agent-threat-rules 0.1.0

package/dist/index.d.ts

@@ -0,0 +1,18 @@
+/**
+ * ATR (Agent Threat Rules) - Detection rules for AI Agent threats
+ *
+ * ATR is an open standard for writing detection rules specifically
+ * for AI agent threats. Think "Sigma for AI Agents."
+ *
+ * @module agent-threat-rules
+ */
+export { ATREngine } from './engine.js';
+export type { ATREngineConfig } from './engine.js';
+export { SessionTracker } from './session-tracker.js';
+export type { SessionStateSnapshot } from './session-tracker.js';
+export { loadRuleFile, loadRulesFromDirectory, validateRule } from './loader.js';
+export { ModuleRegistry } from './modules/index.js';
+export type { ATRModule, ModuleCondition, ModuleResult } from './modules/index.js';
+export { SessionModule } from './modules/session.js';
+export type { ATRRule, ATRMatch, AgentEvent, AgentEventType, ATRAction, ATRCategory, ATRSeverity, ATRStatus, ATRConfidence, ATRSourceType, ATRMatchType, ATROperator, ATRReferences, ATRTags, ATRAgentSource, ATRDetection, ATRResponse, ATRTestCases, ATRTestCase, ATRPatternCondition, ATRBehavioralCondition, ATRSequenceCondition, ATRSequenceStep, } from './types.js';
+//# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,EAAE,SAAS,EAAE,MAAM,aAAa,CAAC;AACxC,YAAY,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;AACnD,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AACtD,YAAY,EAAE,oBAAoB,EAAE,MAAM,sBAAsB,CAAC;AACjE,OAAO,EAAE,YAAY,EAAE,sBAAsB,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AACjF,OAAO,EAAE,cAAc,EAAE,MAAM,oBAAoB,CAAC;AACpD,YAAY,EAAE,SAAS,EAAE,eAAe,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AACnF,OAAO,EAAE,aAAa,EAAE,MAAM,sBAAsB,CAAC;AACrD,YAAY,EACV,OAAO,EACP,QAAQ,EACR,UAAU,EACV,cAAc,EACd,SAAS,EACT,WAAW,EACX,WAAW,EACX,SAAS,EACT,aAAa,EACb,aAAa,EACb,YAAY,EACZ,WAAW,EACX,aAAa,EACb,OAAO,EACP,cAAc,EACd,YAAY,EACZ,WAAW,EACX,YAAY,EACZ,WAAW,EACX,mBAAmB,EACnB,sBAAsB,EACtB,oBAAoB,EACpB,eAAe,GAChB,MAAM,YAAY,CAAC"}

package/dist/index.js

@@ -0,0 +1,14 @@
+/**
+ * ATR (Agent Threat Rules) - Detection rules for AI Agent threats
+ *
+ * ATR is an open standard for writing detection rules specifically
+ * for AI agent threats. Think "Sigma for AI Agents."
+ *
+ * @module agent-threat-rules
+ */
+export { ATREngine } from './engine.js';
+export { SessionTracker } from './session-tracker.js';
+export { loadRuleFile, loadRulesFromDirectory, validateRule } from './loader.js';
+export { ModuleRegistry } from './modules/index.js';
+export { SessionModule } from './modules/session.js';
+//# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,EAAE,SAAS,EAAE,MAAM,aAAa,CAAC;AAExC,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AAEtD,OAAO,EAAE,YAAY,EAAE,sBAAsB,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AACjF,OAAO,EAAE,cAAc,EAAE,MAAM,oBAAoB,CAAC;AAEpD,OAAO,EAAE,aAAa,EAAE,MAAM,sBAAsB,CAAC"}

package/dist/loader.d.ts

@@ -0,0 +1,21 @@
+/**
+ * ATR Rule Loader - Reads and parses ATR YAML rule files
+ * @module agent-threat-rules/loader
+ */
+import type { ATRRule } from './types.js';
+/**
+ * Load a single ATR rule from a YAML file.
+ */
+export declare function loadRuleFile(filePath: string): ATRRule;
+/**
+ * Recursively load all ATR YAML rules from a directory.
+ */
+export declare function loadRulesFromDirectory(dirPath: string): ATRRule[];
+/**
+ * Validate that a parsed object conforms to the ATR rule schema (basic checks).
+ */
+export declare function validateRule(rule: unknown): {
+    valid: boolean;
+    errors: string[];
+};
+//# sourceMappingURL=loader.d.ts.map

package/dist/loader.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"loader.d.ts","sourceRoot":"","sources":["../src/loader.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAKH,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,YAAY,CAAC;AAE1C;;GAEG;AACH,wBAAgB,YAAY,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAStD;AAED;;GAEG;AACH,wBAAgB,sBAAsB,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,EAAE,CAoBjE;AAED;;GAEG;AACH,wBAAgB,YAAY,CAAC,IAAI,EAAE,OAAO,GAAG;IAAE,KAAK,EAAE,OAAO,CAAC;IAAC,MAAM,EAAE,MAAM,EAAE,CAAA;CAAE,CAwFhF"}

package/dist/loader.js

@@ -0,0 +1,124 @@
+/**
+ * ATR Rule Loader - Reads and parses ATR YAML rule files
+ * @module agent-threat-rules/loader
+ */
+import { readFileSync, readdirSync, statSync } from 'node:fs';
+import { join, extname } from 'node:path';
+import yaml from 'js-yaml';
+/**
+ * Load a single ATR rule from a YAML file.
+ */
+export function loadRuleFile(filePath) {
+    const content = readFileSync(filePath, 'utf-8');
+    const parsed = yaml.load(content);
+    if (!parsed.id || !parsed.title || !parsed.detection) {
+        throw new Error(`Invalid ATR rule in ${filePath}: missing required fields (id, title, detection)`);
+    }
+    return parsed;
+}
+/**
+ * Recursively load all ATR YAML rules from a directory.
+ */
+export function loadRulesFromDirectory(dirPath) {
+    const rules = [];
+    const entries = readdirSync(dirPath);
+    for (const entry of entries) {
+        const fullPath = join(dirPath, entry);
+        const stat = statSync(fullPath);
+        if (stat.isDirectory()) {
+            rules.push(...loadRulesFromDirectory(fullPath));
+        }
+        else if (stat.isFile() && (extname(entry) === '.yaml' || extname(entry) === '.yml')) {
+            try {
+                rules.push(loadRuleFile(fullPath));
+            }
+            catch {
+                // Skip invalid rule files — logged at caller level
+            }
+        }
+    }
+    return rules;
+}
+/**
+ * Validate that a parsed object conforms to the ATR rule schema (basic checks).
+ */
+export function validateRule(rule) {
+    const errors = [];
+    const r = rule;
+    // Required fields
+    const required = ['title', 'id', 'status', 'description', 'author', 'date', 'severity', 'tags', 'agent_source', 'detection', 'response'];
+    for (const field of required) {
+        if (!r[field]) {
+            errors.push(`Missing required field: ${field}`);
+        }
+    }
+    // ID format
+    if (typeof r['id'] === 'string' && !/^ATR-\d{4}-\d{3}$/.test(r['id'])) {
+        errors.push(`Invalid id format: ${r['id']} (expected ATR-YYYY-NNN)`);
+    }
+    // Status enum
+    const validStatuses = ['draft', 'experimental', 'stable', 'deprecated'];
+    if (typeof r['status'] === 'string' && !validStatuses.includes(r['status'])) {
+        errors.push(`Invalid status: ${r['status']}`);
+    }
+    // Severity enum
+    const validSeverities = ['critical', 'high', 'medium', 'low', 'informational'];
+    if (typeof r['severity'] === 'string' && !validSeverities.includes(r['severity'])) {
+        errors.push(`Invalid severity: ${r['severity']}`);
+    }
+    // Tags category
+    const tags = r['tags'];
+    if (tags) {
+        const validCategories = [
+            'prompt-injection', 'tool-poisoning', 'context-exfiltration',
+            'agent-manipulation', 'privilege-escalation', 'excessive-autonomy',
+            'data-poisoning', 'model-abuse', 'skill-compromise',
+        ];
+        if (typeof tags['category'] === 'string' && !validCategories.includes(tags['category'])) {
+            errors.push(`Invalid tags.category: ${tags['category']}`);
+        }
+    }
+    // Agent source type
+    const agentSource = r['agent_source'];
+    if (agentSource) {
+        const validTypes = [
+            'llm_io', 'tool_call', 'mcp_exchange', 'agent_behavior',
+            'multi_agent_comm', 'context_window', 'memory_access',
+            'skill_lifecycle', 'skill_permission', 'skill_chain',
+        ];
+        if (typeof agentSource['type'] === 'string' && !validTypes.includes(agentSource['type'])) {
+            errors.push(`Invalid agent_source.type: ${agentSource['type']}`);
+        }
+    }
+    // Detection must have conditions and condition
+    const detection = r['detection'];
+    if (detection) {
+        if (!detection['conditions']) {
+            errors.push('Missing detection.conditions');
+        }
+        if (!detection['condition']) {
+            errors.push('Missing detection.condition');
+        }
+    }
+    // Response must have actions
+    const response = r['response'];
+    if (response) {
+        if (!Array.isArray(response['actions']) || response['actions'].length === 0) {
+            errors.push('Missing or empty response.actions');
+        }
+    }
+    // Test cases validation
+    const testCases = r['test_cases'];
+    if (testCases) {
+        const tp = testCases['true_positives'];
+        const tn = testCases['true_negatives'];
+        if (!Array.isArray(tp) || tp.length === 0) {
+            errors.push('test_cases.true_positives must have at least one entry');
+        }
+        if (!Array.isArray(tn) || tn.length === 0) {
+            errors.push('test_cases.true_negatives must have at least one entry');
+        }
+    }
+    return { valid: errors.length === 0, errors };
+}
+//# sourceMappingURL=loader.js.map

package/dist/loader.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"loader.js","sourceRoot":"","sources":["../src/loader.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,EAAE,YAAY,EAAE,WAAW,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAC;AAC9D,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AAC1C,OAAO,IAAI,MAAM,SAAS,CAAC;AAG3B;;GAEG;AACH,MAAM,UAAU,YAAY,CAAC,QAAgB;IAC3C,MAAM,OAAO,GAAG,YAAY,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;IAChD,MAAM,MAAM,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,CAAY,CAAC;IAE7C,IAAI,CAAC,MAAM,CAAC,EAAE,IAAI,CAAC,MAAM,CAAC,KAAK,IAAI,CAAC,MAAM,CAAC,SAAS,EAAE,CAAC;QACrD,MAAM,IAAI,KAAK,CAAC,uBAAuB,QAAQ,kDAAkD,CAAC,CAAC;IACrG,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,sBAAsB,CAAC,OAAe;IACpD,MAAM,KAAK,GAAc,EAAE,CAAC;IAE5B,MAAM,OAAO,GAAG,WAAW,CAAC,OAAO,CAAC,CAAC;IACrC,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE,CAAC;QAC5B,MAAM,QAAQ,GAAG,IAAI,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;QACtC,MAAM,IAAI,GAAG,QAAQ,CAAC,QAAQ,CAAC,CAAC;QAEhC,IAAI,IAAI,CAAC,WAAW,EAAE,EAAE,CAAC;YACvB,KAAK,CAAC,IAAI,CAAC,GAAG,sBAAsB,CAAC,QAAQ,CAAC,CAAC,CAAC;QAClD,CAAC;aAAM,IAAI,IAAI,CAAC,MAAM,EAAE,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,KAAK,OAAO,IAAI,OAAO,CAAC,KAAK,CAAC,KAAK,MAAM,CAAC,EAAE,CAAC;YACtF,IAAI,CAAC;gBACH,KAAK,CAAC,IAAI,CAAC,YAAY,CAAC,QAAQ,CAAC,CAAC,CAAC;YACrC,CAAC;YAAC,MAAM,CAAC;gBACP,mDAAmD;YACrD,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,YAAY,CAAC,IAAa;IACxC,MAAM,MAAM,GAAa,EAAE,CAAC;IAC5B,MAAM,CAAC,GAAG,IAA+B,CAAC;IAE1C,kBAAkB;IAClB,MAAM,QAAQ,GAAG,CAAC,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,aAAa,EAAE,QAAQ,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,EAAE,cAAc,EAAE,WAAW,EAAE,UAAU,CAAC,CAAC;IACzI,KAAK,MAAM,KAAK,IAAI,QAAQ,EAAE,CAAC;QAC7B,IAAI,CAAC,CAAC,CAAC,KAAK,CAAC,EAAE,CAAC;YACd,MAAM,CAAC,IAAI,CAAC,2BAA2B,KAAK,EAAE,CAAC,CAAC;QAClD,CAAC;IACH,CAAC;IAED,YAAY;IACZ,IAAI,OAAO,CAAC,CAAC,IAAI,CAAC,KAAK,QAAQ,IAAI,CAAC,mBAAmB,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,EAAE,CAAC;QACtE,MAAM,CAAC,IAAI,CAAC,sBAAsB,CAAC,CAAC,IAAI,CAAC,0BAA0B,CAAC,CAAC;IACvE,CAAC;IAED,cAAc;IACd,MAAM,aAAa,GAAG,CAAC,OAAO,EAAE,cAAc,EAAE,QAAQ,EAAE,YAAY,CAAC,CAAC;IACxE,IAAI,OAAO,CAAC,CAAC,QAAQ,CAAC,KAAK,QAAQ,IAAI,CAAC,aAAa,CAAC,QAAQ,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,CAAC;QAC5E,MAAM,CAAC,IAAI,CAAC,mBAAmB,CAAC,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC;IAChD,CAAC;IAED,gBAAgB;IAChB,MAAM,eAAe,GAAG,CAAC,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE,KAAK,EAAE,eAAe,CAAC,CAAC;IAC/E,IAAI,OAAO,CAAC,CAAC,UAAU,CAAC,KAAK,QAAQ,IAAI,CAAC,eAAe,CAAC,QAAQ,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,EAAE,CAAC;QAClF,MAAM,CAAC,IAAI,CAAC,qBAAqB,CAAC,CAAC,UAAU,CAAC,EAAE,CAAC,CAAC;IACpD,CAAC;IAED,gBAAgB;IAChB,MAAM,IAAI,GAAG,CAAC,CAAC,MAAM,CAAwC,CAAC;IAC9D,IAAI,IAAI,EAAE,CAAC;QACT,MAAM,eAAe,GAAG;YACtB,kBAAkB,EAAE,gBAAgB,EAAE,sBAAsB;YAC5D,oBAAoB,EAAE,sBAAsB,EAAE,oBAAoB;YAClE,gBAAgB,EAAE,aAAa,EAAE,kBAAkB;SACpD,CAAC;QACF,IAAI,OAAO,IAAI,CAAC,UAAU,CAAC,KAAK,QAAQ,IAAI,CAAC,eAAe,CAAC,QAAQ,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,EAAE,CAAC;YACxF,MAAM,CAAC,IAAI,CAAC,0BAA0B,IAAI,CAAC,UAAU,CAAC,EAAE,CAAC,CAAC;QAC5D,CAAC;IACH,CAAC;IAED,oBAAoB;IACpB,MAAM,WAAW,GAAG,CAAC,CAAC,cAAc,CAAwC,CAAC;IAC7E,IAAI,WAAW,EAAE,CAAC;QAChB,MAAM,UAAU,GAAG;YACjB,QAAQ,EAAE,WAAW,EAAE,cAAc,EAAE,gBAAgB;YACvD,kBAAkB,EAAE,gBAAgB,EAAE,eAAe;YACrD,iBAAiB,EAAE,kBAAkB,EAAE,aAAa;SACrD,CAAC;QACF,IAAI,OAAO,WAAW,CAAC,MAAM,CAAC,KAAK,QAAQ,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC,EAAE,CAAC;YACzF,MAAM,CAAC,IAAI,CAAC,8BAA8B,WAAW,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;QACnE,CAAC;IACH,CAAC;IAED,+CAA+C;IAC/C,MAAM,SAAS,GAAG,CAAC,CAAC,WAAW,CAAwC,CAAC;IACxE,IAAI,SAAS,EAAE,CAAC;QACd,IAAI,CAAC,SAAS,CAAC,YAAY,CAAC,EAAE,CAAC;YAC7B,MAAM,CAAC,IAAI,CAAC,8BAA8B,CAAC,CAAC;QAC9C,CAAC;QACD,IAAI,CAAC,SAAS,CAAC,WAAW,CAAC,EAAE,CAAC;YAC5B,MAAM,CAAC,IAAI,CAAC,6BAA6B,CAAC,CAAC;QAC7C,CAAC;IACH,CAAC;IAED,6BAA6B;IAC7B,MAAM,QAAQ,GAAG,CAAC,CAAC,UAAU,CAAwC,CAAC;IACtE,IAAI,QAAQ,EAAE,CAAC;QACb,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC,IAAI,QAAQ,CAAC,SAAS,CAAC,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC5E,MAAM,CAAC,IAAI,CAAC,mCAAmC,CAAC,CAAC;QACnD,CAAC;IACH,CAAC;IAED,wBAAwB;IACxB,MAAM,SAAS,GAAG,CAAC,CAAC,YAAY,CAAwC,CAAC;IACzE,IAAI,SAAS,EAAE,CAAC;QACd,MAAM,EAAE,GAAG,SAAS,CAAC,gBAAgB,CAAC,CAAC;QACvC,MAAM,EAAE,GAAG,SAAS,CAAC,gBAAgB,CAAC,CAAC;QACvC,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,EAAE,CAAC,IAAI,EAAE,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC1C,MAAM,CAAC,IAAI,CAAC,wDAAwD,CAAC,CAAC;QACxE,CAAC;QACD,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,EAAE,CAAC,IAAI,EAAE,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC1C,MAAM,CAAC,IAAI,CAAC,wDAAwD,CAAC,CAAC;QACxE,CAAC;IACH,CAAC;IAED,OAAO,EAAE,KAAK,EAAE,MAAM,CAAC,MAAM,KAAK,CAAC,EAAE,MAAM,EAAE,CAAC;AAChD,CAAC"}

package/dist/modules/index.d.ts

@@ -0,0 +1,143 @@
+/**
+ * ATR Module System
+ *
+ * Extensible detection modules beyond regex pattern matching.
+ * Inspired by YARA modules, adapted for AI agent threat detection.
+ *
+ * Built-in modules:
+ * - session: Cross-event behavioral analysis using SessionTracker
+ *
+ * Reserved namespaces (planned):
+ * - embedding: Semantic similarity detection (v0.2)
+ * - protocol: MCP/transport-level inspection (v0.2)
+ * - entropy: Information-theoretic anomaly detection (v0.3)
+ * - tokenizer: Token-level analysis for smuggling detection (v0.3)
+ *
+ * @module agent-threat-rules/modules
+ */
+import type { AgentEvent } from '../types.js';
+/**
+ * Condition defined by a module (used in rule YAML).
+ *
+ * Example in YAML:
+ * ```yaml
+ * detection:
+ *   conditions:
+ *     high_frequency:
+ *       module: session
+ *       function: call_frequency
+ *       args:
+ *         tool_name: "execute_code"
+ *         window: "5m"
+ *       operator: gt
+ *       threshold: 10
+ *   condition: "high_frequency"
+ * ```
+ */
+export interface ModuleCondition {
+    /** Module name (e.g., "session", "embedding") */
+    module: string;
+    /** Function within the module to call */
+    function: string;
+    /** Arguments passed to the module function */
+    args: Record<string, unknown>;
+    /** Comparison operator for the result */
+    operator: 'gt' | 'lt' | 'eq' | 'gte' | 'lte';
+    /** Threshold value to compare against */
+    threshold: number;
+}
+/**
+ * Result returned by a module evaluation.
+ */
+export interface ModuleResult {
+    /** Whether the condition was met */
+    matched: boolean;
+    /** Numeric value produced by the module (for threshold comparison) */
+    value: number;
+    /** Human-readable description of the result */
+    description: string;
+}
+/**
+ * Interface that all ATR detection modules must implement.
+ *
+ * Modules extend ATR's detection beyond regex by providing
+ * custom evaluation logic (behavioral analysis, embedding
+ * similarity, protocol inspection, etc.).
+ */
+export interface ATRModule {
+    /** Unique module name (used in rule YAML) */
+    readonly name: string;
+    /** Human-readable description */
+    readonly description: string;
+    /** Module version */
+    readonly version: string;
+    /**
+     * List of functions this module provides.
+     * Each function can be referenced in rule conditions.
+     */
+    readonly functions: ReadonlyArray<{
+        name: string;
+        description: string;
+        args: ReadonlyArray<{
+            name: string;
+            type: 'string' | 'number' | 'boolean';
+            required: boolean;
+            description: string;
+        }>;
+    }>;
+    /**
+     * Initialize the module. Called once when the engine starts.
+     * Use for setup, connection pooling, model loading, etc.
+     */
+    initialize(): Promise<void>;
+    /**
+     * Evaluate a module condition against an agent event.
+     *
+     * @param event - The agent event being evaluated
+     * @param condition - The module condition from the rule
+     * @returns Module evaluation result
+     */
+    evaluate(event: AgentEvent, condition: ModuleCondition): Promise<ModuleResult>;
+    /**
+     * Clean up module resources. Called when the engine shuts down.
+     */
+    destroy(): Promise<void>;
+}
+/**
+ * Registry for ATR detection modules.
+ */
+export declare class ModuleRegistry {
+    private readonly modules;
+    /** Reserved module namespaces (cannot be registered by third parties) */
+    private static readonly RESERVED;
+    /**
+     * Register a detection module.
+     * @throws if module name is already registered or reserved
+     */
+    register(module: ATRModule): void;
+    /**
+     * Check if a module name is reserved by the ATR core team.
+     */
+    isReserved(name: string): boolean;
+    /**
+     * Get a registered module by name.
+     */
+    get(name: string): ATRModule | undefined;
+    /**
+     * List all registered modules.
+     */
+    list(): ReadonlyArray<{
+        name: string;
+        version: string;
+        description: string;
+    }>;
+    /**
+     * Initialize all registered modules.
+     */
+    initializeAll(): Promise<void>;
+    /**
+     * Destroy all registered modules.
+     */
+    destroyAll(): Promise<void>;
+}
+//# sourceMappingURL=index.d.ts.map

package/dist/modules/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/modules/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;GAgBG;AAEH,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AAE9C;;;;;;;;;;;;;;;;;GAiBG;AACH,MAAM,WAAW,eAAe;IAC9B,iDAAiD;IACjD,MAAM,EAAE,MAAM,CAAC;IACf,yCAAyC;IACzC,QAAQ,EAAE,MAAM,CAAC;IACjB,8CAA8C;IAC9C,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAC9B,yCAAyC;IACzC,QAAQ,EAAE,IAAI,GAAG,IAAI,GAAG,IAAI,GAAG,KAAK,GAAG,KAAK,CAAC;IAC7C,yCAAyC;IACzC,SAAS,EAAE,MAAM,CAAC;CACnB;AAED;;GAEG;AACH,MAAM,WAAW,YAAY;IAC3B,oCAAoC;IACpC,OAAO,EAAE,OAAO,CAAC;IACjB,sEAAsE;IACtE,KAAK,EAAE,MAAM,CAAC;IACd,+CAA+C;IAC/C,WAAW,EAAE,MAAM,CAAC;CACrB;AAED;;;;;;GAMG;AACH,MAAM,WAAW,SAAS;IACxB,6CAA6C;IAC7C,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IAEtB,iCAAiC;IACjC,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAC;IAE7B,qBAAqB;IACrB,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;IAEzB;;;OAGG;IACH,QAAQ,CAAC,SAAS,EAAE,aAAa,CAAC;QAChC,IAAI,EAAE,MAAM,CAAC;QACb,WAAW,EAAE,MAAM,CAAC;QACpB,IAAI,EAAE,aAAa,CAAC;YAClB,IAAI,EAAE,MAAM,CAAC;YACb,IAAI,EAAE,QAAQ,GAAG,QAAQ,GAAG,SAAS,CAAC;YACtC,QAAQ,EAAE,OAAO,CAAC;YAClB,WAAW,EAAE,MAAM,CAAC;SACrB,CAAC,CAAC;KACJ,CAAC,CAAC;IAEH;;;OAGG;IACH,UAAU,IAAI,OAAO,CAAC,IAAI,CAAC,CAAC;IAE5B;;;;;;OAMG;IACH,QAAQ,CAAC,KAAK,EAAE,UAAU,EAAE,SAAS,EAAE,eAAe,GAAG,OAAO,CAAC,YAAY,CAAC,CAAC;IAE/E;;OAEG;IACH,OAAO,IAAI,OAAO,CAAC,IAAI,CAAC,CAAC;CAC1B;AAED;;GAEG;AACH,qBAAa,cAAc;IACzB,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAgC;IAExD,yEAAyE;IACzE,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,QAAQ,CAM7B;IAEH;;;OAGG;IACH,QAAQ,CAAC,MAAM,EAAE,SAAS,GAAG,IAAI;IAOjC;;OAEG;IACH,UAAU,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO;IAIjC;;OAEG;IACH,GAAG,CAAC,IAAI,EAAE,MAAM,GAAG,SAAS,GAAG,SAAS;IAIxC;;OAEG;IACH,IAAI,IAAI,aAAa,CAAC;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,OAAO,EAAE,MAAM,CAAC;QAAC,WAAW,EAAE,MAAM,CAAA;KAAE,CAAC;IAQ7E;;OAEG;IACG,aAAa,IAAI,OAAO,CAAC,IAAI,CAAC;IAMpC;;OAEG;IACG,UAAU,IAAI,OAAO,CAAC,IAAI,CAAC;CAKlC"}

package/dist/modules/index.js

@@ -0,0 +1,80 @@
+/**
+ * ATR Module System
+ *
+ * Extensible detection modules beyond regex pattern matching.
+ * Inspired by YARA modules, adapted for AI agent threat detection.
+ *
+ * Built-in modules:
+ * - session: Cross-event behavioral analysis using SessionTracker
+ *
+ * Reserved namespaces (planned):
+ * - embedding: Semantic similarity detection (v0.2)
+ * - protocol: MCP/transport-level inspection (v0.2)
+ * - entropy: Information-theoretic anomaly detection (v0.3)
+ * - tokenizer: Token-level analysis for smuggling detection (v0.3)
+ *
+ * @module agent-threat-rules/modules
+ */
+/**
+ * Registry for ATR detection modules.
+ */
+export class ModuleRegistry {
+    modules = new Map();
+    /** Reserved module namespaces (cannot be registered by third parties) */
+    static RESERVED = new Set([
+        'session',
+        'embedding',
+        'protocol',
+        'entropy',
+        'tokenizer',
+    ]);
+    /**
+     * Register a detection module.
+     * @throws if module name is already registered or reserved
+     */
+    register(module) {
+        if (this.modules.has(module.name)) {
+            throw new Error(`Module "${module.name}" is already registered`);
+        }
+        this.modules.set(module.name, module);
+    }
+    /**
+     * Check if a module name is reserved by the ATR core team.
+     */
+    isReserved(name) {
+        return ModuleRegistry.RESERVED.has(name);
+    }
+    /**
+     * Get a registered module by name.
+     */
+    get(name) {
+        return this.modules.get(name);
+    }
+    /**
+     * List all registered modules.
+     */
+    list() {
+        return Array.from(this.modules.values()).map(m => ({
+            name: m.name,
+            version: m.version,
+            description: m.description,
+        }));
+    }
+    /**
+     * Initialize all registered modules.
+     */
+    async initializeAll() {
+        for (const module of this.modules.values()) {
+            await module.initialize();
+        }
+    }
+    /**
+     * Destroy all registered modules.
+     */
+    async destroyAll() {
+        for (const module of this.modules.values()) {
+            await module.destroy();
+        }
+    }
+}
+//# sourceMappingURL=index.js.map

package/dist/modules/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/modules/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;GAgBG;AAoGH;;GAEG;AACH,MAAM,OAAO,cAAc;IACR,OAAO,GAAG,IAAI,GAAG,EAAqB,CAAC;IAExD,yEAAyE;IACjE,MAAM,CAAU,QAAQ,GAAG,IAAI,GAAG,CAAC;QACzC,SAAS;QACT,WAAW;QACX,UAAU;QACV,SAAS;QACT,WAAW;KACZ,CAAC,CAAC;IAEH;;;OAGG;IACH,QAAQ,CAAC,MAAiB;QACxB,IAAI,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC;YAClC,MAAM,IAAI,KAAK,CAAC,WAAW,MAAM,CAAC,IAAI,yBAAyB,CAAC,CAAC;QACnE,CAAC;QACD,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC;IACxC,CAAC;IAED;;OAEG;IACH,UAAU,CAAC,IAAY;QACrB,OAAO,cAAc,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;IAC3C,CAAC;IAED;;OAEG;IACH,GAAG,CAAC,IAAY;QACd,OAAO,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;IAChC,CAAC;IAED;;OAEG;IACH,IAAI;QACF,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;YACjD,IAAI,EAAE,CAAC,CAAC,IAAI;YACZ,OAAO,EAAE,CAAC,CAAC,OAAO;YAClB,WAAW,EAAE,CAAC,CAAC,WAAW;SAC3B,CAAC,CAAC,CAAC;IACN,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,aAAa;QACjB,KAAK,MAAM,MAAM,IAAI,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC;YAC3C,MAAM,MAAM,CAAC,UAAU,EAAE,CAAC;QAC5B,CAAC;IACH,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,UAAU;QACd,KAAK,MAAM,MAAM,IAAI,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC;YAC3C,MAAM,MAAM,CAAC,OAAO,EAAE,CAAC;QACzB,CAAC;IACH,CAAC"}

package/dist/modules/session.d.ts

@@ -0,0 +1,70 @@
+/**
+ * ATR Session Module - Built-in behavioral detection module
+ *
+ * Provides cross-event analysis using SessionTracker.
+ * This is the reference implementation for ATR modules.
+ *
+ * Functions:
+ * - call_frequency: Count tool calls within a time window
+ * - pattern_frequency: Count pattern occurrences within a window
+ * - event_count: Total events in a session within a window
+ * - session_age: Time since first event in session (seconds)
+ *
+ * @module agent-threat-rules/modules/session
+ */
+import type { AgentEvent } from '../types.js';
+import { SessionTracker } from '../session-tracker.js';
+import type { ATRModule, ModuleCondition, ModuleResult } from './index.js';
+export declare class SessionModule implements ATRModule {
+    readonly name = "session";
+    readonly description = "Cross-event behavioral analysis using session state tracking";
+    readonly version = "0.1.0";
+    readonly functions: readonly [{
+        readonly name: "call_frequency";
+        readonly description: "Count how many times a specific tool was called within a time window";
+        readonly args: readonly [{
+            readonly name: "tool_name";
+            readonly type: "string";
+            readonly required: true;
+            readonly description: "Tool name to count";
+        }, {
+            readonly name: "window";
+            readonly type: "string";
+            readonly required: false;
+            readonly description: "Time window (e.g., \"5m\", \"1h\"). Default: 5m";
+        }];
+    }, {
+        readonly name: "pattern_frequency";
+        readonly description: "Count how many times a pattern was matched within a time window";
+        readonly args: readonly [{
+            readonly name: "pattern";
+            readonly type: "string";
+            readonly required: true;
+            readonly description: "Pattern string to count";
+        }, {
+            readonly name: "window";
+            readonly type: "string";
+            readonly required: false;
+            readonly description: "Time window. Default: 5m";
+        }];
+    }, {
+        readonly name: "event_count";
+        readonly description: "Total number of events in the current session within a time window";
+        readonly args: readonly [{
+            readonly name: "window";
+            readonly type: "string";
+            readonly required: false;
+            readonly description: "Time window. Default: 5m";
+        }];
+    }, {
+        readonly name: "session_age";
+        readonly description: "Time in seconds since the first event in this session";
+        readonly args: readonly [];
+    }];
+    private tracker;
+    constructor(tracker?: SessionTracker);
+    initialize(): Promise<void>;
+    evaluate(event: AgentEvent, condition: ModuleCondition): Promise<ModuleResult>;
+    destroy(): Promise<void>;
+}
+//# sourceMappingURL=session.d.ts.map

package/dist/modules/session.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"session.d.ts","sourceRoot":"","sources":["../../src/modules/session.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AAEH,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AAC9C,OAAO,EAAE,cAAc,EAAE,MAAM,uBAAuB,CAAC;AACvD,OAAO,KAAK,EAAE,SAAS,EAAE,eAAe,EAAE,YAAY,EAAE,MAAM,YAAY,CAAC;AAE3E,qBAAa,aAAc,YAAW,SAAS;IAC7C,QAAQ,CAAC,IAAI,aAAa;IAC1B,QAAQ,CAAC,WAAW,kEAAkE;IACtF,QAAQ,CAAC,OAAO,WAAW;IAE3B,QAAQ,CAAC,SAAS;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;OA6BP;IAEX,OAAO,CAAC,OAAO,CAAiB;gBAEpB,OAAO,CAAC,EAAE,cAAc;IAI9B,UAAU,IAAI,OAAO,CAAC,IAAI,CAAC;IAI3B,QAAQ,CAAC,KAAK,EAAE,UAAU,EAAE,SAAS,EAAE,eAAe,GAAG,OAAO,CAAC,YAAY,CAAC;IAqD9E,OAAO,IAAI,OAAO,CAAC,IAAI,CAAC;CAG/B"}

package/dist/modules/session.js

@@ -0,0 +1,128 @@
+/**
+ * ATR Session Module - Built-in behavioral detection module
+ *
+ * Provides cross-event analysis using SessionTracker.
+ * This is the reference implementation for ATR modules.
+ *
+ * Functions:
+ * - call_frequency: Count tool calls within a time window
+ * - pattern_frequency: Count pattern occurrences within a window
+ * - event_count: Total events in a session within a window
+ * - session_age: Time since first event in session (seconds)
+ *
+ * @module agent-threat-rules/modules/session
+ */
+import { SessionTracker } from '../session-tracker.js';
+export class SessionModule {
+    name = 'session';
+    description = 'Cross-event behavioral analysis using session state tracking';
+    version = '0.1.0';
+    functions = [
+        {
+            name: 'call_frequency',
+            description: 'Count how many times a specific tool was called within a time window',
+            args: [
+                { name: 'tool_name', type: 'string', required: true, description: 'Tool name to count' },
+                { name: 'window', type: 'string', required: false, description: 'Time window (e.g., "5m", "1h"). Default: 5m' },
+            ],
+        },
+        {
+            name: 'pattern_frequency',
+            description: 'Count how many times a pattern was matched within a time window',
+            args: [
+                { name: 'pattern', type: 'string', required: true, description: 'Pattern string to count' },
+                { name: 'window', type: 'string', required: false, description: 'Time window. Default: 5m' },
+            ],
+        },
+        {
+            name: 'event_count',
+            description: 'Total number of events in the current session within a time window',
+            args: [
+                { name: 'window', type: 'string', required: false, description: 'Time window. Default: 5m' },
+            ],
+        },
+        {
+            name: 'session_age',
+            description: 'Time in seconds since the first event in this session',
+            args: [],
+        },
+    ];
+    tracker;
+    constructor(tracker) {
+        this.tracker = tracker ?? new SessionTracker();
+    }
+    async initialize() {
+        // SessionTracker is ready immediately, no async setup needed
+    }
+    async evaluate(event, condition) {
+        const sessionId = event.sessionId ?? 'default';
+        const fn = condition.function;
+        const args = condition.args;
+        let value = 0;
+        let description = '';
+        switch (fn) {
+            case 'call_frequency': {
+                const toolName = String(args['tool_name'] ?? '');
+                const window = String(args['window'] ?? '5m');
+                const windowMs = parseWindow(window);
+                value = this.tracker.getCallFrequency(sessionId, toolName, windowMs);
+                description = `Tool "${toolName}" called ${value} times in ${window}`;
+                break;
+            }
+            case 'pattern_frequency': {
+                const pattern = String(args['pattern'] ?? '');
+                const window = String(args['window'] ?? '5m');
+                const windowMs = parseWindow(window);
+                value = this.tracker.getPatternFrequency(sessionId, pattern, windowMs);
+                description = `Pattern "${pattern}" seen ${value} times in ${window}`;
+                break;
+            }
+            case 'event_count': {
+                const window = String(args['window'] ?? '5m');
+                const windowMs = parseWindow(window);
+                value = this.tracker.getEventCount(sessionId, windowMs);
+                description = `${value} events in session within ${window}`;
+                break;
+            }
+            case 'session_age': {
+                const snapshot = this.tracker.getSessionSnapshot(sessionId);
+                if (snapshot && snapshot.oldestEventTimestamp) {
+                    value = Math.floor((Date.now() - snapshot.oldestEventTimestamp) / 1000);
+                }
+                description = `Session age: ${value} seconds`;
+                break;
+            }
+            default:
+                return { matched: false, value: 0, description: `Unknown function: ${fn}` };
+        }
+        const matched = compare(value, condition.operator, condition.threshold);
+        return { matched, value, description };
+    }
+    async destroy() {
+        // No cleanup needed
+    }
+}
+function compare(value, operator, threshold) {
+    switch (operator) {
+        case 'gt': return value > threshold;
+        case 'lt': return value < threshold;
+        case 'eq': return value === threshold;
+        case 'gte': return value >= threshold;
+        case 'lte': return value <= threshold;
+        default: return false;
+    }
+}
+function parseWindow(window) {
+    const match = window.match(/^(\d+)(s|m|h)$/);
+    if (!match)
+        return 300_000; // default 5m
+    const [, num, unit] = match;
+    const n = parseInt(num, 10);
+    switch (unit) {
+        case 's': return n * 1000;
+        case 'm': return n * 60_000;
+        case 'h': return n * 3_600_000;
+        default: return 300_000;
+    }
+}
+//# sourceMappingURL=session.js.map

package/dist/modules/session.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"session.js","sourceRoot":"","sources":["../../src/modules/session.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AAGH,OAAO,EAAE,cAAc,EAAE,MAAM,uBAAuB,CAAC;AAGvD,MAAM,OAAO,aAAa;IACf,IAAI,GAAG,SAAS,CAAC;IACjB,WAAW,GAAG,8DAA8D,CAAC;IAC7E,OAAO,GAAG,OAAO,CAAC;IAElB,SAAS,GAAG;QACnB;YACE,IAAI,EAAE,gBAAgB;YACtB,WAAW,EAAE,sEAAsE;YACnF,IAAI,EAAE;gBACJ,EAAE,IAAI,EAAE,WAAW,EAAE,IAAI,EAAE,QAAiB,EAAE,QAAQ,EAAE,IAAI,EAAE,WAAW,EAAE,oBAAoB,EAAE;gBACjG,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,EAAE,QAAiB,EAAE,QAAQ,EAAE,KAAK,EAAE,WAAW,EAAE,6CAA6C,EAAE;aACzH;SACF;QACD;YACE,IAAI,EAAE,mBAAmB;YACzB,WAAW,EAAE,iEAAiE;YAC9E,IAAI,EAAE;gBACJ,EAAE,IAAI,EAAE,SAAS,EAAE,IAAI,EAAE,QAAiB,EAAE,QAAQ,EAAE,IAAI,EAAE,WAAW,EAAE,yBAAyB,EAAE;gBACpG,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,EAAE,QAAiB,EAAE,QAAQ,EAAE,KAAK,EAAE,WAAW,EAAE,0BAA0B,EAAE;aACtG;SACF;QACD;YACE,IAAI,EAAE,aAAa;YACnB,WAAW,EAAE,oEAAoE;YACjF,IAAI,EAAE;gBACJ,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,EAAE,QAAiB,EAAE,QAAQ,EAAE,KAAK,EAAE,WAAW,EAAE,0BAA0B,EAAE;aACtG;SACF;QACD;YACE,IAAI,EAAE,aAAa;YACnB,WAAW,EAAE,uDAAuD;YACpE,IAAI,EAAE,EAAE;SACT;KACO,CAAC;IAEH,OAAO,CAAiB;IAEhC,YAAY,OAAwB;QAClC,IAAI,CAAC,OAAO,GAAG,OAAO,IAAI,IAAI,cAAc,EAAE,CAAC;IACjD,CAAC;IAED,KAAK,CAAC,UAAU;QACd,6DAA6D;IAC/D,CAAC;IAED,KAAK,CAAC,QAAQ,CAAC,KAAiB,EAAE,SAA0B;QAC1D,MAAM,SAAS,GAAG,KAAK,CAAC,SAAS,IAAI,SAAS,CAAC;QAC/C,MAAM,EAAE,GAAG,SAAS,CAAC,QAAQ,CAAC;QAC9B,MAAM,IAAI,GAAG,SAAS,CAAC,IAAI,CAAC;QAE5B,IAAI,KAAK,GAAG,CAAC,CAAC;QACd,IAAI,WAAW,GAAG,EAAE,CAAC;QAErB,QAAQ,EAAE,EAAE,CAAC;YACX,KAAK,gBAAgB,CAAC,CAAC,CAAC;gBACtB,MAAM,QAAQ,GAAG,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,IAAI,EAAE,CAAC,CAAC;gBACjD,MAAM,MAAM,GAAG,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,IAAI,CAAC,CAAC;gBAC9C,MAAM,QAAQ,GAAG,WAAW,CAAC,MAAM,CAAC,CAAC;gBACrC,KAAK,GAAG,IAAI,CAAC,OAAO,CAAC,gBAAgB,CAAC,SAAS,EAAE,QAAQ,EAAE,QAAQ,CAAC,CAAC;gBACrE,WAAW,GAAG,SAAS,QAAQ,YAAY,KAAK,aAAa,MAAM,EAAE,CAAC;gBACtE,MAAM;YACR,CAAC;YAED,KAAK,mBAAmB,CAAC,CAAC,CAAC;gBACzB,MAAM,OAAO,GAAG,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,EAAE,CAAC,CAAC;gBAC9C,MAAM,MAAM,GAAG,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,IAAI,CAAC,CAAC;gBAC9C,MAAM,QAAQ,GAAG,WAAW,CAAC,MAAM,CAAC,CAAC;gBACrC,KAAK,GAAG,IAAI,CAAC,OAAO,CAAC,mBAAmB,CAAC,SAAS,EAAE,OAAO,EAAE,QAAQ,CAAC,CAAC;gBACvE,WAAW,GAAG,YAAY,OAAO,UAAU,KAAK,aAAa,MAAM,EAAE,CAAC;gBACtE,MAAM;YACR,CAAC;YAED,KAAK,aAAa,CAAC,CAAC,CAAC;gBACnB,MAAM,MAAM,GAAG,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,IAAI,CAAC,CAAC;gBAC9C,MAAM,QAAQ,GAAG,WAAW,CAAC,MAAM,CAAC,CAAC;gBACrC,KAAK,GAAG,IAAI,CAAC,OAAO,CAAC,aAAa,CAAC,SAAS,EAAE,QAAQ,CAAC,CAAC;gBACxD,WAAW,GAAG,GAAG,KAAK,6BAA6B,MAAM,EAAE,CAAC;gBAC5D,MAAM;YACR,CAAC;YAED,KAAK,aAAa,CAAC,CAAC,CAAC;gBACnB,MAAM,QAAQ,GAAG,IAAI,CAAC,OAAO,CAAC,kBAAkB,CAAC,SAAS,CAAC,CAAC;gBAC5D,IAAI,QAAQ,IAAI,QAAQ,CAAC,oBAAoB,EAAE,CAAC;oBAC9C,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,QAAQ,CAAC,oBAAoB,CAAC,GAAG,IAAI,CAAC,CAAC;gBAC1E,CAAC;gBACD,WAAW,GAAG,gBAAgB,KAAK,UAAU,CAAC;gBAC9C,MAAM;YACR,CAAC;YAED;gBACE,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,CAAC,EAAE,WAAW,EAAE,qBAAqB,EAAE,EAAE,EAAE,CAAC;QAChF,CAAC;QAED,MAAM,OAAO,GAAG,OAAO,CAAC,KAAK,EAAE,SAAS,CAAC,QAAQ,EAAE,SAAS,CAAC,SAAS,CAAC,CAAC;QAExE,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,WAAW,EAAE,CAAC;IACzC,CAAC;IAED,KAAK,CAAC,OAAO;QACX,oBAAoB;IACtB,CAAC;CACF;AAED,SAAS,OAAO,CAAC,KAAa,EAAE,QAAgB,EAAE,SAAiB;IACjE,QAAQ,QAAQ,EAAE,CAAC;QACjB,KAAK,IAAI,CAAC,CAAC,OAAO,KAAK,GAAG,SAAS,CAAC;QACpC,KAAK,IAAI,CAAC,CAAC,OAAO,KAAK,GAAG,SAAS,CAAC;QACpC,KAAK,IAAI,CAAC,CAAC,OAAO,KAAK,KAAK,SAAS,CAAC;QACtC,KAAK,KAAK,CAAC,CAAC,OAAO,KAAK,IAAI,SAAS,CAAC;QACtC,KAAK,KAAK,CAAC,CAAC,OAAO,KAAK,IAAI,SAAS,CAAC;QACtC,OAAO,CAAC,CAAC,OAAO,KAAK,CAAC;IACxB,CAAC;AACH,CAAC;AAED,SAAS,WAAW,CAAC,MAAc;IACjC,MAAM,KAAK,GAAG,MAAM,CAAC,KAAK,CAAC,gBAAgB,CAAC,CAAC;IAC7C,IAAI,CAAC,KAAK;QAAE,OAAO,OAAO,CAAC,CAAC,aAAa;IACzC,MAAM,CAAC,EAAE,GAAG,EAAE,IAAI,CAAC,GAAG,KAAK,CAAC;IAC5B,MAAM,CAAC,GAAG,QAAQ,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC;IAC5B,QAAQ,IAAI,EAAE,CAAC;QACb,KAAK,GAAG,CAAC,CAAC,OAAO,CAAC,GAAG,IAAI,CAAC;QAC1B,KAAK,GAAG,CAAC,CAAC,OAAO,CAAC,GAAG,MAAM,CAAC;QAC5B,KAAK,GAAG,CAAC,CAAC,OAAO,CAAC,GAAG,SAAS,CAAC;QAC/B,OAAO,CAAC,CAAC,OAAO,OAAO,CAAC;IAC1B,CAAC;AACH,CAAC"}