agentic-qe 3.3.0 → 3.3.1

package/v3/dist/mcp/security/cve-prevention.js

@@ -2,6 +2,10 @@
  * Agentic QE v3 - MCP Security: CVE Prevention Utilities
  * Security utilities for preventing common vulnerabilities (ADR-012)
  *
+ * This file serves as a facade that maintains backward compatibility
+ * while the actual implementations are organized using the Strategy Pattern
+ * in the validators/ directory.
+ *
  * Features:
  * - Path traversal protection (no ../ in paths)
  * - ReDoS prevention with regex escaping
@@ -9,579 +13,50 @@
  * - Input sanitization utilities
  * - Command injection prevention
  */
-import { createHash, timingSafeEqual, randomBytes } from 'crypto';
-// ============================================================================
-// Path Traversal Protection
 // ============================================================================
-/**
- * Path traversal patterns to detect
- */
-const PATH_TRAVERSAL_PATTERNS = [
-    /\.\./, // Basic traversal
-    /%2e%2e/i, // URL encoded ..
-    /%252e%252e/i, // Double URL encoded
-    /\.\.%2f/i, // Mixed encoding
-    /%2f\.\./i, // Forward slash + ..
-    /\.\.%5c/i, // Backslash + ..
-    /\.\.\\/, // Windows backslash traversal
-    /%c0%ae/i, // UTF-8 overlong encoding
-    /%c0%2f/i, // UTF-8 overlong /
-    /%c1%9c/i, // UTF-8 overlong \
-    /\0/, // Null byte injection
-    /%00/i, // URL encoded null
-];
-/**
- * Dangerous path components
- */
-const DANGEROUS_PATH_COMPONENTS = [
-    /^\/etc\//i,
-    /^\/proc\//i,
-    /^\/sys\//i,
-    /^\/dev\//i,
-    /^\/root\//i,
-    /^\/home\/.+\/\./i,
-    /^[A-Z]:\\Windows/i,
-    /^[A-Z]:\\System/i,
-    /^[A-Z]:\\Users\\.+\\AppData/i,
-];
-/**
- * Validate and sanitize a file path to prevent traversal attacks
- */
-export function validatePath(path, options = {}) {
-    const { basePath = '', allowAbsolute = false, allowedExtensions = [], deniedExtensions = ['.exe', '.bat', '.cmd', '.sh', '.ps1', '.dll', '.so'], maxDepth = 10, maxLength = 4096, } = options;
-    // Check length
-    if (path.length > maxLength) {
-        return {
-            valid: false,
-            error: `Path exceeds maximum length of ${maxLength}`,
-            riskLevel: 'medium',
-        };
-    }
-    // Check for traversal patterns
-    for (const pattern of PATH_TRAVERSAL_PATTERNS) {
-        if (pattern.test(path)) {
-            return {
-                valid: false,
-                error: 'Path traversal attempt detected',
-                riskLevel: 'critical',
-            };
-        }
-    }
-    // Check for absolute paths
-    if (!allowAbsolute && (path.startsWith('/') || /^[A-Z]:/i.test(path))) {
-        return {
-            valid: false,
-            error: 'Absolute paths are not allowed',
-            riskLevel: 'high',
-        };
-    }
-    // Check for dangerous path components
-    for (const pattern of DANGEROUS_PATH_COMPONENTS) {
-        if (pattern.test(path)) {
-            return {
-                valid: false,
-                error: 'Access to system paths is not allowed',
-                riskLevel: 'critical',
-            };
-        }
-    }
-    // Normalize the path
-    const normalizedPath = normalizePath(path);
-    // Re-check for traversal after normalization
-    if (normalizedPath.includes('..')) {
-        return {
-            valid: false,
-            error: 'Path traversal detected after normalization',
-            riskLevel: 'critical',
-        };
-    }
-    // Check depth
-    const depth = normalizedPath.split('/').filter(Boolean).length;
-    if (depth > maxDepth) {
-        return {
-            valid: false,
-            error: `Path depth exceeds maximum of ${maxDepth}`,
-            riskLevel: 'low',
-        };
-    }
-    // Check extension
-    const ext = getExtension(normalizedPath);
-    if (ext) {
-        const extWithDot = `.${ext.toLowerCase()}`;
-        const extWithoutDot = ext.toLowerCase();
-        // Check denied extensions (support both .exe and exe formats)
-        if (deniedExtensions.length > 0) {
-            const isDenied = deniedExtensions.some(denied => denied.toLowerCase() === extWithDot || denied.toLowerCase() === extWithoutDot);
-            if (isDenied) {
-                return {
-                    valid: false,
-                    error: `File extension '${ext}' is not allowed`,
-                    riskLevel: 'high',
-                };
-            }
-        }
-        // Check allowed extensions (support both .ts and ts formats)
-        if (allowedExtensions.length > 0) {
-            const isAllowed = allowedExtensions.some(allowed => allowed.toLowerCase() === extWithDot || allowed.toLowerCase() === extWithoutDot);
-            if (!isAllowed) {
-                return {
-                    valid: false,
-                    error: `File extension '${ext}' is not in allowed list`,
-                    riskLevel: 'medium',
-                };
-            }
-        }
-    }
-    // Combine with base path if provided
-    const finalPath = basePath
-        ? joinPathsAbsolute(basePath, normalizedPath)
-        : normalizedPath;
-    // Verify final path doesn't escape base (use normalized base for comparison)
-    const normalizedBase = basePath.startsWith('/')
-        ? `/${normalizePath(basePath)}`
-        : normalizePath(basePath);
-    if (basePath && !finalPath.startsWith(normalizedBase)) {
-        return {
-            valid: false,
-            error: 'Path escapes base directory',
-            riskLevel: 'critical',
-        };
-    }
-    return {
-        valid: true,
-        normalizedPath: finalPath,
-        riskLevel: 'none',
-    };
-}
-/**
- * Normalize a path by resolving . and .. components
- */
-export function normalizePath(path) {
-    // Replace backslashes with forward slashes
-    let normalized = path.replace(/\\/g, '/');
-    // Remove multiple consecutive slashes
-    normalized = normalized.replace(/\/+/g, '/');
-    // Split and resolve
-    const parts = normalized.split('/');
-    const result = [];
-    for (const part of parts) {
-        if (part === '.' || part === '') {
-            continue;
-        }
-        if (part === '..') {
-            // Don't allow going above root
-            if (result.length > 0 && result[result.length - 1] !== '..') {
-                result.pop();
-            }
-        }
-        else {
-            result.push(part);
-        }
-    }
-    return result.join('/');
-}
-/**
- * Safely join path components (strips leading/trailing slashes from all parts)
- */
-export function joinPaths(...paths) {
-    if (paths.length === 0)
-        return '';
-    return paths
-        .map(p => p.replace(/^\/+|\/+$/g, ''))
-        .filter(Boolean)
-        .join('/');
-}
-/**
- * Join paths preserving absolute path from first component
- */
-export function joinPathsAbsolute(...paths) {
-    if (paths.length === 0)
-        return '';
-    // Check if the first path is absolute
-    const isAbsolute = paths[0].startsWith('/');
-    const result = paths
-        // Use non-backtracking patterns with possessive-like behavior via split/join
-        .map(p => {
-        // Remove leading slashes by splitting and rejoining
-        while (p.startsWith('/'))
-            p = p.slice(1);
-        // Remove trailing slashes
-        while (p.endsWith('/'))
-            p = p.slice(0, -1);
-        return p;
-    })
-        .filter(Boolean)
-        .join('/');
-    // Preserve leading slash for absolute paths
-    return isAbsolute ? `/${result}` : result;
-}
-/**
- * Get file extension
- */
-export function getExtension(path) {
-    const match = path.match(/\.([^./\\]+)$/);
-    return match ? match[1] : null;
-}
+// Re-export Validators and Functions
 // ============================================================================
+// Path Traversal Protection
+export { validatePath, normalizePath, joinPaths, joinPathsAbsolute, getExtension, PathTraversalValidator, PATH_TRAVERSAL_PATTERNS, DANGEROUS_PATH_COMPONENTS, } from './validators/path-traversal-validator';
 // ReDoS Prevention
-// ============================================================================
-/**
- * Patterns that can cause ReDoS
- */
-const REDOS_PATTERNS = [
-    /\(\.\*\)\+/, // (.*)+
-    /\(\.\+\)\+/, // (.+)+
-    /\([^)]*\?\)\+/, // (...?)+
-    /\([^)]*\*\)\+/, // (...*)+
-    /\([^)]*\+\)\+/, // (...+)+
-    /\(\[.*?\]\+\)\+/, // ([...]+)+
-    /\(\[.*?\]\*\)\+/, // ([...]*)+
-    /\(\[.*?\]\?\)\+/, // ([...]?)+
-    /\(\[.*?\]\*\)\*/, // ([...]*)*
-    /\.\*\.\*/, // .*.*
-    /\.\+\.\+/, // .+.+
-    /\(\.\|\.\)/, // (.|.)
-];
-/**
- * Maximum allowed regex complexity (nested quantifiers)
- */
-const MAX_REGEX_COMPLEXITY = 3;
-/**
- * Check if a regex pattern is safe from ReDoS
- */
-export function isRegexSafe(pattern) {
-    const riskyPatterns = [];
-    // Check for known ReDoS patterns
-    for (const redosPattern of REDOS_PATTERNS) {
-        if (redosPattern.test(pattern)) {
-            riskyPatterns.push(redosPattern.source);
-        }
-    }
-    // Check nesting depth of quantifiers
-    const quantifierDepth = countQuantifierNesting(pattern);
-    if (quantifierDepth > MAX_REGEX_COMPLEXITY) {
-        riskyPatterns.push(`Quantifier nesting depth: ${quantifierDepth} (max: ${MAX_REGEX_COMPLEXITY})`);
-    }
-    // Check for exponential backtracking potential
-    if (hasExponentialBacktracking(pattern)) {
-        riskyPatterns.push('Exponential backtracking potential detected');
-    }
-    return {
-        safe: riskyPatterns.length === 0,
-        pattern,
-        escapedPattern: escapeRegex(pattern),
-        riskyPatterns,
-        error: riskyPatterns.length > 0 ? 'Pattern may cause ReDoS' : undefined,
-    };
-}
-/**
- * Count nested quantifier depth
- */
-function countQuantifierNesting(pattern) {
-    let maxDepth = 0;
-    let currentDepth = 0;
-    let inGroup = false;
-    let escaped = false;
-    for (let i = 0; i < pattern.length; i++) {
-        const char = pattern[i];
-        if (escaped) {
-            escaped = false;
-            continue;
-        }
-        if (char === '\\') {
-            escaped = true;
-            continue;
-        }
-        if (char === '(') {
-            inGroup = true;
-            continue;
-        }
-        if (char === ')') {
-            inGroup = false;
-            // Check if followed by quantifier
-            const next = pattern[i + 1];
-            if (next === '*' || next === '+' || next === '?' || next === '{') {
-                currentDepth++;
-                maxDepth = Math.max(maxDepth, currentDepth);
-            }
-            continue;
-        }
-        if ((char === '*' || char === '+' || char === '?') && !inGroup) {
-            currentDepth = 1;
-            maxDepth = Math.max(maxDepth, currentDepth);
-        }
-    }
-    return maxDepth;
-}
-/**
- * Check for exponential backtracking potential
- */
-function hasExponentialBacktracking(pattern) {
-    // Simplified check for common exponential patterns
-    const dangerous = [
-        /\(\[^\\]*\]\+\)\+/, // ([...]+)+
-        /\(\[^\\]*\]\*\)\*/, // ([...]*)*
-        /\([^)]+\|[^)]+\)\+/, // (a|b)+
-        /\(\.\*\)[*+]/, // (.*)+, (.*)*
-        /\(\.\+\)[*+]/, // (.+)+, (.+)*
-    ];
-    return dangerous.some(d => d.test(pattern));
-}
-/**
- * Escape special regex characters in a string
- */
-export function escapeRegex(str) {
-    return str.replace(/[.*+?^${}()|[\]\\]/g, '\\$&');
-}
-/**
- * Create a safe regex with timeout
- */
-export function createSafeRegex(pattern, flags, maxLength = 10000) {
-    const safety = isRegexSafe(pattern);
-    if (!safety.safe) {
-        return null;
-    }
-    if (pattern.length > maxLength) {
-        return null;
-    }
-    try {
-        return new RegExp(pattern, flags);
-    }
-    catch {
-        return null;
-    }
-}
-// ============================================================================
+export { isRegexSafe, escapeRegex, createSafeRegex, RegexSafetyValidator, REDOS_PATTERNS, countQuantifierNesting, hasExponentialBacktracking, } from './validators/regex-safety-validator';
 // Timing-Safe Comparison
+export { timingSafeCompare, timingSafeHashCompare, generateSecureToken, secureHash, CryptoValidator, } from './validators/crypto-validator';
+// Input Sanitization
+export { sanitizeInput, escapeHtml, stripHtmlTags, InputSanitizer, HTML_ESCAPE_MAP, SQL_INJECTION_PATTERNS, SHELL_METACHARACTERS, DANGEROUS_CONTROL_CHARS, } from './validators/input-sanitizer';
+// Command Injection Prevention
+export { validateCommand, escapeShellArg, CommandValidator, DEFAULT_ALLOWED_COMMANDS, BLOCKED_COMMAND_PATTERNS, } from './validators/command-validator';
 // ============================================================================
-/**
- * Perform a timing-safe string comparison
- */
-export function timingSafeCompare(a, b) {
-    // Pad shorter string to prevent length-based timing attacks
-    const maxLen = Math.max(a.length, b.length);
-    const paddedA = a.padEnd(maxLen, '\0');
-    const paddedB = b.padEnd(maxLen, '\0');
-    try {
-        return timingSafeEqual(Buffer.from(paddedA), Buffer.from(paddedB));
-    }
-    catch {
-        return false;
-    }
-}
-/**
- * Timing-safe comparison for hashed values
- */
-export function timingSafeHashCompare(value, expectedHash) {
-    const hash = createHash('sha256').update(value).digest('hex');
-    return timingSafeCompare(hash, expectedHash);
-}
-/**
- * Generate a secure random token
- */
-export function generateSecureToken(length = 32) {
-    return randomBytes(length)
-        .toString('base64')
-        .replace(/\+/g, '-')
-        .replace(/\//g, '_')
-        .replace(/=/g, '');
-}
-/**
- * Hash a value securely
- */
-export function secureHash(value, salt) {
-    const data = salt ? `${salt}:${value}` : value;
-    return createHash('sha256').update(data).digest('hex');
-}
+// Re-export Orchestrator
 // ============================================================================
-// Input Sanitization
+export { ValidationOrchestrator, getOrchestrator, createOrchestrator, } from './validators/validation-orchestrator';
 // ============================================================================
-/**
- * HTML escape characters
- */
-const HTML_ESCAPE_MAP = {
-    '&': '&amp;',
-    '<': '&lt;',
-    '>': '&gt;',
-    '"': '&quot;',
-    "'": '&#x27;',
-    '/': '&#x2F;',
-    '`': '&#x60;',
-    '=': '&#x3D;',
-};
-/**
- * SQL injection patterns
- */
-const SQL_INJECTION_PATTERNS = [
-    /('|")\s*;\s*--/i,
-    /'\s*OR\s+'1'\s*=\s*'1/i,
-    /"\s*OR\s+"1"\s*=\s*"1/i,
-    /UNION\s+SELECT/i,
-    /INSERT\s+INTO/i,
-    /DROP\s+TABLE/i,
-    /DELETE\s+FROM/i,
-    /UPDATE\s+.*\s+SET/i,
-    /EXEC(\s+|\()sp_/i,
-    /xp_cmdshell/i,
-];
-/**
- * Shell metacharacters (excludes parentheses which are common in normal text)
- */
-const SHELL_METACHARACTERS = /[|;&$`<>{}[\]!#*?~]/g;
-/**
- * Sanitize input string
- */
-export function sanitizeInput(input, options = {}) {
-    const { maxLength = 10000, allowedChars, stripHtml = true, stripSql = true, escapeShell = true, trim = true, } = options;
-    let result = input;
-    // Trim
-    if (trim) {
-        result = result.trim();
-    }
-    // Max length
-    if (result.length > maxLength) {
-        result = result.substring(0, maxLength);
-    }
-    // Strip HTML
-    if (stripHtml) {
-        result = stripHtmlTags(result);
-    }
-    // Strip SQL injection attempts
-    if (stripSql) {
-        for (const pattern of SQL_INJECTION_PATTERNS) {
-            result = result.replace(pattern, '');
-        }
-    }
-    // Escape shell metacharacters
-    if (escapeShell) {
-        result = result.replace(SHELL_METACHARACTERS, '');
-    }
-    // Filter to allowed characters
-    if (allowedChars) {
-        // Filter character by character to respect the provided regex
-        result = result.split('').filter(char => allowedChars.test(char)).join('');
-    }
-    return result;
-}
-/**
- * Escape HTML special characters
- */
-export function escapeHtml(str) {
-    return str.replace(/[&<>"'`=/]/g, char => HTML_ESCAPE_MAP[char] || char);
-}
-/**
- * Strip HTML tags from a string
- * Handles both complete tags and incomplete/malformed tags to prevent XSS
- */
-export function stripHtmlTags(str) {
-    // Limit input length to prevent ReDoS
-    const MAX_LENGTH = 100000;
-    if (str.length > MAX_LENGTH) {
-        str = str.slice(0, MAX_LENGTH);
-    }
-    let result = str;
-    let prevLength;
-    // Loop until no more changes (handles nested/malformed tags like <script<script>>)
-    do {
-        prevLength = result.length;
-        // Remove complete HTML tags using a non-backtracking approach
-        // Process character by character to avoid regex backtracking
-        let cleaned = '';
-        let inTag = false;
-        for (let i = 0; i < result.length; i++) {
-            const char = result[i];
-            if (char === '<') {
-                inTag = true;
-            }
-            else if (char === '>' && inTag) {
-                inTag = false;
-            }
-            else if (!inTag) {
-                cleaned += char;
-            }
-        }
-        result = cleaned;
-    } while (result.length < prevLength && result.length > 0);
-    // Encode any remaining angle brackets
-    result = result.replace(/</g, '&lt;').replace(/>/g, '&gt;');
-    return result;
-}
+// Import for CVEPrevention Object
 // ============================================================================
-// Command Injection Prevention
+import { validatePath } from './validators/path-traversal-validator';
+import { normalizePath } from './validators/path-traversal-validator';
+import { joinPaths } from './validators/path-traversal-validator';
+import { joinPathsAbsolute } from './validators/path-traversal-validator';
+import { getExtension } from './validators/path-traversal-validator';
+import { isRegexSafe } from './validators/regex-safety-validator';
+import { escapeRegex } from './validators/regex-safety-validator';
+import { createSafeRegex } from './validators/regex-safety-validator';
+import { timingSafeCompare } from './validators/crypto-validator';
+import { timingSafeHashCompare } from './validators/crypto-validator';
+import { generateSecureToken } from './validators/crypto-validator';
+import { secureHash } from './validators/crypto-validator';
+import { sanitizeInput } from './validators/input-sanitizer';
+import { escapeHtml } from './validators/input-sanitizer';
+import { stripHtmlTags } from './validators/input-sanitizer';
+import { validateCommand } from './validators/command-validator';
+import { escapeShellArg } from './validators/command-validator';
+// ============================================================================
+// Export Utilities Object (Backward Compatibility)
 // ============================================================================
 /**
- * Allowed commands whitelist
- */
-const DEFAULT_ALLOWED_COMMANDS = [
-    'ls', 'cat', 'echo', 'grep', 'find', 'head', 'tail', 'wc',
-    'npm', 'node', 'yarn', 'pnpm',
-    'git', 'jest', 'vitest', 'playwright',
-];
-/**
- * Blocked command patterns
- */
-const BLOCKED_COMMAND_PATTERNS = [
-    /;/, // Command chaining with semicolon
-    /&&/, // Command chaining with AND
-    /\|\|/, // Command chaining with OR
-    /\|/, // Piping
-    /`.*`/, // Backtick command substitution
-    /\$\(.*\)/, // $() command substitution
-    />\s*\/dev\/sd/i, // Writing to block devices
-    />\s*\/etc\//i, // Writing to /etc
-];
-/**
- * Validate and sanitize a command
- */
-export function validateCommand(command, allowedCommands = DEFAULT_ALLOWED_COMMANDS) {
-    const blockedPatterns = [];
-    // Check for blocked patterns
-    for (const pattern of BLOCKED_COMMAND_PATTERNS) {
-        if (pattern.test(command)) {
-            blockedPatterns.push(pattern.source);
-        }
-    }
-    if (blockedPatterns.length > 0) {
-        return {
-            valid: false,
-            error: 'Command contains blocked patterns',
-            blockedPatterns,
-        };
-    }
-    // Extract base command
-    const parts = command.trim().split(/\s+/);
-    const baseCommand = parts[0].split('/').pop() || '';
-    // Check against whitelist
-    if (!allowedCommands.includes(baseCommand)) {
-        return {
-            valid: false,
-            error: `Command '${baseCommand}' is not in the allowed list`,
-            blockedPatterns: [],
-        };
-    }
-    // Sanitize arguments
-    const sanitizedParts = parts.map((part, i) => {
-        if (i === 0)
-            return part;
-        // Remove shell metacharacters from arguments
-        return part.replace(SHELL_METACHARACTERS, '');
-    });
-    return {
-        valid: true,
-        sanitizedCommand: sanitizedParts.join(' '),
-        blockedPatterns: [],
-    };
-}
-/**
- * Escape a string for safe shell usage
+ * CVEPrevention - Main security utilities object
+ * Provides backward-compatible access to all security functions
  */
-export function escapeShellArg(arg) {
-    // Wrap in single quotes and escape any internal single quotes
-    return `'${arg.replace(/'/g, "'\\''")}'`;
-}
-// ============================================================================
-// Export Utilities Object
-// ============================================================================
 export const CVEPrevention = {
     // Path traversal
     validatePath,

package/v3/dist/mcp/security/cve-prevention.js.map

@@ -1 +1 @@
-{"version":3,"file":"cve-prevention.js","sourceRoot":"","sources":["../../../src/mcp/security/cve-prevention.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAEH,OAAO,EAAE,UAAU,EAAE,eAAe,EAAE,WAAW,EAAE,MAAM,QAAQ,CAAC;AA6DlE,+EAA+E;AAC/E,4BAA4B;AAC5B,+EAA+E;AAE/E;;GAEG;AACH,MAAM,uBAAuB,GAAG;IAC9B,MAAM,EAAqB,kBAAkB;IAC7C,SAAS,EAAkB,iBAAiB;IAC5C,aAAa,EAAc,qBAAqB;IAChD,UAAU,EAAiB,iBAAiB;IAC5C,UAAU,EAAiB,qBAAqB;IAChD,UAAU,EAAiB,iBAAiB;IAC5C,QAAQ,EAAmB,8BAA8B;IACzD,SAAS,EAAkB,0BAA0B;IACrD,SAAS,EAAkB,mBAAmB;IAC9C,SAAS,EAAkB,mBAAmB;IAC9C,IAAI,EAAuB,sBAAsB;IACjD,MAAM,EAAqB,mBAAmB;CAC/C,CAAC;AAEF;;GAEG;AACH,MAAM,yBAAyB,GAAG;IAChC,WAAW;IACX,YAAY;IACZ,WAAW;IACX,WAAW;IACX,YAAY;IACZ,kBAAkB;IAClB,mBAAmB;IACnB,kBAAkB;IAClB,8BAA8B;CAC/B,CAAC;AAEF;;GAEG;AACH,MAAM,UAAU,YAAY,CAC1B,IAAY,EACZ,UAAiC,EAAE;IAEnC,MAAM,EACJ,QAAQ,GAAG,EAAE,EACb,aAAa,GAAG,KAAK,EACrB,iBAAiB,GAAG,EAAE,EACtB,gBAAgB,GAAG,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,KAAK,CAAC,EACzE,QAAQ,GAAG,EAAE,EACb,SAAS,GAAG,IAAI,GACjB,GAAG,OAAO,CAAC;IAEZ,eAAe;IACf,IAAI,IAAI,CAAC,MAAM,GAAG,SAAS,EAAE,CAAC;QAC5B,OAAO;YACL,KAAK,EAAE,KAAK;YACZ,KAAK,EAAE,kCAAkC,SAAS,EAAE;YACpD,SAAS,EAAE,QAAQ;SACpB,CAAC;IACJ,CAAC;IAED,+BAA+B;IAC/B,KAAK,MAAM,OAAO,IAAI,uBAAuB,EAAE,CAAC;QAC9C,IAAI,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YACvB,OAAO;gBACL,KAAK,EAAE,KAAK;gBACZ,KAAK,EAAE,iCAAiC;gBACxC,SAAS,EAAE,UAAU;aACtB,CAAC;QACJ,CAAC;IACH,CAAC;IAED,2BAA2B;IAC3B,IAAI,CAAC,aAAa,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,EAAE,CAAC;QACtE,OAAO;YACL,KAAK,EAAE,KAAK;YACZ,KAAK,EAAE,gCAAgC;YACvC,SAAS,EAAE,MAAM;SAClB,CAAC;IACJ,CAAC;IAED,sCAAsC;IACtC,KAAK,MAAM,OAAO,IAAI,yBAAyB,EAAE,CAAC;QAChD,IAAI,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YACvB,OAAO;gBACL,KAAK,EAAE,KAAK;gBACZ,KAAK,EAAE,uCAAuC;gBAC9C,SAAS,EAAE,UAAU;aACtB,CAAC;QACJ,CAAC;IACH,CAAC;IAED,qBAAqB;IACrB,MAAM,cAAc,GAAG,aAAa,CAAC,IAAI,CAAC,CAAC;IAE3C,6CAA6C;IAC7C,IAAI,cAAc,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;QAClC,OAAO;YACL,KAAK,EAAE,KAAK;YACZ,KAAK,EAAE,6CAA6C;YACpD,SAAS,EAAE,UAAU;SACtB,CAAC;IACJ,CAAC;IAED,cAAc;IACd,MAAM,KAAK,GAAG,cAAc,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,MAAM,CAAC;IAC/D,IAAI,KAAK,GAAG,QAAQ,EAAE,CAAC;QACrB,OAAO;YACL,KAAK,EAAE,KAAK;YACZ,KAAK,EAAE,iCAAiC,QAAQ,EAAE;YAClD,SAAS,EAAE,KAAK;SACjB,CAAC;IACJ,CAAC;IAED,kBAAkB;IAClB,MAAM,GAAG,GAAG,YAAY,CAAC,cAAc,CAAC,CAAC;IACzC,IAAI,GAAG,EAAE,CAAC;QACR,MAAM,UAAU,GAAG,IAAI,GAAG,CAAC,WAAW,EAAE,EAAE,CAAC;QAC3C,MAAM,aAAa,GAAG,GAAG,CAAC,WAAW,EAAE,CAAC;QAExC,8DAA8D;QAC9D,IAAI,gBAAgB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAChC,MAAM,QAAQ,GAAG,gBAAgB,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,CAC9C,MAAM,CAAC,WAAW,EAAE,KAAK,UAAU,IAAI,MAAM,CAAC,WAAW,EAAE,KAAK,aAAa,CAC9E,CAAC;YACF,IAAI,QAAQ,EAAE,CAAC;gBACb,OAAO;oBACL,KAAK,EAAE,KAAK;oBACZ,KAAK,EAAE,mBAAmB,GAAG,kBAAkB;oBAC/C,SAAS,EAAE,MAAM;iBAClB,CAAC;YACJ,CAAC;QACH,CAAC;QAED,6DAA6D;QAC7D,IAAI,iBAAiB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACjC,MAAM,SAAS,GAAG,iBAAiB,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CACjD,OAAO,CAAC,WAAW,EAAE,KAAK,UAAU,IAAI,OAAO,CAAC,WAAW,EAAE,KAAK,aAAa,CAChF,CAAC;YACF,IAAI,CAAC,SAAS,EAAE,CAAC;gBACf,OAAO;oBACL,KAAK,EAAE,KAAK;oBACZ,KAAK,EAAE,mBAAmB,GAAG,0BAA0B;oBACvD,SAAS,EAAE,QAAQ;iBACpB,CAAC;YACJ,CAAC;QACH,CAAC;IACH,CAAC;IAED,qCAAqC;IACrC,MAAM,SAAS,GAAG,QAAQ;QACxB,CAAC,CAAC,iBAAiB,CAAC,QAAQ,EAAE,cAAc,CAAC;QAC7C,CAAC,CAAC,cAAc,CAAC;IAEnB,6EAA6E;IAC7E,MAAM,cAAc,GAAG,QAAQ,CAAC,UAAU,CAAC,GAAG,CAAC;QAC7C,CAAC,CAAC,IAAI,aAAa,CAAC,QAAQ,CAAC,EAAE;QAC/B,CAAC,CAAC,aAAa,CAAC,QAAQ,CAAC,CAAC;IAC5B,IAAI,QAAQ,IAAI,CAAC,SAAS,CAAC,UAAU,CAAC,cAAc,CAAC,EAAE,CAAC;QACtD,OAAO;YACL,KAAK,EAAE,KAAK;YACZ,KAAK,EAAE,6BAA6B;YACpC,SAAS,EAAE,UAAU;SACtB,CAAC;IACJ,CAAC;IAED,OAAO;QACL,KAAK,EAAE,IAAI;QACX,cAAc,EAAE,SAAS;QACzB,SAAS,EAAE,MAAM;KAClB,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,aAAa,CAAC,IAAY;IACxC,2CAA2C;IAC3C,IAAI,UAAU,GAAG,IAAI,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;IAE1C,sCAAsC;IACtC,UAAU,GAAG,UAAU,CAAC,OAAO,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;IAE7C,oBAAoB;IACpB,MAAM,KAAK,GAAG,UAAU,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IACpC,MAAM,MAAM,GAAa,EAAE,CAAC;IAE5B,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,IAAI,IAAI,KAAK,GAAG,IAAI,IAAI,KAAK,EAAE,EAAE,CAAC;YAChC,SAAS;QACX,CAAC;QACD,IAAI,IAAI,KAAK,IAAI,EAAE,CAAC;YAClB,+BAA+B;YAC/B,IAAI,MAAM,CAAC,MAAM,GAAG,CAAC,IAAI,MAAM,CAAC,MAAM,CAAC,MAAM,GAAG,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;gBAC5D,MAAM,CAAC,GAAG,EAAE,CAAC;YACf,CAAC;QACH,CAAC;aAAM,CAAC;YACN,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACpB,CAAC;IACH,CAAC;IAED,OAAO,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAC1B,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,SAAS,CAAC,GAAG,KAAe;IAC1C,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,EAAE,CAAC;IAElC,OAAO,KAAK;SACT,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,YAAY,EAAE,EAAE,CAAC,CAAC;SACrC,MAAM,CAAC,OAAO,CAAC;SACf,IAAI,CAAC,GAAG,CAAC,CAAC;AACf,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,iBAAiB,CAAC,GAAG,KAAe;IAClD,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,EAAE,CAAC;IAElC,sCAAsC;IACtC,MAAM,UAAU,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC;IAE5C,MAAM,MAAM,GAAG,KAAK;QAClB,6EAA6E;SAC5E,GAAG,CAAC,CAAC,CAAC,EAAE;QACP,oDAAoD;QACpD,OAAO,CAAC,CAAC,UAAU,CAAC,GAAG,CAAC;YAAE,CAAC,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;QACzC,0BAA0B;QAC1B,OAAO,CAAC,CAAC,QAAQ,CAAC,GAAG,CAAC;YAAE,CAAC,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;QAC3C,OAAO,CAAC,CAAC;IACX,CAAC,CAAC;SACD,MAAM,CAAC,OAAO,CAAC;SACf,IAAI,CAAC,GAAG,CAAC,CAAC;IAEb,4CAA4C;IAC5C,OAAO,UAAU,CAAC,CAAC,CAAC,IAAI,MAAM,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC;AAC5C,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,YAAY,CAAC,IAAY;IACvC,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,eAAe,CAAC,CAAC;IAC1C,OAAO,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;AACjC,CAAC;AAED,+EAA+E;AAC/E,mBAAmB;AACnB,+EAA+E;AAE/E;;GAEG;AACH,MAAM,cAAc,GAAG;IACrB,YAAY,EAAe,QAAQ;IACnC,YAAY,EAAe,QAAQ;IACnC,eAAe,EAAY,UAAU;IACrC,eAAe,EAAY,UAAU;IACrC,eAAe,EAAY,UAAU;IACrC,iBAAiB,EAAU,YAAY;IACvC,iBAAiB,EAAU,YAAY;IACvC,iBAAiB,EAAU,YAAY;IACvC,iBAAiB,EAAU,YAAY;IACvC,UAAU,EAAiB,OAAO;IAClC,UAAU,EAAiB,OAAO;IAClC,YAAY,EAAe,QAAQ;CACpC,CAAC;AAEF;;GAEG;AACH,MAAM,oBAAoB,GAAG,CAAC,CAAC;AAE/B;;GAEG;AACH,MAAM,UAAU,WAAW,CAAC,OAAe;IACzC,MAAM,aAAa,GAAa,EAAE,CAAC;IAEnC,iCAAiC;IACjC,KAAK,MAAM,YAAY,IAAI,cAAc,EAAE,CAAC;QAC1C,IAAI,YAAY,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;YAC/B,aAAa,CAAC,IAAI,CAAC,YAAY,CAAC,MAAM,CAAC,CAAC;QAC1C,CAAC;IACH,CAAC;IAED,qCAAqC;IACrC,MAAM,eAAe,GAAG,sBAAsB,CAAC,OAAO,CAAC,CAAC;IACxD,IAAI,eAAe,GAAG,oBAAoB,EAAE,CAAC;QAC3C,aAAa,CAAC,IAAI,CAAC,6BAA6B,eAAe,UAAU,oBAAoB,GAAG,CAAC,CAAC;IACpG,CAAC;IAED,+CAA+C;IAC/C,IAAI,0BAA0B,CAAC,OAAO,CAAC,EAAE,CAAC;QACxC,aAAa,CAAC,IAAI,CAAC,6CAA6C,CAAC,CAAC;IACpE,CAAC;IAED,OAAO;QACL,IAAI,EAAE,aAAa,CAAC,MAAM,KAAK,CAAC;QAChC,OAAO;QACP,cAAc,EAAE,WAAW,CAAC,OAAO,CAAC;QACpC,aAAa;QACb,KAAK,EAAE,aAAa,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,yBAAyB,CAAC,CAAC,CAAC,SAAS;KACxE,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,SAAS,sBAAsB,CAAC,OAAe;IAC7C,IAAI,QAAQ,GAAG,CAAC,CAAC;IACjB,IAAI,YAAY,GAAG,CAAC,CAAC;IACrB,IAAI,OAAO,GAAG,KAAK,CAAC;IACpB,IAAI,OAAO,GAAG,KAAK,CAAC;IAEpB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACxC,MAAM,IAAI,GAAG,OAAO,CAAC,CAAC,CAAC,CAAC;QAExB,IAAI,OAAO,EAAE,CAAC;YACZ,OAAO,GAAG,KAAK,CAAC;YAChB,SAAS;QACX,CAAC;QAED,IAAI,IAAI,KAAK,IAAI,EAAE,CAAC;YAClB,OAAO,GAAG,IAAI,CAAC;YACf,SAAS;QACX,CAAC;QAED,IAAI,IAAI,KAAK,GAAG,EAAE,CAAC;YACjB,OAAO,GAAG,IAAI,CAAC;YACf,SAAS;QACX,CAAC;QAED,IAAI,IAAI,KAAK,GAAG,EAAE,CAAC;YACjB,OAAO,GAAG,KAAK,CAAC;YAChB,kCAAkC;YAClC,MAAM,IAAI,GAAG,OAAO,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;YAC5B,IAAI,IAAI,KAAK,GAAG,IAAI,IAAI,KAAK,GAAG,IAAI,IAAI,KAAK,GAAG,IAAI,IAAI,KAAK,GAAG,EAAE,CAAC;gBACjE,YAAY,EAAE,CAAC;gBACf,QAAQ,GAAG,IAAI,CAAC,GAAG,CAAC,QAAQ,EAAE,YAAY,CAAC,CAAC;YAC9C,CAAC;YACD,SAAS;QACX,CAAC;QAED,IAAI,CAAC,IAAI,KAAK,GAAG,IAAI,IAAI,KAAK,GAAG,IAAI,IAAI,KAAK,GAAG,CAAC,IAAI,CAAC,OAAO,EAAE,CAAC;YAC/D,YAAY,GAAG,CAAC,CAAC;YACjB,QAAQ,GAAG,IAAI,CAAC,GAAG,CAAC,QAAQ,EAAE,YAAY,CAAC,CAAC;QAC9C,CAAC;IACH,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED;;GAEG;AACH,SAAS,0BAA0B,CAAC,OAAe;IACjD,mDAAmD;IACnD,MAAM,SAAS,GAAG;QAChB,mBAAmB,EAAM,YAAY;QACrC,mBAAmB,EAAM,YAAY;QACrC,oBAAoB,EAAK,SAAS;QAClC,cAAc,EAAW,eAAe;QACxC,cAAc,EAAW,eAAe;KACzC,CAAC;IAEF,OAAO,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC;AAC9C,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,WAAW,CAAC,GAAW;IACrC,OAAO,GAAG,CAAC,OAAO,CAAC,qBAAqB,EAAE,MAAM,CAAC,CAAC;AACpD,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,eAAe,CAC7B,OAAe,EACf,KAAc,EACd,SAAS,GAAG,KAAK;IAEjB,MAAM,MAAM,GAAG,WAAW,CAAC,OAAO,CAAC,CAAC;IAEpC,IAAI,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC;QACjB,OAAO,IAAI,CAAC;IACd,CAAC;IAED,IAAI,OAAO,CAAC,MAAM,GAAG,SAAS,EAAE,CAAC;QAC/B,OAAO,IAAI,CAAC;IACd,CAAC;IAED,IAAI,CAAC;QACH,OAAO,IAAI,MAAM,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;IACpC,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,+EAA+E;AAC/E,yBAAyB;AACzB,+EAA+E;AAE/E;;GAEG;AACH,MAAM,UAAU,iBAAiB,CAAC,CAAS,EAAE,CAAS;IACpD,4DAA4D;IAC5D,MAAM,MAAM,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC;IAC5C,MAAM,OAAO,GAAG,CAAC,CAAC,MAAM,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;IACvC,MAAM,OAAO,GAAG,CAAC,CAAC,MAAM,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;IAEvC,IAAI,CAAC;QACH,OAAO,eAAe,CAAC,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC;IACrE,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,qBAAqB,CAAC,KAAa,EAAE,YAAoB;IACvE,MAAM,IAAI,GAAG,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IAC9D,OAAO,iBAAiB,CAAC,IAAI,EAAE,YAAY,CAAC,CAAC;AAC/C,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,mBAAmB,CAAC,MAAM,GAAG,EAAE;IAC7C,OAAO,WAAW,CAAC,MAAM,CAAC;SACvB,QAAQ,CAAC,QAAQ,CAAC;SAClB,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC;SACnB,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC;SACnB,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;AACvB,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,UAAU,CAAC,KAAa,EAAE,IAAa;IACrD,MAAM,IAAI,GAAG,IAAI,CAAC,CAAC,CAAC,GAAG,IAAI,IAAI,KAAK,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC;IAC/C,OAAO,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;AACzD,CAAC;AAED,+EAA+E;AAC/E,qBAAqB;AACrB,+EAA+E;AAE/E;;GAEG;AACH,MAAM,eAAe,GAA2B;IAC9C,GAAG,EAAE,OAAO;IACZ,GAAG,EAAE,MAAM;IACX,GAAG,EAAE,MAAM;IACX,GAAG,EAAE,QAAQ;IACb,GAAG,EAAE,QAAQ;IACb,GAAG,EAAE,QAAQ;IACb,GAAG,EAAE,QAAQ;IACb,GAAG,EAAE,QAAQ;CACd,CAAC;AAEF;;GAEG;AACH,MAAM,sBAAsB,GAAG;IAC7B,iBAAiB;IACjB,wBAAwB;IACxB,wBAAwB;IACxB,iBAAiB;IACjB,gBAAgB;IAChB,eAAe;IACf,gBAAgB;IAChB,oBAAoB;IACpB,kBAAkB;IAClB,cAAc;CACf,CAAC;AAEF;;GAEG;AACH,MAAM,oBAAoB,GAAG,sBAAsB,CAAC;AAEpD;;GAEG;AACH,MAAM,UAAU,aAAa,CAAC,KAAa,EAAE,UAA+B,EAAE;IAC5E,MAAM,EACJ,SAAS,GAAG,KAAK,EACjB,YAAY,EACZ,SAAS,GAAG,IAAI,EAChB,QAAQ,GAAG,IAAI,EACf,WAAW,GAAG,IAAI,EAClB,IAAI,GAAG,IAAI,GACZ,GAAG,OAAO,CAAC;IAEZ,IAAI,MAAM,GAAG,KAAK,CAAC;IAEnB,OAAO;IACP,IAAI,IAAI,EAAE,CAAC;QACT,MAAM,GAAG,MAAM,CAAC,IAAI,EAAE,CAAC;IACzB,CAAC;IAED,aAAa;IACb,IAAI,MAAM,CAAC,MAAM,GAAG,SAAS,EAAE,CAAC;QAC9B,MAAM,GAAG,MAAM,CAAC,SAAS,CAAC,CAAC,EAAE,SAAS,CAAC,CAAC;IAC1C,CAAC;IAED,aAAa;IACb,IAAI,SAAS,EAAE,CAAC;QACd,MAAM,GAAG,aAAa,CAAC,MAAM,CAAC,CAAC;IACjC,CAAC;IAED,+BAA+B;IAC/B,IAAI,QAAQ,EAAE,CAAC;QACb,KAAK,MAAM,OAAO,IAAI,sBAAsB,EAAE,CAAC;YAC7C,MAAM,GAAG,MAAM,CAAC,OAAO,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC;QACvC,CAAC;IACH,CAAC;IAED,8BAA8B;IAC9B,IAAI,WAAW,EAAE,CAAC;QAChB,MAAM,GAAG,MAAM,CAAC,OAAO,CAAC,oBAAoB,EAAE,EAAE,CAAC,CAAC;IACpD,CAAC;IAED,+BAA+B;IAC/B,IAAI,YAAY,EAAE,CAAC;QACjB,8DAA8D;QAC9D,MAAM,GAAG,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC,YAAY,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAC7E,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,UAAU,CAAC,GAAW;IACpC,OAAO,GAAG,CAAC,OAAO,CAAC,aAAa,EAAE,IAAI,CAAC,EAAE,CAAC,eAAe,CAAC,IAAI,CAAC,IAAI,IAAI,CAAC,CAAC;AAC3E,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,aAAa,CAAC,GAAW;IACvC,sCAAsC;IACtC,MAAM,UAAU,GAAG,MAAM,CAAC;IAC1B,IAAI,GAAG,CAAC,MAAM,GAAG,UAAU,EAAE,CAAC;QAC5B,GAAG,GAAG,GAAG,CAAC,KAAK,CAAC,CAAC,EAAE,UAAU,CAAC,CAAC;IACjC,CAAC;IAED,IAAI,MAAM,GAAG,GAAG,CAAC;IACjB,IAAI,UAAkB,CAAC;IAEvB,mFAAmF;IACnF,GAAG,CAAC;QACF,UAAU,GAAG,MAAM,CAAC,MAAM,CAAC;QAC3B,8DAA8D;QAC9D,6DAA6D;QAC7D,IAAI,OAAO,GAAG,EAAE,CAAC;QACjB,IAAI,KAAK,GAAG,KAAK,CAAC;QAClB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YACvC,MAAM,IAAI,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC;YACvB,IAAI,IAAI,KAAK,GAAG,EAAE,CAAC;gBACjB,KAAK,GAAG,IAAI,CAAC;YACf,CAAC;iBAAM,IAAI,IAAI,KAAK,GAAG,IAAI,KAAK,EAAE,CAAC;gBACjC,KAAK,GAAG,KAAK,CAAC;YAChB,CAAC;iBAAM,IAAI,CAAC,KAAK,EAAE,CAAC;gBAClB,OAAO,IAAI,IAAI,CAAC;YAClB,CAAC;QACH,CAAC;QACD,MAAM,GAAG,OAAO,CAAC;IACnB,CAAC,QAAQ,MAAM,CAAC,MAAM,GAAG,UAAU,IAAI,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE;IAE1D,sCAAsC;IACtC,MAAM,GAAG,MAAM,CAAC,OAAO,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC;IAC5D,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,+EAA+E;AAC/E,+BAA+B;AAC/B,+EAA+E;AAE/E;;GAEG;AACH,MAAM,wBAAwB,GAAG;IAC/B,IAAI,EAAE,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,IAAI;IACzD,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM;IAC7B,KAAK,EAAE,MAAM,EAAE,QAAQ,EAAE,YAAY;CACtC,CAAC;AAEF;;GAEG;AACH,MAAM,wBAAwB,GAAG;IAC/B,GAAG,EAAwB,kCAAkC;IAC7D,IAAI,EAAuB,4BAA4B;IACvD,MAAM,EAAqB,2BAA2B;IACtD,IAAI,EAAuB,SAAS;IACpC,MAAM,EAAqB,gCAAgC;IAC3D,UAAU,EAAiB,2BAA2B;IACtD,gBAAgB,EAAW,2BAA2B;IACtD,cAAc,EAAa,kBAAkB;CAC9C,CAAC;AAEF;;GAEG;AACH,MAAM,UAAU,eAAe,CAC7B,OAAe,EACf,kBAA4B,wBAAwB;IAEpD,MAAM,eAAe,GAAa,EAAE,CAAC;IAErC,6BAA6B;IAC7B,KAAK,MAAM,OAAO,IAAI,wBAAwB,EAAE,CAAC;QAC/C,IAAI,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;YAC1B,eAAe,CAAC,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QACvC,CAAC;IACH,CAAC;IAED,IAAI,eAAe,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC/B,OAAO;YACL,KAAK,EAAE,KAAK;YACZ,KAAK,EAAE,mCAAmC;YAC1C,eAAe;SAChB,CAAC;IACJ,CAAC;IAED,uBAAuB;IACvB,MAAM,KAAK,GAAG,OAAO,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;IAC1C,MAAM,WAAW,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,IAAI,EAAE,CAAC;IAEpD,0BAA0B;IAC1B,IAAI,CAAC,eAAe,CAAC,QAAQ,CAAC,WAAW,CAAC,EAAE,CAAC;QAC3C,OAAO;YACL,KAAK,EAAE,KAAK;YACZ,KAAK,EAAE,YAAY,WAAW,8BAA8B;YAC5D,eAAe,EAAE,EAAE;SACpB,CAAC;IACJ,CAAC;IAED,qBAAqB;IACrB,MAAM,cAAc,GAAG,KAAK,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,CAAC,EAAE,EAAE;QAC3C,IAAI,CAAC,KAAK,CAAC;YAAE,OAAO,IAAI,CAAC;QACzB,6CAA6C;QAC7C,OAAO,IAAI,CAAC,OAAO,CAAC,oBAAoB,EAAE,EAAE,CAAC,CAAC;IAChD,CAAC,CAAC,CAAC;IAEH,OAAO;QACL,KAAK,EAAE,IAAI;QACX,gBAAgB,EAAE,cAAc,CAAC,IAAI,CAAC,GAAG,CAAC;QAC1C,eAAe,EAAE,EAAE;KACpB,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,cAAc,CAAC,GAAW;IACxC,8DAA8D;IAC9D,OAAO,IAAI,GAAG,CAAC,OAAO,CAAC,IAAI,EAAE,OAAO,CAAC,GAAG,CAAC;AAC3C,CAAC;AAED,+EAA+E;AAC/E,0BAA0B;AAC1B,+EAA+E;AAE/E,MAAM,CAAC,MAAM,aAAa,GAAG;IAC3B,iBAAiB;IACjB,YAAY;IACZ,aAAa;IACb,SAAS;IACT,iBAAiB;IACjB,YAAY;IAEZ,QAAQ;IACR,WAAW;IACX,WAAW;IACX,eAAe;IAEf,cAAc;IACd,iBAAiB;IACjB,qBAAqB;IACrB,mBAAmB;IACnB,UAAU;IAEV,qBAAqB;IACrB,aAAa;IACb,UAAU;IACV,aAAa;IAEb,oBAAoB;IACpB,eAAe;IACf,cAAc;CACf,CAAC;AAEF,eAAe,aAAa,CAAC"}
+{"version":3,"file":"cve-prevention.js","sourceRoot":"","sources":["../../../src/mcp/security/cve-prevention.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AAoBH,+EAA+E;AAC/E,qCAAqC;AACrC,+EAA+E;AAE/E,4BAA4B;AAC5B,OAAO,EACL,YAAY,EACZ,aAAa,EACb,SAAS,EACT,iBAAiB,EACjB,YAAY,EACZ,sBAAsB,EACtB,uBAAuB,EACvB,yBAAyB,GAC1B,MAAM,uCAAuC,CAAC;AAE/C,mBAAmB;AACnB,OAAO,EACL,WAAW,EACX,WAAW,EACX,eAAe,EACf,oBAAoB,EACpB,cAAc,EACd,sBAAsB,EACtB,0BAA0B,GAC3B,MAAM,qCAAqC,CAAC;AAE7C,yBAAyB;AACzB,OAAO,EACL,iBAAiB,EACjB,qBAAqB,EACrB,mBAAmB,EACnB,UAAU,EACV,eAAe,GAChB,MAAM,+BAA+B,CAAC;AAEvC,qBAAqB;AACrB,OAAO,EACL,aAAa,EACb,UAAU,EACV,aAAa,EACb,cAAc,EACd,eAAe,EACf,sBAAsB,EACtB,oBAAoB,EACpB,uBAAuB,GACxB,MAAM,8BAA8B,CAAC;AAEtC,+BAA+B;AAC/B,OAAO,EACL,eAAe,EACf,cAAc,EACd,gBAAgB,EAChB,wBAAwB,EACxB,wBAAwB,GACzB,MAAM,gCAAgC,CAAC;AAExC,+EAA+E;AAC/E,yBAAyB;AACzB,+EAA+E;AAE/E,OAAO,EACL,sBAAsB,EACtB,eAAe,EACf,kBAAkB,GACnB,MAAM,sCAAsC,CAAC;AAE9C,+EAA+E;AAC/E,kCAAkC;AAClC,+EAA+E;AAE/E,OAAO,EAAE,YAAY,EAAE,MAAM,uCAAuC,CAAC;AACrE,OAAO,EAAE,aAAa,EAAE,MAAM,uCAAuC,CAAC;AACtE,OAAO,EAAE,SAAS,EAAE,MAAM,uCAAuC,CAAC;AAClE,OAAO,EAAE,iBAAiB,EAAE,MAAM,uCAAuC,CAAC;AAC1E,OAAO,EAAE,YAAY,EAAE,MAAM,uCAAuC,CAAC;AACrE,OAAO,EAAE,WAAW,EAAE,MAAM,qCAAqC,CAAC;AAClE,OAAO,EAAE,WAAW,EAAE,MAAM,qCAAqC,CAAC;AAClE,OAAO,EAAE,eAAe,EAAE,MAAM,qCAAqC,CAAC;AACtE,OAAO,EAAE,iBAAiB,EAAE,MAAM,+BAA+B,CAAC;AAClE,OAAO,EAAE,qBAAqB,EAAE,MAAM,+BAA+B,CAAC;AACtE,OAAO,EAAE,mBAAmB,EAAE,MAAM,+BAA+B,CAAC;AACpE,OAAO,EAAE,UAAU,EAAE,MAAM,+BAA+B,CAAC;AAC3D,OAAO,EAAE,aAAa,EAAE,MAAM,8BAA8B,CAAC;AAC7D,OAAO,EAAE,UAAU,EAAE,MAAM,8BAA8B,CAAC;AAC1D,OAAO,EAAE,aAAa,EAAE,MAAM,8BAA8B,CAAC;AAC7D,OAAO,EAAE,eAAe,EAAE,MAAM,gCAAgC,CAAC;AACjE,OAAO,EAAE,cAAc,EAAE,MAAM,gCAAgC,CAAC;AAEhE,+EAA+E;AAC/E,mDAAmD;AACnD,+EAA+E;AAE/E;;;GAGG;AACH,MAAM,CAAC,MAAM,aAAa,GAAG;IAC3B,iBAAiB;IACjB,YAAY;IACZ,aAAa;IACb,SAAS;IACT,iBAAiB;IACjB,YAAY;IAEZ,QAAQ;IACR,WAAW;IACX,WAAW;IACX,eAAe;IAEf,cAAc;IACd,iBAAiB;IACjB,qBAAqB;IACrB,mBAAmB;IACnB,UAAU;IAEV,qBAAqB;IACrB,aAAa;IACb,UAAU;IACV,aAAa;IAEb,oBAAoB;IACpB,eAAe;IACf,cAAc;CACf,CAAC;AAEF,eAAe,aAAa,CAAC"}

package/v3/dist/mcp/security/index.d.ts

@@ -99,7 +99,11 @@ export declare function createSecurityMiddleware(config?: SecurityMiddlewareConf
     /**
      * Validate command for execution
      */
-    validateShellCommand(command: string, allowedCommands?: string[]): import("./cve-prevention").CommandValidationResult;
+    validateShellCommand(command: string, allowedCommands?: string[]): import("./cve-prevention").CommandValidationResult | {
+        valid: boolean;
+        sanitizedCommand: string;
+        blockedPatterns: never[];
+    };
     /**
      * Run all security checks
      */