@stackmemoryai/stackmemory 0.5.58 → 0.5.59

package/dist/src/core/retrieval/types.js.map

@@ -0,0 +1,7 @@
+{
+  "version": 3,
+  "sources": ["../../../../src/core/retrieval/types.ts"],
+  "sourcesContent": ["/**\n * Types for LLM-Driven Context Retrieval System\n * Implements intelligent context selection based on compressed summaries\n */\n\nimport { Frame, Anchor, Event } from '../context/index.js';\nimport { StackMemoryQuery } from '../query/query-parser.js';\n\n/**\n * Compressed summary of recent session activity\n */\nexport interface RecentSessionSummary {\n  /** Recent frames with their key attributes */\n  frames: FrameSummary[];\n  /** Dominant operations performed */\n  dominantOperations: OperationSummary[];\n  /** Files that were touched */\n  filesTouched: FileSummary[];\n  /** Errors encountered */\n  errorsEncountered: ErrorSummary[];\n  /** Time range covered */\n  timeRange: {\n    start: number;\n    end: number;\n    durationMs: number;\n  };\n}\n\nexport interface FrameSummary {\n  frameId: string;\n  name: string;\n  type: string;\n  depth: number;\n  eventCount: number;\n  anchorCount: number;\n  score: number;\n  createdAt: number;\n  closedAt?: number;\n  digestPreview?: string;\n}\n\nexport interface OperationSummary {\n  operation: string;\n  count: number;\n  lastOccurrence: number;\n  successRate: number;\n}\n\nexport interface FileSummary {\n  path: string;\n  operationCount: number;\n  lastModified: number;\n  operations: string[];\n}\n\nexport interface ErrorSummary {\n  errorType: string;\n  message: string;\n  count: number;\n  lastOccurrence: number;\n  resolved: boolean;\n}\n\n/**\n * Historical patterns extracted from memory\n */\nexport interface HistoricalPatterns {\n  /** Frame counts by topic */\n  topicFrameCounts: Record<string, number>;\n  /** Key decisions made */\n  keyDecisions: DecisionSummary[];\n  /** Recurring issues */\n  recurringIssues: IssueSummary[];\n  /** Common tool sequences */\n  commonToolSequences: ToolSequence[];\n  /** Time-based activity patterns */\n  activityPatterns: ActivityPattern[];\n}\n\nexport interface DecisionSummary {\n  id: string;\n  text: string;\n  frameId: string;\n  timestamp: number;\n  impact: 'low' | 'medium' | 'high';\n  relatedFiles?: string[];\n}\n\nexport interface IssueSummary {\n  issueType: string;\n  occurrenceCount: number;\n  lastSeen: number;\n  resolutionRate: number;\n  commonFixes?: string[];\n}\n\nexport interface ToolSequence {\n  pattern: string;\n  frequency: number;\n  avgDuration: number;\n  successRate: number;\n}\n\nexport interface ActivityPattern {\n  periodType: 'hourly' | 'daily' | 'weekly';\n  peakPeriods: string[];\n  avgEventsPerPeriod: number;\n}\n\n/**\n * Queryable indices for fast retrieval\n */\nexport interface QueryableIndices {\n  /** Index by error type */\n  byErrorType: Record<string, string[]>; // errorType -> frameIds\n  /** Index by timeframe */\n  byTimeframe: Record<string, string[]>; // timeKey -> frameIds\n  /** Index by contributor */\n  byContributor: Record<string, string[]>; // userId -> frameIds\n  /** Index by topic */\n  byTopic: Record<string, string[]>; // topic -> frameIds\n  /** Index by file */\n  byFile: Record<string, string[]>; // filePath -> frameIds\n}\n\n/**\n * Complete compressed summary for LLM analysis\n */\nexport interface CompressedSummary {\n  /** Project identifier */\n  projectId: string;\n  /** Generation timestamp */\n  generatedAt: number;\n  /** Recent session summary */\n  recentSession: RecentSessionSummary;\n  /** Historical patterns */\n  historicalPatterns: HistoricalPatterns;\n  /** Queryable indices */\n  queryableIndices: QueryableIndices;\n  /** Summary statistics */\n  stats: SummaryStats;\n}\n\nexport interface SummaryStats {\n  totalFrames: number;\n  totalEvents: number;\n  totalAnchors: number;\n  totalDecisions: number;\n  oldestFrame: number;\n  newestFrame: number;\n  avgFrameDepth: number;\n  avgEventsPerFrame: number;\n}\n\n/**\n * LLM analysis request\n */\nexport interface LLMAnalysisRequest {\n  /** Current user query */\n  currentQuery: string;\n  /** Parsed structured query */\n  parsedQuery?: StackMemoryQuery;\n  /** Compressed summary */\n  compressedSummary: CompressedSummary;\n  /** Token budget for context */\n  tokenBudget: number;\n  /** Optional hints for retrieval */\n  hints?: RetrievalHints;\n}\n\nexport interface RetrievalHints {\n  /** Prefer recent frames */\n  preferRecent?: boolean;\n  /** Focus on specific topics */\n  focusTopics?: string[];\n  /** Include error context */\n  includeErrors?: boolean;\n  /** Include decision history */\n  includeDecisions?: boolean;\n  /** Minimum relevance score */\n  minRelevance?: number;\n}\n\n/**\n * LLM analysis response\n */\nexport interface LLMAnalysisResponse {\n  /** Reasoning for the retrieval decision (auditable) */\n  reasoning: string;\n  /** Frames to retrieve with priority order */\n  framesToRetrieve: FrameRetrievalPlan[];\n  /** Confidence score (0.0 - 1.0) */\n  confidenceScore: number;\n  /** Additional context recommendations */\n  recommendations: ContextRecommendation[];\n  /** Analysis metadata */\n  metadata: AnalysisMetadata;\n}\n\nexport interface FrameRetrievalPlan {\n  frameId: string;\n  priority: number; // 1-10, higher = more important\n  reason: string;\n  includeEvents: boolean;\n  includeAnchors: boolean;\n  includeDigest: boolean;\n  estimatedTokens: number;\n}\n\nexport interface ContextRecommendation {\n  type: 'include' | 'exclude' | 'summarize';\n  target: string; // frameId, anchorId, or description\n  reason: string;\n  impact: 'low' | 'medium' | 'high';\n}\n\nexport interface AnalysisMetadata {\n  analysisTimeMs: number;\n  summaryTokens: number;\n  queryComplexity: 'simple' | 'moderate' | 'complex';\n  matchedPatterns: string[];\n  fallbackUsed: boolean;\n}\n\n/**\n * Retrieved context result\n */\nexport interface RetrievedContext {\n  /** Assembled context string */\n  context: string;\n  /** Frames included */\n  frames: Frame[];\n  /** Anchors included */\n  anchors: Anchor[];\n  /** Events included */\n  events: Event[];\n  /** LLM analysis that drove retrieval */\n  analysis: LLMAnalysisResponse;\n  /** Token usage */\n  tokenUsage: {\n    budget: number;\n    used: number;\n    remaining: number;\n  };\n  /** Retrieval metadata */\n  metadata: RetrievalMetadata;\n}\n\nexport interface RetrievalMetadata {\n  retrievalTimeMs: number;\n  cacheHit: boolean;\n  framesScanned: number;\n  framesIncluded: number;\n  compressionRatio: number;\n}\n\n/**\n * Configuration for the retrieval system\n */\nexport interface RetrievalConfig {\n  /** Maximum frames to include in summary */\n  maxSummaryFrames: number;\n  /** Default token budget */\n  defaultTokenBudget: number;\n  /** Cache TTL in seconds */\n  cacheTtlSeconds: number;\n  /** Minimum confidence to use LLM suggestions */\n  minConfidenceThreshold: number;\n  /** Enable fallback to heuristic retrieval */\n  enableFallback: boolean;\n  /** LLM provider configuration */\n  llmConfig: {\n    provider: 'anthropic' | 'openai' | 'local';\n    model: string;\n    maxTokens: number;\n    temperature: number;\n  };\n}\n\nexport const DEFAULT_RETRIEVAL_CONFIG: RetrievalConfig = {\n  maxSummaryFrames: 15,\n  defaultTokenBudget: 8000,\n  cacheTtlSeconds: 300,\n  minConfidenceThreshold: 0.6,\n  enableFallback: true,\n  llmConfig: {\n    provider: 'anthropic',\n    model: 'claude-3-haiku-20240307',\n    maxTokens: 1024,\n    temperature: 0.3,\n  },\n};\n"],
+  "mappings": ";;;;AAuRO,MAAM,2BAA4C;AAAA,EACvD,kBAAkB;AAAA,EAClB,oBAAoB;AAAA,EACpB,iBAAiB;AAAA,EACjB,wBAAwB;AAAA,EACxB,gBAAgB;AAAA,EAChB,WAAW;AAAA,IACT,UAAU;AAAA,IACV,OAAO;AAAA,IACP,WAAW;AAAA,IACX,aAAa;AAAA,EACf;AACF;",
+  "names": []
+}

package/dist/src/core/security/index.js

@@ -0,0 +1,35 @@
+import { fileURLToPath as __fileURLToPath } from 'url';
+import { dirname as __pathDirname } from 'path';
+const __filename = __fileURLToPath(import.meta.url);
+const __dirname = __pathDirname(__filename);
+import {
+  SENSITIVE_PATTERNS,
+  redactSensitiveData,
+  containsSensitiveData,
+  sanitizeForLogging,
+  sanitizeForSqlLike,
+  sanitizeIdentifier,
+  validateTableName,
+  sanitizeFilePath,
+  InputSchemas,
+  validateInput,
+  createAggregateSchema,
+  validateShellArg,
+  safeJsonParse
+} from "./input-sanitizer.js";
+export {
+  InputSchemas,
+  SENSITIVE_PATTERNS,
+  containsSensitiveData,
+  createAggregateSchema,
+  redactSensitiveData,
+  safeJsonParse,
+  sanitizeFilePath,
+  sanitizeForLogging,
+  sanitizeForSqlLike,
+  sanitizeIdentifier,
+  validateInput,
+  validateShellArg,
+  validateTableName
+};
+//# sourceMappingURL=index.js.map

package/dist/src/core/security/index.js.map

@@ -0,0 +1,7 @@
+{
+  "version": 3,
+  "sources": ["../../../../src/core/security/index.ts"],
+  "sourcesContent": ["/**\n * Security module exports\n * Provides centralized security utilities for the application\n */\n\nexport {\n  // Sensitive data handling\n  SENSITIVE_PATTERNS,\n  redactSensitiveData,\n  containsSensitiveData,\n  sanitizeForLogging,\n\n  // SQL safety\n  sanitizeForSqlLike,\n  sanitizeIdentifier,\n  validateTableName,\n\n  // File path safety\n  sanitizeFilePath,\n\n  // Input validation\n  InputSchemas,\n  validateInput,\n  createAggregateSchema,\n\n  // Shell command safety\n  validateShellArg,\n\n  // JSON safety\n  safeJsonParse,\n} from './input-sanitizer.js';\n"],
+  "mappings": ";;;;AAKA;AAAA,EAEE;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EAGA;AAAA,EACA;AAAA,EACA;AAAA,EAGA;AAAA,EAGA;AAAA,EACA;AAAA,EACA;AAAA,EAGA;AAAA,EAGA;AAAA,OACK;",
+  "names": []
+}

package/dist/src/core/security/input-sanitizer.js

@@ -0,0 +1,321 @@
+import { fileURLToPath as __fileURLToPath } from 'url';
+import { dirname as __pathDirname } from 'path';
+const __filename = __fileURLToPath(import.meta.url);
+const __dirname = __pathDirname(__filename);
+import { z } from "zod";
+import { resolve as pathResolve, relative as pathRelative } from "path";
+import { ValidationError, ErrorCode } from "../errors/index.js";
+const SENSITIVE_PATTERNS = [
+  /\b(api[_-]?key|apikey)\s*[:=]\s*['"]?[\w-]+['"]?/gi,
+  /\b(secret|password|token|credential|auth)\s*[:=]\s*['"]?[\w-]+['"]?/gi,
+  /\b(lin_api_[\w]+)/gi,
+  // Linear API keys
+  /\b(lin_oauth_[\w]+)/gi,
+  // Linear OAuth tokens
+  /\b(sk-[\w]+)/gi,
+  // OpenAI-style API keys
+  /\b(npm_[\w]+)/gi,
+  // NPM tokens
+  /\b(ghp_[\w]+)/gi,
+  // GitHub personal access tokens
+  /\b(ghs_[\w]+)/gi,
+  // GitHub secret tokens
+  /Bearer\s+[\w.-]+/gi,
+  /Basic\s+[\w=]+/gi,
+  /postgres(ql)?:\/\/[^@\s]+:[^@\s]+@/gi
+  // Database URLs with credentials
+];
+function redactSensitiveData(input) {
+  let result = input;
+  for (const pattern of SENSITIVE_PATTERNS) {
+    pattern.lastIndex = 0;
+    result = result.replace(pattern, "[REDACTED]");
+  }
+  return result;
+}
+function containsSensitiveData(input) {
+  return SENSITIVE_PATTERNS.some((pattern) => {
+    pattern.lastIndex = 0;
+    return pattern.test(input);
+  });
+}
+function sanitizeForSqlLike(input) {
+  if (!input) return "";
+  return input.replace(/\\/g, "\\\\").replace(/%/g, "\\%").replace(/_/g, "\\_").replace(/'/g, "''");
+}
+function sanitizeIdentifier(input) {
+  if (!input) {
+    throw new ValidationError(
+      "Identifier cannot be empty",
+      ErrorCode.VALIDATION_FAILED
+    );
+  }
+  const sanitized = input.replace(/[^a-zA-Z0-9_]/g, "");
+  if (sanitized !== input) {
+    throw new ValidationError(
+      `Invalid identifier: ${input}. Only alphanumeric characters and underscores are allowed.`,
+      ErrorCode.VALIDATION_FAILED,
+      { input, sanitized }
+    );
+  }
+  const sqlKeywords = [
+    "DROP",
+    "DELETE",
+    "INSERT",
+    "UPDATE",
+    "SELECT",
+    "UNION",
+    "ALTER",
+    "CREATE",
+    "TRUNCATE",
+    "EXEC",
+    "EXECUTE"
+  ];
+  if (sqlKeywords.includes(sanitized.toUpperCase())) {
+    throw new ValidationError(
+      `Invalid identifier: ${input}. SQL keywords are not allowed.`,
+      ErrorCode.VALIDATION_FAILED,
+      { input }
+    );
+  }
+  return sanitized;
+}
+const ALLOWED_TABLES = [
+  "frames",
+  "events",
+  "anchors",
+  "contexts",
+  "task_cache",
+  "schema_version",
+  "attention_log",
+  "traces"
+];
+function validateTableName(tableName) {
+  const sanitized = sanitizeIdentifier(tableName);
+  if (!ALLOWED_TABLES.includes(sanitized)) {
+    throw new ValidationError(
+      `Invalid table name: ${tableName}. Allowed tables: ${ALLOWED_TABLES.join(", ")}`,
+      ErrorCode.VALIDATION_FAILED,
+      { tableName, allowed: ALLOWED_TABLES }
+    );
+  }
+  return sanitized;
+}
+function sanitizeFilePath(input, baseDir) {
+  if (!input) {
+    throw new ValidationError(
+      "File path cannot be empty",
+      ErrorCode.VALIDATION_FAILED
+    );
+  }
+  if (input.includes("\0")) {
+    throw new ValidationError(
+      "File path contains invalid characters",
+      ErrorCode.VALIDATION_FAILED,
+      { reason: "null_byte" }
+    );
+  }
+  if (input.includes("..")) {
+    throw new ValidationError(
+      "Path traversal not allowed",
+      ErrorCode.VALIDATION_FAILED,
+      { path: input }
+    );
+  }
+  if (baseDir) {
+    const resolvedPath = pathResolve(baseDir, input);
+    const relativePath = pathRelative(baseDir, resolvedPath);
+    if (relativePath.startsWith("..") || pathResolve(relativePath) === resolvedPath) {
+      if (relativePath.startsWith("..")) {
+        throw new ValidationError(
+          "Path escapes base directory",
+          ErrorCode.VALIDATION_FAILED,
+          { path: input, baseDir }
+        );
+      }
+    }
+    return resolvedPath;
+  }
+  return input;
+}
+const SENSITIVE_FIELD_NAMES = [
+  "password",
+  "token",
+  "apikey",
+  "api_key",
+  "secret",
+  "credential",
+  "authorization",
+  "auth",
+  "accesstoken",
+  "access_token",
+  "refreshtoken",
+  "refresh_token"
+];
+function isSensitiveFieldName(key) {
+  const lowerKey = key.toLowerCase();
+  return SENSITIVE_FIELD_NAMES.some((sf) => lowerKey.includes(sf));
+}
+function sanitizeForLogging(obj) {
+  if (obj === null || obj === void 0) {
+    return obj;
+  }
+  if (typeof obj === "string") {
+    return redactSensitiveData(obj);
+  }
+  if (Array.isArray(obj)) {
+    return obj.map(sanitizeForLogging);
+  }
+  if (typeof obj === "object") {
+    const sanitized = {};
+    for (const [key, value] of Object.entries(obj)) {
+      if (isSensitiveFieldName(key)) {
+        sanitized[key] = "[REDACTED]";
+      } else {
+        sanitized[key] = sanitizeForLogging(value);
+      }
+    }
+    return sanitized;
+  }
+  return obj;
+}
+const InputSchemas = {
+  // Frame-related
+  frameId: z.string().uuid("Invalid frame ID format"),
+  frameName: z.string().min(1, "Frame name is required").max(500, "Frame name too long").refine(
+    (val) => !containsSensitiveData(val),
+    "Frame name may contain sensitive data"
+  ),
+  frameType: z.enum([
+    "task",
+    "subtask",
+    "tool_scope",
+    "review",
+    "write",
+    "debug"
+  ]),
+  // Query-related
+  searchQuery: z.string().min(1, "Search query is required").max(1e3, "Search query too long").transform((val) => sanitizeForSqlLike(val)),
+  limit: z.number().int().min(1).max(1e3).default(50),
+  offset: z.number().int().min(0).default(0),
+  // Task-related
+  taskTitle: z.string().min(1, "Task title is required").max(500, "Task title too long"),
+  taskDescription: z.string().max(1e4, "Description too long").optional(),
+  taskPriority: z.enum(["low", "medium", "high", "urgent", "critical"]),
+  taskStatus: z.enum([
+    "pending",
+    "in_progress",
+    "completed",
+    "blocked",
+    "cancelled"
+  ]),
+  // Anchor-related
+  anchorType: z.enum([
+    "FACT",
+    "DECISION",
+    "CONSTRAINT",
+    "INTERFACE_CONTRACT",
+    "TODO",
+    "RISK"
+  ]),
+  anchorText: z.string().min(1, "Anchor text is required").max(1e4, "Anchor text too long"),
+  priority: z.number().int().min(0).max(10).default(5),
+  // File path
+  filePath: z.string().min(1, "File path is required").max(4096, "File path too long").refine((val) => !val.includes("\0"), "Invalid characters in path").refine((val) => !val.includes(".."), "Path traversal not allowed"),
+  // Project ID
+  projectId: z.string().min(1, "Project ID is required").max(100, "Project ID too long").regex(
+    /^[a-zA-Z0-9_-]+$/,
+    "Project ID can only contain letters, numbers, hyphens, and underscores"
+  ),
+  // Session ID
+  sessionId: z.string().uuid("Invalid session ID format").optional(),
+  // Date/time
+  timestamp: z.number().int().positive(),
+  dateString: z.string().datetime(),
+  // Generic content (with sensitive data check)
+  safeContent: z.string().max(1e5, "Content too large").refine(
+    (val) => !containsSensitiveData(val),
+    "Content may contain sensitive data that should not be stored"
+  ),
+  // Email
+  email: z.string().email("Invalid email format").max(254, "Email too long").transform((val) => val.toLowerCase()),
+  // URL
+  url: z.string().url("Invalid URL format").max(2048, "URL too long")
+};
+function validateInput(schema, input, context) {
+  const result = schema.safeParse(input);
+  if (!result.success) {
+    const errors = result.error.errors.map((e) => ({
+      path: e.path.join("."),
+      message: e.message
+    }));
+    throw new ValidationError(
+      `Invalid input for ${context}: ${errors.map((e) => e.message).join(", ")}`,
+      ErrorCode.VALIDATION_FAILED,
+      { context, errors }
+    );
+  }
+  return result.data;
+}
+function createAggregateSchema(allowedFields) {
+  return z.object({
+    groupBy: z.array(z.string()).refine(
+      (fields) => fields.every((f) => allowedFields.includes(f)),
+      `Group by fields must be one of: ${allowedFields.join(", ")}`
+    ),
+    metrics: z.array(
+      z.object({
+        operation: z.enum(["COUNT", "SUM", "AVG", "MIN", "MAX"]),
+        field: z.string().refine(
+          (f) => f === "*" || allowedFields.includes(f),
+          `Field must be one of: ${allowedFields.join(", ")}`
+        ),
+        alias: z.string().regex(/^[a-zA-Z_][a-zA-Z0-9_]*$/).optional()
+      })
+    ),
+    orderBy: z.string().refine(
+      (f) => allowedFields.includes(f),
+      `Order by must be one of: ${allowedFields.join(", ")}`
+    ).optional(),
+    limit: z.number().int().min(1).max(1e3).optional()
+  });
+}
+function validateShellArg(arg) {
+  if (!arg) return "";
+  const dangerousChars = /[;&|`$(){}[\]<>!#*?~\n\r]/;
+  if (dangerousChars.test(arg)) {
+    throw new ValidationError(
+      "Argument contains potentially dangerous shell characters",
+      ErrorCode.VALIDATION_FAILED,
+      { arg: arg.substring(0, 50) }
+    );
+  }
+  return arg;
+}
+function safeJsonParse(input, schema) {
+  try {
+    const parsed = JSON.parse(input);
+    if (schema) {
+      return validateInput(schema, parsed, "JSON parse");
+    }
+    return parsed;
+  } catch {
+    return null;
+  }
+}
+export {
+  InputSchemas,
+  SENSITIVE_PATTERNS,
+  containsSensitiveData,
+  createAggregateSchema,
+  redactSensitiveData,
+  safeJsonParse,
+  sanitizeFilePath,
+  sanitizeForLogging,
+  sanitizeForSqlLike,
+  sanitizeIdentifier,
+  validateInput,
+  validateShellArg,
+  validateTableName
+};
+//# sourceMappingURL=input-sanitizer.js.map

package/dist/src/core/security/input-sanitizer.js.map

@@ -0,0 +1,7 @@
+{
+  "version": 3,
+  "sources": ["../../../../src/core/security/input-sanitizer.ts"],
+  "sourcesContent": ["/**\n * Input Sanitizer - Centralized input validation and sanitization\n * Provides security utilities to prevent injection attacks and ensure data integrity\n */\n\nimport { z } from 'zod';\nimport { resolve as pathResolve, relative as pathRelative } from 'path';\nimport { ValidationError, ErrorCode } from '../errors/index.js';\n\n/**\n * Sensitive data patterns that should never be logged\n */\nexport const SENSITIVE_PATTERNS = [\n  /\\b(api[_-]?key|apikey)\\s*[:=]\\s*['\"]?[\\w-]+['\"]?/gi,\n  /\\b(secret|password|token|credential|auth)\\s*[:=]\\s*['\"]?[\\w-]+['\"]?/gi,\n  /\\b(lin_api_[\\w]+)/gi, // Linear API keys\n  /\\b(lin_oauth_[\\w]+)/gi, // Linear OAuth tokens\n  /\\b(sk-[\\w]+)/gi, // OpenAI-style API keys\n  /\\b(npm_[\\w]+)/gi, // NPM tokens\n  /\\b(ghp_[\\w]+)/gi, // GitHub personal access tokens\n  /\\b(ghs_[\\w]+)/gi, // GitHub secret tokens\n  /Bearer\\s+[\\w.-]+/gi,\n  /Basic\\s+[\\w=]+/gi,\n  /postgres(ql)?:\\/\\/[^@\\s]+:[^@\\s]+@/gi, // Database URLs with credentials\n];\n\n/**\n * Redact sensitive information from a string\n */\nexport function redactSensitiveData(input: string): string {\n  let result = input;\n  for (const pattern of SENSITIVE_PATTERNS) {\n    pattern.lastIndex = 0;\n    result = result.replace(pattern, '[REDACTED]');\n  }\n  return result;\n}\n\n/**\n * Check if a string contains potentially sensitive data\n */\nexport function containsSensitiveData(input: string): boolean {\n  return SENSITIVE_PATTERNS.some((pattern) => {\n    pattern.lastIndex = 0; // Reset regex state\n    return pattern.test(input);\n  });\n}\n\n/**\n * Sanitize a string for safe SQL LIKE queries\n * Escapes special characters that could be used for SQL injection\n */\nexport function sanitizeForSqlLike(input: string): string {\n  if (!input) return '';\n  // Escape SQL LIKE special characters\n  return input\n    .replace(/\\\\/g, '\\\\\\\\')\n    .replace(/%/g, '\\\\%')\n    .replace(/_/g, '\\\\_')\n    .replace(/'/g, \"''\");\n}\n\n/**\n * Validate and sanitize table/column names to prevent SQL injection\n * Only allows alphanumeric characters and underscores\n */\nexport function sanitizeIdentifier(input: string): string {\n  if (!input) {\n    throw new ValidationError(\n      'Identifier cannot be empty',\n      ErrorCode.VALIDATION_FAILED\n    );\n  }\n  // Only allow alphanumeric and underscores\n  const sanitized = input.replace(/[^a-zA-Z0-9_]/g, '');\n  if (sanitized !== input) {\n    throw new ValidationError(\n      `Invalid identifier: ${input}. Only alphanumeric characters and underscores are allowed.`,\n      ErrorCode.VALIDATION_FAILED,\n      { input, sanitized }\n    );\n  }\n  // Prevent SQL keywords\n  const sqlKeywords = [\n    'DROP',\n    'DELETE',\n    'INSERT',\n    'UPDATE',\n    'SELECT',\n    'UNION',\n    'ALTER',\n    'CREATE',\n    'TRUNCATE',\n    'EXEC',\n    'EXECUTE',\n  ];\n  if (sqlKeywords.includes(sanitized.toUpperCase())) {\n    throw new ValidationError(\n      `Invalid identifier: ${input}. SQL keywords are not allowed.`,\n      ErrorCode.VALIDATION_FAILED,\n      { input }\n    );\n  }\n  return sanitized;\n}\n\n/**\n * Validate allowed table names\n */\nconst ALLOWED_TABLES = [\n  'frames',\n  'events',\n  'anchors',\n  'contexts',\n  'task_cache',\n  'schema_version',\n  'attention_log',\n  'traces',\n];\n\nexport function validateTableName(tableName: string): string {\n  const sanitized = sanitizeIdentifier(tableName);\n  if (!ALLOWED_TABLES.includes(sanitized)) {\n    throw new ValidationError(\n      `Invalid table name: ${tableName}. Allowed tables: ${ALLOWED_TABLES.join(', ')}`,\n      ErrorCode.VALIDATION_FAILED,\n      { tableName, allowed: ALLOWED_TABLES }\n    );\n  }\n  return sanitized;\n}\n\n/**\n * Validate and sanitize file paths\n * Prevents path traversal attacks\n */\nexport function sanitizeFilePath(input: string, baseDir?: string): string {\n  if (!input) {\n    throw new ValidationError(\n      'File path cannot be empty',\n      ErrorCode.VALIDATION_FAILED\n    );\n  }\n\n  // Check for null bytes\n  if (input.includes('\\0')) {\n    throw new ValidationError(\n      'File path contains invalid characters',\n      ErrorCode.VALIDATION_FAILED,\n      { reason: 'null_byte' }\n    );\n  }\n\n  // Check for path traversal\n  if (input.includes('..')) {\n    throw new ValidationError(\n      'Path traversal not allowed',\n      ErrorCode.VALIDATION_FAILED,\n      { path: input }\n    );\n  }\n\n  // If baseDir provided, ensure path stays within it\n  if (baseDir) {\n    const resolvedPath = pathResolve(baseDir, input);\n    const relativePath = pathRelative(baseDir, resolvedPath);\n    if (\n      relativePath.startsWith('..') ||\n      pathResolve(relativePath) === resolvedPath\n    ) {\n      // Path escapes baseDir\n      if (relativePath.startsWith('..')) {\n        throw new ValidationError(\n          'Path escapes base directory',\n          ErrorCode.VALIDATION_FAILED,\n          { path: input, baseDir }\n        );\n      }\n    }\n    return resolvedPath;\n  }\n\n  return input;\n}\n\n/**\n * Sensitive field names that should be redacted in logs\n */\nconst SENSITIVE_FIELD_NAMES = [\n  'password',\n  'token',\n  'apikey',\n  'api_key',\n  'secret',\n  'credential',\n  'authorization',\n  'auth',\n  'accesstoken',\n  'access_token',\n  'refreshtoken',\n  'refresh_token',\n];\n\n/**\n * Check if a field name is sensitive\n */\nfunction isSensitiveFieldName(key: string): boolean {\n  const lowerKey = key.toLowerCase();\n  return SENSITIVE_FIELD_NAMES.some((sf) => lowerKey.includes(sf));\n}\n\n/**\n * Sanitize an object for logging (redact sensitive fields)\n */\nexport function sanitizeForLogging(obj: unknown): unknown {\n  if (obj === null || obj === undefined) {\n    return obj;\n  }\n\n  if (typeof obj === 'string') {\n    return redactSensitiveData(obj);\n  }\n\n  if (Array.isArray(obj)) {\n    return obj.map(sanitizeForLogging);\n  }\n\n  if (typeof obj === 'object') {\n    const sanitized: Record<string, unknown> = {};\n    for (const [key, value] of Object.entries(obj)) {\n      // Check if this key is sensitive\n      if (isSensitiveFieldName(key)) {\n        sanitized[key] = '[REDACTED]';\n      } else {\n        // Recursively sanitize nested objects\n        sanitized[key] = sanitizeForLogging(value);\n      }\n    }\n    return sanitized;\n  }\n\n  return obj;\n}\n\n/**\n * Zod schemas for common input validation\n */\nexport const InputSchemas = {\n  // Frame-related\n  frameId: z.string().uuid('Invalid frame ID format'),\n  frameName: z\n    .string()\n    .min(1, 'Frame name is required')\n    .max(500, 'Frame name too long')\n    .refine(\n      (val) => !containsSensitiveData(val),\n      'Frame name may contain sensitive data'\n    ),\n  frameType: z.enum([\n    'task',\n    'subtask',\n    'tool_scope',\n    'review',\n    'write',\n    'debug',\n  ]),\n\n  // Query-related\n  searchQuery: z\n    .string()\n    .min(1, 'Search query is required')\n    .max(1000, 'Search query too long')\n    .transform((val) => sanitizeForSqlLike(val)),\n\n  limit: z.number().int().min(1).max(1000).default(50),\n  offset: z.number().int().min(0).default(0),\n\n  // Task-related\n  taskTitle: z\n    .string()\n    .min(1, 'Task title is required')\n    .max(500, 'Task title too long'),\n  taskDescription: z.string().max(10000, 'Description too long').optional(),\n  taskPriority: z.enum(['low', 'medium', 'high', 'urgent', 'critical']),\n  taskStatus: z.enum([\n    'pending',\n    'in_progress',\n    'completed',\n    'blocked',\n    'cancelled',\n  ]),\n\n  // Anchor-related\n  anchorType: z.enum([\n    'FACT',\n    'DECISION',\n    'CONSTRAINT',\n    'INTERFACE_CONTRACT',\n    'TODO',\n    'RISK',\n  ]),\n  anchorText: z\n    .string()\n    .min(1, 'Anchor text is required')\n    .max(10000, 'Anchor text too long'),\n  priority: z.number().int().min(0).max(10).default(5),\n\n  // File path\n  filePath: z\n    .string()\n    .min(1, 'File path is required')\n    .max(4096, 'File path too long')\n    .refine((val) => !val.includes('\\0'), 'Invalid characters in path')\n    .refine((val) => !val.includes('..'), 'Path traversal not allowed'),\n\n  // Project ID\n  projectId: z\n    .string()\n    .min(1, 'Project ID is required')\n    .max(100, 'Project ID too long')\n    .regex(\n      /^[a-zA-Z0-9_-]+$/,\n      'Project ID can only contain letters, numbers, hyphens, and underscores'\n    ),\n\n  // Session ID\n  sessionId: z.string().uuid('Invalid session ID format').optional(),\n\n  // Date/time\n  timestamp: z.number().int().positive(),\n  dateString: z.string().datetime(),\n\n  // Generic content (with sensitive data check)\n  safeContent: z\n    .string()\n    .max(100000, 'Content too large')\n    .refine(\n      (val) => !containsSensitiveData(val),\n      'Content may contain sensitive data that should not be stored'\n    ),\n\n  // Email\n  email: z\n    .string()\n    .email('Invalid email format')\n    .max(254, 'Email too long')\n    .transform((val) => val.toLowerCase()),\n\n  // URL\n  url: z.string().url('Invalid URL format').max(2048, 'URL too long'),\n};\n\n/**\n * Validate input using a Zod schema with detailed error messages\n */\nexport function validateInput<T>(\n  schema: z.ZodSchema<T>,\n  input: unknown,\n  context: string\n): T {\n  const result = schema.safeParse(input);\n\n  if (!result.success) {\n    const errors = result.error.errors.map((e) => ({\n      path: e.path.join('.'),\n      message: e.message,\n    }));\n\n    throw new ValidationError(\n      `Invalid input for ${context}: ${errors.map((e) => e.message).join(', ')}`,\n      ErrorCode.VALIDATION_FAILED,\n      { context, errors }\n    );\n  }\n\n  return result.data;\n}\n\n/**\n * Create a schema for validating aggregate query options\n * Prevents SQL injection through dynamic field names\n */\nexport function createAggregateSchema(allowedFields: string[]) {\n  return z.object({\n    groupBy: z\n      .array(z.string())\n      .refine(\n        (fields) => fields.every((f) => allowedFields.includes(f)),\n        `Group by fields must be one of: ${allowedFields.join(', ')}`\n      ),\n    metrics: z.array(\n      z.object({\n        operation: z.enum(['COUNT', 'SUM', 'AVG', 'MIN', 'MAX']),\n        field: z\n          .string()\n          .refine(\n            (f) => f === '*' || allowedFields.includes(f),\n            `Field must be one of: ${allowedFields.join(', ')}`\n          ),\n        alias: z\n          .string()\n          .regex(/^[a-zA-Z_][a-zA-Z0-9_]*$/)\n          .optional(),\n      })\n    ),\n    orderBy: z\n      .string()\n      .refine(\n        (f) => allowedFields.includes(f),\n        `Order by must be one of: ${allowedFields.join(', ')}`\n      )\n      .optional(),\n    limit: z.number().int().min(1).max(1000).optional(),\n  });\n}\n\n/**\n * Validate command line arguments for shell safety\n * Prevents command injection\n */\nexport function validateShellArg(arg: string): string {\n  if (!arg) return '';\n\n  // Check for shell metacharacters\n  const dangerousChars = /[;&|`$(){}[\\]<>!#*?~\\n\\r]/;\n  if (dangerousChars.test(arg)) {\n    throw new ValidationError(\n      'Argument contains potentially dangerous shell characters',\n      ErrorCode.VALIDATION_FAILED,\n      { arg: arg.substring(0, 50) }\n    );\n  }\n\n  return arg;\n}\n\n/**\n * Safe JSON parse with validation\n */\nexport function safeJsonParse<T>(\n  input: string,\n  schema?: z.ZodSchema<T>\n): T | null {\n  try {\n    const parsed = JSON.parse(input);\n    if (schema) {\n      return validateInput(schema, parsed, 'JSON parse');\n    }\n    return parsed as T;\n  } catch {\n    return null;\n  }\n}\n"],
+  "mappings": ";;;;AAKA,SAAS,SAAS;AAClB,SAAS,WAAW,aAAa,YAAY,oBAAoB;AACjE,SAAS,iBAAiB,iBAAiB;AAKpC,MAAM,qBAAqB;AAAA,EAChC;AAAA,EACA;AAAA,EACA;AAAA;AAAA,EACA;AAAA;AAAA,EACA;AAAA;AAAA,EACA;AAAA;AAAA,EACA;AAAA;AAAA,EACA;AAAA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA;AACF;AAKO,SAAS,oBAAoB,OAAuB;AACzD,MAAI,SAAS;AACb,aAAW,WAAW,oBAAoB;AACxC,YAAQ,YAAY;AACpB,aAAS,OAAO,QAAQ,SAAS,YAAY;AAAA,EAC/C;AACA,SAAO;AACT;AAKO,SAAS,sBAAsB,OAAwB;AAC5D,SAAO,mBAAmB,KAAK,CAAC,YAAY;AAC1C,YAAQ,YAAY;AACpB,WAAO,QAAQ,KAAK,KAAK;AAAA,EAC3B,CAAC;AACH;AAMO,SAAS,mBAAmB,OAAuB;AACxD,MAAI,CAAC,MAAO,QAAO;AAEnB,SAAO,MACJ,QAAQ,OAAO,MAAM,EACrB,QAAQ,MAAM,KAAK,EACnB,QAAQ,MAAM,KAAK,EACnB,QAAQ,MAAM,IAAI;AACvB;AAMO,SAAS,mBAAmB,OAAuB;AACxD,MAAI,CAAC,OAAO;AACV,UAAM,IAAI;AAAA,MACR;AAAA,MACA,UAAU;AAAA,IACZ;AAAA,EACF;AAEA,QAAM,YAAY,MAAM,QAAQ,kBAAkB,EAAE;AACpD,MAAI,cAAc,OAAO;AACvB,UAAM,IAAI;AAAA,MACR,uBAAuB,KAAK;AAAA,MAC5B,UAAU;AAAA,MACV,EAAE,OAAO,UAAU;AAAA,IACrB;AAAA,EACF;AAEA,QAAM,cAAc;AAAA,IAClB;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACF;AACA,MAAI,YAAY,SAAS,UAAU,YAAY,CAAC,GAAG;AACjD,UAAM,IAAI;AAAA,MACR,uBAAuB,KAAK;AAAA,MAC5B,UAAU;AAAA,MACV,EAAE,MAAM;AAAA,IACV;AAAA,EACF;AACA,SAAO;AACT;AAKA,MAAM,iBAAiB;AAAA,EACrB;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACF;AAEO,SAAS,kBAAkB,WAA2B;AAC3D,QAAM,YAAY,mBAAmB,SAAS;AAC9C,MAAI,CAAC,eAAe,SAAS,SAAS,GAAG;AACvC,UAAM,IAAI;AAAA,MACR,uBAAuB,SAAS,qBAAqB,eAAe,KAAK,IAAI,CAAC;AAAA,MAC9E,UAAU;AAAA,MACV,EAAE,WAAW,SAAS,eAAe;AAAA,IACvC;AAAA,EACF;AACA,SAAO;AACT;AAMO,SAAS,iBAAiB,OAAe,SAA0B;AACxE,MAAI,CAAC,OAAO;AACV,UAAM,IAAI;AAAA,MACR;AAAA,MACA,UAAU;AAAA,IACZ;AAAA,EACF;AAGA,MAAI,MAAM,SAAS,IAAI,GAAG;AACxB,UAAM,IAAI;AAAA,MACR;AAAA,MACA,UAAU;AAAA,MACV,EAAE,QAAQ,YAAY;AAAA,IACxB;AAAA,EACF;AAGA,MAAI,MAAM,SAAS,IAAI,GAAG;AACxB,UAAM,IAAI;AAAA,MACR;AAAA,MACA,UAAU;AAAA,MACV,EAAE,MAAM,MAAM;AAAA,IAChB;AAAA,EACF;AAGA,MAAI,SAAS;AACX,UAAM,eAAe,YAAY,SAAS,KAAK;AAC/C,UAAM,eAAe,aAAa,SAAS,YAAY;AACvD,QACE,aAAa,WAAW,IAAI,KAC5B,YAAY,YAAY,MAAM,cAC9B;AAEA,UAAI,aAAa,WAAW,IAAI,GAAG;AACjC,cAAM,IAAI;AAAA,UACR;AAAA,UACA,UAAU;AAAA,UACV,EAAE,MAAM,OAAO,QAAQ;AAAA,QACzB;AAAA,MACF;AAAA,IACF;AACA,WAAO;AAAA,EACT;AAEA,SAAO;AACT;AAKA,MAAM,wBAAwB;AAAA,EAC5B;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACF;AAKA,SAAS,qBAAqB,KAAsB;AAClD,QAAM,WAAW,IAAI,YAAY;AACjC,SAAO,sBAAsB,KAAK,CAAC,OAAO,SAAS,SAAS,EAAE,CAAC;AACjE;AAKO,SAAS,mBAAmB,KAAuB;AACxD,MAAI,QAAQ,QAAQ,QAAQ,QAAW;AACrC,WAAO;AAAA,EACT;AAEA,MAAI,OAAO,QAAQ,UAAU;AAC3B,WAAO,oBAAoB,GAAG;AAAA,EAChC;AAEA,MAAI,MAAM,QAAQ,GAAG,GAAG;AACtB,WAAO,IAAI,IAAI,kBAAkB;AAAA,EACnC;AAEA,MAAI,OAAO,QAAQ,UAAU;AAC3B,UAAM,YAAqC,CAAC;AAC5C,eAAW,CAAC,KAAK,KAAK,KAAK,OAAO,QAAQ,GAAG,GAAG;AAE9C,UAAI,qBAAqB,GAAG,GAAG;AAC7B,kBAAU,GAAG,IAAI;AAAA,MACnB,OAAO;AAEL,kBAAU,GAAG,IAAI,mBAAmB,KAAK;AAAA,MAC3C;AAAA,IACF;AACA,WAAO;AAAA,EACT;AAEA,SAAO;AACT;AAKO,MAAM,eAAe;AAAA;AAAA,EAE1B,SAAS,EAAE,OAAO,EAAE,KAAK,yBAAyB;AAAA,EAClD,WAAW,EACR,OAAO,EACP,IAAI,GAAG,wBAAwB,EAC/B,IAAI,KAAK,qBAAqB,EAC9B;AAAA,IACC,CAAC,QAAQ,CAAC,sBAAsB,GAAG;AAAA,IACnC;AAAA,EACF;AAAA,EACF,WAAW,EAAE,KAAK;AAAA,IAChB;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACF,CAAC;AAAA;AAAA,EAGD,aAAa,EACV,OAAO,EACP,IAAI,GAAG,0BAA0B,EACjC,IAAI,KAAM,uBAAuB,EACjC,UAAU,CAAC,QAAQ,mBAAmB,GAAG,CAAC;AAAA,EAE7C,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,IAAI,CAAC,EAAE,IAAI,GAAI,EAAE,QAAQ,EAAE;AAAA,EACnD,QAAQ,EAAE,OAAO,EAAE,IAAI,EAAE,IAAI,CAAC,EAAE,QAAQ,CAAC;AAAA;AAAA,EAGzC,WAAW,EACR,OAAO,EACP,IAAI,GAAG,wBAAwB,EAC/B,IAAI,KAAK,qBAAqB;AAAA,EACjC,iBAAiB,EAAE,OAAO,EAAE,IAAI,KAAO,sBAAsB,EAAE,SAAS;AAAA,EACxE,cAAc,EAAE,KAAK,CAAC,OAAO,UAAU,QAAQ,UAAU,UAAU,CAAC;AAAA,EACpE,YAAY,EAAE,KAAK;AAAA,IACjB;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACF,CAAC;AAAA;AAAA,EAGD,YAAY,EAAE,KAAK;AAAA,IACjB;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACF,CAAC;AAAA,EACD,YAAY,EACT,OAAO,EACP,IAAI,GAAG,yBAAyB,EAChC,IAAI,KAAO,sBAAsB;AAAA,EACpC,UAAU,EAAE,OAAO,EAAE,IAAI,EAAE,IAAI,CAAC,EAAE,IAAI,EAAE,EAAE,QAAQ,CAAC;AAAA;AAAA,EAGnD,UAAU,EACP,OAAO,EACP,IAAI,GAAG,uBAAuB,EAC9B,IAAI,MAAM,oBAAoB,EAC9B,OAAO,CAAC,QAAQ,CAAC,IAAI,SAAS,IAAI,GAAG,4BAA4B,EACjE,OAAO,CAAC,QAAQ,CAAC,IAAI,SAAS,IAAI,GAAG,4BAA4B;AAAA;AAAA,EAGpE,WAAW,EACR,OAAO,EACP,IAAI,GAAG,wBAAwB,EAC/B,IAAI,KAAK,qBAAqB,EAC9B;AAAA,IACC;AAAA,IACA;AAAA,EACF;AAAA;AAAA,EAGF,WAAW,EAAE,OAAO,EAAE,KAAK,2BAA2B,EAAE,SAAS;AAAA;AAAA,EAGjE,WAAW,EAAE,OAAO,EAAE,IAAI,EAAE,SAAS;AAAA,EACrC,YAAY,EAAE,OAAO,EAAE,SAAS;AAAA;AAAA,EAGhC,aAAa,EACV,OAAO,EACP,IAAI,KAAQ,mBAAmB,EAC/B;AAAA,IACC,CAAC,QAAQ,CAAC,sBAAsB,GAAG;AAAA,IACnC;AAAA,EACF;AAAA;AAAA,EAGF,OAAO,EACJ,OAAO,EACP,MAAM,sBAAsB,EAC5B,IAAI,KAAK,gBAAgB,EACzB,UAAU,CAAC,QAAQ,IAAI,YAAY,CAAC;AAAA;AAAA,EAGvC,KAAK,EAAE,OAAO,EAAE,IAAI,oBAAoB,EAAE,IAAI,MAAM,cAAc;AACpE;AAKO,SAAS,cACd,QACA,OACA,SACG;AACH,QAAM,SAAS,OAAO,UAAU,KAAK;AAErC,MAAI,CAAC,OAAO,SAAS;AACnB,UAAM,SAAS,OAAO,MAAM,OAAO,IAAI,CAAC,OAAO;AAAA,MAC7C,MAAM,EAAE,KAAK,KAAK,GAAG;AAAA,MACrB,SAAS,EAAE;AAAA,IACb,EAAE;AAEF,UAAM,IAAI;AAAA,MACR,qBAAqB,OAAO,KAAK,OAAO,IAAI,CAAC,MAAM,EAAE,OAAO,EAAE,KAAK,IAAI,CAAC;AAAA,MACxE,UAAU;AAAA,MACV,EAAE,SAAS,OAAO;AAAA,IACpB;AAAA,EACF;AAEA,SAAO,OAAO;AAChB;AAMO,SAAS,sBAAsB,eAAyB;AAC7D,SAAO,EAAE,OAAO;AAAA,IACd,SAAS,EACN,MAAM,EAAE,OAAO,CAAC,EAChB;AAAA,MACC,CAAC,WAAW,OAAO,MAAM,CAAC,MAAM,cAAc,SAAS,CAAC,CAAC;AAAA,MACzD,mCAAmC,cAAc,KAAK,IAAI,CAAC;AAAA,IAC7D;AAAA,IACF,SAAS,EAAE;AAAA,MACT,EAAE,OAAO;AAAA,QACP,WAAW,EAAE,KAAK,CAAC,SAAS,OAAO,OAAO,OAAO,KAAK,CAAC;AAAA,QACvD,OAAO,EACJ,OAAO,EACP;AAAA,UACC,CAAC,MAAM,MAAM,OAAO,cAAc,SAAS,CAAC;AAAA,UAC5C,yBAAyB,cAAc,KAAK,IAAI,CAAC;AAAA,QACnD;AAAA,QACF,OAAO,EACJ,OAAO,EACP,MAAM,0BAA0B,EAChC,SAAS;AAAA,MACd,CAAC;AAAA,IACH;AAAA,IACA,SAAS,EACN,OAAO,EACP;AAAA,MACC,CAAC,MAAM,cAAc,SAAS,CAAC;AAAA,MAC/B,4BAA4B,cAAc,KAAK,IAAI,CAAC;AAAA,IACtD,EACC,SAAS;AAAA,IACZ,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,IAAI,CAAC,EAAE,IAAI,GAAI,EAAE,SAAS;AAAA,EACpD,CAAC;AACH;AAMO,SAAS,iBAAiB,KAAqB;AACpD,MAAI,CAAC,IAAK,QAAO;AAGjB,QAAM,iBAAiB;AACvB,MAAI,eAAe,KAAK,GAAG,GAAG;AAC5B,UAAM,IAAI;AAAA,MACR;AAAA,MACA,UAAU;AAAA,MACV,EAAE,KAAK,IAAI,UAAU,GAAG,EAAE,EAAE;AAAA,IAC9B;AAAA,EACF;AAEA,SAAO;AACT;AAKO,SAAS,cACd,OACA,QACU;AACV,MAAI;AACF,UAAM,SAAS,KAAK,MAAM,KAAK;AAC/B,QAAI,QAAQ;AACV,aAAO,cAAc,QAAQ,QAAQ,YAAY;AAAA,IACnD;AACA,WAAO;AAAA,EACT,QAAQ;AACN,WAAO;AAAA,EACT;AACF;",
+  "names": []
+}