npm - ai-shield-core - Versions diffs - 0.1.0 - Mend

ai-shield-core 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (78) hide show

package/dist/audit/logger.d.ts +40 -0
package/dist/audit/logger.d.ts.map +1 -0
package/dist/audit/logger.js +100 -0
package/dist/audit/logger.js.map +1 -0
package/dist/audit/types.d.ts +12 -0
package/dist/audit/types.d.ts.map +1 -0
package/dist/audit/types.js +3 -0
package/dist/audit/types.js.map +1 -0
package/dist/cache/lru.d.ts +27 -0
package/dist/cache/lru.d.ts.map +1 -0
package/dist/cache/lru.js +74 -0
package/dist/cache/lru.js.map +1 -0
package/dist/cost/anomaly.d.ts +10 -0
package/dist/cost/anomaly.d.ts.map +1 -0
package/dist/cost/anomaly.js +42 -0
package/dist/cost/anomaly.js.map +1 -0
package/dist/cost/pricing.d.ts +7 -0
package/dist/cost/pricing.d.ts.map +1 -0
package/dist/cost/pricing.js +51 -0
package/dist/cost/pricing.js.map +1 -0
package/dist/cost/tracker.d.ts +24 -0
package/dist/cost/tracker.d.ts.map +1 -0
package/dist/cost/tracker.js +136 -0
package/dist/cost/tracker.js.map +1 -0
package/dist/index.d.ts +18 -0
package/dist/index.d.ts.map +1 -0
package/dist/index.js +59 -0
package/dist/index.js.map +1 -0
package/dist/policy/engine.d.ts +36 -0
package/dist/policy/engine.d.ts.map +1 -0
package/dist/policy/engine.js +127 -0
package/dist/policy/engine.js.map +1 -0
package/dist/policy/tools.d.ts +25 -0
package/dist/policy/tools.d.ts.map +1 -0
package/dist/policy/tools.js +158 -0
package/dist/policy/tools.js.map +1 -0
package/dist/scanner/canary.d.ts +9 -0
package/dist/scanner/canary.d.ts.map +1 -0
package/dist/scanner/canary.js +19 -0
package/dist/scanner/canary.js.map +1 -0
package/dist/scanner/chain.d.ts +17 -0
package/dist/scanner/chain.d.ts.map +1 -0
package/dist/scanner/chain.js +69 -0
package/dist/scanner/chain.js.map +1 -0
package/dist/scanner/heuristic.d.ts +28 -0
package/dist/scanner/heuristic.d.ts.map +1 -0
package/dist/scanner/heuristic.js +375 -0
package/dist/scanner/heuristic.js.map +1 -0
package/dist/scanner/pii.d.ts +17 -0
package/dist/scanner/pii.d.ts.map +1 -0
package/dist/scanner/pii.js +255 -0
package/dist/scanner/pii.js.map +1 -0
package/dist/shield.d.ts +31 -0
package/dist/shield.d.ts.map +1 -0
package/dist/shield.js +184 -0
package/dist/shield.js.map +1 -0
package/dist/types.d.ts +182 -0
package/dist/types.d.ts.map +1 -0
package/dist/types.js +6 -0
package/dist/types.js.map +1 -0
package/package.json +27 -0
package/src/audit/logger.ts +135 -0
package/src/audit/schema.sql +51 -0
package/src/audit/types.ts +16 -0
package/src/cache/lru.ts +93 -0
package/src/cost/anomaly.ts +57 -0
package/src/cost/pricing.ts +58 -0
package/src/cost/tracker.ts +182 -0
package/src/index.ts +91 -0
package/src/policy/engine.ts +163 -0
package/src/policy/tools.ts +189 -0
package/src/scanner/canary.ts +30 -0
package/src/scanner/chain.ts +88 -0
package/src/scanner/heuristic.ts +427 -0
package/src/scanner/pii.ts +313 -0
package/src/shield.ts +228 -0
package/src/types.ts +242 -0
package/tsconfig.json +8 -0

package/dist/scanner/heuristic.js ADDED Viewed

@@ -0,0 +1,375 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.HeuristicScanner = void 0;
+const PATTERNS = [
+    // --- Instruction Override (weight: 0.25 each) ---
+    {
+        id: "INJ-001",
+        category: "instruction_override",
+        pattern: /ignore\s+(all\s+)?(previous|prior|above|earlier|preceding)\s+(instructions?|prompts?|rules?|guidelines?|context)/i,
+        weight: 0.25,
+        description: "Ignore previous instructions",
+    },
+    {
+        id: "INJ-002",
+        category: "instruction_override",
+        pattern: /disregard\s+(all\s+|your\s+)?(previous|prior|above|earlier)\s+(instructions?|context|rules?|guidelines?)/i,
+        weight: 0.25,
+        description: "Disregard instructions",
+    },
+    {
+        id: "INJ-003",
+        category: "instruction_override",
+        pattern: /forget\s+(everything|all|your)\s+(about\s+)?(instructions?|rules?|training|guidelines?|constraints?)/i,
+        weight: 0.25,
+        description: "Forget instructions",
+    },
+    {
+        id: "INJ-004",
+        category: "instruction_override",
+        pattern: /override\s+(your|the|all)\s+(instructions?|rules?|safety|guidelines?|constraints?|policies)/i,
+        weight: 0.25,
+        description: "Override instructions",
+    },
+    {
+        id: "INJ-005",
+        category: "instruction_override",
+        pattern: /do\s+not\s+follow\s+(your|the|any)\s+(previous|original|initial)\s+(instructions?|rules?|guidelines?)/i,
+        weight: 0.25,
+        description: "Do not follow instructions",
+    },
+    {
+        id: "INJ-006",
+        category: "instruction_override",
+        pattern: /new\s+(instructions?|rules?|guidelines?)[\s:]+/i,
+        weight: 0.15,
+        description: "New instructions prefix",
+    },
+    {
+        id: "INJ-007",
+        category: "instruction_override",
+        pattern: /from\s+now\s+on[,\s]+(you\s+)?(will|must|should|are|shall)/i,
+        weight: 0.20,
+        description: "From now on directive",
+    },
+    {
+        id: "INJ-008",
+        category: "instruction_override",
+        pattern: /instead[,\s]+(you\s+)?(will|must|should|shall)\s+/i,
+        weight: 0.15,
+        description: "Instead directive",
+    },
+    // --- Role Manipulation (weight: 0.25 each) ---
+    {
+        id: "ROLE-001",
+        category: "role_manipulation",
+        pattern: /you\s+are\s+now\s+(a|an|the|my)\s+/i,
+        weight: 0.25,
+        description: "You are now [role]",
+    },
+    {
+        id: "ROLE-002",
+        category: "role_manipulation",
+        pattern: /pretend\s+(you('re|\s+are)\s+|to\s+be\s+)/i,
+        weight: 0.25,
+        description: "Pretend to be",
+    },
+    {
+        id: "ROLE-003",
+        category: "role_manipulation",
+        pattern: /act\s+as\s+(a|an|if\s+you\s+were)\s+/i,
+        weight: 0.20,
+        description: "Act as [role]",
+    },
+    {
+        id: "ROLE-004",
+        category: "role_manipulation",
+        pattern: /switch\s+to\s+.{0,30}\s+mode/i,
+        weight: 0.25,
+        description: "Switch to [X] mode",
+    },
+    {
+        id: "ROLE-005",
+        category: "role_manipulation",
+        pattern: /enter\s+(developer|debug|admin|god|sudo|root|jailbreak|DAN)\s+mode/i,
+        weight: 0.35,
+        description: "Enter privileged mode",
+    },
+    {
+        id: "ROLE-006",
+        category: "role_manipulation",
+        pattern: /you\s+have\s+no\s+(restrictions?|limitations?|rules?|constraints?|filters?)/i,
+        weight: 0.30,
+        description: "No restrictions claim",
+    },
+    {
+        id: "ROLE-007",
+        category: "role_manipulation",
+        pattern: /\bDAN\b.*\b(do\s+anything|no\s+(restrictions?|limits?|filters?))/i,
+        weight: 0.35,
+        description: "DAN jailbreak pattern",
+    },
+    // --- System Prompt Extraction (weight: 0.30 each) ---
+    {
+        id: "EXTRACT-001",
+        category: "system_prompt_extraction",
+        pattern: /what\s+(is|are)\s+your\s+(system\s+)?(prompt|instructions?|rules?|guidelines?|directives?)/i,
+        weight: 0.30,
+        description: "What is your system prompt",
+    },
+    {
+        id: "EXTRACT-002",
+        category: "system_prompt_extraction",
+        pattern: /show\s+(me\s+)?your\s+(system\s+)?(prompt|instructions?|config(uration)?|rules?)/i,
+        weight: 0.30,
+        description: "Show your prompt",
+    },
+    {
+        id: "EXTRACT-003",
+        category: "system_prompt_extraction",
+        pattern: /repeat\s+(the|your)\s+(system\s+|initial\s+|original\s+)?(prompt|instructions?|message|rules?)\s*(word\s+for\s+word|verbatim|exactly)?/i,
+        weight: 0.30,
+        description: "Repeat your prompt",
+    },
+    {
+        id: "EXTRACT-004",
+        category: "system_prompt_extraction",
+        pattern: /output\s+(the|your)\s+(initial|system|original|first)\s+(prompt|instructions?|message)/i,
+        weight: 0.30,
+        description: "Output initial prompt",
+    },
+    {
+        id: "EXTRACT-005",
+        category: "system_prompt_extraction",
+        pattern: /print\s+(your|the)\s+(system\s+)?(prompt|instructions?|configuration)/i,
+        weight: 0.30,
+        description: "Print system prompt",
+    },
+    {
+        id: "EXTRACT-006",
+        category: "system_prompt_extraction",
+        pattern: /tell\s+me\s+(your|the)\s+(exact\s+)?(system\s+)?(prompt|instructions?|wording)/i,
+        weight: 0.30,
+        description: "Tell me your prompt",
+    },
+    {
+        id: "EXTRACT-007",
+        category: "system_prompt_extraction",
+        pattern: /copy\s+(and\s+)?(paste|output)\s+(your|the)\s+(system\s+)?(prompt|instructions?)/i,
+        weight: 0.30,
+        description: "Copy paste your prompt",
+    },
+    // --- Encoding Evasion (weight: 0.20 each) ---
+    {
+        id: "ENCODE-001",
+        category: "encoding_evasion",
+        pattern: /(?:decode|translate|convert|interpret)\s+(?:this|the\s+following)\s+(?:from\s+)?(?:base64|rot13|hex|binary|morse|unicode|ascii|url.?encoded)/i,
+        weight: 0.20,
+        description: "Decode from encoding",
+    },
+    {
+        id: "ENCODE-002",
+        category: "encoding_evasion",
+        pattern: /(?:execute|follow|obey|run)\s+(?:the\s+)?(?:decoded|hidden|encoded|secret)\s+(?:instructions?|commands?|text)/i,
+        weight: 0.30,
+        description: "Execute decoded instructions",
+    },
+    {
+        id: "ENCODE-003",
+        category: "encoding_evasion",
+        pattern: /[A-Za-z0-9+/]{50,}={0,2}/,
+        weight: 0.10,
+        description: "Long Base64 string detected",
+    },
+    // --- Delimiter Injection (weight: 0.25 each) ---
+    {
+        id: "DELIM-001",
+        category: "delimiter_injection",
+        pattern: /```\s*system\b/i,
+        weight: 0.30,
+        description: "Code block system injection",
+    },
+    {
+        id: "DELIM-002",
+        category: "delimiter_injection",
+        pattern: /\[SYSTEM\]/i,
+        weight: 0.30,
+        description: "[SYSTEM] tag injection",
+    },
+    {
+        id: "DELIM-003",
+        category: "delimiter_injection",
+        pattern: /<\/?system>/i,
+        weight: 0.30,
+        description: "<system> tag injection",
+    },
+    {
+        id: "DELIM-004",
+        category: "delimiter_injection",
+        pattern: /###\s*(?:SYSTEM|INSTRUCTION|ADMIN|OVERRIDE)/i,
+        weight: 0.30,
+        description: "### SYSTEM header injection",
+    },
+    {
+        id: "DELIM-005",
+        category: "delimiter_injection",
+        pattern: /<\|(?:im_start|im_end|system|endoftext)\|>/i,
+        weight: 0.35,
+        description: "ChatML special token injection",
+    },
+    {
+        id: "DELIM-006",
+        category: "delimiter_injection",
+        pattern: /\[INST\]|\[\/INST\]|<<SYS>>|<\/s>/i,
+        weight: 0.35,
+        description: "Llama special token injection",
+    },
+    // --- Context Manipulation (weight: 0.20 each) ---
+    {
+        id: "CTX-001",
+        category: "context_manipulation",
+        pattern: /(?:imagine|suppose|assume|consider)\s+(?:that\s+)?(?:you\s+(?:are|have|were|can)|there\s+(?:are|is))\s+(?:no\s+)?(?:restrictions?|limitations?|rules?|safety|filters?)/i,
+        weight: 0.20,
+        description: "Hypothetical no-restrictions",
+    },
+    {
+        id: "CTX-002",
+        category: "context_manipulation",
+        pattern: /(?:in\s+a\s+)?(?:hypothetical|fictional|imaginary|theoretical)\s+(?:scenario|world|situation|context)/i,
+        weight: 0.10,
+        description: "Hypothetical framing",
+    },
+    {
+        id: "CTX-003",
+        category: "context_manipulation",
+        pattern: /(?:for\s+)?(?:educational|research|academic|testing|security\s+testing)\s+purposes?\s+only/i,
+        weight: 0.10,
+        description: "Educational purpose claim",
+    },
+    {
+        id: "CTX-004",
+        category: "context_manipulation",
+        pattern: /this\s+is\s+(?:a\s+)?(?:test|simulation|drill|exercise|safe\s+environment)/i,
+        weight: 0.10,
+        description: "Test environment claim",
+    },
+    // --- Output Manipulation (weight: 0.20 each) ---
+    {
+        id: "OUT-001",
+        category: "output_manipulation",
+        pattern: /(?:respond|reply|answer|output)\s+(?:only\s+)?(?:with|in)\s+(?:json|xml|html|markdown|code|raw)/i,
+        weight: 0.05,
+        description: "Format forcing (low risk)",
+    },
+    {
+        id: "OUT-002",
+        category: "output_manipulation",
+        pattern: /do\s+not\s+(?:mention|include|add|say|output)\s+(?:any\s+)?(?:warnings?|disclaimers?|caveats?|notes?|safety)/i,
+        weight: 0.20,
+        description: "Suppress safety disclaimers",
+    },
+    {
+        id: "OUT-003",
+        category: "output_manipulation",
+        pattern: /(?:never|don't|do\s+not)\s+(?:refuse|decline|reject|deny|say\s+(?:no|you\s+can't))/i,
+        weight: 0.25,
+        description: "Never refuse requests",
+    },
+    // --- Tool Abuse (weight: 0.30 each) ---
+    {
+        id: "TOOL-001",
+        category: "tool_abuse",
+        pattern: /(?:call|execute|run|invoke|use)\s+(?:the\s+)?(?:delete|remove|drop|destroy|wipe|kill|shutdown)[\s_]/i,
+        weight: 0.30,
+        description: "Destructive tool invocation",
+    },
+    {
+        id: "TOOL-002",
+        category: "tool_abuse",
+        pattern: /(?:send|forward|exfiltrate|leak|transmit)\s+(?:all\s+)?(?:the\s+)?(?:data|information|credentials?|secrets?|keys?|tokens?|api.?keys?)\s+(?:to|via|and)/i,
+        weight: 0.35,
+        description: "Data exfiltration attempt",
+    },
+    {
+        id: "TOOL-003",
+        category: "tool_abuse",
+        pattern: /(?:access|read|fetch|get|retrieve)\s+(?:the\s+)?(?:env|environment|\.env|secrets?|api.?keys?|credentials?|passwords?|tokens?)/i,
+        weight: 0.30,
+        description: "Credential access attempt",
+    },
+];
+// Thresholds per strictness level
+const THRESHOLDS = {
+    low: 0.5,
+    medium: 0.3,
+    high: 0.15,
+};
+class HeuristicScanner {
+    name = "heuristic";
+    patterns;
+    threshold;
+    constructor(config = {}) {
+        this.patterns = [...PATTERNS, ...(config.customPatterns ?? [])];
+        this.threshold =
+            config.threshold ?? THRESHOLDS[config.strictness ?? "medium"] ?? 0.3;
+    }
+    async scan(input, _context) {
+        const start = performance.now();
+        const violations = [];
+        let totalScore = 0;
+        for (const rule of this.patterns) {
+            if (rule.pattern.test(input)) {
+                totalScore += rule.weight;
+                violations.push({
+                    type: "prompt_injection",
+                    scanner: this.name,
+                    score: rule.weight,
+                    threshold: this.threshold,
+                    message: rule.description,
+                    detail: `Rule ${rule.id} (${rule.category})`,
+                });
+            }
+        }
+        // Structural signals (cumulative)
+        const structuralScore = this.checkStructuralSignals(input);
+        totalScore += structuralScore;
+        // Cap at 1.0
+        totalScore = Math.min(totalScore, 1.0);
+        const decision = totalScore >= this.threshold
+            ? "block"
+            : totalScore >= this.threshold * 0.6
+                ? "warn"
+                : "allow";
+        const durationMs = performance.now() - start;
+        return { decision, violations, durationMs };
+    }
+    checkStructuralSignals(input) {
+        let score = 0;
+        // Many newlines (structured prompt injection)
+        const newlines = (input.match(/\n/g) ?? []).length;
+        if (newlines > 15)
+            score += 0.05;
+        // Excessive use of markdown headers (structure injection)
+        const headers = (input.match(/^#{1,3}\s/gm) ?? []).length;
+        if (headers > 3)
+            score += 0.05;
+        // Multiple role-like markers
+        const roleMarkers = (input.match(/\b(system|user|assistant|human|ai|bot|admin)[\s:]/gi) ?? []).length;
+        if (roleMarkers > 2)
+            score += 0.10;
+        // Very long input (potential padding attack)
+        if (input.length > 5000)
+            score += 0.05;
+        return score;
+    }
+    /** Get all registered pattern IDs for testing */
+    getPatternIds() {
+        return this.patterns.map((p) => p.id);
+    }
+    /** Get pattern count */
+    get patternCount() {
+        return this.patterns.length;
+    }
+}
+exports.HeuristicScanner = HeuristicScanner;
+//# sourceMappingURL=heuristic.js.map

package/dist/scanner/heuristic.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"heuristic.js","sourceRoot":"","sources":["../../src/scanner/heuristic.ts"],"names":[],"mappings":";;;AAyBA,MAAM,QAAQ,GAAkB;IAC9B,mDAAmD;IACnD;QACE,EAAE,EAAE,SAAS;QACb,QAAQ,EAAE,sBAAsB;QAChC,OAAO,EAAE,mHAAmH;QAC5H,MAAM,EAAE,IAAI;QACZ,WAAW,EAAE,8BAA8B;KAC5C;IACD;QACE,EAAE,EAAE,SAAS;QACb,QAAQ,EAAE,sBAAsB;QAChC,OAAO,EAAE,2GAA2G;QACpH,MAAM,EAAE,IAAI;QACZ,WAAW,EAAE,wBAAwB;KACtC;IACD;QACE,EAAE,EAAE,SAAS;QACb,QAAQ,EAAE,sBAAsB;QAChC,OAAO,EAAE,uGAAuG;QAChH,MAAM,EAAE,IAAI;QACZ,WAAW,EAAE,qBAAqB;KACnC;IACD;QACE,EAAE,EAAE,SAAS;QACb,QAAQ,EAAE,sBAAsB;QAChC,OAAO,EAAE,8FAA8F;QACvG,MAAM,EAAE,IAAI;QACZ,WAAW,EAAE,uBAAuB;KACrC;IACD;QACE,EAAE,EAAE,SAAS;QACb,QAAQ,EAAE,sBAAsB;QAChC,OAAO,EAAE,wGAAwG;QACjH,MAAM,EAAE,IAAI;QACZ,WAAW,EAAE,4BAA4B;KAC1C;IACD;QACE,EAAE,EAAE,SAAS;QACb,QAAQ,EAAE,sBAAsB;QAChC,OAAO,EAAE,iDAAiD;QAC1D,MAAM,EAAE,IAAI;QACZ,WAAW,EAAE,yBAAyB;KACvC;IACD;QACE,EAAE,EAAE,SAAS;QACb,QAAQ,EAAE,sBAAsB;QAChC,OAAO,EAAE,6DAA6D;QACtE,MAAM,EAAE,IAAI;QACZ,WAAW,EAAE,uBAAuB;KACrC;IACD;QACE,EAAE,EAAE,SAAS;QACb,QAAQ,EAAE,sBAAsB;QAChC,OAAO,EAAE,oDAAoD;QAC7D,MAAM,EAAE,IAAI;QACZ,WAAW,EAAE,mBAAmB;KACjC;IAED,gDAAgD;IAChD;QACE,EAAE,EAAE,UAAU;QACd,QAAQ,EAAE,mBAAmB;QAC7B,OAAO,EAAE,qCAAqC;QAC9C,MAAM,EAAE,IAAI;QACZ,WAAW,EAAE,oBAAoB;KAClC;IACD;QACE,EAAE,EAAE,UAAU;QACd,QAAQ,EAAE,mBAAmB;QAC7B,OAAO,EAAE,4CAA4C;QACrD,MAAM,EAAE,IAAI;QACZ,WAAW,EAAE,eAAe;KAC7B;IACD;QACE,EAAE,EAAE,UAAU;QACd,QAAQ,EAAE,mBAAmB;QAC7B,OAAO,EAAE,uCAAuC;QAChD,MAAM,EAAE,IAAI;QACZ,WAAW,EAAE,eAAe;KAC7B;IACD;QACE,EAAE,EAAE,UAAU;QACd,QAAQ,EAAE,mBAAmB;QAC7B,OAAO,EAAE,+BAA+B;QACxC,MAAM,EAAE,IAAI;QACZ,WAAW,EAAE,oBAAoB;KAClC;IACD;QACE,EAAE,EAAE,UAAU;QACd,QAAQ,EAAE,mBAAmB;QAC7B,OAAO,EAAE,qEAAqE;QAC9E,MAAM,EAAE,IAAI;QACZ,WAAW,EAAE,uBAAuB;KACrC;IACD;QACE,EAAE,EAAE,UAAU;QACd,QAAQ,EAAE,mBAAmB;QAC7B,OAAO,EAAE,8EAA8E;QACvF,MAAM,EAAE,IAAI;QACZ,WAAW,EAAE,uBAAuB;KACrC;IACD;QACE,EAAE,EAAE,UAAU;QACd,QAAQ,EAAE,mBAAmB;QAC7B,OAAO,EAAE,mEAAmE;QAC5E,MAAM,EAAE,IAAI;QACZ,WAAW,EAAE,uBAAuB;KACrC;IAED,uDAAuD;IACvD;QACE,EAAE,EAAE,aAAa;QACjB,QAAQ,EAAE,0BAA0B;QACpC,OAAO,EAAE,6FAA6F;QACtG,MAAM,EAAE,IAAI;QACZ,WAAW,EAAE,4BAA4B;KAC1C;IACD;QACE,EAAE,EAAE,aAAa;QACjB,QAAQ,EAAE,0BAA0B;QACpC,OAAO,EAAE,mFAAmF;QAC5F,MAAM,EAAE,IAAI;QACZ,WAAW,EAAE,kBAAkB;KAChC;IACD;QACE,EAAE,EAAE,aAAa;QACjB,QAAQ,EAAE,0BAA0B;QACpC,OAAO,EAAE,yIAAyI;QAClJ,MAAM,EAAE,IAAI;QACZ,WAAW,EAAE,oBAAoB;KAClC;IACD;QACE,EAAE,EAAE,aAAa;QACjB,QAAQ,EAAE,0BAA0B;QACpC,OAAO,EAAE,yFAAyF;QAClG,MAAM,EAAE,IAAI;QACZ,WAAW,EAAE,uBAAuB;KACrC;IACD;QACE,EAAE,EAAE,aAAa;QACjB,QAAQ,EAAE,0BAA0B;QACpC,OAAO,EAAE,wEAAwE;QACjF,MAAM,EAAE,IAAI;QACZ,WAAW,EAAE,qBAAqB;KACnC;IACD;QACE,EAAE,EAAE,aAAa;QACjB,QAAQ,EAAE,0BAA0B;QACpC,OAAO,EAAE,iFAAiF;QAC1F,MAAM,EAAE,IAAI;QACZ,WAAW,EAAE,qBAAqB;KACnC;IACD;QACE,EAAE,EAAE,aAAa;QACjB,QAAQ,EAAE,0BAA0B;QACpC,OAAO,EAAE,mFAAmF;QAC5F,MAAM,EAAE,IAAI;QACZ,WAAW,EAAE,wBAAwB;KACtC;IAED,+CAA+C;IAC/C;QACE,EAAE,EAAE,YAAY;QAChB,QAAQ,EAAE,kBAAkB;QAC5B,OAAO,EAAE,+IAA+I;QACxJ,MAAM,EAAE,IAAI;QACZ,WAAW,EAAE,sBAAsB;KACpC;IACD;QACE,EAAE,EAAE,YAAY;QAChB,QAAQ,EAAE,kBAAkB;QAC5B,OAAO,EAAE,gHAAgH;QACzH,MAAM,EAAE,IAAI;QACZ,WAAW,EAAE,8BAA8B;KAC5C;IACD;QACE,EAAE,EAAE,YAAY;QAChB,QAAQ,EAAE,kBAAkB;QAC5B,OAAO,EAAE,0BAA0B;QACnC,MAAM,EAAE,IAAI;QACZ,WAAW,EAAE,6BAA6B;KAC3C;IAED,kDAAkD;IAClD;QACE,EAAE,EAAE,WAAW;QACf,QAAQ,EAAE,qBAAqB;QAC/B,OAAO,EAAE,iBAAiB;QAC1B,MAAM,EAAE,IAAI;QACZ,WAAW,EAAE,6BAA6B;KAC3C;IACD;QACE,EAAE,EAAE,WAAW;QACf,QAAQ,EAAE,qBAAqB;QAC/B,OAAO,EAAE,aAAa;QACtB,MAAM,EAAE,IAAI;QACZ,WAAW,EAAE,wBAAwB;KACtC;IACD;QACE,EAAE,EAAE,WAAW;QACf,QAAQ,EAAE,qBAAqB;QAC/B,OAAO,EAAE,cAAc;QACvB,MAAM,EAAE,IAAI;QACZ,WAAW,EAAE,wBAAwB;KACtC;IACD;QACE,EAAE,EAAE,WAAW;QACf,QAAQ,EAAE,qBAAqB;QAC/B,OAAO,EAAE,8CAA8C;QACvD,MAAM,EAAE,IAAI;QACZ,WAAW,EAAE,6BAA6B;KAC3C;IACD;QACE,EAAE,EAAE,WAAW;QACf,QAAQ,EAAE,qBAAqB;QAC/B,OAAO,EAAE,6CAA6C;QACtD,MAAM,EAAE,IAAI;QACZ,WAAW,EAAE,gCAAgC;KAC9C;IACD;QACE,EAAE,EAAE,WAAW;QACf,QAAQ,EAAE,qBAAqB;QAC/B,OAAO,EAAE,oCAAoC;QAC7C,MAAM,EAAE,IAAI;QACZ,WAAW,EAAE,+BAA+B;KAC7C;IAED,mDAAmD;IACnD;QACE,EAAE,EAAE,SAAS;QACb,QAAQ,EAAE,sBAAsB;QAChC,OAAO,EAAE,yKAAyK;QAClL,MAAM,EAAE,IAAI;QACZ,WAAW,EAAE,8BAA8B;KAC5C;IACD;QACE,EAAE,EAAE,SAAS;QACb,QAAQ,EAAE,sBAAsB;QAChC,OAAO,EAAE,wGAAwG;QACjH,MAAM,EAAE,IAAI;QACZ,WAAW,EAAE,sBAAsB;KACpC;IACD;QACE,EAAE,EAAE,SAAS;QACb,QAAQ,EAAE,sBAAsB;QAChC,OAAO,EAAE,6FAA6F;QACtG,MAAM,EAAE,IAAI;QACZ,WAAW,EAAE,2BAA2B;KACzC;IACD;QACE,EAAE,EAAE,SAAS;QACb,QAAQ,EAAE,sBAAsB;QAChC,OAAO,EAAE,6EAA6E;QACtF,MAAM,EAAE,IAAI;QACZ,WAAW,EAAE,wBAAwB;KACtC;IAED,kDAAkD;IAClD;QACE,EAAE,EAAE,SAAS;QACb,QAAQ,EAAE,qBAAqB;QAC/B,OAAO,EAAE,kGAAkG;QAC3G,MAAM,EAAE,IAAI;QACZ,WAAW,EAAE,2BAA2B;KACzC;IACD;QACE,EAAE,EAAE,SAAS;QACb,QAAQ,EAAE,qBAAqB;QAC/B,OAAO,EAAE,+GAA+G;QACxH,MAAM,EAAE,IAAI;QACZ,WAAW,EAAE,6BAA6B;KAC3C;IACD;QACE,EAAE,EAAE,SAAS;QACb,QAAQ,EAAE,qBAAqB;QAC/B,OAAO,EAAE,qFAAqF;QAC9F,MAAM,EAAE,IAAI;QACZ,WAAW,EAAE,uBAAuB;KACrC;IAED,yCAAyC;IACzC;QACE,EAAE,EAAE,UAAU;QACd,QAAQ,EAAE,YAAY;QACtB,OAAO,EAAE,sGAAsG;QAC/G,MAAM,EAAE,IAAI;QACZ,WAAW,EAAE,6BAA6B;KAC3C;IACD;QACE,EAAE,EAAE,UAAU;QACd,QAAQ,EAAE,YAAY;QACtB,OAAO,EAAE,yJAAyJ;QAClK,MAAM,EAAE,IAAI;QACZ,WAAW,EAAE,2BAA2B;KACzC;IACD;QACE,EAAE,EAAE,UAAU;QACd,QAAQ,EAAE,YAAY;QACtB,OAAO,EAAE,gIAAgI;QACzI,MAAM,EAAE,IAAI;QACZ,WAAW,EAAE,2BAA2B;KACzC;CACF,CAAC;AAEF,kCAAkC;AAClC,MAAM,UAAU,GAA2B;IACzC,GAAG,EAAE,GAAG;IACR,MAAM,EAAE,GAAG;IACX,IAAI,EAAE,IAAI;CACX,CAAC;AAQF,MAAa,gBAAgB;IAClB,IAAI,GAAG,WAAW,CAAC;IACpB,QAAQ,CAAgB;IACxB,SAAS,CAAS;IAE1B,YAAY,SAA0B,EAAE;QACtC,IAAI,CAAC,QAAQ,GAAG,CAAC,GAAG,QAAQ,EAAE,GAAG,CAAC,MAAM,CAAC,cAAc,IAAI,EAAE,CAAC,CAAC,CAAC;QAChE,IAAI,CAAC,SAAS;YACZ,MAAM,CAAC,SAAS,IAAI,UAAU,CAAC,MAAM,CAAC,UAAU,IAAI,QAAQ,CAAC,IAAI,GAAG,CAAC;IACzE,CAAC;IAED,KAAK,CAAC,IAAI,CAAC,KAAa,EAAE,QAAqB;QAC7C,MAAM,KAAK,GAAG,WAAW,CAAC,GAAG,EAAE,CAAC;QAChC,MAAM,UAAU,GAAgB,EAAE,CAAC;QACnC,IAAI,UAAU,GAAG,CAAC,CAAC;QAEnB,KAAK,MAAM,IAAI,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;YACjC,IAAI,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;gBAC7B,UAAU,IAAI,IAAI,CAAC,MAAM,CAAC;gBAC1B,UAAU,CAAC,IAAI,CAAC;oBACd,IAAI,EAAE,kBAAkB;oBACxB,OAAO,EAAE,IAAI,CAAC,IAAI;oBAClB,KAAK,EAAE,IAAI,CAAC,MAAM;oBAClB,SAAS,EAAE,IAAI,CAAC,SAAS;oBACzB,OAAO,EAAE,IAAI,CAAC,WAAW;oBACzB,MAAM,EAAE,QAAQ,IAAI,CAAC,EAAE,KAAK,IAAI,CAAC,QAAQ,GAAG;iBAC7C,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,kCAAkC;QAClC,MAAM,eAAe,GAAG,IAAI,CAAC,sBAAsB,CAAC,KAAK,CAAC,CAAC;QAC3D,UAAU,IAAI,eAAe,CAAC;QAE9B,aAAa;QACb,UAAU,GAAG,IAAI,CAAC,GAAG,CAAC,UAAU,EAAE,GAAG,CAAC,CAAC;QAEvC,MAAM,QAAQ,GACZ,UAAU,IAAI,IAAI,CAAC,SAAS;YAC1B,CAAC,CAAC,OAAO;YACT,CAAC,CAAC,UAAU,IAAI,IAAI,CAAC,SAAS,GAAG,GAAG;gBAClC,CAAC,CAAC,MAAM;gBACR,CAAC,CAAC,OAAO,CAAC;QAEhB,MAAM,UAAU,GAAG,WAAW,CAAC,GAAG,EAAE,GAAG,KAAK,CAAC;QAE7C,OAAO,EAAE,QAAQ,EAAE,UAAU,EAAE,UAAU,EAAE,CAAC;IAC9C,CAAC;IAEO,sBAAsB,CAAC,KAAa;QAC1C,IAAI,KAAK,GAAG,CAAC,CAAC;QAEd,8CAA8C;QAC9C,MAAM,QAAQ,GAAG,CAAC,KAAK,CAAC,KAAK,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC,MAAM,CAAC;QACnD,IAAI,QAAQ,GAAG,EAAE;YAAE,KAAK,IAAI,IAAI,CAAC;QAEjC,0DAA0D;QAC1D,MAAM,OAAO,GAAG,CAAC,KAAK,CAAC,KAAK,CAAC,aAAa,CAAC,IAAI,EAAE,CAAC,CAAC,MAAM,CAAC;QAC1D,IAAI,OAAO,GAAG,CAAC;YAAE,KAAK,IAAI,IAAI,CAAC;QAE/B,6BAA6B;QAC7B,MAAM,WAAW,GAAG,CAClB,KAAK,CAAC,KAAK,CACT,qDAAqD,CACtD,IAAI,EAAE,CACR,CAAC,MAAM,CAAC;QACT,IAAI,WAAW,GAAG,CAAC;YAAE,KAAK,IAAI,IAAI,CAAC;QAEnC,6CAA6C;QAC7C,IAAI,KAAK,CAAC,MAAM,GAAG,IAAI;YAAE,KAAK,IAAI,IAAI,CAAC;QAEvC,OAAO,KAAK,CAAC;IACf,CAAC;IAED,iDAAiD;IACjD,aAAa;QACX,OAAO,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;IACxC,CAAC;IAED,wBAAwB;IACxB,IAAI,YAAY;QACd,OAAO,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC;IAC9B,CAAC;CACF;AAnFD,4CAmFC"}

package/dist/scanner/pii.d.ts ADDED Viewed

@@ -0,0 +1,17 @@
+import type { Scanner, ScannerResult, ScanContext, PIIEntity, PIIConfig } from "../types.js";
+export declare class PIIScanner implements Scanner {
+    readonly name = "pii";
+    private patterns;
+    private action;
+    private typeOverrides;
+    private allowedTypes;
+    constructor(config?: PIIConfig);
+    scan(input: string, _context: ScanContext): Promise<ScannerResult>;
+    /** Detect all PII entities in text */
+    detect(text: string): PIIEntity[];
+    /** Remove overlapping detections — keep the more specific (higher confidence) match */
+    private deduplicateOverlaps;
+    /** Mask detected PII in text */
+    private applyMasking;
+}
+//# sourceMappingURL=pii.d.ts.map

package/dist/scanner/pii.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"pii.d.ts","sourceRoot":"","sources":["../../src/scanner/pii.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EACV,OAAO,EACP,aAAa,EACb,WAAW,EAEX,SAAS,EAGT,SAAS,EACV,MAAM,aAAa,CAAC;AAsKrB,qBAAa,UAAW,YAAW,OAAO;IACxC,QAAQ,CAAC,IAAI,SAAS;IACtB,OAAO,CAAC,QAAQ,CAAe;IAC/B,OAAO,CAAC,MAAM,CAAY;IAC1B,OAAO,CAAC,aAAa,CAAsC;IAC3D,OAAO,CAAC,YAAY,CAAe;gBAEvB,MAAM,GAAE,SAAc;IAO5B,IAAI,CAAC,KAAK,EAAE,MAAM,EAAE,QAAQ,EAAE,WAAW,GAAG,OAAO,CAAC,aAAa,CAAC;IAoDxE,sCAAsC;IACtC,MAAM,CAAC,IAAI,EAAE,MAAM,GAAG,SAAS,EAAE;IA8BjC,uFAAuF;IACvF,OAAO,CAAC,mBAAmB;IAuB3B,gCAAgC;IAChC,OAAO,CAAC,YAAY;CAerB"}

package/dist/scanner/pii.js ADDED Viewed

@@ -0,0 +1,255 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.PIIScanner = void 0;
+// --- German & International PII Patterns ---
+const PII_PATTERNS = [
+    // IBAN: DE + 2 check digits + 18 digits (with optional spaces/dashes)
+    {
+        type: "iban",
+        pattern: /\b[A-Z]{2}\s?\d{2}\s?\d{4}\s?\d{4}\s?\d{4}\s?\d{4}\s?\d{2,4}\b/g,
+        validator: validateIBAN,
+        baseConfidence: 0.95,
+    },
+    // Credit card: 4 groups of 4 digits (Luhn-validated)
+    {
+        type: "credit_card",
+        pattern: /\b(?:\d{4}[\s-]?){3}\d{4}\b/g,
+        validator: validateLuhn,
+        baseConfidence: 0.95,
+    },
+    // German tax ID (Steuerliche Identifikationsnummer): 11 digits
+    {
+        type: "german_tax_id",
+        pattern: /\b\d{2}\s?\d{3}\s?\d{3}\s?\d{3}\b/g,
+        validator: validateGermanTaxId,
+        baseConfidence: 0.70,
+    },
+    // German social security number: 2 digits + 6 digits + letter + 3 digits
+    {
+        type: "german_social_security",
+        pattern: /\b\d{2}\s?\d{6}\s?[A-Z]\s?\d{3}\b/g,
+        baseConfidence: 0.75,
+    },
+    // Email
+    {
+        type: "email",
+        pattern: /\b[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Za-z]{2,}\b/g,
+        baseConfidence: 0.95,
+    },
+    // Phone: German formats (+49, 0xxx) and international
+    {
+        type: "phone",
+        pattern: /(?<!\d)(?:\+\d{1,3}|00\d{1,3}|0)\s?[\s\-/]?\(?\d{2,5}\)?[\s\-/]?\d{3,8}[\s\-/]?\d{0,5}\b/g,
+        validator: validatePhone,
+        baseConfidence: 0.80,
+    },
+    // IP addresses (v4)
+    {
+        type: "ip_address",
+        pattern: /\b(?:(?:25[0-5]|2[0-4]\d|[01]?\d\d?)\.){3}(?:25[0-5]|2[0-4]\d|[01]?\d\d?)\b/g,
+        validator: validateIPNotPrivate,
+        baseConfidence: 0.85,
+    },
+    // URLs with embedded credentials
+    {
+        type: "url_with_credentials",
+        pattern: /https?:\/\/[^:\s]+:[^@\s]+@[^\s]+/g,
+        baseConfidence: 0.95,
+    },
+];
+// --- Validators ---
+function validateIBAN(raw) {
+    const cleaned = raw.replace(/\s|-/g, "");
+    if (cleaned.length < 15 || cleaned.length > 34)
+        return false;
+    // Move first 4 chars to end, convert letters to numbers
+    const rearranged = cleaned.substring(4) + cleaned.substring(0, 4);
+    const numeric = rearranged.replace(/[A-Z]/g, (c) => String(c.charCodeAt(0) - 55));
+    // Modulo 97 check (handle large numbers via chunking)
+    let remainder = numeric;
+    while (remainder.length > 2) {
+        const chunk = remainder.substring(0, 9);
+        remainder =
+            String(parseInt(chunk, 10) % 97) + remainder.substring(chunk.length);
+    }
+    return parseInt(remainder, 10) % 97 === 1;
+}
+function validateLuhn(raw) {
+    const digits = raw.replace(/\D/g, "");
+    if (digits.length < 13 || digits.length > 19)
+        return false;
+    let sum = 0;
+    for (let i = digits.length - 1; i >= 0; i--) {
+        let digit = parseInt(digits[i], 10);
+        if ((digits.length - i) % 2 === 0) {
+            digit *= 2;
+            if (digit > 9)
+                digit -= 9;
+        }
+        sum += digit;
+    }
+    return sum % 10 === 0;
+}
+function validateGermanTaxId(raw) {
+    const digits = raw.replace(/\s/g, "");
+    if (digits.length !== 11)
+        return false;
+    if (!/^\d+$/.test(digits))
+        return false;
+    // First digit cannot be 0
+    if (digits[0] === "0")
+        return false;
+    return true;
+}
+function validatePhone(raw) {
+    const digits = raw.replace(/\D/g, "");
+    // Must be at least 7 digits, max 15
+    return digits.length >= 7 && digits.length <= 15;
+}
+function validateIPNotPrivate(raw) {
+    const parts = raw.split(".").map(Number);
+    // Skip private/loopback ranges (not really PII)
+    if (parts[0] === 10)
+        return false;
+    if (parts[0] === 172 && parts[1] >= 16 && parts[1] <= 31)
+        return false;
+    if (parts[0] === 192 && parts[1] === 168)
+        return false;
+    if (parts[0] === 127)
+        return false;
+    return true;
+}
+// --- Masking ---
+function maskValue(type, value) {
+    switch (type) {
+        case "email": {
+            const atIdx = value.indexOf("@");
+            if (atIdx <= 1)
+                return "[EMAIL]";
+            return value[0] + "***@" + value.substring(atIdx + 1);
+        }
+        case "phone":
+            return value.substring(0, 4) + "****" + value.substring(value.length - 2);
+        case "iban":
+            return value.substring(0, 4) + " **** **** ****";
+        case "credit_card":
+            return "**** **** **** " + value.replace(/\D/g, "").substring(12);
+        default:
+            return `[${type.toUpperCase()}]`;
+    }
+}
+// --- PII Scanner Class ---
+class PIIScanner {
+    name = "pii";
+    patterns;
+    action;
+    typeOverrides;
+    allowedTypes;
+    constructor(config = {}) {
+        this.patterns = PII_PATTERNS;
+        this.action = config.action ?? "mask";
+        this.typeOverrides = config.types ?? {};
+        this.allowedTypes = new Set(config.allowedTypes ?? []);
+    }
+    async scan(input, _context) {
+        const start = performance.now();
+        const entities = this.detect(input);
+        const violations = [];
+        // Filter out allowed types
+        const activeEntities = entities.filter((e) => !this.allowedTypes.has(e.type));
+        if (activeEntities.length === 0) {
+            return {
+                decision: "allow",
+                violations: [],
+                sanitized: input,
+                durationMs: performance.now() - start,
+            };
+        }
+        // Build violations
+        let shouldBlock = false;
+        for (const entity of activeEntities) {
+            const action = this.typeOverrides[entity.type] ?? this.action;
+            if (action === "block")
+                shouldBlock = true;
+            violations.push({
+                type: "pii_detected",
+                scanner: this.name,
+                score: entity.confidence,
+                threshold: 0,
+                message: `${entity.type} detected`,
+                detail: `Found ${entity.type} at position ${entity.start}-${entity.end} (action: ${action})`,
+            });
+        }
+        // Apply masking if needed
+        let sanitized = input;
+        const effectiveAction = shouldBlock ? "block" : this.action;
+        if (effectiveAction === "mask" || effectiveAction === "tokenize") {
+            sanitized = this.applyMasking(input, activeEntities);
+        }
+        const decision = shouldBlock ? "block" : "warn";
+        return {
+            decision,
+            violations,
+            sanitized,
+            durationMs: performance.now() - start,
+        };
+    }
+    /** Detect all PII entities in text */
+    detect(text) {
+        const raw = [];
+        for (const piiPattern of this.patterns) {
+            // Create fresh regex for each scan (stateful with /g flag)
+            const regex = new RegExp(piiPattern.pattern.source, piiPattern.pattern.flags);
+            let match;
+            while ((match = regex.exec(text)) !== null) {
+                const value = match[0];
+                const cleaned = value.replace(/[\s-]/g, "");
+                // Run validator if present
+                if (piiPattern.validator && !piiPattern.validator(cleaned)) {
+                    continue;
+                }
+                raw.push({
+                    type: piiPattern.type,
+                    value,
+                    start: match.index,
+                    end: match.index + value.length,
+                    confidence: piiPattern.baseConfidence,
+                });
+            }
+        }
+        return this.deduplicateOverlaps(raw);
+    }
+    /** Remove overlapping detections — keep the more specific (higher confidence) match */
+    deduplicateOverlaps(entities) {
+        if (entities.length <= 1)
+            return entities;
+        // Sort by start position, then by span length descending (longer = more specific)
+        const sorted = [...entities].sort((a, b) => a.start !== b.start ? a.start - b.start : (b.end - b.start) - (a.end - a.start));
+        const kept = [];
+        for (const entity of sorted) {
+            // Check if this entity overlaps with any already-kept entity
+            const overlaps = kept.some((k) => entity.start < k.end && entity.end > k.start);
+            if (!overlaps) {
+                kept.push(entity);
+            }
+            // If it overlaps, the already-kept entity wins (it appeared first in pattern order = more specific)
+        }
+        return kept;
+    }
+    /** Mask detected PII in text */
+    applyMasking(text, entities) {
+        // Sort by position descending to preserve offsets
+        const sorted = [...entities].sort((a, b) => b.start - a.start);
+        let masked = text;
+        for (const entity of sorted) {
+            const replacement = maskValue(entity.type, entity.value);
+            masked =
+                masked.substring(0, entity.start) +
+                    replacement +
+                    masked.substring(entity.end);
+        }
+        return masked;
+    }
+}
+exports.PIIScanner = PIIScanner;
+//# sourceMappingURL=pii.js.map

package/dist/scanner/pii.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"pii.js","sourceRoot":"","sources":["../../src/scanner/pii.ts"],"names":[],"mappings":";;;AAwBA,8CAA8C;AAC9C,MAAM,YAAY,GAAiB;IACjC,sEAAsE;IACtE;QACE,IAAI,EAAE,MAAM;QACZ,OAAO,EAAE,iEAAiE;QAC1E,SAAS,EAAE,YAAY;QACvB,cAAc,EAAE,IAAI;KACrB;IAED,qDAAqD;IACrD;QACE,IAAI,EAAE,aAAa;QACnB,OAAO,EAAE,8BAA8B;QACvC,SAAS,EAAE,YAAY;QACvB,cAAc,EAAE,IAAI;KACrB;IAED,+DAA+D;IAC/D;QACE,IAAI,EAAE,eAAe;QACrB,OAAO,EAAE,oCAAoC;QAC7C,SAAS,EAAE,mBAAmB;QAC9B,cAAc,EAAE,IAAI;KACrB;IAED,yEAAyE;IACzE;QACE,IAAI,EAAE,wBAAwB;QAC9B,OAAO,EAAE,oCAAoC;QAC7C,cAAc,EAAE,IAAI;KACrB;IAED,QAAQ;IACR;QACE,IAAI,EAAE,OAAO;QACb,OAAO,EAAE,qDAAqD;QAC9D,cAAc,EAAE,IAAI;KACrB;IAED,sDAAsD;IACtD;QACE,IAAI,EAAE,OAAO;QACb,OAAO,EACL,2FAA2F;QAC7F,SAAS,EAAE,aAAa;QACxB,cAAc,EAAE,IAAI;KACrB;IAED,oBAAoB;IACpB;QACE,IAAI,EAAE,YAAY;QAClB,OAAO,EACL,8EAA8E;QAChF,SAAS,EAAE,oBAAoB;QAC/B,cAAc,EAAE,IAAI;KACrB;IAED,iCAAiC;IACjC;QACE,IAAI,EAAE,sBAAsB;QAC5B,OAAO,EAAE,oCAAoC;QAC7C,cAAc,EAAE,IAAI;KACrB;CACF,CAAC;AAEF,qBAAqB;AAErB,SAAS,YAAY,CAAC,GAAW;IAC/B,MAAM,OAAO,GAAG,GAAG,CAAC,OAAO,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC;IACzC,IAAI,OAAO,CAAC,MAAM,GAAG,EAAE,IAAI,OAAO,CAAC,MAAM,GAAG,EAAE;QAAE,OAAO,KAAK,CAAC;IAE7D,wDAAwD;IACxD,MAAM,UAAU,GAAG,OAAO,CAAC,SAAS,CAAC,CAAC,CAAC,GAAG,OAAO,CAAC,SAAS,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;IAClE,MAAM,OAAO,GAAG,UAAU,CAAC,OAAO,CAAC,QAAQ,EAAE,CAAC,CAAC,EAAE,EAAE,CACjD,MAAM,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,GAAG,EAAE,CAAC,CAC7B,CAAC;IAEF,sDAAsD;IACtD,IAAI,SAAS,GAAG,OAAO,CAAC;IACxB,OAAO,SAAS,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC5B,MAAM,KAAK,GAAG,SAAS,CAAC,SAAS,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;QACxC,SAAS;YACP,MAAM,CAAC,QAAQ,CAAC,KAAK,EAAE,EAAE,CAAC,GAAG,EAAE,CAAC,GAAG,SAAS,CAAC,SAAS,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;IACzE,CAAC;IACD,OAAO,QAAQ,CAAC,SAAS,EAAE,EAAE,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;AAC5C,CAAC;AAED,SAAS,YAAY,CAAC,GAAW;IAC/B,MAAM,MAAM,GAAG,GAAG,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;IACtC,IAAI,MAAM,CAAC,MAAM,GAAG,EAAE,IAAI,MAAM,CAAC,MAAM,GAAG,EAAE;QAAE,OAAO,KAAK,CAAC;IAE3D,IAAI,GAAG,GAAG,CAAC,CAAC;IACZ,KAAK,IAAI,CAAC,GAAG,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC;QAC5C,IAAI,KAAK,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAE,EAAE,EAAE,CAAC,CAAC;QACrC,IAAI,CAAC,MAAM,CAAC,MAAM,GAAG,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,EAAE,CAAC;YAClC,KAAK,IAAI,CAAC,CAAC;YACX,IAAI,KAAK,GAAG,CAAC;gBAAE,KAAK,IAAI,CAAC,CAAC;QAC5B,CAAC;QACD,GAAG,IAAI,KAAK,CAAC;IACf,CAAC;IACD,OAAO,GAAG,GAAG,EAAE,KAAK,CAAC,CAAC;AACxB,CAAC;AAED,SAAS,mBAAmB,CAAC,GAAW;IACtC,MAAM,MAAM,GAAG,GAAG,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;IACtC,IAAI,MAAM,CAAC,MAAM,KAAK,EAAE;QAAE,OAAO,KAAK,CAAC;IACvC,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC;QAAE,OAAO,KAAK,CAAC;IACxC,0BAA0B;IAC1B,IAAI,MAAM,CAAC,CAAC,CAAC,KAAK,GAAG;QAAE,OAAO,KAAK,CAAC;IACpC,OAAO,IAAI,CAAC;AACd,CAAC;AAED,SAAS,aAAa,CAAC,GAAW;IAChC,MAAM,MAAM,GAAG,GAAG,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;IACtC,oCAAoC;IACpC,OAAO,MAAM,CAAC,MAAM,IAAI,CAAC,IAAI,MAAM,CAAC,MAAM,IAAI,EAAE,CAAC;AACnD,CAAC;AAED,SAAS,oBAAoB,CAAC,GAAW;IACvC,MAAM,KAAK,GAAG,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;IACzC,gDAAgD;IAChD,IAAI,KAAK,CAAC,CAAC,CAAC,KAAK,EAAE;QAAE,OAAO,KAAK,CAAC;IAClC,IAAI,KAAK,CAAC,CAAC,CAAC,KAAK,GAAG,IAAI,KAAK,CAAC,CAAC,CAAE,IAAI,EAAE,IAAI,KAAK,CAAC,CAAC,CAAE,IAAI,EAAE;QAAE,OAAO,KAAK,CAAC;IACzE,IAAI,KAAK,CAAC,CAAC,CAAC,KAAK,GAAG,IAAI,KAAK,CAAC,CAAC,CAAC,KAAK,GAAG;QAAE,OAAO,KAAK,CAAC;IACvD,IAAI,KAAK,CAAC,CAAC,CAAC,KAAK,GAAG;QAAE,OAAO,KAAK,CAAC;IACnC,OAAO,IAAI,CAAC;AACd,CAAC;AAED,kBAAkB;AAElB,SAAS,SAAS,CAAC,IAAa,EAAE,KAAa;IAC7C,QAAQ,IAAI,EAAE,CAAC;QACb,KAAK,OAAO,CAAC,CAAC,CAAC;YACb,MAAM,KAAK,GAAG,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;YACjC,IAAI,KAAK,IAAI,CAAC;gBAAE,OAAO,SAAS,CAAC;YACjC,OAAO,KAAK,CAAC,CAAC,CAAC,GAAG,MAAM,GAAG,KAAK,CAAC,SAAS,CAAC,KAAK,GAAG,CAAC,CAAC,CAAC;QACxD,CAAC;QACD,KAAK,OAAO;YACV,OAAO,KAAK,CAAC,SAAS,CAAC,CAAC,EAAE,CAAC,CAAC,GAAG,MAAM,GAAG,KAAK,CAAC,SAAS,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;QAC5E,KAAK,MAAM;YACT,OAAO,KAAK,CAAC,SAAS,CAAC,CAAC,EAAE,CAAC,CAAC,GAAG,iBAAiB,CAAC;QACnD,KAAK,aAAa;YAChB,OAAO,iBAAiB,GAAG,KAAK,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC,SAAS,CAAC,EAAE,CAAC,CAAC;QACpE;YACE,OAAO,IAAI,IAAI,CAAC,WAAW,EAAE,GAAG,CAAC;IACrC,CAAC;AACH,CAAC;AAED,4BAA4B;AAE5B,MAAa,UAAU;IACZ,IAAI,GAAG,KAAK,CAAC;IACd,QAAQ,CAAe;IACvB,MAAM,CAAY;IAClB,aAAa,CAAsC;IACnD,YAAY,CAAe;IAEnC,YAAY,SAAoB,EAAE;QAChC,IAAI,CAAC,QAAQ,GAAG,YAAY,CAAC;QAC7B,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC,MAAM,IAAI,MAAM,CAAC;QACtC,IAAI,CAAC,aAAa,GAAG,MAAM,CAAC,KAAK,IAAI,EAAE,CAAC;QACxC,IAAI,CAAC,YAAY,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,YAAY,IAAI,EAAE,CAAC,CAAC;IACzD,CAAC;IAED,KAAK,CAAC,IAAI,CAAC,KAAa,EAAE,QAAqB;QAC7C,MAAM,KAAK,GAAG,WAAW,CAAC,GAAG,EAAE,CAAC;QAChC,MAAM,QAAQ,GAAG,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QACpC,MAAM,UAAU,GAAgB,EAAE,CAAC;QAEnC,2BAA2B;QAC3B,MAAM,cAAc,GAAG,QAAQ,CAAC,MAAM,CACpC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,CACtC,CAAC;QAEF,IAAI,cAAc,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAChC,OAAO;gBACL,QAAQ,EAAE,OAAO;gBACjB,UAAU,EAAE,EAAE;gBACd,SAAS,EAAE,KAAK;gBAChB,UAAU,EAAE,WAAW,CAAC,GAAG,EAAE,GAAG,KAAK;aACtC,CAAC;QACJ,CAAC;QAED,mBAAmB;QACnB,IAAI,WAAW,GAAG,KAAK,CAAC;QACxB,KAAK,MAAM,MAAM,IAAI,cAAc,EAAE,CAAC;YACpC,MAAM,MAAM,GAAG,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,IAAI,CAAC,MAAM,CAAC;YAC9D,IAAI,MAAM,KAAK,OAAO;gBAAE,WAAW,GAAG,IAAI,CAAC;YAE3C,UAAU,CAAC,IAAI,CAAC;gBACd,IAAI,EAAE,cAAc;gBACpB,OAAO,EAAE,IAAI,CAAC,IAAI;gBAClB,KAAK,EAAE,MAAM,CAAC,UAAU;gBACxB,SAAS,EAAE,CAAC;gBACZ,OAAO,EAAE,GAAG,MAAM,CAAC,IAAI,WAAW;gBAClC,MAAM,EAAE,SAAS,MAAM,CAAC,IAAI,gBAAgB,MAAM,CAAC,KAAK,IAAI,MAAM,CAAC,GAAG,aAAa,MAAM,GAAG;aAC7F,CAAC,CAAC;QACL,CAAC;QAED,0BAA0B;QAC1B,IAAI,SAAS,GAAG,KAAK,CAAC;QACtB,MAAM,eAAe,GAAG,WAAW,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC;QAC5D,IAAI,eAAe,KAAK,MAAM,IAAI,eAAe,KAAK,UAAU,EAAE,CAAC;YACjE,SAAS,GAAG,IAAI,CAAC,YAAY,CAAC,KAAK,EAAE,cAAc,CAAC,CAAC;QACvD,CAAC;QAED,MAAM,QAAQ,GAAG,WAAW,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC;QAEhD,OAAO;YACL,QAAQ;YACR,UAAU;YACV,SAAS;YACT,UAAU,EAAE,WAAW,CAAC,GAAG,EAAE,GAAG,KAAK;SACtC,CAAC;IACJ,CAAC;IAED,sCAAsC;IACtC,MAAM,CAAC,IAAY;QACjB,MAAM,GAAG,GAAgB,EAAE,CAAC;QAE5B,KAAK,MAAM,UAAU,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;YACvC,2DAA2D;YAC3D,MAAM,KAAK,GAAG,IAAI,MAAM,CAAC,UAAU,CAAC,OAAO,CAAC,MAAM,EAAE,UAAU,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;YAC9E,IAAI,KAA6B,CAAC;YAElC,OAAO,CAAC,KAAK,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;gBAC3C,MAAM,KAAK,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;gBACvB,MAAM,OAAO,GAAG,KAAK,CAAC,OAAO,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAC;gBAE5C,2BAA2B;gBAC3B,IAAI,UAAU,CAAC,SAAS,IAAI,CAAC,UAAU,CAAC,SAAS,CAAC,OAAO,CAAC,EAAE,CAAC;oBAC3D,SAAS;gBACX,CAAC;gBAED,GAAG,CAAC,IAAI,CAAC;oBACP,IAAI,EAAE,UAAU,CAAC,IAAI;oBACrB,KAAK;oBACL,KAAK,EAAE,KAAK,CAAC,KAAK;oBAClB,GAAG,EAAE,KAAK,CAAC,KAAK,GAAG,KAAK,CAAC,MAAM;oBAC/B,UAAU,EAAE,UAAU,CAAC,cAAc;iBACtC,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,OAAO,IAAI,CAAC,mBAAmB,CAAC,GAAG,CAAC,CAAC;IACvC,CAAC;IAED,uFAAuF;IAC/E,mBAAmB,CAAC,QAAqB;QAC/C,IAAI,QAAQ,CAAC,MAAM,IAAI,CAAC;YAAE,OAAO,QAAQ,CAAC;QAE1C,kFAAkF;QAClF,MAAM,MAAM,GAAG,CAAC,GAAG,QAAQ,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CACzC,CAAC,CAAC,KAAK,KAAK,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,KAAK,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,GAAG,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,GAAG,CAAC,CAAC,KAAK,CAAC,CAChF,CAAC;QAEF,MAAM,IAAI,GAAgB,EAAE,CAAC;QAC7B,KAAK,MAAM,MAAM,IAAI,MAAM,EAAE,CAAC;YAC5B,6DAA6D;YAC7D,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CACxB,CAAC,CAAC,EAAE,EAAE,CAAC,MAAM,CAAC,KAAK,GAAG,CAAC,CAAC,GAAG,IAAI,MAAM,CAAC,GAAG,GAAG,CAAC,CAAC,KAAK,CACpD,CAAC;YACF,IAAI,CAAC,QAAQ,EAAE,CAAC;gBACd,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;YACpB,CAAC;YACD,oGAAoG;QACtG,CAAC;QAED,OAAO,IAAI,CAAC;IACd,CAAC;IAED,gCAAgC;IACxB,YAAY,CAAC,IAAY,EAAE,QAAqB;QACtD,kDAAkD;QAClD,MAAM,MAAM,GAAG,CAAC,GAAG,QAAQ,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC;QAC/D,IAAI,MAAM,GAAG,IAAI,CAAC;QAElB,KAAK,MAAM,MAAM,IAAI,MAAM,EAAE,CAAC;YAC5B,MAAM,WAAW,GAAG,SAAS,CAAC,MAAM,CAAC,IAAI,EAAE,MAAM,CAAC,KAAK,CAAC,CAAC;YACzD,MAAM;gBACJ,MAAM,CAAC,SAAS,CAAC,CAAC,EAAE,MAAM,CAAC,KAAK,CAAC;oBACjC,WAAW;oBACX,MAAM,CAAC,SAAS,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QACjC,CAAC;QAED,OAAO,MAAM,CAAC;IAChB,CAAC;CACF;AAzID,gCAyIC"}