@panguard-ai/threat-cloud 0.1.1 → 0.2.1

package/dist/backup.d.ts

@@ -0,0 +1,40 @@
+/**
+ * BackupManager - SQLite database backup with rotation
+ *
+ * Uses WAL checkpoint + file copy for a consistent backup.
+ * Keeps the last N backups (default 7) and rotates old ones automatically.
+ */
+export interface BackupResult {
+    readonly path: string;
+    readonly sizeBytes: number;
+    readonly timestamp: string;
+}
+export declare class BackupManager {
+    private readonly dbPath;
+    private readonly backupDir;
+    private readonly maxBackups;
+    private readonly dbName;
+    constructor(dbPath: string, backupDir: string, maxBackups?: number);
+    /**
+     * Create a consistent backup of the SQLite database.
+     *
+     * 1. Opens the DB in readonly mode
+     * 2. Runs a WAL checkpoint (TRUNCATE) to flush pending writes
+     * 3. Copies the database file to the backup directory
+     * 4. Rotates old backups beyond maxBackups
+     */
+    backup(): BackupResult;
+    /**
+     * Remove old backups beyond maxBackups, keeping the newest ones.
+     */
+    rotate(): void;
+    /**
+     * List existing backups for this database, sorted newest-first.
+     */
+    listBackups(): string[];
+    /**
+     * Format a byte count as a human-readable string.
+     */
+    static formatSize(bytes: number): string;
+}
+//# sourceMappingURL=backup.d.ts.map

package/dist/backup.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"backup.d.ts","sourceRoot":"","sources":["../src/backup.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAMH,MAAM,WAAW,YAAY;IAC3B,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;IAC3B,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;CAC5B;AAED,qBAAa,aAAa;IACxB,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAS;IAChC,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAS;IACnC,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAS;IACpC,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAS;gBAEpB,MAAM,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,EAAE,UAAU,SAAI;IAkB7D;;;;;;;OAOG;IACH,MAAM,IAAI,YAAY;IA0CtB;;OAEG;IACH,MAAM,IAAI,IAAI;IAsBd;;OAEG;IACH,WAAW,IAAI,MAAM,EAAE;IAYvB;;OAEG;IACH,MAAM,CAAC,UAAU,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM;CAKzC"}

package/dist/backup.js

@@ -0,0 +1,123 @@
+/**
+ * BackupManager - SQLite database backup with rotation
+ *
+ * Uses WAL checkpoint + file copy for a consistent backup.
+ * Keeps the last N backups (default 7) and rotates old ones automatically.
+ */
+import Database from 'better-sqlite3';
+import { existsSync, mkdirSync, readdirSync, unlinkSync, copyFileSync, statSync } from 'node:fs';
+import { join, basename } from 'node:path';
+export class BackupManager {
+    dbPath;
+    backupDir;
+    maxBackups;
+    dbName;
+    constructor(dbPath, backupDir, maxBackups = 7) {
+        if (!dbPath || !backupDir) {
+            throw new Error('dbPath and backupDir are required');
+        }
+        if (maxBackups < 1) {
+            throw new Error('maxBackups must be at least 1');
+        }
+        this.dbPath = dbPath;
+        this.backupDir = backupDir;
+        this.maxBackups = maxBackups;
+        this.dbName = basename(dbPath, '.db');
+        if (!existsSync(backupDir)) {
+            mkdirSync(backupDir, { recursive: true });
+        }
+    }
+    /**
+     * Create a consistent backup of the SQLite database.
+     *
+     * 1. Opens the DB in readonly mode
+     * 2. Runs a WAL checkpoint (TRUNCATE) to flush pending writes
+     * 3. Copies the database file to the backup directory
+     * 4. Rotates old backups beyond maxBackups
+     */
+    backup() {
+        if (!existsSync(this.dbPath)) {
+            throw new Error(`Database file not found: ${this.dbPath}`);
+        }
+        const timestamp = new Date().toISOString().replace(/[:.]/g, '-');
+        const backupFileName = `${this.dbName}-${timestamp}.db`;
+        const backupPath = join(this.backupDir, backupFileName);
+        // Checkpoint WAL to ensure all data is flushed to the main DB file
+        const db = new Database(this.dbPath);
+        try {
+            db.pragma('wal_checkpoint(TRUNCATE)');
+        }
+        finally {
+            db.close();
+        }
+        // Copy the database file
+        copyFileSync(this.dbPath, backupPath);
+        // Also copy WAL/SHM if they exist (belt and suspenders)
+        const walPath = `${this.dbPath}-wal`;
+        const shmPath = `${this.dbPath}-shm`;
+        if (existsSync(walPath)) {
+            copyFileSync(walPath, `${backupPath}-wal`);
+        }
+        if (existsSync(shmPath)) {
+            copyFileSync(shmPath, `${backupPath}-shm`);
+        }
+        const sizeBytes = statSync(backupPath).size;
+        // Rotate old backups
+        this.rotate();
+        return {
+            path: backupPath,
+            sizeBytes,
+            timestamp,
+        };
+    }
+    /**
+     * Remove old backups beyond maxBackups, keeping the newest ones.
+     */
+    rotate() {
+        const backups = this.listBackups();
+        if (backups.length <= this.maxBackups) {
+            return;
+        }
+        const toDelete = backups.slice(this.maxBackups);
+        for (const fileName of toDelete) {
+            const filePath = join(this.backupDir, fileName);
+            try {
+                unlinkSync(filePath);
+                // Also clean up WAL/SHM companions
+                const walCompanion = `${filePath}-wal`;
+                const shmCompanion = `${filePath}-shm`;
+                if (existsSync(walCompanion))
+                    unlinkSync(walCompanion);
+                if (existsSync(shmCompanion))
+                    unlinkSync(shmCompanion);
+            }
+            catch {
+                // Best-effort deletion; log nothing to avoid noise
+            }
+        }
+    }
+    /**
+     * List existing backups for this database, sorted newest-first.
+     */
+    listBackups() {
+        if (!existsSync(this.backupDir)) {
+            return [];
+        }
+        const prefix = `${this.dbName}-`;
+        return readdirSync(this.backupDir)
+            .filter((f) => f.startsWith(prefix) && f.endsWith('.db') && !f.endsWith('-wal') && !f.endsWith('-shm'))
+            .sort()
+            .reverse(); // newest first (ISO timestamps sort lexicographically)
+    }
+    /**
+     * Format a byte count as a human-readable string.
+     */
+    static formatSize(bytes) {
+        if (bytes < 1024)
+            return `${bytes} B`;
+        if (bytes < 1024 * 1024)
+            return `${(bytes / 1024).toFixed(1)} KB`;
+        return `${(bytes / (1024 * 1024)).toFixed(1)} MB`;
+    }
+}
+//# sourceMappingURL=backup.js.map

package/dist/backup.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"backup.js","sourceRoot":"","sources":["../src/backup.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,QAAQ,MAAM,gBAAgB,CAAC;AACtC,OAAO,EAAE,UAAU,EAAE,SAAS,EAAE,WAAW,EAAE,UAAU,EAAE,YAAY,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAC;AACjG,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,MAAM,WAAW,CAAC;AAQ3C,MAAM,OAAO,aAAa;IACP,MAAM,CAAS;IACf,SAAS,CAAS;IAClB,UAAU,CAAS;IACnB,MAAM,CAAS;IAEhC,YAAY,MAAc,EAAE,SAAiB,EAAE,UAAU,GAAG,CAAC;QAC3D,IAAI,CAAC,MAAM,IAAI,CAAC,SAAS,EAAE,CAAC;YAC1B,MAAM,IAAI,KAAK,CAAC,mCAAmC,CAAC,CAAC;QACvD,CAAC;QACD,IAAI,UAAU,GAAG,CAAC,EAAE,CAAC;YACnB,MAAM,IAAI,KAAK,CAAC,+BAA+B,CAAC,CAAC;QACnD,CAAC;QAED,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QACrB,IAAI,CAAC,SAAS,GAAG,SAAS,CAAC;QAC3B,IAAI,CAAC,UAAU,GAAG,UAAU,CAAC;QAC7B,IAAI,CAAC,MAAM,GAAG,QAAQ,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC;QAEtC,IAAI,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;YAC3B,SAAS,CAAC,SAAS,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QAC5C,CAAC;IACH,CAAC;IAED;;;;;;;OAOG;IACH,MAAM;QACJ,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC;YAC7B,MAAM,IAAI,KAAK,CAAC,4BAA4B,IAAI,CAAC,MAAM,EAAE,CAAC,CAAC;QAC7D,CAAC;QAED,MAAM,SAAS,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC,OAAO,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC;QACjE,MAAM,cAAc,GAAG,GAAG,IAAI,CAAC,MAAM,IAAI,SAAS,KAAK,CAAC;QACxD,MAAM,UAAU,GAAG,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,cAAc,CAAC,CAAC;QAExD,mEAAmE;QACnE,MAAM,EAAE,GAAG,IAAI,QAAQ,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QACrC,IAAI,CAAC;YACH,EAAE,CAAC,MAAM,CAAC,0BAA0B,CAAC,CAAC;QACxC,CAAC;gBAAS,CAAC;YACT,EAAE,CAAC,KAAK,EAAE,CAAC;QACb,CAAC;QAED,yBAAyB;QACzB,YAAY,CAAC,IAAI,CAAC,MAAM,EAAE,UAAU,CAAC,CAAC;QAEtC,wDAAwD;QACxD,MAAM,OAAO,GAAG,GAAG,IAAI,CAAC,MAAM,MAAM,CAAC;QACrC,MAAM,OAAO,GAAG,GAAG,IAAI,CAAC,MAAM,MAAM,CAAC;QACrC,IAAI,UAAU,CAAC,OAAO,CAAC,EAAE,CAAC;YACxB,YAAY,CAAC,OAAO,EAAE,GAAG,UAAU,MAAM,CAAC,CAAC;QAC7C,CAAC;QACD,IAAI,UAAU,CAAC,OAAO,CAAC,EAAE,CAAC;YACxB,YAAY,CAAC,OAAO,EAAE,GAAG,UAAU,MAAM,CAAC,CAAC;QAC7C,CAAC;QAED,MAAM,SAAS,GAAG,QAAQ,CAAC,UAAU,CAAC,CAAC,IAAI,CAAC;QAE5C,qBAAqB;QACrB,IAAI,CAAC,MAAM,EAAE,CAAC;QAEd,OAAO;YACL,IAAI,EAAE,UAAU;YAChB,SAAS;YACT,SAAS;SACV,CAAC;IACJ,CAAC;IAED;;OAEG;IACH,MAAM;QACJ,MAAM,OAAO,GAAG,IAAI,CAAC,WAAW,EAAE,CAAC;QACnC,IAAI,OAAO,CAAC,MAAM,IAAI,IAAI,CAAC,UAAU,EAAE,CAAC;YACtC,OAAO;QACT,CAAC;QAED,MAAM,QAAQ,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;QAChD,KAAK,MAAM,QAAQ,IAAI,QAAQ,EAAE,CAAC;YAChC,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,QAAQ,CAAC,CAAC;YAChD,IAAI,CAAC;gBACH,UAAU,CAAC,QAAQ,CAAC,CAAC;gBACrB,mCAAmC;gBACnC,MAAM,YAAY,GAAG,GAAG,QAAQ,MAAM,CAAC;gBACvC,MAAM,YAAY,GAAG,GAAG,QAAQ,MAAM,CAAC;gBACvC,IAAI,UAAU,CAAC,YAAY,CAAC;oBAAE,UAAU,CAAC,YAAY,CAAC,CAAC;gBACvD,IAAI,UAAU,CAAC,YAAY,CAAC;oBAAE,UAAU,CAAC,YAAY,CAAC,CAAC;YACzD,CAAC;YAAC,MAAM,CAAC;gBACP,mDAAmD;YACrD,CAAC;QACH,CAAC;IACH,CAAC;IAED;;OAEG;IACH,WAAW;QACT,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,CAAC;YAChC,OAAO,EAAE,CAAC;QACZ,CAAC;QAED,MAAM,MAAM,GAAG,GAAG,IAAI,CAAC,MAAM,GAAG,CAAC;QACjC,OAAO,WAAW,CAAC,IAAI,CAAC,SAAS,CAAC;aAC/B,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,UAAU,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;aACtG,IAAI,EAAE;aACN,OAAO,EAAE,CAAC,CAAC,uDAAuD;IACvE,CAAC;IAED;;OAEG;IACH,MAAM,CAAC,UAAU,CAAC,KAAa;QAC7B,IAAI,KAAK,GAAG,IAAI;YAAE,OAAO,GAAG,KAAK,IAAI,CAAC;QACtC,IAAI,KAAK,GAAG,IAAI,GAAG,IAAI;YAAE,OAAO,GAAG,CAAC,KAAK,GAAG,IAAI,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,KAAK,CAAC;QAClE,OAAO,GAAG,CAAC,KAAK,GAAG,CAAC,IAAI,GAAG,IAAI,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,KAAK,CAAC;IACpD,CAAC;CACF"}

package/dist/cli.js

@@ -6,41 +6,29 @@
  * Usage: threat-cloud [--port 8080] [--host 0.0.0.0] [--db ./data/threats.db]
  */
 import { ThreatCloudServer } from './server.js';
-const MIN_API_KEY_LENGTH = 32;
 function parseArgs(args) {
     const config = {};
     for (let i = 0; i < args.length; i++) {
         switch (args[i]) {
-            case '--port': {
-                const port = Number(args[++i]);
-                if (isNaN(port) || port < 1 || port > 65535) {
-                    console.error(`Error: Invalid port number. Must be 1-65535.`);
-                    process.exit(1);
-                }
-                config.port = port;
+            case '--port':
+                config.port = Number(args[++i]);
                 break;
-            }
             case '--host':
                 config.host = args[++i];
                 break;
             case '--db':
                 config.dbPath = args[++i];
                 break;
-            case '--backup-dir':
-                config.backupDir = args[++i];
-                break;
-            case '--api-key': {
-                const keys = (args[++i] ?? '').split(',').filter(Boolean);
-                const weak = keys.filter((k) => k.length < MIN_API_KEY_LENGTH);
-                if (weak.length > 0) {
-                    console.error(`Error: API keys must be at least ${MIN_API_KEY_LENGTH} characters. ` +
-                        `Generate with: openssl rand -hex 32`);
-                    process.exit(1);
-                }
+            case '--api-key':
                 config.apiKeyRequired = true;
-                config.apiKeys = keys;
+                config.apiKeys = (args[++i] ?? '').split(',');
+                break;
+            case '--anthropic-api-key':
+                config.anthropicApiKey = args[++i];
+                break;
+            case '--admin-api-key':
+                config.adminApiKey = args[++i];
                 break;
-            }
             case '--help':
                 console.log(`
 Threat Cloud Server - Collective Threat Intelligence Backend
@@ -48,15 +36,13 @@ Threat Cloud Server - Collective Threat Intelligence Backend
 Usage: threat-cloud [options]
 
 Options:
-  --port <number>      Listen port (default: 8080, range: 1-65535)
-  --host <string>      Listen host (default: 127.0.0.1)
-  --db <path>          SQLite database path (default: ./threat-cloud.db)
-  --api-key <keys>     Comma-separated API keys (min ${MIN_API_KEY_LENGTH} chars each)
-  --backup-dir <path>  Backup directory (default: ./backups)
-  --help               Show this help
-
-Generate API key:
-  openssl rand -hex 32
+  --port <number>              Listen port (default: 8080)
+  --host <string>              Listen host (default: 127.0.0.1)
+  --db <path>                  SQLite database path (default: ./threat-cloud.db)
+  --api-key <keys>             Comma-separated API keys (enables auth)
+  --anthropic-api-key <key>    Anthropic API key for LLM review of ATR proposals
+  --admin-api-key <key>        Admin key for write-protected endpoints (POST /api/rules)
+  --help                       Show this help
 `);
                 process.exit(0);
         }
@@ -65,28 +51,16 @@ Generate API key:
 }
 async function main() {
     const args = parseArgs(process.argv.slice(2));
-    // Environment variables override defaults; CLI args override env
-    const envApiKeys = process.env['TC_API_KEYS']?.split(',').filter(Boolean) ?? [];
-    // Validate env API keys length in production
-    if (process.env['NODE_ENV'] === 'production' && envApiKeys.length === 0) {
-        console.error('Error: TC_API_KEYS is required in production mode.');
-        console.error('Generate with: openssl rand -hex 32');
-        process.exit(1);
-    }
-    const weakEnvKeys = envApiKeys.filter((k) => k.length < MIN_API_KEY_LENGTH);
-    if (weakEnvKeys.length > 0) {
-        console.warn(`WARNING: ${weakEnvKeys.length} API key(s) shorter than ${MIN_API_KEY_LENGTH} chars. ` +
-            `Generate stronger keys with: openssl rand -hex 32`);
-    }
     const config = {
-        port: args.port ?? Number(process.env['TC_PORT'] ?? '8080'),
-        host: args.host ?? process.env['TC_HOST'] ?? '127.0.0.1',
-        dbPath: args.dbPath ?? process.env['TC_DB_PATH'] ?? './threat-cloud.db',
-        apiKeyRequired: args.apiKeyRequired ?? envApiKeys.length > 0,
-        apiKeys: args.apiKeys ?? envApiKeys,
+        port: args.port ?? Number(process.env['PORT'] ?? '8080'),
+        host: args.host ?? '0.0.0.0',
+        dbPath: args.dbPath ?? process.env['DB_PATH'] ?? './threat-cloud.db',
+        apiKeyRequired: args.apiKeyRequired ?? false,
+        apiKeys: args.apiKeys ?? [],
         rateLimitPerMinute: 120,
+        anthropicApiKey: args.anthropicApiKey ?? process.env['ANTHROPIC_API_KEY'],
+        adminApiKey: args.adminApiKey ?? process.env['TC_ADMIN_API_KEY'],
     };
-    const backupDir = args.backupDir ?? process.env['TC_BACKUP_DIR'] ?? './backups';
     const server = new ThreatCloudServer(config);
     const shutdown = async () => {
         console.log('\nShutting down Threat Cloud server...');
@@ -96,20 +70,6 @@ async function main() {
     process.on('SIGINT', () => void shutdown());
     process.on('SIGTERM', () => void shutdown());
     await server.start();
-    // Schedule daily backup (3am UTC by default)
-    const runBackup = () => {
-        const dest = server.getScheduler().runBackup(backupDir);
-        if (dest) {
-            console.log(`[Backup] Database backed up to ${dest}`);
-        }
-        else {
-            console.error('[Backup] Database backup failed');
-        }
-    };
-    // Initial backup on startup
-    runBackup();
-    // Daily backup interval
-    setInterval(runBackup, 24 * 60 * 60 * 1000);
 }
 void main();
 //# sourceMappingURL=cli.js.map

package/dist/cli.js.map

@@ -1 +1 @@
-{"version":3,"file":"cli.js","sourceRoot":"","sources":["../src/cli.ts"],"names":[],"mappings":";AACA;;;;;GAKG;AAEH,OAAO,EAAE,iBAAiB,EAAE,MAAM,aAAa,CAAC;AAGhD,MAAM,kBAAkB,GAAG,EAAE,CAAC;AAE9B,SAAS,SAAS,CAAC,IAAc;IAC/B,MAAM,MAAM,GAAmD,EAAE,CAAC;IAClE,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,IAAI,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACrC,QAAQ,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC;YAChB,KAAK,QAAQ,CAAC,CAAC,CAAC;gBACd,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;gBAC/B,IAAI,KAAK,CAAC,IAAI,CAAC,IAAI,IAAI,GAAG,CAAC,IAAI,IAAI,GAAG,KAAK,EAAE,CAAC;oBAC5C,OAAO,CAAC,KAAK,CAAC,8CAA8C,CAAC,CAAC;oBAC9D,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;gBAClB,CAAC;gBACD,MAAM,CAAC,IAAI,GAAG,IAAI,CAAC;gBACnB,MAAM;YACR,CAAC;YACD,KAAK,QAAQ;gBACX,MAAM,CAAC,IAAI,GAAG,IAAI,CAAC,EAAE,CAAC,CAAC,CAAC;gBACxB,MAAM;YACR,KAAK,MAAM;gBACT,MAAM,CAAC,MAAM,GAAG,IAAI,CAAC,EAAE,CAAC,CAAC,CAAC;gBAC1B,MAAM;YACR,KAAK,cAAc;gBACjB,MAAM,CAAC,SAAS,GAAG,IAAI,CAAC,EAAE,CAAC,CAAC,CAAC;gBAC7B,MAAM;YACR,KAAK,WAAW,CAAC,CAAC,CAAC;gBACjB,MAAM,IAAI,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;gBAC1D,MAAM,IAAI,GAAG,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,GAAG,kBAAkB,CAAC,CAAC;gBAC/D,IAAI,IAAI,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;oBACpB,OAAO,CAAC,KAAK,CACX,oCAAoC,kBAAkB,eAAe;wBACnE,qCAAqC,CACxC,CAAC;oBACF,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;gBAClB,CAAC;gBACD,MAAM,CAAC,cAAc,GAAG,IAAI,CAAC;gBAC7B,MAAM,CAAC,OAAO,GAAG,IAAI,CAAC;gBACtB,MAAM;YACR,CAAC;YACD,KAAK,QAAQ;gBACX,OAAO,CAAC,GAAG,CAAC;;;;;;;;;uDASmC,kBAAkB;;;;;;CAMxE,CAAC,CAAC;gBACK,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QACpB,CAAC;IACH,CAAC;IACD,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,KAAK,UAAU,IAAI;IACjB,MAAM,IAAI,GAAG,SAAS,CAAC,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;IAE9C,iEAAiE;IACjE,MAAM,UAAU,GAAG,OAAO,CAAC,GAAG,CAAC,aAAa,CAAC,EAAE,KAAK,CAAC,GAAG,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC;IAEhF,6CAA6C;IAC7C,IAAI,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,KAAK,YAAY,IAAI,UAAU,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACxE,OAAO,CAAC,KAAK,CAAC,oDAAoD,CAAC,CAAC;QACpE,OAAO,CAAC,KAAK,CAAC,qCAAqC,CAAC,CAAC;QACrD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IAED,MAAM,WAAW,GAAG,UAAU,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,GAAG,kBAAkB,CAAC,CAAC;IAC5E,IAAI,WAAW,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC3B,OAAO,CAAC,IAAI,CACV,YAAY,WAAW,CAAC,MAAM,4BAA4B,kBAAkB,UAAU;YACpF,mDAAmD,CACtD,CAAC;IACJ,CAAC;IAED,MAAM,MAAM,GAAiB;QAC3B,IAAI,EAAE,IAAI,CAAC,IAAI,IAAI,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,SAAS,CAAC,IAAI,MAAM,CAAC;QAC3D,IAAI,EAAE,IAAI,CAAC,IAAI,IAAI,OAAO,CAAC,GAAG,CAAC,SAAS,CAAC,IAAI,WAAW;QACxD,MAAM,EAAE,IAAI,CAAC,MAAM,IAAI,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,IAAI,mBAAmB;QACvE,cAAc,EAAE,IAAI,CAAC,cAAc,IAAI,UAAU,CAAC,MAAM,GAAG,CAAC;QAC5D,OAAO,EAAE,IAAI,CAAC,OAAO,IAAI,UAAU;QACnC,kBAAkB,EAAE,GAAG;KACxB,CAAC;IAEF,MAAM,SAAS,GAAG,IAAI,CAAC,SAAS,IAAI,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC,IAAI,WAAW,CAAC;IAEhF,MAAM,MAAM,GAAG,IAAI,iBAAiB,CAAC,MAAM,CAAC,CAAC;IAE7C,MAAM,QAAQ,GAAG,KAAK,IAAI,EAAE;QAC1B,OAAO,CAAC,GAAG,CAAC,wCAAwC,CAAC,CAAC;QACtD,MAAM,MAAM,CAAC,IAAI,EAAE,CAAC;QACpB,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC,CAAC;IAEF,OAAO,CAAC,EAAE,CAAC,QAAQ,EAAE,GAAG,EAAE,CAAC,KAAK,QAAQ,EAAE,CAAC,CAAC;IAC5C,OAAO,CAAC,EAAE,CAAC,SAAS,EAAE,GAAG,EAAE,CAAC,KAAK,QAAQ,EAAE,CAAC,CAAC;IAE7C,MAAM,MAAM,CAAC,KAAK,EAAE,CAAC;IAErB,6CAA6C;IAC7C,MAAM,SAAS,GAAG,GAAG,EAAE;QACrB,MAAM,IAAI,GAAG,MAAM,CAAC,YAAY,EAAE,CAAC,SAAS,CAAC,SAAS,CAAC,CAAC;QACxD,IAAI,IAAI,EAAE,CAAC;YACT,OAAO,CAAC,GAAG,CAAC,kCAAkC,IAAI,EAAE,CAAC,CAAC;QACxD,CAAC;aAAM,CAAC;YACN,OAAO,CAAC,KAAK,CAAC,iCAAiC,CAAC,CAAC;QACnD,CAAC;IACH,CAAC,CAAC;IAEF,4BAA4B;IAC5B,SAAS,EAAE,CAAC;IAEZ,wBAAwB;IACxB,WAAW,CAAC,SAAS,EAAE,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;AAC9C,CAAC;AAED,KAAK,IAAI,EAAE,CAAC"}
+{"version":3,"file":"cli.js","sourceRoot":"","sources":["../src/cli.ts"],"names":[],"mappings":";AACA;;;;;GAKG;AAEH,OAAO,EAAE,iBAAiB,EAAE,MAAM,aAAa,CAAC;AAGhD,SAAS,SAAS,CAAC,IAAc;IAC/B,MAAM,MAAM,GAA0B,EAAE,CAAC;IACzC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,IAAI,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACrC,QAAQ,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC;YAChB,KAAK,QAAQ;gBACX,MAAM,CAAC,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;gBAChC,MAAM;YACR,KAAK,QAAQ;gBACX,MAAM,CAAC,IAAI,GAAG,IAAI,CAAC,EAAE,CAAC,CAAC,CAAC;gBACxB,MAAM;YACR,KAAK,MAAM;gBACT,MAAM,CAAC,MAAM,GAAG,IAAI,CAAC,EAAE,CAAC,CAAC,CAAC;gBAC1B,MAAM;YACR,KAAK,WAAW;gBACd,MAAM,CAAC,cAAc,GAAG,IAAI,CAAC;gBAC7B,MAAM,CAAC,OAAO,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;gBAC9C,MAAM;YACR,KAAK,qBAAqB;gBACxB,MAAM,CAAC,eAAe,GAAG,IAAI,CAAC,EAAE,CAAC,CAAC,CAAC;gBACnC,MAAM;YACR,KAAK,iBAAiB;gBACpB,MAAM,CAAC,WAAW,GAAG,IAAI,CAAC,EAAE,CAAC,CAAC,CAAC;gBAC/B,MAAM;YACR,KAAK,QAAQ;gBACX,OAAO,CAAC,GAAG,CAAC;;;;;;;;;;;;;CAanB,CAAC,CAAC;gBACK,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QACpB,CAAC;IACH,CAAC;IACD,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,KAAK,UAAU,IAAI;IACjB,MAAM,IAAI,GAAG,SAAS,CAAC,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;IAE9C,MAAM,MAAM,GAAiB;QAC3B,IAAI,EAAE,IAAI,CAAC,IAAI,IAAI,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,IAAI,MAAM,CAAC;QACxD,IAAI,EAAE,IAAI,CAAC,IAAI,IAAI,SAAS;QAC5B,MAAM,EAAE,IAAI,CAAC,MAAM,IAAI,OAAO,CAAC,GAAG,CAAC,SAAS,CAAC,IAAI,mBAAmB;QACpE,cAAc,EAAE,IAAI,CAAC,cAAc,IAAI,KAAK;QAC5C,OAAO,EAAE,IAAI,CAAC,OAAO,IAAI,EAAE;QAC3B,kBAAkB,EAAE,GAAG;QACvB,eAAe,EAAE,IAAI,CAAC,eAAe,IAAI,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC;QACzE,WAAW,EAAE,IAAI,CAAC,WAAW,IAAI,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAC;KACjE,CAAC;IAEF,MAAM,MAAM,GAAG,IAAI,iBAAiB,CAAC,MAAM,CAAC,CAAC;IAE7C,MAAM,QAAQ,GAAG,KAAK,IAAI,EAAE;QAC1B,OAAO,CAAC,GAAG,CAAC,wCAAwC,CAAC,CAAC;QACtD,MAAM,MAAM,CAAC,IAAI,EAAE,CAAC;QACpB,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC,CAAC;IAEF,OAAO,CAAC,EAAE,CAAC,QAAQ,EAAE,GAAG,EAAE,CAAC,KAAK,QAAQ,EAAE,CAAC,CAAC;IAC5C,OAAO,CAAC,EAAE,CAAC,SAAS,EAAE,GAAG,EAAE,CAAC,KAAK,QAAQ,EAAE,CAAC,CAAC;IAE7C,MAAM,MAAM,CAAC,KAAK,EAAE,CAAC;AACvB,CAAC;AAED,KAAK,IAAI,EAAE,CAAC"}

package/dist/database.d.ts

@@ -2,12 +2,11 @@
  * SQLite database layer for Threat Cloud
  * 威脅雲 SQLite 資料庫層
  *
- * Stores anonymized threat data, enriched events, IoCs, campaigns, and rules.
+ * Stores anonymized threat data and community rules using better-sqlite3.
  *
  * @module @panguard-ai/threat-cloud/database
  */
-import Database from 'better-sqlite3';
-import type { AnonymizedThreatData, ThreatCloudRule, ThreatStats, EnrichedThreatEvent, TrapIntelligencePayload } from './types.js';
+import type { AnonymizedThreatData, ThreatCloudRule, ThreatStats, ATRProposal, SkillThreatSubmission } from './types.js';
 /**
  * Threat Cloud database backed by SQLite
  * 基於 SQLite 的威脅雲資料庫
@@ -15,48 +14,71 @@ import type { AnonymizedThreatData, ThreatCloudRule, ThreatStats, EnrichedThreat
 export declare class ThreatCloudDB {
     private readonly db;
     constructor(dbPath: string);
-    /** Create a backup of the database / 建立資料庫備份 */
-    backup(destPath: string): void;
-    /** Expose underlying db for sub-modules (IoCStore, etc.) / 暴露底層 DB 給子模組 */
-    getDB(): Database.Database;
-    /** Create original tables if they don't exist / 建立原始資料表 */
+    /** Create tables if they don't exist / 建立資料表 */
     private initialize;
-    /** Run idempotent schema migrations / 執行冪等 schema 遷移 */
-    private runMigrations;
     /** Insert anonymized threat data / 插入匿名化威脅數據 */
     insertThreat(data: AnonymizedThreatData): void;
-    /**
-     * Insert enriched threat event (deduplicates by event_hash).
-     * Returns the row id if inserted, null if duplicate.
-     * 插入豐富化威脅事件（以 event_hash 去重）
-     */
-    insertEnrichedThreat(event: Omit<EnrichedThreatEvent, 'id'>): number | null;
-    /**
-     * Insert trap credential records.
-     * Usernames are hashed (SHA-256, truncated to 16 hex chars) before storage
-     * to avoid storing PII from attacker-attempted credentials.
-     * 插入 Trap 憑證記錄（使用者名稱先雜湊化以避免 PII 洩漏）
-     */
-    insertTrapCredentials(enrichedThreatId: number, credentials: Array<{
-        username: string;
-        count: number;
-    }>): void;
-    /** Get enriched threats count by source type / 依來源類型取得豐富化威脅數量 */
-    getEnrichedThreatCountBySource(): Record<string, number>;
-    /** Count related threats for an IP / 計算某 IP 的相關威脅數量 */
-    countRelatedThreats(ip: string): number;
-    /** Convert AnonymizedThreatData to EnrichedThreatEvent / 轉換 Guard 資料 */
-    static guardToEnriched(data: AnonymizedThreatData): Omit<EnrichedThreatEvent, 'id'>;
-    /** Convert TrapIntelligencePayload to EnrichedThreatEvent / 轉換 Trap 資料 */
-    static trapToEnriched(data: TrapIntelligencePayload): Omit<EnrichedThreatEvent, 'id'>;
     /** Insert or update a community rule / 插入或更新社群規則 */
     upsertRule(rule: ThreatCloudRule): void;
     /** Fetch rules published after a given timestamp / 取得指定時間後發佈的規則 */
     getRulesSince(since: string): ThreatCloudRule[];
-    /** Fetch all rules / 取得所有規則 */
-    getAllRules(): ThreatCloudRule[];
+    /** Fetch all rules with limit / 取得所有規則（含限制） */
+    getAllRules(limit?: number): ThreatCloudRule[];
+    /** Insert ATR rule proposal / 插入 ATR 規則提案 */
+    insertATRProposal(proposal: ATRProposal): void;
+    /** Get ATR proposals, optionally filtered by status / 取得 ATR 提案 */
+    getATRProposals(status?: string): unknown[];
+    /** Increment confirmations for a proposal; auto-confirm at >= 3 / 增加提案確認數 */
+    confirmATRProposal(patternHash: string): void;
+    /** Update LLM review verdict for a proposal / 更新 LLM 審查結果 */
+    updateATRProposalLLMReview(patternHash: string, verdict: string): void;
+    /** Insert ATR feedback / 插入 ATR 回饋 */
+    insertATRFeedback(ruleId: string, isTruePositive: boolean, clientId?: string): void;
+    /** Get feedback stats for a rule / 取得規則回饋統計 */
+    getATRFeedbackStats(ruleId: string): {
+        truePositives: number;
+        falsePositives: number;
+    };
+    /** Insert skill threat submission / 插入技能威脅提交 */
+    insertSkillThreat(submission: SkillThreatSubmission): void;
+    /** Get recent skill threats / 取得最近技能威脅 */
+    getSkillThreats(limit?: number): unknown[];
+    /** Get proposal statistics / 取得提案統計 */
+    getProposalStats(): {
+        pending: number;
+        confirmed: number;
+        rejected: number;
+        total: number;
+    };
     /** Get threat statistics / 取得威脅統計 */
     getStats(): ThreatStats;
+    /** Get confirmed/promoted ATR rules, optionally filtered by date / 取得已確認 ATR 規則 */
+    getConfirmedATRRules(since?: string): Array<{
+        ruleId: string;
+        ruleContent: string;
+        publishedAt: string;
+        source: string;
+    }>;
+    /** Get IP blocklist from IoC entries and aggregated threat data / 取得 IP 封鎖清單 */
+    getIPBlocklist(minReputation: number): string[];
+    /** Get domain blocklist from IoC entries / 取得域名封鎖清單 */
+    getDomainBlocklist(minReputation: number): string[];
+    /** Upsert an IoC entry / 插入或更新 IoC 條目 */
+    upsertIoC(type: string, value: string, reputation: number, source: string): void;
+    /** Promote confirmed proposals with approved LLM review to rules / 推廣已確認提案為規則 */
+    promoteConfirmedProposals(): number;
+    /** Reject an ATR proposal / 拒絕 ATR 提案 */
+    rejectATRProposal(patternHash: string): void;
+    /** Get rules by source type, optionally filtered by date / 依來源取得規則 */
+    getRulesBySource(source: string, since?: string): ThreatCloudRule[];
+    /** Report a safe skill (increment confirmations, auto-confirm at 3+) / 回報安全 skill */
+    reportSafeSkill(skillName: string, fingerprintHash?: string): void;
+    /** Get confirmed community whitelist / 取得社群白名單 */
+    getSkillWhitelist(): Array<{
+        name: string;
+        hash: string | null;
+        confirmations: number;
+    }>;
     /** Close the database / 關閉資料庫 */
     close(): void;
 }

package/dist/database.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"database.d.ts","sourceRoot":"","sources":["../src/database.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAGH,OAAO,QAAQ,MAAM,gBAAgB,CAAC;AACtC,OAAO,KAAK,EACV,oBAAoB,EACpB,eAAe,EACf,WAAW,EACX,mBAAmB,EACnB,uBAAuB,EACxB,MAAM,YAAY,CAAC;AAEpB;;;GAGG;AACH,qBAAa,aAAa;IACxB,OAAO,CAAC,QAAQ,CAAC,EAAE,CAAoB;gBAE3B,MAAM,EAAE,MAAM;IAc1B,gDAAgD;IAChD,MAAM,CAAC,QAAQ,EAAE,MAAM,GAAG,IAAI;IAI9B,2EAA2E;IAC3E,KAAK,IAAI,QAAQ,CAAC,QAAQ;IAQ1B,2DAA2D;IAC3D,OAAO,CAAC,UAAU;IAoClB,wDAAwD;IACxD,OAAO,CAAC,aAAa;IAoMrB,gDAAgD;IAChD,YAAY,CAAC,IAAI,EAAE,oBAAoB,GAAG,IAAI;IAoB9C;;;;OAIG;IACH,oBAAoB,CAAC,KAAK,EAAE,IAAI,CAAC,mBAAmB,EAAE,IAAI,CAAC,GAAG,MAAM,GAAG,IAAI;IA4B3E;;;;;OAKG;IACH,qBAAqB,CACnB,gBAAgB,EAAE,MAAM,EACxB,WAAW,EAAE,KAAK,CAAC;QAAE,QAAQ,EAAE,MAAM,CAAC;QAAC,KAAK,EAAE,MAAM,CAAA;KAAE,CAAC,GACtD,IAAI;IAaP,iEAAiE;IACjE,8BAA8B,IAAI,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC;IAWxD,uDAAuD;IACvD,mBAAmB,CAAC,EAAE,EAAE,MAAM,GAAG,MAAM;IAYvC,wEAAwE;IACxE,MAAM,CAAC,eAAe,CAAC,IAAI,EAAE,oBAAoB,GAAG,IAAI,CAAC,mBAAmB,EAAE,IAAI,CAAC;IAoBnF,0EAA0E;IAC1E,MAAM,CAAC,cAAc,CAAC,IAAI,EAAE,uBAAuB,GAAG,IAAI,CAAC,mBAAmB,EAAE,IAAI,CAAC;IA4BrF,oDAAoD;IACpD,UAAU,CAAC,IAAI,EAAE,eAAe,GAAG,IAAI;IAavC,mEAAmE;IACnE,aAAa,CAAC,KAAK,EAAE,MAAM,GAAG,eAAe,EAAE;IAU/C,+BAA+B;IAC/B,WAAW,IAAI,eAAe,EAAE;IAahC,qCAAqC;IACrC,QAAQ,IAAI,WAAW;IAiDvB,iCAAiC;IACjC,KAAK,IAAI,IAAI;CAGd"}
+{"version":3,"file":"database.d.ts","sourceRoot":"","sources":["../src/database.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAGH,OAAO,KAAK,EAAE,oBAAoB,EAAE,eAAe,EAAE,WAAW,EAAE,WAAW,EAAE,qBAAqB,EAAE,MAAM,YAAY,CAAC;AAEzH;;;GAGG;AACH,qBAAa,aAAa;IACxB,OAAO,CAAC,QAAQ,CAAC,EAAE,CAAoB;gBAE3B,MAAM,EAAE,MAAM;IAO1B,gDAAgD;IAChD,OAAO,CAAC,UAAU;IA+FlB,gDAAgD;IAChD,YAAY,CAAC,IAAI,EAAE,oBAAoB,GAAG,IAAI;IAgB9C,oDAAoD;IACpD,UAAU,CAAC,IAAI,EAAE,eAAe,GAAG,IAAI;IAavC,mEAAmE;IACnE,aAAa,CAAC,KAAK,EAAE,MAAM,GAAG,eAAe,EAAE;IAU/C,+CAA+C;IAC/C,WAAW,CAAC,KAAK,SAAO,GAAG,eAAe,EAAE;IAU5C,6CAA6C;IAC7C,iBAAiB,CAAC,QAAQ,EAAE,WAAW,GAAG,IAAI;IAe9C,mEAAmE;IACnE,eAAe,CAAC,MAAM,CAAC,EAAE,MAAM,GAAG,OAAO,EAAE;IAO3C,6EAA6E;IAC7E,kBAAkB,CAAC,WAAW,EAAE,MAAM,GAAG,IAAI;IAU7C,6DAA6D;IAC7D,0BAA0B,CAAC,WAAW,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,GAAG,IAAI;IAMtE,sCAAsC;IACtC,iBAAiB,CAAC,MAAM,EAAE,MAAM,EAAE,cAAc,EAAE,OAAO,EAAE,QAAQ,CAAC,EAAE,MAAM,GAAG,IAAI;IAMnF,+CAA+C;IAC/C,mBAAmB,CAAC,MAAM,EAAE,MAAM,GAAG;QAAE,aAAa,EAAE,MAAM,CAAC;QAAC,cAAc,EAAE,MAAM,CAAA;KAAE;IAMtF,gDAAgD;IAChD,iBAAiB,CAAC,UAAU,EAAE,qBAAqB,GAAG,IAAI;IAe1D,0CAA0C;IAC1C,eAAe,CAAC,KAAK,GAAE,MAAW,GAAG,OAAO,EAAE;IAI9C,uCAAuC;IACvC,gBAAgB,IAAI;QAAE,OAAO,EAAE,MAAM,CAAC;QAAC,SAAS,EAAE,MAAM,CAAC;QAAC,QAAQ,EAAE,MAAM,CAAC;QAAC,KAAK,EAAE,MAAM,CAAA;KAAE;IAQ3F,qCAAqC;IACrC,QAAQ,IAAI,WAAW;IAsCvB,mFAAmF;IACnF,oBAAoB,CAAC,KAAK,CAAC,EAAE,MAAM,GAAG,KAAK,CAAC;QAAE,MAAM,EAAE,MAAM,CAAC;QAAC,WAAW,EAAE,MAAM,CAAC;QAAC,WAAW,EAAE,MAAM,CAAC;QAAC,MAAM,EAAE,MAAM,CAAA;KAAE,CAAC;IAiBzH,gFAAgF;IAChF,cAAc,CAAC,aAAa,EAAE,MAAM,GAAG,MAAM,EAAE;IAuB/C,uDAAuD;IACvD,kBAAkB,CAAC,aAAa,EAAE,MAAM,GAAG,MAAM,EAAE;IAUnD,yCAAyC;IACzC,SAAS,CAAC,IAAI,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,GAAG,IAAI;IAYhF,iFAAiF;IACjF,yBAAyB,IAAI,MAAM;IAkCnC,yCAAyC;IACzC,iBAAiB,CAAC,WAAW,EAAE,MAAM,GAAG,IAAI;IAO5C,sEAAsE;IACtE,gBAAgB,CAAC,MAAM,EAAE,MAAM,EAAE,KAAK,CAAC,EAAE,MAAM,GAAG,eAAe,EAAE;IAiBnE,qFAAqF;IACrF,eAAe,CAAC,SAAS,EAAE,MAAM,EAAE,eAAe,CAAC,EAAE,MAAM,GAAG,IAAI;IAalE,kDAAkD;IAClD,iBAAiB,IAAI,KAAK,CAAC;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,IAAI,EAAE,MAAM,GAAG,IAAI,CAAC;QAAC,aAAa,EAAE,MAAM,CAAA;KAAE,CAAC;IASxF,iCAAiC;IACjC,KAAK,IAAI,IAAI;CAGd"}