@ucptools/validator 1.0.0 → 1.0.1

package/dist/security/security-scanner.js

@@ -0,0 +1,541 @@
+"use strict";
+/**
+ * Security Posture Scanner for UCP Endpoints
+ * Scans UCP endpoints for common security misconfigurations
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.scanEndpointSecurity = scanEndpointSecurity;
+const types_js_1 = require("./types.js");
+const DEFAULT_TIMEOUT_MS = 15000;
+/**
+ * Run a full security scan on a UCP endpoint
+ */
+async function scanEndpointSecurity(domain, options = {}) {
+    const timeoutMs = options.timeoutMs || DEFAULT_TIMEOUT_MS;
+    const checks = [];
+    // Normalize domain
+    const normalizedDomain = domain.replace(/^https?:\/\//, '').replace(/\/.*$/, '');
+    const endpoint = `https://${normalizedDomain}/.well-known/ucp`;
+    // Run all security checks
+    checks.push(await checkHttpsRequired(normalizedDomain));
+    checks.push(await checkPrivateIp(normalizedDomain));
+    // Fetch the endpoint to analyze response
+    const response = await fetchEndpointSafely(endpoint, timeoutMs);
+    if (response.success && response.response && response.headers && response.body !== undefined) {
+        checks.push(await checkTlsVersion(endpoint, response.response));
+        checks.push(await checkCorsConfiguration(response.response, response.headers));
+        checks.push(await checkSecurityHeaders(response.headers));
+        checks.push(await checkContentType(response.headers));
+        checks.push(await checkRateLimiting(response.headers));
+        checks.push(await checkCacheHeaders(response.headers));
+        checks.push(await checkErrorDisclosure(response.body));
+        checks.push(checkResponseTime(response.responseTimeMs));
+    }
+    else {
+        // Endpoint not reachable - add skip results
+        checks.push(createSkippedCheck(types_js_1.SecurityCheckIds.TLS_VERSION, 'TLS Version', 'Endpoint not reachable'));
+        checks.push(createSkippedCheck(types_js_1.SecurityCheckIds.CORS_CONFIG, 'CORS Configuration', 'Endpoint not reachable'));
+        checks.push(createSkippedCheck(types_js_1.SecurityCheckIds.SECURITY_HEADERS, 'Security Headers', 'Endpoint not reachable'));
+        checks.push(createSkippedCheck(types_js_1.SecurityCheckIds.CONTENT_TYPE, 'Content-Type', 'Endpoint not reachable'));
+        checks.push(createSkippedCheck(types_js_1.SecurityCheckIds.RATE_LIMITING, 'Rate Limiting', 'Endpoint not reachable'));
+        checks.push(createSkippedCheck(types_js_1.SecurityCheckIds.CACHE_HEADERS, 'Cache Headers', 'Endpoint not reachable'));
+        checks.push(createSkippedCheck(types_js_1.SecurityCheckIds.ERROR_DISCLOSURE, 'Error Disclosure', 'Endpoint not reachable'));
+        checks.push(createSkippedCheck(types_js_1.SecurityCheckIds.RESPONSE_TIME, 'Response Time', 'Endpoint not reachable'));
+    }
+    // Calculate score and grade
+    const summary = calculateSummary(checks);
+    const score = calculateScore(checks);
+    const grade = calculateGrade(score);
+    return {
+        domain: normalizedDomain,
+        endpoint,
+        scanned_at: new Date().toISOString(),
+        score,
+        grade,
+        checks,
+        summary,
+    };
+}
+/**
+ * Fetch endpoint safely with timeout
+ */
+async function fetchEndpointSafely(url, timeoutMs) {
+    const controller = new AbortController();
+    const timeoutId = setTimeout(() => controller.abort(), timeoutMs);
+    const startTime = Date.now();
+    try {
+        const response = await fetch(url, {
+            signal: controller.signal,
+            headers: {
+                'Accept': 'application/json',
+                'User-Agent': 'UCP-Security-Scanner/1.0',
+                'Origin': 'https://ucptools.dev',
+            },
+        });
+        clearTimeout(timeoutId);
+        const responseTimeMs = Date.now() - startTime;
+        const body = await response.text();
+        return {
+            success: true,
+            response,
+            headers: response.headers,
+            body,
+            responseTimeMs,
+        };
+    }
+    catch (error) {
+        clearTimeout(timeoutId);
+        return {
+            success: false,
+            error: error instanceof Error ? error.message : 'Unknown error',
+        };
+    }
+}
+/**
+ * Check 1: HTTPS Required
+ */
+async function checkHttpsRequired(domain) {
+    // Try HTTP to see if it redirects or is accessible
+    try {
+        const controller = new AbortController();
+        const timeoutId = setTimeout(() => controller.abort(), 5000);
+        const response = await fetch(`http://${domain}/.well-known/ucp`, {
+            signal: controller.signal,
+            redirect: 'manual',
+            headers: { 'User-Agent': 'UCP-Security-Scanner/1.0' },
+        });
+        clearTimeout(timeoutId);
+        // Check if HTTP redirects to HTTPS
+        if (response.status >= 300 && response.status < 400) {
+            const location = response.headers.get('location');
+            if (location?.startsWith('https://')) {
+                return {
+                    id: types_js_1.SecurityCheckIds.HTTPS_REQUIRED,
+                    name: 'HTTPS Enforcement',
+                    description: 'HTTP requests should redirect to HTTPS',
+                    status: 'pass',
+                    severity: 'critical',
+                    details: 'HTTP correctly redirects to HTTPS',
+                };
+            }
+        }
+        // HTTP is accessible without redirect
+        if (response.ok) {
+            return {
+                id: types_js_1.SecurityCheckIds.HTTPS_REQUIRED,
+                name: 'HTTPS Enforcement',
+                description: 'HTTP requests should redirect to HTTPS',
+                status: 'fail',
+                severity: 'critical',
+                details: 'HTTP endpoint is accessible without redirect to HTTPS',
+                recommendation: 'Configure your server to redirect all HTTP traffic to HTTPS',
+            };
+        }
+        // HTTP returns error (good - means HTTPS only)
+        return {
+            id: types_js_1.SecurityCheckIds.HTTPS_REQUIRED,
+            name: 'HTTPS Enforcement',
+            description: 'HTTP requests should redirect to HTTPS',
+            status: 'pass',
+            severity: 'critical',
+            details: 'HTTP endpoint not accessible (HTTPS only)',
+        };
+    }
+    catch {
+        // HTTP connection failed - HTTPS only
+        return {
+            id: types_js_1.SecurityCheckIds.HTTPS_REQUIRED,
+            name: 'HTTPS Enforcement',
+            description: 'HTTP requests should redirect to HTTPS',
+            status: 'pass',
+            severity: 'critical',
+            details: 'HTTP endpoint not accessible (HTTPS only)',
+        };
+    }
+}
+/**
+ * Check 2: Private IP Detection
+ */
+async function checkPrivateIp(domain) {
+    // Check if domain looks like a private IP or localhost
+    const privatePatterns = [
+        /^localhost$/i,
+        /^127\.\d+\.\d+\.\d+$/,
+        /^10\.\d+\.\d+\.\d+$/,
+        /^172\.(1[6-9]|2\d|3[01])\.\d+\.\d+$/,
+        /^192\.168\.\d+\.\d+$/,
+        /^::1$/,
+        /^fc00:/i,
+        /^fd00:/i,
+    ];
+    const isPrivate = privatePatterns.some(pattern => pattern.test(domain));
+    if (isPrivate) {
+        return {
+            id: types_js_1.SecurityCheckIds.PRIVATE_IP,
+            name: 'Private IP Detection',
+            description: 'Endpoint should not use private/internal IP addresses',
+            status: 'fail',
+            severity: 'high',
+            details: `Domain "${domain}" appears to be a private or internal address`,
+            recommendation: 'Use a public domain name for production UCP endpoints',
+        };
+    }
+    return {
+        id: types_js_1.SecurityCheckIds.PRIVATE_IP,
+        name: 'Private IP Detection',
+        description: 'Endpoint should not use private/internal IP addresses',
+        status: 'pass',
+        severity: 'high',
+        details: 'Domain is publicly routable',
+    };
+}
+/**
+ * Check 3: TLS Version
+ */
+async function checkTlsVersion(_url, _response) {
+    // Note: Browser fetch doesn't expose TLS version directly
+    // We can only verify HTTPS is working
+    return {
+        id: types_js_1.SecurityCheckIds.TLS_VERSION,
+        name: 'TLS Configuration',
+        description: 'Endpoint should use TLS 1.2 or higher',
+        status: 'pass',
+        severity: 'high',
+        details: 'HTTPS connection successful (TLS version not directly verifiable from browser)',
+    };
+}
+/**
+ * Check 4: CORS Configuration
+ */
+async function checkCorsConfiguration(_response, headers) {
+    const acao = headers.get('access-control-allow-origin');
+    const acam = headers.get('access-control-allow-methods');
+    const acah = headers.get('access-control-allow-headers');
+    if (!acao) {
+        return {
+            id: types_js_1.SecurityCheckIds.CORS_CONFIG,
+            name: 'CORS Configuration',
+            description: 'CORS should be properly configured for AI agent access',
+            status: 'warn',
+            severity: 'medium',
+            details: 'No Access-Control-Allow-Origin header found',
+            recommendation: 'Configure CORS headers to allow AI agents to access your UCP endpoint',
+        };
+    }
+    // Check if CORS is too permissive
+    if (acao === '*') {
+        return {
+            id: types_js_1.SecurityCheckIds.CORS_CONFIG,
+            name: 'CORS Configuration',
+            description: 'CORS should be properly configured for AI agent access',
+            status: 'warn',
+            severity: 'low',
+            details: 'CORS allows all origins (*). Consider restricting to known AI agent domains.',
+            recommendation: 'For production, consider restricting CORS to specific trusted origins',
+        };
+    }
+    const hasGoodConfig = acao && (acam || acah);
+    return {
+        id: types_js_1.SecurityCheckIds.CORS_CONFIG,
+        name: 'CORS Configuration',
+        description: 'CORS should be properly configured for AI agent access',
+        status: hasGoodConfig ? 'pass' : 'warn',
+        severity: 'medium',
+        details: `CORS configured: Origin=${acao}${acam ? `, Methods=${acam}` : ''}`,
+    };
+}
+/**
+ * Check 5: Security Headers
+ */
+async function checkSecurityHeaders(headers) {
+    const securityHeaders = {
+        'x-content-type-options': headers.get('x-content-type-options'),
+        'x-frame-options': headers.get('x-frame-options'),
+        'x-xss-protection': headers.get('x-xss-protection'),
+        'strict-transport-security': headers.get('strict-transport-security'),
+        'content-security-policy': headers.get('content-security-policy'),
+    };
+    const presentHeaders = [];
+    const missingHeaders = [];
+    // Check important headers
+    if (securityHeaders['strict-transport-security']) {
+        presentHeaders.push('HSTS');
+    }
+    else {
+        missingHeaders.push('HSTS');
+    }
+    if (securityHeaders['x-content-type-options']) {
+        presentHeaders.push('X-Content-Type-Options');
+    }
+    else {
+        missingHeaders.push('X-Content-Type-Options');
+    }
+    if (securityHeaders['x-frame-options']) {
+        presentHeaders.push('X-Frame-Options');
+    }
+    // Calculate status based on critical headers
+    const hasHsts = !!securityHeaders['strict-transport-security'];
+    const hasXcto = !!securityHeaders['x-content-type-options'];
+    let status = 'pass';
+    let severity = 'medium';
+    if (!hasHsts && !hasXcto) {
+        status = 'fail';
+        severity = 'medium';
+    }
+    else if (!hasHsts || !hasXcto) {
+        status = 'warn';
+        severity = 'low';
+    }
+    return {
+        id: types_js_1.SecurityCheckIds.SECURITY_HEADERS,
+        name: 'Security Headers',
+        description: 'Response should include security headers (HSTS, X-Content-Type-Options)',
+        status,
+        severity,
+        details: presentHeaders.length > 0
+            ? `Present: ${presentHeaders.join(', ')}${missingHeaders.length > 0 ? `. Missing: ${missingHeaders.join(', ')}` : ''}`
+            : 'No security headers found',
+        recommendation: missingHeaders.length > 0
+            ? `Add missing security headers: ${missingHeaders.join(', ')}`
+            : undefined,
+    };
+}
+/**
+ * Check 6: Content-Type
+ */
+async function checkContentType(headers) {
+    const contentType = headers.get('content-type');
+    if (!contentType) {
+        return {
+            id: types_js_1.SecurityCheckIds.CONTENT_TYPE,
+            name: 'Content-Type Header',
+            description: 'Response should have correct Content-Type for JSON',
+            status: 'warn',
+            severity: 'low',
+            details: 'No Content-Type header found',
+            recommendation: 'Set Content-Type: application/json for UCP endpoints',
+        };
+    }
+    const isJson = contentType.includes('application/json');
+    return {
+        id: types_js_1.SecurityCheckIds.CONTENT_TYPE,
+        name: 'Content-Type Header',
+        description: 'Response should have correct Content-Type for JSON',
+        status: isJson ? 'pass' : 'warn',
+        severity: 'low',
+        details: `Content-Type: ${contentType}`,
+        recommendation: isJson ? undefined : 'Set Content-Type: application/json for UCP endpoints',
+    };
+}
+/**
+ * Check 7: Rate Limiting
+ */
+async function checkRateLimiting(headers) {
+    // Look for common rate limiting headers
+    const rateLimitHeaders = {
+        'x-ratelimit-limit': headers.get('x-ratelimit-limit'),
+        'x-ratelimit-remaining': headers.get('x-ratelimit-remaining'),
+        'x-rate-limit-limit': headers.get('x-rate-limit-limit'),
+        'ratelimit-limit': headers.get('ratelimit-limit'),
+        'retry-after': headers.get('retry-after'),
+    };
+    const hasRateLimiting = Object.values(rateLimitHeaders).some(v => v !== null);
+    if (hasRateLimiting) {
+        const limitValue = rateLimitHeaders['x-ratelimit-limit'] ||
+            rateLimitHeaders['x-rate-limit-limit'] ||
+            rateLimitHeaders['ratelimit-limit'];
+        return {
+            id: types_js_1.SecurityCheckIds.RATE_LIMITING,
+            name: 'Rate Limiting',
+            description: 'Endpoint should have rate limiting to prevent abuse',
+            status: 'pass',
+            severity: 'high',
+            details: `Rate limiting detected${limitValue ? `: ${limitValue} requests` : ''}`,
+        };
+    }
+    return {
+        id: types_js_1.SecurityCheckIds.RATE_LIMITING,
+        name: 'Rate Limiting',
+        description: 'Endpoint should have rate limiting to prevent abuse',
+        status: 'warn',
+        severity: 'high',
+        details: 'No rate limiting headers detected (may still be present server-side)',
+        recommendation: 'Implement rate limiting to protect against abuse and DoS attacks',
+    };
+}
+/**
+ * Check 8: Cache Headers
+ */
+async function checkCacheHeaders(headers) {
+    const cacheControl = headers.get('cache-control');
+    const etag = headers.get('etag');
+    const lastModified = headers.get('last-modified');
+    const hasCaching = cacheControl || etag || lastModified;
+    if (!hasCaching) {
+        return {
+            id: types_js_1.SecurityCheckIds.CACHE_HEADERS,
+            name: 'Cache Headers',
+            description: 'Response should have appropriate caching headers',
+            status: 'pass',
+            severity: 'info',
+            details: 'No caching headers found (optional)',
+            recommendation: 'Consider adding Cache-Control headers for better performance',
+        };
+    }
+    const details = [];
+    if (cacheControl)
+        details.push(`Cache-Control: ${cacheControl}`);
+    if (etag)
+        details.push('ETag present');
+    if (lastModified)
+        details.push('Last-Modified present');
+    return {
+        id: types_js_1.SecurityCheckIds.CACHE_HEADERS,
+        name: 'Cache Headers',
+        description: 'Response should have appropriate caching headers',
+        status: 'pass',
+        severity: 'info',
+        details: details.join(', '),
+    };
+}
+/**
+ * Check 9: Error Disclosure
+ */
+async function checkErrorDisclosure(body) {
+    // Look for signs of stack traces or internal error details
+    const sensitivePatterns = [
+        /stack\s*trace/i,
+        /at\s+\w+\s+\([^)]+:\d+:\d+\)/, // Stack trace lines
+        /exception|error.*at\s+line/i,
+        /mysql|postgresql|mongodb|redis/i, // Database names in errors
+        /\/home\/|\/var\/|\/usr\/|C:\\|D:\\/i, // File paths
+        /password|secret|api[_-]?key/i,
+    ];
+    const foundPatterns = [];
+    for (const pattern of sensitivePatterns) {
+        if (pattern.test(body)) {
+            const match = body.match(pattern);
+            if (match) {
+                foundPatterns.push(match[0].substring(0, 30));
+            }
+        }
+    }
+    if (foundPatterns.length > 0) {
+        return {
+            id: types_js_1.SecurityCheckIds.ERROR_DISCLOSURE,
+            name: 'Error Information Disclosure',
+            description: 'Response should not expose internal error details or stack traces',
+            status: 'warn',
+            severity: 'medium',
+            details: `Potentially sensitive information found: ${foundPatterns.join(', ')}`,
+            recommendation: 'Ensure production responses do not expose stack traces or internal paths',
+        };
+    }
+    return {
+        id: types_js_1.SecurityCheckIds.ERROR_DISCLOSURE,
+        name: 'Error Information Disclosure',
+        description: 'Response should not expose internal error details or stack traces',
+        status: 'pass',
+        severity: 'medium',
+        details: 'No sensitive error information detected',
+    };
+}
+/**
+ * Check 10: Response Time
+ */
+function checkResponseTime(responseTimeMs) {
+    if (!responseTimeMs) {
+        return createSkippedCheck(types_js_1.SecurityCheckIds.RESPONSE_TIME, 'Response Time', 'Could not measure response time');
+    }
+    let status = 'pass';
+    let severity = 'low';
+    let recommendation;
+    if (responseTimeMs > 5000) {
+        status = 'fail';
+        severity = 'medium';
+        recommendation = 'Response time is very slow. Consider optimizing your endpoint or using a CDN.';
+    }
+    else if (responseTimeMs > 2000) {
+        status = 'warn';
+        severity = 'low';
+        recommendation = 'Response time is slow. Consider optimizing or using caching.';
+    }
+    return {
+        id: types_js_1.SecurityCheckIds.RESPONSE_TIME,
+        name: 'Response Time',
+        description: 'Endpoint should respond quickly to prevent timeouts',
+        status,
+        severity,
+        details: `Response time: ${responseTimeMs}ms`,
+        recommendation,
+    };
+}
+/**
+ * Create a skipped check result
+ */
+function createSkippedCheck(id, name, reason) {
+    return {
+        id,
+        name,
+        description: reason,
+        status: 'skip',
+        severity: 'info',
+        details: `Skipped: ${reason}`,
+    };
+}
+/**
+ * Calculate summary from checks
+ */
+function calculateSummary(checks) {
+    return {
+        passed: checks.filter(c => c.status === 'pass').length,
+        failed: checks.filter(c => c.status === 'fail').length,
+        warnings: checks.filter(c => c.status === 'warn').length,
+        skipped: checks.filter(c => c.status === 'skip').length,
+    };
+}
+/**
+ * Calculate security score (0-100)
+ */
+function calculateScore(checks) {
+    const weights = {
+        critical: 25,
+        high: 20,
+        medium: 15,
+        low: 10,
+        info: 5,
+    };
+    let totalWeight = 0;
+    let earnedPoints = 0;
+    for (const check of checks) {
+        if (check.status === 'skip')
+            continue;
+        const weight = weights[check.severity];
+        totalWeight += weight;
+        if (check.status === 'pass') {
+            earnedPoints += weight;
+        }
+        else if (check.status === 'warn') {
+            earnedPoints += weight * 0.5;
+        }
+        // 'fail' gets 0 points
+    }
+    if (totalWeight === 0)
+        return 0;
+    return Math.round((earnedPoints / totalWeight) * 100);
+}
+/**
+ * Calculate grade from score
+ */
+function calculateGrade(score) {
+    if (score >= 90)
+        return 'A';
+    if (score >= 80)
+        return 'B';
+    if (score >= 70)
+        return 'C';
+    if (score >= 60)
+        return 'D';
+    return 'F';
+}
+//# sourceMappingURL=security-scanner.js.map

package/dist/security/security-scanner.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"security-scanner.js","sourceRoot":"","sources":["../../src/security/security-scanner.ts"],"names":[],"mappings":";AAAA;;;GAGG;;AAUH,oDAqDC;AA5DD,yCAA8C;AAE9C,MAAM,kBAAkB,GAAG,KAAK,CAAC;AAEjC;;GAEG;AACI,KAAK,UAAU,oBAAoB,CACxC,MAAc,EACd,UAA+B,EAAE;IAEjC,MAAM,SAAS,GAAG,OAAO,CAAC,SAAS,IAAI,kBAAkB,CAAC;IAC1D,MAAM,MAAM,GAAoB,EAAE,CAAC;IAEnC,mBAAmB;IACnB,MAAM,gBAAgB,GAAG,MAAM,CAAC,OAAO,CAAC,cAAc,EAAE,EAAE,CAAC,CAAC,OAAO,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC;IACjF,MAAM,QAAQ,GAAG,WAAW,gBAAgB,kBAAkB,CAAC;IAE/D,0BAA0B;IAC1B,MAAM,CAAC,IAAI,CAAC,MAAM,kBAAkB,CAAC,gBAAgB,CAAC,CAAC,CAAC;IACxD,MAAM,CAAC,IAAI,CAAC,MAAM,cAAc,CAAC,gBAAgB,CAAC,CAAC,CAAC;IAEpD,yCAAyC;IACzC,MAAM,QAAQ,GAAG,MAAM,mBAAmB,CAAC,QAAQ,EAAE,SAAS,CAAC,CAAC;IAEhE,IAAI,QAAQ,CAAC,OAAO,IAAI,QAAQ,CAAC,QAAQ,IAAI,QAAQ,CAAC,OAAO,IAAI,QAAQ,CAAC,IAAI,KAAK,SAAS,EAAE,CAAC;QAC7F,MAAM,CAAC,IAAI,CAAC,MAAM,eAAe,CAAC,QAAQ,EAAE,QAAQ,CAAC,QAAQ,CAAC,CAAC,CAAC;QAChE,MAAM,CAAC,IAAI,CAAC,MAAM,sBAAsB,CAAC,QAAQ,CAAC,QAAQ,EAAE,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAC;QAC/E,MAAM,CAAC,IAAI,CAAC,MAAM,oBAAoB,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAC;QAC1D,MAAM,CAAC,IAAI,CAAC,MAAM,gBAAgB,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAC;QACtD,MAAM,CAAC,IAAI,CAAC,MAAM,iBAAiB,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAC;QACvD,MAAM,CAAC,IAAI,CAAC,MAAM,iBAAiB,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAC;QACvD,MAAM,CAAC,IAAI,CAAC,MAAM,oBAAoB,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC;QACvD,MAAM,CAAC,IAAI,CAAC,iBAAiB,CAAC,QAAQ,CAAC,cAAc,CAAC,CAAC,CAAC;IAC1D,CAAC;SAAM,CAAC;QACN,4CAA4C;QAC5C,MAAM,CAAC,IAAI,CAAC,kBAAkB,CAAC,2BAAgB,CAAC,WAAW,EAAE,aAAa,EAAE,wBAAwB,CAAC,CAAC,CAAC;QACvG,MAAM,CAAC,IAAI,CAAC,kBAAkB,CAAC,2BAAgB,CAAC,WAAW,EAAE,oBAAoB,EAAE,wBAAwB,CAAC,CAAC,CAAC;QAC9G,MAAM,CAAC,IAAI,CAAC,kBAAkB,CAAC,2BAAgB,CAAC,gBAAgB,EAAE,kBAAkB,EAAE,wBAAwB,CAAC,CAAC,CAAC;QACjH,MAAM,CAAC,IAAI,CAAC,kBAAkB,CAAC,2BAAgB,CAAC,YAAY,EAAE,cAAc,EAAE,wBAAwB,CAAC,CAAC,CAAC;QACzG,MAAM,CAAC,IAAI,CAAC,kBAAkB,CAAC,2BAAgB,CAAC,aAAa,EAAE,eAAe,EAAE,wBAAwB,CAAC,CAAC,CAAC;QAC3G,MAAM,CAAC,IAAI,CAAC,kBAAkB,CAAC,2BAAgB,CAAC,aAAa,EAAE,eAAe,EAAE,wBAAwB,CAAC,CAAC,CAAC;QAC3G,MAAM,CAAC,IAAI,CAAC,kBAAkB,CAAC,2BAAgB,CAAC,gBAAgB,EAAE,kBAAkB,EAAE,wBAAwB,CAAC,CAAC,CAAC;QACjH,MAAM,CAAC,IAAI,CAAC,kBAAkB,CAAC,2BAAgB,CAAC,aAAa,EAAE,eAAe,EAAE,wBAAwB,CAAC,CAAC,CAAC;IAC7G,CAAC;IAED,4BAA4B;IAC5B,MAAM,OAAO,GAAG,gBAAgB,CAAC,MAAM,CAAC,CAAC;IACzC,MAAM,KAAK,GAAG,cAAc,CAAC,MAAM,CAAC,CAAC;IACrC,MAAM,KAAK,GAAG,cAAc,CAAC,KAAK,CAAC,CAAC;IAEpC,OAAO;QACL,MAAM,EAAE,gBAAgB;QACxB,QAAQ;QACR,UAAU,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;QACpC,KAAK;QACL,KAAK;QACL,MAAM;QACN,OAAO;KACR,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,KAAK,UAAU,mBAAmB,CAChC,GAAW,EACX,SAAiB;IASjB,MAAM,UAAU,GAAG,IAAI,eAAe,EAAE,CAAC;IACzC,MAAM,SAAS,GAAG,UAAU,CAAC,GAAG,EAAE,CAAC,UAAU,CAAC,KAAK,EAAE,EAAE,SAAS,CAAC,CAAC;IAClE,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IAE7B,IAAI,CAAC;QACH,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,EAAE;YAChC,MAAM,EAAE,UAAU,CAAC,MAAM;YACzB,OAAO,EAAE;gBACP,QAAQ,EAAE,kBAAkB;gBAC5B,YAAY,EAAE,0BAA0B;gBACxC,QAAQ,EAAE,sBAAsB;aACjC;SACF,CAAC,CAAC;QAEH,YAAY,CAAC,SAAS,CAAC,CAAC;QACxB,MAAM,cAAc,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS,CAAC;QAC9C,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;QAEnC,OAAO;YACL,OAAO,EAAE,IAAI;YACb,QAAQ;YACR,OAAO,EAAE,QAAQ,CAAC,OAAO;YACzB,IAAI;YACJ,cAAc;SACf,CAAC;IACJ,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,YAAY,CAAC,SAAS,CAAC,CAAC;QACxB,OAAO;YACL,OAAO,EAAE,KAAK;YACd,KAAK,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe;SAChE,CAAC;IACJ,CAAC;AACH,CAAC;AAED;;GAEG;AACH,KAAK,UAAU,kBAAkB,CAAC,MAAc;IAC9C,mDAAmD;IACnD,IAAI,CAAC;QACH,MAAM,UAAU,GAAG,IAAI,eAAe,EAAE,CAAC;QACzC,MAAM,SAAS,GAAG,UAAU,CAAC,GAAG,EAAE,CAAC,UAAU,CAAC,KAAK,EAAE,EAAE,IAAI,CAAC,CAAC;QAE7D,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,UAAU,MAAM,kBAAkB,EAAE;YAC/D,MAAM,EAAE,UAAU,CAAC,MAAM;YACzB,QAAQ,EAAE,QAAQ;YAClB,OAAO,EAAE,EAAE,YAAY,EAAE,0BAA0B,EAAE;SACtD,CAAC,CAAC;QAEH,YAAY,CAAC,SAAS,CAAC,CAAC;QAExB,mCAAmC;QACnC,IAAI,QAAQ,CAAC,MAAM,IAAI,GAAG,IAAI,QAAQ,CAAC,MAAM,GAAG,GAAG,EAAE,CAAC;YACpD,MAAM,QAAQ,GAAG,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;YAClD,IAAI,QAAQ,EAAE,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;gBACrC,OAAO;oBACL,EAAE,EAAE,2BAAgB,CAAC,cAAc;oBACnC,IAAI,EAAE,mBAAmB;oBACzB,WAAW,EAAE,wCAAwC;oBACrD,MAAM,EAAE,MAAM;oBACd,QAAQ,EAAE,UAAU;oBACpB,OAAO,EAAE,mCAAmC;iBAC7C,CAAC;YACJ,CAAC;QACH,CAAC;QAED,sCAAsC;QACtC,IAAI,QAAQ,CAAC,EAAE,EAAE,CAAC;YAChB,OAAO;gBACL,EAAE,EAAE,2BAAgB,CAAC,cAAc;gBACnC,IAAI,EAAE,mBAAmB;gBACzB,WAAW,EAAE,wCAAwC;gBACrD,MAAM,EAAE,MAAM;gBACd,QAAQ,EAAE,UAAU;gBACpB,OAAO,EAAE,uDAAuD;gBAChE,cAAc,EAAE,6DAA6D;aAC9E,CAAC;QACJ,CAAC;QAED,+CAA+C;QAC/C,OAAO;YACL,EAAE,EAAE,2BAAgB,CAAC,cAAc;YACnC,IAAI,EAAE,mBAAmB;YACzB,WAAW,EAAE,wCAAwC;YACrD,MAAM,EAAE,MAAM;YACd,QAAQ,EAAE,UAAU;YACpB,OAAO,EAAE,2CAA2C;SACrD,CAAC;IACJ,CAAC;IAAC,MAAM,CAAC;QACP,sCAAsC;QACtC,OAAO;YACL,EAAE,EAAE,2BAAgB,CAAC,cAAc;YACnC,IAAI,EAAE,mBAAmB;YACzB,WAAW,EAAE,wCAAwC;YACrD,MAAM,EAAE,MAAM;YACd,QAAQ,EAAE,UAAU;YACpB,OAAO,EAAE,2CAA2C;SACrD,CAAC;IACJ,CAAC;AACH,CAAC;AAED;;GAEG;AACH,KAAK,UAAU,cAAc,CAAC,MAAc;IAC1C,uDAAuD;IACvD,MAAM,eAAe,GAAG;QACtB,cAAc;QACd,sBAAsB;QACtB,qBAAqB;QACrB,qCAAqC;QACrC,sBAAsB;QACtB,OAAO;QACP,SAAS;QACT,SAAS;KACV,CAAC;IAEF,MAAM,SAAS,GAAG,eAAe,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC;IAExE,IAAI,SAAS,EAAE,CAAC;QACd,OAAO;YACL,EAAE,EAAE,2BAAgB,CAAC,UAAU;YAC/B,IAAI,EAAE,sBAAsB;YAC5B,WAAW,EAAE,uDAAuD;YACpE,MAAM,EAAE,MAAM;YACd,QAAQ,EAAE,MAAM;YAChB,OAAO,EAAE,WAAW,MAAM,+CAA+C;YACzE,cAAc,EAAE,uDAAuD;SACxE,CAAC;IACJ,CAAC;IAED,OAAO;QACL,EAAE,EAAE,2BAAgB,CAAC,UAAU;QAC/B,IAAI,EAAE,sBAAsB;QAC5B,WAAW,EAAE,uDAAuD;QACpE,MAAM,EAAE,MAAM;QACd,QAAQ,EAAE,MAAM;QAChB,OAAO,EAAE,6BAA6B;KACvC,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,KAAK,UAAU,eAAe,CAAC,IAAY,EAAE,SAAmB;IAC9D,0DAA0D;IAC1D,sCAAsC;IACtC,OAAO;QACL,EAAE,EAAE,2BAAgB,CAAC,WAAW;QAChC,IAAI,EAAE,mBAAmB;QACzB,WAAW,EAAE,uCAAuC;QACpD,MAAM,EAAE,MAAM;QACd,QAAQ,EAAE,MAAM;QAChB,OAAO,EAAE,gFAAgF;KAC1F,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,KAAK,UAAU,sBAAsB,CAAC,SAAmB,EAAE,OAAgB;IACzE,MAAM,IAAI,GAAG,OAAO,CAAC,GAAG,CAAC,6BAA6B,CAAC,CAAC;IACxD,MAAM,IAAI,GAAG,OAAO,CAAC,GAAG,CAAC,8BAA8B,CAAC,CAAC;IACzD,MAAM,IAAI,GAAG,OAAO,CAAC,GAAG,CAAC,8BAA8B,CAAC,CAAC;IAEzD,IAAI,CAAC,IAAI,EAAE,CAAC;QACV,OAAO;YACL,EAAE,EAAE,2BAAgB,CAAC,WAAW;YAChC,IAAI,EAAE,oBAAoB;YAC1B,WAAW,EAAE,wDAAwD;YACrE,MAAM,EAAE,MAAM;YACd,QAAQ,EAAE,QAAQ;YAClB,OAAO,EAAE,6CAA6C;YACtD,cAAc,EAAE,uEAAuE;SACxF,CAAC;IACJ,CAAC;IAED,kCAAkC;IAClC,IAAI,IAAI,KAAK,GAAG,EAAE,CAAC;QACjB,OAAO;YACL,EAAE,EAAE,2BAAgB,CAAC,WAAW;YAChC,IAAI,EAAE,oBAAoB;YAC1B,WAAW,EAAE,wDAAwD;YACrE,MAAM,EAAE,MAAM;YACd,QAAQ,EAAE,KAAK;YACf,OAAO,EAAE,8EAA8E;YACvF,cAAc,EAAE,uEAAuE;SACxF,CAAC;IACJ,CAAC;IAED,MAAM,aAAa,GAAG,IAAI,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,CAAC;IAE7C,OAAO;QACL,EAAE,EAAE,2BAAgB,CAAC,WAAW;QAChC,IAAI,EAAE,oBAAoB;QAC1B,WAAW,EAAE,wDAAwD;QACrE,MAAM,EAAE,aAAa,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM;QACvC,QAAQ,EAAE,QAAQ;QAClB,OAAO,EAAE,2BAA2B,IAAI,GAAG,IAAI,CAAC,CAAC,CAAC,aAAa,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,EAAE;KAC7E,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,KAAK,UAAU,oBAAoB,CAAC,OAAgB;IAClD,MAAM,eAAe,GAAG;QACtB,wBAAwB,EAAE,OAAO,CAAC,GAAG,CAAC,wBAAwB,CAAC;QAC/D,iBAAiB,EAAE,OAAO,CAAC,GAAG,CAAC,iBAAiB,CAAC;QACjD,kBAAkB,EAAE,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAC;QACnD,2BAA2B,EAAE,OAAO,CAAC,GAAG,CAAC,2BAA2B,CAAC;QACrE,yBAAyB,EAAE,OAAO,CAAC,GAAG,CAAC,yBAAyB,CAAC;KAClE,CAAC;IAEF,MAAM,cAAc,GAAa,EAAE,CAAC;IACpC,MAAM,cAAc,GAAa,EAAE,CAAC;IAEpC,0BAA0B;IAC1B,IAAI,eAAe,CAAC,2BAA2B,CAAC,EAAE,CAAC;QACjD,cAAc,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;IAC9B,CAAC;SAAM,CAAC;QACN,cAAc,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;IAC9B,CAAC;IAED,IAAI,eAAe,CAAC,wBAAwB,CAAC,EAAE,CAAC;QAC9C,cAAc,CAAC,IAAI,CAAC,wBAAwB,CAAC,CAAC;IAChD,CAAC;SAAM,CAAC;QACN,cAAc,CAAC,IAAI,CAAC,wBAAwB,CAAC,CAAC;IAChD,CAAC;IAED,IAAI,eAAe,CAAC,iBAAiB,CAAC,EAAE,CAAC;QACvC,cAAc,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAC;IACzC,CAAC;IAED,6CAA6C;IAC7C,MAAM,OAAO,GAAG,CAAC,CAAC,eAAe,CAAC,2BAA2B,CAAC,CAAC;IAC/D,MAAM,OAAO,GAAG,CAAC,CAAC,eAAe,CAAC,wBAAwB,CAAC,CAAC;IAE5D,IAAI,MAAM,GAA4B,MAAM,CAAC;IAC7C,IAAI,QAAQ,GAA8B,QAAQ,CAAC;IAEnD,IAAI,CAAC,OAAO,IAAI,CAAC,OAAO,EAAE,CAAC;QACzB,MAAM,GAAG,MAAM,CAAC;QAChB,QAAQ,GAAG,QAAQ,CAAC;IACtB,CAAC;SAAM,IAAI,CAAC,OAAO,IAAI,CAAC,OAAO,EAAE,CAAC;QAChC,MAAM,GAAG,MAAM,CAAC;QAChB,QAAQ,GAAG,KAAK,CAAC;IACnB,CAAC;IAED,OAAO;QACL,EAAE,EAAE,2BAAgB,CAAC,gBAAgB;QACrC,IAAI,EAAE,kBAAkB;QACxB,WAAW,EAAE,yEAAyE;QACtF,MAAM;QACN,QAAQ;QACR,OAAO,EAAE,cAAc,CAAC,MAAM,GAAG,CAAC;YAChC,CAAC,CAAC,YAAY,cAAc,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,cAAc,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,cAAc,cAAc,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,EAAE;YACtH,CAAC,CAAC,2BAA2B;QAC/B,cAAc,EAAE,cAAc,CAAC,MAAM,GAAG,CAAC;YACvC,CAAC,CAAC,iCAAiC,cAAc,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE;YAC9D,CAAC,CAAC,SAAS;KACd,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,KAAK,UAAU,gBAAgB,CAAC,OAAgB;IAC9C,MAAM,WAAW,GAAG,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC;IAEhD,IAAI,CAAC,WAAW,EAAE,CAAC;QACjB,OAAO;YACL,EAAE,EAAE,2BAAgB,CAAC,YAAY;YACjC,IAAI,EAAE,qBAAqB;YAC3B,WAAW,EAAE,oDAAoD;YACjE,MAAM,EAAE,MAAM;YACd,QAAQ,EAAE,KAAK;YACf,OAAO,EAAE,8BAA8B;YACvC,cAAc,EAAE,sDAAsD;SACvE,CAAC;IACJ,CAAC;IAED,MAAM,MAAM,GAAG,WAAW,CAAC,QAAQ,CAAC,kBAAkB,CAAC,CAAC;IAExD,OAAO;QACL,EAAE,EAAE,2BAAgB,CAAC,YAAY;QACjC,IAAI,EAAE,qBAAqB;QAC3B,WAAW,EAAE,oDAAoD;QACjE,MAAM,EAAE,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM;QAChC,QAAQ,EAAE,KAAK;QACf,OAAO,EAAE,iBAAiB,WAAW,EAAE;QACvC,cAAc,EAAE,MAAM,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,sDAAsD;KAC5F,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,KAAK,UAAU,iBAAiB,CAAC,OAAgB;IAC/C,wCAAwC;IACxC,MAAM,gBAAgB,GAAG;QACvB,mBAAmB,EAAE,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC;QACrD,uBAAuB,EAAE,OAAO,CAAC,GAAG,CAAC,uBAAuB,CAAC;QAC7D,oBAAoB,EAAE,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC;QACvD,iBAAiB,EAAE,OAAO,CAAC,GAAG,CAAC,iBAAiB,CAAC;QACjD,aAAa,EAAE,OAAO,CAAC,GAAG,CAAC,aAAa,CAAC;KAC1C,CAAC;IAEF,MAAM,eAAe,GAAG,MAAM,CAAC,MAAM,CAAC,gBAAgB,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,KAAK,IAAI,CAAC,CAAC;IAE9E,IAAI,eAAe,EAAE,CAAC;QACpB,MAAM,UAAU,GAAG,gBAAgB,CAAC,mBAAmB,CAAC;YACrC,gBAAgB,CAAC,oBAAoB,CAAC;YACtC,gBAAgB,CAAC,iBAAiB,CAAC,CAAC;QACvD,OAAO;YACL,EAAE,EAAE,2BAAgB,CAAC,aAAa;YAClC,IAAI,EAAE,eAAe;YACrB,WAAW,EAAE,qDAAqD;YAClE,MAAM,EAAE,MAAM;YACd,QAAQ,EAAE,MAAM;YAChB,OAAO,EAAE,yBAAyB,UAAU,CAAC,CAAC,CAAC,KAAK,UAAU,WAAW,CAAC,CAAC,CAAC,EAAE,EAAE;SACjF,CAAC;IACJ,CAAC;IAED,OAAO;QACL,EAAE,EAAE,2BAAgB,CAAC,aAAa;QAClC,IAAI,EAAE,eAAe;QACrB,WAAW,EAAE,qDAAqD;QAClE,MAAM,EAAE,MAAM;QACd,QAAQ,EAAE,MAAM;QAChB,OAAO,EAAE,sEAAsE;QAC/E,cAAc,EAAE,kEAAkE;KACnF,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,KAAK,UAAU,iBAAiB,CAAC,OAAgB;IAC/C,MAAM,YAAY,GAAG,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC,CAAC;IAClD,MAAM,IAAI,GAAG,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;IACjC,MAAM,YAAY,GAAG,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC,CAAC;IAElD,MAAM,UAAU,GAAG,YAAY,IAAI,IAAI,IAAI,YAAY,CAAC;IAExD,IAAI,CAAC,UAAU,EAAE,CAAC;QAChB,OAAO;YACL,EAAE,EAAE,2BAAgB,CAAC,aAAa;YAClC,IAAI,EAAE,eAAe;YACrB,WAAW,EAAE,kDAAkD;YAC/D,MAAM,EAAE,MAAM;YACd,QAAQ,EAAE,MAAM;YAChB,OAAO,EAAE,qCAAqC;YAC9C,cAAc,EAAE,8DAA8D;SAC/E,CAAC;IACJ,CAAC;IAED,MAAM,OAAO,GAAa,EAAE,CAAC;IAC7B,IAAI,YAAY;QAAE,OAAO,CAAC,IAAI,CAAC,kBAAkB,YAAY,EAAE,CAAC,CAAC;IACjE,IAAI,IAAI;QAAE,OAAO,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;IACvC,IAAI,YAAY;QAAE,OAAO,CAAC,IAAI,CAAC,uBAAuB,CAAC,CAAC;IAExD,OAAO;QACL,EAAE,EAAE,2BAAgB,CAAC,aAAa;QAClC,IAAI,EAAE,eAAe;QACrB,WAAW,EAAE,kDAAkD;QAC/D,MAAM,EAAE,MAAM;QACd,QAAQ,EAAE,MAAM;QAChB,OAAO,EAAE,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC;KAC5B,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,KAAK,UAAU,oBAAoB,CAAC,IAAY;IAC9C,2DAA2D;IAC3D,MAAM,iBAAiB,GAAG;QACxB,gBAAgB;QAChB,8BAA8B,EAAG,oBAAoB;QACrD,6BAA6B;QAC7B,iCAAiC,EAAG,2BAA2B;QAC/D,qCAAqC,EAAG,aAAa;QACrD,8BAA8B;KAC/B,CAAC;IAEF,MAAM,aAAa,GAAa,EAAE,CAAC;IAEnC,KAAK,MAAM,OAAO,IAAI,iBAAiB,EAAE,CAAC;QACxC,IAAI,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YACvB,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;YAClC,IAAI,KAAK,EAAE,CAAC;gBACV,aAAa,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC;YAChD,CAAC;QACH,CAAC;IACH,CAAC;IAED,IAAI,aAAa,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC7B,OAAO;YACL,EAAE,EAAE,2BAAgB,CAAC,gBAAgB;YACrC,IAAI,EAAE,8BAA8B;YACpC,WAAW,EAAE,mEAAmE;YAChF,MAAM,EAAE,MAAM;YACd,QAAQ,EAAE,QAAQ;YAClB,OAAO,EAAE,4CAA4C,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE;YAC/E,cAAc,EAAE,0EAA0E;SAC3F,CAAC;IACJ,CAAC;IAED,OAAO;QACL,EAAE,EAAE,2BAAgB,CAAC,gBAAgB;QACrC,IAAI,EAAE,8BAA8B;QACpC,WAAW,EAAE,mEAAmE;QAChF,MAAM,EAAE,MAAM;QACd,QAAQ,EAAE,QAAQ;QAClB,OAAO,EAAE,yCAAyC;KACnD,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,SAAS,iBAAiB,CAAC,cAAuB;IAChD,IAAI,CAAC,cAAc,EAAE,CAAC;QACpB,OAAO,kBAAkB,CAAC,2BAAgB,CAAC,aAAa,EAAE,eAAe,EAAE,iCAAiC,CAAC,CAAC;IAChH,CAAC;IAED,IAAI,MAAM,GAA4B,MAAM,CAAC;IAC7C,IAAI,QAAQ,GAA8B,KAAK,CAAC;IAChD,IAAI,cAAkC,CAAC;IAEvC,IAAI,cAAc,GAAG,IAAI,EAAE,CAAC;QAC1B,MAAM,GAAG,MAAM,CAAC;QAChB,QAAQ,GAAG,QAAQ,CAAC;QACpB,cAAc,GAAG,+EAA+E,CAAC;IACnG,CAAC;SAAM,IAAI,cAAc,GAAG,IAAI,EAAE,CAAC;QACjC,MAAM,GAAG,MAAM,CAAC;QAChB,QAAQ,GAAG,KAAK,CAAC;QACjB,cAAc,GAAG,8DAA8D,CAAC;IAClF,CAAC;IAED,OAAO;QACL,EAAE,EAAE,2BAAgB,CAAC,aAAa;QAClC,IAAI,EAAE,eAAe;QACrB,WAAW,EAAE,qDAAqD;QAClE,MAAM;QACN,QAAQ;QACR,OAAO,EAAE,kBAAkB,cAAc,IAAI;QAC7C,cAAc;KACf,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,SAAS,kBAAkB,CAAC,EAAU,EAAE,IAAY,EAAE,MAAc;IAClE,OAAO;QACL,EAAE;QACF,IAAI;QACJ,WAAW,EAAE,MAAM;QACnB,MAAM,EAAE,MAAM;QACd,QAAQ,EAAE,MAAM;QAChB,OAAO,EAAE,YAAY,MAAM,EAAE;KAC9B,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,SAAS,gBAAgB,CAAC,MAAuB;IAC/C,OAAO;QACL,MAAM,EAAE,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,MAAM,KAAK,MAAM,CAAC,CAAC,MAAM;QACtD,MAAM,EAAE,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,MAAM,KAAK,MAAM,CAAC,CAAC,MAAM;QACtD,QAAQ,EAAE,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,MAAM,KAAK,MAAM,CAAC,CAAC,MAAM;QACxD,OAAO,EAAE,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,MAAM,KAAK,MAAM,CAAC,CAAC,MAAM;KACxD,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,SAAS,cAAc,CAAC,MAAuB;IAC7C,MAAM,OAAO,GAA8C;QACzD,QAAQ,EAAE,EAAE;QACZ,IAAI,EAAE,EAAE;QACR,MAAM,EAAE,EAAE;QACV,GAAG,EAAE,EAAE;QACP,IAAI,EAAE,CAAC;KACR,CAAC;IAEF,IAAI,WAAW,GAAG,CAAC,CAAC;IACpB,IAAI,YAAY,GAAG,CAAC,CAAC;IAErB,KAAK,MAAM,KAAK,IAAI,MAAM,EAAE,CAAC;QAC3B,IAAI,KAAK,CAAC,MAAM,KAAK,MAAM;YAAE,SAAS;QAEtC,MAAM,MAAM,GAAG,OAAO,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC;QACvC,WAAW,IAAI,MAAM,CAAC;QAEtB,IAAI,KAAK,CAAC,MAAM,KAAK,MAAM,EAAE,CAAC;YAC5B,YAAY,IAAI,MAAM,CAAC;QACzB,CAAC;aAAM,IAAI,KAAK,CAAC,MAAM,KAAK,MAAM,EAAE,CAAC;YACnC,YAAY,IAAI,MAAM,GAAG,GAAG,CAAC;QAC/B,CAAC;QACD,uBAAuB;IACzB,CAAC;IAED,IAAI,WAAW,KAAK,CAAC;QAAE,OAAO,CAAC,CAAC;IAEhC,OAAO,IAAI,CAAC,KAAK,CAAC,CAAC,YAAY,GAAG,WAAW,CAAC,GAAG,GAAG,CAAC,CAAC;AACxD,CAAC;AAED;;GAEG;AACH,SAAS,cAAc,CAAC,KAAa;IACnC,IAAI,KAAK,IAAI,EAAE;QAAE,OAAO,GAAG,CAAC;IAC5B,IAAI,KAAK,IAAI,EAAE;QAAE,OAAO,GAAG,CAAC;IAC5B,IAAI,KAAK,IAAI,EAAE;QAAE,OAAO,GAAG,CAAC;IAC5B,IAAI,KAAK,IAAI,EAAE;QAAE,OAAO,GAAG,CAAC;IAC5B,OAAO,GAAG,CAAC;AACb,CAAC"}

package/dist/security/types.d.ts

@@ -0,0 +1,48 @@
+/**
+ * Security Scanner Types
+ * Types for UCP endpoint security posture scanning
+ */
+export type SecuritySeverity = 'critical' | 'high' | 'medium' | 'low' | 'info';
+export type SecurityCheckStatus = 'pass' | 'fail' | 'warn' | 'skip';
+export interface SecurityCheck {
+    id: string;
+    name: string;
+    description: string;
+    status: SecurityCheckStatus;
+    severity: SecuritySeverity;
+    details?: string;
+    recommendation?: string;
+}
+export interface SecurityScanResult {
+    domain: string;
+    endpoint: string;
+    scanned_at: string;
+    score: number;
+    grade: string;
+    checks: SecurityCheck[];
+    summary: {
+        passed: number;
+        failed: number;
+        warnings: number;
+        skipped: number;
+    };
+}
+export interface SecurityScanOptions {
+    timeoutMs?: number;
+    skipTlsCheck?: boolean;
+    includeHeaders?: boolean;
+}
+export declare const SecurityCheckIds: {
+    readonly HTTPS_REQUIRED: "HTTPS_REQUIRED";
+    readonly TLS_VERSION: "TLS_VERSION";
+    readonly CORS_CONFIG: "CORS_CONFIG";
+    readonly RATE_LIMITING: "RATE_LIMITING";
+    readonly SECURITY_HEADERS: "SECURITY_HEADERS";
+    readonly CONTENT_TYPE: "CONTENT_TYPE";
+    readonly ERROR_DISCLOSURE: "ERROR_DISCLOSURE";
+    readonly PRIVATE_IP: "PRIVATE_IP";
+    readonly RESPONSE_TIME: "RESPONSE_TIME";
+    readonly CACHE_HEADERS: "CACHE_HEADERS";
+};
+export type SecurityCheckId = typeof SecurityCheckIds[keyof typeof SecurityCheckIds];
+//# sourceMappingURL=types.d.ts.map

package/dist/security/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/security/types.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,MAAM,MAAM,gBAAgB,GAAG,UAAU,GAAG,MAAM,GAAG,QAAQ,GAAG,KAAK,GAAG,MAAM,CAAC;AAE/E,MAAM,MAAM,mBAAmB,GAAG,MAAM,GAAG,MAAM,GAAG,MAAM,GAAG,MAAM,CAAC;AAEpE,MAAM,WAAW,aAAa;IAC5B,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,EAAE,MAAM,CAAC;IACpB,MAAM,EAAE,mBAAmB,CAAC;IAC5B,QAAQ,EAAE,gBAAgB,CAAC;IAC3B,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,cAAc,CAAC,EAAE,MAAM,CAAC;CACzB;AAED,MAAM,WAAW,kBAAkB;IACjC,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,EAAE,MAAM,CAAC;IACjB,UAAU,EAAE,MAAM,CAAC;IACnB,KAAK,EAAE,MAAM,CAAC;IACd,KAAK,EAAE,MAAM,CAAC;IACd,MAAM,EAAE,aAAa,EAAE,CAAC;IACxB,OAAO,EAAE;QACP,MAAM,EAAE,MAAM,CAAC;QACf,MAAM,EAAE,MAAM,CAAC;QACf,QAAQ,EAAE,MAAM,CAAC;QACjB,OAAO,EAAE,MAAM,CAAC;KACjB,CAAC;CACH;AAED,MAAM,WAAW,mBAAmB;IAClC,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,YAAY,CAAC,EAAE,OAAO,CAAC;IACvB,cAAc,CAAC,EAAE,OAAO,CAAC;CAC1B;AAGD,eAAO,MAAM,gBAAgB;;;;;;;;;;;CAWnB,CAAC;AAEX,MAAM,MAAM,eAAe,GAAG,OAAO,gBAAgB,CAAC,MAAM,OAAO,gBAAgB,CAAC,CAAC"}

package/dist/security/types.js

@@ -0,0 +1,21 @@
+"use strict";
+/**
+ * Security Scanner Types
+ * Types for UCP endpoint security posture scanning
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.SecurityCheckIds = void 0;
+// Security check IDs
+exports.SecurityCheckIds = {
+    HTTPS_REQUIRED: 'HTTPS_REQUIRED',
+    TLS_VERSION: 'TLS_VERSION',
+    CORS_CONFIG: 'CORS_CONFIG',
+    RATE_LIMITING: 'RATE_LIMITING',
+    SECURITY_HEADERS: 'SECURITY_HEADERS',
+    CONTENT_TYPE: 'CONTENT_TYPE',
+    ERROR_DISCLOSURE: 'ERROR_DISCLOSURE',
+    PRIVATE_IP: 'PRIVATE_IP',
+    RESPONSE_TIME: 'RESPONSE_TIME',
+    CACHE_HEADERS: 'CACHE_HEADERS',
+};
+//# sourceMappingURL=types.js.map

package/dist/security/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../../src/security/types.ts"],"names":[],"mappings":";AAAA;;;GAGG;;;AAqCH,qBAAqB;AACR,QAAA,gBAAgB,GAAG;IAC9B,cAAc,EAAE,gBAAgB;IAChC,WAAW,EAAE,aAAa;IAC1B,WAAW,EAAE,aAAa;IAC1B,aAAa,EAAE,eAAe;IAC9B,gBAAgB,EAAE,kBAAkB;IACpC,YAAY,EAAE,cAAc;IAC5B,gBAAgB,EAAE,kBAAkB;IACpC,UAAU,EAAE,YAAY;IACxB,aAAa,EAAE,eAAe;IAC9B,aAAa,EAAE,eAAe;CACtB,CAAC"}