@rester159/blacktip 0.1.0 → 0.4.0

package/dist/diagnostics.d.ts

@@ -0,0 +1,150 @@
+/**
+ * Diagnostic primitives for stealth validation.
+ *
+ * Captures the actual TLS / HTTP2 / HTTP header fingerprint that BlackTip
+ * is sending, and queries free IP reputation services to score the
+ * current network. Used to diagnose why a specific anti-bot target is
+ * blocking us — see docs/akamai-bypass.md for the full methodology.
+ *
+ * The primitives here run via the active BlackTip browser session — they
+ * don't make HTTP requests directly from Node, because the whole point
+ * is to capture what the browser actually sends, not what Node would send.
+ */
+import type { BlackTip } from './blacktip.js';
+export interface FingerprintSnapshot {
+    capturedAt: string;
+    ip: string | null;
+    tls: {
+        ja3: string | null;
+        ja3Hash: string | null;
+        ja4: string | null;
+        firstCipher: string | null;
+        cipherCount: number | null;
+        firstExtension: string | null;
+        extensionCount: number | null;
+        tlsVersion: string | null;
+        /** True if first cipher is GREASE — Chrome's signature */
+        hasGreaseCipher: boolean;
+        /** True if first extension is GREASE — Chrome's signature */
+        hasGreaseExtension: boolean;
+        /** True if JA4 starts with t13d — TLS 1.3 with Chrome's count signature */
+        isChromeLikeJa4: boolean;
+    };
+    http2: {
+        akamaiFingerprint: string | null;
+        akamaiFingerprintHash: string | null;
+        /** Sequence of frame types sent by the client (Chrome: SETTINGS, WINDOW_UPDATE, HEADERS) */
+        sentFrames: string[] | null;
+    };
+    headers: {
+        userAgent: string | null;
+        secChUa: string | null;
+        secChUaMobile: string | null;
+        secChUaPlatform: string | null;
+        acceptLanguage: string | null;
+        acceptEncoding: string | null;
+        secFetchSite: string | null;
+        secFetchMode: string | null;
+        secFetchDest: string | null;
+        secFetchUser: string | null;
+        upgradeInsecureRequests: string | null;
+        /** Chrome version parsed from User-Agent (e.g. 125 from "Chrome/125.0.0.0") */
+        uaChromeVersion: number | null;
+        /** Chrome version parsed from Sec-Ch-Ua (e.g. 146 from `"Google Chrome";v="146"`) */
+        secChUaChromeVersion: number | null;
+        /**
+         * THE CRITICAL CHECK: do User-Agent and Sec-Ch-Ua report the same Chrome
+         * version? If false, Akamai / DataDome / PerimeterX will catch you. This
+         * is the L016 fingerprint consistency signal.
+         */
+        uaConsistent: boolean;
+    };
+}
+export interface IpReputationResult {
+    ip: string | null;
+    hostname: string | null;
+    asn: string | null;
+    org: string | null;
+    city: string | null;
+    region: string | null;
+    country: string | null;
+    loc: string | null;
+    timezone: string | null;
+    /** Heuristic: ASN matches a well-known datacenter / cloud provider */
+    isDatacenter: boolean;
+    /** Heuristic: ASN matches a residential ISP */
+    isResidential: boolean;
+    /** Free-form notes from the heuristic checks */
+    notes: string[];
+}
+export interface AkamaiTestResult {
+    url: string;
+    /** True if the page loaded normally (not the Akamai Access Denied error) */
+    passed: boolean;
+    finalUrl: string;
+    title: string;
+    /** Akamai's reference number from the block page (null if not blocked) */
+    akamaiReference: string | null;
+    /** First 300 chars of body — useful for diagnosis */
+    bodyPreview: string;
+    /** Suggested next step based on what we observed */
+    suggestion: string;
+    durationMs: number;
+}
+/** Anti-bot vendors that BlackTip's diagnostics can recognize. */
+export type AntiBotVendor = 'akamai' | 'datadome' | 'cloudflare' | 'perimeterx' | 'imperva' | 'kasada' | 'arkose' | 'unknown';
+export interface AntiBotTestResult {
+    url: string;
+    /** True if the page loaded normally (no recognised challenge or block) */
+    passed: boolean;
+    finalUrl: string;
+    title: string;
+    /** Vendors that left a tell on the rendered page (block OR challenge interstitial) */
+    detectedVendors: AntiBotVendor[];
+    /** Vendor signatures observed even on a passing page (cookies, scripts, headers) */
+    vendorSignals: {
+        vendor: AntiBotVendor;
+        signal: string;
+    }[];
+    /** Akamai reference number, if a block from Akamai */
+    akamaiReference: string | null;
+    /** First 300 chars of body — useful for diagnosis */
+    bodyPreview: string;
+    /** Suggested next step based on what we observed */
+    suggestion: string;
+    durationMs: number;
+}
+/**
+ * Capture the active session's TLS, HTTP/2, and HTTP header fingerprint
+ * by navigating to tls.peet.ws/api/all and httpbin.org/headers.
+ *
+ * Returns a structured snapshot you can use to verify your stealth state
+ * before hitting a real target. The most important field is
+ * `headers.uaConsistent` — if that's false, you're on a pre-v0.2.0 build
+ * with the L016 bug.
+ */
+export declare function captureFingerprint(bt: BlackTip): Promise<FingerprintSnapshot>;
+/**
+ * Query the active session's egress IP and ASN, score it against known
+ * datacenter / residential patterns, and return a structured result.
+ *
+ * Uses the free ipinfo.io endpoint which doesn't require an API key for
+ * basic queries. Doesn't query commercial reputation services (those
+ * require API keys); for those, integrate at the caller's level.
+ */
+export declare function checkIpReputation(bt: BlackTip): Promise<IpReputationResult>;
+/**
+ * Visit an Akamai-protected URL and report the result with diagnosis.
+ * Recognizes the Akamai Access Denied error page format and extracts
+ * the reference number for triage.
+ */
+export declare function testAgainstAkamai(bt: BlackTip, url: string): Promise<AkamaiTestResult>;
+/**
+ * Visit a URL and report whether any major anti-bot vendor served a
+ * challenge or block. Recognises Akamai, DataDome, Cloudflare, PerimeterX/HUMAN,
+ * Imperva, Kasada and Arkose. Captures vendor signals (cookies, scripts) even
+ * on a passing page so you can verify a target is actually protected and
+ * BlackTip is sliding past it — not a false negative on an unprotected URL.
+ */
+export declare function testAgainstAntiBot(bt: BlackTip, url: string): Promise<AntiBotTestResult>;
+//# sourceMappingURL=diagnostics.d.ts.map

package/dist/diagnostics.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"diagnostics.d.ts","sourceRoot":"","sources":["../src/diagnostics.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,eAAe,CAAC;AAI9C,MAAM,WAAW,mBAAmB;IAClC,UAAU,EAAE,MAAM,CAAC;IACnB,EAAE,EAAE,MAAM,GAAG,IAAI,CAAC;IAClB,GAAG,EAAE;QACH,GAAG,EAAE,MAAM,GAAG,IAAI,CAAC;QACnB,OAAO,EAAE,MAAM,GAAG,IAAI,CAAC;QACvB,GAAG,EAAE,MAAM,GAAG,IAAI,CAAC;QACnB,WAAW,EAAE,MAAM,GAAG,IAAI,CAAC;QAC3B,WAAW,EAAE,MAAM,GAAG,IAAI,CAAC;QAC3B,cAAc,EAAE,MAAM,GAAG,IAAI,CAAC;QAC9B,cAAc,EAAE,MAAM,GAAG,IAAI,CAAC;QAC9B,UAAU,EAAE,MAAM,GAAG,IAAI,CAAC;QAC1B,0DAA0D;QAC1D,eAAe,EAAE,OAAO,CAAC;QACzB,6DAA6D;QAC7D,kBAAkB,EAAE,OAAO,CAAC;QAC5B,2EAA2E;QAC3E,eAAe,EAAE,OAAO,CAAC;KAC1B,CAAC;IACF,KAAK,EAAE;QACL,iBAAiB,EAAE,MAAM,GAAG,IAAI,CAAC;QACjC,qBAAqB,EAAE,MAAM,GAAG,IAAI,CAAC;QACrC,4FAA4F;QAC5F,UAAU,EAAE,MAAM,EAAE,GAAG,IAAI,CAAC;KAC7B,CAAC;IACF,OAAO,EAAE;QACP,SAAS,EAAE,MAAM,GAAG,IAAI,CAAC;QACzB,OAAO,EAAE,MAAM,GAAG,IAAI,CAAC;QACvB,aAAa,EAAE,MAAM,GAAG,IAAI,CAAC;QAC7B,eAAe,EAAE,MAAM,GAAG,IAAI,CAAC;QAC/B,cAAc,EAAE,MAAM,GAAG,IAAI,CAAC;QAC9B,cAAc,EAAE,MAAM,GAAG,IAAI,CAAC;QAC9B,YAAY,EAAE,MAAM,GAAG,IAAI,CAAC;QAC5B,YAAY,EAAE,MAAM,GAAG,IAAI,CAAC;QAC5B,YAAY,EAAE,MAAM,GAAG,IAAI,CAAC;QAC5B,YAAY,EAAE,MAAM,GAAG,IAAI,CAAC;QAC5B,uBAAuB,EAAE,MAAM,GAAG,IAAI,CAAC;QACvC,+EAA+E;QAC/E,eAAe,EAAE,MAAM,GAAG,IAAI,CAAC;QAC/B,qFAAqF;QACrF,oBAAoB,EAAE,MAAM,GAAG,IAAI,CAAC;QACpC;;;;WAIG;QACH,YAAY,EAAE,OAAO,CAAC;KACvB,CAAC;CACH;AAED,MAAM,WAAW,kBAAkB;IACjC,EAAE,EAAE,MAAM,GAAG,IAAI,CAAC;IAClB,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAC;IACxB,GAAG,EAAE,MAAM,GAAG,IAAI,CAAC;IACnB,GAAG,EAAE,MAAM,GAAG,IAAI,CAAC;IACnB,IAAI,EAAE,MAAM,GAAG,IAAI,CAAC;IACpB,MAAM,EAAE,MAAM,GAAG,IAAI,CAAC;IACtB,OAAO,EAAE,MAAM,GAAG,IAAI,CAAC;IACvB,GAAG,EAAE,MAAM,GAAG,IAAI,CAAC;IACnB,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAC;IACxB,sEAAsE;IACtE,YAAY,EAAE,OAAO,CAAC;IACtB,+CAA+C;IAC/C,aAAa,EAAE,OAAO,CAAC;IACvB,gDAAgD;IAChD,KAAK,EAAE,MAAM,EAAE,CAAC;CACjB;AAED,MAAM,WAAW,gBAAgB;IAC/B,GAAG,EAAE,MAAM,CAAC;IACZ,4EAA4E;IAC5E,MAAM,EAAE,OAAO,CAAC;IAChB,QAAQ,EAAE,MAAM,CAAC;IACjB,KAAK,EAAE,MAAM,CAAC;IACd,0EAA0E;IAC1E,eAAe,EAAE,MAAM,GAAG,IAAI,CAAC;IAC/B,qDAAqD;IACrD,WAAW,EAAE,MAAM,CAAC;IACpB,oDAAoD;IACpD,UAAU,EAAE,MAAM,CAAC;IACnB,UAAU,EAAE,MAAM,CAAC;CACpB;AAED,kEAAkE;AAClE,MAAM,MAAM,aAAa,GACrB,QAAQ,GACR,UAAU,GACV,YAAY,GACZ,YAAY,GACZ,SAAS,GACT,QAAQ,GACR,QAAQ,GACR,SAAS,CAAC;AAEd,MAAM,WAAW,iBAAiB;IAChC,GAAG,EAAE,MAAM,CAAC;IACZ,0EAA0E;IAC1E,MAAM,EAAE,OAAO,CAAC;IAChB,QAAQ,EAAE,MAAM,CAAC;IACjB,KAAK,EAAE,MAAM,CAAC;IACd,sFAAsF;IACtF,eAAe,EAAE,aAAa,EAAE,CAAC;IACjC,oFAAoF;IACpF,aAAa,EAAE;QAAE,MAAM,EAAE,aAAa,CAAC;QAAC,MAAM,EAAE,MAAM,CAAA;KAAE,EAAE,CAAC;IAC3D,sDAAsD;IACtD,eAAe,EAAE,MAAM,GAAG,IAAI,CAAC;IAC/B,qDAAqD;IACrD,WAAW,EAAE,MAAM,CAAC;IACpB,oDAAoD;IACpD,UAAU,EAAE,MAAM,CAAC;IACnB,UAAU,EAAE,MAAM,CAAC;CACpB;AAqCD;;;;;;;;GAQG;AACH,wBAAsB,kBAAkB,CAAC,EAAE,EAAE,QAAQ,GAAG,OAAO,CAAC,mBAAmB,CAAC,CAuFnF;AAID;;;;;;;GAOG;AACH,wBAAsB,iBAAiB,CAAC,EAAE,EAAE,QAAQ,GAAG,OAAO,CAAC,kBAAkB,CAAC,CAsDjF;AAID;;;;GAIG;AACH,wBAAsB,iBAAiB,CAAC,EAAE,EAAE,QAAQ,EAAE,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,gBAAgB,CAAC,CA6D5F;AAyCD;;;;;;GAMG;AACH,wBAAsB,kBAAkB,CAAC,EAAE,EAAE,QAAQ,EAAE,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,iBAAiB,CAAC,CAoG9F"}

package/dist/diagnostics.js

@@ -0,0 +1,389 @@
+/**
+ * Diagnostic primitives for stealth validation.
+ *
+ * Captures the actual TLS / HTTP2 / HTTP header fingerprint that BlackTip
+ * is sending, and queries free IP reputation services to score the
+ * current network. Used to diagnose why a specific anti-bot target is
+ * blocking us — see docs/akamai-bypass.md for the full methodology.
+ *
+ * The primitives here run via the active BlackTip browser session — they
+ * don't make HTTP requests directly from Node, because the whole point
+ * is to capture what the browser actually sends, not what Node would send.
+ */
+// ── Datacenter ASN heuristics ──
+//
+// Not exhaustive — just covers the major cloud providers and known
+// datacenter ranges. If your IP is on one of these, Akamai will almost
+// certainly flag it. Add to this list as new providers come up.
+const DATACENTER_ASN_PATTERNS = [
+    { pattern: /AS16509|AS14618/, name: 'Amazon AWS' },
+    { pattern: /AS15169/, name: 'Google Cloud' },
+    { pattern: /AS8075/, name: 'Microsoft Azure' },
+    { pattern: /AS16276/, name: 'OVH' },
+    { pattern: /AS14061/, name: 'DigitalOcean' },
+    { pattern: /AS20473/, name: 'Choopa / Vultr' },
+    { pattern: /AS24940/, name: 'Hetzner' },
+    { pattern: /AS63949/, name: 'Linode / Akamai (compute)' },
+    { pattern: /AS133752/, name: 'Leaseweb' },
+    { pattern: /AS54641|AS19551/, name: 'Cloudflare (compute)' },
+    { pattern: /AS396982/, name: 'Google Cloud Platform (compute)' },
+    { pattern: /AS200600/, name: 'Aeza Group (cheap VPS)' },
+];
+const RESIDENTIAL_ASN_PATTERNS = [
+    { pattern: /AS5650|AS22773/, name: 'Frontier Communications / Cox (residential US)' },
+    { pattern: /AS7922/, name: 'Comcast (residential US)' },
+    { pattern: /AS7018/, name: 'AT&T (residential US)' },
+    { pattern: /AS20057|AS20115/, name: 'Charter / Spectrum (residential US)' },
+    { pattern: /AS6128/, name: 'Optimum / Cablevision (residential US)' },
+    { pattern: /AS33363/, name: 'BHN / Spectrum (residential US)' },
+    { pattern: /AS5089/, name: 'Virgin Media (residential UK)' },
+    { pattern: /AS3320/, name: 'Deutsche Telekom (residential DE)' },
+    { pattern: /AS9121/, name: 'Türk Telekom (residential TR)' },
+];
+// ── captureFingerprint ──
+/**
+ * Capture the active session's TLS, HTTP/2, and HTTP header fingerprint
+ * by navigating to tls.peet.ws/api/all and httpbin.org/headers.
+ *
+ * Returns a structured snapshot you can use to verify your stealth state
+ * before hitting a real target. The most important field is
+ * `headers.uaConsistent` — if that's false, you're on a pre-v0.2.0 build
+ * with the L016 bug.
+ */
+export async function captureFingerprint(bt) {
+    // Step 1: TLS + HTTP/2 fingerprint via tls.peet.ws
+    await bt.navigate('https://tls.peet.ws/api/all');
+    const peetRaw = (await bt.executeJS('document.body.innerText'));
+    const peet = JSON.parse(peetRaw);
+    // Step 2: HTTP headers via httpbin.org/headers
+    await bt.navigate('https://httpbin.org/headers');
+    const hbRaw = (await bt.executeJS('document.body.innerText'));
+    const hb = JSON.parse(hbRaw);
+    const headers = hb.headers ?? {};
+    const userAgent = headers['User-Agent'] ?? null;
+    const secChUa = headers['Sec-Ch-Ua'] ?? null;
+    // Parse Chrome version from User-Agent: "...Chrome/125.0.0.0..."
+    const uaMatch = userAgent ? userAgent.match(/Chrome\/(\d+)/) : null;
+    const uaChromeVersion = uaMatch ? parseInt(uaMatch[1], 10) : null;
+    // Parse Chrome version from Sec-Ch-Ua: `"Google Chrome";v="146"`
+    const chuaMatch = secChUa ? secChUa.match(/"Google Chrome";v="(\d+)/) : null;
+    const secChUaChromeVersion = chuaMatch ? parseInt(chuaMatch[1], 10) : null;
+    const uaConsistent = uaChromeVersion != null &&
+        secChUaChromeVersion != null &&
+        uaChromeVersion === secChUaChromeVersion;
+    const tlsBlock = peet.tls ?? {};
+    const ciphers = tlsBlock.ciphers ?? [];
+    const extensions = tlsBlock.extensions ?? [];
+    const ja4 = tlsBlock.ja4 ?? null;
+    return {
+        capturedAt: new Date().toISOString(),
+        ip: peet.ip ? peet.ip.split(':')[0] ?? null : null,
+        tls: {
+            ja3: tlsBlock.ja3 ?? null,
+            ja3Hash: tlsBlock.ja3_hash ?? null,
+            ja4,
+            firstCipher: ciphers[0] ?? null,
+            cipherCount: ciphers.length || null,
+            firstExtension: extensions[0]?.name ?? null,
+            extensionCount: extensions.length || null,
+            tlsVersion: tlsBlock.tls_version_negotiated ?? null,
+            hasGreaseCipher: !!(ciphers[0] && /GREASE/i.test(ciphers[0])),
+            hasGreaseExtension: !!(extensions[0]?.name && /GREASE/i.test(extensions[0].name)),
+            isChromeLikeJa4: !!(ja4 && /^t13d/.test(ja4)),
+        },
+        http2: {
+            akamaiFingerprint: peet.http2?.akamai_fingerprint ?? null,
+            akamaiFingerprintHash: peet.http2?.akamai_fingerprint_hash ?? null,
+            sentFrames: peet.http2?.sent_frames?.map((f) => f.frame_type ?? '') ?? null,
+        },
+        headers: {
+            userAgent,
+            secChUa,
+            secChUaMobile: headers['Sec-Ch-Ua-Mobile'] ?? null,
+            secChUaPlatform: headers['Sec-Ch-Ua-Platform'] ?? null,
+            acceptLanguage: headers['Accept-Language'] ?? null,
+            acceptEncoding: headers['Accept-Encoding'] ?? null,
+            secFetchSite: headers['Sec-Fetch-Site'] ?? null,
+            secFetchMode: headers['Sec-Fetch-Mode'] ?? null,
+            secFetchDest: headers['Sec-Fetch-Dest'] ?? null,
+            secFetchUser: headers['Sec-Fetch-User'] ?? null,
+            upgradeInsecureRequests: headers['Upgrade-Insecure-Requests'] ?? null,
+            uaChromeVersion,
+            secChUaChromeVersion,
+            uaConsistent,
+        },
+    };
+}
+// ── checkIpReputation ──
+/**
+ * Query the active session's egress IP and ASN, score it against known
+ * datacenter / residential patterns, and return a structured result.
+ *
+ * Uses the free ipinfo.io endpoint which doesn't require an API key for
+ * basic queries. Doesn't query commercial reputation services (those
+ * require API keys); for those, integrate at the caller's level.
+ */
+export async function checkIpReputation(bt) {
+    await bt.navigate('https://ipinfo.io/json');
+    const raw = (await bt.executeJS('document.body.innerText'));
+    let parsed;
+    try {
+        parsed = JSON.parse(raw);
+    }
+    catch {
+        parsed = {};
+    }
+    const org = parsed.org ?? null;
+    const notes = [];
+    let isDatacenter = false;
+    let isResidential = false;
+    if (org) {
+        for (const { pattern, name } of DATACENTER_ASN_PATTERNS) {
+            if (pattern.test(org)) {
+                isDatacenter = true;
+                notes.push(`Matches datacenter ASN: ${name}`);
+                break;
+            }
+        }
+        if (!isDatacenter) {
+            for (const { pattern, name } of RESIDENTIAL_ASN_PATTERNS) {
+                if (pattern.test(org)) {
+                    isResidential = true;
+                    notes.push(`Matches residential ISP: ${name}`);
+                    break;
+                }
+            }
+        }
+        if (!isDatacenter && !isResidential) {
+            notes.push('ASN not in known datacenter or residential lists — could be either');
+        }
+    }
+    else {
+        notes.push('Could not determine ASN');
+    }
+    return {
+        ip: parsed.ip ?? null,
+        hostname: parsed.hostname ?? null,
+        asn: org ? (org.match(/AS\d+/) ?? [])[0] ?? null : null,
+        org,
+        city: parsed.city ?? null,
+        region: parsed.region ?? null,
+        country: parsed.country ?? null,
+        loc: parsed.loc ?? null,
+        timezone: parsed.timezone ?? null,
+        isDatacenter,
+        isResidential,
+        notes,
+    };
+}
+// ── testAgainstAkamai ──
+/**
+ * Visit an Akamai-protected URL and report the result with diagnosis.
+ * Recognizes the Akamai Access Denied error page format and extracts
+ * the reference number for triage.
+ */
+export async function testAgainstAkamai(bt, url) {
+    const start = Date.now();
+    try {
+        await bt.navigate(url);
+        // Wait for the page to settle a moment so Akamai can render its block
+        // page if it's going to.
+        await new Promise((r) => setTimeout(r, 1500));
+        const info = (await bt.executeJS(`(() => ({
+      url: location.href,
+      title: document.title,
+      bodyPreview: (document.body ? document.body.innerText : '').slice(0, 600),
+    }))()`));
+        // Akamai Access Denied detection
+        const isBlocked = info.title === 'Access Denied' ||
+            /You don't have permission to access/i.test(info.bodyPreview) ||
+            /errors\.edgesuite\.net/i.test(info.bodyPreview);
+        // Extract Akamai reference number if present
+        const refMatch = info.bodyPreview.match(/Reference\s*#([0-9a-f.]+)/);
+        const akamaiReference = refMatch ? refMatch[1] ?? null : null;
+        let suggestion;
+        if (!isBlocked) {
+            suggestion = 'Page loaded successfully. No Akamai block detected.';
+        }
+        else {
+            suggestion = [
+                'Akamai blocked the request at the edge. Diagnosis steps:',
+                '1. Run `bt.captureFingerprint()` and check `headers.uaConsistent`. If false, upgrade BlackTip to v0.2.0+.',
+                '2. Run `bt.checkIpReputation()`. If `isDatacenter: true`, switch to a residential network or proxy.',
+                '3. Test the same URL in your normal Chrome from the same machine. If that ALSO blocks, your IP is flagged — switch networks.',
+                '4. Try `bt.warmSession({sites: [...]})` before the target navigation.',
+                '5. Try with `userDataDir` set in BlackTipConfig for a persistent profile.',
+                `Akamai reference: ${akamaiReference ?? 'unknown'}`,
+            ].join('\n');
+        }
+        return {
+            url,
+            passed: !isBlocked,
+            finalUrl: info.url,
+            title: info.title,
+            akamaiReference,
+            bodyPreview: info.bodyPreview.slice(0, 300),
+            suggestion,
+            durationMs: Date.now() - start,
+        };
+    }
+    catch (err) {
+        return {
+            url,
+            passed: false,
+            finalUrl: url,
+            title: '',
+            akamaiReference: null,
+            bodyPreview: '',
+            suggestion: `Navigation threw: ${err instanceof Error ? err.message : String(err)}`,
+            durationMs: Date.now() - start,
+        };
+    }
+}
+// ── testAgainstAntiBot ──
+//
+// Generic anti-bot probe that recognises Akamai, DataDome, Cloudflare,
+// PerimeterX/HUMAN, Imperva, Kasada and Arkose. Validated against the
+// scoreboard in docs/anti-bot-validation.md.
+const VENDOR_BLOCK_PATTERNS = [
+    { vendor: 'akamai', titleRe: /^Access Denied$/, bodyRe: /You don't have permission to access|errors\.edgesuite\.net/i },
+    { vendor: 'datadome', bodyRe: /geo\.captcha-delivery\.com|captcha-delivery\.com|please enable javascript and cookies to continue|datado\.me/i },
+    { vendor: 'cloudflare', titleRe: /^Just a moment\.\.\.$|^Attention Required! \| Cloudflare$/, bodyRe: /Checking your browser before accessing|cf-browser-verification|challenges\.cloudflare\.com|Sorry, you have been blocked/i },
+    { vendor: 'perimeterx', titleRe: /^Access to this page has been denied/, bodyRe: /Press (?:&|and) Hold to confirm you (?:are|are not) a human|px-captcha|perimeterx\.net|human\.com/i },
+    { vendor: 'imperva', bodyRe: /Request unsuccessful\. Incapsula incident ID|_Incapsula_Resource|Incapsula incident/i },
+    { vendor: 'kasada', bodyRe: /kpsdk|ips\.js\?|kasada/i },
+    { vendor: 'arkose', bodyRe: /client-api\.arkoselabs\.com|funcaptcha/i },
+];
+const VENDOR_SCRIPT_SIGNAL_QUERY = `(() => {
+  const out = [];
+  const html = document.documentElement.outerHTML;
+  if (/datado\\.me|js\\.datadome\\.co/i.test(html)) out.push({vendor:'datadome', signal:'script'});
+  if (/perimeterx|px-cdn|px-captcha|human-security/i.test(html)) out.push({vendor:'perimeterx', signal:'script'});
+  if (/challenges\\.cloudflare\\.com|cdn-cgi\\/challenge-platform/i.test(html)) out.push({vendor:'cloudflare', signal:'script'});
+  if (/akam\\/|ak\\.bmpsdk|akamaihd\\.net\\/sensor/i.test(html)) out.push({vendor:'akamai', signal:'script'});
+  if (/x-kpsdk-/i.test(html)) out.push({vendor:'kasada', signal:'script'});
+  return JSON.stringify(out);
+})()`;
+// Cookie-name patterns for the vendor cookie checks. Run against the
+// full cookie jar from BlackTip's cookies API (which includes httpOnly
+// cookies that document.cookie can't see — cf_clearance, __cf_bm,
+// _abck, datadome, etc. are all httpOnly).
+const VENDOR_COOKIE_PATTERNS = [
+    { vendor: 'datadome', nameRe: /^(datadome|dd_cookie_test_|dd_s)/i },
+    { vendor: 'perimeterx', nameRe: /^_px[a-z0-9]*$|^_pxhd$/i },
+    { vendor: 'cloudflare', nameRe: /^(cf_clearance|__cf_bm|__cflb|_cfuvid)$/i },
+    { vendor: 'akamai', nameRe: /^(_abck|bm_sz|ak_bmsc|bm_sv|bm_mi|bm_so)$/i },
+    { vendor: 'imperva', nameRe: /^(visid_incap_|incap_ses_)/i },
+];
+/**
+ * Visit a URL and report whether any major anti-bot vendor served a
+ * challenge or block. Recognises Akamai, DataDome, Cloudflare, PerimeterX/HUMAN,
+ * Imperva, Kasada and Arkose. Captures vendor signals (cookies, scripts) even
+ * on a passing page so you can verify a target is actually protected and
+ * BlackTip is sliding past it — not a false negative on an unprotected URL.
+ */
+export async function testAgainstAntiBot(bt, url) {
+    const start = Date.now();
+    try {
+        await bt.navigate(url);
+        await new Promise((r) => setTimeout(r, 2500));
+        const info = (await bt.executeJS(`(() => ({
+      url: location.href,
+      title: document.title,
+      bodyPreview: (document.body ? document.body.innerText : '').slice(0, 800),
+    }))()`));
+        const detectedVendors = [];
+        for (const { vendor, titleRe, bodyRe } of VENDOR_BLOCK_PATTERNS) {
+            if ((titleRe && titleRe.test(info.title)) || (bodyRe && bodyRe.test(info.bodyPreview))) {
+                if (!detectedVendors.includes(vendor))
+                    detectedVendors.push(vendor);
+            }
+        }
+        const scriptSignalsRaw = (await bt.executeJS(VENDOR_SCRIPT_SIGNAL_QUERY));
+        const vendorSignals = [];
+        try {
+            const scriptSignals = JSON.parse(scriptSignalsRaw);
+            vendorSignals.push(...scriptSignals);
+        }
+        catch { /* leave empty */ }
+        // Cookie signals — read via the cookies API so we see httpOnly cookies
+        // (cf_clearance, __cf_bm, _abck, datadome, etc. are all httpOnly and
+        // invisible to document.cookie). The current page's eTLD+1 is what we
+        // care about — we don't want to leak signals from prior navigations
+        // in the same session.
+        try {
+            const allCookies = await bt.cookies();
+            const currentHost = (() => {
+                try {
+                    return new URL(info.url).hostname;
+                }
+                catch {
+                    return null;
+                }
+            })();
+            const seen = new Set();
+            for (const c of allCookies) {
+                if (currentHost) {
+                    // Match cookies whose domain is a parent or equal of the current host.
+                    const cookieDomain = c.domain.replace(/^\./, '');
+                    if (currentHost !== cookieDomain && !currentHost.endsWith('.' + cookieDomain))
+                        continue;
+                }
+                for (const { vendor, nameRe } of VENDOR_COOKIE_PATTERNS) {
+                    if (nameRe.test(c.name)) {
+                        const key = vendor + ':cookie';
+                        if (!seen.has(key)) {
+                            vendorSignals.push({ vendor, signal: 'cookie' });
+                            seen.add(key);
+                        }
+                    }
+                }
+            }
+        }
+        catch { /* cookies API may fail in edge cases — leave script signals */ }
+        const refMatch = info.bodyPreview.match(/Reference\s*#([0-9a-f.]+)/);
+        const akamaiReference = detectedVendors.includes('akamai') && refMatch ? refMatch[1] ?? null : null;
+        const passed = detectedVendors.length === 0;
+        const suggestion = passed
+            ? vendorSignals.length > 0
+                ? `Page loaded successfully. Vendor signals present (${vendorSignals.map((s) => s.vendor).join(', ')}) — target is protected and BlackTip is passing.`
+                : 'Page loaded successfully. No anti-bot vendor signals detected — the target may not be protected.'
+            : [
+                `Blocked by: ${detectedVendors.join(', ')}.`,
+                'Diagnosis steps:',
+                '1. `bt.captureFingerprint()` — verify `headers.uaConsistent` is true.',
+                '2. `bt.checkIpReputation()` — if `isDatacenter: true`, switch to a residential proxy.',
+                '3. Test the same URL in your normal Chrome from this machine. If that also blocks, the IP is flagged.',
+                '4. `bt.warmSession({sites: [...]})` before retrying.',
+                '5. Set `userDataDir` in BlackTipConfig for a persistent profile.',
+                akamaiReference ? `Akamai reference: ${akamaiReference}` : '',
+            ].filter(Boolean).join('\n');
+        return {
+            url,
+            passed,
+            finalUrl: info.url,
+            title: info.title,
+            detectedVendors,
+            vendorSignals,
+            akamaiReference,
+            bodyPreview: info.bodyPreview.slice(0, 300),
+            suggestion,
+            durationMs: Date.now() - start,
+        };
+    }
+    catch (err) {
+        return {
+            url,
+            passed: false,
+            finalUrl: url,
+            title: '',
+            detectedVendors: [],
+            vendorSignals: [],
+            akamaiReference: null,
+            bodyPreview: '',
+            suggestion: `Navigation threw: ${err instanceof Error ? err.message : String(err)}`,
+            durationMs: Date.now() - start,
+        };
+    }
+}
+//# sourceMappingURL=diagnostics.js.map

package/dist/diagnostics.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"diagnostics.js","sourceRoot":"","sources":["../src/diagnostics.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAuHH,kCAAkC;AAClC,EAAE;AACF,mEAAmE;AACnE,uEAAuE;AACvE,gEAAgE;AAEhE,MAAM,uBAAuB,GAAwC;IACnE,EAAE,OAAO,EAAE,iBAAiB,EAAE,IAAI,EAAE,YAAY,EAAE;IAClD,EAAE,OAAO,EAAE,SAAS,EAAE,IAAI,EAAE,cAAc,EAAE;IAC5C,EAAE,OAAO,EAAE,QAAQ,EAAE,IAAI,EAAE,iBAAiB,EAAE;IAC9C,EAAE,OAAO,EAAE,SAAS,EAAE,IAAI,EAAE,KAAK,EAAE;IACnC,EAAE,OAAO,EAAE,SAAS,EAAE,IAAI,EAAE,cAAc,EAAE;IAC5C,EAAE,OAAO,EAAE,SAAS,EAAE,IAAI,EAAE,gBAAgB,EAAE;IAC9C,EAAE,OAAO,EAAE,SAAS,EAAE,IAAI,EAAE,SAAS,EAAE;IACvC,EAAE,OAAO,EAAE,SAAS,EAAE,IAAI,EAAE,2BAA2B,EAAE;IACzD,EAAE,OAAO,EAAE,UAAU,EAAE,IAAI,EAAE,UAAU,EAAE;IACzC,EAAE,OAAO,EAAE,iBAAiB,EAAE,IAAI,EAAE,sBAAsB,EAAE;IAC5D,EAAE,OAAO,EAAE,UAAU,EAAE,IAAI,EAAE,iCAAiC,EAAE;IAChE,EAAE,OAAO,EAAE,UAAU,EAAE,IAAI,EAAE,wBAAwB,EAAE;CACxD,CAAC;AAEF,MAAM,wBAAwB,GAAwC;IACpE,EAAE,OAAO,EAAE,gBAAgB,EAAE,IAAI,EAAE,gDAAgD,EAAE;IACrF,EAAE,OAAO,EAAE,QAAQ,EAAE,IAAI,EAAE,0BAA0B,EAAE;IACvD,EAAE,OAAO,EAAE,QAAQ,EAAE,IAAI,EAAE,uBAAuB,EAAE;IACpD,EAAE,OAAO,EAAE,iBAAiB,EAAE,IAAI,EAAE,qCAAqC,EAAE;IAC3E,EAAE,OAAO,EAAE,QAAQ,EAAE,IAAI,EAAE,wCAAwC,EAAE;IACrE,EAAE,OAAO,EAAE,SAAS,EAAE,IAAI,EAAE,iCAAiC,EAAE;IAC/D,EAAE,OAAO,EAAE,QAAQ,EAAE,IAAI,EAAE,+BAA+B,EAAE;IAC5D,EAAE,OAAO,EAAE,QAAQ,EAAE,IAAI,EAAE,mCAAmC,EAAE;IAChE,EAAE,OAAO,EAAE,QAAQ,EAAE,IAAI,EAAE,+BAA+B,EAAE;CAC7D,CAAC;AAEF,2BAA2B;AAE3B;;;;;;;;GAQG;AACH,MAAM,CAAC,KAAK,UAAU,kBAAkB,CAAC,EAAY;IACnD,mDAAmD;IACnD,MAAM,EAAE,CAAC,QAAQ,CAAC,6BAA6B,CAAC,CAAC;IACjD,MAAM,OAAO,GAAG,CAAC,MAAM,EAAE,CAAC,SAAS,CAAC,yBAAyB,CAAC,CAAW,CAAC;IAC1E,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAgB9B,CAAC;IAEF,+CAA+C;IAC/C,MAAM,EAAE,CAAC,QAAQ,CAAC,6BAA6B,CAAC,CAAC;IACjD,MAAM,KAAK,GAAG,CAAC,MAAM,EAAE,CAAC,SAAS,CAAC,yBAAyB,CAAC,CAAW,CAAC;IACxE,MAAM,EAAE,GAAG,IAAI,CAAC,KAAK,CAAC,KAAK,CAAyC,CAAC;IACrE,MAAM,OAAO,GAAG,EAAE,CAAC,OAAO,IAAI,EAAE,CAAC;IAEjC,MAAM,SAAS,GAAG,OAAO,CAAC,YAAY,CAAC,IAAI,IAAI,CAAC;IAChD,MAAM,OAAO,GAAG,OAAO,CAAC,WAAW,CAAC,IAAI,IAAI,CAAC;IAE7C,iEAAiE;IACjE,MAAM,OAAO,GAAG,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC,KAAK,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;IACpE,MAAM,eAAe,GAAG,OAAO,CAAC,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAE,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;IAEnE,iEAAiE;IACjE,MAAM,SAAS,GAAG,OAAO,CAAC,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC,0BAA0B,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;IAC7E,MAAM,oBAAoB,GAAG,SAAS,CAAC,CAAC,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC,CAAE,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;IAE5E,MAAM,YAAY,GAChB,eAAe,IAAI,IAAI;QACvB,oBAAoB,IAAI,IAAI;QAC5B,eAAe,KAAK,oBAAoB,CAAC;IAE3C,MAAM,QAAQ,GAAG,IAAI,CAAC,GAAG,IAAI,EAAE,CAAC;IAChC,MAAM,OAAO,GAAG,QAAQ,CAAC,OAAO,IAAI,EAAE,CAAC;IACvC,MAAM,UAAU,GAAG,QAAQ,CAAC,UAAU,IAAI,EAAE,CAAC;IAC7C,MAAM,GAAG,GAAG,QAAQ,CAAC,GAAG,IAAI,IAAI,CAAC;IAEjC,OAAO;QACL,UAAU,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;QACpC,EAAE,EAAE,IAAI,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC,CAAC,CAAC,IAAI;QAClD,GAAG,EAAE;YACH,GAAG,EAAE,QAAQ,CAAC,GAAG,IAAI,IAAI;YACzB,OAAO,EAAE,QAAQ,CAAC,QAAQ,IAAI,IAAI;YAClC,GAAG;YACH,WAAW,EAAE,OAAO,CAAC,CAAC,CAAC,IAAI,IAAI;YAC/B,WAAW,EAAE,OAAO,CAAC,MAAM,IAAI,IAAI;YACnC,cAAc,EAAE,UAAU,CAAC,CAAC,CAAC,EAAE,IAAI,IAAI,IAAI;YAC3C,cAAc,EAAE,UAAU,CAAC,MAAM,IAAI,IAAI;YACzC,UAAU,EAAE,QAAQ,CAAC,sBAAsB,IAAI,IAAI;YACnD,eAAe,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,SAAS,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC;YAC7D,kBAAkB,EAAE,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,EAAE,IAAI,IAAI,SAAS,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;YACjF,eAAe,EAAE,CAAC,CAAC,CAAC,GAAG,IAAI,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;SAC9C;QACD,KAAK,EAAE;YACL,iBAAiB,EAAE,IAAI,CAAC,KAAK,EAAE,kBAAkB,IAAI,IAAI;YACzD,qBAAqB,EAAE,IAAI,CAAC,KAAK,EAAE,uBAAuB,IAAI,IAAI;YAClE,UAAU,EAAE,IAAI,CAAC,KAAK,EAAE,WAAW,EAAE,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,UAAU,IAAI,EAAE,CAAC,IAAI,IAAI;SAC5E;QACD,OAAO,EAAE;YACP,SAAS;YACT,OAAO;YACP,aAAa,EAAE,OAAO,CAAC,kBAAkB,CAAC,IAAI,IAAI;YAClD,eAAe,EAAE,OAAO,CAAC,oBAAoB,CAAC,IAAI,IAAI;YACtD,cAAc,EAAE,OAAO,CAAC,iBAAiB,CAAC,IAAI,IAAI;YAClD,cAAc,EAAE,OAAO,CAAC,iBAAiB,CAAC,IAAI,IAAI;YAClD,YAAY,EAAE,OAAO,CAAC,gBAAgB,CAAC,IAAI,IAAI;YAC/C,YAAY,EAAE,OAAO,CAAC,gBAAgB,CAAC,IAAI,IAAI;YAC/C,YAAY,EAAE,OAAO,CAAC,gBAAgB,CAAC,IAAI,IAAI;YAC/C,YAAY,EAAE,OAAO,CAAC,gBAAgB,CAAC,IAAI,IAAI;YAC/C,uBAAuB,EAAE,OAAO,CAAC,2BAA2B,CAAC,IAAI,IAAI;YACrE,eAAe;YACf,oBAAoB;YACpB,YAAY;SACb;KACF,CAAC;AACJ,CAAC;AAED,0BAA0B;AAE1B;;;;;;;GAOG;AACH,MAAM,CAAC,KAAK,UAAU,iBAAiB,CAAC,EAAY;IAClD,MAAM,EAAE,CAAC,QAAQ,CAAC,wBAAwB,CAAC,CAAC;IAC5C,MAAM,GAAG,GAAG,CAAC,MAAM,EAAE,CAAC,SAAS,CAAC,yBAAyB,CAAC,CAAW,CAAC;IACtE,IAAI,MAA8B,CAAC;IACnC,IAAI,CAAC;QACH,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAA2B,CAAC;IACrD,CAAC;IAAC,MAAM,CAAC;QACP,MAAM,GAAG,EAAE,CAAC;IACd,CAAC;IAED,MAAM,GAAG,GAAG,MAAM,CAAC,GAAG,IAAI,IAAI,CAAC;IAC/B,MAAM,KAAK,GAAa,EAAE,CAAC;IAE3B,IAAI,YAAY,GAAG,KAAK,CAAC;IACzB,IAAI,aAAa,GAAG,KAAK,CAAC;IAE1B,IAAI,GAAG,EAAE,CAAC;QACR,KAAK,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,IAAI,uBAAuB,EAAE,CAAC;YACxD,IAAI,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC;gBACtB,YAAY,GAAG,IAAI,CAAC;gBACpB,KAAK,CAAC,IAAI,CAAC,2BAA2B,IAAI,EAAE,CAAC,CAAC;gBAC9C,MAAM;YACR,CAAC;QACH,CAAC;QACD,IAAI,CAAC,YAAY,EAAE,CAAC;YAClB,KAAK,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,IAAI,wBAAwB,EAAE,CAAC;gBACzD,IAAI,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC;oBACtB,aAAa,GAAG,IAAI,CAAC;oBACrB,KAAK,CAAC,IAAI,CAAC,4BAA4B,IAAI,EAAE,CAAC,CAAC;oBAC/C,MAAM;gBACR,CAAC;YACH,CAAC;QACH,CAAC;QACD,IAAI,CAAC,YAAY,IAAI,CAAC,aAAa,EAAE,CAAC;YACpC,KAAK,CAAC,IAAI,CAAC,oEAAoE,CAAC,CAAC;QACnF,CAAC;IACH,CAAC;SAAM,CAAC;QACN,KAAK,CAAC,IAAI,CAAC,yBAAyB,CAAC,CAAC;IACxC,CAAC;IAED,OAAO;QACL,EAAE,EAAE,MAAM,CAAC,EAAE,IAAI,IAAI;QACrB,QAAQ,EAAE,MAAM,CAAC,QAAQ,IAAI,IAAI;QACjC,GAAG,EAAE,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC,CAAC,CAAC,IAAI;QACvD,GAAG;QACH,IAAI,EAAE,MAAM,CAAC,IAAI,IAAI,IAAI;QACzB,MAAM,EAAE,MAAM,CAAC,MAAM,IAAI,IAAI;QAC7B,OAAO,EAAE,MAAM,CAAC,OAAO,IAAI,IAAI;QAC/B,GAAG,EAAE,MAAM,CAAC,GAAG,IAAI,IAAI;QACvB,QAAQ,EAAE,MAAM,CAAC,QAAQ,IAAI,IAAI;QACjC,YAAY;QACZ,aAAa;QACb,KAAK;KACN,CAAC;AACJ,CAAC;AAED,0BAA0B;AAE1B;;;;GAIG;AACH,MAAM,CAAC,KAAK,UAAU,iBAAiB,CAAC,EAAY,EAAE,GAAW;IAC/D,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IACzB,IAAI,CAAC;QACH,MAAM,EAAE,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC;QACvB,sEAAsE;QACtE,yBAAyB;QACzB,MAAM,IAAI,OAAO,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,UAAU,CAAC,CAAC,EAAE,IAAI,CAAC,CAAC,CAAC;QAE9C,MAAM,IAAI,GAAG,CAAC,MAAM,EAAE,CAAC,SAAS,CAAC;;;;UAI3B,CAAC,CAAwD,CAAC;QAEhE,iCAAiC;QACjC,MAAM,SAAS,GACb,IAAI,CAAC,KAAK,KAAK,eAAe;YAC9B,sCAAsC,CAAC,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC;YAC7D,yBAAyB,CAAC,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;QAEnD,6CAA6C;QAC7C,MAAM,QAAQ,GAAG,IAAI,CAAC,WAAW,CAAC,KAAK,CAAC,2BAA2B,CAAC,CAAC;QACrE,MAAM,eAAe,GAAG,QAAQ,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC;QAE9D,IAAI,UAAkB,CAAC;QACvB,IAAI,CAAC,SAAS,EAAE,CAAC;YACf,UAAU,GAAG,qDAAqD,CAAC;QACrE,CAAC;aAAM,CAAC;YACN,UAAU,GAAG;gBACX,0DAA0D;gBAC1D,2GAA2G;gBAC3G,qGAAqG;gBACrG,8HAA8H;gBAC9H,uEAAuE;gBACvE,2EAA2E;gBAC3E,qBAAqB,eAAe,IAAI,SAAS,EAAE;aACpD,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACf,CAAC;QAED,OAAO;YACL,GAAG;YACH,MAAM,EAAE,CAAC,SAAS;YAClB,QAAQ,EAAE,IAAI,CAAC,GAAG;YAClB,KAAK,EAAE,IAAI,CAAC,KAAK;YACjB,eAAe;YACf,WAAW,EAAE,IAAI,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC;YAC3C,UAAU;YACV,UAAU,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK;SAC/B,CAAC;IACJ,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,OAAO;YACL,GAAG;YACH,MAAM,EAAE,KAAK;YACb,QAAQ,EAAE,GAAG;YACb,KAAK,EAAE,EAAE;YACT,eAAe,EAAE,IAAI;YACrB,WAAW,EAAE,EAAE;YACf,UAAU,EAAE,qBAAqB,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE;YACnF,UAAU,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK;SAC/B,CAAC;IACJ,CAAC;AACH,CAAC;AAED,2BAA2B;AAC3B,EAAE;AACF,uEAAuE;AACvE,sEAAsE;AACtE,6CAA6C;AAE7C,MAAM,qBAAqB,GAAmE;IAC5F,EAAE,MAAM,EAAE,QAAQ,EAAE,OAAO,EAAE,iBAAiB,EAAE,MAAM,EAAE,6DAA6D,EAAE;IACvH,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,EAAE,+GAA+G,EAAE;IAC/I,EAAE,MAAM,EAAE,YAAY,EAAE,OAAO,EAAE,2DAA2D,EAAE,MAAM,EAAE,0HAA0H,EAAE;IAClO,EAAE,MAAM,EAAE,YAAY,EAAE,OAAO,EAAE,sCAAsC,EAAE,MAAM,EAAE,oGAAoG,EAAE;IACvL,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,EAAE,sFAAsF,EAAE;IACrH,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,yBAAyB,EAAE;IACvD,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,yCAAyC,EAAE;CACxE,CAAC;AAEF,MAAM,0BAA0B,GAAG;;;;;;;;;KAS9B,CAAC;AAEN,qEAAqE;AACrE,uEAAuE;AACvE,kEAAkE;AAClE,2CAA2C;AAC3C,MAAM,sBAAsB,GAAgD;IAC1E,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,EAAE,mCAAmC,EAAE;IACnE,EAAE,MAAM,EAAE,YAAY,EAAE,MAAM,EAAE,yBAAyB,EAAE;IAC3D,EAAE,MAAM,EAAE,YAAY,EAAE,MAAM,EAAE,0CAA0C,EAAE;IAC5E,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,4CAA4C,EAAE;IAC1E,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,EAAE,6BAA6B,EAAE;CAC7D,CAAC;AAEF;;;;;;GAMG;AACH,MAAM,CAAC,KAAK,UAAU,kBAAkB,CAAC,EAAY,EAAE,GAAW;IAChE,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IACzB,IAAI,CAAC;QACH,MAAM,EAAE,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC;QACvB,MAAM,IAAI,OAAO,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,UAAU,CAAC,CAAC,EAAE,IAAI,CAAC,CAAC,CAAC;QAE9C,MAAM,IAAI,GAAG,CAAC,MAAM,EAAE,CAAC,SAAS,CAAC;;;;UAI3B,CAAC,CAAwD,CAAC;QAEhE,MAAM,eAAe,GAAoB,EAAE,CAAC;QAC5C,KAAK,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,IAAI,qBAAqB,EAAE,CAAC;YAChE,IAAI,CAAC,OAAO,IAAI,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,MAAM,IAAI,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,EAAE,CAAC;gBACvF,IAAI,CAAC,eAAe,CAAC,QAAQ,CAAC,MAAM,CAAC;oBAAE,eAAe,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;YACtE,CAAC;QACH,CAAC;QAED,MAAM,gBAAgB,GAAG,CAAC,MAAM,EAAE,CAAC,SAAS,CAAC,0BAA0B,CAAC,CAAW,CAAC;QACpF,MAAM,aAAa,GAAgD,EAAE,CAAC;QACtE,IAAI,CAAC;YACH,MAAM,aAAa,GAAG,IAAI,CAAC,KAAK,CAAC,gBAAgB,CAAgD,CAAC;YAClG,aAAa,CAAC,IAAI,CAAC,GAAG,aAAa,CAAC,CAAC;QACvC,CAAC;QAAC,MAAM,CAAC,CAAC,iBAAiB,CAAC,CAAC;QAE7B,uEAAuE;QACvE,qEAAqE;QACrE,sEAAsE;QACtE,oEAAoE;QACpE,uBAAuB;QACvB,IAAI,CAAC;YACH,MAAM,UAAU,GAAG,MAAM,EAAE,CAAC,OAAO,EAAE,CAAC;YACtC,MAAM,WAAW,GAAG,CAAC,GAAG,EAAE;gBACxB,IAAI,CAAC;oBAAC,OAAO,IAAI,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,QAAQ,CAAC;gBAAC,CAAC;gBAAC,MAAM,CAAC;oBAAC,OAAO,IAAI,CAAC;gBAAC,CAAC;YACnE,CAAC,CAAC,EAAE,CAAC;YACL,MAAM,IAAI,GAAG,IAAI,GAAG,EAAU,CAAC;YAC/B,KAAK,MAAM,CAAC,IAAI,UAAU,EAAE,CAAC;gBAC3B,IAAI,WAAW,EAAE,CAAC;oBAChB,uEAAuE;oBACvE,MAAM,YAAY,GAAG,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;oBACjD,IAAI,WAAW,KAAK,YAAY,IAAI,CAAC,WAAW,CAAC,QAAQ,CAAC,GAAG,GAAG,YAAY,CAAC;wBAAE,SAAS;gBAC1F,CAAC;gBACD,KAAK,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,IAAI,sBAAsB,EAAE,CAAC;oBACxD,IAAI,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC;wBACxB,MAAM,GAAG,GAAG,MAAM,GAAG,SAAS,CAAC;wBAC/B,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC;4BACnB,aAAa,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE,CAAC,CAAC;4BACjD,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;wBAChB,CAAC;oBACH,CAAC;gBACH,CAAC;YACH,CAAC;QACH,CAAC;QAAC,MAAM,CAAC,CAAC,+DAA+D,CAAC,CAAC;QAE3E,MAAM,QAAQ,GAAG,IAAI,CAAC,WAAW,CAAC,KAAK,CAAC,2BAA2B,CAAC,CAAC;QACrE,MAAM,eAAe,GAAG,eAAe,CAAC,QAAQ,CAAC,QAAQ,CAAC,IAAI,QAAQ,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC;QAEpG,MAAM,MAAM,GAAG,eAAe,CAAC,MAAM,KAAK,CAAC,CAAC;QAC5C,MAAM,UAAU,GAAG,MAAM;YACvB,CAAC,CAAC,aAAa,CAAC,MAAM,GAAG,CAAC;gBACxB,CAAC,CAAC,qDAAqD,aAAa,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,kDAAkD;gBACtJ,CAAC,CAAC,kGAAkG;YACtG,CAAC,CAAC;gBACE,eAAe,eAAe,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG;gBAC5C,kBAAkB;gBAClB,uEAAuE;gBACvE,uFAAuF;gBACvF,uGAAuG;gBACvG,sDAAsD;gBACtD,kEAAkE;gBAClE,eAAe,CAAC,CAAC,CAAC,qBAAqB,eAAe,EAAE,CAAC,CAAC,CAAC,EAAE;aAC9D,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAEjC,OAAO;YACL,GAAG;YACH,MAAM;YACN,QAAQ,EAAE,IAAI,CAAC,GAAG;YAClB,KAAK,EAAE,IAAI,CAAC,KAAK;YACjB,eAAe;YACf,aAAa;YACb,eAAe;YACf,WAAW,EAAE,IAAI,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC;YAC3C,UAAU;YACV,UAAU,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK;SAC/B,CAAC;IACJ,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,OAAO;YACL,GAAG;YACH,MAAM,EAAE,KAAK;YACb,QAAQ,EAAE,GAAG;YACb,KAAK,EAAE,EAAE;YACT,eAAe,EAAE,EAAE;YACnB,aAAa,EAAE,EAAE;YACjB,eAAe,EAAE,IAAI;YACrB,WAAW,EAAE,EAAE;YACf,UAAU,EAAE,qBAAqB,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE;YACnF,UAAU,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK;SAC/B,CAAC;IACJ,CAAC;AACH,CAAC"}