@oscharko-dev/keiko-security 0.2.0

package/dist/promptInjection.js

@@ -0,0 +1,235 @@
+// Authoritative prompt-injection / unsafe-content detector for the Prompt Enhancer
+// (Epic #1307, Issue #1313; ADR-0044 §1/§5).
+//
+// ADR-0044 places the authoritative prompt-injection patterns and secret/PII detectors in
+// `keiko-security`; the contracts analyzer's lexical risk cues (#1309) are a deliberately shallow
+// signal only. This module is the deep detector the gateway validate stage composes over the
+// contracts structural assessment: it scans UNTRUSTED text for instruction-override, system/developer
+// prompt disclosure, secret-exfiltration, unsafe tool/agency requests, egress requests, and
+// manipulative role-reassignment, and it detects embedded secret material by reusing `redact`.
+//
+// Content-free by construction (safe-error discipline, ADR-0003/ADR-0044 §5): a signal carries only a
+// stable closed-vocabulary `code` and a match COUNT — never the matched text. The result is therefore
+// always safe to log, persist as evidence, and surface across trust boundaries.
+//
+// ReDoS-safe by construction: detection is substring containment over a normalized lowercase view
+// (linear, no backtracking). The only regular expressions reached are inside `redact`, which is itself
+// bounded-quantifier ReDoS-safe (ADR-0002).
+import { redact } from "./redaction.js";
+export const PROMPT_INJECTION_SIGNAL_CODES = [
+    "instruction-override",
+    "system-prompt-disclosure",
+    "secret-exfiltration",
+    "tool-authority-request",
+    "egress-request",
+    "manipulative-framing",
+    "embedded-secret-material",
+];
+export const isPromptInjectionSignalCode = (value) => typeof value === "string" && PROMPT_INJECTION_SIGNAL_CODES.includes(value);
+// Cue tables. Lowercased substrings; each is a deeper, more comprehensive set than the contracts
+// analyzer's shallow risk cues. Ordered by code for readability.
+const INJECTION_RULES = [
+    {
+        code: "instruction-override",
+        severity: "critical",
+        cues: [
+            "ignore previous instructions",
+            "ignore all previous",
+            "ignore the above",
+            "ignore your instructions",
+            "ignore your guidelines",
+            "ignore all prior",
+            "disregard previous",
+            "disregard the above",
+            "disregard all prior",
+            "disregard your instructions",
+            "forget your instructions",
+            "forget all previous",
+            "override your instructions",
+            "do not follow your instructions",
+            "bypass your restrictions",
+            "ignore the safety rules",
+            "ignore all safety",
+        ],
+    },
+    {
+        code: "system-prompt-disclosure",
+        severity: "critical",
+        cues: [
+            "system prompt",
+            "reveal your instructions",
+            "show me your instructions",
+            "print your instructions",
+            "repeat the words above",
+            "repeat your system",
+            "what is your system prompt",
+            "reveal your prompt",
+            "show your prompt",
+            "your initial instructions",
+            "disclose your instructions",
+            "what were you told",
+            "the text above this line",
+        ],
+    },
+    {
+        code: "secret-exfiltration",
+        severity: "critical",
+        cues: [
+            "api key",
+            "apikey",
+            "secret key",
+            "access token",
+            "your password",
+            "the password",
+            "your credentials",
+            "environment variable",
+            "env var",
+            "process.env",
+            ".env file",
+            "private key",
+            "ssh key",
+            "reveal the secret",
+            "print the secret",
+            "show me the api",
+            "leak the",
+            "dump the secrets",
+            "exfiltrate the",
+        ],
+    },
+    {
+        code: "tool-authority-request",
+        severity: "critical",
+        cues: [
+            "run this command",
+            "execute this command",
+            "run the script",
+            "execute the following",
+            "sudo ",
+            "rm -rf",
+            "grant yourself",
+            "give yourself access",
+            "install and run",
+            "you have permission to run",
+            "act as root",
+            "with admin privileges",
+            "escalate privileges",
+            "deploy to production",
+        ],
+    },
+    {
+        code: "egress-request",
+        severity: "critical",
+        cues: [
+            "exfiltrate",
+            "send the data to",
+            "upload to",
+            "post to http",
+            "curl http",
+            "wget http",
+            "make a request to http",
+            "send it to my server",
+            "download from and run",
+            "email the data",
+            "leak to",
+        ],
+    },
+    {
+        code: "manipulative-framing",
+        severity: "elevated",
+        cues: [
+            "you are now ",
+            "pretend to be",
+            "pretend you are",
+            "act as if you have no",
+            "developer mode",
+            "jailbreak",
+            "dan mode",
+            "you must comply",
+            "without any restrictions",
+            "there are no rules",
+            "this is only hypothetical so",
+            "from now on you are",
+            "you are no longer",
+            "new system role",
+            "assume the role of an unrestricted",
+        ],
+    },
+];
+// Inclusive code-point ranges to strip: C0 controls (excluding tab/LF/CR), DEL, C1 controls, the
+// zero-width joiners/space, the BOM, and the bidi-embedding/isolate format characters used to hide
+// injection markers. Tab (0x09), LF (0x0a), and CR (0x0d) are preserved by carving the C0 range.
+const STRIPPABLE_CODE_POINT_RANGES = [
+    [0x00, 0x08],
+    [0x0b, 0x0c],
+    [0x0e, 0x1f],
+    [0x7f, 0x7f],
+    [0x80, 0x9f],
+    [0x200b, 0x200d],
+    [0x202a, 0x202e],
+    [0x2066, 0x2069],
+    [0xfeff, 0xfeff],
+];
+// Strip control / zero-width / bidi code points and NFKC-normalise so unicode obfuscation cannot evade
+// substring matching. Mirrors the QI promptSegmentation control stripper (code-point scan, no
+// no-control-regex lint suppression needed).
+function isStrippableCodePoint(codePoint) {
+    return STRIPPABLE_CODE_POINT_RANGES.some(([lo, hi]) => codePoint >= lo && codePoint <= hi);
+}
+function normalizeForDetection(input) {
+    let out = "";
+    for (const ch of input.normalize("NFKC")) {
+        const codePoint = ch.codePointAt(0);
+        if (codePoint === undefined)
+            continue;
+        if (!isStrippableCodePoint(codePoint))
+            out += ch;
+    }
+    return out.toLowerCase();
+}
+function countCueHits(haystack, cues) {
+    let count = 0;
+    for (const cue of cues) {
+        if (haystack.includes(cue))
+            count += 1;
+    }
+    return count;
+}
+/**
+ * Detect unsafe-content signals in a piece of UNTRUSTED text (raw user draft, retrieved snippet, or
+ * tool output). Pure and content-free: returns a stable list of `{ code, severity, matchCount }`
+ * signals and never echoes the matched text. ReDoS-safe (substring containment + the bounded `redact`).
+ *
+ * `embedded-secret-material` fires when the text itself contains a redactable secret shape — relevant
+ * both to secret-exfiltration detection and to the redaction guarantee for persisted evidence.
+ */
+export function detectPromptInjectionSignals(untrustedText) {
+    if (typeof untrustedText !== "string" || untrustedText.length === 0) {
+        return [];
+    }
+    const normalized = normalizeForDetection(untrustedText);
+    const signals = [];
+    for (const rule of INJECTION_RULES) {
+        const matchCount = countCueHits(normalized, rule.cues);
+        if (matchCount > 0) {
+            signals.push({ code: rule.code, severity: rule.severity, matchCount });
+        }
+    }
+    if (containsRedactableSecret(untrustedText)) {
+        signals.push({ code: "embedded-secret-material", severity: "elevated", matchCount: 1 });
+    }
+    return signals;
+}
+/**
+ * Whether the text contains redactable secret material (a known token/key/credential shape). Reuses
+ * the authoritative `redact` so the detector and the redactor agree by construction. Pure.
+ */
+export function containsRedactableSecret(text) {
+    return typeof text === "string" && text.length > 0 && redact(text) !== text;
+}
+/**
+ * Whether any detected signal is `critical` — an active attack attempt (override, disclosure,
+ * exfiltration, unsafe tool, or egress). Pure helper for callers gating on attack severity.
+ */
+export function hasCriticalInjectionSignal(signals) {
+    return signals.some((signal) => signal.severity === "critical");
+}

package/dist/redaction.d.ts

@@ -0,0 +1,5 @@
+import type { AuditRedactionConfig } from "@oscharko-dev/keiko-contracts";
+export declare function redact(input: string, additionalSecrets?: readonly string[]): string;
+export declare function createAuditRedactor(config: AuditRedactionConfig, env: Readonly<Record<string, string | undefined>>): (input: string) => string;
+export declare function deepRedactStrings(value: unknown, redactString: (input: string) => string): unknown;
+//# sourceMappingURL=redaction.d.ts.map

package/dist/redaction.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"redaction.d.ts","sourceRoot":"","sources":["../src/redaction.ts"],"names":[],"mappings":"AASA,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,+BAA+B,CAAC;AA2D1E,wBAAgB,MAAM,CAAC,KAAK,EAAE,MAAM,EAAE,iBAAiB,GAAE,SAAS,MAAM,EAAO,GAAG,MAAM,CAmBvF;AA6BD,wBAAgB,mBAAmB,CACjC,MAAM,EAAE,oBAAoB,EAC5B,GAAG,EAAE,QAAQ,CAAC,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,SAAS,CAAC,CAAC,GAChD,CAAC,KAAK,EAAE,MAAM,KAAK,MAAM,CAO3B;AAQD,wBAAgB,iBAAiB,CAC/B,KAAK,EAAE,OAAO,EACd,YAAY,EAAE,CAAC,KAAK,EAAE,MAAM,KAAK,MAAM,GACtC,OAAO,CAeT"}

package/dist/redaction.js

@@ -0,0 +1,123 @@
+// Secret redaction at the boundary. Every provider-derived string passes through
+// redact() before it can reach an error message, log call, or serialised artefact.
+//
+// ReDoS-safe by construction: every built-in pattern is a single linear character class with one
+// bounded or open quantifier (no nesting), so none can backtrack catastrophically. Caller-supplied
+// literals are escaped via escapeRegExp before any RegExp is built, so no caller-controlled
+// metacharacter reaches the regex engine. This keeps the CodeQL js/polynomial-redos required
+// gate green (ADR-0002).
+const REDACTED = "[REDACTED]";
+// Bearer <token>: keep the scheme, drop the credential.
+const BEARER_PATTERN = /\bBearer\s+[\w.\-+/=]+/gi;
+const BASIC_AUTH_PATTERN = /\bBasic\s+[\w.\-+/=]+/gi;
+// OpenAI-style keys (sk-, sk-proj-, etc.): a prefix followed by >= 16 secret chars.
+const API_KEY_PATTERN = /\bsk-[A-Za-z0-9_-]{16,}/g;
+// Common third-party credential shapes. Each is a single linear character class with one
+// bounded/open quantifier (no nesting), so none can backtrack catastrophically — this keeps
+// CodeQL js/polynomial-redos satisfied while scrubbing non-OpenAI secrets from tool output.
+const GITHUB_TOKEN_PATTERN = /\bgh[pousr]_[A-Za-z0-9]{20,}/g;
+const AWS_ACCESS_KEY_PATTERN = /\bAKIA[0-9A-Z]{16}\b/g;
+const SLACK_TOKEN_PATTERN = /\bxox[baprs]-[A-Za-z0-9-]{10,}/g;
+const GOOGLE_API_KEY_PATTERN = /\bAIza[0-9A-Za-z_-]{20,}/g;
+const STRIPE_KEY_PATTERN = /\b[rs]k_(?:live|test)_[A-Za-z0-9]{16,}/g;
+const PEM_PRIVATE_KEY_BLOCK_PATTERN = /-----BEGIN [A-Z ]*PRIVATE KEY-----[\s\S]*?-----END [A-Z ]*PRIVATE KEY-----/g;
+const PEM_PRIVATE_KEY_HEADER_PATTERN = /-----BEGIN [A-Z ]*PRIVATE KEY-----/g;
+const GENERIC_API_KEY_HEADER_PATTERN = /\b(x-api-key\s*:\s*)[^\s"'`,;]+/gi;
+const GENERIC_API_KEY_ASSIGNMENT_PATTERN = /\b(api[_-]?key\s*[=:]\s*)[^\s"'`,;&]+/gi;
+// Key-name-based value redaction (Epic #532 security audit H1). Connected-folder browsing and
+// grounded answers can now surface arbitrary files whose secrets do not match a known token SHAPE
+// (gcloud refresh_token, service-account client_secret, generic password/secret fields, AWS secret
+// access key, DB passwords). This scrubs the VALUE assigned to a well-known secret KEY in JSON
+// ("client_secret": "x"), INI/env (db_password=x), or YAML (secret: x) shape — keeping the key and
+// separator, dropping the value. ReDoS-safe: alternation of literals + one linear value class.
+const SECRET_KEY_NAMES = "passwd|password|api_?token|token|secret_key|secret|client_secret|refresh_token|access_token|id_token|private_key|aws_secret_access_key|secret_access_key|sas_token|jwt_secret|db_password|connection_?string|credential";
+const SECRET_KEY_VALUE_PATTERN = new RegExp(`(?<![A-Za-z0-9])(${SECRET_KEY_NAMES})(["']?\\s*[:=]\\s*["']?)[^\\s"'\`,;&]+`, "gi");
+// scheme://user:password@host — strip the userinfo credentials from any URL or DSN. One linear
+// userinfo class on each side of the ':' and bounded by '@', so no catastrophic backtracking.
+const URL_CREDENTIALS_PATTERN = /\b([a-z][a-z0-9+.-]*:\/\/)[^\s:@/]+:[^\s:@/]+@/gi;
+const BUILTIN_PATTERNS = [
+    GITHUB_TOKEN_PATTERN,
+    AWS_ACCESS_KEY_PATTERN,
+    SLACK_TOKEN_PATTERN,
+    GOOGLE_API_KEY_PATTERN,
+    STRIPE_KEY_PATTERN,
+    PEM_PRIVATE_KEY_BLOCK_PATTERN,
+    PEM_PRIVATE_KEY_HEADER_PATTERN,
+];
+function escapeRegExp(value) {
+    return value.replace(/[.*+?^${}()|[\]\\]/g, "\\$&");
+}
+// Strips known secret shapes and any caller-supplied literal secrets from `input`.
+// `additionalSecrets` lets the caller pass exact apiKey/baseUrl/env values it holds
+// so even non-standard key formats are scrubbed.
+export function redact(input, additionalSecrets = []) {
+    let output = input
+        .replace(BEARER_PATTERN, `Bearer ${REDACTED}`)
+        .replace(BASIC_AUTH_PATTERN, `Basic ${REDACTED}`)
+        .replace(GENERIC_API_KEY_HEADER_PATTERN, `$1${REDACTED}`)
+        .replace(GENERIC_API_KEY_ASSIGNMENT_PATTERN, `$1${REDACTED}`)
+        .replace(SECRET_KEY_VALUE_PATTERN, `$1$2${REDACTED}`)
+        .replace(URL_CREDENTIALS_PATTERN, `$1${REDACTED}@`)
+        .replace(API_KEY_PATTERN, REDACTED);
+    for (const pattern of BUILTIN_PATTERNS) {
+        output = output.replace(pattern, REDACTED);
+    }
+    for (const secret of additionalSecrets) {
+        if (secret.length === 0) {
+            continue;
+        }
+        output = output.replace(new RegExp(escapeRegExp(secret), "g"), REDACTED);
+    }
+    return output;
+}
+// A literal shorter than this is too generic to scrub safely: redacting a 2-char value would
+// over-redact ordinary prose. redact() itself only skips empty strings, so the floor lives here.
+const MIN_LITERAL_LENGTH = 4;
+// Resolves the VALUES of the named env vars (never the names), keeping only non-empty values long
+// enough to be a plausible secret. The builder passes these as escaped literals to redact().
+function resolveEnvValues(names, env) {
+    const values = [];
+    for (const name of names) {
+        const value = env[name];
+        if (value !== undefined && value.length >= MIN_LITERAL_LENGTH) {
+            values.push(value);
+        }
+    }
+    return values;
+}
+function keepLongEnough(literals) {
+    return literals.filter((literal) => literal.length >= MIN_LITERAL_LENGTH);
+}
+// Returns a function string -> string applying redact() with the union of all literal secrets
+// (additionalSecrets ∪ resolved env values ∪ sensitiveLiterals). Idempotent: redact() over already-
+// redacted text is a no-op on the redacted tokens (ADR-0010 D3 audit-redaction layer).
+export function createAuditRedactor(config, env) {
+    const literals = [
+        ...keepLongEnough(config.additionalSecrets ?? []),
+        ...resolveEnvValues(config.redactEnvValues ?? [], env),
+        ...keepLongEnough(config.sensitiveLiterals ?? []),
+    ];
+    return (input) => redact(input, literals);
+}
+// Recursively re-applies a redactor to EVERY STRING LEAF of a plain-JSON value, rebuilding
+// arrays/objects so the input is never mutated and the JSON structure is preserved exactly. Bounded
+// by the (finite) nesting depth of an EvidenceManifest. Idempotent (redact over already-redacted
+// text is a no-op), so it is safe to apply at build time AND again as defense in depth at persist
+// time. This is what makes the audit builder truly redacted-by-construction even for embedded
+// summaries that the audit redactor would otherwise miss.
+export function deepRedactStrings(value, redactString) {
+    if (typeof value === "string") {
+        return redactString(value);
+    }
+    if (Array.isArray(value)) {
+        return value.map((item) => deepRedactStrings(item, redactString));
+    }
+    if (typeof value === "object" && value !== null) {
+        const out = {};
+        for (const [key, child] of Object.entries(value)) {
+            out[key] = deepRedactStrings(child, redactString);
+        }
+        return out;
+    }
+    return value;
+}

package/dist/runid.d.ts

@@ -0,0 +1,2 @@
+export declare function assertValidRunId(runId: string): void;
+//# sourceMappingURL=runid.d.ts.map

package/dist/runid.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"runid.d.ts","sourceRoot":"","sources":["../src/runid.ts"],"names":[],"mappings":"AAoBA,wBAAgB,gBAAgB,CAAC,KAAK,EAAE,MAAM,GAAG,IAAI,CAYpD"}

package/dist/runid.js

@@ -0,0 +1,29 @@
+// PURE, bounded runId validation (ADR-0010 D4 iii). The manifest filename is ALWAYS derived from a
+// validated runId, so a malicious runId cannot escape the contained base dir or overwrite an
+// arbitrary file. We accept only a bounded [A-Za-z0-9._-] character set with a length cap and reject
+// a leading dot (no dotfiles, no `..`). NO REGEX is used (D3 no-new-regex rule) — validation is a
+// per-character class check, which is also trivially linear-time.
+import { InvalidRunIdError } from "./errors/audit.js";
+const MAX_RUN_ID_LENGTH = 256;
+// Inclusive ASCII code-point ranges for the allowed class, plus the three allowed punctuation
+// characters. A leading dot is rejected separately so `.` is allowed only in non-leading position.
+function isAllowedChar(code) {
+    const isDigit = code >= 48 && code <= 57; // 0-9
+    const isUpper = code >= 65 && code <= 90; // A-Z
+    const isLower = code >= 97 && code <= 122; // a-z
+    const isPunct = code === 46 || code === 95 || code === 45; // . _ -
+    return isDigit || isUpper || isLower || isPunct;
+}
+export function assertValidRunId(runId) {
+    if (runId.length === 0 || runId.length > MAX_RUN_ID_LENGTH) {
+        throw new InvalidRunIdError(`invalid runId length: ${String(runId.length)}`);
+    }
+    if (runId.startsWith(".")) {
+        throw new InvalidRunIdError("runId must not start with a dot");
+    }
+    for (let i = 0; i < runId.length; i += 1) {
+        if (!isAllowedChar(runId.charCodeAt(i))) {
+            throw new InvalidRunIdError("runId contains a disallowed character");
+        }
+    }
+}

package/dist/secret-vault.d.ts

@@ -0,0 +1,33 @@
+export type LocalVaultKeySource = "env" | "keychain" | "keyfile";
+export interface ResolvedLocalVaultKey {
+    readonly key: Buffer;
+    readonly source: LocalVaultKeySource;
+}
+export type LocalVaultKeychainAccess = () => Buffer | undefined;
+export declare const NO_LOCAL_VAULT_KEYCHAIN: LocalVaultKeychainAccess;
+export interface ResolveLocalVaultKeyOptions {
+    readonly env: Readonly<Record<string, string | undefined>>;
+    readonly vaultDir: string;
+    readonly envVarName: string;
+    readonly keychainService: string;
+    readonly keyfileName: string;
+    readonly keychainAccess?: LocalVaultKeychainAccess | undefined;
+}
+export interface LocalSecretVault {
+    readonly get: (reference: string) => string | undefined;
+    readonly set: (reference: string, secret: string) => void;
+    readonly replaceAll: (entries: ReadonlyMap<string, string>) => void;
+    readonly delete: (reference: string) => void;
+    readonly has: (reference: string) => boolean;
+    readonly list: () => readonly string[];
+}
+export interface LocalSecretVaultDeps {
+    readonly key: Buffer;
+    readonly storePath: string;
+}
+export type KeychainCommandRunner = (args: readonly string[]) => string;
+export declare function createKeychainVaultKeyAccess(keychainService: string, runCommand?: KeychainCommandRunner): LocalVaultKeychainAccess;
+export declare function resolveLocalVaultKey(options: ResolveLocalVaultKeyOptions): ResolvedLocalVaultKey;
+export declare function readLocalVaultReferences(storePath: string): readonly string[];
+export declare function createLocalSecretVault(deps: LocalSecretVaultDeps): LocalSecretVault;
+//# sourceMappingURL=secret-vault.d.ts.map

package/dist/secret-vault.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"secret-vault.d.ts","sourceRoot":"","sources":["../src/secret-vault.ts"],"names":[],"mappings":"AA2CA,MAAM,MAAM,mBAAmB,GAAG,KAAK,GAAG,UAAU,GAAG,SAAS,CAAC;AAEjE,MAAM,WAAW,qBAAqB;IACpC,QAAQ,CAAC,GAAG,EAAE,MAAM,CAAC;IACrB,QAAQ,CAAC,MAAM,EAAE,mBAAmB,CAAC;CACtC;AAKD,MAAM,MAAM,wBAAwB,GAAG,MAAM,MAAM,GAAG,SAAS,CAAC;AAEhE,eAAO,MAAM,uBAAuB,EAAE,wBAA0C,CAAC;AAEjF,MAAM,WAAW,2BAA2B;IAC1C,QAAQ,CAAC,GAAG,EAAE,QAAQ,CAAC,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,SAAS,CAAC,CAAC,CAAC;IAC3D,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;IAE1B,QAAQ,CAAC,UAAU,EAAE,MAAM,CAAC;IAE5B,QAAQ,CAAC,eAAe,EAAE,MAAM,CAAC;IAEjC,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAC;IAE7B,QAAQ,CAAC,cAAc,CAAC,EAAE,wBAAwB,GAAG,SAAS,CAAC;CAChE;AAED,MAAM,WAAW,gBAAgB;IAG/B,QAAQ,CAAC,GAAG,EAAE,CAAC,SAAS,EAAE,MAAM,KAAK,MAAM,GAAG,SAAS,CAAC;IAExD,QAAQ,CAAC,GAAG,EAAE,CAAC,SAAS,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,KAAK,IAAI,CAAC;IAI1D,QAAQ,CAAC,UAAU,EAAE,CAAC,OAAO,EAAE,WAAW,CAAC,MAAM,EAAE,MAAM,CAAC,KAAK,IAAI,CAAC;IAEpE,QAAQ,CAAC,MAAM,EAAE,CAAC,SAAS,EAAE,MAAM,KAAK,IAAI,CAAC;IAC7C,QAAQ,CAAC,GAAG,EAAE,CAAC,SAAS,EAAE,MAAM,KAAK,OAAO,CAAC;IAE7C,QAAQ,CAAC,IAAI,EAAE,MAAM,SAAS,MAAM,EAAE,CAAC;CACxC;AAED,MAAM,WAAW,oBAAoB;IACnC,QAAQ,CAAC,GAAG,EAAE,MAAM,CAAC;IACrB,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;CAC5B;AAyCD,MAAM,MAAM,qBAAqB,GAAG,CAAC,IAAI,EAAE,SAAS,MAAM,EAAE,KAAK,MAAM,CAAC;AAQxE,wBAAgB,4BAA4B,CAC1C,eAAe,EAAE,MAAM,EACvB,UAAU,GAAE,qBAAoD,GAC/D,wBAAwB,CAkB1B;AAwCD,wBAAgB,oBAAoB,CAAC,OAAO,EAAE,2BAA2B,GAAG,qBAAqB,CAQhG;AAwDD,wBAAgB,wBAAwB,CAAC,SAAS,EAAE,MAAM,GAAG,SAAS,MAAM,EAAE,CAE7E;AAsCD,wBAAgB,sBAAsB,CAAC,IAAI,EAAE,oBAAoB,GAAG,gBAAgB,CAmDnF"}