@push.rocks/smartmta 5.1.2 → 5.2.0

package/dist_ts/security/classes.rustsecuritybridge.js

@@ -0,0 +1,484 @@
+import * as plugins from '../plugins.js';
+import * as paths from '../paths.js';
+import { logger } from '../logger.js';
+import { EventEmitter } from 'events';
+// ---------------------------------------------------------------------------
+// Bridge state machine
+// ---------------------------------------------------------------------------
+export var BridgeState;
+(function (BridgeState) {
+    BridgeState["Idle"] = "idle";
+    BridgeState["Starting"] = "starting";
+    BridgeState["Running"] = "running";
+    BridgeState["Restarting"] = "restarting";
+    BridgeState["Failed"] = "failed";
+    BridgeState["Stopped"] = "stopped";
+})(BridgeState || (BridgeState = {}));
+const DEFAULT_RESILIENCE_CONFIG = {
+    maxRestartAttempts: 5,
+    healthCheckIntervalMs: 30_000,
+    restartBackoffBaseMs: 1_000,
+    restartBackoffMaxMs: 30_000,
+    healthCheckTimeoutMs: 5_000,
+};
+// ---------------------------------------------------------------------------
+// RustSecurityBridge — singleton wrapper around smartrust.RustBridge
+// ---------------------------------------------------------------------------
+/**
+ * Bridge between TypeScript and the Rust `mailer-bin` binary.
+ *
+ * Uses `@push.rocks/smartrust` for JSON-over-stdin/stdout IPC.
+ * Singleton — access via `RustSecurityBridge.getInstance()`.
+ *
+ * Features resilience via auto-restart with exponential backoff,
+ * periodic health checks, and a state machine that tracks the
+ * bridge lifecycle.
+ */
+export class RustSecurityBridge extends EventEmitter {
+    static instance = null;
+    static _resilienceConfig = { ...DEFAULT_RESILIENCE_CONFIG };
+    bridge;
+    _running = false;
+    _state = BridgeState.Idle;
+    _restartAttempts = 0;
+    _restartTimer = null;
+    _healthCheckTimer = null;
+    _deliberateStop = false;
+    _smtpServerConfig = null;
+    constructor() {
+        super();
+        this.bridge = new plugins.smartrust.RustBridge({
+            binaryName: 'mailer-bin',
+            cliArgs: ['--management'],
+            requestTimeoutMs: 30_000,
+            readyTimeoutMs: 10_000,
+            localPaths: [
+                plugins.path.join(paths.packageDir, 'dist_rust', 'mailer-bin'),
+                plugins.path.join(paths.packageDir, 'rust', 'target', 'release', 'mailer-bin'),
+                plugins.path.join(paths.packageDir, 'rust', 'target', 'debug', 'mailer-bin'),
+            ],
+            searchSystemPath: false,
+        });
+        // Forward lifecycle events
+        this.bridge.on('ready', () => {
+            this._running = true;
+            logger.log('info', 'Rust security bridge is ready');
+        });
+        this.bridge.on('exit', (code, signal) => {
+            this._running = false;
+            logger.log('warn', `Rust security bridge exited (code=${code}, signal=${signal})`);
+            if (this._deliberateStop) {
+                this.setState(BridgeState.Stopped);
+            }
+            else if (this._state === BridgeState.Running) {
+                // Unexpected exit — attempt restart
+                this.attemptRestart();
+            }
+        });
+        this.bridge.on('stderr', (line) => {
+            logger.log('debug', `[rust-bridge] ${line}`);
+        });
+    }
+    // -----------------------------------------------------------------------
+    // Static configuration & singleton
+    // -----------------------------------------------------------------------
+    /** Get or create the singleton instance. */
+    static getInstance() {
+        if (!RustSecurityBridge.instance) {
+            RustSecurityBridge.instance = new RustSecurityBridge();
+        }
+        return RustSecurityBridge.instance;
+    }
+    /** Reset the singleton instance (for testing). */
+    static resetInstance() {
+        if (RustSecurityBridge.instance) {
+            RustSecurityBridge.instance.stopHealthCheck();
+            if (RustSecurityBridge.instance._restartTimer) {
+                clearTimeout(RustSecurityBridge.instance._restartTimer);
+                RustSecurityBridge.instance._restartTimer = null;
+            }
+            RustSecurityBridge.instance.removeAllListeners();
+        }
+        RustSecurityBridge.instance = null;
+    }
+    /** Configure resilience parameters. Can be called before or after getInstance(). */
+    static configure(config) {
+        RustSecurityBridge._resilienceConfig = {
+            ...RustSecurityBridge._resilienceConfig,
+            ...config,
+        };
+    }
+    // -----------------------------------------------------------------------
+    // State management
+    // -----------------------------------------------------------------------
+    /** Current bridge state. */
+    get state() {
+        return this._state;
+    }
+    /** Whether the Rust process is currently running and accepting commands. */
+    get running() {
+        return this._running;
+    }
+    setState(newState) {
+        const oldState = this._state;
+        if (oldState === newState)
+            return;
+        this._state = newState;
+        logger.log('info', `Rust bridge state: ${oldState} -> ${newState}`);
+        this.emit('stateChange', { oldState, newState });
+    }
+    /**
+     * Throws a descriptive error if the bridge is not in Running state.
+     * Called at the top of every command method.
+     */
+    ensureRunning() {
+        if (this._state === BridgeState.Running && this._running) {
+            return;
+        }
+        switch (this._state) {
+            case BridgeState.Idle:
+                throw new Error('Rust bridge has not been started yet. Call start() first.');
+            case BridgeState.Starting:
+                throw new Error('Rust bridge is still starting. Wait for start() to resolve.');
+            case BridgeState.Restarting:
+                throw new Error('Rust bridge is restarting after a crash. Commands will resume once it recovers.');
+            case BridgeState.Failed:
+                throw new Error('Rust bridge has failed after exhausting all restart attempts.');
+            case BridgeState.Stopped:
+                throw new Error('Rust bridge has been stopped. Call start() to restart it.');
+            default:
+                throw new Error(`Rust bridge is not running (state=${this._state}).`);
+        }
+    }
+    // -----------------------------------------------------------------------
+    // Lifecycle
+    // -----------------------------------------------------------------------
+    /**
+     * Spawn the Rust binary and wait for the ready signal.
+     * @returns `true` if the binary started successfully, `false` otherwise.
+     */
+    async start() {
+        if (this._running && this._state === BridgeState.Running) {
+            return true;
+        }
+        this._deliberateStop = false;
+        this._restartAttempts = 0;
+        this.setState(BridgeState.Starting);
+        try {
+            const ok = await this.bridge.spawn();
+            this._running = ok;
+            if (ok) {
+                this.setState(BridgeState.Running);
+                this.startHealthCheck();
+                logger.log('info', 'Rust security bridge started');
+            }
+            else {
+                this.setState(BridgeState.Failed);
+                logger.log('warn', 'Rust security bridge failed to start (binary not found or timeout)');
+            }
+            return ok;
+        }
+        catch (err) {
+            this.setState(BridgeState.Failed);
+            logger.log('error', `Failed to start Rust security bridge: ${err.message}`);
+            return false;
+        }
+    }
+    /** Kill the Rust process deliberately. */
+    async stop() {
+        this._deliberateStop = true;
+        // Cancel any pending restart
+        if (this._restartTimer) {
+            clearTimeout(this._restartTimer);
+            this._restartTimer = null;
+        }
+        this.stopHealthCheck();
+        this._smtpServerConfig = null;
+        if (!this._running) {
+            this.setState(BridgeState.Stopped);
+            return;
+        }
+        try {
+            this.bridge.kill();
+            this._running = false;
+            this.setState(BridgeState.Stopped);
+            logger.log('info', 'Rust security bridge stopped');
+        }
+        catch (err) {
+            logger.log('error', `Error stopping Rust security bridge: ${err.message}`);
+        }
+    }
+    // -----------------------------------------------------------------------
+    // Auto-restart with exponential backoff
+    // -----------------------------------------------------------------------
+    attemptRestart() {
+        const config = RustSecurityBridge._resilienceConfig;
+        this._restartAttempts++;
+        if (this._restartAttempts > config.maxRestartAttempts) {
+            logger.log('error', `Rust bridge exceeded max restart attempts (${config.maxRestartAttempts}). Giving up.`);
+            this.setState(BridgeState.Failed);
+            return;
+        }
+        this.setState(BridgeState.Restarting);
+        this.stopHealthCheck();
+        const delay = Math.min(config.restartBackoffBaseMs * Math.pow(2, this._restartAttempts - 1), config.restartBackoffMaxMs);
+        logger.log('info', `Rust bridge restart attempt ${this._restartAttempts}/${config.maxRestartAttempts} in ${delay}ms`);
+        this._restartTimer = setTimeout(async () => {
+            this._restartTimer = null;
+            // Guard: if stop() was called while we were waiting, don't restart
+            if (this._deliberateStop) {
+                this.setState(BridgeState.Stopped);
+                return;
+            }
+            try {
+                const ok = await this.bridge.spawn();
+                this._running = ok;
+                if (ok) {
+                    logger.log('info', 'Rust bridge restarted successfully');
+                    this._restartAttempts = 0;
+                    this.setState(BridgeState.Running);
+                    this.startHealthCheck();
+                    await this.restoreAfterRestart();
+                }
+                else {
+                    logger.log('warn', 'Rust bridge restart failed (spawn returned false)');
+                    this.attemptRestart();
+                }
+            }
+            catch (err) {
+                logger.log('error', `Rust bridge restart failed: ${err.message}`);
+                this.attemptRestart();
+            }
+        }, delay);
+    }
+    /**
+     * Restore state after a successful restart:
+     * - Re-send startSmtpServer command if the SMTP server was running
+     */
+    async restoreAfterRestart() {
+        if (this._smtpServerConfig) {
+            try {
+                logger.log('info', 'Restoring SMTP server after bridge restart');
+                const result = await this.bridge.sendCommand('startSmtpServer', this._smtpServerConfig);
+                if (result?.started) {
+                    logger.log('info', 'SMTP server restored after bridge restart');
+                }
+                else {
+                    logger.log('warn', 'SMTP server failed to restore after bridge restart');
+                }
+            }
+            catch (err) {
+                logger.log('error', `Failed to restore SMTP server after restart: ${err.message}`);
+            }
+        }
+    }
+    // -----------------------------------------------------------------------
+    // Health check
+    // -----------------------------------------------------------------------
+    startHealthCheck() {
+        this.stopHealthCheck();
+        const config = RustSecurityBridge._resilienceConfig;
+        this._healthCheckTimer = setInterval(async () => {
+            if (this._state !== BridgeState.Running || !this._running) {
+                return;
+            }
+            try {
+                const pongPromise = this.bridge.sendCommand('ping', {});
+                const timeoutPromise = new Promise((_, reject) => setTimeout(() => reject(new Error('Health check timeout')), config.healthCheckTimeoutMs));
+                const res = await Promise.race([pongPromise, timeoutPromise]);
+                if (!res?.pong) {
+                    throw new Error('Health check: unexpected ping response');
+                }
+            }
+            catch (err) {
+                logger.log('warn', `Rust bridge health check failed: ${err.message}. Killing process to trigger restart.`);
+                try {
+                    this.bridge.kill();
+                }
+                catch {
+                    // Already dead
+                }
+                // The exit handler will trigger attemptRestart()
+            }
+        }, config.healthCheckIntervalMs);
+    }
+    stopHealthCheck() {
+        if (this._healthCheckTimer) {
+            clearInterval(this._healthCheckTimer);
+            this._healthCheckTimer = null;
+        }
+    }
+    // -----------------------------------------------------------------------
+    // Commands — thin typed wrappers over sendCommand
+    // -----------------------------------------------------------------------
+    /** Ping the Rust process. */
+    async ping() {
+        this.ensureRunning();
+        const res = await this.bridge.sendCommand('ping', {});
+        return res?.pong === true;
+    }
+    /** Get version information for all Rust crates. */
+    async getVersion() {
+        this.ensureRunning();
+        return this.bridge.sendCommand('version', {});
+    }
+    /** Validate an email address. */
+    async validateEmail(email) {
+        this.ensureRunning();
+        return this.bridge.sendCommand('validateEmail', { email });
+    }
+    /** Detect bounce type from SMTP response / diagnostic code. */
+    async detectBounce(opts) {
+        this.ensureRunning();
+        return this.bridge.sendCommand('detectBounce', opts);
+    }
+    /** Scan email content for threats (phishing, spam, malware, etc.). */
+    async scanContent(opts) {
+        this.ensureRunning();
+        return this.bridge.sendCommand('scanContent', opts);
+    }
+    /** Check IP reputation via DNSBL. */
+    async checkIpReputation(ip) {
+        this.ensureRunning();
+        return this.bridge.sendCommand('checkIpReputation', { ip });
+    }
+    /** Verify DKIM signatures on a raw email message. */
+    async verifyDkim(rawMessage) {
+        this.ensureRunning();
+        return this.bridge.sendCommand('verifyDkim', { rawMessage });
+    }
+    /** Sign an email with DKIM (RSA or Ed25519). */
+    async signDkim(opts) {
+        this.ensureRunning();
+        return this.bridge.sendCommand('signDkim', opts);
+    }
+    /** Check SPF for a sender. */
+    async checkSpf(opts) {
+        this.ensureRunning();
+        return this.bridge.sendCommand('checkSpf', opts);
+    }
+    /**
+     * Compound email security verification: DKIM + SPF + DMARC in one IPC call.
+     *
+     * This is the preferred method for inbound email verification — it avoids
+     * 3 sequential round-trips and correctly passes raw mail-auth types internally.
+     */
+    async verifyEmail(opts) {
+        this.ensureRunning();
+        return this.bridge.sendCommand('verifyEmail', opts);
+    }
+    // -----------------------------------------------------------------------
+    // SMTP Client — outbound email delivery via Rust
+    // -----------------------------------------------------------------------
+    /** Send a structured email via the Rust SMTP client. */
+    async sendOutboundEmail(opts) {
+        this.ensureRunning();
+        return this.bridge.sendCommand('sendEmail', opts);
+    }
+    /** Send a pre-formatted raw email via the Rust SMTP client. */
+    async sendRawEmail(opts) {
+        this.ensureRunning();
+        return this.bridge.sendCommand('sendRawEmail', opts);
+    }
+    /** Verify connectivity to an SMTP server. */
+    async verifySmtpConnection(opts) {
+        this.ensureRunning();
+        return this.bridge.sendCommand('verifySmtpConnection', opts);
+    }
+    /** Close a specific connection pool (or all pools if no key is given). */
+    async closeSmtpPool(poolKey) {
+        this.ensureRunning();
+        await this.bridge.sendCommand('closeSmtpPool', poolKey ? { poolKey } : {});
+    }
+    /** Get status of all SMTP client connection pools. */
+    async getSmtpPoolStatus() {
+        this.ensureRunning();
+        return this.bridge.sendCommand('getSmtpPoolStatus', {});
+    }
+    // -----------------------------------------------------------------------
+    // SMTP Server lifecycle
+    // -----------------------------------------------------------------------
+    /**
+     * Start the Rust SMTP server.
+     * The server will listen on the configured ports and emit events for
+     * emailReceived and authRequest that must be handled by the caller.
+     */
+    async startSmtpServer(config) {
+        this.ensureRunning();
+        this._smtpServerConfig = config;
+        const result = await this.bridge.sendCommand('startSmtpServer', config);
+        return result?.started === true;
+    }
+    /** Stop the Rust SMTP server. */
+    async stopSmtpServer() {
+        this.ensureRunning();
+        this._smtpServerConfig = null;
+        await this.bridge.sendCommand('stopSmtpServer', {});
+    }
+    /**
+     * Send the result of email processing back to the Rust SMTP server.
+     * This resolves a pending correlation-ID callback, allowing the Rust
+     * server to send the SMTP response to the client.
+     */
+    async sendEmailProcessingResult(opts) {
+        this.ensureRunning();
+        await this.bridge.sendCommand('emailProcessingResult', opts);
+    }
+    /**
+     * Send the result of authentication validation back to the Rust SMTP server.
+     */
+    async sendAuthResult(opts) {
+        this.ensureRunning();
+        await this.bridge.sendCommand('authResult', opts);
+    }
+    /**
+     * Send SCRAM credentials back to the Rust SMTP server.
+     * Values (salt, storedKey, serverKey) must be base64-encoded.
+     */
+    async sendScramCredentialResult(opts) {
+        this.ensureRunning();
+        await this.bridge.sendCommand('scramCredentialResult', opts);
+    }
+    /** Update rate limit configuration at runtime. */
+    async configureRateLimits(config) {
+        this.ensureRunning();
+        await this.bridge.sendCommand('configureRateLimits', config);
+    }
+    // -----------------------------------------------------------------------
+    // Event registration — delegates to the underlying bridge EventEmitter
+    // -----------------------------------------------------------------------
+    /**
+     * Register a handler for emailReceived events from the Rust SMTP server.
+     * These events fire when a complete email has been received and needs processing.
+     */
+    onEmailReceived(handler) {
+        this.bridge.on('management:emailReceived', handler);
+    }
+    /**
+     * Register a handler for authRequest events from the Rust SMTP server.
+     * The handler must call sendAuthResult() with the correlationId.
+     */
+    onAuthRequest(handler) {
+        this.bridge.on('management:authRequest', handler);
+    }
+    /**
+     * Register a handler for scramCredentialRequest events from the Rust SMTP server.
+     * The handler must call sendScramCredentialResult() with the correlationId.
+     */
+    onScramCredentialRequest(handler) {
+        this.bridge.on('management:scramCredentialRequest', handler);
+    }
+    /** Remove an emailReceived event handler. */
+    offEmailReceived(handler) {
+        this.bridge.off('management:emailReceived', handler);
+    }
+    /** Remove an authRequest event handler. */
+    offAuthRequest(handler) {
+        this.bridge.off('management:authRequest', handler);
+    }
+    /** Remove a scramCredentialRequest event handler. */
+    offScramCredentialRequest(handler) {
+        this.bridge.off('management:scramCredentialRequest', handler);
+    }
+}
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiY2xhc3Nlcy5ydXN0c2VjdXJpdHlicmlkZ2UuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi90cy9zZWN1cml0eS9jbGFzc2VzLnJ1c3RzZWN1cml0eWJyaWRnZS50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiQUFBQSxPQUFPLEtBQUssT0FBTyxNQUFNLGVBQWUsQ0FBQztBQUN6QyxPQUFPLEtBQUssS0FBSyxNQUFNLGFBQWEsQ0FBQztBQUNyQyxPQUFPLEVBQUUsTUFBTSxFQUFFLE1BQU0sY0FBYyxDQUFDO0FBQ3RDLE9BQU8sRUFBRSxZQUFZLEVBQUUsTUFBTSxRQUFRLENBQUM7QUE4VHRDLDhFQUE4RTtBQUM5RSx1QkFBdUI7QUFDdkIsOEVBQThFO0FBRTlFLE1BQU0sQ0FBTixJQUFZLFdBT1g7QUFQRCxXQUFZLFdBQVc7SUFDckIsNEJBQWEsQ0FBQTtJQUNiLG9DQUFxQixDQUFBO0lBQ3JCLGtDQUFtQixDQUFBO0lBQ25CLHdDQUF5QixDQUFBO0lBQ3pCLGdDQUFpQixDQUFBO0lBQ2pCLGtDQUFtQixDQUFBO0FBQ3JCLENBQUMsRUFQVyxXQUFXLEtBQVgsV0FBVyxRQU90QjtBQVVELE1BQU0seUJBQXlCLEdBQTRCO0lBQ3pELGtCQUFrQixFQUFFLENBQUM7SUFDckIscUJBQXFCLEVBQUUsTUFBTTtJQUM3QixvQkFBb0IsRUFBRSxLQUFLO0lBQzNCLG1CQUFtQixFQUFFLE1BQU07SUFDM0Isb0JBQW9CLEVBQUUsS0FBSztDQUM1QixDQUFDO0FBRUYsOEVBQThFO0FBQzlFLHFFQUFxRTtBQUNyRSw4RUFBOEU7QUFFOUU7Ozs7Ozs7OztHQVNHO0FBQ0gsTUFBTSxPQUFPLGtCQUFtQixTQUFRLFlBQVk7SUFDMUMsTUFBTSxDQUFDLFFBQVEsR0FBOEIsSUFBSSxDQUFDO0lBQ2xELE1BQU0sQ0FBQyxpQkFBaUIsR0FBNEIsRUFBRSxHQUFHLHlCQUF5QixFQUFFLENBQUM7SUFFckYsTUFBTSxDQUFxRTtJQUMzRSxRQUFRLEdBQUcsS0FBSyxDQUFDO0lBQ2pCLE1BQU0sR0FBZ0IsV0FBVyxDQUFDLElBQUksQ0FBQztJQUN2QyxnQkFBZ0IsR0FBRyxDQUFDLENBQUM7SUFDckIsYUFBYSxHQUF5QyxJQUFJLENBQUM7SUFDM0QsaUJBQWlCLEdBQTBDLElBQUksQ0FBQztJQUNoRSxlQUFlLEdBQUcsS0FBSyxDQUFDO0lBQ3hCLGlCQUFpQixHQUE2QixJQUFJLENBQUM7SUFFM0Q7UUFDRSxLQUFLLEVBQUUsQ0FBQztRQUNSLElBQUksQ0FBQyxNQUFNLEdBQUcsSUFBSSxPQUFPLENBQUMsU0FBUyxDQUFDLFVBQVUsQ0FBa0I7WUFDOUQsVUFBVSxFQUFFLFlBQVk7WUFDeEIsT0FBTyxFQUFFLENBQUMsY0FBYyxDQUFDO1lBQ3pCLGdCQUFnQixFQUFFLE1BQU07WUFDeEIsY0FBYyxFQUFFLE1BQU07WUFDdEIsVUFBVSxFQUFFO2dCQUNWLE9BQU8sQ0FBQyxJQUFJLENBQUMsSUFBSSxDQUFDLEtBQUssQ0FBQyxVQUFVLEVBQUUsV0FBVyxFQUFFLFlBQVksQ0FBQztnQkFDOUQsT0FBTyxDQUFDLElBQUksQ0FBQyxJQUFJLENBQUMsS0FBSyxDQUFDLFVBQVUsRUFBRSxNQUFNLEVBQUUsUUFBUSxFQUFFLFNBQVMsRUFBRSxZQUFZLENBQUM7Z0JBQzlFLE9BQU8sQ0FBQyxJQUFJLENBQUMsSUFBSSxDQUFDLEtBQUssQ0FBQyxVQUFVLEVBQUUsTUFBTSxFQUFFLFFBQVEsRUFBRSxPQUFPLEVBQUUsWUFBWSxDQUFDO2FBQzdFO1lBQ0QsZ0JBQWdCLEVBQUUsS0FBSztTQUN4QixDQUFDLENBQUM7UUFFSCwyQkFBMkI7UUFDM0IsSUFBSSxDQUFDLE1BQU0sQ0FBQyxFQUFFLENBQUMsT0FBTyxFQUFFLEdBQUcsRUFBRTtZQUMzQixJQUFJLENBQUMsUUFBUSxHQUFHLElBQUksQ0FBQztZQUNyQixNQUFNLENBQUMsR0FBRyxDQUFDLE1BQU0sRUFBRSwrQkFBK0IsQ0FBQyxDQUFDO1FBQ3RELENBQUMsQ0FBQyxDQUFDO1FBRUgsSUFBSSxDQUFDLE1BQU0sQ0FBQyxFQUFFLENBQUMsTUFBTSxFQUFFLENBQUMsSUFBbUIsRUFBRSxNQUFxQixFQUFFLEVBQUU7WUFDcEUsSUFBSSxDQUFDLFFBQVEsR0FBRyxLQUFLLENBQUM7WUFDdEIsTUFBTSxDQUFDLEdBQUcsQ0FBQyxNQUFNLEVBQUUscUNBQXFDLElBQUksWUFBWSxNQUFNLEdBQUcsQ0FBQyxDQUFDO1lBRW5GLElBQUksSUFBSSxDQUFDLGVBQWUsRUFBRSxDQUFDO2dCQUN6QixJQUFJLENBQUMsUUFBUSxDQUFDLFdBQVcsQ0FBQyxPQUFPLENBQUMsQ0FBQztZQUNyQyxDQUFDO2lCQUFNLElBQUksSUFBSSxDQUFDLE1BQU0sS0FBSyxXQUFXLENBQUMsT0FBTyxFQUFFLENBQUM7Z0JBQy9DLG9DQUFvQztnQkFDcEMsSUFBSSxDQUFDLGNBQWMsRUFBRSxDQUFDO1lBQ3hCLENBQUM7UUFDSCxDQUFDLENBQUMsQ0FBQztRQUVILElBQUksQ0FBQyxNQUFNLENBQUMsRUFBRSxDQUFDLFFBQVEsRUFBRSxDQUFDLElBQVksRUFBRSxFQUFFO1lBQ3hDLE1BQU0sQ0FBQyxHQUFHLENBQUMsT0FBTyxFQUFFLGlCQUFpQixJQUFJLEVBQUUsQ0FBQyxDQUFDO1FBQy9DLENBQUMsQ0FBQyxDQUFDO0lBQ0wsQ0FBQztJQUVELDBFQUEwRTtJQUMxRSxtQ0FBbUM7SUFDbkMsMEVBQTBFO0lBRTFFLDRDQUE0QztJQUNyQyxNQUFNLENBQUMsV0FBVztRQUN2QixJQUFJLENBQUMsa0JBQWtCLENBQUMsUUFBUSxFQUFFLENBQUM7WUFDakMsa0JBQWtCLENBQUMsUUFBUSxHQUFHLElBQUksa0JBQWtCLEVBQUUsQ0FBQztRQUN6RCxDQUFDO1FBQ0QsT0FBTyxrQkFBa0IsQ0FBQyxRQUFRLENBQUM7SUFDckMsQ0FBQztJQUVELGtEQUFrRDtJQUMzQyxNQUFNLENBQUMsYUFBYTtRQUN6QixJQUFJLGtCQUFrQixDQUFDLFFBQVEsRUFBRSxDQUFDO1lBQ2hDLGtCQUFrQixDQUFDLFFBQVEsQ0FBQyxlQUFlLEVBQUUsQ0FBQztZQUM5QyxJQUFJLGtCQUFrQixDQUFDLFFBQVEsQ0FBQyxhQUFhLEVBQUUsQ0FBQztnQkFDOUMsWUFBWSxDQUFDLGtCQUFrQixDQUFDLFFBQVEsQ0FBQyxhQUFhLENBQUMsQ0FBQztnQkFDeEQsa0JBQWtCLENBQUMsUUFBUSxDQUFDLGFBQWEsR0FBRyxJQUFJLENBQUM7WUFDbkQsQ0FBQztZQUNELGtCQUFrQixDQUFDLFFBQVEsQ0FBQyxrQkFBa0IsRUFBRSxDQUFDO1FBQ25ELENBQUM7UUFDRCxrQkFBa0IsQ0FBQyxRQUFRLEdBQUcsSUFBSSxDQUFDO0lBQ3JDLENBQUM7SUFFRCxvRkFBb0Y7SUFDN0UsTUFBTSxDQUFDLFNBQVMsQ0FBQyxNQUF3QztRQUM5RCxrQkFBa0IsQ0FBQyxpQkFBaUIsR0FBRztZQUNyQyxHQUFHLGtCQUFrQixDQUFDLGlCQUFpQjtZQUN2QyxHQUFHLE1BQU07U0FDVixDQUFDO0lBQ0osQ0FBQztJQUVELDBFQUEwRTtJQUMxRSxtQkFBbUI7SUFDbkIsMEVBQTBFO0lBRTFFLDRCQUE0QjtJQUM1QixJQUFXLEtBQUs7UUFDZCxPQUFPLElBQUksQ0FBQyxNQUFNLENBQUM7SUFDckIsQ0FBQztJQUVELDRFQUE0RTtJQUM1RSxJQUFXLE9BQU87UUFDaEIsT0FBTyxJQUFJLENBQUMsUUFBUSxDQUFDO0lBQ3ZCLENBQUM7SUFFTyxRQUFRLENBQUMsUUFBcUI7UUFDcEMsTUFBTSxRQUFRLEdBQUcsSUFBSSxDQUFDLE1BQU0sQ0FBQztRQUM3QixJQUFJLFFBQVEsS0FBSyxRQUFRO1lBQUUsT0FBTztRQUNsQyxJQUFJLENBQUMsTUFBTSxHQUFHLFFBQVEsQ0FBQztRQUN2QixNQUFNLENBQUMsR0FBRyxDQUFDLE1BQU0sRUFBRSxzQkFBc0IsUUFBUSxPQUFPLFFBQVEsRUFBRSxDQUFDLENBQUM7UUFDcEUsSUFBSSxDQUFDLElBQUksQ0FBQyxhQUFhLEVBQUUsRUFBRSxRQUFRLEVBQUUsUUFBUSxFQUFFLENBQUMsQ0FBQztJQUNuRCxDQUFDO0lBRUQ7OztPQUdHO0lBQ0ssYUFBYTtRQUNuQixJQUFJLElBQUksQ0FBQyxNQUFNLEtBQUssV0FBVyxDQUFDLE9BQU8sSUFBSSxJQUFJLENBQUMsUUFBUSxFQUFFLENBQUM7WUFDekQsT0FBTztRQUNULENBQUM7UUFDRCxRQUFRLElBQUksQ0FBQyxNQUFNLEVBQUUsQ0FBQztZQUNwQixLQUFLLFdBQVcsQ0FBQyxJQUFJO2dCQUNuQixNQUFNLElBQUksS0FBSyxDQUFDLDJEQUEyRCxDQUFDLENBQUM7WUFDL0UsS0FBSyxXQUFXLENBQUMsUUFBUTtnQkFDdkIsTUFBTSxJQUFJLEtBQUssQ0FBQyw2REFBNkQsQ0FBQyxDQUFDO1lBQ2pGLEtBQUssV0FBVyxDQUFDLFVBQVU7Z0JBQ3pCLE1BQU0sSUFBSSxLQUFLLENBQUMsaUZBQWlGLENBQUMsQ0FBQztZQUNyRyxLQUFLLFdBQVcsQ0FBQyxNQUFNO2dCQUNyQixNQUFNLElBQUksS0FBSyxDQUFDLCtEQUErRCxDQUFDLENBQUM7WUFDbkYsS0FBSyxXQUFXLENBQUMsT0FBTztnQkFDdEIsTUFBTSxJQUFJLEtBQUssQ0FBQywyREFBMkQsQ0FBQyxDQUFDO1lBQy9FO2dCQUNFLE1BQU0sSUFBSSxLQUFLLENBQUMscUNBQXFDLElBQUksQ0FBQyxNQUFNLElBQUksQ0FBQyxDQUFDO1FBQzFFLENBQUM7SUFDSCxDQUFDO0lBRUQsMEVBQTBFO0lBQzFFLFlBQVk7SUFDWiwwRUFBMEU7SUFFMUU7OztPQUdHO0lBQ0ksS0FBSyxDQUFDLEtBQUs7UUFDaEIsSUFBSSxJQUFJLENBQUMsUUFBUSxJQUFJLElBQUksQ0FBQyxNQUFNLEtBQUssV0FBVyxDQUFDLE9BQU8sRUFBRSxDQUFDO1lBQ3pELE9BQU8sSUFBSSxDQUFDO1FBQ2QsQ0FBQztRQUVELElBQUksQ0FBQyxlQUFlLEdBQUcsS0FBSyxDQUFDO1FBQzdCLElBQUksQ0FBQyxnQkFBZ0IsR0FBRyxDQUFDLENBQUM7UUFDMUIsSUFBSSxDQUFDLFFBQVEsQ0FBQyxXQUFXLENBQUMsUUFBUSxDQUFDLENBQUM7UUFFcEMsSUFBSSxDQUFDO1lBQ0gsTUFBTSxFQUFFLEdBQUcsTUFBTSxJQUFJLENBQUMsTUFBTSxDQUFDLEtBQUssRUFBRSxDQUFDO1lBQ3JDLElBQUksQ0FBQyxRQUFRLEdBQUcsRUFBRSxDQUFDO1lBQ25CLElBQUksRUFBRSxFQUFFLENBQUM7Z0JBQ1AsSUFBSSxDQUFDLFFBQVEsQ0FBQyxXQUFXLENBQUMsT0FBTyxDQUFDLENBQUM7Z0JBQ25DLElBQUksQ0FBQyxnQkFBZ0IsRUFBRSxDQUFDO2dCQUN4QixNQUFNLENBQUMsR0FBRyxDQUFDLE1BQU0sRUFBRSw4QkFBOEIsQ0FBQyxDQUFDO1lBQ3JELENBQUM7aUJBQU0sQ0FBQztnQkFDTixJQUFJLENBQUMsUUFBUSxDQUFDLFdBQVcsQ0FBQyxNQUFNLENBQUMsQ0FBQztnQkFDbEMsTUFBTSxDQUFDLEdBQUcsQ0FBQyxNQUFNLEVBQUUsb0VBQW9FLENBQUMsQ0FBQztZQUMzRixDQUFDO1lBQ0QsT0FBTyxFQUFFLENBQUM7UUFDWixDQUFDO1FBQUMsT0FBTyxHQUFHLEVBQUUsQ0FBQztZQUNiLElBQUksQ0FBQyxRQUFRLENBQUMsV0FBVyxDQUFDLE1BQU0sQ0FBQyxDQUFDO1lBQ2xDLE1BQU0sQ0FBQyxHQUFHLENBQUMsT0FBTyxFQUFFLHlDQUEwQyxHQUFhLENBQUMsT0FBTyxFQUFFLENBQUMsQ0FBQztZQUN2RixPQUFPLEtBQUssQ0FBQztRQUNmLENBQUM7SUFDSCxDQUFDO0lBRUQsMENBQTBDO0lBQ25DLEtBQUssQ0FBQyxJQUFJO1FBQ2YsSUFBSSxDQUFDLGVBQWUsR0FBRyxJQUFJLENBQUM7UUFFNUIsNkJBQTZCO1FBQzdCLElBQUksSUFBSSxDQUFDLGFBQWEsRUFBRSxDQUFDO1lBQ3ZCLFlBQVksQ0FBQyxJQUFJLENBQUMsYUFBYSxDQUFDLENBQUM7WUFDakMsSUFBSSxDQUFDLGFBQWEsR0FBRyxJQUFJLENBQUM7UUFDNUIsQ0FBQztRQUVELElBQUksQ0FBQyxlQUFlLEVBQUUsQ0FBQztRQUN2QixJQUFJLENBQUMsaUJBQWlCLEdBQUcsSUFBSSxDQUFDO1FBRTlCLElBQUksQ0FBQyxJQUFJLENBQUMsUUFBUSxFQUFFLENBQUM7WUFDbkIsSUFBSSxDQUFDLFFBQVEsQ0FBQyxXQUFXLENBQUMsT0FBTyxDQUFDLENBQUM7WUFDbkMsT0FBTztRQUNULENBQUM7UUFDRCxJQUFJLENBQUM7WUFDSCxJQUFJLENBQUMsTUFBTSxDQUFDLElBQUksRUFBRSxDQUFDO1lBQ25CLElBQUksQ0FBQyxRQUFRLEdBQUcsS0FBSyxDQUFDO1lBQ3RCLElBQUksQ0FBQyxRQUFRLENBQUMsV0FBVyxDQUFDLE9BQU8sQ0FBQyxDQUFDO1lBQ25DLE1BQU0sQ0FBQyxHQUFHLENBQUMsTUFBTSxFQUFFLDhCQUE4QixDQUFDLENBQUM7UUFDckQsQ0FBQztRQUFDLE9BQU8sR0FBRyxFQUFFLENBQUM7WUFDYixNQUFNLENBQUMsR0FBRyxDQUFDLE9BQU8sRUFBRSx3Q0FBeUMsR0FBYSxDQUFDLE9BQU8sRUFBRSxDQUFDLENBQUM7UUFDeEYsQ0FBQztJQUNILENBQUM7SUFFRCwwRUFBMEU7SUFDMUUsd0NBQXdDO0lBQ3hDLDBFQUEwRTtJQUVsRSxjQUFjO1FBQ3BCLE1BQU0sTUFBTSxHQUFHLGtCQUFrQixDQUFDLGlCQUFpQixDQUFDO1FBQ3BELElBQUksQ0FBQyxnQkFBZ0IsRUFBRSxDQUFDO1FBRXhCLElBQUksSUFBSSxDQUFDLGdCQUFnQixHQUFHLE1BQU0sQ0FBQyxrQkFBa0IsRUFBRSxDQUFDO1lBQ3RELE1BQU0sQ0FBQyxHQUFHLENBQUMsT0FBTyxFQUFFLDhDQUE4QyxNQUFNLENBQUMsa0JBQWtCLGVBQWUsQ0FBQyxDQUFDO1lBQzVHLElBQUksQ0FBQyxRQUFRLENBQUMsV0FBVyxDQUFDLE1BQU0sQ0FBQyxDQUFDO1lBQ2xDLE9BQU87UUFDVCxDQUFDO1FBRUQsSUFBSSxDQUFDLFFBQVEsQ0FBQyxXQUFXLENBQUMsVUFBVSxDQUFDLENBQUM7UUFDdEMsSUFBSSxDQUFDLGVBQWUsRUFBRSxDQUFDO1FBRXZCLE1BQU0sS0FBSyxHQUFHLElBQUksQ0FBQyxHQUFHLENBQ3BCLE1BQU0sQ0FBQyxvQkFBb0IsR0FBRyxJQUFJLENBQUMsR0FBRyxDQUFDLENBQUMsRUFBRSxJQUFJLENBQUMsZ0JBQWdCLEdBQUcsQ0FBQyxDQUFDLEVBQ3BFLE1BQU0sQ0FBQyxtQkFBbUIsQ0FDM0IsQ0FBQztRQUVGLE1BQU0sQ0FBQyxHQUFHLENBQUMsTUFBTSxFQUFFLCtCQUErQixJQUFJLENBQUMsZ0JBQWdCLElBQUksTUFBTSxDQUFDLGtCQUFrQixPQUFPLEtBQUssSUFBSSxDQUFDLENBQUM7UUFFdEgsSUFBSSxDQUFDLGFBQWEsR0FBRyxVQUFVLENBQUMsS0FBSyxJQUFJLEVBQUU7WUFDekMsSUFBSSxDQUFDLGFBQWEsR0FBRyxJQUFJLENBQUM7WUFFMUIsbUVBQW1FO1lBQ25FLElBQUksSUFBSSxDQUFDLGVBQWUsRUFBRSxDQUFDO2dCQUN6QixJQUFJLENBQUMsUUFBUSxDQUFDLFdBQVcsQ0FBQyxPQUFPLENBQUMsQ0FBQztnQkFDbkMsT0FBTztZQUNULENBQUM7WUFFRCxJQUFJLENBQUM7Z0JBQ0gsTUFBTSxFQUFFLEdBQUcsTUFBTSxJQUFJLENBQUMsTUFBTSxDQUFDLEtBQUssRUFBRSxDQUFDO2dCQUNyQyxJQUFJLENBQUMsUUFBUSxHQUFHLEVBQUUsQ0FBQztnQkFFbkIsSUFBSSxFQUFFLEVBQUUsQ0FBQztvQkFDUCxNQUFNLENBQUMsR0FBRyxDQUFDLE1BQU0sRUFBRSxvQ0FBb0MsQ0FBQyxDQUFDO29CQUN6RCxJQUFJLENBQUMsZ0JBQWdCLEdBQUcsQ0FBQyxDQUFDO29CQUMxQixJQUFJLENBQUMsUUFBUSxDQUFDLFdBQVcsQ0FBQyxPQUFPLENBQUMsQ0FBQztvQkFDbkMsSUFBSSxDQUFDLGdCQUFnQixFQUFFLENBQUM7b0JBQ3hCLE1BQU0sSUFBSSxDQUFDLG1CQUFtQixFQUFFLENBQUM7Z0JBQ25DLENBQUM7cUJBQU0sQ0FBQztvQkFDTixNQUFNLENBQUMsR0FBRyxDQUFDLE1BQU0sRUFBRSxtREFBbUQsQ0FBQyxDQUFDO29CQUN4RSxJQUFJLENBQUMsY0FBYyxFQUFFLENBQUM7Z0JBQ3hCLENBQUM7WUFDSCxDQUFDO1lBQUMsT0FBTyxHQUFHLEVBQUUsQ0FBQztnQkFDYixNQUFNLENBQUMsR0FBRyxDQUFDLE9BQU8sRUFBRSwrQkFBZ0MsR0FBYSxDQUFDLE9BQU8sRUFBRSxDQUFDLENBQUM7Z0JBQzdFLElBQUksQ0FBQyxjQUFjLEVBQUUsQ0FBQztZQUN4QixDQUFDO1FBQ0gsQ0FBQyxFQUFFLEtBQUssQ0FBQyxDQUFDO0lBQ1osQ0FBQztJQUVEOzs7T0FHRztJQUNLLEtBQUssQ0FBQyxtQkFBbUI7UUFDL0IsSUFBSSxJQUFJLENBQUMsaUJBQWlCLEVBQUUsQ0FBQztZQUMzQixJQUFJLENBQUM7Z0JBQ0gsTUFBTSxDQUFDLEdBQUcsQ0FBQyxNQUFNLEVBQUUsNENBQTRDLENBQUMsQ0FBQztnQkFDakUsTUFBTSxNQUFNLEdBQUcsTUFBTSxJQUFJLENBQUMsTUFBTSxDQUFDLFdBQVcsQ0FBQyxpQkFBaUIsRUFBRSxJQUFJLENBQUMsaUJBQWlCLENBQUMsQ0FBQztnQkFDeEYsSUFBSSxNQUFNLEVBQUUsT0FBTyxFQUFFLENBQUM7b0JBQ3BCLE1BQU0sQ0FBQyxHQUFHLENBQUMsTUFBTSxFQUFFLDJDQUEyQyxDQUFDLENBQUM7Z0JBQ2xFLENBQUM7cUJBQU0sQ0FBQztvQkFDTixNQUFNLENBQUMsR0FBRyxDQUFDLE1BQU0sRUFBRSxvREFBb0QsQ0FBQyxDQUFDO2dCQUMzRSxDQUFDO1lBQ0gsQ0FBQztZQUFDLE9BQU8sR0FBRyxFQUFFLENBQUM7Z0JBQ2IsTUFBTSxDQUFDLEdBQUcsQ0FBQyxPQUFPLEVBQUUsZ0RBQWlELEdBQWEsQ0FBQyxPQUFPLEVBQUUsQ0FBQyxDQUFDO1lBQ2hHLENBQUM7UUFDSCxDQUFDO0lBQ0gsQ0FBQztJQUVELDBFQUEwRTtJQUMxRSxlQUFlO0lBQ2YsMEVBQTBFO0lBRWxFLGdCQUFnQjtRQUN0QixJQUFJLENBQUMsZUFBZSxFQUFFLENBQUM7UUFDdkIsTUFBTSxNQUFNLEdBQUcsa0JBQWtCLENBQUMsaUJBQWlCLENBQUM7UUFFcEQsSUFBSSxDQUFDLGlCQUFpQixHQUFHLFdBQVcsQ0FBQyxLQUFLLElBQUksRUFBRTtZQUM5QyxJQUFJLElBQUksQ0FBQyxNQUFNLEtBQUssV0FBVyxDQUFDLE9BQU8sSUFBSSxDQUFDLElBQUksQ0FBQyxRQUFRLEVBQUUsQ0FBQztnQkFDMUQsT0FBTztZQUNULENBQUM7WUFFRCxJQUFJLENBQUM7Z0JBQ0gsTUFBTSxXQUFXLEdBQUcsSUFBSSxDQUFDLE1BQU0sQ0FBQyxXQUFXLENBQUMsTUFBTSxFQUFFLEVBQVMsQ0FBQyxDQUFDO2dCQUMvRCxNQUFNLGNBQWMsR0FBRyxJQUFJLE9BQU8sQ0FBUSxDQUFDLENBQUMsRUFBRSxNQUFNLEVBQUUsRUFBRSxDQUN0RCxVQUFVLENBQUMsR0FBRyxFQUFFLENBQUMsTUFBTSxDQUFDLElBQUksS0FBSyxDQUFDLHNCQUFzQixDQUFDLENBQUMsRUFBRSxNQUFNLENBQUMsb0JBQW9CLENBQUMsQ0FDekYsQ0FBQztnQkFDRixNQUFNLEdBQUcsR0FBRyxNQUFNLE9BQU8sQ0FBQyxJQUFJLENBQUMsQ0FBQyxXQUFXLEVBQUUsY0FBYyxDQUFDLENBQUMsQ0FBQztnQkFDOUQsSUFBSSxDQUFFLEdBQVcsRUFBRSxJQUFJLEVBQUUsQ0FBQztvQkFDeEIsTUFBTSxJQUFJLEtBQUssQ0FBQyx3Q0FBd0MsQ0FBQyxDQUFDO2dCQUM1RCxDQUFDO1lBQ0gsQ0FBQztZQUFDLE9BQU8sR0FBRyxFQUFFLENBQUM7Z0JBQ2IsTUFBTSxDQUFDLEdBQUcsQ0FBQyxNQUFNLEVBQUUsb0NBQXFDLEdBQWEsQ0FBQyxPQUFPLHVDQUF1QyxDQUFDLENBQUM7Z0JBQ3RILElBQUksQ0FBQztvQkFDSCxJQUFJLENBQUMsTUFBTSxDQUFDLElBQUksRUFBRSxDQUFDO2dCQUNyQixDQUFDO2dCQUFDLE1BQU0sQ0FBQztvQkFDUCxlQUFlO2dCQUNqQixDQUFDO2dCQUNELGlEQUFpRDtZQUNuRCxDQUFDO1FBQ0gsQ0FBQyxFQUFFLE1BQU0sQ0FBQyxxQkFBcUIsQ0FBQyxDQUFDO0lBQ25DLENBQUM7SUFFTyxlQUFlO1FBQ3JCLElBQUksSUFBSSxDQUFDLGlCQUFpQixFQUFFLENBQUM7WUFDM0IsYUFBYSxDQUFDLElBQUksQ0FBQyxpQkFBaUIsQ0FBQyxDQUFDO1lBQ3RDLElBQUksQ0FBQyxpQkFBaUIsR0FBRyxJQUFJLENBQUM7UUFDaEMsQ0FBQztJQUNILENBQUM7SUFFRCwwRUFBMEU7SUFDMUUsa0RBQWtEO0lBQ2xELDBFQUEwRTtJQUUxRSw2QkFBNkI7SUFDdEIsS0FBSyxDQUFDLElBQUk7UUFDZixJQUFJLENBQUMsYUFBYSxFQUFFLENBQUM7UUFDckIsTUFBTSxHQUFHLEdBQUcsTUFBTSxJQUFJLENBQUMsTUFBTSxDQUFDLFdBQVcsQ0FBQyxNQUFNLEVBQUUsRUFBUyxDQUFDLENBQUM7UUFDN0QsT0FBTyxHQUFHLEVBQUUsSUFBSSxLQUFLLElBQUksQ0FBQztJQUM1QixDQUFDO0lBRUQsbURBQW1EO0lBQzVDLEtBQUssQ0FBQyxVQUFVO1FBQ3JCLElBQUksQ0FBQyxhQUFhLEVBQUUsQ0FBQztRQUNyQixPQUFPLElBQUksQ0FBQyxNQUFNLENBQUMsV0FBVyxDQUFDLFNBQVMsRUFBRSxFQUFTLENBQUMsQ0FBQztJQUN2RCxDQUFDO0lBRUQsaUNBQWlDO0lBQzFCLEtBQUssQ0FBQyxhQUFhLENBQUMsS0FBYTtRQUN0QyxJQUFJLENBQUMsYUFBYSxFQUFFLENBQUM7UUFDckIsT0FBTyxJQUFJLENBQUMsTUFBTSxDQUFDLFdBQVcsQ0FBQyxlQUFlLEVBQUUsRUFBRSxLQUFLLEVBQUUsQ0FBQyxDQUFDO0lBQzdELENBQUM7SUFFRCwrREFBK0Q7SUFDeEQsS0FBSyxDQUFDLFlBQVksQ0FBQyxJQUl6QjtRQUNDLElBQUksQ0FBQyxhQUFhLEVBQUUsQ0FBQztRQUNyQixPQUFPLElBQUksQ0FBQyxNQUFNLENBQUMsV0FBVyxDQUFDLGNBQWMsRUFBRSxJQUFJLENBQUMsQ0FBQztJQUN2RCxDQUFDO0lBRUQsc0VBQXNFO0lBQy9ELEtBQUssQ0FBQyxXQUFXLENBQUMsSUFLeEI7UUFDQyxJQUFJLENBQUMsYUFBYSxFQUFFLENBQUM7UUFDckIsT0FBTyxJQUFJLENBQUMsTUFBTSxDQUFDLFdBQVcsQ0FBQyxhQUFhLEVBQUUsSUFBSSxDQUFDLENBQUM7SUFDdEQsQ0FBQztJQUVELHFDQUFxQztJQUM5QixLQUFLLENBQUMsaUJBQWlCLENBQUMsRUFBVTtRQUN2QyxJQUFJLENBQUMsYUFBYSxFQUFFLENBQUM7UUFDckIsT0FBTyxJQUFJLENBQUMsTUFBTSxDQUFDLFdBQVcsQ0FBQyxtQkFBbUIsRUFBRSxFQUFFLEVBQUUsRUFBRSxDQUFDLENBQUM7SUFDOUQsQ0FBQztJQUVELHFEQUFxRDtJQUM5QyxLQUFLLENBQUMsVUFBVSxDQUFDLFVBQWtCO1FBQ3hDLElBQUksQ0FBQyxhQUFhLEVBQUUsQ0FBQztRQUNyQixPQUFPLElBQUksQ0FBQyxNQUFNLENBQUMsV0FBVyxDQUFDLFlBQVksRUFBRSxFQUFFLFVBQVUsRUFBRSxDQUFDLENBQUM7SUFDL0QsQ0FBQztJQUVELGdEQUFnRDtJQUN6QyxLQUFLLENBQUMsUUFBUSxDQUFDLElBTXJCO1FBQ0MsSUFBSSxDQUFDLGFBQWEsRUFBRSxDQUFDO1FBQ3JCLE9BQU8sSUFBSSxDQUFDLE1BQU0sQ0FBQyxXQUFXLENBQUMsVUFBVSxFQUFFLElBQUksQ0FBQyxDQUFDO0lBQ25ELENBQUM7SUFFRCw4QkFBOEI7SUFDdkIsS0FBSyxDQUFDLFFBQVEsQ0FBQyxJQUtyQjtRQUNDLElBQUksQ0FBQyxhQUFhLEVBQUUsQ0FBQztRQUNyQixPQUFPLElBQUksQ0FBQyxNQUFNLENBQUMsV0FBVyxDQUFDLFVBQVUsRUFBRSxJQUFJLENBQUMsQ0FBQztJQUNuRCxDQUFDO0lBRUQ7Ozs7O09BS0c7SUFDSSxLQUFLLENBQUMsV0FBVyxDQUFDLElBTXhCO1FBQ0MsSUFBSSxDQUFDLGFBQWEsRUFBRSxDQUFDO1FBQ3JCLE9BQU8sSUFBSSxDQUFDLE1BQU0sQ0FBQyxXQUFXLENBQUMsYUFBYSxFQUFFLElBQUksQ0FBQyxDQUFDO0lBQ3RELENBQUM7SUFFRCwwRUFBMEU7SUFDMUUsaURBQWlEO0lBQ2pELDBFQUEwRTtJQUUxRSx3REFBd0Q7SUFDakQsS0FBSyxDQUFDLGlCQUFpQixDQUFDLElBQXNCO1FBQ25ELElBQUksQ0FBQyxhQUFhLEVBQUUsQ0FBQztRQUNyQixPQUFPLElBQUksQ0FBQyxNQUFNLENBQUMsV0FBVyxDQUFDLFdBQVcsRUFBRSxJQUFJLENBQUMsQ0FBQztJQUNwRCxDQUFDO0lBRUQsK0RBQStEO0lBQ3hELEtBQUssQ0FBQyxZQUFZLENBQUMsSUFBeUI7UUFDakQsSUFBSSxDQUFDLGFBQWEsRUFBRSxDQUFDO1FBQ3JCLE9BQU8sSUFBSSxDQUFDLE1BQU0sQ0FBQyxXQUFXLENBQUMsY0FBYyxFQUFFLElBQUksQ0FBQyxDQUFDO0lBQ3ZELENBQUM7SUFFRCw2Q0FBNkM7SUFDdEMsS0FBSyxDQUFDLG9CQUFvQixDQUFDLElBQXdCO1FBQ3hELElBQUksQ0FBQyxhQUFhLEVBQUUsQ0FBQztRQUNyQixPQUFPLElBQUksQ0FBQyxNQUFNLENBQUMsV0FBVyxDQUFDLHNCQUFzQixFQUFFLElBQUksQ0FBQyxDQUFDO0lBQy9ELENBQUM7SUFFRCwwRUFBMEU7SUFDbkUsS0FBSyxDQUFDLGFBQWEsQ0FBQyxPQUFnQjtRQUN6QyxJQUFJLENBQUMsYUFBYSxFQUFFLENBQUM7UUFDckIsTUFBTSxJQUFJLENBQUMsTUFBTSxDQUFDLFdBQVcsQ0FBQyxlQUFlLEVBQUUsT0FBTyxDQUFDLENBQUMsQ0FBQyxFQUFFLE9BQU8sRUFBRSxDQUFDLENBQUMsQ0FBRSxFQUFVLENBQUMsQ0FBQztJQUN0RixDQUFDO0lBRUQsc0RBQXNEO0lBQy9DLEtBQUssQ0FBQyxpQkFBaUI7UUFDNUIsSUFBSSxDQUFDLGFBQWEsRUFBRSxDQUFDO1FBQ3JCLE9BQU8sSUFBSSxDQUFDLE1BQU0sQ0FBQyxXQUFXLENBQUMsbUJBQW1CLEVBQUUsRUFBUyxDQUFDLENBQUM7SUFDakUsQ0FBQztJQUVELDBFQUEwRTtJQUMxRSx3QkFBd0I7SUFDeEIsMEVBQTBFO0lBRTFFOzs7O09BSUc7SUFDSSxLQUFLLENBQUMsZUFBZSxDQUFDLE1BQXlCO1FBQ3BELElBQUksQ0FBQyxhQUFhLEVBQUUsQ0FBQztRQUNyQixJQUFJLENBQUMsaUJBQWlCLEdBQUcsTUFBTSxDQUFDO1FBQ2hDLE1BQU0sTUFBTSxHQUFHLE1BQU0sSUFBSSxDQUFDLE1BQU0sQ0FBQyxXQUFXLENBQUMsaUJBQWlCLEVBQUUsTUFBTSxDQUFDLENBQUM7UUFDeEUsT0FBTyxNQUFNLEVBQUUsT0FBTyxLQUFLLElBQUksQ0FBQztJQUNsQyxDQUFDO0lBRUQsaUNBQWlDO0lBQzFCLEtBQUssQ0FBQyxjQUFjO1FBQ3pCLElBQUksQ0FBQyxhQUFhLEVBQUUsQ0FBQztRQUNyQixJQUFJLENBQUMsaUJBQWlCLEdBQUcsSUFBSSxDQUFDO1FBQzlCLE1BQU0sSUFBSSxDQUFDLE1BQU0sQ0FBQyxXQUFXLENBQUMsZ0JBQWdCLEVBQUUsRUFBUyxDQUFDLENBQUM7SUFDN0QsQ0FBQztJQUVEOzs7O09BSUc7SUFDSSxLQUFLLENBQUMseUJBQXlCLENBQUMsSUFLdEM7UUFDQyxJQUFJLENBQUMsYUFBYSxFQUFFLENBQUM7UUFDckIsTUFBTSxJQUFJLENBQUMsTUFBTSxDQUFDLFdBQVcsQ0FBQyx1QkFBdUIsRUFBRSxJQUFJLENBQUMsQ0FBQztJQUMvRCxDQUFDO0lBRUQ7O09BRUc7SUFDSSxLQUFLLENBQUMsY0FBYyxDQUFDLElBSTNCO1FBQ0MsSUFBSSxDQUFDLGFBQWEsRUFBRSxDQUFDO1FBQ3JCLE1BQU0sSUFBSSxDQUFDLE1BQU0sQ0FBQyxXQUFXLENBQUMsWUFBWSxFQUFFLElBQUksQ0FBQyxDQUFDO0lBQ3BELENBQUM7SUFFRDs7O09BR0c7SUFDSSxLQUFLLENBQUMseUJBQXlCLENBQUMsSUFPdEM7UUFDQyxJQUFJLENBQUMsYUFBYSxFQUFFLENBQUM7UUFDckIsTUFBTSxJQUFJLENBQUMsTUFBTSxDQUFDLFdBQVcsQ0FBQyx1QkFBdUIsRUFBRSxJQUFJLENBQUMsQ0FBQztJQUMvRCxDQUFDO0lBRUQsa0RBQWtEO0lBQzNDLEtBQUssQ0FBQyxtQkFBbUIsQ0FBQyxNQUF3QjtRQUN2RCxJQUFJLENBQUMsYUFBYSxFQUFFLENBQUM7UUFDckIsTUFBTSxJQUFJLENBQUMsTUFBTSxDQUFDLFdBQVcsQ0FBQyxxQkFBcUIsRUFBRSxNQUFNLENBQUMsQ0FBQztJQUMvRCxDQUFDO0lBRUQsMEVBQTBFO0lBQzFFLHVFQUF1RTtJQUN2RSwwRUFBMEU7SUFFMUU7OztPQUdHO0lBQ0ksZUFBZSxDQUFDLE9BQTRDO1FBQ2pFLElBQUksQ0FBQyxNQUFNLENBQUMsRUFBRSxDQUFDLDBCQUEwQixFQUFFLE9BQU8sQ0FBQyxDQUFDO0lBQ3RELENBQUM7SUFFRDs7O09BR0c7SUFDSSxhQUFhLENBQUMsT0FBMEM7UUFDN0QsSUFBSSxDQUFDLE1BQU0sQ0FBQyxFQUFFLENBQUMsd0JBQXdCLEVBQUUsT0FBTyxDQUFDLENBQUM7SUFDcEQsQ0FBQztJQUVEOzs7T0FHRztJQUNJLHdCQUF3QixDQUFDLE9BQXFEO1FBQ25GLElBQUksQ0FBQyxNQUFNLENBQUMsRUFBRSxDQUFDLG1DQUFtQyxFQUFFLE9BQU8sQ0FBQyxDQUFDO0lBQy9ELENBQUM7SUFFRCw2Q0FBNkM7SUFDdEMsZ0JBQWdCLENBQUMsT0FBNEM7UUFDbEUsSUFBSSxDQUFDLE1BQU0sQ0FBQyxHQUFHLENBQUMsMEJBQTBCLEVBQUUsT0FBTyxDQUFDLENBQUM7SUFDdkQsQ0FBQztJQUVELDJDQUEyQztJQUNwQyxjQUFjLENBQUMsT0FBMEM7UUFDOUQsSUFBSSxDQUFDLE1BQU0sQ0FBQyxHQUFHLENBQUMsd0JBQXdCLEVBQUUsT0FBTyxDQUFDLENBQUM7SUFDckQsQ0FBQztJQUVELHFEQUFxRDtJQUM5Qyx5QkFBeUIsQ0FBQyxPQUFxRDtRQUNwRixJQUFJLENBQUMsTUFBTSxDQUFDLEdBQUcsQ0FBQyxtQ0FBbUMsRUFBRSxPQUFPLENBQUMsQ0FBQztJQUNoRSxDQUFDIn0=

package/dist_ts/security/classes.securitylogger.d.ts

@@ -0,0 +1,140 @@
+/**
+ * Log level for security events
+ */
+export declare enum SecurityLogLevel {
+    INFO = "info",
+    WARN = "warn",
+    ERROR = "error",
+    CRITICAL = "critical"
+}
+/**
+ * Security event types for categorization
+ */
+export declare enum SecurityEventType {
+    AUTHENTICATION = "authentication",
+    ACCESS_CONTROL = "access_control",
+    EMAIL_VALIDATION = "email_validation",
+    EMAIL_PROCESSING = "email_processing",
+    EMAIL_FORWARDING = "email_forwarding",
+    EMAIL_DELIVERY = "email_delivery",
+    DKIM = "dkim",
+    SPF = "spf",
+    DMARC = "dmarc",
+    RATE_LIMIT = "rate_limit",
+    RATE_LIMITING = "rate_limiting",
+    SPAM = "spam",
+    MALWARE = "malware",
+    CONNECTION = "connection",
+    DATA_EXPOSURE = "data_exposure",
+    CONFIGURATION = "configuration",
+    IP_REPUTATION = "ip_reputation",
+    REJECTED_CONNECTION = "rejected_connection"
+}
+/**
+ * Security event interface
+ */
+export interface ISecurityEvent {
+    timestamp: number;
+    level: SecurityLogLevel;
+    type: SecurityEventType;
+    message: string;
+    details?: any;
+    ipAddress?: string;
+    userId?: string;
+    sessionId?: string;
+    emailId?: string;
+    domain?: string;
+    action?: string;
+    result?: string;
+    success?: boolean;
+}
+/**
+ * Security logger for enhanced security monitoring
+ */
+export declare class SecurityLogger {
+    private static instance;
+    private securityEvents;
+    private maxEventHistory;
+    private enableNotifications;
+    private constructor();
+    /**
+     * Get singleton instance
+     */
+    static getInstance(options?: {
+        maxEventHistory?: number;
+        enableNotifications?: boolean;
+    }): SecurityLogger;
+    /**
+     * Log a security event
+     * @param event The security event to log
+     */
+    logEvent(event: Omit<ISecurityEvent, 'timestamp'>): void;
+    /**
+     * Get recent security events
+     * @param limit Maximum number of events to return
+     * @param filter Filter for specific event types
+     * @returns Recent security events
+     */
+    getRecentEvents(limit?: number, filter?: {
+        level?: SecurityLogLevel;
+        type?: SecurityEventType;
+        fromTimestamp?: number;
+        toTimestamp?: number;
+    }): ISecurityEvent[];
+    /**
+     * Get events by security level
+     * @param level The security level to filter by
+     * @param limit Maximum number of events to return
+     * @returns Security events matching the level
+     */
+    getEventsByLevel(level: SecurityLogLevel, limit?: number): ISecurityEvent[];
+    /**
+     * Get events by security type
+     * @param type The event type to filter by
+     * @param limit Maximum number of events to return
+     * @returns Security events matching the type
+     */
+    getEventsByType(type: SecurityEventType, limit?: number): ISecurityEvent[];
+    /**
+     * Get security events for a specific IP address
+     * @param ipAddress The IP address to filter by
+     * @param limit Maximum number of events to return
+     * @returns Security events for the IP address
+     */
+    getEventsByIP(ipAddress: string, limit?: number): ISecurityEvent[];
+    /**
+     * Get security events for a specific domain
+     * @param domain The domain to filter by
+     * @param limit Maximum number of events to return
+     * @returns Security events for the domain
+     */
+    getEventsByDomain(domain: string, limit?: number): ISecurityEvent[];
+    /**
+     * Send a notification for critical security events
+     * @param event The security event to notify about
+     * @private
+     */
+    private sendNotification;
+    /**
+     * Clear event history
+     */
+    clearEvents(): void;
+    /**
+     * Get statistical summary of security events
+     * @param timeWindow Optional time window in milliseconds
+     * @returns Summary of security events
+     */
+    getEventsSummary(timeWindow?: number): {
+        total: number;
+        byLevel: Record<SecurityLogLevel, number>;
+        byType: Record<SecurityEventType, number>;
+        topIPs: Array<{
+            ip: string;
+            count: number;
+        }>;
+        topDomains: Array<{
+            domain: string;
+            count: number;
+        }>;
+    };
+}