@quantracode/vibecheck 0.0.1 → 0.0.2

package/dist/scanners/abuse/compute-abuse.js

@@ -1,509 +0,0 @@
-import { resolvePath } from "../../utils/file-utils.js";
-import { generateFingerprint, generateFindingId } from "../../utils/fingerprint.js";
-// ============================================================================
-// Rule IDs
-// ============================================================================
-const RULE_IDS = {
-    AI_GENERATION: "VC-ABUSE-001",
-    CODE_EXECUTION: "VC-ABUSE-002",
-    FILE_PROCESSING: "VC-ABUSE-003",
-    EXPENSIVE_ENDPOINT: "VC-ABUSE-004",
-};
-// ============================================================================
-// Pattern Definitions
-// ============================================================================
-/**
- * Route patterns that indicate compute-intensive operations
- */
-const ROUTE_PATTERNS = {
-    AI_GENERATION: [
-        /generate[-_]?/i,
-        /chat[-_]?completion/i,
-        /completion/i,
-        /embed[-_]?/i,
-        /transcribe/i,
-        /translate/i,
-        /summarize/i,
-        /code[-_]?expert/i,
-        /ai[-_]?/i,
-        /llm[-_]?/i,
-        /gpt[-_]?/i,
-        /claude[-_]?/i,
-        /openai/i,
-        /anthropic/i,
-    ],
-    CODE_EXECUTION: [
-        /eval[-_]?/i,
-        /execute[-_]?/i,
-        /run[-_]?code/i,
-        /sandbox/i,
-        /repl/i,
-        /compile/i,
-        /interpret/i,
-    ],
-    FILE_PROCESSING: [
-        /parse[-_]?/i,
-        /convert[-_]?/i,
-        /transform[-_]?/i,
-        /process[-_]?file/i,
-        /upload[-_]?/i,
-        /import[-_]?/i,
-        /export[-_]?/i,
-        /render[-_]?/i,
-        /resize[-_]?/i,
-        /thumbnail/i,
-        /pdf[-_]?/i,
-        /image[-_]?/i,
-        /video[-_]?/i,
-        /audio[-_]?/i,
-    ],
-    DATA_EXPORT: [
-        /bulk[-_]?/i,
-        /batch[-_]?/i,
-        /export[-_]?all/i,
-        /download[-_]?all/i,
-        /dump/i,
-    ],
-};
-/**
- * Import patterns that indicate expensive operations
- */
-const EXPENSIVE_IMPORT_PATTERNS = [
-    // AI/LLM SDKs
-    { pattern: /openai/i, category: "ai_generation", costMultiplier: 100 },
-    { pattern: /@anthropic-ai\/sdk/i, category: "ai_generation", costMultiplier: 100 },
-    { pattern: /langchain/i, category: "ai_generation", costMultiplier: 100 },
-    { pattern: /cohere/i, category: "ai_generation", costMultiplier: 80 },
-    { pattern: /replicate/i, category: "ai_generation", costMultiplier: 150 },
-    { pattern: /@huggingface/i, category: "ai_generation", costMultiplier: 50 },
-    // Code execution
-    { pattern: /vm2?/i, category: "code_execution", costMultiplier: 50 },
-    { pattern: /isolated-vm/i, category: "code_execution", costMultiplier: 50 },
-    { pattern: /child_process/i, category: "code_execution", costMultiplier: 30 },
-    // File processing
-    { pattern: /sharp/i, category: "file_processing", costMultiplier: 20 },
-    { pattern: /jimp/i, category: "file_processing", costMultiplier: 15 },
-    { pattern: /pdf-lib/i, category: "file_processing", costMultiplier: 25 },
-    { pattern: /pdfkit/i, category: "file_processing", costMultiplier: 25 },
-    { pattern: /puppeteer/i, category: "file_processing", costMultiplier: 100 },
-    { pattern: /playwright/i, category: "file_processing", costMultiplier: 100 },
-    { pattern: /ffmpeg/i, category: "file_processing", costMultiplier: 200 },
-    { pattern: /fluent-ffmpeg/i, category: "file_processing", costMultiplier: 200 },
-    // External APIs
-    { pattern: /stripe/i, category: "external_api", costMultiplier: 10 },
-    { pattern: /twilio/i, category: "external_api", costMultiplier: 20 },
-    { pattern: /sendgrid/i, category: "external_api", costMultiplier: 5 },
-    { pattern: /aws-sdk/i, category: "external_api", costMultiplier: 15 },
-    { pattern: /@aws-sdk/i, category: "external_api", costMultiplier: 15 },
-];
-/**
- * Function call patterns that indicate expensive operations
- */
-const EXPENSIVE_CALL_PATTERNS = [
-    // OpenAI
-    { pattern: /\.chat\.completions\.create/i, category: "ai_generation", costMultiplier: 100 },
-    { pattern: /\.completions\.create/i, category: "ai_generation", costMultiplier: 100 },
-    { pattern: /\.embeddings\.create/i, category: "ai_generation", costMultiplier: 20 },
-    { pattern: /\.images\.generate/i, category: "ai_generation", costMultiplier: 500 },
-    { pattern: /\.audio\.transcriptions/i, category: "ai_generation", costMultiplier: 50 },
-    // Anthropic
-    { pattern: /\.messages\.create/i, category: "ai_generation", costMultiplier: 100 },
-    // Generic AI
-    { pattern: /generateText/i, category: "ai_generation", costMultiplier: 80 },
-    { pattern: /streamText/i, category: "ai_generation", costMultiplier: 80 },
-    // Code execution
-    { pattern: /eval\s*\(/i, category: "code_execution", costMultiplier: 50 },
-    { pattern: /new\s+Function\s*\(/i, category: "code_execution", costMultiplier: 50 },
-    { pattern: /vm\.run/i, category: "code_execution", costMultiplier: 50 },
-    { pattern: /exec\s*\(/i, category: "code_execution", costMultiplier: 30 },
-    { pattern: /spawn\s*\(/i, category: "code_execution", costMultiplier: 30 },
-    // File processing
-    { pattern: /sharp\s*\(/i, category: "file_processing", costMultiplier: 20 },
-    { pattern: /\.resize\s*\(/i, category: "file_processing", costMultiplier: 15 },
-    { pattern: /\.toBuffer\s*\(/i, category: "file_processing", costMultiplier: 10 },
-    { pattern: /puppeteer.*launch/i, category: "file_processing", costMultiplier: 100 },
-    { pattern: /page\.pdf\s*\(/i, category: "file_processing", costMultiplier: 50 },
-    { pattern: /page\.screenshot\s*\(/i, category: "file_processing", costMultiplier: 30 },
-];
-/**
- * Check for auth enforcement patterns
- */
-function detectAuthEnforcement(functionNode, helpers) {
-    return helpers.containsAuthCheck(functionNode);
-}
-/**
- * Check for rate limit patterns
- */
-function detectRateLimitEnforcement(sourceFile, helpers) {
-    return helpers.hasRateLimitSignals(sourceFile);
-}
-/**
- * Check for request size limit patterns
- */
-function detectRequestSizeLimit(functionNode, helpers) {
-    const text = helpers.getNodeText(functionNode);
-    const patterns = [
-        /content-length/i,
-        /maxBodyLength/i,
-        /bodyParser.*limit/i,
-        /\.size\s*[<>]/i,
-        /MAX_SIZE/i,
-        /sizeLimit/i,
-        /maxSize/i,
-        /fileSizeLimit/i,
-    ];
-    return patterns.some(p => p.test(text));
-}
-/**
- * Check for timeout patterns
- */
-function detectTimeoutEnforcement(functionNode, helpers) {
-    const text = helpers.getNodeText(functionNode);
-    const patterns = [
-        /timeout/i,
-        /AbortController/i,
-        /signal/i,
-        /setTimeout/i,
-        /maxDuration/i,
-    ];
-    return patterns.some(p => p.test(text));
-}
-/**
- * Check for input validation patterns
- */
-function detectInputValidation(functionNode, helpers) {
-    const validationUsage = helpers.findValidationUsage(functionNode);
-    return validationUsage.length > 0;
-}
-/**
- * Get all enforcement status for a handler
- */
-function getEnforcementStatus(functionNode, sourceFile, helpers) {
-    return {
-        hasAuth: detectAuthEnforcement(functionNode, helpers),
-        hasRateLimit: detectRateLimitEnforcement(sourceFile, helpers),
-        hasRequestSizeLimit: detectRequestSizeLimit(functionNode, helpers),
-        hasTimeout: detectTimeoutEnforcement(functionNode, helpers),
-        hasInputValidation: detectInputValidation(functionNode, helpers),
-    };
-}
-/**
- * Get list of missing enforcements
- */
-function getMissingEnforcements(status) {
-    const missing = [];
-    if (!status.hasAuth)
-        missing.push("auth");
-    if (!status.hasRateLimit)
-        missing.push("rate_limit");
-    if (!status.hasRequestSizeLimit)
-        missing.push("request_size_limit");
-    if (!status.hasTimeout)
-        missing.push("timeout");
-    if (!status.hasInputValidation)
-        missing.push("input_validation");
-    return missing;
-}
-/**
- * Check if route path matches abuse patterns
- */
-function matchRoutePatterns(routePath) {
-    for (const [category, patterns] of Object.entries(ROUTE_PATTERNS)) {
-        for (const pattern of patterns) {
-            if (pattern.test(routePath)) {
-                const categoryMap = {
-                    AI_GENERATION: "ai_generation",
-                    CODE_EXECUTION: "code_execution",
-                    FILE_PROCESSING: "file_processing",
-                    DATA_EXPORT: "data_export",
-                };
-                return {
-                    category: categoryMap[category] || "computation",
-                    costMultiplier: category === "AI_GENERATION" ? 100 :
-                        category === "CODE_EXECUTION" ? 50 :
-                            category === "FILE_PROCESSING" ? 25 : 10,
-                    matchedPattern: pattern.source,
-                    matchType: "route",
-                };
-            }
-        }
-    }
-    return null;
-}
-/**
- * Check for expensive imports in file
- */
-function findExpensiveImports(sourceFile) {
-    const matches = [];
-    const imports = sourceFile.getImportDeclarations();
-    for (const imp of imports) {
-        const moduleSpecifier = imp.getModuleSpecifierValue();
-        for (const { pattern, category, costMultiplier } of EXPENSIVE_IMPORT_PATTERNS) {
-            if (pattern.test(moduleSpecifier)) {
-                matches.push({
-                    category,
-                    costMultiplier,
-                    matchedPattern: moduleSpecifier,
-                    matchType: "import",
-                });
-                break;
-            }
-        }
-    }
-    return matches;
-}
-/**
- * Check for expensive function calls in handler
- */
-function findExpensiveCalls(functionNode, helpers) {
-    const matches = [];
-    const text = helpers.getNodeText(functionNode);
-    for (const { pattern, category, costMultiplier } of EXPENSIVE_CALL_PATTERNS) {
-        if (pattern.test(text)) {
-            matches.push({
-                category,
-                costMultiplier,
-                matchedPattern: pattern.source,
-                matchType: "call",
-            });
-        }
-    }
-    return matches;
-}
-/**
- * Calculate abuse risk based on cost multiplier and missing enforcements
- */
-function calculateAbuseRisk(costMultiplier, missingCount) {
-    // High cost + many missing enforcements = critical
-    if (costMultiplier >= 100 && missingCount >= 3)
-        return "critical";
-    if (costMultiplier >= 50 && missingCount >= 2)
-        return "high";
-    if (costMultiplier >= 20 && missingCount >= 1)
-        return "medium";
-    if (missingCount >= 2)
-        return "medium";
-    return "low";
-}
-/**
- * Get route path from file path (Next.js App Router)
- */
-function getRoutePathFromFile(filePath) {
-    // Convert app/api/generate/route.ts -> /api/generate
-    const match = filePath.match(/app(\/api\/[^/]+(?:\/[^/]+)*?)\/route\.[tj]sx?$/);
-    if (match) {
-        return match[1].replace(/\\/g, "/");
-    }
-    // Handle dynamic routes [param] -> :param
-    return filePath
-        .replace(/.*?app/, "")
-        .replace(/\/route\.[tj]sx?$/, "")
-        .replace(/\[([^\]]+)\]/g, ":$1")
-        .replace(/\\/g, "/");
-}
-// ============================================================================
-// Main Scanner
-// ============================================================================
-/**
- * VC-ABUSE-001 to VC-ABUSE-004: Compute Abuse Detection
- *
- * Detects compute-intensive endpoints that may be vulnerable to abuse:
- * - AI/LLM generation endpoints
- * - Code execution endpoints
- * - File processing endpoints
- * - Expensive API endpoints
- *
- * Checks for missing enforcement:
- * - Authentication
- * - Rate limiting
- * - Request size limits
- * - Timeouts
- * - Input validation
- */
-export async function scanComputeAbuse(context) {
-    const { repoRoot, fileIndex, helpers } = context;
-    const findings = [];
-    for (const relPath of fileIndex.apiRouteFiles) {
-        const absPath = resolvePath(repoRoot, relPath);
-        const sourceFile = helpers.parseFile(absPath);
-        if (!sourceFile)
-            continue;
-        const handlers = helpers.findRouteHandlers(sourceFile);
-        const routePath = getRoutePathFromFile(relPath);
-        const fileImports = findExpensiveImports(sourceFile);
-        for (const handler of handlers) {
-            // Collect all abuse matches
-            const allMatches = [];
-            // Check route patterns
-            const routeMatch = matchRoutePatterns(routePath);
-            if (routeMatch) {
-                allMatches.push(routeMatch);
-            }
-            // Check expensive calls in handler
-            const callMatches = findExpensiveCalls(handler.functionNode, helpers);
-            allMatches.push(...callMatches);
-            // Check expensive imports
-            allMatches.push(...fileImports);
-            // Skip if no abuse patterns matched
-            if (allMatches.length === 0)
-                continue;
-            // Get enforcement status
-            const enforcement = getEnforcementStatus(handler.functionNode, sourceFile, helpers);
-            const missingEnforcements = getMissingEnforcements(enforcement);
-            // Skip if all enforcements are present
-            if (missingEnforcements.length === 0)
-                continue;
-            // Use highest cost multiplier
-            const maxCost = Math.max(...allMatches.map(m => m.costMultiplier));
-            const primaryMatch = allMatches.find(m => m.costMultiplier === maxCost) || allMatches[0];
-            // Calculate risk
-            const risk = calculateAbuseRisk(maxCost, missingEnforcements.length);
-            // Determine severity based on risk
-            const severityMap = {
-                critical: "critical",
-                high: "high",
-                medium: "medium",
-                low: "low",
-            };
-            // Determine rule ID based on category
-            const ruleId = primaryMatch.category === "ai_generation" ? RULE_IDS.AI_GENERATION :
-                primaryMatch.category === "code_execution" ? RULE_IDS.CODE_EXECUTION :
-                    primaryMatch.category === "file_processing" ? RULE_IDS.FILE_PROCESSING :
-                        RULE_IDS.EXPENSIVE_ENDPOINT;
-            const handlerText = helpers.getNodeText(handler.functionNode);
-            const evidence = [
-                {
-                    file: relPath,
-                    startLine: handler.startLine,
-                    endLine: handler.endLine,
-                    snippet: handlerText.slice(0, 300) + (handlerText.length > 300 ? "..." : ""),
-                    label: `${handler.method} handler with ${primaryMatch.category.replace(/_/g, " ")} pattern`,
-                },
-            ];
-            // Add match evidence
-            for (const match of allMatches.slice(0, 3)) {
-                evidence.push({
-                    file: relPath,
-                    startLine: handler.startLine,
-                    endLine: handler.startLine,
-                    snippet: `Matched: ${match.matchedPattern} (${match.matchType})`,
-                    label: `${match.category.replace(/_/g, " ")} pattern (${match.costMultiplier}x cost)`,
-                });
-            }
-            const fingerprint = generateFingerprint({
-                ruleId,
-                file: relPath,
-                symbol: `${handler.method}:${primaryMatch.category}`,
-                startLine: handler.startLine,
-            });
-            const abuseClassification = {
-                risk,
-                category: primaryMatch.category,
-                costAmplification: maxCost,
-                missingEnforcement: missingEnforcements,
-                confidence: 0.75,
-            };
-            findings.push({
-                id: generateFindingId({
-                    ruleId,
-                    file: relPath,
-                    symbol: `${handler.method}:${primaryMatch.category}`,
-                    startLine: handler.startLine,
-                }),
-                ruleId,
-                title: `${risk.charAt(0).toUpperCase() + risk.slice(1)} compute abuse risk: ${primaryMatch.category.replace(/_/g, " ")} endpoint`,
-                description: generateDescription(primaryMatch, missingEnforcements, maxCost, routePath),
-                severity: severityMap[risk],
-                confidence: abuseClassification.confidence,
-                category: "abuse",
-                evidence,
-                remediation: generateRemediation(primaryMatch.category, missingEnforcements),
-                links: {
-                    owasp: "https://cheatsheetseries.owasp.org/cheatsheets/Denial_of_Service_Cheat_Sheet.html",
-                    cwe: "https://cwe.mitre.org/data/definitions/770.html",
-                },
-                fingerprint,
-                abuseClassification,
-            });
-        }
-    }
-    return findings;
-}
-/**
- * Generate finding description
- */
-function generateDescription(match, missing, costMultiplier, routePath) {
-    const categoryDescriptions = {
-        ai_generation: "AI/LLM operations that consume significant compute resources and API costs",
-        code_execution: "code execution capabilities that can be abused for cryptomining or resource exhaustion",
-        file_processing: "file processing operations that can be abused with large or malicious files",
-        external_api: "expensive external API calls that incur per-request costs",
-        computation: "CPU-intensive operations vulnerable to resource exhaustion",
-        data_export: "bulk data operations that can be abused to extract large datasets",
-        upload_processing: "file upload processing that can be exploited with oversized files",
-    };
-    const missingText = missing.map(m => m.replace(/_/g, " ")).join(", ");
-    return `This endpoint (${routePath}) performs ${categoryDescriptions[match.category]}. ` +
-        `Without proper controls, attackers can abuse this endpoint causing significant financial damage or service degradation. ` +
-        `Estimated cost amplification: ${costMultiplier}x per request. ` +
-        `Missing enforcement: ${missingText}.`;
-}
-/**
- * Generate remediation based on category and missing enforcements
- */
-function generateRemediation(category, missing) {
-    const patches = [];
-    if (missing.includes("auth")) {
-        patches.push(`// Add authentication
-const session = await getServerSession(authOptions);
-if (!session) {
-  return Response.json({ error: "Unauthorized" }, { status: 401 });
-}`);
-    }
-    if (missing.includes("rate_limit")) {
-        patches.push(`// Add rate limiting
-import { Ratelimit } from "@upstash/ratelimit";
-const ratelimit = new Ratelimit({
-  redis: kv,
-  limiter: Ratelimit.slidingWindow(10, "60 s"),
-});
-const { success } = await ratelimit.limit(userId);
-if (!success) {
-  return Response.json({ error: "Rate limit exceeded" }, { status: 429 });
-}`);
-    }
-    if (missing.includes("request_size_limit")) {
-        patches.push(`// Add request size limit
-const body = await request.json();
-const size = JSON.stringify(body).length;
-if (size > 100 * 1024) { // 100KB limit
-  return Response.json({ error: "Request too large" }, { status: 413 });
-}`);
-    }
-    if (missing.includes("timeout")) {
-        patches.push(`// Add timeout
-const controller = new AbortController();
-const timeout = setTimeout(() => controller.abort(), 30000); // 30s timeout
-try {
-  const result = await expensiveOperation({ signal: controller.signal });
-} finally {
-  clearTimeout(timeout);
-}`);
-    }
-    if (missing.includes("input_validation")) {
-        patches.push(`// Add input validation
-import { z } from "zod";
-const schema = z.object({
-  prompt: z.string().max(4000),
-  model: z.enum(["gpt-4", "gpt-3.5-turbo"]),
-});
-const { success, data } = schema.safeParse(body);
-if (!success) {
-  return Response.json({ error: "Invalid input" }, { status: 400 });
-}`);
-    }
-    return {
-        recommendedFix: `Add the following enforcement controls to protect against compute abuse: ${missing.map(m => m.replace(/_/g, " ")).join(", ")}.`,
-        patch: patches.join("\n\n"),
-    };
-}

package/dist/scanners/abuse/index.d.ts

@@ -1,12 +0,0 @@
-import type { ScannerPack } from "../types.js";
-/**
- * Abuse detection scanner pack
- *
- * Detects compute-intensive endpoints vulnerable to abuse:
- * - AI/LLM generation endpoints without rate limiting
- * - Code execution endpoints without sandboxing
- * - File processing endpoints without size limits
- * - Expensive API calls without authentication
- */
-export declare const abusePack: ScannerPack;
-//# sourceMappingURL=index.d.ts.map

package/dist/scanners/abuse/index.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/scanners/abuse/index.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAG/C;;;;;;;;GAQG;AACH,eAAO,MAAM,SAAS,EAAE,WAIvB,CAAC"}

package/dist/scanners/abuse/index.js

@@ -1,15 +0,0 @@
-import { scanComputeAbuse } from "./compute-abuse.js";
-/**
- * Abuse detection scanner pack
- *
- * Detects compute-intensive endpoints vulnerable to abuse:
- * - AI/LLM generation endpoints without rate limiting
- * - Code execution endpoints without sandboxing
- * - File processing endpoints without size limits
- * - Expensive API calls without authentication
- */
-export const abusePack = {
-    id: "abuse",
-    name: "Compute Abuse Detection",
-    scanners: [scanComputeAbuse],
-};

package/dist/scanners/auth/index.d.ts

@@ -1,5 +0,0 @@
-import type { ScannerPack } from "../types.js";
-export declare const authPack: ScannerPack;
-export { scanUnprotectedApiRoutes } from "./unprotected-api-route.js";
-export { scanMiddlewareGap, parseMatcherConfig, matcherCoversApi } from "./middleware-gap.js";
-//# sourceMappingURL=index.d.ts.map

package/dist/scanners/auth/index.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/scanners/auth/index.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAI/C,eAAO,MAAM,QAAQ,EAAE,WAItB,CAAC;AAGF,OAAO,EAAE,wBAAwB,EAAE,MAAM,4BAA4B,CAAC;AACtE,OAAO,EAAE,iBAAiB,EAAE,kBAAkB,EAAE,gBAAgB,EAAE,MAAM,qBAAqB,CAAC"}

package/dist/scanners/auth/index.js

@@ -1,10 +0,0 @@
-import { scanUnprotectedApiRoutes } from "./unprotected-api-route.js";
-import { scanMiddlewareGap } from "./middleware-gap.js";
-export const authPack = {
-    id: "auth",
-    name: "Authentication & Authorization",
-    scanners: [scanUnprotectedApiRoutes, scanMiddlewareGap],
-};
-// Re-export individual scanners and utilities for testing
-export { scanUnprotectedApiRoutes } from "./unprotected-api-route.js";
-export { scanMiddlewareGap, parseMatcherConfig, matcherCoversApi } from "./middleware-gap.js";

package/dist/scanners/auth/middleware-gap.d.ts

@@ -1,22 +0,0 @@
-import type { Finding } from "@vibecheck/schema";
-import type { ScanContext } from "../types.js";
-/**
- * Parse matcher config from middleware file
- *
- * Looks for patterns like:
- * - export const config = { matcher: '/api/:path*' }
- * - export const config = { matcher: ['/api/:path*', '/admin/:path*'] }
- */
-export declare function parseMatcherConfig(content: string): string[] | null;
-/**
- * Check if any matcher pattern covers /api routes
- */
-export declare function matcherCoversApi(matchers: string[]): boolean;
-/**
- * VC-MW-001: Middleware matcher gap for /api coverage
- * VC-AUTH-INFO-001: Missing middleware with next-auth
- *
- * Checks if middleware properly covers API routes
- */
-export declare function scanMiddlewareGap(context: ScanContext): Promise<Finding[]>;
-//# sourceMappingURL=middleware-gap.d.ts.map

package/dist/scanners/auth/middleware-gap.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"middleware-gap.d.ts","sourceRoot":"","sources":["../../../src/scanners/auth/middleware-gap.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,OAAO,EAAgB,MAAM,mBAAmB,CAAC;AAC/D,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAO/C;;;;;;GAMG;AACH,wBAAgB,kBAAkB,CAAC,OAAO,EAAE,MAAM,GAAG,MAAM,EAAE,GAAG,IAAI,CAkCnE;AAED;;GAEG;AACH,wBAAgB,gBAAgB,CAAC,QAAQ,EAAE,MAAM,EAAE,GAAG,OAAO,CAyB5D;AAED;;;;;GAKG;AACH,wBAAsB,iBAAiB,CAAC,OAAO,EAAE,WAAW,GAAG,OAAO,CAAC,OAAO,EAAE,CAAC,CAuJhF"}