@queno/agent-node 0.1.2

package/dist/agent.js

@@ -0,0 +1,591 @@
+/**
+ * {@link RaspAgent} - the entry point of the RASP runtime.
+ *
+ * Wires together five subsystems:
+ *  1. Detectors        - pattern matchers run on every incoming request.
+ *  2. Redaction engine - strips secrets/PII before anything leaves the process.
+ *  3. Audit log        - local JSONL trace of every redaction action.
+ *  4. Event buffer     - batches sanitised events to the collector.
+ *  5. Heartbeat        - liveness signal + kill-switch / policy delivery channel.
+ *
+ * Invariants enforced here:
+ *  - {@link RaspAgent.inspect} never throws (fail-open).
+ *  - A detection is **never** enqueued before passing through the redaction
+ *    engine; if redaction fails the event is dropped and audit-logged.
+ *  - When the kill switch is received, inspection is disabled and the buffer
+ *    is drained.
+ */
+import { validateConfig, COLLECTOR_URL } from "./config.js";
+import { RedactionEngine } from "./redaction/engine.js";
+import { AuditLog } from "./redaction/audit-log.js";
+import { TransportClient } from "./transport/client.js";
+import { EventBuffer } from "./transport/buffer.js";
+import { HeartbeatScheduler } from "./transport/heartbeat.js";
+import { createDefaultDetectors } from "./detectors/index.js";
+import { CustomRuleDetector } from "./detectors/custom-rule.js";
+import { extractPathId, extractJwtSub } from "./detectors/bola.js";
+import { EndpointObserver } from "./api-discovery/endpoint-observer.js";
+import { DiscoveryBuffer } from "./api-discovery/discovery-buffer.js";
+import { PolicyManager } from "./policy/policy-manager.js";
+import { instrumentDatabaseDrivers } from "./db-hooks/instrument.js";
+import { correlateBola } from "./db-hooks/correlate.js";
+import { startSelfProtection } from "./self-protect.js";
+import { enterContext } from "./runtime-context.js";
+export class RaspAgent {
+    /** Fully validated configuration with defaults applied. */
+    cfg;
+    redaction;
+    auditLog;
+    client;
+    buffer;
+    heartbeat;
+    /** Built-in signature detectors. */
+    baseDetectors;
+    /** User-supplied detectors passed to the constructor. */
+    extraDetectors;
+    /** Active detector chain, rebuilt when custom rules arrive via policy. */
+    detectors;
+    observer;
+    discoveryBuffer;
+    /** Verifies and tracks signed policies distributed by the control plane. */
+    policyManager;
+    /** Data residency directives applied in {@link handleDetection}. */
+    dataResidency = null;
+    /** Version the control plane wants this agent to run (canary cohort / pin). */
+    targetVersion = null;
+    /** True when an upgrade is available for this agent. */
+    upgradePending = false;
+    /** Set to true after a kill-switch heartbeat - short-circuits {@link inspect}. */
+    killed = false;
+    /** Stops the self-protection timer (Addendum E.7); null when disabled. */
+    stopSelfProtection = null;
+    /**
+     * Enforcement mode in effect. Initialised from `cfg.mode` and updated
+     * whenever the collector returns a different mode in a heartbeat response.
+     */
+    currentMode;
+    /**
+     * Deduplication key for `policy_rejected` telemetry: `"<version>:<reason>"`.
+     * Prevents spamming the collector on every heartbeat cycle when the same
+     * policy is repeatedly rejected (e.g. a persistent trust-anchor mismatch).
+     */
+    lastRejectedPolicyKey = null;
+    /**
+     * Build a new agent.
+     *
+     * The constructor validates the config (throws on bad input), instantiates
+     * the subsystems and registers the default detectors. The heartbeat loop is
+     * **not** started until {@link start} is called.
+     *
+     * @param rawConfig - User-supplied configuration. Validated via
+     *   {@link validateConfig}; throws if required fields are missing.
+     * @param extraDetectors - Optional custom detectors appended after the
+     *   built-in set. They run in declaration order and the first non-null
+     *   detection wins.
+     */
+    constructor(rawConfig, extraDetectors = []) {
+        this.cfg = validateConfig(rawConfig);
+        this.currentMode = this.cfg.mode;
+        this.redaction = new RedactionEngine();
+        this.auditLog = this.cfg.auditLog
+            ? new AuditLog(this.cfg.auditLogPath, this.cfg.auditLogMaxBytes)
+            : null;
+        this.client = new TransportClient({
+            collectorUrl: COLLECTOR_URL,
+            apiKey: this.cfg.apiKey,
+            timeoutMs: this.cfg.transportTimeoutMs,
+            hmacSecret: this.cfg.hmacSecret,
+            tls: this.cfg.tls,
+        });
+        this.buffer = new EventBuffer(this.client, {
+            flushIntervalMs: this.cfg.flushIntervalMs,
+            maxSize: this.cfg.bufferMaxSize,
+        });
+        this.heartbeat = new HeartbeatScheduler(this.client, this.cfg, {
+            onKillSwitch: () => this.handleKillSwitch(),
+            onRecover: () => this.handleRecover(),
+            onPolicyChange: (version) => this.handlePolicyChange(version),
+            onModeChange: (mode) => {
+                // When a trust anchor is configured, mode changes must arrive through
+                // a verified signed policy (applyPolicy). The heartbeat mode field is
+                // an unsigned hint from the collector and must not bypass Ed25519
+                // verification - otherwise a compromised network path or collector
+                // could silently switch block → monitor (Addendum E.4.1).
+                //
+                // When no trust anchor is configured (e.g. legacy deployments that
+                // pre-date the signed-policy system) the heartbeat mode is the only
+                // available control channel, so we keep the original behaviour.
+                if (!this.policyManager.hasTrustAnchor) {
+                    this.currentMode = mode;
+                }
+            },
+            onTargetVersion: (info) => this.handleTargetVersion(info),
+            getMode: () => this.currentMode,
+        });
+        this.baseDetectors = createDefaultDetectors();
+        this.extraDetectors = extraDetectors;
+        this.detectors = [...this.baseDetectors, ...this.extraDetectors];
+        this.policyManager = new PolicyManager(this.cfg.projectId, [this.cfg.policyPublicKey]);
+        this.observer = new EndpointObserver();
+        this.discoveryBuffer = new DiscoveryBuffer(this.client, this.observer, {
+            projectId: this.cfg.projectId,
+            agentId: this.cfg.agentId,
+            flushIntervalMs: this.cfg.discoveryFlushIntervalMs,
+        });
+    }
+    /**
+     * Start the heartbeat loop. Idempotent.
+     *
+     * Call once during application bootstrap, after the framework middleware
+     * has been registered. The buffer flush timer is already armed by the
+     * constructor.
+     */
+    start() {
+        if (this.cfg.instrumentDb) {
+            // Best-effort; never throws.
+            instrumentDatabaseDrivers();
+        }
+        if (this.cfg.selfProtect) {
+            this.stopSelfProtection = startSelfProtection({
+                checkHooks: this.cfg.instrumentDb,
+                antiDebug: true,
+            });
+        }
+        this.heartbeat.start();
+    }
+    /**
+     * Begin a request's runtime context for DB correlation. Called by the
+     * framework integration at the start of the request, before the handler runs,
+     * so DB queries issued during the request are attributed to it.
+     *
+     * @returns The bound context, or `null` when DB instrumentation is disabled.
+     */
+    beginRequest(req) {
+        if (!this.cfg.instrumentDb || this.killed)
+            return null;
+        const ctx = {
+            method: req.method,
+            path: req.path,
+            pathId: extractPathId(req.path),
+            userId: extractJwtSub(req.headers["authorization"]),
+            sourceIp: req.sourceIp,
+            authEnforced: false,
+            dbQueries: [],
+        };
+        try {
+            enterContext(ctx);
+        }
+        catch {
+            return null;
+        }
+        return ctx;
+    }
+    /**
+     * Finalise a request: record its outcome for traffic profiling and, when a
+     * DB context is present, run BOLA-via-DB correlation and report any finding.
+     */
+    endRequest(ctx, req, outcome) {
+        this.observeOutcome(req, outcome);
+        if (!ctx || this.killed)
+            return;
+        try {
+            if (outcome.authenticated) {
+                ctx.authEnforced = true;
+                if (!ctx.userId)
+                    ctx.userId = "authenticated";
+            }
+            const detection = correlateBola(ctx);
+            if (detection)
+                this.handleDetection(detection, req).catch(() => { });
+        }
+        catch {
+            // Fail open.
+        }
+    }
+    /**
+     * The enforcement mode currently in effect. Reflects remote mode changes
+     * (heartbeat) and applied policies, so integrations should consult this
+     * rather than the boot config.
+     */
+    get mode() {
+        return this.currentMode;
+    }
+    /** The policy version currently applied (0 if none). */
+    get policyVersion() {
+        return this.policyManager.currentVersion;
+    }
+    /**
+     * Version the control plane wants this agent to run, and whether an upgrade
+     * is pending. The Node agent is delivered as an npm package and cannot
+     * hot-swap its own binary, so the upgrade is surfaced (logged + queryable)
+     * for the host's deployment automation to act on, rather than self-applied.
+     */
+    get desiredVersion() {
+        return { targetVersion: this.targetVersion, upgradePending: this.upgradePending };
+    }
+    /**
+     * React to the target version advertised by the heartbeat. Records the target
+     * and logs an actionable message when an upgrade is available. Never throws.
+     */
+    handleTargetVersion(info) {
+        this.targetVersion = info.targetVersion;
+        this.upgradePending =
+            info.upgradeAvailable &&
+                info.targetVersion != null &&
+                info.targetVersion !== this.cfg.agentVersion;
+        if (this.upgradePending) {
+            const parts = [`[rasp] upgrade available: ${this.cfg.agentVersion ?? "?"} -> ${info.targetVersion}`];
+            if (info.impact)
+                parts.push(`impact: ${info.impact}`);
+            if (info.changelog)
+                parts.push(`changelog: ${info.changelog}`);
+            try {
+                console.info(parts.join(" | "));
+            }
+            catch {
+                // Ignore logging failures.
+            }
+        }
+    }
+    /**
+     * Graceful shutdown.
+     *
+     * Stops the heartbeat timer, drains the buffer (final flush) and closes
+     * the audit log file descriptor. Safe to await during process exit.
+     */
+    async stop() {
+        this.heartbeat.stop();
+        this.stopSelfProtection?.();
+        await this.buffer.stop();
+        await this.discoveryBuffer.stop();
+        this.auditLog?.close();
+    }
+    /**
+     * Run every detector against a normalised request.
+     *
+     * Detectors run in registration order; the first one returning a non-null
+     * result wins. Detector exceptions are swallowed so that a bug in one
+     * detector cannot take down the host application.
+     *
+     * @param req - Framework-agnostic request view.
+     * @returns The first {@link DetectionResult} found, or `null` when the
+     *   request is clean (or when the kill switch is active).
+     *
+     * @remarks Side-effects (redaction, audit log, buffering) happen in the
+     *   background via {@link handleDetection}; this method itself returns
+     *   synchronously.
+     */
+    /**
+     * Record the response-phase outcome of a request for API-discovery traffic
+     * profiling (status code, latency, confirmed auth middleware execution).
+     * Called by the framework integration's response hook. Never throws.
+     */
+    observeOutcome(req, outcome) {
+        if (this.killed)
+            return;
+        try {
+            this.observer.observeOutcome(req, outcome);
+        }
+        catch {
+            // Fail open.
+        }
+    }
+    inspect(req) {
+        if (this.killed)
+            return null;
+        // Observe passively before running detectors - fail open
+        this.observer.observe(req);
+        for (const detector of this.detectors) {
+            let result = null;
+            try {
+                result = detector.detect(req);
+            }
+            catch {
+                continue;
+            }
+            if (result) {
+                this.handleDetection(result, req).catch(() => { });
+                return result;
+            }
+        }
+        return null;
+    }
+    /**
+     * Build a raw event payload, redact it, audit-log locally and enqueue it.
+     *
+     * Control flow:
+     *  1. Assemble the raw {@link EventPayload} from config + detection + request.
+     *  2. Run it through the {@link RedactionEngine}. On failure → drop and
+     *     audit-log with `dropped: true`.
+     *  3. If any field was redacted → write a non-dropped audit-log line.
+     *  4. Stamp `auditLoggedLocally` into the event metadata and enqueue.
+     */
+    async handleDetection(detection, req) {
+        const raw = {
+            projectId: this.cfg.projectId,
+            agentId: this.cfg.agentId,
+            agentVersion: this.cfg.agentVersion,
+            runtime: this.cfg.runtime,
+            framework: this.cfg.framework,
+            eventType: detection.eventType,
+            severity: detection.severity,
+            action: this.currentMode,
+            method: req.method,
+            path: req.path,
+            sourceIp: req.sourceIp,
+            timestamp: new Date().toISOString(),
+            metadata: {
+                redacted: true,
+                matchedRule: detection.detectorName,
+                detectorDescription: detection.description,
+                location: detection.location,
+                matchedValue: detection.matchedValue,
+            },
+        };
+        let redacted;
+        let redactedFields;
+        try {
+            const result = this.redaction.redact(raw);
+            redacted = result.redacted;
+            redactedFields = result.redactedFields;
+        }
+        catch (err) {
+            this.auditLog?.write({
+                ts: new Date().toISOString(),
+                agentId: this.cfg.agentId,
+                projectId: this.cfg.projectId,
+                eventType: detection.eventType,
+                redactedFields: [],
+                dropped: true,
+                dropReason: err instanceof Error ? err.message : "redaction_failed",
+            });
+            return;
+        }
+        const auditLoggedLocally = redactedFields.length > 0;
+        this.auditLog?.write({
+            ts: new Date().toISOString(),
+            agentId: this.cfg.agentId,
+            projectId: this.cfg.projectId,
+            eventType: detection.eventType,
+            severity: detection.severity,
+            detectorName: detection.detectorName,
+            redactedFields,
+            dropped: false,
+        });
+        const event = redacted;
+        event.metadata["auditLoggedLocally"] = auditLoggedLocally;
+        const forSend = this.applyDataResidency(event);
+        if (forSend) {
+            this.buffer.enqueue(forSend);
+        }
+    }
+    /**
+     * Apply data residency directives (Addendum B.3) before an event is queued
+     * for transmission.
+     *
+     * @returns The (possibly trimmed) event to send, or `null` if the event must
+     *   stay local / be skipped. The local audit log has already been written by
+     *   the caller, so dropping here still leaves a verifiable local record.
+     */
+    applyDataResidency(event) {
+        const dr = this.dataResidency;
+        if (!dr)
+            return event;
+        // Local-only: nothing leaves the customer environment.
+        if (dr.localOnly)
+            return null;
+        // Selective export by event type.
+        if (dr.exportEventTypes && dr.exportEventTypes.length > 0) {
+            if (!dr.exportEventTypes.includes(event.eventType))
+                return null;
+        }
+        // Selective export: blocked detections only.
+        if (dr.exportBlockedOnly && event.action !== "block")
+            return null;
+        // Metadata-only: strip everything but the minimal envelope + flags.
+        if (dr.metadataOnly) {
+            return {
+                ...event,
+                metadata: {
+                    redacted: true,
+                    matchedRule: event.metadata.matchedRule,
+                    auditLoggedLocally: event.metadata.auditLoggedLocally,
+                },
+            };
+        }
+        return event;
+    }
+    /**
+     * Handle a kill-switch heartbeat response.
+     *
+     * Disables inspection, drains the buffer and closes the audit log. The
+     * heartbeat scheduler has already stopped itself by the time this is
+     * called.
+     */
+    handleKillSwitch() {
+        this.killed = true;
+        this.stopSelfProtection?.();
+        this.stopSelfProtection = null;
+        // Buffers and audit log are kept open so they can resume if the kill
+        // switch is lifted. Only agent.stop() (graceful shutdown) closes them.
+    }
+    /**
+     * Called when the kill switch transitions from active back to inactive.
+     * Re-enables inspection and restarts self-protection if configured.
+     */
+    handleRecover() {
+        this.killed = false;
+        if (this.cfg.selfProtect && !this.stopSelfProtection) {
+            this.stopSelfProtection = startSelfProtection({
+                checkHooks: this.cfg.instrumentDb,
+                antiDebug: true,
+            });
+        }
+    }
+    /**
+     * React to a policy-version change signalled by the heartbeat.
+     *
+     * Fetches the latest signed policy, verifies its Ed25519 signature against
+     * the pinned trust anchor, and applies it. An untrusted, malformed or stale
+     * policy is ignored and the agent keeps its current configuration
+     * (self-rollback of policy - Addendum D.4 / E.4.1). Never throws.
+     *
+     * Rejections are surfaced via a `console.warn` and a `policy_rejected`
+     * telemetry event so operators can diagnose trust-anchor mismatches without
+     * reading raw application logs.
+     */
+    handlePolicyChange(version) {
+        void version;
+        if (this.killed)
+            return;
+        if (!this.policyManager.hasTrustAnchor) {
+            try {
+                console.warn("[rasp] policy update ignored: no trust anchor configured");
+            }
+            catch {
+                // Ignore logging failures.
+            }
+            return;
+        }
+        this.client
+            .fetchPolicy(this.cfg.agentId, this.cfg.channel)
+            .then((policy) => {
+            if (!policy)
+                return;
+            const result = this.policyManager.accept(policy);
+            if (result.applied) {
+                try {
+                    this.applyPolicy(policy);
+                }
+                catch {
+                    // Self-rollback: applying the new policy failed - restore the
+                    // previous one so the agent keeps a known-good configuration.
+                    const restored = this.policyManager.rollback();
+                    if (restored) {
+                        try {
+                            this.applyPolicy(restored);
+                        }
+                        catch {
+                            // Give up safely; existing in-memory config remains.
+                        }
+                    }
+                }
+            }
+            else {
+                try {
+                    console.warn(`[rasp] policy v${policy.version} rejected: ${result.reason}` +
+                        (policy.signingKeyId ? ` (keyId: ${policy.signingKeyId})` : ""));
+                }
+                catch {
+                    // Ignore logging failures.
+                }
+                this.enqueuePolicyRejected(policy.version, result.reason ?? "unknown", policy.signingKeyId);
+            }
+        })
+            .catch(() => {
+            // Fail-safe: keep the current policy on any error.
+        });
+    }
+    /**
+     * Emit a single `policy_rejected` telemetry event so the control plane can
+     * surface trust-anchor or signature mismatches in the dashboard.
+     *
+     * The event is deduplicated by `version:reason` so a persistent rejection
+     * (e.g. a misconfigured trust anchor that the operator has not yet fixed)
+     * does not flood the collector on every heartbeat cycle.
+     *
+     * The payload passes through the redaction engine (Addendum B.2 / AGENTS.md
+     * rule: "All telemetry must pass through the redaction engine before
+     * buffering") and the data-residency filter before being enqueued.
+     */
+    enqueuePolicyRejected(version, reason, signingKeyId) {
+        const key = `${version}:${reason}`;
+        if (key === this.lastRejectedPolicyKey)
+            return;
+        this.lastRejectedPolicyKey = key;
+        const raw = {
+            projectId: this.cfg.projectId,
+            agentId: this.cfg.agentId,
+            agentVersion: this.cfg.agentVersion,
+            runtime: this.cfg.runtime,
+            framework: this.cfg.framework,
+            eventType: "policy_rejected",
+            severity: "low",
+            action: this.currentMode,
+            timestamp: new Date().toISOString(),
+            metadata: {
+                redacted: true,
+                version,
+                reason,
+                ...(signingKeyId ? { signingKeyId } : {}),
+            },
+        };
+        let event;
+        try {
+            event = this.redaction.redact(raw).redacted;
+        }
+        catch {
+            return;
+        }
+        const forSend = this.applyDataResidency(event);
+        if (forSend) {
+            this.buffer.enqueue(forSend);
+        }
+    }
+    /**
+     * Apply a verified policy to the live agent: enforcement mode, customer
+     * detection rules, redaction configuration and data residency directives.
+     */
+    applyPolicy(policy) {
+        // Mode
+        if (policy.mode === "monitor" || policy.mode === "block") {
+            this.currentMode = policy.mode;
+        }
+        // Custom detection rules → rebuild the detector chain.
+        this.rebuildDetectors(policy.detectionRules ?? []);
+        // Redaction configuration.
+        this.applyRedactionConfig(policy.redactionConfig);
+        // Data residency directives.
+        this.dataResidency = policy.dataResidency ?? null;
+    }
+    /** Rebuild the active detector chain from base + custom rules + extras. */
+    rebuildDetectors(rules) {
+        const next = [...this.baseDetectors];
+        if (rules.length > 0) {
+            const custom = new CustomRuleDetector(rules);
+            if (custom.size > 0)
+                next.push(custom);
+        }
+        next.push(...this.extraDetectors);
+        this.detectors = next;
+    }
+    /**
+     * Reconfigure the redaction engine from a policy. The engine always keeps its
+     * built-in protections; the policy can only add field-name patterns and tune
+     * value-based redaction / IP handling.
+     */
+    applyRedactionConfig(cfg) {
+        this.redaction = RedactionEngine.fromConfig(cfg ?? undefined);
+    }
+}
+//# sourceMappingURL=agent.js.map

package/dist/agent.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"agent.js","sourceRoot":"","sources":["../src/agent.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;GAgBG;AACH,OAAO,EAAE,cAAc,EAAE,aAAa,EAA4B,MAAM,aAAa,CAAC;AAQtF,OAAO,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AACxD,OAAO,EAAE,QAAQ,EAAE,MAAM,0BAA0B,CAAC;AACpD,OAAO,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AACxD,OAAO,EAAE,WAAW,EAAE,MAAM,uBAAuB,CAAC;AACpD,OAAO,EAAE,kBAAkB,EAAE,MAAM,0BAA0B,CAAC;AAC9D,OAAO,EAAE,sBAAsB,EAAiB,MAAM,sBAAsB,CAAC;AAC7E,OAAO,EAAE,kBAAkB,EAAE,MAAM,4BAA4B,CAAC;AAChE,OAAO,EAAE,aAAa,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AACnE,OAAO,EAAE,gBAAgB,EAAE,MAAM,sCAAsC,CAAC;AACxE,OAAO,EAAE,eAAe,EAAE,MAAM,qCAAqC,CAAC;AACtE,OAAO,EAAE,aAAa,EAAE,MAAM,4BAA4B,CAAC;AAM3D,OAAO,EAAE,yBAAyB,EAAE,MAAM,0BAA0B,CAAC;AACrE,OAAO,EAAE,aAAa,EAAE,MAAM,yBAAyB,CAAC;AACxD,OAAO,EAAE,mBAAmB,EAAE,MAAM,mBAAmB,CAAC;AACxD,OAAO,EAAE,YAAY,EAAuB,MAAM,sBAAsB,CAAC;AAGzE,MAAM,OAAO,SAAS;IACpB,2DAA2D;IAClD,GAAG,CAAsB;IAC1B,SAAS,CAAkB;IAClB,QAAQ,CAAkB;IAC1B,MAAM,CAAkB;IACxB,MAAM,CAAc;IACpB,SAAS,CAAqB;IAC/C,oCAAoC;IACnB,aAAa,CAAa;IAC3C,yDAAyD;IACxC,cAAc,CAAa;IAC5C,0EAA0E;IAClE,SAAS,CAAa;IACb,QAAQ,CAAmB;IAC3B,eAAe,CAAkB;IAClD,4EAA4E;IAC3D,aAAa,CAAgB;IAC9C,oEAAoE;IAC5D,aAAa,GAA+B,IAAI,CAAC;IACzD,+EAA+E;IACvE,aAAa,GAAkB,IAAI,CAAC;IAC5C,wDAAwD;IAChD,cAAc,GAAG,KAAK,CAAC;IAC/B,kFAAkF;IAC1E,MAAM,GAAG,KAAK,CAAC;IACvB,0EAA0E;IAClE,kBAAkB,GAAwB,IAAI,CAAC;IACvD;;;OAGG;IACK,WAAW,CAAY;IAC/B;;;;OAIG;IACK,qBAAqB,GAAkB,IAAI,CAAC;IAEpD;;;;;;;;;;;;OAYG;IACH,YAAY,SAAqB,EAAE,iBAA6B,EAAE;QAChE,IAAI,CAAC,GAAG,GAAG,cAAc,CAAC,SAAS,CAAC,CAAC;QACrC,IAAI,CAAC,WAAW,GAAG,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC;QAEjC,IAAI,CAAC,SAAS,GAAG,IAAI,eAAe,EAAE,CAAC;QAEvC,IAAI,CAAC,QAAQ,GAAG,IAAI,CAAC,GAAG,CAAC,QAAQ;YAC/B,CAAC,CAAC,IAAI,QAAQ,CAAC,IAAI,CAAC,GAAG,CAAC,YAAY,EAAE,IAAI,CAAC,GAAG,CAAC,gBAAgB,CAAC;YAChE,CAAC,CAAC,IAAI,CAAC;QAET,IAAI,CAAC,MAAM,GAAG,IAAI,eAAe,CAAC;YAChC,YAAY,EAAE,aAAa;YAC3B,MAAM,EAAE,IAAI,CAAC,GAAG,CAAC,MAAM;YACvB,SAAS,EAAE,IAAI,CAAC,GAAG,CAAC,kBAAkB;YACtC,UAAU,EAAE,IAAI,CAAC,GAAG,CAAC,UAAU;YAC/B,GAAG,EAAE,IAAI,CAAC,GAAG,CAAC,GAAG;SAClB,CAAC,CAAC;QAEH,IAAI,CAAC,MAAM,GAAG,IAAI,WAAW,CAAC,IAAI,CAAC,MAAM,EAAE;YACzC,eAAe,EAAE,IAAI,CAAC,GAAG,CAAC,eAAe;YACzC,OAAO,EAAE,IAAI,CAAC,GAAG,CAAC,aAAa;SAChC,CAAC,CAAC;QAEH,IAAI,CAAC,SAAS,GAAG,IAAI,kBAAkB,CAAC,IAAI,CAAC,MAAM,EAAE,IAAI,CAAC,GAAG,EAAE;YAC7D,YAAY,EAAE,GAAG,EAAE,CAAC,IAAI,CAAC,gBAAgB,EAAE;YAC3C,SAAS,EAAE,GAAG,EAAE,CAAC,IAAI,CAAC,aAAa,EAAE;YACrC,cAAc,EAAE,CAAC,OAAO,EAAE,EAAE,CAAC,IAAI,CAAC,kBAAkB,CAAC,OAAO,CAAC;YAC7D,YAAY,EAAE,CAAC,IAAI,EAAE,EAAE;gBACrB,sEAAsE;gBACtE,sEAAsE;gBACtE,kEAAkE;gBAClE,mEAAmE;gBACnE,0DAA0D;gBAC1D,EAAE;gBACF,mEAAmE;gBACnE,oEAAoE;gBACpE,gEAAgE;gBAChE,IAAI,CAAC,IAAI,CAAC,aAAa,CAAC,cAAc,EAAE,CAAC;oBACvC,IAAI,CAAC,WAAW,GAAG,IAAI,CAAC;gBAC1B,CAAC;YACH,CAAC;YACD,eAAe,EAAE,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,mBAAmB,CAAC,IAAI,CAAC;YACzD,OAAO,EAAE,GAAG,EAAE,CAAC,IAAI,CAAC,WAAW;SAChC,CAAC,CAAC;QAEH,IAAI,CAAC,aAAa,GAAG,sBAAsB,EAAE,CAAC;QAC9C,IAAI,CAAC,cAAc,GAAG,cAAc,CAAC;QACrC,IAAI,CAAC,SAAS,GAAG,CAAC,GAAG,IAAI,CAAC,aAAa,EAAE,GAAG,IAAI,CAAC,cAAc,CAAC,CAAC;QAEjE,IAAI,CAAC,aAAa,GAAG,IAAI,aAAa,CAAC,IAAI,CAAC,GAAG,CAAC,SAAS,EAAE,CAAC,IAAI,CAAC,GAAG,CAAC,eAAe,CAAC,CAAC,CAAC;QAEvF,IAAI,CAAC,QAAQ,GAAG,IAAI,gBAAgB,EAAE,CAAC;QACvC,IAAI,CAAC,eAAe,GAAG,IAAI,eAAe,CAAC,IAAI,CAAC,MAAM,EAAE,IAAI,CAAC,QAAQ,EAAE;YACrE,SAAS,EAAE,IAAI,CAAC,GAAG,CAAC,SAAS;YAC7B,OAAO,EAAE,IAAI,CAAC,GAAG,CAAC,OAAO;YACzB,eAAe,EAAE,IAAI,CAAC,GAAG,CAAC,wBAAwB;SACnD,CAAC,CAAC;IACL,CAAC;IAED;;;;;;OAMG;IACH,KAAK;QACH,IAAI,IAAI,CAAC,GAAG,CAAC,YAAY,EAAE,CAAC;YAC1B,6BAA6B;YAC7B,yBAAyB,EAAE,CAAC;QAC9B,CAAC;QACD,IAAI,IAAI,CAAC,GAAG,CAAC,WAAW,EAAE,CAAC;YACzB,IAAI,CAAC,kBAAkB,GAAG,mBAAmB,CAAC;gBAC5C,UAAU,EAAE,IAAI,CAAC,GAAG,CAAC,YAAY;gBACjC,SAAS,EAAE,IAAI;aAChB,CAAC,CAAC;QACL,CAAC;QACD,IAAI,CAAC,SAAS,CAAC,KAAK,EAAE,CAAC;IACzB,CAAC;IAED;;;;;;OAMG;IACH,YAAY,CAAC,GAAsB;QACjC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,YAAY,IAAI,IAAI,CAAC,MAAM;YAAE,OAAO,IAAI,CAAC;QACvD,MAAM,GAAG,GAAmB;YAC1B,MAAM,EAAE,GAAG,CAAC,MAAM;YAClB,IAAI,EAAE,GAAG,CAAC,IAAI;YACd,MAAM,EAAE,aAAa,CAAC,GAAG,CAAC,IAAI,CAAC;YAC/B,MAAM,EAAE,aAAa,CAAC,GAAG,CAAC,OAAO,CAAC,eAAe,CAAC,CAAC;YACnD,QAAQ,EAAE,GAAG,CAAC,QAAQ;YACtB,YAAY,EAAE,KAAK;YACnB,SAAS,EAAE,EAAE;SACd,CAAC;QACF,IAAI,CAAC;YACH,YAAY,CAAC,GAAG,CAAC,CAAC;QACpB,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,IAAI,CAAC;QACd,CAAC;QACD,OAAO,GAAG,CAAC;IACb,CAAC;IAED;;;OAGG;IACH,UAAU,CACR,GAA0B,EAC1B,GAAsB,EACtB,OAAuB;QAEvB,IAAI,CAAC,cAAc,CAAC,GAAG,EAAE,OAAO,CAAC,CAAC;QAClC,IAAI,CAAC,GAAG,IAAI,IAAI,CAAC,MAAM;YAAE,OAAO;QAChC,IAAI,CAAC;YACH,IAAI,OAAO,CAAC,aAAa,EAAE,CAAC;gBAC1B,GAAG,CAAC,YAAY,GAAG,IAAI,CAAC;gBACxB,IAAI,CAAC,GAAG,CAAC,MAAM;oBAAE,GAAG,CAAC,MAAM,GAAG,eAAe,CAAC;YAChD,CAAC;YACD,MAAM,SAAS,GAAG,aAAa,CAAC,GAAG,CAAC,CAAC;YACrC,IAAI,SAAS;gBAAE,IAAI,CAAC,eAAe,CAAC,SAAS,EAAE,GAAG,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,GAAE,CAAC,CAAC,CAAC;QACtE,CAAC;QAAC,MAAM,CAAC;YACP,aAAa;QACf,CAAC;IACH,CAAC;IAED;;;;OAIG;IACH,IAAI,IAAI;QACN,OAAO,IAAI,CAAC,WAAW,CAAC;IAC1B,CAAC;IAED,wDAAwD;IACxD,IAAI,aAAa;QACf,OAAO,IAAI,CAAC,aAAa,CAAC,cAAc,CAAC;IAC3C,CAAC;IAED;;;;;OAKG;IACH,IAAI,cAAc;QAChB,OAAO,EAAE,aAAa,EAAE,IAAI,CAAC,aAAa,EAAE,cAAc,EAAE,IAAI,CAAC,cAAc,EAAE,CAAC;IACpF,CAAC;IAED;;;OAGG;IACK,mBAAmB,CAAC,IAA0D;QACpF,IAAI,CAAC,aAAa,GAAG,IAAI,CAAC,aAAa,CAAC;QACxC,IAAI,CAAC,cAAc;YACjB,IAAI,CAAC,gBAAgB;gBACrB,IAAI,CAAC,aAAa,IAAI,IAAI;gBAC1B,IAAI,CAAC,aAAa,KAAK,IAAI,CAAC,GAAG,CAAC,YAAY,CAAC;QAE/C,IAAI,IAAI,CAAC,cAAc,EAAE,CAAC;YACxB,MAAM,KAAK,GAAG,CAAC,6BAA6B,IAAI,CAAC,GAAG,CAAC,YAAY,IAAI,GAAG,OAAO,IAAI,CAAC,aAAa,EAAE,CAAC,CAAC;YACrG,IAAI,IAAI,CAAC,MAAM;gBAAE,KAAK,CAAC,IAAI,CAAC,WAAW,IAAI,CAAC,MAAM,EAAE,CAAC,CAAC;YACtD,IAAI,IAAI,CAAC,SAAS;gBAAE,KAAK,CAAC,IAAI,CAAC,cAAc,IAAI,CAAC,SAAS,EAAE,CAAC,CAAC;YAC/D,IAAI,CAAC;gBACH,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC;YAClC,CAAC;YAAC,MAAM,CAAC;gBACP,2BAA2B;YAC7B,CAAC;QACH,CAAC;IACH,CAAC;IAED;;;;;OAKG;IACH,KAAK,CAAC,IAAI;QACR,IAAI,CAAC,SAAS,CAAC,IAAI,EAAE,CAAC;QACtB,IAAI,CAAC,kBAAkB,EAAE,EAAE,CAAC;QAC5B,MAAM,IAAI,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC;QACzB,MAAM,IAAI,CAAC,eAAe,CAAC,IAAI,EAAE,CAAC;QAClC,IAAI,CAAC,QAAQ,EAAE,KAAK,EAAE,CAAC;IACzB,CAAC;IAED;;;;;;;;;;;;;;OAcG;IACH;;;;OAIG;IACH,cAAc,CAAC,GAAsB,EAAE,OAA4C;QACjF,IAAI,IAAI,CAAC,MAAM;YAAE,OAAO;QACxB,IAAI,CAAC;YACH,IAAI,CAAC,QAAQ,CAAC,cAAc,CAAC,GAAG,EAAE,OAAO,CAAC,CAAC;QAC7C,CAAC;QAAC,MAAM,CAAC;YACP,aAAa;QACf,CAAC;IACH,CAAC;IAED,OAAO,CAAC,GAAsB;QAC5B,IAAI,IAAI,CAAC,MAAM;YAAE,OAAO,IAAI,CAAC;QAE7B,yDAAyD;QACzD,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;QAE3B,KAAK,MAAM,QAAQ,IAAI,IAAI,CAAC,SAAS,EAAE,CAAC;YACtC,IAAI,MAAM,GAA2B,IAAI,CAAC;YAC1C,IAAI,CAAC;gBACH,MAAM,GAAG,QAAQ,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;YAChC,CAAC;YAAC,MAAM,CAAC;gBACP,SAAS;YACX,CAAC;YAED,IAAI,MAAM,EAAE,CAAC;gBACX,IAAI,CAAC,eAAe,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,GAAE,CAAC,CAAC,CAAC;gBAClD,OAAO,MAAM,CAAC;YAChB,CAAC;QACH,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;IAED;;;;;;;;;OASG;IACK,KAAK,CAAC,eAAe,CAC3B,SAA0B,EAC1B,GAAsB;QAEtB,MAAM,GAAG,GAA2E;YAClF,SAAS,EAAE,IAAI,CAAC,GAAG,CAAC,SAAS;YAC7B,OAAO,EAAE,IAAI,CAAC,GAAG,CAAC,OAAO;YACzB,YAAY,EAAE,IAAI,CAAC,GAAG,CAAC,YAAY;YACnC,OAAO,EAAE,IAAI,CAAC,GAAG,CAAC,OAAO;YACzB,SAAS,EAAE,IAAI,CAAC,GAAG,CAAC,SAAS;YAC7B,SAAS,EAAE,SAAS,CAAC,SAAS;YAC9B,QAAQ,EAAE,SAAS,CAAC,QAAQ;YAC5B,MAAM,EAAE,IAAI,CAAC,WAAW;YACxB,MAAM,EAAE,GAAG,CAAC,MAAM;YAClB,IAAI,EAAE,GAAG,CAAC,IAAI;YACd,QAAQ,EAAE,GAAG,CAAC,QAAQ;YACtB,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YACnC,QAAQ,EAAE;gBACR,QAAQ,EAAE,IAAI;gBACd,WAAW,EAAE,SAAS,CAAC,YAAY;gBACnC,mBAAmB,EAAE,SAAS,CAAC,WAAW;gBAC1C,QAAQ,EAAE,SAAS,CAAC,QAAQ;gBAC5B,YAAY,EAAE,SAAS,CAAC,YAAY;aACrC;SACF,CAAC;QAEF,IAAI,QAAiB,CAAC;QACtB,IAAI,cAAwB,CAAC;QAE7B,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;YAC1C,QAAQ,GAAG,MAAM,CAAC,QAAQ,CAAC;YAC3B,cAAc,GAAG,MAAM,CAAC,cAAc,CAAC;QACzC,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,IAAI,CAAC,QAAQ,EAAE,KAAK,CAAC;gBACnB,EAAE,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;gBAC5B,OAAO,EAAE,IAAI,CAAC,GAAG,CAAC,OAAO;gBACzB,SAAS,EAAE,IAAI,CAAC,GAAG,CAAC,SAAS;gBAC7B,SAAS,EAAE,SAAS,CAAC,SAAS;gBAC9B,cAAc,EAAE,EAAE;gBAClB,OAAO,EAAE,IAAI;gBACb,UAAU,EAAE,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,kBAAkB;aACpE,CAAC,CAAC;YACH,OAAO;QACT,CAAC;QAED,MAAM,kBAAkB,GAAG,cAAc,CAAC,MAAM,GAAG,CAAC,CAAC;QAErD,IAAI,CAAC,QAAQ,EAAE,KAAK,CAAC;YACnB,EAAE,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YAC5B,OAAO,EAAE,IAAI,CAAC,GAAG,CAAC,OAAO;YACzB,SAAS,EAAE,IAAI,CAAC,GAAG,CAAC,SAAS;YAC7B,SAAS,EAAE,SAAS,CAAC,SAAS;YAC9B,QAAQ,EAAE,SAAS,CAAC,QAAQ;YAC5B,YAAY,EAAE,SAAS,CAAC,YAAY;YACpC,cAAc;YACd,OAAO,EAAE,KAAK;SACf,CAAC,CAAC;QAEH,MAAM,KAAK,GAAG,QAAwB,CAAC;QACtC,KAAK,CAAC,QAAoC,CAAC,oBAAoB,CAAC,GAAG,kBAAkB,CAAC;QAEvF,MAAM,OAAO,GAAG,IAAI,CAAC,kBAAkB,CAAC,KAAK,CAAC,CAAC;QAC/C,IAAI,OAAO,EAAE,CAAC;YACZ,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;QAC/B,CAAC;IACH,CAAC;IAED;;;;;;;OAOG;IACK,kBAAkB,CAAC,KAAmB;QAC5C,MAAM,EAAE,GAAG,IAAI,CAAC,aAAa,CAAC;QAC9B,IAAI,CAAC,EAAE;YAAE,OAAO,KAAK,CAAC;QAEtB,uDAAuD;QACvD,IAAI,EAAE,CAAC,SAAS;YAAE,OAAO,IAAI,CAAC;QAE9B,kCAAkC;QAClC,IAAI,EAAE,CAAC,gBAAgB,IAAI,EAAE,CAAC,gBAAgB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC1D,IAAI,CAAC,EAAE,CAAC,gBAAgB,CAAC,QAAQ,CAAC,KAAK,CAAC,SAAS,CAAC;gBAAE,OAAO,IAAI,CAAC;QAClE,CAAC;QAED,6CAA6C;QAC7C,IAAI,EAAE,CAAC,iBAAiB,IAAI,KAAK,CAAC,MAAM,KAAK,OAAO;YAAE,OAAO,IAAI,CAAC;QAElE,oEAAoE;QACpE,IAAI,EAAE,CAAC,YAAY,EAAE,CAAC;YACpB,OAAO;gBACL,GAAG,KAAK;gBACR,QAAQ,EAAE;oBACR,QAAQ,EAAE,IAAI;oBACd,WAAW,EAAE,KAAK,CAAC,QAAQ,CAAC,WAAW;oBACvC,kBAAkB,EAAE,KAAK,CAAC,QAAQ,CAAC,kBAAyC;iBAC7E;aACF,CAAC;QACJ,CAAC;QAED,OAAO,KAAK,CAAC;IACf,CAAC;IAED;;;;;;OAMG;IACK,gBAAgB;QACtB,IAAI,CAAC,MAAM,GAAG,IAAI,CAAC;QACnB,IAAI,CAAC,kBAAkB,EAAE,EAAE,CAAC;QAC5B,IAAI,CAAC,kBAAkB,GAAG,IAAI,CAAC;QAC/B,qEAAqE;QACrE,uEAAuE;IACzE,CAAC;IAED;;;OAGG;IACK,aAAa;QACnB,IAAI,CAAC,MAAM,GAAG,KAAK,CAAC;QACpB,IAAI,IAAI,CAAC,GAAG,CAAC,WAAW,IAAI,CAAC,IAAI,CAAC,kBAAkB,EAAE,CAAC;YACrD,IAAI,CAAC,kBAAkB,GAAG,mBAAmB,CAAC;gBAC5C,UAAU,EAAE,IAAI,CAAC,GAAG,CAAC,YAAY;gBACjC,SAAS,EAAE,IAAI;aAChB,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED;;;;;;;;;;;OAWG;IACK,kBAAkB,CAAC,OAAe;QACxC,KAAK,OAAO,CAAC;QACb,IAAI,IAAI,CAAC,MAAM;YAAE,OAAO;QACxB,IAAI,CAAC,IAAI,CAAC,aAAa,CAAC,cAAc,EAAE,CAAC;YACvC,IAAI,CAAC;gBACH,OAAO,CAAC,IAAI,CAAC,0DAA0D,CAAC,CAAC;YAC3E,CAAC;YAAC,MAAM,CAAC;gBACP,2BAA2B;YAC7B,CAAC;YACD,OAAO;QACT,CAAC;QAED,IAAI,CAAC,MAAM;aACR,WAAW,CAAC,IAAI,CAAC,GAAG,CAAC,OAAO,EAAE,IAAI,CAAC,GAAG,CAAC,OAAO,CAAC;aAC/C,IAAI,CAAC,CAAC,MAAM,EAAE,EAAE;YACf,IAAI,CAAC,MAAM;gBAAE,OAAO;YACpB,MAAM,MAAM,GAAG,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;YACjD,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;gBACnB,IAAI,CAAC;oBACH,IAAI,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC;gBAC3B,CAAC;gBAAC,MAAM,CAAC;oBACP,8DAA8D;oBAC9D,8DAA8D;oBAC9D,MAAM,QAAQ,GAAG,IAAI,CAAC,aAAa,CAAC,QAAQ,EAAE,CAAC;oBAC/C,IAAI,QAAQ,EAAE,CAAC;wBACb,IAAI,CAAC;4BACH,IAAI,CAAC,WAAW,CAAC,QAAQ,CAAC,CAAC;wBAC7B,CAAC;wBAAC,MAAM,CAAC;4BACP,qDAAqD;wBACvD,CAAC;oBACH,CAAC;gBACH,CAAC;YACH,CAAC;iBAAM,CAAC;gBACN,IAAI,CAAC;oBACH,OAAO,CAAC,IAAI,CACV,kBAAkB,MAAM,CAAC,OAAO,cAAc,MAAM,CAAC,MAAM,EAAE;wBAC3D,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC,CAAC,YAAY,MAAM,CAAC,YAAY,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAClE,CAAC;gBACJ,CAAC;gBAAC,MAAM,CAAC;oBACP,2BAA2B;gBAC7B,CAAC;gBACD,IAAI,CAAC,qBAAqB,CAAC,MAAM,CAAC,OAAO,EAAE,MAAM,CAAC,MAAM,IAAI,SAAS,EAAE,MAAM,CAAC,YAAY,CAAC,CAAC;YAC9F,CAAC;QACH,CAAC,CAAC;aACD,KAAK,CAAC,GAAG,EAAE;YACV,mDAAmD;QACrD,CAAC,CAAC,CAAC;IACP,CAAC;IAED;;;;;;;;;;;OAWG;IACK,qBAAqB,CAC3B,OAAe,EACf,MAAc,EACd,YAA2B;QAE3B,MAAM,GAAG,GAAG,GAAG,OAAO,IAAI,MAAM,EAAE,CAAC;QACnC,IAAI,GAAG,KAAK,IAAI,CAAC,qBAAqB;YAAE,OAAO;QAC/C,IAAI,CAAC,qBAAqB,GAAG,GAAG,CAAC;QAEjC,MAAM,GAAG,GAAG;YACV,SAAS,EAAE,IAAI,CAAC,GAAG,CAAC,SAAS;YAC7B,OAAO,EAAE,IAAI,CAAC,GAAG,CAAC,OAAO;YACzB,YAAY,EAAE,IAAI,CAAC,GAAG,CAAC,YAAY;YACnC,OAAO,EAAE,IAAI,CAAC,GAAG,CAAC,OAAO;YACzB,SAAS,EAAE,IAAI,CAAC,GAAG,CAAC,SAAS;YAC7B,SAAS,EAAE,iBAAiB;YAC5B,QAAQ,EAAE,KAAc;YACxB,MAAM,EAAE,IAAI,CAAC,WAAW;YACxB,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YACnC,QAAQ,EAAE;gBACR,QAAQ,EAAE,IAAa;gBACvB,OAAO;gBACP,MAAM;gBACN,GAAG,CAAC,YAAY,CAAC,CAAC,CAAC,EAAE,YAAY,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;aAC1C;SACF,CAAC;QAEF,IAAI,KAAmB,CAAC;QACxB,IAAI,CAAC;YACH,KAAK,GAAG,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,QAAwB,CAAC;QAC9D,CAAC;QAAC,MAAM,CAAC;YACP,OAAO;QACT,CAAC;QAED,MAAM,OAAO,GAAG,IAAI,CAAC,kBAAkB,CAAC,KAAK,CAAC,CAAC;QAC/C,IAAI,OAAO,EAAE,CAAC;YACZ,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;QAC/B,CAAC;IACH,CAAC;IAED;;;OAGG;IACK,WAAW,CAAC,MAAyB;QAC3C,OAAO;QACP,IAAI,MAAM,CAAC,IAAI,KAAK,SAAS,IAAI,MAAM,CAAC,IAAI,KAAK,OAAO,EAAE,CAAC;YACzD,IAAI,CAAC,WAAW,GAAG,MAAM,CAAC,IAAI,CAAC;QACjC,CAAC;QAED,uDAAuD;QACvD,IAAI,CAAC,gBAAgB,CAAC,MAAM,CAAC,cAAc,IAAI,EAAE,CAAC,CAAC;QAEnD,2BAA2B;QAC3B,IAAI,CAAC,oBAAoB,CAAC,MAAM,CAAC,eAAe,CAAC,CAAC;QAElD,6BAA6B;QAC7B,IAAI,CAAC,aAAa,GAAG,MAAM,CAAC,aAAa,IAAI,IAAI,CAAC;IACpD,CAAC;IAED,2EAA2E;IACnE,gBAAgB,CAAC,KAAuD;QAC9E,MAAM,IAAI,GAAe,CAAC,GAAG,IAAI,CAAC,aAAa,CAAC,CAAC;QACjD,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACrB,MAAM,MAAM,GAAG,IAAI,kBAAkB,CAAC,KAAK,CAAC,CAAC;YAC7C,IAAI,MAAM,CAAC,IAAI,GAAG,CAAC;gBAAE,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QACzC,CAAC;QACD,IAAI,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC,cAAc,CAAC,CAAC;QAClC,IAAI,CAAC,SAAS,GAAG,IAAI,CAAC;IACxB,CAAC;IAED;;;;OAIG;IACK,oBAAoB,CAAC,GAA2B;QACtD,IAAI,CAAC,SAAS,GAAG,eAAe,CAAC,UAAU,CAAC,GAAG,IAAI,SAAS,CAAC,CAAC;IAChE,CAAC;CACF"}

package/dist/api-discovery/discovery-buffer.d.ts

@@ -0,0 +1,27 @@
+/**
+ * Periodic buffer that drains {@link EndpointObserver} and ships batches to
+ * the collector via {@link TransportClient.sendDiscovery}.
+ *
+ * - Flushes every `flushIntervalMs` milliseconds (default 60 s).
+ * - Sends at most 500 endpoints per HTTP call; splits into multiple calls if needed.
+ * - Fail-open: transport errors are swallowed so the host application is not affected.
+ */
+import type { TransportClient } from "../transport/client.js";
+import type { EndpointObserver } from "./endpoint-observer.js";
+export interface DiscoveryBufferOptions {
+    projectId: string;
+    agentId: string;
+    flushIntervalMs: number;
+}
+export declare class DiscoveryBuffer {
+    private readonly client;
+    private readonly observer;
+    private readonly projectId;
+    private readonly agentId;
+    private timer;
+    constructor(client: TransportClient, observer: EndpointObserver, opts: DiscoveryBufferOptions);
+    /** Stop the flush timer and send a final batch. */
+    stop(): Promise<void>;
+    private flush;
+}
+//# sourceMappingURL=discovery-buffer.d.ts.map

package/dist/api-discovery/discovery-buffer.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"discovery-buffer.d.ts","sourceRoot":"","sources":["../../src/api-discovery/discovery-buffer.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AACH,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,wBAAwB,CAAC;AAC9D,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,wBAAwB,CAAC;AAE/D,MAAM,WAAW,sBAAsB;IACrC,SAAS,EAAE,MAAM,CAAC;IAClB,OAAO,EAAE,MAAM,CAAC;IAChB,eAAe,EAAE,MAAM,CAAC;CACzB;AAID,qBAAa,eAAe;IAC1B,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAkB;IACzC,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAmB;IAC5C,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAS;IACnC,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAS;IACjC,OAAO,CAAC,KAAK,CAA+C;gBAG1D,MAAM,EAAE,eAAe,EACvB,QAAQ,EAAE,gBAAgB,EAC1B,IAAI,EAAE,sBAAsB;IAe9B,mDAAmD;IAC7C,IAAI,IAAI,OAAO,CAAC,IAAI,CAAC;YAQb,KAAK;CAqBpB"}