@panguard-ai/threat-cloud 0.2.0 → 0.2.2

package/dist/rule-generator.js

@@ -1,238 +0,0 @@
-/**
- * Automatic Sigma Rule Generator
- * 自動 Sigma 規則產生器
- *
- * Analyzes enriched threat events, detects recurring patterns,
- * and generates Sigma detection rules automatically.
- *
- * @module @panguard-ai/threat-cloud/rule-generator
- */
-import { createHash } from 'node:crypto';
-/** MITRE technique → tactic mapping (simplified) */
-const TECHNIQUE_TACTIC_MAP = {
-    T1110: 'credential_access',
-    T1021: 'lateral_movement',
-    T1046: 'discovery',
-    T1059: 'execution',
-    T1486: 'impact',
-    T1190: 'initial_access',
-    T1078: 'defense_evasion',
-    T1071: 'command_and_control',
-    T1048: 'exfiltration',
-    T1569: 'execution',
-    T1053: 'execution',
-    T1543: 'persistence',
-    T1547: 'persistence',
-    T1098: 'persistence',
-    T1027: 'defense_evasion',
-    T1070: 'defense_evasion',
-    T1562: 'defense_evasion',
-    T1018: 'discovery',
-    T1057: 'discovery',
-    T1082: 'discovery',
-    T1560: 'collection',
-};
-/** Severity mapping for pattern analysis */
-const SEVERITY_ORDER = ['critical', 'high', 'medium', 'low'];
-/** Default configuration */
-const DEFAULT_CONFIG = {
-    minOccurrences: 10,
-    analysisWindowHours: 168, // 7 days
-    minDistinctIPs: 3,
-};
-export class RuleGenerator {
-    db;
-    config;
-    constructor(db, config) {
-        this.db = db;
-        this.config = { ...DEFAULT_CONFIG, ...config };
-    }
-    /**
-     * Analyze recent events and generate rules for recurring patterns.
-     * 分析近期事件並為反覆出現的模式產生規則
-     */
-    generateRules() {
-        const startTime = Date.now();
-        const patterns = this.detectPatterns();
-        let rulesGenerated = 0;
-        let rulesUpdated = 0;
-        this.db.transaction(() => {
-            for (const pattern of patterns) {
-                const existing = this.db
-                    .prepare('SELECT pattern_hash FROM generated_patterns WHERE pattern_hash = ?')
-                    .get(pattern.patternHash);
-                if (existing) {
-                    this.updatePattern(pattern);
-                    rulesUpdated++;
-                }
-                else {
-                    this.createRuleFromPattern(pattern);
-                    rulesGenerated++;
-                }
-            }
-        })();
-        return {
-            patternsAnalyzed: patterns.length,
-            rulesGenerated,
-            rulesUpdated,
-            duration: Date.now() - startTime,
-        };
-    }
-    /**
-     * Detect recurring patterns in enriched threat events.
-     * 偵測豐富化威脅事件中的反覆模式
-     */
-    detectPatterns() {
-        const sinceDate = new Date(Date.now() - this.config.analysisWindowHours * 60 * 60 * 1000).toISOString();
-        const rows = this.db
-            .prepare(`SELECT attack_type, mitre_techniques, attack_source_ip, region, severity, timestamp
-         FROM enriched_threats
-         WHERE received_at > ?
-         ORDER BY timestamp ASC`)
-            .all(sinceDate);
-        // Group by (attack_type, sorted mitre_techniques)
-        const grouped = new Map();
-        for (const row of rows) {
-            const techniques = JSON.parse(row.mitre_techniques).sort();
-            const key = `${row.attack_type}|${techniques.join(',')}`;
-            let group = grouped.get(key);
-            if (!group) {
-                group = {
-                    attackType: row.attack_type,
-                    techniques,
-                    ips: new Set(),
-                    regions: new Set(),
-                    severityCounts: {},
-                    occurrences: 0,
-                    firstSeen: row.timestamp,
-                    lastSeen: row.timestamp,
-                };
-                grouped.set(key, group);
-            }
-            group.ips.add(row.attack_source_ip);
-            group.regions.add(row.region);
-            group.severityCounts[row.severity] = (group.severityCounts[row.severity] ?? 0) + 1;
-            group.occurrences++;
-            if (row.timestamp > group.lastSeen)
-                group.lastSeen = row.timestamp;
-        }
-        // Filter by thresholds
-        const patterns = [];
-        for (const group of grouped.values()) {
-            if (group.occurrences >= this.config.minOccurrences &&
-                group.ips.size >= this.config.minDistinctIPs) {
-                const patternHash = createHash('sha256')
-                    .update(group.attackType + group.techniques.join(','))
-                    .digest('hex')
-                    .slice(0, 16);
-                patterns.push({
-                    attackType: group.attackType,
-                    mitreTechniques: group.techniques,
-                    patternHash,
-                    occurrences: group.occurrences,
-                    distinctIPs: group.ips.size,
-                    regions: [...group.regions],
-                    severityCounts: group.severityCounts,
-                    firstSeen: group.firstSeen,
-                    lastSeen: group.lastSeen,
-                });
-            }
-        }
-        return patterns;
-    }
-    /**
-     * Get all generated patterns.
-     * 取得所有已產生的模式
-     */
-    getGeneratedPatterns() {
-        const rows = this.db
-            .prepare(`SELECT pattern_hash, attack_type, mitre_techniques, rule_id, occurrences, distinct_ips
-         FROM generated_patterns
-         ORDER BY occurrences DESC`)
-            .all();
-        return rows.map((r) => ({
-            patternHash: r.pattern_hash,
-            attackType: r.attack_type,
-            mitreTechniques: JSON.parse(r.mitre_techniques),
-            ruleId: r.rule_id,
-            occurrences: r.occurrences,
-            distinctIPs: r.distinct_ips,
-        }));
-    }
-    // -------------------------------------------------------------------------
-    // Private helpers / 私有輔助方法
-    // -------------------------------------------------------------------------
-    /** Create a new rule from a detected pattern */
-    createRuleFromPattern(pattern) {
-        const ruleId = `tc-auto-${pattern.patternHash}`;
-        const severity = this.pickMaxSeverity(pattern.severityCounts);
-        const sigmaYaml = this.generateSigmaYaml(pattern, ruleId, severity);
-        // Insert into rules table
-        this.db
-            .prepare(`INSERT INTO rules (rule_id, rule_content, published_at, source)
-         VALUES (?, ?, datetime('now'), 'threat-cloud-auto')
-         ON CONFLICT(rule_id) DO UPDATE SET
-           rule_content = excluded.rule_content,
-           published_at = excluded.published_at,
-           updated_at = datetime('now')`)
-            .run(ruleId, sigmaYaml);
-        // Insert into generated_patterns table
-        this.db
-            .prepare(`INSERT INTO generated_patterns
-          (pattern_hash, attack_type, mitre_techniques, rule_id, occurrences, distinct_ips, first_seen, last_seen)
-         VALUES (?, ?, ?, ?, ?, ?, ?, ?)`)
-            .run(pattern.patternHash, pattern.attackType, JSON.stringify(pattern.mitreTechniques), ruleId, pattern.occurrences, pattern.distinctIPs, pattern.firstSeen, pattern.lastSeen);
-    }
-    /** Update an existing pattern's statistics */
-    updatePattern(pattern) {
-        this.db
-            .prepare(`UPDATE generated_patterns SET
-           occurrences = ?,
-           distinct_ips = ?,
-           last_seen = ?,
-           updated_at = datetime('now')
-         WHERE pattern_hash = ?`)
-            .run(pattern.occurrences, pattern.distinctIPs, pattern.lastSeen, pattern.patternHash);
-        // Also update the rule content
-        const ruleId = `tc-auto-${pattern.patternHash}`;
-        const severity = this.pickMaxSeverity(pattern.severityCounts);
-        const sigmaYaml = this.generateSigmaYaml(pattern, ruleId, severity);
-        this.db
-            .prepare(`UPDATE rules SET rule_content = ?, published_at = datetime('now'), updated_at = datetime('now')
-         WHERE rule_id = ?`)
-            .run(sigmaYaml, ruleId);
-    }
-    /** Generate Sigma YAML rule content */
-    generateSigmaYaml(pattern, ruleId, severity) {
-        const tags = pattern.mitreTechniques.map((t) => {
-            const tactic = TECHNIQUE_TACTIC_MAP[t] ?? 'unknown';
-            return `  - attack.${tactic}\n  - attack.${t.toLowerCase()}`;
-        });
-        const regionList = pattern.regions.join(', ');
-        return [
-            `title: "Threat Cloud Auto: ${pattern.attackType} via ${pattern.mitreTechniques.join(', ')}"`,
-            `id: ${ruleId}`,
-            `status: experimental`,
-            `author: Panguard Threat Cloud (auto-generated)`,
-            `description: |`,
-            `  Pattern observed ${pattern.occurrences} times from ${pattern.distinctIPs} distinct IPs across ${regionList}.`,
-            `date: ${new Date().toISOString().slice(0, 10)}`,
-            `detection:`,
-            `  selection:`,
-            `    EventType: ${pattern.attackType}`,
-            `  condition: selection`,
-            `level: ${severity}`,
-            `tags:`,
-            ...tags,
-        ].join('\n');
-    }
-    /** Pick highest severity from counts */
-    pickMaxSeverity(severityCounts) {
-        for (const s of SEVERITY_ORDER) {
-            if (severityCounts[s] && severityCounts[s] > 0)
-                return s;
-        }
-        return 'medium';
-    }
-}
-//# sourceMappingURL=rule-generator.js.map

package/dist/rule-generator.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"rule-generator.js","sourceRoot":"","sources":["../src/rule-generator.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AAIzC,oDAAoD;AACpD,MAAM,oBAAoB,GAA2B;IACnD,KAAK,EAAE,mBAAmB;IAC1B,KAAK,EAAE,kBAAkB;IACzB,KAAK,EAAE,WAAW;IAClB,KAAK,EAAE,WAAW;IAClB,KAAK,EAAE,QAAQ;IACf,KAAK,EAAE,gBAAgB;IACvB,KAAK,EAAE,iBAAiB;IACxB,KAAK,EAAE,qBAAqB;IAC5B,KAAK,EAAE,cAAc;IACrB,KAAK,EAAE,WAAW;IAClB,KAAK,EAAE,WAAW;IAClB,KAAK,EAAE,aAAa;IACpB,KAAK,EAAE,aAAa;IACpB,KAAK,EAAE,aAAa;IACpB,KAAK,EAAE,iBAAiB;IACxB,KAAK,EAAE,iBAAiB;IACxB,KAAK,EAAE,iBAAiB;IACxB,KAAK,EAAE,WAAW;IAClB,KAAK,EAAE,WAAW;IAClB,KAAK,EAAE,WAAW;IAClB,KAAK,EAAE,YAAY;CACpB,CAAC;AAEF,4CAA4C;AAC5C,MAAM,cAAc,GAAG,CAAC,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE,KAAK,CAAU,CAAC;AAEtE,4BAA4B;AAC5B,MAAM,cAAc,GAAwB;IAC1C,cAAc,EAAE,EAAE;IAClB,mBAAmB,EAAE,GAAG,EAAE,SAAS;IACnC,cAAc,EAAE,CAAC;CAClB,CAAC;AAEF,MAAM,OAAO,aAAa;IAIL;IAHF,MAAM,CAAsB;IAE7C,YACmB,EAAqB,EACtC,MAAqC;QADpB,OAAE,GAAF,EAAE,CAAmB;QAGtC,IAAI,CAAC,MAAM,GAAG,EAAE,GAAG,cAAc,EAAE,GAAG,MAAM,EAAE,CAAC;IACjD,CAAC;IAED;;;OAGG;IACH,aAAa;QACX,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QAE7B,MAAM,QAAQ,GAAG,IAAI,CAAC,cAAc,EAAE,CAAC;QACvC,IAAI,cAAc,GAAG,CAAC,CAAC;QACvB,IAAI,YAAY,GAAG,CAAC,CAAC;QAErB,IAAI,CAAC,EAAE,CAAC,WAAW,CAAC,GAAG,EAAE;YACvB,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;gBAC/B,MAAM,QAAQ,GAAG,IAAI,CAAC,EAAE;qBACrB,OAAO,CAAC,oEAAoE,CAAC;qBAC7E,GAAG,CAAC,OAAO,CAAC,WAAW,CAAyC,CAAC;gBAEpE,IAAI,QAAQ,EAAE,CAAC;oBACb,IAAI,CAAC,aAAa,CAAC,OAAO,CAAC,CAAC;oBAC5B,YAAY,EAAE,CAAC;gBACjB,CAAC;qBAAM,CAAC;oBACN,IAAI,CAAC,qBAAqB,CAAC,OAAO,CAAC,CAAC;oBACpC,cAAc,EAAE,CAAC;gBACnB,CAAC;YACH,CAAC;QACH,CAAC,CAAC,EAAE,CAAC;QAEL,OAAO;YACL,gBAAgB,EAAE,QAAQ,CAAC,MAAM;YACjC,cAAc;YACd,YAAY;YACZ,QAAQ,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS;SACjC,CAAC;IACJ,CAAC;IAED;;;OAGG;IACH,cAAc;QACZ,MAAM,SAAS,GAAG,IAAI,IAAI,CACxB,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,MAAM,CAAC,mBAAmB,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAC9D,CAAC,WAAW,EAAE,CAAC;QAEhB,MAAM,IAAI,GAAG,IAAI,CAAC,EAAE;aACjB,OAAO,CACN;;;gCAGwB,CACzB;aACA,GAAG,CAAC,SAAS,CAOd,CAAC;QAEH,kDAAkD;QAClD,MAAM,OAAO,GAAG,IAAI,GAAG,EAYpB,CAAC;QAEJ,KAAK,MAAM,GAAG,IAAI,IAAI,EAAE,CAAC;YACvB,MAAM,UAAU,GAAI,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,gBAAgB,CAAc,CAAC,IAAI,EAAE,CAAC;YACzE,MAAM,GAAG,GAAG,GAAG,GAAG,CAAC,WAAW,IAAI,UAAU,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC;YAEzD,IAAI,KAAK,GAAG,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;YAC7B,IAAI,CAAC,KAAK,EAAE,CAAC;gBACX,KAAK,GAAG;oBACN,UAAU,EAAE,GAAG,CAAC,WAAW;oBAC3B,UAAU;oBACV,GAAG,EAAE,IAAI,GAAG,EAAU;oBACtB,OAAO,EAAE,IAAI,GAAG,EAAU;oBAC1B,cAAc,EAAE,EAAE;oBAClB,WAAW,EAAE,CAAC;oBACd,SAAS,EAAE,GAAG,CAAC,SAAS;oBACxB,QAAQ,EAAE,GAAG,CAAC,SAAS;iBACxB,CAAC;gBACF,OAAO,CAAC,GAAG,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;YAC1B,CAAC;YAED,KAAK,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,gBAAgB,CAAC,CAAC;YACpC,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;YAC9B,KAAK,CAAC,cAAc,CAAC,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,KAAK,CAAC,cAAc,CAAC,GAAG,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC;YACnF,KAAK,CAAC,WAAW,EAAE,CAAC;YACpB,IAAI,GAAG,CAAC,SAAS,GAAG,KAAK,CAAC,QAAQ;gBAAE,KAAK,CAAC,QAAQ,GAAG,GAAG,CAAC,SAAS,CAAC;QACrE,CAAC;QAED,uBAAuB;QACvB,MAAM,QAAQ,GAAsB,EAAE,CAAC;QACvC,KAAK,MAAM,KAAK,IAAI,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC;YACrC,IACE,KAAK,CAAC,WAAW,IAAI,IAAI,CAAC,MAAM,CAAC,cAAc;gBAC/C,KAAK,CAAC,GAAG,CAAC,IAAI,IAAI,IAAI,CAAC,MAAM,CAAC,cAAc,EAC5C,CAAC;gBACD,MAAM,WAAW,GAAG,UAAU,CAAC,QAAQ,CAAC;qBACrC,MAAM,CAAC,KAAK,CAAC,UAAU,GAAG,KAAK,CAAC,UAAU,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;qBACrD,MAAM,CAAC,KAAK,CAAC;qBACb,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;gBAEhB,QAAQ,CAAC,IAAI,CAAC;oBACZ,UAAU,EAAE,KAAK,CAAC,UAAU;oBAC5B,eAAe,EAAE,KAAK,CAAC,UAAU;oBACjC,WAAW;oBACX,WAAW,EAAE,KAAK,CAAC,WAAW;oBAC9B,WAAW,EAAE,KAAK,CAAC,GAAG,CAAC,IAAI;oBAC3B,OAAO,EAAE,CAAC,GAAG,KAAK,CAAC,OAAO,CAAC;oBAC3B,cAAc,EAAE,KAAK,CAAC,cAAc;oBACpC,SAAS,EAAE,KAAK,CAAC,SAAS;oBAC1B,QAAQ,EAAE,KAAK,CAAC,QAAQ;iBACzB,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,OAAO,QAAQ,CAAC;IAClB,CAAC;IAED;;;OAGG;IACH,oBAAoB;QAQlB,MAAM,IAAI,GAAG,IAAI,CAAC,EAAE;aACjB,OAAO,CACN;;mCAE2B,CAC5B;aACA,GAAG,EAOJ,CAAC;QAEH,OAAO,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;YACtB,WAAW,EAAE,CAAC,CAAC,YAAY;YAC3B,UAAU,EAAE,CAAC,CAAC,WAAW;YACzB,eAAe,EAAE,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,gBAAgB,CAAa;YAC3D,MAAM,EAAE,CAAC,CAAC,OAAO;YACjB,WAAW,EAAE,CAAC,CAAC,WAAW;YAC1B,WAAW,EAAE,CAAC,CAAC,YAAY;SAC5B,CAAC,CAAC,CAAC;IACN,CAAC;IAED,4EAA4E;IAC5E,2BAA2B;IAC3B,4EAA4E;IAE5E,gDAAgD;IACxC,qBAAqB,CAAC,OAAwB;QACpD,MAAM,MAAM,GAAG,WAAW,OAAO,CAAC,WAAW,EAAE,CAAC;QAChD,MAAM,QAAQ,GAAG,IAAI,CAAC,eAAe,CAAC,OAAO,CAAC,cAAc,CAAC,CAAC;QAC9D,MAAM,SAAS,GAAG,IAAI,CAAC,iBAAiB,CAAC,OAAO,EAAE,MAAM,EAAE,QAAQ,CAAC,CAAC;QAEpE,0BAA0B;QAC1B,IAAI,CAAC,EAAE;aACJ,OAAO,CACN;;;;;wCAKgC,CACjC;aACA,GAAG,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC;QAE1B,uCAAuC;QACvC,IAAI,CAAC,EAAE;aACJ,OAAO,CACN;;yCAEiC,CAClC;aACA,GAAG,CACF,OAAO,CAAC,WAAW,EACnB,OAAO,CAAC,UAAU,EAClB,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,eAAe,CAAC,EACvC,MAAM,EACN,OAAO,CAAC,WAAW,EACnB,OAAO,CAAC,WAAW,EACnB,OAAO,CAAC,SAAS,EACjB,OAAO,CAAC,QAAQ,CACjB,CAAC;IACN,CAAC;IAED,8CAA8C;IACtC,aAAa,CAAC,OAAwB;QAC5C,IAAI,CAAC,EAAE;aACJ,OAAO,CACN;;;;;gCAKwB,CACzB;aACA,GAAG,CAAC,OAAO,CAAC,WAAW,EAAE,OAAO,CAAC,WAAW,EAAE,OAAO,CAAC,QAAQ,EAAE,OAAO,CAAC,WAAW,CAAC,CAAC;QAExF,+BAA+B;QAC/B,MAAM,MAAM,GAAG,WAAW,OAAO,CAAC,WAAW,EAAE,CAAC;QAChD,MAAM,QAAQ,GAAG,IAAI,CAAC,eAAe,CAAC,OAAO,CAAC,cAAc,CAAC,CAAC;QAC9D,MAAM,SAAS,GAAG,IAAI,CAAC,iBAAiB,CAAC,OAAO,EAAE,MAAM,EAAE,QAAQ,CAAC,CAAC;QAEpE,IAAI,CAAC,EAAE;aACJ,OAAO,CACN;2BACmB,CACpB;aACA,GAAG,CAAC,SAAS,EAAE,MAAM,CAAC,CAAC;IAC5B,CAAC;IAED,uCAAuC;IAC/B,iBAAiB,CAAC,OAAwB,EAAE,MAAc,EAAE,QAAgB;QAClF,MAAM,IAAI,GAAG,OAAO,CAAC,eAAe,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE;YAC7C,MAAM,MAAM,GAAG,oBAAoB,CAAC,CAAC,CAAC,IAAI,SAAS,CAAC;YACpD,OAAO,cAAc,MAAM,gBAAgB,CAAC,CAAC,WAAW,EAAE,EAAE,CAAC;QAC/D,CAAC,CAAC,CAAC;QAEH,MAAM,UAAU,GAAG,OAAO,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAE9C,OAAO;YACL,8BAA8B,OAAO,CAAC,UAAU,QAAQ,OAAO,CAAC,eAAe,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG;YAC7F,OAAO,MAAM,EAAE;YACf,sBAAsB;YACtB,gDAAgD;YAChD,gBAAgB;YAChB,sBAAsB,OAAO,CAAC,WAAW,eAAe,OAAO,CAAC,WAAW,wBAAwB,UAAU,GAAG;YAChH,SAAS,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,EAAE;YAChD,YAAY;YACZ,cAAc;YACd,kBAAkB,OAAO,CAAC,UAAU,EAAE;YACtC,wBAAwB;YACxB,UAAU,QAAQ,EAAE;YACpB,OAAO;YACP,GAAG,IAAI;SACR,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACf,CAAC;IAED,wCAAwC;IAChC,eAAe,CAAC,cAAsC;QAC5D,KAAK,MAAM,CAAC,IAAI,cAAc,EAAE,CAAC;YAC/B,IAAI,cAAc,CAAC,CAAC,CAAC,IAAI,cAAc,CAAC,CAAC,CAAC,GAAG,CAAC;gBAAE,OAAO,CAAC,CAAC;QAC3D,CAAC;QACD,OAAO,QAAQ,CAAC;IAClB,CAAC;CACF"}

package/dist/scheduler.d.ts

@@ -1,52 +0,0 @@
-/**
- * Background Scheduler
- * 背景排程器
- *
- * Manages periodic tasks: reputation recalculation, correlation scanning,
- * rule generation, and data lifecycle cleanup.
- *
- * @module @panguard-ai/threat-cloud/scheduler
- */
-import type Database from 'better-sqlite3';
-import type { SchedulerConfig } from './types.js';
-export declare class Scheduler {
-    private readonly db;
-    private readonly config;
-    private readonly reputation;
-    private readonly correlation;
-    private readonly ruleGen;
-    private readonly iocStore;
-    private timers;
-    private running;
-    constructor(db: Database.Database, config?: Partial<SchedulerConfig>);
-    /** Start all scheduled tasks / 啟動所有排程任務 */
-    start(): void;
-    /** Stop all scheduled tasks / 停止所有排程任務 */
-    stop(): void;
-    /** Check if scheduler is running */
-    isRunning(): boolean;
-    /** Run correlation scan manually */
-    runCorrelation(): {
-        newCampaigns: number;
-        eventsCorrelated: number;
-    };
-    /** Run reputation recalculation manually */
-    runReputation(): {
-        updated: number;
-    };
-    /** Run rule generation manually */
-    runRuleGeneration(): {
-        rulesGenerated: number;
-        rulesUpdated: number;
-    };
-    /** Run data lifecycle cleanup */
-    runLifecycle(): {
-        expired: number;
-        purged: number;
-        vacuumed: boolean;
-        auditPurged: number;
-    };
-    /** Run database backup / 執行資料庫備份 */
-    runBackup(backupDir: string, maxBackups?: number): string | null;
-}
-//# sourceMappingURL=scheduler.d.ts.map

package/dist/scheduler.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"scheduler.d.ts","sourceRoot":"","sources":["../src/scheduler.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAIH,OAAO,KAAK,QAAQ,MAAM,gBAAgB,CAAC;AAK3C,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,YAAY,CAAC;AAYlD,qBAAa,SAAS;IAUlB,OAAO,CAAC,QAAQ,CAAC,EAAE;IATrB,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAkB;IACzC,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAmB;IAC9C,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAoB;IAChD,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAgB;IACxC,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAW;IACpC,OAAO,CAAC,MAAM,CAA6C;IAC3D,OAAO,CAAC,OAAO,CAAS;gBAGL,EAAE,EAAE,QAAQ,CAAC,QAAQ,EACtC,MAAM,CAAC,EAAE,OAAO,CAAC,eAAe,CAAC;IASnC,2CAA2C;IAC3C,KAAK,IAAI,IAAI;IAoBb,0CAA0C;IAC1C,IAAI,IAAI,IAAI;IAQZ,oCAAoC;IACpC,SAAS,IAAI,OAAO;IAIpB,oCAAoC;IACpC,cAAc,IAAI;QAAE,YAAY,EAAE,MAAM,CAAC;QAAC,gBAAgB,EAAE,MAAM,CAAA;KAAE;IAKpE,4CAA4C;IAC5C,aAAa,IAAI;QAAE,OAAO,EAAE,MAAM,CAAA;KAAE;IAKpC,mCAAmC;IACnC,iBAAiB,IAAI;QAAE,cAAc,EAAE,MAAM,CAAC;QAAC,YAAY,EAAE,MAAM,CAAA;KAAE;IAKrE,iCAAiC;IACjC,YAAY,IAAI;QAAE,OAAO,EAAE,MAAM,CAAC;QAAC,MAAM,EAAE,MAAM,CAAC;QAAC,QAAQ,EAAE,OAAO,CAAC;QAAC,WAAW,EAAE,MAAM,CAAA;KAAE;IAwC3F,oCAAoC;IACpC,SAAS,CAAC,SAAS,EAAE,MAAM,EAAE,UAAU,SAAK,GAAG,MAAM,GAAG,IAAI;CA4B7D"}

package/dist/scheduler.js

@@ -1,143 +0,0 @@
-/**
- * Background Scheduler
- * 背景排程器
- *
- * Manages periodic tasks: reputation recalculation, correlation scanning,
- * rule generation, and data lifecycle cleanup.
- *
- * @module @panguard-ai/threat-cloud/scheduler
- */
-import { existsSync, mkdirSync, readdirSync, unlinkSync } from 'node:fs';
-import { join } from 'node:path';
-import { ReputationEngine } from './reputation-engine.js';
-import { CorrelationEngine } from './correlation-engine.js';
-import { RuleGenerator } from './rule-generator.js';
-import { IoCStore } from './ioc-store.js';
-/** Default scheduler configuration */
-const DEFAULT_CONFIG = {
-    reputationIntervalMs: 60 * 60 * 1000, // 1 hour
-    correlationIntervalMs: 5 * 60 * 1000, // 5 minutes
-    ruleGenerationIntervalMs: 6 * 60 * 60 * 1000, // 6 hours
-    threatRetentionDays: 90,
-    iocRetentionDays: 365,
-    aggregationIntervalMs: 24 * 60 * 60 * 1000, // 24 hours
-};
-export class Scheduler {
-    db;
-    config;
-    reputation;
-    correlation;
-    ruleGen;
-    iocStore;
-    timers = [];
-    running = false;
-    constructor(db, config) {
-        this.db = db;
-        this.config = { ...DEFAULT_CONFIG, ...config };
-        this.reputation = new ReputationEngine(db);
-        this.correlation = new CorrelationEngine(db);
-        this.ruleGen = new RuleGenerator(db);
-        this.iocStore = new IoCStore(db);
-    }
-    /** Start all scheduled tasks / 啟動所有排程任務 */
-    start() {
-        if (this.running)
-            return;
-        this.running = true;
-        // Run correlation immediately, then on interval
-        this.runCorrelation();
-        this.timers.push(setInterval(() => this.runCorrelation(), this.config.correlationIntervalMs));
-        // Reputation recalculation
-        this.timers.push(setInterval(() => this.runReputation(), this.config.reputationIntervalMs));
-        // Rule generation
-        this.timers.push(setInterval(() => this.runRuleGeneration(), this.config.ruleGenerationIntervalMs));
-        // Data lifecycle cleanup
-        this.timers.push(setInterval(() => this.runLifecycle(), this.config.aggregationIntervalMs));
-    }
-    /** Stop all scheduled tasks / 停止所有排程任務 */
-    stop() {
-        this.running = false;
-        for (const timer of this.timers) {
-            clearInterval(timer);
-        }
-        this.timers = [];
-    }
-    /** Check if scheduler is running */
-    isRunning() {
-        return this.running;
-    }
-    /** Run correlation scan manually */
-    runCorrelation() {
-        const result = this.correlation.scanForCampaigns();
-        return { newCampaigns: result.newCampaigns, eventsCorrelated: result.eventsCorrelated };
-    }
-    /** Run reputation recalculation manually */
-    runReputation() {
-        const result = this.reputation.recalculateAll();
-        return { updated: result.updated };
-    }
-    /** Run rule generation manually */
-    runRuleGeneration() {
-        const result = this.ruleGen.generateRules();
-        return { rulesGenerated: result.rulesGenerated, rulesUpdated: result.rulesUpdated };
-    }
-    /** Run data lifecycle cleanup */
-    runLifecycle() {
-        const expireCutoff = new Date(Date.now() - this.config.iocRetentionDays * 24 * 60 * 60 * 1000).toISOString();
-        const purgeCutoff = new Date(Date.now() - (this.config.iocRetentionDays + 30) * 24 * 60 * 60 * 1000).toISOString();
-        const expired = this.iocStore.expireStaleIoCs(expireCutoff);
-        const purged = this.iocStore.purgeExpiredIoCs(purgeCutoff);
-        // Purge old enriched threats
-        const threatCutoff = new Date(Date.now() - this.config.threatRetentionDays * 24 * 60 * 60 * 1000).toISOString();
-        this.db
-            .prepare('DELETE FROM enriched_threats WHERE received_at < ? AND campaign_id IS NULL')
-            .run(threatCutoff);
-        // Purge old audit log entries (180 days retention)
-        const auditCutoff = new Date(Date.now() - 180 * 24 * 60 * 60 * 1000).toISOString();
-        const auditResult = this.db
-            .prepare('DELETE FROM audit_log WHERE created_at < ?')
-            .run(auditCutoff);
-        const auditPurged = auditResult.changes;
-        // WAL checkpoint
-        let vacuumed = false;
-        try {
-            this.db.pragma('wal_checkpoint(PASSIVE)');
-            vacuumed = true;
-        }
-        catch {
-            /* ignore checkpoint errors */
-        }
-        return { expired, purged, vacuumed, auditPurged };
-    }
-    /** Run database backup / 執行資料庫備份 */
-    runBackup(backupDir, maxBackups = 30) {
-        try {
-            if (!existsSync(backupDir)) {
-                mkdirSync(backupDir, { recursive: true });
-            }
-            const timestamp = new Date().toISOString().replace(/[:.]/g, '-');
-            const dest = join(backupDir, `threat-cloud-${timestamp}.db`);
-            this.db.exec(`VACUUM INTO '${dest.replace(/'/g, "''")}'`);
-            // Rotate: remove oldest backups beyond maxBackups
-            const backups = readdirSync(backupDir)
-                .filter((f) => f.startsWith('threat-cloud-') && f.endsWith('.db'))
-                .sort();
-            while (backups.length > maxBackups) {
-                const oldest = backups.shift();
-                if (oldest) {
-                    try {
-                        unlinkSync(join(backupDir, oldest));
-                    }
-                    catch {
-                        /* best effort */
-                    }
-                }
-            }
-            return dest;
-        }
-        catch {
-            return null;
-        }
-    }
-}
-//# sourceMappingURL=scheduler.js.map

package/dist/scheduler.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"scheduler.js","sourceRoot":"","sources":["../src/scheduler.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,EAAE,UAAU,EAAE,SAAS,EAAE,WAAW,EAAE,UAAU,EAAE,MAAM,SAAS,CAAC;AACzE,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AAEjC,OAAO,EAAE,gBAAgB,EAAE,MAAM,wBAAwB,CAAC;AAC1D,OAAO,EAAE,iBAAiB,EAAE,MAAM,yBAAyB,CAAC;AAC5D,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AACpD,OAAO,EAAE,QAAQ,EAAE,MAAM,gBAAgB,CAAC;AAG1C,sCAAsC;AACtC,MAAM,cAAc,GAAoB;IACtC,oBAAoB,EAAE,EAAE,GAAG,EAAE,GAAG,IAAI,EAAE,SAAS;IAC/C,qBAAqB,EAAE,CAAC,GAAG,EAAE,GAAG,IAAI,EAAE,YAAY;IAClD,wBAAwB,EAAE,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,EAAE,UAAU;IACxD,mBAAmB,EAAE,EAAE;IACvB,gBAAgB,EAAE,GAAG;IACrB,qBAAqB,EAAE,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,EAAE,WAAW;CACxD,CAAC;AAEF,MAAM,OAAO,SAAS;IAUD;IATF,MAAM,CAAkB;IACxB,UAAU,CAAmB;IAC7B,WAAW,CAAoB;IAC/B,OAAO,CAAgB;IACvB,QAAQ,CAAW;IAC5B,MAAM,GAA0C,EAAE,CAAC;IACnD,OAAO,GAAG,KAAK,CAAC;IAExB,YACmB,EAAqB,EACtC,MAAiC;QADhB,OAAE,GAAF,EAAE,CAAmB;QAGtC,IAAI,CAAC,MAAM,GAAG,EAAE,GAAG,cAAc,EAAE,GAAG,MAAM,EAAE,CAAC;QAC/C,IAAI,CAAC,UAAU,GAAG,IAAI,gBAAgB,CAAC,EAAE,CAAC,CAAC;QAC3C,IAAI,CAAC,WAAW,GAAG,IAAI,iBAAiB,CAAC,EAAE,CAAC,CAAC;QAC7C,IAAI,CAAC,OAAO,GAAG,IAAI,aAAa,CAAC,EAAE,CAAC,CAAC;QACrC,IAAI,CAAC,QAAQ,GAAG,IAAI,QAAQ,CAAC,EAAE,CAAC,CAAC;IACnC,CAAC;IAED,2CAA2C;IAC3C,KAAK;QACH,IAAI,IAAI,CAAC,OAAO;YAAE,OAAO;QACzB,IAAI,CAAC,OAAO,GAAG,IAAI,CAAC;QAEpB,gDAAgD;QAChD,IAAI,CAAC,cAAc,EAAE,CAAC;QACtB,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,GAAG,EAAE,CAAC,IAAI,CAAC,cAAc,EAAE,EAAE,IAAI,CAAC,MAAM,CAAC,qBAAqB,CAAC,CAAC,CAAC;QAE9F,2BAA2B;QAC3B,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,GAAG,EAAE,CAAC,IAAI,CAAC,aAAa,EAAE,EAAE,IAAI,CAAC,MAAM,CAAC,oBAAoB,CAAC,CAAC,CAAC;QAE5F,kBAAkB;QAClB,IAAI,CAAC,MAAM,CAAC,IAAI,CACd,WAAW,CAAC,GAAG,EAAE,CAAC,IAAI,CAAC,iBAAiB,EAAE,EAAE,IAAI,CAAC,MAAM,CAAC,wBAAwB,CAAC,CAClF,CAAC;QAEF,yBAAyB;QACzB,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,GAAG,EAAE,CAAC,IAAI,CAAC,YAAY,EAAE,EAAE,IAAI,CAAC,MAAM,CAAC,qBAAqB,CAAC,CAAC,CAAC;IAC9F,CAAC;IAED,0CAA0C;IAC1C,IAAI;QACF,IAAI,CAAC,OAAO,GAAG,KAAK,CAAC;QACrB,KAAK,MAAM,KAAK,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC;YAChC,aAAa,CAAC,KAAK,CAAC,CAAC;QACvB,CAAC;QACD,IAAI,CAAC,MAAM,GAAG,EAAE,CAAC;IACnB,CAAC;IAED,oCAAoC;IACpC,SAAS;QACP,OAAO,IAAI,CAAC,OAAO,CAAC;IACtB,CAAC;IAED,oCAAoC;IACpC,cAAc;QACZ,MAAM,MAAM,GAAG,IAAI,CAAC,WAAW,CAAC,gBAAgB,EAAE,CAAC;QACnD,OAAO,EAAE,YAAY,EAAE,MAAM,CAAC,YAAY,EAAE,gBAAgB,EAAE,MAAM,CAAC,gBAAgB,EAAE,CAAC;IAC1F,CAAC;IAED,4CAA4C;IAC5C,aAAa;QACX,MAAM,MAAM,GAAG,IAAI,CAAC,UAAU,CAAC,cAAc,EAAE,CAAC;QAChD,OAAO,EAAE,OAAO,EAAE,MAAM,CAAC,OAAO,EAAE,CAAC;IACrC,CAAC;IAED,mCAAmC;IACnC,iBAAiB;QACf,MAAM,MAAM,GAAG,IAAI,CAAC,OAAO,CAAC,aAAa,EAAE,CAAC;QAC5C,OAAO,EAAE,cAAc,EAAE,MAAM,CAAC,cAAc,EAAE,YAAY,EAAE,MAAM,CAAC,YAAY,EAAE,CAAC;IACtF,CAAC;IAED,iCAAiC;IACjC,YAAY;QACV,MAAM,YAAY,GAAG,IAAI,IAAI,CAC3B,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,MAAM,CAAC,gBAAgB,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAChE,CAAC,WAAW,EAAE,CAAC;QAEhB,MAAM,WAAW,GAAG,IAAI,IAAI,CAC1B,IAAI,CAAC,GAAG,EAAE,GAAG,CAAC,IAAI,CAAC,MAAM,CAAC,gBAAgB,GAAG,EAAE,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CACvE,CAAC,WAAW,EAAE,CAAC;QAEhB,MAAM,OAAO,GAAG,IAAI,CAAC,QAAQ,CAAC,eAAe,CAAC,YAAY,CAAC,CAAC;QAC5D,MAAM,MAAM,GAAG,IAAI,CAAC,QAAQ,CAAC,gBAAgB,CAAC,WAAW,CAAC,CAAC;QAE3D,6BAA6B;QAC7B,MAAM,YAAY,GAAG,IAAI,IAAI,CAC3B,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,MAAM,CAAC,mBAAmB,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CACnE,CAAC,WAAW,EAAE,CAAC;QAEhB,IAAI,CAAC,EAAE;aACJ,OAAO,CAAC,4EAA4E,CAAC;aACrF,GAAG,CAAC,YAAY,CAAC,CAAC;QAErB,mDAAmD;QACnD,MAAM,WAAW,GAAG,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,GAAG,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC,WAAW,EAAE,CAAC;QACnF,MAAM,WAAW,GAAG,IAAI,CAAC,EAAE;aACxB,OAAO,CAAC,4CAA4C,CAAC;aACrD,GAAG,CAAC,WAAW,CAAC,CAAC;QACpB,MAAM,WAAW,GAAG,WAAW,CAAC,OAAO,CAAC;QAExC,iBAAiB;QACjB,IAAI,QAAQ,GAAG,KAAK,CAAC;QACrB,IAAI,CAAC;YACH,IAAI,CAAC,EAAE,CAAC,MAAM,CAAC,yBAAyB,CAAC,CAAC;YAC1C,QAAQ,GAAG,IAAI,CAAC;QAClB,CAAC;QAAC,MAAM,CAAC;YACP,8BAA8B;QAChC,CAAC;QAED,OAAO,EAAE,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,WAAW,EAAE,CAAC;IACpD,CAAC;IAED,oCAAoC;IACpC,SAAS,CAAC,SAAiB,EAAE,UAAU,GAAG,EAAE;QAC1C,IAAI,CAAC;YACH,IAAI,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;gBAC3B,SAAS,CAAC,SAAS,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;YAC5C,CAAC;YACD,MAAM,SAAS,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC,OAAO,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC;YACjE,MAAM,IAAI,GAAG,IAAI,CAAC,SAAS,EAAE,gBAAgB,SAAS,KAAK,CAAC,CAAC;YAC7D,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,gBAAgB,IAAI,CAAC,OAAO,CAAC,IAAI,EAAE,IAAI,CAAC,GAAG,CAAC,CAAC;YAE1D,kDAAkD;YAClD,MAAM,OAAO,GAAG,WAAW,CAAC,SAAS,CAAC;iBACnC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,UAAU,CAAC,eAAe,CAAC,IAAI,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;iBACjE,IAAI,EAAE,CAAC;YACV,OAAO,OAAO,CAAC,MAAM,GAAG,UAAU,EAAE,CAAC;gBACnC,MAAM,MAAM,GAAG,OAAO,CAAC,KAAK,EAAE,CAAC;gBAC/B,IAAI,MAAM,EAAE,CAAC;oBACX,IAAI,CAAC;wBACH,UAAU,CAAC,IAAI,CAAC,SAAS,EAAE,MAAM,CAAC,CAAC,CAAC;oBACtC,CAAC;oBAAC,MAAM,CAAC;wBACP,iBAAiB;oBACnB,CAAC;gBACH,CAAC;YACH,CAAC;YACD,OAAO,IAAI,CAAC;QACd,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;CACF"}

package/dist/sighting-store.d.ts

@@ -1,61 +0,0 @@
-/**
- * Sighting Store — IoC observation tracking with learning feedback
- * 觀測儲存 — IoC 觀測追蹤與學習回饋
- *
- * When agents (Guard/Trap) report threats that match existing IoCs,
- * sightings are created and feed back into the reputation engine.
- * Positive sightings boost confidence; false positives flag for review.
- *
- * @module @panguard-ai/threat-cloud/sighting-store
- */
-import type Database from 'better-sqlite3';
-import type { SightingInput, SightingRecord, PaginationParams, PaginatedResponse } from './types.js';
-export declare class SightingStore {
-    private readonly db;
-    constructor(db: Database.Database);
-    /**
-     * Record a new sighting for an IoC.
-     * Updates the IoC's confidence and status based on sighting type.
-     * 記錄新的觀測，根據觀測類型更新 IoC 信心度和狀態
-     */
-    createSighting(input: SightingInput, actorHash?: string): SightingRecord;
-    /**
-     * Auto-create a positive sighting when agent data matches an existing IoC.
-     * Called from threat/trap-intel upload handlers.
-     * 當 Agent 資料匹配現有 IoC 時自動建立正面觀測
-     */
-    recordAgentMatch(iocId: number, source: 'guard' | 'trap', actorHash?: string): SightingRecord;
-    /**
-     * Record cross-source correlation: same IoC seen by both Guard and Trap.
-     * Gives a larger confidence boost than single-source sightings.
-     * 跨來源關聯：同一 IoC 被 Guard 和 Trap 同時看到時，信心度提升更大
-     */
-    recordCrossSourceMatch(iocId: number, actorHash?: string): SightingRecord | null;
-    /**
-     * Get sightings for an IoC / 取得 IoC 的觀測記錄
-     */
-    getSightingsForIoC(iocId: number, pagination: PaginationParams): PaginatedResponse<SightingRecord>;
-    /**
-     * Get sighting summary for an IoC / 取得 IoC 的觀測摘要
-     */
-    getSightingSummary(iocId: number): {
-        total: number;
-        positive: number;
-        negative: number;
-        falsePositive: number;
-        uniqueSources: number;
-        lastSeen: string | null;
-    };
-    /**
-     * Get recent sighting count within time window / 取得時間窗口內的近期觀測數量
-     */
-    getRecentSightingCount(iocId: number, windowHours?: number): number;
-    /** Get sighting by ID */
-    private getSightingById;
-    /**
-     * Apply sighting feedback to IoC confidence and status.
-     * 將觀測回饋套用到 IoC 的信心度和狀態
-     */
-    private applyFeedback;
-}
-//# sourceMappingURL=sighting-store.d.ts.map

package/dist/sighting-store.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"sighting-store.d.ts","sourceRoot":"","sources":["../src/sighting-store.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,OAAO,KAAK,QAAQ,MAAM,gBAAgB,CAAC;AAC3C,OAAO,KAAK,EACV,aAAa,EACb,cAAc,EAEd,gBAAgB,EAChB,iBAAiB,EAClB,MAAM,YAAY,CAAC;AAkCpB,qBAAa,aAAa;IACZ,OAAO,CAAC,QAAQ,CAAC,EAAE;gBAAF,EAAE,EAAE,QAAQ,CAAC,QAAQ;IAElD;;;;OAIG;IACH,cAAc,CAAC,KAAK,EAAE,aAAa,EAAE,SAAS,SAAK,GAAG,cAAc;IAuBpE;;;;OAIG;IACH,gBAAgB,CAAC,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,OAAO,GAAG,MAAM,EAAE,SAAS,SAAK,GAAG,cAAc;IAazF;;;;OAIG;IACH,sBAAsB,CAAC,KAAK,EAAE,MAAM,EAAE,SAAS,SAAK,GAAG,cAAc,GAAG,IAAI;IAuC5E;;OAEG;IACH,kBAAkB,CAChB,KAAK,EAAE,MAAM,EACb,UAAU,EAAE,gBAAgB,GAC3B,iBAAiB,CAAC,cAAc,CAAC;IA2BpC;;OAEG;IACH,kBAAkB,CAAC,KAAK,EAAE,MAAM,GAAG;QACjC,KAAK,EAAE,MAAM,CAAC;QACd,QAAQ,EAAE,MAAM,CAAC;QACjB,QAAQ,EAAE,MAAM,CAAC;QACjB,aAAa,EAAE,MAAM,CAAC;QACtB,aAAa,EAAE,MAAM,CAAC;QACtB,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAC;KACzB;IA+BD;;OAEG;IACH,sBAAsB,CAAC,KAAK,EAAE,MAAM,EAAE,WAAW,SAAK,GAAG,MAAM;IAW/D,yBAAyB;IACzB,OAAO,CAAC,eAAe;IAOvB;;;OAGG;IACH,OAAO,CAAC,aAAa;CAuCtB"}