@panguard-ai/manager 0.2.0

package/dist/manager.js

@@ -0,0 +1,303 @@
+/**
+ * Manager - Central orchestrator for distributed Guard agent architecture
+ * Manager - 分散式 Guard 代理架構的中央協調器
+ *
+ * Coordinates multiple Guard agents across endpoints:
+ * - Agent registration and lifecycle management
+ * - Heartbeat monitoring with stale agent detection
+ * - Threat ingestion and cross-agent correlation
+ * - Centralized policy creation and distribution
+ *
+ * @module @panguard-ai/manager/manager
+ */
+import { createLogger } from '@panguard-ai/core';
+import { AgentRegistry } from './agent-registry.js';
+import { ThreatAggregator } from './threat-aggregator.js';
+import { PolicyEngine } from './policy-engine.js';
+const logger = createLogger('panguard-manager:core');
+/**
+ * Manager is the main orchestrator for the distributed Guard architecture.
+ *
+ * It composes AgentRegistry, ThreatAggregator, and PolicyEngine to provide
+ * a unified API for managing the entire fleet of Guard agents.
+ */
+export class Manager {
+    config;
+    registry;
+    aggregator;
+    policyEngine;
+    running;
+    startTime;
+    staleCheckTimer;
+    purgeTimer;
+    // Policy broadcast queue / 策略廣播佇列
+    broadcastQueue;
+    constructor(config) {
+        this.config = config;
+        this.registry = new AgentRegistry(config.maxAgents);
+        this.aggregator = new ThreatAggregator(config.correlationWindowMs, config.threatRetentionMs);
+        this.policyEngine = new PolicyEngine();
+        this.running = false;
+        this.startTime = 0;
+        this.staleCheckTimer = null;
+        this.purgeTimer = null;
+        this.broadcastQueue = [];
+        logger.info(`Manager initialized (maxAgents: ${config.maxAgents}, ` +
+            `heartbeatTimeout: ${config.heartbeatTimeoutMs}ms) / ` +
+            `Manager 已初始化`);
+    }
+    /**
+     * Start the Manager service.
+     * Begins periodic stale agent checking and threat purging.
+     */
+    start() {
+        if (this.running) {
+            logger.warn('Manager already running / Manager 已在執行中');
+            return;
+        }
+        this.running = true;
+        this.startTime = Date.now();
+        // Periodic stale agent check / 定期檢查過期代理
+        this.staleCheckTimer = setInterval(() => {
+            this.checkStaleAgents();
+        }, this.config.heartbeatIntervalMs);
+        // Periodic threat data purge / 定期清除威脅資料
+        const purgeIntervalMs = Math.min(this.config.threatRetentionMs / 4, 3_600_000 // max 1 hour
+        );
+        this.purgeTimer = setInterval(() => {
+            this.aggregator.purgeExpired();
+        }, purgeIntervalMs);
+        logger.info(`Manager started on port ${this.config.port} / ` +
+            `Manager 已啟動於埠 ${this.config.port}`);
+    }
+    /**
+     * Stop the Manager service.
+     * Clears all periodic timers.
+     */
+    stop() {
+        if (!this.running)
+            return;
+        if (this.staleCheckTimer) {
+            clearInterval(this.staleCheckTimer);
+            this.staleCheckTimer = null;
+        }
+        if (this.purgeTimer) {
+            clearInterval(this.purgeTimer);
+            this.purgeTimer = null;
+        }
+        this.running = false;
+        logger.info(`Manager stopped (uptime: ${Date.now() - this.startTime}ms) / Manager 已停止`);
+    }
+    // ===== Agent Lifecycle / 代理生命週期 =====
+    /**
+     * Handle a new agent registration request.
+     *
+     * @param request - Registration data from the Guard agent
+     * @returns Immutable copy of the registration record
+     * @throws Error if max agents exceeded
+     */
+    handleRegistration(request) {
+        const registration = this.registry.registerAgent(request);
+        logger.info(`Agent joined: ${registration.agentId} from ${registration.hostname} / ` +
+            `代理已加入: ${registration.agentId} 來自 ${registration.hostname}`);
+        return registration;
+    }
+    /**
+     * Handle a heartbeat from a Guard agent.
+     * Updates the agent's status and last-seen timestamp.
+     *
+     * @param heartbeat - Heartbeat data from the agent
+     * @returns Updated registration, or undefined if agent unknown
+     */
+    handleHeartbeat(heartbeat) {
+        return this.registry.updateHeartbeat(heartbeat);
+    }
+    /**
+     * Handle a threat report from a Guard agent.
+     * Ingests threats into the aggregator and checks for cross-agent correlation.
+     *
+     * @param report - Threat report containing one or more events
+     * @returns Array of aggregated threats, with correlation data if detected
+     */
+    handleThreatReport(report) {
+        const agent = this.registry.getAgent(report.agentId);
+        const hostname = agent?.hostname ?? 'unknown';
+        const aggregated = this.aggregator.ingestReport(report, hostname);
+        // Log correlation detections
+        const correlated = aggregated.filter((t) => t.correlatedWith.length > 0);
+        if (correlated.length > 0) {
+            logger.warn(`ALERT: ${correlated.length} cross-agent correlations detected from ${hostname} / ` +
+                `警報: 從 ${hostname} 偵測到 ${correlated.length} 個跨代理關聯`);
+        }
+        return aggregated;
+    }
+    /**
+     * Remove an agent from the fleet.
+     *
+     * @param agentId - The agent's unique identifier
+     * @returns true if the agent was found and removed
+     */
+    handleDeregistration(agentId) {
+        return this.registry.deregisterAgent(agentId);
+    }
+    // ===== Policy Management / 策略管理 =====
+    /**
+     * Create and optionally broadcast a new security policy.
+     *
+     * @param rules - Policy rules to include
+     * @param broadcast - Whether to queue broadcast to all active agents
+     * @returns The created policy
+     */
+    createPolicy(rules, broadcast = true) {
+        const activeAgentIds = this.registry
+            .getActiveAgents()
+            .map((a) => a.agentId);
+        const policy = this.policyEngine.createPolicy(rules, activeAgentIds);
+        if (broadcast) {
+            this.broadcastPolicy(policy);
+        }
+        return policy;
+    }
+    /**
+     * Queue a policy update for broadcast to all active agents.
+     *
+     * @param policy - The policy to broadcast
+     * @returns Broadcast result with target agent list
+     */
+    broadcastPolicy(policy) {
+        const activeAgents = this.registry.getActiveAgents();
+        const targetIds = activeAgents.map((a) => a.agentId);
+        const result = {
+            policyId: policy.policyId,
+            targetAgents: [...targetIds],
+            queuedAt: new Date().toISOString(),
+        };
+        this.broadcastQueue.push(result);
+        logger.info(`Policy ${policy.policyId} queued for broadcast to ${targetIds.length} agents / ` +
+            `策略 ${policy.policyId} 已排入佇列廣播至 ${targetIds.length} 個代理`);
+        return {
+            ...result,
+            targetAgents: [...result.targetAgents],
+        };
+    }
+    /**
+     * Get the active global policy.
+     *
+     * @returns Active policy or null
+     */
+    getActivePolicy() {
+        return this.policyEngine.getActivePolicy();
+    }
+    /**
+     * Get the policy applicable to a specific agent.
+     *
+     * @param agentId - The agent's unique identifier
+     * @returns Policy for the agent, or null
+     */
+    getPolicyForAgent(agentId) {
+        return this.policyEngine.getPolicyForAgent(agentId);
+    }
+    /**
+     * Get pending policy broadcast results.
+     *
+     * @returns Immutable array of broadcast results
+     */
+    getPendingBroadcasts() {
+        return this.broadcastQueue.map((r) => ({
+            ...r,
+            targetAgents: [...r.targetAgents],
+        }));
+    }
+    // ===== Monitoring / 監控 =====
+    /**
+     * Check for and handle stale agents.
+     * Called periodically by the stale check timer.
+     */
+    checkStaleAgents() {
+        const stale = this.registry.getStaleAgents(this.config.heartbeatTimeoutMs);
+        if (stale.length > 0) {
+            logger.warn(`${stale.length} stale agent(s) detected / ` +
+                `偵測到 ${stale.length} 個過期代理`);
+        }
+    }
+    // ===== Dashboard / 儀表板 =====
+    /**
+     * Generate a comprehensive overview for the management dashboard.
+     *
+     * @returns Immutable manager overview object
+     */
+    getOverview() {
+        const allAgents = this.registry.getAllAgents();
+        const statusCounts = this.registry.getStatusCounts();
+        const threatSummary = this.aggregator.getSummary();
+        const policyVersion = this.policyEngine.getCurrentVersion();
+        const agentOverviews = allAgents.map((a) => {
+            const agentThreats = this.aggregator.getThreatsByAgent(a.agentId);
+            return {
+                agentId: a.agentId,
+                hostname: a.hostname,
+                status: a.status,
+                lastHeartbeat: a.lastHeartbeat,
+                threatCount: agentThreats.length,
+            };
+        });
+        return {
+            totalAgents: allAgents.length,
+            onlineAgents: statusCounts.online,
+            staleAgents: statusCounts.stale,
+            offlineAgents: statusCounts.offline,
+            agents: agentOverviews,
+            threatSummary,
+            activePolicyVersion: policyVersion,
+            uptimeMs: this.running ? Date.now() - this.startTime : 0,
+        };
+    }
+    /**
+     * Get threat summary from the aggregator.
+     *
+     * @returns Immutable threat summary
+     */
+    getThreatSummary() {
+        return this.aggregator.getSummary();
+    }
+    /**
+     * Get threats reported by a specific agent.
+     *
+     * @param agentId - The agent's unique identifier
+     * @returns Array of aggregated threats
+     */
+    getThreatsByAgent(agentId) {
+        return this.aggregator.getThreatsByAgent(agentId);
+    }
+    /**
+     * Get recent threats across all agents.
+     *
+     * @param since - Date threshold
+     * @returns Array of aggregated threats
+     */
+    getRecentThreats(since) {
+        return this.aggregator.getRecentThreats(since);
+    }
+    /**
+     * Get a specific agent's registration.
+     *
+     * @param agentId - The agent's unique identifier
+     * @returns Agent registration or undefined
+     */
+    getAgent(agentId) {
+        return this.registry.getAgent(agentId);
+    }
+    /**
+     * Check if the manager is currently running.
+     */
+    isRunning() {
+        return this.running;
+    }
+    /**
+     * Get the number of registered agents.
+     */
+    getAgentCount() {
+        return this.registry.size;
+    }
+}
+//# sourceMappingURL=manager.js.map

package/dist/manager.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"manager.js","sourceRoot":"","sources":["../src/manager.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH,OAAO,EAAE,YAAY,EAAE,MAAM,mBAAmB,CAAC;AACjD,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AACpD,OAAO,EAAE,gBAAgB,EAAE,MAAM,wBAAwB,CAAC;AAC1D,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAgBlD,MAAM,MAAM,GAAG,YAAY,CAAC,uBAAuB,CAAC,CAAC;AAErD;;;;;GAKG;AACH,MAAM,OAAO,OAAO;IACD,MAAM,CAAgB;IACtB,QAAQ,CAAgB;IACxB,UAAU,CAAmB;IAC7B,YAAY,CAAe;IAEpC,OAAO,CAAU;IACjB,SAAS,CAAS;IAClB,eAAe,CAAwC;IACvD,UAAU,CAAwC;IAE1D,kCAAkC;IACjB,cAAc,CAA0B;IAEzD,YAAY,MAAqB;QAC/B,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QACrB,IAAI,CAAC,QAAQ,GAAG,IAAI,aAAa,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;QACpD,IAAI,CAAC,UAAU,GAAG,IAAI,gBAAgB,CACpC,MAAM,CAAC,mBAAmB,EAC1B,MAAM,CAAC,iBAAiB,CACzB,CAAC;QACF,IAAI,CAAC,YAAY,GAAG,IAAI,YAAY,EAAE,CAAC;QAEvC,IAAI,CAAC,OAAO,GAAG,KAAK,CAAC;QACrB,IAAI,CAAC,SAAS,GAAG,CAAC,CAAC;QACnB,IAAI,CAAC,eAAe,GAAG,IAAI,CAAC;QAC5B,IAAI,CAAC,UAAU,GAAG,IAAI,CAAC;QACvB,IAAI,CAAC,cAAc,GAAG,EAAE,CAAC;QAEzB,MAAM,CAAC,IAAI,CACT,mCAAmC,MAAM,CAAC,SAAS,IAAI;YACrD,qBAAqB,MAAM,CAAC,kBAAkB,QAAQ;YACtD,cAAc,CACjB,CAAC;IACJ,CAAC;IAED;;;OAGG;IACH,KAAK;QACH,IAAI,IAAI,CAAC,OAAO,EAAE,CAAC;YACjB,MAAM,CAAC,IAAI,CAAC,yCAAyC,CAAC,CAAC;YACvD,OAAO;QACT,CAAC;QAED,IAAI,CAAC,OAAO,GAAG,IAAI,CAAC;QACpB,IAAI,CAAC,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QAE5B,wCAAwC;QACxC,IAAI,CAAC,eAAe,GAAG,WAAW,CAAC,GAAG,EAAE;YACtC,IAAI,CAAC,gBAAgB,EAAE,CAAC;QAC1B,CAAC,EAAE,IAAI,CAAC,MAAM,CAAC,mBAAmB,CAAC,CAAC;QAEpC,wCAAwC;QACxC,MAAM,eAAe,GAAG,IAAI,CAAC,GAAG,CAC9B,IAAI,CAAC,MAAM,CAAC,iBAAiB,GAAG,CAAC,EACjC,SAAS,CAAC,aAAa;SACxB,CAAC;QACF,IAAI,CAAC,UAAU,GAAG,WAAW,CAAC,GAAG,EAAE;YACjC,IAAI,CAAC,UAAU,CAAC,YAAY,EAAE,CAAC;QACjC,CAAC,EAAE,eAAe,CAAC,CAAC;QAEpB,MAAM,CAAC,IAAI,CACT,2BAA2B,IAAI,CAAC,MAAM,CAAC,IAAI,KAAK;YAC9C,iBAAiB,IAAI,CAAC,MAAM,CAAC,IAAI,EAAE,CACtC,CAAC;IACJ,CAAC;IAED;;;OAGG;IACH,IAAI;QACF,IAAI,CAAC,IAAI,CAAC,OAAO;YAAE,OAAO;QAE1B,IAAI,IAAI,CAAC,eAAe,EAAE,CAAC;YACzB,aAAa,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;YACpC,IAAI,CAAC,eAAe,GAAG,IAAI,CAAC;QAC9B,CAAC;QAED,IAAI,IAAI,CAAC,UAAU,EAAE,CAAC;YACpB,aAAa,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;YAC/B,IAAI,CAAC,UAAU,GAAG,IAAI,CAAC;QACzB,CAAC;QAED,IAAI,CAAC,OAAO,GAAG,KAAK,CAAC;QAErB,MAAM,CAAC,IAAI,CACT,4BAA4B,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,SAAS,mBAAmB,CAC3E,CAAC;IACJ,CAAC;IAED,uCAAuC;IAEvC;;;;;;OAMG;IACH,kBAAkB,CAChB,OAAiC;QAEjC,MAAM,YAAY,GAAG,IAAI,CAAC,QAAQ,CAAC,aAAa,CAAC,OAAO,CAAC,CAAC;QAE1D,MAAM,CAAC,IAAI,CACT,iBAAiB,YAAY,CAAC,OAAO,SAAS,YAAY,CAAC,QAAQ,KAAK;YACtE,UAAU,YAAY,CAAC,OAAO,OAAO,YAAY,CAAC,QAAQ,EAAE,CAC/D,CAAC;QAEF,OAAO,YAAY,CAAC;IACtB,CAAC;IAED;;;;;;OAMG;IACH,eAAe,CACb,SAAyB;QAEzB,OAAO,IAAI,CAAC,QAAQ,CAAC,eAAe,CAAC,SAAS,CAAC,CAAC;IAClD,CAAC;IAED;;;;;;OAMG;IACH,kBAAkB,CAChB,MAAoB;QAEpB,MAAM,KAAK,GAAG,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;QACrD,MAAM,QAAQ,GAAG,KAAK,EAAE,QAAQ,IAAI,SAAS,CAAC;QAE9C,MAAM,UAAU,GAAG,IAAI,CAAC,UAAU,CAAC,YAAY,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;QAElE,6BAA6B;QAC7B,MAAM,UAAU,GAAG,UAAU,CAAC,MAAM,CAClC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,cAAc,CAAC,MAAM,GAAG,CAAC,CACnC,CAAC;QACF,IAAI,UAAU,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC1B,MAAM,CAAC,IAAI,CACT,UAAU,UAAU,CAAC,MAAM,2CAA2C,QAAQ,KAAK;gBACjF,SAAS,QAAQ,QAAQ,UAAU,CAAC,MAAM,SAAS,CACtD,CAAC;QACJ,CAAC;QAED,OAAO,UAAU,CAAC;IACpB,CAAC;IAED;;;;;OAKG;IACH,oBAAoB,CAAC,OAAe;QAClC,OAAO,IAAI,CAAC,QAAQ,CAAC,eAAe,CAAC,OAAO,CAAC,CAAC;IAChD,CAAC;IAED,uCAAuC;IAEvC;;;;;;OAMG;IACH,YAAY,CACV,KAA4B,EAC5B,SAAS,GAAG,IAAI;QAEhB,MAAM,cAAc,GAAG,IAAI,CAAC,QAAQ;aACjC,eAAe,EAAE;aACjB,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC;QAEzB,MAAM,MAAM,GAAG,IAAI,CAAC,YAAY,CAAC,YAAY,CAAC,KAAK,EAAE,cAAc,CAAC,CAAC;QAErE,IAAI,SAAS,EAAE,CAAC;YACd,IAAI,CAAC,eAAe,CAAC,MAAM,CAAC,CAAC;QAC/B,CAAC;QAED,OAAO,MAAM,CAAC;IAChB,CAAC;IAED;;;;;OAKG;IACH,eAAe,CAAC,MAAoB;QAClC,MAAM,YAAY,GAAG,IAAI,CAAC,QAAQ,CAAC,eAAe,EAAE,CAAC;QACrD,MAAM,SAAS,GAAG,YAAY,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC;QAErD,MAAM,MAAM,GAA0B;YACpC,QAAQ,EAAE,MAAM,CAAC,QAAQ;YACzB,YAAY,EAAE,CAAC,GAAG,SAAS,CAAC;YAC5B,QAAQ,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;SACnC,CAAC;QAEF,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QAEjC,MAAM,CAAC,IAAI,CACT,UAAU,MAAM,CAAC,QAAQ,4BAA4B,SAAS,CAAC,MAAM,YAAY;YAC/E,MAAM,MAAM,CAAC,QAAQ,aAAa,SAAS,CAAC,MAAM,MAAM,CAC3D,CAAC;QAEF,OAAO;YACL,GAAG,MAAM;YACT,YAAY,EAAE,CAAC,GAAG,MAAM,CAAC,YAAY,CAAC;SACvC,CAAC;IACJ,CAAC;IAED;;;;OAIG;IACH,eAAe;QACb,OAAO,IAAI,CAAC,YAAY,CAAC,eAAe,EAAE,CAAC;IAC7C,CAAC;IAED;;;;;OAKG;IACH,iBAAiB,CAAC,OAAe;QAC/B,OAAO,IAAI,CAAC,YAAY,CAAC,iBAAiB,CAAC,OAAO,CAAC,CAAC;IACtD,CAAC;IAED;;;;OAIG;IACH,oBAAoB;QAClB,OAAO,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;YACrC,GAAG,CAAC;YACJ,YAAY,EAAE,CAAC,GAAG,CAAC,CAAC,YAAY,CAAC;SAClC,CAAC,CAAC,CAAC;IACN,CAAC;IAED,8BAA8B;IAE9B;;;OAGG;IACK,gBAAgB;QACtB,MAAM,KAAK,GAAG,IAAI,CAAC,QAAQ,CAAC,cAAc,CACxC,IAAI,CAAC,MAAM,CAAC,kBAAkB,CAC/B,CAAC;QAEF,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACrB,MAAM,CAAC,IAAI,CACT,GAAG,KAAK,CAAC,MAAM,6BAA6B;gBAC1C,OAAO,KAAK,CAAC,MAAM,QAAQ,CAC9B,CAAC;QACJ,CAAC;IACH,CAAC;IAED,8BAA8B;IAE9B;;;;OAIG;IACH,WAAW;QACT,MAAM,SAAS,GAAG,IAAI,CAAC,QAAQ,CAAC,YAAY,EAAE,CAAC;QAC/C,MAAM,YAAY,GAAG,IAAI,CAAC,QAAQ,CAAC,eAAe,EAAE,CAAC;QACrD,MAAM,aAAa,GAAG,IAAI,CAAC,UAAU,CAAC,UAAU,EAAE,CAAC;QACnD,MAAM,aAAa,GAAG,IAAI,CAAC,YAAY,CAAC,iBAAiB,EAAE,CAAC;QAE5D,MAAM,cAAc,GAAoB,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE;YAC1D,MAAM,YAAY,GAAG,IAAI,CAAC,UAAU,CAAC,iBAAiB,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC;YAClE,OAAO;gBACL,OAAO,EAAE,CAAC,CAAC,OAAO;gBAClB,QAAQ,EAAE,CAAC,CAAC,QAAQ;gBACpB,MAAM,EAAE,CAAC,CAAC,MAAM;gBAChB,aAAa,EAAE,CAAC,CAAC,aAAa;gBAC9B,WAAW,EAAE,YAAY,CAAC,MAAM;aACjC,CAAC;QACJ,CAAC,CAAC,CAAC;QAEH,OAAO;YACL,WAAW,EAAE,SAAS,CAAC,MAAM;YAC7B,YAAY,EAAE,YAAY,CAAC,MAAM;YACjC,WAAW,EAAE,YAAY,CAAC,KAAK;YAC/B,aAAa,EAAE,YAAY,CAAC,OAAO;YACnC,MAAM,EAAE,cAAc;YACtB,aAAa;YACb,mBAAmB,EAAE,aAAa;YAClC,QAAQ,EAAE,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC;SACzD,CAAC;IACJ,CAAC;IAED;;;;OAIG;IACH,gBAAgB;QACd,OAAO,IAAI,CAAC,UAAU,CAAC,UAAU,EAAE,CAAC;IACtC,CAAC;IAED;;;;;OAKG;IACH,iBAAiB,CACf,OAAe;QAEf,OAAO,IAAI,CAAC,UAAU,CAAC,iBAAiB,CAAC,OAAO,CAAC,CAAC;IACpD,CAAC;IAED;;;;;OAKG;IACH,gBAAgB,CAAC,KAAW;QAC1B,OAAO,IAAI,CAAC,UAAU,CAAC,gBAAgB,CAAC,KAAK,CAAC,CAAC;IACjD,CAAC;IAED;;;;;OAKG;IACH,QAAQ,CAAC,OAAe;QACtB,OAAO,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;IACzC,CAAC;IAED;;OAEG;IACH,SAAS;QACP,OAAO,IAAI,CAAC,OAAO,CAAC;IACtB,CAAC;IAED;;OAEG;IACH,aAAa;QACX,OAAO,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC;IAC5B,CAAC;CACF"}

package/dist/policy-engine.d.ts

@@ -0,0 +1,94 @@
+/**
+ * PolicyEngine - Centralized security policy management
+ * PolicyEngine - 集中式安全策略管理
+ *
+ * Manages security policies that are distributed to Guard agents.
+ * Supports global policies and per-agent/group customization.
+ *
+ * @module @panguard-ai/manager/policy-engine
+ */
+import type { PolicyRule, PolicyUpdate } from './types.js';
+/**
+ * Agent group assignment for policy targeting.
+ */
+interface AgentGroup {
+    readonly groupId: string;
+    readonly name: string;
+    readonly agentIds: readonly string[];
+}
+/**
+ * Manages creation, versioning, and distribution of security policies.
+ * All returned data is immutable copies.
+ */
+export declare class PolicyEngine {
+    private activePolicy;
+    private readonly policyHistory;
+    private readonly agentGroups;
+    private readonly agentOverrides;
+    constructor();
+    /**
+     * Create a new global policy from a set of rules.
+     * Increments the version number from the previous active policy.
+     *
+     * @param rules - Array of policy rules to include
+     * @param targetAgentIds - Agent IDs this policy applies to (empty = all)
+     * @returns Immutable copy of the new policy
+     */
+    createPolicy(rules: readonly PolicyRule[], targetAgentIds?: readonly string[]): PolicyUpdate;
+    /**
+     * Get the current active global policy.
+     *
+     * @returns Immutable copy of the active policy, or null if none set
+     */
+    getActivePolicy(): PolicyUpdate | null;
+    /**
+     * Get the policy applicable to a specific agent.
+     * Returns agent-specific override if one exists, otherwise the global policy.
+     *
+     * @param agentId - The agent's unique identifier
+     * @returns Immutable copy of the applicable policy, or null
+     */
+    getPolicyForAgent(agentId: string): PolicyUpdate | null;
+    /**
+     * Set a policy override for a specific agent.
+     * The agent will receive this policy instead of the global one.
+     *
+     * @param agentId - The agent's unique identifier
+     * @param rules - Array of policy rules for this agent
+     * @returns Immutable copy of the agent-specific policy
+     */
+    setAgentOverride(agentId: string, rules: readonly PolicyRule[]): PolicyUpdate;
+    /**
+     * Remove a policy override for an agent, reverting to global policy.
+     *
+     * @param agentId - The agent's unique identifier
+     * @returns true if an override was removed
+     */
+    removeAgentOverride(agentId: string): boolean;
+    /**
+     * Create a named agent group for policy targeting.
+     *
+     * @param groupId - Unique group identifier
+     * @param name - Human-readable group name
+     * @param agentIds - Agent IDs in this group
+     */
+    createAgentGroup(groupId: string, name: string, agentIds: readonly string[]): AgentGroup;
+    /**
+     * Get the policy version history.
+     *
+     * @returns Array of immutable historical policy copies
+     */
+    getPolicyHistory(): readonly PolicyUpdate[];
+    /**
+     * Get the current policy version number.
+     *
+     * @returns Current version, or 0 if no policy exists
+     */
+    getCurrentVersion(): number;
+    /**
+     * Create a deep immutable copy of a PolicyUpdate.
+     */
+    private copyPolicy;
+}
+export {};
+//# sourceMappingURL=policy-engine.d.ts.map

package/dist/policy-engine.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"policy-engine.d.ts","sourceRoot":"","sources":["../src/policy-engine.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAIH,OAAO,KAAK,EAAE,UAAU,EAAE,YAAY,EAAE,MAAM,YAAY,CAAC;AAI3D;;GAEG;AACH,UAAU,UAAU;IAClB,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;IACzB,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,QAAQ,EAAE,SAAS,MAAM,EAAE,CAAC;CACtC;AAED;;;GAGG;AACH,qBAAa,YAAY;IACvB,OAAO,CAAC,YAAY,CAAsB;IAC1C,OAAO,CAAC,QAAQ,CAAC,aAAa,CAAiB;IAC/C,OAAO,CAAC,QAAQ,CAAC,WAAW,CAA0B;IACtD,OAAO,CAAC,QAAQ,CAAC,cAAc,CAA4B;;IAS3D;;;;;;;OAOG;IACH,YAAY,CACV,KAAK,EAAE,SAAS,UAAU,EAAE,EAC5B,cAAc,GAAE,SAAS,MAAM,EAAO,GACrC,YAAY;IA8Bf;;;;OAIG;IACH,eAAe,IAAI,YAAY,GAAG,IAAI;IAKtC;;;;;;OAMG;IACH,iBAAiB,CAAC,OAAO,EAAE,MAAM,GAAG,YAAY,GAAG,IAAI;IAYvD;;;;;;;OAOG;IACH,gBAAgB,CACd,OAAO,EAAE,MAAM,EACf,KAAK,EAAE,SAAS,UAAU,EAAE,GAC3B,YAAY;IAsBf;;;;;OAKG;IACH,mBAAmB,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO;IAU7C;;;;;;OAMG;IACH,gBAAgB,CACd,OAAO,EAAE,MAAM,EACf,IAAI,EAAE,MAAM,EACZ,QAAQ,EAAE,SAAS,MAAM,EAAE,GAC1B,UAAU;IAgBb;;;;OAIG;IACH,gBAAgB,IAAI,SAAS,YAAY,EAAE;IAI3C;;;;OAIG;IACH,iBAAiB,IAAI,MAAM;IAI3B;;OAEG;IACH,OAAO,CAAC,UAAU;CAUnB"}

package/dist/policy-engine.js

@@ -0,0 +1,171 @@
+/**
+ * PolicyEngine - Centralized security policy management
+ * PolicyEngine - 集中式安全策略管理
+ *
+ * Manages security policies that are distributed to Guard agents.
+ * Supports global policies and per-agent/group customization.
+ *
+ * @module @panguard-ai/manager/policy-engine
+ */
+import { createLogger } from '@panguard-ai/core';
+import { generatePolicyId } from './utils.js';
+const logger = createLogger('panguard-manager:policy');
+/**
+ * Manages creation, versioning, and distribution of security policies.
+ * All returned data is immutable copies.
+ */
+export class PolicyEngine {
+    activePolicy;
+    policyHistory;
+    agentGroups;
+    agentOverrides;
+    constructor() {
+        this.activePolicy = null;
+        this.policyHistory = [];
+        this.agentGroups = new Map();
+        this.agentOverrides = new Map();
+    }
+    /**
+     * Create a new global policy from a set of rules.
+     * Increments the version number from the previous active policy.
+     *
+     * @param rules - Array of policy rules to include
+     * @param targetAgentIds - Agent IDs this policy applies to (empty = all)
+     * @returns Immutable copy of the new policy
+     */
+    createPolicy(rules, targetAgentIds = []) {
+        const previousVersion = this.activePolicy?.version ?? 0;
+        const policy = {
+            policyId: generatePolicyId(),
+            version: previousVersion + 1,
+            rules: rules.map((r) => ({
+                ...r,
+                condition: { ...r.condition },
+            })),
+            updatedAt: new Date().toISOString(),
+            appliedTo: [...targetAgentIds],
+        };
+        // Archive the previous policy / 歸檔先前的策略
+        if (this.activePolicy) {
+            this.policyHistory.push(this.activePolicy);
+        }
+        this.activePolicy = policy;
+        logger.info(`Policy created: ${policy.policyId} v${policy.version} ` +
+            `(${rules.length} rules, targets: ${targetAgentIds.length || 'all'}) / ` +
+            `策略已建立: ${policy.policyId} v${policy.version}`);
+        return this.copyPolicy(policy);
+    }
+    /**
+     * Get the current active global policy.
+     *
+     * @returns Immutable copy of the active policy, or null if none set
+     */
+    getActivePolicy() {
+        if (!this.activePolicy)
+            return null;
+        return this.copyPolicy(this.activePolicy);
+    }
+    /**
+     * Get the policy applicable to a specific agent.
+     * Returns agent-specific override if one exists, otherwise the global policy.
+     *
+     * @param agentId - The agent's unique identifier
+     * @returns Immutable copy of the applicable policy, or null
+     */
+    getPolicyForAgent(agentId) {
+        // Check for agent-specific override first
+        const override = this.agentOverrides.get(agentId);
+        if (override) {
+            return this.copyPolicy(override);
+        }
+        // Fall back to global policy / 回退至全域策略
+        if (!this.activePolicy)
+            return null;
+        return this.copyPolicy(this.activePolicy);
+    }
+    /**
+     * Set a policy override for a specific agent.
+     * The agent will receive this policy instead of the global one.
+     *
+     * @param agentId - The agent's unique identifier
+     * @param rules - Array of policy rules for this agent
+     * @returns Immutable copy of the agent-specific policy
+     */
+    setAgentOverride(agentId, rules) {
+        const policy = {
+            policyId: generatePolicyId(),
+            version: 1,
+            rules: rules.map((r) => ({
+                ...r,
+                condition: { ...r.condition },
+            })),
+            updatedAt: new Date().toISOString(),
+            appliedTo: [agentId],
+        };
+        this.agentOverrides.set(agentId, policy);
+        logger.info(`Agent override set: ${agentId} -> ${policy.policyId} / ` +
+            `代理覆寫策略已設定: ${agentId}`);
+        return this.copyPolicy(policy);
+    }
+    /**
+     * Remove a policy override for an agent, reverting to global policy.
+     *
+     * @param agentId - The agent's unique identifier
+     * @returns true if an override was removed
+     */
+    removeAgentOverride(agentId) {
+        const removed = this.agentOverrides.delete(agentId);
+        if (removed) {
+            logger.info(`Agent override removed: ${agentId} / 代理覆寫策略已移除: ${agentId}`);
+        }
+        return removed;
+    }
+    /**
+     * Create a named agent group for policy targeting.
+     *
+     * @param groupId - Unique group identifier
+     * @param name - Human-readable group name
+     * @param agentIds - Agent IDs in this group
+     */
+    createAgentGroup(groupId, name, agentIds) {
+        const group = {
+            groupId,
+            name,
+            agentIds: [...agentIds],
+        };
+        this.agentGroups.set(groupId, group);
+        logger.info(`Agent group created: ${groupId} (${name}, ${agentIds.length} agents) / ` +
+            `代理群組已建立: ${groupId}`);
+        return { ...group, agentIds: [...group.agentIds] };
+    }
+    /**
+     * Get the policy version history.
+     *
+     * @returns Array of immutable historical policy copies
+     */
+    getPolicyHistory() {
+        return this.policyHistory.map((p) => this.copyPolicy(p));
+    }
+    /**
+     * Get the current policy version number.
+     *
+     * @returns Current version, or 0 if no policy exists
+     */
+    getCurrentVersion() {
+        return this.activePolicy?.version ?? 0;
+    }
+    /**
+     * Create a deep immutable copy of a PolicyUpdate.
+     */
+    copyPolicy(policy) {
+        return {
+            ...policy,
+            rules: policy.rules.map((r) => ({
+                ...r,
+                condition: { ...r.condition },
+            })),
+            appliedTo: [...policy.appliedTo],
+        };
+    }
+}
+//# sourceMappingURL=policy-engine.js.map

package/dist/policy-engine.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"policy-engine.js","sourceRoot":"","sources":["../src/policy-engine.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,EAAE,YAAY,EAAE,MAAM,mBAAmB,CAAC;AACjD,OAAO,EAAE,gBAAgB,EAAE,MAAM,YAAY,CAAC;AAG9C,MAAM,MAAM,GAAG,YAAY,CAAC,yBAAyB,CAAC,CAAC;AAWvD;;;GAGG;AACH,MAAM,OAAO,YAAY;IACf,YAAY,CAAsB;IACzB,aAAa,CAAiB;IAC9B,WAAW,CAA0B;IACrC,cAAc,CAA4B;IAE3D;QACE,IAAI,CAAC,YAAY,GAAG,IAAI,CAAC;QACzB,IAAI,CAAC,aAAa,GAAG,EAAE,CAAC;QACxB,IAAI,CAAC,WAAW,GAAG,IAAI,GAAG,EAAE,CAAC;QAC7B,IAAI,CAAC,cAAc,GAAG,IAAI,GAAG,EAAE,CAAC;IAClC,CAAC;IAED;;;;;;;OAOG;IACH,YAAY,CACV,KAA4B,EAC5B,iBAAoC,EAAE;QAEtC,MAAM,eAAe,GAAG,IAAI,CAAC,YAAY,EAAE,OAAO,IAAI,CAAC,CAAC;QAExD,MAAM,MAAM,GAAiB;YAC3B,QAAQ,EAAE,gBAAgB,EAAE;YAC5B,OAAO,EAAE,eAAe,GAAG,CAAC;YAC5B,KAAK,EAAE,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;gBACvB,GAAG,CAAC;gBACJ,SAAS,EAAE,EAAE,GAAG,CAAC,CAAC,SAAS,EAAE;aAC9B,CAAC,CAAC;YACH,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YACnC,SAAS,EAAE,CAAC,GAAG,cAAc,CAAC;SAC/B,CAAC;QAEF,wCAAwC;QACxC,IAAI,IAAI,CAAC,YAAY,EAAE,CAAC;YACtB,IAAI,CAAC,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;QAC7C,CAAC;QAED,IAAI,CAAC,YAAY,GAAG,MAAM,CAAC;QAE3B,MAAM,CAAC,IAAI,CACT,mBAAmB,MAAM,CAAC,QAAQ,KAAK,MAAM,CAAC,OAAO,GAAG;YACtD,IAAI,KAAK,CAAC,MAAM,oBAAoB,cAAc,CAAC,MAAM,IAAI,KAAK,MAAM;YACxE,UAAU,MAAM,CAAC,QAAQ,KAAK,MAAM,CAAC,OAAO,EAAE,CACjD,CAAC;QAEF,OAAO,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC;IACjC,CAAC;IAED;;;;OAIG;IACH,eAAe;QACb,IAAI,CAAC,IAAI,CAAC,YAAY;YAAE,OAAO,IAAI,CAAC;QACpC,OAAO,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;IAC5C,CAAC;IAED;;;;;;OAMG;IACH,iBAAiB,CAAC,OAAe;QAC/B,0CAA0C;QAC1C,MAAM,QAAQ,GAAG,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;QAClD,IAAI,QAAQ,EAAE,CAAC;YACb,OAAO,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC;QACnC,CAAC;QAED,uCAAuC;QACvC,IAAI,CAAC,IAAI,CAAC,YAAY;YAAE,OAAO,IAAI,CAAC;QACpC,OAAO,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;IAC5C,CAAC;IAED;;;;;;;OAOG;IACH,gBAAgB,CACd,OAAe,EACf,KAA4B;QAE5B,MAAM,MAAM,GAAiB;YAC3B,QAAQ,EAAE,gBAAgB,EAAE;YAC5B,OAAO,EAAE,CAAC;YACV,KAAK,EAAE,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;gBACvB,GAAG,CAAC;gBACJ,SAAS,EAAE,EAAE,GAAG,CAAC,CAAC,SAAS,EAAE;aAC9B,CAAC,CAAC;YACH,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YACnC,SAAS,EAAE,CAAC,OAAO,CAAC;SACrB,CAAC;QAEF,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;QAEzC,MAAM,CAAC,IAAI,CACT,uBAAuB,OAAO,OAAO,MAAM,CAAC,QAAQ,KAAK;YACvD,cAAc,OAAO,EAAE,CAC1B,CAAC;QAEF,OAAO,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC;IACjC,CAAC;IAED;;;;;OAKG;IACH,mBAAmB,CAAC,OAAe;QACjC,MAAM,OAAO,GAAG,IAAI,CAAC,cAAc,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;QACpD,IAAI,OAAO,EAAE,CAAC;YACZ,MAAM,CAAC,IAAI,CACT,2BAA2B,OAAO,iBAAiB,OAAO,EAAE,CAC7D,CAAC;QACJ,CAAC;QACD,OAAO,OAAO,CAAC;IACjB,CAAC;IAED;;;;;;OAMG;IACH,gBAAgB,CACd,OAAe,EACf,IAAY,EACZ,QAA2B;QAE3B,MAAM,KAAK,GAAe;YACxB,OAAO;YACP,IAAI;YACJ,QAAQ,EAAE,CAAC,GAAG,QAAQ,CAAC;SACxB,CAAC;QACF,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;QAErC,MAAM,CAAC,IAAI,CACT,wBAAwB,OAAO,KAAK,IAAI,KAAK,QAAQ,CAAC,MAAM,aAAa;YACvE,YAAY,OAAO,EAAE,CACxB,CAAC;QAEF,OAAO,EAAE,GAAG,KAAK,EAAE,QAAQ,EAAE,CAAC,GAAG,KAAK,CAAC,QAAQ,CAAC,EAAE,CAAC;IACrD,CAAC;IAED;;;;OAIG;IACH,gBAAgB;QACd,OAAO,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,CAAC;IAC3D,CAAC;IAED;;;;OAIG;IACH,iBAAiB;QACf,OAAO,IAAI,CAAC,YAAY,EAAE,OAAO,IAAI,CAAC,CAAC;IACzC,CAAC;IAED;;OAEG;IACK,UAAU,CAAC,MAAoB;QACrC,OAAO;YACL,GAAG,MAAM;YACT,KAAK,EAAE,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;gBAC9B,GAAG,CAAC;gBACJ,SAAS,EAAE,EAAE,GAAG,CAAC,CAAC,SAAS,EAAE;aAC9B,CAAC,CAAC;YACH,SAAS,EAAE,CAAC,GAAG,MAAM,CAAC,SAAS,CAAC;SACjC,CAAC;IACJ,CAAC;CACF"}

package/dist/threat-aggregator.d.ts

@@ -0,0 +1,89 @@
+/**
+ * ThreatAggregator - Collects and correlates threats from multiple Guard agents
+ * ThreatAggregator - 從多個 Guard 代理收集並關聯威脅
+ *
+ * Performs cross-agent correlation to detect coordinated attacks:
+ * - Same source IP appearing across different agents
+ * - Same malware hash detected on different endpoints
+ * - Same MITRE ATT&CK technique from same source
+ *
+ * @module @panguard-ai/manager/threat-aggregator
+ */
+import type { ThreatReport, AggregatedThreat, CorrelationMatch, ThreatSummary } from './types.js';
+/**
+ * Aggregates threats from multiple agents and performs cross-agent correlation.
+ *
+ * Uses secondary indexes (IP index, hash index) for O(1) correlation lookups
+ * instead of O(n^2) pairwise comparison.
+ */
+export declare class ThreatAggregator {
+    private readonly threats;
+    private readonly correlations;
+    private readonly ipIndex;
+    private readonly hashIndex;
+    private readonly categoryIndex;
+    private readonly correlationWindowMs;
+    private readonly retentionMs;
+    constructor(correlationWindowMs: number, retentionMs: number);
+    /**
+     * Ingest a threat report from a Guard agent.
+     * Each threat event is stored as an AggregatedThreat and indexed
+     * for correlation. Cross-agent matches are detected during ingestion.
+     *
+     * @param report - The threat report containing one or more events
+     * @param hostname - The hostname of the reporting agent
+     * @returns Array of newly created AggregatedThreats
+     */
+    ingestReport(report: ThreatReport, hostname: string): readonly AggregatedThreat[];
+    /**
+     * Index a threat for correlation lookups.
+     */
+    private indexThreat;
+    /**
+     * Find existing threats that correlate with a new threat.
+     * Only matches threats from DIFFERENT agents within the correlation window.
+     */
+    private findCorrelations;
+    /**
+     * Get all threats received since a given timestamp.
+     *
+     * @param since - Date threshold for filtering
+     * @returns Array of immutable AggregatedThreat copies
+     */
+    getRecentThreats(since: Date): readonly AggregatedThreat[];
+    /**
+     * Get all threats reported by a specific agent.
+     *
+     * @param agentId - The agent's unique identifier
+     * @returns Array of immutable AggregatedThreat copies
+     */
+    getThreatsByAgent(agentId: string): readonly AggregatedThreat[];
+    /**
+     * Get all correlation matches.
+     *
+     * @returns Immutable array of correlation match records
+     */
+    getCorrelations(): readonly CorrelationMatch[];
+    /**
+     * Generate a summary of the current threat landscape.
+     *
+     * @returns Immutable threat summary object
+     */
+    getSummary(): ThreatSummary;
+    /**
+     * Purge threats older than the retention period.
+     * Also cleans up corresponding index entries.
+     *
+     * @returns Number of threats purged
+     */
+    purgeExpired(): number;
+    /**
+     * Rebuild all secondary indexes from the current threat data.
+     */
+    private rebuildIndexes;
+    /**
+     * Get the total number of tracked threats.
+     */
+    get size(): number;
+}
+//# sourceMappingURL=threat-aggregator.d.ts.map

package/dist/threat-aggregator.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"threat-aggregator.d.ts","sourceRoot":"","sources":["../src/threat-aggregator.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAIH,OAAO,KAAK,EACV,YAAY,EAEZ,gBAAgB,EAChB,gBAAgB,EAChB,aAAa,EACd,MAAM,YAAY,CAAC;AAYpB;;;;;GAKG;AACH,qBAAa,gBAAgB;IAC3B,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAgC;IACxD,OAAO,CAAC,QAAQ,CAAC,YAAY,CAAqB;IAGlD,OAAO,CAAC,QAAQ,CAAC,OAAO,CAA4B;IACpD,OAAO,CAAC,QAAQ,CAAC,SAAS,CAA4B;IACtD,OAAO,CAAC,QAAQ,CAAC,aAAa,CAA4B;IAG1D,OAAO,CAAC,QAAQ,CAAC,mBAAmB,CAAS;IAC7C,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAS;gBAEzB,mBAAmB,EAAE,MAAM,EAAE,WAAW,EAAE,MAAM;IAU5D;;;;;;;;OAQG;IACH,YAAY,CACV,MAAM,EAAE,YAAY,EACpB,QAAQ,EAAE,MAAM,GACf,SAAS,gBAAgB,EAAE;IAuE9B;;OAEG;IACH,OAAO,CAAC,WAAW;IA0BnB;;;OAGG;IACH,OAAO,CAAC,gBAAgB;IA0FxB;;;;;OAKG;IACH,gBAAgB,CAAC,KAAK,EAAE,IAAI,GAAG,SAAS,gBAAgB,EAAE;IAU1D;;;;;OAKG;IACH,iBAAiB,CAAC,OAAO,EAAE,MAAM,GAAG,SAAS,gBAAgB,EAAE;IAS/D;;;;OAIG;IACH,eAAe,IAAI,SAAS,gBAAgB,EAAE;IAI9C;;;;OAIG;IACH,UAAU,IAAI,aAAa;IAyC3B;;;;;OAKG;IACH,YAAY,IAAI,MAAM;IA6BtB;;OAEG;IACH,OAAO,CAAC,cAAc;IActB;;OAEG;IACH,IAAI,IAAI,IAAI,MAAM,CAEjB;CACF"}