@tracehound/core 1.2.0

package/dist/core/process-adapter.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"process-adapter.js","sourceRoot":"","sources":["../../src/core/process-adapter.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA4BG;AAEH,OAAO,EAAE,YAAY,EAAE,KAAK,EAAE,MAAM,oBAAoB,CAAA;AACxD,OAAO,EAAE,mBAAmB,EAAE,aAAa,EAAsB,MAAM,gBAAgB,CAAA;AA6CvF;;GAEG;AACH,MAAM,CAAC,MAAM,mBAAmB,GAAsC,MAAM,CAAC,MAAM,CAAC;IAClF,WAAW,EAAE,GAAG;IAChB,aAAa,EAAE,KAAK;IACpB,eAAe,EAAE,KAAK;IACtB,UAAU,EAAE,KAAK;CAClB,CAAC,CAAA;AAmDF,gFAAgF;AAChF,iBAAiB;AACjB,gFAAgF;AAEhF;;;;GAIG;AACH,MAAM,UAAU,oBAAoB;IAClC,OAAO;QACL,KAAK,CAAC,UAAkB,EAAE,WAA8C;YACtE,MAAM,iBAAiB,GAAG,EAAE,GAAG,mBAAmB,EAAE,GAAG,WAAW,EAAE,CAAA;YAEpE,sBAAsB;YACtB,MAAM,QAAQ,GAAa,EAAE,CAAA;YAE7B,yBAAyB;YACzB,IAAI,iBAAiB,CAAC,WAAW,EAAE,CAAC;gBAClC,QAAQ,CAAC,IAAI,CAAC,wBAAwB,iBAAiB,CAAC,WAAW,EAAE,CAAC,CAAA;YACxE,CAAC;YAED,iBAAiB;YACjB,QAAQ,CAAC,IAAI,CAAC,uBAAuB,CAAC,CAAA;YACtC,QAAQ,CAAC,IAAI,CAAC,yCAAyC,CAAC,CAAA;YAExD,sBAAsB;YACtB,yDAAyD;YACzD,MAAM,KAAK,GAAG,KAAK,CAAC,OAAO,CAAC,QAAQ,EAAE,CAAC,GAAG,QAAQ,EAAE,UAAU,CAAC,EAAE;gBAC/D,KAAK,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC;gBAC/B,QAAQ,EAAE,KAAK;gBACf,WAAW,EAAE,IAAI;aAClB,CAAC,CAAA;YAEF,IAAI,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC;gBACf,MAAM,IAAI,KAAK,CAAC,+BAA+B,CAAC,CAAA;YAClD,CAAC;YAED,MAAM,MAAM,GAAG,mBAAmB,EAAE,CAAA;YAEpC,OAAO;gBACL,GAAG,EAAE,KAAK,CAAC,GAAG;gBACd,QAAQ,EAAE,KAAK;gBACf,OAAO,EAAE,MAAM;aAChB,CAAA;QACH,CAAC;QAED,IAAI,CAAC,MAAmB,EAAE,OAAoB;YAC5C,MAAM,OAAO,GAAG,aAAa,CAAC,OAAO,CAAC,CAAA;YACtC,MAAM,CAAC,QAAQ,CAAC,KAAK,EAAE,KAAK,CAAC,OAAO,CAAC,CAAA;QACvC,CAAC;QAED,IAAI,CAAC,MAAmB;YACtB,oCAAoC;YACpC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,SAAS,CAAC,CAAA;QACjC,CAAC;QAED,MAAM,CAAC,MAAmB,EAAE,QAAsB;YAChD,MAAM,CAAC,QAAQ,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,MAAM,EAAE,EAAE;gBAC1C,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC,CAAA;YACxB,CAAC,CAAC,CAAA;QACJ,CAAC;QAED,SAAS,CAAC,MAAmB,EAAE,QAAyB;YACtD,MAAM,CAAC,QAAQ,CAAC,MAAM,EAAE,EAAE,CAAC,MAAM,EAAE,CAAC,KAAa,EAAE,EAAE;gBACnD,MAAM,QAAQ,GAAG,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAA;gBAC3C,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;oBAC/B,QAAQ,CAAC,OAAO,CAAC,CAAA;gBACnB,CAAC;YACH,CAAC,CAAC,CAAA;QACJ,CAAC;KACF,CAAA;AACH,CAAC;AAiBD;;;;;GAKG;AACH,MAAM,UAAU,iBAAiB;IAQ/B,MAAM,SAAS,GAAG,IAAI,GAAG,EAA4B,CAAA;IACrD,IAAI,OAAO,GAAG,IAAI,CAAA;IAElB,MAAM,WAAW,GAIb;QACF,KAAK;YACH,MAAM,GAAG,GAAG,OAAO,EAAE,CAAA;YACrB,MAAM,KAAK,GAAqB;gBAC9B,GAAG;gBACH,KAAK,EAAE,IAAI;gBACX,aAAa,EAAE,EAAE;gBACjB,gBAAgB,EAAE,EAAE;gBACpB,gBAAgB,EAAE,EAAE;aACrB,CAAA;YACD,SAAS,CAAC,GAAG,CAAC,GAAG,EAAE,KAAK,CAAC,CAAA;YAEzB,OAAO;gBACL,GAAG;gBACH,QAAQ,EAAE,EAAE,GAAG,EAAkB;gBACjC,OAAO,EAAE,mBAAmB,EAAE;aAC/B,CAAA;QACH,CAAC;QAED,IAAI,CAAC,MAAmB,EAAE,OAAoB;YAC5C,MAAM,KAAK,GAAG,SAAS,CAAC,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAA;YACvC,IAAI,KAAK,EAAE,KAAK,EAAE,CAAC;gBACjB,KAAK,CAAC,gBAAgB,CAAC,IAAI,CAAC,OAAO,CAAC,CAAA;YACtC,CAAC;QACH,CAAC;QAED,IAAI,CAAC,MAAmB;YACtB,MAAM,KAAK,GAAG,SAAS,CAAC,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAA;YACvC,IAAI,KAAK,EAAE,KAAK,EAAE,CAAC;gBACjB,KAAK,CAAC,KAAK,GAAG,KAAK,CAAA;gBACnB,KAAK,MAAM,EAAE,IAAI,KAAK,CAAC,aAAa,EAAE,CAAC;oBACrC,EAAE,CAAC,IAAI,EAAE,SAAS,CAAC,CAAA;gBACrB,CAAC;YACH,CAAC;QACH,CAAC;QAED,MAAM,CAAC,MAAmB,EAAE,QAAsB;YAChD,MAAM,KAAK,GAAG,SAAS,CAAC,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAA;YACvC,KAAK,EAAE,aAAa,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAA;QACrC,CAAC;QAED,SAAS,CAAC,MAAmB,EAAE,QAAyB;YACtD,MAAM,KAAK,GAAG,SAAS,CAAC,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAA;YACvC,KAAK,EAAE,gBAAgB,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAA;QACxC,CAAC;QAED,gBAAgB;YACd,OAAO,SAAS,CAAA;QAClB,CAAC;QAED,YAAY,CAAC,GAAW,EAAE,IAAmB;YAC3C,MAAM,KAAK,GAAG,SAAS,CAAC,GAAG,CAAC,GAAG,CAAC,CAAA;YAChC,IAAI,KAAK,EAAE,KAAK,EAAE,CAAC;gBACjB,KAAK,CAAC,KAAK,GAAG,KAAK,CAAA;gBACnB,KAAK,MAAM,EAAE,IAAI,KAAK,CAAC,aAAa,EAAE,CAAC;oBACrC,EAAE,CAAC,IAAI,EAAE,IAAI,CAAC,CAAA;gBAChB,CAAC;YACH,CAAC;QACH,CAAC;QAED,eAAe,CAAC,GAAW,EAAE,OAAoB;YAC/C,MAAM,KAAK,GAAG,SAAS,CAAC,GAAG,CAAC,GAAG,CAAC,CAAA;YAChC,IAAI,KAAK,EAAE,KAAK,EAAE,CAAC;gBACjB,KAAK,MAAM,EAAE,IAAI,KAAK,CAAC,gBAAgB,EAAE,CAAC;oBACxC,EAAE,CAAC,OAAO,CAAC,CAAA;gBACb,CAAC;YACH,CAAC;QACH,CAAC;KACF,CAAA;IAED,OAAO,WAAW,CAAA;AACpB,CAAC"}

package/dist/core/quarantine.d.ts

@@ -0,0 +1,95 @@
+/**
+ * Quarantine - priority-based evidence storage with eviction.
+ */
+import type { Severity } from '../types/common.js';
+import type { QuarantineConfig } from '../types/config.js';
+import type { EvidenceHandle, NeutralizationRecord, PurgeRecord } from '../types/evidence.js';
+import type { AuditChain } from './audit-chain.js';
+/** Result of insert operation */
+export interface InsertResult {
+    status: 'inserted' | 'duplicate';
+    existing?: EvidenceHandle;
+}
+/** Quarantine statistics */
+export interface QuarantineStats {
+    count: number;
+    bytes: number;
+    bySeverity: Record<Severity, number>;
+}
+/** Result of replace operation */
+export interface ReplaceResult {
+    status: 'replaced' | 'inserted_only';
+    neutralized?: NeutralizationRecord;
+    inserted: boolean;
+    duplicate?: EvidenceHandle;
+}
+/**
+ * Quarantine storage with priority-based eviction.
+ * Stores evidence by signature and evicts lowest priority when limits exceeded.
+ */
+export declare class Quarantine {
+    private config;
+    private auditChain;
+    private store;
+    private totalBytes;
+    constructor(config: QuarantineConfig, auditChain: AuditChain);
+    /**
+     * Insert evidence into quarantine.
+     * Triggers eviction if limits exceeded.
+     */
+    insert(evidence: EvidenceHandle): InsertResult;
+    /**
+     * Get evidence by signature.
+     */
+    get(signature: string): EvidenceHandle | null;
+    /**
+     * Check if signature exists in quarantine.
+     */
+    has(signature: string): boolean;
+    /**
+     * Neutralize evidence by signature.
+     * Removes from quarantine and appends to audit chain.
+     */
+    neutralize(signature: string): NeutralizationRecord | null;
+    /**
+     * Flush all evidence from quarantine.
+     * Returns all neutralization records.
+     */
+    flush(): NeutralizationRecord[];
+    /**
+     * Purge evidence by signature with explicit reason.
+     * Unlike neutralize, purge creates a PurgeRecord with reason metadata.
+     *
+     * @param signature - Evidence signature to purge
+     * @param reason - Reason for purge
+     * @returns PurgeRecord if found, null if not found
+     */
+    purge(signature: string, reason: 'timeout' | 'error' | 'abort' | 'panic'): PurgeRecord | null;
+    /**
+     * Replace evidence with new evidence atomically.
+     * Old evidence is neutralized and new evidence is inserted.
+     *
+     * @param oldSignature - Signature of evidence to replace
+     * @param newEvidence - New evidence to insert
+     * @returns Result with old neutralization record and new insert status
+     */
+    replace(oldSignature: string, newEvidence: EvidenceHandle): ReplaceResult;
+    /**
+     * Get current quarantine statistics.
+     */
+    get stats(): QuarantineStats;
+    /**
+     * Evict lowest priority evidence.
+     */
+    private evict;
+    /**
+     * Select evidence for eviction based on priority.
+     * Lowest severity first, then oldest.
+     */
+    private selectForEviction;
+    /**
+     * Check if quarantine exceeds configured limits.
+     */
+    private exceedsLimits;
+}
+//# sourceMappingURL=quarantine.d.ts.map

package/dist/core/quarantine.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"quarantine.d.ts","sourceRoot":"","sources":["../../src/core/quarantine.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,oBAAoB,CAAA;AAClD,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,oBAAoB,CAAA;AAC1D,OAAO,KAAK,EAAE,cAAc,EAAE,oBAAoB,EAAE,WAAW,EAAE,MAAM,sBAAsB,CAAA;AAC7F,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,kBAAkB,CAAA;AAElD,iCAAiC;AACjC,MAAM,WAAW,YAAY;IAC3B,MAAM,EAAE,UAAU,GAAG,WAAW,CAAA;IAChC,QAAQ,CAAC,EAAE,cAAc,CAAA;CAC1B;AAED,4BAA4B;AAC5B,MAAM,WAAW,eAAe;IAC9B,KAAK,EAAE,MAAM,CAAA;IACb,KAAK,EAAE,MAAM,CAAA;IACb,UAAU,EAAE,MAAM,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAA;CACrC;AAED,kCAAkC;AAClC,MAAM,WAAW,aAAa;IAC5B,MAAM,EAAE,UAAU,GAAG,eAAe,CAAA;IACpC,WAAW,CAAC,EAAE,oBAAoB,CAAA;IAClC,QAAQ,EAAE,OAAO,CAAA;IACjB,SAAS,CAAC,EAAE,cAAc,CAAA;CAC3B;AAUD;;;GAGG;AACH,qBAAa,UAAU;IAKnB,OAAO,CAAC,MAAM;IACd,OAAO,CAAC,UAAU;IALpB,OAAO,CAAC,KAAK,CAAoC;IACjD,OAAO,CAAC,UAAU,CAAI;gBAGZ,MAAM,EAAE,gBAAgB,EACxB,UAAU,EAAE,UAAU;IAGhC;;;OAGG;IACH,MAAM,CAAC,QAAQ,EAAE,cAAc,GAAG,YAAY;IAqB9C;;OAEG;IACH,GAAG,CAAC,SAAS,EAAE,MAAM,GAAG,cAAc,GAAG,IAAI;IAI7C;;OAEG;IACH,GAAG,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO;IAI/B;;;OAGG;IACH,UAAU,CAAC,SAAS,EAAE,MAAM,GAAG,oBAAoB,GAAG,IAAI;IAoB1D;;;OAGG;IACH,KAAK,IAAI,oBAAoB,EAAE;IAgB/B;;;;;;;OAOG;IACH,KAAK,CAAC,SAAS,EAAE,MAAM,EAAE,MAAM,EAAE,SAAS,GAAG,OAAO,GAAG,OAAO,GAAG,OAAO,GAAG,WAAW,GAAG,IAAI;IAqC7F;;;;;;;OAOG;IACH,OAAO,CAAC,YAAY,EAAE,MAAM,EAAE,WAAW,EAAE,cAAc,GAAG,aAAa;IAwBzE;;OAEG;IACH,IAAI,KAAK,IAAI,eAAe,CAiB3B;IAED;;OAEG;IACH,OAAO,CAAC,KAAK;IAoBb;;;OAGG;IACH,OAAO,CAAC,iBAAiB;IAgBzB;;OAEG;IACH,OAAO,CAAC,aAAa;CAGtB"}

package/dist/core/quarantine.js

@@ -0,0 +1,221 @@
+/**
+ * Quarantine - priority-based evidence storage with eviction.
+ */
+/** Severity ranking for eviction priority */
+const SEVERITY_RANK = {
+    low: 0,
+    medium: 1,
+    high: 2,
+    critical: 3,
+};
+/**
+ * Quarantine storage with priority-based eviction.
+ * Stores evidence by signature and evicts lowest priority when limits exceeded.
+ */
+export class Quarantine {
+    config;
+    auditChain;
+    store = new Map();
+    totalBytes = 0;
+    constructor(config, auditChain) {
+        this.config = config;
+        this.auditChain = auditChain;
+    }
+    /**
+     * Insert evidence into quarantine.
+     * Triggers eviction if limits exceeded.
+     */
+    insert(evidence) {
+        // Check duplicate
+        if (this.store.has(evidence.signature)) {
+            return {
+                status: 'duplicate',
+                existing: this.store.get(evidence.signature),
+            };
+        }
+        // Insert new evidence
+        this.store.set(evidence.signature, evidence);
+        this.totalBytes += evidence.size;
+        // Evict if limits exceeded
+        while (this.exceedsLimits()) {
+            this.evict(1);
+        }
+        return { status: 'inserted' };
+    }
+    /**
+     * Get evidence by signature.
+     */
+    get(signature) {
+        return this.store.get(signature) ?? null;
+    }
+    /**
+     * Check if signature exists in quarantine.
+     */
+    has(signature) {
+        return this.store.has(signature);
+    }
+    /**
+     * Neutralize evidence by signature.
+     * Removes from quarantine and appends to audit chain.
+     */
+    neutralize(signature) {
+        const evidence = this.store.get(signature);
+        if (!evidence) {
+            return null;
+        }
+        // Get size before neutralize (evidence will be disposed)
+        const size = evidence.size;
+        // Neutralize with audit chain
+        const record = evidence.neutralize(this.auditChain.lastHash);
+        this.auditChain.append(record);
+        // Remove from store
+        this.store.delete(signature);
+        this.totalBytes -= size;
+        return record;
+    }
+    /**
+     * Flush all evidence from quarantine.
+     * Returns all neutralization records.
+     */
+    flush() {
+        const records = [];
+        for (const [_signature, evidence] of this.store) {
+            const record = evidence.neutralize(this.auditChain.lastHash);
+            this.auditChain.append(record);
+            records.push(record);
+        }
+        // Clear store
+        this.store.clear();
+        this.totalBytes = 0;
+        return records;
+    }
+    /**
+     * Purge evidence by signature with explicit reason.
+     * Unlike neutralize, purge creates a PurgeRecord with reason metadata.
+     *
+     * @param signature - Evidence signature to purge
+     * @param reason - Reason for purge
+     * @returns PurgeRecord if found, null if not found
+     */
+    purge(signature, reason) {
+        const evidence = this.store.get(signature);
+        if (!evidence) {
+            return null;
+        }
+        const size = evidence.size;
+        const hash = evidence.hash;
+        // Create purge record before disposing
+        const record = {
+            id: `prg-${Date.now()}-${Math.random().toString(36).slice(2, 8)}`,
+            reason,
+            scent: {
+                id: evidence.signature, // Using signature as proxy for scent ID
+                source: 'unknown', // Not available from evidence handle
+                timestamp: evidence.captured,
+                payloadHash: hash,
+                payloadSize: size,
+            },
+            purgeTimestamp: Date.now(),
+        };
+        // Dispose evidence (force cleanup without audit chain)
+        try {
+            evidence.transfer(); // Transfer ownership to force disposal
+        }
+        catch {
+            // Already disposed, ignore
+        }
+        // Remove from store
+        this.store.delete(signature);
+        this.totalBytes -= size;
+        return record;
+    }
+    /**
+     * Replace evidence with new evidence atomically.
+     * Old evidence is neutralized and new evidence is inserted.
+     *
+     * @param oldSignature - Signature of evidence to replace
+     * @param newEvidence - New evidence to insert
+     * @returns Result with old neutralization record and new insert status
+     */
+    replace(oldSignature, newEvidence) {
+        // First, neutralize old evidence
+        const neutralized = this.neutralize(oldSignature);
+        if (!neutralized) {
+            // Old evidence not found, just insert new
+            const insertResult = this.insert(newEvidence);
+            return {
+                status: 'inserted_only',
+                inserted: insertResult.status === 'inserted',
+            };
+        }
+        // Insert new evidence
+        const insertResult = this.insert(newEvidence);
+        return {
+            status: 'replaced',
+            neutralized,
+            inserted: insertResult.status === 'inserted',
+            ...(insertResult.status === 'duplicate' && { duplicate: insertResult.existing }),
+        };
+    }
+    /**
+     * Get current quarantine statistics.
+     */
+    get stats() {
+        const bySeverity = {
+            low: 0,
+            medium: 0,
+            high: 0,
+            critical: 0,
+        };
+        for (const evidence of this.store.values()) {
+            bySeverity[evidence.severity]++;
+        }
+        return {
+            count: this.store.size,
+            bytes: this.totalBytes,
+            bySeverity,
+        };
+    }
+    /**
+     * Evict lowest priority evidence.
+     */
+    evict(count) {
+        const victims = this.selectForEviction(count);
+        for (const evidence of victims) {
+            const size = evidence.size;
+            const signature = evidence.signature;
+            // Neutralize and append to audit chain
+            const record = evidence.neutralize(this.auditChain.lastHash);
+            this.auditChain.append(record);
+            // Remove from store
+            this.store.delete(signature);
+            this.totalBytes -= size;
+            // NOTE: Eviction is tracked via audit chain neutralization record.
+            // High/critical severity alerts are handled by Watcher observing quarantine stats.
+        }
+    }
+    /**
+     * Select evidence for eviction based on priority.
+     * Lowest severity first, then oldest.
+     */
+    selectForEviction(count) {
+        const all = Array.from(this.store.values());
+        // Sort: lowest severity first, then oldest
+        all.sort((a, b) => {
+            const severityDiff = SEVERITY_RANK[a.severity] - SEVERITY_RANK[b.severity];
+            if (severityDiff !== 0) {
+                return severityDiff;
+            }
+            // Same severity: oldest first
+            return a.captured - b.captured;
+        });
+        return all.slice(0, count);
+    }
+    /**
+     * Check if quarantine exceeds configured limits.
+     */
+    exceedsLimits() {
+        return this.store.size > this.config.maxCount || this.totalBytes > this.config.maxBytes;
+    }
+}
+//# sourceMappingURL=quarantine.js.map

package/dist/core/quarantine.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"quarantine.js","sourceRoot":"","sources":["../../src/core/quarantine.ts"],"names":[],"mappings":"AAAA;;GAEG;AA4BH,6CAA6C;AAC7C,MAAM,aAAa,GAA6B;IAC9C,GAAG,EAAE,CAAC;IACN,MAAM,EAAE,CAAC;IACT,IAAI,EAAE,CAAC;IACP,QAAQ,EAAE,CAAC;CACZ,CAAA;AAED;;;GAGG;AACH,MAAM,OAAO,UAAU;IAKX;IACA;IALF,KAAK,GAAG,IAAI,GAAG,EAA0B,CAAA;IACzC,UAAU,GAAG,CAAC,CAAA;IAEtB,YACU,MAAwB,EACxB,UAAsB;QADtB,WAAM,GAAN,MAAM,CAAkB;QACxB,eAAU,GAAV,UAAU,CAAY;IAC7B,CAAC;IAEJ;;;OAGG;IACH,MAAM,CAAC,QAAwB;QAC7B,kBAAkB;QAClB,IAAI,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,QAAQ,CAAC,SAAS,CAAC,EAAE,CAAC;YACvC,OAAO;gBACL,MAAM,EAAE,WAAW;gBACnB,QAAQ,EAAE,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,QAAQ,CAAC,SAAS,CAAE;aAC9C,CAAA;QACH,CAAC;QAED,sBAAsB;QACtB,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,QAAQ,CAAC,SAAS,EAAE,QAAQ,CAAC,CAAA;QAC5C,IAAI,CAAC,UAAU,IAAI,QAAQ,CAAC,IAAI,CAAA;QAEhC,2BAA2B;QAC3B,OAAO,IAAI,CAAC,aAAa,EAAE,EAAE,CAAC;YAC5B,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAA;QACf,CAAC;QAED,OAAO,EAAE,MAAM,EAAE,UAAU,EAAE,CAAA;IAC/B,CAAC;IAED;;OAEG;IACH,GAAG,CAAC,SAAiB;QACnB,OAAO,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,SAAS,CAAC,IAAI,IAAI,CAAA;IAC1C,CAAC;IAED;;OAEG;IACH,GAAG,CAAC,SAAiB;QACnB,OAAO,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,SAAS,CAAC,CAAA;IAClC,CAAC;IAED;;;OAGG;IACH,UAAU,CAAC,SAAiB;QAC1B,MAAM,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,SAAS,CAAC,CAAA;QAC1C,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,OAAO,IAAI,CAAA;QACb,CAAC;QAED,yDAAyD;QACzD,MAAM,IAAI,GAAG,QAAQ,CAAC,IAAI,CAAA;QAE1B,8BAA8B;QAC9B,MAAM,MAAM,GAAG,QAAQ,CAAC,UAAU,CAAC,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAA;QAC5D,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,MAAM,CAAC,CAAA;QAE9B,oBAAoB;QACpB,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,SAAS,CAAC,CAAA;QAC5B,IAAI,CAAC,UAAU,IAAI,IAAI,CAAA;QAEvB,OAAO,MAAM,CAAA;IACf,CAAC;IAED;;;OAGG;IACH,KAAK;QACH,MAAM,OAAO,GAA2B,EAAE,CAAA;QAE1C,KAAK,MAAM,CAAC,UAAU,EAAE,QAAQ,CAAC,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;YAChD,MAAM,MAAM,GAAG,QAAQ,CAAC,UAAU,CAAC,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAA;YAC5D,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,MAAM,CAAC,CAAA;YAC9B,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,CAAA;QACtB,CAAC;QAED,cAAc;QACd,IAAI,CAAC,KAAK,CAAC,KAAK,EAAE,CAAA;QAClB,IAAI,CAAC,UAAU,GAAG,CAAC,CAAA;QAEnB,OAAO,OAAO,CAAA;IAChB,CAAC;IAED;;;;;;;OAOG;IACH,KAAK,CAAC,SAAiB,EAAE,MAA+C;QACtE,MAAM,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,SAAS,CAAC,CAAA;QAC1C,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,OAAO,IAAI,CAAA;QACb,CAAC;QAED,MAAM,IAAI,GAAG,QAAQ,CAAC,IAAI,CAAA;QAC1B,MAAM,IAAI,GAAG,QAAQ,CAAC,IAAI,CAAA;QAE1B,uCAAuC;QACvC,MAAM,MAAM,GAAgB;YAC1B,EAAE,EAAE,OAAO,IAAI,CAAC,GAAG,EAAE,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE;YACjE,MAAM;YACN,KAAK,EAAE;gBACL,EAAE,EAAE,QAAQ,CAAC,SAAS,EAAE,wCAAwC;gBAChE,MAAM,EAAE,SAAS,EAAE,qCAAqC;gBACxD,SAAS,EAAE,QAAQ,CAAC,QAAQ;gBAC5B,WAAW,EAAE,IAAI;gBACjB,WAAW,EAAE,IAAI;aAClB;YACD,cAAc,EAAE,IAAI,CAAC,GAAG,EAAE;SAC3B,CAAA;QAED,uDAAuD;QACvD,IAAI,CAAC;YACH,QAAQ,CAAC,QAAQ,EAAE,CAAA,CAAC,uCAAuC;QAC7D,CAAC;QAAC,MAAM,CAAC;YACP,2BAA2B;QAC7B,CAAC;QAED,oBAAoB;QACpB,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,SAAS,CAAC,CAAA;QAC5B,IAAI,CAAC,UAAU,IAAI,IAAI,CAAA;QAEvB,OAAO,MAAM,CAAA;IACf,CAAC;IAED;;;;;;;OAOG;IACH,OAAO,CAAC,YAAoB,EAAE,WAA2B;QACvD,iCAAiC;QACjC,MAAM,WAAW,GAAG,IAAI,CAAC,UAAU,CAAC,YAAY,CAAC,CAAA;QAEjD,IAAI,CAAC,WAAW,EAAE,CAAC;YACjB,0CAA0C;YAC1C,MAAM,YAAY,GAAG,IAAI,CAAC,MAAM,CAAC,WAAW,CAAC,CAAA;YAC7C,OAAO;gBACL,MAAM,EAAE,eAAe;gBACvB,QAAQ,EAAE,YAAY,CAAC,MAAM,KAAK,UAAU;aAC7C,CAAA;QACH,CAAC;QAED,sBAAsB;QACtB,MAAM,YAAY,GAAG,IAAI,CAAC,MAAM,CAAC,WAAW,CAAC,CAAA;QAE7C,OAAO;YACL,MAAM,EAAE,UAAU;YAClB,WAAW;YACX,QAAQ,EAAE,YAAY,CAAC,MAAM,KAAK,UAAU;YAC5C,GAAG,CAAC,YAAY,CAAC,MAAM,KAAK,WAAW,IAAI,EAAE,SAAS,EAAE,YAAY,CAAC,QAAQ,EAAE,CAAC;SACjF,CAAA;IACH,CAAC;IAED;;OAEG;IACH,IAAI,KAAK;QACP,MAAM,UAAU,GAA6B;YAC3C,GAAG,EAAE,CAAC;YACN,MAAM,EAAE,CAAC;YACT,IAAI,EAAE,CAAC;YACP,QAAQ,EAAE,CAAC;SACZ,CAAA;QAED,KAAK,MAAM,QAAQ,IAAI,IAAI,CAAC,KAAK,CAAC,MAAM,EAAE,EAAE,CAAC;YAC3C,UAAU,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAA;QACjC,CAAC;QAED,OAAO;YACL,KAAK,EAAE,IAAI,CAAC,KAAK,CAAC,IAAI;YACtB,KAAK,EAAE,IAAI,CAAC,UAAU;YACtB,UAAU;SACX,CAAA;IACH,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,KAAa;QACzB,MAAM,OAAO,GAAG,IAAI,CAAC,iBAAiB,CAAC,KAAK,CAAC,CAAA;QAE7C,KAAK,MAAM,QAAQ,IAAI,OAAO,EAAE,CAAC;YAC/B,MAAM,IAAI,GAAG,QAAQ,CAAC,IAAI,CAAA;YAC1B,MAAM,SAAS,GAAG,QAAQ,CAAC,SAAS,CAAA;YAEpC,uCAAuC;YACvC,MAAM,MAAM,GAAG,QAAQ,CAAC,UAAU,CAAC,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAA;YAC5D,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,MAAM,CAAC,CAAA;YAE9B,oBAAoB;YACpB,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,SAAS,CAAC,CAAA;YAC5B,IAAI,CAAC,UAAU,IAAI,IAAI,CAAA;YAEvB,mEAAmE;YACnE,mFAAmF;QACrF,CAAC;IACH,CAAC;IAED;;;OAGG;IACK,iBAAiB,CAAC,KAAa;QACrC,MAAM,GAAG,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC,CAAA;QAE3C,2CAA2C;QAC3C,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE;YAChB,MAAM,YAAY,GAAG,aAAa,CAAC,CAAC,CAAC,QAAQ,CAAC,GAAG,aAAa,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAA;YAC1E,IAAI,YAAY,KAAK,CAAC,EAAE,CAAC;gBACvB,OAAO,YAAY,CAAA;YACrB,CAAC;YACD,8BAA8B;YAC9B,OAAO,CAAC,CAAC,QAAQ,GAAG,CAAC,CAAC,QAAQ,CAAA;QAChC,CAAC,CAAC,CAAA;QAEF,OAAO,GAAG,CAAC,KAAK,CAAC,CAAC,EAAE,KAAK,CAAC,CAAA;IAC5B,CAAC;IAED;;OAEG;IACK,aAAa;QACnB,OAAO,IAAI,CAAC,KAAK,CAAC,IAAI,GAAG,IAAI,CAAC,MAAM,CAAC,QAAQ,IAAI,IAAI,CAAC,UAAU,GAAG,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAA;IACzF,CAAC;CACF"}

package/dist/core/rate-limiter.d.ts

@@ -0,0 +1,94 @@
+/**
+ * Rate Limiter - sliding window with per-source tracking and cleanup.
+ *
+ * SECURITY: Prevents pool exhaustion DoS by early rejection.
+ * Memory Safety: TTL-based cleanup prevents memory leaks.
+ */
+import type { RateLimitConfig } from '../types/config.js';
+/**
+ * Result of a rate limit check.
+ */
+export type RateLimitResult = {
+    allowed: true;
+} | {
+    allowed: false;
+    /** True if source is in block penalty period */
+    blocked: boolean;
+    /** Milliseconds until source can retry */
+    retryAfter: number;
+    /** Human-readable reason */
+    reason: string;
+};
+/**
+ * Rate limiter interface per RFC-0000.
+ */
+export interface IRateLimiter {
+    /**
+     * Check if source is allowed to proceed.
+     * @param source - Source identifier (IP, API key, etc.)
+     */
+    check(source: string): RateLimitResult;
+    /**
+     * Reset rate limit for a specific source.
+     * Used for manual unblocking.
+     * @param source - Source identifier
+     */
+    reset(source: string): void;
+    /**
+     * Clean up stale entries to prevent memory leaks.
+     * Should be called periodically.
+     * @returns Number of entries cleaned
+     */
+    cleanup(): number;
+    /**
+     * Get current statistics.
+     */
+    readonly stats: RateLimiterStats;
+}
+/**
+ * Rate limiter statistics.
+ */
+export interface RateLimiterStats {
+    /** Total tracked sources */
+    sources: number;
+    /** Currently blocked sources */
+    blocked: number;
+    /** Total checks performed */
+    totalChecks: number;
+    /** Total rejections */
+    totalRejections: number;
+}
+/**
+ * Sliding window rate limiter implementation.
+ *
+ * Algorithm:
+ * 1. Maintain list of request timestamps per source
+ * 2. On check, remove timestamps outside window
+ * 3. If count >= maxRequests, reject and optionally block
+ * 4. Otherwise, record timestamp and allow
+ *
+ * Block State:
+ * - After maxRequests exceeded, source enters blockDurationMs penalty
+ * - During block, all requests rejected with blocked: true
+ * - After block expires, source can accumulate requests again
+ */
+export declare class RateLimiter implements IRateLimiter {
+    private readonly sources;
+    private readonly config;
+    private totalChecks;
+    private totalRejections;
+    constructor(config: RateLimitConfig);
+    check(source: string): RateLimitResult;
+    reset(source: string): void;
+    cleanup(): number;
+    get stats(): RateLimiterStats;
+}
+/**
+ * Create a rate limiter instance.
+ * Factory function for end users.
+ *
+ * @param config - Rate limit configuration
+ * @returns Rate limiter instance
+ */
+export declare function createRateLimiter(config: RateLimitConfig): IRateLimiter;
+//# sourceMappingURL=rate-limiter.d.ts.map

package/dist/core/rate-limiter.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"rate-limiter.d.ts","sourceRoot":"","sources":["../../src/core/rate-limiter.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,oBAAoB,CAAA;AAEzD;;GAEG;AACH,MAAM,MAAM,eAAe,GACvB;IAAE,OAAO,EAAE,IAAI,CAAA;CAAE,GACjB;IACE,OAAO,EAAE,KAAK,CAAA;IACd,gDAAgD;IAChD,OAAO,EAAE,OAAO,CAAA;IAChB,0CAA0C;IAC1C,UAAU,EAAE,MAAM,CAAA;IAClB,4BAA4B;IAC5B,MAAM,EAAE,MAAM,CAAA;CACf,CAAA;AAcL;;GAEG;AACH,MAAM,WAAW,YAAY;IAC3B;;;OAGG;IACH,KAAK,CAAC,MAAM,EAAE,MAAM,GAAG,eAAe,CAAA;IAEtC;;;;OAIG;IACH,KAAK,CAAC,MAAM,EAAE,MAAM,GAAG,IAAI,CAAA;IAE3B;;;;OAIG;IACH,OAAO,IAAI,MAAM,CAAA;IAEjB;;OAEG;IACH,QAAQ,CAAC,KAAK,EAAE,gBAAgB,CAAA;CACjC;AAED;;GAEG;AACH,MAAM,WAAW,gBAAgB;IAC/B,4BAA4B;IAC5B,OAAO,EAAE,MAAM,CAAA;IACf,gCAAgC;IAChC,OAAO,EAAE,MAAM,CAAA;IACf,6BAA6B;IAC7B,WAAW,EAAE,MAAM,CAAA;IACnB,uBAAuB;IACvB,eAAe,EAAE,MAAM,CAAA;CACxB;AAED;;;;;;;;;;;;;GAaG;AACH,qBAAa,WAAY,YAAW,YAAY;IAC9C,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAiC;IACzD,OAAO,CAAC,QAAQ,CAAC,MAAM,CAA2B;IAClD,OAAO,CAAC,WAAW,CAAI;IACvB,OAAO,CAAC,eAAe,CAAI;gBAEf,MAAM,EAAE,eAAe;IAmBnC,KAAK,CAAC,MAAM,EAAE,MAAM,GAAG,eAAe;IA4EtC,KAAK,CAAC,MAAM,EAAE,MAAM,GAAG,IAAI;IAI3B,OAAO,IAAI,MAAM;IAsBjB,IAAI,KAAK,IAAI,gBAAgB,CAgB5B;CACF;AAED;;;;;;GAMG;AACH,wBAAgB,iBAAiB,CAAC,MAAM,EAAE,eAAe,GAAG,YAAY,CAEvE"}

package/dist/core/rate-limiter.js

@@ -0,0 +1,156 @@
+/**
+ * Rate Limiter - sliding window with per-source tracking and cleanup.
+ *
+ * SECURITY: Prevents pool exhaustion DoS by early rejection.
+ * Memory Safety: TTL-based cleanup prevents memory leaks.
+ */
+/**
+ * Sliding window rate limiter implementation.
+ *
+ * Algorithm:
+ * 1. Maintain list of request timestamps per source
+ * 2. On check, remove timestamps outside window
+ * 3. If count >= maxRequests, reject and optionally block
+ * 4. Otherwise, record timestamp and allow
+ *
+ * Block State:
+ * - After maxRequests exceeded, source enters blockDurationMs penalty
+ * - During block, all requests rejected with blocked: true
+ * - After block expires, source can accumulate requests again
+ */
+export class RateLimiter {
+    sources = new Map();
+    config;
+    totalChecks = 0;
+    totalRejections = 0;
+    constructor(config) {
+        // Validate config
+        if (config.windowMs <= 0) {
+            throw new Error('windowMs must be positive');
+        }
+        if (config.maxRequests <= 0) {
+            throw new Error('maxRequests must be positive');
+        }
+        if (config.blockDurationMs < 0) {
+            throw new Error('blockDurationMs cannot be negative');
+        }
+        this.config = {
+            windowMs: config.windowMs,
+            maxRequests: config.maxRequests,
+            blockDurationMs: config.blockDurationMs,
+        };
+    }
+    check(source) {
+        this.totalChecks++;
+        const now = Date.now();
+        // Get or create source entry
+        let entry = this.sources.get(source);
+        if (!entry) {
+            entry = {
+                timestamps: [],
+                blockedUntil: null,
+                lastActivity: now,
+            };
+            this.sources.set(source, entry);
+        }
+        // Update last activity
+        entry.lastActivity = now;
+        // Check if currently blocked
+        if (entry.blockedUntil !== null) {
+            if (now < entry.blockedUntil) {
+                // Still blocked
+                this.totalRejections++;
+                return {
+                    allowed: false,
+                    blocked: true,
+                    retryAfter: entry.blockedUntil - now,
+                    reason: 'Source is blocked due to rate limit violation',
+                };
+            }
+            else {
+                // Block expired, clear it
+                entry.blockedUntil = null;
+                entry.timestamps = [];
+            }
+        }
+        // Remove timestamps outside current window
+        const windowStart = now - this.config.windowMs;
+        entry.timestamps = entry.timestamps.filter((ts) => ts > windowStart);
+        // Check if limit exceeded
+        if (entry.timestamps.length >= this.config.maxRequests) {
+            this.totalRejections++;
+            // Apply block if configured
+            if (this.config.blockDurationMs > 0) {
+                entry.blockedUntil = now + this.config.blockDurationMs;
+                return {
+                    allowed: false,
+                    blocked: true,
+                    retryAfter: this.config.blockDurationMs,
+                    reason: 'Rate limit exceeded, source blocked',
+                };
+            }
+            // No block, just sliding window rejection
+            const oldestInWindow = entry.timestamps[0];
+            // Defensive check (should never happen since length >= maxRequests)
+            const retryAfter = oldestInWindow !== undefined
+                ? oldestInWindow + this.config.windowMs - now
+                : this.config.windowMs;
+            return {
+                allowed: false,
+                blocked: false,
+                retryAfter: Math.max(0, retryAfter),
+                reason: 'Rate limit exceeded within sliding window',
+            };
+        }
+        // Allow and record timestamp
+        entry.timestamps.push(now);
+        return { allowed: true };
+    }
+    reset(source) {
+        this.sources.delete(source);
+    }
+    cleanup() {
+        const now = Date.now();
+        // Stale threshold: no activity for window + block duration
+        const staleThreshold = now - this.config.windowMs - this.config.blockDurationMs;
+        let cleaned = 0;
+        for (const [source, entry] of this.sources) {
+            // Remove if:
+            // 1. Not blocked AND last activity older than stale threshold
+            // 2. OR blocked but block already expired AND stale
+            const isExpiredBlock = entry.blockedUntil !== null && entry.blockedUntil < now;
+            const isStale = entry.lastActivity < staleThreshold;
+            if (isStale && (entry.blockedUntil === null || isExpiredBlock)) {
+                this.sources.delete(source);
+                cleaned++;
+            }
+        }
+        return cleaned;
+    }
+    get stats() {
+        let blocked = 0;
+        const now = Date.now();
+        for (const entry of this.sources.values()) {
+            if (entry.blockedUntil !== null && entry.blockedUntil > now) {
+                blocked++;
+            }
+        }
+        return {
+            sources: this.sources.size,
+            blocked,
+            totalChecks: this.totalChecks,
+            totalRejections: this.totalRejections,
+        };
+    }
+}
+/**
+ * Create a rate limiter instance.
+ * Factory function for end users.
+ *
+ * @param config - Rate limit configuration
+ * @returns Rate limiter instance
+ */
+export function createRateLimiter(config) {
+    return new RateLimiter(config);
+}
+//# sourceMappingURL=rate-limiter.js.map

package/dist/core/rate-limiter.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"rate-limiter.js","sourceRoot":"","sources":["../../src/core/rate-limiter.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AA2EH;;;;;;;;;;;;;GAaG;AACH,MAAM,OAAO,WAAW;IACL,OAAO,GAAG,IAAI,GAAG,EAAuB,CAAA;IACxC,MAAM,CAA2B;IAC1C,WAAW,GAAG,CAAC,CAAA;IACf,eAAe,GAAG,CAAC,CAAA;IAE3B,YAAY,MAAuB;QACjC,kBAAkB;QAClB,IAAI,MAAM,CAAC,QAAQ,IAAI,CAAC,EAAE,CAAC;YACzB,MAAM,IAAI,KAAK,CAAC,2BAA2B,CAAC,CAAA;QAC9C,CAAC;QACD,IAAI,MAAM,CAAC,WAAW,IAAI,CAAC,EAAE,CAAC;YAC5B,MAAM,IAAI,KAAK,CAAC,8BAA8B,CAAC,CAAA;QACjD,CAAC;QACD,IAAI,MAAM,CAAC,eAAe,GAAG,CAAC,EAAE,CAAC;YAC/B,MAAM,IAAI,KAAK,CAAC,oCAAoC,CAAC,CAAA;QACvD,CAAC;QAED,IAAI,CAAC,MAAM,GAAG;YACZ,QAAQ,EAAE,MAAM,CAAC,QAAQ;YACzB,WAAW,EAAE,MAAM,CAAC,WAAW;YAC/B,eAAe,EAAE,MAAM,CAAC,eAAe;SACxC,CAAA;IACH,CAAC;IAED,KAAK,CAAC,MAAc;QAClB,IAAI,CAAC,WAAW,EAAE,CAAA;QAClB,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAA;QAEtB,6BAA6B;QAC7B,IAAI,KAAK,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,CAAA;QACpC,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,KAAK,GAAG;gBACN,UAAU,EAAE,EAAE;gBACd,YAAY,EAAE,IAAI;gBAClB,YAAY,EAAE,GAAG;aAClB,CAAA;YACD,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,MAAM,EAAE,KAAK,CAAC,CAAA;QACjC,CAAC;QAED,uBAAuB;QACvB,KAAK,CAAC,YAAY,GAAG,GAAG,CAAA;QAExB,6BAA6B;QAC7B,IAAI,KAAK,CAAC,YAAY,KAAK,IAAI,EAAE,CAAC;YAChC,IAAI,GAAG,GAAG,KAAK,CAAC,YAAY,EAAE,CAAC;gBAC7B,gBAAgB;gBAChB,IAAI,CAAC,eAAe,EAAE,CAAA;gBACtB,OAAO;oBACL,OAAO,EAAE,KAAK;oBACd,OAAO,EAAE,IAAI;oBACb,UAAU,EAAE,KAAK,CAAC,YAAY,GAAG,GAAG;oBACpC,MAAM,EAAE,+CAA+C;iBACxD,CAAA;YACH,CAAC;iBAAM,CAAC;gBACN,0BAA0B;gBAC1B,KAAK,CAAC,YAAY,GAAG,IAAI,CAAA;gBACzB,KAAK,CAAC,UAAU,GAAG,EAAE,CAAA;YACvB,CAAC;QACH,CAAC;QAED,2CAA2C;QAC3C,MAAM,WAAW,GAAG,GAAG,GAAG,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAA;QAC9C,KAAK,CAAC,UAAU,GAAG,KAAK,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,GAAG,WAAW,CAAC,CAAA;QAEpE,0BAA0B;QAC1B,IAAI,KAAK,CAAC,UAAU,CAAC,MAAM,IAAI,IAAI,CAAC,MAAM,CAAC,WAAW,EAAE,CAAC;YACvD,IAAI,CAAC,eAAe,EAAE,CAAA;YAEtB,4BAA4B;YAC5B,IAAI,IAAI,CAAC,MAAM,CAAC,eAAe,GAAG,CAAC,EAAE,CAAC;gBACpC,KAAK,CAAC,YAAY,GAAG,GAAG,GAAG,IAAI,CAAC,MAAM,CAAC,eAAe,CAAA;gBACtD,OAAO;oBACL,OAAO,EAAE,KAAK;oBACd,OAAO,EAAE,IAAI;oBACb,UAAU,EAAE,IAAI,CAAC,MAAM,CAAC,eAAe;oBACvC,MAAM,EAAE,qCAAqC;iBAC9C,CAAA;YACH,CAAC;YAED,0CAA0C;YAC1C,MAAM,cAAc,GAAG,KAAK,CAAC,UAAU,CAAC,CAAC,CAAC,CAAA;YAC1C,oEAAoE;YACpE,MAAM,UAAU,GACd,cAAc,KAAK,SAAS;gBAC1B,CAAC,CAAC,cAAc,GAAG,IAAI,CAAC,MAAM,CAAC,QAAQ,GAAG,GAAG;gBAC7C,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAA;YAE1B,OAAO;gBACL,OAAO,EAAE,KAAK;gBACd,OAAO,EAAE,KAAK;gBACd,UAAU,EAAE,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,UAAU,CAAC;gBACnC,MAAM,EAAE,2CAA2C;aACpD,CAAA;QACH,CAAC;QAED,6BAA6B;QAC7B,KAAK,CAAC,UAAU,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;QAC1B,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,CAAA;IAC1B,CAAC;IAED,KAAK,CAAC,MAAc;QAClB,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,MAAM,CAAC,CAAA;IAC7B,CAAC;IAED,OAAO;QACL,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAA;QACtB,2DAA2D;QAC3D,MAAM,cAAc,GAAG,GAAG,GAAG,IAAI,CAAC,MAAM,CAAC,QAAQ,GAAG,IAAI,CAAC,MAAM,CAAC,eAAe,CAAA;QAE/E,IAAI,OAAO,GAAG,CAAC,CAAA;QACf,KAAK,MAAM,CAAC,MAAM,EAAE,KAAK,CAAC,IAAI,IAAI,CAAC,OAAO,EAAE,CAAC;YAC3C,aAAa;YACb,8DAA8D;YAC9D,oDAAoD;YACpD,MAAM,cAAc,GAAG,KAAK,CAAC,YAAY,KAAK,IAAI,IAAI,KAAK,CAAC,YAAY,GAAG,GAAG,CAAA;YAC9E,MAAM,OAAO,GAAG,KAAK,CAAC,YAAY,GAAG,cAAc,CAAA;YAEnD,IAAI,OAAO,IAAI,CAAC,KAAK,CAAC,YAAY,KAAK,IAAI,IAAI,cAAc,CAAC,EAAE,CAAC;gBAC/D,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,MAAM,CAAC,CAAA;gBAC3B,OAAO,EAAE,CAAA;YACX,CAAC;QACH,CAAC;QAED,OAAO,OAAO,CAAA;IAChB,CAAC;IAED,IAAI,KAAK;QACP,IAAI,OAAO,GAAG,CAAC,CAAA;QACf,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAA;QAEtB,KAAK,MAAM,KAAK,IAAI,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC;YAC1C,IAAI,KAAK,CAAC,YAAY,KAAK,IAAI,IAAI,KAAK,CAAC,YAAY,GAAG,GAAG,EAAE,CAAC;gBAC5D,OAAO,EAAE,CAAA;YACX,CAAC;QACH,CAAC;QAED,OAAO;YACL,OAAO,EAAE,IAAI,CAAC,OAAO,CAAC,IAAI;YAC1B,OAAO;YACP,WAAW,EAAE,IAAI,CAAC,WAAW;YAC7B,eAAe,EAAE,IAAI,CAAC,eAAe;SACtC,CAAA;IACH,CAAC;CACF;AAED;;;;;;GAMG;AACH,MAAM,UAAU,iBAAiB,CAAC,MAAuB;IACvD,OAAO,IAAI,WAAW,CAAC,MAAM,CAAC,CAAA;AAChC,CAAC"}