@tracehound/core 1.2.0

package/dist/core/tracehound.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"tracehound.js","sourceRoot":"","sources":["../../src/core/tracehound.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,WAAW,EAAe,MAAM,YAAY,CAAA;AACrD,OAAO,EAAE,UAAU,EAAE,MAAM,kBAAkB,CAAA;AAC7C,OAAO,EAAE,eAAe,EAAyB,MAAM,uBAAuB,CAAA;AAC9E,OAAO,EAAE,eAAe,EAAyC,MAAM,iBAAiB,CAAA;AACxF,OAAO,EAAE,yBAAyB,EAA6B,MAAM,2BAA2B,CAAA;AAChG,OAAO,EAAE,UAAU,EAAE,MAAM,iBAAiB,CAAA;AAC5C,OAAO,EAAE,iBAAiB,EAAqB,MAAM,mBAAmB,CAAA;AACxE,OAAO,EAAE,aAAa,EAAiB,MAAM,cAAc,CAAA;AAoE3D,gFAAgF;AAChF,iBAAiB;AACjB,gFAAgF;AAEhF;;GAEG;AACH,MAAM,mBAAmB,GAAoB;IAC3C,QAAQ,EAAE,CAAC;IACX,OAAO,EAAE,MAAM;IACf,gBAAgB,EAAE,IAAI;IACtB,eAAe,EAAE,OAAO;IACxB,eAAe,EAAE,GAAG;CACrB,CAAA;AAED;;GAEG;AACH,MAAM,UAAU;IACL,KAAK,CAAQ;IACb,UAAU,CAAY;IACtB,WAAW,CAAc;IACzB,OAAO,CAAU;IACjB,UAAU,CAAY;IACtB,aAAa,CAAsB;IACnC,SAAS,CAAY;IAEb,eAAe,CAAkB;IAElD,YAAY,UAA6B,EAAE;QACzC,wBAAwB;QACxB,IAAI,CAAC,UAAU,GAAG,IAAI,UAAU,EAAE,CAAA;QAClC,IAAI,CAAC,aAAa,GAAG,yBAAyB,EAAE,CAAA;QAEhD,IAAI,CAAC,UAAU,GAAG,IAAI,UAAU,CAC9B;YACE,QAAQ,EAAE,OAAO,CAAC,UAAU,EAAE,QAAQ,IAAI,MAAM;YAChD,QAAQ,EAAE,OAAO,CAAC,UAAU,EAAE,QAAQ,IAAI,WAAW;YACrD,cAAc,EAAE,UAAU;SAC3B,EACD,IAAI,CAAC,UAAU,CAChB,CAAA;QAED,IAAI,CAAC,WAAW,GAAG,iBAAiB,CAAC;YACnC,QAAQ,EAAE,OAAO,CAAC,SAAS,EAAE,QAAQ,IAAI,MAAM;YAC/C,WAAW,EAAE,OAAO,CAAC,SAAS,EAAE,WAAW,IAAI,GAAG;YAClD,eAAe,EAAE,OAAO,CAAC,SAAS,EAAE,eAAe,IAAI,OAAO;SAC/D,CAAC,CAAA;QAEF,IAAI,CAAC,OAAO,GAAG,aAAa,CAAC;YAC3B,kBAAkB,EAAE,OAAO,CAAC,OAAO,EAAE,kBAAkB,IAAI,EAAE;YAC7D,aAAa,EAAE,OAAO,CAAC,OAAO,EAAE,aAAa,IAAI,MAAM;YACvD,uBAAuB,EAAE,OAAO,CAAC,OAAO,EAAE,uBAAuB,IAAI,GAAG;SACzE,CAAC,CAAA;QAEF,IAAI,CAAC,eAAe,GAAG,IAAI,eAAe,EAAE,CAAA;QAE5C,eAAe;QACf,IAAI,CAAC,KAAK,GAAG,WAAW,CACtB,EAAE,cAAc,EAAE,OAAO,CAAC,cAAc,IAAI,SAAS,EAAE,EACvD,IAAI,CAAC,UAAU,EACf,IAAI,CAAC,WAAW,EAChB,IAAI,CAAC,eAAe,CACrB,CAAA;QAED,mBAAmB;QACnB,MAAM,UAAU,GAAoB;YAClC,GAAG,mBAAmB;YACtB,GAAG,OAAO,CAAC,SAAS;SACrB,CAAA;QACD,IAAI,CAAC,SAAS,GAAG,eAAe,CAAC,UAAU,CAAC,CAAA;IAC9C,CAAC;CACF;AAED,gFAAgF;AAChF,UAAU;AACV,gFAAgF;AAEhF;;;;;;;;;;;;;;GAcG;AACH,MAAM,UAAU,gBAAgB,CAAC,UAA6B,EAAE;IAC9D,OAAO,IAAI,UAAU,CAAC,OAAO,CAAC,CAAA;AAChC,CAAC"}

package/dist/core/trust-boundary.d.ts

@@ -0,0 +1,85 @@
+/**
+ * Trust Boundary Configuration
+ *
+ * Developer-defined trust levels for external integrations.
+ * RFC-0000: "Biz default'ları sağlıyoruz, sınırları developer çiziyor."
+ *
+ * SECURITY MODEL:
+ * - 'trusted': No additional verification
+ * - 'verify': Cross-check with internal state
+ * - 'untrusted': Full validation, limited access
+ * - 'write-only': Can only receive, cannot query
+ */
+/**
+ * Trust level for cluster/shared state.
+ */
+export type ClusterTrustLevel = 'trusted' | 'untrusted';
+/**
+ * Trust level for cold storage.
+ */
+export type ColdStorageTrustLevel = 'write-only' | 'untrusted';
+/**
+ * Trust level for external detectors.
+ */
+export type DetectorTrustLevel = 'trusted' | 'verify';
+/**
+ * Cluster configuration.
+ */
+export interface ClusterBoundaryConfig {
+    /** Shared state backend */
+    sharedState: 'redis' | 'memory' | 'none';
+    /** Trust level for cluster peers. Default: 'untrusted' */
+    trustLevel: ClusterTrustLevel;
+}
+/**
+ * Cold storage boundary configuration.
+ */
+export interface ColdStorageBoundaryConfig {
+    /** Storage endpoint URL */
+    endpoint: string;
+    /** Trust level. Default: 'write-only' */
+    trustLevel: ColdStorageTrustLevel;
+}
+/**
+ * Detector boundary configuration.
+ */
+export interface DetectorBoundaryConfig {
+    /** Detector source */
+    source: 'external' | 'internal';
+    /** Trust level. Default: 'trusted' for internal, 'verify' for external */
+    trustLevel: DetectorTrustLevel;
+}
+/**
+ * Complete trust boundary configuration.
+ */
+export interface TrustBoundaryConfig {
+    /** Cluster/shared state boundaries */
+    cluster?: ClusterBoundaryConfig;
+    /** Cold storage boundaries */
+    coldStorage?: ColdStorageBoundaryConfig;
+    /** Detector boundaries */
+    detector?: DetectorBoundaryConfig;
+}
+/**
+ * Default trust boundary configuration.
+ * Conservative defaults: assume untrusted.
+ */
+export declare const DEFAULT_TRUST_BOUNDARY: Required<TrustBoundaryConfig>;
+/**
+ * Merge partial trust boundary with defaults.
+ */
+export declare function mergeTrustBoundary(partial?: Partial<TrustBoundaryConfig>): Required<TrustBoundaryConfig>;
+/**
+ * Validate trust boundary configuration.
+ * Returns array of validation errors, empty if valid.
+ */
+export declare function validateTrustBoundary(config: TrustBoundaryConfig): string[];
+/**
+ * Check if a detector result should be verified based on trust boundary.
+ */
+export declare function shouldVerifyDetector(config: TrustBoundaryConfig): boolean;
+/**
+ * Check if cluster state should be treated as untrusted.
+ */
+export declare function isClusterUntrusted(config: TrustBoundaryConfig): boolean;
+//# sourceMappingURL=trust-boundary.d.ts.map

package/dist/core/trust-boundary.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"trust-boundary.d.ts","sourceRoot":"","sources":["../../src/core/trust-boundary.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH;;GAEG;AACH,MAAM,MAAM,iBAAiB,GAAG,SAAS,GAAG,WAAW,CAAA;AAEvD;;GAEG;AACH,MAAM,MAAM,qBAAqB,GAAG,YAAY,GAAG,WAAW,CAAA;AAE9D;;GAEG;AACH,MAAM,MAAM,kBAAkB,GAAG,SAAS,GAAG,QAAQ,CAAA;AAErD;;GAEG;AACH,MAAM,WAAW,qBAAqB;IACpC,2BAA2B;IAC3B,WAAW,EAAE,OAAO,GAAG,QAAQ,GAAG,MAAM,CAAA;IACxC,0DAA0D;IAC1D,UAAU,EAAE,iBAAiB,CAAA;CAC9B;AAED;;GAEG;AACH,MAAM,WAAW,yBAAyB;IACxC,2BAA2B;IAC3B,QAAQ,EAAE,MAAM,CAAA;IAChB,yCAAyC;IACzC,UAAU,EAAE,qBAAqB,CAAA;CAClC;AAED;;GAEG;AACH,MAAM,WAAW,sBAAsB;IACrC,sBAAsB;IACtB,MAAM,EAAE,UAAU,GAAG,UAAU,CAAA;IAC/B,0EAA0E;IAC1E,UAAU,EAAE,kBAAkB,CAAA;CAC/B;AAED;;GAEG;AACH,MAAM,WAAW,mBAAmB;IAClC,sCAAsC;IACtC,OAAO,CAAC,EAAE,qBAAqB,CAAA;IAC/B,8BAA8B;IAC9B,WAAW,CAAC,EAAE,yBAAyB,CAAA;IACvC,0BAA0B;IAC1B,QAAQ,CAAC,EAAE,sBAAsB,CAAA;CAClC;AAED;;;GAGG;AACH,eAAO,MAAM,sBAAsB,EAAE,QAAQ,CAAC,mBAAmB,CAahE,CAAA;AAED;;GAEG;AACH,wBAAgB,kBAAkB,CAChC,OAAO,CAAC,EAAE,OAAO,CAAC,mBAAmB,CAAC,GACrC,QAAQ,CAAC,mBAAmB,CAAC,CAQ/B;AAED;;;GAGG;AACH,wBAAgB,qBAAqB,CAAC,MAAM,EAAE,mBAAmB,GAAG,MAAM,EAAE,CAc3E;AAED;;GAEG;AACH,wBAAgB,oBAAoB,CAAC,MAAM,EAAE,mBAAmB,GAAG,OAAO,CAEzE;AAED;;GAEG;AACH,wBAAgB,kBAAkB,CAAC,MAAM,EAAE,mBAAmB,GAAG,OAAO,CAEvE"}

package/dist/core/trust-boundary.js

@@ -0,0 +1,71 @@
+/**
+ * Trust Boundary Configuration
+ *
+ * Developer-defined trust levels for external integrations.
+ * RFC-0000: "Biz default'ları sağlıyoruz, sınırları developer çiziyor."
+ *
+ * SECURITY MODEL:
+ * - 'trusted': No additional verification
+ * - 'verify': Cross-check with internal state
+ * - 'untrusted': Full validation, limited access
+ * - 'write-only': Can only receive, cannot query
+ */
+/**
+ * Default trust boundary configuration.
+ * Conservative defaults: assume untrusted.
+ */
+export const DEFAULT_TRUST_BOUNDARY = {
+    cluster: {
+        sharedState: 'none',
+        trustLevel: 'untrusted',
+    },
+    coldStorage: {
+        endpoint: '',
+        trustLevel: 'write-only',
+    },
+    detector: {
+        source: 'internal',
+        trustLevel: 'trusted',
+    },
+};
+/**
+ * Merge partial trust boundary with defaults.
+ */
+export function mergeTrustBoundary(partial) {
+    if (!partial)
+        return { ...DEFAULT_TRUST_BOUNDARY };
+    return {
+        cluster: { ...DEFAULT_TRUST_BOUNDARY.cluster, ...partial.cluster },
+        coldStorage: { ...DEFAULT_TRUST_BOUNDARY.coldStorage, ...partial.coldStorage },
+        detector: { ...DEFAULT_TRUST_BOUNDARY.detector, ...partial.detector },
+    };
+}
+/**
+ * Validate trust boundary configuration.
+ * Returns array of validation errors, empty if valid.
+ */
+export function validateTrustBoundary(config) {
+    const errors = [];
+    // Cold storage endpoint required if configured
+    if (config.coldStorage && config.coldStorage.endpoint === '') {
+        errors.push('coldStorage.endpoint is required when coldStorage is configured');
+    }
+    // External detector requires 'verify' trust level
+    if (config.detector?.source === 'external' && config.detector.trustLevel === 'trusted') {
+        errors.push("External detector should use 'verify' trust level, not 'trusted'");
+    }
+    return errors;
+}
+/**
+ * Check if a detector result should be verified based on trust boundary.
+ */
+export function shouldVerifyDetector(config) {
+    return config.detector?.trustLevel === 'verify';
+}
+/**
+ * Check if cluster state should be treated as untrusted.
+ */
+export function isClusterUntrusted(config) {
+    return config.cluster?.trustLevel === 'untrusted';
+}
+//# sourceMappingURL=trust-boundary.js.map

package/dist/core/trust-boundary.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"trust-boundary.js","sourceRoot":"","sources":["../../src/core/trust-boundary.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AA2DH;;;GAGG;AACH,MAAM,CAAC,MAAM,sBAAsB,GAAkC;IACnE,OAAO,EAAE;QACP,WAAW,EAAE,MAAM;QACnB,UAAU,EAAE,WAAW;KACxB;IACD,WAAW,EAAE;QACX,QAAQ,EAAE,EAAE;QACZ,UAAU,EAAE,YAAY;KACzB;IACD,QAAQ,EAAE;QACR,MAAM,EAAE,UAAU;QAClB,UAAU,EAAE,SAAS;KACtB;CACF,CAAA;AAED;;GAEG;AACH,MAAM,UAAU,kBAAkB,CAChC,OAAsC;IAEtC,IAAI,CAAC,OAAO;QAAE,OAAO,EAAE,GAAG,sBAAsB,EAAE,CAAA;IAElD,OAAO;QACL,OAAO,EAAE,EAAE,GAAG,sBAAsB,CAAC,OAAO,EAAE,GAAG,OAAO,CAAC,OAAO,EAAE;QAClE,WAAW,EAAE,EAAE,GAAG,sBAAsB,CAAC,WAAW,EAAE,GAAG,OAAO,CAAC,WAAW,EAAE;QAC9E,QAAQ,EAAE,EAAE,GAAG,sBAAsB,CAAC,QAAQ,EAAE,GAAG,OAAO,CAAC,QAAQ,EAAE;KACtE,CAAA;AACH,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,qBAAqB,CAAC,MAA2B;IAC/D,MAAM,MAAM,GAAa,EAAE,CAAA;IAE3B,+CAA+C;IAC/C,IAAI,MAAM,CAAC,WAAW,IAAI,MAAM,CAAC,WAAW,CAAC,QAAQ,KAAK,EAAE,EAAE,CAAC;QAC7D,MAAM,CAAC,IAAI,CAAC,iEAAiE,CAAC,CAAA;IAChF,CAAC;IAED,kDAAkD;IAClD,IAAI,MAAM,CAAC,QAAQ,EAAE,MAAM,KAAK,UAAU,IAAI,MAAM,CAAC,QAAQ,CAAC,UAAU,KAAK,SAAS,EAAE,CAAC;QACvF,MAAM,CAAC,IAAI,CAAC,kEAAkE,CAAC,CAAA;IACjF,CAAC;IAED,OAAO,MAAM,CAAA;AACf,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,oBAAoB,CAAC,MAA2B;IAC9D,OAAO,MAAM,CAAC,QAAQ,EAAE,UAAU,KAAK,QAAQ,CAAA;AACjD,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,kBAAkB,CAAC,MAA2B;IAC5D,OAAO,MAAM,CAAC,OAAO,EAAE,UAAU,KAAK,WAAW,CAAA;AACnD,CAAC"}

package/dist/core/watcher.d.ts

@@ -0,0 +1,153 @@
+/**
+ * Watcher - pull-based observability for system state.
+ *
+ * RFC-0000 CRITICAL INVARIANTS:
+ * - NO EventEmitter pattern (pull-based only)
+ * - snapshot() returns immutable state
+ * - alert() is internal, rate-limited
+ * - Watcher is an observer, not a controller
+ */
+import type { Severity } from '../types/common.js';
+/**
+ * Alert severity levels.
+ */
+export type AlertSeverity = 'info' | 'warning' | 'critical';
+/**
+ * Alert definition.
+ */
+export interface Alert {
+    /** Alert ID */
+    id: string;
+    /** Alert type */
+    type: AlertType;
+    /** Alert severity */
+    severity: AlertSeverity;
+    /** Human-readable message */
+    message: string;
+    /** Timestamp of alert */
+    timestamp: number;
+    /** Additional context */
+    context?: Record<string, unknown>;
+}
+/**
+ * Alert types.
+ */
+export type AlertType = 'threat_detected' | 'evidence_neutralized' | 'quarantine_full' | 'quarantine_high' | 'rate_limit_exceeded' | 'hound_timeout' | 'system_overload';
+/**
+ * Threat statistics.
+ */
+export interface ThreatStats {
+    /** Total threats detected */
+    total: number;
+    /** Threats by category */
+    byCategory: Record<string, number>;
+    /** Threats by severity */
+    bySeverity: Record<Severity, number>;
+}
+/**
+ * Quarantine statistics (from Watcher perspective).
+ */
+export interface WatcherQuarantineStats {
+    /** Current count */
+    count: number;
+    /** Current bytes */
+    bytes: number;
+    /** Capacity percentage */
+    capacityPercent: number;
+}
+/**
+ * Watcher snapshot (immutable).
+ */
+export interface WatcherSnapshot {
+    /** System uptime in ms */
+    uptimeMs: number;
+    /** Threat statistics */
+    threats: ThreatStats;
+    /** Quarantine statistics */
+    quarantine: WatcherQuarantineStats;
+    /** Total alerts emitted */
+    totalAlerts: number;
+    /** Alerts in current window */
+    alertsInWindow: number;
+    /** Last alert (if any) */
+    lastAlert: Alert | null;
+    /** Whether system is in overload state */
+    overloaded: boolean;
+    /** Timestamp of snapshot */
+    snapshotTime: number;
+}
+/**
+ * Watcher configuration.
+ */
+export interface WatcherConfig {
+    /** Maximum alerts per window (rate limiting) */
+    maxAlertsPerWindow: number;
+    /** Alert window in ms */
+    alertWindowMs: number;
+    /** Quarantine high watermark (0-1) */
+    quarantineHighWatermark: number;
+}
+/**
+ * Watcher interface.
+ *
+ * CRITICAL: NO EventEmitter. Pull-based only.
+ */
+export interface IWatcher {
+    /**
+     * Get current state snapshot.
+     * External consumers poll this.
+     */
+    snapshot(): Readonly<WatcherSnapshot>;
+    /**
+     * Record a threat detection.
+     * Internal use only.
+     */
+    recordThreat(category: string, severity: Severity): void;
+    /**
+     * Update quarantine stats.
+     * Internal use only.
+     */
+    updateQuarantine(count: number, bytes: number, maxBytes: number): void;
+    /**
+     * Emit an alert (rate-limited).
+     * Internal use only.
+     */
+    alert(alert: Omit<Alert, 'id' | 'timestamp'>): boolean;
+    /**
+     * Mark system as overloaded.
+     */
+    setOverloaded(overloaded: boolean): void;
+}
+/**
+ * Watcher implementation.
+ *
+ * Pull-based observability. No EventEmitter.
+ */
+export declare class Watcher implements IWatcher {
+    private readonly config;
+    private readonly startTime;
+    private readonly alerts;
+    private alertWindowStart;
+    private alertsInCurrentWindow;
+    private _totalThreats;
+    private readonly threatsByCategory;
+    private readonly threatsBySeverity;
+    private _quarantineCount;
+    private _quarantineBytes;
+    private _quarantineCapacity;
+    private _overloaded;
+    private _lastAlert;
+    constructor(config: WatcherConfig);
+    snapshot(): Readonly<WatcherSnapshot>;
+    recordThreat(category: string, severity: Severity): void;
+    updateQuarantine(count: number, bytes: number, maxBytes: number): void;
+    alert(alertInput: Omit<Alert, 'id' | 'timestamp'>): boolean;
+    setOverloaded(overloaded: boolean): void;
+}
+/**
+ * Create a Watcher instance.
+ *
+ * @param config - Watcher configuration
+ */
+export declare function createWatcher(config: WatcherConfig): IWatcher;
+//# sourceMappingURL=watcher.d.ts.map

package/dist/core/watcher.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"watcher.d.ts","sourceRoot":"","sources":["../../src/core/watcher.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,oBAAoB,CAAA;AAMlD;;GAEG;AACH,MAAM,MAAM,aAAa,GAAG,MAAM,GAAG,SAAS,GAAG,UAAU,CAAA;AAE3D;;GAEG;AACH,MAAM,WAAW,KAAK;IACpB,eAAe;IACf,EAAE,EAAE,MAAM,CAAA;IACV,iBAAiB;IACjB,IAAI,EAAE,SAAS,CAAA;IACf,qBAAqB;IACrB,QAAQ,EAAE,aAAa,CAAA;IACvB,6BAA6B;IAC7B,OAAO,EAAE,MAAM,CAAA;IACf,yBAAyB;IACzB,SAAS,EAAE,MAAM,CAAA;IACjB,yBAAyB;IACzB,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAA;CAClC;AAED;;GAEG;AACH,MAAM,MAAM,SAAS,GACjB,iBAAiB,GACjB,sBAAsB,GACtB,iBAAiB,GACjB,iBAAiB,GACjB,qBAAqB,GACrB,eAAe,GACf,iBAAiB,CAAA;AAErB;;GAEG;AACH,MAAM,WAAW,WAAW;IAC1B,6BAA6B;IAC7B,KAAK,EAAE,MAAM,CAAA;IACb,0BAA0B;IAC1B,UAAU,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAA;IAClC,0BAA0B;IAC1B,UAAU,EAAE,MAAM,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAA;CACrC;AAED;;GAEG;AACH,MAAM,WAAW,sBAAsB;IACrC,oBAAoB;IACpB,KAAK,EAAE,MAAM,CAAA;IACb,oBAAoB;IACpB,KAAK,EAAE,MAAM,CAAA;IACb,0BAA0B;IAC1B,eAAe,EAAE,MAAM,CAAA;CACxB;AAED;;GAEG;AACH,MAAM,WAAW,eAAe;IAC9B,0BAA0B;IAC1B,QAAQ,EAAE,MAAM,CAAA;IAChB,wBAAwB;IACxB,OAAO,EAAE,WAAW,CAAA;IACpB,4BAA4B;IAC5B,UAAU,EAAE,sBAAsB,CAAA;IAClC,2BAA2B;IAC3B,WAAW,EAAE,MAAM,CAAA;IACnB,+BAA+B;IAC/B,cAAc,EAAE,MAAM,CAAA;IACtB,0BAA0B;IAC1B,SAAS,EAAE,KAAK,GAAG,IAAI,CAAA;IACvB,0CAA0C;IAC1C,UAAU,EAAE,OAAO,CAAA;IACnB,4BAA4B;IAC5B,YAAY,EAAE,MAAM,CAAA;CACrB;AAED;;GAEG;AACH,MAAM,WAAW,aAAa;IAC5B,gDAAgD;IAChD,kBAAkB,EAAE,MAAM,CAAA;IAC1B,yBAAyB;IACzB,aAAa,EAAE,MAAM,CAAA;IACrB,sCAAsC;IACtC,uBAAuB,EAAE,MAAM,CAAA;CAChC;AAED;;;;GAIG;AACH,MAAM,WAAW,QAAQ;IACvB;;;OAGG;IACH,QAAQ,IAAI,QAAQ,CAAC,eAAe,CAAC,CAAA;IAErC;;;OAGG;IACH,YAAY,CAAC,QAAQ,EAAE,MAAM,EAAE,QAAQ,EAAE,QAAQ,GAAG,IAAI,CAAA;IAExD;;;OAGG;IACH,gBAAgB,CAAC,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAA;IAEtE;;;OAGG;IACH,KAAK,CAAC,KAAK,EAAE,IAAI,CAAC,KAAK,EAAE,IAAI,GAAG,WAAW,CAAC,GAAG,OAAO,CAAA;IAEtD;;OAEG;IACH,aAAa,CAAC,UAAU,EAAE,OAAO,GAAG,IAAI,CAAA;CACzC;AAMD;;;;GAIG;AACH,qBAAa,OAAQ,YAAW,QAAQ;IAoB1B,OAAO,CAAC,QAAQ,CAAC,MAAM;IAnBnC,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAQ;IAClC,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAc;IACrC,OAAO,CAAC,gBAAgB,CAAQ;IAChC,OAAO,CAAC,qBAAqB,CAAI;IAGjC,OAAO,CAAC,aAAa,CAAI;IACzB,OAAO,CAAC,QAAQ,CAAC,iBAAiB,CAAiC;IACnE,OAAO,CAAC,QAAQ,CAAC,iBAAiB,CAAmC;IAGrE,OAAO,CAAC,gBAAgB,CAAI;IAC5B,OAAO,CAAC,gBAAgB,CAAI;IAC5B,OAAO,CAAC,mBAAmB,CAAI;IAG/B,OAAO,CAAC,WAAW,CAAQ;IAC3B,OAAO,CAAC,UAAU,CAAqB;gBAEV,MAAM,EAAE,aAAa;IAKlD,QAAQ,IAAI,QAAQ,CAAC,eAAe,CAAC;IAoCrC,YAAY,CAAC,QAAQ,EAAE,MAAM,EAAE,QAAQ,EAAE,QAAQ,GAAG,IAAI;IAYxD,gBAAgB,CAAC,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,IAAI;IAgBtE,KAAK,CAAC,UAAU,EAAE,IAAI,CAAC,KAAK,EAAE,IAAI,GAAG,WAAW,CAAC,GAAG,OAAO;IA4B3D,aAAa,CAAC,UAAU,EAAE,OAAO,GAAG,IAAI;CAazC;AAMD;;;;GAIG;AACH,wBAAgB,aAAa,CAAC,MAAM,EAAE,aAAa,GAAG,QAAQ,CAE7D"}

package/dist/core/watcher.js

@@ -0,0 +1,141 @@
+/**
+ * Watcher - pull-based observability for system state.
+ *
+ * RFC-0000 CRITICAL INVARIANTS:
+ * - NO EventEmitter pattern (pull-based only)
+ * - snapshot() returns immutable state
+ * - alert() is internal, rate-limited
+ * - Watcher is an observer, not a controller
+ */
+// ─────────────────────────────────────────────────────────────────────────────
+// Implementation
+// ─────────────────────────────────────────────────────────────────────────────
+/**
+ * Watcher implementation.
+ *
+ * Pull-based observability. No EventEmitter.
+ */
+export class Watcher {
+    config;
+    startTime;
+    alerts = [];
+    alertWindowStart;
+    alertsInCurrentWindow = 0;
+    // Threat tracking
+    _totalThreats = 0;
+    threatsByCategory = new Map();
+    threatsBySeverity = new Map();
+    // Quarantine tracking
+    _quarantineCount = 0;
+    _quarantineBytes = 0;
+    _quarantineCapacity = 0;
+    // State
+    _overloaded = false;
+    _lastAlert = null;
+    constructor(config) {
+        this.config = config;
+        this.startTime = Date.now();
+        this.alertWindowStart = this.startTime;
+    }
+    snapshot() {
+        const now = Date.now();
+        // Build threat stats
+        const byCategory = {};
+        for (const [cat, count] of this.threatsByCategory) {
+            byCategory[cat] = count;
+        }
+        const bySeverity = {
+            low: this.threatsBySeverity.get('low') ?? 0,
+            medium: this.threatsBySeverity.get('medium') ?? 0,
+            high: this.threatsBySeverity.get('high') ?? 0,
+            critical: this.threatsBySeverity.get('critical') ?? 0,
+        };
+        return Object.freeze({
+            uptimeMs: now - this.startTime,
+            threats: {
+                total: this._totalThreats,
+                byCategory,
+                bySeverity,
+            },
+            quarantine: {
+                count: this._quarantineCount,
+                bytes: this._quarantineBytes,
+                capacityPercent: this._quarantineCapacity,
+            },
+            totalAlerts: this.alerts.length,
+            alertsInWindow: this.alertsInCurrentWindow,
+            lastAlert: this._lastAlert,
+            overloaded: this._overloaded,
+            snapshotTime: now,
+        });
+    }
+    recordThreat(category, severity) {
+        this._totalThreats++;
+        // Update by category
+        const catCount = this.threatsByCategory.get(category) ?? 0;
+        this.threatsByCategory.set(category, catCount + 1);
+        // Update by severity
+        const sevCount = this.threatsBySeverity.get(severity) ?? 0;
+        this.threatsBySeverity.set(severity, sevCount + 1);
+    }
+    updateQuarantine(count, bytes, maxBytes) {
+        this._quarantineCount = count;
+        this._quarantineBytes = bytes;
+        this._quarantineCapacity = maxBytes > 0 ? (bytes / maxBytes) * 100 : 0;
+        // Check high watermark
+        if (this._quarantineCapacity >= this.config.quarantineHighWatermark * 100) {
+            this.alert({
+                type: 'quarantine_high',
+                severity: 'warning',
+                message: `Quarantine at ${this._quarantineCapacity.toFixed(1)}% capacity`,
+                context: { count, bytes, maxBytes },
+            });
+        }
+    }
+    alert(alertInput) {
+        const now = Date.now();
+        // Check if we need to reset the window
+        if (now - this.alertWindowStart >= this.config.alertWindowMs) {
+            this.alertWindowStart = now;
+            this.alertsInCurrentWindow = 0;
+        }
+        // Rate limit check
+        if (this.alertsInCurrentWindow >= this.config.maxAlertsPerWindow) {
+            return false; // Rate limited
+        }
+        // Create alert
+        const alert = {
+            ...alertInput,
+            id: `alert-${this.alerts.length + 1}`,
+            timestamp: now,
+        };
+        this.alerts.push(alert);
+        this.alertsInCurrentWindow++;
+        this._lastAlert = alert;
+        return true;
+    }
+    setOverloaded(overloaded) {
+        const wasOverloaded = this._overloaded;
+        this._overloaded = overloaded;
+        // Emit alert on transition to overloaded
+        if (overloaded && !wasOverloaded) {
+            this.alert({
+                type: 'system_overload',
+                severity: 'critical',
+                message: 'System is overloaded',
+            });
+        }
+    }
+}
+// ─────────────────────────────────────────────────────────────────────────────
+// Factory
+// ─────────────────────────────────────────────────────────────────────────────
+/**
+ * Create a Watcher instance.
+ *
+ * @param config - Watcher configuration
+ */
+export function createWatcher(config) {
+    return new Watcher(config);
+}
+//# sourceMappingURL=watcher.js.map

package/dist/core/watcher.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"watcher.js","sourceRoot":"","sources":["../../src/core/watcher.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAyIH,gFAAgF;AAChF,iBAAiB;AACjB,gFAAgF;AAEhF;;;;GAIG;AACH,MAAM,OAAO,OAAO;IAoBW;IAnBZ,SAAS,CAAQ;IACjB,MAAM,GAAY,EAAE,CAAA;IAC7B,gBAAgB,CAAQ;IACxB,qBAAqB,GAAG,CAAC,CAAA;IAEjC,kBAAkB;IACV,aAAa,GAAG,CAAC,CAAA;IACR,iBAAiB,GAAwB,IAAI,GAAG,EAAE,CAAA;IAClD,iBAAiB,GAA0B,IAAI,GAAG,EAAE,CAAA;IAErE,sBAAsB;IACd,gBAAgB,GAAG,CAAC,CAAA;IACpB,gBAAgB,GAAG,CAAC,CAAA;IACpB,mBAAmB,GAAG,CAAC,CAAA;IAE/B,QAAQ;IACA,WAAW,GAAG,KAAK,CAAA;IACnB,UAAU,GAAiB,IAAI,CAAA;IAEvC,YAA6B,MAAqB;QAArB,WAAM,GAAN,MAAM,CAAe;QAChD,IAAI,CAAC,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAA;QAC3B,IAAI,CAAC,gBAAgB,GAAG,IAAI,CAAC,SAAS,CAAA;IACxC,CAAC;IAED,QAAQ;QACN,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAA;QAEtB,qBAAqB;QACrB,MAAM,UAAU,GAA2B,EAAE,CAAA;QAC7C,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,IAAI,CAAC,iBAAiB,EAAE,CAAC;YAClD,UAAU,CAAC,GAAG,CAAC,GAAG,KAAK,CAAA;QACzB,CAAC;QAED,MAAM,UAAU,GAA6B;YAC3C,GAAG,EAAE,IAAI,CAAC,iBAAiB,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC;YAC3C,MAAM,EAAE,IAAI,CAAC,iBAAiB,CAAC,GAAG,CAAC,QAAQ,CAAC,IAAI,CAAC;YACjD,IAAI,EAAE,IAAI,CAAC,iBAAiB,CAAC,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC;YAC7C,QAAQ,EAAE,IAAI,CAAC,iBAAiB,CAAC,GAAG,CAAC,UAAU,CAAC,IAAI,CAAC;SACtD,CAAA;QAED,OAAO,MAAM,CAAC,MAAM,CAAC;YACnB,QAAQ,EAAE,GAAG,GAAG,IAAI,CAAC,SAAS;YAC9B,OAAO,EAAE;gBACP,KAAK,EAAE,IAAI,CAAC,aAAa;gBACzB,UAAU;gBACV,UAAU;aACX;YACD,UAAU,EAAE;gBACV,KAAK,EAAE,IAAI,CAAC,gBAAgB;gBAC5B,KAAK,EAAE,IAAI,CAAC,gBAAgB;gBAC5B,eAAe,EAAE,IAAI,CAAC,mBAAmB;aAC1C;YACD,WAAW,EAAE,IAAI,CAAC,MAAM,CAAC,MAAM;YAC/B,cAAc,EAAE,IAAI,CAAC,qBAAqB;YAC1C,SAAS,EAAE,IAAI,CAAC,UAAU;YAC1B,UAAU,EAAE,IAAI,CAAC,WAAW;YAC5B,YAAY,EAAE,GAAG;SAClB,CAAC,CAAA;IACJ,CAAC;IAED,YAAY,CAAC,QAAgB,EAAE,QAAkB;QAC/C,IAAI,CAAC,aAAa,EAAE,CAAA;QAEpB,qBAAqB;QACrB,MAAM,QAAQ,GAAG,IAAI,CAAC,iBAAiB,CAAC,GAAG,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAA;QAC1D,IAAI,CAAC,iBAAiB,CAAC,GAAG,CAAC,QAAQ,EAAE,QAAQ,GAAG,CAAC,CAAC,CAAA;QAElD,qBAAqB;QACrB,MAAM,QAAQ,GAAG,IAAI,CAAC,iBAAiB,CAAC,GAAG,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAA;QAC1D,IAAI,CAAC,iBAAiB,CAAC,GAAG,CAAC,QAAQ,EAAE,QAAQ,GAAG,CAAC,CAAC,CAAA;IACpD,CAAC;IAED,gBAAgB,CAAC,KAAa,EAAE,KAAa,EAAE,QAAgB;QAC7D,IAAI,CAAC,gBAAgB,GAAG,KAAK,CAAA;QAC7B,IAAI,CAAC,gBAAgB,GAAG,KAAK,CAAA;QAC7B,IAAI,CAAC,mBAAmB,GAAG,QAAQ,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,KAAK,GAAG,QAAQ,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC,CAAC,CAAA;QAEtE,uBAAuB;QACvB,IAAI,IAAI,CAAC,mBAAmB,IAAI,IAAI,CAAC,MAAM,CAAC,uBAAuB,GAAG,GAAG,EAAE,CAAC;YAC1E,IAAI,CAAC,KAAK,CAAC;gBACT,IAAI,EAAE,iBAAiB;gBACvB,QAAQ,EAAE,SAAS;gBACnB,OAAO,EAAE,iBAAiB,IAAI,CAAC,mBAAmB,CAAC,OAAO,CAAC,CAAC,CAAC,YAAY;gBACzE,OAAO,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,QAAQ,EAAE;aACpC,CAAC,CAAA;QACJ,CAAC;IACH,CAAC;IAED,KAAK,CAAC,UAA2C;QAC/C,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAA;QAEtB,uCAAuC;QACvC,IAAI,GAAG,GAAG,IAAI,CAAC,gBAAgB,IAAI,IAAI,CAAC,MAAM,CAAC,aAAa,EAAE,CAAC;YAC7D,IAAI,CAAC,gBAAgB,GAAG,GAAG,CAAA;YAC3B,IAAI,CAAC,qBAAqB,GAAG,CAAC,CAAA;QAChC,CAAC;QAED,mBAAmB;QACnB,IAAI,IAAI,CAAC,qBAAqB,IAAI,IAAI,CAAC,MAAM,CAAC,kBAAkB,EAAE,CAAC;YACjE,OAAO,KAAK,CAAA,CAAC,eAAe;QAC9B,CAAC;QAED,eAAe;QACf,MAAM,KAAK,GAAU;YACnB,GAAG,UAAU;YACb,EAAE,EAAE,SAAS,IAAI,CAAC,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE;YACrC,SAAS,EAAE,GAAG;SACf,CAAA;QAED,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAA;QACvB,IAAI,CAAC,qBAAqB,EAAE,CAAA;QAC5B,IAAI,CAAC,UAAU,GAAG,KAAK,CAAA;QAEvB,OAAO,IAAI,CAAA;IACb,CAAC;IAED,aAAa,CAAC,UAAmB;QAC/B,MAAM,aAAa,GAAG,IAAI,CAAC,WAAW,CAAA;QACtC,IAAI,CAAC,WAAW,GAAG,UAAU,CAAA;QAE7B,yCAAyC;QACzC,IAAI,UAAU,IAAI,CAAC,aAAa,EAAE,CAAC;YACjC,IAAI,CAAC,KAAK,CAAC;gBACT,IAAI,EAAE,iBAAiB;gBACvB,QAAQ,EAAE,UAAU;gBACpB,OAAO,EAAE,sBAAsB;aAChC,CAAC,CAAA;QACJ,CAAC;IACH,CAAC;CACF;AAED,gFAAgF;AAChF,UAAU;AACV,gFAAgF;AAEhF;;;;GAIG;AACH,MAAM,UAAU,aAAa,CAAC,MAAqB;IACjD,OAAO,IAAI,OAAO,CAAC,MAAM,CAAC,CAAA;AAC5B,CAAC"}

package/dist/index.d.ts

@@ -0,0 +1,53 @@
+/**
+ * @tracehound/core
+ *
+ * Security buffer system with immune system architecture.
+ */
+export type { AlertConfig, AuditConfig, ColdStorageConfig, ErrorState, EvacuateRecord, EvidenceHandle, GenerateSignatureOptions, HoundConfig, InterceptResult, JsonPrimitive, JsonSerializable, NeutralizationRecord, PurgeRecord, QuarantineConfig, RateLimitConfig, RuntimeConfig, Scent, SchedulerConfig, Severity, Threat, ThreatCategory, ThreatInput, ThreatSignal, TracehoundConfig, TracehoundError, } from './types/index.js';
+export { DEFAULT_CONFIG, mergeWithDefaults } from './types/index.js';
+export { createError, Errors } from './types/index.js';
+export { isClean, isError, isIgnored, isQuarantined, isRateLimited } from './types/index.js';
+export { createThreatInput } from './types/index.js';
+export { compareSignatures, generateSignature, validateSignature } from './types/index.js';
+export { AuditChain, GENESIS_HASH } from './core/audit-chain.js';
+export { Evidence } from './core/evidence.js';
+export { Quarantine } from './core/quarantine.js';
+export type { InsertResult, QuarantineStats } from './core/quarantine.js';
+export { createRateLimiter, RateLimiter } from './core/rate-limiter.js';
+export type { IRateLimiter, RateLimiterStats, RateLimitResult } from './core/rate-limiter.js';
+export { createEvidenceFactory, EvidenceFactory } from './core/evidence-factory.js';
+export type { EvidenceCreationResult, EvidenceFactoryOptions, IEvidenceFactory, } from './core/evidence-factory.js';
+export { Agent, createAgent } from './core/agent.js';
+export type { AgentConfig, AgentStats, IAgent } from './core/agent.js';
+export { createHoundPool, createMockAdapter, HoundPool } from './core/hound-pool.js';
+export type { HoundPoolConfig, HoundPoolStats, HoundResult, IHoundPool, PoolExhaustedAction, } from './core/hound-pool.js';
+export type { HoundProcessConstraints } from './core/process-adapter.js';
+export { createScheduler, Scheduler } from './core/scheduler.js';
+export type { BusyChecker, IScheduler, ScheduledTask, SchedulerStats, TickSchedulerConfig, } from './core/scheduler.js';
+export { createWatcher, Watcher } from './core/watcher.js';
+export type { Alert, AlertSeverity, AlertType, IWatcher, ThreatStats, WatcherConfig, WatcherQuarantineStats, WatcherSnapshot, } from './core/watcher.js';
+export { hash, hashBuffer } from './utils/hash.js';
+export { generateSecureId, isValidSecureId } from './utils/id.js';
+export { serialize } from './utils/serialize.js';
+export { AsyncGzipCodec, createAsyncColdPathCodec, createColdPathCodec, createHotPathCodec, decodeWithIntegrityAsync, encodeWithIntegrityAsync, GzipCodec, } from './utils/binary-codec.js';
+export type { AsyncColdPathCodec, AsyncHotPathCodec, CodecStats, ColdPathCodec, HotPathCodec, } from './utils/binary-codec.js';
+export { constantTimeBufferEqual, constantTimeEqual } from './utils/compare.js';
+export { encodePayload, estimatePayloadSize } from './utils/encode.js';
+export type { EncodeResult } from './utils/encode.js';
+export { createMemoryColdStorage, MemoryColdStorage } from './core/cold-storage.js';
+export type { ColdStorageReadResult, ColdStorageWriteResult, IColdStorageAdapter, } from './core/cold-storage.js';
+export { createS3ColdStorage, S3ColdStorage } from './core/s3-cold-storage.js';
+export type { S3ColdStorageConfig, S3LikeClient } from './core/s3-cold-storage.js';
+export { DEFAULT_TRUST_BOUNDARY, isClusterUntrusted, mergeTrustBoundary, shouldVerifyDetector, validateTrustBoundary, } from './core/trust-boundary.js';
+export type { ClusterBoundaryConfig, ClusterTrustLevel, ColdStorageBoundaryConfig, ColdStorageTrustLevel, DetectorBoundaryConfig, DetectorTrustLevel, TrustBoundaryConfig, } from './core/trust-boundary.js';
+export { createLaneQueue, DEFAULT_LANE_CONFIG, LaneQueue } from './core/lane-queue.js';
+export type { Alert as LaneAlert, LaneConfig, LaneQueueConfig, LaneStats, } from './core/lane-queue.js';
+export { createFailSafe, DEFAULT_FAIL_SAFE_CONFIG, FailSafe } from './core/fail-safe.js';
+export type { FailSafeConfig, PanicCallback, PanicEvent, PanicLevel, PanicReason, ThresholdConfig, } from './core/fail-safe.js';
+export { createTracehound } from './core/tracehound.js';
+export type { ITracehound, TracehoundOptions } from './core/tracehound.js';
+export { createNotificationEmitter, NotificationEmitter } from './core/notification-emitter.js';
+export type { EventCallback, EventType, EvidenceEvictedPayload, EvidenceQuarantinedPayload, INotificationEmitter, LicenseExpiredPayload, LicenseValidatedPayload, NotificationEmitterStats, RateLimitExceededPayload, SystemPanicPayload, ThreatDetectedPayload, TracehoundEvent, WebhookConfig, } from './core/notification-emitter.js';
+export { createSecurityState, SecurityState } from './core/security-state.js';
+export type { ISecurityState, LicenseState, QuarantineStateStats, RateLimitStats, SecurityHistoryEntry, SecuritySnapshot, SecurityStateConfig, SecurityStateStats, } from './core/security-state.js';
+//# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAMH,YAAY,EACV,WAAW,EACX,WAAW,EACX,iBAAiB,EACjB,UAAU,EACV,cAAc,EACd,cAAc,EACd,wBAAwB,EACxB,WAAW,EACX,eAAe,EACf,aAAa,EACb,gBAAgB,EAChB,oBAAoB,EACpB,WAAW,EACX,gBAAgB,EAChB,eAAe,EACf,aAAa,EACb,KAAK,EACL,eAAe,EACf,QAAQ,EACR,MAAM,EACN,cAAc,EACd,WAAW,EACX,YAAY,EACZ,gBAAgB,EAChB,eAAe,GAChB,MAAM,kBAAkB,CAAA;AAMzB,OAAO,EAAE,cAAc,EAAE,iBAAiB,EAAE,MAAM,kBAAkB,CAAA;AAMpE,OAAO,EAAE,WAAW,EAAE,MAAM,EAAE,MAAM,kBAAkB,CAAA;AAMtD,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,SAAS,EAAE,aAAa,EAAE,aAAa,EAAE,MAAM,kBAAkB,CAAA;AAM5F,OAAO,EAAE,iBAAiB,EAAE,MAAM,kBAAkB,CAAA;AAMpD,OAAO,EAAE,iBAAiB,EAAE,iBAAiB,EAAE,iBAAiB,EAAE,MAAM,kBAAkB,CAAA;AAM1F,OAAO,EAAE,UAAU,EAAE,YAAY,EAAE,MAAM,uBAAuB,CAAA;AAMhE,OAAO,EAAE,QAAQ,EAAE,MAAM,oBAAoB,CAAA;AAM7C,OAAO,EAAE,UAAU,EAAE,MAAM,sBAAsB,CAAA;AACjD,YAAY,EAAE,YAAY,EAAE,eAAe,EAAE,MAAM,sBAAsB,CAAA;AAMzE,OAAO,EAAE,iBAAiB,EAAE,WAAW,EAAE,MAAM,wBAAwB,CAAA;AACvE,YAAY,EAAE,YAAY,EAAE,gBAAgB,EAAE,eAAe,EAAE,MAAM,wBAAwB,CAAA;AAM7F,OAAO,EAAE,qBAAqB,EAAE,eAAe,EAAE,MAAM,4BAA4B,CAAA;AACnF,YAAY,EACV,sBAAsB,EACtB,sBAAsB,EACtB,gBAAgB,GACjB,MAAM,4BAA4B,CAAA;AAMnC,OAAO,EAAE,KAAK,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAA;AACpD,YAAY,EAAE,WAAW,EAAE,UAAU,EAAE,MAAM,EAAE,MAAM,iBAAiB,CAAA;AAMtE,OAAO,EAAE,eAAe,EAAE,iBAAiB,EAAE,SAAS,EAAE,MAAM,sBAAsB,CAAA;AACpF,YAAY,EACV,eAAe,EACf,cAAc,EACd,WAAW,EACX,UAAU,EACV,mBAAmB,GACpB,MAAM,sBAAsB,CAAA;AAC7B,YAAY,EAAE,uBAAuB,EAAE,MAAM,2BAA2B,CAAA;AAMxE,OAAO,EAAE,eAAe,EAAE,SAAS,EAAE,MAAM,qBAAqB,CAAA;AAChE,YAAY,EACV,WAAW,EACX,UAAU,EACV,aAAa,EACb,cAAc,EACd,mBAAmB,GACpB,MAAM,qBAAqB,CAAA;AAM5B,OAAO,EAAE,aAAa,EAAE,OAAO,EAAE,MAAM,mBAAmB,CAAA;AAC1D,YAAY,EACV,KAAK,EACL,aAAa,EACb,SAAS,EACT,QAAQ,EACR,WAAW,EACX,aAAa,EACb,sBAAsB,EACtB,eAAe,GAChB,MAAM,mBAAmB,CAAA;AAM1B,OAAO,EAAE,IAAI,EAAE,UAAU,EAAE,MAAM,iBAAiB,CAAA;AAMlD,OAAO,EAAE,gBAAgB,EAAE,eAAe,EAAE,MAAM,eAAe,CAAA;AAMjE,OAAO,EAAE,SAAS,EAAE,MAAM,sBAAsB,CAAA;AAMhD,OAAO,EACL,cAAc,EACd,wBAAwB,EACxB,mBAAmB,EACnB,kBAAkB,EAClB,wBAAwB,EACxB,wBAAwB,EACxB,SAAS,GACV,MAAM,yBAAyB,CAAA;AAChC,YAAY,EACV,kBAAkB,EAClB,iBAAiB,EACjB,UAAU,EACV,aAAa,EACb,YAAY,GACb,MAAM,yBAAyB,CAAA;AAChC,OAAO,EAAE,uBAAuB,EAAE,iBAAiB,EAAE,MAAM,oBAAoB,CAAA;AAC/E,OAAO,EAAE,aAAa,EAAE,mBAAmB,EAAE,MAAM,mBAAmB,CAAA;AACtE,YAAY,EAAE,YAAY,EAAE,MAAM,mBAAmB,CAAA;AAMrD,OAAO,EAAE,uBAAuB,EAAE,iBAAiB,EAAE,MAAM,wBAAwB,CAAA;AACnF,YAAY,EACV,qBAAqB,EACrB,sBAAsB,EACtB,mBAAmB,GACpB,MAAM,wBAAwB,CAAA;AAM/B,OAAO,EAAE,mBAAmB,EAAE,aAAa,EAAE,MAAM,2BAA2B,CAAA;AAC9E,YAAY,EAAE,mBAAmB,EAAE,YAAY,EAAE,MAAM,2BAA2B,CAAA;AAMlF,OAAO,EACL,sBAAsB,EACtB,kBAAkB,EAClB,kBAAkB,EAClB,oBAAoB,EACpB,qBAAqB,GACtB,MAAM,0BAA0B,CAAA;AACjC,YAAY,EACV,qBAAqB,EACrB,iBAAiB,EACjB,yBAAyB,EACzB,qBAAqB,EACrB,sBAAsB,EACtB,kBAAkB,EAClB,mBAAmB,GACpB,MAAM,0BAA0B,CAAA;AAMjC,OAAO,EAAE,eAAe,EAAE,mBAAmB,EAAE,SAAS,EAAE,MAAM,sBAAsB,CAAA;AACtF,YAAY,EACV,KAAK,IAAI,SAAS,EAClB,UAAU,EACV,eAAe,EACf,SAAS,GACV,MAAM,sBAAsB,CAAA;AAM7B,OAAO,EAAE,cAAc,EAAE,wBAAwB,EAAE,QAAQ,EAAE,MAAM,qBAAqB,CAAA;AACxF,YAAY,EACV,cAAc,EACd,aAAa,EACb,UAAU,EACV,UAAU,EACV,WAAW,EACX,eAAe,GAChB,MAAM,qBAAqB,CAAA;AAM5B,OAAO,EAAE,gBAAgB,EAAE,MAAM,sBAAsB,CAAA;AACvD,YAAY,EAAE,WAAW,EAAE,iBAAiB,EAAE,MAAM,sBAAsB,CAAA;AAM1E,OAAO,EAAE,yBAAyB,EAAE,mBAAmB,EAAE,MAAM,gCAAgC,CAAA;AAC/F,YAAY,EACV,aAAa,EACb,SAAS,EACT,sBAAsB,EACtB,0BAA0B,EAC1B,oBAAoB,EACpB,qBAAqB,EACrB,uBAAuB,EACvB,wBAAwB,EACxB,wBAAwB,EACxB,kBAAkB,EAClB,qBAAqB,EACrB,eAAe,EACf,aAAa,GACd,MAAM,gCAAgC,CAAA;AAMvC,OAAO,EAAE,mBAAmB,EAAE,aAAa,EAAE,MAAM,0BAA0B,CAAA;AAC7E,YAAY,EACV,cAAc,EACd,YAAY,EACZ,oBAAoB,EACpB,cAAc,EACd,oBAAoB,EACpB,gBAAgB,EAChB,mBAAmB,EACnB,kBAAkB,GACnB,MAAM,0BAA0B,CAAA"}