@q32/signal-scanner 0.1.0 → 0.1.1

package/dist/dynamic.d.ts

@@ -0,0 +1,43 @@
+import { type Finding } from "./index.js";
+export interface NetworkAttempt {
+    kind: "fetch" | "xhr" | "beacon" | "websocket" | "script" | "image" | "form";
+    url: string;
+}
+export interface BehaviorReport {
+    redirects: string[];
+    network: NetworkAttempt[];
+    writes: string[];
+    evals: string[];
+    decoded: string[];
+    cookies: string[];
+    errors: string[];
+}
+export interface DynamicAnalysisOptions {
+    /** Base/page URL, used to resolve relative targets and classify off-origin. */
+    url?: string;
+}
+/** The caller supplies one of these: "run these scripts in an isolate, give me what they attempted." */
+export type IsolatedEvaluator = (scripts: string[], options: DynamicAnalysisOptions) => BehaviorReport | Promise<BehaviorReport>;
+export declare const RECORDER_SOURCE: string;
+/** Extract inline <script> bodies (no src) from HTML. */
+export declare function extractInlineScripts(html: string): string[];
+export declare function extractScriptSources(html: string): string[];
+/**
+ * In-process default evaluator. Runs the recorder in THIS isolate (no boundary).
+ * Use analyzeDynamicWith with a caller-supplied evaluator when isolation matters.
+ */
+export declare function runInstrumented(scripts: string[], options?: DynamicAnalysisOptions): BehaviorReport;
+/** Full in-process pass: extract inline scripts, record behavior, turn it into findings. */
+export declare function analyzeDynamic(html: string, options?: DynamicAnalysisOptions): {
+    report: BehaviorReport;
+    findings: Finding[];
+};
+/** Generic seam: the caller supplies how scripts are evaluated (in whatever isolate it has). */
+export declare function analyzeDynamicWith(html: string, options: DynamicAnalysisOptions, evaluate: IsolatedEvaluator): Promise<{
+    report: BehaviorReport;
+    findings: Finding[];
+}>;
+/** Map recorded behavior to scanner findings, re-scanning injected markup and decoded/eval'd code. */
+export declare function behaviorFindings(report: BehaviorReport, baseUrl?: string): Finding[];
+export declare function discoveredUrlsFromBehavior(report: BehaviorReport, baseUrl?: string): string[];
+//# sourceMappingURL=dynamic.d.ts.map

package/dist/dynamic.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"dynamic.d.ts","sourceRoot":"","sources":["../src/dynamic.ts"],"names":[],"mappings":"AAmBA,OAAO,EAA4E,KAAK,OAAO,EAAkC,MAAM,YAAY,CAAC;AAGpJ,MAAM,WAAW,cAAc;IAC7B,IAAI,EAAE,OAAO,GAAG,KAAK,GAAG,QAAQ,GAAG,WAAW,GAAG,QAAQ,GAAG,OAAO,GAAG,MAAM,CAAC;IAC7E,GAAG,EAAE,MAAM,CAAC;CACb;AAED,MAAM,WAAW,cAAc;IAC7B,SAAS,EAAE,MAAM,EAAE,CAAC;IACpB,OAAO,EAAE,cAAc,EAAE,CAAC;IAC1B,MAAM,EAAE,MAAM,EAAE,CAAC;IACjB,KAAK,EAAE,MAAM,EAAE,CAAC;IAChB,OAAO,EAAE,MAAM,EAAE,CAAC;IAClB,OAAO,EAAE,MAAM,EAAE,CAAC;IAClB,MAAM,EAAE,MAAM,EAAE,CAAC;CAClB;AAED,MAAM,WAAW,sBAAsB;IACrC,+EAA+E;IAC/E,GAAG,CAAC,EAAE,MAAM,CAAC;CACd;AAED,wGAAwG;AACxG,MAAM,MAAM,iBAAiB,GAAG,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE,OAAO,EAAE,sBAAsB,KAAK,cAAc,GAAG,OAAO,CAAC,cAAc,CAAC,CAAC;AAUjI,eAAO,MAAM,eAAe,QA6D3B,CAAC;AAWF,yDAAyD;AACzD,wBAAgB,oBAAoB,CAAC,IAAI,EAAE,MAAM,GAAG,MAAM,EAAE,CAU3D;AAID,wBAAgB,oBAAoB,CAAC,IAAI,EAAE,MAAM,GAAG,MAAM,EAAE,CAM3D;AAED;;;GAGG;AACH,wBAAgB,eAAe,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE,OAAO,GAAE,sBAA2B,GAAG,cAAc,CAMvG;AAED,4FAA4F;AAC5F,wBAAgB,cAAc,CAAC,IAAI,EAAE,MAAM,EAAE,OAAO,GAAE,sBAA2B,GAAG;IAAE,MAAM,EAAE,cAAc,CAAC;IAAC,QAAQ,EAAE,OAAO,EAAE,CAAA;CAAE,CAGlI;AAED,gGAAgG;AAChG,wBAAsB,kBAAkB,CACtC,IAAI,EAAE,MAAM,EACZ,OAAO,EAAE,sBAAsB,EAC/B,QAAQ,EAAE,iBAAiB,GAC1B,OAAO,CAAC;IAAE,MAAM,EAAE,cAAc,CAAC;IAAC,QAAQ,EAAE,OAAO,EAAE,CAAA;CAAE,CAAC,CAI1D;AASD,sGAAsG;AACtG,wBAAgB,gBAAgB,CAAC,MAAM,EAAE,cAAc,EAAE,OAAO,CAAC,EAAE,MAAM,GAAG,OAAO,EAAE,CA2CpF;AAOD,wBAAgB,0BAA0B,CAAC,MAAM,EAAE,cAAc,EAAE,OAAO,CAAC,EAAE,MAAM,GAAG,MAAM,EAAE,CAW7F"}

package/{src/dynamic.ts → dist/dynamic.js}

@@ -16,42 +16,15 @@
 //     for when no isolate boundary is needed.
 //   - analyzeDynamicWith(html, opts, evaluate): the generic seam — the caller
 //     passes an `evaluate` that produces a BehaviorReport however it likes.
-
-import { assessRedirect, createScanner, isAdOrAnalyticsHost, registrableDomainFor, type Finding, type Severity, type Confidence } from "./index";
-import type { RuleScoreModel } from "./rules/types";
-
-export interface NetworkAttempt {
-  kind: "fetch" | "xhr" | "beacon" | "websocket" | "script" | "image" | "form";
-  url: string;
-}
-
-export interface BehaviorReport {
-  redirects: string[];
-  network: NetworkAttempt[];
-  writes: string[];
-  evals: string[];
-  decoded: string[];
-  cookies: string[];
-  errors: string[];
-}
-
-export interface DynamicAnalysisOptions {
-  /** Base/page URL, used to resolve relative targets and classify off-origin. */
-  url?: string;
-}
-
-/** The caller supplies one of these: "run these scripts in an isolate, give me what they attempted." */
-export type IsolatedEvaluator = (scripts: string[], options: DynamicAnalysisOptions) => BehaviorReport | Promise<BehaviorReport>;
-
-const EMPTY_REPORT: BehaviorReport = { redirects: [], network: [], writes: [], evals: [], decoded: [], cookies: [], errors: [] };
-
+import { assessRedirect, createScanner, isAdOrAnalyticsHost, registrableDomainFor } from "./index.js";
+const EMPTY_REPORT = { redirects: [], network: [], writes: [], evals: [], decoded: [], cookies: [], errors: [] };
 // Self-contained recorder. Evaluating this source defines `recordBehavior(scripts, url)`
 // which returns a BehaviorReport. It references only standard globals (URL, atob,
 // btoa, Proxy) available in any JS isolate — no imports, no transport, no
 // assumptions about how it is hosted. Inline scripts run via `new Function` with
 // the dangerous globals shadowed by recorder stubs (sloppy mode so `eval` /
 // `Function` can be shadowed as parameters).
-export const RECORDER_SOURCE = String.raw`
+export const RECORDER_SOURCE = String.raw `
 function recordBehavior(scripts, url) {
   var report = { redirects: [], network: [], writes: [], evals: [], decoded: [], cookies: [], errors: [] };
   var resolve = function (v) { var raw = String(v == null ? "" : v); try { return url ? new URL(raw, url).toString() : raw; } catch (e) { return raw; } };
@@ -113,161 +86,165 @@ function recordBehavior(scripts, url) {
   return report;
 }
 `;
-
-let compiledRecorder: ((scripts: string[], url?: string) => BehaviorReport) | null = null;
-function inProcessRecorder(): (scripts: string[], url?: string) => BehaviorReport {
-  if (!compiledRecorder) {
-    // eslint-disable-next-line no-new-func
-    compiledRecorder = new Function(`${RECORDER_SOURCE}\nreturn recordBehavior;`)() as (scripts: string[], url?: string) => BehaviorReport;
-  }
-  return compiledRecorder;
+let compiledRecorder = null;
+function inProcessRecorder() {
+    if (!compiledRecorder) {
+        // eslint-disable-next-line no-new-func
+        compiledRecorder = new Function(`${RECORDER_SOURCE}\nreturn recordBehavior;`)();
+    }
+    return compiledRecorder;
 }
-
 /** Extract inline <script> bodies (no src) from HTML. */
-export function extractInlineScripts(html: string): string[] {
-  const scripts: string[] = [];
-  for (const match of html.matchAll(/<script\b([^>]*)>([\s\S]*?)<\/script>/gi)) {
-    const attrs = match[1] ?? "";
-    if (/\bsrc\s*=/i.test(attrs)) continue; // external scripts are fetched + scanned separately
-    if (/\btype\s*=\s*["']?(?:application\/json|application\/ld\+json|text\/template)/i.test(attrs)) continue;
-    const body = match[2]?.trim();
-    if (body) scripts.push(body);
-  }
-  return scripts;
+export function extractInlineScripts(html) {
+    const scripts = [];
+    for (const match of html.matchAll(/<script\b([^>]*)>([\s\S]*?)<\/script>/gi)) {
+        const attrs = match[1] ?? "";
+        if (/\bsrc\s*=/i.test(attrs))
+            continue; // external scripts are fetched + scanned separately
+        if (/\btype\s*=\s*["']?(?:application\/json|application\/ld\+json|text\/template)/i.test(attrs))
+            continue;
+        const body = match[2]?.trim();
+        if (body)
+            scripts.push(body);
+    }
+    return scripts;
 }
-
 // Source URLs of external scripts the page loads (<script src=...>). A renderer
 // fetches and runs these against the DOM, where externally-injected forms appear.
-export function extractScriptSources(html: string): string[] {
-  const sources: string[] = [];
-  for (const match of html.matchAll(/<script\b[^>]*\bsrc\s*=\s*["']([^"']+)["'][^>]*>/gi)) {
-    if (match[1]) sources.push(match[1]);
-  }
-  return [...new Set(sources)];
+export function extractScriptSources(html) {
+    const sources = [];
+    for (const match of html.matchAll(/<script\b[^>]*\bsrc\s*=\s*["']([^"']+)["'][^>]*>/gi)) {
+        if (match[1])
+            sources.push(match[1]);
+    }
+    return [...new Set(sources)];
 }
-
 /**
  * In-process default evaluator. Runs the recorder in THIS isolate (no boundary).
  * Use analyzeDynamicWith with a caller-supplied evaluator when isolation matters.
  */
-export function runInstrumented(scripts: string[], options: DynamicAnalysisOptions = {}): BehaviorReport {
-  try {
-    return inProcessRecorder()(scripts, options.url);
-  } catch (error) {
-    return { ...EMPTY_REPORT, errors: [error instanceof Error ? error.message : "recorder failed"] };
-  }
+export function runInstrumented(scripts, options = {}) {
+    try {
+        return inProcessRecorder()(scripts, options.url);
+    }
+    catch (error) {
+        return { ...EMPTY_REPORT, errors: [error instanceof Error ? error.message : "recorder failed"] };
+    }
 }
-
 /** Full in-process pass: extract inline scripts, record behavior, turn it into findings. */
-export function analyzeDynamic(html: string, options: DynamicAnalysisOptions = {}): { report: BehaviorReport; findings: Finding[] } {
-  const report = runInstrumented(extractInlineScripts(html), options);
-  return { report, findings: behaviorFindings(report, options.url) };
+export function analyzeDynamic(html, options = {}) {
+    const report = runInstrumented(extractInlineScripts(html), options);
+    return { report, findings: behaviorFindings(report, options.url) };
 }
-
 /** Generic seam: the caller supplies how scripts are evaluated (in whatever isolate it has). */
-export async function analyzeDynamicWith(
-  html: string,
-  options: DynamicAnalysisOptions,
-  evaluate: IsolatedEvaluator
-): Promise<{ report: BehaviorReport; findings: Finding[] }> {
-  const scripts = extractInlineScripts(html);
-  const report = scripts.length ? await evaluate(scripts, options) : EMPTY_REPORT;
-  return { report, findings: behaviorFindings(report, options.url) };
+export async function analyzeDynamicWith(html, options, evaluate) {
+    const scripts = extractInlineScripts(html);
+    const report = scripts.length ? await evaluate(scripts, options) : EMPTY_REPORT;
+    return { report, findings: behaviorFindings(report, options.url) };
 }
-
-const EXFIL_SCORE: RuleScoreModel = { base: 72, tags: ["exfiltration", "script"] };
-const OFFSITE_REQUEST_SCORE: RuleScoreModel = { base: 8, tags: ["script"] };
-const REDIRECT_SCORE: RuleScoreModel = { base: 45, tags: ["redirect", "script"] };
+const EXFIL_SCORE = { base: 72, tags: ["exfiltration", "script"] };
+const OFFSITE_REQUEST_SCORE = { base: 8, tags: ["script"] };
+const REDIRECT_SCORE = { base: 45, tags: ["redirect", "script"] };
 // eval/Function/string-timer use is ubiquitous in legitimate bundles — weak
 // alone. The re-scan of what they produce (below) is where real convictions come from.
-const EVAL_SCORE: RuleScoreModel = { base: 12, tags: ["obfuscation", "script"], maxGroup: "dynamic-code" };
-
+const EVAL_SCORE = { base: 12, tags: ["obfuscation", "script"], maxGroup: "dynamic-code" };
 /** Map recorded behavior to scanner findings, re-scanning injected markup and decoded/eval'd code. */
-export function behaviorFindings(report: BehaviorReport, baseUrl?: string): Finding[] {
-  const findings: Finding[] = [];
-  let i = 0;
-  const add = (severity: Severity, confidence: Confidence, model: RuleScoreModel, ruleId: string, title: string, description: string, location: string, metadata: Record<string, unknown>) => {
-    findings.push({ id: `${ruleId}:${i++}`, ruleId, severity, confidence, score: model.base, scoreModel: model, title, description, locationType: "javascript", locationValue: location, metadata });
-  };
-
-  for (const target of report.network) {
-    // An off-site runtime request is NOT exfiltration on its own — legit sites
-    // constantly fetch their own subdomains, CDNs, payment processors, analytics
-    // and APIs. Only convict (high) when the destination host ITSELF looks
-    // suspicious (shortener, suspicious TLD, punycode, IP literal, shared/
-    // generated host) — the actual sketchy-endpoint exfil pattern. A request to
-    // an ordinary off-site domain is recorded as a low-signal note, not a flag.
-    if (!isThirdPartyTarget(target.url, baseUrl)) continue;
-    const suspiciousDestination = baseUrl ? assessRedirect(baseUrl, target.url)?.destinationSuspicious ?? false : false;
-    if (suspiciousDestination) {
-      add("high", "high", EXFIL_SCORE, "runtime_offsite_exfil", `Runtime ${target.kind} to a suspicious off-site endpoint`, `Page JavaScript issued a ${target.kind} request to a suspicious unrelated host at runtime — a common credential/data exfiltration pattern.`, target.url, { kind: target.kind });
-    } else {
-      add("info", "low", OFFSITE_REQUEST_SCORE, "runtime_offsite_request", `Runtime ${target.kind} to an unrelated domain`, `Page JavaScript issued a ${target.kind} request to an unrelated (but not obviously suspicious) domain at runtime.`, target.url, { kind: target.kind });
+export function behaviorFindings(report, baseUrl) {
+    const findings = [];
+    let i = 0;
+    const add = (severity, confidence, model, ruleId, title, description, location, metadata) => {
+        findings.push({ id: `${ruleId}:${i++}`, ruleId, severity, confidence, score: model.base, scoreModel: model, title, description, locationType: "javascript", locationValue: location, metadata });
+    };
+    for (const target of report.network) {
+        // An off-site runtime request is NOT exfiltration on its own — legit sites
+        // constantly fetch their own subdomains, CDNs, payment processors, analytics
+        // and APIs. Only convict (high) when the destination host ITSELF looks
+        // suspicious (shortener, suspicious TLD, punycode, IP literal, shared/
+        // generated host) — the actual sketchy-endpoint exfil pattern. A request to
+        // an ordinary off-site domain is recorded as a low-signal note, not a flag.
+        if (!isThirdPartyTarget(target.url, baseUrl))
+            continue;
+        const suspiciousDestination = baseUrl ? assessRedirect(baseUrl, target.url)?.destinationSuspicious ?? false : false;
+        if (suspiciousDestination) {
+            add("high", "high", EXFIL_SCORE, "runtime_offsite_exfil", `Runtime ${target.kind} to a suspicious off-site endpoint`, `Page JavaScript issued a ${target.kind} request to a suspicious unrelated host at runtime — a common credential/data exfiltration pattern.`, target.url, { kind: target.kind });
+        }
+        else {
+            add("info", "low", OFFSITE_REQUEST_SCORE, "runtime_offsite_request", `Runtime ${target.kind} to an unrelated domain`, `Page JavaScript issued a ${target.kind} request to an unrelated (but not obviously suspicious) domain at runtime.`, target.url, { kind: target.kind });
+        }
     }
-  }
-  for (const redirect of report.redirects) {
-    if (isThirdPartyTarget(redirect, baseUrl)) {
-      add("medium", "high", REDIRECT_SCORE, "runtime_offsite_redirect", "JavaScript navigated to an unrelated domain at runtime", "Page JavaScript set location to an unrelated domain — used to cloak content from scanners and route victims onward.", redirect, {});
+    for (const redirect of report.redirects) {
+        if (isThirdPartyTarget(redirect, baseUrl)) {
+            add("medium", "high", REDIRECT_SCORE, "runtime_offsite_redirect", "JavaScript navigated to an unrelated domain at runtime", "Page JavaScript set location to an unrelated domain — used to cloak content from scanners and route victims onward.", redirect, {});
+        }
     }
-  }
-  if (report.evals.length) {
-    add("low", "medium", EVAL_SCORE, "runtime_dynamic_code", "Runtime dynamic code execution", `Page JavaScript invoked eval/Function/string-timer ${report.evals.length} time(s) at runtime.`, "eval", { count: report.evals.length });
-  }
-
-  // Re-scan runtime-produced content (injected markup, decoded blobs, eval'd
-  // code) through the static scanner so existing rules apply to it.
-  const derived = [...report.writes, ...report.decoded, ...report.evals];
-  for (const chunk of derived) {
-    if (!chunk || chunk.length < 8) continue;
-    const scanner = createScanner({ source: { url: baseUrl, contentType: "text/html" } });
-    scanner.feed(new TextEncoder().encode(chunk));
-    for (const finding of scanner.finish().findings) {
-      findings.push({ ...finding, id: `dyn.${finding.ruleId}:${i++}`, metadata: { ...finding.metadata, via: "dynamic_analysis" } });
+    if (report.evals.length) {
+        add("low", "medium", EVAL_SCORE, "runtime_dynamic_code", "Runtime dynamic code execution", `Page JavaScript invoked eval/Function/string-timer ${report.evals.length} time(s) at runtime.`, "eval", { count: report.evals.length });
     }
-  }
-  return findings;
+    // Re-scan runtime-produced content (injected markup, decoded blobs, eval'd
+    // code) through the static scanner so existing rules apply to it.
+    const derived = [...report.writes, ...report.decoded, ...report.evals];
+    for (const chunk of derived) {
+        if (!chunk || chunk.length < 8)
+            continue;
+        const scanner = createScanner({ source: { url: baseUrl, contentType: "text/html" } });
+        scanner.feed(new TextEncoder().encode(chunk));
+        for (const finding of scanner.finish().findings) {
+            findings.push({ ...finding, id: `dyn.${finding.ruleId}:${i++}`, metadata: { ...finding.metadata, via: "dynamic_analysis" } });
+        }
+    }
+    return findings;
 }
-
 // URLs a page's JavaScript surfaced at runtime — redirect/navigation targets,
 // fetch/XHR/script/form endpoints, and any links embedded in markup the JS
 // injected (document.write / innerHTML). The crawler merges the same-origin
 // ones into its frontier so it CONTINUES into JS-revealed pages instead of
 // treating dynamic analysis as a dead end.
-export function discoveredUrlsFromBehavior(report: BehaviorReport, baseUrl?: string): string[] {
-  const urls = new Set<string>();
-  for (const redirect of report.redirects) if (redirect) urls.add(redirect);
-  for (const target of report.network) if (target.url) urls.add(target.url);
-  for (const chunk of report.writes) {
-    if (!chunk || chunk.length < 4) continue;
-    const scanner = createScanner({ source: { url: baseUrl, contentType: "text/html" } });
-    scanner.feed(new TextEncoder().encode(chunk));
-    for (const url of scanner.finish().urls) urls.add(url.normalized);
-  }
-  return [...urls];
+export function discoveredUrlsFromBehavior(report, baseUrl) {
+    const urls = new Set();
+    for (const redirect of report.redirects)
+        if (redirect)
+            urls.add(redirect);
+    for (const target of report.network)
+        if (target.url)
+            urls.add(target.url);
+    for (const chunk of report.writes) {
+        if (!chunk || chunk.length < 4)
+            continue;
+        const scanner = createScanner({ source: { url: baseUrl, contentType: "text/html" } });
+        scanner.feed(new TextEncoder().encode(chunk));
+        for (const url of scanner.finish().urls)
+            urls.add(url.normalized);
+    }
+    return [...urls];
 }
-
 // A runtime target counts only if it's a different registrable domain than the
 // page AND not a known ad/analytics/CDN host — so a site's own subdomains and
 // mainstream third parties (gstatic, analytics) don't read as exfil.
-function isThirdPartyTarget(url: string, baseUrl?: string): boolean {
-  let absolute: string;
-  let targetHost: string;
-  try {
-    const resolved = new URL(url, baseUrl);
-    if (resolved.protocol !== "http:" && resolved.protocol !== "https:") return false;
-    absolute = resolved.toString();
-    targetHost = resolved.hostname.toLowerCase();
-  } catch {
-    return false;
-  }
-  if (isAdOrAnalyticsHost(absolute)) return false;
-  if (!baseUrl) return true;
-  try {
-    const baseHost = new URL(baseUrl).hostname.toLowerCase();
-    const targetReg = registrableDomainFor(targetHost) ?? targetHost;
-    const baseReg = registrableDomainFor(baseHost) ?? baseHost;
-    return targetReg !== baseReg;
-  } catch {
-    return true;
-  }
+function isThirdPartyTarget(url, baseUrl) {
+    let absolute;
+    let targetHost;
+    try {
+        const resolved = new URL(url, baseUrl);
+        if (resolved.protocol !== "http:" && resolved.protocol !== "https:")
+            return false;
+        absolute = resolved.toString();
+        targetHost = resolved.hostname.toLowerCase();
+    }
+    catch {
+        return false;
+    }
+    if (isAdOrAnalyticsHost(absolute))
+        return false;
+    if (!baseUrl)
+        return true;
+    try {
+        const baseHost = new URL(baseUrl).hostname.toLowerCase();
+        const targetReg = registrableDomainFor(targetHost) ?? targetHost;
+        const baseReg = registrableDomainFor(baseHost) ?? baseHost;
+        return targetReg !== baseReg;
+    }
+    catch {
+        return true;
+    }
 }
+//# sourceMappingURL=dynamic.js.map

package/dist/dynamic.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"dynamic.js","sourceRoot":"","sources":["../src/dynamic.ts"],"names":[],"mappings":"AAAA,wCAAwC;AACxC,EAAE;AACF,iFAAiF;AACjF,iFAAiF;AACjF,yEAAyE;AACzE,8EAA8E;AAC9E,yEAAyE;AACzE,2EAA2E;AAC3E,yEAAyE;AACzE,EAAE;AACF,0DAA0D;AAC1D,8EAA8E;AAC9E,iFAAiF;AACjF,6EAA6E;AAC7E,+EAA+E;AAC/E,8CAA8C;AAC9C,8EAA8E;AAC9E,4EAA4E;AAE5E,OAAO,EAAE,cAAc,EAAE,aAAa,EAAE,mBAAmB,EAAE,oBAAoB,EAAgD,MAAM,YAAY,CAAC;AA0BpJ,MAAM,YAAY,GAAmB,EAAE,SAAS,EAAE,EAAE,EAAE,OAAO,EAAE,EAAE,EAAE,MAAM,EAAE,EAAE,EAAE,KAAK,EAAE,EAAE,EAAE,OAAO,EAAE,EAAE,EAAE,OAAO,EAAE,EAAE,EAAE,MAAM,EAAE,EAAE,EAAE,CAAC;AAEjI,yFAAyF;AACzF,kFAAkF;AAClF,0EAA0E;AAC1E,iFAAiF;AACjF,4EAA4E;AAC5E,6CAA6C;AAC7C,MAAM,CAAC,MAAM,eAAe,GAAG,MAAM,CAAC,GAAG,CAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CA6DxC,CAAC;AAEF,IAAI,gBAAgB,GAAiE,IAAI,CAAC;AAC1F,SAAS,iBAAiB;IACxB,IAAI,CAAC,gBAAgB,EAAE,CAAC;QACtB,uCAAuC;QACvC,gBAAgB,GAAG,IAAI,QAAQ,CAAC,GAAG,eAAe,0BAA0B,CAAC,EAAyD,CAAC;IACzI,CAAC;IACD,OAAO,gBAAgB,CAAC;AAC1B,CAAC;AAED,yDAAyD;AACzD,MAAM,UAAU,oBAAoB,CAAC,IAAY;IAC/C,MAAM,OAAO,GAAa,EAAE,CAAC;IAC7B,KAAK,MAAM,KAAK,IAAI,IAAI,CAAC,QAAQ,CAAC,yCAAyC,CAAC,EAAE,CAAC;QAC7E,MAAM,KAAK,GAAG,KAAK,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;QAC7B,IAAI,YAAY,CAAC,IAAI,CAAC,KAAK,CAAC;YAAE,SAAS,CAAC,oDAAoD;QAC5F,IAAI,+EAA+E,CAAC,IAAI,CAAC,KAAK,CAAC;YAAE,SAAS;QAC1G,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,CAAC;QAC9B,IAAI,IAAI;YAAE,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAC/B,CAAC;IACD,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,gFAAgF;AAChF,kFAAkF;AAClF,MAAM,UAAU,oBAAoB,CAAC,IAAY;IAC/C,MAAM,OAAO,GAAa,EAAE,CAAC;IAC7B,KAAK,MAAM,KAAK,IAAI,IAAI,CAAC,QAAQ,CAAC,oDAAoD,CAAC,EAAE,CAAC;QACxF,IAAI,KAAK,CAAC,CAAC,CAAC;YAAE,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;IACvC,CAAC;IACD,OAAO,CAAC,GAAG,IAAI,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC;AAC/B,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,eAAe,CAAC,OAAiB,EAAE,UAAkC,EAAE;IACrF,IAAI,CAAC;QACH,OAAO,iBAAiB,EAAE,CAAC,OAAO,EAAE,OAAO,CAAC,GAAG,CAAC,CAAC;IACnD,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO,EAAE,GAAG,YAAY,EAAE,MAAM,EAAE,CAAC,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,iBAAiB,CAAC,EAAE,CAAC;IACnG,CAAC;AACH,CAAC;AAED,4FAA4F;AAC5F,MAAM,UAAU,cAAc,CAAC,IAAY,EAAE,UAAkC,EAAE;IAC/E,MAAM,MAAM,GAAG,eAAe,CAAC,oBAAoB,CAAC,IAAI,CAAC,EAAE,OAAO,CAAC,CAAC;IACpE,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,gBAAgB,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC;AACrE,CAAC;AAED,gGAAgG;AAChG,MAAM,CAAC,KAAK,UAAU,kBAAkB,CACtC,IAAY,EACZ,OAA+B,EAC/B,QAA2B;IAE3B,MAAM,OAAO,GAAG,oBAAoB,CAAC,IAAI,CAAC,CAAC;IAC3C,MAAM,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,QAAQ,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC,CAAC,CAAC,YAAY,CAAC;IAChF,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,gBAAgB,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC;AACrE,CAAC;AAED,MAAM,WAAW,GAAmB,EAAE,IAAI,EAAE,EAAE,EAAE,IAAI,EAAE,CAAC,cAAc,EAAE,QAAQ,CAAC,EAAE,CAAC;AACnF,MAAM,qBAAqB,GAAmB,EAAE,IAAI,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC;AAC5E,MAAM,cAAc,GAAmB,EAAE,IAAI,EAAE,EAAE,EAAE,IAAI,EAAE,CAAC,UAAU,EAAE,QAAQ,CAAC,EAAE,CAAC;AAClF,4EAA4E;AAC5E,uFAAuF;AACvF,MAAM,UAAU,GAAmB,EAAE,IAAI,EAAE,EAAE,EAAE,IAAI,EAAE,CAAC,aAAa,EAAE,QAAQ,CAAC,EAAE,QAAQ,EAAE,cAAc,EAAE,CAAC;AAE3G,sGAAsG;AACtG,MAAM,UAAU,gBAAgB,CAAC,MAAsB,EAAE,OAAgB;IACvE,MAAM,QAAQ,GAAc,EAAE,CAAC;IAC/B,IAAI,CAAC,GAAG,CAAC,CAAC;IACV,MAAM,GAAG,GAAG,CAAC,QAAkB,EAAE,UAAsB,EAAE,KAAqB,EAAE,MAAc,EAAE,KAAa,EAAE,WAAmB,EAAE,QAAgB,EAAE,QAAiC,EAAE,EAAE;QACzL,QAAQ,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,GAAG,MAAM,IAAI,CAAC,EAAE,EAAE,EAAE,MAAM,EAAE,QAAQ,EAAE,UAAU,EAAE,KAAK,EAAE,KAAK,CAAC,IAAI,EAAE,UAAU,EAAE,KAAK,EAAE,KAAK,EAAE,WAAW,EAAE,YAAY,EAAE,YAAY,EAAE,aAAa,EAAE,QAAQ,EAAE,QAAQ,EAAE,CAAC,CAAC;IACnM,CAAC,CAAC;IAEF,KAAK,MAAM,MAAM,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;QACpC,2EAA2E;QAC3E,6EAA6E;QAC7E,uEAAuE;QACvE,uEAAuE;QACvE,4EAA4E;QAC5E,4EAA4E;QAC5E,IAAI,CAAC,kBAAkB,CAAC,MAAM,CAAC,GAAG,EAAE,OAAO,CAAC;YAAE,SAAS;QACvD,MAAM,qBAAqB,GAAG,OAAO,CAAC,CAAC,CAAC,cAAc,CAAC,OAAO,EAAE,MAAM,CAAC,GAAG,CAAC,EAAE,qBAAqB,IAAI,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC;QACpH,IAAI,qBAAqB,EAAE,CAAC;YAC1B,GAAG,CAAC,MAAM,EAAE,MAAM,EAAE,WAAW,EAAE,uBAAuB,EAAE,WAAW,MAAM,CAAC,IAAI,oCAAoC,EAAE,4BAA4B,MAAM,CAAC,IAAI,qGAAqG,EAAE,MAAM,CAAC,GAAG,EAAE,EAAE,IAAI,EAAE,MAAM,CAAC,IAAI,EAAE,CAAC,CAAC;QACzS,CAAC;aAAM,CAAC;YACN,GAAG,CAAC,MAAM,EAAE,KAAK,EAAE,qBAAqB,EAAE,yBAAyB,EAAE,WAAW,MAAM,CAAC,IAAI,yBAAyB,EAAE,4BAA4B,MAAM,CAAC,IAAI,4EAA4E,EAAE,MAAM,CAAC,GAAG,EAAE,EAAE,IAAI,EAAE,MAAM,CAAC,IAAI,EAAE,CAAC,CAAC;QAChR,CAAC;IACH,CAAC;IACD,KAAK,MAAM,QAAQ,IAAI,MAAM,CAAC,SAAS,EAAE,CAAC;QACxC,IAAI,kBAAkB,CAAC,QAAQ,EAAE,OAAO,CAAC,EAAE,CAAC;YAC1C,GAAG,CAAC,QAAQ,EAAE,MAAM,EAAE,cAAc,EAAE,0BAA0B,EAAE,wDAAwD,EAAE,qHAAqH,EAAE,QAAQ,EAAE,EAAE,CAAC,CAAC;QACnQ,CAAC;IACH,CAAC;IACD,IAAI,MAAM,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC;QACxB,GAAG,CAAC,KAAK,EAAE,QAAQ,EAAE,UAAU,EAAE,sBAAsB,EAAE,gCAAgC,EAAE,sDAAsD,MAAM,CAAC,KAAK,CAAC,MAAM,sBAAsB,EAAE,MAAM,EAAE,EAAE,KAAK,EAAE,MAAM,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC,CAAC;IACtO,CAAC;IAED,2EAA2E;IAC3E,kEAAkE;IAClE,MAAM,OAAO,GAAG,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,GAAG,MAAM,CAAC,OAAO,EAAE,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC;IACvE,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE,CAAC;QAC5B,IAAI,CAAC,KAAK,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC;YAAE,SAAS;QACzC,MAAM,OAAO,GAAG,aAAa,CAAC,EAAE,MAAM,EAAE,EAAE,GAAG,EAAE,OAAO,EAAE,WAAW,EAAE,WAAW,EAAE,EAAE,CAAC,CAAC;QACtF,OAAO,CAAC,IAAI,CAAC,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC;QAC9C,KAAK,MAAM,OAAO,IAAI,OAAO,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC;YAChD,QAAQ,CAAC,IAAI,CAAC,EAAE,GAAG,OAAO,EAAE,EAAE,EAAE,OAAO,OAAO,CAAC,MAAM,IAAI,CAAC,EAAE,EAAE,EAAE,QAAQ,EAAE,EAAE,GAAG,OAAO,CAAC,QAAQ,EAAE,GAAG,EAAE,kBAAkB,EAAE,EAAE,CAAC,CAAC;QAChI,CAAC;IACH,CAAC;IACD,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,8EAA8E;AAC9E,2EAA2E;AAC3E,4EAA4E;AAC5E,2EAA2E;AAC3E,2CAA2C;AAC3C,MAAM,UAAU,0BAA0B,CAAC,MAAsB,EAAE,OAAgB;IACjF,MAAM,IAAI,GAAG,IAAI,GAAG,EAAU,CAAC;IAC/B,KAAK,MAAM,QAAQ,IAAI,MAAM,CAAC,SAAS;QAAE,IAAI,QAAQ;YAAE,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;IAC1E,KAAK,MAAM,MAAM,IAAI,MAAM,CAAC,OAAO;QAAE,IAAI,MAAM,CAAC,GAAG;YAAE,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;IAC1E,KAAK,MAAM,KAAK,IAAI,MAAM,CAAC,MAAM,EAAE,CAAC;QAClC,IAAI,CAAC,KAAK,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC;YAAE,SAAS;QACzC,MAAM,OAAO,GAAG,aAAa,CAAC,EAAE,MAAM,EAAE,EAAE,GAAG,EAAE,OAAO,EAAE,WAAW,EAAE,WAAW,EAAE,EAAE,CAAC,CAAC;QACtF,OAAO,CAAC,IAAI,CAAC,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC;QAC9C,KAAK,MAAM,GAAG,IAAI,OAAO,CAAC,MAAM,EAAE,CAAC,IAAI;YAAE,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;IACpE,CAAC;IACD,OAAO,CAAC,GAAG,IAAI,CAAC,CAAC;AACnB,CAAC;AAED,+EAA+E;AAC/E,8EAA8E;AAC9E,qEAAqE;AACrE,SAAS,kBAAkB,CAAC,GAAW,EAAE,OAAgB;IACvD,IAAI,QAAgB,CAAC;IACrB,IAAI,UAAkB,CAAC;IACvB,IAAI,CAAC;QACH,MAAM,QAAQ,GAAG,IAAI,GAAG,CAAC,GAAG,EAAE,OAAO,CAAC,CAAC;QACvC,IAAI,QAAQ,CAAC,QAAQ,KAAK,OAAO,IAAI,QAAQ,CAAC,QAAQ,KAAK,QAAQ;YAAE,OAAO,KAAK,CAAC;QAClF,QAAQ,GAAG,QAAQ,CAAC,QAAQ,EAAE,CAAC;QAC/B,UAAU,GAAG,QAAQ,CAAC,QAAQ,CAAC,WAAW,EAAE,CAAC;IAC/C,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;IACD,IAAI,mBAAmB,CAAC,QAAQ,CAAC;QAAE,OAAO,KAAK,CAAC;IAChD,IAAI,CAAC,OAAO;QAAE,OAAO,IAAI,CAAC;IAC1B,IAAI,CAAC;QACH,MAAM,QAAQ,GAAG,IAAI,GAAG,CAAC,OAAO,CAAC,CAAC,QAAQ,CAAC,WAAW,EAAE,CAAC;QACzD,MAAM,SAAS,GAAG,oBAAoB,CAAC,UAAU,CAAC,IAAI,UAAU,CAAC;QACjE,MAAM,OAAO,GAAG,oBAAoB,CAAC,QAAQ,CAAC,IAAI,QAAQ,CAAC;QAC3D,OAAO,SAAS,KAAK,OAAO,CAAC;IAC/B,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC"}

package/dist/feeds.d.ts

@@ -0,0 +1,66 @@
+export interface IntelStorage {
+    get(key: string): Promise<Uint8Array | null>;
+    put(key: string, value: Uint8Array): Promise<void>;
+    list(prefix: string): Promise<string[]>;
+    delete?(key: string): Promise<void>;
+}
+export interface FeedEntry {
+    host: string;
+    score: number;
+}
+export interface FeedMeta {
+    source?: string;
+    generatedAt?: string;
+}
+export interface FeedRecord extends FeedMeta {
+    version: string;
+    /** Distinct score bands present in this version, and the host count in each. */
+    bands: Record<string, number>;
+}
+export interface GlobalFeedManifest {
+    feeds: Record<string, FeedRecord>;
+}
+export interface CachedFeedMatch {
+    feedId: string;
+    host: string;
+    score: number;
+    source?: string;
+}
+/** Default score bands. Callers may use any integer band; these are conventions. */
+export declare const FEED_SCORE_ACTIVE = 90;
+export declare const FEED_SCORE_AGED = 55;
+/** All 256 shard prefixes ("00".."ff"); a staged build finalizes one per job. */
+export declare const SHARD_PREFIXES: string[];
+/** Stable, synchronous host -> shard bucket. FNV-1a low byte; loader and matcher must agree. */
+export declare function shardOf(host: string): string;
+/** Score a feed entry from its evidence: active/recent => high, else aged/weak. */
+export declare function scoreFor(input: {
+    active?: boolean;
+    addedAt?: string | null;
+    recencyDays?: number;
+    now?: number;
+    activeScore?: number;
+    agedScore?: number;
+}): number;
+/** Rebuild a feed's shard index from a complete entry set (feeds that fit in memory). */
+export declare function rebuildFeed(storage: IntelStorage, feedId: string, version: string, entries: FeedEntry[], meta?: FeedMeta): Promise<FeedRecord>;
+/** Write one download chunk's parsed entries to staging. Safe to run many in parallel. */
+export declare function writeFeedChunk(storage: IntelStorage, feedId: string, version: string, chunkId: string, entries: FeedEntry[]): Promise<void>;
+/** Merge every chunk's partials for one (band, prefix) into the final shard. One job per shard. */
+export declare function finalizeFeedShard(storage: IntelStorage, feedId: string, version: string, band: number, prefix: string): Promise<number>;
+/** Publish the feed: write its manifest, register it globally, and sweep staging + old versions. */
+export declare function finalizeFeed(storage: IntelStorage, feedId: string, version: string, bands: Record<string, number>, meta?: FeedMeta): Promise<FeedRecord>;
+/** Match candidate hosts against all published feeds, returning the highest score band per hit. */
+export declare function matchCachedFeeds(storage: IntelStorage, hosts: string[]): Promise<CachedFeedMatch[]>;
+/** Extract a lowercase host from a URL or bare host line; null for comments/blanks. */
+export declare function hostFromLine(line: string): string | null;
+/** OpenPhish community feed: one active phishing URL per line. */
+export declare function parseOpenPhishFeed(text: string, score?: number): FeedEntry[];
+/** A bare domain/host blocklist (e.g. Phishing.Database lists) at a caller-chosen score. */
+export declare function parseHostList(text: string, score: number): FeedEntry[];
+/** URLhaus CSV (id,dateadded,url,url_status,...): online+recent scores high, else aged. */
+export declare function parseUrlhausCsv(text: string, opts?: {
+    recencyDays?: number;
+    now?: number;
+}): FeedEntry[];
+//# sourceMappingURL=feeds.d.ts.map

package/dist/feeds.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"feeds.d.ts","sourceRoot":"","sources":["../src/feeds.ts"],"names":[],"mappings":"AAiBA,MAAM,WAAW,YAAY;IAC3B,GAAG,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,UAAU,GAAG,IAAI,CAAC,CAAC;IAC7C,GAAG,CAAC,GAAG,EAAE,MAAM,EAAE,KAAK,EAAE,UAAU,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IACnD,IAAI,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC;IACxC,MAAM,CAAC,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;CACrC;AAED,MAAM,WAAW,SAAS;IACxB,IAAI,EAAE,MAAM,CAAC;IACb,KAAK,EAAE,MAAM,CAAC;CACf;AAED,MAAM,WAAW,QAAQ;IACvB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB;AAED,MAAM,WAAW,UAAW,SAAQ,QAAQ;IAC1C,OAAO,EAAE,MAAM,CAAC;IAChB,gFAAgF;IAChF,KAAK,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;CAC/B;AAED,MAAM,WAAW,kBAAkB;IACjC,KAAK,EAAE,MAAM,CAAC,MAAM,EAAE,UAAU,CAAC,CAAC;CACnC;AAED,MAAM,WAAW,eAAe;IAC9B,MAAM,EAAE,MAAM,CAAC;IACf,IAAI,EAAE,MAAM,CAAC;IACb,KAAK,EAAE,MAAM,CAAC;IACd,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAED,oFAAoF;AACpF,eAAO,MAAM,iBAAiB,KAAK,CAAC;AACpC,eAAO,MAAM,eAAe,KAAK,CAAC;AAQlC,iFAAiF;AACjF,eAAO,MAAM,cAAc,EAAE,MAAM,EAA2E,CAAC;AAE/G,gGAAgG;AAChG,wBAAgB,OAAO,CAAC,IAAI,EAAE,MAAM,GAAG,MAAM,CAQ5C;AAED,mFAAmF;AACnF,wBAAgB,QAAQ,CAAC,KAAK,EAAE;IAC9B,MAAM,CAAC,EAAE,OAAO,CAAC;IACjB,OAAO,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACxB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB,GAAG,MAAM,CAKT;AAID,yFAAyF;AACzF,wBAAsB,WAAW,CAC/B,OAAO,EAAE,YAAY,EACrB,MAAM,EAAE,MAAM,EACd,OAAO,EAAE,MAAM,EACf,OAAO,EAAE,SAAS,EAAE,EACpB,IAAI,GAAE,QAAa,GAClB,OAAO,CAAC,UAAU,CAAC,CAUrB;AAID,0FAA0F;AAC1F,wBAAsB,cAAc,CAClC,OAAO,EAAE,YAAY,EACrB,MAAM,EAAE,MAAM,EACd,OAAO,EAAE,MAAM,EACf,OAAO,EAAE,MAAM,EACf,OAAO,EAAE,SAAS,EAAE,GACnB,OAAO,CAAC,IAAI,CAAC,CAOf;AAED,mGAAmG;AACnG,wBAAsB,iBAAiB,CACrC,OAAO,EAAE,YAAY,EACrB,MAAM,EAAE,MAAM,EACd,OAAO,EAAE,MAAM,EACf,IAAI,EAAE,MAAM,EACZ,MAAM,EAAE,MAAM,GACb,OAAO,CAAC,MAAM,CAAC,CAUjB;AAED,oGAAoG;AACpG,wBAAsB,YAAY,CAChC,OAAO,EAAE,YAAY,EACrB,MAAM,EAAE,MAAM,EACd,OAAO,EAAE,MAAM,EACf,KAAK,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,EAC7B,IAAI,GAAE,QAAa,GAClB,OAAO,CAAC,UAAU,CAAC,CAiBrB;AAID,mGAAmG;AACnG,wBAAsB,gBAAgB,CAAC,OAAO,EAAE,YAAY,EAAE,KAAK,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,eAAe,EAAE,CAAC,CA4BzG;AAID,uFAAuF;AACvF,wBAAgB,YAAY,CAAC,IAAI,EAAE,MAAM,GAAG,MAAM,GAAG,IAAI,CAWxD;AAED,kEAAkE;AAClE,wBAAgB,kBAAkB,CAAC,IAAI,EAAE,MAAM,EAAE,KAAK,SAAoB,GAAG,SAAS,EAAE,CAEvF;AAED,4FAA4F;AAC5F,wBAAgB,aAAa,CAAC,IAAI,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,SAAS,EAAE,CAEtE;AAED,2FAA2F;AAC3F,wBAAgB,eAAe,CAAC,IAAI,EAAE,MAAM,EAAE,IAAI,GAAE;IAAE,WAAW,CAAC,EAAE,MAAM,CAAC;IAAC,GAAG,CAAC,EAAE,MAAM,CAAA;CAAO,GAAG,SAAS,EAAE,CAW5G"}