,+BAA+B;QACrC,OAAO,EAAE,0IAA0I;QACnJ,QAAQ,EAAE,iBAAiB;QAC3B,YAAY,EAAE,MAAM;QACpB,WAAW,EAAE,8EAA8E;QAC3F,YAAY,EAAE,gFAAgF;KAC/F;IACD;QACE,IAAI,EAAE,gCAAgC;QACtC,OAAO,EAAE,2IAA2I;QACpJ,QAAQ,EAAE,iBAAiB;QAC3B,YAAY,EAAE,MAAM;QACpB,WAAW,EAAE,+EAA+E;QAC5F,YAAY,EAAE,gFAAgF;KAC/F;IACD;QACE,IAAI,EAAE,gCAAgC;QACtC,OAAO,EAAE,kIAAkI;QAC3I,QAAQ,EAAE,iBAAiB;QAC3B,YAAY,EAAE,MAAM;QACpB,WAAW,EAAE,+EAA+E;QAC5F,YAAY,EAAE,gFAAgF;KAC/F;IACD;QACE,IAAI,EAAE,4BAA4B;QAClC,OAAO,EAAE,oIAAoI;QAC7I,QAAQ,EAAE,iBAAiB;QAC3B,YAAY,EAAE,MAAM;QACpB,WAAW,EAAE,oEAAoE;QACjF,YAAY,EAAE,8FAA8F;KAC7G;IAED,wDAAwD;IACxD;QACE,IAAI,EAAE,+BAA+B;QACrC,OAAO,EAAE,8KAA8K;QACvL,QAAQ,EAAE,iBAAiB;QAC3B,YAAY,EAAE,MAAM;QACpB,WAAW,EAAE,sHAAsH;QACnI,YAAY,EAAE,4KAA4K;KAC3L;IACD;QACE,IAAI,EAAE,sBAAsB;QAC5B,OAAO,EAAE,kKAAkK;QAC3K,QAAQ,EAAE,iBAAiB;QAC3B,YAAY,EAAE,MAAM;QACpB,WAAW,EAAE,8FAA8F;QAC3G,YAAY,EAAE,gIAAgI;KAC/I;IACD;QACE,IAAI,EAAE,wBAAwB;QAC9B,OAAO,EAAE,6HAA6H;QACtI,QAAQ,EAAE,iBAAiB;QAC3B,YAAY,EAAE,MAAM;QACpB,WAAW,EAAE,mFAAmF;QAChG,YAAY,EAAE,+GAA+G;KAC9H;IAED,iEAAiE;IACjE;QACE,IAAI,EAAE,6CAA6C;QACnD,OAAO,EAAE,iIAAiI;QAC1I,QAAQ,EAAE,gBAAgB;QAC1B,YAAY,EAAE,MAAM;QACpB,WAAW,EAAE,8GAA8G;QAC3H,YAAY,EAAE,0GAA0G;KACzH;IACD;QACE,IAAI,EAAE,+BAA+B;QACrC,OAAO,EAAE,gJAAgJ;QACzJ,QAAQ,EAAE,gBAAgB;QAC1B,YAAY,EAAE,UAAU;QACxB,WAAW,EAAE,wHAAwH;QACrI,YAAY,EAAE,gEAAgE;KAC/E;IACD;QACE,IAAI,EAAE,qBAAqB;QAC3B,OAAO,EAAE,4GAA4G;QACrH,QAAQ,EAAE,eAAe;QACzB,YAAY,EAAE,UAAU;QACxB,WAAW,EAAE,+EAA+E;QAC5F,YAAY,EAAE,iFAAiF;KAChG;IAED,uDAAuD;IACvD;QACE,IAAI,EAAE,2BAA2B;QACjC,OAAO,EAAE,oJAAoJ;QAC7J,QAAQ,EAAE,gBAAgB;QAC1B,YAAY,EAAE,UAAU;QACxB,WAAW,EAAE,8EAA8E;QAC3F,YAAY,EAAE,sHAAsH;KACrI;IACD;QACE,IAAI,EAAE,2BAA2B;QACjC,OAAO,EAAE,+IAA+I;QACxJ,QAAQ,EAAE,gBAAgB;QAC1B,YAAY,EAAE,UAAU;QACxB,WAAW,EAAE,8EAA8E;QAC3F,YAAY,EAAE,wEAAwE;KACvF;IACD;QACE,IAAI,EAAE,4BAA4B;QAClC,OAAO,EAAE,4GAA4G;QACrH,QAAQ,EAAE,gBAAgB;QAC1B,YAAY,EAAE,UAAU;QACxB,WAAW,EAAE,gGAAgG;QAC7G,YAAY,EAAE,8EAA8E;KAC7F;IACD;QACE,IAAI,EAAE,0CAA0C;QAChD,OAAO,EAAE,kJAAkJ;QAC3J,QAAQ,EAAE,eAAe;QACzB,YAAY,EAAE,UAAU;QACxB,WAAW,EAAE,uFAAuF;QACpG,YAAY,EAAE,qGAAqG;KACpH;IACD;QACE,IAAI,EAAE,yBAAyB;QAC/B,OAAO,EAAE,yGAAyG;QAClH,QAAQ,EAAE,eAAe;QACzB,YAAY,EAAE,UAAU;QACxB,WAAW,EAAE,wEAAwE;QACrF,YAAY,EAAE,iGAAiG;KAChH;IACD;QACE,IAAI,EAAE,+BAA+B;QACrC,OAAO,EAAE,2EAA2E;QACpF,QAAQ,EAAE,aAAa;QACvB,YAAY,EAAE,UAAU;QACxB,WAAW,EAAE,qFAAqF;QAClG,YAAY,EAAE,0FAA0F;KACzG;CACF,CAAA;AAED,+EAA+E;AAC/E,4CAA4C;AAC5C,+EAA+E;AAE/E;;;;GAIG;AACH,SAAS,qBAAqB,CAAC,OAAe,EAAE,UAAkB;IAChE,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAA;IACjC,MAAM,YAAY,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,UAAU,GAAG,EAAE,CAAC,CAAA;IACjD,MAAM,UAAU,GAAG,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,EAAE,UAAU,GAAG,CAAC,CAAC,CAAA;IACzD,MAAM,OAAO,GAAG,KAAK,CAAC,KAAK,CAAC,YAAY,EAAE,UAAU,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;IAEhE,oCAAoC;IACpC,MAAM,wBAAwB,GAAG;QAC/B,+CAA+C,EAAG,2BAA2B;QAC7E,6BAA6B,EAAG,wBAAwB;QACxD,gCAAgC,EAAG,uBAAuB;QAC1D,yBAAyB,EAAG,2BAA2B;QACvD,wBAAwB,EAAG,8BAA8B;QACzD,yDAAyD,EAAG,oBAAoB;QAChF,0BAA0B,EAAG,oBAAoB;QACjD,kFAAkF,EAAG,4CAA4C;QACjI,6DAA6D,EAAG,0BAA0B;QAC1F,8BAA8B,EAAG,mBAAmB;QACpD,+BAA+B,EAAG,sBAAsB;KACzD,CAAA;IAED,IAAI,wBAAwB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,EAAE,CAAC;QACxD,OAAO,QAAQ,CAAA;IACjB,CAAC;IAED,uCAAuC;IACvC,MAAM,sBAAsB,GAAG;QAC7B,sCAAsC;QACtC,+CAA+C;QAC/C,sDAAsD;QACtD,sDAAsD;QACtD,iCAAiC;QACjC,wCAAwC;QACxC,gDAAgD;KACjD,CAAA;IAED,IAAI,sBAAsB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,EAAE,CAAC;QACtD,OAAO,MAAM,CAAA;IACf,CAAC;IAED,OAAO,MAAM,CAAA;AACf,CAAC;AAED;;GAEG;AACH,SAAS,gBAAgB,CAAC,OAAe,EAAE,UAAkB;IAC3D,OAAO,qBAAqB,CAAC,OAAO,EAAE,UAAU,CAAC,KAAK,MAAM,CAAA;AAC9D,CAAC;AAED;;GAEG;AACH,SAAS,cAAc,CAAC,WAAmB,EAAE,kBAA0B;IACrE,MAAM,WAAW,GAAG,WAAW,GAAG,IAAI,GAAG,kBAAkB,CAAA;IAE3D,MAAM,oBAAoB,GAAG;QAC3B,2BAA2B;QAC3B,oBAAoB;QACpB,WAAW;QACX,kBAAkB;QAClB,kBAAkB,EAAG,sBAAsB;QAC3C,gBAAgB,EAAK,oBAAoB;QACzC,gBAAgB,EAAK,qCAAqC;QAC1D,kBAAkB,EAAG,oBAAoB;KAC1C,CAAA;IAED,OAAO,oBAAoB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,CAAA;AAC5D,CAAC;AAED;;GAEG;AACH,SAAS,eAAe,CAAC,OAAe,EAAE,UAAkB;IAC1D,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAA;IACjC,MAAM,YAAY,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,UAAU,GAAG,EAAE,CAAC,CAAA;IACjD,MAAM,UAAU,GAAG,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,EAAE,UAAU,GAAG,CAAC,CAAC,CAAA;IACzD,MAAM,OAAO,GAAG,KAAK,CAAC,KAAK,CAAC,YAAY,EAAE,UAAU,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;IAEhE,MAAM,sBAAsB,GAAG;QAC7B,wCAAwC,EAAG,mCAAmC;QAC9E,4BAA4B,EAAG,+CAA+C;QAC9E,uBAAuB,EAAG,mCAAmC;QAC7D,sCAAsC,EAAG,yBAAyB;QAClE,mCAAmC,EAAG,sBAAsB;QAC5D,eAAe,EAAG,iBAAiB;QACnC,gBAAgB,EAAG,iCAAiC;QACpD,6BAA6B,EAAG,kCAAkC;QAClE,sBAAsB,EAAG,qCAAqC;QAC9D,iBAAiB,EAAG,wCAAwC;KAC7D,CAAA;IAED,OAAO,sBAAsB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAA;AAC1D,CAAC;AAED;;GAEG;AACH,SAAS,iBAAiB,CAAC,OAAe,EAAE,UAAkB;IAC5D,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAA;IACjC,MAAM,YAAY,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,UAAU,GAAG,EAAE,CAAC,CAAA;IACjD,MAAM,UAAU,GAAG,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,EAAE,UAAU,GAAG,CAAC,CAAC,CAAA;IACzD,MAAM,OAAO,GAAG,KAAK,CAAC,KAAK,CAAC,YAAY,EAAE,UAAU,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;IAEhE,MAAM,0BAA0B,GAAG;QACjC,gCAAgC,EAAG,eAAe;QAClD,oCAAoC,EAAG,yBAAyB;QAChE,8BAA8B,EAAG,yBAAyB;QAC1D,iDAAiD,EAAG,oBAAoB;QACxE,sCAAsC,EAAG,wBAAwB;QACjE,iBAAiB,EAAG,kCAAkC;QACtD,aAAa,EAAG,kBAAkB;QAClC,sBAAsB,EAAG,mCAAmC;KAC7D,CAAA;IAED,OAAO,0BAA0B,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAA;AAC9D,CAAC;AAED;;GAEG;AACH,SAAS,YAAY,CAAC,WAAmB,EAAE,kBAA0B;IACnE,MAAM,WAAW,GAAG,WAAW,GAAG,IAAI,GAAG,kBAAkB,CAAA;IAE3D,MAAM,kBAAkB,GAAG;QACzB,yBAAyB,EAAG,0BAA0B;QACtD,iCAAiC,EAAG,YAAY;QAChD,oDAAoD,EAAG,sBAAsB;QAC7E,kCAAkC,EAAG,gCAAgC;QACrE,cAAc,EAAG,8BAA8B;QAC/C,aAAa,EAAG,kCAAkC;QAClD,4BAA4B,EAAG,kCAAkC;QACjE,oBAAoB,EAAG,uBAAuB;KAC/C,CAAA;IAED,OAAO,kBAAkB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,CAAA;AAC1D,CAAC;AAED;;GAEG;AACH,SAAS,kBAAkB,CAAC,WAAmB,EAAE,kBAA0B;IACzE,MAAM,WAAW,GAAG,WAAW,GAAG,IAAI,GAAG,kBAAkB,CAAA;IAE3D,MAAM,qBAAqB,GAAG;QAC5B,8BAA8B,EAAG,mBAAmB;QACpD,cAAc,EAAG,uBAAuB;QACxC,gCAAgC,EAAG,yBAAyB;QAC5D,kDAAkD,EAAG,wBAAwB;QAC7E,qBAAqB,EAAG,wBAAwB;QAChD,oBAAoB,EAAG,uBAAuB;QAC9C,qDAAqD,EAAG,+BAA+B;QACvF,4BAA4B,EAAG,yCAAyC;KACzE,CAAA;IAED,OAAO,qBAAqB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,CAAA;AAC7D,CAAC;AAED;;GAEG;AACH,SAAS,kBAAkB,CAAC,OAAe,EAAE,UAAkB;IAC7D,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAA;IACjC,MAAM,YAAY,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,UAAU,GAAG,EAAE,CAAC,CAAA;IACjD,MAAM,UAAU,GAAG,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,EAAE,UAAU,GAAG,CAAC,CAAC,CAAA;IACzD,MAAM,OAAO,GAAG,KAAK,CAAC,KAAK,CAAC,YAAY,EAAE,UAAU,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;IAEhE,MAAM,sBAAsB,GAAG;QAC7B,6BAA6B,EAAG,qBAAqB;QACrD,kCAAkC,EAAG,2BAA2B;QAChE,iCAAiC,EAAG,oBAAoB;QACxD,iCAAiC,EAAG,yCAAyC;QAC7E,kCAAkC,EAAG,sBAAsB;QAC3D,gBAAgB,EAAG,wBAAwB;KAC5C,CAAA;IAED,OAAO,sBAAsB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAA;AAC1D,CAAC;AAED;;GAEG;AACH,SAAS,mBAAmB,CAAC,OAAe,EAAE,UAAkB;IAC9D,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAA;IACjC,MAAM,YAAY,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,UAAU,GAAG,EAAE,CAAC,CAAA;IACjD,MAAM,UAAU,GAAG,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,EAAE,UAAU,GAAG,CAAC,CAAC,CAAA;IACzD,MAAM,OAAO,GAAG,KAAK,CAAC,KAAK,CAAC,YAAY,EAAE,UAAU,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;IAEhE,MAAM,uBAAuB,GAAG;QAC9B,yBAAyB,EAAG,mBAAmB;QAC/C,mBAAmB,EAAG,oBAAoB;QAC1C,iBAAiB,EAAG,mBAAmB;QACvC,mCAAmC,EAAG,oBAAoB;QAC1D,qBAAqB,EAAG,yCAAyC;QACjE,mBAAmB,EAAG,oDAAoD;KAC3E,CAAA;IAED,OAAO,uBAAuB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAA;AAC3D,CAAC;AAED,+EAA+E;AAC/E,0BAA0B;AAC1B,+EAA+E;AAE/E;;GAEG;AACH,SAAS,qBAAqB,CAAC,OAAe,EAAE,SAAiB,EAAE,aAAqB,EAAE;IACxF,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAA;IACjC,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,SAAS,GAAG,UAAU,CAAC,CAAA;IACjD,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,EAAE,SAAS,GAAG,UAAU,CAAC,CAAA;IAC1D,OAAO,KAAK,CAAC,KAAK,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;AAC3C,CAAC;AAED;;GAEG;AACH,SAAS,iBAAiB,CACxB,YAAmC,EACnC,QAAkB,EAClB,WAAoB,EACpB,aAAsB,EACtB,UAAmB,EACnB,YAAqB,KAAK,EAC1B,YAAqB,KAAK;IAE1B,IAAI,QAAQ,GAAG,YAAY,CAAA;IAE3B,uCAAuC;IACvC,IAAI,UAAU,EAAE,CAAC;QACf,OAAO,MAAM,CAAA;IACf,CAAC;IAED,oDAAoD;IACpD,IAAI,SAAS,EAAE,CAAC;QACd,OAAO,MAAM,CAAA;IACf,CAAC;IAED,4DAA4D;IAC5D,IAAI,SAAS,EAAE,CAAC;QACd,OAAO,MAAM,CAAA;IACf,CAAC;IAED,0DAA0D;IAC1D,IAAI,WAAW,EAAE,CAAC;QAChB,IAAI,QAAQ,KAAK,gBAAgB,EAAE,CAAC;YAClC,QAAQ,GAAG,aAAa,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,QAAQ,CAAA;QAC7C,CAAC;aAAM,CAAC;YACN,yCAAyC;YACzC,QAAQ,GAAG,aAAa,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAA;QAC9C,CAAC;IACH,CAAC;SAAM,IAAI,aAAa,EAAE,CAAC;QACzB,oDAAoD;QACpD,IAAI,YAAY,KAAK,UAAU,EAAE,CAAC;YAChC,QAAQ,GAAG,MAAM,CAAA;QACnB,CAAC;aAAM,IAAI,YAAY,KAAK,MAAM,EAAE,CAAC;YACnC,QAAQ,GAAG,QAAQ,CAAA;QACrB,CAAC;IACH,CAAC;IAED,OAAO,QAAQ,CAAA;AACjB,CAAC;AAED;;GAEG;AACH,SAAgB,sBAAsB,CACpC,OAAe,EACf,QAAgB;IAEhB,MAAM,eAAe,GAAoB,EAAE,CAAA;IAE3C,4BAA4B;IAC5B,IAAI,IAAA,wCAAsB,EAAC,QAAQ,CAAC;QAAE,OAAO,eAAe,CAAA;IAE5D,0DAA0D;IAC1D,gEAAgE;IAChE,MAAM,SAAS,GAAG,IAAA,oCAAgB,EAAC,QAAQ,EAAE,OAAO,CAAC,CAAA;IACrD,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAA;IACjC,MAAM,UAAU,GAAG,IAAA,kCAAgB,EAAC,QAAQ,CAAC,CAAA;IAC7C,MAAM,SAAS,GAAG,IAAA,oCAAkB,EAAC,QAAQ,CAAC,CAAA;IAC9C,MAAM,SAAS,GAAG,IAAA,+BAAa,EAAC,QAAQ,CAAC,CAAA;IAEzC,KAAK,MAAM,OAAO,IAAI,uBAAuB,EAAE,CAAC;QAC9C,MAAM,KAAK,GAAG,IAAI,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,MAAM,EAAE,OAAO,CAAC,OAAO,CAAC,KAAK,CAAC,CAAA;QACvE,IAAI,KAAK,CAAA;QAET,OAAO,CAAC,KAAK,GAAG,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;YAC9C,MAAM,UAAU,GAAG,OAAO,CAAC,SAAS,CAAC,CAAC,EAAE,KAAK,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,MAAM,CAAA;YACvE,MAAM,WAAW,GAAG,KAAK,CAAC,UAAU,GAAG,CAAC,CAAC,EAAE,IAAI,EAAE,IAAI,EAAE,CAAA;YAEvD,gBAAgB;YAChB,IAAI,IAAA,2BAAS,EAAC,WAAW,CAAC;gBAAE,SAAQ;YAEpC,MAAM,kBAAkB,GAAG,qBAAqB,CAAC,OAAO,EAAE,UAAU,GAAG,CAAC,CAAC,CAAA;YAEzE,8CAA8C;YAC9C,MAAM,aAAa,GAAG,SAAS,IAAI,qBAAqB,CAAC,WAAW,EAAE,kBAAkB,CAAC,CAAA;YAEzF,qCAAqC;YAErC,8EAA8E;YAC9E,iDAAiD;YACjD,IAAI,sBAAsB,CAAC,WAAW,EAAE,kBAAkB,CAAC,EAAE,CAAC;gBAC5D,SAAQ;YACV,CAAC;YAED,gEAAgE;YAChE,8DAA8D;YAC9D,IAAI,sBAAsB,CAAC,WAAW,EAAE,kBAAkB,CAAC,EAAE,CAAC;gBAC5D,SAAQ;YACV,CAAC;YAED,6CAA6C;YAC7C,IAAI,CAAC,aAAa,EAAE,CAAC;gBACnB,sDAAsD;gBACtD,MAAM,SAAS,GAAG,KAAK,CAAC,CAAC,CAAC,CAAA;gBAC1B,MAAM,aAAa,GAAG,SAAS,CAAC,KAAK,CAAC,8EAA8E,CAAC,CAAA;gBACrH,IAAI,CAAC,aAAa;oBAAE,SAAQ;gBAE5B,6CAA6C;gBAC7C,IAAI,aAAa,CAAC,WAAW,EAAE,kBAAkB,CAAC;oBAAE,SAAQ;YAC9D,CAAC;YAED,sCAAsC;YACtC,MAAM,WAAW,GAAG,oBAAoB,CAAC,OAAO,EAAE,UAAU,CAAC,CAAA;YAC7D,MAAM,aAAa,GAAG,mBAAmB,CAAC,OAAO,EAAE,UAAU,CAAC,CAAA;YAE9D,8CAA8C;YAE9C,oFAAoF;YACpF,MAAM,aAAa,GAAG,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,IAAI,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC;gBACpF,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,IAAI,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC;gBAClE,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,IAAI,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAA;YACnE,IAAI,aAAa,EAAE,CAAC;gBAClB,MAAM,aAAa,GAAG,qBAAqB,CAAC,OAAO,EAAE,UAAU,CAAC,CAAA;gBAChE,IAAI,aAAa,KAAK,QAAQ,EAAE,CAAC;oBAC/B,SAAQ,CAAE,uCAAuC;gBACnD,CAAC;YACH,CAAC;YAED,+DAA+D;YAC/D,MAAM,kBAAkB,GAAG,OAAO,CAAC,QAAQ,KAAK,iBAAiB;gBAC/D,CAAC,CAAC,cAAc,CAAC,WAAW,EAAE,kBAAkB,CAAC;gBACjD,CAAC,CAAC,KAAK,CAAA;YAET,iCAAiC;YACjC,IAAI,kBAAkB,IAAI,OAAO,CAAC,QAAQ,KAAK,iBAAiB,EAAE,CAAC;gBACjE,SAAQ;YACV,CAAC;YAED,gCAAgC;YAChC,MAAM,YAAY,GAAG,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,IAAI,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC;gBACrF,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAA;YACnC,IAAI,YAAY,IAAI,iBAAiB,CAAC,OAAO,EAAE,UAAU,CAAC,EAAE,CAAC;gBAC3D,SAAQ,CAAE,mCAAmC;YAC/C,CAAC;YAED,iDAAiD;YACjD,MAAM,UAAU,GAAG,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,WAAW,CAAC,IAAI,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,cAAc,CAAC;gBAC5F,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAA;YACpC,IAAI,UAAU,IAAI,eAAe,CAAC,OAAO,EAAE,UAAU,CAAC,EAAE,CAAC;gBACvD,SAAQ,CAAE,2BAA2B;YACvC,CAAC;YAED,iCAAiC;YACjC,MAAM,SAAS,GAAG,OAAO,CAAC,QAAQ,KAAK,aAAa,CAAA;YACpD,IAAI,SAAS,IAAI,kBAAkB,CAAC,WAAW,EAAE,kBAAkB,CAAC,EAAE,CAAC;gBACrE,SAAQ,CAAE,gDAAgD;YAC5D,CAAC;YAED,4BAA4B;YAC5B,MAAM,WAAW,GAAG,OAAO,CAAC,QAAQ,KAAK,eAAe,CAAA;YACxD,IAAI,WAAW,IAAI,kBAAkB,CAAC,OAAO,EAAE,UAAU,CAAC,EAAE,CAAC;gBAC3D,SAAQ,CAAE,sCAAsC;YAClD,CAAC;YAED,6BAA6B;YAC7B,MAAM,YAAY,GAAG,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,IAAI,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAA;YACxF,IAAI,YAAY,IAAI,mBAAmB,CAAC,OAAO,EAAE,UAAU,CAAC,EAAE,CAAC;gBAC7D,SAAQ,CAAE,+BAA+B;YAC3C,CAAC;YAED,0CAA0C;YAC1C,MAAM,YAAY,GAAG,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,IAAI,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC;gBACrF,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,YAAY,CAAC,IAAI,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAA;YAC3E,IAAI,YAAY,IAAI,YAAY,CAAC,WAAW,EAAE,kBAAkB,CAAC,EAAE,CAAC;gBAClE,SAAQ,CAAE,wCAAwC;YACpD,CAAC;YAED,qDAAqD;YACrD,MAAM,WAAW,GAAG,aAAa,CAAC,CAAC,CAAC,qBAAqB,CAAC,OAAO,EAAE,UAAU,CAAC,KAAK,MAAM,CAAC,CAAC,CAAC,KAAK,CAAA;YAEjG,oFAAoF;YACpF,MAAM,mBAAmB,GAAG,aAAa,IAAI,WAAW,CAAA;YAExD,2BAA2B;YAC3B,MAAM,QAAQ,GAAG,iBAAiB,CAChC,OAAO,CAAC,YAAY,EACpB,OAAO,CAAC,QAAQ,EAChB,WAAW,EACX,mBAAmB,EACnB,UAAU,EACV,SAAS,EACT,SAAS,CACV,CAAA;YAED,iCAAiC;YACjC,IAAI,WAAW,GAAG,OAAO,CAAC,WAAW,CAAA;YACrC,IAAI,WAAW,EAAE,CAAC;gBAChB,WAAW,IAAI,gDAAgD,CAAA;YACjE,CAAC;YACD,IAAI,aAAa,EAAE,CAAC;gBAClB,WAAW,IAAI,qCAAqC,CAAA;YACtD,CAAC;YACD,IAAI,WAAW,IAAI,CAAC,aAAa,EAAE,CAAC;gBAClC,WAAW,IAAI,oCAAoC,CAAA;YACrD,CAAC;YACD,IAAI,UAAU,EAAE,CAAC;gBACf,WAAW,IAAI,kBAAkB,CAAA;YACnC,CAAC;iBAAM,IAAI,SAAS,EAAE,CAAC;gBACrB,WAAW,IAAI,+CAA+C,CAAA;YAChE,CAAC;iBAAM,IAAI,SAAS,EAAE,CAAC;gBACrB,WAAW,IAAI,+CAA+C,CAAA;YAChE,CAAC;YAED,mDAAmD;YACnD,IAAI,QAAQ,KAAK,MAAM,IAAI,CAAC,SAAS;gBAAE,SAAQ;YAE/C,eAAe,CAAC,IAAI,CAAC;gBACnB,EAAE,EAAE,WAAW,QAAQ,IAAI,UAAU,IAAI,OAAO,CAAC,QAAQ,EAAE;gBAC3D,QAAQ;gBACR,UAAU;gBACV,WAAW;gBACX,QAAQ;gBACR,QAAQ,EAAE,qBAAqB;gBAC/B,KAAK,EAAE,OAAO,CAAC,IAAI;gBACnB,WAAW;gBACX,YAAY,EAAE,OAAO,CAAC,YAAY;gBAClC,UAAU,EAAE,aAAa,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,QAAQ;gBAC7C,KAAK,EAAE,CAAC;gBACR,oBAAoB,EAAE,QAAQ,KAAK,MAAM,IAAI,QAAQ,KAAK,KAAK;aAChE,CAAC,CAAA;QACJ,CAAC;IACH,CAAC;IAED,OAAO,eAAe,CAAA;AACxB,CAAC"}

package/dist/layer2/ai-fingerprinting.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"ai-fingerprinting.d.ts","sourceRoot":"","sources":["../../src/layer2/ai-fingerprinting.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,KAAK,EAAE,aAAa,EAAyB,MAAM,UAAU,CAAA;AAmnBpE,wBAAgB,oBAAoB,CAClC,OAAO,EAAE,MAAM,EACf,QAAQ,EAAE,MAAM,GACf,aAAa,EAAE,CA0HjB"}
+{"version":3,"file":"ai-fingerprinting.d.ts","sourceRoot":"","sources":["../../src/layer2/ai-fingerprinting.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,KAAK,EAAE,aAAa,EAAyB,MAAM,UAAU,CAAA;AAmnBpE,wBAAgB,oBAAoB,CAClC,OAAO,EAAE,MAAM,EACf,QAAQ,EAAE,MAAM,GACf,aAAa,EAAE,CA8HjB"}

package/dist/layer2/ai-fingerprinting.js

@@ -541,6 +541,9 @@ function isConfigFile(filePath) {
 }
 function detectAIFingerprints(content, filePath) {
     const vulnerabilities = [];
+    // Skip scanner/fixture files to avoid self-detection
+    if ((0, context_helpers_1.isScannerOrFixtureFile)(filePath))
+        return vulnerabilities;
     const lines = content.split('\n');
     // Skip example/demo files entirely - they contain placeholder code by design
     if ((0, context_helpers_1.isExampleFile)(filePath)) {