@pan-sec/notebooklm-mcp 1.4.0 → 1.6.0

package/dist/compliance/breach-detection.js

@@ -0,0 +1,456 @@
+/**
+ * Breach Detection
+ *
+ * Detects potential security breaches and policy violations.
+ * Implements detection rules with configurable thresholds and actions.
+ *
+ * Added by Pantheon Security for enterprise compliance support.
+ */
+import crypto from "crypto";
+import path from "path";
+import fs from "fs";
+import { getConfig } from "../config.js";
+import { mkdirSecure, writeFileSecure } from "../utils/file-permissions.js";
+import { getComplianceLogger } from "./compliance-logger.js";
+import { getAlertManager } from "./alert-manager.js";
+/**
+ * Generate a UUID v4
+ */
+function generateUUID() {
+    return crypto.randomUUID();
+}
+/**
+ * Default breach detection rules
+ */
+const DEFAULT_RULES = [
+    {
+        id: "rule_brute_force",
+        name: "Brute Force Attack",
+        description: "Multiple failed authentication attempts in short time window",
+        severity: "high",
+        event_pattern: "auth_failed",
+        threshold: 10,
+        window_seconds: 300,
+        actions: ["log", "block", "alert", "create_incident"],
+        notification_required: true,
+        notification_deadline_hours: 72,
+    },
+    {
+        id: "rule_secrets_leaked",
+        name: "Secrets Leaked in Output",
+        description: "Detected credentials or secrets in tool output",
+        severity: "critical",
+        event_pattern: "secrets_detected",
+        threshold: 1,
+        window_seconds: 1,
+        actions: ["log", "alert", "create_incident"],
+        notification_required: true,
+        notification_deadline_hours: 24,
+    },
+    {
+        id: "rule_cert_violation",
+        name: "Certificate Pinning Violation",
+        description: "TLS certificate does not match pinned certificates",
+        severity: "critical",
+        event_pattern: "cert_pinning_violation",
+        threshold: 1,
+        window_seconds: 1,
+        actions: ["log", "block", "alert", "create_incident"],
+        notification_required: true,
+        notification_deadline_hours: 24,
+    },
+    {
+        id: "rule_prompt_injection",
+        name: "Prompt Injection Attempt",
+        description: "Detected prompt injection patterns in response",
+        severity: "high",
+        event_pattern: "prompt_injection",
+        threshold: 1,
+        window_seconds: 1,
+        actions: ["log", "alert"],
+        notification_required: false,
+    },
+    {
+        id: "rule_unusual_access",
+        name: "Unusual Access Pattern",
+        description: "Access patterns outside normal behavior",
+        severity: "medium",
+        event_pattern: "unusual_access",
+        threshold: 5,
+        window_seconds: 3600,
+        actions: ["log", "alert"],
+        notification_required: false,
+    },
+    {
+        id: "rule_mass_export",
+        name: "Mass Data Export",
+        description: "Large data export request",
+        severity: "medium",
+        event_pattern: "data_export",
+        threshold: 3,
+        window_seconds: 3600,
+        actions: ["log", "notify_admin"],
+        notification_required: false,
+    },
+    {
+        id: "rule_encryption_failure",
+        name: "Encryption Failure",
+        description: "Encryption or decryption operation failed",
+        severity: "high",
+        event_pattern: "encryption_error",
+        threshold: 3,
+        window_seconds: 300,
+        actions: ["log", "alert"],
+        notification_required: false,
+    },
+    {
+        id: "rule_auth_lockout",
+        name: "Authentication Lockout",
+        description: "Account locked due to failed attempts",
+        severity: "medium",
+        event_pattern: "auth_lockout",
+        threshold: 1,
+        window_seconds: 1,
+        actions: ["log", "alert"],
+        notification_required: false,
+    },
+];
+/**
+ * Breach Detector class
+ */
+export class BreachDetector {
+    static instance;
+    rulesFile;
+    rules = new Map();
+    eventTrackers = new Map();
+    detections = [];
+    loaded = false;
+    enabled;
+    blockedPatterns = new Set();
+    constructor() {
+        const config = getConfig();
+        this.rulesFile = path.join(config.configDir, "breach-rules.json");
+        this.enabled = process.env.NLMCP_BREACH_DETECTION !== "false";
+    }
+    /**
+     * Get singleton instance
+     */
+    static getInstance() {
+        if (!BreachDetector.instance) {
+            BreachDetector.instance = new BreachDetector();
+        }
+        return BreachDetector.instance;
+    }
+    /**
+     * Load rules from storage
+     */
+    async load() {
+        if (this.loaded)
+            return;
+        // Load default rules
+        for (const rule of DEFAULT_RULES) {
+            this.rules.set(rule.id, rule);
+        }
+        // Load custom rules
+        try {
+            if (fs.existsSync(this.rulesFile)) {
+                const content = fs.readFileSync(this.rulesFile, "utf-8");
+                const data = JSON.parse(content);
+                if (data.rules && Array.isArray(data.rules)) {
+                    for (const rule of data.rules) {
+                        this.rules.set(rule.id, rule);
+                    }
+                }
+            }
+        }
+        catch {
+            // Use defaults if file is corrupted
+        }
+        this.loaded = true;
+    }
+    /**
+     * Save custom rules to storage
+     */
+    async save() {
+        const dir = path.dirname(this.rulesFile);
+        mkdirSecure(dir);
+        // Only save custom rules
+        const customRules = Array.from(this.rules.values()).filter(r => !DEFAULT_RULES.find(dr => dr.id === r.id));
+        const data = {
+            version: "1.0.0",
+            last_updated: new Date().toISOString(),
+            rules: customRules,
+        };
+        writeFileSecure(this.rulesFile, JSON.stringify(data, null, 2));
+    }
+    /**
+     * Check an event against all rules
+     */
+    async checkEvent(eventPattern, details) {
+        if (!this.enabled) {
+            return null;
+        }
+        await this.load();
+        const now = Date.now();
+        // Find matching rules
+        for (const rule of this.rules.values()) {
+            if (!this.matchesPattern(eventPattern, rule.event_pattern)) {
+                continue;
+            }
+            // Get or create event tracker
+            let tracker = this.eventTrackers.get(rule.id);
+            if (!tracker) {
+                tracker = { rule_id: rule.id, events: [] };
+                this.eventTrackers.set(rule.id, tracker);
+            }
+            // Add this event
+            tracker.events.push({ timestamp: now, details });
+            // Clean up old events outside window
+            const windowStart = now - (rule.window_seconds || 1) * 1000;
+            tracker.events = tracker.events.filter(e => e.timestamp >= windowStart);
+            // Check threshold
+            if (tracker.events.length >= (rule.threshold || 1)) {
+                // Breach detected!
+                const detection = await this.handleBreach(rule, tracker.events, details);
+                // Reset tracker after breach
+                tracker.events = [];
+                return detection;
+            }
+        }
+        return null;
+    }
+    /**
+     * Check if event pattern matches rule pattern
+     */
+    matchesPattern(event, pattern) {
+        // Exact match
+        if (event === pattern) {
+            return true;
+        }
+        // Regex pattern
+        try {
+            const regex = new RegExp(pattern);
+            return regex.test(event);
+        }
+        catch {
+            return false;
+        }
+    }
+    /**
+     * Handle a detected breach
+     */
+    async handleBreach(rule, events, details) {
+        const detection = {
+            id: generateUUID(),
+            detected_at: new Date().toISOString(),
+            rule,
+            event_count: events.length,
+            window_start: new Date(events[0].timestamp).toISOString(),
+            window_end: new Date(events[events.length - 1].timestamp).toISOString(),
+            actions_taken: [],
+            blocked: false,
+        };
+        // Execute actions
+        for (const action of rule.actions) {
+            try {
+                switch (action) {
+                    case "log":
+                        await this.actionLog(detection, details);
+                        break;
+                    case "alert":
+                        await this.actionAlert(detection, details);
+                        break;
+                    case "block":
+                        await this.actionBlock(detection);
+                        break;
+                    case "notify_admin":
+                        await this.actionNotifyAdmin(detection, details);
+                        break;
+                    case "create_incident":
+                        const incidentId = await this.actionCreateIncident(detection, details);
+                        detection.incident_id = incidentId;
+                        break;
+                }
+                detection.actions_taken.push(action);
+            }
+            catch {
+                // Continue with other actions
+            }
+        }
+        this.detections.push(detection);
+        return detection;
+    }
+    /**
+     * Action: Log the breach
+     */
+    async actionLog(detection, details) {
+        const logger = getComplianceLogger();
+        await logger.logBreach(detection.rule.name, detection.rule.severity, detection.rule.notification_required, {
+            detection_id: detection.id,
+            rule_id: detection.rule.id,
+            event_count: detection.event_count,
+            ...details,
+        });
+    }
+    /**
+     * Action: Send alert
+     */
+    async actionAlert(detection, details) {
+        const alertManager = getAlertManager();
+        // Map incident severity to alert severity
+        const severityMap = {
+            low: "info",
+            medium: "warning",
+            high: "error",
+            critical: "critical",
+        };
+        const alertSeverity = severityMap[detection.rule.severity] || "warning";
+        await alertManager.sendAlert(alertSeverity, `Breach Detected: ${detection.rule.name}`, detection.rule.description, "breach-detector", {
+            detection_id: detection.id,
+            event_count: detection.event_count,
+            window: `${detection.window_start} to ${detection.window_end}`,
+            ...details,
+        });
+    }
+    /**
+     * Action: Block the pattern
+     */
+    async actionBlock(detection) {
+        this.blockedPatterns.add(detection.rule.event_pattern);
+        detection.blocked = true;
+    }
+    /**
+     * Action: Notify admin
+     */
+    async actionNotifyAdmin(detection, details) {
+        // Use alert manager with higher severity for admin notification
+        const alertManager = getAlertManager();
+        await alertManager.sendAlert("warning", `[Admin] ${detection.rule.name}`, `${detection.rule.description}\n\nEvent count: ${detection.event_count}`, "breach-detector", details);
+    }
+    /**
+     * Action: Create incident
+     */
+    async actionCreateIncident(detection, details) {
+        // This would integrate with incident-manager.ts
+        // For now, return a placeholder ID
+        const incidentId = `incident_${detection.id.slice(0, 8)}`;
+        // Log for now, incident-manager will handle full tracking
+        const logger = getComplianceLogger();
+        await logger.logSecurityIncident("breach_incident_created", detection.rule.severity, {
+            incident_id: incidentId,
+            detection_id: detection.id,
+            rule_name: detection.rule.name,
+            ...details,
+        });
+        return incidentId;
+    }
+    /**
+     * Check if a pattern is blocked
+     */
+    isBlocked(pattern) {
+        return this.blockedPatterns.has(pattern);
+    }
+    /**
+     * Unblock a pattern
+     */
+    unblock(pattern) {
+        return this.blockedPatterns.delete(pattern);
+    }
+    /**
+     * Get all rules
+     */
+    async getRules() {
+        await this.load();
+        return Array.from(this.rules.values());
+    }
+    /**
+     * Add a custom rule
+     */
+    async addRule(rule) {
+        await this.load();
+        const newRule = {
+            ...rule,
+            id: `rule_${generateUUID().slice(0, 8)}`,
+        };
+        this.rules.set(newRule.id, newRule);
+        await this.save();
+        return newRule;
+    }
+    /**
+     * Remove a rule
+     */
+    async removeRule(ruleId) {
+        await this.load();
+        // Don't allow removing default rules
+        if (DEFAULT_RULES.find(r => r.id === ruleId)) {
+            return false;
+        }
+        if (!this.rules.has(ruleId)) {
+            return false;
+        }
+        this.rules.delete(ruleId);
+        await this.save();
+        return true;
+    }
+    /**
+     * Get recent detections
+     */
+    getRecentDetections(limit = 100) {
+        return this.detections.slice(-limit);
+    }
+    /**
+     * Get detection statistics
+     */
+    getStats() {
+        const bySeverity = {
+            low: 0,
+            medium: 0,
+            high: 0,
+            critical: 0,
+        };
+        const byRule = {};
+        for (const detection of this.detections) {
+            bySeverity[detection.rule.severity]++;
+            byRule[detection.rule.id] = (byRule[detection.rule.id] || 0) + 1;
+        }
+        return {
+            enabled: this.enabled,
+            rules_count: this.rules.size,
+            blocked_patterns: this.blockedPatterns.size,
+            detections_count: this.detections.length,
+            by_severity: bySeverity,
+            by_rule: byRule,
+        };
+    }
+}
+// ============================================
+// SINGLETON ACCESS
+// ============================================
+/**
+ * Get the breach detector instance
+ */
+export function getBreachDetector() {
+    return BreachDetector.getInstance();
+}
+// ============================================
+// CONVENIENCE EXPORTS
+// ============================================
+/**
+ * Check an event for breach detection
+ */
+export async function checkForBreach(eventPattern, details) {
+    return getBreachDetector().checkEvent(eventPattern, details);
+}
+/**
+ * Check if a pattern is blocked
+ */
+export function isPatternBlocked(pattern) {
+    return getBreachDetector().isBlocked(pattern);
+}
+/**
+ * Get breach detection rules
+ */
+export async function getBreachRules() {
+    return getBreachDetector().getRules();
+}
+//# sourceMappingURL=breach-detection.js.map

package/dist/compliance/breach-detection.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"breach-detection.js","sourceRoot":"","sources":["../../src/compliance/breach-detection.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,MAAM,MAAM,QAAQ,CAAC;AAC5B,OAAO,IAAI,MAAM,MAAM,CAAC;AACxB,OAAO,EAAE,MAAM,IAAI,CAAC;AACpB,OAAO,EAAE,SAAS,EAAE,MAAM,cAAc,CAAC;AACzC,OAAO,EAAE,WAAW,EAAE,eAAe,EAAE,MAAM,8BAA8B,CAAC;AAC5E,OAAO,EAAE,mBAAmB,EAAE,MAAM,wBAAwB,CAAC;AAC7D,OAAO,EAAE,eAAe,EAAE,MAAM,oBAAoB,CAAC;AAGrD;;GAEG;AACH,SAAS,YAAY;IACnB,OAAO,MAAM,CAAC,UAAU,EAAE,CAAC;AAC7B,CAAC;AAED;;GAEG;AACH,MAAM,aAAa,GAAiB;IAClC;QACE,EAAE,EAAE,kBAAkB;QACtB,IAAI,EAAE,oBAAoB;QAC1B,WAAW,EAAE,8DAA8D;QAC3E,QAAQ,EAAE,MAAM;QAChB,aAAa,EAAE,aAAa;QAC5B,SAAS,EAAE,EAAE;QACb,cAAc,EAAE,GAAG;QACnB,OAAO,EAAE,CAAC,KAAK,EAAE,OAAO,EAAE,OAAO,EAAE,iBAAiB,CAAC;QACrD,qBAAqB,EAAE,IAAI;QAC3B,2BAA2B,EAAE,EAAE;KAChC;IACD;QACE,EAAE,EAAE,qBAAqB;QACzB,IAAI,EAAE,0BAA0B;QAChC,WAAW,EAAE,gDAAgD;QAC7D,QAAQ,EAAE,UAAU;QACpB,aAAa,EAAE,kBAAkB;QACjC,SAAS,EAAE,CAAC;QACZ,cAAc,EAAE,CAAC;QACjB,OAAO,EAAE,CAAC,KAAK,EAAE,OAAO,EAAE,iBAAiB,CAAC;QAC5C,qBAAqB,EAAE,IAAI;QAC3B,2BAA2B,EAAE,EAAE;KAChC;IACD;QACE,EAAE,EAAE,qBAAqB;QACzB,IAAI,EAAE,+BAA+B;QACrC,WAAW,EAAE,oDAAoD;QACjE,QAAQ,EAAE,UAAU;QACpB,aAAa,EAAE,wBAAwB;QACvC,SAAS,EAAE,CAAC;QACZ,cAAc,EAAE,CAAC;QACjB,OAAO,EAAE,CAAC,KAAK,EAAE,OAAO,EAAE,OAAO,EAAE,iBAAiB,CAAC;QACrD,qBAAqB,EAAE,IAAI;QAC3B,2BAA2B,EAAE,EAAE;KAChC;IACD;QACE,EAAE,EAAE,uBAAuB;QAC3B,IAAI,EAAE,0BAA0B;QAChC,WAAW,EAAE,gDAAgD;QAC7D,QAAQ,EAAE,MAAM;QAChB,aAAa,EAAE,kBAAkB;QACjC,SAAS,EAAE,CAAC;QACZ,cAAc,EAAE,CAAC;QACjB,OAAO,EAAE,CAAC,KAAK,EAAE,OAAO,CAAC;QACzB,qBAAqB,EAAE,KAAK;KAC7B;IACD;QACE,EAAE,EAAE,qBAAqB;QACzB,IAAI,EAAE,wBAAwB;QAC9B,WAAW,EAAE,yCAAyC;QACtD,QAAQ,EAAE,QAAQ;QAClB,aAAa,EAAE,gBAAgB;QAC/B,SAAS,EAAE,CAAC;QACZ,cAAc,EAAE,IAAI;QACpB,OAAO,EAAE,CAAC,KAAK,EAAE,OAAO,CAAC;QACzB,qBAAqB,EAAE,KAAK;KAC7B;IACD;QACE,EAAE,EAAE,kBAAkB;QACtB,IAAI,EAAE,kBAAkB;QACxB,WAAW,EAAE,2BAA2B;QACxC,QAAQ,EAAE,QAAQ;QAClB,aAAa,EAAE,aAAa;QAC5B,SAAS,EAAE,CAAC;QACZ,cAAc,EAAE,IAAI;QACpB,OAAO,EAAE,CAAC,KAAK,EAAE,cAAc,CAAC;QAChC,qBAAqB,EAAE,KAAK;KAC7B;IACD;QACE,EAAE,EAAE,yBAAyB;QAC7B,IAAI,EAAE,oBAAoB;QAC1B,WAAW,EAAE,2CAA2C;QACxD,QAAQ,EAAE,MAAM;QAChB,aAAa,EAAE,kBAAkB;QACjC,SAAS,EAAE,CAAC;QACZ,cAAc,EAAE,GAAG;QACnB,OAAO,EAAE,CAAC,KAAK,EAAE,OAAO,CAAC;QACzB,qBAAqB,EAAE,KAAK;KAC7B;IACD;QACE,EAAE,EAAE,mBAAmB;QACvB,IAAI,EAAE,wBAAwB;QAC9B,WAAW,EAAE,uCAAuC;QACpD,QAAQ,EAAE,QAAQ;QAClB,aAAa,EAAE,cAAc;QAC7B,SAAS,EAAE,CAAC;QACZ,cAAc,EAAE,CAAC;QACjB,OAAO,EAAE,CAAC,KAAK,EAAE,OAAO,CAAC;QACzB,qBAAqB,EAAE,KAAK;KAC7B;CACF,CAAC;AAyBF;;GAEG;AACH,MAAM,OAAO,cAAc;IACjB,MAAM,CAAC,QAAQ,CAAiB;IAChC,SAAS,CAAS;IAClB,KAAK,GAA4B,IAAI,GAAG,EAAE,CAAC;IAC3C,aAAa,GAA8B,IAAI,GAAG,EAAE,CAAC;IACrD,UAAU,GAAsB,EAAE,CAAC;IACnC,MAAM,GAAY,KAAK,CAAC;IACxB,OAAO,CAAU;IACjB,eAAe,GAAgB,IAAI,GAAG,EAAE,CAAC;IAEjD;QACE,MAAM,MAAM,GAAG,SAAS,EAAE,CAAC;QAC3B,IAAI,CAAC,SAAS,GAAG,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,SAAS,EAAE,mBAAmB,CAAC,CAAC;QAClE,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC,GAAG,CAAC,sBAAsB,KAAK,OAAO,CAAC;IAChE,CAAC;IAED;;OAEG;IACI,MAAM,CAAC,WAAW;QACvB,IAAI,CAAC,cAAc,CAAC,QAAQ,EAAE,CAAC;YAC7B,cAAc,CAAC,QAAQ,GAAG,IAAI,cAAc,EAAE,CAAC;QACjD,CAAC;QACD,OAAO,cAAc,CAAC,QAAQ,CAAC;IACjC,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,IAAI;QAChB,IAAI,IAAI,CAAC,MAAM;YAAE,OAAO;QAExB,qBAAqB;QACrB,KAAK,MAAM,IAAI,IAAI,aAAa,EAAE,CAAC;YACjC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,EAAE,IAAI,CAAC,CAAC;QAChC,CAAC;QAED,oBAAoB;QACpB,IAAI,CAAC;YACH,IAAI,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,CAAC;gBAClC,MAAM,OAAO,GAAG,EAAE,CAAC,YAAY,CAAC,IAAI,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC;gBACzD,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;gBACjC,IAAI,IAAI,CAAC,KAAK,IAAI,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;oBAC5C,KAAK,MAAM,IAAI,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;wBAC9B,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,EAAE,IAAI,CAAC,CAAC;oBAChC,CAAC;gBACH,CAAC;YACH,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,oCAAoC;QACtC,CAAC;QAED,IAAI,CAAC,MAAM,GAAG,IAAI,CAAC;IACrB,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,IAAI;QAChB,MAAM,GAAG,GAAG,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;QACzC,WAAW,CAAC,GAAG,CAAC,CAAC;QAEjB,yBAAyB;QACzB,MAAM,WAAW,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC,CAAC,MAAM,CACxD,CAAC,CAAC,EAAE,CAAC,CAAC,aAAa,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,KAAK,CAAC,CAAC,EAAE,CAAC,CAC/C,CAAC;QAEF,MAAM,IAAI,GAAG;YACX,OAAO,EAAE,OAAO;YAChB,YAAY,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YACtC,KAAK,EAAE,WAAW;SACnB,CAAC;QAEF,eAAe,CAAC,IAAI,CAAC,SAAS,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;IACjE,CAAC;IAED;;OAEG;IACI,KAAK,CAAC,UAAU,CACrB,YAAoB,EACpB,OAAiC;QAEjC,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,CAAC;YAClB,OAAO,IAAI,CAAC;QACd,CAAC;QAED,MAAM,IAAI,CAAC,IAAI,EAAE,CAAC;QAElB,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QAEvB,sBAAsB;QACtB,KAAK,MAAM,IAAI,IAAI,IAAI,CAAC,KAAK,CAAC,MAAM,EAAE,EAAE,CAAC;YACvC,IAAI,CAAC,IAAI,CAAC,cAAc,CAAC,YAAY,EAAE,IAAI,CAAC,aAAa,CAAC,EAAE,CAAC;gBAC3D,SAAS;YACX,CAAC;YAED,8BAA8B;YAC9B,IAAI,OAAO,GAAG,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;YAC9C,IAAI,CAAC,OAAO,EAAE,CAAC;gBACb,OAAO,GAAG,EAAE,OAAO,EAAE,IAAI,CAAC,EAAE,EAAE,MAAM,EAAE,EAAE,EAAE,CAAC;gBAC3C,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,EAAE,OAAO,CAAC,CAAC;YAC3C,CAAC;YAED,iBAAiB;YACjB,OAAO,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE,SAAS,EAAE,GAAG,EAAE,OAAO,EAAE,CAAC,CAAC;YAEjD,qCAAqC;YACrC,MAAM,WAAW,GAAG,GAAG,GAAG,CAAC,IAAI,CAAC,cAAc,IAAI,CAAC,CAAC,GAAG,IAAI,CAAC;YAC5D,OAAO,CAAC,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,SAAS,IAAI,WAAW,CAAC,CAAC;YAExE,kBAAkB;YAClB,IAAI,OAAO,CAAC,MAAM,CAAC,MAAM,IAAI,CAAC,IAAI,CAAC,SAAS,IAAI,CAAC,CAAC,EAAE,CAAC;gBACnD,mBAAmB;gBACnB,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,IAAI,EAAE,OAAO,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;gBAEzE,6BAA6B;gBAC7B,OAAO,CAAC,MAAM,GAAG,EAAE,CAAC;gBAEpB,OAAO,SAAS,CAAC;YACnB,CAAC;QACH,CAAC;QAED,OAAO,IAAI,CAAC;IACd,CAAC;IAED;;OAEG;IACK,cAAc,CAAC,KAAa,EAAE,OAAe;QACnD,cAAc;QACd,IAAI,KAAK,KAAK,OAAO,EAAE,CAAC;YACtB,OAAO,IAAI,CAAC;QACd,CAAC;QAED,gBAAgB;QAChB,IAAI,CAAC;YACH,MAAM,KAAK,GAAG,IAAI,MAAM,CAAC,OAAO,CAAC,CAAC;YAClC,OAAO,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAC3B,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,YAAY,CACxB,IAAgB,EAChB,MAA8B,EAC9B,OAAiC;QAEjC,MAAM,SAAS,GAAoB;YACjC,EAAE,EAAE,YAAY,EAAE;YAClB,WAAW,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YACrC,IAAI;YACJ,WAAW,EAAE,MAAM,CAAC,MAAM;YAC1B,YAAY,EAAE,IAAI,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,WAAW,EAAE;YACzD,UAAU,EAAE,IAAI,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,WAAW,EAAE;YACvE,aAAa,EAAE,EAAE;YACjB,OAAO,EAAE,KAAK;SACf,CAAC;QAEF,kBAAkB;QAClB,KAAK,MAAM,MAAM,IAAI,IAAI,CAAC,OAAO,EAAE,CAAC;YAClC,IAAI,CAAC;gBACH,QAAQ,MAAM,EAAE,CAAC;oBACf,KAAK,KAAK;wBACR,MAAM,IAAI,CAAC,SAAS,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC;wBACzC,MAAM;oBACR,KAAK,OAAO;wBACV,MAAM,IAAI,CAAC,WAAW,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC;wBAC3C,MAAM;oBACR,KAAK,OAAO;wBACV,MAAM,IAAI,CAAC,WAAW,CAAC,SAAS,CAAC,CAAC;wBAClC,MAAM;oBACR,KAAK,cAAc;wBACjB,MAAM,IAAI,CAAC,iBAAiB,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC;wBACjD,MAAM;oBACR,KAAK,iBAAiB;wBACpB,MAAM,UAAU,GAAG,MAAM,IAAI,CAAC,oBAAoB,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC;wBACvE,SAAS,CAAC,WAAW,GAAG,UAAU,CAAC;wBACnC,MAAM;gBACV,CAAC;gBACD,SAAS,CAAC,aAAa,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;YACvC,CAAC;YAAC,MAAM,CAAC;gBACP,8BAA8B;YAChC,CAAC;QACH,CAAC;QAED,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;QAEhC,OAAO,SAAS,CAAC;IACnB,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,SAAS,CACrB,SAA0B,EAC1B,OAAiC;QAEjC,MAAM,MAAM,GAAG,mBAAmB,EAAE,CAAC;QACrC,MAAM,MAAM,CAAC,SAAS,CACpB,SAAS,CAAC,IAAI,CAAC,IAAI,EACnB,SAAS,CAAC,IAAI,CAAC,QAAQ,EACvB,SAAS,CAAC,IAAI,CAAC,qBAAqB,EACpC;YACE,YAAY,EAAE,SAAS,CAAC,EAAE;YAC1B,OAAO,EAAE,SAAS,CAAC,IAAI,CAAC,EAAE;YAC1B,WAAW,EAAE,SAAS,CAAC,WAAW;YAClC,GAAG,OAAO;SACX,CACF,CAAC;IACJ,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,WAAW,CACvB,SAA0B,EAC1B,OAAiC;QAEjC,MAAM,YAAY,GAAG,eAAe,EAAE,CAAC;QACvC,0CAA0C;QAC1C,MAAM,WAAW,GAA8D;YAC7E,GAAG,EAAE,MAAM;YACX,MAAM,EAAE,SAAS;YACjB,IAAI,EAAE,OAAO;YACb,QAAQ,EAAE,UAAU;SACrB,CAAC;QACF,MAAM,aAAa,GAAG,WAAW,CAAC,SAAS,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,SAAS,CAAC;QACxE,MAAM,YAAY,CAAC,SAAS,CAC1B,aAAa,EACb,oBAAoB,SAAS,CAAC,IAAI,CAAC,IAAI,EAAE,EACzC,SAAS,CAAC,IAAI,CAAC,WAAW,EAC1B,iBAAiB,EACjB;YACE,YAAY,EAAE,SAAS,CAAC,EAAE;YAC1B,WAAW,EAAE,SAAS,CAAC,WAAW;YAClC,MAAM,EAAE,GAAG,SAAS,CAAC,YAAY,OAAO,SAAS,CAAC,UAAU,EAAE;YAC9D,GAAG,OAAO;SACX,CACF,CAAC;IACJ,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,WAAW,CAAC,SAA0B;QAClD,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,SAAS,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;QACvD,SAAS,CAAC,OAAO,GAAG,IAAI,CAAC;IAC3B,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,iBAAiB,CAC7B,SAA0B,EAC1B,OAAiC;QAEjC,gEAAgE;QAChE,MAAM,YAAY,GAAG,eAAe,EAAE,CAAC;QACvC,MAAM,YAAY,CAAC,SAAS,CAC1B,SAAS,EACT,WAAW,SAAS,CAAC,IAAI,CAAC,IAAI,EAAE,EAChC,GAAG,SAAS,CAAC,IAAI,CAAC,WAAW,oBAAoB,SAAS,CAAC,WAAW,EAAE,EACxE,iBAAiB,EACjB,OAAO,CACR,CAAC;IACJ,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,oBAAoB,CAChC,SAA0B,EAC1B,OAAiC;QAEjC,gDAAgD;QAChD,mCAAmC;QACnC,MAAM,UAAU,GAAG,YAAY,SAAS,CAAC,EAAE,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,CAAC;QAE1D,0DAA0D;QAC1D,MAAM,MAAM,GAAG,mBAAmB,EAAE,CAAC;QACrC,MAAM,MAAM,CAAC,mBAAmB,CAC9B,yBAAyB,EACzB,SAAS,CAAC,IAAI,CAAC,QAAQ,EACvB;YACE,WAAW,EAAE,UAAU;YACvB,YAAY,EAAE,SAAS,CAAC,EAAE;YAC1B,SAAS,EAAE,SAAS,CAAC,IAAI,CAAC,IAAI;YAC9B,GAAG,OAAO;SACX,CACF,CAAC;QAEF,OAAO,UAAU,CAAC;IACpB,CAAC;IAED;;OAEG;IACI,SAAS,CAAC,OAAe;QAC9B,OAAO,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;IAC3C,CAAC;IAED;;OAEG;IACI,OAAO,CAAC,OAAe;QAC5B,OAAO,IAAI,CAAC,eAAe,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;IAC9C,CAAC;IAED;;OAEG;IACI,KAAK,CAAC,QAAQ;QACnB,MAAM,IAAI,CAAC,IAAI,EAAE,CAAC;QAClB,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC,CAAC;IACzC,CAAC;IAED;;OAEG;IACI,KAAK,CAAC,OAAO,CAAC,IAA4B;QAC/C,MAAM,IAAI,CAAC,IAAI,EAAE,CAAC;QAElB,MAAM,OAAO,GAAe;YAC1B,GAAG,IAAI;YACP,EAAE,EAAE,QAAQ,YAAY,EAAE,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE;SACzC,CAAC;QAEF,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,OAAO,CAAC,EAAE,EAAE,OAAO,CAAC,CAAC;QACpC,MAAM,IAAI,CAAC,IAAI,EAAE,CAAC;QAElB,OAAO,OAAO,CAAC;IACjB,CAAC;IAED;;OAEG;IACI,KAAK,CAAC,UAAU,CAAC,MAAc;QACpC,MAAM,IAAI,CAAC,IAAI,EAAE,CAAC;QAElB,qCAAqC;QACrC,IAAI,aAAa,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,MAAM,CAAC,EAAE,CAAC;YAC7C,OAAO,KAAK,CAAC;QACf,CAAC;QAED,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC;YAC5B,OAAO,KAAK,CAAC;QACf,CAAC;QAED,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;QAC1B,MAAM,IAAI,CAAC,IAAI,EAAE,CAAC;QAElB,OAAO,IAAI,CAAC;IACd,CAAC;IAED;;OAEG;IACI,mBAAmB,CAAC,QAAgB,GAAG;QAC5C,OAAO,IAAI,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,CAAC;IACvC,CAAC;IAED;;OAEG;IACI,QAAQ;QAQb,MAAM,UAAU,GAAqC;YACnD,GAAG,EAAE,CAAC;YACN,MAAM,EAAE,CAAC;YACT,IAAI,EAAE,CAAC;YACP,QAAQ,EAAE,CAAC;SACZ,CAAC;QAEF,MAAM,MAAM,GAA2B,EAAE,CAAC;QAE1C,KAAK,MAAM,SAAS,IAAI,IAAI,CAAC,UAAU,EAAE,CAAC;YACxC,UAAU,CAAC,SAAS,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC;YACtC,MAAM,CAAC,SAAS,CAAC,IAAI,CAAC,EAAE,CAAC,GAAG,CAAC,MAAM,CAAC,SAAS,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC;QACnE,CAAC;QAED,OAAO;YACL,OAAO,EAAE,IAAI,CAAC,OAAO;YACrB,WAAW,EAAE,IAAI,CAAC,KAAK,CAAC,IAAI;YAC5B,gBAAgB,EAAE,IAAI,CAAC,eAAe,CAAC,IAAI;YAC3C,gBAAgB,EAAE,IAAI,CAAC,UAAU,CAAC,MAAM;YACxC,WAAW,EAAE,UAAU;YACvB,OAAO,EAAE,MAAM;SAChB,CAAC;IACJ,CAAC;CACF;AAED,+CAA+C;AAC/C,mBAAmB;AACnB,+CAA+C;AAE/C;;GAEG;AACH,MAAM,UAAU,iBAAiB;IAC/B,OAAO,cAAc,CAAC,WAAW,EAAE,CAAC;AACtC,CAAC;AAED,+CAA+C;AAC/C,sBAAsB;AACtB,+CAA+C;AAE/C;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,cAAc,CAClC,YAAoB,EACpB,OAAiC;IAEjC,OAAO,iBAAiB,EAAE,CAAC,UAAU,CAAC,YAAY,EAAE,OAAO,CAAC,CAAC;AAC/D,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,gBAAgB,CAAC,OAAe;IAC9C,OAAO,iBAAiB,EAAE,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC;AAChD,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,cAAc;IAClC,OAAO,iBAAiB,EAAE,CAAC,QAAQ,EAAE,CAAC;AACxC,CAAC"}

package/dist/compliance/change-log.d.ts

@@ -0,0 +1,113 @@
+/**
+ * Change Log
+ *
+ * Tracks all configuration changes for SOC2 compliance.
+ * Provides audit trail for system modifications.
+ *
+ * Added by Pantheon Security for enterprise compliance support.
+ */
+import type { ChangeRecord } from "./types.js";
+/**
+ * Change Log class
+ */
+export declare class ChangeLog {
+    private static instance;
+    private logDir;
+    private currentLogFile;
+    private constructor();
+    /**
+     * Get singleton instance
+     */
+    static getInstance(): ChangeLog;
+    /**
+     * Initialize log file for current month
+     */
+    private initializeLogFile;
+    /**
+     * Record a configuration change
+     */
+    recordChange(component: string, setting: string, oldValue: unknown, newValue: unknown, options?: {
+        changedBy?: "user" | "system" | "admin";
+        method?: "cli" | "env" | "api" | "config_file";
+        requiresApproval?: boolean;
+        approvedBy?: string;
+        impact?: "low" | "medium" | "high";
+        affectedCompliance?: string[];
+    }): Promise<ChangeRecord>;
+    /**
+     * Sanitize value for logging (remove sensitive data)
+     */
+    private sanitizeValue;
+    /**
+     * Get changes by component
+     */
+    getChangesByComponent(component: string, limit?: number): Promise<ChangeRecord[]>;
+    /**
+     * Get changes by setting
+     */
+    getChangesBySetting(setting: string, limit?: number): Promise<ChangeRecord[]>;
+    /**
+     * Get changes within date range
+     */
+    getChangesInRange(from: Date, to: Date, limit?: number): Promise<ChangeRecord[]>;
+    /**
+     * Get all changes (most recent first)
+     */
+    getAllChanges(limit?: number): Promise<ChangeRecord[]>;
+    /**
+     * Get high-impact changes
+     */
+    getHighImpactChanges(limit?: number): Promise<ChangeRecord[]>;
+    /**
+     * Get changes affecting compliance
+     */
+    getComplianceAffectingChanges(regulation?: string, limit?: number): Promise<ChangeRecord[]>;
+    /**
+     * Get change statistics
+     */
+    getStatistics(from?: Date, to?: Date): Promise<{
+        total_changes: number;
+        by_component: Record<string, number>;
+        by_impact: Record<string, number>;
+        by_method: Record<string, number>;
+        requiring_approval: number;
+        compliance_affecting: number;
+    }>;
+    /**
+     * Export changes for audit
+     */
+    exportForAudit(from: Date, to: Date): Promise<{
+        period: {
+            from: string;
+            to: string;
+        };
+        total_changes: number;
+        high_impact_changes: number;
+        compliance_affecting_changes: number;
+        changes: ChangeRecord[];
+    }>;
+}
+/**
+ * Get the change log instance
+ */
+export declare function getChangeLog(): ChangeLog;
+/**
+ * Record a configuration change
+ */
+export declare function recordConfigChange(component: string, setting: string, oldValue: unknown, newValue: unknown, options?: {
+    changedBy?: "user" | "system" | "admin";
+    method?: "cli" | "env" | "api" | "config_file";
+    requiresApproval?: boolean;
+    approvedBy?: string;
+    impact?: "low" | "medium" | "high";
+    affectedCompliance?: string[];
+}): Promise<ChangeRecord>;
+/**
+ * Get recent configuration changes
+ */
+export declare function getRecentChanges(limit?: number): Promise<ChangeRecord[]>;
+/**
+ * Get change statistics
+ */
+export declare function getChangeStatistics(from?: Date, to?: Date): Promise<ReturnType<ChangeLog["getStatistics"]>>;
+//# sourceMappingURL=change-log.d.ts.map

package/dist/compliance/change-log.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"change-log.d.ts","sourceRoot":"","sources":["../../src/compliance/change-log.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAQH,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,YAAY,CAAC;AAS/C;;GAEG;AACH,qBAAa,SAAS;IACpB,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAY;IACnC,OAAO,CAAC,MAAM,CAAS;IACvB,OAAO,CAAC,cAAc,CAAc;IAEpC,OAAO;IAOP;;OAEG;WACW,WAAW,IAAI,SAAS;IAOtC;;OAEG;IACH,OAAO,CAAC,iBAAiB;IAOzB;;OAEG;IACU,YAAY,CACvB,SAAS,EAAE,MAAM,EACjB,OAAO,EAAE,MAAM,EACf,QAAQ,EAAE,OAAO,EACjB,QAAQ,EAAE,OAAO,EACjB,OAAO,GAAE;QACP,SAAS,CAAC,EAAE,MAAM,GAAG,QAAQ,GAAG,OAAO,CAAC;QACxC,MAAM,CAAC,EAAE,KAAK,GAAG,KAAK,GAAG,KAAK,GAAG,aAAa,CAAC;QAC/C,gBAAgB,CAAC,EAAE,OAAO,CAAC;QAC3B,UAAU,CAAC,EAAE,MAAM,CAAC;QACpB,MAAM,CAAC,EAAE,KAAK,GAAG,QAAQ,GAAG,MAAM,CAAC;QACnC,kBAAkB,CAAC,EAAE,MAAM,EAAE,CAAC;KAC1B,GACL,OAAO,CAAC,YAAY,CAAC;IAoCxB;;OAEG;IACH,OAAO,CAAC,aAAa;IAuBrB;;OAEG;IACU,qBAAqB,CAChC,SAAS,EAAE,MAAM,EACjB,KAAK,GAAE,MAAY,GAClB,OAAO,CAAC,YAAY,EAAE,CAAC;IAO1B;;OAEG;IACU,mBAAmB,CAC9B,OAAO,EAAE,MAAM,EACf,KAAK,GAAE,MAAY,GAClB,OAAO,CAAC,YAAY,EAAE,CAAC;IAO1B;;OAEG;IACU,iBAAiB,CAC5B,IAAI,EAAE,IAAI,EACV,EAAE,EAAE,IAAI,EACR,KAAK,GAAE,MAAa,GACnB,OAAO,CAAC,YAAY,EAAE,CAAC;IAU1B;;OAEG;IACU,aAAa,CAAC,KAAK,GAAE,MAAY,GAAG,OAAO,CAAC,YAAY,EAAE,CAAC;IAqCxE;;OAEG;IACU,oBAAoB,CAAC,KAAK,GAAE,MAAY,GAAG,OAAO,CAAC,YAAY,EAAE,CAAC;IAO/E;;OAEG;IACU,6BAA6B,CACxC,UAAU,CAAC,EAAE,MAAM,EACnB,KAAK,GAAE,MAAY,GAClB,OAAO,CAAC,YAAY,EAAE,CAAC;IAa1B;;OAEG;IACU,aAAa,CACxB,IAAI,CAAC,EAAE,IAAI,EACX,EAAE,CAAC,EAAE,IAAI,GACR,OAAO,CAAC;QACT,aAAa,EAAE,MAAM,CAAC;QACtB,YAAY,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QACrC,SAAS,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QAClC,SAAS,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QAClC,kBAAkB,EAAE,MAAM,CAAC;QAC3B,oBAAoB,EAAE,MAAM,CAAC;KAC9B,CAAC;IAoCF;;OAEG;IACU,cAAc,CACzB,IAAI,EAAE,IAAI,EACV,EAAE,EAAE,IAAI,GACP,OAAO,CAAC;QACT,MAAM,EAAE;YAAE,IAAI,EAAE,MAAM,CAAC;YAAC,EAAE,EAAE,MAAM,CAAA;SAAE,CAAC;QACrC,aAAa,EAAE,MAAM,CAAC;QACtB,mBAAmB,EAAE,MAAM,CAAC;QAC5B,4BAA4B,EAAE,MAAM,CAAC;QACrC,OAAO,EAAE,YAAY,EAAE,CAAC;KACzB,CAAC;CAcH;AAMD;;GAEG;AACH,wBAAgB,YAAY,IAAI,SAAS,CAExC;AAMD;;GAEG;AACH,wBAAsB,kBAAkB,CACtC,SAAS,EAAE,MAAM,EACjB,OAAO,EAAE,MAAM,EACf,QAAQ,EAAE,OAAO,EACjB,QAAQ,EAAE,OAAO,EACjB,OAAO,CAAC,EAAE;IACR,SAAS,CAAC,EAAE,MAAM,GAAG,QAAQ,GAAG,OAAO,CAAC;IACxC,MAAM,CAAC,EAAE,KAAK,GAAG,KAAK,GAAG,KAAK,GAAG,aAAa,CAAC;IAC/C,gBAAgB,CAAC,EAAE,OAAO,CAAC;IAC3B,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,MAAM,CAAC,EAAE,KAAK,GAAG,QAAQ,GAAG,MAAM,CAAC;IACnC,kBAAkB,CAAC,EAAE,MAAM,EAAE,CAAC;CAC/B,GACA,OAAO,CAAC,YAAY,CAAC,CAEvB;AAED;;GAEG;AACH,wBAAsB,gBAAgB,CAAC,KAAK,GAAE,MAAY,GAAG,OAAO,CAAC,YAAY,EAAE,CAAC,CAEnF;AAED;;GAEG;AACH,wBAAsB,mBAAmB,CACvC,IAAI,CAAC,EAAE,IAAI,EACX,EAAE,CAAC,EAAE,IAAI,GACR,OAAO,CAAC,UAAU,CAAC,SAAS,CAAC,eAAe,CAAC,CAAC,CAAC,CAEjD"}