@panguard-ai/panguard-guard 0.1.0

package/dist/agent/report-agent.js

@@ -0,0 +1,468 @@
+/**
+ * Report Agent - Event logging with rotation, streaming reads, and retention policy
+ * 報告代理 - 事件記錄，支援 log rotation、串流讀取和資料保留策略
+ *
+ * Fourth stage of the multi-agent pipeline. Logs all events to JSONL with
+ * automatic rotation, updates the baseline during learning mode, and
+ * generates anonymized threat data for collective intelligence.
+ *
+ * @module @panguard-ai/panguard-guard/agent/report-agent
+ */
+import { appendFileSync, mkdirSync, readFileSync, statSync, renameSync, readdirSync, unlinkSync, createReadStream, } from 'node:fs';
+import { dirname, join, basename } from 'node:path';
+import { createInterface } from 'node:readline';
+import { createLogger } from '@panguard-ai/core';
+import { updateBaseline } from '../memory/baseline.js';
+const logger = createLogger('panguard-guard:report-agent');
+const DEFAULT_ROTATION = {
+    maxFileSizeBytes: 50 * 1024 * 1024, // 50MB
+    maxRotatedFiles: 10,
+    retentionDays: 90,
+};
+/**
+ * Report Agent logs events with rotation, updates baselines, and generates anonymized data.
+ */
+export class ReportAgent {
+    logPath;
+    mode;
+    reportCount = 0;
+    rotation;
+    constructor(logPath, mode, rotation) {
+        this.logPath = logPath;
+        this.mode = mode;
+        this.rotation = { ...DEFAULT_ROTATION, ...rotation };
+        // Ensure log directory exists
+        try {
+            mkdirSync(dirname(logPath), { recursive: true });
+        }
+        catch {
+            // Directory may already exist
+        }
+    }
+    /** Update operating mode */
+    setMode(mode) {
+        this.mode = mode;
+    }
+    /**
+     * Process a complete pipeline result: log, update baseline, generate anonymized data.
+     * Automatically rotates log file when size limit is reached.
+     */
+    report(event, verdict, response, baseline) {
+        this.reportCount++;
+        // Step 1: Check if rotation needed before writing
+        this.rotateIfNeeded();
+        // Step 2: Log to JSONL
+        const record = {
+            event,
+            verdict,
+            response,
+            timestamp: new Date().toISOString(),
+        };
+        this.appendLog(record);
+        // Step 3: Update baseline (learning mode adds normal patterns)
+        let updatedBaseline = baseline;
+        if (this.mode === 'learning') {
+            updatedBaseline = updateBaseline(baseline, event);
+        }
+        // Step 4: Generate anonymized data for malicious/suspicious verdicts
+        let anonymizedData;
+        if (verdict.conclusion !== 'benign') {
+            anonymizedData = this.generateAnonymizedData(event, verdict);
+        }
+        logger.info(`Report #${this.reportCount}: ${verdict.conclusion} ` +
+            `(action: ${response.action}, success: ${response.success})`);
+        return { updatedBaseline, anonymizedData };
+    }
+    // ---------------------------------------------------------------------------
+    // Log Rotation
+    // ---------------------------------------------------------------------------
+    /**
+     * Rotate log file if it exceeds the size limit.
+     * Naming: events.jsonl -> events.jsonl.1 -> events.jsonl.2 -> ...
+     * Oldest files beyond maxRotatedFiles are deleted.
+     */
+    rotateIfNeeded() {
+        try {
+            const stats = statSync(this.logPath);
+            if (stats.size < this.rotation.maxFileSizeBytes)
+                return;
+        }
+        catch {
+            return; // File doesn't exist yet, no rotation needed
+        }
+        logger.info(`Log rotation triggered (file exceeds ${this.rotation.maxFileSizeBytes} bytes)`);
+        const dir = dirname(this.logPath);
+        const base = basename(this.logPath);
+        // Shift existing rotated files: .9 -> .10, .8 -> .9, etc.
+        for (let i = this.rotation.maxRotatedFiles; i >= 1; i--) {
+            const from = join(dir, `${base}.${i}`);
+            const to = join(dir, `${base}.${i + 1}`);
+            try {
+                renameSync(from, to);
+            }
+            catch {
+                // File may not exist
+            }
+        }
+        // Rename current log to .1
+        try {
+            renameSync(this.logPath, join(dir, `${base}.1`));
+        }
+        catch (err) {
+            const msg = err instanceof Error ? err.message : String(err);
+            logger.error(`Log rotation rename failed: ${msg}`);
+        }
+        // Delete files beyond retention limit
+        this.enforceRetention();
+    }
+    /**
+     * Delete rotated log files beyond maxRotatedFiles and older than retentionDays
+     */
+    enforceRetention() {
+        const dir = dirname(this.logPath);
+        const base = basename(this.logPath);
+        const cutoff = Date.now() - this.rotation.retentionDays * 24 * 60 * 60 * 1000;
+        try {
+            const files = readdirSync(dir).filter((f) => f.startsWith(base + '.'));
+            // Delete files beyond max count
+            const numbered = files
+                .map((f) => {
+                const num = parseInt(f.slice(base.length + 1), 10);
+                return { file: f, num };
+            })
+                .filter((x) => !isNaN(x.num))
+                .sort((a, b) => a.num - b.num);
+            for (const entry of numbered) {
+                if (entry.num > this.rotation.maxRotatedFiles) {
+                    try {
+                        unlinkSync(join(dir, entry.file));
+                        logger.info(`Retention: deleted ${entry.file} (exceeds max rotated files)`);
+                    }
+                    catch {
+                        // Non-critical
+                    }
+                    continue;
+                }
+                // Also delete if older than retention period
+                try {
+                    const stat = statSync(join(dir, entry.file));
+                    if (stat.mtimeMs < cutoff) {
+                        unlinkSync(join(dir, entry.file));
+                        logger.info(`Retention: deleted ${entry.file} (older than ${this.rotation.retentionDays} days)`);
+                    }
+                }
+                catch {
+                    // Non-critical
+                }
+            }
+        }
+        catch {
+            // Directory read failure is non-critical
+        }
+    }
+    // ---------------------------------------------------------------------------
+    // Log Writing
+    // ---------------------------------------------------------------------------
+    appendLog(record) {
+        try {
+            const line = JSON.stringify(record) + '\n';
+            appendFileSync(this.logPath, line, 'utf-8');
+        }
+        catch (err) {
+            const msg = err instanceof Error ? err.message : String(err);
+            logger.error(`Failed to write log: ${msg}`);
+        }
+    }
+    // ---------------------------------------------------------------------------
+    // Streaming Log Reader (memory-efficient)
+    // ---------------------------------------------------------------------------
+    /**
+     * Read log records from JSONL using streaming (line-by-line).
+     * Only loads records after the cutoff date into memory.
+     * This replaces the previous readFileSync approach that loaded entire files.
+     */
+    async readLogRecordsStreaming(after) {
+        const records = [];
+        const allFiles = this.getLogFiles();
+        for (const filePath of allFiles) {
+            try {
+                const fileRecords = await this.streamFile(filePath, after);
+                records.push(...fileRecords);
+            }
+            catch {
+                // File may not exist or be corrupted
+            }
+        }
+        return records;
+    }
+    /**
+     * Get all log files (current + rotated) sorted newest first
+     */
+    getLogFiles() {
+        const files = [this.logPath];
+        const dir = dirname(this.logPath);
+        const base = basename(this.logPath);
+        try {
+            const rotated = readdirSync(dir)
+                .filter((f) => f.startsWith(base + '.'))
+                .map((f) => {
+                const num = parseInt(f.slice(base.length + 1), 10);
+                return { file: join(dir, f), num };
+            })
+                .filter((x) => !isNaN(x.num))
+                .sort((a, b) => a.num - b.num)
+                .map((x) => x.file);
+            files.push(...rotated);
+        }
+        catch {
+            // No rotated files
+        }
+        return files;
+    }
+    /**
+     * Stream a single JSONL file, returning records after the cutoff
+     */
+    streamFile(filePath, after) {
+        return new Promise((resolve) => {
+            const records = [];
+            try {
+                const stream = createReadStream(filePath, { encoding: 'utf-8' });
+                const rl = createInterface({ input: stream, crlfDelay: Infinity });
+                rl.on('line', (line) => {
+                    if (!line.trim())
+                        return;
+                    try {
+                        const record = JSON.parse(line);
+                        if (new Date(record.timestamp) >= after) {
+                            records.push(record);
+                        }
+                    }
+                    catch {
+                        // Skip malformed lines
+                    }
+                });
+                rl.on('close', () => resolve(records));
+                rl.on('error', () => resolve(records));
+            }
+            catch {
+                resolve(records);
+            }
+        });
+    }
+    // ---------------------------------------------------------------------------
+    // Summary Generation (now uses streaming)
+    // ---------------------------------------------------------------------------
+    /**
+     * Generate a summary for the given time period.
+     * Uses streaming reader for memory efficiency.
+     */
+    async generateSummary(hoursBack) {
+        const now = new Date();
+        const cutoff = new Date(now.getTime() - hoursBack * 60 * 60 * 1000);
+        const records = await this.readLogRecordsStreaming(cutoff);
+        const ipCounts = new Map();
+        const actionCounts = new Map();
+        const verdictBreakdown = { benign: 0, suspicious: 0, malicious: 0 };
+        let threatsBlocked = 0;
+        for (const r of records) {
+            const conclusion = r.verdict.conclusion;
+            if (conclusion === 'benign' || conclusion === 'suspicious' || conclusion === 'malicious') {
+                verdictBreakdown[conclusion]++;
+            }
+            if (r.response.action !== 'log_only' &&
+                r.response.action !== 'notify' &&
+                r.response.success) {
+                threatsBlocked++;
+            }
+            const ip = r.event.metadata?.['sourceIP'] ??
+                r.event.metadata?.['remoteAddress'];
+            if (ip && conclusion !== 'benign') {
+                ipCounts.set(ip, (ipCounts.get(ip) ?? 0) + 1);
+            }
+            const act = r.response.action;
+            actionCounts.set(act, (actionCounts.get(act) ?? 0) + 1);
+        }
+        const topAttackSources = [...ipCounts.entries()]
+            .sort((a, b) => b[1] - a[1])
+            .slice(0, 10)
+            .map(([ip, count]) => ({ ip, count }));
+        const actionsTaken = [...actionCounts.entries()].map(([action, count]) => ({ action, count }));
+        return {
+            period: { start: cutoff.toISOString(), end: now.toISOString() },
+            totalEvents: records.length,
+            threatsBlocked,
+            suspiciousEvents: verdictBreakdown.suspicious,
+            benignEvents: verdictBreakdown.benign,
+            topAttackSources,
+            actionsTaken,
+            verdictBreakdown,
+        };
+    }
+    /** Generate daily summary (last 24 hours) */
+    async generateDailySummary() {
+        return this.generateSummary(24);
+    }
+    /** Generate weekly summary (last 7 days) */
+    async generateWeeklySummary() {
+        return this.generateSummary(7 * 24);
+    }
+    /**
+     * Synchronous summary for backwards compatibility (reads current file only).
+     * Prefer async generateSummary() for production use.
+     */
+    generateSummarySync(hoursBack) {
+        const now = new Date();
+        const cutoff = new Date(now.getTime() - hoursBack * 60 * 60 * 1000);
+        const records = this.readLogRecordsSync(cutoff);
+        const ipCounts = new Map();
+        const actionCounts = new Map();
+        const verdictBreakdown = { benign: 0, suspicious: 0, malicious: 0 };
+        let threatsBlocked = 0;
+        for (const r of records) {
+            const conclusion = r.verdict.conclusion;
+            if (conclusion === 'benign' || conclusion === 'suspicious' || conclusion === 'malicious') {
+                verdictBreakdown[conclusion]++;
+            }
+            if (r.response.action !== 'log_only' &&
+                r.response.action !== 'notify' &&
+                r.response.success) {
+                threatsBlocked++;
+            }
+            const ip = r.event.metadata?.['sourceIP'] ??
+                r.event.metadata?.['remoteAddress'];
+            if (ip && conclusion !== 'benign') {
+                ipCounts.set(ip, (ipCounts.get(ip) ?? 0) + 1);
+            }
+            actionCounts.set(r.response.action, (actionCounts.get(r.response.action) ?? 0) + 1);
+        }
+        return {
+            period: { start: cutoff.toISOString(), end: now.toISOString() },
+            totalEvents: records.length,
+            threatsBlocked,
+            suspiciousEvents: verdictBreakdown.suspicious,
+            benignEvents: verdictBreakdown.benign,
+            topAttackSources: [...ipCounts.entries()]
+                .sort((a, b) => b[1] - a[1])
+                .slice(0, 10)
+                .map(([ip, count]) => ({ ip, count })),
+            actionsTaken: [...actionCounts.entries()].map(([action, count]) => ({ action, count })),
+            verdictBreakdown,
+        };
+    }
+    /** Synchronous read of current log file only */
+    readLogRecordsSync(after) {
+        const records = [];
+        try {
+            const content = readFileSync(this.logPath, 'utf-8');
+            const lines = content.trim().split('\n').filter(Boolean);
+            for (const line of lines) {
+                try {
+                    const record = JSON.parse(line);
+                    if (new Date(record.timestamp) >= after) {
+                        records.push(record);
+                    }
+                }
+                catch {
+                    // Skip malformed lines
+                }
+            }
+        }
+        catch {
+            // Log file may not exist yet
+        }
+        return records;
+    }
+    // ---------------------------------------------------------------------------
+    // Anonymized Data Generation
+    // ---------------------------------------------------------------------------
+    generateAnonymizedData(event, verdict) {
+        const rawIP = event.metadata?.['sourceIP'] ??
+            event.metadata?.['remoteAddress'] ??
+            'unknown';
+        const attackSourceIP = anonymizeIP(rawIP);
+        const sigmaRuleMatched = verdict.evidence
+            .filter((e) => e.source === 'rule_match')
+            .map((e) => e.data?.['ruleId'])
+            .filter(Boolean)
+            .join(',') || 'none';
+        return {
+            attackSourceIP,
+            attackType: event.category,
+            mitreTechnique: verdict.mitreTechnique ?? 'unknown',
+            sigmaRuleMatched,
+            timestamp: new Date().toISOString(),
+            region: getCountryCode(),
+        };
+    }
+    /** Get total report count */
+    getReportCount() {
+        return this.reportCount;
+    }
+    /** Get current log file size in bytes */
+    getLogSizeBytes() {
+        try {
+            return statSync(this.logPath).size;
+        }
+        catch {
+            return 0;
+        }
+    }
+    /** Get number of rotated log files */
+    getRotatedFileCount() {
+        const dir = dirname(this.logPath);
+        const base = basename(this.logPath);
+        try {
+            return readdirSync(dir).filter((f) => f.startsWith(base + '.') && /\.\d+$/.test(f)).length;
+        }
+        catch {
+            return 0;
+        }
+    }
+}
+// ---------------------------------------------------------------------------
+// Utility functions
+// ---------------------------------------------------------------------------
+function getCountryCode() {
+    const tz = Intl.DateTimeFormat().resolvedOptions().timeZone;
+    const tzCountryMap = {
+        'Asia/Taipei': 'TW',
+        'Asia/Tokyo': 'JP',
+        'Asia/Seoul': 'KR',
+        'Asia/Shanghai': 'CN',
+        'Asia/Hong_Kong': 'HK',
+        'Asia/Singapore': 'SG',
+        'America/New_York': 'US',
+        'America/Chicago': 'US',
+        'America/Denver': 'US',
+        'America/Los_Angeles': 'US',
+        'Europe/London': 'GB',
+        'Europe/Berlin': 'DE',
+        'Europe/Paris': 'FR',
+        'Australia/Sydney': 'AU',
+    };
+    return tzCountryMap[tz] ?? 'UNKNOWN';
+}
+/**
+ * Anonymize IP: zero last two octets for IPv4, last two segments for IPv6.
+ * Stronger anonymization than single-octet zeroing.
+ */
+function anonymizeIP(ip) {
+    if (ip === 'unknown')
+        return ip;
+    // IPv4: zero last two octets (x.x.0.0)
+    const v4parts = ip.split('.');
+    if (v4parts.length === 4) {
+        v4parts[2] = '0';
+        v4parts[3] = '0';
+        return v4parts.join('.');
+    }
+    // IPv6: zero last two segments
+    const v6parts = ip.split(':');
+    if (v6parts.length > 2) {
+        v6parts[v6parts.length - 1] = '0';
+        v6parts[v6parts.length - 2] = '0';
+        return v6parts.join(':');
+    }
+    return ip;
+}
+//# sourceMappingURL=report-agent.js.map

package/dist/agent/report-agent.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"report-agent.js","sourceRoot":"","sources":["../../src/agent/report-agent.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,OAAO,EACL,cAAc,EACd,SAAS,EACT,YAAY,EACZ,QAAQ,EACR,UAAU,EACV,WAAW,EACX,UAAU,EACV,gBAAgB,GACjB,MAAM,SAAS,CAAC;AACjB,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,MAAM,WAAW,CAAC;AACpD,OAAO,EAAE,eAAe,EAAE,MAAM,eAAe,CAAC;AAChD,OAAO,EAAE,YAAY,EAAE,MAAM,mBAAmB,CAAC;AASjD,OAAO,EAAE,cAAc,EAAE,MAAM,uBAAuB,CAAC;AAEvD,MAAM,MAAM,GAAG,YAAY,CAAC,6BAA6B,CAAC,CAAC;AAgC3D,MAAM,gBAAgB,GAAmB;IACvC,gBAAgB,EAAE,EAAE,GAAG,IAAI,GAAG,IAAI,EAAE,OAAO;IAC3C,eAAe,EAAE,EAAE;IACnB,aAAa,EAAE,EAAE;CAClB,CAAC;AAEF;;GAEG;AACH,MAAM,OAAO,WAAW;IACL,OAAO,CAAS;IACzB,IAAI,CAAY;IAChB,WAAW,GAAG,CAAC,CAAC;IACP,QAAQ,CAAiB;IAE1C,YAAY,OAAe,EAAE,IAAe,EAAE,QAAkC;QAC9E,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC;QACvB,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC;QACjB,IAAI,CAAC,QAAQ,GAAG,EAAE,GAAG,gBAAgB,EAAE,GAAG,QAAQ,EAAE,CAAC;QAErD,8BAA8B;QAC9B,IAAI,CAAC;YACH,SAAS,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QACnD,CAAC;QAAC,MAAM,CAAC;YACP,8BAA8B;QAChC,CAAC;IACH,CAAC;IAED,4BAA4B;IAC5B,OAAO,CAAC,IAAe;QACrB,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC;IACnB,CAAC;IAED;;;OAGG;IACH,MAAM,CACJ,KAAoB,EACpB,OAAsB,EACtB,QAAwB,EACxB,QAA6B;QAE7B,IAAI,CAAC,WAAW,EAAE,CAAC;QAEnB,kDAAkD;QAClD,IAAI,CAAC,cAAc,EAAE,CAAC;QAEtB,uBAAuB;QACvB,MAAM,MAAM,GAAiB;YAC3B,KAAK;YACL,OAAO;YACP,QAAQ;YACR,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;SACpC,CAAC;QACF,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;QAEvB,+DAA+D;QAC/D,IAAI,eAAe,GAAG,QAAQ,CAAC;QAC/B,IAAI,IAAI,CAAC,IAAI,KAAK,UAAU,EAAE,CAAC;YAC7B,eAAe,GAAG,cAAc,CAAC,QAAQ,EAAE,KAAK,CAAC,CAAC;QACpD,CAAC;QAED,qEAAqE;QACrE,IAAI,cAAgD,CAAC;QACrD,IAAI,OAAO,CAAC,UAAU,KAAK,QAAQ,EAAE,CAAC;YACpC,cAAc,GAAG,IAAI,CAAC,sBAAsB,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC;QAC/D,CAAC;QAED,MAAM,CAAC,IAAI,CACT,WAAW,IAAI,CAAC,WAAW,KAAK,OAAO,CAAC,UAAU,GAAG;YACnD,YAAY,QAAQ,CAAC,MAAM,cAAc,QAAQ,CAAC,OAAO,GAAG,CAC/D,CAAC;QAEF,OAAO,EAAE,eAAe,EAAE,cAAc,EAAE,CAAC;IAC7C,CAAC;IAED,8EAA8E;IAC9E,eAAe;IACf,8EAA8E;IAE9E;;;;OAIG;IACK,cAAc;QACpB,IAAI,CAAC;YACH,MAAM,KAAK,GAAG,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;YACrC,IAAI,KAAK,CAAC,IAAI,GAAG,IAAI,CAAC,QAAQ,CAAC,gBAAgB;gBAAE,OAAO;QAC1D,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,CAAC,6CAA6C;QACvD,CAAC;QAED,MAAM,CAAC,IAAI,CAAC,wCAAwC,IAAI,CAAC,QAAQ,CAAC,gBAAgB,SAAS,CAAC,CAAC;QAE7F,MAAM,GAAG,GAAG,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QAClC,MAAM,IAAI,GAAG,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QAEpC,0DAA0D;QAC1D,KAAK,IAAI,CAAC,GAAG,IAAI,CAAC,QAAQ,CAAC,eAAe,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC;YACxD,MAAM,IAAI,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,IAAI,CAAC,EAAE,CAAC,CAAC;YACvC,MAAM,EAAE,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;YACzC,IAAI,CAAC;gBACH,UAAU,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;YACvB,CAAC;YAAC,MAAM,CAAC;gBACP,qBAAqB;YACvB,CAAC;QACH,CAAC;QAED,2BAA2B;QAC3B,IAAI,CAAC;YACH,UAAU,CAAC,IAAI,CAAC,OAAO,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,IAAI,CAAC,CAAC,CAAC;QACnD,CAAC;QAAC,OAAO,GAAY,EAAE,CAAC;YACtB,MAAM,GAAG,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;YAC7D,MAAM,CAAC,KAAK,CAAC,+BAA+B,GAAG,EAAE,CAAC,CAAC;QACrD,CAAC;QAED,sCAAsC;QACtC,IAAI,CAAC,gBAAgB,EAAE,CAAC;IAC1B,CAAC;IAED;;OAEG;IACK,gBAAgB;QACtB,MAAM,GAAG,GAAG,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QAClC,MAAM,IAAI,GAAG,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QACpC,MAAM,MAAM,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,QAAQ,CAAC,aAAa,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC;QAE9E,IAAI,CAAC;YACH,MAAM,KAAK,GAAG,WAAW,CAAC,GAAG,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,UAAU,CAAC,IAAI,GAAG,GAAG,CAAC,CAAC,CAAC;YAEvE,gCAAgC;YAChC,MAAM,QAAQ,GAAG,KAAK;iBACnB,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE;gBACT,MAAM,GAAG,GAAG,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;gBACnD,OAAO,EAAE,IAAI,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC;YAC1B,CAAC,CAAC;iBACD,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC;iBAC5B,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,GAAG,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC;YAEjC,KAAK,MAAM,KAAK,IAAI,QAAQ,EAAE,CAAC;gBAC7B,IAAI,KAAK,CAAC,GAAG,GAAG,IAAI,CAAC,QAAQ,CAAC,eAAe,EAAE,CAAC;oBAC9C,IAAI,CAAC;wBACH,UAAU,CAAC,IAAI,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC;wBAClC,MAAM,CAAC,IAAI,CAAC,sBAAsB,KAAK,CAAC,IAAI,8BAA8B,CAAC,CAAC;oBAC9E,CAAC;oBAAC,MAAM,CAAC;wBACP,eAAe;oBACjB,CAAC;oBACD,SAAS;gBACX,CAAC;gBAED,6CAA6C;gBAC7C,IAAI,CAAC;oBACH,MAAM,IAAI,GAAG,QAAQ,CAAC,IAAI,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC;oBAC7C,IAAI,IAAI,CAAC,OAAO,GAAG,MAAM,EAAE,CAAC;wBAC1B,UAAU,CAAC,IAAI,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC;wBAClC,MAAM,CAAC,IAAI,CACT,sBAAsB,KAAK,CAAC,IAAI,gBAAgB,IAAI,CAAC,QAAQ,CAAC,aAAa,QAAQ,CACpF,CAAC;oBACJ,CAAC;gBACH,CAAC;gBAAC,MAAM,CAAC;oBACP,eAAe;gBACjB,CAAC;YACH,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,yCAAyC;QAC3C,CAAC;IACH,CAAC;IAED,8EAA8E;IAC9E,cAAc;IACd,8EAA8E;IAEtE,SAAS,CAAC,MAAoB;QACpC,IAAI,CAAC;YACH,MAAM,IAAI,GAAG,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,GAAG,IAAI,CAAC;YAC3C,cAAc,CAAC,IAAI,CAAC,OAAO,EAAE,IAAI,EAAE,OAAO,CAAC,CAAC;QAC9C,CAAC;QAAC,OAAO,GAAY,EAAE,CAAC;YACtB,MAAM,GAAG,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;YAC7D,MAAM,CAAC,KAAK,CAAC,wBAAwB,GAAG,EAAE,CAAC,CAAC;QAC9C,CAAC;IACH,CAAC;IAED,8EAA8E;IAC9E,0CAA0C;IAC1C,8EAA8E;IAE9E;;;;OAIG;IACH,KAAK,CAAC,uBAAuB,CAAC,KAAW;QACvC,MAAM,OAAO,GAAmB,EAAE,CAAC;QACnC,MAAM,QAAQ,GAAG,IAAI,CAAC,WAAW,EAAE,CAAC;QAEpC,KAAK,MAAM,QAAQ,IAAI,QAAQ,EAAE,CAAC;YAChC,IAAI,CAAC;gBACH,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,QAAQ,EAAE,KAAK,CAAC,CAAC;gBAC3D,OAAO,CAAC,IAAI,CAAC,GAAG,WAAW,CAAC,CAAC;YAC/B,CAAC;YAAC,MAAM,CAAC;gBACP,qCAAqC;YACvC,CAAC;QACH,CAAC;QAED,OAAO,OAAO,CAAC;IACjB,CAAC;IAED;;OAEG;IACK,WAAW;QACjB,MAAM,KAAK,GAAa,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QACvC,MAAM,GAAG,GAAG,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QAClC,MAAM,IAAI,GAAG,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QAEpC,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,WAAW,CAAC,GAAG,CAAC;iBAC7B,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,UAAU,CAAC,IAAI,GAAG,GAAG,CAAC,CAAC;iBACvC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE;gBACT,MAAM,GAAG,GAAG,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;gBACnD,OAAO,EAAE,IAAI,EAAE,IAAI,CAAC,GAAG,EAAE,CAAC,CAAC,EAAE,GAAG,EAAE,CAAC;YACrC,CAAC,CAAC;iBACD,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC;iBAC5B,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,GAAG,GAAG,CAAC,CAAC,GAAG,CAAC;iBAC7B,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;YAEtB,KAAK,CAAC,IAAI,CAAC,GAAG,OAAO,CAAC,CAAC;QACzB,CAAC;QAAC,MAAM,CAAC;YACP,mBAAmB;QACrB,CAAC;QAED,OAAO,KAAK,CAAC;IACf,CAAC;IAED;;OAEG;IACK,UAAU,CAAC,QAAgB,EAAE,KAAW;QAC9C,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE;YAC7B,MAAM,OAAO,GAAmB,EAAE,CAAC;YAEnC,IAAI,CAAC;gBACH,MAAM,MAAM,GAAG,gBAAgB,CAAC,QAAQ,EAAE,EAAE,QAAQ,EAAE,OAAO,EAAE,CAAC,CAAC;gBACjE,MAAM,EAAE,GAAG,eAAe,CAAC,EAAE,KAAK,EAAE,MAAM,EAAE,SAAS,EAAE,QAAQ,EAAE,CAAC,CAAC;gBAEnE,EAAE,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,EAAE;oBACrB,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE;wBAAE,OAAO;oBACzB,IAAI,CAAC;wBACH,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAiB,CAAC;wBAChD,IAAI,IAAI,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,IAAI,KAAK,EAAE,CAAC;4BACxC,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;wBACvB,CAAC;oBACH,CAAC;oBAAC,MAAM,CAAC;wBACP,uBAAuB;oBACzB,CAAC;gBACH,CAAC,CAAC,CAAC;gBAEH,EAAE,CAAC,EAAE,CAAC,OAAO,EAAE,GAAG,EAAE,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC;gBACvC,EAAE,CAAC,EAAE,CAAC,OAAO,EAAE,GAAG,EAAE,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC;YACzC,CAAC;YAAC,MAAM,CAAC;gBACP,OAAO,CAAC,OAAO,CAAC,CAAC;YACnB,CAAC;QACH,CAAC,CAAC,CAAC;IACL,CAAC;IAED,8EAA8E;IAC9E,0CAA0C;IAC1C,8EAA8E;IAE9E;;;OAGG;IACH,KAAK,CAAC,eAAe,CAAC,SAAiB;QACrC,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC;QACvB,MAAM,MAAM,GAAG,IAAI,IAAI,CAAC,GAAG,CAAC,OAAO,EAAE,GAAG,SAAS,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;QACpE,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,uBAAuB,CAAC,MAAM,CAAC,CAAC;QAE3D,MAAM,QAAQ,GAAG,IAAI,GAAG,EAAkB,CAAC;QAC3C,MAAM,YAAY,GAAG,IAAI,GAAG,EAAkB,CAAC;QAC/C,MAAM,gBAAgB,GAAG,EAAE,MAAM,EAAE,CAAC,EAAE,UAAU,EAAE,CAAC,EAAE,SAAS,EAAE,CAAC,EAAE,CAAC;QACpE,IAAI,cAAc,GAAG,CAAC,CAAC;QAEvB,KAAK,MAAM,CAAC,IAAI,OAAO,EAAE,CAAC;YACxB,MAAM,UAAU,GAAG,CAAC,CAAC,OAAO,CAAC,UAAU,CAAC;YACxC,IAAI,UAAU,KAAK,QAAQ,IAAI,UAAU,KAAK,YAAY,IAAI,UAAU,KAAK,WAAW,EAAE,CAAC;gBACzF,gBAAgB,CAAC,UAAU,CAAC,EAAE,CAAC;YACjC,CAAC;YAED,IACE,CAAC,CAAC,QAAQ,CAAC,MAAM,KAAK,UAAU;gBAChC,CAAC,CAAC,QAAQ,CAAC,MAAM,KAAK,QAAQ;gBAC9B,CAAC,CAAC,QAAQ,CAAC,OAAO,EAClB,CAAC;gBACD,cAAc,EAAE,CAAC;YACnB,CAAC;YAED,MAAM,EAAE,GACL,CAAC,CAAC,KAAK,CAAC,QAAQ,EAAE,CAAC,UAAU,CAAY;gBACzC,CAAC,CAAC,KAAK,CAAC,QAAQ,EAAE,CAAC,eAAe,CAAY,CAAC;YAClD,IAAI,EAAE,IAAI,UAAU,KAAK,QAAQ,EAAE,CAAC;gBAClC,QAAQ,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;YAChD,CAAC;YAED,MAAM,GAAG,GAAG,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC;YAC9B,YAAY,CAAC,GAAG,CAAC,GAAG,EAAE,CAAC,YAAY,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;QAC1D,CAAC;QAED,MAAM,gBAAgB,GAAG,CAAC,GAAG,QAAQ,CAAC,OAAO,EAAE,CAAC;aAC7C,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;aAC3B,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC;aACZ,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,KAAK,CAAC,EAAE,EAAE,CAAC,CAAC,EAAE,EAAE,EAAE,KAAK,EAAE,CAAC,CAAC,CAAC;QAEzC,MAAM,YAAY,GAAG,CAAC,GAAG,YAAY,CAAC,OAAO,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,MAAM,EAAE,KAAK,CAAC,EAAE,EAAE,CAAC,CAAC,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC,CAAC,CAAC;QAE/F,OAAO;YACL,MAAM,EAAE,EAAE,KAAK,EAAE,MAAM,CAAC,WAAW,EAAE,EAAE,GAAG,EAAE,GAAG,CAAC,WAAW,EAAE,EAAE;YAC/D,WAAW,EAAE,OAAO,CAAC,MAAM;YAC3B,cAAc;YACd,gBAAgB,EAAE,gBAAgB,CAAC,UAAU;YAC7C,YAAY,EAAE,gBAAgB,CAAC,MAAM;YACrC,gBAAgB;YAChB,YAAY;YACZ,gBAAgB;SACjB,CAAC;IACJ,CAAC;IAED,6CAA6C;IAC7C,KAAK,CAAC,oBAAoB;QACxB,OAAO,IAAI,CAAC,eAAe,CAAC,EAAE,CAAC,CAAC;IAClC,CAAC;IAED,4CAA4C;IAC5C,KAAK,CAAC,qBAAqB;QACzB,OAAO,IAAI,CAAC,eAAe,CAAC,CAAC,GAAG,EAAE,CAAC,CAAC;IACtC,CAAC;IAED;;;OAGG;IACH,mBAAmB,CAAC,SAAiB;QACnC,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC;QACvB,MAAM,MAAM,GAAG,IAAI,IAAI,CAAC,GAAG,CAAC,OAAO,EAAE,GAAG,SAAS,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;QACpE,MAAM,OAAO,GAAG,IAAI,CAAC,kBAAkB,CAAC,MAAM,CAAC,CAAC;QAEhD,MAAM,QAAQ,GAAG,IAAI,GAAG,EAAkB,CAAC;QAC3C,MAAM,YAAY,GAAG,IAAI,GAAG,EAAkB,CAAC;QAC/C,MAAM,gBAAgB,GAAG,EAAE,MAAM,EAAE,CAAC,EAAE,UAAU,EAAE,CAAC,EAAE,SAAS,EAAE,CAAC,EAAE,CAAC;QACpE,IAAI,cAAc,GAAG,CAAC,CAAC;QAEvB,KAAK,MAAM,CAAC,IAAI,OAAO,EAAE,CAAC;YACxB,MAAM,UAAU,GAAG,CAAC,CAAC,OAAO,CAAC,UAAU,CAAC;YACxC,IAAI,UAAU,KAAK,QAAQ,IAAI,UAAU,KAAK,YAAY,IAAI,UAAU,KAAK,WAAW,EAAE,CAAC;gBACzF,gBAAgB,CAAC,UAAU,CAAC,EAAE,CAAC;YACjC,CAAC;YACD,IACE,CAAC,CAAC,QAAQ,CAAC,MAAM,KAAK,UAAU;gBAChC,CAAC,CAAC,QAAQ,CAAC,MAAM,KAAK,QAAQ;gBAC9B,CAAC,CAAC,QAAQ,CAAC,OAAO,EAClB,CAAC;gBACD,cAAc,EAAE,CAAC;YACnB,CAAC;YACD,MAAM,EAAE,GACL,CAAC,CAAC,KAAK,CAAC,QAAQ,EAAE,CAAC,UAAU,CAAY;gBACzC,CAAC,CAAC,KAAK,CAAC,QAAQ,EAAE,CAAC,eAAe,CAAY,CAAC;YAClD,IAAI,EAAE,IAAI,UAAU,KAAK,QAAQ,EAAE,CAAC;gBAClC,QAAQ,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;YAChD,CAAC;YACD,YAAY,CAAC,GAAG,CAAC,CAAC,CAAC,QAAQ,CAAC,MAAM,EAAE,CAAC,YAAY,CAAC,GAAG,CAAC,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;QACtF,CAAC;QAED,OAAO;YACL,MAAM,EAAE,EAAE,KAAK,EAAE,MAAM,CAAC,WAAW,EAAE,EAAE,GAAG,EAAE,GAAG,CAAC,WAAW,EAAE,EAAE;YAC/D,WAAW,EAAE,OAAO,CAAC,MAAM;YAC3B,cAAc;YACd,gBAAgB,EAAE,gBAAgB,CAAC,UAAU;YAC7C,YAAY,EAAE,gBAAgB,CAAC,MAAM;YACrC,gBAAgB,EAAE,CAAC,GAAG,QAAQ,CAAC,OAAO,EAAE,CAAC;iBACtC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;iBAC3B,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC;iBACZ,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,KAAK,CAAC,EAAE,EAAE,CAAC,CAAC,EAAE,EAAE,EAAE,KAAK,EAAE,CAAC,CAAC;YACxC,YAAY,EAAE,CAAC,GAAG,YAAY,CAAC,OAAO,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,MAAM,EAAE,KAAK,CAAC,EAAE,EAAE,CAAC,CAAC,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC,CAAC;YACvF,gBAAgB;SACjB,CAAC;IACJ,CAAC;IAED,gDAAgD;IACxC,kBAAkB,CAAC,KAAW;QACpC,MAAM,OAAO,GAAmB,EAAE,CAAC;QACnC,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,YAAY,CAAC,IAAI,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;YACpD,MAAM,KAAK,GAAG,OAAO,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;YACzD,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;gBACzB,IAAI,CAAC;oBACH,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAiB,CAAC;oBAChD,IAAI,IAAI,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,IAAI,KAAK,EAAE,CAAC;wBACxC,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;oBACvB,CAAC;gBACH,CAAC;gBAAC,MAAM,CAAC;oBACP,uBAAuB;gBACzB,CAAC;YACH,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,6BAA6B;QAC/B,CAAC;QACD,OAAO,OAAO,CAAC;IACjB,CAAC;IAED,8EAA8E;IAC9E,6BAA6B;IAC7B,8EAA8E;IAEtE,sBAAsB,CAC5B,KAAoB,EACpB,OAAsB;QAEtB,MAAM,KAAK,GACR,KAAK,CAAC,QAAQ,EAAE,CAAC,UAAU,CAAY;YACvC,KAAK,CAAC,QAAQ,EAAE,CAAC,eAAe,CAAY;YAC7C,SAAS,CAAC;QACZ,MAAM,cAAc,GAAG,WAAW,CAAC,KAAK,CAAC,CAAC;QAE1C,MAAM,gBAAgB,GACpB,OAAO,CAAC,QAAQ;aACb,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,KAAK,YAAY,CAAC;aACxC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAE,CAAC,CAAC,IAAgC,EAAE,CAAC,QAAQ,CAAW,CAAC;aACrE,MAAM,CAAC,OAAO,CAAC;aACf,IAAI,CAAC,GAAG,CAAC,IAAI,MAAM,CAAC;QAEzB,OAAO;YACL,cAAc;YACd,UAAU,EAAE,KAAK,CAAC,QAAQ;YAC1B,cAAc,EAAE,OAAO,CAAC,cAAc,IAAI,SAAS;YACnD,gBAAgB;YAChB,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YACnC,MAAM,EAAE,cAAc,EAAE;SACzB,CAAC;IACJ,CAAC;IAED,6BAA6B;IAC7B,cAAc;QACZ,OAAO,IAAI,CAAC,WAAW,CAAC;IAC1B,CAAC;IAED,yCAAyC;IACzC,eAAe;QACb,IAAI,CAAC;YACH,OAAO,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC;QACrC,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,CAAC,CAAC;QACX,CAAC;IACH,CAAC;IAED,sCAAsC;IACtC,mBAAmB;QACjB,MAAM,GAAG,GAAG,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QAClC,MAAM,IAAI,GAAG,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QACpC,IAAI,CAAC;YACH,OAAO,WAAW,CAAC,GAAG,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,UAAU,CAAC,IAAI,GAAG,GAAG,CAAC,IAAI,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC;QAC7F,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,CAAC,CAAC;QACX,CAAC;IACH,CAAC;CACF;AAED,8EAA8E;AAC9E,oBAAoB;AACpB,8EAA8E;AAE9E,SAAS,cAAc;IACrB,MAAM,EAAE,GAAG,IAAI,CAAC,cAAc,EAAE,CAAC,eAAe,EAAE,CAAC,QAAQ,CAAC;IAC5D,MAAM,YAAY,GAA2B;QAC3C,aAAa,EAAE,IAAI;QACnB,YAAY,EAAE,IAAI;QAClB,YAAY,EAAE,IAAI;QAClB,eAAe,EAAE,IAAI;QACrB,gBAAgB,EAAE,IAAI;QACtB,gBAAgB,EAAE,IAAI;QACtB,kBAAkB,EAAE,IAAI;QACxB,iBAAiB,EAAE,IAAI;QACvB,gBAAgB,EAAE,IAAI;QACtB,qBAAqB,EAAE,IAAI;QAC3B,eAAe,EAAE,IAAI;QACrB,eAAe,EAAE,IAAI;QACrB,cAAc,EAAE,IAAI;QACpB,kBAAkB,EAAE,IAAI;KACzB,CAAC;IACF,OAAO,YAAY,CAAC,EAAE,CAAC,IAAI,SAAS,CAAC;AACvC,CAAC;AAED;;;GAGG;AACH,SAAS,WAAW,CAAC,EAAU;IAC7B,IAAI,EAAE,KAAK,SAAS;QAAE,OAAO,EAAE,CAAC;IAEhC,uCAAuC;IACvC,MAAM,OAAO,GAAG,EAAE,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAC9B,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACzB,OAAO,CAAC,CAAC,CAAC,GAAG,GAAG,CAAC;QACjB,OAAO,CAAC,CAAC,CAAC,GAAG,GAAG,CAAC;QACjB,OAAO,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IAC3B,CAAC;IAED,+BAA+B;IAC/B,MAAM,OAAO,GAAG,EAAE,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAC9B,IAAI,OAAO,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACvB,OAAO,CAAC,OAAO,CAAC,MAAM,GAAG,CAAC,CAAC,GAAG,GAAG,CAAC;QAClC,OAAO,CAAC,OAAO,CAAC,MAAM,GAAG,CAAC,CAAC,GAAG,GAAG,CAAC;QAClC,OAAO,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IAC3B,CAAC;IAED,OAAO,EAAE,CAAC;AACZ,CAAC"}

package/dist/agent/respond-agent.d.ts

@@ -0,0 +1,113 @@
+/**
+ * Respond Agent - Execute response actions with persistence, rollback, and escalation
+ * 回應代理 - 執行回應動作，支援持久化、回滾和漸進升級
+ *
+ * Third stage of the multi-agent pipeline. Determines and executes
+ * the appropriate response action based on verdict confidence levels
+ * and the configured action policy thresholds.
+ *
+ * Uses execFile (never exec) for all system commands to prevent
+ * command injection vulnerabilities.
+ *
+ * @module @panguard-ai/panguard-guard/agent/respond-agent
+ */
+import type { ThreatVerdict, ActionPolicy, ResponseResult, ResponseAction, GuardMode } from '../types.js';
+/** Action manifest record for persistence and rollback */
+interface ActionManifestEntry {
+    id: string;
+    action: ResponseAction;
+    target: string;
+    timestamp: string;
+    expiresAt?: string;
+    rolledBack: boolean;
+    verdict: {
+        conclusion: string;
+        confidence: number;
+    };
+}
+/** Escalation tracker: IP/target → violation count */
+interface EscalationRecord {
+    target: string;
+    violationCount: number;
+    firstSeen: string;
+    lastSeen: string;
+}
+/**
+ * Respond Agent determines and executes appropriate response actions
+ * with persistence, auto-unblock timers, SIGKILL fallback, and escalation.
+ */
+export declare class RespondAgent {
+    private readonly actionPolicy;
+    private mode;
+    private actionCount;
+    private readonly additionalWhitelistedIPs;
+    /** Action manifest for persistence and rollback */
+    private readonly manifest;
+    private readonly manifestPath;
+    /** Escalation tracker: target → record */
+    private readonly escalationMap;
+    /** Active unblock timers */
+    private readonly unblockTimers;
+    constructor(actionPolicy: ActionPolicy, mode: GuardMode, whitelistedIPs?: string[], dataDir?: string);
+    /** Update operating mode */
+    setMode(mode: GuardMode): void;
+    /**
+     * Execute response based on verdict with escalation awareness
+     */
+    respond(verdict: ThreatVerdict): Promise<ResponseResult>;
+    /**
+     * Rollback a previous action by manifest entry ID
+     */
+    rollback(entryId: string): Promise<ResponseResult>;
+    /**
+     * Get all active (non-rolled-back) actions
+     */
+    getActiveActions(): ActionManifestEntry[];
+    private executeAction;
+    /**
+     * Block an IP address with auto-unblock timer
+     */
+    private blockIP;
+    /**
+     * Unblock a previously blocked IP
+     */
+    private unblockIP;
+    /**
+     * Schedule auto-unblock after duration
+     */
+    private scheduleUnblock;
+    /**
+     * Kill a process with SIGKILL fallback
+     */
+    private killProcess;
+    /**
+     * Wait for a process to exit, return true if still alive after timeout
+     */
+    private waitForProcessExit;
+    /**
+     * Disable a user account
+     */
+    private disableAccount;
+    /**
+     * Isolate a file (move to quarantine) with metadata tracking
+     */
+    private isolateFile;
+    private recordAction;
+    private persistManifestEntry;
+    private loadManifest;
+    private trackEscalation;
+    private extractTarget;
+    private extractIP;
+    private extractPID;
+    private extractUsername;
+    private extractFilePath;
+    private extractProcessName;
+    /** Get total action count */
+    getActionCount(): number;
+    /** Get escalation records */
+    getEscalationRecords(): Map<string, EscalationRecord>;
+    /** Cleanup: clear all timers (for graceful shutdown) */
+    destroy(): void;
+}
+export {};
+//# sourceMappingURL=respond-agent.d.ts.map

package/dist/agent/respond-agent.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"respond-agent.d.ts","sourceRoot":"","sources":["../../src/agent/respond-agent.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAOH,OAAO,KAAK,EACV,aAAa,EACb,YAAY,EACZ,cAAc,EACd,cAAc,EACd,SAAS,EACV,MAAM,aAAa,CAAC;AAIrB,0DAA0D;AAC1D,UAAU,mBAAmB;IAC3B,EAAE,EAAE,MAAM,CAAC;IACX,MAAM,EAAE,cAAc,CAAC;IACvB,MAAM,EAAE,MAAM,CAAC;IACf,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,UAAU,EAAE,OAAO,CAAC;IACpB,OAAO,EAAE;QAAE,UAAU,EAAE,MAAM,CAAC;QAAC,UAAU,EAAE,MAAM,CAAA;KAAE,CAAC;CACrD;AAED,sDAAsD;AACtD,UAAU,gBAAgB;IACxB,MAAM,EAAE,MAAM,CAAC;IACf,cAAc,EAAE,MAAM,CAAC;IACvB,SAAS,EAAE,MAAM,CAAC;IAClB,QAAQ,EAAE,MAAM,CAAC;CAClB;AA2CD;;;GAGG;AACH,qBAAa,YAAY;IACvB,OAAO,CAAC,QAAQ,CAAC,YAAY,CAAe;IAC5C,OAAO,CAAC,IAAI,CAAY;IACxB,OAAO,CAAC,WAAW,CAAK;IACxB,OAAO,CAAC,QAAQ,CAAC,wBAAwB,CAAc;IAEvD,mDAAmD;IACnD,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAA6B;IACtD,OAAO,CAAC,QAAQ,CAAC,YAAY,CAAS;IAEtC,0CAA0C;IAC1C,OAAO,CAAC,QAAQ,CAAC,aAAa,CAAuC;IAErE,4BAA4B;IAC5B,OAAO,CAAC,QAAQ,CAAC,aAAa,CAAoD;gBAGhF,YAAY,EAAE,YAAY,EAC1B,IAAI,EAAE,SAAS,EACf,cAAc,GAAE,MAAM,EAAO,EAC7B,OAAO,SAAwB;IAkBjC,4BAA4B;IAC5B,OAAO,CAAC,IAAI,EAAE,SAAS,GAAG,IAAI;IAI9B;;OAEG;IACG,OAAO,CAAC,OAAO,EAAE,aAAa,GAAG,OAAO,CAAC,cAAc,CAAC;IAgE9D;;OAEG;IACG,QAAQ,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,cAAc,CAAC;IA2CxD;;OAEG;IACH,gBAAgB,IAAI,mBAAmB,EAAE;YAQ3B,aAAa;IAgC3B;;OAEG;YACW,OAAO;IA2FrB;;OAEG;YACW,SAAS;IA6CvB;;OAEG;IACH,OAAO,CAAC,eAAe;IAwBvB;;OAEG;YACW,WAAW;IA0EzB;;OAEG;YACW,kBAAkB;IAiBhC;;OAEG;YACW,cAAc;IAuE5B;;OAEG;YACW,WAAW;IAkEzB,OAAO,CAAC,YAAY;IAqBpB,OAAO,CAAC,oBAAoB;IAS5B,OAAO,CAAC,YAAY;IAsBpB,OAAO,CAAC,eAAe;IAgBvB,OAAO,CAAC,aAAa;IAarB,OAAO,CAAC,SAAS;IASjB,OAAO,CAAC,UAAU;IAQlB,OAAO,CAAC,eAAe;IAQvB,OAAO,CAAC,eAAe;IAQvB,OAAO,CAAC,kBAAkB;IAQ1B,6BAA6B;IAC7B,cAAc,IAAI,MAAM;IAIxB,6BAA6B;IAC7B,oBAAoB,IAAI,GAAG,CAAC,MAAM,EAAE,gBAAgB,CAAC;IAIrD,wDAAwD;IACxD,OAAO,IAAI,IAAI;CAMhB"}