@yan162/changewayguard 6.8.25

package/dist/agent/auth.js

@@ -0,0 +1,363 @@
+import { createHash, createHmac, randomBytes, randomUUID } from "node:crypto";
+import { existsSync, mkdirSync, readFileSync, writeFileSync } from "node:fs";
+import { hostname, networkInterfaces } from "node:os";
+import path from "node:path";
+import { machineIdSync } from "node-machine-id";
+import { openclawHome } from "./env.js";
+const FALLBACK_MAC = "00:00:00:00:00:00";
+export const CHANGEWAY_OPEN_PREFIX = "/changeway-open";
+const ACTIVATE_PATH = `${CHANGEWAY_OPEN_PREFIX}/device/activate`;
+const IDENTITY_DIR = path.join(openclawHome, "credentials", "changewayguard");
+const ACTIVATION_KEYS_FILE = path.join(IDENTITY_DIR, "activation-keys.json");
+const DEVICE_IDENTITY_FILE = path.join(IDENTITY_DIR, "device-identity.json");
+let cachedMacAddress = null;
+let cachedHostname = null;
+let cachedDeviceId = null;
+let macNoticeLogged = false;
+function normalizeMacAddress(mac) {
+    return mac.toLowerCase();
+}
+export function pickPrimaryMacAddress(interfaces = networkInterfaces()) {
+    for (const infos of Object.values(interfaces)) {
+        if (!infos)
+            continue;
+        for (const info of infos) {
+            if (info.internal)
+                continue;
+            if (!info.mac || info.mac === "00:00:00:00:00:00")
+                continue;
+            return normalizeMacAddress(info.mac);
+        }
+    }
+    return null;
+}
+export function getLocalMacAddress() {
+    if (cachedMacAddress)
+        return cachedMacAddress;
+    cachedMacAddress = pickPrimaryMacAddress() ?? FALLBACK_MAC;
+    return cachedMacAddress;
+}
+export function getLocalHostname() {
+    if (cachedHostname)
+        return cachedHostname;
+    cachedHostname = hostname();
+    return cachedHostname;
+}
+export function clearCachedMacAddressForTests() {
+    cachedMacAddress = null;
+    cachedHostname = null;
+    cachedDeviceId = null;
+    macNoticeLogged = false;
+}
+export function setCachedMacAddressForTests(mac) {
+    cachedMacAddress = normalizeMacAddress(mac);
+}
+export function getAuthorizationHeaderValue() {
+    return `Bearer ${getLocalMacAddress()}`;
+}
+export function getLocalAgentId() {
+    return `mac-${getLocalMacAddress().replace(/:/g, "")}`;
+}
+function getMachineIdSafe() {
+    try {
+        const id = machineIdSync().trim();
+        return id || null;
+    }
+    catch {
+        return null;
+    }
+}
+function getCurrentDeviceFingerprint() {
+    const mac = getLocalMacAddress();
+    return {
+        machineId: getMachineIdSafe(),
+        mac: mac === FALLBACK_MAC ? null : mac,
+        hostname: getLocalHostname() || null,
+    };
+}
+function hasActivationKeysOnDisk() {
+    return existsSync(ACTIVATION_KEYS_FILE);
+}
+function getLegacyDeviceIdForMigration() {
+    return getMachineIdSafe() ?? getLocalAgentId();
+}
+function normalizeStoredDeviceIdentity(raw) {
+    if (!raw || typeof raw !== "object")
+        return null;
+    const record = raw;
+    if (typeof record.deviceId !== "string" || !record.deviceId.trim())
+        return null;
+    if (typeof record.createdAt !== "string" || !record.createdAt.trim())
+        return null;
+    return {
+        version: 1,
+        deviceId: record.deviceId.trim(),
+        createdAt: record.createdAt,
+        machineId: typeof record.machineId === "string" ? record.machineId : null,
+        mac: typeof record.mac === "string" ? record.mac.toLowerCase() : null,
+        hostname: typeof record.hostname === "string" ? record.hostname : null,
+        source: record.source === "legacy" ? "legacy" : "uuid",
+        previousDeviceId: typeof record.previousDeviceId === "string" ? record.previousDeviceId : undefined,
+        rotationReason: record.rotationReason === "fingerprint_mismatch" ? "fingerprint_mismatch" : undefined,
+        rotatedAt: typeof record.rotatedAt === "string" ? record.rotatedAt : undefined,
+    };
+}
+function loadStoredDeviceIdentity() {
+    try {
+        if (!existsSync(DEVICE_IDENTITY_FILE))
+            return null;
+        const parsed = JSON.parse(readFileSync(DEVICE_IDENTITY_FILE, "utf-8"));
+        return normalizeStoredDeviceIdentity(parsed);
+    }
+    catch {
+        return null;
+    }
+}
+function persistDeviceIdentity(record) {
+    try {
+        mkdirSync(IDENTITY_DIR, { recursive: true });
+        writeFileSync(DEVICE_IDENTITY_FILE, JSON.stringify(record, null, 2), "utf-8");
+    }
+    catch {
+        // best-effort persistence
+    }
+}
+function hasFingerprintMismatch(stored, current) {
+    const machineMismatch = !!(stored.machineId &&
+        current.machineId &&
+        stored.machineId !== current.machineId);
+    const macMismatch = !!(stored.mac &&
+        current.mac &&
+        stored.mac.toLowerCase() !== current.mac.toLowerCase());
+    return machineMismatch || macMismatch;
+}
+export function resolveDeviceIdentityState(input) {
+    const nowIso = input.nowIso ?? new Date().toISOString();
+    const generatedId = input.newDeviceId ?? randomUUID();
+    const legacyId = input.legacyDeviceId.trim();
+    if (input.stored?.deviceId) {
+        if (hasFingerprintMismatch(input.stored, input.current)) {
+            return {
+                deviceId: generatedId,
+                rotated: true,
+                record: {
+                    version: 1,
+                    deviceId: generatedId,
+                    createdAt: input.stored.createdAt || nowIso,
+                    machineId: input.current.machineId,
+                    mac: input.current.mac,
+                    hostname: input.current.hostname,
+                    source: "uuid",
+                    previousDeviceId: input.stored.deviceId,
+                    rotationReason: "fingerprint_mismatch",
+                    rotatedAt: nowIso,
+                },
+            };
+        }
+        return {
+            deviceId: input.stored.deviceId,
+            rotated: false,
+            record: {
+                ...input.stored,
+                version: 1,
+                machineId: input.current.machineId,
+                mac: input.current.mac,
+                hostname: input.current.hostname,
+                source: input.stored.source ?? "uuid",
+            },
+        };
+    }
+    const shouldUseLegacy = input.hasActivationKeys && !!legacyId;
+    const deviceId = shouldUseLegacy ? legacyId : generatedId;
+    return {
+        deviceId,
+        rotated: false,
+        record: {
+            version: 1,
+            deviceId,
+            createdAt: nowIso,
+            machineId: input.current.machineId,
+            mac: input.current.mac,
+            hostname: input.current.hostname,
+            source: shouldUseLegacy ? "legacy" : "uuid",
+        },
+    };
+}
+export function getOrCreateDeviceId() {
+    if (cachedDeviceId)
+        return cachedDeviceId;
+    const stored = loadStoredDeviceIdentity();
+    const resolved = resolveDeviceIdentityState({
+        stored,
+        current: getCurrentDeviceFingerprint(),
+        hasActivationKeys: hasActivationKeysOnDisk(),
+        legacyDeviceId: getLegacyDeviceIdForMigration(),
+    });
+    persistDeviceIdentity(resolved.record);
+    cachedDeviceId = resolved.deviceId;
+    return cachedDeviceId;
+}
+export function generateRequestSign(options) {
+    const mac = (options.mac ?? getLocalMacAddress()).toLowerCase();
+    const host = options.hostname ?? getLocalHostname();
+    const signContent = [
+        mac,
+        host,
+        String(options.timestamp),
+        options.nonce,
+    ].join("\n");
+    return createHash("sha256").update(signContent).digest("hex");
+}
+function createNonce(length = 8) {
+    let nonce = "";
+    while (nonce.length < length) {
+        nonce += Math.random().toString(36).slice(2);
+    }
+    return nonce.slice(0, length);
+}
+function createTraceId() {
+    const randomNum = randomBytes(6).readUIntBE(0, 6);
+    return `${Date.now()}${String(randomNum).padStart(14, "0")}`;
+}
+function normalizePath(pathValue) {
+    return pathValue.startsWith("/") ? pathValue : `/${pathValue}`;
+}
+function isChangewayOpenPath(pathValue) {
+    const normalized = normalizePath(pathValue);
+    return normalized === CHANGEWAY_OPEN_PREFIX || normalized.startsWith(`${CHANGEWAY_OPEN_PREFIX}/`);
+}
+function isDeviceActivatePath(pathValue) {
+    const normalized = normalizePath(pathValue);
+    return normalized === ACTIVATE_PATH;
+}
+function getRuntimeDeviceId() {
+    return getOrCreateDeviceId();
+}
+function loadActivationKeysFromDisk() {
+    try {
+        if (!existsSync(ACTIVATION_KEYS_FILE))
+            return null;
+        const raw = JSON.parse(readFileSync(ACTIVATION_KEYS_FILE, "utf-8"));
+        const apiKey = raw.apiKey?.trim() ?? "";
+        const apiSecret = raw.apiSecret?.trim() ?? "";
+        if (!apiKey || !apiSecret)
+            return null;
+        return { apiKey, apiSecret };
+    }
+    catch {
+        return null;
+    }
+}
+function isAlreadyPrefixed(pathname) {
+    return pathname === CHANGEWAY_OPEN_PREFIX || pathname.startsWith(`${CHANGEWAY_OPEN_PREFIX}/`);
+}
+function ensurePrefixedPath(pathname) {
+    const normalizedPath = pathname.startsWith("/") ? pathname : `/${pathname}`;
+    if (isAlreadyPrefixed(normalizedPath))
+        return normalizedPath;
+    return `${CHANGEWAY_OPEN_PREFIX}${normalizedPath}`;
+}
+function isLoopbackHost(hostnameValue) {
+    const normalized = hostnameValue.toLowerCase();
+    return normalized === "localhost" || normalized === "127.0.0.1" || normalized === "::1";
+}
+export function withChangewayOpenPrefix(urlOrPath) {
+    try {
+        const parsed = new URL(urlOrPath);
+        if (isLoopbackHost(parsed.hostname)) {
+            return parsed.toString();
+        }
+        parsed.pathname = ensurePrefixedPath(parsed.pathname);
+        return parsed.toString();
+    }
+    catch {
+        try {
+            const parsed = new URL(urlOrPath, "http://localhost");
+            return `${ensurePrefixedPath(parsed.pathname)}${parsed.search}${parsed.hash}`;
+        }
+        catch {
+            return ensurePrefixedPath(urlOrPath);
+        }
+    }
+}
+export function extractPathFromUrl(urlOrPath) {
+    try {
+        return new URL(urlOrPath).pathname;
+    }
+    catch {
+        try {
+            return new URL(urlOrPath, "http://localhost").pathname;
+        }
+        catch {
+            return urlOrPath.startsWith("/") ? urlOrPath : `/${urlOrPath}`;
+        }
+    }
+}
+export function buildSignedAuthHeaders(options) {
+    if (isChangewayOpenPath(options.path) && !isDeviceActivatePath(options.path)) {
+        const keys = loadActivationKeysFromDisk();
+        if (!keys) {
+            throw new Error("changewayGuard 鉴权失败：未找到激活密钥，请先执行 /plugin_regist 完成激活。");
+        }
+        const deviceId = getRuntimeDeviceId();
+        const requestDateMs = options.requestDateMs ?? Date.now();
+        const traceId = options.traceId?.trim() || createTraceId();
+        const message = `${deviceId}|${keys.apiKey}|${requestDateMs}|${traceId}`;
+        const signature = createHmac("sha256", keys.apiSecret).update(message, "utf-8").digest("base64");
+        const headers = {
+            "X-DEVICE-ID": deviceId,
+            "X-REQUEST-DATE": String(requestDateMs),
+            traceId,
+            "X-SIGN": signature,
+        };
+        if (options.authorization !== null && options.authorization !== undefined) {
+            headers.Authorization = options.authorization;
+        }
+        return headers;
+    }
+    if (isDeviceActivatePath(options.path)) {
+        const headers = {};
+        if (options.traceId?.trim()) {
+            headers.traceId = options.traceId.trim();
+        }
+        if (options.authorization !== null && options.authorization !== undefined) {
+            headers.Authorization = options.authorization;
+        }
+        return headers;
+    }
+    const mac = (options.mac ?? getLocalMacAddress()).toLowerCase();
+    const host = options.hostname ?? getLocalHostname();
+    const timestamp = options.timestamp ?? Math.floor(Date.now() / 1000);
+    const nonce = options.nonce ?? createNonce();
+    const sign = generateRequestSign({
+        mac,
+        hostname: host,
+        timestamp,
+        nonce,
+        method: options.method,
+        path: options.path,
+        body: options.body,
+    });
+    const headers = {
+        "X-MAC": mac,
+        "X-HOSTNAME": host,
+        "X-TIMESTAMP": String(timestamp),
+        "X-NONCE": nonce,
+        "X-SIGN": sign,
+    };
+    if (options.authorization !== null) {
+        headers.Authorization = options.authorization ?? getAuthorizationHeaderValue();
+    }
+    if (!macNoticeLogged) {
+        console.info(`[moltguard] 您的 MAC 地址为${mac}，请注意保存。`);
+        macNoticeLogged = true;
+    }
+    return headers;
+}
+export function buildSignedAuthHeadersForUrl(options) {
+    return buildSignedAuthHeaders({
+        ...options,
+        path: extractPathFromUrl(options.url),
+    });
+}
+//# sourceMappingURL=auth.js.map

package/dist/agent/auth.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth.js","sourceRoot":"","sources":["../../agent/auth.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,UAAU,EAAE,WAAW,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AAC9E,OAAO,EAAE,UAAU,EAAE,SAAS,EAAE,YAAY,EAAE,aAAa,EAAE,MAAM,SAAS,CAAC;AAC7E,OAAO,EAAE,QAAQ,EAAE,iBAAiB,EAA6B,MAAM,SAAS,CAAC;AACjF,OAAO,IAAI,MAAM,WAAW,CAAC;AAC7B,OAAO,EAAE,aAAa,EAAE,MAAM,iBAAiB,CAAC;AAChD,OAAO,EAAE,YAAY,EAAE,MAAM,UAAU,CAAC;AAExC,MAAM,YAAY,GAAG,mBAAmB,CAAC;AACzC,MAAM,CAAC,MAAM,qBAAqB,GAAG,iBAAiB,CAAC;AACvD,MAAM,aAAa,GAAG,GAAG,qBAAqB,kBAAkB,CAAC;AACjE,MAAM,YAAY,GAAG,IAAI,CAAC,IAAI,CAAC,YAAY,EAAE,aAAa,EAAE,gBAAgB,CAAC,CAAC;AAC9E,MAAM,oBAAoB,GAAG,IAAI,CAAC,IAAI,CAAC,YAAY,EAAE,sBAAsB,CAAC,CAAC;AAC7E,MAAM,oBAAoB,GAAG,IAAI,CAAC,IAAI,CAAC,YAAY,EAAE,sBAAsB,CAAC,CAAC;AAE7E,IAAI,gBAAgB,GAAkB,IAAI,CAAC;AAC3C,IAAI,cAAc,GAAkB,IAAI,CAAC;AACzC,IAAI,cAAc,GAAkB,IAAI,CAAC;AACzC,IAAI,eAAe,GAAG,KAAK,CAAC;AA2C5B,SAAS,mBAAmB,CAAC,GAAW;IACtC,OAAO,GAAG,CAAC,WAAW,EAAE,CAAC;AAC3B,CAAC;AAED,MAAM,UAAU,qBAAqB,CACnC,aAAkD,iBAAiB,EAAE;IAErE,KAAK,MAAM,KAAK,IAAI,MAAM,CAAC,MAAM,CAAC,UAAU,CAAC,EAAE,CAAC;QAC9C,IAAI,CAAC,KAAK;YAAE,SAAS;QACrB,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;YACzB,IAAI,IAAI,CAAC,QAAQ;gBAAE,SAAS;YAC5B,IAAI,CAAC,IAAI,CAAC,GAAG,IAAI,IAAI,CAAC,GAAG,KAAK,mBAAmB;gBAAE,SAAS;YAC5D,OAAO,mBAAmB,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QACvC,CAAC;IACH,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,MAAM,UAAU,kBAAkB;IAChC,IAAI,gBAAgB;QAAE,OAAO,gBAAgB,CAAC;IAC9C,gBAAgB,GAAG,qBAAqB,EAAE,IAAI,YAAY,CAAC;IAC3D,OAAO,gBAAgB,CAAC;AAC1B,CAAC;AAED,MAAM,UAAU,gBAAgB;IAC9B,IAAI,cAAc;QAAE,OAAO,cAAc,CAAC;IAC1C,cAAc,GAAG,QAAQ,EAAE,CAAC;IAC5B,OAAO,cAAc,CAAC;AACxB,CAAC;AAED,MAAM,UAAU,6BAA6B;IAC3C,gBAAgB,GAAG,IAAI,CAAC;IACxB,cAAc,GAAG,IAAI,CAAC;IACtB,cAAc,GAAG,IAAI,CAAC;IACtB,eAAe,GAAG,KAAK,CAAC;AAC1B,CAAC;AAED,MAAM,UAAU,2BAA2B,CAAC,GAAW;IACrD,gBAAgB,GAAG,mBAAmB,CAAC,GAAG,CAAC,CAAC;AAC9C,CAAC;AAED,MAAM,UAAU,2BAA2B;IACzC,OAAO,UAAU,kBAAkB,EAAE,EAAE,CAAC;AAC1C,CAAC;AAED,MAAM,UAAU,eAAe;IAC7B,OAAO,OAAO,kBAAkB,EAAE,CAAC,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC,EAAE,CAAC;AACzD,CAAC;AAED,SAAS,gBAAgB;IACvB,IAAI,CAAC;QACH,MAAM,EAAE,GAAG,aAAa,EAAE,CAAC,IAAI,EAAE,CAAC;QAClC,OAAO,EAAE,IAAI,IAAI,CAAC;IACpB,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,SAAS,2BAA2B;IAClC,MAAM,GAAG,GAAG,kBAAkB,EAAE,CAAC;IACjC,OAAO;QACL,SAAS,EAAE,gBAAgB,EAAE;QAC7B,GAAG,EAAE,GAAG,KAAK,YAAY,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,GAAG;QACtC,QAAQ,EAAE,gBAAgB,EAAE,IAAI,IAAI;KACrC,CAAC;AACJ,CAAC;AAED,SAAS,uBAAuB;IAC9B,OAAO,UAAU,CAAC,oBAAoB,CAAC,CAAC;AAC1C,CAAC;AAED,SAAS,6BAA6B;IACpC,OAAO,gBAAgB,EAAE,IAAI,eAAe,EAAE,CAAC;AACjD,CAAC;AAED,SAAS,6BAA6B,CAAC,GAAY;IACjD,IAAI,CAAC,GAAG,IAAI,OAAO,GAAG,KAAK,QAAQ;QAAE,OAAO,IAAI,CAAC;IACjD,MAAM,MAAM,GAAG,GAAoC,CAAC;IACpD,IAAI,OAAO,MAAM,CAAC,QAAQ,KAAK,QAAQ,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,EAAE;QAAE,OAAO,IAAI,CAAC;IAChF,IAAI,OAAO,MAAM,CAAC,SAAS,KAAK,QAAQ,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,IAAI,EAAE;QAAE,OAAO,IAAI,CAAC;IAElF,OAAO;QACL,OAAO,EAAE,CAAC;QACV,QAAQ,EAAE,MAAM,CAAC,QAAQ,CAAC,IAAI,EAAE;QAChC,SAAS,EAAE,MAAM,CAAC,SAAS;QAC3B,SAAS,EAAE,OAAO,MAAM,CAAC,SAAS,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,CAAC,IAAI;QACzE,GAAG,EAAE,OAAO,MAAM,CAAC,GAAG,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC,IAAI;QACrE,QAAQ,EAAE,OAAO,MAAM,CAAC,QAAQ,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI;QACtE,MAAM,EAAE,MAAM,CAAC,MAAM,KAAK,QAAQ,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,MAAM;QACtD,gBAAgB,EAAE,OAAO,MAAM,CAAC,gBAAgB,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,gBAAgB,CAAC,CAAC,CAAC,SAAS;QACnG,cAAc,EAAE,MAAM,CAAC,cAAc,KAAK,sBAAsB,CAAC,CAAC,CAAC,sBAAsB,CAAC,CAAC,CAAC,SAAS;QACrG,SAAS,EAAE,OAAO,MAAM,CAAC,SAAS,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS;KAC/E,CAAC;AACJ,CAAC;AAED,SAAS,wBAAwB;IAC/B,IAAI,CAAC;QACH,IAAI,CAAC,UAAU,CAAC,oBAAoB,CAAC;YAAE,OAAO,IAAI,CAAC;QACnD,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,oBAAoB,EAAE,OAAO,CAAC,CAAY,CAAC;QAClF,OAAO,6BAA6B,CAAC,MAAM,CAAC,CAAC;IAC/C,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,SAAS,qBAAqB,CAAC,MAA4B;IACzD,IAAI,CAAC;QACH,SAAS,CAAC,YAAY,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QAC7C,aAAa,CAAC,oBAAoB,EAAE,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,OAAO,CAAC,CAAC;IAChF,CAAC;IAAC,MAAM,CAAC;QACP,0BAA0B;IAC5B,CAAC;AACH,CAAC;AAED,SAAS,sBAAsB,CAC7B,MAA4B,EAC5B,OAA0B;IAE1B,MAAM,eAAe,GAAG,CAAC,CAAC,CACxB,MAAM,CAAC,SAAS;QAChB,OAAO,CAAC,SAAS;QACjB,MAAM,CAAC,SAAS,KAAK,OAAO,CAAC,SAAS,CACvC,CAAC;IAEF,MAAM,WAAW,GAAG,CAAC,CAAC,CACpB,MAAM,CAAC,GAAG;QACV,OAAO,CAAC,GAAG;QACX,MAAM,CAAC,GAAG,CAAC,WAAW,EAAE,KAAK,OAAO,CAAC,GAAG,CAAC,WAAW,EAAE,CACvD,CAAC;IAEF,OAAO,eAAe,IAAI,WAAW,CAAC;AACxC,CAAC;AAED,MAAM,UAAU,0BAA0B,CAAC,KAAiC;IAC1E,MAAM,MAAM,GAAG,KAAK,CAAC,MAAM,IAAI,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;IACxD,MAAM,WAAW,GAAG,KAAK,CAAC,WAAW,IAAI,UAAU,EAAE,CAAC;IACtD,MAAM,QAAQ,GAAG,KAAK,CAAC,cAAc,CAAC,IAAI,EAAE,CAAC;IAE7C,IAAI,KAAK,CAAC,MAAM,EAAE,QAAQ,EAAE,CAAC;QAC3B,IAAI,sBAAsB,CAAC,KAAK,CAAC,MAAM,EAAE,KAAK,CAAC,OAAO,CAAC,EAAE,CAAC;YACxD,OAAO;gBACL,QAAQ,EAAE,WAAW;gBACrB,OAAO,EAAE,IAAI;gBACb,MAAM,EAAE;oBACN,OAAO,EAAE,CAAC;oBACV,QAAQ,EAAE,WAAW;oBACrB,SAAS,EAAE,KAAK,CAAC,MAAM,CAAC,SAAS,IAAI,MAAM;oBAC3C,SAAS,EAAE,KAAK,CAAC,OAAO,CAAC,SAAS;oBAClC,GAAG,EAAE,KAAK,CAAC,OAAO,CAAC,GAAG;oBACtB,QAAQ,EAAE,KAAK,CAAC,OAAO,CAAC,QAAQ;oBAChC,MAAM,EAAE,MAAM;oBACd,gBAAgB,EAAE,KAAK,CAAC,MAAM,CAAC,QAAQ;oBACvC,cAAc,EAAE,sBAAsB;oBACtC,SAAS,EAAE,MAAM;iBAClB;aACF,CAAC;QACJ,CAAC;QAED,OAAO;YACL,QAAQ,EAAE,KAAK,CAAC,MAAM,CAAC,QAAQ;YAC/B,OAAO,EAAE,KAAK;YACd,MAAM,EAAE;gBACN,GAAG,KAAK,CAAC,MAAM;gBACf,OAAO,EAAE,CAAC;gBACV,SAAS,EAAE,KAAK,CAAC,OAAO,CAAC,SAAS;gBAClC,GAAG,EAAE,KAAK,CAAC,OAAO,CAAC,GAAG;gBACtB,QAAQ,EAAE,KAAK,CAAC,OAAO,CAAC,QAAQ;gBAChC,MAAM,EAAE,KAAK,CAAC,MAAM,CAAC,MAAM,IAAI,MAAM;aACtC;SACF,CAAC;IACJ,CAAC;IAED,MAAM,eAAe,GAAG,KAAK,CAAC,iBAAiB,IAAI,CAAC,CAAC,QAAQ,CAAC;IAC9D,MAAM,QAAQ,GAAG,eAAe,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,WAAW,CAAC;IAE1D,OAAO;QACL,QAAQ;QACR,OAAO,EAAE,KAAK;QACd,MAAM,EAAE;YACN,OAAO,EAAE,CAAC;YACV,QAAQ;YACR,SAAS,EAAE,MAAM;YACjB,SAAS,EAAE,KAAK,CAAC,OAAO,CAAC,SAAS;YAClC,GAAG,EAAE,KAAK,CAAC,OAAO,CAAC,GAAG;YACtB,QAAQ,EAAE,KAAK,CAAC,OAAO,CAAC,QAAQ;YAChC,MAAM,EAAE,eAAe,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,MAAM;SAC5C;KACF,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,mBAAmB;IACjC,IAAI,cAAc;QAAE,OAAO,cAAc,CAAC;IAE1C,MAAM,MAAM,GAAG,wBAAwB,EAAE,CAAC;IAC1C,MAAM,QAAQ,GAAG,0BAA0B,CAAC;QAC1C,MAAM;QACN,OAAO,EAAE,2BAA2B,EAAE;QACtC,iBAAiB,EAAE,uBAAuB,EAAE;QAC5C,cAAc,EAAE,6BAA6B,EAAE;KAChD,CAAC,CAAC;IAEH,qBAAqB,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;IACvC,cAAc,GAAG,QAAQ,CAAC,QAAQ,CAAC;IACnC,OAAO,cAAc,CAAC;AACxB,CAAC;AAaD,MAAM,UAAU,mBAAmB,CAAC,OAAmC;IACrE,MAAM,GAAG,GAAG,CAAC,OAAO,CAAC,GAAG,IAAI,kBAAkB,EAAE,CAAC,CAAC,WAAW,EAAE,CAAC;IAChE,MAAM,IAAI,GAAG,OAAO,CAAC,QAAQ,IAAI,gBAAgB,EAAE,CAAC;IACpD,MAAM,WAAW,GAAG;QAClB,GAAG;QACH,IAAI;QACJ,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC;QACzB,OAAO,CAAC,KAAK;KACd,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAEb,OAAO,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;AAChE,CAAC;AAED,SAAS,WAAW,CAAC,MAAM,GAAG,CAAC;IAC7B,IAAI,KAAK,GAAG,EAAE,CAAC;IACf,OAAO,KAAK,CAAC,MAAM,GAAG,MAAM,EAAE,CAAC;QAC7B,KAAK,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;IAC/C,CAAC;IACD,OAAO,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,MAAM,CAAC,CAAC;AAChC,CAAC;AAED,SAAS,aAAa;IACpB,MAAM,SAAS,GAAG,WAAW,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;IAClD,OAAO,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,MAAM,CAAC,SAAS,CAAC,CAAC,QAAQ,CAAC,EAAE,EAAE,GAAG,CAAC,EAAE,CAAC;AAC/D,CAAC;AAED,SAAS,aAAa,CAAC,SAAiB;IACtC,OAAO,SAAS,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,IAAI,SAAS,EAAE,CAAC;AACjE,CAAC;AAED,SAAS,mBAAmB,CAAC,SAAiB;IAC5C,MAAM,UAAU,GAAG,aAAa,CAAC,SAAS,CAAC,CAAC;IAC5C,OAAO,UAAU,KAAK,qBAAqB,IAAI,UAAU,CAAC,UAAU,CAAC,GAAG,qBAAqB,GAAG,CAAC,CAAC;AACpG,CAAC;AAED,SAAS,oBAAoB,CAAC,SAAiB;IAC7C,MAAM,UAAU,GAAG,aAAa,CAAC,SAAS,CAAC,CAAC;IAC5C,OAAO,UAAU,KAAK,aAAa,CAAC;AACtC,CAAC;AAED,SAAS,kBAAkB;IACzB,OAAO,mBAAmB,EAAE,CAAC;AAC/B,CAAC;AAED,SAAS,0BAA0B;IACjC,IAAI,CAAC;QACH,IAAI,CAAC,UAAU,CAAC,oBAAoB,CAAC;YAAE,OAAO,IAAI,CAAC;QACnD,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,oBAAoB,EAAE,OAAO,CAAC,CAAyB,CAAC;QAC5F,MAAM,MAAM,GAAG,GAAG,CAAC,MAAM,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC;QACxC,MAAM,SAAS,GAAG,GAAG,CAAC,SAAS,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC;QAC9C,IAAI,CAAC,MAAM,IAAI,CAAC,SAAS;YAAE,OAAO,IAAI,CAAC;QACvC,OAAO,EAAE,MAAM,EAAE,SAAS,EAAE,CAAC;IAC/B,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,SAAS,iBAAiB,CAAC,QAAgB;IACzC,OAAO,QAAQ,KAAK,qBAAqB,IAAI,QAAQ,CAAC,UAAU,CAAC,GAAG,qBAAqB,GAAG,CAAC,CAAC;AAChG,CAAC;AAED,SAAS,kBAAkB,CAAC,QAAgB;IAC1C,MAAM,cAAc,GAAG,QAAQ,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,QAAQ,EAAE,CAAC;IAC5E,IAAI,iBAAiB,CAAC,cAAc,CAAC;QAAE,OAAO,cAAc,CAAC;IAC7D,OAAO,GAAG,qBAAqB,GAAG,cAAc,EAAE,CAAC;AACrD,CAAC;AAED,SAAS,cAAc,CAAC,aAAqB;IAC3C,MAAM,UAAU,GAAG,aAAa,CAAC,WAAW,EAAE,CAAC;IAC/C,OAAO,UAAU,KAAK,WAAW,IAAI,UAAU,KAAK,WAAW,IAAI,UAAU,KAAK,KAAK,CAAC;AAC1F,CAAC;AAED,MAAM,UAAU,uBAAuB,CAAC,SAAiB;IACvD,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,IAAI,GAAG,CAAC,SAAS,CAAC,CAAC;QAClC,IAAI,cAAc,CAAC,MAAM,CAAC,QAAQ,CAAC,EAAE,CAAC;YACpC,OAAO,MAAM,CAAC,QAAQ,EAAE,CAAC;QAC3B,CAAC;QACD,MAAM,CAAC,QAAQ,GAAG,kBAAkB,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;QACtD,OAAO,MAAM,CAAC,QAAQ,EAAE,CAAC;IAC3B,CAAC;IAAC,MAAM,CAAC;QACP,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,IAAI,GAAG,CAAC,SAAS,EAAE,kBAAkB,CAAC,CAAC;YACtD,OAAO,GAAG,kBAAkB,CAAC,MAAM,CAAC,QAAQ,CAAC,GAAG,MAAM,CAAC,MAAM,GAAG,MAAM,CAAC,IAAI,EAAE,CAAC;QAChF,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,kBAAkB,CAAC,SAAS,CAAC,CAAC;QACvC,CAAC;IACH,CAAC;AACH,CAAC;AAED,MAAM,UAAU,kBAAkB,CAAC,SAAiB;IAClD,IAAI,CAAC;QACH,OAAO,IAAI,GAAG,CAAC,SAAS,CAAC,CAAC,QAAQ,CAAC;IACrC,CAAC;IAAC,MAAM,CAAC;QACP,IAAI,CAAC;YACH,OAAO,IAAI,GAAG,CAAC,SAAS,EAAE,kBAAkB,CAAC,CAAC,QAAQ,CAAC;QACzD,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,SAAS,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,IAAI,SAAS,EAAE,CAAC;QACjE,CAAC;IACH,CAAC;AACH,CAAC;AAeD,MAAM,UAAU,sBAAsB,CAAC,OAAsC;IAC3E,IAAI,mBAAmB,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,oBAAoB,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC;QAC7E,MAAM,IAAI,GAAG,0BAA0B,EAAE,CAAC;QAC1C,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,MAAM,IAAI,KAAK,CAAC,uDAAuD,CAAC,CAAC;QAC3E,CAAC;QAED,MAAM,QAAQ,GAAG,kBAAkB,EAAE,CAAC;QACtC,MAAM,aAAa,GAAG,OAAO,CAAC,aAAa,IAAI,IAAI,CAAC,GAAG,EAAE,CAAC;QAC1D,MAAM,OAAO,GAAG,OAAO,CAAC,OAAO,EAAE,IAAI,EAAE,IAAI,aAAa,EAAE,CAAC;QAC3D,MAAM,OAAO,GAAG,GAAG,QAAQ,IAAI,IAAI,CAAC,MAAM,IAAI,aAAa,IAAI,OAAO,EAAE,CAAC;QACzE,MAAM,SAAS,GAAG,UAAU,CAAC,QAAQ,EAAE,IAAI,CAAC,SAAS,CAAC,CAAC,MAAM,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;QACjG,MAAM,OAAO,GAA2B;YACtC,aAAa,EAAE,QAAQ;YACvB,gBAAgB,EAAE,MAAM,CAAC,aAAa,CAAC;YACvC,OAAO;YACP,QAAQ,EAAE,SAAS;SACpB,CAAC;QAEF,IAAI,OAAO,CAAC,aAAa,KAAK,IAAI,IAAI,OAAO,CAAC,aAAa,KAAK,SAAS,EAAE,CAAC;YAC1E,OAAO,CAAC,aAAa,GAAG,OAAO,CAAC,aAAa,CAAC;QAChD,CAAC;QAED,OAAO,OAAO,CAAC;IACjB,CAAC;IAED,IAAI,oBAAoB,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC;QACvC,MAAM,OAAO,GAA2B,EAAE,CAAC;QAC3C,IAAI,OAAO,CAAC,OAAO,EAAE,IAAI,EAAE,EAAE,CAAC;YAC5B,OAAO,CAAC,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC;QAC3C,CAAC;QACD,IAAI,OAAO,CAAC,aAAa,KAAK,IAAI,IAAI,OAAO,CAAC,aAAa,KAAK,SAAS,EAAE,CAAC;YAC1E,OAAO,CAAC,aAAa,GAAG,OAAO,CAAC,aAAa,CAAC;QAChD,CAAC;QACD,OAAO,OAAO,CAAC;IACjB,CAAC;IAED,MAAM,GAAG,GAAG,CAAC,OAAO,CAAC,GAAG,IAAI,kBAAkB,EAAE,CAAC,CAAC,WAAW,EAAE,CAAC;IAChE,MAAM,IAAI,GAAG,OAAO,CAAC,QAAQ,IAAI,gBAAgB,EAAE,CAAC;IACpD,MAAM,SAAS,GAAG,OAAO,CAAC,SAAS,IAAI,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;IACrE,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,IAAI,WAAW,EAAE,CAAC;IAC7C,MAAM,IAAI,GAAG,mBAAmB,CAAC;QAC/B,GAAG;QACH,QAAQ,EAAE,IAAI;QACd,SAAS;QACT,KAAK;QACL,MAAM,EAAE,OAAO,CAAC,MAAM;QACtB,IAAI,EAAE,OAAO,CAAC,IAAI;QAClB,IAAI,EAAE,OAAO,CAAC,IAAI;KACnB,CAAC,CAAC;IAEH,MAAM,OAAO,GAA2B;QACtC,OAAO,EAAE,GAAG;QACZ,YAAY,EAAE,IAAI;QAClB,aAAa,EAAE,MAAM,CAAC,SAAS,CAAC;QAChC,SAAS,EAAE,KAAK;QAChB,QAAQ,EAAE,IAAI;KACf,CAAC;IAEF,IAAI,OAAO,CAAC,aAAa,KAAK,IAAI,EAAE,CAAC;QACnC,OAAO,CAAC,aAAa,GAAG,OAAO,CAAC,aAAa,IAAI,2BAA2B,EAAE,CAAC;IACjF,CAAC;IAED,IAAI,CAAC,eAAe,EAAE,CAAC;QACrB,OAAO,CAAC,IAAI,CAAC,yBAAyB,GAAG,SAAS,CAAC,CAAC;QACpD,eAAe,GAAG,IAAI,CAAC;IACzB,CAAC;IAED,OAAO,OAAO,CAAC;AACjB,CAAC;AAMD,MAAM,UAAU,4BAA4B,CAC1C,OAA4C;IAE5C,OAAO,sBAAsB,CAAC;QAC5B,GAAG,OAAO;QACV,IAAI,EAAE,kBAAkB,CAAC,OAAO,CAAC,GAAG,CAAC;KACtC,CAAC,CAAC;AACL,CAAC"}

package/dist/agent/behavior-detector.d.ts

@@ -0,0 +1,150 @@
+/**
+ * Behavioral anomaly detector — runs at before_tool_call.
+ *
+ * Responsibilities:
+ *   1. Collect high-risk tool calls (file read, shell, web fetch) and send to Core
+ *   2. Record completed tool calls in the chain history
+ *   3. Core does all classification, signal computation, and risk decisions
+ *   4. Fail-open: if Core is unavailable, allow execution
+ */
+import type { CoreCredentials } from "./config.js";
+import type { PromptScanResponse, Logger, DetectionFinding } from "./types.js";
+export declare const FILE_READ_TOOLS: Set<string>;
+export declare const SHELL_TOOLS: Set<string>;
+export declare const WEB_FETCH_TOOLS: Set<string>;
+export type BlockDecision = {
+    block: true;
+    blockReason: string;
+    findings?: DetectionFinding[];
+};
+export type DetectionConfig = {
+    coreUrl: string;
+    /** Timeout for Core assess call (ms). Capped at ~3s to avoid holding up agent. */
+    assessTimeoutMs: number;
+    blockOnRisk: boolean;
+    pluginVersion: string;
+};
+/** Response from Core content scan API */
+export type ContentScanResult = {
+    detected: boolean;
+    action?: "allow" | "alert" | "block";
+    riskLevel?: "no_risk" | "low" | "medium" | "high" | "critical";
+    confidence?: number;
+    explanation?: string;
+    categories: string[];
+    findings: Array<{
+        scanner: string;
+        name: string;
+        matchedText: string;
+        confidence: "high" | "medium" | "low";
+    }>;
+    summary: string;
+    latency_ms: number;
+};
+/** Response when quota is exceeded - still a success but no verdict */
+export type QuotaExceededInfo = {
+    quotaExceeded: true;
+    quotaUsed: number;
+    quotaTotal: number;
+    /** true = autonomous mode (no email), false = human managed mode (email verified) */
+    isAutonomous: boolean;
+    resetAt: string | null;
+    upgradeUrl: string;
+    message: string;
+    /** Persuasive message for the agent to convince the user to purchase */
+    recommendation: string;
+};
+/** Callback for quota exceeded notification */
+export type OnQuotaExceededCallback = (info: QuotaExceededInfo) => void;
+export declare class BehaviorDetector {
+    private sessions;
+    private coreCredentials;
+    private config;
+    private log;
+    /** HTTP status codes we've already warned about — avoid log spam */
+    private warnedStatuses;
+    /** Track if we've already notified about quota exceeded (avoid spam) */
+    private quotaExceededNotified;
+    /** Callback for quota exceeded notification */
+    private onQuotaExceeded;
+    /** Pending quota exceeded message to append to next tool result */
+    private pendingQuotaMessage;
+    /** Callback for secret detection (business reporting) */
+    private onSecretDetected;
+    private formatEngineLogPayload;
+    private logEngineRequest;
+    private logEngineResponse;
+    private logEngineError;
+    constructor(config: DetectionConfig, log: Logger);
+    setCredentials(creds: CoreCredentials | null): void;
+    /** Set callback for when quota is exceeded */
+    setOnQuotaExceeded(callback: OnQuotaExceededCallback | null): void;
+    /** Set callback for when secrets are detected in params (business reporting) */
+    setOnSecretDetected(callback: ((typeCounts: Record<string, number>) => void) | null): void;
+    /** Reset quota exceeded notification flag (e.g., on new day) */
+    resetQuotaExceededNotification(): void;
+    /** Get and clear pending quota message (for appending to tool results) */
+    consumePendingQuotaMessage(): QuotaExceededInfo | null;
+    setUserIntent(sessionKey: string, message: string): void;
+    clearSession(sessionKey: string): void;
+    /**
+     * Read-and-clear latest prompt block decision for a session.
+     * Used by message_sending to terminate output immediately when user input
+     * was classified as block.
+     */
+    consumePromptBlockDecision(sessionKey: string): PromptScanResponse | null;
+    /**
+     * Read current prompt block decision without consuming it.
+     * Useful when upstream hooks need to render a risk message while preserving
+     * the block decision for downstream enforcement.
+     */
+    getPendingPromptBlockDecision(sessionKey: string): PromptScanResponse | null;
+    /**
+     * Read current prompt alert decision without consuming it.
+     * Alert remains pending until user explicitly confirms.
+     */
+    getPendingPromptAlertDecision(sessionKey: string): PromptScanResponse | null;
+    /**
+     * Confirm and clear pending prompt alert for a session.
+     */
+    confirmPendingPromptAlert(sessionKey: string): PromptScanResponse | null;
+    consumeConfirmedPromptReplay(sessionKey: string): string | null;
+    /**
+     * Called at before_tool_call. Returns a block decision or undefined (allow).
+     *
+     * All tool calls are sent to Core to build a complete tool chain.
+     * If Core is unavailable, fail-open (allow).
+     */
+    onBeforeToolCall(ctx: {
+        sessionKey: string;
+        agentId?: string;
+    }, event: {
+        toolName: string;
+        params: Record<string, unknown>;
+    }): Promise<BlockDecision | undefined>;
+    /**
+     * Called at after_tool_call. Records the completed tool in the chain.
+     */
+    onAfterToolCall(ctx: {
+        sessionKey: string;
+    }, event: {
+        toolName: string;
+        params: Record<string, unknown>;
+        result?: unknown;
+        error?: string;
+        durationMs?: number;
+    }): void;
+    /**
+     * Scan tool result content for injection patterns via Core API.
+     * Returns scan result or null if scan failed/unavailable.
+     */
+    scanContent(sessionKey: string, toolName: string, content: string): Promise<ContentScanResult | null>;
+    /**
+     * Scan raw user prompt content at message_received(user).
+     * Stores latest decision in session state for optional enforcement during before_tool_call.
+     */
+    scanPrompt(sessionKey: string, prompt: string): Promise<PromptScanResponse | null>;
+    private getOrCreate;
+    private callAssessApi;
+}
+//# sourceMappingURL=behavior-detector.d.ts.map

package/dist/agent/behavior-detector.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"behavior-detector.d.ts","sourceRoot":"","sources":["../../agent/behavior-detector.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAGH,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;AACnD,OAAO,KAAK,EAKV,kBAAkB,EAGlB,MAAM,EACN,gBAAgB,EACjB,MAAM,YAAY,CAAC;AAUpB,eAAO,MAAM,eAAe,aAG1B,CAAC;AAEH,eAAO,MAAM,WAAW,aAGtB,CAAC;AAEH,eAAO,MAAM,eAAe,aAG1B,CAAC;AAqDH,MAAM,MAAM,aAAa,GAAG;IAAE,KAAK,EAAE,IAAI,CAAC;IAAC,WAAW,EAAE,MAAM,CAAC;IAAC,QAAQ,CAAC,EAAE,gBAAgB,EAAE,CAAA;CAAE,CAAC;AAChG,MAAM,MAAM,eAAe,GAAG;IAC5B,OAAO,EAAE,MAAM,CAAC;IAChB,kFAAkF;IAClF,eAAe,EAAE,MAAM,CAAC;IACxB,WAAW,EAAE,OAAO,CAAC;IACrB,aAAa,EAAE,MAAM,CAAC;CACvB,CAAC;AAEF,0CAA0C;AAC1C,MAAM,MAAM,iBAAiB,GAAG;IAC9B,QAAQ,EAAE,OAAO,CAAC;IAClB,MAAM,CAAC,EAAE,OAAO,GAAG,OAAO,GAAG,OAAO,CAAC;IACrC,SAAS,CAAC,EAAE,SAAS,GAAG,KAAK,GAAG,QAAQ,GAAG,MAAM,GAAG,UAAU,CAAC;IAC/D,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,UAAU,EAAE,MAAM,EAAE,CAAC;IACrB,QAAQ,EAAE,KAAK,CAAC;QACd,OAAO,EAAE,MAAM,CAAC;QAChB,IAAI,EAAE,MAAM,CAAC;QACb,WAAW,EAAE,MAAM,CAAC;QACpB,UAAU,EAAE,MAAM,GAAG,QAAQ,GAAG,KAAK,CAAC;KACvC,CAAC,CAAC;IACH,OAAO,EAAE,MAAM,CAAC;IAChB,UAAU,EAAE,MAAM,CAAC;CACpB,CAAC;AAEF,uEAAuE;AACvE,MAAM,MAAM,iBAAiB,GAAG;IAC9B,aAAa,EAAE,IAAI,CAAC;IACpB,SAAS,EAAE,MAAM,CAAC;IAClB,UAAU,EAAE,MAAM,CAAC;IACnB,qFAAqF;IACrF,YAAY,EAAE,OAAO,CAAC;IACtB,OAAO,EAAE,MAAM,GAAG,IAAI,CAAC;IACvB,UAAU,EAAE,MAAM,CAAC;IACnB,OAAO,EAAE,MAAM,CAAC;IAChB,wEAAwE;IACxE,cAAc,EAAE,MAAM,CAAC;CACxB,CAAC;AAEF,+CAA+C;AAC/C,MAAM,MAAM,uBAAuB,GAAG,CAAC,IAAI,EAAE,iBAAiB,KAAK,IAAI,CAAC;AAOxE,qBAAa,gBAAgB;IAC3B,OAAO,CAAC,QAAQ,CAAmC;IACnD,OAAO,CAAC,eAAe,CAAgC;IACvD,OAAO,CAAC,MAAM,CAAkB;IAChC,OAAO,CAAC,GAAG,CAAS;IACpB,oEAAoE;IACpE,OAAO,CAAC,cAAc,CAAqB;IAC3C,wEAAwE;IACxE,OAAO,CAAC,qBAAqB,CAAS;IACtC,+CAA+C;IAC/C,OAAO,CAAC,eAAe,CAAwC;IAC/D,mEAAmE;IACnE,OAAO,CAAC,mBAAmB,CAAkC;IAC7D,yDAAyD;IACzD,OAAO,CAAC,gBAAgB,CAA+D;IAEvF,OAAO,CAAC,sBAAsB;IAU9B,OAAO,CAAC,gBAAgB;IAMxB,OAAO,CAAC,iBAAiB;IAMzB,OAAO,CAAC,cAAc;gBAMV,MAAM,EAAE,eAAe,EAAE,GAAG,EAAE,MAAM;IAKhD,cAAc,CAAC,KAAK,EAAE,eAAe,GAAG,IAAI,GAAG,IAAI;IAInD,8CAA8C;IAC9C,kBAAkB,CAAC,QAAQ,EAAE,uBAAuB,GAAG,IAAI,GAAG,IAAI;IAIlE,gFAAgF;IAChF,mBAAmB,CAAC,QAAQ,EAAE,CAAC,CAAC,UAAU,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,KAAK,IAAI,CAAC,GAAG,IAAI,GAAG,IAAI;IAK1F,gEAAgE;IAChE,8BAA8B,IAAI,IAAI;IAKtC,0EAA0E;IAC1E,0BAA0B,IAAI,iBAAiB,GAAG,IAAI;IAMtD,aAAa,CAAC,UAAU,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,GAAG,IAAI;IAWxD,YAAY,CAAC,UAAU,EAAE,MAAM,GAAG,IAAI;IAItC;;;;OAIG;IACH,0BAA0B,CAAC,UAAU,EAAE,MAAM,GAAG,kBAAkB,GAAG,IAAI;IASzE;;;;OAIG;IACH,6BAA6B,CAAC,UAAU,EAAE,MAAM,GAAG,kBAAkB,GAAG,IAAI;IAO5E;;;OAGG;IACH,6BAA6B,CAAC,UAAU,EAAE,MAAM,GAAG,kBAAkB,GAAG,IAAI;IAI5E;;OAEG;IACH,yBAAyB,CAAC,UAAU,EAAE,MAAM,GAAG,kBAAkB,GAAG,IAAI;IAaxE,4BAA4B,CAAC,UAAU,EAAE,MAAM,GAAG,MAAM,GAAG,IAAI;IAQ/D;;;;;OAKG;IACG,gBAAgB,CACpB,GAAG,EAAE;QAAE,UAAU,EAAE,MAAM,CAAC;QAAC,OAAO,CAAC,EAAE,MAAM,CAAA;KAAE,EAC7C,KAAK,EAAE;QAAE,QAAQ,EAAE,MAAM,CAAC;QAAC,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAA;KAAE,GAC3D,OAAO,CAAC,aAAa,GAAG,SAAS,CAAC;IA+ErC;;OAEG;IACH,eAAe,CACb,GAAG,EAAE;QAAE,UAAU,EAAE,MAAM,CAAA;KAAE,EAC3B,KAAK,EAAE;QACL,QAAQ,EAAE,MAAM,CAAC;QACjB,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;QAChC,MAAM,CAAC,EAAE,OAAO,CAAC;QACjB,KAAK,CAAC,EAAE,MAAM,CAAC;QACf,UAAU,CAAC,EAAE,MAAM,CAAC;KACrB,GACA,IAAI;IA6BP;;;OAGG;IACG,WAAW,CACf,UAAU,EAAE,MAAM,EAClB,QAAQ,EAAE,MAAM,EAChB,OAAO,EAAE,MAAM,GACd,OAAO,CAAC,iBAAiB,GAAG,IAAI,CAAC;IA2DpC;;;OAGG;IACG,UAAU,CAAC,UAAU,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,kBAAkB,GAAG,IAAI,CAAC;IAyGxF,OAAO,CAAC,WAAW;YA+BL,aAAa;CAuF5B"}