@roxy-agent/agents 0.1.0

package/dist/classifier.js

@@ -0,0 +1,436 @@
+import os from "node:os";
+import path from "node:path";
+import { getBuiltinRuleOverrides, getAppSetting } from "./db.js";
+// ---------------------------------------------------------------------------
+// Built-in rule override map. Cached in memory; refreshed on every CRUD via
+// the dashboard. Disabled rules are still listed but skipped at classify
+// time.
+// ---------------------------------------------------------------------------
+let _overrideCache = null;
+export function refreshBuiltinRuleOverrides() {
+    _overrideCache = getBuiltinRuleOverrides();
+}
+function isRuleEnabled(id) {
+    if (_overrideCache === null) {
+        try {
+            _overrideCache = getBuiltinRuleOverrides();
+        }
+        catch {
+            _overrideCache = new Map();
+        }
+    }
+    const v = _overrideCache.get(id);
+    return v === undefined ? true : v; // default: enabled
+}
+// Returns true when the high-risk regex tier should escalate to HITL approval
+// instead of the legacy "flagged but allowed" verdict. Default: on.
+function highRiskRequiresApproval() {
+    if (process.env.AGENT_PROXY_REQUIRE_APPROVAL_HIGH === "0")
+        return false;
+    if (process.env.AGENT_PROXY_REQUIRE_APPROVAL_HIGH === "1")
+        return true;
+    try {
+        const v = getAppSetting("require_approval_high_risk");
+        if (v === "0" || v === "false")
+            return false;
+        return true;
+    }
+    catch {
+        return true;
+    }
+}
+// ---------------------------------------------------------------------------
+// Bash command classification
+// ---------------------------------------------------------------------------
+// Patterns that are always denied — no exceptions.
+export const DENY_PATTERNS = [
+    { id: "deny.rm-rf-root", pattern: /\brm\s+-[rRfF]+\s+\/(?!\w)/, reason: "rm -rf /" },
+    { id: "deny.rm-rf-home", pattern: /\brm\s+-[rRfF]+\s+~\s*$/, reason: "rm -rf ~" },
+    { id: "deny.curl-pipe-shell", pattern: /\bcurl\b[^|]*\|\s*(bash|sh|zsh|ksh|fish)\b/, reason: "curl | shell (supply chain)" },
+    { id: "deny.wget-pipe-shell", pattern: /\bwget\b[^|]*\|\s*(bash|sh|zsh|ksh|fish)\b/, reason: "wget | shell (supply chain)" },
+    { id: "deny.mkfs", pattern: /\bmkfs\.[a-z0-9]+/i, reason: "filesystem format" },
+    { id: "deny.dd-raw-device", pattern: /\bdd\b[^|;&]*\bof=\/dev\//, reason: "dd to raw device" },
+    { id: "deny.fork-bomb", pattern: /:\s*\(\s*\)\s*\{\s*:\s*\|\s*:\s*&\s*\}\s*;?\s*:/, reason: "fork bomb" },
+    { id: "deny.shutdown", pattern: /\bshutdown\b\s+-/, reason: "system shutdown" },
+    { id: "deny.halt-reboot", pattern: /\b(halt|poweroff|reboot)\b\s*(-|$)/, reason: "system halt/reboot" },
+    { id: "deny.base64-pipe-shell", pattern: /\bbase64\s+(-d|--decode|-D)\b[^|]*\|\s*(bash|sh|zsh|ksh|fish|python\d?|perl|ruby)\b/, reason: "base64-decoded payload piped to shell" },
+    { id: "deny.eval-curl", pattern: /\beval\s+["']?\$\(\s*(curl|wget|fetch)\b/, reason: "eval $(curl/wget …) — remote code exec" },
+    { id: "deny.proc-sub-curl", pattern: /<\(\s*(curl|wget|fetch)\b[^)]*\)/, reason: "process-substitution from curl/wget" },
+    { id: "deny.raw-device-write", pattern: />\s*\/dev\/(sd[a-z]|nvme\d|hd[a-z]|disk\d|md\d)\b/i, reason: "writing to raw block device" },
+];
+// Patterns that are flagged as high risk — allowed but surfaced.
+export const HIGH_RISK_PATTERNS = [
+    { id: "high.rm-recursive", pattern: /\brm\s+-[rRfF]+/, reason: "recursive delete" },
+    { id: "high.sudo", pattern: /\bsudo\b/, reason: "privilege escalation" },
+    { id: "high.chmod-world-writable", pattern: /\bchmod\s+(-R\s+)?[0-7]*7{2,3}\b/, reason: "world-writable permissions" },
+    { id: "high.chmod-setuid", pattern: /\bchmod\s+[ugoa]*\+s\b/, reason: "setuid/setgid bit" },
+    { id: "high.write-etc", pattern: /(>|>>)\s*\/etc\//, reason: "writing under /etc" },
+    { id: "high.write-system-path", pattern: /(>|>>)\s*\/(usr|bin|sbin|boot|var)\//, reason: "writing under system path" },
+    { id: "high.write-shell-rc", pattern: /(>|>>)\s*\S*\.(bashrc|zshrc|bash_profile|zprofile|zshenv|profile|inputrc)(?=$|\s|;|&|\||#)/, reason: "writing to shell rc/profile (persistence)" },
+    { id: "high.outbound-ssh", pattern: /\bssh\s+\S+@/, reason: "outbound ssh" },
+    { id: "high.outbound-scp", pattern: /\bscp\s+/, reason: "outbound scp" },
+    { id: "high.git-push", pattern: /\bgit\s+push\b/, reason: "git push" },
+    { id: "high.npm-publish", pattern: /\bnpm\s+publish\b/, reason: "npm publish" },
+    { id: "high.yarn-pnpm-publish", pattern: /\b(yarn|pnpm)\s+publish\b/, reason: "yarn/pnpm publish" },
+    { id: "high.aws-cli", pattern: /\baws\s+/, reason: "AWS CLI" },
+    { id: "high.gcloud-cli", pattern: /\bgcloud\s+/, reason: "gcloud CLI" },
+    { id: "high.kubectl-mutating", pattern: /\bkubectl\s+(delete|apply|patch|replace)\b/, reason: "kubectl mutating op" },
+    { id: "high.docker-destructive", pattern: /\bdocker\s+(rm|rmi|system\s+prune)\b/, reason: "docker destructive op" },
+    { id: "high.download-remote-file", pattern: /\b(curl|wget)\b.+\b(--output|-o|-O)\b/, reason: "downloading remote file" },
+    // Reverse-shell signatures
+    { id: "high.dev-tcp-socket", pattern: /\/dev\/tcp\/[\w.-]+\/\d+/, reason: "/dev/tcp socket (reverse shell)" },
+    { id: "high.nc-e-shell", pattern: /\b(nc|ncat|netcat)\b[^;|&]*\s-[a-zA-Z]*e[a-zA-Z]*\b\s*\/?\w*\/?(bash|sh|zsh)/, reason: "netcat -e shell (reverse shell)" },
+    { id: "high.nc-exec", pattern: /\b(nc|ncat|netcat)\b[^;|&]*\s--exec\b/, reason: "netcat --exec (reverse shell)" },
+    // Credential / secret reads
+    { id: "high.read-ssh-key", pattern: /\b(cat|less|more|head|tail|bat)\b[^|;&]*~?\/?\.ssh\/(id_[a-z0-9]+|authorized_keys|known_hosts)\b/, reason: "reading SSH key/secret" },
+    { id: "high.read-aws-credentials", pattern: /\b(cat|less|more|head|tail|bat)\b[^|;&]*~?\/?\.aws\/credentials\b/, reason: "reading AWS credentials" },
+    { id: "high.read-system-secret", pattern: /\b(cat|less|more|head|tail|bat)\b[^|;&]*\/etc\/(shadow|sudoers|passwd)\b/, reason: "reading sensitive system file" },
+    { id: "high.upload-credential-form", pattern: /\b(curl|wget)\b[^;|&]*\s-[A-Za-z]*[FT]\s*[\S]*@~?\/?\.(ssh|aws|gnupg|kube|config\/gcloud)\//, reason: "uploading credential file via curl/wget" },
+    { id: "high.upload-credential-data", pattern: /\b(curl|wget)\b[^;|&]*\s--(data-binary|upload-file)\b[^;|&]*@~?\/?\.(ssh|aws|gnupg|kube|config\/gcloud)\//, reason: "uploading credential file via curl/wget (data)" },
+    // Persistence
+    { id: "high.crontab-pipe", pattern: /\|\s*crontab\s+-/, reason: "modifying crontab via pipe" },
+    { id: "high.crontab-modify", pattern: /\bcrontab\s+(-e|-r|-l\s*$)/, reason: "modifying crontab" },
+    { id: "high.launchctl-persistence", pattern: /\blaunchctl\s+(load|bootstrap|enable|kickstart|asuser)\b/, reason: "launchd persistence" },
+    // Database destruction (via CLI eval flags)
+    { id: "high.mongo-destructive", pattern: /\bmongo(sh)?\b[^;|&]*--eval\b[^;|&]*\b(drop|remove|deleteMany)\b/i, reason: "destructive mongo eval" },
+    // Cryptominer binaries
+    { id: "high.cryptominer", pattern: /\b(xmrig|cgminer|ccminer|ethminer|nbminer|t-rex|nanominer|phoenixminer|lolminer)\b/i, reason: "cryptominer binary" },
+    // Mass file encryption (ransomware-shaped)
+    { id: "high.mass-file-encrypt", pattern: /\bfind\s+\S+[^;|&]*-exec\s+(openssl\s+enc|gpg\s+(-c|--symmetric|-e|--encrypt))\b/, reason: "mass file encryption (ransomware-shaped)" },
+    // Disk wipe via shred
+    { id: "high.shred-block-device", pattern: /\bshred\s+(-[a-zA-Z]+\s+)*\/dev\/(sd[a-z]|nvme\d|hd[a-z]|disk\d|md\d)\b/i, reason: "shred raw block device" },
+    // History / log evasion
+    { id: "high.history-clear", pattern: /\bhistory\s+-c\b/, reason: "clearing shell history" },
+    { id: "high.history-truncate", pattern: /(^|[\s;&|])>\s*~?\/?\.\w*_history\b/, reason: "truncating shell history file" },
+    { id: "high.histfile-unset", pattern: /\bunset\s+HISTFILE\b/, reason: "disabling shell history (HISTFILE)" },
+    { id: "high.histsize-zero", pattern: /\bexport\s+HISTSIZE=0\b/, reason: "disabling shell history (HISTSIZE)" },
+    // Browser / app data theft
+    { id: "high.browser-sql", pattern: /\bsqlite3\b[^;|&]*~?\/?(Library\/(Application Support|Cookies)|\.config\/(google-chrome|chromium|BraveSoftware)|AppData\/Local\/(Google|Microsoft|BraveSoftware))/i, reason: "browser/app data SQL access" },
+    { id: "high.browser-profile-copy", pattern: /\bcp\s+-[rR][^;|&]*~?\/?(Library\/Application\\?\s*Support|\.config)\/(Google|Mozilla|BraveSoftware|Microsoft|Slack|Signal)/i, reason: "copying browser/app profile data" },
+];
+export const MEDIUM_RISK_PATTERNS = [
+    { id: "medium.git-destructive", pattern: /\bgit\s+(reset\s+--hard|clean\s+-[fF])/, reason: "git destructive op" },
+    { id: "medium.package-install", pattern: /\b(npm|yarn|pnpm)\s+install\b/, reason: "package install" },
+    { id: "medium.outbound-network", pattern: /\b(curl|wget)\b/, reason: "outbound network call" },
+    { id: "medium.absolute-cd", pattern: /\bcd\s+\//, reason: "absolute directory change" },
+    { id: "medium.parent-traversal", pattern: /\.\.\//, reason: "parent directory traversal" },
+];
+// Hard-deny pre-filter. Always runs first, never depends on the ML model.
+function checkBashDeny(command) {
+    for (const rule of DENY_PATTERNS) {
+        if (!isRuleEnabled(rule.id))
+            continue;
+        if (rule.pattern.test(command)) {
+            return {
+                risk_level: "high",
+                decision: "denied",
+                reason: `denied: ${rule.reason}`,
+            };
+        }
+    }
+    return null;
+}
+// Synchronous, regex-only classifier. Kept as the deterministic fallback
+// when the ML model is loading, disabled, or low-confidence.
+export function classifyBashCommand(command) {
+    const normalized = command.trim();
+    const deny = checkBashDeny(normalized);
+    if (deny)
+        return deny;
+    for (const rule of HIGH_RISK_PATTERNS) {
+        if (!isRuleEnabled(rule.id))
+            continue;
+        if (rule.pattern.test(normalized)) {
+            const decision = highRiskRequiresApproval()
+                ? "pending_approval"
+                : "flagged";
+            return { risk_level: "high", decision, reason: rule.reason };
+        }
+    }
+    for (const rule of MEDIUM_RISK_PATTERNS) {
+        if (!isRuleEnabled(rule.id))
+            continue;
+        if (rule.pattern.test(normalized)) {
+            return { risk_level: "medium", decision: "allowed", reason: rule.reason };
+        }
+    }
+    return { risk_level: "low", decision: "allowed", reason: "passed all checks" };
+}
+// Risk ordering for "most conservative wins" combination. We never want the
+// ML model to silently downgrade a command that the rule-based classifier
+// thought was risky.
+const RISK_RANK = { low: 0, medium: 1, high: 2 };
+const DECISION_RANK = {
+    allowed: 0,
+    flagged: 1,
+    pending_approval: 2,
+    denied: 3,
+};
+function moreConservative(a, b) {
+    // Pick whichever has the stricter decision; tiebreak on risk level.
+    if (DECISION_RANK[a.decision] !== DECISION_RANK[b.decision]) {
+        return DECISION_RANK[a.decision] > DECISION_RANK[b.decision] ? a : b;
+    }
+    if (RISK_RANK[a.risk_level] !== RISK_RANK[b.risk_level]) {
+        return RISK_RANK[a.risk_level] > RISK_RANK[b.risk_level] ? a : b;
+    }
+    return a;
+}
+// Async classifier that uses the ML model when ready and falls back to the
+// rule-based classifier otherwise. Hard-deny patterns short-circuit before
+// any ML call.
+//
+// Imported lazily so this module can still be loaded in environments where
+// the ML deps aren't installed (e.g. minimal builds, tests).
+export async function classifyBashCommandAsync(command) {
+    const normalized = command.trim();
+    const deny = checkBashDeny(normalized);
+    if (deny)
+        return deny;
+    // 2. User-defined natural-language policies (allow / block).
+    const policy = await applyPolicies(normalized, "bash");
+    if (policy)
+        return policy;
+    // ML disabled? Skip straight to rules.
+    if (process.env.AGENT_PROXY_ML === "0") {
+        return classifyBashCommand(normalized);
+    }
+    const ruleResult = classifyBashCommand(normalized);
+    try {
+        const { classifyBashML } = await import("./ml/bash-classifier.js");
+        const mlResult = await classifyBashML(normalized);
+        if (!mlResult)
+            return ruleResult;
+        return moreConservative(ruleResult, mlResult);
+    }
+    catch {
+        return ruleResult;
+    }
+}
+// Run user-defined policies for a given tool. Returns a Classification when
+// a policy matches, or null when no policy applies and the rule/ML chain
+// should run normally.
+async function applyPolicies(description, tool) {
+    if (process.env.AGENT_PROXY_POLICIES === "0")
+        return null;
+    try {
+        const { matchPolicy } = await import("./policies.js");
+        const { block, approve, allow } = await matchPolicy(description, tool);
+        if (block) {
+            return {
+                risk_level: "high",
+                decision: "denied",
+                reason: `denied: policy #${block.policy.id} "${block.policy.description}" (sim=${block.similarity.toFixed(2)})`,
+            };
+        }
+        if (approve) {
+            return {
+                risk_level: "high",
+                decision: "pending_approval",
+                reason: `approval required: policy #${approve.policy.id} "${approve.policy.description}" (sim=${approve.similarity.toFixed(2)})`,
+            };
+        }
+        if (allow) {
+            return {
+                risk_level: "low",
+                decision: "allowed",
+                reason: `allowed by policy #${allow.policy.id} "${allow.policy.description}" (sim=${allow.similarity.toFixed(2)})`,
+            };
+        }
+        return null;
+    }
+    catch {
+        return null;
+    }
+}
+// Async wrappers for filesystem and network. These don't have an ML model
+// yet, but they DO benefit from natural-language policies.
+export async function classifyFilePathAsync(filePath, operation) {
+    // Hard structural checks (sensitive paths) run first via the sync rules.
+    const op = operation === "list" ? "read" : operation;
+    const ruleResult = classifyFilePath(filePath, op);
+    if (ruleResult.decision === "denied")
+        return ruleResult;
+    const policy = await applyPolicies(`${operation} file ${filePath}`, "filesystem");
+    if (policy) {
+        if (policy.decision === "denied")
+            return policy;
+        if (policy.decision === "pending_approval")
+            return policy;
+        // Allow policies de-escalate, but never below an explicit denied rule
+        // (already returned). Take the more conservative of (rules, allow) when
+        // rules are stricter — i.e. allow can downgrade flagged → allowed but
+        // not silently un-deny.
+        if (policy.decision === "allowed")
+            return policy;
+    }
+    return ruleResult;
+}
+export async function classifyNetworkRequestAsync(url, method = "GET") {
+    const ruleResult = classifyNetworkRequest(url, method);
+    if (ruleResult.decision === "denied")
+        return ruleResult;
+    const policy = await applyPolicies(`${method.toUpperCase()} ${url}`, "network");
+    if (policy) {
+        if (policy.decision === "denied")
+            return policy;
+        if (policy.decision === "pending_approval")
+            return policy;
+        if (policy.decision === "allowed")
+            return policy;
+    }
+    return ruleResult;
+}
+// ---------------------------------------------------------------------------
+// Filesystem classification
+// ---------------------------------------------------------------------------
+const HOME = os.homedir();
+// Sensitive locations. Stored as already-expanded paths so `path.includes`
+// matches reliably regardless of how the agent expressed the path.
+const SENSITIVE_PATH_FRAGMENTS = [
+    "/etc/",
+    "/root/",
+    "/var/log/",
+    "/private/etc/",
+    path.join(HOME, ".ssh"),
+    path.join(HOME, ".aws"),
+    path.join(HOME, ".gcp"),
+    path.join(HOME, ".config", "gcloud"),
+    path.join(HOME, ".kube"),
+    path.join(HOME, ".docker"),
+    path.join(HOME, ".npmrc"),
+    path.join(HOME, ".netrc"),
+    path.join(HOME, ".gitconfig"),
+];
+const SENSITIVE_NAME_FRAGMENTS = [
+    ".env",
+    "id_rsa",
+    "id_ed25519",
+    "id_ecdsa",
+    "credentials",
+    "secret",
+    "secrets",
+    "private_key",
+    ".pem",
+    ".pfx",
+    ".keystore",
+];
+function expandPath(p) {
+    if (p.startsWith("~/"))
+        return path.join(HOME, p.slice(2));
+    if (p === "~")
+        return HOME;
+    return p;
+}
+function isSensitivePath(filePath) {
+    const expanded = expandPath(filePath);
+    const normalized = path.resolve(expanded).toLowerCase();
+    for (const frag of SENSITIVE_PATH_FRAGMENTS) {
+        if (normalized.includes(frag.toLowerCase()))
+            return frag;
+    }
+    const base = path.basename(normalized);
+    for (const frag of SENSITIVE_NAME_FRAGMENTS) {
+        if (base.includes(frag.toLowerCase()))
+            return frag;
+    }
+    return null;
+}
+export function classifyFilePath(filePath, operation) {
+    const sensitiveHit = isSensitivePath(filePath);
+    if (operation === "delete") {
+        return {
+            risk_level: "high",
+            decision: "flagged",
+            reason: sensitiveHit
+                ? `delete on sensitive path (${sensitiveHit})`
+                : "file deletion",
+        };
+    }
+    if (sensitiveHit) {
+        // Writing to a sensitive path is denied; reading is flagged so the user
+        // is aware but the agent can still proceed.
+        if (operation === "write") {
+            return {
+                risk_level: "high",
+                decision: "denied",
+                reason: `denied: write to sensitive path (${sensitiveHit})`,
+            };
+        }
+        return {
+            risk_level: "high",
+            decision: "flagged",
+            reason: `read of sensitive path (${sensitiveHit})`,
+        };
+    }
+    if (operation === "write") {
+        return {
+            risk_level: "medium",
+            decision: "allowed",
+            reason: "file write",
+        };
+    }
+    return { risk_level: "low", decision: "allowed", reason: "safe file read" };
+}
+// ---------------------------------------------------------------------------
+// Network classification
+// ---------------------------------------------------------------------------
+const LOCAL_HOSTS = new Set(["localhost", "127.0.0.1", "::1", "0.0.0.0"]);
+const SCRIPT_EXT_RE = /\.(sh|bash|zsh|fish|py|rb|pl|ps1|psm1)(\?|#|$)/i;
+const PRIVATE_RANGES = [
+    /^10\./,
+    /^192\.168\./,
+    /^172\.(1[6-9]|2[0-9]|3[01])\./,
+    /^169\.254\./,
+];
+export function classifyNetworkRequest(url, method = "GET") {
+    let parsed;
+    try {
+        parsed = new URL(url);
+    }
+    catch {
+        return {
+            risk_level: "high",
+            decision: "denied",
+            reason: "denied: invalid URL",
+        };
+    }
+    if (SCRIPT_EXT_RE.test(parsed.pathname)) {
+        return {
+            risk_level: "high",
+            decision: "denied",
+            reason: "denied: fetching executable script",
+        };
+    }
+    if (parsed.protocol !== "http:" && parsed.protocol !== "https:") {
+        return {
+            risk_level: "high",
+            decision: "denied",
+            reason: `denied: unsupported protocol ${parsed.protocol}`,
+        };
+    }
+    const host = parsed.hostname;
+    const isLocal = LOCAL_HOSTS.has(host) || PRIVATE_RANGES.some((re) => re.test(host));
+    const upperMethod = method.toUpperCase();
+    const isMutating = upperMethod !== "GET" && upperMethod !== "HEAD";
+    if (isLocal) {
+        return {
+            risk_level: "low",
+            decision: "allowed",
+            reason: "local network request",
+        };
+    }
+    if (isMutating) {
+        return {
+            risk_level: "high",
+            decision: "flagged",
+            reason: `external ${upperMethod} request`,
+        };
+    }
+    return {
+        risk_level: "medium",
+        decision: "flagged",
+        reason: "external network request",
+    };
+}
+//# sourceMappingURL=classifier.js.map

package/dist/classifier.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"classifier.js","sourceRoot":"","sources":["../src/classifier.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,SAAS,CAAC;AACzB,OAAO,IAAI,MAAM,WAAW,CAAC;AAC7B,OAAO,EAAE,uBAAuB,EAAE,aAAa,EAAE,MAAM,SAAS,CAAC;AAiBjE,8EAA8E;AAC9E,4EAA4E;AAC5E,yEAAyE;AACzE,QAAQ;AACR,8EAA8E;AAE9E,IAAI,cAAc,GAAgC,IAAI,CAAC;AAEvD,MAAM,UAAU,2BAA2B;IACzC,cAAc,GAAG,uBAAuB,EAAE,CAAC;AAC7C,CAAC;AAED,SAAS,aAAa,CAAC,EAAU;IAC/B,IAAI,cAAc,KAAK,IAAI,EAAE,CAAC;QAC5B,IAAI,CAAC;YACH,cAAc,GAAG,uBAAuB,EAAE,CAAC;QAC7C,CAAC;QAAC,MAAM,CAAC;YACP,cAAc,GAAG,IAAI,GAAG,EAAE,CAAC;QAC7B,CAAC;IACH,CAAC;IACD,MAAM,CAAC,GAAG,cAAc,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IACjC,OAAO,CAAC,KAAK,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,mBAAmB;AACxD,CAAC;AAED,8EAA8E;AAC9E,oEAAoE;AACpE,SAAS,wBAAwB;IAC/B,IAAI,OAAO,CAAC,GAAG,CAAC,iCAAiC,KAAK,GAAG;QAAE,OAAO,KAAK,CAAC;IACxE,IAAI,OAAO,CAAC,GAAG,CAAC,iCAAiC,KAAK,GAAG;QAAE,OAAO,IAAI,CAAC;IACvE,IAAI,CAAC;QACH,MAAM,CAAC,GAAG,aAAa,CAAC,4BAA4B,CAAC,CAAC;QACtD,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC,KAAK,OAAO;YAAE,OAAO,KAAK,CAAC;QAC7C,OAAO,IAAI,CAAC;IACd,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,8EAA8E;AAC9E,8BAA8B;AAC9B,8EAA8E;AAE9E,mDAAmD;AACnD,MAAM,CAAC,MAAM,aAAa,GAAkB;IAC1C,EAAE,EAAE,EAAE,iBAAiB,EAAE,OAAO,EAAE,4BAA4B,EAAE,MAAM,EAAE,UAAU,EAAE;IACpF,EAAE,EAAE,EAAE,iBAAiB,EAAE,OAAO,EAAE,yBAAyB,EAAE,MAAM,EAAE,UAAU,EAAE;IACjF,EAAE,EAAE,EAAE,sBAAsB,EAAE,OAAO,EAAE,4CAA4C,EAAE,MAAM,EAAE,6BAA6B,EAAE;IAC5H,EAAE,EAAE,EAAE,sBAAsB,EAAE,OAAO,EAAE,4CAA4C,EAAE,MAAM,EAAE,6BAA6B,EAAE;IAC5H,EAAE,EAAE,EAAE,WAAW,EAAE,OAAO,EAAE,oBAAoB,EAAE,MAAM,EAAE,mBAAmB,EAAE;IAC/E,EAAE,EAAE,EAAE,oBAAoB,EAAE,OAAO,EAAE,2BAA2B,EAAE,MAAM,EAAE,kBAAkB,EAAE;IAC9F,EAAE,EAAE,EAAE,gBAAgB,EAAE,OAAO,EAAE,iDAAiD,EAAE,MAAM,EAAE,WAAW,EAAE;IACzG,EAAE,EAAE,EAAE,eAAe,EAAE,OAAO,EAAE,kBAAkB,EAAE,MAAM,EAAE,iBAAiB,EAAE;IAC/E,EAAE,EAAE,EAAE,kBAAkB,EAAE,OAAO,EAAE,oCAAoC,EAAE,MAAM,EAAE,oBAAoB,EAAE;IACvG,EAAE,EAAE,EAAE,wBAAwB,EAAE,OAAO,EAAE,qFAAqF,EAAE,MAAM,EAAE,uCAAuC,EAAE;IACjL,EAAE,EAAE,EAAE,gBAAgB,EAAE,OAAO,EAAE,0CAA0C,EAAE,MAAM,EAAE,wCAAwC,EAAE;IAC/H,EAAE,EAAE,EAAE,oBAAoB,EAAE,OAAO,EAAE,kCAAkC,EAAE,MAAM,EAAE,qCAAqC,EAAE;IACxH,EAAE,EAAE,EAAE,uBAAuB,EAAE,OAAO,EAAE,oDAAoD,EAAE,MAAM,EAAE,6BAA6B,EAAE;CACtI,CAAC;AAEF,iEAAiE;AACjE,MAAM,CAAC,MAAM,kBAAkB,GAAkB;IAC/C,EAAE,EAAE,EAAE,mBAAmB,EAAE,OAAO,EAAE,iBAAiB,EAAE,MAAM,EAAE,kBAAkB,EAAE;IACnF,EAAE,EAAE,EAAE,WAAW,EAAE,OAAO,EAAE,UAAU,EAAE,MAAM,EAAE,sBAAsB,EAAE;IACxE,EAAE,EAAE,EAAE,2BAA2B,EAAE,OAAO,EAAE,kCAAkC,EAAE,MAAM,EAAE,4BAA4B,EAAE;IACtH,EAAE,EAAE,EAAE,mBAAmB,EAAE,OAAO,EAAE,wBAAwB,EAAE,MAAM,EAAE,mBAAmB,EAAE;IAC3F,EAAE,EAAE,EAAE,gBAAgB,EAAE,OAAO,EAAE,kBAAkB,EAAE,MAAM,EAAE,oBAAoB,EAAE;IACnF,EAAE,EAAE,EAAE,wBAAwB,EAAE,OAAO,EAAE,sCAAsC,EAAE,MAAM,EAAE,2BAA2B,EAAE;IACtH,EAAE,EAAE,EAAE,qBAAqB,EAAE,OAAO,EAAE,4FAA4F,EAAE,MAAM,EAAE,2CAA2C,EAAE;IACzL,EAAE,EAAE,EAAE,mBAAmB,EAAE,OAAO,EAAE,cAAc,EAAE,MAAM,EAAE,cAAc,EAAE;IAC5E,EAAE,EAAE,EAAE,mBAAmB,EAAE,OAAO,EAAE,UAAU,EAAE,MAAM,EAAE,cAAc,EAAE;IACxE,EAAE,EAAE,EAAE,eAAe,EAAE,OAAO,EAAE,gBAAgB,EAAE,MAAM,EAAE,UAAU,EAAE;IACtE,EAAE,EAAE,EAAE,kBAAkB,EAAE,OAAO,EAAE,mBAAmB,EAAE,MAAM,EAAE,aAAa,EAAE;IAC/E,EAAE,EAAE,EAAE,wBAAwB,EAAE,OAAO,EAAE,2BAA2B,EAAE,MAAM,EAAE,mBAAmB,EAAE;IACnG,EAAE,EAAE,EAAE,cAAc,EAAE,OAAO,EAAE,UAAU,EAAE,MAAM,EAAE,SAAS,EAAE;IAC9D,EAAE,EAAE,EAAE,iBAAiB,EAAE,OAAO,EAAE,aAAa,EAAE,MAAM,EAAE,YAAY,EAAE;IACvE,EAAE,EAAE,EAAE,uBAAuB,EAAE,OAAO,EAAE,4CAA4C,EAAE,MAAM,EAAE,qBAAqB,EAAE;IACrH,EAAE,EAAE,EAAE,yBAAyB,EAAE,OAAO,EAAE,sCAAsC,EAAE,MAAM,EAAE,uBAAuB,EAAE;IACnH,EAAE,EAAE,EAAE,2BAA2B,EAAE,OAAO,EAAE,uCAAuC,EAAE,MAAM,EAAE,yBAAyB,EAAE;IAExH,2BAA2B;IAC3B,EAAE,EAAE,EAAE,qBAAqB,EAAE,OAAO,EAAE,0BAA0B,EAAE,MAAM,EAAE,iCAAiC,EAAE;IAC7G,EAAE,EAAE,EAAE,iBAAiB,EAAE,OAAO,EAAE,8EAA8E,EAAE,MAAM,EAAE,iCAAiC,EAAE;IAC7J,EAAE,EAAE,EAAE,cAAc,EAAE,OAAO,EAAE,uCAAuC,EAAE,MAAM,EAAE,+BAA+B,EAAE;IAEjH,4BAA4B;IAC5B,EAAE,EAAE,EAAE,mBAAmB,EAAE,OAAO,EAAE,kGAAkG,EAAE,MAAM,EAAE,wBAAwB,EAAE;IAC1K,EAAE,EAAE,EAAE,2BAA2B,EAAE,OAAO,EAAE,mEAAmE,EAAE,MAAM,EAAE,yBAAyB,EAAE;IACpJ,EAAE,EAAE,EAAE,yBAAyB,EAAE,OAAO,EAAE,0EAA0E,EAAE,MAAM,EAAE,+BAA+B,EAAE;IAC/J,EAAE,EAAE,EAAE,6BAA6B,EAAE,OAAO,EAAE,6FAA6F,EAAE,MAAM,EAAE,yCAAyC,EAAE;IAChM,EAAE,EAAE,EAAE,6BAA6B,EAAE,OAAO,EAAE,2GAA2G,EAAE,MAAM,EAAE,gDAAgD,EAAE;IAErN,cAAc;IACd,EAAE,EAAE,EAAE,mBAAmB,EAAE,OAAO,EAAE,kBAAkB,EAAE,MAAM,EAAE,4BAA4B,EAAE;IAC9F,EAAE,EAAE,EAAE,qBAAqB,EAAE,OAAO,EAAE,4BAA4B,EAAE,MAAM,EAAE,mBAAmB,EAAE;IACjG,EAAE,EAAE,EAAE,4BAA4B,EAAE,OAAO,EAAE,0DAA0D,EAAE,MAAM,EAAE,qBAAqB,EAAE;IAExI,4CAA4C;IAC5C,EAAE,EAAE,EAAE,wBAAwB,EAAE,OAAO,EAAE,mEAAmE,EAAE,MAAM,EAAE,wBAAwB,EAAE;IAEhJ,uBAAuB;IACvB,EAAE,EAAE,EAAE,kBAAkB,EAAE,OAAO,EAAE,qFAAqF,EAAE,MAAM,EAAE,oBAAoB,EAAE;IAExJ,2CAA2C;IAC3C,EAAE,EAAE,EAAE,wBAAwB,EAAE,OAAO,EAAE,kFAAkF,EAAE,MAAM,EAAE,0CAA0C,EAAE;IAEjL,sBAAsB;IACtB,EAAE,EAAE,EAAE,yBAAyB,EAAE,OAAO,EAAE,0EAA0E,EAAE,MAAM,EAAE,wBAAwB,EAAE;IAExJ,wBAAwB;IACxB,EAAE,EAAE,EAAE,oBAAoB,EAAE,OAAO,EAAE,kBAAkB,EAAE,MAAM,EAAE,wBAAwB,EAAE;IAC3F,EAAE,EAAE,EAAE,uBAAuB,EAAE,OAAO,EAAE,qCAAqC,EAAE,MAAM,EAAE,+BAA+B,EAAE;IACxH,EAAE,EAAE,EAAE,qBAAqB,EAAE,OAAO,EAAE,sBAAsB,EAAE,MAAM,EAAE,oCAAoC,EAAE;IAC5G,EAAE,EAAE,EAAE,oBAAoB,EAAE,OAAO,EAAE,yBAAyB,EAAE,MAAM,EAAE,oCAAoC,EAAE;IAE9G,2BAA2B;IAC3B,EAAE,EAAE,EAAE,kBAAkB,EAAE,OAAO,EAAE,oKAAoK,EAAE,MAAM,EAAE,6BAA6B,EAAE;IAChP,EAAE,EAAE,EAAE,2BAA2B,EAAE,OAAO,EAAE,8HAA8H,EAAE,MAAM,EAAE,kCAAkC,EAAE;CACzN,CAAC;AAEF,MAAM,CAAC,MAAM,oBAAoB,GAAkB;IACjD,EAAE,EAAE,EAAE,wBAAwB,EAAE,OAAO,EAAE,wCAAwC,EAAE,MAAM,EAAE,oBAAoB,EAAE;IACjH,EAAE,EAAE,EAAE,wBAAwB,EAAE,OAAO,EAAE,+BAA+B,EAAE,MAAM,EAAE,iBAAiB,EAAE;IACrG,EAAE,EAAE,EAAE,yBAAyB,EAAE,OAAO,EAAE,iBAAiB,EAAE,MAAM,EAAE,uBAAuB,EAAE;IAC9F,EAAE,EAAE,EAAE,oBAAoB,EAAE,OAAO,EAAE,WAAW,EAAE,MAAM,EAAE,2BAA2B,EAAE;IACvF,EAAE,EAAE,EAAE,yBAAyB,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAE,4BAA4B,EAAE;CAC3F,CAAC;AAEF,0EAA0E;AAC1E,SAAS,aAAa,CAAC,OAAe;IACpC,KAAK,MAAM,IAAI,IAAI,aAAa,EAAE,CAAC;QACjC,IAAI,CAAC,aAAa,CAAC,IAAI,CAAC,EAAE,CAAC;YAAE,SAAS;QACtC,IAAI,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;YAC/B,OAAO;gBACL,UAAU,EAAE,MAAM;gBAClB,QAAQ,EAAE,QAAQ;gBAClB,MAAM,EAAE,WAAW,IAAI,CAAC,MAAM,EAAE;aACjC,CAAC;QACJ,CAAC;IACH,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,yEAAyE;AACzE,6DAA6D;AAC7D,MAAM,UAAU,mBAAmB,CAAC,OAAe;IACjD,MAAM,UAAU,GAAG,OAAO,CAAC,IAAI,EAAE,CAAC;IAElC,MAAM,IAAI,GAAG,aAAa,CAAC,UAAU,CAAC,CAAC;IACvC,IAAI,IAAI;QAAE,OAAO,IAAI,CAAC;IAEtB,KAAK,MAAM,IAAI,IAAI,kBAAkB,EAAE,CAAC;QACtC,IAAI,CAAC,aAAa,CAAC,IAAI,CAAC,EAAE,CAAC;YAAE,SAAS;QACtC,IAAI,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,UAAU,CAAC,EAAE,CAAC;YAClC,MAAM,QAAQ,GAAa,wBAAwB,EAAE;gBACnD,CAAC,CAAC,kBAAkB;gBACpB,CAAC,CAAC,SAAS,CAAC;YACd,OAAO,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,IAAI,CAAC,MAAM,EAAE,CAAC;QAC/D,CAAC;IACH,CAAC;IAED,KAAK,MAAM,IAAI,IAAI,oBAAoB,EAAE,CAAC;QACxC,IAAI,CAAC,aAAa,CAAC,IAAI,CAAC,EAAE,CAAC;YAAE,SAAS;QACtC,IAAI,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,UAAU,CAAC,EAAE,CAAC;YAClC,OAAO,EAAE,UAAU,EAAE,QAAQ,EAAE,QAAQ,EAAE,SAAS,EAAE,MAAM,EAAE,IAAI,CAAC,MAAM,EAAE,CAAC;QAC5E,CAAC;IACH,CAAC;IAED,OAAO,EAAE,UAAU,EAAE,KAAK,EAAE,QAAQ,EAAE,SAAS,EAAE,MAAM,EAAE,mBAAmB,EAAE,CAAC;AACjF,CAAC;AAED,4EAA4E;AAC5E,0EAA0E;AAC1E,qBAAqB;AACrB,MAAM,SAAS,GAA8B,EAAE,GAAG,EAAE,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,CAAC;AAC5E,MAAM,aAAa,GAA6B;IAC9C,OAAO,EAAE,CAAC;IACV,OAAO,EAAE,CAAC;IACV,gBAAgB,EAAE,CAAC;IACnB,MAAM,EAAE,CAAC;CACV,CAAC;AAEF,SAAS,gBAAgB,CAAC,CAAiB,EAAE,CAAiB;IAC5D,oEAAoE;IACpE,IAAI,aAAa,CAAC,CAAC,CAAC,QAAQ,CAAC,KAAK,aAAa,CAAC,CAAC,CAAC,QAAQ,CAAC,EAAE,CAAC;QAC5D,OAAO,aAAa,CAAC,CAAC,CAAC,QAAQ,CAAC,GAAG,aAAa,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IACvE,CAAC;IACD,IAAI,SAAS,CAAC,CAAC,CAAC,UAAU,CAAC,KAAK,SAAS,CAAC,CAAC,CAAC,UAAU,CAAC,EAAE,CAAC;QACxD,OAAO,SAAS,CAAC,CAAC,CAAC,UAAU,CAAC,GAAG,SAAS,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IACnE,CAAC;IACD,OAAO,CAAC,CAAC;AACX,CAAC;AAED,2EAA2E;AAC3E,2EAA2E;AAC3E,eAAe;AACf,EAAE;AACF,2EAA2E;AAC3E,6DAA6D;AAC7D,MAAM,CAAC,KAAK,UAAU,wBAAwB,CAC5C,OAAe;IAEf,MAAM,UAAU,GAAG,OAAO,CAAC,IAAI,EAAE,CAAC;IAElC,MAAM,IAAI,GAAG,aAAa,CAAC,UAAU,CAAC,CAAC;IACvC,IAAI,IAAI;QAAE,OAAO,IAAI,CAAC;IAEtB,6DAA6D;IAC7D,MAAM,MAAM,GAAG,MAAM,aAAa,CAAC,UAAU,EAAE,MAAM,CAAC,CAAC;IACvD,IAAI,MAAM;QAAE,OAAO,MAAM,CAAC;IAE1B,uCAAuC;IACvC,IAAI,OAAO,CAAC,GAAG,CAAC,cAAc,KAAK,GAAG,EAAE,CAAC;QACvC,OAAO,mBAAmB,CAAC,UAAU,CAAC,CAAC;IACzC,CAAC;IAED,MAAM,UAAU,GAAG,mBAAmB,CAAC,UAAU,CAAC,CAAC;IAEnD,IAAI,CAAC;QACH,MAAM,EAAE,cAAc,EAAE,GAAG,MAAM,MAAM,CAAC,yBAAyB,CAAC,CAAC;QACnE,MAAM,QAAQ,GAAG,MAAM,cAAc,CAAC,UAAU,CAAC,CAAC;QAClD,IAAI,CAAC,QAAQ;YAAE,OAAO,UAAU,CAAC;QACjC,OAAO,gBAAgB,CAAC,UAAU,EAAE,QAAQ,CAAC,CAAC;IAChD,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,UAAU,CAAC;IACpB,CAAC;AACH,CAAC;AAED,4EAA4E;AAC5E,yEAAyE;AACzE,uBAAuB;AACvB,KAAK,UAAU,aAAa,CAC1B,WAAmB,EACnB,IAAuC;IAEvC,IAAI,OAAO,CAAC,GAAG,CAAC,oBAAoB,KAAK,GAAG;QAAE,OAAO,IAAI,CAAC;IAC1D,IAAI,CAAC;QACH,MAAM,EAAE,WAAW,EAAE,GAAG,MAAM,MAAM,CAAC,eAAe,CAAC,CAAC;QACtD,MAAM,EAAE,KAAK,EAAE,OAAO,EAAE,KAAK,EAAE,GAAG,MAAM,WAAW,CAAC,WAAW,EAAE,IAAI,CAAC,CAAC;QACvE,IAAI,KAAK,EAAE,CAAC;YACV,OAAO;gBACL,UAAU,EAAE,MAAM;gBAClB,QAAQ,EAAE,QAAQ;gBAClB,MAAM,EAAE,mBAAmB,KAAK,CAAC,MAAM,CAAC,EAAE,KAAK,KAAK,CAAC,MAAM,CAAC,WAAW,UAAU,KAAK,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC,CAAC,GAAG;aAChH,CAAC;QACJ,CAAC;QACD,IAAI,OAAO,EAAE,CAAC;YACZ,OAAO;gBACL,UAAU,EAAE,MAAM;gBAClB,QAAQ,EAAE,kBAAkB;gBAC5B,MAAM,EAAE,8BAA8B,OAAO,CAAC,MAAM,CAAC,EAAE,KAAK,OAAO,CAAC,MAAM,CAAC,WAAW,UAAU,OAAO,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC,CAAC,GAAG;aACjI,CAAC;QACJ,CAAC;QACD,IAAI,KAAK,EAAE,CAAC;YACV,OAAO;gBACL,UAAU,EAAE,KAAK;gBACjB,QAAQ,EAAE,SAAS;gBACnB,MAAM,EAAE,sBAAsB,KAAK,CAAC,MAAM,CAAC,EAAE,KAAK,KAAK,CAAC,MAAM,CAAC,WAAW,UAAU,KAAK,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC,CAAC,GAAG;aACnH,CAAC;QACJ,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,0EAA0E;AAC1E,2DAA2D;AAC3D,MAAM,CAAC,KAAK,UAAU,qBAAqB,CACzC,QAAgB,EAChB,SAA+C;IAE/C,yEAAyE;IACzE,MAAM,EAAE,GAAG,SAAS,KAAK,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS,CAAC;IACrD,MAAM,UAAU,GAAG,gBAAgB,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAC;IAClD,IAAI,UAAU,CAAC,QAAQ,KAAK,QAAQ;QAAE,OAAO,UAAU,CAAC;IAExD,MAAM,MAAM,GAAG,MAAM,aAAa,CAChC,GAAG,SAAS,SAAS,QAAQ,EAAE,EAC/B,YAAY,CACb,CAAC;IACF,IAAI,MAAM,EAAE,CAAC;QACX,IAAI,MAAM,CAAC,QAAQ,KAAK,QAAQ;YAAE,OAAO,MAAM,CAAC;QAChD,IAAI,MAAM,CAAC,QAAQ,KAAK,kBAAkB;YAAE,OAAO,MAAM,CAAC;QAC1D,sEAAsE;QACtE,wEAAwE;QACxE,sEAAsE;QACtE,wBAAwB;QACxB,IAAI,MAAM,CAAC,QAAQ,KAAK,SAAS;YAAE,OAAO,MAAM,CAAC;IACnD,CAAC;IACD,OAAO,UAAU,CAAC;AACpB,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,2BAA2B,CAC/C,GAAW,EACX,SAAiB,KAAK;IAEtB,MAAM,UAAU,GAAG,sBAAsB,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC;IACvD,IAAI,UAAU,CAAC,QAAQ,KAAK,QAAQ;QAAE,OAAO,UAAU,CAAC;IAExD,MAAM,MAAM,GAAG,MAAM,aAAa,CAChC,GAAG,MAAM,CAAC,WAAW,EAAE,IAAI,GAAG,EAAE,EAChC,SAAS,CACV,CAAC;IACF,IAAI,MAAM,EAAE,CAAC;QACX,IAAI,MAAM,CAAC,QAAQ,KAAK,QAAQ;YAAE,OAAO,MAAM,CAAC;QAChD,IAAI,MAAM,CAAC,QAAQ,KAAK,kBAAkB;YAAE,OAAO,MAAM,CAAC;QAC1D,IAAI,MAAM,CAAC,QAAQ,KAAK,SAAS;YAAE,OAAO,MAAM,CAAC;IACnD,CAAC;IACD,OAAO,UAAU,CAAC;AACpB,CAAC;AAED,8EAA8E;AAC9E,4BAA4B;AAC5B,8EAA8E;AAE9E,MAAM,IAAI,GAAG,EAAE,CAAC,OAAO,EAAE,CAAC;AAE1B,2EAA2E;AAC3E,mEAAmE;AACnE,MAAM,wBAAwB,GAAa;IACzC,OAAO;IACP,QAAQ;IACR,WAAW;IACX,eAAe;IACf,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,MAAM,CAAC;IACvB,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,MAAM,CAAC;IACvB,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,MAAM,CAAC;IACvB,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,SAAS,EAAE,QAAQ,CAAC;IACpC,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,OAAO,CAAC;IACxB,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,SAAS,CAAC;IAC1B,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,QAAQ,CAAC;IACzB,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,QAAQ,CAAC;IACzB,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,YAAY,CAAC;CAC9B,CAAC;AAEF,MAAM,wBAAwB,GAAa;IACzC,MAAM;IACN,QAAQ;IACR,YAAY;IACZ,UAAU;IACV,aAAa;IACb,QAAQ;IACR,SAAS;IACT,aAAa;IACb,MAAM;IACN,MAAM;IACN,WAAW;CACZ,CAAC;AAEF,SAAS,UAAU,CAAC,CAAS;IAC3B,IAAI,CAAC,CAAC,UAAU,CAAC,IAAI,CAAC;QAAE,OAAO,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;IAC3D,IAAI,CAAC,KAAK,GAAG;QAAE,OAAO,IAAI,CAAC;IAC3B,OAAO,CAAC,CAAC;AACX,CAAC;AAED,SAAS,eAAe,CAAC,QAAgB;IACvC,MAAM,QAAQ,GAAG,UAAU,CAAC,QAAQ,CAAC,CAAC;IACtC,MAAM,UAAU,GAAG,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,WAAW,EAAE,CAAC;IACxD,KAAK,MAAM,IAAI,IAAI,wBAAwB,EAAE,CAAC;QAC5C,IAAI,UAAU,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC;YAAE,OAAO,IAAI,CAAC;IAC3D,CAAC;IACD,MAAM,IAAI,GAAG,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC;IACvC,KAAK,MAAM,IAAI,IAAI,wBAAwB,EAAE,CAAC;QAC5C,IAAI,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC;YAAE,OAAO,IAAI,CAAC;IACrD,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,MAAM,UAAU,gBAAgB,CAC9B,QAAgB,EAChB,SAAsC;IAEtC,MAAM,YAAY,GAAG,eAAe,CAAC,QAAQ,CAAC,CAAC;IAE/C,IAAI,SAAS,KAAK,QAAQ,EAAE,CAAC;QAC3B,OAAO;YACL,UAAU,EAAE,MAAM;YAClB,QAAQ,EAAE,SAAS;YACnB,MAAM,EAAE,YAAY;gBAClB,CAAC,CAAC,6BAA6B,YAAY,GAAG;gBAC9C,CAAC,CAAC,eAAe;SACpB,CAAC;IACJ,CAAC;IAED,IAAI,YAAY,EAAE,CAAC;QACjB,wEAAwE;QACxE,4CAA4C;QAC5C,IAAI,SAAS,KAAK,OAAO,EAAE,CAAC;YAC1B,OAAO;gBACL,UAAU,EAAE,MAAM;gBAClB,QAAQ,EAAE,QAAQ;gBAClB,MAAM,EAAE,oCAAoC,YAAY,GAAG;aAC5D,CAAC;QACJ,CAAC;QACD,OAAO;YACL,UAAU,EAAE,MAAM;YAClB,QAAQ,EAAE,SAAS;YACnB,MAAM,EAAE,2BAA2B,YAAY,GAAG;SACnD,CAAC;IACJ,CAAC;IAED,IAAI,SAAS,KAAK,OAAO,EAAE,CAAC;QAC1B,OAAO;YACL,UAAU,EAAE,QAAQ;YACpB,QAAQ,EAAE,SAAS;YACnB,MAAM,EAAE,YAAY;SACrB,CAAC;IACJ,CAAC;IAED,OAAO,EAAE,UAAU,EAAE,KAAK,EAAE,QAAQ,EAAE,SAAS,EAAE,MAAM,EAAE,gBAAgB,EAAE,CAAC;AAC9E,CAAC;AAED,8EAA8E;AAC9E,yBAAyB;AACzB,8EAA8E;AAE9E,MAAM,WAAW,GAAG,IAAI,GAAG,CAAC,CAAC,WAAW,EAAE,WAAW,EAAE,KAAK,EAAE,SAAS,CAAC,CAAC,CAAC;AAE1E,MAAM,aAAa,GAAG,iDAAiD,CAAC;AAExE,MAAM,cAAc,GAAa;IAC/B,OAAO;IACP,aAAa;IACb,+BAA+B;IAC/B,aAAa;CACd,CAAC;AAEF,MAAM,UAAU,sBAAsB,CACpC,GAAW,EACX,SAAiB,KAAK;IAEtB,IAAI,MAAW,CAAC;IAChB,IAAI,CAAC;QACH,MAAM,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC;IACxB,CAAC;IAAC,MAAM,CAAC;QACP,OAAO;YACL,UAAU,EAAE,MAAM;YAClB,QAAQ,EAAE,QAAQ;YAClB,MAAM,EAAE,qBAAqB;SAC9B,CAAC;IACJ,CAAC;IAED,IAAI,aAAa,CAAC,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,EAAE,CAAC;QACxC,OAAO;YACL,UAAU,EAAE,MAAM;YAClB,QAAQ,EAAE,QAAQ;YAClB,MAAM,EAAE,oCAAoC;SAC7C,CAAC;IACJ,CAAC;IAED,IAAI,MAAM,CAAC,QAAQ,KAAK,OAAO,IAAI,MAAM,CAAC,QAAQ,KAAK,QAAQ,EAAE,CAAC;QAChE,OAAO;YACL,UAAU,EAAE,MAAM;YAClB,QAAQ,EAAE,QAAQ;YAClB,MAAM,EAAE,gCAAgC,MAAM,CAAC,QAAQ,EAAE;SAC1D,CAAC;IACJ,CAAC;IAED,MAAM,IAAI,GAAG,MAAM,CAAC,QAAQ,CAAC;IAC7B,MAAM,OAAO,GACX,WAAW,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,cAAc,CAAC,IAAI,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC;IAEtE,MAAM,WAAW,GAAG,MAAM,CAAC,WAAW,EAAE,CAAC;IACzC,MAAM,UAAU,GAAG,WAAW,KAAK,KAAK,IAAI,WAAW,KAAK,MAAM,CAAC;IAEnE,IAAI,OAAO,EAAE,CAAC;QACZ,OAAO;YACL,UAAU,EAAE,KAAK;YACjB,QAAQ,EAAE,SAAS;YACnB,MAAM,EAAE,uBAAuB;SAChC,CAAC;IACJ,CAAC;IAED,IAAI,UAAU,EAAE,CAAC;QACf,OAAO;YACL,UAAU,EAAE,MAAM;YAClB,QAAQ,EAAE,SAAS;YACnB,MAAM,EAAE,YAAY,WAAW,UAAU;SAC1C,CAAC;IACJ,CAAC;IAED,OAAO;QACL,UAAU,EAAE,QAAQ;QACpB,QAAQ,EAAE,SAAS;QACnB,MAAM,EAAE,0BAA0B;KACnC,CAAC;AACJ,CAAC"}