npm - agentic-qe - Versions diffs - 2.8.0 → 2.8.2 - Mend

agentic-qe 2.8.0 → 2.8.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (226) hide show

package/dist/infrastructure/sandbox/profiles/agent-profiles.js ADDED Viewed

@@ -0,0 +1,433 @@
+"use strict";
+/**
+ * Agent Resource Profiles for Docker Sandboxing
+ *
+ * Defines resource limits and network policies for each QE agent type.
+ * Profiles are designed for security (minimal access) and stability (OOM prevention).
+ *
+ * @module infrastructure/sandbox/profiles/agent-profiles
+ * @see Issue #146 - Security Hardening: Docker Sandboxing
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.AGENT_PROFILES = void 0;
+exports.getAgentProfile = getAgentProfile;
+exports.getAgentSandboxConfig = getAgentSandboxConfig;
+exports.listAgentProfiles = listAgentProfiles;
+exports.validateConfigAgainstProfile = validateConfigAgainstProfile;
+/**
+ * Resource profiles for all QE agents
+ *
+ * Each profile is tuned for the specific agent's requirements:
+ * - CPU: Based on computational needs
+ * - Memory: Based on data processing requirements
+ * - Network: Minimal domains required for operation
+ */
+exports.AGENT_PROFILES = {
+    // ============================================
+    // Core QE Agents
+    // ============================================
+    'qe-test-generator': {
+        description: 'AI-powered test generation with multi-framework support',
+        riskLevel: 'medium',
+        requiresNetwork: true,
+        config: {
+            cpuLimit: 2,
+            memoryLimit: '2g',
+            memorySwapLimit: '2g',
+            diskLimit: '512m',
+            networkMode: 'whitelisted',
+            allowedDomains: [
+                'api.anthropic.com',
+                'registry.npmjs.org',
+                'api.github.com',
+            ],
+            readOnlyRootFs: true,
+            user: 'node',
+        },
+    },
+    'qe-coverage-analyzer': {
+        description: 'O(log n) coverage gap detection with sublinear algorithms',
+        riskLevel: 'low',
+        requiresNetwork: true,
+        config: {
+            cpuLimit: 1,
+            memoryLimit: '1g',
+            memorySwapLimit: '1g',
+            diskLimit: '256m',
+            networkMode: 'whitelisted',
+            allowedDomains: ['api.anthropic.com'],
+            readOnlyRootFs: true,
+            user: 'node',
+        },
+    },
+    'qe-security-scanner': {
+        description: 'Multi-layer security analysis (SAST, DAST, dependencies)',
+        riskLevel: 'high',
+        requiresNetwork: true,
+        config: {
+            cpuLimit: 2,
+            memoryLimit: '4g',
+            memorySwapLimit: '4g',
+            diskLimit: '1g',
+            networkMode: 'whitelisted',
+            allowedDomains: [
+                'api.anthropic.com',
+                'nvd.nist.gov',
+                'cve.mitre.org',
+                'osv.dev',
+                'api.github.com',
+            ],
+            readOnlyRootFs: true,
+            user: 'node',
+        },
+    },
+    'qe-performance-tester': {
+        description: 'Load testing and performance profiling',
+        riskLevel: 'medium',
+        requiresNetwork: true,
+        config: {
+            cpuLimit: 4,
+            memoryLimit: '4g',
+            memorySwapLimit: '4g',
+            diskLimit: '1g',
+            networkMode: 'whitelisted',
+            allowedDomains: ['api.anthropic.com'],
+            readOnlyRootFs: true,
+            user: 'node',
+        },
+    },
+    'qe-flaky-test-hunter': {
+        description: 'Detects, analyzes, and stabilizes flaky tests',
+        riskLevel: 'low',
+        requiresNetwork: true,
+        config: {
+            cpuLimit: 2,
+            memoryLimit: '2g',
+            memorySwapLimit: '2g',
+            diskLimit: '512m',
+            networkMode: 'whitelisted',
+            allowedDomains: ['api.anthropic.com'],
+            readOnlyRootFs: true,
+            user: 'node',
+        },
+    },
+    'qe-api-contract-validator': {
+        description: 'Validates API contracts and detects breaking changes',
+        riskLevel: 'low',
+        requiresNetwork: true,
+        config: {
+            cpuLimit: 1,
+            memoryLimit: '1g',
+            memorySwapLimit: '1g',
+            diskLimit: '256m',
+            networkMode: 'whitelisted',
+            allowedDomains: ['api.anthropic.com'],
+            readOnlyRootFs: true,
+            user: 'node',
+        },
+    },
+    'qe-visual-tester': {
+        description: 'Visual regression testing with AI-powered comparison',
+        riskLevel: 'medium',
+        requiresNetwork: true,
+        config: {
+            cpuLimit: 2,
+            memoryLimit: '4g',
+            memorySwapLimit: '4g',
+            diskLimit: '2g',
+            networkMode: 'whitelisted',
+            allowedDomains: ['api.anthropic.com'],
+            readOnlyRootFs: true,
+            user: 'node',
+        },
+    },
+    'qe-code-intelligence': {
+        description: 'Knowledge graph-based code understanding',
+        riskLevel: 'low',
+        requiresNetwork: true,
+        config: {
+            cpuLimit: 2,
+            memoryLimit: '2g',
+            memorySwapLimit: '2g',
+            diskLimit: '1g',
+            networkMode: 'whitelisted',
+            allowedDomains: ['api.anthropic.com', 'localhost'],
+            readOnlyRootFs: true,
+            user: 'node',
+        },
+    },
+    'qe-quality-analyzer': {
+        description: 'Comprehensive quality metrics analysis',
+        riskLevel: 'low',
+        requiresNetwork: true,
+        config: {
+            cpuLimit: 1,
+            memoryLimit: '1g',
+            memorySwapLimit: '1g',
+            diskLimit: '256m',
+            networkMode: 'whitelisted',
+            allowedDomains: ['api.anthropic.com'],
+            readOnlyRootFs: true,
+            user: 'node',
+        },
+    },
+    'qe-a11y-ally': {
+        description: 'Accessibility testing and WCAG compliance',
+        riskLevel: 'low',
+        requiresNetwork: true,
+        config: {
+            cpuLimit: 1,
+            memoryLimit: '1g',
+            memorySwapLimit: '1g',
+            diskLimit: '256m',
+            networkMode: 'whitelisted',
+            allowedDomains: ['api.anthropic.com'],
+            readOnlyRootFs: true,
+            user: 'node',
+        },
+    },
+    'qe-chaos-engineer': {
+        description: 'Resilience testing with controlled fault injection',
+        riskLevel: 'high',
+        requiresNetwork: true,
+        config: {
+            cpuLimit: 2,
+            memoryLimit: '2g',
+            memorySwapLimit: '2g',
+            diskLimit: '512m',
+            networkMode: 'whitelisted',
+            allowedDomains: ['api.anthropic.com'],
+            readOnlyRootFs: true,
+            user: 'node',
+        },
+    },
+    'qe-deployment-readiness': {
+        description: 'Deployment risk assessment and quality gates',
+        riskLevel: 'low',
+        requiresNetwork: true,
+        config: {
+            cpuLimit: 1,
+            memoryLimit: '1g',
+            memorySwapLimit: '1g',
+            diskLimit: '256m',
+            networkMode: 'whitelisted',
+            allowedDomains: ['api.anthropic.com'],
+            readOnlyRootFs: true,
+            user: 'node',
+        },
+    },
+    'qe-production-intelligence': {
+        description: 'Converts production data into test scenarios',
+        riskLevel: 'medium',
+        requiresNetwork: true,
+        config: {
+            cpuLimit: 2,
+            memoryLimit: '2g',
+            memorySwapLimit: '2g',
+            diskLimit: '512m',
+            networkMode: 'whitelisted',
+            allowedDomains: ['api.anthropic.com'],
+            readOnlyRootFs: true,
+            user: 'node',
+        },
+    },
+    'qx-partner': {
+        description: 'Quality Experience analysis combining QA and UX perspectives',
+        riskLevel: 'low',
+        requiresNetwork: true,
+        config: {
+            cpuLimit: 1,
+            memoryLimit: '1g',
+            memorySwapLimit: '1g',
+            diskLimit: '256m',
+            networkMode: 'whitelisted',
+            allowedDomains: ['api.anthropic.com'],
+            readOnlyRootFs: true,
+            user: 'node',
+        },
+    },
+    // ============================================
+    // TDD Subagents
+    // ============================================
+    'qe-test-writer': {
+        description: 'TDD RED phase - writes failing tests',
+        riskLevel: 'low',
+        requiresNetwork: true,
+        config: {
+            cpuLimit: 1,
+            memoryLimit: '1g',
+            memorySwapLimit: '1g',
+            diskLimit: '256m',
+            networkMode: 'whitelisted',
+            allowedDomains: ['api.anthropic.com'],
+            readOnlyRootFs: true,
+            user: 'node',
+        },
+    },
+    'qe-test-implementer': {
+        description: 'TDD GREEN phase - implements minimal code',
+        riskLevel: 'low',
+        requiresNetwork: true,
+        config: {
+            cpuLimit: 1,
+            memoryLimit: '1g',
+            memorySwapLimit: '1g',
+            diskLimit: '256m',
+            networkMode: 'whitelisted',
+            allowedDomains: ['api.anthropic.com'],
+            readOnlyRootFs: true,
+            user: 'node',
+        },
+    },
+    'qe-test-refactorer': {
+        description: 'TDD REFACTOR phase - improves code quality',
+        riskLevel: 'low',
+        requiresNetwork: true,
+        config: {
+            cpuLimit: 1,
+            memoryLimit: '1g',
+            memorySwapLimit: '1g',
+            diskLimit: '256m',
+            networkMode: 'whitelisted',
+            allowedDomains: ['api.anthropic.com'],
+            readOnlyRootFs: true,
+            user: 'node',
+        },
+    },
+    'qe-code-reviewer': {
+        description: 'Enforces quality standards, linting, and security',
+        riskLevel: 'low',
+        requiresNetwork: true,
+        config: {
+            cpuLimit: 1,
+            memoryLimit: '1g',
+            memorySwapLimit: '1g',
+            diskLimit: '256m',
+            networkMode: 'whitelisted',
+            allowedDomains: ['api.anthropic.com'],
+            readOnlyRootFs: true,
+            user: 'node',
+        },
+    },
+    'qe-integration-tester': {
+        description: 'Validates component interactions',
+        riskLevel: 'medium',
+        requiresNetwork: true,
+        config: {
+            cpuLimit: 2,
+            memoryLimit: '2g',
+            memorySwapLimit: '2g',
+            diskLimit: '512m',
+            networkMode: 'whitelisted',
+            allowedDomains: ['api.anthropic.com'],
+            readOnlyRootFs: true,
+            user: 'node',
+        },
+    },
+    // ============================================
+    // n8n Workflow Testing Agents
+    // ============================================
+    'n8n-workflow-executor': {
+        description: 'Execute and validate n8n workflows',
+        riskLevel: 'medium',
+        requiresNetwork: true,
+        config: {
+            cpuLimit: 2,
+            memoryLimit: '2g',
+            memorySwapLimit: '2g',
+            diskLimit: '512m',
+            networkMode: 'whitelisted',
+            allowedDomains: ['api.anthropic.com', 'localhost'],
+            readOnlyRootFs: true,
+            user: 'node',
+        },
+    },
+    'n8n-security-auditor': {
+        description: 'Security vulnerability scanning for n8n workflows',
+        riskLevel: 'high',
+        requiresNetwork: true,
+        config: {
+            cpuLimit: 2,
+            memoryLimit: '2g',
+            memorySwapLimit: '2g',
+            diskLimit: '512m',
+            networkMode: 'whitelisted',
+            allowedDomains: ['api.anthropic.com'],
+            readOnlyRootFs: true,
+            user: 'node',
+        },
+    },
+    'n8n-chaos-tester': {
+        description: 'Chaos engineering for n8n workflows',
+        riskLevel: 'high',
+        requiresNetwork: true,
+        config: {
+            cpuLimit: 2,
+            memoryLimit: '2g',
+            memorySwapLimit: '2g',
+            diskLimit: '512m',
+            networkMode: 'whitelisted',
+            allowedDomains: ['api.anthropic.com'],
+            readOnlyRootFs: true,
+            user: 'node',
+        },
+    },
+    // ============================================
+    // Default Profile
+    // ============================================
+    default: {
+        description: 'Default profile for unknown agent types',
+        riskLevel: 'low',
+        requiresNetwork: true,
+        config: {
+            cpuLimit: 1,
+            memoryLimit: '512m',
+            memorySwapLimit: '512m',
+            diskLimit: '128m',
+            networkMode: 'isolated',
+            readOnlyRootFs: true,
+            user: 'node',
+        },
+    },
+};
+/**
+ * Get profile for an agent type
+ * Falls back to default if not found
+ */
+function getAgentProfile(agentType) {
+    return exports.AGENT_PROFILES[agentType] || exports.AGENT_PROFILES['default'];
+}
+/**
+ * Get sandbox config for an agent type
+ */
+function getAgentSandboxConfig(agentType) {
+    return getAgentProfile(agentType).config;
+}
+/**
+ * List all available agent profiles
+ */
+function listAgentProfiles() {
+    return Object.keys(exports.AGENT_PROFILES).filter((k) => k !== 'default');
+}
+/**
+ * Validate that a custom config doesn't exceed profile limits
+ */
+function validateConfigAgainstProfile(agentType, config) {
+    const profile = getAgentProfile(agentType);
+    const violations = [];
+    if (config.cpuLimit && config.cpuLimit > profile.config.cpuLimit) {
+        violations.push(`CPU limit ${config.cpuLimit} exceeds profile maximum ${profile.config.cpuLimit}`);
+    }
+    // Note: Memory comparison would need parsing - simplified here
+    if (config.networkMode === 'host' && profile.config.networkMode !== 'host') {
+        violations.push('Host network mode not allowed for this agent type');
+    }
+    if (config.readOnlyRootFs === false && profile.config.readOnlyRootFs) {
+        violations.push('Read-only root filesystem is required for this agent type');
+    }
+    return {
+        valid: violations.length === 0,
+        violations,
+    };
+}
+//# sourceMappingURL=agent-profiles.js.map

package/dist/infrastructure/sandbox/profiles/agent-profiles.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"agent-profiles.js","sourceRoot":"","sources":["../../../../src/infrastructure/sandbox/profiles/agent-profiles.ts"],"names":[],"mappings":";AAAA;;;;;;;;GAQG;;;AA4aH,0CAEC;AAKD,sDAEC;AAKD,8CAEC;AAKD,oEA0BC;AAtcD;;;;;;;GAOG;AACU,QAAA,cAAc,GAAiC;IAC1D,+CAA+C;IAC/C,iBAAiB;IACjB,+CAA+C;IAE/C,mBAAmB,EAAE;QACnB,WAAW,EAAE,yDAAyD;QACtE,SAAS,EAAE,QAAQ;QACnB,eAAe,EAAE,IAAI;QACrB,MAAM,EAAE;YACN,QAAQ,EAAE,CAAC;YACX,WAAW,EAAE,IAAI;YACjB,eAAe,EAAE,IAAI;YACrB,SAAS,EAAE,MAAM;YACjB,WAAW,EAAE,aAAa;YAC1B,cAAc,EAAE;gBACd,mBAAmB;gBACnB,oBAAoB;gBACpB,gBAAgB;aACjB;YACD,cAAc,EAAE,IAAI;YACpB,IAAI,EAAE,MAAM;SACb;KACF;IAED,sBAAsB,EAAE;QACtB,WAAW,EAAE,2DAA2D;QACxE,SAAS,EAAE,KAAK;QAChB,eAAe,EAAE,IAAI;QACrB,MAAM,EAAE;YACN,QAAQ,EAAE,CAAC;YACX,WAAW,EAAE,IAAI;YACjB,eAAe,EAAE,IAAI;YACrB,SAAS,EAAE,MAAM;YACjB,WAAW,EAAE,aAAa;YAC1B,cAAc,EAAE,CAAC,mBAAmB,CAAC;YACrC,cAAc,EAAE,IAAI;YACpB,IAAI,EAAE,MAAM;SACb;KACF;IAED,qBAAqB,EAAE;QACrB,WAAW,EAAE,0DAA0D;QACvE,SAAS,EAAE,MAAM;QACjB,eAAe,EAAE,IAAI;QACrB,MAAM,EAAE;YACN,QAAQ,EAAE,CAAC;YACX,WAAW,EAAE,IAAI;YACjB,eAAe,EAAE,IAAI;YACrB,SAAS,EAAE,IAAI;YACf,WAAW,EAAE,aAAa;YAC1B,cAAc,EAAE;gBACd,mBAAmB;gBACnB,cAAc;gBACd,eAAe;gBACf,SAAS;gBACT,gBAAgB;aACjB;YACD,cAAc,EAAE,IAAI;YACpB,IAAI,EAAE,MAAM;SACb;KACF;IAED,uBAAuB,EAAE;QACvB,WAAW,EAAE,wCAAwC;QACrD,SAAS,EAAE,QAAQ;QACnB,eAAe,EAAE,IAAI;QACrB,MAAM,EAAE;YACN,QAAQ,EAAE,CAAC;YACX,WAAW,EAAE,IAAI;YACjB,eAAe,EAAE,IAAI;YACrB,SAAS,EAAE,IAAI;YACf,WAAW,EAAE,aAAa;YAC1B,cAAc,EAAE,CAAC,mBAAmB,CAAC;YACrC,cAAc,EAAE,IAAI;YACpB,IAAI,EAAE,MAAM;SACb;KACF;IAED,sBAAsB,EAAE;QACtB,WAAW,EAAE,+CAA+C;QAC5D,SAAS,EAAE,KAAK;QAChB,eAAe,EAAE,IAAI;QACrB,MAAM,EAAE;YACN,QAAQ,EAAE,CAAC;YACX,WAAW,EAAE,IAAI;YACjB,eAAe,EAAE,IAAI;YACrB,SAAS,EAAE,MAAM;YACjB,WAAW,EAAE,aAAa;YAC1B,cAAc,EAAE,CAAC,mBAAmB,CAAC;YACrC,cAAc,EAAE,IAAI;YACpB,IAAI,EAAE,MAAM;SACb;KACF;IAED,2BAA2B,EAAE;QAC3B,WAAW,EAAE,sDAAsD;QACnE,SAAS,EAAE,KAAK;QAChB,eAAe,EAAE,IAAI;QACrB,MAAM,EAAE;YACN,QAAQ,EAAE,CAAC;YACX,WAAW,EAAE,IAAI;YACjB,eAAe,EAAE,IAAI;YACrB,SAAS,EAAE,MAAM;YACjB,WAAW,EAAE,aAAa;YAC1B,cAAc,EAAE,CAAC,mBAAmB,CAAC;YACrC,cAAc,EAAE,IAAI;YACpB,IAAI,EAAE,MAAM;SACb;KACF;IAED,kBAAkB,EAAE;QAClB,WAAW,EAAE,sDAAsD;QACnE,SAAS,EAAE,QAAQ;QACnB,eAAe,EAAE,IAAI;QACrB,MAAM,EAAE;YACN,QAAQ,EAAE,CAAC;YACX,WAAW,EAAE,IAAI;YACjB,eAAe,EAAE,IAAI;YACrB,SAAS,EAAE,IAAI;YACf,WAAW,EAAE,aAAa;YAC1B,cAAc,EAAE,CAAC,mBAAmB,CAAC;YACrC,cAAc,EAAE,IAAI;YACpB,IAAI,EAAE,MAAM;SACb;KACF;IAED,sBAAsB,EAAE;QACtB,WAAW,EAAE,0CAA0C;QACvD,SAAS,EAAE,KAAK;QAChB,eAAe,EAAE,IAAI;QACrB,MAAM,EAAE;YACN,QAAQ,EAAE,CAAC;YACX,WAAW,EAAE,IAAI;YACjB,eAAe,EAAE,IAAI;YACrB,SAAS,EAAE,IAAI;YACf,WAAW,EAAE,aAAa;YAC1B,cAAc,EAAE,CAAC,mBAAmB,EAAE,WAAW,CAAC;YAClD,cAAc,EAAE,IAAI;YACpB,IAAI,EAAE,MAAM;SACb;KACF;IAED,qBAAqB,EAAE;QACrB,WAAW,EAAE,wCAAwC;QACrD,SAAS,EAAE,KAAK;QAChB,eAAe,EAAE,IAAI;QACrB,MAAM,EAAE;YACN,QAAQ,EAAE,CAAC;YACX,WAAW,EAAE,IAAI;YACjB,eAAe,EAAE,IAAI;YACrB,SAAS,EAAE,MAAM;YACjB,WAAW,EAAE,aAAa;YAC1B,cAAc,EAAE,CAAC,mBAAmB,CAAC;YACrC,cAAc,EAAE,IAAI;YACpB,IAAI,EAAE,MAAM;SACb;KACF;IAED,cAAc,EAAE;QACd,WAAW,EAAE,2CAA2C;QACxD,SAAS,EAAE,KAAK;QAChB,eAAe,EAAE,IAAI;QACrB,MAAM,EAAE;YACN,QAAQ,EAAE,CAAC;YACX,WAAW,EAAE,IAAI;YACjB,eAAe,EAAE,IAAI;YACrB,SAAS,EAAE,MAAM;YACjB,WAAW,EAAE,aAAa;YAC1B,cAAc,EAAE,CAAC,mBAAmB,CAAC;YACrC,cAAc,EAAE,IAAI;YACpB,IAAI,EAAE,MAAM;SACb;KACF;IAED,mBAAmB,EAAE;QACnB,WAAW,EAAE,oDAAoD;QACjE,SAAS,EAAE,MAAM;QACjB,eAAe,EAAE,IAAI;QACrB,MAAM,EAAE;YACN,QAAQ,EAAE,CAAC;YACX,WAAW,EAAE,IAAI;YACjB,eAAe,EAAE,IAAI;YACrB,SAAS,EAAE,MAAM;YACjB,WAAW,EAAE,aAAa;YAC1B,cAAc,EAAE,CAAC,mBAAmB,CAAC;YACrC,cAAc,EAAE,IAAI;YACpB,IAAI,EAAE,MAAM;SACb;KACF;IAED,yBAAyB,EAAE;QACzB,WAAW,EAAE,8CAA8C;QAC3D,SAAS,EAAE,KAAK;QAChB,eAAe,EAAE,IAAI;QACrB,MAAM,EAAE;YACN,QAAQ,EAAE,CAAC;YACX,WAAW,EAAE,IAAI;YACjB,eAAe,EAAE,IAAI;YACrB,SAAS,EAAE,MAAM;YACjB,WAAW,EAAE,aAAa;YAC1B,cAAc,EAAE,CAAC,mBAAmB,CAAC;YACrC,cAAc,EAAE,IAAI;YACpB,IAAI,EAAE,MAAM;SACb;KACF;IAED,4BAA4B,EAAE;QAC5B,WAAW,EAAE,8CAA8C;QAC3D,SAAS,EAAE,QAAQ;QACnB,eAAe,EAAE,IAAI;QACrB,MAAM,EAAE;YACN,QAAQ,EAAE,CAAC;YACX,WAAW,EAAE,IAAI;YACjB,eAAe,EAAE,IAAI;YACrB,SAAS,EAAE,MAAM;YACjB,WAAW,EAAE,aAAa;YAC1B,cAAc,EAAE,CAAC,mBAAmB,CAAC;YACrC,cAAc,EAAE,IAAI;YACpB,IAAI,EAAE,MAAM;SACb;KACF;IAED,YAAY,EAAE;QACZ,WAAW,EAAE,8DAA8D;QAC3E,SAAS,EAAE,KAAK;QAChB,eAAe,EAAE,IAAI;QACrB,MAAM,EAAE;YACN,QAAQ,EAAE,CAAC;YACX,WAAW,EAAE,IAAI;YACjB,eAAe,EAAE,IAAI;YACrB,SAAS,EAAE,MAAM;YACjB,WAAW,EAAE,aAAa;YAC1B,cAAc,EAAE,CAAC,mBAAmB,CAAC;YACrC,cAAc,EAAE,IAAI;YACpB,IAAI,EAAE,MAAM;SACb;KACF;IAED,+CAA+C;IAC/C,gBAAgB;IAChB,+CAA+C;IAE/C,gBAAgB,EAAE;QAChB,WAAW,EAAE,sCAAsC;QACnD,SAAS,EAAE,KAAK;QAChB,eAAe,EAAE,IAAI;QACrB,MAAM,EAAE;YACN,QAAQ,EAAE,CAAC;YACX,WAAW,EAAE,IAAI;YACjB,eAAe,EAAE,IAAI;YACrB,SAAS,EAAE,MAAM;YACjB,WAAW,EAAE,aAAa;YAC1B,cAAc,EAAE,CAAC,mBAAmB,CAAC;YACrC,cAAc,EAAE,IAAI;YACpB,IAAI,EAAE,MAAM;SACb;KACF;IAED,qBAAqB,EAAE;QACrB,WAAW,EAAE,2CAA2C;QACxD,SAAS,EAAE,KAAK;QAChB,eAAe,EAAE,IAAI;QACrB,MAAM,EAAE;YACN,QAAQ,EAAE,CAAC;YACX,WAAW,EAAE,IAAI;YACjB,eAAe,EAAE,IAAI;YACrB,SAAS,EAAE,MAAM;YACjB,WAAW,EAAE,aAAa;YAC1B,cAAc,EAAE,CAAC,mBAAmB,CAAC;YACrC,cAAc,EAAE,IAAI;YACpB,IAAI,EAAE,MAAM;SACb;KACF;IAED,oBAAoB,EAAE;QACpB,WAAW,EAAE,4CAA4C;QACzD,SAAS,EAAE,KAAK;QAChB,eAAe,EAAE,IAAI;QACrB,MAAM,EAAE;YACN,QAAQ,EAAE,CAAC;YACX,WAAW,EAAE,IAAI;YACjB,eAAe,EAAE,IAAI;YACrB,SAAS,EAAE,MAAM;YACjB,WAAW,EAAE,aAAa;YAC1B,cAAc,EAAE,CAAC,mBAAmB,CAAC;YACrC,cAAc,EAAE,IAAI;YACpB,IAAI,EAAE,MAAM;SACb;KACF;IAED,kBAAkB,EAAE;QAClB,WAAW,EAAE,mDAAmD;QAChE,SAAS,EAAE,KAAK;QAChB,eAAe,EAAE,IAAI;QACrB,MAAM,EAAE;YACN,QAAQ,EAAE,CAAC;YACX,WAAW,EAAE,IAAI;YACjB,eAAe,EAAE,IAAI;YACrB,SAAS,EAAE,MAAM;YACjB,WAAW,EAAE,aAAa;YAC1B,cAAc,EAAE,CAAC,mBAAmB,CAAC;YACrC,cAAc,EAAE,IAAI;YACpB,IAAI,EAAE,MAAM;SACb;KACF;IAED,uBAAuB,EAAE;QACvB,WAAW,EAAE,kCAAkC;QAC/C,SAAS,EAAE,QAAQ;QACnB,eAAe,EAAE,IAAI;QACrB,MAAM,EAAE;YACN,QAAQ,EAAE,CAAC;YACX,WAAW,EAAE,IAAI;YACjB,eAAe,EAAE,IAAI;YACrB,SAAS,EAAE,MAAM;YACjB,WAAW,EAAE,aAAa;YAC1B,cAAc,EAAE,CAAC,mBAAmB,CAAC;YACrC,cAAc,EAAE,IAAI;YACpB,IAAI,EAAE,MAAM;SACb;KACF;IAED,+CAA+C;IAC/C,8BAA8B;IAC9B,+CAA+C;IAE/C,uBAAuB,EAAE;QACvB,WAAW,EAAE,oCAAoC;QACjD,SAAS,EAAE,QAAQ;QACnB,eAAe,EAAE,IAAI;QACrB,MAAM,EAAE;YACN,QAAQ,EAAE,CAAC;YACX,WAAW,EAAE,IAAI;YACjB,eAAe,EAAE,IAAI;YACrB,SAAS,EAAE,MAAM;YACjB,WAAW,EAAE,aAAa;YAC1B,cAAc,EAAE,CAAC,mBAAmB,EAAE,WAAW,CAAC;YAClD,cAAc,EAAE,IAAI;YACpB,IAAI,EAAE,MAAM;SACb;KACF;IAED,sBAAsB,EAAE;QACtB,WAAW,EAAE,mDAAmD;QAChE,SAAS,EAAE,MAAM;QACjB,eAAe,EAAE,IAAI;QACrB,MAAM,EAAE;YACN,QAAQ,EAAE,CAAC;YACX,WAAW,EAAE,IAAI;YACjB,eAAe,EAAE,IAAI;YACrB,SAAS,EAAE,MAAM;YACjB,WAAW,EAAE,aAAa;YAC1B,cAAc,EAAE,CAAC,mBAAmB,CAAC;YACrC,cAAc,EAAE,IAAI;YACpB,IAAI,EAAE,MAAM;SACb;KACF;IAED,kBAAkB,EAAE;QAClB,WAAW,EAAE,qCAAqC;QAClD,SAAS,EAAE,MAAM;QACjB,eAAe,EAAE,IAAI;QACrB,MAAM,EAAE;YACN,QAAQ,EAAE,CAAC;YACX,WAAW,EAAE,IAAI;YACjB,eAAe,EAAE,IAAI;YACrB,SAAS,EAAE,MAAM;YACjB,WAAW,EAAE,aAAa;YAC1B,cAAc,EAAE,CAAC,mBAAmB,CAAC;YACrC,cAAc,EAAE,IAAI;YACpB,IAAI,EAAE,MAAM;SACb;KACF;IAED,+CAA+C;IAC/C,kBAAkB;IAClB,+CAA+C;IAE/C,OAAO,EAAE;QACP,WAAW,EAAE,yCAAyC;QACtD,SAAS,EAAE,KAAK;QAChB,eAAe,EAAE,IAAI;QACrB,MAAM,EAAE;YACN,QAAQ,EAAE,CAAC;YACX,WAAW,EAAE,MAAM;YACnB,eAAe,EAAE,MAAM;YACvB,SAAS,EAAE,MAAM;YACjB,WAAW,EAAE,UAAU;YACvB,cAAc,EAAE,IAAI;YACpB,IAAI,EAAE,MAAM;SACb;KACF;CACF,CAAC;AAEF;;;GAGG;AACH,SAAgB,eAAe,CAAC,SAAiB;IAC/C,OAAO,sBAAc,CAAC,SAAS,CAAC,IAAI,sBAAc,CAAC,SAAS,CAAC,CAAC;AAChE,CAAC;AAED;;GAEG;AACH,SAAgB,qBAAqB,CAAC,SAAiB;IACrD,OAAO,eAAe,CAAC,SAAS,CAAC,CAAC,MAAM,CAAC;AAC3C,CAAC;AAED;;GAEG;AACH,SAAgB,iBAAiB;IAC/B,OAAO,MAAM,CAAC,IAAI,CAAC,sBAAc,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,KAAK,SAAS,CAAC,CAAC;AACpE,CAAC;AAED;;GAEG;AACH,SAAgB,4BAA4B,CAC1C,SAAiB,EACjB,MAA8B;IAE9B,MAAM,OAAO,GAAG,eAAe,CAAC,SAAS,CAAC,CAAC;IAC3C,MAAM,UAAU,GAAa,EAAE,CAAC;IAEhC,IAAI,MAAM,CAAC,QAAQ,IAAI,MAAM,CAAC,QAAQ,GAAG,OAAO,CAAC,MAAM,CAAC,QAAQ,EAAE,CAAC;QACjE,UAAU,CAAC,IAAI,CACb,aAAa,MAAM,CAAC,QAAQ,4BAA4B,OAAO,CAAC,MAAM,CAAC,QAAQ,EAAE,CAClF,CAAC;IACJ,CAAC;IAED,+DAA+D;IAC/D,IAAI,MAAM,CAAC,WAAW,KAAK,MAAM,IAAI,OAAO,CAAC,MAAM,CAAC,WAAW,KAAK,MAAM,EAAE,CAAC;QAC3E,UAAU,CAAC,IAAI,CAAC,mDAAmD,CAAC,CAAC;IACvE,CAAC;IAED,IAAI,MAAM,CAAC,cAAc,KAAK,KAAK,IAAI,OAAO,CAAC,MAAM,CAAC,cAAc,EAAE,CAAC;QACrE,UAAU,CAAC,IAAI,CAAC,2DAA2D,CAAC,CAAC;IAC/E,CAAC;IAED,OAAO;QACL,KAAK,EAAE,UAAU,CAAC,MAAM,KAAK,CAAC;QAC9B,UAAU;KACX,CAAC;AACJ,CAAC"}

package/dist/infrastructure/sandbox/types.d.ts ADDED Viewed

@@ -0,0 +1,227 @@
+/**
+ * Types for Docker-Based Agent Sandboxing
+ *
+ * Provides type definitions for secure container-based agent execution
+ * with resource limits enforced by cgroups.
+ *
+ * @module infrastructure/sandbox/types
+ * @see Issue #146 - Security Hardening: Docker Sandboxing
+ */
+/**
+ * Network isolation mode for sandboxed agents
+ */
+export type NetworkMode = 'isolated' | 'whitelisted' | 'host';
+/**
+ * Container status states
+ */
+export type ContainerStatus = 'creating' | 'running' | 'stopped' | 'error' | 'removing';
+/**
+ * Sandbox configuration for agent containers
+ */
+export interface SandboxConfig {
+    /** CPU cores limit (e.g., 2) */
+    cpuLimit: number;
+    /** Memory limit (e.g., "2g", "512m") */
+    memoryLimit: string;
+    /** Memory + swap limit (e.g., "2g") */
+    memorySwapLimit: string;
+    /** Disk quota (e.g., "512m") */
+    diskLimit: string;
+    /** Network isolation mode */
+    networkMode: NetworkMode;
+    /** Allowed domains when networkMode is 'whitelisted' */
+    allowedDomains?: string[];
+    /** Mount root filesystem as read-only */
+    readOnlyRootFs: boolean;
+    /** User to run container as (non-root) */
+    user: string;
+    /** Seccomp security profile path */
+    seccompProfile?: string;
+    /** Additional environment variables */
+    environment?: Record<string, string>;
+    /** Working directory inside container */
+    workingDir?: string;
+    /** Volumes to mount */
+    volumes?: VolumeMount[];
+    /** Container labels */
+    labels?: Record<string, string>;
+}
+/**
+ * Volume mount configuration
+ */
+export interface VolumeMount {
+    /** Host path or volume name */
+    source: string;
+    /** Container path */
+    target: string;
+    /** Mount as read-only */
+    readOnly?: boolean;
+}
+/**
+ * Container information and state
+ */
+export interface ContainerInfo {
+    /** Docker container ID */
+    containerId: string;
+    /** Agent ID this container belongs to */
+    agentId: string;
+    /** Agent type (e.g., 'qe-test-generator') */
+    agentType: string;
+    /** Current container status */
+    status: ContainerStatus;
+    /** Container creation timestamp */
+    createdAt: Date;
+    /** Container start timestamp */
+    startedAt?: Date;
+    /** Container stop timestamp */
+    stoppedAt?: Date;
+    /** Current resource usage */
+    resourceUsage?: ResourceStats;
+    /** Exit code if container stopped */
+    exitCode?: number;
+    /** Error message if status is 'error' */
+    error?: string;
+    /** Container labels */
+    labels?: Record<string, string>;
+}
+/**
+ * Resource usage statistics for a container
+ */
+export interface ResourceStats {
+    /** CPU usage percentage (0-100 per core) */
+    cpuPercent: number;
+    /** Current memory usage in MB */
+    memoryUsageMB: number;
+    /** Memory limit in MB */
+    memoryLimitMB: number;
+    /** Memory usage percentage */
+    memoryPercent: number;
+    /** Disk usage in MB */
+    diskUsageMB: number;
+    /** Network bytes received */
+    networkRxBytes: number;
+    /** Network bytes transmitted */
+    networkTxBytes: number;
+    /** Number of PIDs in container */
+    pidsCount: number;
+    /** Timestamp of stats collection */
+    timestamp: Date;
+}
+/**
+ * Sandbox manager configuration
+ */
+export interface SandboxManagerConfig {
+    /** Docker socket path (default: /var/run/docker.sock) */
+    dockerSocketPath?: string;
+    /** Docker host URL (alternative to socket) */
+    dockerHost?: string;
+    /** Docker API version */
+    dockerVersion?: string;
+    /** Base image for agent containers */
+    agentImage: string;
+    /** Image tag */
+    imageTag?: string;
+    /** Network name for sandboxed containers */
+    networkName?: string;
+    /** Enable container logging */
+    enableLogging?: boolean;
+    /** Log driver (json-file, syslog, none) */
+    logDriver?: string;
+    /** Maximum log size per container */
+    logMaxSize?: string;
+    /** Maximum number of log files */
+    logMaxFiles?: number;
+    /** Default sandbox config for unknown agent types */
+    defaultConfig?: Partial<SandboxConfig>;
+    /** Cleanup containers on manager shutdown */
+    cleanupOnShutdown?: boolean;
+    /** Health check interval in ms */
+    healthCheckIntervalMs?: number;
+}
+/**
+ * Result of sandbox creation
+ */
+export interface SandboxCreateResult {
+    /** Whether creation succeeded */
+    success: boolean;
+    /** Container info if successful */
+    container?: ContainerInfo;
+    /** Error message if failed */
+    error?: string;
+    /** Warnings during creation */
+    warnings?: string[];
+}
+/**
+ * Result of sandbox destruction
+ */
+export interface SandboxDestroyResult {
+    /** Whether destruction succeeded */
+    success: boolean;
+    /** Container ID that was destroyed */
+    containerId: string;
+    /** Error message if failed */
+    error?: string;
+    /** Whether container was force-killed */
+    forced?: boolean;
+}
+/**
+ * Health check result
+ */
+export interface HealthCheckResult {
+    /** Whether container is healthy */
+    healthy: boolean;
+    /** Container ID */
+    containerId: string;
+    /** Health status message */
+    status: string;
+    /** Response time in ms */
+    responseTimeMs?: number;
+    /** Last check timestamp */
+    checkedAt: Date;
+    /** Consecutive failures count */
+    failureCount?: number;
+}
+/**
+ * Sandbox event types for monitoring
+ */
+export type SandboxEventType = 'created' | 'started' | 'stopped' | 'destroyed' | 'error' | 'oom_killed' | 'health_check_failed' | 'resource_limit_exceeded';
+/**
+ * Sandbox event for monitoring and logging
+ */
+export interface SandboxEvent {
+    /** Event type */
+    type: SandboxEventType;
+    /** Container ID */
+    containerId: string;
+    /** Agent ID */
+    agentId: string;
+    /** Agent type */
+    agentType: string;
+    /** Event timestamp */
+    timestamp: Date;
+    /** Event details */
+    details?: Record<string, unknown>;
+    /** Error if applicable */
+    error?: string;
+}
+/**
+ * Sandbox event handler
+ */
+export type SandboxEventHandler = (event: SandboxEvent) => void | Promise<void>;
+/**
+ * Parse memory string to bytes
+ * @param memStr Memory string (e.g., "512m", "2g")
+ * @returns Memory in bytes
+ */
+export declare function parseMemoryString(memStr: string): number;
+/**
+ * Format bytes to human-readable string
+ * @param bytes Number of bytes
+ * @returns Formatted string (e.g., "512 MB")
+ */
+export declare function formatBytes(bytes: number): string;
+/**
+ * Default sandbox configuration
+ */
+export declare const DEFAULT_SANDBOX_CONFIG: SandboxConfig;
+//# sourceMappingURL=types.d.ts.map

package/dist/infrastructure/sandbox/types.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../../src/infrastructure/sandbox/types.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH;;GAEG;AACH,MAAM,MAAM,WAAW,GAAG,UAAU,GAAG,aAAa,GAAG,MAAM,CAAC;AAE9D;;GAEG;AACH,MAAM,MAAM,eAAe,GAAG,UAAU,GAAG,SAAS,GAAG,SAAS,GAAG,OAAO,GAAG,UAAU,CAAC;AAExF;;GAEG;AACH,MAAM,WAAW,aAAa;IAC5B,gCAAgC;IAChC,QAAQ,EAAE,MAAM,CAAC;IAEjB,wCAAwC;IACxC,WAAW,EAAE,MAAM,CAAC;IAEpB,uCAAuC;IACvC,eAAe,EAAE,MAAM,CAAC;IAExB,gCAAgC;IAChC,SAAS,EAAE,MAAM,CAAC;IAElB,6BAA6B;IAC7B,WAAW,EAAE,WAAW,CAAC;IAEzB,wDAAwD;IACxD,cAAc,CAAC,EAAE,MAAM,EAAE,CAAC;IAE1B,yCAAyC;IACzC,cAAc,EAAE,OAAO,CAAC;IAExB,0CAA0C;IAC1C,IAAI,EAAE,MAAM,CAAC;IAEb,oCAAoC;IACpC,cAAc,CAAC,EAAE,MAAM,CAAC;IAExB,uCAAuC;IACvC,WAAW,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAErC,yCAAyC;IACzC,UAAU,CAAC,EAAE,MAAM,CAAC;IAEpB,uBAAuB;IACvB,OAAO,CAAC,EAAE,WAAW,EAAE,CAAC;IAExB,uBAAuB;IACvB,MAAM,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;CACjC;AAED;;GAEG;AACH,MAAM,WAAW,WAAW;IAC1B,+BAA+B;IAC/B,MAAM,EAAE,MAAM,CAAC;IAEf,qBAAqB;IACrB,MAAM,EAAE,MAAM,CAAC;IAEf,yBAAyB;IACzB,QAAQ,CAAC,EAAE,OAAO,CAAC;CACpB;AAED;;GAEG;AACH,MAAM,WAAW,aAAa;IAC5B,0BAA0B;IAC1B,WAAW,EAAE,MAAM,CAAC;IAEpB,yCAAyC;IACzC,OAAO,EAAE,MAAM,CAAC;IAEhB,6CAA6C;IAC7C,SAAS,EAAE,MAAM,CAAC;IAElB,+BAA+B;IAC/B,MAAM,EAAE,eAAe,CAAC;IAExB,mCAAmC;IACnC,SAAS,EAAE,IAAI,CAAC;IAEhB,gCAAgC;IAChC,SAAS,CAAC,EAAE,IAAI,CAAC;IAEjB,+BAA+B;IAC/B,SAAS,CAAC,EAAE,IAAI,CAAC;IAEjB,6BAA6B;IAC7B,aAAa,CAAC,EAAE,aAAa,CAAC;IAE9B,qCAAqC;IACrC,QAAQ,CAAC,EAAE,MAAM,CAAC;IAElB,yCAAyC;IACzC,KAAK,CAAC,EAAE,MAAM,CAAC;IAEf,uBAAuB;IACvB,MAAM,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;CACjC;AAED;;GAEG;AACH,MAAM,WAAW,aAAa;IAC5B,4CAA4C;IAC5C,UAAU,EAAE,MAAM,CAAC;IAEnB,iCAAiC;IACjC,aAAa,EAAE,MAAM,CAAC;IAEtB,yBAAyB;IACzB,aAAa,EAAE,MAAM,CAAC;IAEtB,8BAA8B;IAC9B,aAAa,EAAE,MAAM,CAAC;IAEtB,uBAAuB;IACvB,WAAW,EAAE,MAAM,CAAC;IAEpB,6BAA6B;IAC7B,cAAc,EAAE,MAAM,CAAC;IAEvB,gCAAgC;IAChC,cAAc,EAAE,MAAM,CAAC;IAEvB,kCAAkC;IAClC,SAAS,EAAE,MAAM,CAAC;IAElB,oCAAoC;IACpC,SAAS,EAAE,IAAI,CAAC;CACjB;AAED;;GAEG;AACH,MAAM,WAAW,oBAAoB;IACnC,yDAAyD;IACzD,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAE1B,8CAA8C;IAC9C,UAAU,CAAC,EAAE,MAAM,CAAC;IAEpB,yBAAyB;IACzB,aAAa,CAAC,EAAE,MAAM,CAAC;IAEvB,sCAAsC;IACtC,UAAU,EAAE,MAAM,CAAC;IAEnB,gBAAgB;IAChB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAElB,4CAA4C;IAC5C,WAAW,CAAC,EAAE,MAAM,CAAC;IAErB,+BAA+B;IAC/B,aAAa,CAAC,EAAE,OAAO,CAAC;IAExB,2CAA2C;IAC3C,SAAS,CAAC,EAAE,MAAM,CAAC;IAEnB,qCAAqC;IACrC,UAAU,CAAC,EAAE,MAAM,CAAC;IAEpB,kCAAkC;IAClC,WAAW,CAAC,EAAE,MAAM,CAAC;IAErB,qDAAqD;IACrD,aAAa,CAAC,EAAE,OAAO,CAAC,aAAa,CAAC,CAAC;IAEvC,6CAA6C;IAC7C,iBAAiB,CAAC,EAAE,OAAO,CAAC;IAE5B,kCAAkC;IAClC,qBAAqB,CAAC,EAAE,MAAM,CAAC;CAChC;AAED;;GAEG;AACH,MAAM,WAAW,mBAAmB;IAClC,iCAAiC;IACjC,OAAO,EAAE,OAAO,CAAC;IAEjB,mCAAmC;IACnC,SAAS,CAAC,EAAE,aAAa,CAAC;IAE1B,8BAA8B;IAC9B,KAAK,CAAC,EAAE,MAAM,CAAC;IAEf,+BAA+B;IAC/B,QAAQ,CAAC,EAAE,MAAM,EAAE,CAAC;CACrB;AAED;;GAEG;AACH,MAAM,WAAW,oBAAoB;IACnC,oCAAoC;IACpC,OAAO,EAAE,OAAO,CAAC;IAEjB,sCAAsC;IACtC,WAAW,EAAE,MAAM,CAAC;IAEpB,8BAA8B;IAC9B,KAAK,CAAC,EAAE,MAAM,CAAC;IAEf,yCAAyC;IACzC,MAAM,CAAC,EAAE,OAAO,CAAC;CAClB;AAED;;GAEG;AACH,MAAM,WAAW,iBAAiB;IAChC,mCAAmC;IACnC,OAAO,EAAE,OAAO,CAAC;IAEjB,mBAAmB;IACnB,WAAW,EAAE,MAAM,CAAC;IAEpB,4BAA4B;IAC5B,MAAM,EAAE,MAAM,CAAC;IAEf,0BAA0B;IAC1B,cAAc,CAAC,EAAE,MAAM,CAAC;IAExB,2BAA2B;IAC3B,SAAS,EAAE,IAAI,CAAC;IAEhB,iCAAiC;IACjC,YAAY,CAAC,EAAE,MAAM,CAAC;CACvB;AAED;;GAEG;AACH,MAAM,MAAM,gBAAgB,GACxB,SAAS,GACT,SAAS,GACT,SAAS,GACT,WAAW,GACX,OAAO,GACP,YAAY,GACZ,qBAAqB,GACrB,yBAAyB,CAAC;AAE9B;;GAEG;AACH,MAAM,WAAW,YAAY;IAC3B,iBAAiB;IACjB,IAAI,EAAE,gBAAgB,CAAC;IAEvB,mBAAmB;IACnB,WAAW,EAAE,MAAM,CAAC;IAEpB,eAAe;IACf,OAAO,EAAE,MAAM,CAAC;IAEhB,iBAAiB;IACjB,SAAS,EAAE,MAAM,CAAC;IAElB,sBAAsB;IACtB,SAAS,EAAE,IAAI,CAAC;IAEhB,oBAAoB;IACpB,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAElC,0BAA0B;IAC1B,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED;;GAEG;AACH,MAAM,MAAM,mBAAmB,GAAG,CAAC,KAAK,EAAE,YAAY,KAAK,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;AAEhF;;;;GAIG;AACH,wBAAgB,iBAAiB,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,CAkBxD;AAED;;;;GAIG;AACH,wBAAgB,WAAW,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,CAWjD;AAED;;GAEG;AACH,eAAO,MAAM,sBAAsB,EAAE,aAQpC,CAAC"}