@skillsmith/core 0.1.2 → 2.0.0

package/dist/src/security/rate-limiter/RateLimiter.js

@@ -0,0 +1,260 @@
+/**
+ * Rate Limiter - SMI-730, SMI-1013, SMI-1189
+ *
+ * Token bucket algorithm for rate limiting API endpoints and adapters.
+ * Prevents abuse and DoS attacks with configurable limits and windows.
+ *
+ * Features:
+ * - Token bucket algorithm for smooth rate limiting
+ * - Per-IP and per-user limits
+ * - Configurable limits and windows
+ * - In-memory storage (Redis-compatible interface)
+ * - Graceful degradation on errors
+ * - Request queue for waiting when rate limited (SMI-1013)
+ * - Configurable timeout for queued requests (SMI-1013)
+ */
+import { createLogger } from '../../utils/logger.js';
+import { InMemoryRateLimitStorage } from './storage.js';
+import { tryConsumeToken as tryConsumeTokenCore, getTokenBucketState, resetTokenBucket, } from './token-bucket.js';
+import { MetricsManager } from './metrics-manager.js';
+import { QueueManager } from './queue-manager.js';
+const log = createLogger('RateLimiter');
+/**
+ * Rate Limiter using Token Bucket Algorithm
+ *
+ * @example
+ * ```typescript
+ * const limiter = new RateLimiter({
+ *   maxTokens: 100,
+ *   refillRate: 100 / 60,
+ *   windowMs: 60000,
+ * })
+ *
+ * const result = await limiter.checkLimit('user:123')
+ * if (result.allowed) {
+ *   // Process request
+ * } else {
+ *   // Return 429 Too Many Requests
+ * }
+ * ```
+ */
+export class RateLimiter {
+    config;
+    storage;
+    metricsManager;
+    queueManager;
+    constructor(config, storage = new InMemoryRateLimitStorage()) {
+        this.config = {
+            keyPrefix: 'ratelimit',
+            debug: false,
+            failMode: 'open',
+            enableQueue: false,
+            queueTimeoutMs: 30000,
+            maxQueueSize: 100,
+            ...config,
+        };
+        this.storage = storage;
+        this.metricsManager = new MetricsManager(this.config.debug, log);
+        this.queueManager = new QueueManager({
+            maxQueueSize: this.config.maxQueueSize,
+            queueTimeoutMs: this.config.queueTimeoutMs,
+            debug: this.config.debug,
+        }, log);
+        // Start queue processor if queuing is enabled (SMI-1013)
+        if (this.config.enableQueue) {
+            this.queueManager.startProcessor((key, cost) => this.tryConsumeToken(key, cost), (key, allowed) => this.metricsManager.update(key, allowed));
+        }
+        // Start metrics cleanup interval
+        this.metricsManager.startCleanup();
+        if (this.config.debug) {
+            log.info('Rate limiter initialized', {
+                maxTokens: this.config.maxTokens,
+                refillRate: this.config.refillRate,
+                windowMs: this.config.windowMs,
+                failMode: this.config.failMode,
+                enableQueue: this.config.enableQueue,
+                queueTimeoutMs: this.config.queueTimeoutMs,
+                maxQueueSize: this.config.maxQueueSize,
+            });
+        }
+    }
+    /**
+     * Try to consume a token without queuing (internal method)
+     */
+    async tryConsumeToken(key, cost) {
+        return tryConsumeTokenCore(this.storage, this.config, key, cost);
+    }
+    /**
+     * Check if a request is allowed under rate limit
+     */
+    async checkLimit(key, cost = 1) {
+        const storageKey = `${this.config.keyPrefix}:${key}`;
+        const now = Date.now();
+        try {
+            let bucket = await this.storage.get(storageKey);
+            if (!bucket) {
+                bucket = {
+                    tokens: this.config.maxTokens,
+                    lastRefill: now,
+                    firstRequest: now,
+                };
+            }
+            // Refill tokens
+            const elapsedMs = now - bucket.lastRefill;
+            const elapsedSeconds = elapsedMs / 1000;
+            const tokensToAdd = elapsedSeconds * this.config.refillRate;
+            if (tokensToAdd > 0) {
+                bucket.tokens = Math.min(this.config.maxTokens, bucket.tokens + tokensToAdd);
+                bucket.lastRefill = now;
+            }
+            const allowed = bucket.tokens >= cost;
+            if (allowed) {
+                bucket.tokens -= cost;
+                await this.storage.set(storageKey, bucket, this.config.windowMs);
+                if (this.config.debug) {
+                    log.debug(`Rate limit check: ${key}`, { allowed: true, remaining: bucket.tokens, cost });
+                }
+                this.metricsManager.update(key, true);
+                return {
+                    allowed: true,
+                    remaining: Math.floor(bucket.tokens),
+                    limit: this.config.maxTokens,
+                    metrics: this.metricsManager.get(key),
+                };
+            }
+            else {
+                const tokensNeeded = cost - bucket.tokens;
+                const retryAfterMs = Math.ceil((tokensNeeded / this.config.refillRate) * 1000);
+                const resetAt = new Date(now + retryAfterMs).toISOString();
+                if (this.config.debug) {
+                    log.debug(`Rate limit exceeded: ${key}`, {
+                        allowed: false,
+                        remaining: bucket.tokens,
+                        cost,
+                        retryAfterMs,
+                    });
+                }
+                this.metricsManager.update(key, false);
+                const currentMetrics = this.metricsManager.get(key);
+                if (this.config.onLimitExceeded && currentMetrics) {
+                    this.config.onLimitExceeded(key, currentMetrics);
+                }
+                return {
+                    allowed: false,
+                    remaining: Math.floor(bucket.tokens),
+                    limit: this.config.maxTokens,
+                    retryAfterMs,
+                    resetAt,
+                    metrics: currentMetrics,
+                };
+            }
+        }
+        catch (error) {
+            this.metricsManager.update(key, this.config.failMode === 'open', true);
+            if (this.config.failMode === 'closed') {
+                log.error(`Rate limiter error (fail-closed) for ${key}: ${error instanceof Error ? error.message : String(error)}`);
+                return {
+                    allowed: false,
+                    remaining: 0,
+                    limit: this.config.maxTokens,
+                    retryAfterMs: this.config.windowMs,
+                    resetAt: new Date(Date.now() + this.config.windowMs).toISOString(),
+                    metrics: this.metricsManager.get(key),
+                };
+            }
+            log.error(`Rate limiter error (fail-open) for ${key}: ${error instanceof Error ? error.message : String(error)}`);
+            return {
+                allowed: true,
+                remaining: this.config.maxTokens,
+                limit: this.config.maxTokens,
+                metrics: this.metricsManager.get(key),
+            };
+        }
+    }
+    /**
+     * Wait for a token to become available (SMI-1013)
+     */
+    async waitForToken(key, cost = 1) {
+        if (!this.config.enableQueue) {
+            return this.checkLimit(key, cost);
+        }
+        const immediateResult = await this.tryConsumeToken(key, cost);
+        if (immediateResult.allowed) {
+            this.metricsManager.update(key, true);
+            return {
+                ...immediateResult,
+                queued: false,
+                metrics: this.metricsManager.get(key),
+            };
+        }
+        const result = await this.queueManager.queueRequest(key, cost, (allowed) => this.metricsManager.update(key, allowed));
+        return {
+            ...result,
+            metrics: this.metricsManager.get(key),
+        };
+    }
+    /**
+     * Get queue status for a key (SMI-1013)
+     */
+    getQueueStatus(key) {
+        return this.queueManager.getStatus(key);
+    }
+    /**
+     * Clear queue for a key (SMI-1013)
+     */
+    clearQueue(key) {
+        this.queueManager.clear(key);
+        if (this.config.debug) {
+            log.debug(`Queue cleared${key ? ` for key: ${key}` : ' (all)'}`);
+        }
+    }
+    /**
+     * Reset rate limit for a key
+     */
+    async reset(key) {
+        await resetTokenBucket(this.storage, this.config.keyPrefix, key);
+        if (this.config.debug) {
+            log.debug(`Rate limit reset: ${key}`);
+        }
+    }
+    /**
+     * Get current state for a key
+     */
+    async getState(key) {
+        return getTokenBucketState(this.storage, this.config.keyPrefix, key);
+    }
+    /**
+     * Get metrics for a specific key or all keys
+     */
+    getMetrics(key) {
+        if (key) {
+            return this.metricsManager.get(key);
+        }
+        return this.metricsManager.getAll();
+    }
+    /**
+     * Reset metrics for a specific key or all keys
+     */
+    resetMetrics(key) {
+        if (key) {
+            this.metricsManager.delete(key);
+        }
+        else {
+            this.metricsManager.clear();
+        }
+        if (this.config.debug) {
+            log.debug(`Metrics reset${key ? ` for key: ${key}` : ' (all)'}`);
+        }
+    }
+    /**
+     * Dispose of resources
+     */
+    dispose() {
+        this.queueManager.dispose();
+        this.metricsManager.dispose();
+        if (this.storage instanceof InMemoryRateLimitStorage) {
+            this.storage.dispose();
+        }
+    }
+}
+//# sourceMappingURL=RateLimiter.js.map

package/dist/src/security/rate-limiter/RateLimiter.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"RateLimiter.js","sourceRoot":"","sources":["../../../../src/security/rate-limiter/RateLimiter.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AAEH,OAAO,EAAE,YAAY,EAAE,MAAM,uBAAuB,CAAA;AAQpD,OAAO,EAAE,wBAAwB,EAAE,MAAM,cAAc,CAAA;AACvD,OAAO,EACL,eAAe,IAAI,mBAAmB,EACtC,mBAAmB,EACnB,gBAAgB,GACjB,MAAM,mBAAmB,CAAA;AAC1B,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAA;AACrD,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAA;AAEjD,MAAM,GAAG,GAAG,YAAY,CAAC,aAAa,CAAC,CAAA;AAEvC;;;;;;;;;;;;;;;;;;GAkBG;AACH,MAAM,OAAO,WAAW;IACL,MAAM,CAWtB;IACgB,OAAO,CAAkB;IACzB,cAAc,CAAgB;IAC9B,YAAY,CAAc;IAE3C,YAAY,MAAuB,EAAE,UAA4B,IAAI,wBAAwB,EAAE;QAC7F,IAAI,CAAC,MAAM,GAAG;YACZ,SAAS,EAAE,WAAW;YACtB,KAAK,EAAE,KAAK;YACZ,QAAQ,EAAE,MAAM;YAChB,WAAW,EAAE,KAAK;YAClB,cAAc,EAAE,KAAK;YACrB,YAAY,EAAE,GAAG;YACjB,GAAG,MAAM;SACV,CAAA;QACD,IAAI,CAAC,OAAO,GAAG,OAAO,CAAA;QACtB,IAAI,CAAC,cAAc,GAAG,IAAI,cAAc,CAAC,IAAI,CAAC,MAAM,CAAC,KAAK,EAAE,GAAG,CAAC,CAAA;QAChE,IAAI,CAAC,YAAY,GAAG,IAAI,YAAY,CAClC;YACE,YAAY,EAAE,IAAI,CAAC,MAAM,CAAC,YAAY;YACtC,cAAc,EAAE,IAAI,CAAC,MAAM,CAAC,cAAc;YAC1C,KAAK,EAAE,IAAI,CAAC,MAAM,CAAC,KAAK;SACzB,EACD,GAAG,CACJ,CAAA;QAED,yDAAyD;QACzD,IAAI,IAAI,CAAC,MAAM,CAAC,WAAW,EAAE,CAAC;YAC5B,IAAI,CAAC,YAAY,CAAC,cAAc,CAC9B,CAAC,GAAG,EAAE,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,eAAe,CAAC,GAAG,EAAE,IAAI,CAAC,EAC9C,CAAC,GAAG,EAAE,OAAO,EAAE,EAAE,CAAC,IAAI,CAAC,cAAc,CAAC,MAAM,CAAC,GAAG,EAAE,OAAO,CAAC,CAC3D,CAAA;QACH,CAAC;QAED,iCAAiC;QACjC,IAAI,CAAC,cAAc,CAAC,YAAY,EAAE,CAAA;QAElC,IAAI,IAAI,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC;YACtB,GAAG,CAAC,IAAI,CAAC,0BAA0B,EAAE;gBACnC,SAAS,EAAE,IAAI,CAAC,MAAM,CAAC,SAAS;gBAChC,UAAU,EAAE,IAAI,CAAC,MAAM,CAAC,UAAU;gBAClC,QAAQ,EAAE,IAAI,CAAC,MAAM,CAAC,QAAQ;gBAC9B,QAAQ,EAAE,IAAI,CAAC,MAAM,CAAC,QAAQ;gBAC9B,WAAW,EAAE,IAAI,CAAC,MAAM,CAAC,WAAW;gBACpC,cAAc,EAAE,IAAI,CAAC,MAAM,CAAC,cAAc;gBAC1C,YAAY,EAAE,IAAI,CAAC,MAAM,CAAC,YAAY;aACvC,CAAC,CAAA;QACJ,CAAC;IACH,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,eAAe,CAAC,GAAW,EAAE,IAAY;QACrD,OAAO,mBAAmB,CAAC,IAAI,CAAC,OAAO,EAAE,IAAI,CAAC,MAAM,EAAE,GAAG,EAAE,IAAI,CAAC,CAAA;IAClE,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,UAAU,CAAC,GAAW,EAAE,IAAI,GAAG,CAAC;QACpC,MAAM,UAAU,GAAG,GAAG,IAAI,CAAC,MAAM,CAAC,SAAS,IAAI,GAAG,EAAE,CAAA;QACpD,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAA;QAEtB,IAAI,CAAC;YACH,IAAI,MAAM,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,CAAA;YAE/C,IAAI,CAAC,MAAM,EAAE,CAAC;gBACZ,MAAM,GAAG;oBACP,MAAM,EAAE,IAAI,CAAC,MAAM,CAAC,SAAS;oBAC7B,UAAU,EAAE,GAAG;oBACf,YAAY,EAAE,GAAG;iBAClB,CAAA;YACH,CAAC;YAED,gBAAgB;YAChB,MAAM,SAAS,GAAG,GAAG,GAAG,MAAM,CAAC,UAAU,CAAA;YACzC,MAAM,cAAc,GAAG,SAAS,GAAG,IAAI,CAAA;YACvC,MAAM,WAAW,GAAG,cAAc,GAAG,IAAI,CAAC,MAAM,CAAC,UAAU,CAAA;YAE3D,IAAI,WAAW,GAAG,CAAC,EAAE,CAAC;gBACpB,MAAM,CAAC,MAAM,GAAG,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,MAAM,CAAC,SAAS,EAAE,MAAM,CAAC,MAAM,GAAG,WAAW,CAAC,CAAA;gBAC5E,MAAM,CAAC,UAAU,GAAG,GAAG,CAAA;YACzB,CAAC;YAED,MAAM,OAAO,GAAG,MAAM,CAAC,MAAM,IAAI,IAAI,CAAA;YAErC,IAAI,OAAO,EAAE,CAAC;gBACZ,MAAM,CAAC,MAAM,IAAI,IAAI,CAAA;gBACrB,MAAM,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,UAAU,EAAE,MAAM,EAAE,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAA;gBAEhE,IAAI,IAAI,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC;oBACtB,GAAG,CAAC,KAAK,CAAC,qBAAqB,GAAG,EAAE,EAAE,EAAE,OAAO,EAAE,IAAI,EAAE,SAAS,EAAE,MAAM,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAA;gBAC1F,CAAC;gBAED,IAAI,CAAC,cAAc,CAAC,MAAM,CAAC,GAAG,EAAE,IAAI,CAAC,CAAA;gBAErC,OAAO;oBACL,OAAO,EAAE,IAAI;oBACb,SAAS,EAAE,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,MAAM,CAAC;oBACpC,KAAK,EAAE,IAAI,CAAC,MAAM,CAAC,SAAS;oBAC5B,OAAO,EAAE,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,GAAG,CAAC;iBACtC,CAAA;YACH,CAAC;iBAAM,CAAC;gBACN,MAAM,YAAY,GAAG,IAAI,GAAG,MAAM,CAAC,MAAM,CAAA;gBACzC,MAAM,YAAY,GAAG,IAAI,CAAC,IAAI,CAAC,CAAC,YAAY,GAAG,IAAI,CAAC,MAAM,CAAC,UAAU,CAAC,GAAG,IAAI,CAAC,CAAA;gBAC9E,MAAM,OAAO,GAAG,IAAI,IAAI,CAAC,GAAG,GAAG,YAAY,CAAC,CAAC,WAAW,EAAE,CAAA;gBAE1D,IAAI,IAAI,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC;oBACtB,GAAG,CAAC,KAAK,CAAC,wBAAwB,GAAG,EAAE,EAAE;wBACvC,OAAO,EAAE,KAAK;wBACd,SAAS,EAAE,MAAM,CAAC,MAAM;wBACxB,IAAI;wBACJ,YAAY;qBACb,CAAC,CAAA;gBACJ,CAAC;gBAED,IAAI,CAAC,cAAc,CAAC,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,CAAA;gBAEtC,MAAM,cAAc,GAAG,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,GAAG,CAAC,CAAA;gBACnD,IAAI,IAAI,CAAC,MAAM,CAAC,eAAe,IAAI,cAAc,EAAE,CAAC;oBAClD,IAAI,CAAC,MAAM,CAAC,eAAe,CAAC,GAAG,EAAE,cAAc,CAAC,CAAA;gBAClD,CAAC;gBAED,OAAO;oBACL,OAAO,EAAE,KAAK;oBACd,SAAS,EAAE,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,MAAM,CAAC;oBACpC,KAAK,EAAE,IAAI,CAAC,MAAM,CAAC,SAAS;oBAC5B,YAAY;oBACZ,OAAO;oBACP,OAAO,EAAE,cAAc;iBACxB,CAAA;YACH,CAAC;QACH,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,IAAI,CAAC,cAAc,CAAC,MAAM,CAAC,GAAG,EAAE,IAAI,CAAC,MAAM,CAAC,QAAQ,KAAK,MAAM,EAAE,IAAI,CAAC,CAAA;YAEtE,IAAI,IAAI,CAAC,MAAM,CAAC,QAAQ,KAAK,QAAQ,EAAE,CAAC;gBACtC,GAAG,CAAC,KAAK,CACP,wCAAwC,GAAG,KAAK,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,CACzG,CAAA;gBACD,OAAO;oBACL,OAAO,EAAE,KAAK;oBACd,SAAS,EAAE,CAAC;oBACZ,KAAK,EAAE,IAAI,CAAC,MAAM,CAAC,SAAS;oBAC5B,YAAY,EAAE,IAAI,CAAC,MAAM,CAAC,QAAQ;oBAClC,OAAO,EAAE,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,WAAW,EAAE;oBAClE,OAAO,EAAE,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,GAAG,CAAC;iBACtC,CAAA;YACH,CAAC;YAED,GAAG,CAAC,KAAK,CACP,sCAAsC,GAAG,KAAK,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,CACvG,CAAA;YACD,OAAO;gBACL,OAAO,EAAE,IAAI;gBACb,SAAS,EAAE,IAAI,CAAC,MAAM,CAAC,SAAS;gBAChC,KAAK,EAAE,IAAI,CAAC,MAAM,CAAC,SAAS;gBAC5B,OAAO,EAAE,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,GAAG,CAAC;aACtC,CAAA;QACH,CAAC;IACH,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,YAAY,CAAC,GAAW,EAAE,IAAI,GAAG,CAAC;QACtC,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,WAAW,EAAE,CAAC;YAC7B,OAAO,IAAI,CAAC,UAAU,CAAC,GAAG,EAAE,IAAI,CAAC,CAAA;QACnC,CAAC;QAED,MAAM,eAAe,GAAG,MAAM,IAAI,CAAC,eAAe,CAAC,GAAG,EAAE,IAAI,CAAC,CAAA;QAE7D,IAAI,eAAe,CAAC,OAAO,EAAE,CAAC;YAC5B,IAAI,CAAC,cAAc,CAAC,MAAM,CAAC,GAAG,EAAE,IAAI,CAAC,CAAA;YACrC,OAAO;gBACL,GAAG,eAAe;gBAClB,MAAM,EAAE,KAAK;gBACb,OAAO,EAAE,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,GAAG,CAAC;aACtC,CAAA;QACH,CAAC;QAED,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,YAAY,CAAC,GAAG,EAAE,IAAI,EAAE,CAAC,OAAO,EAAE,EAAE,CACzE,IAAI,CAAC,cAAc,CAAC,MAAM,CAAC,GAAG,EAAE,OAAO,CAAC,CACzC,CAAA;QAED,OAAO;YACL,GAAG,MAAM;YACT,OAAO,EAAE,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,GAAG,CAAC;SACtC,CAAA;IACH,CAAC;IAED;;OAEG;IACH,cAAc,CAAC,GAAY;QACzB,OAAO,IAAI,CAAC,YAAY,CAAC,SAAS,CAAC,GAAG,CAAC,CAAA;IACzC,CAAC;IAED;;OAEG;IACH,UAAU,CAAC,GAAY;QACrB,IAAI,CAAC,YAAY,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;QAC5B,IAAI,IAAI,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC;YACtB,GAAG,CAAC,KAAK,CAAC,gBAAgB,GAAG,CAAC,CAAC,CAAC,aAAa,GAAG,EAAE,CAAC,CAAC,CAAC,QAAQ,EAAE,CAAC,CAAA;QAClE,CAAC;IACH,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,KAAK,CAAC,GAAW;QACrB,MAAM,gBAAgB,CAAC,IAAI,CAAC,OAAO,EAAE,IAAI,CAAC,MAAM,CAAC,SAAS,EAAE,GAAG,CAAC,CAAA;QAChE,IAAI,IAAI,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC;YACtB,GAAG,CAAC,KAAK,CAAC,qBAAqB,GAAG,EAAE,CAAC,CAAA;QACvC,CAAC;IACH,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,QAAQ,CAAC,GAAW;QACxB,OAAO,mBAAmB,CAAC,IAAI,CAAC,OAAO,EAAE,IAAI,CAAC,MAAM,CAAC,SAAS,EAAE,GAAG,CAAC,CAAA;IACtE,CAAC;IAED;;OAEG;IACH,UAAU,CAAC,GAAY;QACrB,IAAI,GAAG,EAAE,CAAC;YACR,OAAO,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,GAAG,CAAC,CAAA;QACrC,CAAC;QACD,OAAO,IAAI,CAAC,cAAc,CAAC,MAAM,EAAE,CAAA;IACrC,CAAC;IAED;;OAEG;IACH,YAAY,CAAC,GAAY;QACvB,IAAI,GAAG,EAAE,CAAC;YACR,IAAI,CAAC,cAAc,CAAC,MAAM,CAAC,GAAG,CAAC,CAAA;QACjC,CAAC;aAAM,CAAC;YACN,IAAI,CAAC,cAAc,CAAC,KAAK,EAAE,CAAA;QAC7B,CAAC;QACD,IAAI,IAAI,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC;YACtB,GAAG,CAAC,KAAK,CAAC,gBAAgB,GAAG,CAAC,CAAC,CAAC,aAAa,GAAG,EAAE,CAAC,CAAC,CAAC,QAAQ,EAAE,CAAC,CAAA;QAClE,CAAC;IACH,CAAC;IAED;;OAEG;IACH,OAAO;QACL,IAAI,CAAC,YAAY,CAAC,OAAO,EAAE,CAAA;QAC3B,IAAI,CAAC,cAAc,CAAC,OAAO,EAAE,CAAA;QAC7B,IAAI,IAAI,CAAC,OAAO,YAAY,wBAAwB,EAAE,CAAC;YACrD,IAAI,CAAC,OAAO,CAAC,OAAO,EAAE,CAAA;QACxB,CAAC;IACH,CAAC;CACF"}

package/dist/src/security/rate-limiter/constants.d.ts

@@ -0,0 +1,15 @@
+/**
+ * Rate Limiter Constants - SMI-730, SMI-1189
+ *
+ * Constants for rate limiting functionality.
+ */
+/**
+ * Maximum number of unique keys to track in queues and metrics
+ * Prevents unbounded memory growth from malicious or misconfigured clients
+ */
+export declare const MAX_UNIQUE_KEYS = 10000;
+/**
+ * Metrics TTL in milliseconds (1 hour) - metrics older than this are cleaned up
+ */
+export declare const METRICS_TTL_MS: number;
+//# sourceMappingURL=constants.d.ts.map

package/dist/src/security/rate-limiter/constants.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"constants.d.ts","sourceRoot":"","sources":["../../../../src/security/rate-limiter/constants.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH;;;GAGG;AACH,eAAO,MAAM,eAAe,QAAQ,CAAA;AAEpC;;GAEG;AACH,eAAO,MAAM,cAAc,QAAiB,CAAA"}

package/dist/src/security/rate-limiter/constants.js

@@ -0,0 +1,15 @@
+/**
+ * Rate Limiter Constants - SMI-730, SMI-1189
+ *
+ * Constants for rate limiting functionality.
+ */
+/**
+ * Maximum number of unique keys to track in queues and metrics
+ * Prevents unbounded memory growth from malicious or misconfigured clients
+ */
+export const MAX_UNIQUE_KEYS = 10000;
+/**
+ * Metrics TTL in milliseconds (1 hour) - metrics older than this are cleaned up
+ */
+export const METRICS_TTL_MS = 60 * 60 * 1000;
+//# sourceMappingURL=constants.js.map

package/dist/src/security/rate-limiter/constants.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"constants.js","sourceRoot":"","sources":["../../../../src/security/rate-limiter/constants.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH;;;GAGG;AACH,MAAM,CAAC,MAAM,eAAe,GAAG,KAAK,CAAA;AAEpC;;GAEG;AACH,MAAM,CAAC,MAAM,cAAc,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAA"}

package/dist/src/security/rate-limiter/errors.d.ts

@@ -0,0 +1,22 @@
+/**
+ * Rate Limiter Errors - SMI-1013, SMI-1189
+ *
+ * Error classes for rate limiting queue functionality.
+ */
+/**
+ * Error thrown when queue timeout is exceeded (SMI-1013)
+ */
+export declare class RateLimitQueueTimeoutError extends Error {
+    readonly key: string;
+    readonly timeoutMs: number;
+    constructor(key: string, timeoutMs: number);
+}
+/**
+ * Error thrown when queue is full (SMI-1013)
+ */
+export declare class RateLimitQueueFullError extends Error {
+    readonly key: string;
+    readonly maxQueueSize: number;
+    constructor(key: string, maxQueueSize: number);
+}
+//# sourceMappingURL=errors.d.ts.map

package/dist/src/security/rate-limiter/errors.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"errors.d.ts","sourceRoot":"","sources":["../../../../src/security/rate-limiter/errors.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH;;GAEG;AACH,qBAAa,0BAA2B,SAAQ,KAAK;aAEjC,GAAG,EAAE,MAAM;aACX,SAAS,EAAE,MAAM;gBADjB,GAAG,EAAE,MAAM,EACX,SAAS,EAAE,MAAM;CAKpC;AAED;;GAEG;AACH,qBAAa,uBAAwB,SAAQ,KAAK;aAE9B,GAAG,EAAE,MAAM;aACX,YAAY,EAAE,MAAM;gBADpB,GAAG,EAAE,MAAM,EACX,YAAY,EAAE,MAAM;CAKvC"}

package/dist/src/security/rate-limiter/errors.js

@@ -0,0 +1,32 @@
+/**
+ * Rate Limiter Errors - SMI-1013, SMI-1189
+ *
+ * Error classes for rate limiting queue functionality.
+ */
+/**
+ * Error thrown when queue timeout is exceeded (SMI-1013)
+ */
+export class RateLimitQueueTimeoutError extends Error {
+    key;
+    timeoutMs;
+    constructor(key, timeoutMs) {
+        super(`Rate limit queue timeout exceeded for key '${key}' after ${timeoutMs}ms`);
+        this.key = key;
+        this.timeoutMs = timeoutMs;
+        this.name = 'RateLimitQueueTimeoutError';
+    }
+}
+/**
+ * Error thrown when queue is full (SMI-1013)
+ */
+export class RateLimitQueueFullError extends Error {
+    key;
+    maxQueueSize;
+    constructor(key, maxQueueSize) {
+        super(`Rate limit queue full for key '${key}' (max: ${maxQueueSize})`);
+        this.key = key;
+        this.maxQueueSize = maxQueueSize;
+        this.name = 'RateLimitQueueFullError';
+    }
+}
+//# sourceMappingURL=errors.js.map

package/dist/src/security/rate-limiter/errors.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"errors.js","sourceRoot":"","sources":["../../../../src/security/rate-limiter/errors.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH;;GAEG;AACH,MAAM,OAAO,0BAA2B,SAAQ,KAAK;IAEjC;IACA;IAFlB,YACkB,GAAW,EACX,SAAiB;QAEjC,KAAK,CAAC,8CAA8C,GAAG,WAAW,SAAS,IAAI,CAAC,CAAA;QAHhE,QAAG,GAAH,GAAG,CAAQ;QACX,cAAS,GAAT,SAAS,CAAQ;QAGjC,IAAI,CAAC,IAAI,GAAG,4BAA4B,CAAA;IAC1C,CAAC;CACF;AAED;;GAEG;AACH,MAAM,OAAO,uBAAwB,SAAQ,KAAK;IAE9B;IACA;IAFlB,YACkB,GAAW,EACX,YAAoB;QAEpC,KAAK,CAAC,kCAAkC,GAAG,WAAW,YAAY,GAAG,CAAC,CAAA;QAHtD,QAAG,GAAH,GAAG,CAAQ;QACX,iBAAY,GAAZ,YAAY,CAAQ;QAGpC,IAAI,CAAC,IAAI,GAAG,yBAAyB,CAAA;IACvC,CAAC;CACF"}

package/dist/src/security/rate-limiter/index.d.ts

@@ -0,0 +1,12 @@
+/**
+ * Rate Limiter Module - SMI-730, SMI-1013, SMI-1189
+ *
+ * Re-exports for rate limiting functionality.
+ */
+export type { RateLimitConfig, RateLimitMetrics, RateLimitResult, RateLimitStorage, TokenBucket, QueuedRequest, } from './types.js';
+export { MAX_UNIQUE_KEYS, METRICS_TTL_MS } from './constants.js';
+export { RateLimitQueueTimeoutError, RateLimitQueueFullError } from './errors.js';
+export { InMemoryRateLimitStorage } from './storage.js';
+export { RateLimiter } from './RateLimiter.js';
+export { RATE_LIMIT_PRESETS, createRateLimiterFromPreset } from './presets.js';
+//# sourceMappingURL=index.d.ts.map

package/dist/src/security/rate-limiter/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../src/security/rate-limiter/index.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAGH,YAAY,EACV,eAAe,EACf,gBAAgB,EAChB,eAAe,EACf,gBAAgB,EAChB,WAAW,EACX,aAAa,GACd,MAAM,YAAY,CAAA;AAGnB,OAAO,EAAE,eAAe,EAAE,cAAc,EAAE,MAAM,gBAAgB,CAAA;AAGhE,OAAO,EAAE,0BAA0B,EAAE,uBAAuB,EAAE,MAAM,aAAa,CAAA;AAGjF,OAAO,EAAE,wBAAwB,EAAE,MAAM,cAAc,CAAA;AAGvD,OAAO,EAAE,WAAW,EAAE,MAAM,kBAAkB,CAAA;AAG9C,OAAO,EAAE,kBAAkB,EAAE,2BAA2B,EAAE,MAAM,cAAc,CAAA"}

package/dist/src/security/rate-limiter/index.js

@@ -0,0 +1,16 @@
+/**
+ * Rate Limiter Module - SMI-730, SMI-1013, SMI-1189
+ *
+ * Re-exports for rate limiting functionality.
+ */
+// Constants
+export { MAX_UNIQUE_KEYS, METRICS_TTL_MS } from './constants.js';
+// Errors
+export { RateLimitQueueTimeoutError, RateLimitQueueFullError } from './errors.js';
+// Storage
+export { InMemoryRateLimitStorage } from './storage.js';
+// Main class
+export { RateLimiter } from './RateLimiter.js';
+// Presets
+export { RATE_LIMIT_PRESETS, createRateLimiterFromPreset } from './presets.js';
+//# sourceMappingURL=index.js.map

package/dist/src/security/rate-limiter/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../src/security/rate-limiter/index.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAYH,YAAY;AACZ,OAAO,EAAE,eAAe,EAAE,cAAc,EAAE,MAAM,gBAAgB,CAAA;AAEhE,SAAS;AACT,OAAO,EAAE,0BAA0B,EAAE,uBAAuB,EAAE,MAAM,aAAa,CAAA;AAEjF,UAAU;AACV,OAAO,EAAE,wBAAwB,EAAE,MAAM,cAAc,CAAA;AAEvD,aAAa;AACb,OAAO,EAAE,WAAW,EAAE,MAAM,kBAAkB,CAAA;AAE9C,UAAU;AACV,OAAO,EAAE,kBAAkB,EAAE,2BAA2B,EAAE,MAAM,cAAc,CAAA"}

package/dist/src/security/rate-limiter/metrics-manager.d.ts

@@ -0,0 +1,55 @@
+/**
+ * Rate Limit Metrics Manager - SMI-730, SMI-1189
+ *
+ * Metrics tracking and management for rate limiting.
+ */
+import type { RateLimitMetrics } from './types.js';
+/**
+ * Manages rate limit metrics with bounds checking and cleanup
+ */
+export declare class MetricsManager {
+    private readonly metrics;
+    private cleanupInterval;
+    private readonly debug;
+    private readonly log;
+    constructor(debug?: boolean, log?: {
+        debug: (msg: string) => void;
+    });
+    /**
+     * Start periodic cleanup of stale metrics
+     */
+    startCleanup(): void;
+    /**
+     * Stop metrics cleanup
+     */
+    stopCleanup(): void;
+    /**
+     * Clean up metrics older than METRICS_TTL_MS
+     */
+    private cleanupStaleMetrics;
+    /**
+     * Update metrics for a key with bounds checking
+     */
+    update(key: string, allowed: boolean, error?: boolean): void;
+    /**
+     * Get metrics for a specific key
+     */
+    get(key: string): RateLimitMetrics | undefined;
+    /**
+     * Get all metrics
+     */
+    getAll(): Map<string, RateLimitMetrics>;
+    /**
+     * Delete metrics for a key
+     */
+    delete(key: string): void;
+    /**
+     * Clear all metrics
+     */
+    clear(): void;
+    /**
+     * Dispose of resources
+     */
+    dispose(): void;
+}
+//# sourceMappingURL=metrics-manager.d.ts.map

package/dist/src/security/rate-limiter/metrics-manager.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"metrics-manager.d.ts","sourceRoot":"","sources":["../../../../src/security/rate-limiter/metrics-manager.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,YAAY,CAAA;AAGlD;;GAEG;AACH,qBAAa,cAAc;IACzB,OAAO,CAAC,QAAQ,CAAC,OAAO,CAA2C;IACnE,OAAO,CAAC,eAAe,CAA8B;IACrD,OAAO,CAAC,QAAQ,CAAC,KAAK,CAAS;IAC/B,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAkC;gBAE1C,KAAK,UAAQ,EAAE,GAAG,CAAC,EAAE;QAAE,KAAK,EAAE,CAAC,GAAG,EAAE,MAAM,KAAK,IAAI,CAAA;KAAE;IAKjE;;OAEG;IACH,YAAY,IAAI,IAAI;IAUpB;;OAEG;IACH,WAAW,IAAI,IAAI;IAOnB;;OAEG;IACH,OAAO,CAAC,mBAAmB;IA6B3B;;OAEG;IACH,MAAM,CAAC,GAAG,EAAE,MAAM,EAAE,OAAO,EAAE,OAAO,EAAE,KAAK,UAAQ,GAAG,IAAI;IAiD1D;;OAEG;IACH,GAAG,CAAC,GAAG,EAAE,MAAM,GAAG,gBAAgB,GAAG,SAAS;IAI9C;;OAEG;IACH,MAAM,IAAI,GAAG,CAAC,MAAM,EAAE,gBAAgB,CAAC;IAIvC;;OAEG;IACH,MAAM,CAAC,GAAG,EAAE,MAAM,GAAG,IAAI;IAIzB;;OAEG;IACH,KAAK,IAAI,IAAI;IAIb;;OAEG;IACH,OAAO,IAAI,IAAI;CAIhB"}

package/dist/src/security/rate-limiter/metrics-manager.js

@@ -0,0 +1,144 @@
+/**
+ * Rate Limit Metrics Manager - SMI-730, SMI-1189
+ *
+ * Metrics tracking and management for rate limiting.
+ */
+import { MAX_UNIQUE_KEYS, METRICS_TTL_MS } from './constants.js';
+/**
+ * Manages rate limit metrics with bounds checking and cleanup
+ */
+export class MetricsManager {
+    metrics = new Map();
+    cleanupInterval = null;
+    debug;
+    log;
+    constructor(debug = false, log) {
+        this.debug = debug;
+        this.log = log || { debug: () => { } };
+    }
+    /**
+     * Start periodic cleanup of stale metrics
+     */
+    startCleanup() {
+        // Clean up stale metrics every 5 minutes
+        this.cleanupInterval = setInterval(() => {
+            this.cleanupStaleMetrics();
+        }, 5 * 60 * 1000);
+    }
+    /**
+     * Stop metrics cleanup
+     */
+    stopCleanup() {
+        if (this.cleanupInterval) {
+            clearInterval(this.cleanupInterval);
+            this.cleanupInterval = null;
+        }
+    }
+    /**
+     * Clean up metrics older than METRICS_TTL_MS
+     */
+    cleanupStaleMetrics() {
+        const now = new Date();
+        let cleaned = 0;
+        for (const [key, metrics] of this.metrics.entries()) {
+            if (now.getTime() - metrics.lastUpdated.getTime() > METRICS_TTL_MS) {
+                this.metrics.delete(key);
+                cleaned++;
+            }
+        }
+        // Also enforce MAX_UNIQUE_KEYS limit if somehow exceeded
+        if (this.metrics.size > MAX_UNIQUE_KEYS) {
+            // Sort by lastUpdated and remove oldest entries
+            const entries = Array.from(this.metrics.entries()).sort((a, b) => a[1].lastUpdated.getTime() - b[1].lastUpdated.getTime());
+            const toRemove = entries.slice(0, this.metrics.size - MAX_UNIQUE_KEYS);
+            for (const [key] of toRemove) {
+                this.metrics.delete(key);
+                cleaned++;
+            }
+        }
+        if (cleaned > 0 && this.debug) {
+            this.log.debug(`Cleaned up ${cleaned} stale metric entries`);
+        }
+    }
+    /**
+     * Update metrics for a key with bounds checking
+     */
+    update(key, allowed, error = false) {
+        // Check if we've hit the max unique keys limit
+        if (!this.metrics.has(key) && this.metrics.size >= MAX_UNIQUE_KEYS) {
+            // Evict oldest entry before adding new one
+            let oldestKey = null;
+            let oldestTime = Infinity;
+            for (const [k, m] of this.metrics.entries()) {
+                if (m.lastUpdated.getTime() < oldestTime) {
+                    oldestTime = m.lastUpdated.getTime();
+                    oldestKey = k;
+                }
+            }
+            if (oldestKey) {
+                this.metrics.delete(oldestKey);
+                if (this.debug) {
+                    this.log.debug(`Evicted oldest metrics entry: ${oldestKey}`);
+                }
+            }
+        }
+        const now = new Date();
+        const existing = this.metrics.get(key) || {
+            allowed: 0,
+            blocked: 0,
+            errors: 0,
+            lastReset: now,
+            lastUpdated: now,
+        };
+        if (error) {
+            existing.errors++;
+            // Also track allowed/blocked for error cases (fail-open vs fail-closed)
+            if (allowed) {
+                existing.allowed++;
+            }
+            else {
+                existing.blocked++;
+            }
+        }
+        else if (allowed) {
+            existing.allowed++;
+        }
+        else {
+            existing.blocked++;
+        }
+        existing.lastUpdated = now;
+        this.metrics.set(key, existing);
+    }
+    /**
+     * Get metrics for a specific key
+     */
+    get(key) {
+        return this.metrics.get(key);
+    }
+    /**
+     * Get all metrics
+     */
+    getAll() {
+        return new Map(this.metrics);
+    }
+    /**
+     * Delete metrics for a key
+     */
+    delete(key) {
+        this.metrics.delete(key);
+    }
+    /**
+     * Clear all metrics
+     */
+    clear() {
+        this.metrics.clear();
+    }
+    /**
+     * Dispose of resources
+     */
+    dispose() {
+        this.stopCleanup();
+        this.clear();
+    }
+}
+//# sourceMappingURL=metrics-manager.js.map

package/dist/src/security/rate-limiter/metrics-manager.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"metrics-manager.js","sourceRoot":"","sources":["../../../../src/security/rate-limiter/metrics-manager.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAGH,OAAO,EAAE,eAAe,EAAE,cAAc,EAAE,MAAM,gBAAgB,CAAA;AAEhE;;GAEG;AACH,MAAM,OAAO,cAAc;IACR,OAAO,GAAkC,IAAI,GAAG,EAAE,CAAA;IAC3D,eAAe,GAA0B,IAAI,CAAA;IACpC,KAAK,CAAS;IACd,GAAG,CAAkC;IAEtD,YAAY,KAAK,GAAG,KAAK,EAAE,GAAsC;QAC/D,IAAI,CAAC,KAAK,GAAG,KAAK,CAAA;QAClB,IAAI,CAAC,GAAG,GAAG,GAAG,IAAI,EAAE,KAAK,EAAE,GAAG,EAAE,GAAE,CAAC,EAAE,CAAA;IACvC,CAAC;IAED;;OAEG;IACH,YAAY;QACV,yCAAyC;QACzC,IAAI,CAAC,eAAe,GAAG,WAAW,CAChC,GAAG,EAAE;YACH,IAAI,CAAC,mBAAmB,EAAE,CAAA;QAC5B,CAAC,EACD,CAAC,GAAG,EAAE,GAAG,IAAI,CACd,CAAA;IACH,CAAC;IAED;;OAEG;IACH,WAAW;QACT,IAAI,IAAI,CAAC,eAAe,EAAE,CAAC;YACzB,aAAa,CAAC,IAAI,CAAC,eAAe,CAAC,CAAA;YACnC,IAAI,CAAC,eAAe,GAAG,IAAI,CAAA;QAC7B,CAAC;IACH,CAAC;IAED;;OAEG;IACK,mBAAmB;QACzB,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAA;QACtB,IAAI,OAAO,GAAG,CAAC,CAAA;QAEf,KAAK,MAAM,CAAC,GAAG,EAAE,OAAO,CAAC,IAAI,IAAI,CAAC,OAAO,CAAC,OAAO,EAAE,EAAE,CAAC;YACpD,IAAI,GAAG,CAAC,OAAO,EAAE,GAAG,OAAO,CAAC,WAAW,CAAC,OAAO,EAAE,GAAG,cAAc,EAAE,CAAC;gBACnE,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,GAAG,CAAC,CAAA;gBACxB,OAAO,EAAE,CAAA;YACX,CAAC;QACH,CAAC;QAED,yDAAyD;QACzD,IAAI,IAAI,CAAC,OAAO,CAAC,IAAI,GAAG,eAAe,EAAE,CAAC;YACxC,gDAAgD;YAChD,MAAM,OAAO,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,OAAO,EAAE,CAAC,CAAC,IAAI,CACrD,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,WAAW,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,WAAW,CAAC,OAAO,EAAE,CAClE,CAAA;YACD,MAAM,QAAQ,GAAG,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,IAAI,CAAC,OAAO,CAAC,IAAI,GAAG,eAAe,CAAC,CAAA;YACtE,KAAK,MAAM,CAAC,GAAG,CAAC,IAAI,QAAQ,EAAE,CAAC;gBAC7B,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,GAAG,CAAC,CAAA;gBACxB,OAAO,EAAE,CAAA;YACX,CAAC;QACH,CAAC;QAED,IAAI,OAAO,GAAG,CAAC,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;YAC9B,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,cAAc,OAAO,uBAAuB,CAAC,CAAA;QAC9D,CAAC;IACH,CAAC;IAED;;OAEG;IACH,MAAM,CAAC,GAAW,EAAE,OAAgB,EAAE,KAAK,GAAG,KAAK;QACjD,+CAA+C;QAC/C,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,IAAI,CAAC,OAAO,CAAC,IAAI,IAAI,eAAe,EAAE,CAAC;YACnE,2CAA2C;YAC3C,IAAI,SAAS,GAAkB,IAAI,CAAA;YACnC,IAAI,UAAU,GAAG,QAAQ,CAAA;YAEzB,KAAK,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,IAAI,CAAC,OAAO,CAAC,OAAO,EAAE,EAAE,CAAC;gBAC5C,IAAI,CAAC,CAAC,WAAW,CAAC,OAAO,EAAE,GAAG,UAAU,EAAE,CAAC;oBACzC,UAAU,GAAG,CAAC,CAAC,WAAW,CAAC,OAAO,EAAE,CAAA;oBACpC,SAAS,GAAG,CAAC,CAAA;gBACf,CAAC;YACH,CAAC;YAED,IAAI,SAAS,EAAE,CAAC;gBACd,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,SAAS,CAAC,CAAA;gBAC9B,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;oBACf,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,iCAAiC,SAAS,EAAE,CAAC,CAAA;gBAC9D,CAAC;YACH,CAAC;QACH,CAAC;QAED,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAA;QACtB,MAAM,QAAQ,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI;YACxC,OAAO,EAAE,CAAC;YACV,OAAO,EAAE,CAAC;YACV,MAAM,EAAE,CAAC;YACT,SAAS,EAAE,GAAG;YACd,WAAW,EAAE,GAAG;SACjB,CAAA;QAED,IAAI,KAAK,EAAE,CAAC;YACV,QAAQ,CAAC,MAAM,EAAE,CAAA;YACjB,wEAAwE;YACxE,IAAI,OAAO,EAAE,CAAC;gBACZ,QAAQ,CAAC,OAAO,EAAE,CAAA;YACpB,CAAC;iBAAM,CAAC;gBACN,QAAQ,CAAC,OAAO,EAAE,CAAA;YACpB,CAAC;QACH,CAAC;aAAM,IAAI,OAAO,EAAE,CAAC;YACnB,QAAQ,CAAC,OAAO,EAAE,CAAA;QACpB,CAAC;aAAM,CAAC;YACN,QAAQ,CAAC,OAAO,EAAE,CAAA;QACpB,CAAC;QAED,QAAQ,CAAC,WAAW,GAAG,GAAG,CAAA;QAC1B,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAA;IACjC,CAAC;IAED;;OAEG;IACH,GAAG,CAAC,GAAW;QACb,OAAO,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,CAAA;IAC9B,CAAC;IAED;;OAEG;IACH,MAAM;QACJ,OAAO,IAAI,GAAG,CAAC,IAAI,CAAC,OAAO,CAAC,CAAA;IAC9B,CAAC;IAED;;OAEG;IACH,MAAM,CAAC,GAAW;QAChB,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,GAAG,CAAC,CAAA;IAC1B,CAAC;IAED;;OAEG;IACH,KAAK;QACH,IAAI,CAAC,OAAO,CAAC,KAAK,EAAE,CAAA;IACtB,CAAC;IAED;;OAEG;IACH,OAAO;QACL,IAAI,CAAC,WAAW,EAAE,CAAA;QAClB,IAAI,CAAC,KAAK,EAAE,CAAA;IACd,CAAC;CACF"}