npm - @sparkleideas/security - Versions diffs - 3.0.0-alpha.22 → 3.0.0-alpha.49 - Mend

@sparkleideas/security 3.0.0-alpha.22 → 3.0.0-alpha.49

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (54) hide show

package/dist/CVE-REMEDIATION.d.ts +86 -0
package/dist/CVE-REMEDIATION.d.ts.map +1 -0
package/dist/CVE-REMEDIATION.js +221 -0
package/dist/CVE-REMEDIATION.js.map +1 -0
package/dist/application/index.d.ts +7 -0
package/dist/application/index.d.ts.map +1 -0
package/dist/application/index.js +7 -0
package/dist/application/index.js.map +1 -0
package/dist/application/services/security-application-service.d.ts +71 -0
package/dist/application/services/security-application-service.d.ts.map +1 -0
package/dist/application/services/security-application-service.js +153 -0
package/dist/application/services/security-application-service.js.map +1 -0
package/dist/credential-generator.d.ts +176 -0
package/dist/credential-generator.d.ts.map +1 -0
package/dist/credential-generator.js +272 -0
package/dist/credential-generator.js.map +1 -0
package/dist/domain/entities/security-context.d.ts +68 -0
package/dist/domain/entities/security-context.d.ts.map +1 -0
package/dist/domain/entities/security-context.js +132 -0
package/dist/domain/entities/security-context.js.map +1 -0
package/dist/domain/index.d.ts +8 -0
package/dist/domain/index.d.ts.map +1 -0
package/dist/domain/index.js +8 -0
package/dist/domain/index.js.map +1 -0
package/dist/domain/services/security-domain-service.d.ts +71 -0
package/dist/domain/services/security-domain-service.d.ts.map +1 -0
package/dist/domain/services/security-domain-service.js +237 -0
package/dist/domain/services/security-domain-service.js.map +1 -0
package/dist/index.d.ts +119 -0
package/dist/index.d.ts.map +1 -0
package/dist/index.js +145 -0
package/dist/index.js.map +1 -0
package/dist/input-validator.d.ts +338 -0
package/dist/input-validator.d.ts.map +1 -0
package/dist/input-validator.js +393 -0
package/dist/input-validator.js.map +1 -0
package/dist/password-hasher.d.ts +128 -0
package/dist/password-hasher.d.ts.map +1 -0
package/dist/password-hasher.js +183 -0
package/dist/password-hasher.js.map +1 -0
package/dist/path-validator.d.ts +148 -0
package/dist/path-validator.d.ts.map +1 -0
package/dist/path-validator.js +421 -0
package/dist/path-validator.js.map +1 -0
package/dist/safe-executor.d.ts +173 -0
package/dist/safe-executor.d.ts.map +1 -0
package/dist/safe-executor.js +370 -0
package/dist/safe-executor.js.map +1 -0
package/dist/token-generator.d.ts +224 -0
package/dist/token-generator.d.ts.map +1 -0
package/dist/token-generator.js +351 -0
package/dist/token-generator.js.map +1 -0
package/package.json +1 -1
package/tsconfig.build.tsbuildinfo +1 -0

package/dist/domain/index.d.ts ADDED Viewed

@@ -0,0 +1,8 @@
+/**
+ * Security Domain Layer - Public Exports
+ *
+ * @module v3/security/domain
+ */
+export { SecurityContext, type PermissionLevel, type SecurityContextProps, } from './entities/security-context.js';
+export { SecurityDomainService, type ValidationResult, type ThreatDetectionResult, } from './services/security-domain-service.js';
+//# sourceMappingURL=index.d.ts.map

package/dist/domain/index.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/domain/index.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EACL,eAAe,EACf,KAAK,eAAe,EACpB,KAAK,oBAAoB,GAC1B,MAAM,gCAAgC,CAAC;AAExC,OAAO,EACL,qBAAqB,EACrB,KAAK,gBAAgB,EACrB,KAAK,qBAAqB,GAC3B,MAAM,uCAAuC,CAAC"}

package/dist/domain/index.js ADDED Viewed

@@ -0,0 +1,8 @@
+/**
+ * Security Domain Layer - Public Exports
+ *
+ * @module v3/security/domain
+ */
+export { SecurityContext, } from './entities/security-context.js';
+export { SecurityDomainService, } from './services/security-domain-service.js';
+//# sourceMappingURL=index.js.map

package/dist/domain/index.js.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/domain/index.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EACL,eAAe,GAGhB,MAAM,gCAAgC,CAAC;AAExC,OAAO,EACL,qBAAqB,GAGtB,MAAM,uCAAuC,CAAC"}

package/dist/domain/services/security-domain-service.d.ts ADDED Viewed

@@ -0,0 +1,71 @@
+/**
+ * Security Domain Service - Domain Layer
+ *
+ * Contains security logic for validation, policy enforcement, and threat detection.
+ *
+ * @module v3/security/domain/services
+ */
+import { SecurityContext } from '../entities/security-context.js';
+/**
+ * Validation result
+ */
+export interface ValidationResult {
+    valid: boolean;
+    errors: string[];
+    warnings: string[];
+    sanitized?: string;
+}
+/**
+ * Threat detection result
+ */
+export interface ThreatDetectionResult {
+    safe: boolean;
+    threats: Array<{
+        type: string;
+        severity: 'low' | 'medium' | 'high' | 'critical';
+        description: string;
+        location?: string;
+    }>;
+}
+/**
+ * Security Domain Service
+ */
+export declare class SecurityDomainService {
+    private static readonly PATH_TRAVERSAL_PATTERNS;
+    private static readonly DANGEROUS_COMMANDS;
+    private static readonly SQL_INJECTION_PATTERNS;
+    private static readonly XSS_PATTERNS;
+    /**
+     * Validate a file path
+     */
+    validatePath(path: string, context: SecurityContext): ValidationResult;
+    /**
+     * Validate a command
+     */
+    validateCommand(command: string, context: SecurityContext): ValidationResult;
+    /**
+     * Validate user input
+     */
+    validateInput(input: string): ValidationResult;
+    /**
+     * Detect threats in content
+     */
+    detectThreats(content: string): ThreatDetectionResult;
+    /**
+     * Sanitize path
+     */
+    private sanitizePath;
+    /**
+     * Sanitize command
+     */
+    private sanitizeCommand;
+    /**
+     * Sanitize user input
+     */
+    private sanitizeInput;
+    /**
+     * Create security context for agent
+     */
+    createAgentContext(agentId: string, role: string, customPaths?: string[]): SecurityContext;
+}
+//# sourceMappingURL=security-domain-service.d.ts.map

package/dist/domain/services/security-domain-service.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"security-domain-service.d.ts","sourceRoot":"","sources":["../../../src/domain/services/security-domain-service.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,EAAE,eAAe,EAAmB,MAAM,iCAAiC,CAAC;AAEnF;;GAEG;AACH,MAAM,WAAW,gBAAgB;IAC/B,KAAK,EAAE,OAAO,CAAC;IACf,MAAM,EAAE,MAAM,EAAE,CAAC;IACjB,QAAQ,EAAE,MAAM,EAAE,CAAC;IACnB,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAED;;GAEG;AACH,MAAM,WAAW,qBAAqB;IACpC,IAAI,EAAE,OAAO,CAAC;IACd,OAAO,EAAE,KAAK,CAAC;QACb,IAAI,EAAE,MAAM,CAAC;QACb,QAAQ,EAAE,KAAK,GAAG,QAAQ,GAAG,MAAM,GAAG,UAAU,CAAC;QACjD,WAAW,EAAE,MAAM,CAAC;QACpB,QAAQ,CAAC,EAAE,MAAM,CAAC;KACnB,CAAC,CAAC;CACJ;AAED;;GAEG;AACH,qBAAa,qBAAqB;IAEhC,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,uBAAuB,CAQ7C;IAGF,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,kBAAkB,CAYxC;IAGF,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,sBAAsB,CAO5C;IAGF,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,YAAY,CAOlC;IAEF;;OAEG;IACH,YAAY,CAAC,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,eAAe,GAAG,gBAAgB;IA6BtE;;OAEG;IACH,eAAe,CAAC,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,eAAe,GAAG,gBAAgB;IAiC5E;;OAEG;IACH,aAAa,CAAC,KAAK,EAAE,MAAM,GAAG,gBAAgB;IAiC9C;;OAEG;IACH,aAAa,CAAC,OAAO,EAAE,MAAM,GAAG,qBAAqB;IA0CrD;;OAEG;IACH,OAAO,CAAC,YAAY;IAQpB;;OAEG;IACH,OAAO,CAAC,eAAe;IAOvB;;OAEG;IACH,OAAO,CAAC,aAAa;IASrB;;OAEG;IACH,kBAAkB,CAChB,OAAO,EAAE,MAAM,EACf,IAAI,EAAE,MAAM,EACZ,WAAW,CAAC,EAAE,MAAM,EAAE,GACrB,eAAe;CAuBnB"}

package/dist/domain/services/security-domain-service.js ADDED Viewed

@@ -0,0 +1,237 @@
+/**
+ * Security Domain Service - Domain Layer
+ *
+ * Contains security logic for validation, policy enforcement, and threat detection.
+ *
+ * @module v3/security/domain/services
+ */
+import { SecurityContext } from '../entities/security-context.js';
+/**
+ * Security Domain Service
+ */
+export class SecurityDomainService {
+    // Dangerous patterns for path traversal
+    static PATH_TRAVERSAL_PATTERNS = [
+        /\.\./,
+        /~\//,
+        /^\/etc\//,
+        /^\/tmp\//,
+        /^\/var\/log\//,
+        /^C:\\Windows/i,
+        /^C:\\Users\\[^\\]+\\AppData/i,
+    ];
+    // Dangerous command patterns
+    static DANGEROUS_COMMANDS = [
+        /^rm\s+-rf\s+\//,
+        /^rm\s+-rf\s+\*/,
+        /^dd\s+if=/,
+        /^mkfs\./,
+        /^format\s+/i,
+        /^del\s+\/s\s+\/q/i,
+        />\s*\/dev\/sd[a-z]/,
+        /\|\s*bash$/,
+        /\|\s*sh$/,
+        /eval\s*\(/,
+        /exec\s*\(/,
+    ];
+    // SQL injection patterns
+    static SQL_INJECTION_PATTERNS = [
+        /'\s*OR\s+'1'\s*=\s*'1/i,
+        /'\s*OR\s+1\s*=\s*1/i,
+        /;\s*DROP\s+TABLE/i,
+        /;\s*DELETE\s+FROM/i,
+        /UNION\s+SELECT/i,
+        /--\s*$/,
+    ];
+    // XSS patterns
+    static XSS_PATTERNS = [
+        /<script[\s>]/i,
+        /javascript:/i,
+        /on\w+\s*=/i,
+        /<iframe/i,
+        /<object/i,
+        /<embed/i,
+    ];
+    /**
+     * Validate a file path
+     */
+    validatePath(path, context) {
+        const errors = [];
+        const warnings = [];
+        // Check path traversal
+        for (const pattern of SecurityDomainService.PATH_TRAVERSAL_PATTERNS) {
+            if (pattern.test(path)) {
+                errors.push(`Path traversal detected: ${pattern.source}`);
+            }
+        }
+        // Check context permissions
+        if (!context.canAccessPath(path)) {
+            errors.push(`Access denied to path: ${path}`);
+        }
+        // Check for suspicious paths
+        if (path.includes('..')) {
+            warnings.push('Path contains parent directory reference');
+        }
+        return {
+            valid: errors.length === 0,
+            errors,
+            warnings,
+            sanitized: this.sanitizePath(path),
+        };
+    }
+    /**
+     * Validate a command
+     */
+    validateCommand(command, context) {
+        const errors = [];
+        const warnings = [];
+        // Check dangerous commands
+        for (const pattern of SecurityDomainService.DANGEROUS_COMMANDS) {
+            if (pattern.test(command)) {
+                errors.push(`Dangerous command pattern detected: ${pattern.source}`);
+            }
+        }
+        // Check context permissions
+        if (!context.canExecuteCommand(command)) {
+            errors.push(`Command execution denied: ${command}`);
+        }
+        if (!context.hasPermission('execute')) {
+            errors.push('Execute permission required');
+        }
+        // Check for shell injection
+        if (/[;&|`$(){}]/.test(command)) {
+            warnings.push('Command contains shell metacharacters');
+        }
+        return {
+            valid: errors.length === 0,
+            errors,
+            warnings,
+            sanitized: this.sanitizeCommand(command),
+        };
+    }
+    /**
+     * Validate user input
+     */
+    validateInput(input) {
+        const errors = [];
+        const warnings = [];
+        // Check for SQL injection
+        for (const pattern of SecurityDomainService.SQL_INJECTION_PATTERNS) {
+            if (pattern.test(input)) {
+                errors.push(`SQL injection pattern detected`);
+                break;
+            }
+        }
+        // Check for XSS
+        for (const pattern of SecurityDomainService.XSS_PATTERNS) {
+            if (pattern.test(input)) {
+                errors.push(`XSS pattern detected`);
+                break;
+            }
+        }
+        // Check length
+        if (input.length > 10000) {
+            warnings.push('Input exceeds recommended length');
+        }
+        return {
+            valid: errors.length === 0,
+            errors,
+            warnings,
+            sanitized: this.sanitizeInput(input),
+        };
+    }
+    /**
+     * Detect threats in content
+     */
+    detectThreats(content) {
+        const threats = [];
+        // Check for various threat patterns
+        if (/<script/i.test(content)) {
+            threats.push({
+                type: 'xss',
+                severity: 'high',
+                description: 'Script tag detected',
+            });
+        }
+        if (/password\s*[:=]\s*["'][^"']+["']/i.test(content)) {
+            threats.push({
+                type: 'credential-exposure',
+                severity: 'critical',
+                description: 'Hardcoded password detected',
+            });
+        }
+        if (/api[_-]?key\s*[:=]\s*["'][^"']+["']/i.test(content)) {
+            threats.push({
+                type: 'credential-exposure',
+                severity: 'critical',
+                description: 'API key detected',
+            });
+        }
+        if (/eval\s*\(/.test(content)) {
+            threats.push({
+                type: 'code-injection',
+                severity: 'high',
+                description: 'Eval statement detected',
+            });
+        }
+        return {
+            safe: threats.length === 0,
+            threats,
+        };
+    }
+    /**
+     * Sanitize path
+     */
+    sanitizePath(path) {
+        return path
+            .replace(/\.\./g, '')
+            .replace(/\/\//g, '/')
+            .replace(/^~\//, '')
+            .trim();
+    }
+    /**
+     * Sanitize command
+     */
+    sanitizeCommand(command) {
+        return command
+            .replace(/[;&|`$]/g, '')
+            .replace(/\$\([^)]*\)/g, '')
+            .trim();
+    }
+    /**
+     * Sanitize user input
+     */
+    sanitizeInput(input) {
+        return input
+            .replace(/</g, '&lt;')
+            .replace(/>/g, '&gt;')
+            .replace(/"/g, '&quot;')
+            .replace(/'/g, '&#x27;')
+            .replace(/\//g, '&#x2F;');
+    }
+    /**
+     * Create security context for agent
+     */
+    createAgentContext(agentId, role, customPaths) {
+        // Default permissions based on role
+        const rolePermissions = {
+            'queen-coordinator': ['read', 'write', 'execute', 'admin'],
+            'security-architect': ['read', 'write', 'execute', 'admin'],
+            'coder': ['read', 'write', 'execute'],
+            'reviewer': ['read'],
+            'tester': ['read', 'execute'],
+            default: ['read'],
+        };
+        const permissions = rolePermissions[role] ?? rolePermissions.default;
+        return SecurityContext.create({
+            principalId: agentId,
+            principalType: 'agent',
+            permissions,
+            allowedPaths: customPaths ?? ['./src', './tests', './docs'],
+            blockedPaths: ['/etc', '/var', '~/', '../'],
+            allowedCommands: ['npm', 'npx', 'node', 'git', 'vitest'],
+            blockedCommands: ['rm -rf /', 'dd', 'mkfs', 'format'],
+        });
+    }
+}
+//# sourceMappingURL=security-domain-service.js.map

package/dist/domain/services/security-domain-service.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"security-domain-service.js","sourceRoot":"","sources":["../../../src/domain/services/security-domain-service.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,EAAE,eAAe,EAAmB,MAAM,iCAAiC,CAAC;AAyBnF;;GAEG;AACH,MAAM,OAAO,qBAAqB;IAChC,wCAAwC;IAChC,MAAM,CAAU,uBAAuB,GAAG;QAChD,MAAM;QACN,KAAK;QACL,UAAU;QACV,UAAU;QACV,eAAe;QACf,eAAe;QACf,8BAA8B;KAC/B,CAAC;IAEF,6BAA6B;IACrB,MAAM,CAAU,kBAAkB,GAAG;QAC3C,gBAAgB;QAChB,gBAAgB;QAChB,WAAW;QACX,SAAS;QACT,aAAa;QACb,mBAAmB;QACnB,oBAAoB;QACpB,YAAY;QACZ,UAAU;QACV,WAAW;QACX,WAAW;KACZ,CAAC;IAEF,yBAAyB;IACjB,MAAM,CAAU,sBAAsB,GAAG;QAC/C,wBAAwB;QACxB,qBAAqB;QACrB,mBAAmB;QACnB,oBAAoB;QACpB,iBAAiB;QACjB,QAAQ;KACT,CAAC;IAEF,eAAe;IACP,MAAM,CAAU,YAAY,GAAG;QACrC,eAAe;QACf,cAAc;QACd,YAAY;QACZ,UAAU;QACV,UAAU;QACV,SAAS;KACV,CAAC;IAEF;;OAEG;IACH,YAAY,CAAC,IAAY,EAAE,OAAwB;QACjD,MAAM,MAAM,GAAa,EAAE,CAAC;QAC5B,MAAM,QAAQ,GAAa,EAAE,CAAC;QAE9B,uBAAuB;QACvB,KAAK,MAAM,OAAO,IAAI,qBAAqB,CAAC,uBAAuB,EAAE,CAAC;YACpE,IAAI,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;gBACvB,MAAM,CAAC,IAAI,CAAC,4BAA4B,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC;YAC5D,CAAC;QACH,CAAC;QAED,4BAA4B;QAC5B,IAAI,CAAC,OAAO,CAAC,aAAa,CAAC,IAAI,CAAC,EAAE,CAAC;YACjC,MAAM,CAAC,IAAI,CAAC,0BAA0B,IAAI,EAAE,CAAC,CAAC;QAChD,CAAC;QAED,6BAA6B;QAC7B,IAAI,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;YACxB,QAAQ,CAAC,IAAI,CAAC,0CAA0C,CAAC,CAAC;QAC5D,CAAC;QAED,OAAO;YACL,KAAK,EAAE,MAAM,CAAC,MAAM,KAAK,CAAC;YAC1B,MAAM;YACN,QAAQ;YACR,SAAS,EAAE,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC;SACnC,CAAC;IACJ,CAAC;IAED;;OAEG;IACH,eAAe,CAAC,OAAe,EAAE,OAAwB;QACvD,MAAM,MAAM,GAAa,EAAE,CAAC;QAC5B,MAAM,QAAQ,GAAa,EAAE,CAAC;QAE9B,2BAA2B;QAC3B,KAAK,MAAM,OAAO,IAAI,qBAAqB,CAAC,kBAAkB,EAAE,CAAC;YAC/D,IAAI,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;gBAC1B,MAAM,CAAC,IAAI,CAAC,uCAAuC,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC;YACvE,CAAC;QACH,CAAC;QAED,4BAA4B;QAC5B,IAAI,CAAC,OAAO,CAAC,iBAAiB,CAAC,OAAO,CAAC,EAAE,CAAC;YACxC,MAAM,CAAC,IAAI,CAAC,6BAA6B,OAAO,EAAE,CAAC,CAAC;QACtD,CAAC;QAED,IAAI,CAAC,OAAO,CAAC,aAAa,CAAC,SAAS,CAAC,EAAE,CAAC;YACtC,MAAM,CAAC,IAAI,CAAC,6BAA6B,CAAC,CAAC;QAC7C,CAAC;QAED,4BAA4B;QAC5B,IAAI,aAAa,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;YAChC,QAAQ,CAAC,IAAI,CAAC,uCAAuC,CAAC,CAAC;QACzD,CAAC;QAED,OAAO;YACL,KAAK,EAAE,MAAM,CAAC,MAAM,KAAK,CAAC;YAC1B,MAAM;YACN,QAAQ;YACR,SAAS,EAAE,IAAI,CAAC,eAAe,CAAC,OAAO,CAAC;SACzC,CAAC;IACJ,CAAC;IAED;;OAEG;IACH,aAAa,CAAC,KAAa;QACzB,MAAM,MAAM,GAAa,EAAE,CAAC;QAC5B,MAAM,QAAQ,GAAa,EAAE,CAAC;QAE9B,0BAA0B;QAC1B,KAAK,MAAM,OAAO,IAAI,qBAAqB,CAAC,sBAAsB,EAAE,CAAC;YACnE,IAAI,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;gBACxB,MAAM,CAAC,IAAI,CAAC,gCAAgC,CAAC,CAAC;gBAC9C,MAAM;YACR,CAAC;QACH,CAAC;QAED,gBAAgB;QAChB,KAAK,MAAM,OAAO,IAAI,qBAAqB,CAAC,YAAY,EAAE,CAAC;YACzD,IAAI,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;gBACxB,MAAM,CAAC,IAAI,CAAC,sBAAsB,CAAC,CAAC;gBACpC,MAAM;YACR,CAAC;QACH,CAAC;QAED,eAAe;QACf,IAAI,KAAK,CAAC,MAAM,GAAG,KAAK,EAAE,CAAC;YACzB,QAAQ,CAAC,IAAI,CAAC,kCAAkC,CAAC,CAAC;QACpD,CAAC;QAED,OAAO;YACL,KAAK,EAAE,MAAM,CAAC,MAAM,KAAK,CAAC;YAC1B,MAAM;YACN,QAAQ;YACR,SAAS,EAAE,IAAI,CAAC,aAAa,CAAC,KAAK,CAAC;SACrC,CAAC;IACJ,CAAC;IAED;;OAEG;IACH,aAAa,CAAC,OAAe;QAC3B,MAAM,OAAO,GAAqC,EAAE,CAAC;QAErD,oCAAoC;QACpC,IAAI,UAAU,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;YAC7B,OAAO,CAAC,IAAI,CAAC;gBACX,IAAI,EAAE,KAAK;gBACX,QAAQ,EAAE,MAAM;gBAChB,WAAW,EAAE,qBAAqB;aACnC,CAAC,CAAC;QACL,CAAC;QAED,IAAI,mCAAmC,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;YACtD,OAAO,CAAC,IAAI,CAAC;gBACX,IAAI,EAAE,qBAAqB;gBAC3B,QAAQ,EAAE,UAAU;gBACpB,WAAW,EAAE,6BAA6B;aAC3C,CAAC,CAAC;QACL,CAAC;QAED,IAAI,sCAAsC,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;YACzD,OAAO,CAAC,IAAI,CAAC;gBACX,IAAI,EAAE,qBAAqB;gBAC3B,QAAQ,EAAE,UAAU;gBACpB,WAAW,EAAE,kBAAkB;aAChC,CAAC,CAAC;QACL,CAAC;QAED,IAAI,WAAW,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;YAC9B,OAAO,CAAC,IAAI,CAAC;gBACX,IAAI,EAAE,gBAAgB;gBACtB,QAAQ,EAAE,MAAM;gBAChB,WAAW,EAAE,yBAAyB;aACvC,CAAC,CAAC;QACL,CAAC;QAED,OAAO;YACL,IAAI,EAAE,OAAO,CAAC,MAAM,KAAK,CAAC;YAC1B,OAAO;SACR,CAAC;IACJ,CAAC;IAED;;OAEG;IACK,YAAY,CAAC,IAAY;QAC/B,OAAO,IAAI;aACR,OAAO,CAAC,OAAO,EAAE,EAAE,CAAC;aACpB,OAAO,CAAC,OAAO,EAAE,GAAG,CAAC;aACrB,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC;aACnB,IAAI,EAAE,CAAC;IACZ,CAAC;IAED;;OAEG;IACK,eAAe,CAAC,OAAe;QACrC,OAAO,OAAO;aACX,OAAO,CAAC,UAAU,EAAE,EAAE,CAAC;aACvB,OAAO,CAAC,cAAc,EAAE,EAAE,CAAC;aAC3B,IAAI,EAAE,CAAC;IACZ,CAAC;IAED;;OAEG;IACK,aAAa,CAAC,KAAa;QACjC,OAAO,KAAK;aACT,OAAO,CAAC,IAAI,EAAE,MAAM,CAAC;aACrB,OAAO,CAAC,IAAI,EAAE,MAAM,CAAC;aACrB,OAAO,CAAC,IAAI,EAAE,QAAQ,CAAC;aACvB,OAAO,CAAC,IAAI,EAAE,QAAQ,CAAC;aACvB,OAAO,CAAC,KAAK,EAAE,QAAQ,CAAC,CAAC;IAC9B,CAAC;IAED;;OAEG;IACH,kBAAkB,CAChB,OAAe,EACf,IAAY,EACZ,WAAsB;QAEtB,oCAAoC;QACpC,MAAM,eAAe,GAAsC;YACzD,mBAAmB,EAAE,CAAC,MAAM,EAAE,OAAO,EAAE,SAAS,EAAE,OAAO,CAAC;YAC1D,oBAAoB,EAAE,CAAC,MAAM,EAAE,OAAO,EAAE,SAAS,EAAE,OAAO,CAAC;YAC3D,OAAO,EAAE,CAAC,MAAM,EAAE,OAAO,EAAE,SAAS,CAAC;YACrC,UAAU,EAAE,CAAC,MAAM,CAAC;YACpB,QAAQ,EAAE,CAAC,MAAM,EAAE,SAAS,CAAC;YAC7B,OAAO,EAAE,CAAC,MAAM,CAAC;SAClB,CAAC;QAEF,MAAM,WAAW,GAAG,eAAe,CAAC,IAAI,CAAC,IAAI,eAAe,CAAC,OAAO,CAAC;QAErE,OAAO,eAAe,CAAC,MAAM,CAAC;YAC5B,WAAW,EAAE,OAAO;YACpB,aAAa,EAAE,OAAO;YACtB,WAAW;YACX,YAAY,EAAE,WAAW,IAAI,CAAC,OAAO,EAAE,SAAS,EAAE,QAAQ,CAAC;YAC3D,YAAY,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,IAAI,EAAE,KAAK,CAAC;YAC3C,eAAe,EAAE,CAAC,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,QAAQ,CAAC;YACxD,eAAe,EAAE,CAAC,UAAU,EAAE,IAAI,EAAE,MAAM,EAAE,QAAQ,CAAC;SACtD,CAAC,CAAC;IACL,CAAC"}

package/dist/index.d.ts ADDED Viewed

@@ -0,0 +1,119 @@
+/**
+ * V3 Security Module
+ *
+ * Comprehensive security module addressing all identified vulnerabilities:
+ * - CVE-2: Weak Password Hashing (password-hasher.ts)
+ * - CVE-3: Hardcoded Default Credentials (credential-generator.ts)
+ * - HIGH-1: Command Injection (safe-executor.ts)
+ * - HIGH-2: Path Traversal (path-validator.ts)
+ *
+ * Also provides:
+ * - Input validation with Zod schemas
+ * - Secure token generation
+ *
+ * @module v3/security
+ */
+export { PasswordHasher, PasswordHashError, createPasswordHasher, type PasswordHasherConfig, type PasswordValidationResult, } from './password-hasher.js';
+export { CredentialGenerator, CredentialGeneratorError, createCredentialGenerator, generateCredentials, type CredentialConfig, type GeneratedCredentials, type ApiKeyCredential, } from './credential-generator.js';
+export { SafeExecutor, SafeExecutorError, createDevelopmentExecutor, createReadOnlyExecutor, type ExecutorConfig, type ExecutionResult, type StreamingExecutor, } from './safe-executor.js';
+export { PathValidator, PathValidatorError, createProjectPathValidator, createFullProjectPathValidator, type PathValidatorConfig, type PathValidationResult, } from './path-validator.js';
+export { InputValidator, sanitizeString, sanitizeHtml, sanitizePath, SafeStringSchema, IdentifierSchema, FilenameSchema, EmailSchema, PasswordSchema, UUIDSchema, HttpsUrlSchema, UrlSchema, SemverSchema, PortSchema, IPv4Schema, IPSchema, UserRoleSchema, PermissionSchema, LoginRequestSchema, CreateUserSchema, CreateApiKeySchema, AgentTypeSchema, SpawnAgentSchema, TaskInputSchema, CommandArgumentSchema, PathSchema, SecurityConfigSchema, ExecutorConfigSchema, PATTERNS, LIMITS, z, } from './input-validator.js';
+export { TokenGenerator, TokenGeneratorError, createTokenGenerator, getDefaultGenerator, quickGenerate, type TokenConfig, type Token, type SignedToken, type VerificationCode, } from './token-generator.js';
+import { PasswordHasher } from './password-hasher.js';
+import { CredentialGenerator } from './credential-generator.js';
+import { SafeExecutor } from './safe-executor.js';
+import { PathValidator } from './path-validator.js';
+import { TokenGenerator } from './token-generator.js';
+/**
+ * Security module configuration
+ */
+export interface SecurityModuleConfig {
+    /**
+     * Project root directory for path validation
+     */
+    projectRoot: string;
+    /**
+     * HMAC secret for token signing
+     */
+    hmacSecret: string;
+    /**
+     * Bcrypt rounds for password hashing
+     * Default: 12
+     */
+    bcryptRounds?: number;
+    /**
+     * Allowed commands for safe executor
+     * Default: ['git', 'npm', 'npx', 'node']
+     */
+    allowedCommands?: string[];
+}
+/**
+ * Complete security module instance
+ */
+export interface SecurityModule {
+    passwordHasher: PasswordHasher;
+    credentialGenerator: CredentialGenerator;
+    safeExecutor: SafeExecutor;
+    pathValidator: PathValidator;
+    tokenGenerator: TokenGenerator;
+}
+/**
+ * Creates a complete security module with all components configured.
+ *
+ * @param config - Module configuration
+ * @returns Complete security module
+ *
+ * @example
+ * ```typescript
+ * const security = createSecurityModule({
+ *   projectRoot: '/workspaces/project',
+ *   hmacSecret: process.env.HMAC_SECRET!,
+ * });
+ *
+ * // Hash password
+ * const hash = await security.passwordHasher.hash('password');
+ *
+ * // Validate path
+ * const result = await security.pathValidator.validate('/workspaces/project/src/file.ts');
+ *
+ * // Execute command safely
+ * const output = await security.safeExecutor.execute('git', ['status']);
+ * ```
+ */
+export declare function createSecurityModule(config: SecurityModuleConfig): SecurityModule;
+/**
+ * Minimum recommended bcrypt rounds for production
+ */
+export declare const MIN_BCRYPT_ROUNDS = 12;
+/**
+ * Maximum recommended bcrypt rounds (performance consideration)
+ */
+export declare const MAX_BCRYPT_ROUNDS = 14;
+/**
+ * Minimum password length
+ */
+export declare const MIN_PASSWORD_LENGTH = 8;
+/**
+ * Maximum password length (bcrypt limitation)
+ */
+export declare const MAX_PASSWORD_LENGTH = 72;
+/**
+ * Default token expiration in seconds (1 hour)
+ */
+export declare const DEFAULT_TOKEN_EXPIRATION = 3600;
+/**
+ * Default session expiration in seconds (24 hours)
+ */
+export declare const DEFAULT_SESSION_EXPIRATION = 86400;
+/**
+ * Checks security configuration for common issues.
+ *
+ * @param config - Configuration to audit
+ * @returns Array of security warnings
+ */
+export declare function auditSecurityConfig(config: Partial<SecurityModuleConfig>): string[];
+/**
+ * Security module version
+ */
+export declare const SECURITY_MODULE_VERSION = "3.0.0-alpha.1";
+//# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AAGH,OAAO,EACL,cAAc,EACd,iBAAiB,EACjB,oBAAoB,EACpB,KAAK,oBAAoB,EACzB,KAAK,wBAAwB,GAC9B,MAAM,sBAAsB,CAAC;AAG9B,OAAO,EACL,mBAAmB,EACnB,wBAAwB,EACxB,yBAAyB,EACzB,mBAAmB,EACnB,KAAK,gBAAgB,EACrB,KAAK,oBAAoB,EACzB,KAAK,gBAAgB,GACtB,MAAM,2BAA2B,CAAC;AAGnC,OAAO,EACL,YAAY,EACZ,iBAAiB,EACjB,yBAAyB,EACzB,sBAAsB,EACtB,KAAK,cAAc,EACnB,KAAK,eAAe,EACpB,KAAK,iBAAiB,GACvB,MAAM,oBAAoB,CAAC;AAG5B,OAAO,EACL,aAAa,EACb,kBAAkB,EAClB,0BAA0B,EAC1B,8BAA8B,EAC9B,KAAK,mBAAmB,EACxB,KAAK,oBAAoB,GAC1B,MAAM,qBAAqB,CAAC;AAG7B,OAAO,EACL,cAAc,EACd,cAAc,EACd,YAAY,EACZ,YAAY,EAEZ,gBAAgB,EAChB,gBAAgB,EAChB,cAAc,EACd,WAAW,EACX,cAAc,EACd,UAAU,EACV,cAAc,EACd,SAAS,EACT,YAAY,EACZ,UAAU,EACV,UAAU,EACV,QAAQ,EAER,cAAc,EACd,gBAAgB,EAChB,kBAAkB,EAClB,gBAAgB,EAChB,kBAAkB,EAElB,eAAe,EACf,gBAAgB,EAChB,eAAe,EAEf,qBAAqB,EACrB,UAAU,EAEV,oBAAoB,EACpB,oBAAoB,EAEpB,QAAQ,EACR,MAAM,EACN,CAAC,GACF,MAAM,sBAAsB,CAAC;AAG9B,OAAO,EACL,cAAc,EACd,mBAAmB,EACnB,oBAAoB,EACpB,mBAAmB,EACnB,aAAa,EACb,KAAK,WAAW,EAChB,KAAK,KAAK,EACV,KAAK,WAAW,EAChB,KAAK,gBAAgB,GACtB,MAAM,sBAAsB,CAAC;AAM9B,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AACtD,OAAO,EAAE,mBAAmB,EAAE,MAAM,2BAA2B,CAAC;AAChE,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAClD,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AACpD,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AAEtD;;GAEG;AACH,MAAM,WAAW,oBAAoB;IACnC;;OAEG;IACH,WAAW,EAAE,MAAM,CAAC;IAEpB;;OAEG;IACH,UAAU,EAAE,MAAM,CAAC;IAEnB;;;OAGG;IACH,YAAY,CAAC,EAAE,MAAM,CAAC;IAEtB;;;OAGG;IACH,eAAe,CAAC,EAAE,MAAM,EAAE,CAAC;CAC5B;AAED;;GAEG;AACH,MAAM,WAAW,cAAc;IAC7B,cAAc,EAAE,cAAc,CAAC;IAC/B,mBAAmB,EAAE,mBAAmB,CAAC;IACzC,YAAY,EAAE,YAAY,CAAC;IAC3B,aAAa,EAAE,aAAa,CAAC;IAC7B,cAAc,EAAE,cAAc,CAAC;CAChC;AAED;;;;;;;;;;;;;;;;;;;;;;GAsBG;AACH,wBAAgB,oBAAoB,CAAC,MAAM,EAAE,oBAAoB,GAAG,cAAc,CAiBjF;AAMD;;GAEG;AACH,eAAO,MAAM,iBAAiB,KAAK,CAAC;AAEpC;;GAEG;AACH,eAAO,MAAM,iBAAiB,KAAK,CAAC;AAEpC;;GAEG;AACH,eAAO,MAAM,mBAAmB,IAAI,CAAC;AAErC;;GAEG;AACH,eAAO,MAAM,mBAAmB,KAAK,CAAC;AAEtC;;GAEG;AACH,eAAO,MAAM,wBAAwB,OAAO,CAAC;AAE7C;;GAEG;AACH,eAAO,MAAM,0BAA0B,QAAQ,CAAC;AAMhD;;;;;GAKG;AACH,wBAAgB,mBAAmB,CAAC,MAAM,EAAE,OAAO,CAAC,oBAAoB,CAAC,GAAG,MAAM,EAAE,CAoBnF;AAED;;GAEG;AACH,eAAO,MAAM,uBAAuB,kBAAkB,CAAC"}

package/dist/index.js ADDED Viewed

@@ -0,0 +1,145 @@
+/**
+ * V3 Security Module
+ *
+ * Comprehensive security module addressing all identified vulnerabilities:
+ * - CVE-2: Weak Password Hashing (password-hasher.ts)
+ * - CVE-3: Hardcoded Default Credentials (credential-generator.ts)
+ * - HIGH-1: Command Injection (safe-executor.ts)
+ * - HIGH-2: Path Traversal (path-validator.ts)
+ *
+ * Also provides:
+ * - Input validation with Zod schemas
+ * - Secure token generation
+ *
+ * @module v3/security
+ */
+// Password Hashing (CVE-2 Fix)
+export { PasswordHasher, PasswordHashError, createPasswordHasher, } from './password-hasher.js';
+// Credential Generation (CVE-3 Fix)
+export { CredentialGenerator, CredentialGeneratorError, createCredentialGenerator, generateCredentials, } from './credential-generator.js';
+// Safe Command Execution (HIGH-1 Fix)
+export { SafeExecutor, SafeExecutorError, createDevelopmentExecutor, createReadOnlyExecutor, } from './safe-executor.js';
+// Path Validation (HIGH-2 Fix)
+export { PathValidator, PathValidatorError, createProjectPathValidator, createFullProjectPathValidator, } from './path-validator.js';
+// Input Validation
+export { InputValidator, sanitizeString, sanitizeHtml, sanitizePath,
+// Base schemas
+SafeStringSchema, IdentifierSchema, FilenameSchema, EmailSchema, PasswordSchema, UUIDSchema, HttpsUrlSchema, UrlSchema, SemverSchema, PortSchema, IPv4Schema, IPSchema,
+// Auth schemas
+UserRoleSchema, PermissionSchema, LoginRequestSchema, CreateUserSchema, CreateApiKeySchema,
+// Agent & Task schemas
+AgentTypeSchema, SpawnAgentSchema, TaskInputSchema,
+// Command & Path schemas
+CommandArgumentSchema, PathSchema,
+// Config schemas
+SecurityConfigSchema, ExecutorConfigSchema,
+// Utilities
+PATTERNS, LIMITS, z, } from './input-validator.js';
+// Token Generation
+export { TokenGenerator, TokenGeneratorError, createTokenGenerator, getDefaultGenerator, quickGenerate, } from './token-generator.js';
+// ============================================================================
+// Convenience Factory Functions
+// ============================================================================
+import { PasswordHasher } from './password-hasher.js';
+import { CredentialGenerator } from './credential-generator.js';
+import { SafeExecutor } from './safe-executor.js';
+import { PathValidator } from './path-validator.js';
+import { TokenGenerator } from './token-generator.js';
+/**
+ * Creates a complete security module with all components configured.
+ *
+ * @param config - Module configuration
+ * @returns Complete security module
+ *
+ * @example
+ * ```typescript
+ * const security = createSecurityModule({
+ *   projectRoot: '/workspaces/project',
+ *   hmacSecret: process.env.HMAC_SECRET!,
+ * });
+ *
+ * // Hash password
+ * const hash = await security.passwordHasher.hash('password');
+ *
+ * // Validate path
+ * const result = await security.pathValidator.validate('/workspaces/project/src/file.ts');
+ *
+ * // Execute command safely
+ * const output = await security.safeExecutor.execute('git', ['status']);
+ * ```
+ */
+export function createSecurityModule(config) {
+    return {
+        passwordHasher: new PasswordHasher({
+            rounds: config.bcryptRounds ?? 12,
+        }),
+        credentialGenerator: new CredentialGenerator(),
+        safeExecutor: new SafeExecutor({
+            allowedCommands: config.allowedCommands ?? ['git', 'npm', 'npx', 'node'],
+        }),
+        pathValidator: new PathValidator({
+            allowedPrefixes: [config.projectRoot],
+            allowHidden: true,
+        }),
+        tokenGenerator: new TokenGenerator({
+            hmacSecret: config.hmacSecret,
+        }),
+    };
+}
+// ============================================================================
+// Security Constants
+// ============================================================================
+/**
+ * Minimum recommended bcrypt rounds for production
+ */
+export const MIN_BCRYPT_ROUNDS = 12;
+/**
+ * Maximum recommended bcrypt rounds (performance consideration)
+ */
+export const MAX_BCRYPT_ROUNDS = 14;
+/**
+ * Minimum password length
+ */
+export const MIN_PASSWORD_LENGTH = 8;
+/**
+ * Maximum password length (bcrypt limitation)
+ */
+export const MAX_PASSWORD_LENGTH = 72;
+/**
+ * Default token expiration in seconds (1 hour)
+ */
+export const DEFAULT_TOKEN_EXPIRATION = 3600;
+/**
+ * Default session expiration in seconds (24 hours)
+ */
+export const DEFAULT_SESSION_EXPIRATION = 86400;
+// ============================================================================
+// Security Audit Helper
+// ============================================================================
+/**
+ * Checks security configuration for common issues.
+ *
+ * @param config - Configuration to audit
+ * @returns Array of security warnings
+ */
+export function auditSecurityConfig(config) {
+    const warnings = [];
+    if (config.bcryptRounds && config.bcryptRounds < MIN_BCRYPT_ROUNDS) {
+        warnings.push(`bcryptRounds (${config.bcryptRounds}) below recommended minimum (${MIN_BCRYPT_ROUNDS})`);
+    }
+    if (config.hmacSecret && config.hmacSecret.length < 32) {
+        warnings.push('hmacSecret should be at least 32 characters');
+    }
+    if (!config.projectRoot) {
+        warnings.push('projectRoot not configured - path validation may be disabled');
+    }
+    if (config.allowedCommands && config.allowedCommands.length === 0) {
+        warnings.push('No commands allowed - executor will reject all commands');
+    }
+    return warnings;
+}
+/**
+ * Security module version
+ */
+export const SECURITY_MODULE_VERSION = '3.0.0-alpha.1';
+//# sourceMappingURL=index.js.map

package/dist/index.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AAEH,+BAA+B;AAC/B,OAAO,EACL,cAAc,EACd,iBAAiB,EACjB,oBAAoB,GAGrB,MAAM,sBAAsB,CAAC;AAE9B,oCAAoC;AACpC,OAAO,EACL,mBAAmB,EACnB,wBAAwB,EACxB,yBAAyB,EACzB,mBAAmB,GAIpB,MAAM,2BAA2B,CAAC;AAEnC,sCAAsC;AACtC,OAAO,EACL,YAAY,EACZ,iBAAiB,EACjB,yBAAyB,EACzB,sBAAsB,GAIvB,MAAM,oBAAoB,CAAC;AAE5B,+BAA+B;AAC/B,OAAO,EACL,aAAa,EACb,kBAAkB,EAClB,0BAA0B,EAC1B,8BAA8B,GAG/B,MAAM,qBAAqB,CAAC;AAE7B,mBAAmB;AACnB,OAAO,EACL,cAAc,EACd,cAAc,EACd,YAAY,EACZ,YAAY;AACZ,eAAe;AACf,gBAAgB,EAChB,gBAAgB,EAChB,cAAc,EACd,WAAW,EACX,cAAc,EACd,UAAU,EACV,cAAc,EACd,SAAS,EACT,YAAY,EACZ,UAAU,EACV,UAAU,EACV,QAAQ;AACR,eAAe;AACf,cAAc,EACd,gBAAgB,EAChB,kBAAkB,EAClB,gBAAgB,EAChB,kBAAkB;AAClB,uBAAuB;AACvB,eAAe,EACf,gBAAgB,EAChB,eAAe;AACf,yBAAyB;AACzB,qBAAqB,EACrB,UAAU;AACV,iBAAiB;AACjB,oBAAoB,EACpB,oBAAoB;AACpB,YAAY;AACZ,QAAQ,EACR,MAAM,EACN,CAAC,GACF,MAAM,sBAAsB,CAAC;AAE9B,mBAAmB;AACnB,OAAO,EACL,cAAc,EACd,mBAAmB,EACnB,oBAAoB,EACpB,mBAAmB,EACnB,aAAa,GAKd,MAAM,sBAAsB,CAAC;AAE9B,+EAA+E;AAC/E,gCAAgC;AAChC,+EAA+E;AAE/E,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AACtD,OAAO,EAAE,mBAAmB,EAAE,MAAM,2BAA2B,CAAC;AAChE,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAClD,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AACpD,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AAwCtD;;;;;;;;;;;;;;;;;;;;;;GAsBG;AACH,MAAM,UAAU,oBAAoB,CAAC,MAA4B;IAC/D,OAAO;QACL,cAAc,EAAE,IAAI,cAAc,CAAC;YACjC,MAAM,EAAE,MAAM,CAAC,YAAY,IAAI,EAAE;SAClC,CAAC;QACF,mBAAmB,EAAE,IAAI,mBAAmB,EAAE;QAC9C,YAAY,EAAE,IAAI,YAAY,CAAC;YAC7B,eAAe,EAAE,MAAM,CAAC,eAAe,IAAI,CAAC,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,CAAC;SACzE,CAAC;QACF,aAAa,EAAE,IAAI,aAAa,CAAC;YAC/B,eAAe,EAAE,CAAC,MAAM,CAAC,WAAW,CAAC;YACrC,WAAW,EAAE,IAAI;SAClB,CAAC;QACF,cAAc,EAAE,IAAI,cAAc,CAAC;YACjC,UAAU,EAAE,MAAM,CAAC,UAAU;SAC9B,CAAC;KACH,CAAC;AACJ,CAAC;AAED,+EAA+E;AAC/E,qBAAqB;AACrB,+EAA+E;AAE/E;;GAEG;AACH,MAAM,CAAC,MAAM,iBAAiB,GAAG,EAAE,CAAC;AAEpC;;GAEG;AACH,MAAM,CAAC,MAAM,iBAAiB,GAAG,EAAE,CAAC;AAEpC;;GAEG;AACH,MAAM,CAAC,MAAM,mBAAmB,GAAG,CAAC,CAAC;AAErC;;GAEG;AACH,MAAM,CAAC,MAAM,mBAAmB,GAAG,EAAE,CAAC;AAEtC;;GAEG;AACH,MAAM,CAAC,MAAM,wBAAwB,GAAG,IAAI,CAAC;AAE7C;;GAEG;AACH,MAAM,CAAC,MAAM,0BAA0B,GAAG,KAAK,CAAC;AAEhD,+EAA+E;AAC/E,wBAAwB;AACxB,+EAA+E;AAE/E;;;;;GAKG;AACH,MAAM,UAAU,mBAAmB,CAAC,MAAqC;IACvE,MAAM,QAAQ,GAAa,EAAE,CAAC;IAE9B,IAAI,MAAM,CAAC,YAAY,IAAI,MAAM,CAAC,YAAY,GAAG,iBAAiB,EAAE,CAAC;QACnE,QAAQ,CAAC,IAAI,CAAC,iBAAiB,MAAM,CAAC,YAAY,gCAAgC,iBAAiB,GAAG,CAAC,CAAC;IAC1G,CAAC;IAED,IAAI,MAAM,CAAC,UAAU,IAAI,MAAM,CAAC,UAAU,CAAC,MAAM,GAAG,EAAE,EAAE,CAAC;QACvD,QAAQ,CAAC,IAAI,CAAC,6CAA6C,CAAC,CAAC;IAC/D,CAAC;IAED,IAAI,CAAC,MAAM,CAAC,WAAW,EAAE,CAAC;QACxB,QAAQ,CAAC,IAAI,CAAC,8DAA8D,CAAC,CAAC;IAChF,CAAC;IAED,IAAI,MAAM,CAAC,eAAe,IAAI,MAAM,CAAC,eAAe,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAClE,QAAQ,CAAC,IAAI,CAAC,yDAAyD,CAAC,CAAC;IAC3E,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,MAAM,uBAAuB,GAAG,eAAe,CAAC"}